{"Win.Dropper.Cerber-9829555-1": {"bis": [{"bi": "pe-encrypted-section", "hashes": ["4c4187c62b97c8c167289a5dec65796404bb1288ab24da252977788d718b3361", "cfd5b9fa22aa9919fcc00f1301c33ee1308ce2f813a69c720d55ca01e47971d2", "99157487d7abea9e2e319db1981a0e2d17fc6d951ecbf71c238e591d4c93471c", "ef7887c0fe669b1c455d45d4e27dd0a77ec8402f56819687d0497a1063fc2ace", "214f926be0c975825898f9733b0543555b17165f2ed76551c1f00877e8b22ff9", "c6232a10478b049445b26edd345ff71aee05f08b37f82c321163b66442f5472d", "7c5441111edbff3e1e6db2b9730ec0f1fac10d9e3c136af69466f20ae485b2e3", "11752a59f3e0f1da8f0a5c10bc43ffe41f73ca471d04f2c0d1a4e90ce18d6939", "bb61c9e0cc44e8dcfa47d0faa8952edde8d03db24425b6d83350699340934b8e", "60211e7c36b36ede1575be52c8b8de60612c81b68041a1b7d8ca976aa5df972b", "5d2a9ba3a4504e95b684c941ef547076c9e5b0ba5f0bc483477eddd08fddbed5", "af23f65f72785da1e976e097b74b4fba71c8d39fd532d104912eed424e513803", "443936e688d6ba85b3eb6f09906dbbf0743b71d7106ac1a60f46f2f9fb83a172"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "memory-execute-readwrite", "hashes": ["4c4187c62b97c8c167289a5dec65796404bb1288ab24da252977788d718b3361", "cfd5b9fa22aa9919fcc00f1301c33ee1308ce2f813a69c720d55ca01e47971d2", "99157487d7abea9e2e319db1981a0e2d17fc6d951ecbf71c238e591d4c93471c", "ef7887c0fe669b1c455d45d4e27dd0a77ec8402f56819687d0497a1063fc2ace", "214f926be0c975825898f9733b0543555b17165f2ed76551c1f00877e8b22ff9", "c6232a10478b049445b26edd345ff71aee05f08b37f82c321163b66442f5472d", "7c5441111edbff3e1e6db2b9730ec0f1fac10d9e3c136af69466f20ae485b2e3", "11752a59f3e0f1da8f0a5c10bc43ffe41f73ca471d04f2c0d1a4e90ce18d6939", "bb61c9e0cc44e8dcfa47d0faa8952edde8d03db24425b6d83350699340934b8e", "60211e7c36b36ede1575be52c8b8de60612c81b68041a1b7d8ca976aa5df972b", "5d2a9ba3a4504e95b684c941ef547076c9e5b0ba5f0bc483477eddd08fddbed5", "af23f65f72785da1e976e097b74b4fba71c8d39fd532d104912eed424e513803", "443936e688d6ba85b3eb6f09906dbbf0743b71d7106ac1a60f46f2f9fb83a172"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "modified-executable", "hashes": ["4c4187c62b97c8c167289a5dec65796404bb1288ab24da252977788d718b3361", "cfd5b9fa22aa9919fcc00f1301c33ee1308ce2f813a69c720d55ca01e47971d2", "99157487d7abea9e2e319db1981a0e2d17fc6d951ecbf71c238e591d4c93471c", "ef7887c0fe669b1c455d45d4e27dd0a77ec8402f56819687d0497a1063fc2ace", "214f926be0c975825898f9733b0543555b17165f2ed76551c1f00877e8b22ff9", "c6232a10478b049445b26edd345ff71aee05f08b37f82c321163b66442f5472d", "7c5441111edbff3e1e6db2b9730ec0f1fac10d9e3c136af69466f20ae485b2e3", "11752a59f3e0f1da8f0a5c10bc43ffe41f73ca471d04f2c0d1a4e90ce18d6939", "bb61c9e0cc44e8dcfa47d0faa8952edde8d03db24425b6d83350699340934b8e", "60211e7c36b36ede1575be52c8b8de60612c81b68041a1b7d8ca976aa5df972b", "5d2a9ba3a4504e95b684c941ef547076c9e5b0ba5f0bc483477eddd08fddbed5", "af23f65f72785da1e976e097b74b4fba71c8d39fd532d104912eed424e513803", "443936e688d6ba85b3eb6f09906dbbf0743b71d7106ac1a60f46f2f9fb83a172"], "mitre_attack_tags": []}, {"bi": "created-executable-in-user-dir", "hashes": ["4c4187c62b97c8c167289a5dec65796404bb1288ab24da252977788d718b3361", "cfd5b9fa22aa9919fcc00f1301c33ee1308ce2f813a69c720d55ca01e47971d2", "99157487d7abea9e2e319db1981a0e2d17fc6d951ecbf71c238e591d4c93471c", "ef7887c0fe669b1c455d45d4e27dd0a77ec8402f56819687d0497a1063fc2ace", "214f926be0c975825898f9733b0543555b17165f2ed76551c1f00877e8b22ff9", "c6232a10478b049445b26edd345ff71aee05f08b37f82c321163b66442f5472d", "7c5441111edbff3e1e6db2b9730ec0f1fac10d9e3c136af69466f20ae485b2e3", "11752a59f3e0f1da8f0a5c10bc43ffe41f73ca471d04f2c0d1a4e90ce18d6939", "bb61c9e0cc44e8dcfa47d0faa8952edde8d03db24425b6d83350699340934b8e", "60211e7c36b36ede1575be52c8b8de60612c81b68041a1b7d8ca976aa5df972b", "5d2a9ba3a4504e95b684c941ef547076c9e5b0ba5f0bc483477eddd08fddbed5", "af23f65f72785da1e976e097b74b4fba71c8d39fd532d104912eed424e513803", "443936e688d6ba85b3eb6f09906dbbf0743b71d7106ac1a60f46f2f9fb83a172"], "mitre_attack_tags": []}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["4c4187c62b97c8c167289a5dec65796404bb1288ab24da252977788d718b3361", "cfd5b9fa22aa9919fcc00f1301c33ee1308ce2f813a69c720d55ca01e47971d2", "99157487d7abea9e2e319db1981a0e2d17fc6d951ecbf71c238e591d4c93471c", "ef7887c0fe669b1c455d45d4e27dd0a77ec8402f56819687d0497a1063fc2ace", "214f926be0c975825898f9733b0543555b17165f2ed76551c1f00877e8b22ff9", "c6232a10478b049445b26edd345ff71aee05f08b37f82c321163b66442f5472d", "7c5441111edbff3e1e6db2b9730ec0f1fac10d9e3c136af69466f20ae485b2e3", "11752a59f3e0f1da8f0a5c10bc43ffe41f73ca471d04f2c0d1a4e90ce18d6939", "bb61c9e0cc44e8dcfa47d0faa8952edde8d03db24425b6d83350699340934b8e", "60211e7c36b36ede1575be52c8b8de60612c81b68041a1b7d8ca976aa5df972b", "5d2a9ba3a4504e95b684c941ef547076c9e5b0ba5f0bc483477eddd08fddbed5", "af23f65f72785da1e976e097b74b4fba71c8d39fd532d104912eed424e513803", "443936e688d6ba85b3eb6f09906dbbf0743b71d7106ac1a60f46f2f9fb83a172"], "mitre_attack_tags": []}, {"bi": "modified-file-in-user-dir", "hashes": ["4c4187c62b97c8c167289a5dec65796404bb1288ab24da252977788d718b3361", "cfd5b9fa22aa9919fcc00f1301c33ee1308ce2f813a69c720d55ca01e47971d2", "99157487d7abea9e2e319db1981a0e2d17fc6d951ecbf71c238e591d4c93471c", "ef7887c0fe669b1c455d45d4e27dd0a77ec8402f56819687d0497a1063fc2ace", "214f926be0c975825898f9733b0543555b17165f2ed76551c1f00877e8b22ff9", "c6232a10478b049445b26edd345ff71aee05f08b37f82c321163b66442f5472d", "7c5441111edbff3e1e6db2b9730ec0f1fac10d9e3c136af69466f20ae485b2e3", "11752a59f3e0f1da8f0a5c10bc43ffe41f73ca471d04f2c0d1a4e90ce18d6939", "bb61c9e0cc44e8dcfa47d0faa8952edde8d03db24425b6d83350699340934b8e", "60211e7c36b36ede1575be52c8b8de60612c81b68041a1b7d8ca976aa5df972b", "5d2a9ba3a4504e95b684c941ef547076c9e5b0ba5f0bc483477eddd08fddbed5", "af23f65f72785da1e976e097b74b4fba71c8d39fd532d104912eed424e513803", "443936e688d6ba85b3eb6f09906dbbf0743b71d7106ac1a60f46f2f9fb83a172"], "mitre_attack_tags": []}, {"bi": "pe-invalid-checksum", "hashes": ["4c4187c62b97c8c167289a5dec65796404bb1288ab24da252977788d718b3361", "cfd5b9fa22aa9919fcc00f1301c33ee1308ce2f813a69c720d55ca01e47971d2", "99157487d7abea9e2e319db1981a0e2d17fc6d951ecbf71c238e591d4c93471c", "ef7887c0fe669b1c455d45d4e27dd0a77ec8402f56819687d0497a1063fc2ace", "214f926be0c975825898f9733b0543555b17165f2ed76551c1f00877e8b22ff9", "c6232a10478b049445b26edd345ff71aee05f08b37f82c321163b66442f5472d", "7c5441111edbff3e1e6db2b9730ec0f1fac10d9e3c136af69466f20ae485b2e3", "11752a59f3e0f1da8f0a5c10bc43ffe41f73ca471d04f2c0d1a4e90ce18d6939", "bb61c9e0cc44e8dcfa47d0faa8952edde8d03db24425b6d83350699340934b8e", "60211e7c36b36ede1575be52c8b8de60612c81b68041a1b7d8ca976aa5df972b", "5d2a9ba3a4504e95b684c941ef547076c9e5b0ba5f0bc483477eddd08fddbed5", "af23f65f72785da1e976e097b74b4fba71c8d39fd532d104912eed424e513803", "443936e688d6ba85b3eb6f09906dbbf0743b71d7106ac1a60f46f2f9fb83a172"], "mitre_attack_tags": []}, {"bi": "cta-static-analyzer-malicious", "hashes": ["4c4187c62b97c8c167289a5dec65796404bb1288ab24da252977788d718b3361", "cfd5b9fa22aa9919fcc00f1301c33ee1308ce2f813a69c720d55ca01e47971d2", "99157487d7abea9e2e319db1981a0e2d17fc6d951ecbf71c238e591d4c93471c", "ef7887c0fe669b1c455d45d4e27dd0a77ec8402f56819687d0497a1063fc2ace", "214f926be0c975825898f9733b0543555b17165f2ed76551c1f00877e8b22ff9", "c6232a10478b049445b26edd345ff71aee05f08b37f82c321163b66442f5472d", "7c5441111edbff3e1e6db2b9730ec0f1fac10d9e3c136af69466f20ae485b2e3", "11752a59f3e0f1da8f0a5c10bc43ffe41f73ca471d04f2c0d1a4e90ce18d6939", "bb61c9e0cc44e8dcfa47d0faa8952edde8d03db24425b6d83350699340934b8e", "60211e7c36b36ede1575be52c8b8de60612c81b68041a1b7d8ca976aa5df972b", "5d2a9ba3a4504e95b684c941ef547076c9e5b0ba5f0bc483477eddd08fddbed5", "af23f65f72785da1e976e097b74b4fba71c8d39fd532d104912eed424e513803", "443936e688d6ba85b3eb6f09906dbbf0743b71d7106ac1a60f46f2f9fb83a172"], "mitre_attack_tags": []}, {"bi": "process-long-cmdline", "hashes": ["4c4187c62b97c8c167289a5dec65796404bb1288ab24da252977788d718b3361", "cfd5b9fa22aa9919fcc00f1301c33ee1308ce2f813a69c720d55ca01e47971d2", "99157487d7abea9e2e319db1981a0e2d17fc6d951ecbf71c238e591d4c93471c", "ef7887c0fe669b1c455d45d4e27dd0a77ec8402f56819687d0497a1063fc2ace", "214f926be0c975825898f9733b0543555b17165f2ed76551c1f00877e8b22ff9", "c6232a10478b049445b26edd345ff71aee05f08b37f82c321163b66442f5472d", "7c5441111edbff3e1e6db2b9730ec0f1fac10d9e3c136af69466f20ae485b2e3", "11752a59f3e0f1da8f0a5c10bc43ffe41f73ca471d04f2c0d1a4e90ce18d6939", "bb61c9e0cc44e8dcfa47d0faa8952edde8d03db24425b6d83350699340934b8e", "60211e7c36b36ede1575be52c8b8de60612c81b68041a1b7d8ca976aa5df972b", "5d2a9ba3a4504e95b684c941ef547076c9e5b0ba5f0bc483477eddd08fddbed5", "af23f65f72785da1e976e097b74b4fba71c8d39fd532d104912eed424e513803", "443936e688d6ba85b3eb6f09906dbbf0743b71d7106ac1a60f46f2f9fb83a172"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-uses-visual-basic", "hashes": ["4c4187c62b97c8c167289a5dec65796404bb1288ab24da252977788d718b3361", "cfd5b9fa22aa9919fcc00f1301c33ee1308ce2f813a69c720d55ca01e47971d2", "99157487d7abea9e2e319db1981a0e2d17fc6d951ecbf71c238e591d4c93471c", "ef7887c0fe669b1c455d45d4e27dd0a77ec8402f56819687d0497a1063fc2ace", "214f926be0c975825898f9733b0543555b17165f2ed76551c1f00877e8b22ff9", "c6232a10478b049445b26edd345ff71aee05f08b37f82c321163b66442f5472d", "7c5441111edbff3e1e6db2b9730ec0f1fac10d9e3c136af69466f20ae485b2e3", "11752a59f3e0f1da8f0a5c10bc43ffe41f73ca471d04f2c0d1a4e90ce18d6939", "bb61c9e0cc44e8dcfa47d0faa8952edde8d03db24425b6d83350699340934b8e", "60211e7c36b36ede1575be52c8b8de60612c81b68041a1b7d8ca976aa5df972b", "5d2a9ba3a4504e95b684c941ef547076c9e5b0ba5f0bc483477eddd08fddbed5", "af23f65f72785da1e976e097b74b4fba71c8d39fd532d104912eed424e513803", "443936e688d6ba85b3eb6f09906dbbf0743b71d7106ac1a60f46f2f9fb83a172"], "mitre_attack_tags": []}, {"bi": "deleted-submitted-file", "hashes": ["4c4187c62b97c8c167289a5dec65796404bb1288ab24da252977788d718b3361", "cfd5b9fa22aa9919fcc00f1301c33ee1308ce2f813a69c720d55ca01e47971d2", "99157487d7abea9e2e319db1981a0e2d17fc6d951ecbf71c238e591d4c93471c", "ef7887c0fe669b1c455d45d4e27dd0a77ec8402f56819687d0497a1063fc2ace", "214f926be0c975825898f9733b0543555b17165f2ed76551c1f00877e8b22ff9", "c6232a10478b049445b26edd345ff71aee05f08b37f82c321163b66442f5472d", "7c5441111edbff3e1e6db2b9730ec0f1fac10d9e3c136af69466f20ae485b2e3", "11752a59f3e0f1da8f0a5c10bc43ffe41f73ca471d04f2c0d1a4e90ce18d6939", "bb61c9e0cc44e8dcfa47d0faa8952edde8d03db24425b6d83350699340934b8e", "60211e7c36b36ede1575be52c8b8de60612c81b68041a1b7d8ca976aa5df972b", "5d2a9ba3a4504e95b684c941ef547076c9e5b0ba5f0bc483477eddd08fddbed5", "af23f65f72785da1e976e097b74b4fba71c8d39fd532d104912eed424e513803", "443936e688d6ba85b3eb6f09906dbbf0743b71d7106ac1a60f46f2f9fb83a172"], "mitre_attack_tags": ["TA0005", "T1070"]}, {"bi": "compound-vb-self-delete", "hashes": ["4c4187c62b97c8c167289a5dec65796404bb1288ab24da252977788d718b3361", "cfd5b9fa22aa9919fcc00f1301c33ee1308ce2f813a69c720d55ca01e47971d2", "99157487d7abea9e2e319db1981a0e2d17fc6d951ecbf71c238e591d4c93471c", "ef7887c0fe669b1c455d45d4e27dd0a77ec8402f56819687d0497a1063fc2ace", "214f926be0c975825898f9733b0543555b17165f2ed76551c1f00877e8b22ff9", "c6232a10478b049445b26edd345ff71aee05f08b37f82c321163b66442f5472d", "7c5441111edbff3e1e6db2b9730ec0f1fac10d9e3c136af69466f20ae485b2e3", "11752a59f3e0f1da8f0a5c10bc43ffe41f73ca471d04f2c0d1a4e90ce18d6939", "bb61c9e0cc44e8dcfa47d0faa8952edde8d03db24425b6d83350699340934b8e", "60211e7c36b36ede1575be52c8b8de60612c81b68041a1b7d8ca976aa5df972b", "5d2a9ba3a4504e95b684c941ef547076c9e5b0ba5f0bc483477eddd08fddbed5", "af23f65f72785da1e976e097b74b4fba71c8d39fd532d104912eed424e513803", "443936e688d6ba85b3eb6f09906dbbf0743b71d7106ac1a60f46f2f9fb83a172"], "mitre_attack_tags": []}, {"bi": "sample-launched-copy-of-self", "hashes": ["4c4187c62b97c8c167289a5dec65796404bb1288ab24da252977788d718b3361", "cfd5b9fa22aa9919fcc00f1301c33ee1308ce2f813a69c720d55ca01e47971d2", "99157487d7abea9e2e319db1981a0e2d17fc6d951ecbf71c238e591d4c93471c", "ef7887c0fe669b1c455d45d4e27dd0a77ec8402f56819687d0497a1063fc2ace", "214f926be0c975825898f9733b0543555b17165f2ed76551c1f00877e8b22ff9", "c6232a10478b049445b26edd345ff71aee05f08b37f82c321163b66442f5472d", "7c5441111edbff3e1e6db2b9730ec0f1fac10d9e3c136af69466f20ae485b2e3", "11752a59f3e0f1da8f0a5c10bc43ffe41f73ca471d04f2c0d1a4e90ce18d6939", "bb61c9e0cc44e8dcfa47d0faa8952edde8d03db24425b6d83350699340934b8e", "60211e7c36b36ede1575be52c8b8de60612c81b68041a1b7d8ca976aa5df972b", "5d2a9ba3a4504e95b684c941ef547076c9e5b0ba5f0bc483477eddd08fddbed5", "af23f65f72785da1e976e097b74b4fba71c8d39fd532d104912eed424e513803", "443936e688d6ba85b3eb6f09906dbbf0743b71d7106ac1a60f46f2f9fb83a172"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "registry-autorun-key-data-dir", "hashes": ["4c4187c62b97c8c167289a5dec65796404bb1288ab24da252977788d718b3361", "cfd5b9fa22aa9919fcc00f1301c33ee1308ce2f813a69c720d55ca01e47971d2", "99157487d7abea9e2e319db1981a0e2d17fc6d951ecbf71c238e591d4c93471c", "ef7887c0fe669b1c455d45d4e27dd0a77ec8402f56819687d0497a1063fc2ace", "214f926be0c975825898f9733b0543555b17165f2ed76551c1f00877e8b22ff9", "c6232a10478b049445b26edd345ff71aee05f08b37f82c321163b66442f5472d", "7c5441111edbff3e1e6db2b9730ec0f1fac10d9e3c136af69466f20ae485b2e3", "11752a59f3e0f1da8f0a5c10bc43ffe41f73ca471d04f2c0d1a4e90ce18d6939", "bb61c9e0cc44e8dcfa47d0faa8952edde8d03db24425b6d83350699340934b8e", "60211e7c36b36ede1575be52c8b8de60612c81b68041a1b7d8ca976aa5df972b", "5d2a9ba3a4504e95b684c941ef547076c9e5b0ba5f0bc483477eddd08fddbed5", "af23f65f72785da1e976e097b74b4fba71c8d39fd532d104912eed424e513803", "443936e688d6ba85b3eb6f09906dbbf0743b71d7106ac1a60f46f2f9fb83a172"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "registry-autorun-key-modified", "hashes": ["4c4187c62b97c8c167289a5dec65796404bb1288ab24da252977788d718b3361", "cfd5b9fa22aa9919fcc00f1301c33ee1308ce2f813a69c720d55ca01e47971d2", "99157487d7abea9e2e319db1981a0e2d17fc6d951ecbf71c238e591d4c93471c", "ef7887c0fe669b1c455d45d4e27dd0a77ec8402f56819687d0497a1063fc2ace", "214f926be0c975825898f9733b0543555b17165f2ed76551c1f00877e8b22ff9", "c6232a10478b049445b26edd345ff71aee05f08b37f82c321163b66442f5472d", "7c5441111edbff3e1e6db2b9730ec0f1fac10d9e3c136af69466f20ae485b2e3", "11752a59f3e0f1da8f0a5c10bc43ffe41f73ca471d04f2c0d1a4e90ce18d6939", "bb61c9e0cc44e8dcfa47d0faa8952edde8d03db24425b6d83350699340934b8e", "60211e7c36b36ede1575be52c8b8de60612c81b68041a1b7d8ca976aa5df972b", "5d2a9ba3a4504e95b684c941ef547076c9e5b0ba5f0bc483477eddd08fddbed5", "af23f65f72785da1e976e097b74b4fba71c8d39fd532d104912eed424e513803", "443936e688d6ba85b3eb6f09906dbbf0743b71d7106ac1a60f46f2f9fb83a172"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "unsigned-roaming-execution", "hashes": ["4c4187c62b97c8c167289a5dec65796404bb1288ab24da252977788d718b3361", "cfd5b9fa22aa9919fcc00f1301c33ee1308ce2f813a69c720d55ca01e47971d2", "99157487d7abea9e2e319db1981a0e2d17fc6d951ecbf71c238e591d4c93471c", "ef7887c0fe669b1c455d45d4e27dd0a77ec8402f56819687d0497a1063fc2ace", "214f926be0c975825898f9733b0543555b17165f2ed76551c1f00877e8b22ff9", "c6232a10478b049445b26edd345ff71aee05f08b37f82c321163b66442f5472d", "7c5441111edbff3e1e6db2b9730ec0f1fac10d9e3c136af69466f20ae485b2e3", "11752a59f3e0f1da8f0a5c10bc43ffe41f73ca471d04f2c0d1a4e90ce18d6939", "bb61c9e0cc44e8dcfa47d0faa8952edde8d03db24425b6d83350699340934b8e", "60211e7c36b36ede1575be52c8b8de60612c81b68041a1b7d8ca976aa5df972b", "5d2a9ba3a4504e95b684c941ef547076c9e5b0ba5f0bc483477eddd08fddbed5", "af23f65f72785da1e976e097b74b4fba71c8d39fd532d104912eed424e513803", "443936e688d6ba85b3eb6f09906dbbf0743b71d7106ac1a60f46f2f9fb83a172"], "mitre_attack_tags": ["TA0005"]}, {"bi": "process-hollowing-detected", "hashes": ["4c4187c62b97c8c167289a5dec65796404bb1288ab24da252977788d718b3361", "cfd5b9fa22aa9919fcc00f1301c33ee1308ce2f813a69c720d55ca01e47971d2", "99157487d7abea9e2e319db1981a0e2d17fc6d951ecbf71c238e591d4c93471c", "ef7887c0fe669b1c455d45d4e27dd0a77ec8402f56819687d0497a1063fc2ace", "214f926be0c975825898f9733b0543555b17165f2ed76551c1f00877e8b22ff9", "c6232a10478b049445b26edd345ff71aee05f08b37f82c321163b66442f5472d", "7c5441111edbff3e1e6db2b9730ec0f1fac10d9e3c136af69466f20ae485b2e3", "11752a59f3e0f1da8f0a5c10bc43ffe41f73ca471d04f2c0d1a4e90ce18d6939", "bb61c9e0cc44e8dcfa47d0faa8952edde8d03db24425b6d83350699340934b8e", "60211e7c36b36ede1575be52c8b8de60612c81b68041a1b7d8ca976aa5df972b", "5d2a9ba3a4504e95b684c941ef547076c9e5b0ba5f0bc483477eddd08fddbed5", "af23f65f72785da1e976e097b74b4fba71c8d39fd532d104912eed424e513803", "443936e688d6ba85b3eb6f09906dbbf0743b71d7106ac1a60f46f2f9fb83a172"], "mitre_attack_tags": ["TA0005", "T1093"]}, {"bi": "malware-ransomware-cerber", "hashes": ["4c4187c62b97c8c167289a5dec65796404bb1288ab24da252977788d718b3361", "cfd5b9fa22aa9919fcc00f1301c33ee1308ce2f813a69c720d55ca01e47971d2", "99157487d7abea9e2e319db1981a0e2d17fc6d951ecbf71c238e591d4c93471c", "ef7887c0fe669b1c455d45d4e27dd0a77ec8402f56819687d0497a1063fc2ace", "214f926be0c975825898f9733b0543555b17165f2ed76551c1f00877e8b22ff9", "c6232a10478b049445b26edd345ff71aee05f08b37f82c321163b66442f5472d", "7c5441111edbff3e1e6db2b9730ec0f1fac10d9e3c136af69466f20ae485b2e3", "11752a59f3e0f1da8f0a5c10bc43ffe41f73ca471d04f2c0d1a4e90ce18d6939", "bb61c9e0cc44e8dcfa47d0faa8952edde8d03db24425b6d83350699340934b8e", "60211e7c36b36ede1575be52c8b8de60612c81b68041a1b7d8ca976aa5df972b", "5d2a9ba3a4504e95b684c941ef547076c9e5b0ba5f0bc483477eddd08fddbed5", "af23f65f72785da1e976e097b74b4fba71c8d39fd532d104912eed424e513803", "443936e688d6ba85b3eb6f09906dbbf0743b71d7106ac1a60f46f2f9fb83a172"], "mitre_attack_tags": ["TA0040", "T1486"]}, {"bi": "startup-folder-modification", "hashes": ["4c4187c62b97c8c167289a5dec65796404bb1288ab24da252977788d718b3361", "cfd5b9fa22aa9919fcc00f1301c33ee1308ce2f813a69c720d55ca01e47971d2", "99157487d7abea9e2e319db1981a0e2d17fc6d951ecbf71c238e591d4c93471c", "ef7887c0fe669b1c455d45d4e27dd0a77ec8402f56819687d0497a1063fc2ace", "214f926be0c975825898f9733b0543555b17165f2ed76551c1f00877e8b22ff9", "c6232a10478b049445b26edd345ff71aee05f08b37f82c321163b66442f5472d", "7c5441111edbff3e1e6db2b9730ec0f1fac10d9e3c136af69466f20ae485b2e3", "11752a59f3e0f1da8f0a5c10bc43ffe41f73ca471d04f2c0d1a4e90ce18d6939", "bb61c9e0cc44e8dcfa47d0faa8952edde8d03db24425b6d83350699340934b8e", "60211e7c36b36ede1575be52c8b8de60612c81b68041a1b7d8ca976aa5df972b", "5d2a9ba3a4504e95b684c941ef547076c9e5b0ba5f0bc483477eddd08fddbed5", "af23f65f72785da1e976e097b74b4fba71c8d39fd532d104912eed424e513803", "443936e688d6ba85b3eb6f09906dbbf0743b71d7106ac1a60f46f2f9fb83a172"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "process-uses-localhost-traffic", "hashes": ["4c4187c62b97c8c167289a5dec65796404bb1288ab24da252977788d718b3361", "cfd5b9fa22aa9919fcc00f1301c33ee1308ce2f813a69c720d55ca01e47971d2", "99157487d7abea9e2e319db1981a0e2d17fc6d951ecbf71c238e591d4c93471c", "ef7887c0fe669b1c455d45d4e27dd0a77ec8402f56819687d0497a1063fc2ace", "214f926be0c975825898f9733b0543555b17165f2ed76551c1f00877e8b22ff9", "c6232a10478b049445b26edd345ff71aee05f08b37f82c321163b66442f5472d", "7c5441111edbff3e1e6db2b9730ec0f1fac10d9e3c136af69466f20ae485b2e3", "11752a59f3e0f1da8f0a5c10bc43ffe41f73ca471d04f2c0d1a4e90ce18d6939", "bb61c9e0cc44e8dcfa47d0faa8952edde8d03db24425b6d83350699340934b8e", "60211e7c36b36ede1575be52c8b8de60612c81b68041a1b7d8ca976aa5df972b", "5d2a9ba3a4504e95b684c941ef547076c9e5b0ba5f0bc483477eddd08fddbed5", "af23f65f72785da1e976e097b74b4fba71c8d39fd532d104912eed424e513803", "443936e688d6ba85b3eb6f09906dbbf0743b71d7106ac1a60f46f2f9fb83a172"], "mitre_attack_tags": ["TA0007", "T1049"]}, {"bi": "process-ping", "hashes": ["4c4187c62b97c8c167289a5dec65796404bb1288ab24da252977788d718b3361", "cfd5b9fa22aa9919fcc00f1301c33ee1308ce2f813a69c720d55ca01e47971d2", "99157487d7abea9e2e319db1981a0e2d17fc6d951ecbf71c238e591d4c93471c", "ef7887c0fe669b1c455d45d4e27dd0a77ec8402f56819687d0497a1063fc2ace", "214f926be0c975825898f9733b0543555b17165f2ed76551c1f00877e8b22ff9", "c6232a10478b049445b26edd345ff71aee05f08b37f82c321163b66442f5472d", "7c5441111edbff3e1e6db2b9730ec0f1fac10d9e3c136af69466f20ae485b2e3", "11752a59f3e0f1da8f0a5c10bc43ffe41f73ca471d04f2c0d1a4e90ce18d6939", "bb61c9e0cc44e8dcfa47d0faa8952edde8d03db24425b6d83350699340934b8e", "60211e7c36b36ede1575be52c8b8de60612c81b68041a1b7d8ca976aa5df972b", "5d2a9ba3a4504e95b684c941ef547076c9e5b0ba5f0bc483477eddd08fddbed5", "af23f65f72785da1e976e097b74b4fba71c8d39fd532d104912eed424e513803", "443936e688d6ba85b3eb6f09906dbbf0743b71d7106ac1a60f46f2f9fb83a172"], "mitre_attack_tags": ["TA0007", "T1049"]}, {"bi": "process-ping-localhost", "hashes": ["4c4187c62b97c8c167289a5dec65796404bb1288ab24da252977788d718b3361", "cfd5b9fa22aa9919fcc00f1301c33ee1308ce2f813a69c720d55ca01e47971d2", "99157487d7abea9e2e319db1981a0e2d17fc6d951ecbf71c238e591d4c93471c", "ef7887c0fe669b1c455d45d4e27dd0a77ec8402f56819687d0497a1063fc2ace", "214f926be0c975825898f9733b0543555b17165f2ed76551c1f00877e8b22ff9", "c6232a10478b049445b26edd345ff71aee05f08b37f82c321163b66442f5472d", "7c5441111edbff3e1e6db2b9730ec0f1fac10d9e3c136af69466f20ae485b2e3", "11752a59f3e0f1da8f0a5c10bc43ffe41f73ca471d04f2c0d1a4e90ce18d6939", "bb61c9e0cc44e8dcfa47d0faa8952edde8d03db24425b6d83350699340934b8e", "60211e7c36b36ede1575be52c8b8de60612c81b68041a1b7d8ca976aa5df972b", "5d2a9ba3a4504e95b684c941ef547076c9e5b0ba5f0bc483477eddd08fddbed5", "af23f65f72785da1e976e097b74b4fba71c8d39fd532d104912eed424e513803", "443936e688d6ba85b3eb6f09906dbbf0743b71d7106ac1a60f46f2f9fb83a172"], "mitre_attack_tags": ["TA0007", "T1016"]}, {"bi": "startup-folder-lnk-file", "hashes": ["4c4187c62b97c8c167289a5dec65796404bb1288ab24da252977788d718b3361", "cfd5b9fa22aa9919fcc00f1301c33ee1308ce2f813a69c720d55ca01e47971d2", "99157487d7abea9e2e319db1981a0e2d17fc6d951ecbf71c238e591d4c93471c", "ef7887c0fe669b1c455d45d4e27dd0a77ec8402f56819687d0497a1063fc2ace", "214f926be0c975825898f9733b0543555b17165f2ed76551c1f00877e8b22ff9", "c6232a10478b049445b26edd345ff71aee05f08b37f82c321163b66442f5472d", "7c5441111edbff3e1e6db2b9730ec0f1fac10d9e3c136af69466f20ae485b2e3", "11752a59f3e0f1da8f0a5c10bc43ffe41f73ca471d04f2c0d1a4e90ce18d6939", "bb61c9e0cc44e8dcfa47d0faa8952edde8d03db24425b6d83350699340934b8e", "60211e7c36b36ede1575be52c8b8de60612c81b68041a1b7d8ca976aa5df972b", "5d2a9ba3a4504e95b684c941ef547076c9e5b0ba5f0bc483477eddd08fddbed5", "af23f65f72785da1e976e097b74b4fba71c8d39fd532d104912eed424e513803", "443936e688d6ba85b3eb6f09906dbbf0743b71d7106ac1a60f46f2f9fb83a172"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "process-taskkill", "hashes": ["4c4187c62b97c8c167289a5dec65796404bb1288ab24da252977788d718b3361", "cfd5b9fa22aa9919fcc00f1301c33ee1308ce2f813a69c720d55ca01e47971d2", "99157487d7abea9e2e319db1981a0e2d17fc6d951ecbf71c238e591d4c93471c", "ef7887c0fe669b1c455d45d4e27dd0a77ec8402f56819687d0497a1063fc2ace", "214f926be0c975825898f9733b0543555b17165f2ed76551c1f00877e8b22ff9", "c6232a10478b049445b26edd345ff71aee05f08b37f82c321163b66442f5472d", "7c5441111edbff3e1e6db2b9730ec0f1fac10d9e3c136af69466f20ae485b2e3", "11752a59f3e0f1da8f0a5c10bc43ffe41f73ca471d04f2c0d1a4e90ce18d6939", "bb61c9e0cc44e8dcfa47d0faa8952edde8d03db24425b6d83350699340934b8e", "60211e7c36b36ede1575be52c8b8de60612c81b68041a1b7d8ca976aa5df972b", "5d2a9ba3a4504e95b684c941ef547076c9e5b0ba5f0bc483477eddd08fddbed5", "af23f65f72785da1e976e097b74b4fba71c8d39fd532d104912eed424e513803", "443936e688d6ba85b3eb6f09906dbbf0743b71d7106ac1a60f46f2f9fb83a172"], "mitre_attack_tags": ["TA0005", "T1089"]}, {"bi": "lnk-no-creation-date", "hashes": ["4c4187c62b97c8c167289a5dec65796404bb1288ab24da252977788d718b3361", "cfd5b9fa22aa9919fcc00f1301c33ee1308ce2f813a69c720d55ca01e47971d2", "99157487d7abea9e2e319db1981a0e2d17fc6d951ecbf71c238e591d4c93471c", "ef7887c0fe669b1c455d45d4e27dd0a77ec8402f56819687d0497a1063fc2ace", "214f926be0c975825898f9733b0543555b17165f2ed76551c1f00877e8b22ff9", "c6232a10478b049445b26edd345ff71aee05f08b37f82c321163b66442f5472d", "7c5441111edbff3e1e6db2b9730ec0f1fac10d9e3c136af69466f20ae485b2e3", "11752a59f3e0f1da8f0a5c10bc43ffe41f73ca471d04f2c0d1a4e90ce18d6939", "bb61c9e0cc44e8dcfa47d0faa8952edde8d03db24425b6d83350699340934b8e", "60211e7c36b36ede1575be52c8b8de60612c81b68041a1b7d8ca976aa5df972b", "5d2a9ba3a4504e95b684c941ef547076c9e5b0ba5f0bc483477eddd08fddbed5", "af23f65f72785da1e976e097b74b4fba71c8d39fd532d104912eed424e513803", "443936e688d6ba85b3eb6f09906dbbf0743b71d7106ac1a60f46f2f9fb83a172"], "mitre_attack_tags": ["TA0002", "T1203"]}, {"bi": "registry-autorun-commandprocessor", "hashes": ["4c4187c62b97c8c167289a5dec65796404bb1288ab24da252977788d718b3361", "cfd5b9fa22aa9919fcc00f1301c33ee1308ce2f813a69c720d55ca01e47971d2", "99157487d7abea9e2e319db1981a0e2d17fc6d951ecbf71c238e591d4c93471c", "ef7887c0fe669b1c455d45d4e27dd0a77ec8402f56819687d0497a1063fc2ace", "214f926be0c975825898f9733b0543555b17165f2ed76551c1f00877e8b22ff9", "c6232a10478b049445b26edd345ff71aee05f08b37f82c321163b66442f5472d", "7c5441111edbff3e1e6db2b9730ec0f1fac10d9e3c136af69466f20ae485b2e3", "11752a59f3e0f1da8f0a5c10bc43ffe41f73ca471d04f2c0d1a4e90ce18d6939", "bb61c9e0cc44e8dcfa47d0faa8952edde8d03db24425b6d83350699340934b8e", "60211e7c36b36ede1575be52c8b8de60612c81b68041a1b7d8ca976aa5df972b", "5d2a9ba3a4504e95b684c941ef547076c9e5b0ba5f0bc483477eddd08fddbed5", "af23f65f72785da1e976e097b74b4fba71c8d39fd532d104912eed424e513803", "443936e688d6ba85b3eb6f09906dbbf0743b71d7106ac1a60f46f2f9fb83a172"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "screen-saver-modified", "hashes": ["4c4187c62b97c8c167289a5dec65796404bb1288ab24da252977788d718b3361", "cfd5b9fa22aa9919fcc00f1301c33ee1308ce2f813a69c720d55ca01e47971d2", "99157487d7abea9e2e319db1981a0e2d17fc6d951ecbf71c238e591d4c93471c", "ef7887c0fe669b1c455d45d4e27dd0a77ec8402f56819687d0497a1063fc2ace", "214f926be0c975825898f9733b0543555b17165f2ed76551c1f00877e8b22ff9", "c6232a10478b049445b26edd345ff71aee05f08b37f82c321163b66442f5472d", "7c5441111edbff3e1e6db2b9730ec0f1fac10d9e3c136af69466f20ae485b2e3", "11752a59f3e0f1da8f0a5c10bc43ffe41f73ca471d04f2c0d1a4e90ce18d6939", "bb61c9e0cc44e8dcfa47d0faa8952edde8d03db24425b6d83350699340934b8e", "60211e7c36b36ede1575be52c8b8de60612c81b68041a1b7d8ca976aa5df972b", "5d2a9ba3a4504e95b684c941ef547076c9e5b0ba5f0bc483477eddd08fddbed5", "af23f65f72785da1e976e097b74b4fba71c8d39fd532d104912eed424e513803", "443936e688d6ba85b3eb6f09906dbbf0743b71d7106ac1a60f46f2f9fb83a172"], "mitre_attack_tags": ["TA0003", "TA0004", "T1546"]}], "category": "Dropper", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": false, "Threat Grid": true, "Umbrella": false, "WSA": false}, "description": "Cerber is ransomware that encrypts documents, photos, databases and other important files. Historically, this malware would replace files with encrypted versions and add the file extension \".cerber,\" although in more recent campaigns other file extensions are used.", "hashes": ["11752a59f3e0f1da8f0a5c10bc43ffe41f73ca471d04f2c0d1a4e90ce18d6939", "214f926be0c975825898f9733b0543555b17165f2ed76551c1f00877e8b22ff9", "443936e688d6ba85b3eb6f09906dbbf0743b71d7106ac1a60f46f2f9fb83a172", "4c4187c62b97c8c167289a5dec65796404bb1288ab24da252977788d718b3361", "5d2a9ba3a4504e95b684c941ef547076c9e5b0ba5f0bc483477eddd08fddbed5", "60211e7c36b36ede1575be52c8b8de60612c81b68041a1b7d8ca976aa5df972b", "7c5441111edbff3e1e6db2b9730ec0f1fac10d9e3c136af69466f20ae485b2e3", "99157487d7abea9e2e319db1981a0e2d17fc6d951ecbf71c238e591d4c93471c", "af23f65f72785da1e976e097b74b4fba71c8d39fd532d104912eed424e513803", "bb61c9e0cc44e8dcfa47d0faa8952edde8d03db24425b6d83350699340934b8e", "c6232a10478b049445b26edd345ff71aee05f08b37f82c321163b66442f5472d", "cfd5b9fa22aa9919fcc00f1301c33ee1308ce2f813a69c720d55ca01e47971d2", "ef7887c0fe669b1c455d45d4e27dd0a77ec8402f56819687d0497a1063fc2ace"], "iocs": {"domain": [{"hashes": ["11752a59f3e0f1da8f0a5c10bc43ffe41f73ca471d04f2c0d1a4e90ce18d6939", "214f926be0c975825898f9733b0543555b17165f2ed76551c1f00877e8b22ff9", "c6232a10478b049445b26edd345ff71aee05f08b37f82c321163b66442f5472d"], "host": "ipinfo[.]io"}], "file": [{"hashes": ["11752a59f3e0f1da8f0a5c10bc43ffe41f73ca471d04f2c0d1a4e90ce18d6939", "214f926be0c975825898f9733b0543555b17165f2ed76551c1f00877e8b22ff9", "443936e688d6ba85b3eb6f09906dbbf0743b71d7106ac1a60f46f2f9fb83a172", "4c4187c62b97c8c167289a5dec65796404bb1288ab24da252977788d718b3361", "5d2a9ba3a4504e95b684c941ef547076c9e5b0ba5f0bc483477eddd08fddbed5", "60211e7c36b36ede1575be52c8b8de60612c81b68041a1b7d8ca976aa5df972b", "7c5441111edbff3e1e6db2b9730ec0f1fac10d9e3c136af69466f20ae485b2e3", "99157487d7abea9e2e319db1981a0e2d17fc6d951ecbf71c238e591d4c93471c", "af23f65f72785da1e976e097b74b4fba71c8d39fd532d104912eed424e513803", "bb61c9e0cc44e8dcfa47d0faa8952edde8d03db24425b6d83350699340934b8e", "c6232a10478b049445b26edd345ff71aee05f08b37f82c321163b66442f5472d", "cfd5b9fa22aa9919fcc00f1301c33ee1308ce2f813a69c720d55ca01e47971d2", "ef7887c0fe669b1c455d45d4e27dd0a77ec8402f56819687d0497a1063fc2ace"], "path": "%APPDATA%\\{6F885251-E36F-0FE6-9629-63208157D7A2}"}, {"hashes": ["4c4187c62b97c8c167289a5dec65796404bb1288ab24da252977788d718b3361", "5d2a9ba3a4504e95b684c941ef547076c9e5b0ba5f0bc483477eddd08fddbed5"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\StartUp\\Magnify.lnk"}, {"hashes": ["4c4187c62b97c8c167289a5dec65796404bb1288ab24da252977788d718b3361", "5d2a9ba3a4504e95b684c941ef547076c9e5b0ba5f0bc483477eddd08fddbed5"], "path": "%APPDATA%\\{6F885251-E36F-0FE6-9629-63208157D7A2}\\Magnify.exe"}, {"hashes": ["11752a59f3e0f1da8f0a5c10bc43ffe41f73ca471d04f2c0d1a4e90ce18d6939", "bb61c9e0cc44e8dcfa47d0faa8952edde8d03db24425b6d83350699340934b8e"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\StartUp\\RMActivate_ssp.lnk"}, {"hashes": ["11752a59f3e0f1da8f0a5c10bc43ffe41f73ca471d04f2c0d1a4e90ce18d6939", "bb61c9e0cc44e8dcfa47d0faa8952edde8d03db24425b6d83350699340934b8e"], "path": "%APPDATA%\\{6F885251-E36F-0FE6-9629-63208157D7A2}\\RMActivate_ssp.exe"}, {"hashes": ["214f926be0c975825898f9733b0543555b17165f2ed76551c1f00877e8b22ff9"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\StartUp\\autoconv.lnk"}, {"hashes": ["214f926be0c975825898f9733b0543555b17165f2ed76551c1f00877e8b22ff9"], "path": "%APPDATA%\\{6F885251-E36F-0FE6-9629-63208157D7A2}\\autoconv.exe"}, {"hashes": ["443936e688d6ba85b3eb6f09906dbbf0743b71d7106ac1a60f46f2f9fb83a172"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\StartUp\\forfiles.lnk"}, {"hashes": ["443936e688d6ba85b3eb6f09906dbbf0743b71d7106ac1a60f46f2f9fb83a172"], "path": "%APPDATA%\\{6F885251-E36F-0FE6-9629-63208157D7A2}\\forfiles.exe"}, {"hashes": ["c6232a10478b049445b26edd345ff71aee05f08b37f82c321163b66442f5472d"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\StartUp\\perfmon.lnk"}, {"hashes": ["c6232a10478b049445b26edd345ff71aee05f08b37f82c321163b66442f5472d"], "path": "%APPDATA%\\{6F885251-E36F-0FE6-9629-63208157D7A2}\\perfmon.exe"}, {"hashes": ["af23f65f72785da1e976e097b74b4fba71c8d39fd532d104912eed424e513803"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\StartUp\\wimserv.lnk"}, {"hashes": ["af23f65f72785da1e976e097b74b4fba71c8d39fd532d104912eed424e513803"], "path": "%APPDATA%\\{6F885251-E36F-0FE6-9629-63208157D7A2}\\wimserv.exe"}, {"hashes": ["cfd5b9fa22aa9919fcc00f1301c33ee1308ce2f813a69c720d55ca01e47971d2"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\StartUp\\wuapp.lnk"}, {"hashes": ["cfd5b9fa22aa9919fcc00f1301c33ee1308ce2f813a69c720d55ca01e47971d2"], "path": "%APPDATA%\\{6F885251-E36F-0FE6-9629-63208157D7A2}\\wuapp.exe"}, {"hashes": ["ef7887c0fe669b1c455d45d4e27dd0a77ec8402f56819687d0497a1063fc2ace"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\StartUp\\choice.lnk"}, {"hashes": ["ef7887c0fe669b1c455d45d4e27dd0a77ec8402f56819687d0497a1063fc2ace"], "path": "%APPDATA%\\{6F885251-E36F-0FE6-9629-63208157D7A2}\\choice.exe"}, {"hashes": ["7c5441111edbff3e1e6db2b9730ec0f1fac10d9e3c136af69466f20ae485b2e3"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\StartUp\\logman.lnk"}, {"hashes": ["7c5441111edbff3e1e6db2b9730ec0f1fac10d9e3c136af69466f20ae485b2e3"], "path": "%APPDATA%\\{6F885251-E36F-0FE6-9629-63208157D7A2}\\logman.exe"}, {"hashes": ["60211e7c36b36ede1575be52c8b8de60612c81b68041a1b7d8ca976aa5df972b"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\StartUp\\LocationNotifications.lnk"}, {"hashes": ["60211e7c36b36ede1575be52c8b8de60612c81b68041a1b7d8ca976aa5df972b"], "path": "%APPDATA%\\{6F885251-E36F-0FE6-9629-63208157D7A2}\\LocationNotifications.exe"}, {"hashes": ["99157487d7abea9e2e319db1981a0e2d17fc6d951ecbf71c238e591d4c93471c"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\StartUp\\RunLegacyCPLElevated.lnk"}, {"hashes": ["99157487d7abea9e2e319db1981a0e2d17fc6d951ecbf71c238e591d4c93471c"], "path": "%APPDATA%\\{6F885251-E36F-0FE6-9629-63208157D7A2}\\RunLegacyCPLElevated.exe"}, {"hashes": ["cfd5b9fa22aa9919fcc00f1301c33ee1308ce2f813a69c720d55ca01e47971d2"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\ucsvc.lnk"}, {"hashes": ["af23f65f72785da1e976e097b74b4fba71c8d39fd532d104912eed424e513803"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\DevicePairingWizard.lnk"}, {"hashes": ["7c5441111edbff3e1e6db2b9730ec0f1fac10d9e3c136af69466f20ae485b2e3"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\TCPSVCS.lnk"}, {"hashes": ["4c4187c62b97c8c167289a5dec65796404bb1288ab24da252977788d718b3361"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\mountvol.lnk"}, {"hashes": ["443936e688d6ba85b3eb6f09906dbbf0743b71d7106ac1a60f46f2f9fb83a172"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\LicensingUI.lnk"}, {"hashes": ["99157487d7abea9e2e319db1981a0e2d17fc6d951ecbf71c238e591d4c93471c"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\DeviceProperties.lnk"}, {"hashes": ["5d2a9ba3a4504e95b684c941ef547076c9e5b0ba5f0bc483477eddd08fddbed5"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\fsavailux.lnk"}, {"hashes": ["bb61c9e0cc44e8dcfa47d0faa8952edde8d03db24425b6d83350699340934b8e"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\waitfor.lnk"}, {"hashes": ["11752a59f3e0f1da8f0a5c10bc43ffe41f73ca471d04f2c0d1a4e90ce18d6939"], "path": "%APPDATA%\\{887170FA-92BE-4CF1-DD8F-2216FA18A319}\\hostname.exe"}, {"hashes": ["c6232a10478b049445b26edd345ff71aee05f08b37f82c321163b66442f5472d"], "path": "%APPDATA%\\{12B0E734-0A3F-E0CF-8C32-36DB672C6EB5}\\slserv.exe"}, {"hashes": ["214f926be0c975825898f9733b0543555b17165f2ed76551c1f00877e8b22ff9"], "path": "%APPDATA%\\{7BD8FF01-74DD-36BB-FD54-3909FE57EE35}\\rdsaddin.exe"}, {"hashes": ["443936e688d6ba85b3eb6f09906dbbf0743b71d7106ac1a60f46f2f9fb83a172"], "path": "%APPDATA%\\{1FD29803-983A-5E8B-DFC9-0238F95C1579}\\LicensingUI.exe"}, {"hashes": ["60211e7c36b36ede1575be52c8b8de60612c81b68041a1b7d8ca976aa5df972b"], "path": "%APPDATA%\\{FC1B3494-3F77-29A3-9778-078E9D1EE6BC}\\quser.exe"}, {"hashes": ["4c4187c62b97c8c167289a5dec65796404bb1288ab24da252977788d718b3361"], "path": "%APPDATA%\\{B4B52DEA-25DB-CD0B-5A84-A94BFE483F2B}\\mountvol.exe"}, {"hashes": ["af23f65f72785da1e976e097b74b4fba71c8d39fd532d104912eed424e513803"], "path": "%APPDATA%\\{FC1B3494-3F77-29A3-9778-078E9D1EE6BC}\\DevicePairingWizard.exe"}, {"hashes": ["ef7887c0fe669b1c455d45d4e27dd0a77ec8402f56819687d0497a1063fc2ace"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\DisplaySwitch.lnk"}, {"hashes": ["ef7887c0fe669b1c455d45d4e27dd0a77ec8402f56819687d0497a1063fc2ace"], "path": "%APPDATA%\\{1A2959DB-492A-DF3B-3242-978A3C764D06}\\DisplaySwitch.exe"}, {"hashes": ["7c5441111edbff3e1e6db2b9730ec0f1fac10d9e3c136af69466f20ae485b2e3"], "path": "%APPDATA%\\{440AA403-3E21-9EF5-2C3B-8480113CFD64}\\TCPSVCS.EXE"}, {"hashes": ["cfd5b9fa22aa9919fcc00f1301c33ee1308ce2f813a69c720d55ca01e47971d2"], "path": "%APPDATA%\\{456A0FD3-C341-B969-2C66-BCDD812A808A}\\ucsvc.exe"}, {"hashes": ["5d2a9ba3a4504e95b684c941ef547076c9e5b0ba5f0bc483477eddd08fddbed5"], "path": "%APPDATA%\\{456A0FD3-C341-B969-2C66-BCDD812A808A}\\fsavailux.exe"}, {"hashes": ["99157487d7abea9e2e319db1981a0e2d17fc6d951ecbf71c238e591d4c93471c"], "path": "%APPDATA%\\{09CF6125-06F6-A622-4469-8F7DE1839348}\\DeviceProperties.exe"}, {"hashes": ["bb61c9e0cc44e8dcfa47d0faa8952edde8d03db24425b6d83350699340934b8e"], "path": "%APPDATA%\\{35591FDB-67CE-86E4-6E04-F25FCAEED454}\\waitfor.exe"}, {"hashes": ["c6232a10478b049445b26edd345ff71aee05f08b37f82c321163b66442f5472d"], "path": "<dir>\\# DECRYPT MY FILES #.url"}, {"hashes": ["c6232a10478b049445b26edd345ff71aee05f08b37f82c321163b66442f5472d"], "path": "<dir>\\# DECRYPT MY FILES #.vbs"}, {"hashes": ["c6232a10478b049445b26edd345ff71aee05f08b37f82c321163b66442f5472d"], "path": "<dir>\\# DECRYPT MY FILES #.txt"}, {"hashes": ["c6232a10478b049445b26edd345ff71aee05f08b37f82c321163b66442f5472d"], "path": "<dir>\\# DECRYPT MY FILES #.html"}, {"hashes": ["c6232a10478b049445b26edd345ff71aee05f08b37f82c321163b66442f5472d"], "path": "<dir>\\<random, matching '[A-Za-z0-9]{10}'>.cerber (copy)"}], "ip": [{"hashes": ["11752a59f3e0f1da8f0a5c10bc43ffe41f73ca471d04f2c0d1a4e90ce18d6939", "214f926be0c975825898f9733b0543555b17165f2ed76551c1f00877e8b22ff9", "c6232a10478b049445b26edd345ff71aee05f08b37f82c321163b66442f5472d"], "ip": "85[.]93[.]0[.]0/18"}, {"hashes": ["11752a59f3e0f1da8f0a5c10bc43ffe41f73ca471d04f2c0d1a4e90ce18d6939"], "ip": "54[.]84[.]252[.]139"}, {"hashes": ["c6232a10478b049445b26edd345ff71aee05f08b37f82c321163b66442f5472d"], "ip": "54[.]88[.]175[.]149"}, {"hashes": ["214f926be0c975825898f9733b0543555b17165f2ed76551c1f00877e8b22ff9"], "ip": "54[.]152[.]181[.]87"}], "mutex": [{"hashes": ["11752a59f3e0f1da8f0a5c10bc43ffe41f73ca471d04f2c0d1a4e90ce18d6939", "214f926be0c975825898f9733b0543555b17165f2ed76551c1f00877e8b22ff9", "443936e688d6ba85b3eb6f09906dbbf0743b71d7106ac1a60f46f2f9fb83a172", "4c4187c62b97c8c167289a5dec65796404bb1288ab24da252977788d718b3361", "5d2a9ba3a4504e95b684c941ef547076c9e5b0ba5f0bc483477eddd08fddbed5", "60211e7c36b36ede1575be52c8b8de60612c81b68041a1b7d8ca976aa5df972b", "7c5441111edbff3e1e6db2b9730ec0f1fac10d9e3c136af69466f20ae485b2e3", "99157487d7abea9e2e319db1981a0e2d17fc6d951ecbf71c238e591d4c93471c", "af23f65f72785da1e976e097b74b4fba71c8d39fd532d104912eed424e513803", "bb61c9e0cc44e8dcfa47d0faa8952edde8d03db24425b6d83350699340934b8e", "c6232a10478b049445b26edd345ff71aee05f08b37f82c321163b66442f5472d", "cfd5b9fa22aa9919fcc00f1301c33ee1308ce2f813a69c720d55ca01e47971d2", "ef7887c0fe669b1c455d45d4e27dd0a77ec8402f56819687d0497a1063fc2ace"], "name": "shell.{381828AA-8B28-3374-1B67-35680555C5EF}"}, {"hashes": ["11752a59f3e0f1da8f0a5c10bc43ffe41f73ca471d04f2c0d1a4e90ce18d6939"], "name": "shell.{5B5347A7-9806-3802-3FD9-E106D6283088}"}, {"hashes": ["c6232a10478b049445b26edd345ff71aee05f08b37f82c321163b66442f5472d"], "name": "shell.{1345752E-C9F9-31EC-E79C-CD6E126B4BFA}"}, {"hashes": ["214f926be0c975825898f9733b0543555b17165f2ed76551c1f00877e8b22ff9"], "name": "shell.{9258438A-63F4-77F6-F3A5-2AE433E0BFC4}"}], "registry": [{"hashes": ["11752a59f3e0f1da8f0a5c10bc43ffe41f73ca471d04f2c0d1a4e90ce18d6939", "214f926be0c975825898f9733b0543555b17165f2ed76551c1f00877e8b22ff9", "443936e688d6ba85b3eb6f09906dbbf0743b71d7106ac1a60f46f2f9fb83a172", "4c4187c62b97c8c167289a5dec65796404bb1288ab24da252977788d718b3361", "5d2a9ba3a4504e95b684c941ef547076c9e5b0ba5f0bc483477eddd08fddbed5", "60211e7c36b36ede1575be52c8b8de60612c81b68041a1b7d8ca976aa5df972b", "7c5441111edbff3e1e6db2b9730ec0f1fac10d9e3c136af69466f20ae485b2e3", "99157487d7abea9e2e319db1981a0e2d17fc6d951ecbf71c238e591d4c93471c", "af23f65f72785da1e976e097b74b4fba71c8d39fd532d104912eed424e513803", "bb61c9e0cc44e8dcfa47d0faa8952edde8d03db24425b6d83350699340934b8e", "c6232a10478b049445b26edd345ff71aee05f08b37f82c321163b66442f5472d", "cfd5b9fa22aa9919fcc00f1301c33ee1308ce2f813a69c720d55ca01e47971d2", "ef7887c0fe669b1c455d45d4e27dd0a77ec8402f56819687d0497a1063fc2ace"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\EXPLORER", "value_name": "Run"}, {"hashes": ["11752a59f3e0f1da8f0a5c10bc43ffe41f73ca471d04f2c0d1a4e90ce18d6939", "214f926be0c975825898f9733b0543555b17165f2ed76551c1f00877e8b22ff9", "443936e688d6ba85b3eb6f09906dbbf0743b71d7106ac1a60f46f2f9fb83a172", "4c4187c62b97c8c167289a5dec65796404bb1288ab24da252977788d718b3361", "5d2a9ba3a4504e95b684c941ef547076c9e5b0ba5f0bc483477eddd08fddbed5", "60211e7c36b36ede1575be52c8b8de60612c81b68041a1b7d8ca976aa5df972b", "7c5441111edbff3e1e6db2b9730ec0f1fac10d9e3c136af69466f20ae485b2e3", "99157487d7abea9e2e319db1981a0e2d17fc6d951ecbf71c238e591d4c93471c", "af23f65f72785da1e976e097b74b4fba71c8d39fd532d104912eed424e513803", "bb61c9e0cc44e8dcfa47d0faa8952edde8d03db24425b6d83350699340934b8e", "c6232a10478b049445b26edd345ff71aee05f08b37f82c321163b66442f5472d", "cfd5b9fa22aa9919fcc00f1301c33ee1308ce2f813a69c720d55ca01e47971d2", "ef7887c0fe669b1c455d45d4e27dd0a77ec8402f56819687d0497a1063fc2ace"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\COMMAND PROCESSOR", "value_name": "AutoRun"}, {"hashes": ["11752a59f3e0f1da8f0a5c10bc43ffe41f73ca471d04f2c0d1a4e90ce18d6939", "214f926be0c975825898f9733b0543555b17165f2ed76551c1f00877e8b22ff9", "443936e688d6ba85b3eb6f09906dbbf0743b71d7106ac1a60f46f2f9fb83a172", "4c4187c62b97c8c167289a5dec65796404bb1288ab24da252977788d718b3361", "5d2a9ba3a4504e95b684c941ef547076c9e5b0ba5f0bc483477eddd08fddbed5", "60211e7c36b36ede1575be52c8b8de60612c81b68041a1b7d8ca976aa5df972b", "7c5441111edbff3e1e6db2b9730ec0f1fac10d9e3c136af69466f20ae485b2e3", "99157487d7abea9e2e319db1981a0e2d17fc6d951ecbf71c238e591d4c93471c", "af23f65f72785da1e976e097b74b4fba71c8d39fd532d104912eed424e513803", "bb61c9e0cc44e8dcfa47d0faa8952edde8d03db24425b6d83350699340934b8e", "c6232a10478b049445b26edd345ff71aee05f08b37f82c321163b66442f5472d", "cfd5b9fa22aa9919fcc00f1301c33ee1308ce2f813a69c720d55ca01e47971d2", "ef7887c0fe669b1c455d45d4e27dd0a77ec8402f56819687d0497a1063fc2ace"], "key": "<HKCU>\\CONTROL PANEL\\DESKTOP", "value_name": "SCRNSAVE.EXE"}, {"hashes": ["11752a59f3e0f1da8f0a5c10bc43ffe41f73ca471d04f2c0d1a4e90ce18d6939", "214f926be0c975825898f9733b0543555b17165f2ed76551c1f00877e8b22ff9", "443936e688d6ba85b3eb6f09906dbbf0743b71d7106ac1a60f46f2f9fb83a172", "4c4187c62b97c8c167289a5dec65796404bb1288ab24da252977788d718b3361", "5d2a9ba3a4504e95b684c941ef547076c9e5b0ba5f0bc483477eddd08fddbed5", "60211e7c36b36ede1575be52c8b8de60612c81b68041a1b7d8ca976aa5df972b", "7c5441111edbff3e1e6db2b9730ec0f1fac10d9e3c136af69466f20ae485b2e3", "99157487d7abea9e2e319db1981a0e2d17fc6d951ecbf71c238e591d4c93471c", "af23f65f72785da1e976e097b74b4fba71c8d39fd532d104912eed424e513803", "bb61c9e0cc44e8dcfa47d0faa8952edde8d03db24425b6d83350699340934b8e", "c6232a10478b049445b26edd345ff71aee05f08b37f82c321163b66442f5472d", "cfd5b9fa22aa9919fcc00f1301c33ee1308ce2f813a69c720d55ca01e47971d2", "ef7887c0fe669b1c455d45d4e27dd0a77ec8402f56819687d0497a1063fc2ace"], "key": "<HKCU>\\PRINTERS\\DEFAULTS\\{21A3D5EE-E123-244A-98A1-8E36C26EFF6D}", "value_name": null}, {"hashes": ["11752a59f3e0f1da8f0a5c10bc43ffe41f73ca471d04f2c0d1a4e90ce18d6939", "214f926be0c975825898f9733b0543555b17165f2ed76551c1f00877e8b22ff9", "443936e688d6ba85b3eb6f09906dbbf0743b71d7106ac1a60f46f2f9fb83a172", "4c4187c62b97c8c167289a5dec65796404bb1288ab24da252977788d718b3361", "5d2a9ba3a4504e95b684c941ef547076c9e5b0ba5f0bc483477eddd08fddbed5", "60211e7c36b36ede1575be52c8b8de60612c81b68041a1b7d8ca976aa5df972b", "7c5441111edbff3e1e6db2b9730ec0f1fac10d9e3c136af69466f20ae485b2e3", "99157487d7abea9e2e319db1981a0e2d17fc6d951ecbf71c238e591d4c93471c", "af23f65f72785da1e976e097b74b4fba71c8d39fd532d104912eed424e513803", "bb61c9e0cc44e8dcfa47d0faa8952edde8d03db24425b6d83350699340934b8e", "c6232a10478b049445b26edd345ff71aee05f08b37f82c321163b66442f5472d", "cfd5b9fa22aa9919fcc00f1301c33ee1308ce2f813a69c720d55ca01e47971d2", "ef7887c0fe669b1c455d45d4e27dd0a77ec8402f56819687d0497a1063fc2ace"], "key": "<HKCU>\\PRINTERS\\DEFAULTS", "value_name": null}, {"hashes": ["11752a59f3e0f1da8f0a5c10bc43ffe41f73ca471d04f2c0d1a4e90ce18d6939", "214f926be0c975825898f9733b0543555b17165f2ed76551c1f00877e8b22ff9", "443936e688d6ba85b3eb6f09906dbbf0743b71d7106ac1a60f46f2f9fb83a172", "4c4187c62b97c8c167289a5dec65796404bb1288ab24da252977788d718b3361", "5d2a9ba3a4504e95b684c941ef547076c9e5b0ba5f0bc483477eddd08fddbed5", "60211e7c36b36ede1575be52c8b8de60612c81b68041a1b7d8ca976aa5df972b", "7c5441111edbff3e1e6db2b9730ec0f1fac10d9e3c136af69466f20ae485b2e3", "99157487d7abea9e2e319db1981a0e2d17fc6d951ecbf71c238e591d4c93471c", "af23f65f72785da1e976e097b74b4fba71c8d39fd532d104912eed424e513803", "bb61c9e0cc44e8dcfa47d0faa8952edde8d03db24425b6d83350699340934b8e", "c6232a10478b049445b26edd345ff71aee05f08b37f82c321163b66442f5472d", "cfd5b9fa22aa9919fcc00f1301c33ee1308ce2f813a69c720d55ca01e47971d2", "ef7887c0fe669b1c455d45d4e27dd0a77ec8402f56819687d0497a1063fc2ace"], "key": "<HKCU>\\PRINTERS\\DEFAULTS\\{21A3D5EE-E123-244A-98A1-8E36C26EFF6D}", "value_name": "Component_01"}, {"hashes": ["11752a59f3e0f1da8f0a5c10bc43ffe41f73ca471d04f2c0d1a4e90ce18d6939", "214f926be0c975825898f9733b0543555b17165f2ed76551c1f00877e8b22ff9", "443936e688d6ba85b3eb6f09906dbbf0743b71d7106ac1a60f46f2f9fb83a172", "4c4187c62b97c8c167289a5dec65796404bb1288ab24da252977788d718b3361", "5d2a9ba3a4504e95b684c941ef547076c9e5b0ba5f0bc483477eddd08fddbed5", "60211e7c36b36ede1575be52c8b8de60612c81b68041a1b7d8ca976aa5df972b", "7c5441111edbff3e1e6db2b9730ec0f1fac10d9e3c136af69466f20ae485b2e3", "99157487d7abea9e2e319db1981a0e2d17fc6d951ecbf71c238e591d4c93471c", "af23f65f72785da1e976e097b74b4fba71c8d39fd532d104912eed424e513803", "bb61c9e0cc44e8dcfa47d0faa8952edde8d03db24425b6d83350699340934b8e", "c6232a10478b049445b26edd345ff71aee05f08b37f82c321163b66442f5472d", "cfd5b9fa22aa9919fcc00f1301c33ee1308ce2f813a69c720d55ca01e47971d2", "ef7887c0fe669b1c455d45d4e27dd0a77ec8402f56819687d0497a1063fc2ace"], "key": "<HKCU>\\PRINTERS\\DEFAULTS\\{21A3D5EE-E123-244A-98A1-8E36C26EFF6D}", "value_name": "Component_00"}, {"hashes": ["11752a59f3e0f1da8f0a5c10bc43ffe41f73ca471d04f2c0d1a4e90ce18d6939", "bb61c9e0cc44e8dcfa47d0faa8952edde8d03db24425b6d83350699340934b8e"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "RMActivate_ssp"}, {"hashes": ["11752a59f3e0f1da8f0a5c10bc43ffe41f73ca471d04f2c0d1a4e90ce18d6939", "bb61c9e0cc44e8dcfa47d0faa8952edde8d03db24425b6d83350699340934b8e"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUNONCE", "value_name": "RMActivate_ssp"}, {"hashes": ["4c4187c62b97c8c167289a5dec65796404bb1288ab24da252977788d718b3361", "5d2a9ba3a4504e95b684c941ef547076c9e5b0ba5f0bc483477eddd08fddbed5"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "Magnify"}, {"hashes": ["4c4187c62b97c8c167289a5dec65796404bb1288ab24da252977788d718b3361", "5d2a9ba3a4504e95b684c941ef547076c9e5b0ba5f0bc483477eddd08fddbed5"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUNONCE", "value_name": "Magnify"}, {"hashes": ["60211e7c36b36ede1575be52c8b8de60612c81b68041a1b7d8ca976aa5df972b"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "LocationNotifications"}, {"hashes": ["60211e7c36b36ede1575be52c8b8de60612c81b68041a1b7d8ca976aa5df972b"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUNONCE", "value_name": "LocationNotifications"}, {"hashes": ["214f926be0c975825898f9733b0543555b17165f2ed76551c1f00877e8b22ff9"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "autoconv"}, {"hashes": ["214f926be0c975825898f9733b0543555b17165f2ed76551c1f00877e8b22ff9"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUNONCE", "value_name": "autoconv"}, {"hashes": ["af23f65f72785da1e976e097b74b4fba71c8d39fd532d104912eed424e513803"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "wimserv"}, {"hashes": ["af23f65f72785da1e976e097b74b4fba71c8d39fd532d104912eed424e513803"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUNONCE", "value_name": "wimserv"}, {"hashes": ["c6232a10478b049445b26edd345ff71aee05f08b37f82c321163b66442f5472d"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "perfmon"}, {"hashes": ["c6232a10478b049445b26edd345ff71aee05f08b37f82c321163b66442f5472d"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUNONCE", "value_name": "perfmon"}, {"hashes": ["cfd5b9fa22aa9919fcc00f1301c33ee1308ce2f813a69c720d55ca01e47971d2"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "wuapp"}, {"hashes": ["cfd5b9fa22aa9919fcc00f1301c33ee1308ce2f813a69c720d55ca01e47971d2"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUNONCE", "value_name": "wuapp"}, {"hashes": ["7c5441111edbff3e1e6db2b9730ec0f1fac10d9e3c136af69466f20ae485b2e3"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "logman"}, {"hashes": ["7c5441111edbff3e1e6db2b9730ec0f1fac10d9e3c136af69466f20ae485b2e3"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUNONCE", "value_name": "logman"}, {"hashes": ["443936e688d6ba85b3eb6f09906dbbf0743b71d7106ac1a60f46f2f9fb83a172"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "forfiles"}, {"hashes": ["443936e688d6ba85b3eb6f09906dbbf0743b71d7106ac1a60f46f2f9fb83a172"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUNONCE", "value_name": "forfiles"}, {"hashes": ["99157487d7abea9e2e319db1981a0e2d17fc6d951ecbf71c238e591d4c93471c"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "RunLegacyCPLElevated"}, {"hashes": ["99157487d7abea9e2e319db1981a0e2d17fc6d951ecbf71c238e591d4c93471c"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUNONCE", "value_name": "RunLegacyCPLElevated"}, {"hashes": ["ef7887c0fe669b1c455d45d4e27dd0a77ec8402f56819687d0497a1063fc2ace"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "choice"}, {"hashes": ["ef7887c0fe669b1c455d45d4e27dd0a77ec8402f56819687d0497a1063fc2ace"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUNONCE", "value_name": "choice"}]}, "reports_count": 13}, "Win.Dropper.DarkComet-9829678-1": {"bis": [{"bi": "memory-execute-readwrite", "hashes": ["1daf2746645dcab7ea4ec4e75a9ac52c0722522b80c701691a12d2882d739a51", "47f31e2c01e3608564d18be81c165583fec2e775ffbb913ca0bc31e5265fd850", "771d51caabb75872ef9af76b2ba90693404f217a86885c82365b4b0f054db71a", "783031a8d7e9d3b9c32b9827c2121d1da92e63a5fc99a089a6743c829be54855", "853fe6dcbc1947060a26cfee85e433f0af72157f0e56672671f6f0bb9edb22c0", "5e371cd3f7fab8a9e095cfca5d22b01330109d22244cbadd2a4c800963769512", "d4f8550b614995e44044bd2b83f4955bd60b9ec5ff4d7bfc3e0af4e04bbee535", "c76017b1ec2b90bdc6d3a6fd8e34b8c948dc2c103fe40c5ef690a3ebf14c2cea", "c4b6a21f07d4f5bafaea1238efcdd6da1783631407e612b2f598727cf69c5980", "d48cd3dc1e4203c1af41580fa1575f4e478a6947b75ac92271c9cb24481dcb40", "934936ac5b2cf33bb1cfcf6a750094beb7015119608a454d99ca8324669e9ec7", "52e6ad0b9fa496b52e9e1365d2208e7c60614ee0b4b231b4159d9218c3607ce6", "c72000deaafee8b3a26c31808316ecae94e429ff5d5b4334379adb1f91365c5f", "83d6c112004f89884e05919f941ca3a5f3a918f4bde181bed477f659a275e630", "8f6cdb7c77903c36b0710a606cc71af7bf28b7bbc6f45e0d9467925c25e41afe", "720c7086ec84b14499b6b0803c841c59e56f4b17f566afa633b68c155871f05a", "f4202295bc667e7b2d086747892bcefc5c5dc65692d769d1b1aa7cf6a112ef41"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["1daf2746645dcab7ea4ec4e75a9ac52c0722522b80c701691a12d2882d739a51", "47f31e2c01e3608564d18be81c165583fec2e775ffbb913ca0bc31e5265fd850", "771d51caabb75872ef9af76b2ba90693404f217a86885c82365b4b0f054db71a", "783031a8d7e9d3b9c32b9827c2121d1da92e63a5fc99a089a6743c829be54855", "853fe6dcbc1947060a26cfee85e433f0af72157f0e56672671f6f0bb9edb22c0", "5e371cd3f7fab8a9e095cfca5d22b01330109d22244cbadd2a4c800963769512", "d4f8550b614995e44044bd2b83f4955bd60b9ec5ff4d7bfc3e0af4e04bbee535", "c76017b1ec2b90bdc6d3a6fd8e34b8c948dc2c103fe40c5ef690a3ebf14c2cea", "c4b6a21f07d4f5bafaea1238efcdd6da1783631407e612b2f598727cf69c5980", "d48cd3dc1e4203c1af41580fa1575f4e478a6947b75ac92271c9cb24481dcb40", "934936ac5b2cf33bb1cfcf6a750094beb7015119608a454d99ca8324669e9ec7", "52e6ad0b9fa496b52e9e1365d2208e7c60614ee0b4b231b4159d9218c3607ce6", "c72000deaafee8b3a26c31808316ecae94e429ff5d5b4334379adb1f91365c5f", "83d6c112004f89884e05919f941ca3a5f3a918f4bde181bed477f659a275e630", "8f6cdb7c77903c36b0710a606cc71af7bf28b7bbc6f45e0d9467925c25e41afe", "720c7086ec84b14499b6b0803c841c59e56f4b17f566afa633b68c155871f05a", "f4202295bc667e7b2d086747892bcefc5c5dc65692d769d1b1aa7cf6a112ef41"], "mitre_attack_tags": []}, {"bi": "cta-static-analyzer-malicious", "hashes": ["1daf2746645dcab7ea4ec4e75a9ac52c0722522b80c701691a12d2882d739a51", "47f31e2c01e3608564d18be81c165583fec2e775ffbb913ca0bc31e5265fd850", "771d51caabb75872ef9af76b2ba90693404f217a86885c82365b4b0f054db71a", "783031a8d7e9d3b9c32b9827c2121d1da92e63a5fc99a089a6743c829be54855", "853fe6dcbc1947060a26cfee85e433f0af72157f0e56672671f6f0bb9edb22c0", "5e371cd3f7fab8a9e095cfca5d22b01330109d22244cbadd2a4c800963769512", "d4f8550b614995e44044bd2b83f4955bd60b9ec5ff4d7bfc3e0af4e04bbee535", "c76017b1ec2b90bdc6d3a6fd8e34b8c948dc2c103fe40c5ef690a3ebf14c2cea", "c4b6a21f07d4f5bafaea1238efcdd6da1783631407e612b2f598727cf69c5980", "d48cd3dc1e4203c1af41580fa1575f4e478a6947b75ac92271c9cb24481dcb40", "934936ac5b2cf33bb1cfcf6a750094beb7015119608a454d99ca8324669e9ec7", "52e6ad0b9fa496b52e9e1365d2208e7c60614ee0b4b231b4159d9218c3607ce6", "c72000deaafee8b3a26c31808316ecae94e429ff5d5b4334379adb1f91365c5f", "83d6c112004f89884e05919f941ca3a5f3a918f4bde181bed477f659a275e630", "8f6cdb7c77903c36b0710a606cc71af7bf28b7bbc6f45e0d9467925c25e41afe", "720c7086ec84b14499b6b0803c841c59e56f4b17f566afa633b68c155871f05a", "f4202295bc667e7b2d086747892bcefc5c5dc65692d769d1b1aa7cf6a112ef41"], "mitre_attack_tags": []}, {"bi": "artifact-flagged-anomaly", "hashes": ["1daf2746645dcab7ea4ec4e75a9ac52c0722522b80c701691a12d2882d739a51", "47f31e2c01e3608564d18be81c165583fec2e775ffbb913ca0bc31e5265fd850", "771d51caabb75872ef9af76b2ba90693404f217a86885c82365b4b0f054db71a", "783031a8d7e9d3b9c32b9827c2121d1da92e63a5fc99a089a6743c829be54855", "853fe6dcbc1947060a26cfee85e433f0af72157f0e56672671f6f0bb9edb22c0", "5e371cd3f7fab8a9e095cfca5d22b01330109d22244cbadd2a4c800963769512", "d4f8550b614995e44044bd2b83f4955bd60b9ec5ff4d7bfc3e0af4e04bbee535", "c76017b1ec2b90bdc6d3a6fd8e34b8c948dc2c103fe40c5ef690a3ebf14c2cea", "c4b6a21f07d4f5bafaea1238efcdd6da1783631407e612b2f598727cf69c5980", "d48cd3dc1e4203c1af41580fa1575f4e478a6947b75ac92271c9cb24481dcb40", "934936ac5b2cf33bb1cfcf6a750094beb7015119608a454d99ca8324669e9ec7", "52e6ad0b9fa496b52e9e1365d2208e7c60614ee0b4b231b4159d9218c3607ce6", "c72000deaafee8b3a26c31808316ecae94e429ff5d5b4334379adb1f91365c5f", "83d6c112004f89884e05919f941ca3a5f3a918f4bde181bed477f659a275e630", "8f6cdb7c77903c36b0710a606cc71af7bf28b7bbc6f45e0d9467925c25e41afe", "720c7086ec84b14499b6b0803c841c59e56f4b17f566afa633b68c155871f05a", "f4202295bc667e7b2d086747892bcefc5c5dc65692d769d1b1aa7cf6a112ef41"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-uses-dot-net", "hashes": ["1daf2746645dcab7ea4ec4e75a9ac52c0722522b80c701691a12d2882d739a51", "47f31e2c01e3608564d18be81c165583fec2e775ffbb913ca0bc31e5265fd850", "771d51caabb75872ef9af76b2ba90693404f217a86885c82365b4b0f054db71a", "783031a8d7e9d3b9c32b9827c2121d1da92e63a5fc99a089a6743c829be54855", "853fe6dcbc1947060a26cfee85e433f0af72157f0e56672671f6f0bb9edb22c0", "5e371cd3f7fab8a9e095cfca5d22b01330109d22244cbadd2a4c800963769512", "d4f8550b614995e44044bd2b83f4955bd60b9ec5ff4d7bfc3e0af4e04bbee535", "c76017b1ec2b90bdc6d3a6fd8e34b8c948dc2c103fe40c5ef690a3ebf14c2cea", "c4b6a21f07d4f5bafaea1238efcdd6da1783631407e612b2f598727cf69c5980", "d48cd3dc1e4203c1af41580fa1575f4e478a6947b75ac92271c9cb24481dcb40", "934936ac5b2cf33bb1cfcf6a750094beb7015119608a454d99ca8324669e9ec7", "52e6ad0b9fa496b52e9e1365d2208e7c60614ee0b4b231b4159d9218c3607ce6", "c72000deaafee8b3a26c31808316ecae94e429ff5d5b4334379adb1f91365c5f", "83d6c112004f89884e05919f941ca3a5f3a918f4bde181bed477f659a275e630", "8f6cdb7c77903c36b0710a606cc71af7bf28b7bbc6f45e0d9467925c25e41afe", "720c7086ec84b14499b6b0803c841c59e56f4b17f566afa633b68c155871f05a", "f4202295bc667e7b2d086747892bcefc5c5dc65692d769d1b1aa7cf6a112ef41"], "mitre_attack_tags": []}, {"bi": "antivirus-flagged-artifact", "hashes": ["1daf2746645dcab7ea4ec4e75a9ac52c0722522b80c701691a12d2882d739a51", "47f31e2c01e3608564d18be81c165583fec2e775ffbb913ca0bc31e5265fd850", "771d51caabb75872ef9af76b2ba90693404f217a86885c82365b4b0f054db71a", "853fe6dcbc1947060a26cfee85e433f0af72157f0e56672671f6f0bb9edb22c0", "5e371cd3f7fab8a9e095cfca5d22b01330109d22244cbadd2a4c800963769512", "d4f8550b614995e44044bd2b83f4955bd60b9ec5ff4d7bfc3e0af4e04bbee535", "c76017b1ec2b90bdc6d3a6fd8e34b8c948dc2c103fe40c5ef690a3ebf14c2cea", "c4b6a21f07d4f5bafaea1238efcdd6da1783631407e612b2f598727cf69c5980", "d48cd3dc1e4203c1af41580fa1575f4e478a6947b75ac92271c9cb24481dcb40", "934936ac5b2cf33bb1cfcf6a750094beb7015119608a454d99ca8324669e9ec7", "52e6ad0b9fa496b52e9e1365d2208e7c60614ee0b4b231b4159d9218c3607ce6", "c72000deaafee8b3a26c31808316ecae94e429ff5d5b4334379adb1f91365c5f", "83d6c112004f89884e05919f941ca3a5f3a918f4bde181bed477f659a275e630", "8f6cdb7c77903c36b0710a606cc71af7bf28b7bbc6f45e0d9467925c25e41afe", "720c7086ec84b14499b6b0803c841c59e56f4b17f566afa633b68c155871f05a", "f4202295bc667e7b2d086747892bcefc5c5dc65692d769d1b1aa7cf6a112ef41"], "mitre_attack_tags": []}, {"bi": "modified-executable", "hashes": ["1daf2746645dcab7ea4ec4e75a9ac52c0722522b80c701691a12d2882d739a51", "47f31e2c01e3608564d18be81c165583fec2e775ffbb913ca0bc31e5265fd850", "771d51caabb75872ef9af76b2ba90693404f217a86885c82365b4b0f054db71a", "853fe6dcbc1947060a26cfee85e433f0af72157f0e56672671f6f0bb9edb22c0", "5e371cd3f7fab8a9e095cfca5d22b01330109d22244cbadd2a4c800963769512", "d4f8550b614995e44044bd2b83f4955bd60b9ec5ff4d7bfc3e0af4e04bbee535", "c76017b1ec2b90bdc6d3a6fd8e34b8c948dc2c103fe40c5ef690a3ebf14c2cea", "c4b6a21f07d4f5bafaea1238efcdd6da1783631407e612b2f598727cf69c5980", "d48cd3dc1e4203c1af41580fa1575f4e478a6947b75ac92271c9cb24481dcb40", "934936ac5b2cf33bb1cfcf6a750094beb7015119608a454d99ca8324669e9ec7", "52e6ad0b9fa496b52e9e1365d2208e7c60614ee0b4b231b4159d9218c3607ce6", "c72000deaafee8b3a26c31808316ecae94e429ff5d5b4334379adb1f91365c5f", "83d6c112004f89884e05919f941ca3a5f3a918f4bde181bed477f659a275e630", "8f6cdb7c77903c36b0710a606cc71af7bf28b7bbc6f45e0d9467925c25e41afe", "720c7086ec84b14499b6b0803c841c59e56f4b17f566afa633b68c155871f05a", "f4202295bc667e7b2d086747892bcefc5c5dc65692d769d1b1aa7cf6a112ef41"], "mitre_attack_tags": []}, {"bi": "created-executable-in-user-dir", "hashes": ["1daf2746645dcab7ea4ec4e75a9ac52c0722522b80c701691a12d2882d739a51", "47f31e2c01e3608564d18be81c165583fec2e775ffbb913ca0bc31e5265fd850", "771d51caabb75872ef9af76b2ba90693404f217a86885c82365b4b0f054db71a", "853fe6dcbc1947060a26cfee85e433f0af72157f0e56672671f6f0bb9edb22c0", "5e371cd3f7fab8a9e095cfca5d22b01330109d22244cbadd2a4c800963769512", "d4f8550b614995e44044bd2b83f4955bd60b9ec5ff4d7bfc3e0af4e04bbee535", "c76017b1ec2b90bdc6d3a6fd8e34b8c948dc2c103fe40c5ef690a3ebf14c2cea", "c4b6a21f07d4f5bafaea1238efcdd6da1783631407e612b2f598727cf69c5980", "d48cd3dc1e4203c1af41580fa1575f4e478a6947b75ac92271c9cb24481dcb40", "934936ac5b2cf33bb1cfcf6a750094beb7015119608a454d99ca8324669e9ec7", "52e6ad0b9fa496b52e9e1365d2208e7c60614ee0b4b231b4159d9218c3607ce6", "c72000deaafee8b3a26c31808316ecae94e429ff5d5b4334379adb1f91365c5f", "83d6c112004f89884e05919f941ca3a5f3a918f4bde181bed477f659a275e630", "8f6cdb7c77903c36b0710a606cc71af7bf28b7bbc6f45e0d9467925c25e41afe", "720c7086ec84b14499b6b0803c841c59e56f4b17f566afa633b68c155871f05a", "f4202295bc667e7b2d086747892bcefc5c5dc65692d769d1b1aa7cf6a112ef41"], "mitre_attack_tags": []}, {"bi": "modified-file-in-user-dir", "hashes": ["1daf2746645dcab7ea4ec4e75a9ac52c0722522b80c701691a12d2882d739a51", "47f31e2c01e3608564d18be81c165583fec2e775ffbb913ca0bc31e5265fd850", "771d51caabb75872ef9af76b2ba90693404f217a86885c82365b4b0f054db71a", "853fe6dcbc1947060a26cfee85e433f0af72157f0e56672671f6f0bb9edb22c0", "5e371cd3f7fab8a9e095cfca5d22b01330109d22244cbadd2a4c800963769512", "d4f8550b614995e44044bd2b83f4955bd60b9ec5ff4d7bfc3e0af4e04bbee535", "c76017b1ec2b90bdc6d3a6fd8e34b8c948dc2c103fe40c5ef690a3ebf14c2cea", "c4b6a21f07d4f5bafaea1238efcdd6da1783631407e612b2f598727cf69c5980", "d48cd3dc1e4203c1af41580fa1575f4e478a6947b75ac92271c9cb24481dcb40", "934936ac5b2cf33bb1cfcf6a750094beb7015119608a454d99ca8324669e9ec7", "52e6ad0b9fa496b52e9e1365d2208e7c60614ee0b4b231b4159d9218c3607ce6", "c72000deaafee8b3a26c31808316ecae94e429ff5d5b4334379adb1f91365c5f", "83d6c112004f89884e05919f941ca3a5f3a918f4bde181bed477f659a275e630", "8f6cdb7c77903c36b0710a606cc71af7bf28b7bbc6f45e0d9467925c25e41afe", "720c7086ec84b14499b6b0803c841c59e56f4b17f566afa633b68c155871f05a", "f4202295bc667e7b2d086747892bcefc5c5dc65692d769d1b1aa7cf6a112ef41"], "mitre_attack_tags": []}, {"bi": "malware-known-trojan-av", "hashes": ["1daf2746645dcab7ea4ec4e75a9ac52c0722522b80c701691a12d2882d739a51", "47f31e2c01e3608564d18be81c165583fec2e775ffbb913ca0bc31e5265fd850", "771d51caabb75872ef9af76b2ba90693404f217a86885c82365b4b0f054db71a", "853fe6dcbc1947060a26cfee85e433f0af72157f0e56672671f6f0bb9edb22c0", "5e371cd3f7fab8a9e095cfca5d22b01330109d22244cbadd2a4c800963769512", "d4f8550b614995e44044bd2b83f4955bd60b9ec5ff4d7bfc3e0af4e04bbee535", "c76017b1ec2b90bdc6d3a6fd8e34b8c948dc2c103fe40c5ef690a3ebf14c2cea", "c4b6a21f07d4f5bafaea1238efcdd6da1783631407e612b2f598727cf69c5980", "d48cd3dc1e4203c1af41580fa1575f4e478a6947b75ac92271c9cb24481dcb40", "934936ac5b2cf33bb1cfcf6a750094beb7015119608a454d99ca8324669e9ec7", "52e6ad0b9fa496b52e9e1365d2208e7c60614ee0b4b231b4159d9218c3607ce6", "c72000deaafee8b3a26c31808316ecae94e429ff5d5b4334379adb1f91365c5f", "83d6c112004f89884e05919f941ca3a5f3a918f4bde181bed477f659a275e630", "8f6cdb7c77903c36b0710a606cc71af7bf28b7bbc6f45e0d9467925c25e41afe", "720c7086ec84b14499b6b0803c841c59e56f4b17f566afa633b68c155871f05a", "f4202295bc667e7b2d086747892bcefc5c5dc65692d769d1b1aa7cf6a112ef41"], "mitre_attack_tags": []}, {"bi": "antivirus-flagged-artifact-cta", "hashes": ["1daf2746645dcab7ea4ec4e75a9ac52c0722522b80c701691a12d2882d739a51", "47f31e2c01e3608564d18be81c165583fec2e775ffbb913ca0bc31e5265fd850", "771d51caabb75872ef9af76b2ba90693404f217a86885c82365b4b0f054db71a", "853fe6dcbc1947060a26cfee85e433f0af72157f0e56672671f6f0bb9edb22c0", "5e371cd3f7fab8a9e095cfca5d22b01330109d22244cbadd2a4c800963769512", "d4f8550b614995e44044bd2b83f4955bd60b9ec5ff4d7bfc3e0af4e04bbee535", "c76017b1ec2b90bdc6d3a6fd8e34b8c948dc2c103fe40c5ef690a3ebf14c2cea", "c4b6a21f07d4f5bafaea1238efcdd6da1783631407e612b2f598727cf69c5980", "d48cd3dc1e4203c1af41580fa1575f4e478a6947b75ac92271c9cb24481dcb40", "934936ac5b2cf33bb1cfcf6a750094beb7015119608a454d99ca8324669e9ec7", "52e6ad0b9fa496b52e9e1365d2208e7c60614ee0b4b231b4159d9218c3607ce6", "c72000deaafee8b3a26c31808316ecae94e429ff5d5b4334379adb1f91365c5f", "83d6c112004f89884e05919f941ca3a5f3a918f4bde181bed477f659a275e630", "8f6cdb7c77903c36b0710a606cc71af7bf28b7bbc6f45e0d9467925c25e41afe", "720c7086ec84b14499b6b0803c841c59e56f4b17f566afa633b68c155871f05a", "f4202295bc667e7b2d086747892bcefc5c5dc65692d769d1b1aa7cf6a112ef41"], "mitre_attack_tags": []}, {"bi": "pe-filename-mismatch", "hashes": ["1daf2746645dcab7ea4ec4e75a9ac52c0722522b80c701691a12d2882d739a51", "771d51caabb75872ef9af76b2ba90693404f217a86885c82365b4b0f054db71a", "853fe6dcbc1947060a26cfee85e433f0af72157f0e56672671f6f0bb9edb22c0", "5e371cd3f7fab8a9e095cfca5d22b01330109d22244cbadd2a4c800963769512", "d4f8550b614995e44044bd2b83f4955bd60b9ec5ff4d7bfc3e0af4e04bbee535", "c76017b1ec2b90bdc6d3a6fd8e34b8c948dc2c103fe40c5ef690a3ebf14c2cea", "c4b6a21f07d4f5bafaea1238efcdd6da1783631407e612b2f598727cf69c5980", "d48cd3dc1e4203c1af41580fa1575f4e478a6947b75ac92271c9cb24481dcb40", "934936ac5b2cf33bb1cfcf6a750094beb7015119608a454d99ca8324669e9ec7", "52e6ad0b9fa496b52e9e1365d2208e7c60614ee0b4b231b4159d9218c3607ce6", "c72000deaafee8b3a26c31808316ecae94e429ff5d5b4334379adb1f91365c5f", "83d6c112004f89884e05919f941ca3a5f3a918f4bde181bed477f659a275e630", "8f6cdb7c77903c36b0710a606cc71af7bf28b7bbc6f45e0d9467925c25e41afe", "720c7086ec84b14499b6b0803c841c59e56f4b17f566afa633b68c155871f05a", "f4202295bc667e7b2d086747892bcefc5c5dc65692d769d1b1aa7cf6a112ef41"], "mitre_attack_tags": []}, {"bi": "hook-installed", "hashes": ["1daf2746645dcab7ea4ec4e75a9ac52c0722522b80c701691a12d2882d739a51", "47f31e2c01e3608564d18be81c165583fec2e775ffbb913ca0bc31e5265fd850", "771d51caabb75872ef9af76b2ba90693404f217a86885c82365b4b0f054db71a", "853fe6dcbc1947060a26cfee85e433f0af72157f0e56672671f6f0bb9edb22c0", "5e371cd3f7fab8a9e095cfca5d22b01330109d22244cbadd2a4c800963769512", "d4f8550b614995e44044bd2b83f4955bd60b9ec5ff4d7bfc3e0af4e04bbee535", "c76017b1ec2b90bdc6d3a6fd8e34b8c948dc2c103fe40c5ef690a3ebf14c2cea", "c4b6a21f07d4f5bafaea1238efcdd6da1783631407e612b2f598727cf69c5980", "934936ac5b2cf33bb1cfcf6a750094beb7015119608a454d99ca8324669e9ec7", "52e6ad0b9fa496b52e9e1365d2208e7c60614ee0b4b231b4159d9218c3607ce6", "c72000deaafee8b3a26c31808316ecae94e429ff5d5b4334379adb1f91365c5f", "83d6c112004f89884e05919f941ca3a5f3a918f4bde181bed477f659a275e630", "8f6cdb7c77903c36b0710a606cc71af7bf28b7bbc6f45e0d9467925c25e41afe", "720c7086ec84b14499b6b0803c841c59e56f4b17f566afa633b68c155871f05a", "f4202295bc667e7b2d086747892bcefc5c5dc65692d769d1b1aa7cf6a112ef41"], "mitre_attack_tags": ["TA0009", "TA0006", "T1056"]}, {"bi": "artifact-flagged-vm", "hashes": ["1daf2746645dcab7ea4ec4e75a9ac52c0722522b80c701691a12d2882d739a51", "47f31e2c01e3608564d18be81c165583fec2e775ffbb913ca0bc31e5265fd850", "771d51caabb75872ef9af76b2ba90693404f217a86885c82365b4b0f054db71a", "853fe6dcbc1947060a26cfee85e433f0af72157f0e56672671f6f0bb9edb22c0", "5e371cd3f7fab8a9e095cfca5d22b01330109d22244cbadd2a4c800963769512", "d4f8550b614995e44044bd2b83f4955bd60b9ec5ff4d7bfc3e0af4e04bbee535", "c76017b1ec2b90bdc6d3a6fd8e34b8c948dc2c103fe40c5ef690a3ebf14c2cea", "c4b6a21f07d4f5bafaea1238efcdd6da1783631407e612b2f598727cf69c5980", "934936ac5b2cf33bb1cfcf6a750094beb7015119608a454d99ca8324669e9ec7", "52e6ad0b9fa496b52e9e1365d2208e7c60614ee0b4b231b4159d9218c3607ce6", "c72000deaafee8b3a26c31808316ecae94e429ff5d5b4334379adb1f91365c5f", "83d6c112004f89884e05919f941ca3a5f3a918f4bde181bed477f659a275e630", "8f6cdb7c77903c36b0710a606cc71af7bf28b7bbc6f45e0d9467925c25e41afe", "720c7086ec84b14499b6b0803c841c59e56f4b17f566afa633b68c155871f05a", "f4202295bc667e7b2d086747892bcefc5c5dc65692d769d1b1aa7cf6a112ef41"], "mitre_attack_tags": ["TA0005", "TA0007", "T1497"]}, {"bi": "pe-tls-callback", "hashes": ["1daf2746645dcab7ea4ec4e75a9ac52c0722522b80c701691a12d2882d739a51", "47f31e2c01e3608564d18be81c165583fec2e775ffbb913ca0bc31e5265fd850", "771d51caabb75872ef9af76b2ba90693404f217a86885c82365b4b0f054db71a", "853fe6dcbc1947060a26cfee85e433f0af72157f0e56672671f6f0bb9edb22c0", "5e371cd3f7fab8a9e095cfca5d22b01330109d22244cbadd2a4c800963769512", "d4f8550b614995e44044bd2b83f4955bd60b9ec5ff4d7bfc3e0af4e04bbee535", "c76017b1ec2b90bdc6d3a6fd8e34b8c948dc2c103fe40c5ef690a3ebf14c2cea", "c4b6a21f07d4f5bafaea1238efcdd6da1783631407e612b2f598727cf69c5980", "934936ac5b2cf33bb1cfcf6a750094beb7015119608a454d99ca8324669e9ec7", "52e6ad0b9fa496b52e9e1365d2208e7c60614ee0b4b231b4159d9218c3607ce6", "c72000deaafee8b3a26c31808316ecae94e429ff5d5b4334379adb1f91365c5f", "83d6c112004f89884e05919f941ca3a5f3a918f4bde181bed477f659a275e630", "8f6cdb7c77903c36b0710a606cc71af7bf28b7bbc6f45e0d9467925c25e41afe", "720c7086ec84b14499b6b0803c841c59e56f4b17f566afa633b68c155871f05a", "f4202295bc667e7b2d086747892bcefc5c5dc65692d769d1b1aa7cf6a112ef41"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "malware-darkcomet-registry-detected", "hashes": ["1daf2746645dcab7ea4ec4e75a9ac52c0722522b80c701691a12d2882d739a51", "47f31e2c01e3608564d18be81c165583fec2e775ffbb913ca0bc31e5265fd850", "771d51caabb75872ef9af76b2ba90693404f217a86885c82365b4b0f054db71a", "853fe6dcbc1947060a26cfee85e433f0af72157f0e56672671f6f0bb9edb22c0", "5e371cd3f7fab8a9e095cfca5d22b01330109d22244cbadd2a4c800963769512", "d4f8550b614995e44044bd2b83f4955bd60b9ec5ff4d7bfc3e0af4e04bbee535", "c76017b1ec2b90bdc6d3a6fd8e34b8c948dc2c103fe40c5ef690a3ebf14c2cea", "c4b6a21f07d4f5bafaea1238efcdd6da1783631407e612b2f598727cf69c5980", "934936ac5b2cf33bb1cfcf6a750094beb7015119608a454d99ca8324669e9ec7", "52e6ad0b9fa496b52e9e1365d2208e7c60614ee0b4b231b4159d9218c3607ce6", "c72000deaafee8b3a26c31808316ecae94e429ff5d5b4334379adb1f91365c5f", "83d6c112004f89884e05919f941ca3a5f3a918f4bde181bed477f659a275e630", "8f6cdb7c77903c36b0710a606cc71af7bf28b7bbc6f45e0d9467925c25e41afe", "720c7086ec84b14499b6b0803c841c59e56f4b17f566afa633b68c155871f05a", "f4202295bc667e7b2d086747892bcefc5c5dc65692d769d1b1aa7cf6a112ef41"], "mitre_attack_tags": []}, {"bi": "registry-autorun-key-modified", "hashes": ["1daf2746645dcab7ea4ec4e75a9ac52c0722522b80c701691a12d2882d739a51", "47f31e2c01e3608564d18be81c165583fec2e775ffbb913ca0bc31e5265fd850", "771d51caabb75872ef9af76b2ba90693404f217a86885c82365b4b0f054db71a", "853fe6dcbc1947060a26cfee85e433f0af72157f0e56672671f6f0bb9edb22c0", "5e371cd3f7fab8a9e095cfca5d22b01330109d22244cbadd2a4c800963769512", "d4f8550b614995e44044bd2b83f4955bd60b9ec5ff4d7bfc3e0af4e04bbee535", "c76017b1ec2b90bdc6d3a6fd8e34b8c948dc2c103fe40c5ef690a3ebf14c2cea", "c4b6a21f07d4f5bafaea1238efcdd6da1783631407e612b2f598727cf69c5980", "d48cd3dc1e4203c1af41580fa1575f4e478a6947b75ac92271c9cb24481dcb40", "52e6ad0b9fa496b52e9e1365d2208e7c60614ee0b4b231b4159d9218c3607ce6", "c72000deaafee8b3a26c31808316ecae94e429ff5d5b4334379adb1f91365c5f", "83d6c112004f89884e05919f941ca3a5f3a918f4bde181bed477f659a275e630", "8f6cdb7c77903c36b0710a606cc71af7bf28b7bbc6f45e0d9467925c25e41afe", "f4202295bc667e7b2d086747892bcefc5c5dc65692d769d1b1aa7cf6a112ef41"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "malware-darkcomet-detected", "hashes": ["1daf2746645dcab7ea4ec4e75a9ac52c0722522b80c701691a12d2882d739a51", "771d51caabb75872ef9af76b2ba90693404f217a86885c82365b4b0f054db71a", "853fe6dcbc1947060a26cfee85e433f0af72157f0e56672671f6f0bb9edb22c0", "5e371cd3f7fab8a9e095cfca5d22b01330109d22244cbadd2a4c800963769512", "d4f8550b614995e44044bd2b83f4955bd60b9ec5ff4d7bfc3e0af4e04bbee535", "c76017b1ec2b90bdc6d3a6fd8e34b8c948dc2c103fe40c5ef690a3ebf14c2cea", "c4b6a21f07d4f5bafaea1238efcdd6da1783631407e612b2f598727cf69c5980", "934936ac5b2cf33bb1cfcf6a750094beb7015119608a454d99ca8324669e9ec7", "52e6ad0b9fa496b52e9e1365d2208e7c60614ee0b4b231b4159d9218c3607ce6", "c72000deaafee8b3a26c31808316ecae94e429ff5d5b4334379adb1f91365c5f", "83d6c112004f89884e05919f941ca3a5f3a918f4bde181bed477f659a275e630", "8f6cdb7c77903c36b0710a606cc71af7bf28b7bbc6f45e0d9467925c25e41afe", "720c7086ec84b14499b6b0803c841c59e56f4b17f566afa633b68c155871f05a", "f4202295bc667e7b2d086747892bcefc5c5dc65692d769d1b1aa7cf6a112ef41"], "mitre_attack_tags": []}, {"bi": "registry-winlogon-key-modified-nt", "hashes": ["1daf2746645dcab7ea4ec4e75a9ac52c0722522b80c701691a12d2882d739a51", "47f31e2c01e3608564d18be81c165583fec2e775ffbb913ca0bc31e5265fd850", "771d51caabb75872ef9af76b2ba90693404f217a86885c82365b4b0f054db71a", "853fe6dcbc1947060a26cfee85e433f0af72157f0e56672671f6f0bb9edb22c0", "5e371cd3f7fab8a9e095cfca5d22b01330109d22244cbadd2a4c800963769512", "d4f8550b614995e44044bd2b83f4955bd60b9ec5ff4d7bfc3e0af4e04bbee535", "c76017b1ec2b90bdc6d3a6fd8e34b8c948dc2c103fe40c5ef690a3ebf14c2cea", "c4b6a21f07d4f5bafaea1238efcdd6da1783631407e612b2f598727cf69c5980", "52e6ad0b9fa496b52e9e1365d2208e7c60614ee0b4b231b4159d9218c3607ce6", "c72000deaafee8b3a26c31808316ecae94e429ff5d5b4334379adb1f91365c5f", "83d6c112004f89884e05919f941ca3a5f3a918f4bde181bed477f659a275e630", "8f6cdb7c77903c36b0710a606cc71af7bf28b7bbc6f45e0d9467925c25e41afe", "f4202295bc667e7b2d086747892bcefc5c5dc65692d769d1b1aa7cf6a112ef41"], "mitre_attack_tags": ["TA0003", "T1112"]}, {"bi": "malware-darkcomet-mutex-detected", "hashes": ["1daf2746645dcab7ea4ec4e75a9ac52c0722522b80c701691a12d2882d739a51", "771d51caabb75872ef9af76b2ba90693404f217a86885c82365b4b0f054db71a", "853fe6dcbc1947060a26cfee85e433f0af72157f0e56672671f6f0bb9edb22c0", "5e371cd3f7fab8a9e095cfca5d22b01330109d22244cbadd2a4c800963769512", "d4f8550b614995e44044bd2b83f4955bd60b9ec5ff4d7bfc3e0af4e04bbee535", "c4b6a21f07d4f5bafaea1238efcdd6da1783631407e612b2f598727cf69c5980", "934936ac5b2cf33bb1cfcf6a750094beb7015119608a454d99ca8324669e9ec7", "52e6ad0b9fa496b52e9e1365d2208e7c60614ee0b4b231b4159d9218c3607ce6", "c72000deaafee8b3a26c31808316ecae94e429ff5d5b4334379adb1f91365c5f", "83d6c112004f89884e05919f941ca3a5f3a918f4bde181bed477f659a275e630", "8f6cdb7c77903c36b0710a606cc71af7bf28b7bbc6f45e0d9467925c25e41afe", "720c7086ec84b14499b6b0803c841c59e56f4b17f566afa633b68c155871f05a", "f4202295bc667e7b2d086747892bcefc5c5dc65692d769d1b1aa7cf6a112ef41"], "mitre_attack_tags": []}, {"bi": "malware-adware-av", "hashes": ["1daf2746645dcab7ea4ec4e75a9ac52c0722522b80c701691a12d2882d739a51", "771d51caabb75872ef9af76b2ba90693404f217a86885c82365b4b0f054db71a", "853fe6dcbc1947060a26cfee85e433f0af72157f0e56672671f6f0bb9edb22c0", "5e371cd3f7fab8a9e095cfca5d22b01330109d22244cbadd2a4c800963769512", "d4f8550b614995e44044bd2b83f4955bd60b9ec5ff4d7bfc3e0af4e04bbee535", "c4b6a21f07d4f5bafaea1238efcdd6da1783631407e612b2f598727cf69c5980", "934936ac5b2cf33bb1cfcf6a750094beb7015119608a454d99ca8324669e9ec7", "52e6ad0b9fa496b52e9e1365d2208e7c60614ee0b4b231b4159d9218c3607ce6", "c72000deaafee8b3a26c31808316ecae94e429ff5d5b4334379adb1f91365c5f", "83d6c112004f89884e05919f941ca3a5f3a918f4bde181bed477f659a275e630", "8f6cdb7c77903c36b0710a606cc71af7bf28b7bbc6f45e0d9467925c25e41afe", "720c7086ec84b14499b6b0803c841c59e56f4b17f566afa633b68c155871f05a", "f4202295bc667e7b2d086747892bcefc5c5dc65692d769d1b1aa7cf6a112ef41"], "mitre_attack_tags": []}, {"bi": "excessive-foreign-memory-modification", "hashes": ["47f31e2c01e3608564d18be81c165583fec2e775ffbb913ca0bc31e5265fd850", "853fe6dcbc1947060a26cfee85e433f0af72157f0e56672671f6f0bb9edb22c0", "d4f8550b614995e44044bd2b83f4955bd60b9ec5ff4d7bfc3e0af4e04bbee535", "934936ac5b2cf33bb1cfcf6a750094beb7015119608a454d99ca8324669e9ec7", "52e6ad0b9fa496b52e9e1365d2208e7c60614ee0b4b231b4159d9218c3607ce6", "83d6c112004f89884e05919f941ca3a5f3a918f4bde181bed477f659a275e630", "8f6cdb7c77903c36b0710a606cc71af7bf28b7bbc6f45e0d9467925c25e41afe"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "network-dns-category-dynamic", "hashes": ["853fe6dcbc1947060a26cfee85e433f0af72157f0e56672671f6f0bb9edb22c0", "d4f8550b614995e44044bd2b83f4955bd60b9ec5ff4d7bfc3e0af4e04bbee535", "d48cd3dc1e4203c1af41580fa1575f4e478a6947b75ac92271c9cb24481dcb40", "52e6ad0b9fa496b52e9e1365d2208e7c60614ee0b4b231b4159d9218c3607ce6", "c72000deaafee8b3a26c31808316ecae94e429ff5d5b4334379adb1f91365c5f", "83d6c112004f89884e05919f941ca3a5f3a918f4bde181bed477f659a275e630"], "mitre_attack_tags": []}, {"bi": "modified-file-in-system-dir", "hashes": ["771d51caabb75872ef9af76b2ba90693404f217a86885c82365b4b0f054db71a", "c76017b1ec2b90bdc6d3a6fd8e34b8c948dc2c103fe40c5ef690a3ebf14c2cea", "d48cd3dc1e4203c1af41580fa1575f4e478a6947b75ac92271c9cb24481dcb40", "52e6ad0b9fa496b52e9e1365d2208e7c60614ee0b4b231b4159d9218c3607ce6", "83d6c112004f89884e05919f941ca3a5f3a918f4bde181bed477f659a275e630"], "mitre_attack_tags": []}, {"bi": "network-fast-flux-nameserver", "hashes": ["853fe6dcbc1947060a26cfee85e433f0af72157f0e56672671f6f0bb9edb22c0", "d4f8550b614995e44044bd2b83f4955bd60b9ec5ff4d7bfc3e0af4e04bbee535", "52e6ad0b9fa496b52e9e1365d2208e7c60614ee0b4b231b4159d9218c3607ce6", "83d6c112004f89884e05919f941ca3a5f3a918f4bde181bed477f659a275e630", "8f6cdb7c77903c36b0710a606cc71af7bf28b7bbc6f45e0d9467925c25e41afe"], "mitre_attack_tags": []}, {"bi": "windows-util-attrib-hide", "hashes": ["853fe6dcbc1947060a26cfee85e433f0af72157f0e56672671f6f0bb9edb22c0", "d4f8550b614995e44044bd2b83f4955bd60b9ec5ff4d7bfc3e0af4e04bbee535", "c76017b1ec2b90bdc6d3a6fd8e34b8c948dc2c103fe40c5ef690a3ebf14c2cea", "934936ac5b2cf33bb1cfcf6a750094beb7015119608a454d99ca8324669e9ec7", "8f6cdb7c77903c36b0710a606cc71af7bf28b7bbc6f45e0d9467925c25e41afe"], "mitre_attack_tags": ["TA0005", "T1564"]}, {"bi": "file-attribute-modification", "hashes": ["853fe6dcbc1947060a26cfee85e433f0af72157f0e56672671f6f0bb9edb22c0", "d4f8550b614995e44044bd2b83f4955bd60b9ec5ff4d7bfc3e0af4e04bbee535", "c76017b1ec2b90bdc6d3a6fd8e34b8c948dc2c103fe40c5ef690a3ebf14c2cea", "934936ac5b2cf33bb1cfcf6a750094beb7015119608a454d99ca8324669e9ec7", "8f6cdb7c77903c36b0710a606cc71af7bf28b7bbc6f45e0d9467925c25e41afe"], "mitre_attack_tags": ["TA0005", "T1564"]}, {"bi": "feed-domain-rat", "hashes": ["d48cd3dc1e4203c1af41580fa1575f4e478a6947b75ac92271c9cb24481dcb40", "52e6ad0b9fa496b52e9e1365d2208e7c60614ee0b4b231b4159d9218c3607ce6", "c72000deaafee8b3a26c31808316ecae94e429ff5d5b4334379adb1f91365c5f", "83d6c112004f89884e05919f941ca3a5f3a918f4bde181bed477f659a275e630", "8f6cdb7c77903c36b0710a606cc71af7bf28b7bbc6f45e0d9467925c25e41afe"], "mitre_attack_tags": []}, {"bi": "feed-domain-antivirus-service", "hashes": ["d48cd3dc1e4203c1af41580fa1575f4e478a6947b75ac92271c9cb24481dcb40", "52e6ad0b9fa496b52e9e1365d2208e7c60614ee0b4b231b4159d9218c3607ce6", "c72000deaafee8b3a26c31808316ecae94e429ff5d5b4334379adb1f91365c5f", "83d6c112004f89884e05919f941ca3a5f3a918f4bde181bed477f659a275e630", "8f6cdb7c77903c36b0710a606cc71af7bf28b7bbc6f45e0d9467925c25e41afe"], "mitre_attack_tags": []}, {"bi": "dns-query-nxdomain", "hashes": ["52e6ad0b9fa496b52e9e1365d2208e7c60614ee0b4b231b4159d9218c3607ce6", "c72000deaafee8b3a26c31808316ecae94e429ff5d5b4334379adb1f91365c5f", "83d6c112004f89884e05919f941ca3a5f3a918f4bde181bed477f659a275e630", "8f6cdb7c77903c36b0710a606cc71af7bf28b7bbc6f45e0d9467925c25e41afe"], "mitre_attack_tags": []}, {"bi": "pe-invalid-checksum", "hashes": ["853fe6dcbc1947060a26cfee85e433f0af72157f0e56672671f6f0bb9edb22c0", "d48cd3dc1e4203c1af41580fa1575f4e478a6947b75ac92271c9cb24481dcb40", "720c7086ec84b14499b6b0803c841c59e56f4b17f566afa633b68c155871f05a"], "mitre_attack_tags": []}, {"bi": "artifact-flagged-sandbox", "hashes": ["47f31e2c01e3608564d18be81c165583fec2e775ffbb913ca0bc31e5265fd850", "d48cd3dc1e4203c1af41580fa1575f4e478a6947b75ac92271c9cb24481dcb40"], "mitre_attack_tags": ["TA0005", "T1497"]}, {"bi": "artifact-multiple-extensions", "hashes": ["47f31e2c01e3608564d18be81c165583fec2e775ffbb913ca0bc31e5265fd850", "c4b6a21f07d4f5bafaea1238efcdd6da1783631407e612b2f598727cf69c5980"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "network-dns-safe-categories", "hashes": ["853fe6dcbc1947060a26cfee85e433f0af72157f0e56672671f6f0bb9edb22c0", "d4f8550b614995e44044bd2b83f4955bd60b9ec5ff4d7bfc3e0af4e04bbee535"], "mitre_attack_tags": []}, {"bi": "registry-autorun-key-system-dir", "hashes": ["52e6ad0b9fa496b52e9e1365d2208e7c60614ee0b4b231b4159d9218c3607ce6", "83d6c112004f89884e05919f941ca3a5f3a918f4bde181bed477f659a275e630"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "disables-windows-firewall", "hashes": ["c72000deaafee8b3a26c31808316ecae94e429ff5d5b4334379adb1f91365c5f", "8f6cdb7c77903c36b0710a606cc71af7bf28b7bbc6f45e0d9467925c25e41afe"], "mitre_attack_tags": ["TA0005", "T1562"]}, {"bi": "windows-crash-tool-execution-detected", "hashes": ["47f31e2c01e3608564d18be81c165583fec2e775ffbb913ca0bc31e5265fd850"], "mitre_attack_tags": []}, {"bi": "crash-dump-file-created", "hashes": ["47f31e2c01e3608564d18be81c165583fec2e775ffbb913ca0bc31e5265fd850"], "mitre_attack_tags": []}, {"bi": "fault-report-file-created", "hashes": ["47f31e2c01e3608564d18be81c165583fec2e775ffbb913ca0bc31e5265fd850"], "mitre_attack_tags": []}, {"bi": "registry-autorun-key-temp-dir", "hashes": ["47f31e2c01e3608564d18be81c165583fec2e775ffbb913ca0bc31e5265fd850"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "excessive-process-creates", "hashes": ["c76017b1ec2b90bdc6d3a6fd8e34b8c948dc2c103fe40c5ef690a3ebf14c2cea"], "mitre_attack_tags": ["TA0040", "T1499"]}, {"bi": "malware-svchost-misspell", "hashes": ["c76017b1ec2b90bdc6d3a6fd8e34b8c948dc2c103fe40c5ef690a3ebf14c2cea"], "mitre_attack_tags": []}, {"bi": "malware-misspell-binary", "hashes": ["c76017b1ec2b90bdc6d3a6fd8e34b8c948dc2c103fe40c5ef690a3ebf14c2cea"], "mitre_attack_tags": []}, {"bi": "network-fast-flux-domain", "hashes": ["d48cd3dc1e4203c1af41580fa1575f4e478a6947b75ac92271c9cb24481dcb40"], "mitre_attack_tags": []}, {"bi": "network-snort-protocol", "hashes": ["d48cd3dc1e4203c1af41580fa1575f4e478a6947b75ac92271c9cb24481dcb40"], "mitre_attack_tags": []}, {"bi": "pe-uses-visual-basic", "hashes": ["d48cd3dc1e4203c1af41580fa1575f4e478a6947b75ac92271c9cb24481dcb40"], "mitre_attack_tags": []}, {"bi": "registry-autorun-key-data-dir", "hashes": ["d48cd3dc1e4203c1af41580fa1575f4e478a6947b75ac92271c9cb24481dcb40"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "pe-certificate", "hashes": ["d48cd3dc1e4203c1af41580fa1575f4e478a6947b75ac92271c9cb24481dcb40"], "mitre_attack_tags": []}, {"bi": "pe-subtype-com", "hashes": ["d48cd3dc1e4203c1af41580fa1575f4e478a6947b75ac92271c9cb24481dcb40"], "mitre_attack_tags": []}, {"bi": "registered-com-server", "hashes": ["d48cd3dc1e4203c1af41580fa1575f4e478a6947b75ac92271c9cb24481dcb40"], "mitre_attack_tags": ["TA0002"]}, {"bi": "pe-header-timestamp-prior", "hashes": ["d48cd3dc1e4203c1af41580fa1575f4e478a6947b75ac92271c9cb24481dcb40"], "mitre_attack_tags": []}, {"bi": "service-dll-registration", "hashes": ["d48cd3dc1e4203c1af41580fa1575f4e478a6947b75ac92271c9cb24481dcb40"], "mitre_attack_tags": ["TA0003", "TA0004", "T1543"]}, {"bi": "embedded-pe-resource2", "hashes": ["d48cd3dc1e4203c1af41580fa1575f4e478a6947b75ac92271c9cb24481dcb40"], "mitre_attack_tags": []}, {"bi": "pe-vb-imports-toolhelp", "hashes": ["d48cd3dc1e4203c1af41580fa1575f4e478a6947b75ac92271c9cb24481dcb40"], "mitre_attack_tags": ["TA0007", "T1057"]}, {"bi": "registry-service-autostart-disabled", "hashes": ["8f6cdb7c77903c36b0710a606cc71af7bf28b7bbc6f45e0d9467925c25e41afe"], "mitre_attack_tags": ["TA0005", "TA0040", "TA0003", "TA0004", "T1112", "T1574", "T1489"]}, {"bi": "disables-security-center-notifications", "hashes": ["8f6cdb7c77903c36b0710a606cc71af7bf28b7bbc6f45e0d9467925c25e41afe"], "mitre_attack_tags": ["TA0005", "T1562"]}], "category": "Dropper", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": true, "Threat