{"Win.Malware.Nymaim-9833164-0": {"bis": [{"bi": "pe-encrypted-section", "hashes": ["0d407e709625354e5061de9ae8d8f7d3a6de00335d2d2958e8810c7ebc298231", "e34b945244705711e8db253bc49969b00426dd61408bd0d48c6527e23249b7c8", "e0b2a87a77ad32ded7b8ca5f2ae3c7195bded9e525f4feb91f8e0c1b5bfa5522", "96755cfa43314ea56aca17a7d626f2275244e508d79465a3955484dd14f23634", "6a952db179e898736f289a945027169d7f37aefe6301ed68820fc502e4b2acbc", "faec5be0de3f61425f674be3fb0a1f46e6a03ade19bffd26959912b6407d9aae", "027eb50a323c9a64411fa32ed72eb0a9cbefb7f0a7a7c91072c5167768543bee", "9865853b7b72f281ce7d42970db23926395cfe246eaff9839fcde8c542497ecf", "f515ddedac2d22db20265173cf39be8f486ce7fc2982c85b1b2e8d0bdf31823e", "5be2fc4c8d59abddd487be30063798bd4c5f13a9a5053b79faf585c60625be80", "69a26a27120e7a19d7a2de970cf2f03708748808e31fcc58165efe42f0cb6cb1", "e1bd68b699bd216423adebd9df3f586cceca8f90407a633f68a21f05068ffb7c", "82b42e4fe14922995be5e3c428c6472d2ce8195cb299f80804f86da0cca32e4f", "ae181cf422359fd0f829ea1e7421557a47fbe7c2ce2b0e1c2cc5b7313914470b", "17cf7375748d5b3279643a920833f0802362698e3a3f86ecdd4c647f6becd962", "5bec3cc7247f29d33baf13e50235787440c23f7a85a8ea39742a304b6f6e42e2", "29486237a4a0ae9fbaa7818ab21976338fd8e60b8cccdf5a6ed5e2a9361a2a2c", "70c77ba9ffd9be299a806dd76e48ee2b07282c2d289b22e3d93c36228d50a85a", "917d92b3abe443d5a30d8580c8a3f05ead1310dab993507c93f5b6f562283b5e", "e73bfb970fbfbe2ee525a381fe297353db86e28a646eb49ed5eda67e422495a6", "4aa98e131fe70965a8d8ab4ad09d496b69df33ce002c118836b05b568f34de62", "eb61100dd1555b46a0ffa05035231ff61c85292c327659f9a2c86db715c10d2a", "e236c9c2873df64284a4eae81c94a4f7de632c31236352f1e2fae4ca4a3d3fd7"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "memory-execute-readwrite", "hashes": ["0d407e709625354e5061de9ae8d8f7d3a6de00335d2d2958e8810c7ebc298231", "e34b945244705711e8db253bc49969b00426dd61408bd0d48c6527e23249b7c8", "e0b2a87a77ad32ded7b8ca5f2ae3c7195bded9e525f4feb91f8e0c1b5bfa5522", "96755cfa43314ea56aca17a7d626f2275244e508d79465a3955484dd14f23634", "6a952db179e898736f289a945027169d7f37aefe6301ed68820fc502e4b2acbc", "faec5be0de3f61425f674be3fb0a1f46e6a03ade19bffd26959912b6407d9aae", "027eb50a323c9a64411fa32ed72eb0a9cbefb7f0a7a7c91072c5167768543bee", "9865853b7b72f281ce7d42970db23926395cfe246eaff9839fcde8c542497ecf", "f515ddedac2d22db20265173cf39be8f486ce7fc2982c85b1b2e8d0bdf31823e", "5be2fc4c8d59abddd487be30063798bd4c5f13a9a5053b79faf585c60625be80", "69a26a27120e7a19d7a2de970cf2f03708748808e31fcc58165efe42f0cb6cb1", "e1bd68b699bd216423adebd9df3f586cceca8f90407a633f68a21f05068ffb7c", "82b42e4fe14922995be5e3c428c6472d2ce8195cb299f80804f86da0cca32e4f", "ae181cf422359fd0f829ea1e7421557a47fbe7c2ce2b0e1c2cc5b7313914470b", "