{"Win.Adware.Tovkater-9805523-0": {"bis": [{"bi": "pe-encrypted-section", "hashes": ["309a44279ce68b8cd4e689d6ac954e6e595c1c48ba616fdd8afbef7d9c72a2ef", "325048042fe503aad4cf54aa1bf0949f9f0a5d802c04e114e4d2bf089c725ce6", "269939e975336bda2bf73f448ee4f3f901e3d7e4696fc9776b1940b2505dedb8", "1186cd45952246257cb72414a3b0058b8410d402654dbd1ed0e326b109b5f8ad", "6e4b178f080d1469f67269ceba423ecad91b4fbd79a6c3a97c9824f6107d16da", "2484a4f84e20e51999e12f6a3d949a072831b0fb0409b163b768aa4a3de64556", "49a30aa29f4022dfc514614c407108ef36d2525f1b37e4ec4868b46c74d3cdfd", "6dfd8e46f80df7a5a6e5921a0f952cb9c2840ad48192644e7221666d1acac191", "49014b357a057c585f1de8213e0f026ed0246e8ff1490703f1729af631f80a7a", "b97eb56fdbb456afd348b36b6ff5ac4e9a4456b257a7db885e83e5a78cd91d51", "1174be2e499b873531b2b2d6709a6337cad035f7da42450280276ba41fa916d9", "0b48ed9210e2523a82e690faa6851816667a3445f85d9b36deeeedb72056f1f6", "7725e49fc67dd936dc3c36701b3890a96b9a08a4c882dd55e3829f41bbf9ad8f", "736058aa507eb1570d899db54febd0f816024aaa0fa0b5f06a661a198c640a0e", "7c958a4d8b2165ddd93c80395888eaf8da27d9ce31e7ef00e3d146fc32aa63bc", "b591401bbda267a5ece476f2b5c4f0959cb79da74e0a256a3836c5f89ca5947c", "f838ff23bd5553802202fc0776b5eb8a5e8bfd1e7c7112d6acccdf597846cd6d", "39cf77842e11ecfbc7e851861f4f9169dea5dcf3cf280a9ce9a7f6236113a20e", "237a2c7719cdf90744d166e26438d1c40c3472e61079597e5a33b2cde9769a59", "2045865f12d0082a865528dbfcc1f0ce0d0914c1d48e4c373c4a8c009c20c5c5", "655a144ccc0671990e702854976ed8235351b8dbc4d324e0915fe1a715fea0e6", "75711d91237c936d827e83604902ecaffba48c0dae44140f344b392bbc245b7b", "4638beb0a617276cc2f6e40039d9c0ee4599e70fe10153b72d4d10e750bcf476", "05b98f95d524723ff252eb1b7d06b08ef53ed0167890ee08a0259df07364ca19", "113065116d670e6286f22a2e5ea3cf29287558f29c6c3879f65f0ca1644956d7", "4aeefb7c299fdc32b19776eeed81d6b2fbc76d25f39f9c36f7faffb599c90670", "01f7f1e731bc908ff86d83f63a23ac276b64497de53c1be380426c16a9f801db", "0573255ba08ab854460c43f1c812af695d6d48ac3f13585671084d0daf8133ce", "46e34644254353513e7c69ec7c4f488fb4cff57c7c864c826603d42ca4f28caf", "22a2be28e4e4ab5e0bbaf4671f2fc43bd80c994d8bc5e234cabba23dfc2f42f9", "1364fdda62735a6cc319b7ef003e1ed3d8e149a4504cd6499a7f509482bf1478", "6d5e7793d82e2611ebff1095b0990a71a301a8bceed76a2a5ff77943e19379fa", "39958c7b0b05e0bf6bd72a0adff30cd91fff15064f8c89da58a4b13deaac88f4", "352fa0a8c57c6bae732b1e965122e529a69b1e95f0d6a9f9585dc81a8ca3b9ab", "1979d0914c482db43f6547b8dc0ce1fd84f50efd747ba23e8f59b36d83e5dff1", "2ac6bc144a6ac5cd51791b1a8569e902ffd5f0b450c1b9cbd82385ff8da4ad0a", "5212399bb9b87469dddbb868b068732997e825062eb7a9e75a00a33430cc3188", "37c70c9fc1f420153c3a817cadef1006cf1d95242ad2debe2413b92a621a55f8", "3c2afdb2fa0c0be15a082756ed501981a169ef4e850669ebff9cc8eec4969121", "85680ecdc04142d8145bdb1858d72196ad6be45939db6e97209437662b638b5d", "1722bfb1b4935ac46f8ce5f7872936d4df04520d72c1e6c92c31856def1aeb2f", "00725719798ea8eab9fcd1bec4baee986dcaf8dd5dd4c88b44d42443539e6e93", "13350cda5210d1e2e18f6ef53fb0c5576eb40c7072b2955af85c0ce7afae115d", "22c978caecbe4a1fdf30f694baafe2cf308ad62bd83d2990830347ba2e4fb2e2", "1d82614d38b99ba7de5ffaca1f6c1b7fafcaf20a84531a38df2e2d819967a1d0", "1831f04415370a6d876620aa25f209840426ba22823e9d41f1e005ec0f34d272", "27ced4278a6980f1f30fd7d3b685409ecf9bfed82f0edacdd08f6c344fe3c4f2", "485b34f1271ee1b48aa4cd225b5a2d618e20b2bfa4f05e8d54c19e107febc36e", "03c9795ce065675e850120977db7153b569aa56fc0cf6119876dbda01b022ffd"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "memory-execute-readwrite", "hashes": ["309a44279ce68b8cd4e689d6ac954e6e595c1c48ba616fdd8afbef7d9c72a2ef", "325048042fe503aad4cf54aa1bf0949f9f0a5d802c04e114e4d2bf089c725ce6", "269939e975336bda2bf73f448ee4f3f901e3d7e4696fc9776b1940b2505dedb8", "1186cd45952246257cb72414a3b0058b8410d402654dbd1ed0e326b109b5f8ad", "6e4b178f080d1469f67269ceba423ecad91b4fbd79a6c3a97c9824f6107d16da", "2484a4f84e20e51999e12f6a3d949a072831b0fb0409b163b768aa4a3de64556", "49a30aa29f4022dfc514614c407108ef36d2525f1b37e4ec4868b46c74d3cdfd", "6dfd8e46f80df7a5a6e5921a0f952cb9c2840ad48192644e7221666d1acac191", "49014b357a057c585f1de8213e0f026ed0246e8ff1490703f1729af631f80a7a", "b97eb56fdbb456afd348b36b6ff5ac4e9a4456b257a7db885e83e5a78cd91d51", "1174be2e499b873531b2b2d6709a6337cad035f7da42450280276ba41fa916d9", "0b48ed9210e2523a82e690faa6851816667a3445f85d9b36deeeedb72056f1f6", "7725e49fc67dd936dc3c36701b3890a96b9a08a4c882dd55e3829f41bbf9ad8f", "736058aa507eb1570d899db54febd0f816024aaa0fa0b5f06a661a198c640a0e", "7c958a4d8b2165ddd93c80395888eaf8da27d9ce31e7ef00e3d146fc32aa63bc", "b591401bbda267a5ece476f2b5c4f0959cb79da74e0a256a3836c5f89ca5947c", "f838ff23bd5553802202fc0776b5eb8a5e8bfd1e7c7112d6acccdf597846cd6d", "39cf77842e11ecfbc7e851861f4f9169dea5dcf3cf280a9ce9a7f6236113a20e", "237a2c7719cdf90744d166e26438d1c40c3472e61079597e5a33b2cde9769a59", "2045865f12d0082a865528dbfcc1f0ce0d0914c1d48e4c373c4a8c009c20c5c5", "655a144ccc0671990e702854976ed8235351b8dbc4d324e0915fe1a715fea0e6", "75711d91237c936d827e83604902ecaffba48c0dae44140f344b392bbc245b7b", "4638beb0a617276cc2f6e40039d9c0ee4599e70fe10153b72d4d10e750bcf476", "05b98f95d524723ff252eb1b7d06b08ef53ed0167890ee08a0259df07364ca19", "113065116d670e6286f22a2e5ea3cf29287558f29c6c3879f65f0ca1644956d7", "4aeefb7c299fdc32b19776eeed81d6b2fbc76d25f39f9c36f7faffb599c90670", "01f7f1e731bc908ff86d83f63a23ac276b64497de53c1be380426c16a9f801db", "0573255ba08ab854460c43f1c812af695d6d48ac3f13585671084d0daf8133ce", "46e34644254353513e7c69ec7c4f488fb4cff57c7c864c826603d42ca4f28caf", "22a2be28e4e4ab5e0bbaf4671f2fc43bd80c994d8bc5e234cabba23dfc2f42f9", "1364fdda62735a6cc319b7ef003e1ed3d8e149a4504cd6499a7f509482bf1478", "6d5e7793d82e2611ebff1095b0990a71a301a8bceed76a2a5ff77943e19379fa", "39958c7b0b05e0bf6bd72a0adff30cd91fff15064f8c89da58a4b13deaac88f4", "352fa0a8c57c6bae732b1e965122e529a69b1e95f0d6a9f9585dc81a8ca3b9ab", "1979d0914c482db43f6547b8dc0ce1fd84f50efd747ba23e8f59b36d83e5dff1", "2ac6bc144a6ac5cd51791b1a8569e902ffd5f0b450c1b9cbd82385ff8da4ad0a", "5212399bb9b87469dddbb868b068732997e825062eb7a9e75a00a33430cc3188", "37c70c9fc1f420153c3a817cadef1006cf1d95242ad2debe2413b92a621a55f8", "3c2afdb2fa0c0be15a082756ed501981a169ef4e850669ebff9cc8eec4969121", "85680ecdc04142d8145bdb1858d72196ad6be45939db6e97209437662b638b5d", "1722bfb1b4935ac46f8ce5f7872936d4df04520d72c1e6c92c31856def1aeb2f", "00725719798ea8eab9fcd1bec4baee986dcaf8dd5dd4c88b44d42443539e6e93", "13350cda5210d1e2e18f6ef53fb0c5576eb40c7072b2955af85c0ce7afae115d", "22c978caecbe4a1fdf30f694baafe2cf308ad62bd83d2990830347ba2e4fb2e2", "1d82614d38b99ba7de5ffaca1f6c1b7fafcaf20a84531a38df2e2d819967a1d0", "1831f04415370a6d876620aa25f209840426ba22823e9d41f1e005ec0f34d272", "27ced4278a6980f1f30fd7d3b685409ecf9bfed82f0edacdd08f6c344fe3c4f2", "485b34f1271ee1b48aa4cd225b5a2d618e20b2bfa4f05e8d54c19e107febc36e", "03c9795ce065675e850120977db7153b569aa56fc0cf6119876dbda01b022ffd"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["309a44279ce68b8cd4e689d6ac954e6e595c1c48ba616fdd8afbef7d9c72a2ef", "325048042fe503aad4cf54aa1bf0949f9f0a5d802c04e114e4d2bf089c725ce6", "269939e975336bda2bf73f448ee4f3f901e3d7e4696fc9776b1940b2505dedb8", "1186cd45952246257cb72414a3b0058b8410d402654dbd1ed0e326b109b5f8ad", "6e4b178f080d1469f67269ceba423ecad91b4fbd79a6c3a97c9824f6107d16da", "2484a4f84e20e51999e12f6a3d949a072831b0fb0409b163b768aa4a3de64556", "49a30aa29f4022dfc514614c407108ef36d2525f1b37e4ec4868b46c74d3cdfd", "6dfd8e46f80df7a5a6e5921a0f952cb9c2840ad48192644e7221666d1acac191", "49014b357a057c585f1de8213e0f026ed0246e8ff1490703f1729af631f80a7a", "b97eb56fdbb456afd348b36b6ff5ac4e9a4456b257a7db885e83e5a78cd91d51", "1174be2e499b873531b2b2d6709a6337cad035f7da42450280276ba41fa916d9", "0b48ed9210e2523a82e690faa6851816667a3445f85d9b36deeeedb72056f1f6", "7725e49fc67dd936dc3c36701b3890a96b9a08a4c882dd55e3829f41bbf9ad8f", "736058aa507eb1570d899db54febd0f816024aaa0fa0b5f06a661a198c640a0e", "7c958a4d8b2165ddd93c80395888eaf8da27d9ce31e7ef00e3d146fc32aa63bc", "b591401bbda267a5ece476f2b5c4f0959cb79da74e0a256a3836c5f89ca5947c", "f838ff23bd5553802202fc0776b5eb8a5e8bfd1e7c7112d6acccdf597846cd6d", "39cf77842e11ecfbc7e851861f4f9169dea5dcf3cf280a9ce9a7f6236113a20e", "237a2c7719cdf90744d166e26438d1c40c3472e61079597e5a33b2cde9769a59", "2045865f12d0082a865528dbfcc1f0ce0d0914c1d48e4c373c4a8c009c20c5c5", "655a144ccc0671990e702854976ed8235351b8dbc4d324e0915fe1a715fea0e6", "75711d91237c936d827e83604902ecaffba48c0dae44140f344b392bbc245b7b", "4638beb0a617276cc2f6e40039d9c0ee4599e70fe10153b72d4d10e750bcf476", "05b98f95d524723ff252eb1b7d06b08ef53ed0167890ee08a0259df07364ca19", "113065116d670e6286f22a2e5ea3cf29287558f29c6c3879f65f0ca1644956d7", "4aeefb7c299fdc32b19776eeed81d6b2fbc76d25f39f9c36f7faffb599c90670", "01f7f1e731bc908ff86d83f63a23ac276b64497de53c1be380426c16a9f801db", "0573255ba08ab854460c43f1c812af695d6d48ac3f13585671084d0daf8133ce", "46e34644254353513e7c69ec7c4f488fb4cff57c7c864c826603d42ca4f28caf", "22a2be28e4e4ab5e0bbaf4671f2fc43bd80c994d8bc5e234cabba23dfc2f42f9", "1364fdda62735a6cc319b7ef003e1ed3d8e149a4504cd6499a7f509482bf1478", "6d5e7793d82e2611ebff1095b0990a71a301a8bceed76a2a5ff77943e19379fa", "39958c7b0b05e0bf6bd72a0adff30cd91fff15064f8c89da58a4b13deaac88f4", "352fa0a8c57c6bae732b1e965122e529a69b1e95f0d6a9f9585dc81a8ca3b9ab", "1979d0914c482db43f6547b8dc0ce1fd84f50efd747ba23e8f59b36d83e5dff1", "2ac6bc144a6ac5cd51791b1a8569e902ffd5f0b450c1b9cbd82385ff8da4ad0a", "5212399bb9b87469dddbb868b068732997e825062eb7a9e75a00a33430cc3188", "37c70c9fc1f420153c3a817cadef1006cf1d95242ad2debe2413b92a621a55f8", "3c2afdb2fa0c0be15a082756ed501981a169ef4e850669ebff9cc8eec4969121", "85680ecdc04142d8145bdb1858d72196ad6be45939db6e97209437662b638b5d", "1722bfb1b4935ac46f8ce5f7872936d4df04520d72c1e6c92c31856def1aeb2f", "00725719798ea8eab9fcd1bec4baee986dcaf8dd5dd4c88b44d42443539e6e93", "13350cda5210d1e2e18f6ef53fb0c5576eb40c7072b2955af85c0ce7afae115d", "22c978caecbe4a1fdf30f694baafe2cf308ad62bd83d2990830347ba2e4fb2e2", "1d82614d38b99ba7de5ffaca1f6c1b7fafcaf20a84531a38df2e2d819967a1d0", "1831f04415370a6d876620aa25f209840426ba22823e9d41f1e005ec0f34d272", "27ced4278a6980f1f30fd7d3b685409ecf9bfed82f0edacdd08f6c344fe3c4f2", "485b34f1271ee1b48aa4cd225b5a2d618e20b2bfa4f05e8d54c19e107febc36e", "03c9795ce065675e850120977db7153b569aa56fc0cf6119876dbda01b022ffd"], "mitre_attack_tags": []}, {"bi": "network-opendns-malicious", "hashes": ["309a44279ce68b8cd4e689d6ac954e6e595c1c48ba616fdd8afbef7d9c72a2ef", "325048042fe503aad4cf54aa1bf0949f9f0a5d802c04e114e4d2bf089c725ce6", "269939e975336bda2bf73f448ee4f3f901e3d7e4696fc9776b1940b2505dedb8", "1186cd45952246257cb72414a3b0058b8410d402654dbd1ed0e326b109b5f8ad", "6e4b178f080d1469f67269ceba423ecad91b4fbd79a6c3a97c9824f6107d16da", "2484a4f84e20e51999e12f6a3d949a072831b0fb0409b163b768aa4a3de64556", "49a30aa29f4022dfc514614c407108ef36d2525f1b37e4ec4868b46c74d3cdfd", "6dfd8e46f80df7a5a6e5921a0f952cb9c2840ad48192644e7221666d1acac191", "49014b357a057c585f1de8213e0f026ed0246e8ff1490703f1729af631f80a7a", "b97eb56fdbb456afd348b36b6ff5ac4e9a4456b257a7db885e83e5a78cd91d51", "1174be2e499b873531b2b2d6709a6337cad035f7da42450280276ba41fa916d9", "0b48ed9210e2523a82e690faa6851816667a3445f85d9b36deeeedb72056f1f6", "7725e49fc67dd936dc3c36701b3890a96b9a08a4c882dd55e3829f41bbf9ad8f", "736058aa507eb1570d899db54febd0f816024aaa0fa0b5f06a661a198c640a0e", "7c958a4d8b2165ddd93c80395888eaf8da27d9ce31e7ef00e3d146fc32aa63bc", "b591401bbda267a5ece476f2b5c4f0959cb79da74e0a256a3836c5f89ca5947c", "f838ff23bd5553802202fc0776b5eb8a5e8bfd1e7c7112d6acccdf597846cd6d", "39cf77842e11ecfbc7e851861f4f9169dea5dcf3cf280a9ce9a7f6236113a20e", "237a2c7719cdf90744d166e26438d1c40c3472e61079597e5a33b2cde9769a59", "2045865f12d0082a865528dbfcc1f0ce0d0914c1d48e4c373c4a8c009c20c5c5", "655a144ccc0671990e702854976ed8235351b8dbc4d324e0915fe1a715fea0e6", "75711d91237c936d827e83604902ecaffba48c0dae44140f344b392bbc245b7b", "4638beb0a617276cc2f6e40039d9c0ee4599e70fe10153b72d4d10e750bcf476", "05b98f95d524723ff252eb1b7d06b08ef53ed0167890ee08a0259df07364ca19", "113065116d670e6286f22a2e5ea3cf29287558f29c6c3879f65f0ca1644956d7", "4aeefb7c299fdc32b19776eeed81d6b2fbc76d25f39f9c36f7faffb599c90670", "01f7f1e731bc908ff86d83f63a23ac276b64497de53c1be380426c16a9f801db", "0573255ba08ab854460c43f1c812af695d6d48ac3f13585671084d0daf8133ce", "46e34644254353513e7c69ec7c4f488fb4cff57c7c864c826603d42ca4f28caf", "22a2be28e4e4ab5e0bbaf4671f2fc43bd80c994d8bc5e234cabba23dfc2f42f9", "1364fdda62735a6cc319b7ef003e1ed3d8e149a4504cd6499a7f509482bf1478", "6d5e7793d82e2611ebff1095b0990a71a301a8bceed76a2a5ff77943e19379fa", "39958c7b0b05e0bf6bd72a0adff30cd91fff15064f8c89da58a4b13deaac88f4", "352fa0a8c57c6bae732b1e965122e529a69b1e95f0d6a9f9585dc81a8ca3b9ab", "1979d0914c482db43f6547b8dc0ce1fd84f50efd747ba23e8f59b36d83e5dff1", "2ac6bc144a6ac5cd51791b1a8569e902ffd5f0b450c1b9cbd82385ff8da4ad0a", "5212399bb9b87469dddbb868b068732997e825062eb7a9e75a00a33430cc3188", "37c70c9fc1f420153c3a817cadef1006cf1d95242ad2debe2413b92a621a55f8", "3c2afdb2fa0c0be15a082756ed501981a169ef4e850669ebff9cc8eec4969121", "85680ecdc04142d8145bdb1858d72196ad6be45939db6e97209437662b638b5d", "1722bfb1b4935ac46f8ce5f7872936d4df04520d72c1e6c92c31856def1aeb2f", "00725719798ea8eab9fcd1bec4baee986dcaf8dd5dd4c88b44d42443539e6e93", "13350cda5210d1e2e18f6ef53fb0c5576eb40c7072b2955af85c0ce7afae115d", "22c978caecbe4a1fdf30f694baafe2cf308ad62bd83d2990830347ba2e4fb2e2", "1d82614d38b99ba7de5ffaca1f6c1b7fafcaf20a84531a38df2e2d819967a1d0", "1831f04415370a6d876620aa25f209840426ba22823e9d41f1e005ec0f34d272", "27ced4278a6980f1f30fd7d3b685409ecf9bfed82f0edacdd08f6c344fe3c4f2", "485b34f1271ee1b48aa4cd225b5a2d618e20b2bfa4f05e8d54c19e107febc36e", "03c9795ce065675e850120977db7153b569aa56fc0cf6119876dbda01b022ffd"], "mitre_attack_tags": []}, {"bi": "pe-section-execute-writable", "hashes": ["309a44279ce68b8cd4e689d6ac954e6e595c1c48ba616fdd8afbef7d9c72a2ef", "325048042fe503aad4cf54aa1bf0949f9f0a5d802c04e114e4d2bf089c725ce6", "269939e975336bda2bf73f448ee4f3f901e3d7e4696fc9776b1940b2505dedb8", "1186cd45952246257cb72414a3b0058b8410d402654dbd1ed0e326b109b5f8ad", "6e4b178f080d1469f67269ceba423ecad91b4fbd79a6c3a97c9824f6107d16da", "2484a4f84e20e51999e12f6a3d949a072831b0fb0409b163b768aa4a3de64556", "49a30aa29f4022dfc514614c407108ef36d2525f1b37e4ec4868b46c74d3cdfd", "6dfd8e46f80df7a5a6e5921a0f952cb9c2840ad48192644e7221666d1acac191", "49014b357a057c585f1de8213e0f026ed0246e8ff1490703f1729af631f80a7a", "b97eb56fdbb456afd348b36b6ff5ac4e9a4456b257a7db885e83e5a78cd91d51", "1174be2e499b873531b2b2d6709a6337cad035f7da42450280276ba41fa916d9", "0b48ed9210e2523a82e690faa6851816667a3445f85d9b36deeeedb72056f1f6", "7725e49fc67dd936dc3c36701b3890a96b9a08a4c882dd55e3829f41bbf9ad8f", "736058aa507eb1570d899db54febd0f816024aaa0fa0b5f06a661a198c640a0e", "7c958a4d8b2165ddd93c80395888eaf8da27d9ce31e7ef00e3d146fc32aa63bc", "b591401bbda267a5ece476f2b5c4f0959cb79da74e0a256a3836c5f89ca5947c", "f838ff23bd5553802202fc0776b5eb8a5e8bfd1e7c7112d6acccdf597846cd6d", "39cf77842e11ecfbc7e851861f4f9169dea5dcf3cf280a9ce9a7f6236113a20e", "237a2c7719cdf90744d166e26438d1c40c3472e61079597e5a33b2cde9769a59", "2045865f12d0082a865528dbfcc1f0ce0d0914c1d48e4c373c4a8c009c20c5c5", "655a144ccc0671990e702854976ed8235351b8dbc4d324e0915fe1a715fea0e6", "75711d91237c936d827e83604902ecaffba48c0dae44140f344b392bbc245b7b", "4638beb0a617276cc2f6e40039d9c0ee4599e70fe10153b72d4d10e750bcf476", "05b98f95d524723ff252eb1b7d06b08ef53ed0167890ee08a0259df07364ca19", "113065116d670e6286f22a2e5ea3cf29287558f29c6c3879f65f0ca1644956d7", "4aeefb7c299fdc32b19776eeed81d6b2fbc76d25f39f9c36f7faffb599c90670", "01f7f1e731bc908ff86d83f63a23ac276b64497de53c1be380426c16a9f801db", "0573255ba08ab854460c43f1c812af695d6d48ac3f13585671084d0daf8133ce", "46e34644254353513e7c69ec7c4f488fb4cff57c7c864c826603d42ca4f28caf", "22a2be28e4e4ab5e0bbaf4671f2fc43bd80c994d8bc5e234cabba23dfc2f42f9", "1364fdda62735a6cc319b7ef003e1ed3d8e149a4504cd6499a7f509482bf1478", "6d5e7793d82e2611ebff1095b0990a71a301a8bceed76a2a5ff77943e19379fa", "39958c7b0b05e0bf6bd72a0adff30cd91fff15064f8c89da58a4b13deaac88f4", "352fa0a8c57c6bae732b1e965122e529a69b1e95f0d6a9f9585dc81a8ca3b9ab", "1979d0914c482db43f6547b8dc0ce1fd84f50efd747ba23e8f59b36d83e5dff1", "2ac6bc144a6ac5cd51791b1a8569e902ffd5f0b450c1b9cbd82385ff8da4ad0a", "5212399bb9b87469dddbb868b068732997e825062eb7a9e75a00a33430cc3188", "37c70c9fc1f420153c3a817cadef1006cf1d95242ad2debe2413b92a621a55f8", "3c2afdb2fa0c0be15a082756ed501981a169ef4e850669ebff9cc8eec4969121", "85680ecdc04142d8145bdb1858d72196ad6be45939db6e97209437662b638b5d", "1722bfb1b4935ac46f8ce5f7872936d4df04520d72c1e6c92c31856def1aeb2f", "00725719798ea8eab9fcd1bec4baee986dcaf8dd5dd4c88b44d42443539e6e93", "13350cda5210d1e2e18f6ef53fb0c5576eb40c7072b2955af85c0ce7afae115d", "22c978caecbe4a1fdf30f694baafe2cf308ad62bd83d2990830347ba2e4fb2e2", "1d82614d38b99ba7de5ffaca1f6c1b7fafcaf20a84531a38df2e2d819967a1d0", "1831f04415370a6d876620aa25f209840426ba22823e9d41f1e005ec0f34d272", "27ced4278a6980f1f30fd7d3b685409ecf9bfed82f0edacdd08f6c344fe3c4f2", "485b34f1271ee1b48aa4cd225b5a2d618e20b2bfa4f05e8d54c19e107febc36e", "03c9795ce065675e850120977db7153b569aa56fc0cf6119876dbda01b022ffd"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-packed-upx", "hashes": ["309a44279ce68b8cd4e689d6ac954e6e595c1c48ba616fdd8afbef7d9c72a2ef", "325048042fe503aad4cf54aa1bf0949f9f0a5d802c04e114e4d2bf089c725ce6", "269939e975336bda2bf73f448ee4f3f901e3d7e4696fc9776b1940b2505dedb8", "1186cd45952246257cb72414a3b0058b8410d402654dbd1ed0e326b109b5f8ad", "6e4b178f080d1469f67269ceba423ecad91b4fbd79a6c3a97c9824f6107d16da", "2484a4f84e20e51999e12f6a3d949a072831b0fb0409b163b768aa4a3de64556", "49a30aa29f4022dfc514614c407108ef36d2525f1b37e4ec4868b46c74d3cdfd", "6dfd8e46f80df7a5a6e5921a0f952cb9c2840ad48192644e7221666d1acac191", "49014b357a057c585f1de8213e0f026ed0246e8ff1490703f1729af631f80a7a", "b97eb56fdbb456afd348b36b6ff5ac4e9a4456b257a7db885e83e5a78cd91d51", "1174be2e499b873531b2b2d6709a6337cad035f7da42450280276ba41fa916d9", "0b48ed9210e2523a82e690faa6851816667a3445f85d9b36deeeedb72056f1f6", "7725e49fc67dd936dc3c36701b3890a96b9a08a4c882dd55e3829f41bbf9ad8f", "736058aa507eb1570d899db54febd0f816024aaa0fa0b5f06a661a198c640a0e", "7c958a4d8b2165ddd93c80395888eaf8da27d9ce31e7ef00e3d146fc32aa63bc", "b591401bbda267a5ece476f2b5c4f0959cb79da74e0a256a3836c5f89ca5947c", "f838ff23bd5553802202fc0776b5eb8a5e8bfd1e7c7112d6acccdf597846cd6d", "39cf77842e11ecfbc7e851861f4f9169dea5dcf3cf280a9ce9a7f6236113a20e", "237a2c7719cdf90744d166e26438d1c40c3472e61079597e5a33b2cde9769a59", "2045865f12d0082a865528dbfcc1f0ce0d0914c1d48e4c373c4a8c009c20c5c5", "655a144ccc0671990e702854976ed8235351b8dbc4d324e0915fe1a715fea0e6", "75711d91237c936d827e83604902ecaffba48c0dae44140f344b392bbc245b7b", "4638beb0a617276cc2f6e40039d9c0ee4599e70fe10153b72d4d10e750bcf476", "05b98f95d524723ff252eb1b7d06b08ef53ed0167890ee08a0259df07364ca19", "113065116d670e6286f22a2e5ea3cf29287558f29c6c3879f65f0ca1644956d7", "4aeefb7c299fdc32b19776eeed81d6b2fbc76d25f39f9c36f7faffb599c90670", "01f7f1e731bc908ff86d83f63a23ac276b64497de53c1be380426c16a9f801db", "0573255ba08ab854460c43f1c812af695d6d48ac3f13585671084d0daf8133ce", "46e34644254353513e7c69ec7c4f488fb4cff57c7c864c826603d42ca4f28caf", "22a2be28e4e4ab5e0bbaf4671f2fc43bd80c994d8bc5e234cabba23dfc2f42f9", "1364fdda62735a6cc319b7ef003e1ed3d8e149a4504cd6499a7f509482bf1478", "6d5e7793d82e2611ebff1095b0990a71a301a8bceed76a2a5ff77943e19379fa", "39958c7b0b05e0bf6bd72a0adff30cd91fff15064f8c89da58a4b13deaac88f4", "352fa0a8c57c6bae732b1e965122e529a69b1e95f0d6a9f9585dc81a8ca3b9ab", "1979d0914c482db43f6547b8dc0ce1fd84f50efd747ba23e8f59b36d83e5dff1", "2ac6bc144a6ac5cd51791b1a8569e902ffd5f0b450c1b9cbd82385ff8da4ad0a", "5212399bb9b87469dddbb868b068732997e825062eb7a9e75a00a33430cc3188", "37c70c9fc1f420153c3a817cadef1006cf1d95242ad2debe2413b92a621a55f8", "3c2afdb2fa0c0be15a082756ed501981a169ef4e850669ebff9cc8eec4969121", "85680ecdc04142d8145bdb1858d72196ad6be45939db6e97209437662b638b5d", "1722bfb1b4935ac46f8ce5f7872936d4df04520d72c1e6c92c31856def1aeb2f", "00725719798ea8eab9fcd1bec4baee986dcaf8dd5dd4c88b44d42443539e6e93", "13350cda5210d1e2e18f6ef53fb0c5576eb40c7072b2955af85c0ce7afae115d", "22c978caecbe4a1fdf30f694baafe2cf308ad62bd83d2990830347ba2e4fb2e2", "1d82614d38b99ba7de5ffaca1f6c1b7fafcaf20a84531a38df2e2d819967a1d0", "1831f04415370a6d876620aa25f209840426ba22823e9d41f1e005ec0f34d272", "27ced4278a6980f1f30fd7d3b685409ecf9bfed82f0edacdd08f6c344fe3c4f2", "485b34f1271ee1b48aa4cd225b5a2d618e20b2bfa4f05e8d54c19e107febc36e", "03c9795ce065675e850120977db7153b569aa56fc0cf6119876dbda01b022ffd"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "feed-domain-antivirus-service", "hashes": ["309a44279ce68b8cd4e689d6ac954e6e595c1c48ba616fdd8afbef7d9c72a2ef", "325048042fe503aad4cf54aa1bf0949f9f0a5d802c04e114e4d2bf089c725ce6", "269939e975336bda2bf73f448ee4f3f901e3d7e4696fc9776b1940b2505dedb8", "1186cd45952246257cb72414a3b0058b8410d402654dbd1ed0e326b109b5f8ad", "6e4b178f080d1469f67269ceba423ecad91b4fbd79a6c3a97c9824f6107d16da", "2484a4f84e20e51999e12f6a3d949a072831b0fb0409b163b768aa4a3de64556", "49a30aa29f4022dfc514614c407108ef36d2525f1b37e4ec4868b46c74d3cdfd", "6dfd8e46f80df7a5a6e5921a0f952cb9c2840ad48192644e7221666d1acac191", "49014b357a057c585f1de8213e0f026ed0246e8ff1490703f1729af631f80a7a", "b97eb56fdbb456afd348b36b6ff5ac4e9a4456b257a7db885e83e5a78cd91d51", "1174be2e499b873531b2b2d6709a6337cad035f7da42450280276ba41fa916d9", "0b48ed9210e2523a82e690faa6851816667a3445f85d9b36deeeedb72056f1f6", "7725e49fc67dd936dc3c36701b3890a96b9a08a4c882dd55e3829f41bbf9ad8f", "736058aa507eb1570d899db54febd0f816024aaa0fa0b5f06a661a198c640a0e", "7c958a4d8b2165ddd93c80395888eaf8da27d9ce31e7ef00e3d146fc32aa63bc", "b591401bbda267a5ece476f2b5c4f0959cb79da74e0a256a3836c5f89ca5947c", "f838ff23bd5553802202fc0776b5eb8a5e8bfd1e7c7112d6acccdf597846cd6d", "39cf77842e11ecfbc7e851861f4f9169dea5dcf3cf280a9ce9a7f6236113a20e", "237a2c7719cdf90744d166e26438d1c40c3472e61079597e5a33b2cde9769a59", "2045865f12d0082a865528dbfcc1f0ce0d0914c1d48e4c373c4a8c009c20c5c5", "655a144ccc0671990e702854976ed8235351b8dbc4d324e0915fe1a715fea0e6", "75711d91237c936d827e83604902ecaffba48c0dae44140f344b392bbc245b7b", "4638beb0a617276cc2f6e40039d9c0ee4599e70fe10153b72d4d10e750bcf476", "05b98f95d524723ff252eb1b7d06b08ef53ed0167890ee08a0259df07364ca19", "113065116d670e6286f22a2e5ea3cf29287558f29c6c3879f65f0ca1644956d7", "4aeefb7c299fdc32b19776eeed81d6b2fbc76d25f39f9c36f7faffb599c90670", "01f7f1e731bc908ff86d83f63a23ac276b64497de53c1be380426c16a9f801db", "0573255ba08ab854460c43f1c812af695d6d48ac3f13585671084d0daf8133ce", "46e34644254353513e7c69ec7c4f488fb4cff57c7c864c826603d42ca4f28caf", "22a2be28e4e4ab5e0bbaf4671f2fc43bd80c994d8bc5e234cabba23dfc2f42f9", "1364fdda62735a6cc319b7ef003e1ed3d8e149a4504cd6499a7f509482bf1478", "6d5e7793d82e2611ebff1095b0990a71a301a8bceed76a2a5ff77943e19379fa", "39958c7b0b05e0bf6bd72a0adff30cd91fff15064f8c89da58a4b13deaac88f4", "352fa0a8c57c6bae732b1e965122e529a69b1e95f0d6a9f9585dc81a8ca3b9ab", "1979d0914c482db43f6547b8dc0ce1fd84f50efd747ba23e8f59b36d83e5dff1", "2ac6bc144a6ac5cd51791b1a8569e902ffd5f0b450c1b9cbd82385ff8da4ad0a", "5212399bb9b87469dddbb868b068732997e825062eb7a9e75a00a33430cc3188", "37c70c9fc1f420153c3a817cadef1006cf1d95242ad2debe2413b92a621a55f8", "3c2afdb2fa0c0be15a082756ed501981a169ef4e850669ebff9cc8eec4969121", "85680ecdc04142d8145bdb1858d72196ad6be45939db6e97209437662b638b5d", "1722bfb1b4935ac46f8ce5f7872936d4df04520d72c1e6c92c31856def1aeb2f", "00725719798ea8eab9fcd1bec4baee986dcaf8dd5dd4c88b44d42443539e6e93", "13350cda5210d1e2e18f6ef53fb0c5576eb40c7072b2955af85c0ce7afae115d", "22c978caecbe4a1fdf30f694baafe2cf308ad62bd83d2990830347ba2e4fb2e2", "1d82614d38b99ba7de5ffaca1f6c1b7fafcaf20a84531a38df2e2d819967a1d0", "1831f04415370a6d876620aa25f209840426ba22823e9d41f1e005ec0f34d272", "27ced4278a6980f1f30fd7d3b685409ecf9bfed82f0edacdd08f6c344fe3c4f2", "485b34f1271ee1b48aa4cd225b5a2d618e20b2bfa4f05e8d54c19e107febc36e", "03c9795ce065675e850120977db7153b569aa56fc0cf6119876dbda01b022ffd"], "mitre_attack_tags": []}, {"bi": "dns-query-nxdomain", "hashes": ["309a44279ce68b8cd4e689d6ac954e6e595c1c48ba616fdd8afbef7d9c72a2ef", "325048042fe503aad4cf54aa1bf0949f9f0a5d802c04e114e4d2bf089c725ce6", "269939e975336bda2bf73f448ee4f3f901e3d7e4696fc9776b1940b2505dedb8", "1186cd45952246257cb72414a3b0058b8410d402654dbd1ed0e326b109b5f8ad", "6e4b178f080d1469f67269ceba423ecad91b4fbd79a6c3a97c9824f6107d16da", "2484a4f84e20e51999e12f6a3d949a072831b0fb0409b163b768aa4a3de64556", "49a30aa29f4022dfc514614c407108ef36d2525f1b37e4ec4868b46c74d3cdfd", "6dfd8e46f80df7a5a6e5921a0f952cb9c2840ad48192644e7221666d1acac191", "49014b357a057c585f1de8213e0f026ed0246e8ff1490703f1729af631f80a7a", "b97eb56fdbb456afd348b36b6ff5ac4e9a4456b257a7db885e83e5a78cd91d51", "1174be2e499b873531b2b2d6709a6337cad035f7da42450280276ba41fa916d9", "0b48ed9210e2523a82e690faa6851816667a3445f85d9b36deeeedb72056f1f6", "7725e49fc67dd936dc3c36701b3890a96b9a08a4c882dd55e3829f41bbf9ad8f", "736058aa507eb1570d899db54febd0f816024aaa0fa0b5f06a661a198c640a0e", "7c958a4d8b2165ddd93c80395888eaf8da27d9ce31e7ef00e3d146fc32aa63bc", "b591401bbda267a5ece476f2b5c4f0959cb79da74e0a256a3836c5f89ca5947c", "f838ff23bd5553802202fc0776b5eb8a5e8bfd1e7c7112d6acccdf597846cd6d", "237a2c7719cdf90744d166e26438d1c40c3472e61079597e5a33b2cde9769a59", "2045865f12d0082a865528dbfcc1f0ce0d0914c1d48e4c373c4a8c009c20c5c5", "655a144ccc0671990e702854976ed8235351b8dbc4d324e0915fe1a715fea0e6", "75711d91237c936d827e83604902ecaffba48c0dae44140f344b392bbc245b7b", "4638beb0a617276cc2f6e40039d9c0ee4599e70fe10153b72d4d10e750bcf476", "05b98f95d524723ff252eb1b7d06b08ef53ed0167890ee08a0259df07364ca19", "113065116d670e6286f22a2e5ea3cf29287558f29c6c3879f65f0ca1644956d7", "4aeefb7c299fdc32b19776eeed81d6b2fbc76d25f39f9c36f7faffb599c90670", "01f7f1e731bc908ff86d83f63a23ac276b64497de53c1be380426c16a9f801db", "0573255ba08ab854460c43f1c812af695d6d48ac3f13585671084d0daf8133ce", "46e34644254353513e7c69ec7c4f488fb4cff57c7c864c826603d42ca4f28caf", "22a2be28e4e4ab5e0bbaf4671f2fc43bd80c994d8bc5e234cabba23dfc2f42f9", "1364fdda62735a6cc319b7ef003e1ed3d8e149a4504cd6499a7f509482bf1478", "6d5e7793d82e2611ebff1095b0990a71a301a8bceed76a2a5ff77943e19379fa", "39958c7b0b05e0bf6bd72a0adff30cd91fff15064f8c89da58a4b13deaac88f4", "352fa0a8c57c6bae732b1e965122e529a69b1e95f0d6a9f9585dc81a8ca3b9ab", "1979d0914c482db43f6547b8dc0ce1fd84f50efd747ba23e8f59b36d83e5dff1", "2ac6bc144a6ac5cd51791b1a8569e902ffd5f0b450c1b9cbd82385ff8da4ad0a", "5212399bb9b87469dddbb868b068732997e825062eb7a9e75a00a33430cc3188", "37c70c9fc1f420153c3a817cadef1006cf1d95242ad2debe2413b92a621a55f8", "3c2afdb2fa0c0be15a082756ed501981a169ef4e850669ebff9cc8eec4969121", "85680ecdc04142d8145bdb1858d72196ad6be45939db6e97209437662b638b5d", "1722bfb1b4935ac46f8ce5f7872936d4df04520d72c1e6c92c31856def1aeb2f", "00725719798ea8eab9fcd1bec4baee986dcaf8dd5dd4c88b44d42443539e6e93", "13350cda5210d1e2e18f6ef53fb0c5576eb40c7072b2955af85c0ce7afae115d", "22c978caecbe4a1fdf30f694baafe2cf308ad62bd83d2990830347ba2e4fb2e2", "1d82614d38b99ba7de5ffaca1f6c1b7fafcaf20a84531a38df2e2d819967a1d0", "1831f04415370a6d876620aa25f209840426ba22823e9d41f1e005ec0f34d272", "27ced4278a6980f1f30fd7d3b685409ecf9bfed82f0edacdd08f6c344fe3c4f2", "485b34f1271ee1b48aa4cd225b5a2d618e20b2bfa4f05e8d54c19e107febc36e", "03c9795ce065675e850120977db7153b569aa56fc0cf6119876dbda01b022ffd"], "mitre_attack_tags": []}, {"bi": "network-fast-flux-domain", "hashes": ["309a44279ce68b8cd4e689d6ac954e6e595c1c48ba616fdd8afbef7d9c72a2ef", "325048042fe503aad4cf54aa1bf0949f9f0a5d802c04e114e4d2bf089c725ce6", "269939e975336bda2bf73f448ee4f3f901e3d7e4696fc9776b1940b2505dedb8", "1186cd45952246257cb72414a3b0058b8410d402654dbd1ed0e326b109b5f8ad", "6e4b178f080d1469f67269ceba423ecad91b4fbd79a6c3a97c9824f6107d16da", "2484a4f84e20e51999e12f6a3d949a072831b0fb0409b163b768aa4a3de64556", "49a30aa29f4022dfc514614c407108ef36d2525f1b37e4ec4868b46c74d3cdfd", "6dfd8e46f80df7a5a6e5921a0f952cb9c2840ad48192644e7221666d1acac191", "49014b357a057c585f1de8213e0f026ed0246e8ff1490703f1729af631f80a7a", "b97eb56fdbb456afd348b36b6ff5ac4e9a4456b257a7db885e83e5a78cd91d51", "1174be2e499b873531b2b2d6709a6337cad035f7da42450280276ba41fa916d9", "0b48ed9210e2523a82e690faa6851816667a3445f85d9b36deeeedb72056f1f6", "7725e49fc67dd936dc3c36701b3890a96b9a08a4c882dd55e3829f41bbf9ad8f", "736058aa507eb1570d899db54febd0f816024aaa0fa0b5f06a661a198c640a0e", "7c958a4d8b2165ddd93c80395888eaf8da27d9ce31e7ef00e3d146fc32aa63bc", "b591401bbda267a5ece476f2b5c4f0959cb79da74e0a256a3836c5f89ca5947c", "f838ff23bd5553802202fc0776b5eb8a5e8bfd1e7c7112d6acccdf597846cd6d", "39cf77842e11ecfbc7e851861f4f9169dea5dcf3cf280a9ce9a7f6236113a20e", "237a2c7719cdf90744d166e26438d1c40c3472e61079597e5a33b2cde9769a59", "2045865f12d0082a865528dbfcc1f0ce0d0914c1d48e4c373c4a8c009c20c5c5", "75711d91237c936d827e83604902ecaffba48c0dae44140f344b392bbc245b7b", "4638beb0a617276cc2f6e40039d9c0ee4599e70fe10153b72d4d10e750bcf476", "05b98f95d524723ff252eb1b7d06b08ef53ed0167890ee08a0259df07364ca19", "113065116d670e6286f22a2e5ea3cf29287558f29c6c3879f65f0ca1644956d7", "4aeefb7c299fdc32b19776eeed81d6b2fbc76d25f39f9c36f7faffb599c90670", "01f7f1e731bc908ff86d83f63a23ac276b64497de53c1be380426c16a9f801db", "0573255ba08ab854460c43f1c812af695d6d48ac3f13585671084d0daf8133ce", "46e34644254353513e7c69ec7c4f488fb4cff57c7c864c826603d42ca4f28caf", "22a2be28e4e4ab5e0bbaf4671f2fc43bd80c994d8bc5e234cabba23dfc2f42f9", "1364fdda62735a6cc319b7ef003e1ed3d8e149a4504cd6499a7f509482bf1478", "6d5e7793d82e2611ebff1095b0990a71a301a8bceed76a2a5ff77943e19379fa", "39958c7b0b05e0bf6bd72a0adff30cd91fff15064f8c89da58a4b13deaac88f4", "352fa0a8c57c6bae732b1e965122e529a69b1e95f0d6a9f9585dc81a8ca3b9ab", "1979d0914c482db43f6547b8dc0ce1fd84f50efd747ba23e8f59b36d83e5dff1", "2ac6bc144a6ac5cd51791b1a8569e902ffd5f0b450c1b9cbd82385ff8da4ad0a", "37c70c9fc1f420153c3a817cadef1006cf1d95242ad2debe2413b92a621a55f8", "3c2afdb2fa0c0be15a082756ed501981a169ef4e850669ebff9cc8eec4969121", "85680ecdc04142d8145bdb1858d72196ad6be45939db6e97209437662b638b5d", "1722bfb1b4935ac46f8ce5f7872936d4df04520d72c1e6c92c31856def1aeb2f", "00725719798ea8eab9fcd1bec4baee986dcaf8dd5dd4c88b44d42443539e6e93", "13350cda5210d1e2e18f6ef53fb0c5576eb40c7072b2955af85c0ce7afae115d", "22c978caecbe4a1fdf30f694baafe2cf308ad62bd83d2990830347ba2e4fb2e2", "1d82614d38b99ba7de5ffaca1f6c1b7fafcaf20a84531a38df2e2d819967a1d0", "1831f04415370a6d876620aa25f209840426ba22823e9d41f1e005ec0f34d272", "27ced4278a6980f1f30fd7d3b685409ecf9bfed82f0edacdd08f6c344fe3c4f2", "485b34f1271ee1b48aa4cd225b5a2d618e20b2bfa4f05e8d54c19e107febc36e", "03c9795ce065675e850120977db7153b569aa56fc0cf6119876dbda01b022ffd"], "mitre_attack_tags": []}, {"bi": "network-communications-http-get", "hashes": ["309a44279ce68b8cd4e689d6ac954e6e595c1c48ba616fdd8afbef7d9c72a2ef", "325048042fe503aad4cf54aa1bf0949f9f0a5d802c04e114e4d2bf089c725ce6", "269939e975336bda2bf73f448ee4f3f901e3d7e4696fc9776b1940b2505dedb8", "1186cd45952246257cb72414a3b0058b8410d402654dbd1ed0e326b109b5f8ad", "6e4b178f080d1469f67269ceba423ecad91b4fbd79a6c3a97c9824f6107d16da", "2484a4f84e20e51999e12f6a3d949a072831b0fb0409b163b768aa4a3de64556", "49a30aa29f4022dfc514614c407108ef36d2525f1b37e4ec4868b46c74d3cdfd", "6dfd8e46f80df7a5a6e5921a0f952cb9c2840ad48192644e7221666d1acac191", "49014b357a057c585f1de8213e0f026ed0246e8ff1490703f1729af631f80a7a", "b97eb56fdbb456afd348b36b6ff5ac4e9a4456b257a7db885e83e5a78cd91d51", "1174be2e499b873531b2b2d6709a6337cad035f7da42450280276ba41fa916d9", "0b48ed9210e2523a82e690faa6851816667a3445f85d9b36deeeedb72056f1f6", "7725e49fc67dd936dc3c36701b3890a96b9a08a4c882dd55e3829f41bbf9ad8f", "736058aa507eb1570d899db54febd0f816024aaa0fa0b5f06a661a198c640a0e", "7c958a4d8b2165ddd93c80395888eaf8da27d9ce31e7ef00e3d146fc32aa63bc", "b591401bbda267a5ece476f2b5c4f0959cb79da74e0a256a3836c5f89ca5947c", "f838ff23bd5553802202fc0776b5eb8a5e8bfd1e7c7112d6acccdf597846cd6d", "39cf77842e11ecfbc7e851861f4f9169dea5dcf3cf280a9ce9a7f6236113a20e", "237a2c7719cdf90744d166e26438d1c40c3472e61079597e5a33b2cde9769a59", "2045865f12d0082a865528dbfcc1f0ce0d0914c1d48e4c373c4a8c009c20c5c5", "75711d91237c936d827e83604902ecaffba48c0dae44140f344b392bbc245b7b", "4638beb0a617276cc2f6e40039d9c0ee4599e70fe10153b72d4d10e750bcf476", "05b98f95d524723ff252eb1b7d06b08ef53ed0167890ee08a0259df07364ca19", "113065116d670e6286f22a2e5ea3cf29287558f29c6c3879f65f0ca1644956d7", "4aeefb7c299fdc32b19776eeed81d6b2fbc76d25f39f9c36f7faffb599c90670", "01f7f1e731bc908ff86d83f63a23ac276b64497de53c1be380426c16a9f801db", "0573255ba08ab854460c43f1c812af695d6d48ac3f13585671084d0daf8133ce", "46e34644254353513e7c69ec7c4f488fb4cff57c7c864c826603d42ca4f28caf", "22a2be28e4e4ab5e0bbaf4671f2fc43bd80c994d8bc5e234cabba23dfc2f42f9", "1364fdda62735a6cc319b7ef003e1ed3d8e149a4504cd6499a7f509482bf1478", "6d5e7793d82e2611ebff1095b0990a71a301a8bceed76a2a5ff77943e19379fa", "39958c7b0b05e0bf6bd72a0adff30cd91fff15064f8c89da58a4b13deaac88f4", "352fa0a8c57c6bae732b1e965122e529a69b1e95f0d6a9f9585dc81a8ca3b9ab", "1979d0914c482db43f6547b8dc0ce1fd84f50efd747ba23e8f59b36d83e5dff1", "2ac6bc144a6ac5cd51791b1a8569e902ffd5f0b450c1b9cbd82385ff8da4ad0a", "37c70c9fc1f420153c3a817cadef1006cf1d95242ad2debe2413b92a621a55f8", "3c2afdb2fa0c0be15a082756ed501981a169ef4e850669ebff9cc8eec4969121", "85680ecdc04142d8145bdb1858d72196ad6be45939db6e97209437662b638b5d", "1722bfb1b4935ac46f8ce5f7872936d4df04520d72c1e6c92c31856def1aeb2f", "00725719798ea8eab9fcd1bec4baee986dcaf8dd5dd4c88b44d42443539e6e93", "13350cda5210d1e2e18f6ef53fb0c5576eb40c7072b2955af85c0ce7afae115d", "22c978caecbe4a1fdf30f694baafe2cf308ad62bd83d2990830347ba2e4fb2e2", "1d82614d38b99ba7de5ffaca1f6c1b7fafcaf20a84531a38df2e2d819967a1d0", "1831f04415370a6d876620aa25f209840426ba22823e9d41f1e005ec0f34d272", "27ced4278a6980f1f30fd7d3b685409ecf9bfed82f0edacdd08f6c344fe3c4f2", "485b34f1271ee1b48aa4cd225b5a2d618e20b2bfa4f05e8d54c19e107febc36e", "03c9795ce065675e850120977db7153b569aa56fc0cf6119876dbda01b022ffd"], "mitre_attack_tags": ["TA0011", "T1105"]}, {"bi": "network-fast-flux-nameserver", "hashes": ["309a44279ce68b8cd4e689d6ac954e6e595c1c48ba616fdd8afbef7d9c72a2ef", "325048042fe503aad4cf54aa1bf0949f9f0a5d802c04e114e4d2bf089c725ce6", "269939e975336bda2bf73f448ee4f3f901e3d7e4696fc9776b1940b2505dedb8", "1186cd45952246257cb72414a3b0058b8410d402654dbd1ed0e326b109b5f8ad", "6e4b178f080d1469f67269ceba423ecad91b4fbd79a6c3a97c9824f6107d16da", "2484a4f84e20e51999e12f6a3d949a072831b0fb0409b163b768aa4a3de64556", "49a30aa29f4022dfc514614c407108ef36d2525f1b37e4ec4868b46c74d3cdfd", "6dfd8e46f80df7a5a6e5921a0f952cb9c2840ad48192644e7221666d1acac191", "49014b357a057c585f1de8213e0f026ed0246e8ff1490703f1729af631f80a7a", "b97eb56fdbb456afd348b36b6ff5ac4e9a4456b257a7db885e83e5a78cd91d51", "1174be2e499b873531b2b2d6709a6337cad035f7da42450280276ba41fa916d9", "0b48ed9210e2523a82e690faa6851816667a3445f85d9b36deeeedb72056f1f6", "7725e49fc67dd936dc3c36701b3890a96b9a08a4c882dd55e3829f41bbf9ad8f", "736058aa507eb1570d899db54febd0f816024aaa0fa0b5f06a661a198c640a0e", "7c958a4d8b2165ddd93c80395888eaf8da27d9ce31e7ef00e3d146fc32aa63bc", "b591401bbda267a5ece476f2b5c4f0959cb79da74e0a256a3836c5f89ca5947c", "f838ff23bd5553802202fc0776b5eb8a5e8bfd1e7c7112d6acccdf597846cd6d", "237a2c7719cdf90744d166e26438d1c40c3472e61079597e5a33b2cde9769a59", "2045865f12d0082a865528dbfcc1f0ce0d0914c1d48e4c373c4a8c009c20c5c5", "655a144ccc0671990e702854976ed8235351b8dbc4d324e0915fe1a715fea0e6", "75711d91237c936d827e83604902ecaffba48c0dae44140f344b392bbc245b7b", "4638beb0a617276cc2f6e40039d9c0ee4599e70fe10153b72d4d10e750bcf476", "05b98f95d524723ff252eb1b7d06b08ef53ed0167890ee08a0259df07364ca19", "113065116d670e6286f22a2e5ea3cf29287558f29c6c3879f65f0ca1644956d7", "4aeefb7c299fdc32b19776eeed81d6b2fbc76d25f39f9c36f7faffb599c90670", "01f7f1e731bc908ff86d83f63a23ac276b64497de53c1be380426c16a9f801db", "0573255ba08ab854460c43f1c812af695d6d48ac3f13585671084d0daf8133ce", "46e34644254353513e7c69ec7c4f488fb4cff57c7c864c826603d42ca4f28caf", "22a2be28e4e4ab5e0bbaf4671f2fc43bd80c994d8bc5e234cabba23dfc2f42f9", "1364fdda62735a6cc319b7ef003e1ed3d8e149a4504cd6499a7f509482bf1478", "6d5e7793d82e2611ebff1095b0990a71a301a8bceed76a2a5ff77943e19379fa", "39958c7b0b05e0bf6bd72a0adff30cd91fff15064f8c89da58a4b13deaac88f4", "1979d0914c482db43f6547b8dc0ce1fd84f50efd747ba23e8f59b36d83e5dff1", "2ac6bc144a6ac5cd51791b1a8569e902ffd5f0b450c1b9cbd82385ff8da4ad0a", "5212399bb9b87469dddbb868b068732997e825062eb7a9e75a00a33430cc3188", "37c70c9fc1f420153c3a817cadef1006cf1d95242ad2debe2413b92a621a55f8", "3c2afdb2fa0c0be15a082756ed501981a169ef4e850669ebff9cc8eec4969121", "85680ecdc04142d8145bdb1858d72196ad6be45939db6e97209437662b638b5d", "1722bfb1b4935ac46f8ce5f7872936d4df04520d72c1e6c92c31856def1aeb2f", "00725719798ea8eab9fcd1bec4baee986dcaf8dd5dd4c88b44d42443539e6e93", "13350cda5210d1e2e18f6ef53fb0c5576eb40c7072b2955af85c0ce7afae115d", "22c978caecbe4a1fdf30f694baafe2cf308ad62bd83d2990830347ba2e4fb2e2", "1d82614d38b99ba7de5ffaca1f6c1b7fafcaf20a84531a38df2e2d819967a1d0", "1831f04415370a6d876620aa25f209840426ba22823e9d41f1e005ec0f34d272", "27ced4278a6980f1f30fd7d3b685409ecf9bfed82f0edacdd08f6c344fe3c4f2", "485b34f1271ee1b48aa4cd225b5a2d618e20b2bfa4f05e8d54c19e107febc36e", "03c9795ce065675e850120977db7153b569aa56fc0cf6119876dbda01b022ffd"], "mitre_attack_tags": []}, {"bi": "nginx-webserver-detected", "hashes": ["309a44279ce68b8cd4e689d6ac954e6e595c1c48ba616fdd8afbef7d9c72a2ef", "325048042fe503aad4cf54aa1bf0949f9f0a5d802c04e114e4d2bf089c725ce6", "269939e975336bda2bf73f448ee4f3f901e3d7e4696fc9776b1940b2505dedb8", "1186cd45952246257cb72414a3b0058b8410d402654dbd1ed0e326b109b5f8ad", "6e4b178f080d1469f67269ceba423ecad91b4fbd79a6c3a97c9824f6107d16da", "2484a4f84e20e51999e12f6a3d949a072831b0fb0409b163b768aa4a3de64556", "49a30aa29f4022dfc514614c407108ef36d2525f1b37e4ec4868b46c74d3cdfd", "6dfd8e46f80df7a5a6e5921a0f952cb9c2840ad48192644e7221666d1acac191", "49014b357a057c585f1de8213e0f026ed0246e8ff1490703f1729af631f80a7a", "b97eb56fdbb456afd348b36b6ff5ac4e9a4456b257a7db885e83e5a78cd91d51", "1174be2e499b873531b2b2d6709a6337cad035f7da42450280276ba41fa916d9", "0b48ed9210e2523a82e690faa6851816667a3445f85d9b36deeeedb72056f1f6", "7725e49fc67dd936dc3c36701b3890a96b9a08a4c882dd55e3829f41bbf9ad8f", "736058aa507eb1570d899db54febd0f816024aaa0fa0b5f06a661a198c640a0e", "7c958a4d8b2165ddd93c80395888eaf8da27d9ce31e7ef00e3d146fc32aa63bc", "b591401bbda267a5ece476f2b5c4f0959cb79da74e0a256a3836c5f89ca5947c", "f838ff23bd5553802202fc0776b5eb8a5e8bfd1e7c7112d6acccdf597846cd6d", "39cf77842e11ecfbc7e851861f4f9169dea5dcf3cf280a9ce9a7f6236113a20e", "237a2c7719cdf90744d166e26438d1c40c3472e61079597e5a33b2cde9769a59", "75711d91237c936d827e83604902ecaffba48c0dae44140f344b392bbc245b7b", "4638beb0a617276cc2f6e40039d9c0ee4599e70fe10153b72d4d10e750bcf476", "05b98f95d524723ff252eb1b7d06b08ef53ed0167890ee08a0259df07364ca19", "113065116d670e6286f22a2e5ea3cf29287558f29c6c3879f65f0ca1644956d7", "4aeefb7c299fdc32b19776eeed81d6b2fbc76d25f39f9c36f7faffb599c90670", "01f7f1e731bc908ff86d83f63a23ac276b64497de53c1be380426c16a9f801db", "0573255ba08ab854460c43f1c812af695d6d48ac3f13585671084d0daf8133ce", "46e34644254353513e7c69ec7c4f488fb4cff57c7c864c826603d42ca4f28caf", "1364fdda62735a6cc319b7ef003e1ed3d8e149a4504cd6499a7f509482bf1478", "6d5e7793d82e2611ebff1095b0990a71a301a8bceed76a2a5ff77943e19379fa", "39958c7b0b05e0bf6bd72a0adff30cd91fff15064f8c89da58a4b13deaac88f4", "352fa0a8c57c6bae732b1e965122e529a69b1e95f0d6a9f9585dc81a8ca3b9ab", "1979d0914c482db43f6547b8dc0ce1fd84f50efd747ba23e8f59b36d83e5dff1", "2ac6bc144a6ac5cd51791b1a8569e902ffd5f0b450c1b9cbd82385ff8da4ad0a", "37c70c9fc1f420153c3a817cadef1006cf1d95242ad2debe2413b92a621a55f8", "3c2afdb2fa0c0be15a082756ed501981a169ef4e850669ebff9cc8eec4969121", "00725719798ea8eab9fcd1bec4baee986dcaf8dd5dd4c88b44d42443539e6e93", "13350cda5210d1e2e18f6ef53fb0c5576eb40c7072b2955af85c0ce7afae115d", "1d82614d38b99ba7de5ffaca1f6c1b7fafcaf20a84531a38df2e2d819967a1d0", "27ced4278a6980f1f30fd7d3b685409ecf9bfed82f0edacdd08f6c344fe3c4f2", "485b34f1271ee1b48aa4cd225b5a2d618e20b2bfa4f05e8d54c19e107febc36e", "03c9795ce065675e850120977db7153b569aa56fc0cf6119876dbda01b022ffd"], "mitre_attack_tags": []}, {"bi": "http-response-redirect", "hashes": ["309a44279ce68b8cd4e689d6ac954e6e595c1c48ba616fdd8afbef7d9c72a2ef", "325048042fe503aad4cf54aa1bf0949f9f0a5d802c04e114e4d2bf089c725ce6", "269939e975336bda2bf73f448ee4f3f901e3d7e4696fc9776b1940b2505dedb8", "1186cd45952246257cb72414a3b0058b8410d402654dbd1ed0e326b109b5f8ad", "6e4b178f080d1469f67269ceba423ecad91b4fbd79a6c3a97c9824f6107d16da", "2484a4f84e20e51999e12f6a3d949a072831b0fb0409b163b768aa4a3de64556", "49a30aa29f4022dfc514614c407108ef36d2525f1b37e4ec4868b46c74d3cdfd", "6dfd8e46f80df7a5a6e5921a0f952cb9c2840ad48192644e7221666d1acac191", "49014b357a057c585f1de8213e0f026ed0246e8ff1490703f1729af631f80a7a", "b97eb56fdbb456afd348b36b6ff5ac4e9a4456b257a7db885e83e5a78cd91d51", "1174be2e499b873531b2b2d6709a6337cad035f7da42450280276ba41fa916d9", "0b48ed9210e2523a82e690faa6851816667a3445f85d9b36deeeedb72056f1f6", "7725e49fc67dd936dc3c36701b3890a96b9a08a4c882dd55e3829f41bbf9ad8f", "736058aa507eb1570d899db54febd0f816024aaa0fa0b5f06a661a198c640a0e", "7c958a4d8b2165ddd93c80395888eaf8da27d9ce31e7ef00e3d146fc32aa63bc", "b591401bbda267a5ece476f2b5c4f0959cb79da74e0a256a3836c5f89ca5947c", "f838ff23bd5553802202fc0776b5eb8a5e8bfd1e7c7112d6acccdf597846cd6d", "39cf77842e11ecfbc7e851861f4f9169dea5dcf3cf280a9ce9a7f6236113a20e", "237a2c7719cdf90744d166e26438d1c40c3472e61079597e5a33b2cde9769a59", "75711d91237c936d827e83604902ecaffba48c0dae44140f344b392bbc245b7b", "4638beb0a617276cc2f6e40039d9c0ee4599e70fe10153b72d4d10e750bcf476", "05b98f95d524723ff252eb1b7d06b08ef53ed0167890ee08a0259df07364ca19", "113065116d670e6286f22a2e5ea3cf29287558f29c6c3879f65f0ca1644956d7", "4aeefb7c299fdc32b19776eeed81d6b2fbc76d25f39f9c36f7faffb599c90670", "01f7f1e731bc908ff86d83f63a23ac276b64497de53c1be380426c16a9f801db", "0573255ba08ab854460c43f1c812af695d6d48ac3f13585671084d0daf8133ce", "46e34644254353513e7c69ec7c4f488fb4cff57c7c864c826603d42ca4f28caf", "1364fdda62735a6cc319b7ef003e1ed3d8e149a4504cd6499a7f509482bf1478", "6d5e7793d82e2611ebff1095b0990a71a301a8bceed76a2a5ff77943e19379fa", "39958c7b0b05e0bf6bd72a0adff30cd91fff15064f8c89da58a4b13deaac88f4", "352fa0a8c57c6bae732b1e965122e529a69b1e95f0d6a9f9585dc81a8ca3b9ab", "1979d0914c482db43f6547b8dc0ce1fd84f50efd747ba23e8f59b36d83e5dff1", "2ac6bc144a6ac5cd51791b1a8569e902ffd5f0b450c1b9cbd82385ff8da4ad0a", "37c70c9fc1f420153c3a817cadef1006cf1d95242ad2debe2413b92a621a55f8", "3c2afdb2fa0c0be15a082756ed501981a169ef4e850669ebff9cc8eec4969121", "00725719798ea8eab9fcd1bec4baee986dcaf8dd5dd4c88b44d42443539e6e93", "13350cda5210d1e2e18f6ef53fb0c5576eb40c7072b2955af85c0ce7afae115d", "1d82614d38b99ba7de5ffaca1f6c1b7fafcaf20a84531a38df2e2d819967a1d0", "27ced4278a6980f1f30fd7d3b685409ecf9bfed82f0edacdd08f6c344fe3c4f2", "485b34f1271ee1b48aa4cd225b5a2d618e20b2bfa4f05e8d54c19e107febc36e", "03c9795ce065675e850120977db7153b569aa56fc0cf6119876dbda01b022ffd"], "mitre_attack_tags": []}, {"bi": "artifact-flagged-anomaly", "hashes": ["309a44279ce68b8cd4e689d6ac954e6e595c1c48ba616fdd8afbef7d9c72a2ef", "325048042fe503aad4cf54aa1bf0949f9f0a5d802c04e114e4d2bf089c725ce6", "1186cd45952246257cb72414a3b0058b8410d402654dbd1ed0e326b109b5f8ad", "2484a4f84e20e51999e12f6a3d949a072831b0fb0409b163b768aa4a3de64556", "49a30aa29f4022dfc514614c407108ef36d2525f1b37e4ec4868b46c74d3cdfd", "b97eb56fdbb456afd348b36b6ff5ac4e9a4456b257a7db885e83e5a78cd91d51", "7725e49fc67dd936dc3c36701b3890a96b9a08a4c882dd55e3829f41bbf9ad8f", "736058aa507eb1570d899db54febd0f816024aaa0fa0b5f06a661a198c640a0e", "7c958a4d8b2165ddd93c80395888eaf8da27d9ce31e7ef00e3d146fc32aa63bc", "39cf77842e11ecfbc7e851861f4f9169dea5dcf3cf280a9ce9a7f6236113a20e", "2045865f12d0082a865528dbfcc1f0ce0d0914c1d48e4c373c4a8c009c20c5c5", "655a144ccc0671990e702854976ed8235351b8dbc4d324e0915fe1a715fea0e6", "4638beb0a617276cc2f6e40039d9c0ee4599e70fe10153b72d4d10e750bcf476", "4aeefb7c299fdc32b19776eeed81d6b2fbc76d25f39f9c36f7faffb599c90670", "01f7f1e731bc908ff86d83f63a23ac276b64497de53c1be380426c16a9f801db", "0573255ba08ab854460c43f1c812af695d6d48ac3f13585671084d0daf8133ce", "46e34644254353513e7c69ec7c4f488fb4cff57c7c864c826603d42ca4f28caf", "22a2be28e4e4ab5e0bbaf4671f2fc43bd80c994d8bc5e234cabba23dfc2f42f9", "1364fdda62735a6cc319b7ef003e1ed3d8e149a4504cd6499a7f509482bf1478", "39958c7b0b05e0bf6bd72a0adff30cd91fff15064f8c89da58a4b13deaac88f4", "352fa0a8c57c6bae732b1e965122e529a69b1e95f0d6a9f9585dc81a8ca3b9ab", "1979d0914c482db43f6547b8dc0ce1fd84f50efd747ba23e8f59b36d83e5dff1", "2ac6bc144a6ac5cd51791b1a8569e902ffd5f0b450c1b9cbd82385ff8da4ad0a", "5212399bb9b87469dddbb868b068732997e825062eb7a9e75a00a33430cc3188", "37c70c9fc1f420153c3a817cadef1006cf1d95242ad2debe2413b92a621a55f8", "3c2afdb2fa0c0be15a082756ed501981a169ef4e850669ebff9cc8eec4969121", "85680ecdc04142d8145bdb1858d72196ad6be45939db6e97209437662b638b5d", "00725719798ea8eab9fcd1bec4baee986dcaf8dd5dd4c88b44d42443539e6e93", "13350cda5210d1e2e18f6ef53fb0c5576eb40c7072b2955af85c0ce7afae115d", "22c978caecbe4a1fdf30f694baafe2cf308ad62bd83d2990830347ba2e4fb2e2", "1831f04415370a6d876620aa25f209840426ba22823e9d41f1e005ec0f34d272", "27ced4278a6980f1f30fd7d3b685409ecf9bfed82f0edacdd08f6c344fe3c4f2", "03c9795ce065675e850120977db7153b569aa56fc0cf6119876dbda01b022ffd"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "network-snort-os-windows-warning", "hashes": ["325048042fe503aad4cf54aa1bf0949f9f0a5d802c04e114e4d2bf089c725ce6", "269939e975336bda2bf73f448ee4f3f901e3d7e4696fc9776b1940b2505dedb8", "1186cd45952246257cb72414a3b0058b8410d402654dbd1ed0e326b109b5f8ad", "6e4b178f080d1469f67269ceba423ecad91b4fbd79a6c3a97c9824f6107d16da", "49a30aa29f4022dfc514614c407108ef36d2525f1b37e4ec4868b46c74d3cdfd", "6dfd8e46f80df7a5a6e5921a0f952cb9c2840ad48192644e7221666d1acac191", "49014b357a057c585f1de8213e0f026ed0246e8ff1490703f1729af631f80a7a", "b97eb56fdbb456afd348b36b6ff5ac4e9a4456b257a7db885e83e5a78cd91d51", "1174be2e499b873531b2b2d6709a6337cad035f7da42450280276ba41fa916d9", "0b48ed9210e2523a82e690faa6851816667a3445f85d9b36deeeedb72056f1f6", "7c958a4d8b2165ddd93c80395888eaf8da27d9ce31e7ef00e3d146fc32aa63bc", "b591401bbda267a5ece476f2b5c4f0959cb79da74e0a256a3836c5f89ca5947c", "39cf77842e11ecfbc7e851861f4f9169dea5dcf3cf280a9ce9a7f6236113a20e", "237a2c7719cdf90744d166e26438d1c40c3472e61079597e5a33b2cde9769a59", "4638beb0a617276cc2f6e40039d9c0ee4599e70fe10153b72d4d10e750bcf476", "05b98f95d524723ff252eb1b7d06b08ef53ed0167890ee08a0259df07364ca19", "113065116d670e6286f22a2e5ea3cf29287558f29c6c3879f65f0ca1644956d7", "0573255ba08ab854460c43f1c812af695d6d48ac3f13585671084d0daf8133ce", "22a2be28e4e4ab5e0bbaf4671f2fc43bd80c994d8bc5e234cabba23dfc2f42f9", "1364fdda62735a6cc319b7ef003e1ed3d8e149a4504cd6499a7f509482bf1478", "6d5e7793d82e2611ebff1095b0990a71a301a8bceed76a2a5ff77943e19379fa", "352fa0a8c57c6bae732b1e965122e529a69b1e95f0d6a9f9585dc81a8ca3b9ab", "3c2afdb2fa0c0be15a082756ed501981a169ef4e850669ebff9cc8eec4969121", "13350cda5210d1e2e18f6ef53fb0c5576eb40c7072b2955af85c0ce7afae115d", "1d82614d38b99ba7de5ffaca1f6c1b7fafcaf20a84531a38df2e2d819967a1d0", "1831f04415370a6d876620aa25f209840426ba22823e9d41f1e005ec0f34d272", "27ced4278a6980f1f30fd7d3b685409ecf9bfed82f0edacdd08f6c344fe3c4f2", "03c9795ce065675e850120977db7153b569aa56fc0cf6119876dbda01b022ffd"], "mitre_attack_tags": []}, {"bi": "network-snort-protocol", "hashes": ["7725e49fc67dd936dc3c36701b3890a96b9a08a4c882dd55e3829f41bbf9ad8f", "75711d91237c936d827e83604902ecaffba48c0dae44140f344b392bbc245b7b", "0573255ba08ab854460c43f1c812af695d6d48ac3f13585671084d0daf8133ce", "37c70c9fc1f420153c3a817cadef1006cf1d95242ad2debe2413b92a621a55f8"], "mitre_attack_tags": []}, {"bi": "network-snort-indicator-obfuscation", "hashes": ["6dfd8e46f80df7a5a6e5921a0f952cb9c2840ad48192644e7221666d1acac191", "f838ff23bd5553802202fc0776b5eb8a5e8bfd1e7c7112d6acccdf597846cd6d"], "mitre_attack_tags": []}, {"bi": "network-snort-indicator-compromise", "hashes": ["352fa0a8c57c6bae732b1e965122e529a69b1e95f0d6a9f9585dc81a8ca3b9ab", "22c978caecbe4a1fdf30f694baafe2cf308ad62bd83d2990830347ba2e4fb2e2"], "mitre_attack_tags": []}], "category": "Adware", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": true, "Threat Grid": true, "Umbrella": true, "WSA": true}, "description": "This malware is able to download and upload files, inject malicious code and install additional malware.", "hashes": ["00725719798ea8eab9fcd1bec4baee986dcaf8dd5dd4c88b44d42443539e6e93", "01f7f1e731bc908ff86d83f63a23ac276b64497de53c1be380426c16a9f801db", "03c9795ce065675e850120977db7153b569aa56fc0cf6119876dbda01b022ffd", "0573255ba08ab854460c43f1c812af695d6d48ac3f13585671084d0daf8133ce", "05b98f95d524723ff252eb1b7d06b08ef53ed0167890ee08a0259df07364ca19", "0b48ed9210e2523a82e690faa6851816667a3445f85d9b36deeeedb72056f1f6", "113065116d670e6286f22a2e5ea3cf29287558f29c6c3879f65f0ca1644956d7", "1174be2e499b873531b2b2d6709a6337cad035f7da42450280276ba41fa916d9", "1186cd45952246257cb72414a3b0058b8410d402654dbd1ed0e326b109b5f8ad", "13350cda5210d1e2e18f6ef53fb0c5576eb40c7072b2955af85c0ce7afae115d", "1364fdda62735a6cc319b7ef003e1ed3d8e149a4504cd6499a7f509482bf1478", "1722bfb1b4935ac46f8ce5f7872936d4df04520d72c1e6c92c31856def1aeb2f", "1831f04415370a6d876620aa25f209840426ba22823e9d41f1e005ec0f34d272", "1979d0914c482db43f6547b8dc0ce1fd84f50efd747ba23e8f59b36d83e5dff1", "1b8f48c4373b96ca4129f2c436859f42f118f6182d094f2307731a99de3996b1", "1d82614d38b99ba7de5ffaca1f6c1b7fafcaf20a84531a38df2e2d819967a1d0", "2045865f12d0082a865528dbfcc1f0ce0d0914c1d48e4c373c4a8c009c20c5c5", "22a2be28e4e4ab5e0bbaf4671f2fc43bd80c994d8bc5e234cabba23dfc2f42f9", "22c978caecbe4a1fdf30f694baafe2cf308ad62bd83d2990830347ba2e4fb2e2", "237a2c7719cdf90744d166e26438d1c40c3472e61079597e5a33b2cde9769a59", "2484a4f84e20e51999e12f6a3d949a072831b0fb0409b163b768aa4a3de64556", "269939e975336bda2bf73f448ee4f3f901e3d7e4696fc9776b1940b2505dedb8", "27ced4278a6980f1f30fd7d3b685409ecf9bfed82f0edacdd08f6c344fe3c4f2", "2ac6bc144a6ac5cd51791b1a8569e902ffd5f0b450c1b9cbd82385ff8da4ad0a", "309a44279ce68b8cd4e689d6ac954e6e595c1c48ba616fdd8afbef7d9c72a2ef", "325048042fe503aad4cf54aa1bf0949f9f0a5d802c04e114e4d2bf089c725ce6", "352fa0a8c57c6bae732b1e965122e529a69b1e95f0d6a9f9585dc81a8ca3b9ab", "3624a2f53856ff1d7b56c387e5bc0486f2238d143e8db3d3297ac2d26b4d0608", "37c70c9fc1f420153c3a817cadef1006cf1d95242ad2debe2413b92a621a55f8", "39958c7b0b05e0bf6bd72a0adff30cd91fff15064f8c89da58a4b13deaac88f4", "39cf77842e11ecfbc7e851861f4f9169dea5dcf3cf280a9ce9a7f6236113a20e", "3c2afdb2fa0c0be15a082756ed501981a169ef4e850669ebff9cc8eec4969121", "3d0d3cb4cd6b67a5f4cf16a3676b17a03455542fd21d017de677f03f1fc9b0cf", "4293d196a87246849a67be2351b879ff0c153bcb9b93c0edd1f40b136ef50f2e", "4434a905f55830e673a8817884ad0bf3eb6a2f343b43dc512fa3064c7d8b5ccd", "4638beb0a617276cc2f6e40039d9c0ee4599e70fe10153b72d4d10e750bcf476", "46e34644254353513e7c69ec7c4f488fb4cff57c7c864c826603d42ca4f28caf", "485b34f1271ee1b48aa4cd225b5a2d618e20b2bfa4f05e8d54c19e107febc36e", "49014b357a057c585f1de8213e0f026ed0246e8ff1490703f1729af631f80a7a", "49707486597e9bdc2eb56382c847ab549f75220167a68be0ed1e680a9ca054d0", "49a30aa29f4022dfc514614c407108ef36d2525f1b37e4ec4868b46c74d3cdfd", "4aeefb7c299fdc32b19776eeed81d6b2fbc76d25f39f9c36f7faffb599c90670", "5212399bb9b87469dddbb868b068732997e825062eb7a9e75a00a33430cc3188", "52cc8c4f094bf0e73a817df77d2e25cb94e5aec0fadb1d57b627c953a040ba16", "55529b961f3d3ff4b7ca2af9888fa570d374618eaf142b7b13536c605150598f", "603e99f107d6d61b25b410221ddd09aca97e266274ebff639152727f7727dcc0", "646f5acd0b77553a6d1dcc2bdb37d2d8d563fa7c27407eee41dad619333ceee2", "655a144ccc0671990e702854976ed8235351b8dbc4d324e0915fe1a715fea0e6", "6d5e7793d82e2611ebff1095b0990a71a301a8bceed76a2a5ff77943e19379fa", "6dfd8e46f80df7a5a6e5921a0f952cb9c2840ad48192644e7221666d1acac191", "6e4b178f080d1469f67269ceba423ecad91b4fbd79a6c3a97c9824f6107d16da", "736058aa507eb1570d899db54febd0f816024aaa0fa0b5f06a661a198c640a0e", "75711d91237c936d827e83604902ecaffba48c0dae44140f344b392bbc245b7b", "7725e49fc67dd936dc3c36701b3890a96b9a08a4c882dd55e3829f41bbf9ad8f", "7c958a4d8b2165ddd93c80395888eaf8da27d9ce31e7ef00e3d146fc32aa63bc", "82c2e50b7f1a775a09e45cb18047968bc5e2d28a80ac0d1933b27b95c7d53f7e", "84595bd78b03adea399e648c87d218301ba6d432515c00e7e8638458e1bc9d36", "85680ecdc04142d8145bdb1858d72196ad6be45939db6e97209437662b638b5d", "876df6250660d861c6dc65571827143dc78e2f8c0cde1a905bf04cc858c9667d", "87e841840e6b8e3a0f85f4b20c85476a7ed67e17a44f82dd63685af439521bb4", "8803a20d873128317f9a8018fe9b33d97bb1d798a8376b42a9d70c52b18cd42e", "8852ba2a94b043b1d24e14046b6a450ba97ae2c1d3f30594367d4e4245ac735c", "8d29c070f982fd65f1694e1ac580f005f740264b78b1ad5e4fed8fecf4d1beac", "8dce9f092ca047262155b0f0377b286a24f6f7d49f193af60f7ee1404697338f", "8fcdaccbbc234917afbe5935f5875880f4a0dbc2b5891f33d6ca825d9a73c1d9", "9333bb5863025e7368bc66bbb41d50d605e95451729750335dfea5aaa9e8e1e5", "95251f9ff01eaa2b40c12a69b60187b3acc41f4c4783fbe2e19519f09e950c74", "95e91aa0eed417a75b0dbd8912767e15ea29ee2e4162565013fe3bbceddf5b54", "9b045071ca2ee2594dbc2d1f27af67eabd1f8ad6321cc602a2bb516919c87a11", "a26ee41c9f533f2e471f0e0573f250745e30a5354e37081b4987d665604621e8", "a379539b4e539be94d5b9c661dfc6be5a019ed347c561b03590d68cc51f660a3", "a5d34f27a0930f358a020dce57dcc4dc6894b5276b296725462df3043db9eda3", "a919e9adfe22e4aa54958cf8a820c2153485054807edd5fa87a129c39c55d110", "a987fd12b1caf3c92c8f874d4f2121ffc4bed002c2f04c3a96a0be0c3b677189", "aaad5cb4b3d1f7790eff924c61db44b86f07a8643c4171d4c460e2c1b6f982db", "b38a02bb5564128fb26c9640ee9e5ee514c1b7fa45df1c65271c030f4ba51318", "b437d7dac2ca42083baa02f1a040e1c1b9ceb87dc16e1bffc35f55ab623bf0e8", "b55bffeb6d90d437d8b00e35a39273f6dea6e865f7ec1bc0084d0c5fbb646c27", "b591401bbda267a5ece476f2b5c4f0959cb79da74e0a256a3836c5f89ca5947c", "b97eb56fdbb456afd348b36b6ff5ac4e9a4456b257a7db885e83e5a78cd91d51", "c491daba845c9e5348f1c3da5c3111859866b9f634fbe189c993e7d70b2b9b74", "ca879b30deacd70fb2538f618ae7d6602b8c05b4e02208d70871c88a57644f2e", "cb2a04c8895e4a1576a68898eca38d0aec471597b9fa5dfa2d67cd11c1d3a007", "cc0a6e28b1608abaa0841dcb30e9b46e68ee8996bbbec67a40719c42045944b4", "d08f7d60522d71769f325ae85d27e82ba7ef69a5dbf231fb4760a1c038ac6b45", "dafb8a27f95c0b4b9e01e5b6f4198802d0585f34cff2d1dbb7cd8feebf59ba50", "dbb1ab95fc9d62b794d5eaceae28b5e3aba5a49b642f85af13c4a6ad9584d5b4", "e939d3ffad52bff0336be850cdccfb2418fb44d7fa1f79b4f0b59d2716aa97e0", "f18ac701fef2198d77944bf420c1dd7f330ff46e2987e0dd0b96aafe5874035f", "f59afcf7f4c3b9b8805c11d46e167f6cdea68086e0fce3070468aaa8faaf9b4f", "f838ff23bd5553802202fc0776b5eb8a5e8bfd1e7c7112d6acccdf597846cd6d", "fad9d886453ab375ffb4c33e3afb3934ab926eed67a4f4dc215efa22520ecae9", "fc344766c97e438b353e2470010d3b5fce4378e75a70100340c51c6614f51779"], "iocs": {"domain": [{"hashes": ["00725719798ea8eab9fcd1bec4baee986dcaf8dd5dd4c88b44d42443539e6e93", "01f7f1e731bc908ff86d83f63a23ac276b64497de53c1be380426c16a9f801db", "03c9795ce065675e850120977db7153b569aa56fc0cf6119876dbda01b022ffd", "0573255ba08ab854460c43f1c812af695d6d48ac3f13585671084d0daf8133ce", "05b98f95d524723ff252eb1b7d06b08ef53ed0167890ee08a0259df07364ca19", "0b48ed9210e2523a82e690faa6851816667a3445f85d9b36deeeedb72056f1f6", "113065116d670e6286f22a2e5ea3cf29287558f29c6c3879f65f0ca1644956d7", "1174be2e499b873531b2b2d6709a6337cad035f7da42450280276ba41fa916d9", "1186cd45952246257cb72414a3b0058b8410d402654dbd1ed0e326b109b5f8ad", "13350cda5210d1e2e18f6ef53fb0c5576eb40c7072b2955af85c0ce7afae115d", "1364fdda62735a6cc319b7ef003e1ed3d8e149a4504cd6499a7f509482bf1478", "1722bfb1b4935ac46f8ce5f7872936d4df04520d72c1e6c92c31856def1aeb2f", "1831f04415370a6d876620aa25f209840426ba22823e9d41f1e005ec0f34d272", "1979d0914c482db43f6547b8dc0ce1fd84f50efd747ba23e8f59b36d83e5dff1", "1d82614d38b99ba7de5ffaca1f6c1b7fafcaf20a84531a38df2e2d819967a1d0", "2045865f12d0082a865528dbfcc1f0ce0d0914c1d48e4c373c4a8c009c20c5c5", "22a2be28e4e4ab5e0bbaf4671f2fc43bd80c994d8bc5e234cabba23dfc2f42f9", "22c978caecbe4a1fdf30f694baafe2cf308ad62bd83d2990830347ba2e4fb2e2", "237a2c7719cdf90744d166e26438d1c40c3472e61079597e5a33b2cde9769a59", "2484a4f84e20e51999e12f6a3d949a072831b0fb0409b163b768aa4a3de64556", "269939e975336bda2bf73f448ee4f3f901e3d7e4696fc9776b1940b2505dedb8", "27ced4278a6980f1f30fd7d3b685409ecf9bfed82f0edacdd08f6c344fe3c4f2", "2ac6bc144a6ac5cd51791b1a8569e902ffd5f0b450c1b9cbd82385ff8da4ad0a", "309a44279ce68b8cd4e689d6ac954e6e595c1c48ba616fdd8afbef7d9c72a2ef", "325048042fe503aad4cf54aa1bf0949f9f0a5d802c04e114e4d2bf089c725ce6", "352fa0a8c57c6bae732b1e965122e529a69b1e95f0d6a9f9585dc81a8ca3b9ab", "37c70c9fc1f420153c3a817cadef1006cf1d95242ad2debe2413b92a621a55f8", "39958c7b0b05e0bf6bd72a0adff30cd91fff15064f8c89da58a4b13deaac88f4", "39cf77842e11ecfbc7e851861f4f9169dea5dcf3cf280a9ce9a7f6236113a20e", "3c2afdb2fa0c0be15a082756ed501981a169ef4e850669ebff9cc8eec4969121", "4638beb0a617276cc2f6e40039d9c0ee4599e70fe10153b72d4d10e750bcf476", "46e34644254353513e7c69ec7c4f488fb4cff57c7c864c826603d42ca4f28caf", "485b34f1271ee1b48aa4cd225b5a2d618e20b2bfa4f05e8d54c19e107febc36e", "49014b357a057c585f1de8213e0f026ed0246e8ff1490703f1729af631f80a7a", "49a30aa29f4022dfc514614c407108ef36d2525f1b37e4ec4868b46c74d3cdfd", "4aeefb7c299fdc32b19776eeed81d6b2fbc76d25f39f9c36f7faffb599c90670", "5212399bb9b87469dddbb868b068732997e825062eb7a9e75a00a33430cc3188", "655a144ccc0671990e702854976ed8235351b8dbc4d324e0915fe1a715fea0e6", "6d5e7793d82e2611ebff1095b0990a71a301a8bceed76a2a5ff77943e19379fa", "6dfd8e46f80df7a5a6e5921a0f952cb9c2840ad48192644e7221666d1acac191", "6e4b178f080d1469f67269ceba423ecad91b4fbd79a6c3a97c9824f6107d16da", "736058aa507eb1570d899db54febd0f816024aaa0fa0b5f06a661a198c640a0e", "75711d91237c936d827e83604902ecaffba48c0dae44140f344b392bbc245b7b", "7725e49fc67dd936dc3c36701b3890a96b9a08a4c882dd55e3829f41bbf9ad8f", "7c958a4d8b2165ddd93c80395888eaf8da27d9ce31e7ef00e3d146fc32aa63bc", "85680ecdc04142d8145bdb1858d72196ad6be45939db6e97209437662b638b5d", "b591401bbda267a5ece476f2b5c4f0959cb79da74e0a256a3836c5f89ca5947c", "b97eb56fdbb456afd348b36b6ff5ac4e9a4456b257a7db885e83e5a78cd91d51", "f838ff23bd5553802202fc0776b5eb8a5e8bfd1e7c7112d6acccdf597846cd6d"], "host": "ecosystem[.]unvocal[.]ru"}, {"hashes": ["00725719798ea8eab9fcd1bec4baee986dcaf8dd5dd4c88b44d42443539e6e93", "01f7f1e731bc908ff86d83f63a23ac276b64497de53c1be380426c16a9f801db", "0b48ed9210e2523a82e690faa6851816667a3445f85d9b36deeeedb72056f1f6", "1174be2e499b873531b2b2d6709a6337cad035f7da42450280276ba41fa916d9", "1364fdda62735a6cc319b7ef003e1ed3d8e149a4504cd6499a7f509482bf1478", "1722bfb1b4935ac46f8ce5f7872936d4df04520d72c1e6c92c31856def1aeb2f", "1831f04415370a6d876620aa25f209840426ba22823e9d41f1e005ec0f34d272", "1d82614d38b99ba7de5ffaca1f6c1b7fafcaf20a84531a38df2e2d819967a1d0", "2045865f12d0082a865528dbfcc1f0ce0d0914c1d48e4c373c4a8c009c20c5c5", "2484a4f84e20e51999e12f6a3d949a072831b0fb0409b163b768aa4a3de64556", "269939e975336bda2bf73f448ee4f3f901e3d7e4696fc9776b1940b2505dedb8", "27ced4278a6980f1f30fd7d3b685409ecf9bfed82f0edacdd08f6c344fe3c4f2", "2ac6bc144a6ac5cd51791b1a8569e902ffd5f0b450c1b9cbd82385ff8da4ad0a", "309a44279ce68b8cd4e689d6ac954e6e595c1c48ba616fdd8afbef7d9c72a2ef", "325048042fe503aad4cf54aa1bf0949f9f0a5d802c04e114e4d2bf089c725ce6", "39958c7b0b05e0bf6bd72a0adff30cd91fff15064f8c89da58a4b13deaac88f4", "4638beb0a617276cc2f6e40039d9c0ee4599e70fe10153b72d4d10e750bcf476", "485b34f1271ee1b48aa4cd225b5a2d618e20b2bfa4f05e8d54c19e107febc36e", "5212399bb9b87469dddbb868b068732997e825062eb7a9e75a00a33430cc3188", "655a144ccc0671990e702854976ed8235351b8dbc4d324e0915fe1a715fea0e6", "85680ecdc04142d8145bdb1858d72196ad6be45939db6e97209437662b638b5d", "b591401bbda267a5ece476f2b5c4f0959cb79da74e0a256a3836c5f89ca5947c", "f838ff23bd5553802202fc0776b5eb8a5e8bfd1e7c7112d6acccdf597846cd6d"], "host": "appcat[.]centralus[.]cloudapp[.]azure[.]com"}, {"hashes": ["03c9795ce065675e850120977db7153b569aa56fc0cf6119876dbda01b022ffd", "0573255ba08ab854460c43f1c812af695d6d48ac3f13585671084d0daf8133ce", "05b98f95d524723ff252eb1b7d06b08ef53ed0167890ee08a0259df07364ca19", "113065116d670e6286f22a2e5ea3cf29287558f29c6c3879f65f0ca1644956d7", "1186cd45952246257cb72414a3b0058b8410d402654dbd1ed0e326b109b5f8ad", "13350cda5210d1e2e18f6ef53fb0c5576eb40c7072b2955af85c0ce7afae115d", "1979d0914c482db43f6547b8dc0ce1fd84f50efd747ba23e8f59b36d83e5dff1", "22a2be28e4e4ab5e0bbaf4671f2fc43bd80c994d8bc5e234cabba23dfc2f42f9", "237a2c7719cdf90744d166e26438d1c40c3472e61079597e5a33b2cde9769a59", "37c70c9fc1f420153c3a817cadef1006cf1d95242ad2debe2413b92a621a55f8", "3c2afdb2fa0c0be15a082756ed501981a169ef4e850669ebff9cc8eec4969121", "46e34644254353513e7c69ec7c4f488fb4cff57c7c864c826603d42ca4f28caf", "49014b357a057c585f1de8213e0f026ed0246e8ff1490703f1729af631f80a7a", "49a30aa29f4022dfc514614c407108ef36d2525f1b37e4ec4868b46c74d3cdfd", "4aeefb7c299fdc32b19776eeed81d6b2fbc76d25f39f9c36f7faffb599c90670", "6d5e7793d82e2611ebff1095b0990a71a301a8bceed76a2a5ff77943e19379fa", "6dfd8e46f80df7a5a6e5921a0f952cb9c2840ad48192644e7221666d1acac191", "6e4b178f080d1469f67269ceba423ecad91b4fbd79a6c3a97c9824f6107d16da", "736058aa507eb1570d899db54febd0f816024aaa0fa0b5f06a661a198c640a0e", "75711d91237c936d827e83604902ecaffba48c0dae44140f344b392bbc245b7b", "7725e49fc67dd936dc3c36701b3890a96b9a08a4c882dd55e3829f41bbf9ad8f", "7c958a4d8b2165ddd93c80395888eaf8da27d9ce31e7ef00e3d146fc32aa63bc", "b97eb56fdbb456afd348b36b6ff5ac4e9a4456b257a7db885e83e5a78cd91d51"], "host": "bamboo[.]westeurope[.]cloudapp[.]azure[.]com"}, {"hashes": ["03c9795ce065675e850120977db7153b569aa56fc0cf6119876dbda01b022ffd", "05b98f95d524723ff252eb1b7d06b08ef53ed0167890ee08a0259df07364ca19", "13350cda5210d1e2e18f6ef53fb0c5576eb40c7072b2955af85c0ce7afae115d", "1722bfb1b4935ac46f8ce5f7872936d4df04520d72c1e6c92c31856def1aeb2f", "1979d0914c482db43f6547b8dc0ce1fd84f50efd747ba23e8f59b36d83e5dff1", "1b8f48c4373b96ca4129f2c436859f42f118f6182d094f2307731a99de3996b1", "2045865f12d0082a865528dbfcc1f0ce0d0914c1d48e4c373c4a8c009c20c5c5", "22c978caecbe4a1fdf30f694baafe2cf308ad62bd83d2990830347ba2e4fb2e2", "237a2c7719cdf90744d166e26438d1c40c3472e61079597e5a33b2cde9769a59", "39cf77842e11ecfbc7e851861f4f9169dea5dcf3cf280a9ce9a7f6236113a20e", "6e4b178f080d1469f67269ceba423ecad91b4fbd79a6c3a97c9824f6107d16da"], "host": "detectportal[.]firefox[.]com"}, {"hashes": ["03c9795ce065675e850120977db7153b569aa56fc0cf6119876dbda01b022ffd", "05b98f95d524723ff252eb1b7d06b08ef53ed0167890ee08a0259df07364ca19", "13350cda5210d1e2e18f6ef53fb0c5576eb40c7072b2955af85c0ce7afae115d", "1722bfb1b4935ac46f8ce5f7872936d4df04520d72c1e6c92c31856def1aeb2f", "1979d0914c482db43f6547b8dc0ce1fd84f50efd747ba23e8f59b36d83e5dff1", "1b8f48c4373b96ca4129f2c436859f42f118f6182d094f2307731a99de3996b1", "2045865f12d0082a865528dbfcc1f0ce0d0914c1d48e4c373c4a8c009c20c5c5", "22c978caecbe4a1fdf30f694baafe2cf308ad62bd83d2990830347ba2e4fb2e2", "237a2c7719cdf90744d166e26438d1c40c3472e61079597e5a33b2cde9769a59", "39cf77842e11ecfbc7e851861f4f9169dea5dcf3cf280a9ce9a7f6236113a20e", "6e4b178f080d1469f67269ceba423ecad91b4fbd79a6c3a97c9824f6107d16da"], "host": "prod[.]detectportal[.]prod[.]cloudops[.]mozgcp[.]net"}, {"hashes": ["03c9795ce065675e850120977db7153b569aa56fc0cf6119876dbda01b022ffd", "05b98f95d524723ff252eb1b7d06b08ef53ed0167890ee08a0259df07364ca19", "13350cda5210d1e2e18f6ef53fb0c5576eb40c7072b2955af85c0ce7afae115d", "1979d0914c482db43f6547b8dc0ce1fd84f50efd747ba23e8f59b36d83e5dff1", "1b8f48c4373