{"Win.Malware.Gamarue-9831273-0": {"bis": [{"bi": "pe-encrypted-section", "hashes": ["a8af41cc614d3851860eed0ec845c0301b119d4dfc1587a239b4e3d66e74a8d1", "e94d2344c041ac575285613a13541dc1601bd3d79399edddace84964a733281f", "cffc78e64ca2533de6c216b9420fde1e51884ac2b82e340a400466ed96002017", "66b3c23a633df3972a047362c616bd7bd003940977a251b5af854ce36ccb0e19", "d11ef65cbac6ed9973b667181acd05c021f5f5af6a944ac9be1e8694905d87af", "6354765d4962239b83d51578bc799b55ccc5554a8fab6ebe8a0a2b07afa23c3f", "af1a1eff9838709bead50e1aaacd900dfb786244bf9011d63290188e9f08d16f", "5b244022ae7d5b464176b46d5d4b242f5ccda7c404582f49e298588e158f0286", "d370a634eff1bf62d4732521f199eae8280b8a82f7983ea7beddd85c8a7b7c9c", "7e73dc8d96bf9474a02508c89bbd303108b6aec394d92e8f82235e61427d82f8", "c17fdfde5ec4fb24c28ee4707b0445649384bb92de6814a66e330efad277f6b8", "6cee2598da13d14ccc6f3e785de28a40dd45b0522c227f9a69998db3d28148e9", "7f7a485b67fb5f5a583ad6af699bcda1732f6b4c3d0f4e7126c57e3312bb7616", "6c66cb2982ab8d7ed7df748e1ff87daf8bf55f6ddf7126226ffcb920e49da719", "c55cdb071870b0b9e1f50dfb310e8f6b78afcf19bdfec3b5be913cf189538a44", "b9943d65b39622411a668ff43eb3ffea754c6d29c04b3489d6d09125ed095b7e", "e90efdf2736e36ab2a00add2e6663ee229222088b6109c0bae221ee2a56ff3bc", "bb905066d588ca1cbd907b80ac93278e57e565136e76fea12ca14419f204f7a9", "a4f07bb94efd3faaec930bf73c2ece6e4a8512a14983445b22d396eccde4aa6e", "1aa0868d7d776c38e89a484a5ecb317c85a7b82e53c468c21b0dcb35125fac09", "65eec9f4e3b8c629084b17ee78ad59082faa77bafaf7ca6280e9385c8f500779", "c38d8c9c6d6fc2de066cde9c26d59f2dd8576c97889129f711abd5b1d773832a", "52fe675ddb9df4128e5ee394dd1c13fb77d2f583596b31373c938a49c0b52124", "a0d02c35c4900c56042c820357f9df11f6a34ed0e141c3517621c18892a60636"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "memory-execute-readwrite", "hashes": ["a8af41cc614d3851860eed0ec845c0301b119d4dfc1587a239b4e3d66e74a8d1", "e94d2344c041ac575285613a13541dc1601bd3d79399edddace84964a733281f", "cffc78e64ca2533de6c216b9420fde1e51884ac2b82e340a400466ed96002017", "66b3c23a633df3972a047362c616bd7bd003940977a251b5af854ce36ccb0e19", "d11ef65cbac6ed9973b667181acd05c021f5f5af6a944ac9be1e8694905d87af", "6354765d4962239b83d51578bc799b55ccc5554a8fab6ebe8a0a2b07afa23c3f", "af1a1eff9838709bead50e1aaacd900dfb786244bf9011d63290188e9f08d16f", "5b244022ae7d5b464176b46d5d4b242f5ccda7c404582f49e298588e158f0286", "d370a634eff1bf62d4732521f199eae8280b8a82f7983ea7beddd85c8a7b7c9c", "7e73dc8d96bf9474a02508c89bbd303108b6aec394d92e8f82235e61427d82f8", "c17fdfde5ec4fb24c28ee4707b0445649384bb92de6814a66e330efad277f6b8", "6cee2598da13d14ccc6f3e785de28a40dd45b0522c227f9a69998db3d28148e9", "7f7a485b67fb5f5a583ad6af699bcda1732f6b4c3d0f4e7126c57e3312bb7616", "6c66cb2982ab8d7ed7df748e1ff87daf8bf55f6ddf7126226ffcb920e49da719", "c55cdb071870b0b9e1f50dfb310e8f6b78afcf19bdfec3b5be913cf189538a44", "b9943d65b39622411a668ff43eb3ffea754c6d29c04b3489d6d09125ed095b7e", "e90efdf2736e36ab2a00add2e6663ee229222088b6109c0bae221ee2a56ff3bc", "bb905066d588ca1cbd907b80ac93278e57e565136e76fea12ca14419f204f7a9", "a4f07bb94efd3faaec930bf73c2ece6e4a8512a14983445b22d396eccde4aa6e", "1aa0868d7d776c38e89a484a5ecb317c85a7b82e53c468c21b0dcb35125fac09", "65eec9f4e3b8c629084b17ee78ad59082faa77bafaf7ca6280e9385c8f500779", "c38d8c9c6d6fc2de066cde9c26d59f2dd8576c97889129f711abd5b1d773832a", "52fe675ddb9df4128e5ee394dd1c13fb77d2f583596b31373c938a49c0b52124", "a0d02c35c4900c56042c820357f9df11f6a34ed0e141c3517621c18892a60636"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055", "T1181"]}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["a8af41cc614d3851860eed0ec845c0301b119d4dfc1587a239b4e3d66e74a8d1", "e94d2344c041ac575285613a13541dc1601bd3d79399edddace84964a733281f", "cffc78e64ca2533de6c216b9420fde1e51884ac2b82e340a400466ed96002017", "66b3c23a633df3972a047362c616bd7bd003940977a251b5af854ce36ccb0e19", "d11ef65cbac6ed9973b667181acd05c021f5f5af6a944ac9be1e8694905d87af", "6354765d4962239b83d51578bc799b55ccc5554a8fab6ebe8a0a2b07afa23c3f", "af1a1eff9838709bead50e1aaacd900dfb786244bf9011d63290188e9f08d16f", "5b244022ae7d5b464176b46d5d4b242f5ccda7c404582f49e298588e158f0286", "d370a634eff1bf62d4732521f199eae8280b8a82f7983ea7beddd85c8a7b7c9c", "7e73dc8d96bf9474a02508c89bbd303108b6aec394d92e8f82235e61427d82f8", "c17fdfde5ec4fb24c28ee4707b0445649384bb92de6814a66e330efad277f6b8", "6cee2598da13d14ccc6f3e785de28a40dd45b0522c227f9a69998db3d28148e9", "7f7a485b67fb5f5a583ad6af699bcda1732f6b4c3d0f4e7126c57e3312bb7616", "6c66cb2982ab8d7ed7df748e1ff87daf8bf55f6ddf7126226ffcb920e49da719", "c55cdb071870b0b9e1f50dfb310e8f6b78afcf19bdfec3b5be913cf189538a44", "b9943d65b39622411a668ff43eb3ffea754c6d29c04b3489d6d09125ed095b7e", "e90efdf2736e36ab2a00add2e6663ee229222088b6109c0bae221ee2a56ff3bc", "bb905066d588ca1cbd907b80ac93278e57e565136e76fea12ca14419f204f7a9", "a4f07bb94efd3faaec930bf73c2ece6e4a8512a14983445b22d396eccde4aa6e", "1aa0868d7d776c38e89a484a5ecb317c85a7b82e53c468c21b0dcb35125fac09", "65eec9f4e3b8c629084b17ee78ad59082faa77bafaf7ca6280e9385c8f500779", "c38d8c9c6d6fc2de066cde9c26d59f2dd8576c97889129f711abd5b1d773832a", "52fe675ddb9df4128e5ee394dd1c13fb77d2f583596b31373c938a49c0b52124", "a0d02c35c4900c56042c820357f9df11f6a34ed0e141c3517621c18892a60636"], "mitre_attack_tags": []}, {"bi": "modified-file-in-user-dir", "hashes": ["a8af41cc614d3851860eed0ec845c0301b119d4dfc1587a239b4e3d66e74a8d1", "e94d2344c041ac575285613a13541dc1601bd3d79399edddace84964a733281f", "cffc78e64ca2533de6c216b9420fde1e51884ac2b82e340a400466ed96002017", "66b3c23a633df3972a047362c616bd7bd003940977a251b5af854ce36ccb0e19", "d11ef65cbac6ed9973b667181acd05c021f5f5af6a944ac9be1e8694905d87af", "6354765d4962239b83d51578bc799b55ccc5554a8fab6ebe8a0a2b07afa23c3f", "af1a1eff9838709bead50e1aaacd900dfb786244bf9011d63290188e9f08d16f", "5b244022ae7d5b464176b46d5d4b242f5ccda7c404582f49e298588e158f0286", "d370a634eff1bf62d4732521f199eae8280b8a82f7983ea7beddd85c8a7b7c9c", "7e73dc8d96bf9474a02508c89bbd303108b6aec394d92e8f82235e61427d82f8", "c17fdfde5ec4fb24c28ee4707b0445649384bb92de6814a66e330efad277f6b8", "6cee2598da13d14ccc6f3e785de28a40dd45b0522c227f9a69998db3d28148e9", "7f7a485b67fb5f5a583ad6af699bcda1732f6b4c3d0f4e7126c57e3312bb7616", "6c66cb2982ab8d7ed7df748e1ff87daf8bf55f6ddf7126226ffcb920e49da719", "c55cdb071870b0b9e1f50dfb310e8f6b78afcf19bdfec3b5be913cf189538a44", "b9943d65b39622411a668ff43eb3ffea754c6d29c04b3489d6d09125ed095b7e", "e90efdf2736e36ab2a00add2e6663ee229222088b6109c0bae221ee2a56ff3bc", "bb905066d588ca1cbd907b80ac93278e57e565136e76fea12ca14419f204f7a9", "a4f07bb94efd3faaec930bf73c2ece6e4a8512a14983445b22d396eccde4aa6e", "1aa0868d7d776c38e89a484a5ecb317c85a7b82e53c468c21b0dcb35125fac09", "65eec9f4e3b8c629084b17ee78ad59082faa77bafaf7ca6280e9385c8f500779", "c38d8c9c6d6fc2de066cde9c26d59f2dd8576c97889129f711abd5b1d773832a", "52fe675ddb9df4128e5ee394dd1c13fb77d2f583596b31373c938a49c0b52124", "a0d02c35c4900c56042c820357f9df11f6a34ed0e141c3517621c18892a60636"], "mitre_attack_tags": []}, {"bi": "artifact-flagged-anomaly", "hashes": ["a8af41cc614d3851860eed0ec845c0301b119d4dfc1587a239b4e3d66e74a8d1", "e94d2344c041ac575285613a13541dc1601bd3d79399edddace84964a733281f", "cffc78e64ca2533de6c216b9420fde1e51884ac2b82e340a400466ed96002017", "66b3c23a633df3972a047362c616bd7bd003940977a251b5af854ce36ccb0e19", "d11ef65cbac6ed9973b667181acd05c021f5f5af6a944ac9be1e8694905d87af", "6354765d4962239b83d51578bc799b55ccc5554a8fab6ebe8a0a2b07afa23c3f", "af1a1eff9838709bead50e1aaacd900dfb786244bf9011d63290188e9f08d16f", "5b244022ae7d5b464176b46d5d4b242f5ccda7c404582f49e298588e158f0286", "d370a634eff1bf62d4732521f199eae8280b8a82f7983ea7beddd85c8a7b7c9c", "7e73dc8d96bf9474a02508c89bbd303108b6aec394d92e8f82235e61427d82f8", "c17fdfde5ec4fb24c28ee4707b0445649384bb92de6814a66e330efad277f6b8", "6cee2598da13d14ccc6f3e785de28a40dd45b0522c227f9a69998db3d28148e9", "7f7a485b67fb5f5a583ad6af699bcda1732f6b4c3d0f4e7126c57e3312bb7616", "6c66cb2982ab8d7ed7df748e1ff87daf8bf55f6ddf7126226ffcb920e49da719", "c55cdb071870b0b9e1f50dfb310e8f6b78afcf19bdfec3b5be913cf189538a44", "b9943d65b39622411a668ff43eb3ffea754c6d29c04b3489d6d09125ed095b7e", "e90efdf2736e36ab2a00add2e6663ee229222088b6109c0bae221ee2a56ff3bc", "bb905066d588ca1cbd907b80ac93278e57e565136e76fea12ca14419f204f7a9", "a4f07bb94efd3faaec930bf73c2ece6e4a8512a14983445b22d396eccde4aa6e", "1aa0868d7d776c38e89a484a5ecb317c85a7b82e53c468c21b0dcb35125fac09", "65eec9f4e3b8c629084b17ee78ad59082faa77bafaf7ca6280e9385c8f500779", "c38d8c9c6d6fc2de066cde9c26d59f2dd8576c97889129f711abd5b1d773832a", "52fe675ddb9df4128e5ee394dd1c13fb77d2f583596b31373c938a49c0b52124", "a0d02c35c4900c56042c820357f9df11f6a34ed0e141c3517621c18892a60636"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "artifact-nullsoft-installer", "hashes": ["a8af41cc614d3851860eed0ec845c0301b119d4dfc1587a239b4e3d66e74a8d1", "e94d2344c041ac575285613a13541dc1601bd3d79399edddace84964a733281f", "cffc78e64ca2533de6c216b9420fde1e51884ac2b82e340a400466ed96002017", "66b3c23a633df3972a047362c616bd7bd003940977a251b5af854ce36ccb0e19", "d11ef65cbac6ed9973b667181acd05c021f5f5af6a944ac9be1e8694905d87af", "6354765d4962239b83d51578bc799b55ccc5554a8fab6ebe8a0a2b07afa23c3f", "af1a1eff9838709bead50e1aaacd900dfb786244bf9011d63290188e9f08d16f", "5b244022ae7d5b464176b46d5d4b242f5ccda7c404582f49e298588e158f0286", "d370a634eff1bf62d4732521f199eae8280b8a82f7983ea7beddd85c8a7b7c9c", "7e73dc8d96bf9474a02508c89bbd303108b6aec394d92e8f82235e61427d82f8", "c17fdfde5ec4fb24c28ee4707b0445649384bb92de6814a66e330efad277f6b8", "6cee2598da13d14ccc6f3e785de28a40dd45b0522c227f9a69998db3d28148e9", "7f7a485b67fb5f5a583ad6af699bcda1732f6b4c3d0f4e7126c57e3312bb7616", "6c66cb2982ab8d7ed7df748e1ff87daf8bf55f6ddf7126226ffcb920e49da719", "c55cdb071870b0b9e1f50dfb310e8f6b78afcf19bdfec3b5be913cf189538a44", "b9943d65b39622411a668ff43eb3ffea754c6d29c04b3489d6d09125ed095b7e", "e90efdf2736e36ab2a00add2e6663ee229222088b6109c0bae221ee2a56ff3bc", "bb905066d588ca1cbd907b80ac93278e57e565136e76fea12ca14419f204f7a9", "a4f07bb94efd3faaec930bf73c2ece6e4a8512a14983445b22d396eccde4aa6e", "1aa0868d7d776c38e89a484a5ecb317c85a7b82e53c468c21b0dcb35125fac09", "65eec9f4e3b8c629084b17ee78ad59082faa77bafaf7ca6280e9385c8f500779", "c38d8c9c6d6fc2de066cde9c26d59f2dd8576c97889129f711abd5b1d773832a", "52fe675ddb9df4128e5ee394dd1c13fb77d2f583596b31373c938a49c0b52124", "a0d02c35c4900c56042c820357f9df11f6a34ed0e141c3517621c18892a60636"], "mitre_attack_tags": ["TA0002", "TA0008"]}, {"bi": "suspicious-nullsoft-installer", "hashes": ["a8af41cc614d3851860eed0ec845c0301b119d4dfc1587a239b4e3d66e74a8d1", "e94d2344c041ac575285613a13541dc1601bd3d79399edddace84964a733281f", "cffc78e64ca2533de6c216b9420fde1e51884ac2b82e340a400466ed96002017", "66b3c23a633df3972a047362c616bd7bd003940977a251b5af854ce36ccb0e19", "d11ef65cbac6ed9973b667181acd05c021f5f5af6a944ac9be1e8694905d87af", "6354765d4962239b83d51578bc799b55ccc5554a8fab6ebe8a0a2b07afa23c3f", "af1a1eff9838709bead50e1aaacd900dfb786244bf9011d63290188e9f08d16f", "5b244022ae7d5b464176b46d5d4b242f5ccda7c404582f49e298588e158f0286", "d370a634eff1bf62d4732521f199eae8280b8a82f7983ea7beddd85c8a7b7c9c", "7e73dc8d96bf9474a02508c89bbd303108b6aec394d92e8f82235e61427d82f8", "c17fdfde5ec4fb24c28ee4707b0445649384bb92de6814a66e330efad277f6b8", "6cee2598da13d14ccc6f3e785de28a40dd45b0522c227f9a69998db3d28148e9", "7f7a485b67fb5f5a583ad6af699bcda1732f6b4c3d0f4e7126c57e3312bb7616", "6c66cb2982ab8d7ed7df748e1ff87daf8bf55f6ddf7126226ffcb920e49da719", "c55cdb071870b0b9e1f50dfb310e8f6b78afcf19bdfec3b5be913cf189538a44", "b9943d65b39622411a668ff43eb3ffea754c6d29c04b3489d6d09125ed095b7e", "e90efdf2736e36ab2a00add2e6663ee229222088b6109c0bae221ee2a56ff3bc", "bb905066d588ca1cbd907b80ac93278e57e565136e76fea12ca14419f204f7a9", "a4f07bb94efd3faaec930bf73c2ece6e4a8512a14983445b22d396eccde4aa6e", "1aa0868d7d776c38e89a484a5ecb317c85a7b82e53c468c21b0dcb35125fac09", "65eec9f4e3b8c629084b17ee78ad59082faa77bafaf7ca6280e9385c8f500779", "c38d8c9c6d6fc2de066cde9c26d59f2dd8576c97889129f711abd5b1d773832a", "52fe675ddb9df4128e5ee394dd1c13fb77d2f583596b31373c938a49c0b52124", "a0d02c35c4900c56042c820357f9df11f6a34ed0e141c3517621c18892a60636"], "mitre_attack_tags": ["TA0005", "TA0003", "TA0004", "T1574"]}, {"bi": "antivirus-flagged-artifact", "hashes": ["a8af41cc614d3851860eed0ec845c0301b119d4dfc1587a239b4e3d66e74a8d1", "e94d2344c041ac575285613a13541dc1601bd3d79399edddace84964a733281f", "cffc78e64ca2533de6c216b9420fde1e51884ac2b82e340a400466ed96002017", "66b3c23a633df3972a047362c616bd7bd003940977a251b5af854ce36ccb0e19", "d11ef65cbac6ed9973b667181acd05c021f5f5af6a944ac9be1e8694905d87af", "6354765d4962239b83d51578bc799b55ccc5554a8fab6ebe8a0a2b07afa23c3f", "af1a1eff9838709bead50e1aaacd900dfb786244bf9011d63290188e9f08d16f", "5b244022ae7d5b464176b46d5d4b242f5ccda7c404582f49e298588e158f0286", "d370a634eff1bf62d4732521f199eae8280b8a82f7983ea7beddd85c8a7b7c9c", "7e73dc8d96bf9474a02508c89bbd303108b6aec394d92e8f82235e61427d82f8", "c17fdfde5ec4fb24c28ee4707b0445649384bb92de6814a66e330efad277f6b8", "6cee2598da13d14ccc6f3e785de28a40dd45b0522c227f9a69998db3d28148e9", "7f7a485b67fb5f5a583ad6af699bcda1732f6b4c3d0f4e7126c57e3312bb7616", "6c66cb2982ab8d7ed7df748e1ff87daf8bf55f6ddf7126226ffcb920e49da719", "c55cdb071870b0b9e1f50dfb310e8f6b78afcf19bdfec3b5be913cf189538a44", "b9943d65b39622411a668ff43eb3ffea754c6d29c04b3489d6d09125ed095b7e", "e90efdf2736e36ab2a00add2e6663ee229222088b6109c0bae221ee2a56ff3bc", "bb905066d588ca1cbd907b80ac93278e57e565136e76fea12ca14419f204f7a9", "a4f07bb94efd3faaec930bf73c2ece6e4a8512a14983445b22d396eccde4aa6e", "1aa0868d7d776c38e89a484a5ecb317c85a7b82e53c468c21b0dcb35125fac09", "65eec9f4e3b8c629084b17ee78ad59082faa77bafaf7ca6280e9385c8f500779", "c38d8c9c6d6fc2de066cde9c26d59f2dd8576c97889129f711abd5b1d773832a", "52fe675ddb9df4128e5ee394dd1c13fb77d2f583596b31373c938a49c0b52124"], "mitre_attack_tags": []}, {"bi": "pe-section-execute-writable", "hashes": ["a8af41cc614d3851860eed0ec845c0301b119d4dfc1587a239b4e3d66e74a8d1", "e94d2344c041ac575285613a13541dc1601bd3d79399edddace84964a733281f", "cffc78e64ca2533de6c216b9420fde1e51884ac2b82e340a400466ed96002017", "66b3c23a633df3972a047362c616bd7bd003940977a251b5af854ce36ccb0e19", "d11ef65cbac6ed9973b667181acd05c021f5f5af6a944ac9be1e8694905d87af", "6354765d4962239b83d51578bc799b55ccc5554a8fab6ebe8a0a2b07afa23c3f", "af1a1eff9838709bead50e1aaacd900dfb786244bf9011d63290188e9f08d16f", "5b244022ae7d5b464176b46d5d4b242f5ccda7c404582f49e298588e158f0286", "d370a634eff1bf62d4732521f199eae8280b8a82f7983ea7beddd85c8a7b7c9c", "7e73dc8d96bf9474a02508c89bbd303108b6aec394d92e8f82235e61427d82f8", "c17fdfde5ec4fb24c28ee4707b0445649384bb92de6814a66e330efad277f6b8", "6cee2598da13d14ccc6f3e785de28a40dd45b0522c227f9a69998db3d28148e9", "7f7a485b67fb5f5a583ad6af699bcda1732f6b4c3d0f4e7126c57e3312bb7616", "6c66cb2982ab8d7ed7df748e1ff87daf8bf55f6ddf7126226ffcb920e49da719", "c55cdb071870b0b9e1f50dfb310e8f6b78afcf19bdfec3b5be913cf189538a44", "b9943d65b39622411a668ff43eb3ffea754c6d29c04b3489d6d09125ed095b7e", "e90efdf2736e36ab2a00add2e6663ee229222088b6109c0bae221ee2a56ff3bc", "bb905066d588ca1cbd907b80ac93278e57e565136e76fea12ca14419f204f7a9", "a4f07bb94efd3faaec930bf73c2ece6e4a8512a14983445b22d396eccde4aa6e", "1aa0868d7d776c38e89a484a5ecb317c85a7b82e53c468c21b0dcb35125fac09", "65eec9f4e3b8c629084b17ee78ad59082faa77bafaf7ca6280e9385c8f500779", "c38d8c9c6d6fc2de066cde9c26d59f2dd8576c97889129f711abd5b1d773832a", "52fe675ddb9df4128e5ee394dd1c13fb77d2f583596b31373c938a49c0b52124"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "malware-known-trojan-av", "hashes": ["a8af41cc614d3851860eed0ec845c0301b119d4dfc1587a239b4e3d66e74a8d1", "e94d2344c041ac575285613a13541dc1601bd3d79399edddace84964a733281f", "cffc78e64ca2533de6c216b9420fde1e51884ac2b82e340a400466ed96002017", "66b3c23a633df3972a047362c616bd7bd003940977a251b5af854ce36ccb0e19", "d11ef65cbac6ed9973b667181acd05c021f5f5af6a944ac9be1e8694905d87af", "6354765d4962239b83d51578bc799b55ccc5554a8fab6ebe8a0a2b07afa23c3f", "af1a1eff9838709bead50e1aaacd900dfb786244bf9011d63290188e9f08d16f", "5b244022ae7d5b464176b46d5d4b242f5ccda7c404582f49e298588e158f0286", "d370a634eff1bf62d4732521f199eae8280b8a82f7983ea7beddd85c8a7b7c9c", "7e73dc8d96bf9474a02508c89bbd303108b6aec394d92e8f82235e61427d82f8", "c17fdfde5ec4fb24c28ee4707b0445649384bb92de6814a66e330efad277f6b8", "6cee2598da13d14ccc6f3e785de28a40dd45b0522c227f9a69998db3d28148e9", "7f7a485b67fb5f5a583ad6af699bcda1732f6b4c3d0f4e7126c57e3312bb7616", "6c66cb2982ab8d7ed7df748e1ff87daf8bf55f6ddf7126226ffcb920e49da719", "c55cdb071870b0b9e1f50dfb310e8f6b78afcf19bdfec3b5be913cf189538a44", "b9943d65b39622411a668ff43eb3ffea754c6d29c04b3489d6d09125ed095b7e", "e90efdf2736e36ab2a00add2e6663ee229222088b6109c0bae221ee2a56ff3bc", "bb905066d588ca1cbd907b80ac93278e57e565136e76fea12ca14419f204f7a9", "a4f07bb94efd3faaec930bf73c2ece6e4a8512a14983445b22d396eccde4aa6e", "1aa0868d7d776c38e89a484a5ecb317c85a7b82e53c468c21b0dcb35125fac09", "65eec9f4e3b8c629084b17ee78ad59082faa77bafaf7ca6280e9385c8f500779", "c38d8c9c6d6fc2de066cde9c26d59f2dd8576c97889129f711abd5b1d773832a"], "mitre_attack_tags": []}, {"bi": "network-file-uploaded", "hashes": ["a8af41cc614d3851860eed0ec845c0301b119d4dfc1587a239b4e3d66e74a8d1", "cffc78e64ca2533de6c216b9420fde1e51884ac2b82e340a400466ed96002017", "66b3c23a633df3972a047362c616bd7bd003940977a251b5af854ce36ccb0e19", "d11ef65cbac6ed9973b667181acd05c021f5f5af6a944ac9be1e8694905d87af", "6354765d4962239b83d51578bc799b55ccc5554a8fab6ebe8a0a2b07afa23c3f", "5b244022ae7d5b464176b46d5d4b242f5ccda7c404582f49e298588e158f0286", "d370a634eff1bf62d4732521f199eae8280b8a82f7983ea7beddd85c8a7b7c9c", "7e73dc8d96bf9474a02508c89bbd303108b6aec394d92e8f82235e61427d82f8", "c17fdfde5ec4fb24c28ee4707b0445649384bb92de6814a66e330efad277f6b8", "6cee2598da13d14ccc6f3e785de28a40dd45b0522c227f9a69998db3d28148e9", "7f7a485b67fb5f5a583ad6af699bcda1732f6b4c3d0f4e7126c57e3312bb7616", "6c66cb2982ab8d7ed7df748e1ff87daf8bf55f6ddf7126226ffcb920e49da719", "c55cdb071870b0b9e1f50dfb310e8f6b78afcf19bdfec3b5be913cf189538a44", "b9943d65b39622411a668ff43eb3ffea754c6d29c04b3489d6d09125ed095b7e", "e90efdf2736e36ab2a00add2e6663ee229222088b6109c0bae221ee2a56ff3bc", "bb905066d588ca1cbd907b80ac93278e57e565136e76fea12ca14419f204f7a9", "a4f07bb94efd3faaec930bf73c2ece6e4a8512a14983445b22d396eccde4aa6e", "1aa0868d7d776c38e89a484a5ecb317c85a7b82e53c468c21b0dcb35125fac09", "65eec9f4e3b8c629084b17ee78ad59082faa77bafaf7ca6280e9385c8f500779", "c38d8c9c6d6fc2de066cde9c26d59f2dd8576c97889129f711abd5b1d773832a", "52fe675ddb9df4128e5ee394dd1c13fb77d2f583596b31373c938a49c0b52124"], "mitre_attack_tags": ["TA0010", "T1011"]}, {"bi": "network-communications-http-post", "hashes": ["a8af41cc614d3851860eed0ec845c0301b119d4dfc1587a239b4e3d66e74a8d1", "cffc78e64ca2533de6c216b9420fde1e51884ac2b82e340a400466ed96002017", "66b3c23a633df3972a047362c616bd7bd003940977a251b5af854ce36ccb0e19", "d11ef65cbac6ed9973b667181acd05c021f5f5af6a944ac9be1e8694905d87af", "6354765d4962239b83d51578bc799b55ccc5554a8fab6ebe8a0a2b07afa23c3f", "5b244022ae7d5b464176b46d5d4b242f5ccda7c404582f49e298588e158f0286", "d370a634eff1bf62d4732521f199eae8280b8a82f7983ea7beddd85c8a7b7c9c", "7e73dc8d96bf9474a02508c89bbd303108b6aec394d92e8f82235e61427d82f8", "c17fdfde5ec4fb24c28ee4707b0445649384bb92de6814a66e330efad277f6b8", "6cee2598da13d14ccc6f3e785de28a40dd45b0522c227f9a69998db3d28148e9", "7f7a485b67fb5f5a583ad6af699bcda1732f6b4c3d0f4e7126c57e3312bb7616", "6c66cb2982ab8d7ed7df748e1ff87daf8bf55f6ddf7126226ffcb920e49da719", "c55cdb071870b0b9e1f50dfb310e8f6b78afcf19bdfec3b5be913cf189538a44", "b9943d65b39622411a668ff43eb3ffea754c6d29c04b3489d6d09125ed095b7e", "e90efdf2736e36ab2a00add2e6663ee229222088b6109c0bae221ee2a56ff3bc", "bb905066d588ca1cbd907b80ac93278e57e565136e76fea12ca14419f204f7a9", "a4f07bb94efd3faaec930bf73c2ece6e4a8512a14983445b22d396eccde4aa6e", "1aa0868d7d776c38e89a484a5ecb317c85a7b82e53c468c21b0dcb35125fac09", "65eec9f4e3b8c629084b17ee78ad59082faa77bafaf7ca6280e9385c8f500779", "c38d8c9c6d6fc2de066cde9c26d59f2dd8576c97889129f711abd5b1d773832a", "52fe675ddb9df4128e5ee394dd1c13fb77d2f583596b31373c938a49c0b52124"], "mitre_attack_tags": ["TA0010", "T1048"]}, {"bi": "file-ini-read", "hashes": ["a8af41cc614d3851860eed0ec845c0301b119d4dfc1587a239b4e3d66e74a8d1", "cffc78e64ca2533de6c216b9420fde1e51884ac2b82e340a400466ed96002017", "66b3c23a633df3972a047362c616bd7bd003940977a251b5af854ce36ccb0e19", "d11ef65cbac6ed9973b667181acd05c021f5f5af6a944ac9be1e8694905d87af", "6354765d4962239b83d51578bc799b55ccc5554a8fab6ebe8a0a2b07afa23c3f", "5b244022ae7d5b464176b46d5d4b242f5ccda7c404582f49e298588e158f0286", "d370a634eff1bf62d4732521f199eae8280b8a82f7983ea7beddd85c8a7b7c9c", "7e73dc8d96bf9474a02508c89bbd303108b6aec394d92e8f82235e61427d82f8", "c17fdfde5ec4fb24c28ee4707b0445649384bb92de6814a66e330efad277f6b8", "6cee2598da13d14ccc6f3e785de28a40dd45b0522c227f9a69998db3d28148e9", "7f7a485b67fb5f5a583ad6af699bcda1732f6b4c3d0f4e7126c57e3312bb7616", "6c66cb2982ab8d7ed7df748e1ff87daf8bf55f6ddf7126226ffcb920e49da719", "c55cdb071870b0b9e1f50dfb310e8f6b78afcf19bdfec3b5be913cf189538a44", "b9943d65b39622411a668ff43eb3ffea754c6d29c04b3489d6d09125ed095b7e", "e90efdf2736e36ab2a00add2e6663ee229222088b6109c0bae221ee2a56ff3bc", "bb905066d588ca1cbd907b80ac93278e57e565136e76fea12ca14419f204f7a9", "a4f07bb94efd3faaec930bf73c2ece6e4a8512a14983445b22d396eccde4aa6e", "1aa0868d7d776c38e89a484a5ecb317c85a7b82e53c468c21b0dcb35125fac09", "65eec9f4e3b8c629084b17ee78ad59082faa77bafaf7ca6280e9385c8f500779", "c38d8c9c6d6fc2de066cde9c26d59f2dd8576c97889129f711abd5b1d773832a", "52fe675ddb9df4128e5ee394dd1c13fb77d2f583596b31373c938a49c0b52124"], "mitre_attack_tags": []}, {"bi": "malware-lokibot-mutex-detected", "hashes": ["a8af41cc614d3851860eed0ec845c0301b119d4dfc1587a239b4e3d66e74a8d1", "cffc78e64ca2533de6c216b9420fde1e51884ac2b82e340a400466ed96002017", "66b3c23a633df3972a047362c616bd7bd003940977a251b5af854ce36ccb0e19", "d11ef65cbac6ed9973b667181acd05c021f5f5af6a944ac9be1e8694905d87af", "6354765d4962239b83d51578bc799b55ccc5554a8fab6ebe8a0a2b07afa23c3f", "5b244022ae7d5b464176b46d5d4b242f5ccda7c404582f49e298588e158f0286", "d370a634eff1bf62d4732521f199eae8280b8a82f7983ea7beddd85c8a7b7c9c", "7e73dc8d96bf9474a02508c89bbd303108b6aec394d92e8f82235e61427d82f8", "c17fdfde5ec4fb24c28ee4707b0445649384bb92de6814a66e330efad277f6b8", "6cee2598da13d14ccc6f3e785de28a40dd45b0522c227f9a69998db3d28148e9", "7f7a485b67fb5f5a583ad6af699bcda1732f6b4c3d0f4e7126c57e3312bb7616", "6c66cb2982ab8d7ed7df748e1ff87daf8bf55f6ddf7126226ffcb920e49da719", "c55cdb071870b0b9e1f50dfb310e8f6b78afcf19bdfec3b5be913cf189538a44", "b9943d65b39622411a668ff43eb3ffea754c6d29c04b3489d6d09125ed095b7e", "e90efdf2736e36ab2a00add2e6663ee229222088b6109c0bae221ee2a56ff3bc", "bb905066d588ca1cbd907b80ac93278e57e565136e76fea12ca14419f204f7a9", "a4f07bb94efd3faaec930bf73c2ece6e4a8512a14983445b22d396eccde4aa6e", "1aa0868d7d776c38e89a484a5ecb317c85a7b82e53c468c21b0dcb35125fac09", "65eec9f4e3b8c629084b17ee78ad59082faa77bafaf7ca6280e9385c8f500779", "c38d8c9c6d6fc2de066cde9c26d59f2dd8576c97889129f711abd5b1d773832a", "52fe675ddb9df4128e5ee394dd1c13fb77d2f583596b31373c938a49c0b52124"], "mitre_attack_tags": []}, {"bi": "network-snort-malware", "hashes": ["a8af41cc614d3851860eed0ec845c0301b119d4dfc1587a239b4e3d66e74a8d1", "cffc78e64ca2533de6c216b9420fde1e51884ac2b82e340a400466ed96002017", "66b3c23a633df3972a047362c616bd7bd003940977a251b5af854ce36ccb0e19", "d11ef65cbac6ed9973b667181acd05c021f5f5af6a944ac9be1e8694905d87af", "6354765d4962239b83d51578bc799b55ccc5554a8fab6ebe8a0a2b07afa23c3f", "5b244022ae7d5b464176b46d5d4b242f5ccda7c404582f49e298588e158f0286", "d370a634eff1bf62d4732521f199eae8280b8a82f7983ea7beddd85c8a7b7c9c", "7e73dc8d96bf9474a02508c89bbd303108b6aec394d92e8f82235e61427d82f8", "c17fdfde5ec4fb24c28ee4707b0445649384bb92de6814a66e330efad277f6b8", "6cee2598da13d14ccc6f3e785de28a40dd45b0522c227f9a69998db3d28148e9", "7f7a485b67fb5f5a583ad6af699bcda1732f6b4c3d0f4e7126c57e3312bb7616", "6c66cb2982ab8d7ed7df748e1ff87daf8bf55f6ddf7126226ffcb920e49da719", "c55cdb071870b0b9e1f50dfb310e8f6b78afcf19bdfec3b5be913cf189538a44", "b9943d65b39622411a668ff43eb3ffea754c6d29c04b3489d6d09125ed095b7e", "e90efdf2736e36ab2a00add2e6663ee229222088b6109c0bae221ee2a56ff3bc", "bb905066d588ca1cbd907b80ac93278e57e565136e76fea12ca14419f204f7a9", "a4f07bb94efd3faaec930bf73c2ece6e4a8512a14983445b22d396eccde4aa6e", "1aa0868d7d776c38e89a484a5ecb317c85a7b82e53c468c21b0dcb35125fac09", "65eec9f4e3b8c629084b17ee78ad59082faa77bafaf7ca6280e9385c8f500779", "c38d8c9c6d6fc2de066cde9c26d59f2dd8576c97889129f711abd5b1d773832a", "52fe675ddb9df4128e5ee394dd1c13fb77d2f583596b31373c938a49c0b52124"], "mitre_attack_tags": []}, {"bi": "suspicious-user-agent", "hashes": ["a8af41cc614d3851860eed0ec845c0301b119d4dfc1587a239b4e3d66e74a8d1", "cffc78e64ca2533de6c216b9420fde1e51884ac2b82e340a400466ed96002017", "66b3c23a633df3972a047362c616bd7bd003940977a251b5af854ce36ccb0e19", "d11ef65cbac6ed9973b667181acd05c021f5f5af6a944ac9be1e8694905d87af", "6354765d4962239b83d51578bc799b55ccc5554a8fab6ebe8a0a2b07afa23c3f", "5b244022ae7d5b464176b46d5d4b242f5ccda7c404582f49e298588e158f0286", "d370a634eff1bf62d4732521f199eae8280b8a82f7983ea7beddd85c8a7b7c9c", "7e73dc8d96bf9474a02508c89bbd303108b6aec394d92e8f82235e61427d82f8", "c17fdfde5ec4fb24c28ee4707b0445649384bb92de6814a66e330efad277f6b8", "6cee2598da13d14ccc6f3e785de28a40dd45b0522c227f9a69998db3d28148e9", "7f7a485b67fb5f5a583ad6af699bcda1732f6b4c3d0f4e7126c57e3312bb7616", "6c66cb2982ab8d7ed7df748e1ff87daf8bf55f6ddf7126226ffcb920e49da719", "c55cdb071870b0b9e1f50dfb310e8f6b78afcf19bdfec3b5be913cf189538a44", "b9943d65b39622411a668ff43eb3ffea754c6d29c04b3489d6d09125ed095b7e", "e90efdf2736e36ab2a00add2e6663ee229222088b6109c0bae221ee2a56ff3bc", "bb905066d588ca1cbd907b80ac93278e57e565136e76fea12ca14419f204f7a9", "a4f07bb94efd3faaec930bf73c2ece6e4a8512a14983445b22d396eccde4aa6e", "1aa0868d7d776c38e89a484a5ecb317c85a7b82e53c468c21b0dcb35125fac09", "65eec9f4e3b8c629084b17ee78ad59082faa77bafaf7ca6280e9385c8f500779", "c38d8c9c6d6fc2de066cde9c26d59f2dd8576c97889129f711abd5b1d773832a", "52fe675ddb9df4128e5ee394dd1c13fb77d2f583596b31373c938a49c0b52124"], "mitre_attack_tags": ["TA0011", "T1071"]}, {"bi": "windows-vault-api", "hashes": ["a8af41cc614d3851860eed0ec845c0301b119d4dfc1587a239b4e3d66e74a8d1", "cffc78e64ca2533de6c216b9420fde1e51884ac2b82e340a400466ed96002017", "66b3c23a633df3972a047362c616bd7bd003940977a251b5af854ce36ccb0e19", "d11ef65cbac6ed9973b667181acd05c021f5f5af6a944ac9be1e8694905d87af", "6354765d4962239b83d51578bc799b55ccc5554a8fab6ebe8a0a2b07afa23c3f", "5b244022ae7d5b464176b46d5d4b242f5ccda7c404582f49e298588e158f0286", "d370a634eff1bf62d4732521f199eae8280b8a82f7983ea7beddd85c8a7b7c9c", "7e73dc8d96bf9474a02508c89bbd303108b6aec394d92e8f82235e61427d82f8", "c17fdfde5ec4fb24c28ee4707b0445649384bb92de6814a66e330efad277f6b8", "6cee2598da13d14ccc6f3e785de28a40dd45b0522c227f9a69998db3d28148e9", "7f7a485b67fb5f5a583ad6af699bcda1732f6b4c3d0f4e7126c57e3312bb7616", "6c66cb2982ab8d7ed7df748e1ff87daf8bf55f6ddf7126226ffcb920e49da719", "c55cdb071870b0b9e1f50dfb310e8f6b78afcf19bdfec3b5be913cf189538a44", "b9943d65b39622411a668ff43eb3ffea754c6d29c04b3489d6d09125ed095b7e", "e90efdf2736e36ab2a00add2e6663ee229222088b6109c0bae221ee2a56ff3bc", "bb905066d588ca1cbd907b80ac93278e57e565136e76fea12ca14419f204f7a9", "a4f07bb94efd3faaec930bf73c2ece6e4a8512a14983445b22d396eccde4aa6e", "1aa0868d7d776c38e89a484a5ecb317c85a7b82e53c468c21b0dcb35125fac09", "65eec9f4e3b8c629084b17ee78ad59082faa77bafaf7ca6280e9385c8f500779", "c38d8c9c6d6fc2de066cde9c26d59f2dd8576c97889129f711abd5b1d773832a", "52fe675ddb9df4128e5ee394dd1c13fb77d2f583596b31373c938a49c0b52124"], "mitre_attack_tags": ["TA0006", "T1003"]}, {"bi": "deleted-submitted-file", "hashes": ["a8af41cc614d3851860eed0ec845c0301b119d4dfc1587a239b4e3d66e74a8d1", "cffc78e64ca2533de6c216b9420fde1e51884ac2b82e340a400466ed96002017", "66b3c23a633df3972a047362c616bd7bd003940977a251b5af854ce36ccb0e19", "d11ef65cbac6ed9973b667181acd05c021f5f5af6a944ac9be1e8694905d87af", "6354765d4962239b83d51578bc799b55ccc5554a8fab6ebe8a0a2b07afa23c3f", "5b244022ae7d5b464176b46d5d4b242f5ccda7c404582f49e298588e158f0286", "d370a634eff1bf62d4732521f199eae8280b8a82f7983ea7beddd85c8a7b7c9c", "7e73dc8d96bf9474a02508c89bbd303108b6aec394d92e8f82235e61427d82f8", "c17fdfde5ec4fb24c28ee4707b0445649384bb92de6814a66e330efad277f6b8", "6cee2598da13d14ccc6f3e785de28a40dd45b0522c227f9a69998db3d28148e9", "7f7a485b67fb5f5a583ad6af699bcda1732f6b4c3d0f4e7126c57e3312bb7616", "6c66cb2982ab8d7ed7df748e1ff87daf8bf55f6ddf7126226ffcb920e49da719", "c55cdb071870b0b9e1f50dfb310e8f6b78afcf19bdfec3b5be913cf189538a44", "b9943d65b39622411a668ff43eb3ffea754c6d29c04b3489d6d09125ed095b7e", "e90efdf2736e36ab2a00add2e6663ee229222088b6109c0bae221ee2a56ff3bc", "bb905066d588ca1cbd907b80ac93278e57e565136e76fea12ca14419f204f7a9", "a4f07bb94efd3faaec930bf73c2ece6e4a8512a14983445b22d396eccde4aa6e", "1aa0868d7d776c38e89a484a5ecb317c85a7b82e53c468c21b0dcb35125fac09", "65eec9f4e3b8c629084b17ee78ad59082faa77bafaf7ca6280e9385c8f500779", "c38d8c9c6d6fc2de066cde9c26d59f2dd8576c97889129f711abd5b1d773832a", "52fe675ddb9df4128e5ee394dd1c13fb77d2f583596b31373c938a49c0b52124"], "mitre_attack_tags": ["TA0005", "T1107"]}, {"bi": "firefox-password-manager-local-database-access", "hashes": ["a8af41cc614d3851860eed0ec845c0301b119d4dfc1587a239b4e3d66e74a8d1", "cffc78e64ca2533de6c216b9420fde1e51884ac2b82e340a400466ed96002017", "66b3c23a633df3972a047362c616bd7bd003940977a251b5af854ce36ccb0e19", "d11ef65cbac6ed9973b667181acd05c021f5f5af6a944ac9be1e8694905d87af", "6354765d4962239b83d51578bc799b55ccc5554a8fab6ebe8a0a2b07afa23c3f", "5b244022ae7d5b464176b46d5d4b242f5ccda7c404582f49e298588e158f0286", "d370a634eff1bf62d4732521f199eae8280b8a82f7983ea7beddd85c8a7b7c9c", "7e73dc8d96bf9474a02508c89bbd303108b6aec394d92e8f82235e61427d82f8", "c17fdfde5ec4fb24c28ee4707b0445649384bb92de6814a66e330efad277f6b8", "6cee2598da13d14ccc6f3e785de28a40dd45b0522c227f9a69998db3d28148e9", "7f7a485b67fb5f5a583ad6af699bcda1732f6b4c3d0f4e7126c57e3312bb7616", "6c66cb2982ab8d7ed7df748e1ff87daf8bf55f6ddf7126226ffcb920e49da719", "c55cdb071870b0b9e1f50dfb310e8f6b78afcf19bdfec3b5be913cf189538a44", "b9943d65b39622411a668ff43eb3ffea754c6d29c04b3489d6d09125ed095b7e", "e90efdf2736e36ab2a00add2e6663ee229222088b6109c0bae221ee2a56ff3bc", "bb905066d588ca1cbd907b80ac93278e57e565136e76fea12ca14419f204f7a9", "a4f07bb94efd3faaec930bf73c2ece6e4a8512a14983445b22d396eccde4aa6e", "1aa0868d7d776c38e89a484a5ecb317c85a7b82e53c468c21b0dcb35125fac09", "65eec9f4e3b8c629084b17ee78ad59082faa77bafaf7ca6280e9385c8f500779", "c38d8c9c6d6fc2de066cde9c26d59f2dd8576c97889129f711abd5b1d773832a", "52fe675ddb9df4128e5ee394dd1c13fb77d2f583596b31373c938a49c0b52124"], "mitre_attack_tags": ["TA0006", "T1003"]}, {"bi": "enumeration-browser-information", "hashes": ["a8af41cc614d3851860eed0ec845c0301b119d4dfc1587a239b4e3d66e74a8d1", "cffc78e64ca2533de6c216b9420fde1e51884ac2b82e340a400466ed96002017", "66b3c23a633df3972a047362c616bd7bd003940977a251b5af854ce36ccb0e19", "d11ef65cbac6ed9973b667181acd05c021f5f5af6a944ac9be1e8694905d87af", "6354765d4962239b83d51578bc799b55ccc5554a8fab6ebe8a0a2b07afa23c3f", "5b244022ae7d5b464176b46d5d4b242f5ccda7c404582f49e298588e158f0286", "d370a634eff1bf62d4732521f199eae8280b8a82f7983ea7beddd85c8a7b7c9c", "7e73dc8d96bf9474a02508c89bbd303108b6aec394d92e8f82235e61427d82f8", "c17fdfde5ec4fb24c28ee4707b0445649384bb92de6814a66e330efad277f6b8", "6cee2598da13d14ccc6f3e785de28a40dd45b0522c227f9a69998db3d28148e9", "7f7a485b67fb5f5a583ad6af699bcda1732f6b4c3d0f4e7126c57e3312bb7616", "6c66cb2982ab8d7ed7df748e1ff87daf8bf55f6ddf7126226ffcb920e49da719", "c55cdb071870b0b9e1f50dfb310e8f6b78afcf19bdfec3b5be913cf189538a44", "b9943d65b39622411a668ff43eb3ffea754c6d29c04b3489d6d09125ed095b7e", "e90efdf2736e36ab2a00add2e6663ee229222088b6109c0bae221ee2a56ff3bc", "bb905066d588ca1cbd907b80ac93278e57e565136e76fea12ca14419f204f7a9", "a4f07bb94efd3faaec930bf73c2ece6e4a8512a14983445b22d396eccde4aa6e", "1aa0868d7d776c38e89a484a5ecb317c85a7b82e53c468c21b0dcb35125fac09", "65eec9f4e3b8c629084b17ee78ad59082faa77bafaf7ca6280e9385c8f500779", "c38d8c9c6d6fc2de066cde9c26d59f2dd8576c97889129f711abd5b1d773832a", "52fe675ddb9df4128e5ee394dd1c13fb77d2f583596b31373c938a49c0b52124"], "mitre_attack_tags": ["TA0007", "TA0009", "TA0006", "T1083", "T1217", "T1005", "T1119", "T1552"]}, {"bi": "altered-sample-snort-flagged", "hashes": ["a8af41cc614d3851860eed0ec845c0301b119d4dfc1587a239b4e3d66e74a8d1", "cffc78e64ca2533de6c216b9420fde1e51884ac2b82e340a400466ed96002017", "66b3c23a633df3972a047362c616bd7bd003940977a251b5af854ce36ccb0e19", "d11ef65cbac6ed9973b667181acd05c021f5f5af6a944ac9be1e8694905d87af", "6354765d4962239b83d51578bc799b55ccc5554a8fab6ebe8a0a2b07afa23c3f", "5b244022ae7d5b464176b46d5d4b242f5ccda7c404582f49e298588e158f0286", "d370a634eff1bf62d4732521f199eae8280b8a82f7983ea7beddd85c8a7b7c9c", "7e73dc8d96bf9474a02508c89bbd303108b6aec394d92e8f82235e61427d82f8", "c17fdfde5ec4fb24c28ee4707b0445649384bb92de6814a66e330efad277f6b8", "6cee2598da13d14ccc6f3e785de28a40dd45b0522c227f9a69998db3d28148e9", "7f7a485b67fb5f5a583ad6af699bcda1732f6b4c3d0f4e7126c57e3312bb7616", "6c66cb2982ab8d7ed7df748e1ff87daf8bf55f6ddf7126226ffcb920e49da719", "c55cdb071870b0b9e1f50dfb310e8f6b78afcf19bdfec3b5be913cf189538a44", "b9943d65b39622411a668ff43eb3ffea754c6d29c04b3489d6d09125ed095b7e", "e90efdf2736e36ab2a00add2e6663ee229222088b6109c0bae221ee2a56ff3bc", "bb905066d588ca1cbd907b80ac93278e57e565136e76fea12ca14419f204f7a9", "a4f07bb94efd3faaec930bf73c2ece6e4a8512a14983445b22d396eccde4aa6e", "1aa0868d7d776c38e89a484a5ecb317c85a7b82e53c468c21b0dcb35125fac09", "65eec9f4e3b8c629084b17ee78ad59082faa77bafaf7ca6280e9385c8f500779", "c38d8c9c6d6fc2de066cde9c26d59f2dd8576c97889129f711abd5b1d773832a", "52fe675ddb9df4128e5ee394dd1c13fb77d2f583596b31373c938a49c0b52124"], "mitre_attack_tags": ["TA0011", "T1102"]}, {"bi": "cta-static-analyzer-malicious", "hashes": ["a8af41cc614d3851860eed0ec845c0301b119d4dfc1587a239b4e3d66e74a8d1", "cffc78e64ca2533de6c216b9420fde1e51884ac2b82e340a400466ed96002017", "d11ef65cbac6ed9973b667181acd05c021f5f5af6a944ac9be1e8694905d87af", "6354765d4962239b83d51578bc799b55ccc5554a8fab6ebe8a0a2b07afa23c3f", "af1a1eff9838709bead50e1aaacd900dfb786244bf9011d63290188e9f08d16f", "5b244022ae7d5b464176b46d5d4b242f5ccda7c404582f49e298588e158f0286", "d370a634eff1bf62d4732521f199eae8280b8a82f7983ea7beddd85c8a7b7c9c", "7e73dc8d96bf9474a02508c89bbd303108b6aec394d92e8f82235e61427d82f8", "6cee2598da13d14ccc6f3e785de28a40dd45b0522c227f9a69998db3d28148e9", "6c66cb2982ab8d7ed7df748e1ff87daf8bf55f6ddf7126226ffcb920e49da719", "c55cdb071870b0b9e1f50dfb310e8f6b78afcf19bdfec3b5be913cf189538a44", "b9943d65b39622411a668ff43eb3ffea754c6d29c04b3489d6d09125ed095b7e", "e90efdf2736e36ab2a00add2e6663ee229222088b6109c0bae221ee2a56ff3bc", "bb905066d588ca1cbd907b80ac93278e57e565136e76fea12ca14419f204f7a9", "a4f07bb94efd3faaec930bf73c2ece6e4a8512a14983445b22d396eccde4aa6e", "1aa0868d7d776c38e89a484a5ecb317c85a7b82e53c468c21b0dcb35125fac09", "65eec9f4e3b8c629084b17ee78ad59082faa77bafaf7ca6280e9385c8f500779", "c38d8c9c6d6fc2de066cde9c26d59f2dd8576c97889129f711abd5b1d773832a", "52fe675ddb9df4128e5ee394dd1c13fb77d2f583596b31373c938a49c0b52124"], "mitre_attack_tags": []}, {"bi": "feed-domain-antivirus-service", "hashes": ["a8af41cc614d3851860eed0ec845c0301b119d4dfc1587a239b4e3d66e74a8d1", "cffc78e64ca2533de6c216b9420fde1e51884ac2b82e340a400466ed96002017", "66b3c23a633df3972a047362c616bd7bd003940977a251b5af854ce36ccb0e19", "d11ef65cbac6ed9973b667181acd05c021f5f5af6a944ac9be1e8694905d87af", "6354765d4962239b83d51578bc799b55ccc5554a8fab6ebe8a0a2b07afa23c3f", "5b244022ae7d5b464176b46d5d4b242f5ccda7c404582f49e298588e158f0286", "7e73dc8d96bf9474a02508c89bbd303108b6aec394d92e8f82235e61427d82f8", "c17fdfde5ec4fb24c28ee4707b0445649384bb92de6814a66e330efad277f6b8", "6cee2598da13d14ccc6f3e785de28a40dd45b0522c227f9a69998db3d28148e9", "7f7a485b67fb5f5a583ad6af699bcda1732f6b4c3d0f4e7126c57e3312bb7616", "6c66cb2982ab8d7ed7df748e1ff87daf8bf55f6ddf7126226ffcb920e49da719", "b9943d65b39622411a668ff43eb3ffea754c6d29c04b3489d6d09125ed095b7e", "e90efdf2736e36ab2a00add2e6663ee229222088b6109c0bae221ee2a56ff3bc", "bb905066d588ca1cbd907b80ac93278e57e565136e76fea12ca14419f204f7a9", "a4f07bb94efd3faaec930bf73c2ece6e4a8512a14983445b22d396eccde4aa6e", "1aa0868d7d776c38e89a484a5ecb317c85a7b82e53c468c21b0dcb35125fac09", "65eec9f4e3b8c629084b17ee78ad59082faa77bafaf7ca6280e9385c8f500779", "c38d8c9c6d6fc2de066cde9c26d59f2dd8576c97889129f711abd5b1d773832a", "52fe675ddb9df4128e5ee394dd1c13fb77d2f583596b31373c938a49c0b52124"], "mitre_attack_tags": []}, {"bi": "antivirus-flagged-artifact-cta", "hashes": ["a8af41cc614d3851860eed0ec845c0301b119d4dfc1587a239b4e3d66e74a8d1", "cffc78e64ca2533de6c216b9420fde1e51884ac2b82e340a400466ed96002017", "d11ef65cbac6ed9973b667181acd05c021f5f5af6a944ac9be1e8694905d87af", "6354765d4962239b83d51578bc799b55ccc5554a8fab6ebe8a0a2b07afa23c3f", "af1a1eff9838709bead50e1aaacd900dfb786244bf9011d63290188e9f08d16f", "5b244022ae7d5b464176b46d5d4b242f5ccda7c404582f49e298588e158f0286", "d370a634eff1bf62d4732521f199eae8280b8a82f7983ea7beddd85c8a7b7c9c", "7e73dc8d96bf9474a02508c89bbd303108b6aec394d92e8f82235e61427d82f8", "6cee2598da13d14ccc6f3e785de28a40dd45b0522c227f9a69998db3d28148e9", "6c66cb2982ab8d7ed7df748e1ff87daf8bf55f6ddf7126226ffcb920e49da719", "c55cdb071870b0b9e1f50dfb310e8f6b78afcf19bdfec3b5be913cf189538a44", "b9943d65b39622411a668ff43eb3ffea754c6d29c04b3489d6d09125ed095b7e", "e90efdf2736e36ab2a00add2e6663ee229222088b6109c0bae221ee2a56ff3bc", "bb905066d588ca1cbd907b80ac93278e57e565136e76fea12ca14419f204f7a9", "a4f07bb94efd3faaec930bf73c2ece6e4a8512a14983445b22d396eccde4aa6e", "1aa0868d7d776c38e89a484a5ecb317c85a7b82e53c468c21b0dcb35125fac09", "65eec9f4e3b8c629084b17ee78ad59082faa77bafaf7ca6280e9385c8f500779", "c38d8c9c6d6fc2de066cde9c26d59f2dd8576c97889129f711abd5b1d773832a", "52fe675ddb9df4128e5ee394dd1c13fb77d2f583596b31373c938a49c0b52124"], "mitre_attack_tags": []}, {"bi": "malware-guloader-traffic-detected", "hashes": ["a8af41cc614d3851860eed0ec845c0301b119d4dfc1587a239b4e3d66e74a8d1", "cffc78e64ca2533de6c216b9420fde1e51884ac2b82e340a400466ed96002017", "66b3c23a633df3972a047362c616bd7bd003940977a251b5af854ce36ccb0e19", "d11ef65cbac6ed9973b667181acd05c021f5f5af6a944ac9be1e8694905d87af", "6354765d4962239b83d51578bc799b55ccc5554a8fab6ebe8a0a2b07afa23c3f", "5b244022ae7d5b464176b46d5d4b242f5ccda7c404582f49e298588e158f0286", "7e73dc8d96bf9474a02508c89bbd303108b6aec394d92e8f82235e61427d82f8", "c17fdfde5ec4fb24c28ee4707b0445649384bb92de6814a66e330efad277f6b8", "6cee2598da13d14ccc6f3e785de28a40dd45b0522c227f9a69998db3d28148e9", "7f7a485b67fb5f5a583ad6af699bcda1732f6b4c3d0f4e7126c57e3312bb7616", "6c66cb2982ab8d7ed7df748e1ff87daf8bf55f6ddf7126226ffcb920e49da719", "b9943d65b39622411a668ff43eb3ffea754c6d29c04b3489d6d09125ed095b7e", "e90efdf2736e36ab2a00add2e6663ee229222088b6109c0bae221ee2a56ff3bc", "bb905066d588ca1cbd907b80ac93278e57e565136e76fea12ca14419f204f7a9", "a4f07bb94efd3faaec930bf73c2ece6e4a8512a14983445b22d396eccde4aa6e", "1aa0868d7d776c38e89a484a5ecb317c85a7b82e53c468c21b0dcb35125fac09", "65eec9f4e3b8c629084b17ee78ad59082faa77bafaf7ca6280e9385c8f500779", "c38d8c9c6d6fc2de066cde9c26d59f2dd8576c97889129f711abd5b1d773832a", "52fe675ddb9df4128e5ee394dd1c13fb77d2f583596b31373c938a49c0b52124"], "mitre_attack_tags": []}, {"bi": "feed-domain-rat", "hashes": ["a8af41cc614d3851860eed0ec845c0301b119d4dfc1587a239b4e3d66e74a8d1", "cffc78e64ca2533de6c216b9420fde1e51884ac2b82e340a400466ed96002017", "66b3c23a633df3972a047362c616bd7bd003940977a251b5af854ce36ccb0e19", "d11ef65cbac6ed9973b667181acd05c021f5f5af6a944ac9be1e8694905d87af", "6354765d4962239b83d51578bc799b55ccc5554a8fab6ebe8a0a2b07afa23c3f", "5b244022ae7d5b464176b46d5d4b242f5ccda7c404582f49e298588e158f0286", "7e73dc8d96bf9474a02508c89bbd303108b6aec394d92e8f82235e61427d82f8", "c17fdfde5ec4fb24c28ee4707b0445649384bb92de6814a66e330efad277f6b8", "6cee2598da13d14ccc6f3e785de28a40dd45b0522c227f9a69998db3d28148e9", "7f7a485b67fb5f5a583ad6af699bcda1732f6b4c3d0f4e7126c57e3312bb7616", "6c66cb2982ab8d7ed7df748e1ff87daf8bf55f6ddf7126226ffcb920e49da719", "b9943d65b39622411a668ff43eb3ffea754c6d29c04b3489d6d09125ed095b7e", "e90efdf2736e36ab2a00add2e6663ee229222088b6109c0bae221ee2a56ff3bc", "bb905066d588ca1cbd907b80ac93278e57e565136e76fea12ca14419f204f7a9", "a4f07bb94efd3faaec930bf73c2ece6e4a8512a14983445b22d396eccde4aa6e", "1aa0868d7d776c38e89a484a5ecb317c85a7b82e53c468c21b0dcb35125fac09", "65eec9f4e3b8c629084b17ee78ad59082faa77bafaf7ca6280e9385c8f500779", "c38d8c9c6d6fc2de066cde9c26d59f2dd8576c97889129f711abd5b1d773832a"], "mitre_attack_tags": []}, {"bi": "network-opendns-malicious", "hashes": ["a8af41cc614d3851860eed0ec845c0301b119d4dfc1587a239b4e3d66e74a8d1", "cffc78e64ca2533de6c216b9420fde1e51884ac2b82e340a400466ed96002017", "66b3c23a633df3972a047362c616bd7bd003940977a251b5af854ce36ccb0e19", "d11ef65cbac6ed9973b667181acd05c021f5f5af6a944ac9be1e8694905d87af", "6354765d4962239b83d51578bc799b55ccc5554a8fab6ebe8a0a2b07afa23c3f", "5b244022ae7d5b464176b46d5d4b242f5ccda7c404582f49e298588e158f0286", "7e73dc8d96bf9474a02508c89bbd303108b6aec394d92e8f82235e61427d82f8", "6cee2598da13d14ccc6f3e785de28a40dd45b0522c227f9a69998db3d28148e9", "7f7a485b67fb5f5a583ad6af699bcda1732f6b4c3d0f4e7126c57e3312bb7616", "6c66cb2982ab8d7ed7df748e1ff87daf8bf55f6ddf7126226ffcb920e49da719", "b9943d65b39622411a668ff43eb3ffea754c6d29c04b3489d6d09125ed095b7e", "e90efdf2736e36ab2a00add2e6663ee229222088b6109c0bae221ee2a56ff3bc", "bb905066d588ca1cbd907b80ac93278e57e565136e76fea12ca14419f204f7a9", "a4f07bb94efd3faaec930bf73c2ece6e4a8512a14983445b22d396eccde4aa6e", "1aa0868d7d776c38e89a484a5ecb317c85a7b82e53c468c21b0dcb35125fac09", "c38d8c9c6d6fc2de066cde9c26d59f2dd8576c97889129f711abd5b1d773832a", "52fe675ddb9df4128e5ee394dd1c13fb77d2f583596b31373c938a49c0b52124"], "mitre_attack_tags": []}, {"bi": "network-dns-malicious-snort", "hashes": ["a8af41cc614d3851860eed0ec845c0301b119d4dfc1587a239b4e3d66e74a8d1", "cffc78e64ca2533de6c216b9420fde1e51884ac2b82e340a400466ed96002017", "66b3c23a633df3972a047362c616bd7bd003940977a251b5af854ce36ccb0e19", "d11ef65cbac6ed9973b667181acd05c021f5f5af6a944ac9be1e8694905d87af", "6354765d4962239b83d51578bc799b55ccc5554a8fab6ebe8a0a2b07afa23c3f", "5b244022ae7d5b464176b46d5d4b242f5ccda7c404582f49e298588e158f0286", "7e73dc8d96bf9474a02508c89bbd303108b6aec394d92e8f82235e61427d82f8", "6cee2598da13d14ccc6f3e785de28a40dd45b0522c227f9a69998db3d28148e9", "7f7a485b67fb5f5a583ad6af699bcda1732f6b4c3d0f4e7126c57e3312bb7616", "6c66cb2982ab8d7ed7df748e1ff87daf8bf55f6ddf7126226ffcb920e49da719", "b9943d65b39622411a668ff43eb3ffea754c6d29c04b3489d6d09125ed095b7e", "e90efdf2736e36ab2a00add2e6663ee229222088b6109c0bae221ee2a56ff3bc", "bb905066d588ca1cbd907b80ac93278e57e565136e76fea12ca14419f204f7a9", "a4f07bb94efd3faaec930bf73c2ece6e4a8512a14983445b22d396eccde4aa6e", "1aa0868d7d776c38e89a484a5ecb317c85a7b82e53c468c21b0dcb35125fac09", "c38d8c9c6d6fc2de066cde9c26d59f2dd8576c97889129f711abd5b1d773832a", "52fe675ddb9df4128e5ee394dd1c13fb77d2f583596b31373c938a49c0b52124"], "mitre_attack_tags": ["TA0011", "T1102"]}, {"bi": "http-response-client-error", "hashes": ["a8af41cc614d3851860eed0ec845c0301b119d4dfc1587a239b4e3d66e74a8d1", "cffc78e64ca2533de6c216b9420fde1e51884ac2b82e340a400466ed96002017", "d11ef65cbac6ed9973b667181acd05c021f5f5af6a944ac9be1e8694905d87af", "5b244022ae7d5b464176b46d5d4b242f5ccda7c404582f49e298588e158f0286", "d370a634eff1bf62d4732521f199eae8280b8a82f7983ea7beddd85c8a7b7c9c", "7e73dc8d96bf9474a02508c89bbd303108b6aec394d92e8f82235e61427d82f8", "c17fdfde5ec4fb24c28ee4707b0445649384bb92de6814a66e330efad277f6b8", "7f7a485b67fb5f5a583ad6af699bcda1732f6b4c3d0f4e7126c57e3312bb7616", "6c66cb2982ab8d7ed7df748e1ff87daf8bf55f6ddf7126226ffcb920e49da719", "c55cdb071870b0b9e1f50dfb310e8f6b78afcf19bdfec3b5be913cf189538a44", "b9943d65b39622411a668ff43eb3ffea754c6d29c04b3489d6d09125ed095b7e", "e90efdf2736e36ab2a00add2e6663ee229222088b6109c0bae221ee2a56ff3bc", "bb905066d588ca1cbd907b80ac93278e57e565136e76fea12ca14419f204f7a9", "a4f07bb94efd3faaec930bf73c2ece6e4a8512a14983445b22d396eccde4aa6e", "1aa0868d7d776c38e89a484a5ecb317c85a7b82e53c468c21b0dcb35125fac09", "65eec9f4e3b8c629084b17ee78ad59082faa77bafaf7ca6280e9385c8f500779", "c38d8c9c6d6fc2de066cde9c26d59f2dd8576c97889129f711abd5b1d773832a"], "mitre_attack_tags": []}, {"bi": "altered-sample-dns-flagged", "hashes": ["a8af41cc614d3851860eed0ec845c0301b119d4dfc1587a239b4e3d66e74a8d1", "cffc78e64ca2533de6c216b9420fde1e51884ac2b82e340a400466ed96002017", "66b3c23a633df3972a047362c616bd7bd003940977a251b5af854ce36ccb0e19", "d11ef65cbac6ed9973b667181acd05c021f5f5af6a944ac9be1e8694905d87af", "6354765d4962239b83d51578bc799b55ccc5554a8fab6ebe8a0a2b07afa23c3f", "5b244022ae7d5b464176b46d5d4b242f5ccda7c404582f49e298588e158f0286", "7e73dc8d96bf9474a02508c89bbd303108b6aec394d92e8f82235e61427d82f8", "6cee2598da13d14ccc6f3e785de28a40dd45b0522c227f9a69998db3d28148e9", "7f7a485b67fb5f5a583ad6af699bcda1732f6b4c3d0f4e7126c57e3312bb7616", "6c66cb2982ab8d7ed7df748e1ff87daf8bf55f6ddf7126226ffcb920e49da719", "b9943d65b39622411a668ff43eb3ffea754c6d29c04b3489d6d09125ed095b7e", "e90efdf2736e36ab2a00add2e6663ee229222088b6109c0bae221ee2a56ff3bc", "bb905066d588ca1cbd907b80ac93278e57e565136e76fea12ca14419f204f7a9", "a4f07bb94efd3faaec930bf73c2ece6e4a8512a14983445b22d396eccde4aa6e", "1aa0868d7d776c38e89a484a5ecb317c85a7b82e53c468c21b0dcb35125fac09", "c38d8c9c6d6fc2de066cde9c26d59f2dd8576c97889129f711abd5b1d773832a", "52fe675ddb9df4128e5ee394dd1c13fb77d2f583596b31373c938a49c0b52124"], "mitre_attack_tags": ["TA0011", "T1102"]}, {"bi": "network-dns-upload-file", "hashes": ["a8af41cc614d3851860eed0ec845c0301b119d4dfc1587a239b4e3d66e74a8d1", "cffc78e64ca2533de6c216b9420fde1e51884ac2b82e340a400466ed96002017", "66b3c23a633df3972a047362c616bd7bd003940977a251b5af854ce36ccb0e19", "d11ef65cbac6ed9973b667181acd05c021f5f5af6a944ac9be1e8694905d87af", "6354765d4962239b83d51578bc799b55ccc5554a8fab6ebe8a0a2b07afa23c3f", "5b244022ae7d5b464176b46d5d4b242f5ccda7c404582f49e298588e158f0286", "7e73dc8d96bf9474a02508c89bbd303108b6aec394d92e8f82235e61427d82f8", "6cee2598da13d14ccc6f3e785de28a40dd45b0522c227f9a69998db3d28148e9", "7f7a485b67fb5f5a583ad6af699bcda1732f6b4c3d0f4e7126c57e3312bb7616", "6c66cb2982ab8d7ed7df748e1ff87daf8bf55f6ddf7126226ffcb920e49da719", "b9943d65b39622411a668ff43eb3ffea754c6d29c04b3489d6d09125ed095b7e", "e90efdf2736e36ab2a00add2e6663ee229222088b6109c0bae221ee2a56ff3bc", "bb905066d588ca1cbd907b80ac93278e57e565136e76fea12ca14419f204f7a9", "a4f07bb94efd3faaec930bf73c2ece6e4a8512a14983445b22d396eccde4aa6e", "1aa0868d7d776c38e89a484a5ecb317c85a7b82e53c468c21b0dcb35125fac09", "c38d8c9c6d6fc2de066cde9c26d59f2dd8576c97889129f711abd5b1d773832a", "52fe675ddb9df4128e5ee394dd1c13fb77d2f583596b31373c938a49c0b52124"], "mitre_attack_tags": []}, {"bi": "pe-uses-heavens-gate", "hashes": ["a8af41cc614d3851860eed0ec845c0301b119d4dfc1587a239b4e3d66e74a8d1", "cffc78e64ca2533de6c216b9420fde1e51884ac2b82e340a400466ed96002017", "d11ef65cbac6ed9973b667181acd05c021f5f5af6a944ac9be1e8694905d87af", "5b244022ae7d5b464176b46d5d4b242f5ccda7c404582f49e298588e158f0286", "7e73dc8d96bf9474a02508c89bbd303108b6aec394d92e8f82235e61427d82f8", "c17fdfde5ec4fb24c28ee4707b0445649384bb92de6814a66e330efad277f6b8", "7f7a485b67fb5f5a583ad6af699bcda1732f6b4c3d0f4e7126c57e3312bb7616", "6c66cb2982ab8d7ed7df748e1ff87daf8bf55f6ddf7126226ffcb920e49da719", "c55cdb071870b0b9e1f50dfb310e8f6b78afcf19bdfec3b5be913cf189538a44", "b9943d65b39622411a668ff43eb3ffea754c6d29c04b3489d6d09125ed095b7e", "e90efdf2736e36ab2a00add2e6663ee229222088b6109c0bae221ee2a56ff3bc", "bb905066d588ca1cbd907b80ac93278e57e565136e76fea12ca14419f204f7a9", "a4f07bb94efd3faaec930bf73c2ece6e4a8512a14983445b22d396eccde4aa6e", "1aa0868d7d776c38e89a484a5ecb317c85a7b82e53c468c21b0dcb35125fac09", "65eec9f4e3b8c629084b17ee78ad59082faa77bafaf7ca6280e9385c8f500779", "c38d8c9c6d6fc2de066cde9c26d59f2dd8576c97889129f711abd5b1d773832a"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "nginx-webserver-detected", "hashes": ["7e73dc8d96bf9474a02508c89bbd303108b6aec394d92e8f82235e61427d82f8", "c17fdfde5ec4fb24c28ee4707b0445649384bb92de6814a66e330efad277f6b8", "7f7a485b67fb5f5a583ad6af699bcda1732f6b4c3d0f4e7126c57e3312bb7616", "bb905066d588ca1cbd907b80ac93278e57e565136e76fea12ca14419f204f7a9", "1aa0868d7d776c38e89a484a5ecb317c85a7b82e53c468c21b0dcb35125fac09", "65eec9f4e3b8c629084b17ee78ad59082faa77bafaf7ca6280e9385c8f500779"], "mitre_attack_tags": []}, {"bi": "network-dns-category-cnc", "hashes": ["66b3c23a633df3972a047362c616bd7bd003940977a251b5af854ce36ccb0e19", "6354765d4962239b83d51578bc799b55ccc5554a8fab6ebe8a0a2b07afa23c3f", "6cee2598da13d14ccc6f3e785de28a40dd45b0522c227f9a69998db3d28148e9", "52fe675ddb9df4128e5ee394dd1c13fb77d2f583596b31373c938a49c0b52124"], "mitre_attack_tags": ["TA0011"]}, {"bi": "pe-imports-toolhelp", "hashes": ["66b3c23a633df3972a047362c616bd7bd003940977a251b5af854ce36ccb0e19", "c17fdfde5ec4fb24c28ee4707b0445649384bb92de6814a66e330efad277f6b8", "7f7a485b67fb5f5a583ad6af699bcda1732f6b4c3d0f4e7126c57e3312bb7616"], "mitre_attack_tags": ["TA0007", "T1057"]}, {"bi": "windows-crash-tool-execution-detected", "hashes": ["e94d2344c041ac575285613a13541dc1601bd3d79399edddace84964a733281f", "af1a1eff9838709bead50e1aaacd900dfb786244bf9011d63290188e9f08d16f"], "mitre_attack_tags": []}, {"bi": "crash-dump-file-created", "hashes": ["e94d2344c041ac575285613a13541dc1601bd3d79399edddace84964a733281f", "af1a1eff9838709bead50e1aaacd900dfb786244bf9011d63290188e9f08d16f"], "mitre_attack_tags": []}, {"bi": "fault-report-file-created", "hashes": ["e94d2344c041ac575285613a13541dc1601bd3d79399edddace84964a733281f", "af1a1eff9838709bead50e1aaacd900dfb786244bf9011d63290188e9f08d16f"], "mitre_attack_tags": []}, {"bi": "artifact-flagged-obfuscation", "hashes": ["d370a634eff1bf62d4732521f199eae8280b8a82f7983ea7beddd85c8a7b7c9c", "c55cdb071870b0b9e1f50dfb310e8f6b78afcf19bdfec3b5be913cf189538a44"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "network-http-numeric-ip", "hashes": ["d370a634eff1bf62d4732521f199eae8280b8a82f7983ea7beddd85c8a7b7c9c", "c55cdb071870b0b9e1f50dfb310e8f6b78afcf19bdfec3b5be913cf189538a44"], "mitre_attack_tags": ["TA0011", "T1071"]}, {"bi": "modified-executable", "hashes": ["e94d2344c041ac575285613a13541dc1601bd3d79399edddace84964a733281f"], "mitre_attack_tags": []}, {"bi": "created-executable-in-user-dir", "hashes": ["e94d2344c041ac575285613a13541dc1601bd3d79399edddace84964a733281f"], "mitre_attack_tags": []}, {"bi": "sample-launched-copy-of-self", "hashes": ["e94d2344c041ac575285613a13541dc1601bd3d79399edddace84964a733281f"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "registry-autorun-key-data-dir", "hashes": ["e94d2344c041ac575285613a13541dc1601bd3d79399edddace84964a733281f"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "registry-autorun-key-modified", "hashes": ["e94d2344c041ac575285613a13541dc1601bd3d79399edddace84964a733281f"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "malware-svchost-misspell", "hashes": ["e94d2344c041ac575285613a13541dc1601bd3d79399edddace84964a733281f"], "mitre_attack_tags": []}, {"bi": "malware-misspell-binary", "hashes": ["e94d2344c041ac575285613a13541dc1601bd3d79399edddace84964a733281f"], "mitre_attack_tags": []}, {"bi": "pe-uses-armadillo", "hashes": ["a0d02c35c4900c56042c820357f9df11f6a34ed0e141c3517621c18892a60636"], "mitre_attack_tags": ["TA0005", "T1027"]}], "category": "Malware", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": true, "Threat Grid": true, "Umbrella": true, "WSA": true}, "description": "Gamarue, also known as Andromeda, is a botnet used to spread malware, steal information and perform activities such as click fraud.", "hashes": ["1aa0868d7d776c38e89a484a5ecb317c85a7b82e53c468c21b0dcb35125fac09", "52fe675ddb9df4128e5ee394dd1c13fb77d2f583596b31373c938a49c0b52124", "5b244022ae7d5b464176b46d5d4b242f5ccda7c404582f49e298588e158f0286", "6354765d4962239b83d51578bc799b55ccc5554a8fab6ebe8a0a2b07afa23c3f", "65eec9f4e3b8c629084b17ee78ad59082faa77bafaf7ca6280e9385c8f500779", "66b3c23a633df3972a047362c616bd7bd003940977a251b5af854ce36ccb0e19", "6c66cb2982ab8d7ed7df748e1ff87daf8bf55f6ddf7126226ffcb920e49da719", "6cee2598da13d14ccc6f3e785de28a40dd45b0522c227f9a69998db3d28148e9", "7e73dc8d96bf9474a02508c89bbd303108b6aec394d92e8f82235e61427d82f8", "7f7a485b67fb5f5a583ad6af699bcda1732f6b4c3d0f4e7126c57e3312bb7616", "a0d02c35c4900c56042c820357f9df11f6a34ed0e141c3517621c18892a60636", "a4f07bb94efd3faaec930bf73c2ece6e4a8512a14983445b22d396eccde4aa6e", "a8af41cc614d3851860eed0ec845c0301b119d4dfc1587a239b4e3d66e74a8d1", "af1a1eff9838709bead50e1aaacd900dfb786244bf9011d63290188e9f08d16f", "b9943d65b39622411a668ff43eb3ffea754c6d29c04b3489d6d09125ed095b7e", "bb905066d588ca1cbd907b80ac93278e57e565136e76fea12ca14419f204f7a9", "c17fdfde5ec4fb24c28ee4707b0445649384bb92de6814a66e330efad277f6b8", "c38d8c9c6d6fc2de066cde9c26d59f2dd8576c97889129f711abd5b1d773832a", "c55cdb071870b0b9e1f50dfb310e8f6b78afcf19bdfec3b5be913cf189538a44", "cffc78e64ca2533de6c216b9420fde1e51884ac2b82e340a400466ed96002017", "d11ef65cbac6ed9973b667181acd05c021f5f5af6a944ac9be1e8694905d87af", "d370a634eff1bf62d4732521f199eae8280b8a82f7983ea7beddd85c8a7b7c9c", "e90efdf2736e36ab2a00add2e6663ee229222088b6109c0bae221ee2a56ff3bc", "e94d2344c041ac575285613a13541dc1601bd3d79399edddace84964a733281f"], "iocs": {"domain": [{"hashes": ["5b244022ae7d5b464176b46d5d4b242f5ccda7c404582f49e298588e158f0286", "6c66cb2982ab8d7ed7df748e1ff87daf8bf55f6ddf7126226ffcb920e49da719", "a4f07bb94efd3faaec930bf73c2ece6e4a8512a14983445b22d396eccde4aa6e", "a8af41cc614d3851860eed0ec845c0301b119d4dfc1587a239b4e3d66e74a8d1", "b9943d65b39622411a668ff43eb3ffea754c6d29c04b3489d6d09125ed095b7e", "c38d8c9c6d6fc2de066cde9c26d59f2dd8576c97889129f711abd5b1d773832a", "cffc78e64ca2533de6c216b9420fde1e51884ac2b82e340a400466ed96002017", "d11ef65cbac6ed9973b667181acd05c021f5f5af6a944ac9be1e8694905d87af", "e90efdf2736e36ab2a00add2e6663ee229222088b6109c0bae221ee2a56ff3bc"], "host": "atlasqrp[.]com"}, {"hashes": ["52fe675ddb9df4128e5ee394dd1c13fb77d2f583596b31373c938a49c0b52124", "6354765d4962239b83d51578bc799b55ccc5554a8fab6ebe8a0a2b07afa23c3f", "66b3c23a633df3972a047362c616bd7bd003940977a251b5af854ce36ccb0e19", "6cee2598da13d14ccc6f3e785de28a40dd45b0522c227f9a69998db3d28148e9"], "host": "becharnise[.]ir"}, {"hashes": ["1aa0868d7d776c38e89a484a5ecb317c85a7b82e53c468c21b0dcb35125fac09", "7e73dc8d96bf9474a02508c89bbd303108b6aec394d92e8f82235e61427d82f8"], "host": "azmtool[.]us"}, {"hashes": ["7f7a485b67fb5f5a583ad6af699bcda1732f6b4c3d0f4e7126c57e3312bb7616", "bb905066d588ca1cbd907b80ac93278e57e565136e76fea12ca14419f204f7a9"], "host": "newcesarnex[.]com"}, {"hashes": ["65eec9f4e3b8c629084b17ee78ad59082faa77bafaf7ca6280e9385c8f500779", "c17fdfde5ec4fb24c28ee4707b0445649384bb92de6814a66e330efad277f6b8"], "host": "klimsourcinq[.]com"}, {"hashes": ["c55cdb071870b0b9e1f50dfb310e8f6b78afcf19bdfec3b5be913cf189538a44"], "host": "cpanel[.]com"}], "file": [{"hashes": ["1aa0868d7d776c38e89a484a5ecb317c85a7b82e53c468c21b0dcb35125fac09", "52fe675ddb9df4128e5ee394dd1c13fb77d2f583596b31373c938a49c0b52124", "5b244022ae7d5b464176b46d5d4b242f5ccda7c404582f49e298588e158f0286", "6354765d4962239b83d51578bc799b55ccc5554a8fab6ebe8a0a2b07afa23c3f", "65eec9f4e3b8c629084b17ee78ad59082faa77bafaf7ca6280e9385c8f500779", "66b3c23a633df3972a047362c616bd7bd003940977a251b5af854ce36ccb0e19", "6c66cb2982ab8d7ed7df748e1ff87daf8bf55f6ddf7126226ffcb920e49da719", "6cee2598da13d14ccc6f3e785de28a40dd45b0522c227f9a69998db3d28148e9", "7e73dc8d96bf9474a02508c89bbd303108b6aec394d92e8f82235e61427d82f8", "7f7a485b67fb5f5a583ad6af699bcda1732f6b4c3d0f4e7126c57e3312bb7616", "a0d02c35c4900c56042c820357f9df11f6a34ed0e141c3517621c18892a60636", "a4f07bb94efd3faaec930bf73c2ece6e4a8512a14983445b22d396eccde4aa6e", "a8af41cc614d3851860eed0ec845c0301b119d4dfc1587a239b4e3d66e74a8d1", "af1a1eff9838709bead50e1aaacd900dfb786244bf9011d63290188e9f08d16f", "b9943d65b39622411a668ff43eb3ffea754c6d29c04b3489d6d09125ed095b7e", "bb905066d588ca1cbd907b80ac93278e57e565136e76fea12ca14419f204f7a9", "c17fdfde5ec4fb24c28ee4707b0445649384bb92de6814a66e330efad277f6b8", "c38d8c9c6d6fc2de066cde9c26d59f2dd8576c97889129f711abd5b1d773832a", "c55cdb071870b0b9e1f50dfb310e8f6b78afcf19bdfec3b5be913cf189538a44", "cffc78e64ca2533de6c216b9420fde1e51884ac2b82e340a400466ed96002017", "d11ef65cbac6ed9973b667181acd05c021f5f5af6a944ac9be1e8694905d87af", "d370a634eff1bf62d4732521f199eae8280b8a82f7983ea7beddd85c8a7b7c9c", "e90efdf2736e36ab2a00add2e6663ee229222088b6109c0bae221ee2a56ff3bc", "e94d2344c041ac575285613a13541dc1601bd3d79399edddace84964a733281f"], "path": "%TEMP%\\ns<random, matching '[a-z][A-F0-9]{1,4}'>.tmp"}, {"hashes": ["1aa0868d7d776c38e89a484a5ecb317c85a7b82e53c468c21b0dcb35125fac09", "52fe675ddb9df4128e5ee394dd1c13fb77d2f583596b31373c938a49c0b52124", "5b244022ae7d5b464176b46d5d4b242f5ccda7c404582f49e298588e158f0286", "6354765d4962239b83d51578bc799b55ccc5554a8fab6ebe8a0a2b07afa23c3f", "65eec9f4e3b8c629084b17ee78ad59082faa77bafaf7ca6280e9385c8f500779", "66b3c23a633df3972a047362c616bd7bd003940977a251b5af854ce36ccb0e19", "6c66cb2982ab8d7ed7df748e1ff87daf8bf55f6ddf7126226ffcb920e49da719", "6cee2598da13d14ccc6f3e785de28a40dd45b0522c227f9a69998db3d28148e9", "7e73dc8d96bf9474a02508c89bbd303108b6aec394d92e8f82235e61427d82f8", "7f7a485b67fb5f5a583ad6af699bcda1732f6b4c3d0f4e7126c57e3312bb7616", "a0d02c35c4900c56042c820357f9df11f6a34ed0e141c3517621c18892a60636", "a4f07bb94efd3faaec930bf73c2ece6e4a8512a14983445b22d396eccde4aa6e", "a8af41cc614d3851860eed0ec845c0301b119d4dfc1587a239b4e3d66e74a8d1", "af1a1eff9838709bead50e1aaacd900dfb786244bf9011d63290188e9f08d16f", "b9943d65b39622411a668ff43eb3ffea754c6d29c04b3489d6d09125ed095b7e", "bb905066d588ca1cbd907b80ac93278e57e565136e76fea12ca14419f204f7a9", "c17fdfde5ec4fb24c28ee4707b0445649384bb92de6814a66e330efad277f6b8", "c38d8c9c6d6fc2de066cde9c26d59f2dd8576c97889129f711abd5b1d773832a", "c55cdb071870b0b9e1f50dfb310e8f6b78afcf19bdfec3b5be913cf189538a44", "cffc78e64ca2533de6c216b9420fde1e51884ac2b82e340a400466ed96002017", "d11ef65cbac6ed9973b667181acd05c021f5f5af6a944ac9be1e8694905d87af", "d370a634eff1bf62d4732521f199eae8280b8a82f7983ea7beddd85c8a7b7c9c", "e90efdf2736e36ab2a00add2e6663ee229222088b6109c0bae221ee2a56ff3bc", "e94d2344c041ac575285613a13541dc1601bd3d79399edddace84964a733281f"], "path": "%TEMP%\\ns<random, matching '[a-z][A-F0-9]{4}'>.tmp\\System.dll"}, {"hashes": ["1aa0868d7d776c38e89a484a5ecb317c85a7b82e53c468c21b0dcb35125fac09", "52fe675ddb9df4128e5ee394dd1c13fb77d2f583596b31373c938a49c0b52124", "5b244022ae7d5b464176b46d5d4b242f5ccda7c404582f49e298588e158f0286", "6354765d4962239b83d51578bc799b55ccc5554a8fab6ebe8a0a2b07afa23c3f", "65eec9f4e3b8c629084b17ee78ad59082faa77bafaf7ca6280e9385c8f500779", "66b3c23a633df3972a047362c616bd7bd003940977a251b5af854ce36ccb0e19", "6c66cb2982ab8d7ed7df748e1ff87daf8bf55f6ddf7126226ffcb920e49da719", "6cee2598da13d14ccc6f3e785de28a40dd45b0522c227f9a69998db3d28148e9", "7e73dc8d96bf9474a02508c89bbd303108b6aec394d92e8f82235e61427d82f8", "7f7a485b67fb5f5a583ad6af699bcda1732f6b4c3d0f4e7126c57e3312bb7616", "a4f07bb94efd3faaec930bf73c2ece6e4a8512a14983445b22d396eccde4aa6e", "a8af41cc614d3851860eed0ec845c0301b119d4dfc1587a239b4e3d66e74a8d1", "af1a1eff9838709bead50e1aaacd900dfb786244bf9011d63290188e9f08d16f", "b9943d65b39622411a668ff43eb3ffea754c6d29c04b3489d6d09125ed095b7e", "bb905066d588ca1cbd907b80ac93278e57e565136e76fea12ca14419f204f7a9", "c17fdfde5ec4fb24c28ee4707b0445649384bb92de6814a66e330efad277f6b8", "c38d8c9c6d6fc2de066cde9c26d59f2dd8576c97889129f711abd5b1d773832a", "c55cdb071870b0b9e1f50dfb310e8f6b78afcf19bdfec3b5be913cf189538a44", "cffc78e64ca2533de6c216b9420fde1e51884ac2b82e340a400466ed96002017", "d11ef65cbac6ed9973b667181acd05c021f5f5af6a944ac9be1e8694905d87af", "d370a634eff1bf62d4732521f199eae8280b8a82f7983ea7beddd85c8a7b7c9c", "e90efdf2736e36ab2a00add2e6663ee229222088b6109c0bae221ee2a56ff3bc", "e94d2344c041ac575285613a13541dc1601bd3d79399edddace84964a733281f"], "path": "%TEMP%\\yrcvb.dll"}, {"hashes": ["1aa0868d7d776c38e89a484a5ecb317c85a7b82e53c468c21b0dcb35125fac09", "52fe675ddb9df4128e5ee394dd1c13fb77d2f583596b31373c938a49c0b52124", "5b244022ae7d5b464176b46d5d4b242f5ccda7c404582f49e298588e158f0286", "6354765d4962239b83d51578bc799b55ccc5554a8fab6ebe8a0a2b07afa23c3f", "65eec9f4e3b8c629084b17ee78ad59082faa77bafaf7ca6280e9385c8f500779", "66b3c23a633df3972a047362c616bd7bd003940977a251b5af854ce36ccb0e19", "6c66cb2982ab8d7ed7df748e1ff87daf8bf55f6ddf7126226ffcb920e49da719", "6cee2598da13d14ccc6f3e785de28a40dd45b0522c227f9a69998db3d28148e9", "7e73dc8d96bf9474a02508c89bbd303108b6aec394d92e8f82235e61427d82f8", "7f7a485b67fb5f5a583ad6af699bcda1732f6b4c3d0f4e7126c57e3312bb7616", "a4f07bb94efd3faaec930bf73c2ece6e4a8512a14983445b22d396eccde4aa6e", "a8af41cc614d3851860eed0ec845c0301b119d4dfc1587a239b4e3d66e74a8d1", "b9943d65b39622411a668ff43eb3ffea754c6d29c04b3489d6d09125ed095b7e", "bb905066d588ca1cbd907b80ac93278e57e565136e76fea12ca14419f204f7a9", "c17fdfde5ec4fb24c28ee4707b0445649384bb92de6814a66e330efad277f6b8", "c38d8c9c6d6fc2de066cde9c26d59f2dd8576c97889129f711abd5b1d773832a", "c55cdb071870b0b9e1f50dfb310e8f6b78afcf19bdfec3b5be913cf189538a44", "cffc78e64ca2533de6c216b9420fde1e51884ac2b82e340a400466ed96002017", "d11ef65cbac6ed9973b667181acd05c021f5f5af6a944ac9be1e8694905d87af", "d370a634eff1bf62d4732521f199eae8280b8a82f7983ea7beddd85c8a7b7c9c", "e90efdf2736e36ab2a00add2e6663ee229222088b6109c0bae221ee2a56ff3bc"], "path": "%APPDATA%\\D282E1"}, {"hashes": ["1aa0868d7d776c38e89a484a5ecb317c85a7b82e53c468c21b0dcb35125fac09", "52fe675ddb9df4128e5ee394dd1c13fb77d2f583596b31373c938a49c0b52124", "5b244022ae7d5b464176b46d5d4b242f5ccda7c404582f49e298588e158f0286", "6354765d4962239b83d51578bc799b55ccc5554a8fab6ebe8a0a2b07afa23c3f", "65eec9f4e3b8c629084b17ee78ad59082faa77bafaf7ca6280e9385c8f500779", "66b3c23a633df3972a047362c616bd7bd003940977a251b5af854ce36ccb0e19", "6c66cb2982ab8d7ed7df748e1ff87daf8bf55f6ddf7126226ffcb920e49da719", "6cee2598da13d14ccc6f3e785de28a40dd45b0522c227f9a69998db3d28148e9", "7e73dc8d96bf9474a02508c89bbd303108b6aec394d92e8f82235e61427d82f8", "7f7a485b67fb5f5a583ad6af699bcda1732f6b4c3d0f4e7126c57e3312bb7616", "a4f07bb94efd3faaec930bf73c2ece6e4a8512a14983445b22d396eccde4aa6e", "a8af41cc614d3851860eed0ec845c0301b119d4dfc1587a239b4e3d66e74a8d1", "b9943d65b39622411a668ff43eb3ffea754c6d29c04b3489d6d09125ed095b7e", "bb905066d588ca1cbd907b80ac93278e57e565136e76fea12ca14419f204f7a9", "c17fdfde5ec4fb24c28ee4707b0445649384bb92de6814a66e330efad277f6b8", "c38d8c9c6d6fc2de066cde9c26d59f2dd8576c97889129f711abd5b1d773832a", "c55cdb071870b0b9e1f50dfb310e8f6b78afcf19bdfec3b5be913cf189538a44", "cffc78e64ca2533de6c216b9420fde1e51884ac2b82e340a400466ed96002017", "d11ef65cbac6ed9973b667181acd05c021f5f5af6a944ac9be1e8694905d87af", "d370a634eff1bf62d4732521f199eae8280b8a82f7983ea7beddd85c8a7b7c9c", "e90efdf2736e36ab2a00add2e6663ee229222088b6109c0bae221ee2a56ff3bc"], "path": "%APPDATA%\\D282E1\\1E80C5.lck"}, {"hashes": ["1aa0868d7d776c38e89a484a5ecb317c85a7b82e53c468c21b0dcb35125fac09", "52fe675ddb9df4128e5ee394dd1c13fb77d2f583596b31373c938a49c0b52124", "5b244022ae7d5b464176b46d5d4b242f5ccda7c404582f49e298588e158f0286", "6354765d4962239b83d51578bc799b55ccc5554a8fab6ebe8a0a2b07afa23c3f", "65eec9f4e3b8c629084b17ee78ad59082faa77bafaf7ca6280e9385c8f500779", "66b3c23a633df3972a047362c616bd7bd003940977a251b5af854ce36ccb0e19", "6c66cb2982ab8d7ed7df748e1ff87daf8bf55f6ddf7126226ffcb920e49da719", "6cee2598da13d14ccc6f3e785de28a40dd45b0522c227f9a69998db3d28148e9", "7e73dc8d96bf9474a02508c89bbd303108b6aec394d92e8f82235e61427d82f8", "7f7a485b67fb5f5a583ad6af699bcda1732f6b4c3d0f4e7126c57e3312bb7616", "a4f07bb94efd3faaec930bf73c2ece6e4a8512a14983445b22d396eccde4aa6e", "a8af41cc614d3851860eed0ec845c0301b119d4dfc1587a239b4e3d66e74a8d1", "b9943d65b39622411a668ff43eb3ffea754c6d29c04b3489d6d09125ed095b7e", "bb905066d588ca1cbd907b80ac93278e57e565136e76fea12ca14419f204f7a9", "c17fdfde5ec4fb24c28ee4707b0445649384bb92de6814a66e330efad277f6b8", "c38d8c9c6d6fc2de066cde9c26d59f2dd8576c97889129f711abd5b1d773832a", "c55cdb071870b0b9e1f50dfb310e8f6b78afcf19bdfec3b5be913cf189538a44", "cffc78e64ca2533de6c216b9420fde1e51884ac2b82e340a400466ed96002017", "d11ef65cbac6ed9973b667181acd05c021f5f5af6a944ac9be1e8694905d87af", "d370a634eff1bf62d4732521f199eae8280b8a82f7983ea7beddd85c8a7b7c9c", "e90efdf2736e36ab2a00add2e6663ee229222088b6109c0bae221ee2a56ff3bc"], "path": "%APPDATA%\\7C7955\\5D4644.lck"}, {"hashes": ["5b244022ae7d5b464176b46d5d4b242f5ccda7c404582f49e298588e158f0286", "65eec9f4e3b8c629084b17ee78ad59082faa77bafaf7ca6280e9385c8f500779", "6c66cb2982ab8d7ed7df748e1ff87daf8bf55f6ddf7126226ffcb920e49da719", "a8af41cc614d3851860eed0ec845c0301b119d4dfc1587a239b4e3d66e74a8d1", "b9943d65b39622411a668ff43eb3ffea754c6d29c04b3489d6d09125ed095b7e", "c55cdb071870b0b9e1f50dfb310e8f6b78afcf19bdfec3b5be913cf189538a44", "cffc78e64ca2533de6c216b9420fde1e51884ac2b82e340a400466ed96002017", "d11ef65cbac6ed9973b667181acd05c021f5f5af6a944ac9be1e8694905d87af", "d370a634eff1bf62d4732521f199eae8280b8a82f7983ea7beddd85c8a7b7c9c", "e90efdf2736e36ab2a00add2e6663ee229222088b6109c0bae221ee2a56ff3bc"], "path": "%APPDATA%\\7C7955\\5D4644.exe (copy)"}, {"hashes": ["66b3c23a633df3972a047362c616bd7bd003940977a251b5af854ce36ccb0e19", "7f7a485b67fb5f5a583ad6af699bcda1732f6b4c3d0f4e7126c57e3312bb7616", "a8af41cc614d3851860eed0ec845c0301b119d4dfc1587a239b4e3d66e74a8d1", "af1a1eff9838709bead50e1aaacd900dfb786244bf9011d63290188e9f08d16f", "c17fdfde5ec4fb24c28ee4707b0445649384bb92de6814a66e330efad277f6b8", "cffc78e64ca2533de6c216b9420fde1e51884ac2b82e340a400466ed96002017", "d11ef65cbac6ed9973b667181acd05c021f5f5af6a944ac9be1e8694905d87af", "e94d2344c041ac575285613a13541dc1601bd3d79399edddace84964a733281f"], "path": "%TEMP%\\50x50.jpg"}, {"hashes": ["66b3c23a633df3972a047362c616bd7bd003940977a251b5af854ce36ccb0e19", "7f7a485b67fb5f5a583ad6af699bcda1732f6b4c3d0f4e7126c57e3312bb7616", "a8af41cc614d3851860eed0ec845c0301b119d4dfc1587a239b4e3d66e74a8d1", "af1a1eff9838709bead50e1aaacd900dfb786244bf9011d63290188e9f08d16f", "c17fdfde5ec4fb24c28ee4707b0445649384bb92de6814a66e330efad277f6b8", "cffc78e64ca2533de6c216b9420fde1e51884ac2b82e340a400466ed96002017", "d11ef65cbac6ed9973b667181acd05c021f5f5af6a944ac9be1e8694905d87af", "e94d2344c041ac575285613a13541dc1601bd3d79399edddace84964a733281f"], "path": "%TEMP%\\README.md"}, {"hashes": ["66b3c23a633df3972a047362c616bd7bd003940977a251b5af854ce36ccb0e19", "7f7a485b67fb5f5a583ad6af699bcda1732f6b4c3d0f4e7126c57e3312bb7616", "a8af41cc614d3851860eed0ec845c0301b119d4dfc1587a239b4e3d66e74a8d1", "af1a1eff9838709bead50e1aaacd900dfb786244bf9011d63290188e9f08d16f", "c17fdfde5ec4fb24c28ee4707b0445649384bb92de6814a66e330efad277f6b8", "cffc78e64ca2533de6c216b9420fde1e51884ac2b82e340a400466ed96002017", "d11ef65cbac6ed9973b667181acd05c021f5f5af6a944ac9be1e8694905d87af", "e94d2344c041ac575285613a13541dc1601bd3d79399edddace84964a733281f"], "path": "%TEMP%\\download.png"}, {"hashes": ["5b244022ae7d5b464176b46d5d4b242f5ccda7c404582f49e298588e158f0286"], "path": "%TEMP%\\hmilyqt.y"}, {"hashes": ["65eec9f4e3b8c629084b17ee78ad59082faa77bafaf7ca6280e9385c8f500779"], "path": "%TEMP%\\kdzuq.ta"}, {"hashes": ["6c66cb2982ab8d7ed7df748e1ff87daf8bf55f6ddf7126226ffcb920e49da719"], "path": "%TEMP%\\aqmwckjmrn.nu"}, {"hashes": ["a8af41cc614d3851860eed0ec845c0301b119d4dfc1587a239b4e3d66e74a8d1"], "path": "%TEMP%\\liwss.xth"}, {"hashes": ["b9943d65b39622411a668ff43eb3ffea754c6d29c04b3489d6d09125ed095b7e"], "path": "%TEMP%\\myqkt.lqe"}, {"hashes": ["c55cdb071870b0b9e1f50dfb310e8f6b78afcf19bdfec3b5be913cf189538a44"], "path": "%TEMP%\\hudevtl.jg"}, {"hashes": ["af1a1eff9838709bead50e1aaacd900dfb786244bf9011d63290188e9f08d16f"], "path": "%TEMP%\\lunzuig.jbl"}, {"hashes": ["d11ef65cbac6ed9973b667181acd05c021f5f5af6a944ac9be1e8694905d87af"], "path": "%TEMP%\\daxet.aj"}, {"hashes": ["cffc78e64ca2533de6c216b9420fde1e51884ac2b82e340a400466ed96002017"], "path": "%TEMP%\\oqwlvuu.bow"}, {"hashes": ["e90efdf2736e36ab2a00add2e6663ee229222088b6109c0bae221ee2a56ff3bc"], "path": "%TEMP%\\npaiwbql.lr"}, {"hashes": ["d370a634eff1bf62d4732521f199eae8280b8a82f7983ea7beddd85c8a7b7c9c"], "path": "%TEMP%\\pppxeh.lu"}, {"hashes": ["7e73dc8d96bf9474a02508c89bbd303108b6aec394d92e8f82235e61427d82f8"], "path": "%TEMP%\\jngyo.p"}, {"hashes": ["a4f07bb94efd3faaec930bf73c2ece6e4a8512a14983445b22d396eccde4aa6e"], "path": "%TEMP%\\enjwfflcig.e"}, {"hashes": ["c38d8c9c6d6fc2de066cde9c26d59f2dd8576c97889129f711abd5b1d773832a"], "path": "%TEMP%\\nfyavszd.iqa"}, {"hashes": ["7f7a485b67fb5f5a583ad6af699bcda1732f6b4c3d0f4e7126c57e3312bb7616"], "path": "%TEMP%\\qvdzm.nsz"}, {"hashes": ["e94d2344c041ac575285613a13541dc1601bd3d79399edddace84964a733281f"], "path": "%TEMP%\\vvnxl.tgk"}, {"hashes": ["e94d2344c041ac575285613a13541dc1601bd3d79399edddace84964a733281f"], "path": "%APPDATA%\\User"}, {"hashes": ["e94d2344c041ac575285613a13541dc1601bd3d79399edddace84964a733281f"], "path": "%APPDATA%\\User\\svcholtt.exe"}, {"hashes": ["66b3c23a633df3972a047362c616bd7bd003940977a251b5af854ce36ccb0e19"], "path": "%TEMP%\\kauhhm.iqg"}, {"hashes": ["6cee2598da13d14ccc6f3e785de28a40dd45b0522c227f9a69998db3d28148e9"], "path": "%TEMP%\\sdmzuceo.b"}, {"hashes": ["1aa0868d7d776c38e89a484a5ecb317c85a7b82e53c468c21b0dcb35125fac09"], "path": "%TEMP%\\rsjbj.l"}, {"hashes": ["6354765d4962239b83d51578bc799b55ccc5554a8fab6ebe8a0a2b07afa23c3f"], "path": "%TEMP%\\xrykojnwc.ur"}, {"hashes": ["bb905066d588ca1cbd907b80ac93278e57e565136e76fea12ca14419f204f7a9"], "path": "%TEMP%\\yiisgk.qr"}, {"hashes": ["52fe675ddb9df4128e5ee394dd1c13fb77d2f583596b31373c938a49c0b52124"], "path": "%TEMP%\\gefasluxa.bz"}, {"hashes": ["a0d02c35c4900c56042c820357f9df11f6a34ed0e141c3517621c18892a60636"], "path": "%TEMP%\\Isdjek.dll"}, {"hashes": ["c17fdfde5ec4fb24c28ee4707b0445649384bb92de6814a66e330efad277f6b8"], "path": "%TEMP%\\yoydi.drq"}, {"hashes": ["a0d02c35c4900c56042c820357f9df11f6a34ed0e141c3517621c18892a60636"], "path": "%TEMP%\\oitxmarvb.a"}], "ip": [{"hashes": ["5b244022ae7d5b464176b46d5d4b242f5ccda7c404582f49e298588e158f0286", "6c66cb2982ab8d7ed7df748e1ff87daf8bf55f6ddf7126226ffcb920e49da719", "a4f07bb94efd3faaec930bf73c2ece6e4a8512a14983445b22d396eccde4aa6e", "a8af41cc614d3851860eed0ec845c0301b119d4dfc1587a239b4e3d66e74a8d1", "b9943d65b39622411a668ff43eb3ffea754c6d29c04b3489d6d09125ed095b7e", "c38d8c9c6d6fc2de066cde9c26d59f2dd8576c97889129f711abd5b1d773832a", "cffc78e64ca2533de6c216b9420fde1e51884ac2b82e340a400466ed96002017", "d11ef65cbac6ed9973b667181acd05c021f5f5af6a944ac9be1e8694905d87af", "e90efdf2736e36ab2a00add2e6663ee229222088b6109c0bae221ee2a56ff3bc"], "ip": "103[.]153[.]182[.]50"}, {"hashes": ["52fe675ddb9df4128e5ee394dd1c13fb77d2f583596b31373c938a49c0b52124", "6354765d4962239b83d51578bc799b55ccc5554a8fab6ebe8a0a2b07afa23c3f", "66b3c23a633df3972a047362c616bd7bd003940977a251b5af854ce36ccb0e19", "6cee2598da13d14ccc6f3e785de28a40dd45b0522c227f9a69998db3d28148e9"], "ip": "185[.]208[.]180[.]121"}, {"hashes": ["c55cdb071870b0b9e1f50dfb310e8f6b78afcf19bdfec3b5be913cf189538a44", "d370a634eff1bf62d4732521f199eae8280b8a82f7983ea7beddd85c8a7b7c9c"], "ip": "51[.]195[.]53[.]221"}, {"hashes": ["1aa0868d7d776c38e89a484a5ecb317c85a7b82e53c468c21b0dcb35125fac09", "7e73dc8d96bf9474a02508c89bbd303108b6aec394d92e8f82235e61427d82f8"], "ip": "45[.]128[.]207[.]237"}, {"hashes": ["bb905066d588ca1cbd907b80ac93278e57e565136e76fea12ca14419f204f7a9", "c17fdfde5ec4fb24c28ee4707b0445649384bb92de6814a66e330efad277f6b8"], "ip": "45[.]8[.]124[.]25"}, {"hashes": ["65eec9f4e3b8c629084b17ee78ad59082faa77bafaf7ca6280e9385c8f500779", "7f7a485b67fb5f5a583ad6af699bcda1732f6b4c3d0f4e7126c57e3312bb7616"], "ip": "91[.]107[.]126[.]138"}, {"hashes": ["c55cdb071870b0b9e1f50dfb310e8f6b78afcf19bdfec3b5be913cf189538a44"], "ip": "172[.]217[.]197[.]139"}, {"hashes": ["c55cdb071870b0b9e1f50dfb310e8f6b78afcf19bdfec3b5be913cf189538a44"], "ip": "209[.]85[.]201[.]94"}, {"hashes": ["c55cdb071870b0b9e1f50dfb310e8f6b78afcf19bdfec3b5be913cf189538a44"], "ip": "172[.]217[.]197[.]136"}, {"hashes": ["c55cdb071870b0b9e1f50dfb310e8f6b78afcf19bdfec3b5be913cf189538a44"], "ip": "172[.]217[.]164[.]238"}, {"hashes": ["1aa0868d7d776c38e89a484a5ecb317c85a7b82e53c468c21b0dcb35125fac09"], "ip": "45[.]128[.]204[.]36"}], "mutex": [{"hashes": ["1aa0868d7d776c38e89a484a5ecb317c85a7b82e53c468c21b0dcb35125fac09", "52fe675ddb9df4128e5ee394dd1c13fb77d2f583596b31373c938a49c0b52124", "5b244022ae7d5b464176b46d5d4b242f5ccda7c404582f49e298588e158f0286", "6354765d4962239b83d51578bc799b55ccc5554a8fab6ebe8a0a2b07afa23c3f", "65eec9f4e3b8c629084b17ee78ad59082faa77bafaf7ca6280e9385c8f500779", "66b3c23a633df3972a047362c616bd7bd003940977a251b5af854ce36ccb0e19", "6c66cb2982ab8d7ed7df748e1ff87daf8bf55f6ddf7126226ffcb920e49da719", "6cee2598da13d14ccc6f3e785de28a40dd45b0522c227f9a69998db3d28148e9", "7e73dc8d96bf9474a02508c89bbd303108b6aec394d92e8f82235e61427d82f8", "7f7a485b67fb5f5a583ad6af699bcda1732f6b4c3d0f4e7126c57e3312bb7616", "a4f07bb94efd3faaec930bf73c2ece6e4a8512a14983445b22d396eccde4aa6e", "a8af41cc614d3851860eed0ec845c0301b119d4dfc1587a239b4e3d66e74a8d1", "b9943d65b39622411a668ff43eb3ffea754c6d29c04b3489d6d09125ed095b7e", "bb905066d588ca1cbd907b80ac93278e57e565136e76fea12ca14419f204f7a9", "c17fdfde5ec4fb24c28ee4707b0445649384bb92de6814a66e330efad277f6b8", "c38d8c9c6d6fc2de066cde9c26d59f2dd8576c97889129f711abd5b1d773832a", "c55cdb071870b0b9e1f50dfb310e8f6b78afcf19bdfec3b5be913cf189538a44", "cffc78e64ca2533de6c216b9420fde1e51884ac2b82e340a400466ed96002017", "d11ef65cbac6ed9973b667181acd05c021f5f5af6a944ac9be1e8694905d87af", "d370a634eff1bf62d4732521f199eae8280b8a82f7983ea7beddd85c8a7b7c9c", "e90efdf2736e36ab2a00add2e6663ee229222088b6109c0bae221ee2a56ff3bc"], "name": "3749282D282E1E80C56CAE5A"}, {"hashes": ["1aa0868d7d776c38e89a484a5ecb317c85a7b82e53c468c21b0dcb35125fac09", "52fe675ddb9df4128e5ee394dd1c13fb77d2f583596b31373c938a49c0b52124", "5b244022ae7d5b464176b46d5d4b242f5ccda7c404582f49e298588e158f0286", "6354765d4962239b83d51578bc799b55ccc5554a8fab6ebe8a0a2b07afa23c3f", "65eec9f4e3b8c629084b17ee78ad59082faa77bafaf7ca6280e9385c8f500779", "66b3c23a633df3972a047362c616bd7bd003940977a251b5af854ce36ccb0e19", "6c66cb2982ab8d7ed7df748e1ff87daf8bf55f6ddf7126226ffcb920e49da719", "6cee2598da13d14ccc6f3e785de28a40dd45b0522c227f9a69998db3d28148e9", "7e73dc8d96bf9474a02508c89bbd303108b6aec394d92e8f82235e61427d82f8", "7f7a485b67fb5f5a583ad6af699bcda1732f6b4c3d0f4e7126c57e3312bb7616", "a4f07bb94efd3faaec930bf73c2ece6e4a8512a14983445b22d396eccde4aa6e", "a8af41cc614d3851860eed0ec845c0301b119d4dfc1587a239b4e3d66e74a8d1", "b9943d65b39622411a668ff43eb3ffea754c6d29c04b3489d6d09125ed095b7e", "bb905066d588ca1cbd907b80ac93278e57e565136e76fea12ca14419f204f7a9", "c17fdfde5ec4fb24c28ee4707b0445649384bb92de6814a66e330efad277f6b8", "c38d8c9c6d6fc2de066cde9c26d59f2dd8576c97889129f711abd5b1d773832a", "c55cdb071870b0b9e1f50dfb310e8f6b78afcf19bdfec3b5be913cf189538a44", "cffc78e64ca2533de6c216b9420fde1e51884ac2b82e340a400466ed96002017", "d11ef65cbac6ed9973b667181acd05c021f5f5af6a944ac9be1e8694905d87af", "d370a634eff1bf62d4732521f199eae8280b8a82f7983ea7beddd85c8a7b7c9c", "e90efdf2736e36ab2a00add2e6663ee229222088b6109c0bae221ee2a56ff3bc"], "name": "9DAA44F7C7955D46445DC99B"}, {"hashes": ["af1a1eff9838709bead50e1aaacd900dfb786244bf9011d63290188e9f08d16f"], "name": "Global\\a9266381-6c57-11eb-b5f8-00501e3ae7b6"}, {"hashes": ["e94d2344c041ac575285613a13541dc1601bd3d79399edddace84964a733281f"], "name": "Global\\a9ee1881-6c57-11eb-b5f8-00501e3ae7b6"}], "registry": [{"hashes": ["e94d2344c041ac575285613a13541dc1601bd3d79399edddace84964a733281f"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "Client.exe"}]}, "reports_count": 