Grid": true, "Umbrella": false, "WSA": false}, "description": "DarkComet and related variants are a family of remote access trojans designed to provide an attacker with control over an infected system. Capabilities of this malware include the ability to download files from a user's machine, mechanisms for persistence and hiding, and the ability to send back usernames and passwords from the infected system.", "hashes": ["1daf2746645dcab7ea4ec4e75a9ac52c0722522b80c701691a12d2882d739a51", "47f31e2c01e3608564d18be81c165583fec2e775ffbb913ca0bc31e5265fd850", "52e6ad0b9fa496b52e9e1365d2208e7c60614ee0b4b231b4159d9218c3607ce6", "5e371cd3f7fab8a9e095cfca5d22b01330109d22244cbadd2a4c800963769512", "720c7086ec84b14499b6b0803c841c59e56f4b17f566afa633b68c155871f05a", "771d51caabb75872ef9af76b2ba90693404f217a86885c82365b4b0f054db71a", "783031a8d7e9d3b9c32b9827c2121d1da92e63a5fc99a089a6743c829be54855", "83d6c112004f89884e05919f941ca3a5f3a918f4bde181bed477f659a275e630", "853fe6dcbc1947060a26cfee85e433f0af72157f0e56672671f6f0bb9edb22c0", "8f6cdb7c77903c36b0710a606cc71af7bf28b7bbc6f45e0d9467925c25e41afe", "934936ac5b2cf33bb1cfcf6a750094beb7015119608a454d99ca8324669e9ec7", "c4b6a21f07d4f5bafaea1238efcdd6da1783631407e612b2f598727cf69c5980", "c72000deaafee8b3a26c31808316ecae94e429ff5d5b4334379adb1f91365c5f", "c76017b1ec2b90bdc6d3a6fd8e34b8c948dc2c103fe40c5ef690a3ebf14c2cea", "d48cd3dc1e4203c1af41580fa1575f4e478a6947b75ac92271c9cb24481dcb40", "d4f8550b614995e44044bd2b83f4955bd60b9ec5ff4d7bfc3e0af4e04bbee535", "f4202295bc667e7b2d086747892bcefc5c5dc65692d769d1b1aa7cf6a112ef41"], "iocs": {"domain": [{"hashes": ["52e6ad0b9fa496b52e9e1365d2208e7c60614ee0b4b231b4159d9218c3607ce6", "83d6c112004f89884e05919f941ca3a5f3a918f4bde181bed477f659a275e630"], "host": "mrryy[.]duckdns[.]org"}, {"hashes": ["853fe6dcbc1947060a26cfee85e433f0af72157f0e56672671f6f0bb9edb22c0", "d4f8550b614995e44044bd2b83f4955bd60b9ec5ff4d7bfc3e0af4e04bbee535"], "host": "rufleks[.]no-ip[.]org"}, {"hashes": ["8f6cdb7c77903c36b0710a606cc71af7bf28b7bbc6f45e0d9467925c25e41afe"], "host": "darkcometxx[.]no-[.]p[.]org"}, {"hashes": ["d48cd3dc1e4203c1af41580fa1575f4e478a6947b75ac92271c9cb24481dcb40"], "host": "xdeniz059[.]duckdns[.]org"}, {"hashes": ["c72000deaafee8b3a26c31808316ecae94e429ff5d5b4334379adb1f91365c5f"], "host": "cash894156[.]ddns[.]net"}], "file": [{"hashes": ["1daf2746645dcab7ea4ec4e75a9ac52c0722522b80c701691a12d2882d739a51", "47f31e2c01e3608564d18be81c165583fec2e775ffbb913ca0bc31e5265fd850", "52e6ad0b9fa496b52e9e1365d2208e7c60614ee0b4b231b4159d9218c3607ce6", "720c7086ec84b14499b6b0803c841c59e56f4b17f566afa633b68c155871f05a", "771d51caabb75872ef9af76b2ba90693404f217a86885c82365b4b0f054db71a", "83d6c112004f89884e05919f941ca3a5f3a918f4bde181bed477f659a275e630", "853fe6dcbc1947060a26cfee85e433f0af72157f0e56672671f6f0bb9edb22c0", "8f6cdb7c77903c36b0710a606cc71af7bf28b7bbc6f45e0d9467925c25e41afe", "934936ac5b2cf33bb1cfcf6a750094beb7015119608a454d99ca8324669e9ec7", "c72000deaafee8b3a26c31808316ecae94e429ff5d5b4334379adb1f91365c5f", "c76017b1ec2b90bdc6d3a6fd8e34b8c948dc2c103fe40c5ef690a3ebf14c2cea", "d48cd3dc1e4203c1af41580fa1575f4e478a6947b75ac92271c9cb24481dcb40", "d4f8550b614995e44044bd2b83f4955bd60b9ec5ff4d7bfc3e0af4e04bbee535", "f4202295bc667e7b2d086747892bcefc5c5dc65692d769d1b1aa7cf6a112ef41"], "path": "%LOCALAPPDATA%\\Microsoft\\CLR_v2.0_32\\UsageLogs\\<exe name>.log"}, {"hashes": ["1daf2746645dcab7ea4ec4e75a9ac52c0722522b80c701691a12d2882d739a51", "52e6ad0b9fa496b52e9e1365d2208e7c60614ee0b4b231b4159d9218c3607ce6", "5e371cd3f7fab8a9e095cfca5d22b01330109d22244cbadd2a4c800963769512", "720c7086ec84b14499b6b0803c841c59e56f4b17f566afa633b68c155871f05a", "771d51caabb75872ef9af76b2ba90693404f217a86885c82365b4b0f054db71a", "83d6c112004f89884e05919f941ca3a5f3a918f4bde181bed477f659a275e630", "853fe6dcbc1947060a26cfee85e433f0af72157f0e56672671f6f0bb9edb22c0", "8f6cdb7c77903c36b0710a606cc71af7bf28b7bbc6f45e0d9467925c25e41afe", "934936ac5b2cf33bb1cfcf6a750094beb7015119608a454d99ca8324669e9ec7", "c4b6a21f07d4f5bafaea1238efcdd6da1783631407e612b2f598727cf69c5980", "c72000deaafee8b3a26c31808316ecae94e429ff5d5b4334379adb1f91365c5f", "d4f8550b614995e44044bd2b83f4955bd60b9ec5ff4d7bfc3e0af4e04bbee535", "f4202295bc667e7b2d086747892bcefc5c5dc65692d769d1b1aa7cf6a112ef41"], "path": "%APPDATA%\\dclogs"}, {"hashes": ["1daf2746645dcab7ea4ec4e75a9ac52c0722522b80c701691a12d2882d739a51", "5e371cd3f7fab8a9e095cfca5d22b01330109d22244cbadd2a4c800963769512", "c4b6a21f07d4f5bafaea1238efcdd6da1783631407e612b2f598727cf69c5980", "f4202295bc667e7b2d086747892bcefc5c5dc65692d769d1b1aa7cf6a112ef41"], "path": "%HOMEPATH%\\Documents\\DCSCMIN"}, {"hashes": ["1daf2746645dcab7ea4ec4e75a9ac52c0722522b80c701691a12d2882d739a51", "5e371cd3f7fab8a9e095cfca5d22b01330109d22244cbadd2a4c800963769512", "c4b6a21f07d4f5bafaea1238efcdd6da1783631407e612b2f598727cf69c5980", "f4202295bc667e7b2d086747892bcefc5c5dc65692d769d1b1aa7cf6a112ef41"], "path": "%HOMEPATH%\\Documents\\DCSCMIN\\IMDCSC.exe"}, {"hashes": ["853fe6dcbc1947060a26cfee85e433f0af72157f0e56672671f6f0bb9edb22c0", "8f6cdb7c77903c36b0710a606cc71af7bf28b7bbc6f45e0d9467925c25e41afe", "d4f8550b614995e44044bd2b83f4955bd60b9ec5ff4d7bfc3e0af4e04bbee535"], "path": "%HOMEPATH%\\Documents\\MSDCSC"}, {"hashes": ["853fe6dcbc1947060a26cfee85e433f0af72157f0e56672671f6f0bb9edb22c0", "8f6cdb7c77903c36b0710a606cc71af7bf28b7bbc6f45e0d9467925c25e41afe", "d4f8550b614995e44044bd2b83f4955bd60b9ec5ff4d7bfc3e0af4e04bbee535"], "path": "%HOMEPATH%\\Documents\\MSDCSC\\msdcsc.exe"}, {"hashes": ["1daf2746645dcab7ea4ec4e75a9ac52c0722522b80c701691a12d2882d739a51", "771d51caabb75872ef9af76b2ba90693404f217a86885c82365b4b0f054db71a", "934936ac5b2cf33bb1cfcf6a750094beb7015119608a454d99ca8324669e9ec7"], "path": "%HOMEPATH%\\Documents\\server.exe"}, {"hashes": ["52e6ad0b9fa496b52e9e1365d2208e7c60614ee0b4b231b4159d9218c3607ce6", "83d6c112004f89884e05919f941ca3a5f3a918f4bde181bed477f659a275e630"], "path": "%SystemRoot%\\MSDCSC"}, {"hashes": ["52e6ad0b9fa496b52e9e1365d2208e7c60614ee0b4b231b4159d9218c3607ce6", "83d6c112004f89884e05919f941ca3a5f3a918f4bde181bed477f659a275e630"], "path": "%SystemRoot%\\MSDCSC\\msdcsc.exe"}, {"hashes": ["c4b6a21f07d4f5bafaea1238efcdd6da1783631407e612b2f598727cf69c5980"], "path": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\.exe"}, {"hashes": ["c72000deaafee8b3a26c31808316ecae94e429ff5d5b4334379adb1f91365c5f"], "path": "%ProgramData%\\Microsoft\\Windows\\Start Menu\\MSDCSC"}, {"hashes": ["c72000deaafee8b3a26c31808316ecae94e429ff5d5b4334379adb1f91365c5f"], "path": "%ProgramData%\\Microsoft\\Windows\\Start Menu\\MSDCSC\\msdcsc.exe"}, {"hashes": ["d48cd3dc1e4203c1af41580fa1575f4e478a6947b75ac92271c9cb24481dcb40"], "path": "%SystemRoot%\\SysWOW64\\MSWINSCK.OCX"}, {"hashes": ["771d51caabb75872ef9af76b2ba90693404f217a86885c82365b4b0f054db71a"], "path": "%SystemRoot%\\SysWOW64\\DCSCMIN"}, {"hashes": ["771d51caabb75872ef9af76b2ba90693404f217a86885c82365b4b0f054db71a"], "path": "%SystemRoot%\\SysWOW64\\DCSCMIN\\IMDCSC.exe"}, {"hashes": ["d48cd3dc1e4203c1af41580fa1575f4e478a6947b75ac92271c9cb24481dcb40"], "path": "%APPDATA%\\msdcsc.exe"}, {"hashes": ["d48cd3dc1e4203c1af41580fa1575f4e478a6947b75ac92271c9cb24481dcb40"], "path": "%System32%\\MSWINSCK.OCX"}, {"hashes": ["771d51caabb75872ef9af76b2ba90693404f217a86885c82365b4b0f054db71a"], "path": "%System32%\\DCSCMIN\\IMDCSC.exe"}, {"hashes": ["47f31e2c01e3608564d18be81c165583fec2e775ffbb913ca0bc31e5265fd850"], "path": "%TEMP%\\Windupdt"}, {"hashes": ["5e371cd3f7fab8a9e095cfca5d22b01330109d22244cbadd2a4c800963769512"], "path": "%HOMEPATH%\\Documents\\00.exe"}, {"hashes": ["720c7086ec84b14499b6b0803c841c59e56f4b17f566afa633b68c155871f05a"], "path": "%HOMEPATH%\\Documents\\\u00f6\u00f6\u00f6\u00f6.exe"}, {"hashes": ["52e6ad0b9fa496b52e9e1365d2208e7c60614ee0b4b231b4159d9218c3607ce6"], "path": "%HOMEPATH%\\Documents\\aaaaa.exe"}, {"hashes": ["83d6c112004f89884e05919f941ca3a5f3a918f4bde181bed477f659a275e630"], "path": "%HOMEPATH%\\Documents\\aaaaaaaaa.exe"}, {"hashes": ["8f6cdb7c77903c36b0710a606cc71af7bf28b7bbc6f45e0d9467925c25e41afe"], "path": "%HOMEPATH%\\Documents\\server2.exe"}, {"hashes": ["853fe6dcbc1947060a26cfee85e433f0af72157f0e56672671f6f0bb9edb22c0"], "path": "%HOMEPATH%\\Documents\\as.exe"}, {"hashes": ["c4b6a21f07d4f5bafaea1238efcdd6da1783631407e612b2f598727cf69c5980"], "path": "%HOMEPATH%\\Documents\\server.exe.exe"}, {"hashes": ["c76017b1ec2b90bdc6d3a6fd8e34b8c948dc2c103fe40c5ef690a3ebf14c2cea"], "path": "%SystemRoot%\\SysWOW64\\svchosts"}, {"hashes": ["c76017b1ec2b90bdc6d3a6fd8e34b8c948dc2c103fe40c5ef690a3ebf14c2cea"], "path": "%SystemRoot%\\SysWOW64\\svchosts\\svchosts.exe"}, {"hashes": ["c76017b1ec2b90bdc6d3a6fd8e34b8c948dc2c103fe40c5ef690a3ebf14c2cea"], "path": "%HOMEPATH%\\Documents\\denek.exe"}, {"hashes": ["c76017b1ec2b90bdc6d3a6fd8e34b8c948dc2c103fe40c5ef690a3ebf14c2cea"], "path": "%SystemRoot%\\SysWOW64\\svchosts\\QhAiwCLhex3L"}, {"hashes": ["c76017b1ec2b90bdc6d3a6fd8e34b8c948dc2c103fe40c5ef690a3ebf14c2cea"], "path": "%SystemRoot%\\SysWOW64\\svchosts\\QhAiwCLhex3L\\svchosts.exe"}, {"hashes": ["c76017b1ec2b90bdc6d3a6fd8e34b8c948dc2c103fe40c5ef690a3ebf14c2cea"], "path": "%SystemRoot%\\SysWOW64\\svchosts\\QhAiwCLhex3L\\QhAiwCLhex3L"}, {"hashes": ["c76017b1ec2b90bdc6d3a6fd8e34b8c948dc2c103fe40c5ef690a3ebf14c2cea"], "path": "%SystemRoot%\\SysWOW64\\svchosts\\QhAiwCLhex3L\\QhAiwCLhex3L\\svchosts.exe"}, {"hashes": ["d48cd3dc1e4203c1af41580fa1575f4e478a6947b75ac92271c9cb24481dcb40"], "path": "%TEMP%\\-"}, {"hashes": ["f4202295bc667e7b2d086747892bcefc5c5dc65692d769d1b1aa7cf6a112ef41"], "path": "%HOMEPATH%\\Documents\\se.exe"}, {"hashes": ["d4f8550b614995e44044bd2b83f4955bd60b9ec5ff4d7bfc3e0af4e04bbee535"], "path": "%HOMEPATH%\\Documents\\dosya.exe"}, {"hashes": ["d48cd3dc1e4203c1af41580fa1575f4e478a6947b75ac92271c9cb24481dcb40"], "path": "%HOMEPATH%\\Documents\\sadasdasd.exe"}, {"hashes": ["c72000deaafee8b3a26c31808316ecae94e429ff5d5b4334379adb1f91365c5f"], "path": "%HOMEPATH%\\Documents\\ee2.exe"}, {"hashes": ["47f31e2c01e3608564d18be81c165583fec2e775ffbb913ca0bc31e5265fd850"], "path": "%HOMEPATH%\\Documents\\ nfo.docu.exe"}, {"hashes": ["720c7086ec84b14499b6b0803c841c59e56f4b17f566afa633b68c155871f05a"], "path": "%HOMEPATH%\\Documents\\    .exe"}, {"hashes": ["c76017b1ec2b90bdc6d3a6fd8e34b8c948dc2c103fe40c5ef690a3ebf14c2cea"], "path": "%System32%\\svchosts\\svchosts.exe"}], "ip": [{"hashes": ["934936ac5b2cf33bb1cfcf6a750094beb7015119608a454d99ca8324669e9ec7"], "ip": "178[.]54[.]8[.]136"}, {"hashes": ["d48cd3dc1e4203c1af41580fa1575f4e478a6947b75ac92271c9cb24481dcb40"], "ip": "188[.]119[.]1[.]248"}], "mutex": [{"hashes": ["52e6ad0b9fa496b52e9e1365d2208e7c60614ee0b4b231b4159d9218c3607ce6", "720c7086ec84b14499b6b0803c841c59e56f4b17f566afa633b68c155871f05a", "83d6c112004f89884e05919f941ca3a5f3a918f4bde181bed477f659a275e630", "853fe6dcbc1947060a26cfee85e433f0af72157f0e56672671f6f0bb9edb22c0", "8f6cdb7c77903c36b0710a606cc71af7bf28b7bbc6f45e0d9467925c25e41afe", "934936ac5b2cf33bb1cfcf6a750094beb7015119608a454d99ca8324669e9ec7", "c72000deaafee8b3a26c31808316ecae94e429ff5d5b4334379adb1f91365c5f", "c76017b1ec2b90bdc6d3a6fd8e34b8c948dc2c103fe40c5ef690a3ebf14c2cea", "d4f8550b614995e44044bd2b83f4955bd60b9ec5ff4d7bfc3e0af4e04bbee535"], "name": "DC_MUTEX-<random, matching [A-Z0-9]{7}>"}, {"hashes": ["1daf2746645dcab7ea4ec4e75a9ac52c0722522b80c701691a12d2882d739a51", "5e371cd3f7fab8a9e095cfca5d22b01330109d22244cbadd2a4c800963769512", "771d51caabb75872ef9af76b2ba90693404f217a86885c82365b4b0f054db71a", "c4b6a21f07d4f5bafaea1238efcdd6da1783631407e612b2f598727cf69c5980", "f4202295bc667e7b2d086747892bcefc5c5dc65692d769d1b1aa7cf6a112ef41"], "name": "DCMIN_MUTEX-<random, matching [A-Z0-9]{7}>"}, {"hashes": ["52e6ad0b9fa496b52e9e1365d2208e7c60614ee0b4b231b4159d9218c3607ce6", "83d6c112004f89884e05919f941ca3a5f3a918f4bde181bed477f659a275e630", "8f6cdb7c77903c36b0710a606cc71af7bf28b7bbc6f45e0d9467925c25e41afe", "934936ac5b2cf33bb1cfcf6a750094beb7015119608a454d99ca8324669e9ec7"], "name": "DCPERSFWBP"}, {"hashes": ["47f31e2c01e3608564d18be81c165583fec2e775ffbb913ca0bc31e5265fd850"], "name": "Global\\24e4c1a1-6745-11eb-b5f8-00501e3ae7b6"}], "registry": [{"hashes": ["1daf2746645dcab7ea4ec4e75a9ac52c0722522b80c701691a12d2882d739a51", "47f31e2c01e3608564d18be81c165583fec2e775ffbb913ca0bc31e5265fd850", "52e6ad0b9fa496b52e9e1365d2208e7c60614ee0b4b231b4159d9218c3607ce6", "5e371cd3f7fab8a9e095cfca5d22b01330109d22244cbadd2a4c800963769512", "720c7086ec84b14499b6b0803c841c59e56f4b17f566afa633b68c155871f05a", "771d51caabb75872ef9af76b2ba90693404f217a86885c82365b4b0f054db71a", "83d6c112004f89884e05919f941ca3a5f3a918f4bde181bed477f659a275e630", "853fe6dcbc1947060a26cfee85e433f0af72157f0e56672671f6f0bb9edb22c0", "8f6cdb7c77903c36b0710a606cc71af7bf28b7bbc6f45e0d9467925c25e41afe", "934936ac5b2cf33bb1cfcf6a750094beb7015119608a454d99ca8324669e9ec7", "c4b6a21f07d4f5bafaea1238efcdd6da1783631407e612b2f598727cf69c5980", "c72000deaafee8b3a26c31808316ecae94e429ff5d5b4334379adb1f91365c5f", "c76017b1ec2b90bdc6d3a6fd8e34b8c948dc2c103fe40c5ef690a3ebf14c2cea", "d4f8550b614995e44044bd2b83f4955bd60b9ec5ff4d7bfc3e0af4e04bbee535", "f4202295bc667e7b2d086747892bcefc5c5dc65692d769d1b1aa7cf6a112ef41"], "key": "<HKCU>\\SOFTWARE\\DC3_FEXEC", "value_name": null}, {"hashes": ["52e6ad0b9fa496b52e9e1365d2208e7c60614ee0b4b231b4159d9218c3607ce6", "83d6c112004f89884e05919f941ca3a5f3a918f4bde181bed477f659a275e630", "853fe6dcbc1947060a26cfee85e433f0af72157f0e56672671f6f0bb9edb22c0", "8f6cdb7c77903c36b0710a606cc71af7bf28b7bbc6f45e0d9467925c25e41afe", "c72000deaafee8b3a26c31808316ecae94e429ff5d5b4334379adb1f91365c5f", "c76017b1ec2b90bdc6d3a6fd8e34b8c948dc2c103fe40c5ef690a3ebf14c2cea", "d4f8550b614995e44044bd2b83f4955bd60b9ec5ff4d7bfc3e0af4e04bbee535"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "MicroUpdate"}, {"hashes": ["8f6cdb7c77903c36b0710a606cc71af7bf28b7bbc6f45e0d9467925c25e41afe", "c72000deaafee8b3a26c31808316ecae94e429ff5d5b4334379adb1f91365c5f", "c76017b1ec2b90bdc6d3a6fd8e34b8c948dc2c103fe40c5ef690a3ebf14c2cea"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\SYSTEM", "value_name": null}, {"hashes": ["8f6cdb7c77903c36b0710a606cc71af7bf28b7bbc6f45e0d9467925c25e41afe", "c72000deaafee8b3a26c31808316ecae94e429ff5d5b4334379adb1f91365c5f"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\SHAREDACCESS\\PARAMETERS\\FIREWALLPOLICY\\STANDARDPROFILE", "value_name": "EnableFirewall"}, {"hashes": ["8f6cdb7c77903c36b0710a606cc71af7bf28b7bbc6f45e0d9467925c25e41afe", "c72000deaafee8b3a26c31808316ecae94e429ff5d5b4334379adb1f91365c5f"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\SHAREDACCESS\\PARAMETERS\\FIREWALLPOLICY\\STANDARDPROFILE", "value_name": "DisableNotifications"}, {"hashes": ["8f6cdb7c77903c36b0710a606cc71af7bf28b7bbc6f45e0d9467925c25e41afe", "c72000deaafee8b3a26c31808316ecae94e429ff5d5b4334379adb1f91365c5f"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\SYSTEM", "value_name": "EnableLUA"}, {"hashes": ["47f31e2c01e3608564d18be81c165583fec2e775ffbb913ca0bc31e5265fd850"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "winupdater"}, {"hashes": ["d48cd3dc1e4203c1af41580fa1575f4e478a6947b75ac92271c9cb24481dcb40"], "key": "<HKLM>\\SOFTWARE\\CLASSES\\WOW6432NODE\\CLSID\\{248DD896-BB45-11CF-9ABC-0080C7E7B78D}", "value_name": ""}, {"hashes": ["d48cd3dc1e4203c1af41580fa1575f4e478a6947b75ac92271c9cb24481dcb40"], "key": "<HKLM>\\SOFTWARE\\CLASSES\\MSWINSOCK.WINSOCK", "value_name": ""}, {"hashes": ["d48cd3dc1e4203c1af41580fa1575f4e478a6947b75ac92271c9cb24481dcb40"], "key": "<HKLM>\\SOFTWARE\\CLASSES\\MSWINSOCK.WINSOCK\\CLSID", "value_name": ""}, {"hashes": ["d48cd3dc1e4203c1af41580fa1575f4e478a6947b75ac92271c9cb24481dcb40"], "key": "<HKLM>\\SOFTWARE\\CLASSES\\MSWINSOCK.WINSOCK\\CURVER", "value_name": ""}, {"hashes": ["d48cd3dc1e4203c1af41580fa1575f4e478a6947b75ac92271c9cb24481dcb40"], "key": "<HKLM>\\SOFTWARE\\CLASSES\\MSWINSOCK.WINSOCK.1", "value_name": ""}, {"hashes": ["d48cd3dc1e4203c1af41580fa1575f4e478a6947b75ac92271c9cb24481dcb40"], "key": "<HKLM>\\SOFTWARE\\CLASSES\\MSWINSOCK.WINSOCK.1\\CLSID", "value_name": ""}, {"hashes": ["d48cd3dc1e4203c1af41580fa1575f4e478a6947b75ac92271c9cb24481dcb40"], "key": "<HKLM>\\SOFTWARE\\CLASSES\\WOW6432NODE\\CLSID\\{248DD896-BB45-11CF-9ABC-0080C7E7B78D}\\TYPELIB", "value_name": ""}, {"hashes": ["d48cd3dc1e4203c1af41580fa1575f4e478a6947b75ac92271c9cb24481dcb40"], "key": "<HKLM>\\SOFTWARE\\CLASSES\\WOW6432NODE\\CLSID\\{248DD896-BB45-11CF-9ABC-0080C7E7B78D}\\INPROCSERVER32", "value_name": ""}, {"hashes": ["d48cd3dc1e4203c1af41580fa1575f4e478a6947b75ac92271c9cb24481dcb40"], "key": "<HKLM>\\SOFTWARE\\CLASSES\\WOW6432NODE\\CLSID\\{248DD897-BB45-11CF-9ABC-0080C7E7B78D}\\INPROCSERVER32", "value_name": ""}, {"hashes": ["c76017b1ec2b90bdc6d3a6fd8e34b8c948dc2c103fe40c5ef690a3ebf14c2cea"], "key": "<HKCU>\\SOFTWARE\\DC3_FEXEC", "value_name": "2/4/2021 at 5:59:57 PM"}, {"hashes": ["c76017b1ec2b90bdc6d3a6fd8e34b8c948dc2c103fe40c5ef690a3ebf14c2cea"], "key": "<HKCU>\\SOFTWARE\\DC3_FEXEC", "value_name": "2/4/2021 at 6:00:04 PM"}, {"hashes": ["c76017b1ec2b90bdc6d3a6fd8e34b8c948dc2c103fe40c5ef690a3ebf14c2cea"], "key": "<HKCU>\\SOFTWARE\\DC3_FEXEC", "value_name": "2/4/2021 at 6:00:11 PM"}, {"hashes": ["c76017b1ec2b90bdc6d3a6fd8e34b8c948dc2c103fe40c5ef690a3ebf14c2cea"], "key": "<HKCU>\\SOFTWARE\\DC3_FEXEC", "value_name": "2/4/2021 at 6:00:19 PM"}, {"hashes": ["c76017b1ec2b90bdc6d3a6fd8e34b8c948dc2c103fe40c5ef690a3ebf14c2cea"], "key": "<HKCU>\\SOFTWARE\\DC3_FEXEC", "value_name": "2/4/2021 at 6:00:26 PM"}, {"hashes": ["c76017b1ec2b90bdc6d3a6fd8e34b8c948dc2c103fe40c5ef690a3ebf14c2cea"], "key": "<HKCU>\\SOFTWARE\\DC3_FEXEC", "value_name": "2/4/2021 at 6:00:34 PM"}, {"hashes": ["c76017b1ec2b90bdc6d3a6fd8e34b8c948dc2c103fe40c5ef690a3ebf14c2cea"], "key": "<HKCU>\\SOFTWARE\\DC3_FEXEC", "value_name": "2/4/2021 at 5:58:55 PM"}, {"hashes": ["c76017b1ec2b90bdc6d3a6fd8e34b8c948dc2c103fe40c5ef690a3ebf14c2cea"], "key": "<HKCU>\\SOFTWARE\\DC3_FEXEC", "value_name": "2/4/2021 at 5:59:01 PM"}, {"hashes": ["c76017b1ec2b90bdc6d3a6fd8e34b8c948dc2c103fe40c5ef690a3ebf14c2cea"], "key": "<HKCU>\\SOFTWARE\\DC3_FEXEC", "value_name": "2/4/2021 at 5:59:08 PM"}, {"hashes": ["c76017b1ec2b90bdc6d3a6fd8e34b8c948dc2c103fe40c5ef690a3ebf14c2cea"], "key": "<HKCU>\\SOFTWARE\\DC3_FEXEC", "value_name": "2/4/2021 at 5:59:14 PM"}, {"hashes": ["c76017b1ec2b90bdc6d3a6fd8e34b8c948dc2c103fe40c5ef690a3ebf14c2cea"], "key": "<HKCU>\\SOFTWARE\\DC3_FEXEC", "value_name": "2/4/2021 at 5:59:21 PM"}, {"hashes": ["c76017b1ec2b90bdc6d3a6fd8e34b8c948dc2c103fe40c5ef690a3ebf14c2cea"], "key": "<HKCU>\\SOFTWARE\\DC3_FEXEC", "value_name": "2/4/2021 at 5:59:29 PM"}, {"hashes": ["c76017b1ec2b90bdc6d3a6fd8e34b8c948dc2c103fe40c5ef690a3ebf14c2cea"], "key": "<HKCU>\\SOFTWARE\\DC3_FEXEC", "value_name": "2/4/2021 at 5:59:36 PM"}, {"hashes": ["c76017b1ec2b90bdc6d3a6fd8e34b8c948dc2c103fe40c5ef690a3ebf14c2cea"], "key": "<HKCU>\\SOFTWARE\\DC3_FEXEC", "value_name": "2/4/2021 at 5:59:43 PM"}, {"hashes": ["c76017b1ec2b90bdc6d3a6fd8e34b8c948dc2c103fe40c5ef690a3ebf14c2cea"], "key": "<HKCU>\\SOFTWARE\\DC3_FEXEC", "value_name": "2/4/2021 at 5:59:50 PM"}, {"hashes": ["d48cd3dc1e4203c1af41580fa1575f4e478a6947b75ac92271c9cb24481dcb40"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "Google Update"}, {"hashes": ["d48cd3dc1e4203c1af41580fa1575f4e478a6947b75ac92271c9cb24481dcb40"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "Google Update"}]}, "reports_count": 17}, "Win.Dropper.Emotet-9829584-0": {"bis": [{"bi": "pe-encrypted-section", "hashes": ["72701410ad09a499df8de99e8df448b1b7259970948b5752419720fc834e937f", "084801c4cf563b73356ce3cf7cecf363e14aa6b826799d45793b8b4d55f7077a", "560feb54dc61956c26405f1bc0ead724fe7dbcfe310b0af41ac67edcbe3cdb18", "7350074560e1a7f5b28694d3fde012cc29f4e95f8c70e8007ff91fd9f57c4565", "0a4bb6ea70ba3ba6c5fd41e585678163fe523ff82ef6b4b4d136e65d2e21727f", "1d46cfee2462b31e7bbfad58ea780e09a38e700310ec1cf74bf9355c37103854", "1629684677833e5b481244822e2196212fa296254342678cbf7d130d9c587b8d", "5e8690ffefbe44825b5678a7470c0398edec57630635ca6837d379a8361b2bd0", "826abb7232a1ea3ec121831fc37a04ae3df4ee28d30a1929c50b6ec11f528873", "0d078ce4887d839c76f270e301e9dad954c29c615bf6c81db560065e1e255d1f", "b515735c1032b896286b805b3f0a56ad83d66714c015e512c30e000a2d03ffd3", "974a678308a419d031feca47605d313edd0c3a65e1a20b192c7584e254a00413", "d614aba134270161b882603d24630901d9010c26a3169a0f644dc19fdf859d53", "b5e685df126b92a14c8ee400db179d4dfe468ca44acf70cafadcbd9cf9e28dd6", "c9724cec421f9ab131d9a8fa0f82b8d471379a99ea9db4dbe860e4314fd42633", "7f225129cab2e7bc786467e7df6cd8d957d659b120edce47c4e7c7a271665a8d", "3811c126dcbe238b1bef70d4856cc827b481ef17d95d25f0a106b153c8d5c99a", "0f960b14d165e669049b66067eb8a80e6a871accd242e573be6ad59a6e302dfb", "cc77bb3d28fc526988de902222025de6e746a02c95954e82171840d0f301a5c1", "1d2aa6789f146f3b4ec09ab98b1914b0f1e143ea0af2eea753eb6f90388ec17e", "76f32c8ece5ec2367e13be3a0c88ec139af61fe10e3f5184da613eac66e41f64", "c22554afd41c5a8dd43f7fa33274fb2ee104d5078097f5872cfe5936162a229c", "dbd4d22f6e11333643bc0d8983992398098a202b83c2dbef6dcb6ff9b58428d8", "583fa234b4d127b9ca8f1997b331a5b36baa7b96c16fe8a968c7f8bea0ea98b6", "fe8298562bb1062f2cef62980b01159b71308ca03c923ca241c483f01ec83efa", "90345fe3aae82209d6a2a556ef7b0dfc9791134c63893427e177dfd180895af5", "5659a2e8e8e255fbd20dd07045407731b8a6ef8a21bb90e9eedd5aa026d4c809", "3bd11c28decda8215865a98c9dd247c6717abbfe959b3bbc9739424dc730feaf", "b33a6728ab55f1324989be01753ea744c386a12b2d7ed02ca355c402ef2cf78a", "5c812dc477901cc1d99de009c9a0f19e176a3743066b0c102e12a11df3161ce3", "242a2851aeea677baafa89354920d434016f9b1de6674afffb756882b9157b2a", "b0f574cfb2e337d638fd567e006886ecfc01de0ee7d0ab03d4c3bebd558ef125", "e7e4143c50c7ae57b48262a9a335d64323ec44dc072db95896abfe938826a065", "d005af54d6d3ee4419be7f97b04f24ccf8e662506b305f28de72975ce8d90d62", "a1d4d68ef9b035a9aab2961d143853ee42ea4f6beebc38cab7c011e872f3e327", "eac68d2e4845bf57515d95d78c3f275f93358ea0b9f56794a4e15c7f19b3c060", "dc0e76d60c0f1f9d49ae74e4e9fc1dd9666942a095f7a3e4b13d4bb7de4efacd", "93c58cd40261a3015bda9dfb65af5ad115e553ac8ebd76e287d5078ea06602de", "8bd4635d80e960c5178c5b57bb65ac9bfce5799efe0567208b7856ebd07b9e7a", "25911a0992f247379adcf16ec16f4439efdaf9963ddf0e5fa482324f8ba28cc6", "b150069c817d9ebccd37871c0e950f4de4fbf57de7fd2fce7e8d7bad79e1ef28", "094767acb2708b323a03f42ea6b358ee1c1bd030505b92f3e6e1db08efb4bc9d"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "memory-execute-readwrite", "hashes": ["72701410ad09a499df8de99e8df448b1b7259970948b5752419720fc834e937f", "084801c4cf563b73356ce3cf7cecf363e14aa6b826799d45793b8b4d55f7077a", "560feb54dc61956c26405f1bc0ead724fe7dbcfe310b0af41ac67edcbe3cdb18", "7350074560e1a7f5b28694d3fde012cc29f4e95f8c70e8007ff91fd9f57c4565", "0a4bb6ea70ba3ba6c5fd41e585678163fe523ff82ef6b4b4d136e65d2e21727f", "1d46cfee2462b31e7bbfad58ea780e09a38e700310ec1cf74bf9355c37103854", "1629684677833e5b481244822e2196212fa296254342678cbf7d130d9c587b8d", "5e8690ffefbe44825b5678a7470c0398edec57630635ca6837d379a8361b2bd0", "826abb7232a1ea3ec121831fc37a04ae3df4ee28d30a1929c50b6ec11f528873", "0d078ce4887d839c76f270e301e9dad954c29c615bf6c81db560065e1e255d1f", "b515735c1032b896286b805b3f0a56ad83d66714c015e512c30e000a2d03ffd3", "974a678308a419d031feca47605d313edd0c3a65e1a20b192c7584e254a00413", "d614aba134270161b882603d24630901d9010c26a3169a0f644dc19fdf859d53", "b5e685df126b92a14c8ee400db179d4dfe468ca44acf70cafadcbd9cf9e28dd6", "c9724cec421f9ab131d9a8fa0f82b8d471379a99ea9db4dbe860e4314fd42633", "7f225129cab2e7bc786467e7df6cd8d957d659b120edce47c4e7c7a271665a8d", "3811c126dcbe238b1bef70d4856cc827b481ef17d95d25f0a106b153c8d5c99a", "0f960b14d165e669049b66067eb8a80e6a871accd242e573be6ad59a6e302dfb", "cc77bb3d28fc526988de902222025de6e746a02c95954e82171840d0f301a5c1", "1d2aa6789f146f3b4ec09ab98b1914b0f1e143ea0af2eea753eb6f90388ec17e", "76f32c8ece5ec2367e13be3a0c88ec139af61fe10e3f5184da613eac66e41f64", "c22554afd41c5a8dd43f7fa33274fb2ee104d5078097f5872cfe5936162a229c", "dbd4d22f6e11333643bc0d8983992398098a202b83c2dbef6dcb6ff9b58428d8", "583fa234b4d127b9ca8f1997b331a5b36baa7b96c16fe8a968c7f8bea0ea98b6", "fe8298562bb1062f2cef62980b01159b71308ca03c923ca241c483f01ec83efa", "90345fe3aae82209d6a2a556ef7b0dfc9791134c63893427e177dfd180895af5", "5659a2e8e8e255fbd20dd07045407731b8a6ef8a21bb90e9eedd5aa026d4c809", "3bd11c28decda8215865a98c9dd247c6717abbfe959b3bbc9739424dc730feaf", "b33a6728ab55f1324989be01753ea744c386a12b2d7ed02ca355c402ef2cf78a", "5c812dc477901cc1d99de009c9a0f19e176a3743066b0c102e12a11df3161ce3", "242a2851aeea677baafa89354920d434016f9b1de6674afffb756882b9157b2a", "b0f574cfb2e337d638fd567e006886ecfc01de0ee7d0ab03d4c3bebd558ef125", "e7e4143c50c7ae57b48262a9a335d64323ec44dc072db95896abfe938826a065", "d005af54d6d3ee4419be7f97b04f24ccf8e662506b305f28de72975ce8d90d62", "a1d4d68ef9b035a9aab2961d143853ee42ea4f6beebc38cab7c011e872f3e327", "eac68d2e4845bf57515d95d78c3f275f93358ea0b9f56794a4e15c7f19b3c060", "dc0e76d60c0f1f9d49ae74e4e9fc1dd9666942a095f7a3e4b13d4bb7de4efacd", "93c58cd40261a3015bda9dfb65af5ad115e553ac8ebd76e287d5078ea06602de", "8bd4635d80e960c5178c5b57bb65ac9bfce5799efe0567208b7856ebd07b9e7a", "25911a0992f247379adcf16ec16f4439efdaf9963ddf0e5fa482324f8ba28cc6", "b150069c817d9ebccd37871c0e950f4de4fbf57de7fd2fce7e8d7bad79e1ef28", "094767acb2708b323a03f42ea6b358ee1c1bd030505b92f3e6e1db08efb4bc9d"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "cta-static-analyzer-malicious", "hashes": ["72701410ad09a499df8de99e8df448b1b7259970948b5752419720fc834e937f", "084801c4cf563b73356ce3cf7cecf363e14aa6b826799d45793b8b4d55f7077a", "560feb54dc61956c26405f1bc0ead724fe7dbcfe310b0af41ac67edcbe3cdb18", "7350074560e1a7f5b28694d3fde012cc29f4e95f8c70e8007ff91fd9f57c4565", "0a4bb6ea70ba3ba6c5fd41e585678163fe523ff82ef6b4b4d136e65d2e21727f", "1d46cfee2462b31e7bbfad58ea780e09a38e700310ec1cf74bf9355c37103854", "1629684677833e5b481244822e2196212fa296254342678cbf7d130d9c587b8d", "5e8690ffefbe44825b5678a7470c0398edec57630635ca6837d379a8361b2bd0", "826abb7232a1ea3ec121831fc37a04ae3df4ee28d30a1929c50b6ec11f528873", "0d078ce4887d839c76f270e301e9dad954c29c615bf6c81db560065e1e255d1f", "b515735c1032b896286b805b3f0a56ad83d66714c015e512c30e000a2d03ffd3", "974a678308a419d031feca47605d313edd0c3a65e1a20b192c7584e254a00413", "d614aba134270161b882603d24630901d9010c26a3169a0f644dc19fdf859d53", "b5e685df126b92a14c8ee400db179d4dfe468ca44acf70cafadcbd9cf9e28dd6", "c9724cec421f9ab131d9a8fa0f82b8d471379a99ea9db4dbe860e4314fd42633", "7f225129cab2e7bc786467e7df6cd8d957d659b120edce47c4e7c7a271665a8d", "3811c126dcbe238b1bef70d4856cc827b481ef17d95d25f0a106b153c8d5c99a", "0f960b14d165e669049b66067eb8a80e6a871accd242e573be6ad59a6e302dfb", "cc77bb3d28fc526988de902222025de6e746a02c95954e82171840d0f301a5c1", "1d2aa6789f146f3b4ec09ab98b1914b0f1e143ea0af2eea753eb6f90388ec17e", "76f32c8ece5ec2367e13be3a0c88ec139af61fe10e3f5184da613eac66e41f64", "c22554afd41c5a8dd43f7fa33274fb2ee104d5078097f5872cfe5936162a229c", "dbd4d22f6e11333643bc0d8983992398098a202b83c2dbef6dcb6ff9b58428d8", "583fa234b4d127b9ca8f1997b331a5b36baa7b96c16fe8a968c7f8bea0ea98b6", "fe8298562bb1062f2cef62980b01159b71308ca03c923ca241c483f01ec83efa", "90345fe3aae82209d6a2a556ef7b0dfc9791134c63893427e177dfd180895af5", "5659a2e8e8e255fbd20dd07045407731b8a6ef8a21bb90e9eedd5aa026d4c809", "3bd11c28decda8215865a98c9dd247c6717abbfe959b3bbc9739424dc730feaf", "b33a6728ab55f1324989be01753ea744c386a12b2d7ed02ca355c402ef2cf78a", "5c812dc477901cc1d99de009c9a0f19e176a3743066b0c102e12a11df3161ce3", "242a2851aeea677baafa89354920d434016f9b1de6674afffb756882b9157b2a", "b0f574cfb2e337d638fd567e006886ecfc01de0ee7d0ab03d4c3bebd558ef125", "e7e4143c50c7ae57b48262a9a335d64323ec44dc072db95896abfe938826a065", "d005af54d6d3ee4419be7f97b04f24ccf8e662506b305f28de72975ce8d90d62", "a1d4d68ef9b035a9aab2961d143853ee42ea4f6beebc38cab7c011e872f3e327", "eac68d2e4845bf57515d95d78c3f275f93358ea0b9f56794a4e15c7f19b3c060", "dc0e76d60c0f1f9d49ae74e4e9fc1dd9666942a095f7a3e4b13d4bb7de4efacd", "93c58cd40261a3015bda9dfb65af5ad115e553ac8ebd76e287d5078ea06602de", "8bd4635d80e960c5178c5b57bb65ac9bfce5799efe0567208b7856ebd07b9e7a", "25911a0992f247379adcf16ec16f4439efdaf9963ddf0e5fa482324f8ba28cc6", "b150069c817d9ebccd37871c0e950f4de4fbf57de7fd2fce7e8d7bad79e1ef28", "094767acb2708b323a03f42ea6b358ee1c1bd030505b92f3e6e1db08efb4bc9d"], "mitre_attack_tags": []}, {"bi": "network-snort-policy", "hashes": ["72701410ad09a499df8de99e8df448b1b7259970948b5752419720fc834e937f", "084801c4cf563b73356ce3cf7cecf363e14aa6b826799d45793b8b4d55f7077a", "560feb54dc61956c26405f1bc0ead724fe7dbcfe310b0af41ac67edcbe3cdb18", "7350074560e1a7f5b28694d3fde012cc29f4e95f8c70e8007ff91fd9f57c4565", "0a4bb6ea70ba3ba6c5fd41e585678163fe523ff82ef6b4b4d136e65d2e21727f", "1d46cfee2462b31e7bbfad58ea780e09a38e700310ec1cf74bf9355c37103854", "1629684677833e5b481244822e2196212fa296254342678cbf7d130d9c587b8d", "5e8690ffefbe44825b5678a7470c0398edec57630635ca6837d379a8361b2bd0", "826abb7232a1ea3ec121831fc37a04ae3df4ee28d30a1929c50b6ec11f528873", "0d078ce4887d839c76f270e301e9dad954c29c615bf6c81db560065e1e255d1f", "b515735c1032b896286b805b3f0a56ad83d66714c015e512c30e000a2d03ffd3", "974a678308a419d031feca47605d313edd0c3a65e1a20b192c7584e254a00413", "d614aba134270161b882603d24630901d9010c26a3169a0f644dc19fdf859d53", "b5e685df126b92a14c8ee400db179d4dfe468ca44acf70cafadcbd9cf9e28dd6", "c9724cec421f9ab131d9a8fa0f82b8d471379a99ea9db4dbe860e4314fd42633", "7f225129cab2e7bc786467e7df6cd8d957d659b120edce47c4e7c7a271665a8d", "3811c126dcbe238b1bef70d4856cc827b481ef17d95d25f0a106b153c8d5c99a", "0f960b14d165e669049b66067eb8a80e6a871accd242e573be6ad59a6e302dfb", "cc77bb3d28fc526988de902222025de6e746a02c95954e82171840d0f301a5c1", "1d2aa6789f146f3b4ec09ab98b1914b0f1e143ea0af2eea753eb6f90388ec17e", "76f32c8ece5ec2367e13be3a0c88ec139af61fe10e3f5184da613eac66e41f64", "c22554afd41c5a8dd43f7fa33274fb2ee104d5078097f5872cfe5936162a229c", "dbd4d22f6e11333643bc0d8983992398098a202b83c2dbef6dcb6ff9b58428d8", "583fa234b4d127b9ca8f1997b331a5b36baa7b96c16fe8a968c7f8bea0ea98b6", "fe8298562bb1062f2cef62980b01159b71308ca03c923ca241c483f01ec83efa", "90345fe3aae82209d6a2a556ef7b0dfc9791134c63893427e177dfd180895af5", "5659a2e8e8e255fbd20dd07045407731b8a6ef8a21bb90e9eedd5aa026d4c809", "3bd11c28decda8215865a98c9dd247c6717abbfe959b3bbc9739424dc730feaf", "b33a6728ab55f1324989be01753ea744c386a12b2d7ed02ca355c402ef2cf78a", "5c812dc477901cc1d99de009c9a0f19e176a3743066b0c102e12a11df3161ce3", "242a2851aeea677baafa89354920d434016f9b1de6674afffb756882b9157b2a", "b0f574cfb2e337d638fd567e006886ecfc01de0ee7d0ab03d4c3bebd558ef125", "e7e4143c50c7ae57b48262a9a335d64323ec44dc072db95896abfe938826a065", "d005af54d6d3ee4419be7f97b04f24ccf8e662506b305f28de72975ce8d90d62", "a1d4d68ef9b035a9aab2961d143853ee42ea4f6beebc38cab7c011e872f3e327", "eac68d2e4845bf57515d95d78c3f275f93358ea0b9f56794a4e15c7f19b3c060", "dc0e76d60c0f1f9d49ae74e4e9fc1dd9666942a095f7a3e4b13d4bb7de4efacd", "93c58cd40261a3015bda9dfb65af5ad115e553ac8ebd76e287d5078ea06602de", "8bd4635d80e960c5178c5b57bb65ac9bfce5799efe0567208b7856ebd07b9e7a", "25911a0992f247379adcf16ec16f4439efdaf9963ddf0e5fa482324f8ba28cc6", "b150069c817d9ebccd37871c0e950f4de4fbf57de7fd2fce7e8d7bad79e1ef28", "094767acb2708b323a03f42ea6b358ee1c1bd030505b92f3e6e1db08efb4bc9d"], "mitre_attack_tags": []}, {"bi": "nginx-webserver-detected", "hashes": ["72701410ad09a499df8de99e8df448b1b7259970948b5752419720fc834e937f", "084801c4cf563b73356ce3cf7cecf363e14aa6b826799d45793b8b4d55f7077a", "560feb54dc61956c26405f1bc0ead724fe7dbcfe310b0af41ac67edcbe3cdb18", "7350074560e1a7f5b28694d3fde012cc29f4e95f8c70e8007ff91fd9f57c4565", "0a4bb6ea70ba3ba6c5fd41e585678163fe523ff82ef6b4b4d136e65d2e21727f", "1d46cfee2462b31e7bbfad58ea780e09a38e700310ec1cf74bf9355c37103854", "1629684677833e5b481244822e2196212fa296254342678cbf7d130d9c587b8d", "5e8690ffefbe44825b5678a7470c0398edec57630635ca6837d379a8361b2bd0", "826abb7232a1ea3ec121831fc37a04ae3df4ee28d30a1929c50b6ec11f528873", "0d078ce4887d839c76f270e301e9dad954c29c615bf6c81db560065e1e255d1f", "b515735c1032b896286b805b3f0a56ad83d66714c015e512c30e000a2d03ffd3", "974a678308a419d031feca47605d313edd0c3a65e1a20b192c7584e254a00413", "d614aba134270161b882603d24630901d9010c26a3169a0f644dc19fdf859d53", "b5e685df126b92a14c8ee400db179d4dfe468ca44acf70cafadcbd9cf9e28dd6", "c9724cec421f9ab131d9a8fa0f82b8d471379a99ea9db4dbe860e4314fd42633", "7f225129cab2e7bc786467e7df6cd8d957d659b120edce47c4e7c7a271665a8d", "3811c126dcbe238b1bef70d4856cc827b481ef17d95d25f0a106b153c8d5c99a", "0f960b14d165e669049b66067eb8a80e6a871accd242e573be6ad59a6e302dfb", "cc77bb3d28fc526988de902222025de6e746a02c95954e82171840d0f301a5c1", "1d2aa6789f146f3b4ec09ab98b1914b0f1e143ea0af2eea753eb6f90388ec17e", "76f32c8ece5ec2367e13be3a0c88ec139af61fe10e3f5184da613eac66e41f64", "c22554afd41c5a8dd43f7fa33274fb2ee104d5078097f5872cfe5936162a229c", "dbd4d22f6e11333643bc0d8983992398098a202b83c2dbef6dcb6ff9b58428d8", "583fa234b4d127b9ca8f1997b331a5b36baa7b96c16fe8a968c7f8bea0ea98b6", "fe8298562bb1062f2cef62980b01159b71308ca03c923ca241c483f01ec83efa", "90345fe3aae82209d6a2a556ef7b0dfc9791134c63893427e177dfd180895af5", "5659a2e8e8e255fbd20dd07045407731b8a6ef8a21bb90e9eedd5aa026d4c809", "3bd11c28decda8215865a98c9dd247c6717abbfe959b3bbc9739424dc730feaf", "b33a6728ab55f1324989be01753ea744c386a12b2d7ed02ca355c402ef2cf78a", "5c812dc477901cc1d99de009c9a0f19e176a3743066b0c102e12a11df3161ce3", "242a2851aeea677baafa89354920d434016f9b1de6674afffb756882b9157b2a", "b0f574cfb2e337d638fd567e006886ecfc01de0ee7d0ab03d4c3bebd558ef125", "e7e4143c50c7ae57b48262a9a335d64323ec44dc072db95896abfe938826a065", "d005af54d6d3ee4419be7f97b04f24ccf8e662506b305f28de72975ce8d90d62", "a1d4d68ef9b035a9aab2961d143853ee42ea4f6beebc38cab7c011e872f3e327", "eac68d2e4845bf57515d95d78c3f275f93358ea0b9f56794a4e15c7f19b3c060", "dc0e76d60c0f1f9d49ae74e4e9fc1dd9666942a095f7a3e4b13d4bb7de4efacd", "93c58cd40261a3015bda9dfb65af5ad115e553ac8ebd76e287d5078ea06602de", "8bd4635d80e960c5178c5b57bb65ac9bfce5799efe0567208b7856ebd07b9e7a", "25911a0992f247379adcf16ec16f4439efdaf9963ddf0e5fa482324f8ba28cc6", "b150069c817d9ebccd37871c0e950f4de4fbf57de7fd2fce7e8d7bad79e1ef28", "094767acb2708b323a03f42ea6b358ee1c1bd030505b92f3e6e1db08efb4bc9d"], "mitre_attack_tags": []}, {"bi": "network-http-numeric-ip", "hashes": ["72701410ad09a499df8de99e8df448b1b7259970948b5752419720fc834e937f", "084801c4cf563b73356ce3cf7cecf363e14aa6b826799d45793b8b4d55f7077a", "560feb54dc61956c26405f1bc0ead724fe7dbcfe310b0af41ac67edcbe3cdb18", "7350074560e1a7f5b28694d3fde012cc29f4e95f8c70e8007ff91fd9f57c4565", "0a4bb6ea70ba3ba6c5fd41e585678163fe523ff82ef6b4b4d136e65d2e21727f", "1d46cfee2462b31e7bbfad58ea780e09a38e700310ec1cf74bf9355c37103854", "1629684677833e5b481244822e2196212fa296254342678cbf7d130d9c587b8d", "5e8690ffefbe44825b5678a7470c0398edec57630635ca6837d379a8361b2bd0", "826abb7232a1ea3ec121831fc37a04ae3df4ee28d30a1929c50b6ec11f528873", "0d078ce4887d839c76f270e301e9dad954c29c615bf6c81db560065e1e255d1f", "b515735c1032b896286b805b3f0a56ad83d66714c015e512c30e000a2d03ffd3", "974a678308a419d031feca47605d313edd0c3a65e1a20b192c7584e254a00413", "d614aba134270161b882603d24630901d9010c26a3169a0f644dc19fdf859d53", "b5e685df126b92a14c8ee400db179d4dfe468ca44acf70cafadcbd9cf9e28dd6", "c9724cec421f9ab131d9a8fa0f82b8d471379a99ea9db4dbe860e4314fd42633", "7f225129cab2e7bc786467e7df6cd8d957d659b120edce47c4e7c7a271665a8d", "3811c126dcbe238b1bef70d4856cc827b481ef17d95d25f0a106b153c8d5c99a", "0f960b14d165e669049b66067eb8a80e6a871accd242e573be6ad59a6e302dfb", "cc77bb3d28fc526988de902222025de6e746a02c95954e82171840d0f301a5c1", "1d2aa6789f146f3b4ec09ab98b1914b0f1e143ea0af2eea753eb6f90388ec17e", "76f32c8ece5ec2367e13be3a0c88ec139af61fe10e3f5184da613eac66e41f64", "c22554afd41c5a8dd43f7fa33274fb2ee104d5078097f5872cfe5936162a229c", "dbd4d22f6e11333643bc0d8983992398098a202b83c2dbef6dcb6ff9b58428d8", "583fa234b4d127b9ca8f1997b331a5b36baa7b96c16fe8a968c7f8bea0ea98b6", "fe8298562bb1062f2cef62980b01159b71308ca03c923ca241c483f01ec83efa", "90345fe3aae82209d6a2a556ef7b0dfc9791134c63893427e177dfd180895af5", "5659a2e8e8e255fbd20dd07045407731b8a6ef8a21bb90e9eedd5aa026d4c809", "3bd11c28decda8215865a98c9dd247c6717abbfe959b3bbc9739424dc730feaf", "b33a6728ab55f1324989be01753ea744c386a12b2d7ed02ca355c402ef2cf78a", "5c812dc477901cc1d99de009c9a0f19e176a3743066b0c102e12a11df3161ce3", "242a2851aeea677baafa89354920d434016f9b1de6674afffb756882b9157b2a", "b0f574cfb2e337d638fd567e006886ecfc01de0ee7d0ab03d4c3bebd558ef125", "e7e4143c50c7ae57b48262a9a335d64323ec44dc072db95896abfe938826a065", "d005af54d6d3ee4419be7f97b04f24ccf8e662506b305f28de72975ce8d90d62", "a1d4d68ef9b035a9aab2961d143853ee42ea4f6beebc38cab7c011e872f3e327", "eac68d2e4845bf57515d95d78c3f275f93358ea0b9f56794a4e15c7f19b3c060", "dc0e76d60c0f1f9d49ae74e4e9fc1dd9666942a095f7a3e4b13d4bb7de4efacd", "93c58cd40261a3015bda9dfb65af5ad115e553ac8ebd76e287d5078ea06602de", "8bd4635d80e960c5178c5b57bb65ac9bfce5799efe0567208b7856ebd07b9e7a", "25911a0992f247379adcf16ec16f4439efdaf9963ddf0e5fa482324f8ba28cc6", "b150069c817d9ebccd37871c0e950f4de4fbf57de7fd2fce7e8d7bad79e1ef28", "094767acb2708b323a03f42ea6b358ee1c1bd030505b92f3e6e1db08efb4bc9d"], "mitre_attack_tags": ["TA0011", "T1071"]}, {"bi": "network-communications-http-post", "hashes": ["72701410ad09a499df8de99e8df448b1b7259970948b5752419720fc834e937f", "084801c4cf563b73356ce3cf7cecf363e14aa6b826799d45793b8b4d55f7077a", "560feb54dc61956c26405f1bc0ead724fe7dbcfe310b0af41ac67edcbe3cdb18", "7350074560e1a7f5b28694d3fde012cc29f4e95f8c70e8007ff91fd9f57c4565", "0a4bb6ea70ba3ba6c5fd41e585678163fe523ff82ef6b4b4d136e65d2e21727f", "1d46cfee2462b31e7bbfad58ea780e09a38e700310ec1cf74bf9355c37103854", "1629684677833e5b481244822e2196212fa296254342678cbf7d130d9c587b8d", "5e8690ffefbe44825b5678a7470c0398edec57630635ca6837d379a8361b2bd0", "826abb7232a1ea3ec121831fc37a04ae3df4ee28d30a1929c50b6ec11f528873", "0d078ce4887d839c76f270e301e9dad954c29c615bf6c81db560065e1e255d1f", "b515735c1032b896286b805b3f0a56ad83d66714c015e512c30e000a2d03ffd3", "974a678308a419d031feca47605d313edd0c3a65e1a20b192c7584e254a00413", "d614aba134270161b882603d24630901d9010c26a3169a0f644dc19fdf859d53", "b5e685df126b92a14c8ee400db179d4dfe468ca44acf70cafadcbd9cf9e28dd6", "c9724cec421f9ab131d9a8fa0f82b8d471379a99ea9db4dbe860e4314fd42633", "7f225129cab2e7bc786467e7df6cd8d957d659b120edce47c4e7c7a271665a8d", "3811c126dcbe238b1bef70d4856cc827b481ef17d95d25f0a106b153c8d5c99a", "0f960b14d165e669049b66067eb8a80e6a871accd242e573be6ad59a6e302dfb", "cc77bb3d28fc526988de902222025de6e746a02c95954e82171840d0f301a5c1", "1d2aa6789f146f3b4ec09ab98b1914b0f1e143ea0af2eea753eb6f90388ec17e", "76f32c8ece5ec2367e13be3a0c88ec139af61fe10e3f5184da613eac66e41f64", "c22554afd41c5a8dd43f7fa33274fb2ee104d5078097f5872cfe5936162a229c", "dbd4d22f6e11333643bc0d8983992398098a202b83c2dbef6dcb6ff9b58428d8", "583fa234b4d127b9ca8f1997b331a5b36baa7b96c16fe8a968c7f8bea0ea98b6", "fe8298562bb1062f2cef62980b01159b71308ca03c923ca241c483f01ec83efa", "90345fe3aae82209d6a2a556ef7b0dfc9791134c63893427e177dfd180895af5", "5659a2e8e8e255fbd20dd07045407731b8a6ef8a21bb90e9eedd5aa026d4c809", "3bd11c28decda8215865a98c9dd247c6717abbfe959b3bbc9739424dc730feaf", "b33a6728ab55f1324989be01753ea744c386a12b2d7ed02ca355c402ef2cf78a", "5c812dc477901cc1d99de009c9a0f19e176a3743066b0c102e12a11df3161ce3", "242a2851aeea677baafa89354920d434016f9b1de6674afffb756882b9157b2a", "b0f574cfb2e337d638fd567e006886ecfc01de0ee7d0ab03d4c3bebd558ef125", "e7e4143c50c7ae57b48262a9a335d64323ec44dc072db95896abfe938826a065", "d005af54d6d3ee4419be7f97b04f24ccf8e662506b305f28de72975ce8d90d62", "a1d4d68ef9b035a9aab2961d143853ee42ea4f6beebc38cab7c011e872f3e327", "eac68d2e4845bf57515d95d78c3f275f93358ea0b9f56794a4e15c7f19b3c060", "dc0e76d60c0f1f9d49ae74e4e9fc1dd9666942a095f7a3e4b13d4bb7de4efacd", "93c58cd40261a3015bda9dfb65af5ad115e553ac8ebd76e287d5078ea06602de", "8bd4635d80e960c5178c5b57bb65ac9bfce5799efe0567208b7856ebd07b9e7a", "25911a0992f247379adcf16ec16f4439efdaf9963ddf0e5fa482324f8ba28cc6", "b150069c817d9ebccd37871c0e950f4de4fbf57de7fd2fce7e8d7bad79e1ef28", "094767acb2708b323a03f42ea6b358ee1c1bd030505b92f3e6e1db08efb4bc9d"], "mitre_attack_tags": ["TA0010", "T1048"]}, {"bi": "hook-installed", "hashes": ["72701410ad09a499df8de99e8df448b1b7259970948b5752419720fc834e937f", "084801c4cf563b73356ce3cf7cecf363e14aa6b826799d45793b8b4d55f7077a", "560feb54dc61956c26405f1bc0ead724fe7dbcfe310b0af41ac67edcbe3cdb18", "7350074560e1a7f5b28694d3fde012cc29f4e95f8c70e8007ff91fd9f57c4565", "0a4bb6ea70ba3ba6c5fd41e585678163fe523ff82ef6b4b4d136e65d2e21727f", "1d46cfee2462b31e7bbfad58ea780e09a38e700310ec1cf74bf9355c37103854", "1629684677833e5b481244822e2196212fa296254342678cbf7d130d9c587b8d", "5e8690ffefbe44825b5678a7470c0398edec57630635ca6837d379a8361b2bd0", "826abb7232a1ea3ec121831fc37a04ae3df4ee28d30a1929c50b6ec11f528873", "0d078ce4887d839c76f270e301e9dad954c29c615bf6c81db560065e1e255d1f", "b515735c1032b896286b805b3f0a56ad83d66714c015e512c30e000a2d03ffd3", "974a678308a419d031feca47605d313edd0c3a65e1a20b192c7584e254a00413", "d614aba134270161b882603d24630901d9010c26a3169a0f644dc19fdf859d53", "b5e685df126b92a14c8ee400db179d4dfe468ca44acf70cafadcbd9cf9e28dd6", "c9724cec421f9ab131d9a8fa0f82b8d471379a99ea9db4dbe860e4314fd42633", "7f225129cab2e7bc786467e7df6cd8d957d659b120edce47c4e7c7a271665a8d", "3811c126dcbe238b1bef70d4856cc827b481ef17d95d25f0a106b153c8d5c99a", "0f960b14d165e669049b66067eb8a80e6a871accd242e573be6ad59a6e302dfb", "cc77bb3d28fc526988de902222025de6e746a02c95954e82171840d0f301a5c1", "1d2aa6789f146f3b4ec09ab98b1914b0f1e143ea0af2eea753eb6f90388ec17e", "76f32c8ece5ec2367e13be3a0c88ec139af61fe10e3f5184da613eac66e41f64", "c22554afd41c5a8dd43f7fa33274fb2ee104d5078097f5872cfe5936162a229c", "dbd4d22f6e11333643bc0d8983992398098a202b83c2dbef6dcb6ff9b58428d8", "583fa234b4d127b9ca8f1997b331a5b36baa7b96c16fe8a968c7f8bea0ea98b6", "fe8298562bb1062f2cef62980b01159b71308ca03c923ca241c483f01ec83efa", "90345fe3aae82209d6a2a556ef7b0dfc9791134c63893427e177dfd180895af5", "5659a2e8e8e255fbd20dd07045407731b8a6ef8a21bb90e9eedd5aa026d4c809", "3bd11c28decda8215865a98c9dd247c6717abbfe959b3bbc9739424dc730feaf", "b33a6728ab55f1324989be01753ea744c386a12b2d7ed02ca355c402ef2cf78a", "5c812dc477901cc1d99de009c9a0f19e176a3743066b0c102e12a11df3161ce3", "242a2851aeea677baafa89354920d434016f9b1de6674afffb756882b9157b2a", "b0f574cfb2e337d638fd567e006886ecfc01de0ee7d0ab03d4c3bebd558ef125", "e7e4143c50c7ae57b48262a9a335d64323ec44dc072db95896abfe938826a065", "d005af54d6d3ee4419be7f97b04f24ccf8e662506b305f28de72975ce8d90d62", "a1d4d68ef9b035a9aab2961d143853ee42ea4f6beebc38cab7c011e872f3e327", "eac68d2e4845bf57515d95d78c3f275f93358ea0b9f56794a4e15c7f19b3c060", "dc0e76d60c0f1f9d49ae74e4e9fc1dd9666942a095f7a3e4b13d4bb7de4efacd", "93c58cd40261a3015bda9dfb65af5ad115e553ac8ebd76e287d5078ea06602de", "8bd4635d80e960c5178c5b57bb65ac9bfce5799efe0567208b7856ebd07b9e7a", "25911a0992f247379adcf16ec16f4439efdaf9963ddf0e5fa482324f8ba28cc6", "b150069c817d9ebccd37871c0e950f4de4fbf57de7fd2fce7e8d7bad79e1ef28", "094767acb2708b323a03f42ea6b358ee1c1bd030505b92f3e6e1db08efb4bc9d"], "mitre_attack_tags": ["TA0009", "TA0006", "T1056"]}, {"bi": "deleted-submitted-file", "hashes": ["72701410ad09a499df8de99e8df448b1b7259970948b5752419720fc834e937f", "084801c4cf563b73356ce3cf7cecf363e14aa6b826799d45793b8b4d55f7077a", "560feb54dc61956c26405f1bc0ead724fe7dbcfe310b0af41ac67edcbe3cdb18", "7350074560e1a7f5b28694d3fde012cc29f4e95f8c70e8007ff91fd9f57c4565", "0a4bb6ea70ba3ba6c5fd41e585678163fe523ff82ef6b4b4d136e65d2e21727f", "1d46cfee2462b31e7bbfad58ea780e09a38e700310ec1cf74bf9355c37103854", "1629684677833e5b481244822e2196212fa296254342678cbf7d130d9c587b8d", "5e8690ffefbe44825b5678a7470c0398edec57630635ca6837d379a8361b2bd0", "826abb7232a1ea3ec121831fc37a04ae3df4ee28d30a1929c50b6ec11f528873", "0d078ce4887d839c76f270e301e9dad954c29c615bf6c81db560065e1e255d1f", "b515735c1032b896286b805b3f0a56ad83d66714c015e512c30e000a2d03ffd3", "974a678308a419d031feca47605d313edd0c3a65e1a20b192c7584e254a00413", "d614aba134270161b882603d24630901d9010c26a3169a0f644dc19fdf859d53", "b5e685df126b92a14c8ee400db179d4dfe468ca44acf70cafadcbd9cf9e28dd6", "c9724cec421f9ab131d9a8fa0f82b8d471379a99ea9db4dbe860e4314fd42633", "7f225129cab2e7bc786467e7df6cd8d957d659b120edce47c4e7c7a271665a8d", "3811c126dcbe238b1bef70d4856cc827b481ef17d95d25f0a106b153c8d5c99a", "0f960b14d165e669049b66067eb8a80e6a871accd242e573be6ad59a6e302dfb", "cc77bb3d28fc526988de902222025de6e746a02c95954e82171840d0f301a5c1", "1d2aa6789f146f3b4ec09ab98b1914b0f1e143ea0af2eea753eb6f90388ec17e", "76f32c8ece5ec2367e13be3a0c88ec139af61fe10e3f5184da613eac66e41f64", "c22554afd41c5a8dd43f7fa33274fb2ee104d5078097f5872cfe5936162a229c", "dbd4d22f6e11333643bc0d8983992398098a202b83c2dbef6dcb6ff9b58428d8", "583fa234b4d127b9ca8f1997b331a5b36baa7b96c16fe8a968c7f8bea0ea98b6", "fe8298562bb1062f2cef62980b01159b71308ca03c923ca241c483f01ec83efa", "90345fe3aae82209d6a2a556ef7b0dfc9791134c63893427e177dfd180895af5", "5659a2e8e8e255fbd20dd07045407731b8a6ef8a21bb90e9eedd5aa026d4c809", "3bd11c28decda8215865a98c9dd247c6717abbfe959b3bbc9739424dc730feaf", "b33a6728ab55f1324989be01753ea744c386a12b2d7ed02ca355c402ef2cf78a", "5c812dc477901cc1d99de009c9a0f19e176a3743066b0c102e12a11df3161ce3", "242a2851aeea677baafa89354920d434016f9b1de6674afffb756882b9157b2a", "b0f574cfb2e337d638fd567e006886ecfc01de0ee7d0ab03d4c3bebd558ef125", "e7e4143c50c7ae57b48262a9a335d64323ec44dc072db95896abfe938826a065", "d005af54d6d3ee4419be7f97b04f24ccf8e662506b305f28de72975ce8d90d62", "a1d4d68ef9b035a9aab2961d143853ee42ea4f6beebc38cab7c011e872f3e327", "eac68d2e4845bf57515d95d78c3f275f93358ea0b9f56794a4e15c7f19b3c060", "dc0e76d60c0f1f9d49ae74e4e9fc1dd9666942a095f7a3e4b13d4bb7de4efacd", "93c58cd40261a3015bda9dfb65af5ad115e553ac8ebd76e287d5078ea06602de", "8bd4635d80e960c5178c5b57bb65ac9bfce5799efe0567208b7856ebd07b9e7a", "25911a0992f247379adcf16ec16f4439efdaf9963ddf0e5fa482324f8ba28cc6", "b150069c817d9ebccd37871c0e950f4de4fbf57de7fd2fce7e8d7bad79e1ef28", "094767acb2708b323a03f42ea6b358ee1c1bd030505b92f3e6e1db08efb4bc9d"], "mitre_attack_tags": ["TA0005", "T1070"]}, {"bi": "sample-launched-copy-of-self", "hashes": ["72701410ad09a499df8de99e8df448b1b7259970948b5752419720fc834e937f", "084801c4cf563b73356ce3cf7cecf363e14aa6b826799d45793b8b4d55f7077a", "560feb54dc61956c26405f1bc0ead724fe7dbcfe310b0af41ac67edcbe3cdb18", "7350074560e1a7f5b28694d3fde012cc29f4e95f8c70e8007ff91fd9f57c4565", "0a4bb6ea70ba3ba6c5fd41e585678163fe523ff82ef6b4b4d136e65d2e21727f", "1d46cfee2462b31e7bbfad58ea780e09a38e700310ec1cf74bf9355c37103854", "1629684677833e5b481244822e2196212fa296254342678cbf7d130d9c587b8d", "5e8690ffefbe44825b5678a7470c0398edec57630635ca6837d379a8361b2bd0", "826abb7232a1ea3ec121831fc37a04ae3df4ee28d30a1929c50b6ec11f528873", "0d078ce4887d839c76f270e301e9dad954c29c615bf6c81db560065e1e255d1f", "b515735c1032b896286b805b3f0a56ad83d66714c015e512c30e000a2d03ffd3", "974a678308a419d031feca47605d313edd0c3a65e1a20b192c7584e254a00413", "d614aba134270161b882603d24630901d9010c26a3169a0f644dc19fdf859d53", "b5e685df126b92a14c8ee400db179d4dfe468ca44acf70cafadcbd9cf9e28dd6", "c9724cec421f9ab131d9a8fa0f82b8d471379a99ea9db4dbe860e4314fd42633", "7f225129cab2e7bc786467e7df6cd8d957d659b120edce47c4e7c7a271665a8d", "3811c126dcbe238b1bef70d4856cc827b481ef17d95d25f0a106b153c8d5c99a", "0f960b14d165e669049b66067eb8a80e6a871accd242e573be6ad59a6e302dfb", "cc77bb3d28fc526988de902222025de6e746a02c95954e82171840d0f301a5c1", "1d2aa6789f146f3b4ec09ab98b1914b0f1e143ea0af2eea753eb6f90388ec17e", "76f32c8ece5ec2367e13be3a0c88ec139af61fe10e3f5184da613eac66e41f64", "c22554afd41c5a8dd43f7fa33274fb2ee104d5078097f5872cfe5936162a229c", "dbd4d22f6e11333643bc0d8983992398098a202b83c2dbef6dcb6ff9b58428d8", "583fa234b4d127b9ca8f1997b331a5b36baa7b96c16fe8a968c7f8bea0ea98b6", "fe8298562bb1062f2cef62980b01159b71308ca03c923ca241c483f01ec83efa", "90345fe3aae82209d6a2a556ef7b0dfc9791134c63893427e177dfd180895af5", "5659a2e8e8e255fbd20dd07045407731b8a6ef8a21bb90e9eedd5aa026d4c809", "3bd11c28decda8215865a98c9dd247c6717abbfe959b3bbc9739424dc730feaf", "b33a6728ab55f1324989be01753ea744c386a12b2d7ed02ca355c402ef2cf78a", "5c812dc477901cc1d99de009c9a0f19e176a3743066b0c102e12a11df3161ce3", "242a2851aeea677baafa89354920d434016f9b1de6674afffb756882b9157b2a", "b0f574cfb2e337d638fd567e006886ecfc01de0ee7d0ab03d4c3bebd558ef125", "e7e4143c50c7ae57b48262a9a335d64323ec44dc072db95896abfe938826a065", "d005af54d6d3ee4419be7f97b04f24ccf8e662506b305f28de72975ce8d90d62", "a1d4d68ef9b035a9aab2961d143853ee42ea4f6beebc38cab7c011e872f3e327", "eac68d2e4845bf57515d95d78c3f275f93358ea0b9f56794a4e15c7f19b3c060", "dc0e76d60c0f1f9d49ae74e4e9fc1dd9666942a095f7a3e4b13d4bb7de4efacd", "93c58cd40261a3015bda9dfb65af5ad115e553ac8ebd76e287d5078ea06602de", "8bd4635d80e960c5178c5b57bb65ac9bfce5799efe0567208b7856ebd07b9e7a", "25911a0992f247379adcf16ec16f4439efdaf9963ddf0e5fa482324f8ba28cc6", "b150069c817d9ebccd37871c0e950f4de4fbf57de7fd2fce7e8d7bad79e1ef28", "094767acb2708b323a03f42ea6b358ee1c1bd030505b92f3e6e1db08efb4bc9d"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "deleted-executable-in-system-dir", "hashes": ["72701410ad09a499df8de99e8df448b1b7259970948b5752419720fc834e937f", "084801c4cf563b73356ce3cf7cecf363e14aa6b826799d45793b8b4d55f7077a", "560feb54dc61956c26405f1bc0ead724fe7dbcfe310b0af41ac67edcbe3cdb18", "7350074560e1a7f5b28694d3fde012cc29f4e95f8c70e8007ff91fd9f57c4565", "0a4bb6ea70ba3ba6c5fd41e585678163fe523ff82ef6b4b4d136e65d2e21727f", "1d46cfee2462b31e7bbfad58ea780e09a38e700310ec1cf74bf9355c37103854", "1629684677833e5b481244822e2196212fa296254342678cbf7d130d9c587b8d", "5e8690ffefbe44825b5678a7470c0398edec57630635ca6837d379a8361b2bd0", "826abb7232a1ea3ec121831fc37a04ae3df4ee28d30a1929c50b6ec11f528873", "0d078ce4887d839c76f270e301e9dad954c29c615bf6c81db560065e1e255d1f", "b515735c1032b896286b805b3f0a56ad83d66714c015e512c30e000a2d03ffd3", "974a678308a419d031feca47605d313edd0c3a65e1a20b192c7584e254a00413", "d614aba134270161b882603d24630901d9010c26a3169a0f644dc19fdf859d53", "b5e685df126b92a14c8ee400db179d4dfe468ca44acf70cafadcbd9cf9e28dd6", "c9724cec421f9ab131d9a8fa0f82b8d471379a99ea9db4dbe860e4314fd42633", "7f225129cab2e7bc786467e7df6cd8d957d659b120edce47c4e7c7a271665a8d", "3811c126dcbe238b1bef70d4856cc827b481ef17d95d25f0a106b153c8d5c99a", "0f960b14d165e669049b66067eb8a80e6a871accd242e573be6ad59a6e302dfb", "cc77bb3d28fc526988de902222025de6e746a02c95954e82171840d0f301a5c1", "1d2aa6789f146f3b4ec09ab98b1914b0f1e143ea0af2eea753eb6f90388ec17e", "76f32c8ece5ec2367e13be3a0c88ec139af61fe10e3f5184da613eac66e41f64", "c22554afd41c5a8dd43f7fa33274fb2ee104d5078097f5872cfe5936162a229c", "dbd4d22f6e11333643bc0d8983992398098a202b83c2dbef6dcb6ff9b58428d8", "583fa234b4d127b9ca8f1997b331a5b36baa7b96c16fe8a968c7f8bea0ea98b6", "fe8298562bb1062f2cef62980b01159b71308ca03c923ca241c483f01ec83efa", "90345fe3aae82209d6a2a556ef7b0dfc9791134c63893427e177dfd180895af5", "5659a2e8e8e255fbd20dd07045407731b8a6ef8a21bb90e9eedd5aa026d4c809", "3bd11c28decda8215865a98c9dd247c6717abbfe959b3bbc9739424dc730feaf", "b33a6728ab55f1324989be01753ea744c386a12b2d7ed02ca355c402ef2cf78a", "5c812dc477901cc1d99de009c9a0f19e176a3743066b0c102e12a11df3161ce3", "242a2851aeea677baafa89354920d434016f9b1de6674afffb756882b9157b2a", "b0f574cfb2e337d638fd567e006886ecfc01de0ee7d0ab03d4c3bebd558ef125", "e7e4143c50c7ae57b48262a9a335d64323ec44dc072db95896abfe938826a065", "d005af54d6d3ee4419be7f97b04f24ccf8e662506b305f28de72975ce8d90d62", "a1d4d68ef9b035a9aab2961d143853ee42ea4f6beebc38cab7c011e872f3e327", "eac68d2e4845bf57515d95d78c3f275f93358ea0b9f56794a4e15c7f19b3c060", "dc0e76d60c0f1f9d49ae74e4e9fc1dd9666942a095f7a3e4b13d4bb7de4efacd", "93c58cd40261a3015bda9dfb65af5ad115e553ac8ebd76e287d5078ea06602de", "8bd4635d80e960c5178c5b57bb65ac9bfce5799efe0567208b7856ebd07b9e7a", "25911a0992f247379adcf16ec16f4439efdaf9963ddf0e5fa482324f8ba28cc6", "b150069c817d9ebccd37871c0e950f4de4fbf57de7fd2fce7e8d7bad79e1ef28", "094767acb2708b323a03f42ea6b358ee1c1bd030505b92f3e6e1db08efb4bc9d"], "mitre_attack_tags": []}, {"bi": "registry-service-with-autostart-created", "hashes": ["72701410ad09a499df8de99e8df448b1b7259970948b5752419720fc834e937f", "084801c4cf563b73356ce3cf7cecf363e14aa6b826799d45793b8b4d55f7077a", "560feb54dc61956c26405f1bc0ead724fe7dbcfe310b0af41ac67edcbe3cdb18", "7350074560e1a7f5b28694d3fde012cc29f4e95f8c70e8007ff91fd9f57c4565", "0a4bb6ea70ba3ba6c5fd41e585678163fe523ff82ef6b4b4d136e65d2e21727f", "1d46cfee2462b31e7bbfad58ea780e09a38e700310ec1cf74bf9355c37103854", "1629684677833e5b481244822e2196212fa296254342678cbf7d130d9c587b8d", "5e8690ffefbe44825b5678a7470c0398edec57630635ca6837d379a8361b2bd0", "826abb7232a1ea3ec121831fc37a04ae3df4ee28d30a1929c50b6ec11f528873", "0d078ce4887d839c76f270e301e9dad954c29c615bf6c81db560065e1e255d1f", "b515735c1032b896286b805b3f0a56ad83d66714c015e512c30e000a2d03ffd3", "974a678308a419d031feca47605d313edd0c3a65e1a20b192c7584e254a00413", "d614aba134270161b882603d24630901d9010c26a3169a0f644dc19fdf859d53", "b5e685df126b92a14c8ee400db179d4dfe468ca44acf70cafadcbd9cf9e28dd6", "c9724cec421f9ab131d9a8fa0f82b8d471379a99ea9db4dbe860e4314fd42633", "7f225129cab2e7bc786467e7df6cd8d957d659b120edce47c4e7c7a271665a8d", "3811c126dcbe238b1bef70d4856cc827b481ef17d95d25f0a106b153c8d5c99a", "0f960b14d165e669049b66067eb8a80e6a871accd242e573be6ad59a6e302dfb", "cc77bb3d28fc526988de902222025de6e746a02c95954e82171840d0f301a5c1", "1d2aa6789f146f3b4ec09ab98b1914b0f1e143ea0af2eea753eb6f90388ec17e", "76f32c8ece5ec2367e13be3a0c88ec139af61fe10e3f5184da613eac66e41f64", "c22554afd41c5a8dd43f7fa33274fb2ee104d5078097f5872cfe5936162a229c", "dbd4d22f6e11333643bc0d8983992398098a202b83c2dbef6dcb6ff9b58428d8", "583fa234b4d127b9ca8f1997b331a5b36baa7b96c16fe8a968c7f8bea0ea98b6", "fe8298562bb1062f2cef62980b01159b71308ca03c923ca241c483f01ec83efa", "90345fe3aae82209d6a2a556ef7b0dfc9791134c63893427e177dfd180895af5", "5659a2e8e8e255fbd20dd07045407731b8a6ef8a21bb90e9eedd5aa026d4c809", "3bd11c28decda8215865a98c9dd247c6717abbfe959b3bbc9739424dc730feaf", "b33a6728ab55f1324989be01753ea744c386a12b2d7ed02ca355c402ef2cf78a", "5c812dc477901cc1d99de009c9a0f19e176a3743066b0c102e12a11df3161ce3", "242a2851aeea677baafa89354920d434016f9b1de6674afffb756882b9157b2a", "b0f574cfb2e337d638fd567e006886ecfc01de0ee7d0ab03d4c3bebd558ef125", "d005af54d6d3ee4419be7f97b04f24ccf8e662506b305f28de72975ce8d90d62", "a1d4d68ef9b035a9aab2961d143853ee42ea4f6beebc38cab7c011e872f3e327", "eac68d2e4845bf57515d95d78c3f275f93358ea0b9f56794a4e15c7f19b3c060", "dc0e76d60c0f1f9d49ae74e4e9fc1dd9666942a095f7a3e4b13d4bb7de4efacd", "93c58cd40261a3015bda9dfb65af5ad115e553ac8ebd76e287d5078ea06602de", "8bd4635d80e960c5178c5b57bb65ac9bfce5799efe0567208b7856ebd07b9e7a", "25911a0992f247379adcf16ec16f4439efdaf9963ddf0e5fa482324f8ba28cc6", "b150069c817d9ebccd37871c0e950f4de4fbf57de7fd2fce7e8d7bad79e1ef28", "094767acb2708b323a03f42ea6b358ee1c1bd030505b92f3e6e1db08efb4bc9d"], "mitre_attack_tags": ["TA0005", "TA0003", "TA0004", "T1112", "T1574"]}, {"bi": "currentcontrolset-service-added", "hashes": ["72701410ad09a499df8de99e8df448b1b7259970948b5752419720fc834e937f", "084801c4cf563b73356ce3cf7cecf363e14aa6b826799d45793b8b4d55f7077a", "560feb54dc61956c26405f1bc0ead724fe7dbcfe310b0af41ac67edcbe3cdb18", "7350074560e1a7f5b28694d3fde012cc29f4e95f8c70e8007ff91fd9f57c4565", "0a4bb6ea70ba3ba6c5fd41e585678163fe523ff82ef6b4b4d136e65d2e21727f", "1d46cfee2462b31e7bbfad58ea780e09a38e700310ec1cf74bf9355c37103854", "1629684677833e5b481244822e2196212fa296254342678cbf7d130d9c587b8d", "5e8690ffefbe44825b5678a7470c0398edec57630635ca6837d379a8361b2bd0", "826abb7232a1ea3ec121831fc37a04ae3df4ee28d30a1929c50b6ec11f528873", "0d078ce4887d839c76f270e301e9dad954c29c615bf6c81db560065e1e255d1f", "b515735c1032b896286b805b3f0a56ad83d66714c015e512c30e000a2d03ffd3", "974a678308a419d031feca47605d313edd0c3a65e1a20b192c7584e254a00413", "d614aba134270161b882603d24630901d9010c26a3169a0f644dc19fdf859d53", "b5e685df126b92a14c8ee400db179d4dfe468ca44acf70cafadcbd9cf9e28dd6", "c9724cec421f9ab131d9a8fa0f82b8d471379a99ea9db4dbe860e4314fd42633", "7f225129cab2e7bc786467e7df6cd8d957d659b120edce47c4e7c7a271665a8d", "3811c126dcbe238b1bef70d4856cc827b481ef17d95d25f0a106b153c8d5c99a", "0f960b14d165e669049b66067eb8a80e6a871accd242e573be6ad59a6e302dfb", "cc77bb3d28fc526988de902222025de6e746a02c95954e82171840d0f301a5c1", "1d2aa6789f146f3b4ec09ab98b1914b0f1e143ea0af2eea753eb6f90388ec17e", "76f32c8ece5ec2367e13be3a0c88ec139af61fe10e3f5184da613eac66e41f64", "c22554afd41c5a8dd43f7fa33274fb2ee104d5078097f5872cfe5936162a229c", "dbd4d22f6e11333643bc0d8983992398098a202b83c2dbef6dcb6ff9b58428d8", "583fa234b4d127b9ca8f1997b331a5b36baa7b96c16fe8a968c7f8bea0ea98b6", "fe8298562bb1062f2cef62980b01159b71308ca03c923ca241c483f01ec83efa", "90345fe3aae82209d6a2a556ef7b0dfc9791134c63893427e177dfd180895af5", "5659a2e8e8e255fbd20dd07045407731b8a6ef8a21bb90e9eedd5aa026d4c809", "3bd11c28decda8215865a98c9dd247c6717abbfe959b3bbc9739424dc730feaf", "b33a6728ab55f1324989be01753ea744c386a12b2d7ed02ca355c402ef2cf78a", "5c812dc477901cc1d99de009c9a0f19e176a3743066b0c102e12a11df3161ce3", "242a2851aeea677baafa89354920d434016f9b1de6674afffb756882b9157b2a", "b0f574cfb2e337d638fd567e006886ecfc01de0ee7d0ab03d4c3bebd558ef125", "d005af54d6d3ee4419be7f97b04f24ccf8e662506b305f28de72975ce8d90d62", "a1d4d68ef9b035a9aab2961d143853ee42ea4f6beebc38cab7c011e872f3e327", "eac68d2e4845bf57515d95d78c3f275f93358ea0b9f56794a4e15c7f19b3c060", "dc0e76d60c0f1f9d49ae74e4e9fc1dd9666942a095f7a3e4b13d4bb7de4efacd", "93c58cd40261a3015bda9dfb65af5ad115e553ac8ebd76e287d5078ea06602de", "8bd4635d80e960c5178c5b57bb65ac9bfce5799efe0567208b7856ebd07b9e7a", "25911a0992f247379adcf16ec16f4439efdaf9963ddf0e5fa482324f8ba28cc6", "b150069c817d9ebccd37871c0e950f4de4fbf57de7fd2fce7e8d7bad79e1ef28", "094767acb2708b323a03f42ea6b358ee1c1bd030505b92f3e6e1db08efb4bc9d"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1569", "T1547"]}, {"bi": "malware-emotet-service-detected", "hashes": ["72701410ad09a499df8de99e8df448b1b7259970948b5752419720fc834e937f", "084801c4cf563b73356ce3cf7cecf363e14aa6b826799d45793b8b4d55f7077a", "560feb54dc61956c26405f1bc0ead724fe7dbcfe310b0af41ac67edcbe3cdb18", "7350074560e1a7f5b28694d3fde012cc29f4e95f8c70e8007ff91fd9f57c4565", "0a4bb6ea70ba3ba6c5fd41e585678163fe523ff82ef6b4b4d136e65d2e21727f", "1d46cfee2462b31e7bbfad58ea780e09a38e700310ec1cf74bf9355c37103854", "1629684677833e5b481244822e2196212fa296254342678cbf7d130d9c587b8d", "5e8690ffefbe44825b5678a7470c0398edec57630635ca6837d379a8361b2bd0", "826abb7232a1ea3ec121831fc37a04ae3df4ee28d30a1929c50b6ec11f528873", "0d078ce4887d839c76f270e301e9dad954c29c615bf6c81db560065e1e255d1f", "b515735c1032b896286b805b3f0a56ad83d66714c015e512c30e000a2d03ffd3", "974a678308a419d031feca47605d313edd0c3a65e1a20b192c7584e254a00413", "d614aba134270161b882603d24630901d9010c26a3169a0f644dc19fdf859d53", "b5e685df126b92a14c8ee400db179d4dfe468ca44acf70cafadcbd9cf9e28dd6", "c9724cec421f9ab131d9a8fa0f82b8d471379a99ea9db4dbe860e4314fd42633", "7f225129cab2e7bc786467e7df6cd8d957d659b120edce47c4e7c7a271665a8d", "3811c126dcbe238b1bef70d4856cc827b481ef17d95d25f0a106b153c8d5c99a", "0f960b14d165e669049b66067eb8a80e6a871accd242e573be6ad59a6e302dfb", "cc77bb3d28fc526988de902222025de6e746a02c95954e82171840d0f301a5c1", "1d2aa6789f146f3b4ec09ab98b1914b0f1e143ea0af2eea753eb6f90388ec17e", "76f32c8ece5ec2367e13be3a0c88ec139af61fe10e3f5184da613eac66e41f64", "c22554afd41c5a8dd43f7fa33274fb2ee104d5078097f5872cfe5936162a229c", "dbd4d22f6e11333643bc0d8983992398098a202b83c2dbef6dcb6ff9b58428d8", "583fa234b4d127b9ca8f1997b331a5b36baa7b96c16fe8a968c7f8bea0ea98b6", "fe8298562bb1062f2cef62980b01159b71308ca03c923ca241c483f01ec83efa", "90345fe3aae82209d6a2a556ef7b0dfc9791134c63893427e177dfd180895af5", "5659a2e8e8e255fbd20dd07045407731b8a6ef8a21bb90e9eedd5aa026d4c809", "3bd11c28decda8215865a98c9dd247c6717abbfe959b3bbc9739424dc730feaf", "b33a6728ab55f1324989be01753ea744c386a12b2d7ed02ca355c402ef2cf78a", "5c812dc477901cc1d99de009c9a0f19e176a3743066b0c102e12a11df3161ce3", "242a2851aeea677baafa89354920d434016f9b1de6674afffb756882b9157b2a", "b0f574cfb2e337d638fd567e006886ecfc01de0ee7d0ab03d4c3bebd558ef125", "d005af54d6d3ee4419be7f97b04f24ccf8e662506b305f28de72975ce8d90d62", "a1d4d68ef9b035a9aab2961d143853ee42ea4f6beebc38cab7c011e872f3e327", "eac68d2e4845bf57515d95d78c3f275f93358ea0b9f56794a4e15c7f19b3c060", "dc0e76d60c0f1f9d49ae74e4e9fc1dd9666942a095f7a3e4b13d4bb7de4efacd", "93c58cd40261a3015bda9dfb65af5ad115e553ac8ebd76e287d5078ea06602de", "8bd4635d80e960c5178c5b57bb65ac9bfce5799efe0567208b7856ebd07b9e7a", "25911a0992f247379adcf16ec16f4439efdaf9963ddf0e5fa482324f8ba28cc6", "b150069c817d9ebccd37871c0e950f4de4fbf57de7fd2fce7e8d7bad79e1ef28", "094767acb2708b323a03f42ea6b358ee1c1bd030505b92f3e6e1db08efb4bc9d"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1569", "T1543"]}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["72701410ad09a499df8de99e8df448b1b7259970948b5752419720fc834e937f", "084801c4cf563b73356ce3cf7cecf363e14aa6b826799d45793b8b4d55f7077a", "560feb54dc61956c26405f1bc0ead724fe7dbcfe310b0af41ac67edcbe3cdb18", "7350074560e1a7f5b28694d3fde012cc29f4e95f8c70e8007ff91fd9f57c4565", "0a4bb6ea70ba3ba6c5fd41e585678163fe523ff82ef6b4b4d136e65d2e21727f", "1d46cfee2462b31e7bbfad58ea780e09a38e700310ec1cf74bf9355c37103854", "1629684677833e5b481244822e2196212fa296254342678cbf7d130d9c587b8d", "5e8690ffefbe44825b5678a7470c0398edec57630635ca6837d379a8361b2bd0", "d614aba134270161b882603d24630901d9010c26a3169a0f644dc19fdf859d53", "b5e685df126b92a14c8ee400db179d4dfe468ca44acf70cafadcbd9cf9e28dd6", "c9724cec421f9ab131d9a8fa0f82b8d471379a99ea9db4dbe860e4314fd42633", "7f225129cab2e7bc786467e7df6cd8d957d659b120edce47c4e7c7a271665a8d", "3811c126dcbe238b1bef70d4856cc827b481ef17d95d25f0a106b153c8d5c99a", "0f960b14d165e669049b66067eb8a80e6a871accd242e573be6ad59a6e302dfb", "cc77bb3d28fc526988de902222025de6e746a02c95954e82171840d0f301a5c1", "1d2aa6789f146f3b4ec09ab98b1914b0f1e143ea0af2eea753eb6f90388ec17e", "76f32c8ece5ec2367e13be3a0c88ec139af61fe10e3f5184da613eac66e41f64", "c22554afd41c5a8dd43f7fa33274fb2ee104d5078097f5872cfe5936162a229c", "dbd4d22f6e11333643bc0d8983992398098a202b83c2dbef6dcb6ff9b58428d8", "583fa234b4d127b9ca8f1997b331a5b36baa7b96c16fe8a968c7f8bea0ea98b6", "fe8298562bb1062f2cef62980b01159b71308ca03c923ca241c483f01ec83efa", "90345fe3aae82209d6a2a556ef7b0dfc9791134c63893427e177dfd180895af5", "5659a2e8e8e255fbd20dd07045407731b8a6ef8a21bb90e9eedd5aa026d4c809", "3bd11c28decda8215865a98c9dd247c6717abbfe959b3bbc9739424dc730feaf", "b33a6728ab55f1324989be01753ea744c386a12b2d7ed02ca355c402ef2cf78a", "5c812dc477901cc1d99de009c9a0f19e176a3743066b0c102e12a11df3161ce3", "242a2851aeea677baafa89354920d434016f9b1de6674afffb756882b9157b2a", "b0f574cfb2e337d638fd567e006886ecfc01de0ee7d0ab03d4c3bebd558ef125", "e7e4143c50c7ae57b48262a9a335d64323ec44dc072db95896abfe938826a065", "d005af54d6d3ee4419be7f97b04f24ccf8e662506b305f28de72975ce8d90d62", "a1d4d68ef9b035a9aab2961d143853ee42ea4f6beebc38cab7c011e872f3e327", "eac68d2e4845bf57515d95d78c3f275f93358ea0b9f56794a4e15c7f19b3c060", "dc0e76d60c0f1f9d49ae74e4e9fc1dd9666942a095f7a3e4b13d4bb7de4efacd", "93c58cd40261a3015bda9dfb65af5ad115e553ac8ebd76e287d5078ea06602de", "8bd4635d80e960c5178c5b57bb65ac9bfce5799efe0567208b7856ebd07b9e7a", "25911a0992f247379adcf16ec16f4439efdaf9963ddf0e5fa482324f8ba28cc6", "b150069c817d9ebccd37871c0e950f4de4fbf57de7fd2fce7e8d7bad79e1ef28", "094767acb2708b323a03f42ea6b358ee1c1bd030505b92f3e6e1db08efb4bc9d"], "mitre_attack_tags": []}, {"bi": "potential-registry-script-execution", "hashes": ["7f225129cab2e7bc786467e7df6cd8d957d659b120edce47c4e7c7a271665a8d"], "mitre_attack_tags": []}], "category": "Dropper", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": true, "Threat Grid": true, "Umbrella": false, "WSA": false}, "description": "Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a wide variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails.", "hashes": ["084801c4cf563b73356ce3cf7cecf363e14aa6b826799d45793b8b4d55f7077a", "094767acb2708b323a03f42ea6b358ee1c1bd030505b92f3e6e1db08efb4bc9d", "0a4bb6ea70ba3ba6c5fd41e585678163fe523ff82ef6b4b4d136e65d2e21727f", "0d078ce4887d839c76f270e301e9dad954c29c615bf6c81db560065e1e255d1f", "0f960b14d165e669049b66067eb8a80e6a871accd242e573be6ad59a6e302dfb", "1629684677833e5b481244822e2196212fa296254342678cbf7d130d9c587b8d", "1d2aa6789f146f3b4ec09ab98b1914b0f1e143ea0af2eea753eb6f90388ec17e", "1d46cfee2462b31e7bbfad58ea780e09a38e700310ec1cf74bf9355c37103854", "242a2851aeea677baafa89354920d434016f9b1de6674afffb756882b9157b2a", "25911a0992f247379adcf16ec16f4439efdaf9963ddf0e5fa482324f8ba28cc6", "3811c126dcbe238b1bef70d4856cc827b481ef17d95d25f0a106b153c8d5c99a", "3bd11c28decda8215865a98c9dd247c6717abbfe959b3bbc9739424dc730feaf", "560feb54dc61956c26405f1bc0ead724fe7dbcfe310b0af41ac67edcbe3cdb18", "5659a2e8e8e255fbd20dd07045407731b8a6ef8a21bb90e9eedd5aa026d4c809", "583fa234b4d127b9ca8f1997b331a5b36baa7b96c16fe8a968c7f8bea0ea98b6", "5c812dc477901cc1d99de009c9a0f19e176a3743066b0c102e12a11df3161ce3", "5e8690ffefbe44825b5678a7470c0398edec57630635ca6837d379a8361b2bd0", "72701410ad09a499df8de99e8df448b1b7259970948b5752419720fc834e937f", "7350074560e1a7f5b28694d3fde012cc29f4e95f8c70e8007ff91fd9f57c4565", "76f32c8ece5ec2367e13be3a0c88ec139af61fe10e3f5184da613eac66e41f64", "7f225129cab2e7bc786467e7df6cd8d957d659b120edce47c4e7c7a271665a8d", "826abb7232a1ea3ec121831fc37a04ae3df4ee28d30a1929c50b6ec11f528873", "8bd4635d80e960c5178c5b57bb65ac9bfce5799efe0567208b7856ebd07b9e7a", "90345fe3aae82209d6a2a556ef7b0dfc9791134c63893427e177dfd180895af5", "93c58cd40261a3015bda9dfb65af5ad115e553ac8ebd76e287d5078ea06602de", "974a678308a419d031feca47605d313edd0c3a65e1a20b192c7584e254a00413", "a1d4d68ef9b035a9aab2961d143853ee42ea4f6beebc38cab7c011e872f3e327", "b0f574cfb2e337d638fd567e006886ecfc01de0ee7d0ab03d4c3bebd558ef125", "b150069c817d9ebccd37871c0e950f4de4fbf57de7fd2fce7e8d7bad79e1ef28", "b33a6728ab55f1324989be01753ea744c386a12b2d7ed02ca355c402ef2cf78a", "b515735c1032b896286b805b3f0a56ad83d66714c015e512c30e000a2d03ffd3", "b5e685df126b92a14c8ee400db179d4dfe468ca44acf70cafadcbd9cf9e28dd6", "c22554afd41c5a8dd43f7fa33274fb2ee104d5078097f5872cfe5936162a229c", "c9724cec421f9ab131d9a8fa0f82b8d471379a99ea9db4dbe860e4314fd42633", "cc77bb3d28fc526988de902222025de6e746a02c95954e82171840d0f301a5c1", "d005af54d6d3ee4419be7f97b04f24ccf8e662506b305f28de72975ce8d90d62", "d614aba134270161b882603d24630901d9010c26a3169a0f644dc19fdf859d53", "dbd4d22f6e11333643bc0d8983992398098a202b83c2dbef6dcb6ff9b58428d8", "dc0e76d60c0f1f9d49ae74e4e9fc1dd9666942a095f7a3e4b13d4bb7de4efacd", "e7e4143c50c7ae57b48262a9a335d64323ec44dc072db95896abfe938826a065", "eac68d2e4845bf57515d95d78c3f275f93358ea0b9f56794a4e15c7f19b3c060", "fe8298562bb1062f2cef62980b01159b71308ca03c923ca241c483f01ec83efa"], "iocs": {"domain": [], "file": [{"hashes": ["0d078ce4887d839c76f270e301e9dad954c29c615bf6c81db560065e1e255d1f", "1629684677833e5b481244822e2196212fa296254342678cbf7d130d9c587b8d", "3bd11c28decda8215865a98c9dd247c6717abbfe959b3bbc9739424dc730feaf", "5659a2e8e8e255fbd20dd07045407731b8a6ef8a21bb90e9eedd5aa026d4c809", "72701410ad09a499df8de99e8df448b1b7259970948b5752419720fc834e937f", "76f32c8ece5ec2367e13be3a0c88ec139af61fe10e3f5184da613eac66e41f64", "826abb7232a1ea3ec121831fc37a04ae3df4ee28d30a1929c50b6ec11f528873", "8bd4635d80e960c5178c5b57bb65ac9bfce5799efe0567208b7856ebd07b9e7a", "a1d4d68ef9b035a9aab2961d143853ee42ea4f6beebc38cab7c011e872f3e327", "b33a6728ab55f1324989be01753ea744c386a12b2d7ed02ca355c402ef2cf78a", "d614aba134270161b882603d24630901d9010c26a3169a0f644dc19fdf859d53", "dc0e76d60c0f1f9d49ae74e4e9fc1dd9666942a095f7a3e4b13d4bb7de4efacd", "eac68d2e4845bf57515d95d78c3f275f93358ea0b9f56794a4e15c7f19b3c060"], "path": "%SystemRoot%\\SysWOW64\\<random, matching '[a-z]{8}'>"}, {"hashes": ["094767acb2708b323a03f42ea6b358ee1c1bd030505b92f3e6e1db08efb4bc9d", "1d46cfee2462b31e7bbfad58ea780e09a38e700310ec1cf74bf9355c37103854", "583fa234b4d127b9ca8f1997b331a5b36baa7b96c16fe8a968c7f8bea0ea98b6", "5c812dc477901cc1d99de009c9a0f19e176a3743066b0c102e12a11df3161ce3", "5e8690ffefbe44825b5678a7470c0398edec57630635ca6837d379a8361b2bd0", "76f32c8ece5ec2367e13be3a0c88ec139af61fe10e3f5184da613eac66e41f64", "7f225129cab2e7bc786467e7df6cd8d957d659b120edce47c4e7c7a271665a8d"], "path": "%TEMP%\\<random, matching '[a-z]{3}[A-F0-9]{3,4}'>.tmp"}, {"hashes": ["90345fe3aae82209d6a2a556ef7b0dfc9791134c63893427e177dfd180895af5"], "path": "%SystemRoot%\\SysWOW64\\ieUnatt"}, {"hashes": ["3811c126dcbe238b1bef70d4856cc827b481ef17d95d25f0a106b153c8d5c99a"], "path": "%SystemRoot%\\SysWOW64\\adsldp"}, {"hashes": ["b0f574cfb2e337d638fd567e006886ecfc01de0ee7d0ab03d4c3bebd558ef125"], "path": "%SystemRoot%\\SysWOW64\\l2gpstore"}, {"hashes": ["b515735c1032b896286b805b3f0a56ad83d66714c015e512c30e000a2d03ffd3"], "path": "%SystemRoot%\\SysWOW64\\pngfilt"}, {"hashes": ["974a678308a419d031feca47605d313edd0c3a65e1a20b192c7584e254a00413"], "path": "%SystemRoot%\\SysWOW64\\comsnap"}, {"hashes": ["560feb54dc61956c26405f1bc0ead724fe7dbcfe310b0af41ac67edcbe3cdb18"], "path": "%SystemRoot%\\SysWOW64\\NlsLexicons0039"}, {"hashes": ["5c812dc477901cc1d99de009c9a0f19e176a3743066b0c102e12a11df3161ce3"], "path": "%SystemRoot%\\SysWOW64\\itircl"}, {"hashes": ["7350074560e1a7f5b28694d3fde012cc29f4e95f8c70e8007ff91fd9f57c4565"], "path": "%SystemRoot%\\SysWOW64\\NlsModels0011"}, {"hashes": ["b150069c817d9ebccd37871c0e950f4de4fbf57de7fd2fce7e8d7bad79e1ef28"], "path": "%SystemRoot%\\SysWOW64\\adsldpc"}, {"hashes": ["cc77bb3d28fc526988de902222025de6e746a02c95954e82171840d0f301a5c1"], "path": "%SystemRoot%\\SysWOW64\\ntdll"}, {"hashes": ["0a4bb6ea70ba3ba6c5fd41e585678163fe523ff82ef6b4b4d136e65d2e21727f"], "path": "%SystemRoot%\\SysWOW64\\PortableDeviceStatus"}, {"hashes": ["084801c4cf563b73356ce3cf7cecf363e14aa6b826799d45793b8b4d55f7077a"], "path": "%SystemRoot%\\SysWOW64\\shsetup"}, {"hashes": ["dbd4d22f6e11333643bc0d8983992398098a202b83c2dbef6dcb6ff9b58428d8"], "path": "%SystemRoot%\\SysWOW64\\msimtf"}, {"hashes": ["5e8690ffefbe44825b5678a7470c0398edec57630635ca6837d379a8361b2bd0"], "path": "%SystemRoot%\\SysWOW64\\KBDBHC"}, {"hashes": ["0f960b14d165e669049b66067eb8a80e6a871accd242e573be6ad59a6e302dfb"], "path": "%SystemRoot%\\SysWOW64\\wmvdspa"}, {"hashes": ["094767acb2708b323a03f42ea6b358ee1c1bd030505b92f3e6e1db08efb4bc9d"], "path": "%SystemRoot%\\SysWOW64\\KBDMLT47"}, {"hashes": ["c22554afd41c5a8dd43f7fa33274fb2ee104d5078097f5872cfe5936162a229c"], "path": "%SystemRoot%\\SysWOW64\\credwiz"}, {"hashes": ["93c58cd40261a3015bda9dfb65af5ad115e553ac8ebd76e287d5078ea06602de"], "path": "%SystemRoot%\\SysWOW64\\mscms"}, {"hashes": ["d005af54d6d3ee4419be7f97b04f24ccf8e662506b305f28de72975ce8d90d62"], "path": "%SystemRoot%\\SysWOW64\\msvcp140"}, {"hashes": ["b5e685df126b92a14c8ee400db179d4dfe468ca44acf70cafadcbd9cf9e28dd6"], "path": "%SystemRoot%\\SysWOW64\\autofmt"}, {"hashes": ["25911a0992f247379adcf16ec16f4439efdaf9963ddf0e5fa482324f8ba28cc6"], "path": "%SystemRoot%\\SysWOW64\\mstask"}, {"hashes": ["1d2aa6789f146f3b4ec09ab98b1914b0f1e143ea0af2eea753eb6f90388ec17e"], "path": "%SystemRoot%\\SysWOW64\\KBDARMW"}, {"hashes": ["7f225129cab2e7bc786467e7df6cd8d957d659b120edce47c4e7c7a271665a8d"], "path": "%SystemRoot%\\SysWOW64\\clusapi"}, {"hashes": ["583fa234b4d127b9ca8f1997b331a5b36baa7b96c16fe8a968c7f8bea0ea98b6"], "path": "%SystemRoot%\\SysWOW64\\WINSRPC"}, {"hashes": ["e7e4143c50c7ae57b48262a9a335d64323ec44dc072db95896abfe938826a065"], "path": "%SystemRoot%\\SysWOW64\\ir41_qc"}, {"hashes": ["c9724cec421f9ab131d9a8fa0f82b8d471379a99ea9db4dbe860e4314fd42633"], "path": "%SystemRoot%\\SysWOW64\\cryptbase"}, {"hashes": ["fe8298562bb1062f2cef62980b01159b71308ca03c923ca241c483f01ec83efa"], "path": "%SystemRoot%\\SysWOW64\\ws2help"}, {"hashes": ["242a2851aeea677baafa89354920d434016f9b1de6674afffb756882b9157b2a"], "path": "%SystemRoot%\\SysWOW64\\sqlceoledb30"}, {"hashes": ["974a678308a419d031feca47605d313edd0c3a65e1a20b192c7584e254a00413"], "path": "%System32%\\msvidc32\\MsRdpWebAccess.exe (copy)"}, {"hashes": ["1d46cfee2462b31e7bbfad58ea780e09a38e700310ec1cf74bf9355c37103854"], "path": "%SystemRoot%\\SysWOW64\\msimg32"}, {"hashes": ["7f225129cab2e7bc786467e7df6cd8d957d659b120edce47c4e7c7a271665a8d"], "path": "%System32%\\dswave\\KBDNEPR.exe (copy)"}, {"hashes": ["094767acb2708b323a03f42ea6b358ee1c1bd030505b92f3e6e1db08efb4bc9d"], "path": "%System32%\\Windows.Internal.Bluetooth\\COLORCNV.exe (copy)"}, {"hashes": ["1d46cfee2462b31e7bbfad58ea780e09a38e700310ec1cf74bf9355c37103854"], "path": "%System32%\\defragres\\SystemSettingsBroker.exe (copy)"}, {"hashes": ["0d078ce4887d839c76f270e301e9dad954c29c615bf6c81db560065e1e255d1f"], "path": "%System32%\\devobj\\msi.exe (copy)"}, {"hashes": ["b515735c1032b896286b805b3f0a56ad83d66714c015e512c30e000a2d03ffd3"], "path": "%System32%\\wmdrmnet\\schedcli.exe (copy)"}, {"hashes": ["826abb7232a1ea3ec121831fc37a04ae3df4ee28d30a1929c50b6ec11f528873"], "path": "%System32%\\stobject\\avicap32.exe (copy)"}, {"hashes": ["1d46cfee2462b31e7bbfad58ea780e09a38e700310ec1cf74bf9355c37103854"], "path": "%System32%\\defragres\\KBDMACST2.exe"}, {"hashes": ["094767acb2708b323a03f42ea6b358ee1c1bd030505b92f3e6e1db08efb4bc9d"], "path": "%System32%\\Windows.Internal.Bluetooth\\WUDFCoinstaller2.exe"}, {"hashes": ["583fa234b4d127b9ca8f1997b331a5b36baa7b96c16fe8a968c7f8bea0ea98b6"], "path": "%System32%\\VmApplicationHealthMonitorProxy\\fveui2.exe"}, {"hashes": ["583fa234b4d127b9ca8f1997b331a5b36baa7b96c16fe8a968c7f8bea0ea98b6"], "path": "%System32%\\VmApplicationHealthMonitorProxy\\radarrs.exe (copy)"}, {"hashes": ["5c812dc477901cc1d99de009c9a0f19e176a3743066b0c102e12a11df3161ce3"], "path": "%System32%\\WinFax\\cttune2.exe"}, {"hashes": ["5c812dc477901cc1d99de009c9a0f19e176a3743066b0c102e12a11df3161ce3"], "path": "%System32%\\WinFax\\ndadmin.exe (copy)"}, {"hashes": ["5e8690ffefbe44825b5678a7470c0398edec57630635ca6837d379a8361b2bd0"], "path": "%System32%\\IDStore\\VmApplicationHealthMonitorProxy.exe (copy)"}, {"hashes": ["5e8690ffefbe44825b5678a7470c0398edec57630635ca6837d379a8361b2bd0"], "path": "%System32%\\IDStore\\msacm2.exe"}, {"hashes": ["76f32c8ece5ec2367e13be3a0c88ec139af61fe10e3f5184da613eac66e41f64"], "path": "%System32%\\wsock32\\ustprov2.exe"}, {"hashes": ["76f32c8ece5ec2367e13be3a0c88ec139af61fe10e3f5184da613eac66e41f64"], "path": "%System32%\\wsock32\\w32time.exe (copy)"}, {"hashes": ["7f225129cab2e7bc786467e7df6cd8d957d659b120edce47c4e7c7a271665a8d"], "path": "%System32%\\dswave\\bthserv2.exe"}], "ip": [{"hashes": ["094767acb2708b323a03f42ea6b358ee1c1bd030505b92f3e6e1db08efb4bc9d", "0a4bb6ea70ba3ba6c5fd41e585678163fe523ff82ef6b4b4d136e65d2e21727f", "1d46cfee2462b31e7bbfad58ea780e09a38e700310ec1cf74bf9355c37103854", "560feb54dc61956c26405f1bc0ead724fe7dbcfe310b0af41ac67edcbe3cdb18", "583fa234b4d127b9ca8f1997b331a5b36baa7b96c16fe8a968c7f8bea0ea98b6", "5c812dc477901cc1d99de009c9a0f19e176a3743066b0c102e12a11df3161ce3", "5e8690ffefbe44825b5678a7470c0398edec57630635ca6837d379a8361b2bd0", "7350074560e1a7f5b28694d3fde012cc29f4e95f8c70e8007ff91fd9f57c4565", "76f32c8ece5ec2367e13be3a0c88ec139af61fe10e3f5184da613eac66e41f64", "7f225129cab2e7bc786467e7df6cd8d957d659b120edce47c4e7c7a271665a8d", "826abb7232a1ea3ec121831fc37a04ae3df4ee28d30a1929c50b6ec11f528873", "93c58cd40261a3015bda9dfb65af5ad115e553ac8ebd76e287d5078ea06602de", "a1d4d68ef9b035a9aab2961d143853ee42ea4f6beebc38cab7c011e872f3e327", "b150069c817d9ebccd37871c0e950f4de4fbf57de7fd2fce7e8d7bad79e1ef28", "b33a6728ab55f1324989be01753ea744c386a12b2d7ed02ca355c402ef2cf78a", "b5e685df126b92a14c8ee400db179d4dfe468ca44acf70cafadcbd9cf9e28dd6", "c22554afd41c5a8dd43f7fa33274fb2ee104d5078097f5872cfe5936162a229c", "d005af54d6d3ee4419be7f97b04f24ccf8e662506b305f28de72975ce8d90d62", "d614aba134270161b882603d24630901d9010c26a3169a0f644dc19fdf859d53", "dbd4d22f6e11333643bc0d8983992398098a202b83c2dbef6dcb6ff9b58428d8", "e7e4143c50c7ae57b48262a9a335d64323ec44dc072db95896abfe938826a065", "eac68d2e4845bf57515d95d78c3f275f93358ea0b9f56794a4e15c7f19b3c060"], "ip": "185[.]201[.]9[.]197"}, {"hashes": ["094767acb2708b323a03f42ea6b358ee1c1bd030505b92f3e6e1db08efb4bc9d", "0a4bb6ea70ba3ba6c5fd41e585678163fe523ff82ef6b4b4d136e65d2e21727f", "1d46cfee2462b31e7bbfad58ea780e09a38e700310ec1cf74bf9355c37103854", "560feb54dc61956c26405f1bc0ead724fe7dbcfe310b0af41ac67edcbe3cdb18", "583fa234b4d127b9ca8f1997b331a5b36baa7b96c16fe8a968c7f8bea0ea98b6", "5c812dc477901cc1d99de009c9a0f19e176a3743066b0c102e12a11df3161ce3", "5e8690ffefbe44825b5678a7470c0398edec57630635ca6837d379a8361b2bd0", "7350074560e1a7f5b28694d3fde012cc29f4e95f8c70e8007ff91fd9f57c4565", "76f32c8ece5ec2367e13be3a0c88ec139af61fe10e3f5184da613eac66e41f64", "7f225129cab2e7bc786467e7df6cd8d957d659b120edce47c4e7c7a271665a8d", "826abb7232a1ea3ec121831fc37a04ae3df4ee28d30a1929c50b6ec11f528873", "93c58cd40261a3015bda9dfb65af5ad115e553ac8ebd76e287d5078ea06602de", "a1d4d68ef9b035a9aab2961d143853ee42ea4f6beebc38cab7c011e872f3e327", "b150069c817d9ebccd37871c0e950f4de4fbf57de7fd2fce7e8d7bad79e1ef28", "b33a6728ab55f1324989be01753ea744c386a12b2d7ed02ca355c402ef2cf78a", "b5e685df126b92a14c8ee400db179d4dfe468ca44acf70cafadcbd9cf9e28dd6", "c22554afd41c5a8dd43f7fa33274fb2ee104d5078097f5872cfe5936162a229c", "d005af54d6d3ee4419be7f97b04f24ccf8e662506b305f28de72975ce8d90d62", "d614aba134270161b882603d24630901d9010c26a3169a0f644dc19fdf859d53", "dbd4d22f6e11333643bc0d8983992398098a202b83c2dbef6dcb6ff9b58428d8", "e7e4143c50c7ae57b48262a9a335d64323ec44dc072db95896abfe938826a065", "eac68d2e4845bf57515d95d78c3f275f93358ea0b9f56794a4e15c7f19b3c060"], "ip": "152[.]170[.]205[.]73"}, {"hashes": ["094767acb2708b323a03f42ea6b358ee1c1bd030505b92f3e6e1db08efb4bc9d", "0a4bb6ea70ba3ba6c5fd41e585678163fe523ff82ef6b4b4d136e65d2e21727f", "1d46cfee2462b31e7bbfad58ea780e09a38e700310ec1cf74bf9355c37103854", "560feb54dc61956c26405f1bc0ead724fe7dbcfe310b0af41ac67edcbe3cdb18", "583fa234b4d127b9ca8f1997b331a5b36baa7b96c16fe8a968c7f8bea0ea98b6", "5c812dc477901cc1d99de009c9a0f19e176a3743066b0c102e12a11df3161ce3", "5e8690ffefbe44825b5678a7470c0398edec57630635ca6837d379a8361b2bd0", "7350074560e1a7f5b28694d3fde012cc29f4e95f8c70e8007ff91fd9f57c4565", "76f32c8ece5ec2367e13be3a0c88ec139af61fe10e3f5184da613eac66e41f64", "7f225129cab2e7bc786467e7df6cd8d957d659b120edce47c4e7c7a271665a8d", "826abb7232a1ea3ec121831fc37a04ae3df4ee28d30a1929c50b6ec11f528873", "93c58cd40261a3015bda9dfb65af5ad115e553ac8ebd76e287d5078ea06602de", "a1d4d68ef9b035a9aab2961d143853ee42ea4f6beebc38cab7c011e872f3e327", "b150069c817d9ebccd37871c0e950f4de4fbf57de7fd2fce7e8d7bad79e1ef28", "b33a6728ab55f1324989be01753ea744c386a12b2d7ed02ca355c402ef2cf78a", "b5e685df126b92a14c8ee400db179d4dfe468ca44acf70cafadcbd9cf9e28dd6", "c22554afd41c5a8dd43f7fa33274fb2ee104d5078097f5872cfe5936162a229c", "d005af54d6d3ee4419be7f97b04f24ccf8e662506b305f28de72975ce8d90d62", "d614aba134270161b882603d24630901d9010c26a3169a0f644dc19fdf859d53", "dbd4d22f6e11333643bc0d8983992398098a202b83c2dbef6dcb6ff9b58428d8", "e7e4143c50c7ae57b48262a9a335d64323ec44dc072db95896abfe938826a065", "eac68d2e4845bf57515d95d78c3f275f93358ea0b9f56794a4e15c7f19b3c060"], "ip": "47[.]146[.]39[.]147"}, {"hashes": ["084801c4cf563b73356ce3cf7cecf363e14aa6b826799d45793b8b4d55f7077a", "0d078ce4887d839c76f270e301e9dad954c29c615bf6c81db560065e1e255d1f", "0f960b14d165e669049b66067eb8a80e6a871accd242e573be6ad59a6e302dfb", "1629684677833e5b481244822e2196212fa296254342678cbf7d130d9c587b8d", "1d2aa6789f146f3b4ec09ab98b1914b0f1e143ea0af2eea753eb6f90388ec17e", "242a2851aeea677baafa89354920d434016f9b1de6674afffb756882b9157b2a", "25911a0992f247379adcf16ec16f4439efdaf9963ddf0e5fa482324f8ba28cc6", "3811c126dcbe238b1bef70d4856cc827b481ef17d95d25f0a106b153c8d5c99a", "3bd11c28decda8215865a98c9dd247c6717abbfe959b3bbc9739424dc730feaf", "5659a2e8e8e255fbd20dd07045407731b8a6ef8a21bb90e9eedd5aa026d4c809", "72701410ad09a499df8de99e8df448b1b7259970948b5752419720fc834e937f", "8bd4635d80e960c5178c5b57bb65ac9bfce5799efe0567208b7856ebd07b9e7a", "90345fe3aae82209d6a2a556ef7b0dfc9791134c63893427e177dfd180895af5", "974a678308a419d031feca47605d313edd0c3a65e1a20b192c7584e254a00413", "b0f574cfb2e337d638fd567e006886ecfc01de0ee7d0ab03d4c3bebd558ef125", "b515735c1032b896286b805b3f0a56ad83d66714c015e512c30e000a2d03ffd3", "cc77bb3d28fc526988de902222025de6e746a02c95954e82171840d0f301a5c1", "dc0e76d60c0f1f9d49ae74e4e9fc1dd9666942a095f7a3e4b13d4bb7de4efacd", "fe8298562bb1062f2cef62980b01159b71308ca03c923ca241c483f01ec83efa"], "ip": "200[.]24[.]255[.]23"}, {"hashes": ["084801c4cf563b73356ce3cf7cecf363e14aa6b826799d45793b8b4d55f7077a", "0d078ce4887d839c76f270e301e9dad954c29c615bf6c81db560065e1e255d1f", "0f960b14d165e669049b66067eb8a80e6a871accd242e573be6ad59a6e302dfb", "1629684677833e5b481244822e2196212fa296254342678cbf7d130d9c587b8d", "1d2aa6789f146f3b4ec09ab98b1914b0f1e143ea0af2eea753eb6f90388ec17e", "242a2851aeea677baafa89354920d434016f9b1de6674afffb756882b9157b2a", "25911a0992f247379adcf16ec16f4439efdaf9963ddf0e5fa482324f8ba28cc6", "3811c126dcbe238b1bef70d4856cc827b481ef17d95d25f0a106b153c8d5c99a", "3bd11c28decda8215865a98c9dd247c6717abbfe959b3bbc9739424dc730feaf", "5659a2e8e8e255fbd20dd07045407731b8a6ef8a21bb90e9eedd5aa026d4c809", "72701410ad09a499df8de99e8df448b1b7259970948b5752419720fc834e937f", "8bd4635d80e960c5178c5b57bb65ac9bfce5799efe0567208b7856ebd07b9e7a", "90345fe3aae82209d6a2a556ef7b0dfc9791134c63893427e177dfd180895af5", "974a678308a419d031feca47605d313edd0c3a65e1a20b192c7584e254a00413", "b0f574cfb2e337d638fd567e006886ecfc01de0ee7d0ab03d4c3bebd558ef125", "b515735c1032b896286b805b3f0a56ad83d66714c015e512c30e000a2d03ffd3", "cc77bb3d28fc526988de902222025de6e746a02c95954e82171840d0f301a5c1", "dc0e76d60c0f1f9d49ae74e4e9fc1dd9666942a095f7a3e4b13d4bb7de4efacd", "fe8298562bb1062f2cef62980b01159b71308ca03c923ca241c483f01ec83efa"], "ip": "79[.]183[.]194[.]197"}, {"hashes": ["084801c4cf563b73356ce3cf7cecf363e14aa6b826799d45793b8b4d55f7077a", "0d078ce4887d839c76f270e301e9dad954c29c615bf6c81db560065e1e255d1f", "0f960b14d165e669049b66067eb8a80e6a871accd242e573be6ad59a6e302dfb", "1629684677833e5b481244822e2196212fa296254342678cbf7d130d9c587b8d", "1d2aa6789f146f3b4ec09ab98b1914b0f1e143ea0af2eea753eb6f90388ec17e", "242a2851aeea677baafa89354920d434016f9b1de6674afffb756882b9157b2a", "25911a0992f247379adcf16ec16f4439efdaf9963ddf0e5fa482324f8ba28cc6", "3811c126dcbe238b1bef70d4856cc827b481ef17d95d25f0a106b153c8d5c99a", "3bd11c28decda8215865a98c9dd247c6717abbfe959b3bbc9739424dc730feaf", "5659a2e8e8e255fbd20dd07045407731b8a6ef8a21bb90e9eedd5aa026d4c809", "8bd4635d80e960c5178c5b57bb65ac9bfce5799efe0567208b7856ebd07b9e7a", "90345fe3aae82209d6a2a556ef7b0dfc9791134c63893427e177dfd180895af5", "974a678308a419d031feca47605d313edd0c3a65e1a20b192c7584e254a00413", "b0f574cfb2e337d638fd567e006886ecfc01de0ee7d0ab03d4c3bebd558ef125", "b515735c1032b896286b805b3f0a56ad83d66714c015e512c30e000a2d03ffd3", "cc77bb3d28fc526988de902222025de6e746a02c95954e82171840d0f301a5c1", "dc0e76d60c0f1f9d49ae74e4e9fc1dd9666942a095f7a3e4b13d4bb7de4efacd", "fe8298562bb1062f2cef62980b01159b71308ca03c923ca241c483f01ec83efa"], "ip": "111[.]67[.]12[.]222"}, {"hashes": ["084801c4cf563b73356ce3cf7cecf363e14aa6b826799d45793b8b4d55f7077a", "0d078ce4887d839c76f270e301e9dad954c29c615bf6c81db560065e1e255d1f", "0f960b14d165e669049b66067eb8a80e6a871accd242e573be6ad59a6e302dfb", "1629684677833e5b481244822e2196212fa296254342678cbf7d130d9c587b8d", "1d2aa6789f146f3b4ec09ab98b1914b0f1e143ea0af2eea753eb6f90388ec17e", "242a2851aeea677baafa89354920d434016f9b1de6674afffb756882b9157b2a", "25911a0992f247379adcf16ec16f4439efdaf9963ddf0e5fa482324f8ba28cc6", "3811c126dcbe238b1bef70d4856cc827b481ef17d95d25f0a106b153c8d5c99a", "3bd11c28decda8215865a98c9dd247c6717abbfe959b3bbc9739424dc730feaf", "5659a2e8e8e255fbd20dd07045407731b8a6ef8a21bb90e9eedd5aa026d4c809", "8bd4635d80e960c5178c5b57bb65ac9bfce5799efe0567208b7856ebd07b9e7a", "90345fe3aae82209d6a2a556ef7b0dfc9791134c63893427e177dfd180895af5", "974a678308a419d031feca47605d313edd0c3a65e1a20b192c7584e254a00413", "b0f574cfb2e337d638fd567e006886ecfc01de0ee7d0ab03d4c3bebd558ef125", "b515735c1032b896286b805b3f0a56ad83d66714c015e512c30e000a2d03ffd3", "cc77bb3d28fc526988de902222025de6e746a02c95954e82171840d0f301a5c1", "dc0e76d60c0f1f9d49ae74e4e9fc1dd9666942a095f7a3e4b13d4bb7de4efacd", "fe8298562bb1062f2cef62980b01159b71308ca03c923ca241c483f01ec83efa"], "ip": "167[.]86[.]68[.]49"}, {"hashes": ["094767acb2708b323a03f42ea6b358ee1c1bd030505b92f3e6e1db08efb4bc9d", "1d46cfee2462b31e7bbfad58ea780e09a38e700310ec1cf74bf9355c37103854", "583fa234b4d127b9ca8f1997b331a5b36baa7b96c16fe8a968c7f8bea0ea98b6", "5c812dc477901cc1d99de009c9a0f19e176a3743066b0c102e12a11df3161ce3", "5e8690ffefbe44825b5678a7470c0398edec57630635ca6837d379a8361b2bd0", "76f32c8ece5ec2367e13be3a0c88ec139af61fe10e3f5184da613eac66e41f64", "7f225129cab2e7bc786467e7df6cd8d957d659b120edce47c4e7c7a271665a8d"], "ip": "139[.]59[.]60[.]244"}, {"hashes": ["094767acb2708b323a03f42ea6b358ee1c1bd030505b92f3e6e1db08efb4bc9d", "1d46cfee2462b31e7bbfad58ea780e09a38e700310ec1cf74bf9355c37103854", "583fa234b4d127b9ca8f1997b331a5b36baa7b96c16fe8a968c7f8bea0ea98b6", "5c812dc477901cc1d99de009c9a0f19e176a3743066b0c102e12a11df3161ce3", "5e8690ffefbe44825b5678a7470c0398edec57630635ca6837d379a8361b2bd0", "76f32c8ece5ec2367e13be3a0c88ec139af61fe10e3f5184da613eac66e41f64", "7f225129cab2e7bc786467e7df6cd8d957d659b120edce47c4e7c7a271665a8d"], "ip": "80[.]158[.]59[.]174"}, {"hashes": ["094767acb2708b323a03f42ea6b358ee1c1bd030505b92f3e6e1db08efb4bc9d", "1d46cfee2462b31e7bbfad58ea780e09a38e700310ec1cf74bf9355c37103854", "583fa234b4d127b9ca8f1997b331a5b36baa7b96c16fe8a968c7f8bea0ea98b6", "5e8690ffefbe44825b5678a7470c0398edec57630635ca6837d379a8361b2bd0", "7f225129cab2e7bc786467e7df6cd8d957d659b120edce47c4e7c7a271665a8d"], "ip": "85[.]105[.]111[.]166"}, {"hashes": ["094767acb2708b323a03f42ea6b358ee1c1bd030505b92f3e6e1db08efb4bc9d", "1d46cfee2462b31e7bbfad58ea780e09a38e700310ec1cf74bf9355c37103854", "583fa234b4d127b9ca8f1997b331a5b36baa7b96c16fe8a968c7f8bea0ea98b6", "5e8690ffefbe44825b5678a7470c0398edec57630635ca6837d379a8361b2bd0"], "ip": "51[.]89[.]36[.]180"}, {"hashes": ["1d46cfee2462b31e7bbfad58ea780e09a38e700310ec1cf74bf9355c37103854", "583fa234b4d127b9ca8f1997b331a5b36baa7b96c16fe8a968c7f8bea0ea98b6", "5e8690ffefbe44825b5678a7470c0398edec57630635ca6837d379a8361b2bd0"], "ip": "64[.]207[.]182[.]168"}, {"hashes": ["1629684677833e5b481244822e2196212fa296254342678cbf7d130d9c587b8d"], "ip": "80[.]249[.]176[.]206"}, {"hashes": ["1629684677833e5b481244822e2196212fa296254342678cbf7d130d9c587b8d"], "ip": "5[.]196[.]35[.]138"}, {"hashes": ["1629684677833e5b481244822e2196212fa296254342678cbf7d130d9c587b8d"], "ip": "59[.]148[.]253[.]194"}, {"hashes": ["1629684677833e5b481244822e2196212fa296254342678cbf7d130d9c587b8d"], "ip": "94[.]23[.]62[.]116"}, {"hashes": ["c9724cec421f9ab131d9a8fa0f82b8d471379a99ea9db4dbe860e4314fd42633"], "ip": "45[.]230[.]45[.]171"}, {"hashes": ["c9724cec421f9ab131d9a8fa0f82b8d471379a99ea9db4dbe860e4314fd42633"], "ip": "178[.]62[.]254[.]156"}, {"hashes": ["c9724cec421f9ab131d9a8fa0f82b8d471379a99ea9db4dbe860e4314fd42633"], "ip": "203[.]160[.]167[.]243"}, {"hashes": ["1629684677833e5b481244822e2196212fa296254342678cbf7d130d9c587b8d"], "ip": "191[.]223[.]36[.]170"}], "mutex": [], "registry": [{"hashes": ["1629684677833e5b481244822e2196212fa296254342678cbf7d130d9c587b8d", "242a2851aeea677baafa89354920d434016f9b1de6674afffb756882b9157b2a", "25911a0992f247379adcf16ec16f4439efdaf9963ddf0e5fa482324f8ba28cc6", "5659a2e8e8e255fbd20dd07045407731b8a6ef8a21bb90e9eedd5aa026d4c809", "583fa234b4d127b9ca8f1997b331a5b36baa7b96c16fe8a968c7f8bea0ea98b6", "7350074560e1a7f5b28694d3fde012cc29f4e95f8c70e8007ff91fd9f57c4565", "c9724cec421f9ab131d9a8fa0f82b8d471379a99ea9db4dbe860e4314fd42633"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\<random, matching '[A-Z0-9]{8}'>", "value_name": null}, {"hashes": ["1629684677833e5b481244822e2196212fa296254342678cbf7d130d9c587b8d", "242a2851aeea677baafa89354920d434016f9b1de6674afffb756882b9157b2a", "25911a0992f247379adcf16ec16f4439efdaf9963ddf0e5fa482324f8ba28cc6", "5659a2e8e8e255fbd20dd07045407731b8a6ef8a21bb90e9eedd5aa026d4c809", "583fa234b4d127b9ca8f1997b331a5b36baa7b96c16fe8a968c7f8bea0ea98b6", "7350074560e1a7f5b28694d3fde012cc29f4e95f8c70e8007ff91fd9f57c4565", "c9724cec421f9ab131d9a8fa0f82b8d471379a99ea9db4dbe860e4314fd42633"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\<random, matching '[A-Z0-9]{8}'>", "value_name": "Type"}, {"hashes": ["1629684677833e5b481244822e2196212fa296254342678cbf7d130d9c587b8d", "242a2851aeea677baafa89354920d434016f9b1de6674afffb756882b9157b2a", "25911a0992f247379adcf16ec16f4439efdaf9963ddf0e5fa482324f8ba28cc6", "5659a2e8e8e255fbd20dd07045407731b8a6ef8a21bb90e9eedd5aa026d4c809", "583fa234b4d127b9ca8f1997b331a5b36baa7b96c16fe8a968c7f8bea0ea98b6", "7350074560e1a7f5b28694d3fde012cc29f4e95f8c70e8007ff91fd9f57c4565", "c9724cec421f9ab131d9a8fa0f82b8d471379a99ea9db4dbe860e4314fd42633"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\<random, matching '[A-Z0-9]{8}'>", "value_name": "Start"}, {"hashes": ["1629684677833e5b481244822e2196212fa296254342678cbf7d130d9c587b8d", "242a2851aeea677baafa89354920d434016f9b1de6674afffb756882b9157b2a", "25911a0992f247379adcf16ec16f4439efdaf9963ddf0e5fa482324f8ba28cc6", "5659a2e8e8e255fbd20dd07045407731b8a6ef8a21bb90e9eedd5aa026d4c809", "583fa234b4d127b9ca8f1997b331a5b36baa7b96c16fe8a968c7f8bea0ea98b6", "7350074560e1a7f5b28694d3fde012cc29f4e95f8c70e8007ff91fd9f57c4565", "c9724cec421f9ab131d9a8fa0f82b8d471379a99ea9db4dbe860e4314fd42633"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\<random, matching '[A-Z0-9]{8}'>", "value_name": "ErrorControl"}, {"hashes": ["1629684677833e5b481244822e2196212fa296254342678cbf7d130d9c587b8d", "242a2851aeea677baafa89354920d434016f9b1de6674afffb756882b9157b2a", "25911a0992f247379adcf16ec16f4439efdaf9963ddf0e5fa482324f8ba28cc6", "5659a2e8e8e255fbd20dd07045407731b8a6ef8a21bb90e9eedd5aa026d4c809", "583fa234b4d127b9ca8f1997b331a5b36baa7b96c16fe8a968c7f8bea0ea98b6", "7350074560e1a7f5b28694d3fde012cc29f4e95f8c70e8007ff91fd9f57c4565", "c9724cec421f9ab131d9a8fa0f82b8d471379a99ea9db4dbe860e4314fd42633"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\<random, matching '[A-Z0-9]{8}'>", "value_name": "ImagePath"}, {"hashes": ["1629684677833e5b481244822e2196212fa296254342678cbf7d130d9c587b8d", "242a2851aeea677baafa89354920d434016f9b1de6674afffb756882b9157b2a", "25911a0992f247379adcf16ec16f4439efdaf9963ddf0e5fa482324f8ba28cc6", "5659a2e8e8e255fbd20dd07045407731b8a6ef8a21bb90e9eedd5aa026d4c809", "583fa234b4d127b9ca8f1997b331a5b36baa7b96c16fe8a968c7f8bea0ea98b6", "7350074560e1a7f5b28694d3fde012cc29f4e95f8c70e8007ff91fd9f57c4565", "c9724cec421f9ab131d9a8fa0f82b8d471379a99ea9db4dbe860e4314fd42633"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\<random, matching '[A-Z0-9]{8}'>", "value_name": "DisplayName"}, {"hashes": ["1629684677833e5b481244822e2196212fa296254342678cbf7d130d9c587b8d", "242a2851aeea677baafa89354920d434016f9b1de6674afffb756882b9157b2a", "25911a0992f247379adcf16ec16f4439efdaf9963ddf0e5fa482324f8ba28cc6", "5659a2e8e8e255fbd20dd07045407731b8a6ef8a21bb90e9eedd5aa026d4c809", "583fa234b4d127b9ca8f1997b331a5b36baa7b96c16fe8a968c7f8bea0ea98b6", "7350074560e1a7f5b28694d3fde012cc29f4e95f8c70e8007ff91fd9f57c4565", "c9724cec421f9ab131d9a8fa0f82b8d471379a99ea9db4dbe860e4314fd42633"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\<random, matching '[A-Z0-9]{8}'>", "value_name": "WOW64"}, {"hashes": ["1629684677833e5b481244822e2196212fa296254342678cbf7d130d9c587b8d", "242a2851aeea677baafa89354920d434016f9b1de6674afffb756882b9157b2a", "25911a0992f247379adcf16ec16f4439efdaf9963ddf0e5fa482324f8ba28cc6", "5659a2e8e8e255fbd20dd07045407731b8a6ef8a21bb90e9eedd5aa026d4c809", "583fa234b4d127b9ca8f1997b331a5b36baa7b96c16fe8a968c7f8bea0ea98b6", "7350074560e1a7f5b28694d3fde012cc29f4e95f8c70e8007ff91fd9f57c4565", "c9724cec421f9ab131d9a8fa0f82b8d471379a99ea9db4dbe860e4314fd42633"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\<random, matching '[A-Z0-9]{8}'>", "value_name": "ObjectName"}, {"hashes": ["1629684677833e5b481244822e2196212fa296254342678cbf7d130d9c587b8d", "242a2851aeea677baafa89354920d434016f9b1de6674afffb756882b9157b2a", "25911a0992f247379adcf16ec16f4439efdaf9963ddf0e5fa482324f8ba28cc6", "5659a2e8e8e255fbd20dd07045407731b8a6ef8a21bb90e9eedd5aa026d4c809", "583fa234b4d127b9ca8f1997b331a5b36baa7b96c16fe8a968c7f8bea0ea98b6", "7350074560e1a7f5b28694d3fde012cc29f4e95f8c70e8007ff91fd9f57c4565", "c9724cec421f9ab131d9a8fa0f82b8d471379a99ea9db4dbe860e4314fd42633"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\<random, matching '[A-Z0-9]{8}'>", "value_name": "Description"}, {"hashes": ["fe8298562bb1062f2cef62980b01159b71308ca03c923ca241c483f01ec83efa"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\TLSCSP", "value_name": "ImagePath"}, {"hashes": ["eac68d2e4845bf57515d95d78c3f275f93358ea0b9f56794a4e15c7f19b3c060"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\DEVICEUXRES", "value_name": "ImagePath"}, {"hashes": ["72701410ad09a499df8de99e8df448b1b7259970948b5752419720fc834e937f"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\TDH", "value_name": "ImagePath"}, {"hashes": ["fe8298562bb1062f2cef62980b01159b71308ca03c923ca241c483f01ec83efa"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\TLSCSP", "value_name": "Description"}, {"hashes": ["b0f574cfb2e337d638fd567e006886ecfc01de0ee7d0ab03d4c3bebd558ef125"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\SC", "value_name": "ImagePath"}, {"hashes": ["1d2aa6789f146f3b4ec09ab98b1914b0f1e143ea0af2eea753eb6f90388ec17e"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\ACLEDIT", "value_name": "ImagePath"}, {"hashes": ["0f960b14d165e669049b66067eb8a80e6a871accd242e573be6ad59a6e302dfb"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\GPAPI", "value_name": "Description"}, {"hashes": ["560feb54dc61956c26405f1bc0ead724fe7dbcfe310b0af41ac67edcbe3cdb18"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\PROPSYS", "value_name": "Description"}, {"hashes": ["a1d4d68ef9b035a9aab2961d143853ee42ea4f6beebc38cab7c011e872f3e327"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\MFC100ESN", "value_name": "Description"}, {"hashes": ["d614aba134270161b882603d24630901d9010c26a3169a0f644dc19fdf859d53"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\MFPMP", "value_name": "ImagePath"}, {"hashes": ["d614aba134270161b882603d24630901d9010c26a3169a0f644dc19fdf859d53"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\MFPMP", "value_name": "Description"}, {"hashes": ["d005af54d6d3ee4419be7f97b04f24ccf8e662506b305f28de72975ce8d90d62"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\CAPIPROVIDER", "value_name": "Description"}, {"hashes": ["5e8690ffefbe44825b5678a7470c0398edec57630635ca6837d379a8361b2bd0"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\RASSER", "value_name": "Description"}, {"hashes": ["0d078ce4887d839c76f270e301e9dad954c29c615bf6c81db560065e1e255d1f"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\SFC", "value_name": "Description"}, {"hashes": ["3bd11c28decda8215865a98c9dd247c6717abbfe959b3bbc9739424dc730feaf"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\PSR", "value_name": "ImagePath"}, {"hashes": ["8bd4635d80e960c5178c5b57bb65ac9bfce5799efe0567208b7856ebd07b9e7a"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\MCICDA", "value_name": "ImagePath"}, {"hashes": ["8bd4635d80e960c5178c5b57bb65ac9bfce5799efe0567208b7856ebd07b9e7a"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\MCICDA", "value_name": "Description"}, {"hashes": ["974a678308a419d031feca47605d313edd0c3a65e1a20b192c7584e254a00413"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\KBDAL", "value_name": "Description"}, {"hashes": ["90345fe3aae82209d6a2a556ef7b0dfc9791134c63893427e177dfd180895af5"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\NDFHCDISCOVERY", "value_name": "ImagePath"}, {"hashes": ["90345fe3aae82209d6a2a556ef7b0dfc9791134c63893427e177dfd180895af5"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\NDFHCDISCOVERY", "value_name": "Description"}, {"hashes": ["1d2aa6789f146f3b4ec09ab98b1914b0f1e143ea0af2eea753eb6f90388ec17e"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\ACLEDIT", "value_name": "Description"}, {"hashes": ["b515735c1032b896286b805b3f0a56ad83d66714c015e512c30e000a2d03ffd3"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\IASSDO", "value_name": "ImagePath"}, {"hashes": ["b515735c1032b896286b805b3f0a56ad83d66714c015e512c30e000a2d03ffd3"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\IASSDO", "value_name": "Description"}, {"hashes": ["094767acb2708b323a03f42ea6b358ee1c1bd030505b92f3e6e1db08efb4bc9d"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\RMACTIVATE_SSP_ISV", "value_name": "Description"}, {"hashes": ["1d46cfee2462b31e7bbfad58ea780e09a38e700310ec1cf74bf9355c37103854"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WINSYNCPROVIDERS", "value_name": "Description"}, {"hashes": ["826abb7232a1ea3ec121831fc37a04ae3df4ee28d30a1929c50b6ec11f528873"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\MSMPEG2ENC", "value_name": "ImagePath"}, {"hashes": ["7f225129cab2e7bc786467e7df6cd8d957d659b120edce47c4e7c7a271665a8d"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\JSCRIPT", "value_name": "ImagePath"}, {"hashes": ["826abb7232a1ea3ec121831fc37a04ae3df4ee28d30a1929c50b6ec11f528873"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\MSMPEG2ENC", "value_name": "Description"}, {"hashes": ["7f225129cab2e7bc786467e7df6cd8d957d659b120edce47c4e7c7a271665a8d"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\JSCRIPT", "value_name": "Description"}, {"hashes": ["a1d4d68ef9b035a9aab2961d143853ee42ea4f6beebc38cab7c011e872f3e327"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\MFC100ESN", "value_name": "ImagePath"}, {"hashes": ["b5e685df126b92a14c8ee400db179d4dfe468ca44acf70cafadcbd9cf9e28dd6"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\API-MS-WIN-CORE-SYNCH-L1-2-0", "value_name": "ImagePath"}, {"hashes": ["eac68d2e4845bf57515d95d78c3f275f93358ea0b9f56794a4e15c7f19b3c060"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\DEVICEUXRES", "value_name": "Description"}, {"hashes": ["0a4bb6ea70ba3ba6c5fd41e585678163fe523ff82ef6b4b4d136e65d2e21727f"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\MCBUILDER", "value_name": "ImagePath"}, {"hashes": ["0a4bb6ea70ba3ba6c5fd41e585678163fe523ff82ef6b4b4d136e65d2e21727f"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\MCBUILDER", "value_name": "Description"}, {"hashes": ["b150069c817d9ebccd37871c0e950f4de4fbf57de7fd2fce7e8d7bad79e1ef28"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\RASPPP", "value_name": "Description"}, {"hashes": ["d005af54d6d3ee4419be7f97b04f24ccf8e662506b305f28de72975ce8d90d62"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\CAPIPROVIDER", "value_name": "ImagePath"}, {"hashes": ["c22554afd41c5a8dd43f7fa33274fb2ee104d5078097f5872cfe5936162a229c"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WHOAMI", "value_name": "Description"}, {"hashes": ["b33a6728ab55f1324989be01753ea744c386a12b2d7ed02ca355c402ef2cf78a"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\OLE32", "value_name": "ImagePath"}, {"hashes": ["dbd4d22f6e11333643bc0d8983992398098a202b83c2dbef6dcb6ff9b58428d8"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WINSYNC", "value_name": "ImagePath"}, {"hashes": ["93c58cd40261a3015bda9dfb65af5ad115e553ac8ebd76e287d5078ea06602de"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\DSOUND", "value_name": "ImagePath"}, {"hashes": ["93c58cd40261a3015bda9dfb65af5ad115e553ac8ebd76e287d5078ea06602de"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\DSOUND", "value_name": "Description"}]}, "reports_count": 42}, "Win.Dropper.HawkEye-9829906-0": {"bis": [{"bi": "pe-encrypted-section", "hashes": ["49e0b254917c1518a0854f3529590b6115f88f0725cb33467419578e47e2a654", "d6c6148d576f451d9c6ecba42e300fe1d4f7e3e65fd1c8f1b2ef48faa9af434c", "b4046a54de2f089e8172bb52c101240c9f490614c1e1c320372172d3924c2cb0", "a3236e4c3f0ac23b292f0cceeb913b661450d7c536ef3f020c73ff6730e5cd3a", "313c12302aac0dce682c608bbb87a98efb585426990eddab37e62a929ea44578", "7cac741b38d55555e63146cffa0c956f0f165eb93c1cd5c253c0de50b80362bc", "be1e3e037b53b4f9c853d37cf2a79d8fa89179725a46be354255bc1602f359dc", "44442d389918ebef5f69c3634971264ad26ff76a0097aee8731edde514ab5f57", "7de1810e9c0d7564931512e160ec1062bf90aa0a98b6d0a5c0eac1c5236f3b01", "c2ecaeab377bd2f93c99d27bd1da11c6897312749bc776366f69955355f2e884", "0cc60a001470ecabe85754beef0d07b78de1641c51c3a03d65942f7cc891a501", "e8e395b302dac690def9b44f64ca83ef9948255a86331f17fe7a9e28754efc39", "afda91d465139982f8514db180b72f43d716ac44d7740562b9ad243754ccc2e3", "70856dcd88760e632c1179f1a8c6707706c99aaf89c0e68ba91590be17f6da83", "381c0a759f77e6d6b710763f119c4baf8dd17770da0459596194b0db024d25e5", "d0b64ff06449f7fac769b89927ee07af5e08293f97b4313a993d475efef93d37", "0efa1987ea81b609603370f16303c9432a17389a6ae6ad35f39db8155492cefe"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "memory-execute-readwrite", "hashes": ["49e0b254917c1518a0854f3529590b6115f88f0725cb33467419578e47e2a654", "d6c6148d576f451d9c6ecba42e300fe1d4f7e3e65fd1c8f1b2ef48faa9af434c", "b4046a54de2f089e8172bb52c101240c9f490614c1e1c320372172d3924c2cb0", "a3236e4c3f0ac23b292f0cceeb913b661450d7c536ef3f020c73ff6730e5cd3a", "313c12302aac0dce682c608bbb87a98efb585426990eddab37e62a929ea44578", "7cac741b38d55555e63146cffa0c956f0f165eb93c1cd5c253c0de50b80362bc", "be1e3e037b53b4f9c853d37cf2a79d8fa89179725a46be354255bc1602f359dc", "44442d389918ebef5f69c3634971264ad26ff76a0097aee8731edde514ab5f57", "7de1810e9c0d7564931512e160ec1062bf90aa0a98b6d0a5c0eac1c5236f3b01", "c2ecaeab377bd2f93c99d27bd1da11c6897312749bc776366f69955355f2e884", "0cc60a001470ecabe85754beef0d07b78de1641c51c3a03d65942f7cc891a501", "e8e395b302dac690def9b44f64ca83ef9948255a86331f17fe7a9e28754efc39", "afda91d465139982f8514db180b72f43d716ac44d7740562b9ad243754ccc2e3", "70856dcd88760e632c1179f1a8c6707706c99aaf89c0e68ba91590be17f6da83", "381c0a759f77e6d6b710763f119c4baf8dd17770da0459596194b0db024d25e5", "d0b64ff06449f7fac769b89927ee07af5e08293f97b4313a993d475efef93d37", "0efa1987ea81b609603370f16303c9432a17389a6ae6ad35f39db8155492cefe"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["49e0b254917c1518a0854f3529590b6115f88f0725cb33467419578e47e2a654", "d6c6148d576f451d9c6ecba42e300fe1d4f7e3e65fd1c8f1b2ef48faa9af434c", "b4046a54de2f089e8172bb52c101240c9f490614c1e1c320372172d3924c2cb0", "a3236e4c3f0ac23b292f0cceeb913b661450d7c536ef3f020c73ff6730e5cd3a", "313c12302aac0dce682c608bbb87a98efb585426990eddab37e62a929ea44578", "7cac741b38d55555e63146cffa0c956f0f165eb93c1cd5c253c0de50b80362bc", "be1e3e037b53b4f9c853d37cf2a79d8fa89179725a46be354255bc1602f359dc", "44442d389918ebef5f69c3634971264ad26ff76a0097aee8731edde514ab5f57", "7de1810e9c0d7564931512e160ec1062bf90aa0a98b6d0a5c0eac1c5236f3b01", "c2ecaeab377bd2f93c99d27bd1da11c6897312749bc776366f69955355f2e884", "0cc60a001470ecabe85754beef0d07b78de1641c51c3a03d65942f7cc891a501", "e8e395b302dac690def9b44f64ca83ef9948255a86331f17fe7a9e28754efc39", "afda91d465139982f8514db180b72f43d716ac44d7740562b9ad243754ccc2e3", "70856dcd88760e632c1179f1a8c6707706c99aaf89c0e68ba91590be17f6da83", "381c0a759f77e6d6b710763f119c4baf8dd17770da0459596194b0db024d25e5", "d0b64ff06449f7fac769b89927ee07af5e08293f97b4313a993d475efef93d37", "0efa1987ea81b609603370f16303c9432a17389a6ae6ad35f39db8155492cefe"], "mitre_attack_tags": []}, {"bi": "cta-static-analyzer-malicious", "hashes": ["49e0b254917c1518a0854f3529590b6115f88f0725cb33467419578e47e2a654", "d6c6148d576f451d9c6ecba42e300fe1d4f7e3e65fd1c8f1b2ef48faa9af434c", "b4046a54de2f089e8172bb52c101240c9f490614c1e1c320372172d3924c2cb0", "a3236e4c3f0ac23b292f0cceeb913b661450d7c536ef3f020c73ff6730e5cd3a", "313c12302aac0dce682c608bbb87a98efb585426990eddab37e62a929ea44578", "7cac741b38d55555e63146cffa0c956f0f165eb93c1cd5c253c0de50b80362bc", "be1e3e037b53b4f9c853d37cf2a79d8fa89179725a46be354255bc1602f359dc", "44442d389918ebef5f69c3634971264ad26ff76a0097aee8731edde514ab5f57", "7de1810e9c0d7564931512e160ec1062bf90aa0a98b6d0a5c0eac1c5236f3b01", "c2ecaeab377bd2f93c99d27bd1da11c6897312749bc776366f69955355f2e884", "0cc60a001470ecabe85754beef0d07b78de1641c51c3a03d65942f7cc891a501", "e8e395b302dac690def9b44f64ca83ef9948255a86331f17fe7a9e28754efc39", "afda91d465139982f8514db180b72f43d716ac44d7740562b9ad243754ccc2e3", "70856dcd88760e632c1179f1a8c6707706c99aaf89c0e68ba91590be17f6da83", "381c0a759f77e6d6b710763f119c4baf8dd17770da0459596194b0db024d25e5", "d0b64ff06449f7fac769b89927ee07af5e08293f97b4313a993d475efef93d37", "0efa1987ea81b609603370f16303c9432a17389a6ae6ad35f39db8155492cefe"], "mitre_attack_tags": []}, {"bi": "pe-uses-visual-basic", "hashes": ["49e0b254917c1518a0854f3529590b6115f88f0725cb33467419578e47e2a654", "d6c6148d576f451d9c6ecba42e300fe1d4f7e3e65fd1c8f1b2ef48faa9af434c", "b4046a54de2f089e8172bb52c101240c9f490614c1e1c320372172d3924c2cb0", "a3236e4c3f0ac23b292f0cceeb913b661450d7c536ef3f020c73ff6730e5cd3a", "313c12302aac0dce682c608bbb87a98efb585426990eddab37e62a929ea44578", "7cac741b38d55555e63146cffa0c956f0f165eb93c1cd5c253c0de50b80362bc", "be1e3e037b53b4f9c853d37cf2a79d8fa89179725a46be354255bc1602f359dc", "44442d389918ebef5f69c3634971264ad26ff76a0097aee8731edde514ab5f57", "7de1810e9c0d7564931512e160ec1062bf90aa0a98b6d0a5c0eac1c5236f3b01", "c2ecaeab377bd2f93c99d27bd1da11c6897312749bc776366f69955355f2e884", "0cc60a001470ecabe85754beef0d07b78de1641c51c3a03d65942f7cc891a501", "e8e395b302dac690def9b44f64ca83ef9948255a86331f17fe7a9e28754efc39", "afda91d465139982f8514db180b72f43d716ac44d7740562b9ad243754ccc2e3", "70856dcd88760e632c1179f1a8c6707706c99aaf89c0e68ba91590be17f6da83", "381c0a759f77e6d6b710763f119c4baf8dd17770da0459596194b0db024d25e5", "d0b64ff06449f7fac769b89927ee07af5e08293f97b4313a993d475efef93d37", "0efa1987ea81b609603370f16303c9432a17389a6ae6ad35f39db8155492cefe"], "mitre_attack_tags": []}, {"bi": "pe-invalid-checksum", "hashes": ["49e0b254917c1518a0854f3529590b6115f88f0725cb33467419578e47e2a654", "b4046a54de2f089e8172bb52c101240c9f490614c1e1c320372172d3924c2cb0", "a3236e4c3f0ac23b292f0cceeb913b661450d7c536ef3f020c73ff6730e5cd3a", "313c12302aac0dce682c608bbb87a98efb585426990eddab37e62a929ea44578", "7cac741b38d55555e63146cffa0c956f0f165eb93c1cd5c253c0de50b80362bc", "be1e3e037b53b4f9c853d37cf2a79d8fa89179725a46be354255bc1602f359dc", "44442d389918ebef5f69c3634971264ad26ff76a0097aee8731edde514ab5f57", "7de1810e9c0d7564931512e160ec1062bf90aa0a98b6d0a5c0eac1c5236f3b01", "c2ecaeab377bd2f93c99d27bd1da11c6897312749bc776366f69955355f2e884", "0cc60a001470ecabe85754beef0d07b78de1641c51c3a03d65942f7cc891a501", "e8e395b302dac690def9b44f64ca83ef9948255a86331f17fe7a9e28754efc39", "afda91d465139982f8514db180b72f43d716ac44d7740562b9ad243754ccc2e3", "70856dcd88760e632c1179f1a8c6707706c99aaf89c0e68ba91590be17f6da83", "381c0a759f77e6d6b710763f119c4baf8dd17770da0459596194b0db024d25e5", "d0b64ff06449f7fac769b89927ee07af5e08293f97b4313a993d475efef93d37", "0efa1987ea81b609603370f16303c9432a17389a6ae6ad35f39db8155492cefe"], "mitre_attack_tags": []}, {"bi": "excessive-foreign-memory-modification", "hashes": ["49e0b254917c1518a0854f3529590b6115f88f0725cb33467419578e47e2a654", "d6c6148d576f451d9c6ecba42e300fe1d4f7e3e65fd1c8f1b2ef48faa9af434c", "a3236e4c3f0ac23b292f0cceeb913b661450d7c536ef3f020c73ff6730e5cd3a", "313c12302aac0dce682c608bbb87a98efb585426990eddab37e62a929ea44578", "7cac741b38d55555e63146cffa0c956f0f165eb93c1cd5c253c0de50b80362bc", "be1e3e037b53b4f9c853d37cf2a79d8fa89179725a46be354255bc1602f359dc", "44442d389918ebef5f69c3634971264ad26ff76a0097aee8731edde514ab5f57", "7de1810e9c0d7564931512e160ec1062bf90aa0a98b6d0a5c0eac1c5236f3b01", "c2ecaeab377bd2f93c99d27bd1da11c6897312749bc776366f69955355f2e884", "0cc60a001470ecabe85754beef0d07b78de1641c51c3a03d65942f7cc891a501", "e8e395b302dac690def9b44f64ca83ef9948255a86331f17fe7a9e28754efc39", "afda91d465139982f8514db180b72f43d716ac44d7740562b9ad243754ccc2e3", "70856dcd88760e632c1179f1a8c6707706c99aaf89c0e68ba91590be17f6da83", "381c0a759f77e6d6b710763f119c4baf8dd17770da0459596194b0db024d25e5", "d0b64ff06449f7fac769b89927ee07af5e08293f97b4313a993d475efef93d37", "0efa1987ea81b609603370f16303c9432a17389a6ae6ad35f39db8155492cefe"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "sample-launched-copy-of-self", "hashes": ["49e0b254917c1518a0854f3529590b6115f88f0725cb33467419578e47e2a654", "d6c6148d576f451d9c6ecba42e300fe1d4f7e3e65fd1c8f1b2ef48faa9af434c", "a3236e4c3f0ac23b292f0cceeb913b661450d7c536ef3f020c73ff6730e5cd3a", "313c12302aac0dce682c608bbb87a98efb585426990eddab37e62a929ea44578", "7cac741b38d55555e63146cffa0c956f0f165eb93c1cd5c253c0de50b80362bc", "be1e3e037b53b4f9c853d37cf2a79d8fa89179725a46be354255bc1602f359dc", "44442d389918ebef5f69c3634971264ad26ff76a0097aee8731edde514ab5f57", "7de1810e9c0d7564931512e160ec1062bf90aa0a98b6d0a5c0eac1c5236f3b01", "c2ecaeab377bd2f93c99d27bd1da11c6897312749bc776366f69955355f2e884", "0cc60a001470ecabe85754beef0d07b78de1641c51c3a03d65942f7cc891a501", "e8e395b302dac690def9b44f64ca83ef9948255a86331f17fe7a9e28754efc39", "afda91d465139982f8514db180b72f43d716ac44d7740562b9ad243754ccc2e3", "70856dcd88760e632c1179f1a8c6707706c99aaf89c0e68ba91590be17f6da83", "381c0a759f77e6d6b710763f119c4baf8dd17770da0459596194b0db024d25e5", "d0b64ff06449f7fac769b89927ee07af5e08293f97b4313a993d475efef93d37", "0efa1987ea81b609603370f16303c9432a17389a6ae6ad35f39db8155492cefe"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "modified-file-in-user-dir", "hashes": ["d6c6148d576f451d9c6ecba42e300fe1d4f7e3e65fd1c8f1b2ef48faa9af434c", "b4046a54de2f089e8172bb52c101240c9f490614c1e1c320372172d3924c2cb0", "a3236e4c3f0ac23b292f0cceeb913b661450d7c536ef3f020c73ff6730e5cd3a", "313c12302aac0dce682c608bbb87a98efb585426990eddab37e62a929ea44578", "7cac741b38d55555e63146cffa0c956f0f165eb93c1cd5c253c0de50b80362bc", "be1e3e037b53b4f9c853d37cf2a79d8fa89179725a46be354255bc1602f359dc", "44442d389918ebef5f69c3634971264ad26ff76a0097aee8731edde514ab5f57", "7de1810e9c0d7564931512e160ec1062bf90aa0a98b6d0a5c0eac1c5236f3b01", "c2ecaeab377bd2f93c99d27bd1da11c6897312749bc776366f69955355f2e884", "0cc60a001470ecabe85754beef0d07b78de1641c51c3a03d65942f7cc891a501", "e8e395b302dac690def9b44f64ca83ef9948255a86331f17fe7a9e28754efc39", "afda91d465139982f8514db180b72f43d716ac44d7740562b9ad243754ccc2e3", "70856dcd88760e632c1179f1a8c6707706c99aaf89c0e68ba91590be17f6da83", "381c0a759f77e6d6b710763f119c4baf8dd17770da0459596194b0db024d25e5", "d0b64ff06449f7fac769b89927ee07af5e08293f97b4313a993d475efef93d37"], "mitre_attack_tags": []}, {"bi": "enumeration-email-program-information", "hashes": ["d6c6148d576f451d9c6ecba42e300fe1d4f7e3e65fd1c8f1b2ef48faa9af434c", "a3236e4c3f0ac23b292f0cceeb913b661450d7c536ef3f020c73ff6730e5cd3a", "313c12302aac0dce682c608bbb87a98efb585426990eddab37e62a929ea44578", "7cac741b38d55555e63146cffa0c956f0f165eb93c1cd5c253c0de50b80362bc", "be1e3e037b53b4f9c853d37cf2a79d8fa89179725a46be354255bc1602f359dc", "44442d389918ebef5f69c3634971264ad26ff76a0097aee8731edde514ab5f57", "7de1810e9c0d7564931512e160ec1062bf90aa0a98b6d0a5c0eac1c5236f3b01", "c2ecaeab377bd2f93c99d27bd1da11c6897312749bc776366f69955355f2e884", "0cc60a001470ecabe85754beef0d07b78de1641c51c3a03d65942f7cc891a501", "e8e395b302dac690def9b44f64ca83ef9948255a86331f17fe7a9e28754efc39", "afda91d465139982f8514db180b72f43d716ac44d7740562b9ad243754ccc2e3", "70856dcd88760e632c1179f1a8c6707706c99aaf89c0e68ba91590be17f6da83", "381c0a759f77e6d6b710763f119c4baf8dd17770da0459596194b0db024d25e5", "d0b64ff06449f7fac769b89927ee07af5e08293f97b4313a993d475efef93d37"], "mitre_attack_tags": ["TA0007", "TA0009", "TA0006", "T1083", "T1005", "T1119", "T1114", "T1552"]}, {"bi": "imports-IsDebuggerPresent", "hashes": ["49e0b254917c1518a0854f3529590b6115f88f0725cb33467419578e47e2a654", "a3236e4c3f0ac23b292f0cceeb913b661450d7c536ef3f020c73ff6730e5cd3a", "7cac741b38d55555e63146cffa0c956f0f165eb93c1cd5c253c0de50b80362bc", "be1e3e037b53b4f9c853d37cf2a79d8fa89179725a46be354255bc1602f359dc", "44442d389918ebef5f69c3634971264ad26ff76a0097aee8731edde514ab5f57", "7de1810e9c0d7564931512e160ec1062bf90aa0a98b6d0a5c0eac1c5236f3b01", "c2ecaeab377bd2f93c99d27bd1da11c6897312749bc776366f69955355f2e884", "0cc60a001470ecabe85754beef0d07b78de1641c51c3a03d65942f7cc891a501", "e8e395b302dac690def9b44f64ca83ef9948255a86331f17fe7a9e28754efc39", "afda91d465139982f8514db180b72f43d716ac44d7740562b9ad243754ccc2e3", "70856dcd88760e632c1179f1a8c6707706c99aaf89c0e68ba91590be17f6da83", "381c0a759f77e6d6b710763f119c4baf8dd17770da0459596194b0db024d25e5", "d0b64ff06449f7fac769b89927ee07af5e08293f97b4313a993d475efef93d37"], "mitre_attack_tags": []}, {"bi": "pe-imports-toolhelp", "hashes": ["49e0b254917c1518a0854f3529590b6115f88f0725cb33467419578e47e2a654", "a3236e4c3f0ac23b292f0cceeb913b661450d7c536ef3f020c73ff6730e5cd3a", "7cac741b38d55555e63146cffa0c956f0f165eb93c1cd5c253c0de50b80362bc", "be1e3e037b53b4f9c853d37cf2a79d8fa89179725a46be354255bc1602f359dc", "44442d389918ebef5f69c3634971264ad26ff76a0097aee8731edde514ab5f57", "7de1810e9c0d7564931512e160ec1062bf90aa0a98b6d0a5c0eac1c5236f3b01", "c2ecaeab377bd2f93c99d27bd1da11c6897312749bc776366f69955355f2e884", "0cc60a001470ecabe85754beef0d07b78de1641c51c3a03d65942f7cc891a501", "e8e395b302dac690def9b44f64ca83ef9948255a86331f17fe7a9e28754efc39", "afda91d465139982f8514db180b72f43d716ac44d7740562b9ad243754ccc2e3", "70856dcd88760e632c1179f1a8c6707706c99aaf89c0e68ba91590be17f6da83", "381c0a759f77e6d6b710763f119c4baf8dd17770da0459596194b0db024d25e5", "d0b64ff06449f7fac769b89927ee07af5e08293f97b4313a993d475efef93d37"], "mitre_attack_tags": ["TA0007", "T1057"]}, {"bi": "modified-executable", "hashes": ["d6c6148d576f451d9c6ecba42e300fe1d4f7e3e65fd1c8f1b2ef48faa9af434c", "a3236e4c3f0ac23b292f0cceeb913b661450d7c536ef3f020c73ff6730e5cd3a", "7cac741b38d55555e63146cffa0c956f0f165eb93c1cd5c253c0de50b80362bc", "be1e3e037b53b4f9c853d37cf2a79d8fa89179725a46be354255bc1602f359dc", "44442d389918ebef5f69c3634971264ad26ff76a0097aee8731edde514ab5f57", "7de1810e9c0d7564931512e160ec1062bf90aa0a98b6d0a5c0eac1c5236f3b01", "c2ecaeab377bd2f93c99d27bd1da11c6897312749bc776366f69955355f2e884", "0cc60a001470ecabe85754beef0d07b78de1641c51c3a03d65942f7cc891a501", "e8e395b302dac690def9b44f64ca83ef9948255a86331f17fe7a9e28754efc39", "afda91d465139982f8514db180b72f43d716ac44d7740562b9ad243754ccc2e3", "70856dcd88760e632c1179f1a8c6707706c99aaf89c0e68ba91590be17f6da83", "381c0a759f77e6d6b710763f119c4baf8dd17770da0459596194b0db024d25e5", "d0b64ff06449f7fac769b89927ee07af5e08293f97b4313a993d475efef93d37"], "mitre_attack_tags": []}, {"bi": "network-fast-flux-domain", "hashes": ["a3236e4c3f0ac23b292f0cceeb913b661450d7c536ef3f020c73ff6730e5cd3a", "313c12302aac0dce682c608bbb87a98efb585426990eddab37e62a929ea44578", "7cac741b38d55555e63146cffa0c956f0f165eb93c1cd5c253c0de50b80362bc", "be1e3e037b53b4f9c853d37cf2a79d8fa89179725a46be354255bc1602f359dc", "44442d389918ebef5f69c3634971264ad26ff76a0097aee8731edde514ab5f57", "7de1810e9c0d7564931512e160ec1062bf90aa0a98b6d0a5c0eac1c5236f3b01", "c2ecaeab377bd2f93c99d27bd1da11c6897312749bc776366f69955355f2e884", "0cc60a001470ecabe85754beef0d07b78de1641c51c3a03d65942f7cc891a501", "e8e395b302dac690def9b44f64ca83ef9948255a86331f17fe7a9e28754efc39", "afda91d465139982f8514db180b72f43d716ac44d7740562b9ad243754ccc2e3", "70856dcd88760e632c1179f1a8c6707706c99aaf89c0e68ba91590be17f6da83", "381c0a759f77e6d6b710763f119c4baf8dd17770da0459596194b0db024d25e5", "d0b64ff06449f7fac769b89927ee07af5e08293f97b4313a993d475efef93d37"], "mitre_attack_tags": []}, {"bi": "network-communications-http-get", "hashes": ["a3236e4c3f0ac23b292f0cceeb913b661450d7c536ef3f020c73ff6730e5cd3a", "313c12302aac0dce682c608bbb87a98efb585426990eddab37e62a929ea44578", "7cac741b38d55555e63146cffa0c956f0f165eb93c1cd5c253c0de50b80362bc", "be1e3e037b53b4f9c853d37cf2a79d8fa89179725a46be354255bc1602f359dc", "44442d389918ebef5f69c3634971264ad26ff76a0097aee8731edde514ab5f57", "7de1810e9c0d7564931512e160ec1062bf90aa0a98b6d0a5c0eac1c5236f3b01", "c2ecaeab377bd2f93c99d27bd1da11c6897312749bc776366f69955355f2e884", "0cc60a001470ecabe85754beef0d07b78de1641c51c3a03d65942f7cc891a501", "e8e395b302dac690def9b44f64ca83ef9948255a86331f17fe7a9e28754efc39", "afda91d465139982f8514db180b72f43d716ac44d7740562b9ad243754ccc2e3", "70856dcd88760e632c1179f1a8c6707706c99aaf89c0e68ba91590be17f6da83", "381c0a759f77e6d6b710763f119c4baf8dd17770da0459596194b0db024d25e5", "d0b64ff06449f7fac769b89927ee07af5e08293f97b4313a993d475efef93d37"], "mitre_attack_tags": ["TA0011", "T1105"]}, {"bi": "network-only-safe-domains-contacted", "hashes": ["a3236e4c3f0ac23b292f0cceeb913b661450d7c536ef3f020c73ff6730e5cd3a", "313c12302aac0dce682c608bbb87a98efb585426990eddab37e62a929ea44578", "7cac741b38d55555e63146cffa0c956f0f165eb93c1cd5c253c0de50b80362bc", "be1e3e037b53b4f9c853d37cf2a79d8fa89179725a46be354255bc1602f359dc", "44442d389918ebef5f69c3634971264ad26ff76a0097aee8731edde514ab5f57", "7de1810e9c0d7564931512e160ec1062bf90aa0a98b6d0a5c0eac1c5236f3b01", "c2ecaeab377bd2f93c99d27bd1da11c6897312749bc776366f69955355f2e884", "0cc60a001470ecabe85754beef0d07b78de1641c51c3a03d65942f7cc891a501", "e8e395b302dac690def9b44f64ca83ef9948255a86331f17fe7a9e28754efc39", "afda91d465139982f8514db180b72f43d716ac44d7740562b9ad243754ccc2e3", "70856dcd88760e632c1179f1a8c6707706c99aaf89c0e68ba91590be17f6da83", "381c0a759f77e6d6b710763f119c4baf8dd17770da0459596194b0db024d25e5", "d0b64ff06449f7fac769b89927ee07af5e08293f97b4313a993d475efef93d37"], "mitre_attack_tags": []}, {"bi": "http-response-client-error", "hashes": ["a3236e4c3f0ac23b292f0cceeb913b661450d7c536ef3f020c73ff6730e5cd3a", "313c12302aac0dce682c608bbb87a98efb585426990eddab37e62a929ea44578", "7cac741b38d55555e63146cffa0c956f0f165eb93c1cd5c253c0de50b80362bc", "be1e3e037b53b4f9c853d37cf2a79d8fa89179725a46be354255bc1602f359dc", "44442d389918ebef5f69c3634971264ad26ff76a0097aee8731edde514ab5f57", "7de1810e9c0d7564931512e160ec1062bf90aa0a98b6d0a5c0eac1c5236f3b01", "c2ecaeab377bd2f93c99d27bd1da11c6897312749bc776366f69955355f2e884", "0cc60a001470ecabe85754beef0d07b78de1641c51c3a03d65942f7cc891a501", "e8e395b302dac690def9b44f64ca83ef9948255a86331f17fe7a9e28754efc39", "afda91d465139982f8514db180b72f43d716ac44d7740562b9ad243754ccc2e3", "70856dcd88760e632c1179f1a8c6707706c99aaf89c0e68ba91590be17f6da83", "381c0a759f77e6d6b710763f119c4baf8dd17770da0459596194b0db024d25e5", "d0b64ff06449f7fac769b89927ee07af5e08293f97b4313a993d475efef93d37"], "mitre_attack_tags": []}, {"bi": "listening-port-opened", "hashes": ["a3236e4c3f0ac23b292f0cceeb913b661450d7c536ef3f020c73ff6730e5cd3a", "313c12302aac0dce682c608bbb87a98efb585426990eddab37e62a929ea44578", "7cac741b38d55555e63146cffa0c956f0f165eb93c1cd5c253c0de50b80362bc", "be1e3e037b53b4f9c853d37cf2a79d8fa89179725a46be354255bc1602f359dc", "44442d389918ebef5f69c3634971264ad26ff76a0097aee8731edde514ab5f57", "7de1810e9c0d7564931512e160ec1062bf90aa0a98b6d0a5c0eac1c5236f3b01", "c2ecaeab377bd2f93c99d27bd1da11c6897312749bc776366f69955355f2e884", "0cc60a001470ecabe85754beef0d07b78de1641c51c3a03d65942f7cc891a501", "e8e395b302dac690def9b44f64ca83ef9948255a86331f17fe7a9e28754efc39", "afda91d465139982f8514db180b72f43d716ac44d7740562b9ad243754ccc2e3", "70856dcd88760e632c1179f1a8c6707706c99aaf89c0e68ba91590be17f6da83", "381c0a759f77e6d6b710763f119c4baf8dd17770da0459596194b0db024d25e5", "d0b64ff06449f7fac769b89927ee07af5e08293f97b4313a993d475efef93d37"], "mitre_attack_tags": ["TA0011", "T1219"]}, {"bi": "network-http-blank-user-agent", "hashes": ["a3236e4c3f0ac23b292f0cceeb913b661450d7c536ef3f020c73ff6730e5cd3a", "313c12302aac0dce682c608bbb87a98efb585426990eddab37e62a929ea44578", "7cac741b38d55555e63146cffa0c956f0f165eb93c1cd5c253c0de50b80362bc", "be1e3e037b53b4f9c853d37cf2a79d8fa89179725a46be354255bc1602f359dc", "44442d389918ebef5f69c3634971264ad26ff76a0097aee8731edde514ab5f57", "7de1810e9c0d7564931512e160ec1062bf90aa0a98b6d0a5c0eac1c5236f3b01", "c2ecaeab377bd2f93c99d27bd1da11c6897312749bc776366f69955355f2e884", "0cc60a001470ecabe85754beef0d07b78de1641c51c3a03d65942f7cc891a501", "e8e395b302dac690def9b44f64ca83ef9948255a86331f17fe7a9e28754efc39", "afda91d465139982f8514db180b72f43d716ac44d7740562b9ad243754ccc2e3", "70856dcd88760e632c1179f1a8c6707706c99aaf89c0e68ba91590be17f6da83", "381c0a759f77e6d6b710763f119c4baf8dd17770da0459596194b0db024d25e5", "d0b64ff06449f7fac769b89927ee07af5e08293f97b4313a993d475efef93d37"], "mitre_attack_tags": ["TA0011", "T1071"]}, {"bi": "public-ip-address-identification-attempt", "hashes": ["a3236e4c3f0ac23b292f0cceeb913b661450d7c536ef3f020c73ff6730e5cd3a", "313c12302aac0dce682c608bbb87a98efb585426990eddab37e62a929ea44578", "7cac741b38d55555e63146cffa0c956f0f165eb93c1cd5c253c0de50b80362bc", "be1e3e037b53b4f9c853d37cf2a79d8fa89179725a46be354255bc1602f359dc", "44442d389918ebef5f69c3634971264ad26ff76a0097aee8731edde514ab5f57", "7de1810e9c0d7564931512e160ec1062bf90aa0a98b6d0a5c0eac1c5236f3b01", "c2ecaeab377bd2f93c99d27bd1da11c6897312749bc776366f69955355f2e884", "0cc60a001470ecabe85754beef0d07b78de1641c51c3a03d65942f7cc891a501", "e8e395b302dac690def9b44f64ca83ef9948255a86331f17fe7a9e28754efc39", "afda91d465139982f8514db180b72f43d716ac44d7740562b9ad243754ccc2e3", "70856dcd88760e632c1179f1a8c6707706c99aaf89c0e68ba91590be17f6da83", "381c0a759f77e6d6b710763f119c4baf8dd17770da0459596194b0db024d25e5", "d0b64ff06449f7fac769b89927ee07af5e08293f97b4313a993d475efef93d37"], "mitre_attack_tags": ["TA0007", "T1082", "T1016"]}, {"bi": "compiler-vbc-run", "hashes": ["a3236e4c3f0ac23b292f0cceeb913b661450d7c536ef3f020c73ff6730e5cd3a", "313c12302aac0dce682c608bbb87a98efb585426990eddab37e62a929ea44578", "7cac741b38d55555e63146cffa0c956f0f165eb93c1cd5c253c0de50b80362bc", "be1e3e037b53b4f9c853d37cf2a79d8fa89179725a46be354255bc1602f359dc", "44442d389918ebef5f69c3634971264ad26ff76a0097aee8731edde514ab5f57", "7de1810e9c0d7564931512e160ec1062bf90aa0a98b6d0a5c0eac1c5236f3b01", "c2ecaeab377bd2f93c99d27bd1da11c6897312749bc776366f69955355f2e884", "0cc60a001470ecabe85754beef0d07b78de1641c51c3a03d65942f7cc891a501", "e8e395b302dac690def9b44f64ca83ef9948255a86331f17fe7a9e28754efc39", "afda91d465139982f8514db180b72f43d716ac44d7740562b9ad243754ccc2e3", "70856dcd88760e632c1179f1a8c6707706c99aaf89c0e68ba91590be17f6da83", "381c0a759f77e6d6b710763f119c4baf8dd17770da0459596194b0db024d25e5", "d0b64ff06449f7fac769b89927ee07af5e08293f97b4313a993d475efef93d37"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "malware-hawkeye-detected", "hashes": ["a3236e4c3f0ac23b292f0cceeb913b661450d7c536ef3f020c73ff6730e5cd3a", "313c12302aac0dce682c608bbb87a98efb585426990eddab37e62a929ea44578", "7cac741b38d55555e63146cffa0c956f0f165eb93c1cd5c253c0de50b80362bc", "be1e3e037b53b4f9c853d37cf2a79d8fa89179725a46be354255bc1602f359dc", "44442d389918ebef5f69c3634971264ad26ff76a0097aee8731edde514ab5f57", "7de1810e9c0d7564931512e160ec1062bf90aa0a98b6d0a5c0eac1c5236f3b01", "c2ecaeab377bd2f93c99d27bd1da11c6897312749bc776366f69955355f2e884", "0cc60a001470ecabe85754beef0d07b78de1641c51c3a03d65942f7cc891a501", "e8e395b302dac690def9b44f64ca83ef9948255a86331f17fe7a9e28754efc39", "afda91d465139982f8514db180b72f43d716ac44d7740562b9ad243754ccc2e3", "70856dcd88760e632c1179f1a8c6707706c99aaf89c0e68ba91590be17f6da83", "381c0a759f77e6d6b710763f119c4baf8dd17770da0459596194b0db024d25e5", "d0b64ff06449f7fac769b89927ee07af5e08293f97b4313a993d475efef93d37"], "mitre_attack_tags": []}, {"bi": "process-check-windows-live-mail-appdata-folder", "hashes": ["a3236e4c3f0ac23b292f0cceeb913b661450d7c536ef3f020c73ff6730e5cd3a", "313c12302aac0dce682c608bbb87a98efb585426990eddab37e62a929ea44578", "7cac741b38d55555e63146cffa0c956f0f165eb93c1cd5c253c0de50b80362bc", "be1e3e037b53b4f9c853d37cf2a79d8fa89179725a46be354255bc1602f359dc", "44442d389918ebef5f69c3634971264ad26ff76a0097aee8731edde514ab5f57", "7de1810e9c0d7564931512e160ec1062bf90aa0a98b6d0a5c0eac1c5236f3b01", "c2ecaeab377bd2f93c99d27bd1da11c6897312749bc776366f69955355f2e884", "0cc60a001470ecabe85754beef0d07b78de1641c51c3a03d65942f7cc891a501", "e8e395b302dac690def9b44f64ca83ef9948255a86331f17fe7a9e28754efc39", "afda91d465139982f8514db180b72f43d716ac44d7740562b9ad243754ccc2e3", "70856dcd88760e632c1179f1a8c6707706c99aaf89c0e68ba91590be17f6da83", "381c0a759f77e6d6b710763f119c4baf8dd17770da0459596194b0db024d25e5", "d0b64ff06449f7fac769b89927ee07af5e08293f97b4313a993d475efef93d37"], "mitre_attack_tags": ["TA0007", "T1083"]}, {"bi": "dot-net-process-hollowing-detected", "hashes": ["a3236e4c3f0ac23b292f0cceeb913b661450d7c536ef3f020c73ff6730e5cd3a", "313c12302aac0dce682c608bbb87a98efb585426990eddab37e62a929ea44578", "7cac741b38d55555e63146cffa0c956f0f165eb93c1cd5c253c0de50b80362bc", "be1e3e037b53b4f9c853d37cf2a79d8fa89179725a46be354255bc1602f359dc", "44442d389918ebef5f69c3634971264ad26ff76a0097aee8731edde514ab5f57", "7de1810e9c0d7564931512e160ec1062bf90aa0a98b6d0a5c0eac1c5236f3b01", "c2ecaeab377bd2f93c99d27bd1da11c6897312749bc776366f69955355f2e884", "0cc60a001470ecabe85754beef0d07b78de1641c51c3a03d65942f7cc891a501", "e8e395b302dac690def9b44f64ca83ef9948255a86331f17fe7a9e28754efc39", "afda91d465139982f8514db180b72f43d716ac44d7740562b9ad243754ccc2e3", "70856dcd88760e632c1179f1a8c6707706c99aaf89c0e68ba91590be17f6da83", "381c0a759f77e6d6b710763f119c4baf8dd17770da0459596194b0db024d25e5", "d0b64ff06449f7fac769b89927ee07af5e08293f97b4313a993d475efef93d37"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "feed-domain-antivirus-service", "hashes": ["49e0b254917c1518a0854f3529590b6115f88f0725cb33467419578e47e2a654", "a3236e4c3f0ac23b292f0cceeb913b661450d7c536ef3f020c73ff6730e5cd3a", "313c12302aac0dce682c608bbb87a98efb585426990eddab37e62a929ea44578", "7cac741b38d55555e63146cffa0c956f0f165eb93c1cd5c253c0de50b80362bc", "be1e3e037b53b4f9c853d37cf2a79d8fa89179725a46be354255bc1602f359dc", "7de1810e9c0d7564931512e160ec1062bf90aa0a98b6d0a5c0eac1c5236f3b01", "c2ecaeab377bd2f93c99d27bd1da11c6897312749bc776366f69955355f2e884", "0cc60a001470ecabe85754beef0d07b78de1641c51c3a03d65942f7cc891a501", "e8e395b302dac690def9b44f64ca83ef9948255a86331f17fe7a9e28754efc39", "afda91d465139982f8514db180b72f43d716ac44d7740562b9ad243754ccc2e3", "381c0a759f77e6d6b710763f119c4baf8dd17770da0459596194b0db024d25e5", "d0b64ff06449f7fac769b89927ee07af5e08293f97b4313a993d475efef93d37"], "mitre_attack_tags": []}, {"bi": "created-executable-in-user-dir", "hashes": ["d6c6148d576f451d9c6ecba42e300fe1d4f7e3e65fd1c8f1b2ef48faa9af434c", "a3236e4c3f0ac23b292f0cceeb913b661450d7c536ef3f020c73ff6730e5cd3a", "be1e3e037b53b4f9c853d37cf2a79d8fa89179725a46be354255bc1602f359dc", "44442d389918ebef5f69c3634971264ad26ff76a0097aee8731edde514ab5f57", "7de1810e9c0d7564931512e160ec1062bf90aa0a98b6d0a5c0eac1c5236f3b01", "c2ecaeab377bd2f93c99d27bd1da11c6897312749bc776366f69955355f2e884", "0cc60a001470ecabe85754beef0d07b78de1641c51c3a03d65942f7cc891a501", "e8e395b302dac690def9b44f64ca83ef9948255a86331f17fe7a9e28754efc39", "afda91d465139982f8514db180b72f43d716ac44d7740562b9ad243754ccc2e3", "70856dcd88760e632c1179f1a8c6707706c99aaf89c0e68ba91590be17f6da83", "381c0a759f77e6d6b710763f119c4baf8dd17770da0459596194b0db024d25e5", "d0b64ff06449f7fac769b89927ee07af5e08293f97b4313a993d475efef93d37"], "mitre_attack_tags": []}, {"bi": "file-ini-read", "hashes": ["a3236e4c3f0ac23b292f0cceeb913b661450d7c536ef3f020c73ff6730e5cd3a", "313c12302aac0dce682c608bbb87a98efb585426990eddab37e62a929ea44578", "7cac741b38d55555e63146cffa0c956f0f165eb93c1cd5c253c0de50b80362bc", "be1e3e037b53b4f9c853d37cf2a79d8fa89179725a46be354255bc1602f359dc", "7de1810e9c0d7564931512e160ec1062bf90aa0a98b6d0a5c0eac1c5236f3b01", "c2ecaeab377bd2f93c99d27bd1da11c6897312749bc776366f69955355f2e884", "0cc60a001470ecabe85754beef0d07b78de1641c51c3a03d65942f7cc891a501", "e8e395b302dac690def9b44f64ca83ef9948255a86331f17fe7a9e28754efc39", "afda91d465139982f8514db180b72f43d716ac44d7740562b9ad243754ccc2e3", "381c0a759f77e6d6b710763f119c4baf8dd17770da0459596194b0db024d25e5", "d0b64ff06449f7fac769b89927ee07af5e08293f97b4313a993d475efef93d37"], "mitre_attack_tags": []}, {"bi": "windows-vault-api", "hashes": ["a3236e4c3f0ac23b292f0cceeb913b661450d7c536ef3f020c73ff6730e5cd3a", "313c12302aac0dce682c608bbb87a98efb585426990eddab37e62a929ea44578", "7cac741b38d55555e63146cffa0c956f0f165eb93c1cd5c253c0de50b80362bc", "be1e3e037b53b4f9c853d37cf2a79d8fa89179725a46be354255bc1602f359dc", "7de1810e9c0d7564931512e160ec1062bf90aa0a98b6d0a5c0eac1c5236f3b01", "c2ecaeab377bd2f93c99d27bd1da11c6897312749bc776366f69955355f2e884", "0cc60a001470ecabe85754beef0d07b78de1641c51c3a03d65942f7cc891a501", "e8e395b302dac690def9b44f64ca83ef9948255a86331f17fe7a9e28754efc39", "afda91d465139982f8514db180b72f43d716ac44d7740562b9ad243754ccc2e3", "381c0a759f77e6d6b710763f119c4baf8dd17770da0459596194b0db024d25e5", "d0b64ff06449f7fac769b89927ee07af5e08293f97b4313a993d475efef93d37"], "mitre_attack_tags": ["TA0006", "T1003"]}, {"bi": "firefox-password-manager-local-database-access", "hashes": ["a3236e4c3f0ac23b292f0cceeb913b661450d7c536ef3f020c73ff6730e5cd3a", "313c12302aac0dce682c608bbb87a98efb585426990eddab37e62a929ea44578", "7cac741b38d55555e63146cffa0c956f0f165eb93c1cd5c253c0de50b80362bc", "be1e3e037b53b4f9c853d37cf2a79d8fa89179725a46be354255bc1602f359dc", "7de1810e9c0d7564931512e160ec1062bf90aa0a98b6d0a5c0eac1c5236f3b01", "c2ecaeab377bd2f93c99d27bd1da11c6897312749bc776366f69955355f2e884", "0cc60a001470ecabe85754beef0d07b78de1641c51c3a03d65942f7cc891a501", "e8e395b302dac690def9b44f64ca83ef9948255a86331f17fe7a9e28754efc39", "afda91d465139982f8514db180b72f43d716ac44d7740562b9ad243754ccc2e3", "381c0a759f77e6d6b710763f119c4baf8dd17770da0459596194b0db024d25e5", "d0b64ff06449f7fac769b89927ee07af5e08293f97b4313a993d475efef93d37"], "mitre_attack_tags": ["TA0006", "T1003"]}, {"bi": "enumeration-browser-information", "hashes": ["a3236e4c3f0ac23b292f0cceeb913b661450d7c536ef3f020c73ff6730e5cd3a", "313c12302aac0dce682c608bbb87a98efb585426990eddab37e62a929ea44578", "7cac741b38d55555e63146cffa0c956f0f165eb93c1cd5c253c0de50b80362bc", "be1e3e037b53b4f9c853d37cf2a79d8fa89179725a46be354255bc1602f359dc", "7de1810e9c0d7564931512e160ec1062bf90aa0a98b6d0a5c0eac1c5236f3b01", "c2ecaeab377bd2f93c99d27bd1da11c6897312749bc776366f69955355f2e884", "0cc60a001470ecabe85754beef0d07b78de1641c51c3a03d65942f7cc891a501", "e8e395b302dac690def9b44f64ca83ef9948255a86331f17fe7a9e28754efc39", "afda91d465139982f8514db180b72f43d716ac44d7740562b9ad243754ccc2e3", "381c0a759f77e6d6b710763f119c4baf8dd17770da0459596194b0db024d25e5", "d0b64ff06449f7fac769b89927ee07af5e08293f97b4313a993d475efef93d37"], "mitre_attack_tags": ["TA0007", "TA0009", "TA0006", "T1083", "T1217", "T1005", "T1119", "T1552"]}, {"bi": "feed-public-ip-check-dns", "hashes": ["a3236e4c3f0ac23b292f0cceeb913b661450d7c536ef3f020c73ff6730e5cd3a", "313c12302aac0dce682c608bbb87a98efb585426990eddab37e62a929ea44578", "7cac741b38d55555e63146cffa0c956f0f165eb93c1cd5c253c0de50b80362bc", "be1e3e037b53b4f9c853d37cf2a79d8fa89179725a46be354255bc1602f359dc", "7de1810e9c0d7564931512e160ec1062bf90aa0a98b6d0a5c0eac1c5236f3b01", "c2ecaeab377bd2f93c99d27bd1da11c6897312749bc776366f69955355f2e884", "0cc60a001470ecabe85754beef0d07b78de1641c51c3a03d65942f7cc891a501", "e8e395b302dac690def9b44f64ca83ef9948255a86331f17fe7a9e28754efc39", "afda91d465139982f8514db180b72f43d716ac44d7740562b9ad243754ccc2e3", "381c0a759f77e6d6b710763f119c4baf8dd17770da0459596194b0db024d25e5", "d0b64ff06449f7fac769b89927ee07af5e08293f97b4313a993d475efef93d37"], "mitre_attack_tags": []}, {"bi": "process-check-opera-appdata-folder", "hashes": ["a3236e4c3f0ac23b292f0cceeb913b661450d7c536ef3f020c73ff6730e5cd3a", "313c12302aac0dce682c608bbb87a98efb585426990eddab37e62a929ea44578", "7cac741b38d55555e63146cffa0c956f0f165eb93c1cd5c253c0de50b80362bc", "be1e3e037b53b4f9c853d37cf2a79d8fa89179725a46be354255bc1602f359dc", "7de1810e9c0d7564931512e160ec1062bf90aa0a98b6d0a5c0eac1c5236f3b01", "c2ecaeab377bd2f93c99d27bd1da11c6897312749bc776366f69955355f2e884", "0cc60a001470ecabe85754beef0d07b78de1641c51c3a03d65942f7cc891a501", "e8e395b302dac690def9b44f64ca83ef9948255a86331f17fe7a9e28754efc39", "afda91d465139982f8514db180b72f43d716ac44d7740562b9ad243754ccc2e3", "381c0a759f77e6d6b710763f119c4baf8dd17770da0459596194b0db024d25e5", "d0b64ff06449f7fac769b89927ee07af5e08293f97b4313a993d475efef93d37"], "mitre_attack_tags": ["TA0007", "T1083"]}, {"bi": "process-check-browser-mail-client-files", "hashes": ["a3236e4c3f0ac23b292f0cceeb913b661450d7c536ef3f020c73ff6730e5cd3a", "313c12302aac0dce682c608bbb87a98efb585426990eddab37e62a929ea44578", "7cac741b38d55555e63146cffa0c956f0f165eb93c1cd5c253c0de50b80362bc", "be1e3e037b53b4f9c853d37cf2a79d8fa89179725a46be354255bc1602f359dc", "7de1810e9c0d7564931512e160ec1062bf90aa0a98b6d0a5c0eac1c5236f3b01", "c2ecaeab377bd2f93c99d27bd1da11c6897312749bc776366f69955355f2e884", "0cc60a001470ecabe85754beef0d07b78de1641c51c3a03d65942f7cc891a501", "e8e395b302dac690def9b44f64ca83ef9948255a86331f17fe7a9e28754efc39", "afda91d465139982f8514db180b72f43d716ac44d7740562b9ad243754ccc2e3", "381c0a759f77e6d6b710763f119c4baf8dd17770da0459596194b0db024d25e5", "d0b64ff06449f7fac769b89927ee07af5e08293f97b4313a993d475efef93d37"], "mitre_attack_tags": ["TA0007", "T1518"]}, {"bi": "malware-generic-infostealer", "hashes": ["a3236e4c3f0ac23b292f0cceeb913b661450d7c536ef3f020c73ff6730e5cd3a", "313c12302aac0dce682c608bbb87a98efb585426990eddab37e62a929ea44578", "7cac741b38d55555e63146cffa0c956f0f165eb93c1cd5c253c0de50b80362bc", "be1e3e037b53b4f9c853d37cf2a79d8fa89179725a46be354255bc1602f359dc", "7de1810e9c0d7564931512e160ec1062bf90aa0a98b6d0a5c0eac1c5236f3b01", "c2ecaeab377bd2f93c99d27bd1da11c6897312749bc776366f69955355f2e884", "0cc60a001470ecabe85754beef0d07b78de1641c51c3a03d65942f7cc891a501", "e8e395b302dac690def9b44f64ca83ef9948255a86331f17fe7a9e28754efc39", "afda91d465139982f8514db180b72f43d716ac44d7740562b9ad243754ccc2e3", "381c0a759f77e6d6b710763f119c4baf8dd17770da0459596194b0db024d25e5", "d0b64ff06449f7fac769b89927ee07af5e08293f97b4313a993d475efef93d37"], "mitre_attack_tags": ["TA0007", "TA0009", "TA0006", "T1083", "T1005", "T1119", "T1552"]}, {"bi": "network-communications-smtp", "hashes": ["a3236e4c3f0ac23b292f0cceeb913b661450d7c536ef3f020c73ff6730e5cd3a", "313c12302aac0dce682c608bbb87a98efb585426990eddab37e62a929ea44578", "be1e3e037b53b4f9c853d37cf2a79d8fa89179725a46be354255bc1602f359dc", "7de1810e9c0d7564931512e160ec1062bf90aa0a98b6d0a5c0eac1c5236f3b01", "c2ecaeab377bd2f93c99d27bd1da11c6897312749bc776366f69955355f2e884", "0cc60a001470ecabe85754beef0d07b78de1641c51c3a03d65942f7cc891a501", "e8e395b302dac690def9b44f64ca83ef9948255a86331f17fe7a9e28754efc39", "afda91d465139982f8514db180b72f43d716ac44d7740562b9ad243754ccc2e3", "381c0a759f77e6d6b710763f119c4baf8dd17770da0459596194b0db024d25e5", "d0b64ff06449f7fac769b89927ee07af5e08293f97b4313a993d475efef93d37"], "mitre_attack_tags": ["TA0011", "T1071"]}, {"bi": "network-smtp-spambot", "hashes": ["a3236e4c3f0ac23b292f0cceeb913b661450d7c536ef3f020c73ff6730e5cd3a", "313c12302aac0dce682c608bbb87a98efb585426990eddab37e62a929ea44578", "be1e3e037b53b4f9c853d37cf2a79d8fa89179725a46be354255bc1602f359dc", "7de1810e9c0d7564931512e160ec1062bf90aa0a98b6d0a5c0eac1c5236f3b01", "c2ecaeab377bd2f93c99d27bd1da11c6897312749bc776366f69955355f2e884", "0cc60a001470ecabe85754beef0d07b78de1641c51c3a03d65942f7cc891a501", "e8e395b302dac690def9b44f64ca83ef9948255a86331f17fe7a9e28754efc39", "afda91d465139982f8514db180b72f43d716ac44d7740562b9ad243754ccc2e3", "381c0a759f77e6d6b710763f119c4baf8dd17770da0459596194b0db024d25e5", "d0b64ff06449f7fac769b89927ee07af5e08293f97b4313a993d475efef93d37"], "mitre_attack_tags": []}, {"bi": "deleted-submitted-file", "hashes": ["d6c6148d576f451d9c6ecba42e300fe1d4f7e3e65fd1c8f1b2ef48faa9af434c", "a3236e4c3f0ac23b292f0cceeb913b661450d7c536ef3f020c73ff6730e5cd3a", "7de1810e9c0d7564931512e160ec1062bf90aa0a98b6d0a5c0eac1c5236f3b01", "c2ecaeab377bd2f93c99d27bd1da11c6897312749bc776366f69955355f2e884", "0cc60a001470ecabe85754beef0d07b78de1641c51c3a03d65942f7cc891a501", "e8e395b302dac690def9b44f64ca83ef9948255a86331f17fe7a9e28754efc39", "afda91d465139982f8514db180b72f43d716ac44d7740562b9ad243754ccc2e3", "d0b64ff06449f7fac769b89927ee07af5e08293f97b4313a993d475efef93d37"], "mitre_attack_tags": ["TA0005", "T1070"]}, {"bi": "compound-vb-self-delete", "hashes": ["d6c6148d576f451d9c6ecba42e300fe1d4f7e3e65fd1c8f1b2ef48faa9af434c", "a3236e4c3f0ac23b292f0cceeb913b661450d7c536ef3f020c73ff6730e5cd3a", "7de1810e9c0d7564931512e160ec1062bf90aa0a98b6d0a5c0eac1c5236f3b01", "c2ecaeab377bd2f93c99d27bd1da11c6897312749bc776366f69955355f2e884", "0cc60a001470ecabe85754beef0d07b78de1641c51c3a03d65942f7cc891a501", "e8e395b302dac690def9b44f64ca83ef9948255a86331f17fe7a9e28754efc39", "afda91d465139982f8514db180b72f43d716ac44d7740562b9ad243754ccc2e3", "d0b64ff06449f7fac769b89927ee07af5e08293f97b4313a993d475efef93d37"], "mitre_attack_tags": []}, {"bi": "unsigned-roaming-execution", "hashes": ["d6c6148d576f451d9c6ecba42e300fe1d4f7e3e65fd1c8f1b2ef48faa9af434c", "a3236e4c3f0ac23b292f0cceeb913b661450d7c536ef3f020c73ff6730e5cd3a", "7de1810e9c0d7564931512e160ec1062bf90aa0a98b6d0a5c0eac1c5236f3b01", "c2ecaeab377bd2f93c99d27bd1da11c6897312749bc776366f69955355f2e884", "0cc60a001470ecabe85754beef0d07b78de1641c51c3a03d65942f7cc891a501", "e8e395b302dac690def9b44f64ca83ef9948255a86331f17fe7a9e28754efc39", "afda91d465139982f8514db180b72f43d716ac44d7740562b9ad243754ccc2e3", "d0b64ff06449f7fac769b89927ee07af5e08293f97b4313a993d475efef93d37"], "mitre_attack_tags": ["TA0005"]}, {"bi": "usb-drive-autoplay-modification", "hashes": ["a3236e4c3f0ac23b292f0cceeb913b661450d7c536ef3f020c73ff6730e5cd3a", "7cac741b38d55555e63146cffa0c956f0f165eb93c1cd5c253c0de50b80362bc", "c2ecaeab377bd2f93c99d27bd1da11c6897312749bc776366f69955355f2e884", "0cc60a001470ecabe85754beef0d07b78de1641c51c3a03d65942f7cc891a501", "e8e395b302dac690def9b44f64ca83ef9948255a86331f17fe7a9e28754efc39", "afda91d465139982f8514db180b72f43d716ac44d7740562b9ad243754ccc2e3", "d0b64ff06449f7fac769b89927ee07af5e08293f97b4313a993d475efef93d37"], "mitre_attack_tags": ["TA0001", "TA0008", "T1091"]}, {"bi": "modified-file-on-usb", "hashes": ["a3236e4c3f0ac23b292f0cceeb913b661450d7c536ef3f020c73ff6730e5cd3a", "7cac741b38d55555e63146cffa0c956f0f165eb93c1cd5c253c0de50b80362bc", "c2ecaeab377bd2f93c99d27bd1da11c6897312749bc776366f69955355f2e884", "0cc60a001470ecabe85754beef0d07b78de1641c51c3a03d65942f7cc891a501", "e8e395b302dac690def9b44f64ca83ef9948255a86331f17fe7a9e28754efc39", "afda91d465139982f8514db180b72f43d716ac44d7740562b9ad243754ccc2e3", "d0b64ff06449f7fac769b89927ee07af5e08293f97b4313a993d475efef93d37"], "mitre_attack_tags": ["TA0011", "T1092"]}, {"bi": "created-executable-on-usb", "hashes": ["a3236e4c3f0ac23b292f0cceeb913b661450d7c536ef3f020c73ff6730e5cd3a", "7cac741b38d55555e63146cffa0c956f0f165eb93c1cd5c253c0de50b80362bc", "c2ecaeab377bd2f93c99d27bd1da11c6897312749bc776366f69955355f2e884", "0cc60a001470ecabe85754beef0d07b78de1641c51c3a03d65942f7cc891a501", "e8e395b302dac690def9b44f64ca83ef9948255a86331f17fe7a9e28754efc39", "afda91d465139982f8514db180b72f43d716ac44d7740562b9ad243754ccc2e3", "d0b64ff06449f7fac769b89927ee07af5e08293f97b4313a993d475efef93d37"], "mitre_attack_tags": ["TA0001", "TA0008", "T1091"]}, {"bi": "sample-copied-to-usb", "hashes": ["a3236e4c3f0ac23b292f0cceeb913b661450d7c536ef3f020c73ff6730e5cd3a", "7cac741b38d55555e63146cffa0c956f0f165eb93c1cd5c253c0de50b80362bc", "c2ecaeab377bd2f93c99d27bd1da11c6897312749bc776366f69955355f2e884", "0cc60a001470ecabe85754beef0d07b78de1641c51c3a03d65942f7cc891a501", "e8e395b302dac690def9b44f64ca83ef9948255a86331f17fe7a9e28754efc39", "afda91d465139982f8514db180b72f43d716ac44d7740562b9ad243754ccc2e3", "d0b64ff06449f7fac769b89927ee07af5e08293f97b4313a993d475efef93d37"], "mitre_attack_tags": ["TA0001", "TA0008", "T1091"]}, {"bi": "registry-autorun-key-modified", "hashes": ["d6c6148d576f451d9c6ecba42e300fe1d4f7e3e65fd1c8f1b2ef48faa9af434c", "b4046a54de2f089e8172bb52c101240c9f490614c1e1c320372172d3924c2cb0", "be1e3e037b53b4f9c853d37cf2a79d8fa89179725a46be354255bc1602f359dc", "44442d389918ebef5f69c3634971264ad26ff76a0097aee8731edde514ab5f57", "70856dcd88760e632c1179f1a8c6707706c99aaf89c0e68ba91590be17f6da83", "381c0a759f77e6d6b710763f119c4baf8dd17770da0459596194b0db024d25e5"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "network-snort-protocol", "hashes": ["a3236e4c3f0ac23b292f0cceeb913b661450d7c536ef3f020c73ff6730e5cd3a", "7de1810e9c0d7564931512e160ec1062bf90aa0a98b6d0a5c0eac1c5236f3b01", "0cc60a001470ecabe85754beef0d07b78de1641c51c3a03d65942f7cc891a501", "e8e395b302dac690def9b44f64ca83ef9948255a86331f17fe7a9e28754efc39", "d0b64ff06449f7fac769b89927ee07af5e08293f97b4313a993d475efef93d37"], "mitre_attack_tags": []}, {"bi": "registry-autorun-key-data-dir", "hashes": ["be1e3e037b53b4f9c853d37cf2a79d8fa89179725a46be354255bc1602f359dc", "44442d389918ebef5f69c3634971264ad26ff76a0097aee8731edde514ab5f57", "70856dcd88760e632c1179f1a8c6707706c99aaf89c0e68ba91590be17f6da83", "381c0a759f77e6d6b710763f119c4baf8dd17770da0459596194b0db024d25e5"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "registry-autorun-suspicious-public-ip", "hashes": ["be1e3e037b53b4f9c853d37cf2a79d8fa89179725a46be354255bc1602f359dc", "44442d389918ebef5f69c3634971264ad26ff76a0097aee8731edde514ab5f57", "70856dcd88760e632c1179f1a8c6707706c99aaf89c0e68ba91590be17f6da83", "381c0a759f77e6d6b710763f119c4baf8dd17770da0459596194b0db024d25e5"], "mitre_attack_tags": []}, {"bi": "antivirus-flagged-artifact", "hashes": ["49e0b254917c1518a0854f3529590b6115f88f0725cb33467419578e47e2a654", "d6c6148d576f451d9c6ecba42e300fe1d4f7e3e65fd1c8f1b2ef48faa9af434c", "b4046a54de2f089e8172bb52c101240c9f490614c1e1c320372172d3924c2cb0"], "mitre_attack_tags": []}, {"bi": "fault-report-file-created", "hashes": ["313c12302aac0dce682c608bbb87a98efb585426990eddab37e62a929ea44578", "44442d389918ebef5f69c3634971264ad26ff76a0097aee8731edde514ab5f57", "70856dcd88760e632c1179f1a8c6707706c99aaf89c0e68ba91590be17f6da83"], "mitre_attack_tags": []}, {"bi": "process-hollowing-detected", "hashes": ["313c12302aac0dce682c608bbb87a98efb585426990eddab37e62a929ea44578", "be1e3e037b53b4f9c853d37cf2a79d8fa89179725a46be354255bc1602f359dc", "44442d389918ebef5f69c3634971264ad26ff76a0097aee8731edde514ab5f57"], "mitre_attack_tags": ["TA0005", "T1093"]}, {"bi": "network-fast-flux-nameserver", "hashes": ["49e0b254917c1518a0854f3529590b6115f88f0725cb33467419578e47e2a654", "7cac741b38d55555e63146cffa0c956f0f165eb93c1cd5c253c0de50b80362bc"], "mitre_attack_tags": []}, {"bi": "dns-query-nxdomain", "hashes": ["49e0b254917c1518a0854f3529590b6115f88f0725cb33467419578e47e2a654", "7cac741b38d55555e63146cffa0c956f0f165eb93c1cd5c253c0de50b80362bc"], "mitre_attack_tags": []}, {"bi": "windows-crash-tool-execution-detected", "hashes": ["44442d389918ebef5f69c3634971264ad26ff76a0097aee8731edde514ab5f57", "70856dcd88760e632c1179f1a8c6707706c99aaf89c0e68ba91590be17f6da83"], "mitre_attack_tags": []}, {"bi": "crash-dump-file-created", "hashes": ["44442d389918ebef5f69c3634971264ad26ff76a0097aee8731edde514ab5f57", "70856dcd88760e632c1179f1a8c6707706c99aaf89c0e68ba91590be17f6da83"], "mitre_attack_tags": []}, {"bi": "malware-trojan-coinminer-detected", "hashes": ["49e0b254917c1518a0854f3529590b6115f88f0725cb33467419578e47e2a654"], "mitre_attack_tags": []}, {"bi": "artifact-flagged-malware", "hashes": ["49e0b254917c1518a0854f3529590b6115f88f0725cb33467419578e47e2a654"], "mitre_attack_tags": []}, {"bi": "cryptonight-library-detected", "hashes": ["49e0b254917c1518a0854f3529590b6115f88f0725cb33467419578e47e2a654"], "mitre_attack_tags": []}, {"bi": "process-long-cmdline", "hashes": ["d6c6148d576f451d9c6ecba42e300fe1d4f7e3e65fd1c8f1b2ef48faa9af434c"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "potential-registry-persistence", "hashes": ["d6c6148d576f451d9c6ecba42e300fe1d4f7e3e65fd1c8f1b2ef48faa9af434c"], "mitre_attack_tags": []}, {"bi": "cmd-exe-file-execution", "hashes": ["d6c6148d576f451d9c6ecba42e300fe1d4f7e3e65fd1c8f1b2ef48faa9af434c"], "mitre_attack_tags": ["TA0002", "T1059"]}, {"bi": "potential-registry-script-execution", "hashes": ["d6c6148d576f451d9c6ecba42e300fe1d4f7e3e65fd1c8f1b2ef48faa9af434c"], "mitre_attack_tags": []}, {"bi": "registry-modification-reg", "hashes": ["d6c6148d576f451d9c6ecba42e300fe1d4f7e3e65fd1c8f1b2ef48faa9af434c"], "mitre_attack_tags": []}, {"bi": "artifact-memory-vm-detect", "hashes": ["d6c6148d576f451d9c6ecba42e300fe1d4f7e3e65fd1c8f1b2ef48faa9af434c"], "mitre_attack_tags": ["TA0005", "TA0007", "T1497"]}, {"bi": "command-deleted-shadow-copy", "hashes": ["d6c6148d576f451d9c6ecba42e300fe1d4f7e3e65fd1c8f1b2ef48faa9af434c"], "mitre_attack_tags": ["TA0040", "T1490"]}, {"bi": "malware-generic-ransomware-backup-del", "hashes": ["d6c6148d576f451d9c6ecba42e300fe1d4f7e3e65fd1c8f1b2ef48faa9af434c"], "mitre_attack_tags": []}, {"bi": "wmic-shadowcopy-delete", "hashes": ["d6c6148d576f451d9c6ecba42e300fe1d4f7e3e65fd1c8f1b2ef48faa9af434c"], "mitre_attack_tags": ["TA0002", "TA0040", "T1047", "T1490"]}, {"bi": "microsoft-block-rule-list-app-executed", "hashes": ["d6c6148d576f451d9c6ecba42e300fe1d4f7e3e65fd1c8f1b2ef48faa9af434c"], "mitre_attack_tags": ["TA0005", "T1562"]}, {"bi": "process-mshta-cmdline-script", "hashes": ["d6c6148d576f451d9c6ecba42e300fe1d4f7e3e65fd1c8f1b2ef48faa9af434c"], "mitre_attack_tags": ["TA0005", "T1218"]}, {"bi": "bcdedit-disable-recovery", "hashes": ["d6c6148d576f451d9c6ecba42e300fe1d4f7e3e65fd1c8f1b2ef48faa9af434c"], "mitre_attack_tags": ["TA0040", "T1490"]}, {"bi": "wbadmin-file-deletion-detected", "hashes": ["d6c6148d576f451d9c6ecba42e300fe1d4f7e3e65fd1c8f1b2ef48faa9af434c"], "mitre_attack_tags": ["TA0040", "T1485"]}, {"bi": "bcdedit-ignore-failure", "hashes": ["d6c6148d576f451d9c6ecba42e300fe1d4f7e3e65fd1c8f1b2ef48faa9af434c"], "mitre_attack_tags": ["TA0040", "T1490"]}, {"bi": "pe-imports-virtual-disk-api-dll", "hashes": ["d6c6148d576f451d9c6ecba42e300fe1d4f7e3e65fd1c8f1b2ef48faa9af434c"], "mitre_attack_tags": ["TA0005", "TA0007", "T1497"]}, {"bi": "pe-filename-mismatch", "hashes": ["b4046a54de2f089e8172bb52c101240c9f490614c1e1c320372172d3924c2cb0"], "mitre_attack_tags": []}, {"bi": "files-created-vbs", "hashes": ["b4046a54de2f089e8172bb52c101240c9f490614c1e1c320372172d3924c2cb0"], "mitre_attack_tags": ["TA0002", "T1059"]}, {"bi": "vbs-calls-shell", "hashes": ["b4046a54de2f089e8172bb52c101240c9f490614c1e1c320372172d3924c2cb0"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "vbs-creates-and-runs", "hashes": ["b4046a54de2f089e8172bb52c101240c9f490614c1e1c320372172d3924c2cb0"], "mitre_attack_tags": ["TA0002", "T1059"]}, {"bi": "process-windows-script-launched", "hashes": ["b4046a54de2f089e8172bb52c101240c9f490614c1e1c320372172d3924c2cb0"], "mitre_attack_tags": ["TA0002", "T1059"]}, {"bi": "sample-pe-modified-on-disk", "hashes": ["b4046a54de2f089e8172bb52c101240c9f490614c1e1c320372172d3924c2cb0"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "malware-compound-cta-activity", "hashes": ["b4046a54de2f089e8172bb52c101240c9f490614c1e1c320372172d3924c2cb0"], "mitre_attack_tags": []}, {"bi": "antivirus-flagged-artifact-cta", "hashes": ["b4046a54de2f089e8172bb52c101240c9f490614c1e1c320372172d3924c2cb0"], "mitre_attack_tags": []}, {"bi": "dot-net-crash-tool-execution-detected", "hashes": ["313c12302aac0dce682c608bbb87a98efb585426990eddab37e62a929ea44578"], "mitre_attack_tags": []}], "category": "Dropper", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": true, "Threat