17cf7375748d5b3279643a920833f0802362698e3a3f86ecdd4c647f6becd962", "5bec3cc7247f29d33baf13e50235787440c23f7a85a8ea39742a304b6f6e42e2", "29486237a4a0ae9fbaa7818ab21976338fd8e60b8cccdf5a6ed5e2a9361a2a2c", "70c77ba9ffd9be299a806dd76e48ee2b07282c2d289b22e3d93c36228d50a85a", "917d92b3abe443d5a30d8580c8a3f05ead1310dab993507c93f5b6f562283b5e", "e73bfb970fbfbe2ee525a381fe297353db86e28a646eb49ed5eda67e422495a6", "4aa98e131fe70965a8d8ab4ad09d496b69df33ce002c118836b05b568f34de62", "eb61100dd1555b46a0ffa05035231ff61c85292c327659f9a2c86db715c10d2a", "e236c9c2873df64284a4eae81c94a4f7de632c31236352f1e2fae4ca4a3d3fd7"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["0d407e709625354e5061de9ae8d8f7d3a6de00335d2d2958e8810c7ebc298231", "e34b945244705711e8db253bc49969b00426dd61408bd0d48c6527e23249b7c8", "e0b2a87a77ad32ded7b8ca5f2ae3c7195bded9e525f4feb91f8e0c1b5bfa5522", "96755cfa43314ea56aca17a7d626f2275244e508d79465a3955484dd14f23634", "6a952db179e898736f289a945027169d7f37aefe6301ed68820fc502e4b2acbc", "faec5be0de3f61425f674be3fb0a1f46e6a03ade19bffd26959912b6407d9aae", "027eb50a323c9a64411fa32ed72eb0a9cbefb7f0a7a7c91072c5167768543bee", "9865853b7b72f281ce7d42970db23926395cfe246eaff9839fcde8c542497ecf", "f515ddedac2d22db20265173cf39be8f486ce7fc2982c85b1b2e8d0bdf31823e", "5be2fc4c8d59abddd487be30063798bd4c5f13a9a5053b79faf585c60625be80", "69a26a27120e7a19d7a2de970cf2f03708748808e31fcc58165efe42f0cb6cb1", "e1bd68b699bd216423adebd9df3f586cceca8f90407a633f68a21f05068ffb7c", "82b42e4fe14922995be5e3c428c6472d2ce8195cb299f80804f86da0cca32e4f", "ae181cf422359fd0f829ea1e7421557a47fbe7c2ce2b0e1c2cc5b7313914470b", "17cf7375748d5b3279643a920833f0802362698e3a3f86ecdd4c647f6becd962", "5bec3cc7247f29d33baf13e50235787440c23f7a85a8ea39742a304b6f6e42e2", "29486237a4a0ae9fbaa7818ab21976338fd8e60b8cccdf5a6ed5e2a9361a2a2c", "70c77ba9ffd9be299a806dd76e48ee2b07282c2d289b22e3d93c36228d50a85a", "917d92b3abe443d5a30d8580c8a3f05ead1310dab993507c93f5b6f562283b5e", "e73bfb970fbfbe2ee525a381fe297353db86e28a646eb49ed5eda67e422495a6", "4aa98e131fe70965a8d8ab4ad09d496b69df33ce002c118836b05b568f34de62", "eb61100dd1555b46a0ffa05035231ff61c85292c327659f9a2c86db715c10d2a", "e236c9c2873df64284a4eae81c94a4f7de632c31236352f1e2fae4ca4a3d3fd7"], "mitre_attack_tags": []}, {"bi": "modified-file-in-user-dir", "hashes": ["0d407e709625354e5061de9ae8d8f7d3a6de00335d2d2958e8810c7ebc298231", "e34b945244705711e8db253bc49969b00426dd61408bd0d48c6527e23249b7c8", "e0b2a87a77ad32ded7b8ca5f2ae3c7195bded9e525f4feb91f8e0c1b5bfa5522", "96755cfa43314ea56aca17a7d626f2275244e508d79465a3955484dd14f23634", "6a952db179e898736f289a945027169d7f37aefe6301ed68820fc502e4b2acbc", "faec5be0de3f61425f674be3fb0a1f46e6a03ade19bffd26959