b96ca4129f2c436859f42f118f6182d094f2307731a99de3996b1", "2045865f12d0082a865528dbfcc1f0ce0d0914c1d48e4c373c4a8c009c20c5c5", "22c978caecbe4a1fdf30f694baafe2cf308ad62bd83d2990830347ba2e4fb2e2", "237a2c7719cdf90744d166e26438d1c40c3472e61079597e5a33b2cde9769a59", "39cf77842e11ecfbc7e851861f4f9169dea5dcf3cf280a9ce9a7f6236113a20e", "6e4b178f080d1469f67269ceba423ecad91b4fbd79a6c3a97c9824f6107d16da"], "host": "aus5[.]mozilla[.]org"}, {"hashes": ["03c9795ce065675e850120977db7153b569aa56fc0cf6119876dbda01b022ffd", "05b98f95d524723ff252eb1b7d06b08ef53ed0167890ee08a0259df07364ca19", "13350cda5210d1e2e18f6ef53fb0c5576eb40c7072b2955af85c0ce7afae115d", "1979d0914c482db43f6547b8dc0ce1fd84f50efd747ba23e8f59b36d83e5dff1", "1b8f48c4373b96ca4129f2c436859f42f118f6182d094f2307731a99de3996b1", "2045865f12d0082a865528dbfcc1f0ce0d0914c1d48e4c373c4a8c009c20c5c5", "22c978caecbe4a1fdf30f694baafe2cf308ad62bd83d2990830347ba2e4fb2e2", "237a2c7719cdf90744d166e26438d1c40c3472e61079597e5a33b2cde9769a59", "39cf77842e11ecfbc7e851861f4f9169dea5dcf3cf280a9ce9a7f6236113a20e", "6e4b178f080d1469f67269ceba423ecad91b4fbd79a6c3a97c9824f6107d16da"], "host": "prod[.]balrog[.]prod[.]cloudops[.]mozgcp[.]net"}, {"hashes": ["03c9795ce065675e850120977db7153b569aa56fc0cf6119876dbda01b022ffd", "05b98f95d524723ff252eb1b7d06b08ef53ed0167890ee08a0259df07364ca19", "13350cda5210d1e2e18f6ef53fb0c5576eb40c7072b2955af85c0ce7afae115d", "1b8f48c4373b96ca4129f2c436859f42f118f6182d094f2307731a99de3996b1", "2045865f12d0082a865528dbfcc1f0ce0d0914c1d48e4c373c4a8c009c20c5c5", "22c978caecbe4a1fdf30f694baafe2cf308ad62bd83d2990830347ba2e4fb2e2", "237a2c7719cdf90744d166e26438d1c40c3472e61079597e5a33b2cde9769a59", "39cf77842e11ecfbc7e851861f4f9169dea5dcf3cf280a9ce9a7f6236113a20e"], "host": "search[.]r53-2[.]services[.]mozilla[.]com"}, {"hashes": ["03c9795ce065675e850120977db7153b569aa56fc0cf6119876dbda01b022ffd", "05b98f95d524723ff252eb1b7d06b08ef53ed0167890ee08a0259df07364ca19", "13350cda5210d1e2e18f6ef53fb0c5576eb40c7072b2955af85c0ce7afae115d", "1b8f48c4373b96ca4129f2c436859f42f118f6182d094f2307731a99de3996b1", "2045865f12d0082a865528dbfcc1f0ce0d0914c1d48e4c373c4a8c009c20c5c5", "22c978caecbe4a1fdf30f694baafe2cf308ad62bd83d2990830347ba2e4fb2e2", "237a2c7719cdf90744d166e26438d1c40c3472e61079597e5a33b2cde9769a59", "39cf77842e11ecfbc7e851861f4f9169dea5dcf3cf280a9ce9a7f6236113a20e"], "host": "search[.]services[.]mozilla[.]com"}, {"hashes": ["03c9795ce065675e850120977db7153b569aa56fc0cf6119876dbda01b022ffd", "05b98f95d524723ff252eb1b7d06b08ef53ed0167890ee08a0259df07364ca19", "13350cda5210d1e2e18f6ef53fb0c5576eb40c7072b2955af85c0ce7afae115d", "1b8f48c4373b96ca4129f2c436859f42f118f6182d094f2307731a99de3996b1", "2045865f12d0082a865528dbfcc1f0ce0d0914c1d48e4c373c4a8c009c20c5c5", "22c978caecbe4a1fdf30f694baafe2cf308ad62bd83d2990830347ba2e4fb2e2", "237a2c7719cdf90744d166e26438d1c40c3472e61079597e5a33b2cde9769a59", "39cf77842e11ecfbc7e851861f4f9169dea5dcf3cf280a9ce9a7f6236113a20e"], "host": "d1zkz3k4cclnv6[.]cloudfront[.]net"}, {"hashes": ["03c9795ce065675e850120977db7153b569aa56fc0cf6119876dbda01b022ffd", "05b98f95d524723ff252eb1b7d06b08ef53ed0167890ee08a0259df07364ca19", "13350cda5210d1e2e18f6ef53fb0c5576eb40c7072b2955af85c0ce7afae115d", "1b8f48c4373b96ca4129f2c436859f42f118f6182d094f2307731a99de3996b1", "2045865f12d0082a865528dbfcc1f0ce0d0914c1d48e4c373c4a8c009c20c5c5", "22c978caecbe4a1fdf30f694baafe2cf308ad62bd83d2990830347ba2e4fb2e2", "237a2c7719cdf90744d166e26438d1c40c3472e61079597e5a33b2cde9769a59", "39cf77842e11ecfbc7e851861f4f9169dea5dcf3cf280a9ce9a7f6236113a20e"], "host": "shavar[.]services[.]mozilla[.]com"}, {"hashes": ["03c9795ce065675e850120977db7153b569aa56fc0cf6119876dbda01b022ffd", "05b98f95d524723ff252eb1b7d06b08ef53ed0167890ee08a0259df07364ca19", "13350cda5210d1e2e18f6ef53fb0c5576eb40c7072b2955af85c0ce7afae115d", "1b8f48c4373b96ca4129f2c436859f42f118f6182d094f2307731a99de3996b1", "2045865f12d0082a865528dbfcc1f0ce0d0914c1d48e4c373c4a8c009c20c5c5", "22c978caecbe4a1fdf30f694baafe2cf308ad62bd83d2990830347ba2e4fb2e2", "237a2c7719cdf90744d166e26438d1c40c3472e61079597e5a33b2cde9769a59", "39cf77842e11ecfbc7e851861f4f9169dea5dcf3cf280a9ce9a7f6236113a20e"], "host": "tracking-protection[.]cdn[.]mozilla[.]net"}, {"hashes": ["03c9795ce065675e850120977db7153b569aa56fc0cf6119876dbda01b022ffd", "05b98f95d524723ff252eb1b7d06b08ef53ed0167890ee08a0259df07364ca19", "13350cda5210d1e2e18f6ef53fb0c5576eb40c7072b2955af85c0ce7afae115d", "1b8f48c4373b96ca4129f2c436859f42f118f6182d094f2307731a99de3996b1", "2045865f12d0082a865528dbfcc1f0ce0d0914c1d48e4c373c4a8c009c20c5c5", "22c978caecbe4a1fdf30f694baafe2cf308ad62bd83d2990830347ba2e4fb2e2", "237a2c7719cdf90744d166e26438d1c40c3472e61079597e5a33b2cde9769a59", "39cf77842e11ecfbc7e851861f4f9169dea5dcf3cf280a9ce9a7f6236113a20e"], "host": "shavar[.]prod[.]mozaws[.]net"}, {"hashes": ["1b8f48c4373b96ca4129f2c436859f42f118f6182d094f2307731a99de3996b1", "2045865f12d0082a865528dbfcc1f0ce0d0914c1d48e4c373c4a8c009c20c5c5", "22c978caecbe4a1fdf30f694baafe2cf308ad62bd83d2990830347ba2e4fb2e2"], "host": "prod-tp[.]sumo[.]mozit[.]cloud"}, {"hashes": ["1b8f48c4373b96ca4129f2c436859f42f118f6182d094f2307731a99de3996b1", "2045865f12d0082a865528dbfcc1f0ce0d0914c1d48e4c373c4a8c009c20c5c5", "22c978caecbe4a1fdf30f694baafe2cf308ad62bd83d2990830347ba2e4fb2e2"], "host": "support[.]mozilla[.]org"}, {"hashes": ["22c978caecbe4a1fdf30f694baafe2cf308ad62bd83d2990830347ba2e4fb2e2", "352fa0a8c57c6bae732b1e965122e529a69b1e95f0d6a9f9585dc81a8ca3b9ab"], "host": "denweryankee[.]top"}], "file": [], "ip": [{"hashes": ["00725719798ea8eab9fcd1bec4baee986dcaf8dd5dd4c88b44d42443539e6e93", "01f7f1e731bc908ff86d83f63a23ac276b64497de53c1be380426c16a9f801db", "03c9795ce065675e850120977db7153b569aa56fc0cf6119876dbda01b022ffd", "0573255ba08ab854460c43f1c812af695d6d48ac3f13585671084d0daf8133ce", "0b48ed9210e2523a82e690faa6851816667a3445f85d9b36deeeedb72056f1f6", "113065116d670e6286f22a2e5ea3cf29287558f29c6c3879f65f0ca1644956d7", "1186cd45952246257cb72414a3b0058b8410d402654dbd1ed0e326b109b5f8ad", "13350cda5210d1e2e18f6ef53fb0c5576eb40c7072b2955af85c0ce7afae115d", "1364fdda62735a6cc319b7ef003e1ed3d8e149a4504cd6499a7f509482bf1478", "1722bfb1b4935ac46f8ce5f7872936d4df04520d72c1e6c92c31856def1aeb2f", "1831f04415370a6d876620aa25f209840426ba22823e9d41f1e005ec0f34d272", "1979d0914c482db43f6547b8dc0ce1fd84f50efd747ba23e8f59b36d83e5dff1", "1d82614d38b99ba7de5ffaca1f6c1b7fafcaf20a84531a38df2e2d819967a1d0", "2045865f12d0082a865528dbfcc1f0ce0d0914c1d48e4c373c4a8c009c20c5c5", "22a2be28e4e4ab5e0bbaf4671f2fc43bd80c994d8bc5e234cabba23dfc2f42f9", "22c978caecbe4a1fdf30f694baafe2cf308ad62bd83d2990830347ba2e4fb2e2", "237a2c7719cdf90744d166e26438d1c40c3472e61079597e5a33b2cde9769a59", "2484a4f84e20e51999e12f6a3d949a072831b0fb0409b163b768aa4a3de64556", "269939e975336bda2bf73f448ee4f3f901e3d7e4696fc9776b1940b2505dedb8", "27ced4278a6980f1f30fd7d3b685409ecf9bfed82f0edacdd08f6c344fe3c4f2", "2ac6bc144a6ac5cd51791b1a8569e902ffd5f0b450c1b9cbd82385ff8da4ad0a", "309a44279ce68b8cd4e689d6ac954e6e595c1c48ba616fdd8afbef7d9c72a2ef", "325048042fe503aad4cf54aa1bf0949f9f0a5d802c04e114e4d2bf089c725ce6", "352fa0a8c57c6bae732b1e965122e529a69b1e95f0d6a9f9585dc81a8ca3b9ab", "37c70c9fc1f420153c3a817cadef1006cf1d95242ad2debe2413b92a621a55f8", "39958c7b0b05e0bf6bd72a0adff30cd91fff15064f8c89da58a4b13deaac88f4", "39cf77842e11ecfbc7e851861f4f9169dea5dcf3cf280a9ce9a7f6236113a20e", "3c2afdb2fa0c0be15a082756ed501981a169ef4e850669ebff9cc8eec4969121", "4638beb0a617276cc2f6e40039d9c0ee4599e70fe10153b72d4d10e750bcf476", "46e34644254353513e7c69ec7c4f488fb4cff57c7c864c826603d42ca4f28caf", "485b34f1271ee1b48aa4cd225b5a2d618e20b2bfa4f05e8d54c19e107febc36e", "49014b357a057c585f1de8213e0f026ed0246e8ff1490703f1729af631f80a7a", "49a30aa29f4022dfc514614c407108ef36d2525f1b37e4ec4868b46c74d3cdfd", "4aeefb7c299fdc32b19776eeed81d6b2fbc76d25f39f9c36f7faffb599c90670", "5212399bb9b87469dddbb868b068732997e825062eb7a9e75a00a33430cc3188", "655a144ccc0671990e702854976ed8235351b8dbc4d324e0915fe1a715fea0e6", "6d5e7793d82e2611ebff1095b0990a71a301a8bceed76a2a5ff77943e19379fa", "6dfd8e46f80df7a5a6e5921a0f952cb9c2840ad48192644e7221666d1acac191", "6e4b178f080d1469f67269ceba423ecad91b4fbd79a6c3a97c9824f6107d16da", "736058aa507eb1570d899db54febd0f816024aaa0fa0b5f06a661a198c640a0e", "75711d91237c936d827e83604902ecaffba48c0dae44140f344b392bbc245b7b", "7725e49fc67dd936dc3c36701b3890a96b9a08a4c882dd55e3829f41bbf9ad8f", "7c958a4d8b2165ddd93c80395888eaf8da27d9ce31e7ef00e3d146fc32aa63bc", "85680ecdc04142d8145bdb1858d72196ad6be45939db6e97209437662b638b5d", "b591401bbda267a5ece476f2b5c4f0959cb79da74e0a256a3836c5f89ca5947c", "b97eb56fdbb456afd348b36b6ff5ac4e9a4456b257a7db885e83e5a78cd91d51", "f838ff23bd5553802202fc0776b5eb8a5e8bfd1e7c7112d6acccdf597846cd6d"], "ip": "204[.]79[.]197[.]200"}, {"hashes": ["00725719798ea8eab9fcd1bec4baee986dcaf8dd5dd4c88b44d42443539e6e93", "01f7f1e731bc908ff86d83f63a23ac276b64497de53c1be380426c16a9f801db", "03c9795ce065675e850120977db7153b569aa56fc0cf6119876dbda01b022ffd", "0573255ba08ab854460c43f1c812af695d6d48ac3f13585671084d0daf8133ce", "05b98f95d524723ff252eb1b7d06b08ef53ed0167890ee08a0259df07364ca19", "0b48ed9210e2523a82e690faa6851816667a3445f85d9b36deeeedb72056f1f6", "113065116d670e6286f22a2e5ea3cf29287558f29c6c3879f65f0ca1644956d7", "1174be2e499b873531b2b2d6709a6337cad035f7da42450280276ba41fa916d9", "1186cd45952246257cb72414a3b0058b8410d402654dbd1ed0e326b109b5f8ad", "13350cda5210d1e2e18f6ef53fb0c5576eb40c7072b2955af85c0ce7afae115d", "1364fdda62735a6cc319b7ef003e1ed3d8e149a4504cd6499a7f509482bf1478", "1722bfb1b4935ac46f8ce5f7872936d4df04520d72c1e6c92c31856def1aeb2f", "1831f04415370a6d876620aa25f209840426ba22823e9d41f1e005ec0f34d272", "1979d0914c482db43f6547b8dc0ce1fd84f50efd747ba23e8f59b36d83e5dff1", "1d82614d38b99ba7de5ffaca1f6c1b7fafcaf20a84531a38df2e2d819967a1d0", "2045865f12d0082a865528dbfcc1f0ce0d0914c1d48e4c373c4a8c009c20c5c5", "22a2be28e4e4ab5e0bbaf4671f2fc43bd80c994d8bc5e234cabba23dfc2f42f9", "22c978caecbe4a1fdf30f694baafe2cf308ad62bd83d2990830347ba2e4fb2e2", "237a2c7719cdf90744d166e26438d1c40c3472e61079597e5a33b2cde9769a59", "2484a4f84e20e51999e12f6a3d949a072831b0fb0409b163b768aa4a3de64556", "269939e975336bda2bf73f448ee4f3f901e3d7e4696fc9776b1940b2505dedb8", "27ced4278a6980f1f30fd7d3b685409ecf9bfed82f0edacdd08f6c344fe3c4f2", "2ac6bc144a6ac5cd51791b1a8569e902ffd5f0b450c1b9cbd82385ff8da4ad0a", "309a44279ce68b8cd4e689d6ac954e6e595c1c48ba616fdd8afbef7d9c72a2ef", "325048042fe503aad4cf54aa1bf0949f9f0a5d802c04e114e4d2bf089c725ce6", "352fa0a8c57c6bae732b1e965122e529a69b1e95f0d6a9f9585dc81a8ca3b9ab", "37c70c9fc1f420153c3a817cadef1006cf1d95242ad2debe2413b92a621a55f8", "39958c7b0b05e0bf6bd72a0adff30cd91fff15064f8c89da58a4b13deaac88f4", "39cf77842e11ecfbc7e851861f4f9169dea5dcf3cf280a9ce9a7f6236113a20e", "3c2afdb2fa0c0be15a082756ed501981a169ef4e850669ebff9cc8eec4969121", "4638beb0a617276cc2f6e40039d9c0ee4599e70fe10153b72d4d10e750bcf476", "46e34644254353513e7c69ec7c4f488fb4cff57c7c864c826603d42ca4f28caf", "485b34f1271ee1b48aa4cd225b5a2d618e20b2bfa4f05e8d54c19e107febc36e", "49014b357a057c585f1de8213e0f026ed0246e8ff1490703f1729af631f80a7a", "49a30aa29f4022dfc514614c407108ef36d2525f1b37e4ec4868b46c74d3cdfd", "4aeefb7c299fdc32b19776eeed81d6b2fbc76d25f39f9c36f7faffb599c90670", "6d5e7793d82e2611ebff1095b0990a71a301a8bceed76a2a5ff77943e19379fa", "6dfd8e46f80df7a5a6e5921a0f952cb9c2840ad48192644e7221666d1acac191", "6e4b178f080d1469f67269ceba423ecad91b4fbd79a6c3a97c9824f6107d16da", "736058aa507eb1570d899db54febd0f816024aaa0fa0b5f06a661a198c640a0e", "75711d91237c936d827e83604902ecaffba48c0dae44140f344b392bbc245b7b", "7725e49fc67dd936dc3c36701b3890a96b9a08a4c882dd55e3829f41bbf9ad8f", "7c958a4d8b2165ddd93c80395888eaf8da27d9ce31e7ef00e3d146fc32aa63bc", "85680ecdc04142d8145bdb1858d72196ad6be45939db6e97209437662b638b5d", "b591401bbda267a5ece476f2b5c4f0959cb79da74e0a256a3836c5f89ca5947c", "b97eb56fdbb456afd348b36b6ff5ac4e9a4456b257a7db885e83e5a78cd91d51", "f838ff23bd5553802202fc0776b5eb8a5e8bfd1e7c7112d6acccdf597846cd6d"], "ip": "35[.]205[.]61[.]67"}, {"hashes": ["01f7f1e731bc908ff86d83f63a23ac276b64497de53c1be380426c16a9f801db", "0573255ba08ab854460c43f1c812af695d6d48ac3f13585671084d0daf8133ce", "05b98f95d524723ff252eb1b7d06b08ef53ed0167890ee08a0259df07364ca19", "0b48ed9210e2523a82e690faa6851816667a3445f85d9b36deeeedb72056f1f6", "1174be2e499b873531b2b2d6709a6337cad035f7da42450280276ba41fa916d9", "1364fdda62735a6cc319b7ef003e1ed3d8e149a4504cd6499a7f509482bf1478", "1722bfb1b4935ac46f8ce5f7872936d4df04520d72c1e6c92c31856def1aeb2f", "1831f04415370a6d876620aa25f209840426ba22823e9d41f1e005ec0f34d272", "2045865f12d0082a865528dbfcc1f0ce0d0914c1d48e4c373c4a8c009c20c5c5", "22a2be28e4e4ab5e0bbaf4671f2fc43bd80c994d8bc5e234cabba23dfc2f42f9", "22c978caecbe4a1fdf30f694baafe2cf308ad62bd83d2990830347ba2e4fb2e2", "237a2c7719cdf90744d166e26438d1c40c3472e61079597e5a33b2cde9769a59", "27ced4278a6980f1f30fd7d3b685409ecf9bfed82f0edacdd08f6c344fe3c4f2", "2ac6bc144a6ac5cd51791b1a8569e902ffd5f0b450c1b9cbd82385ff8da4ad0a", "352fa0a8c57c6bae732b1e965122e529a69b1e95f0d6a9f9585dc81a8ca3b9ab", "37c70c9fc1f420153c3a817cadef1006cf1d95242ad2debe2413b92a621a55f8", "39958c7b0b05e0bf6bd72a0adff30cd91fff15064f8c89da58a4b13deaac88f4", "3c2afdb2fa0c0be15a082756ed501981a169ef4e850669ebff9cc8eec4969121", "46e34644254353513e7c69ec7c4f488fb4cff57c7c864c826603d42ca4f28caf", "485b34f1271ee1b48aa4cd225b5a2d618e20b2bfa4f05e8d54c19e107febc36e", "4aeefb7c299fdc32b19776eeed81d6b2fbc76d25f39f9c36f7faffb599c90670", "5212399bb9b87469dddbb868b068732997e825062eb7a9e75a00a33430cc3188", "6d5e7793d82e2611ebff1095b0990a71a301a8bceed76a2a5ff77943e19379fa", "736058aa507eb1570d899db54febd0f816024aaa0fa0b5f06a661a198c640a0e", "75711d91237c936d827e83604902ecaffba48c0dae44140f344b392bbc245b7b", "85680ecdc04142d8145bdb1858d72196ad6be45939db6e97209437662b638b5d", "b97eb56fdbb456afd348b36b6ff5ac4e9a4456b257a7db885e83e5a78cd91d51"], "ip": "13[.]107[.]21[.]200"}, {"hashes": ["03c9795ce065675e850120977db7153b569aa56fc0cf6119876dbda01b022ffd", "05b98f95d524723ff252eb1b7d06b08ef53ed0167890ee08a0259df07364ca19", "13350cda5210d1e2e18f6ef53fb0c5576eb40c7072b2955af85c0ce7afae115d", "1722bfb1b4935ac46f8ce5f7872936d4df04520d72c1e6c92c31856def1aeb2f", "1979d0914c482db43f6547b8dc0ce1fd84f50efd747ba23e8f59b36d83e5dff1", "1b8f48c4373b96ca4129f2c436859f42f118f6182d094f2307731a99de3996b1", "2045865f12d0082a865528dbfcc1f0ce0d0914c1d48e4c373c4a8c009c20c5c5", "22c978caecbe4a1fdf30f694baafe2cf308ad62bd83d2990830347ba2e4fb2e2", "237a2c7719cdf90744d166e26438d1c40c3472e61079597e5a33b2cde9769a59", "3624a2f53856ff1d7b56c387e5bc0486f2238d143e8db3d3297ac2d26b4d0608", "39cf77842e11ecfbc7e851861f4f9169dea5dcf3cf280a9ce9a7f6236113a20e", "4293d196a87246849a67be2351b879ff0c153bcb9b93c0edd1f40b136ef50f2e", "6e4b178f080d1469f67269ceba423ecad91b4fbd79a6c3a97c9824f6107d16da"], "ip": "34[.]107[.]221[.]82"}, {"hashes": ["03c9795ce065675e850120977db7153b569aa56fc0cf6119876dbda01b022ffd", "05b98f95d524723ff252eb1b7d06b08ef53ed0167890ee08a0259df07364ca19", "13350cda5210d1e2e18f6ef53fb0c5576eb40c7072b2955af85c0ce7afae115d", "1722bfb1b4935ac46f8ce5f7872936d4df04520d72c1e6c92c31856def1aeb2f", "1979d0914c482db43f6547b8dc0ce1fd84f50efd747ba23e8f59b36d83e5dff1", "1b8f48c4373b96ca4129f2c436859f42f118f6182d094f2307731a99de3996b1", "2045865f12d0082a865528dbfcc1f0ce0d0914c1d48e4c373c4a8c009c20c5c5", "22c978caecbe4a1fdf30f694baafe2cf308ad62bd83d2990830347ba2e4fb2e2", "237a2c7719cdf90744d166e26438d1c40c3472e61079597e5a33b2cde9769a59", "3624a2f53856ff1d7b56c387e5bc0486f2238d143e8db3d3297ac2d26b4d0608", "39cf77842e11ecfbc7e851861f4f9169dea5dcf3cf280a9ce9a7f6236113a20e", "6e4b178f080d1469f67269ceba423ecad91b4fbd79a6c3a97c9824f6107d16da"], "ip": "35[.]244[.]181[.]201"}, {"hashes": ["03c9795ce065675e850120977db7153b569aa56fc0cf6119876dbda01b022ffd", "13350cda5210d1e2e18f6ef53fb0c5576eb40c7072b2955af85c0ce7afae115d", "1979d0914c482db43f6547b8dc0ce1fd84f50efd747ba23e8f59b36d83e5dff1", "2045865f12d0082a865528dbfcc1f0ce0d0914c1d48e4c373c4a8c009c20c5c5", "237a2c7719cdf90744d166e26438d1c40c3472e61079597e5a33b2cde9769a59", "3624a2f53856ff1d7b56c387e5bc0486f2238d143e8db3d3297ac2d26b4d0608"], "ip": "35[.]167[.]169[.]250"}, {"hashes": ["1b8f48c4373b96ca4129f2c436859f42f118f6182d094f2307731a99de3996b1", "22c978caecbe4a1fdf30f694baafe2cf308ad62bd83d2990830347ba2e4fb2e2", "39cf77842e11ecfbc7e851861f4f9169dea5dcf3cf280a9ce9a7f6236113a20e", "6e4b178f080d1469f67269ceba423ecad91b4fbd79a6c3a97c9824f6107d16da"], "ip": "52[.]38[.]202[.]57"}, {"hashes": ["03c9795ce065675e850120977db7153b569aa56fc0cf6119876dbda01b022ffd", "05b98f95d524723ff252eb1b7d06b08ef53ed0167890ee08a0259df07364ca19", "22c978caecbe4a1fdf30f694baafe2cf308ad62bd83d2990830347ba2e4fb2e2"], "ip": "99[.]86[.]230[.]24"}, {"hashes": ["13350cda5210d1e2e18f6ef53fb0c5576eb40c7072b2955af85c0ce7afae115d", "1722bfb1b4935ac46f8ce5f7872936d4df04520d72c1e6c92c31856def1aeb2f", "6e4b178f080d1469f67269ceba423ecad91b4fbd79a6c3a97c9824f6107d16da"], "ip": "99[.]86[.]230[.]114"}, {"hashes": ["03c9795ce065675e850120977db7153b569aa56fc0cf6119876dbda01b022ffd", "237a2c7719cdf90744d166e26438d1c40c3472e61079597e5a33b2cde9769a59", "39cf77842e11ecfbc7e851861f4f9169dea5dcf3cf280a9ce9a7f6236113a20e"], "ip": "44[.]237[.]178[.]15"}, {"hashes": ["13350cda5210d1e2e18f6ef53fb0c5576eb40c7072b2955af85c0ce7afae115d", "1979d0914c482db43f6547b8dc0ce1fd84f50efd747ba23e8f59b36d83e5dff1", "2045865f12d0082a865528dbfcc1f0ce0d0914c1d48e4c373c4a8c009c20c5c5"], "ip": "99[.]86[.]230[.]13"}, {"hashes": ["05b98f95d524723ff252eb1b7d06b08ef53ed0167890ee08a0259df07364ca19", "1722bfb1b4935ac46f8ce5f7872936d4df04520d72c1e6c92c31856def1aeb2f", "4293d196a87246849a67be2351b879ff0c153bcb9b93c0edd1f40b136ef50f2e"], "ip": "34[.]213[.]158[.]239"}, {"hashes": ["1b8f48c4373b96ca4129f2c436859f42f118f6182d094f2307731a99de3996b1", "237a2c7719cdf90744d166e26438d1c40c3472e61079597e5a33b2cde9769a59"], "ip": "99[.]86[.]230[.]122"}, {"hashes": ["39cf77842e11ecfbc7e851861f4f9169dea5dcf3cf280a9ce9a7f6236113a20e", "4293d196a87246849a67be2351b879ff0c153bcb9b93c0edd1f40b136ef50f2e"], "ip": "99[.]84[.]222[.]88"}, {"hashes": ["2045865f12d0082a865528dbfcc1f0ce0d0914c1d48e4c373c4a8c009c20c5c5", "22c978caecbe4a1fdf30f694baafe2cf308ad62bd83d2990830347ba2e4fb2e2"], "ip": "34[.]218[.]181[.]13"}, {"hashes": ["1722bfb1b4935ac46f8ce5f7872936d4df04520d72c1e6c92c31856def1aeb2f", "6e4b178f080d1469f67269ceba423ecad91b4fbd79a6c3a97c9824f6107d16da"], "ip": "44[.]241[.]216[.]61"}, {"hashes": ["13350cda5210d1e2e18f6ef53fb0c5576eb40c7072b2955af85c0ce7afae115d", "1979d0914c482db43f6547b8dc0ce1fd84f50efd747ba23e8f59b36d83e5dff1"], "ip": "52[.]43[.]72[.]100"}, {"hashes": ["3624a2f53856ff1d7b56c387e5bc0486f2238d143e8db3d3297ac2d26b4d0608"], "ip": "99[.]84[.]222[.]3"}, {"hashes": ["05b98f95d524723ff252eb1b7d06b08ef53ed0167890ee08a0259df07364ca19"], "ip": "34[.]216[.]80[.]151"}, {"hashes": ["4293d196a87246849a67be2351b879ff0c153bcb9b93c0edd1f40b136ef50f2e"], "ip": "34[.]214[.]44[.]170"}, {"hashes": ["3624a2f53856ff1d7b56c387e5bc0486f2238d143e8db3d3297ac2d26b4d0608"], "ip": "44[.]236[.]152[.]85"}, {"hashes": ["1b8f48c4373b96ca4129f2c436859f42f118f6182d094f2307731a99de3996b1"], "ip": "52[.]36[.]207[.]147"}], "mutex": [], "registry": []}, "reports_count": 54}, "Win.Dropper.Cerber-9805579-0": {"bis": [{"bi": "pe-encrypted-section", "hashes": ["c72451a0c51a3782125b134d676f10d9f5c5b061802f14846a9e08c573026ae3", "8b837b4f0b28a24360503a5073048424185eeb42a21c85c820147945f6e517a4"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "memory-execute-readwrite", "hashes": ["c72451a0c51a3782125b134d676f10d9f5c5b061802f14846a9e08c573026ae3", "8b837b4f0b28a24360503a5073048424185eeb42a21c85c820147945f6e517a4"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["c72451a0c51a3782125b134d676f10d9f5c5b061802f14846a9e08c573026ae3", "8b837b4f0b28a24360503a5073048424185eeb42a21c85c820147945f6e517a4"], "mitre_attack_tags": []}, {"bi": "modified-file-in-user-dir", "hashes": ["c72451a0c51a3782125b134d676f10d9f5c5b061802f14846a9e08c573026ae3", "8b837b4f0b28a24360503a5073048424185eeb42a21c85c820147945f6e517a4"], "mitre_attack_tags": []}, {"bi": "pe-invalid-checksum", "hashes": ["c72451a0c51a3782125b134d676f10d9f5c5b061802f14846a9e08c573026ae3", "8b837b4f0b28a24360503a5073048424185eeb42a21c85c820147945f6e517a4"], "mitre_attack_tags": []}, {"bi": "cta-static-analyzer-malicious", "hashes": ["c72451a0c51a3782125b134d676f10d9f5c5b061802f14846a9e08c573026ae3", "8b837b4f0b28a24360503a5073048424185eeb42a21c85c820147945f6e517a4"], "mitre_attack_tags": []}, {"bi": "artifact-flagged-anomaly", "hashes": ["c72451a0c51a3782125b134d676f10d9f5c5b061802f14846a9e08c573026ae3", "8b837b4f0b28a24360503a5073048424185eeb42a21c85c820147945f6e517a4"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-section-execute-writable", "hashes": ["c72451a0c51a3782125b134d676f10d9f5c5b061802f14846a9e08c573026ae3", "8b837b4f0b28a24360503a5073048424185eeb42a21c85c820147945f6e517a4"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "excessive-foreign-memory-modification", "hashes": ["c72451a0c51a3782125b134d676f10d9f5c5b061802f14846a9e08c573026ae3", "8b837b4f0b28a24360503a5073048424185eeb42a21c85c820147945f6e517a4"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "sample-launched-copy-of-self", "hashes": ["c72451a0c51a3782125b134d676f10d9f5c5b061802f14846a9e08c573026ae3", "8b837b4f0b28a24360503a5073048424185eeb42a21c85c820147945f6e517a4"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "process-hollowing-detected", "hashes": ["c72451a0c51a3782125b134d676f10d9f5c5b061802f14846a9e08c573026ae3", "8b837b4f0b28a24360503a5073048424185eeb42a21c85c820147945f6e517a4"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "excessive-udp-connections", "hashes": ["c72451a0c51a3782125b134d676f10d9f5c5b061802f14846a9e08c573026ae3", "8b837b4f0b28a24360503a5073048424185eeb42a21c85c820147945f6e517a4"], "mitre_attack_tags": ["TA0011", "T1095", "T1008"]}, {"bi": "document-decoy-dropped", "hashes": ["c72451a0c51a3782125b134d676f10d9f5c5b061802f14846a9e08c573026ae3", "8b837b4f0b28a24360503a5073048424185eeb42a21c85c820147945f6e517a4"], "mitre_attack_tags": []}, {"bi": "malware-ransomware-cerber", "hashes": ["c72451a0c51a3782125b134d676f10d9f5c5b061802f14846a9e08c573026ae3", "8b837b4f0b28a24360503a5073048424185eeb42a21c85c820147945f6e517a4"], "mitre_attack_tags": ["TA0040", "T1486"]}, {"bi": "decoy-wpfv", "hashes": ["c72451a0c51a3782125b134d676f10d9f5c5b061802f14846a9e08c573026ae3", "8b837b4f0b28a24360503a5073048424185eeb42a21c85c820147945f6e517a4"], "mitre_attack_tags": ["TA0001"]}, {"bi": "microsoft-block-rule-list-app-executed", "hashes": ["c72451a0c51a3782125b134d676f10d9f5c5b061802f14846a9e08c573026ae3", "8b837b4f0b28a24360503a5073048424185eeb42a21c85c820147945f6e517a4"], "mitre_attack_tags": ["TA0005", "T1562"]}, {"bi": "windows-speech-api", "hashes": ["c72451a0c51a3782125b134d676f10d9f5c5b061802f14846a9e08c573026ae3", "8b837b4f0b28a24360503a5073048424185eeb42a21c85c820147945f6e517a4"], "mitre_attack_tags": ["TA0040", "T1491"]}, {"bi": "pdf-password-protected", "hashes": ["c72451a0c51a3782125b134d676f10d9f5c5b061802f14846a9e08c573026ae3", "8b837b4f0b28a24360503a5073048424185eeb42a21c85c820147945f6e517a4"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "process-deletes-many-files", "hashes": ["c72451a0c51a3782125b134d676f10d9f5c5b061802f14846a9e08c573026ae3", "8b837b4f0b28a24360503a5073048424185eeb42a21c85c820147945f6e517a4"], "mitre_attack_tags": []}, {"bi": "artifact-multiple-extensions", "hashes": ["c72451a0c51a3782125b134d676f10d9f5c5b061802f14846a9e08c573026ae3", "8b837b4f0b28a24360503a5073048424185eeb42a21c85c820147945f6e517a4"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "malware-generic-infostealer", "hashes": ["c72451a0c51a3782125b134d676f10d9f5c5b061802f14846a9e08c573026ae3", "8b837b4f0b28a24360503a5073048424185eeb42a21c85c820147945f6e517a4"], "mitre_attack_tags": ["TA0007", "TA0009", "TA0006", "T1083", "T1005", "T1119"]}, {"bi": "enumeration-cryptocurrency-information", "hashes": ["c72451a0c51a3782125b134d676f10d9f5c5b061802f14846a9e08c573026ae3", "8b837b4f0b28a24360503a5073048424185eeb42a21c85c820147945f6e517a4"], "mitre_attack_tags": ["TA0007", "TA0009", "TA0006", "T1083", "T1005", "T1119"]}, {"bi": "enumeration-email-program-information", "hashes": ["c72451a0c51a3782125b134d676f10d9f5c5b061802f14846a9e08c573026ae3", "8b837b4f0b28a24360503a5073048424185eeb42a21c85c820147945f6e517a4"], "mitre_attack_tags": ["TA0007", "TA0009", "TA0006", "T1083", "T1005", "T1119", "T1114"]}, {"bi": "rtf-appended-data", "hashes": ["c72451a0c51a3782125b134d676f10d9f5c5b061802f14846a9e08c573026ae3", "8b837b4f0b28a24360503a5073048424185eeb42a21c85c820147945f6e517a4"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "rtf-high-entropy", "hashes": ["c72451a0c51a3782125b134d676f10d9f5c5b061802f14846a9e08c573026ae3", "8b837b4f0b28a24360503a5073048424185eeb42a21c85c820147945f6e517a4"], "mitre_attack_tags": ["TA0005", "T1027"]}], "category": "Dropper", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": false, "Threat Grid": true, "Umbrella": false, "WSA": false}, "description": "Cerber is ransomware that encrypts documents, photos, databases and other important files. Historically, this malware would replace files with encrypted versions and add the file extension \".cerber,\" although in more recent campaigns other file extensions are used.", "hashes": ["030cc59f7517d9b586ca0b133e23ddd2be15bedc8f547c1cae8c46a0b254d0fc", "0c836b5d9e97fcaaf9f53b2c17ceda7574d40f7da8f4d140bb427e9a8dc66048", "0cd867fc1290502b910e868fbea20cd4898f81ea1fd96c0a720141b0942ddfba", "0fdd198111693e3a755161fed32597bce26475f80e15b453ab83e82dd4617461", "16b70e2c47082a3c2f32c60b9f80e7643dd18703c88cc96ed40e6038840afc28", "3513256904802677444c90bca6e2d22f89d698a5ec5ce9209571b195b20ebe2c", "4174178191528ca5cbcc9aad9f65c1224aa13f3d50e417497086fdea063f96ac", "4dd4ce1042e23e401546e6e8d1a2fece8ee2db6e38206c74163b7ae92537d2db", "4e9babd66e1132ecc89877b226c7479d9a44ee0293cf5cfb916330c95c18203d", "52836b0fb3d6c9613d19be0398a2288d0116419c9e0402a8727f5ddf4b730c52", "564112715121625678d89faaac074d50a68f9501cf256529dc81404e9b2f714b", "574607d64e64ac5986a1870cb1d312fd5746f918932a36288fb0d8a3fde33721", "58c3698dd87c55e4100d89235676fdff5216441f79af114d97a3b0a1a545eec3", "66bbdb7cb4fd9623edccb130e694f1901474b0c05d2529fe936f2048f0a9c0a4", "714b6bee277c9159cdc424097990ccd3fe5a8f4e500cf3577127efdcfc30fd06", "7a646dcacfea44a2e6ff8a1b50ac4dbcd1687fe70c97b774dbac20c68d57a445", "8b837b4f0b28a24360503a5073048424185eeb42a21c85c820147945f6e517a4", "8fb2584814fc45b59577c6e8e6b34e97415dda87d4e8980db2b01c3ecb296d7a", "98ada641b7dbf2ff92ca961adff2f73b9dfdc097015380756dedb9c2321c3d80", "a270313ceb2756a4294aab37e2685fa632a62ad1160855dc1ce6e7f7be62eb2c", "b397ab38ee3776a23ed2582ebb18ec918567de113ec357e633398cc9b4418126", "b7564a48e464d4d7e60392d2526e0168a08e2c3a493f0b76a4574fa531886907", "bd6a6ef76ce3c325dcd0b68d0e84ffb7acc8b31878dd1d9fa5836275b33cc1af", "be3aaaf876084f4089a937353b3f14d1127b5fbf7687bfe0cd1c6164c72ce6b3", "c72451a0c51a3782125b134d676f10d9f5c5b061802f14846a9e08c573026ae3", "dd21d352614d1316090bbaeb06a08418bb62e1c62f45c159f1e1656906ad9831", "e009b9242105d97c8981ab2df2ae91335734800a4c39a598db9270cd4b10c9c5", "e25ef7687eee7e56f7d2a25eaf244fc0dcd5ef125099014a6c9711655941381f", "f3681858d4ddcf37dabedc7d9213f856c7f2a1db241789dbab35de7f306be6df", "f5abaf44aad0c36ba88bdf273c820ab7583d193f2b7aef3cf6b133d2b04083f8", "fc248342df4134e95a19f6f24bf67d021e283cecf837fe824ce9384822529ee9"], "iocs": {"domain": [], "file": [{"hashes": ["0c836b5d9e97fcaaf9f53b2c17ceda7574d40f7da8f4d140bb427e9a8dc66048", "0fdd198111693e3a755161fed32597bce26475f80e15b453ab83e82dd4617461", "52836b0fb3d6c9613d19be0398a2288d0116419c9e0402a8727f5ddf4b730c52", "58c3698dd87c55e4100d89235676fdff5216441f79af114d97a3b0a1a545eec3", "7a646dcacfea44a2e6ff8a1b50ac4dbcd1687fe70c97b774dbac20c68d57a445", "8b837b4f0b28a24360503a5073048424185eeb42a21c85c820147945f6e517a4", "98ada641b7dbf2ff92ca961adff2f73b9dfdc097015380756dedb9c2321c3d80", "c72451a0c51a3782125b134d676f10d9f5c5b061802f14846a9e08c573026ae3"], "path": "%TEMP%\\d19ab989"}, {"hashes": ["0c836b5d9e97fcaaf9f53b2c17ceda7574d40f7da8f4d140bb427e9a8dc66048", "0fdd198111693e3a755161fed32597bce26475f80e15b453ab83e82dd4617461", "52836b0fb3d6c9613d19be0398a2288d0116419c9e0402a8727f5ddf4b730c52", "58c3698dd87c55e4100d89235676fdff5216441f79af114d97a3b0a1a545eec3", "7a646dcacfea44a2e6ff8a1b50ac4dbcd1687fe70c97b774dbac20c68d57a445", "8b837b4f0b28a24360503a5073048424185eeb42a21c85c820147945f6e517a4", "98ada641b7dbf2ff92ca961adff2f73b9dfdc097015380756dedb9c2321c3d80", "c72451a0c51a3782125b134d676f10d9f5c5b061802f14846a9e08c573026ae3"], "path": "%TEMP%\\d19ab989\\4710.tmp"}, {"hashes": ["0c836b5d9e97fcaaf9f53b2c17ceda7574d40f7da8f4d140bb427e9a8dc66048", "0fdd198111693e3a755161fed32597bce26475f80e15b453ab83e82dd4617461", "52836b0fb3d6c9613d19be0398a2288d0116419c9e0402a8727f5ddf4b730c52", "58c3698dd87c55e4100d89235676fdff5216441f79af114d97a3b0a1a545eec3", "7a646dcacfea44a2e6ff8a1b50ac4dbcd1687fe70c97b774dbac20c68d57a445", "8b837b4f0b28a24360503a5073048424185eeb42a21c85c820147945f6e517a4", "98ada641b7dbf2ff92ca961adff2f73b9dfdc097015380756dedb9c2321c3d80", "c72451a0c51a3782125b134d676f10d9f5c5b061802f14846a9e08c573026ae3"], "path": "%TEMP%\\d19ab989\\a35f.tmp"}, {"hashes": ["0c836b5d9e97fcaaf9f53b2c17ceda7574d40f7da8f4d140bb427e9a8dc66048", "0fdd198111693e3a755161fed32597bce26475f80e15b453ab83e82dd4617461", "52836b0fb3d6c9613d19be0398a2288d0116419c9e0402a8727f5ddf4b730c52", "58c3698dd87c55e4100d89235676fdff5216441f79af114d97a3b0a1a545eec3", "7a646dcacfea44a2e6ff8a1b50ac4dbcd1687fe70c97b774dbac20c68d57a445", "8b837b4f0b28a24360503a5073048424185eeb42a21c85c820147945f6e517a4", "98ada641b7dbf2ff92ca961adff2f73b9dfdc097015380756dedb9c2321c3d80", "c72451a0c51a3782125b134d676f10d9f5c5b061802f14846a9e08c573026ae3"], "path": "%TEMP%\\~PI<random, matching [A-F0-9]{2,4}>.tmp"}, {"hashes": ["0c836b5d9e97fcaaf9f53b2c17ceda7574d40f7da8f4d140bb427e9a8dc66048", "0fdd198111693e3a755161fed32597bce26475f80e15b453ab83e82dd4617461", "52836b0fb3d6c9613d19be0398a2288d0116419c9e0402a8727f5ddf4b730c52", "58c3698dd87c55e4100d89235676fdff5216441f79af114d97a3b0a1a545eec3", "7a646dcacfea44a2e6ff8a1b50ac4dbcd1687fe70c97b774dbac20c68d57a445", "8b837b4f0b28a24360503a5073048424185eeb42a21c85c820147945f6e517a4", "98ada641b7dbf2ff92ca961adff2f73b9dfdc097015380756dedb9c2321c3d80", "c72451a0c51a3782125b134d676f10d9f5c5b061802f14846a9e08c573026ae3"], "path": "%TEMP%\\tmp<random, matching [A-F0-9]{1,4}>.tmp"}, {"hashes": ["0c836b5d9e97fcaaf9f53b2c17ceda7574d40f7da8f4d140bb427e9a8dc66048", "0fdd198111693e3a755161fed32597bce26475f80e15b453ab83e82dd4617461", "52836b0fb3d6c9613d19be0398a2288d0116419c9e0402a8727f5ddf4b730c52", "58c3698dd87c55e4100d89235676fdff5216441f79af114d97a3b0a1a545eec3", "7a646dcacfea44a2e6ff8a1b50ac4dbcd1687fe70c97b774dbac20c68d57a445", "8b837b4f0b28a24360503a5073048424185eeb42a21c85c820147945f6e517a4", "98ada641b7dbf2ff92ca961adff2f73b9dfdc097015380756dedb9c2321c3d80", "c72451a0c51a3782125b134d676f10d9f5c5b061802f14846a9e08c573026ae3"], "path": "%TEMP%\\tmp<random, matching [A-F0-9]{1,4}>.bmp"}, {"hashes": ["0c836b5d9e97fcaaf9f53b2c17ceda7574d40f7da8f4d140bb427e9a8dc66048", "0fdd198111693e3a755161fed32597bce26475f80e15b453ab83e82dd4617461", "52836b0fb3d6c9613d19be0398a2288d0116419c9e0402a8727f5ddf4b730c52", "58c3698dd87c55e4100d89235676fdff5216441f79af114d97a3b0a1a545eec3", "7a646dcacfea44a2e6ff8a1b50ac4dbcd1687fe70c97b774dbac20c68d57a445", "8b837b4f0b28a24360503a5073048424185eeb42a21c85c820147945f6e517a4", "98ada641b7dbf2ff92ca961adff2f73b9dfdc097015380756dedb9c2321c3d80", "c72451a0c51a3782125b134d676f10d9f5c5b061802f14846a9e08c573026ae3"], "path": "<dir>\\_HELP_HELP_HELP_<random, matching '[A-F0-9]{4,8}'>_.hta"}, {"hashes": ["0c836b5d9e97fcaaf9f53b2c17ceda7574d40f7da8f4d140bb427e9a8dc66048", "0fdd198111693e3a755161fed32597bce26475f80e15b453ab83e82dd4617461", "52836b0fb3d6c9613d19be0398a2288d0116419c9e0402a8727f5ddf4b730c52", "58c3698dd87c55e4100d89235676fdff5216441f79af114d97a3b0a1a545eec3", "7a646dcacfea44a2e6ff8a1b50ac4dbcd1687fe70c97b774dbac20c68d57a445", "8b837b4f0b28a24360503a5073048424185eeb42a21c85c820147945f6e517a4", "98ada641b7dbf2ff92ca961adff2f73b9dfdc097015380756dedb9c2321c3d80", "c72451a0c51a3782125b134d676f10d9f5c5b061802f14846a9e08c573026ae3"], "path": "<dir>\\_HELP_HELP_HELP_<random, matching '[A-F0-9]{4,8}'>_.png"}], "ip": [{"hashes": ["0c836b5d9e97fcaaf9f53b2c17ceda7574d40f7da8f4d140bb427e9a8dc66048", "0fdd198111693e3a755161fed32597bce26475f80e15b453ab83e82dd4617461", "52836b0fb3d6c9613d19be0398a2288d0116419c9e0402a8727f5ddf4b730c52", "58c3698dd87c55e4100d89235676fdff5216441f79af114d97a3b0a1a545eec3", "7a646dcacfea44a2e6ff8a1b50ac4dbcd1687fe70c97b774dbac20c68d57a445", "8b837b4f0b28a24360503a5073048424185eeb42a21c85c820147945f6e517a4", "98ada641b7dbf2ff92ca961adff2f73b9dfdc097015380756dedb9c2321c3d80", "c72451a0c51a3782125b134d676f10d9f5c5b061802f14846a9e08c573026ae3"], "ip": "87[.]96[.]148[.]0/27"}, {"hashes": ["0c836b5d9e97fcaaf9f53b2c17ceda7574d40f7da8f4d140bb427e9a8dc66048", "0fdd198111693e3a755161fed32597bce26475f80e15b453ab83e82dd4617461", "52836b0fb3d6c9613d19be0398a2288d0116419c9e0402a8727f5ddf4b730c52", "58c3698dd87c55e4100d89235676fdff5216441f79af114d97a3b0a1a545eec3", "7a646dcacfea44a2e6ff8a1b50ac4dbcd1687fe70c97b774dbac20c68d57a445", "8b837b4f0b28a24360503a5073048424185eeb42a21c85c820147945f6e517a4", "98ada641b7dbf2ff92ca961adff2f73b9dfdc097015380756dedb9c2321c3d80", "c72451a0c51a3782125b134d676f10d9f5c5b061802f14846a9e08c573026ae3"], "ip": "87[.]97[.]148[.]0/27"}, {"hashes": ["0c836b5d9e97fcaaf9f53b2c17ceda7574d40f7da8f4d140bb427e9a8dc66048", "0fdd198111693e3a755161fed32597bce26475f80e15b453ab83e82dd4617461", "52836b0fb3d6c9613d19be0398a2288d0116419c9e0402a8727f5ddf4b730c52", "58c3698dd87c55e4100d89235676fdff5216441f79af114d97a3b0a1a545eec3", "7a646dcacfea44a2e6ff8a1b50ac4dbcd1687fe70c97b774dbac20c68d57a445", "8b837b4f0b28a24360503a5073048424185eeb42a21c85c820147945f6e517a4", "98ada641b7dbf2ff92ca961adff2f73b9dfdc097015380756dedb9c2321c3d80", "c72451a0c51a3782125b134d676f10d9f5c5b061802f14846a9e08c573026ae3"], "ip": "87[.]98[.]148[.]0/22"}], "mutex": [{"hashes": ["0c836b5d9e97fcaaf9f53b2c17ceda7574d40f7da8f4d140bb427e9a8dc66048", "0fdd198111693e3a755161fed32597bce26475f80e15b453ab83e82dd4617461", "52836b0fb3d6c9613d19be0398a2288d0116419c9e0402a8727f5ddf4b730c52", "58c3698dd87c55e4100d89235676fdff5216441f79af114d97a3b0a1a545eec3", "7a646dcacfea44a2e6ff8a1b50ac4dbcd1687fe70c97b774dbac20c68d57a445", "8b837b4f0b28a24360503a5073048424185eeb42a21c85c820147945f6e517a4", "98ada641b7dbf2ff92ca961adff2f73b9dfdc097015380756dedb9c2321c3d80", "c72451a0c51a3782125b134d676f10d9f5c5b061802f14846a9e08c573026ae3"], "name": "shell.{381828AA-8B28-3374-1B67-35680555C5EF}"}], "registry": []}, "reports_count": 25}, "Win.Dropper.LokiBot-9810026-0": {"bis": [{"bi": "antivirus-flagged-artifact", "hashes": ["db67c41032b030e09c8469c39132cc5a9d40abedb5bf8f0a4dde480e76d9ea3d", "1d82fae9f22c8b45d1b55896b090941ae358cc3b9f6a0f4d2ce6c94a512137c4", "44da978b7ae48c8478863501356144f3174f6a4903a70700d8c8c1ea07918011", "aa93570516c9f63788671d50401d1204dc0692f6a5b421d7ca8243188276f77e", "0a4b7dd6ccf1750636e5f74ce6f585f2aa5fe1dc47d713a74ca25c54c403f6a6", "48acb3ef5106e99fc286e627b5248819ad9977da6fb988edfc7a821443fb50fd", "846de7e8a718bad7201687c51e1fbd0f060693f6e627e69f3b6407a10e2b0497", "7b70695e1126854b4d8ae9b74e0230b8af259041a99e81bbae2fa6af97fc3562", "d9950c4638bd7361213d4fb5bbd690e7b0fd5af28d3fe63a108643122eef7090", "c42c269bf5a416490d0e719d3e1c43fe164411a8e5f97eaaee5fcb4ae4bb170e", "91ec719c360c1df573add1f07c7f3d1388e3788c50272dba76fd114c24ece746", "ed52dca2da06f590161223262b2db3965338ec527a768dcd52315789f51f0868", "e14dfc06ae8f19022e328edbd62018064f6b0df962e78f956e519d87b3c57051", "b84003d47b0e314bf4c582061891059498cf60bbe9701e88aa0a782e2e10a54a", "7bb1a1b5d3cde416cf0bd6e415c72e71e86875496c769586b9d93eef5e0460db", "2f6b02f2cc7eac9bb57a6975605ada140b77b085bfffd4f35f9d3060ac439f35", "041a012857581e0ba47e34c8dd9b04244635ac09c00c0654b6e2e030c9c31827", "bbfd4677e7c920f92c538f36b1d6bfa4d0c58aea06185b9c66f2b925a17d1af3"], "mitre_attack_tags": []}, {"bi": "memory-execute-readwrite", "hashes": ["db67c41032b030e09c8469c39132cc5a9d40abedb5bf8f0a4dde480e76d9ea3d", "1d82fae9f22c8b45d1b55896b090941ae358cc3b9f6a0f4d2ce6c94a512137c4", "44da978b7ae48c8478863501356144f3174f6a4903a70700d8c8c1ea07918011", "aa93570516c9f63788671d50401d1204dc0692f6a5b421d7ca8243188276f77e", "0a4b7dd6ccf1750636e5f74ce6f585f2aa5fe1dc47d713a74ca25c54c403f6a6", "48acb3ef5106e99fc286e627b5248819ad9977da6fb988edfc7a821443fb50fd", "846de7e8a718bad7201687c51e1fbd0f060693f6e627e69f3b6407a10e2b0497", "7b70695e1126854b4d8ae9b74e0230b8af259041a99e81bbae2fa6af97fc3562", "d9950c4638bd7361213d4fb5bbd690e7b0fd5af28d3fe63a108643122eef7090", "c42c269bf5a416490d0e719d3e1c43fe164411a8e5f97eaaee5fcb4ae4bb170e", "91ec719c360c1df573add1f07c7f3d1388e3788c50272dba76fd114c24ece746", "ed52dca2da06f590161223262b2db3965338ec527a768dcd52315789f51f0868", "e14dfc06ae8f19022e328edbd62018064f6b0df962e78f956e519d87b3c57051", "b84003d47b0e314bf4c582061891059498cf60bbe9701e88aa0a782e2e10a54a", "7bb1a1b5d3cde416cf0bd6e415c72e71e86875496c769586b9d93eef5e0460db", "2f6b02f2cc7eac9bb57a6975605ada140b77b085bfffd4f35f9d3060ac439f35", "041a012857581e0ba47e34c8dd9b04244635ac09c00c0654b6e2e030c9c31827", "bbfd4677e7c920f92c538f36b1d6bfa4d0c58aea06185b9c66f2b925a17d1af3"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["db67c41032b030e09c8469c39132cc5a9d40abedb5bf8f0a4dde480e76d9ea3d", "1d82fae9f22c8b45d1b55896b090941ae358cc3b9f6a0f4d2ce6c94a512137c4", "44da978b7ae48c8478863501356144f3174f6a4903a70700d8c8c1ea07918011", "aa93570516c9f63788671d50401d1204dc0692f6a5b421d7ca8243188276f77e", "0a4b7dd6ccf1750636e5f74ce6f585f2aa5fe1dc47d713a74ca25c54c403f6a6", "48acb3ef5106e99fc286e627b5248819ad9977da6fb988edfc7a821443fb50fd", "846de7e8a718bad7201687c51e1fbd0f060693f6e627e69f3b6407a10e2b0497", "7b70695e1126854b4d8ae9b74e0230b8af259041a99e81bbae2fa6af97fc3562", "d9950c4638bd7361213d4fb5bbd690e7b0fd5af28d3fe63a108643122eef7090", "c42c269bf5a416490d0e719d3e1c43fe164411a8e5f97eaaee5fcb4ae4bb170e", "91ec719c360c1df573add1f07c7f3d1388e3788c50272dba76fd114c24ece746", "ed52dca2da06f590161223262b2db3965338ec527a768dcd52315789f51f0868", "e14dfc06ae8f19022e328edbd62018064f6b0df962e78f956e519d87b3c57051", "b84003d47b0e314bf4c582061891059498cf60bbe9701e88aa0a782e2e10a54a", "7bb1a1b5d3cde416cf0bd6e415c72e71e86875496c769586b9d93eef5e0460db", "2f6b02f2cc7eac9bb57a6975605ada140b77b085bfffd4f35f9d3060ac439f35", "041a012857581e0ba47e34c8dd9b04244635ac09c00c0654b6e2e030c9c31827", "bbfd4677e7c920f92c538f36b1d6bfa4d0c58aea06185b9c66f2b925a17d1af3"], "mitre_attack_tags": []}, {"bi": "modified-file-in-user-dir", "hashes": ["db67c41032b030e09c8469c39132cc5a9d40abedb5bf8f0a4dde480e76d9ea3d", "1d82fae9f22c8b45d1b55896b090941ae358cc3b9f6a0f4d2ce6c94a512137c4", "44da978b7ae48c8478863501356144f3174f6a4903a70700d8c8c1ea07918011", "aa93570516c9f63788671d50401d1204dc0692f6a5b421d7ca8243188276f77e", "0a4b7dd6ccf1750636e5f74ce6f585f2aa5fe1dc47d713a74ca25c54c403f6a6", "48acb3ef5106e99fc286e627b5248819ad9977da6fb988edfc7a821443fb50fd", "846de7e8a718bad7201687c51e1fbd0f060693f6e627e69f3b6407a10e2b0497", "7b70695e1126854b4d8ae9b74e0230b8af259041a99e81bbae2fa6af97fc3562", "d9950c4638bd7361213d4fb5bbd690e7b0fd5af28d3fe63a108643122eef7090", "c42c269bf5a416490d0e719d3e1c43fe164411a8e5f97eaaee5fcb4ae4bb170e", "91ec719c360c1df573add1f07c7f3d1388e3788c50272dba76fd114c24ece746", "ed52dca2da06f590161223262b2db3965338ec527a768dcd52315789f51f0868", "e14dfc06ae8f19022e328edbd62018064f6b0df962e78f956e519d87b3c57051", "b84003d47b0e314bf4c582061891059498cf60bbe9701e88aa0a782e2e10a54a", "7bb1a1b5d3cde416cf0bd6e415c72e71e86875496c769586b9d93eef5e0460db", "2f6b02f2cc7eac9bb57a6975605ada140b77b085bfffd4f35f9d3060ac439f35", "041a012857581e0ba47e34c8dd9b04244635ac09c00c0654b6e2e030c9c31827", "bbfd4677e7c920f92c538f36b1d6bfa4d0c58aea06185b9c66f2b925a17d1af3"], "mitre_attack_tags": []}, {"bi": "dns-query-nxdomain", "hashes": ["db67c41032b030e09c8469c39132cc5a9d40abedb5bf8f0a4dde480e76d9ea3d", "1d82fae9f22c8b45d1b55896b090941ae358cc3b9f6a0f4d2ce6c94a512137c4", "44da978b7ae48c8478863501356144f3174f6a4903a70700d8c8c1ea07918011", "aa93570516c9f63788671d50401d1204dc0692f6a5b421d7ca8243188276f77e", "0a4b7dd6ccf1750636e5f74ce6f585f2aa5fe1dc47d713a74ca25c54c403f6a6", "48acb3ef5106e99fc286e627b5248819ad9977da6fb988edfc7a821443fb50fd", "846de7e8a718bad7201687c51e1fbd0f060693f6e627e69f3b6407a10e2b0497", "7b70695e1126854b4d8ae9b74e0230b8af259041a99e81bbae2fa6af97fc3562", "d9950c4638bd7361213d4fb5bbd690e7b0fd5af28d3fe63a108643122eef7090", "c42c269bf5a416490d0e719d3e1c43fe164411a8e5f97eaaee5fcb4ae4bb170e", "91ec719c360c1df573add1f07c7f3d1388e3788c50272dba76fd114c24ece746", "ed52dca2da06f590161223262b2db3965338ec527a768dcd52315789f51f0868", "e14dfc06ae8f19022e328edbd62018064f6b0df962e78f956e519d87b3c57051", "b84003d47b0e314bf4c582061891059498cf60bbe9701e88aa0a782e2e10a54a", "7bb1a1b5d3cde416cf0bd6e415c72e71e86875496c769586b9d93eef5e0460db", "2f6b02f2cc7eac9bb57a6975605ada140b77b085bfffd4f35f9d3060ac439f35", "041a012857581e0ba47e34c8dd9b04244635ac09c00c0654b6e2e030c9c31827", "bbfd4677e7c920f92c538f36b1d6bfa4d0c58aea06185b9c66f2b925a17d1af3"], "mitre_attack_tags": []}, {"bi": "feed-domain-rat", "hashes": ["db67c41032b030e09c8469c39132cc5a9d40abedb5bf8f0a4dde480e76d9ea3d", "1d82fae9f22c8b45d1b55896b090941ae358cc3b9f6a0f4d2ce6c94a512137c4", "44da978b7ae48c8478863501356144f3174f6a4903a70700d8c8c1ea07918011", "aa93570516c9f63788671d50401d1204dc0692f6a5b421d7ca8243188276f77e", "0a4b7dd6ccf1750636e5f74ce6f585f2aa5fe1dc47d713a74ca25c54c403f6a6", "48acb3ef5106e99fc286e627b5248819ad9977da6fb988edfc7a821443fb50fd", "846de7e8a718bad7201687c51e1fbd0f060693f6e627e69f3b6407a10e2b0497", "7b70695e1126854b4d8ae9b74e0230b8af259041a99e81bbae2fa6af97fc3562", "d9950c4638bd7361213d4fb5bbd690e7b0fd5af28d3fe63a108643122eef7090", "c42c269bf5a416490d0e719d3e1c43fe164411a8e5f97eaaee5fcb4ae4bb170e", "91ec719c360c1df573add1f07c7f3d1388e3788c50272dba76fd114c24ece746", "ed52dca2da06f590161223262b2db3965338ec527a768dcd52315789f51f0868", "e14dfc06ae8f19022e328edbd62018064f6b0df962e78f956e519d87b3c57051", "b84003d47b0e314bf4c582061891059498cf60bbe9701e88aa0a782e2e10a54a", "7bb1a1b5d3cde416cf0bd6e415c72e71e86875496c769586b9d93eef5e0460db", "2f6b02f2cc7eac9bb57a6975605ada140b77b085bfffd4f35f9d3060ac439f35", "041a012857581e0ba47e34c8dd9b04244635ac09c00c0654b6e2e030c9c31827", "bbfd4677e7c920f92c538f36b1d6bfa4d0c58aea06185b9c66f2b925a17d1af3"], "mitre_attack_tags": []}, {"bi": "feed-domain-antivirus-service", "hashes": ["db67c41032b030e09c8469c39132cc5a9d40abedb5bf8f0a4dde480e76d9ea3d", "1d82fae9f22c8b45d1b55896b090941ae358cc3b9f6a0f4d2ce6c94a512137c4", "44da978b7ae48c8478863501356144f3174f6a4903a70700d8c8c1ea07918011", "aa93570516c9f63788671d50401d1204dc0692f6a5b421d7ca8243188276f77e", "0a4b7dd6ccf1750636e5f74ce6f585f2aa5fe1dc47d713a74ca25c54c403f6a6", "48acb3ef5106e99fc286e627b5248819ad9977da6fb988edfc7a821443fb50fd", "846de7e8a718bad7201687c51e1fbd0f060693f6e627e69f3b6407a10e2b0497", "7b70695e1126854b4d8ae9b74e0230b8af259041a99e81bbae2fa6af97fc3562", "d9950c4638bd7361213d4fb5bbd690e7b0fd5af28d3fe63a108643122eef7090", "c42c269bf5a416490d0e719d3e1c43fe164411a8e5f97eaaee5fcb4ae4bb170e", "91ec719c360c1df573add1f07c7f3d1388e3788c50272dba76fd114c24ece746", "ed52dca2da06f590161223262b2db3965338ec527a768dcd52315789f51f0868", "e14dfc06ae8f19022e328edbd62018064f6b0df962e78f956e519d87b3c57051", "b84003d47b0e314bf4c582061891059498cf60bbe9701e88aa0a782e2e10a54a", "7bb1a1b5d3cde416cf0bd6e415c72e71e86875496c769586b9d93eef5e0460db", "2f6b02f2cc7eac9bb57a6975605ada140b77b085bfffd4f35f9d3060ac439f35", "041a012857581e0ba47e34c8dd9b04244635ac09c00c0654b6e2e030c9c31827", "bbfd4677e7c920f92c538f36b1d6bfa4d0c58aea06185b9c66f2b925a17d1af3"], "mitre_attack_tags": []}, {"bi": "file-ini-read", "hashes": ["db67c41032b030e09c8469c39132cc5a9d40abedb5bf8f0a4dde480e76d9ea3d", "1d82fae9f22c8b45d1b55896b090941ae358cc3b9f6a0f4d2ce6c94a512137c4", "44da978b7ae48c8478863501356144f3174f6a4903a70700d8c8c1ea07918011", "aa93570516c9f63788671d50401d1204dc0692f6a5b421d7ca8243188276f77e", "0a4b7dd6ccf1750636e5f74ce6f585f2aa5fe1dc47d713a74ca25c54c403f6a6", "48acb3ef5106e99fc286e627b5248819ad9977da6fb988edfc7a821443fb50fd", "846de7e8a718bad7201687c51e1fbd0f060693f6e627e69f3b6407a10e2b0497", "7b70695e1126854b4d8ae9b74e0230b8af259041a99e81bbae2fa6af97fc3562", "d9950c4638bd7361213d4fb5bbd690e7b0fd5af28d3fe63a108643122eef7090", "c42c269bf5a416490d0e719d3e1c43fe164411a8e5f97eaaee5fcb4ae4bb170e", "91ec719c360c1df573add1f07c7f3d1388e3788c50272dba76fd114c24ece746", "ed52dca2da06f590161223262b2db3965338ec527a768dcd52315789f51f0868", "e14dfc06ae8f19022e328edbd62018064f6b0df962e78f956e519d87b3c57051", "b84003d47b0e314bf4c582061891059498cf60bbe9701e88aa0a782e2e10a54a", "7bb1a1b5d3cde416cf0bd6e415c72e71e86875496c769586b9d93eef5e0460db", "2f6b02f2cc7eac9bb57a6975605ada140b77b085bfffd4f35f9d3060ac439f35", "041a012857581e0ba47e34c8dd9b04244635ac09c00c0654b6e2e030c9c31827", "bbfd4677e7c920f92c538f36b1d6bfa4d0c58aea06185b9c66f2b925a17d1af3"], "mitre_attack_tags": []}, {"bi": "excessive-foreign-memory-modification", "hashes": ["db67c41032b030e09c8469c39132cc5a9d40abedb5bf8f0a4dde480e76d9ea3d", "1d82fae9f22c8b45d1b55896b090941ae358cc3b9f6a0f4d2ce6c94a512137c4", "44da978b7ae48c8478863501356144f3174f6a4903a70700d8c8c1ea07918011", "aa93570516c9f63788671d50401d1204dc0692f6a5b421d7ca8243188276f77e", "0a4b7dd6ccf1750636e5f74ce6f585f2aa5fe1dc47d713a74ca25c54c403f6a6", "48acb3ef5106e99fc286e627b5248819ad9977da6fb988edfc7a821443fb50fd", "846de7e8a718bad7201687c51e1fbd0f060693f6e627e69f3b6407a10e2b0497", "7b70695e1126854b4d8ae9b74e0230b8af259041a99e81bbae2fa6af97fc3562", "d9950c4638bd7361213d4fb5bbd690e7b0fd5af28d3fe63a108643122eef7090", "c42c269bf5a416490d0e719d3e1c43fe164411a8e5f97eaaee5fcb4ae4bb170e", "91ec719c360c1df573add1f07c7f3d1388e3788c50272dba76fd114c24ece746", "ed52dca2da06f590161223262b2db3965338ec527a768dcd52315789f51f0868", "e14dfc06ae8f19022e328edbd62018064f6b0df962e78f956e519d87b3c57051", "b84003d47b0e314bf4c582061891059498cf60bbe9701e88aa0a782e2e10a54a", "7bb1a1b5d3cde416cf0bd6e415c72e71e86875496c769586b9d93eef5e0460db", "2f6b02f2cc7eac9bb57a6975605ada140b77b085bfffd4f35f9d3060ac439f35", "041a012857581e0ba47e34c8dd9b04244635ac09c00c0654b6e2e030c9c31827", "bbfd4677e7c920f92c538f36b1d6bfa4d0c58aea06185b9c66f2b925a17d1af3"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "malware-lokibot-mutex-detected", "hashes": ["db67c41032b030e09c8469c39132cc5a9d40abedb5bf8f0a4dde480e76d9ea3d", "1d82fae9f22c8b45d1b55896b090941ae358cc3b9f6a0f4d2ce6c94a512137c4", "44da978b7ae48c8478863501356144f3174f6a4903a70700d8c8c1ea07918011", "aa93570516c9f63788671d50401d1204dc0692f6a5b421d7ca8243188276f77e", "0a4b7dd6ccf1750636e5f74ce6f585f2aa5fe1dc47d713a74ca25c54c403f6a6", "48acb3ef5106e99fc286e627b5248819ad9977da6fb988edfc7a821443fb50fd", "846de7e8a718bad7201687c51e1fbd0f060693f6e627e69f3b6407a10e2b0497", "7b70695e1126854b4d8ae9b74e0230b8af259041a99e81bbae2fa6af97fc3562", "d9950c4638bd7361213d4fb5bbd690e7b0fd5af28d3fe63a108643122eef7090", "c42c269bf5a416490d0e719d3e1c43fe164411a8e5f97eaaee5fcb4ae4bb170e", "91ec719c360c1df573add1f07c7f3d1388e3788c50272dba76fd114c24ece746", "ed52dca2da06f590161223262b2db3965338ec527a768dcd52315789f51f0868", "e14dfc06ae8f19022e328edbd62018064f6b0df962e78f956e519d87b3c57051", "b84003d47b0e314bf4c582061891059498cf60bbe9701e88aa0a782e2e10a54a", "7bb1a1b5d3cde416cf0bd6e415c72e71e86875496c769586b9d93eef5e0460db", "2f6b02f2cc7eac9bb57a6975605ada140b77b085bfffd4f35f9d3060ac439f35", "041a012857581e0ba47e34c8dd9b04244635ac09c00c0654b6e2e030c9c31827", "bbfd4677e7c920f92c538f36b1d6bfa4d0c58aea06185b9c66f2b925a17d1af3"], "mitre_attack_tags": []}, {"bi": "windows-vault-api", "hashes": ["db67c41032b030e09c8469c39132cc5a9d40abedb5bf8f0a4dde480e76d9ea3d", "1d82fae9f22c8b45d1b55896b090941ae358cc3b9f6a0f4d2ce6c94a512137c4", "44da978b7ae48c8478863501356144f3174f6a4903a70700d8c8c1ea07918011", "aa93570516c9f63788671d50401d1204dc0692f6a5b421d7ca8243188276f77e", "0a4b7dd6ccf1750636e5f74ce6f585f2aa5fe1dc47d713a74ca25c54c403f6a6", "48acb3ef5106e99fc286e627b5248819ad9977da6fb988edfc7a821443fb50fd", "846de7e8a718bad7201687c51e1fbd0f060693f6e627e69f3b6407a10e2b0497", "7b70695e1126854b4d8ae9b74e0230b8af259041a99e81bbae2fa6af97fc3562", "d9950c4638bd7361213d4fb5bbd690e7b0fd5af28d3fe63a108643122eef7090", "c42c269bf5a416490d0e719d3e1c43fe164411a8e5f97eaaee5fcb4ae4bb170e", "91ec719c360c1df573add1f07c7f3d1388e3788c50272dba76fd114c24ece746", "ed52dca2da06f590161223262b2db3965338ec527a768dcd52315789f51f0868", "e14dfc06ae8f19022e328edbd62018064f6b0df962e78f956e519d87b3c57051", "b84003d47b0e314bf4c582061891059498cf60bbe9701e88aa0a782e2e10a54a", "7bb1a1b5d3cde416cf0bd6e415c72e71e86875496c769586b9d93eef5e0460db", "2f6b02f2cc7eac9bb57a6975605ada140b77b085bfffd4f35f9d3060ac439f35", "041a012857581e0ba47e34c8dd9b04244635ac09c00c0654b6e2e030c9c31827", "bbfd4677e7c920f92c538f36b1d6bfa4d0c58aea06185b9c66f2b925a17d1af3"], "mitre_attack_tags": ["TA0006", "T1003"]}, {"bi": "pe-uses-visual-basic", "hashes": ["db67c41032b030e09c8469c39132cc5a9d40abedb5bf8f0a4dde480e76d9ea3d", "1d82fae9f22c8b45d1b55896b090941ae358cc3b9f6a0f4d2ce6c94a512137c4", "44da978b7ae48c8478863501356144f3174f6a4903a70700d8c8c1ea07918011", "aa93570516c9f63788671d50401d1204dc0692f6a5b421d7ca8243188276f77e", "0a4b7dd6ccf1750636e5f74ce6f585f2aa5fe1dc47d713a74ca25c54c403f6a6", "48acb3ef5106e99fc286e627b5248819ad9977da6fb988edfc7a821443fb50fd", "846de7e8a718bad7201687c51e1fbd0f060693f6e627e69f3b6407a10e2b0497", "7b70695e1126854b4d8ae9b74e0230b8af259041a99e81bbae2fa6af97fc3562", "d9950c4638bd7361213d4fb5bbd690e7b0fd5af28d3fe63a108643122eef7090", "c42c269bf5a416490d0e719d3e1c43fe164411a8e5f97eaaee5fcb4ae4bb170e", "91ec719c360c1df573add1f07c7f3d1388e3788c50272dba76fd114c24ece746", "ed52dca2da06f590161223262b2db3965338ec527a768dcd52315789f51f0868", "e14dfc06ae8f19022e328edbd62018064f6b0df962e78f956e519d87b3c57051", "b84003d47b0e314bf4c582061891059498cf60bbe9701e88aa0a782e2e10a54a", "7bb1a1b5d3cde416cf0bd6e415c72e71e86875496c769586b9d93eef5e0460db", "2f6b02f2cc7eac9bb57a6975605ada140b77b085bfffd4f35f9d3060ac439f35", "041a012857581e0ba47e34c8dd9b04244635ac09c00c0654b6e2e030c9c31827", "bbfd4677e7c920f92c538f36b1d6bfa4d0c58aea06185b9c66f2b925a17d1af3"], "mitre_attack_tags": []}, {"bi": "deleted-submitted-file", "hashes": ["db67c41032b030e09c8469c39132cc5a9d40abedb5bf8f0a4dde480e76d9ea3d", "1d82fae9f22c8b45d1b55896b090941ae358cc3b9f6a0f4d2ce6c94a512137c4", "44da978b7ae48c8478863501356144f3174f6a4903a70700d8c8c1ea07918011", "aa93570516c9f63788671d50401d1204dc0692f6a5b421d7ca8243188276f77e", "0a4b7dd6ccf1750636e5f74ce6f585f2aa5fe1dc47d713a74ca25c54c403f6a6", "48acb3ef5106e99fc286e627b5248819ad9977da6fb988edfc7a821443fb50fd", "846de7e8a718bad7201687c51e1fbd0f060693f6e627e69f3b6407a10e2b0497", "7b70695e1126854b4d8ae9b74e0230b8af259041a99e81bbae2fa6af97fc3562", "d9950c4638bd7361213d4fb5bbd690e7b0fd5af28d3fe63a108643122eef7090", "c42c269bf5a416490d0e719d3e1c43fe164411a8e5f97eaaee5fcb4ae4bb170e", "91ec719c360c1df573add1f07c7f3d1388e3788c50272dba76fd114c24ece746", "ed52dca2da06f590161223262b2db3965338ec527a768dcd52315789f51f0868", "e14dfc06ae8f19022e328edbd62018064f6b0df962e78f956e519d87b3c57051", "b84003d47b0e314bf4c582061891059498cf60bbe9701e88aa0a782e2e10a54a", "7bb1a1b5d3cde416cf0bd6e415c72e71e86875496c769586b9d93eef5e0460db", "2f6b02f2cc7eac9bb57a6975605ada140b77b085bfffd4f35f9d3060ac439f35", "041a012857581e0ba47e34c8dd9b04244635ac09c00c0654b6e2e030c9c31827", "bbfd4677e7c920f92c538f36b1d6bfa4d0c58aea06185b9c66f2b925a17d1af3"], "mitre_attack_tags": ["TA0005", "T1070"]}, {"bi": "firefox-password-manager-local-database-access", "hashes": ["db67c41032b030e09c8469c39132cc5a9d40abedb5bf8f0a4dde480e76d9ea3d", "1d82fae9f22c8b45d1b55896b090941ae358cc3b9f6a0f4d2ce6c94a512137c4", "44da978b7ae48c8478863501356144f3174f6a4903a70700d8c8c1ea07918011", "aa93570516c9f63788671d50401d1204dc0692f6a5b421d7ca8243188276f77e", "0a4b7dd6ccf1750636e5f74ce6f585f2aa5fe1dc47d713a74ca25c54c403f6a6", "48acb3ef5106e99fc286e627b5248819ad9977da6fb988edfc7a821443fb50fd", "846de7e8a718bad7201687c51e1fbd0f060693f6e627e69f3b6407a10e2b0497", "7b70695e1126854b4d8ae9b74e0230b8af259041a99e81bbae2fa6af97fc3562", "d9950c4638bd7361213d4fb5bbd690e7b0fd5af28d3fe63a108643122eef7090", "c42c269bf5a416490d0e719d3e1c43fe164411a8e5f97eaaee5fcb4ae4bb170e", "91ec719c360c1df573add1f07c7f3d1388e3788c50272dba76fd114c24ece746", "ed52dca2da06f590161223262b2db3965338ec527a768dcd52315789f51f0868", "e14dfc06ae8f19022e328edbd62018064f6b0df962e78f956e519d87b3c57051", "b84003d47b0e314bf4c582061891059498cf60bbe9701e88aa0a782e2e10a54a", "7bb1a1b5d3cde416cf0bd6e415c72e71e86875496c769586b9d93eef5e0460db", "2f6b02f2cc7eac9bb57a6975605ada140b77b085bfffd4f35f9d3060ac439f35", "041a012857581e0ba47e34c8dd9b04244635ac09c00c0654b6e2e030c9c31827", "bbfd4677e7c920f92c538f36b1d6bfa4d0c58aea06185b9c66f2b925a17d1af3"], "mitre_attack_tags": ["TA0006", "T1003"]}, {"bi": "malware-known-trojan-av", "hashes": ["db67c41032b030e09c8469c39132cc5a9d40abedb5bf8f0a4dde480e76d9ea3d", "1d82fae9f22c8b45d1b55896b090941ae358cc3b9f6a0f4d2ce6c94a512137c4", "44da978b7ae48c8478863501356144f3174f6a4903a70700d8c8c1ea07918011", "aa93570516c9f63788671d50401d1204dc0692f6a5b421d7ca8243188276f77e", "0a4b7dd6ccf1750636e5f74ce6f585f2aa5fe1dc47d713a74ca25c54c403f6a6", "48acb3ef5106e99fc286e627b5248819ad9977da6fb988edfc7a821443fb50fd", "846de7e8a718bad7201687c51e1fbd0f060693f6e627e69f3b6407a10e2b0497", "7b70695e1126854b4d8ae9b74e0230b8af259041a99e81bbae2fa6af97fc3562", "d9950c4638bd7361213d4fb5bbd690e7b0fd5af28d3fe63a108643122eef7090", "c42c269bf5a416490d0e719d3e1c43fe164411a8e5f97eaaee5fcb4ae4bb170e", "91ec719c360c1df573add1f07c7f3d1388e3788c50272dba76fd114c24ece746", "ed52dca2da06f590161223262b2db3965338ec527a768dcd52315789f51f0868", "e14dfc06ae8f19022e328edbd62018064f6b0df962e78f956e519d87b3c57051", "b84003d47b0e314bf4c582061891059498cf60bbe9701e88aa0a782e2e10a54a", "7bb1a1b5d3cde416cf0bd6e415c72e71e86875496c769586b9d93eef5e0460db", "2f6b02f2cc7eac9bb57a6975605ada140b77b085bfffd4f35f9d3060ac439f35", "041a012857581e0ba47e34c8dd9b04244635ac09c00c0654b6e2e030c9c31827", "bbfd4677e7c920f92c538f36b1d6bfa4d0c58aea06185b9c66f2b925a17d1af3"], "mitre_attack_tags": []}, {"bi": "enumeration-browser-information", "hashes": ["db67c41032b030e09c8469c39132cc5a9d40abedb5bf8f0a4dde480e76d9ea3d", "1d82fae9f22c8b45d1b55896b090941ae358cc3b9f6a0f4d2ce6c94a512137c4", "44da978b7ae48c8478863501356144f3174f6a4903a70700d8c8c1ea07918011", "aa93570516c9f63788671d50401d1204dc0692f6a5b421d7ca8243188276f77e", "0a4b7dd6ccf1750636e5f74ce6f585f2aa5fe1dc47d713a74ca25c54c403f6a6", "48acb3ef5106e99fc286e627b5248819ad9977da6fb988edfc7a821443fb50fd", "846de7e8a718bad7201687c51e1fbd0f060693f6e627e69f3b6407a10e2b0497", "7b70695e1126854b4d8ae9b74e0230b8af259041a99e81bbae2fa6af97fc3562", "d9950c4638bd7361213d4fb5bbd690e7b0fd5af28d3fe63a108643122eef7090", "c42c269bf5a416490d0e719d3e1c43fe164411a8e5f97eaaee5fcb4ae4bb170e", "91ec719c360c1df573add1f07c7f3d1388e3788c50272dba76fd114c24ece746", "ed52dca2da06f590161223262b2db3965338ec527a768dcd52315789f51f0868", "e14dfc06ae8f19022e328edbd62018064f6b0df962e78f956e519d87b3c57051", "b84003d47b0e314bf4c582061891059498cf60bbe9701e88aa0a782e2e10a54a", "7bb1a1b5d3cde416cf0bd6e415c72e71e86875496c769586b9d93eef5e0460db", "2f6b02f2cc7eac9bb57a6975605ada140b77b085bfffd4f35f9d3060ac439f35", "041a012857581e0ba47e34c8dd9b04244635ac09c00c0654b6e2e030c9c31827", "bbfd4677e7c920f92c538f36b1d6bfa4d0c58aea06185b9c66f2b925a17d1af3"], "mitre_attack_tags": ["TA0007", "TA0009", "TA0006", "T1083", "T1217", "T1005", "T1119"]}, {"bi": "compound-vb-self-delete", "hashes": ["db67c41032b030e09c8469c39132cc5a9d40abedb5bf8f0a4dde480e76d9ea3d", "1d82fae9f22c8b45d1b55896b090941ae358cc3b9f6a0f4d2ce6c94a512137c4", "44da978b7ae48c8478863501356144f3174f6a4903a70700d8c8c1ea07918011", "aa93570516c9f63788671d50401d1204dc0692f6a5b421d7ca8243188276f77e", "0a4b7dd6ccf1750636e5f74ce6f585f2aa5fe1dc47d713a74ca25c54c403f6a6", "48acb3ef5106e99fc286e627b5248819ad9977da6fb988edfc7a821443fb50fd", "846de7e8a718bad7201687c51e1fbd0f060693f6e627e69f3b6407a10e2b0497", "7b70695e1126854b4d8ae9b74e0230b8af259041a99e81bbae2fa6af97fc3562", "d9950c4638bd7361213d4fb5bbd690e7b0fd5af28d3fe63a108643122eef7090", "c42c269bf5a416490d0e719d3e1c43fe164411a8e5f97eaaee5fcb4ae4bb170e", "91ec719c360c1df573add1f07c7f3d1388e3788c50272dba76fd114c24ece746", "ed52dca2da06f590161223262b2db3965338ec527a768dcd52315789f51f0868", "e14dfc06ae8f19022e328edbd62018064f6b0df962e78f956e519d87b3c57051", "b84003d47b0e314bf4c582061891059498cf60bbe9701e88aa0a782e2e10a54a", "7bb1a1b5d3cde416cf0bd6e415c72e71e86875496c769586b9d93eef5e0460db", "2f6b02f2cc7eac9bb57a6975605ada140b77b085bfffd4f35f9d3060ac439f35", "041a012857581e0ba47e34c8dd9b04244635ac09c00c0654b6e2e030c9c31827", "bbfd4677e7c920f92c538f36b1d6bfa4d0c58aea06185b9c66f2b925a17d1af3"], "mitre_attack_tags": []}, {"bi": "process-hollowing-detected", "hashes": ["db67c41032b030e09c8469c39132cc5a9d40abedb5bf8f0a4dde480e76d9ea3d", "1d82fae9f22c8b45d1b55896b090941ae358cc3b9f6a0f4d2ce6c94a512137c4", "44da978b7ae48c8478863501356144f3174f6a4903a70700d8c8c1ea07918011", "aa93570516c9f63788671d50401d1204dc0692f6a5b421d7ca8243188276f77e", "0a4b7dd6ccf1750636e5f74ce6f585f2aa5fe1dc47d713a74ca25c54c403f6a6", "48acb3ef5106e99fc286e627b5248819ad9977da6fb988edfc7a821443fb50fd", "846de7e8a718bad7201687c51e1fbd0f060693f6e627e69f3b6407a10e2b0497", "7b70695e1126854b4d8ae9b74e0230b8af259041a99e81bbae2fa6af97fc3562", "d9950c4638bd7361213d4fb5bbd690e7b0fd5af28d3fe63a108643122eef7090", "c42c269bf5a416490d0e719d3e1c43fe164411a8e5f97eaaee5fcb4ae4bb170e", "91ec719c360c1df573add1f07c7f3d1388e3788c50272dba76fd114c24ece746", "ed52dca2da06f590161223262b2db3965338ec527a768dcd52315789f51f0868", "e14dfc06ae8f19022e328edbd62018064f6b0df962e78f956e519d87b3c57051", "b84003d47b0e314bf4c582061891059498cf60bbe9701e88aa0a782e2e10a54a", "7bb1a1b5d3cde416cf0bd6e415c72e71e86875496c769586b9d93eef5e0460db", "2f6b02f2cc7eac9bb57a6975605ada140b77b085bfffd4f35f9d3060ac439f35", "041a012857581e0ba47e34c8dd9b04244635ac09c00c0654b6e2e030c9c31827", "bbfd4677e7c920f92c538f36b1d6bfa4d0c58aea06185b9c66f2b925a17d1af3"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "pe-uses-heavens-gate", "hashes": ["db67c41032b030e09c8469c39132cc5a9d40abedb5bf8f0a4dde480e76d9ea3d", "1d82fae9f22c8b45d1b55896b090941ae358cc3b9f6a0f4d2ce6c94a512137c4", "44da978b7ae48c8478863501356144f3174f6a4903a70700d8c8c1ea07918011", "aa93570516c9f63788671d50401d1204dc0692f6a5b421d7ca8243188276f77e", "0a4b7dd6ccf1750636e5f74ce6f585f2aa5fe1dc47d713a74ca25c54c403f6a6", "48acb3ef5106e99fc286e627b5248819ad9977da6fb988edfc7a821443fb50fd", "846de7e8a718bad7201687c51e1fbd0f060693f6e627e69f3b6407a10e2b0497", "7b70695e1126854b4d8ae9b74e0230b8af259041a99e81bbae2fa6af97fc3562", "d9950c4638bd7361213d4fb5bbd690e7b0fd5af28d3fe63a108643122eef7090", "c42c269bf5a416490d0e719d3e1c43fe164411a8e5f97eaaee5fcb4ae4bb170e", "91ec719c360c1df573add1f07c7f3d1388e3788c50272dba76fd114c24ece746", "ed52dca2da06f590161223262b2db3965338ec527a768dcd52315789f51f0868", "e14dfc06ae8f19022e328edbd62018064f6b0df962e78f956e519d87b3c57051", "b84003d47b0e314bf4c582061891059498cf60bbe9701e88aa0a782e2e10a54a", "7bb1a1b5d3cde416cf0bd6e415c72e71e86875496c769586b9d93eef5e0460db", "2f6b02f2cc7eac9bb57a6975605ada140b77b085bfffd4f35f9d3060ac439f35", "041a012857581e0ba47e34c8dd9b04244635ac09c00c0654b6e2e030c9c31827", "bbfd4677e7c920f92c538f36b1d6bfa4d0c58aea06185b9c66f2b925a17d1af3"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "network-fast-flux-nameserver", "hashes": ["db67c41032b030e09c8469c39132cc5a9d40abedb5bf8f0a4dde480e76d9ea3d", "1d82fae9f22c8b45d1b55896b090941ae358cc3b9f6a0f4d2ce6c94a512137c4", "aa93570516c9f63788671d50401d1204dc0692f6a5b421d7ca8243188276f77e", "0a4b7dd6ccf1750636e5f74ce6f585f2aa5fe1dc47d713a74ca25c54c403f6a6", "48acb3ef5106e99fc286e627b5248819ad9977da6fb988edfc7a821443fb50fd", "7b70695e1126854b4d8ae9b74e0230b8af259041a99e81bbae2fa6af97fc3562", "91ec719c360c1df573add1f07c7f3d1388e3788c50272dba76fd114c24ece746", "ed52dca2da06f590161223262b2db3965338ec527a768dcd52315789f51f0868", "e14dfc06ae8f19022e328edbd62018064f6b0df962e78f956e519d87b3c57051", "b84003d47b0e314bf4c582061891059498cf60bbe9701e88aa0a782e2e10a54a", "2f6b02f2cc7eac9bb57a6975605ada140b77b085bfffd4f35f9d3060ac439f35", "bbfd4677e7c920f92c538f36b1d6bfa4d0c58aea06185b9c66f2b925a17d1af3"], "mitre_attack_tags": []}, {"bi": "netbios-query", "hashes": ["db67c41032b030e09c8469c39132cc5a9d40abedb5bf8f0a4dde480e76d9ea3d", "0a4b7dd6ccf1750636e5f74ce6f585f2aa5fe1dc47d713a74ca25c54c403f6a6", "c42c269bf5a416490d0e719d3e1c43fe164411a8e5f97eaaee5fcb4ae4bb170e", "ed52dca2da06f590161223262b2db3965338ec527a768dcd52315789f51f0868", "041a012857581e0ba47e34c8dd9b04244635ac09c00c0654b6e2e030c9c31827", "bbfd4677e7c920f92c538f36b1d6bfa4d0c58aea06185b9c66f2b925a17d1af3"], "mitre_attack_tags": []}], "category": "Dropper", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": false, "Threat Grid": true, "Umbrella": false, "WSA": false}, "description": "Lokibot is an information-stealing malware designed to siphon off sensitive information stored on an infected device. It is modular in nature, supporting the ability to steal sensitive information from a number of popular applications. It is commonly pushed via malicious documents delivered via spam