Grid": true, "Umbrella": false, "WSA": false}, "description": "HawkEye is an information stealing malware that specifically targets usernames and passwords stored by web browsers and mail clients on an infected machine. It is commonly spread via email and can also propagate through removable media.", "hashes": ["0cc60a001470ecabe85754beef0d07b78de1641c51c3a03d65942f7cc891a501", "0efa1987ea81b609603370f16303c9432a17389a6ae6ad35f39db8155492cefe", "313c12302aac0dce682c608bbb87a98efb585426990eddab37e62a929ea44578", "381c0a759f77e6d6b710763f119c4baf8dd17770da0459596194b0db024d25e5", "44442d389918ebef5f69c3634971264ad26ff76a0097aee8731edde514ab5f57", "49e0b254917c1518a0854f3529590b6115f88f0725cb33467419578e47e2a654", "70856dcd88760e632c1179f1a8c6707706c99aaf89c0e68ba91590be17f6da83", "7cac741b38d55555e63146cffa0c956f0f165eb93c1cd5c253c0de50b80362bc", "7de1810e9c0d7564931512e160ec1062bf90aa0a98b6d0a5c0eac1c5236f3b01", "a3236e4c3f0ac23b292f0cceeb913b661450d7c536ef3f020c73ff6730e5cd3a", "afda91d465139982f8514db180b72f43d716ac44d7740562b9ad243754ccc2e3", "b4046a54de2f089e8172bb52c101240c9f490614c1e1c320372172d3924c2cb0", "be1e3e037b53b4f9c853d37cf2a79d8fa89179725a46be354255bc1602f359dc", "c2ecaeab377bd2f93c99d27bd1da11c6897312749bc776366f69955355f2e884", "d0b64ff06449f7fac769b89927ee07af5e08293f97b4313a993d475efef93d37", "d6c6148d576f451d9c6ecba42e300fe1d4f7e3e65fd1c8f1b2ef48faa9af434c", "e8e395b302dac690def9b44f64ca83ef9948255a86331f17fe7a9e28754efc39"], "iocs": {"domain": [{"hashes": ["0cc60a001470ecabe85754beef0d07b78de1641c51c3a03d65942f7cc891a501", "313c12302aac0dce682c608bbb87a98efb585426990eddab37e62a929ea44578", "381c0a759f77e6d6b710763f119c4baf8dd17770da0459596194b0db024d25e5", "44442d389918ebef5f69c3634971264ad26ff76a0097aee8731edde514ab5f57", "70856dcd88760e632c1179f1a8c6707706c99aaf89c0e68ba91590be17f6da83", "7cac741b38d55555e63146cffa0c956f0f165eb93c1cd5c253c0de50b80362bc", "7de1810e9c0d7564931512e160ec1062bf90aa0a98b6d0a5c0eac1c5236f3b01", "a3236e4c3f0ac23b292f0cceeb913b661450d7c536ef3f020c73ff6730e5cd3a", "afda91d465139982f8514db180b72f43d716ac44d7740562b9ad243754ccc2e3", "be1e3e037b53b4f9c853d37cf2a79d8fa89179725a46be354255bc1602f359dc", "c2ecaeab377bd2f93c99d27bd1da11c6897312749bc776366f69955355f2e884", "d0b64ff06449f7fac769b89927ee07af5e08293f97b4313a993d475efef93d37", "e8e395b302dac690def9b44f64ca83ef9948255a86331f17fe7a9e28754efc39"], "host": "whatismyipaddress[.]com"}, {"hashes": ["0cc60a001470ecabe85754beef0d07b78de1641c51c3a03d65942f7cc891a501", "afda91d465139982f8514db180b72f43d716ac44d7740562b9ad243754ccc2e3", "c2ecaeab377bd2f93c99d27bd1da11c6897312749bc776366f69955355f2e884", "d0b64ff06449f7fac769b89927ee07af5e08293f97b4313a993d475efef93d37", "e8e395b302dac690def9b44f64ca83ef9948255a86331f17fe7a9e28754efc39"], "host": "smtp[.]yandex[.]com"}, {"hashes": ["381c0a759f77e6d6b710763f119c4baf8dd17770da0459596194b0db024d25e5", "7de1810e9c0d7564931512e160ec1062bf90aa0a98b6d0a5c0eac1c5236f3b01", "be1e3e037b53b4f9c853d37cf2a79d8fa89179725a46be354255bc1602f359dc"], "host": "smtp[.]zoho[.]com"}, {"hashes": ["a3236e4c3f0ac23b292f0cceeb913b661450d7c536ef3f020c73ff6730e5cd3a"], "host": "smtp[.]mail[.]ru"}, {"hashes": ["313c12302aac0dce682c608bbb87a98efb585426990eddab37e62a929ea44578"], "host": "smtp[.]gmail[.]com"}, {"hashes": ["49e0b254917c1518a0854f3529590b6115f88f0725cb33467419578e47e2a654"], "host": "help[.]nominergate[.]gdn"}, {"hashes": ["7cac741b38d55555e63146cffa0c956f0f165eb93c1cd5c253c0de50b80362bc"], "host": "smtp[.]mayadizeyn[.]com"}], "file": [{"hashes": ["0cc60a001470ecabe85754beef0d07b78de1641c51c3a03d65942f7cc891a501", "313c12302aac0dce682c608bbb87a98efb585426990eddab37e62a929ea44578", "381c0a759f77e6d6b710763f119c4baf8dd17770da0459596194b0db024d25e5", "44442d389918ebef5f69c3634971264ad26ff76a0097aee8731edde514ab5f57", "70856dcd88760e632c1179f1a8c6707706c99aaf89c0e68ba91590be17f6da83", "7cac741b38d55555e63146cffa0c956f0f165eb93c1cd5c253c0de50b80362bc", "7de1810e9c0d7564931512e160ec1062bf90aa0a98b6d0a5c0eac1c5236f3b01", "a3236e4c3f0ac23b292f0cceeb913b661450d7c536ef3f020c73ff6730e5cd3a", "afda91d465139982f8514db180b72f43d716ac44d7740562b9ad243754ccc2e3", "be1e3e037b53b4f9c853d37cf2a79d8fa89179725a46be354255bc1602f359dc", "c2ecaeab377bd2f93c99d27bd1da11c6897312749bc776366f69955355f2e884", "d0b64ff06449f7fac769b89927ee07af5e08293f97b4313a993d475efef93d37", "e8e395b302dac690def9b44f64ca83ef9948255a86331f17fe7a9e28754efc39"], "path": "%APPDATA%\\pid.txt"}, {"hashes": ["0cc60a001470ecabe85754beef0d07b78de1641c51c3a03d65942f7cc891a501", "313c12302aac0dce682c608bbb87a98efb585426990eddab37e62a929ea44578", "381c0a759f77e6d6b710763f119c4baf8dd17770da0459596194b0db024d25e5", "44442d389918ebef5f69c3634971264ad26ff76a0097aee8731edde514ab5f57", "70856dcd88760e632c1179f1a8c6707706c99aaf89c0e68ba91590be17f6da83", "7cac741b38d55555e63146cffa0c956f0f165eb93c1cd5c253c0de50b80362bc", "7de1810e9c0d7564931512e160ec1062bf90aa0a98b6d0a5c0eac1c5236f3b01", "a3236e4c3f0ac23b292f0cceeb913b661450d7c536ef3f020c73ff6730e5cd3a", "afda91d465139982f8514db180b72f43d716ac44d7740562b9ad243754ccc2e3", "be1e3e037b53b4f9c853d37cf2a79d8fa89179725a46be354255bc1602f359dc", "c2ecaeab377bd2f93c99d27bd1da11c6897312749bc776366f69955355f2e884", "d0b64ff06449f7fac769b89927ee07af5e08293f97b4313a993d475efef93d37", "e8e395b302dac690def9b44f64ca83ef9948255a86331f17fe7a9e28754efc39"], "path": "%APPDATA%\\pidloc.txt"}, {"hashes": ["0cc60a001470ecabe85754beef0d07b78de1641c51c3a03d65942f7cc891a501", "313c12302aac0dce682c608bbb87a98efb585426990eddab37e62a929ea44578", "381c0a759f77e6d6b710763f119c4baf8dd17770da0459596194b0db024d25e5", "44442d389918ebef5f69c3634971264ad26ff76a0097aee8731edde514ab5f57", "70856dcd88760e632c1179f1a8c6707706c99aaf89c0e68ba91590be17f6da83", "7cac741b38d55555e63146cffa0c956f0f165eb93c1cd5c253c0de50b80362bc", "7de1810e9c0d7564931512e160ec1062bf90aa0a98b6d0a5c0eac1c5236f3b01", "a3236e4c3f0ac23b292f0cceeb913b661450d7c536ef3f020c73ff6730e5cd3a", "afda91d465139982f8514db180b72f43d716ac44d7740562b9ad243754ccc2e3", "be1e3e037b53b4f9c853d37cf2a79d8fa89179725a46be354255bc1602f359dc", "c2ecaeab377bd2f93c99d27bd1da11c6897312749bc776366f69955355f2e884", "d0b64ff06449f7fac769b89927ee07af5e08293f97b4313a993d475efef93d37", "e8e395b302dac690def9b44f64ca83ef9948255a86331f17fe7a9e28754efc39"], "path": "%TEMP%\\holdermail.txt"}, {"hashes": ["0cc60a001470ecabe85754beef0d07b78de1641c51c3a03d65942f7cc891a501", "313c12302aac0dce682c608bbb87a98efb585426990eddab37e62a929ea44578", "381c0a759f77e6d6b710763f119c4baf8dd17770da0459596194b0db024d25e5", "7cac741b38d55555e63146cffa0c956f0f165eb93c1cd5c253c0de50b80362bc", "7de1810e9c0d7564931512e160ec1062bf90aa0a98b6d0a5c0eac1c5236f3b01", "a3236e4c3f0ac23b292f0cceeb913b661450d7c536ef3f020c73ff6730e5cd3a", "afda91d465139982f8514db180b72f43d716ac44d7740562b9ad243754ccc2e3", "be1e3e037b53b4f9c853d37cf2a79d8fa89179725a46be354255bc1602f359dc", "c2ecaeab377bd2f93c99d27bd1da11c6897312749bc776366f69955355f2e884", "d0b64ff06449f7fac769b89927ee07af5e08293f97b4313a993d475efef93d37", "e8e395b302dac690def9b44f64ca83ef9948255a86331f17fe7a9e28754efc39"], "path": "%TEMP%\\holderwb.txt"}, {"hashes": ["0cc60a001470ecabe85754beef0d07b78de1641c51c3a03d65942f7cc891a501", "7cac741b38d55555e63146cffa0c956f0f165eb93c1cd5c253c0de50b80362bc", "a3236e4c3f0ac23b292f0cceeb913b661450d7c536ef3f020c73ff6730e5cd3a", "afda91d465139982f8514db180b72f43d716ac44d7740562b9ad243754ccc2e3", "c2ecaeab377bd2f93c99d27bd1da11c6897312749bc776366f69955355f2e884", "d0b64ff06449f7fac769b89927ee07af5e08293f97b4313a993d475efef93d37", "e8e395b302dac690def9b44f64ca83ef9948255a86331f17fe7a9e28754efc39"], "path": "\\Sys.exe"}, {"hashes": ["0cc60a001470ecabe85754beef0d07b78de1641c51c3a03d65942f7cc891a501", "7cac741b38d55555e63146cffa0c956f0f165eb93c1cd5c253c0de50b80362bc", "a3236e4c3f0ac23b292f0cceeb913b661450d7c536ef3f020c73ff6730e5cd3a", "afda91d465139982f8514db180b72f43d716ac44d7740562b9ad243754ccc2e3", "c2ecaeab377bd2f93c99d27bd1da11c6897312749bc776366f69955355f2e884", "d0b64ff06449f7fac769b89927ee07af5e08293f97b4313a993d475efef93d37", "e8e395b302dac690def9b44f64ca83ef9948255a86331f17fe7a9e28754efc39"], "path": "\\autorun.inf"}, {"hashes": ["0cc60a001470ecabe85754beef0d07b78de1641c51c3a03d65942f7cc891a501", "7de1810e9c0d7564931512e160ec1062bf90aa0a98b6d0a5c0eac1c5236f3b01", "a3236e4c3f0ac23b292f0cceeb913b661450d7c536ef3f020c73ff6730e5cd3a", "afda91d465139982f8514db180b72f43d716ac44d7740562b9ad243754ccc2e3", "c2ecaeab377bd2f93c99d27bd1da11c6897312749bc776366f69955355f2e884", "d0b64ff06449f7fac769b89927ee07af5e08293f97b4313a993d475efef93d37", "e8e395b302dac690def9b44f64ca83ef9948255a86331f17fe7a9e28754efc39"], "path": "%TEMP%\\SysInfo.txt"}, {"hashes": ["0cc60a001470ecabe85754beef0d07b78de1641c51c3a03d65942f7cc891a501", "7de1810e9c0d7564931512e160ec1062bf90aa0a98b6d0a5c0eac1c5236f3b01", "a3236e4c3f0ac23b292f0cceeb913b661450d7c536ef3f020c73ff6730e5cd3a", "afda91d465139982f8514db180b72f43d716ac44d7740562b9ad243754ccc2e3", "c2ecaeab377bd2f93c99d27bd1da11c6897312749bc776366f69955355f2e884", "d0b64ff06449f7fac769b89927ee07af5e08293f97b4313a993d475efef93d37", "e8e395b302dac690def9b44f64ca83ef9948255a86331f17fe7a9e28754efc39"], "path": "%APPDATA%\\Windows Update.exe"}, {"hashes": ["0cc60a001470ecabe85754beef0d07b78de1641c51c3a03d65942f7cc891a501", "7cac741b38d55555e63146cffa0c956f0f165eb93c1cd5c253c0de50b80362bc", "a3236e4c3f0ac23b292f0cceeb913b661450d7c536ef3f020c73ff6730e5cd3a", "afda91d465139982f8514db180b72f43d716ac44d7740562b9ad243754ccc2e3", "c2ecaeab377bd2f93c99d27bd1da11c6897312749bc776366f69955355f2e884", "d0b64ff06449f7fac769b89927ee07af5e08293f97b4313a993d475efef93d37", "e8e395b302dac690def9b44f64ca83ef9948255a86331f17fe7a9e28754efc39"], "path": "E:\\Sys.exe"}, {"hashes": ["7cac741b38d55555e63146cffa0c956f0f165eb93c1cd5c253c0de50b80362bc", "c2ecaeab377bd2f93c99d27bd1da11c6897312749bc776366f69955355f2e884", "d0b64ff06449f7fac769b89927ee07af5e08293f97b4313a993d475efef93d37", "e8e395b302dac690def9b44f64ca83ef9948255a86331f17fe7a9e28754efc39"], "path": "E:\\autorun.inf"}, {"hashes": ["381c0a759f77e6d6b710763f119c4baf8dd17770da0459596194b0db024d25e5", "44442d389918ebef5f69c3634971264ad26ff76a0097aee8731edde514ab5f57", "70856dcd88760e632c1179f1a8c6707706c99aaf89c0e68ba91590be17f6da83", "be1e3e037b53b4f9c853d37cf2a79d8fa89179725a46be354255bc1602f359dc"], "path": "%APPDATA%\\WindowsUpdate.exe"}, {"hashes": ["d6c6148d576f451d9c6ecba42e300fe1d4f7e3e65fd1c8f1b2ef48faa9af434c"], "path": "%HOMEPATH%\\Favorites\\Links for United States\\GobiernoUSA.gov.url"}, {"hashes": ["d6c6148d576f451d9c6ecba42e300fe1d4f7e3e65fd1c8f1b2ef48faa9af434c"], "path": "%HOMEPATH%\\Favorites\\Links for United States\\USA.gov.url"}, {"hashes": ["d6c6148d576f451d9c6ecba42e300fe1d4f7e3e65fd1c8f1b2ef48faa9af434c"], "path": "%HOMEPATH%\\Favorites\\Links\\Suggested Sites.url"}, {"hashes": ["d6c6148d576f451d9c6ecba42e300fe1d4f7e3e65fd1c8f1b2ef48faa9af434c"], "path": "%HOMEPATH%\\Favorites\\Links\\Web Slice Gallery.url"}, {"hashes": ["d6c6148d576f451d9c6ecba42e300fe1d4f7e3e65fd1c8f1b2ef48faa9af434c"], "path": "%HOMEPATH%\\Favorites\\MSN Websites\\MSN Autos.url"}, {"hashes": ["d6c6148d576f451d9c6ecba42e300fe1d4f7e3e65fd1c8f1b2ef48faa9af434c"], "path": "%HOMEPATH%\\Favorites\\MSN Websites\\MSN Entertainment.url"}, {"hashes": ["d6c6148d576f451d9c6ecba42e300fe1d4f7e3e65fd1c8f1b2ef48faa9af434c"], "path": "%HOMEPATH%\\Favorites\\MSN Websites\\MSN Money.url"}, {"hashes": ["d6c6148d576f451d9c6ecba42e300fe1d4f7e3e65fd1c8f1b2ef48faa9af434c"], "path": "%HOMEPATH%\\Favorites\\MSN Websites\\MSN Sports.url"}, {"hashes": ["d6c6148d576f451d9c6ecba42e300fe1d4f7e3e65fd1c8f1b2ef48faa9af434c"], "path": "%HOMEPATH%\\Favorites\\MSN Websites\\MSN.url"}, {"hashes": ["d6c6148d576f451d9c6ecba42e300fe1d4f7e3e65fd1c8f1b2ef48faa9af434c"], "path": "%HOMEPATH%\\Favorites\\MSN Websites\\MSNBC News.url"}, {"hashes": ["d6c6148d576f451d9c6ecba42e300fe1d4f7e3e65fd1c8f1b2ef48faa9af434c"], "path": "%HOMEPATH%\\Favorites\\Microsoft Websites\\IE Add-on site.url"}, {"hashes": ["d6c6148d576f451d9c6ecba42e300fe1d4f7e3e65fd1c8f1b2ef48faa9af434c"], "path": "%HOMEPATH%\\Favorites\\Microsoft Websites\\IE site on Microsoft.com.url"}, {"hashes": ["d6c6148d576f451d9c6ecba42e300fe1d4f7e3e65fd1c8f1b2ef48faa9af434c"], "path": "%HOMEPATH%\\Favorites\\Microsoft Websites\\Microsoft At Home.url"}, {"hashes": ["d6c6148d576f451d9c6ecba42e300fe1d4f7e3e65fd1c8f1b2ef48faa9af434c"], "path": "%HOMEPATH%\\Favorites\\Microsoft Websites\\Microsoft At Work.url"}, {"hashes": ["d6c6148d576f451d9c6ecba42e300fe1d4f7e3e65fd1c8f1b2ef48faa9af434c"], "path": "%HOMEPATH%\\Favorites\\Microsoft Websites\\Microsoft Store.url"}, {"hashes": ["d6c6148d576f451d9c6ecba42e300fe1d4f7e3e65fd1c8f1b2ef48faa9af434c"], "path": "%HOMEPATH%\\Favorites\\Windows Live\\Get Windows Live.url"}, {"hashes": ["d6c6148d576f451d9c6ecba42e300fe1d4f7e3e65fd1c8f1b2ef48faa9af434c"], "path": "%HOMEPATH%\\Favorites\\Windows Live\\Windows Live Gallery.url"}, {"hashes": ["d6c6148d576f451d9c6ecba42e300fe1d4f7e3e65fd1c8f1b2ef48faa9af434c"], "path": "%HOMEPATH%\\Favorites\\Windows Live\\Windows Live Mail.url"}, {"hashes": ["d6c6148d576f451d9c6ecba42e300fe1d4f7e3e65fd1c8f1b2ef48faa9af434c"], "path": "%HOMEPATH%\\Favorites\\Windows Live\\Windows Live Spaces.url"}, {"hashes": ["d6c6148d576f451d9c6ecba42e300fe1d4f7e3e65fd1c8f1b2ef48faa9af434c"], "path": "."}, {"hashes": ["b4046a54de2f089e8172bb52c101240c9f490614c1e1c320372172d3924c2cb0"], "path": "%TEMP%\\subfolder"}, {"hashes": ["b4046a54de2f089e8172bb52c101240c9f490614c1e1c320372172d3924c2cb0"], "path": "%TEMP%\\subfolder\\fname.scr"}, {"hashes": ["b4046a54de2f089e8172bb52c101240c9f490614c1e1c320372172d3924c2cb0"], "path": "%TEMP%\\subfolder\\fname.vbs"}, {"hashes": ["b4046a54de2f089e8172bb52c101240c9f490614c1e1c320372172d3924c2cb0"], "path": "%TEMP%\\_outputC155BBF.scr"}, {"hashes": ["d6c6148d576f451d9c6ecba42e300fe1d4f7e3e65fd1c8f1b2ef48faa9af434c"], "path": "%APPDATA%\\osk.exe"}, {"hashes": ["b4046a54de2f089e8172bb52c101240c9f490614c1e1c320372172d3924c2cb0"], "path": "%TEMP%\\subfolder\\foldname.scr"}, {"hashes": ["b4046a54de2f089e8172bb52c101240c9f490614c1e1c320372172d3924c2cb0"], "path": "%TEMP%\\subfolder\\foldname.vbs"}, {"hashes": ["d6c6148d576f451d9c6ecba42e300fe1d4f7e3e65fd1c8f1b2ef48faa9af434c"], "path": "<dir>\\HOW TO RECOVER ENCRYPTED FILES.TXT"}], "ip": [{"hashes": ["0cc60a001470ecabe85754beef0d07b78de1641c51c3a03d65942f7cc891a501", "381c0a759f77e6d6b710763f119c4baf8dd17770da0459596194b0db024d25e5", "44442d389918ebef5f69c3634971264ad26ff76a0097aee8731edde514ab5f57", "7cac741b38d55555e63146cffa0c956f0f165eb93c1cd5c253c0de50b80362bc", "7de1810e9c0d7564931512e160ec1062bf90aa0a98b6d0a5c0eac1c5236f3b01", "a3236e4c3f0ac23b292f0cceeb913b661450d7c536ef3f020c73ff6730e5cd3a", "e8e395b302dac690def9b44f64ca83ef9948255a86331f17fe7a9e28754efc39"], "ip": "104[.]16[.]154[.]36"}, {"hashes": ["313c12302aac0dce682c608bbb87a98efb585426990eddab37e62a929ea44578", "70856dcd88760e632c1179f1a8c6707706c99aaf89c0e68ba91590be17f6da83", "afda91d465139982f8514db180b72f43d716ac44d7740562b9ad243754ccc2e3", "be1e3e037b53b4f9c853d37cf2a79d8fa89179725a46be354255bc1602f359dc", "c2ecaeab377bd2f93c99d27bd1da11c6897312749bc776366f69955355f2e884", "d0b64ff06449f7fac769b89927ee07af5e08293f97b4313a993d475efef93d37"], "ip": "104[.]16[.]155[.]36"}, {"hashes": ["0cc60a001470ecabe85754beef0d07b78de1641c51c3a03d65942f7cc891a501", "afda91d465139982f8514db180b72f43d716ac44d7740562b9ad243754ccc2e3", "c2ecaeab377bd2f93c99d27bd1da11c6897312749bc776366f69955355f2e884", "d0b64ff06449f7fac769b89927ee07af5e08293f97b4313a993d475efef93d37", "e8e395b302dac690def9b44f64ca83ef9948255a86331f17fe7a9e28754efc39"], "ip": "77[.]88[.]21[.]158"}, {"hashes": ["381c0a759f77e6d6b710763f119c4baf8dd17770da0459596194b0db024d25e5", "7de1810e9c0d7564931512e160ec1062bf90aa0a98b6d0a5c0eac1c5236f3b01", "be1e3e037b53b4f9c853d37cf2a79d8fa89179725a46be354255bc1602f359dc"], "ip": "136[.]143[.]190[.]56"}, {"hashes": ["313c12302aac0dce682c608bbb87a98efb585426990eddab37e62a929ea44578"], "ip": "173[.]194[.]66[.]108"}, {"hashes": ["a3236e4c3f0ac23b292f0cceeb913b661450d7c536ef3f020c73ff6730e5cd3a"], "ip": "217[.]69[.]139[.]160"}, {"hashes": ["a3236e4c3f0ac23b292f0cceeb913b661450d7c536ef3f020c73ff6730e5cd3a"], "ip": "104[.]16[.]19[.]94"}, {"hashes": ["a3236e4c3f0ac23b292f0cceeb913b661450d7c536ef3f020c73ff6730e5cd3a"], "ip": "104[.]26[.]4[.]30"}, {"hashes": ["a3236e4c3f0ac23b292f0cceeb913b661450d7c536ef3f020c73ff6730e5cd3a"], "ip": "172[.]67[.]74[.]163"}], "mutex": [{"hashes": ["313c12302aac0dce682c608bbb87a98efb585426990eddab37e62a929ea44578"], "name": "Global\\784d0b20-675b-11eb-b5f8-00501e3ae7b6"}, {"hashes": ["70856dcd88760e632c1179f1a8c6707706c99aaf89c0e68ba91590be17f6da83"], "name": "Global\\73780b41-675b-11eb-b5f8-00501e3ae7b6"}, {"hashes": ["d6c6148d576f451d9c6ecba42e300fe1d4f7e3e65fd1c8f1b2ef48faa9af434c"], "name": "uAcbxOPhOIDLSdW"}, {"hashes": ["d6c6148d576f451d9c6ecba42e300fe1d4f7e3e65fd1c8f1b2ef48faa9af434c"], "name": "{84CAD4E6-93DA-46E4-8B81-9377B2B2ACB0}"}, {"hashes": ["44442d389918ebef5f69c3634971264ad26ff76a0097aee8731edde514ab5f57"], "name": "Global\\64533681-675b-11eb-b5f8-00501e3ae7b6"}], "registry": [{"hashes": ["0cc60a001470ecabe85754beef0d07b78de1641c51c3a03d65942f7cc891a501", "313c12302aac0dce682c608bbb87a98efb585426990eddab37e62a929ea44578", "381c0a759f77e6d6b710763f119c4baf8dd17770da0459596194b0db024d25e5", "44442d389918ebef5f69c3634971264ad26ff76a0097aee8731edde514ab5f57", "70856dcd88760e632c1179f1a8c6707706c99aaf89c0e68ba91590be17f6da83", "7cac741b38d55555e63146cffa0c956f0f165eb93c1cd5c253c0de50b80362bc", "7de1810e9c0d7564931512e160ec1062bf90aa0a98b6d0a5c0eac1c5236f3b01", "a3236e4c3f0ac23b292f0cceeb913b661450d7c536ef3f020c73ff6730e5cd3a", "afda91d465139982f8514db180b72f43d716ac44d7740562b9ad243754ccc2e3", "be1e3e037b53b4f9c853d37cf2a79d8fa89179725a46be354255bc1602f359dc", "c2ecaeab377bd2f93c99d27bd1da11c6897312749bc776366f69955355f2e884", "d0b64ff06449f7fac769b89927ee07af5e08293f97b4313a993d475efef93d37", "e8e395b302dac690def9b44f64ca83ef9948255a86331f17fe7a9e28754efc39"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\EXPLORER\\ADVANCED", "value_name": "Hidden"}, {"hashes": ["381c0a759f77e6d6b710763f119c4baf8dd17770da0459596194b0db024d25e5", "44442d389918ebef5f69c3634971264ad26ff76a0097aee8731edde514ab5f57", "70856dcd88760e632c1179f1a8c6707706c99aaf89c0e68ba91590be17f6da83", "be1e3e037b53b4f9c853d37cf2a79d8fa89179725a46be354255bc1602f359dc"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "Windows Update"}, {"hashes": ["b4046a54de2f089e8172bb52c101240c9f490614c1e1c320372172d3924c2cb0"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUNONCE", "value_name": "foldname"}, {"hashes": ["b4046a54de2f089e8172bb52c101240c9f490614c1e1c320372172d3924c2cb0"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUNONCE", "value_name": "fname"}, {"hashes": ["d6c6148d576f451d9c6ecba42e300fe1d4f7e3e65fd1c8f1b2ef48faa9af434c"], "key": "<HKCU>\\SOFTWARE\\ZUNIX", "value_name": null}, {"hashes": ["d6c6148d576f451d9c6ecba42e300fe1d4f7e3e65fd1c8f1b2ef48faa9af434c"], "key": "<HKCU>\\SOFTWARE\\UACBXOPHOIDLSDW", "value_name": null}, {"hashes": ["d6c6148d576f451d9c6ecba42e300fe1d4f7e3e65fd1c8f1b2ef48faa9af434c"], "key": "<HKCU>\\SOFTWARE\\ZUNIX", "value_name": "LCTVY"}, {"hashes": ["d6c6148d576f451d9c6ecba42e300fe1d4f7e3e65fd1c8f1b2ef48faa9af434c"], "key": "<HKCU>\\SOFTWARE\\UACBXOPHOIDLSDW", "value_name": "temp"}, {"hashes": ["d6c6148d576f451d9c6ecba42e300fe1d4f7e3e65fd1c8f1b2ef48faa9af434c"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUNONCE", "value_name": "uAcbxOPhOIDLSdW"}]}, "reports_count": 17}, "Win.Dropper.Kovter-9829554-1": {"bis": [{"bi": "pe-encrypted-section", "hashes": ["f37666d19f8437da69601d1230044323238bfdcca55733da6aecc2426635f49d", "5382095e86d7d4c96c6dc82f90295ad9d471a45bdbaeaa7189c7d10a2215577b", "41b20715989d4b18d324903abae7e1dd07f2d2aa0aac11ac4550e5429522b92b", "a77ecb8bf7f9cf783975e0a26f082f326d46474761ef21525cf4d2d5b609cd3c", "92035f8889ebd991039c6668b420112498d935028ca16f3fe20320ce2aed5ca0", "6cbeefd5857c713d244475889c17b56330dad07074b93b67e57e1967390c5396", "29cff4ff6832e7f9ab365a41c001b795d40d53665e89fa573d21392372ca5bba", "872935c53873acdf78176860dddd6448c993d79383a401a9f6e4698d96bdcedd", "74be508572debc5809d2d1b12fdf9fc9e9604d5b085980fd5bdf3d6acee8270c", "c0f654c2518ef407b5d6ca7d173b2e23a42612b37c8e1c074934ea4292654572", "424ca3b858c29da3180ab7ca0b437d4ae69d3cdf9903e169db0797d60eeb995d", "c425ae6a8979fddfcf88cdd53e83b7bcdc399f20b6832ed67d482fbc0c277d88", "57ebf26260ab809f8549beaf7189c1ff2c52c24eb918b177fa8073b88e9362d1", "41915f34381fbbb210f0fa7b5180398381987f3d1b579a97bda4f2d977166e86", "8c2eae23840b92322f519b3e4a6f4de77561675dc2e518b90db70f456e6eb11d", "1e974c0d21c83e55e91faff4440b617a64583f9f96c8171f7cf68057ecd39cde", "81aef4732a54511af957a5fefd4a5479e685afc547b88ffa136baa6390748078", "aff0653ce35a20cf8bcf254cbeabcb14e89cda034d51f589d8d833d027c25f3e", "68891b546ef28996139fb032bdb305bcffe8ae557c2b4fac43ed4e7fa922d1f4", "3b804ae44f61c1cd29fa4db5b7e1c8449723bf8b0746431dd66ccea50f1121a8", "521adb484233e2ff5d53229fd4b319c7c54c19e089a3439f5250e1f8cb8ef9c8", "754e08220e8054d0b44e2a374db48d4e6ab31cb5ec1898a274cd35b32bffad16"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "memory-execute-readwrite", "hashes": ["f37666d19f8437da69601d1230044323238bfdcca55733da6aecc2426635f49d", "5382095e86d7d4c96c6dc82f90295ad9d471a45bdbaeaa7189c7d10a2215577b", "41b20715989d4b18d324903abae7e1dd07f2d2aa0aac11ac4550e5429522b92b", "a77ecb8bf7f9cf783975e0a26f082f326d46474761ef21525cf4d2d5b609cd3c", "92035f8889ebd991039c6668b420112498d935028ca16f3fe20320ce2aed5ca0", "6cbeefd5857c713d244475889c17b56330dad07074b93b67e57e1967390c5396", "29cff4ff6832e7f9ab365a41c001b795d40d53665e89fa573d21392372ca5bba", "872935c53873acdf78176860dddd6448c993d79383a401a9f6e4698d96bdcedd", "74be508572debc5809d2d1b12fdf9fc9e9604d5b085980fd5bdf3d6acee8270c", "c0f654c2518ef407b5d6ca7d173b2e23a42612b37c8e1c074934ea4292654572", "424ca3b858c29da3180ab7ca0b437d4ae69d3cdf9903e169db0797d60eeb995d", "c425ae6a8979fddfcf88cdd53e83b7bcdc399f20b6832ed67d482fbc0c277d88", "57ebf26260ab809f8549beaf7189c1ff2c52c24eb918b177fa8073b88e9362d1", "41915f34381fbbb210f0fa7b5180398381987f3d1b579a97bda4f2d977166e86", "8c2eae23840b92322f519b3e4a6f4de77561675dc2e518b90db70f456e6eb11d", "1e974c0d21c83e55e91faff4440b617a64583f9f96c8171f7cf68057ecd39cde", "81aef4732a54511af957a5fefd4a5479e685afc547b88ffa136baa6390748078", "aff0653ce35a20cf8bcf254cbeabcb14e89cda034d51f589d8d833d027c25f3e", "68891b546ef28996139fb032bdb305bcffe8ae557c2b4fac43ed4e7fa922d1f4", "3b804ae44f61c1cd29fa4db5b7e1c8449723bf8b0746431dd66ccea50f1121a8", "521adb484233e2ff5d53229fd4b319c7c54c19e089a3439f5250e1f8cb8ef9c8", "754e08220e8054d0b44e2a374db48d4e6ab31cb5ec1898a274cd35b32bffad16"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["f37666d19f8437da69601d1230044323238bfdcca55733da6aecc2426635f49d", "5382095e86d7d4c96c6dc82f90295ad9d471a45bdbaeaa7189c7d10a2215577b", "41b20715989d4b18d324903abae7e1dd07f2d2aa0aac11ac4550e5429522b92b", "a77ecb8bf7f9cf783975e0a26f082f326d46474761ef21525cf4d2d5b609cd3c", "92035f8889ebd991039c6668b420112498d935028ca16f3fe20320ce2aed5ca0", "6cbeefd5857c713d244475889c17b56330dad07074b93b67e57e1967390c5396", "29cff4ff6832e7f9ab365a41c001b795d40d53665e89fa573d21392372ca5bba", "872935c53873acdf78176860dddd6448c993d79383a401a9f6e4698d96bdcedd", "74be508572debc5809d2d1b12fdf9fc9e9604d5b085980fd5bdf3d6acee8270c", "c0f654c2518ef407b5d6ca7d173b2e23a42612b37c8e1c074934ea4292654572", "424ca3b858c29da3180ab7ca0b437d4ae69d3cdf9903e169db0797d60eeb995d", "c425ae6a8979fddfcf88cdd53e83b7bcdc399f20b6832ed67d482fbc0c277d88", "57ebf26260ab809f8549beaf7189c1ff2c52c24eb918b177fa8073b88e9362d1", "41915f34381fbbb210f0fa7b5180398381987f3d1b579a97bda4f2d977166e86", "8c2eae23840b92322f519b3e4a6f4de77561675dc2e518b90db70f456e6eb11d", "1e974c0d21c83e55e91faff4440b617a64583f9f96c8171f7cf68057ecd39cde", "81aef4732a54511af957a5fefd4a5479e685afc547b88ffa136baa6390748078", "aff0653ce35a20cf8bcf254cbeabcb14e89cda034d51f589d8d833d027c25f3e", "68891b546ef28996139fb032bdb305bcffe8ae557c2b4fac43ed4e7fa922d1f4", "3b804ae44f61c1cd29fa4db5b7e1c8449723bf8b0746431dd66ccea50f1121a8", "521adb484233e2ff5d53229fd4b319c7c54c19e089a3439f5250e1f8cb8ef9c8", "754e08220e8054d0b44e2a374db48d4e6ab31cb5ec1898a274cd35b32bffad16"], "mitre_attack_tags": []}, {"bi": "cta-static-analyzer-malicious", "hashes": ["f37666d19f8437da69601d1230044323238bfdcca55733da6aecc2426635f49d", "5382095e86d7d4c96c6dc82f90295ad9d471a45bdbaeaa7189c7d10a2215577b", "41b20715989d4b18d324903abae7e1dd07f2d2aa0aac11ac4550e5429522b92b", "a77ecb8bf7f9cf783975e0a26f082f326d46474761ef21525cf4d2d5b609cd3c", "92035f8889ebd991039c6668b420112498d935028ca16f3fe20320ce2aed5ca0", "6cbeefd5857c713d244475889c17b56330dad07074b93b67e57e1967390c5396", "29cff4ff6832e7f9ab365a41c001b795d40d53665e89fa573d21392372ca5bba", "872935c53873acdf78176860dddd6448c993d79383a401a9f6e4698d96bdcedd", "74be508572debc5809d2d1b12fdf9fc9e9604d5b085980fd5bdf3d6acee8270c", "c0f654c2518ef407b5d6ca7d173b2e23a42612b37c8e1c074934ea4292654572", "424ca3b858c29da3180ab7ca0b437d4ae69d3cdf9903e169db0797d60eeb995d", "c425ae6a8979fddfcf88cdd53e83b7bcdc399f20b6832ed67d482fbc0c277d88", "57ebf26260ab809f8549beaf7189c1ff2c52c24eb918b177fa8073b88e9362d1", "41915f34381fbbb210f0fa7b5180398381987f3d1b579a97bda4f2d977166e86", "8c2eae23840b92322f519b3e4a6f4de77561675dc2e518b90db70f456e6eb11d", "1e974c0d21c83e55e91faff4440b617a64583f9f96c8171f7cf68057ecd39cde", "81aef4732a54511af957a5fefd4a5479e685afc547b88ffa136baa6390748078", "aff0653ce35a20cf8bcf254cbeabcb14e89cda034d51f589d8d833d027c25f3e", "68891b546ef28996139fb032bdb305bcffe8ae557c2b4fac43ed4e7fa922d1f4", "3b804ae44f61c1cd29fa4db5b7e1c8449723bf8b0746431dd66ccea50f1121a8", "521adb484233e2ff5d53229fd4b319c7c54c19e089a3439f5250e1f8cb8ef9c8", "754e08220e8054d0b44e2a374db48d4e6ab31cb5ec1898a274cd35b32bffad16"], "mitre_attack_tags": []}, {"bi": "artifact-flagged-obfuscation", "hashes": ["f37666d19f8437da69601d1230044323238bfdcca55733da6aecc2426635f49d", "5382095e86d7d4c96c6dc82f90295ad9d471a45bdbaeaa7189c7d10a2215577b", "41b20715989d4b18d324903abae7e1dd07f2d2aa0aac11ac4550e5429522b92b", "a77ecb8bf7f9cf783975e0a26f082f326d46474761ef21525cf4d2d5b609cd3c", "92035f8889ebd991039c6668b420112498d935028ca16f3fe20320ce2aed5ca0", "6cbeefd5857c713d244475889c17b56330dad07074b93b67e57e1967390c5396", "29cff4ff6832e7f9ab365a41c001b795d40d53665e89fa573d21392372ca5bba", "872935c53873acdf78176860dddd6448c993d79383a401a9f6e4698d96bdcedd", "74be508572debc5809d2d1b12fdf9fc9e9604d5b085980fd5bdf3d6acee8270c", "c0f654c2518ef407b5d6ca7d173b2e23a42612b37c8e1c074934ea4292654572", "424ca3b858c29da3180ab7ca0b437d4ae69d3cdf9903e169db0797d60eeb995d", "c425ae6a8979fddfcf88cdd53e83b7bcdc399f20b6832ed67d482fbc0c277d88", "57ebf26260ab809f8549beaf7189c1ff2c52c24eb918b177fa8073b88e9362d1", "41915f34381fbbb210f0fa7b5180398381987f3d1b579a97bda4f2d977166e86", "8c2eae23840b92322f519b3e4a6f4de77561675dc2e518b90db70f456e6eb11d", "1e974c0d21c83e55e91faff4440b617a64583f9f96c8171f7cf68057ecd39cde", "81aef4732a54511af957a5fefd4a5479e685afc547b88ffa136baa6390748078", "aff0653ce35a20cf8bcf254cbeabcb14e89cda034d51f589d8d833d027c25f3e", "68891b546ef28996139fb032bdb305bcffe8ae557c2b4fac43ed4e7fa922d1f4", "3b804ae44f61c1cd29fa4db5b7e1c8449723bf8b0746431dd66ccea50f1121a8", "521adb484233e2ff5d53229fd4b319c7c54c19e089a3439f5250e1f8cb8ef9c8", "754e08220e8054d0b44e2a374db48d4e6ab31cb5ec1898a274cd35b32bffad16"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "wmi-process-create", "hashes": ["f37666d19f8437da69601d1230044323238bfdcca55733da6aecc2426635f49d", "5382095e86d7d4c96c6dc82f90295ad9d471a45bdbaeaa7189c7d10a2215577b", "41b20715989d4b18d324903abae7e1dd07f2d2aa0aac11ac4550e5429522b92b", "a77ecb8bf7f9cf783975e0a26f082f326d46474761ef21525cf4d2d5b609cd3c", "92035f8889ebd991039c6668b420112498d935028ca16f3fe20320ce2aed5ca0", "6cbeefd5857c713d244475889c17b56330dad07074b93b67e57e1967390c5396", "29cff4ff6832e7f9ab365a41c001b795d40d53665e89fa573d21392372ca5bba", "872935c53873acdf78176860dddd6448c993d79383a401a9f6e4698d96bdcedd", "74be508572debc5809d2d1b12fdf9fc9e9604d5b085980fd5bdf3d6acee8270c", "c0f654c2518ef407b5d6ca7d173b2e23a42612b37c8e1c074934ea4292654572", "424ca3b858c29da3180ab7ca0b437d4ae69d3cdf9903e169db0797d60eeb995d", "c425ae6a8979fddfcf88cdd53e83b7bcdc399f20b6832ed67d482fbc0c277d88", "57ebf26260ab809f8549beaf7189c1ff2c52c24eb918b177fa8073b88e9362d1", "41915f34381fbbb210f0fa7b5180398381987f3d1b579a97bda4f2d977166e86", "8c2eae23840b92322f519b3e4a6f4de77561675dc2e518b90db70f456e6eb11d", "1e974c0d21c83e55e91faff4440b617a64583f9f96c8171f7cf68057ecd39cde", "81aef4732a54511af957a5fefd4a5479e685afc547b88ffa136baa6390748078", "aff0653ce35a20cf8bcf254cbeabcb14e89cda034d51f589d8d833d027c25f3e", "68891b546ef28996139fb032bdb305bcffe8ae557c2b4fac43ed4e7fa922d1f4", "3b804ae44f61c1cd29fa4db5b7e1c8449723bf8b0746431dd66ccea50f1121a8", "521adb484233e2ff5d53229fd4b319c7c54c19e089a3439f5250e1f8cb8ef9c8", "754e08220e8054d0b44e2a374db48d4e6ab31cb5ec1898a274cd35b32bffad16"], "mitre_attack_tags": ["TA0005", "TA0002", "T1218", "T1047"]}, {"bi": "process-long-cmdline", "hashes": ["f37666d19f8437da69601d1230044323238bfdcca55733da6aecc2426635f49d", "5382095e86d7d4c96c6dc82f90295ad9d471a45bdbaeaa7189c7d10a2215577b", "41b20715989d4b18d324903abae7e1dd07f2d2aa0aac11ac4550e5429522b92b", "a77ecb8bf7f9cf783975e0a26f082f326d46474761ef21525cf4d2d5b609cd3c", "92035f8889ebd991039c6668b420112498d935028ca16f3fe20320ce2aed5ca0", "6cbeefd5857c713d244475889c17b56330dad07074b93b67e57e1967390c5396", "29cff4ff6832e7f9ab365a41c001b795d40d53665e89fa573d21392372ca5bba", "872935c53873acdf78176860dddd6448c993d79383a401a9f6e4698d96bdcedd", "74be508572debc5809d2d1b12fdf9fc9e9604d5b085980fd5bdf3d6acee8270c", "c0f654c2518ef407b5d6ca7d173b2e23a42612b37c8e1c074934ea4292654572", "424ca3b858c29da3180ab7ca0b437d4ae69d3cdf9903e169db0797d60eeb995d", "c425ae6a8979fddfcf88cdd53e83b7bcdc399f20b6832ed67d482fbc0c277d88", "57ebf26260ab809f8549beaf7189c1ff2c52c24eb918b177fa8073b88e9362d1", "41915f34381fbbb210f0fa7b5180398381987f3d1b579a97bda4f2d977166e86", "8c2eae23840b92322f519b3e4a6f4de77561675dc2e518b90db70f456e6eb11d", "1e974c0d21c83e55e91faff4440b617a64583f9f96c8171f7cf68057ecd39cde", "81aef4732a54511af957a5fefd4a5479e685afc547b88ffa136baa6390748078", "aff0653ce35a20cf8bcf254cbeabcb14e89cda034d51f589d8d833d027c25f3e", "68891b546ef28996139fb032bdb305bcffe8ae557c2b4fac43ed4e7fa922d1f4", "3b804ae44f61c1cd29fa4db5b7e1c8449723bf8b0746431dd66ccea50f1121a8", "521adb484233e2ff5d53229fd4b319c7c54c19e089a3439f5250e1f8cb8ef9c8", "754e08220e8054d0b44e2a374db48d4e6ab31cb5ec1898a274cd35b32bffad16"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "excessive-foreign-memory-modification", "hashes": ["f37666d19f8437da69601d1230044323238bfdcca55733da6aecc2426635f49d", "5382095e86d7d4c96c6dc82f90295ad9d471a45bdbaeaa7189c7d10a2215577b", "41b20715989d4b18d324903abae7e1dd07f2d2aa0aac11ac4550e5429522b92b", "a77ecb8bf7f9cf783975e0a26f082f326d46474761ef21525cf4d2d5b609cd3c", "92035f8889ebd991039c6668b420112498d935028ca16f3fe20320ce2aed5ca0", "6cbeefd5857c713d244475889c17b56330dad07074b93b67e57e1967390c5396", "29cff4ff6832e7f9ab365a41c001b795d40d53665e89fa573d21392372ca5bba", "872935c53873acdf78176860dddd6448c993d79383a401a9f6e4698d96bdcedd", "74be508572debc5809d2d1b12fdf9fc9e9604d5b085980fd5bdf3d6acee8270c", "c0f654c2518ef407b5d6ca7d173b2e23a42612b37c8e1c074934ea4292654572", "424ca3b858c29da3180ab7ca0b437d4ae69d3cdf9903e169db0797d60eeb995d", "c425ae6a8979fddfcf88cdd53e83b7bcdc399f20b6832ed67d482fbc0c277d88", "57ebf26260ab809f8549beaf7189c1ff2c52c24eb918b177fa8073b88e9362d1", "41915f34381fbbb210f0fa7b5180398381987f3d1b579a97bda4f2d977166e86", "8c2eae23840b92322f519b3e4a6f4de77561675dc2e518b90db70f456e6eb11d", "1e974c0d21c83e55e91faff4440b617a64583f9f96c8171f7cf68057ecd39cde", "81aef4732a54511af957a5fefd4a5479e685afc547b88ffa136baa6390748078", "aff0653ce35a20cf8bcf254cbeabcb14e89cda034d51f589d8d833d027c25f3e", "68891b546ef28996139fb032bdb305bcffe8ae557c2b4fac43ed4e7fa922d1f4", "3b804ae44f61c1cd29fa4db5b7e1c8449723bf8b0746431dd66ccea50f1121a8", "521adb484233e2ff5d53229fd4b319c7c54c19e089a3439f5250e1f8cb8ef9c8", "754e08220e8054d0b44e2a374db48d4e6ab31cb5ec1898a274cd35b32bffad16"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "pe-uses-visual-basic", "hashes": ["f37666d19f8437da69601d1230044323238bfdcca55733da6aecc2426635f49d", "5382095e86d7d4c96c6dc82f90295ad9d471a45bdbaeaa7189c7d10a2215577b", "41b20715989d4b18d324903abae7e1dd07f2d2aa0aac11ac4550e5429522b92b", "a77ecb8bf7f9cf783975e0a26f082f326d46474761ef21525cf4d2d5b609cd3c", "92035f8889ebd991039c6668b420112498d935028ca16f3fe20320ce2aed5ca0", "6cbeefd5857c713d244475889c17b56330dad07074b93b67e57e1967390c5396", "29cff4ff6832e7f9ab365a41c001b795d40d53665e89fa573d21392372ca5bba", "872935c53873acdf78176860dddd6448c993d79383a401a9f6e4698d96bdcedd", "74be508572debc5809d2d1b12fdf9fc9e9604d5b085980fd5bdf3d6acee8270c", "c0f654c2518ef407b5d6ca7d173b2e23a42612b37c8e1c074934ea4292654572", "424ca3b858c29da3180ab7ca0b437d4ae69d3cdf9903e169db0797d60eeb995d", "c425ae6a8979fddfcf88cdd53e83b7bcdc399f20b6832ed67d482fbc0c277d88", "57ebf26260ab809f8549beaf7189c1ff2c52c24eb918b177fa8073b88e9362d1", "41915f34381fbbb210f0fa7b5180398381987f3d1b579a97bda4f2d977166e86", "8c2eae23840b92322f519b3e4a6f4de77561675dc2e518b90db70f456e6eb11d", "1e974c0d21c83e55e91faff4440b617a64583f9f96c8171f7cf68057ecd39cde", "81aef4732a54511af957a5fefd4a5479e685afc547b88ffa136baa6390748078", "aff0653ce35a20cf8bcf254cbeabcb14e89cda034d51f589d8d833d027c25f3e", "68891b546ef28996139fb032bdb305bcffe8ae557c2b4fac43ed4e7fa922d1f4", "3b804ae44f61c1cd29fa4db5b7e1c8449723bf8b0746431dd66ccea50f1121a8", "521adb484233e2ff5d53229fd4b319c7c54c19e089a3439f5250e1f8cb8ef9c8", "754e08220e8054d0b44e2a374db48d4e6ab31cb5ec1898a274cd35b32bffad16"], "mitre_attack_tags": []}, {"bi": "registry-autorun-key-modified", "hashes": ["f37666d19f8437da69601d1230044323238bfdcca55733da6aecc2426635f49d", "5382095e86d7d4c96c6dc82f90295ad9d471a45bdbaeaa7189c7d10a2215577b", "41b20715989d4b18d324903abae7e1dd07f2d2aa0aac11ac4550e5429522b92b", "a77ecb8bf7f9cf783975e0a26f082f326d46474761ef21525cf4d2d5b609cd3c", "92035f8889ebd991039c6668b420112498d935028ca16f3fe20320ce2aed5ca0", "6cbeefd5857c713d244475889c17b56330dad07074b93b67e57e1967390c5396", "29cff4ff6832e7f9ab365a41c001b795d40d53665e89fa573d21392372ca5bba", "872935c53873acdf78176860dddd6448c993d79383a401a9f6e4698d96bdcedd", "74be508572debc5809d2d1b12fdf9fc9e9604d5b085980fd5bdf3d6acee8270c", "c0f654c2518ef407b5d6ca7d173b2e23a42612b37c8e1c074934ea4292654572", "424ca3b858c29da3180ab7ca0b437d4ae69d3cdf9903e169db0797d60eeb995d", "c425ae6a8979fddfcf88cdd53e83b7bcdc399f20b6832ed67d482fbc0c277d88", "57ebf26260ab809f8549beaf7189c1ff2c52c24eb918b177fa8073b88e9362d1", "41915f34381fbbb210f0fa7b5180398381987f3d1b579a97bda4f2d977166e86", "8c2eae23840b92322f519b3e4a6f4de77561675dc2e518b90db70f456e6eb11d", "1e974c0d21c83e55e91faff4440b617a64583f9f96c8171f7cf68057ecd39cde", "81aef4732a54511af957a5fefd4a5479e685afc547b88ffa136baa6390748078", "aff0653ce35a20cf8bcf254cbeabcb14e89cda034d51f589d8d833d027c25f3e", "68891b546ef28996139fb032bdb305bcffe8ae557c2b4fac43ed4e7fa922d1f4", "3b804ae44f61c1cd29fa4db5b7e1c8449723bf8b0746431dd66ccea50f1121a8", "521adb484233e2ff5d53229fd4b319c7c54c19e089a3439f5250e1f8cb8ef9c8", "754e08220e8054d0b44e2a374db48d4e6ab31cb5ec1898a274cd35b32bffad16"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "potential-registry-script-execution", "hashes": ["f37666d19f8437da69601d1230044323238bfdcca55733da6aecc2426635f49d", "5382095e86d7d4c96c6dc82f90295ad9d471a45bdbaeaa7189c7d10a2215577b", "41b20715989d4b18d324903abae7e1dd07f2d2aa0aac11ac4550e5429522b92b", "a77ecb8bf7f9cf783975e0a26f082f326d46474761ef21525cf4d2d5b609cd3c", "92035f8889ebd991039c6668b420112498d935028ca16f3fe20320ce2aed5ca0", "6cbeefd5857c713d244475889c17b56330dad07074b93b67e57e1967390c5396", "29cff4ff6832e7f9ab365a41c001b795d40d53665e89fa573d21392372ca5bba", "872935c53873acdf78176860dddd6448c993d79383a401a9f6e4698d96bdcedd", "74be508572debc5809d2d1b12fdf9fc9e9604d5b085980fd5bdf3d6acee8270c", "c0f654c2518ef407b5d6ca7d173b2e23a42612b37c8e1c074934ea4292654572", "424ca3b858c29da3180ab7ca0b437d4ae69d3cdf9903e169db0797d60eeb995d", "c425ae6a8979fddfcf88cdd53e83b7bcdc399f20b6832ed67d482fbc0c277d88", "57ebf26260ab809f8549beaf7189c1ff2c52c24eb918b177fa8073b88e9362d1", "41915f34381fbbb210f0fa7b5180398381987f3d1b579a97bda4f2d977166e86", "8c2eae23840b92322f519b3e4a6f4de77561675dc2e518b90db70f456e6eb11d", "1e974c0d21c83e55e91faff4440b617a64583f9f96c8171f7cf68057ecd39cde", "81aef4732a54511af957a5fefd4a5479e685afc547b88ffa136baa6390748078", "aff0653ce35a20cf8bcf254cbeabcb14e89cda034d51f589d8d833d027c25f3e", "68891b546ef28996139fb032bdb305bcffe8ae557c2b4fac43ed4e7fa922d1f4", "3b804ae44f61c1cd29fa4db5b7e1c8449723bf8b0746431dd66ccea50f1121a8", "521adb484233e2ff5d53229fd4b319c7c54c19e089a3439f5250e1f8cb8ef9c8", "754e08220e8054d0b44e2a374db48d4e6ab31cb5ec1898a274cd35b32bffad16"], "mitre_attack_tags": []}, {"bi": "registry-large-data-entry", "hashes": ["f37666d19f8437da69601d1230044323238bfdcca55733da6aecc2426635f49d", "5382095e86d7d4c96c6dc82f90295ad9d471a45bdbaeaa7189c7d10a2215577b", "41b20715989d4b18d324903abae7e1dd07f2d2aa0aac11ac4550e5429522b92b", "a77ecb8bf7f9cf783975e0a26f082f326d46474761ef21525cf4d2d5b609cd3c", "92035f8889ebd991039c6668b420112498d935028ca16f3fe20320ce2aed5ca0", "6cbeefd5857c713d244475889c17b56330dad07074b93b67e57e1967390c5396", "29cff4ff6832e7f9ab365a41c001b795d40d53665e89fa573d21392372ca5bba", "872935c53873acdf78176860dddd6448c993d79383a401a9f6e4698d96bdcedd", "74be508572debc5809d2d1b12fdf9fc9e9604d5b085980fd5bdf3d6acee8270c", "c0f654c2518ef407b5d6ca7d173b2e23a42612b37c8e1c074934ea4292654572", "424ca3b858c29da3180ab7ca0b437d4ae69d3cdf9903e169db0797d60eeb995d", "c425ae6a8979fddfcf88cdd53e83b7bcdc399f20b6832ed67d482fbc0c277d88", "57ebf26260ab809f8549beaf7189c1ff2c52c24eb918b177fa8073b88e9362d1", "41915f34381fbbb210f0fa7b5180398381987f3d1b579a97bda4f2d977166e86", "8c2eae23840b92322f519b3e4a6f4de77561675dc2e518b90db70f456e6eb11d", "1e974c0d21c83e55e91faff4440b617a64583f9f96c8171f7cf68057ecd39cde", "81aef4732a54511af957a5fefd4a5479e685afc547b88ffa136baa6390748078", "aff0653ce35a20cf8bcf254cbeabcb14e89cda034d51f589d8d833d027c25f3e", "68891b546ef28996139fb032bdb305bcffe8ae557c2b4fac43ed4e7fa922d1f4", "3b804ae44f61c1cd29fa4db5b7e1c8449723bf8b0746431dd66ccea50f1121a8", "521adb484233e2ff5d53229fd4b319c7c54c19e089a3439f5250e1f8cb8ef9c8", "754e08220e8054d0b44e2a374db48d4e6ab31cb5ec1898a274cd35b32bffad16"], "mitre_attack_tags": ["TA0005", "T1112"]}, {"bi": "powershell-invoke-expression-environment", "hashes": ["f37666d19f8437da69601d1230044323238bfdcca55733da6aecc2426635f49d", "5382095e86d7d4c96c6dc82f90295ad9d471a45bdbaeaa7189c7d10a2215577b", "41b20715989d4b18d324903abae7e1dd07f2d2aa0aac11ac4550e5429522b92b", "a77ecb8bf7f9cf783975e0a26f082f326d46474761ef21525cf4d2d5b609cd3c", "92035f8889ebd991039c6668b420112498d935028ca16f3fe20320ce2aed5ca0", "6cbeefd5857c713d244475889c17b56330dad07074b93b67e57e1967390c5396", "29cff4ff6832e7f9ab365a41c001b795d40d53665e89fa573d21392372ca5bba", "872935c53873acdf78176860dddd6448c993d79383a401a9f6e4698d96bdcedd", "74be508572debc5809d2d1b12fdf9fc9e9604d5b085980fd5bdf3d6acee8270c", "c0f654c2518ef407b5d6ca7d173b2e23a42612b37c8e1c074934ea4292654572", "424ca3b858c29da3180ab7ca0b437d4ae69d3cdf9903e169db0797d60eeb995d", "c425ae6a8979fddfcf88cdd53e83b7bcdc399f20b6832ed67d482fbc0c277d88", "57ebf26260ab809f8549beaf7189c1ff2c52c24eb918b177fa8073b88e9362d1", "41915f34381fbbb210f0fa7b5180398381987f3d1b579a97bda4f2d977166e86", "8c2eae23840b92322f519b3e4a6f4de77561675dc2e518b90db70f456e6eb11d", "1e974c0d21c83e55e91faff4440b617a64583f9f96c8171f7cf68057ecd39cde", "81aef4732a54511af957a5fefd4a5479e685afc547b88ffa136baa6390748078", "aff0653ce35a20cf8bcf254cbeabcb14e89cda034d51f589d8d833d027c25f3e", "68891b546ef28996139fb032bdb305bcffe8ae557c2b4fac43ed4e7fa922d1f4", "3b804ae44f61c1cd29fa4db5b7e1c8449723bf8b0746431dd66ccea50f1121a8", "521adb484233e2ff5d53229fd4b319c7c54c19e089a3439f5250e1f8cb8ef9c8", "754e08220e8054d0b44e2a374db48d4e6ab31cb5ec1898a274cd35b32bffad16"], "mitre_attack_tags": ["TA0005", "TA0002", "T1202", "T1059"]}, {"bi": "registry-modification-reg", "hashes": ["f37666d19f8437da69601d1230044323238bfdcca55733da6aecc2426635f49d", "5382095e86d7d4c96c6dc82f90295ad9d471a45bdbaeaa7189c7d10a2215577b", "41b20715989d4b18d324903abae7e1dd07f2d2aa0aac11ac4550e5429522b92b", "a77ecb8bf7f9cf783975e0a26f082f326d46474761ef21525cf4d2d5b609cd3c", "92035f8889ebd991039c6668b420112498d935028ca16f3fe20320ce2aed5ca0", "6cbeefd5857c713d244475889c17b56330dad07074b93b67e57e1967390c5396", "29cff4ff6832e7f9ab365a41c001b795d40d53665e89fa573d21392372ca5bba", "872935c53873acdf78176860dddd6448c993d79383a401a9f6e4698d96bdcedd", "74be508572debc5809d2d1b12fdf9fc9e9604d5b085980fd5bdf3d6acee8270c", "c0f654c2518ef407b5d6ca7d173b2e23a42612b37c8e1c074934ea4292654572", "424ca3b858c29da3180ab7ca0b437d4ae69d3cdf9903e169db0797d60eeb995d", "c425ae6a8979fddfcf88cdd53e83b7bcdc399f20b6832ed67d482fbc0c277d88", "57ebf26260ab809f8549beaf7189c1ff2c52c24eb918b177fa8073b88e9362d1", "41915f34381fbbb210f0fa7b5180398381987f3d1b579a97bda4f2d977166e86", "8c2eae23840b92322f519b3e4a6f4de77561675dc2e518b90db70f456e6eb11d", "1e974c0d21c83e55e91faff4440b617a64583f9f96c8171f7cf68057ecd39cde", "81aef4732a54511af957a5fefd4a5479e685afc547b88ffa136baa6390748078", "aff0653ce35a20cf8bcf254cbeabcb14e89cda034d51f589d8d833d027c25f3e", "68891b546ef28996139fb032bdb305bcffe8ae557c2b4fac43ed4e7fa922d1f4", "3b804ae44f61c1cd29fa4db5b7e1c8449723bf8b0746431dd66ccea50f1121a8", "521adb484233e2ff5d53229fd4b319c7c54c19e089a3439f5250e1f8cb8ef9c8", "754e08220e8054d0b44e2a374db48d4e6ab31cb5ec1898a274cd35b32bffad16"], "mitre_attack_tags": []}, {"bi": "powershell-invoke-expression", "hashes": ["f37666d19f8437da69601d1230044323238bfdcca55733da6aecc2426635f49d", "5382095e86d7d4c96c6dc82f90295ad9d471a45bdbaeaa7189c7d10a2215577b", "41b20715989d4b18d324903abae7e1dd07f2d2aa0aac11ac4550e5429522b92b", "a77ecb8bf7f9cf783975e0a26f082f326d46474761ef21525cf4d2d5b609cd3c", "92035f8889ebd991039c6668b420112498d935028ca16f3fe20320ce2aed5ca0", "6cbeefd5857c713d244475889c17b56330dad07074b93b67e57e1967390c5396", "29cff4ff6832e7f9ab365a41c001b795d40d53665e89fa573d21392372ca5bba", "872935c53873acdf78176860dddd6448c993d79383a401a9f6e4698d96bdcedd", "74be508572debc5809d2d1b12fdf9fc9e9604d5b085980fd5bdf3d6acee8270c", "c0f654c2518ef407b5d6ca7d173b2e23a42612b37c8e1c074934ea4292654572", "424ca3b858c29da3180ab7ca0b437d4ae69d3cdf9903e169db0797d60eeb995d", "c425ae6a8979fddfcf88cdd53e83b7bcdc399f20b6832ed67d482fbc0c277d88", "57ebf26260ab809f8549beaf7189c1ff2c52c24eb918b177fa8073b88e9362d1", "41915f34381fbbb210f0fa7b5180398381987f3d1b579a97bda4f2d977166e86", "8c2eae23840b92322f519b3e4a6f4de77561675dc2e518b90db70f456e6eb11d", "1e974c0d21c83e55e91faff4440b617a64583f9f96c8171f7cf68057ecd39cde", "81aef4732a54511af957a5fefd4a5479e685afc547b88ffa136baa6390748078", "aff0653ce35a20cf8bcf254cbeabcb14e89cda034d51f589d8d833d027c25f3e", "68891b546ef28996139fb032bdb305bcffe8ae557c2b4fac43ed4e7fa922d1f4", "3b804ae44f61c1cd29fa4db5b7e1c8449723bf8b0746431dd66ccea50f1121a8", "521adb484233e2ff5d53229fd4b319c7c54c19e089a3439f5250e1f8cb8ef9c8", "754e08220e8054d0b44e2a374db48d4e6ab31cb5ec1898a274cd35b32bffad16"], "mitre_attack_tags": ["TA0005", "TA0002", "T1202", "T1059"]}, {"bi": "process-hollowing-detected", "hashes": ["f37666d19f8437da69601d1230044323238bfdcca55733da6aecc2426635f49d", "5382095e86d7d4c96c6dc82f90295ad9d471a45bdbaeaa7189c7d10a2215577b", "41b20715989d4b18d324903abae7e1dd07f2d2aa0aac11ac4550e5429522b92b", "a77ecb8bf7f9cf783975e0a26f082f326d46474761ef21525cf4d2d5b609cd3c", "92035f8889ebd991039c6668b420112498d935028ca16f3fe20320ce2aed5ca0", "6cbeefd5857c713d244475889c17b56330dad07074b93b67e57e1967390c5396", "29cff4ff6832e7f9ab365a41c001b795d40d53665e89fa573d21392372ca5bba", "872935c53873acdf78176860dddd6448c993d79383a401a9f6e4698d96bdcedd", "74be508572debc5809d2d1b12fdf9fc9e9604d5b085980fd5bdf3d6acee8270c", "c0f654c2518ef407b5d6ca7d173b2e23a42612b37c8e1c074934ea4292654572", "424ca3b858c29da3180ab7ca0b437d4ae69d3cdf9903e169db0797d60eeb995d", "c425ae6a8979fddfcf88cdd53e83b7bcdc399f20b6832ed67d482fbc0c277d88", "57ebf26260ab809f8549beaf7189c1ff2c52c24eb918b177fa8073b88e9362d1", "41915f34381fbbb210f0fa7b5180398381987f3d1b579a97bda4f2d977166e86", "8c2eae23840b92322f519b3e4a6f4de77561675dc2e518b90db70f456e6eb11d", "1e974c0d21c83e55e91faff4440b617a64583f9f96c8171f7cf68057ecd39cde", "81aef4732a54511af957a5fefd4a5479e685afc547b88ffa136baa6390748078", "aff0653ce35a20cf8bcf254cbeabcb14e89cda034d51f589d8d833d027c25f3e", "68891b546ef28996139fb032bdb305bcffe8ae557c2b4fac43ed4e7fa922d1f4", "3b804ae44f61c1cd29fa4db5b7e1c8449723bf8b0746431dd66ccea50f1121a8", "521adb484233e2ff5d53229fd4b319c7c54c19e089a3439f5250e1f8cb8ef9c8", "754e08220e8054d0b44e2a374db48d4e6ab31cb5ec1898a274cd35b32bffad16"], "mitre_attack_tags": ["TA0005", "T1093"]}, {"bi": "pe-certificate", "hashes": ["f37666d19f8437da69601d1230044323238bfdcca55733da6aecc2426635f49d", "5382095e86d7d4c96c6dc82f90295ad9d471a45bdbaeaa7189c7d10a2215577b", "41b20715989d4b18d324903abae7e1dd07f2d2aa0aac11ac4550e5429522b92b", "a77ecb8bf7f9cf783975e0a26f082f326d46474761ef21525cf4d2d5b609cd3c", "92035f8889ebd991039c6668b420112498d935028ca16f3fe20320ce2aed5ca0", "6cbeefd5857c713d244475889c17b56330dad07074b93b67e57e1967390c5396", "29cff4ff6832e7f9ab365a41c001b795d40d53665e89fa573d21392372ca5bba", "872935c53873acdf78176860dddd6448c993d79383a401a9f6e4698d96bdcedd", "74be508572debc5809d2d1b12fdf9fc9e9604d5b085980fd5bdf3d6acee8270c", "c0f654c2518ef407b5d6ca7d173b2e23a42612b37c8e1c074934ea4292654572", "424ca3b858c29da3180ab7ca0b437d4ae69d3cdf9903e169db0797d60eeb995d", "c425ae6a8979fddfcf88cdd53e83b7bcdc399f20b6832ed67d482fbc0c277d88", "57ebf26260ab809f8549beaf7189c1ff2c52c24eb918b177fa8073b88e9362d1", "41915f34381fbbb210f0fa7b5180398381987f3d1b579a97bda4f2d977166e86", "8c2eae23840b92322f519b3e4a6f4de77561675dc2e518b90db70f456e6eb11d", "1e974c0d21c83e55e91faff4440b617a64583f9f96c8171f7cf68057ecd39cde", "81aef4732a54511af957a5fefd4a5479e685afc547b88ffa136baa6390748078", "aff0653ce35a20cf8bcf254cbeabcb14e89cda034d51f589d8d833d027c25f3e", "68891b546ef28996139fb032bdb305bcffe8ae557c2b4fac43ed4e7fa922d1f4", "3b804ae44f61c1cd29fa4db5b7e1c8449723bf8b0746431dd66ccea50f1121a8", "521adb484233e2ff5d53229fd4b319c7c54c19e089a3439f5250e1f8cb8ef9c8", "754e08220e8054d0b44e2a374db48d4e6ab31cb5ec1898a274cd35b32bffad16"], "mitre_attack_tags": []}, {"bi": "microsoft-block-rule-list-app-executed", "hashes": ["f37666d19f8437da69601d1230044323238bfdcca55733da6aecc2426635f49d", "5382095e86d7d4c96c6dc82f90295ad9d471a45bdbaeaa7189c7d10a2215577b", "41b20715989d4b18d324903abae7e1dd07f2d2aa0aac11ac4550e5429522b92b", "a77ecb8bf7f9cf783975e0a26f082f326d46474761ef21525cf4d2d5b609cd3c", "92035f8889ebd991039c6668b420112498d935028ca16f3fe20320ce2aed5ca0", "6cbeefd5857c713d244475889c17b56330dad07074b93b67e57e1967390c5396", "29cff4ff6832e7f9ab365a41c001b795d40d53665e89fa573d21392372ca5bba", "872935c53873acdf78176860dddd6448c993d79383a401a9f6e4698d96bdcedd", "74be508572debc5809d2d1b12fdf9fc9e9604d5b085980fd5bdf3d6acee8270c", "c0f654c2518ef407b5d6ca7d173b2e23a42612b37c8e1c074934ea4292654572", "424ca3b858c29da3180ab7ca0b437d4ae69d3cdf9903e169db0797d60eeb995d", "c425ae6a8979fddfcf88cdd53e83b7bcdc399f20b6832ed67d482fbc0c277d88", "57ebf26260ab809f8549beaf7189c1ff2c52c24eb918b177fa8073b88e9362d1", "41915f34381fbbb210f0fa7b5180398381987f3d1b579a97bda4f2d977166e86", "8c2eae23840b92322f519b3e4a6f4de77561675dc2e518b90db70f456e6eb11d", "1e974c0d21c83e55e91faff4440b617a64583f9f96c8171f7cf68057ecd39cde", "81aef4732a54511af957a5fefd4a5479e685afc547b88ffa136baa6390748078", "aff0653ce35a20cf8bcf254cbeabcb14e89cda034d51f589d8d833d027c25f3e", "68891b546ef28996139fb032bdb305bcffe8ae557c2b4fac43ed4e7fa922d1f4", "3b804ae44f61c1cd29fa4db5b7e1c8449723bf8b0746431dd66ccea50f1121a8", "521adb484233e2ff5d53229fd4b319c7c54c19e089a3439f5250e1f8cb8ef9c8", "754e08220e8054d0b44e2a374db48d4e6ab31cb5ec1898a274cd35b32bffad16"], "mitre_attack_tags": ["TA0005", "T1562"]}, {"bi": "pe-invalid-certificate-signature", "hashes": ["f37666d19f8437da69601d1230044323238bfdcca55733da6aecc2426635f49d", "5382095e86d7d4c96c6dc82f90295ad9d471a45bdbaeaa7189c7d10a2215577b", "41b20715989d4b18d324903abae7e1dd07f2d2aa0aac11ac4550e5429522b92b", "a77ecb8bf7f9cf783975e0a26f082f326d46474761ef21525cf4d2d5b609cd3c", "92035f8889ebd991039c6668b420112498d935028ca16f3fe20320ce2aed5ca0", "6cbeefd5857c713d244475889c17b56330dad07074b93b67e57e1967390c5396", "29cff4ff6832e7f9ab365a41c001b795d40d53665e89fa573d21392372ca5bba", "872935c53873acdf78176860dddd6448c993d79383a401a9f6e4698d96bdcedd", "74be508572debc5809d2d1b12fdf9fc9e9604d5b085980fd5bdf3d6acee8270c", "c0f654c2518ef407b5d6ca7d173b2e23a42612b37c8e1c074934ea4292654572", "424ca3b858c29da3180ab7ca0b437d4ae69d3cdf9903e169db0797d60eeb995d", "c425ae6a8979fddfcf88cdd53e83b7bcdc399f20b6832ed67d482fbc0c277d88", "57ebf26260ab809f8549beaf7189c1ff2c52c24eb918b177fa8073b88e9362d1", "41915f34381fbbb210f0fa7b5180398381987f3d1b579a97bda4f2d977166e86", "8c2eae23840b92322f519b3e4a6f4de77561675dc2e518b90db70f456e6eb11d", "1e974c0d21c83e55e91faff4440b617a64583f9f96c8171f7cf68057ecd39cde", "81aef4732a54511af957a5fefd4a5479e685afc547b88ffa136baa6390748078", "aff0653ce35a20cf8bcf254cbeabcb14e89cda034d51f589d8d833d027c25f3e", "68891b546ef28996139fb032bdb305bcffe8ae557c2b4fac43ed4e7fa922d1f4", "3b804ae44f61c1cd29fa4db5b7e1c8449723bf8b0746431dd66ccea50f1121a8", "521adb484233e2ff5d53229fd4b319c7c54c19e089a3439f5250e1f8cb8ef9c8", "754e08220e8054d0b44e2a374db48d4e6ab31cb5ec1898a274cd35b32bffad16"], "mitre_attack_tags": ["TA0005", "T1553"]}, {"bi": "process-check-virtualbox", "hashes": ["f37666d19f8437da69601d1230044323238bfdcca55733da6aecc2426635f49d", "5382095e86d7d4c96c6dc82f90295ad9d471a45bdbaeaa7189c7d10a2215577b", "41b20715989d4b18d324903abae7e1dd07f2d2aa0aac11ac4550e5429522b92b", "a77ecb8bf7f9cf783975e0a26f082f326d46474761ef21525cf4d2d5b609cd3c", "92035f8889ebd991039c6668b420112498d935028ca16f3fe20320ce2aed5ca0", "6cbeefd5857c713d244475889c17b56330dad07074b93b67e57e1967390c5396", "29cff4ff6832e7f9ab365a41c001b795d40d53665e89fa573d21392372ca5bba", "872935c53873acdf78176860dddd6448c993d79383a401a9f6e4698d96bdcedd", "74be508572debc5809d2d1b12fdf9fc9e9604d5b085980fd5bdf3d6acee8270c", "c0f654c2518ef407b5d6ca7d173b2e23a42612b37c8e1c074934ea4292654572", "424ca3b858c29da3180ab7ca0b437d4ae69d3cdf9903e169db0797d60eeb995d", "c425ae6a8979fddfcf88cdd53e83b7bcdc399f20b6832ed67d482fbc0c277d88", "57ebf26260ab809f8549beaf7189c1ff2c52c24eb918b177fa8073b88e9362d1", "41915f34381fbbb210f0fa7b5180398381987f3d1b579a97bda4f2d977166e86", "8c2eae23840b92322f519b3e4a6f4de77561675dc2e518b90db70f456e6eb11d", "1e974c0d21c83e55e91faff4440b617a64583f9f96c8171f7cf68057ecd39cde", "81aef4732a54511af957a5fefd4a5479e685afc547b88ffa136baa6390748078", "aff0653ce35a20cf8bcf254cbeabcb14e89cda034d51f589d8d833d027c25f3e", "68891b546ef28996139fb032bdb305bcffe8ae557c2b4fac43ed4e7fa922d1f4", "3b804ae44f61c1cd29fa4db5b7e1c8449723bf8b0746431dd66ccea50f1121a8", "521adb484233e2ff5d53229fd4b319c7c54c19e089a3439f5250e1f8cb8ef9c8", "754e08220e8054d0b44e2a374db48d4e6ab31cb5ec1898a274cd35b32bffad16"], "mitre_attack_tags": ["TA0005", "TA0007", "T1497"]}, {"bi": "malware-kovter-registry", "hashes": ["f37666d19f8437da69601d1230044323238bfdcca55733da6aecc2426635f49d", "5382095e86d7d4c96c6dc82f90295ad9d471a45bdbaeaa7189c7d10a2215577b", "41b20715989d4b18d324903abae7e1dd07f2d2aa0aac11ac4550e5429522b92b", "a77ecb8bf7f9cf783975e0a26f082f326d46474761ef21525cf4d2d5b609cd3c", "92035f8889ebd991039c6668b420112498d935028ca16f3fe20320ce2aed5ca0", "6cbeefd5857c713d244475889c17b56330dad07074b93b67e57e1967390c5396", "29cff4ff6832e7f9ab365a41c001b795d40d53665e89fa573d21392372ca5bba", "872935c53873acdf78176860dddd6448c993d79383a401a9f6e4698d96bdcedd", "74be508572debc5809d2d1b12fdf9fc9e9604d5b085980fd5bdf3d6acee8270c", "c0f654c2518ef407b5d6ca7d173b2e23a42612b37c8e1c074934ea4292654572", "424ca3b858c29da3180ab7ca0b437d4ae69d3cdf9903e169db0797d60eeb995d", "c425ae6a8979fddfcf88cdd53e83b7bcdc399f20b6832ed67d482fbc0c277d88", "57ebf26260ab809f8549beaf7189c1ff2c52c24eb918b177fa8073b88e9362d1", "41915f34381fbbb210f0fa7b5180398381987f3d1b579a97bda4f2d977166e86", "8c2eae23840b92322f519b3e4a6f4de77561675dc2e518b90db70f456e6eb11d", "1e974c0d21c83e55e91faff4440b617a64583f9f96c8171f7cf68057ecd39cde", "81aef4732a54511af957a5fefd4a5479e685afc547b88ffa136baa6390748078", "aff0653ce35a20cf8bcf254cbeabcb14e89cda034d51f589d8d833d027c25f3e", "68891b546ef28996139fb032bdb305bcffe8ae557c2b4fac43ed4e7fa922d1f4", "3b804ae44f61c1cd29fa4db5b7e1c8449723bf8b0746431dd66ccea50f1121a8", "521adb484233e2ff5d53229fd4b319c7c54c19e089a3439f5250e1f8cb8ef9c8", "754e08220e8054d0b44e2a374db48d4e6ab31cb5ec1898a274cd35b32bffad16"], "mitre_attack_tags": []}, {"bi": "service-dll-registration", "hashes": ["f37666d19f8437da69601d1230044323238bfdcca55733da6aecc2426635f49d", "5382095e86d7d4c96c6dc82f90295ad9d471a45bdbaeaa7189c7d10a2215577b", "41b20715989d4b18d324903abae7e1dd07f2d2aa0aac11ac4550e5429522b92b", "a77ecb8bf7f9cf783975e0a26f082f326d46474761ef21525cf4d2d5b609cd3c", "92035f8889ebd991039c6668b420112498d935028ca16f3fe20320ce2aed5ca0", "6cbeefd5857c713d244475889c17b56330dad07074b93b67e57e1967390c5396", "29cff4ff6832e7f9ab365a41c001b795d40d53665e89fa573d21392372ca5bba", "872935c53873acdf78176860dddd6448c993d79383a401a9f6e4698d96bdcedd", "74be508572debc5809d2d1b12fdf9fc9e9604d5b085980fd5bdf3d6acee8270c", "c0f654c2518ef407b5d6ca7d173b2e23a42612b37c8e1c074934ea4292654572", "424ca3b858c29da3180ab7ca0b437d4ae69d3cdf9903e169db0797d60eeb995d", "c425ae6a8979fddfcf88cdd53e83b7bcdc399f20b6832ed67d482fbc0c277d88", "57ebf26260ab809f8549beaf7189c1ff2c52c24eb918b177fa8073b88e9362d1", "41915f34381fbbb210f0fa7b5180398381987f3d1b579a97bda4f2d977166e86", "8c2eae23840b92322f519b3e4a6f4de77561675dc2e518b90db70f456e6eb11d", "1e974c0d21c83e55e91faff4440b617a64583f9f96c8171f7cf68057ecd39cde", "81aef4732a54511af957a5fefd4a5479e685afc547b88ffa136baa6390748078", "aff0653ce35a20cf8bcf254cbeabcb14e89cda034d51f589d8d833d027c25f3e", "68891b546ef28996139fb032bdb305bcffe8ae557c2b4fac43ed4e7fa922d1f4", "3b804ae44f61c1cd29fa4db5b7e1c8449723bf8b0746431dd66ccea50f1121a8", "521adb484233e2ff5d53229fd4b319c7c54c19e089a3439f5250e1f8cb8ef9c8", "754e08220e8054d0b44e2a374db48d4e6ab31cb5ec1898a274cd35b32bffad16"], "mitre_attack_tags": ["TA0003", "TA0004", "T1543"]}, {"bi": "registry-script-detected", "hashes": ["f37666d19f8437da69601d1230044323238bfdcca55733da6aecc2426635f49d", "5382095e86d7d4c96c6dc82f90295ad9d471a45bdbaeaa7189c7d10a2215577b", "41b20715989d4b18d324903abae7e1dd07f2d2aa0aac11ac4550e5429522b92b", "a77ecb8bf7f9cf783975e0a26f082f326d46474761ef21525cf4d2d5b609cd3c", "92035f8889ebd991039c6668b420112498d935028ca16f3fe20320ce2aed5ca0", "6cbeefd5857c713d244475889c17b56330dad07074b93b67e57e1967390c5396", "29cff4ff6832e7f9ab365a41c001b795d40d53665e89fa573d21392372ca5bba", "872935c53873acdf78176860dddd6448c993d79383a401a9f6e4698d96bdcedd", "74be508572debc5809d2d1b12fdf9fc9e9604d5b085980fd5bdf3d6acee8270c", "c0f654c2518ef407b5d6ca7d173b2e23a42612b37c8e1c074934ea4292654572", "424ca3b858c29da3180ab7ca0b437d4ae69d3cdf9903e169db0797d60eeb995d", "c425ae6a8979fddfcf88cdd53e83b7bcdc399f20b6832ed67d482fbc0c277d88", "57ebf26260ab809f8549beaf7189c1ff2c52c24eb918b177fa8073b88e9362d1", "41915f34381fbbb210f0fa7b5180398381987f3d1b579a97bda4f2d977166e86", "8c2eae23840b92322f519b3e4a6f4de77561675dc2e518b90db70f456e6eb11d", "1e974c0d21c83e55e91faff4440b617a64583f9f96c8171f7cf68057ecd39cde", "81aef4732a54511af957a5fefd4a5479e685afc547b88ffa136baa6390748078", "aff0653ce35a20cf8bcf254cbeabcb14e89cda034d51f589d8d833d027c25f3e", "68891b546ef28996139fb032bdb305bcffe8ae557c2b4fac43ed4e7fa922d1f4", "3b804ae44f61c1cd29fa4db5b7e1c8449723bf8b0746431dd66ccea50f1121a8", "521adb484233e2ff5d53229fd4b319c7c54c19e089a3439f5250e1f8cb8ef9c8", "754e08220e8054d0b44e2a374db48d4e6ab31cb5ec1898a274cd35b32bffad16"], "mitre_attack_tags": ["TA0005", "TA0002", "T1112", "T1059"]}, {"bi": "process-mshta-cmdline-script", "hashes": ["f37666d19f8437da69601d1230044323238bfdcca55733da6aecc2426635f49d", "5382095e86d7d4c96c6dc82f90295ad9d471a45bdbaeaa7189c7d10a2215577b", "41b20715989d4b18d324903abae7e1dd07f2d2aa0aac11ac4550e5429522b92b", "a77ecb8bf7f9cf783975e0a26f082f326d46474761ef21525cf4d2d5b609cd3c", "92035f8889ebd991039c6668b420112498d935028ca16f3fe20320ce2aed5ca0", "6cbeefd5857c713d244475889c17b56330dad07074b93b67e57e1967390c5396", "29cff4ff6832e7f9ab365a41c001b795d40d53665e89fa573d21392372ca5bba", "872935c53873acdf78176860dddd6448c993d79383a401a9f6e4698d96bdcedd", "74be508572debc5809d2d1b12fdf9fc9e9604d5b085980fd5bdf3d6acee8270c", "c0f654c2518ef407b5d6ca7d173b2e23a42612b37c8e1c074934ea4292654572", "424ca3b858c29da3180ab7ca0b437d4ae69d3cdf9903e169db0797d60eeb995d", "c425ae6a8979fddfcf88cdd53e83b7bcdc399f20b6832ed67d482fbc0c277d88", "57ebf26260ab809f8549beaf7189c1ff2c52c24eb918b177fa8073b88e9362d1", "41915f34381fbbb210f0fa7b5180398381987f3d1b579a97bda4f2d977166e86", "8c2eae23840b92322f519b3e4a6f4de77561675dc2e518b90db70f456e6eb11d", "1e974c0d21c83e55e91faff4440b617a64583f9f96c8171f7cf68057ecd39cde", "81aef4732a54511af957a5fefd4a5479e685afc547b88ffa136baa6390748078", "aff0653ce35a20cf8bcf254cbeabcb14e89cda034d51f589d8d833d027c25f3e", "68891b546ef28996139fb032bdb305bcffe8ae557c2b4fac43ed4e7fa922d1f4", "3b804ae44f61c1cd29fa4db5b7e1c8449723bf8b0746431dd66ccea50f1121a8", "521adb484233e2ff5d53229fd4b319c7c54c19e089a3439f5250e1f8cb8ef9c8", "754e08220e8054d0b44e2a374db48d4e6ab31cb5ec1898a274cd35b32bffad16"], "mitre_attack_tags": ["TA0005", "T1218"]}, {"bi": "registry-ie-zone-settings-modified", "hashes": ["f37666d19f8437da69601d1230044323238bfdcca55733da6aecc2426635f49d", "5382095e86d7d4c96c6dc82f90295ad9d471a45bdbaeaa7189c7d10a2215577b", "41b20715989d4b18d324903abae7e1dd07f2d2aa0aac11ac4550e5429522b92b", "a77ecb8bf7f9cf783975e0a26f082f326d46474761ef21525cf4d2d5b609cd3c", "92035f8889ebd991039c6668b420112498d935028ca16f3fe20320ce2aed5ca0", "6cbeefd5857c713d244475889c17b56330dad07074b93b67e57e1967390c5396", "29cff4ff6832e7f9ab365a41c001b795d40d53665e89fa573d21392372ca5bba", "872935c53873acdf78176860dddd6448c993d79383a401a9f6e4698d96bdcedd", "74be508572debc5809d2d1b12fdf9fc9e9604d5b085980fd5bdf3d6acee8270c", "c0f654c2518ef407b5d6ca7d173b2e23a42612b37c8e1c074934ea4292654572", "424ca3b858c29da3180ab7ca0b437d4ae69d3cdf9903e169db0797d60eeb995d", "c425ae6a8979fddfcf88cdd53e83b7bcdc399f20b6832ed67d482fbc0c277d88", "57ebf26260ab809f8549beaf7189c1ff2c52c24eb918b177fa8073b88e9362d1", "41915f34381fbbb210f0fa7b5180398381987f3d1b579a97bda4f2d977166e86", "8c2eae23840b92322f519b3e4a6f4de77561675dc2e518b90db70f456e6eb11d", "1e974c0d21c83e55e91faff4440b617a64583f9f96c8171f7cf68057ecd39cde", "81aef4732a54511af957a5fefd4a5479e685afc547b88ffa136baa6390748078", "aff0653ce35a20cf8bcf254cbeabcb14e89cda034d51f589d8d833d027c25f3e", "68891b546ef28996139fb032bdb305bcffe8ae557c2b4fac43ed4e7fa922d1f4", "3b804ae44f61c1cd29fa4db5b7e1c8449723bf8b0746431dd66ccea50f1121a8", "521adb484233e2ff5d53229fd4b319c7c54c19e089a3439f5250e1f8cb8ef9c8", "754e08220e8054d0b44e2a374db48d4e6ab31cb5ec1898a274cd35b32bffad16"], "mitre_attack_tags": ["TA0005", "T1562"]}, {"bi": "mshta-in-registry", "hashes": ["f37666d19f8437da69601d1230044323238bfdcca55733da6aecc2426635f49d", "5382095e86d7d4c96c6dc82f90295ad9d471a45bdbaeaa7189c7d10a2215577b", "41b20715989d4b18d324903abae7e1dd07f2d2aa0aac11ac4550e5429522b92b", "a77ecb8bf7f9cf783975e0a26f082f326d46474761ef21525cf4d2d5b609cd3c", "92035f8889ebd991039c6668b420112498d935028ca16f3fe20320ce2aed5ca0", "6cbeefd5857c713d244475889c17b56330dad07074b93b67e57e1967390c5396", "29cff4ff6832e7f9ab365a41c001b795d40d53665e89fa573d21392372ca5bba", "872935c53873acdf78176860dddd6448c993d79383a401a9f6e4698d96bdcedd", "74be508572debc5809d2d1b12fdf9fc9e9604d5b085980fd5bdf3d6acee8270c", "c0f654c2518ef407b5d6ca7d173b2e23a42612b37c8e1c074934ea4292654572", "424ca3b858c29da3180ab7ca0b437d4ae69d3cdf9903e169db0797d60eeb995d", "c425ae6a8979fddfcf88cdd53e83b7bcdc399f20b6832ed67d482fbc0c277d88", "57ebf26260ab809f8549beaf7189c1ff2c52c24eb918b177fa8073b88e9362d1", "41915f34381fbbb210f0fa7b5180398381987f3d1b579a97bda4f2d977166e86", "8c2eae23840b92322f519b3e4a6f4de77561675dc2e518b90db70f456e6eb11d", "1e974c0d21c83e55e91faff4440b617a64583f9f96c8171f7cf68057ecd39cde", "81aef4732a54511af957a5fefd4a5479e685afc547b88ffa136baa6390748078", "aff0653ce35a20cf8bcf254cbeabcb14e89cda034d51f589d8d833d027c25f3e", "68891b546ef28996139fb032bdb305bcffe8ae557c2b4fac43ed4e7fa922d1f4", "3b804ae44f61c1cd29fa4db5b7e1c8449723bf8b0746431dd66ccea50f1121a8", "521adb484233e2ff5d53229fd4b319c7c54c19e089a3439f5250e1f8cb8ef9c8", "754e08220e8054d0b44e2a374db48d4e6ab31cb5ec1898a274cd35b32bffad16"], "mitre_attack_tags": ["TA0005", "T1112", "T1218"]}, {"bi": "network-file-uploaded", "hashes": ["f37666d19f8437da69601d1230044323238bfdcca55733da6aecc2426635f49d", "41b20715989d4b18d324903abae7e1dd07f2d2aa0aac11ac4550e5429522b92b", "92035f8889ebd991039c6668b420112498d935028ca16f3fe20320ce2aed5ca0", "6cbeefd5857c713d244475889c17b56330dad07074b93b67e57e1967390c5396", "29cff4ff6832e7f9ab365a41c001b795d40d53665e89fa573d21392372ca5bba", "872935c53873acdf78176860dddd6448c993d79383a401a9f6e4698d96bdcedd", "74be508572debc5809d2d1b12fdf9fc9e9604d5b085980fd5bdf3d6acee8270c", "424ca3b858c29da3180ab7ca0b437d4ae69d3cdf9903e169db0797d60eeb995d", "c425ae6a8979fddfcf88cdd53e83b7bcdc399f20b6832ed67d482fbc0c277d88", "41915f34381fbbb210f0fa7b5180398381987f3d1b579a97bda4f2d977166e86", "8c2eae23840b92322f519b3e4a6f4de77561675dc2e518b90db70f456e6eb11d", "81aef4732a54511af957a5fefd4a5479e685afc547b88ffa136baa6390748078", "aff0653ce35a20cf8bcf254cbeabcb14e89cda034d51f589d8d833d027c25f3e", "68891b546ef28996139fb032bdb305bcffe8ae557c2b4fac43ed4e7fa922d1f4", "521adb484233e2ff5d53229fd4b319c7c54c19e089a3439f5250e1f8cb8ef9c8", "754e08220e8054d0b44e2a374db48d4e6ab31cb5ec1898a274cd35b32bffad16"], "mitre_attack_tags": ["TA0010", "T1011"]}, {"bi": "network-http-numeric-ip", "hashes": ["f37666d19f8437da69601d1230044323238bfdcca55733da6aecc2426635f49d", "41b20715989d4b18d324903abae7e1dd07f2d2aa0aac11ac4550e5429522b92b", "92035f8889ebd991039c6668b420112498d935028ca16f3fe20320ce2aed5ca0", "6cbeefd5857c713d244475889c17b56330dad07074b93b67e57e1967390c5396", "29cff4ff6832e7f9ab365a41c001b795d40d53665e89fa573d21392372ca5bba", "872935c53873acdf78176860dddd6448c993d79383a401a9f6e4698d96bdcedd", "74be508572debc5809d2d1b12fdf9fc9e9604d5b085980fd5bdf3d6acee8270c", "424ca3b858c29da3180ab7ca0b437d4ae69d3cdf9903e169db0797d60eeb995d", "c425ae6a8979fddfcf88cdd53e83b7bcdc399f20b6832ed67d482fbc0c277d88", "41915f34381fbbb210f0fa7b5180398381987f3d1b579a97bda4f2d977166e86", "8c2eae23840b92322f519b3e4a6f4de77561675dc2e518b90db70f456e6eb11d", "81aef4732a54511af957a5fefd4a5479e685afc547b88ffa136baa6390748078", "aff0653ce35a20cf8bcf254cbeabcb14e89cda034d51f589d8d833d027c25f3e", "68891b546ef28996139fb032bdb305bcffe8ae557c2b4fac43ed4e7fa922d1f4", "521adb484233e2ff5d53229fd4b319c7c54c19e089a3439f5250e1f8cb8ef9c8", "754e08220e8054d0b44e2a374db48d4e6ab31cb5ec1898a274cd35b32bffad16"], "mitre_attack_tags": ["TA0011", "T1071"]}, {"bi": "network-communications-http-post", "hashes": ["f37666d19f8437da69601d1230044323238bfdcca55733da6aecc2426635f49d", "41b20715989d4b18d324903abae7e1dd07f2d2aa0aac11ac4550e5429522b92b", "92035f8889ebd991039c6668b420112498d935028ca16f3fe20320ce2aed5ca0", "6cbeefd5857c713d244475889c17b56330dad07074b93b67e57e1967390c5396", "29cff4ff6832e7f9ab365a41c001b795d40d53665e89fa573d21392372ca5bba", "872935c53873acdf78176860dddd6448c993d79383a401a9f6e4698d96bdcedd", "74be508572debc5809d2d1b12fdf9fc9e9604d5b085980fd5bdf3d6acee8270c", "424ca3b858c29da3180ab7ca0b437d4ae69d3cdf9903e169db0797d60eeb995d", "c425ae6a8979fddfcf88cdd53e83b7bcdc399f20b6832ed67d482fbc0c277d88", "41915f34381fbbb210f0fa7b5180398381987f3d1b579a97bda4f2d977166e86", "8c2eae23840b92322f519b3e4a6f4de77561675dc2e518b90db70f456e6eb11d", "81aef4732a54511af957a5fefd4a5479e685afc547b88ffa136baa6390748078", "aff0653ce35a20cf8bcf254cbeabcb14e89cda034d51f589d8d833d027c25f3e", "68891b546ef28996139fb032bdb305bcffe8ae557c2b4fac43ed4e7fa922d1f4", "521adb484233e2ff5d53229fd4b319c7c54c19e089a3439f5250e1f8cb8ef9c8", "754e08220e8054d0b44e2a374db48d4e6ab31cb5ec1898a274cd35b32bffad16"], "mitre_attack_tags": ["TA0010", "T1048"]}, {"bi": "network-private-ip-address", "hashes": ["f37666d19f8437da69601d1230044323238bfdcca55733da6aecc2426635f49d", "a77ecb8bf7f9cf783975e0a26f082f326d46474761ef21525cf4d2d5b609cd3c", "6cbeefd5857c713d244475889c17b56330dad07074b93b67e57e1967390c5396", "29cff4ff6832e7f9ab365a41c001b795d40d53665e89fa573d21392372ca5bba", "872935c53873acdf78176860dddd6448c993d79383a401a9f6e4698d96bdcedd", "c0f654c2518ef407b5d6ca7d173b2e23a42612b37c8e1c074934ea4292654572", "424ca3b858c29da3180ab7ca0b437d4ae69d3cdf9903e169db0797d60eeb995d", "57ebf26260ab809f8549beaf7189c1ff2c52c24eb918b177fa8073b88e9362d1", "41915f34381fbbb210f0fa7b5180398381987f3d1b579a97bda4f2d977166e86", "68891b546ef28996139fb032bdb305bcffe8ae557c2b4fac43ed4e7fa922d1f4", "3b804ae44f61c1cd29fa4db5b7e1c8449723bf8b0746431dd66ccea50f1121a8", "754e08220e8054d0b44e2a374db48d4e6ab31cb5ec1898a274cd35b32bffad16"], "mitre_attack_tags": ["TA0007", "T1016"]}, {"bi": "http-response-client-error", "hashes": ["41b20715989d4b18d324903abae7e1dd07f2d2aa0aac11ac4550e5429522b92b", "92035f8889ebd991039c6668b420112498d935028ca16f3fe20320ce2aed5ca0", "6cbeefd5857c713d244475889c17b56330dad07074b93b67e57e1967390c5396", "872935c53873acdf78176860dddd6448c993d79383a401a9f6e4698d96bdcedd", "74be508572debc5809d2d1b12fdf9fc9e9604d5b085980fd5bdf3d6acee8270c", "8c2eae23840b92322f519b3e4a6f4de77561675dc2e518b90db70f456e6eb11d", "81aef4732a54511af957a5fefd4a5479e685afc547b88ffa136baa6390748078", "aff0653ce35a20cf8bcf254cbeabcb14e89cda034d51f589d8d833d027c25f3e", "754e08220e8054d0b44e2a374db48d4e6ab31cb5ec1898a274cd35b32bffad16"], "mitre_attack_tags": []}, {"bi": "nginx-webserver-detected", "hashes": ["41b20715989d4b18d324903abae7e1dd07f2d2aa0aac11ac4550e5429522b92b", "872935c53873acdf78176860dddd6448c993d79383a401a9f6e4698d96bdcedd", "424ca3b858c29da3180ab7ca0b437d4ae69d3cdf9903e169db0797d60eeb995d", "aff0653ce35a20cf8bcf254cbeabcb14e89cda034d51f589d8d833d027c25f3e", "68891b546ef28996139fb032bdb305bcffe8ae557c2b4fac43ed4e7fa922d1f4"], "mitre_attack_tags": []}, {"bi": "http-response-redirect", "hashes": ["f37666d19f8437da69601d1230044323238bfdcca55733da6aecc2426635f49d", "424ca3b858c29da3180ab7ca0b437d4ae69d3cdf9903e169db0797d60eeb995d", "41915f34381fbbb210f0fa7b5180398381987f3d1b579a97bda4f2d977166e86", "68891b546ef28996139fb032bdb305bcffe8ae557c2b4fac43ed4e7fa922d1f4"], "mitre_attack_tags": []}, {"bi": "antivirus-flagged-artifact", "hashes": ["5382095e86d7d4c96c6dc82f90295ad9d471a45bdbaeaa7189c7d10a2215577b"], "mitre_attack_tags": []}, {"bi": "antivirus-flagged-artifact-cta", "hashes": ["5382095e86d7d4c96c6dc82f90295ad9d471a45bdbaeaa7189c7d10a2215577b"], "mitre_attack_tags": []}, {"bi": "url-forced-download-save-only", "hashes": ["41b20715989d4b18d324903abae7e1dd07f2d2aa0aac11ac4550e5429522b92b"], "mitre_attack_tags": ["TA0011", "T1105"]}, {"bi": "network-fast-flux-nameserver", "hashes": ["424ca3b858c29da3180ab7ca0b437d4ae69d3cdf9903e169db0797d60eeb995d"], "mitre_attack_tags": []}, {"bi": "dns-query-nxdomain", "hashes": ["424ca3b858c29da3180ab7ca0b437d4ae69d3cdf9903e169db0797d60eeb995d"], "mitre_attack_tags": []}, {"bi": "feed-domain-antivirus-service", "hashes": ["424ca3b858c29da3180ab7ca0b437d4ae69d3cdf9903e169db0797d60eeb995d"], "mitre_attack_tags": []}, {"bi": "html-phishing-page", "hashes": ["c425ae6a8979fddfcf88cdd53e83b7bcdc399f20b6832ed67d482fbc0c277d88"], "mitre_attack_tags": ["TA0001", "TA0005", "TA0003", "TA0004", "T1189", "T1078"]}, {"bi": "html-email-login-page", "hashes": ["c425ae6a8979fddfcf88cdd53e83b7bcdc399f20b6832ed67d482fbc0c277d88"], "mitre_attack_tags": ["TA0007", "T1087"]}], "category": "Dropper", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": true, "Threat Grid": true, "Umbrella": false, "WSA": false}, "description": "Kovter is known for its fileless persistence mechanism. This family of malware creates several malicious registry entries which store its malicious code. Kovter is capable of reinfecting a system, even if the file system has been cleaned of the infection. Kovter has been used in the past to spread ransomware and click-fraud