912b6407d9aae", "027eb50a323c9a64411fa32ed72eb0a9cbefb7f0a7a7c91072c5167768543bee", "9865853b7b72f281ce7d42970db23926395cfe246eaff9839fcde8c542497ecf", "f515ddedac2d22db20265173cf39be8f486ce7fc2982c85b1b2e8d0bdf31823e", "5be2fc4c8d59abddd487be30063798bd4c5f13a9a5053b79faf585c60625be80", "69a26a27120e7a19d7a2de970cf2f03708748808e31fcc58165efe42f0cb6cb1", "e1bd68b699bd216423adebd9df3f586cceca8f90407a633f68a21f05068ffb7c", "82b42e4fe14922995be5e3c428c6472d2ce8195cb299f80804f86da0cca32e4f", "ae181cf422359fd0f829ea1e7421557a47fbe7c2ce2b0e1c2cc5b7313914470b", "17cf7375748d5b3279643a920833f0802362698e3a3f86ecdd4c647f6becd962", "5bec3cc7247f29d33baf13e50235787440c23f7a85a8ea39742a304b6f6e42e2", "29486237a4a0ae9fbaa7818ab21976338fd8e60b8cccdf5a6ed5e2a9361a2a2c", "70c77ba9ffd9be299a806dd76e48ee2b07282c2d289b22e3d93c36228d50a85a", "917d92b3abe443d5a30d8580c8a3f05ead1310dab993507c93f5b6f562283b5e", "e73bfb970fbfbe2ee525a381fe297353db86e28a646eb49ed5eda67e422495a6", "4aa98e131fe70965a8d8ab4ad09d496b69df33ce002c118836b05b568f34de62", "eb61100dd1555b46a0ffa05035231ff61c85292c327659f9a2c86db715c10d2a", "e236c9c2873df64284a4eae81c94a4f7de632c31236352f1e2fae4ca4a3d3fd7"], "mitre_attack_tags": []}, {"bi": "pe-section-execute-writable", "hashes": ["0d407e709625354e5061de9ae8d8f7d3a6de00335d2d2958e8810c7ebc298231", "e34b945244705711e8db253bc49969b00426dd61408bd0d48c6527e23249b7c8", "e0b2a87a77ad32ded7b8ca5f2ae3c7195bded9e525f4feb91f8e0c1b5bfa5522", "96755cfa43314ea56aca17a7d626f2275244e508d79465a3955484dd14f23634", "6a952db179e898736f289a945027169d7f37aefe6301ed68820fc502e4b2acbc", "faec5be0de3f61425f674be3fb0a1f46e6a03ade19bffd26959912b6407d9aae", "027eb50a323c9a64411fa32ed72eb0a9cbefb7f0a7a7c91072c5167768543bee", "9865853b7b72f281ce7d42970db23926395cfe246eaff9839fcde8c542497ecf", "f515ddedac2d22db20265173cf39be8f486ce7fc2982c85b1b2e8d0bdf31823e", "5be2fc4c8d59abddd487be30063798bd4c5f13a9a5053b79faf585c60625be80", "69a26a27120e7a19d7a2de970cf2f03708748808e31fcc58165efe42f0cb6cb1", "e1bd68b699bd216423adebd9df3f586cceca8f90407a633f68a21f05068ffb7c", "82b42e4fe14922995be5e3c428c6472d2ce8195cb299f80804f86da0cca32e4f", "ae181cf422359fd0f829ea1e7421557a47fbe7c2ce2b0e1c2cc5b7313914470b", "17cf7375748d5b3279643a920833f0802362698e3a3f86ecdd4c647f6becd962", "5bec3cc7247f29d33baf13e50235787440c23f7a85a8ea39742a304b6f6e42e2", "29486237a4a0ae9fbaa7818ab21976338fd8e60b8cccdf5a6ed5e2a9361a2a2c", "70c77ba9ffd9be299a806dd76e48ee2b07282c2d289b22e3d93c36228d50a85a", "917d92b3abe443d5a30d8580c8a3f05ead1310dab993507c93f5b6f562283b5e", "e73bfb970fbfbe2ee525a381fe297353db86e28a646eb49ed5eda67e422495a6", "4aa98e131fe70965a8d8ab4ad09d496b69df33ce002c118836b05b568f34de62", "eb61100dd1555