emails.", "hashes": ["041a012857581e0ba47e34c8dd9b04244635ac09c00c0654b6e2e030c9c31827", "0a4b7dd6ccf1750636e5f74ce6f585f2aa5fe1dc47d713a74ca25c54c403f6a6", "1d82fae9f22c8b45d1b55896b090941ae358cc3b9f6a0f4d2ce6c94a512137c4", "2f6b02f2cc7eac9bb57a6975605ada140b77b085bfffd4f35f9d3060ac439f35", "44da978b7ae48c8478863501356144f3174f6a4903a70700d8c8c1ea07918011", "48acb3ef5106e99fc286e627b5248819ad9977da6fb988edfc7a821443fb50fd", "7b70695e1126854b4d8ae9b74e0230b8af259041a99e81bbae2fa6af97fc3562", "7bb1a1b5d3cde416cf0bd6e415c72e71e86875496c769586b9d93eef5e0460db", "846de7e8a718bad7201687c51e1fbd0f060693f6e627e69f3b6407a10e2b0497", "91ec719c360c1df573add1f07c7f3d1388e3788c50272dba76fd114c24ece746", "aa93570516c9f63788671d50401d1204dc0692f6a5b421d7ca8243188276f77e", "b84003d47b0e314bf4c582061891059498cf60bbe9701e88aa0a782e2e10a54a", "bbfd4677e7c920f92c538f36b1d6bfa4d0c58aea06185b9c66f2b925a17d1af3", "c42c269bf5a416490d0e719d3e1c43fe164411a8e5f97eaaee5fcb4ae4bb170e", "d9950c4638bd7361213d4fb5bbd690e7b0fd5af28d3fe63a108643122eef7090", "db67c41032b030e09c8469c39132cc5a9d40abedb5bf8f0a4dde480e76d9ea3d", "e14dfc06ae8f19022e328edbd62018064f6b0df962e78f956e519d87b3c57051", "ed52dca2da06f590161223262b2db3965338ec527a768dcd52315789f51f0868"], "iocs": {"domain": [{"hashes": ["1d82fae9f22c8b45d1b55896b090941ae358cc3b9f6a0f4d2ce6c94a512137c4", "2f6b02f2cc7eac9bb57a6975605ada140b77b085bfffd4f35f9d3060ac439f35", "7b70695e1126854b4d8ae9b74e0230b8af259041a99e81bbae2fa6af97fc3562", "7bb1a1b5d3cde416cf0bd6e415c72e71e86875496c769586b9d93eef5e0460db", "846de7e8a718bad7201687c51e1fbd0f060693f6e627e69f3b6407a10e2b0497", "91ec719c360c1df573add1f07c7f3d1388e3788c50272dba76fd114c24ece746", "aa93570516c9f63788671d50401d1204dc0692f6a5b421d7ca8243188276f77e", "e14dfc06ae8f19022e328edbd62018064f6b0df962e78f956e519d87b3c57051"], "host": "techsupdate1[.]com"}, {"hashes": ["041a012857581e0ba47e34c8dd9b04244635ac09c00c0654b6e2e030c9c31827", "0a4b7dd6ccf1750636e5f74ce6f585f2aa5fe1dc47d713a74ca25c54c403f6a6", "c42c269bf5a416490d0e719d3e1c43fe164411a8e5f97eaaee5fcb4ae4bb170e", "db67c41032b030e09c8469c39132cc5a9d40abedb5bf8f0a4dde480e76d9ea3d", "ed52dca2da06f590161223262b2db3965338ec527a768dcd52315789f51f0868"], "host": "pionveriy[.]com"}, {"hashes": ["44da978b7ae48c8478863501356144f3174f6a4903a70700d8c8c1ea07918011", "48acb3ef5106e99fc286e627b5248819ad9977da6fb988edfc7a821443fb50fd", "b84003d47b0e314bf4c582061891059498cf60bbe9701e88aa0a782e2e10a54a", "d9950c4638bd7361213d4fb5bbd690e7b0fd5af28d3fe63a108643122eef7090"], "host": "resgisupdatex[.]com"}, {"hashes": ["bbfd4677e7c920f92c538f36b1d6bfa4d0c58aea06185b9c66f2b925a17d1af3"], "host": "seeuaround[.]info"}], "file": [{"hashes": ["041a012857581e0ba47e34c8dd9b04244635ac09c00c0654b6e2e030c9c31827", "0a4b7dd6ccf1750636e5f74ce6f585f2aa5fe1dc47d713a74ca25c54c403f6a6", "1d82fae9f22c8b45d1b55896b090941ae358cc3b9f6a0f4d2ce6c94a512137c4", "2f6b02f2cc7eac9bb57a6975605ada140b77b085bfffd4f35f9d3060ac439f35", "44da978b7ae48c8478863501356144f3174f6a4903a70700d8c8c1ea07918011", "48acb3ef5106e99fc286e627b5248819ad9977da6fb988edfc7a821443fb50fd", "7b70695e1126854b4d8ae9b74e0230b8af259041a99e81bbae2fa6af97fc3562", "7bb1a1b5d3cde416cf0bd6e415c72e71e86875496c769586b9d93eef5e0460db", "846de7e8a718bad7201687c51e1fbd0f060693f6e627e69f3b6407a10e2b0497", "91ec719c360c1df573add1f07c7f3d1388e3788c50272dba76fd114c24ece746", "aa93570516c9f63788671d50401d1204dc0692f6a5b421d7ca8243188276f77e", "b84003d47b0e314bf4c582061891059498cf60bbe9701e88aa0a782e2e10a54a", "bbfd4677e7c920f92c538f36b1d6bfa4d0c58aea06185b9c66f2b925a17d1af3", "c42c269bf5a416490d0e719d3e1c43fe164411a8e5f97eaaee5fcb4ae4bb170e", "d9950c4638bd7361213d4fb5bbd690e7b0fd5af28d3fe63a108643122eef7090", "db67c41032b030e09c8469c39132cc5a9d40abedb5bf8f0a4dde480e76d9ea3d", "e14dfc06ae8f19022e328edbd62018064f6b0df962e78f956e519d87b3c57051", "ed52dca2da06f590161223262b2db3965338ec527a768dcd52315789f51f0868"], "path": "%APPDATA%\\D282E1"}, {"hashes": ["041a012857581e0ba47e34c8dd9b04244635ac09c00c0654b6e2e030c9c31827", "0a4b7dd6ccf1750636e5f74ce6f585f2aa5fe1dc47d713a74ca25c54c403f6a6", "1d82fae9f22c8b45d1b55896b090941ae358cc3b9f6a0f4d2ce6c94a512137c4", "2f6b02f2cc7eac9bb57a6975605ada140b77b085bfffd4f35f9d3060ac439f35", "44da978b7ae48c8478863501356144f3174f6a4903a70700d8c8c1ea07918011", "48acb3ef5106e99fc286e627b5248819ad9977da6fb988edfc7a821443fb50fd", "7b70695e1126854b4d8ae9b74e0230b8af259041a99e81bbae2fa6af97fc3562", "7bb1a1b5d3cde416cf0bd6e415c72e71e86875496c769586b9d93eef5e0460db", "846de7e8a718bad7201687c51e1fbd0f060693f6e627e69f3b6407a10e2b0497", "91ec719c360c1df573add1f07c7f3d1388e3788c50272dba76fd114c24ece746", "aa93570516c9f63788671d50401d1204dc0692f6a5b421d7ca8243188276f77e", "b84003d47b0e314bf4c582061891059498cf60bbe9701e88aa0a782e2e10a54a", "bbfd4677e7c920f92c538f36b1d6bfa4d0c58aea06185b9c66f2b925a17d1af3", "c42c269bf5a416490d0e719d3e1c43fe164411a8e5f97eaaee5fcb4ae4bb170e", "d9950c4638bd7361213d4fb5bbd690e7b0fd5af28d3fe63a108643122eef7090", "db67c41032b030e09c8469c39132cc5a9d40abedb5bf8f0a4dde480e76d9ea3d", "e14dfc06ae8f19022e328edbd62018064f6b0df962e78f956e519d87b3c57051", "ed52dca2da06f590161223262b2db3965338ec527a768dcd52315789f51f0868"], "path": "%APPDATA%\\D282E1\\1E80C5.lck"}, {"hashes": ["041a012857581e0ba47e34c8dd9b04244635ac09c00c0654b6e2e030c9c31827", "0a4b7dd6ccf1750636e5f74ce6f585f2aa5fe1dc47d713a74ca25c54c403f6a6", "1d82fae9f22c8b45d1b55896b090941ae358cc3b9f6a0f4d2ce6c94a512137c4", "2f6b02f2cc7eac9bb57a6975605ada140b77b085bfffd4f35f9d3060ac439f35", "44da978b7ae48c8478863501356144f3174f6a4903a70700d8c8c1ea07918011", "48acb3ef5106e99fc286e627b5248819ad9977da6fb988edfc7a821443fb50fd", "7b70695e1126854b4d8ae9b74e0230b8af259041a99e81bbae2fa6af97fc3562", "7bb1a1b5d3cde416cf0bd6e415c72e71e86875496c769586b9d93eef5e0460db", "846de7e8a718bad7201687c51e1fbd0f060693f6e627e69f3b6407a10e2b0497", "91ec719c360c1df573add1f07c7f3d1388e3788c50272dba76fd114c24ece746", "aa93570516c9f63788671d50401d1204dc0692f6a5b421d7ca8243188276f77e", "b84003d47b0e314bf4c582061891059498cf60bbe9701e88aa0a782e2e10a54a", "bbfd4677e7c920f92c538f36b1d6bfa4d0c58aea06185b9c66f2b925a17d1af3", "c42c269bf5a416490d0e719d3e1c43fe164411a8e5f97eaaee5fcb4ae4bb170e", "d9950c4638bd7361213d4fb5bbd690e7b0fd5af28d3fe63a108643122eef7090", "db67c41032b030e09c8469c39132cc5a9d40abedb5bf8f0a4dde480e76d9ea3d", "e14dfc06ae8f19022e328edbd62018064f6b0df962e78f956e519d87b3c57051", "ed52dca2da06f590161223262b2db3965338ec527a768dcd52315789f51f0868"], "path": "%APPDATA%\\7C7955\\5D4644.lck"}], "ip": [], "mutex": [{"hashes": ["041a012857581e0ba47e34c8dd9b04244635ac09c00c0654b6e2e030c9c31827", "0a4b7dd6ccf1750636e5f74ce6f585f2aa5fe1dc47d713a74ca25c54c403f6a6", "1d82fae9f22c8b45d1b55896b090941ae358cc3b9f6a0f4d2ce6c94a512137c4", "2f6b02f2cc7eac9bb57a6975605ada140b77b085bfffd4f35f9d3060ac439f35", "44da978b7ae48c8478863501356144f3174f6a4903a70700d8c8c1ea07918011", "48acb3ef5106e99fc286e627b5248819ad9977da6fb988edfc7a821443fb50fd", "7b70695e1126854b4d8ae9b74e0230b8af259041a99e81bbae2fa6af97fc3562", "7bb1a1b5d3cde416cf0bd6e415c72e71e86875496c769586b9d93eef5e0460db", "846de7e8a718bad7201687c51e1fbd0f060693f6e627e69f3b6407a10e2b0497", "91ec719c360c1df573add1f07c7f3d1388e3788c50272dba76fd114c24ece746", "aa93570516c9f63788671d50401d1204dc0692f6a5b421d7ca8243188276f77e", "b84003d47b0e314bf4c582061891059498cf60bbe9701e88aa0a782e2e10a54a", "bbfd4677e7c920f92c538f36b1d6bfa4d0c58aea06185b9c66f2b925a17d1af3", "c42c269bf5a416490d0e719d3e1c43fe164411a8e5f97eaaee5fcb4ae4bb170e", "d9950c4638bd7361213d4fb5bbd690e7b0fd5af28d3fe63a108643122eef7090", "db67c41032b030e09c8469c39132cc5a9d40abedb5bf8f0a4dde480e76d9ea3d", "e14dfc06ae8f19022e328edbd62018064f6b0df962e78f956e519d87b3c57051", "ed52dca2da06f590161223262b2db3965338ec527a768dcd52315789f51f0868"], "name": "3749282D282E1E80C56CAE5A"}, {"hashes": ["041a012857581e0ba47e34c8dd9b04244635ac09c00c0654b6e2e030c9c31827", "0a4b7dd6ccf1750636e5f74ce6f585f2aa5fe1dc47d713a74ca25c54c403f6a6", "1d82fae9f22c8b45d1b55896b090941ae358cc3b9f6a0f4d2ce6c94a512137c4", "2f6b02f2cc7eac9bb57a6975605ada140b77b085bfffd4f35f9d3060ac439f35", "44da978b7ae48c8478863501356144f3174f6a4903a70700d8c8c1ea07918011", "48acb3ef5106e99fc286e627b5248819ad9977da6fb988edfc7a821443fb50fd", "7b70695e1126854b4d8ae9b74e0230b8af259041a99e81bbae2fa6af97fc3562", "7bb1a1b5d3cde416cf0bd6e415c72e71e86875496c769586b9d93eef5e0460db", "846de7e8a718bad7201687c51e1fbd0f060693f6e627e69f3b6407a10e2b0497", "91ec719c360c1df573add1f07c7f3d1388e3788c50272dba76fd114c24ece746", "aa93570516c9f63788671d50401d1204dc0692f6a5b421d7ca8243188276f77e", "b84003d47b0e314bf4c582061891059498cf60bbe9701e88aa0a782e2e10a54a", "bbfd4677e7c920f92c538f36b1d6bfa4d0c58aea06185b9c66f2b925a17d1af3", "c42c269bf5a416490d0e719d3e1c43fe164411a8e5f97eaaee5fcb4ae4bb170e", "d9950c4638bd7361213d4fb5bbd690e7b0fd5af28d3fe63a108643122eef7090", "db67c41032b030e09c8469c39132cc5a9d40abedb5bf8f0a4dde480e76d9ea3d", "e14dfc06ae8f19022e328edbd62018064f6b0df962e78f956e519d87b3c57051", "ed52dca2da06f590161223262b2db3965338ec527a768dcd52315789f51f0868"], "name": "9DAA44F7C7955D46445DC99B"}], "registry": []}, "reports_count": 18}, "Win.Dropper.TinyBanker-9805436-0": {"bis": [{"bi": "memory-execute-readwrite", "hashes": ["857b229d5f0ca5e93943702fa0509c4d61fa452dacf80391859049a64a9238cb", "1e5888f40b96662211a73ddb0d76d2af3a492f529520e5f515bb9f86856e356d", "54fdb72b652be3d6213392eb9ec840807b8a82f421a082da0c246dfa96ad9098", "814d4504830a178e61f0df10adc7d3e15cd4610509fdc2595a268aeedefbaf87", "12e4c3392b017e005e05ccd457fd84279eca8d38c5636fc3b2859965b5a8d11a", "0543ecfcaf691518b4643991f71e4647682c14907f382741d28965aa7a724052", "1c03137c6329d7181402d41b4a84f67712bed20e21c183881bf9fdf3b2565d67", "ca25f22e673397c51128044cd756d4b790a909c157cd94196f9ea74adce5ee50", "0eeb2bfc75858d42c261182404d94ac82f2cde375c703de1f926896a8976e889", "7c5f7c66cf5faefe31d62db314c86478ed599a0c422464e0a1ed91641ed9a78c", "b2ef57bcb2fe53d8d313c5d553a91abc6c644d238821a4c0c8e4680284c535b0", "a2f8d6567bd6ecf7349d4285a82b3989120788e928c5d6d503c9b4e0568c4d7e", "84bf368081e3b6bae2975ab373ff9861d081c723ef4ed5f5c0c9bd22c36e62a8", "469bfc07379bd0eb03c7b386fd2e62cad9f0dcd9ba410ef3470a0be2da2a0443"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "modified-executable", "hashes": ["857b229d5f0ca5e93943702fa0509c4d61fa452dacf80391859049a64a9238cb", "1e5888f40b96662211a73ddb0d76d2af3a492f529520e5f515bb9f86856e356d", "54fdb72b652be3d6213392eb9ec840807b8a82f421a082da0c246dfa96ad9098", "814d4504830a178e61f0df10adc7d3e15cd4610509fdc2595a268aeedefbaf87", "12e4c3392b017e005e05ccd457fd84279eca8d38c5636fc3b2859965b5a8d11a", "0543ecfcaf691518b4643991f71e4647682c14907f382741d28965aa7a724052", "1c03137c6329d7181402d41b4a84f67712bed20e21c183881bf9fdf3b2565d67", "ca25f22e673397c51128044cd756d4b790a909c157cd94196f9ea74adce5ee50", "0eeb2bfc75858d42c261182404d94ac82f2cde375c703de1f926896a8976e889", "7c5f7c66cf5faefe31d62db314c86478ed599a0c422464e0a1ed91641ed9a78c", "b2ef57bcb2fe53d8d313c5d553a91abc6c644d238821a4c0c8e4680284c535b0", "a2f8d6567bd6ecf7349d4285a82b3989120788e928c5d6d503c9b4e0568c4d7e", "84bf368081e3b6bae2975ab373ff9861d081c723ef4ed5f5c0c9bd22c36e62a8", "469bfc07379bd0eb03c7b386fd2e62cad9f0dcd9ba410ef3470a0be2da2a0443"], "mitre_attack_tags": []}, {"bi": "created-executable-in-user-dir", "hashes": ["857b229d5f0ca5e93943702fa0509c4d61fa452dacf80391859049a64a9238cb", "1e5888f40b96662211a73ddb0d76d2af3a492f529520e5f515bb9f86856e356d", "54fdb72b652be3d6213392eb9ec840807b8a82f421a082da0c246dfa96ad9098", "814d4504830a178e61f0df10adc7d3e15cd4610509fdc2595a268aeedefbaf87", "12e4c3392b017e005e05ccd457fd84279eca8d38c5636fc3b2859965b5a8d11a", "0543ecfcaf691518b4643991f71e4647682c14907f382741d28965aa7a724052", "1c03137c6329d7181402d41b4a84f67712bed20e21c183881bf9fdf3b2565d67", "ca25f22e673397c51128044cd756d4b790a909c157cd94196f9ea74adce5ee50", "0eeb2bfc75858d42c261182404d94ac82f2cde375c703de1f926896a8976e889", "7c5f7c66cf5faefe31d62db314c86478ed599a0c422464e0a1ed91641ed9a78c", "b2ef57bcb2fe53d8d313c5d553a91abc6c644d238821a4c0c8e4680284c535b0", "a2f8d6567bd6ecf7349d4285a82b3989120788e928c5d6d503c9b4e0568c4d7e", "84bf368081e3b6bae2975ab373ff9861d081c723ef4ed5f5c0c9bd22c36e62a8", "469bfc07379bd0eb03c7b386fd2e62cad9f0dcd9ba410ef3470a0be2da2a0443"], "mitre_attack_tags": []}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["857b229d5f0ca5e93943702fa0509c4d61fa452dacf80391859049a64a9238cb", "1e5888f40b96662211a73ddb0d76d2af3a492f529520e5f515bb9f86856e356d", "54fdb72b652be3d6213392eb9ec840807b8a82f421a082da0c246dfa96ad9098", "814d4504830a178e61f0df10adc7d3e15cd4610509fdc2595a268aeedefbaf87", "12e4c3392b017e005e05ccd457fd84279eca8d38c5636fc3b2859965b5a8d11a", "0543ecfcaf691518b4643991f71e4647682c14907f382741d28965aa7a724052", "1c03137c6329d7181402d41b4a84f67712bed20e21c183881bf9fdf3b2565d67", "ca25f22e673397c51128044cd756d4b790a909c157cd94196f9ea74adce5ee50", "0eeb2bfc75858d42c261182404d94ac82f2cde375c703de1f926896a8976e889", "7c5f7c66cf5faefe31d62db314c86478ed599a0c422464e0a1ed91641ed9a78c", "b2ef57bcb2fe53d8d313c5d553a91abc6c644d238821a4c0c8e4680284c535b0", "a2f8d6567bd6ecf7349d4285a82b3989120788e928c5d6d503c9b4e0568c4d7e", "84bf368081e3b6bae2975ab373ff9861d081c723ef4ed5f5c0c9bd22c36e62a8", "469bfc07379bd0eb03c7b386fd2e62cad9f0dcd9ba410ef3470a0be2da2a0443"], "mitre_attack_tags": []}, {"bi": "modified-file-in-user-dir", "hashes": ["857b229d5f0ca5e93943702fa0509c4d61fa452dacf80391859049a64a9238cb", "1e5888f40b96662211a73ddb0d76d2af3a492f529520e5f515bb9f86856e356d", "54fdb72b652be3d6213392eb9ec840807b8a82f421a082da0c246dfa96ad9098", "814d4504830a178e61f0df10adc7d3e15cd4610509fdc2595a268aeedefbaf87", "12e4c3392b017e005e05ccd457fd84279eca8d38c5636fc3b2859965b5a8d11a", "0543ecfcaf691518b4643991f71e4647682c14907f382741d28965aa7a724052", "1c03137c6329d7181402d41b4a84f67712bed20e21c183881bf9fdf3b2565d67", "ca25f22e673397c51128044cd756d4b790a909c157cd94196f9ea74adce5ee50", "0eeb2bfc75858d42c261182404d94ac82f2cde375c703de1f926896a8976e889", "7c5f7c66cf5faefe31d62db314c86478ed599a0c422464e0a1ed91641ed9a78c", "b2ef57bcb2fe53d8d313c5d553a91abc6c644d238821a4c0c8e4680284c535b0", "a2f8d6567bd6ecf7349d4285a82b3989120788e928c5d6d503c9b4e0568c4d7e", "84bf368081e3b6bae2975ab373ff9861d081c723ef4ed5f5c0c9bd22c36e62a8", "469bfc07379bd0eb03c7b386fd2e62cad9f0dcd9ba410ef3470a0be2da2a0443"], "mitre_attack_tags": []}, {"bi": "hook-installed", "hashes": ["857b229d5f0ca5e93943702fa0509c4d61fa452dacf80391859049a64a9238cb", "1e5888f40b96662211a73ddb0d76d2af3a492f529520e5f515bb9f86856e356d", "54fdb72b652be3d6213392eb9ec840807b8a82f421a082da0c246dfa96ad9098", "814d4504830a178e61f0df10adc7d3e15cd4610509fdc2595a268aeedefbaf87", "12e4c3392b017e005e05ccd457fd84279eca8d38c5636fc3b2859965b5a8d11a", "0543ecfcaf691518b4643991f71e4647682c14907f382741d28965aa7a724052", "1c03137c6329d7181402d41b4a84f67712bed20e21c183881bf9fdf3b2565d67", "ca25f22e673397c51128044cd756d4b790a909c157cd94196f9ea74adce5ee50", "0eeb2bfc75858d42c261182404d94ac82f2cde375c703de1f926896a8976e889", "7c5f7c66cf5faefe31d62db314c86478ed599a0c422464e0a1ed91641ed9a78c", "b2ef57bcb2fe53d8d313c5d553a91abc6c644d238821a4c0c8e4680284c535b0", "a2f8d6567bd6ecf7349d4285a82b3989120788e928c5d6d503c9b4e0568c4d7e", "84bf368081e3b6bae2975ab373ff9861d081c723ef4ed5f5c0c9bd22c36e62a8", "469bfc07379bd0eb03c7b386fd2e62cad9f0dcd9ba410ef3470a0be2da2a0443"], "mitre_attack_tags": ["TA0009", "TA0006", "T1056"]}, {"bi": "pe-uses-armadillo", "hashes": ["857b229d5f0ca5e93943702fa0509c4d61fa452dacf80391859049a64a9238cb", "1e5888f40b96662211a73ddb0d76d2af3a492f529520e5f515bb9f86856e356d", "54fdb72b652be3d6213392eb9ec840807b8a82f421a082da0c246dfa96ad9098", "814d4504830a178e61f0df10adc7d3e15cd4610509fdc2595a268aeedefbaf87", "12e4c3392b017e005e05ccd457fd84279eca8d38c5636fc3b2859965b5a8d11a", "0543ecfcaf691518b4643991f71e4647682c14907f382741d28965aa7a724052", "1c03137c6329d7181402d41b4a84f67712bed20e21c183881bf9fdf3b2565d67", "ca25f22e673397c51128044cd756d4b790a909c157cd94196f9ea74adce5ee50", "0eeb2bfc75858d42c261182404d94ac82f2cde375c703de1f926896a8976e889", "7c5f7c66cf5faefe31d62db314c86478ed599a0c422464e0a1ed91641ed9a78c", "b2ef57bcb2fe53d8d313c5d553a91abc6c644d238821a4c0c8e4680284c535b0", "a2f8d6567bd6ecf7349d4285a82b3989120788e928c5d6d503c9b4e0568c4d7e", "84bf368081e3b6bae2975ab373ff9861d081c723ef4ed5f5c0c9bd22c36e62a8", "469bfc07379bd0eb03c7b386fd2e62cad9f0dcd9ba410ef3470a0be2da2a0443"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "excessive-foreign-memory-modification", "hashes": ["857b229d5f0ca5e93943702fa0509c4d61fa452dacf80391859049a64a9238cb", "1e5888f40b96662211a73ddb0d76d2af3a492f529520e5f515bb9f86856e356d", "54fdb72b652be3d6213392eb9ec840807b8a82f421a082da0c246dfa96ad9098", "814d4504830a178e61f0df10adc7d3e15cd4610509fdc2595a268aeedefbaf87", "12e4c3392b017e005e05ccd457fd84279eca8d38c5636fc3b2859965b5a8d11a", "0543ecfcaf691518b4643991f71e4647682c14907f382741d28965aa7a724052", "1c03137c6329d7181402d41b4a84f67712bed20e21c183881bf9fdf3b2565d67", "ca25f22e673397c51128044cd756d4b790a909c157cd94196f9ea74adce5ee50", "0eeb2bfc75858d42c261182404d94ac82f2cde375c703de1f926896a8976e889", "7c5f7c66cf5faefe31d62db314c86478ed599a0c422464e0a1ed91641ed9a78c", "b2ef57bcb2fe53d8d313c5d553a91abc6c644d238821a4c0c8e4680284c535b0", "a2f8d6567bd6ecf7349d4285a82b3989120788e928c5d6d503c9b4e0568c4d7e", "84bf368081e3b6bae2975ab373ff9861d081c723ef4ed5f5c0c9bd22c36e62a8", "469bfc07379bd0eb03c7b386fd2e62cad9f0dcd9ba410ef3470a0be2da2a0443"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "sample-launched-copy-of-self", "hashes": ["857b229d5f0ca5e93943702fa0509c4d61fa452dacf80391859049a64a9238cb", "1e5888f40b96662211a73ddb0d76d2af3a492f529520e5f515bb9f86856e356d", "54fdb72b652be3d6213392eb9ec840807b8a82f421a082da0c246dfa96ad9098", "814d4504830a178e61f0df10adc7d3e15cd4610509fdc2595a268aeedefbaf87", "12e4c3392b017e005e05ccd457fd84279eca8d38c5636fc3b2859965b5a8d11a", "0543ecfcaf691518b4643991f71e4647682c14907f382741d28965aa7a724052", "1c03137c6329d7181402d41b4a84f67712bed20e21c183881bf9fdf3b2565d67", "ca25f22e673397c51128044cd756d4b790a909c157cd94196f9ea74adce5ee50", "0eeb2bfc75858d42c261182404d94ac82f2cde375c703de1f926896a8976e889", "7c5f7c66cf5faefe31d62db314c86478ed599a0c422464e0a1ed91641ed9a78c", "b2ef57bcb2fe53d8d313c5d553a91abc6c644d238821a4c0c8e4680284c535b0", "a2f8d6567bd6ecf7349d4285a82b3989120788e928c5d6d503c9b4e0568c4d7e", "84bf368081e3b6bae2975ab373ff9861d081c723ef4ed5f5c0c9bd22c36e62a8", "469bfc07379bd0eb03c7b386fd2e62cad9f0dcd9ba410ef3470a0be2da2a0443"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "artifact-windows-task", "hashes": ["857b229d5f0ca5e93943702fa0509c4d61fa452dacf80391859049a64a9238cb", "1e5888f40b96662211a73ddb0d76d2af3a492f529520e5f515bb9f86856e356d", "54fdb72b652be3d6213392eb9ec840807b8a82f421a082da0c246dfa96ad9098", "814d4504830a178e61f0df10adc7d3e15cd4610509fdc2595a268aeedefbaf87", "12e4c3392b017e005e05ccd457fd84279eca8d38c5636fc3b2859965b5a8d11a", "0543ecfcaf691518b4643991f71e4647682c14907f382741d28965aa7a724052", "1c03137c6329d7181402d41b4a84f67712bed20e21c183881bf9fdf3b2565d67", "ca25f22e673397c51128044cd756d4b790a909c157cd94196f9ea74adce5ee50", "0eeb2bfc75858d42c261182404d94ac82f2cde375c703de1f926896a8976e889", "7c5f7c66cf5faefe31d62db314c86478ed599a0c422464e0a1ed91641ed9a78c", "b2ef57bcb2fe53d8d313c5d553a91abc6c644d238821a4c0c8e4680284c535b0", "a2f8d6567bd6ecf7349d4285a82b3989120788e928c5d6d503c9b4e0568c4d7e", "84bf368081e3b6bae2975ab373ff9861d081c723ef4ed5f5c0c9bd22c36e62a8", "469bfc07379bd0eb03c7b386fd2e62cad9f0dcd9ba410ef3470a0be2da2a0443"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1053"]}, {"bi": "registry-autorun-key-data-dir", "hashes": ["857b229d5f0ca5e93943702fa0509c4d61fa452dacf80391859049a64a9238cb", "1e5888f40b96662211a73ddb0d76d2af3a492f529520e5f515bb9f86856e356d", "54fdb72b652be3d6213392eb9ec840807b8a82f421a082da0c246dfa96ad9098", "814d4504830a178e61f0df10adc7d3e15cd4610509fdc2595a268aeedefbaf87", "12e4c3392b017e005e05ccd457fd84279eca8d38c5636fc3b2859965b5a8d11a", "0543ecfcaf691518b4643991f71e4647682c14907f382741d28965aa7a724052", "1c03137c6329d7181402d41b4a84f67712bed20e21c183881bf9fdf3b2565d67", "ca25f22e673397c51128044cd756d4b790a909c157cd94196f9ea74adce5ee50", "0eeb2bfc75858d42c261182404d94ac82f2cde375c703de1f926896a8976e889", "7c5f7c66cf5faefe31d62db314c86478ed599a0c422464e0a1ed91641ed9a78c", "b2ef57bcb2fe53d8d313c5d553a91abc6c644d238821a4c0c8e4680284c535b0", "a2f8d6567bd6ecf7349d4285a82b3989120788e928c5d6d503c9b4e0568c4d7e", "84bf368081e3b6bae2975ab373ff9861d081c723ef4ed5f5c0c9bd22c36e62a8", "469bfc07379bd0eb03c7b386fd2e62cad9f0dcd9ba410ef3470a0be2da2a0443"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "registry-autorun-key-modified", "hashes": ["857b229d5f0ca5e93943702fa0509c4d61fa452dacf80391859049a64a9238cb", "1e5888f40b96662211a73ddb0d76d2af3a492f529520e5f515bb9f86856e356d", "54fdb72b652be3d6213392eb9ec840807b8a82f421a082da0c246dfa96ad9098", "814d4504830a178e61f0df10adc7d3e15cd4610509fdc2595a268aeedefbaf87", "12e4c3392b017e005e05ccd457fd84279eca8d38c5636fc3b2859965b5a8d11a", "0543ecfcaf691518b4643991f71e4647682c14907f382741d28965aa7a724052", "1c03137c6329d7181402d41b4a84f67712bed20e21c183881bf9fdf3b2565d67", "ca25f22e673397c51128044cd756d4b790a909c157cd94196f9ea74adce5ee50", "0eeb2bfc75858d42c261182404d94ac82f2cde375c703de1f926896a8976e889", "7c5f7c66cf5faefe31d62db314c86478ed599a0c422464e0a1ed91641ed9a78c", "b2ef57bcb2fe53d8d313c5d553a91abc6c644d238821a4c0c8e4680284c535b0", "a2f8d6567bd6ecf7349d4285a82b3989120788e928c5d6d503c9b4e0568c4d7e", "84bf368081e3b6bae2975ab373ff9861d081c723ef4ed5f5c0c9bd22c36e62a8", "469bfc07379bd0eb03c7b386fd2e62cad9f0dcd9ba410ef3470a0be2da2a0443"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "imports-IsDebuggerPresent", "hashes": ["857b229d5f0ca5e93943702fa0509c4d61fa452dacf80391859049a64a9238cb", "1e5888f40b96662211a73ddb0d76d2af3a492f529520e5f515bb9f86856e356d", "54fdb72b652be3d6213392eb9ec840807b8a82f421a082da0c246dfa96ad9098", "814d4504830a178e61f0df10adc7d3e15cd4610509fdc2595a268aeedefbaf87", "12e4c3392b017e005e05ccd457fd84279eca8d38c5636fc3b2859965b5a8d11a", "0543ecfcaf691518b4643991f71e4647682c14907f382741d28965aa7a724052", "1c03137c6329d7181402d41b4a84f67712bed20e21c183881bf9fdf3b2565d67", "ca25f22e673397c51128044cd756d4b790a909c157cd94196f9ea74adce5ee50", "0eeb2bfc75858d42c261182404d94ac82f2cde375c703de1f926896a8976e889", "7c5f7c66cf5faefe31d62db314c86478ed599a0c422464e0a1ed91641ed9a78c", "b2ef57bcb2fe53d8d313c5d553a91abc6c644d238821a4c0c8e4680284c535b0", "a2f8d6567bd6ecf7349d4285a82b3989120788e928c5d6d503c9b4e0568c4d7e", "84bf368081e3b6bae2975ab373ff9861d081c723ef4ed5f5c0c9bd22c36e62a8", "469bfc07379bd0eb03c7b386fd2e62cad9f0dcd9ba410ef3470a0be2da2a0443"], "mitre_attack_tags": []}, {"bi": "process-hollowing-detected", "hashes": ["857b229d5f0ca5e93943702fa0509c4d61fa452dacf80391859049a64a9238cb", "1e5888f40b96662211a73ddb0d76d2af3a492f529520e5f515bb9f86856e356d", "54fdb72b652be3d6213392eb9ec840807b8a82f421a082da0c246dfa96ad9098", "814d4504830a178e61f0df10adc7d3e15cd4610509fdc2595a268aeedefbaf87", "12e4c3392b017e005e05ccd457fd84279eca8d38c5636fc3b2859965b5a8d11a", "0543ecfcaf691518b4643991f71e4647682c14907f382741d28965aa7a724052", "1c03137c6329d7181402d41b4a84f67712bed20e21c183881bf9fdf3b2565d67", "ca25f22e673397c51128044cd756d4b790a909c157cd94196f9ea74adce5ee50", "0eeb2bfc75858d42c261182404d94ac82f2cde375c703de1f926896a8976e889", "7c5f7c66cf5faefe31d62db314c86478ed599a0c422464e0a1ed91641ed9a78c", "b2ef57bcb2fe53d8d313c5d553a91abc6c644d238821a4c0c8e4680284c535b0", "a2f8d6567bd6ecf7349d4285a82b3989120788e928c5d6d503c9b4e0568c4d7e", "84bf368081e3b6bae2975ab373ff9861d081c723ef4ed5f5c0c9bd22c36e62a8", "469bfc07379bd0eb03c7b386fd2e62cad9f0dcd9ba410ef3470a0be2da2a0443"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "pe-imports-toolhelp", "hashes": ["857b229d5f0ca5e93943702fa0509c4d61fa452dacf80391859049a64a9238cb", "1e5888f40b96662211a73ddb0d76d2af3a492f529520e5f515bb9f86856e356d", "54fdb72b652be3d6213392eb9ec840807b8a82f421a082da0c246dfa96ad9098", "814d4504830a178e61f0df10adc7d3e15cd4610509fdc2595a268aeedefbaf87", "12e4c3392b017e005e05ccd457fd84279eca8d38c5636fc3b2859965b5a8d11a", "0543ecfcaf691518b4643991f71e4647682c14907f382741d28965aa7a724052", "1c03137c6329d7181402d41b4a84f67712bed20e21c183881bf9fdf3b2565d67", "ca25f22e673397c51128044cd756d4b790a909c157cd94196f9ea74adce5ee50", "0eeb2bfc75858d42c261182404d94ac82f2cde375c703de1f926896a8976e889", "7c5f7c66cf5faefe31d62db314c86478ed599a0c422464e0a1ed91641ed9a78c", "b2ef57bcb2fe53d8d313c5d553a91abc6c644d238821a4c0c8e4680284c535b0", "a2f8d6567bd6ecf7349d4285a82b3989120788e928c5d6d503c9b4e0568c4d7e", "84bf368081e3b6bae2975ab373ff9861d081c723ef4ed5f5c0c9bd22c36e62a8", "469bfc07379bd0eb03c7b386fd2e62cad9f0dcd9ba410ef3470a0be2da2a0443"], "mitre_attack_tags": ["TA0007", "T1057"]}, {"bi": "malware-trojan-tinybanker", "hashes": ["857b229d5f0ca5e93943702fa0509c4d61fa452dacf80391859049a64a9238cb", "1e5888f40b96662211a73ddb0d76d2af3a492f529520e5f515bb9f86856e356d", "54fdb72b652be3d6213392eb9ec840807b8a82f421a082da0c246dfa96ad9098", "814d4504830a178e61f0df10adc7d3e15cd4610509fdc2595a268aeedefbaf87", "12e4c3392b017e005e05ccd457fd84279eca8d38c5636fc3b2859965b5a8d11a", "0543ecfcaf691518b4643991f71e4647682c14907f382741d28965aa7a724052", "1c03137c6329d7181402d41b4a84f67712bed20e21c183881bf9fdf3b2565d67", "ca25f22e673397c51128044cd756d4b790a909c157cd94196f9ea74adce5ee50", "0eeb2bfc75858d42c261182404d94ac82f2cde375c703de1f926896a8976e889", "7c5f7c66cf5faefe31d62db314c86478ed599a0c422464e0a1ed91641ed9a78c", "b2ef57bcb2fe53d8d313c5d553a91abc6c644d238821a4c0c8e4680284c535b0", "a2f8d6567bd6ecf7349d4285a82b3989120788e928c5d6d503c9b4e0568c4d7e", "84bf368081e3b6bae2975ab373ff9861d081c723ef4ed5f5c0c9bd22c36e62a8", "469bfc07379bd0eb03c7b386fd2e62cad9f0dcd9ba410ef3470a0be2da2a0443"], "mitre_attack_tags": []}, {"bi": "windows-os-reboot-detected", "hashes": ["857b229d5f0ca5e93943702fa0509c4d61fa452dacf80391859049a64a9238cb", "1e5888f40b96662211a73ddb0d76d2af3a492f529520e5f515bb9f86856e356d", "54fdb72b652be3d6213392eb9ec840807b8a82f421a082da0c246dfa96ad9098", "814d4504830a178e61f0df10adc7d3e15cd4610509fdc2595a268aeedefbaf87", "12e4c3392b017e005e05ccd457fd84279eca8d38c5636fc3b2859965b5a8d11a", "0543ecfcaf691518b4643991f71e4647682c14907f382741d28965aa7a724052", "1c03137c6329d7181402d41b4a84f67712bed20e21c183881bf9fdf3b2565d67", "ca25f22e673397c51128044cd756d4b790a909c157cd94196f9ea74adce5ee50", "0eeb2bfc75858d42c261182404d94ac82f2cde375c703de1f926896a8976e889", "7c5f7c66cf5faefe31d62db314c86478ed599a0c422464e0a1ed91641ed9a78c", "b2ef57bcb2fe53d8d313c5d553a91abc6c644d238821a4c0c8e4680284c535b0", "a2f8d6567bd6ecf7349d4285a82b3989120788e928c5d6d503c9b4e0568c4d7e", "84bf368081e3b6bae2975ab373ff9861d081c723ef4ed5f5c0c9bd22c36e62a8", "469bfc07379bd0eb03c7b386fd2e62cad9f0dcd9ba410ef3470a0be2da2a0443"], "mitre_attack_tags": ["TA0040"]}, {"bi": "pe-resource-lang-spanish", "hashes": ["857b229d5f0ca5e93943702fa0509c4d61fa452dacf80391859049a64a9238cb", "1e5888f40b96662211a73ddb0d76d2af3a492f529520e5f515bb9f86856e356d", "54fdb72b652be3d6213392eb9ec840807b8a82f421a082da0c246dfa96ad9098", "814d4504830a178e61f0df10adc7d3e15cd4610509fdc2595a268aeedefbaf87", "12e4c3392b017e005e05ccd457fd84279eca8d38c5636fc3b2859965b5a8d11a", "0543ecfcaf691518b4643991f71e4647682c14907f382741d28965aa7a724052", "1c03137c6329d7181402d41b4a84f67712bed20e21c183881bf9fdf3b2565d67", "ca25f22e673397c51128044cd756d4b790a909c157cd94196f9ea74adce5ee50", "0eeb2bfc75858d42c261182404d94ac82f2cde375c703de1f926896a8976e889", "7c5f7c66cf5faefe31d62db314c86478ed599a0c422464e0a1ed91641ed9a78c", "b2ef57bcb2fe53d8d313c5d553a91abc6c644d238821a4c0c8e4680284c535b0", "a2f8d6567bd6ecf7349d4285a82b3989120788e928c5d6d503c9b4e0568c4d7e", "84bf368081e3b6bae2975ab373ff9861d081c723ef4ed5f5c0c9bd22c36e62a8", "469bfc07379bd0eb03c7b386fd2e62cad9f0dcd9ba410ef3470a0be2da2a0443"], "mitre_attack_tags": []}, {"bi": "malware-trojan-tinybanker-mutex-detected", "hashes": ["857b229d5f0ca5e93943702fa0509c4d61fa452dacf80391859049a64a9238cb", "1e5888f40b96662211a73ddb0d76d2af3a492f529520e5f515bb9f86856e356d", "54fdb72b652be3d6213392eb9ec840807b8a82f421a082da0c246dfa96ad9098", "814d4504830a178e61f0df10adc7d3e15cd4610509fdc2595a268aeedefbaf87", "12e4c3392b017e005e05ccd457fd84279eca8d38c5636fc3b2859965b5a8d11a", "0543ecfcaf691518b4643991f71e4647682c14907f382741d28965aa7a724052", "1c03137c6329d7181402d41b4a84f67712bed20e21c183881bf9fdf3b2565d67", "ca25f22e673397c51128044cd756d4b790a909c157cd94196f9ea74adce5ee50", "0eeb2bfc75858d42c261182404d94ac82f2cde375c703de1f926896a8976e889", "7c5f7c66cf5faefe31d62db314c86478ed599a0c422464e0a1ed91641ed9a78c", "b2ef57bcb2fe53d8d313c5d553a91abc6c644d238821a4c0c8e4680284c535b0", "a2f8d6567bd6ecf7349d4285a82b3989120788e928c5d6d503c9b4e0568c4d7e", "84bf368081e3b6bae2975ab373ff9861d081c723ef4ed5f5c0c9bd22c36e62a8", "469bfc07379bd0eb03c7b386fd2e62cad9f0dcd9ba410ef3470a0be2da2a0443"], "mitre_attack_tags": []}], "category": "Dropper", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": false, "Threat Grid": true, "Umbrella": true, "WSA": true}, "description": "TinyBanker, also known as Zusy or Tinba, is a trojan that uses man-in-the-middle attacks to steal banking information. When executed, it injects itself into legitimate Windows processes such as \"explorer.exe\" and \"winver.exe.\" When the user accesses a banking website, it displays a form to trick the user into submitting personal information.", "hashes": ["0543ecfcaf691518b4643991f71e4647682c14907f382741d28965aa7a724052", "08d69180ae2b0846ed6acf716015c4e68973b5ed7f4d86f8e37f63b079a31ebf", "0eeb2bfc75858d42c261182404d94ac82f2cde375c703de1f926896a8976e889", "12e4c3392b017e005e05ccd457fd84279eca8d38c5636fc3b2859965b5a8d11a", "1c03137c6329d7181402d41b4a84f67712bed20e21c183881bf9fdf3b2565d67", "1e5888f40b96662211a73ddb0d76d2af3a492f529520e5f515bb9f86856e356d", "33ac75376b9094b89d45837c9d2f7f082c40257a615fa4cc6464b42b5b545e72", "469bfc07379bd0eb03c7b386fd2e62cad9f0dcd9ba410ef3470a0be2da2a0443", "54fdb72b652be3d6213392eb9ec840807b8a82f421a082da0c246dfa96ad9098", "552ad96447571f7f15a6c6dc14cf8e60dac95b1dbaa7821effe6f3f1566d4b64", "55a0634f58a29f17eac346c7f8bf1dd36d2e91d314ac802a80cabab0db8638a3", "7924c666af0b6368fe5dcb415d0ae077c6abecc929b06379a142bf39c9176b63", "7c5f7c66cf5faefe31d62db314c86478ed599a0c422464e0a1ed91641ed9a78c", "814d4504830a178e61f0df10adc7d3e15cd4610509fdc2595a268aeedefbaf87", "84bf368081e3b6bae2975ab373ff9861d081c723ef4ed5f5c0c9bd22c36e62a8", "857b229d5f0ca5e93943702fa0509c4d61fa452dacf80391859049a64a9238cb", "8a938abae32729d75f9040075069718b8066515c8c7689730e71abdc4f3d859e", "8e6e4a3e3aeae38ccad55a52279a6dc5207a3a177d9be523bd8381d5e9ea4875", "a03495e6b421438baf31b99f6af4a3148959f07ba41d91e91fda8b933905d6b1", "a2f8d6567bd6ecf7349d4285a82b3989120788e928c5d6d503c9b4e0568c4d7e", "b2ef57bcb2fe53d8d313c5d553a91abc6c644d238821a4c0c8e4680284c535b0", "b345a067c7df7a88618b2cc6fbddf8b3bb47e71e86dcad487467e320e6dd45d0", "c54c911572bec5aad2848cc12a8955b9e0e3e83aee5e8b1ab2642330cd834d05", "ca25f22e673397c51128044cd756d4b790a909c157cd94196f9ea74adce5ee50", "d8dc17f32fe8de8de5aff7bcbc5ece1f941f9335318971abd8a970d308e54071", "eef92c051da174581431b8d3f6b26b62f8acebaf389a4378ecb2b1dd2ebc43d4", "f462157f805f1f63a5dcea8a687bdd6f4e47921c5b37737c0df5c81a2e6035e0", "f49d19da90acfef69ef3b92cf6858ac5db29257d984b40bc4e732eafe006b086"], "iocs": {"domain": [{"hashes": ["0543ecfcaf691518b4643991f71e4647682c14907f382741d28965aa7a724052", "1c03137c6329d7181402d41b4a84f67712bed20e21c183881bf9fdf3b2565d67", "1e5888f40b96662211a73ddb0d76d2af3a492f529520e5f515bb9f86856e356d", "469bfc07379bd0eb03c7b386fd2e62cad9f0dcd9ba410ef3470a0be2da2a0443", "552ad96447571f7f15a6c6dc14cf8e60dac95b1dbaa7821effe6f3f1566d4b64", "8e6e4a3e3aeae38ccad55a52279a6dc5207a3a177d9be523bd8381d5e9ea4875", "a03495e6b421438baf31b99f6af4a3148959f07ba41d91e91fda8b933905d6b1", "b2ef57bcb2fe53d8d313c5d553a91abc6c644d238821a4c0c8e4680284c535b0", "c54c911572bec5aad2848cc12a8955b9e0e3e83aee5e8b1ab2642330cd834d05", "d8dc17f32fe8de8de5aff7bcbc5ece1f941f9335318971abd8a970d308e54071"], "host": "ggvruxovlbrm[.]com"}, {"hashes": ["469bfc07379bd0eb03c7b386fd2e62cad9f0dcd9ba410ef3470a0be2da2a0443"], "host": "qvvksmeemfgd[.]com"}], "file": [{"hashes": ["0543ecfcaf691518b4643991f71e4647682c14907f382741d28965aa7a724052", "0eeb2bfc75858d42c261182404d94ac82f2cde375c703de1f926896a8976e889", "12e4c3392b017e005e05ccd457fd84279eca8d38c5636fc3b2859965b5a8d11a", "1c03137c6329d7181402d41b4a84f67712bed20e21c183881bf9fdf3b2565d67", "1e5888f40b96662211a73ddb0d76d2af3a492f529520e5f515bb9f86856e356d", "469bfc07379bd0eb03c7b386fd2e62cad9f0dcd9ba410ef3470a0be2da2a0443", "54fdb72b652be3d6213392eb9ec840807b8a82f421a082da0c246dfa96ad9098", "7c5f7c66cf5faefe31d62db314c86478ed599a0c422464e0a1ed91641ed9a78c", "814d4504830a178e61f0df10adc7d3e15cd4610509fdc2595a268aeedefbaf87", "84bf368081e3b6bae2975ab373ff9861d081c723ef4ed5f5c0c9bd22c36e62a8", "857b229d5f0ca5e93943702fa0509c4d61fa452dacf80391859049a64a9238cb", "a2f8d6567bd6ecf7349d4285a82b3989120788e928c5d6d503c9b4e0568c4d7e", "b2ef57bcb2fe53d8d313c5d553a91abc6c644d238821a4c0c8e4680284c535b0", "ca25f22e673397c51128044cd756d4b790a909c157cd94196f9ea74adce5ee50"], "path": "%HOMEPATH%\\AppData\\LocalLow\\F5DBF765"}, {"hashes": ["0543ecfcaf691518b4643991f71e4647682c14907f382741d28965aa7a724052", "0eeb2bfc75858d42c261182404d94ac82f2cde375c703de1f926896a8976e889", "12e4c3392b017e005e05ccd457fd84279eca8d38c5636fc3b2859965b5a8d11a", "1c03137c6329d7181402d41b4a84f67712bed20e21c183881bf9fdf3b2565d67", "1e5888f40b96662211a73ddb0d76d2af3a492f529520e5f515bb9f86856e356d", "469bfc07379bd0eb03c7b386fd2e62cad9f0dcd9ba410ef3470a0be2da2a0443", "54fdb72b652be3d6213392eb9ec840807b8a82f421a082da0c246dfa96ad9098", "7c5f7c66cf5faefe31d62db314c86478ed599a0c422464e0a1ed91641ed9a78c", "814d4504830a178e61f0df10adc7d3e15cd4610509fdc2595a268aeedefbaf87", "84bf368081e3b6bae2975ab373ff9861d081c723ef4ed5f5c0c9bd22c36e62a8", "857b229d5f0ca5e93943702fa0509c4d61fa452dacf80391859049a64a9238cb", "a2f8d6567bd6ecf7349d4285a82b3989120788e928c5d6d503c9b4e0568c4d7e", "b2ef57bcb2fe53d8d313c5d553a91abc6c644d238821a4c0c8e4680284c535b0", "ca25f22e673397c51128044cd756d4b790a909c157cd94196f9ea74adce5ee50"], "path": "%APPDATA%\\F5DBF765"}, {"hashes": ["0543ecfcaf691518b4643991f71e4647682c14907f382741d28965aa7a724052", "0eeb2bfc75858d42c261182404d94ac82f2cde375c703de1f926896a8976e889", "12e4c3392b017e005e05ccd457fd84279eca8d38c5636fc3b2859965b5a8d11a", "1c03137c6329d7181402d41b4a84f67712bed20e21c183881bf9fdf3b2565d67", "1e5888f40b96662211a73ddb0d76d2af3a492f529520e5f515bb9f86856e356d", "469bfc07379bd0eb03c7b386fd2e62cad9f0dcd9ba410ef3470a0be2da2a0443", "54fdb72b652be3d6213392eb9ec840807b8a82f421a082da0c246dfa96ad9098", "7c5f7c66cf5faefe31d62db314c86478ed599a0c422464e0a1ed91641ed9a78c", "814d4504830a178e61f0df10adc7d3e15cd4610509fdc2595a268aeedefbaf87", "84bf368081e3b6bae2975ab373ff9861d081c723ef4ed5f5c0c9bd22c36e62a8", "857b229d5f0ca5e93943702fa0509c4d61fa452dacf80391859049a64a9238cb", "a2f8d6567bd6ecf7349d4285a82b3989120788e928c5d6d503c9b4e0568c4d7e", "b2ef57bcb2fe53d8d313c5d553a91abc6c644d238821a4c0c8e4680284c535b0", "ca25f22e673397c51128044cd756d4b790a909c157cd94196f9ea74adce5ee50"], "path": "%APPDATA%\\F5DBF765\\bin.exe"}, {"hashes": ["0543ecfcaf691518b4643991f71e4647682c14907f382741d28965aa7a724052"], "path": "%APPDATA%\\0F891552\\bin.exe"}, {"hashes": ["08d69180ae2b0846ed6acf716015c4e68973b5ed7f4d86f8e37f63b079a31ebf"], "path": "%APPDATA%\\612048E2\\bin.exe"}, {"hashes": ["12e4c3392b017e005e05ccd457fd84279eca8d38c5636fc3b2859965b5a8d11a"], "path": "%APPDATA%\\6E284C28\\bin.exe"}, {"hashes": ["0eeb2bfc75858d42c261182404d94ac82f2cde375c703de1f926896a8976e889"], "path": "%APPDATA%\\407F9FC5\\bin.exe"}, {"hashes": ["1c03137c6329d7181402d41b4a84f67712bed20e21c183881bf9fdf3b2565d67"], "path": "%APPDATA%\\18DE0691\\bin.exe"}, {"hashes": ["1e5888f40b96662211a73ddb0d76d2af3a492f529520e5f515bb9f86856e356d"], "path": "%APPDATA%\\4CF78C75\\bin.exe"}, {"hashes": ["33ac75376b9094b89d45837c9d2f7f082c40257a615fa4cc6464b42b5b545e72"], "path": "%APPDATA%\\660E86CC\\bin.exe"}, {"hashes": ["469bfc07379bd0eb03c7b386fd2e62cad9f0dcd9ba410ef3470a0be2da2a0443"], "path": "%APPDATA%\\50ABF68A\\bin.exe"}, {"hashes": ["552ad96447571f7f15a6c6dc14cf8e60dac95b1dbaa7821effe6f3f1566d4b64"], "path": "%APPDATA%\\56B4E95D\\bin.exe"}, {"hashes": ["54fdb72b652be3d6213392eb9ec840807b8a82f421a082da0c246dfa96ad9098"], "path": "%APPDATA%\\6649AC7E\\bin.exe"}, {"hashes": ["8e6e4a3e3aeae38ccad55a52279a6dc5207a3a177d9be523bd8381d5e9ea4875"], "path": "%APPDATA%\\7A59218D\\bin.exe"}, {"hashes": ["a03495e6b421438baf31b99f6af4a3148959f07ba41d91e91fda8b933905d6b1"], "path": "%APPDATA%\\038C94DE\\bin.exe"}, {"hashes": ["a2f8d6567bd6ecf7349d4285a82b3989120788e928c5d6d503c9b4e0568c4d7e"], "path": "%APPDATA%\\36FFAEA1\\bin.exe"}, {"hashes": ["b2ef57bcb2fe53d8d313c5d553a91abc6c644d238821a4c0c8e4680284c535b0"], "path": "%APPDATA%\\28A99454\\bin.exe"}, {"hashes": ["ca25f22e673397c51128044cd756d4b790a909c157cd94196f9ea74adce5ee50"], "path": "%APPDATA%\\5342F042\\bin.exe"}, {"hashes": ["c54c911572bec5aad2848cc12a8955b9e0e3e83aee5e8b1ab2642330cd834d05"], "path": "%APPDATA%\\33B128F0\\bin.exe"}, {"hashes": ["b345a067c7df7a88618b2cc6fbddf8b3bb47e71e86dcad487467e320e6dd45d0"], "path": "%APPDATA%\\2A150C9C\\bin.exe"}, {"hashes": ["d8dc17f32fe8de8de5aff7bcbc5ece1f941f9335318971abd8a970d308e54071"], "path": "%APPDATA%\\72FECBFF\\bin.exe"}], "ip": [{"hashes": ["0543ecfcaf691518b4643991f71e4647682c14907f382741d28965aa7a724052", "08d69180ae2b0846ed6acf716015c4e68973b5ed7f4d86f8e37f63b079a31ebf", "1c03137c6329d7181402d41b4a84f67712bed20e21c183881bf9fdf3b2565d67", "1e5888f40b96662211a73ddb0d76d2af3a492f529520e5f515bb9f86856e356d", "469bfc07379bd0eb03c7b386fd2e62cad9f0dcd9ba410ef3470a0be2da2a0443", "552ad96447571f7f15a6c6dc14cf8e60dac95b1dbaa7821effe6f3f1566d4b64", "8e6e4a3e3aeae38ccad55a52279a6dc5207a3a177d9be523bd8381d5e9ea4875", "a03495e6b421438baf31b99f6af4a3148959f07ba41d91e91fda8b933905d6b1", "a2f8d6567bd6ecf7349d4285a82b3989120788e928c5d6d503c9b4e0568c4d7e", "b2ef57bcb2fe53d8d313c5d553a91abc6c644d238821a4c0c8e4680284c535b0", "b345a067c7df7a88618b2cc6fbddf8b3bb47e71e86dcad487467e320e6dd45d0", "c54c911572bec5aad2848cc12a8955b9e0e3e83aee5e8b1ab2642330cd834d05", "d8dc17f32fe8de8de5aff7bcbc5ece1f941f9335318971abd8a970d308e54071"], "ip": "216[.]218[.]185[.]162"}], "mutex": [{"hashes": ["0543ecfcaf691518b4643991f71e4647682c14907f382741d28965aa7a724052", "08d69180ae2b0846ed6acf716015c4e68973b5ed7f4d86f8e37f63b079a31ebf", "0eeb2bfc75858d42c261182404d94ac82f2cde375c703de1f926896a8976e889", "12e4c3392b017e005e05ccd457fd84279eca8d38c5636fc3b2859965b5a8d11a", "1c03137c6329d7181402d41b4a84f67712bed20e21c183881bf9fdf3b2565d67", "1e5888f40b96662211a73ddb0d76d2af3a492f529520e5f515bb9f86856e356d", "33ac75376b9094b89d45837c9d2f7f082c40257a615fa4cc6464b42b5b545e72", "469bfc07379bd0eb03c7b386fd2e62cad9f0dcd9ba410ef3470a0be2da2a0443", "54fdb72b652be3d6213392eb9ec840807b8a82f421a082da0c246dfa96ad9098", "552ad96447571f7f15a6c6dc14cf8e60dac95b1dbaa7821effe6f3f1566d4b64", "8e6e4a3e3aeae38ccad55a52279a6dc5207a3a177d9be523bd8381d5e9ea4875", "a03495e6b421438baf31b99f6af4a3148959f07ba41d91e91fda8b933905d6b1", "a2f8d6567bd6ecf7349d4285a82b3989120788e928c5d6d503c9b4e0568c4d7e", "b2ef57bcb2fe53d8d313c5d553a91abc6c644d238821a4c0c8e4680284c535b0", "b345a067c7df7a88618b2cc6fbddf8b3bb47e71e86dcad487467e320e6dd45d0", "c54c911572bec5aad2848cc12a8955b9e0e3e83aee5e8b1ab2642330cd834d05", "ca25f22e673397c51128044cd756d4b790a909c157cd94196f9ea74adce5ee50", "d8dc17f32fe8de8de5aff7bcbc5ece1f941f9335318971abd8a970d308e54071"], "name": "<random, matching [a-zA-Z0-9]{5,9}>"}, {"hashes": ["0543ecfcaf691518b4643991f71e4647682c14907f382741d28965aa7a724052", "0eeb2bfc75858d42c261182404d94ac82f2cde375c703de1f926896a8976e889", "12e4c3392b017e005e05ccd457fd84279eca8d38c5636fc3b2859965b5a8d11a", "1c03137c6329d7181402d41b4a84f67712bed20e21c183881bf9fdf3b2565d67", "1e5888f40b96662211a73ddb0d76d2af3a492f529520e5f515bb9f86856e356d", "469bfc07379bd0eb03c7b386fd2e62cad9f0dcd9ba410ef3470a0be2da2a0443", "54fdb72b652be3d6213392eb9ec840807b8a82f421a082da0c246dfa96ad9098", "7c5f7c66cf5faefe31d62db314c86478ed599a0c422464e0a1ed91641ed9a78c", "814d4504830a178e61f0df10adc7d3e15cd4610509fdc2595a268aeedefbaf87", "84bf368081e3b6bae2975ab373ff9861d081c723ef4ed5f5c0c9bd22c36e62a8", "857b229d5f0ca5e93943702fa0509c4d61fa452dacf80391859049a64a9238cb", "a2f8d6567bd6ecf7349d4285a82b3989120788e928c5d6d503c9b4e0568c4d7e", "b2ef57bcb2fe53d8d313c5d553a91abc6c644d238821a4c0c8e4680284c535b0", "ca25f22e673397c51128044cd756d4b790a909c157cd94196f9ea74adce5ee50"], "name": "F5DBF765"}], "registry": [{"hashes": ["0543ecfcaf691518b4643991f71e4647682c14907f382741d28965aa7a724052", "0eeb2bfc75858d42c261182404d94ac82f2cde375c703de1f926896a8976e889", "12e4c3392b017e005e05ccd457fd84279eca8d38c5636fc3b2859965b5a8d11a", "1c03137c6329d7181402d41b4a84f67712bed20e21c183881bf9fdf3b2565d67", "1e5888f40b96662211a73ddb0d76d2af3a492f529520e5f515bb9f86856e356d", "469bfc07379bd0eb03c7b386fd2e62cad9f0dcd9ba410ef3470a0be2da2a0443", "54fdb72b652be3d6213392eb9ec840807b8a82f421a082da0c246dfa96ad9098", "7c5f7c66cf5faefe31d62db314c86478ed599a0c422464e0a1ed91641ed9a78c", "814d4504830a178e61f0df10adc7d3e15cd4610509fdc2595a268aeedefbaf87", "84bf368081e3b6bae2975ab373ff9861d081c723ef4ed5f5c0c9bd22c36e62a8", "857b229d5f0ca5e93943702fa0509c4d61fa452dacf80391859049a64a9238cb", "a2f8d6567bd6ecf7349d4285a82b3989120788e928c5d6d503c9b4e0568c4d7e", "b2ef57bcb2fe53d8d313c5d553a91abc6c644d238821a4c0c8e4680284c535b0", "ca25f22e673397c51128044cd756d4b790a909c157cd94196f9ea74adce5ee50"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "F5DBF765"}, {"hashes": ["0543ecfcaf691518b4643991f71e4647682c14907f382741d28965aa7a724052", "0eeb2bfc75858d42c261182404d94ac82f2cde375c703de1f926896a8976e889", "12e4c3392b017e005e05ccd457fd84279eca8d38c5636fc3b2859965b5a8d11a", "1c03137c6329d7181402d41b4a84f67712bed20e21c183881bf9fdf3b2565d67", "1e5888f40b96662211a73ddb0d76d2af3a492f529520e5f515bb9f86856e356d", "469bfc07379bd0eb03c7b386fd2e62cad9f0dcd9ba410ef3470a0be2da2a0443", "54fdb72b652be3d6213392eb9ec840807b8a82f421a082da0c246dfa96ad9098", "7c5f7c66cf5faefe31d62db314c86478ed599a0c422464e0a1ed91641ed9a78c", "814d4504830a178e61f0df10adc7d3e15cd4610509fdc2595a268aeedefbaf87", "84bf368081e3b6bae2975ab373ff9861d081c723ef4ed5f5c0c9bd22c36e62a8", "857b229d5f0ca5e93943702fa0509c4d61fa452dacf80391859049a64a9238cb", "a2f8d6567bd6ecf7349d4285a82b3989120788e928c5d6d503c9b4e0568c4d7e", "b2ef57bcb2fe53d8d313c5d553a91abc6c644d238821a4c0c8e4680284c535b0", "ca25f22e673397c51128044cd756d4b790a909c157cd94196f9ea74adce5ee50"], "key": "<HKCU>\\SOFTWARE\\LOCAL APPWIZARD-GENERATED APPLICATIONS", "value_name": null}, {"hashes": ["0543ecfcaf691518b4643991f71e4647682c14907f382741d28965aa7a724052", "0eeb2bfc75858d42c261182404d94ac82f2cde375c703de1f926896a8976e889", "12e4c3392b017e005e05ccd457fd84279eca8d38c5636fc3b2859965b5a8d11a", "1c03137c6329d7181402d41b4a84f67712bed20e21c183881bf9fdf3b2565d67", "1e5888f40b96662211a73ddb0d76d2af3a492f529520e5f515bb9f86856e356d", "469bfc07379bd0eb03c7b386fd2e62cad9f0dcd9ba410ef3470a0be2da2a0443", "54fdb72b652be3d6213392eb9ec840807b8a82f421a082da0c246dfa96ad9098", "7c5f7c66cf5faefe31d62db314c86478ed599a0c422464e0a1ed91641ed9a78c", "814d4504830a178e61f0df10adc7d3e15cd4610509fdc2595a268aeedefbaf87", "84bf368081e3b6bae2975ab373ff9861d081c723ef4ed5f5c0c9bd22c36e62a8", "857b229d5f0ca5e93943702fa0509c4d61fa452dacf80391859049a64a9238cb", "a2f8d6567bd6ecf7349d4285a82b3989120788e928c5d6d503c9b4e0568c4d7e", "b2ef57bcb2fe53d8d313c5d553a91abc6c644d238821a4c0c8e4680284c535b0", "ca25f22e673397c51128044cd756d4b790a909c157cd94196f9ea74adce5ee50"], "key": "<HKCU>\\SOFTWARE\\LOCAL APPWIZARD-GENERATED APPLICATIONS\\SKATING", "value_name": null}, {"hashes": ["0543ecfcaf691518b4643991f71e4647682c14907f382741d28965aa7a724052", "0eeb2bfc75858d42c261182404d94ac82f2cde375c703de1f926896a8976e889", "12e4c3392b017e005e05ccd457fd84279eca8d38c5636fc3b2859965b5a8d11a", "1c03137c6329d7181402d41b4a84f67712bed20e21c183881bf9fdf3b2565d67", "1e5888f40b96662211a73ddb0d76d2af3a492f529520e5f515bb9f86856e356d", "469bfc07379bd0eb03c7b386fd2e62cad9f0dcd9ba410ef3470a0be2da2a0443", "54fdb72b652be3d6213392eb9ec840807b8a82f421a082da0c246dfa96ad9098", "7c5f7c66cf5faefe31d62db314c86478ed599a0c422464e0a1ed91641ed9a78c", "814d4504830a178e61f0df10adc7d3e15cd4610509fdc2595a268aeedefbaf87", "84bf368081e3b6bae2975ab373ff9861d081c723ef4ed5f5c0c9bd22c36e62a8", "857b229d5f0ca5e93943702fa0509c4d61fa452dacf80391859049a64a9238cb", "a2f8d6567bd6ecf7349d4285a82b3989120788e928c5d6d503c9b4e0568c4d7e", "b2ef57bcb2fe53d8d313c5d553a91abc6c644d238821a4c0c8e4680284c535b0", "ca25f22e673397c51128044cd756d4b790a909c157cd94196f9ea74adce5ee50"], "key": "<HKCU>\\SOFTWARE\\LOCAL APPWIZARD-GENERATED APPLICATIONS\\SKATING\\RECENT FILE LIST", "value_name": null}, {"hashes": ["0543ecfcaf691518b4643991f71e4647682c14907f382741d28965aa7a724052", "0eeb2bfc75858d42c261182404d94ac82f2cde375c703de1f926896a8976e889", "12e4c3392b017e005e05ccd457fd84279eca8d38c5636fc3b2859965b5a8d11a", "1c03137c6329d7181402d41b4a84f67712bed20e21c183881bf9fdf3b2565d67", "1e5888f40b96662211a73ddb0d76d2af3a492f529520e5f515bb9f86856e356d", "469bfc07379bd0eb03c7b386fd2e62cad9f0dcd9ba410ef3470a0be2da2a0443", "54fdb72b652be3d6213392eb9ec840807b8a82f421a082da0c246dfa96ad9098", "7c5f7c66cf5faefe31d62db314c86478ed599a0c422464e0a1ed91641ed9a78c", "814d4504830a178e61f0df10adc7d3e15cd4610509fdc2595a268aeedefbaf87", "84bf368081e3b6bae2975ab373ff9861d081c723ef4ed5f5c0c9bd22c36e62a8", "857b229d5f0ca5e93943702fa0509c4d61fa452dacf80391859049a64a9238cb", "a2f8d6567bd6ecf7349d4285a82b3989120788e928c5d6d503c9b4e0568c4d7e", "b2ef57bcb2fe53d8d313c5d553a91abc6c644d238821a4c0c8e4680284c535b0", "ca25f22e673397c51128044cd756d4b790a909c157cd94196f9ea74adce5ee50"], "key": "<HKCU>\\SOFTWARE\\LOCAL APPWIZARD-GENERATED APPLICATIONS\\SKATING\\SETTINGS", "value_name": null}]}, "reports_count": 25}, "Win.Malware.DarkComet-9805462-1": {"bis": [{"bi": "memory-execute-readwrite", "hashes": ["96aa8617ac0db2fee0dd0020dbff45bce8991aa29b17976d3a33babd841adda6", "165c6c102d6c211f2416baf833ab1ff4313ad889da8acfb05b31c3c8e7493faf", "45aefcd50e62d9d5a9535d9d99f78a5c6725fd7ffcd378ef181d3dbbf2a115a5", "0202b64e4d4e2b7395500931211d17713e0ca789e924268c3ba1fb78bc782e9c", "7cba819f12c4d1632bd48102fe794c2a1e0baaeb12578bceede3c5a1748d9a6c", "173634dffb28185829c508979581f0826927b3dfd1e941f7fb04daae6d92eef1", "22580d73bc80bd4402be750f3cc9f2734069b242eccf261c4fd3f3c9b72b7edd", "48ec17ec1d23ecc75f1fae90efd2e662a42603c1eeef91fc3249e82e2641f3ba", "41d1825942bb8fa90f8a9dd69e52978851884254e9379990b0b71d853809ef23", "d15464707baa16c0ba03b6bd6a245b03b54133df4b5fc9fb697c75ea3f677b51", "5d88210378d3099dfed060e03a7c02d60a333ed31493624392f60aa66b0b7715", "f8287b945e0b4e22ff754e37278dcc95bb29c38b77294a7bfcd0f44a20f1e9c3", "b0c3b434f0bb6331164e1f45006d334eef1f7ed06c95d6b4604dde3571e43518", "f82f5652d0a825a04313512c84f7f806f15d7c375ec3169e7384ed6ff60af1a5", "d8fe14a2801a429b90cb9027bd8437e5802d4db8d560957aa277d1ee02608685"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["96aa8617ac0db2fee0dd0020dbff45bce8991aa29b17976d3a33babd841adda6", "165c6c102d6c211f2416baf833ab1ff4313ad889da8acfb05b31c3c8e7493faf", "45aefcd50e62d9d5a9535d9d99f78a5c6725fd7ffcd378ef181d3dbbf2a115a5", "0202b64e4d4e2b7395500931211d17713e0ca789e924268c3ba1fb78bc782e9c", "7cba819f12c4d1632bd48102fe794c2a1e0baaeb12578bceede3c5a1748d9a6c", "173634dffb28185829c508979581f0826927b3dfd1e941f7fb04daae6d92eef1", "22580d73bc80bd4402be750f3cc9f2734069b242eccf261c4fd3f3c9b72b7edd", "48ec17ec1d23ecc75f1fae90efd2e662a42603c1eeef91fc3249e82e2641f3ba", "41d1825942bb8fa90f8a9dd69e52978851884254e9379990b0b71d853809ef23", "d15464707baa16c0ba03b6bd6a245b03b54133df4b5fc9fb697c75ea3f677b51", "5d88210378d3099dfed060e03a7c02d60a333ed31493624392f60aa66b0b7715", "f8287b945e0b4e22ff754e37278dcc95bb29c38b77294a7bfcd0f44a20f1e9c3", "b0c3b434f0bb6331164e1f45006d334eef1f7ed06c95d6b4604dde3571e43518", "f82f5652d0a825a04313512c84f7f806f15d7c375ec3169e7384ed6ff60af1a5", "d8fe14a2801a429b90cb9027bd8437e5802d4db8d560957aa277d1ee02608685"], "mitre_attack_tags": []}, {"bi": "pe-imports-empty", "hashes": ["96aa8617ac0db2fee0dd0020dbff45bce8991aa29b17976d3a33babd841adda6", "165c6c102d6c211f2416baf833ab1ff4313ad889da8acfb05b31c3c8e7493faf", "45aefcd50e62d9d5a9535d9d99f78a5c6725fd7ffcd378ef181d3dbbf2a115a5", "0202b64e4d4e2b7395500931211d17713e0ca789e924268c3ba1fb78bc782e9c", "7cba819f12c4d1632bd48102fe794c2a1e0baaeb12578bceede3c5a1748d9a6c", "173634dffb28185829c508979581f0826927b3dfd1e941f7fb04daae6d92eef1", "22580d73bc80bd4402be750f3cc9f2734069b242eccf261c4fd3f3c9b72b7edd", "48ec17ec1d23ecc75f1fae90efd2e662a42603c1eeef91fc3249e82e2641f3ba", "41d1825942bb8fa90f8a9dd69e52978851884254e9379990b0b71d853809ef23", "d15464707baa16c0ba03b6bd6a245b03b54133df4b5fc9fb697c75ea3f677b51", "5d88210378d3099dfed060e03a7c02d60a333ed31493624392f60aa66b0b7715", "f8287b945e0b4e22ff754e37278dcc95bb29c38b77294a7bfcd0f44a20f1e9c3", "b0c3b434f0bb6331164e1f45006d334eef1f7ed06c95d6b4604dde3571e43518", "f82f5652d0a825a04313512c84f7f806f15d7c375ec3169e7384ed6ff60af1a5", "d8fe14a2801a429b90cb9027bd8437e5802d4db8d560957aa277d1ee02608685"], "mitre_attack_tags": []}, {"bi": "pe-invalid-checksum", "hashes": ["96aa8617ac0db2fee0dd0020dbff45bce8991aa29b17976d3a33babd841adda6", "45aefcd50e62d9d5a9535d9d99f78a5c6725fd7ffcd378ef181d3dbbf2a115a5", "0202b64e4d4e2b7395500931211d17713e0ca789e924268c3ba1fb78bc782e9c", "7cba819f12c4d1632bd48102fe794c2a1e0baaeb12578bceede3c5a1748d9a6c", "173634dffb28185829c508979581f0826927b3dfd1e941f7fb04daae6d92eef1", "22580d73bc80bd4402be750f3cc9f2734069b242eccf261c4fd3f3c9b72b7edd", "48ec17ec1d23ecc75f1fae90efd2e662a42603c1eeef91fc3249e82e2641f3ba", "d15464707baa16c0ba03b6bd6a245b03b54133df4b5fc9fb697c75ea3f677b51", "5d88210378d3099dfed060e03a7c02d60a333ed31493624392f60aa66b0b7715", "f8287b945e0b4e22ff754e37278dcc95bb29c38b77294a7bfcd0f44a20f1e9c3", "b0c3b434f0bb6331164e1f45006d334eef1f7ed06c95d6b4604dde3571e43518", "f82f5652d0a825a04313512c84f7f806f15d7c375ec3169e7384ed6ff60af1a5", "d8fe14a2801a429b90cb9027bd8437e5802d4db8d560957aa277d1ee02608685"], "mitre_attack_tags": []}, {"bi": "artifact-flagged-anomaly", "hashes": ["96aa8617ac0db2fee0dd0020dbff45bce8991aa29b17976d3a33babd841adda6", "165c6c102d6c211f2416baf833ab1ff4313ad889da8acfb05b31c3c8e7493faf", "45aefcd50e62d9d5a9535d9d99f78a5c6725fd7ffcd378ef181d3dbbf2a115a5", "173634dffb28185829c508979581f0826927b3dfd1e941f7fb04daae6d92eef1", "22580d73bc80bd4402be750f3cc9f2734069b242eccf261c4fd3f3c9b72b7edd", "48ec17ec1d23ecc75f1fae90efd2e662a42603c1eeef91fc3249e82e2641f3ba", "41d1825942bb8fa90f8a9dd69e52978851884254e9379990b0b71d853809ef23", "d15464707baa16c0ba03b6bd6a245b03b54133df4b5fc9fb697c75ea3f677b51", "5d88210378d3099dfed060e03a7c02d60a333ed31493624392f60aa66b0b7715", "f8287b945e0b4e22ff754e37278dcc95bb29c38b77294a7bfcd0f44a20f1e9c3", "b0c3b434f0bb6331164e1f45006d334eef1f7ed06c95d6b4604dde3571e43518", "f82f5652d0a825a04313512c84f7f806f15d7c375ec3169e7384ed6ff60af1a5", "d8fe14a2801a429b90cb9027bd8437e5802d4db8d560957aa277d1ee02608685"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "cta-static-analyzer-malicious", "hashes": ["96aa8617ac0db2fee0dd0020dbff45bce8991aa29b17976d3a33babd841adda6", "45aefcd50e62d9d5a9535d9d99f78a5c6725fd7ffcd378ef181d3dbbf2a115a5", "7cba819f12c4d1632bd48102fe794c2a1e0baaeb12578bceede3c5a1748d9a6c", "173634dffb28185829c508979581f0826927b3dfd1e941f7fb04daae6d92eef1", "22580d73bc80bd4402be750f3cc9f2734069b242eccf261c4fd3f3c9b72b7edd", "48ec17ec1d23ecc75f1fae90efd2e662a42603c1eeef91fc3249e82e2641f3ba", "41d1825942bb8fa90f8a9dd69e52978851884254e9379990b0b71d853809ef23", "d15464707baa16c0ba03b6bd6a245b03b54133df4b5fc9fb697c75ea3f677b51", "f8287b945e0b4e22ff754e37278dcc95bb29c38b77294a7bfcd0f44a20f1e9c3", "b0c3b434f0bb6331164e1f45006d334eef1f7ed06c95d6b4604dde3571e43518", "f82f5652d0a825a04313512c84f7f806f15d7c375ec3169e7384ed6ff60af1a5", "d8fe14a2801a429b90cb9027bd8437e5802d4db8d560957aa277d1ee02608685"], "mitre_attack_tags": []}, {"bi": "excessive-foreign-memory-modification", "hashes": ["96aa8617ac0db2fee0dd0020dbff45bce8991aa29b17976d3a33babd841adda6", "165c6c102d6c211f2416baf833ab1ff4313ad889da8acfb05b31c3c8e7493faf", "45aefcd50e62d9d5a9535d9d99f78a5c6725fd7ffcd378ef181d3dbbf2a115a5", "7cba819f12c4d1632bd48102fe794c2a1e0baaeb12578bceede3c5a1748d9a6c", "173634dffb28185829c508979581f0826927b3dfd1e941f7fb04daae6d92eef1", "41d1825942bb8fa90f8a9dd69e52978851884254e9379990b0b71d853809ef23", "5d88210378d3099dfed060e03a7c02d60a333ed31493624392f60aa66b0b7715", "f8287b945e0b4e22ff754e37278dcc95bb29c38b77294a7bfcd0f44a20f1e9c3", "f82f5652d0a825a04313512c84f7f806f15d7c375ec3169e7384ed6ff60af1a5", "d8fe14a2801a429b90cb9027bd8437e5802d4db8d560957aa277d1ee02608685"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "process-hollowing-detected", "hashes": ["96aa8617ac0db2fee0dd0020dbff45bce8991aa29b17976d3a33babd841adda6", "165c6c102d6c211f2416baf833ab1ff4313ad889da8acfb05b31c3c8e7493faf", "45aefcd50e62d9d5a9535d9d99f78a5c6725fd7ffcd378ef181d3dbbf2a115a5", "7cba819f12c4d1632bd48102fe794c2a1e0baaeb12578bceede3c5a1748d9a6c", "173634dffb28185829c508979581f0826927b3dfd1e941f7fb04daae6d92eef1", "41d1825942bb8fa90f8a9dd69e52978851884254e9379990b0b71d853809ef23", "5d88210378d3099dfed060e03a7c02d60a333ed31493624392f60aa66b0b7715", "f8287b945e0b4e22ff754e37278dcc95bb29c38b77294a7bfcd0f44a20f1e9c3", "f82f5652d0a825a04313512c84f7f806f15d7c375ec3169e7384ed6ff60af1a5", "d8fe14a2801a429b90cb9027bd8437e5802d4db8d560957aa277d1ee02608685"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "modified-file-in-user-dir", "hashes": ["96aa8617ac0db2fee0dd0020dbff45bce8991aa29b17976d3a33babd841adda6", "45aefcd50e62d9d5a9535d9d99f78a5c6725fd7ffcd378ef181d3dbbf2a115a5", "7cba819f12c4d1632bd48102fe794c2a1e0baaeb12578bceede3c5a1748d9a6c", "41d1825942bb8fa90f8a9dd69e52978851884254e9379990b0b71d853809ef23", "5d88210378d3099dfed060e03a7c02d60a333ed31493624392f60aa66b0b7715", "f82f5652d0a825a04313512c84f7f806f15d7c375ec3169e7384ed6ff60af1a5", "d8fe14a2801a429b90cb9027bd8437e5802d4db8d560957aa277d1ee02608685"], "mitre_attack_tags": []}, {"bi": "antivirus-flagged-artifact", "hashes": ["96aa8617ac0db2fee0dd0020dbff45bce8991aa29b17976d3a33babd841adda6", "45aefcd50e62d9d5a9535d9d99f78a5c6725fd7ffcd378ef181d3dbbf2a115a5", "5d88210378d3099dfed060e03a7c02d60a333ed31493624392f60aa66b0b7715", "f8287b945e0b4e22ff754e37278dcc95bb29c38b77294a7bfcd0f44a20f1e9c3", "f82f5652d0a825a04313512c84f7f806f15d7c375ec3169e7384ed6ff60af1a5", "d8fe14a2801a429b90cb9027bd8437e5802d4db8d560957aa277d1ee02608685"], "mitre_attack_tags": []}, {"bi": "modified-executable", "hashes": ["96aa8617ac0db2fee0dd0020dbff45bce8991aa29b17976d3a33babd841adda6", "45aefcd50e62d9d5a9535d9d99f78a5c6725fd7ffcd378ef181d3dbbf2a115a5", "7cba819f12c4d1632bd48102fe794c2a1e0baaeb12578bceede3c5a1748d9a6c", "5d88210378d3099dfed060e03a7c02d60a333ed31493624392f60aa66b0b7715", "f82f5652d0a825a04313512c84f7f806f15d7c375ec3169e7384ed6ff60af1a5", "d8fe14a2801a429b90cb9027bd8437e5802d4db8d560957aa277d1ee02608685"], "mitre_attack_tags": []}, {"bi": "created-executable-in-user-dir", "hashes": ["96aa8617ac0db2fee0dd0020dbff45bce8991aa29b17976d3a33babd841adda6", "45aefcd50e62d9d5a9535d9d99f78a5c6725fd7ffcd378ef181d3dbbf2a115a5", "7cba819f12c4d1632bd48102fe794c2a1e0baaeb12578bceede3c5a1748d9a6c", "5d88210378d3099dfed060e03a7c02d60a333ed31493624392f60aa66b0b7715", "f82f5652d0a825a04313512c84f7f806f15d7c375ec3169e7384ed6ff60af1a5", "d8fe14a2801a429b90cb9027bd8437e5802d4db8d560957aa277d1ee02608685"], "mitre_attack_tags": []}, {"bi": "hook-installed", "hashes": ["96aa8617ac0db2fee0dd0020dbff45bce8991aa29b17976d3a33babd841adda6", "165c6c102d6c211f2416baf833ab1ff4313ad889da8acfb05b31c3c8e7493faf", "45aefcd50e62d9d5a9535d9d99f78a5c6725fd7ffcd378ef181d3dbbf2a115a5", "f8287b945e0b4e22ff754e37278dcc95bb29c38b77294a7bfcd0f44a20f1e9c3", "f82f5652d0a825a04313512c84f7f806f15d7c375ec3169e7384ed6ff60af1a5", "d8fe14a2801a429b90cb9027bd8437e5802d4db8d560957aa277d1ee02608685"], "mitre_attack_tags": ["TA0009", "TA0006", "T1056"]}, {"bi": "malware-known-trojan-av", "hashes": ["96aa8617ac0db2fee0dd0020dbff45bce8991aa29b17976d3a33babd841adda6", "45aefcd50e62d9d5a9535d9d99f78a5c6725fd7ffcd378ef181d3dbbf2a115a5", "5d88210378d3099dfed060e03a7c02d60a333ed31493624392f60aa66b0b7715", "f8287b945e0b4e22ff754e37278dcc95bb29c38b77294a7bfcd0f44a20f1e9c3", "f82f5652d0a825a04313512c84f7f806f15d7c375ec3169e7384ed6ff60af1a5", "d8fe14a2801a429b90cb9027bd8437e5802d4db8d560957aa277d1ee02608685"], "mitre_attack_tags": []}, {"bi": "malware-darkcomet-detected", "hashes": ["96aa8617ac0db2fee0dd0020dbff45bce8991aa29b17976d3a33babd841adda6", "45aefcd50e62d9d5a9535d9d99f78a5c6725fd7ffcd378ef181d3dbbf2a115a5", "5d88210378d3099dfed060e03a7c02d60a333ed31493624392f60aa66b0b7715", "f8287b945e0b4e22ff754e37278dcc95bb29c38b77294a7bfcd0f44a20f1e9c3", "f82f5652d0a825a04313512c84f7f806f15d7c375ec3169e7384ed6ff60af1a5", "d8fe14a2801a429b90cb9027bd8437e5802d4db8d560957aa277d1ee02608685"], "mitre_attack_tags": []}, {"bi": "malware-darkcomet-registry-detected", "hashes": ["96aa8617ac0db2fee0dd0020dbff45bce8991aa29b17976d3a33babd841adda6", "45aefcd50e62d9d5a9535d9d99f78a5c6725fd7ffcd378ef181d3dbbf2a115a5", "5d88210378d3099dfed060e03a7c02d60a333ed31493624392f60aa66b0b7715", "f8287b945e0b4e22ff754e37278dcc95bb29c38b77294a7bfcd0f44a20f1e9c3", "f82f5652d0a825a04313512c84f7f806f15d7c375ec3169e7384ed6ff60af1a5", "d8fe14a2801a429b90cb9027bd8437e5802d4db8d560957aa277d1ee02608685"], "mitre_attack_tags": []}, {"bi": "malware-darkcomet-mutex-detected", "hashes": ["96aa8617ac0db2fee0dd0020dbff45bce8991aa29b17976d3a33babd841adda6", "45aefcd50e62d9d5a9535d9d99f78a5c6725fd7ffcd378ef181d3dbbf2a115a5", "5d88210378d3099dfed060e03a7c02d60a333ed31493624392f60aa66b0b7715", "f8287b945e0b4e22ff754e37278dcc95bb29c38b77294a7bfcd0f44a20f1e9c3", "f82f5652d0a825a04313512c84f7f806f15d7c375ec3169e7384ed6ff60af1a5", "d8fe14a2801a429b90cb9027bd8437e5802d4db8d560957aa277d1ee02608685"], "mitre_attack_tags": []}, {"bi": "network-dns-category-dynamic", "hashes": ["96aa8617ac0db2fee0dd0020dbff45bce8991aa29b17976d3a33babd841adda6", "45aefcd50e62d9d5a9535d9d99f78a5c6725fd7ffcd378ef181d3dbbf2a115a5", "5d88210378d3099dfed060e03a7c02d60a333ed31493624392f60aa66b0b7715", "f82f5652d0a825a04313512c84f7f806f15d7c375ec3169e7384ed6ff60af1a5", "d8fe14a2801a429b90cb9027bd8437e5802d4db8d560957aa277d1ee02608685"], "mitre_attack_tags": []}, {"bi": "registry-autorun-key-modified", "hashes": ["96aa8617ac0db2fee0dd0020dbff45bce8991aa29b17976d3a33babd841adda6", "45aefcd50e62d9d5a9535d9d99f78a5c6725fd7ffcd378ef181d3dbbf2a115a5", "5d88210378d3099dfed060e03a7c02d60a333ed31493624392f60aa66b0b7715", "f82f5652d0a825a04313512c84f7f806f15d7c375ec3169e7384ed6ff60af1a5", "d8fe14a2801a429b90cb9027bd8437e5802d4db8d560957aa277d1ee02608685"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "registry-winlogon-key-modified-nt", "hashes": ["96aa8617ac0db2fee0dd0020dbff45bce8991aa29b17976d3a33babd841adda6", "45aefcd50e62d9d5a9535d9d99f78a5c6725fd7ffcd378ef181d3dbbf2a115a5", "5d88210378d3099dfed060e03a7c02d60a333ed31493624392f60aa66b0b7715", "f82f5652d0a825a04313512c84f7f806f15d7c375ec3169e7384ed6ff60af1a5", "d8fe14a2801a429b90cb9027bd8437e5802d4db8d560957aa277d1ee02608685"], "mitre_attack_tags": ["TA0005", "T1112"]}, {"bi": "registry-autorun-key-temp-dir", "hashes": ["96aa8617ac0db2fee0dd0020dbff45bce8991aa29b17976d3a33babd841adda6", "45aefcd50e62d9d5a9535d9d99f78a5c6725fd7ffcd378ef181d3dbbf2a115a5", "5d88210378d3099dfed060e03a7c02d60a333ed31493624392f60aa66b0b7715", "f82f5652d0a825a04313512c84f7f806f15d7c375ec3169e7384ed6ff60af1a5", "d8fe14a2801a429b90cb9027bd8437e5802d4db8d560957aa277d1ee02608685"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "pe-resource-lang-russian", "hashes": ["165c6c102d6c211f2416baf833ab1ff4313ad889da8acfb05b31c3c8e7493faf", "45aefcd50e62d9d5a9535d9d99f78a5c6725fd7ffcd378ef181d3dbbf2a115a5", "f82f5652d0a825a04313512c84f7f806f15d7c375ec3169e7384ed6ff60af1a5", "d8fe14a2801a429b90cb9027bd8437e5802d4db8d560957aa277d1ee02608685"], "mitre_attack_tags": []}, {"bi": "pe-packed-upx", "hashes": ["45aefcd50e62d9d5a9535d9d99f78a5c6725fd7ffcd378ef181d3dbbf2a115a5", "5d88210378d3099dfed060e03a7c02d60a333ed31493624392f60aa66b0b7715", "f82f5652d0a825a04313512c84f7f806f15d7c375ec3169e7384ed6ff60af1a5", "d8fe14a2801a429b90cb9027bd8437e5802d4db8d560957aa277d1ee02608685"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "feed-domain-antivirus-service", "hashes": ["7cba819f12c4d1632bd48102fe794c2a1e0baaeb12578bceede3c5a1748d9a6c", "173634dffb28185829c508979581f0826927b3dfd1e941f7fb04daae6d92eef1", "41d1825942bb8fa90f8a9dd69e52978851884254e9379990b0b71d853809ef23", "5d88210378d3099dfed060e03a7c02d60a333ed31493624392f60aa66b0b7715"], "mitre_attack_tags": []}, {"bi": "artifact-memory-vm-detect", "hashes": ["96aa8617ac0db2fee0dd0020dbff45bce8991aa29b17976d3a33babd841adda6", "5d88210378d3099dfed060e03a7c02d60a333ed31493624392f60aa66b0b7715", "f8287b945e0b4e22ff754e37278dcc95bb29c38b77294a7bfcd0f44a20f1e9c3"], "mitre_attack_tags": ["TA0005", "TA0007", "T1497"]}, {"bi": "pe-encrypted-section", "hashes": ["45aefcd50e62d9d5a9535d9d99f78a5c6725fd7ffcd378ef181d3dbbf2a115a5", "f82f5652d0a825a04313512c84f7f806f15d7c375ec3169e7384ed6ff60af1a5", "d8fe14a2801a429b90cb9027bd8437e5802d4db8d560957aa277d1ee02608685"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-filename-mismatch", "hashes": ["45aefcd50e62d9d5a9535d9d99f78a5c6725fd7ffcd378ef181d3dbbf2a115a5", "f82f5652d0a825a04313512c84f7f806f15d7c375ec3169e7384ed6ff60af1a5", "d8fe14a2801a429b90cb9027bd8437e5802d4db8d560957aa277d1ee02608685"], "mitre_attack_tags": []}, {"bi": "pe-section-execute-writable", "hashes": ["45aefcd50e62d9d5a9535d9d99f78a5c6725fd7ffcd378ef181d3dbbf2a115a5", "f82f5652d0a825a04313512c84f7f806f15d7c375ec3169e7384ed6ff60af1a5", "d8fe14a2801a429b90cb9027bd8437e5802d4db8d560957aa277d1ee02608685"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "modified-file-in-program-dir", "hashes": ["45aefcd50e62d9d5a9535d9d99f78a5c6725fd7ffcd378ef181d3dbbf2a115a5", "f82f5652d0a825a04313512c84f7f806f15d7c375ec3169e7384ed6ff60af1a5", "d8fe14a2801a429b90cb9027bd8437e5802d4db8d560957aa277d1ee02608685"], "mitre_attack_tags": []}, {"bi": "artifact-flagged-vm", "hashes": ["45aefcd50e62d9d5a9535d9d99f78a5c6725fd7ffcd378ef181d3dbbf2a115a5", "f82f5652d0a825a04313512c84f7f806f15d7c375ec3169e7384ed6ff60af1a5", "d8fe14a2801a429b90cb9027bd8437e5802d4db8d560957aa277d1ee02608685"], "mitre_attack_tags": ["TA0005", "TA0007", "T1497"]}, {"bi": "pe-tls-callback", "hashes": ["45aefcd50e62d9d5a9535d9d99f78a5c6725fd7ffcd378ef181d3dbbf2a115a5", "f82f5652d0a825a04313512c84f7f806f15d7c375ec3169e7384ed6ff60af1a5", "d8fe14a2801a429b90cb9027bd8437e5802d4db8d560957aa277d1ee02608685"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "antivirus-flagged-artifact-cta", "hashes": ["45aefcd50e62d9d5a9535d9d99f78a5c6725fd7ffcd378ef181d3dbbf2a115a5", "f82f5652d0a825a04313512c84f7f806f15d7c375ec3169e7384ed6ff60af1a5", "d8fe14a2801a429b90cb9027bd8437e5802d4db8d560957aa277d1ee02608685"], "mitre_attack_tags": []}, {"bi": "malware-adware-av", "hashes": ["45aefcd50e62d9d5a9535d9d99f78a5c6725fd7ffcd378ef181d3dbbf2a115a5", "f82f5652d0a825a04313512c84f7f806f15d7c375ec3169e7384ed6ff60af1a5", "d8fe14a2801a429b90cb9027bd8437e5802d4db8d560957aa277d1ee02608685"], "mitre_attack_tags": []}, {"bi": "malware-ramnit-mutex", "hashes": ["45aefcd50e62d9d5a9535d9d99f78a5c6725fd7ffcd378ef181d3dbbf2a115a5", "f82f5652d0a825a04313512c84f7f806f15d7c375ec3169e7384ed6ff60af1a5", "d8fe14a2801a429b90cb9027bd8437e5802d4db8d560957aa277d1ee02608685"], "mitre_attack_tags": []}, {"bi": "malware-ramnit", "hashes": ["45aefcd50e62d9d5a9535d9d99f78a5c6725fd7ffcd378ef181d3dbbf2a115a5", "f82f5652d0a825a04313512c84f7f806f15d7c375ec3169e7384ed6ff60af1a5", "d8fe14a2801a429b90cb9027bd8437e5802d4db8d560957aa277d1ee02608685"], "mitre_attack_tags": []}, {"bi": "dns-query-nxdomain", "hashes": ["7cba819f12c4d1632bd48102fe794c2a1e0baaeb12578bceede3c5a1748d9a6c", "173634dffb28185829c508979581f0826927b3dfd1e941f7fb04daae6d92eef1", "5d88210378d3099dfed060e03a7c02d60a333ed31493624392f60aa66b0b7715"], "mitre_attack_tags": []}, {"bi": "feed-domain-rat", "hashes": ["173634dffb28185829c508979581f0826927b3dfd1e941f7fb04daae6d92eef1", "5d88210378d3099dfed060e03a7c02d60a333ed31493624392f60aa66b0b7715"], "mitre_attack_tags": []}, {"bi": "pe-header-linker-major", "hashes": ["d15464707baa16c0ba03b6bd6a245b03b54133df4b5fc9fb697c75ea3f677b51", "5d88210378d3099dfed060e03a7c02d60a333ed31493624392f60aa66b0b7715"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-header-linker-minor", "hashes": ["d15464707baa16c0ba03b6bd6a245b03b54133df4b5fc9fb697c75ea3f677b51", "5d88210378d3099dfed060e03a7c02d60a333ed31493624392f60aa66b0b7715"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "network-fast-flux-nameserver", "hashes": ["7cba819f12c4d1632bd48102fe794c2a1e0baaeb12578bceede3c5a1748d9a6c"], "mitre_attack_tags": []}, {"bi": "sample-launched-copy-of-self", "hashes": ["7cba819f12c4d1632bd48102fe794c2a1e0baaeb12578bceede3c5a1748d9a6c"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "process-explorer-suspicious-launch", "hashes": ["7cba819f12c4d1632bd48102fe794c2a1e0baaeb12578bceede3c5a1748d9a6c"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "unsigned-roaming-execution", "hashes": ["7cba819f12c4d1632bd48102fe794c2a1e0baaeb12578bceede3c5a1748d9a6c"], "mitre_attack_tags": ["TA0005"]}, {"bi": "startup-folder-modification", "hashes": ["7cba819f12c4d1632bd48102fe794c2a1e0baaeb12578bceede3c5a1748d9a6c"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "artifact-windows-component-suspicious-creation", "hashes": ["7cba819f12c4d1632bd48102fe794c2a1e0baaeb12578bceede3c5a1748d9a6c"], "mitre_attack_tags": ["TA0005", "TA0002", "T1036"]}, {"bi": "netbios-query", "hashes": ["173634dffb28185829c508979581f0826927b3dfd1e941f7fb04daae6d92eef1"], "mitre_attack_tags": []}, {"bi": "file-ini-read", "hashes": ["173634dffb28185829c508979581f0826927b3dfd1e941f7fb04daae6d92eef1"], "mitre_attack_tags": []}, {"bi": "firefox-password-manager-local-database-access", "hashes": ["173634dffb28185829c508979581f0826927b3dfd1e941f7fb04daae6d92eef1"], "mitre_attack_tags": ["TA0006", "T1003"]}, {"bi": "enumeration-browser-information", "hashes": ["173634dffb28185829c508979581f0826927b3dfd1e941f7fb04daae6d92eef1"], "mitre_attack_tags": ["TA0007", "TA0009", "TA0006", "T1083", "T1217", "T1005", "T1119"]}, {"bi": "registry-login-info-guest-modified", "hashes": ["173634dffb28185829c508979581f0826927b3dfd1e941f7fb04daae6d92eef1"], "mitre_attack_tags": ["TA0005", "TA0003", "T1112", "T1098"]}, {"bi": "malware-pony-stealer-detected", "hashes": ["173634dffb28185829c508979581f0826927b3dfd1e941f7fb04daae6d92eef1"], "mitre_attack_tags": []}, {"bi": "malware-fareit-file-activity", "hashes": ["173634dffb28185829c508979581f0826927b3dfd1e941f7fb04daae6d92eef1"], "mitre_attack_tags": []}, {"bi": "registry-login-info-modified", "hashes": ["173634dffb28185829c508979581f0826927b3dfd1e941f7fb04daae6d92eef1"], "mitre_attack_tags": ["TA0005", "TA0003", "T1112", "T1098"]}, {"bi": "process-check-opera-appdata-folder", "hashes": ["173634dffb28185829c508979581f0826927b3dfd1e941f7fb04daae6d92eef1"], "mitre_attack_tags": ["TA0007", "T1083"]}, {"bi": "cryptocurrency-stealer-detected", "hashes": ["173634dffb28185829c508979581f0826927b3dfd1e941f7fb04daae6d92eef1"], "mitre_attack_tags": []}, {"bi": "malware-generic-infostealer", "hashes": ["173634dffb28185829c508979581f0826927b3dfd1e941f7fb04daae6d92eef1"], "mitre_attack_tags": ["TA0007", "TA0009", "TA0006", "T1083", "T1005", "T1119"]}, {"bi": "enumeration-cryptocurrency-information", "hashes": ["173634dffb28185829c508979581f0826927b3dfd1e941f7fb04daae6d92eef1"], "mitre_attack_tags": ["TA0007", "TA0009", "TA0006", "T1083", "T1005", "T1119"]}, {"bi": "enumeration-email-program-information", "hashes": ["173634dffb28185829c508979581f0826927b3dfd1e941f7fb04daae6d92eef1"], "mitre_attack_tags": ["TA0007", "TA0009", "TA0006", "T1083", "T1005", "T1119", "T1114"]}, {"bi": "enumeration-ftp-program-information", "hashes": ["173634dffb28185829c508979581f0826927b3dfd1e941f7fb04daae6d92eef1"], "mitre_attack_tags": ["TA0007", "TA0009", "TA0006", "T1083", "T1005", "T1119"]}, {"bi": "artifact-flagged-obfuscation", "hashes": ["41d1825942bb8fa90f8a9dd69e52978851884254e9379990b0b71d853809ef23"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "process-long-cmdline", "hashes": ["41d1825942bb8fa90f8a9dd69e52978851884254e9379990b0b71d853809ef23"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "network-fast-flux-domain", "hashes": ["41d1825942bb8fa90f8a9dd69e52978851884254e9379990b0b71d853809ef23"], "mitre_attack_tags": []}, {"bi": "network-communications-http-get", "hashes": ["41d1825942bb8fa90f8a9dd69e52978851884254e9379990b0b71d853809ef23"], "mitre_attack_tags": ["TA0011", "T1105"]}, {"bi": "network-snort-protocol", "hashes": ["41d1825942bb8fa90f8a9dd69e52978851884254e9379990b0b71d853809ef23"], "mitre_attack_tags": []}, {"bi": "dns-excessive-domain-queries", "hashes": ["41d1825942bb8fa90f8a9dd69e52978851884254e9379990b0b71d853809ef23"], "mitre_attack_tags": ["TA0011", "T1008"]}, {"bi": "network-only-safe-domains-contacted", "hashes": ["41d1825942bb8fa90f8a9dd69e52978851884254e9379990b0b71d853809ef23"], "mitre_attack_tags": []}, {"bi": "network-file-downloaded-to-disk", "hashes": ["41d1825942bb8fa90f8a9dd69e52978851884254e9379990b0b71d853809ef23"], "mitre_attack_tags": []}, {"bi": "http-response-redirect", "hashes": ["41d1825942bb8fa90f8a9dd69e52978851884254e9379990b0b71d853809ef23"], "mitre_attack_tags": []}, {"bi": "url-not-found", "hashes": ["41d1825942bb8fa90f8a9dd69e52978851884254e9379990b0b71d853809ef23"], "mitre_attack_tags": []}, {"bi": "script-contains-url", "hashes": ["41d1825942bb8fa90f8a9dd69e52978851884254e9379990b0b71d853809ef23"], "mitre_attack_tags": []}, {"bi": "js-uses-fromcharcode", "hashes": ["41d1825942bb8fa90f8a9dd69e52978851884254e9379990b0b71d853809ef23"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "js-calls-activex-object", "hashes": ["41d1825942bb8fa90f8a9dd69e52978851884254e9379990b0b71d853809ef23"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "js-uses-eval", "hashes": ["41d1825942bb8fa90f8a9dd69e52978851884254e9379990b0b71d853809ef23"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "js-contains-massive-strings", "hashes": ["41d1825942bb8fa90f8a9dd69e52978851884254e9379990b0b71d853809ef23"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "js-uses-encrypt-decrypt", "hashes": ["41d1825942bb8fa90f8a9dd69e52978851884254e9379990b0b71d853809ef23"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "registry-service-autostart-disabled", "hashes": ["5d88210378d3099dfed060e03a7c02d60a333ed31493624392f60aa66b0b7715"], "mitre_attack_tags": ["TA0005", "TA0040", "TA0003", "TA0004", "T1112", "T1489"]}, {"bi": "disables-windows-firewall", "hashes": ["5d88210378d3099dfed060e03a7c02d60a333ed31493624392f60aa66b0b7715"], "mitre_attack_tags": ["TA0005", "T1562"]}, {"bi": "disables-security-center-notifications", "hashes": ["5d88210378d3099dfed060e03a7c02d60a333ed31493624392f60aa66b0b7715"], "mitre_attack_tags": ["TA0005", "T1562"]}], "category": "Malware", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": true, "Threat