malware.", "hashes": ["1e974c0d21c83e55e91faff4440b617a64583f9f96c8171f7cf68057ecd39cde", "29cff4ff6832e7f9ab365a41c001b795d40d53665e89fa573d21392372ca5bba", "3b804ae44f61c1cd29fa4db5b7e1c8449723bf8b0746431dd66ccea50f1121a8", "41915f34381fbbb210f0fa7b5180398381987f3d1b579a97bda4f2d977166e86", "41b20715989d4b18d324903abae7e1dd07f2d2aa0aac11ac4550e5429522b92b", "424ca3b858c29da3180ab7ca0b437d4ae69d3cdf9903e169db0797d60eeb995d", "521adb484233e2ff5d53229fd4b319c7c54c19e089a3439f5250e1f8cb8ef9c8", "5382095e86d7d4c96c6dc82f90295ad9d471a45bdbaeaa7189c7d10a2215577b", "57ebf26260ab809f8549beaf7189c1ff2c52c24eb918b177fa8073b88e9362d1", "68891b546ef28996139fb032bdb305bcffe8ae557c2b4fac43ed4e7fa922d1f4", "6cbeefd5857c713d244475889c17b56330dad07074b93b67e57e1967390c5396", "74be508572debc5809d2d1b12fdf9fc9e9604d5b085980fd5bdf3d6acee8270c", "754e08220e8054d0b44e2a374db48d4e6ab31cb5ec1898a274cd35b32bffad16", "81aef4732a54511af957a5fefd4a5479e685afc547b88ffa136baa6390748078", "872935c53873acdf78176860dddd6448c993d79383a401a9f6e4698d96bdcedd", "8c2eae23840b92322f519b3e4a6f4de77561675dc2e518b90db70f456e6eb11d", "92035f8889ebd991039c6668b420112498d935028ca16f3fe20320ce2aed5ca0", "a77ecb8bf7f9cf783975e0a26f082f326d46474761ef21525cf4d2d5b609cd3c", "aff0653ce35a20cf8bcf254cbeabcb14e89cda034d51f589d8d833d027c25f3e", "c0f654c2518ef407b5d6ca7d173b2e23a42612b37c8e1c074934ea4292654572", "c425ae6a8979fddfcf88cdd53e83b7bcdc399f20b6832ed67d482fbc0c277d88", "f37666d19f8437da69601d1230044323238bfdcca55733da6aecc2426635f49d"], "iocs": {"domain": [{"hashes": ["6cbeefd5857c713d244475889c17b56330dad07074b93b67e57e1967390c5396", "81aef4732a54511af957a5fefd4a5479e685afc547b88ffa136baa6390748078", "c425ae6a8979fddfcf88cdd53e83b7bcdc399f20b6832ed67d482fbc0c277d88"], "host": "www[.]w3[.]org"}, {"hashes": ["754e08220e8054d0b44e2a374db48d4e6ab31cb5ec1898a274cd35b32bffad16"], "host": "go[.]microsoft[.]com"}, {"hashes": ["424ca3b858c29da3180ab7ca0b437d4ae69d3cdf9903e169db0797d60eeb995d"], "host": "www[.]100ganghuo[.]com"}], "file": [], "ip": [{"hashes": ["8c2eae23840b92322f519b3e4a6f4de77561675dc2e518b90db70f456e6eb11d"], "ip": "114[.]253[.]167[.]207"}, {"hashes": ["8c2eae23840b92322f519b3e4a6f4de77561675dc2e518b90db70f456e6eb11d"], "ip": "38[.]64[.]142[.]137"}, {"hashes": ["8c2eae23840b92322f519b3e4a6f4de77561675dc2e518b90db70f456e6eb11d"], "ip": "157[.]129[.]245[.]85"}, {"hashes": ["8c2eae23840b92322f519b3e4a6f4de77561675dc2e518b90db70f456e6eb11d"], "ip": "148[.]218[.]2[.]235"}, {"hashes": ["8c2eae23840b92322f519b3e4a6f4de77561675dc2e518b90db70f456e6eb11d"], "ip": "83[.]233[.]141[.]85"}, {"hashes": ["8c2eae23840b92322f519b3e4a6f4de77561675dc2e518b90db70f456e6eb11d"], "ip": "156[.]237[.]168[.]81"}, {"hashes": ["8c2eae23840b92322f519b3e4a6f4de77561675dc2e518b90db70f456e6eb11d"], "ip": "137[.]139[.]141[.]180"}, {"hashes": ["8c2eae23840b92322f519b3e4a6f4de77561675dc2e518b90db70f456e6eb11d"], "ip": "36[.]91[.]156[.]204"}, {"hashes": ["8c2eae23840b92322f519b3e4a6f4de77561675dc2e518b90db70f456e6eb11d"], "ip": "49[.]242[.]37[.]128"}, {"hashes": ["8c2eae23840b92322f519b3e4a6f4de77561675dc2e518b90db70f456e6eb11d"], "ip": "97[.]161[.]47[.]193"}, {"hashes": ["8c2eae23840b92322f519b3e4a6f4de77561675dc2e518b90db70f456e6eb11d"], "ip": "211[.]62[.]88[.]97"}, {"hashes": ["8c2eae23840b92322f519b3e4a6f4de77561675dc2e518b90db70f456e6eb11d"], "ip": "69[.]37[.]3[.]253"}, {"hashes": ["8c2eae23840b92322f519b3e4a6f4de77561675dc2e518b90db70f456e6eb11d"], "ip": "73[.]9[.]44[.]127"}, {"hashes": ["8c2eae23840b92322f519b3e4a6f4de77561675dc2e518b90db70f456e6eb11d"], "ip": "64[.]28[.]195[.]232"}, {"hashes": ["8c2eae23840b92322f519b3e4a6f4de77561675dc2e518b90db70f456e6eb11d"], "ip": "38[.]110[.]242[.]41"}, {"hashes": ["8c2eae23840b92322f519b3e4a6f4de77561675dc2e518b90db70f456e6eb11d"], "ip": "125[.]106[.]92[.]235"}, {"hashes": ["8c2eae23840b92322f519b3e4a6f4de77561675dc2e518b90db70f456e6eb11d"], "ip": "190[.]73[.]223[.]245"}, {"hashes": ["8c2eae23840b92322f519b3e4a6f4de77561675dc2e518b90db70f456e6eb11d"], "ip": "212[.]127[.]237[.]69"}, {"hashes": ["8c2eae23840b92322f519b3e4a6f4de77561675dc2e518b90db70f456e6eb11d"], "ip": "201[.]43[.]80[.]167"}, {"hashes": ["8c2eae23840b92322f519b3e4a6f4de77561675dc2e518b90db70f456e6eb11d"], "ip": "116[.]2[.]194[.]220"}, {"hashes": ["8c2eae23840b92322f519b3e4a6f4de77561675dc2e518b90db70f456e6eb11d"], "ip": "95[.]221[.]239[.]232"}, {"hashes": ["8c2eae23840b92322f519b3e4a6f4de77561675dc2e518b90db70f456e6eb11d"], "ip": "32[.]202[.]176[.]158"}, {"hashes": ["8c2eae23840b92322f519b3e4a6f4de77561675dc2e518b90db70f456e6eb11d"], "ip": "64[.]175[.]6[.]138"}, {"hashes": ["8c2eae23840b92322f519b3e4a6f4de77561675dc2e518b90db70f456e6eb11d"], "ip": "208[.]86[.]43[.]69"}, {"hashes": ["8c2eae23840b92322f519b3e4a6f4de77561675dc2e518b90db70f456e6eb11d"], "ip": "61[.]127[.]79[.]50"}, {"hashes": ["8c2eae23840b92322f519b3e4a6f4de77561675dc2e518b90db70f456e6eb11d"], "ip": "223[.]59[.]95[.]59"}, {"hashes": ["8c2eae23840b92322f519b3e4a6f4de77561675dc2e518b90db70f456e6eb11d"], "ip": "211[.]159[.]92[.]227"}, {"hashes": ["8c2eae23840b92322f519b3e4a6f4de77561675dc2e518b90db70f456e6eb11d"], "ip": "101[.]225[.]223[.]103"}, {"hashes": ["8c2eae23840b92322f519b3e4a6f4de77561675dc2e518b90db70f456e6eb11d"], "ip": "197[.]189[.]68[.]176"}, {"hashes": ["8c2eae23840b92322f519b3e4a6f4de77561675dc2e518b90db70f456e6eb11d"], "ip": "186[.]97[.]154[.]232"}, {"hashes": ["8c2eae23840b92322f519b3e4a6f4de77561675dc2e518b90db70f456e6eb11d"], "ip": "201[.]191[.]184[.]106"}, {"hashes": ["8c2eae23840b92322f519b3e4a6f4de77561675dc2e518b90db70f456e6eb11d"], "ip": "104[.]89[.]119[.]21"}, {"hashes": ["8c2eae23840b92322f519b3e4a6f4de77561675dc2e518b90db70f456e6eb11d"], "ip": "113[.]187[.]84[.]14"}, {"hashes": ["8c2eae23840b92322f519b3e4a6f4de77561675dc2e518b90db70f456e6eb11d"], "ip": "223[.]25[.]229[.]177"}, {"hashes": ["8c2eae23840b92322f519b3e4a6f4de77561675dc2e518b90db70f456e6eb11d"], "ip": "153[.]4[.]27[.]183"}, {"hashes": ["8c2eae23840b92322f519b3e4a6f4de77561675dc2e518b90db70f456e6eb11d"], "ip": "178[.]177[.]162[.]91"}, {"hashes": ["8c2eae23840b92322f519b3e4a6f4de77561675dc2e518b90db70f456e6eb11d"], "ip": "130[.]107[.]245[.]172"}, {"hashes": ["8c2eae23840b92322f519b3e4a6f4de77561675dc2e518b90db70f456e6eb11d"], "ip": "6[.]60[.]215[.]245"}, {"hashes": ["8c2eae23840b92322f519b3e4a6f4de77561675dc2e518b90db70f456e6eb11d"], "ip": "43[.]105[.]193[.]8"}, {"hashes": ["8c2eae23840b92322f519b3e4a6f4de77561675dc2e518b90db70f456e6eb11d"], "ip": "203[.]154[.]32[.]36"}, {"hashes": ["8c2eae23840b92322f519b3e4a6f4de77561675dc2e518b90db70f456e6eb11d"], "ip": "65[.]122[.]116[.]209"}, {"hashes": ["8c2eae23840b92322f519b3e4a6f4de77561675dc2e518b90db70f456e6eb11d"], "ip": "219[.]238[.]184[.]91"}, {"hashes": ["8c2eae23840b92322f519b3e4a6f4de77561675dc2e518b90db70f456e6eb11d"], "ip": "76[.]145[.]27[.]162"}, {"hashes": ["8c2eae23840b92322f519b3e4a6f4de77561675dc2e518b90db70f456e6eb11d"], "ip": "53[.]152[.]246[.]37"}, {"hashes": ["8c2eae23840b92322f519b3e4a6f4de77561675dc2e518b90db70f456e6eb11d"], "ip": "92[.]136[.]31[.]143"}, {"hashes": ["8c2eae23840b92322f519b3e4a6f4de77561675dc2e518b90db70f456e6eb11d"], "ip": "27[.]165[.]36[.]136"}, {"hashes": ["8c2eae23840b92322f519b3e4a6f4de77561675dc2e518b90db70f456e6eb11d"], "ip": "42[.]15[.]1[.]142"}, {"hashes": ["8c2eae23840b92322f519b3e4a6f4de77561675dc2e518b90db70f456e6eb11d"], "ip": "209[.]8[.]68[.]246"}, {"hashes": ["8c2eae23840b92322f519b3e4a6f4de77561675dc2e518b90db70f456e6eb11d"], "ip": "217[.]223[.]164[.]160"}, {"hashes": ["8c2eae23840b92322f519b3e4a6f4de77561675dc2e518b90db70f456e6eb11d"], "ip": "17[.]48[.]34[.]215"}], "mutex": [{"hashes": ["1e974c0d21c83e55e91faff4440b617a64583f9f96c8171f7cf68057ecd39cde", "29cff4ff6832e7f9ab365a41c001b795d40d53665e89fa573d21392372ca5bba", "3b804ae44f61c1cd29fa4db5b7e1c8449723bf8b0746431dd66ccea50f1121a8", "41915f34381fbbb210f0fa7b5180398381987f3d1b579a97bda4f2d977166e86", "41b20715989d4b18d324903abae7e1dd07f2d2aa0aac11ac4550e5429522b92b", "424ca3b858c29da3180ab7ca0b437d4ae69d3cdf9903e169db0797d60eeb995d", "521adb484233e2ff5d53229fd4b319c7c54c19e089a3439f5250e1f8cb8ef9c8", "5382095e86d7d4c96c6dc82f90295ad9d471a45bdbaeaa7189c7d10a2215577b", "57ebf26260ab809f8549beaf7189c1ff2c52c24eb918b177fa8073b88e9362d1", "68891b546ef28996139fb032bdb305bcffe8ae557c2b4fac43ed4e7fa922d1f4", "6cbeefd5857c713d244475889c17b56330dad07074b93b67e57e1967390c5396", "74be508572debc5809d2d1b12fdf9fc9e9604d5b085980fd5bdf3d6acee8270c", "754e08220e8054d0b44e2a374db48d4e6ab31cb5ec1898a274cd35b32bffad16", "81aef4732a54511af957a5fefd4a5479e685afc547b88ffa136baa6390748078", "872935c53873acdf78176860dddd6448c993d79383a401a9f6e4698d96bdcedd", "8c2eae23840b92322f519b3e4a6f4de77561675dc2e518b90db70f456e6eb11d", "92035f8889ebd991039c6668b420112498d935028ca16f3fe20320ce2aed5ca0", "a77ecb8bf7f9cf783975e0a26f082f326d46474761ef21525cf4d2d5b609cd3c", "aff0653ce35a20cf8bcf254cbeabcb14e89cda034d51f589d8d833d027c25f3e", "c0f654c2518ef407b5d6ca7d173b2e23a42612b37c8e1c074934ea4292654572", "c425ae6a8979fddfcf88cdd53e83b7bcdc399f20b6832ed67d482fbc0c277d88", "f37666d19f8437da69601d1230044323238bfdcca55733da6aecc2426635f49d"], "name": "C59C87A31F74FB56"}, {"hashes": ["1e974c0d21c83e55e91faff4440b617a64583f9f96c8171f7cf68057ecd39cde", "29cff4ff6832e7f9ab365a41c001b795d40d53665e89fa573d21392372ca5bba", "3b804ae44f61c1cd29fa4db5b7e1c8449723bf8b0746431dd66ccea50f1121a8", "41915f34381fbbb210f0fa7b5180398381987f3d1b579a97bda4f2d977166e86", "41b20715989d4b18d324903abae7e1dd07f2d2aa0aac11ac4550e5429522b92b", "424ca3b858c29da3180ab7ca0b437d4ae69d3cdf9903e169db0797d60eeb995d", "521adb484233e2ff5d53229fd4b319c7c54c19e089a3439f5250e1f8cb8ef9c8", "5382095e86d7d4c96c6dc82f90295ad9d471a45bdbaeaa7189c7d10a2215577b", "57ebf26260ab809f8549beaf7189c1ff2c52c24eb918b177fa8073b88e9362d1", "68891b546ef28996139fb032bdb305bcffe8ae557c2b4fac43ed4e7fa922d1f4", "6cbeefd5857c713d244475889c17b56330dad07074b93b67e57e1967390c5396", "74be508572debc5809d2d1b12fdf9fc9e9604d5b085980fd5bdf3d6acee8270c", "754e08220e8054d0b44e2a374db48d4e6ab31cb5ec1898a274cd35b32bffad16", "81aef4732a54511af957a5fefd4a5479e685afc547b88ffa136baa6390748078", "872935c53873acdf78176860dddd6448c993d79383a401a9f6e4698d96bdcedd", "8c2eae23840b92322f519b3e4a6f4de77561675dc2e518b90db70f456e6eb11d", "92035f8889ebd991039c6668b420112498d935028ca16f3fe20320ce2aed5ca0", "a77ecb8bf7f9cf783975e0a26f082f326d46474761ef21525cf4d2d5b609cd3c", "aff0653ce35a20cf8bcf254cbeabcb14e89cda034d51f589d8d833d027c25f3e", "c0f654c2518ef407b5d6ca7d173b2e23a42612b37c8e1c074934ea4292654572", "c425ae6a8979fddfcf88cdd53e83b7bcdc399f20b6832ed67d482fbc0c277d88", "f37666d19f8437da69601d1230044323238bfdcca55733da6aecc2426635f49d"], "name": "Global\\42EDC1955FE17AD4"}, {"hashes": ["1e974c0d21c83e55e91faff4440b617a64583f9f96c8171f7cf68057ecd39cde", "29cff4ff6832e7f9ab365a41c001b795d40d53665e89fa573d21392372ca5bba", "3b804ae44f61c1cd29fa4db5b7e1c8449723bf8b0746431dd66ccea50f1121a8", "41915f34381fbbb210f0fa7b5180398381987f3d1b579a97bda4f2d977166e86", "41b20715989d4b18d324903abae7e1dd07f2d2aa0aac11ac4550e5429522b92b", "424ca3b858c29da3180ab7ca0b437d4ae69d3cdf9903e169db0797d60eeb995d", "521adb484233e2ff5d53229fd4b319c7c54c19e089a3439f5250e1f8cb8ef9c8", "5382095e86d7d4c96c6dc82f90295ad9d471a45bdbaeaa7189c7d10a2215577b", "57ebf26260ab809f8549beaf7189c1ff2c52c24eb918b177fa8073b88e9362d1", "68891b546ef28996139fb032bdb305bcffe8ae557c2b4fac43ed4e7fa922d1f4", "6cbeefd5857c713d244475889c17b56330dad07074b93b67e57e1967390c5396", "74be508572debc5809d2d1b12fdf9fc9e9604d5b085980fd5bdf3d6acee8270c", "754e08220e8054d0b44e2a374db48d4e6ab31cb5ec1898a274cd35b32bffad16", "81aef4732a54511af957a5fefd4a5479e685afc547b88ffa136baa6390748078", "872935c53873acdf78176860dddd6448c993d79383a401a9f6e4698d96bdcedd", "8c2eae23840b92322f519b3e4a6f4de77561675dc2e518b90db70f456e6eb11d", "92035f8889ebd991039c6668b420112498d935028ca16f3fe20320ce2aed5ca0", "a77ecb8bf7f9cf783975e0a26f082f326d46474761ef21525cf4d2d5b609cd3c", "aff0653ce35a20cf8bcf254cbeabcb14e89cda034d51f589d8d833d027c25f3e", "c0f654c2518ef407b5d6ca7d173b2e23a42612b37c8e1c074934ea4292654572", "c425ae6a8979fddfcf88cdd53e83b7bcdc399f20b6832ed67d482fbc0c277d88", "f37666d19f8437da69601d1230044323238bfdcca55733da6aecc2426635f49d"], "name": "0D0D9BEBF5D08E7A"}, {"hashes": ["1e974c0d21c83e55e91faff4440b617a64583f9f96c8171f7cf68057ecd39cde", "29cff4ff6832e7f9ab365a41c001b795d40d53665e89fa573d21392372ca5bba", "3b804ae44f61c1cd29fa4db5b7e1c8449723bf8b0746431dd66ccea50f1121a8", "41915f34381fbbb210f0fa7b5180398381987f3d1b579a97bda4f2d977166e86", "41b20715989d4b18d324903abae7e1dd07f2d2aa0aac11ac4550e5429522b92b", "424ca3b858c29da3180ab7ca0b437d4ae69d3cdf9903e169db0797d60eeb995d", "521adb484233e2ff5d53229fd4b319c7c54c19e089a3439f5250e1f8cb8ef9c8", "5382095e86d7d4c96c6dc82f90295ad9d471a45bdbaeaa7189c7d10a2215577b", "57ebf26260ab809f8549beaf7189c1ff2c52c24eb918b177fa8073b88e9362d1", "68891b546ef28996139fb032bdb305bcffe8ae557c2b4fac43ed4e7fa922d1f4", "6cbeefd5857c713d244475889c17b56330dad07074b93b67e57e1967390c5396", "74be508572debc5809d2d1b12fdf9fc9e9604d5b085980fd5bdf3d6acee8270c", "754e08220e8054d0b44e2a374db48d4e6ab31cb5ec1898a274cd35b32bffad16", "81aef4732a54511af957a5fefd4a5479e685afc547b88ffa136baa6390748078", "872935c53873acdf78176860dddd6448c993d79383a401a9f6e4698d96bdcedd", "8c2eae23840b92322f519b3e4a6f4de77561675dc2e518b90db70f456e6eb11d", "92035f8889ebd991039c6668b420112498d935028ca16f3fe20320ce2aed5ca0", "a77ecb8bf7f9cf783975e0a26f082f326d46474761ef21525cf4d2d5b609cd3c", "aff0653ce35a20cf8bcf254cbeabcb14e89cda034d51f589d8d833d027c25f3e", "c0f654c2518ef407b5d6ca7d173b2e23a42612b37c8e1c074934ea4292654572", "c425ae6a8979fddfcf88cdd53e83b7bcdc399f20b6832ed67d482fbc0c277d88", "f37666d19f8437da69601d1230044323238bfdcca55733da6aecc2426635f49d"], "name": "1315B41013857E19"}, {"hashes": ["1e974c0d21c83e55e91faff4440b617a64583f9f96c8171f7cf68057ecd39cde", "41915f34381fbbb210f0fa7b5180398381987f3d1b579a97bda4f2d977166e86", "74be508572debc5809d2d1b12fdf9fc9e9604d5b085980fd5bdf3d6acee8270c", "81aef4732a54511af957a5fefd4a5479e685afc547b88ffa136baa6390748078", "8c2eae23840b92322f519b3e4a6f4de77561675dc2e518b90db70f456e6eb11d", "f37666d19f8437da69601d1230044323238bfdcca55733da6aecc2426635f49d"], "name": "B8ED4D143840045A"}, {"hashes": ["1e974c0d21c83e55e91faff4440b617a64583f9f96c8171f7cf68057ecd39cde", "41915f34381fbbb210f0fa7b5180398381987f3d1b579a97bda4f2d977166e86", "74be508572debc5809d2d1b12fdf9fc9e9604d5b085980fd5bdf3d6acee8270c", "81aef4732a54511af957a5fefd4a5479e685afc547b88ffa136baa6390748078", "8c2eae23840b92322f519b3e4a6f4de77561675dc2e518b90db70f456e6eb11d", "f37666d19f8437da69601d1230044323238bfdcca55733da6aecc2426635f49d"], "name": "6DD7DBFFCEB24BFD"}, {"hashes": ["1e974c0d21c83e55e91faff4440b617a64583f9f96c8171f7cf68057ecd39cde", "41915f34381fbbb210f0fa7b5180398381987f3d1b579a97bda4f2d977166e86", "74be508572debc5809d2d1b12fdf9fc9e9604d5b085980fd5bdf3d6acee8270c", "81aef4732a54511af957a5fefd4a5479e685afc547b88ffa136baa6390748078", "8c2eae23840b92322f519b3e4a6f4de77561675dc2e518b90db70f456e6eb11d", "f37666d19f8437da69601d1230044323238bfdcca55733da6aecc2426635f49d"], "name": "Global\\CD5FF936B43684FB"}], "registry": [{"hashes": ["1e974c0d21c83e55e91faff4440b617a64583f9f96c8171f7cf68057ecd39cde", "29cff4ff6832e7f9ab365a41c001b795d40d53665e89fa573d21392372ca5bba", "3b804ae44f61c1cd29fa4db5b7e1c8449723bf8b0746431dd66ccea50f1121a8", "41915f34381fbbb210f0fa7b5180398381987f3d1b579a97bda4f2d977166e86", "41b20715989d4b18d324903abae7e1dd07f2d2aa0aac11ac4550e5429522b92b", "424ca3b858c29da3180ab7ca0b437d4ae69d3cdf9903e169db0797d60eeb995d", "521adb484233e2ff5d53229fd4b319c7c54c19e089a3439f5250e1f8cb8ef9c8", "5382095e86d7d4c96c6dc82f90295ad9d471a45bdbaeaa7189c7d10a2215577b", "57ebf26260ab809f8549beaf7189c1ff2c52c24eb918b177fa8073b88e9362d1", "68891b546ef28996139fb032bdb305bcffe8ae557c2b4fac43ed4e7fa922d1f4", "6cbeefd5857c713d244475889c17b56330dad07074b93b67e57e1967390c5396", "74be508572debc5809d2d1b12fdf9fc9e9604d5b085980fd5bdf3d6acee8270c", "754e08220e8054d0b44e2a374db48d4e6ab31cb5ec1898a274cd35b32bffad16", "81aef4732a54511af957a5fefd4a5479e685afc547b88ffa136baa6390748078", "872935c53873acdf78176860dddd6448c993d79383a401a9f6e4698d96bdcedd", "8c2eae23840b92322f519b3e4a6f4de77561675dc2e518b90db70f456e6eb11d", "92035f8889ebd991039c6668b420112498d935028ca16f3fe20320ce2aed5ca0", "a77ecb8bf7f9cf783975e0a26f082f326d46474761ef21525cf4d2d5b609cd3c", "aff0653ce35a20cf8bcf254cbeabcb14e89cda034d51f589d8d833d027c25f3e", "c0f654c2518ef407b5d6ca7d173b2e23a42612b37c8e1c074934ea4292654572", "c425ae6a8979fddfcf88cdd53e83b7bcdc399f20b6832ed67d482fbc0c277d88", "f37666d19f8437da69601d1230044323238bfdcca55733da6aecc2426635f49d"], "key": "<HKLM>\\SOFTWARE\\POLICIES\\MICROSOFT\\WINDOWS\\WINDOWSUPDATE", "value_name": "DisableOSUpgrade"}, {"hashes": ["1e974c0d21c83e55e91faff4440b617a64583f9f96c8171f7cf68057ecd39cde", "29cff4ff6832e7f9ab365a41c001b795d40d53665e89fa573d21392372ca5bba", "3b804ae44f61c1cd29fa4db5b7e1c8449723bf8b0746431dd66ccea50f1121a8", "41915f34381fbbb210f0fa7b5180398381987f3d1b579a97bda4f2d977166e86", "41b20715989d4b18d324903abae7e1dd07f2d2aa0aac11ac4550e5429522b92b", "424ca3b858c29da3180ab7ca0b437d4ae69d3cdf9903e169db0797d60eeb995d", "521adb484233e2ff5d53229fd4b319c7c54c19e089a3439f5250e1f8cb8ef9c8", "5382095e86d7d4c96c6dc82f90295ad9d471a45bdbaeaa7189c7d10a2215577b", "57ebf26260ab809f8549beaf7189c1ff2c52c24eb918b177fa8073b88e9362d1", "68891b546ef28996139fb032bdb305bcffe8ae557c2b4fac43ed4e7fa922d1f4", "6cbeefd5857c713d244475889c17b56330dad07074b93b67e57e1967390c5396", "74be508572debc5809d2d1b12fdf9fc9e9604d5b085980fd5bdf3d6acee8270c", "754e08220e8054d0b44e2a374db48d4e6ab31cb5ec1898a274cd35b32bffad16", "81aef4732a54511af957a5fefd4a5479e685afc547b88ffa136baa6390748078", "872935c53873acdf78176860dddd6448c993d79383a401a9f6e4698d96bdcedd", "8c2eae23840b92322f519b3e4a6f4de77561675dc2e518b90db70f456e6eb11d", "92035f8889ebd991039c6668b420112498d935028ca16f3fe20320ce2aed5ca0", "a77ecb8bf7f9cf783975e0a26f082f326d46474761ef21525cf4d2d5b609cd3c", "aff0653ce35a20cf8bcf254cbeabcb14e89cda034d51f589d8d833d027c25f3e", "c0f654c2518ef407b5d6ca7d173b2e23a42612b37c8e1c074934ea4292654572", "c425ae6a8979fddfcf88cdd53e83b7bcdc399f20b6832ed67d482fbc0c277d88", "f37666d19f8437da69601d1230044323238bfdcca55733da6aecc2426635f49d"], "key": "<HKLM>\\SOFTWARE\\POLICIES\\MICROSOFT\\WINDOWS\\WINDOWSUPDATE\\OSUPGRADE", "value_name": "ReservationsAllowed"}, {"hashes": ["1e974c0d21c83e55e91faff4440b617a64583f9f96c8171f7cf68057ecd39cde", "29cff4ff6832e7f9ab365a41c001b795d40d53665e89fa573d21392372ca5bba", "3b804ae44f61c1cd29fa4db5b7e1c8449723bf8b0746431dd66ccea50f1121a8", "41915f34381fbbb210f0fa7b5180398381987f3d1b579a97bda4f2d977166e86", "41b20715989d4b18d324903abae7e1dd07f2d2aa0aac11ac4550e5429522b92b", "424ca3b858c29da3180ab7ca0b437d4ae69d3cdf9903e169db0797d60eeb995d", "521adb484233e2ff5d53229fd4b319c7c54c19e089a3439f5250e1f8cb8ef9c8", "5382095e86d7d4c96c6dc82f90295ad9d471a45bdbaeaa7189c7d10a2215577b", "57ebf26260ab809f8549beaf7189c1ff2c52c24eb918b177fa8073b88e9362d1", "68891b546ef28996139fb032bdb305bcffe8ae557c2b4fac43ed4e7fa922d1f4", "6cbeefd5857c713d244475889c17b56330dad07074b93b67e57e1967390c5396", "74be508572debc5809d2d1b12fdf9fc9e9604d5b085980fd5bdf3d6acee8270c", "754e08220e8054d0b44e2a374db48d4e6ab31cb5ec1898a274cd35b32bffad16", "81aef4732a54511af957a5fefd4a5479e685afc547b88ffa136baa6390748078", "872935c53873acdf78176860dddd6448c993d79383a401a9f6e4698d96bdcedd", "8c2eae23840b92322f519b3e4a6f4de77561675dc2e518b90db70f456e6eb11d", "92035f8889ebd991039c6668b420112498d935028ca16f3fe20320ce2aed5ca0", "a77ecb8bf7f9cf783975e0a26f082f326d46474761ef21525cf4d2d5b609cd3c", "aff0653ce35a20cf8bcf254cbeabcb14e89cda034d51f589d8d833d027c25f3e", "c0f654c2518ef407b5d6ca7d173b2e23a42612b37c8e1c074934ea4292654572", "c425ae6a8979fddfcf88cdd53e83b7bcdc399f20b6832ed67d482fbc0c277d88", "f37666d19f8437da69601d1230044323238bfdcca55733da6aecc2426635f49d"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\FC6A75BE78", "value_name": "0521341d"}, {"hashes": ["1e974c0d21c83e55e91faff4440b617a64583f9f96c8171f7cf68057ecd39cde", "29cff4ff6832e7f9ab365a41c001b795d40d53665e89fa573d21392372ca5bba", "3b804ae44f61c1cd29fa4db5b7e1c8449723bf8b0746431dd66ccea50f1121a8", "41915f34381fbbb210f0fa7b5180398381987f3d1b579a97bda4f2d977166e86", "41b20715989d4b18d324903abae7e1dd07f2d2aa0aac11ac4550e5429522b92b", "424ca3b858c29da3180ab7ca0b437d4ae69d3cdf9903e169db0797d60eeb995d", "521adb484233e2ff5d53229fd4b319c7c54c19e089a3439f5250e1f8cb8ef9c8", "5382095e86d7d4c96c6dc82f90295ad9d471a45bdbaeaa7189c7d10a2215577b", "57ebf26260ab809f8549beaf7189c1ff2c52c24eb918b177fa8073b88e9362d1", "68891b546ef28996139fb032bdb305bcffe8ae557c2b4fac43ed4e7fa922d1f4", "6cbeefd5857c713d244475889c17b56330dad07074b93b67e57e1967390c5396", "74be508572debc5809d2d1b12fdf9fc9e9604d5b085980fd5bdf3d6acee8270c", "754e08220e8054d0b44e2a374db48d4e6ab31cb5ec1898a274cd35b32bffad16", "81aef4732a54511af957a5fefd4a5479e685afc547b88ffa136baa6390748078", "872935c53873acdf78176860dddd6448c993d79383a401a9f6e4698d96bdcedd", "8c2eae23840b92322f519b3e4a6f4de77561675dc2e518b90db70f456e6eb11d", "92035f8889ebd991039c6668b420112498d935028ca16f3fe20320ce2aed5ca0", "a77ecb8bf7f9cf783975e0a26f082f326d46474761ef21525cf4d2d5b609cd3c", "aff0653ce35a20cf8bcf254cbeabcb14e89cda034d51f589d8d833d027c25f3e", "c0f654c2518ef407b5d6ca7d173b2e23a42612b37c8e1c074934ea4292654572", "c425ae6a8979fddfcf88cdd53e83b7bcdc399f20b6832ed67d482fbc0c277d88", "f37666d19f8437da69601d1230044323238bfdcca55733da6aecc2426635f49d"], "key": "<HKCU>\\SOFTWARE\\FC6A75BE78", "value_name": "0521341d"}, {"hashes": ["1e974c0d21c83e55e91faff4440b617a64583f9f96c8171f7cf68057ecd39cde", "29cff4ff6832e7f9ab365a41c001b795d40d53665e89fa573d21392372ca5bba", "3b804ae44f61c1cd29fa4db5b7e1c8449723bf8b0746431dd66ccea50f1121a8", "41915f34381fbbb210f0fa7b5180398381987f3d1b579a97bda4f2d977166e86", "41b20715989d4b18d324903abae7e1dd07f2d2aa0aac11ac4550e5429522b92b", "424ca3b858c29da3180ab7ca0b437d4ae69d3cdf9903e169db0797d60eeb995d", "521adb484233e2ff5d53229fd4b319c7c54c19e089a3439f5250e1f8cb8ef9c8", "5382095e86d7d4c96c6dc82f90295ad9d471a45bdbaeaa7189c7d10a2215577b", "57ebf26260ab809f8549beaf7189c1ff2c52c24eb918b177fa8073b88e9362d1", "68891b546ef28996139fb032bdb305bcffe8ae557c2b4fac43ed4e7fa922d1f4", "6cbeefd5857c713d244475889c17b56330dad07074b93b67e57e1967390c5396", "74be508572debc5809d2d1b12fdf9fc9e9604d5b085980fd5bdf3d6acee8270c", "754e08220e8054d0b44e2a374db48d4e6ab31cb5ec1898a274cd35b32bffad16", "81aef4732a54511af957a5fefd4a5479e685afc547b88ffa136baa6390748078", "872935c53873acdf78176860dddd6448c993d79383a401a9f6e4698d96bdcedd", "8c2eae23840b92322f519b3e4a6f4de77561675dc2e518b90db70f456e6eb11d", "92035f8889ebd991039c6668b420112498d935028ca16f3fe20320ce2aed5ca0", "a77ecb8bf7f9cf783975e0a26f082f326d46474761ef21525cf4d2d5b609cd3c", "aff0653ce35a20cf8bcf254cbeabcb14e89cda034d51f589d8d833d027c25f3e", "c0f654c2518ef407b5d6ca7d173b2e23a42612b37c8e1c074934ea4292654572", "c425ae6a8979fddfcf88cdd53e83b7bcdc399f20b6832ed67d482fbc0c277d88", "f37666d19f8437da69601d1230044323238bfdcca55733da6aecc2426635f49d"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\EXPLORER\\RUN", "value_name": null}, {"hashes": ["1e974c0d21c83e55e91faff4440b617a64583f9f96c8171f7cf68057ecd39cde", "29cff4ff6832e7f9ab365a41c001b795d40d53665e89fa573d21392372ca5bba", "3b804ae44f61c1cd29fa4db5b7e1c8449723bf8b0746431dd66ccea50f1121a8", "41915f34381fbbb210f0fa7b5180398381987f3d1b579a97bda4f2d977166e86", "41b20715989d4b18d324903abae7e1dd07f2d2aa0aac11ac4550e5429522b92b", "424ca3b858c29da3180ab7ca0b437d4ae69d3cdf9903e169db0797d60eeb995d", "521adb484233e2ff5d53229fd4b319c7c54c19e089a3439f5250e1f8cb8ef9c8", "5382095e86d7d4c96c6dc82f90295ad9d471a45bdbaeaa7189c7d10a2215577b", "57ebf26260ab809f8549beaf7189c1ff2c52c24eb918b177fa8073b88e9362d1", "68891b546ef28996139fb032bdb305bcffe8ae557c2b4fac43ed4e7fa922d1f4", "6cbeefd5857c713d244475889c17b56330dad07074b93b67e57e1967390c5396", "74be508572debc5809d2d1b12fdf9fc9e9604d5b085980fd5bdf3d6acee8270c", "754e08220e8054d0b44e2a374db48d4e6ab31cb5ec1898a274cd35b32bffad16", "81aef4732a54511af957a5fefd4a5479e685afc547b88ffa136baa6390748078", "872935c53873acdf78176860dddd6448c993d79383a401a9f6e4698d96bdcedd", "8c2eae23840b92322f519b3e4a6f4de77561675dc2e518b90db70f456e6eb11d", "92035f8889ebd991039c6668b420112498d935028ca16f3fe20320ce2aed5ca0", "a77ecb8bf7f9cf783975e0a26f082f326d46474761ef21525cf4d2d5b609cd3c", "aff0653ce35a20cf8bcf254cbeabcb14e89cda034d51f589d8d833d027c25f3e", "c0f654c2518ef407b5d6ca7d173b2e23a42612b37c8e1c074934ea4292654572", "c425ae6a8979fddfcf88cdd53e83b7bcdc399f20b6832ed67d482fbc0c277d88", "f37666d19f8437da69601d1230044323238bfdcca55733da6aecc2426635f49d"], "key": "<HKLM>\\SOFTWARE\\POLICIES\\MICROSOFT\\WINDOWS\\WINDOWSUPDATE", "value_name": null}, {"hashes": ["1e974c0d21c83e55e91faff4440b617a64583f9f96c8171f7cf68057ecd39cde", "29cff4ff6832e7f9ab365a41c001b795d40d53665e89fa573d21392372ca5bba", "3b804ae44f61c1cd29fa4db5b7e1c8449723bf8b0746431dd66ccea50f1121a8", "41915f34381fbbb210f0fa7b5180398381987f3d1b579a97bda4f2d977166e86", "41b20715989d4b18d324903abae7e1dd07f2d2aa0aac11ac4550e5429522b92b", "424ca3b858c29da3180ab7ca0b437d4ae69d3cdf9903e169db0797d60eeb995d", "521adb484233e2ff5d53229fd4b319c7c54c19e089a3439f5250e1f8cb8ef9c8", "5382095e86d7d4c96c6dc82f90295ad9d471a45bdbaeaa7189c7d10a2215577b", "57ebf26260ab809f8549beaf7189c1ff2c52c24eb918b177fa8073b88e9362d1", "68891b546ef28996139fb032bdb305bcffe8ae557c2b4fac43ed4e7fa922d1f4", "6cbeefd5857c713d244475889c17b56330dad07074b93b67e57e1967390c5396", "74be508572debc5809d2d1b12fdf9fc9e9604d5b085980fd5bdf3d6acee8270c", "754e08220e8054d0b44e2a374db48d4e6ab31cb5ec1898a274cd35b32bffad16", "81aef4732a54511af957a5fefd4a5479e685afc547b88ffa136baa6390748078", "872935c53873acdf78176860dddd6448c993d79383a401a9f6e4698d96bdcedd", "8c2eae23840b92322f519b3e4a6f4de77561675dc2e518b90db70f456e6eb11d", "92035f8889ebd991039c6668b420112498d935028ca16f3fe20320ce2aed5ca0", "a77ecb8bf7f9cf783975e0a26f082f326d46474761ef21525cf4d2d5b609cd3c", "aff0653ce35a20cf8bcf254cbeabcb14e89cda034d51f589d8d833d027c25f3e", "c0f654c2518ef407b5d6ca7d173b2e23a42612b37c8e1c074934ea4292654572", "c425ae6a8979fddfcf88cdd53e83b7bcdc399f20b6832ed67d482fbc0c277d88", "f37666d19f8437da69601d1230044323238bfdcca55733da6aecc2426635f49d"], "key": "<HKLM>\\SOFTWARE\\POLICIES\\MICROSOFT\\WINDOWS\\WINDOWSUPDATE\\OSUPGRADE", "value_name": null}, {"hashes": ["1e974c0d21c83e55e91faff4440b617a64583f9f96c8171f7cf68057ecd39cde", "29cff4ff6832e7f9ab365a41c001b795d40d53665e89fa573d21392372ca5bba", "3b804ae44f61c1cd29fa4db5b7e1c8449723bf8b0746431dd66ccea50f1121a8", "41915f34381fbbb210f0fa7b5180398381987f3d1b579a97bda4f2d977166e86", "41b20715989d4b18d324903abae7e1dd07f2d2aa0aac11ac4550e5429522b92b", "424ca3b858c29da3180ab7ca0b437d4ae69d3cdf9903e169db0797d60eeb995d", "521adb484233e2ff5d53229fd4b319c7c54c19e089a3439f5250e1f8cb8ef9c8", "5382095e86d7d4c96c6dc82f90295ad9d471a45bdbaeaa7189c7d10a2215577b", "57ebf26260ab809f8549beaf7189c1ff2c52c24eb918b177fa8073b88e9362d1", "68891b546ef28996139fb032bdb305bcffe8ae557c2b4fac43ed4e7fa922d1f4", "6cbeefd5857c713d244475889c17b56330dad07074b93b67e57e1967390c5396", "74be508572debc5809d2d1b12fdf9fc9e9604d5b085980fd5bdf3d6acee8270c", "754e08220e8054d0b44e2a374db48d4e6ab31cb5ec1898a274cd35b32bffad16", "81aef4732a54511af957a5fefd4a5479e685afc547b88ffa136baa6390748078", "872935c53873acdf78176860dddd6448c993d79383a401a9f6e4698d96bdcedd", "8c2eae23840b92322f519b3e4a6f4de77561675dc2e518b90db70f456e6eb11d", "92035f8889ebd991039c6668b420112498d935028ca16f3fe20320ce2aed5ca0", "a77ecb8bf7f9cf783975e0a26f082f326d46474761ef21525cf4d2d5b609cd3c", "aff0653ce35a20cf8bcf254cbeabcb14e89cda034d51f589d8d833d027c25f3e", "c0f654c2518ef407b5d6ca7d173b2e23a42612b37c8e1c074934ea4292654572", "c425ae6a8979fddfcf88cdd53e83b7bcdc399f20b6832ed67d482fbc0c277d88", "f37666d19f8437da69601d1230044323238bfdcca55733da6aecc2426635f49d"], "key": "<HKCU>\\SOFTWARE\\FC6A75BE78", "value_name": null}, {"hashes": ["1e974c0d21c83e55e91faff4440b617a64583f9f96c8171f7cf68057ecd39cde", "29cff4ff6832e7f9ab365a41c001b795d40d53665e89fa573d21392372ca5bba", "3b804ae44f61c1cd29fa4db5b7e1c8449723bf8b0746431dd66ccea50f1121a8", "41915f34381fbbb210f0fa7b5180398381987f3d1b579a97bda4f2d977166e86", "41b20715989d4b18d324903abae7e1dd07f2d2aa0aac11ac4550e5429522b92b", "424ca3b858c29da3180ab7ca0b437d4ae69d3cdf9903e169db0797d60eeb995d", "521adb484233e2ff5d53229fd4b319c7c54c19e089a3439f5250e1f8cb8ef9c8", "5382095e86d7d4c96c6dc82f90295ad9d471a45bdbaeaa7189c7d10a2215577b", "57ebf26260ab809f8549beaf7189c1ff2c52c24eb918b177fa8073b88e9362d1", "68891b546ef28996139fb032bdb305bcffe8ae557c2b4fac43ed4e7fa922d1f4", "6cbeefd5857c713d244475889c17b56330dad07074b93b67e57e1967390c5396", "74be508572debc5809d2d1b12fdf9fc9e9604d5b085980fd5bdf3d6acee8270c", "754e08220e8054d0b44e2a374db48d4e6ab31cb5ec1898a274cd35b32bffad16", "81aef4732a54511af957a5fefd4a5479e685afc547b88ffa136baa6390748078", "872935c53873acdf78176860dddd6448c993d79383a401a9f6e4698d96bdcedd", "8c2eae23840b92322f519b3e4a6f4de77561675dc2e518b90db70f456e6eb11d", "92035f8889ebd991039c6668b420112498d935028ca16f3fe20320ce2aed5ca0", "a77ecb8bf7f9cf783975e0a26f082f326d46474761ef21525cf4d2d5b609cd3c", "aff0653ce35a20cf8bcf254cbeabcb14e89cda034d51f589d8d833d027c25f3e", "c0f654c2518ef407b5d6ca7d173b2e23a42612b37c8e1c074934ea4292654572", "c425ae6a8979fddfcf88cdd53e83b7bcdc399f20b6832ed67d482fbc0c277d88", "f37666d19f8437da69601d1230044323238bfdcca55733da6aecc2426635f49d"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\FC6A75BE78", "value_name": null}, {"hashes": ["1e974c0d21c83e55e91faff4440b617a64583f9f96c8171f7cf68057ecd39cde", "29cff4ff6832e7f9ab365a41c001b795d40d53665e89fa573d21392372ca5bba", "3b804ae44f61c1cd29fa4db5b7e1c8449723bf8b0746431dd66ccea50f1121a8", "41915f34381fbbb210f0fa7b5180398381987f3d1b579a97bda4f2d977166e86", "41b20715989d4b18d324903abae7e1dd07f2d2aa0aac11ac4550e5429522b92b", "424ca3b858c29da3180ab7ca0b437d4ae69d3cdf9903e169db0797d60eeb995d", "521adb484233e2ff5d53229fd4b319c7c54c19e089a3439f5250e1f8cb8ef9c8", "5382095e86d7d4c96c6dc82f90295ad9d471a45bdbaeaa7189c7d10a2215577b", "57ebf26260ab809f8549beaf7189c1ff2c52c24eb918b177fa8073b88e9362d1", "68891b546ef28996139fb032bdb305bcffe8ae557c2b4fac43ed4e7fa922d1f4", "6cbeefd5857c713d244475889c17b56330dad07074b93b67e57e1967390c5396", "74be508572debc5809d2d1b12fdf9fc9e9604d5b085980fd5bdf3d6acee8270c", "754e08220e8054d0b44e2a374db48d4e6ab31cb5ec1898a274cd35b32bffad16", "81aef4732a54511af957a5fefd4a5479e685afc547b88ffa136baa6390748078", "872935c53873acdf78176860dddd6448c993d79383a401a9f6e4698d96bdcedd", "8c2eae23840b92322f519b3e4a6f4de77561675dc2e518b90db70f456e6eb11d", "92035f8889ebd991039c6668b420112498d935028ca16f3fe20320ce2aed5ca0", "a77ecb8bf7f9cf783975e0a26f082f326d46474761ef21525cf4d2d5b609cd3c", "aff0653ce35a20cf8bcf254cbeabcb14e89cda034d51f589d8d833d027c25f3e", "c0f654c2518ef407b5d6ca7d173b2e23a42612b37c8e1c074934ea4292654572", "c425ae6a8979fddfcf88cdd53e83b7bcdc399f20b6832ed67d482fbc0c277d88", "f37666d19f8437da69601d1230044323238bfdcca55733da6aecc2426635f49d"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\ACTION CENTER\\CHECKS\\{E8433B72-5842-4D43-8645-BC2C35960837}.CHECK.100", "value_name": "CheckSetting"}, {"hashes": ["1e974c0d21c83e55e91faff4440b617a64583f9f96c8171f7cf68057ecd39cde", "29cff4ff6832e7f9ab365a41c001b795d40d53665e89fa573d21392372ca5bba", "3b804ae44f61c1cd29fa4db5b7e1c8449723bf8b0746431dd66ccea50f1121a8", "41915f34381fbbb210f0fa7b5180398381987f3d1b579a97bda4f2d977166e86", "41b20715989d4b18d324903abae7e1dd07f2d2aa0aac11ac4550e5429522b92b", "424ca3b858c29da3180ab7ca0b437d4ae69d3cdf9903e169db0797d60eeb995d", "521adb484233e2ff5d53229fd4b319c7c54c19e089a3439f5250e1f8cb8ef9c8", "5382095e86d7d4c96c6dc82f90295ad9d471a45bdbaeaa7189c7d10a2215577b", "57ebf26260ab809f8549beaf7189c1ff2c52c24eb918b177fa8073b88e9362d1", "68891b546ef28996139fb032bdb305bcffe8ae557c2b4fac43ed4e7fa922d1f4", "6cbeefd5857c713d244475889c17b56330dad07074b93b67e57e1967390c5396", "74be508572debc5809d2d1b12fdf9fc9e9604d5b085980fd5bdf3d6acee8270c", "754e08220e8054d0b44e2a374db48d4e6ab31cb5ec1898a274cd35b32bffad16", "81aef4732a54511af957a5fefd4a5479e685afc547b88ffa136baa6390748078", "872935c53873acdf78176860dddd6448c993d79383a401a9f6e4698d96bdcedd", "8c2eae23840b92322f519b3e4a6f4de77561675dc2e518b90db70f456e6eb11d", "92035f8889ebd991039c6668b420112498d935028ca16f3fe20320ce2aed5ca0", "a77ecb8bf7f9cf783975e0a26f082f326d46474761ef21525cf4d2d5b609cd3c", "aff0653ce35a20cf8bcf254cbeabcb14e89cda034d51f589d8d833d027c25f3e", "c0f654c2518ef407b5d6ca7d173b2e23a42612b37c8e1c074934ea4292654572", "c425ae6a8979fddfcf88cdd53e83b7bcdc399f20b6832ed67d482fbc0c277d88", "f37666d19f8437da69601d1230044323238bfdcca55733da6aecc2426635f49d"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\ACTION CENTER\\CHECKS\\{E8433B72-5842-4D43-8645-BC2C35960837}.CHECK.102", "value_name": "CheckSetting"}, {"hashes": ["1e974c0d21c83e55e91faff4440b617a64583f9f96c8171f7cf68057ecd39cde", "29cff4ff6832e7f9ab365a41c001b795d40d53665e89fa573d21392372ca5bba", "3b804ae44f61c1cd29fa4db5b7e1c8449723bf8b0746431dd66ccea50f1121a8", "41915f34381fbbb210f0fa7b5180398381987f3d1b579a97bda4f2d977166e86", "41b20715989d4b18d324903abae7e1dd07f2d2aa0aac11ac4550e5429522b92b", "424ca3b858c29da3180ab7ca0b437d4ae69d3cdf9903e169db0797d60eeb995d", "521adb484233e2ff5d53229fd4b319c7c54c19e089a3439f5250e1f8cb8ef9c8", "5382095e86d7d4c96c6dc82f90295ad9d471a45bdbaeaa7189c7d10a2215577b", "57ebf26260ab809f8549beaf7189c1ff2c52c24eb918b177fa8073b88e9362d1", "68891b546ef28996139fb032bdb305bcffe8ae557c2b4fac43ed4e7fa922d1f4", "6cbeefd5857c713d244475889c17b56330dad07074b93b67e57e1967390c5396", "74be508572debc5809d2d1b12fdf9fc9e9604d5b085980fd5bdf3d6acee8270c", "754e08220e8054d0b44e2a374db48d4e6ab31cb5ec1898a274cd35b32bffad16", "81aef4732a54511af957a5fefd4a5479e685afc547b88ffa136baa6390748078", "872935c53873acdf78176860dddd6448c993d79383a401a9f6e4698d96bdcedd", "8c2eae23840b92322f519b3e4a6f4de77561675dc2e518b90db70f456e6eb11d", "92035f8889ebd991039c6668b420112498d935028ca16f3fe20320ce2aed5ca0", "a77ecb8bf7f9cf783975e0a26f082f326d46474761ef21525cf4d2d5b609cd3c", "aff0653ce35a20cf8bcf254cbeabcb14e89cda034d51f589d8d833d027c25f3e", "c0f654c2518ef407b5d6ca7d173b2e23a42612b37c8e1c074934ea4292654572", "c425ae6a8979fddfcf88cdd53e83b7bcdc399f20b6832ed67d482fbc0c277d88", "f37666d19f8437da69601d1230044323238bfdcca55733da6aecc2426635f49d"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\ACTION CENTER\\CHECKS\\{E8433B72-5842-4D43-8645-BC2C35960837}.CHECK.104", "value_name": "CheckSetting"}, {"hashes": ["1e974c0d21c83e55e91faff4440b617a64583f9f96c8171f7cf68057ecd39cde", "29cff4ff6832e7f9ab365a41c001b795d40d53665e89fa573d21392372ca5bba", "3b804ae44f61c1cd29fa4db5b7e1c8449723bf8b0746431dd66ccea50f1121a8", "41915f34381fbbb210f0fa7b5180398381987f3d1b579a97bda4f2d977166e86", "41b20715989d4b18d324903abae7e1dd07f2d2aa0aac11ac4550e5429522b92b", "424ca3b858c29da3180ab7ca0b437d4ae69d3cdf9903e169db0797d60eeb995d", "521adb484233e2ff5d53229fd4b319c7c54c19e089a3439f5250e1f8cb8ef9c8", "5382095e86d7d4c96c6dc82f90295ad9d471a45bdbaeaa7189c7d10a2215577b", "57ebf26260ab809f8549beaf7189c1ff2c52c24eb918b177fa8073b88e9362d1", "68891b546ef28996139fb032bdb305bcffe8ae557c2b4fac43ed4e7fa922d1f4", "6cbeefd5857c713d244475889c17b56330dad07074b93b67e57e1967390c5396", "74be508572debc5809d2d1b12fdf9fc9e9604d5b085980fd5bdf3d6acee8270c", "754e08220e8054d0b44e2a374db48d4e6ab31cb5ec1898a274cd35b32bffad16", "81aef4732a54511af957a5fefd4a5479e685afc547b88ffa136baa6390748078", "872935c53873acdf78176860dddd6448c993d79383a401a9f6e4698d96bdcedd", "8c2eae23840b92322f519b3e4a6f4de77561675dc2e518b90db70f456e6eb11d", "92035f8889ebd991039c6668b420112498d935028ca16f3fe20320ce2aed5ca0", "a77ecb8bf7f9cf783975e0a26f082f326d46474761ef21525cf4d2d5b609cd3c", "aff0653ce35a20cf8bcf254cbeabcb14e89cda034d51f589d8d833d027c25f3e", "c0f654c2518ef407b5d6ca7d173b2e23a42612b37c8e1c074934ea4292654572", "c425ae6a8979fddfcf88cdd53e83b7bcdc399f20b6832ed67d482fbc0c277d88", "f37666d19f8437da69601d1230044323238bfdcca55733da6aecc2426635f49d"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\FC6A75BE78", "value_name": "bca7705c"}, {"hashes": ["1e974c0d21c83e55e91faff4440b617a64583f9f96c8171f7cf68057ecd39cde", "29cff4ff6832e7f9ab365a41c001b795d40d53665e89fa573d21392372ca5bba", "3b804ae44f61c1cd29fa4db5b7e1c8449723bf8b0746431dd66ccea50f1121a8", "41915f34381fbbb210f0fa7b5180398381987f3d1b579a97bda4f2d977166e86", "41b20715989d4b18d324903abae7e1dd07f2d2aa0aac11ac4550e5429522b92b", "424ca3b858c29da3180ab7ca0b437d4ae69d3cdf9903e169db0797d60eeb995d", "521adb484233e2ff5d53229fd4b319c7c54c19e089a3439f5250e1f8cb8ef9c8", "5382095e86d7d4c96c6dc82f90295ad9d471a45bdbaeaa7189c7d10a2215577b", "57ebf26260ab809f8549beaf7189c1ff2c52c24eb918b177fa8073b88e9362d1", "68891b546ef28996139fb032bdb305bcffe8ae557c2b4fac43ed4e7fa922d1f4", "6cbeefd5857c713d244475889c17b56330dad07074b93b67e57e1967390c5396", "74be508572debc5809d2d1b12fdf9fc9e9604d5b085980fd5bdf3d6acee8270c", "754e08220e8054d0b44e2a374db48d4e6ab31cb5ec1898a274cd35b32bffad16", "81aef4732a54511af957a5fefd4a5479e685afc547b88ffa136baa6390748078", "872935c53873acdf78176860dddd6448c993d79383a401a9f6e4698d96bdcedd", "8c2eae23840b92322f519b3e4a6f4de77561675dc2e518b90db70f456e6eb11d", "92035f8889ebd991039c6668b420112498d935028ca16f3fe20320ce2aed5ca0", "a77ecb8bf7f9cf783975e0a26f082f326d46474761ef21525cf4d2d5b609cd3c", "aff0653ce35a20cf8bcf254cbeabcb14e89cda034d51f589d8d833d027c25f3e", "c0f654c2518ef407b5d6ca7d173b2e23a42612b37c8e1c074934ea4292654572", "c425ae6a8979fddfcf88cdd53e83b7bcdc399f20b6832ed67d482fbc0c277d88", "f37666d19f8437da69601d1230044323238bfdcca55733da6aecc2426635f49d"], "key": "<HKCU>\\SOFTWARE\\FC6A75BE78", "value_name": "bca7705c"}, {"hashes": ["1e974c0d21c83e55e91faff4440b617a64583f9f96c8171f7cf68057ecd39cde", "29cff4ff6832e7f9ab365a41c001b795d40d53665e89fa573d21392372ca5bba", "3b804ae44f61c1cd29fa4db5b7e1c8449723bf8b0746431dd66ccea50f1121a8", "41915f34381fbbb210f0fa7b5180398381987f3d1b579a97bda4f2d977166e86", "41b20715989d4b18d324903abae7e1dd07f2d2aa0aac11ac4550e5429522b92b", "424ca3b858c29da3180ab7ca0b437d4ae69d3cdf9903e169db0797d60eeb995d", "521adb484233e2ff5d53229fd4b319c7c54c19e089a3439f5250e1f8cb8ef9c8", "5382095e86d7d4c96c6dc82f90295ad9d471a45bdbaeaa7189c7d10a2215577b", "57ebf26260ab809f8549beaf7189c1ff2c52c24eb918b177fa8073b88e9362d1", "68891b546ef28996139fb032bdb305bcffe8ae557c2b4fac43ed4e7fa922d1f4", "6cbeefd5857c713d244475889c17b56330dad07074b93b67e57e1967390c5396", "74be508572debc5809d2d1b12fdf9fc9e9604d5b085980fd5bdf3d6acee8270c", "754e08220e8054d0b44e2a374db48d4e6ab31cb5ec1898a274cd35b32bffad16", "81aef4732a54511af957a5fefd4a5479e685afc547b88ffa136baa6390748078", "872935c53873acdf78176860dddd6448c993d79383a401a9f6e4698d96bdcedd", "8c2eae23840b92322f519b3e4a6f4de77561675dc2e518b90db70f456e6eb11d", "92035f8889ebd991039c6668b420112498d935028ca16f3fe20320ce2aed5ca0", "a77ecb8bf7f9cf783975e0a26f082f326d46474761ef21525cf4d2d5b609cd3c", "aff0653ce35a20cf8bcf254cbeabcb14e89cda034d51f589d8d833d027c25f3e", "c0f654c2518ef407b5d6ca7d173b2e23a42612b37c8e1c074934ea4292654572", "c425ae6a8979fddfcf88cdd53e83b7bcdc399f20b6832ed67d482fbc0c277d88", "f37666d19f8437da69601d1230044323238bfdcca55733da6aecc2426635f49d"], "key": "<HKCU>\\SOFTWARE\\FC6A75BE78", "value_name": "b97dea2a"}, {"hashes": ["1e974c0d21c83e55e91faff4440b617a64583f9f96c8171f7cf68057ecd39cde", "29cff4ff6832e7f9ab365a41c001b795d40d53665e89fa573d21392372ca5bba", "3b804ae44f61c1cd29fa4db5b7e1c8449723bf8b0746431dd66ccea50f1121a8", "41915f34381fbbb210f0fa7b5180398381987f3d1b579a97bda4f2d977166e86", "41b20715989d4b18d324903abae7e1dd07f2d2aa0aac11ac4550e5429522b92b", "424ca3b858c29da3180ab7ca0b437d4ae69d3cdf9903e169db0797d60eeb995d", "521adb484233e2ff5d53229fd4b319c7c54c19e089a3439f5250e1f8cb8ef9c8", "5382095e86d7d4c96c6dc82f90295ad9d471a45bdbaeaa7189c7d10a2215577b", "57ebf26260ab809f8549beaf7189c1ff2c52c24eb918b177fa8073b88e9362d1", "68891b546ef28996139fb032bdb305bcffe8ae557c2b4fac43ed4e7fa922d1f4", "6cbeefd5857c713d244475889c17b56330dad07074b93b67e57e1967390c5396", "74be508572debc5809d2d1b12fdf9fc9e9604d5b085980fd5bdf3d6acee8270c", "754e08220e8054d0b44e2a374db48d4e6ab31cb5ec1898a274cd35b32bffad16", "81aef4732a54511af957a5fefd4a5479e685afc547b88ffa136baa6390748078", "872935c53873acdf78176860dddd6448c993d79383a401a9f6e4698d96bdcedd", "8c2eae23840b92322f519b3e4a6f4de77561675dc2e518b90db70f456e6eb11d", "92035f8889ebd991039c6668b420112498d935028ca16f3fe20320ce2aed5ca0", "a77ecb8bf7f9cf783975e0a26f082f326d46474761ef21525cf4d2d5b609cd3c", "aff0653ce35a20cf8bcf254cbeabcb14e89cda034d51f589d8d833d027c25f3e", "c0f654c2518ef407b5d6ca7d173b2e23a42612b37c8e1c074934ea4292654572", "c425ae6a8979fddfcf88cdd53e83b7bcdc399f20b6832ed67d482fbc0c277d88", "f37666d19f8437da69601d1230044323238bfdcca55733da6aecc2426635f49d"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\FC6A75BE78", "value_name": "b97dea2a"}, {"hashes": ["1e974c0d21c83e55e91faff4440b617a64583f9f96c8171f7cf68057ecd39cde", "29cff4ff6832e7f9ab365a41c001b795d40d53665e89fa573d21392372ca5bba", "3b804ae44f61c1cd29fa4db5b7e1c8449723bf8b0746431dd66ccea50f1121a8", "41915f34381fbbb210f0fa7b5180398381987f3d1b579a97bda4f2d977166e86", "41b20715989d4b18d324903abae7e1dd07f2d2aa0aac11ac4550e5429522b92b", "424ca3b858c29da3180ab7ca0b437d4ae69d3cdf9903e169db0797d60eeb995d", "521adb484233e2ff5d53229fd4b319c7c54c19e089a3439f5250e1f8cb8ef9c8", "5382095e86d7d4c96c6dc82f90295ad9d471a45bdbaeaa7189c7d10a2215577b", "57ebf26260ab809f8549beaf7189c1ff2c52c24eb918b177fa8073b88e9362d1", "68891b546ef28996139fb032bdb305bcffe8ae557c2b4fac43ed4e7fa922d1f4", "6cbeefd5857c713d244475889c17b56330dad07074b93b67e57e1967390c5396", "74be508572debc5809d2d1b12fdf9fc9e9604d5b085980fd5bdf3d6acee8270c", "754e08220e8054d0b44e2a374db48d4e6ab31cb5ec1898a274cd35b32bffad16", "81aef4732a54511af957a5fefd4a5479e685afc547b88ffa136baa6390748078", "872935c53873acdf78176860dddd6448c993d79383a401a9f6e4698d96bdcedd", "8c2eae23840b92322f519b3e4a6f4de77561675dc2e518b90db70f456e6eb11d", "92035f8889ebd991039c6668b420112498d935028ca16f3fe20320ce2aed5ca0", "a77ecb8bf7f9cf783975e0a26f082f326d46474761ef21525cf4d2d5b609cd3c", "aff0653ce35a20cf8bcf254cbeabcb14e89cda034d51f589d8d833d027c25f3e", "c0f654c2518ef407b5d6ca7d173b2e23a42612b37c8e1c074934ea4292654572", "c425ae6a8979fddfcf88cdd53e83b7bcdc399f20b6832ed67d482fbc0c277d88", "f37666d19f8437da69601d1230044323238bfdcca55733da6aecc2426635f49d"], "key": "<HKCU>\\SOFTWARE\\FC6A75BE78", "value_name": "e536480a"}, {"hashes": ["1e974c0d21c83e55e91faff4440b617a64583f9f96c8171f7cf68057ecd39cde", "29cff4ff6832e7f9ab365a41c001b795d40d53665e89fa573d21392372ca5bba", "3b804ae44f61c1cd29fa4db5b7e1c8449723bf8b0746431dd66ccea50f1121a8", "41915f34381fbbb210f0fa7b5180398381987f3d1b579a97bda4f2d977166e86", "41b20715989d4b18d324903abae7e1dd07f2d2aa0aac11ac4550e5429522b92b", "424ca3b858c29da3180ab7ca0b437d4ae69d3cdf9903e169db0797d60eeb995d", "521adb484233e2ff5d53229fd4b319c7c54c19e089a3439f5250e1f8cb8ef9c8", "5382095e86d7d4c96c6dc82f90295ad9d471a45bdbaeaa7189c7d10a2215577b", "57ebf26260ab809f8549beaf7189c1ff2c52c24eb918b177fa8073b88e9362d1", "68891b546ef28996139fb032bdb305bcffe8ae557c2b4fac43ed4e7fa922d1f4", "6cbeefd5857c713d244475889c17b56330dad07074b93b67e57e1967390c5396", "74be508572debc5809d2d1b12fdf9fc9e9604d5b085980fd5bdf3d6acee8270c", "754e08220e8054d0b44e2a374db48d4e6ab31cb5ec1898a274cd35b32bffad16", "81aef4732a54511af957a5fefd4a5479e685afc547b88ffa136baa6390748078", "872935c53873acdf78176860dddd6448c993d79383a401a9f6e4698d96bdcedd", "8c2eae23840b92322f519b3e4a6f4de77561675dc2e518b90db70f456e6eb11d", "92035f8889ebd991039c6668b420112498d935028ca16f3fe20320ce2aed5ca0", "a77ecb8bf7f9cf783975e0a26f082f326d46474761ef21525cf4d2d5b609cd3c", "aff0653ce35a20cf8bcf254cbeabcb14e89cda034d51f589d8d833d027c25f3e", "c0f654c2518ef407b5d6ca7d173b2e23a42612b37c8e1c074934ea4292654572", "c425ae6a8979fddfcf88cdd53e83b7bcdc399f20b6832ed67d482fbc0c277d88", "f37666d19f8437da69601d1230044323238bfdcca55733da6aecc2426635f49d"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\FC6A75BE78", "value_name": "e536480a"}, {"hashes": ["1e974c0d21c83e55e91faff4440b617a64583f9f96c8171f7cf68057ecd39cde", "29cff4ff6832e7f9ab365a41c001b795d40d53665e89fa573d21392372ca5bba", "3b804ae44f61c1cd29fa4db5b7e1c8449723bf8b0746431dd66ccea50f1121a8", "41915f34381fbbb210f0fa7b5180398381987f3d1b579a97bda4f2d977166e86", "41b20715989d4b18d324903abae7e1dd07f2d2aa0aac11ac4550e5429522b92b", "424ca3b858c29da3180ab7ca0b437d4ae69d3cdf9903e169db0797d60eeb995d", "521adb484233e2ff5d53229fd4b319c7c54c19e089a3439f5250e1f8cb8ef9c8", "5382095e86d7d4c96c6dc82f90295ad9d471a45bdbaeaa7189c7d10a2215577b", "57ebf26260ab809f8549beaf7189c1ff2c52c24eb918b177fa8073b88e9362d1", "68891b546ef28996139fb032bdb305bcffe8ae557c2b4fac43ed4e7fa922d1f4", "6cbeefd5857c713d244475889c17b56330dad07074b93b67e57e1967390c5396", "74be508572debc5809d2d1b12fdf9fc9e9604d5b085980fd5bdf3d6acee8270c", "754e08220e8054d0b44e2a374db48d4e6ab31cb5ec1898a274cd35b32bffad16", "81aef4732a54511af957a5fefd4a5479e685afc547b88ffa136baa6390748078", "872935c53873acdf78176860dddd6448c993d79383a401a9f6e4698d96bdcedd", "8c2eae23840b92322f519b3e4a6f4de77561675dc2e518b90db70f456e6eb11d", "92035f8889ebd991039c6668b420112498d935028ca16f3fe20320ce2aed5ca0", "a77ecb8bf7f9cf783975e0a26f082f326d46474761ef21525cf4d2d5b609cd3c", "aff0653ce35a20cf8bcf254cbeabcb14e89cda034d51f589d8d833d027c25f3e", "c0f654c2518ef407b5d6ca7d173b2e23a42612b37c8e1c074934ea4292654572", "c425ae6a8979fddfcf88cdd53e83b7bcdc399f20b6832ed67d482fbc0c277d88", "f37666d19f8437da69601d1230044323238bfdcca55733da6aecc2426635f49d"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "\u0000cafa44a6"}, {"hashes": ["1e974c0d21c83e55e91faff4440b617a64583f9f96c8171f7cf68057ecd39cde", "29cff4ff6832e7f9ab365a41c001b795d40d53665e89fa573d21392372ca5bba", "3b804ae44f61c1cd29fa4db5b7e1c8449723bf8b0746431dd66ccea50f1121a8", "41915f34381fbbb210f0fa7b5180398381987f3d1b579a97bda4f2d977166e86", "41b20715989d4b18d324903abae7e1dd07f2d2aa0aac11ac4550e5429522b92b", "424ca3b858c29da3180ab7ca0b437d4ae69d3cdf9903e169db0797d60eeb995d", "521adb484233e2ff5d53229fd4b319c7c54c19e089a3439f5250e1f8cb8ef9c8", "5382095e86d7d4c96c6dc82f90295ad9d471a45bdbaeaa7189c7d10a2215577b", "57ebf26260ab809f8549beaf7189c1ff2c52c24eb918b177fa8073b88e9362d1", "68891b546ef28996139fb032bdb305bcffe8ae557c2b4fac43ed4e7fa922d1f4", "6cbeefd5857c713d244475889c17b56330dad07074b93b67e57e1967390c5396", "74be508572debc5809d2d1b12fdf9fc9e9604d5b085980fd5bdf3d6acee8270c", "754e08220e8054d0b44e2a374db48d4e6ab31cb5ec1898a274cd35b32bffad16", "81aef4732a54511af957a5fefd4a5479e685afc547b88ffa136baa6390748078", "872935c53873acdf78176860dddd6448c993d79383a401a9f6e4698d96bdcedd", "8c2eae23840b92322f519b3e4a6f4de77561675dc2e518b90db70f456e6eb11d", "92035f8889ebd991039c6668b420112498d935028ca16f3fe20320ce2aed5ca0", "a77ecb8bf7f9cf783975e0a26f082f326d46474761ef21525cf4d2d5b609cd3c", "aff0653ce35a20cf8bcf254cbeabcb14e89cda034d51f589d8d833d027c25f3e", "c0f654c2518ef407b5d6ca7d173b2e23a42612b37c8e1c074934ea4292654572", "c425ae6a8979fddfcf88cdd53e83b7bcdc399f20b6832ed67d482fbc0c277d88", "f37666d19f8437da69601d1230044323238bfdcca55733da6aecc2426635f49d"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\EXPLORER\\RUN", "value_name": "\u000099297e9b"}, {"hashes": ["1e974c0d21c83e55e91faff4440b617a64583f9f96c8171f7cf68057ecd39cde", "29cff4ff6832e7f9ab365a41c001b795d40d53665e89fa573d21392372ca5bba", "3b804ae44f61c1cd29fa4db5b7e1c8449723bf8b0746431dd66ccea50f1121a8", "41915f34381fbbb210f0fa7b5180398381987f3d1b579a97bda4f2d977166e86", "41b20715989d4b18d324903abae7e1dd07f2d2aa0aac11ac4550e5429522b92b", "424ca3b858c29da3180ab7ca0b437d4ae69d3cdf9903e169db0797d60eeb995d", "521adb484233e2ff5d53229fd4b319c7c54c19e089a3439f5250e1f8cb8ef9c8", "5382095e86d7d4c96c6dc82f90295ad9d471a45bdbaeaa7189c7d10a2215577b", "57ebf26260ab809f8549beaf7189c1ff2c52c24eb918b177fa8073b88e9362d1", "68891b546ef28996139fb032bdb305bcffe8ae557c2b4fac43ed4e7fa922d1f4", "6cbeefd5857c713d244475889c17b56330dad07074b93b67e57e1967390c5396", "74be508572debc5809d2d1b12fdf9fc9e9604d5b085980fd5bdf3d6acee8270c", "754e08220e8054d0b44e2a374db48d4e6ab31cb5ec1898a274cd35b32bffad16", "81aef4732a54511af957a5fefd4a5479e685afc547b88ffa136baa6390748078", "872935c53873acdf78176860dddd6448c993d79383a401a9f6e4698d96bdcedd", "8c2eae23840b92322f519b3e4a6f4de77561675dc2e518b90db70f456e6eb11d", "92035f8889ebd991039c6668b420112498d935028ca16f3fe20320ce2aed5ca0", "a77ecb8bf7f9cf783975e0a26f082f326d46474761ef21525cf4d2d5b609cd3c", "aff0653ce35a20cf8bcf254cbeabcb14e89cda034d51f589d8d833d027c25f3e", "c0f654c2518ef407b5d6ca7d173b2e23a42612b37c8e1c074934ea4292654572", "c425ae6a8979fddfcf88cdd53e83b7bcdc399f20b6832ed67d482fbc0c277d88", "f37666d19f8437da69601d1230044323238bfdcca55733da6aecc2426635f49d"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "\u0000cafa44a6"}, {"hashes": ["29cff4ff6832e7f9ab365a41c001b795d40d53665e89fa573d21392372ca5bba", "41915f34381fbbb210f0fa7b5180398381987f3d1b579a97bda4f2d977166e86", "41b20715989d4b18d324903abae7e1dd07f2d2aa0aac11ac4550e5429522b92b", "424ca3b858c29da3180ab7ca0b437d4ae69d3cdf9903e169db0797d60eeb995d", "521adb484233e2ff5d53229fd4b319c7c54c19e089a3439f5250e1f8cb8ef9c8", "5382095e86d7d4c96c6dc82f90295ad9d471a45bdbaeaa7189c7d10a2215577b", "68891b546ef28996139fb032bdb305bcffe8ae557c2b4fac43ed4e7fa922d1f4", "6cbeefd5857c713d244475889c17b56330dad07074b93b67e57e1967390c5396", "74be508572debc5809d2d1b12fdf9fc9e9604d5b085980fd5bdf3d6acee8270c", "754e08220e8054d0b44e2a374db48d4e6ab31cb5ec1898a274cd35b32bffad16", "81aef4732a54511af957a5fefd4a5479e685afc547b88ffa136baa6390748078", "872935c53873acdf78176860dddd6448c993d79383a401a9f6e4698d96bdcedd", "8c2eae23840b92322f519b3e4a6f4de77561675dc2e518b90db70f456e6eb11d", "92035f8889ebd991039c6668b420112498d935028ca16f3fe20320ce2aed5ca0", "aff0653ce35a20cf8bcf254cbeabcb14e89cda034d51f589d8d833d027c25f3e", "c425ae6a8979fddfcf88cdd53e83b7bcdc399f20b6832ed67d482fbc0c277d88", "f37666d19f8437da69601d1230044323238bfdcca55733da6aecc2426635f49d"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\FC6A75BE78", "value_name": "0905afc0"}, {"hashes": ["29cff4ff6832e7f9ab365a41c001b795d40d53665e89fa573d21392372ca5bba", "41915f34381fbbb210f0fa7b5180398381987f3d1b579a97bda4f2d977166e86", "41b20715989d4b18d324903abae7e1dd07f2d2aa0aac11ac4550e5429522b92b", "424ca3b858c29da3180ab7ca0b437d4ae69d3cdf9903e169db0797d60eeb995d", "521adb484233e2ff5d53229fd4b319c7c54c19e089a3439f5250e1f8cb8ef9c8", "5382095e86d7d4c96c6dc82f90295ad9d471a45bdbaeaa7189c7d10a2215577b", "68891b546ef28996139fb032bdb305bcffe8ae557c2b4fac43ed4e7fa922d1f4", "6cbeefd5857c713d244475889c17b56330dad07074b93b67e57e1967390c5396", "74be508572debc5809d2d1b12fdf9fc9e9604d5b085980fd5bdf3d6acee8270c", "754e08220e8054d0b44e2a374db48d4e6ab31cb5ec1898a274cd35b32bffad16", "81aef4732a54511af957a5fefd4a5479e685afc547b88ffa136baa6390748078", "872935c53873acdf78176860dddd6448c993d79383a401a9f6e4698d96bdcedd", "8c2eae23840b92322f519b3e4a6f4de77561675dc2e518b90db70f456e6eb11d", "92035f8889ebd991039c6668b420112498d935028ca16f3fe20320ce2aed5ca0", "aff0653ce35a20cf8bcf254cbeabcb14e89cda034d51f589d8d833d027c25f3e", "c425ae6a8979fddfcf88cdd53e83b7bcdc399f20b6832ed67d482fbc0c277d88", "f37666d19f8437da69601d1230044323238bfdcca55733da6aecc2426635f49d"], "key": "<HKCU>\\SOFTWARE\\FC6A75BE78", "value_name": "0905afc0"}, {"hashes": ["c0f654c2518ef407b5d6ca7d173b2e23a42612b37c8e1c074934ea4292654572"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\ISBM3P0UE", "value_name": "oGKNokI"}, {"hashes": ["c0f654c2518ef407b5d6ca7d173b2e23a42612b37c8e1c074934ea4292654572"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\ISBM3P0UE", "value_name": "SyPjmb37D"}, {"hashes": ["754e08220e8054d0b44e2a374db48d4e6ab31cb5ec1898a274cd35b32bffad16"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\B34AC2A2DBFAE258A", "value_name": null}, {"hashes": ["754e08220e8054d0b44e2a374db48d4e6ab31cb5ec1898a274cd35b32bffad16"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\YT5ZYQ", "value_name": null}, {"hashes": ["754e08220e8054d0b44e2a374db48d4e6ab31cb5ec1898a274cd35b32bffad16"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\B34AC2A2DBFAE258A", "value_name": "9EAA48424121546D"}, {"hashes": ["754e08220e8054d0b44e2a374db48d4e6ab31cb5ec1898a274cd35b32bffad16"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\YT5ZYQ", "value_name": "1hxuYY3bOk"}, {"hashes": ["754e08220e8054d0b44e2a374db48d4e6ab31cb5ec1898a274cd35b32bffad16"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\YT5ZYQ", "value_name": "wS0q8s"}, {"hashes": ["41915f34381fbbb210f0fa7b5180398381987f3d1b579a97bda4f2d977166e86"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\E0DA107C234B79EBF47E", "value_name": null}, {"hashes": ["41915f34381fbbb210f0fa7b5180398381987f3d1b579a97bda4f2d977166e86"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\XCBLYHCOS1", "value_name": null}, {"hashes": ["41915f34381fbbb210f0fa7b5180398381987f3d1b579a97bda4f2d977166e86"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\E0DA107C234B79EBF47E", "value_name": "B418DC4F1D499EA30"}, {"hashes": ["41915f34381fbbb210f0fa7b5180398381987f3d1b579a97bda4f2d977166e86"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\XCBLYHCOS1", "value_name": "H8aRn5mJ"}, {"hashes": ["41915f34381fbbb210f0fa7b5180398381987f3d1b579a97bda4f2d977166e86"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\XCBLYHCOS1", "value_name": "ENOFhsGd"}, {"hashes": ["c425ae6a8979fddfcf88cdd53e83b7bcdc399f20b6832ed67d482fbc0c277d88"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\023562F2BED475A1088", "value_name": null}, {"hashes": ["c425ae6a8979fddfcf88cdd53e83b7bcdc399f20b6832ed67d482fbc0c277d88"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\HW84HJG", "value_name": null}, {"hashes": ["c425ae6a8979fddfcf88cdd53e83b7bcdc399f20b6832ed67d482fbc0c277d88"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\023562F2BED475A1088", "value_name": "A72BE4144AFD7BCD9814"}, {"hashes": ["c425ae6a8979fddfcf88cdd53e83b7bcdc399f20b6832ed67d482fbc0c277d88"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\HW84HJG", "value_name": "dglLMcuX"}, {"hashes": ["c425ae6a8979fddfcf88cdd53e83b7bcdc399f20b6832ed67d482fbc0c277d88"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\HW84HJG", "value_name": "TYKjXsI2"}, {"hashes": ["5382095e86d7d4c96c6dc82f90295ad9d471a45bdbaeaa7189c7d10a2215577b"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\F50F703155C01E7C09B4", "value_name": null}, {"hashes": ["5382095e86d7d4c96c6dc82f90295ad9d471a45bdbaeaa7189c7d10a2215577b"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\I0ATFTVH", "value_name": null}, {"hashes": ["5382095e86d7d4c96c6dc82f90295ad9d471a45bdbaeaa7189c7d10a2215577b"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\F50F703155C01E7C09B4", "value_name": "2CBFE3A6B2CEFF0BA7"}, {"hashes": ["5382095e86d7d4c96c6dc82f90295ad9d471a45bdbaeaa7189c7d10a2215577b"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\I0ATFTVH", "value_name": "nelBqXQAVo"}, {"hashes": ["5382095e86d7d4c96c6dc82f90295ad9d471a45bdbaeaa7189c7d10a2215577b"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\I0ATFTVH", "value_name": "YFLIZII"}, {"hashes": ["a77ecb8bf7f9cf783975e0a26f082f326d46474761ef21525cf4d2d5b609cd3c"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\2007E8072FB65F6C", "value_name": null}, {"hashes": ["a77ecb8bf7f9cf783975e0a26f082f326d46474761ef21525cf4d2d5b609cd3c"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\PBCZHEJPA6", "value_name": null}, {"hashes": ["a77ecb8bf7f9cf783975e0a26f082f326d46474761ef21525cf4d2d5b609cd3c"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\2007E8072FB65F6C", "value_name": "18E76A27E8DDB252"}, {"hashes": ["a77ecb8bf7f9cf783975e0a26f082f326d46474761ef21525cf4d2d5b609cd3c"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\PBCZHEJPA6", "value_name": "eExLfad"}, {"hashes": ["a77ecb8bf7f9cf783975e0a26f082f326d46474761ef21525cf4d2d5b609cd3c"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\PBCZHEJPA6", "value_name": "KGYXED9A4"}]}, "reports_count": 22}, "Win.Dropper.Zbot-9830578-0": {"bis": [{"bi": "antivirus-service-flagged-artifact", "hashes": ["056039ac543087b878919db4ce0d11ba7fb4dd8736e624274639121330fa0ca0", "51ace6c3906f3622af3e4da578feff01e348617f54c82dbbc2a7db58d2c3775f", "8f8ed4ee768f3d0aa060d4c3a7a92c081bbead99c804ae0f0b7a929681ea18e4", "331c93cdbeef87cbb7ba88d6740d48a1b597f2105f5a31739486118d454ad457", "66aa0c414db0d251592ccfbaba52f09ef82545874426f3e2f223fb92376f9609", "ade33f33e76c025772ed89f63d529f31e16d0246fa7ddc0530168abb904dabb1", "d1e4f122367c8ce4e58b250ef2ef00191b68cb3d603af39257219a70606c623a", "a12b29e06a95822193f73bba0a55707c610733a9f571f91773ebfdbbb3c34a3b", "6125a74c229fc133260f6cac817b1d4fedf4565ade0a3f9d1212a04a67fa9c7f", "7852baa8c0855fdb29f49fda7d2275933186704f1cf374fc5c42e07289e0251a", "66474df3ecc84aca4860992de2c45988156b0b46fc152a95b3dbda6a7a5211ac", "7a8907e3a793e426d562afddb48eb7fd8c76aee440ff6c70511012c39dda0eba", "7069e3c2f04c33cb9f9d57755de14576a1ae1d9d32b7713824c366056afd846b", "a99c6e3e9ae3de3b3edf360cef94f6b6cbf916cd19dd9d4132c86b55acb34e4c", "30432dbb97e97a8e1f99b8fec1a3201b4625f515a0e25e10a4e1a9f770b32521", "bcbf33e411bd1fc0866763b56ef1f37e4ab2e8d969763384bda076efd544c1f6", "180a6808c87ebe10b55200876e6afb3884389837b3812ade9df7cbc1d7b7de80", "4b33a1948929662719bdd82aae7bfd51c22463367f9fe1c7797dce6789251d61", "1d848497ea0e68e69f9efff40d8383cdb8d0ff86ba9907c588885189b1f76608", "dd7a0d851ba1923c15606285a10e55677dd7d5f9400549795caaa1ce430638a0", "738b6883327db5f98cecbe7234409af8d2112355793b7ae3bf1595b66c03d73d", "6c57459003c18291409b620411f13330ffae27f7f2f0cc113e896a836e427855", "ce68168f4ba2e65f05b2e791ed47836aa3f90648d18d7e7e4015aec719f27416", "3966b092dc79c12ad94e15dbb7195fa31652cac10133f536bf7ee8e4fd22e5eb", "c2f0d3a680c78f181115e279dd95c8c5db7233ba313d5d1795dcc4b48fdd57c8"], "mitre_attack_tags": []}, {"bi": "cta-static-analyzer-malicious", "hashes": ["056039ac543087b878919db4ce0d11ba7fb4dd8736e624274639121330fa0ca0", "51ace6c3906f3622af3e4da578feff01e348617f54c82dbbc2a7db58d2c3775f", "8f8ed4ee768f3d0aa060d4c3a7a92c081bbead99c804ae0f0b7a929681ea18e4", "331c93cdbeef87cbb7ba88d6740d48a1b597f2105f5a31739486118d454ad457", "66aa0c414db0d251592ccfbaba52f09ef82545874426f3e2f223fb92376f9609", "ade33f33e76c025772ed89f63d529f31e16d0246fa7ddc0530168abb904dabb1", "d1e4f122367c8ce4e58b250ef2ef00191b68cb3d603af39257219a70606c623a", "a12b29e06a95822193f73bba0a55707c610733a9f571f91773ebfdbbb3c34a3b", "6125a74c229fc133260f6cac817b1d4fedf4565ade0a3f9d1212a04a67fa9c7f", "7852baa8c0855fdb29f49fda7d2275933186704f1cf374fc5c42e07289e0251a", "66474df3ecc84aca4860992de2c45988156b0b46fc152a95b3dbda6a7a5211ac", "7a8907e3a793e426d562afddb48eb7fd8c76aee440ff6c70511012c39dda0eba", "7069e3c2f04c33cb9f9d57755de14576a1ae1d9d32b7713824c366056afd846b", "a99c6e3e9ae3de3b3edf360cef94f6b6cbf916cd19dd9d4132c86b55acb34e4c", "30432dbb97e97a8e1f99b8fec1a3201b4625f515a0e25e10a4e1a9f770b32521", "bcbf33e411bd1fc0866763b56ef1f37e4ab2e8d969763384bda076efd544c1f6", "180a6808c87ebe10b55200876e6afb3884389837b3812ade9df7cbc1d7b7de80", "4b33a1948929662719bdd82aae7bfd51c22463367f9fe1c7797dce6789251d61", "1d848497ea0e68e69f9efff40d8383cdb8d0ff86ba9907c588885189b1f76608", "dd7a0d851ba1923c15606285a10e55677dd7d5f9400549795caaa1ce430638a0", "738b6883327db5f98cecbe7234409af8d2112355793b7ae3bf1595b66c03d73d", "6c57459003c18291409b620411f13330ffae27f7f2f0cc113e896a836e427855", "ce68168f4ba2e65f05b2e791ed47836aa3f90648d18d7e7e4015aec719f27416", "3966b092dc79c12ad94e15dbb7195fa31652cac10133f536bf7ee8e4fd22e5eb", "c2f0d3a680c78f181115e279dd95c8c5db7233ba313d5d1795dcc4b48fdd57c8"], "mitre_attack_tags": []}, {"bi": "memory-execute-readwrite", "hashes": ["056039ac543087b878919db4ce0d11ba7fb4dd8736e624274639121330fa0ca0", "51ace6c3906f3622af3e4da578feff01e348617f54c82dbbc2a7db58d2c3775f", "8f8ed4ee768f3d0aa060d4c3a7a92c081bbead99c804ae0f0b7a929681ea18e4", "331c93cdbeef87cbb7ba88d6740d48a1b597f2105f5a31739486118d454ad457", "66aa0c414db0d251592ccfbaba52f09ef82545874426f3e2f223fb92376f9609", "ade33f33e76c025772ed89f63d529f31e16d0246fa7ddc0530168abb904dabb1", "d1e4f122367c8ce4e58b250ef2ef00191b68cb3d603af39257219a70606c623a", "a12b29e06a95822193f73bba0a55707c610733a9f571f91773ebfdbbb3c34a3b", "6125a74c229fc133260f6cac817b1d4fedf4565ade0a3f9d1212a04a67fa9c7f", "66474df3ecc84aca4860992de2c45988156b0b46fc152a95b3dbda6a7a5211ac", "7a8907e3a793e426d562afddb48eb7fd8c76aee440ff6c70511012c39dda0eba", "7069e3c2f04c33cb9f9d57755de14576a1ae1d9d32b7713824c366056afd846b", "a99c6e3e9ae3de3b3edf360cef94f6b6cbf916cd19dd9d4132c86b55acb34e4c", "30432dbb97e97a8e1f99b8fec1a3201b4625f515a0e25e10a4e1a9f770b32521", "bcbf33e411bd1fc0866763b56ef1f37e4ab2e8d969763384bda076efd544c1f6", "180a6808c87ebe10b55200876e6afb3884389837b3812ade9df7cbc1d7b7de80", "4b33a1948929662719bdd82aae7bfd51c22463367f9fe1c7797dce6789251d61", "1d848497ea0e68e69f9efff40d8383cdb8d0ff86ba9907c588885189b1f76608", "dd7a0d851ba1923c15606285a10e55677dd7d5f9400549795caaa1ce430638a0", "738b6883327db5f98cecbe7234409af8d2112355793b7ae3bf1595b66c03d73d", "6c57459003c18291409b620411f13330ffae27f7f2f0cc113e896a836e427855", "ce68168f4ba2e65f05b2e791ed47836aa3f90648d18d7e7e4015aec719f27416", "3966b092dc79c12ad94e15dbb7195fa31652cac10133f536bf7ee8e4fd22e5eb", "c2f0d3a680c78f181115e279dd95c8c5db7233ba313d5d1795dcc4b48fdd57c8"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "artifact-windows-task", "hashes": ["056039ac543087b878919db4ce0d11ba7fb4dd8736e624274639121330fa0ca0", "8f8ed4ee768f3d0aa060d4c3a7a92c081bbead99c804ae0f0b7a929681ea18e4", "331c93cdbeef87cbb7ba88d6740d48a1b597f2105f5a31739486118d454ad457", "ade33f33e76c025772ed89f63d529f31e16d0246fa7ddc0530168abb904dabb1", "d1e4f122367c8ce4e58b250ef2ef00191b68cb3d603af39257219a70606c623a", "a12b29e06a95822193f73bba0a55707c610733a9f571f91773ebfdbbb3c34a3b", "6125a74c229fc133260f6cac817b1d4fedf4565ade0a3f9d1212a04a67fa9c7f", "66474df3ecc84aca4860992de2c45988156b0b46fc152a95b3dbda6a7a5211ac", "7069e3c2f04c33cb9f9d57755de14576a1ae1d9d32b7713824c366056afd846b", "a99c6e3e9ae3de3b3edf360cef94f6b6cbf916cd19dd9d4132c86b55acb34e4c", "30432dbb97e97a8e1f99b8fec1a3201b4625f515a0e25e10a4e1a9f770b32521", "bcbf33e411bd1fc0866763b56ef1f37e4ab2e8d969763384bda076efd544c1f6", "4b33a1948929662719bdd82aae7bfd51c22463367f9fe1c7797dce6789251d61", "dd7a0d851ba1923c15606285a10e55677dd7d5f9400549795caaa1ce430638a0", "738b6883327db5f98cecbe7234409af8d2112355793b7ae3bf1595b66c03d73d", "6c57459003c18291409b620411f13330ffae27f7f2f0cc113e896a836e427855", "ce68168f4ba2e65f05b2e791ed47836aa3f90648d18d7e7e4015aec719f27416", "3966b092dc79c12ad94e15dbb7195fa31652cac10133f536bf7ee8e4fd22e5eb", "c2f0d3a680c78f181115e279dd95c8c5db7233ba313d5d1795dcc4b48fdd57c8"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1053"]}, {"bi": "registry-service-schedule-and-task-path", "hashes": ["056039ac543087b878919db4ce0d11ba7fb4dd8736e624274639121330fa0ca0", "8f8ed4ee768f3d0aa060d4c3a7a92c081bbead99c804ae0f0b7a929681ea18e4", "331c93cdbeef87cbb7ba88d6740d48a1b597f2105f5a31739486118d454ad457", "ade33f33e76c025772ed89f63d529f31e16d0246fa7ddc0530168abb904dabb1", "d1e4f122367c8ce4e58b250ef2ef00191b68cb3d603af39257219a70606c623a", "a12b29e06a95822193f73bba0a55707c610733a9f571f91773ebfdbbb3c34a3b", "6125a74c229fc133260f6cac817b1d4fedf4565ade0a3f9d1212a04a67fa9c7f", "66474df3ecc84aca4860992de2c45988156b0b46fc152a95b3dbda6a7a5211ac", "7069e3c2f04c33cb9f9d57755de14576a1ae1d9d32b7713824c366056afd846b", "a99c6e3e9ae3de3b3edf360cef94f6b6cbf916cd19dd9d4132c86b55acb34e4c", "30432dbb97e97a8e1f99b8fec1a3201b4625f515a0e25e10a4e1a9f770b32521", "bcbf33e411bd1fc0866763b56ef1f37e4ab2e8d969763384bda076efd544c1f6", "4b33a1948929662719bdd82aae7bfd51c22463367f9fe1c7797dce6789251d61", "dd7a0d851ba1923c15606285a10e55677dd7d5f9400549795caaa1ce430638a0", "738b6883327db5f98cecbe7234409af8d2112355793b7ae3bf1595b66c03d73d", "6c57459003c18291409b620411f13330ffae27f7f2f0cc113e896a836e427855", "ce68168f4ba2e65f05b2e791ed47836aa3f90648d18d7e7e4015aec719f27416", "3966b092dc79c12ad94e15dbb7195fa31652cac10133f536bf7ee8e4fd22e5eb", "c2f0d3a680c78f181115e279dd95c8c5db7233ba313d5d1795dcc4b48fdd57c8"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1569", "T1547"]}, {"bi": "registry-autorun-key-modified", "hashes": ["51ace6c3906f3622af3e4da578feff01e348617f54c82dbbc2a7db58d2c3775f", "8f8ed4ee768f3d0aa060d4c3a7a92c081bbead99c804ae0f0b7a929681ea18e4", "331c93cdbeef87cbb7ba88d6740d48a1b597f2105f5a31739486118d454ad457", "66aa0c414db0d251592ccfbaba52f09ef82545874426f3e2f223fb92376f9609", "ade33f33e76c025772ed89f63d529f31e16d0246fa7ddc0530168abb904dabb1", "a12b29e06a95822193f73bba0a55707c610733a9f571f91773ebfdbbb3c34a3b", "6125a74c229fc133260f6cac817b1d4fedf4565ade0a3f9d1212a04a67fa9c7f", "66474df3ecc84aca4860992de2c45988156b0b46fc152a95b3dbda6a7a5211ac", "7069e3c2f04c33cb9f9d57755de14576a1ae1d9d32b7713824c366056afd846b", "30432dbb97e97a8e1f99b8fec1a3201b4625f515a0e25e10a4e1a9f770b32521", "bcbf33e411bd1fc0866763b56ef1f37e4ab2e8d969763384bda076efd544c1f6", "4b33a1948929662719bdd82aae7bfd51c22463367f9fe1c7797dce6789251d61", "1d848497ea0e68e69f9efff40d8383cdb8d0ff86ba9907c588885189b1f76608", "dd7a0d851ba1923c15606285a10e55677dd7d5f9400549795caaa1ce430638a0", "738b6883327db5f98cecbe7234409af8d2112355793b7ae3bf1595b66c03d73d", "6c57459003c18291409b620411f13330ffae27f7f2f0cc113e896a836e427855", "ce68168f4ba2e65f05b2e791ed47836aa3f90648d18d7e7e4015aec719f27416", "3966b092dc79c12ad94e15dbb7195fa31652cac10133f536bf7ee8e4fd22e5eb", "c2f0d3a680c78f181115e279dd95c8c5db7233ba313d5d1795dcc4b48fdd57c8"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "feed-domain-antivirus-service", "hashes": ["8f8ed4ee768f3d0aa060d4c3a7a92c081bbead99c804ae0f0b7a929681ea18e4", "331c93cdbeef87cbb7ba88d6740d48a1b597f2105f5a31739486118d454ad457", "ade33f33e76c025772ed89f63d529f31e16d0246fa7ddc0530168abb904dabb1", "a12b29e06a95822193f73bba0a55707c610733a9f571f91773ebfdbbb3c34a3b", "6125a74c229fc133260f6cac817b1d4fedf4565ade0a3f9d1212a04a67fa9c7f", "66474df3ecc84aca4860992de2c45988156b0b46fc152a95b3dbda6a7a5211ac", "7069e3c2f04c33cb9f9d57755de14576a1ae1d9d32b7713824c366056afd846b", "30432dbb97e97a8e1f99b8fec1a3201b4625f515a0e25e10a4e1a9f770b32521", "bcbf33e411bd1fc0866763b56ef1f37e4ab2e8d969763384bda076efd544c1f6", "4b33a1948929662719bdd82aae7bfd51c22463367f9fe1c7797dce6789251d61", "1d848497ea0e68e69f9efff40d8383cdb8d0ff86ba9907c588885189b1f76608", "dd7a0d851ba1923c15606285a10e55677dd7d5f9400549795caaa1ce430638a0", "738b6883327db5f98cecbe7234409af8d2112355793b7ae3bf1595b66c03d73d", "6c57459003c18291409b620411f13330ffae27f7f2f0cc113e896a836e427855", "ce68168f4ba2e65f05b2e791ed47836aa3f90648d18d7e7e4015aec719f27416", "3966b092dc79c12ad94e15dbb7195fa31652cac10133f536bf7ee8e4fd22e5eb", "c2f0d3a680c78f181115e279dd95c8c5db7233ba313d5d1795dcc4b48fdd57c8"], "mitre_attack_tags": []}, {"bi": "file-ini-read", "hashes": ["8f8ed4ee768f3d0aa060d4c3a7a92c081bbead99c804ae0f0b7a929681ea18e4", "331c93cdbeef87cbb7ba88d6740d48a1b597f2105f5a31739486118d454ad457", "ade33f33e76c025772ed89f63d529f31e16d0246fa7ddc0530168abb904dabb1", "a12b29e06a95822193f73bba0a55707c610733a9f571f91773ebfdbbb3c34a3b", "6125a74c229fc133260f6cac817b1d4fedf4565ade0a3f9d1212a04a67fa9c7f", "66474df3ecc84aca4860992de2c45988156b0b46fc152a95b3dbda6a7a5211ac", "7069e3c2f04c33cb9f9d57755de14576a1ae1d9d32b7713824c366056afd846b", "30432dbb97e97a8e1f99b8fec1a3201b4625f515a0e25e10a4e1a9f770b32521", "bcbf33e411bd1fc0866763b56ef1f37e4ab2e8d969763384bda076efd544c1f6", "4b33a1948929662719bdd82aae7bfd51c22463367f9fe1c7797dce6789251d61", "1d848497ea0e68e69f9efff40d8383cdb8d0ff86ba9907c588885189b1f76608", "dd7a0d851ba1923c15606285a10e55677dd7d5f9400549795caaa1ce430638a0", "738b6883327db5f98cecbe7234409af8d2112355793b7ae3bf1595b66c03d73d", "6c57459003c18291409b620411f13330ffae27f7f2f0cc113e896a836e427855", "ce68168f4ba2e65f05b2e791ed47836aa3f90648d18d7e7e4015aec719f27416", "3966b092dc79c12ad94e15dbb7195fa31652cac10133f536bf7ee8e4fd22e5eb", "c2f0d3a680c78f181115e279dd95c8c5db7233ba313d5d1795dcc4b48fdd57c8"], "mitre_attack_tags": []}, {"bi": "deleted-submitted-file", "hashes": ["8f8ed4ee768f3d0aa060d4c3a7a92c081bbead99c804ae0f0b7a929681ea18e4", "331c93cdbeef87cbb7ba88d6740d48a1b597f2105f5a31739486118d454ad457", "ade33f33e76c025772ed89f63d529f31e16d0246fa7ddc0530168abb904dabb1", "a12b29e06a95822193f73bba0a55707c610733a9f571f91773ebfdbbb3c34a3b", "6125a74c229fc133260f6cac817b1d4fedf4565ade0a3f9d1212a04a67fa9c7f", "66474df3ecc84aca4860992de2c45988156b0b46fc152a95b3dbda6a7a5211ac", "7069e3c2f04c33cb9f9d57755de14576a1ae1d9d32b7713824c366056afd846b", "30432dbb97e97a8e1f99b8fec1a3201b4625f515a0e25e10a4e1a9f770b32521", "bcbf33e411bd1fc0866763b56ef1f37e4ab2e8d969763384bda076efd544c1f6", "4b33a1948929662719bdd82aae7bfd51c22463367f9fe1c7797dce6789251d61", "1d848497ea0e68e69f9efff40d8383cdb8d0ff86ba9907c588885189b1f76608", "dd7a0d851ba1923c15606285a10e55677dd7d5f9400549795caaa1ce430638a0", "738b6883327db5f98cecbe7234409af8d2112355793b7ae3bf1595b66c03d73d", "6c57459003c18291409b620411f13330ffae27f7f2f0cc113e896a836e427855", "ce68168f4ba2e65f05b2e791ed47836aa3f90648d18d7e7e4015aec719f27416", "3966b092dc79c12ad94e15dbb7195fa31652cac10133f536bf7ee8e4fd22e5eb", "c2f0d3a680c78f181115e279dd95c8c5db7233ba313d5d1795dcc4b48fdd57c8"], "mitre_attack_tags": ["TA0005", "T1070"]}, {"bi": "process-long-cmdline", "hashes": ["8f8ed4ee768f3d0aa060d4c3a7a92c081bbead99c804ae0f0b7a929681ea18e4", "331c93cdbeef87cbb7ba88d6740d48a1b597f2105f5a31739486118d454ad457", "ade33f33e76c025772ed89f63d529f31e16d0246fa7ddc0530168abb904dabb1", "a12b29e06a95822193f73bba0a55707c610733a9f571f91773ebfdbbb3c34a3b", "6125a74c229fc133260f6cac817b1d4fedf4565ade0a3f9d1212a04a67fa9c7f", "66474df3ecc84aca4860992de2c45988156b0b46fc152a95b3dbda6a7a5211ac", "7069e3c2f04c33cb9f9d57755de14576a1ae1d9d32b7713824c366056afd846b", "30432dbb97e97a8e1f99b8fec1a3201b4625f515a0e25e10a4e1a9f770b32521", "bcbf33e411bd1fc0866763b56ef1f37e4ab2e8d969763384bda076efd544c1f6", "4b33a1948929662719bdd82aae7bfd51c22463367f9fe1c7797dce6789251d61", "dd7a0d851ba1923c15606285a10e55677dd7d5f9400549795caaa1ce430638a0", "738b6883327db5f98cecbe7234409af8d2112355793b7ae3bf1595b66c03d73d", "6c57459003c18291409b620411f13330ffae27f7f2f0cc113e896a836e427855", "ce68168f4ba2e65f05b2e791ed47836aa3f90648d18d7e7e4015aec719f27416", "3966b092dc79c12ad94e15dbb7195fa31652cac10133f536bf7ee8e4fd22e5eb", "c2f0d3a680c78f181115e279dd95c8c5db7233ba313d5d1795dcc4b48fdd57c8"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "dns-query-nxdomain", "hashes": ["8f8ed4ee768f3d0aa060d4c3a7a92c081bbead99c804ae0f0b7a929681ea18e4", "331c93cdbeef87cbb7ba88d6740d48a1b597f2105f5a31739486118d454ad457", "ade33f33e76c025772ed89f63d529f31e16d0246fa7ddc0530168abb904dabb1", "a12b29e06a95822193f73bba0a55707c610733a9f571f91773ebfdbbb3c34a3b", "6125a74c229fc133260f6cac817b1d4fedf4565ade0a3f9d1212a04a67fa9c7f", "66474df3ecc84aca4860992de2c45988156b0b46fc152a95b3dbda6a7a5211ac", "7069e3c2f04c33cb9f9d57755de14576a1ae1d9d32b7713824c366056afd846b", "30432dbb97e97a8e1f99b8fec1a3201b4625f515a0e25e10a4e1a9f770b32521", "bcbf33e411bd1fc0866763b56ef1f37e4ab2e8d969763384bda076efd544c1f6", "4b33a1948929662719bdd82aae7bfd51c22463367f9fe1c7797dce6789251d61", "dd7a0d851ba1923c15606285a10e55677dd7d5f9400549795caaa1ce430638a0", "738b6883327db5f98cecbe7234409af8d2112355793b7ae3bf1595b66c03d73d", "6c57459003c18291409b620411f13330ffae27f7f2f0cc113e896a836e427855", "ce68168f4ba2e65f05b2e791ed47836aa3f90648d18d7e7e4015aec719f27416", "3966b092dc79c12ad94e15dbb7195fa31652cac10133f536bf7ee8e4fd22e5eb", "c2f0d3a680c78f181115e279dd95c8c5db7233ba313d5d1795dcc4b48fdd57c8"], "mitre_attack_tags": []}, {"bi": "netbios-query", "hashes": ["8f8ed4ee768f3d0aa060d4c3a7a92c081bbead99c804ae0f0b7a929681ea18e4", "331c93cdbeef87cbb7ba88d6740d48a1b597f2105f5a31739486118d454ad457", "ade33f33e76c025772ed89f63d529f31e16d0246fa7ddc0530168abb904dabb1", "a12b29e06a95822193f73bba0a55707c610733a9f571f91773ebfdbbb3c34a3b", "6125a74c229fc133260f6cac817b1d4fedf4565ade0a3f9d1212a04a67fa9c7f", "66474df3ecc84aca4860992de2c45988156b0b46fc152a95b3dbda6a7a5211ac", "7069e3c2f04c33cb9f9d57755de14576a1ae1d9d32b7713824c366056afd846b", "30432dbb97e97a8e1f99b8fec1a3201b4625f515a0e25e10a4e1a9f770b32521", "bcbf33e411bd1fc0866763b56ef1f37e4ab2e8d969763384bda076efd544c1f6", "4b33a1948929662719bdd82aae7bfd51c22463367f9fe1c7797dce6789251d61", "dd7a0d851ba1923c15606285a10e55677dd7d5f9400549795caaa1ce430638a0", "738b6883327db5f98cecbe7234409af8d2112355793b7ae3bf1595b66c03d73d", "6c57459003c18291409b620411f13330ffae27f7f2f0cc113e896a836e427855", "ce68168f4ba2e65f05b2e791ed47836aa3f90648d18d7e7e4015aec719f27416", "3966b092dc79c12ad94e15dbb7195fa31652cac10133f536bf7ee8e4fd22e5eb", "c2f0d3a680c78f181115e279dd95c8c5db7233ba313d5d1795dcc4b48fdd57c8"], "mitre_attack_tags": []}, {"bi": "feed-domain-rat", "hashes": ["8f8ed4ee768f3d0aa060d4c3a7a92c081bbead99c804ae0f0b7a929681ea18e4", "331c93cdbeef87cbb7ba88d6740d48a1b597f2105f5a31739486118d454ad457", "ade33f33e76c025772ed89f63d529f31e16d0246fa7ddc0530168abb904dabb1", "a12b29e06a95822193f73bba0a55707c610733a9f571f91773ebfdbbb3c34a3b", "6125a74c229fc133260f6cac817b1d4fedf4565ade0a3f9d1212a04a67fa9c7f", "66474df3ecc84aca4860992de2c45988156b0b46fc152a95b3dbda6a7a5211ac", "7069e3c2f04c33cb9f9d57755de14576a1ae1d9d32b7713824c366056afd846b", "30432dbb97e97a8e1f99b8fec1a3201b4625f515a0e25e10a4e1a9f770b32521", "bcbf33e411bd1fc0866763b56ef1f37e4ab2e8d969763384bda076efd544c1f6", "4b33a1948929662719bdd82aae7bfd51c22463367f9fe1c7797dce6789251d61", "dd7a0d851ba1923c15606285a10e55677dd7d5f9400549795caaa1ce430638a0", "738b6883327db5f98cecbe7234409af8d2112355793b7ae3bf1595b66c03d73d", "6c57459003c18291409b620411f13330ffae27f7f2f0cc113e896a836e427855", "ce68168f4ba2e65f05b2e791ed47836aa3f90648d18d7e7e4015aec719f27416", "3966b092dc79c12ad94e15dbb7195fa31652cac10133f536bf7ee8e4fd22e5eb", "c2f0d3a680c78f181115e279dd95c8c5db7233ba313d5d1795dcc4b48fdd57c8"], "mitre_attack_tags": []}, {"bi": "firefox-password-manager-local-database-access", "hashes": ["8f8ed4ee768f3d0aa060d4c3a7a92c081bbead99c804ae0f0b7a929681ea18e4", "331c93cdbeef87cbb7ba88d6740d48a1b597f2105f5a31739486118d454ad457", "ade33f33e76c025772ed89f63d529f31e16d0246fa7ddc0530168abb904dabb1", "a12b29e06a95822193f73bba0a55707c610733a9f571f91773ebfdbbb3c34a3b", "6125a74c229fc133260f6cac817b1d4fedf4565ade0a3f9d1212a04a67fa9c7f", "66474df3ecc84aca4860992de2c45988156b0b46fc152a95b3dbda6a7a5211ac", "7069e3c2f04c33cb9f9d57755de14576a1ae1d9d32b7713824c366056afd846b", "30432dbb97e97a8e1f99b8fec1a3201b4625f515a0e25e10a4e1a9f770b32521", "bcbf33e411bd1fc0866763b56ef1f37e4ab2e8d969763384bda076efd544c1f6", "4b33a1948929662719bdd82aae7bfd51c22463367f9fe1c7797dce6789251d61", "dd7a0d851ba1923c15606285a10e55677dd7d5f9400549795caaa1ce430638a0", "738b6883327db5f98cecbe7234409af8d2112355793b7ae3bf1595b66c03d73d", "6c57459003c18291409b620411f13330ffae27f7f2f0cc113e896a836e427855", "ce68168f4ba2e65f05b2e791ed47836aa3f90648d18d7e7e4015aec719f27416", "3966b092dc79c12ad94e15dbb7195fa31652cac10133f536bf7ee8e4fd22e5eb", "c2f0d3a680c78f181115e279dd95c8c5db7233ba313d5d1795dcc4b48fdd57c8"], "mitre_attack_tags": ["TA0006", "T1003"]}, {"bi": "enumeration-browser-information", "hashes": ["8f8ed4ee768f3d0aa060d4c3a7a92c081bbead99c804ae0f0b7a929681ea18e4", "331c93cdbeef87cbb7ba88d6740d48a1b597f2105f5a31739486118d454ad457", "ade33f33e76c025772ed89f63d529f31e16d0246fa7ddc0530168abb904dabb1", "a12b29e06a95822193f73bba0a55707c610733a9f571f91773ebfdbbb3c34a3b", "6125a74c229fc133260f6cac817b1d4fedf4565ade0a3f9d1212a04a67fa9c7f", "66474df3ecc84aca4860992de2c45988156b0b46fc152a95b3dbda6a7a5211ac", "7069e3c2f04c33cb9f9d57755de14576a1ae1d9d32b7713824c366056afd846b", "30432dbb97e97a8e1f99b8fec1a3201b4625f515a0e25e10a4e1a9f770b32521", "bcbf33e411bd1fc0866763b56ef1f37e4ab2e8d969763384bda076efd544c1f6", "4b33a1948929662719bdd82aae7bfd51c22463367f9fe1c7797dce6789251d61", "dd7a0d851ba1923c15606285a10e55677dd7d5f9400549795caaa1ce430638a0", "738b6883327db5f98cecbe7234409af8d2112355793b7ae3bf1595b66c03d73d", "6c57459003c18291409b620411f13330ffae27f7f2f0cc113e896a836e427855", "ce68168f4ba2e65f05b2e791ed47836aa3f90648d18d7e7e4015aec719f27416", "3966b092dc79c12ad94e15dbb7195fa31652cac10133f536bf7ee8e4fd22e5eb", "c2f0d3a680c78f181115e279dd95c8c5db7233ba313d5d1795dcc4b48fdd57c8"], "mitre_attack_tags": ["TA0007", "TA0009", "TA0006", "T1083", "T1217", "T1005", "T1119", "T1552"]}, {"bi": "registry-login-info-guest-modified", "hashes": ["8f8ed4ee768f3d0aa060d4c3a7a92c081bbead99c804ae0f0b7a929681ea18e4", "331c93cdbeef87cbb7ba88d6740d48a1b597f2105f5a31739486118d454ad457", "ade33f33e76c025772ed89f63d529f31e16d0246fa7ddc0530168abb904dabb1", "a12b29e06a95822193f73bba0a55707c610733a9f571f91773ebfdbbb3c34a3b", "6125a74c229fc133260f6cac817b1d4fedf4565ade0a3f9d1212a04a67fa9c7f", "66474df3ecc84aca4860992de2c45988156b0b46fc152a95b3dbda6a7a5211ac", "7069e3c2f04c33cb9f9d57755de14576a1ae1d9d32b7713824c366056afd846b", "30432dbb97e97a8e1f99b8fec1a3201b4625f515a0e25e10a4e1a9f770b32521", "bcbf33e411bd1fc0866763b56ef1f37e4ab2e8d969763384bda076efd544c1f6", "4b33a1948929662719bdd82aae7bfd51c22463367f9fe1c7797dce6789251d61", "dd7a0d851ba1923c15606285a10e55677dd7d5f9400549795caaa1ce430638a0", "738b6883327db5f98cecbe7234409af8d2112355793b7ae3bf1595b66c03d73d", "6c57459003c18291409b620411f13330ffae27f7f2f0cc113e896a836e427855", "ce68168f4ba2e65f05b2e791ed47836aa3f90648d18d7e7e4015aec719f27416", "3966b092dc79c12ad94e15dbb7195fa31652cac10133f536bf7ee8e4fd22e5eb", "c2f0d3a680c78f181115e279dd95c8c5db7233ba313d5d1795dcc4b48fdd57c8"], "mitre_attack_tags": ["TA0005", "TA0003", "T1112", "T1098"]}, {"bi": "malware-pony-stealer-detected", "hashes": ["8f8ed4ee768f3d0aa060d4c3a7a92c081bbead99c804ae0f0b7a929681ea18e4", "331c93cdbeef87cbb7ba88d6740d48a1b597f2105f5a31739486118d454ad457", "ade33f33e76c025772ed89f63d529f31e16d0246fa7ddc0530168abb904dabb1", "a12b29e06a95822193f73bba0a55707c610733a9f571f91773ebfdbbb3c34a3b", "6125a74c229fc133260f6cac817b1d4fedf4565ade0a3f9d1212a04a67fa9c7f", "66474df3ecc84aca4860992de2c45988156b0b46fc152a95b3dbda6a7a5211ac", "7069e3c2f04c33cb9f9d57755de14576a1ae1d9d32b7713824c366056afd846b", "30432dbb97e97a8e1f99b8fec1a3201b4625f515a0e25e10a4e1a9f770b32521", "bcbf33e411bd1fc0866763b56ef1f37e4ab2e8d969763384bda076efd544c1f6", "4b33a1948929662719bdd82aae7bfd51c22463367f9fe1c7797dce6789251d61", "dd7a0d851ba1923c15606285a10e55677dd7d5f9400549795caaa1ce430638a0", "738b6883327db5f98cecbe7234409af8d2112355793b7ae3bf1595b66c03d73d", "6c57459003c18291409b620411f13330ffae27f7f2f0cc113e896a836e427855", "ce68168f4ba2e65f05b2e791ed47836aa3f90648d18d7e7e4015aec719f27416", "3966b092dc79c12ad94e15dbb7195fa31652cac10133f536bf7ee8e4fd22e5eb", "c2f0d3a680c78f181115e279dd95c8c5db7233ba313d5d1795dcc4b48fdd57c8"], "mitre_attack_tags": []}, {"bi": "malware-fareit-file-activity", "hashes": ["8f8ed4ee768f3d0aa060d4c3a7a92c081bbead99c804ae0f0b7a929681ea18e4", "331c93cdbeef87cbb7ba88d6740d48a1b597f2105f5a31739486118d454ad457", "ade33f33e76c025772ed89f63d529f31e16d0246fa7ddc0530168abb904dabb1", "a12b29e06a95822193f73bba0a55707c610733a9f571f91773ebfdbbb3c34a3b", "6125a74c229fc133260f6cac817b1d4fedf4565ade0a3f9d1212a04a67fa9c7f", "66474df3ecc84aca4860992de2c45988156b0b46fc152a95b3dbda6a7a5211ac", "7069e3c2f04c33cb9f9d57755de14576a1ae1d9d32b7713824c366056afd846b", "30432dbb97e97a8e1f99b8fec1a3201b4625f515a0e25e10a4e1a9f770b32521", "bcbf33e411bd1fc0866763b56ef1f37e4ab2e8d969763384bda076efd544c1f6", "4b33a1948929662719bdd82aae7bfd51c22463367f9fe1c7797dce6789251d61", "dd7a0d851ba1923c15606285a10e55677dd7d5f9400549795caaa1ce430638a0", "738b6883327db5f98cecbe7234409af8d2112355793b7ae3bf1595b66c03d73d", "6c57459003c18291409b620411f13330ffae27f7f2f0cc113e896a836e427855", "ce68168f4ba2e65f05b2e791ed47836aa3f90648d18d7e7e4015aec719f27416", "3966b092dc79c12ad94e15dbb7195fa31652cac10133f536bf7ee8e4fd22e5eb", "c2f0d3a680c78f181115e279dd95c8c5db7233ba313d5d1795dcc4b48fdd57c8"], "mitre_attack_tags": []}, {"bi": "registry-login-info-modified", "hashes": ["8f8ed4ee768f3d0aa060d4c3a7a92c081bbead99c804ae0f0b7a929681ea18e4", "331c93cdbeef87cbb7ba88d6740d48a1b597f2105f5a31739486118d454ad457", "ade33f33e76c025772ed89f63d529f31e16d0246fa7ddc0530168abb904dabb1", "a12b29e06a95822193f73bba0a55707c610733a9f571f91773ebfdbbb3c34a3b", "6125a74c229fc133260f6cac817b1d4fedf4565ade0a3f9d1212a04a67fa9c7f", "66474df3ecc84aca4860992de2c45988156b0b46fc152a95b3dbda6a7a5211ac", "7069e3c2f04c33cb9f9d57755de14576a1ae1d9d32b7713824c366056afd846b", "30432dbb97e97a8e1f99b8fec1a3201b4625f515a0e25e10a4e1a9f770b32521", "bcbf33e411bd1fc0866763b56ef1f37e4ab2e8d969763384bda076efd544c1f6", "4b33a1948929662719bdd82aae7bfd51c22463367f9fe1c7797dce6789251d61", "dd7a0d851ba1923c15606285a10e55677dd7d5f9400549795caaa1ce430638a0", "738b6883327db5f98cecbe7234409af8d2112355793b7ae3bf1595b66c03d73d", "6c57459003c18291409b620411f13330ffae27f7f2f0cc113e896a836e427855", "ce68168f4ba2e65f05b2e791ed47836aa3f90648d18d7e7e4015aec719f27416", "3966b092dc79c12ad94e15dbb7195fa31652cac10133f536bf7ee8e4fd22e5eb", "c2f0d3a680c78f181115e279dd95c8c5db7233ba313d5d1795dcc4b48fdd57c8"], "mitre_attack_tags": ["TA0005", "TA0003", "T1112", "T1098"]}, {"bi": "cmd-exe-file-execution", "hashes": ["8f8ed4ee768f3d0aa060d4c3a7a92c081bbead99c804ae0f0b7a929681ea18e4", "331c93cdbeef87cbb7ba88d6740d48a1b597f2105f5a31739486118d454ad457", "ade33f33e76c025772ed89f63d529f31e16d0246fa7ddc0530168abb904dabb1", "a12b29e06a95822193f73bba0a55707c610733a9f571f91773ebfdbbb3c34a3b", "6125a74c229fc133260f6cac817b1d4fedf4565ade0a3f9d1212a04a67fa9c7f", "66474df3ecc84aca4860992de2c45988156b0b46fc152a95b3dbda6a7a5211ac", "7069e3c2f04c33cb9f9d57755de14576a1ae1d9d32b7713824c366056afd846b", "30432dbb97e97a8e1f99b8fec1a3201b4625f515a0e25e10a4e1a9f770b32521", "bcbf33e411bd1fc0866763b56ef1f37e4ab2e8d969763384bda076efd544c1f6", "4b33a1948929662719bdd82aae7bfd51c22463367f9fe1c7797dce6789251d61", "dd7a0d851ba1923c15606285a10e55677dd7d5f9400549795caaa1ce430638a0", "738b6883327db5f98cecbe7234409af8d2112355793b7ae3bf1595b66c03d73d", "6c57459003c18291409b620411f13330ffae27f7f2f0cc113e896a836e427855", "ce68168f4ba2e65f05b2e791ed47836aa3f90648d18d7e7e4015aec719f27416", "3966b092dc79c12ad94e15dbb7195fa31652cac10133f536bf7ee8e4fd22e5eb", "c2f0d3a680c78f181115e279dd95c8c5db7233ba313d5d1795dcc4b48fdd57c8"], "mitre_attack_tags": ["TA0002", "T1059"]}, {"bi": "modified-file-in-system-dir", "hashes": ["8f8ed4ee768f3d0aa060d4c3a7a92c081bbead99c804ae0f0b7a929681ea18e4", "331c93cdbeef87cbb7ba88d6740d48a1b597f2105f5a31739486118d454ad457", "ade33f33e76c025772ed89f63d529f31e16d0246fa7ddc0530168abb904dabb1", "a12b29e06a95822193f73bba0a55707c610733a9f571f91773ebfdbbb3c34a3b", "6125a74c229fc133260f6cac817b1d4fedf4565ade0a3f9d1212a04a67fa9c7f", "66474df3ecc84aca4860992de2c45988156b0b46fc152a95b3dbda6a7a5211ac", "7069e3c2f04c33cb9f9d57755de14576a1ae1d9d32b7713824c366056afd846b", "30432dbb97e97a8e1f99b8fec1a3201b4625f515a0e25e10a4e1a9f770b32521", "bcbf33e411bd1fc0866763b56ef1f37e4ab2e8d969763384bda076efd544c1f6", "4b33a1948929662719bdd82aae7bfd51c22463367f9fe1c7797dce6789251d61", "dd7a0d851ba1923c15606285a10e55677dd7d5f9400549795caaa1ce430638a0", "738b6883327db5f98cecbe7234409af8d2112355793b7ae3bf1595b66c03d73d", "6c57459003c18291409b620411f13330ffae27f7f2f0cc113e896a836e427855", "ce68168f4ba2e65f05b2e791ed47836aa3f90648d18d7e7e4015aec719f27416", "3966b092dc79c12ad94e15dbb7195fa31652cac10133f536bf7ee8e4fd22e5eb", "c2f0d3a680c78f181115e279dd95c8c5db7233ba313d5d1795dcc4b48fdd57c8"], "mitre_attack_tags": []}, {"bi": "registry-modification-reg", "hashes