24}, "Win.Malware.TrickBot-9831264-1": {"bis": [{"bi": "memory-execute-readwrite", "hashes": ["9b7ca2a5d739eadeeb2290e26ca8a11dffc85331fa539d080777083af9123b45", "c874dd4a471fb101f8d019efbcf5b849d4575c36b479aea3d0ab54ad8ad6d164", "187fb2770b614909ce81559f70db3af470c551ce403778219a22c1d3083a4edc", "8e2afd9599508f6a4652826e6ff133d6a29d7d3bf6a05de3332826b7c80688de", "239789e83dc0a80e8bbd0665a30c2219cbe4cc3d2677bdc818177b260c7fe982", "e270893e964120a11f48c888cd127959d3e60961fc7c8d7e58e4a13d58aff8f4", "aa9daa79af830a093fa2b0e6ebdbfb67f4ea2f66e2adca60acc0beef3f1a895e", "ea8c36f9ce78e94cde716fd4eae708324cfa430fa93ae230292b2c68343d7fa4", "31d1fa0cb2a8af462c681c38d5fde174f69735009bede1f6e20e27f561b783d4", "7de1b9afef4135f13888a521142bb247284306184276326ef745a294ecb3cc31", "03a68c65701896f79a23b22d2844146f91a237ddd4e840a5e78494b238f2aff1", "28324d38845e953911330e985a51bda6431c40d63a7fc40a6d05a9f86b702ce8", "ea314769bdc1532c7994fe12fa3a3133ac6d5359cdf897cde30be58807bffe8b", "d69e6e3b30a7e193eafebdb19ae91643faab437855523d994b1d1684a4c0ac0e", "3008f83e52fc3d5c31a1e532346307201aec7157cea15f2204c0e1df76cc9241", "0470611bf3b9097357687159801e27e578583fe41934e5e40babbe4a94da3a64", "42beeaba786a96e2bb9e717ca9e3227f5ad150759a6e6f2922090249a38dc6dc", "2a806a8d3a9fc7f32033067e43506be9cc71fa6411affbc2dbd21a41a6bd3ba7"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055", "T1181"]}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["9b7ca2a5d739eadeeb2290e26ca8a11dffc85331fa539d080777083af9123b45", "c874dd4a471fb101f8d019efbcf5b849d4575c36b479aea3d0ab54ad8ad6d164", "187fb2770b614909ce81559f70db3af470c551ce403778219a22c1d3083a4edc", "8e2afd9599508f6a4652826e6ff133d6a29d7d3bf6a05de3332826b7c80688de", "239789e83dc0a80e8bbd0665a30c2219cbe4cc3d2677bdc818177b260c7fe982", "e270893e964120a11f48c888cd127959d3e60961fc7c8d7e58e4a13d58aff8f4", "aa9daa79af830a093fa2b0e6ebdbfb67f4ea2f66e2adca60acc0beef3f1a895e", "ea8c36f9ce78e94cde716fd4eae708324cfa430fa93ae230292b2c68343d7fa4", "31d1fa0cb2a8af462c681c38d5fde174f69735009bede1f6e20e27f561b783d4", "7de1b9afef4135f13888a521142bb247284306184276326ef745a294ecb3cc31", "03a68c65701896f79a23b22d2844146f91a237ddd4e840a5e78494b238f2aff1", "28324d38845e953911330e985a51bda6431c40d63a7fc40a6d05a9f86b702ce8", "ea314769bdc1532c7994fe12fa3a3133ac6d5359cdf897cde30be58807bffe8b", "d69e6e3b30a7e193eafebdb19ae91643faab437855523d994b1d1684a4c0ac0e", "3008f83e52fc3d5c31a1e532346307201aec7157cea15f2204c0e1df76cc9241", "0470611bf3b9097357687159801e27e578583fe41934e5e40babbe4a94da3a64", "42beeaba786a96e2bb9e717ca9e3227f5ad150759a6e6f2922090249a38dc6dc", "2a806a8d3a9fc7f32033067e43506be9cc71fa6411affbc2dbd21a41a6bd3ba7"], "mitre_attack_tags": []}, {"bi": "hook-installed", "hashes": ["9b7ca2a5d739eadeeb2290e26ca8a11dffc85331fa539d080777083af9123b45", "c874dd4a471fb101f8d019efbcf5b849d4575c36b479aea3d0ab54ad8ad6d164", "187fb2770b614909ce81559f70db3af470c551ce403778219a22c1d3083a4edc", "8e2afd9599508f6a4652826e6ff133d6a29d7d3bf6a05de3332826b7c80688de", "239789e83dc0a80e8bbd0665a30c2219cbe4cc3d2677bdc818177b260c7fe982", "e270893e964120a11f48c888cd127959d3e60961fc7c8d7e58e4a13d58aff8f4", "aa9daa79af830a093fa2b0e6ebdbfb67f4ea2f66e2adca60acc0beef3f1a895e", "ea8c36f9ce78e94cde716fd4eae708324cfa430fa93ae230292b2c68343d7fa4", "31d1fa0cb2a8af462c681c38d5fde174f69735009bede1f6e20e27f561b783d4", "7de1b9afef4135f13888a521142bb247284306184276326ef745a294ecb3cc31", "03a68c65701896f79a23b22d2844146f91a237ddd4e840a5e78494b238f2aff1", "28324d38845e953911330e985a51bda6431c40d63a7fc40a6d05a9f86b702ce8", "ea314769bdc1532c7994fe12fa3a3133ac6d5359cdf897cde30be58807bffe8b", "d69e6e3b30a7e193eafebdb19ae91643faab437855523d994b1d1684a4c0ac0e", "3008f83e52fc3d5c31a1e532346307201aec7157cea15f2204c0e1df76cc9241", "0470611bf3b9097357687159801e27e578583fe41934e5e40babbe4a94da3a64", "42beeaba786a96e2bb9e717ca9e3227f5ad150759a6e6f2922090249a38dc6dc", "2a806a8d3a9fc7f32033067e43506be9cc71fa6411affbc2dbd21a41a6bd3ba7"], "mitre_attack_tags": ["TA0009", "TA0006", "T1056"]}, {"bi": "pe-uses-armadillo", "hashes": ["9b7ca2a5d739eadeeb2290e26ca8a11dffc85331fa539d080777083af9123b45", "c874dd4a471fb101f8d019efbcf5b849d4575c36b479aea3d0ab54ad8ad6d164", "187fb2770b614909ce81559f70db3af470c551ce403778219a22c1d3083a4edc", "8e2afd9599508f6a4652826e6ff133d6a29d7d3bf6a05de3332826b7c80688de", "239789e83dc0a80e8bbd0665a30c2219cbe4cc3d2677bdc818177b260c7fe982", "e270893e964120a11f48c888cd127959d3e60961fc7c8d7e58e4a13d58aff8f4", "aa9daa79af830a093fa2b0e6ebdbfb67f4ea2f66e2adca60acc0beef3f1a895e", "ea8c36f9ce78e94cde716fd4eae708324cfa430fa93ae230292b2c68343d7fa4", "31d1fa0cb2a8af462c681c38d5fde174f69735009bede1f6e20e27f561b783d4", "7de1b9afef4135f13888a521142bb247284306184276326ef745a294ecb3cc31", "03a68c65701896f79a23b22d2844146f91a237ddd4e840a5e78494b238f2aff1", "28324d38845e953911330e985a51bda6431c40d63a7fc40a6d05a9f86b702ce8", "ea314769bdc1532c7994fe12fa3a3133ac6d5359cdf897cde30be58807bffe8b", "d69e6e3b30a7e193eafebdb19ae91643faab437855523d994b1d1684a4c0ac0e", "3008f83e52fc3d5c31a1e532346307201aec7157cea15f2204c0e1df76cc9241", "0470611bf3b9097357687159801e27e578583fe41934e5e40babbe4a94da3a64", "42beeaba786a96e2bb9e717ca9e3227f5ad150759a6e6f2922090249a38dc6dc", "2a806a8d3a9fc7f32033067e43506be9cc71fa6411affbc2dbd21a41a6bd3ba7"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "modified-file-in-user-dir", "hashes": ["c874dd4a471fb101f8d019efbcf5b849d4575c36b479aea3d0ab54ad8ad6d164", "187fb2770b614909ce81559f70db3af470c551ce403778219a22c1d3083a4edc", "8e2afd9599508f6a4652826e6ff133d6a29d7d3bf6a05de3332826b7c80688de", "239789e83dc0a80e8bbd0665a30c2219cbe4cc3d2677bdc818177b260c7fe982", "e270893e964120a11f48c888cd127959d3e60961fc7c8d7e58e4a13d58aff8f4", "aa9daa79af830a093fa2b0e6ebdbfb67f4ea2f66e2adca60acc0beef3f1a895e", "ea8c36f9ce78e94cde716fd4eae708324cfa430fa93ae230292b2c68343d7fa4", "31d1fa0cb2a8af462c681c38d5fde174f69735009bede1f6e20e27f561b783d4", "7de1b9afef4135f13888a521142bb247284306184276326ef745a294ecb3cc31", "03a68c65701896f79a23b22d2844146f91a237ddd4e840a5e78494b238f2aff1", "28324d38845e953911330e985a51bda6431c40d63a7fc40a6d05a9f86b702ce8", "ea314769bdc1532c7994fe12fa3a3133ac6d5359cdf897cde30be58807bffe8b", "d69e6e3b30a7e193eafebdb19ae91643faab437855523d994b1d1684a4c0ac0e", "3008f83e52fc3d5c31a1e532346307201aec7157cea15f2204c0e1df76cc9241", "0470611bf3b9097357687159801e27e578583fe41934e5e40babbe4a94da3a64", "42beeaba786a96e2bb9e717ca9e3227f5ad150759a6e6f2922090249a38dc6dc", "2a806a8d3a9fc7f32033067e43506be9cc71fa6411affbc2dbd21a41a6bd3ba7"], "mitre_attack_tags": []}, {"bi": "modified-executable", "hashes": ["c874dd4a471fb101f8d019efbcf5b849d4575c36b479aea3d0ab54ad8ad6d164", "187fb2770b614909ce81559f70db3af470c551ce403778219a22c1d3083a4edc", "8e2afd9599508f6a4652826e6ff133d6a29d7d3bf6a05de3332826b7c80688de", "239789e83dc0a80e8bbd0665a30c2219cbe4cc3d2677bdc818177b260c7fe982", "e270893e964120a11f48c888cd127959d3e60961fc7c8d7e58e4a13d58aff8f4", "aa9daa79af830a093fa2b0e6ebdbfb67f4ea2f66e2adca60acc0beef3f1a895e", "ea8c36f9ce78e94cde716fd4eae708324cfa430fa93ae230292b2c68343d7fa4", "31d1fa0cb2a8af462c681c38d5fde174f69735009bede1f6e20e27f561b783d4", "7de1b9afef4135f13888a521142bb247284306184276326ef745a294ecb3cc31", "03a68c65701896f79a23b22d2844146f91a237ddd4e840a5e78494b238f2aff1", "28324d38845e953911330e985a51bda6431c40d63a7fc40a6d05a9f86b702ce8", "d69e6e3b30a7e193eafebdb19ae91643faab437855523d994b1d1684a4c0ac0e"], "mitre_attack_tags": []}, {"bi": "created-executable-in-user-dir", "hashes": ["c874dd4a471fb101f8d019efbcf5b849d4575c36b479aea3d0ab54ad8ad6d164", "187fb2770b614909ce81559f70db3af470c551ce403778219a22c1d3083a4edc", "8e2afd9599508f6a4652826e6ff133d6a29d7d3bf6a05de3332826b7c80688de", "239789e83dc0a80e8bbd0665a30c2219cbe4cc3d2677bdc818177b260c7fe982", "e270893e964120a11f48c888cd127959d3e60961fc7c8d7e58e4a13d58aff8f4", "aa9daa79af830a093fa2b0e6ebdbfb67f4ea2f66e2adca60acc0beef3f1a895e", "ea8c36f9ce78e94cde716fd4eae708324cfa430fa93ae230292b2c68343d7fa4", "31d1fa0cb2a8af462c681c38d5fde174f69735009bede1f6e20e27f561b783d4", "7de1b9afef4135f13888a521142bb247284306184276326ef745a294ecb3cc31", "03a68c65701896f79a23b22d2844146f91a237ddd4e840a5e78494b238f2aff1", "28324d38845e953911330e985a51bda6431c40d63a7fc40a6d05a9f86b702ce8", "d69e6e3b30a7e193eafebdb19ae91643faab437855523d994b1d1684a4c0ac0e"], "mitre_attack_tags": []}, {"bi": "excessive-foreign-memory-modification", "hashes": ["c874dd4a471fb101f8d019efbcf5b849d4575c36b479aea3d0ab54ad8ad6d164", "187fb2770b614909ce81559f70db3af470c551ce403778219a22c1d3083a4edc", "8e2afd9599508f6a4652826e6ff133d6a29d7d3bf6a05de3332826b7c80688de", "239789e83dc0a80e8bbd0665a30c2219cbe4cc3d2677bdc818177b260c7fe982", "e270893e964120a11f48c888cd127959d3e60961fc7c8d7e58e4a13d58aff8f4", "ea8c36f9ce78e94cde716fd4eae708324cfa430fa93ae230292b2c68343d7fa4", "31d1fa0cb2a8af462c681c38d5fde174f69735009bede1f6e20e27f561b783d4", "7de1b9afef4135f13888a521142bb247284306184276326ef745a294ecb3cc31", "03a68c65701896f79a23b22d2844146f91a237ddd4e840a5e78494b238f2aff1", "28324d38845e953911330e985a51bda6431c40d63a7fc40a6d05a9f86b702ce8", "d69e6e3b30a7e193eafebdb19ae91643faab437855523d994b1d1684a4c0ac0e"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "sample-launched-copy-of-self", "hashes": ["c874dd4a471fb101f8d019efbcf5b849d4575c36b479aea3d0ab54ad8ad6d164", "187fb2770b614909ce81559f70db3af470c551ce403778219a22c1d3083a4edc", "8e2afd9599508f6a4652826e6ff133d6a29d7d3bf6a05de3332826b7c80688de", "239789e83dc0a80e8bbd0665a30c2219cbe4cc3d2677bdc818177b260c7fe982", "e270893e964120a11f48c888cd127959d3e60961fc7c8d7e58e4a13d58aff8f4", "ea8c36f9ce78e94cde716fd4eae708324cfa430fa93ae230292b2c68343d7fa4", "31d1fa0cb2a8af462c681c38d5fde174f69735009bede1f6e20e27f561b783d4", "7de1b9afef4135f13888a521142bb247284306184276326ef745a294ecb3cc31", "03a68c65701896f79a23b22d2844146f91a237ddd4e840a5e78494b238f2aff1", "28324d38845e953911330e985a51bda6431c40d63a7fc40a6d05a9f86b702ce8", "d69e6e3b30a7e193eafebdb19ae91643faab437855523d994b1d1684a4c0ac0e"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "process-svchost-suspicious-launch", "hashes": ["c874dd4a471fb101f8d019efbcf5b849d4575c36b479aea3d0ab54ad8ad6d164", "187fb2770b614909ce81559f70db3af470c551ce403778219a22c1d3083a4edc", "8e2afd9599508f6a4652826e6ff133d6a29d7d3bf6a05de3332826b7c80688de", "239789e83dc0a80e8bbd0665a30c2219cbe4cc3d2677bdc818177b260c7fe982", "e270893e964120a11f48c888cd127959d3e60961fc7c8d7e58e4a13d58aff8f4", "ea8c36f9ce78e94cde716fd4eae708324cfa430fa93ae230292b2c68343d7fa4", "31d1fa0cb2a8af462c681c38d5fde174f69735009bede1f6e20e27f561b783d4", "7de1b9afef4135f13888a521142bb247284306184276326ef745a294ecb3cc31", "03a68c65701896f79a23b22d2844146f91a237ddd4e840a5e78494b238f2aff1", "28324d38845e953911330e985a51bda6431c40d63a7fc40a6d05a9f86b702ce8", "d69e6e3b30a7e193eafebdb19ae91643faab437855523d994b1d1684a4c0ac0e"], "mitre_attack_tags": ["TA0005", "T1036"]}, {"bi": "artifact-windows-task", "hashes": ["c874dd4a471fb101f8d019efbcf5b849d4575c36b479aea3d0ab54ad8ad6d164", "187fb2770b614909ce81559f70db3af470c551ce403778219a22c1d3083a4edc", "8e2afd9599508f6a4652826e6ff133d6a29d7d3bf6a05de3332826b7c80688de", "239789e83dc0a80e8bbd0665a30c2219cbe4cc3d2677bdc818177b260c7fe982", "e270893e964120a11f48c888cd127959d3e60961fc7c8d7e58e4a13d58aff8f4", "ea8c36f9ce78e94cde716fd4eae708324cfa430fa93ae230292b2c68343d7fa4", "31d1fa0cb2a8af462c681c38d5fde174f69735009bede1f6e20e27f561b783d4", "7de1b9afef4135f13888a521142bb247284306184276326ef745a294ecb3cc31", "03a68c65701896f79a23b22d2844146f91a237ddd4e840a5e78494b238f2aff1", "28324d38845e953911330e985a51bda6431c40d63a7fc40a6d05a9f86b702ce8", "d69e6e3b30a7e193eafebdb19ae91643faab437855523d994b1d1684a4c0ac0e"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1053"]}, {"bi": "unsigned-roaming-execution", "hashes": ["c874dd4a471fb101f8d019efbcf5b849d4575c36b479aea3d0ab54ad8ad6d164", "187fb2770b614909ce81559f70db3af470c551ce403778219a22c1d3083a4edc", "8e2afd9599508f6a4652826e6ff133d6a29d7d3bf6a05de3332826b7c80688de", "239789e83dc0a80e8bbd0665a30c2219cbe4cc3d2677bdc818177b260c7fe982", "e270893e964120a11f48c888cd127959d3e60961fc7c8d7e58e4a13d58aff8f4", "ea8c36f9ce78e94cde716fd4eae708324cfa430fa93ae230292b2c68343d7fa4", "31d1fa0cb2a8af462c681c38d5fde174f69735009bede1f6e20e27f561b783d4", "7de1b9afef4135f13888a521142bb247284306184276326ef745a294ecb3cc31", "03a68c65701896f79a23b22d2844146f91a237ddd4e840a5e78494b238f2aff1", "28324d38845e953911330e985a51bda6431c40d63a7fc40a6d05a9f86b702ce8", "d69e6e3b30a7e193eafebdb19ae91643faab437855523d994b1d1684a4c0ac0e"], "mitre_attack_tags": ["TA0005"]}, {"bi": "file-ini-modified", "hashes": ["c874dd4a471fb101f8d019efbcf5b849d4575c36b479aea3d0ab54ad8ad6d164", "187fb2770b614909ce81559f70db3af470c551ce403778219a22c1d3083a4edc", "8e2afd9599508f6a4652826e6ff133d6a29d7d3bf6a05de3332826b7c80688de", "239789e83dc0a80e8bbd0665a30c2219cbe4cc3d2677bdc818177b260c7fe982", "e270893e964120a11f48c888cd127959d3e60961fc7c8d7e58e4a13d58aff8f4", "ea8c36f9ce78e94cde716fd4eae708324cfa430fa93ae230292b2c68343d7fa4", "31d1fa0cb2a8af462c681c38d5fde174f69735009bede1f6e20e27f561b783d4", "7de1b9afef4135f13888a521142bb247284306184276326ef745a294ecb3cc31", "03a68c65701896f79a23b22d2844146f91a237ddd4e840a5e78494b238f2aff1", "28324d38845e953911330e985a51bda6431c40d63a7fc40a6d05a9f86b702ce8", "d69e6e3b30a7e193eafebdb19ae91643faab437855523d994b1d1684a4c0ac0e"], "mitre_attack_tags": ["TA0003"]}, {"bi": "malware-trickbot-mutex", "hashes": ["c874dd4a471fb101f8d019efbcf5b849d4575c36b479aea3d0ab54ad8ad6d164", "187fb2770b614909ce81559f70db3af470c551ce403778219a22c1d3083a4edc", "8e2afd9599508f6a4652826e6ff133d6a29d7d3bf6a05de3332826b7c80688de", "239789e83dc0a80e8bbd0665a30c2219cbe4cc3d2677bdc818177b260c7fe982", "e270893e964120a11f48c888cd127959d3e60961fc7c8d7e58e4a13d58aff8f4", "ea8c36f9ce78e94cde716fd4eae708324cfa430fa93ae230292b2c68343d7fa4", "31d1fa0cb2a8af462c681c38d5fde174f69735009bede1f6e20e27f561b783d4", "7de1b9afef4135f13888a521142bb247284306184276326ef745a294ecb3cc31", "03a68c65701896f79a23b22d2844146f91a237ddd4e840a5e78494b238f2aff1", "28324d38845e953911330e985a51bda6431c40d63a7fc40a6d05a9f86b702ce8", "d69e6e3b30a7e193eafebdb19ae91643faab437855523d994b1d1684a4c0ac0e"], "mitre_attack_tags": []}, {"bi": "task-ran-using-system-account", "hashes": ["c874dd4a471fb101f8d019efbcf5b849d4575c36b479aea3d0ab54ad8ad6d164", "187fb2770b614909ce81559f70db3af470c551ce403778219a22c1d3083a4edc", "8e2afd9599508f6a4652826e6ff133d6a29d7d3bf6a05de3332826b7c80688de", "239789e83dc0a80e8bbd0665a30c2219cbe4cc3d2677bdc818177b260c7fe982", "e270893e964120a11f48c888cd127959d3e60961fc7c8d7e58e4a13d58aff8f4", "ea8c36f9ce78e94cde716fd4eae708324cfa430fa93ae230292b2c68343d7fa4", "31d1fa0cb2a8af462c681c38d5fde174f69735009bede1f6e20e27f561b783d4", "7de1b9afef4135f13888a521142bb247284306184276326ef745a294ecb3cc31", "03a68c65701896f79a23b22d2844146f91a237ddd4e840a5e78494b238f2aff1", "28324d38845e953911330e985a51bda6431c40d63a7fc40a6d05a9f86b702ce8", "d69e6e3b30a7e193eafebdb19ae91643faab437855523d994b1d1684a4c0ac0e"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1053"]}, {"bi": "malware-trojan-trickbot", "hashes": ["c874dd4a471fb101f8d019efbcf5b849d4575c36b479aea3d0ab54ad8ad6d164", "187fb2770b614909ce81559f70db3af470c551ce403778219a22c1d3083a4edc", "8e2afd9599508f6a4652826e6ff133d6a29d7d3bf6a05de3332826b7c80688de", "239789e83dc0a80e8bbd0665a30c2219cbe4cc3d2677bdc818177b260c7fe982", "e270893e964120a11f48c888cd127959d3e60961fc7c8d7e58e4a13d58aff8f4", "ea8c36f9ce78e94cde716fd4eae708324cfa430fa93ae230292b2c68343d7fa4", "31d1fa0cb2a8af462c681c38d5fde174f69735009bede1f6e20e27f561b783d4", "7de1b9afef4135f13888a521142bb247284306184276326ef745a294ecb3cc31", "03a68c65701896f79a23b22d2844146f91a237ddd4e840a5e78494b238f2aff1", "28324d38845e953911330e985a51bda6431c40d63a7fc40a6d05a9f86b702ce8", "d69e6e3b30a7e193eafebdb19ae91643faab437855523d994b1d1684a4c0ac0e"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "TA0009", "T1053", "T1005"]}, {"bi": "process-read-many-scheduled-tasks", "hashes": ["c874dd4a471fb101f8d019efbcf5b849d4575c36b479aea3d0ab54ad8ad6d164", "187fb2770b614909ce81559f70db3af470c551ce403778219a22c1d3083a4edc", "8e2afd9599508f6a4652826e6ff133d6a29d7d3bf6a05de3332826b7c80688de", "239789e83dc0a80e8bbd0665a30c2219cbe4cc3d2677bdc818177b260c7fe982", "e270893e964120a11f48c888cd127959d3e60961fc7c8d7e58e4a13d58aff8f4", "ea8c36f9ce78e94cde716fd4eae708324cfa430fa93ae230292b2c68343d7fa4", "31d1fa0cb2a8af462c681c38d5fde174f69735009bede1f6e20e27f561b783d4", "7de1b9afef4135f13888a521142bb247284306184276326ef745a294ecb3cc31", "03a68c65701896f79a23b22d2844146f91a237ddd4e840a5e78494b238f2aff1", "28324d38845e953911330e985a51bda6431c40d63a7fc40a6d05a9f86b702ce8", "d69e6e3b30a7e193eafebdb19ae91643faab437855523d994b1d1684a4c0ac0e"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1053"]}, {"bi": "process-hollowing-detected", "hashes": ["187fb2770b614909ce81559f70db3af470c551ce403778219a22c1d3083a4edc", "e270893e964120a11f48c888cd127959d3e60961fc7c8d7e58e4a13d58aff8f4", "ea8c36f9ce78e94cde716fd4eae708324cfa430fa93ae230292b2c68343d7fa4", "7de1b9afef4135f13888a521142bb247284306184276326ef745a294ecb3cc31", "03a68c65701896f79a23b22d2844146f91a237ddd4e840a5e78494b238f2aff1", "d69e6e3b30a7e193eafebdb19ae91643faab437855523d994b1d1684a4c0ac0e"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "windows-crash-tool-execution-detected", "hashes": ["ea314769bdc1532c7994fe12fa3a3133ac6d5359cdf897cde30be58807bffe8b", "3008f83e52fc3d5c31a1e532346307201aec7157cea15f2204c0e1df76cc9241", "0470611bf3b9097357687159801e27e578583fe41934e5e40babbe4a94da3a64", "42beeaba786a96e2bb9e717ca9e3227f5ad150759a6e6f2922090249a38dc6dc", "2a806a8d3a9fc7f32033067e43506be9cc71fa6411affbc2dbd21a41a6bd3ba7"], "mitre_attack_tags": []}, {"bi": "crash-dump-file-created", "hashes": ["ea314769bdc1532c7994fe12fa3a3133ac6d5359cdf897cde30be58807bffe8b", "3008f83e52fc3d5c31a1e532346307201aec7157cea15f2204c0e1df76cc9241", "0470611bf3b9097357687159801e27e578583fe41934e5e40babbe4a94da3a64", "42beeaba786a96e2bb9e717ca9e3227f5ad150759a6e6f2922090249a38dc6dc", "2a806a8d3a9fc7f32033067e43506be9cc71fa6411affbc2dbd21a41a6bd3ba7"], "mitre_attack_tags": []}, {"bi": "fault-report-file-created", "hashes": ["ea314769bdc1532c7994fe12fa3a3133ac6d5359cdf897cde30be58807bffe8b", "3008f83e52fc3d5c31a1e532346307201aec7157cea15f2204c0e1df76cc9241", "0470611bf3b9097357687159801e27e578583fe41934e5e40babbe4a94da3a64", "42beeaba786a96e2bb9e717ca9e3227f5ad150759a6e6f2922090249a38dc6dc", "2a806a8d3a9fc7f32033067e43506be9cc71fa6411affbc2dbd21a41a6bd3ba7"], "mitre_attack_tags": []}, {"bi": "network-communications-http-get", "hashes": ["9b7ca2a5d739eadeeb2290e26ca8a11dffc85331fa539d080777083af9123b45", "aa9daa79af830a093fa2b0e6ebdbfb67f4ea2f66e2adca60acc0beef3f1a895e"], "mitre_attack_tags": ["TA0011", "T1105"]}, {"bi": "network-only-safe-domains-contacted", "hashes": ["9b7ca2a5d739eadeeb2290e26ca8a11dffc85331fa539d080777083af9123b45", "aa9daa79af830a093fa2b0e6ebdbfb67f4ea2f66e2adca60acc0beef3f1a895e"], "mitre_attack_tags": []}, {"bi": "registry-modified-rootcerts", "hashes": ["9b7ca2a5d739eadeeb2290e26ca8a11dffc85331fa539d080777083af9123b45", "aa9daa79af830a093fa2b0e6ebdbfb67f4ea2f66e2adca60acc0beef3f1a895e"], "mitre_attack_tags": ["TA0005", "T1553"]}, {"bi": "network-http-blank-user-agent", "hashes": ["9b7ca2a5d739eadeeb2290e26ca8a11dffc85331fa539d080777083af9123b45", "aa9daa79af830a093fa2b0e6ebdbfb67f4ea2f66e2adca60acc0beef3f1a895e"], "mitre_attack_tags": ["TA0011", "T1071"]}, {"bi": "public-ip-address-identification-attempt", "hashes": ["9b7ca2a5d739eadeeb2290e26ca8a11dffc85331fa539d080777083af9123b45", "aa9daa79af830a093fa2b0e6ebdbfb67f4ea2f66e2adca60acc0beef3f1a895e"], "mitre_attack_tags": ["TA0007", "T1082", "T1016"]}, {"bi": "feed-public-ip-check-dns", "hashes": ["9b7ca2a5d739eadeeb2290e26ca8a11dffc85331fa539d080777083af9123b45", "aa9daa79af830a093fa2b0e6ebdbfb67f4ea2f66e2adca60acc0beef3f1a895e"], "mitre_attack_tags": []}, {"bi": "http-response-redirect", "hashes": ["9b7ca2a5d739eadeeb2290e26ca8a11dffc85331fa539d080777083af9123b45", "aa9daa79af830a093fa2b0e6ebdbfb67f4ea2f66e2adca60acc0beef3f1a895e"], "mitre_attack_tags": []}, {"bi": "network-opendns-malicious", "hashes": ["9b7ca2a5d739eadeeb2290e26ca8a11dffc85331fa539d080777083af9123b45"], "mitre_attack_tags": []}, {"bi": "pe-certificate", "hashes": ["9b7ca2a5d739eadeeb2290e26ca8a11dffc85331fa539d080777083af9123b45"], "mitre_attack_tags": []}, {"bi": "pe-certificate-invalid-signing-date", "hashes": ["9b7ca2a5d739eadeeb2290e26ca8a11dffc85331fa539d080777083af9123b45"], "mitre_attack_tags": []}, {"bi": "artifact-flagged-obfuscation", "hashes": ["aa9daa79af830a093fa2b0e6ebdbfb67f4ea2f66e2adca60acc0beef3f1a895e"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "nginx-webserver-detected", "hashes": ["aa9daa79af830a093fa2b0e6ebdbfb67f4ea2f66e2adca60acc0beef3f1a895e"], "mitre_attack_tags": []}, {"bi": "network-file-downloaded-to-disk", "hashes": ["aa9daa79af830a093fa2b0e6ebdbfb67f4ea2f66e2adca60acc0beef3f1a895e"], "mitre_attack_tags": []}, {"bi": "html-small-file-redirect", "hashes": ["aa9daa79af830a093fa2b0e6ebdbfb67f4ea2f66e2adca60acc0beef3f1a895e"], "mitre_attack_tags": []}, {"bi": "pe-encrypted-section", "hashes": ["7de1b9afef4135f13888a521142bb247284306184276326ef745a294ecb3cc31"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-invalid-checksum", "hashes": ["42beeaba786a96e2bb9e717ca9e3227f5ad150759a6e6f2922090249a38dc6dc"], "mitre_attack_tags": []}], "category": "Malware", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": false, "Threat Grid": true, "Umbrella": true, "WSA": true}, "description": "Trickbot is a banking trojan targeting sensitive information for certain financial institutions. This malware is frequently distributed through malicious spam campaigns. Many of these campaigns rely on downloaders for distribution, such as VB scripts.", "hashes": ["03a68c65701896f79a23b22d2844146f91a237ddd4e840a5e78494b238f2aff1", "0470611bf3b9097357687159801e27e578583fe41934e5e40babbe4a94da3a64", "187fb2770b614909ce81559f70db3af470c551ce403778219a22c1d3083a4edc", "239789e83dc0a80e8bbd0665a30c2219cbe4cc3d2677bdc818177b260c7fe982", "28324d38845e953911330e985a51bda6431c40d63a7fc40a6d05a9f86b702ce8", "2a806a8d3a9fc7f32033067e43506be9cc71fa6411affbc2dbd21a41a6bd3ba7", "3008f83e52fc3d5c31a1e532346307201aec7157cea15f2204c0e1df76cc9241", "31d1fa0cb2a8af462c681c38d5fde174f69735009bede1f6e20e27f561b783d4", "42beeaba786a96e2bb9e717ca9e3227f5ad150759a6e6f2922090249a38dc6dc", "7de1b9afef4135f13888a521142bb247284306184276326ef745a294ecb3cc31", "8e2afd9599508f6a4652826e6ff133d6a29d7d3bf6a05de3332826b7c80688de", "9b7ca2a5d739eadeeb2290e26ca8a11dffc85331fa539d080777083af9123b45", "aa9daa79af830a093fa2b0e6ebdbfb67f4ea2f66e2adca60acc0beef3f1a895e", "c874dd4a471fb101f8d019efbcf5b849d4575c36b479aea3d0ab54ad8ad6d164", "d69e6e3b30a7e193eafebdb19ae91643faab437855523d994b1d1684a4c0ac0e", "e270893e964120a11f48c888cd127959d3e60961fc7c8d7e58e4a13d58aff8f4", "ea314769bdc1532c7994fe12fa3a3133ac6d5359cdf897cde30be58807bffe8b", "ea8c36f9ce78e94cde716fd4eae708324cfa430fa93ae230292b2c68343d7fa4"], "iocs": {"domain": [{"hashes": ["9b7ca2a5d739eadeeb2290e26ca8a11dffc85331fa539d080777083af9123b45", "aa9daa79af830a093fa2b0e6ebdbfb67f4ea2f66e2adca60acc0beef3f1a895e"], "host": "myexternalip[.]com"}, {"hashes": ["9b7ca2a5d739eadeeb2290e26ca8a11dffc85331fa539d080777083af9123b45"], "host": "eastconsults[.]com"}, {"hashes": ["aa9daa79af830a093fa2b0e6ebdbfb67f4ea2f66e2adca60acc0beef3f1a895e"], "host": "oscqa[.]com"}, {"hashes": ["9b7ca2a5d739eadeeb2290e26ca8a11dffc85331fa539d080777083af9123b45"], "host": "www[.]eastconsults[.]com"}], "file": [{"hashes": ["03a68c65701896f79a23b22d2844146f91a237ddd4e840a5e78494b238f2aff1", "187fb2770b614909ce81559f70db3af470c551ce403778219a22c1d3083a4edc", "239789e83dc0a80e8bbd0665a30c2219cbe4cc3d2677bdc818177b260c7fe982", "28324d38845e953911330e985a51bda6431c40d63a7fc40a6d05a9f86b702ce8", "31d1fa0cb2a8af462c681c38d5fde174f69735009bede1f6e20e27f561b783d4", "7de1b9afef4135f13888a521142bb247284306184276326ef745a294ecb3cc31", "8e2afd9599508f6a4652826e6ff133d6a29d7d3bf6a05de3332826b7c80688de", "c874dd4a471fb101f8d019efbcf5b849d4575c36b479aea3d0ab54ad8ad6d164", "d69e6e3b30a7e193eafebdb19ae91643faab437855523d994b1d1684a4c0ac0e", "e270893e964120a11f48c888cd127959d3e60961fc7c8d7e58e4a13d58aff8f4", "ea8c36f9ce78e94cde716fd4eae708324cfa430fa93ae230292b2c68343d7fa4"], "path": "%APPDATA%\\windirect"}, {"hashes": ["03a68c65701896f79a23b22d2844146f91a237ddd4e840a5e78494b238f2aff1", "187fb2770b614909ce81559f70db3af470c551ce403778219a22c1d3083a4edc", "239789e83dc0a80e8bbd0665a30c2219cbe4cc3d2677bdc818177b260c7fe982", "28324d38845e953911330e985a51bda6431c40d63a7fc40a6d05a9f86b702ce8", "31d1fa0cb2a8af462c681c38d5fde174f69735009bede1f6e20e27f561b783d4", "7de1b9afef4135f13888a521142bb247284306184276326ef745a294ecb3cc31", "8e2afd9599508f6a4652826e6ff133d6a29d7d3bf6a05de3332826b7c80688de", "c874dd4a471fb101f8d019efbcf5b849d4575c36b479aea3d0ab54ad8ad6d164", "d69e6e3b30a7e193eafebdb19ae91643faab437855523d994b1d1684a4c0ac0e", "e270893e964120a11f48c888cd127959d3e60961fc7c8d7e58e4a13d58aff8f4", "ea8c36f9ce78e94cde716fd4eae708324cfa430fa93ae230292b2c68343d7fa4"], "path": "%APPDATA%\\windirect\\settings.ini"}, {"hashes": ["03a68c65701896f79a23b22d2844146f91a237ddd4e840a5e78494b238f2aff1", "187fb2770b614909ce81559f70db3af470c551ce403778219a22c1d3083a4edc", "239789e83dc0a80e8bbd0665a30c2219cbe4cc3d2677bdc818177b260c7fe982", "28324d38845e953911330e985a51bda6431c40d63a7fc40a6d05a9f86b702ce8", "31d1fa0cb2a8af462c681c38d5fde174f69735009bede1f6e20e27f561b783d4", "7de1b9afef4135f13888a521142bb247284306184276326ef745a294ecb3cc31", "8e2afd9599508f6a4652826e6ff133d6a29d7d3bf6a05de3332826b7c80688de", "c874dd4a471fb101f8d019efbcf5b849d4575c36b479aea3d0ab54ad8ad6d164", "d69e6e3b30a7e193eafebdb19ae91643faab437855523d994b1d1684a4c0ac0e", "e270893e964120a11f48c888cd127959d3e60961fc7c8d7e58e4a13d58aff8f4", "ea8c36f9ce78e94cde716fd4eae708324cfa430fa93ae230292b2c68343d7fa4"], "path": "%APPDATA%\\windirect\\data"}, {"hashes": ["03a68c65701896f79a23b22d2844146f91a237ddd4e840a5e78494b238f2aff1", "187fb2770b614909ce81559f70db3af470c551ce403778219a22c1d3083a4edc", "239789e83dc0a80e8bbd0665a30c2219cbe4cc3d2677bdc818177b260c7fe982", "28324d38845e953911330e985a51bda6431c40d63a7fc40a6d05a9f86b702ce8", "31d1fa0cb2a8af462c681c38d5fde174f69735009bede1f6e20e27f561b783d4", "7de1b9afef4135f13888a521142bb247284306184276326ef745a294ecb3cc31", "8e2afd9599508f6a4652826e6ff133d6a29d7d3bf6a05de3332826b7c80688de", "c874dd4a471fb101f8d019efbcf5b849d4575c36b479aea3d0ab54ad8ad6d164", "d69e6e3b30a7e193eafebdb19ae91643faab437855523d994b1d1684a4c0ac0e", "e270893e964120a11f48c888cd127959d3e60961fc7c8d7e58e4a13d58aff8f4", "ea8c36f9ce78e94cde716fd4eae708324cfa430fa93ae230292b2c68343d7fa4"], "path": "%System32%\\Tasks\\Windows Direct core tools"}, {"hashes": ["03a68c65701896f79a23b22d2844146f91a237ddd4e840a5e78494b238f2aff1", "239789e83dc0a80e8bbd0665a30c2219cbe4cc3d2677bdc818177b260c7fe982", "28324d38845e953911330e985a51bda6431c40d63a7fc40a6d05a9f86b702ce8", "31d1fa0cb2a8af462c681c38d5fde174f69735009bede1f6e20e27f561b783d4", "7de1b9afef4135f13888a521142bb247284306184276326ef745a294ecb3cc31", "c874dd4a471fb101f8d019efbcf5b849d4575c36b479aea3d0ab54ad8ad6d164"], "path": "%ProgramData%\\                         .exe"}, {"hashes": ["03a68c65701896f79a23b22d2844146f91a237ddd4e840a5e78494b238f2aff1", "239789e83dc0a80e8bbd0665a30c2219cbe4cc3d2677bdc818177b260c7fe982", "28324d38845e953911330e985a51bda6431c40d63a7fc40a6d05a9f86b702ce8", "31d1fa0cb2a8af462c681c38d5fde174f69735009bede1f6e20e27f561b783d4", "7de1b9afef4135f13888a521142bb247284306184276326ef745a294ecb3cc31", "c874dd4a471fb101f8d019efbcf5b849d4575c36b479aea3d0ab54ad8ad6d164"], "path": "%APPDATA%\\windirect\\                         .exe"}, {"hashes": ["187fb2770b614909ce81559f70db3af470c551ce403778219a22c1d3083a4edc", "8e2afd9599508f6a4652826e6ff133d6a29d7d3bf6a05de3332826b7c80688de", "d69e6e3b30a7e193eafebdb19ae91643faab437855523d994b1d1684a4c0ac0e", "e270893e964120a11f48c888cd127959d3e60961fc7c8d7e58e4a13d58aff8f4", "ea8c36f9ce78e94cde716fd4eae708324cfa430fa93ae230292b2c68343d7fa4"], "path": "%TEMP%\\<random, matching '[a-f0-9]{3,5}'>_appcompat.txt"}, {"hashes": ["187fb2770b614909ce81559f70db3af470c551ce403778219a22c1d3083a4edc", "8e2afd9599508f6a4652826e6ff133d6a29d7d3bf6a05de3332826b7c80688de", "d69e6e3b30a7e193eafebdb19ae91643faab437855523d994b1d1684a4c0ac0e", "e270893e964120a11f48c888cd127959d3e60961fc7c8d7e58e4a13d58aff8f4", "ea8c36f9ce78e94cde716fd4eae708324cfa430fa93ae230292b2c68343d7fa4"], "path": "%TEMP%\\<random, matching '[A-F0-9]{4,5}'>.dmp"}, {"hashes": ["9b7ca2a5d739eadeeb2290e26ca8a11dffc85331fa539d080777083af9123b45"], "path": "%TEMP%\\ AU9D9.exe"}, {"hashes": ["aa9daa79af830a093fa2b0e6ebdbfb67f4ea2f66e2adca60acc0beef3f1a895e"], "path": "%TEMP%\\b5PA44B.exe"}, {"hashes": ["aa9daa79af830a093fa2b0e6ebdbfb67f4ea2f66e2adca60acc0beef3f1a895e"], "path": "%TEMP%\\b5PA44B.tmp"}, {"hashes": ["aa9daa79af830a093fa2b0e6ebdbfb67f4ea2f66e2adca60acc0beef3f1a895e"], "path": "%TEMP%\\b5PF8C2.exe"}], "ip": [{"hashes": ["03a68c65701896f79a23b22d2844146f91a237ddd4e840a5e78494b238f2aff1", "187fb2770b614909ce81559f70db3af470c551ce403778219a22c1d3083a4edc", "239789e83dc0a80e8bbd0665a30c2219cbe4cc3d2677bdc818177b260c7fe982", "28324d38845e953911330e985a51bda6431c40d63a7fc40a6d05a9f86b702ce8", "7de1b9afef4135f13888a521142bb247284306184276326ef745a294ecb3cc31", "8e2afd9599508f6a4652826e6ff133d6a29d7d3bf6a05de3332826b7c80688de", "ea8c36f9ce78e94cde716fd4eae708324cfa430fa93ae230292b2c68343d7fa4"], "ip": "181[.]140[.]173[.]186"}, {"hashes": ["03a68c65701896f79a23b22d2844146f91a237ddd4e840a5e78494b238f2aff1", "187fb2770b614909ce81559f70db3af470c551ce403778219a22c1d3083a4edc", "239789e83dc0a80e8bbd0665a30c2219cbe4cc3d2677bdc818177b260c7fe982", "7de1b9afef4135f13888a521142bb247284306184276326ef745a294ecb3cc31", "c874dd4a471fb101f8d019efbcf5b849d4575c36b479aea3d0ab54ad8ad6d164", "e270893e964120a11f48c888cd127959d3e60961fc7c8d7e58e4a13d58aff8f4"], "ip": "51[.]89[.]115[.]116"}, {"hashes": ["187fb2770b614909ce81559f70db3af470c551ce403778219a22c1d3083a4edc", "31d1fa0cb2a8af462c681c38d5fde174f69735009bede1f6e20e27f561b783d4", "7de1b9afef4135f13888a521142bb247284306184276326ef745a294ecb3cc31", "d69e6e3b30a7e193eafebdb19ae91643faab437855523d994b1d1684a4c0ac0e", "ea8c36f9ce78e94cde716fd4eae708324cfa430fa93ae230292b2c68343d7fa4"], "ip": "85[.]204[.]116[.]237"}, {"hashes": ["31d1fa0cb2a8af462c681c38d5fde174f69735009bede1f6e20e27f561b783d4", "c874dd4a471fb101f8d019efbcf5b849d4575c36b479aea3d0ab54ad8ad6d164", "d69e6e3b30a7e193eafebdb19ae91643faab437855523d994b1d1684a4c0ac0e", "e270893e964120a11f48c888cd127959d3e60961fc7c8d7e58e4a13d58aff8f4"], "ip": "190[.]214[.]13[.]2"}, {"hashes": ["187fb2770b614909ce81559f70db3af470c551ce403778219a22c1d3083a4edc", "28324d38845e953911330e985a51bda6431c40d63a7fc40a6d05a9f86b702ce8", "8e2afd9599508f6a4652826e6ff133d6a29d7d3bf6a05de3332826b7c80688de", "ea8c36f9ce78e94cde716fd4eae708324cfa430fa93ae230292b2c68343d7fa4"], "ip": "164[.]68[.]120[.]56"}, {"hashes": ["28324d38845e953911330e985a51bda6431c40d63a7fc40a6d05a9f86b702ce8", "c874dd4a471fb101f8d019efbcf5b849d4575c36b479aea3d0ab54ad8ad6d164", "d69e6e3b30a7e193eafebdb19ae91643faab437855523d994b1d1684a4c0ac0e", "ea8c36f9ce78e94cde716fd4eae708324cfa430fa93ae230292b2c68343d7fa4"], "ip": "146[.]185[.]219[.]165"}, {"hashes": ["239789e83dc0a80e8bbd0665a30c2219cbe4cc3d2677bdc818177b260c7fe982", "c874dd4a471fb101f8d019efbcf5b849d4575c36b479aea3d0ab54ad8ad6d164", "d69e6e3b30a7e193eafebdb19ae91643faab437855523d994b1d1684a4c0ac0e"], "ip": "93[.]189[.]42[.]146"}, {"hashes": ["9b7ca2a5d739eadeeb2290e26ca8a11dffc85331fa539d080777083af9123b45", "aa9daa79af830a093fa2b0e6ebdbfb67f4ea2f66e2adca60acc0beef3f1a895e"], "ip": "216[.]239[.]38[.]21"}, {"hashes": ["03a68c65701896f79a23b22d2844146f91a237ddd4e840a5e78494b238f2aff1", "7de1b9afef4135f13888a521142bb247284306184276326ef745a294ecb3cc31"], "ip": "82[.]146[.]62[.]52"}, {"hashes": ["187fb2770b614909ce81559f70db3af470c551ce403778219a22c1d3083a4edc", "8e2afd9599508f6a4652826e6ff133d6a29d7d3bf6a05de3332826b7c80688de"], "ip": "5[.]2[.]75[.]167"}, {"hashes": ["7de1b9afef4135f13888a521142bb247284306184276326ef745a294ecb3cc31", "8e2afd9599508f6a4652826e6ff133d6a29d7d3bf6a05de3332826b7c80688de"], "ip": "185[.]252[.]144[.]174"}, {"hashes": ["03a68c65701896f79a23b22d2844146f91a237ddd4e840a5e78494b238f2aff1", "239789e83dc0a80e8bbd0665a30c2219cbe4cc3d2677bdc818177b260c7fe982"], "ip": "194[.]5[.]250[.]155"}, {"hashes": ["187fb2770b614909ce81559f70db3af470c551ce403778219a22c1d3083a4edc", "ea8c36f9ce78e94cde716fd4eae708324cfa430fa93ae230292b2c68343d7fa4"], "ip": "185[.]99[.]2[.]160"}, {"hashes": ["aa9daa79af830a093fa2b0e6ebdbfb67f4ea2f66e2adca60acc0beef3f1a895e"], "ip": "216[.]239[.]32[.]21"}, {"hashes": ["9b7ca2a5d739eadeeb2290e26ca8a11dffc85331fa539d080777083af9123b45"], "ip": "66[.]70[.]178[.]185"}, {"hashes": ["28324d38845e953911330e985a51bda6431c40d63a7fc40a6d05a9f86b702ce8"], "ip": "198[.]8[.]91[.]10"}, {"hashes": ["e270893e964120a11f48c888cd127959d3e60961fc7c8d7e58e4a13d58aff8f4"], "ip": "5[.]182[.]210[.]246"}, {"hashes": ["aa9daa79af830a093fa2b0e6ebdbfb67f4ea2f66e2adca60acc0beef3f1a895e"], "ip": "143[.]95[.]80[.]233"}, {"hashes": ["ea8c36f9ce78e94cde716fd4eae708324cfa430fa93ae230292b2c68343d7fa4"], "ip": "217[.]107[.]34[.]151"}, {"hashes": ["03a68c65701896f79a23b22d2844146f91a237ddd4e840a5e78494b238f2aff1"], "ip": "5[.]2[.]75[.]93"}, {"hashes": ["31d1fa0cb2a8af462c681c38d5fde174f69735009bede1f6e20e27f561b783d4"], "ip": "81[.]177[.]165[.]145"}, {"hashes": ["c874dd4a471fb101f8d019efbcf5b849d4575c36b479aea3d0ab54ad8ad6d164"], "ip": "195[.]123[.]216[.]223"}, {"hashes": ["239789e83dc0a80e8bbd0665a30c2219cbe4cc3d2677bdc818177b260c7fe982"], "ip": "181[.]113[.]28[.]146"}, {"hashes": ["c874dd4a471fb101f8d019efbcf5b849d4575c36b479aea3d0ab54ad8ad6d164"], "ip": "5[.]182[.]210[.]226"}, {"hashes": ["7de1b9afef4135f13888a521142bb247284306184276326ef745a294ecb3cc31"], "ip": "5[.]182[.]210[.]230"}, {"hashes": ["7de1b9afef4135f13888a521142bb247284306184276326ef745a294ecb3cc31"], "ip": "146[.]185[.]253[.]18"}, {"hashes": ["c874dd4a471fb101f8d019efbcf5b849d4575c36b479aea3d0ab54ad8ad6d164"], "ip": "195[.]123[.]221[.]53"}], "mutex": [{"hashes": ["03a68c65701896f79a23b22d2844146f91a237ddd4e840a5e78494b238f2aff1", "187fb2770b614909ce81559f70db3af470c551ce403778219a22c1d3083a4edc", "239789e83dc0a80e8bbd0665a30c2219cbe4cc3d2677bdc818177b260c7fe982", "28324d38845e953911330e985a51bda6431c40d63a7fc40a6d05a9f86b702ce8", "31d1fa0cb2a8af462c681c38d5fde174f69735009bede1f6e20e27f561b783d4", "7de1b9afef4135f13888a521142bb247284306184276326ef745a294ecb3cc31", "8e2afd9599508f6a4652826e6ff133d6a29d7d3bf6a05de3332826b7c80688de", "c874dd4a471fb101f8d019efbcf5b849d4575c36b479aea3d0ab54ad8ad6d164", "d69e6e3b30a7e193eafebdb19ae91643faab437855523d994b1d1684a4c0ac0e", "e270893e964120a11f48c888cd127959d3e60961fc7c8d7e58e4a13d58aff8f4", "ea8c36f9ce78e94cde716fd4eae708324cfa430fa93ae230292b2c68343d7fa4"], "name": "Global\\316D1C7871E10"}, {"hashes": ["0470611bf3b9097357687159801e27e578583fe41934e5e40babbe4a94da3a64", "3008f83e52fc3d5c31a1e532346307201aec7157cea15f2204c0e1df76cc9241"], "name": "Global\\d88aa701-6c46-11eb-b5f8-00501e3ae7b6"}, {"hashes": ["42beeaba786a96e2bb9e717ca9e3227f5ad150759a6e6f2922090249a38dc6dc"], "name": "Global\\d885e441-6c46-11eb-b5f8-00501e3ae7b6"}, {"hashes": ["2a806a8d3a9fc7f32033067e43506be9cc71fa6411affbc2dbd21a41a6bd3ba7"], "name": "Global\\d86e1681-6c46-11eb-b5f8-00501e3ae7b6"}, {"hashes": ["ea314769bdc1532c7994fe12fa3a3133ac6d5359cdf897cde30be58807bffe8b"], "name": "Global\\d7c99921-6c46-11eb-b5f8-00501e3ae7b6"}, {"hashes": ["239789e83dc0a80e8bbd0665a30c2219cbe4cc3d2677bdc818177b260c7fe982"], "name": "Global\\2CD43D88F6210"}, {"hashes": ["7de1b9afef4135f13888a521142bb247284306184276326ef745a294ecb3cc31"], "name": "Global\\078E20DA836932832"}, {"hashes": ["03a68c65701896f79a23b22d2844146f91a237ddd4e840a5e78494b238f2aff1"], "name": "Global\\FFC9BDAEF6B932960"}, {"hashes": ["28324d38845e953911330e985a51bda6431c40d63a7fc40a6d05a9f86b702ce8"], "name": "Global\\3059262098810"}, {"hashes": ["31d1fa0cb2a8af462c681c38d5fde174f69735009bede1f6e20e27f561b783d4"], "name": "Global\\02B9498C2631128"}, {"hashes": ["c874dd4a471fb101f8d019efbcf5b849d4575c36b479aea3d0ab54ad8ad6d164"], "name": "Global\\443511D847610"}], "registry": []}, "reports_count": 18}, "Win.Malware.Zusy-9831590-0": {"bis": [{"bi": "antivirus-service-flagged-artifact", "hashes": ["db9705934e371598a759283c5b942d39a43bc67a43d80792134f36e1429feed0", "075f64fbeb94bb40a6f267b9cb7d26980407434bd43bcdd0c5cbe8a6bf078fb4", "41069d11a87a85790e8ccff930aa3ae9d7ced29b99825ba8d7e2726f66cfe2cb", "df84a3d471d0e3a6aad534921206f34ad02a220d7cdc6b7b7f17bb04d1582856", "a4a218954f8478525b7de65b92805bf29bc7dc33d2e24a246d4509d4df6ecaa6", "f6e73830aa6bd7632e0f3fb6fb3ea93ce01b122267db87f65354b41b9994fe1a", "8ef8bbf64fa96281aa6af918baa4758338d4433f17a547397426832482c665c6", "714f895093dbd0b5fc6eef1fbf805f6adab82e5a26abbb42fc6a2797fa138047", "bffc6a91428c4d3ee1d3a31dc6d39dfc4dc95845bf91479d3c35f3c0be31b717", "58c90a06149b972f026f5269159383975f20c626f0b2d1c2f1fb48ef16d91815", "6a6d7e403ea2ca9a5d2b15970a45e5201271f820fe44bfc08564282b93c4c1d6", "4934c7a5441db3be71be860faf08553372d3d340a19111ea8de08e4e44be1d66", "a4490742ab32325194fe021d29df0477bdff1c9ec81255f4af3f0a4c0e222733", "3537d8853971b0640dbaef00c1a4e25be3e17030645a13616b18640c26b59b3d", "27bf983b02321159e81858177d46db4a117a6a84d492cd217f6f342eb3216d1c", "878aeadd2c05b02eb2237d6e71566e07531dbf8acc03bc44a5b64ad32680c586", "574193861b68e3013a4a39aae418d3a3fb7602457f30e5b4a92ca2290d61f58e", "539e31628e45974b0465196f469d6326102e1a7046729ca685ca91ca481aefd9", "f468e7af983336aa89f747ab90d04a2169439e76b8bd82903013953d14f1e2e3", "347038c94600cb1ac371faa50d90d6f650a80d7626318c9458ca395395a5a37e", "4d56359077591a57e8fe7e0e1ac0b8468c251bc23953e5ed4bc261184bc149ed", "fbdd66bf4b4f90908f164798aa0196b2ce2c06b6864ea516da975d841fc007b3", "27de97a0d4ad7a5adae5e5b1983079f301bb0bec76f4ed7c8092df0e56cceadb"], "mitre_attack_tags": []}, {"bi": "cta-static-analyzer-malicious", "hashes": ["db9705934e371598a759283c5b942d39a43bc67a43d80792134f36e1429feed0", "075f64fbeb94bb40a6f267b9cb7d26980407434bd43bcdd0c5cbe8a6bf078fb4", "41069d11a87a85790e8ccff930aa3ae9d7ced29b99825ba8d7e2726f66cfe2cb", "df84a3d471d0e3a6aad534921206f34ad02a220d7cdc6b7b7f17bb04d1582856", "a4a218954f8478525b7de65b92805bf29bc7dc33d2e24a246d4509d4df6ecaa6", "f6e73830aa6bd7632e0f3fb6fb3ea93ce01b122267db87f65354b41b9994fe1a", "8ef8bbf64fa96281aa6af918baa4758338d4433f17a547397426832482c665c6", "714f895093dbd0b5fc6eef1fbf805f6adab82e5a26abbb42fc6a2797fa138047", "bffc6a91428c4d3ee1d3a31dc6d39dfc4dc95845bf91479d3c35f3c0be31b717", "58c90a06149b972f026f5269159383975f20c626f0b2d1c2f1fb48ef16d91815", "6a6d7e403ea2ca9a5d2b15970a45e5201271f820fe44bfc08564282b93c4c1d6", "4934c7a5441db3be71be860faf08553372d3d340a19111ea8de08e4e44be1d66", "a4490742ab32325194fe021d29df0477bdff1c9ec81255f4af3f0a4c0e222733", "3537d8853971b0640dbaef00c1a4e25be3e17030645a13616b18640c26b59b3d", "27bf983b02321159e81858177d46db4a117a6a84d492cd217f6f342eb3216d1c", "878aeadd2c05b02eb2237d6e71566e07531dbf8acc03bc44a5b64ad32680c586", "574193861b68e3013a4a39aae418d3a3fb7602457f30e5b4a92ca2290d61f58e", "539e31628e45974b0465196f469d6326102e1a7046729ca685ca91ca481aefd9", "f468e7af983336aa89f747ab90d04a2169439e76b8bd82903013953d14f1e2e3", "347038c94600cb1ac371faa50d90d6f650a80d7626318c9458ca395395a5a37e", "4d56359077591a57e8fe7e0e1ac0b8468c251bc23953e5ed4bc261184bc149ed", "fbdd66bf4b4f90908f164798aa0196b2ce2c06b6864ea516da975d841fc007b3", "27de97a0d4ad7a5adae5e5b1983079f301bb0bec76f4ed7c8092df0e56cceadb"], "mitre_attack_tags": []}, {"bi": "artifact-flagged-anomaly", "hashes": ["db9705934e371598a759283c5b942d39a43bc67a43d80792134f36e1429feed0", "075f64fbeb94bb40a6f267b9cb7d26980407434bd43bcdd0c5cbe8a6bf078fb4", "41069d11a87a85790e8ccff930aa3ae9d7ced29b99825ba8d7e2726f66cfe2cb", "df84a3d471d0e3a6aad534921206f34ad02a220d7cdc6b7b7f17bb04d1582856", "a4a218954f8478525b7de65b92805bf29bc7dc33d2e24a246d4509d4df6ecaa6", "f6e73830aa6bd7632e0f3fb6fb3ea93ce01b122267db87f65354b41b9994fe1a", "8ef8bbf64fa96281aa6af918baa4758338d4433f17a547397426832482c665c6", "714f895093dbd0b5fc6eef1fbf805f6adab82e5a26abbb42fc6a2797fa138047", "bffc6a91428c4d3ee1d3a31dc6d39dfc4dc95845bf91479d3c35f3c0be31b717", "58c90a06149b972f026f5269159383975f20c626f0b2d1c2f1fb48ef16d91815", "6a6d7e403ea2ca9a5d2b15970a45e5201271f820fe44bfc08564282b93c4c1d6", "4934c7a5441db3be71be860faf08553372d3d340a19111ea8de08e4e44be1d66", "a4490742ab32325194fe021d29df0477bdff1c9ec81255f4af3f0a4c0e222733", "3537d8853971b0640dbaef00c1a4e25be3e17030645a13616b18640c26b59b3d", "27bf983b02321159e81858177d46db4a117a6a84d492cd217f6f342eb3216d1c", "878aeadd2c05b02eb2237d6e71566e07531dbf8acc03bc44a5b64ad32680c586", "574193861b68e3013a4a39aae418d3a3fb7602457f30e5b4a92ca2290d61f58e", "539e31628e45974b0465196f469d6326102e1a7046729ca685ca91ca481aefd9", "f468e7af983336aa89f747ab90d04a2169439e76b8bd82903013953d14f1e2e3", "347038c94600cb1ac371faa50d90d6f650a80d7626318c9458ca395395a5a37e", "4d56359077591a57e8fe7e0e1ac0b8468c251bc23953e5ed4bc261184bc149ed", "fbdd66bf4b4f90908f164798aa0196b2ce2c06b6864ea516da975d841fc007b3", "27de97a0d4ad7a5adae5e5b1983079f301bb0bec76f4ed7c8092df0e56cceadb"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "process-explorer-suspicious-launch", "hashes": ["db9705934e371598a759283c5b942d39a43bc67a43d80792134f36e1429feed0", "075f64fbeb94bb40a6f267b9cb7d26980407434bd43bcdd0c5cbe8a6bf078fb4", "41069d11a87a85790e8ccff930aa3ae9d7ced29b99825ba8d7e2726f66cfe2cb", "df84a3d471d0e3a6aad534921206f34ad02a220d7cdc6b7b7f17bb04d1582856", "a4a218954f8478525b7de65b92805bf29bc7dc33d2e24a246d4509d4df6ecaa6", "f6e73830aa6bd7632e0f3fb6fb3ea93ce01b122267db87f65354b41b9994fe1a", "8ef8bbf64fa96281aa6af918baa4758338d4433f17a547397426832482c665c6", "714f895093dbd0b5fc6eef1fbf805f6adab82e5a26abbb42fc6a2797fa138047", "bffc6a91428c4d3ee1d3a31dc6d39dfc4dc95845bf91479d3c35f3c0be31b717", "58c90a06149b972f026f5269159383975f20c626f0b2d1c2f1fb48ef16d91815", "6a6d7e403ea2ca9a5d2b15970a45e5201271f820fe44bfc08564282b93c4c1d6", "4934c7a5441db3be71be860faf08553372d3d340a19111ea8de08e4e44be1d66", "a4490742ab32325194fe021d29df0477bdff1c9ec81255f4af3f0a4c0e222733", "3537d8853971b0640dbaef00c1a4e25be3e17030645a13616b18640c26b59b3d", "27bf983b02321159e81858177d46db4a117a6a84d492cd217f6f342eb3216d1c", "878aeadd2c05b02eb2237d6e71566e07531dbf8acc03bc44a5b64ad32680c586", "574193861b68e3013a4a39aae418d3a3fb7602457f30e5b4a92ca2290d61f58e", "539e31628e45974b0465196f469d6326102e1a7046729ca685ca91ca481aefd9", "f468e7af983336aa89f747ab90d04a2169439e76b8bd82903013953d14f1e2e3", "347038c94600cb1ac371faa50d90d6f650a80d7626318c9458ca395395a5a37e", "4d56359077591a57e8fe7e0e1ac0b8468c251bc23953e5ed4bc261184bc149ed", "fbdd66bf4b4f90908f164798aa0196b2ce2c06b6864ea516da975d841fc007b3", "27de97a0d4ad7a5adae5e5b1983079f301bb0bec76f4ed7c8092df0e56cceadb"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "pe-header-linker-major", "hashes": ["db9705934e371598a759283c5b942d39a43bc67a43d80792134f36e1429feed0", "075f64fbeb94bb40a6f267b9cb7d26980407434bd43bcdd0c5cbe8a6bf078fb4", "41069d11a87a85790e8ccff930aa3ae9d7ced29b99825ba8d7e2726f66cfe2cb", "df84a3d471d0e3a6aad534921206f34ad02a220d7cdc6b7b7f17bb04d1582856", "a4a218954f8478525b7de65b92805bf29bc7dc33d2e24a246d4509d4df6ecaa6", "f6e73830aa6bd7632e0f3fb6fb3ea93ce01b122267db87f65354b41b9994fe1a", "8ef8bbf64fa96281aa6af918baa4758338d4433f17a547397426832482c665c6", "714f895093dbd0b5fc6eef1fbf805f6adab82e5a26abbb42fc6a2797fa138047", "bffc6a91428c4d3ee1d3a31dc6d39dfc4dc95845bf91479d3c35f3c0be31b717", "58c90a06149b972f026f5269159383975f20c626f0b2d1c2f1fb48ef16d91815", "6a6d7e403ea2ca9a5d2b15970a45e5201271f820fe44bfc08564282b93c4c1d6", "4934c7a5441db3be71be860faf08553372d3d340a19111ea8de08e4e44be1d66", "a4490742ab32325194fe021d29df0477bdff1c9ec81255f4af3f0a4c0e222733", "3537d8853971b0640dbaef00c1a4e25be3e17030645a13616b18640c26b59b3d", "27bf983b02321159e81858177d46db4a117a6a84d492cd217f6f342eb3216d1c", "878aeadd2c05b02eb2237d6e71566e07531dbf8acc03bc44a5b64ad32680c586", "574193861b68e3013a4a39aae418d3a3fb7602457f30e5b4a92ca2290d61f58e", "539e31628e45974b0465196f469d6326102e1a7046729ca685ca91ca481aefd9", "f468e7af983336aa89f747ab90d04a2169439e76b8bd82903013953d14f1e2e3", "347038c94600cb1ac371faa50d90d6f650a80d7626318c9458ca395395a5a37e", "4d56359077591a57e8fe7e0e1ac0b8468c251bc23953e5ed4bc261184bc149ed", "fbdd66bf4b4f90908f164798aa0196b2ce2c06b6864ea516da975d841fc007b3", "27de97a0d4ad7a5adae5e5b1983079f301bb0bec76f4ed7c8092df0e56cceadb"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-section-blank-name", "hashes": ["db9705934e371598a759283c5b942d39a43bc67a43d80792134f36e1429feed0", "075f64fbeb94bb40a6f267b9cb7d26980407434bd43bcdd0c5cbe8a6bf078fb4", "41069d11a87a85790e8ccff930aa3ae9d7ced29b99825ba8d7e2726f66cfe2cb", "df84a3d471d0e3a6aad534921206f34ad02a220d7cdc6b7b7f17bb04d1582856", "a4a218954f8478525b7de65b92805bf29bc7dc33d2e24a246d4509d4df6ecaa6", "f6e73830aa6bd7632e0f3fb6fb3ea93ce01b122267db87f65354b41b9994fe1a", "8ef8bbf64fa96281aa6af918baa4758338d4433f17a547397426832482c665c6", "714f895093dbd0b5fc6eef1fbf805f6adab82e5a26abbb42fc6a2797fa138047", "bffc6a91428c4d3ee1d3a31dc6d39dfc4dc95845bf91479d3c35f3c0be31b717", "58c90a06149b972f026f5269159383975f20c626f0b2d1c2f1fb48ef16d91815", "6a6d7e403ea2ca9a5d2b15970a45e5201271f820fe44bfc08564282b93c4c1d6", "4934c7a5441db3be71be860faf08553372d3d340a19111ea8de08e4e44be1d66", "a4490742ab32325194fe021d29df0477bdff1c9ec81255f4af3f0a4c0e222733", "3537d8853971b0640dbaef00c1a4e25be3e17030645a13616b18640c26b59b3d", "27bf983b02321159e81858177d46db4a117a6a84d492cd217f6f342eb3216d1c", "878aeadd2c05b02eb2237d6e71566e07531dbf8acc03bc44a5b64ad32680c586", "574193861b68e3013a4a39aae418d3a3fb7602457f30e5b4a92ca2290d61f58e", "539e31628e45974b0465196f469d6326102e1a7046729ca685ca91ca481aefd9", "f468e7af983336aa89f747ab90d04a2169439e76b8bd82903013953d14f1e2e3", "347038c94600cb1ac371faa50d90d6f650a80d7626318c9458ca395395a5a37e", "4d56359077591a57e8fe7e0e1ac0b8468c251bc23953e5ed4bc261184bc149ed", "fbdd66bf4b4f90908f164798aa0196b2ce2c06b6864ea516da975d841fc007b3", "27de97a0d4ad7a5adae5e5b1983079f301bb0bec76f4ed7c8092df0e56cceadb"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-unalign-hdr", "hashes": ["db9705934e371598a759283c5b942d39a43bc67a43d80792134f36e1429feed0", "075f64fbeb94bb40a6f267b9cb7d26980407434bd43bcdd0c5cbe8a6bf078fb4", "41069d11a87a85790e8ccff930aa3ae9d7ced29b99825ba8d7e2726f66cfe2cb", "df84a3d471d0e3a6aad534921206f34ad02a220d7cdc6b7b7f17bb04d1582856", "a4a218954f8478525b7de65b92805bf29bc7dc33d2e24a246d4509d4df6ecaa6", "f6e73830aa6bd7632e0f3fb6fb3ea93ce01b122267db87f65354b41b9994fe1a", "8ef8bbf64fa96281aa6af918baa4758338d4433f17a547397426832482c665c6", "714f895093dbd0b5fc6eef1fbf805f6adab82e5a26abbb42fc6a2797fa138047", "bffc6a91428c4d3ee1d3a31dc6d39dfc4dc95845bf91479d3c35f3c0be31b717", "58c90a06149b972f026f5269159383975f20c626f0b2d1c2f1fb48ef16d91815", "6a6d7e403ea2ca9a5d2b15970a45e5201271f820fe44bfc08564282b93c4c1d6", "4934c7a5441db3be71be860faf08553372d3d340a19111ea8de08e4e44be1d66", "a4490742ab32325194fe021d29df0477bdff1c9ec81255f4af3f0a4c0e222733", "3537d8853971b0640dbaef00c1a4e25be3e17030645a13616b18640c26b59b3d", "27bf983b02321159e81858177d46db4a117a6a84d492cd217f6f342eb3216d1c", "878aeadd2c05b02eb2237d6e71566e07531dbf8acc03bc44a5b64ad32680c586", "574193861b68e3013a4a39aae418d3a3fb7602457f30e5b4a92ca2290d61f58e", "539e31628e45974b0465196f469d6326102e1a7046729ca685ca91ca481aefd9", "f468e7af983336aa89f747ab90d04a2169439e76b8bd82903013953d14f1e2e3", "347038c94600cb1ac371faa50d90d6f650a80d7626318c9458ca395395a5a37e", "4d56359077591a57e8fe7e0e1ac0b8468c251bc23953e5ed4bc261184bc149ed", "fbdd66bf4b4f90908f164798aa0196b2ce2c06b6864ea516da975d841fc007b3", "27de97a0d4ad7a5adae5e5b1983079f301bb0bec76f4ed7c8092df0e56cceadb"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "process-with-multiple-children", "hashes": ["075f64fbeb94bb40a6f267b9cb7d26980407434bd43bcdd0c5cbe8a6bf078fb4", "a4a218954f8478525b7de65b92805bf29bc7dc33d2e24a246d4509d4df6ecaa6", "f6e73830aa6bd7632e0f3fb6fb3ea93ce01b122267db87f65354b41b9994fe1a", "8ef8bbf64fa96281aa6af918baa4758338d4433f17a547397426832482c665c6", "bffc6a91428c4d3ee1d3a31dc6d39dfc4dc95845bf91479d3c35f3c0be31b717", "6a6d7e403ea2ca9a5d2b15970a45e5201271f820fe44bfc08564282b93c4c1d6", "4934c7a5441db3be71be860faf08553372d3d340a19111ea8de08e4e44be1d66", "539e31628e45974b0465196f469d6326102e1a7046729ca685ca91ca481aefd9", "347038c94600cb1ac371faa50d90d6f650a80d7626318c9458ca395395a5a37e"], "mitre_attack_tags": ["TA0005"]}], "category": "Malware", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": false, "Threat Grid": true, "Umbrella": false, "WSA": false}, "description": "Zusy, also known as TinyBanker or Tinba, is a trojan that uses man-in-the-middle attacks to steal banking information. When executed, it injects itself into legitimate Windows processes such as \"explorer.exe\" and \"winver.exe\". When the user accesses a banking website, it displays a form to trick the user into submitting personal information.", "hashes": ["075f64fbeb94bb40a6f267b9cb7d26980407434bd43bcdd0c5cbe8a6bf078fb4", "27bf983b02321159e81858177d46db4a117a6a84d492cd217f6f342eb3216d1c", "27de97a0d4ad7a5adae5e5b1983079f301bb0bec76f4ed7c8092df0e56cceadb", "347038c94600cb1ac371faa50d90d6f650a80d7626318c9458ca395395a5a37e", "3537d8853971b0640dbaef00c1a4e25be3e17030645a13616b18640c26b59b3d", "41069d11a87a85790e8ccff930aa3ae9d7ced29b99825ba8d7e2726f66cfe2cb", "4934c7a5441db3be71be860faf08553372d3d340a19111ea8de08e4e44be1d66", "4d56359077591a57e8fe7e0e1ac0b8468c251bc23953e5ed4bc261184bc149ed", "539e31628e45974b0465196f469d6326102e1a7046729ca685ca91ca481aefd9", "574193861b68e3013a4a39aae418d3a3fb7602457f30e5b4a92ca2290d61f58e", "58c90a06149b972f026f5269159383975f20c626f0b2d1c2f1fb48ef16d91815", "6a6d7e403ea2ca9a5d2b15970a45e5201271f820fe44bfc08564282b93c4c1d6", "714f895093dbd0b5fc6eef1fbf805f6adab82e5a26abbb42fc6a2797fa138047", "878aeadd2c05b02eb2237d6e71566e07531dbf8acc03bc44a5b64ad32680c586", "8ef8bbf64fa96281aa6af918baa4758338d4433f17a547397426832482c665c6", "a4490742ab32325194fe021d29df0477bdff1c9ec81255f4af3f0a4c0e222733", "a4a218954f8478525b7de65b92805bf29bc7dc33d2e24a246d4509d4df6ecaa6", "bffc6a91428c4d3ee1d3a31dc6d39dfc4dc95845bf91479d3c35f3c0be31b717", "db9705934e371598a759283c5b942d39a43bc67a43d80792134f36e1429feed0", "df84a3d471d0e3a6aad534921206f34ad02a220d7cdc6b7b7f17bb04d1582856", "f468e7af983336aa89f747ab90d04a2169439e76b8bd82903013953d14f1e2e3", "f6e73830aa6bd7632e0f3fb6fb3ea93ce01b122267db87f65354b41b9994fe1a", "fbdd66bf4b4f90908f164798aa0196b2ce2c06b6864ea516da975d841fc007b3"], "iocs": {"domain": [], "file": [{"hashes": ["27de97a0d4ad7a5adae5e5b1983079f301bb0bec76f4ed7c8092df0e56cceadb", "4934c7a5441db3be71be860faf08553372d3d340a19111ea8de08e4e44be1d66", "a4490742ab32325194fe021d29df0477bdff1c9ec81255f4af3f0a4c0e222733", "f468e7af983336aa89f747ab90d04a2169439e76b8bd82903013953d14f1e2e3"], "path": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects"}, {"hashes": ["bffc6a91428c4d3ee1d3a31dc6d39dfc4dc95845bf91479d3c35f3c0be31b717", "fbdd66bf4b4f90908f164798aa0196b2ce2c06b6864ea516da975d841fc007b3"], "path": "%APPDATA%\\Microsoft\\Windows\\STARTM~1\\Programs\\Startup\\Vagjkx.lnk"}, {"hashes": ["3537d8853971b0640dbaef00c1a4e25be3e17030645a13616b18640c26b59b3d", "574193861b68e3013a4a39aae418d3a3fb7602457f30e5b4a92ca2290d61f58e"], "path": "%APPDATA%\\Microsoft\\Windows\\STARTM~1\\Programs\\Startup\\Obowlzc.lnk"}, {"hashes": ["6a6d7e403ea2ca9a5d2b15970a45e5201271f820fe44bfc08564282b93c4c1d6", "a4a218954f8478525b7de65b92805bf29bc7dc33d2e24a246d4509d4df6ecaa6"], "path": "%APPDATA%\\Microsoft\\Windows\\STARTM~1\\Programs\\Startup\\Opguqigvd.lnk"}, {"hashes": ["27bf983b02321159e81858177d46db4a117a6a84d492cd217f6f342eb3216d1c"], "path": "%APPDATA%\\Adobe\\Acrobat\\11.0\\Security\\TYFLYKZaX\\UI0Detect.exe"}, {"hashes": ["27bf983b02321159e81858177d46db4a117a6a84d492cd217f6f342eb3216d1c"], "path": "%APPDATA%\\Adobe\\Acrobat\\11.0\\Security\\TYFLYKZaX\\WTSAPI32.dll"}, {"hashes": ["27bf983b02321159e81858177d46db4a117a6a84d492cd217f6f342eb3216d1c"], "path": "%APPDATA%\\Microsoft\\Templates\\LiveContent\\15\\User\\Document Themes\\1033\\tfkQSnB3f\\NETPLWIZ.dll"}, {"hashes": ["27bf983b02321159e81858177d46db4a117a6a84d492cd217f6f342eb3216d1c"], "path": "%APPDATA%\\Microsoft\\Templates\\LiveContent\\15\\User\\Document Themes\\1033\\tfkQSnB3f\\Netplwiz.exe"}, {"hashes": ["27de97a0d4ad7a5adae5e5b1983079f301bb0bec76f4ed7c8092df0e56cceadb"], "path": "%LOCALAPPDATA%\\6kv\\AtBroker.exe"}, {"hashes": ["27de97a0d4ad7a5adae5e5b1983079f301bb0bec76f4ed7c8092df0e56cceadb"], "path": "%LOCALAPPDATA%\\6kv\\UxTheme.dll"}, {"hashes": ["27de97a0d4ad7a5adae5e5b1983079f301bb0bec76f4ed7c8092df0e56cceadb"], "path": "%LOCALAPPDATA%\\BSvk33aUi\\SYSDM.CPL"}, {"hashes": ["27de97a0d4ad7a5adae5e5b1983079f301bb0bec76f4ed7c8092df0e56cceadb"], "path": "%LOCALAPPDATA%\\BSvk33aUi\\SystemPropertiesDataExecutionPrevention.exe"}, {"hashes": ["27de97a0d4ad7a5adae5e5b1983079f301bb0bec76f4ed7c8092df0e56cceadb"], "path": "%LOCALAPPDATA%\\e8ek7vBNN\\wer.dll"}, {"hashes": ["27de97a0d4ad7a5adae5e5b1983079f301bb0bec76f4ed7c8092df0e56cceadb"], "path": "%LOCALAPPDATA%\\e8ek7vBNN\\wermgr.exe"}, {"hashes": ["27de97a0d4ad7a5adae5e5b1983079f301bb0bec76f4ed7c8092df0e56cceadb"], "path": "%LOCALAPPDATA%\\yRzzD9A\\dccw.exe"}, {"hashes": ["27de97a0d4ad7a5adae5e5b1983079f301bb0bec76f4ed7c8092df0e56cceadb"], "path": "%LOCALAPPDATA%\\yRzzD9A\\dxva2.dll"}, {"hashes": ["27de97a0d4ad7a5adae5e5b1983079f301bb0bec76f4ed7c8092df0e56cceadb"], "path": "%APPDATA%\\Adobe\\Acrobat\\9.0\\kAkW\\dccw.exe"}, {"hashes": ["27de97a0d4ad7a5adae5e5b1983079f301bb0bec76f4ed7c8092df0e56cceadb"], "path": "%APPDATA%\\Adobe\\Acrobat\\9.0\\kAkW\\dxva2.dll"}, {"hashes": ["27de97a0d4ad7a5adae5e5b1983079f301bb0bec76f4ed7c8092df0e56cceadb"], "path": "%APPDATA%\\Microsoft\\Templates\\LiveContent\\15\\User\\t86X5f\\AtBroker.exe"}, {"hashes": ["27de97a0d4ad7a5adae5e5b1983079f301bb0bec76f4ed7c8092df0e56cceadb"], "path": "%APPDATA%\\Microsoft\\Templates\\LiveContent\\15\\User\\t86X5f\\UxTheme.dll"}, {"hashes": ["27de97a0d4ad7a5adae5e5b1983079f301bb0bec76f4ed7c8092df0e56cceadb"], "path": "%APPDATA%\\Microsoft\\Templates\\LiveContent\\15\\b41\\SYSDM.CPL"}, {"hashes": ["27de97a0d4ad7a5adae5e5b1983079f301bb0bec76f4ed7c8092df0e56cceadb"], "path": "%APPDATA%\\Microsoft\\Templates\\LiveContent\\15\\b41\\SystemPropertiesDataExecutionPrevention.exe"}, {"hashes": ["347038c94600cb1ac371faa50d90d6f650a80d7626318c9458ca395395a5a37e"], "path": "%LOCALAPPDATA%\\65ADlV0mW\\DUI70.dll"}, {"hashes": ["347038c94600cb1ac371faa50d90d6f650a80d7626318c9458ca395395a5a37e"], "path": "%LOCALAPPDATA%\\65ADlV0mW\\UpgradeResultsUI.exe"}, {"hashes": ["347038c94600cb1ac371faa50d90d6f650a80d7626318c9458ca395395a5a37e"], "path": "%LOCALAPPDATA%\\E2yA1Zc\\RdpSa.exe"}, {"hashes": ["347038c94600cb1ac371faa50d90d6f650a80d7626318c9458ca395395a5a37e"], "path": "%LOCALAPPDATA%\\E2yA1Zc\\WINSTA.dll"}, {"hashes": ["347038c94600cb1ac371faa50d90d6f650a80d7626318c9458ca395395a5a37e"], "path": "%LOCALAPPDATA%\\OTgB\\MFC42u.dll"}, {"hashes": ["347038c94600cb1ac371faa50d90d6f650a80d7626318c9458ca395395a5a37e"], "path": "%LOCALAPPDATA%\\OTgB\\irftp.exe"}, {"hashes": ["347038c94600cb1ac371faa50d90d6f650a80d7626318c9458ca395395a5a37e"], "path": "%APPDATA%\\Microsoft\\Templates\\LiveContent\\15\\Managed\\SmartArt Graphics\\4e7al78\\DUI70.dll"}, {"hashes": ["347038c94600cb1ac371faa50d90d6f650a80d7626318c9458ca395395a5a37e"], "path": "%APPDATA%\\Microsoft\\Templates\\LiveContent\\15\\Managed\\SmartArt Graphics\\4e7al78\\UpgradeResultsUI.exe"}, {"hashes": ["347038c94600cb1ac371faa50d90d6f650a80d7626318c9458ca395395a5a37e"], "path": "%APPDATA%\\Microsoft\\Templates\\LiveContent\\15\\User\\Document Themes\\AdLaN9W4DZ\\RdpSa.exe"}, {"hashes": ["347038c94600cb1ac371faa50d90d6f650a80d7626318c9458ca395395a5a37e"], "path": "%APPDATA%\\Microsoft\\Templates\\LiveContent\\15\\User\\Document Themes\\AdLaN9W4DZ\\WINSTA.dll"}, {"hashes": ["347038c94600cb1ac371faa50d90d6f650a80d7626318c9458ca395395a5a37e"], "path": "%APPDATA%\\Microsoft\\Windows\\PowerShell\\y2v1b\\MFC42u.dll"}, {"hashes": ["347038c94600cb1ac371faa50d90d6f650a80d7626318c9458ca395395a5a37e"], "path": "%APPDATA%\\Microsoft\\Windows\\PowerShell\\y2v1b\\irftp.exe"}], "ip": [], "mutex": [{"hashes": ["075f64fbeb94bb40a6f267b9cb7d26980407434bd43bcdd0c5cbe8a6bf078fb4", "27bf983b02321159e81858177d46db4a117a6a84d492cd217f6f342eb3216d1c", "27de97a0d4ad7a5adae5e5b1983079f301bb0bec76f4ed7c8092df0e56cceadb", "347038c94600cb1ac371faa50d90d6f650a80d7626318c9458ca395395a5a37e", "3537d8853971b0640dbaef00c1a4e25be3e17030645a13616b18640c26b59b3d", "41069d11a87a85790e8ccff930aa3ae9d7ced29b99825ba8d7e2726f66cfe2cb", "4934c7a5441db3be71be860faf08553372d3d340a19111ea8de08e4e44be1d66", "4d56359077591a57e8fe7e0e1ac0b8468c251bc23953e5ed4bc261184bc149ed", "539e31628e45974b0465196f469d6326102e1a7046729ca685ca91ca481aefd9", "574193861b68e3013a4a39aae418d3a3fb7602457f30e5b4a92ca2290d61f58e", "58c90a06149b972f026f5269159383975f20c626f0b2d1c2f1fb48ef16d91815", "6a6d7e403ea2ca9a5d2b15970a45e5201271f820fe44bfc08564282b93c4c1d6", "714f895093dbd0b5fc6eef1fbf805f6adab82e5a26abbb42fc6a2797fa138047", "878aeadd2c05b02eb2237d6e71566e07531dbf8acc03bc44a5b64ad32680c586", "8ef8bbf64fa96281aa6af918baa4758338d4433f17a547397426832482c665c6", "a4490742ab32325194fe021d29df0477bdff1c9ec81255f4af3f0a4c0e222733", "a4a218954f8478525b7de65b92805bf29bc7dc33d2e24a246d4509d4df6ecaa6", "bffc6a91428c4d3ee1d3a31dc6d39dfc4dc95845bf91479d3c35f3c0be31b717", "db9705934e371598a759283c5b942d39a43bc67a43d80792134f36e1429feed0", "df84a3d471d0e3a6aad534921206f34ad02a220d7cdc6b7b7f17bb04d1582856", "f468e7af983336aa89f747ab90d04a2169439e76b8bd82903013953d14f1e2e3", "f6e73830aa6bd7632e0f3fb6fb3ea93ce01b122267db87f65354b41b9994fe1a", "fbdd66bf4b4f90908f164798aa0196b2ce2c06b6864ea516da975d841fc007b3"], "name": "{ac5b642b-c225-7367-a847-11bdf3a5e67c}"}, {"hashes": ["075f64fbeb94bb40a6f267b9cb7d26980407434bd43bcdd0c5cbe8a6bf078fb4", "27bf983b02321159e81858177d46db4a117a6a84d492cd217f6f342eb3216d1c", "27de97a0d4ad7a5adae5e5b1983079f301bb0bec76f4ed7c8092df0e56cceadb", "347038c94600cb1ac371faa50d90d6f650a80d7626318c9458ca395395a5a37e", "3537d8853971b0640dbaef00c1a4e25be3e17030645a13616b18640c26b59b3d", "41069d11a87a85790e8ccff930aa3ae9d7ced29b99825ba8d7e2726f66cfe2cb", "4934c7a5441db3be71be860faf08553372d3d340a19111ea8de08e4e44be1d66", "4d56359077591a57e8fe7e0e1ac0b8468c251bc23953e5ed4bc261184bc149ed", "539e31628e45974b0465196f469d6326102e1a7046729ca685ca91ca481aefd9", "574193861b68e3013a4a39aae418d3a3fb7602457f30e5b4a92ca2290d61f58e", "58c90a06149b972f026f5269159383975f20c626f0b2d1c2f1fb48ef16d91815", "6a6d7e403ea2ca9a5d2b15970a45e5201271f820fe44bfc08564282b93c4c1d6", "714f895093dbd0b5fc6eef1fbf805f6adab82e5a26abbb42fc6a2797fa138047", "878aeadd2c05b02eb2237d6e71566e07531dbf8acc03bc44a5b64ad32680c586", "8ef8bbf64fa96281aa6af918baa4758338d4433f17a547397426832482c665c6", "a4490742ab32325194fe021d29df0477bdff1c9ec81255f4af3f0a4c0e222733", "a4a218954f8478525b7de65b92805bf29bc7dc33d2e24a246d4509d4df6ecaa6", "bffc6a91428c4d3ee1d3a31dc6d39dfc4dc95845bf91479d3c35f3c0be31b717", "db9705934e371598a759283c5b942d39a43bc67a43d80792134f36e1429feed0", "df84a3d471d0e3a6aad534921206f34ad02a220d7cdc6b7b7f17bb04d1582856", "f468e7af983336aa89f747ab90d04a2169439e76b8bd82903013953d14f1e2e3", "f6e73830aa6bd7632e0f3fb6fb3ea93ce01b122267db87f65354b41b9994fe1a", "fbdd66bf4b4f90908f164798aa0196b2ce2c06b6864ea516da975d841fc007b3"], "name": "{24d07012-9955-711c-e323-1079ebcbe1f4}"}], "registry": []}, "reports_count": 23}, "Win.Packed.Dridex-9831573-1": {"bis": [{"bi": "pe-encrypted-section", "hashes": ["0894dbd6a9e65e5599d0d8faac3cc1b9c8263982f6dbb3ca779744c07fe13383", "3ed4dec2e8102f833c378581bb2647a4f3350637c1a76e3c97210a59c2a28874", "99da867bce6ba87309a9cac10625cfd659e6b6726964556a589e25d7703ffdb7", "28cf65cc0b12e91dc2dfe762b953ec40dbce2f9599202c3ea78bd5c717fef727", "9d725825572aa379424931b9d5ad2bcac275b9704d36375ab366fbabc02b00a6", "e419d6565615a8a0cd2b1abba7a7496ad9a54e07f0cbe692c589fd7dd832738c", "5e6a5012da6d259bf27f80fce6f585404a8b7d251df77dc8487a4149bc7f73b8", "862239dbbff81e50e58238e5f17e27a7053b4610b7661f1f3498d755d8ecbe36", "f5dcc604286b119640c7273d63bb60c681829f5c714c6940f73aa6913ee94394", "a4d8a644f002245879ae438cb7589b1e542997024a5d1254ac17a35f842a051c", "3924a67ebb6d966ec2d5fc3a4d69c91903365d4254d22cb57b3d2a129674d1aa", "9126101067461824beed8d288d53f90a3c93967f4bcf6cbea5104df7e29b055c", "6b3bc26e0397baf1040e6bb909ea6881fdaf8241c3377d1034d2ea941234eccc", "d4eee9764c67a0ee51c8b18494ed900bdd0084883da2078edf772916625a26af", "bab24cf9200dffb3096655b2296548a90b767180d0543880966c195070f36163", "ebf66bf4419783bcbc79de9cbfc6cac271a3b70318064c0f9eb3d37b38b22e37", "05d060844cfad849625b3d81e929caa570c382d86dbaa7b103f5b383774ddaba", "99e0cc28031e84d120839d65bf39ce43a91e4cde2f41cf9796e5ea2dabec0ec5", "1064f656c6db7845c5a8376c0806facb68876a0d1db22bddf513d450e7186551", "2a0ee20d9da36fc9224549fe6cd28a48925b10e224c937ea9405dc1a964b886d"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "memory-execute-readwrite", "hashes": ["0894dbd6a9e65e5599d0d8faac3cc1b9c8263982f6dbb3ca779744c07fe13383", "3ed4dec2e8102f833c378581bb2647a4f3350637c1a76e3c97210a59c2a28874", "99da867bce6ba87309a9cac10625cfd659e6b6726964556a589e25d7703ffdb7", "28cf65cc0b12e91dc2dfe762b953ec40dbce2f9599202c3ea78bd5c717fef727", "9d725825572aa379424931b9d5ad2bcac275b9704d36375ab366fbabc02b00a6", "e419d6565615a8a0cd2b1abba7a7496ad9a54e07f0cbe692c589fd7dd832738c", "5e6a5012da6d259bf27f80fce6f585404a8b7d251df77dc8487a4149bc7f73b8", "862239dbbff81e50e58238e5f17e27a7053b4610b7661f1f3498d755d8ecbe36", "f5dcc604286b119640c7273d63bb60c681829f5c714c6940f73aa6913ee94394", "a4d8a644f002245879ae438cb7589b1e542997024a5d1254ac17a35f842a051c", "3924a67ebb6d966ec2d5fc3a4d69c91903365d4254d22cb57b3d2a129674d1aa", "9126101067461824beed8d288d53f90a3c93967f4bcf6cbea5104df7e29b055c", "6b3bc26e0397baf1040e6bb909ea6881fdaf8241c3377d1034d2ea941234eccc", "d4eee9764c67a0ee51c8b18494ed900bdd0084883da2078edf772916625a26af", "bab24cf9200dffb3096655b2296548a90b767180d0543880966c195070f36163", "ebf66bf4419783bcbc79de9cbfc6cac271a3b70318064c0f9eb3d37b38b22e37", "05d060844cfad849625b3d81e929caa570c382d86dbaa7b103f5b383774ddaba", "99e0cc28031e84d120839d65bf39ce43a91e4cde2f41cf9796e5ea2dabec0ec5", "1064f656c6db7845c5a8376c0806facb68876a0d1db22bddf513d450e7186551", "2a0ee20d9da36fc9224549fe6cd28a48925b10e224c937ea9405dc1a964b886d"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055", "T1181"]}, {"bi": "modified-executable", "hashes": ["0894dbd6a9e65e5599d0d8faac3cc1b9c8263982f6dbb3ca779744c07fe13383", "3ed4dec2e8102f833c378581bb2647a4f3350637c1a76e3c97210a59c2a28874", "99da867bce6ba87309a9cac10625cfd659e6b6726964556a589e25d7703ffdb7", "28cf65cc0b12e91dc2dfe762b953ec40dbce2f9599202c3ea78bd5c717fef727", "9d725825572aa379424931b9d5ad2bcac275b9704d36375ab366fbabc02b00a6", "e419d6565615a8a0cd2b1abba7a7496ad9a54e07f0cbe692c589fd7dd832738c", "5e6a5012da6d259bf27f80fce6f585404a8b7d251df77dc8487a4149bc7f73b8", "862239dbbff81e50e58238e5f17e27a7053b4610b7661f1f3498d755d8ecbe36", "f5dcc604286b119640c7273d63bb60c681829f5c714c6940f73aa6913ee94394", "a4d8a644f002245879ae438cb7589b1e542997024a5d1254ac17a35f842a051c", "3924a67ebb6d966ec2d5fc3a4d69c91903365d4254d22cb57b3d2a129674d1aa", "9126101067461824beed8d288d53f90a3c93967f4bcf6cbea5104df7e29b055c", "6b3bc26e0397baf1040e6bb909ea6881fdaf8241c3377d1034d2ea941234eccc", "d4eee9764c67a0ee51c8b18494ed900bdd0084883da2078edf772916625a26af", "bab24cf9200dffb3096655b2296548a90b767180d0543880966c195070f36163", "ebf66bf4419783bcbc79de9cbfc6cac271a3b70318064c0f9eb3d37b38b22e37", "05d060844cfad849625b3d81e929caa570c382d86dbaa7b103f5b383774ddaba", "99e0cc28031e84d120839d65bf39ce43a91e4cde2f41cf9796e5ea2dabec0ec5", "1064f656c6db7845c5a8376c0806facb68876a0d1db22bddf513d450e7186551", "2a0ee20d9da36fc9224549fe6cd28a48925b10e224c937ea9405dc1a964b886d"], "mitre_attack_tags": []}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["0894dbd6a9e65e5599d0d8faac3cc1b9c8263982f6dbb3ca779744c07fe13383", "3ed4dec2e8102f833c378581bb2647a4f3350637c1a76e3c97210a59c2a28874", "99da867bce6ba87309a9cac10625cfd659e6b6726964556a589e25d7703ffdb7", "28cf65cc0b12e91dc2dfe762b953ec40dbce2f9599202c3ea78bd5c717fef727", "9d725825572aa379424931b9d5ad2bcac275b9704d36375ab366fbabc02b00a6", "e419d6565615a8a0cd2b1abba7a7496ad9a54e07f0cbe692c589fd7dd832738c", "5e6a5012da6d259bf27f80fce6f585404a8b7d251df77dc8487a4149bc7f73b8", "862239dbbff81e50e58238e5f17e27a7053b4610b7661f1f3498d755d8ecbe36", "f5dcc604286b119640c7273d63bb60c681829f5c714c6940f73aa6913ee94394", "a4d8a644f002245879ae438cb7589b1e542997024a5d1254ac17a35f842a051c", "3924a67ebb6d966ec2d5fc3a4d69c91903365d4254d22cb57b3d2a129674d1aa", "9126101067461824beed8d288d53f90a3c93967f4bcf6cbea5104df7e29b055c", "6b3bc26e0397baf1040e6bb909ea6881fdaf8241c3377d1034d2ea941234eccc", "d4eee9764c67a0ee51c8b18494ed900bdd0084883da2078edf772916625a26af", "bab24cf9200dffb3096655b2296548a90b767180d0543880966c195070f36163", "ebf66bf4419783bcbc79de9cbfc6cac271a3b70318064c0f9eb3d37b38b22e37", "05d060844cfad849625b3d81e929caa570c382d86dbaa7b103f5b383774ddaba", "99e0cc28031e84d120839d65bf39ce43a91e4cde2f41cf9796e5ea2dabec0ec5", "1064f656c6db7845c5a8376c0806facb68876a0d1db22bddf513d450e7186551", "2a0ee20d9da36fc9224549fe6cd28a48925b10e224c937ea9405dc1a964b886d"], "mitre_attack_tags": []}, {"bi": "cta-static-analyzer-malicious", "hashes": ["0894dbd6a9e65e5599d0d8faac3cc1b9c8263982f6dbb3ca779744c07fe13383", "3ed4dec2e8102f833c378581bb2647a4f3350637c1a76e3c97210a59c2a28874", "99da867bce6ba87309a9cac10625cfd659e6b6726964556a589e25d7703ffdb7", "28cf65cc0b12e91dc2dfe762b953ec40dbce2f9599202c3ea78bd5c717fef727", "9d725825572aa379424931b9d5ad2bcac275b9704d36375ab366fbabc02b00a6", "e419d6565615a8a0cd2b1abba7a7496ad9a54e07f0cbe692c589fd7dd832738c", "5e6a5012da6d259bf27f80fce6f585404a8b7d251df77dc8487a4149bc7f73b8", "862239dbbff81e50e58238e5f17e27a7053b4610b7661f1f3498d755d8ecbe36", "f5dcc604286b119640c7273d63bb60c681829f5c714c6940f73aa6913ee94394", "a4d8a644f002245879ae438cb7589b1e542997024a5d1254ac17a35f842a051c", "3924a67ebb6d966ec2d5fc3a4d69c91903365d4254d22cb57b3d2a129674d1aa", "9126101067461824beed8d288d53f90a3c93967f4bcf6cbea5104df7e29b055c", "6b3bc26e0397baf1040e6bb909ea6881fdaf8241c3377d1034d2ea941234eccc", "d4eee9764c67a0ee51c8b18494ed900bdd0084883da2078edf772916625a26af", "bab24cf9200dffb3096655b2296548a90b767180d0543880966c195070f36163", "ebf66bf4419783bcbc79de9cbfc6cac271a3b70318064c0f9eb3d37b38b22e37", "05d060844cfad849625b3d81e929caa570c382d86dbaa7b103f5b383774ddaba", "99e0cc28031e84d120839d65bf39ce43a91e4cde2f41cf9796e5ea2dabec0ec5", "1064f656c6db7845c5a8376c0806facb68876a0d1db22bddf513d450e7186551", "2a0ee20d9da36fc9224549fe6cd28a48925b10e224c937ea9405dc1a964b886d"], "mitre_attack_tags": []}, {"bi": "artifact-flagged-anomaly", "hashes": ["0894dbd6a9e65e5599d0d8faac3cc1b9c8263982f6dbb3ca779744c07fe13383", "3ed4dec2e8102f833c378581bb2647a4f3350637c1a76e3c97210a59c2a28874", "99da867bce6ba87309a9cac10625cfd659e6b6726964556a589e25d7703ffdb7", "28cf65cc0b12e91dc2dfe762b953ec40dbce2f9599202c3ea78bd5c717fef727", "9d725825572aa379424931b9d5ad2bcac275b9704d36375ab366fbabc02b00a6", "e419d6565615a8a0cd2b1abba7a7496ad9a54e07f0cbe692c589fd7dd832738c", "5e6a5012da6d259bf27f80fce6f585404a8b7d251df77dc8487a4149bc7f73b8", "862239dbbff81e50e58238e5f17e27a7053b4610b7661f1f3498d755d8ecbe36", "f5dcc604286b119640c7273d63bb60c681829f5c714c6940f73aa6913ee94394", "a4d8a644f002245879ae438cb7589b1e542997024a5d1254ac17a35f842a051c", "3924a67ebb6d966ec2d5fc3a4d69c91903365d4254d22cb57b3d2a129674d1aa", "9126101067461824beed8d288d53f90a3c93967f4bcf6cbea5104df7e29b055c", "6b3bc26e0397baf1040e6bb909ea6881fdaf8241c3377d1034d2ea941234eccc", "d4eee9764c67a0ee51c8b18494ed900bdd0084883da2078edf772916625a26af", "bab24cf9200dffb3096655b2296548a90b767180d0543880966c195070f36163", "ebf66bf4419783bcbc79de9cbfc6cac271a3b70318064c0f9eb3d37b38b22e37", "05d060844cfad849625b3d81e929caa570c382d86dbaa7b103f5b383774ddaba", "99e0cc28031e84d120839d65bf39ce43a91e4cde2f41cf9796e5ea2dabec0ec5", "1064f656c6db7845c5a8376c0806facb68876a0d1db22bddf513d450e7186551", "2a0ee20d9da36fc9224549fe6cd28a48925b10e224c937ea9405dc1a964b886d"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-section-execute-writable", "hashes": ["0894dbd6a9e65e5599d0d8faac3cc1b9c8263982f6dbb3ca779744c07fe13383", "3ed4dec2e8102f833c378581bb2647a4f3350637c1a76e3c97210a59c2a28874", "99da867bce6ba87309a9cac10625cfd659e6b6726964556a589e25d7703ffdb7", "28cf65cc0b12e91dc2dfe762b953ec40dbce2f9599202c3ea78bd5c717fef727", "9d725825572aa379424931b9d5ad2bcac275b9704d36375ab366fbabc02b00a6", "e419d6565615a8a0cd2b1abba7a7496ad9a54e07f0cbe692c589fd7dd832738c", "5e6a5012da6d259bf27f80fce6f585404a8b7d251df77dc8487a4149bc7f73b8", "862239dbbff81e50e58238e5f17e27a7053b4610b7661f1f3498d755d8ecbe36", "f5dcc604286b119640c7273d63bb60c681829f5c714c6940f73aa6913ee94394", "a4d8a644f002245879ae438cb7589b1e542997024a5d1254ac17a35f842a051c", "3924a67ebb6d966ec2d5fc3a4d69c91903365d4254d22cb57b3d2a129674d1aa", "9126101067461824beed8d288d53f90a3c93967f4bcf6cbea5104df7e29b055c", "6b3bc26e0397baf1040e6bb909ea6881fdaf8241c3377d1034d2ea941234eccc", "d4eee9764c67a0ee51c8b18494ed900bdd0084883da2078edf772916625a26af", "bab24cf9200dffb3096655b2296548a90b767180d0543880966c195070f36163", "ebf66bf4419783bcbc79de9cbfc6cac271a3b70318064c0f9eb3d37b38b22e37", "05d060844cfad849625b3d81e929caa570c382d86dbaa7b103f5b383774ddaba", "99e0cc28031e84d120839d65bf39ce43a91e4cde2f41cf9796e5ea2dabec0ec5", "1064f656c6db7845c5a8376c0806facb68876a0d1db22bddf513d450e7186551", "2a0ee20d9da36fc9224549fe6cd28a48925b10e224c937ea9405dc1a964b886d"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "network-fast-flux-domain", "hashes": ["0894dbd6a9e65e5599d0d8faac3cc1b9c8263982f6dbb3ca779744c07fe13383", "3ed4dec2e8102f833c378581bb2647a4f3350637c1a76e3c97210a59c2a28874", "99da867bce6ba87309a9cac10625cfd659e6b6726964556a589e25d7703ffdb7", "28cf65cc0b12e91dc2dfe762b953ec40dbce2f9599202c3ea78bd5c717fef727", "9d725825572aa379424931b9d5ad2bcac275b9704d36375ab366fbabc02b00a6", "e419d6565615a8a0cd2b1abba7a7496ad9a54e07f0cbe692c589fd7dd832738c", "5e6a5012da6d259bf27f80fce6f585404a8b7d251df77dc8487a4149bc7f73b8", "862239dbbff81e50e58238e5f17e27a7053b4610b7661f1f3498d755d8ecbe36", "f5dcc604286b119640c7273d63bb60c681829f5c714c6940f73aa6913ee94394", "a4d8a644f002245879ae438cb7589b1e542997024a5d1254ac17a35f842a051c", "3924a67ebb6d966ec2d5fc3a4d69c91903365d4254d22cb57b3d2a129674d1aa", "9126101067461824beed8d288d53f90a3c93967f4bcf6cbea5104df7e29b055c", "6b3bc26e0397baf1040e6bb909ea6881fdaf8241c3377d1034d2ea941234eccc", "d4eee9764c67a0ee51c8b18494ed900bdd0084883da2078edf772916625a26af", "bab24cf9200dffb3096655b2296548a90b767180d0543880966c195070f36163", "ebf66bf4419783bcbc79de9cbfc6cac271a3b70318064c0f9eb3d37b38b22e37", "05d060844cfad849625b3d81e929caa570c382d86dbaa7b103f5b383774ddaba", "99e0cc28031e84d120839d65bf39ce43a91e4cde2f41cf9796e5ea2dabec0ec5", "1064f656c6db7845c5a8376c0806facb68876a0d1db22bddf513d450e7186551", "2a0ee20d9da36fc9224549fe6cd28a48925b10e224c937ea9405dc1a964b886d"], "mitre_attack_tags": []}, {"bi": "network-communications-http-get", "hashes": ["0894dbd6a9e65e5599d0d8faac3cc1b9c8263982f6dbb3ca779744c07fe13383", "3ed4dec2e8102f833c378581bb2647a4f3350637c1a76e3c97210a59c2a28874", "99da867bce6ba87309a9cac10625cfd659e6b6726964556a589e25d7703ffdb7", "28cf65cc0b12e91dc2dfe762b953ec40dbce2f9599202c3ea78bd5c717fef727", "9d725825572aa379424931b9d5ad2bcac275b9704d36375ab366fbabc02b00a6", "e419d6565615a8a0cd2b1abba7a7496ad9a54e07f0cbe692c589fd7dd832738c", "5e6a5012da6d259bf27f80fce6f585404a8b7d251df77dc8487a4149bc7f73b8", "862239dbbff81e50e58238e5f17e27a7053b4610b7661f1f3498d755d8ecbe36", "f5dcc604286b119640c7273d63bb60c681829f5c714c6940f73aa6913ee94394", "a4d8a644f002245879ae438cb7589b1e542997024a5d1254ac17a35f842a051c", "3924a67ebb6d966ec2d5fc3a4d69c91903365d4254d22cb57b3d2a129674d1aa", "9126101067461824beed8d288d53f90a3c93967f4bcf6cbea5104df7e29b055c", "6b3bc26e0397baf1040e6bb909ea6881fdaf8241c3377d1034d2ea941234eccc", "d4eee9764c67a0ee51c8b18494ed900bdd0084883da2078edf772916625a26af", "bab24cf9200dffb3096655b2296548a90b767180d0543880966c195070f36163", "ebf66bf4419783bcbc79de9cbfc6cac271a3b70318064c0f9eb3d37b38b22e37", "05d060844cfad849625b3d81e929caa570c382d86dbaa7b103f5b383774ddaba", "99e0cc28031e84d120839d65bf39ce43a91e4cde2f41cf9796e5ea2dabec0ec5", "1064f656c6db7845c5a8376c0806facb68876a0d1db22bddf513d450e7186551", "2a0ee20d9da36fc9224549fe6cd28a48925b10e224c937ea9405dc1a964b886d"], "mitre_attack_tags": ["TA0011", "T1105"]}, {"bi": "hook-installed", "hashes": ["0894dbd6a9e65e5599d0d8faac3cc1b9c8263982f6dbb3ca779744c07fe13383", "3ed4dec2e8102f833c378581bb2647a4f3350637c1a76e3c97210a59c2a28874", "99da867bce6ba87309a9cac10625cfd659e6b6726964556a589e25d7703ffdb7", "28cf65cc0b12e91dc2dfe762b953ec40dbce2f9599202c3ea78bd5c717fef727", "9d725825572aa379424931b9d5ad2bcac275b9704d36375ab366fbabc02b00a6", "e419d6565615a8a0cd2b1abba7a7496ad9a54e07f0cbe692c589fd7dd832738c", "5e6a5012da6d259bf27f80fce6f585404a8b7d251df77dc8487a4149bc7f73b8", "862239dbbff81e50e58238e5f17e27a7053b4610b7661f1f3498d755d8ecbe36", "f5dcc604286b119640c7273d63bb60c681829f5c714c6940f73aa6913ee94394", "a4d8a644f002245879ae438cb7589b1e542997024a5d1254ac17a35f842a051c", "3924a67ebb6d966ec2d5fc3a4d69c91903365d4254d22cb57b3d2a129674d1aa", "9126101067461824beed8d288d53f90a3c93967f4bcf6cbea5104df7e29b055c", "6b3bc26e0397baf1040e6bb909ea6881fdaf8241c3377d1034d2ea941234eccc", "d4eee9764c67a0ee51c8b18494ed900bdd0084883da2078edf772916625a26af", "bab24cf9200dffb3096655b2296548a90b767180d0543880966c195070f36163", "ebf66bf4419783bcbc79de9cbfc6cac271a3b70318064c0f9eb3d37b38b22e37", "05d060844cfad849625b3d81e929caa570c382d86dbaa7b103f5b383774ddaba", "99e0cc28031e84d120839d65bf39ce43a91e4cde2f41cf9796e5ea2dabec0ec5", "1064f656c6db7845c5a8376c0806facb68876a0d1db22bddf513d450e7186551", "2a0ee20d9da36fc9224549fe6cd28a48925b10e224c937ea9405dc1a964b886d"], "mitre_attack_tags": ["TA0009", "TA0006", "T1056"]}, {"bi": "network-fast-flux-nameserver", "hashes": ["0894dbd6a9e65e5599d0d8faac3cc1b9c8263982f6dbb3ca779744c07fe13383", "3ed4dec2e8102f833c378581bb2647a4f3350637c1a76e3c97210a59c2a28874", "99da867bce6ba87309a9cac10625cfd659e6b6726964556a589e25d7703ffdb7", "28cf65cc0b12e91dc2dfe762b953ec40dbce2f9599202c3ea78bd5c717fef727", "9d725825572aa379424931b9d5ad2bcac275b9704d36375ab366fbabc02b00a6", "e419d6565615a8a0cd2b1abba7a7496ad9a54e07f0cbe692c589fd7dd832738c", "5e6a5012da6d259bf27f80fce6f585404a8b7d251df77dc8487a4149bc7f73b8", "862239dbbff81e50e58238e5f17e27a7053b4610b7661f1f3498d755d8ecbe36", "f5dcc604286b119640c7273d63bb60c681829f5c714c6940f73aa6913ee94394", "a4d8a644f002245879ae438cb7589b1e542997024a5d1254ac17a35f842a051c", "3924a67ebb6d966ec2d5fc3a4d69c91903365d4254d22cb57b3d2a129674d1aa", "9126101067461824beed8d288d53f90a3c93967f4bcf6cbea5104df7e29b055c", "6b3bc26e0397baf1040e6bb909ea6881fdaf8241c3377d1034d2ea941234eccc", "d4eee9764c67a0ee51c8b18494ed900bdd0084883da2078edf772916625a26af", "bab24cf9200dffb3096655b2296548a90b767180d0543880966c195070f36163", "ebf66bf4419783bcbc79de9cbfc6cac271a3b70318064c0f9eb3d37b38b22e37", "05d060844cfad849625b3d81e929caa570c382d86dbaa7b103f5b383774ddaba", "99e0cc28031e84d120839d65bf39ce43a91e4cde2f41cf9796e5ea2dabec0ec5", "1064f656c6db7845c5a8376c0806facb68876a0d1db22bddf513d450e7186551", "2a0ee20d9da36fc9224549fe6cd28a48925b10e224c937ea9405dc1a964b886d"], "mitre_attack_tags": []}, {"bi": "dns-query-nxdomain", "hashes": ["0894dbd6a9e65e5599d0d8faac3cc1b9c8263982f6dbb3ca779744c07fe13383", "3ed4dec2e8102f833c378581bb2647a4f3350637c1a76e3c97210a59c2a28874", "99da867bce6ba87309a9cac10625cfd659e6b6726964556a589e25d7703ffdb7", "28cf65cc0b12e91dc2dfe762b953ec40dbce2f9599202c3ea78bd5c717fef727", "9d725825572aa379424931b9d5ad2bcac275b9704d36375ab366fbabc02b00a6", "e419d6565615a8a0cd2b1abba7a7496ad9a54e07f0cbe692c589fd7dd832738c", "5e6a5012da6d259bf27f80fce6f585404a8b7d251df77dc8487a4149bc7f73b8", "862239dbbff81e50e58238e5f17e27a7053b4610b7661f1f3498d755d8ecbe36", "f5dcc604286b119640c7273d63bb60c681829f5c714c6940f73aa6913ee94394", "a4d8a644f002245879ae438cb7589b1e542997024a5d1254ac17a35f842a051c", "3924a67ebb6d966ec2d5fc3a4d69c91903365d4254d22cb57b3d2a129674d1aa", "9126101067461824beed8d288d53f90a3c93967f4bcf6cbea5104df7e29b055c", "6b3bc26e0397baf1040e6bb909ea6881fdaf8241c3377d1034d2ea941234eccc", "d4eee9764c67a0ee51c8b18494ed900bdd0084883da2078edf772916625a26af", "bab24cf9200dffb3096655b2296548a90b767180d0543880966c195070f36163", "ebf66bf4419783bcbc79de9cbfc6cac271a3b70318064c0f9eb3d37b38b22e37", "05d060844cfad849625b3d81e929caa570c382d86dbaa7b103f5b383774ddaba", "99e0cc28031e84d120839d65bf39ce43a91e4cde2f41cf9796e5ea2dabec0ec5", "1064f656c6db7845c5a8376c0806facb68876a0d1db22bddf513d450e7186551", "2a0ee20d9da36fc9224549fe6cd28a48925b10e224c937ea9405dc1a964b886d"], "mitre_attack_tags": []}, {"bi": "network-snort-protocol", "hashes": ["0894dbd6a9e65e5599d0d8faac3cc1b9c8263982f6dbb3ca779744c07fe13383", "3ed4dec2e8102f833c378581bb2647a4f3350637c1a76e3c97210a59c2a28874", "99da867bce6ba87309a9cac10625cfd659e6b6726964556a589e25d7703ffdb7", "28cf65cc0b12e91dc2dfe762b953ec40dbce2f9599202c3ea78bd5c717fef727", "9d725825572aa379424931b9d5ad2bcac275b9704d36375ab366fbabc02b00a6", "e419d6565615a8a0cd2b1abba7a7496ad9a54e07f0cbe692c589fd7dd832738c", "5e6a5012da6d259bf27f80fce6f585404a8b7d251df77dc8487a4149bc7f73b8", "862239dbbff81e50e58238e5f17e27a7053b4610b7661f1f3498d755d8ecbe36", "f5dcc604286b119640c7273d63bb60c681829f5c714c6940f73aa6913ee94394", "a4d8a644f002245879ae438cb7589b1e542997024a5d1254ac17a35f842a051c", "3924a67ebb6d966ec2d5fc3a4d69c91903365d4254d22cb57b3d2a129674d1aa", "9126101067461824beed8d288d53f90a3c93967f4bcf6cbea5104df7e29b055c", "6b3bc26e0397baf1040e6bb909ea6881fdaf8241c3377d1034d2ea941234eccc", "d4eee9764c67a0ee51c8b18494ed900bdd0084883da2078edf772916625a26af", "bab24cf9200dffb3096655b2296548a90b767180d0543880966c195070f36163", "ebf66bf4419783bcbc79de9cbfc6cac271a3b70318064c0f9eb3d37b38b22e37", "05d060844cfad849625b3d81e929caa570c382d86dbaa7b103f5b383774ddaba", "99e0cc28031e84d120839d65bf39ce43a91e4cde2f41cf9796e5ea2dabec0ec5", "1064f656c6db7845c5a8376c0806facb68876a0d1db22bddf513d450e7186551", "2a0ee20d9da36fc9224549fe6cd28a48925b10e224c937ea9405dc1a964b886d"], "mitre_attack_tags": []}, {"bi": "network-only-safe-domains-contacted", "hashes": ["0894dbd6a9e65e5599d0d8faac3cc1b9c8263982f6dbb3ca779744c07fe13383", "3ed4dec2e8102f833c378581bb2647a4f3350637c1a76e3c97210a59c2a28874", "99da867bce6ba87309a9cac10625cfd659e6b6726964556a589e25d7703ffdb7", "28cf65cc0b12e91dc2dfe762b953ec40dbce2f9599202c3ea78bd5c717fef727", "9d725825572aa379424931b9d5ad2bcac275b9704d36375ab366fbabc02b00a6", "e419d6565615a8a0cd2b1abba7a7496ad9a54e07f0cbe692c589fd7dd832738c", "5e6a5012da6d259bf27f80fce6f585404a8b7d251df77dc8487a4149bc7f73b8", "862239dbbff81e50e58238e5f17e27a7053b4610b7661f1f3498d755d8ecbe36", "f5dcc604286b119640c7273d63bb60c681829f5c714c6940f73aa6913ee94394", "a4d8a644f002245879ae438cb7589b1e542997024a5d1254ac17a35f842a051c", "3924a67ebb6d966ec2d5fc3a4d69c91903365d4254d22cb57b3d2a129674d1aa", "9126101067461824beed8d288d53f90a3c93967f4bcf6cbea5104df7e29b055c", "6b3bc26e0397baf1040e6bb909ea6881fdaf8241c3377d1034d2ea941234eccc", "d4eee9764c67a0ee51c8b18494ed900bdd0084883da2078edf772916625a26af", "bab24cf9200dffb3096655b2296548a90b767180d0543880966c195070f36163", "ebf66bf4419783bcbc79de9cbfc6cac271a3b70318064c0f9eb3d37b38b22e37", "05d060844cfad849625b3d81e929caa570c382d86dbaa7b103f5b383774ddaba", "99e0cc28031e84d120839d65bf39ce43a91e4cde2f41cf9796e5ea2dabec0ec5", "1064f656c6db7845c5a8376c0806facb68876a0d1db22bddf513d450e7186551", "2a0ee20d9da36fc9224549fe6cd28a48925b10e224c937ea9405dc1a964b886d"], "mitre_attack_tags": []}, {"bi": "feed-domain-banking", "hashes": ["0894dbd6a9e65e5599d0d8faac3cc1b9c8263982f6dbb3ca779744c07fe13383", "3ed4dec2e8102f833c378581bb2647a4f3350637c1a76e3c97210a59c2a28874", "99da867bce6ba87309a9cac10625cfd659e6b6726964556a589e25d7703ffdb7", "28cf65cc0b12e91dc2dfe762b953ec40dbce2f9599202c3ea78bd5c717fef727", "9d725825572aa379424931b9d5ad2bcac275b9704d36375ab366fbabc02b00a6", "e419d6565615a8a0cd2b1abba7a7496ad9a54e07f0cbe692c589fd7dd832738c", "5e6a5012da6d259bf27f80fce6f585404a8b7d251df77dc8487a4149bc7f73b8", "862239dbbff81e50e58238e5f17e27a7053b4610b7661f1f3498d755d8ecbe36", "f5dcc604286b119640c7273d63bb60c681829f5c714c6940f73aa6913ee94394", "a4d8a644f002245879ae438cb7589b1e542997024a5d1254ac17a35f842a051c", "3924a67ebb6d966ec2d5fc3a4d69c91903365d4254d22cb57b3d2a129674d1aa", "9126101067461824beed8d288d53f90a3c93967f4bcf6cbea5104df7e29b055c", "6b3bc26e0397baf1040e6bb909ea6881fdaf8241c3377d1034d2ea941234eccc", "d4eee9764c67a0ee51c8b18494ed900bdd0084883da2078edf772916625a26af", "bab24cf9200dffb3096655b2296548a90b767180d0543880966c195070f36163", "ebf66bf4419783bcbc79de9cbfc6cac271a3b70318064c0f9eb3d37b38b22e37", "05d060844cfad849625b3d81e929caa570c382d86dbaa7b103f5b383774ddaba", "99e0cc28031e84d120839d65bf39ce43a91e4cde2f41cf9796e5ea2dabec0ec5", "1064f656c6db7845c5a8376c0806facb68876a0d1db22bddf513d450e7186551", "2a0ee20d9da36fc9224549fe6cd28a48925b10e224c937ea9405dc1a964b886d"], "mitre_attack_tags": []}, {"bi": "feed-domain-antivirus-service", "hashes": ["0894dbd6a9e65e5599d0d8faac3cc1b9c8263982f6dbb3ca779744c07fe13383", "3ed4dec2e8102f833c378581bb2647a4f3350637c1a76e3c97210a59c2a28874", "99da867bce6ba87309a9cac10625cfd659e6b6726964556a589e25d7703ffdb7", "28cf65cc0b12e91dc2dfe762b953ec40dbce2f9599202c3ea78bd5c717fef727", "9d725825572aa379424931b9d5ad2bcac275b9704d36375ab366fbabc02b00a6", "e419d6565615a8a0cd2b1abba7a7496ad9a54e07f0cbe692c589fd7dd832738c", "5e6a5012da6d259bf27f80fce6f585404a8b7d251df77dc8487a4149bc7f73b8", "862239dbbff81e50e58238e5f17e27a7053b4610b7661f1f3498d755d8ecbe36", "f5dcc604286b119640c7273d63bb60c681829f5c714c6940f73aa6913ee94394", "a4d8a644f002245879ae438cb7589b1e542997024a5d1254ac17a35f842a051c", "3924a67ebb6d966ec2d5fc3a4d69c91903365d4254d22cb57b3d2a129674d1aa", "9126101067461824beed8d288d53f90a3c93967f4bcf6cbea5104df7e29b055c", "6b3bc26e0397baf1040e6bb909ea6881fdaf8241c3377d1034d2ea941234eccc", "d4eee9764c67a0ee51c8b18494ed900bdd0084883da2078edf772916625a26af", "bab24cf9200dffb3096655b2296548a90b767180d0543880966c195070f36163", "ebf66bf4419783bcbc79de9cbfc6cac271a3b70318064c0f9eb3d37b38b22e37", "05d060844cfad849625b3d81e929caa570c382d86dbaa7b103f5b383774ddaba", "99e0cc28031e84d120839d65bf39ce43a91e4cde2f41cf9796e5ea2dabec0ec5", "1064f656c6db7845c5a8376c0806facb68876a0d1db22bddf513d450e7186551", "2a0ee20d9da36fc9224549fe6cd28a48925b10e224c937ea9405dc1a964b886d"], "mitre_attack_tags": []}, {"bi": "http-response-client-error", "hashes": ["0894dbd6a9e65e5599d0d8faac3cc1b9c8263982f6dbb3ca779744c07fe13383", "3ed4dec2e8102f833c378581bb2647a4f3350637c1a76e3c97210a59c2a28874", "99da867bce6ba87309a9cac10625cfd659e6b6726964556a589e25d7703ffdb7", "28cf65cc0b12e91dc2dfe762b953ec40dbce2f9599202c3ea78bd5c717fef727", "9d725825572aa379424931b9d5ad2bcac275b9704d36375ab366fbabc02b00a6", "e419d6565615a8a0cd2b1abba7a7496ad9a54e07f0cbe692c589fd7dd832738c", "5e6a5012da6d259bf27f80fce6f585404a8b7d251df77dc8487a4149bc7f73b8", "862239dbbff81e50e58238e5f17e27a7053b4610b7661f1f3498d755d8ecbe36", "f5dcc604286b119640c7273d63bb60c681829f5c714c6940f73aa6913ee94394", "a4d8a644f002245879ae438cb7589b1e542997024a5d1254ac17a35f842a051c", "3924a67ebb6d966ec2d5fc3a4d69c91903365d4254d22cb57b3d2a129674d1aa", "9126101067461824beed8d288d53f90a3c93967f4bcf6cbea5104df7e29b055c", "6b3bc26e0397baf1040e6bb909ea6881fdaf8241c3377d1034d2ea941234eccc", "d4eee9764c67a0ee51c8b18494ed900bdd0084883da2078edf772916625a26af", "bab24cf9200dffb3096655b2296548a90b767180d0543880966c195070f36163", "ebf66bf4419783bcbc79de9cbfc6cac271a3b70318064c0f9eb3d37b38b22e37", "05d060844cfad849625b3d81e929caa570c382d86dbaa7b103f5b383774ddaba", "99e0cc28031e84d120839d65bf39ce43a91e4cde2f41cf9796e5ea2dabec0ec5", "1064f656c6db7845c5a8376c0806facb68876a0d1db22bddf513d450e7186551", "2a0ee20d9da36fc9224549fe6cd28a48925b10e224c937ea9405dc1a964b886d"], "mitre_attack_tags": []}, {"bi": "deleted-submitted-file", "hashes": ["0894dbd6a9e65e5599d0d8faac3cc1b9c8263982f6dbb3ca779744c07fe13383", "3ed4dec2e8102f833c378581bb2647a4f3350637c1a76e3c97210a59c2a28874", "99da867bce6ba87309a9cac10625cfd659e6b6726964556a589e25d7703ffdb7", "28cf65cc0b12e91dc2dfe762b953ec40dbce2f9599202c3ea78bd5c717fef727", "9d725825572aa379424931b9d5ad2bcac275b9704d36375ab366fbabc02b00a6", "e419d6565615a8a0cd2b1abba7a7496ad9a54e07f0cbe692c589fd7dd832738c", "5e6a5012da6d259bf27f80fce6f585404a8b7d251df77dc8487a4149bc7f73b8", "862239dbbff81e50e58238e5f17e27a7053b4610b7661f1f3498d755d8ecbe36", "f5dcc604286b119640c7273d63bb60c681829f5c714c6940f73aa6913ee94394", "a4d8a644f002245879ae438cb7589b1e542997024a5d1254ac17a35f842a051c", "3924a67ebb6d966ec2d5fc3a4d69c91903365d4254d22cb57b3d2a129674d1aa", "9126101067461824beed8d288d53f90a3c93967f4bcf6cbea5104df7e29b055c", "6b3bc26e0397baf1040e6bb909ea6881fdaf8241c3377d1034d2ea941234eccc", "d4eee9764c67a0ee51c8b18494ed900bdd0084883da2078edf772916625a26af", "bab24cf9200dffb3096655b2296548a90b767180d0543880966c195070f36163", "ebf66bf4419783bcbc79de9cbfc6cac271a3b70318064c0f9eb3d37b38b22e37", "05d060844cfad849625b3d81e929caa570c382d86dbaa7b103f5b383774ddaba", "99e0cc28031e84d120839d65bf39ce43a91e4cde2f41cf9796e5ea2dabec0ec5", "1064f656c6db7845c5a8376c0806facb68876a0d1db22bddf513d450e7186551", "2a0ee20d9da36fc9224549fe6cd28a48925b10e224c937ea9405dc1a964b886d"], "mitre_attack_tags": ["TA0005", "T1107"]}, {"bi": "artifact-windows-task", "hashes": ["0894dbd6a9e65e5599d0d8faac3cc1b9c8263982f6dbb3ca779744c07fe13383", "3ed4dec2e8102f833c378581bb2647a4f3350637c1a76e3c97210a59c2a28874", "99da867bce6ba87309a9cac10625cfd659e6b6726964556a589e25d7703ffdb7", "28cf65cc0b12e91dc2dfe762b953ec40dbce2f9599202c3ea78bd5c717fef727", "9d725825572aa379424931b9d5ad2bcac275b9704d36375ab366fbabc02b00a6", "e419d6565615a8a0cd2b1abba7a7496ad9a54e07f0cbe692c589fd7dd832738c", "5e6a5012da6d259bf27f80fce6f585404a8b7d251df77dc8487a4149bc7f73b8", "862239dbbff81e50e58238e5f17e27a7053b4610b7661f1f3498d755d8ecbe36", "f5dcc604286b119640c7273d63bb60c681829f5c714c6940f73aa6913ee94394", "a4d8a644f002245879ae438cb7589b1e542997024a5d1254ac17a35f842a051c", "3924a67ebb6d966ec2d5fc3a4d69c91903365d4254d22cb57b3d2a129674d1aa", "9126101067461824beed8d288d53f90a3c93967f4bcf6cbea5104df7e29b055c", "6b3bc26e0397baf1040e6bb909ea6881fdaf8241c3377d1034d2ea941234eccc", "d4eee9764c67a0ee51c8b18494ed900bdd0084883da2078edf772916625a26af", "bab