Grid": true, "Umbrella": false, "WSA": false}, "description": "DarkComet and related variants are a family of remote access trojans designed to provide an attacker with control over an infected system. The abilities of this malware include downloading files from users' machines, mechanisms for persistence and hiding, and relaying usernames and passwords from the infected system.", "hashes": ["0202b64e4d4e2b7395500931211d17713e0ca789e924268c3ba1fb78bc782e9c", "165c6c102d6c211f2416baf833ab1ff4313ad889da8acfb05b31c3c8e7493faf", "173634dffb28185829c508979581f0826927b3dfd1e941f7fb04daae6d92eef1", "22580d73bc80bd4402be750f3cc9f2734069b242eccf261c4fd3f3c9b72b7edd", "41d1825942bb8fa90f8a9dd69e52978851884254e9379990b0b71d853809ef23", "42f62fd4e6f14ab2769e3c80d9357d2a0cff26e8adbf9fbb4f8f20992caa5bdf", "45aefcd50e62d9d5a9535d9d99f78a5c6725fd7ffcd378ef181d3dbbf2a115a5", "48ec17ec1d23ecc75f1fae90efd2e662a42603c1eeef91fc3249e82e2641f3ba", "4e14ae8bbce9f93bdfb26b1bf4a983adc1dac04d22f1d04b9c087a7a733d3229", "5d88210378d3099dfed060e03a7c02d60a333ed31493624392f60aa66b0b7715", "7cba819f12c4d1632bd48102fe794c2a1e0baaeb12578bceede3c5a1748d9a6c", "96aa8617ac0db2fee0dd0020dbff45bce8991aa29b17976d3a33babd841adda6", "b0c3b434f0bb6331164e1f45006d334eef1f7ed06c95d6b4604dde3571e43518", "c15f9e3cbf4350512bbd4304f9b2c662273ea72fcffa4f38e363abe5db34c307", "d15464707baa16c0ba03b6bd6a245b03b54133df4b5fc9fb697c75ea3f677b51", "d8fe14a2801a429b90cb9027bd8437e5802d4db8d560957aa277d1ee02608685", "d981a0f71c2e44dd91c0d4c915aead79a14b33cf1c440aaee1cffd7da6e85695", "f8287b945e0b4e22ff754e37278dcc95bb29c38b77294a7bfcd0f44a20f1e9c3", "f82f5652d0a825a04313512c84f7f806f15d7c375ec3169e7384ed6ff60af1a5"], "iocs": {"domain": [{"hashes": ["45aefcd50e62d9d5a9535d9d99f78a5c6725fd7ffcd378ef181d3dbbf2a115a5", "96aa8617ac0db2fee0dd0020dbff45bce8991aa29b17976d3a33babd841adda6", "d8fe14a2801a429b90cb9027bd8437e5802d4db8d560957aa277d1ee02608685", "f82f5652d0a825a04313512c84f7f806f15d7c375ec3169e7384ed6ff60af1a5"], "host": "dnsfix[.]ddns[.]net"}, {"hashes": ["41d1825942bb8fa90f8a9dd69e52978851884254e9379990b0b71d853809ef23"], "host": "schema[.]org"}, {"hashes": ["41d1825942bb8fa90f8a9dd69e52978851884254e9379990b0b71d853809ef23"], "host": "www[.]google-analytics[.]com"}, {"hashes": ["41d1825942bb8fa90f8a9dd69e52978851884254e9379990b0b71d853809ef23"], "host": "stats[.]g[.]doubleclick[.]net"}, {"hashes": ["41d1825942bb8fa90f8a9dd69e52978851884254e9379990b0b71d853809ef23"], "host": "github[.]com"}, {"hashes": ["41d1825942bb8fa90f8a9dd69e52978851884254e9379990b0b71d853809ef23"], "host": "avatars1[.]githubusercontent[.]com"}, {"hashes": ["41d1825942bb8fa90f8a9dd69e52978851884254e9379990b0b71d853809ef23"], "host": "az725175[.]vo[.]msecnd[.]net"}, {"hashes": ["41d1825942bb8fa90f8a9dd69e52978851884254e9379990b0b71d853809ef23"], "host": "aka[.]ms"}, {"hashes": ["41d1825942bb8fa90f8a9dd69e52978851884254e9379990b0b71d853809ef23"], "host": "avatars3[.]githubusercontent[.]com"}, {"hashes": ["41d1825942bb8fa90f8a9dd69e52978851884254e9379990b0b71d853809ef23"], "host": "cdn[.]speedcurve[.]com"}, {"hashes": ["41d1825942bb8fa90f8a9dd69e52978851884254e9379990b0b71d853809ef23"], "host": "w[.]usabilla[.]com"}, {"hashes": ["173634dffb28185829c508979581f0826927b3dfd1e941f7fb04daae6d92eef1"], "host": "iliarub3[.]esy[.]es"}, {"hashes": ["7cba819f12c4d1632bd48102fe794c2a1e0baaeb12578bceede3c5a1748d9a6c"], "host": "www[.]garota-rat[.]com[.]br"}, {"hashes": ["5d88210378d3099dfed060e03a7c02d60a333ed31493624392f60aa66b0b7715"], "host": "angry1337[.]ddns[.]net"}], "file": [{"hashes": ["45aefcd50e62d9d5a9535d9d99f78a5c6725fd7ffcd378ef181d3dbbf2a115a5", "5d88210378d3099dfed060e03a7c02d60a333ed31493624392f60aa66b0b7715", "96aa8617ac0db2fee0dd0020dbff45bce8991aa29b17976d3a33babd841adda6", "d8fe14a2801a429b90cb9027bd8437e5802d4db8d560957aa277d1ee02608685", "f82f5652d0a825a04313512c84f7f806f15d7c375ec3169e7384ed6ff60af1a5"], "path": "%APPDATA%\\dclogs"}, {"hashes": ["45aefcd50e62d9d5a9535d9d99f78a5c6725fd7ffcd378ef181d3dbbf2a115a5", "96aa8617ac0db2fee0dd0020dbff45bce8991aa29b17976d3a33babd841adda6", "d8fe14a2801a429b90cb9027bd8437e5802d4db8d560957aa277d1ee02608685", "f82f5652d0a825a04313512c84f7f806f15d7c375ec3169e7384ed6ff60af1a5"], "path": "%TEMP%\\MSDCSC"}, {"hashes": ["45aefcd50e62d9d5a9535d9d99f78a5c6725fd7ffcd378ef181d3dbbf2a115a5", "96aa8617ac0db2fee0dd0020dbff45bce8991aa29b17976d3a33babd841adda6", "d8fe14a2801a429b90cb9027bd8437e5802d4db8d560957aa277d1ee02608685", "f82f5652d0a825a04313512c84f7f806f15d7c375ec3169e7384ed6ff60af1a5"], "path": "%TEMP%\\MSDCSC\\rundll.exe"}, {"hashes": ["45aefcd50e62d9d5a9535d9d99f78a5c6725fd7ffcd378ef181d3dbbf2a115a5", "d8fe14a2801a429b90cb9027bd8437e5802d4db8d560957aa277d1ee02608685", "f82f5652d0a825a04313512c84f7f806f15d7c375ec3169e7384ed6ff60af1a5"], "path": "%ProgramFiles(x86)%\\Microsoft"}, {"hashes": ["45aefcd50e62d9d5a9535d9d99f78a5c6725fd7ffcd378ef181d3dbbf2a115a5", "d8fe14a2801a429b90cb9027bd8437e5802d4db8d560957aa277d1ee02608685", "f82f5652d0a825a04313512c84f7f806f15d7c375ec3169e7384ed6ff60af1a5"], "path": "%ProgramFiles(x86)%\\Microsoft\\DesktopLayer.exe"}, {"hashes": ["45aefcd50e62d9d5a9535d9d99f78a5c6725fd7ffcd378ef181d3dbbf2a115a5", "d8fe14a2801a429b90cb9027bd8437e5802d4db8d560957aa277d1ee02608685", "f82f5652d0a825a04313512c84f7f806f15d7c375ec3169e7384ed6ff60af1a5"], "path": "%TEMP%\\RUNDLL.EXE"}, {"hashes": ["45aefcd50e62d9d5a9535d9d99f78a5c6725fd7ffcd378ef181d3dbbf2a115a5", "d8fe14a2801a429b90cb9027bd8437e5802d4db8d560957aa277d1ee02608685", "f82f5652d0a825a04313512c84f7f806f15d7c375ec3169e7384ed6ff60af1a5"], "path": "%TEMP%\\TESTADOR ANONYMOUS.EXE"}, {"hashes": ["45aefcd50e62d9d5a9535d9d99f78a5c6725fd7ffcd378ef181d3dbbf2a115a5", "d8fe14a2801a429b90cb9027bd8437e5802d4db8d560957aa277d1ee02608685", "f82f5652d0a825a04313512c84f7f806f15d7c375ec3169e7384ed6ff60af1a5"], "path": "%TEMP%\\TESTADOR ANONYMOUSSrv.exe"}, {"hashes": ["7cba819f12c4d1632bd48102fe794c2a1e0baaeb12578bceede3c5a1748d9a6c"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\lsass.exe"}, {"hashes": ["5d88210378d3099dfed060e03a7c02d60a333ed31493624392f60aa66b0b7715"], "path": "%TEMP%\\Microsoft"}, {"hashes": ["45aefcd50e62d9d5a9535d9d99f78a5c6725fd7ffcd378ef181d3dbbf2a115a5"], "path": "%ProgramFiles(x86)%\\Microsoft\\px3CF.tmp"}, {"hashes": ["5d88210378d3099dfed060e03a7c02d60a333ed31493624392f60aa66b0b7715"], "path": "%TEMP%\\Microsoft\\winlogon.exe"}, {"hashes": ["f82f5652d0a825a04313512c84f7f806f15d7c375ec3169e7384ed6ff60af1a5"], "path": "%ProgramFiles(x86)%\\Microsoft\\px8FA9.tmp"}, {"hashes": ["d8fe14a2801a429b90cb9027bd8437e5802d4db8d560957aa277d1ee02608685"], "path": "%ProgramFiles(x86)%\\Microsoft\\px64B3.tmp"}], "ip": [{"hashes": ["41d1825942bb8fa90f8a9dd69e52978851884254e9379990b0b71d853809ef23", "45aefcd50e62d9d5a9535d9d99f78a5c6725fd7ffcd378ef181d3dbbf2a115a5", "d8fe14a2801a429b90cb9027bd8437e5802d4db8d560957aa277d1ee02608685", "f82f5652d0a825a04313512c84f7f806f15d7c375ec3169e7384ed6ff60af1a5"], "ip": "204[.]79[.]197[.]200"}, {"hashes": ["45aefcd50e62d9d5a9535d9d99f78a5c6725fd7ffcd378ef181d3dbbf2a115a5", "d8fe14a2801a429b90cb9027bd8437e5802d4db8d560957aa277d1ee02608685", "f82f5652d0a825a04313512c84f7f806f15d7c375ec3169e7384ed6ff60af1a5"], "ip": "209[.]208[.]79[.]114"}, {"hashes": ["41d1825942bb8fa90f8a9dd69e52978851884254e9379990b0b71d853809ef23", "d8fe14a2801a429b90cb9027bd8437e5802d4db8d560957aa277d1ee02608685"], "ip": "13[.]107[.]21[.]200"}, {"hashes": ["41d1825942bb8fa90f8a9dd69e52978851884254e9379990b0b71d853809ef23"], "ip": "172[.]217[.]7[.]14"}, {"hashes": ["41d1825942bb8fa90f8a9dd69e52978851884254e9379990b0b71d853809ef23"], "ip": "151[.]101[.]0[.]133"}, {"hashes": ["41d1825942bb8fa90f8a9dd69e52978851884254e9379990b0b71d853809ef23"], "ip": "151[.]101[.]130[.]217"}, {"hashes": ["41d1825942bb8fa90f8a9dd69e52978851884254e9379990b0b71d853809ef23"], "ip": "152[.]199[.]4[.]33"}, {"hashes": ["41d1825942bb8fa90f8a9dd69e52978851884254e9379990b0b71d853809ef23"], "ip": "65[.]55[.]44[.]109"}, {"hashes": ["41d1825942bb8fa90f8a9dd69e52978851884254e9379990b0b71d853809ef23"], "ip": "151[.]101[.]64[.]133"}, {"hashes": ["41d1825942bb8fa90f8a9dd69e52978851884254e9379990b0b71d853809ef23"], "ip": "23[.]5[.]234[.]11"}, {"hashes": ["41d1825942bb8fa90f8a9dd69e52978851884254e9379990b0b71d853809ef23"], "ip": "23[.]5[.]230[.]228"}, {"hashes": ["41d1825942bb8fa90f8a9dd69e52978851884254e9379990b0b71d853809ef23"], "ip": "140[.]82[.]112[.]3"}, {"hashes": ["41d1825942bb8fa90f8a9dd69e52978851884254e9379990b0b71d853809ef23"], "ip": "40[.]91[.]78[.]9"}, {"hashes": ["41d1825942bb8fa90f8a9dd69e52978851884254e9379990b0b71d853809ef23"], "ip": "35[.]174[.]20[.]103"}, {"hashes": ["41d1825942bb8fa90f8a9dd69e52978851884254e9379990b0b71d853809ef23"], "ip": "13[.]107[.]246[.]13"}, {"hashes": ["41d1825942bb8fa90f8a9dd69e52978851884254e9379990b0b71d853809ef23"], "ip": "142[.]250[.]111[.]157"}], "mutex": [{"hashes": ["45aefcd50e62d9d5a9535d9d99f78a5c6725fd7ffcd378ef181d3dbbf2a115a5", "96aa8617ac0db2fee0dd0020dbff45bce8991aa29b17976d3a33babd841adda6", "d8fe14a2801a429b90cb9027bd8437e5802d4db8d560957aa277d1ee02608685", "f82f5652d0a825a04313512c84f7f806f15d7c375ec3169e7384ed6ff60af1a5"], "name": "DC_MUTEX-BYAECN6"}, {"hashes": ["45aefcd50e62d9d5a9535d9d99f78a5c6725fd7ffcd378ef181d3dbbf2a115a5", "d8fe14a2801a429b90cb9027bd8437e5802d4db8d560957aa277d1ee02608685", "f82f5652d0a825a04313512c84f7f806f15d7c375ec3169e7384ed6ff60af1a5"], "name": "KyUffThOkYwRRtgPP"}, {"hashes": ["f8287b945e0b4e22ff754e37278dcc95bb29c38b77294a7bfcd0f44a20f1e9c3"], "name": "DCMUTEX"}, {"hashes": ["41d1825942bb8fa90f8a9dd69e52978851884254e9379990b0b71d853809ef23"], "name": "Local\\https://docs.microsoft.com/"}, {"hashes": ["5d88210378d3099dfed060e03a7c02d60a333ed31493624392f60aa66b0b7715"], "name": "DC_MUTEX-14UFAVA"}], "registry": [{"hashes": ["45aefcd50e62d9d5a9535d9d99f78a5c6725fd7ffcd378ef181d3dbbf2a115a5", "5d88210378d3099dfed060e03a7c02d60a333ed31493624392f60aa66b0b7715", "96aa8617ac0db2fee0dd0020dbff45bce8991aa29b17976d3a33babd841adda6", "d8fe14a2801a429b90cb9027bd8437e5802d4db8d560957aa277d1ee02608685", "f8287b945e0b4e22ff754e37278dcc95bb29c38b77294a7bfcd0f44a20f1e9c3", "f82f5652d0a825a04313512c84f7f806f15d7c375ec3169e7384ed6ff60af1a5"], "key": "<HKCU>\\SOFTWARE\\DC3_FEXEC", "value_name": null}, {"hashes": ["41d1825942bb8fa90f8a9dd69e52978851884254e9379990b0b71d853809ef23", "45aefcd50e62d9d5a9535d9d99f78a5c6725fd7ffcd378ef181d3dbbf2a115a5", "5d88210378d3099dfed060e03a7c02d60a333ed31493624392f60aa66b0b7715", "d8fe14a2801a429b90cb9027bd8437e5802d4db8d560957aa277d1ee02608685", "f82f5652d0a825a04313512c84f7f806f15d7c375ec3169e7384ed6ff60af1a5"], "key": "<HKCR>\\LOCAL SETTINGS\\MUICACHE\\7C\\52C64B7E", "value_name": "LanguageList"}, {"hashes": ["45aefcd50e62d9d5a9535d9d99f78a5c6725fd7ffcd378ef181d3dbbf2a115a5", "5d88210378d3099dfed060e03a7c02d60a333ed31493624392f60aa66b0b7715", "96aa8617ac0db2fee0dd0020dbff45bce8991aa29b17976d3a33babd841adda6", "d8fe14a2801a429b90cb9027bd8437e5802d4db8d560957aa277d1ee02608685", "f82f5652d0a825a04313512c84f7f806f15d7c375ec3169e7384ed6ff60af1a5"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINLOGON", "value_name": "UserInit"}, {"hashes": ["45aefcd50e62d9d5a9535d9d99f78a5c6725fd7ffcd378ef181d3dbbf2a115a5", "96aa8617ac0db2fee0dd0020dbff45bce8991aa29b17976d3a33babd841adda6", "d8fe14a2801a429b90cb9027bd8437e5802d4db8d560957aa277d1ee02608685", "f82f5652d0a825a04313512c84f7f806f15d7c375ec3169e7384ed6ff60af1a5"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "MicroUpdate"}, {"hashes": ["5d88210378d3099dfed060e03a7c02d60a333ed31493624392f60aa66b0b7715"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\SHAREDACCESS\\PARAMETERS\\FIREWALLPOLICY\\STANDARDPROFILE", "value_name": "EnableFirewall"}, {"hashes": ["5d88210378d3099dfed060e03a7c02d60a333ed31493624392f60aa66b0b7715"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\SHAREDACCESS\\PARAMETERS\\FIREWALLPOLICY\\STANDARDPROFILE", "value_name": "DisableNotifications"}, {"hashes": ["5d88210378d3099dfed060e03a7c02d60a333ed31493624392f60aa66b0b7715"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\SYSTEM", "value_name": "EnableLUA"}, {"hashes": ["5d88210378d3099dfed060e03a7c02d60a333ed31493624392f60aa66b0b7715"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\SECURITY CENTER", "value_name": "AntiVirusDisableNotify"}, {"hashes": ["5d88210378d3099dfed060e03a7c02d60a333ed31493624392f60aa66b0b7715"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\SECURITY CENTER", "value_name": "UpdatesDisableNotify"}, {"hashes": ["5d88210378d3099dfed060e03a7c02d60a333ed31493624392f60aa66b0b7715"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WSCSVC", "value_name": "Start"}, {"hashes": ["5d88210378d3099dfed060e03a7c02d60a333ed31493624392f60aa66b0b7715"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\CURRENTVERSION\\EXPLORERN", "value_name": "NoControlPanel"}, {"hashes": ["173634dffb28185829c508979581f0826927b3dfd1e941f7fb04daae6d92eef1"], "key": "<HKCU>\\SOFTWARE\\WINRAR", "value_name": null}, {"hashes": ["5d88210378d3099dfed060e03a7c02d60a333ed31493624392f60aa66b0b7715"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\SYSTEM", "value_name": null}, {"hashes": ["5d88210378d3099dfed060e03a7c02d60a333ed31493624392f60aa66b0b7715"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\CURRENTVERSION", "value_name": null}, {"hashes": ["5d88210378d3099dfed060e03a7c02d60a333ed31493624392f60aa66b0b7715"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\CURRENTVERSION\\EXPLORERN", "value_name": null}, {"hashes": ["173634dffb28185829c508979581f0826927b3dfd1e941f7fb04daae6d92eef1"], "key": "<HKCU>\\SOFTWARE\\WINRAR", "value_name": "HWID"}, {"hashes": ["173634dffb28185829c508979581f0826927b3dfd1e941f7fb04daae6d92eef1"], "key": "<HKLM>\\SAM\\SAM\\DOMAINS\\ACCOUNT\\USERS\\000003E9", "value_name": "F"}, {"hashes": ["173634dffb28185829c508979581f0826927b3dfd1e941f7fb04daae6d92eef1"], "key": "<HKLM>\\SAM\\SAM\\DOMAINS\\ACCOUNT\\USERS\\000001F5", "value_name": "F"}, {"hashes": ["173634dffb28185829c508979581f0826927b3dfd1e941f7fb04daae6d92eef1"], "key": "<HKLM>\\SAM\\SAM\\DOMAINS\\ACCOUNT\\USERS\\000003EC", "value_name": "F"}, {"hashes": ["5d88210378d3099dfed060e03a7c02d60a333ed31493624392f60aa66b0b7715"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "\u00cf\u00f0\u00ee\u00e3\u00f0\u00e0\u00ec\u00ec\u00e0 \u00e2\u00f5\u00ee\u00e4\u00e0 \u00e2 \u00f1\u00e8\u00f1\u00f2\u00e5\u00ec\u00f3"}]}, "reports_count": 19}, "Win.Packed.Dridex-9807477-1": {"bis": [{"bi": "pe-encrypted-section", "hashes": ["00b131fa9a8c08d98433d8595034e51b80784932d8fa4bac863ce8f70f3af856", "16bd5a90214d427113dd67424f717e4b8d11985e773f5380c59280a42da0e822", "27c7557bdf25884fe3b58f98277fae4cc7a77f24c292fbeed6abb2549d16e9ba", "1913d9841d42884fbcb51b74f1806eefbf619b8dc3e36569388870a796153e12", "4e1b16b99a4f5790578691146350c93f9c0957daecdaaf798e100e39c1279688", "25420b5af983fdf54059c50ace2e34a9432fa0e3148a0e6363376f9e9617619f", "033d5b7ac424bb285b3b7c4e188acf66e92fdb06e2f494e0786a713f11bc5675", "27f353645626f39108c9a1cfc2e28cd1c089972dd41621cd17610ec48c90e90d", "091d12b78592ea8db5f83dba429b3a088e3ae62fdcca489861824062c8f5ff23", "0514c7cb8e069ce657e5672d83d31e68b65c99ae7f6e5a86d08d89c690c09af5", "072cb9fe091174548a907eb6fba16e0a7076d7eff6e5623f2109d28b58a66af5", "1379bc713816753b7f9b8bd97cba679a87084d73f3c386647a649d8980bbbd42", "36a430d0daa727ce672cfe495d0c614e10f8045af1580344148e8b9148f07fa0", "525314e37bd5fe61793bf85d54fbaacdbf5e82e9fb8f328168ee2a83492fb268", "43125487b748bcb6220b45f46ffa491740f75d4cf71a8823a15b400fd0243d60", "4435683d1e47f965aeed38d754e02e52f7b45f68a4fa4708532af93d8b2a9cd5", "49d217b942b6f3da7a2f37457c8bf240c6da8577b24518e0d415ea961b7b953d", "1a9ef6ff0a5f76f096ad4375296d15c14e6ea96f42e62af8ef191b4e4517be17", "14c56a06a97877ff946460855d2422d306fa6bf4972f686c45168160e79c45c4", "49c4328e898a926bfbff4a6d530af9ebe107839ececfb09693133275f5ccd614", "16f5711bf9635e679ac65141c651e4740a2b9fc349d8e335e6b39f44a4fabbf9", "4dd17d724ad88aabcb8319f4d2a3df0b375b164378e009ff1b2607e7036c6b66", "2b33ce94b42bd98a812c657d492e9ece222e53d3c119f356534d5cfd6b1b2ffb", "322861c1b4b43d32a1331539d59ad573558f61672773430651929e40d19dafd5", "2b7a34bf7b088f72ed736dfaddacce547d19f87c9910883b5460de8946db0633"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "memory-execute-readwrite", "hashes": ["00b131fa9a8c08d98433d8595034e51b80784932d8fa4bac863ce8f70f3af856", "16bd5a90214d427113dd67424f717e4b8d11985e773f5380c59280a42da0e822", "27c7557bdf25884fe3b58f98277fae4cc7a77f24c292fbeed6abb2549d16e9ba", "1913d9841d42884fbcb51b74f1806eefbf619b8dc3e36569388870a796153e12", "4e1b16b99a4f5790578691146350c93f9c0957daecdaaf798e100e39c1279688", "25420b5af983fdf54059c50ace2e34a9432fa0e3148a0e6363376f9e9617619f", "033d5b7ac424bb285b3b7c4e188acf66e92fdb06e2f494e0786a713f11bc5675", "27f353645626f39108c9a1cfc2e28cd1c089972dd41621cd17610ec48c90e90d", "091d12b78592ea8db5f83dba429b3a088e3ae62fdcca489861824062c8f5ff23", "0514c7cb8e069ce657e5672d83d31e68b65c99ae7f6e5a86d08d89c690c09af5", "072cb9fe091174548a907eb6fba16e0a7076d7eff6e5623f2109d28b58a66af5", "1379bc713816753b7f9b8bd97cba679a87084d73f3c386647a649d8980bbbd42", "36a430d0daa727ce672cfe495d0c614e10f8045af1580344148e8b9148f07fa0", "525314e37bd5fe61793bf85d54fbaacdbf5e82e9fb8f328168ee2a83492fb268", "43125487b748bcb6220b45f46ffa491740f75d4cf71a8823a15b400fd0243d60", "4435683d1e47f965aeed38d754e02e52f7b45f68a4fa4708532af93d8b2a9cd5", "49d217b942b6f3da7a2f37457c8bf240c6da8577b24518e0d415ea961b7b953d", "1a9ef6ff0a5f76f096ad4375296d15c14e6ea96f42e62af8ef191b4e4517be17", "14c56a06a97877ff946460855d2422d306fa6bf4972f686c45168160e79c45c4", "49c4328e898a926bfbff4a6d530af9ebe107839ececfb09693133275f5ccd614", "16f5711bf9635e679ac65141c651e4740a2b9fc349d8e335e6b39f44a4fabbf9", "4dd17d724ad88aabcb8319f4d2a3df0b375b164378e009ff1b2607e7036c6b66", "2b33ce94b42bd98a812c657d492e9ece222e53d3c119f356534d5cfd6b1b2ffb", "322861c1b4b43d32a1331539d59ad573558f61672773430651929e40d19dafd5", "2b7a34bf7b088f72ed736dfaddacce547d19f87c9910883b5460de8946db0633"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "modified-executable", "hashes": ["00b131fa9a8c08d98433d8595034e51b80784932d8fa4bac863ce8f70f3af856", "16bd5a90214d427113dd67424f717e4b8d11985e773f5380c59280a42da0e822", "27c7557bdf25884fe3b58f98277fae4cc7a77f24c292fbeed6abb2549d16e9ba", "1913d9841d42884fbcb51b74f1806eefbf619b8dc3e36569388870a796153e12", "4e1b16b99a4f5790578691146350c93f9c0957daecdaaf798e100e39c1279688", "25420b5af983fdf54059c50ace2e34a9432fa0e3148a0e6363376f9e9617619f", "033d5b7ac424bb285b3b7c4e188acf66e92fdb06e2f494e0786a713f11bc5675", "27f353645626f39108c9a1cfc2e28cd1c089972dd41621cd17610ec48c90e90d", "091d12b78592ea8db5f83dba429b3a088e3ae62fdcca489861824062c8f5ff23", "0514c7cb8e069ce657e5672d83d31e68b65c99ae7f6e5a86d08d89c690c09af5", "072cb9fe091174548a907eb6fba16e0a7076d7eff6e5623f2109d28b58a66af5", "1379bc713816753b7f9b8bd97cba679a87084d73f3c386647a649d8980bbbd42", "36a430d0daa727ce672cfe495d0c614e10f8045af1580344148e8b9148f07fa0", "525314e37bd5fe61793bf85d54fbaacdbf5e82e9fb8f328168ee2a83492fb268", "43125487b748bcb6220b45f46ffa491740f75d4cf71a8823a15b400fd0243d60", "4435683d1e47f965aeed38d754e02e52f7b45f68a4fa4708532af93d8b2a9cd5", "49d217b942b6f3da7a2f37457c8bf240c6da8577b24518e0d415ea961b7b953d", "1a9ef6ff0a5f76f096ad4375296d15c14e6ea96f42e62af8ef191b4e4517be17", "14c56a06a97877ff946460855d2422d306fa6bf4972f686c45168160e79c45c4", "49c4328e898a926bfbff4a6d530af9ebe107839ececfb09693133275f5ccd614", "16f5711bf9635e679ac65141c651e4740a2b9fc349d8e335e6b39f44a4fabbf9", "4dd17d724ad88aabcb8319f4d2a3df0b375b164378e009ff1b2607e7036c6b66", "2b33ce94b42bd98a812c657d492e9ece222e53d3c119f356534d5cfd6b1b2ffb", "322861c1b4b43d32a1331539d59ad573558f61672773430651929e40d19dafd5", "2b7a34bf7b088f72ed736dfaddacce547d19f87c9910883b5460de8946db0633"], "mitre_attack_tags": []}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["00b131fa9a8c08d98433d8595034e51b80784932d8fa4bac863ce8f70f3af856", "16bd5a90214d427113dd67424f717e4b8d11985e773f5380c59280a42da0e822", "27c7557bdf25884fe3b58f98277fae4cc7a77f24c292fbeed6abb2549d16e9ba", "1913d9841d42884fbcb51b74f1806eefbf619b8dc3e36569388870a796153e12", "4e1b16b99a4f5790578691146350c93f9c0957daecdaaf798e100e39c1279688", "25420b5af983fdf54059c50ace2e34a9432fa0e3148a0e6363376f9e9617619f", "033d5b7ac424bb285b3b7c4e188acf66e92fdb06e2f494e0786a713f11bc5675", "27f353645626f39108c9a1cfc2e28cd1c089972dd41621cd17610ec48c90e90d", "091d12b78592ea8db5f83dba429b3a088e3ae62fdcca489861824062c8f5ff23", "0514c7cb8e069ce657e5672d83d31e68b65c99ae7f6e5a86d08d89c690c09af5", "072cb9fe091174548a907eb6fba16e0a7076d7eff6e5623f2109d28b58a66af5", "1379bc713816753b7f9b8bd97cba679a87084d73f3c386647a649d8980bbbd42", "36a430d0daa727ce672cfe495d0c614e10f8045af1580344148e8b9148f07fa0", "525314e37bd5fe61793bf85d54fbaacdbf5e82e9fb8f328168ee2a83492fb268", "43125487b748bcb6220b45f46ffa491740f75d4cf71a8823a15b400fd0243d60", "4435683d1e47f965aeed38d754e02e52f7b45f68a4fa4708532af93d8b2a9cd5", "49d217b942b6f3da7a2f37457c8bf240c6da8577b24518e0d415ea961b7b953d", "1a9ef6ff0a5f76f096ad4375296d15c14e6ea96f42e62af8ef191b4e4517be17", "14c56a06a97877ff946460855d2422d306fa6bf4972f686c45168160e79c45c4", "49c4328e898a926bfbff4a6d530af9ebe107839ececfb09693133275f5ccd614", "16f5711bf9635e679ac65141c651e4740a2b9fc349d8e335e6b39f44a4fabbf9", "4dd17d724ad88aabcb8319f4d2a3df0b375b164378e009ff1b2607e7036c6b66", "2b33ce94b42bd98a812c657d492e9ece222e53d3c119f356534d5cfd6b1b2ffb", "322861c1b4b43d32a1331539d59ad573558f61672773430651929e40d19dafd5", "2b7a34bf7b088f72ed736dfaddacce547d19f87c9910883b5460de8946db0633"], "mitre_attack_tags": []}, {"bi": "cta-static-analyzer-malicious", "hashes": ["00b131fa9a8c08d98433d8595034e51b80784932d8fa4bac863ce8f70f3af856", "16bd5a90214d427113dd67424f717e4b8d11985e773f5380c59280a42da0e822", "27c7557bdf25884fe3b58f98277fae4cc7a77f24c292fbeed6abb2549d16e9ba", "1913d9841d42884fbcb51b74f1806eefbf619b8dc3e36569388870a796153e12", "4e1b16b99a4f5790578691146350c93f9c0957daecdaaf798e100e39c1279688", "25420b5af983fdf54059c50ace2e34a9432fa0e3148a0e6363376f9e9617619f", "033d5b7ac424bb285b3b7c4e188acf66e92fdb06e2f494e0786a713f11bc5675", "27f353645626f39108c9a1cfc2e28cd1c089972dd41621cd17610ec48c90e90d", "091d12b78592ea8db5f83dba429b3a088e3ae62fdcca489861824062c8f5ff23", "0514c7cb8e069ce657e5672d83d31e68b65c99ae7f6e5a86d08d89c690c09af5", "072cb9fe091174548a907eb6fba16e0a7076d7eff6e5623f2109d28b58a66af5", "1379bc713816753b7f9b8bd97cba679a87084d73f3c386647a649d8980bbbd42", "36a430d0daa727ce672cfe495d0c614e10f8045af1580344148e8b9148f07fa0", "525314e37bd5fe61793bf85d54fbaacdbf5e82e9fb8f328168ee2a83492fb268", "43125487b748bcb6220b45f46ffa491740f75d4cf71a8823a15b400fd0243d60", "4435683d1e47f965aeed38d754e02e52f7b45f68a4fa4708532af93d8b2a9cd5", "49d217b942b6f3da7a2f37457c8bf240c6da8577b24518e0d415ea961b7b953d", "1a9ef6ff0a5f76f096ad4375296d15c14e6ea96f42e62af8ef191b4e4517be17", "14c56a06a97877ff946460855d2422d306fa6bf4972f686c45168160e79c45c4", "49c4328e898a926bfbff4a6d530af9ebe107839ececfb09693133275f5ccd614", "16f5711bf9635e679ac65141c651e4740a2b9fc349d8e335e6b39f44a4fabbf9", "4dd17d724ad88aabcb8319f4d2a3df0b375b164378e009ff1b2607e7036c6b66", "2b33ce94b42bd98a812c657d492e9ece222e53d3c119f356534d5cfd6b1b2ffb", "322861c1b4b43d32a1331539d59ad573558f61672773430651929e40d19dafd5", "2b7a34bf7b088f72ed736dfaddacce547d19f87c9910883b5460de8946db0633"], "mitre_attack_tags": []}, {"bi": "artifact-flagged-anomaly", "hashes": ["00b131fa9a8c08d98433d8595034e51b80784932d8fa4bac863ce8f70f3af856", "16bd5a90214d427113dd67424f717e4b8d11985e773f5380c59280a42da0e822", "27c7557bdf25884fe3b58f98277fae4cc7a77f24c292fbeed6abb2549d16e9ba", "1913d9841d42884fbcb51b74f1806eefbf619b8dc3e36569388870a796153e12", "4e1b16b99a4f5790578691146350c93f9c0957daecdaaf798e100e39c1279688", "25420b5af983fdf54059c50ace2e34a9432fa0e3148a0e6363376f9e9617619f", "033d5b7ac424bb285b3b7c4e188acf66e92fdb06e2f494e0786a713f11bc5675", "27f353645626f39108c9a1cfc2e28cd1c089972dd41621cd17610ec48c90e90d", "091d12b78592ea8db5f83dba429b3a088e3ae62fdcca489861824062c8f5ff23", "0514c7cb8e069ce657e5672d83d31e68b65c99ae7f6e5a86d08d89c690c09af5", "072cb9fe091174548a907eb6fba16e0a7076d7eff6e5623f2109d28b58a66af5", "1379bc713816753b7f9b8bd97cba679a87084d73f3c386647a649d8980bbbd42", "36a430d0daa727ce672cfe495d0c614e10f8045af1580344148e8b9148f07fa0", "525314e37bd5fe61793bf85d54fbaacdbf5e82e9fb8f328168ee2a83492fb268", "43125487b748bcb6220b45f46ffa491740f75d4cf71a8823a15b400fd0243d60", "4435683d1e47f965aeed38d754e02e52f7b45f68a4fa4708532af93d8b2a9cd5", "49d217b942b6f3da7a2f37457c8bf240c6da8577b24518e0d415ea961b7b953d", "1a9ef6ff0a5f76f096ad4375296d15c14e6ea96f42e62af8ef191b4e4517be17", "14c56a06a97877ff946460855d2422d306fa6bf4972f686c45168160e79c45c4", "49c4328e898a926bfbff4a6d530af9ebe107839ececfb09693133275f5ccd614", "16f5711bf9635e679ac65141c651e4740a2b9fc349d8e335e6b39f44a4fabbf9", "4dd17d724ad88aabcb8319f4d2a3df0b375b164378e009ff1b2607e7036c6b66", "2b33ce94b42bd98a812c657d492e9ece222e53d3c119f356534d5cfd6b1b2ffb", "322861c1b4b43d32a1331539d59ad573558f61672773430651929e40d19dafd5", "2b7a34bf7b088f72ed736dfaddacce547d19f87c9910883b5460de8946db0633"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-section-execute-writable", "hashes": ["00b131fa9a8c08d98433d8595034e51b80784932d8fa4bac863ce8f70f3af856", "16bd5a90214d427113dd67424f717e4b8d11985e773f5380c59280a42da0e822", "27c7557bdf25884fe3b58f98277fae4cc7a77f24c292fbeed6abb2549d16e9ba", "1913d9841d42884fbcb51b74f1806eefbf619b8dc3e36569388870a796153e12", "4e1b16b99a4f5790578691146350c93f9c0957daecdaaf798e100e39c1279688", "25420b5af983fdf54059c50ace2e34a9432fa0e3148a0e6363376f9e9617619f", "033d5b7ac424bb285b3b7c4e188acf66e92fdb06e2f494e0786a713f11bc5675", "27f353645626f39108c9a1cfc2e28cd1c089972dd41621cd17610ec48c90e90d", "091d12b78592ea8db5f83dba429b3a088e3ae62fdcca489861824062c8f5ff23", "0514c7cb8e069ce657e5672d83d31e68b65c99ae7f6e5a86d08d89c690c09af5", "072cb9fe091174548a907eb6fba16e0a7076d7eff6e5623f2109d28b58a66af5", "1379bc713816753b7f9b8bd97cba679a87084d73f3c386647a649d8980bbbd42", "36a430d0daa727ce672cfe495d0c614e10f8045af1580344148e8b9148f07fa0", "525314e37bd5fe61793bf85d54fbaacdbf5e82e9fb8f328168ee2a83492fb268", "43125487b748bcb6220b45f46ffa491740f75d4cf71a8823a15b400fd0243d60", "4435683d1e47f965aeed38d754e02e52f7b45f68a4fa4708532af93d8b2a9cd5", "49d217b942b6f3da7a2f37457c8bf240c6da8577b24518e0d415ea961b7b953d", "1a9ef6ff0a5f76f096ad4375296d15c14e6ea96f42e62af8ef191b4e4517be17", "14c56a06a97877ff946460855d2422d306fa6bf4972f686c45168160e79c45c4", "49c4328e898a926bfbff4a6d530af9ebe107839ececfb09693133275f5ccd614", "16f5711bf9635e679ac65141c651e4740a2b9fc349d8e335e6b39f44a4fabbf9", "4dd17d724ad88aabcb8319f4d2a3df0b375b164378e009ff1b2607e7036c6b66", "2b33ce94b42bd98a812c657d492e9ece222e53d3c119f356534d5cfd6b1b2ffb", "322861c1b4b43d32a1331539d59ad573558f61672773430651929e40d19dafd5", "2b7a34bf7b088f72ed736dfaddacce547d19f87c9910883b5460de8946db0633"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "network-fast-flux-domain", "hashes": ["00b131fa9a8c08d98433d8595034e51b80784932d8fa4bac863ce8f70f3af856", "16bd5a90214d427113dd67424f717e4b8d11985e773f5380c59280a42da0e822", "27c7557bdf25884fe3b58f98277fae4cc7a77f24c292fbeed6abb2549d16e9ba", "1913d9841d42884fbcb51b74f1806eefbf619b8dc3e36569388870a796153e12", "4e1b16b99a4f5790578691146350c93f9c0957daecdaaf798e100e39c1279688", "25420b5af983fdf54059c50ace2e34a9432fa0e3148a0e6363376f9e9617619f", "033d5b7ac424bb285b3b7c4e188acf66e92fdb06e2f494e0786a713f11bc5675", "27f353645626f39108c9a1cfc2e28cd1c089972dd41621cd17610ec48c90e90d", "091d12b78592ea8db5f83dba429b3a088e3ae62fdcca489861824062c8f5ff23", "0514c7cb8e069ce657e5672d83d31e68b65c99ae7f6e5a86d08d89c690c09af5", "072cb9fe091174548a907eb6fba16e0a7076d7eff6e5623f2109d28b58a66af5", "1379bc713816753b7f9b8bd97cba679a87084d73f3c386647a649d8980bbbd42", "36a430d0daa727ce672cfe495d0c614e10f8045af1580344148e8b9148f07fa0", "525314e37bd5fe61793bf85d54fbaacdbf5e82e9fb8f328168ee2a83492fb268", "43125487b748bcb6220b45f46ffa491740f75d4cf71a8823a15b400fd0243d60", "4435683d1e47f965aeed38d754e02e52f7b45f68a4fa4708532af93d8b2a9cd5", "49d217b942b6f3da7a2f37457c8bf240c6da8577b24518e0d415ea961b7b953d", "1a9ef6ff0a5f76f096ad4375296d15c14e6ea96f42e62af8ef191b4e4517be17", "14c56a06a97877ff946460855d2422d306fa6bf4972f686c45168160e79c45c4", "49c4328e898a926bfbff4a6d530af9ebe107839ececfb09693133275f5ccd614", "16f5711bf9635e679ac65141c651e4740a2b9fc349d8e335e6b39f44a4fabbf9", "4dd17d724ad88aabcb8319f4d2a3df0b375b164378e009ff1b2607e7036c6b66", "2b33ce94b42bd98a812c657d492e9ece222e53d3c119f356534d5cfd6b1b2ffb", "322861c1b4b43d32a1331539d59ad573558f61672773430651929e40d19dafd5", "2b7a34bf7b088f72ed736dfaddacce547d19f87c9910883b5460de8946db0633"], "mitre_attack_tags": []}, {"bi": "network-communications-http-get", "hashes": ["00b131fa9a8c08d98433d8595034e51b80784932d8fa4bac863ce8f70f3af856", "16bd5a90214d427113dd67424f717e4b8d11985e773f5380c59280a42da0e822", "27c7557bdf25884fe3b58f98277fae4cc7a77f24c292fbeed6abb2549d16e9ba", "1913d9841d42884fbcb51b74f1806eefbf619b8dc3e36569388870a796153e12", "4e1b16b99a4f5790578691146350c93f9c0957daecdaaf798e100e39c1279688", "25420b5af983fdf54059c50ace2e34a9432fa0e3148a0e6363376f9e9617619f", "033d5b7ac424bb285b3b7c4e188acf66e92fdb06e2f494e0786a713f11bc5675", "27f353645626f39108c9a1cfc2e28cd1c089972dd41621cd17610ec48c90e90d", "091d12b78592ea8db5f83dba429b3a088e3ae62fdcca489861824062c8f5ff23", "0514c7cb8e069ce657e5672d83d31e68b65c99ae7f6e5a86d08d89c690c09af5", "072cb9fe091174548a907eb6fba16e0a7076d7eff6e5623f2109d28b58a66af5", "1379bc713816753b7f9b8bd97cba679a87084d73f3c386647a649d8980bbbd42", "36a430d0daa727ce672cfe495d0c614e10f8045af1580344148e8b9148f07fa0", "525314e37bd5fe61793bf85d54fbaacdbf5e82e9fb8f328168ee2a83492fb268", "43125487b748bcb6220b45f46ffa491740f75d4cf71a8823a15b400fd0243d60", "4435683d1e47f965aeed38d754e02e52f7b45f68a4fa4708532af93d8b2a9cd5", "49d217b942b6f3da7a2f37457c8bf240c6da8577b24518e0d415ea961b7b953d", "1a9ef6ff0a5f76f096ad4375296d15c14e6ea96f42e62af8ef191b4e4517be17", "14c56a06a97877ff946460855d2422d306fa6bf4972f686c45168160e79c45c4", "49c4328e898a926bfbff4a6d530af9ebe107839ececfb09693133275f5ccd614", "16f5711bf9635e679ac65141c651e4740a2b9fc349d8e335e6b39f44a4fabbf9", "4dd17d724ad88aabcb8319f4d2a3df0b375b164378e009ff1b2607e7036c6b66", "2b33ce94b42bd98a812c657d492e9ece222e53d3c119f356534d5cfd6b1b2ffb", "322861c1b4b43d32a1331539d59ad573558f61672773430651929e40d19dafd5", "2b7a34bf7b088f72ed736dfaddacce547d19f87c9910883b5460de8946db0633"], "mitre_attack_tags": ["TA0011", "T1105"]}, {"bi": "hook-installed", "hashes": ["00b131fa9a8c08d98433d8595034e51b80784932d8fa4bac863ce8f70f3af856", "16bd5a90214d427113dd67424f717e4b8d11985e773f5380c59280a42da0e822", "27c7557bdf25884fe3b58f98277fae4cc7a77f24c292fbeed6abb2549d16e9ba", "1913d9841d42884fbcb51b74f1806eefbf619b8dc3e36569388870a796153e12", "4e1b16b99a4f5790578691146350c93f9c0957daecdaaf798e100e39c1279688", "25420b5af983fdf54059c50ace2e34a9432fa0e3148a0e6363376f9e9617619f", "033d5b7ac424bb285b3b7c4e188acf66e92fdb06e2f494e0786a713f11bc5675", "27f353645626f39108c9a1cfc2e28cd1c089972dd41621cd17610ec48c90e90d", "091d12b78592ea8db5f83dba429b3a088e3ae62fdcca489861824062c8f5ff23", "0514c7cb8e069ce657e5672d83d31e68b65c99ae7f6e5a86d08d89c690c09af5", "072cb9fe091174548a907eb6fba16e0a7076d7eff6e5623f2109d28b58a66af5", "1379bc713816753b7f9b8bd97cba679a87084d73f3c386647a649d8980bbbd42", "36a430d0daa727ce672cfe495d0c614e10f8045af1580344148e8b9148f07fa0", "525314e37bd5fe61793bf85d54fbaacdbf5e82e9fb8f328168ee2a83492fb268", "43125487b748bcb6220b45f46ffa491740f75d4cf71a8823a15b400fd0243d60", "4435683d1e47f965aeed38d754e02e52f7b45f68a4fa4708532af93d8b2a9cd5", "49d217b942b6f3da7a2f37457c8bf240c6da8577b24518e0d415ea961b7b953d", "1a9ef6ff0a5f76f096ad4375296d15c14e6ea96f42e62af8ef191b4e4517be17", "14c56a06a97877ff946460855d2422d306fa6bf4972f686c45168160e79c45c4", "49c4328e898a926bfbff4a6d530af9ebe107839ececfb09693133275f5ccd614", "16f5711bf9635e679ac65141c651e4740a2b9fc349d8e335e6b39f44a4fabbf9", "4dd17d724ad88aabcb8319f4d2a3df0b375b164378e009ff1b2607e7036c6b66", "2b33ce94b42bd98a812c657d492e9ece222e53d3c119f356534d5cfd6b1b2ffb", "322861c1b4b43d32a1331539d59ad573558f61672773430651929e40d19dafd5", "2b7a34bf7b088f72ed736dfaddacce547d19f87c9910883b5460de8946db0633"], "mitre_attack_tags": ["TA0009", "TA0006", "T1056"]}, {"bi": "network-fast-flux-nameserver", "hashes": ["00b131fa9a8c08d98433d8595034e51b80784932d8fa4bac863ce8f70f3af856", "16bd5a90214d427113dd67424f717e4b8d11985e773f5380c59280a42da0e822", "27c7557bdf25884fe3b58f98277fae4cc7a77f24c292fbeed6abb2549d16e9ba", "1913d9841d42884fbcb51b74f1806eefbf619b8dc3e36569388870a796153e12", "4e1b16b99a4f5790578691146350c93f9c0957daecdaaf798e100e39c1279688", "25420b5af983fdf54059c50ace2e34a9432fa0e3148a0e6363376f9e9617619f", "033d5b7ac424bb285b3b7c4e188acf66e92fdb06e2f494e0786a713f11bc5675", "27f353645626f39108c9a1cfc2e28cd1c089972dd41621cd17610ec48c90e90d", "091d12b78592ea8db5f83dba429b3a088e3ae62fdcca489861824062c8f5ff23", "0514c7cb8e069ce657e5672d83d31e68b65c99ae7f6e5a86d08d89c690c09af5", "072cb9fe091174548a907eb6fba16e0a7076d7eff6e5623f2109d28b58a66af5", "1379bc713816753b7f9b8bd97cba679a87084d73f3c386647a649d8980bbbd42", "36a430d0daa727ce672cfe495d0c614e10f8045af1580344148e8b9148f07fa0", "525314e37bd5fe61793bf85d54fbaacdbf5e82e9fb8f328168ee2a83492fb268", "43125487b748bcb6220b45f46ffa491740f75d4cf71a8823a15b400fd0243d60", "4435683d1e47f965aeed38d754e02e52f7b45f68a4fa4708532af93d8b2a9cd5", "49d217b942b6f3da7a2f37457c8bf240c6da8577b24518e0d415ea961b7b953d", "1a9ef6ff0a5f76f096ad4375296d15c14e6ea96f42e62af8ef191b4e4517be17", "14c56a06a97877ff946460855d2422d306fa6bf4972f686c45168160e79c45c4", "49c4328e898a926bfbff4a6d530af9ebe107839ececfb09693133275f5ccd614", "16f5711bf9635e679ac65141c651e4740a2b9fc349d8e335e6b39f44a4fabbf9", "4dd17d724ad88aabcb8319f4d2a3df0b375b164378e009ff1b2607e7036c6b66", "2b33ce94b42bd98a812c657d492e9ece222e53d3c119f356534d5cfd6b1b2ffb", "322861c1b4b43d32a1331539d59ad573558f61672773430651929e40d19dafd5", "2b7a34bf7b088f72ed736dfaddacce547d19f87c9910883b5460de8946db0633"], "mitre_attack_tags": []}, {"bi": "dns-query-nxdomain", "hashes": ["00b131fa9a8c08d98433d8595034e51b80784932d8fa4bac863ce8f70f3af856", "16bd5a90214d427113dd67424f717e4b8d11985e773f5380c59280a42da0e822", "27c7557bdf25884fe3b58f98277fae4cc7a77f24c292fbeed6abb2549d16e9ba", "1913d9841d42884fbcb51b74f1806eefbf619b8dc3e36569388870a796153e12", "4e1b16b99a4f5790578691146350c93f9c0957daecdaaf798e100e39c1279688", "25420b5af983fdf54059c50ace2e34a9432fa0e3148a0e6363376f9e9617619f", "033d5b7ac424bb285b3b7c4e188acf66e92fdb06e2f494e0786a713f11bc5675", "27f353645626f39108c9a1cfc2e28cd1c089972dd41621cd17610ec48c90e90d", "091d12b78592ea8db5f83dba429b3a088e3ae62fdcca489861824062c8f5ff23", "0514c7cb8e069ce657e5672d83d31e68b65c99ae7f6e5a86d08d89c690c09af5", "072cb9fe091174548a907eb6fba16e0a7076d7eff6e5623f2109d28b58a66af5", "1379bc713816753b7f9b8bd97cba679a87084d73f3c386647a649d8980bbbd42", "36a430d0daa727ce672cfe495d0c614e10f8045af1580344148e8b9148f07fa0", "525314e37bd5fe61793bf85d54fbaacdbf5e82e9fb8f328168ee2a83492fb268", "43125487b748bcb6220b45f46ffa491740f75d4cf71a8823a15b400fd0243d60", "4435683d1e47f965aeed38d754e02e52f7b45f68a4fa4708532af93d8b2a9cd5", "49d217b942b6f3da7a2f37457c8bf240c6da8577b24518e0d415ea961b7b953d", "1a9ef6ff0a5f76f096ad4375296d15c14e6ea96f42e62af8ef191b4e4517be17", "14c56a06a97877ff946460855d2422d306fa6bf4972f686c45168160e79c45c4", "49c4328e898a926bfbff4a6d530af9ebe107839ececfb09693133275f5ccd614", "16f5711bf9635e679ac65141c651e4740a2b9fc349d8e335e6b39f44a4fabbf9", "4dd17d724ad88aabcb8319f4d2a3df0b375b164378e009ff1b2607e7036c6b66", "2b33ce94b42bd98a812c657d492e9ece222e53d3c119f356534d5cfd6b1b2ffb", "322861c1b4b43d32a1331539d59ad573558f61672773430651929e40d19dafd5", "2b7a34bf7b088f72ed736dfaddacce547d19f87c9910883b5460de8946db0633"], "mitre_attack_tags": []}, {"bi": "network-snort-protocol", "hashes": ["00b131fa9a8c08d98433d8595034e51b80784932d8fa4bac863ce8f70f3af856", "16bd5a90214d427113dd67424f717e4b8d11985e773f5380c59280a42da0e822", "27c7557bdf25884fe3b58f98277fae4cc7a77f24c292fbeed6abb2549d16e9ba", "1913d9841d42884fbcb51b74f1806eefbf619b8dc3e36569388870a796153e12", "4e1b16b99a4f5790578691146350c93f9c0957daecdaaf798e100e39c1279688", "25420b5af983fdf54059c50ace2e34a9432fa0e3148a0e6363376f9e9617619f", "033d5b7ac424bb285b3b7c4e188acf66e92fdb06e2f494e0786a713f11bc5675", "27f353645626f39108c9a1cfc2e28cd1c089972dd41621cd17610ec48c90e90d", "091d12b78592ea8db5f83dba429b3a088e3ae62fdcca489861824062c8f5ff23", "0514c7cb8e069ce657e5672d83d31e68b65c99ae7f6e5a86d08d89c690c09af5", "072cb9fe091174548a907eb6fba16e0a7076d7eff6e5623f2109d28b58a66af5", "1379bc713816753b7f9b8bd97cba679a87084d73f3c386647a649d8980bbbd42", "36a430d0daa727ce672cfe495d0c614e10f8045af1580344148e8b9148f07fa0", "525314e37bd5fe61793bf85d54fbaacdbf5e82e9fb8f328168ee2a83492fb268", "43125487b748bcb6220b45f46ffa491740f75d4cf71a8823a15b400fd0243d60", "4435683d1e47f965aeed38d754e02e52f7b45f68a4fa4708532af93d8b2a9cd5", "49d217b942b6f3da7a2f37457c8bf240c6da8577b24518e0d415ea961b7b953d", "1a9ef6ff0a5f76f096ad4375296d15c14e6ea96f42e62af8ef191b4e4517be17", "14c56a06a97877ff946460855d2422d306fa6bf4972f686c45168160e79c45c4", "49c4328e898a926bfbff4a6d530af9ebe107839ececfb09693133275f5ccd614", "16f5711bf9635e679ac65141c651e4740a2b9fc349d8e335e6b39f44a4fabbf9", "4dd17d724ad88aabcb8319f4d2a3df0b375b164378e009ff1b2607e7036c6b66", "2b33ce94b42bd98a812c657d492e9ece222e53d3c119f356534d5cfd6b1b2ffb", "322861c1b4b43d32a1331539d59ad573558f61672773430651929e40d19dafd5", "2b7a34bf7b088f72ed736dfaddacce547d19f87c9910883b5460de8946db0633"], "mitre_attack_tags": []}, {"bi": "network-only-safe-domains-contacted", "hashes": ["00b131fa9a8c08d98433d8595034e51b80784932d8fa4bac863ce8f70f3af856", "16bd5a90214d427113dd67424f717e4b8d11985e773f5380c59280a42da0e822", "27c7557bdf25884fe3b58f98277fae4cc7a77f24c292fbeed6abb2549d16e9ba", "1913d9841d42884fbcb51b74f1806eefbf619b8dc3e36569388870a796153e12", "4e1b16b99a4f5790578691146350c93f9c0957daecdaaf798e100e39c1279688", "25420b5af983fdf54059c50ace2e34a9432fa0e3148a0e6363376f9e9617619f", "033d5b7ac424bb285b3b7c4e188acf66e92fdb06e2f494e0786a713f11bc5675", "27f353645626f39108c9a1cfc2e28cd1c089972dd41621cd17610ec48c90e90d", "091d12b78592ea8db5f83dba429b3a088e3ae62fdcca489861824062c8f5ff23", "0514c7cb8e069ce657e5672d83d31e68b65c99ae7f6e5a86d08d89c690c09af5", "072cb9fe091174548a907eb6fba16e0a7076d7eff6e5623f2109d28b58a66af5", "1379bc713816753b7f9b8bd97cba679a87084d73f3c386647a649d8980bbbd42", "36a430d0daa727ce672cfe495d0c614e10f8045af1580344148e8b9148f07fa0", "525314e37bd5fe61793bf85d54fbaacdbf5e82e9fb8f328168ee2a83492fb268", "43125487b748bcb6220b45f46ffa491740f75d4cf71a8823a15b400fd0243d60", "4435683d1e47f965aeed38d754e02e52f7b45f68a4fa4708532af93d8b2a9cd5", "49d217b942b6f3da7a2f37457c8bf240c6da8577b24518e0d415ea961b7b953d", "1a9ef6ff0a5f76f096ad4375296d15c14e6ea96f42e62af8ef191b4e4517be17", "14c56a06a97877ff946460855d2422d306fa6bf4972f686c45168160e79c45c4", "49c4328e898a926bfbff4a6d530af9ebe107839ececfb09693133275f5ccd614", "16f5711bf9635e679ac65141c651e4740a2b9fc349d8e335e6b39f44a4fabbf9", "4dd17d724ad88aabcb8319f4d2a3df0b375b164378e009ff1b2607e7036c6b66", "2b33ce94b42bd98a812c657d492e9ece222e53d3c119f356534d5cfd6b1b2ffb", "322861c1b4b43d32a1331539d59ad573558f61672773430651929e40d19dafd5", "2b7a34bf7b088f72ed736dfaddacce547d19f87c9910883b5460de8946db0633"], "mitre_attack_tags": []}, {"bi": "feed-domain-banking", "hashes": ["00b131fa9a8c08d98433d8595034e51b80784932d8fa4bac863ce8f70f3af856", "16bd5a90214d427113dd67424f717e4b8d11985e773f5380c59280a42da0e822", "27c7557bdf25884fe3b58f98277fae4cc7a77f24c292fbeed6abb2549d16e9ba", "1913d9841d42884fbcb51b74f1806eefbf619b8dc3e36569388870a796153e12", "4e1b16b99a4f5790578691146350c93f9c0957daecdaaf798e100e39c1279688", "25420b5af983fdf54059c50ace2e34a9432fa0e3148a0e6363376f9e9617619f", "033d5b7ac424bb285b3b7c4e188acf66e92fdb06e2f494e0786a713f11bc5675", "27f353645626f39108c9a1cfc2e28cd1c089972dd41621cd17610ec48c90e90d", "091d12b78592ea8db5f83dba429b3a088e3ae62fdcca489861824062c8f5ff23", "0514c7cb8e069ce657e5672d83d31e68b65c99ae7f6e5a86d08d89c690c09af5", "072cb9fe091174548a907eb6fba16e0a7076d7eff6e5623f2109d28b58a66af5", "1379bc713816753b7f9b8bd97cba679a87084d73f3c386647a649d8980bbbd42", "36a430d0daa727ce672cfe495d0c614e10f8045af1580344148e8b9148f07fa0", "525314e37bd5fe61793bf85d54fbaacdbf5e82e9fb8f328168ee2a83492fb268", "43125487b748bcb6220b45f46ffa491740f75d4cf71a8823a15b400fd0243d60", "4435683d1e47f965aeed38d754e02e52f7b45f68a4fa4708532af93d8b2a9cd5", "49d217b942b6f3da7a2f37457c8bf240c6da8577b24518e0d415ea961b7b953d", "1a9ef6ff0a5f76f096ad4375296d15c14e6ea96f42e62af8ef191b4e4517be17", "14c56a06a97877ff946460855d2422d306fa6bf4972f686c45168160e79c45c4", "49c4328e898a926bfbff4a6d530af9ebe107839ececfb09693133275f5ccd614", "16f5711bf9635e679ac65141c651e4740a2b9fc349d8e335e6b39f44a4fabbf9", "4dd17d724ad88aabcb8319f4d2a3df0b375b164378e009ff1b2607e7036c6b66", "2b33ce94b42bd98a812c657d492e9ece222e53d3c119f356534d5cfd6b1b2ffb", "322861c1b4b43d32a1331539d59ad573558f61672773430651929e40d19dafd5", "2b7a34bf7b088f72ed736dfaddacce547d19f87c9910883b5460de8946db0633"], "mitre_attack_tags": []}, {"bi": "feed-domain-antivirus-service", "hashes": ["00b131fa9a8c08d98433d8595034e51b80784932d8fa4bac863ce8f70f3af856", "16bd5a90214d427113dd67424f717e4b8d11985e773f5380c59280a42da0e822", "27c7557bdf25884fe3b58f98277fae4cc7a77f24c292fbeed6abb2549d16e9ba", "1913d9841d42884fbcb51b74f1806eefbf619b8dc3e36569388870a796153e12", "4e1b16b99a4f5790578691146350c93f9c0957daecdaaf798e100e39c1279688", "25420b5af983fdf54059c50ace2e34a9432fa0e3148a0e6363376f9e9617619f", "033d5b7ac424bb285b3b7c4e188acf66e92fdb06e2f494e0786a713f11bc5675", "27f353645626f39108c9a1cfc2e28cd1c089972dd41621cd17610ec48c90e90d", "091d12b78592ea8db5f83dba429b3a088e3ae62fdcca489861824062c8f5ff23", "0514c7cb8e069ce657e5672d83d31e68b65c99ae7f6e5a86d08d89c690c09af5", "072cb9fe091174548a907eb6fba16e0a7076d7eff6e5623f2109d28b58a66af5", "1379bc713816753b7f9b8bd97cba679a87084d73f3c386647a649d8980bbbd42", "36a430d0daa727ce672cfe495d0c614e10f8045af1580344148e8b9148f07fa0", "525314e37bd5fe61793bf85d54fbaacdbf5e82e9fb8f328168ee2a83492fb268", "43125487b748bcb6220b45f46ffa491740f75d4cf71a8823a15b400fd0243d60", "4435683d1e47f965aeed38d754e02e52f7b45f68a4fa4708532af93d8b2a9cd5", "49d217b942b6f3da7a2f37457c8bf240c6da8577b24518e0d415ea961b7b953d", "1a9ef6ff0a5f76f096ad4375296d15c14e6ea96f42e62af8ef191b4e4517be17", "14c56a06a97877ff946460855d2422d306fa6bf4972f686c45168160e79c45c4", "49c4328e898a926bfbff4a6d530af9ebe107839ececfb09693133275f5ccd614", "16f5711bf9635e679ac65141c651e4740a2b9fc349d8e335e6b39f44a4fabbf9", "4dd17d724ad88aabcb8319f4d2a3df0b375b164378e009ff1b2607e7036c6b66", "2b33ce94b42bd98a812c657d492e9ece222e53d3c119f356534d5cfd6b1b2ffb", "322861c1b4b43d32a1331539d59ad573558f61672773430651929e40d19dafd5", "2b7a34bf7b088f72ed736dfaddacce547d19f87c9910883b5460de8946db0633"], "mitre_attack_tags": []}, {"bi": "http-response-client-error", "hashes": ["00b131fa9a8c08d98433d8595034e51b80784932d8fa4bac863ce8f70f3af856", "16bd5a90214d427113dd67424f717e4b8d11985e773f5380c59280a42da0e822", "27c7557bdf25884fe3b58f98277fae4cc7a77f24c292fbeed6abb2549d16e9ba", "1913d9841d42884fbcb51b74f1806eefbf619b8dc3e36569388870a796153e12", "4e1b16b99a4f5790578691146350c93f9c0957daecdaaf798e100e39c1279688", "25420b5af983fdf54059c50ace2e34a9432fa0e3148a0e6363376f9e9617619f", "033d5b7ac424bb285b3b7c4e188acf66e92fdb06e2f494e0786a713f11bc5675", "27f353645626f39108c9a1cfc2e28cd1c089972dd41621cd17610ec48c90e90d", "091d12b78592ea8db5f83dba429b3a088e3ae62fdcca489861824062c8f5ff23", "0514c7cb8e069ce657e5672d83d31e68b65c99ae7f6e5a86d08d89c690c09af5", "072cb9fe091174548a907eb6fba16e0a7076d7eff6e5623f2109d28b58a66af5", "1379bc713816753b7f9b8bd97cba679a87084d73f3c386647a649d8980bbbd42", "36a430d0daa727ce672cfe495d0c614e10f8045af1580344148e8b9148f07fa0", "525314e37bd5fe61793bf85d54fbaacdbf5e82e9fb8f328168ee2a83492fb268", "43125487b748bcb6220b45f46ffa491740f75d4cf71a8823a15b400fd0243d60", "4435683d1e47f965aeed38d754e02e52f7b45f68a4fa4708532af93d8b2a9cd5", "49d217b942b6f3da7a2f37457c8bf240c6da8577b24518e0d415ea961b7b953d", "1a9ef6ff0a5f76f096ad4375296d15c14e6ea96f42e62af8ef191b4e4517be17", "14c56a06a97877ff946460855d2422d306fa6bf4972f686c45168160e79c45c4", "49c4328e898a926bfbff4a6d530af9ebe107839ececfb09693133275f5ccd614", "16f5711bf9635e679ac65141c651e4740a2b9fc349d8e335e6b39f44a4fabbf9", "4dd17d724ad88aabcb8319f4d2a3df0b375b164378e009ff1b2607e7036c6b66", "2b33ce94b42bd98a812c657d492e9ece222e53d3c119f356534d5cfd6b1b2ffb", "322861c1b4b43d32a1331539d59ad573558f61672773430651929e40d19dafd5", "2b7a34bf7b088f72ed736dfaddacce547d19f87c9910883b5460de8946db0633"], "mitre_attack_tags": []}, {"bi": "deleted-submitted-file", "hashes": ["00b131fa9a8c08d98433d8595034e51b80784932d8fa4bac863ce8f70f3af856", "16bd5a90214d427113dd67424f717e4b8d11985e773f5380c59280a42da0e822", "27c7557bdf25884fe3b58f98277fae4cc7a77f24c292fbeed6abb2549d16e9ba", "1913d9841d42884fbcb51b74f1806eefbf619b8dc3e36569388870a796153e12", "4e1b16b99a4f5790578691146350c93f9c0957daecdaaf798e100e39c1279688", "25420b5af983fdf54059c50ace2e34a9432fa0e3148a0e6363376f9e9617619f", "033d5b7ac424bb285b3b7c4e188acf66e92fdb06e2f494e0786a713f11bc5675", "27f353645626f39108c9a1cfc2e28cd1c089972dd41621cd17610ec48c90e90d", "091d12b78592ea8db5f83dba429b3a088e3ae62fdcca489861824062c8f5ff23", "0514c7cb8e069ce657e5672d83d31e68b65c99ae7f6e5a86d08d89c690c09af5", "072cb9fe091174548a907eb6fba16e0a7076d7eff6e5623f2109d28b58a66af5", "1379bc713816753b7f9b8bd97cba679a87084d73f3c386647a649d8980bbbd42", "36a430d0daa727ce672cfe495d0c614e10f8045af1580344148e8b9148f07fa0", "525314e37bd5fe61793bf85d54fbaacdbf5e82e9fb8f328168ee2a83492fb268", "43125487b748bcb6220b45f46ffa491740f75d4cf71a8823a15b400fd0243d60", "4435683d1e47f965aeed38d754e02e52f7b45f68a4fa4708532af93d8b2a9cd5", "49d217b942b6f3da7a2f37457c8bf240c6da8577b24518e0d415ea961b7b953d", "1a9ef6ff0a5f76f096ad4375296d15c14e6ea96f42e62af8ef191b4e4517be17", "14c56a06a97877ff946460855d2422d306fa6bf4972f686c45168160e79c45c4", "49c4328e898a926bfbff4a6d530af9ebe107839ececfb09693133275f5ccd614", "16f5711bf9635e679ac65141c651e4740a2b9fc349d8e335e6b39f44a4fabbf9", "4dd17d724ad88aabcb8319f4d2a3df0b375b164378e009ff1b2607e7036c6b66", "2b33ce94b42bd98a812c657d492e9ece222e53d3c119f356534d5cfd6b1b2ffb", "322861c1b4b43d32a1331539d59ad573558f61672773430651929e40d19dafd5", "2b7a34bf7b088f72ed736dfaddacce547d19f87c9910883b5460de8946db0633"], "mitre_attack_tags": ["TA0005", "T1070"]}, {"bi": "artifact-windows-task", "hashes": ["00b131fa9a8c08d98433d8595034e51b80784932d8fa4bac863ce8f70f3af856", "16bd5a90214d427113dd67424f717e4b8d11985e773f5380c59280a42da0e822", "27c7557bdf25884fe3b58f98277fae4cc7a77f24c292fbeed6abb2549d16e9ba", "1913d9841d42884fbcb51b74f1806eefbf619b8dc3e36569388870a796153e12", "4e1b16b99a4f5790578691146350c93f9c0957daecdaaf798e100e39c1279688", "25420b5af983fdf54059c50ace2e34a9432fa0e3148a0e6363376f9e9617619f", "033d5b7ac424bb285b3b7c4e188acf66e92fdb06e2f494e0786a713f11bc5675", "27f353645626f39108c9a1cfc2e28cd1c089972dd41621cd17610ec48c90e90d", "091d12b78592ea8db5f83dba429b3a088e3ae62fdcca489861824062c8f5ff23", "0514c7cb8e069ce657e5672d83d31e68b65c99ae7f6e5a86d08d89c690c09af5", "072cb9fe091174548a907eb6fba16e0a7076d7eff6e5623f2109d28b58a66af5", "1379bc713816753b7f9b8bd97cba679a87084d73f3c386647a649d8980bbbd42", "36a430d0daa727ce672cfe495d0c614e10f8045af1580344148e8b9148f07fa0", "525314e37bd5fe61793bf85d54fbaacdbf5e82e9fb8f328168ee2a83492fb268", "43125487b748bcb6220b45f46ffa491740f75d4cf71a8823a15b400fd0243d60", "4435683d1e47f965aeed38d754e02e52f7b45f68a4fa4708532af93d8b2a9cd5", "49d217b942b6f3da7a2f37457c8bf240c6da8577b24518e0d415ea961b7b953d", "1a9ef6ff0a5f76f096ad4375296d15c14e6ea96f42e62af8ef191b4e4517be17", "14c56a06a97877ff946460855d2422d306fa6bf4972f686c45168160e79c45c4", "49c4328e898a926bfbff4a6d530af9ebe107839ececfb09693133275f5ccd614", "16f5711bf9635e679ac65141c651e4740a2b9fc349d8e335e6b39f44a4fabbf9", "4dd17d724ad88aabcb8319f4d2a3df0b375b164378e009ff1b2607e7036c6b66", "2b33ce94b42bd98a812c657d492e9ece222e53d3c119f356534d5cfd6b1b2ffb", "322861c1b4b43d32a1331539d59ad573558f61672773430651929e40d19dafd5", "2b7a34bf7b088f72ed736dfaddacce547d19f87c9910883b5460de8946db0633"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1053"]}, {"bi": "registry-autorun-key-modified", "hashes": ["00b131fa9a8c08d98433d8595034e51b80784932d8fa4bac863ce8f70f3af856", "16bd5a90214d427113dd67424f717e4b8d11985e773f5380c59280a42da0e822", "27c7557bdf25884fe3b58f98277fae4cc7a77f24c292fbeed6abb2549d16e9ba", "1913d9841d42884fbcb51b74f1806eefbf619b8dc3e36569388870a796153e12", "4e1b16b99a4f5790578691146350c93f9c0957daecdaaf798e100e39c1279688", "25420b5af983fdf54059c50ace2e34a9432fa0e3148a0e6363376f9e9617619f", "033d5b7ac424bb285b3b7c4e188acf66e92fdb06e2f494e0786a713f11bc5675", "27f353645626f39108c9a1cfc2e28cd1c089972dd41621cd17610ec48c90e90d", "091d12b78592ea8db5f83dba429b3a088e3ae62fdcca489861824062c8f5ff23", "0514c7cb8e069ce657e5672d83d31e68b65c99ae7f6e5a86d08d89c690c09af5", "072cb9fe091174548a907eb6fba16e0a7076d7eff6e5623f2109d28b58a66af5", "1379bc713816753b7f9b8bd97cba679a87084d73f3c386647a649d8980bbbd42", "36a430d0daa727ce672cfe495d0c614e10f8045af1580344148e8b9148f07fa0", "525314e37bd5fe61793bf85d54fbaacdbf5e82e9fb8f328168ee2a83492fb268", "43125487b748bcb6220b45f46ffa491740f75d4cf71a8823a15b400fd0243d60", "4435683d1e47f965aeed38d754e02e52f7b45f68a4fa4708532af93d8b2a9cd5", "49d217b942b6f3da7a2f37457c8bf240c6da8577b24518e0d415ea961b7b953d", "1a9ef6ff0a5f76f096ad4375296d15c14e6ea96f42e62af8ef191b4e4517be17", "14c56a06a97877ff946460855d2422d306fa6bf4972f686c45168160e79c45c4", "49c4328e898a926bfbff4a6d530af9ebe107839ececfb09693133275f5ccd614", "16f5711bf9635e679ac65141c651e4740a2b9fc349d8e335e6b39f44a4fabbf9", "4dd17d724ad88aabcb8319f4d2a3df0b375b164378e009ff1b2607e7036c6b66", "2b33ce94b42bd98a812c657d492e9ece222e53d3c119f356534d5cfd6b1b2ffb", "322861c1b4b43d32a1331539d59ad573558f61672773430651929e40d19dafd5", "2b7a34bf7b088f72ed736dfaddacce547d19f87c9910883b5460de8946db0633"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "potential-registry-persistence", "hashes": ["00b131fa9a8c08d98433d8595034e51b80784932d8fa4bac863ce8f70f3af856", "16bd5a90214d427113dd67424f717e4b8d11985e773f5380c59280a42da0e822", "27c7557bdf25884fe3b58f98277fae4cc7a77f24c292fbeed6abb2549d16e9ba", "1913d9841d42884fbcb51b74f1806eefbf619b8dc3e36569388870a796153e12", "4e1b16b99a4f5790578691146350c93f9c0957daecdaaf798e100e39c1279688", "25420b5af983fdf54059c50ace2e34a9432fa0e3148a0e6363376f9e9617619f", "033d5b7ac424bb285b3b7c4e188acf66e92fdb06e2f494e0786a713f11bc5675", "27f353645626f39108c9a1cfc2e28cd1c089972dd41621cd17610ec48c90e90d", "091d12b78592ea8db5f83dba429b3a088e3ae62fdcca489861824062c8f5ff23", "0514c7cb8e069ce657e5672d83d31e68b65c99ae7f6e5a86d08d89c690c09af5", "072cb9fe091174548a907eb6fba16e0a7076d7eff6e5623f2109d28b58a66af5", "1379bc713816753b7f9b8bd97cba679a87084d73f3c386647a649d8980bbbd42", "36a430d0daa727ce672cfe495d0c614e10f8045af1580344148e8b9148f07fa0", "525314e37bd5fe61793bf85d54fbaacdbf5e82e9fb8f328168ee2a83492fb268", "43125487b748bcb6220b45f46ffa491740f75d4cf71a8823a15b400fd0243d60", "4435683d1e47f965aeed38d754e02e52f7b45f68a4fa4708532af93d8b2a9cd5", "49d217b942b6f3da7a2f37457c8bf240c6da8577b24518e0d415ea961b7b953d", "1a9ef6ff0a5f76f096ad4375296d15c14e6ea96f42e62af8ef191b4e4517be17", "14c56a06a97877ff946460855d2422d306fa6bf4972f686c45168160e79c45c4", "49c4328e898a926bfbff4a6d530af9ebe107839ececfb09693133275f5ccd614", "16f5711bf9635e679ac65141c651e4740a2b9fc349d8e335e6b39f44a4fabbf9", "4dd17d724ad88aabcb8319f4d2a3df0b375b164378e009ff1b2607e7036c6b66", "2b33ce94b42bd98a812c657d492e9ece222e53d3c119f356534d5cfd6b1b2ffb", "322861c1b4b43d32a1331539d59ad573558f61672773430651929e40d19dafd5", "2b7a34bf7b088f72ed736dfaddacce547d19f87c9910883b5460de8946db0633"], "mitre_attack_tags": []}, {"bi": "http-response-redirect", "hashes": ["00b131fa9a8c08d98433d8595034e51b80784932d8fa4bac863ce8f70f3af856", "16bd5a90214d427113dd67424f717e4b8d11985e773f5380c59280a42da0e822", "27c7557bdf25884fe3b58f98277fae4cc7a77f24c292fbeed6abb2549d16e9ba", "1913d9841d42884fbcb51b74f1806eefbf619b8dc3e36569388870a796153e12", "4e1b16b99a4f5790578691146350c93f9c0957daecdaaf798e100e39c1279688", "25420b5af983fdf54059c50ace2e34a9432fa0e3148a0e6363376f9e9617619f", "033d5b7ac424bb285b3b7c4e188acf66e92fdb06e2f494e0786a713f11bc5675", "27f353645626f39108c9a1cfc2e28cd1c089972dd41621cd17610ec48c90e90d", "091d12b78592ea8db5f83dba429b3a088e3ae62fdcca489861824062c8f5ff23", "0514c7cb8e069ce657e5672d83d31e68b65c99ae7f6e5a86d08d89c690c09af5", "072cb9fe091174548a907eb6fba16e0a7076d7eff6e5623f2109d28b58a66af5", "1379bc713816753b7f9b8bd97cba679a87084d73f3c386647a649d8980bbbd42", "36a430d0daa727ce672cfe495d0c614e10f8045af1580344148e8b9148f07fa0", "525314e37bd5fe61793bf85d54fbaacdbf5e82e9fb8f328168ee2a83492fb268", "43125487b748bcb6220b45f46ffa491740f75d4cf71a8823a15b400fd0243d60", "4435683d1e47f965aeed38d754e02e52f7b45f68a4fa4708532af93d8b2a9cd5", "49d217b942b6f3da7a2f37457c8bf240c6da8577b24518e0d415ea961b7b953d", "1a9ef6ff0a5f76f096ad4375296d15c14e6ea96f42e62af8ef191b4e4517be17", "14c56a06a97877ff946460855d2422d306fa6bf4972f686c45168160e79c45c4", "49c4328e898a926bfbff4a6d530af9ebe107839ececfb09693133275f5ccd614", "16f5711bf9635e679ac65141c651e4740a2b9fc349d8e335e6b39f44a4fabbf9", "4dd17d724ad88aabcb8319f4d2a3df0b375b164378e009ff1b2607e7036c6b66", "2b33ce94b42bd98a812c657d492e9ece222e53d3c119f356534d5cfd6b1b2ffb", "322861c1b4b43d32a1331539d59ad573558f61672773430651929e40d19dafd5", "2b7a34bf7b088f72ed736dfaddacce547d19f87c9910883b5460de8946db0633"], "mitre_attack_tags": []}, {"bi": "pe-tls-callback", "hashes": ["00b131fa9a8c08d98433d8595034e51b80784932d8fa4bac863ce8f70f3af856", "16bd5a90214d427113dd67424f717e4b8d11985e773f5380c59280a42da0e822", "27c7557bdf25884fe3b58f98277fae4cc7a77f24c292fbeed6abb2549d16e9ba", "1913d9841d42884fbcb51b74f1806eefbf619b8dc3e36569388870a796153e12", "4e1b16b99a4f5790578691146350c93f9c0957daecdaaf798e100e39c1279688", "25420b5af983fdf54059c50ace2e34a9432fa0e3148a0e6363376f9e9617619f", "033d5b7ac424bb285b3b7c4e188acf66e92fdb06e2f494e0786a713f11bc5675", "27f353645626f39108c9a1cfc2e28cd1c089972dd41621cd17610ec48c90e90d", "091d12b78592ea8db5f83dba429b3a088e3ae62fdcca489861824062c8f5ff23", "0514c7cb8e069ce657e5672d83d31e68b65c99ae7f6e5a86d08d89c690c09af5", "072cb9fe091174548a907eb6fba16e0a7076d7eff6e5623f2109d28b58a66af5", "1379bc713816753b7f9b8bd97cba679a87084d73f3c386647a649d8980bbbd42", "36a430d0daa727ce672cfe495d0c614e10f8045af1580344148e8b9148f07fa0", "525314e37bd5fe61793bf85d54fbaacdbf5e82e9fb8f328168ee2a83492fb268", "43125487b748bcb6220b45f46ffa491740f75d4cf71a8823a15b400fd0243d60", "4435683d1e47f965aeed38d754e02e52f7b45f68a4fa4708532af93d8b2a9cd5", "49d217b942b6f3da7a2f37457c8bf240c6da8577b24518e0d415ea961b7b953d", "1a9ef6ff0a5f76f096ad4375296d15c14e6ea96f42e62af8ef191b4e4517be17", "14c56a06a97877ff946460855d2422d306fa6bf4972f686c45168160e79c45c4", "49c4328e898a926bfbff4a6d530af9ebe107839ececfb09693133275f5ccd614", "16f5711bf9635e679ac65141c651e4740a2b9fc349d8e335e6b39f44a4fabbf9", "4dd17d724ad88aabcb8319f4d2a3df0b375b164378e009ff1b2607e7036c6b66", "2b33ce94b42bd98a812c657d492e9ece222e53d3c119f356534d5cfd6b1b2ffb", "322861c1b4b43d32a1331539d59ad573558f61672773430651929e40d19dafd5", "2b7a34bf7b088f72ed736dfaddacce547d19f87c9910883b5460de8946db0633"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "sample-pe-modified-on-disk", "hashes": ["00b131fa9a8c08d98433d8595034e51b80784932d8fa4bac863ce8f70f3af856", "16bd5a90214d427113dd67424f717e4b8d11985e773f5380c59280a42da0e822", "27c7557bdf25884fe3b58f98277fae4cc7a77f24c292fbeed6abb2549d16e9ba", "1913d9841d42884fbcb51b74f1806eefbf619b8dc3e36569388870a796153e12", "4e1b16b99a4f5790578691146350c93f9c0957daecdaaf798e100e39c1279688", "25420b5af983fdf54059c50ace2e34a9432fa0e3148a0e6363376f9e9617619f", "033d5b7ac424bb285b3b7c4e188acf66e92fdb06e2f494e0786a713f11bc5675", "27f353645626f39108c9a1cfc2e28cd1c089972dd41621cd17610ec48c90e90d", "091d12b78592ea8db5f83dba429b3a088e3ae62fdcca489861824062c8f5ff23", "0514c7cb8e069ce657e5672d83d31e68b65c99ae7f6e5a86d08d89c690c09af5", "072cb9fe091174548a907eb6fba16e0a7076d7eff6e5623f2109d28b58a66af5", "1379bc713816753b7f9b8bd97cba679a87084d73f3c386647a649d8980bbbd42", "36a430d0daa727ce672cfe495d0c614e10f8045af1580344148e8b9148f07fa0", "525314e37bd5fe61793bf85d54fbaacdbf5e82e9fb8f328168ee2a83492fb268", "43125487b748bcb6220b45f46ffa491