b46a0ffa05035231ff61c85292c327659f9a2c86db715c10d2a", "e236c9c2873df64284a4eae81c94a4f7de632c31236352f1e2fae4ca4a3d3fd7"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "network-fast-flux-nameserver", "hashes": ["0d407e709625354e5061de9ae8d8f7d3a6de00335d2d2958e8810c7ebc298231", "e34b945244705711e8db253bc49969b00426dd61408bd0d48c6527e23249b7c8", "e0b2a87a77ad32ded7b8ca5f2ae3c7195bded9e525f4feb91f8e0c1b5bfa5522", "96755cfa43314ea56aca17a7d626f2275244e508d79465a3955484dd14f23634", "6a952db179e898736f289a945027169d7f37aefe6301ed68820fc502e4b2acbc", "faec5be0de3f61425f674be3fb0a1f46e6a03ade19bffd26959912b6407d9aae", "027eb50a323c9a64411fa32ed72eb0a9cbefb7f0a7a7c91072c5167768543bee", "9865853b7b72f281ce7d42970db23926395cfe246eaff9839fcde8c542497ecf", "f515ddedac2d22db20265173cf39be8f486ce7fc2982c85b1b2e8d0bdf31823e", "5be2fc4c8d59abddd487be30063798bd4c5f13a9a5053b79faf585c60625be80", "69a26a27120e7a19d7a2de970cf2f03708748808e31fcc58165efe42f0cb6cb1", "e1bd68b699bd216423adebd9df3f586cceca8f90407a633f68a21f05068ffb7c", "82b42e4fe14922995be5e3c428c6472d2ce8195cb299f80804f86da0cca32e4f", "ae181cf422359fd0f829ea1e7421557a47fbe7c2ce2b0e1c2cc5b7313914470b", "17cf7375748d5b3279643a920833f0802362698e3a3f86ecdd4c647f6becd962", "5bec3cc7247f29d33baf13e50235787440c23f7a85a8ea39742a304b6f6e42e2", "29486237a4a0ae9fbaa7818ab21976338fd8e60b8cccdf5a6ed5e2a9361a2a2c", "70c77ba9ffd9be299a806dd76e48ee2b07282c2d289b22e3d93c36228d50a85a", "917d92b3abe443d5a30d8580c8a3f05ead1310dab993507c93f5b6f562283b5e", "e73bfb970fbfbe2ee525a381fe297353db86e28a646eb49ed5eda67e422495a6", "4aa98e131fe70965a8d8ab4ad09d496b69df33ce002c118836b05b568f34de62", "eb61100dd1555b46a0ffa05035231ff61c85292c327659f9a2c86db715c10d2a", "e236c9c2873df64284a4eae81c94a4f7de632c31236352f1e2fae4ca4a3d3fd7"], "mitre_attack_tags": []}, {"bi": "dns-query-nxdomain", "hashes": ["0d407e709625354e5061de9ae8d8f7d3a6de00335d2d2958e8810c7ebc298231", "e34b945244705711e8db253bc49969b00426dd61408bd0d48c6527e23249b7c8", "e0b2a87a77ad32ded7b8ca5f2ae3c7195bded9e525f4feb91f8e0c1b5bfa5522", "96755cfa43314ea56aca17a7d626f2275244e508d79465a3955484dd14f23634", "6a952db179e898736f289a945027169d7f37aefe6301ed68820fc502e4b2acbc", "faec5be0de3f61425f674be3fb0a1f46e6a03ade19bffd26959912b6407d9aae", "027eb50a323c9a64411fa32ed72eb0a9cbefb7f0a7a7c91072c5167768543bee", "9865853b7b72f281ce7d42970db23926395cfe246eaff9839fcde8c542497ecf", "f515ddedac2d22db20265173cf39be8f486ce7fc2982c85b1b2e8d0bdf31823e", "5be2fc4c8d59abddd487be30063798bd4c5f13a9a5053b79faf585c60625be80", "69a26a27120e7a19d7a2de970cf2f03708748808e31fcc58165efe42f0cb6cb1", "e1bd68b699bd216423adebd9df3f586cceca8f90407a633f68a21f05068ffb7c", "82b42e4fe14922995be5e3c428