24cf9200dffb3096655b2296548a90b767180d0543880966c195070f36163", "ebf66bf4419783bcbc79de9cbfc6cac271a3b70318064c0f9eb3d37b38b22e37", "05d060844cfad849625b3d81e929caa570c382d86dbaa7b103f5b383774ddaba", "99e0cc28031e84d120839d65bf39ce43a91e4cde2f41cf9796e5ea2dabec0ec5", "1064f656c6db7845c5a8376c0806facb68876a0d1db22bddf513d450e7186551", "2a0ee20d9da36fc9224549fe6cd28a48925b10e224c937ea9405dc1a964b886d"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1053"]}, {"bi": "registry-autorun-key-modified", "hashes": ["0894dbd6a9e65e5599d0d8faac3cc1b9c8263982f6dbb3ca779744c07fe13383", "3ed4dec2e8102f833c378581bb2647a4f3350637c1a76e3c97210a59c2a28874", "99da867bce6ba87309a9cac10625cfd659e6b6726964556a589e25d7703ffdb7", "28cf65cc0b12e91dc2dfe762b953ec40dbce2f9599202c3ea78bd5c717fef727", "9d725825572aa379424931b9d5ad2bcac275b9704d36375ab366fbabc02b00a6", "e419d6565615a8a0cd2b1abba7a7496ad9a54e07f0cbe692c589fd7dd832738c", "5e6a5012da6d259bf27f80fce6f585404a8b7d251df77dc8487a4149bc7f73b8", "862239dbbff81e50e58238e5f17e27a7053b4610b7661f1f3498d755d8ecbe36", "f5dcc604286b119640c7273d63bb60c681829f5c714c6940f73aa6913ee94394", "a4d8a644f002245879ae438cb7589b1e542997024a5d1254ac17a35f842a051c", "3924a67ebb6d966ec2d5fc3a4d69c91903365d4254d22cb57b3d2a129674d1aa", "9126101067461824beed8d288d53f90a3c93967f4bcf6cbea5104df7e29b055c", "6b3bc26e0397baf1040e6bb909ea6881fdaf8241c3377d1034d2ea941234eccc", "d4eee9764c67a0ee51c8b18494ed900bdd0084883da2078edf772916625a26af", "bab24cf9200dffb3096655b2296548a90b767180d0543880966c195070f36163", "ebf66bf4419783bcbc79de9cbfc6cac271a3b70318064c0f9eb3d37b38b22e37", "05d060844cfad849625b3d81e929caa570c382d86dbaa7b103f5b383774ddaba", "99e0cc28031e84d120839d65bf39ce43a91e4cde2f41cf9796e5ea2dabec0ec5", "1064f656c6db7845c5a8376c0806facb68876a0d1db22bddf513d450e7186551", "2a0ee20d9da36fc9224549fe6cd28a48925b10e224c937ea9405dc1a964b886d"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "potential-registry-persistence", "hashes": ["0894dbd6a9e65e5599d0d8faac3cc1b9c8263982f6dbb3ca779744c07fe13383", "3ed4dec2e8102f833c378581bb2647a4f3350637c1a76e3c97210a59c2a28874", "99da867bce6ba87309a9cac10625cfd659e6b6726964556a589e25d7703ffdb7", "28cf65cc0b12e91dc2dfe762b953ec40dbce2f9599202c3ea78bd5c717fef727", "9d725825572aa379424931b9d5ad2bcac275b9704d36375ab366fbabc02b00a6", "e419d6565615a8a0cd2b1abba7a7496ad9a54e07f0cbe692c589fd7dd832738c", "5e6a5012da6d259bf27f80fce6f585404a8b7d251df77dc8487a4149bc7f73b8", "862239dbbff81e50e58238e5f17e27a7053b4610b7661f1f3498d755d8ecbe36", "f5dcc604286b119640c7273d63bb60c681829f5c714c6940f73aa6913ee94394", "a4d8a644f002245879ae438cb7589b1e542997024a5d1254ac17a35f842a051c", "3924a67ebb6d966ec2d5fc3a4d69c91903365d4254d22cb57b3d2a129674d1aa", "9126101067461824beed8d288d53f90a3c93967f4bcf6cbea5104df7e29b055c", "6b3bc26e0397baf1040e6bb909ea6881fdaf8241c3377d1034d2ea941234eccc", "d4eee9764c67a0ee51c8b18494ed900bdd0084883da2078edf772916625a26af", "bab24cf9200dffb3096655b2296548a90b767180d0543880966c195070f36163", "ebf66bf4419783bcbc79de9cbfc6cac271a3b70318064c0f9eb3d37b38b22e37", "05d060844cfad849625b3d81e929caa570c382d86dbaa7b103f5b383774ddaba", "99e0cc28031e84d120839d65bf39ce43a91e4cde2f41cf9796e5ea2dabec0ec5", "1064f656c6db7845c5a8376c0806facb68876a0d1db22bddf513d450e7186551", "2a0ee20d9da36fc9224549fe6cd28a48925b10e224c937ea9405dc1a964b886d"], "mitre_attack_tags": []}, {"bi": "http-response-redirect", "hashes": ["0894dbd6a9e65e5599d0d8faac3cc1b9c8263982f6dbb3ca779744c07fe13383", "3ed4dec2e8102f833c378581bb2647a4f3350637c1a76e3c97210a59c2a28874", "99da867bce6ba87309a9cac10625cfd659e6b6726964556a589e25d7703ffdb7", "28cf65cc0b12e91dc2dfe762b953ec40dbce2f9599202c3ea78bd5c717fef727", "9d725825572aa379424931b9d5ad2bcac275b9704d36375ab366fbabc02b00a6", "e419d6565615a8a0cd2b1abba7a7496ad9a54e07f0cbe692c589fd7dd832738c", "5e6a5012da6d259bf27f80fce6f585404a8b7d251df77dc8487a4149bc7f73b8", "862239dbbff81e50e58238e5f17e27a7053b4610b7661f1f3498d755d8ecbe36", "f5dcc604286b119640c7273d63bb60c681829f5c714c6940f73aa6913ee94394", "a4d8a644f002245879ae438cb7589b1e542997024a5d1254ac17a35f842a051c", "3924a67ebb6d966ec2d5fc3a4d69c91903365d4254d22cb57b3d2a129674d1aa", "9126101067461824beed8d288d53f90a3c93967f4bcf6cbea5104df7e29b055c", "6b3bc26e0397baf1040e6bb909ea6881fdaf8241c3377d1034d2ea941234eccc", "d4eee9764c67a0ee51c8b18494ed900bdd0084883da2078edf772916625a26af", "bab24cf9200dffb3096655b2296548a90b767180d0543880966c195070f36163", "ebf66bf4419783bcbc79de9cbfc6cac271a3b70318064c0f9eb3d37b38b22e37", "05d060844cfad849625b3d81e929caa570c382d86dbaa7b103f5b383774ddaba", "99e0cc28031e84d120839d65bf39ce43a91e4cde2f41cf9796e5ea2dabec0ec5", "1064f656c6db7845c5a8376c0806facb68876a0d1db22bddf513d450e7186551", "2a0ee20d9da36fc9224549fe6cd28a48925b10e224c937ea9405dc1a964b886d"], "mitre_attack_tags": []}, {"bi": "pe-tls-callback", "hashes": ["0894dbd6a9e65e5599d0d8faac3cc1b9c8263982f6dbb3ca779744c07fe13383", "3ed4dec2e8102f833c378581bb2647a4f3350637c1a76e3c97210a59c2a28874", "99da867bce6ba87309a9cac10625cfd659e6b6726964556a589e25d7703ffdb7", "28cf65cc0b12e91dc2dfe762b953ec40dbce2f9599202c3ea78bd5c717fef727", "9d725825572aa379424931b9d5ad2bcac275b9704d36375ab366fbabc02b00a6", "e419d6565615a8a0cd2b1abba7a7496ad9a54e07f0cbe692c589fd7dd832738c", "5e6a5012da6d259bf27f80fce6f585404a8b7d251df77dc8487a4149bc7f73b8", "862239dbbff81e50e58238e5f17e27a7053b4610b7661f1f3498d755d8ecbe36", "f5dcc604286b119640c7273d63bb60c681829f5c714c6940f73aa6913ee94394", "a4d8a644f002245879ae438cb7589b1e542997024a5d1254ac17a35f842a051c", "3924a67ebb6d966ec2d5fc3a4d69c91903365d4254d22cb57b3d2a129674d1aa", "9126101067461824beed8d288d53f90a3c93967f4bcf6cbea5104df7e29b055c", "6b3bc26e0397baf1040e6bb909ea6881fdaf8241c3377d1034d2ea941234eccc", "d4eee9764c67a0ee51c8b18494ed900bdd0084883da2078edf772916625a26af", "bab24cf9200dffb3096655b2296548a90b767180d0543880966c195070f36163", "ebf66bf4419783bcbc79de9cbfc6cac271a3b70318064c0f9eb3d37b38b22e37", "05d060844cfad849625b3d81e929caa570c382d86dbaa7b103f5b383774ddaba", "99e0cc28031e84d120839d65bf39ce43a91e4cde2f41cf9796e5ea2dabec0ec5", "1064f656c6db7845c5a8376c0806facb68876a0d1db22bddf513d450e7186551", "2a0ee20d9da36fc9224549fe6cd28a48925b10e224c937ea9405dc1a964b886d"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "sample-pe-modified-on-disk", "hashes": ["0894dbd6a9e65e5599d0d8faac3cc1b9c8263982f6dbb3ca779744c07fe13383", "3ed4dec2e8102f833c378581bb2647a4f3350637c1a76e3c97210a59c2a28874", "99da867bce6ba87309a9cac10625cfd659e6b6726964556a589e25d7703ffdb7", "28cf65cc0b12e91dc2dfe762b953ec40dbce2f9599202c3ea78bd5c717fef727", "9d725825572aa379424931b9d5ad2bcac275b9704d36375ab366fbabc02b00a6", "e419d6565615a8a0cd2b1abba7a7496ad9a54e07f0cbe692c589fd7dd832738c", "5e6a5012da6d259bf27f80fce6f585404a8b7d251df77dc8487a4149bc7f73b8", "862239dbbff81e50e58238e5f17e27a7053b4610b7661f1f3498d755d8ecbe36", "f5dcc604286b119640c7273d63bb60c681829f5c714c6940f73aa6913ee94394", "a4d8a644f002245879ae438cb7589b1e542997024a5d1254ac17a35f842a051c", "3924a67ebb6d966ec2d5fc3a4d69c91903365d4254d22cb57b3d2a129674d1aa", "9126101067461824beed8d288d53f90a3c93967f4bcf6cbea5104df7e29b055c", "6b3bc26e0397baf1040e6bb909ea6881fdaf8241c3377d1034d2ea941234eccc", "d4eee9764c67a0ee51c8b18494ed900bdd0084883da2078edf772916625a26af", "bab24cf9200dffb3096655b2296548a90b767180d0543880966c195070f36163", "ebf66bf4419783bcbc79de9cbfc6cac271a3b70318064c0f9eb3d37b38b22e37", "05d060844cfad849625b3d81e929caa570c382d86dbaa7b103f5b383774ddaba", "99e0cc28031e84d120839d65bf39ce43a91e4cde2f41cf9796e5ea2dabec0ec5", "1064f656c6db7845c5a8376c0806facb68876a0d1db22bddf513d450e7186551", "2a0ee20d9da36fc9224549fe6cd28a48925b10e224c937ea9405dc1a964b886d"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "malware-compound-cta-activity", "hashes": ["0894dbd6a9e65e5599d0d8faac3cc1b9c8263982f6dbb3ca779744c07fe13383", "3ed4dec2e8102f833c378581bb2647a4f3350637c1a76e3c97210a59c2a28874", "99da867bce6ba87309a9cac10625cfd659e6b6726964556a589e25d7703ffdb7", "28cf65cc0b12e91dc2dfe762b953ec40dbce2f9599202c3ea78bd5c717fef727", "9d725825572aa379424931b9d5ad2bcac275b9704d36375ab366fbabc02b00a6", "e419d6565615a8a0cd2b1abba7a7496ad9a54e07f0cbe692c589fd7dd832738c", "5e6a5012da6d259bf27f80fce6f585404a8b7d251df77dc8487a4149bc7f73b8", "862239dbbff81e50e58238e5f17e27a7053b4610b7661f1f3498d755d8ecbe36", "f5dcc604286b119640c7273d63bb60c681829f5c714c6940f73aa6913ee94394", "a4d8a644f002245879ae438cb7589b1e542997024a5d1254ac17a35f842a051c", "3924a67ebb6d966ec2d5fc3a4d69c91903365d4254d22cb57b3d2a129674d1aa", "9126101067461824beed8d288d53f90a3c93967f4bcf6cbea5104df7e29b055c", "6b3bc26e0397baf1040e6bb909ea6881fdaf8241c3377d1034d2ea941234eccc", "d4eee9764c67a0ee51c8b18494ed900bdd0084883da2078edf772916625a26af", "bab24cf9200dffb3096655b2296548a90b767180d0543880966c195070f36163", "ebf66bf4419783bcbc79de9cbfc6cac271a3b70318064c0f9eb3d37b38b22e37", "05d060844cfad849625b3d81e929caa570c382d86dbaa7b103f5b383774ddaba", "99e0cc28031e84d120839d65bf39ce43a91e4cde2f41cf9796e5ea2dabec0ec5", "1064f656c6db7845c5a8376c0806facb68876a0d1db22bddf513d450e7186551", "2a0ee20d9da36fc9224549fe6cd28a48925b10e224c937ea9405dc1a964b886d"], "mitre_attack_tags": []}, {"bi": "task-manager-disabled", "hashes": ["0894dbd6a9e65e5599d0d8faac3cc1b9c8263982f6dbb3ca779744c07fe13383", "3ed4dec2e8102f833c378581bb2647a4f3350637c1a76e3c97210a59c2a28874", "99da867bce6ba87309a9cac10625cfd659e6b6726964556a589e25d7703ffdb7", "28cf65cc0b12e91dc2dfe762b953ec40dbce2f9599202c3ea78bd5c717fef727", "9d725825572aa379424931b9d5ad2bcac275b9704d36375ab366fbabc02b00a6", "e419d6565615a8a0cd2b1abba7a7496ad9a54e07f0cbe692c589fd7dd832738c", "5e6a5012da6d259bf27f80fce6f585404a8b7d251df77dc8487a4149bc7f73b8", "862239dbbff81e50e58238e5f17e27a7053b4610b7661f1f3498d755d8ecbe36", "f5dcc604286b119640c7273d63bb60c681829f5c714c6940f73aa6913ee94394", "a4d8a644f002245879ae438cb7589b1e542997024a5d1254ac17a35f842a051c", "3924a67ebb6d966ec2d5fc3a4d69c91903365d4254d22cb57b3d2a129674d1aa", "9126101067461824beed8d288d53f90a3c93967f4bcf6cbea5104df7e29b055c", "6b3bc26e0397baf1040e6bb909ea6881fdaf8241c3377d1034d2ea941234eccc", "d4eee9764c67a0ee51c8b18494ed900bdd0084883da2078edf772916625a26af", "bab24cf9200dffb3096655b2296548a90b767180d0543880966c195070f36163", "ebf66bf4419783bcbc79de9cbfc6cac271a3b70318064c0f9eb3d37b38b22e37", "05d060844cfad849625b3d81e929caa570c382d86dbaa7b103f5b383774ddaba", "99e0cc28031e84d120839d65bf39ce43a91e4cde2f41cf9796e5ea2dabec0ec5", "1064f656c6db7845c5a8376c0806facb68876a0d1db22bddf513d450e7186551", "2a0ee20d9da36fc9224549fe6cd28a48925b10e224c937ea9405dc1a964b886d"], "mitre_attack_tags": ["TA0005", "T1499"]}, {"bi": "pe-header-timestamp-prior", "hashes": ["0894dbd6a9e65e5599d0d8faac3cc1b9c8263982f6dbb3ca779744c07fe13383", "3ed4dec2e8102f833c378581bb2647a4f3350637c1a76e3c97210a59c2a28874", "99da867bce6ba87309a9cac10625cfd659e6b6726964556a589e25d7703ffdb7", "28cf65cc0b12e91dc2dfe762b953ec40dbce2f9599202c3ea78bd5c717fef727", "9d725825572aa379424931b9d5ad2bcac275b9704d36375ab366fbabc02b00a6", "e419d6565615a8a0cd2b1abba7a7496ad9a54e07f0cbe692c589fd7dd832738c", "5e6a5012da6d259bf27f80fce6f585404a8b7d251df77dc8487a4149bc7f73b8", "862239dbbff81e50e58238e5f17e27a7053b4610b7661f1f3498d755d8ecbe36", "f5dcc604286b119640c7273d63bb60c681829f5c714c6940f73aa6913ee94394", "a4d8a644f002245879ae438cb7589b1e542997024a5d1254ac17a35f842a051c", "3924a67ebb6d966ec2d5fc3a4d69c91903365d4254d22cb57b3d2a129674d1aa", "9126101067461824beed8d288d53f90a3c93967f4bcf6cbea5104df7e29b055c", "6b3bc26e0397baf1040e6bb909ea6881fdaf8241c3377d1034d2ea941234eccc", "d4eee9764c67a0ee51c8b18494ed900bdd0084883da2078edf772916625a26af", "bab24cf9200dffb3096655b2296548a90b767180d0543880966c195070f36163", "ebf66bf4419783bcbc79de9cbfc6cac271a3b70318064c0f9eb3d37b38b22e37", "05d060844cfad849625b3d81e929caa570c382d86dbaa7b103f5b383774ddaba", "99e0cc28031e84d120839d65bf39ce43a91e4cde2f41cf9796e5ea2dabec0ec5", "1064f656c6db7845c5a8376c0806facb68876a0d1db22bddf513d450e7186551", "2a0ee20d9da36fc9224549fe6cd28a48925b10e224c937ea9405dc1a964b886d"], "mitre_attack_tags": []}, {"bi": "windows-os-reboot-detected", "hashes": ["0894dbd6a9e65e5599d0d8faac3cc1b9c8263982f6dbb3ca779744c07fe13383", "3ed4dec2e8102f833c378581bb2647a4f3350637c1a76e3c97210a59c2a28874", "99da867bce6ba87309a9cac10625cfd659e6b6726964556a589e25d7703ffdb7", "28cf65cc0b12e91dc2dfe762b953ec40dbce2f9599202c3ea78bd5c717fef727", "9d725825572aa379424931b9d5ad2bcac275b9704d36375ab366fbabc02b00a6", "e419d6565615a8a0cd2b1abba7a7496ad9a54e07f0cbe692c589fd7dd832738c", "5e6a5012da6d259bf27f80fce6f585404a8b7d251df77dc8487a4149bc7f73b8", "862239dbbff81e50e58238e5f17e27a7053b4610b7661f1f3498d755d8ecbe36", "f5dcc604286b119640c7273d63bb60c681829f5c714c6940f73aa6913ee94394", "a4d8a644f002245879ae438cb7589b1e542997024a5d1254ac17a35f842a051c", "3924a67ebb6d966ec2d5fc3a4d69c91903365d4254d22cb57b3d2a129674d1aa", "9126101067461824beed8d288d53f90a3c93967f4bcf6cbea5104df7e29b055c", "6b3bc26e0397baf1040e6bb909ea6881fdaf8241c3377d1034d2ea941234eccc", "d4eee9764c67a0ee51c8b18494ed900bdd0084883da2078edf772916625a26af", "bab24cf9200dffb3096655b2296548a90b767180d0543880966c195070f36163", "ebf66bf4419783bcbc79de9cbfc6cac271a3b70318064c0f9eb3d37b38b22e37", "05d060844cfad849625b3d81e929caa570c382d86dbaa7b103f5b383774ddaba", "99e0cc28031e84d120839d65bf39ce43a91e4cde2f41cf9796e5ea2dabec0ec5", "1064f656c6db7845c5a8376c0806facb68876a0d1db22bddf513d450e7186551", "2a0ee20d9da36fc9224549fe6cd28a48925b10e224c937ea9405dc1a964b886d"], "mitre_attack_tags": ["TA0040", "T1529"]}, {"bi": "pe-header-timestamp-null", "hashes": ["0894dbd6a9e65e5599d0d8faac3cc1b9c8263982f6dbb3ca779744c07fe13383", "3ed4dec2e8102f833c378581bb2647a4f3350637c1a76e3c97210a59c2a28874", "99da867bce6ba87309a9cac10625cfd659e6b6726964556a589e25d7703ffdb7", "28cf65cc0b12e91dc2dfe762b953ec40dbce2f9599202c3ea78bd5c717fef727", "9d725825572aa379424931b9d5ad2bcac275b9704d36375ab366fbabc02b00a6", "e419d6565615a8a0cd2b1abba7a7496ad9a54e07f0cbe692c589fd7dd832738c", "5e6a5012da6d259bf27f80fce6f585404a8b7d251df77dc8487a4149bc7f73b8", "862239dbbff81e50e58238e5f17e27a7053b4610b7661f1f3498d755d8ecbe36", "f5dcc604286b119640c7273d63bb60c681829f5c714c6940f73aa6913ee94394", "a4d8a644f002245879ae438cb7589b1e542997024a5d1254ac17a35f842a051c", "3924a67ebb6d966ec2d5fc3a4d69c91903365d4254d22cb57b3d2a129674d1aa", "9126101067461824beed8d288d53f90a3c93967f4bcf6cbea5104df7e29b055c", "6b3bc26e0397baf1040e6bb909ea6881fdaf8241c3377d1034d2ea941234eccc", "d4eee9764c67a0ee51c8b18494ed900bdd0084883da2078edf772916625a26af", "bab24cf9200dffb3096655b2296548a90b767180d0543880966c195070f36163", "ebf66bf4419783bcbc79de9cbfc6cac271a3b70318064c0f9eb3d37b38b22e37", "05d060844cfad849625b3d81e929caa570c382d86dbaa7b103f5b383774ddaba", "99e0cc28031e84d120839d65bf39ce43a91e4cde2f41cf9796e5ea2dabec0ec5", "1064f656c6db7845c5a8376c0806facb68876a0d1db22bddf513d450e7186551", "2a0ee20d9da36fc9224549fe6cd28a48925b10e224c937ea9405dc1a964b886d"], "mitre_attack_tags": []}, {"bi": "sample-modified-deleted", "hashes": ["0894dbd6a9e65e5599d0d8faac3cc1b9c8263982f6dbb3ca779744c07fe13383", "3ed4dec2e8102f833c378581bb2647a4f3350637c1a76e3c97210a59c2a28874", "99da867bce6ba87309a9cac10625cfd659e6b6726964556a589e25d7703ffdb7", "28cf65cc0b12e91dc2dfe762b953ec40dbce2f9599202c3ea78bd5c717fef727", "9d725825572aa379424931b9d5ad2bcac275b9704d36375ab366fbabc02b00a6", "e419d6565615a8a0cd2b1abba7a7496ad9a54e07f0cbe692c589fd7dd832738c", "5e6a5012da6d259bf27f80fce6f585404a8b7d251df77dc8487a4149bc7f73b8", "862239dbbff81e50e58238e5f17e27a7053b4610b7661f1f3498d755d8ecbe36", "f5dcc604286b119640c7273d63bb60c681829f5c714c6940f73aa6913ee94394", "a4d8a644f002245879ae438cb7589b1e542997024a5d1254ac17a35f842a051c", "3924a67ebb6d966ec2d5fc3a4d69c91903365d4254d22cb57b3d2a129674d1aa", "9126101067461824beed8d288d53f90a3c93967f4bcf6cbea5104df7e29b055c", "6b3bc26e0397baf1040e6bb909ea6881fdaf8241c3377d1034d2ea941234eccc", "d4eee9764c67a0ee51c8b18494ed900bdd0084883da2078edf772916625a26af", "bab24cf9200dffb3096655b2296548a90b767180d0543880966c195070f36163", "ebf66bf4419783bcbc79de9cbfc6cac271a3b70318064c0f9eb3d37b38b22e37", "05d060844cfad849625b3d81e929caa570c382d86dbaa7b103f5b383774ddaba", "99e0cc28031e84d120839d65bf39ce43a91e4cde2f41cf9796e5ea2dabec0ec5", "1064f656c6db7845c5a8376c0806facb68876a0d1db22bddf513d450e7186551", "2a0ee20d9da36fc9224549fe6cd28a48925b10e224c937ea9405dc1a964b886d"], "mitre_attack_tags": ["TA0005", "T1070"]}, {"bi": "malware-dridex-detected", "hashes": ["0894dbd6a9e65e5599d0d8faac3cc1b9c8263982f6dbb3ca779744c07fe13383", "3ed4dec2e8102f833c378581bb2647a4f3350637c1a76e3c97210a59c2a28874", "99da867bce6ba87309a9cac10625cfd659e6b6726964556a589e25d7703ffdb7", "28cf65cc0b12e91dc2dfe762b953ec40dbce2f9599202c3ea78bd5c717fef727", "9d725825572aa379424931b9d5ad2bcac275b9704d36375ab366fbabc02b00a6", "e419d6565615a8a0cd2b1abba7a7496ad9a54e07f0cbe692c589fd7dd832738c", "5e6a5012da6d259bf27f80fce6f585404a8b7d251df77dc8487a4149bc7f73b8", "862239dbbff81e50e58238e5f17e27a7053b4610b7661f1f3498d755d8ecbe36", "f5dcc604286b119640c7273d63bb60c681829f5c714c6940f73aa6913ee94394", "a4d8a644f002245879ae438cb7589b1e542997024a5d1254ac17a35f842a051c", "3924a67ebb6d966ec2d5fc3a4d69c91903365d4254d22cb57b3d2a129674d1aa", "9126101067461824beed8d288d53f90a3c93967f4bcf6cbea5104df7e29b055c", "6b3bc26e0397baf1040e6bb909ea6881fdaf8241c3377d1034d2ea941234eccc", "d4eee9764c67a0ee51c8b18494ed900bdd0084883da2078edf772916625a26af", "bab24cf9200dffb3096655b2296548a90b767180d0543880966c195070f36163", "ebf66bf4419783bcbc79de9cbfc6cac271a3b70318064c0f9eb3d37b38b22e37", "05d060844cfad849625b3d81e929caa570c382d86dbaa7b103f5b383774ddaba", "99e0cc28031e84d120839d65bf39ce43a91e4cde2f41cf9796e5ea2dabec0ec5", "1064f656c6db7845c5a8376c0806facb68876a0d1db22bddf513d450e7186551", "2a0ee20d9da36fc9224549fe6cd28a48925b10e224c937ea9405dc1a964b886d"], "mitre_attack_tags": []}, {"bi": "url-pastebin-service", "hashes": ["0894dbd6a9e65e5599d0d8faac3cc1b9c8263982f6dbb3ca779744c07fe13383", "3ed4dec2e8102f833c378581bb2647a4f3350637c1a76e3c97210a59c2a28874", "99da867bce6ba87309a9cac10625cfd659e6b6726964556a589e25d7703ffdb7", "28cf65cc0b12e91dc2dfe762b953ec40dbce2f9599202c3ea78bd5c717fef727", "9d725825572aa379424931b9d5ad2bcac275b9704d36375ab366fbabc02b00a6", "e419d6565615a8a0cd2b1abba7a7496ad9a54e07f0cbe692c589fd7dd832738c", "5e6a5012da6d259bf27f80fce6f585404a8b7d251df77dc8487a4149bc7f73b8", "862239dbbff81e50e58238e5f17e27a7053b4610b7661f1f3498d755d8ecbe36", "f5dcc604286b119640c7273d63bb60c681829f5c714c6940f73aa6913ee94394", "a4d8a644f002245879ae438cb7589b1e542997024a5d1254ac17a35f842a051c", "3924a67ebb6d966ec2d5fc3a4d69c91903365d4254d22cb57b3d2a129674d1aa", "9126101067461824beed8d288d53f90a3c93967f4bcf6cbea5104df7e29b055c", "6b3bc26e0397baf1040e6bb909ea6881fdaf8241c3377d1034d2ea941234eccc", "d4eee9764c67a0ee51c8b18494ed900bdd0084883da2078edf772916625a26af", "bab24cf9200dffb3096655b2296548a90b767180d0543880966c195070f36163", "ebf66bf4419783bcbc79de9cbfc6cac271a3b70318064c0f9eb3d37b38b22e37", "05d060844cfad849625b3d81e929caa570c382d86dbaa7b103f5b383774ddaba", "99e0cc28031e84d120839d65bf39ce43a91e4cde2f41cf9796e5ea2dabec0ec5", "1064f656c6db7845c5a8376c0806facb68876a0d1db22bddf513d450e7186551", "2a0ee20d9da36fc9224549fe6cd28a48925b10e224c937ea9405dc1a964b886d"], "mitre_attack_tags": ["TA0011", "T1102"]}, {"bi": "imports-IsDebuggerPresent", "hashes": ["0894dbd6a9e65e5599d0d8faac3cc1b9c8263982f6dbb3ca779744c07fe13383", "3ed4dec2e8102f833c378581bb2647a4f3350637c1a76e3c97210a59c2a28874", "99da867bce6ba87309a9cac10625cfd659e6b6726964556a589e25d7703ffdb7", "28cf65cc0b12e91dc2dfe762b953ec40dbce2f9599202c3ea78bd5c717fef727", "9d725825572aa379424931b9d5ad2bcac275b9704d36375ab366fbabc02b00a6", "e419d6565615a8a0cd2b1abba7a7496ad9a54e07f0cbe692c589fd7dd832738c", "5e6a5012da6d259bf27f80fce6f585404a8b7d251df77dc8487a4149bc7f73b8", "862239dbbff81e50e58238e5f17e27a7053b4610b7661f1f3498d755d8ecbe36", "f5dcc604286b119640c7273d63bb60c681829f5c714c6940f73aa6913ee94394", "a4d8a644f002245879ae438cb7589b1e542997024a5d1254ac17a35f842a051c", "3924a67ebb6d966ec2d5fc3a4d69c91903365d4254d22cb57b3d2a129674d1aa", "9126101067461824beed8d288d53f90a3c93967f4bcf6cbea5104df7e29b055c", "6b3bc26e0397baf1040e6bb909ea6881fdaf8241c3377d1034d2ea941234eccc", "d4eee9764c67a0ee51c8b18494ed900bdd0084883da2078edf772916625a26af", "bab24cf9200dffb3096655b2296548a90b767180d0543880966c195070f36163", "ebf66bf4419783bcbc79de9cbfc6cac271a3b70318064c0f9eb3d37b38b22e37", "05d060844cfad849625b3d81e929caa570c382d86dbaa7b103f5b383774ddaba", "1064f656c6db7845c5a8376c0806facb68876a0d1db22bddf513d450e7186551", "2a0ee20d9da36fc9224549fe6cd28a48925b10e224c937ea9405dc1a964b886d"], "mitre_attack_tags": []}, {"bi": "possible-dga-communication", "hashes": ["0894dbd6a9e65e5599d0d8faac3cc1b9c8263982f6dbb3ca779744c07fe13383", "99da867bce6ba87309a9cac10625cfd659e6b6726964556a589e25d7703ffdb7", "28cf65cc0b12e91dc2dfe762b953ec40dbce2f9599202c3ea78bd5c717fef727", "e419d6565615a8a0cd2b1abba7a7496ad9a54e07f0cbe692c589fd7dd832738c", "862239dbbff81e50e58238e5f17e27a7053b4610b7661f1f3498d755d8ecbe36", "a4d8a644f002245879ae438cb7589b1e542997024a5d1254ac17a35f842a051c", "9126101067461824beed8d288d53f90a3c93967f4bcf6cbea5104df7e29b055c", "6b3bc26e0397baf1040e6bb909ea6881fdaf8241c3377d1034d2ea941234eccc", "d4eee9764c67a0ee51c8b18494ed900bdd0084883da2078edf772916625a26af", "bab24cf9200dffb3096655b2296548a90b767180d0543880966c195070f36163", "ebf66bf4419783bcbc79de9cbfc6cac271a3b70318064c0f9eb3d37b38b22e37", "05d060844cfad849625b3d81e929caa570c382d86dbaa7b103f5b383774ddaba", "99e0cc28031e84d120839d65bf39ce43a91e4cde2f41cf9796e5ea2dabec0ec5", "1064f656c6db7845c5a8376c0806facb68876a0d1db22bddf513d450e7186551", "2a0ee20d9da36fc9224549fe6cd28a48925b10e224c937ea9405dc1a964b886d"], "mitre_attack_tags": ["TA0011", "T1568"]}], "category": "Packed", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": true, "Threat Grid": true, "Umbrella": false, "WSA": false}, "description": "Dridex is a well-known banking trojan that steals credentials and other sensitive information from an infected machine.", "hashes": ["05d060844cfad849625b3d81e929caa570c382d86dbaa7b103f5b383774ddaba", "0894dbd6a9e65e5599d0d8faac3cc1b9c8263982f6dbb3ca779744c07fe13383", "1064f656c6db7845c5a8376c0806facb68876a0d1db22bddf513d450e7186551", "28cf65cc0b12e91dc2dfe762b953ec40dbce2f9599202c3ea78bd5c717fef727", "2a0ee20d9da36fc9224549fe6cd28a48925b10e224c937ea9405dc1a964b886d", "3924a67ebb6d966ec2d5fc3a4d69c91903365d4254d22cb57b3d2a129674d1aa", "3ed4dec2e8102f833c378581bb2647a4f3350637c1a76e3c97210a59c2a28874", "5e6a5012da6d259bf27f80fce6f585404a8b7d251df77dc8487a4149bc7f73b8", "6b3bc26e0397baf1040e6bb909ea6881fdaf8241c3377d1034d2ea941234eccc", "862239dbbff81e50e58238e5f17e27a7053b4610b7661f1f3498d755d8ecbe36", "9126101067461824beed8d288d53f90a3c93967f4bcf6cbea5104df7e29b055c", "99da867bce6ba87309a9cac10625cfd659e6b6726964556a589e25d7703ffdb7", "99e0cc28031e84d120839d65bf39ce43a91e4cde2f41cf9796e5ea2dabec0ec5", "9d725825572aa379424931b9d5ad2bcac275b9704d36375ab366fbabc02b00a6", "a4d8a644f002245879ae438cb7589b1e542997024a5d1254ac17a35f842a051c", "bab24cf9200dffb3096655b2296548a90b767180d0543880966c195070f36163", "d4eee9764c67a0ee51c8b18494ed900bdd0084883da2078edf772916625a26af", "e419d6565615a8a0cd2b1abba7a7496ad9a54e07f0cbe692c589fd7dd832738c", "ebf66bf4419783bcbc79de9cbfc6cac271a3b70318064c0f9eb3d37b38b22e37", "f5dcc604286b119640c7273d63bb60c681829f5c714c6940f73aa6913ee94394"], "iocs": {"domain": [{"hashes": ["05d060844cfad849625b3d81e929caa570c382d86dbaa7b103f5b383774ddaba", "0894dbd6a9e65e5599d0d8faac3cc1b9c8263982f6dbb3ca779744c07fe13383", "1064f656c6db7845c5a8376c0806facb68876a0d1db22bddf513d450e7186551", "28cf65cc0b12e91dc2dfe762b953ec40dbce2f9599202c3ea78bd5c717fef727", "2a0ee20d9da36fc9224549fe6cd28a48925b10e224c937ea9405dc1a964b886d", "3924a67ebb6d966ec2d5fc3a4d69c91903365d4254d22cb57b3d2a129674d1aa", "3ed4dec2e8102f833c378581bb2647a4f3350637c1a76e3c97210a59c2a28874", "5e6a5012da6d259bf27f80fce6f585404a8b7d251df77dc8487a4149bc7f73b8", "6b3bc26e0397baf1040e6bb909ea6881fdaf8241c3377d1034d2ea941234eccc", "862239dbbff81e50e58238e5f17e27a7053b4610b7661f1f3498d755d8ecbe36", "9126101067461824beed8d288d53f90a3c93967f4bcf6cbea5104df7e29b055c", "99da867bce6ba87309a9cac10625cfd659e6b6726964556a589e25d7703ffdb7", "99e0cc28031e84d120839d65bf39ce43a91e4cde2f41cf9796e5ea2dabec0ec5", "9d725825572aa379424931b9d5ad2bcac275b9704d36375ab366fbabc02b00a6", "a4d8a644f002245879ae438cb7589b1e542997024a5d1254ac17a35f842a051c", "bab24cf9200dffb3096655b2296548a90b767180d0543880966c195070f36163", "d4eee9764c67a0ee51c8b18494ed900bdd0084883da2078edf772916625a26af", "e419d6565615a8a0cd2b1abba7a7496ad9a54e07f0cbe692c589fd7dd832738c", "ebf66bf4419783bcbc79de9cbfc6cac271a3b70318064c0f9eb3d37b38b22e37", "f5dcc604286b119640c7273d63bb60c681829f5c714c6940f73aa6913ee94394"], "host": "pastebin[.]com"}, {"hashes": ["05d060844cfad849625b3d81e929caa570c382d86dbaa7b103f5b383774ddaba", "0894dbd6a9e65e5599d0d8faac3cc1b9c8263982f6dbb3ca779744c07fe13383", "1064f656c6db7845c5a8376c0806facb68876a0d1db22bddf513d450e7186551", "28cf65cc0b12e91dc2dfe762b953ec40dbce2f9599202c3ea78bd5c717fef727", "2a0ee20d9da36fc9224549fe6cd28a48925b10e224c937ea9405dc1a964b886d", "3924a67ebb6d966ec2d5fc3a4d69c91903365d4254d22cb57b3d2a129674d1aa", "3ed4dec2e8102f833c378581bb2647a4f3350637c1a76e3c97210a59c2a28874", "5e6a5012da6d259bf27f80fce6f585404a8b7d251df77dc8487a4149bc7f73b8", "6b3bc26e0397baf1040e6bb909ea6881fdaf8241c3377d1034d2ea941234eccc", "862239dbbff81e50e58238e5f17e27a7053b4610b7661f1f3498d755d8ecbe36", "9126101067461824beed8d288d53f90a3c93967f4bcf6cbea5104df7e29b055c", "99da867bce6ba87309a9cac10625cfd659e6b6726964556a589e25d7703ffdb7", "99e0cc28031e84d120839d65bf39ce43a91e4cde2f41cf9796e5ea2dabec0ec5", "9d725825572aa379424931b9d5ad2bcac275b9704d36375ab366fbabc02b00a6", "a4d8a644f002245879ae438cb7589b1e542997024a5d1254ac17a35f842a051c", "bab24cf9200dffb3096655b2296548a90b767180d0543880966c195070f36163", "d4eee9764c67a0ee51c8b18494ed900bdd0084883da2078edf772916625a26af", "e419d6565615a8a0cd2b1abba7a7496ad9a54e07f0cbe692c589fd7dd832738c", "ebf66bf4419783bcbc79de9cbfc6cac271a3b70318064c0f9eb3d37b38b22e37", "f5dcc604286b119640c7273d63bb60c681829f5c714c6940f73aa6913ee94394"], "host": "w[.]google[.]com"}, {"hashes": ["05d060844cfad849625b3d81e929caa570c382d86dbaa7b103f5b383774ddaba", "0894dbd6a9e65e5599d0d8faac3cc1b9c8263982f6dbb3ca779744c07fe13383", "1064f656c6db7845c5a8376c0806facb68876a0d1db22bddf513d450e7186551", "28cf65cc0b12e91dc2dfe762b953ec40dbce2f9599202c3ea78bd5c717fef727", "2a0ee20d9da36fc9224549fe6cd28a48925b10e224c937ea9405dc1a964b886d", "3924a67ebb6d966ec2d5fc3a4d69c91903365d4254d22cb57b3d2a129674d1aa", "3ed4dec2e8102f833c378581bb2647a4f3350637c1a76e3c97210a59c2a28874", "5e6a5012da6d259bf27f80fce6f585404a8b7d251df77dc8487a4149bc7f73b8", "6b3bc26e0397baf1040e6bb909ea6881fdaf8241c3377d1034d2ea941234eccc", "862239dbbff81e50e58238e5f17e27a7053b4610b7661f1f3498d755d8ecbe36", "9126101067461824beed8d288d53f90a3c93967f4bcf6cbea5104df7e29b055c", "99da867bce6ba87309a9cac10625cfd659e6b6726964556a589e25d7703ffdb7", "99e0cc28031e84d120839d65bf39ce43a91e4cde2f41cf9796e5ea2dabec0ec5", "9d725825572aa379424931b9d5ad2bcac275b9704d36375ab366fbabc02b00a6", "a4d8a644f002245879ae438cb7589b1e542997024a5d1254ac17a35f842a051c", "bab24cf9200dffb3096655b2296548a90b767180d0543880966c195070f36163", "d4eee9764c67a0ee51c8b18494ed900bdd0084883da2078edf772916625a26af", "e419d6565615a8a0cd2b1abba7a7496ad9a54e07f0cbe692c589fd7dd832738c", "ebf66bf4419783bcbc79de9cbfc6cac271a3b70318064c0f9eb3d37b38b22e37", "f5dcc604286b119640c7273d63bb60c681829f5c714c6940f73aa6913ee94394"], "host": "www3[.]l[.]google[.]com"}, {"hashes": ["2a0ee20d9da36fc9224549fe6cd28a48925b10e224c937ea9405dc1a964b886d", "3924a67ebb6d966ec2d5fc3a4d69c91903365d4254d22cb57b3d2a129674d1aa", "862239dbbff81e50e58238e5f17e27a7053b4610b7661f1f3498d755d8ecbe36", "9126101067461824beed8d288d53f90a3c93967f4bcf6cbea5104df7e29b055c", "99da867bce6ba87309a9cac10625cfd659e6b6726964556a589e25d7703ffdb7", "9d725825572aa379424931b9d5ad2bcac275b9704d36375ab366fbabc02b00a6", "a4d8a644f002245879ae438cb7589b1e542997024a5d1254ac17a35f842a051c", "bab24cf9200dffb3096655b2296548a90b767180d0543880966c195070f36163", "d4eee9764c67a0ee51c8b18494ed900bdd0084883da2078edf772916625a26af", "e419d6565615a8a0cd2b1abba7a7496ad9a54e07f0cbe692c589fd7dd832738c", "ebf66bf4419783bcbc79de9cbfc6cac271a3b70318064c0f9eb3d37b38b22e37", "f5dcc604286b119640c7273d63bb60c681829f5c714c6940f73aa6913ee94394"], "host": "ctldl[.]windowsupdate[.]com"}, {"hashes": ["2a0ee20d9da36fc9224549fe6cd28a48925b10e224c937ea9405dc1a964b886d", "3924a67ebb6d966ec2d5fc3a4d69c91903365d4254d22cb57b3d2a129674d1aa", "862239dbbff81e50e58238e5f17e27a7053b4610b7661f1f3498d755d8ecbe36", "99da867bce6ba87309a9cac10625cfd659e6b6726964556a589e25d7703ffdb7", "9d725825572aa379424931b9d5ad2bcac275b9704d36375ab366fbabc02b00a6", "d4eee9764c67a0ee51c8b18494ed900bdd0084883da2078edf772916625a26af", "e419d6565615a8a0cd2b1abba7a7496ad9a54e07f0cbe692c589fd7dd832738c", "f5dcc604286b119640c7273d63bb60c681829f5c714c6940f73aa6913ee94394"], "host": "a767[.]dscg3[.]akamai[.]net"}, {"hashes": ["a4d8a644f002245879ae438cb7589b1e542997024a5d1254ac17a35f842a051c", "bab24cf9200dffb3096655b2296548a90b767180d0543880966c195070f36163", "ebf66bf4419783bcbc79de9cbfc6cac271a3b70318064c0f9eb3d37b38b22e37"], "host": "cs11[.]wpc[.]v0cdn[.]net"}, {"hashes": ["3ed4dec2e8102f833c378581bb2647a4f3350637c1a76e3c97210a59c2a28874"], "host": "www[.]nifrdvobhd[.]com"}, {"hashes": ["6b3bc26e0397baf1040e6bb909ea6881fdaf8241c3377d1034d2ea941234eccc"], "host": "www[.]iywhpbgr3g[.]com"}, {"hashes": ["3ed4dec2e8102f833c378581bb2647a4f3350637c1a76e3c97210a59c2a28874"], "host": "www[.]gv9wsvkwyy[.]com"}, {"hashes": ["6b3bc26e0397baf1040e6bb909ea6881fdaf8241c3377d1034d2ea941234eccc"], "host": "www[.]alttykgp11[.]com"}, {"hashes": ["3ed4dec2e8102f833c378581bb2647a4f3350637c1a76e3c97210a59c2a28874"], "host": "www[.]a2mmxwlxvz[.]com"}, {"hashes": ["6b3bc26e0397baf1040e6bb909ea6881fdaf8241c3377d1034d2ea941234eccc"], "host": "www[.]5gfm7hi7qd[.]com"}, {"hashes": ["3ed4dec2e8102f833c378581bb2647a4f3350637c1a76e3c97210a59c2a28874"], "host": "www[.]buwejlpp0d[.]com"}, {"hashes": ["6b3bc26e0397baf1040e6bb909ea6881fdaf8241c3377d1034d2ea941234eccc"], "host": "www[.]suetin4khr[.]com"}, {"hashes": ["3ed4dec2e8102f833c378581bb2647a4f3350637c1a76e3c97210a59c2a28874"], "host": "www[.]ek6pnnamyz[.]com"}, {"hashes": ["6b3bc26e0397baf1040e6bb909ea6881fdaf8241c3377d1034d2ea941234eccc"], "host": "www[.]hywh1moi2j[.]com"}, {"hashes": ["99da867bce6ba87309a9cac10625cfd659e6b6726964556a589e25d7703ffdb7"], "host": "www[.]mbvakzylhn[.]com"}, {"hashes": ["99da867bce6ba87309a9cac10625cfd659e6b6726964556a589e25d7703ffdb7"], "host": "www[.]vvubjb0gdm[.]com"}, {"hashes": ["99da867bce6ba87309a9cac10625cfd659e6b6726964556a589e25d7703ffdb7"], "host": "www[.]hy9omntzcm[.]com"}, {"hashes": ["99da867bce6ba87309a9cac10625cfd659e6b6726964556a589e25d7703ffdb7"], "host": "www[.]8oneeswa1v[.]com"}, {"hashes": ["99da867bce6ba87309a9cac10625cfd659e6b6726964556a589e25d7703ffdb7"], "host": "www[.]tayjwmhzgx[.]com"}, {"hashes": ["99da867bce6ba87309a9cac10625cfd659e6b6726964556a589e25d7703ffdb7"], "host": "www[.]q4szrjzmhc[.]com"}, {"hashes": ["99da867bce6ba87309a9cac10625cfd659e6b6726964556a589e25d7703ffdb7"], "host": "www[.]u7ols5b564[.]com"}, {"hashes": ["99da867bce6ba87309a9cac10625cfd659e6b6726964556a589e25d7703ffdb7"], "host": "www[.]vich2cbkdj[.]com"}, {"hashes": ["99e0cc28031e84d120839d65bf39ce43a91e4cde2f41cf9796e5ea2dabec0ec5"], "host": "www[.]vphejtfpjx[.]com"}, {"hashes": ["9126101067461824beed8d288d53f90a3c93967f4bcf6cbea5104df7e29b055c"], "host": "www[.]ad5tchrpeq[.]com"}, {"hashes": ["9126101067461824beed8d288d53f90a3c93967f4bcf6cbea5104df7e29b055c"], "host": "www[.]apwsoxia3m[.]com"}, {"hashes": ["9126101067461824beed8d288d53f90a3c93967f4bcf6cbea5104df7e29b055c"], "host": "www[.]dm5vypet2p[.]com"}, {"hashes": ["9126101067461824beed8d288d53f90a3c93967f4bcf6cbea5104df7e29b055c"], "host": "www[.]g5t7wylct1[.]com"}, {"hashes": ["9126101067461824beed8d288d53f90a3c93967f4bcf6cbea5104df7e29b055c"], "host": "www[.]pmlme8dqgm[.]com"}, {"hashes": ["9126101067461824beed8d288d53f90a3c93967f4bcf6cbea5104df7e29b055c"], "host": "www[.]mnv9vgself[.]com"}, {"hashes": ["9126101067461824beed8d288d53f90a3c93967f4bcf6cbea5104df7e29b055c"], "host": "www[.]8vymry2546[.]com"}, {"hashes": ["9126101067461824beed8d288d53f90a3c93967f4bcf6cbea5104df7e29b055c"], "host": "www[.]oxmfbm30vk[.]com"}, {"hashes": ["ebf66bf4419783bcbc79de9cbfc6cac271a3b70318064c0f9eb3d37b38b22e37"], "host": "www[.]ajgeggfb89[.]com"}, {"hashes": ["ebf66bf4419783bcbc79de9cbfc6cac271a3b70318064c0f9eb3d37b38b22e37"], "host": "www[.]r1ozz1vvdj[.]com"}, {"hashes": ["ebf66bf4419783bcbc79de9cbfc6cac271a3b70318064c0f9eb3d37b38b22e37"], "host": "www[.]qova9ubmya[.]com"}, {"hashes": ["ebf66bf4419783bcbc79de9cbfc6cac271a3b70318064c0f9eb3d37b38b22e37"], "host": "www[.]je4hnyipgv[.]com"}, {"hashes": ["ebf66bf4419783bcbc79de9cbfc6cac271a3b70318064c0f9eb3d37b38b22e37"], "host": "www[.]reem3g3jyb[.]com"}, {"hashes": ["ebf66bf4419783bcbc79de9cbfc6cac271a3b70318064c0f9eb3d37b38b22e37"], "host": "www[.]56dkxvmzux[.]com"}, {"hashes": ["ebf66bf4419783bcbc79de9cbfc6cac271a3b70318064c0f9eb3d37b38b22e37"], "host": "www[.]tifvcuabzf[.]com"}, {"hashes": ["ebf66bf4419783bcbc79de9cbfc6cac271a3b70318064c0f9eb3d37b38b22e37"], "host": "www[.]a5ct9im703[.]com"}, {"hashes": ["ebf66bf4419783bcbc79de9cbfc6cac271a3b70318064c0f9eb3d37b38b22e37"], "host": "www[.]8ztrzs7dno[.]com"}, {"hashes": ["0894dbd6a9e65e5599d0d8faac3cc1b9c8263982f6dbb3ca779744c07fe13383"], "host": "www[.]itc18pwanj[.]com"}, {"hashes": ["0894dbd6a9e65e5599d0d8faac3cc1b9c8263982f6dbb3ca779744c07fe13383"], "host": "www[.]iumzkogcqr[.]com"}, {"hashes": ["0894dbd6a9e65e5599d0d8faac3cc1b9c8263982f6dbb3ca779744c07fe13383"], "host": "www[.]u8v3oubk26[.]com"}, {"hashes": ["0894dbd6a9e65e5599d0d8faac3cc1b9c8263982f6dbb3ca779744c07fe13383"], "host": "www[.]fpabcddl9y[.]com"}, {"hashes": ["0894dbd6a9e65e5599d0d8faac3cc1b9c8263982f6dbb3ca779744c07fe13383"], "host": "www[.]xlo4igpyrw[.]com"}, {"hashes": ["0894dbd6a9e65e5599d0d8faac3cc1b9c8263982f6dbb3ca779744c07fe13383"], "host": "www[.]cka6eq9ttb[.]com"}, {"hashes": ["0894dbd6a9e65e5599d0d8faac3cc1b9c8263982f6dbb3ca779744c07fe13383"], "host": "www[.]alab4av3zv[.]com"}, {"hashes": ["0894dbd6a9e65e5599d0d8faac3cc1b9c8263982f6dbb3ca779744c07fe13383"], "host": "www[.]jw8ntxubjf[.]com"}], "file": [{"hashes": ["05d060844cfad849625b3d81e929caa570c382d86dbaa7b103f5b383774ddaba", "0894dbd6a9e65e5599d0d8faac3cc1b9c8263982f6dbb3ca779744c07fe13383", "1064f656c6db7845c5a8376c0806facb68876a0d1db22bddf513d450e7186551", "28cf65cc0b12e91dc2dfe762b953ec40dbce2f9599202c3ea78bd5c717fef727", "2a0ee20d9da36fc9224549fe6cd28a48925b10e224c937ea9405dc1a964b886d", "3924a67ebb6d966ec2d5fc3a4d69c91903365d4254d22cb57b3d2a129674d1aa", "3ed4dec2e8102f833c378581bb2647a4f3350637c1a76e3c97210a59c2a28874", "5e6a5012da6d259bf27f80fce6f585404a8b7d251df77dc8487a4149bc7f73b8", "6b3bc26e0397baf1040e6bb909ea6881fdaf8241c3377d1034d2ea941234eccc", "862239dbbff81e50e58238e5f17e27a7053b4610b7661f1f3498d755d8ecbe36", "9126101067461824beed8d288d53f90a3c93967f4bcf6cbea5104df7e29b055c", "99da867bce6ba87309a9cac10625cfd659e6b6726964556a589e25d7703ffdb7", "99e0cc28031e84d120839d65bf39ce43a91e4cde2f41cf9796e5ea2dabec0ec5", "9d725825572aa379424931b9d5ad2bcac275b9704d36375ab366fbabc02b00a6", "a4d8a644f002245879ae438cb7589b1e542997024a5d1254ac17a35f842a051c", "bab24cf9200dffb3096655b2296548a90b767180d0543880966c195070f36163", "d4eee9764c67a0ee51c8b18494ed900bdd0084883da2078edf772916625a26af", "e419d6565615a8a0cd2b1abba7a7496ad9a54e07f0cbe692c589fd7dd832738c", "ebf66bf4419783bcbc79de9cbfc6cac271a3b70318064c0f9eb3d37b38b22e37", "f5dcc604286b119640c7273d63bb60c681829f5c714c6940f73aa6913ee94394"], "path": "<malware cwd>\\old_<malware exe name> (copy)"}, {"hashes": ["9d725825572aa379424931b9d5ad2bcac275b9704d36375ab366fbabc02b00a6", "d4eee9764c67a0ee51c8b18494ed900bdd0084883da2078edf772916625a26af"], "path": "%ProgramData%\\Microsoft\\Windows\\SystemData\\S-1-5-18\\ReadOnly\\LockScreen_Z\\LockScreen___1024_0768_notdimmed.jpg (copy)"}, {"hashes": ["9d725825572aa379424931b9d5ad2bcac275b9704d36375ab366fbabc02b00a6", "d4eee9764c67a0ee51c8b18494ed900bdd0084883da2078edf772916625a26af"], "path": "%ProgramData%\\Microsoft\\Windows\\SystemData\\S-1-5-18\\ReadOnly\\LockScreen_Z\\~ockScreen___1024_0768_notdimmed.tmp"}], "ip": [{"hashes": ["05d060844cfad849625b3d81e929caa570c382d86dbaa7b103f5b383774ddaba", "0894dbd6a9e65e5599d0d8faac3cc1b9c8263982f6dbb3ca779744c07fe13383", "1064f656c6db7845c5a8376c0806facb68876a0d1db22bddf513d450e7186551", "28cf65cc0b12e91dc2dfe762b953ec40dbce2f9599202c3ea78bd5c717fef727", "2a0ee20d9da36fc9224549fe6cd28a48925b10e224c937ea9405dc1a964b886d", "3924a67ebb6d966ec2d5fc3a4d69c91903365d4254d22cb57b3d2a129674d1aa", "3ed4dec2e8102f833c378581bb2647a4f3350637c1a76e3c97210a59c2a28874", "5e6a5012da6d259bf27f80fce6f585404a8b7d251df77dc8487a4149bc7f73b8", "6b3bc26e0397baf1040e6bb909ea6881fdaf8241c3377d1034d2ea941234eccc", "862239dbbff81e50e58238e5f17e27a7053b4610b7661f1f3498d755d8ecbe36", "9126101067461824beed8d288d53f90a3c93967f4bcf6cbea5104df7e29b055c", "99da867bce6ba87309a9cac10625cfd659e6b6726964556a589e25d7703ffdb7", "99e0cc28031e84d120839d65bf39ce43a91e4cde2f41cf9796e5ea2dabec0ec5", "a4d8a644f002245879ae438cb7589b1e542997024a5d1254ac17a35f842a051c", "bab24cf9200dffb3096655b2296548a90b767180d0543880966c195070f36163", "d4eee9764c67a0ee51c8b18494ed900bdd0084883da2078edf772916625a26af", "e419d6565615a8a0cd2b1abba7a7496ad9a54e07f0cbe692c589fd7dd832738c", "ebf66bf4419783bcbc79de9cbfc6cac271a3b70318064c0f9eb3d37b38b22e37", "f5dcc604286b119640c7273d63bb60c681829f5c714c6940f73aa6913ee94394"], "ip": "172[.]217[.]11[.]46"}, {"hashes": ["05d060844cfad849625b3d81e929caa570c382d86dbaa7b103f5b383774ddaba", "0894dbd6a9e65e5599d0d8faac3cc1b9c8263982f6dbb3ca779744c07fe13383", "1064f656c6db7845c5a8376c0806facb68876a0d1db22bddf513d450e7186551", "2a0ee20d9da36fc9224549fe6cd28a48925b10e224c937ea9405dc1a964b886d", "3ed4dec2e8102f833c378581bb2647a4f3350637c1a76e3c97210a59c2a28874", "5e6a5012da6d259bf27f80fce6f585404a8b7d251df77dc8487a4149bc7f73b8", "9126101067461824beed8d288d53f90a3c93967f4bcf6cbea5104df7e29b055c", "99da867bce6ba87309a9cac10625cfd659e6b6726964556a589e25d7703ffdb7", "99e0cc28031e84d120839d65bf39ce43a91e4cde2f41cf9796e5ea2dabec0ec5", "a4d8a644f002245879ae438cb7589b1e542997024a5d1254ac17a35f842a051c", "d4eee9764c67a0ee51c8b18494ed900bdd0084883da2078edf772916625a26af", "ebf66bf4419783bcbc79de9cbfc6cac271a3b70318064c0f9eb3d37b38b22e37"], "ip": "104[.]23[.]99[.]190"}, {"hashes": ["0894dbd6a9e65e5599d0d8faac3cc1b9c8263982f6dbb3ca779744c07fe13383", "3924a67ebb6d966ec2d5fc3a4d69c91903365d4254d22cb57b3d2a129674d1aa", "5e6a5012da6d259bf27f80fce6f585404a8b7d251df77dc8487a4149bc7f73b8", "9126101067461824beed8d288d53f90a3c93967f4bcf6cbea5104df7e29b055c", "99da867bce6ba87309a9cac10625cfd659e6b6726964556a589e25d7703ffdb7", "bab24cf9200dffb3096655b2296548a90b767180d0543880966c195070f36163", "f5dcc604286b119640c7273d63bb60c681829f5c714c6940f73aa6913ee94394"], "ip": "104[.]23[.]98[.]190"}, {"hashes": ["05d060844cfad849625b3d81e929caa570c382d86dbaa7b103f5b383774ddaba", "0894dbd6a9e65e5599d0d8faac3cc1b9c8263982f6dbb3ca779744c07fe13383", "3924a67ebb6d966ec2d5fc3a4d69c91903365d4254d22cb57b3d2a129674d1aa", "6b3bc26e0397baf1040e6bb909ea6881fdaf8241c3377d1034d2ea941234eccc", "862239dbbff81e50e58238e5f17e27a7053b4610b7661f1f3498d755d8ecbe36", "9126101067461824beed8d288d53f90a3c93967f4bcf6cbea5104df7e29b055c", "f5dcc604286b119640c7273d63bb60c681829f5c714c6940f73aa6913ee94394"], "ip": "173[.]194[.]175[.]138/31"}, {"hashes": ["2a0ee20d9da36fc9224549fe6cd28a48925b10e224c937ea9405dc1a964b886d", "99da867bce6ba87309a9cac10625cfd659e6b6726964556a589e25d7703ffdb7", "9d725825572aa379424931b9d5ad2bcac275b9704d36375ab366fbabc02b00a6", "d4eee9764c67a0ee51c8b18494ed900bdd0084883da2078edf772916625a26af", "e419d6565615a8a0cd2b1abba7a7496ad9a54e07f0cbe692c589fd7dd832738c", "ebf66bf4419783bcbc79de9cbfc6cac271a3b70318064c0f9eb3d37b38b22e37"], "ip": "173[.]194[.]175[.]102"}, {"hashes": ["2a0ee20d9da36fc9224549fe6cd28a48925b10e224c937ea9405dc1a964b886d", "3924a67ebb6d966ec2d5fc3a4d69c91903365d4254d22cb57b3d2a129674d1aa", "9d725825572aa379424931b9d5ad2bcac275b9704d36375ab366fbabc02b00a6", "d4eee9764c67a0ee51c8b18494ed900bdd0084883da2078edf772916625a26af", "e419d6565615a8a0cd2b1abba7a7496ad9a54e07f0cbe692c589fd7dd832738c"], "ip": "23[.]3[.]13[.]154"}, {"hashes": ["28cf65cc0b12e91dc2dfe762b953ec40dbce2f9599202c3ea78bd5c717fef727", "99e0cc28031e84d120839d65bf39ce43a91e4cde2f41cf9796e5ea2dabec0ec5", "a4d8a644f002245879ae438cb7589b1e542997024a5d1254ac17a35f842a051c", "bab24cf9200dffb3096655b2296548a90b767180d0543880966c195070f36163"], "ip": "173[.]194[.]175[.]100/31"}, {"hashes": ["a4d8a644f002245879ae438cb7589b1e542997024a5d1254ac17a35f842a051c", "bab24cf9200dffb3096655b2296548a90b767180d0543880966c195070f36163", "ebf66bf4419783bcbc79de9cbfc6cac271a3b70318064c0f9eb3d37b38b22e37"], "ip": "72[.]21[.]81[.]240"}, {"hashes": ["1064f656c6db7845c5a8376c0806facb68876a0d1db22bddf513d450e7186551", "3ed4dec2e8102f833c378581bb2647a4f3350637c1a76e3c97210a59c2a28874", "5e6a5012da6d259bf27f80fce6f585404a8b7d251df77dc8487a4149bc7f73b8"], "ip": "173[.]194[.]175[.]113"}, {"hashes": ["862239dbbff81e50e58238e5f17e27a7053b4610b7661f1f3498d755d8ecbe36", "99da867bce6ba87309a9cac10625cfd659e6b6726964556a589e25d7703ffdb7", "f5dcc604286b119640c7273d63bb60c681829f5c714c6940f73aa6913ee94394"], "ip": "23[.]3[.]13[.]88"}, {"hashes": ["9d725825572aa379424931b9d5ad2bcac275b9704d36375ab366fbabc02b00a6"], "ip": "172[.]217[.]11[.]14"}, {"hashes": ["9126101067461824beed8d288d53f90a3c93967f4bcf6cbea5104df7e29b055c"], "ip": "205[.]185[.]216[.]42"}], "mutex": [{"hashes": ["05d060844cfad849625b3d81e929caa570c382d86dbaa7b103f5b383774ddaba", "0894dbd6a9e65e5599d0d8faac3cc1b9c8263982f6dbb3ca779744c07fe13383", "1064f656c6db7845c5a8376c0806facb68876a0d1db22bddf513d450e7186551", "28cf65cc0b12e91dc2dfe762b953ec40dbce2f9599202c3ea78bd5c717fef727", "2a0ee20d9da36fc9224549fe6cd28a48925b10e224c937ea9405dc1a964b886d", "3924a67ebb6d966ec2d5fc3a4d69c91903365d4254d22cb57b3d2a129674d1aa", "3ed4dec2e8102f833c378581bb2647a4f3350637c1a76e3c97210a59c2a28874", "5e6a5012da6d259bf27f80fce6f585404a8b7d251df77dc8487a4149bc7f73b8", "6b3bc26e0397baf1040e6bb909ea6881fdaf8241c3377d1034d2ea941234eccc", "862239dbbff81e50e58238e5f17e27a7053b4610b7661f1f3498d755d8ecbe36", "9126101067461824beed8d288d53f90a3c93967f4bcf6cbea5104df7e29b055c", "99da867bce6ba87309a9cac10625cfd659e6b6726964556a589e25d7703ffdb7", "99e0cc28031e84d120839d65bf39ce43a91e4cde2f41cf9796e5ea2dabec0ec5", "9d725825572aa379424931b9d5ad2bcac275b9704d36375ab366fbabc02b00a6", "a4d8a644f002245879ae438cb7589b1e542997024a5d1254ac17a35f842a051c", "bab24cf9200dffb3096655b2296548a90b767180d0543880966c195070f36163", "d4eee9764c67a0ee51c8b18494ed900bdd0084883da2078edf772916625a26af", "e419d6565615a8a0cd2b1abba7a7496ad9a54e07f0cbe692c589fd7dd832738c", "ebf66bf4419783bcbc79de9cbfc6cac271a3b70318064c0f9eb3d37b38b22e37", "f5dcc604286b119640c7273d63bb60c681829f5c714c6940f73aa6913ee94394"], "name": "<random, matching [A-Z0-9]{10}>"}], "registry": [{"hashes": ["05d060844cfad849625b3d81e929caa570c382d86dbaa7b103f5b383774ddaba", "0894dbd6a9e65e5599d0d8faac3cc1b9c8263982f6dbb3ca779744c07fe13383", "1064f656c6db7845c5a8376c0806facb68876a0d1db22bddf513d450e7186551", "28cf65cc0b12e91dc2dfe762b953ec40dbce2f9599202c3ea78bd5c717fef727", "2a0ee20d9da36fc9224549fe6cd28a48925b10e224c937ea9405dc1a964b886d", "3924a67ebb6d966ec2d5fc3a4d69c91903365d4254d22cb57b3d2a129674d1aa", "3ed4dec2e8102f833c378581bb2647a4f3350637c1a76e3c97210a59c2a28874", "5e6a5012da6d259bf27f80fce6f585404a8b7d251df77dc8487a4149bc7f73b8", "6b3bc26e0397baf1040e6bb909ea6881fdaf8241c3377d1034d2ea941234eccc", "862239dbbff81e50e58238e5f17e27a7053b4610b7661f1f3498d755d8ecbe36", "9126101067461824beed8d288d53f90a3c93967f4bcf6cbea5104df7e29b055c", "99da867bce6ba87309a9cac10625cfd659e6b6726964556a589e25d7703ffdb7", "99e0cc28031e84d120839d65bf39ce43a91e4cde2f41cf9796e5ea2dabec0ec5", "9d725825572aa379424931b9d5ad2bcac275b9704d36375ab366fbabc02b00a6", "a4d8a644f002245879ae438cb7589b1e542997024a5d1254ac17a35f842a051c", "bab24cf9200dffb3096655b2296548a90b767180d0543880966c195070f36163", "d4eee9764c67a0ee51c8b18494ed900bdd0084883da2078edf772916625a26af", "e419d6565615a8a0cd2b1abba7a7496ad9a54e07f0cbe692c589fd7dd832738c", "ebf66bf4419783bcbc79de9cbfc6cac271a3b70318064c0f9eb3d37b38b22e37", "f5dcc604286b119640c7273d63bb60c681829f5c714c6940f73aa6913ee94394"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUNONCE", "value_name": "trkcore"}, {"hashes": ["05d060844cfad849625b3d81e929caa570c382d86dbaa7b103f5b383774ddaba", "0894dbd6a9e65e5599d0d8faac3cc1b9c8263982f6dbb3ca779744c07fe13383", "1064f656c6db7845c5a8376c0806facb68876a0d1db22bddf513d450e7186551", "28cf65cc0b12e91dc2dfe762b953ec40dbce2f9599202c3ea78bd5c717fef727", "2a0ee20d9da36fc9224549fe6cd28a48925b10e224c937ea9405dc1a964b886d", "3924a67ebb6d966ec2d5fc3a4d69c91903365d4254d22cb57b3d2a129674d1aa", "3ed4dec2e8102f833c378581bb2647a4f3350637c1a76e3c97210a59c2a28874", "5e6a5012da6d259bf27f80fce6f585404a8b7d251df77dc8487a4149bc7f73b8", "6b3bc26e0397baf1040e6bb909ea6881fdaf8241c3377d1034d2ea941234eccc", "862239dbbff81e50e58238e5f17e27a7053b4610b7661f1f3498d755d8ecbe36", "9126101067461824beed8d288d53f90a3c93967f4bcf6cbea5104df7e29b055c", "99da867bce6ba87309a9cac10625cfd659e6b6726964556a589e25d7703ffdb7", "99e0cc28031e84d120839d65bf39ce43a91e4cde2f41cf9796e5ea2dabec0ec5", "9d725825572aa379424931b9d5ad2bcac275b9704d36375ab366fbabc02b00a6", "a4d8a644f002245879ae438cb7589b1e542997024a5d1254ac17a35f842a051c", "bab24cf9200dffb3096655b2296548a90b767180d0543880966c195070f36163", "d4eee9764c67a0ee51c8b18494ed900bdd0084883da2078edf772916625a26af", "e419d6565615a8a0cd2b1abba7a7496ad9a54e07f0cbe692c589fd7dd832738c", "ebf66bf4419783bcbc79de9cbfc6cac271a3b70318064c0f9eb3d37b38b22e37", "f5dcc604286b119640c7273d63bb60c681829f5c714c6940f73aa6913ee94394"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\SYSTEM", "value_name": "DisableTaskMgr"}, {"hashes": ["05d060844cfad849625b3d81e929caa570c382d86dbaa7b103f5b383774ddaba", "0894dbd6a9e65e5599d0d8faac3cc1b9c8263982f6dbb3ca779744c07fe13383", "1064f656c6db7845c5a8376c0806facb68876a0d1db22bddf513d450e7186551", "28cf65cc0b12e91dc2dfe762b953ec40dbce2f9599202c3ea78bd5c717fef727", "2a0ee20d9da36fc9224549fe6cd28a48925b10e224c937ea9405dc1a964b886d", "3924a67ebb6d966ec2d5fc3a4d69c91903365d4254d22cb57b3d2a129674d1aa", "3ed4dec2e8102f833c378581bb2647a4f3350637c1a76e3c97210a59c2a28874", "5e6a5012da6d259bf27f80fce6f585404a8b7d251df77dc8487a4149bc7f73b8", "6b3bc26e0397baf1040e6bb909ea6881fdaf8241c3377d1034d2ea941234eccc", "862239dbbff81e50e58238e5f17e27a7053b4610b7661f1f3498d755d8ecbe36", "9126101067461824beed8d288d53f90a3c93967f4bcf6cbea5104df7e29b055c", "99da867bce6ba87309a9cac10625cfd659e6b6726964556a589e25d7703ffdb7", "99e0cc28031e84d120839d65bf39ce43a91e4cde2f41cf9796e5ea2dabec0ec5", "9d725825572aa379424931b9d5ad2bcac275b9704d36375ab366fbabc02b00a6", "a4d8a644f002245879ae438cb7589b1e542997024a5d1254ac17a35f842a051c", "bab24cf9200dffb3096655b2296548a90b767180d0543880966c195070f36163", "d4eee9764c67a0ee51c8b18494ed900bdd0084883da2078edf772916625a26af", "e419d6565615a8a0cd2b1abba7a7496ad9a54e07f0cbe692c589fd7dd832738c", "ebf66bf4419783bcbc79de9cbfc6cac271a3b70318064c0f9eb3d37b38b22e37", "f5dcc604286b119640c7273d63bb60c681829f5c714c6940f73aa6913ee94394"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\ACTION CENTER\\CHECKS\\{C8E6F269-B90A-4053-A3BE-499AFCEC98C4}.CHECK.0", "value_name": "CheckSetting"}]}, "reports_count": 20}, "Win.Packed.RedLine-9831330-0": {"bis": [{"bi": "memory-execute-readwrite", "hashes": ["5ed7321d0e4d7e0dbec935824a15bd6706d26e1798c8d86ac820e7632fa12af5", "181deb00fe0cef63aa1110722c263e33e010bef99b2239f7f3e010e4ef896ee8", "8bc9c34c4795259ec849342ef090ff6afe98386cf8f3e178090462ea2e9222a3", "9f53624e3d08ef50e14c5761553d0f90d1203f69ba5674c35b309e285980c811", "99e8f71c4b1defd1fdad56f2b9e70578633cb2cd1901698bbadf97c1538c7384", "69fca12354a4e0577c699dfbf58b665f5358693660ce2cf8144b75ea08249d50", "8c0e0c1eb5b238d795ee9403e342c9b174bb3d1adefbaeec4897002bd02b5c5d", "6c8e9ea9c67e2807cdf62f2b682bbb59038d00435c55e18a69de6ad3331e5455", "f043c533c3d2a09cbff857a3351a7c7f3938342494d73cb5c582b1a999c11260", "8c89c9a094a0f0d39f2b58ba29bad8a5d2373a98cf7adf0ae8d535853005dee9", "c2a7cf7be6e395d3212033cde522a314c8ab117dc279ff19b15066d14e2f7829", "1f6a851e6ec58527597fa34f45bf3fb57fb792dc510dd2924223fe06767ac5db", "8d41ef2fb5dc6d40326edbc5c030442c9b405adb1dec5340a43c5a63fda16ee2", "f89e6f2527aa365968333a01f97ba93b6d21e55375e6be255841fed0ecf67054", "9cef12bd078776ed63eeac73915174764c331244fc79609a0b8d8a7589c09c83", "d1db7d5b29bdde7c9e1e7899d1867eba946e961c95e0d9867dbbdfc63d7b81da", "be92ed06586b1d63cd82f3ae730ca8c99abd2a2de403b5f14094fd01ce47a1c2", "81d268ae82f4444e0635482a5cdeb183b03a9f514815d1b37e3db42845d26391"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055", "T1181"]}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["5ed7321d0e4d7e0dbec935824a15bd6706d26e1798c8d86ac820e7632fa12af5", "181deb00fe0cef63aa1110722c263e33e010bef99b2239f7f3e010e4ef896ee8", "8bc9c34c4795259ec849342ef090ff6afe98386cf8f3e178090462ea2e9222a3", "9f53624e3d08ef50e14c5761553d0f90d1203f69ba5674c35b309e285980c811", "99e8f71c4b1defd1fdad56f2b9e70578633cb2cd1901698bbadf97c1538c7384", "69fca12354a4e0577c699dfbf58b665f5358693660ce2cf8144b75ea08249d50", "8c0e0c1eb5b238d795ee9403e342c9b174bb3d1adefbaeec4897002bd02b5c5d", "6c8e9ea9c67e2807cdf62f2b682bbb59038d00435c55e18a69de6ad3331e5455", "f043c533c3d2a09cbff857a3351a7c7f3938342494d73cb5c582b1a999c11260", "8c89c9a094a0f0d39f2b58ba29bad8a5d2373a98cf7adf0ae8d535853005dee9", "c2a7cf7be6e395d3212033cde522a314c8ab117dc279ff19b15066d14e2f7829", "1f6a851e6ec58527597fa34f45bf3fb57fb792dc510dd2924223fe06767ac5db", "8d41ef2fb5dc6d40326edbc5c030442c9b405adb1dec5340a43c5a63fda16ee2", "f89e6f2527aa365968333a01f97ba93b6d21e55375e6be255841fed0ecf67054", "9cef12bd078776ed63eeac73915174764c331244fc79609a0b8d8a7589c09c83", "d1db7d5b29bdde7c9e1e7899d1867eba946e961c95e0d9867dbbdfc63d7b81da", "be92ed06586b1d63cd82f3ae730ca8c99abd2a2de403b5f14094fd01ce47a1c2", "81d268ae82f4444e0635482a5cdeb183b03a9f514815d1b37e3db42845d26391"], "mitre_attack_tags": []}, {"bi": "artifact-flagged-anomaly", "hashes": ["5ed7321d0e4d7e0dbec935824a15bd6706d26e1798c8d86ac820e7632fa12af5", "181deb00fe0cef63aa1110722c263e33e010bef99b2239f7f3e010e4ef896ee8", "8bc9c34c4795259ec849342ef090ff6afe98386cf8f3e178090462ea2e9222a3", "9f53624e3d08ef50e14c5761553d0f90d1203f69ba5674c35b309e285980c811", "99e8f71c4b1defd1fdad56f2b9e70578633cb2cd1901698bbadf97c1538c7384", "69fca12354a4e0577c699dfbf58b665f5358693660ce2cf8144b75ea08249d50", "8c0e0c1eb5b238d795ee9403e342c9b174bb3d1adefbaeec4897002bd02b5c5d", "6c8e9ea9c67e2807cdf62f2b682bbb59038d00435c55e18a69de6ad3331e5455", "f043c533c3d2a09cbff857a3351a7c7f3938342494d73cb5c582b1a999c11260", "8c89c9a094a0f0d39f2b58ba29bad8a5d2373a98cf7adf0ae8d535853005dee9", "c2a7cf7be6e395d3212033cde522a314c8ab117dc279ff19b15066d14e2f7829", "1f6a851e6ec58527597fa34f45bf3fb57fb792dc510dd2924223fe06767ac5db", "8d41ef2fb5dc6d40326edbc5c030442c9b405adb1dec5340a43c5a63fda16ee2", "f89e6f2527aa365968333a01f97ba93b6d21e55375e6be255841fed0ecf67054", "9cef12bd078776ed63eeac73915174764c331244fc79609a0b8d8a7589c09c83", "d1db7d5b29bdde7c9e1e7899d1867eba946e961c95e0d9867dbbdfc63d7b81da", "be92ed06586b1d63cd82f3ae730ca8c99abd2a2de403b5f14094fd01ce47a1c2", "81d268ae82f4444e0635482a5cdeb183b03a9f514815d1b37e3db42845d26391"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-uses-dot-net", "hashes": ["5ed7321d0e4d7e0dbec935824a15bd6706d26e1798c8d86ac820e7632fa12af5", "181deb00fe0cef63aa1110722c263e33e010bef99b2239f7f3e010e4ef896ee8", "8bc9c34c4795259ec849342ef090ff6afe98386cf8f3e178090462ea2e9222a3", "9f53624e3d08ef50e14c5761553d0f90d1203f69ba5674c35b309e285980c811", "99e8f71c4b1defd1fdad56f2b9e70578633cb2cd1901698bbadf97c1538c7384", "69fca12354a4e0577c699dfbf58b665f5358693660ce2cf8144b75ea08249d50", "8c0e0c1eb5b238d795ee9403e342c9b174bb3d1adefbaeec4897002bd02b5c5d", "6c8e9ea9c67e2807cdf62f2b682bbb59038d00435c55e18a69de6ad3331e5455", "f043c533c3d2a09cbff857a3351a7c7f3938342494d73cb5c582b1a999c11260", "8c89c9a094a0f0d39f2b58ba29bad8a5d2373a98cf7adf0ae8d535853005dee9", "c2a7cf7be6e395d3212033cde522a314c8ab117dc279ff19b15066d14e2f7829", "1f6a851e6ec58527597fa34f45bf3fb57fb792dc510dd2924223fe06767ac5db", "8d41ef2fb5dc6d40326edbc5c030442c9b405adb1dec5340a43c5a63fda16ee2", "f89e6f2527aa365968333a01f97ba93b6d21e55375e6be255841fed0ecf67054", "9cef12bd078776ed63eeac73915174764c331244fc79609a0b8d8a7589c09c83", "d1db7d5b29bdde7c9e1e7899d1867eba946e961c95e0d9867dbbdfc63d7b81da", "be92ed06586b1d63cd82f3ae730ca8c99abd2a2de403b5f14094fd01ce47a1c2", "81d268ae82f4444e0635482a5cdeb183b03a9f514815d1b37e3db42845d26391"], "mitre_attack_tags": []}, {"bi": "artifact-flagged-vm", "hashes": ["5ed7321d0e4d7e0dbec935824a15bd6706d26e1798c8d86ac820e7632fa12af5", "181deb00fe0cef63aa1110722c263e33e010bef99b2239f7f3e010e4ef896ee8", "8bc9c34c4795259ec849342ef090ff6afe98386cf8f3e178090462ea2e9222a3", "9f53624e3d08ef50e14c5761553d0f90d1203f69ba5674c35b309e285980c811", "99e8f71c4b1defd1fdad56f2b9e70578633cb2cd1901698bbadf97c1538c7384", "69fca12354a4e0577c699dfbf58b665f5358693660ce2cf8144b75ea08249d50", "8c0e0c1eb5b238d795ee9403e342c9b174bb3d1adefbaeec4897002bd02b5c5d", "6c8e9ea9c67e2807cdf62f2b682bbb59038d00435c55e18a69de6ad3331e5455", "f043c533c3d2a09cbff857a3351a7c7f3938342494d73cb5c582b1a999c11260", "8c89c9a094a0f0d39f2b58ba29bad8a5d2373a98cf7adf0ae8d535853005dee9", "c2a7cf7be6e395d3212033cde522a314c8ab117dc279ff19b15066d14e2f7829", "1f6a851e6ec58527597fa34f45bf3fb57fb792dc510dd2924223fe06767ac5db", "8d41ef2fb5dc6d40326edbc5c030442c9b405adb1dec5340a43c5a63fda16ee2", "f89e6f2527aa365968333a01f97ba93b6d21e55375e6be255841fed0ecf67054", "9cef12bd078776ed63eeac73915174764c331244fc79609a0b8d8a7589c09c83", "d1db7d5b29bdde7c9e1e7899d1867eba946e961c95e0d9867dbbdfc63d7b81da", "be92ed06586b1d63cd82f3ae730ca8c99abd2a2de403b5f14094fd01ce47a1c2", "81d268ae82f4444e0635482a5cdeb183b03a9f514815d1b37e3db42845d26391"], "mitre_attack_tags": ["TA0005", "TA0007", "T1497"]}, {"bi": "pe-header-linker-major", "hashes": ["5ed7321d0e4d7e0dbec935824a15bd6706d26e1798c8d86ac820e7632fa12af5", "181deb00fe0cef63aa1110722c263e33e010bef99b2239f7f3e010e4ef896ee8", "8bc9c34c4795259ec849342ef090ff6afe98386cf8f3e178090462ea2e9222a3", "9f53624e3d08ef50e14c5761553d0f90d1203f69ba5674c35b309e285980c811", "99e8f71c4b1defd1fdad56f2b9e70578633cb2cd1901698bbadf97c1538c7384", "69fca12354a4e0577c699dfbf58b665f5358693660ce2cf8144b75ea08249d50", "8c0e0c1eb5b238d795ee9403e342c9b174bb3d1adefbaeec4897002bd02b5c5d", "6c8e9ea9c67e2807cdf62f2b682bbb59038d00435c55e18a69de6ad3331e5455", "f043c533c3d2a09cbff857a3351a7c7f3938342494d73cb5c582b1a999c11260", "8c89c9a094a0f0d39f2b58ba29bad8a5d2373a98cf7adf0ae8d535853005dee9", "c2a7cf7be6e395d3212033cde522a314c8ab117dc279ff19b15066d14e2f7829", "1f6a851e6ec58527597fa34f45bf3fb57fb792dc510dd2924223fe06767ac5db", "8d41ef2fb5dc6d40326edbc5c030442c9b405adb1dec5340a43c5a63fda16ee2", "f89e6f2527aa365968333a01f97ba93b6d21e55375e6be255841fed0ecf67054", "9cef12bd078776ed63eeac73915174764c331244fc79609a0b8d8a7589c09c83", "d1db7d5b29bdde7c9e1e7899d1867eba946e961c95e0d9867dbbdfc63d7b81da", "be92ed06586b1d63cd82f3ae730ca8c99abd2a2de403b5f14094fd01ce47a1c2", "81d268ae82f4444e0635482a5cdeb183b03a9f514815d1b37e3db42845d26391"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-header-timestamp-future", "hashes": ["5ed7321d0e4d7e0dbec935824a15bd6706d26e1798c8d86ac820e7632fa12af5", "181deb00fe0cef63aa1110722c263e33e010bef99b2239f7f3e010e4ef896ee8", "8bc9c34c4795259ec849342ef090ff6afe98386cf8f3e178090462ea2e9222a3", "9f53624e3d08ef50e14c5761553d0f90d1203f69ba5674c35b309e285980c811", "99e8f71c4b1defd1fdad56f2b9e70578633cb2cd1901698bbadf97c1538c7384", "69fca12354a4e0577c699dfbf58b665f5358693660ce2cf8144b75ea08249d50", "8c0e0c1eb5b238d795ee9403e342c9b174bb3d1adefbaeec4897002bd02b5c5d", "6c8e9ea9c67e2807cdf62f2b682bbb59038d00435c55e18a69de6ad3331e5455", "f043c533c3d2a09cbff857a3351a7c7f3938342494d73cb5c582b1a999c11260", "8c89c9a094a0f0d39f2b58ba29bad8a5d2373a98cf7adf0ae8d535853005dee9", "c2a7cf7be6e395d3212033cde522a314c8ab117dc279ff19b15066d14e2f7829", "1f6a851e6ec58527597fa34f45bf3fb57fb792dc510dd2924223fe06767ac5db", "8d41ef2fb5dc6d40326edbc5c030442c9b405adb1dec5340a43c5a63fda16ee2", "f89e6f2527aa365968333a01f97ba93b6d21e55375e6be255841fed0ecf67054", "9cef12bd078776ed63eeac73915174764c331244fc79609a0b8d8a7589c09c83", "d1db7d5b29bdde7c9e1e7899d1867eba946e961c95e0d9867dbbdfc63d7b81da", "be92ed06586b1d63cd82f3ae730ca8c99abd2a2de403b5f14094fd01ce47a1c2", "81d268ae82f4444e0635482a5cdeb183b03a9f514815d1b37e3db42845d26391"], "mitre_attack_tags": []}, {"bi": "network-file-uploaded", "hashes": ["5ed7321d0e4d7e0dbec935824a15bd6706d26e1798c8d86ac820e7632fa12af5", "181deb00fe0cef63aa1110722c263e33e010bef99b2239f7f3e010e4ef896ee8", "99e8f71c4b1defd1fdad56f2b9e70578633cb2cd1901698bbadf97c1538c7384", "69fca12354a4e0577c699dfbf58b665f5358693660ce2cf8144b75ea08249d50", "f043c533c3d2a09cbff857a3351a7c7f3938342494d73cb5c582b1a999c11260", "c2a7cf7be6e395d3212033cde522a314c8ab117dc279ff19b15066d14e2f7829", "8d41ef2fb5dc6d40326edbc5c030442c9b405adb1dec5340a43c5a63fda16ee2", "f89e6f2527aa365968333a01f97ba93b6d21e55375e6be255841fed0ecf67054", "9cef12bd078776ed63eeac73915174764c331244fc79609a0b8d8a7589c09c83", "d1db7d5b29bdde7c9e1e7899d1867eba946e961c95e0d9867dbbdfc63d7b81da", "be92ed06586b1d63cd82f3ae730ca8c99abd2a2de403b5f14094fd01ce47a1c2"], "mitre_attack_tags": ["TA0010", "T1011"]}, {"bi": "network-fast-flux-domain", "hashes": ["5ed7321d0e4d7e0dbec935824a15bd6706d26e1798c8d86ac820e7632fa12af5", "181deb00fe0cef63aa1110722c263e33e010bef99b2239f7f3e010e4ef896ee8", "99e8f71c4b1defd1fdad56f2b9e70578633cb2cd1901698bbadf97c1538c7384", "69fca12354a4e0577c699dfbf58b665f5358693660ce2cf8144b75ea08249d50", "f043c533c3d2a09cbff857a3351a7c7f3938342494d73cb5c582b1a999c11260", "c2a7cf7be6e395d3212033cde522a314c8ab117dc279ff19b15066d14e2f7829", "8d41ef2fb5dc6d40326edbc5c030442c9b405adb1dec5340a43c5a63fda16ee2", "f89e6f2527aa365968333a01f97ba93b6d21e55375e6be255841fed0ecf67054", "9cef12bd078776ed63eeac73915174764c331244fc79609a0b8d8a7589c09c83", "d1db7d5b29bdde7c9e1e7899d1867eba946e961c95e0d9867dbbdfc63d7b81da", "be92ed06586b1d63cd82f3ae730ca8c99abd2a2de403b5f14094fd01ce47a1c2"], "mitre_attack_tags": []}, {"bi": "network-communications-http-post", "hashes": ["5ed7321d0e4d7e0dbec935824a15bd6706d26e1798c8d86ac820e7632fa12af5", "181deb00fe0cef63aa1110722c263e33e010bef99b2239f7f3e010e4ef896ee8", "99e8f71c4b1defd1fdad56f2b9e70578633cb2cd1901698bbadf97c1538c7384", "69fca12354a4e0577c699dfbf58b665f5358693660ce2cf8144b75ea08249d50", "f043c533c3d2a09cbff857a3351a7c7f3938342494d73cb5c582b1a999c11260", "c2a7cf7be6e395d3212033cde522a314c8ab117dc279ff19b15066d14e2f7829", "8d41ef2fb5dc6d40326edbc5c030442c9b405adb1dec5340a43c5a63fda16ee2", "f89e6f2527aa365968333a01f97ba93b6d21e55375e6be255841fed0ecf67054", "9cef12bd078776ed63eeac73915174764c331244fc79609a0b8d8a7589c09c83", "d1db7d5b29bdde7c9e1e7899d1867eba946e961c95e0d9867dbbdfc63d7b81da", "be92ed06586b1d63cd82f3ae730ca8c99abd2a2de403b5f14094fd01ce47a1c2"], "mitre_attack_tags": ["TA0010", "T1048"]}, {"bi": "network-only-safe-domains-contacted", "hashes": ["5ed7321d0e4d7e0dbec935824a15bd6706d26e1798c8d86ac820e7632fa12af5", "181deb00fe0cef63aa1110722c263e33e010bef99b2239f7f3e010e4ef896ee8", "99e8f71c4b1defd1fdad56f2b9e70578633cb2cd1901698bbadf97c1538c7384", "69fca12354a4e0577c699dfbf58b665f5358693660ce2cf8144b75ea08249d50", "f043c533c3d2a09cbff857a3351a7c7f3938342494d73cb5c582b1a999c11260", "c2a7cf7be6e395d3212033cde522a314c8ab117dc279ff19b15066d14e2f7829", "8d41ef2fb5dc6d40326edbc5c030442c9b405adb1dec5340a43c5a63fda16ee2", "f89e6f2527aa365968333a01f97ba93b6d21e55375e6be255841fed0ecf67054", "9cef12bd078776ed63eeac73915174764c331244fc79609a0b8d8a7589c09c83", "d1db7d5b29bdde7c9e1e7899d1867eba946e961c95e0d9867dbbdfc63d7b81da", "be92ed06586b1d63cd82f3ae730ca8c99abd2a2de403b5f14094fd01ce47a1c2"], "mitre_attack_tags": []}, {"bi": "feed-domain-antivirus-service", "hashes": ["5ed7321d0e4d7e0dbec935824a15bd6706d26e1798c8d86ac820e7632fa12af5", "181deb00fe0cef63aa1110722c263e33e010bef99b2239f7f3e010e4ef896ee8", "99e8f71c4b1defd1fdad56f2b9e70578633cb2cd1901698bbadf97c1538c7384", "69fca12354a4e0577c699dfbf58b665f5358693660ce2cf8144b75ea08249d50", "f043c533c3d2a09cbff857a3351a7c7f3938342494d73cb5c582b1a999c11260", "c2a7cf7be6e395d3212033cde522a314c8ab117dc279ff19b15066d14e2f7829", "8d41ef2fb5dc6d40326edbc5c030442c9b405adb1dec5340a43c5a63fda16ee2", "f89e6f2527aa365968333a01f97ba93b6d21e55375e6be255841fed0ecf67054", "9cef12bd078776ed63eeac73915174764c331244fc79609a0b8d8a7589c09c83", "d1db7d5b29bdde7c9e1e7899d1867eba946e961c95e0d9867dbbdfc63d7b81da", "be92ed06586b1d63cd82f3ae730ca8c99abd2a2de403b5f14094fd01ce47a1c2"], "mitre_attack_tags": []}, {"bi": "network-http-blank-user-agent", "hashes": ["5ed7321d0e4d7e0dbec935824a15bd6706d26e1798c8d86ac820e7632fa12af5", "181deb00fe0cef63aa1110722c263e33e010bef99b2239f7f3e010e4ef896ee8", "99e8f71c4b1defd1fdad56f2b9e70578633cb2cd1901698bbadf97c1538c7384", "69fca12354a4e0577c699dfbf58b665f5358693660ce2cf8144b75ea08249d50", "f043c533c3d2a09cbff857a3351a7c7f3938342494d73cb5c582b1a999c11260", "c2a7cf7be6e395d3212033cde522a314c8ab117dc279ff19b15066d14e2f7829", "8d41ef2fb5dc6d40326edbc5c030442c9b405adb1dec5340a43c5a63fda16ee2", "f89e6f2527aa365968333a01f97ba93b6d21e55375e6be255841fed0ecf67054", "9cef12bd078776ed63eeac73915174764c331244fc79609a0b8d8a7589c09c83", "d1db7d5b29bdde7c9e1e7899d1867eba946e961c95e0d9867dbbdfc63d7b81da", "be92ed06586b1d63cd82f3ae730ca8c99abd2a2de403b5f14094fd01ce47a1c2"], "mitre_attack_tags": ["TA0011", "T1071"]}, {"bi": "public-ip-address-identification-attempt", "hashes": ["5ed7321d0e4d7e0dbec935824a15bd6706d26e1798c8d86ac820e7632fa12af5", "181deb00fe0cef63aa1110722c263e33e010bef99b2239f7f3e010e4ef896ee8", "99e8f71c4b1defd1fdad56f2b9e70578633cb2cd1901698bbadf97c1538c7384", "69fca12354a4e0577c699dfbf58b665f5358693660ce2cf8144b75ea08249d50", "f043c533c3d2a09cbff857a3351a7c7f3938342494d73cb5c582b1a999c11260", "c2a7cf7be6e395d3212033cde522a314c8ab117dc279ff19b15066d14e2f7829", "8d41ef2fb5dc6d40326edbc5c030442c9b405adb1dec5340a43c5a63fda16ee2", "f89e6f2527aa365968333a01f97ba93b6d21e55375e6be255841fed0ecf67054", "9cef12bd078776ed63eeac73915174764c331244fc79609a0b8d8a7589c09c83", "d1db7d5b29bdde7c9e1e7899d1867eba946e961c95e0d9867dbbdfc63d7b81da", "be92ed06586b1d63cd82f3ae730ca8c99abd2a2de403b5f14094fd01ce47a1c2"], "mitre_attack_tags": ["TA0007", "T1082", "T1016"]}, {"bi": "feed-public-ip-check-dns", "hashes": ["5ed7321d0e4d7e0dbec935824a15bd6706d26e1798c8d86ac820e7632fa12af5", "181deb00fe0cef63aa1110722c263e33e010bef99b2239f7f3e010e4ef896ee8", "99e8f71c4b1defd1fdad56f2b9e70578633cb2cd1901698bbadf97c1538c7384", "69fca12354a4e0577c699dfbf58b665f5358693660ce2cf8144b75ea08249d50", "f043c533c3d2a09cbff857a3351a7c7f3938342494d73cb5c582b1a999c11260", "c2a7cf7be6e395d3212033cde522a314c8ab117dc279ff19b15066d14e2f7829", "8d41ef2fb5dc6d40326edbc5c030442c9b405adb1dec5340a43c5a63fda16ee2", "f89e6f2527aa365968333a01f97ba93b6d21e55375e6be255841fed0ecf67054", "9cef12bd078776ed63eeac73915174764c331244fc79609a0b8d8a7589c09c83", "d1db7d5b29bdde7c9e1e7899d1867eba946e961c95e0d9867dbbdfc63d7b81da", "be92ed06586b1d63cd82f3ae730ca8c99abd2a2de403b5f14094fd01ce47a1c2"], "mitre_attack_tags": []}, {"bi": "whois-protocol-query", "hashes": ["5ed7321d0e4d7e0dbec935824a15bd6706d26e1798c8d86ac820e7632fa12af5", "181deb00fe0cef63aa1110722c263e33e010bef99b2239f7f3e010e4ef896ee8", "99e8f71c4b1defd1fdad56f2b9e70578633cb2cd1901698bbadf97c1538c7384", "69fca12354a4e0577c699dfbf58b665f5358693660ce2cf8144b75ea08249d50", "f043c533c3d2a09cbff857a3351a7c7f3938342494d73cb5c582b1a999c11260", "c2a7cf7be6e395d3212033cde522a314c8ab117dc279ff19b15066d14e2f7829", "8d41ef2fb5dc6d40326edbc5c030442c9b405adb1dec5340a43c5a63fda16ee2", "f89e6f2527aa365968333a01f97ba93b6d21e55375e6be255841fed0ecf67054", "9cef12bd078776ed63eeac73915174764c331244fc79609a0b8d8a7589c09c83", "d1db7d5b29bdde7c9e1e7899d1867eba946e961c95e0d9867dbbdfc63d7b81da", "be92ed06586b1d63cd82f3ae730ca8c99abd2a2de403b5f14094fd01ce47a1c2"], "mitre_attack_tags": ["TA0007", "T1082", "T1016"]}, {"bi": "http-response-server-error", "hashes": ["5ed7321d0e4d7e0dbec935824a15bd6706d26e1798c8d86ac820e7632fa12af5", "181deb00fe0cef63aa1110722c263e33e010bef99b2239f7f3e010e4ef896ee8", "f043c533c3d2a09cbff857a3351a7c7f3938342494d73cb5c582b1a999c11260", "c2a7cf7be6e395d3212033cde522a314c8ab117dc279ff19b15066d14e2f7829", "8d41ef2fb5dc6d40326edbc5c030442c9b405adb1dec5340a43c5a63fda16ee2", "f89e6f2527aa365968333a01f97ba93b6d21e55375e6be255841fed0ecf67054", "9cef12bd078776ed63eeac73915174764c331244fc79609a0b8d8a7589c09c83", "d1db7d5b29bdde7c9e1e7899d1867eba946e961c95e0d9867dbbdfc63d7b81da", "be92ed06586b1d63cd82f3ae730ca8c99abd2a2de403b5f14094fd01ce47a1c2"], "mitre_attack_tags": []}, {"bi": "nginx-webserver-detected", "hashes": ["c2a7cf7be6e395d3212033cde522a314c8ab117dc279ff19b15066d14e2f7829", "8d41ef2fb5dc6d40326edbc5c030442c9b405adb1dec5340a43c5a63fda16ee2", "f89e6f2527aa365968333a01f97ba93b6d21e55375e6be255841fed0ecf67054", "9cef12bd078776ed63eeac73915174764c331244fc79609a0b8d8a7589c09c83", "d1db7d5b29bdde7c9e1e7899d1867eba946e961c95e0d9867dbbdfc63d7b81da", "be92ed06586b1d63cd82f3ae730ca8c99abd2a2de403b5f14094fd01ce47a1c2"], "mitre_attack_tags": []}, {"bi": "network-http-non-standard-port", "hashes": ["5ed7321d0e4d7e0dbec935824a15bd6706d26e1798c8d86ac820e7632fa12af5", "181deb00fe0cef63aa1110722c263e33e010bef99b2239f7f3e010e4ef896ee8", "99e8f71c4b1defd1fdad56f2b9e70578633cb2cd1901698bbadf97c1538c7384", "69fca12354a4e0577c699dfbf58b665f5358693660ce2cf8144b75ea08249d50", "f043c533c3d2a09cbff857a3351a7c7f3938342494d73cb5c582b1a999c11260"], "mitre_attack_tags": ["TA0011", "T1571"]}, {"bi": "network-http-numeric-ip", "hashes": ["5ed7321d0e4d7e0dbec935824a15bd6706d26e1798c8d86ac820e7632fa12af5", "181deb00fe0cef63aa1110722c263e33e010bef99b2239f7f3e010e4ef896ee8", "99e8f71c4b1defd1fdad56f2b9e70578633cb2cd1901698bbadf97c1538c7384", "69fca12354a4e0577c699dfbf58b665f5358693660ce2cf8144b75ea08249d50", "f043c533c3d2a09cbff857a3351a7c7f3938342494d73cb5c582b1a999c11260"], "mitre_attack_tags": ["TA0011", "T1071"]}, {"bi": "pe-certificate", "hashes": ["5ed7321d0e4d7e0dbec935824a15bd6706d26e1798c8d86ac820e7632fa12af5", "6c8e9ea9c67e2807cdf62f2b682bbb59038d00435c55e18a69de6ad3331e5455", "1f6a851e6ec58527597fa34f45bf3fb57fb792dc510dd2924223fe06767ac5db"], "mitre_attack_tags": []}, {"bi": "pe-certificate-invalid-signing-date", "hashes": ["5ed7321d0e4d7e0dbec935824a15bd6706d26e1798c8d86ac820e7632fa12af5", "1f6a851e6ec58527597fa34f45bf3fb57fb792dc510dd2924223fe06767ac5db"], "mitre_attack_tags": []}, {"bi": "modified-file-in-user-dir", "hashes": ["99e8f71c4b1defd1fdad56f2b9e70578633cb2cd1901698bbadf97c1538c7384", "69fca12354a4e0577c699dfbf58b665f5358693660ce2cf8144b75ea08249d50"], "mitre_attack_tags": []}, {"bi": "firefox-password-manager-local-database-access", "hashes": ["99e8f71c4b1defd1fdad56f2b9e70578633cb2cd1901698bbadf97c1538c7384", "69fca12354a4e0577c699dfbf58b665f5358693660ce2cf8144b75ea08249d50"], "mitre_attack_tags": ["TA0006", "T1003"]}, {"bi": "enumeration-browser-information", "hashes": ["99e8f71c4b1defd1fdad56f2b9e70578633cb2cd1901698bbadf97c1538c7384", "69fca12354a4e0577c699dfbf58b665f5358693660ce2cf8144b75ea08249d50"], "mitre_attack_tags": ["TA0007", "TA0009", "TA0006", "T1083", "T1217", "T1005", "T1119", "T1552"]}, {"bi": "firefox-cookie-read", "hashes": ["99e8f71c4b1defd1fdad56f2b9e70578633cb2cd1901698bbadf97c1538c7384", "69fca12354a4e0577c699dfbf58b665f5358693660ce2cf8144b75ea08249d50"], "mitre_attack_tags": ["TA0009", "T1005", "T1119"]}, {"bi": "enumeration-vpn-program-information", "hashes": ["99e8f71c4b1defd1fdad56f2b9e70578633cb2cd1901698bbadf97c1538c7384", "69fca12354a4e0577c699dfbf58b665f5358693660ce2cf8144b75ea08249d50"], "mitre_attack_tags": ["TA0007", "TA0009", "TA0006", "T1083", "T1005", "T1119", "T1552"]}, {"bi": "excessive-tcp-connections", "hashes": ["8c0e0c1eb5b238d795ee9403e342c9b174bb3d1adefbaeec4897002bd02b5c5d", "8c89c9a094a0f0d39f2b58ba29bad8a5d2373a98cf7adf0ae8d535853005dee9"], "mitre_attack_tags": ["TA0011", "T1095", "T1008"]}, {"bi": "network-opendns-malicious", "hashes": ["9cef12bd078776ed63eeac73915174764c331244fc79609a0b8d8a7589c09c83", "d1db7d5b29bdde7c9e1e7899d1867eba946e961c95e0d9867dbbdfc63d7b81da"], "mitre_attack_tags": []}, {"bi": "network-dns-upload-file", "hashes": ["9cef12bd078776ed63eeac73915174764c331244fc79609a0b8d8a7589c09c83", "d1db7d5b29bdde7c9e1e7899d1867eba946e961c95e0d9867dbbdfc63d7b81da"], "mitre_attack_tags": []}, {"bi": "pe-invalid-certificate-signature", "hashes": ["6c8e9ea9c67e2807cdf62f2b682bbb59038d00435c55e18a69de6ad3331e5455"], "mitre_attack_tags": ["TA0005", "T1553"]}], "category": "Packed", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": true, "Threat Grid": true, "Umbrella": true, "WSA": true}, "description": "Redline stealer is an information-stealer written in .NET and sold on hacking forums.", "hashes": ["181deb00fe0cef63aa1110722c263e33e010bef99b2239f7f3e010e4ef896ee8", "1f6a851e6ec58527597fa34f45bf3fb57fb792dc510dd2924223fe06767ac5db", "5ed7321d0e4d7e0dbec935824a15bd6706d26e1798c8d86ac820e7632fa12af5", "69fca12354a4e0577c699dfbf58b665f5358693660ce2cf8144b75ea08249d50", "6c8e9ea9c67e2807cdf62f2b682bbb59038d00435c55e18a69de6ad3331e5455", "81d268ae82f4444e0635482a5cdeb183b03a9f514815d1b37e3db42845d26391", "8bc9c34c4795259ec849342ef090ff6afe98386cf8f3e178090462ea2e9222a3", "8c0e0c1eb5b238d795ee9403e342c9b174bb3d1adefbaeec4897002bd02b5c5d", "8c89c9a094a0f0d39f2b58ba29bad8a5d2373a98cf7adf0ae8d535853005dee9", "8d41ef2fb5dc6d40326edbc5c030442c9b405adb1dec5340a43c5a63fda16ee2", "99e8f71c4b1defd1fdad56f2b9e70578633cb2cd1901698bbadf97c1538c7384", "9cef12bd078776ed63eeac73915174764c331244fc79609a0b8d8a7589c09c83", "9f53624e3d08ef50e14c5761553d0f90d1203f69ba5674c35b309e285980c811", "be92ed06586b1d63cd82f3ae730ca8c99abd2a2de403b5f14094fd01ce47a1c2", "c2a7cf7be6e395d3212033cde522a314c8ab117dc279ff19b15066d14e2f7829", "d1db7d5b29bdde7c9e1e7899d1867eba946e961c95e0d9867dbbdfc63d7b81da", "f043c533c3d2a09cbff857a3351a7c7f3938342494d73cb5c582b1a999c11260", "f89e6f2527aa365968333a01f97ba93b6d21e55375e6be255841fed0ecf67054"], "iocs": {"domain": [{"hashes": ["181deb00fe0cef63aa1110722c263e33e010bef99b2239f7f3e010e4ef896ee8", "5ed7321d0e4d7e0dbec935824a15bd6706d26e1798c8d86ac820e7632fa12af5", "69fca12354a4e0577c699dfbf58b665f5358693660ce2cf8144b75ea08249d50", "8d41ef2fb5dc6d40326edbc5c030442c9b405adb1dec5340a43c5a63fda16ee2", "99e8f71c4b1defd1fdad56f2b9e70578633cb2cd1901698bbadf97c1538c7384", "9cef12bd078776ed63eeac73915174764c331244fc79609a0b8d8a7589c09c83", "be92ed06586b1d63cd82f3ae730ca8c99abd2a2de403b5f14094fd01ce47a1c2", "c2a7cf7be6e395d3212033cde522a314c8ab117dc279ff19b15066d14e2f7829", "d1db7d5b29bdde7c9e1e7899d1867eba946e961c95e0d9867dbbdfc63d7b81da", "f043c533c3d2a09cbff857a3351a7c7f3938342494d73cb5c582b1a999c11260", "f89e6f2527aa365968333a01f97ba93b6d21e55375e6be255841fed0ecf67054"], "host": "api[.]ip[.]sb"}, {"hashes": ["181deb00fe0cef63aa1110722c263e33e010bef99b2239f7f3e010e4ef896ee8", "5ed7321d0e4d7e0dbec935824a15bd6706d26e1798c8d86ac820e7632fa12af5", "69fca12354a4e0577c699dfbf58b665f5358693660ce2cf8144b75ea08249d50", "8d41ef2fb5dc6d40326edbc5c030442c9b405adb1dec5340a43c5a63fda16ee2", "99e8f71c4b1defd1fdad56f2b9e70578633cb2cd1901698bbadf97c1538c7384", "9cef12bd078776ed63eeac73915174764c331244fc79609a0b8d8a7589c09c83", "be92ed06586b1d63cd82f3ae730ca8c99abd2a2de403b5f14094fd01ce47a1c2", "c2a7cf7be6e395d3212033cde522a314c8ab117dc279ff19b15066d14e2f7829", "d1db7d5b29bdde7c9e1e7899d1867eba946e961c95e0d9867dbbdfc63d7b81da", "f043c533c3d2a09cbff857a3351a7c7f3938342494d73cb5c582b1a999c11260", "f89e6f2527aa365968333a01f97ba93b6d21e55375e6be255841fed0ecf67054"], "host": "whois[.]arin[.]net"}, {"hashes": ["181deb00fe0cef63aa1110722c263e33e010bef99b2239f7f3e010e4ef896ee8", "5ed7321d0e4d7e0dbec935824a15bd6706d26e1798c8d86ac820e7632fa12af5", "69fca12354a4e0577c699dfbf58b665f5358693660ce2cf8144b75ea08249d50", "8d41ef2fb5dc6d40326edbc5c030442c9b405adb1dec5340a43c5a63fda16ee2", "99e8f71c4b1defd1fdad56f2b9e70578633cb2cd1901698bbadf97c1538c7384", "9cef12bd078776ed63eeac73915174764c331244fc79609a0b8d8a7589c09c83", "be92ed06586b1d63cd82f3ae730ca8c99abd2a2de403b5f14094fd01ce47a1c2", "c2a7cf7be6e395d3212033cde522a314c8ab117dc279ff19b15066d14e2f7829", "d1db7d5b29bdde7c9e1e7899d1867eba946e961c95e0d9867dbbdfc63d7b81da", "f043c533c3d2a09cbff857a3351a7c7f3938342494d73cb5c582b1a999c11260", "f89e6f2527aa365968333a01f97ba93b6d21e55375e6be255841fed0ecf67054"], "host": "whois[.]iana[.]org"}, {"hashes": ["5ed7321d0e4d7e0dbec935824a15bd6706d26e1798c8d86ac820e7632fa12af5", "69fca12354a4e0577c699dfbf58b665f5358693660ce2cf8144b75ea08249d50", "8d41ef2fb5dc6d40326edbc5c030442c9b405adb1dec5340a43c5a63fda16ee2", "99e8f71c4b1defd1fdad56f2b9e70578633cb2cd1901698bbadf97c1538c7384", "9cef12bd078776ed63eeac73915174764c331244fc79609a0b8d8a7589c09c83", "be92ed06586b1d63cd82f3ae730ca8c99abd2a2de403b5f14094fd01ce47a1c2", "c2a7cf7be6e395d3212033cde522a314c8ab117dc279ff19b15066d14e2f7829", "d1db7d5b29bdde7c9e1e7899d1867eba946e961c95e0d9867dbbdfc63d7b81da"], "host": "ianawhois[.]vip[.]icann[.]org"}, {"hashes": ["5ed7321d0e4d7e0dbec935824a15bd6706d26e1798c8d86ac820e7632fa12af5", "69fca12354a4e0577c699dfbf58b665f5358693660ce2cf8144b75ea08249d50", "8d41ef2fb5dc6d40326edbc5c030442c9b405adb1dec5340a43c5a63fda16ee2", "99e8f71c4b1defd1fdad56f2b9e70578633cb2cd1901698bbadf97c1538c7384", "9cef12bd078776ed63eeac73915174764c331244fc79609a0b8d8a7589c09c83", "be92ed06586b1d63cd82f3ae730ca8c99abd2a2de403b5f14094fd01ce47a1c2", "c2a7cf7be6e395d3212033cde522a314c8ab117dc279ff19b15066d14e2f7829", "d1db7d5b29bdde7c9e1e7899d1867eba946e961c95e0d9867dbbdfc63d7b81da"], "host": "api[.]ip[.]sb[.]cdn[.]cloudflare[.]net"}, {"hashes": ["8d41ef2fb5dc6d40326edbc5c030442c9b405adb1dec5340a43c5a63fda16ee2", "be92ed06586b1d63cd82f3ae730ca8c99abd2a2de403b5f14094fd01ce47a1c2", "c2a7cf7be6e395d3212033cde522a314c8ab117dc279ff19b15066d14e2f7829"], "host": "jelonaki[.]xyz"}, {"hashes": ["d1db7d5b29bdde7c9e1e7899d1867eba946e961c95e0d9867dbbdfc63d7b81da"], "host": "ronamei[.]club"}, {"hashes": ["9cef12bd078776ed63eeac73915174764c331244fc79609a0b8d8a7589c09c83"], "host": "kapesteis[.]xyz"}, {"hashes": ["f89e6f2527aa365968333a01f97ba93b6d21e55375e6be255841fed0ecf67054"], "host": "bilirtylo[.]xyz"}], "file": [{"hashes": ["69fca12354a4e0577c699dfbf58b665f5358693660ce2cf8144b75ea08249d50", "99e8f71c4b1defd1fdad56f2b9e70578633cb2cd1901698bbadf97c1538c7384"], "path": "%TEMP%\\tmp<random, matching [A-F0-9]{1,4}>.tmp"}], "ip": [{"hashes": ["181deb00fe0cef63aa1110722c263e33e010bef99b2239f7f3e010e4ef896ee8", "5ed7321d0e4d7e0dbec935824a15bd6706d26e1798c8d86ac820e7632fa12af5", "69fca12354a4e0577c699dfbf58b665f5358693660ce2cf8144b75ea08249d50", "8d41ef2fb5dc6d40326edbc5c030442c9b405adb1dec5340a43c5a63fda16ee2", "99e8f71c4b1defd1fdad56f2b9e70578633cb2cd1901698bbadf97c1538c7384", "9cef12bd078776ed63eeac73915174764c331244fc79609a0b8d8a7589c09c83", "be92ed06586b1d63cd82f3ae730ca8c99abd2a2de403b5f14094fd01ce47a1c2", "c2a7cf7be6e395d3212033cde522a314c8ab117dc279ff19b15066d14e2f7829", "d1db7d5b29bdde7c9e1e7899d1867eba946e961c95e0d9867dbbdfc63d7b81da", "f043c533c3d2a09cbff857a3351a7c7f3938342494d73cb5c582b1a999c11260", "f89e6f2527aa365968333a01f97ba93b6d21e55375e6be255841fed0ecf67054"], "ip": "192[.]0[.]47[.]59"}, {"hashes": ["181deb00fe0cef63aa1110722c263e33e010bef99b2239f7f3e010e4ef896ee8", "69fca12354a4e0577c699dfbf58b665f5358693660ce2cf8144b75ea08249d50", "99e8f71c4b1defd1fdad56f2b9e70578633cb2cd1901698bbadf97c1538c7384", "9cef12bd078776ed63eeac73915174764c331244fc79609a0b8d8a7589c09c83", "be92ed06586b1d63cd82f3ae730ca8c99abd2a2de403b5f14094fd01ce47a1c2", "f043c533c3d2a09cbff857a3351a7c7f3938342494d73cb5c582b1a999c11260"], "ip": "104[.]26[.]13[.]31"}, {"hashes": ["5ed7321d0e4d7e0dbec935824a15bd6706d26e1798c8d86ac820e7632fa12af5", "8d41ef2fb5dc6d40326edbc5c030442c9b405adb1dec5340a43c5a63fda16ee2", "d1db7d5b29bdde7c9e1e7899d1867eba946e961c95e0d9867dbbdfc63d7b81da", "f043c533c3d2a09cbff857a3351a7c7f3938342494d73cb5c582b1a999c11260", "f89e6f2527aa365968333a01f97ba93b6d21e55375e6be255841fed0ecf67054"], "ip": "199[.]71[.]0[.]46"}, {"hashes": ["5ed7321d0e4d7e0dbec935824a15bd6706d26e1798c8d86ac820e7632fa12af5", "8d41ef2fb5dc6d40326edbc5c030442c9b405adb1dec5340a43c5a63fda16ee2", "c2a7cf7be6e395d3212033cde522a314c8ab117dc279ff19b15066d14e2f7829", "d1db7d5b29bdde7c9e1e7899d1867eba946e961c95e0d9867dbbdfc63d7b81da", "f89e6f2527aa365968333a01f97ba93b6d21e55375e6be255841fed0ecf67054"], "ip": "172[.]67[.]75[.]172"}, {"hashes": ["181deb00fe0cef63aa1110722c263e33e010bef99b2239f7f3e010e4ef896ee8", "99e8f71c4b1defd1fdad56f2b9e70578633cb2cd1901698bbadf97c1538c7384", "be92ed06586b1d63cd82f3ae730ca8c99abd2a2de403b5f14094fd01ce47a1c2", "c2a7cf7be6e395d3212033cde522a314c8ab117dc279ff19b15066d14e2f7829"], "ip": "199[.]212[.]0[.]46"}, {"hashes": ["5ed7321d0e4d7e0dbec935824a15bd6706d26e1798c8d86ac820e7632fa12af5", "8d41ef2fb5dc6d40326edbc5c030442c9b405adb1dec5340a43c5a63fda16ee2", "9cef12bd078776ed63eeac73915174764c331244fc79609a0b8d8a7589c09c83"], "ip": "104[.]26[.]12[.]31"}, {"hashes": ["8d41ef2fb5dc6d40326edbc5c030442c9b405adb1dec5340a43c5a63fda16ee2", "be92ed06586b1d63cd82f3ae730ca8c99abd2a2de403b5f14094fd01ce47a1c2", "c2a7cf7be6e395d3212033cde522a314c8ab117dc279ff19b15066d14e2f7829"], "ip": "94[.]140[.]115[.]81"}, {"hashes": ["5ed7321d0e4d7e0dbec935824a15bd6706d26e1798c8d86ac820e7632fa12af5", "99e8f71c4b1defd1fdad56f2b9e70578633cb2cd1901698bbadf97c1538c7384"], "ip": "199[.]5[.]26[.]46"}, {"hashes": ["181deb00fe0cef63aa1110722c263e33e010bef99b2239f7f3e010e4ef896ee8", "f043c533c3d2a09cbff857a3351a7c7f3938342494d73cb5c582b1a999c11260"], "ip": "86[.]105[.]252[.]119"}, {"hashes": ["d1db7d5b29bdde7c9e1e7899d1867eba946e961c95e0d9867dbbdfc63d7b81da"], "ip": "94[.]140[.]114[.]79"}, {"hashes": ["9cef12bd078776ed63eeac73915174764c331244fc79609a0b8d8a7589c09c83"], "ip": "45[.]128[.]150[.]68"}, {"hashes": ["99e8f71c4b1defd1fdad56f2b9e70578633cb2cd1901698bbadf97c1538c7384"], "ip": "194[.]33[.]45[.]208"}, {"hashes": ["9f53624e3d08ef50e14c5761553d0f90d1203f69ba5674c35b309e285980c811"], "ip": "45[.]84[.]0[.]200"}, {"hashes": ["8bc9c34c4795259ec849342ef090ff6afe98386cf8f3e178090462ea2e9222a3"], "ip": "194[.]127[.]178[.]169"}, {"hashes": ["8c89c9a094a0f0d39f2b58ba29bad8a5d2373a98cf7adf0ae8d535853005dee9"], "ip": "138[.]124[.]183[.]216"}, {"hashes": ["1f6a851e6ec58527597fa34f45bf3fb57fb792dc510dd2924223fe06767ac5db"], "ip": "45[.]33[.]89[.]196"}, {"hashes": ["81d268ae82f4444e0635482a5cdeb183b03a9f514815d1b37e3db42845d26391"], "ip": "37[.]46[.]150[.]90"}, {"hashes": ["8c0e0c1eb5b238d795ee9403e342c9b174bb3d1adefbaeec4897002bd02b5c5d"], "ip": "45[.]67[.]231[.]50"}, {"hashes": ["6c8e9ea9c67e2807cdf62f2b682bbb59038d00435c55e18a69de6ad3331e5455"], "ip": "86[.]107[.]197[.]242"}, {"hashes": ["5ed7321d0e4d7e0dbec935824a15bd6706d26e1798c8d86ac820e7632fa12af5"], "ip": "178[.]20[.]40[.]83"}, {"hashes": ["69fca12354a4e0577c699dfbf58b665f5358693660ce2cf8144b75ea08249d50"], "ip": "46[.]105[.]124[.]55"}, {"hashes": ["f89e6f2527aa365968333a01f97ba93b6d21e55375e6be255841fed0ecf67054"], "ip": "185[.]117[.]73[.]183"}], "mutex": [], "registry": []}, "reports_count": 