740f75d4cf71a8823a15b400fd0243d60", "4435683d1e47f965aeed38d754e02e52f7b45f68a4fa4708532af93d8b2a9cd5", "49d217b942b6f3da7a2f37457c8bf240c6da8577b24518e0d415ea961b7b953d", "1a9ef6ff0a5f76f096ad4375296d15c14e6ea96f42e62af8ef191b4e4517be17", "14c56a06a97877ff946460855d2422d306fa6bf4972f686c45168160e79c45c4", "49c4328e898a926bfbff4a6d530af9ebe107839ececfb09693133275f5ccd614", "16f5711bf9635e679ac65141c651e4740a2b9fc349d8e335e6b39f44a4fabbf9", "4dd17d724ad88aabcb8319f4d2a3df0b375b164378e009ff1b2607e7036c6b66", "2b33ce94b42bd98a812c657d492e9ece222e53d3c119f356534d5cfd6b1b2ffb", "322861c1b4b43d32a1331539d59ad573558f61672773430651929e40d19dafd5", "2b7a34bf7b088f72ed736dfaddacce547d19f87c9910883b5460de8946db0633"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "malware-compound-cta-activity", "hashes": ["00b131fa9a8c08d98433d8595034e51b80784932d8fa4bac863ce8f70f3af856", "16bd5a90214d427113dd67424f717e4b8d11985e773f5380c59280a42da0e822", "27c7557bdf25884fe3b58f98277fae4cc7a77f24c292fbeed6abb2549d16e9ba", "1913d9841d42884fbcb51b74f1806eefbf619b8dc3e36569388870a796153e12", "4e1b16b99a4f5790578691146350c93f9c0957daecdaaf798e100e39c1279688", "25420b5af983fdf54059c50ace2e34a9432fa0e3148a0e6363376f9e9617619f", "033d5b7ac424bb285b3b7c4e188acf66e92fdb06e2f494e0786a713f11bc5675", "27f353645626f39108c9a1cfc2e28cd1c089972dd41621cd17610ec48c90e90d", "091d12b78592ea8db5f83dba429b3a088e3ae62fdcca489861824062c8f5ff23", "0514c7cb8e069ce657e5672d83d31e68b65c99ae7f6e5a86d08d89c690c09af5", "072cb9fe091174548a907eb6fba16e0a7076d7eff6e5623f2109d28b58a66af5", "1379bc713816753b7f9b8bd97cba679a87084d73f3c386647a649d8980bbbd42", "36a430d0daa727ce672cfe495d0c614e10f8045af1580344148e8b9148f07fa0", "525314e37bd5fe61793bf85d54fbaacdbf5e82e9fb8f328168ee2a83492fb268", "43125487b748bcb6220b45f46ffa491740f75d4cf71a8823a15b400fd0243d60", "4435683d1e47f965aeed38d754e02e52f7b45f68a4fa4708532af93d8b2a9cd5", "49d217b942b6f3da7a2f37457c8bf240c6da8577b24518e0d415ea961b7b953d", "1a9ef6ff0a5f76f096ad4375296d15c14e6ea96f42e62af8ef191b4e4517be17", "14c56a06a97877ff946460855d2422d306fa6bf4972f686c45168160e79c45c4", "49c4328e898a926bfbff4a6d530af9ebe107839ececfb09693133275f5ccd614", "16f5711bf9635e679ac65141c651e4740a2b9fc349d8e335e6b39f44a4fabbf9", "4dd17d724ad88aabcb8319f4d2a3df0b375b164378e009ff1b2607e7036c6b66", "2b33ce94b42bd98a812c657d492e9ece222e53d3c119f356534d5cfd6b1b2ffb", "322861c1b4b43d32a1331539d59ad573558f61672773430651929e40d19dafd5", "2b7a34bf7b088f72ed736dfaddacce547d19f87c9910883b5460de8946db0633"], "mitre_attack_tags": []}, {"bi": "task-manager-disabled", "hashes": ["00b131fa9a8c08d98433d8595034e51b80784932d8fa4bac863ce8f70f3af856", "16bd5a90214d427113dd67424f717e4b8d11985e773f5380c59280a42da0e822", "27c7557bdf25884fe3b58f98277fae4cc7a77f24c292fbeed6abb2549d16e9ba", "1913d9841d42884fbcb51b74f1806eefbf619b8dc3e36569388870a796153e12", "4e1b16b99a4f5790578691146350c93f9c0957daecdaaf798e100e39c1279688", "25420b5af983fdf54059c50ace2e34a9432fa0e3148a0e6363376f9e9617619f", "033d5b7ac424bb285b3b7c4e188acf66e92fdb06e2f494e0786a713f11bc5675", "27f353645626f39108c9a1cfc2e28cd1c089972dd41621cd17610ec48c90e90d", "091d12b78592ea8db5f83dba429b3a088e3ae62fdcca489861824062c8f5ff23", "0514c7cb8e069ce657e5672d83d31e68b65c99ae7f6e5a86d08d89c690c09af5", "072cb9fe091174548a907eb6fba16e0a7076d7eff6e5623f2109d28b58a66af5", "1379bc713816753b7f9b8bd97cba679a87084d73f3c386647a649d8980bbbd42", "36a430d0daa727ce672cfe495d0c614e10f8045af1580344148e8b9148f07fa0", "525314e37bd5fe61793bf85d54fbaacdbf5e82e9fb8f328168ee2a83492fb268", "43125487b748bcb6220b45f46ffa491740f75d4cf71a8823a15b400fd0243d60", "4435683d1e47f965aeed38d754e02e52f7b45f68a4fa4708532af93d8b2a9cd5", "49d217b942b6f3da7a2f37457c8bf240c6da8577b24518e0d415ea961b7b953d", "1a9ef6ff0a5f76f096ad4375296d15c14e6ea96f42e62af8ef191b4e4517be17", "14c56a06a97877ff946460855d2422d306fa6bf4972f686c45168160e79c45c4", "49c4328e898a926bfbff4a6d530af9ebe107839ececfb09693133275f5ccd614", "16f5711bf9635e679ac65141c651e4740a2b9fc349d8e335e6b39f44a4fabbf9", "4dd17d724ad88aabcb8319f4d2a3df0b375b164378e009ff1b2607e7036c6b66", "2b33ce94b42bd98a812c657d492e9ece222e53d3c119f356534d5cfd6b1b2ffb", "322861c1b4b43d32a1331539d59ad573558f61672773430651929e40d19dafd5", "2b7a34bf7b088f72ed736dfaddacce547d19f87c9910883b5460de8946db0633"], "mitre_attack_tags": ["TA0040", "T1499"]}, {"bi": "pe-header-timestamp-prior", "hashes": ["00b131fa9a8c08d98433d8595034e51b80784932d8fa4bac863ce8f70f3af856", "16bd5a90214d427113dd67424f717e4b8d11985e773f5380c59280a42da0e822", "27c7557bdf25884fe3b58f98277fae4cc7a77f24c292fbeed6abb2549d16e9ba", "1913d9841d42884fbcb51b74f1806eefbf619b8dc3e36569388870a796153e12", "4e1b16b99a4f5790578691146350c93f9c0957daecdaaf798e100e39c1279688", "25420b5af983fdf54059c50ace2e34a9432fa0e3148a0e6363376f9e9617619f", "033d5b7ac424bb285b3b7c4e188acf66e92fdb06e2f494e0786a713f11bc5675", "27f353645626f39108c9a1cfc2e28cd1c089972dd41621cd17610ec48c90e90d", "091d12b78592ea8db5f83dba429b3a088e3ae62fdcca489861824062c8f5ff23", "0514c7cb8e069ce657e5672d83d31e68b65c99ae7f6e5a86d08d89c690c09af5", "072cb9fe091174548a907eb6fba16e0a7076d7eff6e5623f2109d28b58a66af5", "1379bc713816753b7f9b8bd97cba679a87084d73f3c386647a649d8980bbbd42", "36a430d0daa727ce672cfe495d0c614e10f8045af1580344148e8b9148f07fa0", "525314e37bd5fe61793bf85d54fbaacdbf5e82e9fb8f328168ee2a83492fb268", "43125487b748bcb6220b45f46ffa491740f75d4cf71a8823a15b400fd0243d60", "4435683d1e47f965aeed38d754e02e52f7b45f68a4fa4708532af93d8b2a9cd5", "49d217b942b6f3da7a2f37457c8bf240c6da8577b24518e0d415ea961b7b953d", "1a9ef6ff0a5f76f096ad4375296d15c14e6ea96f42e62af8ef191b4e4517be17", "14c56a06a97877ff946460855d2422d306fa6bf4972f686c45168160e79c45c4", "49c4328e898a926bfbff4a6d530af9ebe107839ececfb09693133275f5ccd614", "16f5711bf9635e679ac65141c651e4740a2b9fc349d8e335e6b39f44a4fabbf9", "4dd17d724ad88aabcb8319f4d2a3df0b375b164378e009ff1b2607e7036c6b66", "2b33ce94b42bd98a812c657d492e9ece222e53d3c119f356534d5cfd6b1b2ffb", "322861c1b4b43d32a1331539d59ad573558f61672773430651929e40d19dafd5", "2b7a34bf7b088f72ed736dfaddacce547d19f87c9910883b5460de8946db0633"], "mitre_attack_tags": []}, {"bi": "windows-os-reboot-detected", "hashes": ["00b131fa9a8c08d98433d8595034e51b80784932d8fa4bac863ce8f70f3af856", "16bd5a90214d427113dd67424f717e4b8d11985e773f5380c59280a42da0e822", "27c7557bdf25884fe3b58f98277fae4cc7a77f24c292fbeed6abb2549d16e9ba", "1913d9841d42884fbcb51b74f1806eefbf619b8dc3e36569388870a796153e12", "4e1b16b99a4f5790578691146350c93f9c0957daecdaaf798e100e39c1279688", "25420b5af983fdf54059c50ace2e34a9432fa0e3148a0e6363376f9e9617619f", "033d5b7ac424bb285b3b7c4e188acf66e92fdb06e2f494e0786a713f11bc5675", "27f353645626f39108c9a1cfc2e28cd1c089972dd41621cd17610ec48c90e90d", "091d12b78592ea8db5f83dba429b3a088e3ae62fdcca489861824062c8f5ff23", "0514c7cb8e069ce657e5672d83d31e68b65c99ae7f6e5a86d08d89c690c09af5", "072cb9fe091174548a907eb6fba16e0a7076d7eff6e5623f2109d28b58a66af5", "1379bc713816753b7f9b8bd97cba679a87084d73f3c386647a649d8980bbbd42", "36a430d0daa727ce672cfe495d0c614e10f8045af1580344148e8b9148f07fa0", "525314e37bd5fe61793bf85d54fbaacdbf5e82e9fb8f328168ee2a83492fb268", "43125487b748bcb6220b45f46ffa491740f75d4cf71a8823a15b400fd0243d60", "4435683d1e47f965aeed38d754e02e52f7b45f68a4fa4708532af93d8b2a9cd5", "49d217b942b6f3da7a2f37457c8bf240c6da8577b24518e0d415ea961b7b953d", "1a9ef6ff0a5f76f096ad4375296d15c14e6ea96f42e62af8ef191b4e4517be17", "14c56a06a97877ff946460855d2422d306fa6bf4972f686c45168160e79c45c4", "49c4328e898a926bfbff4a6d530af9ebe107839ececfb09693133275f5ccd614", "16f5711bf9635e679ac65141c651e4740a2b9fc349d8e335e6b39f44a4fabbf9", "4dd17d724ad88aabcb8319f4d2a3df0b375b164378e009ff1b2607e7036c6b66", "2b33ce94b42bd98a812c657d492e9ece222e53d3c119f356534d5cfd6b1b2ffb", "322861c1b4b43d32a1331539d59ad573558f61672773430651929e40d19dafd5", "2b7a34bf7b088f72ed736dfaddacce547d19f87c9910883b5460de8946db0633"], "mitre_attack_tags": ["TA0040"]}, {"bi": "pe-header-timestamp-null", "hashes": ["00b131fa9a8c08d98433d8595034e51b80784932d8fa4bac863ce8f70f3af856", "16bd5a90214d427113dd67424f717e4b8d11985e773f5380c59280a42da0e822", "27c7557bdf25884fe3b58f98277fae4cc7a77f24c292fbeed6abb2549d16e9ba", "1913d9841d42884fbcb51b74f1806eefbf619b8dc3e36569388870a796153e12", "4e1b16b99a4f5790578691146350c93f9c0957daecdaaf798e100e39c1279688", "25420b5af983fdf54059c50ace2e34a9432fa0e3148a0e6363376f9e9617619f", "033d5b7ac424bb285b3b7c4e188acf66e92fdb06e2f494e0786a713f11bc5675", "27f353645626f39108c9a1cfc2e28cd1c089972dd41621cd17610ec48c90e90d", "091d12b78592ea8db5f83dba429b3a088e3ae62fdcca489861824062c8f5ff23", "0514c7cb8e069ce657e5672d83d31e68b65c99ae7f6e5a86d08d89c690c09af5", "072cb9fe091174548a907eb6fba16e0a7076d7eff6e5623f2109d28b58a66af5", "1379bc713816753b7f9b8bd97cba679a87084d73f3c386647a649d8980bbbd42", "36a430d0daa727ce672cfe495d0c614e10f8045af1580344148e8b9148f07fa0", "525314e37bd5fe61793bf85d54fbaacdbf5e82e9fb8f328168ee2a83492fb268", "43125487b748bcb6220b45f46ffa491740f75d4cf71a8823a15b400fd0243d60", "4435683d1e47f965aeed38d754e02e52f7b45f68a4fa4708532af93d8b2a9cd5", "49d217b942b6f3da7a2f37457c8bf240c6da8577b24518e0d415ea961b7b953d", "1a9ef6ff0a5f76f096ad4375296d15c14e6ea96f42e62af8ef191b4e4517be17", "14c56a06a97877ff946460855d2422d306fa6bf4972f686c45168160e79c45c4", "49c4328e898a926bfbff4a6d530af9ebe107839ececfb09693133275f5ccd614", "16f5711bf9635e679ac65141c651e4740a2b9fc349d8e335e6b39f44a4fabbf9", "4dd17d724ad88aabcb8319f4d2a3df0b375b164378e009ff1b2607e7036c6b66", "2b33ce94b42bd98a812c657d492e9ece222e53d3c119f356534d5cfd6b1b2ffb", "322861c1b4b43d32a1331539d59ad573558f61672773430651929e40d19dafd5", "2b7a34bf7b088f72ed736dfaddacce547d19f87c9910883b5460de8946db0633"], "mitre_attack_tags": []}, {"bi": "sample-modified-deleted", "hashes": ["00b131fa9a8c08d98433d8595034e51b80784932d8fa4bac863ce8f70f3af856", "16bd5a90214d427113dd67424f717e4b8d11985e773f5380c59280a42da0e822", "27c7557bdf25884fe3b58f98277fae4cc7a77f24c292fbeed6abb2549d16e9ba", "1913d9841d42884fbcb51b74f1806eefbf619b8dc3e36569388870a796153e12", "4e1b16b99a4f5790578691146350c93f9c0957daecdaaf798e100e39c1279688", "25420b5af983fdf54059c50ace2e34a9432fa0e3148a0e6363376f9e9617619f", "033d5b7ac424bb285b3b7c4e188acf66e92fdb06e2f494e0786a713f11bc5675", "27f353645626f39108c9a1cfc2e28cd1c089972dd41621cd17610ec48c90e90d", "091d12b78592ea8db5f83dba429b3a088e3ae62fdcca489861824062c8f5ff23", "0514c7cb8e069ce657e5672d83d31e68b65c99ae7f6e5a86d08d89c690c09af5", "072cb9fe091174548a907eb6fba16e0a7076d7eff6e5623f2109d28b58a66af5", "1379bc713816753b7f9b8bd97cba679a87084d73f3c386647a649d8980bbbd42", "36a430d0daa727ce672cfe495d0c614e10f8045af1580344148e8b9148f07fa0", "525314e37bd5fe61793bf85d54fbaacdbf5e82e9fb8f328168ee2a83492fb268", "43125487b748bcb6220b45f46ffa491740f75d4cf71a8823a15b400fd0243d60", "4435683d1e47f965aeed38d754e02e52f7b45f68a4fa4708532af93d8b2a9cd5", "49d217b942b6f3da7a2f37457c8bf240c6da8577b24518e0d415ea961b7b953d", "1a9ef6ff0a5f76f096ad4375296d15c14e6ea96f42e62af8ef191b4e4517be17", "14c56a06a97877ff946460855d2422d306fa6bf4972f686c45168160e79c45c4", "49c4328e898a926bfbff4a6d530af9ebe107839ececfb09693133275f5ccd614", "16f5711bf9635e679ac65141c651e4740a2b9fc349d8e335e6b39f44a4fabbf9", "4dd17d724ad88aabcb8319f4d2a3df0b375b164378e009ff1b2607e7036c6b66", "2b33ce94b42bd98a812c657d492e9ece222e53d3c119f356534d5cfd6b1b2ffb", "322861c1b4b43d32a1331539d59ad573558f61672773430651929e40d19dafd5", "2b7a34bf7b088f72ed736dfaddacce547d19f87c9910883b5460de8946db0633"], "mitre_attack_tags": ["TA0005", "T1070"]}, {"bi": "malware-dridex-detected", "hashes": ["00b131fa9a8c08d98433d8595034e51b80784932d8fa4bac863ce8f70f3af856", "16bd5a90214d427113dd67424f717e4b8d11985e773f5380c59280a42da0e822", "27c7557bdf25884fe3b58f98277fae4cc7a77f24c292fbeed6abb2549d16e9ba", "1913d9841d42884fbcb51b74f1806eefbf619b8dc3e36569388870a796153e12", "4e1b16b99a4f5790578691146350c93f9c0957daecdaaf798e100e39c1279688", "25420b5af983fdf54059c50ace2e34a9432fa0e3148a0e6363376f9e9617619f", "033d5b7ac424bb285b3b7c4e188acf66e92fdb06e2f494e0786a713f11bc5675", "27f353645626f39108c9a1cfc2e28cd1c089972dd41621cd17610ec48c90e90d", "091d12b78592ea8db5f83dba429b3a088e3ae62fdcca489861824062c8f5ff23", "0514c7cb8e069ce657e5672d83d31e68b65c99ae7f6e5a86d08d89c690c09af5", "072cb9fe091174548a907eb6fba16e0a7076d7eff6e5623f2109d28b58a66af5", "1379bc713816753b7f9b8bd97cba679a87084d73f3c386647a649d8980bbbd42", "36a430d0daa727ce672cfe495d0c614e10f8045af1580344148e8b9148f07fa0", "525314e37bd5fe61793bf85d54fbaacdbf5e82e9fb8f328168ee2a83492fb268", "43125487b748bcb6220b45f46ffa491740f75d4cf71a8823a15b400fd0243d60", "4435683d1e47f965aeed38d754e02e52f7b45f68a4fa4708532af93d8b2a9cd5", "49d217b942b6f3da7a2f37457c8bf240c6da8577b24518e0d415ea961b7b953d", "1a9ef6ff0a5f76f096ad4375296d15c14e6ea96f42e62af8ef191b4e4517be17", "14c56a06a97877ff946460855d2422d306fa6bf4972f686c45168160e79c45c4", "49c4328e898a926bfbff4a6d530af9ebe107839ececfb09693133275f5ccd614", "16f5711bf9635e679ac65141c651e4740a2b9fc349d8e335e6b39f44a4fabbf9", "4dd17d724ad88aabcb8319f4d2a3df0b375b164378e009ff1b2607e7036c6b66", "2b33ce94b42bd98a812c657d492e9ece222e53d3c119f356534d5cfd6b1b2ffb", "322861c1b4b43d32a1331539d59ad573558f61672773430651929e40d19dafd5", "2b7a34bf7b088f72ed736dfaddacce547d19f87c9910883b5460de8946db0633"], "mitre_attack_tags": []}, {"bi": "url-pastebin-service", "hashes": ["00b131fa9a8c08d98433d8595034e51b80784932d8fa4bac863ce8f70f3af856", "16bd5a90214d427113dd67424f717e4b8d11985e773f5380c59280a42da0e822", "27c7557bdf25884fe3b58f98277fae4cc7a77f24c292fbeed6abb2549d16e9ba", "1913d9841d42884fbcb51b74f1806eefbf619b8dc3e36569388870a796153e12", "4e1b16b99a4f5790578691146350c93f9c0957daecdaaf798e100e39c1279688", "25420b5af983fdf54059c50ace2e34a9432fa0e3148a0e6363376f9e9617619f", "033d5b7ac424bb285b3b7c4e188acf66e92fdb06e2f494e0786a713f11bc5675", "27f353645626f39108c9a1cfc2e28cd1c089972dd41621cd17610ec48c90e90d", "091d12b78592ea8db5f83dba429b3a088e3ae62fdcca489861824062c8f5ff23", "0514c7cb8e069ce657e5672d83d31e68b65c99ae7f6e5a86d08d89c690c09af5", "072cb9fe091174548a907eb6fba16e0a7076d7eff6e5623f2109d28b58a66af5", "1379bc713816753b7f9b8bd97cba679a87084d73f3c386647a649d8980bbbd42", "36a430d0daa727ce672cfe495d0c614e10f8045af1580344148e8b9148f07fa0", "525314e37bd5fe61793bf85d54fbaacdbf5e82e9fb8f328168ee2a83492fb268", "43125487b748bcb6220b45f46ffa491740f75d4cf71a8823a15b400fd0243d60", "4435683d1e47f965aeed38d754e02e52f7b45f68a4fa4708532af93d8b2a9cd5", "49d217b942b6f3da7a2f37457c8bf240c6da8577b24518e0d415ea961b7b953d", "1a9ef6ff0a5f76f096ad4375296d15c14e6ea96f42e62af8ef191b4e4517be17", "14c56a06a97877ff946460855d2422d306fa6bf4972f686c45168160e79c45c4", "49c4328e898a926bfbff4a6d530af9ebe107839ececfb09693133275f5ccd614", "16f5711bf9635e679ac65141c651e4740a2b9fc349d8e335e6b39f44a4fabbf9", "4dd17d724ad88aabcb8319f4d2a3df0b375b164378e009ff1b2607e7036c6b66", "2b33ce94b42bd98a812c657d492e9ece222e53d3c119f356534d5cfd6b1b2ffb", "322861c1b4b43d32a1331539d59ad573558f61672773430651929e40d19dafd5", "2b7a34bf7b088f72ed736dfaddacce547d19f87c9910883b5460de8946db0633"], "mitre_attack_tags": ["TA0011", "T1102"]}, {"bi": "possible-dga-communication", "hashes": ["00b131fa9a8c08d98433d8595034e51b80784932d8fa4bac863ce8f70f3af856", "27c7557bdf25884fe3b58f98277fae4cc7a77f24c292fbeed6abb2549d16e9ba", "1913d9841d42884fbcb51b74f1806eefbf619b8dc3e36569388870a796153e12", "4e1b16b99a4f5790578691146350c93f9c0957daecdaaf798e100e39c1279688", "25420b5af983fdf54059c50ace2e34a9432fa0e3148a0e6363376f9e9617619f", "033d5b7ac424bb285b3b7c4e188acf66e92fdb06e2f494e0786a713f11bc5675", "27f353645626f39108c9a1cfc2e28cd1c089972dd41621cd17610ec48c90e90d", "091d12b78592ea8db5f83dba429b3a088e3ae62fdcca489861824062c8f5ff23", "0514c7cb8e069ce657e5672d83d31e68b65c99ae7f6e5a86d08d89c690c09af5", "072cb9fe091174548a907eb6fba16e0a7076d7eff6e5623f2109d28b58a66af5", "1379bc713816753b7f9b8bd97cba679a87084d73f3c386647a649d8980bbbd42", "36a430d0daa727ce672cfe495d0c614e10f8045af1580344148e8b9148f07fa0", "525314e37bd5fe61793bf85d54fbaacdbf5e82e9fb8f328168ee2a83492fb268", "43125487b748bcb6220b45f46ffa491740f75d4cf71a8823a15b400fd0243d60", "4435683d1e47f965aeed38d754e02e52f7b45f68a4fa4708532af93d8b2a9cd5", "49d217b942b6f3da7a2f37457c8bf240c6da8577b24518e0d415ea961b7b953d", "1a9ef6ff0a5f76f096ad4375296d15c14e6ea96f42e62af8ef191b4e4517be17", "14c56a06a97877ff946460855d2422d306fa6bf4972f686c45168160e79c45c4", "49c4328e898a926bfbff4a6d530af9ebe107839ececfb09693133275f5ccd614", "16f5711bf9635e679ac65141c651e4740a2b9fc349d8e335e6b39f44a4fabbf9", "4dd17d724ad88aabcb8319f4d2a3df0b375b164378e009ff1b2607e7036c6b66", "2b33ce94b42bd98a812c657d492e9ece222e53d3c119f356534d5cfd6b1b2ffb", "322861c1b4b43d32a1331539d59ad573558f61672773430651929e40d19dafd5", "2b7a34bf7b088f72ed736dfaddacce547d19f87c9910883b5460de8946db0633"], "mitre_attack_tags": ["TA0011"]}, {"bi": "imports-IsDebuggerPresent", "hashes": ["00b131fa9a8c08d98433d8595034e51b80784932d8fa4bac863ce8f70f3af856", "27c7557bdf25884fe3b58f98277fae4cc7a77f24c292fbeed6abb2549d16e9ba", "1913d9841d42884fbcb51b74f1806eefbf619b8dc3e36569388870a796153e12", "4e1b16b99a4f5790578691146350c93f9c0957daecdaaf798e100e39c1279688", "25420b5af983fdf54059c50ace2e34a9432fa0e3148a0e6363376f9e9617619f", "033d5b7ac424bb285b3b7c4e188acf66e92fdb06e2f494e0786a713f11bc5675", "27f353645626f39108c9a1cfc2e28cd1c089972dd41621cd17610ec48c90e90d", "091d12b78592ea8db5f83dba429b3a088e3ae62fdcca489861824062c8f5ff23", "0514c7cb8e069ce657e5672d83d31e68b65c99ae7f6e5a86d08d89c690c09af5", "072cb9fe091174548a907eb6fba16e0a7076d7eff6e5623f2109d28b58a66af5", "1379bc713816753b7f9b8bd97cba679a87084d73f3c386647a649d8980bbbd42", "36a430d0daa727ce672cfe495d0c614e10f8045af1580344148e8b9148f07fa0", "525314e37bd5fe61793bf85d54fbaacdbf5e82e9fb8f328168ee2a83492fb268", "43125487b748bcb6220b45f46ffa491740f75d4cf71a8823a15b400fd0243d60", "4435683d1e47f965aeed38d754e02e52f7b45f68a4fa4708532af93d8b2a9cd5", "49d217b942b6f3da7a2f37457c8bf240c6da8577b24518e0d415ea961b7b953d", "14c56a06a97877ff946460855d2422d306fa6bf4972f686c45168160e79c45c4", "49c4328e898a926bfbff4a6d530af9ebe107839ececfb09693133275f5ccd614", "16f5711bf9635e679ac65141c651e4740a2b9fc349d8e335e6b39f44a4fabbf9", "4dd17d724ad88aabcb8319f4d2a3df0b375b164378e009ff1b2607e7036c6b66", "2b33ce94b42bd98a812c657d492e9ece222e53d3c119f356534d5cfd6b1b2ffb", "322861c1b4b43d32a1331539d59ad573558f61672773430651929e40d19dafd5", "2b7a34bf7b088f72ed736dfaddacce547d19f87c9910883b5460de8946db0633"], "mitre_attack_tags": []}], "category": "Packed", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": true, "Threat Grid": true, "Umbrella": false, "WSA": false}, "description": "Dridex is a well-known banking trojan that steals credentials and other sensitive information from an infected machine.", "hashes": ["00b131fa9a8c08d98433d8595034e51b80784932d8fa4bac863ce8f70f3af856", "033d5b7ac424bb285b3b7c4e188acf66e92fdb06e2f494e0786a713f11bc5675", "0514c7cb8e069ce657e5672d83d31e68b65c99ae7f6e5a86d08d89c690c09af5", "072cb9fe091174548a907eb6fba16e0a7076d7eff6e5623f2109d28b58a66af5", "091d12b78592ea8db5f83dba429b3a088e3ae62fdcca489861824062c8f5ff23", "1379bc713816753b7f9b8bd97cba679a87084d73f3c386647a649d8980bbbd42", "14c56a06a97877ff946460855d2422d306fa6bf4972f686c45168160e79c45c4", "16bd5a90214d427113dd67424f717e4b8d11985e773f5380c59280a42da0e822", "16f5711bf9635e679ac65141c651e4740a2b9fc349d8e335e6b39f44a4fabbf9", "1913d9841d42884fbcb51b74f1806eefbf619b8dc3e36569388870a796153e12", "1a9ef6ff0a5f76f096ad4375296d15c14e6ea96f42e62af8ef191b4e4517be17", "25420b5af983fdf54059c50ace2e34a9432fa0e3148a0e6363376f9e9617619f", "27c7557bdf25884fe3b58f98277fae4cc7a77f24c292fbeed6abb2549d16e9ba", "27f353645626f39108c9a1cfc2e28cd1c089972dd41621cd17610ec48c90e90d", "2b33ce94b42bd98a812c657d492e9ece222e53d3c119f356534d5cfd6b1b2ffb", "2b7a34bf7b088f72ed736dfaddacce547d19f87c9910883b5460de8946db0633", "322861c1b4b43d32a1331539d59ad573558f61672773430651929e40d19dafd5", "36a430d0daa727ce672cfe495d0c614e10f8045af1580344148e8b9148f07fa0", "43125487b748bcb6220b45f46ffa491740f75d4cf71a8823a15b400fd0243d60", "4435683d1e47f965aeed38d754e02e52f7b45f68a4fa4708532af93d8b2a9cd5", "49c4328e898a926bfbff4a6d530af9ebe107839ececfb09693133275f5ccd614", "49d217b942b6f3da7a2f37457c8bf240c6da8577b24518e0d415ea961b7b953d", "4dd17d724ad88aabcb8319f4d2a3df0b375b164378e009ff1b2607e7036c6b66", "4e1b16b99a4f5790578691146350c93f9c0957daecdaaf798e100e39c1279688", "525314e37bd5fe61793bf85d54fbaacdbf5e82e9fb8f328168ee2a83492fb268", "5f88f533b1346f7a5a02e4bd35bd29e05735be968708053f049d260f283eec1b", "6318902e99c98c26bec917d04f23f402c804a9c0feda630c41cc693b3abef4b7", "66d8d8127bdcfb08aab13cac4119e6acbd5b19fed0aacce28caa78313bd1ec1b", "67bbe9c556f4b055637ece00030a42dcf6f7cd06fc56dccab67feac9bc28ebd1", "6c01e8129b9c54d44bb93483f03ec91761b516bab5cf6943683b73b967a07d9a", "6e395ad63fcee2bf26636a650b2118fe03d3475b786d0c190bac758845e6290b", "6eb9aa7653565be0e6ad121533ccc8d36435e204e5a10bea01410175fcb5022b", "7b300a0093f902bed319a0b43e0ebdb8ab1d0f47c2d9b9968a348b0fbfd2a769", "7ddb4257568b028b9853c2db0b345f2224dd86b616ff9613b93a6154b536cfde", "8ec445fe43bee543dc461ce6512107aec6b345a6462ff1f11a8b702f32f18458", "98b4fff1a7bd106e8a5a932139ecc7251e4978f011fe42a8a63cb257d75f77b6", "9cd0f43172442ba922692d392325e7519ea413c5abd7045714532076b8ca33c2", "9fb1405836b2de661cc6e231e4f5b86bbf96d7df6a72ead28c1ad5dafe7193c9", "9ff2e8fb1c82c15a71efca743fb5e1ae3fc97e1cdb5961a4dbb76081b2476af3", "a005a3324056848a997236118972083163098bfa89345a5078502bf92bf1ba41", "a596bf3f109a160d1e4b4e07025167082fa4efa2902c710fe0b218fe60caf7c2", "ac11094a8bb73e95ad6a5171a27e0153ab27dc82d9a0c807b2c8d83bfc6e8332", "acedf3636b9b8efba297df4e78143a4b9646880fdf33bbe4326bc47ee920892a", "aef89064c030436f47772fa958b66df77fc40eaf3f13aef9ea92eb0947d5e8ee", "af4845bcc251940ac702161825e4132052679d93c063b490910906f3ab1c510b", "b13953c57c54e40fdc5ce867d32a2f6cb3d002c71cce2418ad8f0e4a04341698", "b1e37f311dfb5870746640af6030f972dd27caffee36ca38f79793ba7d9d9c5a", "be85c4c686aec1ba3dcd93dce39e8e0b2f1987c64e098078438891bd6323c8e1", "c4235e6bca10c1f7a205a3292c5d66151feaa86c3fa0ab7fc6f7f758ce2452f5", "c62d920778712e0f72a6c05ded22b38594edcb1696115fc7a9c06c51ddb1f5df", "c6b3b9cc6da0d99a3e8fefdf72506b6c9ef9869df6369a5413caae69d643f1de", "c6b9419d424c1180427441f1987ba8198b909f77047c69352ae0cdfb5c0f060e", "cc727b346ee1640699d166ff05a9d2ad4ca900de3df9dd48410e0cff32d1ab1e", "ccc195fec235eedb142154b398c17a6624710b262a524422711a0e8f59593aee", "d0a92dd08e07371e0e033a560261cbc71c73e6e493a46916525d52556863168f", "d585f9c83dbc17500ea904749ac5e43c70d118972c77e0f93865e96b3ec75617", "d5fe3790c19000611b09ded6ca5dbe442f50d6f7cc905291816a47da18a7f016", "daee4697d47221e70006ecabacf446699cb551ae97dc0805d0786f1d29ed0164", "df21f0b525faae543333efe9811ea392fc8b3341c56d532b731ce41e04136191", "e0097a8fc32086529324f4ec2a9e67ee607f1475f565439ac6efefb241e81f3f", "e13d26cb6fb0dab0ae37a77fbb2bced8ac0965e0c54cc75416fe234a47ce6bea", "e5938b73f30c4e3046e020a26bf5d8b89f5645a13de8d8dd9a45d987eacaf843", "ec077f14745225b555e615a95b4ff9114443982c764fd6a5dadb643533153eed", "f0f5469ab44295a758e325aad6c9d5c1e5019c303f33af4fde3547c17330d6e7", "f18d60c3a7c590e7c53ee4537977d5ff23d9d956c0744bb29a8be3c5745ab5a2", "f4f5e00fbfb58c289e9e5068957c4c34f9c9d9054f9343d1283a644b857179e9", "f5a8ae240f2b62590dcf9c3256e2d199a542b0fc6daf36f4a95b063b7d06980c", "f63575b7905d79f5250751965833f5aadd838fbeee7c2a7a8a774f6630a4323d", "f77cc5646872bd960c73feb02a9a48f6fe10c685eae0524a77eb4d657f9c16fe", "f84f88fc5ada8aa3adaff79dcf5c7197ae49f8779b89c0eb1299c7ae3b1bf598"], "iocs": {"domain": [{"hashes": ["00b131fa9a8c08d98433d8595034e51b80784932d8fa4bac863ce8f70f3af856", "033d5b7ac424bb285b3b7c4e188acf66e92fdb06e2f494e0786a713f11bc5675", "0514c7cb8e069ce657e5672d83d31e68b65c99ae7f6e5a86d08d89c690c09af5", "072cb9fe091174548a907eb6fba16e0a7076d7eff6e5623f2109d28b58a66af5", "091d12b78592ea8db5f83dba429b3a088e3ae62fdcca489861824062c8f5ff23", "1379bc713816753b7f9b8bd97cba679a87084d73f3c386647a649d8980bbbd42", "14c56a06a97877ff946460855d2422d306fa6bf4972f686c45168160e79c45c4", "16bd5a90214d427113dd67424f717e4b8d11985e773f5380c59280a42da0e822", "16f5711bf9635e679ac65141c651e4740a2b9fc349d8e335e6b39f44a4fabbf9", "1913d9841d42884fbcb51b74f1806eefbf619b8dc3e36569388870a796153e12", "1a9ef6ff0a5f76f096ad4375296d15c14e6ea96f42e62af8ef191b4e4517be17", "25420b5af983fdf54059c50ace2e34a9432fa0e3148a0e6363376f9e9617619f", "27c7557bdf25884fe3b58f98277fae4cc7a77f24c292fbeed6abb2549d16e9ba", "27f353645626f39108c9a1cfc2e28cd1c089972dd41621cd17610ec48c90e90d", "2b33ce94b42bd98a812c657d492e9ece222e53d3c119f356534d5cfd6b1b2ffb", "2b7a34bf7b088f72ed736dfaddacce547d19f87c9910883b5460de8946db0633", "322861c1b4b43d32a1331539d59ad573558f61672773430651929e40d19dafd5", "36a430d0daa727ce672cfe495d0c614e10f8045af1580344148e8b9148f07fa0", "43125487b748bcb6220b45f46ffa491740f75d4cf71a8823a15b400fd0243d60", "4435683d1e47f965aeed38d754e02e52f7b45f68a4fa4708532af93d8b2a9cd5", "49c4328e898a926bfbff4a6d530af9ebe107839ececfb09693133275f5ccd614", "49d217b942b6f3da7a2f37457c8bf240c6da8577b24518e0d415ea961b7b953d", "4dd17d724ad88aabcb8319f4d2a3df0b375b164378e009ff1b2607e7036c6b66", "4e1b16b99a4f5790578691146350c93f9c0957daecdaaf798e100e39c1279688", "525314e37bd5fe61793bf85d54fbaacdbf5e82e9fb8f328168ee2a83492fb268"], "host": "pastebin[.]com"}, {"hashes": ["033d5b7ac424bb285b3b7c4e188acf66e92fdb06e2f494e0786a713f11bc5675", "0514c7cb8e069ce657e5672d83d31e68b65c99ae7f6e5a86d08d89c690c09af5", "072cb9fe091174548a907eb6fba16e0a7076d7eff6e5623f2109d28b58a66af5", "091d12b78592ea8db5f83dba429b3a088e3ae62fdcca489861824062c8f5ff23", "1379bc713816753b7f9b8bd97cba679a87084d73f3c386647a649d8980bbbd42", "16bd5a90214d427113dd67424f717e4b8d11985e773f5380c59280a42da0e822", "1a9ef6ff0a5f76f096ad4375296d15c14e6ea96f42e62af8ef191b4e4517be17", "25420b5af983fdf54059c50ace2e34a9432fa0e3148a0e6363376f9e9617619f", "27c7557bdf25884fe3b58f98277fae4cc7a77f24c292fbeed6abb2549d16e9ba", "2b33ce94b42bd98a812c657d492e9ece222e53d3c119f356534d5cfd6b1b2ffb", "2b7a34bf7b088f72ed736dfaddacce547d19f87c9910883b5460de8946db0633", "322861c1b4b43d32a1331539d59ad573558f61672773430651929e40d19dafd5", "36a430d0daa727ce672cfe495d0c614e10f8045af1580344148e8b9148f07fa0", "43125487b748bcb6220b45f46ffa491740f75d4cf71a8823a15b400fd0243d60", "49c4328e898a926bfbff4a6d530af9ebe107839ececfb09693133275f5ccd614", "4dd17d724ad88aabcb8319f4d2a3df0b375b164378e009ff1b2607e7036c6b66", "525314e37bd5fe61793bf85d54fbaacdbf5e82e9fb8f328168ee2a83492fb268"], "host": "ctldl[.]windowsupdate[.]com"}, {"hashes": ["033d5b7ac424bb285b3b7c4e188acf66e92fdb06e2f494e0786a713f11bc5675", "072cb9fe091174548a907eb6fba16e0a7076d7eff6e5623f2109d28b58a66af5", "1a9ef6ff0a5f76f096ad4375296d15c14e6ea96f42e62af8ef191b4e4517be17", "25420b5af983fdf54059c50ace2e34a9432fa0e3148a0e6363376f9e9617619f", "2b7a34bf7b088f72ed736dfaddacce547d19f87c9910883b5460de8946db0633", "322861c1b4b43d32a1331539d59ad573558f61672773430651929e40d19dafd5", "43125487b748bcb6220b45f46ffa491740f75d4cf71a8823a15b400fd0243d60", "49c4328e898a926bfbff4a6d530af9ebe107839ececfb09693133275f5ccd614", "525314e37bd5fe61793bf85d54fbaacdbf5e82e9fb8f328168ee2a83492fb268"], "host": "a767[.]dscg3[.]akamai[.]net"}, {"hashes": ["0514c7cb8e069ce657e5672d83d31e68b65c99ae7f6e5a86d08d89c690c09af5", "1379bc713816753b7f9b8bd97cba679a87084d73f3c386647a649d8980bbbd42", "2b33ce94b42bd98a812c657d492e9ece222e53d3c119f356534d5cfd6b1b2ffb", "4dd17d724ad88aabcb8319f4d2a3df0b375b164378e009ff1b2607e7036c6b66"], "host": "cs11[.]wpc[.]v0cdn[.]net"}, {"hashes": ["091d12b78592ea8db5f83dba429b3a088e3ae62fdcca489861824062c8f5ff23", "16bd5a90214d427113dd67424f717e4b8d11985e773f5380c59280a42da0e822", "27c7557bdf25884fe3b58f98277fae4cc7a77f24c292fbeed6abb2549d16e9ba", "36a430d0daa727ce672cfe495d0c614e10f8045af1580344148e8b9148f07fa0"], "host": "auto[.]au[.]download[.]windowsupdate[.]com[.]c[.]footprint[.]net"}, {"hashes": ["033d5b7ac424bb285b3b7c4e188acf66e92fdb06e2f494e0786a713f11bc5675", "4435683d1e47f965aeed38d754e02e52f7b45f68a4fa4708532af93d8b2a9cd5"], "host": "www[.]ahspbpwk1e[.]com"}, {"hashes": ["033d5b7ac424bb285b3b7c4e188acf66e92fdb06e2f494e0786a713f11bc5675", "4435683d1e47f965aeed38d754e02e52f7b45f68a4fa4708532af93d8b2a9cd5"], "host": "www[.]czh1fjrqbm[.]com"}, {"hashes": ["033d5b7ac424bb285b3b7c4e188acf66e92fdb06e2f494e0786a713f11bc5675", "4435683d1e47f965aeed38d754e02e52f7b45f68a4fa4708532af93d8b2a9cd5"], "host": "www[.]fdqcscjz9v[.]com"}, {"hashes": ["033d5b7ac424bb285b3b7c4e188acf66e92fdb06e2f494e0786a713f11bc5675", "4435683d1e47f965aeed38d754e02e52f7b45f68a4fa4708532af93d8b2a9cd5"], "host": "www[.]gs3dgvse7l[.]com"}, {"hashes": ["033d5b7ac424bb285b3b7c4e188acf66e92fdb06e2f494e0786a713f11bc5675", "4435683d1e47f965aeed38d754e02e52f7b45f68a4fa4708532af93d8b2a9cd5"], "host": "www[.]m59zmtepu8[.]com"}, {"hashes": ["033d5b7ac424bb285b3b7c4e188acf66e92fdb06e2f494e0786a713f11bc5675", "4435683d1e47f965aeed38d754e02e52f7b45f68a4fa4708532af93d8b2a9cd5"], "host": "www[.]xg8jlax2h0[.]com"}, {"hashes": ["033d5b7ac424bb285b3b7c4e188acf66e92fdb06e2f494e0786a713f11bc5675", "4435683d1e47f965aeed38d754e02e52f7b45f68a4fa4708532af93d8b2a9cd5"], "host": "www[.]yco4dnredv[.]com"}, {"hashes": ["0514c7cb8e069ce657e5672d83d31e68b65c99ae7f6e5a86d08d89c690c09af5", "36a430d0daa727ce672cfe495d0c614e10f8045af1580344148e8b9148f07fa0"], "host": "www[.]chy114ol6d[.]com"}, {"hashes": ["0514c7cb8e069ce657e5672d83d31e68b65c99ae7f6e5a86d08d89c690c09af5", "36a430d0daa727ce672cfe495d0c614e10f8045af1580344148e8b9148f07fa0"], "host": "www[.]ehxxgzl8ut[.]com"}, {"hashes": ["0514c7cb8e069ce657e5672d83d31e68b65c99ae7f6e5a86d08d89c690c09af5", "36a430d0daa727ce672cfe495d0c614e10f8045af1580344148e8b9148f07fa0"], "host": "www[.]fczzcla0ty[.]com"}, {"hashes": ["0514c7cb8e069ce657e5672d83d31e68b65c99ae7f6e5a86d08d89c690c09af5", "36a430d0daa727ce672cfe495d0c614e10f8045af1580344148e8b9148f07fa0"], "host": "www[.]hgsipef84d[.]com"}, {"hashes": ["0514c7cb8e069ce657e5672d83d31e68b65c99ae7f6e5a86d08d89c690c09af5", "36a430d0daa727ce672cfe495d0c614e10f8045af1580344148e8b9148f07fa0"], "host": "www[.]i2tkslgkdy[.]com"}, {"hashes": ["0514c7cb8e069ce657e5672d83d31e68b65c99ae7f6e5a86d08d89c690c09af5", "36a430d0daa727ce672cfe495d0c614e10f8045af1580344148e8b9148f07fa0"], "host": "www[.]pjbqb6vedg[.]com"}, {"hashes": ["0514c7cb8e069ce657e5672d83d31e68b65c99ae7f6e5a86d08d89c690c09af5", "36a430d0daa727ce672cfe495d0c614e10f8045af1580344148e8b9148f07fa0"], "host": "www[.]tsw4gdbisu[.]com"}, {"hashes": ["0514c7cb8e069ce657e5672d83d31e68b65c99ae7f6e5a86d08d89c690c09af5", "36a430d0daa727ce672cfe495d0c614e10f8045af1580344148e8b9148f07fa0"], "host": "www[.]zlimtm2d66[.]com"}, {"hashes": ["525314e37bd5fe61793bf85d54fbaacdbf5e82e9fb8f328168ee2a83492fb268"], "host": "www[.]mxjae3i3xa[.]com"}, {"hashes": ["525314e37bd5fe61793bf85d54fbaacdbf5e82e9fb8f328168ee2a83492fb268"], "host": "www[.]ntavnfvtpa[.]com"}, {"hashes": ["525314e37bd5fe61793bf85d54fbaacdbf5e82e9fb8f328168ee2a83492fb268"], "host": "www[.]oabnb7bvwq[.]com"}, {"hashes": ["00b131fa9a8c08d98433d8595034e51b80784932d8fa4bac863ce8f70f3af856"], "host": "www[.]pfdkwobjxd[.]com"}, {"hashes": ["1a9ef6ff0a5f76f096ad4375296d15c14e6ea96f42e62af8ef191b4e4517be17"], "host": "www[.]vg5g0m57va[.]com"}, {"hashes": ["1a9ef6ff0a5f76f096ad4375296d15c14e6ea96f42e62af8ef191b4e4517be17"], "host": "www[.]cz7q1puqm6[.]com"}, {"hashes": ["1a9ef6ff0a5f76f096ad4375296d15c14e6ea96f42e62af8ef191b4e4517be17"], "host": "www[.]xq6kvwy7fl[.]com"}, {"hashes": ["14c56a06a97877ff946460855d2422d306fa6bf4972f686c45168160e79c45c4"], "host": "www[.]b818bd9sqx[.]com"}, {"hashes": ["1a9ef6ff0a5f76f096ad4375296d15c14e6ea96f42e62af8ef191b4e4517be17"], "host": "www[.]dm0mig41ac[.]com"}, {"hashes": ["1a9ef6ff0a5f76f096ad4375296d15c14e6ea96f42e62af8ef191b4e4517be17"], "host": "www[.]rcrwb1gcid[.]com"}, {"hashes": ["1a9ef6ff0a5f76f096ad4375296d15c14e6ea96f42e62af8ef191b4e4517be17"], "host": "www[.]dfu97nx9lu[.]com"}, {"hashes": ["1a9ef6ff0a5f76f096ad4375296d15c14e6ea96f42e62af8ef191b4e4517be17"], "host": "www[.]vso0pub1h9[.]com"}, {"hashes": ["4dd17d724ad88aabcb8319f4d2a3df0b375b164378e009ff1b2607e7036c6b66"], "host": "www[.]biwolqljhb[.]com"}, {"hashes": ["4dd17d724ad88aabcb8319f4d2a3df0b375b164378e009ff1b2607e7036c6b66"], "host": "www[.]xluzbulirm[.]com"}, {"hashes": ["4dd17d724ad88aabcb8319f4d2a3df0b375b164378e009ff1b2607e7036c6b66"], "host": "www[.]gcyhmf149p[.]com"}, {"hashes": ["4dd17d724ad88aabcb8319f4d2a3df0b375b164378e009ff1b2607e7036c6b66"], "host": "www[.]r8ksann7z1[.]com"}, {"hashes": ["4dd17d724ad88aabcb8319f4d2a3df0b375b164378e009ff1b2607e7036c6b66"], "host": "www[.]zdthnm3mdv[.]com"}, {"hashes": ["4dd17d724ad88aabcb8319f4d2a3df0b375b164378e009ff1b2607e7036c6b66"], "host": "www[.]b704tsijay[.]com"}, {"hashes": ["2b7a34bf7b088f72ed736dfaddacce547d19f87c9910883b5460de8946db0633"], "host": "www[.]ryuovti2h6[.]com"}, {"hashes": ["4dd17d724ad88aabcb8319f4d2a3df0b375b164378e009ff1b2607e7036c6b66"], "host": "www[.]co9uxbqje3[.]com"}, {"hashes": ["4dd17d724ad88aabcb8319f4d2a3df0b375b164378e009ff1b2607e7036c6b66"], "host": "www[.]ierv3md3lw[.]com"}, {"hashes": ["0514c7cb8e069ce657e5672d83d31e68b65c99ae7f6e5a86d08d89c690c09af5"], "host": "www[.]q8xoeg4iib[.]com"}, {"hashes": ["0514c7cb8e069ce657e5672d83d31e68b65c99ae7f6e5a86d08d89c690c09af5"], "host": "www[.]nahzv3wuyl[.]com"}, {"hashes": ["0514c7cb8e069ce657e5672d83d31e68b65c99ae7f6e5a86d08d89c690c09af5"], "host": "www[.]lfoe5drifv[.]com"}, {"hashes": ["0514c7cb8e069ce657e5672d83d31e68b65c99ae7f6e5a86d08d89c690c09af5"], "host": "www[.]etupg58ypb[.]com"}, {"hashes": ["0514c7cb8e069ce657e5672d83d31e68b65c99ae7f6e5a86d08d89c690c09af5"], "host": "www[.]8ioxiovc48[.]com"}, {"hashes": ["0514c7cb8e069ce657e5672d83d31e68b65c99ae7f6e5a86d08d89c690c09af5"], "host": "www[.]ztmuij54yh[.]com"}, {"hashes": ["0514c7cb8e069ce657e5672d83d31e68b65c99ae7f6e5a86d08d89c690c09af5"], "host": "www[.]3thluzjkqc[.]com"}, {"hashes": ["0514c7cb8e069ce657e5672d83d31e68b65c99ae7f6e5a86d08d89c690c09af5"], "host": "www[.]rjycusy14r[.]com"}, {"hashes": ["0514c7cb8e069ce657e5672d83d31e68b65c99ae7f6e5a86d08d89c690c09af5"], "host": "www[.]dlkc7qwk6t[.]com"}], "file": [{"hashes": ["00b131fa9a8c08d98433d8595034e51b80784932d8fa4bac863ce8f70f3af856", "033d5b7ac424bb285b3b7c4e188acf66e92fdb06e2f494e0786a713f11bc5675", "0514c7cb8e069ce657e5672d83d31e68b65c99ae7f6e5a86d08d89c690c09af5", "072cb9fe091174548a907eb6fba16e0a7076d7eff6e5623f2109d28b58a66af5", "091d12b78592ea8db5f83dba429b3a088e3ae62fdcca489861824062c8f5ff23", "1379bc713816753b7f9b8bd97cba679a87084d73f3c386647a649d8980bbbd42", "14c56a06a97877ff946460855d2422d306fa6bf4972f686c45168160e79c45c4", "16bd5a90214d427113dd67424f717e4b8d11985e773f5380c59280a42da0e822", "16f5711bf9635e679ac65141c651e4740a2b9fc349d8e335e6b39f44a4fabbf9", "1913d9841d42884fbcb51b74f1806eefbf619b8dc3e36569388870a796153e12", "1a9ef6ff0a5f76f096ad4375296d15c14e6ea96f42e62af8ef191b4e4517be17", "25420b5af983fdf54059c50ace2e34a9432fa0e3148a0e6363376f9e9617619f", "27c7557bdf25884fe3b58f98277fae4cc7a77f24c292fbeed6abb2549d16e9ba", "27f353645626f39108c9a1cfc2e28cd1c089972dd41621cd17610ec48c90e90d", "2b33ce94b42bd98a812c657d492e9ece222e53d3c119f356534d5cfd6b1b2ffb", "2b7a34bf7b088f72ed736dfaddacce547d19f87c9910883b5460de8946db0633", "322861c1b4b43d32a1331539d59ad573558f61672773430651929e40d19dafd5", "36a430d0daa727ce672cfe495d0c614e10f8045af1580344148e8b9148f07fa0", "43125487b748bcb6220b45f46ffa491740f75d4cf71a8823a15b400fd0243d60", "4435683d1e47f965aeed38d754e02e52f7b45f68a4fa4708532af93d8b2a9cd5", "49c4328e898a926bfbff4a6d530af9ebe107839ececfb09693133275f5ccd614", "49d217b942b6f3da7a2f37457c8bf240c6da8577b24518e0d415ea961b7b953d", "4dd17d724ad88aabcb8319f4d2a3df0b375b164378e009ff1b2607e7036c6b66", "4e1b16b99a4f5790578691146350c93f9c0957daecdaaf798e100e39c1279688", "525314e37bd5fe61793bf85d54fbaacdbf5e82e9fb8f328168ee2a83492fb268"], "path": "<malware cwd>\\old_<malware exe name> (copy)"}, {"hashes": ["00b131fa9a8c08d98433d8595034e51b80784932d8fa4bac863ce8f70f3af856", "033d5b7ac424bb285b3b7c4e188acf66e92fdb06e2f494e0786a713f11bc5675", "072cb9fe091174548a907eb6fba16e0a7076d7eff6e5623f2109d28b58a66af5", "091d12b78592ea8db5f83dba429b3a088e3ae62fdcca489861824062c8f5ff23", "1379bc713816753b7f9b8bd97cba679a87084d73f3c386647a649d8980bbbd42", "14c56a06a97877ff946460855d2422d306fa6bf4972f686c45168160e79c45c4", "16bd5a90214d427113dd67424f717e4b8d11985e773f5380c59280a42da0e822", "16f5711bf9635e679ac65141c651e4740a2b9fc349d8e335e6b39f44a4fabbf9", "25420b5af983fdf54059c50ace2e34a9432fa0e3148a0e6363376f9e9617619f", "2b33ce94b42bd98a812c657d492e9ece222e53d3c119f356534d5cfd6b1b2ffb", "2b7a34bf7b088f72ed736dfaddacce547d19f87c9910883b5460de8946db0633", "322861c1b4b43d32a1331539d59ad573558f61672773430651929e40d19dafd5", "36a430d0daa727ce672cfe495d0c614e10f8045af1580344148e8b9148f07fa0", "49c4328e898a926bfbff4a6d530af9ebe107839ececfb09693133275f5ccd614", "4e1b16b99a4f5790578691146350c93f9c0957daecdaaf798e100e39c1279688"], "path": "%TEMP%\\<random, matching '[a-z]{3}[A-F0-9]{3,4}'>.tmp"}, {"hashes": ["0514c7cb8e069ce657e5672d83d31e68b65c99ae7f6e5a86d08d89c690c09af5"], "path": "%ProgramData%\\Microsoft\\Windows\\WER\\ReportQueue\\AppCrash_465467822.exe_1ed742ed4e534123c337623953b1f5d0715bc_e38ee6b0_0cde4e42\\Report.wer"}, {"hashes": ["0514c7cb8e069ce657e5672d83d31e68b65c99ae7f6e5a86d08d89c690c09af5"], "path": "%ProgramData%\\Microsoft\\Windows\\WER\\ReportQueue\\AppCrash_465467822.exe_1ed742ed4e534123c337623953b1f5d0715bc_e38ee6b0_0d322ba6\\Report.wer"}, {"hashes": ["0514c7cb8e069ce657e5672d83d31e68b65c99ae7f6e5a86d08d89c690c09af5"], "path": "%ProgramData%\\Microsoft\\Windows\\WER\\ReportQueue\\AppCrash_465467822.exe_1ed742ed4e534123c337623953b1f5d0715bc_e38ee6b0_0dee3a6b\\Report.wer"}, {"hashes": ["0514c7cb8e069ce657e5672d83d31e68b65c99ae7f6e5a86d08d89c690c09af5"], "path": "%ProgramData%\\Microsoft\\Windows\\WER\\ReportQueue\\AppCrash_465467822.exe_1ed742ed4e534123c337623953b1f5d0715bc_e38ee6b0_0e61b52e\\Report.wer"}, {"hashes": ["0514c7cb8e069ce657e5672d83d31e68b65c99ae7f6e5a86d08d89c690c09af5"], "path": "%ProgramData%\\Microsoft\\Windows\\WER\\ReportQueue\\AppCrash_465467822.exe_1ed742ed4e534123c337623953b1f5d0715bc_e38ee6b0_0e79bfbd\\Report.wer"}, {"hashes": ["0514c7cb8e069ce657e5672d83d31e68b65c99ae7f6e5a86d08d89c690c09af5"], "path": "%ProgramData%\\Microsoft\\Windows\\WER\\ReportQueue\\AppCrash_465467822.exe_1ed742ed4e534123c337623953b1f5d0715bc_e38ee6b0_0ed5cb37\\Report.wer"}, {"hashes": ["0514c7cb8e069ce657e5672d83d31e68b65c99ae7f6e5a86d08d89c690c09af5"], "path": "%ProgramData%\\Microsoft\\Windows\\WER\\ReportQueue\\AppCrash_465467822.exe_1ed742ed4e534123c337623953b1f5d0715bc_e38ee6b0_0f061d10\\Report.wer"}, {"hashes": ["0514c7cb8e069ce657e5672d83d31e68b65c99ae7f6e5a86d08d89c690c09af5"], "path": "%ProgramData%\\Microsoft\\Windows\\WER\\ReportQueue\\AppCrash_465467822.exe_9c91d35c9df2b551ab20b8c1dad1453c47fcb4aa_e38ee6b0_0e35a938\\Report.wer"}, {"hashes": ["0514c7cb8e069ce657e5672d83d31e68b65c99ae7f6e5a86d08d89c690c09af5"], "path": "%ProgramData%\\Microsoft\\Windows\\WER\\ReportQueue\\AppCrash_465467822.exe_9c91d35c9df2b551ab20b8c1dad1453c47fcb4aa_e38ee6b0_cab_0ddd7bcf\\Report.wer"}, {"hashes": ["0514c7cb8e069ce657e5672d83d31e68b65c99ae7f6e5a86d08d89c690c09af5"], "path": "%ProgramData%\\Microsoft\\Windows\\WER\\ReportQueue\\AppCrash_465467822.exe_9c91d35c9df2b551ab20b8c1dad1453c47fcb4aa_e38ee6b0_cab_0ddd7bcf\\WER772C.tmp.appcompat.txt"}, {"hashes": ["0514c7cb8e069ce657e5672d83d31e68b65c99ae7f6e5a86d08d89c690c09af5"], "path": "%ProgramData%\\Microsoft\\Windows\\WER\\ReportQueue\\AppCrash_465467822.exe_9c91d35c9df2b551ab20b8c1dad1453c47fcb4aa_e38ee6b0_cab_0ddd7bcf\\WER77AA.tmp.WERInternalMetadata.xml"}, {"hashes": ["0514c7cb8e069ce657e5672d83d31e68b65c99ae7f6e5a86d08d89c690c09af5"], "path": "%ProgramData%\\Microsoft\\Windows\\WER\\ReportQueue\\AppCrash_465467822.exe_9c91d35c9df2b551ab20b8c1dad1453c47fcb4aa_e38ee6b0_cab_0ddd7bcf\\memory.hdmp"}, {"hashes": ["0514c7cb8e069ce657e5672d83d31e68b65c99ae7f6e5a86d08d89c690c09af5"], "path": "%ProgramData%\\Microsoft\\Windows\\WER\\ReportQueue\\AppCrash_465467822.exe_9c91d35c9df2b551ab20b8c1dad1453c47fcb4aa_e38ee6b0_cab_0ddd7bcf\\triagedump.dmp"}, {"hashes": ["27f353645626f39108c9a1cfc2e28cd1c089972dd41621cd17610ec48c90e90d"], "path": "%ProgramData%\\Microsoft\\Windows\\WER\\ReportQueue\\AppCrash_465467910.exe_72d61c97e5bb78be7ba41a4e2327fd518cc4e067_368797de_024ddb76\\Report.wer"}, {"hashes": ["27f353645626f39108c9a1cfc2e28cd1c089972dd41621cd17610ec48c90e90d"], "path": "%ProgramData%\\Microsoft\\Windows\\WER\\ReportQueue\\AppCrash_465467910.exe_72d61c97e5bb78be7ba41a4e2327fd518cc4e067_368797de_043de4dd\\Report.wer"}, {"hashes": ["27f353645626f39108c9a1cfc2e28cd1c089972dd41621cd17610ec48c90e90d"], "path": "%ProgramData%\\Microsoft\\Windows\\WER\\ReportQueue\\AppCrash_465467910.exe_72d61c97e5bb78be7ba41a4e2327fd518cc4e067_368797de_06e1fe41\\Report.wer"}, {"hashes": ["27f353645626f39108c9a1cfc2e28cd1c089972dd41621cd17610ec48c90e90d"], "path": "%ProgramData%\\Microsoft\\Windows\\WER\\ReportQueue\\AppCrash_465467910.exe_72d61c97e5bb78be7ba41a4e2327fd518cc4e067_368797de_07be7814\\Report.wer"}, {"hashes": ["27f353645626f39108c9a1cfc2e28cd1c089972dd41621cd17610ec48c90e90d"], "path": "%ProgramData%\\Microsoft\\Windows\\WER\\ReportQueue\\AppCrash_465467910.exe_72d61c97e5bb78be7ba41a4e2327fd518cc4e067_368797de_0cd24a5d\\Report.wer"}, {"hashes": ["27f353645626f39108c9a1cfc2e28cd1c089972dd41621cd17610ec48c90e90d"], "path": "%ProgramData%\\Microsoft\\Windows\\WER\\ReportQueue\\AppCrash_465467910.exe_72d61c97e5bb78be7ba41a4e2327fd518cc4e067_368797de_0dd23f51\\Report.wer"}, {"hashes": ["27f353645626f39108c9a1cfc2e28cd1c089972dd41621cd17610ec48c90e90d"], "path": "%ProgramData%\\Microsoft\\Windows\\WER\\ReportQueue\\AppCrash_465467910.exe_72d61c97e5bb78be7ba41a4e2327fd518cc4e067_368797de_0f565625\\Report.wer"}, {"hashes": ["27f353645626f39108c9a1cfc2e28cd1c089972dd41621cd17610ec48c90e90d"], "path": "%ProgramData%\\Microsoft\\Windows\\WER\\ReportQueue\\AppCrash_465467910.exe_72d61c97e5bb78be7ba41a4e2327fd518cc4e067_368797de_0f766121\\Report.wer"}, {"hashes": ["27f353645626f39108c9a1cfc2e28cd1c089972dd41621cd17610ec48c90e90d"], "path": "%ProgramData%\\Microsoft\\Windows\\WER\\ReportQueue\\AppCrash_465467910.exe_80909fc915b6a6d0b9db212be35ba76fbe637af1_368797de_08a5d397\\Report.wer"}, {"hashes": ["27f353645626f39108c9a1cfc2e28cd1c089972dd41621cd17610ec48c90e90d"], "path": "%ProgramData%\\Microsoft\\Windows\\WER\\ReportQueue\\AppCrash_465467910.exe_80909fc915b6a6d0b9db212be35ba76fbe637af1_368797de_cab_0b65badf\\Report.wer"}, {"hashes": ["27f353645626f39108c9a1cfc2e28cd1c089972dd41621cd17610ec48c90e90d"], "path": "%ProgramData%\\Microsoft\\Windows\\WER\\ReportQueue\\AppCrash_465467910.exe_80909fc915b6a6d0b9db212be35ba76fbe637af1_368797de_cab_0b65badf\\WERB707.tmp.appcompat.txt"}, {"hashes": ["27f353645626f39108c9a1cfc2e28cd1c089972dd41621cd17610ec48c90e90d"], "path": "%ProgramData%\\Microsoft\\Windows\\WER\\ReportQueue\\AppCrash_465467910.exe_80909fc915b6a6d0b9db212be35ba76fbe637af1_368797de_cab_0b65badf\\WERB7B4.tmp.WERInternalMetadata.xml"}, {"hashes": ["27f353645626f39108c9a1cfc2e28cd1c089972dd41621cd17610ec48c90e90d"], "path": "%ProgramData%\\Microsoft\\Windows\\WER\\ReportQueue\\AppCrash_465467910.exe_80909fc915b6a6d0b9db212be35ba76fbe637af1_368797de_cab_0b65badf\\memory.hdmp"}, {"hashes": ["27f353645626f39108c9a1cfc2e28cd1c089972dd41621cd17610ec48c90e90d"], "path": "%ProgramData%\\Microsoft\\Windows\\WER\\ReportQueue\\AppCrash_465467910.exe_80909fc915b6a6d0b9db212be35ba76fbe637af1_368797de_cab_0b65badf\\triagedump.dmp"}, {"hashes": ["1379bc713816753b7f9b8bd97cba679a87084d73f3c386647a649d8980bbbd42"], "path": "%ProgramData%\\Microsoft\\Windows\\WER\\ReportQueue\\AppCrash_465467856.exe_92ddeeed5f18a13e1cd4b69ec92a93c3b4278_17d1d075_0f7d8fa8\\Report.wer"}, {"hashes": ["1379bc713816753b7f9b8bd97cba679a87084d73f3c386647a649d8980bbbd42"], "path": "%ProgramData%\\Microsoft\\Windows\\WER\\ReportQueue\\AppCrash_465467856.exe_acb6c2ec73771ba4ea486d1fcc208659ae22c3_17d1d075_000a0cb8\\Report.wer"}, {"hashes": ["1379bc713816753b7f9b8bd97cba679a87084d73f3c386647a649d8980bbbd42"], "path": "%ProgramData%\\Microsoft\\Windows\\WER\\ReportQueue\\AppCrash_465467856.exe_acb6c2ec73771ba4ea486d1fcc208659ae22c3_17d1d075_045e010f\\Report.wer"}, {"hashes": ["1379bc713816753b7f9b8bd97cba679a87084d73f3c386647a649d8980bbbd42"], "path": "%ProgramData%\\Microsoft\\Windows\\WER\\ReportQueue\\AppCrash_465467856.exe_acb6c2ec73771ba4ea486d1fcc208659ae22c3_17d1d075_063e2699\\Report.wer"}, {"hashes": ["1379bc713816753b7f9b8bd97cba679a87084d73f3c386647a649d8980bbbd42"], "path": "%ProgramData%\\Microsoft\\Windows\\WER\\ReportQueue\\AppCrash_465467856.exe_acb6c2ec73771ba4ea486d1fcc208659ae22c3_17d1d075_09be1a54\\Report.wer"}, {"hashes": ["1379bc713816753b7f9b8bd97cba679a87084d73f3c386647a649d8980bbbd42"], "path": "%ProgramData%\\Microsoft\\Windows\\WER\\ReportQueue\\AppCrash_465467856.exe_acb6c2ec73771ba4ea486d1fcc208659ae22c3_17d1d075_09d5a5c0\\Report.wer"}, {"hashes": ["1379bc713816753b7f9b8bd97cba679a87084d73f3c386647a649d8980bbbd42"], "path": "%ProgramData%\\Microsoft\\Windows\\WER\\ReportQueue\\AppCrash_465467856.exe_acb6c2ec73771ba4ea486d1fcc208659ae22c3_17d1d075_0b29b13a\\Report.wer"}, {"hashes": ["1379bc713816753b7f9b8bd97cba679a87084d73f3c386647a649d8980bbbd42"], "path": "%ProgramData%\\Microsoft\\Windows\\WER\\ReportQueue\\AppCrash_465467856.exe_acb6c2ec73771ba4ea486d1fcc208659ae22c3_17d1d075_0c7d9a18\\Report.wer"}, {"hashes": ["2b33ce94b42bd98a812c657d492e9ece222e53d3c119f356534d5cfd6b1b2ffb"], "path": "%ProgramData%\\Microsoft\\Windows\\WER\\ReportQueue\\AppCrash_465467966.exe_5083fad186d76d7a68913e3fe6a75a7e4715d5_3e52fa00_0aa18ab6\\Report.wer"}, {"hashes": ["2b33ce94b42bd98a812c657d492e9ece222e53d3c119f356534d5cfd6b1b2ffb"], "path": "%ProgramData%\\Microsoft\\Windows\\WER\\ReportQueue\\AppCrash_465467966.exe_5083fad186d76d7a68913e3fe6a75a7e4715d5_3e52fa00_cab_09957b74\\Report.wer"}, {"hashes": ["2b33ce94b42bd98a812c657d492e9ece222e53d3c119f356534d5cfd6b1b2ffb"], "path": "%ProgramData%\\Microsoft\\Windows\\WER\\ReportQueue\\AppCrash_465467966.exe_5083fad186d76d7a68913e3fe6a75a7e4715d5_3e52fa00_cab_09957b74\\WER77CC.tmp.appcompat.txt"}, {"hashes": ["2b33ce94b42bd98a812c657d492e9ece222e53d3c119f356534d5cfd6b1b2ffb"], "path": "%ProgramData%\\Microsoft\\Windows\\WER\\ReportQueue\\AppCrash_465467966.exe_5083fad186d76d7a68913e3fe6a75a7e4715d5_3e52fa00_cab_09957b74\\WER782A.tmp.WERInternalMetadata.xml"}, {"hashes": ["2b33ce94b42bd98a812c657d492e9ece222e53d3c119f356534d5cfd6b1b2ffb"], "path": "%ProgramData%\\Microsoft\\Windows\\WER\\ReportQueue\\AppCrash_465467966.exe_5083fad186d76d7a68913e3fe6a75a7e4715d5_3e52fa00_cab_09957b74\\memory.hdmp"}, {"hashes": ["2b33ce94b42bd98a812c657d492e9ece222e53d3c119f356534d5cfd6b1b2ffb"], "path": "%ProgramData%\\Microsoft\\Windows\\WER\\ReportQueue\\AppCrash_465467966.exe_5083fad186d76d7a68913e3fe6a75a7e4715d5_3e52fa00_cab_09957b74\\triagedump.dmp"}, {"hashes": ["2b33ce94b42bd98a812c657d492e9ece222e53d3c119f356534d5cfd6b1b2ffb"], "path": "%ProgramData%\\Microsoft\\Windows\\WER\\ReportQueue\\AppCrash_465467966.exe_7abf552bd5cebfb101525c7392d5fb3e6a6da23_3e52fa00_008d9fe4\\Report.wer"}, {"hashes": ["2b33ce94b42bd98a812c657d492e9ece222e53d3c119f356534d5cfd6b1b2ffb"], "path": "%ProgramData%\\Microsoft\\Windows\\WER\\ReportQueue\\AppCrash_465467966.exe_7abf552bd5cebfb101525c7392d5fb3e6a6da23_3e52fa00_0502071a\\Report.wer"}, {"hashes": ["2b33ce94b42bd98a812c657d492e9ece222e53d3c119f356534d5cfd6b1b2ffb"], "path": "%ProgramData%\\Microsoft\\Windows\\WER\\ReportQueue\\AppCrash_465467966.exe_7abf552bd5cebfb101525c7392d5fb3e6a6da23_3e52fa00_080d94f7\\Report.wer"}, {"hashes": ["2b33ce94b42bd98a812c657d492e9ece222e53d3c119f356534d5cfd6b1b2ffb"], "path": "%ProgramData%\\Microsoft\\Windows\\WER\\ReportQueue\\AppCrash_465467966.exe_7abf552bd5cebfb101525c7392d5fb3e6a6da23_3e52fa00_0875acc5\\Report.wer"}, {"hashes": ["2b33ce94b42bd98a812c657d492e9ece222e53d3c119f356534d5cfd6b1b2ffb"], "path": "%ProgramData%\\Microsoft\\Windows\\WER\\ReportQueue\\AppCrash_465467966.exe_7abf552bd5cebfb101525c7392d5fb3e6a6da23_3e52fa00_092dfba1\\Report.wer"}, {"hashes": ["2b33ce94b42bd98a812c657d492e9ece222e53d3c119f356534d5cfd6b1b2ffb"], "path": "%ProgramData%\\Microsoft\\Windows\\WER\\ReportQueue\\AppCrash_465467966.exe_7abf552bd5cebfb101525c7392d5fb3e6a6da23_3e52fa00_0b3e15ff\\Report.wer"}, {"hashes": ["2b33ce94b42bd98a812c657d492e9ece222e53d3c119f356534d5cfd6b1b2ffb"], "path": "%ProgramData%\\Microsoft\\Windows\\WER\\ReportQueue\\AppCrash_465467966.exe_7abf552bd5cebfb101525c7392d5fb3e6a6da23_3e52fa00_0bc22485\\Report.wer"}], "ip": [{"hashes": ["00b131fa9a8c08d98433d8595034e51b80784932d8fa4bac863ce8f70f3af856", "033d5b7ac424bb285b3b7c4e188acf66e92fdb06e2f494e0786a713f11bc5675", "0514c7cb8e069ce657e5672d83d31e68b65c99ae7f6e5a86d08d89c690c09af5", "072cb9fe091174548a907eb6fba16e0a7076d7eff6e5623f2109d28b58a66af5", "091d12b78592ea8db5f83dba429b3a088e3ae62fdcca489861824062c8f5ff23", "1379bc713816753b7f9b8bd97cba679a87084d73f3c386647a649d8980bbbd42", "16bd5a90214d427113dd67424f717e4b8d11985e773f5380c59280a42da0e822", "16f5711bf9635e679ac65141c651e4740a2b9fc349d8e335e6b39f44a4fabbf9", "1913d9841d42884fbcb51b74f1806eefbf619b8dc3e36569388870a796153e12", "1a9ef6ff0a5f76f096ad4375296d15c14e6ea96f42e62af8ef191b4e4517be17", "25420b5af983fdf54059c50ace2e34a9432fa0e3148a0e6363376f9e9617619f", "27c7557bdf25884fe3b58f98277fae4cc7a77f24c292fbeed6abb2549d16e9ba", "27f353645626f39108c9a1cfc2e28cd1c089972dd41621cd17610ec48c90e90d", "2b33ce94b42bd98a812c657d492e9ece222e53d3c119f356534d5cfd6b1b2ffb", "2b7a34bf7b088f72ed736dfaddacce547d19f87c9910883b5460de8946db0633", "322861c1b4b43d32a1331539d59ad573558f61672773430651929e40d19dafd5", "36a430d0daa727ce672cfe495d0c614e10f8045af1580344148e8b9148f07fa0", "43125487b748bcb6220b45f46ffa491740f75d4cf71a8823a15b400fd0243d60", "4435683d1e47f965aeed38d754e02e52f7b45f68a4fa4708532af93d8b2a9cd5", "49c4328e898a926bfbff4a6d530af9ebe107839ececfb09693133275f5ccd614", "49d217b942b6f3da7a2f37457c8bf240c6da8577b24518e0d415ea961b7b953d", "4dd17d724ad88aabcb8319f4d2a3df0b375b164378e009ff1b2607e7036c6b66", "4e1b16b99a4f5790578691146350c93f9c0957daecdaaf798e100e39c1279688", "525314e37bd5fe61793bf85d54fbaacdbf5e82e9fb8f328168ee2a83492fb268"], "ip": "172[.]217[.]7[.]14"}, {"hashes": ["033d5b7ac424bb285b3b7c4e188acf66e92fdb06e2f494e0786a713f11bc5675", "072cb9fe091174548a907eb6fba16e0a7076d7eff6e5623f2109d28b58a66af5", "1379bc713816753b7f9b8bd97cba679a87084d73f3c386647a649d8980bbbd42", "16bd5a90214d427113dd67424f717e4b8d11985e773f5380c59280a42da0e822", "16f5711bf9635e679ac65141c651e4740a2b9fc349d8e335e6b39f44a4fabbf9", "1913d9841d42884fbcb51b74f1806eefbf619b8dc3e36569388870a796153e12", "1a9ef6ff0a5f76f096ad4375296d15c14e6ea96f42e62af8ef191b4e4517be17", "25420b5af983fdf54059c50ace2e34a9432fa0e3148a0e6363376f9e9617619f", "27c7557bdf25884fe3b58f98277fae4cc7a77f24c292fbeed6abb2549d16e9ba", "27f353645626f39108c9a1cfc2e28cd1c089972dd41621cd17610ec48c90e90d", "2b33ce94b42bd98a812c657d492e9ece222e53d3c119f356534d5cfd6b1b2ffb", "322861c1b4b43d32a1331539d59ad573558f61672773430651929e40d19dafd5", "4435683d1e47f965aeed38d754e02e52f7b45f68a4fa4708532af93d8b2a9cd5", "49d217b942b6f3da7a2f37457c8bf240c6da8577b24518e0d415ea961b7b953d", "4e1b16b99a4f5790578691146350c93f9c0957daecdaaf798e100e39c1279688"], "ip": "104[.]23[.]98[.]190"}, {"hashes": ["033d5b7ac424bb285b3b7c4e188acf66e92fdb06e2f494e0786a713f11bc5675", "0514c7cb8e069ce657e5672d83d31e68b65c99ae7f6e5a86d08d89c690c09af5", "091d12b78592ea8db5f83dba429b3a088e3ae62fdcca489861824062c8f5ff23", "1379bc713816753b7f9b8bd97cba679a87084d73f3c386647a649d8980bbbd42", "16f5711bf9635e679ac65141c651e4740a2b9fc349d8e335e6b39f44a4fabbf9", "25420b5af983fdf54059c50ace2e34a9432fa0e3148a0e6363376f9e9617619f", "27f353645626f39108c9a1cfc2e28cd1c089972dd41621cd17610ec48c90e90d", "2b7a34bf7b088f72ed736dfaddacce547d19f87c9910883b5460de8946db0633", "43125487b748bcb6220b45f46ffa491740f75d4cf71a8823a15b400fd0243d60", "49c4328e898a926bfbff4a6d530af9ebe107839ececfb09693133275f5ccd614", "4dd17d724ad88aabcb8319f4d2a3df0b375b164378e009ff1b2607e7036c6b66"], "ip": "209[.]85[.]232[.]100/31"}, {"hashes": ["00b131fa9a8c08d98433d8595034e51b80784932d8fa4bac863ce8f70f3af856", "0514c7cb8e069ce657e5672d83d31e68b65c99ae7f6e5a86d08d89c690c09af5", "091d12b78592ea8db5f83dba429b3a088e3ae62fdcca489861824062c8f5ff23", "14c56a06a97877ff946460855d2422d306fa6bf4972f686c45168160e79c45c4", "2b7a34bf7b088f72ed736dfaddacce547d19f87c9910883b5460de8946db0633", "36a430d0daa727ce672cfe495d0c614e10f8045af1580344148e8b9148f07fa0", "43125487b748bcb6220b45f46ffa491740f75d4cf71a8823a15b400fd0243d60", "49c4328e898a926bfbff4a6d530af9ebe107839ececfb09693133275f5ccd614", "4dd17d724ad88aabcb8319f4d2a3df0b375b164378e009ff1b2607e7036c6b66", "525314e37bd5fe61793bf85d54fbaacdbf5e82e9fb8f328168ee2a83492fb268"], "ip": "104[.]23[.]99[.]190"}, {"hashes": ["072cb9fe091174548a907eb6fba16e0a7076d7eff6e5623f2109d28b58a66af5", "14c56a06a97877ff946460855d2422d306fa6bf4972f686c45168160e79c45c4", "16bd5a90214d427113dd67424f717e4b8d11985e773f5380c59280a42da0e822", "1913d9841d42884fbcb51b74f1806eefbf619b8dc3e36569388870a796153e12", "27c7557bdf25884fe3b58f98277fae4cc7a77f24c292fbeed6abb2549d16e9ba", "2b33ce94b42bd98a812c657d492e9ece222e53d3c119f356534d5cfd6b1b2ffb"], "ip": "209[.]85[.]232[.]138/31"}, {"hashes": ["033d5b7ac424bb285b3b7c4e188acf66e92fdb06e2f494e0786a713f11bc5675", "072cb9fe091174548a907eb6fba16e0a7076d7eff6e5623f2109d28b58a66af5", "1a9ef6ff0a5f76f096ad4375296d15c14e6ea96f42e62af8ef191b4e4517be17", "43125487b748bcb6220b45f46ffa491740f75d4cf71a8823a15b400fd0243d60", "49c4328e898a926bfbff4a6d530af9ebe107839ececfb09693133275f5ccd614"], "ip": "23[.]3[.]13[.]88"}, {"hashes": ["0514c7cb8e069ce657e5672d83d31e68b65c99ae7f6e5a86d08d89c690c09af5", "1379bc713816753b7f9b8bd97cba679a87084d73f3c386647a649d8980bbbd42", "2b33ce94b42bd98a812c657d492e9ece222e53d3c119f356534d5cfd6b1b2ffb", "4dd17d724ad88aabcb8319f4d2a3df0b375b164378e009ff1b2607e7036c6b66"], "ip": "72[.]21[.]81[.]240"}, {"hashes": ["25420b5af983fdf54059c50ace2e34a9432fa0e3148a0e6363376f9e9617619f", "2b7a34bf7b088f72ed736dfaddacce547d19f87c9910883b5460de8946db0633", "322861c1b4b43d32a1331539d59ad573558f61672773430651929e40d19dafd5", "525314e37bd5fe61793bf85d54fbaacdbf5e82e9fb8f328168ee2a83492fb268"], "ip": "23[.]3[.]13[.]154"}, {"hashes": ["1a9ef6ff0a5f76f096ad4375296d15c14e6ea96f42e62af8ef191b4e4517be17", "36a430d0daa727ce672cfe495d0c614e10f8045af1580344148e8b9148f07fa0", "4435683d1e47f965aeed38d754e02e52f7b45f68a4fa4708532af93d8b2a9cd5"], "ip": "209[.]85[.]232[.]113"}, {"hashes": ["322861c1b4b43d32a1331539d59ad573558f61672773430651929e40d19dafd5", "525314e37bd5fe61793bf85d54fbaacdbf5e82e9fb8f328168ee2a83492fb268"], "ip": "209[.]85[.]232[.]102"}, {"hashes": ["27c7557bdf25884fe3b58f98277fae4cc7a77f24c292fbeed6abb2549d16e9ba", "36a430d0daa727ce672cfe495d0c614e10f8045af1580344148e8b9148f07fa0"], "ip": "8[.]253[.]156[.]121"}, {"hashes": ["4dd17d724ad88aabcb8319f4d2a3df0b375b164378e009ff1b2607e7036c6b66"], "ip": "204[.]79[.]197[.]200"}, {"hashes": ["16bd5a90214d427113dd67424f717e4b8d11985e773f5380c59280a42da0e822"], "ip": "8[.]253[.]131[.]121"}, {"hashes": ["091d12b78592ea8db5f83dba429b3a088e3ae62fdcca489861824062c8f5ff23"], "ip": "8[.]249[.]223[.]254"}, {"hashes": ["14c56a06a97877ff946460855d2422d306fa6bf4972f686c45168160e79c45c4"], "ip": "142[.]250[.]64[.]78"}, {"hashes": ["525314e37bd5fe61793bf85d54fbaacdbf5e82e9fb8f328168ee2a83492fb268"], "ip": "74[.]117[.]178[.]58"}, {"hashes": ["525314e37bd5fe61793bf85d54fbaacdbf5e82e9fb8f328168ee2a83492fb268"], "ip": "199[.]101[.]134[.]234"}], "mutex": [{"hashes": ["033d5b7ac424bb285b3b7c4e188acf66e92fdb06e2f494e0786a713f11bc5675", "4435683d1e47f965aeed38d754e02e52f7b45f68a4fa4708532af93d8b2a9cd5"], "name": "2GujNArCSc"}, {"hashes": ["033d5b7ac424bb285b3b7c4e188acf66e92fdb06e2f494e0786a713f11bc5675", "4435683d1e47f965aeed38d754e02e52f7b45f68a4fa4708532af93d8b2a9cd5"], "name": "N2FPG7E5w0"}, {"hashes": ["033d5b7ac424bb285b3b7c4e188acf66e92fdb06e2f494e0786a713f11bc5675", "4435683d1e47f965aeed38d754e02e52f7b45f68a4fa4708532af93d8b2a9cd5"], "name": "XFQwKgZVek"}, {"hashes": ["033d5b7ac424bb285b3b7c4e188acf66e92fdb06e2f494e0786a713f11bc5675", "4435683d1e47f965aeed38d754e02e52f7b45f68a4fa4708532af93d8b2a9cd5"], "name": "ZAPmiUZXa4"}, {"hashes": ["033d5b7ac424bb285b3b7c4e188acf66e92fdb06e2f494e0786a713f11bc5675", "4435683d1e47f965aeed38d754e02e52f7b45f68a4fa4708532af93d8b2a9cd5"], "name": "pMMmGdBtae"}, {"hashes": ["033d5b7ac424bb285b3b7c4e188acf66e92fdb06e2f494e0786a713f11bc5675", "4435683d1e47f965aeed38d754e02e52f7b45f68a4fa4708532af93d8b2a9cd5"], "name": "xuvkWx8erY"}, {"hashes": ["033d5b7ac424bb285b3b7c4e188acf66e92fdb06e2f494e0786a713f11bc5675", "4435683d1e47f965aeed38d754e02e52f7b45f68a4fa4708532af93d8b2a9cd5"], "name": "y5xWLULRTH"}, {"hashes": ["0514c7cb8e069ce657e5672d83d31e68b65c99ae7f6e5a86d08d89c690c09af5", "36a430d0daa727ce672cfe495d0c614e10f8045af1580344148e8b9148f07fa0"], "name": "2FLaR1DVHA"}, {"hashes": ["0514c7cb8e069ce657e5672d83d31e68b65c99ae7f6e5a86d08d89c690c09af5", "36a430d0daa727ce672cfe495d0c614e10f8045af1580344148e8b9148f07fa0"], "name": "5euE6Q5UdU"}, {"hashes": ["0514c7cb8e069ce657e5672d83d31e68b65c99ae7f6e5a86d08d89c690c09af5", "36a430d0daa727ce672cfe495d0c614e10f8045af1580344148e8b9148f07fa0"], "name": "Amvh1TUYCO"}, {"hashes": ["0514c7cb8e069ce657e5672d83d31e68b65c99ae7f6e5a86d08d89c690c09af5", "36a430d0daa727ce672cfe495d0c614e10f8045af1580344148e8b9148f07fa0"], "name": "OQYsOOWoCe"}, {"hashes": ["0514c7cb8e069ce657e5672d83d31e68b65c99ae7f6e5a86d08d89c690c09af5", "36a430d0daa727ce672cfe495d0c614e10f8045af1580344148e8b9148f07fa0"], "name": "Rji3nPWZDC"}, {"hashes": ["0514c7cb8e069ce657e5672d83d31e68b65c99ae7f6e5a86d08d89c690c09af5", "36a430d0daa727ce672cfe495d0c614e10f8045af1580344148e8b9148f07fa0"], "name": "T4TegwGSUi"}, {"hashes": ["0514c7cb8e069ce657e5672d83d31e68b65c99ae7f6e5a86d08d89c690c09af5", "36a430d0daa727ce672cfe495d0c614e10f8045af1580344148e8b9148f07fa0"], "name": "Xa57p3qapW"}, {"hashes": ["0514c7cb8e069ce657e5672d83d31e68b65c99ae7f6e5a86d08d89c690c09af5", "36a430d0daa727ce672cfe495d0c614e10f8045af1580344148e8b9148f07fa0"], "name": "zAq7ad7lBy"}, {"hashes": ["27f353645626f39108c9a1cfc2e28cd1c089972dd41621cd17610ec48c90e90d"], "name": "d2l4rOq4Je"}, {"hashes": ["00b131fa9a8c08d98433d8595034e51b80784932d8fa4bac863ce8f70f3af856"], "name": "laKpLBSItA"}, {"hashes": ["25420b5af983fdf54059c50ace2e34a9432fa0e3148a0e6363376f9e9617619f"], "name": "HUKYs7D4Jj"}, {"hashes": ["27f353645626f39108c9a1cfc2e28cd1c089972dd41621cd17610ec48c90e90d"], "name": "eYw4upHTxK"}, {"hashes": ["25420b5af983fdf54059c50ace2e34a9432fa0e3148a0e6363376f9e9617619f"], "name": "Jdf4wguXMf"}, {"hashes": ["27f353645626f39108c9a1cfc2e28cd1c089972dd41621cd17610ec48c90e90d"], "name": "gUS5503cXZ"}, {"hashes": ["25420b5af983fdf54059c50ace2e34a9432fa0e3148a0e6363376f9e9617619f"], "name": "PBMC1A4Eux"}, {"hashes": ["25420b5af983fdf54059c50ace2e34a9432fa0e3148a0e6363376f9e9617619f"], "name": "gGyHUo0Jie"}, {"hashes": ["25420b5af983fdf54059c50ace2e34a9432fa0e3148a0e6363376f9e9617619f"], "name": "ozvMyrLtPr"}, {"hashes": ["25420b5af983fdf54059c50ace2e34a9432fa0e3148a0e6363376f9e9617619f"], "name": "v7M0tPZUJJ"}, {"hashes": ["25420b5af983fdf54059c50ace2e34a9432fa0e3148a0e6363376f9e9617619f"], "name": "xhwnDPDn6z"}, {"hashes": ["4dd17d724ad88aabcb8319f4d2a3df0b375b164378e009ff1b2607e7036c6b66"], "name": "y8VJ3xCjBY"}, {"hashes": ["4dd17d724ad88aabcb8319f4d2a3df0b375b164378e009ff1b2607e7036c6b66"], "name": "Dnh9jf020k"}, {"hashes": ["4dd17d724ad88aabcb8319f4d2a3df0b375b164378e009ff1b2607e7036c6b66"], "name": "YvP5daned5"}, {"hashes": ["4dd17d724ad88aabcb8319f4d2a3df0b375b164378e009ff1b2607e7036c6b66"], "name": "uyGx6fBBI2"}, {"hashes": ["4dd17d724ad88aabcb8319f4d2a3df0b375b164378e009ff1b2607e7036c6b66"], "name": "eRUHVYW2PN"}, {"hashes": ["4dd17d724ad88aabcb8319f4d2a3df0b375b164378e009ff1b2607e7036c6b66"], "name": "bVPqftKsQc"}, {"hashes": ["4dd17d724ad88aabcb8319f4d2a3df0b375b164378e009ff1b2607e7036c6b66"], "name": "mkunWEJ7Tl"}, {"hashes": ["4e1b16b99a4f5790578691146350c93f9c0957daecdaaf798e100e39c1279688"], "name": "4XhstHKMyl"}, {"hashes": ["4e1b16b99a4f5790578691146350c93f9c0957daecdaaf798e100e39c1279688"], "name": "UZ7Vb8gOz7"}, {"hashes": ["4e1b16b99a4f5790578691146350c93f9c0957daecdaaf798e100e39c1279688"], "name": "QVUQBfGZ4B"}, {"hashes": ["4e1b16b99a4f5790578691146350c93f9c0957daecdaaf798e100e39c1279688"], "name": "xzFhoJQhv7"}, {"hashes": ["4e1b16b99a4f5790578691146350c93f9c0957daecdaaf798e100e39c1279688"], "name": "Kkfn0ZISEz"}, {"hashes": ["4e1b16b99a4f5790578691146350c93f9c0957daecdaaf798e100e39c1279688"], "name": "9ZLTjS3CGA"}, {"hashes": ["4e1b16b99a4f5790578691146350c93f9c0957daecdaaf798e100e39c1279688"], "name": "AYocvqaRiS"}, {"hashes": ["4e1b16b99a4f5790578691146350c93f9c0957daecdaaf798e100e39c1279688"], "name": "IFwmYJj3vr"}, {"hashes": ["0514c7cb8e069ce657e5672d83d31e68b65c99ae7f6e5a86d08d89c690c09af5"], "name": "VZKWZ5jVeF"}, {"hashes": ["0514c7cb8e069ce657e5672d83d31e68b65c99ae7f6e5a86d08d89c690c09af5"], "name": "bAgSdJ1eu1"}, {"hashes": ["0514c7cb8e069ce657e5672d83d31e68b65c99ae7f6e5a86d08d89c690c09af5"], "name": "8YqTeO8pSo"}, {"hashes": ["0514c7cb8e069ce657e5672d83d31e68b65c99ae7f6e5a86d08d89c690c09af5"], "name": "j1ZrXawYJj"}, {"hashes": ["0514c7cb8e069ce657e5672d83d31e68b65c99ae7f6e5a86d08d89c690c09af5"], "name": "7iHPvmnfss"}, {"hashes": ["0514c7cb8e069ce657e5672d83d31e68b65c99ae7f6e5a86d08d89c690c09af5"], "name": "0uSGmR8As8"}, {"hashes": ["0514c7cb8e069ce657e5672d83d31e68b65c99ae7f6e5a86d08d89c690c09af5"], "name": "7XcOndC5NE"}, {"hashes": ["0514c7cb8e069ce657e5672d83d31e68b65c99ae7f6e5a86d08d89c690c09af5"], "name": "obzyz33pPG"}, {"hashes": ["0514c7cb8e069ce657e5672d83d31e68b65c99ae7f6e5a86d08d89c690c09af5"], "name": "tSUfAlxJMy"}], "registry": [{"hashes": ["00b131fa9a8c08d98433d8595034e51b80784932d8fa4bac863ce8f70f3af856", "033d5b7ac424bb285b3b7c4e188acf66e92fdb06e2f494e0786a713f11bc5675", "0514c7cb8e069ce657e5672d83d31e68b65c99ae7f6e5a86d08d89c690c09af5", "072cb9fe091174548a907eb6fba16e0a7076d7eff6e5623f2109d28b58a66af5", "091d12b78592ea8db5f83dba429b3a088e3ae62fdcca489861824062c8f5ff23", "1379bc713816753b7f9b8bd97cba679a87084d73f3c386647a649d8980bbbd42", "14c56a06a97877ff946460855d2422d306fa6bf4972f686c45168160e79c45c4", "16bd5a90214d427113dd67424f717e4b8d11985e773f5380c59280a42da0e822", "16f5711bf9635e679ac65141c651e4740a2b9fc349d8e335e6b39f44a4fabbf9", "1913d9841d42884fbcb51b74f1806eefbf619b8dc3e36569388870a796153e12", "1a9ef6ff0a5f76f096ad4375296d15c14e6ea96f42e62af8ef191b4e4517be17", "25420b5af983fdf54059c50ace2e34a9432fa0e3148a0e6363376f9e9617619f", "27c7557bdf25884fe3b58f98277fae4cc7a77f24c292fbeed6abb2549d16e9ba", "27f353645626f39108c9a1cfc2e28cd1c089972dd41621cd17610ec48c90e90d", "2b33ce94b42bd98a812c657d492e9ece222e53d3c119f356534d5cfd6b1b2ffb", "2b7a34bf7b088f72ed736dfaddacce547d19f87c9910883b5460de8946db0633", "322861c1b4b43d32a1331539d59ad573558f61672773430651929e40d19dafd5", "36a430d0daa727ce672cfe495d0c614e10f8045af1580344148e8b9148f07fa0", "43125487b748bcb6220b45f46ffa491740f75d4cf71a8823a15b400fd0243d60", "4435683d1e47f965aeed38d754e02e52f7b45f68a4fa4708532af93d8b2a9cd5", "49c4328e898a926bfbff4a6d530af9ebe107839ececfb09693133275f5ccd614", "49d217b942b6f3da7a2f37457c8bf240c6da8577b24518e0d415ea961b7b953d", "4dd17d724ad88aabcb8319f4d2a3df0b375b164378e009ff1b2607e7036c6b66", "4e1b16b99a4f5790578691146350c93f9c0957daecdaaf798e100e39c1279688", "525314e37bd5fe61793bf85d54fbaacdbf5e82e9fb8f328168ee2a83492fb268"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUNONCE", "value_name": "trkcore"}, {"hashes": ["00b131fa9a8c08d98433d8595034e51b80784932d8fa4bac863ce8f70f3af856", "033d5b7ac424bb285b3b7c4e188acf66e92fdb06e2f494e0786a713f11bc5675", "0514c7cb8e069ce657e5672d83d31e68b65c99ae7f6e5a86d08d89c690c09af5", "072cb9fe091174548a907eb6fba16e0a7076d7eff6e5623f2109d28b58a66af5", "091d12b78592ea8db5f83dba429b3a088e3ae62fdcca489861824062c8f5ff23", "1379bc713816753b7f9b8bd97cba679a87084d73f3c386647a649d8980bbbd42", "14c56a06a97877ff946460855d2422d306fa6bf4972f686c45168160e79c45c4", "16bd5a90214d427113dd67424f717e4b8d11985e773f5380c59280a42da0e822", "16f5711bf9635e679ac65141c651e4740a2b9fc349d8e335e6b39f44a4fabbf9", "1913d9841d42884fbcb51b74f1806eefbf619b8dc3e36569388870a796153e12", "1a9ef6ff0a5f76f096ad4375296d15c14e6ea96f42e62af8ef191b4e4517be17", "25420b5af983fdf54059c50ace2e34a9432fa0e3148a0e6363376f9e9617619f", "27c7557bdf25884fe3b58f98277fae4cc7a77f24c292fbeed6abb2549d16e9ba", "27f353645626f39108c9a1cfc2e28cd1c089972dd41621cd17610ec48c90e90d", "2b33ce94b42bd98a812c657d492e9ece222e53d3c119f356534d5cfd6b1b2ffb", "2b7a34bf7b088f72ed736dfaddacce547d19f87c9910883b5460de8946db0633", "322861c1b4b43d32a1331539d59ad573558f61672773430651929e40d19dafd5", "36a430d0daa727ce672cfe495d0c614e10f8045af1580344148e8b9148f07fa0", "43125487b748bcb6220b45f46ffa491740f75d4cf71a8823a15b400fd0243d60", "4435683d1e47f965aeed38d754e02e52f7b45f68a4fa4708532af93d8b2a9cd5", "49c4328e898a926bfbff4a6d530af9ebe107839ececfb09693133275f5ccd614", "49d217b942b6f3da7a2f37457c8bf240c6da8577b24518e0d415ea961b7b953d", "4dd17d724ad88aabcb8319f4d2a3df0b375b164378e009ff1b2607e7036c6b66", "4e1b16b99a4f5790578691146350c93f9c0957daecdaaf798e100e39c1279688", "525314e37bd5fe61793bf85d54fbaacdbf5e82e9fb8f328168ee2a83492fb268"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\SYSTEM", "value_name": "DisableTaskMgr"}, {"hashes": ["00b131fa9a8c08d98433d8595034e51b80784932d8fa4bac863ce8f70f3af856", "033d5b7ac424bb285b3b7c4e188acf66e92fdb06e2f494e0786a713f11bc5675", "0514c7cb8e069ce657e5672d83d31e68b65c99ae7f6e5a86d08d89c690c09af5", "072cb9fe091174548a907eb6fba16e0a7076d7eff6e5623f2109d28b58a66af5", "091d12b78592ea8db5f83dba429b3a088e3ae62fdcca489861824062c8f5ff23", "1379bc713816753b7f9b8bd97cba679a87084d73f3c386647a649d8980bbbd42", "14c56a06a97877ff946460855d2422d306fa6bf4972f686c45168160e79c45c4", "16bd5a90214d427113dd67424f717e4b8d11985e773f5380c59280a42da0e822", "16f5711bf9635e679ac65141c651e4740a2b9fc349d8e335e6b39f44a4fabbf9", "1913d9841d42884fbcb51b74f1806eefbf619b8dc3e36569388870a796153e12", "1a9ef6ff0a5f76f096ad4375296d15c14e6ea96f42e62af8ef191b4e4517be17", "25420b5af983fdf54059c50ace2e34a9432fa0e3148a0e6363376f9e9617619f", "27c7557bdf25884fe3b58f98277fae4cc7a77f24c292fbeed6abb2549d16e9ba", "27f353645626f39108c9a1cfc2e28cd1c089972dd41621cd17610ec48c90e90d", "2b33ce94b42bd98a812c657d492e9ece222e53d3c119f356534d5cfd6b1b2ffb", "2b7a34bf7b088f72ed736dfaddacce547d19f87c9910883b5460de8946db0633", "322861c1b4b43d32a1331539d59ad573558f61672773430651929e40d19dafd5", "36a430d0daa727ce672cfe495d0c614e10f8045af1580344148e8b9148f07fa0", "43125487b748bcb6220b45f46ffa491740f75d4cf71a8823a15b400fd0243d60", "4435683d1e47f965aeed38d754e02e52f7b45f68a4fa4708532af93d8b2a9cd5", "49c4328e898a926bfbff4a6d530af9ebe107839ececfb09693133275f5ccd614", "49d217b942b6f3da7a2f37457c8bf240c6da8577b24518e0d415ea961b7b953d", "4dd17d724ad88aabcb8319f4d2a3df0b375b164378e009ff1b2607e7036c6b66", "4e1b16b99a4f5790578691146350c93f9c0957daecdaaf798e100e39c1279688", "525314e37bd5fe61793bf85d54fbaacdbf5e82e9fb8f328168ee2a83492fb268"], "key": "<HKCR>\\LOCAL