c6472d2ce8195cb299f80804f86da0cca32e4f", "ae181cf422359fd0f829ea1e7421557a47fbe7c2ce2b0e1c2cc5b7313914470b", "17cf7375748d5b3279643a920833f0802362698e3a3f86ecdd4c647f6becd962", "5bec3cc7247f29d33baf13e50235787440c23f7a85a8ea39742a304b6f6e42e2", "29486237a4a0ae9fbaa7818ab21976338fd8e60b8cccdf5a6ed5e2a9361a2a2c", "70c77ba9ffd9be299a806dd76e48ee2b07282c2d289b22e3d93c36228d50a85a", "917d92b3abe443d5a30d8580c8a3f05ead1310dab993507c93f5b6f562283b5e", "e73bfb970fbfbe2ee525a381fe297353db86e28a646eb49ed5eda67e422495a6", "4aa98e131fe70965a8d8ab4ad09d496b69df33ce002c118836b05b568f34de62", "eb61100dd1555b46a0ffa05035231ff61c85292c327659f9a2c86db715c10d2a", "e236c9c2873df64284a4eae81c94a4f7de632c31236352f1e2fae4ca4a3d3fd7"], "mitre_attack_tags": []}, {"bi": "network-snort-protocol", "hashes": ["0d407e709625354e5061de9ae8d8f7d3a6de00335d2d2958e8810c7ebc298231", "e34b945244705711e8db253bc49969b00426dd61408bd0d48c6527e23249b7c8", "e0b2a87a77ad32ded7b8ca5f2ae3c7195bded9e525f4feb91f8e0c1b5bfa5522", "96755cfa43314ea56aca17a7d626f2275244e508d79465a3955484dd14f23634", "6a952db179e898736f289a945027169d7f37aefe6301ed68820fc502e4b2acbc", "faec5be0de3f61425f674be3fb0a1f46e6a03ade19bffd26959912b6407d9aae", "027eb50a323c9a64411fa32ed72eb0a9cbefb7f0a7a7c91072c5167768543bee", "9865853b7b72f281ce7d42970db23926395cfe246eaff9839fcde8c542497ecf", "f515ddedac2d22db20265173cf39be8f486ce7fc2982c85b1b2e8d0bdf31823e", "5be2fc4c8d59abddd487be30063798bd4c5f13a9a5053b79faf585c60625be80", "69a26a27120e7a19d7a2de970cf2f03708748808e31fcc58165efe42f0cb6cb1", "e1bd68b699bd216423adebd9df3f586cceca8f90407a633f68a21f05068ffb7c", "82b42e4fe14922995be5e3c428c6472d2ce8195cb299f80804f86da0cca32e4f", "ae181cf422359fd0f829ea1e7421557a47fbe7c2ce2b0e1c2cc5b7313914470b", "17cf7375748d5b3279643a920833f0802362698e3a3f86ecdd4c647f6becd962", "5bec3cc7247f29d33baf13e50235787440c23f7a85a8ea39742a304b6f6e42e2", "29486237a4a0ae9fbaa7818ab21976338fd8e60b8cccdf5a6ed5e2a9361a2a2c", "70c77ba9ffd9be299a806dd76e48ee2b07282c2d289b22e3d93c36228d50a85a", "917d92b3abe443d5a30d8580c8a3f05ead1310dab993507c93f5b6f562283b5e", "e73bfb970fbfbe2ee525a381fe297353db86e28a646eb49ed5eda67e422495a6", "4aa98e131fe70965a8d8ab4ad09d496b69df33ce002c118836b05b568f34de62", "eb61100dd1555b46a0ffa05035231ff61c85292c327659f9a2c86db715c10d2a", "e236c9c2873df64284a4eae81c94a4f7de632c31236352f1e2fae4ca4a3d3fd7"], "mitre_attack_tags": []}, {"bi": "dns-excessive-domain-queries", "hashes": ["0d407e709625354e5061de9ae8d8f7d3a6de00335d2d2958e8810c7ebc298231", "e34b945244705711e8db253bc49969b00426dd61408bd0d48c6527e23249b7c8", "e0b2a87a77ad32ded7b8ca5f2ae3c7195bded9e525f4feb91f8e0c1b5bfa5522", "96755cfa43314ea56aca17a7d626f2275244e508d79465a3955484