18}, "Win.Packed.Zbot-9831585-0": {"bis": [{"bi": "antivirus-service-flagged-artifact", "hashes": ["a5034b998a3ca784bb40ae2e68fd958787125e39425236bc560084de8fea1313", "b3f9f02ebe8616873663c36216eb7dfb94c28348aed8bfd4b12e30dfb21ceda3", "802d71ed68832886475e48a4895e80ecee8062569fd44e5108c1009e7ff49d23", "6dab41d09d97f620a989eef25e13b427ee8309591f396cee88f6d6c5bf0e6e4f", "24fed6c38a9824901b6bdd426da7b8af3a8e4a0fe20ecc9dc0413dc0456fa653", "b8fb68f7afe9e80090cce1322883a3bd55aad07d37bf95ed785b83ed92838e8e", "49f394ae29f30d5fb925c6f971e85474dcc2dae1c4e57cb576d6785648f0b634", "c8d08659829ab60140d245e63709e00fee646829c16e3cc41c7f5829e4cfe132", "3e92f3554be2a8680a7cae2efd2c20fee0b1d6db484641254d478b8ded04721b", "d81419a4214fb53636410053b1b96ad2284f3b3267bb7f6ec9be630973aa8626", "6f37f97fb5191a3c8620809aae280918eb71e626294fb8a7e7af28f5d962ba11", "d8db5f1daa88bd981cd63973d4722de43afb51615b549179d105ef215522c7ef", "946623117b13c50185a22a63457e6b0f02abebbe7c174b343cf418e2572e7bbd", "1fac4b4591db1bdb5233a8b21892052787ca340ab363c7c02bfb518eb53bada0", "f8aa0ca5b78e08bec43cf32cfdebd205c984089aea6a8eae992ebaccc5275ed8", "a34652554c569c7cc2679cff19695453ce27b6a9464876d3c07c2315af0c305c", "1fb715b062ccf9de5c25c245bcb544533e69e5cc29637fc1ab3ba387d8783041", "44aa74866216ac5fa2f6d8eac30d2f78c4d6c8403545802934ac2d310f0fc2c5", "dcb3f43d43ea0dfea07ce6b58165e5521b50a8f19fc4a7a29c45b87302bf7d20", "6b8eebc66bbcc0c7fb49dbeae8164b4bc9baae263bd0f814acaaf5f076e62ee5"], "mitre_attack_tags": []}, {"bi": "cta-static-analyzer-malicious", "hashes": ["a5034b998a3ca784bb40ae2e68fd958787125e39425236bc560084de8fea1313", "b3f9f02ebe8616873663c36216eb7dfb94c28348aed8bfd4b12e30dfb21ceda3", "802d71ed68832886475e48a4895e80ecee8062569fd44e5108c1009e7ff49d23", "6dab41d09d97f620a989eef25e13b427ee8309591f396cee88f6d6c5bf0e6e4f", "24fed6c38a9824901b6bdd426da7b8af3a8e4a0fe20ecc9dc0413dc0456fa653", "b8fb68f7afe9e80090cce1322883a3bd55aad07d37bf95ed785b83ed92838e8e", "49f394ae29f30d5fb925c6f971e85474dcc2dae1c4e57cb576d6785648f0b634", "c8d08659829ab60140d245e63709e00fee646829c16e3cc41c7f5829e4cfe132", "3e92f3554be2a8680a7cae2efd2c20fee0b1d6db484641254d478b8ded04721b", "d81419a4214fb53636410053b1b96ad2284f3b3267bb7f6ec9be630973aa8626", "6f37f97fb5191a3c8620809aae280918eb71e626294fb8a7e7af28f5d962ba11", "d8db5f1daa88bd981cd63973d4722de43afb51615b549179d105ef215522c7ef", "946623117b13c50185a22a63457e6b0f02abebbe7c174b343cf418e2572e7bbd", "1fac4b4591db1bdb5233a8b21892052787ca340ab363c7c02bfb518eb53bada0", "f8aa0ca5b78e08bec43cf32cfdebd205c984089aea6a8eae992ebaccc5275ed8", "a34652554c569c7cc2679cff19695453ce27b6a9464876d3c07c2315af0c305c", "1fb715b062ccf9de5c25c245bcb544533e69e5cc29637fc1ab3ba387d8783041", "44aa74866216ac5fa2f6d8eac30d2f78c4d6c8403545802934ac2d310f0fc2c5", "dcb3f43d43ea0dfea07ce6b58165e5521b50a8f19fc4a7a29c45b87302bf7d20", "6b8eebc66bbcc0c7fb49dbeae8164b4bc9baae263bd0f814acaaf5f076e62ee5"], "mitre_attack_tags": []}, {"bi": "memory-execute-readwrite", "hashes": ["a5034b998a3ca784bb40ae2e68fd958787125e39425236bc560084de8fea1313", "b3f9f02ebe8616873663c36216eb7dfb94c28348aed8bfd4b12e30dfb21ceda3", "802d71ed68832886475e48a4895e80ecee8062569fd44e5108c1009e7ff49d23", "6dab41d09d97f620a989eef25e13b427ee8309591f396cee88f6d6c5bf0e6e4f", "24fed6c38a9824901b6bdd426da7b8af3a8e4a0fe20ecc9dc0413dc0456fa653", "b8fb68f7afe9e80090cce1322883a3bd55aad07d37bf95ed785b83ed92838e8e", "49f394ae29f30d5fb925c6f971e85474dcc2dae1c4e57cb576d6785648f0b634", "c8d08659829ab60140d245e63709e00fee646829c16e3cc41c7f5829e4cfe132", "3e92f3554be2a8680a7cae2efd2c20fee0b1d6db484641254d478b8ded04721b", "d81419a4214fb53636410053b1b96ad2284f3b3267bb7f6ec9be630973aa8626", "6f37f97fb5191a3c8620809aae280918eb71e626294fb8a7e7af28f5d962ba11", "d8db5f1daa88bd981cd63973d4722de43afb51615b549179d105ef215522c7ef", "946623117b13c50185a22a63457e6b0f02abebbe7c174b343cf418e2572e7bbd", "f8aa0ca5b78e08bec43cf32cfdebd205c984089aea6a8eae992ebaccc5275ed8", "a34652554c569c7cc2679cff19695453ce27b6a9464876d3c07c2315af0c305c", "1fb715b062ccf9de5c25c245bcb544533e69e5cc29637fc1ab3ba387d8783041", "44aa74866216ac5fa2f6d8eac30d2f78c4d6c8403545802934ac2d310f0fc2c5", "dcb3f43d43ea0dfea07ce6b58165e5521b50a8f19fc4a7a29c45b87302bf7d20", "6b8eebc66bbcc0c7fb49dbeae8164b4bc9baae263bd0f814acaaf5f076e62ee5"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055", "T1181"]}, {"bi": "pe-encrypted-section", "hashes": ["a5034b998a3ca784bb40ae2e68fd958787125e39425236bc560084de8fea1313", "b3f9f02ebe8616873663c36216eb7dfb94c28348aed8bfd4b12e30dfb21ceda3", "802d71ed68832886475e48a4895e80ecee8062569fd44e5108c1009e7ff49d23", "6dab41d09d97f620a989eef25e13b427ee8309591f396cee88f6d6c5bf0e6e4f", "24fed6c38a9824901b6bdd426da7b8af3a8e4a0fe20ecc9dc0413dc0456fa653", "b8fb68f7afe9e80090cce1322883a3bd55aad07d37bf95ed785b83ed92838e8e", "49f394ae29f30d5fb925c6f971e85474dcc2dae1c4e57cb576d6785648f0b634", "c8d08659829ab60140d245e63709e00fee646829c16e3cc41c7f5829e4cfe132", "3e92f3554be2a8680a7cae2efd2c20fee0b1d6db484641254d478b8ded04721b", "d81419a4214fb53636410053b1b96ad2284f3b3267bb7f6ec9be630973aa8626", "6f37f97fb5191a3c8620809aae280918eb71e626294fb8a7e7af28f5d962ba11", "946623117b13c50185a22a63457e6b0f02abebbe7c174b343cf418e2572e7bbd", "1fac4b4591db1bdb5233a8b21892052787ca340ab363c7c02bfb518eb53bada0", "a34652554c569c7cc2679cff19695453ce27b6a9464876d3c07c2315af0c305c", "1fb715b062ccf9de5c25c245bcb544533e69e5cc29637fc1ab3ba387d8783041", "44aa74866216ac5fa2f6d8eac30d2f78c4d6c8403545802934ac2d310f0fc2c5", "dcb3f43d43ea0dfea07ce6b58165e5521b50a8f19fc4a7a29c45b87302bf7d20", "6b8eebc66bbcc0c7fb49dbeae8164b4bc9baae263bd0f814acaaf5f076e62ee5"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "registry-autorun-key-modified", "hashes": ["b3f9f02ebe8616873663c36216eb7dfb94c28348aed8bfd4b12e30dfb21ceda3", "6dab41d09d97f620a989eef25e13b427ee8309591f396cee88f6d6c5bf0e6e4f", "24fed6c38a9824901b6bdd426da7b8af3a8e4a0fe20ecc9dc0413dc0456fa653", "c8d08659829ab60140d245e63709e00fee646829c16e3cc41c7f5829e4cfe132", "3e92f3554be2a8680a7cae2efd2c20fee0b1d6db484641254d478b8ded04721b", "6f37f97fb5191a3c8620809aae280918eb71e626294fb8a7e7af28f5d962ba11", "d8db5f1daa88bd981cd63973d4722de43afb51615b549179d105ef215522c7ef", "946623117b13c50185a22a63457e6b0f02abebbe7c174b343cf418e2572e7bbd", "a34652554c569c7cc2679cff19695453ce27b6a9464876d3c07c2315af0c305c", "1fb715b062ccf9de5c25c245bcb544533e69e5cc29637fc1ab3ba387d8783041", "dcb3f43d43ea0dfea07ce6b58165e5521b50a8f19fc4a7a29c45b87302bf7d20"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "deleted-submitted-file", "hashes": ["6dab41d09d97f620a989eef25e13b427ee8309591f396cee88f6d6c5bf0e6e4f", "c8d08659829ab60140d245e63709e00fee646829c16e3cc41c7f5829e4cfe132", "3e92f3554be2a8680a7cae2efd2c20fee0b1d6db484641254d478b8ded04721b", "6f37f97fb5191a3c8620809aae280918eb71e626294fb8a7e7af28f5d962ba11", "946623117b13c50185a22a63457e6b0f02abebbe7c174b343cf418e2572e7bbd", "f8aa0ca5b78e08bec43cf32cfdebd205c984089aea6a8eae992ebaccc5275ed8", "a34652554c569c7cc2679cff19695453ce27b6a9464876d3c07c2315af0c305c", "1fb715b062ccf9de5c25c245bcb544533e69e5cc29637fc1ab3ba387d8783041", "dcb3f43d43ea0dfea07ce6b58165e5521b50a8f19fc4a7a29c45b87302bf7d20"], "mitre_attack_tags": ["TA0005", "T1107"]}, {"bi": "pe-invalid-checksum", "hashes": ["a5034b998a3ca784bb40ae2e68fd958787125e39425236bc560084de8fea1313", "802d71ed68832886475e48a4895e80ecee8062569fd44e5108c1009e7ff49d23", "b8fb68f7afe9e80090cce1322883a3bd55aad07d37bf95ed785b83ed92838e8e", "c8d08659829ab60140d245e63709e00fee646829c16e3cc41c7f5829e4cfe132", "d81419a4214fb53636410053b1b96ad2284f3b3267bb7f6ec9be630973aa8626", "1fac4b4591db1bdb5233a8b21892052787ca340ab363c7c02bfb518eb53bada0", "44aa74866216ac5fa2f6d8eac30d2f78c4d6c8403545802934ac2d310f0fc2c5", "6b8eebc66bbcc0c7fb49dbeae8164b4bc9baae263bd0f814acaaf5f076e62ee5"], "mitre_attack_tags": []}, {"bi": "cmd-exe-file-execution", "hashes": ["6dab41d09d97f620a989eef25e13b427ee8309591f396cee88f6d6c5bf0e6e4f", "c8d08659829ab60140d245e63709e00fee646829c16e3cc41c7f5829e4cfe132", "3e92f3554be2a8680a7cae2efd2c20fee0b1d6db484641254d478b8ded04721b", "6f37f97fb5191a3c8620809aae280918eb71e626294fb8a7e7af28f5d962ba11", "946623117b13c50185a22a63457e6b0f02abebbe7c174b343cf418e2572e7bbd", "f8aa0ca5b78e08bec43cf32cfdebd205c984089aea6a8eae992ebaccc5275ed8", "a34652554c569c7cc2679cff19695453ce27b6a9464876d3c07c2315af0c305c", "dcb3f43d43ea0dfea07ce6b58165e5521b50a8f19fc4a7a29c45b87302bf7d20"], "mitre_attack_tags": ["TA0002", "T1059"]}, {"bi": "modified-executable", "hashes": ["6dab41d09d97f620a989eef25e13b427ee8309591f396cee88f6d6c5bf0e6e4f", "49f394ae29f30d5fb925c6f971e85474dcc2dae1c4e57cb576d6785648f0b634", "c8d08659829ab60140d245e63709e00fee646829c16e3cc41c7f5829e4cfe132", "3e92f3554be2a8680a7cae2efd2c20fee0b1d6db484641254d478b8ded04721b", "6f37f97fb5191a3c8620809aae280918eb71e626294fb8a7e7af28f5d962ba11", "f8aa0ca5b78e08bec43cf32cfdebd205c984089aea6a8eae992ebaccc5275ed8", "1fb715b062ccf9de5c25c245bcb544533e69e5cc29637fc1ab3ba387d8783041"], "mitre_attack_tags": []}, {"bi": "created-executable-in-user-dir", "hashes": ["6dab41d09d97f620a989eef25e13b427ee8309591f396cee88f6d6c5bf0e6e4f", "49f394ae29f30d5fb925c6f971e85474dcc2dae1c4e57cb576d6785648f0b634", "c8d08659829ab60140d245e63709e00fee646829c16e3cc41c7f5829e4cfe132", "3e92f3554be2a8680a7cae2efd2c20fee0b1d6db484641254d478b8ded04721b", "6f37f97fb5191a3c8620809aae280918eb71e626294fb8a7e7af28f5d962ba11", "f8aa0ca5b78e08bec43cf32cfdebd205c984089aea6a8eae992ebaccc5275ed8", "1fb715b062ccf9de5c25c245bcb544533e69e5cc29637fc1ab3ba387d8783041"], "mitre_attack_tags": []}, {"bi": "modified-file-in-user-dir", "hashes": ["6dab41d09d97f620a989eef25e13b427ee8309591f396cee88f6d6c5bf0e6e4f", "49f394ae29f30d5fb925c6f971e85474dcc2dae1c4e57cb576d6785648f0b634", "c8d08659829ab60140d245e63709e00fee646829c16e3cc41c7f5829e4cfe132", "3e92f3554be2a8680a7cae2efd2c20fee0b1d6db484641254d478b8ded04721b", "6f37f97fb5191a3c8620809aae280918eb71e626294fb8a7e7af28f5d962ba11", "f8aa0ca5b78e08bec43cf32cfdebd205c984089aea6a8eae992ebaccc5275ed8", "1fb715b062ccf9de5c25c245bcb544533e69e5cc29637fc1ab3ba387d8783041"], "mitre_attack_tags": []}, {"bi": "process-long-cmdline", "hashes": ["6dab41d09d97f620a989eef25e13b427ee8309591f396cee88f6d6c5bf0e6e4f", "3e92f3554be2a8680a7cae2efd2c20fee0b1d6db484641254d478b8ded04721b", "6f37f97fb5191a3c8620809aae280918eb71e626294fb8a7e7af28f5d962ba11", "946623117b13c50185a22a63457e6b0f02abebbe7c174b343cf418e2572e7bbd", "a34652554c569c7cc2679cff19695453ce27b6a9464876d3c07c2315af0c305c", "dcb3f43d43ea0dfea07ce6b58165e5521b50a8f19fc4a7a29c45b87302bf7d20"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "cmd-exe-file-deletion", "hashes": ["6dab41d09d97f620a989eef25e13b427ee8309591f396cee88f6d6c5bf0e6e4f", "3e92f3554be2a8680a7cae2efd2c20fee0b1d6db484641254d478b8ded04721b", "6f37f97fb5191a3c8620809aae280918eb71e626294fb8a7e7af28f5d962ba11", "946623117b13c50185a22a63457e6b0f02abebbe7c174b343cf418e2572e7bbd", "a34652554c569c7cc2679cff19695453ce27b6a9464876d3c07c2315af0c305c", "dcb3f43d43ea0dfea07ce6b58165e5521b50a8f19fc4a7a29c45b87302bf7d20"], "mitre_attack_tags": ["TA0005", "T1107"]}, {"bi": "network-communications-http-get", "hashes": ["6dab41d09d97f620a989eef25e13b427ee8309591f396cee88f6d6c5bf0e6e4f", "3e92f3554be2a8680a7cae2efd2c20fee0b1d6db484641254d478b8ded04721b", "6f37f97fb5191a3c8620809aae280918eb71e626294fb8a7e7af28f5d962ba11", "1fb715b062ccf9de5c25c245bcb544533e69e5cc29637fc1ab3ba387d8783041"], "mitre_attack_tags": ["TA0011", "T1105"]}, {"bi": "network-only-safe-domains-contacted", "hashes": ["6dab41d09d97f620a989eef25e13b427ee8309591f396cee88f6d6c5bf0e6e4f", "3e92f3554be2a8680a7cae2efd2c20fee0b1d6db484641254d478b8ded04721b", "6f37f97fb5191a3c8620809aae280918eb71e626294fb8a7e7af28f5d962ba11", "1fb715b062ccf9de5c25c245bcb544533e69e5cc29637fc1ab3ba387d8783041"], "mitre_attack_tags": []}, {"bi": "registry-autorun-key-data-dir", "hashes": ["6dab41d09d97f620a989eef25e13b427ee8309591f396cee88f6d6c5bf0e6e4f", "c8d08659829ab60140d245e63709e00fee646829c16e3cc41c7f5829e4cfe132", "3e92f3554be2a8680a7cae2efd2c20fee0b1d6db484641254d478b8ded04721b", "6f37f97fb5191a3c8620809aae280918eb71e626294fb8a7e7af28f5d962ba11"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "http-response-redirect", "hashes": ["6dab41d09d97f620a989eef25e13b427ee8309591f396cee88f6d6c5bf0e6e4f", "3e92f3554be2a8680a7cae2efd2c20fee0b1d6db484641254d478b8ded04721b", "6f37f97fb5191a3c8620809aae280918eb71e626294fb8a7e7af28f5d962ba11", "1fb715b062ccf9de5c25c245bcb544533e69e5cc29637fc1ab3ba387d8783041"], "mitre_attack_tags": []}, {"bi": "file-pending-delete", "hashes": ["6dab41d09d97f620a989eef25e13b427ee8309591f396cee88f6d6c5bf0e6e4f", "3e92f3554be2a8680a7cae2efd2c20fee0b1d6db484641254d478b8ded04721b", "6f37f97fb5191a3c8620809aae280918eb71e626294fb8a7e7af28f5d962ba11", "1fb715b062ccf9de5c25c245bcb544533e69e5cc29637fc1ab3ba387d8783041"], "mitre_attack_tags": ["TA0005", "T1070"]}, {"bi": "enumeration-email-program-information", "hashes": ["c8d08659829ab60140d245e63709e00fee646829c16e3cc41c7f5829e4cfe132", "946623117b13c50185a22a63457e6b0f02abebbe7c174b343cf418e2572e7bbd", "a34652554c569c7cc2679cff19695453ce27b6a9464876d3c07c2315af0c305c", "dcb3f43d43ea0dfea07ce6b58165e5521b50a8f19fc4a7a29c45b87302bf7d20"], "mitre_attack_tags": ["TA0007", "TA0009", "TA0006", "T1083", "T1005", "T1119", "T1114", "T1552"]}, {"bi": "dns-query-nxdomain", "hashes": ["946623117b13c50185a22a63457e6b0f02abebbe7c174b343cf418e2572e7bbd", "a34652554c569c7cc2679cff19695453ce27b6a9464876d3c07c2315af0c305c", "1fb715b062ccf9de5c25c245bcb544533e69e5cc29637fc1ab3ba387d8783041", "dcb3f43d43ea0dfea07ce6b58165e5521b50a8f19fc4a7a29c45b87302bf7d20"], "mitre_attack_tags": []}, {"bi": "feed-domain-antivirus-service", "hashes": ["946623117b13c50185a22a63457e6b0f02abebbe7c174b343cf418e2572e7bbd", "a34652554c569c7cc2679cff19695453ce27b6a9464876d3c07c2315af0c305c", "1fb715b062ccf9de5c25c245bcb544533e69e5cc29637fc1ab3ba387d8783041", "dcb3f43d43ea0dfea07ce6b58165e5521b50a8f19fc4a7a29c45b87302bf7d20"], "mitre_attack_tags": []}, {"bi": "file-ini-read", "hashes": ["946623117b13c50185a22a63457e6b0f02abebbe7c174b343cf418e2572e7bbd", "a34652554c569c7cc2679cff19695453ce27b6a9464876d3c07c2315af0c305c", "1fb715b062ccf9de5c25c245bcb544533e69e5cc29637fc1ab3ba387d8783041", "dcb3f43d43ea0dfea07ce6b58165e5521b50a8f19fc4a7a29c45b87302bf7d20"], "mitre_attack_tags": []}, {"bi": "antivirus-flagged-artifact", "hashes": ["b3f9f02ebe8616873663c36216eb7dfb94c28348aed8bfd4b12e30dfb21ceda3", "24fed6c38a9824901b6bdd426da7b8af3a8e4a0fe20ecc9dc0413dc0456fa653", "c8d08659829ab60140d245e63709e00fee646829c16e3cc41c7f5829e4cfe132"], "mitre_attack_tags": []}, {"bi": "malware-known-trojan-av", "hashes": ["b3f9f02ebe8616873663c36216eb7dfb94c28348aed8bfd4b12e30dfb21ceda3", "24fed6c38a9824901b6bdd426da7b8af3a8e4a0fe20ecc9dc0413dc0456fa653", "c8d08659829ab60140d245e63709e00fee646829c16e3cc41c7f5829e4cfe132"], "mitre_attack_tags": []}, {"bi": "pe-resource-lang-russian", "hashes": ["b3f9f02ebe8616873663c36216eb7dfb94c28348aed8bfd4b12e30dfb21ceda3", "24fed6c38a9824901b6bdd426da7b8af3a8e4a0fe20ecc9dc0413dc0456fa653", "c8d08659829ab60140d245e63709e00fee646829c16e3cc41c7f5829e4cfe132"], "mitre_attack_tags": []}, {"bi": "registry-autorun-key-points-to-temp", "hashes": ["b3f9f02ebe8616873663c36216eb7dfb94c28348aed8bfd4b12e30dfb21ceda3", "24fed6c38a9824901b6bdd426da7b8af3a8e4a0fe20ecc9dc0413dc0456fa653", "d8db5f1daa88bd981cd63973d4722de43afb51615b549179d105ef215522c7ef"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "network-fast-flux-domain", "hashes": ["6dab41d09d97f620a989eef25e13b427ee8309591f396cee88f6d6c5bf0e6e4f", "3e92f3554be2a8680a7cae2efd2c20fee0b1d6db484641254d478b8ded04721b", "6f37f97fb5191a3c8620809aae280918eb71e626294fb8a7e7af28f5d962ba11"], "mitre_attack_tags": []}, {"bi": "public-ip-address-identification-attempt", "hashes": ["6dab41d09d97f620a989eef25e13b427ee8309591f396cee88f6d6c5bf0e6e4f", "3e92f3554be2a8680a7cae2efd2c20fee0b1d6db484641254d478b8ded04721b", "6f37f97fb5191a3c8620809aae280918eb71e626294fb8a7e7af28f5d962ba11"], "mitre_attack_tags": ["TA0007", "T1082", "T1016"]}, {"bi": "registry-autorun-suspicious-public-ip", "hashes": ["6dab41d09d97f620a989eef25e13b427ee8309591f396cee88f6d6c5bf0e6e4f", "3e92f3554be2a8680a7cae2efd2c20fee0b1d6db484641254d478b8ded04721b", "6f37f97fb5191a3c8620809aae280918eb71e626294fb8a7e7af28f5d962ba11"], "mitre_attack_tags": []}, {"bi": "process-requested-direct-io", "hashes": ["6dab41d09d97f620a989eef25e13b427ee8309591f396cee88f6d6c5bf0e6e4f", "3e92f3554be2a8680a7cae2efd2c20fee0b1d6db484641254d478b8ded04721b", "6f37f97fb5191a3c8620809aae280918eb71e626294fb8a7e7af28f5d962ba11"], "mitre_attack_tags": ["TA0007", "TA0005", "T1120"]}, {"bi": "process-created-additional-desktop", "hashes": ["6dab41d09d97f620a989eef25e13b427ee8309591f396cee88f6d6c5bf0e6e4f", "3e92f3554be2a8680a7cae2efd2c20fee0b1d6db484641254d478b8ded04721b", "6f37f97fb5191a3c8620809aae280918eb71e626294fb8a7e7af28f5d962ba11"], "mitre_attack_tags": ["TA0005", "T1143"]}, {"bi": "network-fast-flux-nameserver", "hashes": ["946623117b13c50185a22a63457e6b0f02abebbe7c174b343cf418e2572e7bbd", "1fb715b062ccf9de5c25c245bcb544533e69e5cc29637fc1ab3ba387d8783041", "dcb3f43d43ea0dfea07ce6b58165e5521b50a8f19fc4a7a29c45b87302bf7d20"], "mitre_attack_tags": []}, {"bi": "netbios-query", "hashes": ["946623117b13c50185a22a63457e6b0f02abebbe7c174b343cf418e2572e7bbd", "a34652554c569c7cc2679cff19695453ce27b6a9464876d3c07c2315af0c305c", "dcb3f43d43ea0dfea07ce6b58165e5521b50a8f19fc4a7a29c45b87302bf7d20"], "mitre_attack_tags": []}, {"bi": "feed-domain-rat", "hashes": ["946623117b13c50185a22a63457e6b0f02abebbe7c174b343cf418e2572e7bbd", "a34652554c569c7cc2679cff19695453ce27b6a9464876d3c07c2315af0c305c", "dcb3f43d43ea0dfea07ce6b58165e5521b50a8f19fc4a7a29c45b87302bf7d20"], "mitre_attack_tags": []}, {"bi": "firefox-password-manager-local-database-access", "hashes": ["946623117b13c50185a22a63457e6b0f02abebbe7c174b343cf418e2572e7bbd", "a34652554c569c7cc2679cff19695453ce27b6a9464876d3c07c2315af0c305c", "dcb3f43d43ea0dfea07ce6b58165e5521b50a8f19fc4a7a29c45b87302bf7d20"], "mitre_attack_tags": ["TA0006", "T1003"]}, {"bi": "enumeration-browser-information", "hashes": ["946623117b13c50185a22a63457e6b0f02abebbe7c174b343cf418e2572e7bbd", "a34652554c569c7cc2679cff19695453ce27b6a9464876d3c07c2315af0c305c", "dcb3f43d43ea0dfea07ce6b58165e5521b50a8f19fc4a7a29c45b87302bf7d20"], "mitre_attack_tags": ["TA0007", "TA0009", "TA0006", "T1083", "T1217", "T1005", "T1119", "T1552"]}, {"bi": "artifact-windows-task", "hashes": ["946623117b13c50185a22a63457e6b0f02abebbe7c174b343cf418e2572e7bbd", "a34652554c569c7cc2679cff19695453ce27b6a9464876d3c07c2315af0c305c", "dcb3f43d43ea0dfea07ce6b58165e5521b50a8f19fc4a7a29c45b87302bf7d20"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1053"]}, {"bi": "registry-login-info-guest-modified", "hashes": ["946623117b13c50185a22a63457e6b0f02abebbe7c174b343cf418e2572e7bbd", "a34652554c569c7cc2679cff19695453ce27b6a9464876d3c07c2315af0c305c", "dcb3f43d43ea0dfea07ce6b58165e5521b50a8f19fc4a7a29c45b87302bf7d20"], "mitre_attack_tags": ["TA0005", "TA0003", "T1112", "T1098"]}, {"bi": "malware-pony-stealer-detected", "hashes": ["946623117b13c50185a22a63457e6b0f02abebbe7c174b343cf418e2572e7bbd", "a34652554c569c7cc2679cff19695453ce27b6a9464876d3c07c2315af0c305c", "dcb3f43d43ea0dfea07ce6b58165e5521b50a8f19fc4a7a29c45b87302bf7d20"], "mitre_attack_tags": []}, {"bi": "malware-fareit-file-activity", "hashes": ["946623117b13c50185a22a63457e6b0f02abebbe7c174b343cf418e2572e7bbd", "a34652554c569c7cc2679cff19695453ce27b6a9464876d3c07c2315af0c305c", "dcb3f43d43ea0dfea07ce6b58165e5521b50a8f19fc4a7a29c45b87302bf7d20"], "mitre_attack_tags": []}, {"bi": "registry-login-info-modified", "hashes": ["946623117b13c50185a22a63457e6b0f02abebbe7c174b343cf418e2572e7bbd", "a34652554c569c7cc2679cff19695453ce27b6a9464876d3c07c2315af0c305c", "dcb3f43d43ea0dfea07ce6b58165e5521b50a8f19fc4a7a29c45b87302bf7d20"], "mitre_attack_tags": ["TA0005", "TA0003", "T1112", "T1098"]}, {"bi": "modified-file-in-system-dir", "hashes": ["946623117b13c50185a22a63457e6b0f02abebbe7c174b343cf418e2572e7bbd", "a34652554c569c7cc2679cff19695453ce27b6a9464876d3c07c2315af0c305c", "dcb3f43d43ea0dfea07ce6b58165e5521b50a8f19fc4a7a29c45b87302bf7d20"], "mitre_attack_tags": []}, {"bi": "registry-modification-reg", "hashes": ["946623117b13c50185a22a63457e6b0f02abebbe7c174b343cf418e2572e7bbd", "a34652554c569c7cc2679cff19695453ce27b6a9464876d3c07c2315af0c305c", "dcb3f43d43ea0dfea07ce6b58165e5521b50a8f19fc4a7a29c45b87302bf7d20"], "mitre_attack_tags": []}, {"bi": "process-uses-localhost-traffic", "hashes": ["946623117b13c50185a22a63457e6b0f02abebbe7c174b343cf418e2572e7bbd", "a34652554c569c7cc2679cff19695453ce27b6a9464876d3c07c2315af0c305c", "dcb3f43d43ea0dfea07ce6b58165e5521b50a8f19fc4a7a29c45b87302bf7d20"], "mitre_attack_tags": ["TA0007", "T1049"]}, {"bi": "process-ping", "hashes": ["946623117b13c50185a22a63457e6b0f02abebbe7c174b343cf418e2572e7bbd", "a34652554c569c7cc2679cff19695453ce27b6a9464876d3c07c2315af0c305c", "dcb3f43d43ea0dfea07ce6b58165e5521b50a8f19fc4a7a29c45b87302bf7d20"], "mitre_attack_tags": ["TA0011", "TA0007", "T1049"]}, {"bi": "process-ping-localhost", "hashes": ["946623117b13c50185a22a63457e6b0f02abebbe7c174b343cf418e2572e7bbd", "a34652554c569c7cc2679cff19695453ce27b6a9464876d3c07c2315af0c305c", "dcb3f43d43ea0dfea07ce6b58165e5521b50a8f19fc4a7a29c45b87302bf7d20"], "mitre_attack_tags": ["TA0007", "T1016"]}, {"bi": "task-ran-using-system-account", "hashes": ["946623117b13c50185a22a63457e6b0f02abebbe7c174b343cf418e2572e7bbd", "a34652554c569c7cc2679cff19695453ce27b6a9464876d3c07c2315af0c305c", "dcb3f43d43ea0dfea07ce6b58165e5521b50a8f19fc4a7a29c45b87302bf7d20"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1053"]}, {"bi": "windows-util-at", "hashes": ["946623117b13c50185a22a63457e6b0f02abebbe7c174b343cf418e2572e7bbd", "a34652554c569c7cc2679cff19695453ce27b6a9464876d3c07c2315af0c305c", "dcb3f43d43ea0dfea07ce6b58165e5521b50a8f19fc4a7a29c45b87302bf7d20"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1053"]}, {"bi": "registry-service-schedule-and-task-path", "hashes": ["946623117b13c50185a22a63457e6b0f02abebbe7c174b343cf418e2572e7bbd", "a34652554c569c7cc2679cff19695453ce27b6a9464876d3c07c2315af0c305c", "dcb3f43d43ea0dfea07ce6b58165e5521b50a8f19fc4a7a29c45b87302bf7d20"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1569", "T1547"]}, {"bi": "hosts-file-modification", "hashes": ["946623117b13c50185a22a63457e6b0f02abebbe7c174b343cf418e2572e7bbd", "a34652554c569c7cc2679cff19695453ce27b6a9464876d3c07c2315af0c305c", "dcb3f43d43ea0dfea07ce6b58165e5521b50a8f19fc4a7a29c45b87302bf7d20"], "mitre_attack_tags": ["TA0011", "TA0005"]}, {"bi": "feed-domain-modified-host-file", "hashes": ["946623117b13c50185a22a63457e6b0f02abebbe7c174b343cf418e2572e7bbd", "a34652554c569c7cc2679cff19695453ce27b6a9464876d3c07c2315af0c305c", "dcb3f43d43ea0dfea07ce6b58165e5521b50a8f19fc4a7a29c45b87302bf7d20"], "mitre_attack_tags": []}, {"bi": "cmd-exe-substr", "hashes": ["946623117b13c50185a22a63457e6b0f02abebbe7c174b343cf418e2572e7bbd", "a34652554c569c7cc2679cff19695453ce27b6a9464876d3c07c2315af0c305c", "dcb3f43d43ea0dfea07ce6b58165e5521b50a8f19fc4a7a29c45b87302bf7d20"], "mitre_attack_tags": ["TA0005", "TA0002", "T1027", "T1059"]}, {"bi": "cmd-windows-env-vars-detected", "hashes": ["946623117b13c50185a22a63457e6b0f02abebbe7c174b343cf418e2572e7bbd", "a34652554c569c7cc2679cff19695453ce27b6a9464876d3c07c2315af0c305c", "dcb3f43d43ea0dfea07ce6b58165e5521b50a8f19fc4a7a29c45b87302bf7d20"], "mitre_attack_tags": ["TA0005", "TA0002", "T1027", "T1059"]}, {"bi": "malware-generic-infostealer", "hashes": ["946623117b13c50185a22a63457e6b0f02abebbe7c174b343cf418e2572e7bbd", "a34652554c569c7cc2679cff19695453ce27b6a9464876d3c07c2315af0c305c", "dcb3f43d43ea0dfea07ce6b58165e5521b50a8f19fc4a7a29c45b87302bf7d20"], "mitre_attack_tags": ["TA0007", "TA0009", "TA0006", "T1083", "T1005", "T1119", "T1552"]}, {"bi": "enumeration-ftp-program-information", "hashes": ["946623117b13c50185a22a63457e6b0f02abebbe7c174b343cf418e2572e7bbd", "a34652554c569c7cc2679cff19695453ce27b6a9464876d3c07c2315af0c305c", "dcb3f43d43ea0dfea07ce6b58165e5521b50a8f19fc4a7a29c45b87302bf7d20"], "mitre_attack_tags": ["TA0007", "TA0009", "TA0006", "T1083", "T1005", "T1119", "T1552"]}, {"bi": "excessive-foreign-memory-modification", "hashes": ["c8d08659829ab60140d245e63709e00fee646829c16e3cc41c7f5829e4cfe132", "1fb715b062ccf9de5c25c245bcb544533e69e5cc29637fc1ab3ba387d8783041"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "files-deleted-used-batch", "hashes": ["c8d08659829ab60140d245e63709e00fee646829c16e3cc41c7f5829e4cfe132", "f8aa0ca5b78e08bec43cf32cfdebd205c984089aea6a8eae992ebaccc5275ed8"], "mitre_attack_tags": ["TA0005", "T1070"]}, {"bi": "unsigned-roaming-execution", "hashes": ["c8d08659829ab60140d245e63709e00fee646829c16e3cc41c7f5829e4cfe132", "f8aa0ca5b78e08bec43cf32cfdebd205c984089aea6a8eae992ebaccc5275ed8"], "mitre_attack_tags": ["TA0005"]}, {"bi": "registry-ie-zone-settings-modified", "hashes": ["c8d08659829ab60140d245e63709e00fee646829c16e3cc41c7f5829e4cfe132", "1fb715b062ccf9de5c25c245bcb544533e69e5cc29637fc1ab3ba387d8783041"], "mitre_attack_tags": ["TA0005", "T1562"]}, {"bi": "sample-launched-copy-of-self", "hashes": ["f8aa0ca5b78e08bec43cf32cfdebd205c984089aea6a8eae992ebaccc5275ed8", "1fb715b062ccf9de5c25c245bcb544533e69e5cc29637fc1ab3ba387d8783041"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "startup-folder-modification", "hashes": ["49f394ae29f30d5fb925c6f971e85474dcc2dae1c4e57cb576d6785648f0b634"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "hook-installed", "hashes": ["c8d08659829ab60140d245e63709e00fee646829c16e3cc41c7f5829e4cfe132"], "mitre_attack_tags": ["TA0009", "TA0006", "T1056"]}, {"bi": "dns-excessive-domain-queries", "hashes": ["c8d08659829ab60140d245e63709e00fee646829c16e3cc41c7f5829e4cfe132"], "mitre_attack_tags": ["TA0011", "T1008"]}, {"bi": "listening-port-opened", "hashes": ["c8d08659829ab60140d245e63709e00fee646829c16e3cc41c7f5829e4cfe132"], "mitre_attack_tags": ["TA0011", "T1219"]}, {"bi": "pe-certificate", "hashes": ["c8d08659829ab60140d245e63709e00fee646829c16e3cc41c7f5829e4cfe132"], "mitre_attack_tags": []}, {"bi": "pe-imports-toolhelp", "hashes": ["c8d08659829ab60140d245e63709e00fee646829c16e3cc41c7f5829e4cfe132"], "mitre_attack_tags": ["TA0007", "T1057"]}, {"bi": "sample-pe-modified-on-disk", "hashes": ["c8d08659829ab60140d245e63709e00fee646829c16e3cc41c7f5829e4cfe132"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "malware-compound-cta-activity", "hashes": ["c8d08659829ab60140d245e63709e00fee646829c16e3cc41c7f5829e4cfe132"], "mitre_attack_tags": []}, {"bi": "artifact-exec-extension-obfuscation", "hashes": ["c8d08659829ab60140d245e63709e00fee646829c16e3cc41c7f5829e4cfe132"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "file-alternate-data-stream-modification", "hashes": ["c8d08659829ab60140d245e63709e00fee646829c16e3cc41c7f5829e4cfe132"], "mitre_attack_tags": ["TA0005", "T1564"]}, {"bi": "file-alternate-data-stream-creation", "hashes": ["c8d08659829ab60140d245e63709e00fee646829c16e3cc41c7f5829e4cfe132"], "mitre_attack_tags": ["TA0005", "T1564"]}, {"bi": "pe-resource-lang-spanish", "hashes": ["c8d08659829ab60140d245e63709e00fee646829c16e3cc41c7f5829e4cfe132"], "mitre_attack_tags": []}, {"bi": "malware-zeus-mutex-detected", "hashes": ["c8d08659829ab60140d245e63709e00fee646829c16e3cc41c7f5829e4cfe132"], "mitre_attack_tags": []}, {"bi": "pe-resource-lang-korean", "hashes": ["c8d08659829ab60140d245e63709e00fee646829c16e3cc41c7f5829e4cfe132"], "mitre_attack_tags": []}, {"bi": "pe-resource-lang-arabic", "hashes": ["c8d08659829ab60140d245e63709e00fee646829c16e3cc41c7f5829e4cfe132"], "mitre_attack_tags": []}, {"bi": "sample-modified-deleted", "hashes": ["c8d08659829ab60140d245e63709e00fee646829c16e3cc41c7f5829e4cfe132"], "mitre_attack_tags": ["TA0005", "T1070"]}, {"bi": "eml-same-sender-recipient", "hashes": ["c8d08659829ab60140d245e63709e00fee646829c16e3cc41c7f5829e4cfe132"], "mitre_attack_tags": ["TA0001", "T1566"]}, {"bi": "outlook-express-com-server", "hashes": ["c8d08659829ab60140d245e63709e00fee646829c16e3cc41c7f5829e4cfe132"], "mitre_attack_tags": ["TA0009", "TA0003", "TA0004", "T1114", "T1546"]}, {"bi": "eml-link", "hashes": ["c8d08659829ab60140d245e63709e00fee646829c16e3cc41c7f5829e4cfe132"], "mitre_attack_tags": ["TA0001", "T1566"]}, {"bi": "eml-mismatched-name-to-header", "hashes": ["c8d08659829ab60140d245e63709e00fee646829c16e3cc41c7f5829e4cfe132"], "mitre_attack_tags": ["TA0001", "T1566"]}, {"bi": "email-same-sender-receiver-domain", "hashes": ["c8d08659829ab60140d245e63709e00fee646829c16e3cc41c7f5829e4cfe132"], "mitre_attack_tags": []}, {"bi": "artifact-pe-no-dos", "hashes": ["d8db5f1daa88bd981cd63973d4722de43afb51615b549179d105ef215522c7ef"], "mitre_attack_tags": []}, {"bi": "malware-cridex-variant-detected", "hashes": ["f8aa0ca5b78e08bec43cf32cfdebd205c984089aea6a8eae992ebaccc5275ed8"], "mitre_attack_tags": []}, {"bi": "pe-filename-mismatch", "hashes": ["1fb715b062ccf9de5c25c245bcb544533e69e5cc29637fc1ab3ba387d8783041"], "mitre_attack_tags": []}, {"bi": "process-requested-named-pipe", "hashes": ["1fb715b062ccf9de5c25c245bcb544533e69e5cc29637fc1ab3ba387d8783041"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "url-not-found", "hashes": ["1fb715b062ccf9de5c25c245bcb544533e69e5cc29637fc1ab3ba387d8783041"], "mitre_attack_tags": []}, {"bi": "internet-explorer-phishing", "hashes": ["1fb715b062ccf9de5c25c245bcb544533e69e5cc29637fc1ab3ba387d8783041"], "mitre_attack_tags": ["TA0005", "T1562"]}], "category": "Packed", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": false, "Threat Grid": true, "Umbrella": false, "WSA": false}, "description": "Zbot, also known as Zeus, is a trojan that steals information, such as banking credentials, using methods such as key-logging and form-grabbing.", "hashes": ["1fac4b4591db1bdb5233a8b21892052787ca340ab363c7c02bfb518eb53bada0", "1fb715b062ccf9de5c25c245bcb544533e69e5cc29637fc1ab3ba387d8783041", "24fed6c38a9824901b6bdd426da7b8af3a8e4a0fe20ecc9dc0413dc0456fa653", "3e92f3554be2a8680a7cae2efd2c20fee0b1d6db484641254d478b8ded04721b", "44aa74866216ac5fa2f6d8eac30d2f78c4d6c8403545802934ac2d310f0fc2c5", "49f394ae29f30d5fb925c6f971e85474dcc2dae1c4e57cb576d6785648f0b634", "6b8eebc66bbcc0c7fb49dbeae8164b4bc9baae263bd0f814acaaf5f076e62ee5", "6dab41d09d97f620a989eef25e13b427ee8309591f396cee88f6d6c5bf0e6e4f", "6f37f97fb5191a3c8620809aae280918eb71e626294fb8a7e7af28f5d962ba11", "802d71ed68832886475e48a4895e80ecee8062569fd44e5108c1009e7ff49d23", "946623117b13c50185a22a63457e6b0f02abebbe7c174b343cf418e2572e7bbd", "a34652554c569c7cc2679cff19695453ce27b6a9464876d3c07c2315af0c305c", "a5034b998a3ca784bb40ae2e68fd958787125e39425236bc560084de8fea1313", "b3f9f02ebe8616873663c36216eb7dfb94c28348aed8bfd4b12e30dfb21ceda3", "b8fb68f7afe9e80090cce1322883a3bd55aad07d37bf95ed785b83ed92838e8e", "c8d08659829ab60140d245e63709e00fee646829c16e3cc41c7f5829e4cfe132", "d81419a4214fb53636410053b1b96ad2284f3b3267bb7f6ec9be630973aa8626", "d8db5f1daa88bd981cd63973d4722de43afb51615b549179d105ef215522c7ef", "dcb3f43d43ea0dfea07ce6b58165e5521b50a8f19fc4a7a29c45b87302bf7d20", "f8aa0ca5b78e08bec43cf32cfdebd205c984089aea6a8eae992ebaccc5275ed8"], "iocs": {"domain": [{"hashes": ["3e92f3554be2a8680a7cae2efd2c20fee0b1d6db484641254d478b8ded04721b", "6dab41d09d97f620a989eef25e13b427ee8309591f396cee88f6d6c5bf0e6e4f", "6f37f97fb5191a3c8620809aae280918eb71e626294fb8a7e7af28f5d962ba11"], "host": "www[.]ip-address[.]org"}, {"hashes": ["946623117b13c50185a22a63457e6b0f02abebbe7c174b343cf418e2572e7bbd", "a34652554c569c7cc2679cff19695453ce27b6a9464876d3c07c2315af0c305c", "dcb3f43d43ea0dfea07ce6b58165e5521b50a8f19fc4a7a29c45b87302bf7d20"], "host": "hlebska[.]info"}, {"hashes": ["946623117b13c50185a22a63457e6b0f02abebbe7c174b343cf418e2572e7bbd", "a34652554c569c7cc2679cff19695453ce27b6a9464876d3c07c2315af0c305c", "dcb3f43d43ea0dfea07ce6b58165e5521b50a8f19fc4a7a29c45b87302bf7d20"], "host": "verodex[.]info"}, {"hashes": ["c8d08659829ab60140d245e63709e00fee646829c16e3cc41c7f5829e4cfe132"], "host": "go[.]microsoft[.]com"}, {"hashes": ["1fb715b062ccf9de5c25c245bcb544533e69e5cc29637fc1ab3ba387d8783041"], "host": "www[.]microsoft[.]com"}, {"hashes": ["1fb715b062ccf9de5c25c245bcb544533e69e5cc29637fc1ab3ba387d8783041"], "host": "cds[.]d2s7q6s2[.]hwcdn[.]net"}, {"hashes": ["1fb715b062ccf9de5c25c245bcb544533e69e5cc29637fc1ab3ba387d8783041"], "host": "ctldl[.]windowsupdate[.]com"}, {"hashes": ["1fb715b062ccf9de5c25c245bcb544533e69e5cc29637fc1ab3ba387d8783041"], "host": "e13678[.]dscb[.]akamaiedge[.]net"}, {"hashes": ["c8d08659829ab60140d245e63709e00fee646829c16e3cc41c7f5829e4cfe132"], "host": "lajogrodushope[.]pl"}, {"hashes": ["c8d08659829ab60140d245e63709e00fee646829c16e3cc41c7f5829e4cfe132"], "host": "vitamingraphic[.]pl"}, {"hashes": ["1fb715b062ccf9de5c25c245bcb544533e69e5cc29637fc1ab3ba387d8783041"], "host": "google-adsense-n1[.]com"}, {"hashes": ["1fb715b062ccf9de5c25c245bcb544533e69e5cc29637fc1ab3ba387d8783041"], "host": "vizit-tracker-n192[.]com"}, {"hashes": ["49f394ae29f30d5fb925c6f971e85474dcc2dae1c4e57cb576d6785648f0b634"], "host": "dailytip4u[.]net"}, {"hashes": ["49f394ae29f30d5fb925c6f971e85474dcc2dae1c4e57cb576d6785648f0b634"], "host": "discountgoods2012[.]com"}], "file": [{"hashes": ["946623117b13c50185a22a63457e6b0f02abebbe7c174b343cf418e2572e7bbd", "a34652554c569c7cc2679cff19695453ce27b6a9464876d3c07c2315af0c305c", "dcb3f43d43ea0dfea07ce6b58165e5521b50a8f19fc4a7a29c45b87302bf7d20"], "path": "%System32%\\drivers\\etc\\hosts"}, {"hashes": ["946623117b13c50185a22a63457e6b0f02abebbe7c174b343cf418e2572e7bbd", "a34652554c569c7cc2679cff19695453ce27b6a9464876d3c07c2315af0c305c", "dcb3f43d43ea0dfea07ce6b58165e5521b50a8f19fc4a7a29c45b87302bf7d20"], "path": "%System32%\\Tasks\\At1"}, {"hashes": ["946623117b13c50185a22a63457e6b0f02abebbe7c174b343cf418e2572e7bbd", "a34652554c569c7cc2679cff19695453ce27b6a9464876d3c07c2315af0c305c", "dcb3f43d43ea0dfea07ce6b58165e5521b50a8f19fc4a7a29c45b87302bf7d20"], "path": "%SystemRoot%\\Tasks\\At1.job"}, {"hashes": ["946623117b13c50185a22a63457e6b0f02abebbe7c174b343cf418e2572e7bbd", "a34652554c569c7cc2679cff19695453ce27b6a9464876d3c07c2315af0c305c", "dcb3f43d43ea0dfea07ce6b58165e5521b50a8f19fc4a7a29c45b87302bf7d20"], "path": "%System32%\\drivers\\etc\\test"}, {"hashes": ["946623117b13c50185a22a63457e6b0f02abebbe7c174b343cf418e2572e7bbd", "a34652554c569c7cc2679cff19695453ce27b6a9464876d3c07c2315af0c305c", "dcb3f43d43ea0dfea07ce6b58165e5521b50a8f19fc4a7a29c45b87302bf7d20"], "path": "%System32%\\drivers\\etc\\hosts.sam"}, {"hashes": ["c8d08659829ab60140d245e63709e00fee646829c16e3cc41c7f5829e4cfe132"], "path": "%LOCALAPPDATA%\\Microsoft\\Windows Mail\\tmp.edb"}, {"hashes": ["49f394ae29f30d5fb925c6f971e85474dcc2dae1c4e57cb576d6785648f0b634"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\vTSVI3PG3Ts.exe"}, {"hashes": ["1fb715b062ccf9de5c25c245bcb544533e69e5cc29637fc1ab3ba387d8783041"], "path": "\\svchost\\3D1A3642457.exe"}, {"hashes": ["1fb715b062ccf9de5c25c245bcb544533e69e5cc29637fc1ab3ba387d8783041"], "path": "\\svchost\\95DA209CDDD9E7E"}, {"hashes": ["f8aa0ca5b78e08bec43cf32cfdebd205c984089aea6a8eae992ebaccc5275ed8"], "path": "%APPDATA%\\KB00220796.exe"}, {"hashes": ["c8d08659829ab60140d245e63709e00fee646829c16e3cc41c7f5829e4cfe132"], "path": "%TEMP%\\ppcrlui_624_2"}, {"hashes": ["3e92f3554be2a8680a7cae2efd2c20fee0b1d6db484641254d478b8ded04721b"], "path": "%TEMP%\\tmp2C6.tmp.gif"}, {"hashes": ["3e92f3554be2a8680a7cae2efd2c20fee0b1d6db484641254d478b8ded04721b"], "path": "%TEMP%\\tmp6332.tmp.jpg"}, {"hashes": ["3e92f3554be2a8680a7cae2efd2c20fee0b1d6db484641254d478b8ded04721b"], "path": "%TEMP%\\tmp642.tmp.gif"}, {"hashes": ["3e92f3554be2a8680a7cae2efd2c20fee0b1d6db484641254d478b8ded04721b"], "path": "%TEMP%\\tmp65DF.tmp.jpg"}, {"hashes": ["3e92f3554be2a8680a7cae2efd2c20fee0b1d6db484641254d478b8ded04721b"], "path": "%TEMP%\\tmp6AAE.tmp.jpg"}, {"hashes": ["3e92f3554be2a8680a7cae2efd2c20fee0b1d6db484641254d478b8ded04721b"], "path": "%TEMP%\\tmp6ED2.tmp.gif"}, {"hashes": ["3e92f3554be2a8680a7cae2efd2c20fee0b1d6db484641254d478b8ded04721b"], "path": "%TEMP%\\tmp718C.tmp.jpg"}, {"hashes": ["3e92f3554be2a8680a7cae2efd2c20fee0b1d6db484641254d478b8ded04721b"], "path": "%TEMP%\\tmpDD19.tmp.gif"}, {"hashes": ["3e92f3554be2a8680a7cae2efd2c20fee0b1d6db484641254d478b8ded04721b"], "path": "%TEMP%\\tmpFDAC.tmp.gif"}, {"hashes": ["c8d08659829ab60140d245e63709e00fee646829c16e3cc41c7f5829e4cfe132"], "path": "%LOCALAPPDATA%\\Microsoft\\Windows Mail\\Local Folders\\Inbox\\6E59117C-00000001.eml"}, {"hashes": ["1fb715b062ccf9de5c25c245bcb544533e69e5cc29637fc1ab3ba387d8783041"], "path": "%TEMP%\\5wO501C.exe"}, {"hashes": ["c8d08659829ab60140d245e63709e00fee646829c16e3cc41c7f5829e4cfe132"], "path": "%APPDATA%\\Ebreyn\\nuiq.ohy"}, {"hashes": ["c8d08659829ab60140d245e63709e00fee646829c16e3cc41c7f5829e4cfe132"], "path": "%TEMP%\\tmp6e308747.bat"}, {"hashes": ["c8d08659829ab60140d245e63709e00fee646829c16e3cc41c7f5829e4cfe132"], "path": "%APPDATA%\\Ygit\\pivil.exe"}, {"hashes": ["6f37f97fb5191a3c8620809aae280918eb71e626294fb8a7e7af28f5d962ba11"], "path": "%TEMP%\\tmp5D3B.tmp.jpg"}, {"hashes": ["6f37f97fb5191a3c8620809aae280918eb71e626294fb8a7e7af28f5d962ba11"], "path": "%TEMP%\\tmp5EAB.tmp.jpg"}, {"hashes": ["6f37f97fb5191a3c8620809aae280918eb71e626294fb8a7e7af28f5d962ba11"], "path": "%TEMP%\\tmp6102.tmp.jpg"}, {"hashes": ["6f37f97fb5191a3c8620809aae280918eb71e626294fb8a7e7af28f5d962ba11"], "path": "%TEMP%\\tmp633E.tmp.jpg"}, {"hashes": ["6f37f97fb5191a3c8620809aae280918eb71e626294fb8a7e7af28f5d962ba11"], "path": "%TEMP%\\tmpB4F8.tmp.gif"}, {"hashes": ["6f37f97fb5191a3c8620809aae280918eb71e626294fb8a7e7af28f5d962ba11"], "path": "%TEMP%\\tmpC8AA.tmp.gif"}, {"hashes": ["6f37f97fb5191a3c8620809aae280918eb71e626294fb8a7e7af28f5d962ba11"], "path": "%TEMP%\\tmpCDC4.tmp.gif"}, {"hashes": ["6f37f97fb5191a3c8620809aae280918eb71e626294fb8a7e7af28f5d962ba11"], "path": "%TEMP%\\tmpD140.tmp.gif"}, {"hashes": ["f8aa0ca5b78e08bec43cf32cfdebd205c984089aea6a8eae992ebaccc5275ed8"], "path": "%TEMP%\\exp4A04.tmp.bat"}, {"hashes": ["6dab41d09d97f620a989eef25e13b427ee8309591f396cee88f6d6c5bf0e6e4f"], "path": "%TEMP%\\tmp5CE6.tmp.jpg"}, {"hashes": ["6dab41d09d97f620a989eef25e13b427ee8309591f396cee88f6d6c5bf0e6e4f"], "path": "%TEMP%\\tmp5E56.tmp.jpg"}, {"hashes": ["6dab41d09d97f620a989eef25e13b427ee8309591f396cee88f6d6c5bf0e6e4f"], "path": "%TEMP%\\tmp60AD.tmp.jpg"}, {"hashes": ["6dab41d09d97f620a989eef25e13b427ee8309591f396cee88f6d6c5bf0e6e4f"], "path": "%TEMP%\\tmp62E9.tmp.gif"}, {"hashes": ["6dab41d09d97f620a989eef25e13b427ee8309591f396cee88f6d6c5bf0e6e4f"], "path": "%TEMP%\\tmp6709.tmp.jpg"}, {"hashes": ["6dab41d09d97f620a989eef25e13b427ee8309591f396cee88f6d6c5bf0e6e4f"], "path": "%TEMP%\\tmpBA7F.tmp.gif"}, {"hashes": ["6dab41d09d97f620a989eef25e13b427ee8309591f396cee88f6d6c5bf0e6e4f"], "path": "%TEMP%\\tmpDBB0.tmp.gif"}, {"hashes": ["6dab41d09d97f620a989eef25e13b427ee8309591f396cee88f6d6c5bf0e6e4f"], "path": "%TEMP%\\tmpE0CA.tmp.gif"}, {"hashes": ["6dab41d09d97f620a989eef25e13b427ee8309591f396cee88f6d6c5bf0e6e4f"], "path": "%TEMP%\\tmpE446.tmp.gif"}, {"hashes": ["dcb3f43d43ea0dfea07ce6b58165e5521b50a8f19fc4a7a29c45b87302bf7d20"], "path": "%TEMP%\\2014660921FdOh"}, {"hashes": ["a34652554c569c7cc2679cff19695453ce27b6a9464876d3c07c2315af0c305c"], "path": "%TEMP%\\2014661358FdOh"}, {"hashes": ["946623117b13c50185a22a63457e6b0f02abebbe7c174b343cf418e2572e7bbd"], "path": "%TEMP%\\2014661499FdOh"}, {"hashes": ["49f394ae29f30d5fb925c6f971e85474dcc2dae1c4e57cb576d6785648f0b634"], "path": "%TEMP%\\<random, matching [A-F0-9]{1,4}>.tmp"}], "ip": [{"hashes": ["24fed6c38a9824901b6bdd426da7b8af3a8e4a0fe20ecc9dc0413dc0456fa653", "b3f9f02ebe8616873663c36216eb7dfb94c28348aed8bfd4b12e30dfb21ceda3", "d8db5f1daa88bd981cd63973d4722de43afb51615b549179d105ef215522c7ef"], "ip": "209[.]85[.]229[.]104"}, {"hashes": ["3e92f3554be2a8680a7cae2efd2c20fee0b1d6db484641254d478b8ded04721b", "6dab41d09d97f620a989eef25e13b427ee8309591f396cee88f6d6c5bf0e6e4f", "6f37f97fb5191a3c8620809aae280918eb71e626294fb8a7e7af28f5d962ba11"], "ip": "85[.]25[.]136[.]14"}, {"hashes": ["1fb715b062ccf9de5c25c245bcb544533e69e5cc29637fc1ab3ba387d8783041"], "ip": "205[.]185[.]216[.]10"}, {"hashes": ["1fb715b062ccf9de5c25c245bcb544533e69e5cc29637fc1ab3ba387d8783041"], "ip": "23[.]193[.]42[.]12"}, {"hashes": ["1fb715b062ccf9de5c25c245bcb544533e69e5cc29637fc1ab3ba387d8783041"], "ip": "23[.]56[.]9[.]181"}, {"hashes": ["f8aa0ca5b78e08bec43cf32cfdebd205c984089aea6a8eae992ebaccc5275ed8"], "ip": "123[.]49[.]61[.]59"}, {"hashes": ["f8aa0ca5b78e08bec43cf32cfdebd205c984089aea6a8eae992ebaccc5275ed8"], "ip": "59[.]90[.]221[.]6"}, {"hashes": ["f8aa0ca5b78e08bec43cf32cfdebd205c984089aea6a8eae992ebaccc5275ed8"], "ip": "81[.]255[.]83[.]189"}, {"hashes": ["f8aa0ca5b78e08bec43cf32cfdebd205c984089aea6a8eae992ebaccc5275ed8"], "ip": "203[.]217[.]147[.]52"}, {"hashes": ["f8aa0ca5b78e08bec43cf32cfdebd205c984089aea6a8eae992ebaccc5275ed8"], "ip": "188[.]40[.]0[.]138"}, {"hashes": ["f8aa0ca5b78e08bec43cf32cfdebd205c984089aea6a8eae992ebaccc5275ed8"], "ip": "211[.]191[.]168[.]98"}, {"hashes": ["f8aa0ca5b78e08bec43cf32cfdebd205c984089aea6a8eae992ebaccc5275ed8"], "ip": "41[.]168[.]5[.]140"}, {"hashes": ["f8aa0ca5b78e08bec43cf32cfdebd205c984089aea6a8eae992ebaccc5275ed8"], "ip": "207[.]182[.]144[.]115"}, {"hashes": ["f8aa0ca5b78e08bec43cf32cfdebd205c984089aea6a8eae992ebaccc5275ed8"], "ip": "200[.]169[.]13[.]84"}, {"hashes": ["f8aa0ca5b78e08bec43cf32cfdebd205c984089aea6a8eae992ebaccc5275ed8"], "ip": "83[.]238[.]208[.]55"}, {"hashes": ["f8aa0ca5b78e08bec43cf32cfdebd205c984089aea6a8eae992ebaccc5275ed8"], "ip": "219[.]255[.]134[.]110"}, {"hashes": ["f8aa0ca5b78e08bec43cf32cfdebd205c984089aea6a8eae992ebaccc5275ed8"], "ip": "61[.]7[.]235[.]35"}, {"hashes": ["f8aa0ca5b78e08bec43cf32cfdebd205c984089aea6a8eae992ebaccc5275ed8"], "ip": "210[.]56[.]23[.]100"}, {"hashes": ["f8aa0ca5b78e08bec43cf32cfdebd205c984089aea6a8eae992ebaccc5275ed8"], "ip": "58[.]68[.]2[.]214"}, {"hashes": ["1fb715b062ccf9de5c25c245bcb544533e69e5cc29637fc1ab3ba387d8783041"], "ip": "91[.]220[.]35[.]226"}, {"hashes": ["3e92f3554be2a8680a7cae2efd2c20fee0b1d6db484641254d478b8ded04721b"], "ip": "104[.]26[.]6[.]125"}, {"hashes": ["6dab41d09d97f620a989eef25e13b427ee8309591f396cee88f6d6c5bf0e6e4f"], "ip": "104[.]26[.]7[.]125"}, {"hashes": ["6f37f97fb5191a3c8620809aae280918eb71e626294fb8a7e7af28f5d962ba11"], "ip": "172[.]67[.]70[.]48"}], "mutex": [{"hashes": ["c8d08659829ab60140d245e63709e00fee646829c16e3cc41c7f5829e4cfe132"], "name": "Global\\Instance0:  ESENT Performance Data Schema Version 85"}, {"hashes": ["c8d08659829ab60140d245e63709e00fee646829c16e3cc41c7f5829e4cfe132"], "name": "Local\\Identity CRL v1 File Access"}, {"hashes": ["c8d08659829ab60140d245e63709e00fee646829c16e3cc41c7f5829e4cfe132"], "name": "Local\\OutlookExpress_InstanceMutex_101897"}, {"hashes": ["c8d08659829ab60140d245e63709e00fee646829c16e3cc41c7f5829e4cfe132"], "name": "Local\\microsoft_thor_folder_notifyinfo_mutex"}, {"hashes": ["1fb715b062ccf9de5c25c245bcb544533e69e5cc29637fc1ab3ba387d8783041"], "name": "zXeRY3a_PtW|00000000"}, {"hashes": ["49f394ae29f30d5fb925c6f971e85474dcc2dae1c4e57cb576d6785648f0b634"], "name": "Global\\GSA28593KFE7A535493E02180280"}, {"hashes": ["49f394ae29f30d5fb925c6f971e85474dcc2dae1c4e57cb576d6785648f0b634"], "name": "bktrue"}, {"hashes": ["1fb715b062ccf9de5c25c245bcb544533e69e5cc29637fc1ab3ba387d8783041"], "name": "Global\\svchost"}, {"hashes": ["1fb715b062ccf9de5c25c245bcb544533e69e5cc29637fc1ab3ba387d8783041"], "name": "Global\\svchosu"}, {"hashes": ["49f394ae29f30d5fb925c6f971e85474dcc2dae1c4e57cb576d6785648f0b634"], "name": "kp_svc_mt"}, {"hashes": ["49f394ae29f30d5fb925c6f971e85474dcc2dae1c4e57cb576d6785648f0b634"], "name": "Global\\GSA28593KFE72F0C7972535D8623"}, {"hashes": ["f8aa0ca5b78e08bec43cf32cfdebd205c984089aea6a8eae992ebaccc5275ed8"], "name": "Local\\XMQ562D9521"}, {"hashes": ["f8aa0ca5b78e08bec43cf32cfdebd205c984089aea6a8eae992ebaccc5275ed8"], "name": "Local\\XMR562D9521"}, {"hashes": ["f8aa0ca5b78e08bec43cf32cfdebd205c984089aea6a8eae992ebaccc5275ed8"], "name": "Local\\XMS562D9521"}, {"hashes": ["f8aa0ca5b78e08bec43cf32cfdebd205c984089aea6a8eae992ebaccc5275ed8"], "name": "Local\\XMR9A1177EC"}, {"hashes": ["f8aa0ca5b78e08bec43cf32cfdebd205c984089aea6a8eae992ebaccc5275ed8"], "name": "Local\\XMS9A1177EC"}, {"hashes": ["f8aa0ca5b78e08bec43cf32cfdebd205c984089aea6a8eae992ebaccc5275ed8"], "name": "Local\\XMQ9A1177EC"}, {"hashes": ["f8aa0ca5b78e08bec43cf32cfdebd205c984089aea6a8eae992ebaccc5275ed8"], "name": "Local\\XMI0000056C"}, {"hashes": ["f8aa0ca5b78e08bec43cf32cfdebd205c984089aea6a8eae992ebaccc5275ed8"], "name": "Local\\XMM0000056C"}, {"hashes": ["f8aa0ca5b78e08bec43cf32cfdebd205c984089aea6a8eae992ebaccc5275ed8"], "name": "Local\\XMM00000868"}, {"hashes": ["f8aa0ca5b78e08bec43cf32cfdebd205c984089aea6a8eae992ebaccc5275ed8"], "name": "Local\\XMI00000868"}, {"hashes": ["f8aa0ca5b78e08bec43cf32cfdebd205c984089aea6a8eae992ebaccc5275ed8"], "name": "Local\\XMM00000D5C"}, {"hashes": ["f8aa0ca5b78e08bec43cf32cfdebd205c984089aea6a8eae992ebaccc5275ed8"], "name": "Local\\XMI00000D5C"}, {"hashes": ["49f394ae29f30d5fb925c6f971e85474dcc2dae1c4e57cb576d6785648f0b634"], "name": "Global\\GSA28593KFE72F0C7972A780218C"}, {"hashes": ["3e92f3554be2a8680a7cae2efd2c20fee0b1d6db484641254d478b8ded04721b"], "name": "Local\\MSCTF.Asm.Mutex{2CA63007-19D4-46d1-A14A-CD1AAAFF9D6B}1"}, {"hashes": ["3e92f3554be2a8680a7cae2efd2c20fee0b1d6db484641254d478b8ded04721b"], "name": "Local\\MSCTF.CtfMonitorInstMutex{2CA63007-19D4-46d1-A14A-CD1AAAFF9D6B}1"}, {"hashes": ["1fb715b062ccf9de5c25c245bcb544533e69e5cc29637fc1ab3ba387d8783041"], "name": "Global\\IOyOASYqUi1K7KQG7Oiwc3ASWyiwSO"}, {"hashes": ["1fb715b062ccf9de5c25c245bcb544533e69e5cc29637fc1ab3ba387d8783041"], "name": "Global\\UAwKYIyYUSOKKQOKC9M1KYuK1IGEc"}, {"hashes": ["f8aa0ca5b78e08bec43cf32cfdebd205c984089aea6a8eae992ebaccc5275ed8"], "name": "Local\\XMI00000554"}, {"hashes": ["6f37f97fb5191a3c8620809aae280918eb71e626294fb8a7e7af28f5d962ba11"], "name": "Local\\MSCTF.Asm.MutexAA5E95B36788581"}, {"hashes": ["f8aa0ca5b78e08bec43cf32cfdebd205c984089aea6a8eae992ebaccc5275ed8"], "name": "Local\\XMM00000554"}, {"hashes": ["6f37f97fb5191a3c8620809aae280918eb71e626294fb8a7e7af28f5d962ba11"], "name": "Local\\MSCTF.CtfMonitorInstMutexAA5E95B36788581"}, {"hashes": ["f8aa0ca5b78e08bec43cf32cfdebd205c984089aea6a8eae992ebaccc5275ed8"], "name": "Local\\XMI00000334"}, {"hashes": ["f8aa0ca5b78e08bec43cf32cfdebd205c984089aea6a8eae992ebaccc5275ed8"], "name": "Local\\XMM00000334"}, {"hashes": ["6dab41d09d97f620a989eef25e13b427ee8309591f396cee88f6d6c5bf0e6e4f"], "name": "Local\\MSCTF.Asm.Mutex981364D4-E08C-4359-B10C-EF5062D6F34C1"}, {"hashes": ["6dab41d09d97f620a989eef25e13b427ee8309591f396cee88f6d6c5bf0e6e4f"], "name": "Local\\MSCTF.CtfMonitorInstMutex981364D4-E08C-4359-B10C-EF5062D6F34C1"}, {"hashes": ["1fb715b062ccf9de5c25c245bcb544533e69e5cc29637fc1ab3ba387d8783041"], "name": "Global\\PLFH8UM347KW2IEC711HOUiFb75INP"}, {"hashes": ["f8aa0ca5b78e08bec43cf32cfdebd205c984089aea6a8eae992ebaccc5275ed8"], "name": "Local\\XMM00000484"}, {"hashes": ["f8aa0ca5b78e08bec43cf32cfdebd205c984089aea6a8eae992ebaccc5275ed8"], "name": "Local\\XMM00000D6C"}, {"hashes": ["f8aa0ca5b78e08bec43cf32cfdebd205c984089aea6a8eae992ebaccc5275ed8"], "name": "Local\\XMI00000A20"}, {"hashes": ["f8aa0ca5b78e08bec43cf32cfdebd205c984089aea6a8eae992ebaccc5275ed8"], "name": "Local\\XMI000005D4"}, {"hashes": ["f8aa0ca5b78e08bec43cf32cfdebd205c984089aea6a8eae992ebaccc5275ed8"], "name": "Local\\XMM000005D4"}, {"hashes": ["f8aa0ca5b78e08bec43cf32cfdebd205c984089aea6a8eae992ebaccc5275ed8"], "name": "Local\\XMM00000A20"}, {"hashes": ["f8aa0ca5b78e08bec43cf32cfdebd205c984089aea6a8eae992ebaccc5275ed8"], "name": "Local\\XMI00000484"}, {"hashes": ["f8aa0ca5b78e08bec43cf32cfdebd205c984089aea6a8eae992ebaccc5275ed8"], "name": "Local\\XMI00000D6C"}, {"hashes": ["c8d08659829ab60140d245e63709e00fee646829c16e3cc41c7f5829e4cfe132"], "name": "GLOBAL\\{<random GUID>}"}, {"hashes": ["c8d08659829ab60140d245e63709e00fee646829c16e3cc41c7f5829e4cfe132"], "name": "Local\\{<random GUID>}"}], "registry": [{"hashes": ["1fb715b062ccf9de5c25c245bcb544533e69e5cc29637fc1ab3ba387d8783041", "3e92f3554be2a8680a7cae2efd2c20fee0b1d6db484641254d478b8ded04721b", "6dab41d09d97f620a989eef25e13b427ee8309591f396cee88f6d6c5bf0e6e4f", "6f37f97fb5191a3c8620809aae280918eb71e626294fb8a7e7af28f5d962ba11"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\CONTROL\\SESSION MANAGER", "value_name": null}, {"hashes": ["1fb715b062ccf9de5c25c245bcb544533e69e5cc29637fc1ab3ba387d8783041", "3e92f3554be2a8680a7cae2efd2c20fee0b1d6db484641254d478b8ded04721b", "6dab41d09d97f620a989eef25e13b427ee8309591f396cee88f6d6c5bf0e6e4f", "6f37f97fb5191a3c8620809aae280918eb71e626294fb8a7e7af28f5d962ba11"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\CONTROL\\SESSION MANAGER", "value_name": "PendingFileRenameOperations"}, {"hashes": ["946623117b13c50185a22a63457e6b0f02abebbe7c174b343cf418e2572e7bbd", "a34652554c569c7cc2679cff19695453ce27b6a9464876d3c07c2315af0c305c", "dcb3f43d43ea0dfea07ce6b58165e5521b50a8f19fc4a7a29c45b87302bf7d20"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\SCHEDULE", "value_name": "NextAtJobId"}, {"hashes": ["946623117b13c50185a22a63457e6b0f02abebbe7c174b343cf418e2572e7bbd", "a34652554c569c7cc2679cff19695453ce27b6a9464876d3c07c2315af0c305c", "dcb3f43d43ea0dfea07ce6b58165e5521b50a8f19fc4a7a29c45b87302bf7d20"], "key": "<HKCU>\\SOFTWARE\\WINRAR", "value_name": null}, {"hashes": ["946623117b13c50185a22a63457e6b0f02abebbe7c174b343cf418e2572e7bbd", "a34652554c569c7cc2679cff19695453ce27b6a9464876d3c07c2315af0c305c", "dcb3f43d43ea0dfea07ce6b58165e5521b50a8f19fc4a7a29c45b87302bf7d20"], "key": "<HKLM>\\SAM\\SAM\\DOMAINS\\ACCOUNT\\USERS\\000003E9", "value_name": "F"}, {"hashes": ["3e92f3554be2a8680a7cae2efd2c20fee0b1d6db484641254d478b8ded04721b", "6dab41d09d97f620a989eef25e13b427ee8309591f396cee88f6d6c5bf0e6e4f", "6f37f97fb5191a3c8620809aae280918eb71e626294fb8a7e7af28f5d962ba11"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "Update"}, {"hashes": ["3e92f3554be2a8680a7cae2efd2c20fee0b1d6db484641254d478b8ded04721b", "6dab41d09d97f620a989eef25e13b427ee8309591f396cee88f6d6c5bf0e6e4f", "6f37f97fb5191a3c8620809aae280918eb71e626294fb8a7e7af28f5d962ba11"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "Update"}, {"hashes": ["946623117b13c50185a22a63457e6b0f02abebbe7c174b343cf418e2572e7bbd", "a34652554c569c7cc2679cff19695453ce27b6a9464876d3c07c2315af0c305c", "dcb3f43d43ea0dfea07ce6b58165e5521b50a8f19fc4a7a29c45b87302bf7d20"], "key": "<HKLM>\\SAM\\SAM\\DOMAINS\\ACCOUNT\\USERS\\000001F5", "value_name": "F"}, {"hashes": ["946623117b13c50185a22a63457e6b0f02abebbe7c174b343cf418e2572e7bbd", "a34652554c569c7cc2679cff19695453ce27b6a9464876d3c07c2315af0c305c", "dcb3f43d43ea0dfea07ce6b58165e5521b50a8f19fc4a7a29c45b87302bf7d20"], "key": "<HKLM>\\SAM\\SAM\\DOMAINS\\ACCOUNT\\USERS\\000003EC", "value_name": "F"}, {"hashes": ["946623117b13c50185a22a63457e6b0f02abebbe7c174b343cf418e2572e7bbd", "a34652554c569c7cc2679cff19695453ce27b6a9464876d3c07c2315af0c305c", "dcb3f43d43ea0dfea07ce6b58165e5521b50a8f19fc4a7a29c45b87302bf7d20"], "key": "<HKCU>\\SOFTWARE\\WINRAR", "value_name": "HWID"}, {"hashes": ["1fb715b062ccf9de5c25c245bcb544533e69e5cc29637fc1ab3ba387d8783041", "c8d08659829ab60140d245e63709e00fee646829c16e3cc41c7f5829e4cfe132"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\ACTION CENTER\\CHECKS\\{E8433B72-5842-4D43-8645-BC2C35960837}.CHECK.101", "value_name": "CheckSetting"}, {"hashes": ["1fb715b062ccf9de5c25c245bcb544533e69e5cc29637fc1ab3ba387d8783041", "c8d08659829ab60140d245e63709e00fee646829c16e3cc41c7f5829e4cfe132"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\ACTION CENTER\\CHECKS\\{E8433B72-5842-4D43-8645-BC2C35960837}.CHECK.103", "value_name": "CheckSetting"}, {"hashes": ["1fb715b062ccf9de5c25c245bcb544533e69e5cc29637fc1ab3ba387d8783041", "c8d08659829ab60140d245e63709e00fee646829c16e3cc41c7f5829e4cfe132"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\ACTION CENTER\\CHECKS\\{E8433B72-5842-4D43-8645-BC2C35960837}.CHECK.100", "value_name": "CheckSetting"}, {"hashes": ["1fb715b062ccf9de5c25c245bcb544533e69e5cc29637fc1ab3ba387d8783041", "c8d08659829ab60140d245e63709e00fee646829c16e3cc41c7f5829e4cfe132"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\ACTION CENTER\\CHECKS\\{E8433B72-5842-4D43-8645-BC2C35960837}.CHECK.102", "value_name": "CheckSetting"}, {"hashes": ["1fb715b062ccf9de5c25c245bcb544533e69e5cc29637fc1ab3ba387d8783041", "c8d08659829ab60140d245e63709e00fee646829c16e3cc41c7f5829e4cfe132"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\ACTION CENTER\\CHECKS\\{E8433B72-5842-4D43-8645-BC2C35960837}.CHECK.104", "value_name": "CheckSetting"}, {"hashes": ["24fed6c38a9824901b6bdd426da7b8af3a8e4a0fe20ecc9dc0413dc0456fa653", "b3f9f02ebe8616873663c36216eb7dfb94c28348aed8bfd4b12e30dfb21ceda3"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "GoogleChrome"}, {"hashes": ["c8d08659829ab60140d245e63709e00fee646829c16e3cc41c7f5829e4cfe132"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS MAIL\\MAIL", "value_name": "Safe Attachments"}, {"hashes": ["c8d08659829ab60140d245e63709e00fee646829c16e3cc41c7f5829e4cfe132"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS MAIL\\MAIL", "value_name": "Secure Safe Attachments"}, {"hashes": ["c8d08659829ab60140d245e63709e00fee646829c16e3cc41c7f5829e4cfe132"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\IAM", "value_name": "Default News Account"}, {"hashes": ["c8d08659829ab60140d245e63709e00fee646829c16e3cc41c7f5829e4cfe132"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS MAIL\\MAIL", "value_name": "Welcome Message"}, {"hashes": ["c8d08659829ab60140d245e63709e00fee646829c16e3cc41c7f5829e4cfe132"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS MAIL\\JUNK MAIL\\SAFE SENDERS LIST", "value_name": "Version"}, {"hashes": ["c8d08659829ab60140d245e63709e00fee646829c16e3cc41c7f5829e4cfe132"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS MAIL\\JUNK MAIL\\BLOCK SENDERS LIST", "value_name": "Version"}, {"hashes": ["c8d08659829ab60140d245e63709e00fee646829c16e3cc41c7f5829e4cfe132"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\IDENTITYCRL\\DYNAMIC SALT", "value_name": "Size"}, {"hashes": ["1fb715b062ccf9de5c25c245bcb544533e69e5cc29637fc1ab3ba387d8783041"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\INTERNET EXPLORER\\PHISHINGFILTER", "value_name": "EnabledV8"}, {"hashes": ["1fb715b062ccf9de5c25c245bcb544533e69e5cc29637fc1ab3ba387d8783041"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\INTERNET EXPLORER\\PHISHINGFILTER", "value_name": "ShownServiceDownBalloon"}, {"hashes": ["1fb715b062ccf9de5c25c245bcb544533e69e5cc29637fc1ab3ba387d8783041"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\INTERNET EXPLORER\\RECOVERY", "value_name": "ClearBrowsingHistoryOnExit"}, {"hashes": ["c8d08659829ab60140d245e63709e00fee646829c16e3cc41c7f5829e4cfe132"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS MAIL\\JUNK MAIL", "value_name": null}, {"hashes": ["c8d08659829ab60140d245e63709e00fee646829c16e3cc41c7f5829e4cfe132"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS MAIL\\JUNK MAIL\\SAFE SENDERS LIST", "value_name": null}, {"hashes": ["c8d08659829ab60140d245e63709e00fee646829c16e3cc41c7f5829e4cfe132"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS MAIL\\JUNK MAIL\\BLOCK SENDERS LIST", "value_name": null}, {"hashes": ["c8d08659829ab60140d245e63709e00fee646829c16e3cc41c7f5829e4cfe132"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\IDENTITYCRL\\DYNAMIC SALT", "value_name": null}, {"hashes": ["c8d08659829ab60140d245e63709e00fee646829c16e3cc41c7f5829e4cfe132"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS MAIL", "value_name": "V7StoreMigDone"}, {"hashes": ["c8d08659829ab60140d245e63709e00fee646829c16e3cc41c7f5829e4cfe132"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WAB", "value_name": "NamedPropCount"}, {"hashes": ["c8d08659829ab60140d245e63709e00fee646829c16e3cc41c7f5829e4cfe132"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WAB", "value_name": "NamedProps"}, {"hashes": ["1fb715b062ccf9de5c25c245bcb544533e69e5cc29637fc1ab3ba387d8783041"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT WINDOWS", "value_name": null}, {"hashes": ["1fb715b062ccf9de5c25c245bcb544533e69e5cc29637fc1ab3ba387d8783041"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "3X1U3G4C6CUF8BXVH"}, {"hashes": ["f8aa0ca5b78e08bec43cf32cfdebd205c984089aea6a8eae992ebaccc5275ed8"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS NT\\S88802BCE", "value_name": null}, {"hashes": ["f8aa0ca5b78e08bec43cf32cfdebd205c984089aea6a8eae992ebaccc5275ed8"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS NT\\CCE9B1B1D", "value_name": null}, {"hashes": ["d8db5f1daa88bd981cd63973d4722de43afb51615b549179d105ef215522c7ef"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": ""}, {"hashes": ["3e92f3554be2a8680a7cae2efd2c20fee0b1d6db484641254d478b8ded04721b"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\EXPLORER", "value_name": "948A15A08"}, {"hashes": ["c8d08659829ab60140d245e63709e00fee646829c16e3cc41c7f5829e4cfe132"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "Uniwryohux"}, {"hashes": ["c8d08659829ab60140d245e63709e00fee646829c16e3cc41c7f5829e4cfe132"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\VYEP", "value_name": "Fuansakia"}, {"hashes": ["c8d08659829ab60140d245e63709e00fee646829c16e3cc41c7f5829e4cfe132"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS MAIL", "value_name": "LastBackup"}, {"hashes": ["c8d08659829ab60140d245e63709e00fee646829c16e3cc41c7f5829e4cfe132"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\IDENTITYCRL\\DYNAMIC SALT", "value_name": "Value"}, {"hashes": ["c8d08659829ab60140d245e63709e00fee646829c16e3cc41c7f5829e4cfe132"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\VYEP", "value_name": null}, {"hashes": ["1fb715b062ccf9de5c25c245bcb544533e69e5cc29637fc1ab3ba387d8783041"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT WINDOWS", "value_name": "0000027BFD85420A"}, {"hashes": ["6f37f97fb5191a3c8620809aae280918eb71e626294fb8a7e7af28f5d962ba11"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\EXPLORER", "value_name": "FAFE83C9"}, {"hashes": ["6dab41d09d97f620a989eef25e13b427ee8309591f396cee88f6d6c5bf0e6e4f"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\EXPLORER", "value_name": "6D2350D"}, {"hashes": ["dcb3f43d43ea0dfea07ce6b58165e5521b50a8f19fc4a7a29c45b87302bf7d20"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "2014662700"}, {"hashes": ["a34652554c569c7cc2679cff19695453ce27b6a9464876d3c07c2315af0c305c"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "2014663511"}, {"hashes": ["946623117b13c50185a22a63457e6b0f02abebbe7c174b343cf418e2572e7bbd"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "2014663417"}]}, "reports_count": 20}, "Win.Trojan.Coinminer-9831347-0": {"bis": [{"bi": "antivirus-flagged-artifact", "hashes": ["878ff3e9b12147e55dca4c8127b1bc66ef5c4910e3e57df7817a8ad0c02d7525", "7175ea1a0afcb6a2cb8dac3b7263a7aff00ebe8a9660eb482cdef57ae1aaaafd", "da5bcde9af55cff7df417636d6fb92891c547c7c96c36f97c85546d0c74426f3", "83169da4fbd88a4bff7fafb5f6ca9be332fac5f7f5513729a3c92e11c6b5b1ed", "3e65e3e9ac187c93143bbf23f9a6be19aa7b110e25639fbea95effd3941c7be1", "8a42e4775338cffc0ddd990b1de70461f84368dbdefa55aa78e15f5920d55646", "99e2560e63cee813f91d2da8ea85e9ce5f2b265708bcc6d205b4f874cd8533d5", "a05bef563a2ad48d1bc04c63db5f67257058dec6091f97293a4ad8c7319f9031", "77975542fc965910d42d91a6f55c934127e41ba27336c5689c668d913100d575", "8cac31ffaec8f8037b3426e602554959fc49418f5c3ce8ac0c2a631848d40f1f", "314aef8dcec3607b1fb20c0837e81df510c04e837c96590c564968030e3b0f14", "bfe3f1fbf21954717866408558f9699bb53f5c2d76b5f3a8d98be1bf36b242e3"], "mitre_attack_tags": []}, {"bi": "pe-encrypted-section", "hashes": ["878ff3e9b12147e55dca4c8127b1bc66ef5c4910e3e57df7817a8ad0c02d7525", "7175ea1a0afcb6a2cb8dac3b7263a7aff00ebe8a9660eb482cdef57ae1aaaafd", "da5bcde9af55cff7df417636d6fb92891c547c7c96c36f97c85546d0c74426f3", "83169da4fbd88a4bff7fafb5f6ca9be332fac5f7f5513729a3c92e11c6b5b1ed", "3e65e3e9ac187c93143bbf23f9a6be19aa7b110e25639fbea95effd3941c7be1", "8a42e4775338cffc0ddd990b1de70461f84368dbdefa55aa78e15f5920d55646", "99e2560e63cee813f91d2da8ea85e9ce5f2b265708bcc6d205b4f874cd8533d5", "a05bef563a2ad48d1bc04c63db5f67257058dec6091f97293a4ad8c7319f9031", "77975542fc965910d42d91a6f55c934127e41ba27336c5689c668d913100d575", "8cac31ffaec8f8037b3426e602554959fc49418f5c3ce8ac0c2a631848d40f1f", "314aef8dcec3607b1fb20c0837e81df510c04e837c96590c564968030e3b0f14", "bfe3f1fbf21954717866408558f9699bb53f5c2d76b5f3a8d98be1bf36b242e3"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "memory-execute-readwrite", "hashes": ["878ff3e9b12147e55dca4c8127b1bc66ef5c4910e3e57df7817a8ad0c02d7525", "7175ea1a0afcb6a2cb8dac3b7263a7aff00ebe8a9660eb482cdef57ae1aaaafd", "da5bcde9af55cff7df417636d6fb92891c547c7c96c36f97c85546d0c74426f3", "83169da4fbd88a4bff7fafb5f6ca9be332fac5f7f5513729a3c92e11c6b5b1ed", "3e65e3e9ac187c93143bbf23f9a6be19aa7b110e25639fbea95effd3941c7be1", "8a42e4775338cffc0ddd990b1de70461f84368dbdefa55aa78e15f5920d55646", "99e2560e63cee813f91d2da8ea85e9ce5f2b265708bcc6d205b4f874cd8533d5", "a05bef563a2ad48d1bc04c63db5f67257058dec6091f97293a4ad8c7319f9031", "77975542fc965910d42d91a6f55c934127e41ba27336c5689c668d913100d575", "8cac31ffaec8f8037b3426e602554959fc49418f5c3ce8ac0c2a631848d40f1f", "314aef8dcec3607b1fb20c0837e81df510c04e837c96590c564968030e3b0f14", "bfe3f1fbf21954717866408558f9699bb53f5c2d76b5f3a8d98be1bf36b242e3"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055", "T1181"]}, {"bi": "modified-executable", "hashes": ["878ff3e9b12147e55dca4c8127b1bc66ef5c4910e3e57df7817a8ad0c02d7525", "7175ea1a0afcb6a2cb8dac3b7263a7aff00ebe8a9660eb482cdef57ae1aaaafd", "da5bcde9af55cff7df417636d6fb92891c547c7c96c36f97c85546d0c74426f3", "83169da4fbd88a4bff7fafb5f6ca9be332fac5f7f5513729a3c92e11c6b5b1ed", "3e65e3e9ac187c93143bbf23f9a6be19aa7b110e25639fbea95effd3941c7be1", "8a42e4775338cffc0ddd990b1de70461f84368dbdefa55aa78e15f5920d55646", "99e2560e63cee813f91d2da8ea85e9ce5f2b265708bcc6d205b4f874cd8533d5", "a05bef563a2ad48d1bc04c63db5f67257058dec6091f97293a4ad8c7319f9031", "77975542fc965910d42d91a6f55c934127e41ba27336c5689c668d913100d575", "8cac31ffaec8f8037b3426e602554959fc49418f5c3ce8ac0c2a631848d40f1f", "314aef8dcec3607b1fb20c0837e81df510c04e837c96590c564968030e3b0f14", "bfe3f1fbf21954717866408558f9699bb53f5c2d76b5f3a8d98be1bf36b242e3"], "mitre_attack_tags": []}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["878ff3e9b12147e55dca4c8127b1bc66ef5c4910e3e57df7817a8ad0c02d7525", "7175ea1a0afcb6a2cb8dac3b7263a7aff00ebe8a9660eb482cdef57ae1aaaafd", "da5bcde9af55cff7df417636d6fb92891c547c7c96c36f97c85546d0c74426f3", "83169da4fbd88a4bff7fafb5f6ca9be332fac5f7f5513729a3c92e11c6b5b1ed", "3e65e3e9ac187c93143bbf23f9a6be19aa7b110e25639fbea95effd3941c7be1", "8a42e4775338cffc0ddd990b1de70461f84368dbdefa55aa78e15f5920d55646", "99e2560e63cee813f91d2da8ea85e9ce5f2b265708bcc6d205b4f874cd8533d5", "a05bef563a2ad48d1bc04c63db5f67257058dec6091f97293a4ad8c7319f9031", "77975542fc965910d42d91a6f55c934127e41ba27336c5689c668d913100d575", "8cac31ffaec8f8037b3426e602554959fc49418f5c3ce8ac0c2a631848d40f1f", "314aef8dcec3607b1fb20c0837e81df510c04e837c96590c564968030e3b0f14", "bfe3f1fbf21954717866408558f9699bb53f5c2d76b5f3a8d98be1bf36b242e3"], "mitre_attack_tags": []}, {"bi": "pe-invalid-checksum", "hashes": ["878ff3e9b12147e55dca4c8127b1bc66ef5c4910e3e57df7817a8ad0c02d7525", "7175ea1a0afcb6a2cb8dac3b7263a7aff00ebe8a9660eb482cdef57ae1aaaafd", "da5bcde9af55cff7df417636d6fb92891c547c7c96c36f97c85546d0c74426f3", "83169da4fbd88a4bff7fafb5f6ca9be332fac5f7f5513729a3c92e11c6b5b1ed", "3e65e3e9ac187c93143bbf23f9a6be19aa7b110e25639fbea95effd3941c7be1", "8a42e4775338cffc0ddd990b1de70461f84368dbdefa55aa78e15f5920d55646", "99e2560e63cee813f91d2da8ea85e9ce5f2b265708bcc6d205b4f874cd8533d5", "a05bef563a2ad48d1bc04c63db5f67257058dec6091f97293a4ad8c7319f9031", "77975542fc965910d42d91a6f55c934127e41ba27336c5689c668d913100d575", "8cac31ffaec8f8037b3426e602554959fc49418f5c3ce8ac0c2a631848d40f1f", "314aef8dcec3607b1fb20c0837e81df510c04e837c96590c564968030e3b0f14", "bfe3f1fbf21954717866408558f9699bb53f5c2d76b5f3a8d98be1bf36b242e3"], "mitre_attack_tags": []}, {"bi": "cta-static-analyzer-malicious", "hashes": ["878ff3e9b12147e55dca4c8127b1bc66ef5c4910e3e57df7817a8ad0c02d7525", "7175ea1a0afcb6a2cb8dac3b7263a7aff00ebe8a9660eb482cdef57ae1aaaafd", "da5bcde9af55cff7df417636d6fb92891c547c7c96c36f97c85546d0c74426f3", "83169da4fbd88a4bff7fafb5f6ca9be332fac5f7f5513729a3c92e11c6b5b1ed", "3e65e3e9ac187c93143bbf23f9a6be19aa7b110e25639fbea95effd3941c7be1", "8a42e4775338cffc0ddd990b1de70461f84368dbdefa55aa78e15f5920d55646", "99e2560e63cee813f91d2da8ea85e9ce5f2b265708bcc6d205b4f874cd8533d5", "a05bef563a2ad48d1bc04c63db5f67257058dec6091f97293a4ad8c7319f9031", "77975542fc965910d42d91a6f55c934127e41ba27336c5689c668d913100d575", "8cac31ffaec8f8037b3426e602554959fc49418f5c3ce8ac0c2a631848d40f1f", "314aef8dcec3607b1fb20c0837e81df510c04e837c96590c564968030e3b0f14", "bfe3f1fbf21954717866408558f9699bb53f5c2d76b5f3a8d98be1bf36b242e3"], "mitre_attack_tags": []}, {"bi": "artifact-flagged-anomaly", "hashes": ["878ff3e9b12147e55dca4c8127b1bc66ef5c4910e3e57df7817a8ad0c02d7525", "7175ea1a0afcb6a2cb8dac3b7263a7aff00ebe8a9660eb482cdef57ae1aaaafd", "da5bcde9af55cff7df417636d6fb92891c547c7c96c36f97c85546d0c74426f3", "83169da4fbd88a4bff7fafb5f6ca9be332fac5f7f5513729a3c92e11c6b5b1ed", "3e65e3e9ac187c93143bbf23f9a6be19aa7b110e25639fbea95effd3941c7be1", "8a42e4775338cffc0ddd990b1de70461f84368dbdefa55aa78e15f5920d55646", "99e2560e63cee813f91d2da8ea85e9ce5f2b265708bcc6d205b4f874cd8533d5", "a05bef563a2ad48d1bc04c63db5f67257058dec6091f97293a4ad8c7319f9031", "77975542fc965910d42d91a6f55c934127e41ba27336c5689c668d913100d575", "8cac31ffaec8f8037b3426e602554959fc49418f5c3ce8ac0c2a631848d40f1f", "314aef8dcec3607b1fb20c0837e81df510c04e837c96590c564968030e3b0f14", "bfe3f1fbf21954717866408558f9699bb53f5c2d76b5f3a8d98be1bf36b242e3"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-filename-mismatch", "hashes": ["878ff3e9b12147e55dca4c8127b1bc66ef5c4910e3e57df7817a8ad0c02d7525", "7175ea1a0afcb6a2cb8dac3b7263a7aff00ebe8a9660eb482cdef57ae1aaaafd", "da5bcde9af55cff7df417636d6fb92891c547c7c96c36f97c85546d0c74426f3", "83169da4fbd88a4bff7fafb5f6ca9be332fac5f7f5513729a3c92e11c6b5b1ed", "3e65e3e9ac187c93143bbf23f9a6be19aa7b110e25639fbea95effd3941c7be1", "8a42e4775338cffc0ddd990b1de70461f84368dbdefa55aa78e15f5920d55646", "99e2560e63cee813f91d2da8ea85e9ce5f2b265708bcc6d205b4f874cd8533d5", "a05bef563a2ad48d1bc04c63db5f67257058dec6091f97293a4ad8c7319f9031", "77975542fc965910d42d91a6f55c934127e41ba27336c5689c668d913100d575", "8cac31ffaec8f8037b3426e602554959fc49418f5c3ce8ac0c2a631848d40f1f", "314aef8dcec3607b1fb20c0837e81df510c04e837c96590c564968030e3b0f14", "bfe3f1fbf21954717866408558f9699bb53f5c2d76b5f3a8d98be1bf36b242e3"], "mitre_attack_tags": []}, {"bi": "registry-service-with-autostart-created", "hashes": ["878ff3e9b12147e55dca4c8127b1bc66ef5c4910e3e57df7817a8ad0c02d7525", "7175ea1a0afcb6a2cb8dac3b7263a7aff00ebe8a9660eb482cdef57ae1aaaafd", "da5bcde9af55cff7df417636d6fb92891c547c7c96c36f97c85546d0c74426f3", "83169da4fbd88a4bff7fafb5f6ca9be332fac5f7f5513729a3c92e11c6b5b1ed", "3e65e3e9ac187c93143bbf23f9a6be19aa7b110e25639fbea95effd3941c7be1", "8a42e4775338cffc0ddd990b1de70461f84368dbdefa55aa78e15f5920d55646", "99e2560e63cee813f91d2da8ea85e9ce5f2b265708bcc6d205b4f874cd8533d5", "a05bef563a2ad48d1bc04c63db5f67257058dec6091f97293a4ad8c7319f9031", "77975542fc965910d42d91a6f55c934127e41ba27336c5689c668d913100d575", "8cac31ffaec8f8037b3426e602554959fc49418f5c3ce8ac0c2a631848d40f1f", "314aef8dcec3607b1fb20c0837e81df510c04e837c96590c564968030e3b0f14", "bfe3f1fbf21954717866408558f9699bb53f5c2d76b5f3a8d98be1bf36b242e3"], "mitre_attack_tags": ["TA0005", "TA0003", "TA0004", "T1112", "T1574"]}, {"bi": "currentcontrolset-service-added", "hashes": ["878ff3e9b12147e55dca4c8127b1bc66ef5c4910e3e57df7817a8ad0c02d7525", "7175ea1a0afcb6a2cb8dac3b7263a7aff00ebe8a9660eb482cdef57ae1aaaafd", "da5bcde9af55cff7df417636d6fb92891c547c7c96c36f97c85546d0c74426f3", "83169da4fbd88a4bff7fafb5f6ca9be332fac5f7f5513729a3c92e11c6b5b1ed", "3e65e3e9ac187c93143bbf23f9a6be19aa7b110e25639fbea95effd3941c7be1", "8a42e4775338cffc0ddd990b1de70461f84368dbdefa55aa78e15f5920d55646", "99e2560e63cee813f91d2da8ea85e9ce5f2b265708bcc6d205b4f874cd8533d5", "a05bef563a2ad48d1bc04c63db5f67257058dec6091f97293a4ad8c7319f9031", "77975542fc965910d42d91a6f55c934127e41ba27336c5689c668d913100d575", "8cac31ffaec8f8037b3426e602554959fc49418f5c3ce8ac0c2a631848d40f1f", "314aef8dcec3607b1fb20c0837e81df510c04e837c96590c564968030e3b0f14", "bfe3f1fbf21954717866408558f9699bb53f5c2d76b5f3a8d98be1bf36b242e3"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1569", "T1547"]}, {"bi": "process-long-cmdline", "hashes": ["878ff3e9b12147e55dca4c8127b1bc66ef5c4910e3e57df7817a8ad0c02d7525", "7175ea1a0afcb6a2cb8dac3b7263a7aff00ebe8a9660eb482cdef57ae1aaaafd", "da5bcde9af55cff7df417636d6fb92891c547c7c96c36f97c85546d0c74426f3", "83169da4fbd88a4bff7fafb5f6ca9be332fac5f7f5513729a3c92e11c6b5b1ed", "3e65e3e9ac187c93143bbf23f9a6be19aa7b110e25639fbea95effd3941c7be1", "8a42e4775338cffc0ddd990b1de70461f84368dbdefa55aa78e15f5920d55646", "99e2560e63cee813f91d2da8ea85e9ce5f2b265708bcc6d205b4f874cd8533d5", "a05bef563a2ad48d1bc04c63db5f67257058dec6091f97293a4ad8c7319f9031", "77975542fc965910d42d91a6f55c934127e41ba27336c5689c668d913100d575", "8cac31ffaec8f8037b3426e602554959fc49418f5c3ce8ac0c2a631848d40f1f", "314aef8dcec3607b1fb20c0837e81df510c04e837c96590c564968030e3b0f14", "bfe3f1fbf21954717866408558f9699bb53f5c2d76b5f3a8d98be1bf36b242e3"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "network-fast-flux-domain", "hashes": ["878ff3e9b12147e55dca4c8127b1bc66ef5c4910e3e57df7817a8ad0c02d7525", "7175ea1a0afcb6a2cb8dac3b7263a7aff00ebe8a9660eb482cdef57ae1aaaafd", "da5bcde9af55cff7df417636d6fb92891c547c7c96c36f97c85546d0c74426f3", "83169da4fbd88a4bff7fafb5f6ca9be332fac5f7f5513729a3c92e11c6b5b1ed", "3e65e3e9ac187c93143bbf23f9a6be19aa7b110e25639fbea95effd3941c7be1", "8a42e4775338cffc0ddd990b1de70461f84368dbdefa55aa78e15f5920d55646", "99e2560e63cee813f91d2da8ea85e9ce5f2b265708bcc6d205b4f874cd8533d5", "a05bef563a2ad48d1bc04c63db5f67257058dec6091f97293a4ad8c7319f9031", "77975542fc965910d42d91a6f55c934127e41ba27336c5689c668d913100d575", "8cac31ffaec8f8037b3426e602554959fc49418f5c3ce8ac0c2a631848d40f1f", "314aef8dcec3607b1fb20c0837e81df510c04e837c96590c564968030e3b0f14", "bfe3f1fbf21954717866408558f9699bb53f5c2d76b5f3a8d98be1bf36b242e3"], "mitre_attack_tags": []}, {"bi": "hook-installed", "hashes": ["878ff3e9b12147e55dca4c8127b1bc66ef5c4910e3e57df7817a8ad0c02d7525", "7175ea1a0afcb6a2cb8dac3b7263a7aff00ebe8a9660eb482cdef57ae1aaaafd", "da5bcde9af55cff7df417636d6fb92891c547c7c96c36f97c85546d0c74426f3", "83169da4fbd88a4bff7fafb5f6ca9be332fac5f7f5513729a3c92e11c6b5b1ed", "3e65e3e9ac187c93143bbf23f9a6be19aa7b110e25639fbea95effd3941c7be1", "8a42e4775338cffc0ddd990b1de70461f84368dbdefa55aa78e15f5920d55646", "99e2560e63cee813f91d2da8ea85e9ce5f2b265708bcc6d205b4f874cd8533d5", "a05bef563a2ad48d1bc04c63db5f67257058dec6091f97293a4ad8c7319f9031", "77975542fc965910d42d91a6f55c934127e41ba27336c5689c668d913100d575", "8cac31ffaec8f8037b3426e602554959fc49418f5c3ce8ac0c2a631848d40f1f", "314aef8dcec3607b1fb20c0837e81df510c04e837c96590c564968030e3b0f14", "bfe3f1fbf21954717866408558f9699bb53f5c2d76b5f3a8d98be1bf36b242e3"], "mitre_attack_tags": ["TA0009", "TA0006", "T1056"]}, {"bi": "deleted-submitted-file", "hashes": ["878ff3e9b12147e55dca4c8127b1bc66ef5c4910e3e57df7817a8ad0c02d7525", "7175ea1a0afcb6a2cb8dac3b7263a7aff00ebe8a9660eb482cdef57ae1aaaafd", "da5bcde9af55cff7df417636d6fb92891c547c7c96c36f97c85546d0c74426f3", "83169da4fbd88a4bff7fafb5f6ca9be332fac5f7f5513729a3c92e11c6b5b1ed", "3e65e3e9ac187c93143bbf23f9a6be19aa7b110e25639fbea95effd3941c7be1", "8a42e4775338cffc0ddd990b1de70461f84368dbdefa55aa78e15f5920d55646", "99e2560e63cee813f91d2da8ea85e9ce5f2b265708bcc6d205b4f874cd8533d5", "a05bef563a2ad48d1bc04c63db5f67257058dec6091f97293a4ad8c7319f9031", "77975542fc965910d42d91a6f55c934127e41ba27336c5689c668d913100d575", "8cac31ffaec8f8037b3426e602554959fc49418f5c3ce8ac0c2a631848d40f1f", "314aef8dcec3607b1fb20c0837e81df510c04e837c96590c564968030e3b0f14", "bfe3f1fbf21954717866408558f9699bb53f5c2d76b5f3a8d98be1bf36b242e3"], "mitre_attack_tags": ["TA0005", "T1107"]}, {"bi": "altered-sample-snort-flagged", "hashes": ["878ff3e9b12147e55dca4c8127b1bc66ef5c4910e3e57df7817a8ad0c02d7525", "7175ea1a0afcb6a2cb8dac3b7263a7aff00ebe8a9660eb482cdef57ae1aaaafd", "da5bcde9af55cff7df417636d6fb92891c547c7c96c36f97c85546d0c74426f3", "83169da4fbd88a4bff7fafb5f6ca9be332fac5f7f5513729a3c92e11c6b5b1ed", "3e65e3e9ac187c93143bbf23f9a6be19aa7b110e25639fbea95effd3941c7be1", "8a42e4775338cffc0ddd990b1de70461f84368dbdefa55aa78e15f5920d55646", "99e2560e63cee813f91d2da8ea85e9ce5f2b265708bcc6d205b4f874cd8533d5", "a05bef563a2ad48d1bc04c63db5f67257058dec6091f97293a4ad8c7319f9031", "77975542fc965910d42d91a6f55c934127e41ba27336c5689c668d913100d575", "8cac31ffaec8f8037b3426e602554959fc49418f5c3ce8ac0c2a631848d40f1f", "314aef8dcec3607b1fb20c0837e81df510c04e837c96590c564968030e3b0f14", "bfe3f1fbf21954717866408558f9699bb53f5c2d76b5f3a8d98be1bf36b242e3"], "mitre_attack_tags": ["TA0011", "T1102"]}, {"bi": "altered-sample-dns-flagged", "hashes": ["878ff3e9b12147e55dca4c8127b1bc66ef5c4910e3e57df7817a8ad0c02d7525", "7175ea1a0afcb6a2cb8dac3b7263a7aff00ebe8a9660eb482cdef57ae1aaaafd", "da5bcde9af55cff7df417636d6fb92891c547c7c96c36f97c85546d0c74426f3", "83169da4fbd88a4bff7fafb5f6ca9be332fac5f7f5513729a3c92e11c6b5b1ed", "3e65e3e9ac187c93143bbf23f9a6be19aa7b110e25639fbea95effd3941c7be1", "8a42e4775338cffc0ddd990b1de70461f84368dbdefa55aa78e15f5920d55646", "99e2560e63cee813f91d2da8ea85e9ce5f2b265708bcc6d205b4f874cd8533d5", "a05bef563a2ad48d1bc04c63db5f67257058dec6091f97293a4ad8c7319f9031", "77975542fc965910d42d91a6f55c934127e41ba27336c5689c668d913100d575", "8cac31ffaec8f8037b3426e602554959fc49418f5c3ce8ac0c2a631848d40f1f", "314aef8dcec3607b1fb20c0837e81df510c04e837c96590c564968030e3b0f14", "bfe3f1fbf21954717866408558f9699bb53f5c2d76b5f3a8d98be1bf36b242e3"], "mitre_attack_tags": ["TA0011", "T1102"]}, {"bi": "potential-registry-persistence", "hashes": ["878ff3e9b12147e55dca4c8127b1bc66ef5c4910e3e57df7817a8ad0c02d7525", "7175ea1a0afcb6a2cb8dac3b7263a7aff00ebe8a9660eb482cdef57ae1aaaafd", "da5bcde9af55cff7df417636d6fb92891c547c7c96c36f97c85546d0c74426f3", "83169da4fbd88a4bff7fafb5f6ca9be332fac5f7f5513729a3c92e11c6b5b1ed", "3e65e3e9ac187c93143bbf23f9a6be19aa7b110e25639fbea95effd3941c7be1", "8a42e4775338cffc0ddd990b1de70461f84368dbdefa55aa78e15f5920d55646", "99e2560e63cee813f91d2da8ea85e9ce5f2b265708bcc6d205b4f874cd8533d5", "a05bef563a2ad48d1bc04c63db5f67257058dec6091f97293a4ad8c7319f9031", "77975542fc965910d42d91a6f55c934127e41ba27336c5689c668d913100d575", "8cac31ffaec8f8037b3426e602554959fc49418f5c3ce8ac0c2a631848d40f1f", "314aef8dcec3607b1fb20c0837e81df510c04e837c96590c564968030e3b0f14", "bfe3f1fbf21954717866408558f9699bb53f5c2d76b5f3a8d98be1bf36b242e3"], "mitre_attack_tags": []}, {"bi": "modified-file-in-program-dir", "hashes": ["878ff3e9b12147e55dca4c8127b1bc66ef5c4910e3e57df7817a8ad0c02d7525", "7175ea1a0afcb6a2cb8dac3b7263a7aff00ebe8a9660eb482cdef57ae1aaaafd", "da5bcde9af55cff7df417636d6fb92891c547c7c96c36f97c85546d0c74426f3", "83169da4fbd88a4bff7fafb5f6ca9be332fac5f7f5513729a3c92e11c6b5b1ed", "3e65e3e9ac187c93143bbf23f9a6be19aa7b110e25639fbea95effd3941c7be1", "8a42e4775338cffc0ddd990b1de70461f84368dbdefa55aa78e15f5920d55646", "99e2560e63cee813f91d2da8ea85e9ce5f2b265708bcc6d205b4f874cd8533d5", "a05bef563a2ad48d1bc04c63db5f67257058dec6091f97293a4ad8c7319f9031", "77975542fc965910d42d91a6f55c934127e41ba27336c5689c668d913100d575", "8cac31ffaec8f8037b3426e602554959fc49418f5c3ce8ac0c2a631848d40f1f", "314aef8dcec3607b1fb20c0837e81df510c04e837c96590c564968030e3b0f14", "bfe3f1fbf21954717866408558f9699bb53f5c2d76b5f3a8d98be1bf36b242e3"], "mitre_attack_tags": []}, {"bi": "imports-IsDebuggerPresent", "hashes": ["878ff3e9b12147e55dca4c8127b1bc66ef5c4910e3e57df7817a8ad0c02d7525", "7175ea1a0afcb6a2cb8dac3b7263a7aff00ebe8a9660eb482cdef57ae1aaaafd", "da5bcde9af55cff7df417636d6fb92891c547c7c96c36f97c85546d0c74426f3", "83169da4fbd88a4bff7fafb5f6ca9be332fac5f7f5513729a3c92e11c6b5b1ed", "3e65e3e9ac187c93143bbf23f9a6be19aa7b110e25639fbea95effd3941c7be1", "8a42e4775338cffc0ddd990b1de70461f84368dbdefa55aa78e15f5920d55646", "99e2560e63cee813f91d2da8ea85e9ce5f2b265708bcc6d205b4f874cd8533d5", "a05bef563a2ad48d1bc04c63db5f67257058dec6091f97293a4ad8c7319f9031", "77975542fc965910d42d91a6f55c934127e41ba27336c5689c668d913100d575", "8cac31ffaec8f8037b3426e602554959fc49418f5c3ce8ac0c2a631848d40f1f", "314aef8dcec3607b1fb20c0837e81df510c04e837c96590c564968030e3b0f14", "bfe3f1fbf21954717866408558f9699bb53f5c2d76b5f3a8d98be1bf36b242e3"], "mitre_attack_tags": []}, {"bi": "pe-imports-psapi-dll", "hashes": ["878ff3e9b12147e55dca4c8127b1bc66ef5c4910e3e57df7817a8ad0c02d7525", "7175ea1a0afcb6a2cb8dac3b7263a7aff00ebe8a9660eb482cdef57ae1aaaafd", "da5bcde9af55cff7df417636d6fb92891c547c7c96c36f97c85546d0c74426f3", "83169da4fbd88a4bff7fafb5f6ca9be332fac5f7f5513729a3c92e11c6b5b1ed", "3e65e3e9ac187c93143bbf23f9a6be19aa7b110e25639fbea95effd3941c7be1", "8a42e4775338cffc0ddd990b1de70461f84368dbdefa55aa78e15f5920d55646", "99e2560e63cee813f91d2da8ea85e9ce5f2b265708bcc6d205b4f874cd8533d5", "a05bef563a2ad48d1bc04c63db5f67257058dec6091f97293a4ad8c7319f9031", "77975542fc965910d42d91a6f55c934127e41ba27336c5689c668d913100d575", "8cac31ffaec8f8037b3426e602554959fc49418f5c3ce8ac0c2a631848d40f1f", "314aef8dcec3607b1fb20c0837e81df510c04e837c96590c564968030e3b0f14", "bfe3f1fbf21954717866408558f9699bb53f5c2d76b5f3a8d98be1bf36b242e3"], "mitre_attack_tags": ["TA0007", "T1057"]}, {"bi": "pe-tls-callback", "hashes": ["878ff3e9b12147e55dca4c8127b1bc66ef5c4910e3e57df7817a8ad0c02d7525", "7175ea1a0afcb6a2cb8dac3b7263a7aff00ebe8a9660eb482cdef57ae1aaaafd", "da5bcde9af55cff7df417636d6fb92891c547c7c96c36f97c85546d0c74426f3", "83169da4fbd88a4bff7fafb5f6ca9be332fac5f7f5513729a3c92e11c6b5b1ed", "3e65e3e9ac187c93143bbf23f9a6be19aa7b110e25639fbea95effd3941c7be1", "8a42e4775338cffc0ddd990b1de70461f84368dbdefa55aa78e15f5920d55646", "99e2560e63cee813f91d2da8ea85e9ce5f2b265708bcc6d205b4f874cd8533d5", "a05bef563a2ad48d1bc04c63db5f67257058dec6091f97293a4ad8c7319f9031", "77975542fc965910d42d91a6f55c934127e41ba27336c5689c668d913100d575", "8cac31ffaec8f8037b3426e602554959fc49418f5c3ce8ac0c2a631848d40f1f", "314aef8dcec3607b1fb20c0837e81df510c04e837c96590c564968030e3b0f14", "bfe3f1fbf21954717866408558f9699bb53f5c2d76b5f3a8d98be1bf36b242e3"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-imports-toolhelp", "hashes": ["878ff3e9b12147e55dca4c8127b1bc66ef5c4910e3e57df7817a8ad0c02d7525", "7175ea1a0afcb6a2cb8dac3b7263a7aff00ebe8a9660eb482cdef57ae1aaaafd", "da5bcde9af55cff7df417636d6fb92891c547c7c96c36f97c85546d0c74426f3", "83169da4fbd88a4bff7fafb5f6ca9be332fac5f7f5513729a3c92e11c6b5b1ed", "3e65e3e9ac187c93143bbf23f9a6be19aa7b110e25639fbea95effd3941c7be1", "8a42e4775338cffc0ddd990b1de70461f84368dbdefa55aa78e15f5920d55646", "99e2560e63cee813f91d2da8ea85e9ce5f2b265708bcc6d205b4f874cd8533d5", "a05bef563a2ad48d1bc04c63db5f67257058dec6091f97293a4ad8c7319f9031", "77975542fc965910d42d91a6f55c934127e41ba27336c5689c668d913100d575", "8cac31ffaec8f8037b3426e602554959fc49418f5c3ce8ac0c2a631848d40f1f", "314aef8dcec3607b1fb20c0837e81df510c04e837c96590c564968030e3b0f14", "bfe3f1fbf21954717866408558f9699bb53f5c2d76b5f3a8d98be1bf36b242e3"], "mitre_attack_tags": ["TA0007", "T1057"]}, {"bi": "network-dns-category-cryptomining", "hashes": ["878ff3e9b12147e55dca4c8127b1bc66ef5c4910e3e57df7817a8ad0c02d7525", "7175ea1a0afcb6a2cb8dac3b7263a7aff00ebe8a9660eb482cdef57ae1aaaafd", "da5bcde9af55cff7df417636d6fb92891c547c7c96c36f97c85546d0c74426f3", "83169da4fbd88a4bff7fafb5f6ca9be332fac5f7f5513729a3c92e11c6b5b1ed", "3e65e3e9ac187c93143bbf23f9a6be19aa7b110e25639fbea95effd3941c7be1", "8a42e4775338cffc0ddd990b1de70461f84368dbdefa55aa78e15f5920d55646", "99e2560e63cee813f91d2da8ea85e9ce5f2b265708bcc6d205b4f874cd8533d5", "a05bef563a2ad48d1bc04c63db5f67257058dec6091f97293a4ad8c7319f9031", "77975542fc965910d42d91a6f55c934127e41ba27336c5689c668d913100d575", "8cac31ffaec8f8037b3426e602554959fc49418f5c3ce8ac0c2a631848d40f1f", "314aef8dcec3607b1fb20c0837e81df510c04e837c96590c564968030e3b0f14", "bfe3f1fbf21954717866408558f9699bb53f5c2d76b5f3a8d98be1bf36b242e3"], "mitre_attack_tags": []}, {"bi": "network-snort-pua", "hashes": ["878ff3e9b12147e55dca4c8127b1bc66ef5c4910e3e57df7817a8ad0c02d7525", "7175ea1a0afcb6a2cb8dac3b7263a7aff00ebe8a9660eb482cdef57ae1aaaafd", "da5bcde9af55cff7df417636d6fb92891c547c7c96c36f97c85546d0c74426f3", "83169da4fbd88a4bff7fafb5f6ca9be332fac5f7f5513729a3c92e11c6b5b1ed", "3e65e3e9ac187c93143bbf23f9a6be19aa7b110e25639fbea95effd3941c7be1", "8a42e4775338cffc0ddd990b1de70461f84368dbdefa55aa78e15f5920d55646", "99e2560e63cee813f91d2da8ea85e9ce5f2b265708bcc6d205b4f874cd8533d5", "a05bef563a2ad48d1bc04c63db5f67257058dec6091f97293a4ad8c7319f9031", "77975542fc965910d42d91a6f55c934127e41ba27336c5689c668d913100d575", "8cac31ffaec8f8037b3426e602554959fc49418f5c3ce8ac0c2a631848d40f1f", "314aef8dcec3607b1fb20c0837e81df510c04e837c96590c564968030e3b0f14", "bfe3f1fbf21954717866408558f9699bb53f5c2d76b5f3a8d98be1bf36b242e3"], "mitre_attack_tags": []}, {"bi": "new-service-launched", "hashes": ["878ff3e9b12147e55dca4c8127b1bc66ef5c4910e3e57df7817a8ad0c02d7525", "7175ea1a0afcb6a2cb8dac3b7263a7aff00ebe8a9660eb482cdef57ae1aaaafd", "da5bcde9af55cff7df417636d6fb92891c547c7c96c36f97c85546d0c74426f3", "83169da4fbd88a4bff7fafb5f6ca9be332fac5f7f5513729a3c92e11c6b5b1ed", "3e65e3e9ac187c93143bbf23f9a6be19aa7b110e25639fbea95effd3941c7be1", "8a42e4775338cffc0ddd990b1de70461f84368dbdefa55aa78e15f5920d55646", "99e2560e63cee813f91d2da8ea85e9ce5f2b265708bcc6d205b4f874cd8533d5", "a05bef563a2ad48d1bc04c63db5f67257058dec6091f97293a4ad8c7319f9031", "77975542fc965910d42d91a6f55c934127e41ba27336c5689c668d913100d575", "8cac31ffaec8f8037b3426e602554959fc49418f5c3ce8ac0c2a631848d40f1f", "314aef8dcec3607b1fb20c0837e81df510c04e837c96590c564968030e3b0f14", "bfe3f1fbf21954717866408558f9699bb53f5c2d76b5f3a8d98be1bf36b242e3"], "mitre_attack_tags": ["TA0002", "T1569"]}, {"bi": "network-dns-category-harmful", "hashes": ["878ff3e9b12147e55dca4c8127b1bc66ef5c4910e3e57df7817a8ad0c02d7525", "7175ea1a0afcb6a2cb8dac3b7263a7aff00ebe8a9660eb482cdef57ae1aaaafd", "da5bcde9af55cff7df417636d6fb92891c547c7c96c36f97c85546d0c74426f3", "83169da4fbd88a4bff7fafb5f6ca9be332fac5f7f5513729a3c92e11c6b5b1ed", "3e65e3e9ac187c93143bbf23f9a6be19aa7b110e25639fbea95effd3941c7be1", "8a42e4775338cffc0ddd990b1de70461f84368dbdefa55aa78e15f5920d55646", "99e2560e63cee813f91d2da8ea85e9ce5f2b265708bcc6d205b4f874cd8533d5", "a05bef563a2ad48d1bc04c63db5f67257058dec6091f97293a4ad8c7319f9031", "77975542fc965910d42d91a6f55c934127e41ba27336c5689c668d913100d575", "8cac31ffaec8f8037b3426e602554959fc49418f5c3ce8ac0c2a631848d40f1f", "314aef8dcec3607b1fb20c0837e81df510c04e837c96590c564968030e3b0f14", "bfe3f1fbf21954717866408558f9699bb53f5c2d76b5f3a8d98be1bf36b242e3"], "mitre_attack_tags": []}, {"bi": "cryptominer-pool-contacted", "hashes": ["878ff3e9b12147e55dca4c8127b1bc66ef5c4910e3e57df7817a8ad0c02d7525", "7175ea1a0afcb6a2cb8dac3b7263a7aff00ebe8a9660eb482cdef57ae1aaaafd", "da5bcde9af55cff7df417636d6fb92891c547c7c96c36f97c85546d0c74426f3", "83169da4fbd88a4bff7fafb5f6ca9be332fac5f7f5513729a3c92e11c6b5b1ed", "3e65e3e9ac187c93143bbf23f9a6be19aa7b110e25639fbea95effd3941c7be1", "8a42e4775338cffc0ddd990b1de70461f84368dbdefa55aa78e15f5920d55646", "99e2560e63cee813f91d2da8ea85e9ce5f2b265708bcc6d205b4f874cd8533d5", "a05bef563a2ad48d1bc04c63db5f67257058dec6091f97293a4ad8c7319f9031", "77975542fc965910d42d91a6f55c934127e41ba27336c5689c668d913100d575", "8cac31ffaec8f8037b3426e602554959fc49418f5c3ce8ac0c2a631848d40f1f", "314aef8dcec3607b1fb20c0837e81df510c04e837c96590c564968030e3b0f14", "bfe3f1fbf21954717866408558f9699bb53f5c2d76b5f3a8d98be1bf36b242e3"], "mitre_attack_tags": ["TA0011", "T1571"]}], "category": "Trojan", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": true, "Threat