SETTINGS\\MUICACHE\\7C\\52C64B7E", "value_name": "LanguageList"}, {"hashes": ["00b131fa9a8c08d98433d8595034e51b80784932d8fa4bac863ce8f70f3af856", "033d5b7ac424bb285b3b7c4e188acf66e92fdb06e2f494e0786a713f11bc5675", "0514c7cb8e069ce657e5672d83d31e68b65c99ae7f6e5a86d08d89c690c09af5", "072cb9fe091174548a907eb6fba16e0a7076d7eff6e5623f2109d28b58a66af5", "091d12b78592ea8db5f83dba429b3a088e3ae62fdcca489861824062c8f5ff23", "1379bc713816753b7f9b8bd97cba679a87084d73f3c386647a649d8980bbbd42", "14c56a06a97877ff946460855d2422d306fa6bf4972f686c45168160e79c45c4", "16bd5a90214d427113dd67424f717e4b8d11985e773f5380c59280a42da0e822", "16f5711bf9635e679ac65141c651e4740a2b9fc349d8e335e6b39f44a4fabbf9", "1913d9841d42884fbcb51b74f1806eefbf619b8dc3e36569388870a796153e12", "1a9ef6ff0a5f76f096ad4375296d15c14e6ea96f42e62af8ef191b4e4517be17", "25420b5af983fdf54059c50ace2e34a9432fa0e3148a0e6363376f9e9617619f", "27c7557bdf25884fe3b58f98277fae4cc7a77f24c292fbeed6abb2549d16e9ba", "27f353645626f39108c9a1cfc2e28cd1c089972dd41621cd17610ec48c90e90d", "2b33ce94b42bd98a812c657d492e9ece222e53d3c119f356534d5cfd6b1b2ffb", "2b7a34bf7b088f72ed736dfaddacce547d19f87c9910883b5460de8946db0633", "322861c1b4b43d32a1331539d59ad573558f61672773430651929e40d19dafd5", "36a430d0daa727ce672cfe495d0c614e10f8045af1580344148e8b9148f07fa0", "43125487b748bcb6220b45f46ffa491740f75d4cf71a8823a15b400fd0243d60", "4435683d1e47f965aeed38d754e02e52f7b45f68a4fa4708532af93d8b2a9cd5", "49c4328e898a926bfbff4a6d530af9ebe107839ececfb09693133275f5ccd614", "49d217b942b6f3da7a2f37457c8bf240c6da8577b24518e0d415ea961b7b953d", "4dd17d724ad88aabcb8319f4d2a3df0b375b164378e009ff1b2607e7036c6b66", "4e1b16b99a4f5790578691146350c93f9c0957daecdaaf798e100e39c1279688", "525314e37bd5fe61793bf85d54fbaacdbf5e82e9fb8f328168ee2a83492fb268"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\ACTION CENTER\\CHECKS\\{C8E6F269-B90A-4053-A3BE-499AFCEC98C4}.CHECK.0", "value_name": "CheckSetting"}]}, "reports_count": 25}, "Win.Packed.Phorpiex-9805496-0": {"bis": [{"bi": "antivirus-flagged-artifact", "hashes": ["498a2f78716bf221a00c3414d1b9b5922b91ace212609e0811baf5fc49d60d26", "86cb16f05d0dc935474178ff425e2b44d1c25d93d998bdd8042cf9f13a9ceee0", "1413614442785cc2f832c0d6d9447506bf1caee72390c9035900c4bc3ca6fd4c", "cabf376ba19a4a16517e90634a99840e9cae1beef06acb76345d2b9ab8044c63", "f46104009added65d7622a12c6809376b91c961c61d41e28a968dd9d8d0a753a", "8f7da634dfe3e4d1b87ac3734b0a8d836bf24f1d33e8f23be498b3650810ff49", "80ff5f8e4de0eaf266d3e73f9c52493f48600c002c8d8fd4436a313a014c8f59", "226212f9681cd5f9b6151f046686c53756046ce97be058618f5c204ec737132e", "d2931fc8189d7f0fb35f82e8fa66d83252fe6d4f94d2a743f8ca45542ee0757f", "d810c0e503bebbbb290bf92d344800ed69addc978527e9f225c0bf60ed3abda5", "13f0e73aae7e5ca7e67e7090b9dc0a3041f0b23bca82d2d20d9e65ff95311602", "e44503145f269028e90c4b19261b99476c2e45d2cdc31fb572e77a8fb2b887c4", "279da584e4a1198650d2514b46ad1233c2b5af01019266ad2c2a708c5cd7b68b", "c5e91b0daea9146e0e45167e229d383a0afd2d46c3bbdeb7e9a50640565f87f6", "5fa6c3f4f614ea84f2b05c560c8325d662ead5f35569b0770bc250bd460f1637", "038d1de536eebac9f9d1279777ceb5375e9bdf26593d2e9cef0deaa85434b64d", "bd117c316ccc9e04c269949f569c5fc4fd163d2e8cab536053db9906799294ac", "503e5946bce935f1dfa54048131712b2607b4763f674436306b6d57bf24dc481", "101329685805850cb07f12c3021bd9f54a5e6b25654d10ca33f8f0e79c36b6b6", "9af21c1dc0084f10420edb915a7911edb316cf5f76455e6cb6fdbb93f938b0a4", "0fb2be0b70ded0d999f7ae0a7708d841b4cbaa80ed730dc5e5701daa257ccc5b"], "mitre_attack_tags": []}, {"bi": "memory-execute-readwrite", "hashes": ["498a2f78716bf221a00c3414d1b9b5922b91ace212609e0811baf5fc49d60d26", "86cb16f05d0dc935474178ff425e2b44d1c25d93d998bdd8042cf9f13a9ceee0", "1413614442785cc2f832c0d6d9447506bf1caee72390c9035900c4bc3ca6fd4c", "cabf376ba19a4a16517e90634a99840e9cae1beef06acb76345d2b9ab8044c63", "f46104009added65d7622a12c6809376b91c961c61d41e28a968dd9d8d0a753a", "8f7da634dfe3e4d1b87ac3734b0a8d836bf24f1d33e8f23be498b3650810ff49", "80ff5f8e4de0eaf266d3e73f9c52493f48600c002c8d8fd4436a313a014c8f59", "226212f9681cd5f9b6151f046686c53756046ce97be058618f5c204ec737132e", "d2931fc8189d7f0fb35f82e8fa66d83252fe6d4f94d2a743f8ca45542ee0757f", "d810c0e503bebbbb290bf92d344800ed69addc978527e9f225c0bf60ed3abda5", "13f0e73aae7e5ca7e67e7090b9dc0a3041f0b23bca82d2d20d9e65ff95311602", "e44503145f269028e90c4b19261b99476c2e45d2cdc31fb572e77a8fb2b887c4", "279da584e4a1198650d2514b46ad1233c2b5af01019266ad2c2a708c5cd7b68b", "c5e91b0daea9146e0e45167e229d383a0afd2d46c3bbdeb7e9a50640565f87f6", "5fa6c3f4f614ea84f2b05c560c8325d662ead5f35569b0770bc250bd460f1637", "038d1de536eebac9f9d1279777ceb5375e9bdf26593d2e9cef0deaa85434b64d", "bd117c316ccc9e04c269949f569c5fc4fd163d2e8cab536053db9906799294ac", "503e5946bce935f1dfa54048131712b2607b4763f674436306b6d57bf24dc481", "101329685805850cb07f12c3021bd9f54a5e6b25654d10ca33f8f0e79c36b6b6", "9af21c1dc0084f10420edb915a7911edb316cf5f76455e6cb6fdbb93f938b0a4", "0fb2be0b70ded0d999f7ae0a7708d841b4cbaa80ed730dc5e5701daa257ccc5b"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "modified-executable", "hashes": ["498a2f78716bf221a00c3414d1b9b5922b91ace212609e0811baf5fc49d60d26", "86cb16f05d0dc935474178ff425e2b44d1c25d93d998bdd8042cf9f13a9ceee0", "1413614442785cc2f832c0d6d9447506bf1caee72390c9035900c4bc3ca6fd4c", "cabf376ba19a4a16517e90634a99840e9cae1beef06acb76345d2b9ab8044c63", "f46104009added65d7622a12c6809376b91c961c61d41e28a968dd9d8d0a753a", "8f7da634dfe3e4d1b87ac3734b0a8d836bf24f1d33e8f23be498b3650810ff49", "80ff5f8e4de0eaf266d3e73f9c52493f48600c002c8d8fd4436a313a014c8f59", "226212f9681cd5f9b6151f046686c53756046ce97be058618f5c204ec737132e", "d2931fc8189d7f0fb35f82e8fa66d83252fe6d4f94d2a743f8ca45542ee0757f", "d810c0e503bebbbb290bf92d344800ed69addc978527e9f225c0bf60ed3abda5", "13f0e73aae7e5ca7e67e7090b9dc0a3041f0b23bca82d2d20d9e65ff95311602", "e44503145f269028e90c4b19261b99476c2e45d2cdc31fb572e77a8fb2b887c4", "279da584e4a1198650d2514b46ad1233c2b5af01019266ad2c2a708c5cd7b68b", "c5e91b0daea9146e0e45167e229d383a0afd2d46c3bbdeb7e9a50640565f87f6", "5fa6c3f4f614ea84f2b05c560c8325d662ead5f35569b0770bc250bd460f1637", "038d1de536eebac9f9d1279777ceb5375e9bdf26593d2e9cef0deaa85434b64d", "bd117c316ccc9e04c269949f569c5fc4fd163d2e8cab536053db9906799294ac", "503e5946bce935f1dfa54048131712b2607b4763f674436306b6d57bf24dc481", "101329685805850cb07f12c3021bd9f54a5e6b25654d10ca33f8f0e79c36b6b6", "9af21c1dc0084f10420edb915a7911edb316cf5f76455e6cb6fdbb93f938b0a4", "0fb2be0b70ded0d999f7ae0a7708d841b4cbaa80ed730dc5e5701daa257ccc5b"], "mitre_attack_tags": []}, {"bi": "created-executable-in-user-dir", "hashes": ["498a2f78716bf221a00c3414d1b9b5922b91ace212609e0811baf5fc49d60d26", "86cb16f05d0dc935474178ff425e2b44d1c25d93d998bdd8042cf9f13a9ceee0", "1413614442785cc2f832c0d6d9447506bf1caee72390c9035900c4bc3ca6fd4c", "cabf376ba19a4a16517e90634a99840e9cae1beef06acb76345d2b9ab8044c63", "f46104009added65d7622a12c6809376b91c961c61d41e28a968dd9d8d0a753a", "8f7da634dfe3e4d1b87ac3734b0a8d836bf24f1d33e8f23be498b3650810ff49", "80ff5f8e4de0eaf266d3e73f9c52493f48600c002c8d8fd4436a313a014c8f59", "226212f9681cd5f9b6151f046686c53756046ce97be058618f5c204ec737132e", "d2931fc8189d7f0fb35f82e8fa66d83252fe6d4f94d2a743f8ca45542ee0757f", "d810c0e503bebbbb290bf92d344800ed69addc978527e9f225c0bf60ed3abda5", "13f0e73aae7e5ca7e67e7090b9dc0a3041f0b23bca82d2d20d9e65ff95311602", "e44503145f269028e90c4b19261b99476c2e45d2cdc31fb572e77a8fb2b887c4", "279da584e4a1198650d2514b46ad1233c2b5af01019266ad2c2a708c5cd7b68b", "c5e91b0daea9146e0e45167e229d383a0afd2d46c3bbdeb7e9a50640565f87f6", "5fa6c3f4f614ea84f2b05c560c8325d662ead5f35569b0770bc250bd460f1637", "038d1de536eebac9f9d1279777ceb5375e9bdf26593d2e9cef0deaa85434b64d", "bd117c316ccc9e04c269949f569c5fc4fd163d2e8cab536053db9906799294ac", "503e5946bce935f1dfa54048131712b2607b4763f674436306b6d57bf24dc481", "101329685805850cb07f12c3021bd9f54a5e6b25654d10ca33f8f0e79c36b6b6", "9af21c1dc0084f10420edb915a7911edb316cf5f76455e6cb6fdbb93f938b0a4", "0fb2be0b70ded0d999f7ae0a7708d841b4cbaa80ed730dc5e5701daa257ccc5b"], "mitre_attack_tags": []}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["498a2f78716bf221a00c3414d1b9b5922b91ace212609e0811baf5fc49d60d26", "86cb16f05d0dc935474178ff425e2b44d1c25d93d998bdd8042cf9f13a9ceee0", "1413614442785cc2f832c0d6d9447506bf1caee72390c9035900c4bc3ca6fd4c", "cabf376ba19a4a16517e90634a99840e9cae1beef06acb76345d2b9ab8044c63", "f46104009added65d7622a12c6809376b91c961c61d41e28a968dd9d8d0a753a", "8f7da634dfe3e4d1b87ac3734b0a8d836bf24f1d33e8f23be498b3650810ff49", "80ff5f8e4de0eaf266d3e73f9c52493f48600c002c8d8fd4436a313a014c8f59", "226212f9681cd5f9b6151f046686c53756046ce97be058618f5c204ec737132e", "d2931fc8189d7f0fb35f82e8fa66d83252fe6d4f94d2a743f8ca45542ee0757f", "d810c0e503bebbbb290bf92d344800ed69addc978527e9f225c0bf60ed3abda5", "13f0e73aae7e5ca7e67e7090b9dc0a3041f0b23bca82d2d20d9e65ff95311602", "e44503145f269028e90c4b19261b99476c2e45d2cdc31fb572e77a8fb2b887c4", "279da584e4a1198650d2514b46ad1233c2b5af01019266ad2c2a708c5cd7b68b", "c5e91b0daea9146e0e45167e229d383a0afd2d46c3bbdeb7e9a50640565f87f6", "5fa6c3f4f614ea84f2b05c560c8325d662ead5f35569b0770bc250bd460f1637", "038d1de536eebac9f9d1279777ceb5375e9bdf26593d2e9cef0deaa85434b64d", "bd117c316ccc9e04c269949f569c5fc4fd163d2e8cab536053db9906799294ac", "503e5946bce935f1dfa54048131712b2607b4763f674436306b6d57bf24dc481", "101329685805850cb07f12c3021bd9f54a5e6b25654d10ca33f8f0e79c36b6b6", "9af21c1dc0084f10420edb915a7911edb316cf5f76455e6cb6fdbb93f938b0a4", "0fb2be0b70ded0d999f7ae0a7708d841b4cbaa80ed730dc5e5701daa257ccc5b"], "mitre_attack_tags": []}, {"bi": "modified-file-in-user-dir", "hashes": ["498a2f78716bf221a00c3414d1b9b5922b91ace212609e0811baf5fc49d60d26", "86cb16f05d0dc935474178ff425e2b44d1c25d93d998bdd8042cf9f13a9ceee0", "1413614442785cc2f832c0d6d9447506bf1caee72390c9035900c4bc3ca6fd4c", "cabf376ba19a4a16517e90634a99840e9cae1beef06acb76345d2b9ab8044c63", "f46104009added65d7622a12c6809376b91c961c61d41e28a968dd9d8d0a753a", "8f7da634dfe3e4d1b87ac3734b0a8d836bf24f1d33e8f23be498b3650810ff49", "80ff5f8e4de0eaf266d3e73f9c52493f48600c002c8d8fd4436a313a014c8f59", "226212f9681cd5f9b6151f046686c53756046ce97be058618f5c204ec737132e", "d2931fc8189d7f0fb35f82e8fa66d83252fe6d4f94d2a743f8ca45542ee0757f", "d810c0e503bebbbb290bf92d344800ed69addc978527e9f225c0bf60ed3abda5", "13f0e73aae7e5ca7e67e7090b9dc0a3041f0b23bca82d2d20d9e65ff95311602", "e44503145f269028e90c4b19261b99476c2e45d2cdc31fb572e77a8fb2b887c4", "279da584e4a1198650d2514b46ad1233c2b5af01019266ad2c2a708c5cd7b68b", "c5e91b0daea9146e0e45167e229d383a0afd2d46c3bbdeb7e9a50640565f87f6", "5fa6c3f4f614ea84f2b05c560c8325d662ead5f35569b0770bc250bd460f1637", "038d1de536eebac9f9d1279777ceb5375e9bdf26593d2e9cef0deaa85434b64d", "bd117c316ccc9e04c269949f569c5fc4fd163d2e8cab536053db9906799294ac", "503e5946bce935f1dfa54048131712b2607b4763f674436306b6d57bf24dc481", "101329685805850cb07f12c3021bd9f54a5e6b25654d10ca33f8f0e79c36b6b6", "9af21c1dc0084f10420edb915a7911edb316cf5f76455e6cb6fdbb93f938b0a4", "0fb2be0b70ded0d999f7ae0a7708d841b4cbaa80ed730dc5e5701daa257ccc5b"], "mitre_attack_tags": []}, {"bi": "cta-static-analyzer-malicious", "hashes": ["498a2f78716bf221a00c3414d1b9b5922b91ace212609e0811baf5fc49d60d26", "86cb16f05d0dc935474178ff425e2b44d1c25d93d998bdd8042cf9f13a9ceee0", "1413614442785cc2f832c0d6d9447506bf1caee72390c9035900c4bc3ca6fd4c", "cabf376ba19a4a16517e90634a99840e9cae1beef06acb76345d2b9ab8044c63", "f46104009added65d7622a12c6809376b91c961c61d41e28a968dd9d8d0a753a", "8f7da634dfe3e4d1b87ac3734b0a8d836bf24f1d33e8f23be498b3650810ff49", "80ff5f8e4de0eaf266d3e73f9c52493f48600c002c8d8fd4436a313a014c8f59", "226212f9681cd5f9b6151f046686c53756046ce97be058618f5c204ec737132e", "d2931fc8189d7f0fb35f82e8fa66d83252fe6d4f94d2a743f8ca45542ee0757f", "d810c0e503bebbbb290bf92d344800ed69addc978527e9f225c0bf60ed3abda5", "13f0e73aae7e5ca7e67e7090b9dc0a3041f0b23bca82d2d20d9e65ff95311602", "e44503145f269028e90c4b19261b99476c2e45d2cdc31fb572e77a8fb2b887c4", "279da584e4a1198650d2514b46ad1233c2b5af01019266ad2c2a708c5cd7b68b", "c5e91b0daea9146e0e45167e229d383a0afd2d46c3bbdeb7e9a50640565f87f6", "5fa6c3f4f614ea84f2b05c560c8325d662ead5f35569b0770bc250bd460f1637", "038d1de536eebac9f9d1279777ceb5375e9bdf26593d2e9cef0deaa85434b64d", "bd117c316ccc9e04c269949f569c5fc4fd163d2e8cab536053db9906799294ac", "503e5946bce935f1dfa54048131712b2607b4763f674436306b6d57bf24dc481", "101329685805850cb07f12c3021bd9f54a5e6b25654d10ca33f8f0e79c36b6b6", "9af21c1dc0084f10420edb915a7911edb316cf5f76455e6cb6fdbb93f938b0a4", "0fb2be0b70ded0d999f7ae0a7708d841b4cbaa80ed730dc5e5701daa257ccc5b"], "mitre_attack_tags": []}, {"bi": "pe-uses-armadillo", "hashes": ["498a2f78716bf221a00c3414d1b9b5922b91ace212609e0811baf5fc49d60d26", "86cb16f05d0dc935474178ff425e2b44d1c25d93d998bdd8042cf9f13a9ceee0", "1413614442785cc2f832c0d6d9447506bf1caee72390c9035900c4bc3ca6fd4c", "cabf376ba19a4a16517e90634a99840e9cae1beef06acb76345d2b9ab8044c63", "f46104009added65d7622a12c6809376b91c961c61d41e28a968dd9d8d0a753a", "8f7da634dfe3e4d1b87ac3734b0a8d836bf24f1d33e8f23be498b3650810ff49", "80ff5f8e4de0eaf266d3e73f9c52493f48600c002c8d8fd4436a313a014c8f59", "226212f9681cd5f9b6151f046686c53756046ce97be058618f5c204ec737132e", "d2931fc8189d7f0fb35f82e8fa66d83252fe6d4f94d2a743f8ca45542ee0757f", "d810c0e503bebbbb290bf92d344800ed69addc978527e9f225c0bf60ed3abda5", "13f0e73aae7e5ca7e67e7090b9dc0a3041f0b23bca82d2d20d9e65ff95311602", "e44503145f269028e90c4b19261b99476c2e45d2cdc31fb572e77a8fb2b887c4", "279da584e4a1198650d2514b46ad1233c2b5af01019266ad2c2a708c5cd7b68b", "c5e91b0daea9146e0e45167e229d383a0afd2d46c3bbdeb7e9a50640565f87f6", "5fa6c3f4f614ea84f2b05c560c8325d662ead5f35569b0770bc250bd460f1637", "038d1de536eebac9f9d1279777ceb5375e9bdf26593d2e9cef0deaa85434b64d", "bd117c316ccc9e04c269949f569c5fc4fd163d2e8cab536053db9906799294ac", "503e5946bce935f1dfa54048131712b2607b4763f674436306b6d57bf24dc481", "101329685805850cb07f12c3021bd9f54a5e6b25654d10ca33f8f0e79c36b6b6", "9af21c1dc0084f10420edb915a7911edb316cf5f76455e6cb6fdbb93f938b0a4", "0fb2be0b70ded0d999f7ae0a7708d841b4cbaa80ed730dc5e5701daa257ccc5b"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "sample-launched-copy-of-self", "hashes": ["498a2f78716bf221a00c3414d1b9b5922b91ace212609e0811baf5fc49d60d26", "86cb16f05d0dc935474178ff425e2b44d1c25d93d998bdd8042cf9f13a9ceee0", "1413614442785cc2f832c0d6d9447506bf1caee72390c9035900c4bc3ca6fd4c", "cabf376ba19a4a16517e90634a99840e9cae1beef06acb76345d2b9ab8044c63", "f46104009added65d7622a12c6809376b91c961c61d41e28a968dd9d8d0a753a", "8f7da634dfe3e4d1b87ac3734b0a8d836bf24f1d33e8f23be498b3650810ff49", "80ff5f8e4de0eaf266d3e73f9c52493f48600c002c8d8fd4436a313a014c8f59", "226212f9681cd5f9b6151f046686c53756046ce97be058618f5c204ec737132e", "d2931fc8189d7f0fb35f82e8fa66d83252fe6d4f94d2a743f8ca45542ee0757f", "d810c0e503bebbbb290bf92d344800ed69addc978527e9f225c0bf60ed3abda5", "13f0e73aae7e5ca7e67e7090b9dc0a3041f0b23bca82d2d20d9e65ff95311602", "e44503145f269028e90c4b19261b99476c2e45d2cdc31fb572e77a8fb2b887c4", "279da584e4a1198650d2514b46ad1233c2b5af01019266ad2c2a708c5cd7b68b", "c5e91b0daea9146e0e45167e229d383a0afd2d46c3bbdeb7e9a50640565f87f6", "5fa6c3f4f614ea84f2b05c560c8325d662ead5f35569b0770bc250bd460f1637", "038d1de536eebac9f9d1279777ceb5375e9bdf26593d2e9cef0deaa85434b64d", "bd117c316ccc9e04c269949f569c5fc4fd163d2e8cab536053db9906799294ac", "503e5946bce935f1dfa54048131712b2607b4763f674436306b6d57bf24dc481", "101329685805850cb07f12c3021bd9f54a5e6b25654d10ca33f8f0e79c36b6b6", "9af21c1dc0084f10420edb915a7911edb316cf5f76455e6cb6fdbb93f938b0a4", "0fb2be0b70ded0d999f7ae0a7708d841b4cbaa80ed730dc5e5701daa257ccc5b"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "registry-autorun-key-modified", "hashes": ["498a2f78716bf221a00c3414d1b9b5922b91ace212609e0811baf5fc49d60d26", "86cb16f05d0dc935474178ff425e2b44d1c25d93d998bdd8042cf9f13a9ceee0", "1413614442785cc2f832c0d6d9447506bf1caee72390c9035900c4bc3ca6fd4c", "cabf376ba19a4a16517e90634a99840e9cae1beef06acb76345d2b9ab8044c63", "f46104009added65d7622a12c6809376b91c961c61d41e28a968dd9d8d0a753a", "8f7da634dfe3e4d1b87ac3734b0a8d836bf24f1d33e8f23be498b3650810ff49", "80ff5f8e4de0eaf266d3e73f9c52493f48600c002c8d8fd4436a313a014c8f59", "226212f9681cd5f9b6151f046686c53756046ce97be058618f5c204ec737132e", "d2931fc8189d7f0fb35f82e8fa66d83252fe6d4f94d2a743f8ca45542ee0757f", "d810c0e503bebbbb290bf92d344800ed69addc978527e9f225c0bf60ed3abda5", "13f0e73aae7e5ca7e67e7090b9dc0a3041f0b23bca82d2d20d9e65ff95311602", "e44503145f269028e90c4b19261b99476c2e45d2cdc31fb572e77a8fb2b887c4", "279da584e4a1198650d2514b46ad1233c2b5af01019266ad2c2a708c5cd7b68b", "c5e91b0daea9146e0e45167e229d383a0afd2d46c3bbdeb7e9a50640565f87f6", "5fa6c3f4f614ea84f2b05c560c8325d662ead5f35569b0770bc250bd460f1637", "038d1de536eebac9f9d1279777ceb5375e9bdf26593d2e9cef0deaa85434b64d", "bd117c316ccc9e04c269949f569c5fc4fd163d2e8cab536053db9906799294ac", "503e5946bce935f1dfa54048131712b2607b4763f674436306b6d57bf24dc481", "101329685805850cb07f12c3021bd9f54a5e6b25654d10ca33f8f0e79c36b6b6", "9af21c1dc0084f10420edb915a7911edb316cf5f76455e6cb6fdbb93f938b0a4", "0fb2be0b70ded0d999f7ae0a7708d841b4cbaa80ed730dc5e5701daa257ccc5b"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "cmd-exe-file-execution", "hashes": ["498a2f78716bf221a00c3414d1b9b5922b91ace212609e0811baf5fc49d60d26", "86cb16f05d0dc935474178ff425e2b44d1c25d93d998bdd8042cf9f13a9ceee0", "1413614442785cc2f832c0d6d9447506bf1caee72390c9035900c4bc3ca6fd4c", "cabf376ba19a4a16517e90634a99840e9cae1beef06acb76345d2b9ab8044c63", "f46104009added65d7622a12c6809376b91c961c61d41e28a968dd9d8d0a753a", "8f7da634dfe3e4d1b87ac3734b0a8d836bf24f1d33e8f23be498b3650810ff49", "80ff5f8e4de0eaf266d3e73f9c52493f48600c002c8d8fd4436a313a014c8f59", "226212f9681cd5f9b6151f046686c53756046ce97be058618f5c204ec737132e", "d2931fc8189d7f0fb35f82e8fa66d83252fe6d4f94d2a743f8ca45542ee0757f", "d810c0e503bebbbb290bf92d344800ed69addc978527e9f225c0bf60ed3abda5", "13f0e73aae7e5ca7e67e7090b9dc0a3041f0b23bca82d2d20d9e65ff95311602", "e44503145f269028e90c4b19261b99476c2e45d2cdc31fb572e77a8fb2b887c4", "279da584e4a1198650d2514b46ad1233c2b5af01019266ad2c2a708c5cd7b68b", "c5e91b0daea9146e0e45167e229d383a0afd2d46c3bbdeb7e9a50640565f87f6", "5fa6c3f4f614ea84f2b05c560c8325d662ead5f35569b0770bc250bd460f1637", "038d1de536eebac9f9d1279777ceb5375e9bdf26593d2e9cef0deaa85434b64d", "bd117c316ccc9e04c269949f569c5fc4fd163d2e8cab536053db9906799294ac", "503e5946bce935f1dfa54048131712b2607b4763f674436306b6d57bf24dc481", "101329685805850cb07f12c3021bd9f54a5e6b25654d10ca33f8f0e79c36b6b6", "9af21c1dc0084f10420edb915a7911edb316cf5f76455e6cb6fdbb93f938b0a4", "0fb2be0b70ded0d999f7ae0a7708d841b4cbaa80ed730dc5e5701daa257ccc5b"], "mitre_attack_tags": ["TA0002", "T1059"]}, {"bi": "modified-file-in-system-dir", "hashes": ["498a2f78716bf221a00c3414d1b9b5922b91ace212609e0811baf5fc49d60d26", "86cb16f05d0dc935474178ff425e2b44d1c25d93d998bdd8042cf9f13a9ceee0", "1413614442785cc2f832c0d6d9447506bf1caee72390c9035900c4bc3ca6fd4c", "cabf376ba19a4a16517e90634a99840e9cae1beef06acb76345d2b9ab8044c63", "f46104009added65d7622a12c6809376b91c961c61d41e28a968dd9d8d0a753a", "8f7da634dfe3e4d1b87ac3734b0a8d836bf24f1d33e8f23be498b3650810ff49", "80ff5f8e4de0eaf266d3e73f9c52493f48600c002c8d8fd4436a313a014c8f59", "226212f9681cd5f9b6151f046686c53756046ce97be058618f5c204ec737132e", "d2931fc8189d7f0fb35f82e8fa66d83252fe6d4f94d2a743f8ca45542ee0757f", "d810c0e503bebbbb290bf92d344800ed69addc978527e9f225c0bf60ed3abda5", "13f0e73aae7e5ca7e67e7090b9dc0a3041f0b23bca82d2d20d9e65ff95311602", "e44503145f269028e90c4b19261b99476c2e45d2cdc31fb572e77a8fb2b887c4", "279da584e4a1198650d2514b46ad1233c2b5af01019266ad2c2a708c5cd7b68b", "c5e91b0daea9146e0e45167e229d383a0afd2d46c3bbdeb7e9a50640565f87f6", "5fa6c3f4f614ea84f2b05c560c8325d662ead5f35569b0770bc250bd460f1637", "038d1de536eebac9f9d1279777ceb5375e9bdf26593d2e9cef0deaa85434b64d", "bd117c316ccc9e04c269949f569c5fc4fd163d2e8cab536053db9906799294ac", "503e5946bce935f1dfa54048131712b2607b4763f674436306b6d57bf24dc481", "101329685805850cb07f12c3021bd9f54a5e6b25654d10ca33f8f0e79c36b6b6", "9af21c1dc0084f10420edb915a7911edb316cf5f76455e6cb6fdbb93f938b0a4", "0fb2be0b70ded0d999f7ae0a7708d841b4cbaa80ed730dc5e5701daa257ccc5b"], "mitre_attack_tags": []}, {"bi": "registry-autorun-key-system-dir", "hashes": ["498a2f78716bf221a00c3414d1b9b5922b91ace212609e0811baf5fc49d60d26", "86cb16f05d0dc935474178ff425e2b44d1c25d93d998bdd8042cf9f13a9ceee0", "1413614442785cc2f832c0d6d9447506bf1caee72390c9035900c4bc3ca6fd4c", "cabf376ba19a4a16517e90634a99840e9cae1beef06acb76345d2b9ab8044c63", "f46104009added65d7622a12c6809376b91c961c61d41e28a968dd9d8d0a753a", "8f7da634dfe3e4d1b87ac3734b0a8d836bf24f1d33e8f23be498b3650810ff49", "80ff5f8e4de0eaf266d3e73f9c52493f48600c002c8d8fd4436a313a014c8f59", "226212f9681cd5f9b6151f046686c53756046ce97be058618f5c204ec737132e", "d2931fc8189d7f0fb35f82e8fa66d83252fe6d4f94d2a743f8ca45542ee0757f", "d810c0e503bebbbb290bf92d344800ed69addc978527e9f225c0bf60ed3abda5", "13f0e73aae7e5ca7e67e7090b9dc0a3041f0b23bca82d2d20d9e65ff95311602", "e44503145f269028e90c4b19261b99476c2e45d2cdc31fb572e77a8fb2b887c4", "279da584e4a1198650d2514b46ad1233c2b5af01019266ad2c2a708c5cd7b68b", "c5e91b0daea9146e0e45167e229d383a0afd2d46c3bbdeb7e9a50640565f87f6", "5fa6c3f4f614ea84f2b05c560c8325d662ead5f35569b0770bc250bd460f1637", "038d1de536eebac9f9d1279777ceb5375e9bdf26593d2e9cef0deaa85434b64d", "bd117c316ccc9e04c269949f569c5fc4fd163d2e8cab536053db9906799294ac", "503e5946bce935f1dfa54048131712b2607b4763f674436306b6d57bf24dc481", "101329685805850cb07f12c3021bd9f54a5e6b25654d10ca33f8f0e79c36b6b6", "9af21c1dc0084f10420edb915a7911edb316cf5f76455e6cb6fdbb93f938b0a4", "0fb2be0b70ded0d999f7ae0a7708d841b4cbaa80ed730dc5e5701daa257ccc5b"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "imports-IsDebuggerPresent", "hashes": ["498a2f78716bf221a00c3414d1b9b5922b91ace212609e0811baf5fc49d60d26", "86cb16f05d0dc935474178ff425e2b44d1c25d93d998bdd8042cf9f13a9ceee0", "1413614442785cc2f832c0d6d9447506bf1caee72390c9035900c4bc3ca6fd4c", "cabf376ba19a4a16517e90634a99840e9cae1beef06acb76345d2b9ab8044c63", "f46104009added65d7622a12c6809376b91c961c61d41e28a968dd9d8d0a753a", "8f7da634dfe3e4d1b87ac3734b0a8d836bf24f1d33e8f23be498b3650810ff49", "80ff5f8e4de0eaf266d3e73f9c52493f48600c002c8d8fd4436a313a014c8f59", "226212f9681cd5f9b6151f046686c53756046ce97be058618f5c204ec737132e", "d2931fc8189d7f0fb35f82e8fa66d83252fe6d4f94d2a743f8ca45542ee0757f", "d810c0e503bebbbb290bf92d344800ed69addc978527e9f225c0bf60ed3abda5", "13f0e73aae7e5ca7e67e7090b9dc0a3041f0b23bca82d2d20d9e65ff95311602", "e44503145f269028e90c4b19261b99476c2e45d2cdc31fb572e77a8fb2b887c4", "279da584e4a1198650d2514b46ad1233c2b5af01019266ad2c2a708c5cd7b68b", "c5e91b0daea9146e0e45167e229d383a0afd2d46c3bbdeb7e9a50640565f87f6", "5fa6c3f4f614ea84f2b05c560c8325d662ead5f35569b0770bc250bd460f1637", "038d1de536eebac9f9d1279777ceb5375e9bdf26593d2e9cef0deaa85434b64d", "bd117c316ccc9e04c269949f569c5fc4fd163d2e8cab536053db9906799294ac", "503e5946bce935f1dfa54048131712b2607b4763f674436306b6d57bf24dc481", "101329685805850cb07f12c3021bd9f54a5e6b25654d10ca33f8f0e79c36b6b6", "9af21c1dc0084f10420edb915a7911edb316cf5f76455e6cb6fdbb93f938b0a4", "0fb2be0b70ded0d999f7ae0a7708d841b4cbaa80ed730dc5e5701daa257ccc5b"], "mitre_attack_tags": []}, {"bi": "excessive-sample-duplication", "hashes": ["498a2f78716bf221a00c3414d1b9b5922b91ace212609e0811baf5fc49d60d26", "86cb16f05d0dc935474178ff425e2b44d1c25d93d998bdd8042cf9f13a9ceee0", "1413614442785cc2f832c0d6d9447506bf1caee72390c9035900c4bc3ca6fd4c", "cabf376ba19a4a16517e90634a99840e9cae1beef06acb76345d2b9ab8044c63", "f46104009added65d7622a12c6809376b91c961c61d41e28a968dd9d8d0a753a", "8f7da634dfe3e4d1b87ac3734b0a8d836bf24f1d33e8f23be498b3650810ff49", "80ff5f8e4de0eaf266d3e73f9c52493f48600c002c8d8fd4436a313a014c8f59", "226212f9681cd5f9b6151f046686c53756046ce97be058618f5c204ec737132e", "d2931fc8189d7f0fb35f82e8fa66d83252fe6d4f94d2a743f8ca45542ee0757f", "d810c0e503bebbbb290bf92d344800ed69addc978527e9f225c0bf60ed3abda5", "13f0e73aae7e5ca7e67e7090b9dc0a3041f0b23bca82d2d20d9e65ff95311602", "e44503145f269028e90c4b19261b99476c2e45d2cdc31fb572e77a8fb2b887c4", "279da584e4a1198650d2514b46ad1233c2b5af01019266ad2c2a708c5cd7b68b", "c5e91b0daea9146e0e45167e229d383a0afd2d46c3bbdeb7e9a50640565f87f6", "5fa6c3f4f614ea84f2b05c560c8325d662ead5f35569b0770bc250bd460f1637", "038d1de536eebac9f9d1279777ceb5375e9bdf26593d2e9cef0deaa85434b64d", "bd117c316ccc9e04c269949f569c5fc4fd163d2e8cab536053db9906799294ac", "503e5946bce935f1dfa54048131712b2607b4763f674436306b6d57bf24dc481", "101329685805850cb07f12c3021bd9f54a5e6b25654d10ca33f8f0e79c36b6b6", "9af21c1dc0084f10420edb915a7911edb316cf5f76455e6cb6fdbb93f938b0a4", "0fb2be0b70ded0d999f7ae0a7708d841b4cbaa80ed730dc5e5701daa257ccc5b"], "mitre_attack_tags": ["TA0005", "TA0003"]}, {"bi": "excessive-process-creates", "hashes": ["498a2f78716bf221a00c3414d1b9b5922b91ace212609e0811baf5fc49d60d26", "86cb16f05d0dc935474178ff425e2b44d1c25d93d998bdd8042cf9f13a9ceee0", "1413614442785cc2f832c0d6d9447506bf1caee72390c9035900c4bc3ca6fd4c", "cabf376ba19a4a16517e90634a99840e9cae1beef06acb76345d2b9ab8044c63", "f46104009added65d7622a12c6809376b91c961c61d41e28a968dd9d8d0a753a", "8f7da634dfe3e4d1b87ac3734b0a8d836bf24f1d33e8f23be498b3650810ff49", "80ff5f8e4de0eaf266d3e73f9c52493f48600c002c8d8fd4436a313a014c8f59", "226212f9681cd5f9b6151f046686c53756046ce97be058618f5c204ec737132e", "d2931fc8189d7f0fb35f82e8fa66d83252fe6d4f94d2a743f8ca45542ee0757f", "d810c0e503bebbbb290bf92d344800ed69addc978527e9f225c0bf60ed3abda5", "13f0e73aae7e5ca7e67e7090b9dc0a3041f0b23bca82d2d20d9e65ff95311602", "e44503145f269028e90c4b19261b99476c2e45d2cdc31fb572e77a8fb2b887c4", "279da584e4a1198650d2514b46ad1233c2b5af01019266ad2c2a708c5cd7b68b", "c5e91b0daea9146e0e45167e229d383a0afd2d46c3bbdeb7e9a50640565f87f6", "5fa6c3f4f614ea84f2b05c560c8325d662ead5f35569b0770bc250bd460f1637", "038d1de536eebac9f9d1279777ceb5375e9bdf26593d2e9cef0deaa85434b64d", "bd117c316ccc9e04c269949f569c5fc4fd163d2e8cab536053db9906799294ac", "503e5946bce935f1dfa54048131712b2607b4763f674436306b6d57bf24dc481", "101329685805850cb07f12c3021bd9f54a5e6b25654d10ca33f8f0e79c36b6b6", "9af21c1dc0084f10420edb915a7911edb316cf5f76455e6cb6fdbb93f938b0a4", "0fb2be0b70ded0d999f7ae0a7708d841b4cbaa80ed730dc5e5701daa257ccc5b"], "mitre_attack_tags": ["TA0040", "T1499"]}, {"bi": "modified-file-on-usb", "hashes": ["498a2f78716bf221a00c3414d1b9b5922b91ace212609e0811baf5fc49d60d26", "86cb16f05d0dc935474178ff425e2b44d1c25d93d998bdd8042cf9f13a9ceee0", "1413614442785cc2f832c0d6d9447506bf1caee72390c9035900c4bc3ca6fd4c", "cabf376ba19a4a16517e90634a99840e9cae1beef06acb76345d2b9ab8044c63", "f46104009added65d7622a12c6809376b91c961c61d41e28a968dd9d8d0a753a", "8f7da634dfe3e4d1b87ac3734b0a8d836bf24f1d33e8f23be498b3650810ff49", "80ff5f8e4de0eaf266d3e73f9c52493f48600c002c8d8fd4436a313a014c8f59", "226212f9681cd5f9b6151f046686c53756046ce97be058618f5c204ec737132e", "d2931fc8189d7f0fb35f82e8fa66d83252fe6d4f94d2a743f8ca45542ee0757f", "d810c0e503bebbbb290bf92d344800ed69addc978527e9f225c0bf60ed3abda5", "13f0e73aae7e5ca7e67e7090b9dc0a3041f0b23bca82d2d20d9e65ff95311602", "e44503145f269028e90c4b19261b99476c2e45d2cdc31fb572e77a8fb2b887c4", "279da584e4a1198650d2514b46ad1233c2b5af01019266ad2c2a708c5cd7b68b", "c5e91b0daea9146e0e45167e229d383a0afd2d46c3bbdeb7e9a50640565f87f6", "5fa6c3f4f614ea84f2b05c560c8325d662ead5f35569b0770bc250bd460f1637", "038d1de536eebac9f9d1279777ceb5375e9bdf26593d2e9cef0deaa85434b64d", "bd117c316ccc9e04c269949f569c5fc4fd163d2e8cab536053db9906799294ac", "503e5946bce935f1dfa54048131712b2607b4763f674436306b6d57bf24dc481", "101329685805850cb07f12c3021bd9f54a5e6b25654d10ca33f8f0e79c36b6b6", "9af21c1dc0084f10420edb915a7911edb316cf5f76455e6cb6fdbb93f938b0a4", "0fb2be0b70ded0d999f7ae0a7708d841b4cbaa80ed730dc5e5701daa257ccc5b"], "mitre_attack_tags": ["TA0011", "T1092"]}, {"bi": "created-executable-on-usb", "hashes": ["498a2f78716bf221a00c3414d1b9b5922b91ace212609e0811baf5fc49d60d26", "86cb16f05d0dc935474178ff425e2b44d1c25d93d998bdd8042cf9f13a9ceee0", "1413614442785cc2f832c0d6d9447506bf1caee72390c9035900c4bc3ca6fd4c", "cabf376ba19a4a16517e90634a99840e9cae1beef06acb76345d2b9ab8044c63", "f46104009added65d7622a12c6809376b91c961c61d41e28a968dd9d8d0a753a", "8f7da634dfe3e4d1b87ac3734b0a8d836bf24f1d33e8f23be498b3650810ff49", "80ff5f8e4de0eaf266d3e73f9c52493f48600c002c8d8fd4436a313a014c8f59", "226212f9681cd5f9b6151f046686c53756046ce97be058618f5c204ec737132e", "d2931fc8189d7f0fb35f82e8fa66d83252fe6d4f94d2a743f8ca45542ee0757f", "d810c0e503bebbbb290bf92d344800ed69addc978527e9f225c0bf60ed3abda5", "13f0e73aae7e5ca7e67e7090b9dc0a3041f0b23bca82d2d20d9e65ff95311602", "e44503145f269028e90c4b19261b99476c2e45d2cdc31fb572e77a8fb2b887c4", "279da584e4a1198650d2514b46ad1233c2b5af01019266ad2c2a708c5cd7b68b", "c5e91b0daea9146e0e45167e229d383a0afd2d46c3bbdeb7e9a50640565f87f6", "5fa6c3f4f614ea84f2b05c560c8325d662ead5f35569b0770bc250bd460f1637", "038d1de536eebac9f9d1279777ceb5375e9bdf26593d2e9cef0deaa85434b64d", "bd117c316ccc9e04c269949f569c5fc4fd163d2e8cab536053db9906799294ac", "503e5946bce935f1dfa54048131712b2607b4763f674436306b6d57bf24dc481", "101329685805850cb07f12c3021bd9f54a5e6b25654d10ca33f8f0e79c36b6b6", "9af21c1dc0084f10420edb915a7911edb316cf5f76455e6cb6fdbb93f938b0a4", "0fb2be0b70ded0d999f7ae0a7708d841b4cbaa80ed730dc5e5701daa257ccc5b"], "mitre_attack_tags": ["TA0001", "TA0008", "T1091"]}, {"bi": "sample-copied-to-usb", "hashes": ["498a2f78716bf221a00c3414d1b9b5922b91ace212609e0811baf5fc49d60d26", "86cb16f05d0dc935474178ff425e2b44d1c25d93d998bdd8042cf9f13a9ceee0", "1413614442785cc2f832c0d6d9447506bf1caee72390c9035900c4bc3ca6fd4c", "cabf376ba19a4a16517e90634a99840e9cae1beef06acb76345d2b9ab8044c63", "f46104009added65d7622a12c6809376b91c961c61d41e28a968dd9d8d0a753a", "8f7da634dfe3e4d1b87ac3734b0a8d836bf24f1d33e8f23be498b3650810ff49", "80ff5f8e4de0eaf266d3e73f9c52493f48600c002c8d8fd4436a313a014c8f59", "226212f9681cd5f9b6151f046686c53756046ce97be058618f5c204ec737132e", "d2931fc8189d7f0fb35f82e8fa66d83252fe6d4f94d2a743f8ca45542ee0757f", "d810c0e503bebbbb290bf92d344800ed69addc978527e9f225c0bf60ed3abda5", "13f0e73aae7e5ca7e67e7090b9dc0a3041f0b23bca82d2d20d9e65ff95311602", "e44503145f269028e90c4b19261b99476c2e45d2cdc31fb572e77a8fb2b887c4", "279da584e4a1198650d2514b46ad1233c2b5af01019266ad2c2a708c5cd7b68b", "c5e91b0daea9146e0e45167e229d383a0afd2d46c3bbdeb7e9a50640565f87f6", "5fa6c3f4f614ea84f2b05c560c8325d662ead5f35569b0770bc250bd460f1637", "038d1de536eebac9f9d1279777ceb5375e9bdf26593d2e9cef0deaa85434b64d", "bd117c316ccc9e04c269949f569c5fc4fd163d2e8cab536053db9906799294ac", "503e5946bce935f1dfa54048131712b2607b4763f674436306b6d57bf24dc481", "101329685805850cb07f12c3021bd9f54a5e6b25654d10ca33f8f0e79c36b6b6", "9af21c1dc0084f10420edb915a7911edb316cf5f76455e6cb6fdbb93f938b0a4", "0fb2be0b70ded0d999f7ae0a7708d841b4cbaa80ed730dc5e5701daa257ccc5b"], "mitre_attack_tags": ["TA0001", "TA0008", "T1091"]}, {"bi": "startup-folder-modification", "hashes": ["498a2f78716bf221a00c3414d1b9b5922b91ace212609e0811baf5fc49d60d26", "86cb16f05d0dc935474178ff425e2b44d1c25d93d998bdd8042cf9f13a9ceee0", "1413614442785cc2f832c0d6d9447506bf1caee72390c9035900c4bc3ca6fd4c", "cabf376ba19a4a16517e90634a99840e9cae1beef06acb76345d2b9ab8044c63", "f46104009added65d7622a12c6809376b91c961c61d41e28a968dd9d8d0a753a", "8f7da634dfe3e4d1b87ac3734b0a8d836bf24f1d33e8f23be498b3650810ff49", "80ff5f8e4de0eaf266d3e73f9c52493f48600c002c8d8fd4436a313a014c8f59", "226212f9681cd5f9b6151f046686c53756046ce97be058618f5c204ec737132e", "d2931fc8189d7f0fb35f82e8fa66d83252fe6d4f94d2a743f8ca45542ee0757f", "d810c0e503bebbbb290bf92d344800ed69addc978527e9f225c0bf60ed3abda5", "13f0e73aae7e5ca7e67e7090b9dc0a3041f0b23bca82d2d20d9e65ff95311602", "e44503145f269028e90c4b19261b99476c2e45d2cdc31fb572e77a8fb2b887c4", "279da584e4a1198650d2514b46ad1233c2b5af01019266ad2c2a708c5cd7b68b", "c5e91b0daea9146e0e45167e229d383a0afd2d46c3bbdeb7e9a50640565f87f6", "5fa6c3f4f614ea84f2b05c560c8325d662ead5f35569b0770bc250bd460f1637", "038d1de536eebac9f9d1279777ceb5375e9bdf26593d2e9cef0deaa85434b64d", "bd117c316ccc9e04c269949f569c5fc4fd163d2e8cab536053db9906799294ac", "503e5946bce935f1dfa54048131712b2607b4763f674436306b6d57bf24dc481", "101329685805850cb07f12c3021bd9f54a5e6b25654d10ca33f8f0e79c36b6b6", "9af21c1dc0084f10420edb915a7911edb316cf5f76455e6cb6fdbb93f938b0a4", "0fb2be0b70ded0d999f7ae0a7708d841b4cbaa80ed730dc5e5701daa257ccc5b"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "malware-trojan-phorpiex-registry-detected", "hashes": ["498a2f78716bf221a00c3414d1b9b5922b91ace212609e0811baf5fc49d60d26", "86cb16f05d0dc935474178ff425e2b44d1c25d93d998bdd8042cf9f13a9ceee0", "1413614442785cc2f832c0d6d9447506bf1caee72390c9035900c4bc3ca6fd4c", "cabf376ba19a4a16517e90634a99840e9cae1beef06acb76345d2b9ab8044c63", "f46104009added65d7622a12c6809376b91c961c61d41e28a968dd9d8d0a753a", "8f7da634dfe3e4d1b87ac3734b0a8d836bf24f1d33e8f23be498b3650810ff49", "80ff5f8e4de0eaf266d3e73f9c52493f48600c002c8d8fd4436a313a014c8f59", "226212f9681cd5f9b6151f046686c53756046ce97be058618f5c204ec737132e", "d2931fc8189d7f0fb35f82e8fa66d83252fe6d4f94d2a743f8ca45542ee0757f", "d810c0e503bebbbb290bf92d344800ed69addc978527e9f225c0bf60ed3abda5", "13f0e73aae7e5ca7e67e7090b9dc0a3041f0b23bca82d2d20d9e65ff95311602", "e44503145f269028e90c4b19261b99476c2e45d2cdc31fb572e77a8fb2b887c4", "279da584e4a1198650d2514b46ad1233c2b5af01019266ad2c2a708c5cd7b68b", "c5e91b0daea9146e0e45167e229d383a0afd2d46c3bbdeb7e9a50640565f87f6", "5fa6c3f4f614ea84f2b05c560c8325d662ead5f35569b0770bc250bd460f1637", "038d1de536eebac9f9d1279777ceb5375e9bdf26593d2e9cef0deaa85434b64d", "bd117c316ccc9e04c269949f569c5fc4fd163d2e8cab536053db9906799294ac", "503e5946bce935f1dfa54048131712b2607b4763f674436306b6d57bf24dc481", "101329685805850cb07f12c3021bd9f54a5e6b25654d10ca33f8f0e79c36b6b6", "9af21c1dc0084f10420edb915a7911edb316cf5f76455e6cb6fdbb93f938b0a4", "0fb2be0b70ded0d999f7ae0a7708d841b4cbaa80ed730dc5e5701daa257ccc5b"], "mitre_attack_tags": []}, {"bi": "artifact-lnk-calls-cmd", "hashes": ["498a2f78716bf221a00c3414d1b9b5922b91ace212609e0811baf5fc49d60d26", "86cb16f05d0dc935474178ff425e2b44d1c25d93d998bdd8042cf9f13a9ceee0", "1413614442785cc2f832c0d6d9447506bf1caee72390c9035900c4bc3ca6fd4c", "cabf376ba19a4a16517e90634a99840e9cae1beef06acb76345d2b9ab8044c63", "f46104009added65d7622a12c6809376b91c961c61d41e28a968dd9d8d0a753a", "8f7da634dfe3e4d1b87ac3734b0a8d836bf24f1d33e8f23be498b3650810ff49", "80ff5f8e4de0eaf266d3e73f9c52493f48600c002c8d8fd4436a313a014c8f59", "226212f9681cd5f9b6151f046686c53756046ce97be058618f5c204ec737132e", "d2931fc8189d7f0fb35f82e8fa66d83252fe6d4f94d2a743f8ca45542ee0757f", "d810c0e503bebbbb290bf92d344800ed69addc978527e9f225c0bf60ed3abda5", "13f0e73aae7e5ca7e67e7090b9dc0a3041f0b23bca82d2d20d9e65ff95311602", "e44503145f269028e90c4b19261b99476c2e45d2cdc31fb572e77a8fb2b887c4", "279da584e4a1198650d2514b46ad1233c2b5af01019266ad2c2a708c5cd7b68b", "c5e91b0daea9146e0e45167e229d383a0afd2d46c3bbdeb7e9a50640565f87f6", "5fa6c3f4f614ea84f2b05c560c8325d662ead5f35569b0770bc250bd460f1637", "038d1de536eebac9f9d1279777ceb5375e9bdf26593d2e9cef0deaa85434b64d", "bd117c316ccc9e04c269949f569c5fc4fd163d2e8cab536053db9906799294ac", "503e5946bce935f1dfa54048131712b2607b4763f674436306b6d57bf24dc481", "101329685805850cb07f12c3021bd9f54a5e6b25654d10ca33f8f0e79c36b6b6", "9af21c1dc0084f10420edb915a7911edb316cf5f76455e6cb6fdbb93f938b0a4", "0fb2be0b70ded0d999f7ae0a7708d841b4cbaa80ed730dc5e5701daa257ccc5b"], "mitre_attack_tags": ["TA0002", "T1059"]}, {"bi": "artifact-lnk-calls-cmd-exit", "hashes": ["498a2f78716bf221a00c3414d1b9b5922b91ace212609e0811baf5fc49d60d26", "86cb16f05d0dc935474178ff425e2b44d1c25d93d998bdd8042cf9f13a9ceee0", "1413614442785cc2f832c0d6d9447506bf1caee72390c9035900c4bc3ca6fd4c", "cabf376ba19a4a16517e90634a99840e9cae1beef06acb76345d2b9ab8044c63", "f46104009added65d7622a12c6809376b91c961c61d41e28a968dd9d8d0a753a", "8f7da634dfe3e4d1b87ac3734b0a8d836bf24f1d33e8f23be498b3650810ff49", "80ff5f8e4de0eaf266d3e73f9c52493f48600c002c8d8fd4436a313a014c8f59", "226212f9681cd5f9b6151f046686c53756046ce97be058618f5c204ec737132e", "d2931fc8189d7f0fb35f82e8fa66d83252fe6d4f94d2a743f8ca45542ee0757f", "d810c0e503bebbbb290bf92d344800ed69addc978527e9f225c0bf60ed3abda5", "13f0e73aae7e5ca7e67e7090b9dc0a3041f0b23bca82d2d20d9e65ff95311602", "e44503145f269028e90c4b19261b99476c2e45d2cdc31fb572e77a8fb2b887c4", "279da584e4a1198650d2514b46ad1233c2b5af01019266ad2c2a708c5cd7b68b", "c5e91b0daea9146e0e45167e229d383a0afd2d46c3bbdeb7e9a50640565f87f6", "5fa6c3f4f614ea84f2b05c560c8325d662ead5f35569b0770bc250bd460f1637", "038d1de536eebac9f9d1279777ceb5375e9bdf26593d2e9cef0deaa85434b64d", "bd117c316ccc9e04c269949f569c5fc4fd163d2e8cab536053db9906799294ac", "503e5946bce935f1dfa54048131712b2607b4763f674436306b6d57bf24dc481", "101329685805850cb07f12c3021bd9f54a5e6b25654d10ca33f8f0e79c36b6b6", "9af21c1dc0084f10420edb915a7911edb316cf5f76455e6cb6fdbb93f938b0a4", "0fb2be0b70ded0d999f7ae0a7708d841b4cbaa80ed730dc5e5701daa257ccc5b"], "mitre_attack_tags": ["TA0002", "T1059"]}, {"bi": "registry-systemrestore-disabled", "hashes": ["498a2f78716bf221a00c3414d1b9b5922b91ace212609e0811baf5fc49d60d26", "86cb16f05d0dc935474178ff425e2b44d1c25d93d998bdd8042cf9f13a9ceee0", "1413614442785cc2f832c0d6d9447506bf1caee72390c9035900c4bc3ca6fd4c", "cabf376ba19a4a16517e90634a99840e9cae1beef06acb76345d2b9ab8044c63", "f46104009added65d7622a12c6809376b91c961c61d41e28a968dd9d8d0a753a", "8f7da634dfe3e4d1b87ac3734b0a8d836bf24f1d33e8f23be498b3650810ff49", "80ff5f8e4de0eaf266d3e73f9c52493f48600c002c8d8fd4436a313a014c8f59", "226212f9681cd5f9b6151f046686c53756046ce97be058618f5c204ec737132e", "d2931fc8189d7f0fb35f82e8fa66d83252fe6d4f94d2a743f8ca45542ee0757f", "d810c0e503bebbbb290bf92d344800ed69addc978527e9f225c0bf60ed3abda5", "13f0e73aae7e5ca7e67e7090b9dc0a3041f0b23bca82d2d20d9e65ff95311602", "e44503145f269028e90c4b19261b99476c2e45d2cdc31fb572e77a8fb2b887c4", "279da584e4a1198650d2514b46ad1233c2b5af01019266ad2c2a708c5cd7b68b", "c5e91b0daea9146e0e45167e229d383a0afd2d46c3bbdeb7e9a50640565f87f6", "5fa6c3f4f614ea84f2b05c560c8325d662ead5f35569b0770bc250bd460f1637", "038d1de536eebac9f9d1279777ceb5375e9bdf26593d2e9cef0deaa85434b64d", "bd117c316ccc9e04c269949f569c5fc4fd163d2e8cab536053db9906799294ac", "503e5946bce935f1dfa54048131712b2607b4763f674436306b6d57bf24dc481", "101329685805850cb07f12c3021bd9f54a5e6b25654d10ca33f8f0e79c36b6b6", "9af21c1dc0084f10420edb915a7911edb316cf5f76455e6cb6fdbb93f938b0a4", "0fb2be0b70ded0d999f7ae0a7708d841b4cbaa80ed730dc5e5701daa257ccc5b"], "mitre_attack_tags": ["TA0040", "T1490"]}, {"bi": "disables-security-center-notifications", "hashes": ["498a2f78716bf221a00c3414d1b9b5922b91ace212609e0811baf5fc49d60d26", "86cb16f05d0dc935474178ff425e2b44d1c25d93d998bdd8042cf9f13a9ceee0", "1413614442785cc2f832c0d6d9447506bf1caee72390c9035900c4bc3ca6fd4c", "cabf376ba19a4a16517e90634a99840e9cae1beef06acb76345d2b9ab8044c63", "f46104009added65d7622a12c6809376b91c961c61d41e28a968dd9d8d0a753a", "8f7da634dfe3e4d1b87ac3734b0a8d836bf24f1d33e8f23be498b3650810ff49", "80ff5f8e4de0eaf266d3e73f9c52493f48600c002c8d8fd4436a313a014c8f59", "226212f9681cd5f9b6151f046686c53756046ce97be058618f5c204ec737132e", "d2931fc8189d7f0fb35f82e8fa66d83252fe6d4f94d2a743f8ca45542ee0757f", "d810c0e503bebbbb290bf92d344800ed69addc978527e9f225c0bf60ed3abda5", "13f0e73aae7e5ca7e67e7090b9dc0a3041f0b23bca82d2d20d9e65ff95311602", "e44503145f269028e90c4b19261b99476c2e45d2cdc31fb572e77a8fb2b887c4", "279da584e4a1198650d2514b46ad1233c2b5af01019266ad2c2a708c5cd7b68b", "c5e91b0daea9146e0e45167e229d383a0afd2d46c3bbdeb7e9a50640565f87f6", "5fa6c3f4f614ea84f2b05c560c8325d662ead5f35569b0770bc250bd460f1637", "038d1de536eebac9f9d1279777ceb5375e9bdf26593d2e9cef0deaa85434b64d", "bd117c316ccc9e04c269949f569c5fc4fd163d2e8cab536053db9906799294ac", "503e5946bce935f1dfa54048131712b2607b4763f674436306b6d57bf24dc481", "101329685805850cb07f12c3021bd9f54a5e6b25654d10ca33f8f0e79c36b6b6", "9af21c1dc0084f10420edb915a7911edb316cf5f76455e6cb6fdbb93f938b0a4", "0fb2be0b70ded0d999f7ae0a7708d841b4cbaa80ed730dc5e5701daa257ccc5b"], "mitre_attack_tags": ["TA0005", "T1562"]}, {"bi": "process-override-security-center-monitoring", "hashes": ["498a2f78716bf221a00c3414d1b9b5922b91ace212609e0811baf5fc49d60d26", "86cb16f05d0dc935474178ff425e2b44d1c25d93d998bdd8042cf9f13a9ceee0", "1413614442785cc2f832c0d6d9447506bf1caee72390c9035900c4bc3ca6fd4c", "cabf376ba19a4a16517e90634a99840e9cae1beef06acb76345d2b9ab8044c63", "f46104009added65d7622a12c6809376b91c961c61d41e28a968dd9d8d0a753a", "8f7da634dfe3e4d1b87ac3734b0a8d836bf24f1d33e8f23be498b3650810ff49", "80ff5f8e4de0eaf266d3e73f9c52493f48600c002c8d8fd4436a313a014c8f59", "226212f9681cd5f9b6151f046686c53756046ce97be058618f5c204ec737132e", "d2931fc8189d7f0fb35f82e8fa66d83252fe6d4f94d2a743f8ca45542ee0757f", "d810c0e503bebbbb290bf92d344800ed69addc978527e9f225c0bf60ed3abda5", "13f0e73aae7e5ca7e67e7090b9dc0a3041f0b23bca82d2d20d9e65ff95311602", "e44503145f269028e90c4b19261b99476c2e45d2cdc31fb572e77a8fb2b887c4", "279da584e4a1198650d2514b46ad1233c2b5af01019266ad2c2a708c5cd7b68b", "c5e91b0daea9146e0e45167e229d383a0afd2d46c3bbdeb7e9a50640565f87f6", "5fa6c3f4f614ea84f2b05c560c8325d662ead5f35569b0770bc250bd460f1637", "038d1de536eebac9f9d1279777ceb5375e9bdf26593d2e9cef0deaa85434b64d", "bd117c316ccc9e04c269949f569c5fc4fd163d2e8cab536053db9906799294ac", "503e5946bce935f1dfa54048131712b2607b4763f674436306b6d57bf24dc481", "101329685805850cb07f12c3021bd9f54a5e6b25654d10ca33f8f0e79c36b6b6", "9af21c1dc0084f10420edb915a7911edb316cf5f76455e6cb6fdbb93f938b0a4", "0fb2be0b70ded0d999f7ae0a7708d841b4cbaa80ed730dc5e5701daa257ccc5b"], "mitre_attack_tags": ["TA0005", "T1562"]}, {"bi": "process-with-excessive-children", "hashes": ["498a2f78716bf221a00c3414d1b9b5922b91ace212609e0811baf5fc49d60d26", "86cb16f05d0dc935474178ff425e2b44d1c25d93d998bdd8042cf9f13a9ceee0", "1413614442785cc2f832c0d6d9447506bf1caee72390c9035900c4bc3ca6fd4c", "cabf376ba19a4a16517e90634a99840e9cae1beef06acb76345d2b9ab8044c63", "f46104009added65d7622a12c6809376b91c961c61d41e28a968dd9d8d0a753a", "8f7da634dfe3e4d1b87ac3734b0a8d836bf24f1d33e8f23be498b3650810ff49", "80ff5f8e4de0eaf266d3e73f9c52493f48600c002c8d8fd4436a313a014c8f59", "226212f9681cd5f9b6151f046686c53756046ce97be058618f5c204ec737132e", "d2931fc8189d7f0fb35f82e8fa66d83252fe6d4f94d2a743f8ca45542ee0757f", "d810c0e503bebbbb290bf92d344800ed69addc978527e9f225c0bf60ed3abda5", "13f0e73aae7e5ca7e67e7090b9dc0a3041f0b23bca82d2d20d9e65ff95311602", "e44503145f269028e90c4b19261b99476c2e45d2cdc31fb572e77a8fb2b887c4", "279da584e4a1198650d2514b46ad1233c2b5af01019266ad2c2a708c5cd7b68b", "c5e91b0daea9146e0e45167e229d383a0afd2d46c3bbdeb7e9a50640565f87f6", "5fa6c3f4f614ea84f2b05c560c8325d662ead5f35569b0770bc250bd460f1637", "038d1de536eebac9f9d1279777ceb5375e9bdf26593d2e9cef0deaa85434b64d", "bd117c316ccc9e04c269949f569c5fc4fd163d2e8cab536053db9906799294ac", "503e5946bce935f1dfa54048131712b2607b4763f674436306b6d57bf24dc481", "101329685805850cb07f12c3021bd9f54a5e6b25654d10ca33f8f0e79c36b6b6", "9af21c1dc0084f10420edb915a7911edb316cf5f76455e6cb6fdbb93f938b0a4", "0fb2be0b70ded0d999f7ae0a7708d841b4cbaa80ed730dc5e5701daa257ccc5b"], "mitre_attack_tags": ["TA0005"]}, {"bi": "pe-resource-lang-chinese", "hashes": ["498a2f78716bf221a00c3414d1b9b5922b91ace212609e0811baf5fc49d60d26", "86cb16f05d0dc935474178ff425e2b44d1c25d93d998bdd8042cf9f13a9ceee0", "1413614442785cc2f832c0d6d9447506bf1caee72390c9035900c4bc3ca6fd4c", "cabf376ba19a4a16517e90634a99840e9cae1beef06acb76345d2b9ab8044c63", "f46104009added65d7622a12c6809376b91c961c61d41e28a968dd9d8d0a753a", "8f7da634dfe3e4d1b87ac3734b0a8d836bf24f1d33e8f23be498b3650810ff49", "80ff5f8e4de0eaf266d3e73f9c52493f48600c002c8d8fd4436a313a014c8f59", "226212f9681cd5f9b6151f046686c53756046ce97be058618f5c204ec737132e", "d2931fc8189d7f0fb35f82e8fa66d83252fe6d4f94d2a743f8ca45542ee0757f", "d810c0e503bebbbb290bf92d344800ed69addc978527e9f225c0bf60ed3abda5", "e44503145f269028e90c4b19261b99476c2e45d2cdc31fb572e77a8fb2b887c4", "279da584e4a1198650d2514b46ad1233c2b5af01019266ad2c2a708c5cd7b68b", "c5e91b0daea9146e0e45167e229d383a0afd2d46c3bbdeb7e9a50640565f87f6", "5fa6c3f4f614ea84f2b05c560c8325d662ead5f35569b0770bc250bd460f1637", "038d1de536eebac9f9d1279777ceb5375e9bdf26593d2e9cef0deaa85434b64d", "bd117c316ccc9e04c269949f569c5fc4fd163d2e8cab536053db9906799294ac", "503e5946bce935f1dfa54048131712b2607b4763f674436306b6d57bf24dc481", "101329685805850cb07f12c3021bd9f54a5e6b25654d10ca33f8f0e79c36b6b6", "9af21c1dc0084f10420edb915a7911edb316cf5f76455e6cb6fdbb93f938b0a4", "0fb2be0b70ded0d999f7ae0a7708d841b4cbaa80ed730dc5e5701daa257ccc5b"], "mitre_attack_tags": []}, {"bi": "network-fast-flux-domain", "hashes": ["cabf376ba19a4a16517e90634a99840e9cae1beef06acb76345d2b9ab8044c63", "038d1de536eebac9f9d1279777ceb5375e9bdf26593d2e9cef0deaa85434b64d", "101329685805850cb07f12c3021bd9f54a5e6b25654d10ca33f8f0e79c36b6b6", "0fb2be0b70ded0d999f7ae0a7708d841b4cbaa80ed730dc5e5701daa257ccc5b"], "mitre_attack_tags": []}, {"bi": "nginx-webserver-detected", "hashes": ["cabf376ba19a4a16517e90634a99840e9cae1beef06acb76345d2b9ab8044c63", "0fb2be0b70ded0d999f7ae0a7708d841b4cbaa80ed730dc5e5701daa257ccc5b"], "mitre_attack_tags": []}, {"bi": "network-communications-http-get", "hashes": ["cabf376ba19a4a16517e90634a99840e9cae1beef06acb76345d2b9ab8044c63", "0fb2be0b70ded0d999f7ae0a7708d841b4cbaa80ed730dc5e5701daa257ccc5b"], "mitre_attack_tags": ["TA0011", "T1105"]}, {"bi": "network-snort-indicator-compromise", "hashes": ["cabf376ba19a4a16517e90634a99840e9cae1beef06acb76345d2b9ab8044c63", "0fb2be0b70ded0d999f7ae0a7708d841b4cbaa80ed730dc5e5701daa257ccc5b"], "mitre_attack_tags": []}, {"bi": "http-response-redirect", "hashes": ["cabf376ba19a4a16517e90634a99840e9cae1beef06acb76345d2b9ab8044c63", "0fb2be0b70ded0d999f7ae0a7708d841b4cbaa80ed730dc5e5701daa257ccc5b"], "mitre_attack_tags": []}, {"bi": "pe-invalid-checksum", "hashes": ["9af21c1dc0084f10420edb915a7911edb316cf5f76455e6cb6fdbb93f938b0a4"], "mitre_attack_tags": []}], "category": "Packed", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": true, "Threat Grid": true, "Umbrella": false, "WSA": false}, "description": "Phorpiex is a trojan and worm that infects machines to deliver follow-on malware. Phorpiex has been known to drop a wide range of payloads, from malware to send spam emails to ransomware and cryptocurrency miners.", "hashes": ["038d1de536eebac9f9d1279777ceb5375e9bdf26593d2e9cef0deaa85434b64d", "0fb2be0b70ded0d999f7ae0a7708d841b4cbaa80ed730dc5e5701daa257ccc5b", "101329685805850cb07f12c3021bd9f54a5e6b25654d10ca33f8f0e79c36b6b6", "13f0e73aae7e5ca7e67e7090b9dc0a3041f0b23bca82d2d20d9e65ff95311602", "1413614442785cc2f832c0d6d9447506bf1caee72390c9035900c4bc3ca6fd4c", "226212f9681cd5f9b6151f046686c53756046ce97be058618f5c204ec737132e", "279da584e4a1198650d2514b46ad1233c2b5af01019266ad2c2a708c5cd7b68b", "3658f60cd1594dd2d60e76cc872b8d105ad0248ae20d36c4ffa43433ffcaede8", "498a2f78716bf221a00c3414d1b9b5922b91ace212609e0811baf5fc49d60d26", "4cc2ff08f85a2c6b4f64f6f47e6bf618b84cd4026413f794c0ad307eef0db417", "503e5946bce935f1dfa54048131712b2607b4763f674436306b6d57bf24dc481", "5fa6c3f4f614ea84f2b05c560c8325d662ead5f35569b0770bc250bd460f1637", "77683ea7b4c6ef401e70cad1eef6651b66a3a170b7858a26bfac8bbe4605ed2b", "80ff5f8e4de0eaf266d3e73f9c52493f48600c002c8d8fd4436a313a014c8f59", "86cb16f05d0dc935474178ff425e2b44d1c25d93d998bdd8042cf9f13a9ceee0", "8f7da634dfe3e4d1b87ac3734b0a8d836bf24f1d33e8f23be498b3650810ff49", "9af21c1dc0084f10420edb915a7911edb316cf5f76455e6cb6fdbb93f938b0a4", "bd117c316ccc9e04c269949f569c5fc4fd163d2e8cab536053db9906799294ac", "c5e91b0daea9146e0e45167e229d383a0afd2d46c3bbdeb7e9a50640565f87f6", "cabf376ba19a4a16517e90634a99840e9cae1beef06acb76345d2b9ab8044c63", "d2931fc8189d7f0fb35f82e8fa66d83252fe6d4f94d2a743f8ca45542ee0757f", "d810c0e503bebbbb290bf92d344800ed69addc978527e9f225c0bf60ed3abda5", "e44503145f269028e90c4b19261b99476c2e45d2cdc31fb572e77a8fb2b887c4", "f46104009added65d7622a12c6809376b91c961c61d41e28a968dd9d8d0a753a"], "iocs": {"domain": [{"hashes": ["038d1de536eebac9f9d1279777ceb5375e9bdf26593d2e9cef0deaa85434b64d", "0fb2be0b70ded0d999f7ae0a7708d841b4cbaa80ed730dc5e5701daa257ccc5b", "101329685805850cb07f12c3021bd9f54a5e6b25654d10ca33f8f0e79c36b6b6", "cabf376ba19a4a16517e90634a99840e9cae1beef06acb76345d2b9ab8044c63"], "host": "rghirgsrogrshggir[.]ru"}], "file": [{"hashes": ["038d1de536eebac9f9d1279777ceb5375e9bdf26593d2e9cef0deaa85434b64d", "0fb2be0b70ded0d999f7ae0a7708d841b4cbaa80ed730dc5e5701daa257ccc5b", "101329685805850cb07f12c3021bd9f54a5e6b25654d10ca33f8f0e79c36b6b6", "13f0e73aae7e5ca7e67e7090b9dc0a3041f0b23bca82d2d20d9e65ff95311602", "1413614442785cc2f832c0d6d9447506bf1caee72390c9035900c4bc3ca6fd4c", "226212f9681cd5f9b6151f046686c53756046ce97be058618f5c204ec737132e", "279da584e4a1198650d2514b46ad1233c2b5af01019266ad2c2a708c5cd7b68b", "498a2f78716bf221a00c3414d1b9b5922b91ace212609e0811baf5fc49d60d26", "503e5946bce935f1dfa54048131712b2607b4763f674436306b6d57bf24dc481", "5fa6c3f4f614ea84f2b05c560c8325d662ead5f35569b0770bc250bd460f1637", "77683ea7b4c6ef401e70cad1eef6651b66a3a170b7858a26bfac8bbe4605ed2b", "80ff5f8e4de0eaf266d3e73f9c52493f48600c002c8d8fd4436a313a014c8f59", "86cb16f05d0dc935474178ff425e2b44d1c25d93d998bdd8042cf9f13a9ceee0", "8f7da634dfe3e4d1b87ac3734b0a8d836bf24f1d33e8f23be498b3650810ff49", "9af21c1dc0084f10420edb915a7911edb316cf5f76455e6cb6fdbb93f938b0a4", "bd117c316ccc9e04c269949f569c5fc4fd163d2e8cab536053db9906799294ac", "c5e91b0daea9146e0e45167e229d383a0afd2d46c3bbdeb7e9a50640565f87f6", "cabf376ba19a4a16517e90634a99840e9cae1beef06acb76345d2b9ab8044c63", "d2931fc8189d7f0fb35f82e8fa66d83252fe6d4f94d2a743f8ca45542ee0757f", "d810c0e503bebbbb290bf92d344800ed69addc978527e9f225c0bf60ed3abda5", "e44503145f269028e90c4b19261b99476c2e45d2cdc31fb572e77a8fb2b887c4", "f46104009added65d7622a12c6809376b91c961c61d41e28a968dd9d8d0a753a"], "path": "%ProgramData%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\winsvcmgrcfg.exe"}, {"hashes": ["038d1de536eebac9f9d1279777ceb5375e9bdf26593d2e9cef0deaa85434b64d", "0fb2be0b70ded0d999f7ae0a7708d841b4cbaa80ed730dc5e5701daa257ccc5b", "101329685805850cb07f12c3021bd9f54a5e6b25654d10ca33f8f0e79c36b6b6", "13f0e73aae7e5ca7e67e7090b9dc0a3041f0b23bca82d2d20d9e65ff95311602", "1413614442785cc2f832c0d6d9447506bf1caee72390c9035900c4bc3ca6fd4c", "226212f9681cd5f9b6151f046686c53756046ce97be058618f5c204ec737132e", "279da584e4a1198650d2514b46ad1233c2b5af01019266ad2c2a708c5cd7b68b", "498a2f78716bf221a00c3414d1b9b5922b91ace212609e0811baf5fc49d60d26", "503e5946bce935f1dfa54048131712b2607b4763f674436306b6d57bf24dc481", "5fa6c3f4f614ea84f2b05c560c8325d662ead5f35569b0770bc250bd460f1637", "77683ea7b4c6ef401e70cad1eef6651b66a3a170b7858a26bfac8bbe4605ed2b", "80ff5f8e4de0eaf266d3e73f9c52493f48600c002c8d8fd4436a313a014c8f59", "86cb16f05d0dc935474178ff425e2b44d1c25d93d998bdd8042cf9f13a9ceee0", "8f7da634dfe3e4d1b87ac3734b0a8d836bf24f1d33e8f23be498b3650810ff49", "9af21c1dc0084f10420edb915a7911edb316cf5f76455e6cb6fdbb93f938b0a4", "bd117c316ccc9e04c269949f569c5fc4fd163d2e8cab536053db9906799294ac", "c5e91b0daea9146e0e45167e229d383a0afd2d46c3bbdeb7e9a50640565f87f6", "cabf376ba19a4a16517e90634a99840e9cae1beef06acb76345d2b9ab8044c63", "d2931fc8189d7f0fb35f82e8fa66d83252fe6d4f94d2a743f8ca45542ee0757f", "d810c0e503bebbbb290bf92d344800ed69addc978527e9f225c0bf60ed3abda5", "e44503145f269028e90c4b19261b99476c2e45d2cdc31fb572e77a8fb2b887c4", "f46104009added65d7622a12c6809376b91c961c61d41e28a968dd9d8d0a753a"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\StartUp\\winupdsvcs.exe"}, {"hashes": ["038d1de536eebac9f9d1279777ceb5375e9bdf26593d2e9cef0deaa85434b64d", "0fb2be0b70ded0d999f7ae0a7708d841b4cbaa80ed730dc5e5701daa257ccc5b", "101329685805850cb07f12c3021bd9f54a5e6b25654d10ca33f8f0e79c36b6b6", "13f0e73aae7e5ca7e67e7090b9dc0a3041f0b23bca82d2d20d9e65ff95311602", "1413614442785cc2f832c0d6d9447506bf1caee72390c9035900c4bc3ca6fd4c", "226212f9681cd5f9b6151f046686c53756046ce97be058618f5c204ec737132e", "279da584e4a1198650d2514b46ad1233c2b5af01019266ad2c2a708c5cd7b68b", "498a2f78716bf221a00c3414d1b9b5922b91ace212609e0811baf5fc49d60d26", "503e5946bce935f1dfa54048131712b2607b4763f674436306b6d57bf24dc481", "5fa6c3f4f614ea84f2b05c560c8325d662ead5f35569b0770bc250bd460f1637", "77683ea7b4c6ef401e70cad1eef6651b66a3a170b7858a26bfac8bbe4605ed2b", "80ff5f8e4de0eaf266d3e73f9c52493f48600c002c8d8fd4436a313a014c8f59", "86cb16f05d0dc935474178ff425e2b44d1c25d93d998bdd8042cf9f13a9ceee0", "8f7da634dfe3e4d1b87ac3734b0a8d836bf24f1d33e8f23be498b3650810ff49", "9af21c1dc0084f10420edb915a7911edb316cf5f76455e6cb6fdbb93f938b0a4", "bd117c316ccc9e04c269949f569c5fc4fd163d2e8cab536053db9906799294ac", "c5e91b0daea9146e0e45167e229d383a0afd2d46c3bbdeb7e9a50640565f87f6", "cabf376ba19a4a16517e90634a99840e9cae1beef06acb76345d2b9ab8044c63", "d2931fc8189d7f0fb35f82e8fa66d83252fe6d4f94d2a743f8ca45542ee0757f", "d810c0e503bebbbb290bf92d344800ed69addc978527e9f225c0bf60ed3abda5", "e44503145f269028e90c4b19261b99476c2e45d2cdc31fb572e77a8fb2b887c4", "f46104009added65d7622a12c6809376b91c961c61d41e28a968dd9d8d0a753a"], "path": "%SystemRoot%\\60804350607050\\winsvcs.exe"}, {"hashes": ["038d1de536eebac9f9d1279777ceb5375e9bdf26593d2e9cef0deaa85434b64d", "0fb2be0b70ded0d999f7ae0a7708d841b4cbaa80ed730dc5e5701daa257ccc5b", "101329685805850cb07f12c3021bd9f54a5e6b25654d10ca33f8f0e79c36b6b6", "13f0e73aae7e5ca7e67e7090b9dc0a3041f0b23bca82d2d20d9e65ff95311602", "1413614442785cc2f832c0d6d9447506bf1caee72390c9035900c4bc3ca6fd4c", "226212f9681cd5f9b6151f046686c53756046ce97be058618f5c204ec737132e", "279da584e4a1198650d2514b46ad1233c2b5af01019266ad2c2a708c5cd7b68b", "498a2f78716bf221a00c3414d1b9b5922b91ace212609e0811baf5fc49d60d26", "503e5946bce935f1dfa54048131712b2607b4763f674436306b6d57bf24dc481", "5fa6c3f4f614ea84f2b05c560c8325d662ead5f35569b0770bc250bd460f1637", "80ff5f8e4de0eaf266d3e73f9c52493f48600c002c8d8fd4436a313a014c8f59", "86cb16f05d0dc935474178ff425e2b44d1c25d93d998bdd8042cf9f13a9ceee0", "8f7da634dfe3e4d1b87ac3734b0a8d836bf24f1d33e8f23be498b3650810ff49", "9af21c1dc0084f10420edb915a7911edb316cf5f76455e6cb6fdbb93f938b0a4", "bd117c316ccc9e04c269949f569c5fc4fd163d2e8cab536053db9906799294ac", "c5e91b0daea9146e0e45167e229d383a0afd2d46c3bbdeb7e9a50640565f87f6", "cabf376ba19a4a16517e90634a99840e9cae1beef06acb76345d2b9ab8044c63", "d2931fc8189d7f0fb35f82e8fa66d83252fe6d4f94d2a743f8ca45542ee0757f", "d810c0e503bebbbb290bf92d344800ed69addc978527e9f225c0bf60ed3abda5", "e44503145f269028e90c4b19261b99476c2e45d2cdc31fb572e77a8fb2b887c4", "f46104009added65d7622a12c6809376b91c961c61d41e28a968dd9d8d0a753a"], "path": "\\_\\DeviceManager.exe"}, {"hashes": ["038d1de536eebac9f9d1279777ceb5375e9bdf26593d2e9cef0deaa85434b64d", "0fb2be0b70ded0d999f7ae0a7708d841b4cbaa80ed730dc5e5701daa257ccc5b", "101329685805850cb07f12c3021bd9f54a5e6b25654d10ca33f8f0e79c36b6b6", "13f0e73aae7e5ca7e67e7090b9dc0a3041f0b23bca82d2d20d9e65ff95311602", "1413614442785cc2f832c0d6d9447506bf1caee72390c9035900c4bc3ca6fd4c", "226212f9681cd5f9b6151f046686c53756046ce97be058618f5c204ec737132e", "279da584e4a1198650d2514b46ad1233c2b5af01019266ad2c2a708c5cd7b68b", "498a2f78716bf221a00c3414d1b9b5922b91ace212609e0811baf5fc49d60d26", "503e5946bce935f1dfa54048131712b2607b4763f674436306b6d57bf24dc481", "5fa6c3f4f614ea84f2b05c560c8325d662ead5f35569b0770bc250bd460f1637", "80ff5f8e4de0eaf266d3e73f9c52493f48600c002c8d8fd4436a313a014c8f59", "86cb16f05d0dc935474178ff425e2b44d1c25d93d998bdd8042cf9f13a9ceee0", "8f7da634dfe3e4d1b87ac3734b0a8d836bf24f1d33e8f23be498b3650810ff49", "9af21c1dc0084f10420edb915a7911edb316cf5f76455e6cb6fdbb93f938b0a4", "bd117c316ccc9e04c269949f569c5fc4fd163d2e8cab536053db9906799294ac", "c5e91b0daea9146e0e45167e229d383a0afd2d46c3bbdeb7e9a50640565f87f6", "cabf376ba19a4a16517e90634a99840e9cae1beef06acb76345d2b9ab8044c63", "d2931fc8189d7f0fb35f82e8fa66d83252fe6d4f94d2a743f8ca45542ee0757f", "d810c0e503bebbbb290bf92d344800ed69addc978527e9f225c0bf60ed3abda5", "e44503145f269028e90c4b19261b99476c2e45d2cdc31fb572e77a8fb2b887c4", "f46104009added65d7622a12c6809376b91c961c61d41e28a968dd9d8d0a753a"], "path": "\\.lnk"}, {"hashes": ["038d1de536eebac9f9d1279777ceb5375e9bdf26593d2e9cef0deaa85434b64d", "0fb2be0b70ded0d999f7ae0a7708d841b4cbaa80ed730dc5e5701daa257ccc5b", "101329685805850cb07f12c3021bd9f54a5e6b25654d10ca33f8f0e79c36b6b6", "13f0e73aae7e5ca7e67e7090b9dc0a3041f0b23bca82d2d20d9e65ff95311602", "1413614442785cc2f832c0d6d9447506bf1caee72390c9035900c4bc3ca6fd4c", "226212f9681cd5f9b6151f046686c53756046ce97be058618f5c204ec737132e", "279da584e4a1198650d2514b46ad1233c2b5af01019266ad2c2a708c5cd7b68b", "498a2f78716bf221a00c3414d1b9b5922b91ace212609e0811baf5fc49d60d26", "503e5946bce935f1dfa54048131712b2607b4763f674436306b6d57bf24dc481", "5fa6c3f4f614ea84f2b05c560c8325d662ead5f35569b0770bc250bd460f1637", "80ff5f8e4de0eaf266d3e73f9c52493f48600c002c8d8fd4436a313a014c8f59", "86cb16f05d0dc935474178ff425e2b44d1c25d93d998bdd8042cf9f13a9ceee0", "8f7da634dfe3e4d1b87ac3734b0a8d836bf24f1d33e8f23be498b3650810ff49", "9af21c1dc0084f10420edb915a7911edb316cf5f76455e6cb6fdbb93f938b0a4", "bd117c316ccc9e04c269949f569c5fc4fd163d2e8cab536053db9906799294ac", "c5e91b0daea9146e0e45167e229d383a0afd2d46c3bbdeb7e9a50640565f87f6", "cabf376ba19a4a16517e90634a99840e9cae1beef06acb76345d2b9ab8044c63", "d2931fc8189d7f0fb35f82e8fa66d83252fe6d4f94d2a743f8ca45542ee0757f", "d810c0e503bebbbb290bf92d344800ed69addc978527e9f225c0bf60ed3abda5", "e44503145f269028e90c4b19261b99476c2e45d2cdc31fb572e77a8fb2b887c4", "f46104009added65d7622a12c6809376b91c961c61d41e28a968dd9d8d0a753a"], "path": "E:\\.lnk"}, {"hashes": ["038d1de536eebac9f9d1279777ceb5375e9bdf26593d2e9cef0deaa85434b64d", "0fb2be0b70ded0d999f7ae0a7708d841b4cbaa80ed730dc5e5701daa257ccc5b", "101329685805850cb07f12c3021bd9f54a5e6b25654d10ca33f8f0e79c36b6b6", "13f0e73aae7e5ca7e67e7090b9dc0a3041f0b23bca82d2d20d9e65ff95311602", "1413614442785cc2f832c0d6d9447506bf1caee72390c9035900c4bc3ca6fd4c", "226212f9681cd5f9b6151f046686c53756046ce97be058618f5c204ec737132e", "279da584e4a1198650d2514b46ad1233c2b5af01019266ad2c2a708c5cd7b68b", "498a2f78716bf221a00c3414d1b9b5922b91ace212609e0811baf5fc49d60d26", "503e5946bce935f1dfa54048131712b2607b4763f674436306b6d57bf24dc481", "5fa6c3f4f614ea84f2b05c560c8325d662ead5f35569b0770bc250bd460f1637", "80ff5f8e4de0eaf266d3e73f9c52493f48600c002c8d8fd4436a313a014c8f59", "86cb16f05d0dc935474178ff425e2b44d1c25d93d998bdd8042cf9f13a9ceee0", "8f7da634dfe3e4d1b87ac3734b0a8d836bf24f1d33e8f23be498b3650810ff49", "9af21c1dc0084f10420edb915a7911edb316cf5f76455e6cb6fdbb93f938b0a4", "bd117c316ccc9e04c269949f569c5fc4fd163d2e8cab536053db9906799294ac", "c5e91b0daea9146e0e45167e229d383a0afd2d46c3bbdeb7e9a50640565f87f6", "cabf376ba19a4a16517e90634a99840e9cae1beef06acb76345d2b9ab8044c63", "d2931fc8189d7f0fb35f82e8fa66d83252fe6d4f94d2a743f8ca45542ee0757f", "d810c0e503bebbbb290bf92d344800ed69addc978527e9f225c0bf60ed3abda5", "e44503145f269028e90c4b19261b99476c2e45d2cdc31fb572e77a8fb2b887c4", "f46104009added65d7622a12c6809376b91c961c61d41e28a968dd9d8d0a753a"], "path": "E:\\_"}, {"hashes": ["038d1de536eebac9f9d1279777ceb5375e9bdf26593d2e9cef0deaa85434b64d", "0fb2be0b70ded0d999f7ae0a7708d841b4cbaa80ed730dc5e5701daa257ccc5b", "101329685805850cb07f12c3021bd9f54a5e6b25654d10ca33f8f0e79c36b6b6", "13f0e73aae7e5ca7e67e7090b9dc0a3041f0b23bca82d2d20d9e65ff95311602", "1413614442785cc2f832c0d6d9447506bf1caee72390c9035900c4bc3ca6fd4c", "226212f9681cd5f9b6151f046686c53756046ce97be058618f5c204ec737132e", "279da584e4a1198650d2514b46ad1233c2b5af01019266ad2c2a708c5cd7b68b", "498a2f78716bf221a00c3414d1b9b5922b91ace212609e0811baf5fc49d60d26", "503e5946bce935f1dfa54048131712b2607b4763f674436306b6d57bf24dc481", "5fa6c3f4f614ea84f2b05c560c8325d662ead5f35569b0770bc250bd460f1637", "80ff5f8e4de0eaf266d3e73f9c52493f48600c002c8d8fd4436a313a014c8f59", "86cb16f05d0dc935474178ff425e2b44d1c25d93d998bdd8042cf9f13a9ceee0", "8f7da634dfe3e4d1b87ac3734b0a8d836bf24f1d33e8f23be498b3650810ff49", "9af21c1dc0084f10420edb915a7911edb316cf5f76455e6cb6fdbb93f938b0a4", "bd117c316ccc9e04c269949f569c5fc4fd163d2e8cab536053db9906799294ac", "c5e91b0daea9146e0e45167e229d383a0afd2d46c3bbdeb7e9a50640565f87f6", "cabf376ba19a4a16517e90634a99840e9cae1beef06acb76345d2b9ab8044c63", "d2931fc8189d7f0fb35f82e8fa66d83252fe6d4f94d2a743f8ca45542ee0757f", "d810c0e503bebbbb290bf92d344800ed69addc978527e9f225c0bf60ed3abda5", "e44503145f269028e90c4b19261b99476c2e45d2cdc31fb572e77a8fb2b887c4", "f46104009added65d7622a12c6809376b91c961c61d41e28a968dd9d8d0a753a"], "path": "E:\\_\\DeviceManager.exe"}, {"hashes": ["038d1de536eebac9f9d1279777ceb5375e9bdf26593d2e9cef0deaa85434b64d", "0fb2be0b70ded0d999f7ae0a7708d841b4cbaa80ed730dc5e5701daa257ccc5b", "101329685805850cb07f12c3021bd9f54a5e6b25654d10ca33f8f0e79c36b6b6", "1413614442785cc2f832c0d6d9447506bf1caee72390c9035900c4bc3ca6fd4c", "226212f9681cd5f9b6151f046686c53756046ce97be058618f5c204ec737132e", "279da584e4a1198650d2514b46ad1233c2b5af01019266ad2c2a708c5cd7b68b", "498a2f78716bf221a00c3414d1b9b5922b91ace212609e0811baf5fc49d60d26", "503e5946bce935f1dfa54048131712b2607b4763f674436306b6d57bf24dc481", "5fa6c3f4f614ea84f2b05c560c8325d662ead5f35569b0770bc250bd460f1637", "80ff5f8e4de0eaf266d3e73f9c52493f48600c002c8d8fd4436a313a014c8f59", "86cb16f05d0dc935474178ff425e2b44d1c25d93d998bdd8042cf9f13a9ceee0", "8f7da634dfe3e4d1b87ac3734b0a8d836bf24f1d33e8f23be498b3650810ff49", "9af21c1dc0084f10420edb915a7911edb316cf5f76455e6cb6fdbb93f938b0a4", "bd117c316ccc9e04c269949f569c5fc4fd163d2e8cab536053db9906799294ac", "c5e91b0daea9146e0e45167e229d383a0afd2d46c3bbdeb7e9a50640565f87f6", "cabf376ba19a4a16517e90634a99840e9cae1beef06acb76345d2b9ab8044c63", "d2931fc8189d7f0fb35f82e8fa66d83252fe6d4f94d2a743f8ca45542ee0757f", "d810c0e503bebbbb290bf92d344800ed69addc978527e9f225c0bf60ed3abda5", "f46104009added65d7622a12c6809376b91c961c61d41e28a968dd9d8d0a753a"], "path": "%SystemRoot%\\60804350607050"}], "ip": [{"hashes": ["038d1de536eebac9f9d1279777ceb5375e9bdf26593d2e9cef0deaa85434b64d", "0fb2be0b70ded0d999f7ae0a7708d841b4cbaa80ed730dc5e5701daa257ccc5b", "101329685805850cb07f12c3021bd9f54a5e6b25654d10ca33f8f0e79c36b6b6", "13f0e73aae7e5ca7e67e7090b9dc0a3041f0b23bca82d2d20d9e65ff95311602", "1413614442785cc2f832c0d6d9447506bf1caee72390c9035900c4bc3ca6fd4c", "226212f9681cd5f9b6151f046686c53756046ce97be058618f5c204ec737132e", "279da584e4a1198650d2514b46ad1233c2b5af01019266ad2c2a708c5cd7b68b", "498a2f78716bf221a00c3414d1b9b5922b91ace212609e0811baf5fc49d60d26", "503e5946bce935f1dfa54048131712b2607b4763f674436306b6d57bf24dc481", "5fa6c3f4f614ea84f2b05c560c8325d662ead5f35569b0770bc250bd460f1637", "80ff5f8e4de0eaf266d3e73f9c52493f48600c002c8d8fd4436a313a014c8f59", "86cb16f05d0dc935474178ff425e2b44d1c25d93d998bdd8042cf9f13a9ceee0", "8f7da634dfe3e4d1b87ac3734b0a8d836bf24f1d33e8f23be498b3650810ff49", "9af21c1dc0084f10420edb915a7911edb316cf5f76455e6cb6fdbb93f938b0a4", "bd117c316ccc9e04c269949f569c5fc4fd163d2e8cab536053db9906799294ac", "c5e91b0daea9146e0e45167e229d383a0afd2d46c3bbdeb7e9a50640565f87f6", "cabf376ba19a4a16517e90634a99840e9cae1beef06acb76345d2b9ab8044c63", "d2931fc8189d7f0fb35f82e8fa66d83252fe6d4f94d2a743f8ca45542ee0757f", "d810c0e503bebbbb290bf92d344800ed69addc978527e9f225c0bf60ed3abda5", "e44503145f269028e90c4b19261b99476c2e45d2cdc31fb572e77a8fb2b887c4", "f46104009added65d7622a12c6809376b91c961c61d41e28a968dd9d8d0a753a"], "ip": "92[.]63[.]197[.]153"}, {"hashes": ["038d1de536eebac9f9d1279777ceb5375e9bdf26593d2e9cef0deaa85434b64d", "0fb2be0b70ded0d999f7ae0a7708d841b4cbaa80ed730dc5e5701daa257ccc5b", "101329685805850cb07f12c3021bd9f54a5e6b25654d10ca33f8f0e79c36b6b6", "cabf376ba19a4a16517e90634a99840e9cae1beef06acb76345d2b9ab8044c63"], "ip": "35[.]205[.]61[.]67"}], "mutex": [{"hashes": ["038d1de536eebac9f9d1279777ceb5375e9bdf26593d2e9cef0deaa85434b64d", "0fb2be0b70ded0d999f7ae0a7708d841b4cbaa80ed730dc5e5701daa257ccc5b", "101329685805850cb07f12c3021bd9f54a5e6b25654d10ca33f8f0e79c36b6b6", "13f0e73aae7e5ca7e67e7090b9dc0a3041f0b23bca82d2d20d9e65ff95311602", "1413614442785cc2f832c0d6d9447506bf1caee72390c9035900c4bc3ca6fd4c", "226212f9681cd5f9b6151f046686c53756046ce97be058618f5c204ec737132e", "279da584e4a1198650d2514b46ad1233c2b5af01019266ad2c2a708c5cd7b68b", "498a2f78716bf221a00c3414d1b9b5922b91ace212609e0811baf5fc49d60d26", "503e5946bce935f1dfa54048131712b2607b4763f674436306b6d57bf24dc481", "5fa6c3f4f614ea84f2b05c560c8325d662ead5f35569b0770bc250bd460f1637", "80ff5f8e4de0eaf266d3e73f9c52493f48600c002c8d8fd4436a313a014c8f59", "86cb16f05d0dc935474178ff425e2b44d1c25d93d998bdd8042cf9f13a9ceee0", "8f7da634dfe3e4d1b87ac3734b0a8d836bf24f1d33e8f23be498b3650810ff49", "9af21c1dc0084f10420edb915a7911edb316cf5f76455e6cb6fdbb93f938b0a4", "bd117c316ccc9e04c269949f569c5fc4fd163d2e8cab536053db9906799294ac", "c5e91b0daea9146e0e45167e229d383a0afd2d46c3bbdeb7e9a50640565f87f6", "cabf376ba19a4a16517e90634a99840e9cae1beef06acb76345d2b9ab8044c63", "d2931fc8189d7f0fb35f82e8fa66d83252fe6d4f94d2a743f8ca45542ee0757f", "d810c0e503bebbbb290bf92d344800ed69addc978527e9f225c0bf60ed3abda5", "e44503145f269028e90c4b19261b99476c2e45d2cdc31fb572e77a8fb2b887c4", "f46104009added65d7622a12c6809376b91c961c61d41e28a968dd9d8d0a753a"], "name": "50705477504"}], "registry": [{"hashes": ["038d1de536eebac9f9d1279777ceb5375e9bdf26593d2e9cef0deaa85434b64d", "0fb2be0b70ded0d999f7ae0a7708d841b4cbaa80ed730dc5e5701daa257ccc5b", "101329685805850cb07f12c3021bd9f54a5e6b25654d10ca33f8f0e79c36b6b6", "13f0e73aae7e5ca7e67e7090b9dc0a3041f0b23bca82d2d20d9e65ff95311602", "1413614442785cc2f832c0d6d9447506bf1caee72390c9035900c4bc3ca6fd4c", "226212f9681cd5f9b6151f046686c53756046ce97be058618f5c204ec737132e", "279da584e4a1198650d2514b46ad1233c2b5af01019266ad2c2a708c5cd7b68b", "498a2f78716bf221a00c3414d1b9b5922b91ace212609e0811baf5fc49d60d26", "503e5946bce935f1dfa54048131712b2607b4763f674436306b6d57bf24dc481", "5fa6c3f4f614ea84f2b05c560c8325d662ead5f35569b0770bc250bd460f1637", "80ff5f8e4de0eaf266d3e73f9c52493f48600c002c8d8fd4436a313a014c8f59", "86cb16f05d0dc935474178ff425e2b44d1c25d93d998bdd8042cf9f13a9ceee0", "8f7da634dfe3e4d1b87ac3734b0a8d836bf24f1d33e8f23be498b3650810ff49", "9af21c1dc0084f10420edb915a7911edb316cf5f76455e6cb6fdbb93f938b0a4", "bd117c316ccc9e04c269949f569c5fc4fd163d2e8cab536053db9906799294ac", "c5e91b0daea9146e0e45167e229d383a0afd2d46c3bbdeb7e9a50640565f87f6", "cabf376ba19a4a16517e90634a99840e9cae1beef06acb76345d2b9ab8044c63", "d2931fc8189d7f0fb35f82e8fa66d83252fe6d4f94d2a743f8ca45542ee0757f", "d810c0e503bebbbb290bf92d344800ed69addc978527e9f225c0bf60ed3abda5", "e44503145f269028e90c4b19261b99476c2e45d2cdc31fb572e77a8fb2b887c4", "f46104009added65d7622a12c6809376b91c961c61d41e28a968dd9d8d0a753a"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\SECURITY