": ["8f8ed4ee768f3d0aa060d4c3a7a92c081bbead99c804ae0f0b7a929681ea18e4", "331c93cdbeef87cbb7ba88d6740d48a1b597f2105f5a31739486118d454ad457", "ade33f33e76c025772ed89f63d529f31e16d0246fa7ddc0530168abb904dabb1", "a12b29e06a95822193f73bba0a55707c610733a9f571f91773ebfdbbb3c34a3b", "6125a74c229fc133260f6cac817b1d4fedf4565ade0a3f9d1212a04a67fa9c7f", "66474df3ecc84aca4860992de2c45988156b0b46fc152a95b3dbda6a7a5211ac", "7069e3c2f04c33cb9f9d57755de14576a1ae1d9d32b7713824c366056afd846b", "30432dbb97e97a8e1f99b8fec1a3201b4625f515a0e25e10a4e1a9f770b32521", "bcbf33e411bd1fc0866763b56ef1f37e4ab2e8d969763384bda076efd544c1f6", "4b33a1948929662719bdd82aae7bfd51c22463367f9fe1c7797dce6789251d61", "dd7a0d851ba1923c15606285a10e55677dd7d5f9400549795caaa1ce430638a0", "738b6883327db5f98cecbe7234409af8d2112355793b7ae3bf1595b66c03d73d", "6c57459003c18291409b620411f13330ffae27f7f2f0cc113e896a836e427855", "ce68168f4ba2e65f05b2e791ed47836aa3f90648d18d7e7e4015aec719f27416", "3966b092dc79c12ad94e15dbb7195fa31652cac10133f536bf7ee8e4fd22e5eb", "c2f0d3a680c78f181115e279dd95c8c5db7233ba313d5d1795dcc4b48fdd57c8"], "mitre_attack_tags": []}, {"bi": "process-uses-localhost-traffic", "hashes": ["8f8ed4ee768f3d0aa060d4c3a7a92c081bbead99c804ae0f0b7a929681ea18e4", "331c93cdbeef87cbb7ba88d6740d48a1b597f2105f5a31739486118d454ad457", "ade33f33e76c025772ed89f63d529f31e16d0246fa7ddc0530168abb904dabb1", "a12b29e06a95822193f73bba0a55707c610733a9f571f91773ebfdbbb3c34a3b", "6125a74c229fc133260f6cac817b1d4fedf4565ade0a3f9d1212a04a67fa9c7f", "66474df3ecc84aca4860992de2c45988156b0b46fc152a95b3dbda6a7a5211ac", "7069e3c2f04c33cb9f9d57755de14576a1ae1d9d32b7713824c366056afd846b", "30432dbb97e97a8e1f99b8fec1a3201b4625f515a0e25e10a4e1a9f770b32521", "bcbf33e411bd1fc0866763b56ef1f37e4ab2e8d969763384bda076efd544c1f6", "4b33a1948929662719bdd82aae7bfd51c22463367f9fe1c7797dce6789251d61", "dd7a0d851ba1923c15606285a10e55677dd7d5f9400549795caaa1ce430638a0", "738b6883327db5f98cecbe7234409af8d2112355793b7ae3bf1595b66c03d73d", "6c57459003c18291409b620411f13330ffae27f7f2f0cc113e896a836e427855", "ce68168f4ba2e65f05b2e791ed47836aa3f90648d18d7e7e4015aec719f27416", "3966b092dc79c12ad94e15dbb7195fa31652cac10133f536bf7ee8e4fd22e5eb", "c2f0d3a680c78f181115e279dd95c8c5db7233ba313d5d1795dcc4b48fdd57c8"], "mitre_attack_tags": ["TA0007", "T1049"]}, {"bi": "process-ping", "hashes": ["8f8ed4ee768f3d0aa060d4c3a7a92c081bbead99c804ae0f0b7a929681ea18e4", "331c93cdbeef87cbb7ba88d6740d48a1b597f2105f5a31739486118d454ad457", "ade33f33e76c025772ed89f63d529f31e16d0246fa7ddc0530168abb904dabb1", "a12b29e06a95822193f73bba0a55707c610733a9f571f91773ebfdbbb3c34a3b", "6125a74c229fc133260f6cac817b1d4fedf4565ade0a3f9d1212a04a67fa9c7f", "66474df3ecc84aca4860992de2c45988156b0b46fc152a95b3dbda6a7a5211ac", "7069e3c2f04c33cb9f9d57755de14576a1ae1d9d32b7713824c366056afd846b", "30432dbb97e97a8e1f99b8fec1a3201b4625f515a0e25e10a4e1a9f770b32521", "bcbf33e411bd1fc0866763b56ef1f37e4ab2e8d969763384bda076efd544c1f6", "4b33a1948929662719bdd82aae7bfd51c22463367f9fe1c7797dce6789251d61", "dd7a0d851ba1923c15606285a10e55677dd7d5f9400549795caaa1ce430638a0", "738b6883327db5f98cecbe7234409af8d2112355793b7ae3bf1595b66c03d73d", "6c57459003c18291409b620411f13330ffae27f7f2f0cc113e896a836e427855", "ce68168f4ba2e65f05b2e791ed47836aa3f90648d18d7e7e4015aec719f27416", "3966b092dc79c12ad94e15dbb7195fa31652cac10133f536bf7ee8e4fd22e5eb", "c2f0d3a680c78f181115e279dd95c8c5db7233ba313d5d1795dcc4b48fdd57c8"], "mitre_attack_tags": ["TA0007", "T1049"]}, {"bi": "process-ping-localhost", "hashes": ["8f8ed4ee768f3d0aa060d4c3a7a92c081bbead99c804ae0f0b7a929681ea18e4", "331c93cdbeef87cbb7ba88d6740d48a1b597f2105f5a31739486118d454ad457", "ade33f33e76c025772ed89f63d529f31e16d0246fa7ddc0530168abb904dabb1", "a12b29e06a95822193f73bba0a55707c610733a9f571f91773ebfdbbb3c34a3b", "6125a74c229fc133260f6cac817b1d4fedf4565ade0a3f9d1212a04a67fa9c7f", "66474df3ecc84aca4860992de2c45988156b0b46fc152a95b3dbda6a7a5211ac", "7069e3c2f04c33cb9f9d57755de14576a1ae1d9d32b7713824c366056afd846b", "30432dbb97e97a8e1f99b8fec1a3201b4625f515a0e25e10a4e1a9f770b32521", "bcbf33e411bd1fc0866763b56ef1f37e4ab2e8d969763384bda076efd544c1f6", "4b33a1948929662719bdd82aae7bfd51c22463367f9fe1c7797dce6789251d61", "dd7a0d851ba1923c15606285a10e55677dd7d5f9400549795caaa1ce430638a0", "738b6883327db5f98cecbe7234409af8d2112355793b7ae3bf1595b66c03d73d", "6c57459003c18291409b620411f13330ffae27f7f2f0cc113e896a836e427855", "ce68168f4ba2e65f05b2e791ed47836aa3f90648d18d7e7e4015aec719f27416", "3966b092dc79c12ad94e15dbb7195fa31652cac10133f536bf7ee8e4fd22e5eb", "c2f0d3a680c78f181115e279dd95c8c5db7233ba313d5d1795dcc4b48fdd57c8"], "mitre_attack_tags": ["TA0007", "T1016"]}, {"bi": "task-ran-using-system-account", "hashes": ["8f8ed4ee768f3d0aa060d4c3a7a92c081bbead99c804ae0f0b7a929681ea18e4", "331c93cdbeef87cbb7ba88d6740d48a1b597f2105f5a31739486118d454ad457", "ade33f33e76c025772ed89f63d529f31e16d0246fa7ddc0530168abb904dabb1", "a12b29e06a95822193f73bba0a55707c610733a9f571f91773ebfdbbb3c34a3b", "6125a74c229fc133260f6cac817b1d4fedf4565ade0a3f9d1212a04a67fa9c7f", "66474df3ecc84aca4860992de2c45988156b0b46fc152a95b3dbda6a7a5211ac", "7069e3c2f04c33cb9f9d57755de14576a1ae1d9d32b7713824c366056afd846b", "30432dbb97e97a8e1f99b8fec1a3201b4625f515a0e25e10a4e1a9f770b32521", "bcbf33e411bd1fc0866763b56ef1f37e4ab2e8d969763384bda076efd544c1f6", "4b33a1948929662719bdd82aae7bfd51c22463367f9fe1c7797dce6789251d61", "dd7a0d851ba1923c15606285a10e55677dd7d5f9400549795caaa1ce430638a0", "738b6883327db5f98cecbe7234409af8d2112355793b7ae3bf1595b66c03d73d", "6c57459003c18291409b620411f13330ffae27f7f2f0cc113e896a836e427855", "ce68168f4ba2e65f05b2e791ed47836aa3f90648d18d7e7e4015aec719f27416", "3966b092dc79c12ad94e15dbb7195fa31652cac10133f536bf7ee8e4fd22e5eb", "c2f0d3a680c78f181115e279dd95c8c5db7233ba313d5d1795dcc4b48fdd57c8"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1053"]}, {"bi": "cmd-exe-file-deletion", "hashes": ["8f8ed4ee768f3d0aa060d4c3a7a92c081bbead99c804ae0f0b7a929681ea18e4", "331c93cdbeef87cbb7ba88d6740d48a1b597f2105f5a31739486118d454ad457", "ade33f33e76c025772ed89f63d529f31e16d0246fa7ddc0530168abb904dabb1", "a12b29e06a95822193f73bba0a55707c610733a9f571f91773ebfdbbb3c34a3b", "6125a74c229fc133260f6cac817b1d4fedf4565ade0a3f9d1212a04a67fa9c7f", "66474df3ecc84aca4860992de2c45988156b0b46fc152a95b3dbda6a7a5211ac", "7069e3c2f04c33cb9f9d57755de14576a1ae1d9d32b7713824c366056afd846b", "30432dbb97e97a8e1f99b8fec1a3201b4625f515a0e25e10a4e1a9f770b32521", "bcbf33e411bd1fc0866763b56ef1f37e4ab2e8d969763384bda076efd544c1f6", "4b33a1948929662719bdd82aae7bfd51c22463367f9fe1c7797dce6789251d61", "dd7a0d851ba1923c15606285a10e55677dd7d5f9400549795caaa1ce430638a0", "738b6883327db5f98cecbe7234409af8d2112355793b7ae3bf1595b66c03d73d", "6c57459003c18291409b620411f13330ffae27f7f2f0cc113e896a836e427855", "ce68168f4ba2e65f05b2e791ed47836aa3f90648d18d7e7e4015aec719f27416", "3966b092dc79c12ad94e15dbb7195fa31652cac10133f536bf7ee8e4fd22e5eb", "c2f0d3a680c78f181115e279dd95c8c5db7233ba313d5d1795dcc4b48fdd57c8"], "mitre_attack_tags": ["TA0005", "T1070"]}, {"bi": "windows-util-at", "hashes": ["8f8ed4ee768f3d0aa060d4c3a7a92c081bbead99c804ae0f0b7a929681ea18e4", "331c93cdbeef87cbb7ba88d6740d48a1b597f2105f5a31739486118d454ad457", "ade33f33e76c025772ed89f63d529f31e16d0246fa7ddc0530168abb904dabb1", "a12b29e06a95822193f73bba0a55707c610733a9f571f91773ebfdbbb3c34a3b", "6125a74c229fc133260f6cac817b1d4fedf4565ade0a3f9d1212a04a67fa9c7f", "66474df3ecc84aca4860992de2c45988156b0b46fc152a95b3dbda6a7a5211ac", "7069e3c2f04c33cb9f9d57755de14576a1ae1d9d32b7713824c366056afd846b", "30432dbb97e97a8e1f99b8fec1a3201b4625f515a0e25e10a4e1a9f770b32521", "bcbf33e411bd1fc0866763b56ef1f37e4ab2e8d969763384bda076efd544c1f6", "4b33a1948929662719bdd82aae7bfd51c22463367f9fe1c7797dce6789251d61", "dd7a0d851ba1923c15606285a10e55677dd7d5f9400549795caaa1ce430638a0", "738b6883327db5f98cecbe7234409af8d2112355793b7ae3bf1595b66c03d73d", "6c57459003c18291409b620411f13330ffae27f7f2f0cc113e896a836e427855", "ce68168f4ba2e65f05b2e791ed47836aa3f90648d18d7e7e4015aec719f27416", "3966b092dc79c12ad94e15dbb7195fa31652cac10133f536bf7ee8e4fd22e5eb", "c2f0d3a680c78f181115e279dd95c8c5db7233ba313d5d1795dcc4b48fdd57c8"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1053"]}, {"bi": "hosts-file-modification", "hashes": ["8f8ed4ee768f3d0aa060d4c3a7a92c081bbead99c804ae0f0b7a929681ea18e4", "331c93cdbeef87cbb7ba88d6740d48a1b597f2105f5a31739486118d454ad457", "ade33f33e76c025772ed89f63d529f31e16d0246fa7ddc0530168abb904dabb1", "a12b29e06a95822193f73bba0a55707c610733a9f571f91773ebfdbbb3c34a3b", "6125a74c229fc133260f6cac817b1d4fedf4565ade0a3f9d1212a04a67fa9c7f", "66474df3ecc84aca4860992de2c45988156b0b46fc152a95b3dbda6a7a5211ac", "7069e3c2f04c33cb9f9d57755de14576a1ae1d9d32b7713824c366056afd846b", "30432dbb97e97a8e1f99b8fec1a3201b4625f515a0e25e10a4e1a9f770b32521", "bcbf33e411bd1fc0866763b56ef1f37e4ab2e8d969763384bda076efd544c1f6", "4b33a1948929662719bdd82aae7bfd51c22463367f9fe1c7797dce6789251d61", "dd7a0d851ba1923c15606285a10e55677dd7d5f9400549795caaa1ce430638a0", "738b6883327db5f98cecbe7234409af8d2112355793b7ae3bf1595b66c03d73d", "6c57459003c18291409b620411f13330ffae27f7f2f0cc113e896a836e427855", "ce68168f4ba2e65f05b2e791ed47836aa3f90648d18d7e7e4015aec719f27416", "3966b092dc79c12ad94e15dbb7195fa31652cac10133f536bf7ee8e4fd22e5eb", "c2f0d3a680c78f181115e279dd95c8c5db7233ba313d5d1795dcc4b48fdd57c8"], "mitre_attack_tags": ["TA0011", "TA0005"]}, {"bi": "feed-domain-modified-host-file", "hashes": ["8f8ed4ee768f3d0aa060d4c3a7a92c081bbead99c804ae0f0b7a929681ea18e4", "331c93cdbeef87cbb7ba88d6740d48a1b597f2105f5a31739486118d454ad457", "ade33f33e76c025772ed89f63d529f31e16d0246fa7ddc0530168abb904dabb1", "a12b29e06a95822193f73bba0a55707c610733a9f571f91773ebfdbbb3c34a3b", "6125a74c229fc133260f6cac817b1d4fedf4565ade0a3f9d1212a04a67fa9c7f", "66474df3ecc84aca4860992de2c45988156b0b46fc152a95b3dbda6a7a5211ac", "7069e3c2f04c33cb9f9d57755de14576a1ae1d9d32b7713824c366056afd846b", "30432dbb97e97a8e1f99b8fec1a3201b4625f515a0e25e10a4e1a9f770b32521", "bcbf33e411bd1fc0866763b56ef1f37e4ab2e8d969763384bda076efd544c1f6", "4b33a1948929662719bdd82aae7bfd51c22463367f9fe1c7797dce6789251d61", "dd7a0d851ba1923c15606285a10e55677dd7d5f9400549795caaa1ce430638a0", "738b6883327db5f98cecbe7234409af8d2112355793b7ae3bf1595b66c03d73d", "6c57459003c18291409b620411f13330ffae27f7f2f0cc113e896a836e427855", "ce68168f4ba2e65f05b2e791ed47836aa3f90648d18d7e7e4015aec719f27416", "3966b092dc79c12ad94e15dbb7195fa31652cac10133f536bf7ee8e4fd22e5eb", "c2f0d3a680c78f181115e279dd95c8c5db7233ba313d5d1795dcc4b48fdd57c8"], "mitre_attack_tags": []}, {"bi": "cmd-exe-substr", "hashes": ["8f8ed4ee768f3d0aa060d4c3a7a92c081bbead99c804ae0f0b7a929681ea18e4", "331c93cdbeef87cbb7ba88d6740d48a1b597f2105f5a31739486118d454ad457", "ade33f33e76c025772ed89f63d529f31e16d0246fa7ddc0530168abb904dabb1", "a12b29e06a95822193f73bba0a55707c610733a9f571f91773ebfdbbb3c34a3b", "6125a74c229fc133260f6cac817b1d4fedf4565ade0a3f9d1212a04a67fa9c7f", "66474df3ecc84aca4860992de2c45988156b0b46fc152a95b3dbda6a7a5211ac", "7069e3c2f04c33cb9f9d57755de14576a1ae1d9d32b7713824c366056afd846b", "30432dbb97e97a8e1f99b8fec1a3201b4625f515a0e25e10a4e1a9f770b32521", "bcbf33e411bd1fc0866763b56ef1f37e4ab2e8d969763384bda076efd544c1f6", "4b33a1948929662719bdd82aae7bfd51c22463367f9fe1c7797dce6789251d61", "dd7a0d851ba1923c15606285a10e55677dd7d5f9400549795caaa1ce430638a0", "738b6883327db5f98cecbe7234409af8d2112355793b7ae3bf1595b66c03d73d", "6c57459003c18291409b620411f13330ffae27f7f2f0cc113e896a836e427855", "ce68168f4ba2e65f05b2e791ed47836aa3f90648d18d7e7e4015aec719f27416", "3966b092dc79c12ad94e15dbb7195fa31652cac10133f536bf7ee8e4fd22e5eb", "c2f0d3a680c78f181115e279dd95c8c5db7233ba313d5d1795dcc4b48fdd57c8"], "mitre_attack_tags": ["TA0005", "TA0002", "T1027", "T1059"]}, {"bi": "cmd-windows-env-vars-detected", "hashes": ["8f8ed4ee768f3d0aa060d4c3a7a92c081bbead99c804ae0f0b7a929681ea18e4", "331c93cdbeef87cbb7ba88d6740d48a1b597f2105f5a31739486118d454ad457", "ade33f33e76c025772ed89f63d529f31e16d0246fa7ddc0530168abb904dabb1", "a12b29e06a95822193f73bba0a55707c610733a9f571f91773ebfdbbb3c34a3b", "6125a74c229fc133260f6cac817b1d4fedf4565ade0a3f9d1212a04a67fa9c7f", "66474df3ecc84aca4860992de2c45988156b0b46fc152a95b3dbda6a7a5211ac", "7069e3c2f04c33cb9f9d57755de14576a1ae1d9d32b7713824c366056afd846b", "30432dbb97e97a8e1f99b8fec1a3201b4625f515a0e25e10a4e1a9f770b32521", "bcbf33e411bd1fc0866763b56ef1f37e4ab2e8d969763384bda076efd544c1f6", "4b33a1948929662719bdd82aae7bfd51c22463367f9fe1c7797dce6789251d61", "dd7a0d851ba1923c15606285a10e55677dd7d5f9400549795caaa1ce430638a0", "738b6883327db5f98cecbe7234409af8d2112355793b7ae3bf1595b66c03d73d", "6c57459003c18291409b620411f13330ffae27f7f2f0cc113e896a836e427855", "ce68168f4ba2e65f05b2e791ed47836aa3f90648d18d7e7e4015aec719f27416", "3966b092dc79c12ad94e15dbb7195fa31652cac10133f536bf7ee8e4fd22e5eb", "c2f0d3a680c78f181115e279dd95c8c5db7233ba313d5d1795dcc4b48fdd57c8"], "mitre_attack_tags": ["TA0005", "TA0002", "T1027", "T1059"]}, {"bi": "malware-generic-infostealer", "hashes": ["8f8ed4ee768f3d0aa060d4c3a7a92c081bbead99c804ae0f0b7a929681ea18e4", "331c93cdbeef87cbb7ba88d6740d48a1b597f2105f5a31739486118d454ad457", "ade33f33e76c025772ed89f63d529f31e16d0246fa7ddc0530168abb904dabb1", "a12b29e06a95822193f73bba0a55707c610733a9f571f91773ebfdbbb3c34a3b", "6125a74c229fc133260f6cac817b1d4fedf4565ade0a3f9d1212a04a67fa9c7f", "66474df3ecc84aca4860992de2c45988156b0b46fc152a95b3dbda6a7a5211ac", "7069e3c2f04c33cb9f9d57755de14576a1ae1d9d32b7713824c366056afd846b", "30432dbb97e97a8e1f99b8fec1a3201b4625f515a0e25e10a4e1a9f770b32521", "bcbf33e411bd1fc0866763b56ef1f37e4ab2e8d969763384bda076efd544c1f6", "4b33a1948929662719bdd82aae7bfd51c22463367f9fe1c7797dce6789251d61", "dd7a0d851ba1923c15606285a10e55677dd7d5f9400549795caaa1ce430638a0", "738b6883327db5f98cecbe7234409af8d2112355793b7ae3bf1595b66c03d73d", "6c57459003c18291409b620411f13330ffae27f7f2f0cc113e896a836e427855", "ce68168f4ba2e65f05b2e791ed47836aa3f90648d18d7e7e4015aec719f27416", "3966b092dc79c12ad94e15dbb7195fa31652cac10133f536bf7ee8e4fd22e5eb", "c2f0d3a680c78f181115e279dd95c8c5db7233ba313d5d1795dcc4b48fdd57c8"], "mitre_attack_tags": ["TA0007", "TA0009", "TA0006", "T1083", "T1005", "T1119", "T1552"]}, {"bi": "enumeration-email-program-information", "hashes": ["8f8ed4ee768f3d0aa060d4c3a7a92c081bbead99c804ae0f0b7a929681ea18e4", "331c93cdbeef87cbb7ba88d6740d48a1b597f2105f5a31739486118d454ad457", "ade33f33e76c025772ed89f63d529f31e16d0246fa7ddc0530168abb904dabb1", "a12b29e06a95822193f73bba0a55707c610733a9f571f91773ebfdbbb3c34a3b", "6125a74c229fc133260f6cac817b1d4fedf4565ade0a3f9d1212a04a67fa9c7f", "66474df3ecc84aca4860992de2c45988156b0b46fc152a95b3dbda6a7a5211ac", "7069e3c2f04c33cb9f9d57755de14576a1ae1d9d32b7713824c366056afd846b", "30432dbb97e97a8e1f99b8fec1a3201b4625f515a0e25e10a4e1a9f770b32521", "bcbf33e411bd1fc0866763b56ef1f37e4ab2e8d969763384bda076efd544c1f6", "4b33a1948929662719bdd82aae7bfd51c22463367f9fe1c7797dce6789251d61", "dd7a0d851ba1923c15606285a10e55677dd7d5f9400549795caaa1ce430638a0", "738b6883327db5f98cecbe7234409af8d2112355793b7ae3bf1595b66c03d73d", "6c57459003c18291409b620411f13330ffae27f7f2f0cc113e896a836e427855", "ce68168f4ba2e65f05b2e791ed47836aa3f90648d18d7e7e4015aec719f27416", "3966b092dc79c12ad94e15dbb7195fa31652cac10133f536bf7ee8e4fd22e5eb", "c2f0d3a680c78f181115e279dd95c8c5db7233ba313d5d1795dcc4b48fdd57c8"], "mitre_attack_tags": ["TA0007", "TA0009", "TA0006", "T1083", "T1005", "T1119", "T1114", "T1552"]}, {"bi": "enumeration-ftp-program-information", "hashes": ["8f8ed4ee768f3d0aa060d4c3a7a92c081bbead99c804ae0f0b7a929681ea18e4", "331c93cdbeef87cbb7ba88d6740d48a1b597f2105f5a31739486118d454ad457", "ade33f33e76c025772ed89f63d529f31e16d0246fa7ddc0530168abb904dabb1", "a12b29e06a95822193f73bba0a55707c610733a9f571f91773ebfdbbb3c34a3b", "6125a74c229fc133260f6cac817b1d4fedf4565ade0a3f9d1212a04a67fa9c7f", "66474df3ecc84aca4860992de2c45988156b0b46fc152a95b3dbda6a7a5211ac", "7069e3c2f04c33cb9f9d57755de14576a1ae1d9d32b7713824c366056afd846b", "30432dbb97e97a8e1f99b8fec1a3201b4625f515a0e25e10a4e1a9f770b32521", "bcbf33e411bd1fc0866763b56ef1f37e4ab2e8d969763384bda076efd544c1f6", "4b33a1948929662719bdd82aae7bfd51c22463367f9fe1c7797dce6789251d61", "dd7a0d851ba1923c15606285a10e55677dd7d5f9400549795caaa1ce430638a0", "738b6883327db5f98cecbe7234409af8d2112355793b7ae3bf1595b66c03d73d", "6c57459003c18291409b620411f13330ffae27f7f2f0cc113e896a836e427855", "ce68168f4ba2e65f05b2e791ed47836aa3f90648d18d7e7e4015aec719f27416", "3966b092dc79c12ad94e15dbb7195fa31652cac10133f536bf7ee8e4fd22e5eb", "c2f0d3a680c78f181115e279dd95c8c5db7233ba313d5d1795dcc4b48fdd57c8"], "mitre_attack_tags": ["TA0007", "TA0009", "TA0006", "T1083", "T1005", "T1119", "T1552"]}, {"bi": "pe-encrypted-section", "hashes": ["d1e4f122367c8ce4e58b250ef2ef00191b68cb3d603af39257219a70606c623a", "66474df3ecc84aca4860992de2c45988156b0b46fc152a95b3dbda6a7a5211ac", "7a8907e3a793e426d562afddb48eb7fd8c76aee440ff6c70511012c39dda0eba", "a99c6e3e9ae3de3b3edf360cef94f6b6cbf916cd19dd9d4132c86b55acb34e4c", "180a6808c87ebe10b55200876e6afb3884389837b3812ade9df7cbc1d7b7de80", "4b33a1948929662719bdd82aae7bfd51c22463367f9fe1c7797dce6789251d61", "dd7a0d851ba1923c15606285a10e55677dd7d5f9400549795caaa1ce430638a0", "738b6883327db5f98cecbe7234409af8d2112355793b7ae3bf1595b66c03d73d", "6c57459003c18291409b620411f13330ffae27f7f2f0cc113e896a836e427855", "ce68168f4ba2e65f05b2e791ed47836aa3f90648d18d7e7e4015aec719f27416", "c2f0d3a680c78f181115e279dd95c8c5db7233ba313d5d1795dcc4b48fdd57c8"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "network-fast-flux-nameserver", "hashes": ["8f8ed4ee768f3d0aa060d4c3a7a92c081bbead99c804ae0f0b7a929681ea18e4", "331c93cdbeef87cbb7ba88d6740d48a1b597f2105f5a31739486118d454ad457", "a12b29e06a95822193f73bba0a55707c610733a9f571f91773ebfdbbb3c34a3b", "6125a74c229fc133260f6cac817b1d4fedf4565ade0a3f9d1212a04a67fa9c7f", "66474df3ecc84aca4860992de2c45988156b0b46fc152a95b3dbda6a7a5211ac", "7069e3c2f04c33cb9f9d57755de14576a1ae1d9d32b7713824c366056afd846b", "30432dbb97e97a8e1f99b8fec1a3201b4625f515a0e25e10a4e1a9f770b32521", "dd7a0d851ba1923c15606285a10e55677dd7d5f9400549795caaa1ce430638a0", "738b6883327db5f98cecbe7234409af8d2112355793b7ae3bf1595b66c03d73d", "c2f0d3a680c78f181115e279dd95c8c5db7233ba313d5d1795dcc4b48fdd57c8"], "mitre_attack_tags": []}, {"bi": "modified-executable", "hashes": ["056039ac543087b878919db4ce0d11ba7fb4dd8736e624274639121330fa0ca0", "d1e4f122367c8ce4e58b250ef2ef00191b68cb3d603af39257219a70606c623a", "a99c6e3e9ae3de3b3edf360cef94f6b6cbf916cd19dd9d4132c86b55acb34e4c", "1d848497ea0e68e69f9efff40d8383cdb8d0ff86ba9907c588885189b1f76608"], "mitre_attack_tags": []}, {"bi": "sample-launched-copy-of-self", "hashes": ["056039ac543087b878919db4ce0d11ba7fb4dd8736e624274639121330fa0ca0", "d1e4f122367c8ce4e58b250ef2ef00191b68cb3d603af39257219a70606c623a", "a99c6e3e9ae3de3b3edf360cef94f6b6cbf916cd19dd9d4132c86b55acb34e4c", "1d848497ea0e68e69f9efff40d8383cdb8d0ff86ba9907c588885189b1f76608"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "registry-ie-zone-settings-modified", "hashes": ["056039ac543087b878919db4ce0d11ba7fb4dd8736e624274639121330fa0ca0", "d1e4f122367c8ce4e58b250ef2ef00191b68cb3d603af39257219a70606c623a", "a99c6e3e9ae3de3b3edf360cef94f6b6cbf916cd19dd9d4132c86b55acb34e4c", "1d848497ea0e68e69f9efff40d8383cdb8d0ff86ba9907c588885189b1f76608"], "mitre_attack_tags": ["TA0005", "T1562"]}, {"bi": "antivirus-flagged-artifact", "hashes": ["056039ac543087b878919db4ce0d11ba7fb4dd8736e624274639121330fa0ca0", "a99c6e3e9ae3de3b3edf360cef94f6b6cbf916cd19dd9d4132c86b55acb34e4c", "1d848497ea0e68e69f9efff40d8383cdb8d0ff86ba9907c588885189b1f76608"], "mitre_attack_tags": []}, {"bi": "network-opendns-malicious", "hashes": ["056039ac543087b878919db4ce0d11ba7fb4dd8736e624274639121330fa0ca0", "d1e4f122367c8ce4e58b250ef2ef00191b68cb3d603af39257219a70606c623a", "a99c6e3e9ae3de3b3edf360cef94f6b6cbf916cd19dd9d4132c86b55acb34e4c"], "mitre_attack_tags": []}, {"bi": "pe-uses-armadillo", "hashes": ["056039ac543087b878919db4ce0d11ba7fb4dd8736e624274639121330fa0ca0", "d1e4f122367c8ce4e58b250ef2ef00191b68cb3d603af39257219a70606c623a", "a99c6e3e9ae3de3b3edf360cef94f6b6cbf916cd19dd9d4132c86b55acb34e4c"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "sample-launched-copy-domain-flagged", "hashes": ["056039ac543087b878919db4ce0d11ba7fb4dd8736e624274639121330fa0ca0", "d1e4f122367c8ce4e58b250ef2ef00191b68cb3d603af39257219a70606c623a", "a99c6e3e9ae3de3b3edf360cef94f6b6cbf916cd19dd9d4132c86b55acb34e4c"], "mitre_attack_tags": ["TA0011", "T1102"]}, {"bi": "artifact-memory-vm-detect", "hashes": ["056039ac543087b878919db4ce0d11ba7fb4dd8736e624274639121330fa0ca0", "d1e4f122367c8ce4e58b250ef2ef00191b68cb3d603af39257219a70606c623a", "a99c6e3e9ae3de3b3edf360cef94f6b6cbf916cd19dd9d4132c86b55acb34e4c"], "mitre_attack_tags": ["TA0005", "TA0007", "T1497"]}, {"bi": "pe-imports-toolhelp", "hashes": ["056039ac543087b878919db4ce0d11ba7fb4dd8736e624274639121330fa0ca0", "d1e4f122367c8ce4e58b250ef2ef00191b68cb3d603af39257219a70606c623a", "a99c6e3e9ae3de3b3edf360cef94f6b6cbf916cd19dd9d4132c86b55acb34e4c"], "mitre_attack_tags": ["TA0007", "T1057"]}, {"bi": "dns-bypassed-assigned-server", "hashes": ["056039ac543087b878919db4ce0d11ba7fb4dd8736e624274639121330fa0ca0", "d1e4f122367c8ce4e58b250ef2ef00191b68cb3d603af39257219a70606c623a", "a99c6e3e9ae3de3b3edf360cef94f6b6cbf916cd19dd9d4132c86b55acb34e4c"], "mitre_attack_tags": ["TA0011", "TA0005"]}, {"bi": "pe-packed-upx", "hashes": ["51ace6c3906f3622af3e4da578feff01e348617f54c82dbbc2a7db58d2c3775f", "66aa0c414db0d251592ccfbaba52f09ef82545874426f3e2f223fb92376f9609", "1d848497ea0e68e69f9efff40d8383cdb8d0ff86ba9907c588885189b1f76608"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "malware-known-trojan-av", "hashes": ["056039ac543087b878919db4ce0d11ba7fb4dd8736e624274639121330fa0ca0", "a99c6e3e9ae3de3b3edf360cef94f6b6cbf916cd19dd9d4132c86b55acb34e4c"], "mitre_attack_tags": []}, {"bi": "registry-autorun-key-points-to-temp", "hashes": ["51ace6c3906f3622af3e4da578feff01e348617f54c82dbbc2a7db58d2c3775f", "66aa0c414db0d251592ccfbaba52f09ef82545874426f3e2f223fb92376f9609"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "registry-large-data-entry", "hashes": ["056039ac543087b878919db4ce0d11ba7fb4dd8736e624274639121330fa0ca0"], "mitre_attack_tags": ["TA0005", "T1112"]}, {"bi": "pe-invalid-checksum", "hashes": ["7852baa8c0855fdb29f49fda7d2275933186704f1cf374fc5c42e07289e0251a"], "mitre_attack_tags": []}, {"bi": "modified-file-in-user-dir", "hashes": ["7a8907e3a793e426d562afddb48eb7fd8c76aee440ff6c70511012c39dda0eba"], "mitre_attack_tags": []}, {"bi": "pe-section-execute-writable", "hashes": ["7a8907e3a793e426d562afddb48eb7fd8c76aee440ff6c70511012c39dda0eba"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "windows-crash-tool-execution-detected", "hashes": ["7a8907e3a793e426d562afddb48eb7fd8c76aee440ff6c70511012c39dda0eba"], "mitre_attack_tags": []}, {"bi": "crash-dump-file-created", "hashes": ["7a8907e3a793e426d562afddb48eb7fd8c76aee440ff6c70511012c39dda0eba"], "mitre_attack_tags": []}, {"bi": "fault-report-file-created", "hashes": ["7a8907e3a793e426d562afddb48eb7fd8c76aee440ff6c70511012c39dda0eba"], "mitre_attack_tags": []}, {"bi": "pe-header-timestamp-prior", "hashes": ["7a8907e3a793e426d562afddb48eb7fd8c76aee440ff6c70511012c39dda0eba"], "mitre_attack_tags": []}, {"bi": "network-fast-flux-domain", "hashes": ["1d848497ea0e68e69f9efff40d8383cdb8d0ff86ba9907c588885189b1f76608"], "mitre_attack_tags": []}, {"bi": "network-communications-http-get", "hashes": ["1d848497ea0e68e69f9efff40d8383cdb8d0ff86ba9907c588885189b1f76608"], "mitre_attack_tags": ["TA0011", "T1105"]}, {"bi": "network-only-safe-domains-contacted", "hashes": ["1d848497ea0e68e69f9efff40d8383cdb8d0ff86ba9907c588885189b1f76608"], "mitre_attack_tags": []}, {"bi": "network-dns-category-parked-domain", "hashes": ["1d848497ea0e68e69f9efff40d8383cdb8d0ff86ba9907c588885189b1f76608"], "mitre_attack_tags": []}, {"bi": "process-requested-named-pipe", "hashes": ["1d848497ea0e68e69f9efff40d8383cdb8d0ff86ba9907c588885189b1f76608"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "excessive-foreign-memory-modification", "hashes": ["1d848497ea0e68e69f9efff40d8383cdb8d0ff86ba9907c588885189b1f76608"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "http-response-redirect", "hashes": ["1d848497ea0e68e69f9efff40d8383cdb8d0ff86ba9907c588885189b1f76608"], "mitre_attack_tags": []}, {"bi": "url-gate-php", "hashes": ["1d848497ea0e68e69f9efff40d8383cdb8d0ff86ba9907c588885189b1f76608"], "mitre_attack_tags": ["TA0011", "T1071"]}, {"bi": "internet-explorer-phishing", "hashes": ["1d848497ea0e68e69f9efff40d8383cdb8d0ff86ba9907c588885189b1f76608"], "mitre_attack_tags": ["TA0005", "T1562"]}, {"bi": "html-small-file-redirect", "hashes": ["1d848497ea0e68e69f9efff40d8383cdb8d0ff86ba9907c588885189b1f76608"], "mitre_attack_tags": []}], "category": "Dropper", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": true, "Threat Grid": true, "Umbrella": true, "WSA": true}, "description": "Zbot, also known as Zeus, is a trojan that steals information, such as banking credentials, using methods such as key-logging and form-grabbing.", "hashes": ["056039ac543087b878919db4ce0d11ba7fb4dd8736e624274639121330fa0ca0", "180a6808c87ebe10b55200876e6afb3884389837b3812ade9df7cbc1d7b7de80", "1d848497ea0e68e69f9efff40d8383cdb8d0ff86ba9907c588885189b1f76608", "30432dbb97e97a8e1f99b8fec1a3201b4625f515a0e25e10a4e1a9f770b32521", "331c93cdbeef87cbb7ba88d6740d48a1b597f2105f5a31739486118d454ad457", "3966b092dc79c12ad94e15dbb7195fa31652cac10133f536bf7ee8e4fd22e5eb", "4b33a1948929662719bdd82aae7bfd51c22463367f9fe1c7797dce6789251d61", "51ace6c3906f3622af3e4da578feff01e348617f54c82dbbc2a7db58d2c3775f", "6125a74c229fc133260f6cac817b1d4fedf4565ade0a3f9d1212a04a67fa9c7f", "66474df3ecc84aca4860992de2c45988156b0b46fc152a95b3dbda6a7a5211ac", "66aa0c414db0d251592ccfbaba52f09ef82545874426f3e2f223fb92376f9609", "6c57459003c18291409b620411f13330ffae27f7f2f0cc113e896a836e427855", "7069e3c2f04c33cb9f9d57755de14576a1ae1d9d32b7713824c366056afd846b", "738b6883327db5f98cecbe7234409af8d2112355793b7ae3bf1595b66c03d73d", "7852baa8c0855fdb29f49fda7d2275933186704f1cf374fc5c42e07289e0251a", "7a8907e3a793e426d562afddb48eb7fd8c76aee440ff6c70511012c39dda0eba", "8f8ed4ee768f3d0aa060d4c3a7a92c081bbead99c804ae0f0b7a929681ea18e4", "a12b29e06a95822193f73bba0a55707c610733a9f571f91773ebfdbbb3c34a3b", "a99c6e3e9ae3de3b3edf360cef94f6b6cbf916cd19dd9d4132c86b55acb34e4c", "ade33f33e76c025772ed89f63d529f31e16d0246fa7ddc0530168abb904dabb1", "bcbf33e411bd1fc0866763b56ef1f37e4ab2e8d969763384bda076efd544c1f6", "c2f0d3a680c78f181115e279dd95c8c5db7233ba313d5d1795dcc4b48fdd57c8", "ce68168f4ba2e65f05b2e791ed47836aa3f90648d18d7e7e4015aec719f27416", "d1e4f122367c8ce4e58b250ef2ef00191b68cb3d603af39257219a70606c623a", "dd7a0d851ba1923c15606285a10e55677dd7d5f9400549795caaa1ce430638a0", "e278ab222da719888208f7fe24287267be17fac74ff4e6a8ddbaae4d5fe2fb46", "e66ead863ec139920ddda270daec5dc3c9601b74a76b60fb8cd368f1296ecf80", "eac4f9bdea6b93e0e26ecb2fab673e9d878feea38933a24af1e27d59d9af7b21", "fb21d6f1f05ba4aa10a25456e59b00098a271a97b1bf03d451c2b99e132d9003", "fedac494d222895ba34941d8d8a22770df7cc084e56d91f9ab62ffd50cf49819"], "iocs": {"domain": [{"hashes": ["30432dbb97e97a8e1f99b8fec1a3201b4625f515a0e25e10a4e1a9f770b32521", "331c93cdbeef87cbb7ba88d6740d48a1b597f2105f5a31739486118d454ad457", "3966b092dc79c12ad94e15dbb7195fa31652cac10133f536bf7ee8e4fd22e5eb", "4b33a1948929662719bdd82aae7bfd51c22463367f9fe1c7797dce6789251d61", "6125a74c229fc133260f6cac817b1d4fedf4565ade0a3f9d1212a04a67fa9c7f", "66474df3ecc84aca4860992de2c45988156b0b46fc152a95b3dbda6a7a5211ac", "6c57459003c18291409b620411f13330ffae27f7f2f0cc113e896a836e427855", "7069e3c2f04c33cb9f9d57755de14576a1ae1d9d32b7713824c366056afd846b", "738b6883327db5f98cecbe7234409af8d2112355793b7ae3bf1595b66c03d73d", "8f8ed4ee768f3d0aa060d4c3a7a92c081bbead99c804ae0f0b7a929681ea18e4", "a12b29e06a95822193f73bba0a55707c610733a9f571f91773ebfdbbb3c34a3b", "ade33f33e76c025772ed89f63d529f31e16d0246fa7ddc0530168abb904dabb1", "bcbf33e411bd1fc0866763b56ef1f37e4ab2e8d969763384bda076efd544c1f6", "c2f0d3a680c78f181115e279dd95c8c5db7233ba313d5d1795dcc4b48fdd57c8", "ce68168f4ba2e65f05b2e791ed47836aa3f90648d18d7e7e4015aec719f27416", "dd7a0d851ba1923c15606285a10e55677dd7d5f9400549795caaa1ce430638a0"], "host": "sexyladis[.]info"}, {"hashes": ["056039ac543087b878919db4ce0d11ba7fb4dd8736e624274639121330fa0ca0", "a99c6e3e9ae3de3b3edf360cef94f6b6cbf916cd19dd9d4132c86b55acb34e4c", "d1e4f122367c8ce4e58b250ef2ef00191b68cb3d603af39257219a70606c623a"], "host": "37050[.]b48b4b4c879e7211d6a13e26a8a914aaf6c218653840e81d9f[.]pfif3[.]hfuidhfd[.]jp"}, {"hashes": ["056039ac543087b878919db4ce0d11ba7fb4dd8736e624274639121330fa0ca0", "a99c6e3e9ae3de3b3edf360cef94f6b6cbf916cd19dd9d4132c86b55acb34e4c", "d1e4f122367c8ce4e58b250ef2ef00191b68cb3d603af39257219a70606c623a"], "host": "6[.]0[.]0[.]37050[.]2863923067[.]3163759174[.]0[.]0[.]b48b4b4c879e7211d6a13e26a8a914aaf6c218653840e81d9f[.]hfuidhfd[.]jp"}, {"hashes": ["056039ac543087b878919db4ce0d11ba7fb4dd8736e624274639121330fa0ca0", "a99c6e3e9ae3de3b3edf360cef94f6b6cbf916cd19dd9d4132c86b55acb34e4c", "d1e4f122367c8ce4e58b250ef2ef00191b68cb3d603af39257219a70606c623a"], "host": "6[.]0[.]0[.]37050[.]2863923067[.]3163759174[.]0[.]64[.]b48b4b4c879e7211d6a13e26a8a914aaf6c218653840e81d9f[.]hfuidhfd[.]jp"}, {"hashes": ["1d848497ea0e68e69f9efff40d8383cdb8d0ff86ba9907c588885189b1f76608"], "host": "cds[.]d2s7q6s2[.]hwcdn[.]net"}, {"hashes": ["1d848497ea0e68e69f9efff40d8383cdb8d0ff86ba9907c588885189b1f76608"], "host": "ctldl[.]windowsupdate[.]com"}, {"hashes": ["1d848497ea0e68e69f9efff40d8383cdb8d0ff86ba9907c588885189b1f76608"], "host": "www[.]hugedomains[.]com"}, {"hashes": ["1d848497ea0e68e69f9efff40d8383cdb8d0ff86ba9907c588885189b1f76608"], "host": "traxbax[.]com"}], "file": [{"hashes": ["056039ac543087b878919db4ce0d11ba7fb4dd8736e624274639121330fa0ca0", "30432dbb97e97a8e1f99b8fec1a3201b4625f515a0e25e10a4e1a9f770b32521", "331c93cdbeef87cbb7ba88d6740d48a1b597f2105f5a31739486118d454ad457", "3966b092dc79c12ad94e15dbb7195fa31652cac10133f536bf7ee8e4fd22e5eb", "4b33a1948929662719bdd82aae7bfd51c22463367f9fe1c7797dce6789251d61", "6125a74c229fc133260f6cac817b1d4fedf4565ade0a3f9d1212a04a67fa9c7f", "66474df3ecc84aca4860992de2c45988156b0b46fc152a95b3dbda6a7a5211ac", "6c57459003c18291409b620411f13330ffae27f7f2f0cc113e896a836e427855", "7069e3c2f04c33cb9f9d57755de14576a1ae1d9d32b7713824c366056afd846b", "738b6883327db5f98cecbe7234409af8d2112355793b7ae3bf1595b66c03d73d", "8f8ed4ee768f3d0aa060d4c3a7a92c081bbead99c804ae0f0b7a929681ea18e4", "a12b29e06a95822193f73bba0a55707c610733a9f571f91773ebfdbbb3c34a3b", "a99c6e3e9ae3de3b3edf360cef94f6b6cbf916cd19dd9d4132c86b55acb34e4c", "ade33f33e76c025772ed89f63d529f31e16d0246fa7ddc0530168abb904dabb1", "bcbf33e411bd1fc0866763b56ef1f37e4ab2e8d969763384bda076efd544c1f6", "c2f0d3a680c78f181115e279dd95c8c5db7233ba313d5d1795dcc4b48fdd57c8", "ce68168f4ba2e65f05b2e791ed47836aa3f90648d18d7e7e4015aec719f27416", "d1e4f122367c8ce4e58b250ef2ef00191b68cb3d603af39257219a70606c623a", "dd7a0d851ba1923c15606285a10e55677dd7d5f9400549795caaa1ce430638a0"], "path": "%System32%\\Tasks\\At1"}, {"hashes": ["056039ac543087b878919db4ce0d11ba7fb4dd8736e624274639121330fa0ca0", "30432dbb97e97a8e1f99b8fec1a3201b4625f515a0e25e10a4e1a9f770b32521", "331c93cdbeef87cbb7ba88d6740d48a1b597f2105f5a31739486118d454ad457", "3966b092dc79c12ad94e15dbb7195fa31652cac10133f536bf7ee8e4fd22e5eb", "4b33a1948929662719bdd82aae7bfd51c22463367f9fe1c7797dce6789251d61", "6125a74c229fc133260f6cac817b1d4fedf4565ade0a3f9d1212a04a67fa9c7f", "66474df3ecc84aca4860992de2c45988156b0b46fc152a95b3dbda6a7a5211ac", "6c57459003c18291409b620411f13330ffae27f7f2f0cc113e896a836e427855", "7069e3c2f04c33cb9f9d57755de14576a1ae1d9d32b7713824c366056afd846b", "738b6883327db5f98cecbe7234409af8d2112355793b7ae3bf1595b66c03d73d", "8f8ed4ee768f3d0aa060d4c3a7a92c081bbead99c804ae0f0b7a929681ea18e4", "a12b29e06a95822193f73bba0a55707c610733a9f571f91773ebfdbbb3c34a3b", "a99c6e3e9ae3de3b3edf360cef94f6b6cbf916cd19dd9d4132c86b55acb34e4c", "ade33f33e76c025772ed89f63d529f31e16d0246fa7ddc0530168abb904dabb1", "bcbf33e411bd1fc0866763b56ef1f37e4ab2e8d969763384bda076efd544c1f6", "c2f0d3a680c78f181115e279dd95c8c5db7233ba313d5d1795dcc4b48fdd57c8", "ce68168f4ba2e65f05b2e791ed47836aa3f90648d18d7e7e4015aec719f27416", "d1e4f122367c8ce4e58b250ef2ef00191b68cb3d603af39257219a70606c623a", "dd7a0d851ba1923c15606285a10e55677dd7d5f9400549795caaa1ce430638a0"], "path": "%SystemRoot%\\Tasks\\At1.job"}, {"hashes": ["30432dbb97e97a8e1f99b8fec1a3201b4625f515a0e25e10a4e1a9f770b32521", "331c93cdbeef87cbb7ba88d6740d48a1b597f2105f5a31739486118d454ad457", "3966b092dc79c12ad94e15dbb7195fa31652cac10133f536bf7ee8e4fd22e5eb", "4b33a1948929662719bdd82aae7bfd51c22463367f9fe1c7797dce6789251d61", "6125a74c229fc133260f6cac817b1d4fedf4565ade0a3f9d1212a04a67fa9c7f", "66474df3ecc84aca4860992de2c45988156b0b46fc152a95b3dbda6a7a5211ac", "6c57459003c18291409b620411f13330ffae27f7f2f0cc113e896a836e427855", "7069e3c2f04c33cb9f9d57755de14576a1ae1d9d32b7713824c366056afd846b", "738b6883327db5f98cecbe7234409af8d2112355793b7ae3bf1595b66c03d73d", "8f8ed4ee768f3d0aa060d4c3a7a92c081bbead99c804ae0f0b7a929681ea18e4", "a12b29e06a95822193f73bba0a55707c610733a9f571f91773ebfdbbb3c34a3b", "ade33f33e76c025772ed89f63d529f31e16d0246fa7ddc0530168abb904dabb1", "bcbf33e411bd1fc0866763b56ef1f37e4ab2e8d969763384bda076efd544c1f6", "c2f0d3a680c78f181115e279dd95c8c5db7233ba313d5d1795dcc4b48fdd57c8", "ce68168f4ba2e65f05b2e791ed47836aa3f90648d18d7e7e4015aec719f27416", "dd7a0d851ba1923c15606285a10e55677dd7d5f9400549795caaa1ce430638a0"], "path": "%System32%\\drivers\\etc\\hosts"}, {"hashes": ["30432dbb97e97a8e1f99b8fec1a3201b4625f515a0e25e10a4e1a9f770b32521", "331c93cdbeef87cbb7ba88d6740d48a1b597f2105f5a31739486118d454ad457", "3966b092dc79c12ad94e15dbb7195fa31652cac10133f536bf7ee8e4fd22e5eb", "4b33a1948929662719bdd82aae7bfd51c22463367f9fe1c7797dce6789251d61", "6125a74c229fc133260f6cac817b1d4fedf4565ade0a3f9d1212a04a67fa9c7f", "66474df3ecc84aca4860992de2c45988156b0b46fc152a95b3dbda6a7a5211ac", "6c57459003c18291409b620411f13330ffae27f7f2f0cc113e896a836e427855", "7069e3c2f04c33cb9f9d57755de14576a1ae1d9d32b7713824c366056afd846b", "738b6883327db5f98cecbe7234409af8d2112355793b7ae3bf1595b66c03d73d", "8f8ed4ee768f3d0aa060d4c3a7a92c081bbead99c804ae0f0b7a929681ea18e4", "a12b29e06a95822193f73bba0a55707c610733a9f571f91773ebfdbbb3c34a3b", "ade33f33e76c025772ed89f63d529f31e16d0246fa7ddc0530168abb904dabb1", "bcbf33e411bd1fc0866763b56ef1f37e4ab2e8d969763384bda076efd544c1f6", "c2f0d3a680c78f181115e279dd95c8c5db7233ba313d5d1795dcc4b48fdd57c8", "ce68168f4ba2e65f05b2e791ed47836aa3f90648d18d7e7e4015aec719f27416", "dd7a0d851ba1923c15606285a10e55677dd7d5f9400549795caaa1ce430638a0"], "path": "%System32%\\drivers\\etc\\test"}, {"hashes": ["30432dbb97e97a8e1f99b8fec1a3201b4625f515a0e25e10a4e1a9f770b32521", "331c93cdbeef87cbb7ba88d6740d48a1b597f2105f5a31739486118d454ad457", "3966b092dc79c12ad94e15dbb7195fa31652cac10133f536bf7ee8e4fd22e5eb", "4b33a1948929662719bdd82aae7bfd51c22463367f9fe1c7797dce6789251d61", "6125a74c229fc133260f6cac817b1d4fedf4565ade0a3f9d1212a04a67fa9c7f", "66474df3ecc84aca4860992de2c45988156b0b46fc152a95b3dbda6a7a5211ac", "6c57459003c18291409b620411f13330ffae27f7f2f0cc113e896a836e427855", "7069e3c2f04c33cb9f9d57755de14576a1ae1d9d32b7713824c366056afd846b", "738b6883327db5f98cecbe7234409af8d2112355793b7ae3bf1595b66c03d73d", "8f8ed4ee768f3d0aa060d4c3a7a92c081bbead99c804ae0f0b7a929681ea18e4", "a12b29e06a95822193f73bba0a55707c610733a9f571f91773ebfdbbb3c34a3b", "ade33f33e76c025772ed89f63d529f31e16d0246fa7ddc0530168abb904dabb1", "bcbf33e411bd1fc0866763b56ef1f37e4ab2e8d969763384bda076efd544c1f6", "c2f0d3a680c78f181115e279dd95c8c5db7233ba313d5d1795dcc4b48fdd57c8", "ce68168f4ba2e65f05b2e791ed47836aa3f90648d18d7e7e4015aec719f27416", "dd7a0d851ba1923c15606285a10e55677dd7d5f9400549795caaa1ce430638a0"], "path": "%System32%\\drivers\\etc\\hosts.sam"}, {"hashes": ["056039ac543087b878919db4ce0d11ba7fb4dd8736e624274639121330fa0ca0", "a99c6e3e9ae3de3b3edf360cef94f6b6cbf916cd19dd9d4132c86b55acb34e4c", "d1e4f122367c8ce4e58b250ef2ef00191b68cb3d603af39257219a70606c623a"], "path": "%System32%\\Tasks\\At31"}, {"hashes": ["056039ac543087b878919db4ce0d11ba7fb4dd8736e624274639121330fa0ca0", "a99c6e3e9ae3de3b3edf360cef94f6b6cbf916cd19dd9d4132c86b55acb34e4c", "d1e4f122367c8ce4e58b250ef2ef00191b68cb3d603af39257219a70606c623a"], "path": "%System32%\\Tasks\\At32"}, {"hashes": ["056039ac543087b878919db4ce0d11ba7fb4dd8736e624274639121330fa0ca0", "a99c6e3e9ae3de3b3edf360cef94f6b6cbf916cd19dd9d4132c86b55acb34e4c", "d1e4f122367c8ce4e58b250ef2ef00191b68cb3d603af39257219a70606c623a"], "path": "%System32%\\Tasks\\At33"}, {"hashes": ["056039ac543087b878919db4ce0d11ba7fb4dd8736e624274639121330fa0ca0", "a99c6e3e9ae3de3b3edf360cef94f6b6cbf916cd19dd9d4132c86b55acb34e4c", "d1e4f122367c8ce4e58b250ef2ef00191b68cb3d603af39257219a70606c623a"], "path": "%System32%\\Tasks\\At34"}, {"hashes": ["056039ac543087b878919db4ce0d11ba7fb4dd8736e624274639121330fa0ca0", "a99c6e3e9ae3de3b3edf360cef94f6b6cbf916cd19dd9d4132c86b55acb34e4c", "d1e4f122367c8ce4e58b250ef2ef00191b68cb3d603af39257219a70606c623a"], "path": "%System32%\\Tasks\\At35"}, {"hashes": ["056039ac543087b878919db4ce0d11ba7fb4dd8736e624274639121330fa0ca0", "a99c6e3e9ae3de3b3edf360cef94f6b6cbf916cd19dd9d4132c86b55acb34e4c", "d1e4f122367c8ce4e58b250ef2ef00191b68cb3d603af39257219a70606c623a"], "path": "%System32%\\Tasks\\At36"}, {"hashes": ["056039ac543087b878919db4ce0d11ba7fb4dd8736e624274639121330fa0ca0", "a99c6e3e9ae3de3b3edf360cef94f6b6cbf916cd19dd9d4132c86b55acb34e4c", "d1e4f122367c8ce4e58b250ef2ef00191b68cb3d603af39257219a70606c623a"], "path": "%System32%\\Tasks\\At37"}, {"hashes": ["056039ac543087b878919db4ce0d11ba7fb4dd8736e624274639121330fa0ca0", "a99c6e3e9ae3de3b3edf360cef94f6b6cbf916cd19dd9d4132c86b55acb34e4c", "d1e4f122367c8ce4e58b250ef2ef00191b68cb3d603af39257219a70606c623a"], "path": "%System32%\\Tasks\\At38"}, {"hashes": ["056039ac543087b878919db4ce0d11ba7fb4dd8736e624274639121330fa0ca0", "a99c6e3e9ae3de3b3edf360cef94f6b6cbf916cd19dd9d4132c86b55acb34e4c", "d1e4f122367c8ce4e58b250ef2ef00191b68cb3d603af39257219a70606c623a"], "path": "%System32%\\Tasks\\At39"}, {"hashes": ["056039ac543087b878919db4ce0d11ba7fb4dd8736e624274639121330fa0ca0", "a99c6e3e9ae3de3b3edf360cef94f6b6cbf916cd19dd9d4132c86b55acb34e4c", "d1e4f122367c8ce4e58b250ef2ef00191b68cb3d603af39257219a70606c623a"], "path": "%System32%\\Tasks\\At40"}, {"hashes": ["056039ac543087b878919db4ce0d11ba7fb4dd8736e624274639121330fa0ca0", "a99c6e3e9ae3de3b3edf360cef94f6b6cbf916cd19dd9d4132c86b55acb34e4c", "d1e4f122367c8ce4e58b250ef2ef00191b68cb3d603af39257219a70606c623a"], "path": "%System32%\\Tasks\\At41"}, {"hashes": ["056039ac543087b878919db4ce0d11ba7fb4dd8736e624274639121330fa0ca0", "a99c6e3e9ae3de3b3edf360cef94f6b6cbf916cd19dd9d4132c86b55acb34e4c", "d1e4f122367c8ce4e58b250ef2ef00191b68cb3d603af39257219a70606c623a"], "path": "%System32%\\Tasks\\At42"}, {"hashes": ["056039ac543087b878919db4ce0d11ba7fb4dd8736e624274639121330fa0ca0", "a99c6e3e9ae3de3b3edf360cef94f6b6cbf916cd19dd9d4132c86b55acb34e4c", "d1e4f122367c8ce4e58b250ef2ef00191b68cb3d603af39257219a70606c623a"], "path": "%System32%\\Tasks\\At43"}, {"hashes": ["056039ac543087b878919db4ce0d11ba7fb4dd8736e624274639121330fa0ca0", "a99c6e3e9ae3de3b3edf360cef94f6b6cbf916cd19dd9d4132c86b55acb34e4c", "d1e4f122367c8ce4e58b250ef2ef00191b68cb3d603af39257219a70606c623a"], "path": "%System32%\\Tasks\\At44"}, {"hashes": ["056039ac543087b878919db4ce0d11ba7fb4dd8736e624274639121330fa0ca0", "a99c6e3e9ae3de3b3edf360cef94f6b6cbf916cd19dd9d4132c86b55acb34e4c", "d1e4f122367c8ce4e58b250ef2ef00191b68cb3d603af39257219a70606c623a"], "path": "%System32%\\Tasks\\At45"}, {"hashes": ["056039ac543087b878919db4ce0d11ba7fb4dd8736e624274639121330fa0ca0", "a99c6e3e9ae3de3b3edf360cef94f6b6cbf916cd19dd9d4132c86b55acb34e4c", "d1e4f122367c8ce4e58b250ef2ef00191b68cb3d603af39257219a70606c623a"], "path": "%System32%\\Tasks\\At46"}, {"hashes": ["056039ac543087b878919db4ce0d11ba7fb4dd8736e624274639121330fa0ca0", "a99c6e3e9ae3de3b3edf360cef94f6b6cbf916cd19dd9d4132c86b55acb34e4c", "d1e4f122367c8ce4e58b250ef2ef00191b68cb3d603af39257219a70606c623a"], "path": "%System32%\\Tasks\\At47"}, {"hashes": ["056039ac543087b878919db4ce0d11ba7fb4dd8736e624274639121330fa0ca0", "a99c6e3e9ae3de3b3edf360cef94f6b6cbf916cd19dd9d4132c86b55acb34e4c", "d1e4f122367c8ce4e58b250ef2ef00191b68cb3d603af39257219a70606c623a"], "path": "%System32%\\Tasks\\At48"}, {"hashes": ["056039ac543087b878919db4ce0d11ba7fb4dd8736e624274639121330fa0ca0", "a99c6e3e9ae3de3b3edf360cef94f6b6cbf916cd19dd9d4132c86b55acb34e4c", "d1e4f122367c8ce4e58b250ef2ef00191b68cb3d603af39257219a70606c623a"], "path": "%SystemRoot%\\Tasks\\At25.job"}, {"hashes": ["056039ac543087b878919db4ce0d11ba7fb4dd8736e624274639121330fa0ca0", "a99c6e3e9ae3de3b3edf360cef94f6b6cbf916cd19dd9d4132c86b55acb34e4c", "d1e4f122367c8ce4e58b250ef2ef00191b68cb3d603af39257219a70606c623a"], "path": "%SystemRoot%\\Tasks\\At26.job"}, {"hashes": ["056039ac543087b878919db4ce0d11ba7fb4dd8736e624274639121330fa0ca0", "a99c6e3e9ae3de3b3edf360cef94f6b6cbf916cd19dd9d4132c86b55acb34e4c", "d1e4f122367c8ce4e58b250ef2ef00191b68cb3d603af39257219a70606c623a"], "path": "%SystemRoot%\\Tasks\\At27.job"}, {"hashes": ["056039ac543087b878919db4ce0d11ba7fb4dd8736e624274639121330fa0ca0", "a99c6e3e9ae3de3b3edf360cef94f6b6cbf916cd19dd9d4132c86b55acb34e4c", "d1e4f122367c8ce4e58b250ef2ef00191b68cb3d603af39257219a70606c623a"], "path": "%SystemRoot%\\Tasks\\At28.job"}, {"hashes": ["056039ac543087b878919db4ce0d11ba7fb4dd8736e624274639121330fa0ca0", "a99c6e3e9ae3de3b3edf360cef94f6b6cbf916cd19dd9d4132c86b55acb34e4c", "d1e4f122367c8ce4e58b250ef2ef00191b68cb3d603af39257219a70606c623a"], "path": "%SystemRoot%\\Tasks\\At29.job"}, {"hashes": ["056039ac543087b878919db4ce0d11ba7fb4dd8736e624274639121330fa0ca0", "a99c6e3e9ae3de3b3edf360cef94f6b6cbf916cd19dd9d4132c86b55acb34e4c", "d1e4f122367c8ce4e58b250ef2ef00191b68cb3d603af39257219a70606c623a"], "path": "%SystemRoot%\\Tasks\\At30.job"}, {"hashes": ["056039ac543087b878919db4ce0d11ba7fb4dd8736e624274639121330fa0ca0", "a99c6e3e9ae3de3b3edf360cef94f6b6cbf916cd19dd9d4132c86b55acb34e4c", "d1e4f122367c8ce4e58b250ef2ef00191b68cb3d603af39257219a70606c623a"], "path": "%SystemRoot%\\Tasks\\At31.job"}, {"hashes": ["056039ac543087b878919db4ce0d11ba7fb4dd8736e624274639121330fa0ca0", "a99c6e3e9ae3de3b3edf360cef94f6b6cbf916cd19dd9d4132c86b55acb34e4c", "d1e4f122367c8ce4e58b250ef2ef00191b68cb3d603af39257219a70606c623a"], "path": "%SystemRoot%\\Tasks\\At32.job"}, {"hashes": ["056039ac543087b878919db4ce0d11ba7fb4dd8736e624274639121330fa0ca0", "a99c6e3e9ae3de3b3edf360cef94f6b6cbf916cd19dd9d4132c86b55acb34e4c", "d1e4f122367c8ce4e58b250ef2ef00191b68cb3d603af39257219a70606c623a"], "path": "%SystemRoot%\\Tasks\\At33.job"}, {"hashes": ["056039ac543087b878919db4ce0d11ba7fb4dd8736e624274639121330fa0ca0", "a99c6e3e9ae3de3b3edf360cef94f6b6cbf916cd19dd9d4132c86b55acb34e4c", "d1e4f122367c8ce4e58b250ef2ef00191b68cb3d603af39257219a70606c623a"], "path": "%SystemRoot%\\Tasks\\At34.job"}, {"hashes": ["056039ac543087b878919db4ce0d11ba7fb4dd8736e624274639121330fa0ca0", "a99c6e3e9ae3de3b3edf360cef94f6b6cbf916cd19dd9d4132c86b55acb34e4c", "d1e4f122367c8ce4e58b250ef2ef00191b68cb3d603af39257219a70606c623a"], "path": "%SystemRoot%\\Tasks\\At35.job"}, {"hashes": ["056039ac543087b878919db4ce0d11ba7fb4dd8736e624274639121330fa0ca0", "a99c6e3e9ae3de3b3edf360cef94f6b6cbf916cd19dd9d4132c86b55acb34e4c", "d1e4f122367c8ce4e58b250ef2ef00191b68cb3d603af39257219a70606c623a"], "path": "%SystemRoot%\\Tasks\\At36.job"}, {"hashes": ["056039ac543087b878919db4ce0d11ba7fb4dd8736e624274639121330fa0ca0", "a99c6e3e9ae3de3b3edf360cef94f6b6cbf916cd19dd9d4132c86b55acb34e4c", "d1e4f122367c8ce4e58b250ef2ef00191b68cb3d603af39257219a70606c623a"], "path": "%SystemRoot%\\Tasks\\At37.job"}, {"hashes": ["056039ac543087b878919db4ce0d11ba7fb4dd8736e624274639121330fa0ca0", "a99c6e3e9ae3de3b3edf360cef94f6b6cbf916cd19dd9d4132c86b55acb34e4c", "d1e4f122367c8ce4e58b250ef2ef00191b68cb3d603af39257219a70606c623a"], "path": "%SystemRoot%\\Tasks\\At38.job"}, {"hashes": ["056039ac543087b878919db4ce0d11ba7fb4dd8736e624274639121330fa0ca0", "a99c6e3e9ae3de3b3edf360cef94f6b6cbf916cd19dd9d4132c86b55acb34e4c", "d1e4f122367c8ce4e58b250ef2ef00191b68cb3d603af39257219a70606c623a"], "path": "%SystemRoot%\\Tasks\\At39.job"}, {"hashes": ["056039ac543087b878919db4ce0d11ba7fb4dd8736e624274639121330fa0ca0", "a99c6e3e9ae3de3b3edf360cef94f6b6cbf916cd19dd9d4132c86b55acb34e4c", "d1e4f122367c8ce4e58b250ef2ef00191b68cb3d603af39257219a70606c623a"], "path": "%SystemRoot%\\Tasks\\At40.job"}, {"hashes": ["056039ac543087b878919db4ce0d11ba7fb4dd8736e624274639121330fa0ca0", "a99c6e3e9ae3de3b3edf360cef94f6b6cbf916cd19dd9d4132c86b55acb34e4c", "d1e4f122367c8ce4e58b250ef2ef00191b68cb3d603af39257219a70606c623a"], "path": "%SystemRoot%\\Tasks\\At41.job"}, {"hashes": ["056039ac543087b878919db4ce0d11ba7fb4dd8736e624274639121330fa0ca0", "a99c6e3e9ae3de3b3edf360cef94f6b6cbf916cd19dd9d4132c86b55acb34e4c", "d1e4f122367c8ce4e58b250ef2ef00191b68cb3d603af39257219a70606c623a"], "path": "%SystemRoot%\\Tasks\\At42.job"}, {"hashes": ["056039ac543087b878919db4ce0d11ba7fb4dd8736e624274639121330fa0ca0", "a99c6e3e9ae3de3b3edf360cef94f6b6cbf916cd19dd9d4132c86b55acb34e4c", "d1e4f122367c8ce4e58b250ef2ef00191b68cb3d603af39257219a70606c623a"], "path": "%SystemRoot%\\Tasks\\At43.job"}, {"hashes": ["056039ac543087b878919db4ce0d11ba7fb4dd8736e624274639121330fa0ca0", "a99c6e3e9ae3de3b3edf360cef94f6b6cbf916cd19dd9d4132c86b55acb34e4c", "d1e4f122367c8ce4e58b250ef2ef00191b68cb3d603af39257219a70606c623a"], "path": "%SystemRoot%\\Tasks\\At44.job"}, {"hashes": ["056039ac543087b878919db4ce0d11ba7fb4dd8736e624274639121330fa0ca0", "a99c6e3e9ae3de3b3edf360cef94f6b6cbf916cd19dd9d4132c86b55acb34e4c", "d1e4f122367c8ce4e58b250ef2ef00191b68cb3d603af39257219a70606c623a"], "path": "%SystemRoot%\\Tasks\\At45.job"}, {"hashes": ["056039ac543087b878919db4ce0d11ba7fb4dd8736e624274639121330fa0ca0", "a99c6e3e9ae3de3b3edf360cef94f6b6cbf916cd19dd9d4132c86b55acb34e4c", "d1e4f122367c8ce4e58b250ef2ef00191b68cb3d603af39257219a70606c623a"], "path": "%SystemRoot%\\Tasks\\At46.job"}, {"hashes": ["056039ac543087b878919db4ce0d11ba7fb4dd8736e624274639121330fa0ca0", "a99c6e3e9ae3de3b3edf360cef94f6b6cbf916cd19dd9d4132c86b55acb34e4c", "d1e4f122367c8ce4e58b250ef2ef00191b68cb3d603af39257219a70606c623a"], "path": "%SystemRoot%\\Tasks\\At47.job"}, {"hashes": ["056039ac543087b878919db4ce0d11ba7fb4dd8736e624274639121330fa0ca0", "a99c6e3e9ae3de3b3edf360cef94f6b6cbf916cd19dd9d4132c86b55acb34e4c", "d1e4f122367c8ce4e58b250ef2ef00191b68cb3d603af39257219a70606c623a"], "path": "%SystemRoot%\\Tasks\\At48.job"}, {"hashes": ["056039ac543087b878919db4ce0d11ba7fb4dd8736e624274639121330fa0ca0", "a99c6e3e9ae3de3b3edf360cef94f6b6cbf916cd19dd9d4132c86b55acb34e4c", "d1e4f122367c8ce4e58b250ef2ef00191b68cb3d603af39257219a70606c623a"], "path": "%ProgramData%\\yvyq8TUV.exe"}, {"hashes": ["056039ac543087b878919db4ce0d11ba7fb4dd8736e624274639121330fa0ca0", "a99c6e3e9ae3de3b3edf360cef94f6b6cbf916cd19dd9d4132c86b55acb34e4c", "d1e4f122367c8ce4e58b250ef2ef00191b68cb3d603af39257219a70606c623a"], "path": "%ProgramData%\\yvyq8TUV.exe.b"}, {"hashes": ["056039ac543087b878919db4ce0d11ba7fb4dd8736e624274639121330fa0ca0", "a99c6e3e9ae3de3b3edf360cef94f6b6cbf916cd19dd9d4132c86b55acb34e4c", "d1e4f122367c8ce4e58b250ef2ef00191b68cb3d603af39257219a70606c623a"], "path": "%ProgramData%\\yvyq8TUV.exe_.b"}], "ip": [{"hashes": ["51ace6c3906f3622af3e4da578feff01e348617f54c82dbbc2a7db58d2c3775f", "66aa0c414db0d251592ccfbaba52f09ef82545874426f3e2f223fb92376f9609"], "ip": "209[.]85[.]229[.]104"}, {"hashes": ["056039ac543087b878919db4ce0d11ba7fb4dd8736e624274639121330fa0ca0", "a99c6e3e9ae3de3b3edf360cef94f6b6cbf916cd19dd9d4132c86b55acb34e4c"], "ip": "188[.]190[.]98[.]22"}, {"hashes": ["51ace6c3906f3622af3e4da578feff01e348617f54c82dbbc2a7db58d2c3775f"], "ip": "173[.]194[.]207[.]113"}, {"hashes": ["1d848497ea0e68e69f9efff40d8383cdb8d0ff86ba9907c588885189b1f76608"], "ip": "205[.]185[.]216[.]42"}, {"hashes": ["51ace6c3906f3622af3e4da578feff01e348617f54c82dbbc2a7db58d2c3775f"], "ip": "173[.]194[.]66[.]94"}, {"hashes": ["51ace6c3906f3622af3e4da578feff01e348617f54c82dbbc2a7db58d2c3775f"], "ip": "209[.]85[.]232[.]95"}, {"hashes": ["51ace6c3906f3622af3e4da578feff01e348617f54c82dbbc2a7db58d2c3775f"], "ip": "172[.]217[.]197[.]147"}, {"hashes": ["51ace6c3906f3622af3e4da578feff01e348617f54c82dbbc2a7db58d2c3775f"], "ip": "209[.]85[.]201[.]94"}, {"hashes": ["1d848497ea0e68e69f9efff40d8383cdb8d0ff86ba9907c588885189b1f76608"], "ip": "172[.]67[.]70[.]191"}, {"hashes": ["51ace6c3906f3622af3e4da578feff01e348617f54c82dbbc2a7db58d2c3775f"], "ip": "173[.]194[.]175[.]101"}, {"hashes": ["1d848497ea0e68e69f9efff40d8383cdb8d0ff86ba9907c588885189b1f76608"], "ip": "3[.]223[.]115[.]185"}, {"hashes": ["d1e4f122367c8ce4e58b250ef2ef00191b68cb3d603af39257219a70606c623a"], "ip": "92[.]241[.]163[.]23"}], "mutex": [{"hashes": ["056039ac543087b878919db4ce0d11ba7fb4dd8736e624274639121330fa0ca0", "a99c6e3e9ae3de3b3edf360cef94f6b6cbf916cd19dd9d4132c86b55acb34e4c", "d1e4f122367c8ce4e58b250ef2ef00191b68cb3d603af39257219a70606c623a"], "name": "Global\\u29y4ewiof"}, {"hashes": ["056039ac543087b878919db4ce0d11ba7fb4dd8736e624274639121330fa0ca0", "a99c6e3e9ae3de3b3edf360cef94f6b6cbf916cd19dd9d4132c86b55acb34e4c", "d1e4f122367c8ce4e58b250ef2ef00191b68cb3d603af39257219a70606c623a"], "name": "Global\\Fjs8Fhs_"}, {"hashes": ["056039ac543087b878919db4ce0d11ba7fb4dd8736e624274639121330fa0ca0", "a99c6e3e9ae3de3b3edf360cef94f6b6cbf916cd19dd9d4132c86b55acb34e4c", "d1e4f122367c8ce4e58b250ef2ef00191b68cb3d603af39257219a70606c623a"], "name": "Global\\JSDjDDSoD"}, {"hashes": ["056039ac543087b878919db4ce0d11ba7fb4dd8736e624274639121330fa0ca0", "a99c6e3e9ae3de3b3edf360cef94f6b6cbf916cd19dd9d4132c86b55acb34e4c", "d1e4f122367c8ce4e58b250ef2ef00191b68cb3d603af39257219a70606c623a"], "name": "Global\\r839ruowfj"}, {"hashes": ["056039ac543087b878919db4ce0d11ba7fb4dd8736e624274639121330fa0ca0", "a99c6e3e9ae3de3b3edf360cef94f6b6cbf916cd19dd9d4132c86b55acb34e4c", "d1e4f122367c8ce4e58b250ef2ef00191b68cb3d603af39257219a70606c623a"], "name": "Global\\AFjFJS__"}, {"hashes": ["7a8907e3a793e426d562afddb48eb7fd8c76aee440ff6c70511012c39dda0eba"], "name": "Global\\b2c09161-6a84-11eb-b5f8-00501e3ae7b6"}, {"hashes": ["1d848497ea0e68e69f9efff40d8383cdb8d0ff86ba9907c588885189b1f76608"], "name": "settingstravell"}, {"hashes": ["1d848497ea0e68e69f9efff40d8383cdb8d0ff86ba9907c588885189b1f76608"], "name": "settingstravelu"}, {"hashes": ["1d848497ea0e68e69f9efff40d8383cdb8d0ff86ba9907c588885189b1f76608"], "name": "Global\\AEINV_USI_{72A74F44-972A-4EF5-B0EE-442704B1CAE9}"}, {"hashes": ["1d848497ea0e68e69f9efff40d8383cdb8d0ff86ba9907c588885189b1f76608"], "name": "Local\\AmiSharedMutex_3564"}], "registry": [{"hashes": ["056039ac543087b878919db4ce0d11ba7fb4dd8736e624274639121330fa0ca0", "30432dbb97e97a8e1f99b8fec1a3201b4625f515a0e25e10a4e1a9f770b32521", "331c93cdbeef87cbb7ba88d6740d48a1b597f2105f5a31739486118d454ad457", "3966b092dc79c12ad94e15dbb7195fa31652cac10133f536bf7ee8e4fd22e5eb", "4b33a1948929662719bdd82aae7bfd51c22463367f9fe1c7797dce6789251d61", "6125a74c229fc133260f6cac817b1d4fedf4565ade0a3f9d1212a04a67fa9c7f", "66474df3ecc84aca4860992de2c45988156b0b46fc152a95b3dbda6a7a5211ac", "6c57459003c18291409b620411f13330ffae27f7f2f0cc113e896a836e427855", "7069e3c2f04c33cb9f9d57755de14576a1ae1d9d32b7713824c366056afd846b", "738b6883327db5f98cecbe7234409af8d2112355793b7ae3bf1595b66c03d73d", "8f8ed4ee768f3d0aa060d4c3a7a92c081bbead99c804ae0f0b7a929681ea18e4", "a12b29e06a95822193f73bba0a55707c610733a9f571f91773ebfdbbb3c34a3b", "a99c6e3e9ae3de3b3edf360cef94f6b6cbf916cd19dd9d4132c86b55acb34e4c", "ade33f33e76c025772ed89f63d529f31e16d0246fa7ddc0530168abb904dabb1", "bcbf33e411bd1fc0866763b56ef1f37e4ab2e8d969763384bda076efd544c1f6", "c2f0d3a680c78f181115e279dd95c8c5db7233ba313d5d1795dcc4b48fdd57c8", "ce68168f4ba2e65f05b2e791ed47836aa3f90648d18d7e7e4015aec719f27416", "d1e4f122367c8ce4e58b250ef2ef00191b68cb3d603af39257219a70606c623a", "dd7a0d851ba1923c15606285a10e55677dd7d5f9400549795caaa1ce430638a0"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\SCHEDULE", "value_name": "NextAtJobId"}, {"hashes": ["30432dbb97e97a8e1f99b8fec1a3201b4625f515a0e25e10a4e1a9f770b32521", "331c93cdbeef87cbb7ba88d6740d48a1b597f2105f5a31739486118d454ad457", "3966b092dc79c12ad94e15dbb7195fa31652cac10133f536bf7ee8e4fd22e5eb", "4b33a1948929662719bdd82aae7bfd51c22463367f9fe1c7797dce6789251d61", "6125a74c229fc133260f6cac817b1d4fedf4565ade0a3f9d1212a04a67fa9c7f", "66474df3ecc84aca4860992de2c45988156b0b46fc152a95b3dbda6a7a5211ac", "6c57459003c18291409b620411f13330ffae27f7f2f0cc113e896a836e427855", "7069e3c2f04c33cb9f9d57755de14576a1ae1d9d32b7713824c366056afd846b", "738b6883327db5f98cecbe7234409af8d2112355793b7ae3bf1595b66c03d73d", "8f8ed4ee768f3d0aa060d4c3a7a92c081bbead99c804ae0f0b7a929681ea18e4", "a12b29e06a95822193f73bba0a55707c610733a9f571f91773ebfdbbb3c34a3b", "ade33f33e76c025772ed89f63d529f31e16d0246fa7ddc0530168abb904dabb1", "bcbf33e411bd1fc0866763b56ef1f37e4ab2e8d969763384bda076efd544c1f6", "c2f0d3a680c78f181115e279dd95c8c5db7233ba313d5d1795dcc4b48fdd57c8", "ce68168f4ba2e65f05b2e791ed47836aa3f90648d18d7e7e4015aec719f27416", "dd7a0d851ba1923c15606285a10e55677dd7d5f9400549795caaa1ce430638a0"], "key": "<HKCU>\\SOFTWARE\\WINRAR", "value_name": null}, {"hashes": ["30432dbb97e97a8e1f99b8fec1a3201b4625f515a0e25e10a4e1a9f770b32521", "331c93cdbeef87cbb7ba88d6740d48a1b597f2105f5a31739486118d454ad457", "3966b092dc79c12ad94e15dbb7195fa31652cac10133f536bf7ee8e4fd22e5eb", "4b33a1948929662719bdd82aae7bfd51c22463367f9fe1c7797dce6789251d61", "6125a74c229fc133260f6cac817b1d4fedf4565ade0a3f9d1212a04a67fa9c7f", "66474df3ecc84aca4860992de2c45988156b0b46fc152a95b3dbda6a7a5211ac", "6c57459003c18291409b620411f13330ffae27f7f2f0cc113e896a836e427855", "7069e3c2f04c33cb9f9d57755de14576a1ae1d9d32b7713824c366056afd846b", "738b6883327db5f98cecbe7234409af8d2112355793b7ae3bf1595b66c03d73d", "8f8ed4ee768f3d0aa060d4c3a7a92c081bbead99c804ae0f0b7a929681ea18e4", "a12b29e06a95822193f73bba0a55707c610733a9f571f91773ebfdbbb3c34a3b", "ade33f33e76c025772ed89f63d529f31e16d0246fa7ddc0530168abb904dabb1", "bcbf33e411bd1fc0866763b56ef1f37e4ab2e8d969763384bda076efd544c1f6", "c2f0d3a680c78f181115e279dd95c8c5db7233ba313d5d1795dcc4b48fdd57c8", "ce68168f4ba2e65f05b2e791ed47836aa3f90648d18d7e7e4015aec719f27416", "dd7a0d851ba1923c15606285a10e55677dd7d5f9400549795caaa1ce430638a0"], "key": "<HKLM>\\SAM\\SAM\\DOMAINS\\ACCOUNT\\USERS\\000003E9", "value_name": "F"}, {"hashes": ["30432dbb97e97a8e1f99b8fec1a3201b4625f515a0e25e10a4e1a9f770b32521", "331c93cdbeef87cbb7ba88d6740d48a1b597f2105f5a31739486118d454ad457", "3966b092dc79c12ad94e15dbb7195fa31652cac10133f536bf7ee8e4fd22e5eb", "4b33a1948929662719bdd82aae7bfd51c22463367f9fe1c7797dce6789251d61", "6125a74c229fc133260f6cac817b1d4fedf4565ade0a3f9d1212a04a67fa9c7f", "66474df3ecc84aca4860992de2c45988156b0b46fc152a95b3dbda6a7a5211ac", "6c57459003c18291409b620411f13330ffae27f7f2f0cc113e896a836e427855", "7069e3c2f04c33cb9f9d57755de14576a1ae1d9d32b7713824c366056afd846b", "738b6883327db5f98cecbe7234409af8d2112355793b7ae3bf1595b66c03d73d", "8f8ed4ee768f3d0aa060d4c3a7a92c081bbead99c804ae0f0b7a929681ea18e4", "a12b29e06a95822193f73bba0a55707c610733a9f571f91773ebfdbbb3c34a3b", "ade33f33e76c025772ed89f63d529f31e16d0246fa7ddc0530168abb904dabb1", "bcbf33e411bd1fc0866763b56ef1f37e4ab2e8d969763384bda076efd544c1f6", "c2f0d3a680c78f181115e279dd95c8c5db7233ba313d5d1795dcc4b48fdd57c8", "ce68168f4ba2e65f05b2e791ed47836aa3f90648d18d7e7e4015aec719f27416", "dd7a0d851ba1923c15606285a10e55677dd7d5f9400549795caaa1ce430638a0"], "key": "<HKLM>\\SAM\\SAM\\DOMAINS\\ACCOUNT\\USERS\\000001F5", "value_name": "F"}, {"hashes": ["30432dbb97e97a8e1f99b8fec1a3201b4625f515a0e25e10a4e1a9f770b32521", "331c93cdbeef87cbb7ba88d6740d48a1b597f2105f5a31739486118d454ad457", "3966b092dc79c12ad94e15dbb7195fa31652cac10133f536bf7ee8e4fd22e5eb", "4b33a1948929662719bdd82aae7bfd51c22463367f9fe1c7797dce6789251d61", "6125a74c229fc133260f6cac817b1d4fedf4565ade0a3f9d1212a04a67fa9c7f", "66474df3ecc84aca4860992de2c45988156b0b46fc152a95b3dbda6a7a5211ac", "6c57459003c18291409b620411f13330ffae27f7f2f0cc113e896a836e427855", "7069e3c2f04c33cb9f9d57755de14576a1ae1d9d32b7713824c366056afd846b", "738b6883327db5f98cecbe7234409af8d2112355793b7ae3bf1595b66c03d73d", "8f8ed4ee768f3d0aa060d4c3a7a92c081bbead99c804ae0f0b7a929681ea18e4", "a12b29e06a95822193f73bba0a55707c610733a9f571f91773ebfdbbb3c34a3b", "ade33f33e76c025772ed89f63d529f31e16d0246fa7ddc0530168abb904dabb1", "bcbf33e411bd1fc0866763b56ef1f37e4ab2e8d969763384bda076efd544c1f6", "c2f0d3a680c78f181115e279dd95c8c5db7233ba313d5d1795dcc4b48fdd57c8", "ce68168f4ba2e65f05b2e791ed47836aa3f90648d18d7e7e4015aec719f27416", "dd7a0d851ba1923c15606285a10e55677dd7d5f9400549795caaa1ce430638a0"], "key": "<HKLM>\\SAM\\SAM\\DOMAINS\\ACCOUNT\\USERS\\000003EC", "value_name": "F"}, {"hashes": ["30432dbb97e97a8e1f99b8fec1a3201b4625f515a0e25e10a4e1a9f770b32521", "331c93cdbeef87cbb7ba88d6740d48a1b597f2105f5a31739486118d454ad457", "3966b092dc79c12ad94e15dbb7195fa31652cac10133f536bf7ee8e4fd22e5eb", "4b33a1948929662719bdd82aae7bfd51c22463367f9fe1c7797dce6789251d61", "6125a74c229fc133260f6cac817b1d4fedf4565ade0a3f9d1212a04a67fa9c7f", "66474df3ecc84aca4860992de2c45988156b0b46fc152a95b3dbda6a7a5211ac", "6c57459003c18291409b620411f13330ffae27f7f2f0cc113e896a836e427855", "7069e3c2f04c33cb9f9d57755de14576a1ae1d9d32b7713824c366056afd846b", "738b6883327db5f98cecbe7234409af8d2112355793b7ae3bf1595b66c03d73d", "8f8ed4ee768f3d0aa060d4c3a7a92c081bbead99c804ae0f0b7a929681ea18e4", "a12b29e06a95822193f73bba0a55707c610733a9f571f91773ebfdbbb3c34a3b", "ade33f33e76c025772ed89f63d529f31e16d0246fa7ddc0530168abb904dabb1", "bcbf33e411bd1fc0866763b56ef1f37e4ab2e8d969763384bda076efd544c1f6", "c2f0d3a680c78f181115e279dd95c8c5db7233ba313d5d1795dcc4b48fdd57c8", "ce68168f4ba2e65f05b2e791ed47836aa3f90648d18d7e7e4015aec719f27416", "dd7a0d851ba1923c15606285a10e55677dd7d5f9400549795caaa1ce430638a0"], "key": "<HKCU>\\SOFTWARE\\WINRAR", "value_name": "HWID"}, {"hashes": ["51ace6c3906f3622af3e4da578feff01e348617f54c82dbbc2a7db58d2c3775f", "66aa0c414db0d251592ccfbaba52f09ef82545874426f3e2f223fb92376f9609"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": ""}, {"hashes": ["1d848497ea0e68e69f9efff40d8383cdb8d0ff86ba9907c588885189b1f76608"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\INTERNET EXPLORER\\PHISHINGFILTER", "value_name": "EnabledV8"}, {"hashes": ["1d848497ea0e68e69f9efff40d8383cdb8d0ff86ba9907c588885189b1f76608"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\INTERNET EXPLORER\\PHISHINGFILTER", "value_name": "ShownServiceDownBalloon"}, {"hashes": ["1d848497ea0e68e69f9efff40d8383cdb8d0ff86ba9907c588885189b1f76608"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\INTERNET EXPLORER\\RECOVERY", "value_name": "ClearBrowsingHistoryOnExit"}, {"hashes": ["1d848497ea0e68e69f9efff40d8383cdb8d0ff86ba9907c588885189b1f76608"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\ACTION CENTER\\CHECKS\\{E8433B72-5842-4D43-8645-BC2C35960837}.CHECK.101", "value_name": "CheckSetting"}, {"hashes": ["1d848497ea0e68e69f9efff40d8383cdb8d0ff86ba9907c588885189b1f76608"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\ACTION CENTER\\CHECKS\\{E8433B72-5842-4D43-8645-BC2C35960837}.CHECK.103", "value_name": "CheckSetting"}, {"hashes": ["1d848497ea0e68e69f9efff40d8383cdb8d0ff86ba9907c588885189b1f76608"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\ACTION CENTER\\CHECKS\\{E8433B72-5842-4D43-8645-BC2C35960837}.CHECK.100", "value_name": "CheckSetting"}, {"hashes": ["1d848497ea0e68e69f9efff40d8383cdb8d0ff86ba9907c588885189b1f76608"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\ACTION CENTER\\CHECKS\\{E8433B72-5842-4D43-8645-BC2C35960837}.CHECK.102", "value_name": "CheckSetting"}, {"hashes": ["1d848497ea0e68e69f9efff40d8383cdb8d0ff86ba9907c588885189b1f76608"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\ACTION CENTER\\CHECKS\\{E8433B72-5842-4D43-8645-BC2C35960837}.CHECK.104", "value_name": "CheckSetting"}, {"hashes": ["6c57459003c18291409b620411f13330ffae27f7f2f0cc113e896a836e427855"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "1691575909"}, {"hashes": ["8f8ed4ee768f3d0aa060d4c3a7a92c081bbead99c804ae0f0b7a929681ea18e4"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "1691583038"}, {"hashes": ["bcbf33e411bd1fc0866763b56ef1f37e4ab2e8d969763384bda076efd544c1f6"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "1691583319"}, {"hashes": ["1d848497ea0e68e69f9efff40d8383cdb8d0ff86ba9907c588885189b1f76608"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "trivax1.Bin.exe"}, {"hashes": ["6125a74c229fc133260f6cac817b1d4fedf4565ade0a3f9d1212a04a67fa9c7f"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "1691581260"}, {"hashes": ["3966b092dc79c12ad94e15dbb7195fa31652cac10133f536bf7ee8e4fd22e5eb"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "1691583334"}, {"hashes": ["c2f0d3a680c78f181115e279dd95c8c5db7233ba313d5d1795dcc4b48fdd57c8"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "1691574162"}, {"hashes": ["30432dbb97e97a8e1f99b8fec1a3201b4625f515a0e25e10a4e1a9f770b32521"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "1691584052"}, {"hashes": ["dd7a0d851ba1923c15606285a10e55677dd7d5f9400549795caaa1ce430638a0"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "1691577937"}, {"hashes": ["4b33a1948929662719bdd82aae7bfd51c22463367f9fe1c7797dce6789251d61"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "1691576580"}, {"hashes": ["66474df3ecc84aca4860992de2c45988156b0b46fc152a95b3dbda6a7a5211ac"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "1691576127"}, {"hashes": ["331c93cdbeef87cbb7ba88d6740d48a1b597f2105f5a31739486118d454ad457"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "1691583147"}, {"hashes": ["7069e3c2f04c33cb9f9d57755de14576a1ae1d9d32b7713824c366056afd846b"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "1691583958"}, {"hashes": ["ce68168f4ba2e65f05b2e791ed47836aa3f90648d18d7e7e4015aec719f27416"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "1691577828"}, {"hashes": ["a12b29e06a95822193f73bba0a55707c610733a9f571f91773ebfdbbb3c34a3b"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "1691584177"}, {"hashes": ["738b6883327db5f98cecbe7234409af8d2112355793b7ae3bf1595b66c03d73d"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "1691575098"}, {"hashes": ["ade33f33e76c025772ed89f63d529f31e16d0246fa7ddc0530168abb904dabb1"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "1691585596"}]}, "reports_count": 25}, "Win.Packed.Dridex-9829614-1": {"bis": [{"bi": "pe-encrypted-section", "hashes": ["26e3b061c2d49b302059275410affef6861073575bb4bab07c550c9501839d2b", "111cbaa942fc4b48f8c8ebf37c1284d1ecc15dd2d05c41c1f589a8fee04c72b5", "51ab9aedb438fa1f9dbbba0441220613d009fe99503303969292304f1388aca0", "3dde69b3d354fd374a1c8afe53b6505f4b3dbf61d492c8b919a13876956fe032", "3f45ff6372eb682493c9cb07d08000e13fd4155e1bdf9413e387fa294dec9abb", "281860389daf31e5ef4c54d7ce3e39372920b6142f15656c68f73232a373bd64", "047a9a51f834143cf63c7d82de9501b136e3cffb39220f633515d8c6cc1812be", "ec07002dd9624c2399f3103d5c87c739c6902af86497a5f4f5ad81d5c97ffb28", "3e10c7fc7676dab58eab3196b4b2994ab07bcc4e07638cecd8093e39815e9ec1", "539c82ab4dc05a8f109272e3e5e22a4aa6cbe94b3758f6da994deb0d99914d1c", "227f171b9e01439e9dd686fb83928a13182e4fef000fd5c034d1b3412187c1cf", "1be719d99a109606ef06bf8665c6f63374287b750065a170440cfb7ef4aea804", "0f90634f405bcd81107618ef105b4cf3f446f2fe6a80cd1b206b07b753ef4811", "5222ef991cfc04625e882984c215027d7582f1260c1c6a3d1252bcacf121f818", "2b6d05372a3b1064a8413a33fe8f5c2209870897447955a17b476b421c57253b", "4ff6ca90d9634f4596c39504b74809c8eee95443fdbf38dbcdc26737d98a1573", "3c0fc8702206f4bf2534bd3eb4cf74cd1f515d2e162e75079127fbf305aef850", "3034a6e006456b1016fc67069f6ad65498451922fd3b0ae874293cd90d59aa2b", "325877253c7b1bd550e99d80048b0e0fe4b014ef74dd1dcbb201318e73a4f62d", "1db79b4fb1bcd20ac3ba13af24f572a311baa582c16eb5b9d174649af582d3f6", "4a91f0549250484e09c70b42057edfce9068a0d963db9997ef793721274fe0a3", "54040f88d8ec184b8fee5e44751e4c28625cfcdeb63318c26594dcf5e49b3f7e", "1ecf5f78eafdb097401bdab0a6cccd208e3138e69f211ce05a637647a93e80fc", "32dace58ee58267957aaa8a017e840c436a57f053ab0b871df5646bd39bb579f", "380d29048bbcf2c5970173398559e206b5c51fb165239b3c92fad7b3ae31105c", "2c8294f60b056c1d993563878908bfdcb61bcbbb8ea14ee03562f170adbd4378"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "memory-execute-readwrite", "hashes": ["26e3b061c2d49b302059275410affef6861073575bb4bab07c550c9501839d2b", "111cbaa942fc4b48f8c8ebf37c1284d1ecc15dd2d05c41c1f589a8fee04c72b5", "51ab9aedb438fa1f9dbbba0441220613d009fe99503303969292304f1388aca0", "3dde69b3d354fd374a1c8afe53b6505f4b3dbf61d492c8b919a13876956fe032", "3f45ff6372eb682493c9cb07d08000e13fd4155e1bdf9413e387fa294dec9abb", "281860389daf31e5ef4c54d7ce3e39372920b6142f15656c68f73232a373bd64", "047a9a51f834143cf63c7d82de9501b136e3cffb39220f633515d8c6cc1812be", "ec07002dd9624c2399f3103d5c87c739c6902af86497a5f4f5ad81d5c97ffb28", "3e10c7fc7676dab58eab3196b4b2994ab07bcc4e07638cecd8093e39815e9ec1", "539c82ab4dc05a8f109272e3e5e22a4aa6cbe94b3758f6da994deb0d99914d1c", "227f171b9e01439e9dd686fb83928a13182e4fef000fd5c034d1b3412187c1cf", "1be719d99a109606ef06bf8665c6f63374287b750065a170440cfb7ef4aea804", "0f90634f405bcd81107618ef105b4cf3f446f2fe6a80cd1b206b07b753ef4811", "5222ef991cfc04625e882984c215027d7582f1260c1c6a3d1252bcacf121f818", "2b6d05372a3b1064a8413a33fe8f5c2209870897447955a17b476b421c57253b", "4ff6ca90d9634f4596c39504b74809c8eee95443fdbf38dbcdc26737d98a1573", "3c0fc8702206f4bf2534bd3eb4cf74cd1f515d2e162e75079127fbf305aef850", "3034a6e006456b1016fc67069f6ad65498451922fd3b0ae874293cd90d59aa2b", "325877253c7b1bd550e99d80048b0e0fe4b014ef74dd1dcbb201318e73a4f62d", "1db79b4fb1bcd20ac3ba13af24f572a311baa582c16eb5b9d174649af582d3f6", "4a91f0549250484e09c70b42057edfce9068a0d963db9997ef793721274fe0a3", "54040f88d8ec184b8fee5e44751e4c28625cfcdeb63318c26594dcf5e49b3f7e", "1ecf5f78eafdb097401bdab0a6cccd208e3138e69f211ce05a637647a93e80fc", "32dace58ee58267957aaa8a017e840c436a57f053ab0b871df5646bd39bb579f", "380d29048bbcf2c5970173398559e206b5c51fb165239b3c92fad7b3ae31105c", "2c8294f60b056c1d993563878908bfdcb61bcbbb8ea14ee03562f170adbd4378"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "modified-executable", "hashes": ["26e3b061c2d49b302059275410affef6861073575bb4bab07c550c9501839d2b", "111cbaa942fc4b48f8c8ebf37c1284d1ecc15dd2d05c41c1f589a8fee04c72b5", "51ab9aedb438fa1f9dbbba0441220613d009fe99503303969292304f1388aca0", "3dde69b3d354fd374a1c8afe53b6505f4b3dbf61d492c8b919a13876956fe032", "3f45ff6372eb682493c9cb07d08000e13fd4155e1bdf9413e387fa294dec9abb", "281860389daf31e5ef4c54d7ce3e39372920b6142f15656c68f73232a373bd64", "047a9a51f834143cf63c7d82de9501b136e3cffb39220f633515d8c6cc1812be", "ec07002dd9624c2399f3103d5c87c739c6902af86497a5f4f5ad81d5c97ffb28", "3e10c7fc7676dab58eab3196b4b2994ab07bcc4e07638cecd8093e39815e9ec1", "539c82ab4dc05a8f109272e3e5e22a4aa6cbe94b3758f6da994deb0d99914d1c", "227f171b9e01439e9dd686fb83928a13182e4fef000fd5c034d1b3412187c1cf", "1be719d99a109606ef06bf8665c6f63374287b750065a170440cfb7ef4aea804", "0f90634f405bcd81107618ef105b4cf3f446f2fe6a80cd1b206b07b753ef4811", "5222ef991cfc04625e882984c215027d7582f1260c1c6a3d1252bcacf121f818", "2b6d05372a3b1064a8413a33fe8f5c2209870897447955a17b476b421c57253b", "4ff6ca90d9634f4596c39504b74809c8eee95443fdbf38dbcdc26737d98a1573", "3c0fc8702206f4bf2534bd3eb4cf74cd1f515d2e162e75079127fbf305aef850", "3034a6e006456b1016fc67069f6ad65498451922fd3b0ae874293cd90d59aa2b", "325877253c7b1bd550e99d80048b0e0fe4b014ef74dd1dcbb201318e73a4f62d", "1db79b4fb1bcd20ac3ba13af24f572a311baa582c16eb5b9d174649af582d3f6", "4a91f0549250484e09c70b42057edfce9068a0d963db9997ef793721274fe0a3", "54040f88d8ec184b8fee5e44751e4c28625cfcdeb63318c26594dcf5e49b3f7e", "1ecf5f78eafdb097401bdab0a6cccd208e3138e69f211ce05a637647a93e80fc", "32dace58ee58267957aaa8a017e840c436a57f053ab0b871df5646bd39bb579f", "380d29048bbcf2c5970173398559e206b5c51fb165239b3c92fad7b3ae31105c", "2c8294f60b056c1d993563878908bfdcb61bcbbb8ea14ee03562f170adbd4378"], "mitre_attack_tags": []}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["26e3b061c2d49b302059275410affef6861073575bb4bab07c550c9501839d2b", "111cbaa942fc4b48f8c8ebf37c1284d1ecc15dd2d05c41c1f589a8fee04c72b5", "51ab9aedb438fa1f9dbbba0441220613d009fe99503303969292304f1388aca0", "3dde69b3d354fd374a1c8afe53b6505f4b3dbf61d492c8b919a13876956fe032", "3f45ff6372eb682493c9cb07d08000e13fd4155e1bdf9413e387fa294dec9abb", "281860389daf31e5ef4c54d7ce3e39372920b6142f15656c68f73232a373bd64", "047a9a51f834143cf63c7d82de9501b136e3cffb39220f633515d8c6cc1812be", "ec07002dd9624c2399f3103d5c87c739c6902af86497a5f4f5ad81d5c97ffb28", "3e10c7fc7676dab58eab3196b4b2994ab07bcc4e07638cecd8093e39815e9ec1", "539c82ab4dc05a8f109272e3e5e22a4aa6cbe94b3758f6da994deb0d99914d1c", "227f171b9e01439e9dd686fb83928a13182e4fef000fd5c034d1b3412187c1cf", "1be719d99a109606ef06bf8665c6f63374287b750065a170440cfb7ef4aea804", "0f90634f405bcd81107618ef105b4cf3f446f2fe6a80cd1b206b07b753ef4811", "5222ef991cfc04625e882984c215027d7582f1260c1c6a3d1252bcacf121f818", "2b6d05372a3b1064a8413a33fe8f5c2209870897447955a17b476b421c57253b", "4ff6ca90d9634f4596c39504b74809c8eee95443fdbf38dbcdc26737d98a1573", "3c0fc8702206f4bf2534bd3eb4cf74cd1f515d2e162e75079127fbf305aef850", "3034a6e006456b1016fc67069f6ad65498451922fd3b0ae874293cd90d59aa2b", "325877253c7b1bd550e99d80048b0e0fe4b014ef74dd1dcbb201318e73a4f62d", "1db79b4fb1bcd20ac3ba13af24f572a311baa582c16eb5b9d174649af582d3f6", "4a91f0549250484e09c70b42057edfce9068a0d963db9997ef793721274fe0a3", "54040f88d8ec184b8fee5e44751e4c28625cfcdeb63318c26594dcf5e49b3f7e", "1ecf5f78eafdb097401bdab0a6cccd208e3138e69f211ce05a637647a93e80fc", "32dace58ee58267957aaa8a017e840c436a57f053ab0b871df5646bd39bb579f", "380d29048bbcf2c5970173398559e206b5c51fb165239b3c92fad7b3ae31105c", "2c8294f60b056c1d993563878908bfdcb61bcbbb8ea14ee03562f170adbd4378"], "mitre_attack_tags": []}, {"bi": "cta-static-analyzer-malicious", "hashes": ["26e3b061c2d49b302059275410affef6861073575bb4bab07c550c9501839d2b", "111cbaa942fc4b48f8c8ebf37c1284d1ecc15dd2d05c41c1f589a8fee04c72b5", "51ab9aedb438fa1f9dbbba0441220613d009fe99503303969292304f1388aca0", "3dde69b3d354fd374a1c8afe53b6505f4b3dbf61d492c8b919a13876956fe032", "3f45ff6372eb682493c9cb07d08000e13fd4155e1bdf9413e387fa294dec9abb", "281860389daf31e5ef4c54d7ce3e39372920b6142f15656c68f73232a373bd64", "047a9a51f834143cf63c7d82de9501b136e3cffb39220f633515d8c6cc1812be", "ec07002dd9624c2399f3103d5c87c739c6902af86497a5f4f5ad81d5c97ffb28", "3e10c7fc7676dab58eab3196b4b2994ab07bcc4e07638cecd8093e39815e9ec1", "539c82ab4dc05a8f109272e3e5e22a4aa6cbe94b3758f6da994deb0d99914d1c", "227f171b9e01439e9dd686fb83928a13182e4fef000fd5c034d1b3412187c1cf", "1be719d99a109606ef06bf8665c6f63374287b750065a170440cfb7ef4aea804", "0f90634f405bcd81107618ef105b4cf3f446f2fe6a80cd1b206b07b753ef4811", "5222ef991cfc04625e882984c215027d7582f1260c1c6a3d1252bcacf121f818", "2b6d05372a3b1064a8413a33fe8f5c2209870897447955a17b476b421c57253b", "4ff6ca90d9634f4596c39504b74809c8eee95443fdbf38dbcdc26737d98a1573", "3c0fc8702206f4bf2534bd3eb4cf74cd1f515d2e162e75079127fbf305aef850", "3034a6e006456b1016fc67069f6ad65498451922fd3b0ae874293cd90d59aa2b", "325877253c7b1bd550e99d80048b0e0fe4b014ef74dd1dcbb201318e73a4f62d", "1db79b4fb1bcd20ac3ba13af24f572a311baa582c16eb5b9d174649af582d3f6", "4a91f0549250484e09c70b42057edfce9068a0d963db9997ef793721274fe0a3", "54040f88d8ec184b8fee5e44751e4c28625cfcdeb63318c26594dcf5e49b3f7e", "1ecf5f78eafdb097401bdab0a6cccd208e3138e69f211ce05a637647a93e80fc", "32dace58ee58267957aaa8a017e840c436a57f053ab0b871df5646bd39bb579f", "380d29048bbcf2c5970173398559e206b5c51fb165239b3c92fad7b3ae31105c", "2c8294f60b056c1d993563878908bfdcb61bcbbb8ea14ee03562f170adbd4378"], "mitre_attack_tags": []}, {"bi": "artifact-flagged-anomaly", "hashes": ["26e3b061c2d49b302059275410affef6861073575bb4bab07c550c9501839d2b", "111cbaa942fc4b48f8c8ebf37c1284d1ecc15dd2d05c41c1f589a8fee04c72b5", "51ab9aedb438fa1f9dbbba0441220613d009fe99503303969292304f1388aca0", "3dde69b3d354fd374a1c8afe53b6505f4b3dbf61d492c8b919a13876956fe032", "3f45ff6372eb682493c9cb07d08000e13fd4155e1bdf9413e387fa294dec9abb", "281860389daf31e5ef4c54d7ce3e39372920b6142f15656c68f73232a373bd64", "047a9a51f834143cf63c7d82de9501b136e3cffb39220f633515d8c6cc1812be", "ec07002dd9624c2399f3103d5c87c739c6902af86497a5f4f5ad81d5c97ffb28", "3e10c7fc7676dab58eab3196b4b2994ab07bcc4e07638cecd8093e39815e9ec1", "539c82ab4dc05a8f109272e3e5e22a4aa6cbe94b3758f6da994deb0d99914d1c", "227f171b9e01439e9dd686fb83928a13182e4fef000fd5c034d1b3412187c1cf", "1be719d99a109606ef06bf8665c6f63374287b750065a170440cfb7ef4aea804", "0f90634f405bcd81107618ef105b4cf3f446f2fe6a80cd1b206b07b753ef4811", "5222ef991cfc04625e882984c215027d7582f1260c1c6a3d1252bcacf121f818", "2b6d05372a3b1064a8413a33fe8f5c2209870897447955a17b476b421c57253b", "4ff6ca90d9634f4596c39504b74809c8eee95443fdbf38dbcdc26737d98a1573", "3c0fc8702206f4bf2534bd3eb4cf74cd1f515d2e162e75079127fbf305aef850", "3034a6e006456b1016fc67069f6ad65498451922fd3b0ae874293cd90d59aa2b", "325877253c7b1bd550e99d80048b0e0fe4b014ef74dd1dcbb201318e73a4f62d", "1db79b4fb1bcd20ac3ba13af24f572a311baa582c16eb5b9d174649af582d3f6", "4a91f0549250484e09c70b42057edfce9068a0d963db9997ef793721274fe0a3", "54040f88d8ec184b8fee5e44751e4c28625cfcdeb63318c26594dcf5e49b3f7e", "1ecf5f78eafdb097401bdab0a6cccd208e3138e69f211ce05a637647a93e80fc", "32dace58ee58267957aaa8a017e840c436a57f053ab0b871df5646bd39bb579f", "380d29048bbcf2c5970173398559e206b5c51fb165239b3c92fad7b3ae31105c", "2c8294f60b056c1d993563878908bfdcb61bcbbb8ea14ee03562f170adbd4378"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-section-execute-writable", "hashes": ["26e3b061c2d49b302059275410affef6861073575bb4bab07c550c9501839d2b", "111cbaa942fc4b48f8c8ebf37c1284d1ecc15dd2d05c41c1f589a8fee04c72b5", "51ab9aedb438fa1f9dbbba0441220613d009fe99503303969292304f1388aca0", "3dde69b3d354fd374a1c8afe53b6505f4b3dbf61d492c8b919a13876956fe032", "3f45ff6372eb682493c9cb07d08000e13fd4155e1bdf9413e387fa294dec9abb", "281860389daf31e5ef4c54d7ce3e39372920b6142f15656c68f73232a373bd64", "047a9a51f834143cf63c7d82de9501b136e3cffb39220f633515d8c6cc1812be", "ec07002dd9624c2399f3103d5c87c739c6902af86497a5f4f5ad81d5c97ffb28", "3e10c7fc7676dab58eab3196b4b2994ab07bcc4e07638cecd8093e39815e9ec1", "539c82ab4dc05a8f109272e3e5e22a4aa6cbe94b3758f6da994deb0d99914d1c", "227f171b9e01439e9dd686fb83928a13182e4fef000fd5c034d1b3412187c1cf", "1be719d99a109606ef06bf8665c6f63374287b750065a170440cfb7ef4aea804", "0f90634f405bcd81107618ef105b4cf3f446f2fe6a80cd1b206b07b753ef4811", "5222ef991cfc04625e882984c215027d7582f1260c1c6a3d1252bcacf121f818", "2b6d05372a3b1064a8413a33fe8f5c2209870897447955a17b476b421c57253b", "4ff6ca90d9634f4596c39504b74809c8eee95443fdbf38dbcdc26737d98a1573", "3c0fc8702206f4bf2534bd3eb4cf74cd1f515d2e162e75079127fbf305aef850", "3034a6e006456b1016fc67069f6ad65498451922fd3b0ae874293cd90d59aa2b", "325877253c7b1bd550e99d80048b0e0fe4b014ef74dd1dcbb201318e73a4f62d", "1db79b4fb1bcd20ac3ba13af24f572a311baa582c16eb5b9d174649af582d3f6", "4a91f0549250484e09c70b42057edfce9068a0d963db9997ef793721274fe0a3", "54040f88d8ec184b8fee5e44751e4c28625cfcdeb63318c26594dcf5e49b3f7e", "1ecf5f78eafdb097401bdab0a6cccd208e3138e69f211ce05a637647a93e80fc", "32dace58ee58267957aaa8a017e840c436a57f053ab0b871df5646bd39bb579f", "380d29048bbcf2c5970173398559e206b5c51fb165239b3c92fad7b3ae31105c", "2c8294f60b056c1d993563878908bfdcb61bcbbb8ea14ee03562f170adbd4378"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "network-fast-flux-domain", "hashes": ["26e3b061c2d49b302059275410affef6861073575bb4bab07c550c9501839d2b", "111cbaa942fc4b48f8c8ebf37c1284d1ecc15dd2d05c41c1f589a8fee04c72b5", "51ab9aedb438fa1f9dbbba0441220613d009fe99503303969292304f1388aca0", "3dde69b3d354fd374a1c8afe53b6505f4b3dbf61d492c8b919a13876956fe032", "3f45ff6372eb682493c9cb07d08000e13fd4155e1bdf9413e387fa294dec9abb", "281860389daf31e5ef4c54d7ce