Grid": true, "Umbrella": false, "WSA": false}, "description": "This malware installs and executes cryptocurrency mining software. You can read more about this kind of threat on our blog https://blog.talosintelligence.com/2018/07/blocking-cryptomining.html.", "hashes": ["314aef8dcec3607b1fb20c0837e81df510c04e837c96590c564968030e3b0f14", "3e65e3e9ac187c93143bbf23f9a6be19aa7b110e25639fbea95effd3941c7be1", "7175ea1a0afcb6a2cb8dac3b7263a7aff00ebe8a9660eb482cdef57ae1aaaafd", "77975542fc965910d42d91a6f55c934127e41ba27336c5689c668d913100d575", "83169da4fbd88a4bff7fafb5f6ca9be332fac5f7f5513729a3c92e11c6b5b1ed", "878ff3e9b12147e55dca4c8127b1bc66ef5c4910e3e57df7817a8ad0c02d7525", "8a42e4775338cffc0ddd990b1de70461f84368dbdefa55aa78e15f5920d55646", "8cac31ffaec8f8037b3426e602554959fc49418f5c3ce8ac0c2a631848d40f1f", "99e2560e63cee813f91d2da8ea85e9ce5f2b265708bcc6d205b4f874cd8533d5", "a05bef563a2ad48d1bc04c63db5f67257058dec6091f97293a4ad8c7319f9031", "bfe3f1fbf21954717866408558f9699bb53f5c2d76b5f3a8d98be1bf36b242e3", "da5bcde9af55cff7df417636d6fb92891c547c7c96c36f97c85546d0c74426f3"], "iocs": {"domain": [{"hashes": ["314aef8dcec3607b1fb20c0837e81df510c04e837c96590c564968030e3b0f14", "3e65e3e9ac187c93143bbf23f9a6be19aa7b110e25639fbea95effd3941c7be1", "7175ea1a0afcb6a2cb8dac3b7263a7aff00ebe8a9660eb482cdef57ae1aaaafd", "77975542fc965910d42d91a6f55c934127e41ba27336c5689c668d913100d575", "83169da4fbd88a4bff7fafb5f6ca9be332fac5f7f5513729a3c92e11c6b5b1ed", "878ff3e9b12147e55dca4c8127b1bc66ef5c4910e3e57df7817a8ad0c02d7525", "8cac31ffaec8f8037b3426e602554959fc49418f5c3ce8ac0c2a631848d40f1f", "a05bef563a2ad48d1bc04c63db5f67257058dec6091f97293a4ad8c7319f9031", "bfe3f1fbf21954717866408558f9699bb53f5c2d76b5f3a8d98be1bf36b242e3"], "host": "xmr[.]crypto-pool[.]fr"}], "file": [{"hashes": ["7175ea1a0afcb6a2cb8dac3b7263a7aff00ebe8a9660eb482cdef57ae1aaaafd", "77975542fc965910d42d91a6f55c934127e41ba27336c5689c668d913100d575", "8cac31ffaec8f8037b3426e602554959fc49418f5c3ce8ac0c2a631848d40f1f", "99e2560e63cee813f91d2da8ea85e9ce5f2b265708bcc6d205b4f874cd8533d5", "a05bef563a2ad48d1bc04c63db5f67257058dec6091f97293a4ad8c7319f9031", "bfe3f1fbf21954717866408558f9699bb53f5c2d76b5f3a8d98be1bf36b242e3"], "path": "%ProgramFiles(x86)%\\Baofeng\\sllyuncher.exe"}, {"hashes": ["7175ea1a0afcb6a2cb8dac3b7263a7aff00ebe8a9660eb482cdef57ae1aaaafd", "77975542fc965910d42d91a6f55c934127e41ba27336c5689c668d913100d575", "8cac31ffaec8f8037b3426e602554959fc49418f5c3ce8ac0c2a631848d40f1f", "99e2560e63cee813f91d2da8ea85e9ce5f2b265708bcc6d205b4f874cd8533d5", "a05bef563a2ad48d1bc04c63db5f67257058dec6091f97293a4ad8c7319f9031", "bfe3f1fbf21954717866408558f9699bb53f5c2d76b5f3a8d98be1bf36b242e3"], "path": "%ProgramFiles(x86)%\\Baofeng"}, {"hashes": ["7175ea1a0afcb6a2cb8dac3b7263a7aff00ebe8a9660eb482cdef57ae1aaaafd", "77975542fc965910d42d91a6f55c934127e41ba27336c5689c668d913100d575", "8cac31ffaec8f8037b3426e602554959fc49418f5c3ce8ac0c2a631848d40f1f", "99e2560e63cee813f91d2da8ea85e9ce5f2b265708bcc6d205b4f874cd8533d5", "a05bef563a2ad48d1bc04c63db5f67257058dec6091f97293a4ad8c7319f9031", "bfe3f1fbf21954717866408558f9699bb53f5c2d76b5f3a8d98be1bf36b242e3"], "path": "%ProgramFiles(x86)%\\Thunder"}, {"hashes": ["7175ea1a0afcb6a2cb8dac3b7263a7aff00ebe8a9660eb482cdef57ae1aaaafd", "77975542fc965910d42d91a6f55c934127e41ba27336c5689c668d913100d575", "8cac31ffaec8f8037b3426e602554959fc49418f5c3ce8ac0c2a631848d40f1f", "99e2560e63cee813f91d2da8ea85e9ce5f2b265708bcc6d205b4f874cd8533d5", "a05bef563a2ad48d1bc04c63db5f67257058dec6091f97293a4ad8c7319f9031", "bfe3f1fbf21954717866408558f9699bb53f5c2d76b5f3a8d98be1bf36b242e3"], "path": "%ProgramFiles(x86)%\\Thunder\\RingMet.exe"}, {"hashes": ["314aef8dcec3607b1fb20c0837e81df510c04e837c96590c564968030e3b0f14", "3e65e3e9ac187c93143bbf23f9a6be19aa7b110e25639fbea95effd3941c7be1", "83169da4fbd88a4bff7fafb5f6ca9be332fac5f7f5513729a3c92e11c6b5b1ed", "878ff3e9b12147e55dca4c8127b1bc66ef5c4910e3e57df7817a8ad0c02d7525", "8a42e4775338cffc0ddd990b1de70461f84368dbdefa55aa78e15f5920d55646", "da5bcde9af55cff7df417636d6fb92891c547c7c96c36f97c85546d0c74426f3"], "path": "%ProgramFiles(x86)%\\FlexNet\\sllyuncher.exe"}, {"hashes": ["314aef8dcec3607b1fb20c0837e81df510c04e837c96590c564968030e3b0f14", "3e65e3e9ac187c93143bbf23f9a6be19aa7b110e25639fbea95effd3941c7be1", "83169da4fbd88a4bff7fafb5f6ca9be332fac5f7f5513729a3c92e11c6b5b1ed", "878ff3e9b12147e55dca4c8127b1bc66ef5c4910e3e57df7817a8ad0c02d7525", "8a42e4775338cffc0ddd990b1de70461f84368dbdefa55aa78e15f5920d55646", "da5bcde9af55cff7df417636d6fb92891c547c7c96c36f97c85546d0c74426f3"], "path": "%ProgramFiles(x86)%\\Conexant"}, {"hashes": ["314aef8dcec3607b1fb20c0837e81df510c04e837c96590c564968030e3b0f14", "3e65e3e9ac187c93143bbf23f9a6be19aa7b110e25639fbea95effd3941c7be1", "83169da4fbd88a4bff7fafb5f6ca9be332fac5f7f5513729a3c92e11c6b5b1ed", "878ff3e9b12147e55dca4c8127b1bc66ef5c4910e3e57df7817a8ad0c02d7525", "8a42e4775338cffc0ddd990b1de70461f84368dbdefa55aa78e15f5920d55646", "da5bcde9af55cff7df417636d6fb92891c547c7c96c36f97c85546d0c74426f3"], "path": "%ProgramFiles(x86)%\\Conexant\\Pcee4.exe"}, {"hashes": ["314aef8dcec3607b1fb20c0837e81df510c04e837c96590c564968030e3b0f14", "3e65e3e9ac187c93143bbf23f9a6be19aa7b110e25639fbea95effd3941c7be1", "83169da4fbd88a4bff7fafb5f6ca9be332fac5f7f5513729a3c92e11c6b5b1ed", "878ff3e9b12147e55dca4c8127b1bc66ef5c4910e3e57df7817a8ad0c02d7525", "8a42e4775338cffc0ddd990b1de70461f84368dbdefa55aa78e15f5920d55646", "da5bcde9af55cff7df417636d6fb92891c547c7c96c36f97c85546d0c74426f3"], "path": "%ProgramFiles(x86)%\\FlexNet"}, {"hashes": ["314aef8dcec3607b1fb20c0837e81df510c04e837c96590c564968030e3b0f14", "3e65e3e9ac187c93143bbf23f9a6be19aa7b110e25639fbea95effd3941c7be1", "83169da4fbd88a4bff7fafb5f6ca9be332fac5f7f5513729a3c92e11c6b5b1ed", "878ff3e9b12147e55dca4c8127b1bc66ef5c4910e3e57df7817a8ad0c02d7525", "8a42e4775338cffc0ddd990b1de70461f84368dbdefa55aa78e15f5920d55646", "da5bcde9af55cff7df417636d6fb92891c547c7c96c36f97c85546d0c74426f3"], "path": "%ProgramFiles%\\Conexant\\Pcee4.exe"}, {"hashes": ["7175ea1a0afcb6a2cb8dac3b7263a7aff00ebe8a9660eb482cdef57ae1aaaafd", "77975542fc965910d42d91a6f55c934127e41ba27336c5689c668d913100d575", "8cac31ffaec8f8037b3426e602554959fc49418f5c3ce8ac0c2a631848d40f1f", "99e2560e63cee813f91d2da8ea85e9ce5f2b265708bcc6d205b4f874cd8533d5", "a05bef563a2ad48d1bc04c63db5f67257058dec6091f97293a4ad8c7319f9031", "bfe3f1fbf21954717866408558f9699bb53f5c2d76b5f3a8d98be1bf36b242e3"], "path": "%ProgramFiles%\\Thunder\\RingMet.exe"}, {"hashes": ["314aef8dcec3607b1fb20c0837e81df510c04e837c96590c564968030e3b0f14", "83169da4fbd88a4bff7fafb5f6ca9be332fac5f7f5513729a3c92e11c6b5b1ed", "878ff3e9b12147e55dca4c8127b1bc66ef5c4910e3e57df7817a8ad0c02d7525", "8a42e4775338cffc0ddd990b1de70461f84368dbdefa55aa78e15f5920d55646", "da5bcde9af55cff7df417636d6fb92891c547c7c96c36f97c85546d0c74426f3"], "path": "%ProgramFiles%\\FlexNet\\sllyuncher.exe"}, {"hashes": ["7175ea1a0afcb6a2cb8dac3b7263a7aff00ebe8a9660eb482cdef57ae1aaaafd", "77975542fc965910d42d91a6f55c934127e41ba27336c5689c668d913100d575", "99e2560e63cee813f91d2da8ea85e9ce5f2b265708bcc6d205b4f874cd8533d5", "a05bef563a2ad48d1bc04c63db5f67257058dec6091f97293a4ad8c7319f9031", "bfe3f1fbf21954717866408558f9699bb53f5c2d76b5f3a8d98be1bf36b242e3"], "path": "%ProgramFiles%\\Baofeng\\sllyuncher.exe"}], "ip": [{"hashes": ["314aef8dcec3607b1fb20c0837e81df510c04e837c96590c564968030e3b0f14", "3e65e3e9ac187c93143bbf23f9a6be19aa7b110e25639fbea95effd3941c7be1", "7175ea1a0afcb6a2cb8dac3b7263a7aff00ebe8a9660eb482cdef57ae1aaaafd", "77975542fc965910d42d91a6f55c934127e41ba27336c5689c668d913100d575", "83169da4fbd88a4bff7fafb5f6ca9be332fac5f7f5513729a3c92e11c6b5b1ed", "878ff3e9b12147e55dca4c8127b1bc66ef5c4910e3e57df7817a8ad0c02d7525", "8a42e4775338cffc0ddd990b1de70461f84368dbdefa55aa78e15f5920d55646", "8cac31ffaec8f8037b3426e602554959fc49418f5c3ce8ac0c2a631848d40f1f", "99e2560e63cee813f91d2da8ea85e9ce5f2b265708bcc6d205b4f874cd8533d5", "a05bef563a2ad48d1bc04c63db5f67257058dec6091f97293a4ad8c7319f9031", "bfe3f1fbf21954717866408558f9699bb53f5c2d76b5f3a8d98be1bf36b242e3", "da5bcde9af55cff7df417636d6fb92891c547c7c96c36f97c85546d0c74426f3"], "ip": "163[.]172[.]226[.]137"}], "mutex": [], "registry": [{"hashes": ["7175ea1a0afcb6a2cb8dac3b7263a7aff00ebe8a9660eb482cdef57ae1aaaafd", "77975542fc965910d42d91a6f55c934127e41ba27336c5689c668d913100d575", "8cac31ffaec8f8037b3426e602554959fc49418f5c3ce8ac0c2a631848d40f1f", "99e2560e63cee813f91d2da8ea85e9ce5f2b265708bcc6d205b4f874cd8533d5", "a05bef563a2ad48d1bc04c63db5f67257058dec6091f97293a4ad8c7319f9031", "bfe3f1fbf21954717866408558f9699bb53f5c2d76b5f3a8d98be1bf36b242e3"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\BAOFENG THUNDER", "value_name": "ConnectGroup"}, {"hashes": ["7175ea1a0afcb6a2cb8dac3b7263a7aff00ebe8a9660eb482cdef57ae1aaaafd", "77975542fc965910d42d91a6f55c934127e41ba27336c5689c668d913100d575", "8cac31ffaec8f8037b3426e602554959fc49418f5c3ce8ac0c2a631848d40f1f", "99e2560e63cee813f91d2da8ea85e9ce5f2b265708bcc6d205b4f874cd8533d5", "a05bef563a2ad48d1bc04c63db5f67257058dec6091f97293a4ad8c7319f9031", "bfe3f1fbf21954717866408558f9699bb53f5c2d76b5f3a8d98be1bf36b242e3"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\BAOFENG THUNDER", "value_name": "Type"}, {"hashes": ["7175ea1a0afcb6a2cb8dac3b7263a7aff00ebe8a9660eb482cdef57ae1aaaafd", "77975542fc965910d42d91a6f55c934127e41ba27336c5689c668d913100d575", "8cac31ffaec8f8037b3426e602554959fc49418f5c3ce8ac0c2a631848d40f1f", "99e2560e63cee813f91d2da8ea85e9ce5f2b265708bcc6d205b4f874cd8533d5", "a05bef563a2ad48d1bc04c63db5f67257058dec6091f97293a4ad8c7319f9031", "bfe3f1fbf21954717866408558f9699bb53f5c2d76b5f3a8d98be1bf36b242e3"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\BAOFENG THUNDER", "value_name": "Start"}, {"hashes": ["7175ea1a0afcb6a2cb8dac3b7263a7aff00ebe8a9660eb482cdef57ae1aaaafd", "77975542fc965910d42d91a6f55c934127e41ba27336c5689c668d913100d575", "8cac31ffaec8f8037b3426e602554959fc49418f5c3ce8ac0c2a631848d40f1f", "99e2560e63cee813f91d2da8ea85e9ce5f2b265708bcc6d205b4f874cd8533d5", "a05bef563a2ad48d1bc04c63db5f67257058dec6091f97293a4ad8c7319f9031", "bfe3f1fbf21954717866408558f9699bb53f5c2d76b5f3a8d98be1bf36b242e3"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\BAOFENG THUNDER", "value_name": "ErrorControl"}, {"hashes": ["7175ea1a0afcb6a2cb8dac3b7263a7aff00ebe8a9660eb482cdef57ae1aaaafd", "77975542fc965910d42d91a6f55c934127e41ba27336c5689c668d913100d575", "8cac31ffaec8f8037b3426e602554959fc49418f5c3ce8ac0c2a631848d40f1f", "99e2560e63cee813f91d2da8ea85e9ce5f2b265708bcc6d205b4f874cd8533d5", "a05bef563a2ad48d1bc04c63db5f67257058dec6091f97293a4ad8c7319f9031", "bfe3f1fbf21954717866408558f9699bb53f5c2d76b5f3a8d98be1bf36b242e3"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\BAOFENG THUNDER", "value_name": "ImagePath"}, {"hashes": ["7175ea1a0afcb6a2cb8dac3b7263a7aff00ebe8a9660eb482cdef57ae1aaaafd", "77975542fc965910d42d91a6f55c934127e41ba27336c5689c668d913100d575", "8cac31ffaec8f8037b3426e602554959fc49418f5c3ce8ac0c2a631848d40f1f", "99e2560e63cee813f91d2da8ea85e9ce5f2b265708bcc6d205b4f874cd8533d5", "a05bef563a2ad48d1bc04c63db5f67257058dec6091f97293a4ad8c7319f9031", "bfe3f1fbf21954717866408558f9699bb53f5c2d76b5f3a8d98be1bf36b242e3"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\BAOFENG THUNDER", "value_name": "DisplayName"}, {"hashes": ["7175ea1a0afcb6a2cb8dac3b7263a7aff00ebe8a9660eb482cdef57ae1aaaafd", "77975542fc965910d42d91a6f55c934127e41ba27336c5689c668d913100d575", "8cac31ffaec8f8037b3426e602554959fc49418f5c3ce8ac0c2a631848d40f1f", "99e2560e63cee813f91d2da8ea85e9ce5f2b265708bcc6d205b4f874cd8533d5", "a05bef563a2ad48d1bc04c63db5f67257058dec6091f97293a4ad8c7319f9031", "bfe3f1fbf21954717866408558f9699bb53f5c2d76b5f3a8d98be1bf36b242e3"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\BAOFENG THUNDER", "value_name": "WOW64"}, {"hashes": ["7175ea1a0afcb6a2cb8dac3b7263a7aff00ebe8a9660eb482cdef57ae1aaaafd", "77975542fc965910d42d91a6f55c934127e41ba27336c5689c668d913100d575", "8cac31ffaec8f8037b3426e602554959fc49418f5c3ce8ac0c2a631848d40f1f", "99e2560e63cee813f91d2da8ea85e9ce5f2b265708bcc6d205b4f874cd8533d5", "a05bef563a2ad48d1bc04c63db5f67257058dec6091f97293a4ad8c7319f9031", "bfe3f1fbf21954717866408558f9699bb53f5c2d76b5f3a8d98be1bf36b242e3"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\BAOFENG THUNDER", "value_name": "ObjectName"}, {"hashes": ["7175ea1a0afcb6a2cb8dac3b7263a7aff00ebe8a9660eb482cdef57ae1aaaafd", "77975542fc965910d42d91a6f55c934127e41ba27336c5689c668d913100d575", "8cac31ffaec8f8037b3426e602554959fc49418f5c3ce8ac0c2a631848d40f1f", "99e2560e63cee813f91d2da8ea85e9ce5f2b265708bcc6d205b4f874cd8533d5", "a05bef563a2ad48d1bc04c63db5f67257058dec6091f97293a4ad8c7319f9031", "bfe3f1fbf21954717866408558f9699bb53f5c2d76b5f3a8d98be1bf36b242e3"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\BAOFENG THUNDER", "value_name": "Description"}, {"hashes": ["7175ea1a0afcb6a2cb8dac3b7263a7aff00ebe8a9660eb482cdef57ae1aaaafd", "77975542fc965910d42d91a6f55c934127e41ba27336c5689c668d913100d575", "8cac31ffaec8f8037b3426e602554959fc49418f5c3ce8ac0c2a631848d40f1f", "99e2560e63cee813f91d2da8ea85e9ce5f2b265708bcc6d205b4f874cd8533d5", "a05bef563a2ad48d1bc04c63db5f67257058dec6091f97293a4ad8c7319f9031", "bfe3f1fbf21954717866408558f9699bb53f5c2d76b5f3a8d98be1bf36b242e3"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\BAOFENG THUNDER", "value_name": null}, {"hashes": ["314aef8dcec3607b1fb20c0837e81df510c04e837c96590c564968030e3b0f14", "3e65e3e9ac187c93143bbf23f9a6be19aa7b110e25639fbea95effd3941c7be1", "83169da4fbd88a4bff7fafb5f6ca9be332fac5f7f5513729a3c92e11c6b5b1ed", "878ff3e9b12147e55dca4c8127b1bc66ef5c4910e3e57df7817a8ad0c02d7525", "8a42e4775338cffc0ddd990b1de70461f84368dbdefa55aa78e15f5920d55646", "da5bcde9af55cff7df417636d6fb92891c547c7c96c36f97c85546d0c74426f3"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\PSOTENG THUNDER", "value_name": "ConnectGroup"}, {"hashes": ["314aef8dcec3607b1fb20c0837e81df510c04e837c96590c564968030e3b0f14", "3e65e3e9ac187c93143bbf23f9a6be19aa7b110e25639fbea95effd3941c7be1", "83169da4fbd88a4bff7fafb5f6ca9be332fac5f7f5513729a3c92e11c6b5b1ed", "878ff3e9b12147e55dca4c8127b1bc66ef5c4910e3e57df7817a8ad0c02d7525", "8a42e4775338cffc0ddd990b1de70461f84368dbdefa55aa78e15f5920d55646", "da5bcde9af55cff7df417636d6fb92891c547c7c96c36f97c85546d0c74426f3"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\PSOTENG THUNDER", "value_name": "Type"}, {"hashes": ["314aef8dcec3607b1fb20c0837e81df510c04e837c96590c564968030e3b0f14", "3e65e3e9ac187c93143bbf23f9a6be19aa7b110e25639fbea95effd3941c7be1", "83169da4fbd88a4bff7fafb5f6ca9be332fac5f7f5513729a3c92e11c6b5b1ed", "878ff3e9b12147e55dca4c8127b1bc66ef5c4910e3e57df7817a8ad0c02d7525", "8a42e4775338cffc0ddd990b1de70461f84368dbdefa55aa78e15f5920d55646", "da5bcde9af55cff7df417636d6fb92891c547c7c96c36f97c85546d0c74426f3"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\PSOTENG THUNDER", "value_name": "Start"}, {"hashes": ["314aef8dcec3607b1fb20c0837e81df510c04e837c96590c564968030e3b0f14", "3e65e3e9ac187c93143bbf23f9a6be19aa7b110e25639fbea95effd3941c7be1", "83169da4fbd88a4bff7fafb5f6ca9be332fac5f7f5513729a3c92e11c6b5b1ed", "878ff3e9b12147e55dca4c8127b1bc66ef5c4910e3e57df7817a8ad0c02d7525", "8a42e4775338cffc0ddd990b1de70461f84368dbdefa55aa78e15f5920d55646", "da5bcde9af55cff7df417636d6fb92891c547c7c96c36f97c85546d0c74426f3"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\PSOTENG THUNDER", "value_name": "ErrorControl"}, {"hashes": ["314aef8dcec3607b1fb20c0837e81df510c04e837c96590c564968030e3b0f14", "3e65e3e9ac187c93143bbf23f9a6be19aa7b110e25639fbea95effd3941c7be1", "83169da4fbd88a4bff7fafb5f6ca9be332fac5f7f5513729a3c92e11c6b5b1ed", "878ff3e9b12147e55dca4c8127b1bc66ef5c4910e3e57df7817a8ad0c02d7525", "8a42e4775338cffc0ddd990b1de70461f84368dbdefa55aa78e15f5920d55646", "da5bcde9af55cff7df417636d6fb92891c547c7c96c36f97c85546d0c74426f3"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\PSOTENG THUNDER", "value_name": "ImagePath"}, {"hashes": ["314aef8dcec3607b1fb20c0837e81df510c04e837c96590c564968030e3b0f14", "3e65e3e9ac187c93143bbf23f9a6be19aa7b110e25639fbea95effd3941c7be1", "83169da4fbd88a4bff7fafb5f6ca9be332fac5f7f5513729a3c92e11c6b5b1ed", "878ff3e9b12147e55dca4c8127b1bc66ef5c4910e3e57df7817a8ad0c02d7525", "8a42e4775338cffc0ddd990b1de70461f84368dbdefa55aa78e15f5920d55646", "da5bcde9af55cff7df417636d6fb92891c547c7c96c36f97c85546d0c74426f3"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\PSOTENG THUNDER", "value_name": "DisplayName"}, {"hashes": ["314aef8dcec3607b1fb20c0837e81df510c04e837c96590c564968030e3b0f14", "3e65e3e9ac187c93143bbf23f9a6be19aa7b110e25639fbea95effd3941c7be1", "83169da4fbd88a4bff7fafb5f6ca9be332fac5f7f5513729a3c92e11c6b5b1ed", "878ff3e9b12147e55dca4c8127b1bc66ef5c4910e3e57df7817a8ad0c02d7525", "8a42e4775338cffc0ddd990b1de70461f84368dbdefa55aa78e15f5920d55646", "da5bcde9af55cff7df417636d6fb92891c547c7c96c36f97c85546d0c74426f3"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\PSOTENG THUNDER", "value_name": "WOW64"}, {"hashes": ["314aef8dcec3607b1fb20c0837e81df510c04e837c96590c564968030e3b0f14", "3e65e3e9ac187c93143bbf23f9a6be19aa7b110e25639fbea95effd3941c7be1", "83169da4fbd88a4bff7fafb5f6ca9be332fac5f7f5513729a3c92e11c6b5b1ed", "878ff3e9b12147e55dca4c8127b1bc66ef5c4910e3e57df7817a8ad0c02d7525", "8a42e4775338cffc0ddd990b1de70461f84368dbdefa55aa78e15f5920d55646", "da5bcde9af55cff7df417636d6fb92891c547c7c96c36f97c85546d0c74426f3"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\PSOTENG THUNDER", "value_name": "ObjectName"}, {"hashes": ["314aef8dcec3607b1fb20c0837e81df510c04e837c96590c564968030e3b0f14", "3e65e3e9ac187c93143bbf23f9a6be19aa7b110e25639fbea95effd3941c7be1", "83169da4fbd88a4bff7fafb5f6ca9be332fac5f7f5513729a3c92e11c6b5b1ed", "878ff3e9b12147e55dca4c8127b1bc66ef5c4910e3e57df7817a8ad0c02d7525", "8a42e4775338cffc0ddd990b1de70461f84368dbdefa55aa78e15f5920d55646", "da5bcde9af55cff7df417636d6fb92891c547c7c96c36f97c85546d0c74426f3"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\PSOTENG THUNDER", "value_name": "Description"}, {"hashes": ["314aef8dcec3607b1fb20c0837e81df510c04e837c96590c564968030e3b0f14", "3e65e3e9ac187c93143bbf23f9a6be19aa7b110e25639fbea95effd3941c7be1", "83169da4fbd88a4bff7fafb5f6ca9be332fac5f7f5513729a3c92e11c6b5b1ed", "878ff3e9b12147e55dca4c8127b1bc66ef5c4910e3e57df7817a8ad0c02d7525", "8a42e4775338cffc0ddd990b1de70461f84368dbdefa55aa78e15f5920d55646", "da5bcde9af55cff7df417636d6fb92891c547c7c96c36f97c85546d0c74426f3"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\PSOTENG THUNDER", "value_name": null}, {"hashes": ["7175ea1a0afcb6a2cb8dac3b7263a7aff00ebe8a9660eb482cdef57ae1aaaafd", "77975542fc965910d42d91a6f55c934127e41ba27336c5689c668d913100d575", "8cac31ffaec8f8037b3426e602554959fc49418f5c3ce8ac0c2a631848d40f1f", "99e2560e63cee813f91d2da8ea85e9ce5f2b265708bcc6d205b4f874cd8533d5", "a05bef563a2ad48d1bc04c63db5f67257058dec6091f97293a4ad8c7319f9031", "bfe3f1fbf21954717866408558f9699bb53f5c2d76b5f3a8d98be1bf36b242e3"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\BAOFENG THUNDER", "value_name": "DeleteFiles"}, {"hashes": ["314aef8dcec3607b1fb20c0837e81df510c04e837c96590c564968030e3b0f14", "3e65e3e9ac187c93143bbf23f9a6be19aa7b110e25639fbea95effd3941c7be1", "83169da4fbd88a4bff7fafb5f6ca9be332fac5f7f5513729a3c92e11c6b5b1ed", "878ff3e9b12147e55dca4c8127b1bc66ef5c4910e3e57df7817a8ad0c02d7525", "8a42e4775338cffc0ddd990b1de70461f84368dbdefa55aa78e15f5920d55646", "da5bcde9af55cff7df417636d6fb92891c547c7c96c36f97c85546d0c74426f3"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\PSOTENG THUNDER", "value_name": "DeleteFiles"}]}, "reports_count": 12}, "Win.Trojan.Gh0stRAT-9831483-1": {"bis": [{"bi": "memory-execute-readwrite", "hashes": ["1780f7805fce98f8d326008ca94ccf93049b6f9d38305f842a465644de99a445", "a8be394202373fd25c484b2a558e657f663117f873859a4300be438c54f47d3f", "0c147c1ff5a01b15840076dd456989c4f24fad3ad48fdf52a81e84eb3b8f972e", "3627de08d6cf5a29d4f0febaefc14a3b3e8dc0a16a635682f72b7f55a37cd11e", "b8fe734b2078280277c3acf004b95be1715bbc137dba7c7f4329cfcbbe971c80", "703fe91a77ae3033cc932b978cb86e2416e1599d2917a98ab2abe5ca97faf707", "4d0ef13738d4954bb8cd20836ad10b363850c246d3b5221718c7bd6f8e2bef5a", "79920e494fc6048ed48f138a143374a86ef87d80ece9d6e5f840cd23ee72a308", "f9e11ac6a4b1a878d2dd11785773cbb2802d1ee256e5681fcd0b0f4785669881", "920abea5f82e16b1551a4c7f6d2838c1e32a0e5e135e8589df9c1788ad7241cb", "c3be0d7b79b9038c3e2ebbab79f6747240738414cc3199abed8e08b50121bbc7", "eb5ee1046215b0977f97b672bc534a144927ec1a78722716923ba973a580b03a", "c2defb4f50d32ea013817de59d898a37b36907ef1feb49e8f55730c7f8769c9d", "71c28258867d9c230edaa0e902bf8234a2eb807c474441c36787f1b57075ea46", "61c8f070b87f962fe7f5f0e644cabc67cb8dffca0fca151269f59c372c7241af", "93c69d00eed5eae42dfbbbd2921e515f8b53ada99ab8475e87b6c829b8a04fcc", "5225a64aa334322d25583810a1058e04cf42c9cd838f8dbd6a329c726dc93bd4", "99d613e644d5fe25479cbaafb9c6ee8069d9d9dea7accc3b0e52ef0e2d9779b6", "c66753583caac285cddc4b95f0c6de10f26e247701f4337d964f12cf33141ab4", "5d83a79e065fee6bb4b846058211af7cac79340bb6dcb4fb34e905a1e1e20f03", "53fa3e285e76677f4437753fec063a1de809f969fa24fcf487530b088f2a04e3", "a16dd5a5637af8156a47149f9369d3cc460e8c3cb8efb12d1f59a845cd4deefa", "4e2bb868bff36fb3d9d0ceffe12c3fdcc362f9257748ddeada03b99f34ed1168"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055", "T1181"]}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["1780f7805fce98f8d326008ca94ccf93049b6f9d38305f842a465644de99a445", "a8be394202373fd25c484b2a558e657f663117f873859a4300be438c54f47d3f", "0c147c1ff5a01b15840076dd456989c4f24fad3ad48fdf52a81e84eb3b8f972e", "3627de08d6cf5a29d4f0febaefc14a3b3e8dc0a16a635682f72b7f55a37cd11e", "b8fe734b2078280277c3acf004b95be1715bbc137dba7c7f4329cfcbbe971c80", "703fe91a77ae3033cc932b978cb86e2416e1599d2917a98ab2abe5ca97faf707", "4d0ef13738d4954bb8cd20836ad10b363850c246d3b5221718c7bd6f8e2bef5a", "79920e494fc6048ed48f138a143374a86ef87d80ece9d6e5f840cd23ee72a308", "f9e11ac6a4b1a878d2dd11785773cbb2802d1ee256e5681fcd0b0f4785669881", "920abea5f82e16b1551a4c7f6d2838c1e32a0e5e135e8589df9c1788ad7241cb", "c3be0d7b79b9038c3e2ebbab79f6747240738414cc3199abed8e08b50121bbc7", "eb5ee1046215b0977f97b672bc534a144927ec1a78722716923ba973a580b03a", "c2defb4f50d32ea013817de59d898a37b36907ef1feb49e8f55730c7f8769c9d", "71c28258867d9c230edaa0e902bf8234a2eb807c474441c36787f1b57075ea46", "61c8f070b87f962fe7f5f0e644cabc67cb8dffca0fca151269f59c372c7241af", "93c69d00eed5eae42dfbbbd2921e515f8b53ada99ab8475e87b6c829b8a04fcc", "5225a64aa334322d25583810a1058e04cf42c9cd838f8dbd6a329c726dc93bd4", "99d613e644d5fe25479cbaafb9c6ee8069d9d9dea7accc3b0e52ef0e2d9779b6", "c66753583caac285cddc4b95f0c6de10f26e247701f4337d964f12cf33141ab4", "5d83a79e065fee6bb4b846058211af7cac79340bb6dcb4fb34e905a1e1e20f03", "53fa3e285e76677f4437753fec063a1de809f969fa24fcf487530b088f2a04e3", "a16dd5a5637af8156a47149f9369d3cc460e8c3cb8efb12d1f59a845cd4deefa", "4e2bb868bff36fb3d9d0ceffe12c3fdcc362f9257748ddeada03b99f34ed1168"], "mitre_attack_tags": []}, {"bi": "cta-static-analyzer-malicious", "hashes": ["1780f7805fce98f8d326008ca94ccf93049b6f9d38305f842a465644de99a445", "a8be394202373fd25c484b2a558e657f663117f873859a4300be438c54f47d3f", "0c147c1ff5a01b15840076dd456989c4f24fad3ad48fdf52a81e84eb3b8f972e", "3627de08d6cf5a29d4f0febaefc14a3b3e8dc0a16a635682f72b7f55a37cd11e", "b8fe734b2078280277c3acf004b95be1715bbc137dba7c7f4329cfcbbe971c80", "703fe91a77ae3033cc932b978cb86e2416e1599d2917a98ab2abe5ca97faf707", "4d0ef13738d4954bb8cd20836ad10b363850c246d3b5221718c7bd6f8e2bef5a", "79920e494fc6048ed48f138a143374a86ef87d80ece9d6e5f840cd23ee72a308", "f9e11ac6a4b1a878d2dd11785773cbb2802d1ee256e5681fcd0b0f4785669881", "920abea5f82e16b1551a4c7f6d2838c1e32a0e5e135e8589df9c1788ad7241cb", "c3be0d7b79b9038c3e2ebbab79f6747240738414cc3199abed8e08b50121bbc7", "eb5ee1046215b0977f97b672bc534a144927ec1a78722716923ba973a580b03a", "c2defb4f50d32ea013817de59d898a37b36907ef1feb49e8f55730c7f8769c9d", "71c28258867d9c230edaa0e902bf8234a2eb807c474441c36787f1b57075ea46", "61c8f070b87f962fe7f5f0e644cabc67cb8dffca0fca151269f59c372c7241af", "93c69d00eed5eae42dfbbbd2921e515f8b53ada99ab8475e87b6c829b8a04fcc", "5225a64aa334322d25583810a1058e04cf42c9cd838f8dbd6a329c726dc93bd4", "99d613e644d5fe25479cbaafb9c6ee8069d9d9dea7accc3b0e52ef0e2d9779b6", "c66753583caac285cddc4b95f0c6de10f26e247701f4337d964f12cf33141ab4", "5d83a79e065fee6bb4b846058211af7cac79340bb6dcb4fb34e905a1e1e20f03", "53fa3e285e76677f4437753fec063a1de809f969fa24fcf487530b088f2a04e3", "a16dd5a5637af8156a47149f9369d3cc460e8c3cb8efb12d1f59a845cd4deefa", "4e2bb868bff36fb3d9d0ceffe12c3fdcc362f9257748ddeada03b99f34ed1168"], "mitre_attack_tags": []}, {"bi": "pe-uses-armadillo", "hashes": ["1780f7805fce98f8d326008ca94ccf93049b6f9d38305f842a465644de99a445", "a8be394202373fd25c484b2a558e657f663117f873859a4300be438c54f47d3f", "0c147c1ff5a01b15840076dd456989c4f24fad3ad48fdf52a81e84eb3b8f972e", "3627de08d6cf5a29d4f0febaefc14a3b3e8dc0a16a635682f72b7f55a37cd11e", "b8fe734b2078280277c3acf004b95be1715bbc137dba7c7f4329cfcbbe971c80", "703fe91a77ae3033cc932b978cb86e2416e1599d2917a98ab2abe5ca97faf707", "4d0ef13738d4954bb8cd20836ad10b363850c246d3b5221718c7bd6f8e2bef5a", "79920e494fc6048ed48f138a143374a86ef87d80ece9d6e5f840cd23ee72a308", "f9e11ac6a4b1a878d2dd11785773cbb2802d1ee256e5681fcd0b0f4785669881", "920abea5f82e16b1551a4c7f6d2838c1e32a0e5e135e8589df9c1788ad7241cb", "c3be0d7b79b9038c3e2ebbab79f6747240738414cc3199abed8e08b50121bbc7", "eb5ee1046215b0977f97b672bc534a144927ec1a78722716923ba973a580b03a", "c2defb4f50d32ea013817de59d898a37b36907ef1feb49e8f55730c7f8769c9d", "71c28258867d9c230edaa0e902bf8234a2eb807c474441c36787f1b57075ea46", "61c8f070b87f962fe7f5f0e644cabc67cb8dffca0fca151269f59c372c7241af", "93c69d00eed5eae42dfbbbd2921e515f8b53ada99ab8475e87b6c829b8a04fcc", "5225a64aa334322d25583810a1058e04cf42c9cd838f8dbd6a329c726dc93bd4", "99d613e644d5fe25479cbaafb9c6ee8069d9d9dea7accc3b0e52ef0e2d9779b6", "c66753583caac285cddc4b95f0c6de10f26e247701f4337d964f12cf33141ab4", "5d83a79e065fee6bb4b846058211af7cac79340bb6dcb4fb34e905a1e1e20f03", "53fa3e285e76677f4437753fec063a1de809f969fa24fcf487530b088f2a04e3", "a16dd5a5637af8156a47149f9369d3cc460e8c3cb8efb12d1f59a845cd4deefa", "4e2bb868bff36fb3d9d0ceffe12c3fdcc362f9257748ddeada03b99f34ed1168"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "antivirus-flagged-artifact", "hashes": ["1780f7805fce98f8d326008ca94ccf93049b6f9d38305f842a465644de99a445", "a8be394202373fd25c484b2a558e657f663117f873859a4300be438c54f47d3f", "0c147c1ff5a01b15840076dd456989c4f24fad3ad48fdf52a81e84eb3b8f972e", "3627de08d6cf5a29d4f0febaefc14a3b3e8dc0a16a635682f72b7f55a37cd11e", "b8fe734b2078280277c3acf004b95be1715bbc137dba7c7f4329cfcbbe971c80", "703fe91a77ae3033cc932b978cb86e2416e1599d2917a98ab2abe5ca97faf707", "4d0ef13738d4954bb8cd20836ad10b363850c246d3b5221718c7bd6f8e2bef5a", "79920e494fc6048ed48f138a143374a86ef87d80ece9d6e5f840cd23ee72a308", "f9e11ac6a4b1a878d2dd11785773cbb2802d1ee256e5681fcd0b0f4785669881", "920abea5f82e16b1551a4c7f6d2838c1e32a0e5e135e8589df9c1788ad7241cb", "c3be0d7b79b9038c3e2ebbab79f6747240738414cc3199abed8e08b50121bbc7", "c2defb4f50d32ea013817de59d898a37b36907ef1feb49e8f55730c7f8769c9d", "71c28258867d9c230edaa0e902bf8234a2eb807c474441c36787f1b57075ea46", "61c8f070b87f962fe7f5f0e644cabc67cb8dffca0fca151269f59c372c7241af", "93c69d00eed5eae42dfbbbd2921e515f8b53ada99ab8475e87b6c829b8a04fcc", "5225a64aa334322d25583810a1058e04cf42c9cd838f8dbd6a329c726dc93bd4", "99d613e644d5fe25479cbaafb9c6ee8069d9d9dea7accc3b0e52ef0e2d9779b6", "c66753583caac285cddc4b95f0c6de10f26e247701f4337d964f12cf33141ab4", "5d83a79e065fee6bb4b846058211af7cac79340bb6dcb4fb34e905a1e1e20f03", "53fa3e285e76677f4437753fec063a1de809f969fa24fcf487530b088f2a04e3", "a16dd5a5637af8156a47149f9369d3cc460e8c3cb8efb12d1f59a845cd4deefa", "4e2bb868bff36fb3d9d0ceffe12c3fdcc362f9257748ddeada03b99f34ed1168"], "mitre_attack_tags": []}, {"bi": "malware-known-trojan-av", "hashes": ["1780f7805fce98f8d326008ca94ccf93049b6f9d38305f842a465644de99a445", "a8be394202373fd25c484b2a558e657f663117f873859a4300be438c54f47d3f", "0c147c1ff5a01b15840076dd456989c4f24fad3ad48fdf52a81e84eb3b8f972e", "3627de08d6cf5a29d4f0febaefc14a3b3e8dc0a16a635682f72b7f55a37cd11e", "b8fe734b2078280277c3acf004b95be1715bbc137dba7c7f4329cfcbbe971c80", "703fe91a77ae3033cc932b978cb86e2416e1599d2917a98ab2abe5ca97faf707", "4d0ef13738d4954bb8cd20836ad10b363850c246d3b5221718c7bd6f8e2bef5a", "79920e494fc6048ed48f138a143374a86ef87d80ece9d6e5f840cd23ee72a308", "f9e11ac6a4b1a878d2dd11785773cbb2802d1ee256e5681fcd0b0f4785669881", "920abea5f82e16b1551a4c7f6d2838c1e32a0e5e135e8589df9c1788ad7241cb", "c3be0d7b79b9038c3e2ebbab79f6747240738414cc3199abed8e08b50121bbc7", "c2defb4f50d32ea013817de59d898a37b36907ef1feb49e8f55730c7f8769c9d", "71c28258867d9c230edaa0e902bf8234a2eb807c474441c36787f1b57075ea46", "61c8f070b87f962fe7f5f0e644cabc67cb8dffca0fca151269f59c372c7241af", "93c69d00eed5eae42dfbbbd2921e515f8b53ada99ab8475e87b6c829b8a04fcc", "5225a64aa334322d25583810a1058e04cf42c9cd838f8dbd6a329c726dc93bd4", "99d613e644d5fe25479cbaafb9c6ee8069d9d9dea7accc3b0e52ef0e2d9779b6", "c66753583caac285cddc4b95f0c6de10f26e247701f4337d964f12cf33141ab4", "5d83a79e065fee6bb4b846058211af7cac79340bb6dcb4fb34e905a1e1e20f03", "53fa3e285e76677f4437753fec063a1de809f969fa24fcf487530b088f2a04e3", "a16dd5a5637af8156a47149f9369d3cc460e8c3cb8efb12d1f59a845cd4deefa", "4e2bb868bff36fb3d9d0ceffe12c3fdcc362f9257748ddeada03b99f34ed1168"], "mitre_attack_tags": []}, {"bi": "registry-autorun-key-modified", "hashes": ["1780f7805fce98f8d326008ca94ccf93049b6f9d38305f842a465644de99a445", "a8be394202373fd25c484b2a558e657f663117f873859a4300be438c54f47d3f", "0c147c1ff5a01b15840076dd456989c4f24fad3ad48fdf52a81e84eb3b8f972e", "3627de08d6cf5a29d4f0febaefc14a3b3e8dc0a16a635682f72b7f55a37cd11e", "b8fe734b2078280277c3acf004b95be1715bbc137dba7c7f4329cfcbbe971c80", "703fe91a77ae3033cc932b978cb86e2416e1599d2917a98ab2abe5ca97faf707", "4d0ef13738d4954bb8cd20836ad10b363850c246d3b5221718c7bd6f8e2bef5a", "79920e494fc6048ed48f138a143374a86ef87d80ece9d6e5f840cd23ee72a308", "f9e11ac6a4b1a878d2dd11785773cbb2802d1ee256e5681fcd0b0f4785669881", "920abea5f82e16b1551a4c7f6d2838c1e32a0e5e135e8589df9c1788ad7241cb", "c3be0d7b79b9038c3e2ebbab79f6747240738414cc3199abed8e08b50121bbc7", "c2defb4f50d32ea013817de59d898a37b36907ef1feb49e8f55730c7f8769c9d", "71c28258867d9c230edaa0e902bf8234a2eb807c474441c36787f1b57075ea46", "61c8f070b87f962fe7f5f0e644cabc67cb8dffca0fca151269f59c372c7241af", "93c69d00eed5eae42dfbbbd2921e515f8b53ada99ab8475e87b6c829b8a04fcc", "5225a64aa334322d25583810a1058e04cf42c9cd838f8dbd6a329c726dc93bd4", "5d83a79e065fee6bb4b846058211af7cac79340bb6dcb4fb34e905a1e1e20f03", "53fa3e285e76677f4437753fec063a1de809f969fa24fcf487530b088f2a04e3", "a16dd5a5637af8156a47149f9369d3cc460e8c3cb8efb12d1f59a845cd4deefa", "4e2bb868bff36fb3d9d0ceffe12c3fdcc362f9257748ddeada03b99f34ed1168"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "registry-autorun-key-points-to-temp", "hashes": ["1780f7805fce98f8d326008ca94ccf93049b6f9d38305f842a465644de99a445", "a8be394202373fd25c484b2a558e657f663117f873859a4300be438c54f47d3f", "0c147c1ff5a01b15840076dd456989c4f24fad3ad48fdf52a81e84eb3b8f972e", "3627de08d6cf5a29d4f0febaefc14a3b3e8dc0a16a635682f72b7f55a37cd11e", "b8fe734b2078280277c3acf004b95be1715bbc137dba7c7f4329cfcbbe971c80", "703fe91a77ae3033cc932b978cb86e2416e1599d2917a98ab2abe5ca97faf707", "4d0ef13738d4954bb8cd20836ad10b363850c246d3b5221718c7bd6f8e2bef5a", "79920e494fc6048ed48f138a143374a86ef87d80ece9d6e5f840cd23ee72a308", "f9e11ac6a4b1a878d2dd11785773cbb2802d1ee256e5681fcd0b0f4785669881", "920abea5f82e16b1551a4c7f6d2838c1e32a0e5e135e8589df9c1788ad7241cb", "c3be0d7b79b9038c3e2ebbab79f6747240738414cc3199abed8e08b50121bbc7", "c2defb4f50d32ea013817de59d898a37b36907ef1feb49e8f55730c7f8769c9d", "71c28258867d9c230edaa0e902bf8234a2eb807c474441c36787f1b57075ea46", "61c8f070b87f962fe7f5f0e644cabc67cb8dffca0fca151269f59c372c7241af", "93c69d00eed5eae42dfbbbd2921e515f8b53ada99ab8475e87b6c829b8a04fcc", "5225a64aa334322d25583810a1058e04cf42c9cd838f8dbd6a329c726dc93bd4", "5d83a79e065fee6bb4b846058211af7cac79340bb6dcb4fb34e905a1e1e20f03", "53fa3e285e76677f4437753fec063a1de809f969fa24fcf487530b088f2a04e3", "a16dd5a5637af8156a47149f9369d3cc460e8c3cb8efb12d1f59a845cd4deefa", "4e2bb868bff36fb3d9d0ceffe12c3fdcc362f9257748ddeada03b99f34ed1168"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "malware-gh0st-rat-mutex-detected", "hashes": ["a8be394202373fd25c484b2a558e657f663117f873859a4300be438c54f47d3f", "0c147c1ff5a01b15840076dd456989c4f24fad3ad48fdf52a81e84eb3b8f972e", "3627de08d6cf5a29d4f0febaefc14a3b3e8dc0a16a635682f72b7f55a37cd11e", "b8fe734b2078280277c3acf004b95be1715bbc137dba7c7f4329cfcbbe971c80", "703fe91a77ae3033cc932b978cb86e2416e1599d2917a98ab2abe5ca97faf707", "79920e494fc6048ed48f138a143374a86ef87d80ece9d6e5f840cd23ee72a308", "920abea5f82e16b1551a4c7f6d2838c1e32a0e5e135e8589df9c1788ad7241cb", "c3be0d7b79b9038c3e2ebbab79f6747240738414cc3199abed8e08b50121bbc7", "c2defb4f50d32ea013817de59d898a37b36907ef1feb49e8f55730c7f8769c9d", "5d83a79e065fee6bb4b846058211af7cac79340bb6dcb4fb34e905a1e1e20f03", "53fa3e285e76677f4437753fec063a1de809f969fa24fcf487530b088f2a04e3", "4e2bb868bff36fb3d9d0ceffe12c3fdcc362f9257748ddeada03b99f34ed1168"], "mitre_attack_tags": []}, {"bi": "artifact-flagged-anomaly", "hashes": ["1780f7805fce98f8d326008ca94ccf93049b6f9d38305f842a465644de99a445", "f9e11ac6a4b1a878d2dd11785773cbb2802d1ee256e5681fcd0b0f4785669881", "71c28258867d9c230edaa0e902bf8234a2eb807c474441c36787f1b57075ea46", "61c8f070b87f962fe7f5f0e644cabc67cb8dffca0fca151269f59c372c7241af", "93c69d00eed5eae42dfbbbd2921e515f8b53ada99ab8475e87b6c829b8a04fcc", "5225a64aa334322d25583810a1058e04cf42c9cd838f8dbd6a329c726dc93bd4", "99d613e644d5fe25479cbaafb9c6ee8069d9d9dea7accc3b0e52ef0e2d9779b6", "c66753583caac285cddc4b95f0c6de10f26e247701f4337d964f12cf33141ab4", "a16dd5a5637af8156a47149f9369d3cc460e8c3cb8efb12d1f59a845cd4deefa"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "network-communications-http-get", "hashes": ["1780f7805fce98f8d326008ca94ccf93049b6f9d38305f842a465644de99a445", "f9e11ac6a4b1a878d2dd11785773cbb2802d1ee256e5681fcd0b0f4785669881", "71c28258867d9c230edaa0e902bf8234a2eb807c474441c36787f1b57075ea46", "61c8f070b87f962fe7f5f0e644cabc67cb8dffca0fca151269f59c372c7241af", "93c69d00eed5eae42dfbbbd2921e515f8b53ada99ab8475e87b6c829b8a04fcc", "5225a64aa334322d25583810a1058e04cf42c9cd838f8dbd6a329c726dc93bd4", "99d613e644d5fe25479cbaafb9c6ee8069d9d9dea7accc3b0e52ef0e2d9779b6", "c66753583caac285cddc4b95f0c6de10f26e247701f4337d964f12cf33141ab4", "a16dd5a5637af8156a47149f9369d3cc460e8c3cb8efb12d1f59a845cd4deefa"], "mitre_attack_tags": ["TA0011", "T1105"]}, {"bi": "network-only-safe-domains-contacted", "hashes": ["1780f7805fce98f8d326008ca94ccf93049b6f9d38305f842a465644de99a445", "f9e11ac6a4b1a878d2dd11785773cbb2802d1ee256e5681fcd0b0f4785669881", "71c28258867d9c230edaa0e902bf8234a2eb807c474441c36787f1b57075ea46", "61c8f070b87f962fe7f5f0e644cabc67cb8dffca0fca151269f59c372c7241af", "93c69d00eed5eae42dfbbbd2921e515f8b53ada99ab8475e87b6c829b8a04fcc", "5225a64aa334322d25583810a1058e04cf42c9cd838f8dbd6a329c726dc93bd4", "99d613e644d5fe25479cbaafb9c6ee8069d9d9dea7accc3b0e52ef0e2d9779b6", "c66753583caac285cddc4b95f0c6de10f26e247701f4337d964f12cf33141ab4", "a16dd5a5637af8156a47149f9369d3cc460e8c3cb8efb12d1f59a845cd4deefa"], "mitre_attack_tags": []}, {"bi": "network-http-blank-user-agent", "hashes": ["1780f7805fce98f8d326008ca94ccf93049b6f9d38305f842a465644de99a445", "f9e11ac6a4b1a878d2dd11785773cbb2802d1ee256e5681fcd0b0f4785669881", "71c28258867d9c230edaa0e902bf8234a2eb807c474441c36787f1b57075ea46", "61c8f070b87f962fe7f5f0e644cabc67cb8dffca0fca151269f59c372c7241af", "93c69d00eed5eae42dfbbbd2921e515f8b53ada99ab8475e87b6c829b8a04fcc", "5225a64aa334322d25583810a1058e04cf42c9cd838f8dbd6a329c726dc93bd4", "99d613e644d5fe25479cbaafb9c6ee8069d9d9dea7accc3b0e52ef0e2d9779b6", "c66753583caac285cddc4b95f0c6de10f26e247701f4337d964f12cf33141ab4", "a16dd5a5637af8156a47149f9369d3cc460e8c3cb8efb12d1f59a845cd4deefa"], "mitre_attack_tags": ["TA0011", "T1071"]}, {"bi": "artifact-multiple-extensions", "hashes": ["1780f7805fce98f8d326008ca94ccf93049b6f9d38305f842a465644de99a445", "f9e11ac6a4b1a878d2dd11785773cbb2802d1ee256e5681fcd0b0f4785669881", "71c28258867d9c230edaa0e902bf8234a2eb807c474441c36787f1b57075ea46", "61c8f070b87f962fe7f5f0e644cabc67cb8dffca0fca151269f59c372c7241af", "93c69d00eed5eae42dfbbbd2921e515f8b53ada99ab8475e87b6c829b8a04fcc", "5225a64aa334322d25583810a1058e04cf42c9cd838f8dbd6a329c726dc93bd4", "99d613e644d5fe25479cbaafb9c6ee8069d9d9dea7accc3b0e52ef0e2d9779b6", "c66753583caac285cddc4b95f0c6de10f26e247701f4337d964f12cf33141ab4", "a16dd5a5637af8156a47149f9369d3cc460e8c3cb8efb12d1f59a845cd4deefa"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "excessive-tcp-connections", "hashes": ["0c147c1ff5a01b15840076dd456989c4f24fad3ad48fdf52a81e84eb3b8f972e"], "mitre_attack_tags": ["TA0011", "T1095", "T1008"]}, {"bi": "netbios-query", "hashes": ["4d0ef13738d4954bb8cd20836ad10b363850c246d3b5221718c7bd6f8e2bef5a"], "mitre_attack_tags": []}], "category": "Trojan", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": true, "Threat Grid": true, "Umbrella": false, "WSA": false}, "description": "Gh0stRAT is a well-known family of remote access trojans designed to provide an attacker with complete control over an infected system. Capabilities include monitoring keystrokes, collecting video footage from the webcam, and uploading/executing follow-on malware. The source code for Gh0stRAT has been publicly available on the internet for years, significantly lowering the barrier for actors to modify and reuse the code in new attacks.", "hashes": ["0c147c1ff5a01b15840076dd456989c4f24fad3ad48fdf52a81e84eb3b8f972e", "1780f7805fce98f8d326008ca94ccf93049b6f9d38305f842a465644de99a445", "3627de08d6cf5a29d4f0febaefc14a3b3e8dc0a16a635682f72b7f55a37cd11e", "4d0ef13738d4954bb8cd20836ad10b363850c246d3b5221718c7bd6f8e2bef5a", "4e2bb868bff36fb3d9d0ceffe12c3fdcc362f9257748ddeada03b99f34ed1168", "5225a64aa334322d25583810a1058e04cf42c9cd838f8dbd6a329c726dc93bd4", "53fa3e285e76677f4437753fec063a1de809f969fa24fcf487530b088f2a04e3", "5d83a79e065fee6bb4b846058211af7cac79340bb6dcb4fb34e905a1e1e20f03", "61c8f070b87f962fe7f5f0e644cabc67cb8dffca0fca151269f59c372c7241af", "703fe91a77ae3033cc932b978cb86e2416e1599d2917a98ab2abe5ca97faf707", "71c28258867d9c230edaa0e902bf8234a2eb807c474441c36787f1b57075ea46", "79920e494fc6048ed48f138a143374a86ef87d80ece9d6e5f840cd23ee72a308", "920abea5f82e16b1551a4c7f6d2838c1e32a0e5e135e8589df9c1788ad7241cb", "93c69d00eed5eae42dfbbbd2921e515f8b53ada99ab8475e87b6c829b8a04fcc", "99d613e644d5fe25479cbaafb9c6ee8069d9d9dea7accc3b0e52ef0e2d9779b6", "a16dd5a5637af8156a47149f9369d3cc460e8c3cb8efb12d1f59a845cd4deefa", "a8be394202373fd25c484b2a558e657f663117f873859a4300be438c54f47d3f", "b8fe734b2078280277c3acf004b95be1715bbc137dba7c7f4329cfcbbe971c80", "c2defb4f50d32ea013817de59d898a37b36907ef1feb49e8f55730c7f8769c9d", "c3be0d7b79b9038c3e2ebbab79f6747240738414cc3199abed8e08b50121bbc7", "c66753583caac285cddc4b95f0c6de10f26e247701f4337d964f12cf33141ab4", "eb5ee1046215b0977f97b672bc534a144927ec1a78722716923ba973a580b03a", "f9e11ac6a4b1a878d2dd11785773cbb2802d1ee256e5681fcd0b0f4785669881"], "iocs": {"domain": [{"hashes": ["1780f7805fce98f8d326008ca94ccf93049b6f9d38305f842a465644de99a445", "5225a64aa334322d25583810a1058e04cf42c9cd838f8dbd6a329c726dc93bd4", "61c8f070b87f962fe7f5f0e644cabc67cb8dffca0fca151269f59c372c7241af", "71c28258867d9c230edaa0e902bf8234a2eb807c474441c36787f1b57075ea46", "93c69d00eed5eae42dfbbbd2921e515f8b53ada99ab8475e87b6c829b8a04fcc", "99d613e644d5fe25479cbaafb9c6ee8069d9d9dea7accc3b0e52ef0e2d9779b6", "a16dd5a5637af8156a47149f9369d3cc460e8c3cb8efb12d1f59a845cd4deefa", "c66753583caac285cddc4b95f0c6de10f26e247701f4337d964f12cf33141ab4", "f9e11ac6a4b1a878d2dd11785773cbb2802d1ee256e5681fcd0b0f4785669881"], "host": "www[.]w3[.]org"}, {"hashes": ["1780f7805fce98f8d326008ca94ccf93049b6f9d38305f842a465644de99a445", "5225a64aa334322d25583810a1058e04cf42c9cd838f8dbd6a329c726dc93bd4", "61c8f070b87f962fe7f5f0e644cabc67cb8dffca0fca151269f59c372c7241af", "71c28258867d9c230edaa0e902bf8234a2eb807c474441c36787f1b57075ea46", "93c69d00eed5eae42dfbbbd2921e515f8b53ada99ab8475e87b6c829b8a04fcc", "99d613e644d5fe25479cbaafb9c6ee8069d9d9dea7accc3b0e52ef0e2d9779b6", "a16dd5a5637af8156a47149f9369d3cc460e8c3cb8efb12d1f59a845cd4deefa", "c66753583caac285cddc4b95f0c6de10f26e247701f4337d964f12cf33141ab4", "f9e11ac6a4b1a878d2dd11785773cbb2802d1ee256e5681fcd0b0f4785669881"], "host": "beian[.]aa2[.]cn"}, {"hashes": ["1780f7805fce98f8d326008ca94ccf93049b6f9d38305f842a465644de99a445", "5225a64aa334322d25583810a1058e04cf42c9cd838f8dbd6a329c726dc93bd4", "61c8f070b87f962fe7f5f0e644cabc67cb8dffca0fca151269f59c372c7241af", "71c28258867d9c230edaa0e902bf8234a2eb807c474441c36787f1b57075ea46", "93c69d00eed5eae42dfbbbd2921e515f8b53ada99ab8475e87b6c829b8a04fcc", "99d613e644d5fe25479cbaafb9c6ee8069d9d9dea7accc3b0e52ef0e2d9779b6", "a16dd5a5637af8156a47149f9369d3cc460e8c3cb8efb12d1f59a845cd4deefa", "c66753583caac285cddc4b95f0c6de10f26e247701f4337d964f12cf33141ab4", "f9e11ac6a4b1a878d2dd11785773cbb2802d1ee256e5681fcd0b0f4785669881"], "host": "fl[.]aa2[.]cn"}, {"hashes": ["1780f7805fce98f8d326008ca94ccf93049b6f9d38305f842a465644de99a445", "5225a64aa334322d25583810a1058e04cf42c9cd838f8dbd6a329c726dc93bd4", "61c8f070b87f962fe7f5f0e644cabc67cb8dffca0fca151269f59c372c7241af", "71c28258867d9c230edaa0e902bf8234a2eb807c474441c36787f1b57075ea46", "93c69d00eed5eae42dfbbbd2921e515f8b53ada99ab8475e87b6c829b8a04fcc", "99d613e644d5fe25479cbaafb9c6ee8069d9d9dea7accc3b0e52ef0e2d9779b6", "a16dd5a5637af8156a47149f9369d3cc460e8c3cb8efb12d1f59a845cd4deefa", "c66753583caac285cddc4b95f0c6de10f26e247701f4337d964f12cf33141ab4", "f9e11ac6a4b1a878d2dd11785773cbb2802d1ee256e5681fcd0b0f4785669881"], "host": "ip[.]aa2[.]cn"}, {"hashes": ["1780f7805fce98f8d326008ca94ccf93049b6f9d38305f842a465644de99a445", "5225a64aa334322d25583810a1058e04cf42c9cd838f8dbd6a329c726dc93bd4", "61c8f070b87f962fe7f5f0e644cabc67cb8dffca0fca151269f59c372c7241af", "71c28258867d9c230edaa0e902bf8234a2eb807c474441c36787f1b57075ea46", "93c69d00eed5eae42dfbbbd2921e515f8b53ada99ab8475e87b6c829b8a04fcc", "99d613e644d5fe25479cbaafb9c6ee8069d9d9dea7accc3b0e52ef0e2d9779b6", "a16dd5a5637af8156a47149f9369d3cc460e8c3cb8efb12d1f59a845cd4deefa", "c66753583caac285cddc4b95f0c6de10f26e247701f4337d964f12cf33141ab4", "f9e11ac6a4b1a878d2dd11785773cbb2802d1ee256e5681fcd0b0f4785669881"], "host": "link[.]aa2[.]cn"}, {"hashes": ["1780f7805fce98f8d326008ca94ccf93049b6f9d38305f842a465644de99a445", "5225a64aa334322d25583810a1058e04cf42c9cd838f8dbd6a329c726dc93bd4", "61c8f070b87f962fe7f5f0e644cabc67cb8dffca0fca151269f59c372c7241af", "71c28258867d9c230edaa0e902bf8234a2eb807c474441c36787f1b57075ea46", "93c69d00eed5eae42dfbbbd2921e515f8b53ada99ab8475e87b6c829b8a04fcc", "99d613e644d5fe25479cbaafb9c6ee8069d9d9dea7accc3b0e52ef0e2d9779b6", "a16dd5a5637af8156a47149f9369d3cc460e8c3cb8efb12d1f59a845cd4deefa", "c66753583caac285cddc4b95f0c6de10f26e247701f4337d964f12cf33141ab4", "f9e11ac6a4b1a878d2dd11785773cbb2802d1ee256e5681fcd0b0f4785669881"], "host": "pr[.]aa2[.]cn"}, {"hashes": ["1780f7805fce98f8d326008ca94ccf93049b6f9d38305f842a465644de99a445", "5225a64aa334322d25583810a1058e04cf42c9cd838f8dbd6a329c726dc93bd4", "61c8f070b87f962fe7f5f0e644cabc67cb8dffca0fca151269f59c372c7241af", "71c28258867d9c230edaa0e902bf8234a2eb807c474441c36787f1b57075ea46", "93c69d00eed5eae42dfbbbd2921e515f8b53ada99ab8475e87b6c829b8a04fcc", "99d613e644d5fe25479cbaafb9c6ee8069d9d9dea7accc3b0e52ef0e2d9779b6", "a16dd5a5637af8156a47149f9369d3cc460e8c3cb8efb12d1f59a845cd4deefa", "c66753583caac285cddc4b95f0c6de10f26e247701f4337d964f12cf33141ab4", "f9e11ac6a4b1a878d2dd11785773cbb2802d1ee256e5681fcd0b0f4785669881"], "host": "site[.]aa2[.]cn"}, {"hashes": ["1780f7805fce98f8d326008ca94ccf93049b6f9d38305f842a465644de99a445", "5225a64aa334322d25583810a1058e04cf42c9cd838f8dbd6a329c726dc93bd4", "61c8f070b87f962fe7f5f0e644cabc67cb8dffca0fca151269f59c372c7241af", "71c28258867d9c230edaa0e902bf8234a2eb807c474441c36787f1b57075ea46", "93c69d00eed5eae42dfbbbd2921e515f8b53ada99ab8475e87b6c829b8a04fcc", "99d613e644d5fe25479cbaafb9c6ee8069d9d9dea7accc3b0e52ef0e2d9779b6", "a16dd5a5637af8156a47149f9369d3cc460e8c3cb8efb12d1f59a845cd4deefa", "c66753583caac285cddc4b95f0c6de10f26e247701f4337d964f12cf33141ab4", "f9e11ac6a4b1a878d2dd11785773cbb2802d1ee256e5681fcd0b0f4785669881"], "host": "whois[.]aa2[.]cn"}, {"hashes": ["1780f7805fce98f8d326008ca94ccf93049b6f9d38305f842a465644de99a445", "5225a64aa334322d25583810a1058e04cf42c9cd838f8dbd6a329c726dc93bd4", "61c8f070b87f962fe7f5f0e644cabc67cb8dffca0fca151269f59c372c7241af", "71c28258867d9c230edaa0e902bf8234a2eb807c474441c36787f1b57075ea46", "93c69d00eed5eae42dfbbbd2921e515f8b53ada99ab8475e87b6c829b8a04fcc", "99d613e644d5fe25479cbaafb9c6ee8069d9d9dea7accc3b0e52ef0e2d9779b6", "a16dd5a5637af8156a47149f9369d3cc460e8c3cb8efb12d1f59a845cd4deefa", "c66753583caac285cddc4b95f0c6de10f26e247701f4337d964f12cf33141ab4", "f9e11ac6a4b1a878d2dd11785773cbb2802d1ee256e5681fcd0b0f4785669881"], "host": "www[.]1182[.]org"}, {"hashes": ["1780f7805fce98f8d326008ca94ccf93049b6f9d38305f842a465644de99a445", "5225a64aa334322d25583810a1058e04cf42c9cd838f8dbd6a329c726dc93bd4", "61c8f070b87f962fe7f5f0e644cabc67cb8dffca0fca151269f59c372c7241af", "71c28258867d9c230edaa0e902bf8234a2eb807c474441c36787f1b57075ea46", "93c69d00eed5eae42dfbbbd2921e515f8b53ada99ab8475e87b6c829b8a04fcc", "99d613e644d5fe25479cbaafb9c6ee8069d9d9dea7accc3b0e52ef0e2d9779b6", "a16dd5a5637af8156a47149f9369d3cc460e8c3cb8efb12d1f59a845cd4deefa", "c66753583caac285cddc4b95f0c6de10f26e247701f4337d964f12cf33141ab4", "f9e11ac6a4b1a878d2dd11785773cbb2802d1ee256e5681fcd0b0f4785669881"], "host": "www[.]aa2[.]cn"}, {"hashes": ["1780f7805fce98f8d326008ca94ccf93049b6f9d38305f842a465644de99a445", "5225a64aa334322d25583810a1058e04cf42c9cd838f8dbd6a329c726dc93bd4", "61c8f070b87f962fe7f5f0e644cabc67cb8dffca0fca151269f59c372c7241af", "71c28258867d9c230edaa0e902bf8234a2eb807c474441c36787f1b57075ea46", "93c69d00eed5eae42dfbbbd2921e515f8b53ada99ab8475e87b6c829b8a04fcc", "99d613e644d5fe25479cbaafb9c6ee8069d9d9dea7accc3b0e52ef0e2d9779b6", "a16dd5a5637af8156a47149f9369d3cc460e8c3cb8efb12d1f59a845cd4deefa", "c66753583caac285cddc4b95f0c6de10f26e247701f4337d964f12cf33141ab4", "f9e11ac6a4b1a878d2dd11785773cbb2802d1ee256e5681fcd0b0f4785669881"], "host": "www[.]jqgcw[.]com"}, {"hashes": ["4d0ef13738d4954bb8cd20836ad10b363850c246d3b5221718c7bd6f8e2bef5a"], "host": "14[.]211[.]117[.]20"}], "file": [], "ip": [{"hashes": ["1780f7805fce98f8d326008ca94ccf93049b6f9d38305f842a465644de99a445", "5225a64aa334322d25583810a1058e04cf42c9cd838f8dbd6a329c726dc93bd4", "61c8f070b87f962fe7f5f0e644cabc67cb8dffca0fca151269f59c372c7241af", "71c28258867d9c230edaa0e902bf8234a2eb807c474441c36787f1b57075ea46", "93c69d00eed5eae42dfbbbd2921e515f8b53ada99ab8475e87b6c829b8a04fcc", "99d613e644d5fe25479cbaafb9c6ee8069d9d9dea7accc3b0e52ef0e2d9779b6", "a16dd5a5637af8156a47149f9369d3cc460e8c3cb8efb12d1f59a845cd4deefa", "c66753583caac285cddc4b95f0c6de10f26e247701f4337d964f12cf33141ab4", "f9e11ac6a4b1a878d2dd11785773cbb2802d1ee256e5681fcd0b0f4785669881"], "ip": "45[.]119[.]125[.]223"}, {"hashes": ["61c8f070b87f962fe7f5f0e644cabc67cb8dffca0fca151269f59c372c7241af", "71c28258867d9c230edaa0e902bf8234a2eb807c474441c36787f1b57075ea46", "93c69d00eed5eae42dfbbbd2921e515f8b53ada99ab8475e87b6c829b8a04fcc", "f9e11ac6a4b1a878d2dd11785773cbb2802d1ee256e5681fcd0b0f4785669881"], "ip": "47[.]111[.]82[.]157"}, {"hashes": ["4e2bb868bff36fb3d9d0ceffe12c3fdcc362f9257748ddeada03b99f34ed1168", "a8be394202373fd25c484b2a558e657f663117f873859a4300be438c54f47d3f"], "ip": "114[.]215[.]106[.]244"}, {"hashes": ["3627de08d6cf5a29d4f0febaefc14a3b3e8dc0a16a635682f72b7f55a37cd11e", "b8fe734b2078280277c3acf004b95be1715bbc137dba7c7f4329cfcbbe971c80"], "ip": "121[.]41[.]79[.]140"}, {"hashes": ["5225a64aa334322d25583810a1058e04cf42c9cd838f8dbd6a329c726dc93bd4", "99d613e644d5fe25479cbaafb9c6ee8069d9d9dea7accc3b0e52ef0e2d9779b6"], "ip": "119[.]123[.]66[.]128"}, {"hashes": ["5d83a79e065fee6bb4b846058211af7cac79340bb6dcb4fb34e905a1e1e20f03"], "ip": "219[.]235[.]4[.]247"}, {"hashes": ["c2defb4f50d32ea013817de59d898a37b36907ef1feb49e8f55730c7f8769c9d"], "ip": "39[.]109[.]1[.]246"}, {"hashes": ["1780f7805fce98f8d326008ca94ccf93049b6f9d38305f842a465644de99a445"], "ip": "61[.]174[.]40[.]202"}, {"hashes": ["53fa3e285e76677f4437753fec063a1de809f969fa24fcf487530b088f2a04e3"], "ip": "125[.]85[.]222[.]189"}, {"hashes": ["0c147c1ff5a01b15840076dd456989c4f24fad3ad48fdf52a81e84eb3b8f972e"], "ip": "219[.]128[.]49[.]13"}, {"hashes": ["79920e494fc6048ed48f138a143374a86ef87d80ece9d6e5f840cd23ee72a308"], "ip": "58[.]221[.]47[.]47"}, {"hashes": ["703fe91a77ae3033cc932b978cb86e2416e1599d2917a98ab2abe5ca97faf707"], "ip": "58[.]221[.]47[.]41"}, {"hashes": ["920abea5f82e16b1551a4c7f6d2838c1e32a0e5e135e8589df9c1788ad7241cb"], "ip": "36[.]43[.]74[.]215"}, {"hashes": ["a16dd5a5637af8156a47149f9369d3cc460e8c3cb8efb12d1f59a845cd4deefa"], "ip": "222[.]79[.]32[.]219"}, {"hashes": ["c3be0d7b79b9038c3e2ebbab79f6747240738414cc3199abed8e08b50121bbc7"], "ip": "113[.]140[.]183[.]36"}, {"hashes": ["c66753583caac285cddc4b95f0c6de10f26e247701f4337d964f12cf33141ab4"], "ip": "36[.]46[.]114[.]54"}], "mutex": [{"hashes": ["61c8f070b87f962fe7f5f0e644cabc67cb8dffca0fca151269f59c372c7241af", "71c28258867d9c230edaa0e902bf8234a2eb807c474441c36787f1b57075ea46", "93c69d00eed5eae42dfbbbd2921e515f8b53ada99ab8475e87b6c829b8a04fcc", "f9e11ac6a4b1a878d2dd11785773cbb2802d1ee256e5681fcd0b0f4785669881"], "name": "gyxin1314.xicp.net"}, {"hashes": ["5225a64aa334322d25583810a1058e04cf42c9cd838f8dbd6a329c726dc93bd4", "99d613e644d5fe25479cbaafb9c6ee8069d9d9dea7accc3b0e52ef0e2d9779b6"], "name": "aka.f3322.net"}, {"hashes": ["3627de08d6cf5a29d4f0febaefc14a3b3e8dc0a16a635682f72b7f55a37cd11e", "b8fe734b2078280277c3acf004b95be1715bbc137dba7c7f4329cfcbbe971c80"], "name": "121.41.79.140"}, {"hashes": ["4e2bb868bff36fb3d9d0ceffe12c3fdcc362f9257748ddeada03b99f34ed1168", "a8be394202373fd25c484b2a558e657f663117f873859a4300be438c54f47d3f"], "name": "114.215.106.244"}, {"hashes": ["1780f7805fce98f8d326008ca94ccf93049b6f9d38305f842a465644de99a445"], "name": "ljwser.xicp.net"}, {"hashes": ["53fa3e285e76677f4437753fec063a1de809f969fa24fcf487530b088f2a04e3"], "name": "125.85.222.189"}, {"hashes": ["0c147c1ff5a01b15840076dd456989c4f24fad3ad48fdf52a81e84eb3b8f972e"], "name": "219.128.49.13"}, {"hashes": ["79920e494fc6048ed48f138a143374a86ef87d80ece9d6e5f840cd23ee72a308"], "name": "58.221.47.47"}, {"hashes": ["4d0ef13738d4954bb8cd20836ad10b363850c246d3b5221718c7bd6f8e2bef5a"], "name": "14.211.117.20\n"}, {"hashes": ["5d83a79e065fee6bb4b846058211af7cac79340bb6dcb4fb34e905a1e1e20f03"], "name": "219.235.4.247"}, {"hashes": ["703fe91a77ae3033cc932b978cb86e2416e1599d2917a98ab2abe5ca97faf707"], "name": "58.221.47.41"}, {"hashes": ["920abea5f82e16b1551a4c7f6d2838c1e32a0e5e135e8589df9c1788ad7241cb"], "name": "36.43.74.215"}, {"hashes": ["a16dd5a5637af8156a47149f9369d3cc460e8c3cb8efb12d1f59a845cd4deefa"], "name": "nt520.f3322.org"}, {"hashes": ["c3be0d7b79b9038c3e2ebbab79f6747240738414cc3199abed8e08b50121bbc7"], "name": "113.140.183.36"}, {"hashes": ["c2defb4f50d32ea013817de59d898a37b36907ef1feb49e8f55730c7f8769c9d"], "name": "39.109.1.246"}, {"hashes": ["c66753583caac285cddc4b95f0c6de10f26e247701f4337d964f12cf33141ab4"], "name": "god_xinghe.f3322.org"}, {"hashes": ["4d0ef13738d4954bb8cd20836ad10b363850c246d3b5221718c7bd6f8e2bef5a"], "name": "14.211.117.20 "}], "registry": [{"hashes": ["0c147c1ff5a01b15840076dd456989c4f24fad3ad48fdf52a81e84eb3b8f972e", "1780f7805fce98f8d326008ca94ccf93049b6f9d38305f842a465644de99a445", "3627de08d6cf5a29d4f0febaefc14a3b3e8dc0a16a635682f72b7f55a37cd11e", "4d0ef13738d4954bb8cd20836ad10b363850c246d3b5221718c7bd6f8e2bef5a", "4e2bb868bff36fb3d9d0ceffe12c3fdcc362f9257748ddeada03b99f34ed1168", "5225a64aa334322d25583810a1058e04cf42c9cd838f8dbd6a329c726dc93bd4", "53fa3e285e76677f4437753fec063a1de809f969fa24fcf487530b088f2a04e3", "5d83a79e065fee6bb4b846058211af7cac79340bb6dcb4fb34e905a1e1e20f03", "61c8f070b87f962fe7f5f0e644cabc67cb8dffca0fca151269f59c372c7241af", "703fe91a77ae3033cc932b978cb86e2416e1599d2917a98ab2abe5ca97faf707", "71c28258867d9c230edaa0e902bf8234a2eb807c474441c36787f1b57075ea46", "79920e494fc6048ed48f138a143374a86ef87d80ece9d6e5f840cd23ee72a308", "920abea5f82e16b1551a4c7f6d2838c1e32a0e5e135e8589df9c1788ad7241cb", "93c69d00eed5eae42dfbbbd2921e515f8b53ada99ab8475e87b6c829b8a04fcc", "a16dd5a5637af8156a47149f9369d3cc460e8c3cb8efb12d1f59a845cd4deefa", "a8be394202373fd25c484b2a558e657f663117f873859a4300be438c54f47d3f", "b8fe734b2078280277c3acf004b95be1715bbc137dba7c7f4329cfcbbe971c80", "c2defb4f50d32ea013817de59d898a37b36907ef1feb49e8f55730c7f8769c9d", "c3be0d7b79b9038c3e2ebbab79f6747240738414cc3199abed8e08b50121bbc7", "f9e11ac6a4b1a878d2dd11785773cbb2802d1ee256e5681fcd0b0f4785669881"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "SelfRunDemo"}]}, "reports_count": 23}, "Win.Virus.Xpiro-9831331-1": {"bis": [{"bi": "antivirus-flagged-artifact", "hashes": ["01beadb0bb93aef9b607707c60daaa37d3d8216ab2fe3ba8a9708631d62530b8", "14209ffd9ec31e18565cb9c075eb4f0a134449c5dbc72c36b4bdff3e5366da93", "0b3d264167717d6d77640e61ccec3769016d6eebb644f400ce7b2e3825c51860", "2f5afeff1dbae3219c061704da87caa52626d326027b983cbd2ecb9b38ac1b19", "1e29ca4150e7c9b737f01d3999f0200216687adfca45623bfc4335eb018a5495", "1f5509aa35700ee4a79285a4df39de8fc83f7b715a2bc4d612e23ed95b1e6c8a", "10e360fdf96f9e3cad105e1390b5505093f51fafde790b2cd4555ddd29752f2b", "042053d63245bf5d490650290dfc1829f0c9db8bce84dc3937a9e5b938fc159d", "2f357318c8ac8f9c4332eb9845f67a9f7710f21ee955588ff6a4e899f21343ac", "0d15707febee11db830ff11cb77281206406e1badded11774b67832e13d97659", "2f1d38626740802d837b03bde0148ee0de79705c9480482bddd3f24fc406fa2d", "2e414e9fc209d6f19eb28c390c45ef113c018b895c4b69852e7105df27f5bf7f", "2dc6f193a7c24b82ab2b0f7c82e5d66246789c67aae27e4ad194595bf82847a4", "265ccc248b75cc2dcbf19b078672dd08e9e1670373ff45b8d8027e3cd53b4790", "198cb4877d9f2de35fa7ea8d420e78f93080df3782cf0a2afe199dbc1f43f289", "236ec1d43899bd962f2426db70f67d4a12af659d88febcc5c4154ef68554276a", "05b86eeff64bfe8195093a96644f36678fd10097a447f1ef40e19535d5cf8b1f", "6b7df73d9357fa9c45a821bbcc952c561319347a5914d36a90b156610d876cc1", "18e46929b95266e2424e801f840c2106271f3204d49223f4eb6f919c36a9d2e2", "27d1a2e1067de23f95866007a72a81fd1f1909984a844d2888f07f6ee59f68fb", "00ed7b067da4cd36d1a16fe2080c49da137783da6f238476f6f44b4ea6e54c26", "23f251b932767402189ca60b44b1c8d34aef8aa1d0590e2af7f93fecb047f585", "252573caa7e7a333679f6dfb97ae0afbad0db7125ddeb2c1c44a9d73b4a27e56", "1e80e90cefc5a4f72848d621e04c1ef7047e6390d658706d8ab00e31be0e614f", "2677d9e396125edbcf22045f43b2e74a6994ad409c590c6a878d09e69ca94330", "08ba9c3d0ef3d2013b17c5d44307541904a89deefac079c91f8e1cb420765c9c"], "mitre_attack_tags": []}, {"bi": "pe-encrypted-section", "hashes": ["01beadb0bb93aef9b607707c60daaa37d3d8216ab2fe3ba8a9708631d62530b8", "14209ffd9ec31e18565cb9c075eb4f0a134449c5dbc72c36b4bdff3e5366da93", "0b3d264167717d6d77640e61ccec3769016d6eebb644f400ce7b2e3825c51860", "2f5afeff1dbae3219c061704da87caa52626d326027b983cbd2ecb9b38ac1b19", "1e29ca4150e7c9b737f01d3999f0200216687adfca45623bfc4335eb018a5495", "1f5509aa35700ee4a79285a4df39de8fc83f7b715a2bc4d612e23ed95b1e6c8a", "10e360fdf96f9e3cad105e1390b5505093f51fafde790b2cd4555ddd29752f2b", "042053d63245bf5d490650290dfc1829f0c9db8bce84dc3937a9e5b938fc159d", "2f357318c8ac8f9c4332eb9845f67a9f7710f21ee955588ff6a4e899f21343ac", "0d15707febee11db830ff11cb77281206406e1badded11774b67832e13d97659", "2f1d38626740802d837b03bde0148ee0de79705c9480482bddd3f24fc406fa2d", "2e414e9fc209d6f19eb28c390c45ef113c018b895c4b69852e7105df27f5bf7f", "2dc6f193a7c24b82ab2b0f7c82e5d66246789c67aae27e4ad194595bf82847a4", "265ccc248b75cc2dcbf19b078672dd08e9e1670373ff45b8d8027e3cd53b4790", "198cb4877d9f2de35fa7ea8d420e78f93080df3782cf0a2afe199dbc1f43f289", "236ec1d43899bd962f2426db70f67d4a12af659d88febcc5c4154ef68554276a", "05b86eeff64bfe8195093a96644f36678fd10097a447f1ef40e19535d5cf8b1f", "6b7df73d9357fa9c45a821bbcc952c561319347a5914d36a90b156610d876cc1", "18e46929b95266e2424e801f840c2106271f3204d49223f4eb6f919c36a9d2e2", "27d1a2e1067de23f95866007a72a81fd1f1909984a844d2888f07f6ee59f68fb", "00ed7b067da4cd36d1a16fe2080c49da137783da6f238476f6f44b4ea6e54c26", "23f251b932767402189ca60b44b1c8d34aef8aa1d0590e2af7f93fecb047f585", "252573caa7e7a333679f6dfb97ae0afbad0db7125ddeb2c1c44a9d73b4a27e56", "1e80e90cefc5a4f72848d621e04c1ef7047e6390d658706d8ab00e31be0e614f", "2677d9e396125edbcf22045f43b2e74a6994ad409c590c6a878d09e69ca94330", "08ba9c3d0ef3d2013b17c5d44307541904a89deefac079c91f8e1cb420765c9c"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "memory-execute-readwrite", "hashes": ["01beadb0bb93aef9b607707c60daaa37d3d8216ab2fe3ba8a9708631d62530b8", "14209ffd9ec31e18565cb9c075eb4f0a134449c5dbc72c36b4bdff3e5366da93", "0b3d264167717d6d77640e61ccec3769016d6eebb644f400ce7b2e3825c51860", "2f5afeff1dbae3219c061704da87caa52626d326027b983cbd2ecb9b38ac1b19", "1e29ca4150e7c9b737f01d3999f0200216687adfca45623bfc4335eb018a5495", "1f5509aa35700ee4a79285a4df39de8fc83f7b715a2bc4d612e23ed95b1e6c8a", "10e360fdf96f9e3cad105e1390b5505093f51fafde790b2cd4555ddd29752f2b", "042053d63245bf5d490650290dfc1829f0c9db8bce84dc3937a9e5b938fc159d", "2f357318c8ac8f9c4332eb9845f67a9f7710f21ee955588ff6a4e899f21343ac", "0d15707febee11db830ff11cb77281206406e1badded11774b67832e13d97659", "2f1d38626740802d837b03bde0148ee0de79705c9480482bddd3f24fc406fa2d", "2e414e9fc209d6f19eb28c390c45ef113c018b895c4b69852e7105df27f5bf7f", "2dc6f193a7c24b82ab2b0f7c82e5d66246789c67aae27e4ad194595bf82847a4", "265ccc248b75cc2dcbf19b078672dd08e9e1670373ff45b8d8027e3cd53b4790", "198cb4877d9f2de35fa7ea8d420e78f93080df3782cf0a2afe199dbc1f43f289", "236ec1d43899bd962f2426db70f67d4a12af659d88febcc5c4154ef68554276a", "05b86eeff64bfe8195093a96644f36678fd10097a447f1ef40e19535d5cf8b1f", "6b7df73d9357fa9c45a821bbcc952c561319347a5914d36a90b156610d876cc1", "18e46929b95266e2424e801f840c2106271f3204d49223f4eb6f919c36a9d2e2", "27d1a2e1067de23f95866007a72a81fd1f1909984a844d2888f07f6ee59f68fb", "00ed7b067da4cd36d1a16fe2080c49da137783da6f238476f6f44b4ea6e54c26", "23f251b932767402189ca60b44b1c8d34aef8aa1d0590e2af7f93fecb047f585", "252573caa7e7a333679f6dfb97ae0afbad0db7125ddeb2c1c44a9d73b4a27e56", "1e80e90cefc5a4f72848d621e04c1ef7047e6390d658706d8ab00e31be0e614f", "2677d9e396125edbcf22045f43b2e74a6994ad409c590c6a878d09e69ca94330", "08ba9c3d0ef3d2013b17c5d44307541904a89deefac079c91f8e1cb420765c9c"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055", "T1181"]}, {"bi": "modified-executable", "hashes": ["01beadb0bb93aef9b607707c60daaa37d3d8216ab2fe3ba8a9708631d62530b8", "14209ffd9ec31e18565cb9c075eb4f0a134449c5dbc72c36b4bdff3e5366da93", "0b3d264167717d6d77640e61ccec3769016d6eebb644f400ce7b2e3825c51860", "2f5afeff1dbae3219c061704da87caa52626d326027b983cbd2ecb9b38ac1b19", "1e29ca4150e7c9b737f01d3999f0200216687adfca45623bfc4335eb018a5495", "1f5509aa35700ee4a79285a4df39de8fc83f7b715a2bc4d612e23ed95b1e6c8a", "10e360fdf96f9e3cad105e1390b5505093f51fafde790b2cd4555ddd29752f2b", "042053d63245bf5d490650290dfc1829f0c9db8bce84dc3937a9e5b938fc159d", "2f357318c8ac8f9c4332eb9845f67a9f7710f21ee955588ff6a4e899f21343ac", "0d15707febee11db830ff11cb77281206406e1badded11774b67832e13d97659", "2f1d38626740802d837b03bde0148ee0de79705c9480482bddd3f24fc406fa2d", "2e414e9fc209d6f19eb28c390c45ef113c018b895c4b69852e7105df27f5bf7f", "2dc6f193a7c24b82ab2b0f7c82e5d66246789c67aae27e4ad194595bf82847a4", "265ccc248b75cc2dcbf19b078672dd08e9e1670373ff45b8d8027e3cd53b4790", "198cb4877d9f2de35fa7ea8d420e78f93080df3782cf0a2afe199dbc1f43f289", "236ec1d43899bd962f2426db70f67d4a12af659d88febcc5c4154ef68554276a", "05b86eeff64bfe8195093a96644f36678fd10097a447f1ef40e19535d5cf8b1f", "6b7df73d9357fa9c45a821bbcc952c561319347a5914d36a90b156610d876cc1", "18e46929b95266e2424e801f840c2106271f3204d49223f4eb6f919c36a9d2e2", "27d1a2e1067de23f95866007a72a81fd1f1909984a844d2888f07f6ee59f68fb", "00ed7b067da4cd36d1a16fe2080c49da137783da6f238476f6f44b4ea6e54c26", "23f251b932767402189ca60b44b1c8d34aef8aa1d0590e2af7f93fecb047f585", "252573caa7e7a333679f6dfb97ae0afbad0db7125ddeb2c1c44a9d73b4a27e56", "1e80e90cefc5a4f72848d621e04c1ef7047e6390d658706d8ab00e31be0e614f", "2677d9e396125edbcf22045f43b2e74a6994ad409c590c6a878d09e69ca94330", "08ba9c3d0ef3d2013b17c5d44307541904a89deefac079c91f8e1cb420765c9c"], "mitre_attack_tags": []}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["01beadb0bb93aef9b607707c60daaa37d3d8216ab2fe3ba8a9708631d62530b8", "14209ffd9ec31e18565cb9c075eb4f0a134449c5dbc72c36b4bdff3e5366da93", "0b3d264167717d6d77640e61ccec3769016d6eebb644f400ce7b2e3825c51860", "2f5afeff1dbae3219c061704da87caa52626d326027b983cbd2ecb9b38ac1b19", "1e29ca4150e7c9b737f01d3999f0200216687adfca45623bfc4335eb018a5495", "1f5509aa35700ee4a79285a4df39de8fc83f7b715a2bc4d612e23ed95b1e6c8a", "10e360fdf96f9e3cad105e1390b5505093f51fafde790b2cd4555ddd29752f2b", "042053d63245bf5d490650290dfc1829f0c9db8bce84dc3937a9e5b938fc159d", "2f357318c8ac8f9c4332eb9845f67a9f7710f21ee955588ff6a4e899f21343ac", "0d15707febee11db830ff11cb77281206406e1badded11774b67832e13d97659", "2f1d38626740802d837b03bde0148ee0de79705c9480482bddd3f24fc406fa2d", "2e414e9fc209d6f19eb28c390c45ef113c018b895c4b69852e7105df27f5bf7f", "2dc6f193a7c24b82ab2b0f7c82e5d66246789c67aae27e4ad194595bf82847a4", "265ccc248b75cc2dcbf19b078672dd08e9e1670373ff45b8d8027e3cd53b4790", "198cb4877d9f2de35fa7ea8d420e78f93080df3782cf0a2afe199dbc1f43f289", "236ec1d43899bd962f2426db70f67d4a12af659d88febcc5c4154ef68554276a", "05b86eeff64bfe8195093a96644f36678fd10097a447f1ef40e19535d5cf8b1f", "6b7df73d9357fa9c45a821bbcc952c561319347a5914d36a90b156610d876cc1", "18e46929b95266e2424e801f840c2106271f3204d49223f4eb6f919c36a9d2e2", "27d1a2e1067de23f95866007a72a81fd1f1909984a844d2888f07f6ee59f68fb", "00ed7b067da4cd36d1a16fe2080c49da137783da6f238476f6f44b4ea6e54c26", "23f251b932767402189ca60b44b1c8d34aef8aa1d0590e2af7f93fecb047f585", "252573caa7e7a333679f6dfb97ae0afbad0db7125ddeb2c1c44a9d73b4a27e56", "1e80e90cefc5a4f72848d621e04c1ef7047e6390d658706d8ab00e31be0e614f", "2677d9e396125edbcf22045f43b2e74a6994ad409c590c6a878d09e69ca94330", "08ba9c3d0ef3d2013b17c5d44307541904a89deefac079c91f8e1cb420765c9c"], "mitre_attack_tags": []}, {"bi": "modified-file-in-user-dir", "hashes": ["01beadb0bb93aef9b607707c60daaa37d3d8216ab2fe3ba8a9708631d62530b8", "14209ffd9ec31e18565cb9c075eb4f0a134449c5dbc72c36b4bdff3e5366da93", "0b3d264167717d6d77640e61ccec3769016d6eebb644f400ce7b2e3825c51860", "2f5afeff1dbae3219c061704da87caa52626d326027b983cbd2ecb9b38ac1b19", "1e29ca4150e7c9b737f01d3999f0200216687adfca45623bfc4335eb018a5495", "1f5509aa35700ee4a79285a4df39de8fc83f7b715a2bc4d612e23ed95b1e6c8a", "10e360fdf96f9e3cad105e1390b5505093f51fafde790b2cd4555ddd29752f2b", "042053d63245bf5d490650290dfc1829f0c9db8bce84dc3937a9e5b938fc159d", "2f357318c8ac8f9c4332eb9845f67a9f7710f21ee955588ff6a4e899f21343ac", "0d15707febee11db830ff11cb77281206406e1badded11774b67832e13d97659", "2f1d38626740802d837b03bde0148ee0de79705c9480482bddd3f24fc406fa2d", "2e414e9fc209d6f19eb28c390c45ef113c018b895c4b69852e7105df27f5bf7f", "2dc6f193a7c24b82ab2b0f7c82e5d66246789c67aae27e4ad194595bf82847a4", "265ccc248b75cc2dcbf19b078672dd08e9e1670373ff45b8d8027e3cd53b4790", "198cb4877d9f2de35fa7ea8d420e78f93080df3782cf0a2afe199dbc1f43f289", "236ec1d43899bd962f2426db70f67d4a12af659d88febcc5c4154ef68554276a", "05b86eeff64bfe8195093a96644f36678fd10097a447f1ef40e19535d5cf8b1f", "6b7df73d9357fa9c45a821bbcc952c561319347a5914d36a90b156610d876cc1", "18e46929b95266e2424e801f840c2106271f3204d49223f4eb6f919c36a9d2e2", "27d1a2e1067de23f95866007a72a81fd1f1909984a844d2888f07f6ee59f68fb", "00ed7b067da4cd36d1a16fe2080c49da137783da6f238476f6f44b4ea6e54c26", "23f251b932767402189ca60b44b1c8d34aef8aa1d0590e2af7f93fecb047f585", "252573caa7e7a333679f6dfb97ae0afbad0db7125ddeb2c1c44a9d73b4a27e56", "1e80e90cefc5a4f72848d621e04c1ef7047e6390d658706d8ab00e31be0e614f", "2677d9e396125edbcf22045f43b2e74a6994ad409c590c6a878d09e69ca94330", "08ba9c3d0ef3d2013b17c5d44307541904a89deefac079c91f8e1cb420765c9c"], "mitre_attack_tags": []}, {"bi": "pe-invalid-checksum", "hashes": ["01beadb0bb93aef9b607707c60daaa37d3d8216ab2fe3ba8a9708631d62530b8", "14209ffd9ec31e18565cb9c075eb4f0a134449c5dbc72c36b4bdff3e5366da93", "0b3d264167717d6d77640e61ccec3769016d6eebb644f400ce7b2e3825c51860", "2f5afeff1dbae3219c061704da87caa52626d326027b983cbd2ecb9b38ac1b19", "1e29ca4150e7c9b737f01d3999f0200216687adfca45623bfc4335eb018a5495", "1f5509aa35700ee4a79285a4df39de8fc83f7b715a2bc4d612e23ed95b1e6c8a", "10e360fdf96f9e3cad105e1390b5505093f51fafde790b2cd4555ddd29752f2b", "042053d63245bf5d490650290dfc1829f0c9db8bce84dc3937a9e5b938fc159d", "2f357318c8ac8f9c4332eb9845f67a9f7710f21ee955588ff6a4e899f21343ac", "0d15707febee11db830ff11cb77281206406e1badded11774b67832e13d97659", "2f1d38626740802d837b03bde0148ee0de79705c9480482bddd3f24fc406fa2d", "2e414e9fc209d6f19eb28c390c45ef113c018b895c4b69852e7105df27f5bf7f", "2dc6f193a7c24b82ab2b0f7c82e5d66246789c67aae27e4ad194595bf82847a4", "265ccc248b75cc2dcbf19b078672dd08e9e1670373ff45b8d8027e3cd53b4790", "198cb4877d9f2de35fa7ea8d420e78f93080df3782cf0a2afe199dbc1f43f289", "236ec1d43899bd962f2426db70f67d4a12af659d88febcc5c4154ef68554276a", "05b86eeff64bfe8195093a96644f36678fd10097a447f1ef40e19535d5cf8b1f", "6b7df73d9357fa9c45a821bbcc952c561319347a5914d36a90b156610d876cc1", "18e46929b95266e2424e801f840c2106271f3204d49223f4eb6f919c36a9d2e2", "27d1a2e1067de23f95866007a72a81fd1f1909984a844d2888f07f6ee59f68fb", "00ed7b067da4cd36d1a16fe2080c49da137783da6f238476f6f44b4ea6e54c26", "23f251b932767402189ca60b44b1c8d34aef8aa1d0590e2af7f93fecb047f585", "252573caa7e7a333679f6dfb97ae0afbad0db7125ddeb2c1c44a9d73b4a27e56", "1e80e90cefc5a4f72848d621e04c1ef7047e6390d658706d8ab00e31be0e614f", "2677d9e396125edbcf22045f43b2e74a6994ad409c590c6a878d09e69ca94330", "08ba9c3d0ef3d2013b17c5d44307541904a89deefac079c91f8e1cb420765c9c"], "mitre_attack_tags": []}, {"bi": "cta-static-analyzer-malicious", "hashes": ["01beadb0bb93aef9b607707c60daaa37d3d8216ab2fe3ba8a9708631d62530b8", "14209ffd9ec31e18565cb9c075eb4f0a134449c5dbc72c36b4bdff3e5366da93", "0b3d264167717d6d77640e61ccec3769016d6eebb644f400ce7b2e3825c51860", "2f5afeff1dbae3219c061704da87caa52626d326027b983cbd2ecb9b38ac1b19", "1e29ca4150e7c9b737f01d3999f0200216687adfca45623bfc4335eb018a5495", "1f5509aa35700ee4a79285a4df39de8fc83f7b715a2bc4d612e23ed95b1e6c8a", "10e360fdf96f9e3cad105e1390b5505093f51fafde790b2cd4555ddd29752f2b", "042053d63245bf5d490650290dfc1829f0c9db8bce84dc3937a9e5b938fc159d", "2f357318c8ac8f9c4332eb9845f67a9f7710f21ee955588ff6a4e899f21343ac", "0d15707febee11db830ff11cb77281206406e1badded11774b67832e13d97659", "2f1d38626740802d837b03bde0148ee0de79705c9480482bddd3f24fc406fa2d", "2e414e9fc209d6f19eb28c390c45ef113c018b895c4b69852e7105df27f5bf7f", "2dc6f193a7c24b82ab2b0f7c82e5d66246789c67aae27e4ad194595bf82847a4", "265ccc248b75cc2dcbf19b078672dd08e9e1670373ff45b8d8027e3cd53b4790", "198cb4877d9f2de35fa7ea8d420e78f93080df3782cf0a2afe199dbc1f43f289", "236ec1d43899bd962f2426db70f67d4a12af659d88febcc5c4154ef68554276a", "05b86eeff64bfe8195093a96644f36678fd10097a447f1ef40e19535d5cf8b1f", "6b7df73d9357fa9c45a821bbcc952c561319347a5914d36a90b156610d876cc1", "18e46929b95266e2424e801f840c2106271f3204d49223f4eb6f919c36a9d2e2", "27d1a2e1067de23f95866007a72a81fd1f1909984a844d2888f07f6ee59f68fb", "00ed7b067da4cd36d1a16fe2080c49da137783da6f238476f6f44b4ea6e54c26", "23f251b932767402189ca60b44b1c8d34aef8aa1d0590e2af7f93fecb047f585", "252573caa7e7a333679f6dfb97ae0afbad0db7125ddeb2c1c44a9d73b4a27e56", "1e80e90cefc5a4f72848d621e04c1ef7047e6390d658706d8ab00e31be0e614f", "2677d9e396125edbcf22045f43b2e74a6994ad409c590c6a878d09e69ca94330", "08ba9c3d0ef3d2013b17c5d44307541904a89deefac079c91f8e1cb420765c9c"], "mitre_attack_tags": []}, {"bi": "artifact-flagged-anomaly", "hashes": ["01beadb0bb93aef9b607707c60daaa37d3d8216ab2fe3ba8a9708631d62530b8", "14209ffd9ec31e18565cb9c075eb4f0a134449c5dbc72c36b4bdff3e5366da93", "0b3d264167717d6d77640e61ccec3769016d6eebb644f400ce7b2e3825c51860", "2f5afeff1dbae3219c061704da87caa52626d326027b983cbd2ecb9b38ac1b19", "1e29ca4150e7c9b737f01d3999f0200216687adfca45623bfc4335eb018a5495", "1f5509aa35700ee4a79285a4df39de8fc83f7b715a2bc4d612e23ed95b1e6c8a", "10e360fdf96f9e3cad105e1390b5505093f51fafde790b2cd4555ddd29752f2b", "042053d63245bf5d490650290dfc1829f0c9db8bce84dc3937a9e5b938fc159d", "2f357318c8ac8f9c4332eb9845f67a9f7710f21ee955588ff6a4e899f21343ac", "0d15707febee11db830ff11cb77281206406e1badded11774b67832e13d97659", "2f1d38626740802d837b03bde0148ee0de79705c9480482bddd3f24fc406fa2d", "2e414e9fc209d6f19eb28c390c45ef113c018b895c4b69852e7105df27f5bf7f", "2dc6f193a7c24b82ab2b0f7c82e5d66246789c67aae27e4ad194595bf82847a4", "265ccc248b75cc2dcbf19b078672dd08e9e1670373ff45b8d8027e3cd53b4790", "198cb4877d9f2de35fa7ea8d420e78f93080df3782cf0a2afe199dbc1f43f289", "236ec1d43899bd962f2426db70f67d4a12af659d88febcc5c4154ef68554276a", "05b86eeff64bfe8195093a96644f36678fd10097a447f1ef40e19535d5cf8b1f", "6b7df73d9357fa9c45a821bbcc952c561319347a5914d36a90b156610d876cc1", "18e46929b95266e2424e801f840c2106271f3204d49223f4eb6f919c36a9d2e2", "27d1a2e1067de23f95866007a72a81fd1f1909984a844d2888f07f6ee59f68fb", "00ed7b067da4cd36d1a16fe2080c49da137783da6f238476f6f44b4ea6e54c26", "23f251b932767402189ca60b44b1c8d34aef8aa1d0590e2af7f93fecb047f585", "252573caa7e7a333679f6dfb97ae0afbad0db7125ddeb2c1c44a9d73b4a27e56", "1e80e90cefc5a4f72848d621e04c1ef7047e6390d658706d8ab00e31be0e614f", "2677d9e396125edbcf22045f43b2e74a6994ad409c590c6a878d09e69ca94330", "08ba9c3d0ef3d2013b17c5d44307541904a89deefac079c91f8e1cb420765c9c"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-section-execute-writable", "hashes": ["01beadb0bb93aef9b607707c60daaa37d3d8216ab2fe3ba8a9708631d62530b8", "14209ffd9ec31e18565cb9c075eb4f0a134449c5dbc72c36b4bdff3e5366da93", "0b3d264167717d6d77640e61ccec3769016d6eebb644f400ce7b2e3825c51860", "2f5afeff1dbae3219c061704da87caa52626d326027b983cbd2ecb9b38ac1b19", "1e29ca4150e7c9b737f01d3999f0200216687adfca45623bfc4335eb018a5495", "1f5509aa35700ee4a79285a4df39de8fc83f7b715a2bc4d612e23ed95b1e6c8a", "10e360fdf96f9e3cad105e1390b5505093f51fafde790b2cd4555ddd29752f2b", "042053d63245bf5d490650290dfc1829f0c9db8bce84dc3937a9e5b938fc159d", "2f357318c8ac8f9c4332eb9845f67a9f7710f21ee955588ff6a4e899f21343ac", "0d15707febee11db830ff11cb77281206406e1badded11774b67832e13d97659", "2f1d38626740802d837b03bde0148ee0de79705c9480482bddd3f24fc406fa2d", "2e414e9fc209d6f19eb28c390c45ef113c018b895c4b69852e7105df27f5bf7f", "2dc6f193a7c24b82ab2b0f7c82e5d66246789c67aae27e4ad194595bf82847a4", "265ccc248b75cc2dcbf19b078672dd08e9e1670373ff45b8d8027e3cd53b4790", "198cb4877d9f2de35fa7ea8d420e78f93080df3782cf0a2afe199dbc1f43f289", "236ec1d43899bd962f2426db70f67d4a12af659d88febcc5c4154ef68554276a", "05b86eeff64bfe8195093a96644f36678fd10097a447f1ef40e19535d5cf8b1f", "6b7df73d9357fa9c45a821bbcc952c561319347a5914d36a90b156610d876cc1", "18e46929b95266e2424e801f840c2106271f3204d49223f4eb6f919c36a9d2e2", "27d1a2e1067de23f95866007a72a81fd1f1909984a844d2888f07f6ee59f68fb", "00ed7b067da4cd36d1a16fe2080c49da137783da6f238476f6f44b4ea6e54c26", "23f251b932767402189ca60b44b1c8d34aef8aa1d0590e2af7f93fecb047f585", "252573caa7e7a333679f6dfb97ae0afbad0db7125ddeb2c1c44a9d73b4a27e56", "1e80e90cefc5a4f72848d621e04c1ef7047e6390d658706d8ab00e31be0e614f", "2677d9e396125edbcf22045f43b2e74a6994ad409c590c6a878d09e69ca94330", "08ba9c3d0ef3d2013b17c5d44307541904a89deefac079c91f8e1cb420765c9c"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "hook-installed", "hashes": ["01beadb0bb93aef9b607707c60daaa37d3d8216ab2fe3ba8a9708631d62530b8", "14209ffd9ec31e18565cb9c075eb4f0a134449c5dbc72c36b4bdff3e5366da93", "0b3d264167717d6d77640e61ccec3769016d6eebb644f400ce7b2e3825c51860", "2f5afeff1dbae3219c061704da87caa52626d326027b983cbd2ecb9b38ac1b19", "1e29ca4150e7c9b737f01d3999f0200216687adfca45623bfc4335eb018a5495", "1f5509aa35700ee4a79285a4df39de8fc83f7b715a2bc4d612e23ed95b1e6c8a", "10e360fdf96f9e3cad105e1390b5505093f51fafde790b2cd4555ddd29752f2b", "042053d63245bf5d490650290dfc1829f0c9db8bce84dc3937a9e5b938fc159d", "2f357318c8ac8f9c4332eb9845f67a9f7710f21ee955588ff6a4e899f21343ac", "0d15707febee11db830ff11cb77281206406e1badded11774b67832e13d97659", "2f1d38626740802d837b03bde0148ee0de79705c9480482bddd3f24fc406fa2d", "2e414e9fc209d6f19eb28c390c45ef113c018b895c4b69852e7105df27f5bf7f", "2dc6f193a7c24b82ab2b0f7c82e5d66246789c67aae27e4ad194595bf82847a4", "265ccc248b75cc2dcbf19b078672dd08e9e1670373ff45b8d8027e3cd53b4790", "198cb4877d9f2de35fa7ea8d420e78f93080df3782cf0a2afe199dbc1f43f289", "236ec1d43899bd962f2426db70f67d4a12af659d88febcc5c4154ef68554276a", "05b86eeff64bfe8195093a96644f36678fd10097a447f1ef40e19535d5cf8b1f", "6b7df73d9357fa9c45a821bbcc952c561319347a5914d36a90b156610d876cc1", "18e46929b95266e2424e801f840c2106271f3204d49223f4eb6f919c36a9d2e2", "27d1a2e1067de23f95866007a72a81fd1f1909984a844d2888f07f6ee59f68fb", "00ed7b067da4cd36d1a16fe2080c49da137783da6f238476f6f44b4ea6e54c26", "23f251b932767402189ca60b44b1c8d34aef8aa1d0590e2af7f93fecb047f585", "252573caa7e7a333679f6dfb97ae0afbad0db7125ddeb2c1c44a9d73b4a27e56", "1e80e90cefc5a4f72848d621e04c1ef7047e6390d658706d8ab00e31be0e614f", "2677d9e396125edbcf22045f43b2e74a6994ad409c590c6a878d09e69ca94330", "08ba9c3d0ef3d2013b17c5d44307541904a89deefac079c91f8e1cb420765c9c"], "mitre_attack_tags": ["TA0009", "TA0006", "T1056"]}, {"bi": "file-ini-read", "hashes": ["01beadb0bb93aef9b607707c60daaa37d3d8216ab2fe3ba8a9708631d62530b8", "14209ffd9ec31e18565cb9c075eb4f0a134449c5dbc72c36b4bdff3e5366da93", "0b3d264167717d6d77640e61ccec3769016d6eebb644f400ce7b2e3825c51860", "2f5afeff1dbae3219c061704da87caa52626d326027b983cbd2ecb9b38ac1b19", "1e29ca4150e7c9b737f01d3999f0200216687adfca45623bfc4335eb018a5495", "1f5509aa35700ee4a79285a4df39de8fc83f7b715a2bc4d612e23ed95b1e6c8a", "10e360fdf96f9e3cad105e1390b5505093f51fafde790b2cd4555ddd29752f2b", "042053d63245bf5d490650290dfc1829f0c9db8bce84dc3937a9e5b938fc159d", "2f357318c8ac8f9c4332eb9845f67a9f7710f21ee955588ff6a4e899f21343ac", "0d15707febee11db830ff11cb77281206406e1badded11774b67832e13d97659", "2f1d38626740802d837b03bde0148ee0de79705c9480482bddd3f24fc406fa2d", "2e414e9fc209d6f19eb28c390c45ef113c018b895c4b69852e7105df27f5bf7f", "2dc6f193a7c24b82ab2b0f7c82e5d66246789c67aae27e4ad194595bf82847a4", "265ccc248b75cc2dcbf19b078672dd08e9e1670373ff45b8d8027e3cd53b4790", "198cb4877d9f2de35fa7ea8d420e78f93080df3782cf0a2afe199dbc1f43f289", "236ec1d43899bd962f2426db70f67d4a12af659d88febcc5c4154ef68554276a", "05b86eeff64bfe8195093a96644f36678fd10097a447f1ef40e19535d5cf8b1f", "6b7df73d9357fa9c45a821bbcc952c561319347a5914d36a90b156610d876cc1", "18e46929b95266e2424e801f840c2106271f3204d49223f4eb6f919c36a9d2e2", "27d1a2e1067de23f95866007a72a81fd1f1909984a844d2888f07f6ee59f68fb", "00ed7b067da4cd36d1a16fe2080c49da137783da6f238476f6f44b4ea6e54c26", "23f251b932767402189ca60b44b1c8d34aef8aa1d0590e2af7f93fecb047f585", "252573caa7e7a333679f6dfb97ae0afbad0db7125ddeb2c1c44a9d73b4a27e56", "1e80e90cefc5a4f72848d621e04c1ef7047e6390d658706d8ab00e31be0e614f", "2677d9e396125edbcf22045f43b2e74a6994ad409c590c6a878d09e69ca94330", "08ba9c3d0ef3d2013b17c5d44307541904a89deefac079c91f8e1cb420765c9c"], "mitre_attack_tags": []}, {"bi": "enumeration-browser-information", "hashes": ["01beadb0bb93aef9b607707c60daaa37d3d8216ab2fe3ba8a9708631d62530b8", "14209ffd9ec31e18565cb9c075eb4f0a134449c5dbc72c36b4bdff3e5366da93", "0b3d264167717d6d77640e61ccec3769016d6eebb644f400ce7b2e3825c51860", "2f5afeff1dbae3219c061704da87caa52626d326027b983cbd2ecb9b38ac1b19", "1e29ca4150e7c9b737f01d3999f0200216687adfca45623bfc4335eb018a5495", "1f5509aa35700ee4a79285a4df39de8fc83f7b715a2bc4d612e23ed95b1e6c8a", "10e360fdf96f9e3cad105e1390b5505093f51fafde790b2cd4555ddd29752f2b", "042053d63245bf5d490650290dfc1829f0c9db8bce84dc3937a9e5b938fc159d", "2f357318c8ac8f9c4332eb9845f67a9f7710f21ee955588ff6a4e899f21343ac", "0d15707febee11db830ff11cb77281206406e1badded11774b67832e13d97659", "2f1d38626740802d837b03bde0148ee0de79705c9480482bddd3f24fc406fa2d", "2e414e9fc209d6f19eb28c390c45ef113c018b895c4b69852e7105df27f5bf7f", "2dc6f193a7c24b82ab2b0f7c82e5d66246789c67aae27e4ad194595bf82847a4", "265ccc248b75cc2dcbf19b078672dd08e9e1670373ff45b8d8027e3cd53b4790", "198cb4877d9f2de35fa7ea8d420e78f93080df3782cf0a2afe199dbc1f43f289", "236ec1d43899bd962f2426db70f67d4a12af659d88febcc5c4154ef68554276a", "05b86eeff64bfe8195093a96644f36678fd10097a447f1ef40e19535d5cf8b1f", "6b7df73d9357fa9c45a821bbcc952c561319347a5914d36a90b156610d876cc1", "18e46929b95266e2424e801f840c2106271f3204d49223f4eb6f919c36a9d2e2", "27d1a2e1067de23f95866007a72a81fd1f1909984a844d2888f07f6ee59f68fb", "00ed7b067da4cd36d1a16fe2080c49da137783da6f238476f6f44b4ea6e54c26", "23f251b932767402189ca60b44b1c8d34aef8aa1d0590e2af7f93fecb047f585", "252573caa7e7a333679f6dfb97ae0afbad0db7125ddeb2c1c44a9d73b4a27e56", "1e80e90cefc5a4f72848d621e04c1ef7047e6390d658706d8ab00e31be0e614f", "2677d9e396125edbcf22045f43b2e74a6994ad409c590c6a878d09e69ca94330", "08ba9c3d0ef3d2013b17c5d44307541904a89deefac079c91f8e1cb420765c9c"], "mitre_attack_tags": ["TA0007", "TA0009", "TA0006", "T1083", "T1217", "T1005", "T1119", "T1552"]}, {"bi": "pe-uses-dot-net", "hashes": ["01beadb0bb93aef9b607707c60daaa37d3d8216ab2fe3ba8a9708631d62530b8", "14209ffd9ec31e18565cb9c075eb4f0a134449c5dbc72c36b4bdff3e5366da93", "0b3d264167717d6d77640e61ccec3769016d6eebb644f400ce7b2e3825c51860", "2f5afeff1dbae3219c061704da87caa52626d326027b983cbd2ecb9b38ac1b19", "1e29ca4150e7c9b737f01d3999f0200216687adfca45623bfc4335eb018a5495", "1f5509aa35700ee4a79285a4df39de8fc83f7b715a2bc4d612e23ed95b1e6c8a", "10e360fdf96f9e3cad105e1390b5505093f51fafde790b2cd4555ddd29752f2b", "042053d63245bf5d490650290dfc1829f0c9db8bce84dc3937a9e5b938fc159d", "2f357318c8ac8f9c4332eb9845f67a9f7710f21ee955588ff6a4e899f21343ac", "0d15707febee11db830ff11cb77281206406e1badded11774b67832e13d97659", "2f1d38626740802d837b03bde0148ee0de79705c9480482bddd3f24fc406fa2d", "2e414e9fc209d6f19eb28c390c45ef113c018b895c4b69852e7105df27f5bf7f", "2dc6f193a7c24b82ab2b0f7c82e5d66246789c67aae27e4ad194595bf82847a4", "265ccc248b75cc2dcbf19b078672dd08e9e1670373ff45b8d8027e3cd53b4790", "198cb4877d9f2de35fa7ea8d420e78f93080df3782cf0a2afe199dbc1f43f289", "236ec1d43899bd962f2426db70f67d4a12af659d88febcc5c4154ef68554276a", "05b86eeff64bfe8195093a96644f36678fd10097a447f1ef40e19535d5cf8b1f", "6b7df73d9357fa9c45a821bbcc952c561319347a5914d36a90b156610d876cc1", "18e46929b95266e2424e801f840c2106271f3204d49223f4eb6f919c36a9d2e2", "27d1a2e1067de23f95866007a72a81fd1f1909984a844d2888f07f6ee59f68fb", "00ed7b067da4cd36d1a16fe2080c49da137783da6f238476f6f44b4ea6e54c26", "23f251b932767402189ca60b44b1c8d34aef8aa1d0590e2af7f93fecb047f585", "252573caa7e7a333679f6dfb97ae0afbad0db7125ddeb2c1c44a9d73b4a27e56", "1e80e90cefc5a4f72848d621e04c1ef7047e6390d658706d8ab00e31be0e614f", "2677d9e396125edbcf22045f43b2e74a6994ad409c590c6a878d09e69ca94330", "08ba9c3d0ef3d2013b17c5d44307541904a89deefac079c91f8e1cb420765c9c"], "mitre_attack_tags": []}, {"bi": "potential-registry-persistence", "hashes": ["01beadb0bb93aef9b607707c60daaa37d3d8216ab2fe3ba8a9708631d62530b8", "14209ffd9ec31e18565cb9c075eb4f0a134449c5dbc72c36b4bdff3e5366da93", "0b3d264167717d6d77640e61ccec3769016d6eebb644f400ce7b2e3825c51860", "2f5afeff1dbae3219c061704da87caa52626d326027b983cbd2ecb9b38ac1b19", "1e29ca4150e7c9b737f01d3999f0200216687adfca45623bfc4335eb018a5495", "1f5509aa35700ee4a79285a4df39de8fc83f7b715a2bc4d612e23ed95b1e6c8a", "10e360fdf96f9e3cad105e1390b5505093f51fafde790b2cd4555ddd29752f2b", "042053d63245bf5d490650290dfc1829f0c9db8bce84dc3937a9e5b938fc159d", "2f357318c8ac8f9c4332eb9845f67a9f7710f21ee955588