CENTER", "value_name": "AntiVirusOverride"}, {"hashes": ["038d1de536eebac9f9d1279777ceb5375e9bdf26593d2e9cef0deaa85434b64d", "0fb2be0b70ded0d999f7ae0a7708d841b4cbaa80ed730dc5e5701daa257ccc5b", "101329685805850cb07f12c3021bd9f54a5e6b25654d10ca33f8f0e79c36b6b6", "13f0e73aae7e5ca7e67e7090b9dc0a3041f0b23bca82d2d20d9e65ff95311602", "1413614442785cc2f832c0d6d9447506bf1caee72390c9035900c4bc3ca6fd4c", "226212f9681cd5f9b6151f046686c53756046ce97be058618f5c204ec737132e", "279da584e4a1198650d2514b46ad1233c2b5af01019266ad2c2a708c5cd7b68b", "498a2f78716bf221a00c3414d1b9b5922b91ace212609e0811baf5fc49d60d26", "503e5946bce935f1dfa54048131712b2607b4763f674436306b6d57bf24dc481", "5fa6c3f4f614ea84f2b05c560c8325d662ead5f35569b0770bc250bd460f1637", "80ff5f8e4de0eaf266d3e73f9c52493f48600c002c8d8fd4436a313a014c8f59", "86cb16f05d0dc935474178ff425e2b44d1c25d93d998bdd8042cf9f13a9ceee0", "8f7da634dfe3e4d1b87ac3734b0a8d836bf24f1d33e8f23be498b3650810ff49", "9af21c1dc0084f10420edb915a7911edb316cf5f76455e6cb6fdbb93f938b0a4", "bd117c316ccc9e04c269949f569c5fc4fd163d2e8cab536053db9906799294ac", "c5e91b0daea9146e0e45167e229d383a0afd2d46c3bbdeb7e9a50640565f87f6", "cabf376ba19a4a16517e90634a99840e9cae1beef06acb76345d2b9ab8044c63", "d2931fc8189d7f0fb35f82e8fa66d83252fe6d4f94d2a743f8ca45542ee0757f", "d810c0e503bebbbb290bf92d344800ed69addc978527e9f225c0bf60ed3abda5", "e44503145f269028e90c4b19261b99476c2e45d2cdc31fb572e77a8fb2b887c4", "f46104009added65d7622a12c6809376b91c961c61d41e28a968dd9d8d0a753a"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\SECURITY CENTER", "value_name": "AntiVirusDisableNotify"}, {"hashes": ["038d1de536eebac9f9d1279777ceb5375e9bdf26593d2e9cef0deaa85434b64d", "0fb2be0b70ded0d999f7ae0a7708d841b4cbaa80ed730dc5e5701daa257ccc5b", "101329685805850cb07f12c3021bd9f54a5e6b25654d10ca33f8f0e79c36b6b6", "13f0e73aae7e5ca7e67e7090b9dc0a3041f0b23bca82d2d20d9e65ff95311602", "1413614442785cc2f832c0d6d9447506bf1caee72390c9035900c4bc3ca6fd4c", "226212f9681cd5f9b6151f046686c53756046ce97be058618f5c204ec737132e", "279da584e4a1198650d2514b46ad1233c2b5af01019266ad2c2a708c5cd7b68b", "498a2f78716bf221a00c3414d1b9b5922b91ace212609e0811baf5fc49d60d26", "503e5946bce935f1dfa54048131712b2607b4763f674436306b6d57bf24dc481", "5fa6c3f4f614ea84f2b05c560c8325d662ead5f35569b0770bc250bd460f1637", "80ff5f8e4de0eaf266d3e73f9c52493f48600c002c8d8fd4436a313a014c8f59", "86cb16f05d0dc935474178ff425e2b44d1c25d93d998bdd8042cf9f13a9ceee0", "8f7da634dfe3e4d1b87ac3734b0a8d836bf24f1d33e8f23be498b3650810ff49", "9af21c1dc0084f10420edb915a7911edb316cf5f76455e6cb6fdbb93f938b0a4", "bd117c316ccc9e04c269949f569c5fc4fd163d2e8cab536053db9906799294ac", "c5e91b0daea9146e0e45167e229d383a0afd2d46c3bbdeb7e9a50640565f87f6", "cabf376ba19a4a16517e90634a99840e9cae1beef06acb76345d2b9ab8044c63", "d2931fc8189d7f0fb35f82e8fa66d83252fe6d4f94d2a743f8ca45542ee0757f", "d810c0e503bebbbb290bf92d344800ed69addc978527e9f225c0bf60ed3abda5", "e44503145f269028e90c4b19261b99476c2e45d2cdc31fb572e77a8fb2b887c4", "f46104009added65d7622a12c6809376b91c961c61d41e28a968dd9d8d0a753a"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\SECURITY CENTER", "value_name": "FirewallDisableNotify"}, {"hashes": ["038d1de536eebac9f9d1279777ceb5375e9bdf26593d2e9cef0deaa85434b64d", "0fb2be0b70ded0d999f7ae0a7708d841b4cbaa80ed730dc5e5701daa257ccc5b", "101329685805850cb07f12c3021bd9f54a5e6b25654d10ca33f8f0e79c36b6b6", "13f0e73aae7e5ca7e67e7090b9dc0a3041f0b23bca82d2d20d9e65ff95311602", "1413614442785cc2f832c0d6d9447506bf1caee72390c9035900c4bc3ca6fd4c", "226212f9681cd5f9b6151f046686c53756046ce97be058618f5c204ec737132e", "279da584e4a1198650d2514b46ad1233c2b5af01019266ad2c2a708c5cd7b68b", "498a2f78716bf221a00c3414d1b9b5922b91ace212609e0811baf5fc49d60d26", "503e5946bce935f1dfa54048131712b2607b4763f674436306b6d57bf24dc481", "5fa6c3f4f614ea84f2b05c560c8325d662ead5f35569b0770bc250bd460f1637", "80ff5f8e4de0eaf266d3e73f9c52493f48600c002c8d8fd4436a313a014c8f59", "86cb16f05d0dc935474178ff425e2b44d1c25d93d998bdd8042cf9f13a9ceee0", "8f7da634dfe3e4d1b87ac3734b0a8d836bf24f1d33e8f23be498b3650810ff49", "9af21c1dc0084f10420edb915a7911edb316cf5f76455e6cb6fdbb93f938b0a4", "bd117c316ccc9e04c269949f569c5fc4fd163d2e8cab536053db9906799294ac", "c5e91b0daea9146e0e45167e229d383a0afd2d46c3bbdeb7e9a50640565f87f6", "cabf376ba19a4a16517e90634a99840e9cae1beef06acb76345d2b9ab8044c63", "d2931fc8189d7f0fb35f82e8fa66d83252fe6d4f94d2a743f8ca45542ee0757f", "d810c0e503bebbbb290bf92d344800ed69addc978527e9f225c0bf60ed3abda5", "e44503145f269028e90c4b19261b99476c2e45d2cdc31fb572e77a8fb2b887c4", "f46104009added65d7622a12c6809376b91c961c61d41e28a968dd9d8d0a753a"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\SECURITY CENTER", "value_name": "FirewallOverride"}, {"hashes": ["038d1de536eebac9f9d1279777ceb5375e9bdf26593d2e9cef0deaa85434b64d", "0fb2be0b70ded0d999f7ae0a7708d841b4cbaa80ed730dc5e5701daa257ccc5b", "101329685805850cb07f12c3021bd9f54a5e6b25654d10ca33f8f0e79c36b6b6", "13f0e73aae7e5ca7e67e7090b9dc0a3041f0b23bca82d2d20d9e65ff95311602", "1413614442785cc2f832c0d6d9447506bf1caee72390c9035900c4bc3ca6fd4c", "226212f9681cd5f9b6151f046686c53756046ce97be058618f5c204ec737132e", "279da584e4a1198650d2514b46ad1233c2b5af01019266ad2c2a708c5cd7b68b", "498a2f78716bf221a00c3414d1b9b5922b91ace212609e0811baf5fc49d60d26", "503e5946bce935f1dfa54048131712b2607b4763f674436306b6d57bf24dc481", "5fa6c3f4f614ea84f2b05c560c8325d662ead5f35569b0770bc250bd460f1637", "80ff5f8e4de0eaf266d3e73f9c52493f48600c002c8d8fd4436a313a014c8f59", "86cb16f05d0dc935474178ff425e2b44d1c25d93d998bdd8042cf9f13a9ceee0", "8f7da634dfe3e4d1b87ac3734b0a8d836bf24f1d33e8f23be498b3650810ff49", "9af21c1dc0084f10420edb915a7911edb316cf5f76455e6cb6fdbb93f938b0a4", "bd117c316ccc9e04c269949f569c5fc4fd163d2e8cab536053db9906799294ac", "c5e91b0daea9146e0e45167e229d383a0afd2d46c3bbdeb7e9a50640565f87f6", "cabf376ba19a4a16517e90634a99840e9cae1beef06acb76345d2b9ab8044c63", "d2931fc8189d7f0fb35f82e8fa66d83252fe6d4f94d2a743f8ca45542ee0757f", "d810c0e503bebbbb290bf92d344800ed69addc978527e9f225c0bf60ed3abda5", "e44503145f269028e90c4b19261b99476c2e45d2cdc31fb572e77a8fb2b887c4", "f46104009added65d7622a12c6809376b91c961c61d41e28a968dd9d8d0a753a"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\SECURITY CENTER", "value_name": "UpdatesDisableNotify"}, {"hashes": ["038d1de536eebac9f9d1279777ceb5375e9bdf26593d2e9cef0deaa85434b64d", "0fb2be0b70ded0d999f7ae0a7708d841b4cbaa80ed730dc5e5701daa257ccc5b", "101329685805850cb07f12c3021bd9f54a5e6b25654d10ca33f8f0e79c36b6b6", "13f0e73aae7e5ca7e67e7090b9dc0a3041f0b23bca82d2d20d9e65ff95311602", "1413614442785cc2f832c0d6d9447506bf1caee72390c9035900c4bc3ca6fd4c", "226212f9681cd5f9b6151f046686c53756046ce97be058618f5c204ec737132e", "279da584e4a1198650d2514b46ad1233c2b5af01019266ad2c2a708c5cd7b68b", "498a2f78716bf221a00c3414d1b9b5922b91ace212609e0811baf5fc49d60d26", "503e5946bce935f1dfa54048131712b2607b4763f674436306b6d57bf24dc481", "5fa6c3f4f614ea84f2b05c560c8325d662ead5f35569b0770bc250bd460f1637", "80ff5f8e4de0eaf266d3e73f9c52493f48600c002c8d8fd4436a313a014c8f59", "86cb16f05d0dc935474178ff425e2b44d1c25d93d998bdd8042cf9f13a9ceee0", "8f7da634dfe3e4d1b87ac3734b0a8d836bf24f1d33e8f23be498b3650810ff49", "9af21c1dc0084f10420edb915a7911edb316cf5f76455e6cb6fdbb93f938b0a4", "bd117c316ccc9e04c269949f569c5fc4fd163d2e8cab536053db9906799294ac", "c5e91b0daea9146e0e45167e229d383a0afd2d46c3bbdeb7e9a50640565f87f6", "cabf376ba19a4a16517e90634a99840e9cae1beef06acb76345d2b9ab8044c63", "d2931fc8189d7f0fb35f82e8fa66d83252fe6d4f94d2a743f8ca45542ee0757f", "d810c0e503bebbbb290bf92d344800ed69addc978527e9f225c0bf60ed3abda5", "e44503145f269028e90c4b19261b99476c2e45d2cdc31fb572e77a8fb2b887c4", "f46104009added65d7622a12c6809376b91c961c61d41e28a968dd9d8d0a753a"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\SYSTEMRESTORE", "value_name": "DisableSR"}, {"hashes": ["038d1de536eebac9f9d1279777ceb5375e9bdf26593d2e9cef0deaa85434b64d", "0fb2be0b70ded0d999f7ae0a7708d841b4cbaa80ed730dc5e5701daa257ccc5b", "101329685805850cb07f12c3021bd9f54a5e6b25654d10ca33f8f0e79c36b6b6", "13f0e73aae7e5ca7e67e7090b9dc0a3041f0b23bca82d2d20d9e65ff95311602", "1413614442785cc2f832c0d6d9447506bf1caee72390c9035900c4bc3ca6fd4c", "226212f9681cd5f9b6151f046686c53756046ce97be058618f5c204ec737132e", "279da584e4a1198650d2514b46ad1233c2b5af01019266ad2c2a708c5cd7b68b", "498a2f78716bf221a00c3414d1b9b5922b91ace212609e0811baf5fc49d60d26", "503e5946bce935f1dfa54048131712b2607b4763f674436306b6d57bf24dc481", "5fa6c3f4f614ea84f2b05c560c8325d662ead5f35569b0770bc250bd460f1637", "80ff5f8e4de0eaf266d3e73f9c52493f48600c002c8d8fd4436a313a014c8f59", "86cb16f05d0dc935474178ff425e2b44d1c25d93d998bdd8042cf9f13a9ceee0", "8f7da634dfe3e4d1b87ac3734b0a8d836bf24f1d33e8f23be498b3650810ff49", "9af21c1dc0084f10420edb915a7911edb316cf5f76455e6cb6fdbb93f938b0a4", "bd117c316ccc9e04c269949f569c5fc4fd163d2e8cab536053db9906799294ac", "c5e91b0daea9146e0e45167e229d383a0afd2d46c3bbdeb7e9a50640565f87f6", "cabf376ba19a4a16517e90634a99840e9cae1beef06acb76345d2b9ab8044c63", "d2931fc8189d7f0fb35f82e8fa66d83252fe6d4f94d2a743f8ca45542ee0757f", "d810c0e503bebbbb290bf92d344800ed69addc978527e9f225c0bf60ed3abda5", "e44503145f269028e90c4b19261b99476c2e45d2cdc31fb572e77a8fb2b887c4", "f46104009added65d7622a12c6809376b91c961c61d41e28a968dd9d8d0a753a"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\SECURITY CENTER", "value_name": "UpdatesOverride"}, {"hashes": ["038d1de536eebac9f9d1279777ceb5375e9bdf26593d2e9cef0deaa85434b64d", "0fb2be0b70ded0d999f7ae0a7708d841b4cbaa80ed730dc5e5701daa257ccc5b", "101329685805850cb07f12c3021bd9f54a5e6b25654d10ca33f8f0e79c36b6b6", "13f0e73aae7e5ca7e67e7090b9dc0a3041f0b23bca82d2d20d9e65ff95311602", "1413614442785cc2f832c0d6d9447506bf1caee72390c9035900c4bc3ca6fd4c", "226212f9681cd5f9b6151f046686c53756046ce97be058618f5c204ec737132e", "279da584e4a1198650d2514b46ad1233c2b5af01019266ad2c2a708c5cd7b68b", "498a2f78716bf221a00c3414d1b9b5922b91ace212609e0811baf5fc49d60d26", "503e5946bce935f1dfa54048131712b2607b4763f674436306b6d57bf24dc481", "5fa6c3f4f614ea84f2b05c560c8325d662ead5f35569b0770bc250bd460f1637", "80ff5f8e4de0eaf266d3e73f9c52493f48600c002c8d8fd4436a313a014c8f59", "86cb16f05d0dc935474178ff425e2b44d1c25d93d998bdd8042cf9f13a9ceee0", "8f7da634dfe3e4d1b87ac3734b0a8d836bf24f1d33e8f23be498b3650810ff49", "9af21c1dc0084f10420edb915a7911edb316cf5f76455e6cb6fdbb93f938b0a4", "bd117c316ccc9e04c269949f569c5fc4fd163d2e8cab536053db9906799294ac", "c5e91b0daea9146e0e45167e229d383a0afd2d46c3bbdeb7e9a50640565f87f6", "cabf376ba19a4a16517e90634a99840e9cae1beef06acb76345d2b9ab8044c63", "d2931fc8189d7f0fb35f82e8fa66d83252fe6d4f94d2a743f8ca45542ee0757f", "d810c0e503bebbbb290bf92d344800ed69addc978527e9f225c0bf60ed3abda5", "e44503145f269028e90c4b19261b99476c2e45d2cdc31fb572e77a8fb2b887c4", "f46104009added65d7622a12c6809376b91c961c61d41e28a968dd9d8d0a753a"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\SECURITY CENTER", "value_name": "AutoUpdateDisableNotify"}, {"hashes": ["038d1de536eebac9f9d1279777ceb5375e9bdf26593d2e9cef0deaa85434b64d", "0fb2be0b70ded0d999f7ae0a7708d841b4cbaa80ed730dc5e5701daa257ccc5b", "101329685805850cb07f12c3021bd9f54a5e6b25654d10ca33f8f0e79c36b6b6", "13f0e73aae7e5ca7e67e7090b9dc0a3041f0b23bca82d2d20d9e65ff95311602", "1413614442785cc2f832c0d6d9447506bf1caee72390c9035900c4bc3ca6fd4c", "226212f9681cd5f9b6151f046686c53756046ce97be058618f5c204ec737132e", "279da584e4a1198650d2514b46ad1233c2b5af01019266ad2c2a708c5cd7b68b", "498a2f78716bf221a00c3414d1b9b5922b91ace212609e0811baf5fc49d60d26", "503e5946bce935f1dfa54048131712b2607b4763f674436306b6d57bf24dc481", "5fa6c3f4f614ea84f2b05c560c8325d662ead5f35569b0770bc250bd460f1637", "80ff5f8e4de0eaf266d3e73f9c52493f48600c002c8d8fd4436a313a014c8f59", "86cb16f05d0dc935474178ff425e2b44d1c25d93d998bdd8042cf9f13a9ceee0", "8f7da634dfe3e4d1b87ac3734b0a8d836bf24f1d33e8f23be498b3650810ff49", "9af21c1dc0084f10420edb915a7911edb316cf5f76455e6cb6fdbb93f938b0a4", "bd117c316ccc9e04c269949f569c5fc4fd163d2e8cab536053db9906799294ac", "c5e91b0daea9146e0e45167e229d383a0afd2d46c3bbdeb7e9a50640565f87f6", "cabf376ba19a4a16517e90634a99840e9cae1beef06acb76345d2b9ab8044c63", "d2931fc8189d7f0fb35f82e8fa66d83252fe6d4f94d2a743f8ca45542ee0757f", "d810c0e503bebbbb290bf92d344800ed69addc978527e9f225c0bf60ed3abda5", "e44503145f269028e90c4b19261b99476c2e45d2cdc31fb572e77a8fb2b887c4", "f46104009added65d7622a12c6809376b91c961c61d41e28a968dd9d8d0a753a"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "Microsoft Windows Services"}, {"hashes": ["038d1de536eebac9f9d1279777ceb5375e9bdf26593d2e9cef0deaa85434b64d", "0fb2be0b70ded0d999f7ae0a7708d841b4cbaa80ed730dc5e5701daa257ccc5b", "101329685805850cb07f12c3021bd9f54a5e6b25654d10ca33f8f0e79c36b6b6", "13f0e73aae7e5ca7e67e7090b9dc0a3041f0b23bca82d2d20d9e65ff95311602", "1413614442785cc2f832c0d6d9447506bf1caee72390c9035900c4bc3ca6fd4c", "226212f9681cd5f9b6151f046686c53756046ce97be058618f5c204ec737132e", "279da584e4a1198650d2514b46ad1233c2b5af01019266ad2c2a708c5cd7b68b", "498a2f78716bf221a00c3414d1b9b5922b91ace212609e0811baf5fc49d60d26", "503e5946bce935f1dfa54048131712b2607b4763f674436306b6d57bf24dc481", "5fa6c3f4f614ea84f2b05c560c8325d662ead5f35569b0770bc250bd460f1637", "80ff5f8e4de0eaf266d3e73f9c52493f48600c002c8d8fd4436a313a014c8f59", "86cb16f05d0dc935474178ff425e2b44d1c25d93d998bdd8042cf9f13a9ceee0", "8f7da634dfe3e4d1b87ac3734b0a8d836bf24f1d33e8f23be498b3650810ff49", "9af21c1dc0084f10420edb915a7911edb316cf5f76455e6cb6fdbb93f938b0a4", "bd117c316ccc9e04c269949f569c5fc4fd163d2e8cab536053db9906799294ac", "c5e91b0daea9146e0e45167e229d383a0afd2d46c3bbdeb7e9a50640565f87f6", "cabf376ba19a4a16517e90634a99840e9cae1beef06acb76345d2b9ab8044c63", "d2931fc8189d7f0fb35f82e8fa66d83252fe6d4f94d2a743f8ca45542ee0757f", "d810c0e503bebbbb290bf92d344800ed69addc978527e9f225c0bf60ed3abda5", "e44503145f269028e90c4b19261b99476c2e45d2cdc31fb572e77a8fb2b887c4", "f46104009added65d7622a12c6809376b91c961c61d41e28a968dd9d8d0a753a"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "Microsoft Windows Services"}]}, "reports_count": 24}, "Win.Packed.Razy-9807129-0": {"bis": [{"bi": "artifact-flagged-sandbox", "hashes": ["d65a440cf4aa514549c170ab23a4dd10dd1cd10ffc463e4614a9e7907d5f52db", "b7827a3c564104b8f7554cd23eed39fa64fde30d7a214deabc0452bdaedbeac2", "fff76a9025af33a54cfef80ff36c3c404a2a7651b0e87c0f8070667dd3d3e43e", "43a2e6ac77d7abe026cf67a34f5d4554a91dd468ce2c49704c62e863e17743eb", "96a353ce7629e660fd9a2f338d93780bbd97d41ad97f6138656e5cbc04d0a8cb", "3278f4bf51aae1514f016d4330d67b5b3604119ffe27e8f826741859a756945f", "d18d5ddac89212055c40dec27fdcaca767fb4837be90b3083f010b967632c6a1", "7c819c2018cb3379e4d86fd484ed934b2e4a54ec0dde44672cddb3326d2839f6", "7717611ab94371aa922a4f43b4eee8281806e96db49343e7d01a10d96736fa04", "e10377d38b8109ab9d8e183d5a5454a40930e06f3d347040f4798caea735e9bb", "2999619e991cfe7e3bb4328a77af501f6e579cd1669f34a5205c29ffb2cbb4bd", "be1a6ee20a575f37c4e088e2abd065e6442d7128957cf3c8b73669543609a768", "635764fd5b8571b5062d8c3c6c65ab13bd79400e56a318b615d7309f8f08d3c1", "c3c634e5d4ee8aa6eeb7896e14bc39c6ab8b4ceb39dc26bc09418e4bfa9b0820", "d2000f86d47cc1a1ab87f3080c90b4b61aaa317aac5c2d4cd8609286ebacee8b"], "mitre_attack_tags": ["TA0005", "TA0007", "T1497"]}, {"bi": "memory-execute-readwrite", "hashes": ["d65a440cf4aa514549c170ab23a4dd10dd1cd10ffc463e4614a9e7907d5f52db", "b7827a3c564104b8f7554cd23eed39fa64fde30d7a214deabc0452bdaedbeac2", "fff76a9025af33a54cfef80ff36c3c404a2a7651b0e87c0f8070667dd3d3e43e", "43a2e6ac77d7abe026cf67a34f5d4554a91dd468ce2c49704c62e863e17743eb", "96a353ce7629e660fd9a2f338d93780bbd97d41ad97f6138656e5cbc04d0a8cb", "3278f4bf51aae1514f016d4330d67b5b3604119ffe27e8f826741859a756945f", "d18d5ddac89212055c40dec27fdcaca767fb4837be90b3083f010b967632c6a1", "7c819c2018cb3379e4d86fd484ed934b2e4a54ec0dde44672cddb3326d2839f6", "7717611ab94371aa922a4f43b4eee8281806e96db49343e7d01a10d96736fa04", "e10377d38b8109ab9d8e183d5a5454a40930e06f3d347040f4798caea735e9bb", "2999619e991cfe7e3bb4328a77af501f6e579cd1669f34a5205c29ffb2cbb4bd", "be1a6ee20a575f37c4e088e2abd065e6442d7128957cf3c8b73669543609a768", "635764fd5b8571b5062d8c3c6c65ab13bd79400e56a318b615d7309f8f08d3c1", "c3c634e5d4ee8aa6eeb7896e14bc39c6ab8b4ceb39dc26bc09418e4bfa9b0820", "d2000f86d47cc1a1ab87f3080c90b4b61aaa317aac5c2d4cd8609286ebacee8b"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["d65a440cf4aa514549c170ab23a4dd10dd1cd10ffc463e4614a9e7907d5f52db", "b7827a3c564104b8f7554cd23eed39fa64fde30d7a214deabc0452bdaedbeac2", "fff76a9025af33a54cfef80ff36c3c404a2a7651b0e87c0f8070667dd3d3e43e", "43a2e6ac77d7abe026cf67a34f5d4554a91dd468ce2c49704c62e863e17743eb", "96a353ce7629e660fd9a2f338d93780bbd97d41ad97f6138656e5cbc04d0a8cb", "3278f4bf51aae1514f016d4330d67b5b3604119ffe27e8f826741859a756945f", "d18d5ddac89212055c40dec27fdcaca767fb4837be90b3083f010b967632c6a1", "7c819c2018cb3379e4d86fd484ed934b2e4a54ec0dde44672cddb3326d2839f6", "7717611ab94371aa922a4f43b4eee8281806e96db49343e7d01a10d96736fa04", "e10377d38b8109ab9d8e183d5a5454a40930e06f3d347040f4798caea735e9bb", "2999619e991cfe7e3bb4328a77af501f6e579cd1669f34a5205c29ffb2cbb4bd", "be1a6ee20a575f37c4e088e2abd065e6442d7128957cf3c8b73669543609a768", "635764fd5b8571b5062d8c3c6c65ab13bd79400e56a318b615d7309f8f08d3c1", "c3c634e5d4ee8aa6eeb7896e14bc39c6ab8b4ceb39dc26bc09418e4bfa9b0820", "d2000f86d47cc1a1ab87f3080c90b4b61aaa317aac5c2d4cd8609286ebacee8b"], "mitre_attack_tags": []}, {"bi": "artifact-flagged-anomaly", "hashes": ["d65a440cf4aa514549c170ab23a4dd10dd1cd10ffc463e4614a9e7907d5f52db", "b7827a3c564104b8f7554cd23eed39fa64fde30d7a214deabc0452bdaedbeac2", "fff76a9025af33a54cfef80ff36c3c404a2a7651b0e87c0f8070667dd3d3e43e", "43a2e6ac77d7abe026cf67a34f5d4554a91dd468ce2c49704c62e863e17743eb", "96a353ce7629e660fd9a2f338d93780bbd97d41ad97f6138656e5cbc04d0a8cb", "3278f4bf51aae1514f016d4330d67b5b3604119ffe27e8f826741859a756945f", "d18d5ddac89212055c40dec27fdcaca767fb4837be90b3083f010b967632c6a1", "7c819c2018cb3379e4d86fd484ed934b2e4a54ec0dde44672cddb3326d2839f6", "7717611ab94371aa922a4f43b4eee8281806e96db49343e7d01a10d96736fa04", "e10377d38b8109ab9d8e183d5a5454a40930e06f3d347040f4798caea735e9bb", "2999619e991cfe7e3bb4328a77af501f6e579cd1669f34a5205c29ffb2cbb4bd", "be1a6ee20a575f37c4e088e2abd065e6442d7128957cf3c8b73669543609a768", "635764fd5b8571b5062d8c3c6c65ab13bd79400e56a318b615d7309f8f08d3c1", "c3c634e5d4ee8aa6eeb7896e14bc39c6ab8b4ceb39dc26bc09418e4bfa9b0820", "d2000f86d47cc1a1ab87f3080c90b4b61aaa317aac5c2d4cd8609286ebacee8b"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-uses-dot-net", "hashes": ["d65a440cf4aa514549c170ab23a4dd10dd1cd10ffc463e4614a9e7907d5f52db", "b7827a3c564104b8f7554cd23eed39fa64fde30d7a214deabc0452bdaedbeac2", "fff76a9025af33a54cfef80ff36c3c404a2a7651b0e87c0f8070667dd3d3e43e", "43a2e6ac77d7abe026cf67a34f5d4554a91dd468ce2c49704c62e863e17743eb", "96a353ce7629e660fd9a2f338d93780bbd97d41ad97f6138656e5cbc04d0a8cb", "3278f4bf51aae1514f016d4330d67b5b3604119ffe27e8f826741859a756945f", "d18d5ddac89212055c40dec27fdcaca767fb4837be90b3083f010b967632c6a1", "7c819c2018cb3379e4d86fd484ed934b2e4a54ec0dde44672cddb3326d2839f6", "7717611ab94371aa922a4f43b4eee8281806e96db49343e7d01a10d96736fa04", "e10377d38b8109ab9d8e183d5a5454a40930e06f3d347040f4798caea735e9bb", "2999619e991cfe7e3bb4328a77af501f6e579cd1669f34a5205c29ffb2cbb4bd", "be1a6ee20a575f37c4e088e2abd065e6442d7128957cf3c8b73669543609a768", "635764fd5b8571b5062d8c3c6c65ab13bd79400e56a318b615d7309f8f08d3c1", "c3c634e5d4ee8aa6eeb7896e14bc39c6ab8b4ceb39dc26bc09418e4bfa9b0820", "d2000f86d47cc1a1ab87f3080c90b4b61aaa317aac5c2d4cd8609286ebacee8b"], "mitre_attack_tags": []}, {"bi": "artifact-flagged-vm", "hashes": ["d65a440cf4aa514549c170ab23a4dd10dd1cd10ffc463e4614a9e7907d5f52db", "b7827a3c564104b8f7554cd23eed39fa64fde30d7a214deabc0452bdaedbeac2", "fff76a9025af33a54cfef80ff36c3c404a2a7651b0e87c0f8070667dd3d3e43e", "43a2e6ac77d7abe026cf67a34f5d4554a91dd468ce2c49704c62e863e17743eb", "96a353ce7629e660fd9a2f338d93780bbd97d41ad97f6138656e5cbc04d0a8cb", "3278f4bf51aae1514f016d4330d67b5b3604119ffe27e8f826741859a756945f", "d18d5ddac89212055c40dec27fdcaca767fb4837be90b3083f010b967632c6a1", "7c819c2018cb3379e4d86fd484ed934b2e4a54ec0dde44672cddb3326d2839f6", "7717611ab94371aa922a4f43b4eee8281806e96db49343e7d01a10d96736fa04", "e10377d38b8109ab9d8e183d5a5454a40930e06f3d347040f4798caea735e9bb", "2999619e991cfe7e3bb4328a77af501f6e579cd1669f34a5205c29ffb2cbb4bd", "be1a6ee20a575f37c4e088e2abd065e6442d7128957cf3c8b73669543609a768", "635764fd5b8571b5062d8c3c6c65ab13bd79400e56a318b615d7309f8f08d3c1", "c3c634e5d4ee8aa6eeb7896e14bc39c6ab8b4ceb39dc26bc09418e4bfa9b0820", "d2000f86d47cc1a1ab87f3080c90b4b61aaa317aac5c2d4cd8609286ebacee8b"], "mitre_attack_tags": ["TA0005", "TA0007", "T1497"]}, {"bi": "modified-executable", "hashes": ["d65a440cf4aa514549c170ab23a4dd10dd1cd10ffc463e4614a9e7907d5f52db", "b7827a3c564104b8f7554cd23eed39fa64fde30d7a214deabc0452bdaedbeac2", "fff76a9025af33a54cfef80ff36c3c404a2a7651b0e87c0f8070667dd3d3e43e", "3278f4bf51aae1514f016d4330d67b5b3604119ffe27e8f826741859a756945f", "d18d5ddac89212055c40dec27fdcaca767fb4837be90b3083f010b967632c6a1", "7c819c2018cb3379e4d86fd484ed934b2e4a54ec0dde44672cddb3326d2839f6", "7717611ab94371aa922a4f43b4eee8281806e96db49343e7d01a10d96736fa04", "e10377d38b8109ab9d8e183d5a5454a40930e06f3d347040f4798caea735e9bb", "be1a6ee20a575f37c4e088e2abd065e6442d7128957cf3c8b73669543609a768", "635764fd5b8571b5062d8c3c6c65ab13bd79400e56a318b615d7309f8f08d3c1", "c3c634e5d4ee8aa6eeb7896e14bc39c6ab8b4ceb39dc26bc09418e4bfa9b0820", "d2000f86d47cc1a1ab87f3080c90b4b61aaa317aac5c2d4cd8609286ebacee8b"], "mitre_attack_tags": []}, {"bi": "created-executable-in-user-dir", "hashes": ["d65a440cf4aa514549c170ab23a4dd10dd1cd10ffc463e4614a9e7907d5f52db", "b7827a3c564104b8f7554cd23eed39fa64fde30d7a214deabc0452bdaedbeac2", "fff76a9025af33a54cfef80ff36c3c404a2a7651b0e87c0f8070667dd3d3e43e", "3278f4bf51aae1514f016d4330d67b5b3604119ffe27e8f826741859a756945f", "d18d5ddac89212055c40dec27fdcaca767fb4837be90b3083f010b967632c6a1", "7c819c2018cb3379e4d86fd484ed934b2e4a54ec0dde44672cddb3326d2839f6", "7717611ab94371aa922a4f43b4eee8281806e96db49343e7d01a10d96736fa04", "e10377d38b8109ab9d8e183d5a5454a40930e06f3d347040f4798caea735e9bb", "be1a6ee20a575f37c4e088e2abd065e6442d7128957cf3c8b73669543609a768", "635764fd5b8571b5062d8c3c6c65ab13bd79400e56a318b615d7309f8f08d3c1", "c3c634e5d4ee8aa6eeb7896e14bc39c6ab8b4ceb39dc26bc09418e4bfa9b0820", "d2000f86d47cc1a1ab87f3080c90b4b61aaa317aac5c2d4cd8609286ebacee8b"], "mitre_attack_tags": []}, {"bi": "modified-file-in-user-dir", "hashes": ["d65a440cf4aa514549c170ab23a4dd10dd1cd10ffc463e4614a9e7907d5f52db", "b7827a3c564104b8f7554cd23eed39fa64fde30d7a214deabc0452bdaedbeac2", "fff76a9025af33a54cfef80ff36c3c404a2a7651b0e87c0f8070667dd3d3e43e", "3278f4bf51aae1514f016d4330d67b5b3604119ffe27e8f826741859a756945f", "d18d5ddac89212055c40dec27fdcaca767fb4837be90b3083f010b967632c6a1", "7c819c2018cb3379e4d86fd484ed934b2e4a54ec0dde44672cddb3326d2839f6", "7717611ab94371aa922a4f43b4eee8281806e96db49343e7d01a10d96736fa04", "e10377d38b8109ab9d8e183d5a5454a40930e06f3d347040f4798caea735e9bb", "be1a6ee20a575f37c4e088e2abd065e6442d7128957cf3c8b73669543609a768", "635764fd5b8571b5062d8c3c6c65ab13bd79400e56a318b615d7309f8f08d3c1", "c3c634e5d4ee8aa6eeb7896e14bc39c6ab8b4ceb39dc26bc09418e4bfa9b0820", "d2000f86d47cc1a1ab87f3080c90b4b61aaa317aac5c2d4cd8609286ebacee8b"], "mitre_attack_tags": []}, {"bi": "sample-launched-copy-of-self", "hashes": ["d65a440cf4aa514549c170ab23a4dd10dd1cd10ffc463e4614a9e7907d5f52db", "b7827a3c564104b8f7554cd23eed39fa64fde30d7a214deabc0452bdaedbeac2", "fff76a9025af33a54cfef80ff36c3c404a2a7651b0e87c0f8070667dd3d3e43e", "3278f4bf51aae1514f016d4330d67b5b3604119ffe27e8f826741859a756945f", "d18d5ddac89212055c40dec27fdcaca767fb4837be90b3083f010b967632c6a1", "7c819c2018cb3379e4d86fd484ed934b2e4a54ec0dde44672cddb3326d2839f6", "7717611ab94371aa922a4f43b4eee8281806e96db49343e7d01a10d96736fa04", "e10377d38b8109ab9d8e183d5a5454a40930e06f3d347040f4798caea735e9bb", "be1a6ee20a575f37c4e088e2abd065e6442d7128957cf3c8b73669543609a768", "635764fd5b8571b5062d8c3c6c65ab13bd79400e56a318b615d7309f8f08d3c1", "c3c634e5d4ee8aa6eeb7896e14bc39c6ab8b4ceb39dc26bc09418e4bfa9b0820", "d2000f86d47cc1a1ab87f3080c90b4b61aaa317aac5c2d4cd8609286ebacee8b"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "windows-util-schtask", "hashes": ["d65a440cf4aa514549c170ab23a4dd10dd1cd10ffc463e4614a9e7907d5f52db", "b7827a3c564104b8f7554cd23eed39fa64fde30d7a214deabc0452bdaedbeac2", "fff76a9025af33a54cfef80ff36c3c404a2a7651b0e87c0f8070667dd3d3e43e", "3278f4bf51aae1514f016d4330d67b5b3604119ffe27e8f826741859a756945f", "d18d5ddac89212055c40dec27fdcaca767fb4837be90b3083f010b967632c6a1", "7c819c2018cb3379e4d86fd484ed934b2e4a54ec0dde44672cddb3326d2839f6", "7717611ab94371aa922a4f43b4eee8281806e96db49343e7d01a10d96736fa04", "e10377d38b8109ab9d8e183d5a5454a40930e06f3d347040f4798caea735e9bb", "be1a6ee20a575f37c4e088e2abd065e6442d7128957cf3c8b73669543609a768", "635764fd5b8571b5062d8c3c6c65ab13bd79400e56a318b615d7309f8f08d3c1", "c3c634e5d4ee8aa6eeb7896e14bc39c6ab8b4ceb39dc26bc09418e4bfa9b0820", "d2000f86d47cc1a1ab87f3080c90b4b61aaa317aac5c2d4cd8609286ebacee8b"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1053"]}, {"bi": "windows-util-schtask-generic", "hashes": ["d65a440cf4aa514549c170ab23a4dd10dd1cd10ffc463e4614a9e7907d5f52db", "b7827a3c564104b8f7554cd23eed39fa64fde30d7a214deabc0452bdaedbeac2", "fff76a9025af33a54cfef80ff36c3c404a2a7651b0e87c0f8070667dd3d3e43e", "3278f4bf51aae1514f016d4330d67b5b3604119ffe27e8f826741859a756945f", "d18d5ddac89212055c40dec27fdcaca767fb4837be90b3083f010b967632c6a1", "7c819c2018cb3379e4d86fd484ed934b2e4a54ec0dde44672cddb3326d2839f6", "7717611ab94371aa922a4f43b4eee8281806e96db49343e7d01a10d96736fa04", "e10377d38b8109ab9d8e183d5a5454a40930e06f3d347040f4798caea735e9bb", "be1a6ee20a575f37c4e088e2abd065e6442d7128957cf3c8b73669543609a768", "635764fd5b8571b5062d8c3c6c65ab13bd79400e56a318b615d7309f8f08d3c1", "c3c634e5d4ee8aa6eeb7896e14bc39c6ab8b4ceb39dc26bc09418e4bfa9b0820", "d2000f86d47cc1a1ab87f3080c90b4b61aaa317aac5c2d4cd8609286ebacee8b"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1053"]}, {"bi": "files-deleted-used-batch", "hashes": ["d65a440cf4aa514549c170ab23a4dd10dd1cd10ffc463e4614a9e7907d5f52db", "b7827a3c564104b8f7554cd23eed39fa64fde30d7a214deabc0452bdaedbeac2", "fff76a9025af33a54cfef80ff36c3c404a2a7651b0e87c0f8070667dd3d3e43e", "3278f4bf51aae1514f016d4330d67b5b3604119ffe27e8f826741859a756945f", "d18d5ddac89212055c40dec27fdcaca767fb4837be90b3083f010b967632c6a1", "7c819c2018cb3379e4d86fd484ed934b2e4a54ec0dde44672cddb3326d2839f6", "7717611ab94371aa922a4f43b4eee8281806e96db49343e7d01a10d96736fa04", "e10377d38b8109ab9d8e183d5a5454a40930e06f3d347040f4798caea735e9bb", "be1a6ee20a575f37c4e088e2abd065e6442d7128957cf3c8b73669543609a768", "635764fd5b8571b5062d8c3c6c65ab13bd79400e56a318b615d7309f8f08d3c1", "c3c634e5d4ee8aa6eeb7896e14bc39c6ab8b4ceb39dc26bc09418e4bfa9b0820", "d2000f86d47cc1a1ab87f3080c90b4b61aaa317aac5c2d4cd8609286ebacee8b"], "mitre_attack_tags": ["TA0005", "T1070"]}, {"bi": "cmd-exe-file-execution", "hashes": ["d65a440cf4aa514549c170ab23a4dd10dd1cd10ffc463e4614a9e7907d5f52db", "b7827a3c564104b8f7554cd23eed39fa64fde30d7a214deabc0452bdaedbeac2", "fff76a9025af33a54cfef80ff36c3c404a2a7651b0e87c0f8070667dd3d3e43e", "3278f4bf51aae1514f016d4330d67b5b3604119ffe27e8f826741859a756945f", "d18d5ddac89212055c40dec27fdcaca767fb4837be90b3083f010b967632c6a1", "7c819c2018cb3379e4d86fd484ed934b2e4a54ec0dde44672cddb3326d2839f6", "7717611ab94371aa922a4f43b4eee8281806e96db49343e7d01a10d96736fa04", "e10377d38b8109ab9d8e183d5a5454a40930e06f3d347040f4798caea735e9bb", "be1a6ee20a575f37c4e088e2abd065e6442d7128957cf3c8b73669543609a768", "635764fd5b8571b5062d8c3c6c65ab13bd79400e56a318b615d7309f8f08d3c1", "c3c634e5d4ee8aa6eeb7896e14bc39c6ab8b4ceb39dc26bc09418e4bfa9b0820", "d2000f86d47cc1a1ab87f3080c90b4b61aaa317aac5c2d4cd8609286ebacee8b"], "mitre_attack_tags": ["TA0002", "T1059"]}, {"bi": "windows-util-schtask-create-onlogon", "hashes": ["d65a440cf4aa514549c170ab23a4dd10dd1cd10ffc463e4614a9e7907d5f52db", "b7827a3c564104b8f7554cd23eed39fa64fde30d7a214deabc0452bdaedbeac2", "fff76a9025af33a54cfef80ff36c3c404a2a7651b0e87c0f8070667dd3d3e43e", "3278f4bf51aae1514f016d4330d67b5b3604119ffe27e8f826741859a756945f", "d18d5ddac89212055c40dec27fdcaca767fb4837be90b3083f010b967632c6a1", "7c819c2018cb3379e4d86fd484ed934b2e4a54ec0dde44672cddb3326d2839f6", "7717611ab94371aa922a4f43b4eee8281806e96db49343e7d01a10d96736fa04", "e10377d38b8109ab9d8e183d5a5454a40930e06f3d347040f4798caea735e9bb", "be1a6ee20a575f37c4e088e2abd065e6442d7128957cf3c8b73669543609a768", "635764fd5b8571b5062d8c3c6c65ab13bd79400e56a318b615d7309f8f08d3c1", "c3c634e5d4ee8aa6eeb7896e14bc39c6ab8b4ceb39dc26bc09418e4bfa9b0820", "d2000f86d47cc1a1ab87f3080c90b4b61aaa317aac5c2d4cd8609286ebacee8b"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1053"]}, {"bi": "task-pointed-to-appdata-directory", "hashes": ["d65a440cf4aa514549c170ab23a4dd10dd1cd10ffc463e4614a9e7907d5f52db", "b7827a3c564104b8f7554cd23eed39fa64fde30d7a214deabc0452bdaedbeac2", "fff76a9025af33a54cfef80ff36c3c404a2a7651b0e87c0f8070667dd3d3e43e", "3278f4bf51aae1514f016d4330d67b5b3604119ffe27e8f826741859a756945f", "d18d5ddac89212055c40dec27fdcaca767fb4837be90b3083f010b967632c6a1", "7c819c2018cb3379e4d86fd484ed934b2e4a54ec0dde44672cddb3326d2839f6", "7717611ab94371aa922a4f43b4eee8281806e96db49343e7d01a10d96736fa04", "e10377d38b8109ab9d8e183d5a5454a40930e06f3d347040f4798caea735e9bb", "be1a6ee20a575f37c4e088e2abd065e6442d7128957cf3c8b73669543609a768", "635764fd5b8571b5062d8c3c6c65ab13bd79400e56a318b615d7309f8f08d3c1", "c3c634e5d4ee8aa6eeb7896e14bc39c6ab8b4ceb39dc26bc09418e4bfa9b0820", "d2000f86d47cc1a1ab87f3080c90b4b61aaa317aac5c2d4cd8609286ebacee8b"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1053"]}, {"bi": "cmd-self-exiting", "hashes": ["d65a440cf4aa514549c170ab23a4dd10dd1cd10ffc463e4614a9e7907d5f52db", "b7827a3c564104b8f7554cd23eed39fa64fde30d7a214deabc0452bdaedbeac2", "fff76a9025af33a54cfef80ff36c3c404a2a7651b0e87c0f8070667dd3d3e43e", "3278f4bf51aae1514f016d4330d67b5b3604119ffe27e8f826741859a756945f", "d18d5ddac89212055c40dec27fdcaca767fb4837be90b3083f010b967632c6a1", "7c819c2018cb3379e4d86fd484ed934b2e4a54ec0dde44672cddb3326d2839f6", "7717611ab94371aa922a4f43b4eee8281806e96db49343e7d01a10d96736fa04", "e10377d38b8109ab9d8e183d5a5454a40930e06f3d347040f4798caea735e9bb", "be1a6ee20a575f37c4e088e2abd065e6442d7128957cf3c8b73669543609a768", "635764fd5b8571b5062d8c3c6c65ab13bd79400e56a318b615d7309f8f08d3c1", "c3c634e5d4ee8aa6eeb7896e14bc39c6ab8b4ceb39dc26bc09418e4bfa9b0820", "d2000f86d47cc1a1ab87f3080c90b4b61aaa317aac5c2d4cd8609286ebacee8b"], "mitre_attack_tags": ["TA0002", "T1059"]}, {"bi": "artifact-windows-task", "hashes": ["d65a440cf4aa514549c170ab23a4dd10dd1cd10ffc463e4614a9e7907d5f52db", "fff76a9025af33a54cfef80ff36c3c404a2a7651b0e87c0f8070667dd3d3e43e", "3278f4bf51aae1514f016d4330d67b5b3604119ffe27e8f826741859a756945f", "d18d5ddac89212055c40dec27fdcaca767fb4837be90b3083f010b967632c6a1", "7c819c2018cb3379e4d86fd484ed934b2e4a54ec0dde44672cddb3326d2839f6", "7717611ab94371aa922a4f43b4eee8281806e96db49343e7d01a10d96736fa04", "e10377d38b8109ab9d8e183d5a5454a40930e06f3d347040f4798caea735e9bb", "be1a6ee20a575f37c4e088e2abd065e6442d7128957cf3c8b73669543609a768", "635764fd5b8571b5062d8c3c6c65ab13bd79400e56a318b615d7309f8f08d3c1", "c3c634e5d4ee8aa6eeb7896e14bc39c6ab8b4ceb39dc26bc09418e4bfa9b0820", "d2000f86d47cc1a1ab87f3080c90b4b61aaa317aac5c2d4cd8609286ebacee8b"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1053"]}, {"bi": "unsigned-roaming-execution", "hashes": ["d65a440cf4aa514549c170ab23a4dd10dd1cd10ffc463e4614a9e7907d5f52db", "b7827a3c564104b8f7554cd23eed39fa64fde30d7a214deabc0452bdaedbeac2", "fff76a9025af33a54cfef80ff36c3c404a2a7651b0e87c0f8070667dd3d3e43e", "3278f4bf51aae1514f016d4330d67b5b3604119ffe27e8f826741859a756945f", "7c819c2018cb3379e4d86fd484ed934b2e4a54ec0dde44672cddb3326d2839f6", "7717611ab94371aa922a4f43b4eee8281806e96db49343e7d01a10d96736fa04", "e10377d38b8109ab9d8e183d5a5454a40930e06f3d347040f4798caea735e9bb", "be1a6ee20a575f37c4e088e2abd065e6442d7128957cf3c8b73669543609a768", "c3c634e5d4ee8aa6eeb7896e14bc39c6ab8b4ceb39dc26bc09418e4bfa9b0820", "d2000f86d47cc1a1ab87f3080c90b4b61aaa317aac5c2d4cd8609286ebacee8b"], "mitre_attack_tags": ["TA0005"]}, {"bi": "cta-static-analyzer-malicious", "hashes": ["d65a440cf4aa514549c170ab23a4dd10dd1cd10ffc463e4614a9e7907d5f52db", "b7827a3c564104b8f7554cd23eed39fa64fde30d7a214deabc0452bdaedbeac2", "d18d5ddac89212055c40dec27fdcaca767fb4837be90b3083f010b967632c6a1", "7717611ab94371aa922a4f43b4eee8281806e96db49343e7d01a10d96736fa04", "e10377d38b8109ab9d8e183d5a5454a40930e06f3d347040f4798caea735e9bb", "2999619e991cfe7e3bb4328a77af501f6e579cd1669f34a5205c29ffb2cbb4bd", "be1a6ee20a575f37c4e088e2abd065e6442d7128957cf3c8b73669543609a768", "c3c634e5d4ee8aa6eeb7896e14bc39c6ab8b4ceb39dc26bc09418e4bfa9b0820", "d2000f86d47cc1a1ab87f3080c90b4b61aaa317aac5c2d4cd8609286ebacee8b"], "mitre_attack_tags": []}, {"bi": "process-long-cmdline", "hashes": ["d65a440cf4aa514549c170ab23a4dd10dd1cd10ffc463e4614a9e7907d5f52db", "b7827a3c564104b8f7554cd23eed39fa64fde30d7a214deabc0452bdaedbeac2", "fff76a9025af33a54cfef80ff36c3c404a2a7651b0e87c0f8070667dd3d3e43e", "3278f4bf51aae1514f016d4330d67b5b3604119ffe27e8f826741859a756945f", "7717611ab94371aa922a4f43b4eee8281806e96db49343e7d01a10d96736fa04", "d2000f86d47cc1a1ab87f3080c90b4b61aaa317aac5c2d4cd8609286ebacee8b"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "feed-domain-antivirus-service", "hashes": ["b7827a3c564104b8f7554cd23eed39fa64fde30d7a214deabc0452bdaedbeac2", "3278f4bf51aae1514f016d4330d67b5b3604119ffe27e8f826741859a756945f", "7717611ab94371aa922a4f43b4eee8281806e96db49343e7d01a10d96736fa04", "c3c634e5d4ee8aa6eeb7896e14bc39c6ab8b4ceb39dc26bc09418e4bfa9b0820", "d2000f86d47cc1a1ab87f3080c90b4b61aaa317aac5c2d4cd8609286ebacee8b"], "mitre_attack_tags": []}, {"bi": "network-fast-flux-domain", "hashes": ["b7827a3c564104b8f7554cd23eed39fa64fde30d7a214deabc0452bdaedbeac2", "3278f4bf51aae1514f016d4330d67b5b3604119ffe27e8f826741859a756945f", "d18d5ddac89212055c40dec27fdcaca767fb4837be90b3083f010b967632c6a1", "7c819c2018cb3379e4d86fd484ed934b2e4a54ec0dde44672cddb3326d2839f6"], "mitre_attack_tags": []}, {"bi": "network-snort-protocol", "hashes": ["b7827a3c564104b8f7554cd23eed39fa64fde30d7a214deabc0452bdaedbeac2", "3278f4bf51aae1514f016d4330d67b5b3604119ffe27e8f826741859a756945f", "d18d5ddac89212055c40dec27fdcaca767fb4837be90b3083f010b967632c6a1", "7c819c2018cb3379e4d86fd484ed934b2e4a54ec0dde44672cddb3326d2839f6"], "mitre_attack_tags": []}, {"bi": "network-only-safe-domains-contacted", "hashes": ["b7827a3c564104b8f7554cd23eed39fa64fde30d7a214deabc0452bdaedbeac2", "d18d5ddac89212055c40dec27fdcaca767fb4837be90b3083f010b967632c6a1", "7c819c2018cb3379e4d86fd484ed934b2e4a54ec0dde44672cddb3326d2839f6"], "mitre_attack_tags": []}, {"bi": "network-dns-category-dynamic", "hashes": ["3278f4bf51aae1514f016d4330d67b5b3604119ffe27e8f826741859a756945f", "7717611ab94371aa922a4f43b4eee8281806e96db49343e7d01a10d96736fa04", "d2000f86d47cc1a1ab87f3080c90b4b61aaa317aac5c2d4cd8609286ebacee8b"], "mitre_attack_tags": []}, {"bi": "dns-query-nxdomain", "hashes": ["7717611ab94371aa922a4f43b4eee8281806e96db49343e7d01a10d96736fa04", "c3c634e5d4ee8aa6eeb7896e14bc39c6ab8b4ceb39dc26bc09418e4bfa9b0820", "d2000f86d47cc1a1ab87f3080c90b4b61aaa317aac5c2d4cd8609286ebacee8b"], "mitre_attack_tags": []}, {"bi": "backdoor-behavior-detected", "hashes": ["d65a440cf4aa514549c170ab23a4dd10dd1cd10ffc463e4614a9e7907d5f52db", "b7827a3c564104b8f7554cd23eed39fa64fde30d7a214deabc0452bdaedbeac2"], "mitre_attack_tags": ["TA0011", "T1219"]}, {"bi": "excessive-tcp-connections", "hashes": ["e10377d38b8109ab9d8e183d5a5454a40930e06f3d347040f4798caea735e9bb", "635764fd5b8571b5062d8c3c6c65ab13bd79400e56a318b615d7309f8f08d3c1"], "mitre_attack_tags": ["TA0011", "T1095", "T1008"]}, {"bi": "network-private-ip-address", "hashes": ["d65a440cf4aa514549c170ab23a4dd10dd1cd10ffc463e4614a9e7907d5f52db"], "mitre_attack_tags": ["TA0007", "T1016"]}, {"bi": "dns-dynamic-domain", "hashes": ["b7827a3c564104b8f7554cd23eed39fa64fde30d7a214deabc0452bdaedbeac2"], "mitre_attack_tags": ["TA0011"]}, {"bi": "network-fast-flux-nameserver", "hashes": ["c3c634e5d4ee8aa6eeb7896e14bc39c6ab8b4ceb39dc26bc09418e4bfa9b0820"], "mitre_attack_tags": []}, {"bi": "netbios-query", "hashes": ["d2000f86d47cc1a1ab87f3080c90b4b61aaa317aac5c2d4cd8609286ebacee8b"], "mitre_attack_tags": []}], "category": "Packed", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": true, "Threat Grid": true, "Umbrella": false, "WSA": false}, "description": "Razy is oftentimes a generic detection name for a Windows trojan. It collects sensitive information from the infected host and encrypts the data, and sends it to a command and control (C2) server. The samples modify auto-execute functionality by setting and creating a value in the registry for persistence.", "hashes": ["2999619e991cfe7e3bb4328a77af501f6e579cd1669f34a5205c29ffb2cbb4bd", "3278f4bf51aae1514f016d4330d67b5b3604119ffe27e8f826741859a756945f", "43a2e6ac77d7abe026cf67a34f5d4554a91dd468ce2c49704c62e863e17743eb", "635764fd5b8571b5062d8c3c6c65ab13bd79400e56a318b615d7309f8f08d3c1", "7717611ab94371aa922a4f43b4eee8281806e96db49343e7d01a10d96736fa04", "7c819c2018cb3379e4d86fd484ed934b2e4a54ec0dde44672cddb3326d2839f6", "96a353ce7629e660fd9a2f338d93780bbd97d41ad97f6138656e5cbc04d0a8cb", "b7827a3c564104b8f7554cd23eed39fa64fde30d7a214deabc0452bdaedbeac2", "be1a6ee20a575f37c4e088e2abd065e6442d7128957cf3c8b73669543609a768", "c3c634e5d4ee8aa6eeb7896e14bc39c6ab8b4ceb39dc26bc09418e4bfa9b0820", "d18d5ddac89212055c40dec27fdcaca767fb4837be90b3083f010b967632c6a1", "d2000f86d47cc1a1ab87f3080c90b4b61aaa317aac5c2d4cd8609286ebacee8b", "d65a440cf4aa514549c170ab23a4dd10dd1cd10ffc463e4614a9e7907d5f52db", "e10377d38b8109ab9d8e183d5a5454a40930e06f3d347040f4798caea735e9bb", "fff76a9025af33a54cfef80ff36c3c404a2a7651b0e87c0f8070667dd3d3e43e"], "iocs": {"domain": [{"hashes": ["7c819c2018cb3379e4d86fd484ed934b2e4a54ec0dde44672cddb3326d2839f6", "d18d5ddac89212055c40dec27fdcaca767fb4837be90b3083f010b967632c6a1"], "host": "pastebin[.]com"}, {"hashes": ["b7827a3c564104b8f7554cd23eed39fa64fde30d7a214deabc0452bdaedbeac2"], "host": "0[.]tcp[.]eu[.]ngrok[.]io"}, {"hashes": ["d65a440cf4aa514549c170ab23a4dd10dd1cd10ffc463e4614a9e7907d5f52db"], "host": "shaguma[.]shaguma"}, {"hashes": ["7717611ab94371aa922a4f43b4eee8281806e96db49343e7d01a10d96736fa04"], "host": "pashalol[.]ddns[.]net"}, {"hashes": ["3278f4bf51aae1514f016d4330d67b5b3604119ffe27e8f826741859a756945f"], "host": "windowhost[.]duckdns[.]org"}, {"hashes": ["d2000f86d47cc1a1ab87f3080c90b4b61aaa317aac5c2d4cd8609286ebacee8b"], "host": "drei[.]ddns[.]net"}, {"hashes": ["c3c634e5d4ee8aa6eeb7896e14bc39c6ab8b4ceb39dc26bc09418e4bfa9b0820"], "host": "lufeteme08-28070[.]portmap[.]host"}], "file": [{"hashes": ["3278f4bf51aae1514f016d4330d67b5b3604119ffe27e8f826741859a756945f", "635764fd5b8571b5062d8c3c6c65ab13bd79400e56a318b615d7309f8f08d3c1", "7717611ab94371aa922a4f43b4eee8281806e96db49343e7d01a10d96736fa04", "7c819c2018cb3379e4d86fd484ed934b2e4a54ec0dde44672cddb3326d2839f6", "b7827a3c564104b8f7554cd23eed39fa64fde30d7a214deabc0452bdaedbeac2", "be1a6ee20a575f37c4e088e2abd065e6442d7128957cf3c8b73669543609a768", "c3c634e5d4ee8aa6eeb7896e14bc39c6ab8b4ceb39dc26bc09418e4bfa9b0820", "d18d5ddac89212055c40dec27fdcaca767fb4837be90b3083f010b967632c6a1", "d2000f86d47cc1a1ab87f3080c90b4b61aaa317aac5c2d4cd8609286ebacee8b", "d65a440cf4aa514549c170ab23a4dd10dd1cd10ffc463e4614a9e7907d5f52db", "e10377d38b8109ab9d8e183d5a5454a40930e06f3d347040f4798caea735e9bb", "fff76a9025af33a54cfef80ff36c3c404a2a7651b0e87c0f8070667dd3d3e43e"], "path": "%TEMP%\\tmp<random, matching [A-F0-9]{1,4}>.tmp"}, {"hashes": ["635764fd5b8571b5062d8c3c6c65ab13bd79400e56a318b615d7309f8f08d3c1", "d18d5ddac89212055c40dec27fdcaca767fb4837be90b3083f010b967632c6a1", "e10377d38b8109ab9d8e183d5a5454a40930e06f3d347040f4798caea735e9bb"], "path": "%System32%\\Tasks\\Chrome"}, {"hashes": ["635764fd5b8571b5062d8c3c6c65ab13bd79400e56a318b615d7309f8f08d3c1", "d18d5ddac89212055c40dec27fdcaca767fb4837be90b3083f010b967632c6a1"], "path": "%TEMP%\\Chrome.exe"}, {"hashes": ["3278f4bf51aae1514f016d4330d67b5b3604119ffe27e8f826741859a756945f", "fff76a9025af33a54cfef80ff36c3c404a2a7651b0e87c0f8070667dd3d3e43e"], "path": "%TEMP%\\tmp9296.tmp.bat"}, {"hashes": ["e10377d38b8109ab9d8e183d5a5454a40930e06f3d347040f4798caea735e9bb"], "path": "%APPDATA%\\chrome.exe"}, {"hashes": ["b7827a3c564104b8f7554cd23eed39fa64fde30d7a214deabc0452bdaedbeac2"], "path": "%APPDATA%\\Microsoft.exe"}, {"hashes": ["c3c634e5d4ee8aa6eeb7896e14bc39c6ab8b4ceb39dc26bc09418e4bfa9b0820"], "path": "%APPDATA%\\discord.exe"}, {"hashes": ["d65a440cf4aa514549c170ab23a4dd10dd1cd10ffc463e4614a9e7907d5f52db"], "path": "%TEMP%\\tmp2054.tmp.bat"}, {"hashes": ["d65a440cf4aa514549c170ab23a4dd10dd1cd10ffc463e4614a9e7907d5f52db"], "path": "%APPDATA%\\windows updater.exe"}, {"hashes": ["d65a440cf4aa514549c170ab23a4dd10dd1cd10ffc463e4614a9e7907d5f52db"], "path": "%System32%\\Tasks\\windows updater"}, {"hashes": ["b7827a3c564104b8f7554cd23eed39fa64fde30d7a214deabc0452bdaedbeac2"], "path": "%TEMP%\\tmpE91A.tmp.bat"}, {"hashes": ["7717611ab94371aa922a4f43b4eee8281806e96db49343e7d01a10d96736fa04"], "path": "%TEMP%\\tmpE708.tmp.bat"}, {"hashes": ["7717611ab94371aa922a4f43b4eee8281806e96db49343e7d01a10d96736fa04"], "path": "%APPDATA%\\Isabellamenu.exe"}, {"hashes": ["7717611ab94371aa922a4f43b4eee8281806e96db49343e7d01a10d96736fa04"], "path": "%System32%\\Tasks\\Isabellamenu"}, {"hashes": ["fff76a9025af33a54cfef80ff36c3c404a2a7651b0e87c0f8070667dd3d3e43e"], "path": "%TEMP%\\tmpD9A0.tmp.bat"}, {"hashes": ["fff76a9025af33a54cfef80ff36c3c404a2a7651b0e87c0f8070667dd3d3e43e"], "path": "%APPDATA%\\spamSTRNG.exe"}, {"hashes": ["fff76a9025af33a54cfef80ff36c3c404a2a7651b0e87c0f8070667dd3d3e43e"], "path": "%System32%\\Tasks\\spamSTRNG"}, {"hashes": ["be1a6ee20a575f37c4e088e2abd065e6442d7128957cf3c8b73669543609a768"], "path": "%TEMP%\\tmpDAB8.tmp.bat"}, {"hashes": ["be1a6ee20a575f37c4e088e2abd065e6442d7128957cf3c8b73669543609a768"], "path": "%APPDATA%\\granr.exe"}, {"hashes": ["be1a6ee20a575f37c4e088e2abd065e6442d7128957cf3c8b73669543609a768"], "path": "%System32%\\Tasks\\granr"}, {"hashes": ["635764fd5b8571b5062d8c3c6c65ab13bd79400e56a318b615d7309f8f08d3c1"], "path": "%TEMP%\\tmpE10F.tmp.bat"}, {"hashes": ["3278f4bf51aae1514f016d4330d67b5b3604119ffe27e8f826741859a756945f"], "path": "%TEMP%\\tmpD25F.tmp.bat"}, {"hashes": ["3278f4bf51aae1514f016d4330d67b5b3604119ffe27e8f826741859a756945f"], "path": "%APPDATA%\\windowhost.exe"}, {"hashes": ["3278f4bf51aae1514f016d4330d67b5b3604119ffe27e8f826741859a756945f"], "path": "%System32%\\Tasks\\windowhost"}, {"hashes": ["e10377d38b8109ab9d8e183d5a5454a40930e06f3d347040f4798caea735e9bb"], "path": "%TEMP%\\tmpEC55.tmp.bat"}, {"hashes": ["d18d5ddac89212055c40dec27fdcaca767fb4837be90b3083f010b967632c6a1"], "path": "%TEMP%\\tmpF386.tmp.bat"}, {"hashes": ["d2000f86d47cc1a1ab87f3080c90b4b61aaa317aac5c2d4cd8609286ebacee8b"], "path": "%TEMP%\\tmpDEBE.tmp.bat"}, {"hashes": ["d2000f86d47cc1a1ab87f3080c90b4b61aaa317aac5c2d4cd8609286ebacee8b"], "path": "%APPDATA%\\Windows stuff.exe"}, {"hashes": ["d2000f86d47cc1a1ab87f3080c90b4b61aaa317aac5c2d4cd8609286ebacee8b"], "path": "%System32%\\Tasks\\Windows stuff"}, {"hashes": ["7c819c2018cb3379e4d86fd484ed934b2e4a54ec0dde44672cddb3326d2839f6"], "path": "%TEMP%\\tmp26F4.tmp.bat"}, {"hashes": ["7c819c2018cb3379e4d86fd484ed934b2e4a54ec0dde44672cddb3326d2839f6"], "path": "%APPDATA%\\msn.exe"}, {"hashes": ["7c819c2018cb3379e4d86fd484ed934b2e4a54ec0dde44672cddb3326d2839f6"], "path": "%System32%\\Tasks\\msn"}, {"hashes": ["c3c634e5d4ee8aa6eeb7896e14bc39c6ab8b4ceb39dc26bc09418e4bfa9b0820"], "path": "%TEMP%\\tmpE247.tmp.bat"}, {"hashes": ["c3c634e5d4ee8aa6eeb7896e14bc39c6ab8b4ceb39dc26bc09418e4bfa9b0820"], "path": "%System32%\\Tasks\\discord"}, {"hashes": ["635764fd5b8571b5062d8c3c6c65ab13bd79400e56a318b615d7309f8f08d3c1"], "path": "%TEMP%\\tmp3BD8.tmp.bat"}, {"hashes": ["7c819c2018cb3379e4d86fd484ed934b2e4a54ec0dde44672cddb3326d2839f6"], "path": "%TEMP%\\tmpE0E5.tmp.bat"}, {"hashes": ["be1a6ee20a575f37c4e088e2abd065e6442d7128957cf3c8b73669543609a768"], "path": "%TEMP%\\tmpA0DE.tmp.bat"}, {"hashes": ["d18d5ddac89212055c40dec27fdcaca767fb4837be90b3083f010b967632c6a1"], "path": "%TEMP%\\tmp9BBE.tmp.bat"}, {"hashes": ["c3c634e5d4ee8aa6eeb7896e14bc39c6ab8b4ceb39dc26bc09418e4bfa9b0820"], "path": "%TEMP%\\tmp8392.tmp.bat"}, {"hashes": ["d2000f86d47cc1a1ab87f3080c90b4b61aaa317aac5c2d4cd8609286ebacee8b"], "path": "%TEMP%\\tmp7D78.tmp.bat"}, {"hashes": ["e10377d38b8109ab9d8e183d5a5454a40930e06f3d347040f4798caea735e9bb"], "path": "%TEMP%\\tmp81DD.tmp.bat"}], "ip": [{"hashes": ["635764fd5b8571b5062d8c3c6c65ab13bd79400e56a318b615d7309f8f08d3c1", "e10377d38b8109ab9d8e183d5a5454a40930e06f3d347040f4798caea735e9bb"], "ip": "193[.]161[.]193[.]99"}, {"hashes": ["3278f4bf51aae1514f016d4330d67b5b3604119ffe27e8f826741859a756945f"], "ip": "192[.]169[.]69[.]25"}, {"hashes": ["d2000f86d47cc1a1ab87f3080c90b4b61aaa317aac5c2d4cd8609286ebacee8b"], "ip": "204[.]79[.]197[.]200"}, {"hashes": ["7c819c2018cb3379e4d86fd484ed934b2e4a54ec0dde44672cddb3326d2839f6"], "ip": "104[.]23[.]99[.]190"}, {"hashes": ["d18d5ddac89212055c40dec27fdcaca767fb4837be90b3083f010b967632c6a1"], "ip": "104[.]23[.]98[.]190"}, {"hashes": ["b7827a3c564104b8f7554cd23eed39fa64fde30d7a214deabc0452bdaedbeac2"], "ip": "3[.]125[.]223[.]134"}, {"hashes": ["b7827a3c564104b8f7554cd23eed39fa64fde30d7a214deabc0452bdaedbeac2"], "ip": "3[.]124[.]142[.]205"}, {"hashes": ["b7827a3c564104b8f7554cd23eed39fa64fde30d7a214deabc0452bdaedbeac2"], "ip": "3[.]125[.]102[.]39"}, {"hashes": ["be1a6ee20a575f37c4e088e2abd065e6442d7128957cf3c8b73669543609a768"], "ip": "89[.]151[.]179[.]219"}, {"hashes": ["d18d5ddac89212055c40dec27fdcaca767fb4837be90b3083f010b967632c6a1"], "ip": "172[.]86[.]75[.]184"}, {"hashes": ["7c819c2018cb3379e4d86fd484ed934b2e4a54ec0dde44672cddb3326d2839f6"], "ip": "190[.]96[.]9[.]250"}], "mutex": [{"hashes": ["43a2e6ac77d7abe026cf67a34f5d4554a91dd468ce2c49704c62e863e17743eb", "96a353ce7629e660fd9a2f338d93780bbd97d41ad97f6138656e5cbc04d0a8cb"], "name": "pqjesxbetoipuevrzns"}, {"hashes": ["d65a440cf4aa514549c170ab23a4dd10dd1cd10ffc463e4614a9e7907d5f52db"], "name": "jkkwscxyxgicsrajtct"}, {"hashes": ["b7827a3c564104b8f7554cd23eed39fa64fde30d7a214deabc0452bdaedbeac2"], "name": "gysgkglikgrljg"}, {"hashes": ["7717611ab94371aa922a4f43b4eee8281806e96db49343e7d01a10d96736fa04"], "name": "vfgergret34543gretgregegregre"}, {"hashes": ["fff76a9025af33a54cfef80ff36c3c404a2a7651b0e87c0f8070667dd3d3e43e"], "name": "lmiaweiaeqbdx"}, {"hashes": ["be1a6ee20a575f37c4e088e2abd065e6442d7128957cf3c8b73669543609a768"], "name": "ykqyyitwabfdyas"}, {"hashes": ["635764fd5b8571b5062d8c3c6c65ab13bd79400e56a318b615d7309f8f08d3c1"], "name": "wughsbrcbs"}, {"hashes": ["3278f4bf51aae1514f016d4330d67b5b3604119ffe27e8f826741859a756945f"], "name": "rmyzowadprmodo"}, {"hashes": ["e10377d38b8109ab9d8e183d5a5454a40930e06f3d347040f4798caea735e9bb"], "name": "acakncjkxas"}, {"hashes": ["d18d5ddac89212055c40dec27fdcaca767fb4837be90b3083f010b967632c6a1"], "name": "3Tg$whNpq57"}, {"hashes": ["d2000f86d47cc1a1ab87f3080c90b4b61aaa317aac5c2d4cd8609286ebacee8b"], "name": "khjzjmiphbahelzzxhz"}, {"hashes": ["7c819c2018cb3379e4d86fd484ed934b2e4a54ec0dde44672cddb3326d2839f6"], "name": "wsm"}, {"hashes": ["2999619e991cfe7e3bb4328a77af501f6e579cd1669f34a5205c29ffb2cbb4bd"], "name": "lwqtipbgnfjzskf"}, {"hashes": ["c3c634e5d4ee8aa6eeb7896e14bc39c6ab8b4ceb39dc26bc09418e4bfa9b0820"], "name": "pxcnhmkpvrbvb"}], "registry": []}, "reports_count": 