3e39372920b6142f15656c68f73232a373bd64", "047a9a51f834143cf63c7d82de9501b136e3cffb39220f633515d8c6cc1812be", "ec07002dd9624c2399f3103d5c87c739c6902af86497a5f4f5ad81d5c97ffb28", "3e10c7fc7676dab58eab3196b4b2994ab07bcc4e07638cecd8093e39815e9ec1", "539c82ab4dc05a8f109272e3e5e22a4aa6cbe94b3758f6da994deb0d99914d1c", "227f171b9e01439e9dd686fb83928a13182e4fef000fd5c034d1b3412187c1cf", "1be719d99a109606ef06bf8665c6f63374287b750065a170440cfb7ef4aea804", "0f90634f405bcd81107618ef105b4cf3f446f2fe6a80cd1b206b07b753ef4811", "5222ef991cfc04625e882984c215027d7582f1260c1c6a3d1252bcacf121f818", "2b6d05372a3b1064a8413a33fe8f5c2209870897447955a17b476b421c57253b", "4ff6ca90d9634f4596c39504b74809c8eee95443fdbf38dbcdc26737d98a1573", "3c0fc8702206f4bf2534bd3eb4cf74cd1f515d2e162e75079127fbf305aef850", "3034a6e006456b1016fc67069f6ad65498451922fd3b0ae874293cd90d59aa2b", "325877253c7b1bd550e99d80048b0e0fe4b014ef74dd1dcbb201318e73a4f62d", "1db79b4fb1bcd20ac3ba13af24f572a311baa582c16eb5b9d174649af582d3f6", "4a91f0549250484e09c70b42057edfce9068a0d963db9997ef793721274fe0a3", "54040f88d8ec184b8fee5e44751e4c28625cfcdeb63318c26594dcf5e49b3f7e", "1ecf5f78eafdb097401bdab0a6cccd208e3138e69f211ce05a637647a93e80fc", "32dace58ee58267957aaa8a017e840c436a57f053ab0b871df5646bd39bb579f", "380d29048bbcf2c5970173398559e206b5c51fb165239b3c92fad7b3ae31105c", "2c8294f60b056c1d993563878908bfdcb61bcbbb8ea14ee03562f170adbd4378"], "mitre_attack_tags": []}, {"bi": "network-communications-http-get", "hashes": ["26e3b061c2d49b302059275410affef6861073575bb4bab07c550c9501839d2b", "111cbaa942fc4b48f8c8ebf37c1284d1ecc15dd2d05c41c1f589a8fee04c72b5", "51ab9aedb438fa1f9dbbba0441220613d009fe99503303969292304f1388aca0", "3dde69b3d354fd374a1c8afe53b6505f4b3dbf61d492c8b919a13876956fe032", "3f45ff6372eb682493c9cb07d08000e13fd4155e1bdf9413e387fa294dec9abb", "281860389daf31e5ef4c54d7ce3e39372920b6142f15656c68f73232a373bd64", "047a9a51f834143cf63c7d82de9501b136e3cffb39220f633515d8c6cc1812be", "ec07002dd9624c2399f3103d5c87c739c6902af86497a5f4f5ad81d5c97ffb28", "3e10c7fc7676dab58eab3196b4b2994ab07bcc4e07638cecd8093e39815e9ec1", "539c82ab4dc05a8f109272e3e5e22a4aa6cbe94b3758f6da994deb0d99914d1c", "227f171b9e01439e9dd686fb83928a13182e4fef000fd5c034d1b3412187c1cf", "1be719d99a109606ef06bf8665c6f63374287b750065a170440cfb7ef4aea804", "0f90634f405bcd81107618ef105b4cf3f446f2fe6a80cd1b206b07b753ef4811", "5222ef991cfc04625e882984c215027d7582f1260c1c6a3d1252bcacf121f818", "2b6d05372a3b1064a8413a33fe8f5c2209870897447955a17b476b421c57253b", "4ff6ca90d9634f4596c39504b74809c8eee95443fdbf38dbcdc26737d98a1573", "3c0fc8702206f4bf2534bd3eb4cf74cd1f515d2e162e75079127fbf305aef850", "3034a6e006456b1016fc67069f6ad65498451922fd3b0ae874293cd90d59aa2b", "325877253c7b1bd550e99d80048b0e0fe4b014ef74dd1dcbb201318e73a4f62d", "1db79b4fb1bcd20ac3ba13af24f572a311baa582c16eb5b9d174649af582d3f6", "4a91f0549250484e09c70b42057edfce9068a0d963db9997ef793721274fe0a3", "54040f88d8ec184b8fee5e44751e4c28625cfcdeb63318c26594dcf5e49b3f7e", "1ecf5f78eafdb097401bdab0a6cccd208e3138e69f211ce05a637647a93e80fc", "32dace58ee58267957aaa8a017e840c436a57f053ab0b871df5646bd39bb579f", "380d29048bbcf2c5970173398559e206b5c51fb165239b3c92fad7b3ae31105c", "2c8294f60b056c1d993563878908bfdcb61bcbbb8ea14ee03562f170adbd4378"], "mitre_attack_tags": ["TA0011", "T1105"]}, {"bi": "network-fast-flux-nameserver", "hashes": ["26e3b061c2d49b302059275410affef6861073575bb4bab07c550c9501839d2b", "111cbaa942fc4b48f8c8ebf37c1284d1ecc15dd2d05c41c1f589a8fee04c72b5", "51ab9aedb438fa1f9dbbba0441220613d009fe99503303969292304f1388aca0", "3dde69b3d354fd374a1c8afe53b6505f4b3dbf61d492c8b919a13876956fe032", "3f45ff6372eb682493c9cb07d08000e13fd4155e1bdf9413e387fa294dec9abb", "281860389daf31e5ef4c54d7ce3e39372920b6142f15656c68f73232a373bd64", "047a9a51f834143cf63c7d82de9501b136e3cffb39220f633515d8c6cc1812be", "ec07002dd9624c2399f3103d5c87c739c6902af86497a5f4f5ad81d5c97ffb28", "3e10c7fc7676dab58eab3196b4b2994ab07bcc4e07638cecd8093e39815e9ec1", "539c82ab4dc05a8f109272e3e5e22a4aa6cbe94b3758f6da994deb0d99914d1c", "227f171b9e01439e9dd686fb83928a13182e4fef000fd5c034d1b3412187c1cf", "1be719d99a109606ef06bf8665c6f63374287b750065a170440cfb7ef4aea804", "0f90634f405bcd81107618ef105b4cf3f446f2fe6a80cd1b206b07b753ef4811", "5222ef991cfc04625e882984c215027d7582f1260c1c6a3d1252bcacf121f818", "2b6d05372a3b1064a8413a33fe8f5c2209870897447955a17b476b421c57253b", "4ff6ca90d9634f4596c39504b74809c8eee95443fdbf38dbcdc26737d98a1573", "3c0fc8702206f4bf2534bd3eb4cf74cd1f515d2e162e75079127fbf305aef850", "3034a6e006456b1016fc67069f6ad65498451922fd3b0ae874293cd90d59aa2b", "325877253c7b1bd550e99d80048b0e0fe4b014ef74dd1dcbb201318e73a4f62d", "1db79b4fb1bcd20ac3ba13af24f572a311baa582c16eb5b9d174649af582d3f6", "4a91f0549250484e09c70b42057edfce9068a0d963db9997ef793721274fe0a3", "54040f88d8ec184b8fee5e44751e4c28625cfcdeb63318c26594dcf5e49b3f7e", "1ecf5f78eafdb097401bdab0a6cccd208e3138e69f211ce05a637647a93e80fc", "32dace58ee58267957aaa8a017e840c436a57f053ab0b871df5646bd39bb579f", "380d29048bbcf2c5970173398559e206b5c51fb165239b3c92fad7b3ae31105c", "2c8294f60b056c1d993563878908bfdcb61bcbbb8ea14ee03562f170adbd4378"], "mitre_attack_tags": []}, {"bi": "dns-query-nxdomain", "hashes": ["26e3b061c2d49b302059275410affef6861073575bb4bab07c550c9501839d2b", "111cbaa942fc4b48f8c8ebf37c1284d1ecc15dd2d05c41c1f589a8fee04c72b5", "51ab9aedb438fa1f9dbbba0441220613d009fe99503303969292304f1388aca0", "3dde69b3d354fd374a1c8afe53b6505f4b3dbf61d492c8b919a13876956fe032", "3f45ff6372eb682493c9cb07d08000e13fd4155e1bdf9413e387fa294dec9abb", "281860389daf31e5ef4c54d7ce3e39372920b6142f15656c68f73232a373bd64", "047a9a51f834143cf63c7d82de9501b136e3cffb39220f633515d8c6cc1812be", "ec07002dd9624c2399f3103d5c87c739c6902af86497a5f4f5ad81d5c97ffb28", "3e10c7fc7676dab58eab3196b4b2994ab07bcc4e07638cecd8093e39815e9ec1", "539c82ab4dc05a8f109272e3e5e22a4aa6cbe94b3758f6da994deb0d99914d1c", "227f171b9e01439e9dd686fb83928a13182e4fef000fd5c034d1b3412187c1cf", "1be719d99a109606ef06bf8665c6f63374287b750065a170440cfb7ef4aea804", "0f90634f405bcd81107618ef105b4cf3f446f2fe6a80cd1b206b07b753ef4811", "5222ef991cfc04625e882984c215027d7582f1260c1c6a3d1252bcacf121f818", "2b6d05372a3b1064a8413a33fe8f5c2209870897447955a17b476b421c57253b", "4ff6ca90d9634f4596c39504b74809c8eee95443fdbf38dbcdc26737d98a1573", "3c0fc8702206f4bf2534bd3eb4cf74cd1f515d2e162e75079127fbf305aef850", "3034a6e006456b1016fc67069f6ad65498451922fd3b0ae874293cd90d59aa2b", "325877253c7b1bd550e99d80048b0e0fe4b014ef74dd1dcbb201318e73a4f62d", "1db79b4fb1bcd20ac3ba13af24f572a311baa582c16eb5b9d174649af582d3f6", "4a91f0549250484e09c70b42057edfce9068a0d963db9997ef793721274fe0a3", "54040f88d8ec184b8fee5e44751e4c28625cfcdeb63318c26594dcf5e49b3f7e", "1ecf5f78eafdb097401bdab0a6cccd208e3138e69f211ce05a637647a93e80fc", "32dace58ee58267957aaa8a017e840c436a57f053ab0b871df5646bd39bb579f", "380d29048bbcf2c5970173398559e206b5c51fb165239b3c92fad7b3ae31105c", "2c8294f60b056c1d993563878908bfdcb61bcbbb8ea14ee03562f170adbd4378"], "mitre_attack_tags": []}, {"bi": "network-snort-protocol", "hashes": ["26e3b061c2d49b302059275410affef6861073575bb4bab07c550c9501839d2b", "111cbaa942fc4b48f8c8ebf37c1284d1ecc15dd2d05c41c1f589a8fee04c72b5", "51ab9aedb438fa1f9dbbba0441220613d009fe99503303969292304f1388aca0", "3dde69b3d354fd374a1c8afe53b6505f4b3dbf61d492c8b919a13876956fe032", "3f45ff6372eb682493c9cb07d08000e13fd4155e1bdf9413e387fa294dec9abb", "281860389daf31e5ef4c54d7ce3e39372920b6142f15656c68f73232a373bd64", "047a9a51f834143cf63c7d82de9501b136e3cffb39220f633515d8c6cc1812be", "ec07002dd9624c2399f3103d5c87c739c6902af86497a5f4f5ad81d5c97ffb28", "3e10c7fc7676dab58eab3196b4b2994ab07bcc4e07638cecd8093e39815e9ec1", "539c82ab4dc05a8f109272e3e5e22a4aa6cbe94b3758f6da994deb0d99914d1c", "227f171b9e01439e9dd686fb83928a13182e4fef000fd5c034d1b3412187c1cf", "1be719d99a109606ef06bf8665c6f63374287b750065a170440cfb7ef4aea804", "0f90634f405bcd81107618ef105b4cf3f446f2fe6a80cd1b206b07b753ef4811", "5222ef991cfc04625e882984c215027d7582f1260c1c6a3d1252bcacf121f818", "2b6d05372a3b1064a8413a33fe8f5c2209870897447955a17b476b421c57253b", "4ff6ca90d9634f4596c39504b74809c8eee95443fdbf38dbcdc26737d98a1573", "3c0fc8702206f4bf2534bd3eb4cf74cd1f515d2e162e75079127fbf305aef850", "3034a6e006456b1016fc67069f6ad65498451922fd3b0ae874293cd90d59aa2b", "325877253c7b1bd550e99d80048b0e0fe4b014ef74dd1dcbb201318e73a4f62d", "1db79b4fb1bcd20ac3ba13af24f572a311baa582c16eb5b9d174649af582d3f6", "4a91f0549250484e09c70b42057edfce9068a0d963db9997ef793721274fe0a3", "54040f88d8ec184b8fee5e44751e4c28625cfcdeb63318c26594dcf5e49b3f7e", "1ecf5f78eafdb097401bdab0a6cccd208e3138e69f211ce05a637647a93e80fc", "32dace58ee58267957aaa8a017e840c436a57f053ab0b871df5646bd39bb579f", "380d29048bbcf2c5970173398559e206b5c51fb165239b3c92fad7b3ae31105c", "2c8294f60b056c1d993563878908bfdcb61bcbbb8ea14ee03562f170adbd4378"], "mitre_attack_tags": []}, {"bi": "network-only-safe-domains-contacted", "hashes": ["26e3b061c2d49b302059275410affef6861073575bb4bab07c550c9501839d2b", "111cbaa942fc4b48f8c8ebf37c1284d1ecc15dd2d05c41c1f589a8fee04c72b5", "51ab9aedb438fa1f9dbbba0441220613d009fe99503303969292304f1388aca0", "3dde69b3d354fd374a1c8afe53b6505f4b3dbf61d492c8b919a13876956fe032", "3f45ff6372eb682493c9cb07d08000e13fd4155e1bdf9413e387fa294dec9abb", "281860389daf31e5ef4c54d7ce3e39372920b6142f15656c68f73232a373bd64", "047a9a51f834143cf63c7d82de9501b136e3cffb39220f633515d8c6cc1812be", "ec07002dd9624c2399f3103d5c87c739c6902af86497a5f4f5ad81d5c97ffb28", "3e10c7fc7676dab58eab3196b4b2994ab07bcc4e07638cecd8093e39815e9ec1", "539c82ab4dc05a8f109272e3e5e22a4aa6cbe94b3758f6da994deb0d99914d1c", "227f171b9e01439e9dd686fb83928a13182e4fef000fd5c034d1b3412187c1cf", "1be719d99a109606ef06bf8665c6f63374287b750065a170440cfb7ef4aea804", "0f90634f405bcd81107618ef105b4cf3f446f2fe6a80cd1b206b07b753ef4811", "5222ef991cfc04625e882984c215027d7582f1260c1c6a3d1252bcacf121f818", "2b6d05372a3b1064a8413a33fe8f5c2209870897447955a17b476b421c57253b", "4ff6ca90d9634f4596c39504b74809c8eee95443fdbf38dbcdc26737d98a1573", "3c0fc8702206f4bf2534bd3eb4cf74cd1f515d2e162e75079127fbf305aef850", "3034a6e006456b1016fc67069f6ad65498451922fd3b0ae874293cd90d59aa2b", "325877253c7b1bd550e99d80048b0e0fe4b014ef74dd1dcbb201318e73a4f62d", "1db79b4fb1bcd20ac3ba13af24f572a311baa582c16eb5b9d174649af582d3f6", "4a91f0549250484e09c70b42057edfce9068a0d963db9997ef793721274fe0a3", "54040f88d8ec184b8fee5e44751e4c28625cfcdeb63318c26594dcf5e49b3f7e", "1ecf5f78eafdb097401bdab0a6cccd208e3138e69f211ce05a637647a93e80fc", "32dace58ee58267957aaa8a017e840c436a57f053ab0b871df5646bd39bb579f", "380d29048bbcf2c5970173398559e206b5c51fb165239b3c92fad7b3ae31105c", "2c8294f60b056c1d993563878908bfdcb61bcbbb8ea14ee03562f170adbd4378"], "mitre_attack_tags": []}, {"bi": "feed-domain-banking", "hashes": ["26e3b061c2d49b302059275410affef6861073575bb4bab07c550c9501839d2b", "111cbaa942fc4b48f8c8ebf37c1284d1ecc15dd2d05c41c1f589a8fee04c72b5", "51ab9aedb438fa1f9dbbba0441220613d009fe99503303969292304f1388aca0", "3dde69b3d354fd374a1c8afe53b6505f4b3dbf61d492c8b919a13876956fe032", "3f45ff6372eb682493c9cb07d08000e13fd4155e1bdf9413e387fa294dec9abb", "281860389daf31e5ef4c54d7ce3e39372920b6142f15656c68f73232a373bd64", "047a9a51f834143cf63c7d82de9501b136e3cffb39220f633515d8c6cc1812be", "ec07002dd9624c2399f3103d5c87c739c6902af86497a5f4f5ad81d5c97ffb28", "3e10c7fc7676dab58eab3196b4b2994ab07bcc4e07638cecd8093e39815e9ec1", "539c82ab4dc05a8f109272e3e5e22a4aa6cbe94b3758f6da994deb0d99914d1c", "227f171b9e01439e9dd686fb83928a13182e4fef000fd5c034d1b3412187c1cf", "1be719d99a109606ef06bf8665c6f63374287b750065a170440cfb7ef4aea804", "0f90634f405bcd81107618ef105b4cf3f446f2fe6a80cd1b206b07b753ef4811", "5222ef991cfc04625e882984c215027d7582f1260c1c6a3d1252bcacf121f818", "2b6d05372a3b1064a8413a33fe8f5c2209870897447955a17b476b421c57253b", "4ff6ca90d9634f4596c39504b74809c8eee95443fdbf38dbcdc26737d98a1573", "3c0fc8702206f4bf2534bd3eb4cf74cd1f515d2e162e75079127fbf305aef850", "3034a6e006456b1016fc67069f6ad65498451922fd3b0ae874293cd90d59aa2b", "325877253c7b1bd550e99d80048b0e0fe4b014ef74dd1dcbb201318e73a4f62d", "1db79b4fb1bcd20ac3ba13af24f572a311baa582c16eb5b9d174649af582d3f6", "4a91f0549250484e09c70b42057edfce9068a0d963db9997ef793721274fe0a3", "54040f88d8ec184b8fee5e44751e4c28625cfcdeb63318c26594dcf5e49b3f7e", "1ecf5f78eafdb097401bdab0a6cccd208e3138e69f211ce05a637647a93e80fc", "32dace58ee58267957aaa8a017e840c436a57f053ab0b871df5646bd39bb579f", "380d29048bbcf2c5970173398559e206b5c51fb165239b3c92fad7b3ae31105c", "2c8294f60b056c1d993563878908bfdcb61bcbbb8ea14ee03562f170adbd4378"], "mitre_attack_tags": []}, {"bi": "feed-domain-antivirus-service", "hashes": ["26e3b061c2d49b302059275410affef6861073575bb4bab07c550c9501839d2b", "111cbaa942fc4b48f8c8ebf37c1284d1ecc15dd2d05c41c1f589a8fee04c72b5", "51ab9aedb438fa1f9dbbba0441220613d009fe99503303969292304f1388aca0", "3dde69b3d354fd374a1c8afe53b6505f4b3dbf61d492c8b919a13876956fe032", "3f45ff6372eb682493c9cb07d08000e13fd4155e1bdf9413e387fa294dec9abb", "281860389daf31e5ef4c54d7ce3e39372920b6142f15656c68f73232a373bd64", "047a9a51f834143cf63c7d82de9501b136e3cffb39220f633515d8c6cc1812be", "ec07002dd9624c2399f3103d5c87c739c6902af86497a5f4f5ad81d5c97ffb28", "3e10c7fc7676dab58eab3196b4b2994ab07bcc4e07638cecd8093e39815e9ec1", "539c82ab4dc05a8f109272e3e5e22a4aa6cbe94b3758f6da994deb0d99914d1c", "227f171b9e01439e9dd686fb83928a13182e4fef000fd5c034d1b3412187c1cf", "1be719d99a109606ef06bf8665c6f63374287b750065a170440cfb7ef4aea804", "0f90634f405bcd81107618ef105b4cf3f446f2fe6a80cd1b206b07b753ef4811", "5222ef991cfc04625e882984c215027d7582f1260c1c6a3d1252bcacf121f818", "2b6d05372a3b1064a8413a33fe8f5c2209870897447955a17b476b421c57253b", "4ff6ca90d9634f4596c39504b74809c8eee95443fdbf38dbcdc26737d98a1573", "3c0fc8702206f4bf2534bd3eb4cf74cd1f515d2e162e75079127fbf305aef850", "3034a6e006456b1016fc67069f6ad65498451922fd3b0ae874293cd90d59aa2b", "325877253c7b1bd550e99d80048b0e0fe4b014ef74dd1dcbb201318e73a4f62d", "1db79b4fb1bcd20ac3ba13af24f572a311baa582c16eb5b9d174649af582d3f6", "4a91f0549250484e09c70b42057edfce9068a0d963db9997ef793721274fe0a3", "54040f88d8ec184b8fee5e44751e4c28625cfcdeb63318c26594dcf5e49b3f7e", "1ecf5f78eafdb097401bdab0a6cccd208e3138e69f211ce05a637647a93e80fc", "32dace58ee58267957aaa8a017e840c436a57f053ab0b871df5646bd39bb579f", "380d29048bbcf2c5970173398559e206b5c51fb165239b3c92fad7b3ae31105c", "2c8294f60b056c1d993563878908bfdcb61bcbbb8ea14ee03562f170adbd4378"], "mitre_attack_tags": []}, {"bi": "http-response-client-error", "hashes": ["26e3b061c2d49b302059275410affef6861073575bb4bab07c550c9501839d2b", "111cbaa942fc4b48f8c8ebf37c1284d1ecc15dd2d05c41c1f589a8fee04c72b5", "51ab9aedb438fa1f9dbbba0441220613d009fe99503303969292304f1388aca0", "3dde69b3d354fd374a1c8afe53b6505f4b3dbf61d492c8b919a13876956fe032", "3f45ff6372eb682493c9cb07d08000e13fd4155e1bdf9413e387fa294dec9abb", "281860389daf31e5ef4c54d7ce3e39372920b6142f15656c68f73232a373bd64", "047a9a51f834143cf63c7d82de9501b136e3cffb39220f633515d8c6cc1812be", "ec07002dd9624c2399f3103d5c87c739c6902af86497a5f4f5ad81d5c97ffb28", "3e10c7fc7676dab58eab3196b4b2994ab07bcc4e07638cecd8093e39815e9ec1", "539c82ab4dc05a8f109272e3e5e22a4aa6cbe94b3758f6da994deb0d99914d1c", "227f171b9e01439e9dd686fb83928a13182e4fef000fd5c034d1b3412187c1cf", "1be719d99a109606ef06bf8665c6f63374287b750065a170440cfb7ef4aea804", "0f90634f405bcd81107618ef105b4cf3f446f2fe6a80cd1b206b07b753ef4811", "5222ef991cfc04625e882984c215027d7582f1260c1c6a3d1252bcacf121f818", "2b6d05372a3b1064a8413a33fe8f5c2209870897447955a17b476b421c57253b", "4ff6ca90d9634f4596c39504b74809c8eee95443fdbf38dbcdc26737d98a1573", "3c0fc8702206f4bf2534bd3eb4cf74cd1f515d2e162e75079127fbf305aef850", "3034a6e006456b1016fc67069f6ad65498451922fd3b0ae874293cd90d59aa2b", "325877253c7b1bd550e99d80048b0e0fe4b014ef74dd1dcbb201318e73a4f62d", "1db79b4fb1bcd20ac3ba13af24f572a311baa582c16eb5b9d174649af582d3f6", "4a91f0549250484e09c70b42057edfce9068a0d963db9997ef793721274fe0a3", "54040f88d8ec184b8fee5e44751e4c28625cfcdeb63318c26594dcf5e49b3f7e", "1ecf5f78eafdb097401bdab0a6cccd208e3138e69f211ce05a637647a93e80fc", "32dace58ee58267957aaa8a017e840c436a57f053ab0b871df5646bd39bb579f", "380d29048bbcf2c5970173398559e206b5c51fb165239b3c92fad7b3ae31105c", "2c8294f60b056c1d993563878908bfdcb61bcbbb8ea14ee03562f170adbd4378"], "mitre_attack_tags": []}, {"bi": "deleted-submitted-file", "hashes": ["26e3b061c2d49b302059275410affef6861073575bb4bab07c550c9501839d2b", "111cbaa942fc4b48f8c8ebf37c1284d1ecc15dd2d05c41c1f589a8fee04c72b5", "51ab9aedb438fa1f9dbbba0441220613d009fe99503303969292304f1388aca0", "3dde69b3d354fd374a1c8afe53b6505f4b3dbf61d492c8b919a13876956fe032", "3f45ff6372eb682493c9cb07d08000e13fd4155e1bdf9413e387fa294dec9abb", "281860389daf31e5ef4c54d7ce3e39372920b6142f15656c68f73232a373bd64", "047a9a51f834143cf63c7d82de9501b136e3cffb39220f633515d8c6cc1812be", "ec07002dd9624c2399f3103d5c87c739c6902af86497a5f4f5ad81d5c97ffb28", "3e10c7fc7676dab58eab3196b4b2994ab07bcc4e07638cecd8093e39815e9ec1", "539c82ab4dc05a8f109272e3e5e22a4aa6cbe94b3758f6da994deb0d99914d1c", "227f171b9e01439e9dd686fb83928a13182e4fef000fd5c034d1b3412187c1cf", "1be719d99a109606ef06bf8665c6f63374287b750065a170440cfb7ef4aea804", "0f90634f405bcd81107618ef105b4cf3f446f2fe6a80cd1b206b07b753ef4811", "5222ef991cfc04625e882984c215027d7582f1260c1c6a3d1252bcacf121f818", "2b6d05372a3b1064a8413a33fe8f5c2209870897447955a17b476b421c57253b", "4ff6ca90d9634f4596c39504b74809c8eee95443fdbf38dbcdc26737d98a1573", "3c0fc8702206f4bf2534bd3eb4cf74cd1f515d2e162e75079127fbf305aef850", "3034a6e006456b1016fc67069f6ad65498451922fd3b0ae874293cd90d59aa2b", "325877253c7b1bd550e99d80048b0e0fe4b014ef74dd1dcbb201318e73a4f62d", "1db79b4fb1bcd20ac3ba13af24f572a311baa582c16eb5b9d174649af582d3f6", "4a91f0549250484e09c70b42057edfce9068a0d963db9997ef793721274fe0a3", "54040f88d8ec184b8fee5e44751e4c28625cfcdeb63318c26594dcf5e49b3f7e", "1ecf5f78eafdb097401bdab0a6cccd208e3138e69f211ce05a637647a93e80fc", "32dace58ee58267957aaa8a017e840c436a57f053ab0b871df5646bd39bb579f", "380d29048bbcf2c5970173398559e206b5c51fb165239b3c92fad7b3ae31105c", "2c8294f60b056c1d993563878908bfdcb61bcbbb8ea14ee03562f170adbd4378"], "mitre_attack_tags": ["TA0005", "T1070"]}, {"bi": "registry-autorun-key-modified", "hashes": ["26e3b061c2d49b302059275410affef6861073575bb4bab07c550c9501839d2b", "111cbaa942fc4b48f8c8ebf37c1284d1ecc15dd2d05c41c1f589a8fee04c72b5", "51ab9aedb438fa1f9dbbba0441220613d009fe99503303969292304f1388aca0", "3dde69b3d354fd374a1c8afe53b6505f4b3dbf61d492c8b919a13876956fe032", "3f45ff6372eb682493c9cb07d08000e13fd4155e1bdf9413e387fa294dec9abb", "281860389daf31e5ef4c54d7ce3e39372920b6142f15656c68f73232a373bd64", "047a9a51f834143cf63c7d82de9501b136e3cffb39220f633515d8c6cc1812be", "ec07002dd9624c2399f3103d5c87c739c6902af86497a5f4f5ad81d5c97ffb28", "3e10c7fc7676dab58eab3196b4b2994ab07bcc4e07638cecd8093e39815e9ec1", "539c82ab4dc05a8f109272e3e5e22a4aa6cbe94b3758f6da994deb0d99914d1c", "227f171b9e01439e9dd686fb83928a13182e4fef000fd5c034d1b3412187c1cf", "1be719d99a109606ef06bf8665c6f63374287b750065a170440cfb7ef4aea804", "0f90634f405bcd81107618ef105b4cf3f446f2fe6a80cd1b206b07b753ef4811", "5222ef991cfc04625e882984c215027d7582f1260c1c6a3d1252bcacf121f818", "2b6d05372a3b1064a8413a33fe8f5c2209870897447955a17b476b421c57253b", "4ff6ca90d9634f4596c39504b74809c8eee95443fdbf38dbcdc26737d98a1573", "3c0fc8702206f4bf2534bd3eb4cf74cd1f515d2e162e75079127fbf305aef850", "3034a6e006456b1016fc67069f6ad65498451922fd3b0ae874293cd90d59aa2b", "325877253c7b1bd550e99d80048b0e0fe4b014ef74dd1dcbb201318e73a4f62d", "1db79b4fb1bcd20ac3ba13af24f572a311baa582c16eb5b9d174649af582d3f6", "4a91f0549250484e09c70b42057edfce9068a0d963db9997ef793721274fe0a3", "54040f88d8ec184b8fee5e44751e4c28625cfcdeb63318c26594dcf5e49b3f7e", "1ecf5f78eafdb097401bdab0a6cccd208e3138e69f211ce05a637647a93e80fc", "32dace58ee58267957aaa8a017e840c436a57f053ab0b871df5646bd39bb579f", "380d29048bbcf2c5970173398559e206b5c51fb165239b3c92fad7b3ae31105c", "2c8294f60b056c1d993563878908bfdcb61bcbbb8ea14ee03562f170adbd4378"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "potential-registry-persistence", "hashes": ["26e3b061c2d49b302059275410affef6861073575bb4bab07c550c9501839d2b", "111cbaa942fc4b48f8c8ebf37c1284d1ecc15dd2d05c41c1f589a8fee04c72b5", "51ab9aedb438fa1f9dbbba0441220613d009fe99503303969292304f1388aca0", "3dde69b3d354fd374a1c8afe53b6505f4b3dbf61d492c8b919a13876956fe032", "3f45ff6372eb682493c9cb07d08000e13fd4155e1bdf9413e387fa294dec9abb", "281860389daf31e5ef4c54d7ce3e39372920b6142f15656c68f73232a373bd64", "047a9a51f834143cf63c7d82de9501b136e3cffb39220f633515d8c6cc1812be", "ec07002dd9624c2399f3103d5c87c739c6902af86497a5f4f5ad81d5c97ffb28", "3e10c7fc7676dab58eab3196b4b2994ab07bcc4e07638cecd8093e39815e9ec1", "539c82ab4dc05a8f109272e3e5e22a4aa6cbe94b3758f6da994deb0d99914d1c", "227f171b9e01439e9dd686fb83928a13182e4fef000fd5c034d1b3412187c1cf", "1be719d99a109606ef06bf8665c6f63374287b750065a170440cfb7ef4aea804", "0f90634f405bcd81107618ef105b4cf3f446f2fe6a80cd1b206b07b753ef4811", "5222ef991cfc04625e882984c215027d7582f1260c1c6a3d1252bcacf121f818", "2b6d05372a3b1064a8413a33fe8f5c2209870897447955a17b476b421c57253b", "4ff6ca90d9634f4596c39504b74809c8eee95443fdbf38dbcdc26737d98a1573", "3c0fc8702206f4bf2534bd3eb4cf74cd1f515d2e162e75079127fbf305aef850", "3034a6e006456b1016fc67069f6ad65498451922fd3b0ae874293cd90d59aa2b", "325877253c7b1bd550e99d80048b0e0fe4b014ef74dd1dcbb201318e73a4f62d", "1db79b4fb1bcd20ac3ba13af24f572a311baa582c16eb5b9d174649af582d3f6", "4a91f0549250484e09c70b42057edfce9068a0d963db9997ef793721274fe0a3", "54040f88d8ec184b8fee5e44751e4c28625cfcdeb63318c26594dcf5e49b3f7e", "1ecf5f78eafdb097401bdab0a6cccd208e3138e69f211ce05a637647a93e80fc", "32dace58ee58267957aaa8a017e840c436a57f053ab0b871df5646bd39bb579f", "380d29048bbcf2c5970173398559e206b5c51fb165239b3c92fad7b3ae31105c", "2c8294f60b056c1d993563878908bfdcb61bcbbb8ea14ee03562f170adbd4378"], "mitre_attack_tags": []}, {"bi": "http-response-redirect", "hashes": ["26e3b061c2d49b302059275410affef6861073575bb4bab07c550c9501839d2b", "111cbaa942fc4b48f8c8ebf37c1284d1ecc15dd2d05c41c1f589a8fee04c72b5", "51ab9aedb438fa1f9dbbba0441220613d009fe99503303969292304f1388aca0", "3dde69b3d354fd374a1c8afe53b6505f4b3dbf61d492c8b919a13876956fe032", "3f45ff6372eb682493c9cb07d08000e13fd4155e1bdf9413e387fa294dec9abb", "281860389daf31e5ef4c54d7ce3e39372920b6142f15656c68f73232a373bd64", "047a9a51f834143cf63c7d82de9501b136e3cffb39220f633515d8c6cc1812be", "ec07002dd9624c2399f3103d5c87c739c6902af86497a5f4f5ad81d5c97ffb28", "3e10c7fc7676dab58eab3196b4b2994ab07bcc4e07638cecd8093e39815e9ec1", "539c82ab4dc05a8f109272e3e5e22a4aa6cbe94b3758f6da994deb0d99914d1c", "227f171b9e01439e9dd686fb83928a13182e4fef000fd5c034d1b3412187c1cf", "1be719d99a109606ef06bf8665c6f63374287b750065a170440cfb7ef4aea804", "0f90634f405bcd81107618ef105b4cf3f446f2fe6a80cd1b206b07b753ef4811", "5222ef991cfc04625e882984c215027d7582f1260c1c6a3d1252bcacf121f818", "2b6d05372a3b1064a8413a33fe8f5c2209870897447955a17b476b421c57253b", "4ff6ca90d9634f4596c39504b74809c8eee95443fdbf38dbcdc26737d98a1573", "3c0fc8702206f4bf2534bd3eb4cf74cd1f515d2e162e75079127fbf305aef850", "3034a6e006456b1016fc67069f6ad65498451922fd3b0ae874293cd90d59aa2b", "325877253c7b1bd550e99d80048b0e0fe4b014ef74dd1dcbb201318e73a4f62d", "1db79b4fb1bcd20ac3ba13af24f572a311baa582c16eb5b9d174649af582d3f6", "4a91f0549250484e09c70b42057edfce9068a0d963db9997ef793721274fe0a3", "54040f88d8ec184b8fee5e44751e4c28625cfcdeb63318c26594dcf5e49b3f7e", "1ecf5f78eafdb097401bdab0a6cccd208e3138e69f211ce05a637647a93e80fc", "32dace58ee58267957aaa8a017e840c436a57f053ab0b871df5646bd39bb579f", "380d29048bbcf2c5970173398559e206b5c51fb165239b3c92fad7b3ae31105c", "2c8294f60b056c1d993563878908bfdcb61bcbbb8ea14ee03562f170adbd4378"], "mitre_attack_tags": []}, {"bi": "pe-tls-callback", "hashes": ["26e3b061c2d49b302059275410affef6861073575bb4bab07c550c9501839d2b", "111cbaa942fc4b48f8c8ebf37c1284d1ecc15dd2d05c41c1f589a8fee04c72b5", "51ab9aedb438fa1f9dbbba0441220613d009fe99503303969292304f1388aca0", "3dde69b3d354fd374a1c8afe53b6505f4b3dbf61d492c8b919a13876956fe032", "3f45ff6372eb682493c9cb07d08000e13fd4155e1bdf9413e387fa294dec9abb", "281860389daf31e5ef4c54d7ce3e39372920b6142f15656c68f73232a373bd64", "047a9a51f834143cf63c7d82de9501b136e3cffb39220f633515d8c6cc1812be", "ec07002dd9624c2399f3103d5c87c739c6902af86497a5f4f5ad81d5c97ffb28", "3e10c7fc7676dab58eab3196b4b2994ab07bcc4e07638cecd8093e39815e9ec1", "539c82ab4dc05a8f109272e3e5e22a4aa6cbe94b3758f6da994deb0d99914d1c", "227f171b9e01439e9dd686fb83928a13182e4fef000fd5c034d1b3412187c1cf", "1be719d99a109606ef06bf8665c6f63374287b750065a170440cfb7ef4aea804", "0f90634f405bcd81107618ef105b4cf3f446f2fe6a80cd1b206b07b753ef4811", "5222ef991cfc04625e882984c215027d7582f1260c1c6a3d1252bcacf121f818", "2b6d05372a3b1064a8413a33fe8f5c2209870897447955a17b476b421c57253b", "4ff6ca90d9634f4596c39504b74809c8eee95443fdbf38dbcdc26737d98a1573", "3c0fc8702206f4bf2534bd3eb4cf74cd1f515d2e162e75079127fbf305aef850", "3034a6e006456b1016fc67069f6ad65498451922fd3b0ae874293cd90d59aa2b", "325877253c7b1bd550e99d80048b0e0fe4b014ef74dd1dcbb201318e73a4f62d", "1db79b4fb1bcd20ac3ba13af24f572a311baa582c16eb5b9d174649af582d3f6", "4a91f0549250484e09c70b42057edfce9068a0d963db9997ef793721274fe0a3", "54040f88d8ec184b8fee5e44751e4c28625cfcdeb63318c26594dcf5e49b3f7e", "1ecf5f78eafdb097401bdab0a6cccd208e3138e69f211ce05a637647a93e80fc", "32dace58ee58267957aaa8a017e840c436a57f053ab0b871df5646bd39bb579f", "380d29048bbcf2c5970173398559e206b5c51fb165239b3c92fad7b3ae31105c", "2c8294f60b056c1d993563878908bfdcb61bcbbb8ea14ee03562f170adbd4378"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "sample-pe-modified-on-disk", "hashes": ["26e3b061c2d49b302059275410affef6861073575bb4bab07c550c9501839d2b", "111cbaa942fc4b48f8c8ebf37c1284d1ecc15dd2d05c41c1f589a8fee04c72b5", "51ab9aedb438fa1f9dbbba0441220613d009fe99503303969292304f1388aca0", "3dde69b3d354fd374a1c8afe53b6505f4b3dbf61d492c8b919a13876956fe032", "3f45ff6372eb682493c9cb07d08000e13fd4155e1bdf9413e387fa294dec9abb", "281860389daf31e5ef4c54d7ce3e39372920b6142f15656c68f73232a373bd64", "047a9a51f834143cf63c7d82de9501b136e3cffb39220f633515d8c6cc1812be", "ec07002dd9624c2399f3103d5c87c739c6902af86497a5f4f5ad81d5c97ffb28", "3e10c7fc7676dab58eab3196b4b2994ab07bcc4e07638cecd8093e39815e9ec1", "539c82ab4dc05a8f109272e3e5e22a4aa6cbe94b3758f6da994deb0d99914d1c", "227f171b9e01439e9dd686fb83928a13182e4fef000fd5c034d1b3412187c1cf", "1be719d99a109606ef06bf8665c6f63374287b750065a170440cfb7ef4aea804", "0f90634f405bcd81107618ef105b4cf3f446f2fe6a80cd1b206b07b753ef4811", "5222ef991cfc04625e882984c215027d7582f1260c1c6a3d1252bcacf121f818", "2b6d05372a3b1064a8413a33fe8f5c2209870897447955a17b476b421c57253b", "4ff6ca90d9634f4596c39504b74809c8eee95443fdbf38dbcdc26737d98a1573", "3c0fc8702206f4bf2534bd3eb4cf74cd1f515d2e162e75079127fbf305aef850", "3034a6e006456b1016fc67069f6ad65498451922fd3b0ae874293cd90d59aa2b", "325877253c7b1bd550e99d80048b0e0fe4b014ef74dd1dcbb201318e73a4f62d", "1db79b4fb1bcd20ac3ba13af24f572a311baa582c16eb5b9d174649af582d3f6", "4a91f0549250484e09c70b42057edfce9068a0d963db9997ef793721274fe0a3", "54040f88d8ec184b8fee5e44751e4c28625cfcdeb63318c26594dcf5e49b3f7e", "1ecf5f78eafdb097401bdab0a6cccd208e3138e69f211ce05a637647a93e80fc", "32dace58ee58267957aaa8a017e840c436a57f053ab0b871df5646bd39bb579f", "380d29048bbcf2c5970173398559e206b5c51fb165239b3c92fad7b3ae31105c", "2c8294f60b056c1d993563878908bfdcb61bcbbb8ea14ee03562f170adbd4378"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "malware-compound-cta-activity", "hashes": ["26e3b061c2d49b302059275410affef6861073575bb4bab07c550c9501839d2b", "111cbaa942fc4b48f8c8ebf37c1284d1ecc15dd2d05c41c1f589a8fee04c72b5", "51ab9aedb438fa1f9dbbba0441220613d009fe99503303969292304f1388aca0", "3dde69b3d354fd374a1c8afe53b6505f4b3dbf61d492c8b919a13876956fe032", "3f45ff6372eb682493c9cb07d08000e13fd4155e1bdf9413e387fa294dec9abb", "281860389daf31e5ef4c54d7ce3e39372920b6142f15656c68f73232a373bd64", "047a9a51f834143cf63c7d82de9501b136e3cffb39220f633515d8c6cc1812be", "ec07002dd9624c2399f3103d5c87c739c6902af86497a5f4f5ad81d5c97ffb28", "3e10c7fc7676dab58eab3196b4b2994ab07bcc4e07638cecd8093e39815e9ec1", "539c82ab4dc05a8f109272e3e5e22a4aa6cbe94b3758f6da994deb0d99914d1c", "227f171b9e01439e9dd686fb83928a13182e4fef000fd5c034d1b3412187c1cf", "1be719d99a109606ef06bf8665c6f63374287b750065a170440cfb7ef4aea804", "0f90634f405bcd81107618ef105b4cf3f446f2fe6a80cd1b206b07b753ef4811", "5222ef991cfc04625e882984c215027d7582f1260c1c6a3d1252bcacf121f818", "2b6d05372a3b1064a8413a33fe8f5c2209870897447955a17b476b421c57253b", "4ff6ca90d9634f4596c39504b74809c8eee95443fdbf38dbcdc26737d98a1573", "3c0fc8702206f4bf2534bd3eb4cf74cd1f515d2e162e75079127fbf305aef850", "3034a6e006456b1016fc67069f6ad65498451922fd3b0ae874293cd90d59aa2b", "325877253c7b1bd550e99d80048b0e0fe4b014ef74dd1dcbb201318e73a4f62d", "1db79b4fb1bcd20ac3ba13af24f572a311baa582c16eb5b9d174649af582d3f6", "4a91f0549250484e09c70b42057edfce9068a0d963db9997ef793721274fe0a3", "54040f88d8ec184b8fee5e44751e4c28625cfcdeb63318c26594dcf5e49b3f7e", "1ecf5f78eafdb097401bdab0a6cccd208e3138e69f211ce05a637647a93e80fc", "32dace58ee58267957aaa8a017e840c436a57f053ab0b871df5646bd39bb579f", "380d29048bbcf2c5970173398559e206b5c51fb165239b3c92fad7b3ae31105c", "2c8294f60b056c1d993563878908bfdcb61bcbbb8ea14ee03562f170adbd4378"], "mitre_attack_tags": []}, {"bi": "task-manager-disabled", "hashes": ["26e3b061c2d49b302059275410affef6861073575bb4bab07c550c9501839d2b", "111cbaa942fc4b48f8c8ebf37c1284d1ecc15dd2d05c41c1f589a8fee04c72b5", "51ab9aedb438fa1f9dbbba0441220613d009fe99503303969292304f1388aca0", "3dde69b3d354fd374a1c8afe53b6505f4b3dbf61d492c8b919a13876956fe032", "3f45ff6372eb682493c9cb07d08000e13fd4155e1bdf9413e387fa294dec9abb", "281860389daf31e5ef4c54d7ce3e39372920b6142f15656c68f73232a373bd64", "047a9a51f834143cf63c7d82de9501b136e3cffb39220f633515d8c6cc1812be", "ec07002dd9624c2399f3103d5c87c739c6902af86497a5f4f5ad81d5c97ffb28", "3e10c7fc7676dab58eab3196b4b2994ab07bcc4e07638cecd8093e39815e9ec1", "539c82ab4dc05a8f109272e3e5e22a4aa6cbe94b3758f6da994deb0d99914d1c", "227f171b9e01439e9dd686fb83928a13182e4fef000fd5c034d1b3412187c1cf", "1be719d99a109606ef06bf8665c6f63374287b750065a170440cfb7ef4aea804", "0f90634f405bcd81107618ef105b4cf3f446f2fe6a80cd1b206b07b753ef4811", "5222ef991cfc04625e882984c215027d7582f1260c1c6a3d1252bcacf121f818", "2b6d05372a3b1064a8413a33fe8f5c2209870897447955a17b476b421c57253b", "4ff6ca90d9634f4596c39504b74809c8eee95443fdbf38dbcdc26737d98a1573", "3c0fc8702206f4bf2534bd3eb4cf74cd1f515d2e162e75079127fbf305aef850", "3034a6e006456b1016fc67069f6ad65498451922fd3b0ae874293cd90d59aa2b", "325877253c7b1bd550e99d80048b0e0fe4b014ef74dd1dcbb201318e73a4f62d", "1db79b4fb1bcd20ac3ba13af24f572a311baa582c16eb5b9d174649af582d3f6", "4a91f0549250484e09c70b42057edfce9068a0d963db9997ef793721274fe0a3", "54040f88d8ec184b8fee5e44751e4c28625cfcdeb63318c26594dcf5e49b3f7e", "1ecf5f78eafdb097401bdab0a6cccd208e3138e69f211ce05a637647a93e80fc", "32dace58ee58267957aaa8a017e840c436a57f053ab0b871df5646bd39bb579f", "380d29048bbcf2c5970173398559e206b5c51fb165239b3c92fad7b3ae31105c", "2c8294f60b056c1d993563878908bfdcb61bcbbb8ea14ee03562f170adbd4378"], "mitre_attack_tags": ["TA0040", "T1499"]}, {"bi": "pe-header-timestamp-prior", "hashes": ["26e3b061c2d49b302059275410affef6861073575bb4bab07c550c9501839d2b", "111cbaa942fc4b48f8c8ebf37c1284d1ecc15dd2d05c41c1f589a8fee04c72b5", "51ab9aedb438fa1f9dbbba0441220613d009fe99503303969292304f1388aca0", "3dde69b3d354fd374a1c8afe53b6505f4b3dbf61d492c8b919a13876956fe032", "3f45ff6372eb682493c9cb07d08000e13fd4155e1bdf9413e387fa294dec9abb", "281860389daf31e5ef4c54d7ce3e39372920b6142f15656c68f73232a373bd64", "047a9a51f834143cf63c7d82de9501b136e3cffb39220f633515d8c6cc1812be", "ec07002dd9624c2399f3103d5c87c739c6902af86497a5f4f5ad81d5c97ffb28", "3e10c7fc7676dab58eab3196b4b2994ab07bcc4e07638cecd8093e39815e9ec1", "539c82ab4dc05a8f109272e3e5e22a4aa6cbe94b3758f6da994deb0d99914d1c", "227f171b9e01439e9dd686fb83928a13182e4fef000fd5c034d1b3412187c1cf", "1be719d99a109606ef06bf8665c6f63374287b750065a170440cfb7ef4aea804", "0f90634f405bcd81107618ef105b4cf3f446f2fe6a80cd1b206b07b753ef4811", "5222ef991cfc04625e882984c215027d7582f1260c1c6a3d1252bcacf121f818", "2b6d05372a3b1064a8413a33fe8f5c2209870897447955a17b476b421c57253b", "4ff6ca90d9634f4596c39504b74809c8eee95443fdbf38dbcdc26737d98a1573", "3c0fc8702206f4bf2534bd3eb4cf74cd1f515d2e162e75079127fbf305aef850", "3034a6e006456b1016fc67069f6ad65498451922fd3b0ae874293cd90d59aa2b", "325877253c7b1bd550e99d80048b0e0fe4b014ef74dd1dcbb201318e73a4f62d", "1db79b4fb1bcd20ac3ba13af24f572a311baa582c16eb5b9d174649af582d3f6", "4a91f0549250484e09c70b42057edfce9068a0d963db9997ef793721274fe0a3", "54040f88d8ec184b8fee5e44751e4c28625cfcdeb63318c26594dcf5e49b3f7e", "1ecf5f78eafdb097401bdab0a6cccd208e3138e69f211ce05a637647a93e80fc", "32dace58ee58267957aaa8a017e840c436a57f053ab0b871df5646bd39bb579f", "380d29048bbcf2c5970173398559e206b5c51fb165239b3c92fad7b3ae31105c", "2c8294f60b056c1d993563878908bfdcb61bcbbb8ea14ee03562f170adbd4378"], "mitre_attack_tags": []}, {"bi": "pe-header-timestamp-null", "hashes": ["26e3b061c2d49b302059275410affef6861073575bb4bab07c550c9501839d2b", "111cbaa942fc4b48f8c8ebf37c1284d1ecc15dd2d05c41c1f589a8fee04c72b5", "51ab9aedb438fa1f9dbbba0441220613d009fe99503303969292304f1388aca0", "3dde69b3d354fd374a1c8afe53b6505f4b3dbf61d492c8b919a13876956fe032", "3f45ff6372eb682493c9cb07d08000e13fd4155e1bdf9413e387fa294dec9abb", "281860389daf31e5ef4c54d7ce3e39372920b6142f15656c68f73232a373bd64", "047a9a51f834143cf63c7d82de9501b136e3cffb39220f633515d8c6cc1812be", "ec07002dd9624c2399f3103d5c87c739c6902af86497a5f4f5ad81d5c97ffb28", "3e10c7fc7676dab58eab3196b4b2994ab07bcc4e07638cecd8093e39815e9ec1", "539c82ab4dc05a8f109272e3e5e22a4aa6cbe94b3758f6da994deb0d99914d1c", "227f171b9e01439e9dd686fb83928a13182e4fef000fd5c034d1b3412187c1cf", "1be719d99a109606ef06bf8665c6f63374287b750065a170440cfb7ef4aea804", "0f90634f405bcd81107618ef105b4cf3f446f2fe6a80cd1b206b07b753ef4811", "5222ef991cfc04625e882984c215027d7582f1260c1c6a3d1252bcacf121f818", "2b6d05372a3b1064a8413a33fe8f5c2209870897447955a17b476b421c57253b", "4ff6ca90d9634f4596c39504b74809c8eee95443fdbf38dbcdc26737d98a1573", "3c0fc8702206f4bf2534bd3eb4cf74cd1f515d2e162e75079127fbf305aef850", "3034a6e006456b1016fc67069f6ad65498451922fd3b0ae874293cd90d59aa2b", "325877253c7b1bd550e99d80048b0e0fe4b014ef74dd1dcbb201318e73a4f62d", "1db79b4fb1bcd20ac3ba13af24f572a311baa582c16eb5b9d174649af582d3f6", "4a91f0549250484e09c70b42057edfce9068a0d963db9997ef793721274fe0a3", "54040f88d8ec184b8fee5e44751e4c28625cfcdeb63318c26594dcf5e49b3f7e", "1ecf5f78eafdb097401bdab0a6cccd208e3138e69f211ce05a637647a93e80fc", "32dace58ee58267957aaa8a017e840c436a57f053ab0b871df5646bd39bb579f", "380d29048bbcf2c5970173398559e206b5c51fb165239b3c92fad7b3ae31105c", "2c8294f60b056c1d993563878908bfdcb61bcbbb8ea14ee03562f170adbd4378"], "mitre_attack_tags": []}, {"bi": "sample-modified-deleted", "hashes": ["26e3b061c2d49b302059275410affef6861073575bb4bab07c550c9501839d2b", "111cbaa942fc4b48f8c8ebf37c1284d1ecc15dd2d05c41c1f589a8fee04c72b5", "51ab9aedb438fa1f9dbbba0441220613d009fe99503303969292304f1388aca0", "3dde69b3d354fd374a1c8afe53b6505f4b3dbf61d492c8b919a13876956fe032", "3f45ff6372eb682493c9cb07d08000e13fd4155e1bdf9413e387fa294dec9abb", "281860389daf31e5ef4c54d7ce3e39372920b6142f15656c68f73232a373bd64", "047a9a51f834143cf63c7d82de9501b136e3cffb39220f633515d8c6cc1812be", "ec07002dd9624c2399f3103d5c87c739c6902af86497a5f4f5ad81d5c97ffb28", "3e10c7fc7676dab58eab3196b4b2994ab07bcc4e07638cecd8093e39815e9ec1", "539c82ab4dc05a8f109272e3e5e22a4aa6cbe94b3758f6da994deb0d99914d1c", "227f171b9e01439e9dd686fb83928a13182e4fef000fd5c034d1b3412187c1cf", "1be719d99a109606ef06bf8665c6f63374287b750065a170440cfb7ef4aea804", "0f90634f405bcd81107618ef105b4cf3f446f2fe6a80cd1b206b07b753ef4811", "5222ef991cfc04625e882984c215027d7582f1260c1c6a3d1252bcacf121f818", "2b6d05372a3b1064a8413a33fe8f5c2209870897447955a17b476b421c57253b", "4ff6ca90d9634f4596c39504b74809c8eee95443fdbf38dbcdc26737d98a1573", "3c0fc8702206f4bf2534bd3eb4cf74cd1f515d2e162e75079127fbf305aef850", "3034a6e006456b1016fc67069f6ad65498451922fd3b0ae874293cd90d59aa2b", "325877253c7b1bd550e99d80048b0e0fe4b014ef74dd1dcbb201318e73a4f62d", "1db79b4fb1bcd20ac3ba13af24f572a311baa582c16eb5b9d174649af582d3f6", "4a91f0549250484e09c70b42057edfce9068a0d963db9997ef793721274fe0a3", "54040f88d8ec184b8fee5e44751e4c28625cfcdeb63318c26594dcf5e49b3f7e", "1ecf5f78eafdb097401bdab0a6cccd208e3138e69f211ce05a637647a93e80fc", "32dace58ee58267957aaa8a017e840c436a57f053ab0b871df5646bd39bb579f", "380d29048bbcf2c5970173398559e206b5c51fb165239b3c92fad7b3ae31105c", "2c8294f60b056c1d993563878908bfdcb61bcbbb8ea14ee03562f170adbd4378"], "mitre_attack_tags": ["TA0005", "T1070"]}, {"bi": "malware-dridex-detected", "hashes": ["26e3b061c2d49b302059275410affef6861073575bb4bab07c550c9501839d2b", "111cbaa942fc4b48f8c8ebf37c1284d1ecc15dd2d05c41c1f589a8fee04c72b5", "51ab9aedb438fa1f9dbbba0441220613d009fe99503303969292304f1388aca0", "3dde69b3d354fd374a1c8afe53b6505f4b3dbf61d492c8b919a13876956fe032", "3f45ff6372eb682493c9cb07d08000e13fd4155e1bdf9413e387fa294dec9abb", "281860389daf31e5ef4c54d7ce3e39372920b6142f15656c68f73232a373bd64", "047a9a51f834143cf63c7d82de9501b136e3cffb39220f633515d8c6cc1812be", "ec07002dd9624c2399f3103d5c87c739c6902af86497a5f4f5ad81d5c97ffb28", "3e10c7fc7676dab58eab3196b4b2994ab07bcc4e07638cecd8093e39815e9ec1", "539c82ab4dc05a8f109272e3e5e22a4aa6cbe94b3758f6da994deb0d99914d1c", "227f171b9e01439e9dd686fb83928a13182e4fef000fd5c034d1b3412187c1cf", "1be719d99a109606ef06bf8665c6f63374287b750065a170440cfb7ef4aea804", "0f90634f405bcd81107618ef105b4cf3f446f2fe6a80cd1b206b07b753ef4811", "5222ef991cfc04625e882984c215027d7582f1260c1c6a3d1252bcacf121f818", "2b6d05372a3b1064a8413a33fe8f5c2209870897447955a17b476b421c57253b", "4ff6ca90d9634f4596c39504b74809c8eee95443fdbf38dbcdc26737d98a1573", "3c0fc8702206f4bf2534bd3eb4cf74cd1f515d2e162e75079127fbf305aef850", "3034a6e006456b1016fc67069f6ad65498451922fd3b0ae874293cd90d59aa2b", "325877253c7b1bd550e99d80048b0e0fe4b014ef74dd1dcbb201318e73a4f62d", "1db79b4fb1bcd20ac3ba13af24f572a311baa582c16eb5b9d174649af582d3f6", "4a91f0549250484e09c70b42057edfce9068a0d963db9997ef793721274fe0a3", "54040f88d8ec184b8fee5e44751e4c28625cfcdeb63318c26594dcf5e49b3f7e", "1ecf5f78eafdb097401bdab0a6cccd208e3138e69f211ce05a637647a93e80fc", "32dace58ee58267957aaa8a017e840c436a57f053ab0b871df5646bd39bb579f", "380d29048bbcf2c5970173398559e206b5c51fb165239b3c92fad7b3ae31105c", "2c8294f60b056c1d993563878908bfdcb61bcbbb8ea14ee03562f170adbd4378"], "mitre_attack_tags": []}, {"bi": "url-pastebin-service", "hashes": ["26e3b061c2d49b302059275410affef6861073575bb4bab07c550c9501839d2b", "111cbaa942fc4b48f8c8ebf37c1284d1ecc15dd2d05c41c1f589a8fee04c72b5", "51ab9aedb438fa1f9dbbba0441220613d009fe99503303969292304f1388aca0", "3dde69b3d354fd374a1c8afe53b6505f4b3dbf61d492c8b919a13876956fe032", "3f45ff6372eb682493c9cb07d08000e13fd4155e1bdf9413e387fa294dec9abb", "281860389daf31e5ef4c54d7ce3e39372920b6142f15656c68f73232a373bd64", "047a9a51f834143cf63c7d82de9501b136e3cffb39220f633515d8c6cc1812be", "ec07002dd9624c2399f3103d5c87c739c6902af86497a5f4f5ad81d5c97ffb28", "3e10c7fc7676dab58eab3196b4b2994ab07bcc4e07638cecd8093e39815e9ec1", "539c82ab4dc05a8f109272e3e5e22a4aa6cbe94b3758f6da994deb0d99914d1c", "227f171b9e01439e9dd686fb83928a13182e4fef000fd5c034d1b3412187c1cf", "1be719d99a109606ef06bf8665c6f63374287b750065a170440cfb7ef4aea804", "0f90634f405bcd81107618ef105b4cf3f446f2fe6a80cd1b206b07b753ef4811", "5222ef991cfc04625e882984c215027d7582f1260c1c6a3d1252bcacf121f818", "2b6d05372a3b1064a8413a33fe8f5c2209870897447955a17b476b421c57253b", "4ff6ca90d9634f4596c39504b74809c8eee95443fdbf38dbcdc26737d98a1573", "3c0fc8702206f4bf2534bd3eb4cf74cd1f515d2e162e75079127fbf305aef850", "3034a6e006456b1016fc67069f6ad65498451922fd3b0ae874293cd90d59aa2b", "325877253c7b1bd550e99d80048b0e0fe4b014ef74dd1dcbb201318e73a4f62d", "1db79b4fb1bcd20ac3ba13af24f572a311baa582c16eb5b9d174649af582d3f6", "4a91f0549250484e09c70b42057edfce9068a0d963db9997ef793721274fe0a3", "54040f88d8ec184b8fee5e44751e4c28625cfcdeb63318c26594dcf5e49b3f7e", "1ecf5f78eafdb097401bdab0a6cccd208e3138e69f211ce05a637647a93e80fc", "32dace58ee58267957aaa8a017e840c436a57f053ab0b871df5646bd39bb579f", "380d29048bbcf2c5970173398559e206b5c51fb165239b3c92fad7b3ae31105c", "2c8294f60b056c1d993563878908bfdcb61bcbbb8ea14ee03562f170adbd4378"], "mitre_attack_tags": ["TA0011", "T1102"]}, {"bi": "hook-installed", "hashes": ["26e3b061c2d49b302059275410affef6861073575bb4bab07c550c9501839d2b", "111cbaa942fc4b48f8c8ebf37c1284d1ecc15dd2d05c41c1f589a8fee04c72b5", "51ab9aedb438fa1f9dbbba0441220613d009fe99503303969292304f1388aca0", "3dde69b3d354fd374a1c8afe53b6505f4b3dbf61d492c8b919a13876956fe032", "281860389daf31e5ef4c54d7ce3e39372920b6142f15656c68f73232a373bd64", "047a9a51f834143cf63c7d82de9501b136e3cffb39220f633515d8c6cc1812be", "ec07002dd9624c2399f3103d5c87c739c6902af86497a5f4f5ad81d5c97ffb28", "3e10c7fc7676dab58eab3196b4b2994ab07bcc4e07638cecd8093e39815e9ec1", "539c82ab4dc05a8f109272e3e5e22a4aa6cbe94b3758f6da994deb0d99914d1c", "227f171b9e01439e9dd686fb83928a13182e4fef000fd5c034d1b3412187c1cf", "1be719d99a109606ef06bf8665c6f63374287b750065a170440cfb7ef4aea804", "0f90634f405bcd81107618ef105b4cf3f446f2fe6a80cd1b206b07b753ef4811", "5222ef991cfc04625e882984c215027d7582f1260c1c6a3d1252bcacf121f818", "2b6d05372a3b1064a8413a33fe8f5c2209870897447955a17b476b421c57253b", "4ff6ca90d9634f4596c39504b74809c8eee95443fdbf38dbcdc26737d98a1573", "3c0fc8702206f4bf2534bd3eb4cf74cd1f515d2e162e75079127fbf305aef850", "3034a6e006456b1016fc67069f6ad65498451922fd3b0ae874293cd90d59aa2b", "325877253c7b1bd550e99d80048b0e0fe4b014ef74dd1dcbb201318e73a4f62d", "1db79b4fb1bcd20ac3ba13af24f572a311baa582c16eb5b9d174649af582d3f6", "4a91f0549250484e09c70b42057edfce9068a0d963db9997ef793721274fe0a3", "54040f88d8ec184b8fee5e44751e4c28625cfcdeb63318c26594dcf5e49b3f7e", "1ecf5f78eafdb097401bdab0a6cccd208e3138e69f211ce05a637647a93e80fc", "32dace58ee58267957aaa8a017e840c436a57f053ab0b871df5646bd39bb579f", "380d29048bbcf2c5970173398559e206b5c51fb165239b3c92fad7b3ae31105c", "2c8294f60b056c1d993563878908bfdcb61bcbbb8ea14ee03562f170adbd4378"], "mitre_attack_tags": ["TA0009", "TA0006", "T1056"]}, {"bi": "windows-os-reboot-detected", "hashes": ["26e3b061c2d49b302059275410affef6861073575bb4bab07c550c9501839d2b", "111cbaa942fc4b48f8c8ebf37c1284d1ecc15dd2d05c41c1f589a8fee04c72b5", "51ab9aedb438fa1f9dbbba0441220613d009fe99503303969292304f1388aca0", "3dde69b3d354fd374a1c8afe53b6505f4b3dbf61d492c8b919a13876956fe032", "281860389daf31e5ef4c54d7ce3e39372920b6142f15656c68f73232a373bd64", "047a9a51f834143cf63c7d82de9501b136e3cffb39220f633515d8c6cc1812be", "ec07002dd9624c2399f3103d5c87c739c6902af86497a5f4f5ad81d5c97ffb28", "3e10c7fc7676dab58eab3196b4b2994ab07bcc4e07638cecd8093e39815e9ec1", "539c82ab4dc05a8f109272e3e5e22a4aa6cbe94b3758f6da994deb0d99914d1c", "227f171b9e01439e9dd686fb83928a13182e4fef000fd5c034d1b3412187c1cf", "1be719d99a109606ef06bf8665c6f63374287b750065a170440cfb7ef4aea804", "0f90634f405bcd81107618ef105b4cf3f446f2fe6a80cd1b206b07b753ef4811", "5222ef991cfc04625e882984c215027d7582f1260c1c6a3d1252bcacf121f818", "2b6d05372a3b1064a8413a33fe8f5c2209870897447955a17b476b421c57253b", "4ff6ca90d9634f4596c39504b74809c8eee95443fdbf38dbcdc26737d98a1573", "3c0fc8702206f4bf2534bd3eb4cf74cd1f515d2e162e75079127fbf305aef850", "3034a6e006456b1016fc67069f6ad65498451922fd3b0ae874293cd90d59aa2b", "325877253c7b1bd550e99d80048b0e0fe4b014ef74dd1dcbb201318e73a4f62d", "1db79b4fb1bcd20ac3ba13af24f572a311baa582c16eb5b9d174649af582d3f6", "4a91f0549250484e09c70b42057edfce9068a0d963db9997ef793721274fe0a3", "54040f88d8ec184b8fee5e44751e4c28625cfcdeb63318c26594dcf5e49b3f7e", "1ecf5f78eafdb097401bdab0a6cccd208e3138e69f211ce05a637647a93e80fc", "32dace58ee58267957aaa8a017e840c436a57f053ab0b871df5646bd39bb579f", "380d29048bbcf2c5970173398559e206b5c51fb165239b3c92fad7b3ae31105c", "2c8294f60b056c1d993563878908bfdcb61bcbbb8ea14ee03562f170adbd4378"], "mitre_attack_tags": ["TA0040", "T1529"]}, {"bi": "artifact-windows-task", "hashes": ["26e3b061c2d49b302059275410affef6861073575bb4bab07c550c9501839d2b", "111cbaa942fc4b48f8c8ebf37c1284d1ecc15dd2d05c41c1f589a8fee04c72b5", "51ab9aedb438fa1f9dbbba0441220613d009fe99503303969292304f1388aca0", "3dde69b3d354fd374a1c8afe53b6505f4b3dbf61d492c8b919a13876956fe032", "281860389daf31e5ef4c54d7ce3e39372920b6142f15656c68f73232a373bd64", "047a9a51f834143cf63c7d82de9501b136e3cffb39220f633515d8c6cc1812be", "ec07002dd9624c2399f3103d5c87c739c6902af86497a5f4f5ad81d5c97ffb28", "3e10c7fc7676dab58eab3196b4b2994ab07bcc4e07638cecd8093e39815e9ec1", "539c82ab4dc05a8f109272e3e5e22a4aa6cbe94b3758f6da994deb0d99914d1c", "227f171b9e01439e9dd686fb83928a13182e4fef000fd5c034d1b3412187c1cf", "1be719d99a109606ef06bf8665c6f63374287b750065a170440cfb7ef4aea804", "0f90634f405bcd81107618ef105b4cf3f446f2fe6a80cd1b206b07b753ef4811", "2b6d05372a3b1064a8413a33fe8f5c2209870897447955a17b476b421c57253b", "4ff6ca90d9634f4596c39504b74809c8eee95443fdbf38dbcdc26737d98a1573", "3c0fc8702206f4bf2534bd3eb4cf74cd1f515d2e162e75079127fbf305aef850", "3034a6e006456b1016fc67069f6ad65498451922fd3b0ae874293cd90d59aa2b", "325877253c7b1bd550e99d80048b0e0fe4b014ef74dd1dcbb201318e73a4f62d", "1db79b4fb1bcd20ac3ba13af24f572a311baa582c16eb5b9d174649af582d3f6", "4a91f0549250484e09c70b42057edfce9068a0d963db9997ef793721274fe0a3", "54040f88d8ec184b8fee5e44751e4c28625cfcdeb63318c26594dcf5e49b3f7e", "1ecf5f78eafdb097401bdab0a6cccd208e3138e69f211ce05a637647a93e80fc", "32dace58ee58267957aaa8a017e840c436a57f053ab0b871df5646bd39bb579f", "380d29048bbcf2c5970173398559e206b5c51fb165239b3c92fad7b3ae31105c", "2c8294f60b056c1d993563878908bfdcb61bcbbb8ea14ee03562f170adbd4378"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1053"]}, {"bi": "imports-IsDebuggerPresent", "hashes": ["26e3b061c2d49b302059275410affef6861073575bb4bab07c550c9501839d2b", "111cbaa942fc4b48f8c8ebf37c1284d1ecc15dd2d05c41c1f589a8fee04c72b5", "51ab9aedb438fa1f9dbbba0441220613d009fe99503303969292304f1388aca0", "3dde69b3d354fd374a1c8afe53b6505f4b3dbf61d492c8b919a13876956fe032", "281860389daf31e5ef4c54d7ce3e39372920b6142f15656c68f73232a373bd64", "047a9a51f834143cf63c7d82de9501b136e3cffb39220f633515d8c6cc1812be", "ec07002dd9624c2399f3103d5c87c739c6902af86497a5f4f5ad81d5c97ffb28", "3e10c7fc7676dab58eab3196b4b2994ab07bcc4e07638cecd8093e39815e9ec1", "539c82ab4dc05a8f109272e3e5e22a4aa6cbe94b3758f6da994deb0d99914d1c", "227f171b9e01439e9dd686fb83928a13182e4fef000fd5c034d1b3412187c1cf", "1be719d99a109606ef06bf8665c6f63374287b750065a170440cfb7ef4aea804", "0f90634f405bcd81107618ef105b4cf3f446f2fe6a80cd1b206b07b753ef4811", "2b6d05372a3b1064a8413a33fe8f5c2209870897447955a17b476b421c57253b", "4ff6ca90d9634f4596c39504b74809c8eee95443fdbf38dbcdc26737d98a1573", "3c0fc8702206f4bf2534bd3eb4cf74cd1f515d2e162e75079127fbf305aef850", "3034a6e006456b1016fc67069f6ad65498451922fd3b0ae874293cd90d59aa2b", "325877253c7b1bd550e99d80048b0e0fe4b014ef74dd1dcbb201318e73a4f62d", "1db79b4fb1bcd20ac3ba13af24f572a311baa582c16eb5b9d174649af582d3f6", "4a91f0549250484e09c70b42057edfce9068a0d963db9997ef793721274fe0a3", "54040f88d8ec184b8fee5e44751e4c28625cfcdeb63318c26594dcf5e49b3f7e", "1ecf5f78eafdb097401bdab0a6cccd208e3138e69f211ce05a637647a93e80fc", "32dace58ee58267957aaa8a017e840c436a57f053ab0b871df5646bd39bb579f", "380d29048bbcf2c5970173398559e206b5c51fb165239b3c92fad7b3ae31105c", "2c8294f60b056c1d993563878908bfdcb61bcbbb8ea14ee03562f170adbd4378"], "mitre_attack_tags": []}, {"bi": "possible-dga-communication", "hashes": ["26e3b061c2d49b302059275410affef6861073575bb4bab07c550c9501839d2b", "111cbaa942fc4b48f8c8ebf37c1284d1ecc15dd2d05c41c1f589a8fee04c72b5", "51ab9aedb438fa1f9dbbba0441220613d009fe99503303969292304f1388aca0", "3dde69b3d354fd374a1c8afe53b6505f4b3dbf61d492c8b919a13876956fe032", "3f45ff6372eb682493c9cb07d08000e13fd4155e1bdf9413e387fa294dec9abb", "281860389daf31e5ef4c54d7ce3e39372920b6142f15656c68f73232a373bd64", "047a9a51f834143cf63c7d82de9501b136e3cffb39220f633515d8c6cc1812be", "ec07002dd9624c2399f3103d5c87c739c6902af86497a5f4f5ad81d5c97ffb28", "3e10c7fc7676dab58eab3196b4b2994ab07bcc4e07638cecd8093e39815e9ec1", "539c82ab4dc05a8f109272e3e5e22a4aa6cbe94b3758f6da994deb0d99914d1c", "227f171b9e01439e9dd686fb83928a13182e4fef000fd5c034d1b3412187c1cf", "5222ef991cfc04625e882984c215027d7582f1260c1c6a3d1252bcacf121f818", "2b6d05372a3b1064a8413a33fe8f5c2209870897447955a17b476b421c57253b", "4ff6ca90d9634f4596c39504b74809c8eee95443fdbf38dbcdc26737d98a1573", "3c0fc8702206f4bf2534bd3eb4cf74cd1f515d2e162e75079127fbf305aef850", "3034a6e006456b1016fc67069f6ad65498451922fd3b0ae874293cd90d59aa2b", "325877253c7b1bd550e99d80048b0e0fe4b014ef74dd1dcbb201318e73a4f62d", "1db79b4fb1bcd20ac3ba13af24f572a311baa582c16eb5b9d174649af582d3f6", "4a91f0549250484e09c70b42057edfce9068a0d963db9997ef793721274fe0a3", "54040f88d8ec184b8fee5e44751e4c28625cfcdeb63318c26594dcf5e49b3f7e", "1ecf5f78eafdb097401bdab0a6cccd208e3138e69f211ce05a637647a93e80fc", "32dace58ee58267957aaa8a017e840c436a57f053ab0b871df5646bd39bb579f", "380d29048bbcf2c5970173398559e206b5c51fb165239b3c92fad7b3ae31105c", "2c8294f60b056c1d993563878908bfdcb61bcbbb8ea14ee03562f170adbd4378"], "mitre_attack_tags": ["TA0011", "T1568"]}], "category": "Packed", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": true, "Threat Grid": true, "Umbrella": false, "WSA": false}, "description": "Dridex is a well-known banking trojan that aims to steal credentials and other sensitive information from an infected machine.", "hashes": ["047a9a51f834143cf63c7d82de9501b136e3cffb39220f633515d8c6cc1812be", "0f90634f405bcd81107618ef105b4cf3f446f2fe6a80cd1b206b07b753ef4811", "111cbaa942fc4b48f8c8ebf37c1284d1ecc15dd2d05c41c1f589a8fee04c72b5", "1be719d99a109606ef06bf8665c6f63374287b750065a170440cfb7ef4aea804", "1db79b4fb1bcd20ac3ba13af24f572a311baa582c16eb5b9d174649af582d3f6", "1ecf5f78eafdb097401bdab0a6cccd208e3138e69f211ce05a637647a93e80fc", "227f171b9e01439e9dd686fb83928a13182e4fef000fd5c034d1b3412187c1cf", "26e3b061c2d49b302059275410affef6861073575bb4bab07c550c9501839d2b", "281860389daf31e5ef4c54d7ce3e39372920b6142f15656c68f73232a373bd64", "2b6d05372a3b1064a8413a33fe8f5c2209870897447955a17b476b421c57253b", "2c8294f60b056c1d993563878908bfdcb61bcbbb8ea14ee03562f170adbd4378", "3034a6e006456b1016fc67069f6ad65498451922fd3b0ae874293cd90d59aa2b", "325877253c7b1bd550e99d80048b0e0fe4b014ef74dd1dcbb201318e73a4f62d", "32dace58ee58267957aaa8a017e840c436a57f053ab0b871df5646bd39bb579f", "380d29048bbcf2c5970173398559e206b5c51fb165239b3c92fad7b3ae31105c", "3c0fc8702206f4bf2534bd3eb4cf74cd1f515d2e162e75079127fbf305aef850", "3dde69b3d354fd374a1c8afe53b6505f4b3dbf61d492c8b919a13876956fe032", "3e10c7fc7676dab58eab3196b4b2994ab07bcc4e07638cecd8093e39815e9ec1", "3f45ff6372eb682493c9cb07d08000e13fd4155e1bdf9413e387fa294dec9abb", "4a91f0549250484e09c70b42057edfce9068a0d963db9997ef793721274fe0a3", "4ff6ca90d9634f4596c39504b74809c8eee95443fdbf38dbcdc26737d98a1573", "51ab9aedb438fa1f9dbbba0441220613d009fe99503303969292304f1388aca0", "5222ef991cfc04625e882984c215027d7582f1260c1c6a3d1252bcacf121f818", "539c82ab4dc05a8f109272e3e5e22a4aa6cbe94b3758f6da994deb0d99914d1c", "54040f88d8ec184b8fee5e44751e4c28625cfcdeb63318c26594dcf5e49b3f7e", "5f15d56174d0dbc59d880dfa993bdf6d21a4feae1ed24f4443b88f6b2537f7f2", "6461555757cb22dd0a0dad20b4b0097383cdf8dfdd36742465eee510a817d7ac", "64bd6eaf5ffa5be0ee8216797db6c9fafc4949be8eca083a21cdfaeff32193c5", "6526eb042d052efd0649d4e1238d5d6ba36922de5a5f0ec085465c8b9929e74e", "681cea4a003d48c08a584a9be50046e738f9be020d47f807347377f0c2df2dea", "69b0d3e7e769c819a9f77b535477dc8c2a270a6777c98b6400907afb43f9769f", "6eb8ac264abfe7f58c9741ce805ffe6ca688a030b79559b21d0eb5822b4df924", "703a029085ced566841e98f0ac134c82b763595e49901f09c581916a8c097ab1", "7bef98261cc1bfae55babeecdfb3efe2d6947b9d9013ef01f91fe18c305a16e4", "7cae1175fe62b6b3a4cda0cdcb1516519c5c790b36e81d6dcbce76c92d7638e7", "810b9da1d7dff7d0e2f0b1c8c1870395e2e2129da243b70c34e54caead78084b", "83ae67d28db0d1132860dba384c7e579850d2441f8afa5254611ce9f13b555c6", "889c5a0768b9c9336a3301d6710beedbb123c3140bff7a6d865a7ddd375216dd", "8bc866c0cd31b756adf231a9396e4aed048fd532535038c7a0c3de64e2acc75a", "8c0b6c24b439d62ea96d15a8e760b75962f771d67412cab17eb31479c9686ff4", "8ef381457dcfa62a54a0413accfa72074a431ac041bda649e2b2a314ab62c2c5", "92f02059cf5b0fa21a95aef001904b1e6e7c6a81a018bfc3063bfb50b0ee8c9d", "96d687dbcf6b6527efc2b2cc3a07302f4e6697ec456c8f2bb08cc43b53c81896", "9c67175d13d5360123040618bedea5ffadfb7b8b1d4f1eb1ecc73c37e03fd9b1", "9d39519ad9cc2b458142e9dcf75376e2c17bab27b290a8352d6bf10d660b12fb", "9d574c42b20fd1fc3889caca26981d77aa79b11a79e355478d18ca278e3ffec9", "9e9db66e3d64369d262aa848e55e7af8d4bd91728eec4df61b0d866a214c0ab6", "a631ed89ce22f6da6d1a292e4e9bce9f540541acb5db4ad1aae83462603b7835", "aa1fc1d9e8c932c98dc659d736ccb1b860613e1171029c597e70ac2542be2543", "b0f9c39d1df1435ae99c8271525ff98d2a04518c85e787f32984c978465d905b", "b6a101f5bf105fddef1df4155b6d5f0886834ddcb956b3ec9d107a0d68abab49", "b9dd38070eaff9a7ef7b495682246b061a9635529fce736582341a983b8b4136", "c10aa621bcb8ad31ac70a3e8e1c19e6f4216e571445197ae060c48e9ccda54ab", "c5bb13d99a6cfca3c87c98745f9b76714141523de5ea318bb37949f2596d7862", "c87f9a33bee489ed9aa38fc842f3515cebccadffbfb56a2530f723b4b0c740f2", "cfca2b2295e5f87ca49e5a234d642f686a91a3a4294a5cda59bb40de06fea7bf", "d1f13744cd306299e6adabba462fcb02c29737a964e769214c701b1ec138f110", "d20e3fe3f9412140a39ecbbb192937ede1bacef953646763bf4737e5ecd37cc2", "d45e5da8288f6596a1ba37f4022dd6c98421cfe62026649b95b2309abfa860b6", "d648bc2017dfb91c911a0c8aaf2663f18217ce7889fa3bbcc92e79f2dc5c7220", "d7b1d76b2328ce152b5935ac02b77b933b5c537515ef9769d1c61b59b2fa7d67", "d7b2b47237c6fdaad2ab6133b02dadcb6677c87c0eeb6e535484ed83379d4e4f", "dc68138c6691db9f144963bc2585546b9787cc305bafb5e9132d5355b554dd7d", "de221fa123c220c17638b24283e7ce07c606b8d564638f98b9f38689cb024a28", "deb9e88e4a572663701c5f3b9fa09e843dae852ec785f36e140f2e9bb7ca8722", "e21620f37d60f88dbe4fade73785e244b3ec03e760c8c8f4d56c6773be1d49db", "e51013c393a6315d58b5bca1f33a3b2209f35a9240d53b6b7164d89af5c7c692", "e6b99eeefd651c13018077ff452b49bb152d686142b7488254c65b5886bfb22b", "ebdc0cb7ddd1ad866000a98050beaef19bb2a98aad2060f7be577d3c8f22f69a", "ec07002dd9624c2399f3103d5c87c739c6902af86497a5f4f5ad81d5c97ffb28", "edc3c4d84ac87ded64dc0ce6c2fe074f11e4c07f3bbc6e7903a3bf2bb1ab65aa", "f1c1f8d0860154e0c002a80e50116c9bdc1626fd82c26844ffbea0260e848ca0", "f818e6fcb50fa425eee14614841207e73e0a3ac58448c85302aff6cff019f467", "f98bed830e715dc727963088c8e7ec23f59122afe1ed9d761394cd7fc96f62a5", "fa06af4dc6c4731c6279fa682897e881440337c3321e266f2d10151dd4e0af73", "fdc9441c03638827fab3cc4d167f720abdfac37d8e5526f553ec9ee9d32448df"], "iocs": {"domain": [{"hashes": ["047a9a51f834143cf63c7d82de9501b136e3cffb39220f633515d8c6cc1812be", "0f90634f405bcd81107618ef105b4cf3f446f2fe6a80cd1b206b07b753ef4811", "111cbaa942fc4b48f8c8ebf37c1284d1ecc15dd2d05c41c1f589a8fee04c72b5", "1be719d99a109606ef06bf8665c6f63374287b750065a170440cfb7ef4aea804", "1db79b4fb1bcd20ac3ba13af24f572a311baa582c16eb5b9d174649af582d3f6", "1ecf5f78eafdb097401bdab0a6cccd208e3138e69f211ce05a637647a93e80fc", "227f171b9e01439e9dd686fb83928a13182e4fef000fd5c034d1b3412187c1cf", "26e3b061c2d49b302059275410affef6861073575bb4bab07c550c9501839d2b", "281860389daf31e5ef4c54d7ce3e39372920b6142f15656c68f73232a373bd64", "2b6d05372a3b1064a8413a33fe8f5c2209870897447955a17b476b421c57253b", "2c8294f60b056c1d993563878908bfdcb61bcbbb8ea14ee03562f170adbd4378", "3034a6e006456b1016fc67069f6ad65498451922fd3b0ae874293cd90d59aa2b", "325877253c7b1bd550e99d80048b0e0fe4b014ef74dd1dcbb201318e73a4f62d", "32dace58ee58267957aaa8a017e840c436a57f053ab0b871df5646bd39bb579f", "380d29048bbcf2c5970173398559e206b5c51fb165239b3c92fad7b3ae31105c", "3c0fc8702206f4bf2534bd3eb4cf74cd1f515d2e162e75079127fbf305aef850", "3dde69b3d354fd374a1c8afe53b6505f4b3dbf61d492c8b919a13876956fe032", "3e10c7fc7676dab58eab3196b4b2994ab07bcc4e07638cecd8093e39815e9ec1", "3f45ff6372eb682493c9cb07d08000e13fd4155e1bdf9413e387fa294dec9abb", "4a91f0549250484e09c70b42057edfce9068a0d963db9997ef793721274fe0a3", "4ff6ca90d9634f4596c39504b74809c8eee95443fdbf38dbcdc26737d98a1573", "51ab9aedb438fa1f9dbbba0441220613d009fe99503303969292304f1388aca0", "5222ef991cfc04625e882984c215027d7582f1260c1c6a3d1252bcacf121f818", "539c82ab4dc05a8f109272e3e5e22a4aa6cbe94b3758f6da994deb0d99914d1c", "54040f88d8ec184b8fee5e44751e4c28625cfcdeb63318c26594dcf5e49b3f7e", "ec07002dd9624c2399f3103d5c87c739c6902af86497a5f4f5ad81d5c97ffb28"], "host": "pastebin[.]com"}, {"hashes": ["047a9a51f834143cf63c7d82de9501b136e3cffb39220f633515d8c6cc1812be", "0f90634f405bcd81107618ef105b4cf3f446f2fe6a80cd1b206b07b753ef4811", "111cbaa942fc4b48f8c8ebf37c1284d1ecc15dd2d05c41c1f589a8fee04c72b5", "1be719d99a109606ef06bf8665c6f63374287b750065a170440cfb7ef4aea804", "1db79b4fb1bcd20ac3ba13af24f572a311baa582c16eb5b9d174649af582d3f6", "1ecf5f78eafdb097401bdab0a6cccd208e3138e69f211ce05a637647a93e80fc", "227f171b9e01439e9dd686fb83928a13182e4fef000fd5c034d1b3412187c1cf", "26e3b061c2d49b302059275410affef6861073575bb4bab07c550c9501839d2b", "281860389daf31e5ef4c54d7ce3e39372920b6142f15656c68f73232a373bd64", "2b6d05372a3b1064a8413a33fe8f5c2209870897447955a17b476b421c57253b", "2c8294f60b056c1d993563878908bfdcb61bcbbb8ea14ee03562f170adbd4378", "3034a6e006456b1016fc67069f6ad65498451922fd3b0ae874293cd90d59aa2b", "325877253c7b1bd550e99d80048b0e0fe4b014ef74dd1dcbb201318e73a4f62d", "32dace58ee58267957aaa8a017e840c436a57f053ab0b871df5646bd39bb579f", "380d29048bbcf2c5970173398559e206b5c51fb165239b3c92fad7b3ae31105c", "3c0fc8702206f4bf2534bd3eb4cf74cd1f515d2e162e75079127fbf305aef850", "3dde69b3d354fd374a1c8afe53b6505f4b3dbf61d492c8b919a13876956fe032", "3e10c7fc7676dab58eab3196b4b2994ab07bcc4e07638cecd8093e39815e9ec1", "3f45ff6372eb682493c9cb07d08000e13fd4155e1bdf9413e387fa294dec9abb", "4a91f0549250484e09c70b42057edfce9068a0d963db9997ef793721274fe0a3", "4ff6ca90d9634f4596c39504b74809c8eee95443fdbf38dbcdc26737d98a1573", "51ab9aedb438fa1f9dbbba0441220613d009fe99503303969292304f1388aca0", "5222ef991cfc04625e882984c215027d7582f1260c1c6a3d1252bcacf121f818", "539c82ab4dc05a8f109272e3e5e22a4aa6cbe94b3758f6da994deb0d99914d1c", "54040f88d8ec184b8fee5e44751e4c28625cfcdeb63318c26594dcf5e49b3f7e", "ec07002dd9624c2399f3103d5c87c739c6902af86497a5f4f5ad81d5c97ffb28"], "host": "w[.]google[.]com"}, {"hashes": ["047a9a51f834143cf63c7d82de9501b136e3cffb39220f633515d8c6cc1812be", "227f171b9e01439e9dd686fb83928a13182e4fef000fd5c034d1b3412187c1cf", "281860389daf31e5ef4c54d7ce3e39372920b6142f15656c68f73232a373bd64", "2b6d05372a3b1064a8413a33fe8f5c2209870897447955a17b476b421c57253b", "3034a6e006456b1016fc67069f6ad65498451922fd3b0ae874293cd90d59aa2b", "3dde69b3d354fd374a1c8afe53b6505f4b3dbf61d492c8b919a13876956fe032", "3e10c7fc7676dab58eab3196b4b2994ab07bcc4e07638cecd8093e39815e9ec1", "4a91f0549250484e09c70b42057edfce9068a0d963db9997ef793721274fe0a3", "4ff6ca90d9634f4596c39504b74809c8eee95443fdbf38dbcdc26737d98a1573", "539c82ab4dc05a8f109272e3e5e22a4aa6cbe94b3758f6da994deb0d99914d1c", "54040f88d8ec184b8fee5e44751e4c28625cfcdeb63318c26594dcf5e49b3f7e"], "host": "ctldl[.]windowsupdate[.]com"}, {"hashes": ["1be719d99a109606ef06bf8665c6f63374287b750065a170440cfb7ef4aea804", "227f171b9e01439e9dd686fb83928a13182e4fef000fd5c034d1b3412187c1cf", "2b6d05372a3b1064a8413a33fe8f5c2209870897447955a17b476b421c57253b", "32dace58ee58267957aaa8a017e840c436a57f053ab0b871df5646bd39bb579f", "3dde69b3d354fd374a1c8afe53b6505f4b3dbf61d492c8b919a13876956fe032", "3e10c7fc7676dab58eab3196b4b2994ab07bcc4e07638cecd8093e39815e9ec1", "4a91f0549250484e09c70b42057edfce9068a0d963db9997ef793721274fe0a3"], "host": "www3[.]l[.]google[.]com"}, {"hashes": ["047a9a51f834143cf63c7d82de9501b136e3cffb39220f633515d8c6cc1812be", "281860389daf31e5ef4c54d7ce3e39372920b6142f15656c68f73232a373bd64", "3034a6e006456b1016fc67069f6ad65498451922fd3b0ae874293cd90d59aa2b", "4ff6ca90d9634f4596c39504b74809c8eee95443fdbf38dbcdc26737d98a1573", "539c82ab4dc05a8f109272e3e5e22a4aa6cbe94b3758f6da994deb0d99914d1c", "54040f88d8ec184b8fee5e44751e4c28625cfcdeb63318c26594dcf5e49b3f7e"], "host": "a767[.]dscg3[.]akamai[.]net"}, {"hashes": ["227f171b9e01439e9dd686fb83928a13182e4fef000fd5c034d1b3412187c1cf", "2b6d05372a3b1064a8413a33fe8f5c2209870897447955a17b476b421c57253b", "3dde69b3d354fd374a1c8afe53b6505f4b3dbf61d492c8b919a13876956fe032", "3e10c7fc7676dab58eab3196b4b2994ab07bcc4e07638cecd8093e39815e9ec1", "4a91f0549250484e09c70b42057edfce9068a0d963db9997ef793721274fe0a3"], "host": "cs11[.]wpc[.]v0cdn[.]net"}, {"hashes": ["1be719d99a109606ef06bf8665c6f63374287b750065a170440cfb7ef4aea804"], "host": "www[.]15oa0k7ecq[.]com"}, {"hashes": ["227f171b9e01439e9dd686fb83928a13182e4fef000fd5c034d1b3412187c1cf"], "host": "www[.]drkdybtkwc[.]com"}, {"hashes": ["227f171b9e01439e9dd686fb83928a13182e4fef000fd5c034d1b3412187c1cf"], "host": "www[.]dtraeay8tw[.]com"}, {"hashes": ["227f171b9e01439e9dd686fb83928a13182e4fef000fd5c034d1b3412187c1cf"], "host": "www[.]ec1bm1xafh[.]com"}, {"hashes": ["227f171b9e01439e9dd686fb83928a13182e4fef000fd5c034d1b3412187c1cf"], "host": "www[.]psnony2sev[.]com"}, {"hashes": ["227f171b9e01439e9dd686fb83928a13182e4fef000fd5c034d1b3412187c1cf"], "host": "www[.]dxtflrkpep[.]com"}, {"hashes": ["227f171b9e01439e9dd686fb83928a13182e4fef000fd5c034d1b3412187c1cf"], "host": "www[.]jsjldnxk25[.]com"}, {"hashes": ["227f171b9e01439e9dd686fb83928a13182e4fef000fd5c034d1b3412187c1cf"], "host": "www[.]1xsrtopgre[.]com"}, {"hashes": ["227f171b9e01439e9dd686fb83928a13182e4fef000fd5c034d1b3412187c1cf"], "host": "www[.]a2tjjbgljq[.]com"}, {"hashes": ["2b6d05372a3b1064a8413a33fe8f5c2209870897447955a17b476b421c57253b"], "host": "www[.]xinlykbqb1[.]com"}, {"hashes": ["2b6d05372a3b1064a8413a33fe8f5c2209870897447955a17b476b421c57253b"], "host": "www[.]afgysowzr3[.]com"}, {"hashes": ["2b6d05372a3b1064a8413a33fe8f5c2209870897447955a17b476b421c57253b"], "host": "www[.]5wnuwuv7xw[.]com"}, {"hashes": ["2b6d05372a3b1064a8413a33fe8f5c2209870897447955a17b476b421c57253b"], "host": "www[.]mf20sjfv41[.]com"}, {"hashes": ["2b6d05372a3b1064a8413a33fe8f5c2209870897447955a17b476b421c57253b"], "host": "www[.]n5aqjhqouh[.]com"}, {"hashes": ["2b6d05372a3b1064a8413a33fe8f5c2209870897447955a17b476b421c57253b"], "host": "www[.]d1bswfrh7h[.]com"}, {"hashes": ["2b6d05372a3b1064a8413a33fe8f5c2209870897447955a17b476b421c57253b"], "host": "www[.]uzqls7kxql[.]com"}, {"hashes": ["32dace58ee58267957aaa8a017e840c436a57f053ab0b871df5646bd39bb579f"], "host": "www[.]ydc6gs5cyn[.]com"}, {"hashes": ["32dace58ee58267957aaa8a017e840c436a57f053ab0b871df5646bd39bb579f"], "host": "www[.]zwvxvux7rr[.]com"}, {"hashes": ["32dace58ee58267957aaa8a017e840c436a57f053ab0b871df5646bd39bb579f"], "host": "www[.]7s9kbk0jb0[.]com"}, {"hashes": ["32dace58ee58267957aaa8a017e840c436a57f053ab0b871df5646bd39bb579f"], "host": "www[.]bkd3u6t0oe[.]com"}, {"hashes": ["32dace58ee58267957aaa8a017e840c436a57f053ab0b871df5646bd39bb579f"], "host": "www[.]bfxpvujuek[.]com"}, {"hashes": ["32dace58ee58267957aaa8a017e840c436a57f053ab0b871df5646bd39bb579f"], "host": "www[.]ouweqizrl8[.]com"}, {"hashes": ["32dace58ee58267957aaa8a017e840c436a57f053ab0b871df5646bd39bb579f"], "host": "www[.]s9uoostn1d[.]com"}, {"hashes": ["32dace58ee58267957aaa8a017e840c436a57f053ab0b871df5646bd39bb579f"], "host": "www[.]ya9ntymshl[.]com"}, {"hashes": ["3dde69b3d354fd374a1c8afe53b6505f4b3dbf61d492c8b919a13876956fe032"], "host": "www[.]n1jxh66gxo[.]com"}, {"hashes": ["3dde69b3d354fd374a1c8afe53b6505f4b3dbf61d492c8b919a13876956fe032"], "host": "www[.]gxxxgzg57a[.]com"}, {"hashes": ["3dde69b3d354fd374a1c8afe53b6505f4b3dbf61d492c8b919a13876956fe032"], "host": "www[.]nxxl6b6v36[.]com"}, {"hashes": ["3dde69b3d354fd374a1c8afe53b6505f4b3dbf61d492c8b919a13876956fe032"], "host": "www[.]dmrd4iqdse[.]com"}, {"hashes": ["3dde69b3d354fd374a1c8afe53b6505f4b3dbf61d492c8b919a13876956fe032"], "host": "www[.]oaupi8mq7q[.]com"}, {"hashes": ["3dde69b3d354fd374a1c8afe53b6505f4b3dbf61d492c8b919a13876956fe032"], "host": "www[.]u9rzkh24jj[.]com"}, {"hashes": ["3dde69b3d354fd374a1c8afe53b6505f4b3dbf61d492c8b919a13876956fe032"], "host": "www[.]3otlwtu99g[.]com"}, {"hashes": ["3dde69b3d354fd374a1c8afe53b6505f4b3dbf61d492c8b919a13876956fe032"], "host": "www[.]ut0qwps0fh[.]com"}, {"hashes": ["4a91f0549250484e09c70b42057edfce9068a0d963db9997ef793721274fe0a3"], "host": "www[.]whsg0ej6zy[.]com"}, {"hashes": ["3e10c7fc7676dab58eab3196b4b2994ab07bcc4e07638cecd8093e39815e9ec1"], "host": "www[.]ghjdd9fd4r[.]com"}, {"hashes": ["4a91f0549250484e09c70b42057edfce9068a0d963db9997ef793721274fe0a3"], "host": "www[.]9pptybdpfa[.]com"}, {"hashes": ["4a91f0549250484e09c70b42057edfce9068a0d963db9997ef793721274fe0a3"], "host": "www[.]wr4smw1u3m[.]com"}, {"hashes": ["3e10c7fc7676dab58eab3196b4b2994ab07bcc4e07638cecd8093e39815e9ec1"], "host": "www[.]lemhe9penv[.]com"}, {"hashes": ["4a91f0549250484e09c70b42057edfce9068a0d963db9997ef793721274fe0a3"], "host": "www[.]bvx8lhsflg[.]com"}, {"hashes": ["4a91f0549250484e09c70b42057edfce9068a0d963db9997ef793721274fe0a3"], "host": "www[.]wovr0qyks1[.]com"}, {"hashes": ["54040f88d8ec184b8fee5e44751e4c28625cfcdeb63318c26594dcf5e49b3f7e"], "host": "www[.]0fti8tumi4[.]com"}, {"hashes": ["4a91f0549250484e09c70b42057edfce9068a0d963db9997ef793721274fe0a3"], "host": "www[.]pzni5bjq8q[.]com"}, {"hashes": ["4a91f0549250484e09c70b42057edfce9068a0d963db9997ef793721274fe0a3"], "host": "www[.]jlr6bj9o67[.]com"}, {"hashes": ["3e10c7fc7676dab58eab3196b4b2994ab07bcc4e07638cecd8093e39815e9ec1"], "host": "www[.]8yriwrvqb7[.]com"}, {"hashes": ["4a91f0549250484e09c70b42057edfce9068a0d963db9997ef793721274fe0a3"], "host": "www[.]r3x1ucbxiq[.]com"}], "file": [{"hashes": ["047a9a51f834143cf63c7d82de9501b136e3cffb39220f633515d8c6cc1812be", "1be719d99a109606ef06bf8665c6f63374287b750065a170440cfb7ef4aea804", "1db79b4fb1bcd20ac3ba13af24f572a311baa582c16eb5b9d174649af582d3f6", "1ecf5f78eafdb097401bdab0a6cccd208e3138e69f211ce05a637647a93e80fc", "227f171b9e01439e9dd686fb83928a13182e4fef000fd5c034d1b3412187c1cf", "281860389daf31e5ef4c54d7ce3e39372920b6142f15656c68f73232a373bd64", "2b6d05372a3b1064a8413a33fe8f5c2209870897447955a17b476b421c57253b", "3034a6e006456b1016fc67069f6ad65498451922fd3b0ae874293cd90d59aa2b", "32dace58ee58267957aaa8a017e840c436a57f053ab0b871df5646bd39bb579f", "3c0fc8702206f4bf2534bd3eb4cf74cd1f515d2e162e75079127fbf305aef850", "3dde69b3d354fd374a1c8afe53b6505f4b3dbf61d492c8b919a13876956fe032", "3e10c7fc7676dab58eab3196b4b2994ab07bcc4e07638cecd8093e39815e9ec1", "4a91f0549250484e09c70b42057edfce9068a0d963db9997ef793721274fe0a3", "4ff6ca90d9634f4596c39504b74809c8eee95443fdbf38dbcdc26737d98a1573", "51ab9aedb438fa1f9dbbba0441220613d009fe99503303969292304f1388aca0", "5222ef991cfc04625e882984c215027d7582f1260c1c6a3d1252bcacf121f818", "539c82ab4dc05a8f109272e3e5e22a4aa6cbe94b3758f6da994deb0d99914d1c", "54040f88d8ec184b8fee5e44751e4c28625cfcdeb63318c26594dcf5e49b3f7e"], "path": "<malware cwd>\\old_<malware exe name> (copy)"}], "ip": [{"hashes": ["047a9a51f834143cf63c7d82de9501b136e3cffb39220f633515d8c6cc1812be", "0f90634f405bcd81107618ef105b4cf3f446f2fe6a80cd1b206b07b753ef4811", "111cbaa942fc4b48f8c8ebf37c1284d1ecc15dd2d05c41c1f589a8fee04c72b5", "1be719d99a109606ef06bf8665c6f63374287b750065a170440cfb7ef4aea804", "1db79b4fb1bcd20ac3ba13af24f572a311baa582c16eb5b9d174649af582d3f6", "1ecf5f78eafdb097401bdab0a6cccd208e3138e69f211ce05a637647a93e80fc", "227f171b9e01439e9dd686fb83928a13182e4fef000fd5c034d1b3412187c1cf", "26e3b061c2d49b302059275410affef6861073575bb4bab07c550c9501839d2b", "281860389daf31e5ef4c54d7ce3e39372920b6142f15656c68f73232a373bd64", "2b6d05372a3b1064a8413a33fe8f5c2209870897447955a17b476b421c57253b", "2c8294f60b056c1d993563878908bfdcb61bcbbb8ea14ee03562f170adbd4378", "3034a6e006456b1016fc67069f6ad65498451922fd3b0ae874293cd90d59aa2b", "325877253c7b1bd550e99d80048b0e0fe4b014ef74dd1dcbb201318e73a4f62d", "32dace58ee58267957aaa8a017e840c436a57f053ab0b871df5646bd39bb579f", "380d29048bbcf2c5970173398559e206b5c51fb165239b3c92fad7b3ae31105c", "3c0fc8702206f4bf2534bd3eb4cf74cd1f515d2e162e75079127fbf305aef850", "3dde69b3d354fd374a1c8afe53b6505f4b3dbf61d492c8b919a13876956fe032", "3e10c7fc7676dab58eab3196b4b2994ab07bcc4e07638cecd8093e39815e9ec1", "3f45ff6372eb682493c9cb07d08000e13fd4155e1bdf9413e387fa294dec9abb", "4a91f0549250484e09c70b42057edfce9068a0d963db9997ef793721274fe0a3", "4ff6ca90d9634f4596c39504b74809c8eee95443fdbf38dbcdc26737d98a1573", "51ab9aedb438fa1f9dbbba0441220613d009fe99503303969292304f1388aca0", "5222ef991cfc04625e882984c215027d7582f1260c1c6a3d1252bcacf121f818", "539c82ab4dc05a8f109272e3e5e22a4aa6cbe94b3758f6da994deb0d99914d1c", "54040f88d8ec184b8fee5e44751e4c28625cfcdeb63318c26594dcf5e49b3f7e"], "ip": "172[.]217[.]10[.]110"}, {"hashes": ["1db79b4fb1bcd20ac3ba13af24f572a311baa582c16eb5b9d174649af582d3f6", "227f171b9e01439e9dd686fb83928a13182e4fef000fd5c034d1b3412187c1cf", "26e3b061c2d49b302059275410affef6861073575bb4bab07c550c9501839d2b", "281860389daf31e5ef4c54d7ce3e39372920b6142f15656c68f73232a373bd64", "380d29048bbcf2c5970173398559e206b5c51fb165239b3c92fad7b3ae31105c", "3c0fc8702206f4bf2534bd3eb4cf74cd1f515d2e162e75079127fbf305aef850", "3dde69b3d354fd374a1c8afe53b6505f4b3dbf61d492c8b919a13876956fe032", "3f45ff6372eb682493c9cb07d08000e13fd4155e1bdf9413e387fa294dec9abb", "4a91f0549250484e09c70b42057edfce9068a0d963db9997ef793721274fe0a3", "4ff6ca90d9634f4596c39504b74809c8eee95443fdbf38dbcdc26737d98a1573", "5222ef991cfc04625e882984c215027d7582f1260c1c6a3d1252bcacf121f818", "539c82ab4dc05a8f109272e3e5e22a4aa6cbe94b3758f6da994deb0d99914d1c", "54040f88d8ec184b8fee5e44751e4c28625cfcdeb63318c26594dcf5e49b3f7e", "ec07002dd9624c2399f3103d5c87c739c6902af86497a5f4f5ad81d5c97ffb28"], "ip": "104[.]23[.]98[.]190"}, {"hashes": ["047a9a51f834143cf63c7d82de9501b136e3cffb39220f633515d8c6cc1812be", "0f90634f405bcd81107618ef105b4cf3f446f2fe6a80cd1b206b07b753ef4811", "111cbaa942fc4b48f8c8ebf37c1284d1ecc15dd2d05c41c1f589a8fee04c72b5", "1be719d99a109606ef06bf8665c6f63374287b750065a170440cfb7ef4aea804", "1ecf5f78eafdb097401bdab0a6cccd208e3138e69f211ce05a637647a93e80fc", "2b6d05372a3b1064a8413a33fe8f5c2209870897447955a17b476b421c57253b", "2c8294f60b056c1d993563878908bfdcb61bcbbb8ea14ee03562f170adbd4378", "3034a6e006456b1016fc67069f6ad65498451922fd3b0ae874293cd90d59aa2b", "325877253c7b1bd550e99d80048b0e0fe4b014ef74dd1dcbb201318e73a4f62d", "32dace58ee58267957aaa8a017e840c436a57f053ab0b871df5646bd39bb579f", "3e10c7fc7676dab58eab3196b4b2994ab07bcc4e07638cecd8093e39815e9ec1", "51ab9aedb438fa1f9dbbba0441220613d009fe99503303969292304f1388aca0"], "ip": "104[.]23[.]99[.]190"}, {"hashes": ["227f171b9e01439e9dd686fb83928a13182e4fef000fd5c034d1b3412187c1cf", "2b6d05372a3b1064a8413a33fe8f5c2209870897447955a17b476b421c57253b", "3dde69b3d354fd374a1c8afe53b6505f4b3dbf61d492c8b919a13876956fe032", "3e10c7fc7676dab58eab3196b4b2994ab07bcc4e07638cecd8093e39815e9ec1", "4a91f0549250484e09c70b42057edfce9068a0d963db9997ef793721274fe0a3"], "ip": "72[.]21[.]81[.]240"}, {"hashes": ["047a9a51f834143cf63c7d82de9501b136e3cffb39220f633515d8c6cc1812be", "281860389daf31e5ef4c54d7ce3e39372920b6142f15656c68f73232a373bd64", "3034a6e006456b1016fc67069f6ad65498451922fd3b0ae874293cd90d59aa2b", "4ff6ca90d9634f4596c39504b74809c8eee95443fdbf38dbcdc26737d98a1573", "54040f88d8ec184b8fee5e44751e4c28625cfcdeb63318c26594dcf5e49b3f7e"], "ip": "23[.]3[.]13[.]154"}, {"hashes": ["1be719d99a109606ef06bf8665c6f63374287b750065a170440cfb7ef4aea804", "32dace58ee58267957aaa8a017e840c436a57f053ab0b871df5646bd39bb579f", "3dde69b3d354fd374a1c8afe53b6505f4b3dbf61d492c8b919a13876956fe032"], "ip": "173[.]194[.]175[.]100/31"}, {"hashes": ["227f171b9e01439e9dd686fb83928a13182e4fef000fd5c034d1b3412187c1cf", "4a91f0549250484e09c70b42057edfce9068a0d963db9997ef793721274fe0a3"], "ip": "173[.]194[.]175[.]113"}, {"hashes": ["2b6d05372a3b1064a8413a33fe8f5c2209870897447955a17b476b421c57253b", "3e10c7fc7676dab58eab3196b4b2994ab07bcc4e07638cecd8093e39815e9ec1"], "ip": "173[.]194[.]175[.]138"}, {"hashes": ["1ecf5f78eafdb097401bdab0a6cccd208e3138e69f211ce05a637647a93e80fc", "539c82ab4dc05a8f109272e3e5e22a4aa6cbe94b3758f6da994deb0d99914d1c"], "ip": "23[.]3[.]13[.]88"}, {"hashes": ["ec07002dd9624c2399f3103d5c87c739c6902af86497a5f4f5ad81d5c97ffb28"], "ip": "172[.]217[.]10[.]78"}], "mutex": [{"hashes": ["047a9a51f834143cf63c7d82de9501b136e3cffb39220f633515d8c6cc1812be", "0f90634f405bcd81107618ef105b4cf3f446f2fe6a80cd1b206b07b753ef4811", "111cbaa942fc4b48f8c8ebf37c1284d1ecc15dd2d05c41c1f589a8fee04c72b5", "1be719d99a109606ef06bf8665c6f63374287b750065a170440cfb7ef4aea804", "1db79b4fb1bcd20ac3ba13af24f572a311baa582c16eb5b9d174649af582d3f6", "1ecf5f78eafdb097401bdab0a6cccd208e3138e69f211ce05a637647a93e80fc", "227f171b9e01439e9dd686fb83928a13182e4fef000fd5c034d1b3412187c1cf", "26e3b061c2d49b302059275410affef6861073575bb4bab07c550c9501839d2b", "281860389daf31e5ef4c54d7ce3e39372920b6142f15656c68f73232a373bd64", "2b6d05372a3b1064a8413a33fe8f5c2209870897447955a17b476b421c57253b", "2c8294f60b056c1d993563878908bfdcb61bcbbb8ea14ee03562f170adbd4378", "3034a6e006456b1016fc67069f6ad65498451922fd3b0ae874293cd90d59aa2b", "325877253c7b1bd550e99d80048b0e0fe4b014ef74dd1dcbb201318e73a4f62d", "32dace58ee58267957aaa8a017e840c436a57f053ab0b871df5646bd39bb579f", "380d29048bbcf2c5970173398559e206b5c51fb165239b3c92fad7b3ae31105c", "3c0fc8702206f4bf2534bd3eb4cf74cd1f515d2e162e75079127fbf305aef850", "3dde69b3d354fd374a1c8afe53b6505f4b3dbf61d492c8b919a13876956fe032", "3e10c7fc7676dab58eab3196b4b2994ab07bcc4e07638cecd8093e39815e9ec1", "3f45ff6372eb682493c9cb07d08000e13fd4155e1bdf9413e387fa294dec9abb", "4a91f0549250484e09c70b42057edfce9068a0d963db9997ef793721274fe0a3", "4ff6ca90d9634f4596c39504b74809c8eee95443fdbf38dbcdc26737d98a1573", "51ab9aedb438fa1f9dbbba0441220613d009fe99503303969292304f1388aca0", "5222ef991cfc04625e882984c215027d7582f1260c1c6a3d1252bcacf121f818", "539c82ab4dc05a8f109272e3e5e22a4aa6cbe94b3758f6da994deb0d99914d1c", "54040f88d8ec184b8fee5e44751e4c28625cfcdeb63318c26594dcf5e49b3f7e", "ec07002dd9624c2399f3103d5c87c739c6902af86497a5f4f5ad81d5c97ffb28"], "name": "<random, matching [A-Z0-9]{10}>"}], "registry": [{"hashes": ["047a9a51f834143cf63c7d82de9501b136e3cffb39220f633515d8c6cc1812be", "0f90634f405bcd81107618ef105b4cf3f446f2fe6a80cd1b206b07b753ef4811", "111cbaa942fc4b48f8c8ebf37c1284d1ecc15dd2d05c41c1f589a8fee04c72b5", "1be719d99a109606ef06bf8665c6f63374287b750065a170440cfb7ef4aea804", "1db79b4fb1bcd20ac3ba13af24f572a311baa582c16eb5b9d174649af582d3f6", "1ecf5f78eafdb097401bdab0a6cccd208e3138e69f211ce05a637647a93e80fc", "227f171b9e01439e9dd686fb83928a13182e4fef000fd5c034d1b3412187c1cf", "26e3b061c2d49b302059275410affef6861073575bb4bab07c550c9501839d2b", "281860389daf31e5ef4c54d7ce3e39372920b6142f15656c68f73232a373bd64", "2b6d05372a3b1064a8413a33fe8f5c2209870897447955a17b476b421c57253b", "2c8294f60b056c1d993563878908bfdcb61bcbbb8ea14ee03562f170adbd4378", "3034a6e006456b1016fc67069f6ad65498451922fd3b0ae874293cd90d59aa2b", "325877253c7b1bd550e99d80048b0e0fe4b014ef74dd1dcbb201318e73a4f62d", "32dace58ee58267957aaa8a017e840c436a57f053ab0b871df5646bd39bb579f", "380d29048bbcf2c5970173398559e206b5c51fb165239b3c92fad7b3ae31105c", "3c0fc8702206f4bf2534bd3eb4cf74cd1f515d2e162e75079127fbf305aef850", "3dde69b3d354fd374a1c8afe53b6505f4b3dbf61d492c8b919a13876956fe032", "3e10c7fc7676dab58eab3196b4b2994ab07bcc4e07638cecd8093e39815e9ec1", "3f45ff6372eb682493c9cb07d08000e13fd4155e1bdf9413e387fa294dec9abb", "4a91f0549250484e09c70b42057edfce9068a0d963db9997ef793721274fe0a3", "4ff6ca90d9634f4596c39504b74809c8eee95443fdbf38dbcdc26737d98a1573", "51ab9aedb438fa1f9dbbba0441220613d009fe99503303969292304f1388aca0", "5222ef991cfc04625e882984c215027d7582f1260c1c6a3d1252bcacf121f818", "539c82ab4dc05a8f109272e3e5e22a4aa6cbe94b3758f6da994deb0d99914d1c", "54040f88d8ec184b8fee5e44751e4c28625cfcdeb63318c26594dcf5e49b3f7e", "ec07002dd9624c2399f3103d5c87c739c6902af86497a5f4f5ad81d5c97ffb28"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUNONCE", "value_name": "trkcore"}, {"hashes": ["047a9a51f834143cf63c7d82de9501b136e3cffb39220f633515d8c6cc1812be", "0f90634f405bcd81107618ef105b4cf3f446f2fe6a80cd1b206b07b753ef4811", "111cbaa942fc4b48f8c8ebf37c1284d1ecc15dd2d05c41c1f589a8fee04c72b5", "1be719d99a109606ef06bf8665c6f63374287b750065a170440cfb7ef4aea804", "1db79b4fb1bcd20ac3ba13af24f572a311baa582c16eb5b9d174649af582d3f6", "1ecf5f78eafdb097401bdab0a6cccd208e3138e69f211ce05a637647a93e80fc", "227f171b9e01439e9dd686fb83928a13182e4fef000fd5c034d1b3412187c1cf", "26e3b061c2d49b302059275410affef6861073575bb4bab07c550c9501839d2b", "281860389daf31e5ef4c54d7ce3e39372920b6142f15656c68f73232a373bd64", "2b6d05372a3b1064a8413a33fe8f5c2209870897447955a17b476b421c57253b", "2c8294f60b056c1d993563878908bfdcb61bcbbb8ea14ee03562f170adbd4378", "3034a6e006456b1016fc67069f6ad65498451922fd3b0ae874293cd90d59aa2b", "325877253c7b1bd550e99d80048b0e0fe4b014ef74dd1dcbb201318e73a4f62d", "32dace58ee58267957aaa8a017e840c436a57f053ab0b871df5646bd39bb579f", "380d29048bbcf2c5970173398559e206b5c51fb165239b3c92fad7b3ae31105c", "3c0fc8702206f4bf2534bd3eb4cf74cd1f515d2e162e75079127fbf305aef850", "3dde69b3d354fd374a1c8afe53b6505f4b3dbf61d492c8b919a13876956fe032", "3e10c7fc7676dab58eab3196b4b2994ab07bcc4e07638cecd8093e39815e9ec1", "3f45ff6372eb682493c9cb07d08000e13fd4155e1bdf9413e387fa294dec9abb", "4a91f0549250484e09c70b42057edfce9068a0d963db9997ef793721274fe0a3", "4ff6ca90d9634f4596c39504b74809c8eee95443fdbf38dbcdc26737d98a1573", "51ab9aedb438fa1f9dbbba0441220613d009fe99503303969292304f1388aca0", "5222ef991cfc04625e882984c215027d7582f1260c1c6a3d1252bcacf121f818", "539c82ab4dc05a8f109272e3e5e22a4aa6cbe94b3758f6da994deb0d99914d1c", "54040f88d8ec184b8fee5e44751e4c28625cfcdeb63318c26594dcf5e49b3f7e", "ec07002dd9624c2399f3103d5c87c739c6902af86497a5f4f5ad81d5c97ffb28"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\SYSTEM", "value_name": "DisableTaskMgr"}, {"hashes": ["047a9a51f834143cf63c7d82de9501b136e3cffb39220f633515d8c6cc1812be", "0f90634f405bcd81107618ef105b4cf3f446f2fe6a80cd1b206b07b753ef4811", "111cbaa942fc4b48f8c8ebf37c1284d1ecc15dd2d05c41c1f589a8fee04c72b5", "1be719d99a109606ef06bf8665c6f63374287b750065a170440cfb7ef4aea804", "1db79b4fb1bcd20ac3ba13af24f572a311baa582c16eb5b9d174649af582d3f6", "1ecf5f78eafdb097401bdab0a6cccd208e3138e69f211ce05a637647a93e80fc", "227f171b9e01439e9dd686fb83928a13182e4fef000fd5c034d1b3412187c1cf", "26e3b061c2d49b302059275410affef6861073575bb4bab07c550c9501839d2b", "281860389daf31e5ef4c54d7ce3e39372920b6142f15656c68f73232a373bd64", "2b6d05372a3b1064a8413a33fe8f5c2209870897447955a17b476b421c57253b", "2c8294f60b056c1d993563878908bfdcb61bcbbb8ea14ee03562f170adbd4378", "3034a6e006456b1016fc67069f6ad65498451922fd3b0ae874293cd90d59aa2b", "325877253c7b1bd550e99d80048b0e0fe4b014ef74dd1dcbb201318e73a4f62d", "32dace58ee58267957aaa8a017e840c436a57f053ab0b871df5646bd39bb579f", "380d29048bbcf2c5970173398559e206b5c51fb165239b3c92fad7b3ae31105c", "3c0fc8702206f4bf2534bd3eb4cf74cd1f515d2e162e75079127fbf305aef850", "3dde69b3d354fd374a1c8afe53b6505f4b3dbf61d492c8b919a13876956fe032", "3e10c7fc7676dab58eab3196b4b2994ab07bcc4e07638cecd8093e39815e9ec1", "3f45ff6372eb682493c9cb07d08000e13fd4155e1bdf9413e387fa294dec9abb", "4a91f0549250484e09c70b42057edfce9068a0d963db9997ef793721274fe0a3", "4ff6ca90d9634f4596c39504b74809c8eee95443fdbf38dbcdc26737d98a1573", "51ab9aedb438fa1f9dbbba0441220613d009fe99503303969292304f1388aca0", "5222ef991cfc04625e882984c215027d7582f1260c1c6a3d1252bcacf121f818", "539c82ab4dc05a8f109272e3e5e22a4aa6cbe94b3758f6da994deb0d99914d1c", "54040f88d8ec184b8fee5e44751e4c28625cfcdeb63318c26594dcf5e49b3f7e", "ec07002dd9624c2399f3103d5c87c739c6902af86497a5f4f5ad81d5c97ffb28"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\ACTION CENTER\\CHECKS\\{C8E6F269-B90A-4053-A3BE-499AFCEC98C4}.CHECK.0", "value_name": "CheckSetting"}]}, "reports_count": 26}, "Win.Worm.Gh0stRAT-9829943-1": {"bis": [{"bi": "memory-execute-readwrite", "hashes": ["b1cd62f8d0628c6b93bfb2d34c78fd114c10952f6c878bb0f8e037c1d07459ab", "33ad59a2f4938f21cb29a303f6fb296763912a141644a76d858ea47c14b53a24", "f3da1652f11dbde56ad5cc69c88f35c2eec68c2c7b8d0b17a8d7c3b75458f9f2", "cea569bf85a1b3a3c5dde9e85419c8eda32c55456b56e09985df2e7d1577fbd6", "d80dc6d0e21c9d90184dfce82e7c2c096fd51f9b960b2ae980a241b0228cee6f", "65c9ce5807dc45323b1d259ad9a1c124b5742131c08a38f15f11a4778340061a", "acda870b5c066e866ab407ac99944a73a40d7f61fd19ea61030df72292045ae9", "4553e2c6af9638d90e72cedd0cfe44485df41b2dc3a21a59f692e11c774008f5", "6914f0a0387077cccad081c440324bef02950e6838c1baab8dfb535d05359147", "c2bce5bc128ab8d21cf7c89a351534d6da2400cfdb12f13e7bd7a4a385637785", "4c8aa7ab8f1ea2ff4224f5802e22da2faf30cafa73210e66938000509bc4cc5a", "ad2cb6dd22ffe9aa308b34bbbe28c2fa80952a93ce0d887528eafde318842d1b", "d564d5a4dcb61dc5158c6b3186500d024c7967e939ded2022c2e6ddedc85eec2", "9f27671c3d65737cf419b9f5c0e7a49040ffc473b01c002b843396f6cfdb108a", "a58ee6f6c469a0069de5dce0d1f7cedf312a390f85b4c6ddaafafb7cd9444f77", "f018180e4ef3ede32fb9e05245d8516e42c3184d759764948ed8195ece490085", "9e293fd6304d5dd154309601ddd53c4e3e40ff3becf9122c7ce44652db16fced", "30777b09bb050ec10f39aeb60c2c376634240b4b5d50b55f51d53118b7345d1b", "868a39d23fb29c6cc88e3d477839189ea5fa403cc63d5807397fb1c69473c227", "1d8c9ffe319759e1cb0a03e8eab116c6bc6e6308ade851935f436d5482f8740a"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["b1cd62f8d0628c6b93bfb2d34c78fd114c10952f6c878bb0f8e037c1d07459ab", "33ad59a2f4938f21cb29a303f6fb296763912a141644a76d858ea47c14b53a24", "f3da1652f11dbde56ad5cc69c88f35c2eec68c2c7b8d0b17a8d7c3b75458f9f2", "cea569bf85a1b3a3c5dde9e85419c8eda32c55456b56e09985df2e7d1577fbd6", "d80dc6d0e21c9d90184dfce82e7c2c096fd51f9b960b2ae980a241b0228cee6f", "65c9ce5807dc45323b1d259ad9a1c124b5742131c08a38f15f11a4778340061a", "acda870b5c066e866ab407ac99944a73a40d7f61fd19ea61030df72292045ae9", "4553e2c6af9638d90e72cedd0cfe44485df41b2dc3a21a59f692e11c774008f5", "6914f0a0387077cccad081c440324bef02950e6838c1baab8dfb535d05359147", "c2bce5bc128ab8d21cf7c89a351534d6da2400cfdb12f13e7bd7a4a385637785", "4c8aa7ab8f1ea2ff4224f5802e22da2faf30cafa73210e66938000509bc4cc5a", "ad2cb6dd22ffe9aa308b34bbbe28c2fa80952a93ce0d887528eafde318842d1b", "d564d5a4dcb61dc5158c6b3186500d024c7967e939ded2022c2e6ddedc85eec2", "9f27671c3d65737cf419b9f5c0e7a49040ffc473b01c002b843396f6cfdb108a", "a58ee6f6c469a0069de5dce0d1f7cedf312a390f85b4c6ddaafafb7cd9444f77", "f018180e4ef3ede32fb9e05245d8516e42c3184d759764948ed8195ece490085", "9e293fd6304d5dd154309601ddd53c4e3e40ff3becf9122c7ce44652db16fced", "30777b09bb050ec10f39aeb60c2c376634240b4b5d50b55f51d53118b7345d1b", "868a39d23fb29c6cc88e3d477839189ea5fa403cc63d5807397fb1c69473c227", "1d8c9ffe319759e1cb0a03e8eab116c6bc6e6308ade851935f436d5482f8740a"], "mitre_attack_tags": []}, {"bi": "pe-invalid-checksum", "hashes": ["b1cd62f8d0628c6b93bfb2d34c78fd114c10952f6c878bb0f8e037c1d07459ab", "33ad59a2f4938f21cb29a303f6fb296763912a141644a76d858ea47c14b53a24", "f3da1652f11dbde56ad5cc69c88f35c2eec68c2c7b8d0b17a8d7c3b75458f9f2", "cea569bf85a1b3a3c5dde9e85419c8eda32c55456b56e09985df2e7d1577fbd6", "d80dc6d0e21c9d90184dfce82e7c2c096fd51f9b960b2ae980a241b0228cee6f", "65c9ce5807dc45323b1d259ad9a1c124b5742131c08a38f15f11a4778340061a", "acda870b5c066e866ab407ac99944a73a40d7f61fd19ea61030df72292045ae9", "4553e2c6af9638d90e72cedd0cfe44485df41b2dc3a21a59f692e11c774008f5", "6914f0a0387077cccad081c440324bef02950e6838c1baab8dfb535d05359147", "c2bce5bc128ab8d21cf7c89a351534d6da2400cfdb12f13e7bd7a4a385637785", "4c8aa7ab8f1ea2ff4224f5802e22da2faf30cafa73210e66938000509bc4cc5a", "ad2cb6dd22ffe9aa308b34bbbe28c2fa80952a93ce0d887528eafde318842d1b", "d564d5a4dcb61dc5158c6b3186500d024c7967e939ded2022c2e6ddedc85eec2", "9f27671c3d65737cf419b9f5c0e7a49040ffc473b01c002b843396f6cfdb108a", "a58ee6f6c469a0069de5dce0d1f7cedf312a390f85b4c6ddaafafb7cd9444f77", "f018180e4ef3ede32fb9e05245d8516e42c3184d759764948ed8195ece490085", "9e293fd6304d5dd154309601ddd53c4e3e40ff3becf9122c7ce44652db16fced", "30777b09bb050ec10f39aeb60c2c376634240b4b5d50b55f51d53118b7345d1b", "868a39d23fb29c6cc88e3d477839189ea5fa403cc63d5807397fb1c69473c227", "1d8c9ffe319759e1cb0a03e8eab116c6bc6e6308ade851935f436d5482f8740a"], "mitre_attack_tags": []}, {"bi": "cta-static-analyzer-malicious", "hashes": ["b1cd62f8d0628c6b93bfb2d34c78fd114c10952f6c878bb0f8e037c1d07459ab", "33ad59a2f4938f21cb29a303f6fb296763912a141644a76d858ea47c14b53a24", "f3da1652f11dbde56ad5cc69c88f35c2eec68c2c7b8d0b17a8d7c3b75458f9f2", "cea569bf85a1b3a3c5dde9e85419c8eda32c55456b56e09985df2e7d1577fbd6", "d80dc6d0e21c9d90184dfce82e7c2c096fd51f9b960b2ae980a241b0228cee6f", "65c9ce5807dc45323b1d259ad9a1c124b5742131c08a38f15f11a4778340061a", "acda870b5c066e866ab407ac99944a73a40d7f61fd19ea61030df72292045ae9", "4553e2c6af9638d90e72cedd0cfe44485df41b2dc3a21a59f692e11c774008f5", "6914f0a0387077cccad081c440324bef02950e6838c1baab8dfb535d05359147", "c2bce5bc128ab8d21cf7c89a351534d6da2400cfdb12f13e7bd7a4a385637785", "4c8aa7ab8f1ea2ff4224f5802e22da2faf30cafa73210e66938000509bc4cc5a", "ad2cb6dd22ffe9aa308b34bbbe28c2fa80952a93ce0d887528eafde318842d1b", "d564d5a4dcb61dc5158c6b3186500d024c7967e939ded2022c2e6ddedc85eec2", "9f27671c3d65737cf419b9f5c0e7a49040ffc473b01c002b843396f6cfdb108a", "a58ee6f6c469a0069de5dce0d1f7cedf312a390f85b4c6ddaafafb7cd9444f77", "f018180e4ef3ede32fb9e05245d8516e42c3184d759764948ed8195ece490085", "9e293fd6304d5dd154309601ddd53c4e3e40ff3becf9122c7ce44652db16fced", "30777b09bb050ec10f39aeb60c2c376634240b4b5d50b55f51d53118b7345d1b", "868a39d23fb29c6cc88e3d477839189ea5fa403cc63d5807397fb1c69473c227", "1d8c9ffe319759e1cb0a03e8eab116c6bc6e6308ade851935f436d5482f8740a"], "mitre_attack_tags": []}, {"bi": "pe-section-execute-writable", "hashes": ["b1cd62f8d0628c6b93bfb2d34c78fd114c10952f6c878bb0f8e037c1d07459ab", "33ad59a2f4938f21cb29a303f6fb296763912a141644a76d858ea47c14b53a24", "f3da1652f11dbde56ad5cc69c88f35c2eec68c2c7b8d0b17a8d7c3b75458f9f2", "cea569bf85a1b3a3c5dde9e85419c8eda32c55456b56e09985df2e7d1577fbd6", "d80dc6d0e21c9d90184dfce82e7c2c096fd51f9b960b2ae980a241b0228cee6f", "65c9ce5807dc45323b1d259ad9a1c124b5742131c08a38f15f11a4778340061a", "acda870b5c066e866ab407ac99944a73a40d7f61fd19ea61030df72292045ae9", "4553e2c6af9638d90e72cedd0cfe44485df41b2dc3a21a59f692e11c774008f5", "6914f0a0387077cccad081c440324bef02950e6838c1baab8dfb535d05359147", "c2bce5bc128ab8d21cf7c89a351534d6da2400cfdb12f13e7bd7a4a385637785", "4c8aa7ab8f1ea2ff4224f5802e22da2faf30cafa73210e66938000509bc4cc5a", "ad2cb6dd22ffe9aa308b34bbbe28c2fa80952a93ce0d887528eafde318842d1b", "d564d5a4dcb61dc5158c6b3186500d024c7967e939ded2022c2e6ddedc85eec2", "9f27671c3d65737cf419b9f5c0e7a49040ffc473b01c002b843396f6cfdb108a", "a58ee6f6c469a0069de5dce0d1f7cedf312a390f85b4c6ddaafafb7cd9444f77", "f018180e4ef3ede32fb9e05245d8516e42c3184d759764948ed8195ece490085", "9e293fd6304d5dd154309601ddd53c4e3e40ff3becf9122c7ce44652db16fced", "30777b09bb050ec10f39aeb60c2c376634240b4b5d50b55f51d53118b7345d1b", "868a39d23fb29c6cc88e3d477839189ea5fa403cc63d5807397fb1c69473c227", "1d8c9ffe319759e1cb0a03e8eab116c6bc6e6308ade851935f436d5482f8740a"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-packed-upx", "hashes": ["b1cd62f8d0628c6b93bfb2d34c78fd114c10952f6c878bb0f8e037c1d07459ab", "33ad59a2f4938f21cb29a303f6fb296763912a141644a76d858ea47c14b53a24", "f3da1652f11dbde56ad5cc69c88f35c2eec68c2c7b8d0b17a8d7c3b75458f9f2", "cea569bf85a1b3a3c5dde9e85419c8eda32c55456b56e09985df2e7d1577fbd6", "d80dc6d0e21c9d90184dfce82e7c2c096fd51f9b960b2ae980a241b0228cee6f", "65c9ce5807dc45323b1d259ad9a1c124b5742131c08a38f15f11a4778340061a", "acda870b5c066e866ab407ac99944a73a40d7f61fd19ea61030df72292045ae9", "4553e2c6af9638d90e72cedd0cfe44485df41b2dc3a21a59f692e11c774008f5", "6914f0a0387077cccad081c440324bef02950e6838c1baab8dfb535d05359147", "c2bce5bc128ab8d21cf7c89a351534d6da2400cfdb12f13e7bd7a4a385637785", "4c8aa7ab8f1ea2ff4224f5802e22da2faf30cafa73210e66938000509bc4cc5a", "ad2cb6dd22ffe9aa308b34bbbe28c2fa80952a93ce0d887528eafde318842d1b", "d564d5a4dcb61dc5158c6b3186500d024c7967e939ded2022c2e6ddedc85eec2", "9f27671c3d65737cf419b9f5c0e7a49040ffc473b01c002b843396f6cfdb108a", "a58ee6f6c469a0069de5dce0d1f7cedf312a390f85b4c6ddaafafb7cd9444f77", "f018180e4ef3ede32fb9e05245d8516e42c3184d759764948ed8195ece490085", "9e293fd6304d5dd154309601ddd53c4e3e40ff3becf9122c7ce44652db16fced", "30777b09bb050ec10f39aeb60c2c376634240b4b5d50b55f51d53118b7345d1b", "868a39d23fb29c6cc88e3d477839189ea5fa403cc63d5807397fb1c69473c227", "1d8c9ffe319759e1cb0a03e8eab116c6bc6e6308ade851935f436d5482f8740a"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-uses-armadillo", "hashes": ["b1cd62f8d0628c6b93bfb2d34c78fd114c10952f6c878bb0f8e037c1d07459ab", "33ad59a2f4938f21cb29a303f6fb296763912a141644a76d858ea47c14b53a24", "f3da1652f11dbde56ad5cc69c88f35c2eec68c2c7b8d0b17a8d7c3b75458f9f2", "cea569bf85a1b3a3c5dde9e85419c8eda32c55456b56e09985df2e7d1577fbd6", "d80dc6d0e21c9d90184dfce82e7c2c096fd51f9b960b2ae980a241b0228cee6f", "65c9ce5807dc45323b1d259ad9a1c124b5742131c08a38f15f11a4778340061a", "acda870b5c066e866ab407ac99944a73a40d7f61fd19ea61030df72292045ae9", "4553e2c6af9638d90e72cedd0cfe44485df41b2dc3a21a59f692e11c774008f5", "6914f0a0387077cccad081c440324bef02950e6838c1baab8dfb535d05359147", "c2bce5bc128ab8d21cf7c89a351534d6da2400cfdb12f13e7bd7a4a385637785", "4c8aa7ab8f1ea2ff4224f5802e22da2faf30cafa73210e66938000509bc4cc5a", "ad2cb6dd22ffe9aa308b34bbbe28c2fa80952a93ce0d887528eafde318842d1b", "d564d5a4dcb61dc5158c6b3186500d024c7967e939ded2022c2e6ddedc85eec2", "9f27671c3d65737cf419b9f5c0e7a49040ffc473b01c002b843396f6cfdb108a", "a58ee6f6c469a0069de5dce0d1f7cedf312a390f85b4c6ddaafafb7cd9444f77", "f018180e4ef3ede32fb9e05245d8516e42c3184d759764948ed8195ece490085", "9e293fd6304d5dd154309601ddd53c4e3e40ff3becf9122c7ce44652db16fced", "30777b09bb050ec10f39aeb60c2c376634240b4b5d50b55f51d53118b7345d1b", "868a39d23fb29c6cc88e3d477839189ea5fa403cc63d5807397fb1c69473c227", "1d8c9ffe319759e1cb0a03e8eab116c6bc6e6308ade851935f436d5482f8740a"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "deleted-submitted-file", "hashes": ["b1cd62f8d0628c6b93bfb2d34c78fd114c10952f6c878bb0f8e037c1d07459ab", "33ad59a2f4938f21cb29a303f6fb296763912a141644a76d858ea47c14b53a24", "f3da1652f11dbde56ad5cc69c88f35c2eec68c2c7b8d0b17a8d7c3b75458f9f2", "cea569bf85a1b3a3c5dde9e85419c8eda32c55456b56e09985df2e7d1577fbd6", "d80dc6d0e21c9d90184dfce82e7c2c096fd51f9b960b2ae980a241b0228cee6f", "65c9ce5807dc45323b1d259ad9a1c124b5742131c08a38f15f11a4778340061a", "acda870b5c066e866ab407ac99944a73a40d7f61fd19ea61030df72292045ae9", "4553e2c6af9638d90e72cedd0cfe44485df41b2dc3a21a59f692e11c774008f5", "6914f0a0387077cccad081c440324bef02950e6838c1baab8dfb535d05359147", "c2bce5bc128ab8d21cf7c89a351534d6da2400cfdb12f13e7bd7a4a385637785", "4c8aa7ab8f1ea2ff4224f5802e22da2faf30cafa73210e66938000509bc4cc5a", "ad2cb6dd22ffe9aa308b34bbbe28c2fa80952a93ce0d887528eafde318842d1b", "d564d5a4dcb61dc5158c6b3186500d024c7967e939ded2022c2e6ddedc85eec2", "9f27671c3d65737cf419b9f5c0e7a49040ffc473b01c002b843396f6cfdb108a", "a58ee6f6c469a0069de5dce0d1f7cedf312a390f85b4c6ddaafafb7cd9444f77", "f018180e4ef3ede32fb9e05245d8516e42c3184d759764948ed8195ece490085", "9e293fd6304d5dd154309601ddd53c4e3e40ff3becf9122c7ce44652db16fced", "30777b09bb050ec10f39aeb60c2c376634240b4b5d50b55f51d53118b7345d1b", "868a39d23fb29c6cc88e3d477839189ea5fa403cc63d5807397fb1c69473c227", "1d8c9ffe319759e1cb0a03e8eab116c6bc6e6308ade851935f436d5482f8740a"], "mitre_attack_tags": ["TA0005", "T1070"]}, {"bi": "sample-launched-copy-of-self", "hashes": ["b1cd62f8d0628c6b93bfb2d34c78fd114c10952f6c878bb0f8e037c1d07459ab", "33ad59a2f4938f21cb29a303f6fb296763912a141644a76d858ea47c14b53a24", "f3da1652f11dbde56ad5cc69c88f35c2eec68c2c7b8d0b17a8d7c3b75458f9f2", "cea569bf85a1b3a3c5dde9e85419c8eda32c55456b56e09985df2e7d1577fbd6", "d80dc6d0e21c9d90184dfce82e7c2c096fd51f9b960b2ae980a241b0228cee6f", "65c9ce5807dc45323b1d259ad9a1c124b5742131c08a38f15f11a4778340061a", "acda870b5c066e866ab407ac99944a73a40d7f61fd19ea61030df72292045ae9", "4553e2c6af9638d90e72cedd0cfe44485df41b2dc3a21a59f692e11c774008f5", "6914f0a0387077cccad081c440324bef02950e6838c1baab8dfb535d05359147", "c2bce5bc128ab8d21cf7c89a351534d6da2400cfdb12f13e7bd7a4a385637785", "4c8aa7ab8f1ea2ff4224f5802e22da2faf30cafa73210e66938000509bc4cc5a", "ad2cb6dd22ffe9aa308b34bbbe28c2fa80952a93ce0d887528eafde318842d1b", "d564d5a4dcb61dc5158c6b3186500d024c7967e939ded2022c2e6ddedc85eec2", "9f27671c3d65737cf419b9f5c0e7a49040ffc473b01c002b843396f6cfdb108a", "a58ee6f6c469a0069de5dce0d1f7cedf312a390f85b4c6ddaafafb7cd9444f77", "f018180e4ef3ede32fb9e05245d8516e42c3184d759764948ed8195ece490085", "9e293fd6304d5dd154309601ddd53c4e3e40ff3becf9122c7ce44652db16fced", "30777b09bb050ec10f39aeb60c2c376634240b4b5d50b55f51d53118b7345d1b", "868a39d23fb29c6cc88e3d477839189ea5fa403cc63d5807397fb1c69473c227", "1d8c9ffe319759e1cb0a03e8eab116c6bc6e6308ade851935f436d5482f8740a"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "registry-autorun-key-modified", "hashes": ["b1cd62f8d0628c6b93bfb2d34c78fd114c10952f6c878bb0f8e037c1d07459ab", "33ad59a2f4938f21cb29a303f6fb296763912a141644a76d858ea47c14b53a24", "f3da1652f11dbde56ad5cc69c88f35c2eec68c2c7b8d0b17a8d7c3b75458f9f2", "cea569bf85a1b3a3c5dde9e85419c8eda32c55456b56e09985df2e7d1577fbd6", "d80dc6d0e21c9d90184dfce82e7c2c096fd51f9b960b2ae980a241b0228cee6f", "65c9ce5807dc45323b1d259ad9a1c124b5742131c08a38f15f11a4778340061a", "acda870b5c066e866ab407ac99944a73a40d7f61fd19ea61030df72292045ae9", "4553e2c6af9638d90e72cedd0cfe44485df41b2dc3a21a59f692e11c774008f5", "6914f0a0387077cccad081c440324bef02950e6838c1baab8dfb535d05359147", "c2bce5bc128ab8d21cf7c89a351534d6da2400cfdb12f13e7bd7a4a385637785", "4c8aa7ab8f1ea2ff4224f5802e22da2faf30cafa73210e66938000509bc4cc5a", "ad2cb6dd22ffe9aa308b34bbbe28c2fa80952a93ce0d887528eafde318842d1b", "d564d5a4dcb61dc5158c6b3186500d024c7967e939ded2022c2e6ddedc85eec2", "9f27671c3d65737cf419b9f5c0e7a49040ffc473b01c002b843396f6cfdb108a", "a58ee6f6c469a0069de5dce0d1f7cedf312a390f85b4c6ddaafafb7cd9444f77", "f018180e4ef3ede32fb9e05245d8516e42c3184d759764948ed8195ece490085", "9e293fd6304d5dd154309601ddd53c4e3e40ff3becf9122c7ce44652db16fced", "30777b09bb050ec10f39aeb60c2c376634240b4b5d50b55f51d53118b7345d1b", "868a39d23fb29c6cc88e3d477839189ea5fa403cc63d5807397fb1c69473c227", "1d8c9ffe319759e1cb0a03e8eab116c6bc6e6308ade851935f436d5482f8740a"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "artifact-memory-vm-detect", "hashes": ["b1cd62f8d0628c6b93bfb2d34c78fd114c10952f6c878bb0f8e037c1d07459ab", "33ad59a2f4938f21cb29a303f6fb296763912a141644a76d858ea47c14b53a24", "f3da1652f11dbde56ad5cc69c88f35c2eec68c2c7b8d0b17a8d7c3b75458f9f2", "cea569bf85a1b3a3c5dde9e85419c8eda32c55456b56e09985df2e7d1577fbd6", "d80dc6d0e21c9d90184dfce82e7c2c096fd51f9b960b2ae980a241b0228cee6f", "65c9ce5807dc45323b1d259ad9a1c124b5742131c08a38f15f11a4778340061a", "acda870b5c066e866ab407ac99944a73a40d7f61fd19ea61030df72292045ae9", "4553e2c6af9638d90e72cedd0cfe44485df41b2dc3a21a59f692e11c774008f5", "6914f0a0387077cccad081c440324bef02950e6838c1baab8dfb535d05359147", "c2bce5bc128ab8d21cf7c89a351534d6da2400cfdb12f13e7bd7a4a385637785", "4c8aa7ab8f1ea2ff4224f5802e22da2faf30cafa73210e66938000509bc4cc5a", "ad2cb6dd22ffe9aa308b34bbbe28c2fa80952a93ce0d887528eafde318842d1b", "d564d5a4dcb61dc5158c6b3186500d024c7967e939ded2022c2e6ddedc85eec2", "9f27671c3d65737cf419b9f5c0e7a49040ffc473b01c002b843396f6cfdb108a", "a58ee6f6c469a0069de5dce0d1f7cedf312a390f85b4c6ddaafafb7cd9444f77", "f018180e4ef3ede32fb9e05245d8516e42c3184d759764948ed8195ece490085", "9e293fd6304d5dd154309601ddd53c4e3e40ff3becf9122c7ce44652db16fced", "30777b09bb050ec10f39aeb60c2c376634240b4b5d50b55f51d53118b7345d1b", "868a39d23fb29c6cc88e3d477839189ea5fa403cc63d5807397fb1c69473c227", "1d8c9ffe319759e1cb0a03e8eab116c6bc6e6308ade851935f436d5482f8740a"], "mitre_attack_tags": ["TA0005", "TA0007", "T1497"]}, {"bi": "process-requested-file-external-drive", "hashes": ["b1cd62f8d0628c6b93bfb2d34c78fd114c10952f6c878bb0f8e037c1d07459ab", "33ad59a2f4938f21cb29a303f6fb296763912a141644a76d858ea47c14b53a24", "f3da1652f11dbde56ad5cc69c88f35c2eec68c2c7b8d0b17a8d7c3b75458f9f2", "cea569bf85a1b3a3c5dde9e85419c8eda32c55456b56e09985df2e7d1577fbd6", "d80dc6d0e21c9d90184dfce82e7c2c096fd51f9b960b2ae980a241b0228cee6f", "65c9ce5807dc45323b1d259ad9a1c124b5742131c08a38f15f11a4778340061a", "acda870b5c066e866ab407ac99944a73a40d7f61fd19ea61030df72292045ae9", "4553e2c6af9638d90e72cedd0cfe44485df41b2dc3a21a59f692e11c774008f5", "6914f0a0387077cccad081c440324bef02950e6838c1baab8dfb535d05359147", "c2bce5bc128ab8d21cf7c89a351534d6da2400cfdb12f13e7bd7a4a385637785", "4c8aa7ab8f1ea2ff4224f5802e22da2faf30cafa73210e66938000509bc4cc5a", "ad2cb6dd22ffe9aa308b34bbbe28c2fa80952a93ce0d887528eafde318842d1b", "d564d5a4dcb61dc5158c6b3186500d024c7967e939ded2022c2e6ddedc85eec2", "9f27671c3d65737cf419b9f5c0e7a49040ffc473b01c002b843396f6cfdb108a", "a58ee6f6c469a0069de5dce0d1f7cedf312a390f85b4c6ddaafafb7cd9444f77", "f018180e4ef3ede32fb9e05245d8516e42c3184d759764948ed8195ece490085", "9e293fd6304d5dd154309601ddd53c4e3e40ff3becf9122c7ce44652db16fced", "30777b09bb050ec10f39aeb60c2c376634240b4b5d50b55f51d53118b7345d1b", "868a39d23fb29c6cc88e3d477839189ea5fa403cc63d5807397fb1c69473c227", "1d8c9ffe319759e1cb0a03e8eab116c6bc6e6308ade851935f436d5482f8740a"], "mitre_attack_tags": ["TA0009", "T1025"]}, {"bi": "malware-gh0st-rat-mutex-detected", "hashes": ["b1cd62f8d0628c6b93bfb2d34c78fd114c10952f6c878bb0f8e037c1d07459ab", "33ad59a2f4938f21cb29a303f6fb296763912a141644a76d858ea47c14b53a24", "f3da1652f11dbde56ad5cc69c88f35c2eec68c2c7b8d0b17a8d7c3b75458f9f2", "cea569bf85a1b3a3c5dde9e85419c8eda32c55456b56e09985df2e7d1577fbd6", "d80dc6d0e21c9d90184dfce82e7c2c096fd51f9b960b2ae980a241b0228cee6f", "65c9ce5807dc45323b1d259ad9a1c124b5742131c08a38f15f11a4778340061a", "acda870b5c066e866ab407ac99944a73a40d7f61fd19ea61030df72292045ae9", "4553e2c6af9638d90e72cedd0cfe44485df41b2dc3a21a59f692e11c774008f5", "6914f0a0387077cccad081c440324bef02950e6838c1baab8dfb535d05359147", "c2bce5bc128ab8d21cf7c89a351534d6da2400cfdb12f13e7bd7a4a385637785", "4c8aa7ab8f1ea2ff4224f5802e22da2faf30cafa73210e66938000509bc4cc5a", "ad2cb6dd22ffe9aa308b34bbbe28c2fa80952a93ce0d887528eafde318842d1b", "d564d5a4dcb61dc5158c6b3186500d024c7967e939ded2022c2e6ddedc85eec2", "9f27671c3d65737cf419b9f5c0e7a49040ffc473b01c002b843396f6cfdb108a", "a58ee6f6c469a0069de5dce0d1f7cedf312a390f85b4c6ddaafafb7cd9444f77", "f018180e4ef3ede32fb9e05245d8516e42c3184d759764948ed8195ece490085", "9e293fd6304d5dd154309601ddd53c4e3e40ff3becf9122c7ce44652db16fced", "30777b09bb050ec10f39aeb60c2c376634240b4b5d50b55f51d53118b7345d1b", "868a39d23fb29c6cc88e3d477839189ea5fa403cc63d5807397fb1c69473c227", "1d8c9ffe319759e1cb0a03e8eab116c6bc6e6308ade851935f436d5482f8740a"], "mitre_attack_tags": []}, {"bi": "excessive-logical-drive-enumeration", "hashes": ["b1cd62f8d0628c6b93bfb2d34c78fd114c10952f6c878bb0f8e037c1d07459ab", "33ad59a2f4938f21cb29a303f6fb296763912a141644a76d858ea47c14b53a24", "f3da1652f11dbde56ad5cc69c88f35c2eec68c2c7b8d0b17a8d7c3b75458f9f2", "cea569bf85a1b3a3c5dde9e85419c8eda32c55456b56e09985df2e7d1577fbd6", "d80dc6d0e21c9d90184dfce82e7c2c096fd51f9b960b2ae980a241b0228cee6f", "65c9ce5807dc45323b1d259ad9a1c124b5742131c08a38f15f11a4778340061a", "acda870b5c066e866ab407ac99944a73a40d7f61fd19ea61030df72292045ae9", "6914f0a0387077cccad081c440324bef02950e6838c1baab8dfb535d05359147", "c2bce5bc128ab8d21cf7c89a351534d6da2400cfdb12f13e7bd7a4a385637785", "4c8aa7ab8f1ea2ff4224f5802e22da2faf30cafa73210e66938000509bc4cc5a", "ad2cb6dd22ffe9aa308b34bbbe28c2fa80952a93ce0d887528eafde318842d1b", "d564d5a4dcb61dc5158c6b3186500d024c7967e939ded2022c2e6ddedc85eec2", "9f27671c3d65737cf419b9f5c0e7a49040ffc473b01c002b843396f6cfdb108a", "a58ee6f6c469a0069de5dce0d1f7cedf312a390f85b4c6ddaafafb7cd9444f77", "f018180e4ef3ede32fb9e05245d8516e42c3184d759764948ed8195ece490085", "9e293fd6304d5dd154309601ddd53c4e3e40ff3becf9122c7ce44652db16fced", "30777b09bb050ec10f39aeb60c2c376634240b4b5d50b55f51d53118b7345d1b", "1d8c9ffe319759e1cb0a03e8eab116c6bc6e6308ade851935f436d5482f8740a"], "mitre_attack_tags": ["TA0007", "TA0009", "T1120", "T1025"]}, {"bi": "pe-dos-header-relocations", "hashes": ["b1cd62f8d0628c6b93bfb2d34c78fd114c10952f6c878bb0f8e037c1d07459ab", "33ad59a2f4938f21cb29a303f6fb296763912a141644a76d858ea47c14b53a24", "f3da1652f11dbde56ad5cc69c88f35c2eec68c2c7b8d0b17a8d7c3b75458f9f2", "cea569bf85a1b3a3c5dde9e85419c8eda32c55456b56e09985df2e7d1577fbd6", "d80dc6d0e21c9d90184dfce82e7c2c096fd51f9b960b2ae980a241b0228cee6f", "65c9ce5807dc45323b1d259ad9a1c124b5742131c08a38f15f11a4778340061a", "4553e2c6af9638d90e72cedd0cfe44485df41b2dc3a21a59f692e11c774008f5", "6914f0a0387077cccad081c440324bef02950e6838c1baab8dfb535d05359147", "c2bce5bc128ab8d21cf7c89a351534d6da2400cfdb12f13e7bd7a4a385637785", "4c8aa7ab8f1ea2ff4224f5802e22da2faf30cafa73210e66938000509bc4cc5a", "d564d5a4dcb61dc5158c6b3186500d024c7967e939ded2022c2e6ddedc85eec2", "9f27671c3d65737cf419b9f5c0e7a49040ffc473b01c002b843396f6cfdb108a", "a58ee6f6c469a0069de5dce0d1f7cedf312a390f85b4c6ddaafafb7cd9444f77", "f018180e4ef3ede32fb9e05245d8516e42c3184d759764948ed8195ece490085", "868a39d23fb29c6cc88e3d477839189ea5fa403cc63d5807397fb1c69473c227", "1d8c9ffe319759e1cb0a03e8eab116c6bc6e6308ade851935f436d5482f8740a"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-dos-header-pages", "hashes": ["b1cd62f8d0628c6b93bfb2d34c78fd114c10952f6c878bb0f8e037c1d07459ab", "33ad59a2f4938f21cb29a303f6fb296763912a141644a76d858ea47c14b53a24", "f3da1652f11dbde56ad5cc69c88f35c2eec68c2c7b8d0b17a8d7c3b75458f9f2", "cea569bf85a1b3a3c5dde9e85419c8eda32c55456b56e09985df2e7d1577fbd6", "d80dc6d0e21c9d90184dfce82e7c2c096fd51f9b960b2ae980a241b0228cee6f", "65c9ce5807dc45323b1d259ad9a1c124b5742131c08a38f15f11a4778340061a", "4553e2c6af9638d90e72cedd0cfe44485df41b2dc3a21a59f692e11c774008f5", "6914f0a0387077cccad081c440324bef02950e6838c1baab8dfb535d05359147", "c2bce5bc128ab8d21cf7c89a351534d6da2400cfdb12f13e7bd7a4a385637785", "4c8aa7ab8f1ea2ff4224f5802e22da2faf30cafa73210e66938000509bc4cc5a", "d564d5a4dcb61dc5158c6b3186500d024c7967e939ded2022c2e6ddedc85eec2", "9f27671c3d65737cf419b9f5c0e7a49040ffc473b01c002b843396f6cfdb108a", "a58ee6f6c469a0069de5dce0d1f7cedf312a390f85b4c6ddaafafb7cd9444f77", "f018180e4ef3ede32fb9e05245d8516e42c3184d759764948ed8195ece490085", "868a39d23fb29c6cc88e3d477839189ea5fa403cc63d5807397fb1c69473c227", "1d8c9ffe319759e1cb0a03e8eab116c6bc6e6308ade851935f436d5482f8740a"], "mitre_attack_tags": ["TA0005", "T1027"]}], "category": "Worm", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": false, "Threat Grid": true, "Umbrella": false, "WSA": false}, "description": "Gh0stRAT is a well-known family of remote access trojans designed to provide an attacker with complete control over an infected system. Capabilities include monitoring keystrokes, collecting video footage from the webcam, and uploading/executing follow-on malware. The source code for Gh0stRAT has been publicly available on the Internet for years, significantly lowering the barrier for actors to modify and reuse the code in new attacks.", "hashes": ["1d8c9ffe319759e1cb0a03e8eab116c6bc6e6308ade851935f436d5482f8740a", "30777b09bb050ec10f39aeb60c2c376634240b4b5d50b55f51d53118b7345d1b", "33ad59a2f4938f21cb29a303f6fb296763912a141644a76d858ea47c14b53a24", "4553e2c6af9638d90e72cedd0cfe44485df41b2dc3a21a59f692e11c774008f5", "4c8aa7ab8f1ea2ff4224f5802e22da2faf30cafa73210e66938000509bc4cc5a", "65c9ce5807dc45323b1d259ad9a1c124b5742131c08a38f15f11a4778340061a", "6914f0a0387077cccad081c440324bef02950e6838c1baab8dfb535d05359147", "868a39d23fb29c6cc88e3d477839189ea5fa403cc63d5807397fb1c69473c227", "9e293fd6304d5dd154309601ddd53c4e3e40ff3becf9122c7ce44652db16fced", "9f27671c3d65737cf419b9f5c0e7a49040ffc473b01c002b843396f6cfdb108a", "a58ee6f6c469a0069de5dce0d1f7cedf312a390f85b4c6ddaafafb7cd9444f77", "acda870b5c066e866ab407ac99944a73a40d7f61fd19ea61030df72292045ae9", "ad2cb6dd22ffe9aa308b34bbbe28c2fa80952a93ce0d887528eafde318842d1b", "b1cd62f8d0628c6b93bfb2d34c78fd114c10952f6c878bb0f8e037c1d07459ab", "c2bce5bc128ab8d21cf7c89a351534d6da2400cfdb12f13e7bd7a4a385637785", "cea569bf85a1b3a3c5dde9e85419c8eda32c55456b56e09985df2e7d1577fbd6", "d564d5a4dcb61dc5158c6b3186500d024c7967e939ded2022c2e6ddedc85eec2", "d80dc6d0e21c9d90184dfce82e7c2c096fd51f9b960b2ae980a241b0228cee6f", "f018180e4ef3ede32fb9e05245d8516e42c3184d759764948ed8195ece490085", "f3da1652f11dbde56ad5cc69c88f35c2eec68c2c7b8d0b17a8d7c3b75458f9f2"], "iocs": {"domain": [{"hashes": ["1d8c9ffe319759e1cb0a03e8eab116c6bc6e6308ade851935f436d5482f8740a", "30777b09bb050ec10f39aeb60c2c376634240b4b5d50b55f51d53118b7345d1b", "33ad59a2f4938f21cb29a303f6fb296763912a141644a76d858ea47c14b53a24", "4553e2c6af9638d90e72cedd0cfe44485df41b2dc3a21a59f692e11c774008f5", "4c8aa7ab8f1ea2ff4224f5802e22da2faf30cafa73210e66938000509bc4cc5a", "65c9ce5807dc45323b1d259ad9a1c124b5742131c08a38f15f11a4778340061a", "6914f0a0387077cccad081c440324bef02950e6838c1baab8dfb535d05359147", "868a39d23fb29c6cc88e3d477839189ea5fa403cc63d5807397fb1c69473c227", "9f27671c3d65737cf419b9f5c0e7a49040ffc473b01c002b843396f6cfdb108a", "a58ee6f6c469a0069de5dce0d1f7cedf312a390f85b4c6ddaafafb7cd9444f77", "b1cd62f8d0628c6b93bfb2d34c78fd114c10952f6c878bb0f8e037c1d07459ab", "c2bce5bc128ab8d21cf7c89a351534d6da2400cfdb12f13e7bd7a4a385637785", "cea569bf85a1b3a3c5dde9e85419c8eda32c55456b56e09985df2e7d1577fbd6", "d564d5a4dcb61dc5158c6b3186500d024c7967e939ded2022c2e6ddedc85eec2", "d80dc6d0e21c9d90184dfce82e7c2c096fd51f9b960b2ae980a241b0228cee6f", "f018180e4ef3ede32fb9e05245d8516e42c3184d759764948ed8195ece490085", "f3da1652f11dbde56ad5cc69c88f35c2eec68c2c7b8d0b17a8d7c3b75458f9f2"], "host": "user[.]qzone[.]qq[.]com"}, {"hashes": ["1d8c9ffe319759e1cb0a03e8eab116c6bc6e6308ade851935f436d5482f8740a", "30777b09bb050ec10f39aeb60c2c376634240b4b5d50b55f51d53118b7345d1b", "33ad59a2f4938f21cb29a303f6fb296763912a141644a76d858ea47c14b53a24", "4553e2c6af9638d90e72cedd0cfe44485df41b2dc3a21a59f692e11c774008f5", "4c8aa7ab8f1ea2ff4224f5802e22da2faf30cafa73210e66938000509bc4cc5a", "65c9ce5807dc45323b1d259ad9a1c124b5742131c08a38f15f11a4778340061a", "6914f0a0387077cccad081c440324bef02950e6838c1baab8dfb535d05359147", "868a39d23fb29c6cc88e3d477839189ea5fa403cc63d5807397fb1c69473c227", "9f27671c3d65737cf419b9f5c0e7a49040ffc473b01c002b843396f6cfdb108a", "a58ee6f6c469a0069de5dce0d1f7cedf312a390f85b4c6ddaafafb7cd9444f77", "b1cd62f8d0628c6b93bfb2d34c78fd114c10952f6c878bb0f8e037c1d07459ab", "c2bce5bc128ab8d21cf7c89a351534d6da2400cfdb12f13e7bd7a4a385637785", "cea569bf85a1b3a3c5dde9e85419c8eda32c55456b56e09985df2e7d1577fbd6", "d564d5a4dcb61dc5158c6b3186500d024c7967e939ded2022c2e6ddedc85eec2", "d80dc6d0e21c9d90184dfce82e7c2c096fd51f9b960b2ae980a241b0228cee6f", "f018180e4ef3ede32fb9e05245d8516e42c3184d759764948ed8195ece490085", "f3da1652f11dbde56ad5cc69c88f35c2eec68c2c7b8d0b17a8d7c3b75458f9f2"], "host": "i[.]qq[.]com"}, {"hashes": ["1d8c9ffe319759e1cb0a03e8eab116c6bc6e6308ade851935f436d5482f8740a", "30777b09bb050ec10f39aeb60c2c376634240b4b5d50b55f51d53118b7345d1b", "33ad59a2f4938f21cb29a303f6fb296763912a141644a76d858ea47c14b53a24", "4553e2c6af9638d90e72cedd0cfe44485df41b2dc3a21a59f692e11c774008f5", "4c8aa7ab8f1ea2ff4224f5802e22da2faf30cafa73210e66938000509bc4cc5a", "65c9ce5807dc45323b1d259ad9a1c124b5742131c08a38f15f11a4778340061a", "6914f0a0387077cccad081c440324bef02950e6838c1baab8dfb535d05359147", "868a39d23fb29c6cc88e3d477839189ea5fa403cc63d5807397fb1c69473c227", "9f27671c3d65737cf419b9f5c0e7a49040ffc473b01c002b843396f6cfdb108a", "a58ee6f6c469a0069de5dce0d1f7cedf312a390f85b4c6ddaafafb7cd9444f77", "b1cd62f8d0628c6b93bfb2d34c78fd114c10952f6c878bb0f8e037c1d07459ab", "c2bce5bc128ab8d21cf7c89a351534d6da2400cfdb12f13e7bd7a4a385637785", "cea569bf85a1b3a3c5dde9e85419c8eda32c55456b56e09985df2e7d1577fbd6", "d564d5a4dcb61dc5158c6b3186500d024c7967e939ded2022c2e6ddedc85eec2", "d80dc6d0e21c9d90184dfce82e7c2c096fd51f9b960b2ae980a241b0228cee6f", "f018180e4ef3ede32fb9e05245d8516e42c3184d759764948ed8195ece490085", "f3da1652f11dbde56ad5cc69c88f35c2eec68c2c7b8d0b17a8d7c3b75458f9f2"], "host": "v1[.]krtedun[.]com"}, {"hashes": ["1d8c9ffe319759e1cb0a03e8eab116c6bc6e6308ade851935f436d5482f8740a", "33ad59a2f4938f21cb29a303f6fb296763912a141644a76d858ea47c14b53a24", "4c8aa7ab8f1ea2ff4224f5802e22da2faf30cafa73210e66938000509bc4cc5a", "6914f0a0387077cccad081c440324bef02950e6838c1baab8dfb535d05359147", "a58ee6f6c469a0069de5dce0d1f7cedf312a390f85b4c6ddaafafb7cd9444f77", "d564d5a4dcb61dc5158c6b3186500d024c7967e939ded2022c2e6ddedc85eec2", "d80dc6d0e21c9d90184dfce82e7c2c096fd51f9b960b2ae980a241b0228cee6f", "f018180e4ef3ede32fb9e05245d8516e42c3184d759764948ed8195ece490085"], "host": "dns10[.]kodns[.]info"}], "file": [{"hashes": ["1d8c9ffe319759e1cb0a03e8eab116c6bc6e6308ade851935f436d5482f8740a", "30777b09bb050ec10f39aeb60c2c376634240b4b5d50b55f51d53118b7345d1b", "33ad59a2f4938f21cb29a303f6fb296763912a141644a76d858ea47c14b53a24", "4553e2c6af9638d90e72cedd0cfe44485df41b2dc3a21a59f692e11c774008f5", "4c8aa7ab8f1ea2ff4224f5802e22da2faf30cafa73210e66938000509bc4cc5a", "65c9ce5807dc45323b1d259ad9a1c124b5742131c08a38f15f11a4778340061a", "6914f0a0387077cccad081c440324bef02950e6838c1baab8dfb535d05359147", "868a39d23fb29c6cc88e3d477839189ea5fa403cc63d5807397fb1c69473c227", "9e293fd6304d5dd154309601ddd53c4e3e40ff3becf9122c7ce44652db16fced", "9f27671c3d65737cf419b9f5c0e7a49040ffc473b01c002b843396f6cfdb108a", "a58ee6f6c469a0069de5dce0d1f7cedf312a390f85b4c6ddaafafb7cd9444f77", "acda870b5c066e866ab407ac99944a73a40d7f61fd19ea61030df72292045ae9", "ad2cb6dd22ffe9aa308b34bbbe28c2fa80952a93ce0d887528eafde318842d1b", "b1cd62f8d0628c6b93bfb2d34c78fd114c10952f6c878bb0f8e037c1d07459ab", "c2bce5bc128ab8d21cf7c89a351534d6da2400cfdb12f13e7bd7a4a385637785", "cea569bf85a1b3a3c5dde9e85419c8eda32c55456b56e09985df2e7d1577fbd6", "d564d5a4dcb61dc5158c6b3186500d024c7967e939ded2022c2e6ddedc85eec2", "d80dc6d0e21c9d90184dfce82e7c2c096fd51f9b960b2ae980a241b0228cee6f", "f018180e4ef3ede32fb9e05245d8516e42c3184d759764948ed8195ece490085", "f3da1652f11dbde56ad5cc69c88f35c2eec68c2c7b8d0b17a8d7c3b75458f9f2"], "path": "\\<random, matching '[A-Z0-9]{16}'>"}, {"hashes": ["1d8c9ffe319759e1cb0a03e8eab116c6bc6e6308ade851935f436d5482f8740a", "30777b09bb050ec10f39aeb60c2c376634240b4b5d50b55f51d53118b7345d1b", "33ad59a2f4938f21cb29a303f6fb296763912a141644a76d858ea47c14b53a24", "4553e2c6af9638d90e72cedd0cfe44485df41b2dc3a21a59f692e11c774008f5", "4c8aa7ab8f1ea2ff4224f5802e22da2faf30cafa73210e66938000509bc4cc5a", "65c9ce5807dc45323b1d259ad9a1c124b5742131c08a38f15f11a4778340061a", "6914f0a0387077cccad081c440324bef02950e6838c1baab8dfb535d05359147", "868a39d23fb29c6cc88e3d477839189ea5fa403cc63d5807397fb1c69473c227", "9e293fd6304d5dd154309601ddd53c4e3e40ff3becf9122c7ce44652db16fced", "9f27671c3d65737cf419b9f5c0e7a49040ffc473b01c002b843396f6cfdb108a", "a58ee6f6c469a0069de5dce0d1f7cedf312a390f85b4c6ddaafafb7cd9444f77", "ad2cb6dd22ffe9aa308b34bbbe28c2fa80952a93ce0d887528eafde318842d1b", "b1cd62f8d0628c6b93bfb2d34c78fd114c10952f6c878bb0f8e037c1d07459ab", "c2bce5bc128ab8d21cf7c89a351534d6da2400cfdb12f13e7bd7a4a385637785", "cea569bf85a1b3a3c5dde9e85419c8eda32c55456b56e09985df2e7d1577fbd6", "d564d5a4dcb61dc5158c6b3186500d024c7967e939ded2022c2e6ddedc85eec2", "d80dc6d0e21c9d90184dfce82e7c2c096fd51f9b960b2ae980a241b0228cee6f", "f018180e4ef3ede32fb9e05245d8516e42c3184d759764948ed8195ece490085", "f3da1652f11dbde56ad5cc69c88f35c2eec68c2c7b8d0b17a8d7c3b75458f9f2"], "path": "\\<random, matching '[A-Z0-9]{16}'>\\setting.xml"}, {"hashes": ["acda870b5c066e866ab407ac99944a73a40d7f61fd19ea61030df72292045ae9"], "path": "\\2txtv44lp2949lxm\\Config.xml"}, {"hashes": ["acda870b5c066e866ab407ac99944a73a40d7f61fd19ea61030df72292045ae9"], "path": "\\vt19x92e143et9qv\\Config.xml"}], "ip": [{"hashes": ["1d8c9ffe319759e1cb0a03e8eab116c6bc6e6308ade851935f436d5482f8740a", "30777b09bb050ec10f39aeb60c2c376634240b4b5d50b55f51d53118b7345d1b", "33ad59a2f4938f21cb29a303f6fb296763912a141644a76d858ea47c14b53a24", "4553e2c6af9638d90e72cedd0cfe44485df41b2dc3a21a59f692e11c774008f5", "4c8aa7ab8f1ea2ff4224f5802e22da2faf30cafa73210e66938000509bc4cc5a", "65c9ce5807dc45323b1d259ad9a1c124b5742131c08a38f15f11a4778340061a", "6914f0a0387077cccad081c440324bef02950e6838c1baab8dfb535d05359147", "868a39d23fb29c6cc88e3d477839189ea5fa403cc63d5807397fb1c69473c227", "9f27671c3d65737cf419b9f5c0e7a49040ffc473b01c002b843396f6cfdb108a", "a58ee6f6c469a0069de5dce0d1f7cedf312a390f85b4c6ddaafafb7cd9444f77", "b1cd62f8d0628c6b93bfb2d34c78fd114c10952f6c878bb0f8e037c1d07459ab", "c2bce5bc128ab8d21cf7c89a351534d6da2400cfdb12f13e7bd7a4a385637785", "cea569bf85a1b3a3c5dde9e85419c8eda32c55456b56e09985df2e7d1577fbd6", "d564d5a4dcb61dc5158c6b3186500d024c7967e939ded2022c2e6ddedc85eec2", "d80dc6d0e21c9d90184dfce82e7c2c096fd51f9b960b2ae980a241b0228cee6f", "f018180e4ef3ede32fb9e05245d8516e42c3184d759764948ed8195ece490085", "f3da1652f11dbde56ad5cc69c88f35c2eec68c2c7b8d0b17a8d7c3b75458f9f2"], "ip": "203[.]205[.]254[.]103"}, {"hashes": ["1d8c9ffe319759e1cb0a03e8eab116c6bc6e6308ade851935f436d5482f8740a", "30777b09bb050ec10f39aeb60c2c376634240b4b5d50b55f51d53118b7345d1b", "33ad59a2f4938f21cb29a303f6fb296763912a141644a76d858ea47c14b53a24", "4553e2c6af9638d90e72cedd0cfe44485df41b2dc3a21a59f692e11c774008f5", "4c8aa7ab8f1ea2ff4224f5802e22da2faf30cafa73210e66938000509bc4cc5a", "65c9ce5807dc45323b1d259ad9a1c124b5742131c08a38f15f11a4778340061a", "6914f0a0387077cccad081c440324bef02950e6838c1baab8dfb535d05359147", "868a39d23fb29c6cc88e3d477839189ea5fa403cc63d5807397fb1c69473c227", "9f27671c3d65737cf419b9f5c0e7a49040ffc473b01c002b843396f6cfdb108a", "a58ee6f6c469a0069de5dce0d1f7cedf312a390f85b4c6ddaafafb7cd9444f77", "b1cd62f8d0628c6b93bfb2d34c78fd114c10952f6c878bb0f8e037c1d07459ab", "c2bce5bc128ab8d21cf7c89a351534d6da2400cfdb12f13e7bd7a4a385637785", "cea569bf85a1b3a3c5dde9e85419c8eda32c55456b56e09985df2e7d1577fbd6", "d564d5a4dcb61dc5158c6b3186500d024c7967e939ded2022c2e6ddedc85eec2", "d80dc6d0e21c9d90184dfce82e7c2c096fd51f9b960b2ae980a241b0228cee6f", "f018180e4ef3ede32fb9e05245d8516e42c3184d759764948ed8195ece490085", "f3da1652f11dbde56ad5cc69c88f35c2eec68c2c7b8d0b17a8d7c3b75458f9f2"], "ip": "98[.]126[.]35[.]213"}, {"hashes": ["1d8c9ffe319759e1cb0a03e8eab116c6bc6e6308ade851935f436d5482f8740a", "33ad59a2f4938f21cb29a303f6fb296763912a141644a76d858ea47c14b53a24", "4553e2c6af9638d90e72cedd0cfe44485df41b2dc3a21a59f692e11c774008f5", "4c8aa7ab8f1ea2ff4224f5802e22da2faf30cafa73210e66938000509bc4cc5a", "65c9ce5807dc45323b1d259ad9a1c124b5742131c08a38f15f11a4778340061a", "6914f0a0387077cccad081c440324bef02950e6838c1baab8dfb535d05359147", "868a39d23fb29c6cc88e3d477839189ea5fa403cc63d5807397fb1c69473c227", "9f27671c3d65737cf419b9f5c0e7a49040ffc473b01c002b843396f6cfdb108a", "a58ee6f6c469a0069de5dce0d1f7cedf312a390f85b4c6ddaafafb7cd9444f77", "b1cd62f8d0628c6b93bfb2d34c78fd114c10952f6c878bb0f8e037c1d07459ab", "c2bce5bc128ab8d21cf7c89a351534d6da2400cfdb12f13e7bd7a4a385637785", "cea569bf85a1b3a3c5dde9e85419c8eda32c55456b56e09985df2e7d1577fbd6", "d564d5a4dcb61dc5158c6b3186500d024c7967e939ded2022c2e6ddedc85eec2", "d80dc6d0e21c9d90184dfce82e7c2c096fd51f9b960b2ae980a241b0228cee6f", "f018180e4ef3ede32fb9e05245d8516e42c3184d759764948ed8195ece490085", "f3da1652f11dbde56ad5cc69c88f35c2eec68c2c7b8d0b17a8d7c3b75458f9f2"], "ip": "192[.]74[.]252[.]42"}, {"hashes": ["1d8c9ffe319759e1cb0a03e8eab116c6bc6e6308ade851935f436d5482f8740a", "33ad59a2f4938f21cb29a303f6fb296763912a141644a76d858ea47c14b53a24", "4553e2c6af9638d90e72cedd0cfe44485df41b2dc3a21a59f692e11c774008f5", "4c8aa7ab8f1ea2ff4224f5802e22da2faf30cafa73210e66938000509bc4cc5a", "65c9ce5807dc45323b1d259ad9a1c124b5742131c08a38f15f11a4778340061a", "6914f0a0387077cccad081c440324bef02950e6838c1baab8dfb535d05359147", "868a39d23fb29c6cc88e3d477839189ea5fa403cc63d5807397fb1c69473c227", "9f27671c3d65737cf419b9f5c0e7a49040ffc473b01c002b843396f6cfdb108a", "a58ee6f6c469a0069de5dce0d1f7cedf312a390f85b4c6ddaafafb7cd9444f77", "b1cd62f8d0628c6b93bfb2d34c78fd114c10952f6c878bb0f8e037c1d07459ab", "c2bce5bc128ab8d21cf7c89a351534d6da2400cfdb12f13e7bd7a4a385637785", "cea569bf85a1b3a3c5dde9e85419c8eda32c55456b56e09985df2e7d1577fbd6", "d564d5a4dcb61dc5158c6b3186500d024c7967e939ded2022c2e6ddedc85eec2", "d80dc6d0e21c9d90184dfce82e7c2c096fd51f9b960b2ae980a241b0228cee6f", "f018180e4ef3ede32fb9e05245d8516e42c3184d759764948ed8195ece490085", "f3da1652f11dbde56ad5cc69c88f35c2eec68c2c7b8d0b17a8d7c3b75458f9f2"], "ip": "192[.]74[.]252[.]41"}, {"hashes": ["9e293fd6304d5dd154309601ddd53c4e3e40ff3becf9122c7ce44652db16fced", "ad2cb6dd22ffe9aa308b34bbbe28c2fa80952a93ce0d887528eafde318842d1b"], "ip": "174[.]139[.]45[.]233"}, {"hashes": ["9e293fd6304d5dd154309601ddd53c4e3e40ff3becf9122c7ce44652db16fced", "ad2cb6dd22ffe9aa308b34bbbe28c2fa80952a93ce0d887528eafde318842d1b"], "ip": "174[.]139[.]45[.]235"}, {"hashes": ["acda870b5c066e866ab407ac99944a73a40d7f61fd19ea61030df72292045ae9"], "ip": "67[.]229[.]227[.]138"}, {"hashes": ["acda870b5c066e866ab407ac99944a73a40d7f61fd19ea61030df72292045ae9"], "ip": "67[.]229[.]227[.]140"}, {"hashes": ["30777b09bb050ec10f39aeb60c2c376634240b4b5d50b55f51d53118b7345d1b"], "ip": "174[.]139[.]124[.]214"}, {"hashes": ["30777b09bb050ec10f39aeb60c2c376634240b4b5d50b55f51d53118b7345d1b"], "ip": "174[.]139[.]124[.]213"}], "mutex": [{"hashes": ["1d8c9ffe319759e1cb0a03e8eab116c6bc6e6308ade851935f436d5482f8740a", "30777b09bb050ec10f39aeb60c2c376634240b4b5d50b55f51d53118b7345d1b", "33ad59a2f4938f21cb29a303f6fb296763912a141644a76d858ea47c14b53a24", "4553e2c6af9638d90e72cedd0cfe44485df41b2dc3a21a59f692e11c774008f5", "4c8aa7ab8f1ea2ff4224f5802e22da2faf30cafa73210e66938000509bc4cc5a", "65c9ce5807dc45323b1d259ad9a1c124b5742131c08a38f15f11a4778340061a", "6914f0a0387077cccad081c440324bef02950e6838c1baab8dfb535d05359147", "868a39d23fb29c6cc88e3d477839189ea5fa403cc63d5807397fb1c69473c227", "9e293fd6304d5dd154309601ddd53c4e3e40ff3becf9122c7ce44652db16fced", "9f27671c3d65737cf419b9f5c0e7a49040ffc473b01c002b843396f6cfdb108a", "a58ee6f6c469a0069de5dce0d1f7cedf312a390f85b4c6ddaafafb7cd9444f77", "ad2cb6dd22ffe9aa308b34bbbe28c2fa80952a93ce0d887528eafde318842d1b", "b1cd62f8d0628c6b93bfb2d34c78fd114c10952f6c878bb0f8e037c1d07459ab", "c2bce5bc128ab8d21cf7c89a351534d6da2400cfdb12f13e7bd7a4a385637785", "cea569bf85a1b3a3c5dde9e85419c8eda32c55456b56e09985df2e7d1577fbd6", "d564d5a4dcb61dc5158c6b3186500d024c7967e939ded2022c2e6ddedc85eec2", "d80dc6d0e21c9d90184dfce82e7c2c096fd51f9b960b2ae980a241b0228cee6f", "f018180e4ef3ede32fb9e05245d8516e42c3184d759764948ed8195ece490085", "f3da1652f11dbde56ad5cc69c88f35c2eec68c2c7b8d0b17a8d7c3b75458f9f2"], "name": "pldofjxf"}, {"hashes": ["1d8c9ffe319759e1cb0a03e8eab116c6bc6e6308ade851935f436d5482f8740a", "33ad59a2f4938f21cb29a303f6fb296763912a141644a76d858ea47c14b53a24", "4553e2c6af9638d90e72cedd0cfe44485df41b2dc3a21a59f692e11c774008f5", "4c8aa7ab8f1ea2ff4224f5802e22da2faf30cafa73210e66938000509bc4cc5a", "65c9ce5807dc45323b1d259ad9a1c124b5742131c08a38f15f11a4778340061a", "6914f0a0387077cccad081c440324bef02950e6838c1baab8dfb535d05359147", "868a39d23fb29c6cc88e3d477839189ea5fa403cc63d5807397fb1c69473c227", "9f27671c3d65737cf419b9f5c0e7a49040ffc473b01c002b843396f6cfdb108a", "a58ee6f6c469a0069de5dce0d1f7cedf312a390f85b4c6ddaafafb7cd9444f77", "b1cd62f8d0628c6b93bfb2d34c78fd114c10952f6c878bb0f8e037c1d07459ab", "c2bce5bc128ab8d21cf7c89a351534d6da2400cfdb12f13e7bd7a4a385637785", "cea569bf85a1b3a3c5dde9e85419c8eda32c55456b56e09985df2e7d1577fbd6", "d564d5a4dcb61dc5158c6b3186500d024c7967e939ded2022c2e6ddedc85eec2", "d80dc6d0e21c9d90184dfce82e7c2c096fd51f9b960b2ae980a241b0228cee6f", "f018180e4ef3ede32fb9e05245d8516e42c3184d759764948ed8195ece490085", "f3da1652f11dbde56ad5cc69c88f35c2eec68c2c7b8d0b17a8d7c3b75458f9f2"], "name": "192.74.252.42:8760"}, {"hashes": ["30777b09bb050ec10f39aeb60c2c376634240b4b5d50b55f51d53118b7345d1b", "65c9ce5807dc45323b1d259ad9a1c124b5742131c08a38f15f11a4778340061a", "868a39d23fb29c6cc88e3d477839189ea5fa403cc63d5807397fb1c69473c227", "c2bce5bc128ab8d21cf7c89a351534d6da2400cfdb12f13e7bd7a4a385637785"], "name": "AD.PLUSUNION.INFO:6620"}, {"hashes": ["30777b09bb050ec10f39aeb60c2c376634240b4b5d50b55f51d53118b7345d1b", "65c9ce5807dc45323b1d259ad9a1c124b5742131c08a38f15f11a4778340061a", "868a39d23fb29c6cc88e3d477839189ea5fa403cc63d5807397fb1c69473c227", "c2bce5bc128ab8d21cf7c89a351534d6da2400cfdb12f13e7bd7a4a385637785"], "name": "98.126.35.213:11111"}, {"hashes": ["9e293fd6304d5dd154309601ddd53c4e3e40ff3becf9122c7ce44652db16fced", "ad2cb6dd22ffe9aa308b34bbbe28c2fa80952a93ce0d887528eafde318842d1b"], "name": "174.139.45.233:8590"}, {"hashes": ["acda870b5c066e866ab407ac99944a73a40d7f61fd19ea61030df72292045ae9"], "name": "54565C31"}, {"hashes": ["acda870b5c066e866ab407ac99944a73a40d7f61fd19ea61030df72292045ae9"], "name": "67.229.227.138:19527"}, {"hashes": ["30777b09bb050ec10f39aeb60c2c376634240b4b5d50b55f51d53118b7345d1b"], "name": "174.139.124.214:3204"}], "registry": [{"hashes": ["1d8c9ffe319759e1cb0a03e8eab116c6bc6e6308ade851935f436d5482f8740a", "30777b09bb050ec10f39aeb60c2c376634240b4b5d50b55f51d53118b7345d1b", "33ad59a2f4938f21cb29a303f6fb296763912a141644a76d858ea47c14b53a24", "4553e2c6af9638d90e72cedd0cfe44485df41b2dc3a21a59f692e11c774008f5", "4c8aa7ab8f1ea2ff4224f5802e22da2faf30cafa73210e66938000509bc4cc5a", "65c9ce5807dc45323b1d259ad9a1c124b5742131c08a38f15f11a4778340061a", "6914f0a0387077cccad081c440324bef02950e6838c1baab8dfb535d05359147", "868a39d23fb29c6cc88e3d477839189ea5fa403cc63d5807397fb1c69473c227", "9e293fd6304d5dd154309601ddd53c4e3e40ff3becf9122c7ce44652db16fced", "9f27671c3d65737cf419b9f5c0e7a49040ffc473b01c002b843396f6cfdb108a", "a58ee6f6c469a0069de5dce0d1f7cedf312a390f85b4c6ddaafafb7cd9444f77", "acda870b5c066e866ab407ac99944a73a40d7f61fd19ea61030df72292045ae9", "ad2cb6dd22ffe9aa308b34bbbe28c2fa80952a93ce0d887528eafde318842d1b", "b1cd62f8d0628c6b93bfb2d34c78fd114c10952f6c878bb0f8e037c1d07459ab", "c2bce5bc128ab8d21cf7c89a351534d6da2400cfdb12f13e7bd7a4a385637785", "cea569bf85a1b3a3c5dde9e85419c8eda32c55456b56e09985df2e7d1577fbd6", "d564d5a4dcb61dc5158c6b3186500d024c7967e939ded2022c2e6ddedc85eec2", "d80dc6d0e21c9d90184dfce82e7c2c096fd51f9b960b2ae980a241b0228cee6f", "f018180e4ef3ede32fb9e05245d8516e42c3184d759764948ed8195ece490085", "f3da1652f11dbde56ad5cc69c88f35c2eec68c2c7b8d0b17a8d7c3b75458f9f2"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "TFM0N"}]}, "reports_count": 20}, "Win.Worm.Razy-9830714-0": {"bis": [{"bi": "antivirus-service-flagged-artifact", "hashes": ["d5c0b9da899246252e6b3990458994cdc7293aba2922ea53829dbfab32373bb8", "9e10842db131a270d42436cb4f2056f5d9f2bc0522c715211a0c7629b97afbd3", "b04c5b176df3486b09bb504e79427ec7c24b2ae74647867e6dbc0635875bcfda", "34cc5f14a6de79f130794f946911200cef9f4161d0f441fbcc8a4c04cc82cbed", "da61e01a3e719f3fb606f4c6c28005623c42f7cffcd8ab533699bfc2aef326d8", "4c51471ff27c1932316da37a036765e65b64842e5713e134ea56bc0caf3e1ff7", "c32129d73874e1f53709a018baf39fe9102131aab51126be4096d7311bb2d72e", "6ad7a1a2107a7529c9106ece35296f4d8384ecac3041311ce5a7206d74e38d74", "9708a1011bbd7e04516f73838dacef9bae938b7bc703c5ef04778f1a3a666d8c", "4e58a79e2238218c1d7b9923c0ef10612a0ecfd46266db111d59077ade487877", "af8f137861b30f088fcdf8ef1f25ca3b3137775316da840d3e999660bd9c9660", "c6d4df3c380b0de55d64911c15e76ae8256a4fbefd82d0ff38316ffcaa211898", "d88bd4d30ce3bd954210d1abfcbed1374909aaf257e24db7cdaf795ce30278fc", "eeb692f8759afa228fe3e4e49f8f64833bb7a583dbf4fce825f5493268b857da", "8f2cb4ea8bb5b59bb987a2e1739b37d9a57b755489f38947203bc667fbd09b54", "9b6d175496ffa18bd04f6c0d9c085a094579de208330395747c2097e1a866aab", "02a3f1471d35e500974a5c0b30150df7cc27c8e5bc3c13f03a36ec5755880de2", "1c809dbc9f4283efbe0a37bce81f6c277906398ad4451e22a7a30bb9b661a1da", "6ad954e44fa32853997f2e8a40684b59315b9857f0317a34dc394a3fc6b9dad0", "841056a6a45f548371b39779bd7ec518b0e2be2b514507745e41e37f69f29a27", "a60124a1ce771d9c5d1decde7760d7886172de3ac664ad05f1ee9e868927d34d", "dab4b0c7526989d97592d956fd3b120129cd5ac9168be01c7b2488921a2c9d3b", "9b91749b03bd6a37a482a85e4366ff258c6f52abc99db74c370840241c5c6b06", "969b53265de41528fd982faafc5ba7a1ca402b4098e07ef8ef776eb537f60e12", "53182608a2eecc1bb2d30315e2f477526705f253437012c69692586913c5d753"], "mitre_attack_tags": []}, {"bi": "pe-invalid-checksum", "hashes": ["d5c0b9da899246252e6b3990458994cdc7293aba2922ea53829dbfab32373bb8", "9e10842db131a270d42436cb4f2056f5d9f2bc0522c715211a0c7629b97afbd3", "b04c5b176df3486b09bb504e79427ec7c24b2ae74647867e6dbc0635875bcfda", "34cc5f14a6de79f130794f946911200cef9f4161d0f441fbcc8a4c04cc82cbed", "da61e01a3e719f3fb606f4c6c28005623c42f7cffcd8ab533699bfc2aef326d8", "4c51471ff27c1932316da37a036765e65b64842e5713e134ea56bc0caf3e1ff7", "c32129d73874e1f53709a018baf39fe9102131aab51126be4096d7311bb2d72e", "6ad7a1a2107a7529c9106ece35296f4d8384ecac3041311ce5a7206d74e38d74", "9708a1011bbd7e04516f73838dacef9bae938b7bc703c5ef04778f1a3a666d8c", "4e58a79e2238218c1d7b9923c0ef10612a0ecfd46266db111d59077ade487877", "af8f137861b30f088fcdf8ef1f25ca3b3137775316da840d3e999660bd9c9660", "c6d4df3c380b0de55d64911c15e76ae8256a4fbefd82d0ff38316ffcaa211898", "d88bd4d30ce3bd954210d1abfcbed1374909aaf257e24db7cdaf795ce30278fc", "eeb692f8759afa228fe3e4e49f8f64833bb7a583dbf4fce825f5493268b857da", "8f2cb4ea8bb5b59bb987a2e1739b37d9a57b755489f38947203bc667fbd09b54", "9b6d175496ffa18bd04f6c0d9c085a094579de208330395747c2097e1a866aab", "02a3f1471d35e500974a5c0b30150df7cc27c8e5bc3c13f03a36ec5755880de2", "1c809dbc9f4283efbe0a37bce81f6c277906398ad4451e22a7a30bb9b661a1da", "6ad954e44fa32853997f2e8a40684b59315b9857f0317a34dc394a3fc6b9dad0", "841056a6a45f548371b39779bd7ec518b0e2be2b514507745e41e37f69f29a27", "a60124a1ce771d9c5d1decde7760d7886172de3ac664ad05f1ee9e868927d34d", "dab4b0c7526989d97592d956fd3b120129cd5ac9168be01c7b2488921a2c9d3b", "9b91749b03bd6a37a482a85e4366ff258c6f52abc99db74c370840241c5c6b06", "969b53265de41528fd982faafc5ba7a1ca402b4098e07ef8ef776eb537f60e12", "53182608a2eecc1bb2d30315e2f477526705f253437012c69692586913c5d753"], "mitre_attack_tags": []}, {"bi": "cta-static-analyzer-malicious", "hashes": ["d5c0b9da899246252e6b3990458994cdc7293aba2922ea53829dbfab32373bb8", "9e10842db131a270d42436cb4f2056f5d9f2bc0522c715211a0c7629b97afbd3", "b04c5b176df3486b09bb504e79427ec7c24b2ae74647867e6dbc0635875bcfda", "34cc5f14a6de79f130794f946911200cef9f4161d0f441fbcc8a4c04cc82cbed", "da61e01a3e719f3fb606f4c6c28005623c42f7cffcd8ab533699bfc2aef326d8", "4c51471ff27c1932316da37a036765e65b64842e5713e134ea56bc0caf3e1ff7", "c32129d73874e1f53709a018baf39fe9102131aab51126be4096d7311bb2d72e", "6ad7a1a2107a7529c9106ece35296f4d8384ecac3041311ce5a7206d74e38d74", "9708a1011bbd7e04516f73838dacef9bae938b7bc703c5ef04778f1a3a666d8c", "4e58a79e2238218c1d7b9923c0ef10612a0ecfd46266db111d59077ade487877", "af8f137861b30f088fcdf8ef1f25ca3b3137775316da840d3e999660bd9c9660", "c6d4df3c380b0de55d64911c15e76ae8256a4fbefd82d0ff38316ffcaa211898", "d88bd4d30ce3bd954210d1abfcbed1374909aaf257e24db7cdaf795ce30278fc", "eeb692f8759afa228fe3e4e49f8f64833bb7a583dbf4fce825f5493268b857da", "8f2cb4ea8bb5b59bb987a2e1739b37d9a57b755489f38947203bc667fbd09b54", "9b6d175496ffa18bd04f6c0d9c085a094579de208330395747c2097e1a866aab", "02a3f1471d35e500974a5c0b30150df7cc27c8e5bc3c13f03a36ec5755880de2", "1c809dbc9f4283efbe0a37bce81f6c277906398ad4451e22a7a30bb9b661a1da", "6ad954e44fa32853997f2e8a40684b59315b9857f0317a34dc394a3fc6b9dad0", "841056a6a45f548371b39779bd7ec518b0e2be2b514507745e41e37f69f29a27", "a60124a1ce771d9c5d1decde7760d7886172de3ac664ad05f1ee9e868927d34d", "dab4b0c7526989d97592d956fd3b120129cd5ac9168be01c7b2488921a2c9d3b", "9b91749b03bd6a37a482a85e4366ff258c6f52abc99db74c370840241c5c6b06", "969b53265de41528fd982faafc5ba7a1ca402b4098e07ef8ef776eb537f60e12", "53182608a2eecc1bb2d30315e2f477526705f253437012c69692586913c5d753"], "mitre_attack_tags": []}, {"bi": "pe-section-execute-writable", "hashes": ["d5c0b9da899246252e6b3990458994cdc7293aba2922ea53829dbfab32373bb8", "9e10842db131a270d42436cb4f2056f5d9f2bc0522c715211a0c7629b97afbd3", "b04c5b176df3486b09bb504e79427ec7c24b2ae74647867e6dbc0635875bcfda", "34cc5f14a6de79f130794f946911200cef9f4161d0f441fbcc8a4c04cc82cbed", "da61e01a3e719f3fb606f4c6c28005623c42f7cffcd8ab533699bfc2aef326d8", "4c51471ff27c1932316da37a036765e65b64842e5713e134ea56bc0caf3e1ff7", "c32129d73874e1f53709a018baf39fe9102131aab51126be4096d7311bb2d72e", "6ad7a1a2107a7529c9106ece35296f4d8384ecac3041311ce5a7206d74e38d74", "9708a1011bbd7e04516f73838dacef9bae938b7bc703c5ef04778f1a3a666d8c", "4e58a79e2238218c1d7b9923c0ef10612a0ecfd46266db111d59077ade487877", "af8f137861b30f088fcdf8ef1f25ca3b3137775316da840d3e999660bd9c9660", "c6d4df3c380b0de55d64911c15e76ae8256a4fbefd82d0ff38316ffcaa211898", "d88bd4d30ce3bd954210d1abfcbed1374909aaf257e24db7cdaf795ce30278fc", "eeb692f8759afa228fe3e4e49f8f64833bb7a583dbf4fce825f5493268b857da", "8f2cb4ea8bb5b59bb987a2e1739b37d9a57b755489f38947203bc667fbd09b54", "9b6d175496ffa18bd04f6c0d9c085a094579de208330395747c2097e1a866aab", "02a3f1471d35e500974a5c0b30150df7cc27c8e5bc3c13f03a36ec5755880de2", "1c809dbc9f4283efbe0a37bce81f6c277906398ad4451e22a7a30bb9b661a1da", "6ad954e44fa32853997f2e8a40684b59315b9857f0317a34dc394a3fc6b9dad0", "841056a6a45f548371b39779bd7ec518b0e2be2b514507745e41e37f69f29a27", "a60124a1ce771d9c5d1decde7760d7886172de3ac664ad05f1ee9e868927d34d", "dab4b0c7526989d97592d956fd3b120129cd5ac9168be01c7b2488921a2c9d3b", "9b91749b03bd6a37a482a85e4366ff258c6f52abc99db74c370840241c5c6b06", "969b53265de41528fd982faafc5ba7a1ca402b4098e07ef8ef776eb537f60e12", "53182608a2eecc1bb2d30315e2f477526705f253437012c69692586913c5d753"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "artifact-flagged-vm", "hashes": ["d5c0b9da899246252e6b3990458994cdc7293aba2922ea53829dbfab32373bb8", "9e10842db131a270d42436cb4f2056f5d9f2bc0522c715211a0c7629b97afbd3", "b04c5b176df3486b09bb504e79427ec7c24b2ae74647867e6dbc0635875bcfda", "34cc5f14a6de79f130794f946911200cef9f4161d0f441fbcc8a4c04cc82cbed", "da61e01a3e719f3fb606f4c6c28005623c42f7cffcd8ab533699bfc2aef326d8", "4c51471ff27c1932316da37a036765e65b64842e5713e134ea56bc0caf3e1ff7", "c32129d73874e1f53709a018baf39fe9102131aab51126be4096d7311bb2d72e", "6ad7a1a2107a7529c9106ece35296f4d8384ecac3041311ce5a7206d74e38d74", "9708a1011bbd7e04516f73838dacef9bae938b7bc703c5ef04778f1a3a666d8c", "4e58a79e2238218c1d7b9923c0ef10612a0ecfd46266db111d59077ade487877", "af8f137861b30f088fcdf8ef1f25ca3b3137775316da840d3e999660bd9c9660", "c6d4df3c380b0de55d64911c15e76ae8256a4fbefd82d0ff38316ffcaa211898", "d88bd4d30ce3bd954210d1abfcbed1374909aaf257e24db7cdaf795ce30278fc", "eeb692f8759afa228fe3e4e49f8f64833bb7a583dbf4fce825f5493268b857da", "8f2cb4ea8bb5b59bb987a2e1739b37d9a57b755489f38947203bc667fbd09b54", "9b6d175496ffa18bd04f6c0d9c085a094579de208330395747c2097e1a866aab", "02a3f1471d35e500974a5c0b30150df7cc27c8e5bc3c13f03a36ec5755880de2", "1c809dbc9f4283efbe0a37bce81f6c277906398ad4451e22a7a30bb9b661a1da", "6ad954e44fa32853997f2e8a40684b59315b9857f0317a34dc394a3fc6b9dad0", "841056a6a45f548371b39779bd7ec518b0e2be2b514507745e41e37f69f29a27", "a60124a1ce771d9c5d1decde7760d7886172de3ac664ad05f1ee9e868927d34d", "dab4b0c7526989d97592d956fd3b120129cd5ac9168be01c7b2488921a2c9d3b", "9b91749b03bd6a37a482a85e4366ff258c6f52abc99db74c370840241c5c6b06", "969b53265de41528fd982faafc5ba7a1ca402b4098e07ef8ef776eb537f60e12", "53182608a2eecc1bb2d30315e2f477526705f253437012c69692586913c5d753"], "mitre_attack_tags": ["TA0005", "TA0007", "T1497"]}], "category": "Worm", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": false, "Threat Grid": true, "Umbrella": false, "WSA": false}, "description": "Razy is oftentimes a generic detection name for a Windows trojan. It collects sensitive information from the infected host and encrypt the data, and send it to a command and control (C2) server. Information collected might include screenshots. The samples modify auto-execute functionality by setting and creating a value in the registry for persistence.", "hashes": ["02a3f1471d35e500974a5c0b30150df7cc27c8e5bc3c13f03a36ec5755880de2", "1c809dbc9f4283efbe0a37bce81f6c277906398ad4451e22a7a30bb9b661a1da", "34cc5f14a6de79f130794f946911200cef9f4161d0f441fbcc8a4c04cc82cbed", "4c51471ff27c1932316da37a036765e65b64842e5713e134ea56bc0caf3e1ff7", "4e58a79e2238218c1d7b9923c0ef10612a0ecfd46266db111d59077ade487877", "53182608a2eecc1bb2d30315e2f477526705f253437012c69692586913c5d753", "6ad7a1a2107a7529c9106ece35296f4d8384ecac3041311ce5a7206d74e38d74", "6ad954e44fa32853997f2e8a40684b59315b9857f0317a34dc394a3fc6b9dad0", "841056a6a45f548371b39779bd7ec518b0e2be2b514507745e41e37f69f29a27", "8f2cb4ea8bb5b59bb987a2e1739b37d9a57b755489f38947203bc667fbd09b54", "969b53265de41528fd982faafc5ba7a1ca402b4098e07ef8ef776eb537f60e12", "9708a1011bbd7e04516f73838dacef9bae938b7bc703c5ef04778f1a3a666d8c", "9b6d175496ffa18bd04f6c0d9c085a094579de208330395747c2097e1a866aab", "9b91749b03bd6a37a482a85e4366ff258c6f52abc99db74c370840241c5c6b06", "9e10842db131a270d42436cb4f2056f5d9f2bc0522c715211a0c7629b97afbd3", "a60124a1ce771d9c5d1decde7760d7886172de3ac664ad05f1ee9e868927d34d", "af8f137861b30f088fcdf8ef1f25ca3b3137775316da840d3e999660bd9c9660", "b04c5b176df3486b09bb504e79427ec7c24b2ae74647867e6dbc0635875bcfda", "c32129d73874e1f53709a018baf39fe9102131aab51126be4096d7311bb2d72e", "c6d4df3c380b0de55d64911c15e76ae8256a4fbefd82d0ff38316ffcaa211898", "d5c0b9da899246252e6b3990458994cdc7293aba2922ea53829dbfab32373bb8", "d88bd4d30ce3bd954210d1abfcbed1374909aaf257e24db7cdaf795ce30278fc", "da61e01a3e719f3fb606f4c6c28005623c42f7cffcd8ab533699bfc2aef326d8", "dab4b0c7526989d97592d956fd3b120129cd5ac9168be01c7b2488921a2c9d3b", "eeb692f8759afa228fe3e4e49f8f64833bb7a583dbf4fce825f5493268b857da", "eed29098d4b2509f641269976d8edd865ef231a5f45e3bdea0d0f2668b947bf0", "f5728b07d0377cad3ff67a4b6b128e507ae51fea6730f6db31ed823f242d8564", "fdc77093d55e59dca1a6b2cfc8295d1407d98196ab668c33197731e74fdc836d"], "iocs": {"domain": [{"hashes": ["02a3f1471d35e500974a5c0b30150df7cc27c8e5bc3c13f03a36ec5755880de2", "1c809dbc9f4283efbe0a37bce81f6c277906398ad4451e22a7a30bb9b661a1da", "4c51471ff27c1932316da37a036765e65b64842e5713e134ea56bc0caf3e1ff7", "4e58a79e2238218c1d7b9923c0ef10612a0ecfd46266db111d59077ade487877", "53182608a2eecc1bb2d30315e2f477526705f253437012c69692586913c5d753", "6ad7a1a2107a7529c9106ece35296f4d8384ecac3041311ce5a7206d74e38d74", "6ad954e44fa32853997f2e8a40684b59315b9857f0317a34dc394a3fc6b9dad0", "841056a6a45f548371b39779bd7ec518b0e2be2b514507745e41e37f69f29a27", "969b53265de41528fd982faafc5ba7a1ca402b4098e07ef8ef776eb537f60e12", "9708a1011bbd7e04516f73838dacef9bae938b7bc703c5ef04778f1a3a666d8c", "9b6d175496ffa18bd04f6c0d9c085a094579de208330395747c2097e1a866aab", "9b91749b03bd6a37a482a85e4366ff258c6f52abc99db74c370840241c5c6b06", "9e10842db131a270d42436cb4f2056f5d9f2bc0522c715211a0c7629b97afbd3", "a60124a1ce771d9c5d1decde7760d7886172de3ac664ad05f1ee9e868927d34d", "af8f137861b30f088fcdf8ef1f25ca3b3137775316da840d3e999660bd9c9660", "b04c5b176df3486b09bb504e79427ec7c24b2ae74647867e6dbc0635875bcfda", "c32129d73874e1f53709a018baf39fe9102131aab51126be4096d7311bb2d72e", "c6d4df3c380b0de55d64911c15e76ae8256a4fbefd82d0ff38316ffcaa211898", "d5c0b9da899246252e6b3990458994cdc7293aba2922ea53829dbfab32373bb8", "d88bd4d30ce3bd954210d1abfcbed1374909aaf257e24db7cdaf795ce30278fc", "da61e01a3e719f3fb606f4c6c28005623c42f7cffcd8ab533699bfc2aef326d8", "dab4b0c7526989d97592d956fd3b120129cd5ac9168be01c7b2488921a2c9d3b", "eeb692f8759afa228fe3e4e49f8f64833bb7a583dbf4fce825f5493268b857da"], "host": "blogx[.]sina[.]com[.]cn"}, {"hashes": ["02a3f1471d35e500974a5c0b30150df7cc27c8e5bc3c13f03a36ec5755880de2", "1c809dbc9f4283efbe0a37bce81f6c277906398ad4451e22a7a30bb9b661a1da", "4c51471ff27c1932316da37a036765e65b64842e5713e134ea56bc0caf3e1ff7", "4e58a79e2238218c1d7b9923c0ef10612a0ecfd46266db111d59077ade487877", "53182608a2eecc1bb2d30315e2f477526705f253437012c69692586913c5d753", "6ad7a1a2107a7529c9106ece35296f4d8384ecac3041311ce5a7206d74e38d74", "6ad954e44fa32853997f2e8a40684b59315b9857f0317a34dc394a3fc6b9dad0", "841056a6a45f548371b39779bd7ec518b0e2be2b514507745e41e37f69f29a27", "969b53265de41528fd982faafc5ba7a1ca402b4098e07ef8ef776eb537f60e12", "9708a1011bbd7e04516f73838dacef9bae938b7bc703c5ef04778f1a3a666d8c", "9b6d175496ffa18bd04f6c0d9c085a094579de208330395747c2097e1a866aab", "9b91749b03bd6a37a482a85e4366ff258c6f52abc99db74c370840241c5c6b06", "9e10842db131a270d42436cb4f2056f5d9f2bc0522c715211a0c7629b97afbd3", "a60124a1ce771d9c5d1decde7760d7886172de3ac664ad05f1ee9e868927d34d", "af8f137861b30f088fcdf8ef1f25ca3b3137775316da840d3e999660bd9c9660", "b04c5b176df3486b09bb504e79427ec7c24b2ae74647867e6dbc0635875bcfda", "c32129d73874e1f53709a018baf39fe9102131aab51126be4096d7311bb2d72e", "c6d4df3c380b0de55d64911c15e76ae8256a4fbefd82d0ff38316ffcaa211898", "d5c0b9da899246252e6b3990458994cdc7293aba2922ea53829dbfab32373bb8", "d88bd4d30ce3bd954210d1abfcbed1374909aaf257e24db7cdaf795ce30278fc", "da61e01a3e719f3fb606f4c6c28005623c42f7cffcd8ab533699bfc2aef326d8", "dab4b0c7526989d97592d956fd3b120129cd5ac9168be01c7b2488921a2c9d3b", "eeb692f8759afa228fe3e4e49f8f64833bb7a583dbf4fce825f5493268b857da"], "host": "blog[.]sina[.]com[.]cn"}], "file": [{"hashes": ["02a3f1471d35e500974a5c0b30150df7cc27c8e5bc3c13f03a36ec5755880de2", "1c809dbc9f4283efbe0a37bce81f6c277906398ad4451e22a7a30bb9b661a1da", "34cc5f14a6de79f130794f946911200cef9f4161d0f441fbcc8a4c04cc82cbed", "4e58a79e2238218c1d7b9923c0ef10612a0ecfd46266db111d59077ade487877", "53182608a2eecc1bb2d30315e2f477526705f253437012c69692586913c5d753", "6ad954e44fa32853997f2e8a40684b59315b9857f0317a34dc394a3fc6b9dad0", "841056a6a45f548371b39779bd7ec518b0e2be2b514507745e41e37f69f29a27", "8f2cb4ea8bb5b59bb987a2e1739b37d9a57b755489f38947203bc667fbd09b54", "969b53265de41528fd982faafc5ba7a1ca402b4098e07ef8ef776eb537f60e12", "9708a1011bbd7e04516f73838dacef9bae938b7bc703c5ef04778f1a3a666d8c", "9b6d175496ffa18bd04f6c0d9c085a094579de208330395747c2097e1a866aab", "9b91749b03bd6a37a482a85e4366ff258c6f52abc99db74c370840241c5c6b06", "9e10842db131a270d42436cb4f2056f5d9f2bc0522c715211a0c7629b97afbd3", "a60124a1ce771d9c5d1decde7760d7886172de3ac664ad05f1ee9e868927d34d", "af8f137861b30f088fcdf8ef1f25ca3b3137775316da840d3e999660bd9c9660", "b04c5b176df3486b09bb504e79427ec7c24b2ae74647867e6dbc0635875bcfda", "c32129d73874e1f53709a018baf39fe9102131aab51126be4096d7311bb2d72e", "c6d4df3c380b0de55d64911c15e76ae8256a4fbefd82d0ff38316ffcaa211898", "d5c0b9da899246252e6b3990458994cdc7293aba2922ea53829dbfab32373bb8", "d88bd4d30ce3bd954210d1abfcbed1374909aaf257e24db7cdaf795ce30278fc", "da61e01a3e719f3fb606f4c6c28005623c42f7cffcd8ab533699bfc2aef326d8", "dab4b0c7526989d97592d956fd3b120129cd5ac9168be01c7b2488921a2c9d3b", "eeb692f8759afa228fe3e4e49f8f64833bb7a583dbf4fce825f5493268b857da"], "path": "\\1.txt"}], "ip": [{"hashes": ["02a3f1471d35e500974a5c0b30150df7cc27c8e5bc3c13f03a36ec5755880de2", "1c809dbc9f4283efbe0a37bce81f6c277906398ad4451e22a7a30bb9b661a1da", "4c51471ff27c1932316da37a036765e65b64842e5713e134ea56bc0caf3e1ff7", "4e58a79e2238218c1d7b9923c0ef10612a0ecfd46266db111d59077ade487877", "53182608a2eecc1bb2d30315e2f477526705f253437012c69692586913c5d753", "6ad7a1a2107a7529c9106ece35296f4d8384ecac3041311ce5a7206d74e38d74", "6ad954e44fa32853997f2e8a40684b59315b9857f0317a34dc394a3fc6b9dad0", "841056a6a45f548371b39779bd7ec518b0e2be2b514507745e41e37f69f29a27", "969b53265de41528fd982faafc5ba7a1ca402b4098e07ef8ef776eb537f60e12", "9708a1011bbd7e04516f73838dacef9bae938b7bc703c5ef04778f1a3a666d8c", "9b6d175496ffa18bd04f6c0d9c085a094579de208330395747c2097e1a866aab", "9b91749b03bd6a37a482a85e4366ff258c6f52abc99db74c370840241c5c6b06", "9e10842db131a270d42436cb4f2056f5d9f2bc0522c715211a0c7629b97afbd3", "a60124a1ce771d9c5d1decde7760d7886172de3ac664ad05f1ee9e868927d34d", "af8f137861b30f088fcdf8ef1f25ca3b3137775316da840d3e999660bd9c9660", "b04c5b176df3486b09bb504e79427ec7c24b2ae74647867e6dbc0635875bcfda", "c32129d73874e1f53709a018baf39fe9102131aab51126be4096d7311bb2d72e", "c6d4df3c380b0de55d64911c15e76ae8256a4fbefd82d0ff38316ffcaa211898", "d5c0b9da899246252e6b3990458994cdc7293aba2922ea53829dbfab32373bb8", "d88bd4d30ce3bd954210d1abfcbed1374909aaf257e24db7cdaf795ce30278fc", "da61e01a3e719f3fb606f4c6c28005623c42f7cffcd8ab533699bfc2aef326d8", "dab4b0c7526989d97592d956fd3b120129cd5ac9168be01c7b2488921a2c9d3b", "eeb692f8759afa228fe3e4e49f8f64833bb7a583dbf4fce825f5493268b857da"], "ip": "107[.]163[.]56[.]110"}, {"hashes": ["02a3f1471d35e500974a5c0b30150df7cc27c8e5bc3c13f03a36ec5755880de2", "1c809dbc9f4283efbe0a37bce81f6c277906398ad4451e22a7a30bb9b661a1da", "4c51471ff27c1932316da37a036765e65b64842e5713e134ea56bc0caf3e1ff7", "4e58a79e2238218c1d7b9923c0ef10612a0ecfd46266db111d59077ade487877", "53182608a2eecc1bb2d30315e2f477526705f253437012c69692586913c5d753", "6ad7a1a2107a7529c9106ece35296f4d8384ecac3041311ce5a7206d74e38d74", "6ad954e44fa32853997f2e8a40684b59315b9857f0317a34dc394a3fc6b9dad0", "841056a6a45f548371b39779bd7ec518b0e2be2b514507745e41e37f69f29a27", "969b53265de41528fd982faafc5ba7a1ca402b4098e07ef8ef776eb537f60e12", "9708a1011bbd7e04516f73838dacef9bae938b7bc703c5ef04778f1a3a666d8c", "9b6d175496ffa18bd04f6c0d9c085a094579de208330395747c2097e1a866aab", "9b91749b03bd6a37a482a85e4366ff258c6f52abc99db74c370840241c5c6b06", "9e10842db131a270d42436cb4f2056f5d9f2bc0522c715211a0c7629b97afbd3", "a60124a1ce771d9c5d1decde7760d7886172de3ac664ad05f1ee9e868927d34d", "af8f137861b30f088fcdf8ef1f25ca3b3137775316da840d3e999660bd9c9660", "b04c5b176df3486b09bb504e79427ec7c24b2ae74647867e6dbc0635875bcfda", "c32129d73874e1f53709a018baf39fe9102131aab51126be4096d7311bb2d72e", "c6d4df3c380b0de55d64911c15e76ae8256a4fbefd82d0ff38316ffcaa211898", "d5c0b9da899246252e6b3990458994cdc7293aba2922ea53829dbfab32373bb8", "d88bd4d30ce3bd954210d1abfcbed1374909aaf257e24db7cdaf795ce30278fc", "da61e01a3e719f3fb606f4c6c28005623c42f7cffcd8ab533699bfc2aef326d8", "dab4b0c7526989d97592d956fd3b120129cd5ac9168be01c7b2488921a2c9d3b", "eeb692f8759afa228fe3e4e49f8f64833bb7a583dbf4fce825f5493268b857da"], "ip": "174[.]139[.]6[.]44"}, {"hashes": ["02a3f1471d35e500974a5c0b30150df7cc27c8e5bc3c13f03a36ec5755880de2", "1c809dbc9f4283efbe0a37bce81f6c277906398ad4451e22a7a30bb9b661a1da", "4c51471ff27c1932316da37a036765e65b64842e5713e134ea56bc0caf3e1ff7", "4e58a79e2238218c1d7b9923c0ef10612a0ecfd46266db111d59077ade487877", "53182608a2eecc1bb2d30315e2f477526705f253437012c69692586913c5d753", "6ad7a1a2107a7529c9106ece35296f4d8384ecac3041311ce5a7206d74e38d74", "6ad954e44fa32853997f2e8a40684b59315b9857f0317a34dc394a3fc6b9dad0", "841056a6a45f548371b39779bd7ec518b0e2be2b514507745e41e37f69f29a27", "969b53265de41528fd982faafc5ba7a1ca402b4098e07ef8ef776eb537f60e12", "9708a1011bbd7e04516f73838dacef9bae938b7bc703c5ef04778f1a3a666d8c", "9b6d175496ffa18bd04f6c0d9c085a094579de208330395747c2097e1a866aab", "9b91749b03bd6a37a482a85e4366ff258c6f52abc99db74c370840241c5c6b06", "9e10842db131a270d42436cb4f2056f5d9f2bc0522c715211a0c7629b97afbd3", "a60124a1ce771d9c5d1decde7760d7886172de3ac664ad05f1ee9e868927d34d", "af8f137861b30f088fcdf8ef1f25ca3b3137775316da840d3e999660bd9c9660", "b04c5b176df3486b09bb504e79427ec7c24b2ae74647867e6dbc0635875bcfda", "c32129d73874e1f53709a018baf39fe9102131aab51126be4096d7311bb2d72e", "c6d4df3c380b0de55d64911c15e76ae8256a4fbefd82d0ff38316ffcaa211898", "d5c0b9da899246252e6b3990458994cdc7293aba2922ea53829dbfab32373bb8", "d88bd4d30ce3bd954210d1abfcbed1374909aaf257e24db7cdaf795ce30278fc", "da61e01a3e719f3fb606f4c6c28005623c42f7cffcd8ab533699bfc2aef326d8", "dab4b0c7526989d97592d956fd3b120129cd5ac9168be01c7b2488921a2c9d3b", "eeb692f8759afa228fe3e4e49f8f64833bb7a583dbf4fce825f5493268b857da"], "ip": "123[.]126[.]45[.]92"}, {"hashes": ["02a3f1471d35e500974a5c0b30150df7cc27c8e5bc3c13f03a36ec5755880de2", "1c809dbc9f4283efbe0a37bce81f6c277906398ad4451e22a7a30bb9b661a1da", "4c51471ff27c1932316da37a036765e65b64842e5713e134ea56bc0caf3e1ff7", "4e58a79e2238218c1d7b9923c0ef10612a0ecfd46266db111d59077ade487877", "53182608a2eecc1bb2d30315e2f477526705f253437012c69692586913c5d753", "6ad7a1a2107a7529c9106ece35296f4d8384ecac3041311ce5a7206d74e38d74", "6ad954e44fa32853997f2e8a40684b59315b9857f0317a34dc394a3fc6b9dad0", "841056a6a45f548371b39779bd7ec518b0e2be2b514507745e41e37f69f29a27", "969b53265de41528fd982faafc5ba7a1ca402b4098e07ef8ef776eb537f60e12", "9708a1011bbd7e04516f73838dacef9bae938b7bc703c5ef04778f1a3a666d8c", "9b6d175496ffa18bd04f6c0d9c085a094579de208330395747c2097e1a866aab", "9b91749b03bd6a37a482a85e4366ff258c6f52abc99db74c370840241c5c6b06", "9e10842db131a270d42436cb4f2056f5d9f2bc0522c715211a0c7629b97afbd3", "a60124a1ce771d9c5d1decde7760d7886172de3ac664ad05f1ee9e868927d34d", "af8f137861b30f088fcdf8ef1f25ca3b3137775316da840d3e999660bd9c9660", "b04c5b176df3486b09bb504e79427ec7c24b2ae74647867e6dbc0635875bcfda", "c32129d73874e1f53709a018baf39fe9102131aab51126be4096d7311bb2d72e", "c6d4df3c380b0de55d64911c15e76ae8256a4fbefd82d0ff38316ffcaa211898", "d5c0b9da899246252e6b3990458994cdc7293aba2922ea53829dbfab32373bb8", "d88bd4d30ce3bd954210d1abfcbed1374909aaf257e24db7cdaf795ce30278fc", "da61e01a3e719f3fb606f4c6c28005623c42f7cffcd8ab533699bfc2aef326d8", "dab4b0c7526989d97592d956fd3b120129cd5ac9168be01c7b2488921a2c9d3b", "eeb692f8759afa228fe3e4e49f8f64833bb7a583dbf4fce825f5493268b857da"], "ip": "174[.]139[.]6[.]42/31"}], "mutex": [{"hashes": ["4c51471ff27c1932316da37a036765e65b64842e5713e134ea56bc0caf3e1ff7"], "name": "174.139.6.42:3204"}, {"hashes": ["4c51471ff27c1932316da37a036765e65b64842e5713e134ea56bc0caf3e1ff7"], "name": "M174.139.6.42:3204"}], "registry": []}, "reports_count": 25}, "exprev": [{"count": 13544, "description": "Process hollowing is a technique used by some programs to avoid static analysis. In typical usage, a process is started and its obfuscated or encrypted contents are unpacked into memory. The parent then manually sets up the first stages of launching a child process, but before launching it, the memory is cleared and filled in with the memory from the parent instead.", "name": "Process hollowing detected"}, {"count": 7655, "description": "Crystalbit-Apple DLL double hijack was detected. During this attack, the adversary abuses two legitimate vendor applications, such as CrystalBit and Apple, as part of a dll double hijack attack chain that starts with a fraudulent software bundle and eventually leads to a persistent miner and in some cases spyware deployment.", "name": "Crystalbit-Apple DLL double hijack detected"}, {"count": 1571, "description": "A PowerShell command with a very long command line argument that may indicate an obfuscated script has been detected. PowerShell is an extensible Windows scripting language present on all versions of Windows. Malware authors use PowerShell in an attempt to evade security software or other monitoring that is not tuned to detect PowerShell based threats.", "name": "Excessively long PowerShell command detected"}, {"count": 1547, "description": "A process associated with Microsoft Office, such as EXCEL.exe or WINWORD.exe, has started a Windows utility such as powershell.exe or cmd.exe. This is typical behavior of malicious documents executing additional scripts. This behavior is extremely suspicious and is associated with many malware different malware campaigns and families.", "name": "A Microsoft Office process has started a windows utility."}, {"count": 745, "description": "An attempt to bypass application whitelisting via the \"Squiblydoo\" technique has been detected. This typically involves using regsvr32.exe to execute script content hosted on an attacker controlled server.", "name": "Squiblydoo application whitelist bypass attempt detected."}, {"count": 556, "description": "A process was injected into, most likely by an existing Kovter infection. Kovter is a click fraud Trojan that can also act as an information stealer. Kovter is also file-less malware meaning the malicious DLL is stored inside Windows registry and injected directly into memory using PowerShell. It can detect and report the usage of monitoring software such as wireshark and sandboxes to its C2. It spreads through malicious advertising and spam campaigns.", "name": "Kovter injection detected"}, {"count": 173, "description": "Gamarue is a family of malware that can download files and steal information from an infected system. Worm variants of the Gamarue family may spread by infecting USB drives or portable hard disks that have been plugged into a compromised system.", "name": "Gamarue malware detected"}, {"count": 120, "description": "DealPly is adware, which claims to improve your online shopping experience. It is often bundled into other legitimate installers and is difficult to uninstall. It creates pop-up advertisements and injects advertisements on webpages. Adware has also been known to download and install malware.", "name": "Dealply adware detected"}, {"count": 69, "description": "An attempt to exploit CVE-2019-0708 has been detected. The vulnerability, dubbed BlueKeep, is a heap memory corruption which can be triggered by sending a specially crafted Remote Desktop Protocol (RDP) request. Since this vulnerability can be triggered without authentication and allows remote code execution, it can be used by worms to spread automatically without human interaction.", "name": "CVE-2019-0708 detected"}, {"count": 37, "description": "Maze ransomware has been detected injecting into rundll32.exe or regsvr32.exe. Maze can encrypt files on the victim and demand a ransom. It can also exfiltrate data back to the attacker prior to encryption.", "name": "Maze ransomware detected"}, {"count": 25, "description": "Houdini/HWORM detected. This worm uses an obfuscated VBScript to drop additional malware such as njRAT.", "name": "Houdini/HWORM detected"}, {"count": 25, "description": "A site commonly used by fileless malware to download additional data has been detected. Several different families of malware have been observed using these sites to download additional stages to inject into other processes.", "name": "Possible fileless malware download"}, {"count": 19, "description": "Install core is an installer which bundles legitimate applications with offers for additional third-party applications that may be unwanted. The unwanted applications are often adware that display advertising in the form of popups or by injecting into browsers and adding or altering advertisements on webpages. Adware is known to sometimes download and install malware.", "name": "Installcore adware detected"}, {"count": 11, "description": "An exploit payload intended to connect back to an attacker controlled host using tcp has been detected.", "name": "Reverse tcp payload detected"}, {"count": 10, "description": "Smoke Loader has been detected. Smokeloader is used mainly to execute other malicious software, like ransomware or cryptocurrency miners. Its initial infection vector is usually an email with a malicious Microsoft Word document or delivered through an exploit kit. Smokeloader uses various plugins designed to steal data from its victims, particularly credentials stored on the system or transfered over HTTP, HTTPS, FTP, SMTP, POP3 or IMAP.", "name": "Smoke Loader detected"}, {"count": 9, "description": "A malware dropper has been detected. A dropper will download or unpack addtional malware during it's execution. A variety of techniques can be employed for the payload to gain persistence and escalate privelege if neccessary.", "name": "Malware dropper detected"}, {"count": 7, "description": "Corebot is a Trojan with many capabilities found in other prominent families. It features a plugin system to enable it to load a variety of features from the C&C server at any time. Known plugins include RAT capabilities such as taking desktop screenshots, as well as being able to intercept and modify browser communications and steal data, especially data related to banking.", "name": "Corebot malware detected"}], "info": {"origin": "Cisco Talos Intelligence Group", "publication_date": "2021-02-12T16:33:27+00:00", "version": "2.1", "warning": "As a reminder, the information provided for the following threatsin this post is non-exhaustive and current as of the date ofpublication. Additionally, please keep in mind that IOC searchingis only one part of threat hunting. Spotting a single IOC does notnecessarily indicate maliciousness. Detection and coverage for thefollowing threats is subject to updates, pending additional threator vulnerability analysis. For the most current information, pleaserefer to your Firepower Management Center, Snort.org, or ClamAV.net."}, "signatures": ["Win.Worm.Razy-9830714-0", "Win.Dropper.Zbot-9830578-0", "Win.Dropper.Kovter-9829554-1", "Win.Dropper.Cerber-9829555-1", "Win.Dropper.Emotet-9829584-0", "Win.Packed.Dridex-9829614-1", "Win.Worm.Gh0stRAT-9829943-1", "Win.Dropper.DarkComet-9829678-1", "Win.Dropper.HawkEye-9829906-0"]}