ff6a4e899f21343ac", "0d15707febee11db830ff11cb77281206406e1badded11774b67832e13d97659", "2f1d38626740802d837b03bde0148ee0de79705c9480482bddd3f24fc406fa2d", "2e414e9fc209d6f19eb28c390c45ef113c018b895c4b69852e7105df27f5bf7f", "2dc6f193a7c24b82ab2b0f7c82e5d66246789c67aae27e4ad194595bf82847a4", "265ccc248b75cc2dcbf19b078672dd08e9e1670373ff45b8d8027e3cd53b4790", "198cb4877d9f2de35fa7ea8d420e78f93080df3782cf0a2afe199dbc1f43f289", "236ec1d43899bd962f2426db70f67d4a12af659d88febcc5c4154ef68554276a", "05b86eeff64bfe8195093a96644f36678fd10097a447f1ef40e19535d5cf8b1f", "6b7df73d9357fa9c45a821bbcc952c561319347a5914d36a90b156610d876cc1", "18e46929b95266e2424e801f840c2106271f3204d49223f4eb6f919c36a9d2e2", "27d1a2e1067de23f95866007a72a81fd1f1909984a844d2888f07f6ee59f68fb", "00ed7b067da4cd36d1a16fe2080c49da137783da6f238476f6f44b4ea6e54c26", "23f251b932767402189ca60b44b1c8d34aef8aa1d0590e2af7f93fecb047f585", "252573caa7e7a333679f6dfb97ae0afbad0db7125ddeb2c1c44a9d73b4a27e56", "1e80e90cefc5a4f72848d621e04c1ef7047e6390d658706d8ab00e31be0e614f", "2677d9e396125edbcf22045f43b2e74a6994ad409c590c6a878d09e69ca94330", "08ba9c3d0ef3d2013b17c5d44307541904a89deefac079c91f8e1cb420765c9c"], "mitre_attack_tags": []}, {"bi": "modified-file-in-program-dir", "hashes": ["01beadb0bb93aef9b607707c60daaa37d3d8216ab2fe3ba8a9708631d62530b8", "14209ffd9ec31e18565cb9c075eb4f0a134449c5dbc72c36b4bdff3e5366da93", "0b3d264167717d6d77640e61ccec3769016d6eebb644f400ce7b2e3825c51860", "2f5afeff1dbae3219c061704da87caa52626d326027b983cbd2ecb9b38ac1b19", "1e29ca4150e7c9b737f01d3999f0200216687adfca45623bfc4335eb018a5495", "1f5509aa35700ee4a79285a4df39de8fc83f7b715a2bc4d612e23ed95b1e6c8a", "10e360fdf96f9e3cad105e1390b5505093f51fafde790b2cd4555ddd29752f2b", "042053d63245bf5d490650290dfc1829f0c9db8bce84dc3937a9e5b938fc159d", "2f357318c8ac8f9c4332eb9845f67a9f7710f21ee955588ff6a4e899f21343ac", "0d15707febee11db830ff11cb77281206406e1badded11774b67832e13d97659", "2f1d38626740802d837b03bde0148ee0de79705c9480482bddd3f24fc406fa2d", "2e414e9fc209d6f19eb28c390c45ef113c018b895c4b69852e7105df27f5bf7f", "2dc6f193a7c24b82ab2b0f7c82e5d66246789c67aae27e4ad194595bf82847a4", "265ccc248b75cc2dcbf19b078672dd08e9e1670373ff45b8d8027e3cd53b4790", "198cb4877d9f2de35fa7ea8d420e78f93080df3782cf0a2afe199dbc1f43f289", "236ec1d43899bd962f2426db70f67d4a12af659d88febcc5c4154ef68554276a", "05b86eeff64bfe8195093a96644f36678fd10097a447f1ef40e19535d5cf8b1f", "6b7df73d9357fa9c45a821bbcc952c561319347a5914d36a90b156610d876cc1", "18e46929b95266e2424e801f840c2106271f3204d49223f4eb6f919c36a9d2e2", "27d1a2e1067de23f95866007a72a81fd1f1909984a844d2888f07f6ee59f68fb", "00ed7b067da4cd36d1a16fe2080c49da137783da6f238476f6f44b4ea6e54c26", "23f251b932767402189ca60b44b1c8d34aef8aa1d0590e2af7f93fecb047f585", "252573caa7e7a333679f6dfb97ae0afbad0db7125ddeb2c1c44a9d73b4a27e56", "1e80e90cefc5a4f72848d621e04c1ef7047e6390d658706d8ab00e31be0e614f", "2677d9e396125edbcf22045f43b2e74a6994ad409c590c6a878d09e69ca94330", "08ba9c3d0ef3d2013b17c5d44307541904a89deefac079c91f8e1cb420765c9c"], "mitre_attack_tags": []}, {"bi": "modified-file-in-system-dir", "hashes": ["01beadb0bb93aef9b607707c60daaa37d3d8216ab2fe3ba8a9708631d62530b8", "14209ffd9ec31e18565cb9c075eb4f0a134449c5dbc72c36b4bdff3e5366da93", "0b3d264167717d6d77640e61ccec3769016d6eebb644f400ce7b2e3825c51860", "2f5afeff1dbae3219c061704da87caa52626d326027b983cbd2ecb9b38ac1b19", "1e29ca4150e7c9b737f01d3999f0200216687adfca45623bfc4335eb018a5495", "1f5509aa35700ee4a79285a4df39de8fc83f7b715a2bc4d612e23ed95b1e6c8a", "10e360fdf96f9e3cad105e1390b5505093f51fafde790b2cd4555ddd29752f2b", "042053d63245bf5d490650290dfc1829f0c9db8bce84dc3937a9e5b938fc159d", "2f357318c8ac8f9c4332eb9845f67a9f7710f21ee955588ff6a4e899f21343ac", "0d15707febee11db830ff11cb77281206406e1badded11774b67832e13d97659", "2f1d38626740802d837b03bde0148ee0de79705c9480482bddd3f24fc406fa2d", "2e414e9fc209d6f19eb28c390c45ef113c018b895c4b69852e7105df27f5bf7f", "2dc6f193a7c24b82ab2b0f7c82e5d66246789c67aae27e4ad194595bf82847a4", "265ccc248b75cc2dcbf19b078672dd08e9e1670373ff45b8d8027e3cd53b4790", "198cb4877d9f2de35fa7ea8d420e78f93080df3782cf0a2afe199dbc1f43f289", "236ec1d43899bd962f2426db70f67d4a12af659d88febcc5c4154ef68554276a", "05b86eeff64bfe8195093a96644f36678fd10097a447f1ef40e19535d5cf8b1f", "6b7df73d9357fa9c45a821bbcc952c561319347a5914d36a90b156610d876cc1", "18e46929b95266e2424e801f840c2106271f3204d49223f4eb6f919c36a9d2e2", "27d1a2e1067de23f95866007a72a81fd1f1909984a844d2888f07f6ee59f68fb", "00ed7b067da4cd36d1a16fe2080c49da137783da6f238476f6f44b4ea6e54c26", "23f251b932767402189ca60b44b1c8d34aef8aa1d0590e2af7f93fecb047f585", "252573caa7e7a333679f6dfb97ae0afbad0db7125ddeb2c1c44a9d73b4a27e56", "1e80e90cefc5a4f72848d621e04c1ef7047e6390d658706d8ab00e31be0e614f", "2677d9e396125edbcf22045f43b2e74a6994ad409c590c6a878d09e69ca94330", "08ba9c3d0ef3d2013b17c5d44307541904a89deefac079c91f8e1cb420765c9c"], "mitre_attack_tags": []}, {"bi": "imports-IsDebuggerPresent", "hashes": ["01beadb0bb93aef9b607707c60daaa37d3d8216ab2fe3ba8a9708631d62530b8", "14209ffd9ec31e18565cb9c075eb4f0a134449c5dbc72c36b4bdff3e5366da93", "0b3d264167717d6d77640e61ccec3769016d6eebb644f400ce7b2e3825c51860", "2f5afeff1dbae3219c061704da87caa52626d326027b983cbd2ecb9b38ac1b19", "1e29ca4150e7c9b737f01d3999f0200216687adfca45623bfc4335eb018a5495", "1f5509aa35700ee4a79285a4df39de8fc83f7b715a2bc4d612e23ed95b1e6c8a", "10e360fdf96f9e3cad105e1390b5505093f51fafde790b2cd4555ddd29752f2b", "042053d63245bf5d490650290dfc1829f0c9db8bce84dc3937a9e5b938fc159d", "2f357318c8ac8f9c4332eb9845f67a9f7710f21ee955588ff6a4e899f21343ac", "0d15707febee11db830ff11cb77281206406e1badded11774b67832e13d97659", "2f1d38626740802d837b03bde0148ee0de79705c9480482bddd3f24fc406fa2d", "2e414e9fc209d6f19eb28c390c45ef113c018b895c4b69852e7105df27f5bf7f", "2dc6f193a7c24b82ab2b0f7c82e5d66246789c67aae27e4ad194595bf82847a4", "265ccc248b75cc2dcbf19b078672dd08e9e1670373ff45b8d8027e3cd53b4790", "198cb4877d9f2de35fa7ea8d420e78f93080df3782cf0a2afe199dbc1f43f289", "236ec1d43899bd962f2426db70f67d4a12af659d88febcc5c4154ef68554276a", "05b86eeff64bfe8195093a96644f36678fd10097a447f1ef40e19535d5cf8b1f", "6b7df73d9357fa9c45a821bbcc952c561319347a5914d36a90b156610d876cc1", "18e46929b95266e2424e801f840c2106271f3204d49223f4eb6f919c36a9d2e2", "27d1a2e1067de23f95866007a72a81fd1f1909984a844d2888f07f6ee59f68fb", "00ed7b067da4cd36d1a16fe2080c49da137783da6f238476f6f44b4ea6e54c26", "23f251b932767402189ca60b44b1c8d34aef8aa1d0590e2af7f93fecb047f585", "252573caa7e7a333679f6dfb97ae0afbad0db7125ddeb2c1c44a9d73b4a27e56", "1e80e90cefc5a4f72848d621e04c1ef7047e6390d658706d8ab00e31be0e614f", "2677d9e396125edbcf22045f43b2e74a6994ad409c590c6a878d09e69ca94330", "08ba9c3d0ef3d2013b17c5d44307541904a89deefac079c91f8e1cb420765c9c"], "mitre_attack_tags": []}, {"bi": "registry-service-autostart-disabled", "hashes": ["01beadb0bb93aef9b607707c60daaa37d3d8216ab2fe3ba8a9708631d62530b8", "14209ffd9ec31e18565cb9c075eb4f0a134449c5dbc72c36b4bdff3e5366da93", "0b3d264167717d6d77640e61ccec3769016d6eebb644f400ce7b2e3825c51860", "2f5afeff1dbae3219c061704da87caa52626d326027b983cbd2ecb9b38ac1b19", "1e29ca4150e7c9b737f01d3999f0200216687adfca45623bfc4335eb018a5495", "1f5509aa35700ee4a79285a4df39de8fc83f7b715a2bc4d612e23ed95b1e6c8a", "10e360fdf96f9e3cad105e1390b5505093f51fafde790b2cd4555ddd29752f2b", "042053d63245bf5d490650290dfc1829f0c9db8bce84dc3937a9e5b938fc159d", "2f357318c8ac8f9c4332eb9845f67a9f7710f21ee955588ff6a4e899f21343ac", "0d15707febee11db830ff11cb77281206406e1badded11774b67832e13d97659", "2f1d38626740802d837b03bde0148ee0de79705c9480482bddd3f24fc406fa2d", "2e414e9fc209d6f19eb28c390c45ef113c018b895c4b69852e7105df27f5bf7f", "2dc6f193a7c24b82ab2b0f7c82e5d66246789c67aae27e4ad194595bf82847a4", "265ccc248b75cc2dcbf19b078672dd08e9e1670373ff45b8d8027e3cd53b4790", "198cb4877d9f2de35fa7ea8d420e78f93080df3782cf0a2afe199dbc1f43f289", "236ec1d43899bd962f2426db70f67d4a12af659d88febcc5c4154ef68554276a", "05b86eeff64bfe8195093a96644f36678fd10097a447f1ef40e19535d5cf8b1f", "6b7df73d9357fa9c45a821bbcc952c561319347a5914d36a90b156610d876cc1", "18e46929b95266e2424e801f840c2106271f3204d49223f4eb6f919c36a9d2e2", "27d1a2e1067de23f95866007a72a81fd1f1909984a844d2888f07f6ee59f68fb", "00ed7b067da4cd36d1a16fe2080c49da137783da6f238476f6f44b4ea6e54c26", "23f251b932767402189ca60b44b1c8d34aef8aa1d0590e2af7f93fecb047f585", "252573caa7e7a333679f6dfb97ae0afbad0db7125ddeb2c1c44a9d73b4a27e56", "1e80e90cefc5a4f72848d621e04c1ef7047e6390d658706d8ab00e31be0e614f", "2677d9e396125edbcf22045f43b2e74a6994ad409c590c6a878d09e69ca94330", "08ba9c3d0ef3d2013b17c5d44307541904a89deefac079c91f8e1cb420765c9c"], "mitre_attack_tags": ["TA0005", "TA0040", "TA0003", "TA0004", "T1112", "T1574", "T1489"]}, {"bi": "registry-action-center-disabled", "hashes": ["01beadb0bb93aef9b607707c60daaa37d3d8216ab2fe3ba8a9708631d62530b8", "14209ffd9ec31e18565cb9c075eb4f0a134449c5dbc72c36b4bdff3e5366da93", "0b3d264167717d6d77640e61ccec3769016d6eebb644f400ce7b2e3825c51860", "2f5afeff1dbae3219c061704da87caa52626d326027b983cbd2ecb9b38ac1b19", "1e29ca4150e7c9b737f01d3999f0200216687adfca45623bfc4335eb018a5495", "1f5509aa35700ee4a79285a4df39de8fc83f7b715a2bc4d612e23ed95b1e6c8a", "10e360fdf96f9e3cad105e1390b5505093f51fafde790b2cd4555ddd29752f2b", "042053d63245bf5d490650290dfc1829f0c9db8bce84dc3937a9e5b938fc159d", "2f357318c8ac8f9c4332eb9845f67a9f7710f21ee955588ff6a4e899f21343ac", "0d15707febee11db830ff11cb77281206406e1badded11774b67832e13d97659", "2f1d38626740802d837b03bde0148ee0de79705c9480482bddd3f24fc406fa2d", "2e414e9fc209d6f19eb28c390c45ef113c018b895c4b69852e7105df27f5bf7f", "2dc6f193a7c24b82ab2b0f7c82e5d66246789c67aae27e4ad194595bf82847a4", "265ccc248b75cc2dcbf19b078672dd08e9e1670373ff45b8d8027e3cd53b4790", "198cb4877d9f2de35fa7ea8d420e78f93080df3782cf0a2afe199dbc1f43f289", "236ec1d43899bd962f2426db70f67d4a12af659d88febcc5c4154ef68554276a", "05b86eeff64bfe8195093a96644f36678fd10097a447f1ef40e19535d5cf8b1f", "6b7df73d9357fa9c45a821bbcc952c561319347a5914d36a90b156610d876cc1", "18e46929b95266e2424e801f840c2106271f3204d49223f4eb6f919c36a9d2e2", "27d1a2e1067de23f95866007a72a81fd1f1909984a844d2888f07f6ee59f68fb", "00ed7b067da4cd36d1a16fe2080c49da137783da6f238476f6f44b4ea6e54c26", "23f251b932767402189ca60b44b1c8d34aef8aa1d0590e2af7f93fecb047f585", "252573caa7e7a333679f6dfb97ae0afbad0db7125ddeb2c1c44a9d73b4a27e56", "1e80e90cefc5a4f72848d621e04c1ef7047e6390d658706d8ab00e31be0e614f", "2677d9e396125edbcf22045f43b2e74a6994ad409c590c6a878d09e69ca94330", "08ba9c3d0ef3d2013b17c5d44307541904a89deefac079c91f8e1cb420765c9c"], "mitre_attack_tags": ["TA0005", "T1562"]}, {"bi": "process-with-multiple-children", "hashes": ["01beadb0bb93aef9b607707c60daaa37d3d8216ab2fe3ba8a9708631d62530b8", "14209ffd9ec31e18565cb9c075eb4f0a134449c5dbc72c36b4bdff3e5366da93", "0b3d264167717d6d77640e61ccec3769016d6eebb644f400ce7b2e3825c51860", "2f5afeff1dbae3219c061704da87caa52626d326027b983cbd2ecb9b38ac1b19", "1e29ca4150e7c9b737f01d3999f0200216687adfca45623bfc4335eb018a5495", "1f5509aa35700ee4a79285a4df39de8fc83f7b715a2bc4d612e23ed95b1e6c8a", "10e360fdf96f9e3cad105e1390b5505093f51fafde790b2cd4555ddd29752f2b", "042053d63245bf5d490650290dfc1829f0c9db8bce84dc3937a9e5b938fc159d", "2f357318c8ac8f9c4332eb9845f67a9f7710f21ee955588ff6a4e899f21343ac", "0d15707febee11db830ff11cb77281206406e1badded11774b67832e13d97659", "2f1d38626740802d837b03bde0148ee0de79705c9480482bddd3f24fc406fa2d", "2e414e9fc209d6f19eb28c390c45ef113c018b895c4b69852e7105df27f5bf7f", "2dc6f193a7c24b82ab2b0f7c82e5d66246789c67aae27e4ad194595bf82847a4", "265ccc248b75cc2dcbf19b078672dd08e9e1670373ff45b8d8027e3cd53b4790", "198cb4877d9f2de35fa7ea8d420e78f93080df3782cf0a2afe199dbc1f43f289", "236ec1d43899bd962f2426db70f67d4a12af659d88febcc5c4154ef68554276a", "05b86eeff64bfe8195093a96644f36678fd10097a447f1ef40e19535d5cf8b1f", "6b7df73d9357fa9c45a821bbcc952c561319347a5914d36a90b156610d876cc1", "18e46929b95266e2424e801f840c2106271f3204d49223f4eb6f919c36a9d2e2", "27d1a2e1067de23f95866007a72a81fd1f1909984a844d2888f07f6ee59f68fb", "00ed7b067da4cd36d1a16fe2080c49da137783da6f238476f6f44b4ea6e54c26", "23f251b932767402189ca60b44b1c8d34aef8aa1d0590e2af7f93fecb047f585", "252573caa7e7a333679f6dfb97ae0afbad0db7125ddeb2c1c44a9d73b4a27e56", "1e80e90cefc5a4f72848d621e04c1ef7047e6390d658706d8ab00e31be0e614f", "2677d9e396125edbcf22045f43b2e74a6994ad409c590c6a878d09e69ca94330", "08ba9c3d0ef3d2013b17c5d44307541904a89deefac079c91f8e1cb420765c9c"], "mitre_attack_tags": ["TA0005"]}, {"bi": "pe-imports-toolhelp", "hashes": ["01beadb0bb93aef9b607707c60daaa37d3d8216ab2fe3ba8a9708631d62530b8", "14209ffd9ec31e18565cb9c075eb4f0a134449c5dbc72c36b4bdff3e5366da93", "0b3d264167717d6d77640e61ccec3769016d6eebb644f400ce7b2e3825c51860", "2f5afeff1dbae3219c061704da87caa52626d326027b983cbd2ecb9b38ac1b19", "1e29ca4150e7c9b737f01d3999f0200216687adfca45623bfc4335eb018a5495", "1f5509aa35700ee4a79285a4df39de8fc83f7b715a2bc4d612e23ed95b1e6c8a", "10e360fdf96f9e3cad105e1390b5505093f51fafde790b2cd4555ddd29752f2b", "042053d63245bf5d490650290dfc1829f0c9db8bce84dc3937a9e5b938fc159d", "2f357318c8ac8f9c4332eb9845f67a9f7710f21ee955588ff6a4e899f21343ac", "0d15707febee11db830ff11cb77281206406e1badded11774b67832e13d97659", "2f1d38626740802d837b03bde0148ee0de79705c9480482bddd3f24fc406fa2d", "2e414e9fc209d6f19eb28c390c45ef113c018b895c4b69852e7105df27f5bf7f", "2dc6f193a7c24b82ab2b0f7c82e5d66246789c67aae27e4ad194595bf82847a4", "265ccc248b75cc2dcbf19b078672dd08e9e1670373ff45b8d8027e3cd53b4790", "198cb4877d9f2de35fa7ea8d420e78f93080df3782cf0a2afe199dbc1f43f289", "236ec1d43899bd962f2426db70f67d4a12af659d88febcc5c4154ef68554276a", "05b86eeff64bfe8195093a96644f36678fd10097a447f1ef40e19535d5cf8b1f", "6b7df73d9357fa9c45a821bbcc952c561319347a5914d36a90b156610d876cc1", "18e46929b95266e2424e801f840c2106271f3204d49223f4eb6f919c36a9d2e2", "27d1a2e1067de23f95866007a72a81fd1f1909984a844d2888f07f6ee59f68fb", "00ed7b067da4cd36d1a16fe2080c49da137783da6f238476f6f44b4ea6e54c26", "23f251b932767402189ca60b44b1c8d34aef8aa1d0590e2af7f93fecb047f585", "252573caa7e7a333679f6dfb97ae0afbad0db7125ddeb2c1c44a9d73b4a27e56", "1e80e90cefc5a4f72848d621e04c1ef7047e6390d658706d8ab00e31be0e614f", "2677d9e396125edbcf22045f43b2e74a6994ad409c590c6a878d09e69ca94330", "08ba9c3d0ef3d2013b17c5d44307541904a89deefac079c91f8e1cb420765c9c"], "mitre_attack_tags": ["TA0007", "T1057"]}, {"bi": "file-ini-modified", "hashes": ["01beadb0bb93aef9b607707c60daaa37d3d8216ab2fe3ba8a9708631d62530b8", "14209ffd9ec31e18565cb9c075eb4f0a134449c5dbc72c36b4bdff3e5366da93", "0b3d264167717d6d77640e61ccec3769016d6eebb644f400ce7b2e3825c51860", "2f5afeff1dbae3219c061704da87caa52626d326027b983cbd2ecb9b38ac1b19", "1e29ca4150e7c9b737f01d3999f0200216687adfca45623bfc4335eb018a5495", "1f5509aa35700ee4a79285a4df39de8fc83f7b715a2bc4d612e23ed95b1e6c8a", "10e360fdf96f9e3cad105e1390b5505093f51fafde790b2cd4555ddd29752f2b", "042053d63245bf5d490650290dfc1829f0c9db8bce84dc3937a9e5b938fc159d", "2f357318c8ac8f9c4332eb9845f67a9f7710f21ee955588ff6a4e899f21343ac", "0d15707febee11db830ff11cb77281206406e1badded11774b67832e13d97659", "2f1d38626740802d837b03bde0148ee0de79705c9480482bddd3f24fc406fa2d", "2e414e9fc209d6f19eb28c390c45ef113c018b895c4b69852e7105df27f5bf7f", "2dc6f193a7c24b82ab2b0f7c82e5d66246789c67aae27e4ad194595bf82847a4", "265ccc248b75cc2dcbf19b078672dd08e9e1670373ff45b8d8027e3cd53b4790", "198cb4877d9f2de35fa7ea8d420e78f93080df3782cf0a2afe199dbc1f43f289", "236ec1d43899bd962f2426db70f67d4a12af659d88febcc5c4154ef68554276a", "05b86eeff64bfe8195093a96644f36678fd10097a447f1ef40e19535d5cf8b1f", "6b7df73d9357fa9c45a821bbcc952c561319347a5914d36a90b156610d876cc1", "18e46929b95266e2424e801f840c2106271f3204d49223f4eb6f919c36a9d2e2", "27d1a2e1067de23f95866007a72a81fd1f1909984a844d2888f07f6ee59f68fb", "00ed7b067da4cd36d1a16fe2080c49da137783da6f238476f6f44b4ea6e54c26", "23f251b932767402189ca60b44b1c8d34aef8aa1d0590e2af7f93fecb047f585", "252573caa7e7a333679f6dfb97ae0afbad0db7125ddeb2c1c44a9d73b4a27e56", "1e80e90cefc5a4f72848d621e04c1ef7047e6390d658706d8ab00e31be0e614f", "2677d9e396125edbcf22045f43b2e74a6994ad409c590c6a878d09e69ca94330", "08ba9c3d0ef3d2013b17c5d44307541904a89deefac079c91f8e1cb420765c9c"], "mitre_attack_tags": ["TA0003"]}, {"bi": "registry-ie-zone-settings-modified", "hashes": ["01beadb0bb93aef9b607707c60daaa37d3d8216ab2fe3ba8a9708631d62530b8", "14209ffd9ec31e18565cb9c075eb4f0a134449c5dbc72c36b4bdff3e5366da93", "0b3d264167717d6d77640e61ccec3769016d6eebb644f400ce7b2e3825c51860", "2f5afeff1dbae3219c061704da87caa52626d326027b983cbd2ecb9b38ac1b19", "1e29ca4150e7c9b737f01d3999f0200216687adfca45623bfc4335eb018a5495", "1f5509aa35700ee4a79285a4df39de8fc83f7b715a2bc4d612e23ed95b1e6c8a", "10e360fdf96f9e3cad105e1390b5505093f51fafde790b2cd4555ddd29752f2b", "042053d63245bf5d490650290dfc1829f0c9db8bce84dc3937a9e5b938fc159d", "2f357318c8ac8f9c4332eb9845f67a9f7710f21ee955588ff6a4e899f21343ac", "0d15707febee11db830ff11cb77281206406e1badded11774b67832e13d97659", "2f1d38626740802d837b03bde0148ee0de79705c9480482bddd3f24fc406fa2d", "2e414e9fc209d6f19eb28c390c45ef113c018b895c4b69852e7105df27f5bf7f", "2dc6f193a7c24b82ab2b0f7c82e5d66246789c67aae27e4ad194595bf82847a4", "265ccc248b75cc2dcbf19b078672dd08e9e1670373ff45b8d8027e3cd53b4790", "198cb4877d9f2de35fa7ea8d420e78f93080df3782cf0a2afe199dbc1f43f289", "236ec1d43899bd962f2426db70f67d4a12af659d88febcc5c4154ef68554276a", "05b86eeff64bfe8195093a96644f36678fd10097a447f1ef40e19535d5cf8b1f", "6b7df73d9357fa9c45a821bbcc952c561319347a5914d36a90b156610d876cc1", "18e46929b95266e2424e801f840c2106271f3204d49223f4eb6f919c36a9d2e2", "27d1a2e1067de23f95866007a72a81fd1f1909984a844d2888f07f6ee59f68fb", "00ed7b067da4cd36d1a16fe2080c49da137783da6f238476f6f44b4ea6e54c26", "23f251b932767402189ca60b44b1c8d34aef8aa1d0590e2af7f93fecb047f585", "252573caa7e7a333679f6dfb97ae0afbad0db7125ddeb2c1c44a9d73b4a27e56", "1e80e90cefc5a4f72848d621e04c1ef7047e6390d658706d8ab00e31be0e614f", "2677d9e396125edbcf22045f43b2e74a6994ad409c590c6a878d09e69ca94330", "08ba9c3d0ef3d2013b17c5d44307541904a89deefac079c91f8e1cb420765c9c"], "mitre_attack_tags": ["TA0005", "T1562"]}, {"bi": "registry-service-type-modified", "hashes": ["01beadb0bb93aef9b607707c60daaa37d3d8216ab2fe3ba8a9708631d62530b8", "14209ffd9ec31e18565cb9c075eb4f0a134449c5dbc72c36b4bdff3e5366da93", "0b3d264167717d6d77640e61ccec3769016d6eebb644f400ce7b2e3825c51860", "2f5afeff1dbae3219c061704da87caa52626d326027b983cbd2ecb9b38ac1b19", "1e29ca4150e7c9b737f01d3999f0200216687adfca45623bfc4335eb018a5495", "1f5509aa35700ee4a79285a4df39de8fc83f7b715a2bc4d612e23ed95b1e6c8a", "10e360fdf96f9e3cad105e1390b5505093f51fafde790b2cd4555ddd29752f2b", "042053d63245bf5d490650290dfc1829f0c9db8bce84dc3937a9e5b938fc159d", "2f357318c8ac8f9c4332eb9845f67a9f7710f21ee955588ff6a4e899f21343ac", "0d15707febee11db830ff11cb77281206406e1badded11774b67832e13d97659", "2f1d38626740802d837b03bde0148ee0de79705c9480482bddd3f24fc406fa2d", "2e414e9fc209d6f19eb28c390c45ef113c018b895c4b69852e7105df27f5bf7f", "2dc6f193a7c24b82ab2b0f7c82e5d66246789c67aae27e4ad194595bf82847a4", "265ccc248b75cc2dcbf19b078672dd08e9e1670373ff45b8d8027e3cd53b4790", "198cb4877d9f2de35fa7ea8d420e78f93080df3782cf0a2afe199dbc1f43f289", "236ec1d43899bd962f2426db70f67d4a12af659d88febcc5c4154ef68554276a", "05b86eeff64bfe8195093a96644f36678fd10097a447f1ef40e19535d5cf8b1f", "6b7df73d9357fa9c45a821bbcc952c561319347a5914d36a90b156610d876cc1", "18e46929b95266e2424e801f840c2106271f3204d49223f4eb6f919c36a9d2e2", "27d1a2e1067de23f95866007a72a81fd1f1909984a844d2888f07f6ee59f68fb", "00ed7b067da4cd36d1a16fe2080c49da137783da6f238476f6f44b4ea6e54c26", "23f251b932767402189ca60b44b1c8d34aef8aa1d0590e2af7f93fecb047f585", "252573caa7e7a333679f6dfb97ae0afbad0db7125ddeb2c1c44a9d73b4a27e56", "1e80e90cefc5a4f72848d621e04c1ef7047e6390d658706d8ab00e31be0e614f", "2677d9e396125edbcf22045f43b2e74a6994ad409c590c6a878d09e69ca94330", "08ba9c3d0ef3d2013b17c5d44307541904a89deefac079c91f8e1cb420765c9c"], "mitre_attack_tags": ["TA0005", "TA0003", "TA0004", "T1112", "T1574"]}, {"bi": "malware-xpiro-mutex", "hashes": ["01beadb0bb93aef9b607707c60daaa37d3d8216ab2fe3ba8a9708631d62530b8", "14209ffd9ec31e18565cb9c075eb4f0a134449c5dbc72c36b4bdff3e5366da93", "0b3d264167717d6d77640e61ccec3769016d6eebb644f400ce7b2e3825c51860", "2f5afeff1dbae3219c061704da87caa52626d326027b983cbd2ecb9b38ac1b19", "1e29ca4150e7c9b737f01d3999f0200216687adfca45623bfc4335eb018a5495", "1f5509aa35700ee4a79285a4df39de8fc83f7b715a2bc4d612e23ed95b1e6c8a", "10e360fdf96f9e3cad105e1390b5505093f51fafde790b2cd4555ddd29752f2b", "042053d63245bf5d490650290dfc1829f0c9db8bce84dc3937a9e5b938fc159d", "2f357318c8ac8f9c4332eb9845f67a9f7710f21ee955588ff6a4e899f21343ac", "0d15707febee11db830ff11cb77281206406e1badded11774b67832e13d97659", "2f1d38626740802d837b03bde0148ee0de79705c9480482bddd3f24fc406fa2d", "2e414e9fc209d6f19eb28c390c45ef113c018b895c4b69852e7105df27f5bf7f", "2dc6f193a7c24b82ab2b0f7c82e5d66246789c67aae27e4ad194595bf82847a4", "265ccc248b75cc2dcbf19b078672dd08e9e1670373ff45b8d8027e3cd53b4790", "198cb4877d9f2de35fa7ea8d420e78f93080df3782cf0a2afe199dbc1f43f289", "236ec1d43899bd962f2426db70f67d4a12af659d88febcc5c4154ef68554276a", "05b86eeff64bfe8195093a96644f36678fd10097a447f1ef40e19535d5cf8b1f", "6b7df73d9357fa9c45a821bbcc952c561319347a5914d36a90b156610d876cc1", "18e46929b95266e2424e801f840c2106271f3204d49223f4eb6f919c36a9d2e2", "27d1a2e1067de23f95866007a72a81fd1f1909984a844d2888f07f6ee59f68fb", "00ed7b067da4cd36d1a16fe2080c49da137783da6f238476f6f44b4ea6e54c26", "23f251b932767402189ca60b44b1c8d34aef8aa1d0590e2af7f93fecb047f585", "252573caa7e7a333679f6dfb97ae0afbad0db7125ddeb2c1c44a9d73b4a27e56", "1e80e90cefc5a4f72848d621e04c1ef7047e6390d658706d8ab00e31be0e614f", "2677d9e396125edbcf22045f43b2e74a6994ad409c590c6a878d09e69ca94330", "08ba9c3d0ef3d2013b17c5d44307541904a89deefac079c91f8e1cb420765c9c"], "mitre_attack_tags": []}, {"bi": "registry-disable-smartscreen", "hashes": ["01beadb0bb93aef9b607707c60daaa37d3d8216ab2fe3ba8a9708631d62530b8", "14209ffd9ec31e18565cb9c075eb4f0a134449c5dbc72c36b4bdff3e5366da93", "0b3d264167717d6d77640e61ccec3769016d6eebb644f400ce7b2e3825c51860", "2f5afeff1dbae3219c061704da87caa52626d326027b983cbd2ecb9b38ac1b19", "1e29ca4150e7c9b737f01d3999f0200216687adfca45623bfc4335eb018a5495", "1f5509aa35700ee4a79285a4df39de8fc83f7b715a2bc4d612e23ed95b1e6c8a", "10e360fdf96f9e3cad105e1390b5505093f51fafde790b2cd4555ddd29752f2b", "042053d63245bf5d490650290dfc1829f0c9db8bce84dc3937a9e5b938fc159d", "2f357318c8ac8f9c4332eb9845f67a9f7710f21ee955588ff6a4e899f21343ac", "0d15707febee11db830ff11cb77281206406e1badded11774b67832e13d97659", "2f1d38626740802d837b03bde0148ee0de79705c9480482bddd3f24fc406fa2d", "2e414e9fc209d6f19eb28c390c45ef113c018b895c4b69852e7105df27f5bf7f", "2dc6f193a7c24b82ab2b0f7c82e5d66246789c67aae27e4ad194595bf82847a4", "265ccc248b75cc2dcbf19b078672dd08e9e1670373ff45b8d8027e3cd53b4790", "198cb4877d9f2de35fa7ea8d420e78f93080df3782cf0a2afe199dbc1f43f289", "236ec1d43899bd962f2426db70f67d4a12af659d88febcc5c4154ef68554276a", "05b86eeff64bfe8195093a96644f36678fd10097a447f1ef40e19535d5cf8b1f", "6b7df73d9357fa9c45a821bbcc952c561319347a5914d36a90b156610d876cc1", "18e46929b95266e2424e801f840c2106271f3204d49223f4eb6f919c36a9d2e2", "27d1a2e1067de23f95866007a72a81fd1f1909984a844d2888f07f6ee59f68fb", "00ed7b067da4cd36d1a16fe2080c49da137783da6f238476f6f44b4ea6e54c26", "23f251b932767402189ca60b44b1c8d34aef8aa1d0590e2af7f93fecb047f585", "252573caa7e7a333679f6dfb97ae0afbad0db7125ddeb2c1c44a9d73b4a27e56", "1e80e90cefc5a4f72848d621e04c1ef7047e6390d658706d8ab00e31be0e614f", "2677d9e396125edbcf22045f43b2e74a6994ad409c590c6a878d09e69ca94330", "08ba9c3d0ef3d2013b17c5d44307541904a89deefac079c91f8e1cb420765c9c"], "mitre_attack_tags": ["TA0005", "T1562"]}, {"bi": "pe-filename-mismatch", "hashes": ["01beadb0bb93aef9b607707c60daaa37d3d8216ab2fe3ba8a9708631d62530b8", "14209ffd9ec31e18565cb9c075eb4f0a134449c5dbc72c36b4bdff3e5366da93", "0b3d264167717d6d77640e61ccec3769016d6eebb644f400ce7b2e3825c51860", "2f5afeff1dbae3219c061704da87caa52626d326027b983cbd2ecb9b38ac1b19", "1e29ca4150e7c9b737f01d3999f0200216687adfca45623bfc4335eb018a5495", "1f5509aa35700ee4a79285a4df39de8fc83f7b715a2bc4d612e23ed95b1e6c8a", "10e360fdf96f9e3cad105e1390b5505093f51fafde790b2cd4555ddd29752f2b", "042053d63245bf5d490650290dfc1829f0c9db8bce84dc3937a9e5b938fc159d", "2f357318c8ac8f9c4332eb9845f67a9f7710f21ee955588ff6a4e899f21343ac", "0d15707febee11db830ff11cb77281206406e1badded11774b67832e13d97659", "2f1d38626740802d837b03bde0148ee0de79705c9480482bddd3f24fc406fa2d", "2e414e9fc209d6f19eb28c390c45ef113c018b895c4b69852e7105df27f5bf7f", "2dc6f193a7c24b82ab2b0f7c82e5d66246789c67aae27e4ad194595bf82847a4", "265ccc248b75cc2dcbf19b078672dd08e9e1670373ff45b8d8027e3cd53b4790", "198cb4877d9f2de35fa7ea8d420e78f93080df3782cf0a2afe199dbc1f43f289", "236ec1d43899bd962f2426db70f67d4a12af659d88febcc5c4154ef68554276a", "05b86eeff64bfe8195093a96644f36678fd10097a447f1ef40e19535d5cf8b1f", "6b7df73d9357fa9c45a821bbcc952c561319347a5914d36a90b156610d876cc1", "18e46929b95266e2424e801f840c2106271f3204d49223f4eb6f919c36a9d2e2", "27d1a2e1067de23f95866007a72a81fd1f1909984a844d2888f07f6ee59f68fb", "23f251b932767402189ca60b44b1c8d34aef8aa1d0590e2af7f93fecb047f585", "252573caa7e7a333679f6dfb97ae0afbad0db7125ddeb2c1c44a9d73b4a27e56", "1e80e90cefc5a4f72848d621e04c1ef7047e6390d658706d8ab00e31be0e614f", "2677d9e396125edbcf22045f43b2e74a6994ad409c590c6a878d09e69ca94330"], "mitre_attack_tags": []}, {"bi": "antivirus-flagged-artifact-cta", "hashes": ["01beadb0bb93aef9b607707c60daaa37d3d8216ab2fe3ba8a9708631d62530b8", "14209ffd9ec31e18565cb9c075eb4f0a134449c5dbc72c36b4bdff3e5366da93", "0b3d264167717d6d77640e61ccec3769016d6eebb644f400ce7b2e3825c51860", "2f5afeff1dbae3219c061704da87caa52626d326027b983cbd2ecb9b38ac1b19", "1e29ca4150e7c9b737f01d3999f0200216687adfca45623bfc4335eb018a5495", "1f5509aa35700ee4a79285a4df39de8fc83f7b715a2bc4d612e23ed95b1e6c8a", "10e360fdf96f9e3cad105e1390b5505093f51fafde790b2cd4555ddd29752f2b", "042053d63245bf5d490650290dfc1829f0c9db8bce84dc3937a9e5b938fc159d", "2f357318c8ac8f9c4332eb9845f67a9f7710f21ee955588ff6a4e899f21343ac", "0d15707febee11db830ff11cb77281206406e1badded11774b67832e13d97659", "2f1d38626740802d837b03bde0148ee0de79705c9480482bddd3f24fc406fa2d", "2e414e9fc209d6f19eb28c390c45ef113c018b895c4b69852e7105df27f5bf7f", "2dc6f193a7c24b82ab2b0f7c82e5d66246789c67aae27e4ad194595bf82847a4", "265ccc248b75cc2dcbf19b078672dd08e9e1670373ff45b8d8027e3cd53b4790", "198cb4877d9f2de35fa7ea8d420e78f93080df3782cf0a2afe199dbc1f43f289", "236ec1d43899bd962f2426db70f67d4a12af659d88febcc5c4154ef68554276a", "05b86eeff64bfe8195093a96644f36678fd10097a447f1ef40e19535d5cf8b1f", "6b7df73d9357fa9c45a821bbcc952c561319347a5914d36a90b156610d876cc1", "18e46929b95266e2424e801f840c2106271f3204d49223f4eb6f919c36a9d2e2", "27d1a2e1067de23f95866007a72a81fd1f1909984a844d2888f07f6ee59f68fb", "23f251b932767402189ca60b44b1c8d34aef8aa1d0590e2af7f93fecb047f585", "252573caa7e7a333679f6dfb97ae0afbad0db7125ddeb2c1c44a9d73b4a27e56", "1e80e90cefc5a4f72848d621e04c1ef7047e6390d658706d8ab00e31be0e614f", "2677d9e396125edbcf22045f43b2e74a6994ad409c590c6a878d09e69ca94330"], "mitre_attack_tags": []}, {"bi": "pe-imports-virtual-disk-api-dll", "hashes": ["01beadb0bb93aef9b607707c60daaa37d3d8216ab2fe3ba8a9708631d62530b8", "14209ffd9ec31e18565cb9c075eb4f0a134449c5dbc72c36b4bdff3e5366da93", "0b3d264167717d6d77640e61ccec3769016d6eebb644f400ce7b2e3825c51860", "2f5afeff1dbae3219c061704da87caa52626d326027b983cbd2ecb9b38ac1b19", "1e29ca4150e7c9b737f01d3999f0200216687adfca45623bfc4335eb018a5495", "1f5509aa35700ee4a79285a4df39de8fc83f7b715a2bc4d612e23ed95b1e6c8a", "10e360fdf96f9e3cad105e1390b5505093f51fafde790b2cd4555ddd29752f2b", "042053d63245bf5d490650290dfc1829f0c9db8bce84dc3937a9e5b938fc159d", "2f357318c8ac8f9c4332eb9845f67a9f7710f21ee955588ff6a4e899f21343ac", "0d15707febee11db830ff11cb77281206406e1badded11774b67832e13d97659", "2f1d38626740802d837b03bde0148ee0de79705c9480482bddd3f24fc406fa2d", "2e414e9fc209d6f19eb28c390c45ef113c018b895c4b69852e7105df27f5bf7f", "2dc6f193a7c24b82ab2b0f7c82e5d66246789c67aae27e4ad194595bf82847a4", "265ccc248b75cc2dcbf19b078672dd08e9e1670373ff45b8d8027e3cd53b4790", "198cb4877d9f2de35fa7ea8d420e78f93080df3782cf0a2afe199dbc1f43f289", "236ec1d43899bd962f2426db70f67d4a12af659d88febcc5c4154ef68554276a", "05b86eeff64bfe8195093a96644f36678fd10097a447f1ef40e19535d5cf8b1f", "6b7df73d9357fa9c45a821bbcc952c561319347a5914d36a90b156610d876cc1", "18e46929b95266e2424e801f840c2106271f3204d49223f4eb6f919c36a9d2e2", "27d1a2e1067de23f95866007a72a81fd1f1909984a844d2888f07f6ee59f68fb", "23f251b932767402189ca60b44b1c8d34aef8aa1d0590e2af7f93fecb047f585", "252573caa7e7a333679f6dfb97ae0afbad0db7125ddeb2c1c44a9d73b4a27e56", "1e80e90cefc5a4f72848d621e04c1ef7047e6390d658706d8ab00e31be0e614f", "2677d9e396125edbcf22045f43b2e74a6994ad409c590c6a878d09e69ca94330"], "mitre_attack_tags": ["TA0005", "TA0007", "T1497"]}, {"bi": "artifact-flagged-antianalysis", "hashes": ["01beadb0bb93aef9b607707c60daaa37d3d8216ab2fe3ba8a9708631d62530b8", "14209ffd9ec31e18565cb9c075eb4f0a134449c5dbc72c36b4bdff3e5366da93", "0b3d264167717d6d77640e61ccec3769016d6eebb644f400ce7b2e3825c51860", "2f5afeff1dbae3219c061704da87caa52626d326027b983cbd2ecb9b38ac1b19", "1e29ca4150e7c9b737f01d3999f0200216687adfca45623bfc4335eb018a5495", "1f5509aa35700ee4a79285a4df39de8fc83f7b715a2bc4d612e23ed95b1e6c8a", "10e360fdf96f9e3cad105e1390b5505093f51fafde790b2cd4555ddd29752f2b", "042053d63245bf5d490650290dfc1829f0c9db8bce84dc3937a9e5b938fc159d", "2f357318c8ac8f9c4332eb9845f67a9f7710f21ee955588ff6a4e899f21343ac", "0d15707febee11db830ff11cb77281206406e1badded11774b67832e13d97659", "2f1d38626740802d837b03bde0148ee0de79705c9480482bddd3f24fc406fa2d", "2dc6f193a7c24b82ab2b0f7c82e5d66246789c67aae27e4ad194595bf82847a4", "236ec1d43899bd962f2426db70f67d4a12af659d88febcc5c4154ef68554276a", "05b86eeff64bfe8195093a96644f36678fd10097a447f1ef40e19535d5cf8b1f", "6b7df73d9357fa9c45a821bbcc952c561319347a5914d36a90b156610d876cc1", "18e46929b95266e2424e801f840c2106271f3204d49223f4eb6f919c36a9d2e2", "27d1a2e1067de23f95866007a72a81fd1f1909984a844d2888f07f6ee59f68fb", "23f251b932767402189ca60b44b1c8d34aef8aa1d0590e2af7f93fecb047f585", "252573caa7e7a333679f6dfb97ae0afbad0db7125ddeb2c1c44a9d73b4a27e56", "1e80e90cefc5a4f72848d621e04c1ef7047e6390d658706d8ab00e31be0e614f", "2677d9e396125edbcf22045f43b2e74a6994ad409c590c6a878d09e69ca94330"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "malware-trojan-xpiro-compound", "hashes": ["01beadb0bb93aef9b607707c60daaa37d3d8216ab2fe3ba8a9708631d62530b8", "14209ffd9ec31e18565cb9c075eb4f0a134449c5dbc72c36b4bdff3e5366da93", "0b3d264167717d6d77640e61ccec3769016d6eebb644f400ce7b2e3825c51860", "2f5afeff1dbae3219c061704da87caa52626d326027b983cbd2ecb9b38ac1b19", "1e29ca4150e7c9b737f01d3999f0200216687adfca45623bfc4335eb018a5495", "1f5509aa35700ee4a79285a4df39de8fc83f7b715a2bc4d612e23ed95b1e6c8a", "10e360fdf96f9e3cad105e1390b5505093f51fafde790b2cd4555ddd29752f2b", "042053d63245bf5d490650290dfc1829f0c9db8bce84dc3937a9e5b938fc159d", "2f357318c8ac8f9c4332eb9845f67a9f7710f21ee955588ff6a4e899f21343ac", "0d15707febee11db830ff11cb77281206406e1badded11774b67832e13d97659", "2f1d38626740802d837b03bde0148ee0de79705c9480482bddd3f24fc406fa2d", "2dc6f193a7c24b82ab2b0f7c82e5d66246789c67aae27e4ad194595bf82847a4", "236ec1d43899bd962f2426db70f67d4a12af659d88febcc5c4154ef68554276a", "05b86eeff64bfe8195093a96644f36678fd10097a447f1ef40e19535d5cf8b1f", "6b7df73d9357fa9c45a821bbcc952c561319347a5914d36a90b156610d876cc1", "18e46929b95266e2424e801f840c2106271f3204d49223f4eb6f919c36a9d2e2", "27d1a2e1067de23f95866007a72a81fd1f1909984a844d2888f07f6ee59f68fb", "23f251b932767402189ca60b44b1c8d34aef8aa1d0590e2af7f93fecb047f585", "252573caa7e7a333679f6dfb97ae0afbad0db7125ddeb2c1c44a9d73b4a27e56", "1e80e90cefc5a4f72848d621e04c1ef7047e6390d658706d8ab00e31be0e614f", "2677d9e396125edbcf22045f43b2e74a6994ad409c590c6a878d09e69ca94330"], "mitre_attack_tags": []}, {"bi": "artifact-flagged-vm", "hashes": ["042053d63245bf5d490650290dfc1829f0c9db8bce84dc3937a9e5b938fc159d", "2f1d38626740802d837b03bde0148ee0de79705c9480482bddd3f24fc406fa2d", "198cb4877d9f2de35fa7ea8d420e78f93080df3782cf0a2afe199dbc1f43f289"], "mitre_attack_tags": ["TA0005", "TA0007", "T1497"]}, {"bi": "malware-known-trojan-av", "hashes": ["2f5afeff1dbae3219c061704da87caa52626d326027b983cbd2ecb9b38ac1b19", "2677d9e396125edbcf22045f43b2e74a6994ad409c590c6a878d09e69ca94330"], "mitre_attack_tags": []}, {"bi": "artifact-flagged-obfuscation", "hashes": ["00ed7b067da4cd36d1a16fe2080c49da137783da6f238476f6f44b4ea6e54c26", "08ba9c3d0ef3d2013b17c5d44307541904a89deefac079c91f8e1cb420765c9c"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "js-uses-fromcharcode", "hashes": ["00ed7b067da4cd36d1a16fe2080c49da137783da6f238476f6f44b4ea6e54c26", "08ba9c3d0ef3d2013b17c5d44307541904a89deefac079c91f8e1cb420765c9c"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "js-uses-eval", "hashes": ["00ed7b067da4cd36d1a16fe2080c49da137783da6f238476f6f44b4ea6e54c26", "08ba9c3d0ef3d2013b17c5d44307541904a89deefac079c91f8e1cb420765c9c"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "js-contains-massive-strings", "hashes": ["00ed7b067da4cd36d1a16fe2080c49da137783da6f238476f6f44b4ea6e54c26", "08ba9c3d0ef3d2013b17c5d44307541904a89deefac079c91f8e1cb420765c9c"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "browser-firefox-extension", "hashes": ["00ed7b067da4cd36d1a16fe2080c49da137783da6f238476f6f44b4ea6e54c26", "08ba9c3d0ef3d2013b17c5d44307541904a89deefac079c91f8e1cb420765c9c"], "mitre_attack_tags": ["TA0003", "T1176"]}, {"bi": "js-tostring-method-detected", "hashes": ["00ed7b067da4cd36d1a16fe2080c49da137783da6f238476f6f44b4ea6e54c26", "08ba9c3d0ef3d2013b17c5d44307541904a89deefac079c91f8e1cb420765c9c"], "mitre_attack_tags": []}, {"bi": "excessive-logical-drive-enumeration", "hashes": ["252573caa7e7a333679f6dfb97ae0afbad0db7125ddeb2c1c44a9d73b4a27e56"], "mitre_attack_tags": ["TA0007", "TA0009", "T1120", "T1025"]}], "category": "Virus", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": false, "Threat Grid": true, "Umbrella": false, "WSA": false}, "description": "Expiro is a known file infector and information-stealer that hinders analysis with anti-debugging and anti-analysis tricks.", "hashes": ["00ed7b067da4cd36d1a16fe2080c49da137783da6f238476f6f44b4ea6e54c26", "01beadb0bb93aef9b607707c60daaa37d3d8216ab2fe3ba8a9708631d62530b8", "042053d63245bf5d490650290dfc1829f0c9db8bce84dc3937a9e5b938fc159d", "05b86eeff64bfe8195093a96644f36678fd10097a447f1ef40e19535d5cf8b1f", "08ba9c3d0ef3d2013b17c5d44307541904a89deefac079c91f8e1cb420765c9c", "0b3d264167717d6d77640e61ccec3769016d6eebb644f400ce7b2e3825c51860", "0d15707febee11db830ff11cb77281206406e1badded11774b67832e13d97659", "10e360fdf96f9e3cad105e1390b5505093f51fafde790b2cd4555ddd29752f2b", "14209ffd9ec31e18565cb9c075eb4f0a134449c5dbc72c36b4bdff3e5366da93", "18e46929b95266e2424e801f840c2106271f3204d49223f4eb6f919c36a9d2e2", "198cb4877d9f2de35fa7ea8d420e78f93080df3782cf0a2afe199dbc1f43f289", "1e29ca4150e7c9b737f01d3999f0200216687adfca45623bfc4335eb018a5495", "1e80e90cefc5a4f72848d621e04c1ef7047e6390d658706d8ab00e31be0e614f", "1f5509aa35700ee4a79285a4df39de8fc83f7b715a2bc4d612e23ed95b1e6c8a", "236ec1d43899bd962f2426db70f67d4a12af659d88febcc5c4154ef68554276a", "23f251b932767402189ca60b44b1c8d34aef8aa1d0590e2af7f93fecb047f585", "252573caa7e7a333679f6dfb97ae0afbad0db7125ddeb2c1c44a9d73b4a27e56", "265ccc248b75cc2dcbf19b078672dd08e9e1670373ff45b8d8027e3cd53b4790", "2677d9e396125edbcf22045f43b2e74a6994ad409c590c6a878d09e69ca94330", "27d1a2e1067de23f95866007a72a81fd1f1909984a844d2888f07f6ee59f68fb", "2dc6f193a7c24b82ab2b0f7c82e5d66246789c67aae27e4ad194595bf82847a4", "2e414e9fc209d6f19eb28c390c45ef113c018b895c4b69852e7105df27f5bf7f", "2f1d38626740802d837b03bde0148ee0de79705c9480482bddd3f24fc406fa2d", "2f357318c8ac8f9c4332eb9845f67a9f7710f21ee955588ff6a4e899f21343ac", "2f5afeff1dbae3219c061704da87caa52626d326027b983cbd2ecb9b38ac1b19", "3138ea9a6f4dd0b0ef40d18f8767fff51e6cdae9688e82a1301363c2febad02e", "31da071177a72a9ccdf07f1e78732d63742e6b844e9b62980a091e01c11bb776", "3200e23c51aab17a7207c91d702cf226d962da9cd291ce2d6f3a782b92aff306", "34a9f9101e65d53a4c64577e9dd498307a64c98540d289157732b9b920c12367", "3657324b45fec5bd7fdb2243764e10ead63e962f05a3f486a79315606236fb19", "38d1729929285c3d0fbf2a6795c2b2336370871b4e2944688e5e60d9a459386f", "38e3d6127997c1b4ff125ff774ec9fd9712a093052d8751014cb843b594afd5b", "394098b6cfc7307761f54ffeb799a59fe402dff1b74066321fb873b780604ec7", "3b16aa6ca6670b113317c7087df8ada74dcfc5a73dac2a0016a5470aeed54656", "406e0576d57b2051ee789ae2164467867e5ffbb40e5cd8cd7ff422aa970ce1cd", "44b0152a859d2aa8355f48f5b9bcc52c1e95fe31d22f78d2a1dcff27964562fa", "451713741aeb5e2448e7b8f43d17fb3d40476c8d02c62f2255b7c13171f762df", "454d45834f63c7af0f28982e8a67eb6e35419e8b4c384097d36b91c20bb0717c", "461ac89f9d95153923904e8ea217e88ad360de3e48e928dfc072bb1e463b0c99", "4633c5a70b6e888fe8d307f4d8dabef2cfa6a45e8cbc88c8a702bf908b8c590f", "49890ae3cec09fba87f989bd21ebba05e7c1682fa5e6a17d417c3670241f88d1", "49f7ac752c2af0d8b17d96d106e0f06a0c963b18b3cda0b8ede5967c373c25a9", "4a305f8489ec6e6fdff2dc39b0c36c70b057c9d06a2ea6e6cc9f2f55580508c4", "4adfd374596ea1938d06bd7488f6e8c27c18b8a0818fa4cab10e8cab92bbe3f1", "4c3a7d7311c60e531a3ac95a20b8af2116bd0828a8c0eca99f83965d20badf05", "4e1880dbfd6a5f91eec9f2e88f567d0c2b8700b6cda4b516cded10bc635a1dba", "4fe95e3d28f7c2218171d31500d4a34a4f596032a3550f3621a16d957fe12856", "509de1eb15676d64f6841914c4233343b0a546c98f6e3998958aed9a0397cf5d", "55cb9dc54279d7bcbdec31da6e6af19372f59b21919c2f3aa1e00c28d5d6c109", "563b29a84f595a0f91ea9b1cbe7ba7b374dd109e713c7519f00a7d889b35606c", "583d472d5beac7a2091bb17d0f1bc7cda5b828cc7e0f2cfd6c39f31edfa8ca44", "593c6f33f100096718367a59628622257cfd93972f450af5858eba3d25301e80", "5fa01a914be577856ec97576c583045d478c9ee3fcd1d55843e4223242fcbc3b", "60eceb83fc85440496d31e9770dda04f887e8d1b34374ee40bbc7ea061adf551", "650f3496bf78508c7369d434ea17f0a025ebc135b428907903a07c993e4f08fe", "653cfaae6ce98eec262d48fd7859b71094c959fc71353b6a45004a80ec893418", "6aeecd93aabbaa0e91d09771e4c1d8071a63b35f734de176c0ceb465d0b58a95", "6b7df73d9357fa9c45a821bbcc952c561319347a5914d36a90b156610d876cc1", "6f84448a4eba4cbb69fa0ff0c73c6db30113b1429dfc02edbf70652af2fadbad", "7628c42b0556650d5177ce045eceb011e2e42a104e0fbbc7797b794a0d08b910", "781d023050105390948c90dabf179669bdf957e8d99cdd7bd9511f327200cd9a", "79f01179ce73283c502d5f694a1e400fb0876cbf98b9ec6e9afb637423f47df3", "7b11b15bf2830cf1ea948badcb6a9a47f0ddd1560845a13ec96c3b9b372f24d1", "7b34c93ed629b682ba0d504cd739d701fb61070ba34edd5526cf095384b9836d", "7b6d47008805a23741aa52dedcea279c6c820f8e8a64603c22214f212a92bfc8", "7c93abdfb14a4456a99323b2f1bd45dbf6d184a4065d3951384e1a7bf6f3de5c", "7cf5b42764c651f6ebfdd125e9c25e7033b2a8346e9192f505fcf0f7cb91a7cb", "7ed5b7b83fc057df6344c75830c3e04d2dba9e002a94f59cb3a254df3d49deb3", "84d11dbc7f386cdc1ab10c0f063f5fba36a8c02ec5ce2ac44a2ab9d1210ea793", "87e96a47279a67b3b8bfac992fc1bdcde25040856e48cac54d78ec4c8172bbfe", "886131d440de6abc324ebc4679307bb0815422172bf2f6c5ae159aa2b166027b", "88aeff002919da44fffc0a1ff19f42efbddfb54b2f6e579b535671796f5f533e", "8b40fe223fe9ee4ecc76bbd28bdf89f7dbc601623fe9f18139af1560e8023235", "8b81c7051a5bad094a8f5b2c7ffc336d0801deda605661e77e28e8890a592967", "8cb47b583dfec2862d5bc20617c53f1ddd63957f99173627f2a760e19614c8ff", "8e6c2e6a10e83e9cca53cf693b7aad4f6006b0f5c2cd982fced741d5af30839e", "90b31324b358e472088e69e064206d6d676df6469076756b813aa64b8199842a", "92fd86b52bb8a971afe90f68556e4160b949858249b1b3c6e5bcf4996eba7867", "94e0357fc4693a9d925888b0fa4045cf0d19a90f052349dc406b629a67166e72", "96034aab3f69a9f611860928b1af16a9e7867307c455375fa13c21e37659c86d", "964f3895baca7b154be6585c83e034895dd9681f628f7a77d7ca44028da1e4f9", "9a4cff8fc4dadf6a2ec43ee5b706b927378c0e2f12bdf3bbbdefdb2910b55eda", "9cec81ac335aa9a633374e7c2170108005ccc97e295a4e43e8fc6438f03d4a30", "9f5581e0d249f09e1d2aa9d151c0d9f13d8eb1b5571e61b64026cb0a69ca0cf9", "a017ed0cac462228a266b2baf1fb00f1dfd8108dd7cc3ff155d0cc2801c9f3c8", "a55cd777b93a654ee60d0160ff887520ca5140b4216248b271fdf43d714e2abd", "a6a6dee3d9ed43f8c0e2159f8605fd215d842dd5429ba21b0856c11df0556218", "a704eef003219f6327eee7a0d5948ef19184299cc7ada7c7078bd020c7cbbd4d", "a98f5420ca31c0233b67ae9f9946573aafa2c16e1471e8bc848cc2bcac8f6981", "ad8851c0e37c01b3c03d7b33d16fbba4aae5896e205ee28a345883f36fd92d99", "aeb590e75e6319b84054f1af8158fcb03381d91e2399a853d65b58bd62e9ebf8", "afe17b97e0a3b6450ae6f7f7a94b789557cbb35420625e58ed8be7749fd7d12c", "b4a02e244fdfc5a4a9ad38ea0eda2212381ac0c717eb04ed36b5ba02b901a5f4", "b5cedeb4a8e9baed9fde6337486f23e1e748342c7e8236803abe1a7f4bb1f74f", "b85572ed5b08241db2f98dd30e58d10833051ca081eda0f822d41254468ee69c", "bbd0781341d52ea13cb3bf59a5533ace8b6f0ac49716d8421fbfd1b92eb3585d", "bd0191c3ba8636f437f31b413a856fa479ee31164d862dce011b35548ac00e7b", "bf73cd77fe6400c638cf3918cec682383c8e61ab35a9210a6b404ec47efc5629", "bf8877c90009629104a9a66e6e6247f9574482a6ee7f5db6c6302bdbfa3d07c3", "c36726034fa6ee7b75076255a2b7081134c95aa958b8871dbeafafa7ed6c2479", "c5ff137eab9beb8dd6af79d66e90739306e75c6428414974e1c66e80771976ba", "c622489715bd472fb9318c0c37545c85f77fe484277bfdcc52e11ddb7c00fad5", "c62c5ed2ad0fea7ecf7258b8e62d3654a5e0df3e8a8a0600a54fc6598d63f376", "c80f68ce5c88956a10c22a136f4258caeab738810d10ddc6c87479f9f7cdca23", "c92eda52acc14701e28a2565b5aef4fcb556aedf5faa113e498f4a36eb24bdf7", "cd15c50bd99467974239e99153324f84d1527de7dcb242c5c4d0c175926a2e9b", "dc19acde68acb0581e375cb07e679e5b60f3d4beab3d776902f2a770eda41c81", "e1b930a7dfa479205ac6118978125c255252ad7e017a6a1f9305cd0633fb03e6", "e27dc378b9ad90f7949d9b37324ede109de6e8136efacd0f0f0ba3d0d3b8f009", "e4950515a2dcf7b85dcdeb5f134fe95365c4fe533dff6262ab297fc1924411ad", "e50581cfdd2751c828546710e7eda3df2f525df9f3271faffbbdbc8a8f5ae2dc", "e71c7fe429b4338e1dec5f987793be1f4fca174e777fb42f3ea910852acff35e", "eb2b60394da9bf5bc44b27868ff7c355a5f000b8f8c441d43363128049657720", "f2e6de13577e4b7d5a8fe2af25522ba8be53e3986962aad1b7f81f6fa0380e26", "f5b56e3d2e9d3f62771494a9f9cfe87fb5d0a1998f6620ce981eac766aff942c", "f7300a3f5b3842209e8ee263f866c2f5b3e63b37bd9e5bc40de623b560d3a806", "f80f94e64316df73e121c4bdfc766f28affb73ebb60864753e8c1c9bbdd707bc", "f836540151deaab2c9bfe67f503c5203b9c816b23e6ae80e6741e8c9c26615cc", "fbb0c5c5f6c8536d9b91373441b66f7d3039eb94af084cd5972b17e34a0cc0b0"], "iocs": {"domain": [], "file": [{"hashes": ["00ed7b067da4cd36d1a16fe2080c49da137783da6f238476f6f44b4ea6e54c26", "01beadb0bb93aef9b607707c60daaa37d3d8216ab2fe3ba8a9708631d62530b8", "042053d63245bf5d490650290dfc1829f0c9db8bce84dc3937a9e5b938fc159d", "05b86eeff64bfe8195093a96644f36678fd10097a447f1ef40e19535d5cf8b1f", "08ba9c3d0ef3d2013b17c5d44307541904a89deefac079c91f8e1cb420765c9c", "0b3d264167717d6d77640e61ccec3769016d6eebb644f400ce7b2e3825c51860", "0d15707febee11db830ff11cb77281206406e1badded11774b67832e13d97659", "10e360fdf96f9e3cad105e1390b5505093f51fafde790b2cd4555ddd29752f2b", "14209ffd9ec31e18565cb9c075eb4f0a134449c5dbc72c36b4bdff3e5366da93", "18e46929b95266e2424e801f840c2106271f3204d49223f4eb6f919c36a9d2e2", "198cb4877d9f2de35fa7ea8d420e78f93080df3782cf0a2afe199dbc1f43f289", "1e29ca4150e7c9b737f01d3999f0200216687adfca45623bfc4335eb018a5495", "1e80e90cefc5a4f72848d621e04c1ef7047e6390d658706d8ab00e31be0e614f", "1f5509aa35700ee4a79285a4df39de8fc83f7b715a2bc4d612e23ed95b1e6c8a", "236ec1d43899bd962f2426db70f67d4a12af659d88febcc5c4154ef68554276a", "23f251b932767402189ca60b44b1c8d34aef8aa1d0590e2af7f93fecb047f585", "252573caa7e7a333679f6dfb97ae0afbad0db7125ddeb2c1c44a9d73b4a27e56", "265ccc248b75cc2dcbf19b078672dd08e9e1670373ff45b8d8027e3cd53b4790", "2677d9e396125edbcf22045f43b2e74a6994ad409c590c6a878d09e69ca94330", "27d1a2e1067de23f95866007a72a81fd1f1909984a844d2888f07f6ee59f68fb", "2dc6f193a7c24b82ab2b0f7c82e5d66246789c67aae27e4ad194595bf82847a4", "2e414e9fc209d6f19eb28c390c45ef113c018b895c4b69852e7105df27f5bf7f", "2f1d38626740802d837b03bde0148ee0de79705c9480482bddd3f24fc406fa2d", "2f357318c8ac8f9c4332eb9845f67a9f7710f21ee955588ff6a4e899f21343ac", "2f5afeff1dbae3219c061704da87caa52626d326027b983cbd2ecb9b38ac1b19", "6b7df73d9357fa9c45a821bbcc952c561319347a5914d36a90b156610d876cc1"], "path": "%CommonProgramFiles(x86)%\\microsoft shared\\Source Engine\\OSE.EXE"}, {"hashes": ["00ed7b067da4cd36d1a16fe2080c49da137783da6f238476f6f44b4ea6e54c26", "01beadb0bb93aef9b607707c60daaa37d3d8216ab2fe3ba8a9708631d62530b8", "042053d63245bf5d490650290dfc1829f0c9db8bce84dc3937a9e5b938fc159d", "05b86eeff64bfe8195093a96644f36678fd10097a447f1ef40e19535d5cf8b1f", "08ba9c3d0ef3d2013b17c5d44307541904a89deefac079c91f8e1cb420765c9c", "0b3d264167717d6d77640e61ccec3769016d6eebb644f400ce7b2e3825c51860", "0d15707febee11db830ff11cb77281206406e1badded11774b67832e13d97659", "10e360fdf96f9e3cad105e1390b5505093f51fafde790b2cd4555ddd29752f2b", "14209ffd9ec31e18565cb9c075eb4f0a134449c5dbc72c36b4bdff3e5366da93", "18e46929b95266e2424e801f840c2106271f3204d49223f4eb6f919c36a9d2e2", "198cb4877d9f2de35fa7ea8d420e78f93080df3782cf0a2afe199dbc1f43f289", "1e29ca4150e7c9b737f01d3999f0200216687adfca45623bfc4335eb018a5495", "1e80e90cefc5a4f72848d621e04c1ef7047e6390d658706d8ab00e31be0e614f", "1f5509aa35700ee4a79285a4df39de8fc83f7b715a2bc4d612e23ed95b1e6c8a", "236ec1d43899bd962f2426db70f67d4a12af659d88febcc5c4154ef68554276a", "23f251b932767402189ca60b44b1c8d34aef8aa1d0590e2af7f93fecb047f585", "252573caa7e7a333679f6dfb97ae0afbad0db7125ddeb2c1c44a9d73b4a27e56", "265ccc248b75cc2dcbf19b078672dd08e9e1670373ff45b8d8027e3cd53b4790", "2677d9e396125edbcf22045f43b2e74a6994ad409c590c6a878d09e69ca94330", "27d1a2e1067de23f95866007a72a81fd1f1909984a844d2888f07f6ee59f68fb", "2dc6f193a7c24b82ab2b0f7c82e5d66246789c67aae27e4ad194595bf82847a4", "2e414e9fc209d6f19eb28c390c45ef113c018b895c4b69852e7105df27f5bf7f", "2f1d38626740802d837b03bde0148ee0de79705c9480482bddd3f24fc406fa2d", "2f357318c8ac8f9c4332eb9845f67a9f7710f21ee955588ff6a4e899f21343ac", "2f5afeff1dbae3219c061704da87caa52626d326027b983cbd2ecb9b38ac1b19", "6b7df73d9357fa9c45a821bbcc952c561319347a5914d36a90b156610d876cc1"], "path": "%ProgramFiles(x86)%\\Microsoft Office\\Office14\\GROOVE.EXE"}, {"hashes": ["00ed7b067da4cd36d1a16fe2080c49da137783da6f238476f6f44b4ea6e54c26", "01beadb0bb93aef9b607707c60daaa37d3d8216ab2fe3ba8a9708631d62530b8", "042053d63245bf5d490650290dfc1829f0c9db8bce84dc3937a9e5b938fc159d", "05b86eeff64bfe8195093a96644f36678fd10097a447f1ef40e19535d5cf8b1f", "08ba9c3d0ef3d2013b17c5d44307541904a89deefac079c91f8e1cb420765c9c", "0b3d264167717d6d77640e61ccec3769016d6eebb644f400ce7b2e3825c51860", "0d15707febee11db830ff11cb77281206406e1badded11774b67832e13d97659", "10e360fdf96f9e3cad105e1390b5505093f51fafde790b2cd4555ddd29752f2b", "14209ffd9ec31e18565cb9c075eb4f0a134449c5dbc72c36b4bdff3e5366da93", "18e46929b95266e2424e801f840c2106271f3204d49223f4eb6f919c36a9d2e2", "198cb4877d9f2de35fa7ea8d420e78f93080df3782cf0a2afe199dbc1f43f289", "1e29ca4150e7c9b737f01d3999f0200216687adfca45623bfc4335eb018a5495", "1e80e90cefc5a4f72848d621e04c1ef7047e6390d658706d8ab00e31be0e614f", "1f5509aa35700ee4a79285a4df39de8fc83f7b715a2bc4d612e23ed95b1e6c8a", "236ec1d43899bd962f2426db70f67d4a12af659d88febcc5c4154ef68554276a", "23f251b932767402189ca60b44b1c8d34aef8aa1d0590e2af7f93fecb047f585", "252573caa7e7a333679f6dfb97ae0afbad0db7125ddeb2c1c44a9d73b4a27e56", "265ccc248b75cc2dcbf19b078672dd08e9e1670373ff45b8d8027e3cd53b4790", "2677d9e396125edbcf22045f43b2e74a6994ad409c590c6a878d09e69ca94330", "27d1a2e1067de23f95866007a72a81fd1f1909984a844d2888f07f6ee59f68fb", "2dc6f193a7c24b82ab2b0f7c82e5d66246789c67aae27e4ad194595bf82847a4", "2e414e9fc209d6f19eb28c390c45ef113c018b895c4b69852e7105df27f5bf7f", "2f1d38626740802d837b03bde0148ee0de79705c9480482bddd3f24fc406fa2d", "2f357318c8ac8f9c4332eb9845f67a9f7710f21ee955588ff6a4e899f21343ac", "2f5afeff1dbae3219c061704da87caa52626d326027b983cbd2ecb9b38ac1b19", "6b7df73d9357fa9c45a821bbcc952c561319347a5914d36a90b156610d876cc1"], "path": "%ProgramFiles(x86)%\\Mozilla Maintenance Service\\maintenanceservice.exe"}, {"hashes": ["00ed7b067da4cd36d1a16fe2080c49da137783da6f238476f6f44b4ea6e54c26", "01beadb0bb93aef9b607707c60daaa37d3d8216ab2fe3ba8a9708631d62530b8", "042053d63245bf5d490650290dfc1829f0c9db8bce84dc3937a9e5b938fc159d", "05b86eeff64bfe8195093a96644f36678fd10097a447f1ef40e19535d5cf8b1f", "08ba9c3d0ef3d2013b17c5d44307541904a89deefac079c91f8e1cb420765c9c", "0b3d264167717d6d77640e61ccec3769016d6eebb644f400ce7b2e3825c51860", "0d15707febee11db830ff11cb77281206406e1badded11774b67832e13d97659", "10e360fdf96f9e3cad105e1390b5505093f51fafde790b2cd4555ddd29752f2b", "14209ffd9ec31e18565cb9c075eb4f0a134449c5dbc72c36b4bdff3e5366da93", "18e46929b95266e2424e801f840c2106271f3204d49223f4eb6f919c36a9d2e2", "198cb4877d9f2de35fa7ea8d420e78f93080df3782cf0a2afe199dbc1f43f289", "1e29ca4150e7c9b737f01d3999f0200216687adfca45623bfc4335eb018a5495", "1e80e90cefc5a4f72848d621e04c1ef7047e6390d658706d8ab00e31be0e614f", "1f5509aa35700ee4a79285a4df39de8fc83f7b715a2bc4d612e23ed95b1e6c8a", "236ec1d43899bd962f2426db70f67d4a12af659d88febcc5c4154ef68554276a", "23f251b932767402189ca60b44b1c8d34aef8aa1d0590e2af7f93fecb047f585", "252573caa7e7a333679f6dfb97ae0afbad0db7125ddeb2c1c44a9d73b4a27e56", "265ccc248b75cc2dcbf19b078672dd08e9e1670373ff45b8d8027e3cd53b4790", "2677d9e396125edbcf22045f43b2e74a6994ad409c590c6a878d09e69ca94330", "27d1a2e1067de23f95866007a72a81fd1f1909984a844d2888f07f6ee59f68fb", "2dc6f193a7c24b82ab2b0f7c82e5d66246789c67aae27e4ad194595bf82847a4", "2e414e9fc209d6f19eb28c390c45ef113c018b895c4b69852e7105df27f5bf7f", "2f1d38626740802d837b03bde0148ee0de79705c9480482bddd3f24fc406fa2d", "2f357318c8ac8f9c4332eb9845f67a9f7710f21ee955588ff6a4e899f21343ac", "2f5afeff1dbae3219c061704da87caa52626d326027b983cbd2ecb9b38ac1b19", "6b7df73d9357fa9c45a821bbcc952c561319347a5914d36a90b156610d876cc1"], "path": "%SystemRoot%\\Microsoft.NET\\Framework\\v2.0.50727\\mscorsvw.exe"}, {"hashes": ["00ed7b067da4cd36d1a16fe2080c49da137783da6f238476f6f44b4ea6e54c26", "01beadb0bb93aef9b607707c60daaa37d3d8216ab2fe3ba8a9708631d62530b8", "042053d63245bf5d490650290dfc1829f0c9db8bce84dc3937a9e5b938fc159d", "05b86eeff64bfe8195093a96644f36678fd10097a447f1ef40e19535d5cf8b1f", "08ba9c3d0ef3d2013b17c5d44307541904a89deefac079c91f8e1cb420765c9c", "0b3d264167717d6d77640e61ccec3769016d6eebb644f400ce7b2e3825c51860", "0d15707febee11db830ff11cb77281206406e1badded11774b67832e13d97659", "10e360fdf96f9e3cad105e1390b5505093f51fafde790b2cd4555ddd29752f2b", "14209ffd9ec31e18565cb9c075eb4f0a134449c5dbc72c36b4bdff3e5366da93", "18e46929b95266e2424e801f840c2106271f3204d49223f4eb6f919c36a9d2e2", "198cb4877d9f2de35fa7ea8d420e78f93080df3782cf0a2afe199dbc1f43f289", "1e29ca4150e7c9b737f01d3999f0200216687adfca45623bfc4335eb018a5495", "1e80e90cefc5a4f72848d621e04c1ef7047e6390d658706d8ab00e31be0e614f", "1f5509aa35700ee4a79285a4df39de8fc83f7b715a2bc4d612e23ed95b1e6c8a", "236ec1d43899bd962f2426db70f67d4a12af659d88febcc5c4154ef68554276a", "23f251b932767402189ca60b44b1c8d34aef8aa1d0590e2af7f93fecb047f585", "252573caa7e7a333679f6dfb97ae0afbad0db7125ddeb2c1c44a9d73b4a27e56", "265ccc248b75cc2dcbf19b078672dd08e9e1670373ff45b8d8027e3cd53b4790", "2677d9e396125edbcf22045f43b2e74a6994ad409c590c6a878d09e69ca94330", "27d1a2e1067de23f95866007a72a81fd1f1909984a844d2888f07f6ee59f68fb", "2dc6f193a7c24b82ab2b0f7c82e5d66246789c67aae27e4ad194595bf82847a4", "2e414e9fc209d6f19eb28c390c45ef113c018b895c4b69852e7105df27f5bf7f", "2f1d38626740802d837b03bde0148ee0de79705c9480482bddd3f24fc406fa2d", "2f357318c8ac8f9c4332eb9845f67a9f7710f21ee955588ff6a4e899f21343ac", "2f5afeff1dbae3219c061704da87caa52626d326027b983cbd2ecb9b38ac1b19", "6b7df73d9357fa9c45a821bbcc952c561319347a5914d36a90b156610d876cc1"], "path": "%SystemRoot%\\Microsoft.NET\\Framework\\v4.0.30319\\mscorsvw.exe"}, {"hashes": ["00ed7b067da4cd36d1a16fe2080c49da137783da6f238476f6f44b4ea6e54c26", "01beadb0bb93aef9b607707c60daaa37d3d8216ab2fe3ba8a9708631d62530b8", "042053d63245bf5d490650290dfc1829f0c9db8bce84dc3937a9e5b938fc159d", "05b86eeff64bfe8195093a96644f36678fd10097a447f1ef40e19535d5cf8b1f", "08ba9c3d0ef3d2013b17c5d44307541904a89deefac079c91f8e1cb420765c9c", "0b3d264167717d6d77640e61ccec3769016d6eebb644f400ce7b2e3825c51860", "0d15707febee11db830ff11cb77281206406e1badded11774b67832e13d97659", "10e360fdf96f9e3cad105e1390b5505093f51fafde790b2cd4555ddd29752f2b", "14209ffd9ec31e18565cb9c075eb4f0a134449c5dbc72c36b4bdff3e5366da93", "18e46929b95266e2424e801f840c2106271f3204d49223f4eb6f919c36a9d2e2", "198cb4877d9f2de35fa7ea8d420e78f93080df3782cf0a2afe199dbc1f43f289", "1e29ca4150e7c9b737f01d3999f0200216687adfca45623bfc4335eb018a5495", "1e80e90cefc5a4f72848d621e04c1ef7047e6390d658706d8ab00e31be0e614f", "1f5509aa35700ee4a79285a4df39de8fc83f7b715a2bc4d612e23ed95b1e6c8a", "236ec1d43899bd962f2426db70f67d4a12af659d88febcc5c4154ef68554276a", "23f251b932767402189ca60b44b1c8d34aef8aa1d0590e2af7f93fecb047f585", "252573caa7e7a333679f6dfb97ae0afbad0db7125ddeb2c1c44a9d73b4a27e56", "265ccc248b75cc2dcbf19b078672dd08e9e1670373ff45b8d8027e3cd53b4790", "2677d9e396125edbcf22045f43b2e74a6994ad409c590c6a878d09e69ca94330", "27d1a2e1067de23f95866007a72a81fd1f1909984a844d2888f07f6ee59f68fb", "2dc6f193a7c24b82ab2b0f7c82e5d66246789c67aae27e4ad194595bf82847a4", "2e414e9fc209d6f19eb28c390c45ef113c018b895c4b69852e7105df27f5bf7f", "2f1d38626740802d837b03bde0148ee0de79705c9480482bddd3f24fc406fa2d", "2f357318c8ac8f9c4332eb9845f67a9f7710f21ee955588ff6a4e899f21343ac", "2f5afeff1dbae3219c061704da87caa52626d326027b983cbd2ecb9b38ac1b19", "6b7df73d9357fa9c45a821bbcc952c561319347a5914d36a90b156610d876cc1"], "path": "%SystemRoot%\\SysWOW64\\dllhost.exe"}, {"hashes": ["00ed7b067da4cd36d1a16fe2080c49da137783da6f238476f6f44b4ea6e54c26", "01beadb0bb93aef9b607707c60daaa37d3d8216ab2fe3ba8a9708631d62530b8", "042053d63245bf5d490650290dfc1829f0c9db8bce84dc3937a9e5b938fc159d", "05b86eeff64bfe8195093a96644f36678fd10097a447f1ef40e19535d5cf8b1f", "08ba9c3d0ef3d2013b17c5d44307541904a89deefac079c91f8e1cb420765c9c", "0b3d264167717d6d77640e61ccec3769016d6eebb644f400ce7b2e3825c51860", "0d15707febee11db830ff11cb77281206406e1badded11774b67832e13d97659", "10e360fdf96f9e3cad105e1390b5505093f51fafde790b2cd4555ddd29752f2b", "14209ffd9ec31e18565cb9c075eb4f0a134449c5dbc72c36b4bdff3e5366da93", "18e46929b95266e2424e801f840c2106271f3204d49223f4eb6f919c36a9d2e2", "198cb4877d9f2de35fa7ea8d420e78f93080df3782cf0a2afe199dbc1f43f289", "1e29ca4150e7c9b737f01d3999f0200216687adfca45623bfc4335eb018a5495", "1e80e90cefc5a4f72848d621e04c1ef7047e6390d658706d8ab00e31be0e614f", "1f5509aa35700ee4a79285a4df39de8fc83f7b715a2bc4d612e23ed95b1e6c8a", "236ec1d43899bd962f2426db70f67d4a12af659d88febcc5c4154ef68554276a", "23f251b932767402189ca60b44b1c8d34aef8aa1d0590e2af7f93fecb047f585", "252573caa7e7a333679f6dfb97ae0afbad0db7125ddeb2c1c44a9d73b4a27e56", "265ccc248b75cc2dcbf19b078672dd08e9e1670373ff45b8d8027e3cd53b4790", "2677d9e396125edbcf22045f43b2e74a6994ad409c590c6a878d09e69ca94330", "27d1a2e1067de23f95866007a72a81fd1f1909984a844d2888f07f6ee59f68fb", "2dc6f193a7c24b82ab2b0f7c82e5d66246789c67aae27e4ad194595bf82847a4", "2e414e9fc209d6f19eb28c390c45ef113c018b895c4b69852e7105df27f5bf7f", "2f1d38626740802d837b03bde0148ee0de79705c9480482bddd3f24fc406fa2d", "2f357318c8ac8f9c4332eb9845f67a9f7710f21ee955588ff6a4e899f21343ac", "2f5afeff1dbae3219c061704da87caa52626d326027b983cbd2ecb9b38ac1b19", "6b7df73d9357fa9c45a821bbcc952c561319347a5914d36a90b156610d876cc1"], "path": "%SystemRoot%\\SysWOW64\\msiexec.exe"}, {"hashes": ["00ed7b067da4cd36d1a16fe2080c49da137783da6f238476f6f44b4ea6e54c26", "01beadb0bb93aef9b607707c60daaa37d3d8216ab2fe3ba8a9708631d62530b8", "042053d63245bf5d490650290dfc1829f0c9db8bce84dc3937a9e5b938fc159d", "05b86eeff64bfe8195093a96644f36678fd10097a447f1ef40e19535d5cf8b1f", "08ba9c3d0ef3d2013b17c5d44307541904a89deefac079c91f8e1cb420765c9c", "0b3d264167717d6d77640e61ccec3769016d6eebb644f400ce7b2e3825c51860", "0d15707febee11db830ff11cb77281206406e1badded11774b67832e13d97659", "10e360fdf96f9e3cad105e1390b5505093f51fafde790b2cd4555ddd29752f2b", "14209ffd9ec31e18565cb9c075eb4f0a134449c5dbc72c36b4bdff3e5366da93", "18e46929b95266e2424e801f840c2106271f3204d49223f4eb6f919c36a9d2e2", "198cb4877d9f2de35fa7ea8d420e78f93080df3782cf0a2afe199dbc1f43f289", "1e29ca4150e7c9b737f01d3999f0200216687adfca45623bfc4335eb018a5495", "1e80e90cefc5a4f72848d621e04c1ef7047e6390d658706d8ab00e31be0e614f", "1f5509aa35700ee4a79285a4df39de8fc83f7b715a2bc4d612e23ed95b1e6c8a", "236ec1d43899bd962f2426db70f67d4a12af659d88febcc5c4154ef68554276a", "23f251b932767402189ca60b44b1c8d34aef8aa1d0590e2af7f93fecb047f585", "252573caa7e7a333679f6dfb97ae0afbad0db7125ddeb2c1c44a9d73b4a27e56", "265ccc248b75cc2dcbf19b078672dd08e9e1670373ff45b8d8027e3cd53b4790", "2677d9e396125edbcf22045f43b2e74a6994ad409c590c6a878d09e69ca94330", "27d1a2e1067de23f95866007a72a81fd1f1909984a844d2888f07f6ee59f68fb", "2dc6f193a7c24b82ab2b0f7c82e5d66246789c67aae27e4ad194595bf82847a4", "2e414e9fc209d6f19eb28c390c45ef113c018b895c4b69852e7105df27f5bf7f", "2f1d38626740802d837b03bde0148ee0de79705c9480482bddd3f24fc406fa2d", "2f357318c8ac8f9c4332eb9845f67a9f7710f21ee955588ff6a4e899f21343ac", "2f5afeff1dbae3219c061704da87caa52626d326027b983cbd2ecb9b38ac1b19", "6b7df73d9357fa9c45a821bbcc952c561319347a5914d36a90b156610d876cc1"], "path": "%SystemRoot%\\SysWOW64\\svchost.exe"}, {"hashes": ["00ed7b067da4cd36d1a16fe2080c49da137783da6f238476f6f44b4ea6e54c26", "01beadb0bb93aef9b607707c60daaa37d3d8216ab2fe3ba8a9708631d62530b8", "042053d63245bf5d490650290dfc1829f0c9db8bce84dc3937a9e5b938fc159d", "05b86eeff64bfe8195093a96644f36678fd10097a447f1ef40e19535d5cf8b1f", "08ba9c3d0ef3d2013b17c5d44307541904a89deefac079c91f8e1cb420765c9c", "0b3d264167717d6d77640e61ccec3769016d6eebb644f400ce7b2e3825c51860", "0d15707febee11db830ff11cb77281206406e1badded11774b67832e13d97659", "10e360fdf96f9e3cad105e1390b5505093f51fafde790b2cd4555ddd29752f2b", "14209ffd9ec31e18565cb9c075eb4f0a134449c5dbc72c36b4bdff3e5366da93", "18e46929b95266e2424e801f840c2106271f3204d49223f4eb6f919c36a9d2e2", "198cb4877d9f2de35fa7ea8d420e78f93080df3782cf0a2afe199dbc1f43f289", "1e29ca4150e7c9b737f01d3999f0200216687adfca45623bfc4335eb018a5495", "1e80e90cefc5a4f72848d621e04c1ef7047e6390d658706d8ab00e31be0e614f", "1f5509aa35700ee4a79285a4df39de8fc83f7b715a2bc4d612e23ed95b1e6c8a", "236ec1d43899bd962f2426db70f67d4a12af659d88febcc5c4154ef68554276a", "23f251b932767402189ca60b44b1c8d34aef8aa1d0590e2af7f93fecb047f585", "252573caa7e7a333679f6dfb97ae0afbad0db7125ddeb2c1c44a9d73b4a27e56", "265ccc248b75cc2dcbf19b078672dd08e9e1670373ff45b8d8027e3cd53b4790", "2677d9e396125edbcf22045f43b2e74a6994ad409c590c6a878d09e69ca94330", "27d1a2e1067de23f95866007a72a81fd1f1909984a844d2888f07f6ee59f68fb", "2dc6f193a7c24b82ab2b0f7c82e5d66246789c67aae27e4ad194595bf82847a4", "2e414e9fc209d6f19eb28c390c45ef113c018b895c4b69852e7105df27f5bf7f", "2f1d38626740802d837b03bde0148ee0de79705c9480482bddd3f24fc406fa2d", "2f357318c8ac8f9c4332eb9845f67a9f7710f21ee955588ff6a4e899f21343ac", "2f5afeff1dbae3219c061704da87caa52626d326027b983cbd2ecb9b38ac1b19", "6b7df73d9357fa9c45a821bbcc952c561319347a5914d36a90b156610d876cc1"], "path": "%ProgramFiles%\\Internet Explorer\\iexplore.exe"}, {"hashes": ["00ed7b067da4cd36d1a16fe2080c49da137783da6f238476f6f44b4ea6e54c26", "01beadb0bb93aef9b607707c60daaa37d3d8216ab2fe3ba8a9708631d62530b8", "042053d63245bf5d490650290dfc1829f0c9db8bce84dc3937a9e5b938fc159d", "05b86eeff64bfe8195093a96644f36678fd10097a447f1ef40e19535d5cf8b1f", "08ba9c3d0ef3d2013b17c5d44307541904a89deefac079c91f8e1cb420765c9c", "0b3d264167717d6d77640e61ccec3769016d6eebb644f400ce7b2e3825c51860", "0d15707febee11db830ff11cb77281206406e1badded11774b67832e13d97659", "10e360fdf96f9e3cad105e1390b5505093f51fafde790b2cd4555ddd29752f2b", "14209ffd9ec31e18565cb9c075eb4f0a134449c5dbc72c36b4bdff3e5366da93", "18e46929b95266e2424e801f840c2106271f3204d49223f4eb6f919c36a9d2e2", "198cb4877d9f2de35fa7ea8d420e78f93080df3782cf0a2afe199dbc1f43f289", "1e29ca4150e7c9b737f01d3999f0200216687adfca45623bfc4335eb018a5495", "1e80e90cefc5a4f72848d621e04c1ef7047e6390d658706d8ab00e31be0e614f", "1f5509aa35700ee4a79285a4df39de8fc83f7b715a2bc4d612e23ed95b1e6c8a", "236ec1d43899bd962f2426db70f67d4a12af659d88febcc5c4154ef68554276a", "23f251b932767402189ca60b44b1c8d34aef8aa1d0590e2af7f93fecb047f585", "252573caa7e7a333679f6dfb97ae0afbad0db7125ddeb2c1c44a9d73b4a27e56", "265ccc248b75cc2dcbf19b078672dd08e9e1670373ff45b8d8027e3cd53b4790", "2677d9e396125edbcf22045f43b2e74a6994ad409c590c6a878d09e69ca94330", "27d1a2e1067de23f95866007a72a81fd1f1909984a844d2888f07f6ee59f68fb", "2dc6f193a7c24b82ab2b0f7c82e5d66246789c67aae27e4ad194595bf82847a4", "2e414e9fc209d6f19eb28c390c45ef113c018b895c4b69852e7105df27f5bf7f", "2f1d38626740802d837b03bde0148ee0de79705c9480482bddd3f24fc406fa2d", "2f357318c8ac8f9c4332eb9845f67a9f7710f21ee955588ff6a4e899f21343ac", "2f5afeff1dbae3219c061704da87caa52626d326027b983cbd2ecb9b38ac1b19", "6b7df73d9357fa9c45a821bbcc952c561319347a5914d36a90b156610d876cc1"], "path": "%APPDATA%\\Mozilla\\Firefox\\Profiles\\<profile ID>.default\\extensions.sqlite.new"}, {"hashes": ["00ed7b067da4cd36d1a16fe2080c49da137783da6f238476f6f44b4ea6e54c26", "01beadb0bb93aef9b607707c60daaa37d3d8216ab2fe3ba8a9708631d62530b8", "042053d63245bf5d490650290dfc1829f0c9db8bce84dc3937a9e5b938fc159d", "05b86eeff64bfe8195093a96644f36678fd10097a447f1ef40e19535d5cf8b1f", "08ba9c3d0ef3d2013b17c5d44307541904a89deefac079c91f8e1cb420765c9c", "0b3d264167717d6d77640e61ccec3769016d6eebb644f400ce7b2e3825c51860", "0d15707febee11db830ff11cb77281206406e1badded11774b67832e13d97659", "10e360fdf96f9e3cad105e1390b5505093f51fafde790b2cd4555ddd29752f2b", "14209ffd9ec31e18565cb9c075eb4f0a134449c5dbc72c36b4bdff3e5366da93", "18e46929b95266e2424e801f840c2106271f3204d49223f4eb6f919c36a9d2e2", "198cb4877d9f2de35fa7ea8d420e78f93080df3782cf0a2afe199dbc1f43f289", "1e29ca4150e7c9b737f01d3999f0200216687adfca45623bfc4335eb018a5495", "1e80e90cefc5a4f72848d621e04c1ef7047e6390d658706d8ab00e31be0e614f", "1f5509aa35700ee4a79285a4df39de8fc83f7b715a2bc4d612e23ed95b1e6c8a", "236ec1d43899bd962f2426db70f67d4a12af659d88febcc5c4154ef68554276a", "23f251b932767402189ca60b44b1c8d34aef8aa1d0590e2af7f93fecb047f585", "252573caa7e7a333679f6dfb97ae0afbad0db7125ddeb2c1c44a9d73b4a27e56", "265ccc248b75cc2dcbf19b078672dd08e9e1670373ff45b8d8027e3cd53b4790", "2677d9e396125edbcf22045f43b2e74a6994ad409c590c6a878d09e69ca94330", "27d1a2e1067de23f95866007a72a81fd1f1909984a844d2888f07f6ee59f68fb", "2dc6f193a7c24b82ab2b0f7c82e5d66246789c67aae27e4ad194595bf82847a4", "2e414e9fc209d6f19eb28c390c45ef113c018b895c4b69852e7105df27f5bf7f", "2f1d38626740802d837b03bde0148ee0de79705c9480482bddd3f24fc406fa2d", "2f357318c8ac8f9c4332eb9845f67a9f7710f21ee955588ff6a4e899f21343ac", "2f5afeff1dbae3219c061704da87caa52626d326027b983cbd2ecb9b38ac1b19", "6b7df73d9357fa9c45a821bbcc952c561319347a5914d36a90b156610d876cc1"], "path": "\\MSOCache\\All Users\\{90140000-0115-0409-0000-0000000FF1CE}-C\\ncjookla.tmp"}, {"hashes": ["00ed7b067da4cd36d1a16fe2080c49da137783da6f238476f6f44b4ea6e54c26", "01beadb0bb93aef9b607707c60daaa37d3d8216ab2fe3ba8a9708631d62530b8", "042053d63245bf5d490650290dfc1829f0c9db8bce84dc3937a9e5b938fc159d", "05b86eeff64bfe8195093a96644f36678fd10097a447f1ef40e19535d5cf8b1f", "08ba9c3d0ef3d2013b17c5d44307541904a89deefac079c91f8e1cb420765c9c", "0b3d264167717d6d77640e61ccec3769016d6eebb644f400ce7b2e3825c51860", "0d15707febee11db830ff11cb77281206406e1badded11774b67832e13d97659", "10e360fdf96f9e3cad105e1390b5505093f51fafde790b2cd4555ddd29752f2b", "14209ffd9ec31e18565cb9c075eb4f0a134449c5dbc72c36b4bdff3e5366da93", "18e46929b95266e2424e801f840c2106271f3204d49223f4eb6f919c36a9d2e2", "198cb4877d9f2de35fa7ea8d420e78f93080df3782cf0a2afe199dbc1f43f289", "1e29ca4150e7c9b737f01d3999f0200216687adfca45623bfc4335eb018a5495", "1e80e90cefc5a4f72848d621e04c1ef7047e6390d658706d8ab00e31be0e614f", "1f5509aa35700ee4a79285a4df39de8fc83f7b715a2bc4d612e23ed95b1e6c8a", "236ec1d43899bd962f2426db70f67d4a12af659d88febcc5c4154ef68554276a", "23f251b932767402189ca60b44b1c8d34aef8aa1d0590e2af7f93fecb047f585", "252573caa7e7a333679f6dfb97ae0afbad0db7125ddeb2c1c44a9d73b4a27e56", "265ccc248b75cc2dcbf19b078672dd08e9e1670373ff45b8d8027e3cd53b4790", "2677d9e396125edbcf22045f43b2e74a6994ad409c590c6a878d09e69ca94330", "27d1a2e1067de23f95866007a72a81fd1f1909984a844d2888f07f6ee59f68fb", "2dc6f193a7c24b82ab2b0f7c82e5d66246789c67aae27e4ad194595bf82847a4", "2e414e9fc209d6f19eb28c390c45ef113c018b895c4b69852e7105df27f5bf7f", "2f1d38626740802d837b03bde0148ee0de79705c9480482bddd3f24fc406fa2d", "2f357318c8ac8f9c4332eb9845f67a9f7710f21ee955588ff6a4e899f21343ac", "2f5afeff1dbae3219c061704da87caa52626d326027b983cbd2ecb9b38ac1b19", "6b7df73d9357fa9c45a821bbcc952c561319347a5914d36a90b156610d876cc1"], "path": "\\MSOCache\\All Users\\{90140000-0115-0409-0000-0000000FF1CE}-C\\pijiegfa.tmp"}, {"hashes": ["00ed7b067da4cd36d1a16fe2080c49da137783da6f238476f6f44b4ea6e54c26", "01beadb0bb93aef9b607707c60daaa37d3d8216ab2fe3ba8a9708631d62530b8", "042053d63245bf5d490650290dfc1829f0c9db8bce84dc3937a9e5b938fc159d", "05b86eeff64bfe8195093a96644f36678fd10097a447f1ef40e19535d5cf8b1f", "08ba9c3d0ef3d2013b17c5d44307541904a89deefac079c91f8e1cb420765c9c", "0b3d264167717d6d77640e61ccec3769016d6eebb644f400ce7b2e3825c51860", "0d15707febee11db830ff11cb77281206406e1badded11774b67832e13d97659", "10e360fdf96f9e3cad105e1390b5505093f51fafde790b2cd4555ddd29752f2b", "14209ffd9ec31e18565cb9c075eb4f0a134449c5dbc72c36b4bdff3e5366da93", "18e46929b95266e2424e801f840c2106271f3204d49223f4eb6f919c36a9d2e2", "198cb4877d9f2de35fa7ea8d420e78f93080df3782cf0a2afe199dbc1f43f289", "1e29ca4150e7c9b737f01d3999f0200216687adfca45623bfc4335eb018a5495", "1e80e90cefc5a4f72848d621e04c1ef7047e6390d658706d8ab00e31be0e614f", "1f5509aa35700ee4a79285a4df39de8fc83f7b715a2bc4d612e23ed95b1e6c8a", "236ec1d43899bd962f2426db70f67d4a12af659d88febcc5c4154ef68554276a", "23f251b932767402189ca60b44b1c8d34aef8aa1d0590e2af7f93fecb047f585", "252573caa7e7a333679f6dfb97ae0afbad0db7125ddeb2c1c44a9d73b4a27e56", "265ccc248b75cc2dcbf19b078672dd08e9e1670373ff45b8d8027e3cd53b4790", "2677d9e396125edbcf22045f43b2e74a6994ad409c590c6a878d09e69ca94330", "27d1a2e1067de23f95866007a72a81fd1f1909984a844d2888f07f6ee59f68fb", "2dc6f193a7c24b82ab2b0f7c82e5d66246789c67aae27e4ad194595bf82847a4", "2e414e9fc209d6f19eb28c390c45ef113c018b895c4b69852e7105df27f5bf7f", "2f1d38626740802d837b03bde0148ee0de79705c9480482bddd3f24fc406fa2d", "2f357318c8ac8f9c4332eb9845f67a9f7710f21ee955588ff6a4e899f21343ac", "2f5afeff1dbae3219c061704da87caa52626d326027b983cbd2ecb9b38ac1b19", "6b7df73d9357fa9c45a821bbcc952c561319347a5914d36a90b156610d876cc1"], "path": "\\MSOCache\\All Users\\{91140000-0011-0000-0000-0000000FF1CE}-C\\afaqkaok.tmp"}, {"hashes": ["00ed7b067da4cd36d1a16fe2080c49da137783da6f238476f6f44b4ea6e54c26", "01beadb0bb93aef9b607707c60daaa37d3d8216ab2fe3ba8a9708631d62530b8", "042053d63245bf5d490650290dfc1829f0c9db8bce84dc3937a9e5b938fc159d", "05b86eeff64bfe8195093a96644f36678fd10097a447f1ef40e19535d5cf8b1f", "08ba9c3d0ef3d2013b17c5d44307541904a89deefac079c91f8e1cb420765c9c", "0b3d264167717d6d77640e61ccec3769016d6eebb644f400ce7b2e3825c51860", "0d15707febee11db830ff11cb77281206406e1badded11774b67832e13d97659", "10e360fdf96f9e3cad105e1390b5505093f51fafde790b2cd4555ddd29752f2b", "14209ffd9ec31e18565cb9c075eb4f0a134449c5dbc72c36b4bdff3e5366da93", "18e46929b95266e2424e801f840c2106271f3204d49223f4eb6f919c36a9d2e2", "198cb4877d9f2de35fa7ea8d420e78f93080df3782cf0a2afe199dbc1f43f289", "1e29ca4150e7c9b737f01d3999f0200216687adfca45623bfc4335eb018a5495", "1e80e90cefc5a4f72848d621e04c1ef7047e6390d658706d8ab00e31be0e614f", "1f5509aa35700ee4a79285a4df39de8fc83f7b715a2bc4d612e23ed95b1e6c8a", "236ec1d43899bd962f2426db70f67d4a12af659d88febcc5c4154ef68554276a", "23f251b932767402189ca60b44b1c8d34aef8aa1d0590e2af7f93fecb047f585", "252573caa7e7a333679f6dfb97ae0afbad0db7125ddeb2c1c44a9d73b4a27e56", "265ccc248b75cc2dcbf19b078672dd08e9e1670373ff45b8d8027e3cd53b4790", "2677d9e396125edbcf22045f43b2e74a6994ad409c590c6a878d09e69ca94330", "27d1a2e1067de23f95866007a72a81fd1f1909984a844d2888f07f6ee59f68fb", "2dc6f193a7c24b82ab2b0f7c82e5d66246789c67aae27e4ad194595bf82847a4", "2e414e9fc209d6f19eb28c390c45ef113c018b895c4b69852e7105df27f5bf7f", "2f1d38626740802d837b03bde0148ee0de79705c9480482bddd3f24fc406fa2d", "2f357318c8ac8f9c4332eb9845f67a9f7710f21ee955588ff6a4e899f21343ac", "2f5afeff1dbae3219c061704da87caa52626d326027b983cbd2ecb9b38ac1b19", "6b7df73d9357fa9c45a821bbcc952c561319347a5914d36a90b156610d876cc1"], "path": "\\MSOCache\\All Users\\{91140000-0011-0000-0000-0000000FF1CE}-C\\amhadgcp.tmp"}, {"hashes": ["00ed7b067da4cd36d1a16fe2080c49da137783da6f238476f6f44b4ea6e54c26", "01beadb0bb93aef9b607707c60daaa37d3d8216ab2fe3ba8a9708631d62530b8", "042053d63245bf5d490650290dfc1829f0c9db8bce84dc3937a9e5b938fc159d", "05b86eeff64bfe8195093a96644f36678fd10097a447f1ef40e19535d5cf8b1f", "08ba9c3d0ef3d2013b17c5d44307541904a89deefac079c91f8e1cb420765c9c", "0b3d264167717d6d77640e61ccec3769016d6eebb644f400ce7b2e3825c51860", "0d15707febee11db830ff11cb77281206406e1badded11774b67832e13d97659", "10e360fdf96f9e3cad105e1390b5505093f51fafde790b2cd4555ddd29752f2b", "14209ffd9ec31e18565cb9c075eb4f0a134449c5dbc72c36b4bdff3e5366da93", "18e46929b95266e2424e801f840c2106271f3204d49223f4eb6f919c36a9d2e2", "198cb4877d9f2de35fa7ea8d420e78f93080df3782cf0a2afe199dbc1f43f289", "1e29ca4150e7c9b737f01d3999f0200216687adfca45623bfc4335eb018a5495", "1e80e90cefc5a4f72848d621e04c1ef7047e6390d658706d8ab00e31be0e614f", "1f5509aa35700ee4a79285a4df39de8fc83f7b715a2bc4d612e23ed95b1e6c8a", "236ec1d43899bd962f2426db70f67d4a12af659d88febcc5c4154ef68554276a", "23f251b932767402189ca60b44b1c8d34aef8aa1d0590e2af7f93fecb047f585", "252573caa7e7a333679f6dfb97ae0afbad0db7125ddeb2c1c44a9d73b4a27e56", "265ccc248b75cc2dcbf19b078672dd08e9e1670373ff45b8d8027e3cd53b4790", "2677d9e396125edbcf22045f43b2e74a6994ad409c590c6a878d09e69ca94330", "27d1a2e1067de23f95866007a72a81fd1f1909984a844d2888f07f6ee59f68fb", "2dc6f193a7c24b82ab2b0f7c82e5d66246789c67aae27e4ad194595bf82847a4", "2e414e9fc209d6f19eb28c390c45ef113c018b895c4b69852e7105df27f5bf7f", "2f1d38626740802d837b03bde0148ee0de79705c9480482bddd3f24fc406fa2d", "2f357318c8ac8f9c4332eb9845f67a9f7710f21ee955588ff6a4e899f21343ac", "2f5afeff1dbae3219c061704da87caa52626d326027b983cbd2ecb9b38ac1b19", "6b7df73d9357fa9c45a821bbcc952c561319347a5914d36a90b156610d876cc1"], "path": "%ProgramFiles%\\Windows Media Player\\wmpnetwk.exe"}, {"hashes": ["00ed7b067da4cd36d1a16fe2080c49da137783da6f238476f6f44b4ea6e54c26", "01beadb0bb93aef9b607707c60daaa37d3d8216ab2fe3ba8a9708631d62530b8", "042053d63245bf5d490650290dfc1829f0c9db8bce84dc3937a9e5b938fc159d", "05b86eeff64bfe8195093a96644f36678fd10097a447f1ef40e19535d5cf8b1f", "08ba9c3d0ef3d2013b17c5d44307541904a89deefac079c91f8e1cb420765c9c", "0b3d264167717d6d77640e61ccec3769016d6eebb644f400ce7b2e3825c51860", "0d15707febee11db830ff11cb77281206406e1badded11774b67832e13d97659", "10e360fdf96f9e3cad105e1390b5505093f51fafde790b2cd4555ddd29752f2b", "14209ffd9ec31e18565cb9c075eb4f0a134449c5dbc72c36b4bdff3e5366da93", "18e46929b95266e2424e801f840c2106271f3204d49223f4eb6f919c36a9d2e2", "198cb4877d9f2de35fa7ea8d420e78f93080df3782cf0a2afe199dbc1f43f289", "1e29ca4150e7c9b737f01d3999f0200216687adfca45623bfc4335eb018a5495", "1e80e90cefc5a4f72848d621e04c1ef7047e6390d658706d8ab00e31be0e614f", "1f5509aa35700ee4a79285a4df39de8fc83f7b715a2bc4d612e23ed95b1e6c8a", "236ec1d43899bd962f2426db70f67d4a12af659d88febcc5c4154ef68554276a", "23f251b932767402189ca60b44b1c8d34aef8aa1d0590e2af7f93fecb047f585", "252573caa7e7a333679f6dfb97ae0afbad0db7125ddeb2c1c44a9d73b4a27e56", "265ccc248b75cc2dcbf19b078672dd08e9e1670373ff45b8d8027e3cd53b4790", "2677d9e396125edbcf22045f43b2e74a6994ad409c590c6a878d09e69ca94330", "27d1a2e1067de23f95866007a72a81fd1f1909984a844d2888f07f6ee59f68fb", "2dc6f193a7c24b82ab2b0f7c82e5d66246789c67aae27e4ad194595bf82847a4", "2e414e9fc209d6f19eb28c390c45ef113c018b895c4b69852e7105df27f5bf7f", "2f1d38626740802d837b03bde0148ee0de79705c9480482bddd3f24fc406fa2d", "2f357318c8ac8f9c4332eb9845f67a9f7710f21ee955588ff6a4e899f21343ac", "2f5afeff1dbae3219c061704da87caa52626d326027b983cbd2ecb9b38ac1b19", "6b7df73d9357fa9c45a821bbcc952c561319347a5914d36a90b156610d876cc1"], "path": "%System32%\\FXSSVC.exe"}, {"hashes": ["00ed7b067da4cd36d1a16fe2080c49da137783da6f238476f6f44b4ea6e54c26", "01beadb0bb93aef9b607707c60daaa37d3d8216ab2fe3ba8a9708631d62530b8", "042053d63245bf5d490650290dfc1829f0c9db8bce84dc3937a9e5b938fc159d", "05b86eeff64bfe8195093a96644f36678fd10097a447f1ef40e19535d5cf8b1f", "08ba9c3d0ef3d2013b17c5d44307541904a89deefac079c91f8e1cb420765c9c", "0b3d264167717d6d77640e61ccec3769016d6eebb644f400ce7b2e3825c51860", "0d15707febee11db830ff11cb77281206406e1badded11774b67832e13d97659", "10e360fdf96f9e3cad105e1390b5505093f51fafde790b2cd4555ddd29752f2b", "14209ffd9ec31e18565cb9c075eb4f0a134449c5dbc72c36b4bdff3e5366da93", "18e46929b95266e2424e801f840c2106271f3204d49223f4eb6f919c36a9d2e2", "198cb4877d9f2de35fa7ea8d420e78f93080df3782cf0a2afe199dbc1f43f289", "1e29ca4150e7c9b737f01d3999f0200216687adfca45623bfc4335eb018a5495", "1e80e90cefc5a4f72848d621e04c1ef7047e6390d658706d8ab00e31be0e614f", "1f5509aa35700ee4a79285a4df39de8fc83f7b715a2bc4d612e23ed95b1e6c8a", "236ec1d43899bd962f2426db70f67d4a12af659d88febcc5c4154ef68554276a", "23f251b932767402189ca60b44b1c8d34aef8aa1d0590e2af7f93fecb047f585", "252573caa7e7a333679f6dfb97ae0afbad0db7125ddeb2c1c44a9d73b4a27e56", "265ccc248b75cc2dcbf19b078672dd08e9e1670373ff45b8d8027e3cd53b4790", "2677d9e396125edbcf22045f43b2e74a6994ad409c590c6a878d09e69ca94330", "27d1a2e1067de23f95866007a72a81fd1f1909984a844d2888f07f6ee59f68fb", "2dc6f193a7c24b82ab2b0f7c82e5d66246789c67aae27e4ad194595bf82847a4", "2e414e9fc209d6f19eb28c390c45ef113c018b895c4b69852e7105df27f5bf7f", "2f1d38626740802d837b03bde0148ee0de79705c9480482bddd3f24fc406fa2d", "2f357318c8ac8f9c4332eb9845f67a9f7710f21ee955588ff6a4e899f21343ac", "2f5afeff1dbae3219c061704da87caa52626d326027b983cbd2ecb9b38ac1b19", "6b7df73d9357fa9c45a821bbcc952c561319347a5914d36a90b156610d876cc1"], "path": "%System32%\\UI0Detect.exe"}, {"hashes": ["00ed7b067da4cd36d1a16fe2080c49da137783da6f238476f6f44b4ea6e54c26", "01beadb0bb93aef9b607707c60daaa37d3d8216ab2fe3ba8a9708631d62530b8", "042053d63245bf5d490650290dfc1829f0c9db8bce84dc3937a9e5b938fc159d", "05b86eeff64bfe8195093a96644f36678fd10097a447f1ef40e19535d5cf8b1f", "08ba9c3d0ef3d2013b17c5d44307541904a89deefac079c91f8e1cb420765c9c", "0b3d264167717d6d77640e61ccec3769016d6eebb644f400ce7b2e3825c51860", "0d15707febee11db830ff11cb77281206406e1badded11774b67832e13d97659", "10e360fdf96f9e3cad105e1390b5505093f51fafde790b2cd4555ddd29752f2b", "14209ffd9ec31e18565cb9c075eb4f0a134449c5dbc72c36b4bdff3e5366da93", "18e46929b95266e2424e801f840c2106271f3204d49223f4eb6f919c36a9d2e2", "198cb4877d9f2de35fa7ea8d420e78f93080df3782cf0a2afe199dbc1f43f289", "1e29ca4150e7c9b737f01d3999f0200216687adfca45623bfc4335eb018a5495", "1e80e90cefc5a4f72848d621e04c1ef7047e6390d658706d8ab00e31be0e614f", "1f5509aa35700ee4a79285a4df39de8fc83f7b715a2bc4d612e23ed95b1e6c8a", "236ec1d43899bd962f2426db70f67d4a12af659d88febcc5c4154ef68554276a", "23f251b932767402189ca60b44b1c8d34aef8aa1d0590e2af7f93fecb047f585", "252573caa7e7a333679f6dfb97ae0afbad0db7125ddeb2c1c44a9d73b4a27e56", "265ccc248b75cc2dcbf19b078672dd08e9e1670373ff45b8d8027e3cd53b4790", "2677d9e396125edbcf22045f43b2e74a6994ad409c590c6a878d09e69ca94330", "27d1a2e1067de23f95866007a72a81fd1f1909984a844d2888f07f6ee59f68fb", "2dc6f193a7c24b82ab2b0f7c82e5d66246789c67aae27e4ad194595bf82847a4", "2e414e9fc209d6f19eb28c390c45ef113c018b895c4b69852e7105df27f5bf7f", "2f1d38626740802d837b03bde0148ee0de79705c9480482bddd3f24fc406fa2d", "2f357318c8ac8f9c4332eb9845f67a9f7710f21ee955588ff6a4e899f21343ac", "2f5afeff1dbae3219c061704da87caa52626d326027b983cbd2ecb9b38ac1b19", "6b7df73d9357fa9c45a821bbcc952c561319347a5914d36a90b156610d876cc1"], "path": "%System32%\\ieetwcollector.exe"}, {"hashes": ["00ed7b067da4cd36d1a16fe2080c49da137783da6f238476f6f44b4ea6e54c26", "01beadb0bb93aef9b607707c60daaa37d3d8216ab2fe3ba8a9708631d62530b8", "042053d63245bf5d490650290dfc1829f0c9db8bce84dc3937a9e5b938fc159d", "05b86eeff64bfe8195093a96644f36678fd10097a447f1ef40e19535d5cf8b1f", "08ba9c3d0ef3d2013b17c5d44307541904a89deefac079c91f8e1cb420765c9c", "0b3d264167717d6d77640e61ccec3769016d6eebb644f400ce7b2e3825c51860", "0d15707febee11db830ff11cb77281206406e1badded11774b67832e13d97659", "10e360fdf96f9e3cad105e1390b5505093f51fafde790b2cd4555ddd29752f2b", "14209ffd9ec31e18565cb9c075eb4f0a134449c5dbc72c36b4bdff3e5366da93", "18e46929b95266e2424e801f840c2106271f3204d49223f4eb6f919c36a9d2e2", "198cb4877d9f2de35fa7ea8d420e78f93080df3782cf0a2afe199dbc1f43f289", "1e29ca4150e7c9b737f01d3999f0200216687adfca45623bfc4335eb018a5495", "1e80e90cefc5a4f72848d621e04c1ef7047e6390d658706d8ab00e31be0e614f", "1f5509aa35700ee4a79285a4df39de8fc83f7b715a2bc4d612e23ed95b1e6c8a", "236ec1d43899bd962f2426db70f67d4a12af659d88febcc5c4154ef68554276a", "23f251b932767402189ca60b44b1c8d34aef8aa1d0590e2af7f93fecb047f585", "252573caa7e7a333679f6dfb97ae0afbad0db7125ddeb2c1c44a9d73b4a27e56", "265ccc248b75cc2dcbf19b078672dd08e9e1670373ff45b8d8027e3cd53b4790", "2677d9e396125edbcf22045f43b2e74a6994ad409c590c6a878d09e69ca94330", "27d1a2e1067de23f95866007a72a81fd1f1909984a844d2888f07f6ee59f68fb", "2dc6f193a7c24b82ab2b0f7c82e5d66246789c67aae27e4ad194595bf82847a4", "2e414e9fc209d6f19eb28c390c45ef113c018b895c4b69852e7105df27f5bf7f", "2f1d38626740802d837b03bde0148ee0de79705c9480482bddd3f24fc406fa2d", "2f357318c8ac8f9c4332eb9845f67a9f7710f21ee955588ff6a4e899f21343ac", "2f5afeff1dbae3219c061704da87caa52626d326027b983cbd2ecb9b38ac1b19", "6b7df73d9357fa9c45a821bbcc952c561319347a5914d36a90b156610d876cc1"], "path": "%System32%\\msdtc.exe"}, {"hashes": ["00ed7b067da4cd36d1a16fe2080c49da137783da6f238476f6f44b4ea6e54c26", "01beadb0bb93aef9b607707c60daaa37d3d8216ab2fe3ba8a9708631d62530b8", "042053d63245bf5d490650290dfc1829f0c9db8bce84dc3937a9e5b938fc159d", "05b86eeff64bfe8195093a96644f36678fd10097a447f1ef40e19535d5cf8b1f", "08ba9c3d0ef3d2013b17c5d44307541904a89deefac079c91f8e1cb420765c9c", "0b3d264167717d6d77640e61ccec3769016d6eebb644f400ce7b2e3825c51860", "0d15707febee11db830ff11cb77281206406e1badded11774b67832e13d97659", "10e360fdf96f9e3cad105e1390b5505093f51fafde790b2cd4555ddd29752f2b", "14209ffd9ec31e18565cb9c075eb4f0a134449c5dbc72c36b4bdff3e5366da93", "18e46929b95266e2424e801f840c2106271f3204d49223f4eb6f919c36a9d2e2", "198cb4877d9f2de35fa7ea8d420e78f93080df3782cf0a2afe199dbc1f43f289", "1e29ca4150e7c9b737f01d3999f0200216687adfca45623bfc4335eb018a5495", "1e80e90cefc5a4f72848d621e04c1ef7047e6390d658706d8ab00e31be0e614f", "1f5509aa35700ee4a79285a4df39de8fc83f7b715a2bc4d612e23ed95b1e6c8a", "236ec1d43899bd962f2426db70f67d4a12af659d88febcc5c4154ef68554276a", "23f251b932767402189ca60b44b1c8d34aef8aa1d0590e2af7f93fecb047f585", "252573caa7e7a333679f6dfb97ae0afbad0db7125ddeb2c1c44a9d73b4a27e56", "265ccc248b75cc2dcbf19b078672dd08e9e1670373ff45b8d8027e3cd53b4790", "2677d9e396125edbcf22045f43b2e74a6994ad409c590c6a878d09e69ca94330", "27d1a2e1067de23f95866007a72a81fd1f1909984a844d2888f07f6ee59f68fb", "2dc6f193a7c24b82ab2b0f7c82e5d66246789c67aae27e4ad194595bf82847a4", "2e414e9fc209d6f19eb28c390c45ef113c018b895c4b69852e7105df27f5bf7f", "2f1d38626740802d837b03bde0148ee0de79705c9480482bddd3f24fc406fa2d", "2f357318c8ac8f9c4332eb9845f67a9f7710f21ee955588ff6a4e899f21343ac", "2f5afeff1dbae3219c061704da87caa52626d326027b983cbd2ecb9b38ac1b19", "6b7df73d9357fa9c45a821bbcc952c561319347a5914d36a90b156610d876cc1"], "path": "%System32%\\msiexec.exe"}, {"hashes": ["00ed7b067da4cd36d1a16fe2080c49da137783da6f238476f6f44b4ea6e54c26", "01beadb0bb93aef9b607707c60daaa37d3d8216ab2fe3ba8a9708631d62530b8", "042053d63245bf5d490650290dfc1829f0c9db8bce84dc3937a9e5b938fc159d", "05b86eeff64bfe8195093a96644f36678fd10097a447f1ef40e19535d5cf8b1f", "08ba9c3d0ef3d2013b17c5d44307541904a89deefac079c91f8e1cb420765c9c", "0b3d264167717d6d77640e61ccec3769016d6eebb644f400ce7b2e3825c51860", "0d15707febee11db830ff11cb77281206406e1badded11774b67832e13d97659", "10e360fdf96f9e3cad105e1390b5505093f51fafde790b2cd4555ddd29752f2b", "14209ffd9ec31e18565cb9c075eb4f0a134449c5dbc72c36b4bdff3e5366da93", "18e46929b95266e2424e801f840c2106271f3204d49223f4eb6f919c36a9d2e2", "198cb4877d9f2de35fa7ea8d420e78f93080df3782cf0a2afe199dbc1f43f289", "1e29ca4150e7c9b737f01d3999f0200216687adfca45623bfc4335eb018a5495", "1e80e90cefc5a4f72848d621e04c1ef7047e6390d658706d8ab00e31be0e614f", "1f5509aa35700ee4a79285a4df39de8fc83f7b715a2bc4d612e23ed95b1e6c8a", "236ec1d43899bd962f2426db70f67d4a12af659d88febcc5c4154ef68554276a", "23f251b932767402189ca60b44b1c8d34aef8aa1d0590e2af7f93fecb047f585", "252573caa7e7a333679f6dfb97ae0afbad0db7125ddeb2c1c44a9d73b4a27e56", "265ccc248b75cc2dcbf19b078672dd08e9e1670373ff45b8d8027e3cd53b4790", "2677d9e396125edbcf22045f43b2e74a6994ad409c590c6a878d09e69ca94330", "27d1a2e1067de23f95866007a72a81fd1f1909984a844d2888f07f6ee59f68fb", "2dc6f193a7c24b82ab2b0f7c82e5d66246789c67aae27e4ad194595bf82847a4", "2e414e9fc209d6f19eb28c390c45ef113c018b895c4b69852e7105df27f5bf7f", "2f1d38626740802d837b03bde0148ee0de79705c9480482bddd3f24fc406fa2d", "2f357318c8ac8f9c4332eb9845f67a9f7710f21ee955588ff6a4e899f21343ac", "2f5afeff1dbae3219c061704da87caa52626d326027b983cbd2ecb9b38ac1b19", "6b7df73d9357fa9c45a821bbcc952c561319347a5914d36a90b156610d876cc1"], "path": "%System32%\\snmptrap.exe"}, {"hashes": ["00ed7b067da4cd36d1a16fe2080c49da137783da6f238476f6f44b4ea6e54c26", "01beadb0bb93aef9b607707c60daaa37d3d8216ab2fe3ba8a9708631d62530b8", "042053d63245bf5d490650290dfc1829f0c9db8bce84dc3937a9e5b938fc159d", "05b86eeff64bfe8195093a96644f36678fd10097a447f1ef40e19535d5cf8b1f", "08ba9c3d0ef3d2013b17c5d44307541904a89deefac079c91f8e1cb420765c9c", "0b3d264167717d6d77640e61ccec3769016d6eebb644f400ce7b2e3825c51860", "0d15707febee11db830ff11cb77281206406e1badded11774b67832e13d97659", "10e360fdf96f9e3cad105e1390b5505093f51fafde790b2cd4555ddd29752f2b", "14209ffd9ec31e18565cb9c075eb4f0a134449c5dbc72c36b4bdff3e5366da93", "18e46929b95266e2424e801f840c2106271f3204d49223f4eb6f919c36a9d2e2", "198cb4877d9f2de35fa7ea8d420e78f93080df3782cf0a2afe199dbc1f43f289", "1e29ca4150e7c9b737f01d3999f0200216687adfca45623bfc4335eb018a5495", "1e80e90cefc5a4f72848d621e04c1ef7047e6390d658706d8ab00e31be0e614f", "1f5509aa35700ee4a79285a4df39de8fc83f7b715a2bc4d612e23ed95b1e6c8a", "236ec1d43899bd962f2426db70f67d4a12af659d88febcc5c4154ef68554276a", "23f251b932767402189ca60b44b1c8d34aef8aa1d0590e2af7f93fecb047f585", "252573caa7e7a333679f6dfb97ae0afbad0db7125ddeb2c1c44a9d73b4a27e56", "265ccc248b75cc2dcbf19b078672dd08e9e1670373ff45b8d8027e3cd53b4790", "2677d9e396125edbcf22045f43b2e74a6994ad409c590c6a878d09e69ca94330", "27d1a2e1067de23f95866007a72a81fd1f1909984a844d2888f07f6ee59f68fb", "2dc6f193a7c24b82ab2b0f7c82e5d66246789c67aae27e4ad194595bf82847a4", "2e414e9fc209d6f19eb28c390c45ef113c018b895c4b69852e7105df27f5bf7f", "2f1d38626740802d837b03bde0148ee0de79705c9480482bddd3f24fc406fa2d", "2f357318c8ac8f9c4332eb9845f67a9f7710f21ee955588ff6a4e899f21343ac", "2f5afeff1dbae3219c061704da87caa52626d326027b983cbd2ecb9b38ac1b19", "6b7df73d9357fa9c45a821bbcc952c561319347a5914d36a90b156610d876cc1"], "path": "%System32%\\wbengine.exe"}, {"hashes": ["00ed7b067da4cd36d1a16fe2080c49da137783da6f238476f6f44b4ea6e54c26", "01beadb0bb93aef9b607707c60daaa37d3d8216ab2fe3ba8a9708631d62530b8", "042053d63245bf5d490650290dfc1829f0c9db8bce84dc3937a9e5b938fc159d", "05b86eeff64bfe8195093a96644f36678fd10097a447f1ef40e19535d5cf8b1f", "08ba9c3d0ef3d2013b17c5d44307541904a89deefac079c91f8e1cb420765c9c", "0b3d264167717d6d77640e61ccec3769016d6eebb644f400ce7b2e3825c51860", "0d15707febee11db830ff11cb77281206406e1badded11774b67832e13d97659", "10e360fdf96f9e3cad105e1390b5505093f51fafde790b2cd4555ddd29752f2b", "14209ffd9ec31e18565cb9c075eb4f0a134449c5dbc72c36b4bdff3e5366da93", "18e46929b95266e2424e801f840c2106271f3204d49223f4eb6f919c36a9d2e2", "198cb4877d9f2de35fa7ea8d420e78f93080df3782cf0a2afe199dbc1f43f289", "1e29ca4150e7c9b737f01d3999f0200216687adfca45623bfc4335eb018a5495", "1e80e90cefc5a4f72848d621e04c1ef7047e6390d658706d8ab00e31be0e614f", "1f5509aa35700ee4a79285a4df39de8fc83f7b715a2bc4d612e23ed95b1e6c8a", "236ec1d43899bd962f2426db70f67d4a12af659d88febcc5c4154ef68554276a", "23f251b932767402189ca60b44b1c8d34aef8aa1d0590e2af7f93fecb047f585", "252573caa7e7a333679f6dfb97ae0afbad0db7125ddeb2c1c44a9d73b4a27e56", "265ccc248b75cc2dcbf19b078672dd08e9e1670373ff45b8d8027e3cd53b4790", "2677d9e396125edbcf22045f43b2e74a6994ad409c590c6a878d09e69ca94330", "27d1a2e1067de23f95866007a72a81fd1f1909984a844d2888f07f6ee59f68fb", "2dc6f193a7c24b82ab2b0f7c82e5d66246789c67aae27e4ad194595bf82847a4", "2e414e9fc209d6f19eb28c390c45ef113c018b895c4b69852e7105df27f5bf7f", "2f1d38626740802d837b03bde0148ee0de79705c9480482bddd3f24fc406fa2d", "2f357318c8ac8f9c4332eb9845f67a9f7710f21ee955588ff6a4e899f21343ac", "2f5afeff1dbae3219c061704da87caa52626d326027b983cbd2ecb9b38ac1b19", "6b7df73d9357fa9c45a821bbcc952c561319347a5914d36a90b156610d876cc1"], "path": "%APPDATA%\\Mozilla\\Firefox\\Profiles\\<profile