15}, "Win.Trojan.Gamarue-9809766-0": {"bis": [{"bi": "pe-encrypted-section", "hashes": ["b6c2dcc6ea4160d06b1b9c077c60c20a696633cbed86cbc82f4c24e01205ff90", "c0e4576d21f795d68d581160635c4a415a595689e930043a24e32976e530e470", "b04b37e08455b865970640e27d152e488c21c884d107db64c85078bd31112598", "b973fdc59f3e05c82eb6cec874cee7e6b8e7b0724519e05e7796174b67e2585a", "7db5ae0f1fabb2b231f63189ced5e9ac4948ecf0bac4187c0e3f07dc6c36c853", "97a7775f7ac2cab570cf489787b3df280883e552b4dd157a30de03005c56f3c8", "3bba0873c9073799c90d5d688b5e134d363fe7144d33ac1e4caf67000b8cb8d6", "8e4ac877d3d9ee05c7fe74f5dcaaaebf040d36a0d5d9d03eb17c67b191316e42", "681753ed0b405c635d6ccf2abfb76abb543467de5185546d28766d321e434f43", "f5f0213eb64823daa2f78ac5198c2ad86c2db4c35f0f8723d4ecb0815a470356", "935c702a47820490d153f561a3c00bbec4313fbb9f42a08f14ee21cda0e06afd", "b7448cfff0c84067cf6df321b07758cf860b8c430b5a236c5559cd06aead156e", "b613ef4484c38b8d6b0847236b31ce8d916125766d28d3275605fe4e2068ca4c", "011c853d55681b6c66de4a6e236e877f70bf4281f99717904681c40e22bb5c80", "d3b56764ee6cffd9ade8d108c5281b3ae2c78259646a35365b7dcaa0eb374236", "6a7cdd9cf6f68072082ab7f8edb5edb5477eb5d84b1b42f40564f361961aec87", "7b576f0975f65fde9ed902ae96649423bd158f4efc7b5624353953f8e78580a7", "22daa9c2625a897ecc2c7c44a1fdc803cd31fc657226ee59a979ff63c87435d7", "c7a40850e819f294e552934b1388265692c497ee8805153d630d8ee52dd29a5d", "5f52a4e48eadb456a2dd706e890ba32a4e68f5878e58ebf4bd5ec0cfa04d4a32", "51777f5d039d22be89a4b1b97d188ce67e7494de5ecf9e70bd6859fd6d421800", "1699c2a2b4bf5f645ff10746a2fe9d8c372180b69c35cbc5d7c04dff2e974323", "4c4e8864dbf4cfc79f261adcb345375746bdfb3de6dc0ee76ed1018e5c542d88", "99ca0c57bb4b1437407c582ee811faa657fcf4049e5cee73a9477979aee6b754", "16d0f98d949e04a355180417be7f90d5afb50c883fa00de4e6aab33153bf773d", "842d57b78a49aeb676ae3c77e6659289a2ee5f2cf92dd79ee4d806884b01b80c", "c82f7cf10f22a13cd3e09fa382200e795a956fb1aefb4ec08e6432b61209c3d4"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["b6c2dcc6ea4160d06b1b9c077c60c20a696633cbed86cbc82f4c24e01205ff90", "c0e4576d21f795d68d581160635c4a415a595689e930043a24e32976e530e470", "b04b37e08455b865970640e27d152e488c21c884d107db64c85078bd31112598", "b973fdc59f3e05c82eb6cec874cee7e6b8e7b0724519e05e7796174b67e2585a", "7db5ae0f1fabb2b231f63189ced5e9ac4948ecf0bac4187c0e3f07dc6c36c853", "97a7775f7ac2cab570cf489787b3df280883e552b4dd157a30de03005c56f3c8", "3bba0873c9073799c90d5d688b5e134d363fe7144d33ac1e4caf67000b8cb8d6", "8e4ac877d3d9ee05c7fe74f5dcaaaebf040d36a0d5d9d03eb17c67b191316e42", "681753ed0b405c635d6ccf2abfb76abb543467de5185546d28766d321e434f43", "f5f0213eb64823daa2f78ac5198c2ad86c2db4c35f0f8723d4ecb0815a470356", "935c702a47820490d153f561a3c00bbec4313fbb9f42a08f14ee21cda0e06afd", "b7448cfff0c84067cf6df321b07758cf860b8c430b5a236c5559cd06aead156e", "b613ef4484c38b8d6b0847236b31ce8d916125766d28d3275605fe4e2068ca4c", "011c853d55681b6c66de4a6e236e877f70bf4281f99717904681c40e22bb5c80", "d3b56764ee6cffd9ade8d108c5281b3ae2c78259646a35365b7dcaa0eb374236", "6a7cdd9cf6f68072082ab7f8edb5edb5477eb5d84b1b42f40564f361961aec87", "7b576f0975f65fde9ed902ae96649423bd158f4efc7b5624353953f8e78580a7", "22daa9c2625a897ecc2c7c44a1fdc803cd31fc657226ee59a979ff63c87435d7", "c7a40850e819f294e552934b1388265692c497ee8805153d630d8ee52dd29a5d", "5f52a4e48eadb456a2dd706e890ba32a4e68f5878e58ebf4bd5ec0cfa04d4a32", "51777f5d039d22be89a4b1b97d188ce67e7494de5ecf9e70bd6859fd6d421800", "1699c2a2b4bf5f645ff10746a2fe9d8c372180b69c35cbc5d7c04dff2e974323", "4c4e8864dbf4cfc79f261adcb345375746bdfb3de6dc0ee76ed1018e5c542d88", "99ca0c57bb4b1437407c582ee811faa657fcf4049e5cee73a9477979aee6b754", "16d0f98d949e04a355180417be7f90d5afb50c883fa00de4e6aab33153bf773d", "842d57b78a49aeb676ae3c77e6659289a2ee5f2cf92dd79ee4d806884b01b80c", "c82f7cf10f22a13cd3e09fa382200e795a956fb1aefb4ec08e6432b61209c3d4"], "mitre_attack_tags": []}, {"bi": "cta-static-analyzer-malicious", "hashes": ["b6c2dcc6ea4160d06b1b9c077c60c20a696633cbed86cbc82f4c24e01205ff90", "c0e4576d21f795d68d581160635c4a415a595689e930043a24e32976e530e470", "b04b37e08455b865970640e27d152e488c21c884d107db64c85078bd31112598", "b973fdc59f3e05c82eb6cec874cee7e6b8e7b0724519e05e7796174b67e2585a", "7db5ae0f1fabb2b231f63189ced5e9ac4948ecf0bac4187c0e3f07dc6c36c853", "97a7775f7ac2cab570cf489787b3df280883e552b4dd157a30de03005c56f3c8", "3bba0873c9073799c90d5d688b5e134d363fe7144d33ac1e4caf67000b8cb8d6", "8e4ac877d3d9ee05c7fe74f5dcaaaebf040d36a0d5d9d03eb17c67b191316e42", "681753ed0b405c635d6ccf2abfb76abb543467de5185546d28766d321e434f43", "f5f0213eb64823daa2f78ac5198c2ad86c2db4c35f0f8723d4ecb0815a470356", "935c702a47820490d153f561a3c00bbec4313fbb9f42a08f14ee21cda0e06afd", "b7448cfff0c84067cf6df321b07758cf860b8c430b5a236c5559cd06aead156e", "b613ef4484c38b8d6b0847236b31ce8d916125766d28d3275605fe4e2068ca4c", "011c853d55681b6c66de4a6e236e877f70bf4281f99717904681c40e22bb5c80", "d3b56764ee6cffd9ade8d108c5281b3ae2c78259646a35365b7dcaa0eb374236", "6a7cdd9cf6f68072082ab7f8edb5edb5477eb5d84b1b42f40564f361961aec87", "7b576f0975f65fde9ed902ae96649423bd158f4efc7b5624353953f8e78580a7", "22daa9c2625a897ecc2c7c44a1fdc803cd31fc657226ee59a979ff63c87435d7", "c7a40850e819f294e552934b1388265692c497ee8805153d630d8ee52dd29a5d", "5f52a4e48eadb456a2dd706e890ba32a4e68f5878e58ebf4bd5ec0cfa04d4a32", "51777f5d039d22be89a4b1b97d188ce67e7494de5ecf9e70bd6859fd6d421800", "1699c2a2b4bf5f645ff10746a2fe9d8c372180b69c35cbc5d7c04dff2e974323", "4c4e8864dbf4cfc79f261adcb345375746bdfb3de6dc0ee76ed1018e5c542d88", "99ca0c57bb4b1437407c582ee811faa657fcf4049e5cee73a9477979aee6b754", "16d0f98d949e04a355180417be7f90d5afb50c883fa00de4e6aab33153bf773d", "842d57b78a49aeb676ae3c77e6659289a2ee5f2cf92dd79ee4d806884b01b80c", "c82f7cf10f22a13cd3e09fa382200e795a956fb1aefb4ec08e6432b61209c3d4"], "mitre_attack_tags": []}, {"bi": "pe-uses-armadillo", "hashes": ["b6c2dcc6ea4160d06b1b9c077c60c20a696633cbed86cbc82f4c24e01205ff90", "c0e4576d21f795d68d581160635c4a415a595689e930043a24e32976e530e470", "b04b37e08455b865970640e27d152e488c21c884d107db64c85078bd31112598", "b973fdc59f3e05c82eb6cec874cee7e6b8e7b0724519e05e7796174b67e2585a", "7db5ae0f1fabb2b231f63189ced5e9ac4948ecf0bac4187c0e3f07dc6c36c853", "97a7775f7ac2cab570cf489787b3df280883e552b4dd157a30de03005c56f3c8", "3bba0873c9073799c90d5d688b5e134d363fe7144d33ac1e4caf67000b8cb8d6", "8e4ac877d3d9ee05c7fe74f5dcaaaebf040d36a0d5d9d03eb17c67b191316e42", "681753ed0b405c635d6ccf2abfb76abb543467de5185546d28766d321e434f43", "f5f0213eb64823daa2f78ac5198c2ad86c2db4c35f0f8723d4ecb0815a470356", "935c702a47820490d153f561a3c00bbec4313fbb9f42a08f14ee21cda0e06afd", "b7448cfff0c84067cf6df321b07758cf860b8c430b5a236c5559cd06aead156e", "b613ef4484c38b8d6b0847236b31ce8d916125766d28d3275605fe4e2068ca4c", "011c853d55681b6c66de4a6e236e877f70bf4281f99717904681c40e22bb5c80", "d3b56764ee6cffd9ade8d108c5281b3ae2c78259646a35365b7dcaa0eb374236", "6a7cdd9cf6f68072082ab7f8edb5edb5477eb5d84b1b42f40564f361961aec87", "7b576f0975f65fde9ed902ae96649423bd158f4efc7b5624353953f8e78580a7", "22daa9c2625a897ecc2c7c44a1fdc803cd31fc657226ee59a979ff63c87435d7", "c7a40850e819f294e552934b1388265692c497ee8805153d630d8ee52dd29a5d", "5f52a4e48eadb456a2dd706e890ba32a4e68f5878e58ebf4bd5ec0cfa04d4a32", "51777f5d039d22be89a4b1b97d188ce67e7494de5ecf9e70bd6859fd6d421800", "1699c2a2b4bf5f645ff10746a2fe9d8c372180b69c35cbc5d7c04dff2e974323", "4c4e8864dbf4cfc79f261adcb345375746bdfb3de6dc0ee76ed1018e5c542d88", "99ca0c57bb4b1437407c582ee811faa657fcf4049e5cee73a9477979aee6b754", "16d0f98d949e04a355180417be7f90d5afb50c883fa00de4e6aab33153bf773d", "842d57b78a49aeb676ae3c77e6659289a2ee5f2cf92dd79ee4d806884b01b80c", "c82f7cf10f22a13cd3e09fa382200e795a956fb1aefb4ec08e6432b61209c3d4"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-section-shared", "hashes": ["b6c2dcc6ea4160d06b1b9c077c60c20a696633cbed86cbc82f4c24e01205ff90", "c0e4576d21f795d68d581160635c4a415a595689e930043a24e32976e530e470", "b04b37e08455b865970640e27d152e488c21c884d107db64c85078bd31112598", "b973fdc59f3e05c82eb6cec874cee7e6b8e7b0724519e05e7796174b67e2585a", "7db5ae0f1fabb2b231f63189ced5e9ac4948ecf0bac4187c0e3f07dc6c36c853", "97a7775f7ac2cab570cf489787b3df280883e552b4dd157a30de03005c56f3c8", "3bba0873c9073799c90d5d688b5e134d363fe7144d33ac1e4caf67000b8cb8d6", "8e4ac877d3d9ee05c7fe74f5dcaaaebf040d36a0d5d9d03eb17c67b191316e42", "681753ed0b405c635d6ccf2abfb76abb543467de5185546d28766d321e434f43", "f5f0213eb64823daa2f78ac5198c2ad86c2db4c35f0f8723d4ecb0815a470356", "935c702a47820490d153f561a3c00bbec4313fbb9f42a08f14ee21cda0e06afd", "b7448cfff0c84067cf6df321b07758cf860b8c430b5a236c5559cd06aead156e", "b613ef4484c38b8d6b0847236b31ce8d916125766d28d3275605fe4e2068ca4c", "011c853d55681b6c66de4a6e236e877f70bf4281f99717904681c40e22bb5c80", "d3b56764ee6cffd9ade8d108c5281b3ae2c78259646a35365b7dcaa0eb374236", "6a7cdd9cf6f68072082ab7f8edb5edb5477eb5d84b1b42f40564f361961aec87", "7b576f0975f65fde9ed902ae96649423bd158f4efc7b5624353953f8e78580a7", "22daa9c2625a897ecc2c7c44a1fdc803cd31fc657226ee59a979ff63c87435d7", "c7a40850e819f294e552934b1388265692c497ee8805153d630d8ee52dd29a5d", "5f52a4e48eadb456a2dd706e890ba32a4e68f5878e58ebf4bd5ec0cfa04d4a32", "51777f5d039d22be89a4b1b97d188ce67e7494de5ecf9e70bd6859fd6d421800", "1699c2a2b4bf5f645ff10746a2fe9d8c372180b69c35cbc5d7c04dff2e974323", "4c4e8864dbf4cfc79f261adcb345375746bdfb3de6dc0ee76ed1018e5c542d88", "99ca0c57bb4b1437407c582ee811faa657fcf4049e5cee73a9477979aee6b754", "16d0f98d949e04a355180417be7f90d5afb50c883fa00de4e6aab33153bf773d", "842d57b78a49aeb676ae3c77e6659289a2ee5f2cf92dd79ee4d806884b01b80c", "c82f7cf10f22a13cd3e09fa382200e795a956fb1aefb4ec08e6432b61209c3d4"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "memory-execute-readwrite", "hashes": ["b6c2dcc6ea4160d06b1b9c077c60c20a696633cbed86cbc82f4c24e01205ff90", "c0e4576d21f795d68d581160635c4a415a595689e930043a24e32976e530e470", "b04b37e08455b865970640e27d152e488c21c884d107db64c85078bd31112598", "b973fdc59f3e05c82eb6cec874cee7e6b8e7b0724519e05e7796174b67e2585a", "7db5ae0f1fabb2b231f63189ced5e9ac4948ecf0bac4187c0e3f07dc6c36c853", "97a7775f7ac2cab570cf489787b3df280883e552b4dd157a30de03005c56f3c8", "3bba0873c9073799c90d5d688b5e134d363fe7144d33ac1e4caf67000b8cb8d6", "8e4ac877d3d9ee05c7fe74f5dcaaaebf040d36a0d5d9d03eb17c67b191316e42", "681753ed0b405c635d6ccf2abfb76abb543467de5185546d28766d321e434f43", "f5f0213eb64823daa2f78ac5198c2ad86c2db4c35f0f8723d4ecb0815a470356", "935c702a47820490d153f561a3c00bbec4313fbb9f42a08f14ee21cda0e06afd", "b7448cfff0c84067cf6df321b07758cf860b8c430b5a236c5559cd06aead156e", "b613ef4484c38b8d6b0847236b31ce8d916125766d28d3275605fe4e2068ca4c", "011c853d55681b6c66de4a6e236e877f70bf4281f99717904681c40e22bb5c80", "d3b56764ee6cffd9ade8d108c5281b3ae2c78259646a35365b7dcaa0eb374236", "6a7cdd9cf6f68072082ab7f8edb5edb5477eb5d84b1b42f40564f361961aec87", "22daa9c2625a897ecc2c7c44a1fdc803cd31fc657226ee59a979ff63c87435d7", "c7a40850e819f294e552934b1388265692c497ee8805153d630d8ee52dd29a5d", "5f52a4e48eadb456a2dd706e890ba32a4e68f5878e58ebf4bd5ec0cfa04d4a32", "51777f5d039d22be89a4b1b97d188ce67e7494de5ecf9e70bd6859fd6d421800", "4c4e8864dbf4cfc79f261adcb345375746bdfb3de6dc0ee76ed1018e5c542d88", "99ca0c57bb4b1437407c582ee811faa657fcf4049e5cee73a9477979aee6b754", "842d57b78a49aeb676ae3c77e6659289a2ee5f2cf92dd79ee4d806884b01b80c", "c82f7cf10f22a13cd3e09fa382200e795a956fb1aefb4ec08e6432b61209c3d4"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "excessive-foreign-memory-modification", "hashes": ["b6c2dcc6ea4160d06b1b9c077c60c20a696633cbed86cbc82f4c24e01205ff90", "c0e4576d21f795d68d581160635c4a415a595689e930043a24e32976e530e470", "b04b37e08455b865970640e27d152e488c21c884d107db64c85078bd31112598", "b973fdc59f3e05c82eb6cec874cee7e6b8e7b0724519e05e7796174b67e2585a", "7db5ae0f1fabb2b231f63189ced5e9ac4948ecf0bac4187c0e3f07dc6c36c853", "97a7775f7ac2cab570cf489787b3df280883e552b4dd157a30de03005c56f3c8", "3bba0873c9073799c90d5d688b5e134d363fe7144d33ac1e4caf67000b8cb8d6", "8e4ac877d3d9ee05c7fe74f5dcaaaebf040d36a0d5d9d03eb17c67b191316e42", "681753ed0b405c635d6ccf2abfb76abb543467de5185546d28766d321e434f43", "f5f0213eb64823daa2f78ac5198c2ad86c2db4c35f0f8723d4ecb0815a470356", "935c702a47820490d153f561a3c00bbec4313fbb9f42a08f14ee21cda0e06afd", "b7448cfff0c84067cf6df321b07758cf860b8c430b5a236c5559cd06aead156e", "b613ef4484c38b8d6b0847236b31ce8d916125766d28d3275605fe4e2068ca4c", "011c853d55681b6c66de4a6e236e877f70bf4281f99717904681c40e22bb5c80", "d3b56764ee6cffd9ade8d108c5281b3ae2c78259646a35365b7dcaa0eb374236", "6a7cdd9cf6f68072082ab7f8edb5edb5477eb5d84b1b42f40564f361961aec87", "22daa9c2625a897ecc2c7c44a1fdc803cd31fc657226ee59a979ff63c87435d7", "c7a40850e819f294e552934b1388265692c497ee8805153d630d8ee52dd29a5d", "5f52a4e48eadb456a2dd706e890ba32a4e68f5878e58ebf4bd5ec0cfa04d4a32", "51777f5d039d22be89a4b1b97d188ce67e7494de5ecf9e70bd6859fd6d421800", "4c4e8864dbf4cfc79f261adcb345375746bdfb3de6dc0ee76ed1018e5c542d88", "99ca0c57bb4b1437407c582ee811faa657fcf4049e5cee73a9477979aee6b754", "842d57b78a49aeb676ae3c77e6659289a2ee5f2cf92dd79ee4d806884b01b80c", "c82f7cf10f22a13cd3e09fa382200e795a956fb1aefb4ec08e6432b61209c3d4"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "malware-appwizard-packer-detected", "hashes": ["b6c2dcc6ea4160d06b1b9c077c60c20a696633cbed86cbc82f4c24e01205ff90", "c0e4576d21f795d68d581160635c4a415a595689e930043a24e32976e530e470", "b04b37e08455b865970640e27d152e488c21c884d107db64c85078bd31112598", "b973fdc59f3e05c82eb6cec874cee7e6b8e7b0724519e05e7796174b67e2585a", "7db5ae0f1fabb2b231f63189ced5e9ac4948ecf0bac4187c0e3f07dc6c36c853", "97a7775f7ac2cab570cf489787b3df280883e552b4dd157a30de03005c56f3c8", "3bba0873c9073799c90d5d688b5e134d363fe7144d33ac1e4caf67000b8cb8d6", "8e4ac877d3d9ee05c7fe74f5dcaaaebf040d36a0d5d9d03eb17c67b191316e42", "681753ed0b405c635d6ccf2abfb76abb543467de5185546d28766d321e434f43", "f5f0213eb64823daa2f78ac5198c2ad86c2db4c35f0f8723d4ecb0815a470356", "935c702a47820490d153f561a3c00bbec4313fbb9f42a08f14ee21cda0e06afd", "b7448cfff0c84067cf6df321b07758cf860b8c430b5a236c5559cd06aead156e", "b613ef4484c38b8d6b0847236b31ce8d916125766d28d3275605fe4e2068ca4c", "011c853d55681b6c66de4a6e236e877f70bf4281f99717904681c40e22bb5c80", "d3b56764ee6cffd9ade8d108c5281b3ae2c78259646a35365b7dcaa0eb374236", "6a7cdd9cf6f68072082ab7f8edb5edb5477eb5d84b1b42f40564f361961aec87", "22daa9c2625a897ecc2c7c44a1fdc803cd31fc657226ee59a979ff63c87435d7", "c7a40850e819f294e552934b1388265692c497ee8805153d630d8ee52dd29a5d", "5f52a4e48eadb456a2dd706e890ba32a4e68f5878e58ebf4bd5ec0cfa04d4a32", "51777f5d039d22be89a4b1b97d188ce67e7494de5ecf9e70bd6859fd6d421800", "4c4e8864dbf4cfc79f261adcb345375746bdfb3de6dc0ee76ed1018e5c542d88", "99ca0c57bb4b1437407c582ee811faa657fcf4049e5cee73a9477979aee6b754", "842d57b78a49aeb676ae3c77e6659289a2ee5f2cf92dd79ee4d806884b01b80c", "c82f7cf10f22a13cd3e09fa382200e795a956fb1aefb4ec08e6432b61209c3d4"], "mitre_attack_tags": []}, {"bi": "process-hollowing-detected", "hashes": ["b6c2dcc6ea4160d06b1b9c077c60c20a696633cbed86cbc82f4c24e01205ff90", "c0e4576d21f795d68d581160635c4a415a595689e930043a24e32976e530e470", "b04b37e08455b865970640e27d152e488c21c884d107db64c85078bd31112598", "b973fdc59f3e05c82eb6cec874cee7e6b8e7b0724519e05e7796174b67e2585a", "7db5ae0f1fabb2b231f63189ced5e9ac4948ecf0bac4187c0e3f07dc6c36c853", "97a7775f7ac2cab570cf489787b3df280883e552b4dd157a30de03005c56f3c8", "3bba0873c9073799c90d5d688b5e134d363fe7144d33ac1e4caf67000b8cb8d6", "8e4ac877d3d9ee05c7fe74f5dcaaaebf040d36a0d5d9d03eb17c67b191316e42", "681753ed0b405c635d6ccf2abfb76abb543467de5185546d28766d321e434f43", "f5f0213eb64823daa2f78ac5198c2ad86c2db4c35f0f8723d4ecb0815a470356", "935c702a47820490d153f561a3c00bbec4313fbb9f42a08f14ee21cda0e06afd", "b7448cfff0c84067cf6df321b07758cf860b8c430b5a236c5559cd06aead156e", "b613ef4484c38b8d6b0847236b31ce8d916125766d28d3275605fe4e2068ca4c", "011c853d55681b6c66de4a6e236e877f70bf4281f99717904681c40e22bb5c80", "d3b56764ee6cffd9ade8d108c5281b3ae2c78259646a35365b7dcaa0eb374236", "6a7cdd9cf6f68072082ab7f8edb5edb5477eb5d84b1b42f40564f361961aec87", "22daa9c2625a897ecc2c7c44a1fdc803cd31fc657226ee59a979ff63c87435d7", "c7a40850e819f294e552934b1388265692c497ee8805153d630d8ee52dd29a5d", "5f52a4e48eadb456a2dd706e890ba32a4e68f5878e58ebf4bd5ec0cfa04d4a32", "51777f5d039d22be89a4b1b97d188ce67e7494de5ecf9e70bd6859fd6d421800", "4c4e8864dbf4cfc79f261adcb345375746bdfb3de6dc0ee76ed1018e5c542d88", "99ca0c57bb4b1437407c582ee811faa657fcf4049e5cee73a9477979aee6b754", "842d57b78a49aeb676ae3c77e6659289a2ee5f2cf92dd79ee4d806884b01b80c"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "sample-launched-copy-of-self", "hashes": ["c0e4576d21f795d68d581160635c4a415a595689e930043a24e32976e530e470", "b04b37e08455b865970640e27d152e488c21c884d107db64c85078bd31112598", "b973fdc59f3e05c82eb6cec874cee7e6b8e7b0724519e05e7796174b67e2585a", "7db5ae0f1fabb2b231f63189ced5e9ac4948ecf0bac4187c0e3f07dc6c36c853", "97a7775f7ac2cab570cf489787b3df280883e552b4dd157a30de03005c56f3c8", "3bba0873c9073799c90d5d688b5e134d363fe7144d33ac1e4caf67000b8cb8d6", "8e4ac877d3d9ee05c7fe74f5dcaaaebf040d36a0d5d9d03eb17c67b191316e42", "681753ed0b405c635d6ccf2abfb76abb543467de5185546d28766d321e434f43", "f5f0213eb64823daa2f78ac5198c2ad86c2db4c35f0f8723d4ecb0815a470356", "935c702a47820490d153f561a3c00bbec4313fbb9f42a08f14ee21cda0e06afd", "b7448cfff0c84067cf6df321b07758cf860b8c430b5a236c5559cd06aead156e", "d3b56764ee6cffd9ade8d108c5281b3ae2c78259646a35365b7dcaa0eb374236", "6a7cdd9cf6f68072082ab7f8edb5edb5477eb5d84b1b42f40564f361961aec87", "22daa9c2625a897ecc2c7c44a1fdc803cd31fc657226ee59a979ff63c87435d7", "c7a40850e819f294e552934b1388265692c497ee8805153d630d8ee52dd29a5d", "5f52a4e48eadb456a2dd706e890ba32a4e68f5878e58ebf4bd5ec0cfa04d4a32", "51777f5d039d22be89a4b1b97d188ce67e7494de5ecf9e70bd6859fd6d421800", "4c4e8864dbf4cfc79f261adcb345375746bdfb3de6dc0ee76ed1018e5c542d88"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "registry-autorun-key-modified", "hashes": ["b6c2dcc6ea4160d06b1b9c077c60c20a696633cbed86cbc82f4c24e01205ff90", "b613ef4484c38b8d6b0847236b31ce8d916125766d28d3275605fe4e2068ca4c", "011c853d55681b6c66de4a6e236e877f70bf4281f99717904681c40e22bb5c80", "d3b56764ee6cffd9ade8d108c5281b3ae2c78259646a35365b7dcaa0eb374236", "6a7cdd9cf6f68072082ab7f8edb5edb5477eb5d84b1b42f40564f361961aec87", "5f52a4e48eadb456a2dd706e890ba32a4e68f5878e58ebf4bd5ec0cfa04d4a32", "51777f5d039d22be89a4b1b97d188ce67e7494de5ecf9e70bd6859fd6d421800", "99ca0c57bb4b1437407c582ee811faa657fcf4049e5cee73a9477979aee6b754", "842d57b78a49aeb676ae3c77e6659289a2ee5f2cf92dd79ee4d806884b01b80c", "c82f7cf10f22a13cd3e09fa382200e795a956fb1aefb4ec08e6432b61209c3d4"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "network-fast-flux-nameserver", "hashes": ["011c853d55681b6c66de4a6e236e877f70bf4281f99717904681c40e22bb5c80", "99ca0c57bb4b1437407c582ee811faa657fcf4049e5cee73a9477979aee6b754", "842d57b78a49aeb676ae3c77e6659289a2ee5f2cf92dd79ee4d806884b01b80c", "c82f7cf10f22a13cd3e09fa382200e795a956fb1aefb4ec08e6432b61209c3d4"], "mitre_attack_tags": []}, {"bi": "dns-query-nxdomain", "hashes": ["011c853d55681b6c66de4a6e236e877f70bf4281f99717904681c40e22bb5c80", "99ca0c57bb4b1437407c582ee811faa657fcf4049e5cee73a9477979aee6b754", "842d57b78a49aeb676ae3c77e6659289a2ee5f2cf92dd79ee4d806884b01b80c", "c82f7cf10f22a13cd3e09fa382200e795a956fb1aefb4ec08e6432b61209c3d4"], "mitre_attack_tags": []}, {"bi": "dns-excessive-domain-queries", "hashes": ["011c853d55681b6c66de4a6e236e877f70bf4281f99717904681c40e22bb5c80", "99ca0c57bb4b1437407c582ee811faa657fcf4049e5cee73a9477979aee6b754", "842d57b78a49aeb676ae3c77e6659289a2ee5f2cf92dd79ee4d806884b01b80c", "c82f7cf10f22a13cd3e09fa382200e795a956fb1aefb4ec08e6432b61209c3d4"], "mitre_attack_tags": ["TA0011", "T1008"]}, {"bi": "feed-domain-antivirus-service", "hashes": ["011c853d55681b6c66de4a6e236e877f70bf4281f99717904681c40e22bb5c80", "99ca0c57bb4b1437407c582ee811faa657fcf4049e5cee73a9477979aee6b754", "842d57b78a49aeb676ae3c77e6659289a2ee5f2cf92dd79ee4d806884b01b80c", "c82f7cf10f22a13cd3e09fa382200e795a956fb1aefb4ec08e6432b61209c3d4"], "mitre_attack_tags": []}, {"bi": "network-snort-indicator-compromise", "hashes": ["011c853d55681b6c66de4a6e236e877f70bf4281f99717904681c40e22bb5c80", "99ca0c57bb4b1437407c582ee811faa657fcf4049e5cee73a9477979aee6b754", "842d57b78a49aeb676ae3c77e6659289a2ee5f2cf92dd79ee4d806884b01b80c", "c82f7cf10f22a13cd3e09fa382200e795a956fb1aefb4ec08e6432b61209c3d4"], "mitre_attack_tags": []}, {"bi": "modified-executable", "hashes": ["b6c2dcc6ea4160d06b1b9c077c60c20a696633cbed86cbc82f4c24e01205ff90", "b613ef4484c38b8d6b0847236b31ce8d916125766d28d3275605fe4e2068ca4c", "c82f7cf10f22a13cd3e09fa382200e795a956fb1aefb4ec08e6432b61209c3d4"], "mitre_attack_tags": []}, {"bi": "modified-file-in-user-dir", "hashes": ["b6c2dcc6ea4160d06b1b9c077c60c20a696633cbed86cbc82f4c24e01205ff90", "b613ef4484c38b8d6b0847236b31ce8d916125766d28d3275605fe4e2068ca4c", "c82f7cf10f22a13cd3e09fa382200e795a956fb1aefb4ec08e6432b61209c3d4"], "mitre_attack_tags": []}, {"bi": "deleted-submitted-file", "hashes": ["b6c2dcc6ea4160d06b1b9c077c60c20a696633cbed86cbc82f4c24e01205ff90", "b613ef4484c38b8d6b0847236b31ce8d916125766d28d3275605fe4e2068ca4c", "c82f7cf10f22a13cd3e09fa382200e795a956fb1aefb4ec08e6432b61209c3d4"], "mitre_attack_tags": ["TA0005", "T1070"]}, {"bi": "cmd-exe-file-execution", "hashes": ["b6c2dcc6ea4160d06b1b9c077c60c20a696633cbed86cbc82f4c24e01205ff90", "b613ef4484c38b8d6b0847236b31ce8d916125766d28d3275605fe4e2068ca4c", "c82f7cf10f22a13cd3e09fa382200e795a956fb1aefb4ec08e6432b61209c3d4"], "mitre_attack_tags": ["TA0002", "T1059"]}, {"bi": "network-fast-flux-domain", "hashes": ["011c853d55681b6c66de4a6e236e877f70bf4281f99717904681c40e22bb5c80", "99ca0c57bb4b1437407c582ee811faa657fcf4049e5cee73a9477979aee6b754", "842d57b78a49aeb676ae3c77e6659289a2ee5f2cf92dd79ee4d806884b01b80c"], "mitre_attack_tags": []}, {"bi": "netbios-query", "hashes": ["011c853d55681b6c66de4a6e236e877f70bf4281f99717904681c40e22bb5c80", "99ca0c57bb4b1437407c582ee811faa657fcf4049e5cee73a9477979aee6b754", "842d57b78a49aeb676ae3c77e6659289a2ee5f2cf92dd79ee4d806884b01b80c"], "mitre_attack_tags": []}, {"bi": "network-only-safe-domains-contacted", "hashes": ["011c853d55681b6c66de4a6e236e877f70bf4281f99717904681c40e22bb5c80", "99ca0c57bb4b1437407c582ee811faa657fcf4049e5cee73a9477979aee6b754", "842d57b78a49aeb676ae3c77e6659289a2ee5f2cf92dd79ee4d806884b01b80c"], "mitre_attack_tags": []}, {"bi": "feed-domain-rat", "hashes": ["011c853d55681b6c66de4a6e236e877f70bf4281f99717904681c40e22bb5c80", "99ca0c57bb4b1437407c582ee811faa657fcf4049e5cee73a9477979aee6b754", "842d57b78a49aeb676ae3c77e6659289a2ee5f2cf92dd79ee4d806884b01b80c"], "mitre_attack_tags": []}, {"bi": "feed-domain-banking", "hashes": ["011c853d55681b6c66de4a6e236e877f70bf4281f99717904681c40e22bb5c80", "99ca0c57bb4b1437407c582ee811faa657fcf4049e5cee73a9477979aee6b754", "842d57b78a49aeb676ae3c77e6659289a2ee5f2cf92dd79ee4d806884b01b80c"], "mitre_attack_tags": []}, {"bi": "process-requested-named-pipe", "hashes": ["011c853d55681b6c66de4a6e236e877f70bf4281f99717904681c40e22bb5c80", "99ca0c57bb4b1437407c582ee811faa657fcf4049e5cee73a9477979aee6b754", "842d57b78a49aeb676ae3c77e6659289a2ee5f2cf92dd79ee4d806884b01b80c"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "dns-public-server-contacted", "hashes": ["011c853d55681b6c66de4a6e236e877f70bf4281f99717904681c40e22bb5c80", "99ca0c57bb4b1437407c582ee811faa657fcf4049e5cee73a9477979aee6b754", "842d57b78a49aeb676ae3c77e6659289a2ee5f2cf92dd79ee4d806884b01b80c"], "mitre_attack_tags": ["TA0011", "T1071"]}, {"bi": "registry-hide-files", "hashes": ["011c853d55681b6c66de4a6e236e877f70bf4281f99717904681c40e22bb5c80", "99ca0c57bb4b1437407c582ee811faa657fcf4049e5cee73a9477979aee6b754", "842d57b78a49aeb676ae3c77e6659289a2ee5f2cf92dd79ee4d806884b01b80c"], "mitre_attack_tags": ["TA0005"]}, {"bi": "registry-service-autostart-disabled", "hashes": ["011c853d55681b6c66de4a6e236e877f70bf4281f99717904681c40e22bb5c80", "99ca0c57bb4b1437407c582ee811faa657fcf4049e5cee73a9477979aee6b754", "842d57b78a49aeb676ae3c77e6659289a2ee5f2cf92dd79ee4d806884b01b80c"], "mitre_attack_tags": ["TA0005", "TA0040", "TA0003", "TA0004", "T1112", "T1489"]}, {"bi": "registry-disablesuac", "hashes": ["011c853d55681b6c66de4a6e236e877f70bf4281f99717904681c40e22bb5c80", "99ca0c57bb4b1437407c582ee811faa657fcf4049e5cee73a9477979aee6b754", "842d57b78a49aeb676ae3c77e6659289a2ee5f2cf92dd79ee4d806884b01b80c"], "mitre_attack_tags": ["TA0005", "TA0002", "TA0004", "T1088", "T1089"]}, {"bi": "malware-chthonic-rat-detected", "hashes": ["011c853d55681b6c66de4a6e236e877f70bf4281f99717904681c40e22bb5c80", "99ca0c57bb4b1437407c582ee811faa657fcf4049e5cee73a9477979aee6b754", "842d57b78a49aeb676ae3c77e6659289a2ee5f2cf92dd79ee4d806884b01b80c"], "mitre_attack_tags": []}, {"bi": "created-executable-in-user-dir", "hashes": ["b6c2dcc6ea4160d06b1b9c077c60c20a696633cbed86cbc82f4c24e01205ff90", "b613ef4484c38b8d6b0847236b31ce8d916125766d28d3275605fe4e2068ca4c"], "mitre_attack_tags": []}, {"bi": "registry-autorun-key-data-dir", "hashes": ["b6c2dcc6ea4160d06b1b9c077c60c20a696633cbed86cbc82f4c24e01205ff90", "b613ef4484c38b8d6b0847236b31ce8d916125766d28d3275605fe4e2068ca4c"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "process-with-multiple-children", "hashes": ["b6c2dcc6ea4160d06b1b9c077c60c20a696633cbed86cbc82f4c24e01205ff90", "b613ef4484c38b8d6b0847236b31ce8d916125766d28d3275605fe4e2068ca4c"], "mitre_attack_tags": ["TA0005"]}, {"bi": "malware-emotet-variant", "hashes": ["b6c2dcc6ea4160d06b1b9c077c60c20a696633cbed86cbc82f4c24e01205ff90", "b613ef4484c38b8d6b0847236b31ce8d916125766d28d3275605fe4e2068ca4c"], "mitre_attack_tags": []}, {"bi": "pe-invalid-checksum", "hashes": ["4c4e8864dbf4cfc79f261adcb345375746bdfb3de6dc0ee76ed1018e5c542d88"], "mitre_attack_tags": []}, {"bi": "registry-modification-reg", "hashes": ["4c4e8864dbf4cfc79f261adcb345375746bdfb3de6dc0ee76ed1018e5c542d88"], "mitre_attack_tags": []}, {"bi": "artifact-exec-extension-obfuscation", "hashes": ["4c4e8864dbf4cfc79f261adcb345375746bdfb3de6dc0ee76ed1018e5c542d88"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-header-timestamp-prior", "hashes": ["4c4e8864dbf4cfc79f261adcb345375746bdfb3de6dc0ee76ed1018e5c542d88"], "mitre_attack_tags": []}, {"bi": "service-dll-registration", "hashes": ["4c4e8864dbf4cfc79f261adcb345375746bdfb3de6dc0ee76ed1018e5c542d88"], "mitre_attack_tags": ["TA0003", "TA0004", "T1543"]}, {"bi": "network-snort-protocol", "hashes": ["c82f7cf10f22a13cd3e09fa382200e795a956fb1aefb4ec08e6432b61209c3d4"], "mitre_attack_tags": []}, {"bi": "excessive-dns-query-nxdomain", "hashes": ["c82f7cf10f22a13cd3e09fa382200e795a956fb1aefb4ec08e6432b61209c3d4"], "mitre_attack_tags": ["TA0011", "T1008"]}, {"bi": "files-deleted-used-batch", "hashes": ["c82f7cf10f22a13cd3e09fa382200e795a956fb1aefb4ec08e6432b61209c3d4"], "mitre_attack_tags": ["TA0005", "T1070"]}, {"bi": "modified-file-in-system-dir", "hashes": ["c82f7cf10f22a13cd3e09fa382200e795a956fb1aefb4ec08e6432b61209c3d4"], "mitre_attack_tags": []}, {"bi": "process-explorer-suspicious-launch", "hashes": ["c82f7cf10f22a13cd3e09fa382200e795a956fb1aefb4ec08e6432b61209c3d4"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "startup-folder-modification", "hashes": ["c82f7cf10f22a13cd3e09fa382200e795a956fb1aefb4ec08e6432b61209c3d4"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "possible-dga-communication", "hashes": ["c82f7cf10f22a13cd3e09fa382200e795a956fb1aefb4ec08e6432b61209c3d4"], "mitre_attack_tags": ["TA0011"]}, {"bi": "startup-folder-lnk-file", "hashes": ["c82f7cf10f22a13cd3e09fa382200e795a956fb1aefb4ec08e6432b61209c3d4"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "cmd-exe-file-deletion", "hashes": ["c82f7cf10f22a13cd3e09fa382200e795a956fb1aefb4ec08e6432b61209c3d4"], "mitre_attack_tags": ["TA0005", "T1070"]}], "category": "Trojan", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": true, "Threat Grid": true, "Umbrella": false, "WSA": false}, "description": "Gamarue, also known as Andromeda, is a botnet used to spread malware, steal information and perform activities such as click fraud.", "hashes": ["011c853d55681b6c66de4a6e236e877f70bf4281f99717904681c40e22bb5c80", "1699c2a2b4bf5f645ff10746a2fe9d8c372180b69c35cbc5d7c04dff2e974323", "16d0f98d949e04a355180417be7f90d5afb50c883fa00de4e6aab33153bf773d", "22daa9c2625a897ecc2c7c44a1fdc803cd31fc657226ee59a979ff63c87435d7", "3bba0873c9073799c90d5d688b5e134d363fe7144d33ac1e4caf67000b8cb8d6", "4c4e8864dbf4cfc79f261adcb345375746bdfb3de6dc0ee76ed1018e5c542d88", "51777f5d039d22be89a4b1b97d188ce67e7494de5ecf9e70bd6859fd6d421800", "5f52a4e48eadb456a2dd706e890ba32a4e68f5878e58ebf4bd5ec0cfa04d4a32", "681753ed0b405c635d6ccf2abfb76abb543467de5185546d28766d321e434f43", "6a7cdd9cf6f68072082ab7f8edb5edb5477eb5d84b1b42f40564f361961aec87", "7b576f0975f65fde9ed902ae96649423bd158f4efc7b5624353953f8e78580a7", "7db5ae0f1fabb2b231f63189ced5e9ac4948ecf0bac4187c0e3f07dc6c36c853", "842d57b78a49aeb676ae3c77e6659289a2ee5f2cf92dd79ee4d806884b01b80c", "8e4ac877d3d9ee05c7fe74f5dcaaaebf040d36a0d5d9d03eb17c67b191316e42", "935c702a47820490d153f561a3c00bbec4313fbb9f42a08f14ee21cda0e06afd", "97a7775f7ac2cab570cf489787b3df280883e552b4dd157a30de03005c56f3c8", "99ca0c57bb4b1437407c582ee811faa657fcf4049e5cee73a9477979aee6b754", "b04b37e08455b865970640e27d152e488c21c884d107db64c85078bd31112598", "b613ef4484c38b8d6b0847236b31ce8d916125766d28d3275605fe4e2068ca4c", "b6c2dcc6ea4160d06b1b9c077c60c20a696633cbed86cbc82f4c24e01205ff90", "b7448cfff0c84067cf6df321b07758cf860b8c430b5a236c5559cd06aead156e", "b973fdc59f3e05c82eb6cec874cee7e6b8e7b0724519e05e7796174b67e2585a", "c0e4576d21f795d68d581160635c4a415a595689e930043a24e32976e530e470", "c7a40850e819f294e552934b1388265692c497ee8805153d630d8ee52dd29a5d", "c82f7cf10f22a13cd3e09fa382200e795a956fb1aefb4ec08e6432b61209c3d4", "d3b56764ee6cffd9ade8d108c5281b3ae2c78259646a35365b7dcaa0eb374236", "ee90f452559a1c19aa95ea203c27dfc1ea27cf26a9d7d78e0eb32c8a7e798e6d", "f5f0213eb64823daa2f78ac5198c2ad86c2db4c35f0f8723d4ecb0815a470356"], "iocs": {"domain": [{"hashes": ["3bba0873c9073799c90d5d688b5e134d363fe7144d33ac1e4caf67000b8cb8d6", "51777f5d039d22be89a4b1b97d188ce67e7494de5ecf9e70bd6859fd6d421800", "6a7cdd9cf6f68072082ab7f8edb5edb5477eb5d84b1b42f40564f361961aec87", "842d57b78a49aeb676ae3c77e6659289a2ee5f2cf92dd79ee4d806884b01b80c", "8e4ac877d3d9ee05c7fe74f5dcaaaebf040d36a0d5d9d03eb17c67b191316e42", "b04b37e08455b865970640e27d152e488c21c884d107db64c85078bd31112598", "b7448cfff0c84067cf6df321b07758cf860b8c430b5a236c5559cd06aead156e", "c7a40850e819f294e552934b1388265692c497ee8805153d630d8ee52dd29a5d", "d3b56764ee6cffd9ade8d108c5281b3ae2c78259646a35365b7dcaa0eb374236", "f5f0213eb64823daa2f78ac5198c2ad86c2db4c35f0f8723d4ecb0815a470356"], "host": "m[.]googlex[.]me"}, {"hashes": ["3bba0873c9073799c90d5d688b5e134d363fe7144d33ac1e4caf67000b8cb8d6", "51777f5d039d22be89a4b1b97d188ce67e7494de5ecf9e70bd6859fd6d421800", "6a7cdd9cf6f68072082ab7f8edb5edb5477eb5d84b1b42f40564f361961aec87", "842d57b78a49aeb676ae3c77e6659289a2ee5f2cf92dd79ee4d806884b01b80c", "8e4ac877d3d9ee05c7fe74f5dcaaaebf040d36a0d5d9d03eb17c67b191316e42", "b04b37e08455b865970640e27d152e488c21c884d107db64c85078bd31112598", "b7448cfff0c84067cf6df321b07758cf860b8c430b5a236c5559cd06aead156e", "c7a40850e819f294e552934b1388265692c497ee8805153d630d8ee52dd29a5d", "d3b56764ee6cffd9ade8d108c5281b3ae2c78259646a35365b7dcaa0eb374236", "f5f0213eb64823daa2f78ac5198c2ad86c2db4c35f0f8723d4ecb0815a470356"], "host": "w[.]googlex[.]me"}, {"hashes": ["011c853d55681b6c66de4a6e236e877f70bf4281f99717904681c40e22bb5c80", "842d57b78a49aeb676ae3c77e6659289a2ee5f2cf92dd79ee4d806884b01b80c", "99ca0c57bb4b1437407c582ee811faa657fcf4049e5cee73a9477979aee6b754"], "host": "bolte[.]pw"}, {"hashes": ["011c853d55681b6c66de4a6e236e877f70bf4281f99717904681c40e22bb5c80", "842d57b78a49aeb676ae3c77e6659289a2ee5f2cf92dd79ee4d806884b01b80c", "99ca0c57bb4b1437407c582ee811faa657fcf4049e5cee73a9477979aee6b754"], "host": "ggell[.]pw"}, {"hashes": ["011c853d55681b6c66de4a6e236e877f70bf4281f99717904681c40e22bb5c80", "842d57b78a49aeb676ae3c77e6659289a2ee5f2cf92dd79ee4d806884b01b80c", "99ca0c57bb4b1437407c582ee811faa657fcf4049e5cee73a9477979aee6b754"], "host": "xviesse[.]pw"}, {"hashes": ["c82f7cf10f22a13cd3e09fa382200e795a956fb1aefb4ec08e6432b61209c3d4"], "host": "kpxkubowvkllwf[.]cc"}, {"hashes": ["c82f7cf10f22a13cd3e09fa382200e795a956fb1aefb4ec08e6432b61209c3d4"], "host": "kqhmknyidxjuxx[.]com"}, {"hashes": ["c82f7cf10f22a13cd3e09fa382200e795a956fb1aefb4ec08e6432b61209c3d4"], "host": "kwnyotlewqgwyl[.]cc"}, {"hashes": ["c82f7cf10f22a13cd3e09fa382200e795a956fb1aefb4ec08e6432b61209c3d4"], "host": "llswdkqmxgjcnu[.]com"}, {"hashes": ["c82f7cf10f22a13cd3e09fa382200e795a956fb1aefb4ec08e6432b61209c3d4"], "host": "lpblgqdmnjnjqa[.]net"}, {"hashes": ["c82f7cf10f22a13cd3e09fa382200e795a956fb1aefb4ec08e6432b61209c3d4"], "host": "lxybtvndxcfnbx[.]net"}, {"hashes": ["c82f7cf10f22a13cd3e09fa382200e795a956fb1aefb4ec08e6432b61209c3d4"], "host": "maxbyulweifvcy[.]net"}, {"hashes": ["c82f7cf10f22a13cd3e09fa382200e795a956fb1aefb4ec08e6432b61209c3d4"], "host": "mhaclspkylcgle[.]in"}, {"hashes": ["c82f7cf10f22a13cd3e09fa382200e795a956fb1aefb4ec08e6432b61209c3d4"], "host": "mpqjgedlgobigs[.]com"}, {"hashes": ["c82f7cf10f22a13cd3e09fa382200e795a956fb1aefb4ec08e6432b61209c3d4"], "host": "mvrayrcjuobjly[.]tw"}, {"hashes": ["c82f7cf10f22a13cd3e09fa382200e795a956fb1aefb4ec08e6432b61209c3d4"], "host": "obifmsurqodhbb[.]com"}, {"hashes": ["c82f7cf10f22a13cd3e09fa382200e795a956fb1aefb4ec08e6432b61209c3d4"], "host": "ongyichcmybdrb[.]cc"}, {"hashes": ["c82f7cf10f22a13cd3e09fa382200e795a956fb1aefb4ec08e6432b61209c3d4"], "host": "pktthwxaqvmktb[.]net"}, {"hashes": ["c82f7cf10f22a13cd3e09fa382200e795a956fb1aefb4ec08e6432b61209c3d4"], "host": "pmkgfsxvuqlovm[.]cc"}, {"hashes": ["c82f7cf10f22a13cd3e09fa382200e795a956fb1aefb4ec08e6432b61209c3d4"], "host": "qalhugqpkgbeyk[.]com"}, {"hashes": ["c82f7cf10f22a13cd3e09fa382200e795a956fb1aefb4ec08e6432b61209c3d4"], "host": "qglscxdeacnhnx[.]in"}, {"hashes": ["c82f7cf10f22a13cd3e09fa382200e795a956fb1aefb4ec08e6432b61209c3d4"], "host": "qjjvlpqqfmiixq[.]in"}, {"hashes": ["c82f7cf10f22a13cd3e09fa382200e795a956fb1aefb4ec08e6432b61209c3d4"], "host": "qojpalhvxdmrqn[.]tw"}, {"hashes": ["c82f7cf10f22a13cd3e09fa382200e795a956fb1aefb4ec08e6432b61209c3d4"], "host": "qpragpmmbglnkk[.]in"}, {"hashes": ["c82f7cf10f22a13cd3e09fa382200e795a956fb1aefb4ec08e6432b61209c3d4"], "host": "qudqihusnvymjx[.]cc"}, {"hashes": ["c82f7cf10f22a13cd3e09fa382200e795a956fb1aefb4ec08e6432b61209c3d4"], "host": "qwxwrnaywfnxik[.]in"}, {"hashes": ["c82f7cf10f22a13cd3e09fa382200e795a956fb1aefb4ec08e6432b61209c3d4"], "host": "rgiqprygdlppfa[.]com"}, {"hashes": ["c82f7cf10f22a13cd3e09fa382200e795a956fb1aefb4ec08e6432b61209c3d4"], "host": "rpecjpsxdyllhi[.]in"}, {"hashes": ["c82f7cf10f22a13cd3e09fa382200e795a956fb1aefb4ec08e6432b61209c3d4"], "host": "rscehpunimlcyh[.]tw"}, {"hashes": ["c82f7cf10f22a13cd3e09fa382200e795a956fb1aefb4ec08e6432b61209c3d4"], "host": "rycyeilywxehjx[.]tw"}, {"hashes": ["c82f7cf10f22a13cd3e09fa382200e795a956fb1aefb4ec08e6432b61209c3d4"], "host": "sbjuihtdogpgjo[.]cc"}, {"hashes": ["c82f7cf10f22a13cd3e09fa382200e795a956fb1aefb4ec08e6432b61209c3d4"], "host": "sgwqnvhxxswyld[.]com"}, {"hashes": ["c82f7cf10f22a13cd3e09fa382200e795a956fb1aefb4ec08e6432b61209c3d4"], "host": "syiixapqvwunos[.]net"}, {"hashes": ["c82f7cf10f22a13cd3e09fa382200e795a956fb1aefb4ec08e6432b61209c3d4"], "host": "tircxhonrdfbcy[.]in"}, {"hashes": ["c82f7cf10f22a13cd3e09fa382200e795a956fb1aefb4ec08e6432b61209c3d4"], "host": "ujwputvbnknngy[.]tw"}, {"hashes": ["c82f7cf10f22a13cd3e09fa382200e795a956fb1aefb4ec08e6432b61209c3d4"], "host": "uqmaqbgcynuqwc[.]com"}, {"hashes": ["c82f7cf10f22a13cd3e09fa382200e795a956fb1aefb4ec08e6432b61209c3d4"], "host": "uxnljdjlqcmqwn[.]net"}, {"hashes": ["c82f7cf10f22a13cd3e09fa382200e795a956fb1aefb4ec08e6432b61209c3d4"], "host": "vkamvqtcyywcfc[.]in"}, {"hashes": ["c82f7cf10f22a13cd3e09fa382200e795a956fb1aefb4ec08e6432b61209c3d4"], "host": "vshsasecrdmdnq[.]cc"}, {"hashes": ["c82f7cf10f22a13cd3e09fa382200e795a956fb1aefb4ec08e6432b61209c3d4"], "host": "vtqffssxdlhjyu[.]cc"}, {"hashes": ["c82f7cf10f22a13cd3e09fa382200e795a956fb1aefb4ec08e6432b61209c3d4"], "host": "wkpilumywgjibr[.]in"}, {"hashes": ["c82f7cf10f22a13cd3e09fa382200e795a956fb1aefb4ec08e6432b61209c3d4"], "host": "wwpmabdwohqygy[.]in"}, {"hashes": ["c82f7cf10f22a13cd3e09fa382200e795a956fb1aefb4ec08e6432b61209c3d4"], "host": "xdnnesbuuhsume[.]tw"}, {"hashes": ["c82f7cf10f22a13cd3e09fa382200e795a956fb1aefb4ec08e6432b61209c3d4"], "host": "xoyjygtuxjwhcm[.]in"}, {"hashes": ["c82f7cf10f22a13cd3e09fa382200e795a956fb1aefb4ec08e6432b61209c3d4"], "host": "xsfadpbfxvshtu[.]cc"}, {"hashes": ["c82f7cf10f22a13cd3e09fa382200e795a956fb1aefb4ec08e6432b61209c3d4"], "host": "ycbhrdhhjysjfr[.]tw"}, {"hashes": ["c82f7cf10f22a13cd3e09fa382200e795a956fb1aefb4ec08e6432b61209c3d4"], "host": "ydqhchrhmkunwu[.]in"}, {"hashes": ["c82f7cf10f22a13cd3e09fa382200e795a956fb1aefb4ec08e6432b61209c3d4"], "host": "yhqbrvxuvsgsck[.]com"}, {"hashes": ["c82f7cf10f22a13cd3e09fa382200e795a956fb1aefb4ec08e6432b61209c3d4"], "host": "ysvxwqsvhxltmf[.]com"}, {"hashes": ["c82f7cf10f22a13cd3e09fa382200e795a956fb1aefb4ec08e6432b61209c3d4"], "host": "yxclhrqmovhtrt[.]net"}], "file": [{"hashes": ["b613ef4484c38b8d6b0847236b31ce8d916125766d28d3275605fe4e2068ca4c", "b6c2dcc6ea4160d06b1b9c077c60c20a696633cbed86cbc82f4c24e01205ff90"], "path": "%APPDATA%\\Identities\\owgkjfld.exe"}, {"hashes": ["b6c2dcc6ea4160d06b1b9c077c60c20a696633cbed86cbc82f4c24e01205ff90"], "path": "%APPDATA%\\ms2591055.bat"}, {"hashes": ["4c4e8864dbf4cfc79f261adcb345375746bdfb3de6dc0ee76ed1018e5c542d88"], "path": "%TEMP%\\~47CB20E3.tmp"}, {"hashes": ["c82f7cf10f22a13cd3e09fa382200e795a956fb1aefb4ec08e6432b61209c3d4"], "path": "%TEMP%\\akk111eccc24757.bat"}, {"hashes": ["c82f7cf10f22a13cd3e09fa382200e795a956fb1aefb4ec08e6432b61209c3d4"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\System Check.lnk"}, {"hashes": ["c82f7cf10f22a13cd3e09fa382200e795a956fb1aefb4ec08e6432b61209c3d4"], "path": "%SystemRoot%\\SysWOW64\\GyPIRMM_pHDLqc.exe"}, {"hashes": ["b613ef4484c38b8d6b0847236b31ce8d916125766d28d3275605fe4e2068ca4c"], "path": "%APPDATA%\\ms3735546.bat"}, {"hashes": ["4c4e8864dbf4cfc79f261adcb345375746bdfb3de6dc0ee76ed1018e5c542d88"], "path": "%ProgramData%\\YanuGsewu\\OamaqEykot.rgz"}, {"hashes": ["4c4e8864dbf4cfc79f261adcb345375746bdfb3de6dc0ee76ed1018e5c542d88"], "path": "%TEMP%\\~0002260C.tmp"}, {"hashes": ["4c4e8864dbf4cfc79f261adcb345375746bdfb3de6dc0ee76ed1018e5c542d88"], "path": "%System32%\\config\\systemprofile\\AppData\\Local\\CrashDumps\\spoolsv.exe.1476.dmp"}, {"hashes": ["c82f7cf10f22a13cd3e09fa382200e795a956fb1aefb4ec08e6432b61209c3d4"], "path": "%System32%\\GyPIRMM_pHDLqc.exe"}, {"hashes": ["b613ef4484c38b8d6b0847236b31ce8d916125766d28d3275605fe4e2068ca4c"], "path": "%APPDATA%\\ms8483048.bat"}], "ip": [{"hashes": ["51777f5d039d22be89a4b1b97d188ce67e7494de5ecf9e70bd6859fd6d421800", "5f52a4e48eadb456a2dd706e890ba32a4e68f5878e58ebf4bd5ec0cfa04d4a32", "6a7cdd9cf6f68072082ab7f8edb5edb5477eb5d84b1b42f40564f361961aec87", "d3b56764ee6cffd9ade8d108c5281b3ae2c78259646a35365b7dcaa0eb374236"], "ip": "209[.]239[.]112[.]229"}, {"hashes": ["011c853d55681b6c66de4a6e236e877f70bf4281f99717904681c40e22bb5c80", "842d57b78a49aeb676ae3c77e6659289a2ee5f2cf92dd79ee4d806884b01b80c", "99ca0c57bb4b1437407c582ee811faa657fcf4049e5cee73a9477979aee6b754"], "ip": "40[.]70[.]224[.]146"}, {"hashes": ["b613ef4484c38b8d6b0847236b31ce8d916125766d28d3275605fe4e2068ca4c", "b6c2dcc6ea4160d06b1b9c077c60c20a696633cbed86cbc82f4c24e01205ff90"], "ip": "109[.]123[.]78[.]10"}, {"hashes": ["b613ef4484c38b8d6b0847236b31ce8d916125766d28d3275605fe4e2068ca4c", "b6c2dcc6ea4160d06b1b9c077c60c20a696633cbed86cbc82f4c24e01205ff90"], "ip": "66[.]54[.]51[.]172"}, {"hashes": ["b613ef4484c38b8d6b0847236b31ce8d916125766d28d3275605fe4e2068ca4c", "b6c2dcc6ea4160d06b1b9c077c60c20a696633cbed86cbc82f4c24e01205ff90"], "ip": "108[.]161[.]128[.]103"}, {"hashes": ["b613ef4484c38b8d6b0847236b31ce8d916125766d28d3275605fe4e2068ca4c", "b6c2dcc6ea4160d06b1b9c077c60c20a696633cbed86cbc82f4c24e01205ff90"], "ip": "195[.]210[.]29[.]237"}, {"hashes": ["b613ef4484c38b8d6b0847236b31ce8d916125766d28d3275605fe4e2068ca4c", "b6c2dcc6ea4160d06b1b9c077c60c20a696633cbed86cbc82f4c24e01205ff90"], "ip": "5[.]35[.]249[.]46"}, {"hashes": ["b613ef4484c38b8d6b0847236b31ce8d916125766d28d3275605fe4e2068ca4c", "b6c2dcc6ea4160d06b1b9c077c60c20a696633cbed86cbc82f4c24e01205ff90"], "ip": "5[.]159[.]57[.]195"}, {"hashes": ["b613ef4484c38b8d6b0847236b31ce8d916125766d28d3275605fe4e2068ca4c", "b6c2dcc6ea4160d06b1b9c077c60c20a696633cbed86cbc82f4c24e01205ff90"], "ip": "206[.]210[.]70[.]175"}, {"hashes": ["b613ef4484c38b8d6b0847236b31ce8d916125766d28d3275605fe4e2068ca4c", "b6c2dcc6ea4160d06b1b9c077c60c20a696633cbed86cbc82f4c24e01205ff90"], "ip": "88[.]80[.]187[.]139"}, {"hashes": ["b613ef4484c38b8d6b0847236b31ce8d916125766d28d3275605fe4e2068ca4c", "b6c2dcc6ea4160d06b1b9c077c60c20a696633cbed86cbc82f4c24e01205ff90"], "ip": "188[.]93[.]174[.]136"}, {"hashes": ["b613ef4484c38b8d6b0847236b31ce8d916125766d28d3275605fe4e2068ca4c", "b6c2dcc6ea4160d06b1b9c077c60c20a696633cbed86cbc82f4c24e01205ff90"], "ip": "130[.]133[.]3[.]7"}, {"hashes": ["b613ef4484c38b8d6b0847236b31ce8d916125766d28d3275605fe4e2068ca4c", "b6c2dcc6ea4160d06b1b9c077c60c20a696633cbed86cbc82f4c24e01205ff90"], "ip": "162[.]144[.]79[.]192"}, {"hashes": ["b613ef4484c38b8d6b0847236b31ce8d916125766d28d3275605fe4e2068ca4c", "b6c2dcc6ea4160d06b1b9c077c60c20a696633cbed86cbc82f4c24e01205ff90"], "ip": "79[.]110[.]90[.]207"}, {"hashes": ["b613ef4484c38b8d6b0847236b31ce8d916125766d28d3275605fe4e2068ca4c", "b6c2dcc6ea4160d06b1b9c077c60c20a696633cbed86cbc82f4c24e01205ff90"], "ip": "72[.]18[.]204[.]17"}, {"hashes": ["b613ef4484c38b8d6b0847236b31ce8d916125766d28d3275605fe4e2068ca4c", "b6c2dcc6ea4160d06b1b9c077c60c20a696633cbed86cbc82f4c24e01205ff90"], "ip": "212[.]129[.]13[.]110"}, {"hashes": ["b613ef4484c38b8d6b0847236b31ce8d916125766d28d3275605fe4e2068ca4c", "b6c2dcc6ea4160d06b1b9c077c60c20a696633cbed86cbc82f4c24e01205ff90"], "ip": "66[.]228[.]61[.]248"}, {"hashes": ["b613ef4484c38b8d6b0847236b31ce8d916125766d28d3275605fe4e2068ca4c", "b6c2dcc6ea4160d06b1b9c077c60c20a696633cbed86cbc82f4c24e01205ff90"], "ip": "193[.]171[.]152[.]53"}, {"hashes": ["b613ef4484c38b8d6b0847236b31ce8d916125766d28d3275605fe4e2068ca4c", "b6c2dcc6ea4160d06b1b9c077c60c20a696633cbed86cbc82f4c24e01205ff90"], "ip": "129[.]187[.]254[.]237"}, {"hashes": ["b613ef4484c38b8d6b0847236b31ce8d916125766d28d3275605fe4e2068ca4c", "b6c2dcc6ea4160d06b1b9c077c60c20a696633cbed86cbc82f4c24e01205ff90"], "ip": "178[.]248[.]200[.]118"}, {"hashes": ["b613ef4484c38b8d6b0847236b31ce8d916125766d28d3275605fe4e2068ca4c", "b6c2dcc6ea4160d06b1b9c077c60c20a696633cbed86cbc82f4c24e01205ff90"], "ip": "133[.]242[.]19[.]182"}, {"hashes": ["b613ef4484c38b8d6b0847236b31ce8d916125766d28d3275605fe4e2068ca4c", "b6c2dcc6ea4160d06b1b9c077c60c20a696633cbed86cbc82f4c24e01205ff90"], "ip": "195[.]154[.]243[.]237"}, {"hashes": ["b613ef4484c38b8d6b0847236b31ce8d916125766d28d3275605fe4e2068ca4c", "b6c2dcc6ea4160d06b1b9c077c60c20a696633cbed86cbc82f4c24e01205ff90"], "ip": "80[.]237[.]133[.]77"}, {"hashes": ["b613ef4484c38b8d6b0847236b31ce8d916125766d28d3275605fe4e2068ca4c", "b6c2dcc6ea4160d06b1b9c077c60c20a696633cbed86cbc82f4c24e01205ff90"], "ip": "158[.]255[.]238[.]163"}, {"hashes": ["b613ef4484c38b8d6b0847236b31ce8d916125766d28d3275605fe4e2068ca4c", "b6c2dcc6ea4160d06b1b9c077c60c20a696633cbed86cbc82f4c24e01205ff90"], "ip": "91[.]198[.]174[.]192"}, {"hashes": ["b613ef4484c38b8d6b0847236b31ce8d916125766d28d3275605fe4e2068ca4c", "b6c2dcc6ea4160d06b1b9c077c60c20a696633cbed86cbc82f4c24e01205ff90"], "ip": "46[.]105[.]236[.]18"}, {"hashes": ["b613ef4484c38b8d6b0847236b31ce8d916125766d28d3275605fe4e2068ca4c", "b6c2dcc6ea4160d06b1b9c077c60c20a696633cbed86cbc82f4c24e01205ff90"], "ip": "205[.]186[.]139[.]105"}, {"hashes": ["b613ef4484c38b8d6b0847236b31ce8d916125766d28d3275605fe4e2068ca4c", "b6c2dcc6ea4160d06b1b9c077c60c20a696633cbed86cbc82f4c24e01205ff90"], "ip": "72[.]10[.]49[.]117"}, {"hashes": ["b613ef4484c38b8d6b0847236b31ce8d916125766d28d3275605fe4e2068ca4c", "b6c2dcc6ea4160d06b1b9c077c60c20a696633cbed86cbc82f4c24e01205ff90"], "ip": "133[.]242[.]54[.]221"}, {"hashes": ["b613ef4484c38b8d6b0847236b31ce8d916125766d28d3275605fe4e2068ca4c", "b6c2dcc6ea4160d06b1b9c077c60c20a696633cbed86cbc82f4c24e01205ff90"], "ip": "198[.]1[.]66[.]98"}, {"hashes": ["b613ef4484c38b8d6b0847236b31ce8d916125766d28d3275605fe4e2068ca4c", "b6c2dcc6ea4160d06b1b9c077c60c20a696633cbed86cbc82f4c24e01205ff90"], "ip": "148[.]251[.]11[.]107"}, {"hashes": ["b613ef4484c38b8d6b0847236b31ce8d916125766d28d3275605fe4e2068ca4c", "b6c2dcc6ea4160d06b1b9c077c60c20a696633cbed86cbc82f4c24e01205ff90"], "ip": "213[.]208[.]154[.]110"}, {"hashes": ["6a7cdd9cf6f68072082ab7f8edb5edb5477eb5d84b1b42f40564f361961aec87"], "ip": "204[.]79[.]197[.]200"}], "mutex": [{"hashes": ["011c853d55681b6c66de4a6e236e877f70bf4281f99717904681c40e22bb5c80", "22daa9c2625a897ecc2c7c44a1fdc803cd31fc657226ee59a979ff63c87435d7", "3bba0873c9073799c90d5d688b5e134d363fe7144d33ac1e4caf67000b8cb8d6", "4c4e8864dbf4cfc79f261adcb345375746bdfb3de6dc0ee76ed1018e5c542d88", "51777f5d039d22be89a4b1b97d188ce67e7494de5ecf9e70bd6859fd6d421800", "5f52a4e48eadb456a2dd706e890ba32a4e68f5878e58ebf4bd5ec0cfa04d4a32", "681753ed0b405c635d6ccf2abfb76abb543467de5185546d28766d321e434f43", "6a7cdd9cf6f68072082ab7f8edb5edb5477eb5d84b1b42f40564f361961aec87", "7db5ae0f1fabb2b231f63189ced5e9ac4948ecf0bac4187c0e3f07dc6c36c853", "842d57b78a49aeb676ae3c77e6659289a2ee5f2cf92dd79ee4d806884b01b80c", "8e4ac877d3d9ee05c7fe74f5dcaaaebf040d36a0d5d9d03eb17c67b191316e42", "935c702a47820490d153f561a3c00bbec4313fbb9f42a08f14ee21cda0e06afd", "97a7775f7ac2cab570cf489787b3df280883e552b4dd157a30de03005c56f3c8", "99ca0c57bb4b1437407c582ee811faa657fcf4049e5cee73a9477979aee6b754", "b04b37e08455b865970640e27d152e488c21c884d107db64c85078bd31112598", "b613ef4484c38b8d6b0847236b31ce8d916125766d28d3275605fe4e2068ca4c", "b6c2dcc6ea4160d06b1b9c077c60c20a696633cbed86cbc82f4c24e01205ff90", "b7448cfff0c84067cf6df321b07758cf860b8c430b5a236c5559cd06aead156e", "b973fdc59f3e05c82eb6cec874cee7e6b8e7b0724519e05e7796174b67e2585a", "c0e4576d21f795d68d581160635c4a415a595689e930043a24e32976e530e470", "c7a40850e819f294e552934b1388265692c497ee8805153d630d8ee52dd29a5d", "c82f7cf10f22a13cd3e09fa382200e795a956fb1aefb4ec08e6432b61209c3d4", "d3b56764ee6cffd9ade8d108c5281b3ae2c78259646a35365b7dcaa0eb374236", "f5f0213eb64823daa2f78ac5198c2ad86c2db4c35f0f8723d4ecb0815a470356"], "name": "qazwsxedc"}, {"hashes": ["b613ef4484c38b8d6b0847236b31ce8d916125766d28d3275605fe4e2068ca4c", "b6c2dcc6ea4160d06b1b9c077c60c20a696633cbed86cbc82f4c24e01205ff90"], "name": "rmf563576c"}, {"hashes": ["b613ef4484c38b8d6b0847236b31ce8d916125766d28d3275605fe4e2068ca4c", "b6c2dcc6ea4160d06b1b9c077c60c20a696633cbed86cbc82f4c24e01205ff90"], "name": "cie0"}, {"hashes": ["b613ef4484c38b8d6b0847236b31ce8d916125766d28d3275605fe4e2068ca4c", "b6c2dcc6ea4160d06b1b9c077c60c20a696633cbed86cbc82f4c24e01205ff90"], "name": "cme0"}, {"hashes": ["b613ef4484c38b8d6b0847236b31ce8d916125766d28d3275605fe4e2068ca4c", "b6c2dcc6ea4160d06b1b9c077c60c20a696633cbed86cbc82f4c24e01205ff90"], "name": "<random, matching [a-zA-Z0-9]{5,9}>"}, {"hashes": ["c82f7cf10f22a13cd3e09fa382200e795a956fb1aefb4ec08e6432b61209c3d4"], "name": "InstalledMutex"}, {"hashes": ["c82f7cf10f22a13cd3e09fa382200e795a956fb1aefb4ec08e6432b61209c3d4"], "name": "v&xEiR43#$"}, {"hashes": ["c82f7cf10f22a13cd3e09fa382200e795a956fb1aefb4ec08e6432b61209c3d4"], "name": "616403000000010001D6D313OKcOGFlpCvoEY"}, {"hashes": ["c82f7cf10f22a13cd3e09fa382200e795a956fb1aefb4ec08e6432b61209c3d4"], "name": "0CC03AF50000048001D668C9OKcOGFlpCvoEY"}, {"hashes": ["b613ef4484c38b8d6b0847236b31ce8d916125766d28d3275605fe4e2068ca4c"], "name": "rmf7348708"}], "registry": [{"hashes": ["011c853d55681b6c66de4a6e236e877f70bf4281f99717904681c40e22bb5c80", "22daa9c2625a897ecc2c7c44a1fdc803cd31fc657226ee59a979ff63c87435d7", "3bba0873c9073799c90d5d688b5e134d363fe7144d33ac1e4caf67000b8cb8d6", "4c4e8864dbf4cfc79f261adcb345375746bdfb3de6dc0ee76ed1018e5c542d88", "51777f5d039d22be89a4b1b97d188ce67e7494de5ecf9e70bd6859fd6d421800", "5f52a4e48eadb456a2dd706e890ba32a4e68f5878e58ebf4bd5ec0cfa04d4a32", "681753ed0b405c635d6ccf2abfb76abb543467de5185546d28766d321e434f43", "6a7cdd9cf6f68072082ab7f8edb5edb5477eb5d84b1b42f40564f361961aec87", "7db5ae0f1fabb2b231f63189ced5e9ac4948ecf0bac4187c0e3f07dc6c36c853", "842d57b78a49aeb676ae3c77e6659289a2ee5f2cf92dd79ee4d806884b01b80c", "8e4ac877d3d9ee05c7fe74f5dcaaaebf040d36a0d5d9d03eb17c67b191316e42", "935c702a47820490d153f561a3c00bbec4313fbb9f42a08f14ee21cda0e06afd", "97a7775f7ac2cab570cf489787b3df280883e552b4dd157a30de03005c56f3c8", "99ca0c57bb4b1437407c582ee811faa657fcf4049e5cee73a9477979aee6b754", "b04b37e08455b865970640e27d152e488c21c884d107db64c85078bd31112598", "b613ef4484c38b8d6b0847236b31ce8d916125766d28d3275605fe4e2068ca4c", "b6c2dcc6ea4160d06b1b9c077c60c20a696633cbed86cbc82f4c24e01205ff90", "b7448cfff0c84067cf6df321b07758cf860b8c430b5a236c5559cd06aead156e", "b973fdc59f3e05c82eb6cec874cee7e6b8e7b0724519e05e7796174b67e2585a", "c0e4576d21f795d68d581160635c4a415a595689e930043a24e32976e530e470", "c7a40850e819f294e552934b1388265692c497ee8805153d630d8ee52dd29a5d", "c82f7cf10f22a13cd3e09fa382200e795a956fb1aefb4ec08e6432b61209c3d4", "d3b56764ee6cffd9ade8d108c5281b3ae2c78259646a35365b7dcaa0eb374236", "f5f0213eb64823daa2f78ac5198c2ad86c2db4c35f0f8723d4ecb0815a470356"], "key": "<HKCU>\\SOFTWARE\\L\u0000O\u0000C\u0000A\u0000L\u0000 \u0000A\u0000P\u0000P\u0000W\u0000I\u0000Z\u0000A\u0000R\u0000D\u0000-\u0000I\u0000__CxxFrameHandleR\u0000", "value_name": null}, {"hashes": ["011c853d55681b6c66de4a6e236e877f70bf4281f99717904681c40e22bb5c80", "22daa9c2625a897ecc2c7c44a1fdc803cd31fc657226ee59a979ff63c87435d7", "3bba0873c9073799c90d5d688b5e134d363fe7144d33ac1e4caf67000b8cb8d6", "4c4e8864dbf4cfc79f261adcb345375746bdfb3de6dc0ee76ed1018e5c542d88", "51777f5d039d22be89a4b1b97d188ce67e7494de5ecf9e70bd6859fd6d421800", "5f52a4e48eadb456a2dd706e890ba32a4e68f5878e58ebf4bd5ec0cfa04d4a32", "681753ed0b405c635d6ccf2abfb76abb543467de5185546d28766d321e434f43", "6a7cdd9cf6f68072082ab7f8edb5edb5477eb5d84b1b42f40564f361961aec87", "7db5ae0f1fabb2b231f63189ced5e9ac4948ecf0bac4187c0e3f07dc6c36c853", "842d57b78a49aeb676ae3c77e6659289a2ee5f2cf92dd79ee4d806884b01b80c", "8e4ac877d3d9ee05c7fe74f5dcaaaebf040d36a0d5d9d03eb17c67b191316e42", "935c702a47820490d153f561a3c00bbec4313fbb9f42a08f14ee21cda0e06afd", "97a7775f7ac2cab570cf489787b3df280883e552b4dd157a30de03005c56f3c8", "99ca0c57bb4b1437407c582ee811faa657fcf4049e5cee73a9477979aee6b754", "b04b37e08455b865970640e27d152e488c21c884d107db64c85078bd31112598", "b613ef4484c38b8d6b0847236b31ce8d916125766d28d3275605fe4e2068ca4c", "b6c2dcc6ea4160d06b1b9c077c60c20a696633cbed86cbc82f4c24e01205ff90", "b7448cfff0c84067cf6df321b07758cf860b8c430b5a236c5559cd06aead156e", "b973fdc59f3e05c82eb6cec874cee7e6b8e7b0724519e05e7796174b67e2585a", "c0e4576d21f795d68d581160635c4a415a595689e930043a24e32976e530e470", "c7a40850e819f294e552934b1388265692c497ee8805153d630d8ee52dd29a5d", "c82f7cf10f22a13cd3e09fa382200e795a956fb1aefb4ec08e6432b61209c3d4", "d3b56764ee6cffd9ade8d108c5281b3ae2c78259646a35365b7dcaa0eb374236", "f5f0213eb64823daa2f78ac5198c2ad86c2db4c35f0f8723d4ecb0815a470356"], "key": "<HKCU>\\SOFTWARE\\L\u0000O\u0000C\u0000A\u0000L\u0000 \u0000A\u0000P\u0000P\u0000W\u0000I\u0000Z\u0000A\u0000R\u0000D\u0000-\u0000I\u0000__CxxFrameHandleR\u0000\\LINEDRAW", "value_name": null}, {"hashes": ["011c853d55681b6c66de4a6e236e877f70bf4281f99717904681c40e22bb5c80", "22daa9c2625a897ecc2c7c44a1fdc803cd31fc657226ee59a979ff63c87435d7", "3bba0873c9073799c90d5d688b5e134d363fe7144d33ac1e4caf67000b8cb8d6", "4c4e8864dbf4cfc79f261adcb345375746bdfb3de6dc0ee76ed1018e5c542d88", "51777f5d039d22be89a4b1b97d188ce67e7494de5ecf9e70bd6859fd6d421800", "5f52a4e48eadb456a2dd706e890ba32a4e68f5878e58ebf4bd5ec0cfa04d4a32", "681753ed0b405c635d6ccf2abfb76abb543467de5185546d28766d321e434f43", "6a7cdd9cf6f68072082ab7f8edb5edb5477eb5d84b1b42f40564f361961aec87", "7db5ae0f1fabb2b231f63189ced5e9ac4948ecf0bac4187c0e3f07dc6c36c853", "842d57b78a49aeb676ae3c77e6659289a2ee5f2cf92dd79ee4d806884b01b80c", "8e4ac877d3d9ee05c7fe74f5dcaaaebf040d36a0d5d9d03eb17c67b191316e42", "935c702a47820490d153f561a3c00bbec4313fbb9f42a08f14ee21cda0e06afd", "97a7775f7ac2cab570cf489787b3df280883e552b4dd157a30de03005c56f3c8", "99ca0c57bb4b1437407c582ee811faa657fcf4049e5cee73a9477979aee6b754", "b04b37e08455b865970640e27d152e488c21c884d107db64c85078bd31112598", "b613ef4484c38b8d6b0847236b31ce8d916125766d28d3275605fe4e2068ca4c", "b6c2dcc6ea4160d06b1b9c077c60c20a696633cbed86cbc82f4c24e01205ff90", "b7448cfff0c84067cf6df321b07758cf860b8c430b5a236c5559cd06aead156e", "b973fdc59f3e05c82eb6cec874cee7e6b8e7b0724519e05e7796174b67e2585a", "c0e4576d21f795d68d581160635c4a415a595689e930043a24e32976e530e470", "c7a40850e819f294e552934b1388265692c497ee8805153d630d8ee52dd29a5d", "c82f7cf10f22a13cd3e09fa382200e795a956fb1aefb4ec08e6432b61209c3d4", "d3b56764ee6cffd9ade8d108c5281b3ae2c78259646a35365b7dcaa0eb374236", "f5f0213eb64823daa2f78ac5198c2ad86c2db4c35f0f8723d4ecb0815a470356"], "key": "<HKCU>\\SOFTWARE\\L\u0000O\u0000C\u0000A\u0000L\u0000 \u0000A\u0000P\u0000P\u0000W\u0000I\u0000Z\u0000A\u0000R\u0000D\u0000-\u0000I\u0000__CxxFrameHandleR\u0000\\LINEDRAW\\RECENT FILE LIST", "value_name": null}, {"hashes": ["011c853d55681b6c66de4a6e236e877f70bf4281f99717904681c40e22bb5c80", "22daa9c2625a897ecc2c7c44a1fdc803cd31fc657226ee59a979ff63c87435d7", "3bba0873c9073799c90d5d688b5e134d363fe7144d33ac1e4caf67000b8cb8d6", "4c4e8864dbf4cfc79f261adcb345375746bdfb3de6dc0ee76ed1018e5c542d88", "51777f5d039d22be89a4b1b97d188ce67e7494de5ecf9e70bd6859fd6d421800", "5f52a4e48eadb456a2dd706e890ba32a4e68f5878e58ebf4bd5ec0cfa04d4a32", "681753ed0b405c635d6ccf2abfb76abb543467de5185546d28766d321e434f43", "6a7cdd9cf6f68072082ab7f8edb5edb5477eb5d84b1b42f40564f361961aec87", "7db5ae0f1fabb2b231f63189ced5e9ac4948ecf0bac4187c0e3f07dc6c36c853", "842d57b78a49aeb676ae3c77e6659289a2ee5f2cf92dd79ee4d806884b01b80c", "8e4ac877d3d9ee05c7fe74f5dcaaaebf040d36a0d5d9d03eb17c67b191316e42", "935c702a47820490d153f561a3c00bbec4313fbb9f42a08f14ee21cda0e06afd", "97a7775f7ac2cab570cf489787b3df280883e552b4dd157a30de03005c56f3c8", "99ca0c57bb4b1437407c582ee811faa657fcf4049e5cee73a9477979aee6b754", "b04b37e08455b865970640e27d152e488c21c884d107db64c85078bd31112598", "b613ef4484c38b8d6b0847236b31ce8d916125766d28d3275605fe4e2068ca4c", "b6c2dcc6ea4160d06b1b9c077c60c20a696633cbed86cbc82f4c24e01205ff90", "b7448cfff0c84067cf6df321b07758cf860b8c430b5a236c5559cd06aead156e", "b973fdc59f3e05c82eb6cec874cee7e6b8e7b0724519e05e7796174b67e2585a", "c0e4576d21f795d68d581160635c4a415a595689e930043a24e32976e530e470", "c7a40850e819f294e552934b1388265692c497ee8805153d630d8ee52dd29a5d", "c82f7cf10f22a13cd3e09fa382200e795a956fb1aefb4ec08e6432b61209c3d4", "d3b56764ee6cffd9ade8d108c5281b3ae2c78259646a35365b7dcaa0eb374236", "f5f0213eb64823daa2f78ac5198c2ad86c2db4c35f0f8723d4ecb0815a470356"], "key": "<HKCU>\\SOFTWARE\\L\u0000O\u0000C\u0000A\u0000L\u0000 \u0000A\u0000P\u0000P\u0000W\u0000I\u0000Z\u0000A\u0000R\u0000D\u0000-\u0000I\u0000__CxxFrameHandleR\u0000\\LINEDRAW\\SETTINGS", "value_name": null}, {"hashes": ["51777f5d039d22be89a4b1b97d188ce67e7494de5ecf9e70bd6859fd6d421800", "5f52a4e48eadb456a2dd706e890ba32a4e68f5878e58ebf4bd5ec0cfa04d4a32", "6a7cdd9cf6f68072082ab7f8edb5edb5477eb5d84b1b42f40564f361961aec87", "d3b56764ee6cffd9ade8d108c5281b3ae2c78259646a35365b7dcaa0eb374236"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "{32382BC4-48A5-6DE8-F0EE-B8109DEC3228}"}, {"hashes": ["011c853d55681b6c66de4a6e236e877f70bf4281f99717904681c40e22bb5c80", "842d57b78a49aeb676ae3c77e6659289a2ee5f2cf92dd79ee4d806884b01b80c", "99ca0c57bb4b1437407c582ee811faa657fcf4049e5cee73a9477979aee6b754"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\EXPLORER\\ADVANCED", "value_name": "Hidden"}, {"hashes": ["011c853d55681b6c66de4a6e236e877f70bf4281f99717904681c40e22bb5c80", "842d57b78a49aeb676ae3c77e6659289a2ee5f2cf92dd79ee4d806884b01b80c", "99ca0c57bb4b1437407c582ee811faa657fcf4049e5cee73a9477979aee6b754"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\SYSTEM", "value_name": "EnableLUA"}, {"hashes": ["011c853d55681b6c66de4a6e236e877f70bf4281f99717904681c40e22bb5c80", "842d57b78a49aeb676ae3c77e6659289a2ee5f2cf92dd79ee4d806884b01b80c", "99ca0c57bb4b1437407c582ee811faa657fcf4049e5cee73a9477979aee6b754"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WSCSVC", "value_name": "Start"}, {"hashes": ["011c853d55681b6c66de4a6e236e877f70bf4281f99717904681c40e22bb5c80", "842d57b78a49aeb676ae3c77e6659289a2ee5f2cf92dd79ee4d806884b01b80c", "99ca0c57bb4b1437407c582ee811faa657fcf4049e5cee73a9477979aee6b754"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WINDEFEND", "value_name": "Start"}, {"hashes": ["011c853d55681b6c66de4a6e236e877f70bf4281f99717904681c40e22bb5c80", "842d57b78a49aeb676ae3c77e6659289a2ee5f2cf92dd79ee4d806884b01b80c", "99ca0c57bb4b1437407c582ee811faa657fcf4049e5cee73a9477979aee6b754"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\EXPLORER\\ADVANCED", "value_name": "ShowSuperHidden"}, {"hashes": ["011c853d55681b6c66de4a6e236e877f70bf4281f99717904681c40e22bb5c80", "842d57b78a49aeb676ae3c77e6659289a2ee5f2cf92dd79ee4d806884b01b80c", "99ca0c57bb4b1437407c582ee811faa657fcf4049e5cee73a9477979aee6b754"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\SHAREDACCESS", "value_name": "Start"}, {"hashes": ["011c853d55681b6c66de4a6e236e877f70bf4281f99717904681c40e22bb5c80", "842d57b78a49aeb676ae3c77e6659289a2ee5f2cf92dd79ee4d806884b01b80c", "99ca0c57bb4b1437407c582ee811faa657fcf4049e5cee73a9477979aee6b754"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\MPSSVC", "value_name": "Start"}, {"hashes": ["011c853d55681b6c66de4a6e236e877f70bf4281f99717904681c40e22bb5c80", "842d57b78a49aeb676ae3c77e6659289a2ee5f2cf92dd79ee4d806884b01b80c", "99ca0c57bb4b1437407c582ee811faa657fcf4049e5cee73a9477979aee6b754"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WUAUSERV", "value_name": "Start"}, {"hashes": ["011c853d55681b6c66de4a6e236e877f70bf4281f99717904681c40e22bb5c80", "842d57b78a49aeb676ae3c77e6659289a2ee5f2cf92dd79ee4d806884b01b80c", "99ca0c57bb4b1437407c582ee811faa657fcf4049e5cee73a9477979aee6b754"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\EXPLORER", "value_name": "TaskbarNoNotification"}, {"hashes": ["011c853d55681b6c66de4a6e236e877f70bf4281f99717904681c40e22bb5c80", "842d57b78a49aeb676ae3c77e6659289a2ee5f2cf92dd79ee4d806884b01b80c", "99ca0c57bb4b1437407c582ee811faa657fcf4049e5cee73a9477979aee6b754"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\EXPLORER", "value_name": "TaskbarNoNotification"}, {"hashes": ["011c853d55681b6c66de4a6e236e877f70bf4281f99717904681c40e22bb5c80", "842d57b78a49aeb676ae3c77e6659289a2ee5f2cf92dd79ee4d806884b01b80c", "99ca0c57bb4b1437407c582ee811faa657fcf4049e5cee73a9477979aee6b754"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\EXPLORER", "value_name": "HideSCAHealth"}, {"hashes": ["011c853d55681b6c66de4a6e236e877f70bf4281f99717904681c40e22bb5c80", "842d57b78a49aeb676ae3c77e6659289a2ee5f2cf92dd79ee4d806884b01b80c", "99ca0c57bb4b1437407c582ee811faa657fcf4049e5cee73a9477979aee6b754"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\EXPLORER", "value_name": "HideSCAHealth"}, {"hashes": ["011c853d55681b6c66de4a6e236e877f70bf4281f99717904681c40e22bb5c80", "842d57b78a49aeb676ae3c77e6659289a2ee5f2cf92dd79ee4d806884b01b80c", "99ca0c57bb4b1437407c582ee811faa657fcf4049e5cee73a9477979aee6b754"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\EXPLORER\\RUN", "value_name": "2827271685"}, {"hashes": ["011c853d55681b6c66de4a6e236e877f70bf4281f99717904681c40e22bb5c80", "842d57b78a49aeb676ae3c77e6659289a2ee5f2cf92dd79ee4d806884b01b80c", "99ca0c57bb4b1437407c582ee811faa657fcf4049e5cee73a9477979aee6b754"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\EXPLORER\\RUN", "value_name": null}, {"hashes": ["b613ef4484c38b8d6b0847236b31ce8d916125766d28d3275605fe4e2068ca4c", "b6c2dcc6ea4160d06b1b9c077c60c20a696633cbed86cbc82f4c24e01205ff90"], "key": "<HKCU>\\SOFTWARE\\NETSCAPE\\5.0", "value_name": null}, {"hashes": ["b613ef4484c38b8d6b0847236b31ce8d916125766d28d3275605fe4e2068ca4c", "b6c2dcc6ea4160d06b1b9c077c60c20a696633cbed86cbc82f4c24e01205ff90"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "owgkjfld.exe"}, {"hashes": ["b613ef4484c38b8d6b0847236b31ce8d916125766d28d3275605fe4e2068ca4c", "b6c2dcc6ea4160d06b1b9c077c60c20a696633cbed86cbc82f4c24e01205ff90"], "key": "<HKCU>\\SOFTWARE\\NETSCAPE\\5.0\\F563576C", "value_name": null}, {"hashes": ["b613ef4484c38b8d6b0847236b31ce8d916125766d28d3275605fe4e2068ca4c", "b6c2dcc6ea4160d06b1b9c077c60c20a696633cbed86cbc82f4c24e01205ff90"], "key": "<HKCU>\\SOFTWARE\\NETSCAPE\\5.0\\F563576C\\QF563576C", "value_name": null}, {"hashes": ["b613ef4484c38b8d6b0847236b31ce8d916125766d28d3275605fe4e2068ca4c", "b6c2dcc6ea4160d06b1b9c077c60c20a696633cbed86cbc82f4c24e01205ff90"], "key": "<HKCU>\\SOFTWARE\\NETSCAPE\\5.0\\F563576C\\WF563576C", "value_name": null}, {"hashes": ["b613ef4484c38b8d6b0847236b31ce8d916125766d28d3275605fe4e2068ca4c", "b6c2dcc6ea4160d06b1b9c077c60c20a696633cbed86cbc82f4c24e01205ff90"], "key": "<HKCU>\\SOFTWARE\\NETSCAPE\\5.0\\F563576C\\EF563576C", "value_name": null}, {"hashes": ["4c4e8864dbf4cfc79f261adcb345375746bdfb3de6dc0ee76ed1018e5c542d88"], "key": "<HKCU>\\SOFTWARE\\{5E7E456A-6307-417E-B4E0-105377612776}", "value_name": null}, {"hashes": ["4c4e8864dbf4cfc79f261adcb345375746bdfb3de6dc0ee76ed1018e5c542d88"], "key": "<HKCU>\\SOFTWARE\\{5E7E456A-6307-417E-B4E0-105377612776}", "value_name": "lkkehenfccnanlek"}, {"hashes": ["c82f7cf10f22a13cd3e09fa382200e795a956fb1aefb4ec08e6432b61209c3d4"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "fcHZqocstQIPbpAgJrcgXvgKSe"}, {"hashes": ["c82f7cf10f22a13cd3e09fa382200e795a956fb1aefb4ec08e6432b61209c3d4"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINLOGON", "value_name": "SysDebug32"}]}, "reports_count": 27}, "exprev": [{"count": 2624, "description": "DealPly is adware, which claims to improve your online shopping experience. It is often bundled into other legitimate installers and is difficult to uninstall. It creates pop-up advertisements and injects advertisements on webpages. Adware has also been known to download and install malware.", "name": "Dealply adware detected"}, {"count": 2566, "description": "Process hollowing is a technique used by some programs to avoid static analysis. In typical usage, a process is started and its obfuscated or encrypted contents are unpacked into memory. The parent then manually sets up the first stages of launching a child process, but before launching it, the memory is cleared and filled in with the memory from the parent instead.", "name": "Process hollowing detected"}, {"count": 1660, "description": "An attempt to exploit CVE-2019-0708 has been detected. The vulnerability, dubbed BlueKeep, is a heap memory corruption which can be triggered by sending a specially crafted Remote Desktop Protocol (RDP) request. Since this vulnerability can be triggered without authentication and allows remote code execution, it can be used by worms to spread automatically without human interaction.", "name": "CVE-2019-0708 detected"}, {"count": 1285, "description": "Crystalbit-Apple DLL double hijack was detected. During this attack, the adversary abuses two legitimate vendor applications, such as CrystalBit and Apple, as part of a dll double hijack attack chain that starts with a fraudulent software bundle and eventually leads to a persistent miner and in some cases spyware deployment.", "name": "Crystalbit-Apple DLL double hijack detected"}, {"count": 1243, "description": "An attempt to bypass application whitelisting via the \"Squiblydoo\" technique has been detected. This typically involves using regsvr32.exe to execute script content hosted on an attacker controlled server.", "name": "Squiblydoo application whitelist bypass attempt detected."}, {"count": 775, "description": "A process associated with Microsoft Office, such as EXCEL.exe or WINWORD.exe, has started a Windows utility such as powershell.exe or cmd.exe. This is typical behavior of malicious documents executing additional scripts. This behavior is extremely suspicious and is associated with many malware different malware campaigns and families.", "name": "A Microsoft Office process has started a windows utility."}, {"count": 534, "description": "A PowerShell command with a very long command line argument that may indicate an obfuscated script has been detected. PowerShell is an extensible Windows scripting language present on all versions of Windows. Malware authors use PowerShell in an attempt to evade security software or other monitoring that is not tuned to detect PowerShell based threats.", "name": "Excessively long PowerShell command detected"}, {"count": 348, "description": "Smoke Loader has been detected. Smokeloader is used mainly to execute other malicious software, like ransomware or cryptocurrency miners. Its initial infection vector is usually an email with a malicious Microsoft Word document or delivered through an exploit kit. Smokeloader uses various plugins designed to steal data from its victims, particularly credentials stored on the system or transfered over HTTP, HTTPS, FTP, SMTP, POP3 or IMAP.", "name": "Smoke Loader detected"}, {"count": 301, "description": "A process was injected into, most likely by an existing Kovter infection. Kovter is a click fraud Trojan that can also act as an information stealer. Kovter is also file-less malware meaning the malicious DLL is stored inside Windows registry and injected directly into memory using PowerShell. It can detect and report the usage of monitoring software such as wireshark and sandboxes to its C2. It spreads through malicious advertising and spam campaigns.", "name": "Kovter injection detected"}, {"count": 254, "description": "The certutil.exe utility has been detected downloading and executing a file. Upon execution, the downloaded file behaved suspiciously. The normal usage of certutil.exe involves retrieving certificate information. Attackers can use this utility to download additional malicious payloads.", "name": "Certutil.exe is downloading a file"}, {"count": 246, "description": "Maze ransomware has been detected injecting into rundll32.exe or regsvr32.exe. Maze can encrypt files on the victim and demand a ransom. It can also exfiltrate data back to the attacker prior to encryption.", "name": "Maze ransomware detected"}, {"count": 245, "description": "Install core is an installer which bundles legitimate applications with offers for additional third-party applications that may be unwanted. The unwanted applications are often adware that display advertising in the form of popups or by injecting into browsers and adding or altering advertisements on webpages. Adware is known to sometimes download and install malware.", "name": "Installcore adware detected"}, {"count": 134, "description": "Gamarue is a family of malware that can download files and steal information from an infected system. Worm variants of the Gamarue family may spread by infecting USB drives or portable hard disks that have been plugged into a compromised system.", "name": "Gamarue malware detected"}, {"count": 28, "description": "A malware dropper has been detected. A dropper will download or unpack addtional malware during it's execution. A variety of techniques can be employed for the payload to gain persistence and escalate privelege if neccessary.", "name": "Malware dropper detected"}, {"count": 28, "description": "Bluestacks adware displays unwanted advertising in the form of popups or by injecting into browsers and altering advertisements on webpages. Adware has also been known to download and install malware.", "name": "Bluestacks adware detected"}, {"count": 26, "description": "An exploit payload intended to connect back to an attacker controlled host using tcp has been detected.", "name": "Reverse tcp payload detected"}, {"count": 19, "description": "Trickbot is a banking Trojan which appeared in late 2016. Due to the similarities between Trickbot and Dyre, it is suspected some of the individuals responsible for Dyre are now responsible for Trickbot. Trickbot has been rapidly evolving over the months since it has appeared. However, Trickbot is still missing some of the capabilities Dyre possessed. Its current modules include DLL injection, system information gathering, and email searching.", "name": "Trickbot malware detected"}, {"count": 10, "description": "An exploit payload intended to connect back to an attacker controlled host using http has been detected.", "name": "Reverse http payload detected"}, {"count": 10, "description": "Command line options indicating usage of XMRig Miner have been detected. Malware sometimes uses compromised hosts to mine for cryptocurrency on behalf of the attacker.", "name": "XMRig Miner Detected"}, {"count": 6, "description": "Corebot is a Trojan with many capabilities found in other prominent families. It features a plugin system to enable it to load a variety of features from the C&C server at any time. Known plugins include RAT capabilities such as taking desktop screenshots, as well as being able to intercept and modify browser communications and steal data, especially data related to banking.", "name": "Corebot malware detected"}, {"count": 6, "description": "DivX is a package of video codecs for playing video in a web browser or other video players. Most DivX installers (including signed installers downloaded from the DivX website) contain adware that is difficult or impossible to avoid installing along with DivX.", "name": "Divx adware detected"}, {"count": 5, "description": "Palikan is a potentially unwanted application (PUA), browser hijacker, a type of malware that most of the time does not explicitly or completely state its function or purpose. When is present on the system, it may change the default homepage, change the search engine, redirect traffic to malicious sites, install add-ons, extensions, or plug-ins, open unwanted windows or show advertising. Palikan commonly arrives as a file dropped by other malware or as a file downloaded unknowingly from a malicious site. It has also been closely associated with DealPly.", "name": "Palikan browser hijacker detected"}], "info": {"origin": "Cisco Talos Intelligence Group", "publication_date": "2020-12-18T14:06:56+00:00", "version": "2.1", "warning": "As a reminder, the information provided for the following threatsin this post is non-exhaustive and current as of the date ofpublication. Additionally, please keep in mind that IOC searchingis only one part of threat hunting. Spotting a single IOC does notnecessarily indicate maliciousness. Detection and coverage for thefollowing threats is subject to updates, pending additional threator vulnerability analysis. For the most current information, pleaserefer to your Firepower Management Center, Snort.org, or ClamAV.net."}, "signatures": ["Win.Packed.Razy-9807129-0", "Win.Dropper.LokiBot-9810026-0", "Win.Packed.Dridex-9807477-1", "Win.Trojan.Gamarue-9809766-0", "Win.Dropper.TinyBanker-9805436-0", "Win.Dropper.Cerber-9805579-0", "Win.Malware.DarkComet-9805462-1", "Win.Packed.Phorpiex-9805496-0", "Win.Adware.Tovkater-9805523-0"]}