ID>.default\\extensions\\{5b6f0873-b92d-cd41-be38-201b60017637}\\chrome.manifest"}, {"hashes": ["00ed7b067da4cd36d1a16fe2080c49da137783da6f238476f6f44b4ea6e54c26", "01beadb0bb93aef9b607707c60daaa37d3d8216ab2fe3ba8a9708631d62530b8", "042053d63245bf5d490650290dfc1829f0c9db8bce84dc3937a9e5b938fc159d", "05b86eeff64bfe8195093a96644f36678fd10097a447f1ef40e19535d5cf8b1f", "08ba9c3d0ef3d2013b17c5d44307541904a89deefac079c91f8e1cb420765c9c", "0b3d264167717d6d77640e61ccec3769016d6eebb644f400ce7b2e3825c51860", "0d15707febee11db830ff11cb77281206406e1badded11774b67832e13d97659", "10e360fdf96f9e3cad105e1390b5505093f51fafde790b2cd4555ddd29752f2b", "14209ffd9ec31e18565cb9c075eb4f0a134449c5dbc72c36b4bdff3e5366da93", "18e46929b95266e2424e801f840c2106271f3204d49223f4eb6f919c36a9d2e2", "198cb4877d9f2de35fa7ea8d420e78f93080df3782cf0a2afe199dbc1f43f289", "1e29ca4150e7c9b737f01d3999f0200216687adfca45623bfc4335eb018a5495", "1e80e90cefc5a4f72848d621e04c1ef7047e6390d658706d8ab00e31be0e614f", "1f5509aa35700ee4a79285a4df39de8fc83f7b715a2bc4d612e23ed95b1e6c8a", "236ec1d43899bd962f2426db70f67d4a12af659d88febcc5c4154ef68554276a", "23f251b932767402189ca60b44b1c8d34aef8aa1d0590e2af7f93fecb047f585", "252573caa7e7a333679f6dfb97ae0afbad0db7125ddeb2c1c44a9d73b4a27e56", "265ccc248b75cc2dcbf19b078672dd08e9e1670373ff45b8d8027e3cd53b4790", "2677d9e396125edbcf22045f43b2e74a6994ad409c590c6a878d09e69ca94330", "27d1a2e1067de23f95866007a72a81fd1f1909984a844d2888f07f6ee59f68fb", "2dc6f193a7c24b82ab2b0f7c82e5d66246789c67aae27e4ad194595bf82847a4", "2e414e9fc209d6f19eb28c390c45ef113c018b895c4b69852e7105df27f5bf7f", "2f1d38626740802d837b03bde0148ee0de79705c9480482bddd3f24fc406fa2d", "2f357318c8ac8f9c4332eb9845f67a9f7710f21ee955588ff6a4e899f21343ac", "2f5afeff1dbae3219c061704da87caa52626d326027b983cbd2ecb9b38ac1b19", "6b7df73d9357fa9c45a821bbcc952c561319347a5914d36a90b156610d876cc1"], "path": "%APPDATA%\\Mozilla\\Firefox\\Profiles\\<profile ID>.default\\extensions\\{5b6f0873-b92d-cd41-be38-201b60017637}\\chrome\\content.jar"}, {"hashes": ["00ed7b067da4cd36d1a16fe2080c49da137783da6f238476f6f44b4ea6e54c26", "01beadb0bb93aef9b607707c60daaa37d3d8216ab2fe3ba8a9708631d62530b8", "042053d63245bf5d490650290dfc1829f0c9db8bce84dc3937a9e5b938fc159d", "05b86eeff64bfe8195093a96644f36678fd10097a447f1ef40e19535d5cf8b1f", "08ba9c3d0ef3d2013b17c5d44307541904a89deefac079c91f8e1cb420765c9c", "0b3d264167717d6d77640e61ccec3769016d6eebb644f400ce7b2e3825c51860", "0d15707febee11db830ff11cb77281206406e1badded11774b67832e13d97659", "10e360fdf96f9e3cad105e1390b5505093f51fafde790b2cd4555ddd29752f2b", "14209ffd9ec31e18565cb9c075eb4f0a134449c5dbc72c36b4bdff3e5366da93", "18e46929b95266e2424e801f840c2106271f3204d49223f4eb6f919c36a9d2e2", "198cb4877d9f2de35fa7ea8d420e78f93080df3782cf0a2afe199dbc1f43f289", "1e29ca4150e7c9b737f01d3999f0200216687adfca45623bfc4335eb018a5495", "1e80e90cefc5a4f72848d621e04c1ef7047e6390d658706d8ab00e31be0e614f", "1f5509aa35700ee4a79285a4df39de8fc83f7b715a2bc4d612e23ed95b1e6c8a", "236ec1d43899bd962f2426db70f67d4a12af659d88febcc5c4154ef68554276a", "23f251b932767402189ca60b44b1c8d34aef8aa1d0590e2af7f93fecb047f585", "252573caa7e7a333679f6dfb97ae0afbad0db7125ddeb2c1c44a9d73b4a27e56", "265ccc248b75cc2dcbf19b078672dd08e9e1670373ff45b8d8027e3cd53b4790", "2677d9e396125edbcf22045f43b2e74a6994ad409c590c6a878d09e69ca94330", "27d1a2e1067de23f95866007a72a81fd1f1909984a844d2888f07f6ee59f68fb", "2dc6f193a7c24b82ab2b0f7c82e5d66246789c67aae27e4ad194595bf82847a4", "2e414e9fc209d6f19eb28c390c45ef113c018b895c4b69852e7105df27f5bf7f", "2f1d38626740802d837b03bde0148ee0de79705c9480482bddd3f24fc406fa2d", "2f357318c8ac8f9c4332eb9845f67a9f7710f21ee955588ff6a4e899f21343ac", "2f5afeff1dbae3219c061704da87caa52626d326027b983cbd2ecb9b38ac1b19", "6b7df73d9357fa9c45a821bbcc952c561319347a5914d36a90b156610d876cc1"], "path": "%APPDATA%\\Mozilla\\Firefox\\Profiles\\<profile ID>.default\\extensions\\{5b6f0873-b92d-cd41-be38-201b60017637}\\components\\rooka.js"}, {"hashes": ["00ed7b067da4cd36d1a16fe2080c49da137783da6f238476f6f44b4ea6e54c26", "01beadb0bb93aef9b607707c60daaa37d3d8216ab2fe3ba8a9708631d62530b8", "042053d63245bf5d490650290dfc1829f0c9db8bce84dc3937a9e5b938fc159d", "05b86eeff64bfe8195093a96644f36678fd10097a447f1ef40e19535d5cf8b1f", "08ba9c3d0ef3d2013b17c5d44307541904a89deefac079c91f8e1cb420765c9c", "0b3d264167717d6d77640e61ccec3769016d6eebb644f400ce7b2e3825c51860", "0d15707febee11db830ff11cb77281206406e1badded11774b67832e13d97659", "10e360fdf96f9e3cad105e1390b5505093f51fafde790b2cd4555ddd29752f2b", "14209ffd9ec31e18565cb9c075eb4f0a134449c5dbc72c36b4bdff3e5366da93", "18e46929b95266e2424e801f840c2106271f3204d49223f4eb6f919c36a9d2e2", "198cb4877d9f2de35fa7ea8d420e78f93080df3782cf0a2afe199dbc1f43f289", "1e29ca4150e7c9b737f01d3999f0200216687adfca45623bfc4335eb018a5495", "1e80e90cefc5a4f72848d621e04c1ef7047e6390d658706d8ab00e31be0e614f", "1f5509aa35700ee4a79285a4df39de8fc83f7b715a2bc4d612e23ed95b1e6c8a", "236ec1d43899bd962f2426db70f67d4a12af659d88febcc5c4154ef68554276a", "23f251b932767402189ca60b44b1c8d34aef8aa1d0590e2af7f93fecb047f585", "252573caa7e7a333679f6dfb97ae0afbad0db7125ddeb2c1c44a9d73b4a27e56", "265ccc248b75cc2dcbf19b078672dd08e9e1670373ff45b8d8027e3cd53b4790", "2677d9e396125edbcf22045f43b2e74a6994ad409c590c6a878d09e69ca94330", "27d1a2e1067de23f95866007a72a81fd1f1909984a844d2888f07f6ee59f68fb", "2dc6f193a7c24b82ab2b0f7c82e5d66246789c67aae27e4ad194595bf82847a4", "2e414e9fc209d6f19eb28c390c45ef113c018b895c4b69852e7105df27f5bf7f", "2f1d38626740802d837b03bde0148ee0de79705c9480482bddd3f24fc406fa2d", "2f357318c8ac8f9c4332eb9845f67a9f7710f21ee955588ff6a4e899f21343ac", "2f5afeff1dbae3219c061704da87caa52626d326027b983cbd2ecb9b38ac1b19", "6b7df73d9357fa9c45a821bbcc952c561319347a5914d36a90b156610d876cc1"], "path": "%APPDATA%\\Mozilla\\Firefox\\Profiles\\<profile ID>.default\\extensions\\{5b6f0873-b92d-cd41-be38-201b60017637}\\install.rdf"}, {"hashes": ["00ed7b067da4cd36d1a16fe2080c49da137783da6f238476f6f44b4ea6e54c26", "01beadb0bb93aef9b607707c60daaa37d3d8216ab2fe3ba8a9708631d62530b8", "042053d63245bf5d490650290dfc1829f0c9db8bce84dc3937a9e5b938fc159d", "05b86eeff64bfe8195093a96644f36678fd10097a447f1ef40e19535d5cf8b1f", "08ba9c3d0ef3d2013b17c5d44307541904a89deefac079c91f8e1cb420765c9c", "0b3d264167717d6d77640e61ccec3769016d6eebb644f400ce7b2e3825c51860", "0d15707febee11db830ff11cb77281206406e1badded11774b67832e13d97659", "10e360fdf96f9e3cad105e1390b5505093f51fafde790b2cd4555ddd29752f2b", "14209ffd9ec31e18565cb9c075eb4f0a134449c5dbc72c36b4bdff3e5366da93", "18e46929b95266e2424e801f840c2106271f3204d49223f4eb6f919c36a9d2e2", "198cb4877d9f2de35fa7ea8d420e78f93080df3782cf0a2afe199dbc1f43f289", "1e29ca4150e7c9b737f01d3999f0200216687adfca45623bfc4335eb018a5495", "1e80e90cefc5a4f72848d621e04c1ef7047e6390d658706d8ab00e31be0e614f", "1f5509aa35700ee4a79285a4df39de8fc83f7b715a2bc4d612e23ed95b1e6c8a", "236ec1d43899bd962f2426db70f67d4a12af659d88febcc5c4154ef68554276a", "23f251b932767402189ca60b44b1c8d34aef8aa1d0590e2af7f93fecb047f585", "252573caa7e7a333679f6dfb97ae0afbad0db7125ddeb2c1c44a9d73b4a27e56", "265ccc248b75cc2dcbf19b078672dd08e9e1670373ff45b8d8027e3cd53b4790", "2677d9e396125edbcf22045f43b2e74a6994ad409c590c6a878d09e69ca94330", "27d1a2e1067de23f95866007a72a81fd1f1909984a844d2888f07f6ee59f68fb", "2dc6f193a7c24b82ab2b0f7c82e5d66246789c67aae27e4ad194595bf82847a4", "2e414e9fc209d6f19eb28c390c45ef113c018b895c4b69852e7105df27f5bf7f", "2f1d38626740802d837b03bde0148ee0de79705c9480482bddd3f24fc406fa2d", "2f357318c8ac8f9c4332eb9845f67a9f7710f21ee955588ff6a4e899f21343ac", "2f5afeff1dbae3219c061704da87caa52626d326027b983cbd2ecb9b38ac1b19", "6b7df73d9357fa9c45a821bbcc952c561319347a5914d36a90b156610d876cc1"], "path": "%System32%\\<random, matching '[a-z]{8}'>.tmp"}, {"hashes": ["00ed7b067da4cd36d1a16fe2080c49da137783da6f238476f6f44b4ea6e54c26", "01beadb0bb93aef9b607707c60daaa37d3d8216ab2fe3ba8a9708631d62530b8", "042053d63245bf5d490650290dfc1829f0c9db8bce84dc3937a9e5b938fc159d", "05b86eeff64bfe8195093a96644f36678fd10097a447f1ef40e19535d5cf8b1f", "08ba9c3d0ef3d2013b17c5d44307541904a89deefac079c91f8e1cb420765c9c", "0b3d264167717d6d77640e61ccec3769016d6eebb644f400ce7b2e3825c51860", "0d15707febee11db830ff11cb77281206406e1badded11774b67832e13d97659", "10e360fdf96f9e3cad105e1390b5505093f51fafde790b2cd4555ddd29752f2b", "14209ffd9ec31e18565cb9c075eb4f0a134449c5dbc72c36b4bdff3e5366da93", "18e46929b95266e2424e801f840c2106271f3204d49223f4eb6f919c36a9d2e2", "198cb4877d9f2de35fa7ea8d420e78f93080df3782cf0a2afe199dbc1f43f289", "1e29ca4150e7c9b737f01d3999f0200216687adfca45623bfc4335eb018a5495", "1e80e90cefc5a4f72848d621e04c1ef7047e6390d658706d8ab00e31be0e614f", "1f5509aa35700ee4a79285a4df39de8fc83f7b715a2bc4d612e23ed95b1e6c8a", "236ec1d43899bd962f2426db70f67d4a12af659d88febcc5c4154ef68554276a", "23f251b932767402189ca60b44b1c8d34aef8aa1d0590e2af7f93fecb047f585", "252573caa7e7a333679f6dfb97ae0afbad0db7125ddeb2c1c44a9d73b4a27e56", "265ccc248b75cc2dcbf19b078672dd08e9e1670373ff45b8d8027e3cd53b4790", "2677d9e396125edbcf22045f43b2e74a6994ad409c590c6a878d09e69ca94330", "27d1a2e1067de23f95866007a72a81fd1f1909984a844d2888f07f6ee59f68fb", "2dc6f193a7c24b82ab2b0f7c82e5d66246789c67aae27e4ad194595bf82847a4", "2e414e9fc209d6f19eb28c390c45ef113c018b895c4b69852e7105df27f5bf7f", "2f1d38626740802d837b03bde0148ee0de79705c9480482bddd3f24fc406fa2d", "2f357318c8ac8f9c4332eb9845f67a9f7710f21ee955588ff6a4e899f21343ac", "2f5afeff1dbae3219c061704da87caa52626d326027b983cbd2ecb9b38ac1b19", "6b7df73d9357fa9c45a821bbcc952c561319347a5914d36a90b156610d876cc1"], "path": "%SystemRoot%\\microsoft.net\\framework\\v2.0.50727\\<random, matching '[a-z]{8}'>.tmp"}, {"hashes": ["00ed7b067da4cd36d1a16fe2080c49da137783da6f238476f6f44b4ea6e54c26", "01beadb0bb93aef9b607707c60daaa37d3d8216ab2fe3ba8a9708631d62530b8", "042053d63245bf5d490650290dfc1829f0c9db8bce84dc3937a9e5b938fc159d", "05b86eeff64bfe8195093a96644f36678fd10097a447f1ef40e19535d5cf8b1f", "08ba9c3d0ef3d2013b17c5d44307541904a89deefac079c91f8e1cb420765c9c", "0b3d264167717d6d77640e61ccec3769016d6eebb644f400ce7b2e3825c51860", "0d15707febee11db830ff11cb77281206406e1badded11774b67832e13d97659", "10e360fdf96f9e3cad105e1390b5505093f51fafde790b2cd4555ddd29752f2b", "14209ffd9ec31e18565cb9c075eb4f0a134449c5dbc72c36b4bdff3e5366da93", "18e46929b95266e2424e801f840c2106271f3204d49223f4eb6f919c36a9d2e2", "198cb4877d9f2de35fa7ea8d420e78f93080df3782cf0a2afe199dbc1f43f289", "1e29ca4150e7c9b737f01d3999f0200216687adfca45623bfc4335eb018a5495", "1e80e90cefc5a4f72848d621e04c1ef7047e6390d658706d8ab00e31be0e614f", "1f5509aa35700ee4a79285a4df39de8fc83f7b715a2bc4d612e23ed95b1e6c8a", "236ec1d43899bd962f2426db70f67d4a12af659d88febcc5c4154ef68554276a", "23f251b932767402189ca60b44b1c8d34aef8aa1d0590e2af7f93fecb047f585", "252573caa7e7a333679f6dfb97ae0afbad0db7125ddeb2c1c44a9d73b4a27e56", "265ccc248b75cc2dcbf19b078672dd08e9e1670373ff45b8d8027e3cd53b4790", "2677d9e396125edbcf22045f43b2e74a6994ad409c590c6a878d09e69ca94330", "27d1a2e1067de23f95866007a72a81fd1f1909984a844d2888f07f6ee59f68fb", "2dc6f193a7c24b82ab2b0f7c82e5d66246789c67aae27e4ad194595bf82847a4", "2e414e9fc209d6f19eb28c390c45ef113c018b895c4b69852e7105df27f5bf7f", "2f1d38626740802d837b03bde0148ee0de79705c9480482bddd3f24fc406fa2d", "2f357318c8ac8f9c4332eb9845f67a9f7710f21ee955588ff6a4e899f21343ac", "2f5afeff1dbae3219c061704da87caa52626d326027b983cbd2ecb9b38ac1b19", "6b7df73d9357fa9c45a821bbcc952c561319347a5914d36a90b156610d876cc1"], "path": "%SystemRoot%\\microsoft.net\\framework\\v4.0.30319\\<random, matching '[a-z]{8}'>.tmp"}, {"hashes": ["01beadb0bb93aef9b607707c60daaa37d3d8216ab2fe3ba8a9708631d62530b8", "042053d63245bf5d490650290dfc1829f0c9db8bce84dc3937a9e5b938fc159d", "05b86eeff64bfe8195093a96644f36678fd10097a447f1ef40e19535d5cf8b1f", "0b3d264167717d6d77640e61ccec3769016d6eebb644f400ce7b2e3825c51860", "0d15707febee11db830ff11cb77281206406e1badded11774b67832e13d97659", "10e360fdf96f9e3cad105e1390b5505093f51fafde790b2cd4555ddd29752f2b", "14209ffd9ec31e18565cb9c075eb4f0a134449c5dbc72c36b4bdff3e5366da93", "18e46929b95266e2424e801f840c2106271f3204d49223f4eb6f919c36a9d2e2", "198cb4877d9f2de35fa7ea8d420e78f93080df3782cf0a2afe199dbc1f43f289", "1e29ca4150e7c9b737f01d3999f0200216687adfca45623bfc4335eb018a5495", "1e80e90cefc5a4f72848d621e04c1ef7047e6390d658706d8ab00e31be0e614f", "1f5509aa35700ee4a79285a4df39de8fc83f7b715a2bc4d612e23ed95b1e6c8a", "236ec1d43899bd962f2426db70f67d4a12af659d88febcc5c4154ef68554276a", "23f251b932767402189ca60b44b1c8d34aef8aa1d0590e2af7f93fecb047f585", "252573caa7e7a333679f6dfb97ae0afbad0db7125ddeb2c1c44a9d73b4a27e56", "265ccc248b75cc2dcbf19b078672dd08e9e1670373ff45b8d8027e3cd53b4790", "2677d9e396125edbcf22045f43b2e74a6994ad409c590c6a878d09e69ca94330", "27d1a2e1067de23f95866007a72a81fd1f1909984a844d2888f07f6ee59f68fb", "2dc6f193a7c24b82ab2b0f7c82e5d66246789c67aae27e4ad194595bf82847a4", "2e414e9fc209d6f19eb28c390c45ef113c018b895c4b69852e7105df27f5bf7f", "2f1d38626740802d837b03bde0148ee0de79705c9480482bddd3f24fc406fa2d", "2f357318c8ac8f9c4332eb9845f67a9f7710f21ee955588ff6a4e899f21343ac", "2f5afeff1dbae3219c061704da87caa52626d326027b983cbd2ecb9b38ac1b19", "6b7df73d9357fa9c45a821bbcc952c561319347a5914d36a90b156610d876cc1"], "path": "%System32%\\sppsvc.exe"}, {"hashes": ["01beadb0bb93aef9b607707c60daaa37d3d8216ab2fe3ba8a9708631d62530b8", "042053d63245bf5d490650290dfc1829f0c9db8bce84dc3937a9e5b938fc159d", "05b86eeff64bfe8195093a96644f36678fd10097a447f1ef40e19535d5cf8b1f", "0b3d264167717d6d77640e61ccec3769016d6eebb644f400ce7b2e3825c51860", "0d15707febee11db830ff11cb77281206406e1badded11774b67832e13d97659", "10e360fdf96f9e3cad105e1390b5505093f51fafde790b2cd4555ddd29752f2b", "14209ffd9ec31e18565cb9c075eb4f0a134449c5dbc72c36b4bdff3e5366da93", "18e46929b95266e2424e801f840c2106271f3204d49223f4eb6f919c36a9d2e2", "198cb4877d9f2de35fa7ea8d420e78f93080df3782cf0a2afe199dbc1f43f289", "1e29ca4150e7c9b737f01d3999f0200216687adfca45623bfc4335eb018a5495", "1e80e90cefc5a4f72848d621e04c1ef7047e6390d658706d8ab00e31be0e614f", "1f5509aa35700ee4a79285a4df39de8fc83f7b715a2bc4d612e23ed95b1e6c8a", "236ec1d43899bd962f2426db70f67d4a12af659d88febcc5c4154ef68554276a", "23f251b932767402189ca60b44b1c8d34aef8aa1d0590e2af7f93fecb047f585", "252573caa7e7a333679f6dfb97ae0afbad0db7125ddeb2c1c44a9d73b4a27e56", "265ccc248b75cc2dcbf19b078672dd08e9e1670373ff45b8d8027e3cd53b4790", "2677d9e396125edbcf22045f43b2e74a6994ad409c590c6a878d09e69ca94330", "27d1a2e1067de23f95866007a72a81fd1f1909984a844d2888f07f6ee59f68fb", "2dc6f193a7c24b82ab2b0f7c82e5d66246789c67aae27e4ad194595bf82847a4", "2e414e9fc209d6f19eb28c390c45ef113c018b895c4b69852e7105df27f5bf7f", "2f1d38626740802d837b03bde0148ee0de79705c9480482bddd3f24fc406fa2d", "2f357318c8ac8f9c4332eb9845f67a9f7710f21ee955588ff6a4e899f21343ac", "2f5afeff1dbae3219c061704da87caa52626d326027b983cbd2ecb9b38ac1b19", "6b7df73d9357fa9c45a821bbcc952c561319347a5914d36a90b156610d876cc1"], "path": "%ProgramFiles%\\7-Zip\\klonohhl.tmp"}, {"hashes": ["01beadb0bb93aef9b607707c60daaa37d3d8216ab2fe3ba8a9708631d62530b8", "042053d63245bf5d490650290dfc1829f0c9db8bce84dc3937a9e5b938fc159d", "05b86eeff64bfe8195093a96644f36678fd10097a447f1ef40e19535d5cf8b1f", "0b3d264167717d6d77640e61ccec3769016d6eebb644f400ce7b2e3825c51860", "0d15707febee11db830ff11cb77281206406e1badded11774b67832e13d97659", "10e360fdf96f9e3cad105e1390b5505093f51fafde790b2cd4555ddd29752f2b", "14209ffd9ec31e18565cb9c075eb4f0a134449c5dbc72c36b4bdff3e5366da93", "18e46929b95266e2424e801f840c2106271f3204d49223f4eb6f919c36a9d2e2", "198cb4877d9f2de35fa7ea8d420e78f93080df3782cf0a2afe199dbc1f43f289", "1e29ca4150e7c9b737f01d3999f0200216687adfca45623bfc4335eb018a5495", "1e80e90cefc5a4f72848d621e04c1ef7047e6390d658706d8ab00e31be0e614f", "1f5509aa35700ee4a79285a4df39de8fc83f7b715a2bc4d612e23ed95b1e6c8a", "236ec1d43899bd962f2426db70f67d4a12af659d88febcc5c4154ef68554276a", "23f251b932767402189ca60b44b1c8d34aef8aa1d0590e2af7f93fecb047f585", "252573caa7e7a333679f6dfb97ae0afbad0db7125ddeb2c1c44a9d73b4a27e56", "265ccc248b75cc2dcbf19b078672dd08e9e1670373ff45b8d8027e3cd53b4790", "2677d9e396125edbcf22045f43b2e74a6994ad409c590c6a878d09e69ca94330", "27d1a2e1067de23f95866007a72a81fd1f1909984a844d2888f07f6ee59f68fb", "2dc6f193a7c24b82ab2b0f7c82e5d66246789c67aae27e4ad194595bf82847a4", "2e414e9fc209d6f19eb28c390c45ef113c018b895c4b69852e7105df27f5bf7f", "2f1d38626740802d837b03bde0148ee0de79705c9480482bddd3f24fc406fa2d", "2f357318c8ac8f9c4332eb9845f67a9f7710f21ee955588ff6a4e899f21343ac", "2f5afeff1dbae3219c061704da87caa52626d326027b983cbd2ecb9b38ac1b19", "6b7df73d9357fa9c45a821bbcc952c561319347a5914d36a90b156610d876cc1"], "path": "%ProgramFiles%\\7-Zip\\nklemblo.tmp"}, {"hashes": ["01beadb0bb93aef9b607707c60daaa37d3d8216ab2fe3ba8a9708631d62530b8", "042053d63245bf5d490650290dfc1829f0c9db8bce84dc3937a9e5b938fc159d", "05b86eeff64bfe8195093a96644f36678fd10097a447f1ef40e19535d5cf8b1f", "0b3d264167717d6d77640e61ccec3769016d6eebb644f400ce7b2e3825c51860", "0d15707febee11db830ff11cb77281206406e1badded11774b67832e13d97659", "10e360fdf96f9e3cad105e1390b5505093f51fafde790b2cd4555ddd29752f2b", "14209ffd9ec31e18565cb9c075eb4f0a134449c5dbc72c36b4bdff3e5366da93", "18e46929b95266e2424e801f840c2106271f3204d49223f4eb6f919c36a9d2e2", "198cb4877d9f2de35fa7ea8d420e78f93080df3782cf0a2afe199dbc1f43f289", "1e29ca4150e7c9b737f01d3999f0200216687adfca45623bfc4335eb018a5495", "1e80e90cefc5a4f72848d621e04c1ef7047e6390d658706d8ab00e31be0e614f", "1f5509aa35700ee4a79285a4df39de8fc83f7b715a2bc4d612e23ed95b1e6c8a", "236ec1d43899bd962f2426db70f67d4a12af659d88febcc5c4154ef68554276a", "23f251b932767402189ca60b44b1c8d34aef8aa1d0590e2af7f93fecb047f585", "252573caa7e7a333679f6dfb97ae0afbad0db7125ddeb2c1c44a9d73b4a27e56", "265ccc248b75cc2dcbf19b078672dd08e9e1670373ff45b8d8027e3cd53b4790", "2677d9e396125edbcf22045f43b2e74a6994ad409c590c6a878d09e69ca94330", "27d1a2e1067de23f95866007a72a81fd1f1909984a844d2888f07f6ee59f68fb", "2dc6f193a7c24b82ab2b0f7c82e5d66246789c67aae27e4ad194595bf82847a4", "2e414e9fc209d6f19eb28c390c45ef113c018b895c4b69852e7105df27f5bf7f", "2f1d38626740802d837b03bde0148ee0de79705c9480482bddd3f24fc406fa2d", "2f357318c8ac8f9c4332eb9845f67a9f7710f21ee955588ff6a4e899f21343ac", "2f5afeff1dbae3219c061704da87caa52626d326027b983cbd2ecb9b38ac1b19", "6b7df73d9357fa9c45a821bbcc952c561319347a5914d36a90b156610d876cc1"], "path": "%ProgramFiles%\\7-Zip\\nnknaeep.tmp"}, {"hashes": ["01beadb0bb93aef9b607707c60daaa37d3d8216ab2fe3ba8a9708631d62530b8", "042053d63245bf5d490650290dfc1829f0c9db8bce84dc3937a9e5b938fc159d", "05b86eeff64bfe8195093a96644f36678fd10097a447f1ef40e19535d5cf8b1f", "0b3d264167717d6d77640e61ccec3769016d6eebb644f400ce7b2e3825c51860", "0d15707febee11db830ff11cb77281206406e1badded11774b67832e13d97659", "10e360fdf96f9e3cad105e1390b5505093f51fafde790b2cd4555ddd29752f2b", "14209ffd9ec31e18565cb9c075eb4f0a134449c5dbc72c36b4bdff3e5366da93", "18e46929b95266e2424e801f840c2106271f3204d49223f4eb6f919c36a9d2e2", "198cb4877d9f2de35fa7ea8d420e78f93080df3782cf0a2afe199dbc1f43f289", "1e29ca4150e7c9b737f01d3999f0200216687adfca45623bfc4335eb018a5495", "1e80e90cefc5a4f72848d621e04c1ef7047e6390d658706d8ab00e31be0e614f", "1f5509aa35700ee4a79285a4df39de8fc83f7b715a2bc4d612e23ed95b1e6c8a", "236ec1d43899bd962f2426db70f67d4a12af659d88febcc5c4154ef68554276a", "23f251b932767402189ca60b44b1c8d34aef8aa1d0590e2af7f93fecb047f585", "252573caa7e7a333679f6dfb97ae0afbad0db7125ddeb2c1c44a9d73b4a27e56", "265ccc248b75cc2dcbf19b078672dd08e9e1670373ff45b8d8027e3cd53b4790", "2677d9e396125edbcf22045f43b2e74a6994ad409c590c6a878d09e69ca94330", "27d1a2e1067de23f95866007a72a81fd1f1909984a844d2888f07f6ee59f68fb", "2dc6f193a7c24b82ab2b0f7c82e5d66246789c67aae27e4ad194595bf82847a4", "2e414e9fc209d6f19eb28c390c45ef113c018b895c4b69852e7105df27f5bf7f", "2f1d38626740802d837b03bde0148ee0de79705c9480482bddd3f24fc406fa2d", "2f357318c8ac8f9c4332eb9845f67a9f7710f21ee955588ff6a4e899f21343ac", "2f5afeff1dbae3219c061704da87caa52626d326027b983cbd2ecb9b38ac1b19", "6b7df73d9357fa9c45a821bbcc952c561319347a5914d36a90b156610d876cc1"], "path": "%CommonProgramFiles%\\Microsoft Shared\\MSInfo\\gakpqfhp.tmp"}, {"hashes": ["01beadb0bb93aef9b607707c60daaa37d3d8216ab2fe3ba8a9708631d62530b8", "042053d63245bf5d490650290dfc1829f0c9db8bce84dc3937a9e5b938fc159d", "05b86eeff64bfe8195093a96644f36678fd10097a447f1ef40e19535d5cf8b1f", "0b3d264167717d6d77640e61ccec3769016d6eebb644f400ce7b2e3825c51860", "0d15707febee11db830ff11cb77281206406e1badded11774b67832e13d97659", "10e360fdf96f9e3cad105e1390b5505093f51fafde790b2cd4555ddd29752f2b", "14209ffd9ec31e18565cb9c075eb4f0a134449c5dbc72c36b4bdff3e5366da93", "18e46929b95266e2424e801f840c2106271f3204d49223f4eb6f919c36a9d2e2", "198cb4877d9f2de35fa7ea8d420e78f93080df3782cf0a2afe199dbc1f43f289", "1e29ca4150e7c9b737f01d3999f0200216687adfca45623bfc4335eb018a5495", "1e80e90cefc5a4f72848d621e04c1ef7047e6390d658706d8ab00e31be0e614f", "1f5509aa35700ee4a79285a4df39de8fc83f7b715a2bc4d612e23ed95b1e6c8a", "236ec1d43899bd962f2426db70f67d4a12af659d88febcc5c4154ef68554276a", "23f251b932767402189ca60b44b1c8d34aef8aa1d0590e2af7f93fecb047f585", "252573caa7e7a333679f6dfb97ae0afbad0db7125ddeb2c1c44a9d73b4a27e56", "265ccc248b75cc2dcbf19b078672dd08e9e1670373ff45b8d8027e3cd53b4790", "2677d9e396125edbcf22045f43b2e74a6994ad409c590c6a878d09e69ca94330", "27d1a2e1067de23f95866007a72a81fd1f1909984a844d2888f07f6ee59f68fb", "2dc6f193a7c24b82ab2b0f7c82e5d66246789c67aae27e4ad194595bf82847a4", "2e414e9fc209d6f19eb28c390c45ef113c018b895c4b69852e7105df27f5bf7f", "2f1d38626740802d837b03bde0148ee0de79705c9480482bddd3f24fc406fa2d", "2f357318c8ac8f9c4332eb9845f67a9f7710f21ee955588ff6a4e899f21343ac", "2f5afeff1dbae3219c061704da87caa52626d326027b983cbd2ecb9b38ac1b19", "6b7df73d9357fa9c45a821bbcc952c561319347a5914d36a90b156610d876cc1"], "path": "%CommonProgramFiles%\\Microsoft Shared\\OFFICE14\\nimidobm.tmp"}, {"hashes": ["01beadb0bb93aef9b607707c60daaa37d3d8216ab2fe3ba8a9708631d62530b8", "042053d63245bf5d490650290dfc1829f0c9db8bce84dc3937a9e5b938fc159d", "05b86eeff64bfe8195093a96644f36678fd10097a447f1ef40e19535d5cf8b1f", "0b3d264167717d6d77640e61ccec3769016d6eebb644f400ce7b2e3825c51860", "0d15707febee11db830ff11cb77281206406e1badded11774b67832e13d97659", "10e360fdf96f9e3cad105e1390b5505093f51fafde790b2cd4555ddd29752f2b", "14209ffd9ec31e18565cb9c075eb4f0a134449c5dbc72c36b4bdff3e5366da93", "18e46929b95266e2424e801f840c2106271f3204d49223f4eb6f919c36a9d2e2", "198cb4877d9f2de35fa7ea8d420e78f93080df3782cf0a2afe199dbc1f43f289", "1e29ca4150e7c9b737f01d3999f0200216687adfca45623bfc4335eb018a5495", "1e80e90cefc5a4f72848d621e04c1ef7047e6390d658706d8ab00e31be0e614f", "1f5509aa35700ee4a79285a4df39de8fc83f7b715a2bc4d612e23ed95b1e6c8a", "236ec1d43899bd962f2426db70f67d4a12af659d88febcc5c4154ef68554276a", "23f251b932767402189ca60b44b1c8d34aef8aa1d0590e2af7f93fecb047f585", "252573caa7e7a333679f6dfb97ae0afbad0db7125ddeb2c1c44a9d73b4a27e56", "265ccc248b75cc2dcbf19b078672dd08e9e1670373ff45b8d8027e3cd53b4790", "2677d9e396125edbcf22045f43b2e74a6994ad409c590c6a878d09e69ca94330", "27d1a2e1067de23f95866007a72a81fd1f1909984a844d2888f07f6ee59f68fb", "2dc6f193a7c24b82ab2b0f7c82e5d66246789c67aae27e4ad194595bf82847a4", "2e414e9fc209d6f19eb28c390c45ef113c018b895c4b69852e7105df27f5bf7f", "2f1d38626740802d837b03bde0148ee0de79705c9480482bddd3f24fc406fa2d", "2f357318c8ac8f9c4332eb9845f67a9f7710f21ee955588ff6a4e899f21343ac", "2f5afeff1dbae3219c061704da87caa52626d326027b983cbd2ecb9b38ac1b19", "6b7df73d9357fa9c45a821bbcc952c561319347a5914d36a90b156610d876cc1"], "path": "%CommonProgramFiles%\\Microsoft Shared\\VSTO\\10.0\\knqknjlo.tmp"}, {"hashes": ["01beadb0bb93aef9b607707c60daaa37d3d8216ab2fe3ba8a9708631d62530b8", "042053d63245bf5d490650290dfc1829f0c9db8bce84dc3937a9e5b938fc159d", "05b86eeff64bfe8195093a96644f36678fd10097a447f1ef40e19535d5cf8b1f", "0b3d264167717d6d77640e61ccec3769016d6eebb644f400ce7b2e3825c51860", "0d15707febee11db830ff11cb77281206406e1badded11774b67832e13d97659", "10e360fdf96f9e3cad105e1390b5505093f51fafde790b2cd4555ddd29752f2b", "14209ffd9ec31e18565cb9c075eb4f0a134449c5dbc72c36b4bdff3e5366da93", "18e46929b95266e2424e801f840c2106271f3204d49223f4eb6f919c36a9d2e2", "198cb4877d9f2de35fa7ea8d420e78f93080df3782cf0a2afe199dbc1f43f289", "1e29ca4150e7c9b737f01d3999f0200216687adfca45623bfc4335eb018a5495", "1e80e90cefc5a4f72848d621e04c1ef7047e6390d658706d8ab00e31be0e614f", "1f5509aa35700ee4a79285a4df39de8fc83f7b715a2bc4d612e23ed95b1e6c8a", "236ec1d43899bd962f2426db70f67d4a12af659d88febcc5c4154ef68554276a", "23f251b932767402189ca60b44b1c8d34aef8aa1d0590e2af7f93fecb047f585", "252573caa7e7a333679f6dfb97ae0afbad0db7125ddeb2c1c44a9d73b4a27e56", "265ccc248b75cc2dcbf19b078672dd08e9e1670373ff45b8d8027e3cd53b4790", "2677d9e396125edbcf22045f43b2e74a6994ad409c590c6a878d09e69ca94330", "27d1a2e1067de23f95866007a72a81fd1f1909984a844d2888f07f6ee59f68fb", "2dc6f193a7c24b82ab2b0f7c82e5d66246789c67aae27e4ad194595bf82847a4", "2e414e9fc209d6f19eb28c390c45ef113c018b895c4b69852e7105df27f5bf7f", "2f1d38626740802d837b03bde0148ee0de79705c9480482bddd3f24fc406fa2d", "2f357318c8ac8f9c4332eb9845f67a9f7710f21ee955588ff6a4e899f21343ac", "2f5afeff1dbae3219c061704da87caa52626d326027b983cbd2ecb9b38ac1b19", "6b7df73d9357fa9c45a821bbcc952c561319347a5914d36a90b156610d876cc1"], "path": "%CommonProgramFiles%\\Microsoft Shared\\ink\\akaajeom.tmp"}, {"hashes": ["01beadb0bb93aef9b607707c60daaa37d3d8216ab2fe3ba8a9708631d62530b8", "042053d63245bf5d490650290dfc1829f0c9db8bce84dc3937a9e5b938fc159d", "05b86eeff64bfe8195093a96644f36678fd10097a447f1ef40e19535d5cf8b1f", "0b3d264167717d6d77640e61ccec3769016d6eebb644f400ce7b2e3825c51860", "0d15707febee11db830ff11cb77281206406e1badded11774b67832e13d97659", "10e360fdf96f9e3cad105e1390b5505093f51fafde790b2cd4555ddd29752f2b", "14209ffd9ec31e18565cb9c075eb4f0a134449c5dbc72c36b4bdff3e5366da93", "18e46929b95266e2424e801f840c2106271f3204d49223f4eb6f919c36a9d2e2", "198cb4877d9f2de35fa7ea8d420e78f93080df3782cf0a2afe199dbc1f43f289", "1e29ca4150e7c9b737f01d3999f0200216687adfca45623bfc4335eb018a5495", "1e80e90cefc5a4f72848d621e04c1ef7047e6390d658706d8ab00e31be0e614f", "1f5509aa35700ee4a79285a4df39de8fc83f7b715a2bc4d612e23ed95b1e6c8a", "236ec1d43899bd962f2426db70f67d4a12af659d88febcc5c4154ef68554276a", "23f251b932767402189ca60b44b1c8d34aef8aa1d0590e2af7f93fecb047f585", "252573caa7e7a333679f6dfb97ae0afbad0db7125ddeb2c1c44a9d73b4a27e56", "265ccc248b75cc2dcbf19b078672dd08e9e1670373ff45b8d8027e3cd53b4790", "2677d9e396125edbcf22045f43b2e74a6994ad409c590c6a878d09e69ca94330", "27d1a2e1067de23f95866007a72a81fd1f1909984a844d2888f07f6ee59f68fb", "2dc6f193a7c24b82ab2b0f7c82e5d66246789c67aae27e4ad194595bf82847a4", "2e414e9fc209d6f19eb28c390c45ef113c018b895c4b69852e7105df27f5bf7f", "2f1d38626740802d837b03bde0148ee0de79705c9480482bddd3f24fc406fa2d", "2f357318c8ac8f9c4332eb9845f67a9f7710f21ee955588ff6a4e899f21343ac", "2f5afeff1dbae3219c061704da87caa52626d326027b983cbd2ecb9b38ac1b19", "6b7df73d9357fa9c45a821bbcc952c561319347a5914d36a90b156610d876cc1"], "path": "%CommonProgramFiles%\\Microsoft Shared\\ink\\eqiodbdg.tmp"}, {"hashes": ["01beadb0bb93aef9b607707c60daaa37d3d8216ab2fe3ba8a9708631d62530b8", "042053d63245bf5d490650290dfc1829f0c9db8bce84dc3937a9e5b938fc159d", "05b86eeff64bfe8195093a96644f36678fd10097a447f1ef40e19535d5cf8b1f", "0b3d264167717d6d77640e61ccec3769016d6eebb644f400ce7b2e3825c51860", "0d15707febee11db830ff11cb77281206406e1badded11774b67832e13d97659", "10e360fdf96f9e3cad105e1390b5505093f51fafde790b2cd4555ddd29752f2b", "14209ffd9ec31e18565cb9c075eb4f0a134449c5dbc72c36b4bdff3e5366da93", "18e46929b95266e2424e801f840c2106271f3204d49223f4eb6f919c36a9d2e2", "198cb4877d9f2de35fa7ea8d420e78f93080df3782cf0a2afe199dbc1f43f289", "1e29ca4150e7c9b737f01d3999f0200216687adfca45623bfc4335eb018a5495", "1e80e90cefc5a4f72848d621e04c1ef7047e6390d658706d8ab00e31be0e614f", "1f5509aa35700ee4a79285a4df39de8fc83f7b715a2bc4d612e23ed95b1e6c8a", "236ec1d43899bd962f2426db70f67d4a12af659d88febcc5c4154ef68554276a", "23f251b932767402189ca60b44b1c8d34aef8aa1d0590e2af7f93fecb047f585", "252573caa7e7a333679f6dfb97ae0afbad0db7125ddeb2c1c44a9d73b4a27e56", "265ccc248b75cc2dcbf19b078672dd08e9e1670373ff45b8d8027e3cd53b4790", "2677d9e396125edbcf22045f43b2e74a6994ad409c590c6a878d09e69ca94330", "27d1a2e1067de23f95866007a72a81fd1f1909984a844d2888f07f6ee59f68fb", "2dc6f193a7c24b82ab2b0f7c82e5d66246789c67aae27e4ad194595bf82847a4", "2e414e9fc209d6f19eb28c390c45ef113c018b895c4b69852e7105df27f5bf7f", "2f1d38626740802d837b03bde0148ee0de79705c9480482bddd3f24fc406fa2d", "2f357318c8ac8f9c4332eb9845f67a9f7710f21ee955588ff6a4e899f21343ac", "2f5afeff1dbae3219c061704da87caa52626d326027b983cbd2ecb9b38ac1b19", "6b7df73d9357fa9c45a821bbcc952c561319347a5914d36a90b156610d876cc1"], "path": "%CommonProgramFiles%\\Microsoft Shared\\ink\\gdaoemja.tmp"}, {"hashes": ["01beadb0bb93aef9b607707c60daaa37d3d8216ab2fe3ba8a9708631d62530b8", "042053d63245bf5d490650290dfc1829f0c9db8bce84dc3937a9e5b938fc159d", "05b86eeff64bfe8195093a96644f36678fd10097a447f1ef40e19535d5cf8b1f", "0b3d264167717d6d77640e61ccec3769016d6eebb644f400ce7b2e3825c51860", "0d15707febee11db830ff11cb77281206406e1badded11774b67832e13d97659", "10e360fdf96f9e3cad105e1390b5505093f51fafde790b2cd4555ddd29752f2b", "14209ffd9ec31e18565cb9c075eb4f0a134449c5dbc72c36b4bdff3e5366da93", "18e46929b95266e2424e801f840c2106271f3204d49223f4eb6f919c36a9d2e2", "198cb4877d9f2de35fa7ea8d420e78f93080df3782cf0a2afe199dbc1f43f289", "1e29ca4150e7c9b737f01d3999f0200216687adfca45623bfc4335eb018a5495", "1e80e90cefc5a4f72848d621e04c1ef7047e6390d658706d8ab00e31be0e614f", "1f5509aa35700ee4a79285a4df39de8fc83f7b715a2bc4d612e23ed95b1e6c8a", "236ec1d43899bd962f2426db70f67d4a12af659d88febcc5c4154ef68554276a", "23f251b932767402189ca60b44b1c8d34aef8aa1d0590e2af7f93fecb047f585", "252573caa7e7a333679f6dfb97ae0afbad0db7125ddeb2c1c44a9d73b4a27e56", "265ccc248b75cc2dcbf19b078672dd08e9e1670373ff45b8d8027e3cd53b4790", "2677d9e396125edbcf22045f43b2e74a6994ad409c590c6a878d09e69ca94330", "27d1a2e1067de23f95866007a72a81fd1f1909984a844d2888f07f6ee59f68fb", "2dc6f193a7c24b82ab2b0f7c82e5d66246789c67aae27e4ad194595bf82847a4", "2e414e9fc209d6f19eb28c390c45ef113c018b895c4b69852e7105df27f5bf7f", "2f1d38626740802d837b03bde0148ee0de79705c9480482bddd3f24fc406fa2d", "2f357318c8ac8f9c4332eb9845f67a9f7710f21ee955588ff6a4e899f21343ac", "2f5afeff1dbae3219c061704da87caa52626d326027b983cbd2ecb9b38ac1b19", "6b7df73d9357fa9c45a821bbcc952c561319347a5914d36a90b156610d876cc1"], "path": "%CommonProgramFiles%\\Microsoft Shared\\ink\\onakajab.tmp"}, {"hashes": ["01beadb0bb93aef9b607707c60daaa37d3d8216ab2fe3ba8a9708631d62530b8", "042053d63245bf5d490650290dfc1829f0c9db8bce84dc3937a9e5b938fc159d", "05b86eeff64bfe8195093a96644f36678fd10097a447f1ef40e19535d5cf8b1f", "0b3d264167717d6d77640e61ccec3769016d6eebb644f400ce7b2e3825c51860", "0d15707febee11db830ff11cb77281206406e1badded11774b67832e13d97659", "10e360fdf96f9e3cad105e1390b5505093f51fafde790b2cd4555ddd29752f2b", "14209ffd9ec31e18565cb9c075eb4f0a134449c5dbc72c36b4bdff3e5366da93", "18e46929b95266e2424e801f840c2106271f3204d49223f4eb6f919c36a9d2e2", "198cb4877d9f2de35fa7ea8d420e78f93080df3782cf0a2afe199dbc1f43f289", "1e29ca4150e7c9b737f01d3999f0200216687adfca45623bfc4335eb018a5495", "1e80e90cefc5a4f72848d621e04c1ef7047e6390d658706d8ab00e31be0e614f", "1f5509aa35700ee4a79285a4df39de8fc83f7b715a2bc4d612e23ed95b1e6c8a", "236ec1d43899bd962f2426db70f67d4a12af659d88febcc5c4154ef68554276a", "23f251b932767402189ca60b44b1c8d34aef8aa1d0590e2af7f93fecb047f585", "252573caa7e7a333679f6dfb97ae0afbad0db7125ddeb2c1c44a9d73b4a27e56", "265ccc248b75cc2dcbf19b078672dd08e9e1670373ff45b8d8027e3cd53b4790", "2677d9e396125edbcf22045f43b2e74a6994ad409c590c6a878d09e69ca94330", "27d1a2e1067de23f95866007a72a81fd1f1909984a844d2888f07f6ee59f68fb", "2dc6f193a7c24b82ab2b0f7c82e5d66246789c67aae27e4ad194595bf82847a4", "2e414e9fc209d6f19eb28c390c45ef113c018b895c4b69852e7105df27f5bf7f", "2f1d38626740802d837b03bde0148ee0de79705c9480482bddd3f24fc406fa2d", "2f357318c8ac8f9c4332eb9845f67a9f7710f21ee955588ff6a4e899f21343ac", "2f5afeff1dbae3219c061704da87caa52626d326027b983cbd2ecb9b38ac1b19", "6b7df73d9357fa9c45a821bbcc952c561319347a5914d36a90b156610d876cc1"], "path": "%ProgramFiles%\\DVD Maker\\gmoggjie.tmp"}, {"hashes": ["01beadb0bb93aef9b607707c60daaa37d3d8216ab2fe3ba8a9708631d62530b8", "042053d63245bf5d490650290dfc1829f0c9db8bce84dc3937a9e5b938fc159d", "05b86eeff64bfe8195093a96644f36678fd10097a447f1ef40e19535d5cf8b1f", "0b3d264167717d6d77640e61ccec3769016d6eebb644f400ce7b2e3825c51860", "0d15707febee11db830ff11cb77281206406e1badded11774b67832e13d97659", "10e360fdf96f9e3cad105e1390b5505093f51fafde790b2cd4555ddd29752f2b", "14209ffd9ec31e18565cb9c075eb4f0a134449c5dbc72c36b4bdff3e5366da93", "18e46929b95266e2424e801f840c2106271f3204d49223f4eb6f919c36a9d2e2", "198cb4877d9f2de35fa7ea8d420e78f93080df3782cf0a2afe199dbc1f43f289", "1e29ca4150e7c9b737f01d3999f0200216687adfca45623bfc4335eb018a5495", "1e80e90cefc5a4f72848d621e04c1ef7047e6390d658706d8ab00e31be0e614f", "1f5509aa35700ee4a79285a4df39de8fc83f7b715a2bc4d612e23ed95b1e6c8a", "236ec1d43899bd962f2426db70f67d4a12af659d88febcc5c4154ef68554276a", "23f251b932767402189ca60b44b1c8d34aef8aa1d0590e2af7f93fecb047f585", "252573caa7e7a333679f6dfb97ae0afbad0db7125ddeb2c1c44a9d73b4a27e56", "265ccc248b75cc2dcbf19b078672dd08e9e1670373ff45b8d8027e3cd53b4790", "2677d9e396125edbcf22045f43b2e74a6994ad409c590c6a878d09e69ca94330", "27d1a2e1067de23f95866007a72a81fd1f1909984a844d2888f07f6ee59f68fb", "2dc6f193a7c24b82ab2b0f7c82e5d66246789c67aae27e4ad194595bf82847a4", "2e414e9fc209d6f19eb28c390c45ef113c018b895c4b69852e7105df27f5bf7f", "2f1d38626740802d837b03bde0148ee0de79705c9480482bddd3f24fc406fa2d", "2f357318c8ac8f9c4332eb9845f67a9f7710f21ee955588ff6a4e899f21343ac", "2f5afeff1dbae3219c061704da87caa52626d326027b983cbd2ecb9b38ac1b19", "6b7df73d9357fa9c45a821bbcc952c561319347a5914d36a90b156610d876cc1"], "path": "%ProgramFiles%\\Internet Explorer\\emdpmifb.tmp"}, {"hashes": ["01beadb0bb93aef9b607707c60daaa37d3d8216ab2fe3ba8a9708631d62530b8", "042053d63245bf5d490650290dfc1829f0c9db8bce84dc3937a9e5b938fc159d", "05b86eeff64bfe8195093a96644f36678fd10097a447f1ef40e19535d5cf8b1f", "0b3d264167717d6d77640e61ccec3769016d6eebb644f400ce7b2e3825c51860", "0d15707febee11db830ff11cb77281206406e1badded11774b67832e13d97659", "10e360fdf96f9e3cad105e1390b5505093f51fafde790b2cd4555ddd29752f2b", "14209ffd9ec31e18565cb9c075eb4f0a134449c5dbc72c36b4bdff3e5366da93", "18e46929b95266e2424e801f840c2106271f3204d49223f4eb6f919c36a9d2e2", "198cb4877d9f2de35fa7ea8d420e78f93080df3782cf0a2afe199dbc1f43f289", "1e29ca4150e7c9b737f01d3999f0200216687adfca45623bfc4335eb018a5495", "1e80e90cefc5a4f72848d621e04c1ef7047e6390d658706d8ab00e31be0e614f", "1f5509aa35700ee4a79285a4df39de8fc83f7b715a2bc4d612e23ed95b1e6c8a", "236ec1d43899bd962f2426db70f67d4a12af659d88febcc5c4154ef68554276a", "23f251b932767402189ca60b44b1c8d34aef8aa1d0590e2af7f93fecb047f585", "252573caa7e7a333679f6dfb97ae0afbad0db7125ddeb2c1c44a9d73b4a27e56", "265ccc248b75cc2dcbf19b078672dd08e9e1670373ff45b8d8027e3cd53b4790", "2677d9e396125edbcf22045f43b2e74a6994ad409c590c6a878d09e69ca94330", "27d1a2e1067de23f95866007a72a81fd1f1909984a844d2888f07f6ee59f68fb", "2dc6f193a7c24b82ab2b0f7c82e5d66246789c67aae27e4ad194595bf82847a4", "2e414e9fc209d6f19eb28c390c45ef113c018b895c4b69852e7105df27f5bf7f", "2f1d38626740802d837b03bde0148ee0de79705c9480482bddd3f24fc406fa2d", "2f357318c8ac8f9c4332eb9845f67a9f7710f21ee955588ff6a4e899f21343ac", "2f5afeff1dbae3219c061704da87caa52626d326027b983cbd2ecb9b38ac1b19", "6b7df73d9357fa9c45a821bbcc952c561319347a5914d36a90b156610d876cc1"], "path": "%ProgramFiles%\\Internet Explorer\\odadaonc.tmp"}, {"hashes": ["01beadb0bb93aef9b607707c60daaa37d3d8216ab2fe3ba8a9708631d62530b8", "042053d63245bf5d490650290dfc1829f0c9db8bce84dc3937a9e5b938fc159d", "05b86eeff64bfe8195093a96644f36678fd10097a447f1ef40e19535d5cf8b1f", "0b3d264167717d6d77640e61ccec3769016d6eebb644f400ce7b2e3825c51860", "0d15707febee11db830ff11cb77281206406e1badded11774b67832e13d97659", "10e360fdf96f9e3cad105e1390b5505093f51fafde790b2cd4555ddd29752f2b", "14209ffd9ec31e18565cb9c075eb4f0a134449c5dbc72c36b4bdff3e5366da93", "18e46929b95266e2424e801f840c2106271f3204d49223f4eb6f919c36a9d2e2", "198cb4877d9f2de35fa7ea8d420e78f93080df3782cf0a2afe199dbc1f43f289", "1e29ca4150e7c9b737f01d3999f0200216687adfca45623bfc4335eb018a5495", "1e80e90cefc5a4f72848d621e04c1ef7047e6390d658706d8ab00e31be0e614f", "1f5509aa35700ee4a79285a4df39de8fc83f7b715a2bc4d612e23ed95b1e6c8a", "236ec1d43899bd962f2426db70f67d4a12af659d88febcc5c4154ef68554276a", "23f251b932767402189ca60b44b1c8d34aef8aa1d0590e2af7f93fecb047f585", "252573caa7e7a333679f6dfb97ae0afbad0db7125ddeb2c1c44a9d73b4a27e56", "265ccc248b75cc2dcbf19b078672dd08e9e1670373ff45b8d8027e3cd53b4790", "2677d9e396125edbcf22045f43b2e74a6994ad409c590c6a878d09e69ca94330", "27d1a2e1067de23f95866007a72a81fd1f1909984a844d2888f07f6ee59f68fb", "2dc6f193a7c24b82ab2b0f7c82e5d66246789c67aae27e4ad194595bf82847a4", "2e414e9fc209d6f19eb28c390c45ef113c018b895c4b69852e7105df27f5bf7f", "2f1d38626740802d837b03bde0148ee0de79705c9480482bddd3f24fc406fa2d", "2f357318c8ac8f9c4332eb9845f67a9f7710f21ee955588ff6a4e899f21343ac", "2f5afeff1dbae3219c061704da87caa52626d326027b983cbd2ecb9b38ac1b19", "6b7df73d9357fa9c45a821bbcc952c561319347a5914d36a90b156610d876cc1"], "path": "%ProgramFiles%\\Java\\jre6\\bin\\aglddoil.tmp"}, {"hashes": ["01beadb0bb93aef9b607707c60daaa37d3d8216ab2fe3ba8a9708631d62530b8", "042053d63245bf5d490650290dfc1829f0c9db8bce84dc3937a9e5b938fc159d", "05b86eeff64bfe8195093a96644f36678fd10097a447f1ef40e19535d5cf8b1f", "0b3d264167717d6d77640e61ccec3769016d6eebb644f400ce7b2e3825c51860", "0d15707febee11db830ff11cb77281206406e1badded11774b67832e13d97659", "10e360fdf96f9e3cad105e1390b5505093f51fafde790b2cd4555ddd29752f2b", "14209ffd9ec31e18565cb9c075eb4f0a134449c5dbc72c36b4bdff3e5366da93", "18e46929b95266e2424e801f840c2106271f3204d49223f4eb6f919c36a9d2e2", "198cb4877d9f2de35fa7ea8d420e78f93080df3782cf0a2afe199dbc1f43f289", "1e29ca4150e7c9b737f01d3999f0200216687adfca45623bfc4335eb018a5495", "1e80e90cefc5a4f72848d621e04c1ef7047e6390d658706d8ab00e31be0e614f", "1f5509aa35700ee4a79285a4df39de8fc83f7b715a2bc4d612e23ed95b1e6c8a", "236ec1d43899bd962f2426db70f67d4a12af659d88febcc5c4154ef68554276a", "23f251b932767402189ca60b44b1c8d34aef8aa1d0590e2af7f93fecb047f585", "252573caa7e7a333679f6dfb97ae0afbad0db7125ddeb2c1c44a9d73b4a27e56", "265ccc248b75cc2dcbf19b078672dd08e9e1670373ff45b8d8027e3cd53b4790", "2677d9e396125edbcf22045f43b2e74a6994ad409c590c6a878d09e69ca94330", "27d1a2e1067de23f95866007a72a81fd1f1909984a844d2888f07f6ee59f68fb", "2dc6f193a7c24b82ab2b0f7c82e5d66246789c67aae27e4ad194595bf82847a4", "2e414e9fc209d6f19eb28c390c45ef113c018b895c4b69852e7105df27f5bf7f", "2f1d38626740802d837b03bde0148ee0de79705c9480482bddd3f24fc406fa2d", "2f357318c8ac8f9c4332eb9845f67a9f7710f21ee955588ff6a4e899f21343ac", "2f5afeff1dbae3219c061704da87caa52626d326027b983cbd2ecb9b38ac1b19", "6b7df73d9357fa9c45a821bbcc952c561319347a5914d36a90b156610d876cc1"], "path": "%ProgramFiles%\\Java\\jre6\\bin\\bhlnifll.tmp"}, {"hashes": ["01beadb0bb93aef9b607707c60daaa37d3d8216ab2fe3ba8a9708631d62530b8", "042053d63245bf5d490650290dfc1829f0c9db8bce84dc3937a9e5b938fc159d", "05b86eeff64bfe8195093a96644f36678fd10097a447f1ef40e19535d5cf8b1f", "0b3d264167717d6d77640e61ccec3769016d6eebb644f400ce7b2e3825c51860", "0d15707febee11db830ff11cb77281206406e1badded11774b67832e13d97659", "10e360fdf96f9e3cad105e1390b5505093f51fafde790b2cd4555ddd29752f2b", "14209ffd9ec31e18565cb9c075eb4f0a134449c5dbc72c36b4bdff3e5366da93", "18e46929b95266e2424e801f840c2106271f3204d49223f4eb6f919c36a9d2e2", "198cb4877d9f2de35fa7ea8d420e78f93080df3782cf0a2afe199dbc1f43f289", "1e29ca4150e7c9b737f01d3999f0200216687adfca45623bfc4335eb018a5495", "1e80e90cefc5a4f72848d621e04c1ef7047e6390d658706d8ab00e31be0e614f", "1f5509aa35700ee4a79285a4df39de8fc83f7b715a2bc4d612e23ed95b1e6c8a", "236ec1d43899bd962f2426db70f67d4a12af659d88febcc5c4154ef68554276a", "23f251b932767402189ca60b44b1c8d34aef8aa1d0590e2af7f93fecb047f585", "252573caa7e7a333679f6dfb97ae0afbad0db7125ddeb2c1c44a9d73b4a27e56", "265ccc248b75cc2dcbf19b078672dd08e9e1670373ff45b8d8027e3cd53b4790", "2677d9e396125edbcf22045f43b2e74a6994ad409c590c6a878d09e69ca94330", "27d1a2e1067de23f95866007a72a81fd1f1909984a844d2888f07f6ee59f68fb", "2dc6f193a7c24b82ab2b0f7c82e5d66246789c67aae27e4ad194595bf82847a4", "2e414e9fc209d6f19eb28c390c45ef113c018b895c4b69852e7105df27f5bf7f", "2f1d38626740802d837b03bde0148ee0de79705c9480482bddd3f24fc406fa2d", "2f357318c8ac8f9c4332eb9845f67a9f7710f21ee955588ff6a4e899f21343ac", "2f5afeff1dbae3219c061704da87caa52626d326027b983cbd2ecb9b38ac1b19", "6b7df73d9357fa9c45a821bbcc952c561319347a5914d36a90b156610d876cc1"], "path": "%ProgramFiles%\\Java\\jre6\\bin\\onnmbqjl.tmp"}, {"hashes": ["01beadb0bb93aef9b607707c60daaa37d3d8216ab2fe3ba8a9708631d62530b8", "042053d63245bf5d490650290dfc1829f0c9db8bce84dc3937a9e5b938fc159d", "05b86eeff64bfe8195093a96644f36678fd10097a447f1ef40e19535d5cf8b1f", "0b3d264167717d6d77640e61ccec3769016d6eebb644f400ce7b2e3825c51860", "0d15707febee11db830ff11cb77281206406e1badded11774b67832e13d97659", "10e360fdf96f9e3cad105e1390b5505093f51fafde790b2cd4555ddd29752f2b", "14209ffd9ec31e18565cb9c075eb4f0a134449c5dbc72c36b4bdff3e5366da93", "18e46929b95266e2424e801f840c2106271f3204d49223f4eb6f919c36a9d2e2", "198cb4877d9f2de35fa7ea8d420e78f93080df3782cf0a2afe199dbc1f43f289", "1e29ca4150e7c9b737f01d3999f0200216687adfca45623bfc4335eb018a5495", "1e80e90cefc5a4f72848d621e04c1ef7047e6390d658706d8ab00e31be0e614f", "1f5509aa35700ee4a79285a4df39de8fc83f7b715a2bc4d612e23ed95b1e6c8a", "236ec1d43899bd962f2426db70f67d4a12af659d88febcc5c4154ef68554276a", "23f251b932767402189ca60b44b1c8d34aef8aa1d0590e2af7f93fecb047f585", "252573caa7e7a333679f6dfb97ae0afbad0db7125ddeb2c1c44a9d73b4a27e56", "265ccc248b75cc2dcbf19b078672dd08e9e1670373ff45b8d8027e3cd53b4790", "2677d9e396125edbcf22045f43b2e74a6994ad409c590c6a878d09e69ca94330", "27d1a2e1067de23f95866007a72a81fd1f1909984a844d2888f07f6ee59f68fb", "2dc6f193a7c24b82ab2b0f7c82e5d66246789c67aae27e4ad194595bf82847a4", "2e414e9fc209d6f19eb28c390c45ef113c018b895c4b69852e7105df27f5bf7f", "2f1d38626740802d837b03bde0148ee0de79705c9480482bddd3f24fc406fa2d", "2f357318c8ac8f9c4332eb9845f67a9f7710f21ee955588ff6a4e899f21343ac", "2f5afeff1dbae3219c061704da87caa52626d326027b983cbd2ecb9b38ac1b19", "6b7df73d9357fa9c45a821bbcc952c561319347a5914d36a90b156610d876cc1"], "path": "%ProgramFiles%\\Java\\jre7\\bin\\ckillgah.tmp"}, {"hashes": ["01beadb0bb93aef9b607707c60daaa37d3d8216ab2fe3ba8a9708631d62530b8", "042053d63245bf5d490650290dfc1829f0c9db8bce84dc3937a9e5b938fc159d", "05b86eeff64bfe8195093a96644f36678fd10097a447f1ef40e19535d5cf8b1f", "0b3d264167717d6d77640e61ccec3769016d6eebb644f400ce7b2e3825c51860", "0d15707febee11db830ff11cb77281206406e1badded11774b67832e13d97659", "10e360fdf96f9e3cad105e1390b5505093f51fafde790b2cd4555ddd29752f2b", "14209ffd9ec31e18565cb9c075eb4f0a134449c5dbc72c36b4bdff3e5366da93", "18e46929b95266e2424e801f840c2106271f3204d49223f4eb6f919c36a9d2e2", "198cb4877d9f2de35fa7ea8d420e78f93080df3782cf0a2afe199dbc1f43f289", "1e29ca4150e7c9b737f01d3999f0200216687adfca45623bfc4335eb018a5495", "1e80e90cefc5a4f72848d621e04c1ef7047e6390d658706d8ab00e31be0e614f", "1f5509aa35700ee4a79285a4df39de8fc83f7b715a2bc4d612e23ed95b1e6c8a", "236ec1d43899bd962f2426db70f67d4a12af659d88febcc5c4154ef68554276a", "23f251b932767402189ca60b44b1c8d34aef8aa1d0590e2af7f93fecb047f585", "252573caa7e7a333679f6dfb97ae0afbad0db7125ddeb2c1c44a9d73b4a27e56", "265ccc248b75cc2dcbf19b078672dd08e9e1670373ff45b8d8027e3cd53b4790", "2677d9e396125edbcf22045f43b2e74a6994ad409c590c6a878d09e69ca94330", "27d1a2e1067de23f95866007a72a81fd1f1909984a844d2888f07f6ee59f68fb", "2dc6f193a7c24b82ab2b0f7c82e5d66246789c67aae27e4ad194595bf82847a4", "2e414e9fc209d6f19eb28c390c45ef113c018b895c4b69852e7105df27f5bf7f", "2f1d38626740802d837b03bde0148ee0de79705c9480482bddd3f24fc406fa2d", "2f357318c8ac8f9c4332eb9845f67a9f7710f21ee955588ff6a4e899f21343ac", "2f5afeff1dbae3219c061704da87caa52626d326027b983cbd2ecb9b38ac1b19", "6b7df73d9357fa9c45a821bbcc952c561319347a5914d36a90b156610d876cc1"], "path": "%ProgramFiles%\\Java\\jre7\\bin\\feqkbkgm.tmp"}, {"hashes": ["01beadb0bb93aef9b607707c60daaa37d3d8216ab2fe3ba8a9708631d62530b8", "042053d63245bf5d490650290dfc1829f0c9db8bce84dc3937a9e5b938fc159d", "05b86eeff64bfe8195093a96644f36678fd10097a447f1ef40e19535d5cf8b1f", "0b3d264167717d6d77640e61ccec3769016d6eebb644f400ce7b2e3825c51860", "0d15707febee11db830ff11cb77281206406e1badded11774b67832e13d97659", "10e360fdf96f9e3cad105e1390b5505093f51fafde790b2cd4555ddd29752f2b", "14209ffd9ec31e18565cb9c075eb4f0a134449c5dbc72c36b4bdff3e5366da93", "18e46929b95266e2424e801f840c2106271f3204d49223f4eb6f919c36a9d2e2", "198cb4877d9f2de35fa7ea8d420e78f93080df3782cf0a2afe199dbc1f43f289", "1e29ca4150e7c9b737f01d3999f0200216687adfca45623bfc4335eb018a5495", "1e80e90cefc5a4f72848d621e04c1ef7047e6390d658706d8ab00e31be0e614f", "1f5509aa35700ee4a79285a4df39de8fc83f7b715a2bc4d612e23ed95b1e6c8a", "236ec1d43899bd962f2426db70f67d4a12af659d88febcc5c4154ef68554276a", "23f251b932767402189ca60b44b1c8d34aef8aa1d0590e2af7f93fecb047f585", "252573caa7e7a333679f6dfb97ae0afbad0db7125ddeb2c1c44a9d73b4a27e56", "265ccc248b75cc2dcbf19b078672dd08e9e1670373ff45b8d8027e3cd53b4790", "2677d9e396125edbcf22045f43b2e74a6994ad409c590c6a878d09e69ca94330", "27d1a2e1067de23f95866007a72a81fd1f1909984a844d2888f07f6ee59f68fb", "2dc6f193a7c24b82ab2b0f7c82e5d66246789c67aae27e4ad194595bf82847a4", "2e414e9fc209d6f19eb28c390c45ef113c018b895c4b69852e7105df27f5bf7f", "2f1d38626740802d837b03bde0148ee0de79705c9480482bddd3f24fc406fa2d", "2f357318c8ac8f9c4332eb9845f67a9f7710f21ee955588ff6a4e899f21343ac", "2f5afeff1dbae3219c061704da87caa52626d326027b983cbd2ecb9b38ac1b19", "6b7df73d9357fa9c45a821bbcc952c561319347a5914d36a90b156610d876cc1"], "path": "%SystemRoot%\\microsoft.net\\framework64\\v2.0.50727\\<random, matching '[a-z]{8}'>.tmp"}, {"hashes": ["01beadb0bb93aef9b607707c60daaa37d3d8216ab2fe3ba8a9708631d62530b8", "042053d63245bf5d490650290dfc1829f0c9db8bce84dc3937a9e5b938fc159d", "05b86eeff64bfe8195093a96644f36678fd10097a447f1ef40e19535d5cf8b1f", "0b3d264167717d6d77640e61ccec3769016d6eebb644f400ce7b2e3825c51860", "0d15707febee11db830ff11cb77281206406e1badded11774b67832e13d97659", "10e360fdf96f9e3cad105e1390b5505093f51fafde790b2cd4555ddd29752f2b", "14209ffd9ec31e18565cb9c075eb4f0a134449c5dbc72c36b4bdff3e5366da93", "18e46929b95266e2424e801f840c2106271f3204d49223f4eb6f919c36a9d2e2", "198cb4877d9f2de35fa7ea8d420e78f93080df3782cf0a2afe199dbc1f43f289", "1e29ca4150e7c9b737f01d3999f0200216687adfca45623bfc4335eb018a5495", "1e80e90cefc5a4f72848d621e04c1ef7047e6390d658706d8ab00e31be0e614f", "1f5509aa35700ee4a79285a4df39de8fc83f7b715a2bc4d612e23ed95b1e6c8a", "236ec1d43899bd962f2426db70f67d4a12af659d88febcc5c4154ef68554276a", "23f251b932767402189ca60b44b1c8d34aef8aa1d0590e2af7f93fecb047f585", "252573caa7e7a333679f6dfb97ae0afbad0db7125ddeb2c1c44a9d73b4a27e56", "265ccc248b75cc2dcbf19b078672dd08e9e1670373ff45b8d8027e3cd53b4790", "2677d9e396125edbcf22045f43b2e74a6994ad409c590c6a878d09e69ca94330", "27d1a2e1067de23f95866007a72a81fd1f1909984a844d2888f07f6ee59f68fb", "2dc6f193a7c24b82ab2b0f7c82e5d66246789c67aae27e4ad194595bf82847a4", "2e414e9fc209d6f19eb28c390c45ef113c018b895c4b69852e7105df27f5bf7f", "2f1d38626740802d837b03bde0148ee0de79705c9480482bddd3f24fc406fa2d", "2f357318c8ac8f9c4332eb9845f67a9f7710f21ee955588ff6a4e899f21343ac", "2f5afeff1dbae3219c061704da87caa52626d326027b983cbd2ecb9b38ac1b19", "6b7df73d9357fa9c45a821bbcc952c561319347a5914d36a90b156610d876cc1"], "path": "%SystemRoot%\\microsoft.net\\framework64\\v4.0.30319\\<random, matching '[a-z]{8}'>.tmp"}], "ip": [], "mutex": [{"hashes": ["00ed7b067da4cd36d1a16fe2080c49da137783da6f238476f6f44b4ea6e54c26", "01beadb0bb93aef9b607707c60daaa37d3d8216ab2fe3ba8a9708631d62530b8", "042053d63245bf5d490650290dfc1829f0c9db8bce84dc3937a9e5b938fc159d", "05b86eeff64bfe8195093a96644f36678fd10097a447f1ef40e19535d5cf8b1f", "08ba9c3d0ef3d2013b17c5d44307541904a89deefac079c91f8e1cb420765c9c", "0b3d264167717d6d77640e61ccec3769016d6eebb644f400ce7b2e3825c51860", "0d15707febee11db830ff11cb77281206406e1badded11774b67832e13d97659", "10e360fdf96f9e3cad105e1390b5505093f51fafde790b2cd4555ddd29752f2b", "14209ffd9ec31e18565cb9c075eb4f0a134449c5dbc72c36b4bdff3e5366da93", "18e46929b95266e2424e801f840c2106271f3204d49223f4eb6f919c36a9d2e2", "198cb4877d9f2de35fa7ea8d420e78f93080df3782cf0a2afe199dbc1f43f289", "1e29ca4150e7c9b737f01d3999f0200216687adfca45623bfc4335eb018a5495", "1e80e90cefc5a4f72848d621e04c1ef7047e6390d658706d8ab00e31be0e614f", "1f5509aa35700ee4a79285a4df39de8fc83f7b715a2bc4d612e23ed95b1e6c8a", "236ec1d43899bd962f2426db70f67d4a12af659d88febcc5c4154ef68554276a", "23f251b932767402189ca60b44b1c8d34aef8aa1d0590e2af7f93fecb047f585", "252573caa7e7a333679f6dfb97ae0afbad0db7125ddeb2c1c44a9d73b4a27e56", "265ccc248b75cc2dcbf19b078672dd08e9e1670373ff45b8d8027e3cd53b4790", "2677d9e396125edbcf22045f43b2e74a6994ad409c590c6a878d09e69ca94330", "27d1a2e1067de23f95866007a72a81fd1f1909984a844d2888f07f6ee59f68fb", "2dc6f193a7c24b82ab2b0f7c82e5d66246789c67aae27e4ad194595bf82847a4", "2e414e9fc209d6f19eb28c390c45ef113c018b895c4b69852e7105df27f5bf7f", "2f1d38626740802d837b03bde0148ee0de79705c9480482bddd3f24fc406fa2d", "2f357318c8ac8f9c4332eb9845f67a9f7710f21ee955588ff6a4e899f21343ac", "2f5afeff1dbae3219c061704da87caa52626d326027b983cbd2ecb9b38ac1b19", "6b7df73d9357fa9c45a821bbcc952c561319347a5914d36a90b156610d876cc1"], "name": "kkq-vx_mtx63"}, {"hashes": ["00ed7b067da4cd36d1a16fe2080c49da137783da6f238476f6f44b4ea6e54c26", "01beadb0bb93aef9b607707c60daaa37d3d8216ab2fe3ba8a9708631d62530b8", "042053d63245bf5d490650290dfc1829f0c9db8bce84dc3937a9e5b938fc159d", "05b86eeff64bfe8195093a96644f36678fd10097a447f1ef40e19535d5cf8b1f", "08ba9c3d0ef3d2013b17c5d44307541904a89deefac079c91f8e1cb420765c9c", "0b3d264167717d6d77640e61ccec3769016d6eebb644f400ce7b2e3825c51860", "0d15707febee11db830ff11cb77281206406e1badded11774b67832e13d97659", "10e360fdf96f9e3cad105e1390b5505093f51fafde790b2cd4555ddd29752f2b", "14209ffd9ec31e18565cb9c075eb4f0a134449c5dbc72c36b4bdff3e5366da93", "18e46929b95266e2424e801f840c2106271f3204d49223f4eb6f919c36a9d2e2", "198cb4877d9f2de35fa7ea8d420e78f93080df3782cf0a2afe199dbc1f43f289", "1e29ca4150e7c9b737f01d3999f0200216687adfca45623bfc4335eb018a5495", "1e80e90cefc5a4f72848d621e04c1ef7047e6390d658706d8ab00e31be0e614f", "1f5509aa35700ee4a79285a4df39de8fc83f7b715a2bc4d612e23ed95b1e6c8a", "236ec1d43899bd962f2426db70f67d4a12af659d88febcc5c4154ef68554276a", "23f251b932767402189ca60b44b1c8d34aef8aa1d0590e2af7f93fecb047f585", "252573caa7e7a333679f6dfb97ae0afbad0db7125ddeb2c1c44a9d73b4a27e56", "265ccc248b75cc2dcbf19b078672dd08e9e1670373ff45b8d8027e3cd53b4790", "2677d9e396125edbcf22045f43b2e74a6994ad409c590c6a878d09e69ca94330", "27d1a2e1067de23f95866007a72a81fd1f1909984a844d2888f07f6ee59f68fb", "2dc6f193a7c24b82ab2b0f7c82e5d66246789c67aae27e4ad194595bf82847a4", "2e414e9fc209d6f19eb28c390c45ef113c018b895c4b69852e7105df27f5bf7f", "2f1d38626740802d837b03bde0148ee0de79705c9480482bddd3f24fc406fa2d", "2f357318c8ac8f9c4332eb9845f67a9f7710f21ee955588ff6a4e899f21343ac", "2f5afeff1dbae3219c061704da87caa52626d326027b983cbd2ecb9b38ac1b19", "6b7df73d9357fa9c45a821bbcc952c561319347a5914d36a90b156610d876cc1"], "name": "kkq-vx_mtx64"}, {"hashes": ["00ed7b067da4cd36d1a16fe2080c49da137783da6f238476f6f44b4ea6e54c26", "01beadb0bb93aef9b607707c60daaa37d3d8216ab2fe3ba8a9708631d62530b8", "042053d63245bf5d490650290dfc1829f0c9db8bce84dc3937a9e5b938fc159d", "05b86eeff64bfe8195093a96644f36678fd10097a447f1ef40e19535d5cf8b1f", "08ba9c3d0ef3d2013b17c5d44307541904a89deefac079c91f8e1cb420765c9c", "0b3d264167717d6d77640e61ccec3769016d6eebb644f400ce7b2e3825c51860", "0d15707febee11db830ff11cb77281206406e1badded11774b67832e13d97659", "10e360fdf96f9e3cad105e1390b5505093f51fafde790b2cd4555ddd29752f2b", "14209ffd9ec31e18565cb9c075eb4f0a134449c5dbc72c36b4bdff3e5366da93", "18e46929b95266e2424e801f840c2106271f3204d49223f4eb6f919c36a9d2e2", "198cb4877d9f2de35fa7ea8d420e78f93080df3782cf0a2afe199dbc1f43f289", "1e29ca4150e7c9b737f01d3999f0200216687adfca45623bfc4335eb018a5495", "1e80e90cefc5a4f72848d621e04c1ef7047e6390d658706d8ab00e31be0e614f", "1f5509aa35700ee4a79285a4df39de8fc83f7b715a2bc4d612e23ed95b1e6c8a", "236ec1d43899bd962f2426db70f67d4a12af659d88febcc5c4154ef68554276a", "23f251b932767402189ca60b44b1c8d34aef8aa1d0590e2af7f93fecb047f585", "252573caa7e7a333679f6dfb97ae0afbad0db7125ddeb2c1c44a9d73b4a27e56", "265ccc248b75cc2dcbf19b078672dd08e9e1670373ff45b8d8027e3cd53b4790", "2677d9e396125edbcf22045f43b2e74a6994ad409c590c6a878d09e69ca94330", "27d1a2e1067de23f95866007a72a81fd1f1909984a844d2888f07f6ee59f68fb", "2dc6f193a7c24b82ab2b0f7c82e5d66246789c67aae27e4ad194595bf82847a4", "2e414e9fc209d6f19eb28c390c45ef113c018b895c4b69852e7105df27f5bf7f", "2f1d38626740802d837b03bde0148ee0de79705c9480482bddd3f24fc406fa2d", "2f357318c8ac8f9c4332eb9845f67a9f7710f21ee955588ff6a4e899f21343ac", "2f5afeff1dbae3219c061704da87caa52626d326027b983cbd2ecb9b38ac1b19", "6b7df73d9357fa9c45a821bbcc952c561319347a5914d36a90b156610d876cc1"], "name": "kkq-vx_mtx65"}, {"hashes": ["00ed7b067da4cd36d1a16fe2080c49da137783da6f238476f6f44b4ea6e54c26", "01beadb0bb93aef9b607707c60daaa37d3d8216ab2fe3ba8a9708631d62530b8", "042053d63245bf5d490650290dfc1829f0c9db8bce84dc3937a9e5b938fc159d", "05b86eeff64bfe8195093a96644f36678fd10097a447f1ef40e19535d5cf8b1f", "08ba9c3d0ef3d2013b17c5d44307541904a89deefac079c91f8e1cb420765c9c", "0b3d264167717d6d77640e61ccec3769016d6eebb644f400ce7b2e3825c51860", "0d15707febee11db830ff11cb77281206406e1badded11774b67832e13d97659", "10e360fdf96f9e3cad105e1390b5505093f51fafde790b2cd4555ddd29752f2b", "14209ffd9ec31e18565cb9c075eb4f0a134449c5dbc72c36b4bdff3e5366da93", "18e46929b95266e2424e801f840c2106271f3204d49223f4eb6f919c36a9d2e2", "198cb4877d9f2de35fa7ea8d420e78f93080df3782cf0a2afe199dbc1f43f289", "1e29ca4150e7c9b737f01d3999f0200216687adfca45623bfc4335eb018a5495", "1e80e90cefc5a4f72848d621e04c1ef7047e6390d658706d8ab00e31be0e614f", "1f5509aa35700ee4a79285a4df39de8fc83f7b715a2bc4d612e23ed95b1e6c8a", "236ec1d43899bd962f2426db70f67d4a12af659d88febcc5c4154ef68554276a", "23f251b932767402189ca60b44b1c8d34aef8aa1d0590e2af7f93fecb047f585", "252573caa7e7a333679f6dfb97ae0afbad0db7125ddeb2c1c44a9d73b4a27e56", "265ccc248b75cc2dcbf19b078672dd08e9e1670373ff45b8d8027e3cd53b4790", "2677d9e396125edbcf22045f43b2e74a6994ad409c590c6a878d09e69ca94330", "27d1a2e1067de23f95866007a72a81fd1f1909984a844d2888f07f6ee59f68fb", "2dc6f193a7c24b82ab2b0f7c82e5d66246789c67aae27e4ad194595bf82847a4", "2e414e9fc209d6f19eb28c390c45ef113c018b895c4b69852e7105df27f5bf7f", "2f1d38626740802d837b03bde0148ee0de79705c9480482bddd3f24fc406fa2d", "2f357318c8ac8f9c4332eb9845f67a9f7710f21ee955588ff6a4e899f21343ac", "2f5afeff1dbae3219c061704da87caa52626d326027b983cbd2ecb9b38ac1b19", "6b7df73d9357fa9c45a821bbcc952c561319347a5914d36a90b156610d876cc1"], "name": "kkq-vx_mtx66"}, {"hashes": ["00ed7b067da4cd36d1a16fe2080c49da137783da6f238476f6f44b4ea6e54c26", "01beadb0bb93aef9b607707c60daaa37d3d8216ab2fe3ba8a9708631d62530b8", "042053d63245bf5d490650290dfc1829f0c9db8bce84dc3937a9e5b938fc159d", "05b86eeff64bfe8195093a96644f36678fd10097a447f1ef40e19535d5cf8b1f", "08ba9c3d0ef3d2013b17c5d44307541904a89deefac079c91f8e1cb420765c9c", "0b3d264167717d6d77640e61ccec3769016d6eebb644f400ce7b2e3825c51860", "0d15707febee11db830ff11cb77281206406e1badded11774b67832e13d97659", "10e360fdf96f9e3cad105e1390b5505093f51fafde790b2cd4555ddd29752f2b", "14209ffd9ec31e18565cb9c075eb4f0a134449c5dbc72c36b4bdff3e5366da93", "18e46929b95266e2424e801f840c2106271f3204d49223f4eb6f919c36a9d2e2", "198cb4877d9f2de35fa7ea8d420e78f93080df3782cf0a2afe199dbc1f43f289", "1e29ca4150e7c9b737f01d3999f0200216687adfca45623bfc4335eb018a5495", "1e80e90cefc5a4f72848d621e04c1ef7047e6390d658706d8ab00e31be0e614f", "1f5509aa35700ee4a79285a4df39de8fc83f7b715a2bc4d612e23ed95b1e6c8a", "236ec1d43899bd962f2426db70f67d4a12af659d88febcc5c4154ef68554276a", "23f251b932767402189ca60b44b1c8d34aef8aa1d0590e2af7f93fecb047f585", "252573caa7e7a333679f6dfb97ae0afbad0db7125ddeb2c1c44a9d73b4a27e56", "265ccc248b75cc2dcbf19b078672dd08e9e1670373ff45b8d8027e3cd53b4790", "2677d9e396125edbcf22045f43b2e74a6994ad409c590c6a878d09e69ca94330", "27d1a2e1067de23f95866007a72a81fd1f1909984a844d2888f07f6ee59f68fb", "2dc6f193a7c24b82ab2b0f7c82e5d66246789c67aae27e4ad194595bf82847a4", "2e414e9fc209d6f19eb28c390c45ef113c018b895c4b69852e7105df27f5bf7f", "2f1d38626740802d837b03bde0148ee0de79705c9480482bddd3f24fc406fa2d", "2f357318c8ac8f9c4332eb9845f67a9f7710f21ee955588ff6a4e899f21343ac", "2f5afeff1dbae3219c061704da87caa52626d326027b983cbd2ecb9b38ac1b19", "6b7df73d9357fa9c45a821bbcc952c561319347a5914d36a90b156610d876cc1"], "name": "kkq-vx_mtx67"}, {"hashes": ["00ed7b067da4cd36d1a16fe2080c49da137783da6f238476f6f44b4ea6e54c26", "01beadb0bb93aef9b607707c60daaa37d3d8216ab2fe3ba8a9708631d62530b8", "042053d63245bf5d490650290dfc1829f0c9db8bce84dc3937a9e5b938fc159d", "05b86eeff64bfe8195093a96644f36678fd10097a447f1ef40e19535d5cf8b1f", "08ba9c3d0ef3d2013b17c5d44307541904a89deefac079c91f8e1cb420765c9c", "0b3d264167717d6d77640e61ccec3769016d6eebb644f400ce7b2e3825c51860", "0d15707febee11db830ff11cb77281206406e1badded11774b67832e13d97659", "10e360fdf96f9e3cad105e1390b5505093f51fafde790b2cd4555ddd29752f2b", "14209ffd9ec31e18565cb9c075eb4f0a134449c5dbc72c36b4bdff3e5366da93", "18e46929b95266e2424e801f840c2106271f3204d49223f4eb6f919c36a9d2e2", "198cb4877d9f2de35fa7ea8d420e78f93080df3782cf0a2afe199dbc1f43f289", "1e29ca4150e7c9b737f01d3999f0200216687adfca45623bfc4335eb018a5495", "1e80e90cefc5a4f72848d621e04c1ef7047e6390d658706d8ab00e31be0e614f", "1f5509aa35700ee4a79285a4df39de8fc83f7b715a2bc4d612e23ed95b1e6c8a", "236ec1d43899bd962f2426db70f67d4a12af659d88febcc5c4154ef68554276a", "23f251b932767402189ca60b44b1c8d34aef8aa1d0590e2af7f93fecb047f585", "252573caa7e7a333679f6dfb97ae0afbad0db7125ddeb2c1c44a9d73b4a27e56", "265ccc248b75cc2dcbf19b078672dd08e9e1670373ff45b8d8027e3cd53b4790", "2677d9e396125edbcf22045f43b2e74a6994ad409c590c6a878d09e69ca94330", "27d1a2e1067de23f95866007a72a81fd1f1909984a844d2888f07f6ee59f68fb", "2dc6f193a7c24b82ab2b0f7c82e5d66246789c67aae27e4ad194595bf82847a4", "2e414e9fc209d6f19eb28c390c45ef113c018b895c4b69852e7105df27f5bf7f", "2f1d38626740802d837b03bde0148ee0de79705c9480482bddd3f24fc406fa2d", "2f357318c8ac8f9c4332eb9845f67a9f7710f21ee955588ff6a4e899f21343ac", "2f5afeff1dbae3219c061704da87caa52626d326027b983cbd2ecb9b38ac1b19", "6b7df73d9357fa9c45a821bbcc952c561319347a5914d36a90b156610d876cc1"], "name": "kkq-vx_mtx68"}, {"hashes": ["00ed7b067da4cd36d1a16fe2080c49da137783da6f238476f6f44b4ea6e54c26", "01beadb0bb93aef9b607707c60daaa37d3d8216ab2fe3ba8a9708631d62530b8", "042053d63245bf5d490650290dfc1829f0c9db8bce84dc3937a9e5b938fc159d", "05b86eeff64bfe8195093a96644f36678fd10097a447f1ef40e19535d5cf8b1f", "08ba9c3d0ef3d2013b17c5d44307541904a89deefac079c91f8e1cb420765c9c", "0b3d264167717d6d77640e61ccec3769016d6eebb644f400ce7b2e3825c51860", "0d15707febee11db830ff11cb77281206406e1badded11774b67832e13d97659", "10e360fdf96f9e3cad105e1390b5505093f51fafde790b2cd4555ddd29752f2b", "14209ffd9ec31e18565cb9c075eb4f0a134449c5dbc72c36b4bdff3e5366da93", "18e46929b95266e2424e801f840c2106271f3204d49223f4eb6f919c36a9d2e2", "198cb4877d9f2de35fa7ea8d420e78f93080df3782cf0a2afe199dbc1f43f289", "1e29ca4150e7c9b737f01d3999f0200216687adfca45623bfc4335eb018a5495", "1e80e90cefc5a4f72848d621e04c1ef7047e6390d658706d8ab00e31be0e614f", "1f5509aa35700ee4a79285a4df39de8fc83f7b715a2bc4d612e23ed95b1e6c8a", "236ec1d43899bd962f2426db70f67d4a12af659d88febcc5c4154ef68554276a", "23f251b932767402189ca60b44b1c8d34aef8aa1d0590e2af7f93fecb047f585", "252573caa7e7a333679f6dfb97ae0afbad0db7125ddeb2c1c44a9d73b4a27e56", "265ccc248b75cc2dcbf19b078672dd08e9e1670373ff45b8d8027e3cd53b4790", "2677d9e396125edbcf22045f43b2e74a6994ad409c590c6a878d09e69ca94330", "27d1a2e1067de23f95866007a72a81fd1f1909984a844d2888f07f6ee59f68fb", "2dc6f193a7c24b82ab2b0f7c82e5d66246789c67aae27e4ad194595bf82847a4", "2e414e9fc209d6f19eb28c390c45ef113c018b895c4b69852e7105df27f5bf7f", "2f1d38626740802d837b03bde0148ee0de79705c9480482bddd3f24fc406fa2d", "2f357318c8ac8f9c4332eb9845f67a9f7710f21ee955588ff6a4e899f21343ac", "2f5afeff1dbae3219c061704da87caa52626d326027b983cbd2ecb9b38ac1b19", "6b7df73d9357fa9c45a821bbcc952c561319347a5914d36a90b156610d876cc1"], "name": "kkq-vx_mtx69"}, {"hashes": ["00ed7b067da4cd36d1a16fe2080c49da137783da6f238476f6f44b4ea6e54c26", "01beadb0bb93aef9b607707c60daaa37d3d8216ab2fe3ba8a9708631d62530b8", "042053d63245bf5d490650290dfc1829f0c9db8bce84dc3937a9e5b938fc159d", "05b86eeff64bfe8195093a96644f36678fd10097a447f1ef40e19535d5cf8b1f", "08ba9c3d0ef3d2013b17c5d44307541904a89deefac079c91f8e1cb420765c9c", "0b3d264167717d6d77640e61ccec3769016d6eebb644f400ce7b2e3825c51860", "0d15707febee11db830ff11cb77281206406e1badded11774b67832e13d97659", "10e360fdf96f9e3cad105e1390b5505093f51fafde790b2cd4555ddd29752f2b", "14209ffd9ec31e18565cb9c075eb4f0a134449c5dbc72c36b4bdff3e5366da93", "18e46929b95266e2424e801f840c2106271f3204d49223f4eb6f919c36a9d2e2", "198cb4877d9f2de35fa7ea8d420e78f93080df3782cf0a2afe199dbc1f43f289", "1e29ca4150e7c9b737f01d3999f0200216687adfca45623bfc4335eb018a5495", "1e80e90cefc5a4f72848d621e04c1ef7047e6390d658706d8ab00e31be0e614f", "1f5509aa35700ee4a79285a4df39de8fc83f7b715a2bc4d612e23ed95b1e6c8a", "236ec1d43899bd962f2426db70f67d4a12af659d88febcc5c4154ef68554276a", "23f251b932767402189ca60b44b1c8d34aef8aa1d0590e2af7f93fecb047f585", "252573caa7e7a333679f6dfb97ae0afbad0db7125ddeb2c1c44a9d73b4a27e56", "265ccc248b75cc2dcbf19b078672dd08e9e1670373ff45b8d8027e3cd53b4790", "2677d9e396125edbcf22045f43b2e74a6994ad409c590c6a878d09e69ca94330", "27d1a2e1067de23f95866007a72a81fd1f1909984a844d2888f07f6ee59f68fb", "2dc6f193a7c24b82ab2b0f7c82e5d66246789c67aae27e4ad194595bf82847a4", "2e414e9fc209d6f19eb28c390c45ef113c018b895c4b69852e7105df27f5bf7f", "2f1d38626740802d837b03bde0148ee0de79705c9480482bddd3f24fc406fa2d", "2f357318c8ac8f9c4332eb9845f67a9f7710f21ee955588ff6a4e899f21343ac", "2f5afeff1dbae3219c061704da87caa52626d326027b983cbd2ecb9b38ac1b19", "6b7df73d9357fa9c45a821bbcc952c561319347a5914d36a90b156610d876cc1"], "name": "kkq-vx_mtx70"}, {"hashes": ["00ed7b067da4cd36d1a16fe2080c49da137783da6f238476f6f44b4ea6e54c26", "01beadb0bb93aef9b607707c60daaa37d3d8216ab2fe3ba8a9708631d62530b8", "042053d63245bf5d490650290dfc1829f0c9db8bce84dc3937a9e5b938fc159d", "05b86eeff64bfe8195093a96644f36678fd10097a447f1ef40e19535d5cf8b1f", "08ba9c3d0ef3d2013b17c5d44307541904a89deefac079c91f8e1cb420765c9c", "0b3d264167717d6d77640e61ccec3769016d6eebb644f400ce7b2e3825c51860", "0d15707febee11db830ff11cb77281206406e1badded11774b67832e13d97659", "10e360fdf96f9e3cad105e1390b5505093f51fafde790b2cd4555ddd29752f2b", "14209ffd9ec31e18565cb9c075eb4f0a134449c5dbc72c36b4bdff3e5366da93", "18e46929b95266e2424e801f840c2106271f3204d49223f4eb6f919c36a9d2e2", "198cb4877d9f2de35fa7ea8d420e78f93080df3782cf0a2afe199dbc1f43f289", "1e29ca4150e7c9b737f01d3999f0200216687adfca45623bfc4335eb018a5495", "1e80e90cefc5a4f72848d621e04c1ef7047e6390d658706d8ab00e31be0e614f", "1f5509aa35700ee4a79285a4df39de8fc83f7b715a2bc4d612e23ed95b1e6c8a", "236ec1d43899bd962f2426db70f67d4a12af659d88febcc5c4154ef68554276a", "23f251b932767402189ca60b44b1c8d34aef8aa1d0590e2af7f93fecb047f585", "252573caa7e7a333679f6dfb97ae0afbad0db7125ddeb2c1c44a9d73b4a27e56", "265ccc248b75cc2dcbf19b078672dd08e9e1670373ff45b8d8027e3cd53b4790", "2677d9e396125edbcf22045f43b2e74a6994ad409c590c6a878d09e69ca94330", "27d1a2e1067de23f95866007a72a81fd1f1909984a844d2888f07f6ee59f68fb", "2dc6f193a7c24b82ab2b0f7c82e5d66246789c67aae27e4ad194595bf82847a4", "2e414e9fc209d6f19eb28c390c45ef113c018b895c4b69852e7105df27f5bf7f", "2f1d38626740802d837b03bde0148ee0de79705c9480482bddd3f24fc406fa2d", "2f357318c8ac8f9c4332eb9845f67a9f7710f21ee955588ff6a4e899f21343ac", "2f5afeff1dbae3219c061704da87caa52626d326027b983cbd2ecb9b38ac1b19", "6b7df73d9357fa9c45a821bbcc952c561319347a5914d36a90b156610d876cc1"], "name": "kkq-vx_mtx71"}, {"hashes": ["00ed7b067da4cd36d1a16fe2080c49da137783da6f238476f6f44b4ea6e54c26", "01beadb0bb93aef9b607707c60daaa37d3d8216ab2fe3ba8a9708631d62530b8", "042053d63245bf5d490650290dfc1829f0c9db8bce84dc3937a9e5b938fc159d", "05b86eeff64bfe8195093a96644f36678fd10097a447f1ef40e19535d5cf8b1f", "08ba9c3d0ef3d2013b17c5d44307541904a89deefac079c91f8e1cb420765c9c", "0b3d264167717d6d77640e61ccec3769016d6eebb644f400ce7b2e3825c51860", "0d15707febee11db830ff11cb77281206406e1badded11774b67832e13d97659", "10e360fdf96f9e3cad105e1390b5505093f51fafde790b2cd4555ddd29752f2b", "14209ffd9ec31e18565cb9c075eb4f0a134449c5dbc72c36b4bdff3e5366da93", "18e46929b95266e2424e801f840c2106271f3204d49223f4eb6f919c36a9d2e2", "198cb4877d9f2de35fa7ea8d420e78f93080df3782cf0a2afe199dbc1f43f289", "1e29ca4150e7c9b737f01d3999f0200216687adfca45623bfc4335eb018a5495", "1e80e90cefc5a4f72848d621e04c1ef7047e6390d658706d8ab00e31be0e614f", "1f5509aa35700ee4a79285a4df39de8fc83f7b715a2bc4d612e23ed95b1e6c8a", "236ec1d43899bd962f2426db70f67d4a12af659d88febcc5c4154ef68554276a", "23f251b932767402189ca60b44b1c8d34aef8aa1d0590e2af7f93fecb047f585", "252573caa7e7a333679f6dfb97ae0afbad0db7125ddeb2c1c44a9d73b4a27e56", "265ccc248b75cc2dcbf19b078672dd08e9e1670373ff45b8d8027e3cd53b4790", "2677d9e396125edbcf22045f43b2e74a6994ad409c590c6a878d09e69ca94330", "27d1a2e1067de23f95866007a72a81fd1f1909984a844d2888f07f6ee59f68fb", "2dc6f193a7c24b82ab2b0f7c82e5d66246789c67aae27e4ad194595bf82847a4", "2e414e9fc209d6f19eb28c390c45ef113c018b895c4b69852e7105df27f5bf7f", "2f1d38626740802d837b03bde0148ee0de79705c9480482bddd3f24fc406fa2d", "2f357318c8ac8f9c4332eb9845f67a9f7710f21ee955588ff6a4e899f21343ac", "2f5afeff1dbae3219c061704da87caa52626d326027b983cbd2ecb9b38ac1b19", "6b7df73d9357fa9c45a821bbcc952c561319347a5914d36a90b156610d876cc1"], "name": "kkq-vx_mtx72"}, {"hashes": ["00ed7b067da4cd36d1a16fe2080c49da137783da6f238476f6f44b4ea6e54c26", "01beadb0bb93aef9b607707c60daaa37d3d8216ab2fe3ba8a9708631d62530b8", "042053d63245bf5d490650290dfc1829f0c9db8bce84dc3937a9e5b938fc159d", "05b86eeff64bfe8195093a96644f36678fd10097a447f1ef40e19535d5cf8b1f", "08ba9c3d0ef3d2013b17c5d44307541904a89deefac079c91f8e1cb420765c9c", "0b3d264167717d6d77640e61ccec3769016d6eebb644f400ce7b2e3825c51860", "0d15707febee11db830ff11cb77281206406e1badded11774b67832e13d97659", "10e360fdf96f9e3cad105e1390b5505093f51fafde790b2cd4555ddd29752f2b", "14209ffd9ec31e18565cb9c075eb4f0a134449c5dbc72c36b4bdff3e5366da93", "18e46929b95266e2424e801f840c2106271f3204d49223f4eb6f919c36a9d2e2", "198cb4877d9f2de35fa7ea8d420e78f93080df3782cf0a2afe199dbc1f43f289", "1e29ca4150e7c9b737f01d3999f0200216687adfca45623bfc4335eb018a5495", "1e80e90cefc5a4f72848d621e04c1ef7047e6390d658706d8ab00e31be0e614f", "1f5509aa35700ee4a79285a4df39de8fc83f7b715a2bc4d612e23ed95b1e6c8a", "236ec1d43899bd962f2426db70f67d4a12af659d88febcc5c4154ef68554276a", "23f251b932767402189ca60b44b1c8d34aef8aa1d0590e2af7f93fecb047f585", "252573caa7e7a333679f6dfb97ae0afbad0db7125ddeb2c1c44a9d73b4a27e56", "265ccc248b75cc2dcbf19b078672dd08e9e1670373ff45b8d8027e3cd53b4790", "2677d9e396125edbcf22045f43b2e74a6994ad409c590c6a878d09e69ca94330", "27d1a2e1067de23f95866007a72a81fd1f1909984a844d2888f07f6ee59f68fb", "2dc6f193a7c24b82ab2b0f7c82e5d66246789c67aae27e4ad194595bf82847a4", "2e414e9fc209d6f19eb28c390c45ef113c018b895c4b69852e7105df27f5bf7f", "2f1d38626740802d837b03bde0148ee0de79705c9480482bddd3f24fc406fa2d", "2f357318c8ac8f9c4332eb9845f67a9f7710f21ee955588ff6a4e899f21343ac", "2f5afeff1dbae3219c061704da87caa52626d326027b983cbd2ecb9b38ac1b19", "6b7df73d9357fa9c45a821bbcc952c561319347a5914d36a90b156610d876cc1"], "name": "kkq-vx_mtx73"}, {"hashes": ["00ed7b067da4cd36d1a16fe2080c49da137783da6f238476f6f44b4ea6e54c26", "01beadb0bb93aef9b607707c60daaa37d3d8216ab2fe3ba8a9708631d62530b8", "042053d63245bf5d490650290dfc1829f0c9db8bce84dc3937a9e5b938fc159d", "05b86eeff64bfe8195093a96644f36678fd10097a447f1ef40e19535d5cf8b1f", "08ba9c3d0ef3d2013b17c5d44307541904a89deefac079c91f8e1cb420765c9c", "0b3d264167717d6d77640e61ccec3769016d6eebb644f400ce7b2e3825c51860", "0d15707febee11db830ff11cb77281206406e1badded11774b67832e13d97659", "10e360fdf96f9e3cad105e1390b5505093f51fafde790b2cd4555ddd29752f2b", "14209ffd9ec31e18565cb9c075eb4f0a134449c5dbc72c36b4bdff3e5366da93", "18e46929b95266e2424e801f840c2106271f3204d49223f4eb6f919c36a9d2e2", "198cb4877d9f2de35fa7ea8d420e78f93080df3782cf0a2afe199dbc1f43f289", "1e29ca4150e7c9b737f01d3999f0200216687adfca45623bfc4335eb018a5495", "1e80e90cefc5a4f72848d621e04c1ef7047e6390d658706d8ab00e31be0e614f", "1f5509aa35700ee4a79285a4df39de8fc83f7b715a2bc4d612e23ed95b1e6c8a", "236ec1d43899bd962f2426db70f67d4a12af659d88febcc5c4154ef68554276a", "23f251b932767402189ca60b44b1c8d34aef8aa1d0590e2af7f93fecb047f585", "252573caa7e7a333679f6dfb97ae0afbad0db7125ddeb2c1c44a9d73b4a27e56", "265ccc248b75cc2dcbf19b078672dd08e9e1670373ff45b8d8027e3cd53b4790", "2677d9e396125edbcf22045f43b2e74a6994ad409c590c6a878d09e69ca94330", "27d1a2e1067de23f95866007a72a81fd1f1909984a844d2888f07f6ee59f68fb", "2dc6f193a7c24b82ab2b0f7c82e5d66246789c67aae27e4ad194595bf82847a4", "2e414e9fc209d6f19eb28c390c45ef113c018b895c4b69852e7105df27f5bf7f", "2f1d38626740802d837b03bde0148ee0de79705c9480482bddd3f24fc406fa2d", "2f357318c8ac8f9c4332eb9845f67a9f7710f21ee955588ff6a4e899f21343ac", "2f5afeff1dbae3219c061704da87caa52626d326027b983cbd2ecb9b38ac1b19", "6b7df73d9357fa9c45a821bbcc952c561319347a5914d36a90b156610d876cc1"], "name": "kkq-vx_mtx74"}, {"hashes": ["00ed7b067da4cd36d1a16fe2080c49da137783da6f238476f6f44b4ea6e54c26", "01beadb0bb93aef9b607707c60daaa37d3d8216ab2fe3ba8a9708631d62530b8", "042053d63245bf5d490650290dfc1829f0c9db8bce84dc3937a9e5b938fc159d", "05b86eeff64bfe8195093a96644f36678fd10097a447f1ef40e19535d5cf8b1f", "08ba9c3d0ef3d2013b17c5d44307541904a89deefac079c91f8e1cb420765c9c", "0b3d264167717d6d77640e61ccec3769016d6eebb644f400ce7b2e3825c51860", "0d15707febee11db830ff11cb77281206406e1badded11774b67832e13d97659", "10e360fdf96f9e3cad105e1390b5505093f51fafde790b2cd4555ddd29752f2b", "14209ffd9ec31e18565cb9c075eb4f0a134449c5dbc72c36b4bdff3e5366da93", "18e46929b95266e2424e801f840c2106271f3204d49223f4eb6f919c36a9d2e2", "198cb4877d9f2de35fa7ea8d420e78f93080df3782cf0a2afe199dbc1f43f289", "1e29ca4150e7c9b737f01d3999f0200216687adfca45623bfc4335eb018a5495", "1e80e90cefc5a4f72848d621e04c1ef7047e6390d658706d8ab00e31be0e614f", "1f5509aa35700ee4a79285a4df39de8fc83f7b715a2bc4d612e23ed95b1e6c8a", "236ec1d43899bd962f2426db70f67d4a12af659d88febcc5c4154ef68554276a", "23f251b932767402189ca60b44b1c8d34aef8aa1d0590e2af7f93fecb047f585", "252573caa7e7a333679f6dfb97ae0afbad0db7125ddeb2c1c44a9d73b4a27e56", "265ccc248b75cc2dcbf19b078672dd08e9e1670373ff45b8d8027e3cd53b4790", "2677d9e396125edbcf22045f43b2e74a6994ad409c590c6a878d09e69ca94330", "27d1a2e1067de23f95866007a72a81fd1f1909984a844d2888f07f6ee59f68fb", "2dc6f193a7c24b82ab2b0f7c82e5d66246789c67aae27e4ad194595bf82847a4", "2e414e9fc209d6f19eb28c390c45ef113c018b895c4b69852e7105df27f5bf7f", "2f1d38626740802d837b03bde0148ee0de79705c9480482bddd3f24fc406fa2d", "2f357318c8ac8f9c4332eb9845f67a9f7710f21ee955588ff6a4e899f21343ac", "2f5afeff1dbae3219c061704da87caa52626d326027b983cbd2ecb9b38ac1b19", "6b7df73d9357fa9c45a821bbcc952c561319347a5914d36a90b156610d876cc1"], "name": "kkq-vx_mtx75"}, {"hashes": ["00ed7b067da4cd36d1a16fe2080c49da137783da6f238476f6f44b4ea6e54c26", "01beadb0bb93aef9b607707c60daaa37d3d8216ab2fe3ba8a9708631d62530b8", "042053d63245bf5d490650290dfc1829f0c9db8bce84dc3937a9e5b938fc159d", "05b86eeff64bfe8195093a96644f36678fd10097a447f1ef40e19535d5cf8b1f", "08ba9c3d0ef3d2013b17c5d44307541904a89deefac079c91f8e1cb420765c9c", "0b3d264167717d6d77640e61ccec3769016d6eebb644f400ce7b2e3825c51860", "0d15707febee11db830ff11cb77281206406e1badded11774b67832e13d97659", "10e360fdf96f9e3cad105e1390b5505093f51fafde790b2cd4555ddd29752f2b", "14209ffd9ec31e18565cb9c075eb4f0a134449c5dbc72c36b4bdff3e5366da93", "18e46929b95266e2424e801f840c2106271f3204d49223f4eb6f919c36a9d2e2", "198cb4877d9f2de35fa7ea8d420e78f93080df3782cf0a2afe199dbc1f43f289", "1e29ca4150e7c9b737f01d3999f0200216687adfca45623bfc4335eb018a5495", "1e80e90cefc5a4f72848d621e04c1ef7047e6390d658706d8ab00e31be0e614f", "1f5509aa35700ee4a79285a4df39de8fc83f7b715a2bc4d612e23ed95b1e6c8a", "236ec1d43899bd962f2426db70f67d4a12af659d88febcc5c4154ef68554276a", "23f251b932767402189ca60b44b1c8d34aef8aa1d0590e2af7f93fecb047f585", "252573caa7e7a333679f6dfb97ae0afbad0db7125ddeb2c1c44a9d73b4a27e56", "265ccc248b75cc2dcbf19b078672dd08e9e1670373ff45b8d8027e3cd53b4790", "2677d9e396125edbcf22045f43b2e74a6994ad409c590c6a878d09e69ca94330", "27d1a2e1067de23f95866007a72a81fd1f1909984a844d2888f07f6ee59f68fb", "2dc6f193a7c24b82ab2b0f7c82e5d66246789c67aae27e4ad194595bf82847a4", "2e414e9fc209d6f19eb28c390c45ef113c018b895c4b69852e7105df27f5bf7f", "2f1d38626740802d837b03bde0148ee0de79705c9480482bddd3f24fc406fa2d", "2f357318c8ac8f9c4332eb9845f67a9f7710f21ee955588ff6a4e899f21343ac", "2f5afeff1dbae3219c061704da87caa52626d326027b983cbd2ecb9b38ac1b19", "6b7df73d9357fa9c45a821bbcc952c561319347a5914d36a90b156610d876cc1"], "name": "kkq-vx_mtx76"}, {"hashes": ["00ed7b067da4cd36d1a16fe2080c49da137783da6f238476f6f44b4ea6e54c26", "01beadb0bb93aef9b607707c60daaa37d3d8216ab2fe3ba8a9708631d62530b8", "042053d63245bf5d490650290dfc1829f0c9db8bce84dc3937a9e5b938fc159d", "05b86eeff64bfe8195093a96644f36678fd10097a447f1ef40e19535d5cf8b1f", "08ba9c3d0ef3d2013b17c5d44307541904a89deefac079c91f8e1cb420765c9c", "0b3d264167717d6d77640e61ccec3769016d6eebb644f400ce7b2e3825c51860", "0d15707febee11db830ff11cb77281206406e1badded11774b67832e13d97659", "10e360fdf96f9e3cad105e1390b5505093f51fafde790b2cd4555ddd29752f2b", "14209ffd9ec31e18565cb9c075eb4f0a134449c5dbc72c36b4bdff3e5366da93", "18e46929b95266e2424e801f840c2106271f3204d49223f4eb6f919c36a9d2e2", "198cb4877d9f2de35fa7ea8d420e78f93080df3782cf0a2afe199dbc1f43f289", "1e29ca4150e7c9b737f01d3999f0200216687adfca45623bfc4335eb018a5495", "1e80e90cefc5a4f72848d621e04c1ef7047e6390d658706d8ab00e31be0e614f", "1f5509aa35700ee4a79285a4df39de8fc83f7b715a2bc4d612e23ed95b1e6c8a", "236ec1d43899bd962f2426db70f67d4a12af659d88febcc5c4154ef68554276a", "23f251b932767402189ca60b44b1c8d34aef8aa1d0590e2af7f93fecb047f585", "252573caa7e7a333679f6dfb97ae0afbad0db7125ddeb2c1c44a9d73b4a27e56", "265ccc248b75cc2dcbf19b078672dd08e9e1670373ff45b8d8027e3cd53b4790", "2677d9e396125edbcf22045f43b2e74a6994ad409c590c6a878d09e69ca94330", "27d1a2e1067de23f95866007a72a81fd1f1909984a844d2888f07f6ee59f68fb", "2dc6f193a7c24b82ab2b0f7c82e5d66246789c67aae27e4ad194595bf82847a4", "2e414e9fc209d6f19eb28c390c45ef113c018b895c4b69852e7105df27f5bf7f", "2f1d38626740802d837b03bde0148ee0de79705c9480482bddd3f24fc406fa2d", "2f357318c8ac8f9c4332eb9845f67a9f7710f21ee955588ff6a4e899f21343ac", "2f5afeff1dbae3219c061704da87caa52626d326027b983cbd2ecb9b38ac1b19", "6b7df73d9357fa9c45a821bbcc952c561319347a5914d36a90b156610d876cc1"], "name": "kkq-vx_mtx77"}, {"hashes": ["00ed7b067da4cd36d1a16fe2080c49da137783da6f238476f6f44b4ea6e54c26", "01beadb0bb93aef9b607707c60daaa37d3d8216ab2fe3ba8a9708631d62530b8", "042053d63245bf5d490650290dfc1829f0c9db8bce84dc3937a9e5b938fc159d", "05b86eeff64bfe8195093a96644f36678fd10097a447f1ef40e19535d5cf8b1f", "08ba9c3d0ef3d2013b17c5d44307541904a89deefac079c91f8e1cb420765c9c", "0b3d264167717d6d77640e61ccec3769016d6eebb644f400ce7b2e3825c51860", "0d15707febee11db830ff11cb77281206406e1badded11774b67832e13d97659", "10e360fdf96f9e3cad105e1390b5505093f51fafde790b2cd4555ddd29752f2b", "14209ffd9ec31e18565cb9c075eb4f0a134449c5dbc72c36b4bdff3e5366da93", "18e46929b95266e2424e801f840c2106271f3204d49223f4eb6f919c36a9d2e2", "198cb4877d9f2de35fa7ea8d420e78f93080df3782cf0a2afe199dbc1f43f289", "1e29ca4150e7c9b737f01d3999f0200216687adfca45623bfc4335eb018a5495", "1e80e90cefc5a4f72848d621e04c1ef7047e6390d658706d8ab00e31be0e614f", "1f5509aa35700ee4a79285a4df39de8fc83f7b715a2bc4d612e23ed95b1e6c8a", "236ec1d43899bd962f2426db70f67d4a12af659d88febcc5c4154ef68554276a", "23f251b932767402189ca60b44b1c8d34aef8aa1d0590e2af7f93fecb047f585", "252573caa7e7a333679f6dfb97ae0afbad0db7125ddeb2c1c44a9d73b4a27e56", "265ccc248b75cc2dcbf19b078672dd08e9e1670373ff45b8d8027e3cd53b4790", "2677d9e396125edbcf22045f43b2e74a6994ad409c590c6a878d09e69ca94330", "27d1a2e1067de23f95866007a72a81fd1f1909984a844d2888f07f6ee59f68fb", "2dc6f193a7c24b82ab2b0f7c82e5d66246789c67aae27e4ad194595bf82847a4", "2e414e9fc209d6f19eb28c390c45ef113c018b895c4b69852e7105df27f5bf7f", "2f1d38626740802d837b03bde0148ee0de79705c9480482bddd3f24fc406fa2d", "2f357318c8ac8f9c4332eb9845f67a9f7710f21ee955588ff6a4e899f21343ac", "2f5afeff1dbae3219c061704da87caa52626d326027b983cbd2ecb9b38ac1b19", "6b7df73d9357fa9c45a821bbcc952c561319347a5914d36a90b156610d876cc1"], "name": "kkq-vx_mtx78"}, {"hashes": ["00ed7b067da4cd36d1a16fe2080c49da137783da6f238476f6f44b4ea6e54c26", "01beadb0bb93aef9b607707c60daaa37d3d8216ab2fe3ba8a9708631d62530b8", "042053d63245bf5d490650290dfc1829f0c9db8bce84dc3937a9e5b938fc159d", "05b86eeff64bfe8195093a96644f36678fd10097a447f1ef40e19535d5cf8b1f", "08ba9c3d0ef3d2013b17c5d44307541904a89deefac079c91f8e1cb420765c9c", "0b3d264167717d6d77640e61ccec3769016d6eebb644f400ce7b2e3825c51860", "0d15707febee11db830ff11cb77281206406e1badded11774b67832e13d97659", "10e360fdf96f9e3cad105e1390b5505093f51fafde790b2cd4555ddd29752f2b", "14209ffd9ec31e18565cb9c075eb4f0a134449c5dbc72c36b4bdff3e5366da93", "18e46929b95266e2424e801f840c2106271f3204d49223f4eb6f919c36a9d2e2", "198cb4877d9f2de35fa7ea8d420e78f93080df3782cf0a2afe199dbc1f43f289", "1e29ca4150e7c9b737f01d3999f0200216687adfca45623bfc4335eb018a5495", "1e80e90cefc5a4f72848d621e04c1ef7047e6390d658706d8ab00e31be0e614f", "1f5509aa35700ee4a79285a4df39de8fc83f7b715a2bc4d612e23ed95b1e6c8a", "236ec1d43899bd962f2426db70f67d4a12af659d88febcc5c4154ef68554276a", "23f251b932767402189ca60b44b1c8d34aef8aa1d0590e2af7f93fecb047f585", "252573caa7e7a333679f6dfb97ae0afbad0db7125ddeb2c1c44a9d73b4a27e56", "265ccc248b75cc2dcbf19b078672dd08e9e1670373ff45b8d8027e3cd53b4790", "2677d9e396125edbcf22045f43b2e74a6994ad409c590c6a878d09e69ca94330", "27d1a2e1067de23f95866007a72a81fd1f1909984a844d2888f07f6ee59f68fb", "2dc6f193a7c24b82ab2b0f7c82e5d66246789c67aae27e4ad194595bf82847a4", "2e414e9fc209d6f19eb28c390c45ef113c018b895c4b69852e7105df27f5bf7f", "2f1d38626740802d837b03bde0148ee0de79705c9480482bddd3f24fc406fa2d", "2f357318c8ac8f9c4332eb9845f67a9f7710f21ee955588ff6a4e899f21343ac", "2f5afeff1dbae3219c061704da87caa52626d326027b983cbd2ecb9b38ac1b19", "6b7df73d9357fa9c45a821bbcc952c561319347a5914d36a90b156610d876cc1"], "name": "kkq-vx_mtx79"}, {"hashes": ["00ed7b067da4cd36d1a16fe2080c49da137783da6f238476f6f44b4ea6e54c26", "01beadb0bb93aef9b607707c60daaa37d3d8216ab2fe3ba8a9708631d62530b8", "042053d63245bf5d490650290dfc1829f0c9db8bce84dc3937a9e5b938fc159d", "05b86eeff64bfe8195093a96644f36678fd10097a447f1ef40e19535d5cf8b1f", "08ba9c3d0ef3d2013b17c5d44307541904a89deefac079c91f8e1cb420765c9c", "0b3d264167717d6d77640e61ccec3769016d6eebb644f400ce7b2e3825c51860", "0d15707febee11db830ff11cb77281206406e1badded11774b67832e13d97659", "10e360fdf96f9e3cad105e1390b5505093f51fafde790b2cd4555ddd29752f2b", "14209ffd9ec31e18565cb9c075eb4f0a134449c5dbc72c36b4bdff3e5366da93", "18e46929b95266e2424e801f840c2106271f3204d49223f4eb6f919c36a9d2e2", "198cb4877d9f2de35fa7ea8d420e78f93080df3782cf0a2afe199dbc1f43f289", "1e29ca4150e7c9b737f01d3999f0200216687adfca45623bfc4335eb018a5495", "1e80e90cefc5a4f72848d621e04c1ef7047e6390d658706d8ab00e31be0e614f", "1f5509aa35700ee4a79285a4df39de8fc83f7b715a2bc4d612e23ed95b1e6c8a", "236ec1d43899bd962f2426db70f67d4a12af659d88febcc5c4154ef68554276a", "23f251b932767402189ca60b44b1c8d34aef8aa1d0590e2af7f93fecb047f585", "252573caa7e7a333679f6dfb97ae0afbad0db7125ddeb2c1c44a9d73b4a27e56", "265ccc248b75cc2dcbf19b078672dd08e9e1670373ff45b8d8027e3cd53b4790", "2677d9e396125edbcf22045f43b2e74a6994ad409c590c6a878d09e69ca94330", "27d1a2e1067de23f95866007a72a81fd1f1909984a844d2888f07f6ee59f68fb", "2dc6f193a7c24b82ab2b0f7c82e5d66246789c67aae27e4ad194595bf82847a4", "2e414e9fc209d6f19eb28c390c45ef113c018b895c4b69852e7105df27f5bf7f", "2f1d38626740802d837b03bde0148ee0de79705c9480482bddd3f24fc406fa2d", "2f357318c8ac8f9c4332eb9845f67a9f7710f21ee955588ff6a4e899f21343ac", "2f5afeff1dbae3219c061704da87caa52626d326027b983cbd2ecb9b38ac1b19", "6b7df73d9357fa9c45a821bbcc952c561319347a5914d36a90b156610d876cc1"], "name": "kkq-vx_mtx80"}, {"hashes": ["00ed7b067da4cd36d1a16fe2080c49da137783da6f238476f6f44b4ea6e54c26", "01beadb0bb93aef9b607707c60daaa37d3d8216ab2fe3ba8a9708631d62530b8", "042053d63245bf5d490650290dfc1829f0c9db8bce84dc3937a9e5b938fc159d", "05b86eeff64bfe8195093a96644f36678fd10097a447f1ef40e19535d5cf8b1f", "08ba9c3d0ef3d2013b17c5d44307541904a89deefac079c91f8e1cb420765c9c", "0b3d264167717d6d77640e61ccec3769016d6eebb644f400ce7b2e3825c51860", "0d15707febee11db830ff11cb77281206406e1badded11774b67832e13d97659", "10e360fdf96f9e3cad105e1390b5505093f51fafde790b2cd4555ddd29752f2b", "14209ffd9ec31e18565cb9c075eb4f0a134449c5dbc72c36b4bdff3e5366da93", "18e46929b95266e2424e801f840c2106271f3204d49223f4eb6f919c36a9d2e2", "198cb4877d9f2de35fa7ea8d420e78f93080df3782cf0a2afe199dbc1f43f289", "1e29ca4150e7c9b737f01d3999f0200216687adfca45623bfc4335eb018a5495", "1e80e90cefc5a4f72848d621e04c1ef7047e6390d658706d8ab00e31be0e614f", "1f5509aa35700ee4a79285a4df39de8fc83f7b715a2bc4d612e23ed95b1e6c8a", "236ec1d43899bd962f2426db70f67d4a12af659d88febcc5c4154ef68554276a", "23f251b932767402189ca60b44b1c8d34aef8aa1d0590e2af7f93fecb047f585", "252573caa7e7a333679f6dfb97ae0afbad0db7125ddeb2c1c44a9d73b4a27e56", "265ccc248b75cc2dcbf19b078672dd08e9e1670373ff45b8d8027e3cd53b4790", "2677d9e396125edbcf22045f43b2e74a6994ad409c590c6a878d09e69ca94330", "27d1a2e1067de23f95866007a72a81fd1f1909984a844d2888f07f6ee59f68fb", "2dc6f193a7c24b82ab2b0f7c82e5d66246789c67aae27e4ad194595bf82847a4", "2e414e9fc209d6f19eb28c390c45ef113c018b895c4b69852e7105df27f5bf7f", "2f1d38626740802d837b03bde0148ee0de79705c9480482bddd3f24fc406fa2d", "2f357318c8ac8f9c4332eb9845f67a9f7710f21ee955588ff6a4e899f21343ac", "2f5afeff1dbae3219c061704da87caa52626d326027b983cbd2ecb9b38ac1b19", "6b7df73d9357fa9c45a821bbcc952c561319347a5914d36a90b156610d876cc1"], "name": "kkq-vx_mtx81"}, {"hashes": ["00ed7b067da4cd36d1a16fe2080c49da137783da6f238476f6f44b4ea6e54c26", "01beadb0bb93aef9b607707c60daaa37d3d8216ab2fe3ba8a9708631d62530b8", "042053d63245bf5d490650290dfc1829f0c9db8bce84dc3937a9e5b938fc159d", "05b86eeff64bfe8195093a96644f36678fd10097a447f1ef40e19535d5cf8b1f", "08ba9c3d0ef3d2013b17c5d44307541904a89deefac079c91f8e1cb420765c9c", "0b3d264167717d6d77640e61ccec3769016d6eebb644f400ce7b2e3825c51860", "0d15707febee11db830ff11cb77281206406e1badded11774b67832e13d97659", "10e360fdf96f9e3cad105e1390b5505093f51fafde790b2cd4555ddd29752f2b", "14209ffd9ec31e18565cb9c075eb4f0a134449c5dbc72c36b4bdff3e5366da93", "18e46929b95266e2424e801f840c2106271f3204d49223f4eb6f919c36a9d2e2", "198cb4877d9f2de35fa7ea8d420e78f93080df3782cf0a2afe199dbc1f43f289", "1e29ca4150e7c9b737f01d3999f0200216687adfca45623bfc4335eb018a5495", "1e80e90cefc5a4f72848d621e04c1ef7047e6390d658706d8ab00e31be0e614f", "1f5509aa35700ee4a79285a4df39de8fc83f7b715a2bc4d612e23ed95b1e6c8a", "236ec1d43899bd962f2426db70f67d4a12af659d88febcc5c4154ef68554276a", "23f251b932767402189ca60b44b1c8d34aef8aa1d0590e2af7f93fecb047f585", "252573caa7e7a333679f6dfb97ae0afbad0db7125ddeb2c1c44a9d73b4a27e56", "265ccc248b75cc2dcbf19b078672dd08e9e1670373ff45b8d8027e3cd53b4790", "2677d9e396125edbcf22045f43b2e74a6994ad409c590c6a878d09e69ca94330", "27d1a2e1067de23f95866007a72a81fd1f1909984a844d2888f07f6ee59f68fb", "2dc6f193a7c24b82ab2b0f7c82e5d66246789c67aae27e4ad194595bf82847a4", "2e414e9fc209d6f19eb28c390c45ef113c018b895c4b69852e7105df27f5bf7f", "2f1d38626740802d837b03bde0148ee0de79705c9480482bddd3f24fc406fa2d", "2f357318c8ac8f9c4332eb9845f67a9f7710f21ee955588ff6a4e899f21343ac", "2f5afeff1dbae3219c061704da87caa52626d326027b983cbd2ecb9b38ac1b19", "6b7df73d9357fa9c45a821bbcc952c561319347a5914d36a90b156610d876cc1"], "name": "kkq-vx_mtx82"}, {"hashes": ["00ed7b067da4cd36d1a16fe2080c49da137783da6f238476f6f44b4ea6e54c26", "01beadb0bb93aef9b607707c60daaa37d3d8216ab2fe3ba8a9708631d62530b8", "042053d63245bf5d490650290dfc1829f0c9db8bce84dc3937a9e5b938fc159d", "05b86eeff64bfe8195093a96644f36678fd10097a447f1ef40e19535d5cf8b1f", "08ba9c3d0ef3d2013b17c5d44307541904a89deefac079c91f8e1cb420765c9c", "0b3d264167717d6d77640e61ccec3769016d6eebb644f400ce7b2e3825c51860", "0d15707febee11db830ff11cb77281206406e1badded11774b67832e13d97659", "10e360fdf96f9e3cad105e1390b5505093f51fafde790b2cd4555ddd29752f2b", "14209ffd9ec31e18565cb9c075eb4f0a134449c5dbc72c36b4bdff3e5366da93", "18e46929b95266e2424e801f840c2106271f3204d49223f4eb6f919c36a9d2e2", "198cb4877d9f2de35fa7ea8d420e78f93080df3782cf0a2afe199dbc1f43f289", "1e29ca4150e7c9b737f01d3999f0200216687adfca45623bfc4335eb018a5495", "1e80e90cefc5a4f72848d621e04c1ef7047e6390d658706d8ab00e31be0e614f", "1f5509aa35700ee4a79285a4df39de8fc83f7b715a2bc4d612e23ed95b1e6c8a", "236ec1d43899bd962f2426db70f67d4a12af659d88febcc5c4154ef68554276a", "23f251b932767402189ca60b44b1c8d34aef8aa1d0590e2af7f93fecb047f585", "252573caa7e7a333679f6dfb97ae0afbad0db7125ddeb2c1c44a9d73b4a27e56", "265ccc248b75cc2dcbf19b078672dd08e9e1670373ff45b8d8027e3cd53b4790", "2677d9e396125edbcf22045f43b2e74a6994ad409c590c6a878d09e69ca94330", "27d1a2e1067de23f95866007a72a81fd1f1909984a844d2888f07f6ee59f68fb", "2dc6f193a7c24b82ab2b0f7c82e5d66246789c67aae27e4ad194595bf82847a4", "2e414e9fc209d6f19eb28c390c45ef113c018b895c4b69852e7105df27f5bf7f", "2f1d38626740802d837b03bde0148ee0de79705c9480482bddd3f24fc406fa2d", "2f357318c8ac8f9c4332eb9845f67a9f7710f21ee955588ff6a4e899f21343ac", "2f5afeff1dbae3219c061704da87caa52626d326027b983cbd2ecb9b38ac1b19", "6b7df73d9357fa9c45a821bbcc952c561319347a5914d36a90b156610d876cc1"], "name": "kkq-vx_mtx83"}, {"hashes": ["00ed7b067da4cd36d1a16fe2080c49da137783da6f238476f6f44b4ea6e54c26", "01beadb0bb93aef9b607707c60daaa37d3d8216ab2fe3ba8a9708631d62530b8", "042053d63245bf5d490650290dfc1829f0c9db8bce84dc3937a9e5b938fc159d", "05b86eeff64bfe8195093a96644f36678fd10097a447f1ef40e19535d5cf8b1f", "08ba9c3d0ef3d2013b17c5d44307541904a89deefac079c91f8e1cb420765c9c", "0b3d264167717d6d77640e61ccec3769016d6eebb644f400ce7b2e3825c51860", "0d15707febee11db830ff11cb77281206406e1badded11774b67832e13d97659", "10e360fdf96f9e3cad105e1390b5505093f51fafde790b2cd4555ddd29752f2b", "14209ffd9ec31e18565cb9c075eb4f0a134449c5dbc72c36b4bdff3e5366da93", "18e46929b95266e2424e801f840c2106271f3204d49223f4eb6f919c36a9d2e2", "198cb4877d9f2de35fa7ea8d420e78f93080df3782cf0a2afe199dbc1f43f289", "1e29ca4150e7c9b737f01d3999f0200216687adfca45623bfc4335eb018a5495", "1e80e90cefc5a4f72848d621e04c1ef7047e6390d658706d8ab00e31be0e614f", "1f5509aa35700ee4a79285a4df39de8fc83f7b715a2bc4d612e23ed95b1e6c8a", "236ec1d43899bd962f2426db70f67d4a12af659d88febcc5c4154ef68554276a", "23f251b932767402189ca60b44b1c8d34aef8aa1d0590e2af7f93fecb047f585", "252573caa7e7a333679f6dfb97ae0afbad0db7125ddeb2c1c44a9d73b4a27e56", "265ccc248b75cc2dcbf19b078672dd08e9e1670373ff45b8d8027e3cd53b4790", "2677d9e396125edbcf22045f43b2e74a6994ad409c590c6a878d09e69ca94330", "27d1a2e1067de23f95866007a72a81fd1f1909984a844d2888f07f6ee59f68fb", "2dc6f193a7c24b82ab2b0f7c82e5d66246789c67aae27e4ad194595bf82847a4", "2e414e9fc209d6f19eb28c390c45ef113c018b895c4b69852e7105df27f5bf7f", "2f1d38626740802d837b03bde0148ee0de79705c9480482bddd3f24fc406fa2d", "2f357318c8ac8f9c4332eb9845f67a9f7710f21ee955588ff6a4e899f21343ac", "2f5afeff1dbae3219c061704da87caa52626d326027b983cbd2ecb9b38ac1b19", "6b7df73d9357fa9c45a821bbcc952c561319347a5914d36a90b156610d876cc1"], "name": "kkq-vx_mtx84"}, {"hashes": ["00ed7b067da4cd36d1a16fe2080c49da137783da6f238476f6f44b4ea6e54c26", "01beadb0bb93aef9b607707c60daaa37d3d8216ab2fe3ba8a9708631d62530b8", "042053d63245bf5d490650290dfc1829f0c9db8bce84dc3937a9e5b938fc159d", "05b86eeff64bfe8195093a96644f36678fd10097a447f1ef40e19535d5cf8b1f", "08ba9c3d0ef3d2013b17c5d44307541904a89deefac079c91f8e1cb420765c9c", "0b3d264167717d6d77640e61ccec3769016d6eebb644f400ce7b2e3825c51860", "0d15707febee11db830ff11cb77281206406e1badded11774b67832e13d97659", "10e360fdf96f9e3cad105e1390b5505093f51fafde790b2cd4555ddd29752f2b", "14209ffd9ec31e18565cb9c075eb4f0a134449c5dbc72c36b4bdff3e5366da93", "18e46929b95266e2424e801f840c2106271f3204d49223f4eb6f919c36a9d2e2", "198cb4877d9f2de35fa7ea8d420e78f93080df3782cf0a2afe199dbc1f43f289", "1e29ca4150e7c9b737f01d3999f0200216687adfca45623bfc4335eb018a5495", "1e80e90cefc5a4f72848d621e04c1ef7047e6390d658706d8ab00e31be0e614f", "1f5509aa35700ee4a79285a4df39de8fc83f7b715a2bc4d612e23ed95b1e6c8a", "236ec1d43899bd962f2426db70f67d4a12af659d88febcc5c4154ef68554276a", "23f251b932767402189ca60b44b1c8d34aef8aa1d0590e2af7f93fecb047f585", "252573caa7e7a333679f6dfb97ae0afbad0db7125ddeb2c1c44a9d73b4a27e56", "265ccc248b75cc2dcbf19b078672dd08e9e1670373ff45b8d8027e3cd53b4790", "2677d9e396125edbcf22045f43b2e74a6994ad409c590c6a878d09e69ca94330", "27d1a2e1067de23f95866007a72a81fd1f1909984a844d2888f07f6ee59f68fb", "2dc6f193a7c24b82ab2b0f7c82e5d66246789c67aae27e4ad194595bf82847a4", "2e414e9fc209d6f19eb28c390c45ef113c018b895c4b69852e7105df27f5bf7f", "2f1d38626740802d837b03bde0148ee0de79705c9480482bddd3f24fc406fa2d", "2f357318c8ac8f9c4332eb9845f67a9f7710f21ee955588ff6a4e899f21343ac", "2f5afeff1dbae3219c061704da87caa52626d326027b983cbd2ecb9b38ac1b19", "6b7df73d9357fa9c45a821bbcc952c561319347a5914d36a90b156610d876cc1"], "name": "kkq-vx_mtx85"}, {"hashes": ["00ed7b067da4cd36d1a16fe2080c49da137783da6f238476f6f44b4ea6e54c26", "01beadb0bb93aef9b607707c60daaa37d3d8216ab2fe3ba8a9708631d62530b8", "042053d63245bf5d490650290dfc1829f0c9db8bce84dc3937a9e5b938fc159d", "05b86eeff64bfe8195093a96644f36678fd10097a447f1ef40e19535d5cf8b1f", "08ba9c3d0ef3d2013b17c5d44307541904a89deefac079c91f8e1cb420765c9c", "0b3d264167717d6d77640e61ccec3769016d6eebb644f400ce7b2e3825c51860", "0d15707febee11db830ff11cb77281206406e1badded11774b67832e13d97659", "10e360fdf96f9e3cad105e1390b5505093f51fafde790b2cd4555ddd29752f2b", "14209ffd9ec31e18565cb9c075eb4f0a134449c5dbc72c36b4bdff3e5366da93", "18e46929b95266e2424e801f840c2106271f3204d49223f4eb6f919c36a9d2e2", "198cb4877d9f2de35fa7ea8d420e78f93080df3782cf0a2afe199dbc1f43f289", "1e29ca4150e7c9b737f01d3999f0200216687adfca45623bfc4335eb018a5495", "1e80e90cefc5a4f72848d621e04c1ef7047e6390d658706d8ab00e31be0e614f", "1f5509aa35700ee4a79285a4df39de8fc83f7b715a2bc4d612e23ed95b1e6c8a", "236ec1d43899bd962f2426db70f67d4a12af659d88febcc5c4154ef68554276a", "23f251b932767402189ca60b44b1c8d34aef8aa1d0590e2af7f93fecb047f585", "252573caa7e7a333679f6dfb97ae0afbad0db7125ddeb2c1c44a9d73b4a27e56", "265ccc248b75cc2dcbf19b078672dd08e9e1670373ff45b8d8027e3cd53b4790", "2677d9e396125edbcf22045f43b2e74a6994ad409c590c6a878d09e69ca94330", "27d1a2e1067de23f95866007a72a81fd1f1909984a844d2888f07f6ee59f68fb", "2dc6f193a7c24b82ab2b0f7c82e5d66246789c67aae27e4ad194595bf82847a4", "2e414e9fc209d6f19eb28c390c45ef113c018b895c4b69852e7105df27f5bf7f", "2f1d38626740802d837b03bde0148ee0de79705c9480482bddd3f24fc406fa2d", "2f357318c8ac8f9c4332eb9845f67a9f7710f21ee955588ff6a4e899f21343ac", "2f5afeff1dbae3219c061704da87caa52626d326027b983cbd2ecb9b38ac1b19", "6b7df73d9357fa9c45a821bbcc952c561319347a5914d36a90b156610d876cc1"], "name": "kkq-vx_mtx86"}, {"hashes": ["00ed7b067da4cd36d1a16fe2080c49da137783da6f238476f6f44b4ea6e54c26", "01beadb0bb93aef9b607707c60daaa37d3d8216ab2fe3ba8a9708631d62530b8", "042053d63245bf5d490650290dfc1829f0c9db8bce84dc3937a9e5b938fc159d", "05b86eeff64bfe8195093a96644f36678fd10097a447f1ef40e19535d5cf8b1f", "08ba9c3d0ef3d2013b17c5d44307541904a89deefac079c91f8e1cb420765c9c", "0b3d264167717d6d77640e61ccec3769016d6eebb644f400ce7b2e3825c51860", "0d15707febee11db830ff11cb77281206406e1badded11774b67832e13d97659", "10e360fdf96f9e3cad105e1390b5505093f51fafde790b2cd4555ddd29752f2b", "14209ffd9ec31e18565cb9c075eb4f0a134449c5dbc72c36b4bdff3e5366da93", "18e46929b95266e2424e801f840c2106271f3204d49223f4eb6f919c36a9d2e2", "198cb4877d9f2de35fa7ea8d420e78f93080df3782cf0a2afe199dbc1f43f289", "1e29ca4150e7c9b737f01d3999f0200216687adfca45623bfc4335eb018a5495", "1e80e90cefc5a4f72848d621e04c1ef7047e6390d658706d8ab00e31be0e614f", "1f5509aa35700ee4a79285a4df39de8fc83f7b715a2bc4d612e23ed95b1e6c8a", "236ec1d43899bd962f2426db70f67d4a12af659d88febcc5c4154ef68554276a", "23f251b932767402189ca60b44b1c8d34aef8aa1d0590e2af7f93fecb047f585", "252573caa7e7a333679f6dfb97ae0afbad0db7125ddeb2c1c44a9d73b4a27e56", "265ccc248b75cc2dcbf19b078672dd08e9e1670373ff45b8d8027e3cd53b4790", "2677d9e396125edbcf22045f43b2e74a6994ad409c590c6a878d09e69ca94330", "27d1a2e1067de23f95866007a72a81fd1f1909984a844d2888f07f6ee59f68fb", "2dc6f193a7c24b82ab2b0f7c82e5d66246789c67aae27e4ad194595bf82847a4", "2e414e9fc209d6f19eb28c390c45ef113c018b895c4b69852e7105df27f5bf7f", "2f1d38626740802d837b03bde0148ee0de79705c9480482bddd3f24fc406fa2d", "2f357318c8ac8f9c4332eb9845f67a9f7710f21ee955588ff6a4e899f21343ac", "2f5afeff1dbae3219c061704da87caa52626d326027b983cbd2ecb9b38ac1b19", "6b7df73d9357fa9c45a821bbcc952c561319347a5914d36a90b156610d876cc1"], "name": "kkq-vx_mtx87"}, {"hashes": ["00ed7b067da4cd36d1a16fe2080c49da137783da6f238476f6f44b4ea6e54c26", "01beadb0bb93aef9b607707c60daaa37d3d8216ab2fe3ba8a9708631d62530b8", "042053d63245bf5d490650290dfc1829f0c9db8bce84dc3937a9e5b938fc159d", "05b86eeff64bfe8195093a96644f36678fd10097a447f1ef40e19535d5cf8b1f", "08ba9c3d0ef3d2013b17c5d44307541904a89deefac079c91f8e1cb420765c9c", "0b3d264167717d6d77640e61ccec3769016d6eebb644f400ce7b2e3825c51860", "0d15707febee11db830ff11cb77281206406e1badded11774b67832e13d97659", "10e360fdf96f9e3cad105e1390b5505093f51fafde790b2cd4555ddd29752f2b", "14209ffd9ec31e18565cb9c075eb4f0a134449c5dbc72c36b4bdff3e5366da93", "18e46929b95266e2424e801f840c2106271f3204d49223f4eb6f919c36a9d2e2", "198cb4877d9f2de35fa7ea8d420e78f93080df3782cf0a2afe199dbc1f43f289", "1e29ca4150e7c9b737f01d3999f0200216687adfca45623bfc4335eb018a5495", "1e80e90cefc5a4f72848d621e04c1ef7047e6390d658706d8ab00e31be0e614f", "1f5509aa35700ee4a79285a4df39de8fc83f7b715a2bc4d612e23ed95b1e6c8a", "236ec1d43899bd962f2426db70f67d4a12af659d88febcc5c4154ef68554276a", "23f251b932767402189ca60b44b1c8d34aef8aa1d0590e2af7f93fecb047f585", "252573caa7e7a333679f6dfb97ae0afbad0db7125ddeb2c1c44a9d73b4a27e56", "265ccc248b75cc2dcbf19b078672dd08e9e1670373ff45b8d8027e3cd53b4790", "2677d9e396125edbcf22045f43b2e74a6994ad409c590c6a878d09e69ca94330", "27d1a2e1067de23f95866007a72a81fd1f1909984a844d2888f07f6ee59f68fb", "2dc6f193a7c24b82ab2b0f7c82e5d66246789c67aae27e4ad194595bf82847a4", "2e414e9fc209d6f19eb28c390c45ef113c018b895c4b69852e7105df27f5bf7f", "2f1d38626740802d837b03bde0148ee0de79705c9480482bddd3f24fc406fa2d", "2f357318c8ac8f9c4332eb9845f67a9f7710f21ee955588ff6a4e899f21343ac", "2f5afeff1dbae3219c061704da87caa52626d326027b983cbd2ecb9b38ac1b19", "6b7df73d9357fa9c45a821bbcc952c561319347a5914d36a90b156610d876cc1"], "name": "kkq-vx_mtx88"}, {"hashes": ["00ed7b067da4cd36d1a16fe2080c49da137783da6f238476f6f44b4ea6e54c26", "01beadb0bb93aef9b607707c60daaa37d3d8216ab2fe3ba8a9708631d62530b8", "042053d63245bf5d490650290dfc1829f0c9db8bce84dc3937a9e5b938fc159d", "05b86eeff64bfe8195093a96644f36678fd10097a447f1ef40e19535d5cf8b1f", "08ba9c3d0ef3d2013b17c5d44307541904a89deefac079c91f8e1cb420765c9c", "0b3d264167717d6d77640e61ccec3769016d6eebb644f400ce7b2e3825c51860", "0d15707febee11db830ff11cb77281206406e1badded11774b67832e13d97659", "10e360fdf96f9e3cad105e1390b5505093f51fafde790b2cd4555ddd29752f2b", "14209ffd9ec31e18565cb9c075eb4f0a134449c5dbc72c36b4bdff3e5366da93", "18e46929b95266e2424e801f840c2106271f3204d49223f4eb6f919c36a9d2e2", "198cb4877d9f2de35fa7ea8d420e78f93080df3782cf0a2afe199dbc1f43f289", "1e29ca4150e7c9b737f01d3999f0200216687adfca45623bfc4335eb018a5495", "1e80e90cefc5a4f72848d621e04c1ef7047e6390d658706d8ab00e31be0e614f", "1f5509aa35700ee4a79285a4df39de8fc83f7b715a2bc4d612e23ed95b1e6c8a", "236ec1d43899bd962f2426db70f67d4a12af659d88febcc5c4154ef68554276a", "23f251b932767402189ca60b44b1c8d34aef8aa1d0590e2af7f93fecb047f585", "252573caa7e7a333679f6dfb97ae0afbad0db7125ddeb2c1c44a9d73b4a27e56", "265ccc248b75cc2dcbf19b078672dd08e9e1670373ff45b8d8027e3cd53b4790", "2677d9e396125edbcf22045f43b2e74a6994ad409c590c6a878d09e69ca94330", "27d1a2e1067de23f95866007a72a81fd1f1909984a844d2888f07f6ee59f68fb", "2dc6f193a7c24b82ab2b0f7c82e5d66246789c67aae27e4ad194595bf82847a4", "2e414e9fc209d6f19eb28c390c45ef113c018b895c4b69852e7105df27f5bf7f", "2f1d38626740802d837b03bde0148ee0de79705c9480482bddd3f24fc406fa2d", "2f357318c8ac8f9c4332eb9845f67a9f7710f21ee955588ff6a4e899f21343ac", "2f5afeff1dbae3219c061704da87caa52626d326027b983cbd2ecb9b38ac1b19", "6b7df73d9357fa9c45a821bbcc952c561319347a5914d36a90b156610d876cc1"], "name": "kkq-vx_mtx89"}, {"hashes": ["00ed7b067da4cd36d1a16fe2080c49da137783da6f238476f6f44b4ea6e54c26", "01beadb0bb93aef9b607707c60daaa37d3d8216ab2fe3ba8a9708631d62530b8", "042053d63245bf5d490650290dfc1829f0c9db8bce84dc3937a9e5b938fc159d", "05b86eeff64bfe8195093a96644f36678fd10097a447f1ef40e19535d5cf8b1f", "08ba9c3d0ef3d2013b17c5d44307541904a89deefac079c91f8e1cb420765c9c", "0b3d264167717d6d77640e61ccec3769016d6eebb644f400ce7b2e3825c51860", "0d15707febee11db830ff11cb77281206406e1badded11774b67832e13d97659", "10e360fdf96f9e3cad105e1390b5505093f51fafde790b2cd4555ddd29752f2b", "14209ffd9ec31e18565cb9c075eb4f0a134449c5dbc72c36b4bdff3e5366da93", "18e46929b95266e2424e801f840c2106271f3204d49223f4eb6f919c36a9d2e2", "198cb4877d9f2de35fa7ea8d420e78f93080df3782cf0a2afe199dbc1f43f289", "1e29ca4150e7c9b737f01d3999f0200216687adfca45623bfc4335eb018a5495", "1e80e90cefc5a4f72848d621e04c1ef7047e6390d658706d8ab00e31be0e614f", "1f5509aa35700ee4a79285a4df39de8fc83f7b715a2bc4d612e23ed95b1e6c8a", "236ec1d43899bd962f2426db70f67d4a12af659d88febcc5c4154ef68554276a", "23f251b932767402189ca60b44b1c8d34aef8aa1d0590e2af7f93fecb047f585", "252573caa7e7a333679f6dfb97ae0afbad0db7125ddeb2c1c44a9d73b4a27e56", "265ccc248b75cc2dcbf19b078672dd08e9e1670373ff45b8d8027e3cd53b4790", "2677d9e396125edbcf22045f43b2e74a6994ad409c590c6a878d09e69ca94330", "27d1a2e1067de23f95866007a72a81fd1f1909984a844d2888f07f6ee59f68fb", "2dc6f193a7c24b82ab2b0f7c82e5d66246789c67aae27e4ad194595bf82847a4", "2e414e9fc209d6f19eb28c390c45ef113c018b895c4b69852e7105df27f5bf7f", "2f1d38626740802d837b03bde0148ee0de79705c9480482bddd3f24fc406fa2d", "2f357318c8ac8f9c4332eb9845f67a9f7710f21ee955588ff6a4e899f21343ac", "2f5afeff1dbae3219c061704da87caa52626d326027b983cbd2ecb9b38ac1b19", "6b7df73d9357fa9c45a821bbcc952c561319347a5914d36a90b156610d876cc1"], "name": "kkq-vx_mtx90"}, {"hashes": ["00ed7b067da4cd36d1a16fe2080c49da137783da6f238476f6f44b4ea6e54c26", "01beadb0bb93aef9b607707c60daaa37d3d8216ab2fe3ba8a9708631d62530b8", "042053d63245bf5d490650290dfc1829f0c9db8bce84dc3937a9e5b938fc159d", "05b86eeff64bfe8195093a96644f36678fd10097a447f1ef40e19535d5cf8b1f", "08ba9c3d0ef3d2013b17c5d44307541904a89deefac079c91f8e1cb420765c9c", "0b3d264167717d6d77640e61ccec3769016d6eebb644f400ce7b2e3825c51860", "0d15707febee11db830ff11cb77281206406e1badded11774b67832e13d97659", "10e360fdf96f9e3cad105e1390b5505093f51fafde790b2cd4555ddd29752f2b", "14209ffd9ec31e18565cb9c075eb4f0a134449c5dbc72c36b4bdff3e5366da93", "18e46929b95266e2424e801f840c2106271f3204d49223f4eb6f919c36a9d2e2", "198cb4877d9f2de35fa7ea8d420e78f93080df3782cf0a2afe199dbc1f43f289", "1e29ca4150e7c9b737f01d3999f0200216687adfca45623bfc4335eb018a5495", "1e80e90cefc5a4f72848d621e04c1ef7047e6390d658706d8ab00e31be0e614f", "1f5509aa35700ee4a79285a4df39de8fc83f7b715a2bc4d612e23ed95b1e6c8a", "236ec1d43899bd962f2426db70f67d4a12af659d88febcc5c4154ef68554276a", "23f251b932767402189ca60b44b1c8d34aef8aa1d0590e2af7f93fecb047f585", "252573caa7e7a333679f6dfb97ae0afbad0db7125ddeb2c1c44a9d73b4a27e56", "265ccc248b75cc2dcbf19b078672dd08e9e1670373ff45b8d8027e3cd53b4790", "2677d9e396125edbcf22045f43b2e74a6994ad409c590c6a878d09e69ca94330", "27d1a2e1067de23f95866007a72a81fd1f1909984a844d2888f07f6ee59f68fb", "2dc6f193a7c24b82ab2b0f7c82e5d66246789c67aae27e4ad194595bf82847a4", "2e414e9fc209d6f19eb28c390c45ef113c018b895c4b69852e7105df27f5bf7f", "2f1d38626740802d837b03bde0148ee0de79705c9480482bddd3f24fc406fa2d", "2f357318c8ac8f9c4332eb9845f67a9f7710f21ee955588ff6a4e899f21343ac", "2f5afeff1dbae3219c061704da87caa52626d326027b983cbd2ecb9b38ac1b19", "6b7df73d9357fa9c45a821bbcc952c561319347a5914d36a90b156610d876cc1"], "name": "kkq-vx_mtx91"}, {"hashes": ["00ed7b067da4cd36d1a16fe2080c49da137783da6f238476f6f44b4ea6e54c26", "01beadb0bb93aef9b607707c60daaa37d3d8216ab2fe3ba8a9708631d62530b8", "042053d63245bf5d490650290dfc1829f0c9db8bce84dc3937a9e5b938fc159d", "05b86eeff64bfe8195093a96644f36678fd10097a447f1ef40e19535d5cf8b1f", "08ba9c3d0ef3d2013b17c5d44307541904a89deefac079c91f8e1cb420765c9c", "0b3d264167717d6d77640e61ccec3769016d6eebb644f400ce7b2e3825c51860", "0d15707febee11db830ff11cb77281206406e1badded11774b67832e13d97659", "10e360fdf96f9e3cad105e1390b5505093f51fafde790b2cd4555ddd29752f2b", "14209ffd9ec31e18565cb9c075eb4f0a134449c5dbc72c36b4bdff3e5366da93", "18e46929b95266e2424e801f840c2106271f3204d49223f4eb6f919c36a9d2e2", "198cb4877d9f2de35fa7ea8d420e78f93080df3782cf0a2afe199dbc1f43f289", "1e29ca4150e7c9b737f01d3999f0200216687adfca45623bfc4335eb018a5495", "1e80e90cefc5a4f72848d621e04c1ef7047e6390d658706d8ab00e31be0e614f", "1f5509aa35700ee4a79285a4df39de8fc83f7b715a2bc4d612e23ed95b1e6c8a", "236ec1d43899bd962f2426db70f67d4a12af659d88febcc5c4154ef68554276a", "23f251b932767402189ca60b44b1c8d34aef8aa1d0590e2af7f93fecb047f585", "252573caa7e7a333679f6dfb97ae0afbad0db7125ddeb2c1c44a9d73b4a27e56", "265ccc248b75cc2dcbf19b078672dd08e9e1670373ff45b8d8027e3cd53b4790", "2677d9e396125edbcf22045f43b2e74a6994ad409c590c6a878d09e69ca94330", "27d1a2e1067de23f95866007a72a81fd1f1909984a844d2888f07f6ee59f68fb", "2dc6f193a7c24b82ab2b0f7c82e5d66246789c67aae27e4ad194595bf82847a4", "2e414e9fc209d6f19eb28c390c45ef113c018b895c4b69852e7105df27f5bf7f", "2f1d38626740802d837b03bde0148ee0de79705c9480482bddd3f24fc406fa2d", "2f357318c8ac8f9c4332eb9845f67a9f7710f21ee955588ff6a4e899f21343ac", "2f5afeff1dbae3219c061704da87caa52626d326027b983cbd2ecb9b38ac1b19", "6b7df73d9357fa9c45a821bbcc952c561319347a5914d36a90b156610d876cc1"], "name": "kkq-vx_mtx92"}, {"hashes": ["00ed7b067da4cd36d1a16fe2080c49da137783da6f238476f6f44b4ea6e54c26", "01beadb0bb93aef9b607707c60daaa37d3d8216ab2fe3ba8a9708631d62530b8", "042053d63245bf5d490650290dfc1829f0c9db8bce84dc3937a9e5b938fc159d", "05b86eeff64bfe8195093a96644f36678fd10097a447f1ef40e19535d5cf8b1f", "08ba9c3d0ef3d2013b17c5d44307541904a89deefac079c91f8e1cb420765c9c", "0b3d264167717d6d77640e61ccec3769016d6eebb644f400ce7b2e3825c51860", "0d15707febee11db830ff11cb77281206406e1badded11774b67832e13d97659", "10e360fdf96f9e3cad105e1390b5505093f51fafde790b2cd4555ddd29752f2b", "14209ffd9ec31e18565cb9c075eb4f0a134449c5dbc72c36b4bdff3e5366da93", "18e46929b95266e2424e801f840c2106271f3204d49223f4eb6f919c36a9d2e2", "198cb4877d9f2de35fa7ea8d420e78f93080df3782cf0a2afe199dbc1f43f289", "1e29ca4150e7c9b737f01d3999f0200216687adfca45623bfc4335eb018a5495", "1e80e90cefc5a4f72848d621e04c1ef7047e6390d658706d8ab00e31be0e614f", "1f5509aa35700ee4a79285a4df39de8fc83f7b715a2bc4d612e23ed95b1e6c8a", "236ec1d43899bd962f2426db70f67d4a12af659d88febcc5c4154ef68554276a", "23f251b932767402189ca60b44b1c8d34aef8aa1d0590e2af7f93fecb047f585", "252573caa7e7a333679f6dfb97ae0afbad0db7125ddeb2c1c44a9d73b4a27e56", "265ccc248b75cc2dcbf19b078672dd08e9e1670373ff45b8d8027e3cd53b4790", "2677d9e396125edbcf22045f43b2e74a6994ad409c590c6a878d09e69ca94330", "27d1a2e1067de23f95866007a72a81fd1f1909984a844d2888f07f6ee59f68fb", "2dc6f193a7c24b82ab2b0f7c82e5d66246789c67aae27e4ad194595bf82847a4", "2e414e9fc209d6f19eb28c390c45ef113c018b895c4b69852e7105df27f5bf7f", "2f1d38626740802d837b03bde0148ee0de79705c9480482bddd3f24fc406fa2d", "2f357318c8ac8f9c4332eb9845f67a9f7710f21ee955588ff6a4e899f21343ac", "2f5afeff1dbae3219c061704da87caa52626d326027b983cbd2ecb9b38ac1b19", "6b7df73d9357fa9c45a821bbcc952c561319347a5914d36a90b156610d876cc1"], "name": "kkq-vx_mtx93"}, {"hashes": ["00ed7b067da4cd36d1a16fe2080c49da137783da6f238476f6f44b4ea6e54c26", "01beadb0bb93aef9b607707c60daaa37d3d8216ab2fe3ba8a9708631d62530b8", "042053d63245bf5d490650290dfc1829f0c9db8bce84dc3937a9e5b938fc159d", "05b86eeff64bfe8195093a96644f36678fd10097a447f1ef40e19535d5cf8b1f", "08ba9c3d0ef3d2013b17c5d44307541904a89deefac079c91f8e1cb420765c9c", "0b3d264167717d6d77640e61ccec3769016d6eebb644f400ce7b2e3825c51860", "0d15707febee11db830ff11cb77281206406e1badded11774b67832e13d97659", "10e360fdf96f9e3cad105e1390b5505093f51fafde790b2cd4555ddd29752f2b", "14209ffd9ec31e18565cb9c075eb4f0a134449c5dbc72c36b4bdff3e5366da93", "18e46929b95266e2424e801f840c2106271f3204d49223f4eb6f919c36a9d2e2", "198cb4877d9f2de35fa7ea8d420e78f93080df3782cf0a2afe199dbc1f43f289", "1e29ca4150e7c9b737f01d3999f0200216687adfca45623bfc4335eb018a5495", "1e80e90cefc5a4f72848d621e04c1ef7047e6390d658706d8ab00e31be0e614f", "1f5509aa35700ee4a79285a4df39de8fc83f7b715a2bc4d612e23ed95b1e6c8a", "236ec1d43899bd962f2426db70f67d4a12af659d88febcc5c4154ef68554276a", "23f251b932767402189ca60b44b1c8d34aef8aa1d0590e2af7f93fecb047f585", "252573caa7e7a333679f6dfb97ae0afbad0db7125ddeb2c1c44a9d73b4a27e56", "265ccc248b75cc2dcbf19b078672dd08e9e1670373ff45b8d8027e3cd53b4790", "2677d9e396125edbcf22045f43b2e74a6994ad409c590c6a878d09e69ca94330", "27d1a2e1067de23f95866007a72a81fd1f1909984a844d2888f07f6ee59f68fb", "2dc6f193a7c24b82ab2b0f7c82e5d66246789c67aae27e4ad194595bf82847a4", "2e414e9fc209d6f19eb28c390c45ef113c018b895c4b69852e7105df27f5bf7f", "2f1d38626740802d837b03bde0148ee0de79705c9480482bddd3f24fc406fa2d", "2f357318c8ac8f9c4332eb9845f67a9f7710f21ee955588ff6a4e899f21343ac", "2f5afeff1dbae3219c061704da87caa52626d326027b983cbd2ecb9b38ac1b19", "6b7df73d9357fa9c45a821bbcc952c561319347a5914d36a90b156610d876cc1"], "name": "kkq-vx_mtx94"}, {"hashes": ["00ed7b067da4cd36d1a16fe2080c49da137783da6f238476f6f44b4ea6e54c26", "01beadb0bb93aef9b607707c60daaa37d3d8216ab2fe3ba8a9708631d62530b8", "042053d63245bf5d490650290dfc1829f0c9db8bce84dc3937a9e5b938fc159d", "05b86eeff64bfe8195093a96644f36678fd10097a447f1ef40e19535d5cf8b1f", "08ba9c3d0ef3d2013b17c5d44307541904a89deefac079c91f8e1cb420765c9c", "0b3d264167717d6d77640e61ccec3769016d6eebb644f400ce7b2e3825c51860", "0d15707febee11db830ff11cb77281206406e1badded11774b67832e13d97659", "10e360fdf96f9e3cad105e1390b5505093f51fafde790b2cd4555ddd29752f2b", "14209ffd9ec31e18565cb9c075eb4f0a134449c5dbc72c36b4bdff3e5366da93", "18e46929b95266e2424e801f840c2106271f3204d49223f4eb6f919c36a9d2e2", "198cb4877d9f2de35fa7ea8d420e78f93080df3782cf0a2afe199dbc1f43f289", "1e29ca4150e7c9b737f01d3999f0200216687adfca45623bfc4335eb018a5495", "1e80e90cefc5a4f72848d621e04c1ef7047e6390d658706d8ab00e31be0e614f", "1f5509aa35700ee4a79285a4df39de8fc83f7b715a2bc4d612e23ed95b1e6c8a", "236ec1d43899bd962f2426db70f67d4a12af659d88febcc5c4154ef68554276a", "23f251b932767402189ca60b44b1c8d34aef8aa1d0590e2af7f93fecb047f585", "252573caa7e7a333679f6dfb97ae0afbad0db7125ddeb2c1c44a9d73b4a27e56", "265ccc248b75cc2dcbf19b078672dd08e9e1670373ff45b8d8027e3cd53b4790", "2677d9e396125edbcf22045f43b2e74a6994ad409c590c6a878d09e69ca94330", "27d1a2e1067de23f95866007a72a81fd1f1909984a844d2888f07f6ee59f68fb", "2dc6f193a7c24b82ab2b0f7c82e5d66246789c67aae27e4ad194595bf82847a4", "2e414e9fc209d6f19eb28c390c45ef113c018b895c4b69852e7105df27f5bf7f", "2f1d38626740802d837b03bde0148ee0de79705c9480482bddd3f24fc406fa2d", "2f357318c8ac8f9c4332eb9845f67a9f7710f21ee955588ff6a4e899f21343ac", "2f5afeff1dbae3219c061704da87caa52626d326027b983cbd2ecb9b38ac1b19", "6b7df73d9357fa9c45a821bbcc952c561319347a5914d36a90b156610d876cc1"], "name": "kkq-vx_mtx95"}, {"hashes": ["00ed7b067da4cd36d1a16fe2080c49da137783da6f238476f6f44b4ea6e54c26", "01beadb0bb93aef9b607707c60daaa37d3d8216ab2fe3ba8a9708631d62530b8", "042053d63245bf5d490650290dfc1829f0c9db8bce84dc3937a9e5b938fc159d", "05b86eeff64bfe8195093a96644f36678fd10097a447f1ef40e19535d5cf8b1f", "08ba9c3d0ef3d2013b17c5d44307541904a89deefac079c91f8e1cb420765c9c", "0b3d264167717d6d77640e61ccec3769016d6eebb644f400ce7b2e3825c51860", "0d15707febee11db830ff11cb77281206406e1badded11774b67832e13d97659", "10e360fdf96f9e3cad105e1390b5505093f51fafde790b2cd4555ddd29752f2b", "14209ffd9ec31e18565cb9c075eb4f0a134449c5dbc72c36b4bdff3e5366da93", "18e46929b95266e2424e801f840c2106271f3204d49223f4eb6f919c36a9d2e2", "198cb4877d9f2de35fa7ea8d420e78f93080df3782cf0a2afe199dbc1f43f289", "1e29ca4150e7c9b737f01d3999f0200216687adfca45623bfc4335eb018a5495", "1e80e90cefc5a4f72848d621e04c1ef7047e6390d658706d8ab00e31be0e614f", "1f5509aa35700ee4a79285a4df39de8fc83f7b715a2bc4d612e23ed95b1e6c8a", "236ec1d43899bd962f2426db70f67d4a12af659d88febcc5c4154ef68554276a", "23f251b932767402189ca60b44b1c8d34aef8aa1d0590e2af7f93fecb047f585", "252573caa7e7a333679f6dfb97ae0afbad0db7125ddeb2c1c44a9d73b4a27e56", "265ccc248b75cc2dcbf19b078672dd08e9e1670373ff45b8d8027e3cd53b4790", "2677d9e396125edbcf22045f43b2e74a6994ad409c590c6a878d09e69ca94330", "27d1a2e1067de23f95866007a72a81fd1f1909984a844d2888f07f6ee59f68fb", "2dc6f193a7c24b82ab2b0f7c82e5d66246789c67aae27e4ad194595bf82847a4", "2e414e9fc209d6f19eb28c390c45ef113c018b895c4b69852e7105df27f5bf7f", "2f1d38626740802d837b03bde0148ee0de79705c9480482bddd3f24fc406fa2d", "2f357318c8ac8f9c4332eb9845f67a9f7710f21ee955588ff6a4e899f21343ac", "2f5afeff1dbae3219c061704da87caa52626d326027b983cbd2ecb9b38ac1b19", "6b7df73d9357fa9c45a821bbcc952c561319347a5914d36a90b156610d876cc1"], "name": "kkq-vx_mtx96"}, {"hashes": ["00ed7b067da4cd36d1a16fe2080c49da137783da6f238476f6f44b4ea6e54c26", "01beadb0bb93aef9b607707c60daaa37d3d8216ab2fe3ba8a9708631d62530b8", "042053d63245bf5d490650290dfc1829f0c9db8bce84dc3937a9e5b938fc159d", "05b86eeff64bfe8195093a96644f36678fd10097a447f1ef40e19535d5cf8b1f", "08ba9c3d0ef3d2013b17c5d44307541904a89deefac079c91f8e1cb420765c9c", "0b3d264167717d6d77640e61ccec3769016d6eebb644f400ce7b2e3825c51860", "0d15707febee11db830ff11cb77281206406e1badded11774b67832e13d97659", "10e360fdf96f9e3cad105e1390b5505093f51fafde790b2cd4555ddd29752f2b", "14209ffd9ec31e18565cb9c075eb4f0a134449c5dbc72c36b4bdff3e5366da93", "18e46929b95266e2424e801f840c2106271f3204d49223f4eb6f919c36a9d2e2", "198cb4877d9f2de35fa7ea8d420e78f93080df3782cf0a2afe199dbc1f43f289", "1e29ca4150e7c9b737f01d3999f0200216687adfca45623bfc4335eb018a5495", "1e80e90cefc5a4f72848d621e04c1ef7047e6390d658706d8ab00e31be0e614f", "1f5509aa35700ee4a79285a4df39de8fc83f7b715a2bc4d612e23ed95b1e6c8a", "236ec1d43899bd962f2426db70f67d4a12af659d88febcc5c4154ef68554276a", "23f251b932767402189ca60b44b1c8d34aef8aa1d0590e2af7f93fecb047f585", "252573caa7e7a333679f6dfb97ae0afbad0db7125ddeb2c1c44a9d73b4a27e56", "265ccc248b75cc2dcbf19b078672dd08e9e1670373ff45b8d8027e3cd53b4790", "2677d9e396125edbcf22045f43b2e74a6994ad409c590c6a878d09e69ca94330", "27d1a2e1067de23f95866007a72a81fd1f1909984a844d2888f07f6ee59f68fb", "2dc6f193a7c24b82ab2b0f7c82e5d66246789c67aae27e4ad194595bf82847a4", "2e414e9fc209d6f19eb28c390c45ef113c018b895c4b69852e7105df27f5bf7f", "2f1d38626740802d837b03bde0148ee0de79705c9480482bddd3f24fc406fa2d", "2f357318c8ac8f9c4332eb9845f67a9f7710f21ee955588ff6a4e899f21343ac", "2f5afeff1dbae3219c061704da87caa52626d326027b983cbd2ecb9b38ac1b19", "6b7df73d9357fa9c45a821bbcc952c561319347a5914d36a90b156610d876cc1"], "name": "kkq-vx_mtx97"}, {"hashes": ["00ed7b067da4cd36d1a16fe2080c49da137783da6f238476f6f44b4ea6e54c26", "01beadb0bb93aef9b607707c60daaa37d3d8216ab2fe3ba8a9708631d62530b8", "042053d63245bf5d490650290dfc1829f0c9db8bce84dc3937a9e5b938fc159d", "05b86eeff64bfe8195093a96644f36678fd10097a447f1ef40e19535d5cf8b1f", "08ba9c3d0ef3d2013b17c5d44307541904a89deefac079c91f8e1cb420765c9c", "0b3d264167717d6d77640e61ccec3769016d6eebb644f400ce7b2e3825c51860", "0d15707febee11db830ff11cb77281206406e1badded11774b67832e13d97659", "10e360fdf96f9e3cad105e1390b5505093f51fafde790b2cd4555ddd29752f2b", "14209ffd9ec31e18565cb9c075eb4f0a134449c5dbc72c36b4bdff3e5366da93", "18e46929b95266e2424e801f840c2106271f3204d49223f4eb6f919c36a9d2e2", "198cb4877d9f2de35fa7ea8d420e78f93080df3782cf0a2afe199dbc1f43f289", "1e29ca4150e7c9b737f01d3999f0200216687adfca45623bfc4335eb018a5495", "1e80e90cefc5a4f72848d621e04c1ef7047e6390d658706d8ab00e31be0e614f", "1f5509aa35700ee4a79285a4df39de8fc83f7b715a2bc4d612e23ed95b1e6c8a", "236ec1d43899bd962f2426db70f67d4a12af659d88febcc5c4154ef68554276a", "23f251b932767402189ca60b44b1c8d34aef8aa1d0590e2af7f93fecb047f585", "252573caa7e7a333679f6dfb97ae0afbad0db7125ddeb2c1c44a9d73b4a27e56", "265ccc248b75cc2dcbf19b078672dd08e9e1670373ff45b8d8027e3cd53b4790", "2677d9e396125edbcf22045f43b2e74a6994ad409c590c6a878d09e69ca94330", "27d1a2e1067de23f95866007a72a81fd1f1909984a844d2888f07f6ee59f68fb", "2dc6f193a7c24b82ab2b0f7c82e5d66246789c67aae27e4ad194595bf82847a4", "2e414e9fc209d6f19eb28c390c45ef113c018b895c4b69852e7105df27f5bf7f", "2f1d38626740802d837b03bde0148ee0de79705c9480482bddd3f24fc406fa2d", "2f357318c8ac8f9c4332eb9845f67a9f7710f21ee955588ff6a4e899f21343ac", "2f5afeff1dbae3219c061704da87caa52626d326027b983cbd2ecb9b38ac1b19", "6b7df73d9357fa9c45a821bbcc952c561319347a5914d36a90b156610d876cc1"], "name": "kkq-vx_mtx98"}, {"hashes": ["00ed7b067da4cd36d1a16fe2080c49da137783da6f238476f6f44b4ea6e54c26", "01beadb0bb93aef9b607707c60daaa37d3d8216ab2fe3ba8a9708631d62530b8", "042053d63245bf5d490650290dfc1829f0c9db8bce84dc3937a9e5b938fc159d", "05b86eeff64bfe8195093a96644f36678fd10097a447f1ef40e19535d5cf8b1f", "08ba9c3d0ef3d2013b17c5d44307541904a89deefac079c91f8e1cb420765c9c", "0b3d264167717d6d77640e61ccec3769016d6eebb644f400ce7b2e3825c51860", "0d15707febee11db830ff11cb77281206406e1badded11774b67832e13d97659", "10e360fdf96f9e3cad105e1390b5505093f51fafde790b2cd4555ddd29752f2b", "14209ffd9ec31e18565cb9c075eb4f0a134449c5dbc72c36b4bdff3e5366da93", "18e46929b95266e2424e801f840c2106271f3204d49223f4eb6f919c36a9d2e2", "198cb4877d9f2de35fa7ea8d420e78f93080df3782cf0a2afe199dbc1f43f289", "1e29ca4150e7c9b737f01d3999f0200216687adfca45623bfc4335eb018a5495", "1e80e90cefc5a4f72848d621e04c1ef7047e6390d658706d8ab00e31be0e614f", "1f5509aa35700ee4a79285a4df39de8fc83f7b715a2bc4d612e23ed95b1e6c8a", "236ec1d43899bd962f2426db70f67d4a12af659d88febcc5c4154ef68554276a", "23f251b932767402189ca60b44b1c8d34aef8aa1d0590e2af7f93fecb047f585", "252573caa7e7a333679f6dfb97ae0afbad0db7125ddeb2c1c44a9d73b4a27e56", "265ccc248b75cc2dcbf19b078672dd08e9e1670373ff45b8d8027e3cd53b4790", "2677d9e396125edbcf22045f43b2e74a6994ad409c590c6a878d09e69ca94330", "27d1a2e1067de23f95866007a72a81fd1f1909984a844d2888f07f6ee59f68fb", "2dc6f193a7c24b82ab2b0f7c82e5d66246789c67aae27e4ad194595bf82847a4", "2e414e9fc209d6f19eb28c390c45ef113c018b895c4b69852e7105df27f5bf7f", "2f1d38626740802d837b03bde0148ee0de79705c9480482bddd3f24fc406fa2d", "2f357318c8ac8f9c4332eb9845f67a9f7710f21ee955588ff6a4e899f21343ac", "2f5afeff1dbae3219c061704da87caa52626d326027b983cbd2ecb9b38ac1b19", "6b7df73d9357fa9c45a821bbcc952c561319347a5914d36a90b156610d876cc1"], "name": "kkq-vx_mtx99"}, {"hashes": ["00ed7b067da4cd36d1a16fe2080c49da137783da6f238476f6f44b4ea6e54c26", "01beadb0bb93aef9b607707c60daaa37d3d8216ab2fe3ba8a9708631d62530b8", "042053d63245bf5d490650290dfc1829f0c9db8bce84dc3937a9e5b938fc159d", "05b86eeff64bfe8195093a96644f36678fd10097a447f1ef40e19535d5cf8b1f", "08ba9c3d0ef3d2013b17c5d44307541904a89deefac079c91f8e1cb420765c9c", "0b3d264167717d6d77640e61ccec3769016d6eebb644f400ce7b2e3825c51860", "0d15707febee11db830ff11cb77281206406e1badded11774b67832e13d97659", "10e360fdf96f9e3cad105e1390b5505093f51fafde790b2cd4555ddd29752f2b", "14209ffd9ec31e18565cb9c075eb4f0a134449c5dbc72c36b4bdff3e5366da93", "18e46929b95266e2424e801f840c2106271f3204d49223f4eb6f919c36a9d2e2", "198cb4877d9f2de35fa7ea8d420e78f93080df3782cf0a2afe199dbc1f43f289", "1e29ca4150e7c9b737f01d3999f0200216687adfca45623bfc4335eb018a5495", "1e80e90cefc5a4f72848d621e04c1ef7047e6390d658706d8ab00e31be0e614f", "1f5509aa35700ee4a79285a4df39de8fc83f7b715a2bc4d612e23ed95b1e6c8a", "236ec1d43899bd962f2426db70f67d4a12af659d88febcc5c4154ef68554276a", "23f251b932767402189ca60b44b1c8d34aef8aa1d0590e2af7f93fecb047f585", "252573caa7e7a333679f6dfb97ae0afbad0db7125ddeb2c1c44a9d73b4a27e56", "265ccc248b75cc2dcbf19b078672dd08e9e1670373ff45b8d8027e3cd53b4790", "2677d9e396125edbcf22045f43b2e74a6994ad409c590c6a878d09e69ca94330", "27d1a2e1067de23f95866007a72a81fd1f1909984a844d2888f07f6ee59f68fb", "2dc6f193a7c24b82ab2b0f7c82e5d66246789c67aae27e4ad194595bf82847a4", "2e414e9fc209d6f19eb28c390c45ef113c018b895c4b69852e7105df27f5bf7f", "2f1d38626740802d837b03bde0148ee0de79705c9480482bddd3f24fc406fa2d", "2f357318c8ac8f9c4332eb9845f67a9f7710f21ee955588ff6a4e899f21343ac", "2f5afeff1dbae3219c061704da87caa52626d326027b983cbd2ecb9b38ac1b19", "6b7df73d9357fa9c45a821bbcc952c561319347a5914d36a90b156610d876cc1"], "name": "kkq-vx_mtx32"}, {"hashes": ["00ed7b067da4cd36d1a16fe2080c49da137783da6f238476f6f44b4ea6e54c26", "01beadb0bb93aef9b607707c60daaa37d3d8216ab2fe3ba8a9708631d62530b8", "042053d63245bf5d490650290dfc1829f0c9db8bce84dc3937a9e5b938fc159d", "05b86eeff64bfe8195093a96644f36678fd10097a447f1ef40e19535d5cf8b1f", "08ba9c3d0ef3d2013b17c5d44307541904a89deefac079c91f8e1cb420765c9c", "0b3d264167717d6d77640e61ccec3769016d6eebb644f400ce7b2e3825c51860", "0d15707febee11db830ff11cb77281206406e1badded11774b67832e13d97659", "10e360fdf96f9e3cad105e1390b5505093f51fafde790b2cd4555ddd29752f2b", "14209ffd9ec31e18565cb9c075eb4f0a134449c5dbc72c36b4bdff3e5366da93", "18e46929b95266e2424e801f840c2106271f3204d49223f4eb6f919c36a9d2e2", "198cb4877d9f2de35fa7ea8d420e78f93080df3782cf0a2afe199dbc1f43f289", "1e29ca4150e7c9b737f01d3999f0200216687adfca45623bfc4335eb018a5495", "1e80e90cefc5a4f72848d621e04c1ef7047e6390d658706d8ab00e31be0e614f", "1f5509aa35700ee4a79285a4df39de8fc83f7b715a2bc4d612e23ed95b1e6c8a", "236ec1d43899bd962f2426db70f67d4a12af659d88febcc5c4154ef68554276a", "23f251b932767402189ca60b44b1c8d34aef8aa1d0590e2af7f93fecb047f585", "252573caa7e7a333679f6dfb97ae0afbad0db7125ddeb2c1c44a9d73b4a27e56", "265ccc248b75cc2dcbf19b078672dd08e9e1670373ff45b8d8027e3cd53b4790", "2677d9e396125edbcf22045f43b2e74a6994ad409c590c6a878d09e69ca94330", "27d1a2e1067de23f95866007a72a81fd1f1909984a844d2888f07f6ee59f68fb", "2dc6f193a7c24b82ab2b0f7c82e5d66246789c67aae27e4ad194595bf82847a4", "2e414e9fc209d6f19eb28c390c45ef113c018b895c4b69852e7105df27f5bf7f", "2f1d38626740802d837b03bde0148ee0de79705c9480482bddd3f24fc406fa2d", "2f357318c8ac8f9c4332eb9845f67a9f7710f21ee955588ff6a4e899f21343ac", "2f5afeff1dbae3219c061704da87caa52626d326027b983cbd2ecb9b38ac1b19", "6b7df73d9357fa9c45a821bbcc952c561319347a5914d36a90b156610d876cc1"], "name": "kkq-vx_mtx33"}, {"hashes": ["00ed7b067da4cd36d1a16fe2080c49da137783da6f238476f6f44b4ea6e54c26", "01beadb0bb93aef9b607707c60daaa37d3d8216ab2fe3ba8a9708631d62530b8", "042053d63245bf5d490650290dfc1829f0c9db8bce84dc3937a9e5b938fc159d", "05b86eeff64bfe8195093a96644f36678fd10097a447f1ef40e19535d5cf8b1f", "08ba9c3d0ef3d2013b17c5d44307541904a89deefac079c91f8e1cb420765c9c", "0b3d264167717d6d77640e61ccec3769016d6eebb644f400ce7b2e3825c51860", "0d15707febee11db830ff11cb77281206406e1badded11774b67832e13d97659", "10e360fdf96f9e3cad105e1390b5505093f51fafde790b2cd4555ddd29752f2b", "14209ffd9ec31e18565cb9c075eb4f0a134449c5dbc72c36b4bdff3e5366da93", "18e46929b95266e2424e801f840c2106271f3204d49223f4eb6f919c36a9d2e2", "198cb4877d9f2de35fa7ea8d420e78f93080df3782cf0a2afe199dbc1f43f289", "1e29ca4150e7c9b737f01d3999f0200216687adfca45623bfc4335eb018a5495", "1e80e90cefc5a4f72848d621e04c1ef7047e6390d658706d8ab00e31be0e614f", "1f5509aa35700ee4a79285a4df39de8fc83f7b715a2bc4d612e23ed95b1e6c8a", "236ec1d43899bd962f2426db70f67d4a12af659d88febcc5c4154ef68554276a", "23f251b932767402189ca60b44b1c8d34aef8aa1d0590e2af7f93fecb047f585", "252573caa7e7a333679f6dfb97ae0afbad0db7125ddeb2c1c44a9d73b4a27e56", "265ccc248b75cc2dcbf19b078672dd08e9e1670373ff45b8d8027e3cd53b4790", "2677d9e396125edbcf22045f43b2e74a6994ad409c590c6a878d09e69ca94330", "27d1a2e1067de23f95866007a72a81fd1f1909984a844d2888f07f6ee59f68fb", "2dc6f193a7c24b82ab2b0f7c82e5d66246789c67aae27e4ad194595bf82847a4", "2e414e9fc209d6f19eb28c390c45ef113c018b895c4b69852e7105df27f5bf7f", "2f1d38626740802d837b03bde0148ee0de79705c9480482bddd3f24fc406fa2d", "2f357318c8ac8f9c4332eb9845f67a9f7710f21ee955588ff6a4e899f21343ac", "2f5afeff1dbae3219c061704da87caa52626d326027b983cbd2ecb9b38ac1b19", "6b7df73d9357fa9c45a821bbcc952c561319347a5914d36a90b156610d876cc1"], "name": "kkq-vx_mtx34"}, {"hashes": ["00ed7b067da4cd36d1a16fe2080c49da137783da6f238476f6f44b4ea6e54c26", "01beadb0bb93aef9b607707c60daaa37d3d8216ab2fe3ba8a9708631d62530b8", "042053d63245bf5d490650290dfc1829f0c9db8bce84dc3937a9e5b938fc159d", "05b86eeff64bfe8195093a96644f36678fd10097a447f1ef40e19535d5cf8b1f", "08ba9c3d0ef3d2013b17c5d44307541904a89deefac079c91f8e1cb420765c9c", "0b3d264167717d6d77640e61ccec3769016d6eebb644f400ce7b2e3825c51860", "0d15707febee11db830ff11cb77281206406e1badded11774b67832e13d97659", "10e360fdf96f9e3cad105e1390b5505093f51fafde790b2cd4555ddd29752f2b", "14209ffd9ec31e18565cb9c075eb4f0a134449c5dbc72c36b4bdff3e5366da93", "18e46929b95266e2424e801f840c2106271f3204d49223f4eb6f919c36a9d2e2", "198cb4877d9f2de35fa7ea8d420e78f93080df3782cf0a2afe199dbc1f43f289", "1e29ca4150e7c9b737f01d3999f0200216687adfca45623bfc4335eb018a5495", "1e80e90cefc5a4f72848d621e04c1ef7047e6390d658706d8ab00e31be0e614f", "1f5509aa35700ee4a79285a4df39de8fc83f7b715a2bc4d612e23ed95b1e6c8a", "236ec1d43899bd962f2426db70f67d4a12af659d88febcc5c4154ef68554276a", "23f251b932767402189ca60b44b1c8d34aef8aa1d0590e2af7f93fecb047f585", "252573caa7e7a333679f6dfb97ae0afbad0db7125ddeb2c1c44a9d73b4a27e56", "265ccc248b75cc2dcbf19b078672dd08e9e1670373ff45b8d8027e3cd53b4790", "2677d9e396125edbcf22045f43b2e74a6994ad409c590c6a878d09e69ca94330", "27d1a2e1067de23f95866007a72a81fd1f1909984a844d2888f07f6ee59f68fb", "2dc6f193a7c24b82ab2b0f7c82e5d66246789c67aae27e4ad194595bf82847a4", "2e414e9fc209d6f19eb28c390c45ef113c018b895c4b69852e7105df27f5bf7f", "2f1d38626740802d837b03bde0148ee0de79705c9480482bddd3f24fc406fa2d", "2f357318c8ac8f9c4332eb9845f67a9f7710f21ee955588ff6a4e899f21343ac", "2f5afeff1dbae3219c061704da87caa52626d326027b983cbd2ecb9b38ac1b19", "6b7df73d9357fa9c45a821bbcc952c561319347a5914d36a90b156610d876cc1"], "name": "kkq-vx_mtx35"}, {"hashes": ["00ed7b067da4cd36d1a16fe2080c49da137783da6f238476f6f44b4ea6e54c26", "01beadb0bb93aef9b607707c60daaa37d3d8216ab2fe3ba8a9708631d62530b8", "042053d63245bf5d490650290dfc1829f0c9db8bce84dc3937a9e5b938fc159d", "05b86eeff64bfe8195093a96644f36678fd10097a447f1ef40e19535d5cf8b1f", "08ba9c3d0ef3d2013b17c5d44307541904a89deefac079c91f8e1cb420765c9c", "0b3d264167717d6d77640e61ccec3769016d6eebb644f400ce7b2e3825c51860", "0d15707febee11db830ff11cb77281206406e1badded11774b67832e13d97659", "10e360fdf96f9e3cad105e1390b5505093f51fafde790b2cd4555ddd29752f2b", "14209ffd9ec31e18565cb9c075eb4f0a134449c5dbc72c36b4bdff3e5366da93", "18e46929b95266e2424e801f840c2106271f3204d49223f4eb6f919c36a9d2e2", "198cb4877d9f2de35fa7ea8d420e78f93080df3782cf0a2afe199dbc1f43f289", "1e29ca4150e7c9b737f01d3999f0200216687adfca45623bfc4335eb018a5495", "1e80e90cefc5a4f72848d621e04c1ef7047e6390d658706d8ab00e31be0e614f", "1f5509aa35700ee4a79285a4df39de8fc83f7b715a2bc4d612e23ed95b1e6c8a", "236ec1d43899bd962f2426db70f67d4a12af659d88febcc5c4154ef68554276a", "23f251b932767402189ca60b44b1c8d34aef8aa1d0590e2af7f93fecb047f585", "252573caa7e7a333679f6dfb97ae0afbad0db7125ddeb2c1c44a9d73b4a27e56", "265ccc248b75cc2dcbf19b078672dd08e9e1670373ff45b8d8027e3cd53b4790", "2677d9e396125edbcf22045f43b2e74a6994ad409c590c6a878d09e69ca94330", "27d1a2e1067de23f95866007a72a81fd1f1909984a844d2888f07f6ee59f68fb", "2dc6f193a7c24b82ab2b0f7c82e5d66246789c67aae27e4ad194595bf82847a4", "2e414e9fc209d6f19eb28c390c45ef113c018b895c4b69852e7105df27f5bf7f", "2f1d38626740802d837b03bde0148ee0de79705c9480482bddd3f24fc406fa2d", "2f357318c8ac8f9c4332eb9845f67a9f7710f21ee955588ff6a4e899f21343ac", "2f5afeff1dbae3219c061704da87caa52626d326027b983cbd2ecb9b38ac1b19", "6b7df73d9357fa9c45a821bbcc952c561319347a5914d36a90b156610d876cc1"], "name": "kkq-vx_mtx36"}, {"hashes": ["00ed7b067da4cd36d1a16fe2080c49da137783da6f238476f6f44b4ea6e54c26", "01beadb0bb93aef9b607707c60daaa37d3d8216ab2fe3ba8a9708631d62530b8", "042053d63245bf5d490650290dfc1829f0c9db8bce84dc3937a9e5b938fc159d", "05b86eeff64bfe8195093a96644f36678fd10097a447f1ef40e19535d5cf8b1f", "08ba9c3d0ef3d2013b17c5d44307541904a89deefac079c91f8e1cb420765c9c", "0b3d264167717d6d77640e61ccec3769016d6eebb644f400ce7b2e3825c51860", "0d15707febee11db830ff11cb77281206406e1badded11774b67832e13d97659", "10e360fdf96f9e3cad105e1390b5505093f51fafde790b2cd4555ddd29752f2b", "14209ffd9ec31e18565cb9c075eb4f0a134449c5dbc72c36b4bdff3e5366da93", "18e46929b95266e2424e801f840c2106271f3204d49223f4eb6f919c36a9d2e2", "198cb4877d9f2de35fa7ea8d420e78f93080df3782cf0a2afe199dbc1f43f289", "1e29ca4150e7c9b737f01d3999f0200216687adfca45623bfc4335eb018a5495", "1e80e90cefc5a4f72848d621e04c1ef7047e6390d658706d8ab00e31be0e614f", "1f5509aa35700ee4a79285a4df39de8fc83f7b715a2bc4d612e23ed95b1e6c8a", "236ec1d43899bd962f2426db70f67d4a12af659d88febcc5c4154ef68554276a", "23f251b932767402189ca60b44b1c8d34aef8aa1d0590e2af7f93fecb047f585", "252573caa7e7a333679f6dfb97ae0afbad0db7125ddeb2c1c44a9d73b4a27e56", "265ccc248b75cc2dcbf19b078672dd08e9e1670373ff45b8d8027e3cd53b4790", "2677d9e396125edbcf22045f43b2e74a6994ad409c590c6a878d09e69ca94330", "27d1a2e1067de23f95866007a72a81fd1f1909984a844d2888f07f6ee59f68fb", "2dc6f193a7c24b82ab2b0f7c82e5d66246789c67aae27e4ad194595bf82847a4", "2e414e9fc209d6f19eb28c390c45ef113c018b895c4b69852e7105df27f5bf7f", "2f1d38626740802d837b03bde0148ee0de79705c9480482bddd3f24fc406fa2d", "2f357318c8ac8f9c4332eb9845f67a9f7710f21ee955588ff6a4e899f21343ac", "2f5afeff1dbae3219c061704da87caa52626d326027b983cbd2ecb9b38ac1b19", "6b7df73d9357fa9c45a821bbcc952c561319347a5914d36a90b156610d876cc1"], "name": "kkq-vx_mtx37"}, {"hashes": ["00ed7b067da4cd36d1a16fe2080c49da137783da6f238476f6f44b4ea6e54c26", "01beadb0bb93aef9b607707c60daaa37d3d8216ab2fe3ba8a9708631d62530b8", "042053d63245bf5d490650290dfc1829f0c9db8bce84dc3937a9e5b938fc159d", "05b86eeff64bfe8195093a96644f36678fd10097a447f1ef40e19535d5cf8b1f", "08ba9c3d0ef3d2013b17c5d44307541904a89deefac079c91f8e1cb420765c9c", "0b3d264167717d6d77640e61ccec3769016d6eebb644f400ce7b2e3825c51860", "0d15707febee11db830ff11cb77281206406e1badded11774b67832e13d97659", "10e360fdf96f9e3cad105e1390b5505093f51fafde790b2cd4555ddd29752f2b", "14209ffd9ec31e18565cb9c075eb4f0a134449c5dbc72c36b4bdff3e5366da93", "18e46929b95266e2424e801f840c2106271f3204d49223f4eb6f919c36a9d2e2", "198cb4877d9f2de35fa7ea8d420e78f93080df3782cf0a2afe199dbc1f43f289", "1e29ca4150e7c9b737f01d3999f0200216687adfca45623bfc4335eb018a5495", "1e80e90cefc5a4f72848d621e04c1ef7047e6390d658706d8ab00e31be0e614f", "1f5509aa35700ee4a79285a4df39de8fc83f7b715a2bc4d612e23ed95b1e6c8a", "236ec1d43899bd962f2426db70f67d4a12af659d88febcc5c4154ef68554276a", "23f251b932767402189ca60b44b1c8d34aef8aa1d0590e2af7f93fecb047f585", "252573caa7e7a333679f6dfb97ae0afbad0db7125ddeb2c1c44a9d73b4a27e56", "265ccc248b75cc2dcbf19b078672dd08e9e1670373ff45b8d8027e3cd53b4790", "2677d9e396125edbcf22045f43b2e74a6994ad409c590c6a878d09e69ca94330", "27d1a2e1067de23f95866007a72a81fd1f1909984a844d2888f07f6ee59f68fb", "2dc6f193a7c24b82ab2b0f7c82e5d66246789c67aae27e4ad194595bf82847a4", "2e414e9fc209d6f19eb28c390c45ef113c018b895c4b69852e7105df27f5bf7f", "2f1d38626740802d837b03bde0148ee0de79705c9480482bddd3f24fc406fa2d", "2f357318c8ac8f9c4332eb9845f67a9f7710f21ee955588ff6a4e899f21343ac", "2f5afeff1dbae3219c061704da87caa52626d326027b983cbd2ecb9b38ac1b19", "6b7df73d9357fa9c45a821bbcc952c561319347a5914d36a90b156610d876cc1"], "name": "kkq-vx_mtx38"}, {"hashes": ["00ed7b067da4cd36d1a16fe2080c49da137783da6f238476f6f44b4ea6e54c26", "01beadb0bb93aef9b607707c60daaa37d3d8216ab2fe3ba8a9708631d62530b8", "042053d63245bf5d490650290dfc1829f0c9db8bce84dc3937a9e5b938fc159d", "05b86eeff64bfe8195093a96644f36678fd10097a447f1ef40e19535d5cf8b1f", "08ba9c3d0ef3d2013b17c5d44307541904a89deefac079c91f8e1cb420765c9c", "0b3d264167717d6d77640e61ccec3769016d6eebb644f400ce7b2e3825c51860", "0d15707febee11db830ff11cb77281206406e1badded11774b67832e13d97659", "10e360fdf96f9e3cad105e1390b5505093f51fafde790b2cd4555ddd29752f2b", "14209ffd9ec31e18565cb9c075eb4f0a134449c5dbc72c36b4bdff3e5366da93", "18e46929b95266e2424e801f840c2106271f3204d49223f4eb6f919c36a9d2e2", "198cb4877d9f2de35fa7ea8d420e78f93080df3782cf0a2afe199dbc1f43f289", "1e29ca4150e7c9b737f01d3999f0200216687adfca45623bfc4335eb018a5495", "1e80e90cefc5a4f72848d621e04c1ef7047e6390d658706d8ab00e31be0e614f", "1f5509aa35700ee4a79285a4df39de8fc83f7b715a2bc4d612e23ed95b1e6c8a", "236ec1d43899bd962f2426db70f67d4a12af659d88febcc5c4154ef68554276a", "23f251b932767402189ca60b44b1c8d34aef8aa1d0590e2af7f93fecb047f585", "252573caa7e7a333679f6dfb97ae0afbad0db7125ddeb2c1c44a9d73b4a27e56", "265ccc248b75cc2dcbf19b078672dd08e9e1670373ff45b8d8027e3cd53b4790", "2677d9e396125edbcf22045f43b2e74a6994ad409c590c6a878d09e69ca94330", "27d1a2e1067de23f95866007a72a81fd1f1909984a844d2888f07f6ee59f68fb", "2dc6f193a7c24b82ab2b0f7c82e5d66246789c67aae27e4ad194595bf82847a4", "2e414e9fc209d6f19eb28c390c45ef113c018b895c4b69852e7105df27f5bf7f", "2f1d38626740802d837b03bde0148ee0de79705c9480482bddd3f24fc406fa2d", "2f357318c8ac8f9c4332eb9845f67a9f7710f21ee955588ff6a4e899f21343ac", "2f5afeff1dbae3219c061704da87caa52626d326027b983cbd2ecb9b38ac1b19", "6b7df73d9357fa9c45a821bbcc952c561319347a5914d36a90b156610d876cc1"], "name": "kkq-vx_mtx39"}, {"hashes": ["00ed7b067da4cd36d1a16fe2080c49da137783da6f238476f6f44b4ea6e54c26", "01beadb0bb93aef9b607707c60daaa37d3d8216ab2fe3ba8a9708631d62530b8", "042053d63245bf5d490650290dfc1829f0c9db8bce84dc3937a9e5b938fc159d", "05b86eeff64bfe8195093a96644f36678fd10097a447f1ef40e19535d5cf8b1f", "08ba9c3d0ef3d2013b17c5d44307541904a89deefac079c91f8e1cb420765c9c", "0b3d264167717d6d77640e61ccec3769016d6eebb644f400ce7b2e3825c51860", "0d15707febee11db830ff11cb77281206406e1badded11774b67832e13d97659", "10e360fdf96f9e3cad105e1390b5505093f51fafde790b2cd4555ddd29752f2b", "14209ffd9ec31e18565cb9c075eb4f0a134449c5dbc72c36b4bdff3e5366da93", "18e46929b95266e2424e801f840c2106271f3204d49223f4eb6f919c36a9d2e2", "198cb4877d9f2de35fa7ea8d420e78f93080df3782cf0a2afe199dbc1f43f289", "1e29ca4150e7c9b737f01d3999f0200216687adfca45623bfc4335eb018a5495", "1e80e90cefc5a4f72848d621e04c1ef7047e6390d658706d8ab00e31be0e614f", "1f5509aa35700ee4a79285a4df39de8fc83f7b715a2bc4d612e23ed95b1e6c8a", "236ec1d43899bd962f2426db70f67d4a12af659d88febcc5c4154ef68554276a", "23f251b932767402189ca60b44b1c8d34aef8aa1d0590e2af7f93fecb047f585", "252573caa7e7a333679f6dfb97ae0afbad0db7125ddeb2c1c44a9d73b4a27e56", "265ccc248b75cc2dcbf19b078672dd08e9e1670373ff45b8d8027e3cd53b4790", "2677d9e396125edbcf22045f43b2e74a6994ad409c590c6a878d09e69ca94330", "27d1a2e1067de23f95866007a72a81fd1f1909984a844d2888f07f6ee59f68fb", "2dc6f193a7c24b82ab2b0f7c82e5d66246789c67aae27e4ad194595bf82847a4", "2e414e9fc209d6f19eb28c390c45ef113c018b895c4b69852e7105df27f5bf7f", "2f1d38626740802d837b03bde0148ee0de79705c9480482bddd3f24fc406fa2d", "2f357318c8ac8f9c4332eb9845f67a9f7710f21ee955588ff6a4e899f21343ac", "2f5afeff1dbae3219c061704da87caa52626d326027b983cbd2ecb9b38ac1b19"], "name": "gazavat-svc"}, {"hashes": ["00ed7b067da4cd36d1a16fe2080c49da137783da6f238476f6f44b4ea6e54c26", "01beadb0bb93aef9b607707c60daaa37d3d8216ab2fe3ba8a9708631d62530b8", "042053d63245bf5d490650290dfc1829f0c9db8bce84dc3937a9e5b938fc159d", "05b86eeff64bfe8195093a96644f36678fd10097a447f1ef40e19535d5cf8b1f", "08ba9c3d0ef3d2013b17c5d44307541904a89deefac079c91f8e1cb420765c9c", "0b3d264167717d6d77640e61ccec3769016d6eebb644f400ce7b2e3825c51860", "0d15707febee11db830ff11cb77281206406e1badded11774b67832e13d97659", "10e360fdf96f9e3cad105e1390b5505093f51fafde790b2cd4555ddd29752f2b", "14209ffd9ec31e18565cb9c075eb4f0a134449c5dbc72c36b4bdff3e5366da93", "18e46929b95266e2424e801f840c2106271f3204d49223f4eb6f919c36a9d2e2", "198cb4877d9f2de35fa7ea8d420e78f93080df3782cf0a2afe199dbc1f43f289", "1e29ca4150e7c9b737f01d3999f0200216687adfca45623bfc4335eb018a5495", "1e80e90cefc5a4f72848d621e04c1ef7047e6390d658706d8ab00e31be0e614f", "1f5509aa35700ee4a79285a4df39de8fc83f7b715a2bc4d612e23ed95b1e6c8a", "236ec1d43899bd962f2426db70f67d4a12af659d88febcc5c4154ef68554276a", "23f251b932767402189ca60b44b1c8d34aef8aa1d0590e2af7f93fecb047f585", "252573caa7e7a333679f6dfb97ae0afbad0db7125ddeb2c1c44a9d73b4a27e56", "265ccc248b75cc2dcbf19b078672dd08e9e1670373ff45b8d8027e3cd53b4790", "2677d9e396125edbcf22045f43b2e74a6994ad409c590c6a878d09e69ca94330", "27d1a2e1067de23f95866007a72a81fd1f1909984a844d2888f07f6ee59f68fb", "2dc6f193a7c24b82ab2b0f7c82e5d66246789c67aae27e4ad194595bf82847a4", "2e414e9fc209d6f19eb28c390c45ef113c018b895c4b69852e7105df27f5bf7f", "2f1d38626740802d837b03bde0148ee0de79705c9480482bddd3f24fc406fa2d", "2f357318c8ac8f9c4332eb9845f67a9f7710f21ee955588ff6a4e899f21343ac", "2f5afeff1dbae3219c061704da87caa52626d326027b983cbd2ecb9b38ac1b19"], "name": "Global\\OfficeSourceEngineMutex"}, {"hashes": ["00ed7b067da4cd36d1a16fe2080c49da137783da6f238476f6f44b4ea6e54c26", "01beadb0bb93aef9b607707c60daaa37d3d8216ab2fe3ba8a9708631d62530b8", "042053d63245bf5d490650290dfc1829f0c9db8bce84dc3937a9e5b938fc159d", "05b86eeff64bfe8195093a96644f36678fd10097a447f1ef40e19535d5cf8b1f", "08ba9c3d0ef3d2013b17c5d44307541904a89deefac079c91f8e1cb420765c9c", "0b3d264167717d6d77640e61ccec3769016d6eebb644f400ce7b2e3825c51860", "0d15707febee11db830ff11cb77281206406e1badded11774b67832e13d97659", "10e360fdf96f9e3cad105e1390b5505093f51fafde790b2cd4555ddd29752f2b", "14209ffd9ec31e18565cb9c075eb4f0a134449c5dbc72c36b4bdff3e5366da93", "18e46929b95266e2424e801f840c2106271f3204d49223f4eb6f919c36a9d2e2", "198cb4877d9f2de35fa7ea8d420e78f93080df3782cf0a2afe199dbc1f43f289", "1e29ca4150e7c9b737f01d3999f0200216687adfca45623bfc4335eb018a5495", "1e80e90cefc5a4f72848d621e04c1ef7047e6390d658706d8ab00e31be0e614f", "1f5509aa35700ee4a79285a4df39de8fc83f7b715a2bc4d612e23ed95b1e6c8a", "236ec1d43899bd962f2426db70f67d4a12af659d88febcc5c4154ef68554276a", "23f251b932767402189ca60b44b1c8d34aef8aa1d0590e2af7f93fecb047f585", "252573caa7e7a333679f6dfb97ae0afbad0db7125ddeb2c1c44a9d73b4a27e56", "265ccc248b75cc2dcbf19b078672dd08e9e1670373ff45b8d8027e3cd53b4790", "2677d9e396125edbcf22045f43b2e74a6994ad409c590c6a878d09e69ca94330", "27d1a2e1067de23f95866007a72a81fd1f1909984a844d2888f07f6ee59f68fb", "2dc6f193a7c24b82ab2b0f7c82e5d66246789c67aae27e4ad194595bf82847a4", "2e414e9fc209d6f19eb28c390c45ef113c018b895c4b69852e7105df27f5bf7f", "2f1d38626740802d837b03bde0148ee0de79705c9480482bddd3f24fc406fa2d", "2f357318c8ac8f9c4332eb9845f67a9f7710f21ee955588ff6a4e899f21343ac", "2f5afeff1dbae3219c061704da87caa52626d326027b983cbd2ecb9b38ac1b19"], "name": "gazavat-svc_31"}, {"hashes": ["00ed7b067da4cd36d1a16fe2080c49da137783da6f238476f6f44b4ea6e54c26", "01beadb0bb93aef9b607707c60daaa37d3d8216ab2fe3ba8a9708631d62530b8", "042053d63245bf5d490650290dfc1829f0c9db8bce84dc3937a9e5b938fc159d", "05b86eeff64bfe8195093a96644f36678fd10097a447f1ef40e19535d5cf8b1f", "08ba9c3d0ef3d2013b17c5d44307541904a89deefac079c91f8e1cb420765c9c", "0b3d264167717d6d77640e61ccec3769016d6eebb644f400ce7b2e3825c51860", "0d15707febee11db830ff11cb77281206406e1badded11774b67832e13d97659", "10e360fdf96f9e3cad105e1390b5505093f51fafde790b2cd4555ddd29752f2b", "14209ffd9ec31e18565cb9c075eb4f0a134449c5dbc72c36b4bdff3e5366da93", "18e46929b95266e2424e801f840c2106271f3204d49223f4eb6f919c36a9d2e2", "198cb4877d9f2de35fa7ea8d420e78f93080df3782cf0a2afe199dbc1f43f289", "1e29ca4150e7c9b737f01d3999f0200216687adfca45623bfc4335eb018a5495", "1e80e90cefc5a4f72848d621e04c1ef7047e6390d658706d8ab00e31be0e614f", "1f5509aa35700ee4a79285a4df39de8fc83f7b715a2bc4d612e23ed95b1e6c8a", "236ec1d43899bd962f2426db70f67d4a12af659d88febcc5c4154ef68554276a", "23f251b932767402189ca60b44b1c8d34aef8aa1d0590e2af7f93fecb047f585", "252573caa7e7a333679f6dfb97ae0afbad0db7125ddeb2c1c44a9d73b4a27e56", "265ccc248b75cc2dcbf19b078672dd08e9e1670373ff45b8d8027e3cd53b4790", "2677d9e396125edbcf22045f43b2e74a6994ad409c590c6a878d09e69ca94330", "27d1a2e1067de23f95866007a72a81fd1f1909984a844d2888f07f6ee59f68fb", "2dc6f193a7c24b82ab2b0f7c82e5d66246789c67aae27e4ad194595bf82847a4", "2e414e9fc209d6f19eb28c390c45ef113c018b895c4b69852e7105df27f5bf7f", "2f1d38626740802d837b03bde0148ee0de79705c9480482bddd3f24fc406fa2d", "2f357318c8ac8f9c4332eb9845f67a9f7710f21ee955588ff6a4e899f21343ac", "2f5afeff1dbae3219c061704da87caa52626d326027b983cbd2ecb9b38ac1b19"], "name": "kkq-vx_mtx1"}, {"hashes": ["00ed7b067da4cd36d1a16fe2080c49da137783da6f238476f6f44b4ea6e54c26", "01beadb0bb93aef9b607707c60daaa37d3d8216ab2fe3ba8a9708631d62530b8", "042053d63245bf5d490650290dfc1829f0c9db8bce84dc3937a9e5b938fc159d", "05b86eeff64bfe8195093a96644f36678fd10097a447f1ef40e19535d5cf8b1f", "08ba9c3d0ef3d2013b17c5d44307541904a89deefac079c91f8e1cb420765c9c", "0b3d264167717d6d77640e61ccec3769016d6eebb644f400ce7b2e3825c51860", "0d15707febee11db830ff11cb77281206406e1badded11774b67832e13d97659", "10e360fdf96f9e3cad105e1390b5505093f51fafde790b2cd4555ddd29752f2b", "14209ffd9ec31e18565cb9c075eb4f0a134449c5dbc72c36b4bdff3e5366da93", "18e46929b95266e2424e801f840c2106271f3204d49223f4eb6f919c36a9d2e2", "198cb4877d9f2de35fa7ea8d420e78f93080df3782cf0a2afe199dbc1f43f289", "1e29ca4150e7c9b737f01d3999f0200216687adfca45623bfc4335eb018a5495", "1e80e90cefc5a4f72848d621e04c1ef7047e6390d658706d8ab00e31be0e614f", "1f5509aa35700ee4a79285a4df39de8fc83f7b715a2bc4d612e23ed95b1e6c8a", "236ec1d43899bd962f2426db70f67d4a12af659d88febcc5c4154ef68554276a", "23f251b932767402189ca60b44b1c8d34aef8aa1d0590e2af7f93fecb047f585", "252573caa7e7a333679f6dfb97ae0afbad0db7125ddeb2c1c44a9d73b4a27e56", "265ccc248b75cc2dcbf19b078672dd08e9e1670373ff45b8d8027e3cd53b4790", "2677d9e396125edbcf22045f43b2e74a6994ad409c590c6a878d09e69ca94330", "27d1a2e1067de23f95866007a72a81fd1f1909984a844d2888f07f6ee59f68fb", "2dc6f193a7c24b82ab2b0f7c82e5d66246789c67aae27e4ad194595bf82847a4", "2e414e9fc209d6f19eb28c390c45ef113c018b895c4b69852e7105df27f5bf7f", "2f1d38626740802d837b03bde0148ee0de79705c9480482bddd3f24fc406fa2d", "2f357318c8ac8f9c4332eb9845f67a9f7710f21ee955588ff6a4e899f21343ac", "2f5afeff1dbae3219c061704da87caa52626d326027b983cbd2ecb9b38ac1b19"], "name": "kkq-vx_mtx31"}], "registry": [{"hashes": ["00ed7b067da4cd36d1a16fe2080c49da137783da6f238476f6f44b4ea6e54c26", "01beadb0bb93aef9b607707c60daaa37d3d8216ab2fe3ba8a9708631d62530b8", "042053d63245bf5d490650290dfc1829f0c9db8bce84dc3937a9e5b938fc159d", "05b86eeff64bfe8195093a96644f36678fd10097a447f1ef40e19535d5cf8b1f", "08ba9c3d0ef3d2013b17c5d44307541904a89deefac079c91f8e1cb420765c9c", "0b3d264167717d6d77640e61ccec3769016d6eebb644f400ce7b2e3825c51860", "0d15707febee11db830ff11cb77281206406e1badded11774b67832e13d97659", "10e360fdf96f9e3cad105e1390b5505093f51fafde790b2cd4555ddd29752f2b", "14209ffd9ec31e18565cb9c075eb4f0a134449c5dbc72c36b4bdff3e5366da93", "18e46929b95266e2424e801f840c2106271f3204d49223f4eb6f919c36a9d2e2", "198cb4877d9f2de35fa7ea8d420e78f93080df3782cf0a2afe199dbc1f43f289", "1e29ca4150e7c9b737f01d3999f0200216687adfca45623bfc4335eb018a5495", "1e80e90cefc5a4f72848d621e04c1ef7047e6390d658706d8ab00e31be0e614f", "1f5509aa35700ee4a79285a4df39de8fc83f7b715a2bc4d612e23ed95b1e6c8a", "236ec1d43899bd962f2426db70f67d4a12af659d88febcc5c4154ef68554276a", "23f251b932767402189ca60b44b1c8d34aef8aa1d0590e2af7f93fecb047f585", "252573caa7e7a333679f6dfb97ae0afbad0db7125ddeb2c1c44a9d73b4a27e56", "265ccc248b75cc2dcbf19b078672dd08e9e1670373ff45b8d8027e3cd53b4790", "2677d9e396125edbcf22045f43b2e74a6994ad409c590c6a878d09e69ca94330", "27d1a2e1067de23f95866007a72a81fd1f1909984a844d2888f07f6ee59f68fb", "2dc6f193a7c24b82ab2b0f7c82e5d66246789c67aae27e4ad194595bf82847a4", "2e414e9fc209d6f19eb28c390c45ef113c018b895c4b69852e7105df27f5bf7f", "2f1d38626740802d837b03bde0148ee0de79705c9480482bddd3f24fc406fa2d", "2f357318c8ac8f9c4332eb9845f67a9f7710f21ee955588ff6a4e899f21343ac", "2f5afeff1dbae3219c061704da87caa52626d326027b983cbd2ecb9b38ac1b19", "6b7df73d9357fa9c45a821bbcc952c561319347a5914d36a90b156610d876cc1"], "key": "<HKLM>\\SOFTWARE\\CLASSES\\SOUNDREC\\PROTOCOL\\STDEXECUTE\\SERVER", "value_name": ""}, {"hashes": ["00ed7b067da4cd36d1a16fe2080c49da137783da6f238476f6f44b4ea6e54c26", "01beadb0bb93aef9b607707c60daaa37d3d8216ab2fe3ba8a9708631d62530b8", "042053d63245bf5d490650290dfc1829f0c9db8bce84dc3937a9e5b938fc159d", "05b86eeff64bfe8195093a96644f36678fd10097a447f1ef40e19535d5cf8b1f", "08ba9c3d0ef3d2013b17c5d44307541904a89deefac079c91f8e1cb420765c9c", "0b3d264167717d6d77640e61ccec3769016d6eebb644f400ce7b2e3825c51860", "0d15707febee11db830ff11cb77281206406e1badded11774b67832e13d97659", "10e360fdf96f9e3cad105e1390b5505093f51fafde790b2cd4555ddd29752f2b", "14209ffd9ec31e18565cb9c075eb4f0a134449c5dbc72c36b4bdff3e5366da93", "18e46929b95266e2424e801f840c2106271f3204d49223f4eb6f919c36a9d2e2", "198cb4877d9f2de35fa7ea8d420e78f93080df3782cf0a2afe199dbc1f43f289", "1e29ca4150e7c9b737f01d3999f0200216687adfca45623bfc4335eb018a5495", "1e80e90cefc5a4f72848d621e04c1ef7047e6390d658706d8ab00e31be0e614f", "1f5509aa35700ee4a79285a4df39de8fc83f7b715a2bc4d612e23ed95b1e6c8a", "236ec1d43899bd962f2426db70f67d4a12af659d88febcc5c4154ef68554276a", "23f251b932767402189ca60b44b1c8d34aef8aa1d0590e2af7f93fecb047f585", "252573caa7e7a333679f6dfb97ae0afbad0db7125ddeb2c1c44a9d73b4a27e56", "265ccc248b75cc2dcbf19b078672dd08e9e1670373ff45b8d8027e3cd53b4790", "2677d9e396125edbcf22045f43b2e74a6994ad409c590c6a878d09e69ca94330", "27d1a2e1067de23f95866007a72a81fd1f1909984a844d2888f07f6ee59f68fb", "2dc6f193a7c24b82ab2b0f7c82e5d66246789c67aae27e4ad194595bf82847a4", "2e414e9fc209d6f19eb28c390c45ef113c018b895c4b69852e7105df27f5bf7f", "2f1d38626740802d837b03bde0148ee0de79705c9480482bddd3f24fc406fa2d", "2f357318c8ac8f9c4332eb9845f67a9f7710f21ee955588ff6a4e899f21343ac", "2f5afeff1dbae3219c061704da87caa52626d326027b983cbd2ecb9b38ac1b19", "6b7df73d9357fa9c45a821bbcc952c561319347a5914d36a90b156610d876cc1"], "key": "<HKLM>\\SOFTWARE\\CLASSES\\SOUNDREC\\PROTOCOL\\STDFILEEDITING\\SERVER", "value_name": ""}, {"hashes": ["00ed7b067da4cd36d1a16fe2080c49da137783da6f238476f6f44b4ea6e54c26", "01beadb0bb93aef9b607707c60daaa37d3d8216ab2fe3ba8a9708631d62530b8", "042053d63245bf5d490650290dfc1829f0c9db8bce84dc3937a9e5b938fc159d", "05b86eeff64bfe8195093a96644f36678fd10097a447f1ef40e19535d5cf8b1f", "08ba9c3d0ef3d2013b17c5d44307541904a89deefac079c91f8e1cb420765c9c", "0b3d264167717d6d77640e61ccec3769016d6eebb644f400ce7b2e3825c51860", "0d15707febee11db830ff11cb77281206406e1badded11774b67832e13d97659", "10e360fdf96f9e3cad105e1390b5505093f51fafde790b2cd4555ddd29752f2b", "14209ffd9ec31e18565cb9c075eb4f0a134449c5dbc72c36b4bdff3e5366da93", "18e46929b95266e2424e801f840c2106271f3204d49223f4eb6f919c36a9d2e2", "198cb4877d9f2de35fa7ea8d420e78f93080df3782cf0a2afe199dbc1f43f289", "1e29ca4150e7c9b737f01d3999f0200216687adfca45623bfc4335eb018a5495", "1e80e90cefc5a4f72848d621e04c1ef7047e6390d658706d8ab00e31be0e614f", "1f5509aa35700ee4a79285a4df39de8fc83f7b715a2bc4d612e23ed95b1e6c8a", "236ec1d43899bd962f2426db70f67d4a12af659d88febcc5c4154ef68554276a", "23f251b932767402189ca60b44b1c8d34aef8aa1d0590e2af7f93fecb047f585", "252573caa7e7a333679f6dfb97ae0afbad0db7125ddeb2c1c44a9d73b4a27e56", "265ccc248b75cc2dcbf19b078672dd08e9e1670373ff45b8d8027e3cd53b4790", "2677d9e396125edbcf22045f43b2e74a6994ad409c590c6a878d09e69ca94330", "27d1a2e1067de23f95866007a72a81fd1f1909984a844d2888f07f6ee59f68fb", "2dc6f193a7c24b82ab2b0f7c82e5d66246789c67aae27e4ad194595bf82847a4", "2e414e9fc209d6f19eb28c390c45ef113c018b895c4b69852e7105df27f5bf7f", "2f1d38626740802d837b03bde0148ee0de79705c9480482bddd3f24fc406fa2d", "2f357318c8ac8f9c4332eb9845f67a9f7710f21ee955588ff6a4e899f21343ac", "2f5afeff1dbae3219c061704da87caa52626d326027b983cbd2ecb9b38ac1b19", "6b7df73d9357fa9c45a821bbcc952c561319347a5914d36a90b156610d876cc1"], "key": "<HKLM>\\SOFTWARE\\CLASSES\\SOUNDREC\\PROTOCOL", "value_name": null}, {"hashes": ["00ed7b067da4cd36d1a16fe2080c49da137783da6f238476f6f44b4ea6e54c26", "01beadb0bb93aef9b607707c60daaa37d3d8216ab2fe3ba8a9708631d62530b8", "042053d63245bf5d490650290dfc1829f0c9db8bce84dc3937a9e5b938fc159d", "05b86eeff64bfe8195093a96644f36678fd10097a447f1ef40e19535d5cf8b1f", "08ba9c3d0ef3d2013b17c5d44307541904a89deefac079c91f8e1cb420765c9c", "0b3d264167717d6d77640e61ccec3769016d6eebb644f400ce7b2e3825c51860", "0d15707febee11db830ff11cb77281206406e1badded11774b67832e13d97659", "10e360fdf96f9e3cad105e1390b5505093f51fafde790b2cd4555ddd29752f2b", "14209ffd9ec31e18565cb9c075eb4f0a134449c5dbc72c36b4bdff3e5366da93", "18e46929b95266e2424e801f840c2106271f3204d49223f4eb6f919c36a9d2e2", "198cb4877d9f2de35fa7ea8d420e78f93080df3782cf0a2afe199dbc1f43f289", "1e29ca4150e7c9b737f01d3999f0200216687adfca45623bfc4335eb018a5495", "1e80e90cefc5a4f72848d621e04c1ef7047e6390d658706d8ab00e31be0e614f", "1f5509aa35700ee4a79285a4df39de8fc83f7b715a2bc4d612e23ed95b1e6c8a", "236ec1d43899bd962f2426db70f67d4a12af659d88febcc5c4154ef68554276a", "23f251b932767402189ca60b44b1c8d34aef8aa1d0590e2af7f93fecb047f585", "252573caa7e7a333679f6dfb97ae0afbad0db7125ddeb2c1c44a9d73b4a27e56", "265ccc248b75cc2dcbf19b078672dd08e9e1670373ff45b8d8027e3cd53b4790", "2677d9e396125edbcf22045f43b2e74a6994ad409c590c6a878d09e69ca94330", "27d1a2e1067de23f95866007a72a81fd1f1909984a844d2888f07f6ee59f68fb", "2dc6f193a7c24b82ab2b0f7c82e5d66246789c67aae27e4ad194595bf82847a4", "2e414e9fc209d6f19eb28c390c45ef113c018b895c4b69852e7105df27f5bf7f", "2f1d38626740802d837b03bde0148ee0de79705c9480482bddd3f24fc406fa2d", "2f357318c8ac8f9c4332eb9845f67a9f7710f21ee955588ff6a4e899f21343ac", "2f5afeff1dbae3219c061704da87caa52626d326027b983cbd2ecb9b38ac1b19", "6b7df73d9357fa9c45a821bbcc952c561319347a5914d36a90b156610d876cc1"], "key": "<HKLM>\\SOFTWARE\\CLASSES\\SOUNDREC\\PROTOCOL\\STDEXECUTE", "value_name": null}, {"hashes": ["00ed7b067da4cd36d1a16fe2080c49da137783da6f238476f6f44b4ea6e54c26", "01beadb0bb93aef9b607707c60daaa37d3d8216ab2fe3ba8a9708631d62530b8", "042053d63245bf5d490650290dfc1829f0c9db8bce84dc3937a9e5b938fc159d", "05b86eeff64bfe8195093a96644f36678fd10097a447f1ef40e19535d5cf8b1f", "08ba9c3d0ef3d2013b17c5d44307541904a89deefac079c91f8e1cb420765c9c", "0b3d264167717d6d77640e61ccec3769016d6eebb644f400ce7b2e3825c51860", "0d15707febee11db830ff11cb77281206406e1badded11774b67832e13d97659", "10e360fdf96f9e3cad105e1390b5505093f51fafde790b2cd4555ddd29752f2b", "14209ffd9ec31e18565cb9c075eb4f0a134449c5dbc72c36b4bdff3e5366da93", "18e46929b95266e2424e801f840c2106271f3204d49223f4eb6f919c36a9d2e2", "198cb4877d9f2de35fa7ea8d420e78f93080df3782cf0a2afe199dbc1f43f289", "1e29ca4150e7c9b737f01d3999f0200216687adfca45623bfc4335eb018a5495", "1e80e90cefc5a4f72848d621e04c1ef7047e6390d658706d8ab00e31be0e614f", "1f5509aa35700ee4a79285a4df39de8fc83f7b715a2bc4d612e23ed95b1e6c8a", "236ec1d43899bd962f2426db70f67d4a12af659d88febcc5c4154ef68554276a", "23f251b932767402189ca60b44b1c8d34aef8aa1d0590e2af7f93fecb047f585", "252573caa7e7a333679f6dfb97ae0afbad0db7125ddeb2c1c44a9d73b4a27e56", "265ccc248b75cc2dcbf19b078672dd08e9e1670373ff45b8d8027e3cd53b4790", "2677d9e396125edbcf22045f43b2e74a6994ad409c590c6a878d09e69ca94330", "27d1a2e1067de23f95866007a72a81fd1f1909984a844d2888f07f6ee59f68fb", "2dc6f193a7c24b82ab2b0f7c82e5d66246789c67aae27e4ad194595bf82847a4", "2e414e9fc209d6f19eb28c390c45ef113c018b895c4b69852e7105df27f5bf7f", "2f1d38626740802d837b03bde0148ee0de79705c9480482bddd3f24fc406fa2d", "2f357318c8ac8f9c4332eb9845f67a9f7710f21ee955588ff6a4e899f21343ac", "2f5afeff1dbae3219c061704da87caa52626d326027b983cbd2ecb9b38ac1b19", "6b7df73d9357fa9c45a821bbcc952c561319347a5914d36a90b156610d876cc1"], "key": "<HKLM>\\SOFTWARE\\CLASSES\\SOUNDREC\\PROTOCOL\\STDEXECUTE\\SERVER", "value_name": null}, {"hashes": ["00ed7b067da4cd36d1a16fe2080c49da137783da6f238476f6f44b4ea6e54c26", "01beadb0bb93aef9b607707c60daaa37d3d8216ab2fe3ba8a9708631d62530b8", "042053d63245bf5d490650290dfc1829f0c9db8bce84dc3937a9e5b938fc159d", "05b86eeff64bfe8195093a96644f36678fd10097a447f1ef40e19535d5cf8b1f", "08ba9c3d0ef3d2013b17c5d44307541904a89deefac079c91f8e1cb420765c9c", "0b3d264167717d6d77640e61ccec3769016d6eebb644f400ce7b2e3825c51860", "0d15707febee11db830ff11cb77281206406e1badded11774b67832e13d97659", "10e360fdf96f9e3cad105e1390b5505093f51fafde790b2cd4555ddd29752f2b", "14209ffd9ec31e18565cb9c075eb4f0a134449c5dbc72c36b4bdff3e5366da93", "18e46929b95266e2424e801f840c2106271f3204d49223f4eb6f919c36a9d2e2", "198cb4877d9f2de35fa7ea8d420e78f93080df3782cf0a2afe199dbc1f43f289", "1e29ca4150e7c9b737f01d3999f0200216687adfca45623bfc4335eb018a5495", "1e80e90cefc5a4f72848d621e04c1ef7047e6390d658706d8ab00e31be0e614f", "1f5509aa35700ee4a79285a4df39de8fc83f7b715a2bc4d612e23ed95b1e6c8a", "236ec1d43899bd962f2426db70f67d4a12af659d88febcc5c4154ef68554276a", "23f251b932767402189ca60b44b1c8d34aef8aa1d0590e2af7f93fecb047f585", "252573caa7e7a333679f6dfb97ae0afbad0db7125ddeb2c1c44a9d73b4a27e56", "265ccc248b75cc2dcbf19b078672dd08e9e1670373ff45b8d8027e3cd53b4790", "2677d9e396125edbcf22045f43b2e74a6994ad409c590c6a878d09e69ca94330", "27d1a2e1067de23f95866007a72a81fd1f1909984a844d2888f07f6ee59f68fb", "2dc6f193a7c24b82ab2b0f7c82e5d66246789c67aae27e4ad194595bf82847a4", "2e414e9fc209d6f19eb28c390c45ef113c018b895c4b69852e7105df27f5bf7f", "2f1d38626740802d837b03bde0148ee0de79705c9480482bddd3f24fc406fa2d", "2f357318c8ac8f9c4332eb9845f67a9f7710f21ee955588ff6a4e899f21343ac", "2f5afeff1dbae3219c061704da87caa52626d326027b983cbd2ecb9b38ac1b19", "6b7df73d9357fa9c45a821bbcc952c561319347a5914d36a90b156610d876cc1"], "key": "<HKLM>\\SOFTWARE\\CLASSES\\SOUNDREC\\PROTOCOL\\STDFILEEDITING", "value_name": null}, {"hashes": ["00ed7b067da4cd36d1a16fe2080c49da137783da6f238476f6f44b4ea6e54c26", "01beadb0bb93aef9b607707c60daaa37d3d8216ab2fe3ba8a9708631d62530b8", "042053d63245bf5d490650290dfc1829f0c9db8bce84dc3937a9e5b938fc159d", "05b86eeff64bfe8195093a96644f36678fd10097a447f1ef40e19535d5cf8b1f", "08ba9c3d0ef3d2013b17c5d44307541904a89deefac079c91f8e1cb420765c9c", "0b3d264167717d6d77640e61ccec3769016d6eebb644f400ce7b2e3825c51860", "0d15707febee11db830ff11cb77281206406e1badded11774b67832e13d97659", "10e360fdf96f9e3cad105e1390b5505093f51fafde790b2cd4555ddd29752f2b", "14209ffd9ec31e18565cb9c075eb4f0a134449c5dbc72c36b4bdff3e5366da93", "18e46929b95266e2424e801f840c2106271f3204d49223f4eb6f919c36a9d2e2", "198cb4877d9f2de35fa7ea8d420e78f93080df3782cf0a2afe199dbc1f43f289", "1e29ca4150e7c9b737f01d3999f0200216687adfca45623bfc4335eb018a5495", "1e80e90cefc5a4f72848d621e04c1ef7047e6390d658706d8ab00e31be0e614f", "1f5509aa35700ee4a79285a4df39de8fc83f7b715a2bc4d612e23ed95b1e6c8a", "236ec1d43899bd962f2426db70f67d4a12af659d88febcc5c4154ef68554276a", "23f251b932767402189ca60b44b1c8d34aef8aa1d0590e2af7f93fecb047f585", "252573caa7e7a333679f6dfb97ae0afbad0db7125ddeb2c1c44a9d73b4a27e56", "265ccc248b75cc2dcbf19b078672dd08e9e1670373ff45b8d8027e3cd53b4790", "2677d9e396125edbcf22045f43b2e74a6994ad409c590c6a878d09e69ca94330", "27d1a2e1067de23f95866007a72a81fd1f1909984a844d2888f07f6ee59f68fb", "2dc6f193a7c24b82ab2b0f7c82e5d66246789c67aae27e4ad194595bf82847a4", "2e414e9fc209d6f19eb28c390c45ef113c018b895c4b69852e7105df27f5bf7f", "2f1d38626740802d837b03bde0148ee0de79705c9480482bddd3f24fc406fa2d", "2f357318c8ac8f9c4332eb9845f67a9f7710f21ee955588ff6a4e899f21343ac", "2f5afeff1dbae3219c061704da87caa52626d326027b983cbd2ecb9b38ac1b19", "6b7df73d9357fa9c45a821bbcc952c561319347a5914d36a90b156610d876cc1"], "key": "<HKLM>\\SOFTWARE\\CLASSES\\SOUNDREC\\PROTOCOL\\STDFILEEDITING\\SERVER", "value_name": null}]}, "reports_count": 26}, "exprev": [{"count": 6424, "description": "Process hollowing is a technique used by some programs to avoid static analysis. In typical usage, a process is started and its obfuscated or encrypted contents are unpacked into memory. The parent then manually sets up the first stages of launching a child process, but before launching it, the memory is cleared and filled in with the memory from the parent instead.", "name": "Process hollowing detected"}, {"count": 4990, "description": "Crystalbit-Apple DLL double hijack was detected. During this attack, the adversary abuses two legitimate vendor applications, such as CrystalBit and Apple, as part of a dll double hijack attack chain that starts with a fraudulent software bundle and eventually leads to a persistent miner and in some cases spyware deployment.", "name": "Crystalbit-Apple DLL double hijack detected"}, {"count": 1776, "description": "A process associated with Microsoft Office, such as EXCEL.exe or WINWORD.exe, has started a Windows utility such as powershell.exe or cmd.exe. This is typical behavior of malicious documents executing additional scripts. This behavior is extremely suspicious and is associated with many malware different malware campaigns and families.", "name": "A Microsoft Office process has started a windows utility."}, {"count": 1169, "description": "A PowerShell command with a very long command line argument that may indicate an obfuscated script has been detected. PowerShell is an extensible Windows scripting language present on all versions of Windows. Malware authors use PowerShell in an attempt to evade security software or other monitoring that is not tuned to detect PowerShell based threats.", "name": "Excessively long PowerShell command detected"}, {"count": 726, "description": "A process was injected into, most likely by an existing Kovter infection. Kovter is a click fraud Trojan that can also act as an information stealer. Kovter is also file-less malware meaning the malicious DLL is stored inside Windows registry and injected directly into memory using PowerShell. It can detect and report the usage of monitoring software such as wireshark and sandboxes to its C2. It spreads through malicious advertising and spam campaigns.", "name": "Kovter injection detected"}, {"count": 709, "description": "An attempt to bypass application whitelisting via the \"Squiblydoo\" technique has been detected. This typically involves using regsvr32.exe to execute script content hosted on an attacker controlled server.", "name": "Squiblydoo application whitelist bypass attempt detected."}, {"count": 113, "description": "Gamarue is a family of malware that can download files and steal information from an infected system. Worm variants of the Gamarue family may spread by infecting USB drives or portable hard disks that have been plugged into a compromised system.", "name": "Gamarue malware detected"}, {"count": 109, "description": "DealPly is adware, which claims to improve your online shopping experience. It is often bundled into other legitimate installers and is difficult to uninstall. It creates pop-up advertisements and injects advertisements on webpages. Adware has also been known to download and install malware.", "name": "Dealply adware detected"}, {"count": 82, "description": "An attempt to exploit CVE-2019-0708 has been detected. The vulnerability, dubbed BlueKeep, is a heap memory corruption which can be triggered by sending a specially crafted Remote Desktop Protocol (RDP) request. Since this vulnerability can be triggered without authentication and allows remote code execution, it can be used by worms to spread automatically without human interaction.", "name": "CVE-2019-0708 detected"}, {"count": 52, "description": "Maze ransomware has been detected injecting into rundll32.exe or regsvr32.exe. Maze can encrypt files on the victim and demand a ransom. It can also exfiltrate data back to the attacker prior to encryption.", "name": "Maze ransomware detected"}, {"count": 51, "description": "Trickbot is a banking Trojan which appeared in late 2016. Due to the similarities between Trickbot and Dyre, it is suspected some of the individuals responsible for Dyre are now responsible for Trickbot. Trickbot has been rapidly evolving over the months since it has appeared. However, Trickbot is still missing some of the capabilities Dyre possessed. Its current modules include DLL injection, system information gathering, and email searching.", "name": "Trickbot malware detected"}, {"count": 31, "description": "Houdini/HWORM detected. This worm uses an obfuscated VBScript to drop additional malware such as njRAT.", "name": "Houdini/HWORM detected"}, {"count": 26, "description": "IcedID is a banking Trojan. It uses both web browser injection and browser redirection to steal banking and/or other financial credentials and data. The features and sophistication of IcedID demonstrate the malware author's knowledge and technical skill for this kind of fraud, and suggest the authors have previous experience creating banking Trojans. IcedID has been observed being installed by Emotet or Ursnif. Systems infected with IcedID should also be scanned for additional malware infections.", "name": "IcedID malware detected"}, {"count": 23, "description": "A site commonly used by fileless malware to download additional data has been detected. Several different families of malware have been observed using these sites to download additional stages to inject into other processes.", "name": "Possible fileless malware download"}, {"count": 17, "description": "An exploit payload intended to connect back to an attacker controlled host using http has been detected.", "name": "Reverse http payload detected"}, {"count": 15, "description": "A malware dropper has been detected. A dropper will download or unpack addtional malware during it's execution. A variety of techniques can be employed for the payload to gain persistence and escalate privelege if neccessary.", "name": "Malware dropper detected"}, {"count": 13, "description": "Smoke Loader has been detected. Smokeloader is used mainly to execute other malicious software, like ransomware or cryptocurrency miners. Its initial infection vector is usually an email with a malicious Microsoft Word document or delivered through an exploit kit. Smokeloader uses various plugins designed to steal data from its victims, particularly credentials stored on the system or transfered over HTTP, HTTPS, FTP, SMTP, POP3 or IMAP.", "name": "Smoke Loader detected"}, {"count": 12, "description": "Bluestacks adware displays unwanted advertising in the form of popups or by injecting into browsers and altering advertisements on webpages. Adware has also been known to download and install malware.", "name": "Bluestacks adware detected"}, {"count": 11, "description": "Install core is an installer which bundles legitimate applications with offers for additional third-party applications that may be unwanted. The unwanted applications are often adware that display advertising in the form of popups or by injecting into browsers and adding or altering advertisements on webpages. Adware is known to sometimes download and install malware.", "name": "Installcore adware detected"}, {"count": 8, "description": "An exploit payload intended to connect back to an attacker controlled host using tcp has been detected.", "name": "Reverse tcp payload detected"}], "info": {"origin": "Cisco Talos Intelligence Group", "publication_date": "2021-02-19T17:24:25+00:00", "version": "2.1", "warning": "As a reminder, the information provided for the following threatsin this post is non-exhaustive and current as of the date ofpublication. Additionally, please keep in mind that IOC searchingis only one part of threat hunting. Spotting a single IOC does notnecessarily indicate maliciousness. Detection and coverage for thefollowing threats is subject to updates, pending additional threator vulnerability analysis. For the most current information, pleaserefer to your Firepower Management Center, Snort.org, or ClamAV.net."}, "signatures": ["Win.Malware.TrickBot-9831264-1", "Win.Malware.Gamarue-9831273-0", "Win.Packed.Dridex-9831573-1", "Win.Packed.RedLine-9831330-0", "Win.Virus.Xpiro-9831331-1", "Win.Packed.Zbot-9831585-0", "Win.Trojan.Coinminer-9831347-0", "Win.Malware.Zusy-9831590-0", "Win.Trojan.Gh0stRAT-9831483-1"]}