dd14f23634", "6a952db179e898736f289a945027169d7f37aefe6301ed68820fc502e4b2acbc", "faec5be0de3f61425f674be3fb0a1f46e6a03ade19bffd26959912b6407d9aae", "027eb50a323c9a64411fa32ed72eb0a9cbefb7f0a7a7c91072c5167768543bee", "9865853b7b72f281ce7d42970db23926395cfe246eaff9839fcde8c542497ecf", "f515ddedac2d22db20265173cf39be8f486ce7fc2982c85b1b2e8d0bdf31823e", "5be2fc4c8d59abddd487be30063798bd4c5f13a9a5053b79faf585c60625be80", "69a26a27120e7a19d7a2de970cf2f03708748808e31fcc58165efe42f0cb6cb1", "e1bd68b699bd216423adebd9df3f586cceca8f90407a633f68a21f05068ffb7c", "82b42e4fe14922995be5e3c428c6472d2ce8195cb299f80804f86da0cca32e4f", "ae181cf422359fd0f829ea1e7421557a47fbe7c2ce2b0e1c2cc5b7313914470b", "17cf7375748d5b3279643a920833f0802362698e3a3f86ecdd4c647f6becd962", "5bec3cc7247f29d33baf13e50235787440c23f7a85a8ea39742a304b6f6e42e2", "29486237a4a0ae9fbaa7818ab21976338fd8e60b8cccdf5a6ed5e2a9361a2a2c", "70c77ba9ffd9be299a806dd76e48ee2b07282c2d289b22e3d93c36228d50a85a", "917d92b3abe443d5a30d8580c8a3f05ead1310dab993507c93f5b6f562283b5e", "e73bfb970fbfbe2ee525a381fe297353db86e28a646eb49ed5eda67e422495a6", "4aa98e131fe70965a8d8ab4ad09d496b69df33ce002c118836b05b568f34de62", "eb61100dd1555b46a0ffa05035231ff61c85292c327659f9a2c86db715c10d2a", "e236c9c2873df64284a4eae81c94a4f7de632c31236352f1e2fae4ca4a3d3fd7"], "mitre_attack_tags": ["TA0011", "T1008"]}, {"bi": "excessive-dns-query-nxdomain", "hashes": ["0d407e709625354e5061de9ae8d8f7d3a6de00335d2d2958e8810c7ebc298231", "e34b945244705711e8db253bc49969b00426dd61408bd0d48c6527e23249b7c8", "e0b2a87a77ad32ded7b8ca5f2ae3c7195bded9e525f4feb91f8e0c1b5bfa5522", "96755cfa43314ea56aca17a7d626f2275244e508d79465a3955484dd14f23634", "6a952db179e898736f289a945027169d7f37aefe6301ed68820fc502e4b2acbc", "faec5be0de3f61425f674be3fb0a1f46e6a03ade19bffd26959912b6407d9aae", "027eb50a323c9a64411fa32ed72eb0a9cbefb7f0a7a7c91072c5167768543bee", "9865853b7b72f281ce7d42970db23926395cfe246eaff9839fcde8c542497ecf", "f515ddedac2d22db20265173cf39be8f486ce7fc2982c85b1b2e8d0bdf31823e", "5be2fc4c8d59abddd487be30063798bd4c5f13a9a5053b79faf585c60625be80", "69a26a27120e7a19d7a2de970cf2f03708748808e31fcc58165efe42f0cb6cb1", "e1bd68b699bd216423adebd9df3f586cceca8f90407a633f68a21f05068ffb7c", "82b42e4fe14922995be5e3c428c6472d2ce8195cb299f80804f86da0cca32e4f", "ae181cf422359fd0f829ea1e7421557a47fbe7c2ce2b0e1c2cc5b7313914470b", "17cf7375748d5b3279643a920833f0802362698e3a3f86ecdd4c647f6becd962", "5bec3cc7247f29d33baf13e50235787440c23f7a85a8ea39742a304b6f6e42e2", "29486237a4a0ae9fbaa7818ab21976338fd8e60b8cccdf5a6ed5e2a9361a2a2c", "70c77ba9ffd9be299a806dd76e48ee2b07282c2d289b22e3d93c36228d50a85a", "917d92b3abe443d5a30d8580c8a3f05ead1310dab993507c93f5b6f562283b5e", "e73bfb970fbfbe2ee525a381fe297353db86e28a646eb49ed5eda67e422495a6", "4aa98e131fe70965a8d8ab4ad09d496b69df33ce002c118836b05b568f34de62", "eb61100dd1555b46a0ffa05035231ff61c85292c327659f9a2c86db715c10d2a", "e236c9c2873df64284a4eae81c94a4f7de632c31236352f1e2fae4ca4a3d3fd7"], "mitre_attack_tags": ["TA0011", "T1008"]}, {"bi": "feed-domain-antivirus-service", "hashes": ["0d407e709625354e5061de9ae8d8f7d3a6de00335d2d2958e8810c7ebc298231", "e34b945244705711e8db253bc49969b00426dd61408bd0d48c6527e23249b7c8", "e0b2a87a77ad32ded7b8ca5f2ae3c7195bded9e525f4feb91f8e0c1b5bfa5522", "96755cfa43314ea56aca17a7d626f2275244e508d79465a3955484dd14f23634", "6a952db179e898736f289a945027169d7f37aefe6301ed68820fc502e4b2acbc", "faec5be0de3f61425f674be3fb0a1f46e6a03ade19bffd26959912b6407d9aae", "027eb50a323c9a64411fa32ed72eb0a9cbefb7f0a7a7c91072c5167768543bee", "9865853b7b72f281ce7d42970db23926395cfe246eaff9839fcde8c542497ecf", "f515ddedac2d22db20265173cf39be8f486ce7fc2982c85b1b2e8d0bdf31823e", "5be2fc4c8d59abddd487be30063798bd4c5f13a9a5053b79faf585c60625be80", "69a26a27120e7a19d7a2de970cf2f03708748808e31fcc58165efe42f0cb6cb1", "e1bd68b699bd216423adebd9df3f586cceca8f90407a633f68a21f05068ffb7c", "82b42e4fe14922995be5e3c428c6472d2ce8195cb299f80804f86da0cca32e4f", "ae181cf422359fd0f829ea1e7421557a47fbe7c2ce2b0e1c2cc5b7313914470b", "17cf7375748d5b3279643a920833f0802362698e3a3f86ecdd4c647f6becd962", "5bec3cc7247f29d33baf13e50235787440c23f7a85a8ea39742a304b6f6e42e2", "29486237a4a0ae9fbaa7818ab21976338fd8e60b8cccdf5a6ed5e2a9361a2a2c", "70c77ba9ffd9be299a806dd76e48ee2b07282c2d289b22e3d93c36228d50a85a", "917d92b3abe443d5a30d8580c8a3f05ead1310dab993507c93f5b6f562283b5e", "e73bfb970fbfbe2ee525a381fe297353db86e28a646eb49ed5eda67e422495a6", "4aa98e131fe70965a8d8ab4ad09d496b69df33ce002c118836b05b568f34de62", "eb61100dd1555b46a0ffa05035231ff61c85292c327659f9a2c86db715c10d2a", "e236c9c2873df64284a4eae81c94a4f7de632c31236352f1e2fae4ca4a3d3fd7"], "mitre_attack_tags": []}, {"bi": "network-snort-indicator-compromise", "hashes": ["0d407e709625354e5061de9ae8d8f7d3a6de00335d2d2958e8810c7ebc298231", "e34b945244705711e8db253bc49969b00426dd61408bd0d48c6527e23249b7c8", "e0b2a87a77ad32ded7b8ca5f2ae3c7195bded9e525f4feb91f8e0c1b5bfa5522", "96755cfa43314ea56aca17a7d626f2275244e508d79465a3955484dd14f23634", "6a952db179e898736f289a945027169d7f37aefe6301ed68820fc502e4b2acbc", "faec5be0de3f61425f674be3fb0a1f46e6a03ade19bffd26959912b6407d9aae", "027eb50a323c9a64411fa32ed72eb0a9cbefb7f0a7a7c91072c5167768543bee", "9865853b7b72f281ce7d42970db23926395cfe246eaff9839fcde8c542497ecf", "f515ddedac2d22db20265173cf39be8f486ce7fc2982c85b1b2e8d0bdf31823e", "5be2fc4c8d59abddd487be30063798bd4c5f13a9a5053b79faf585c60625be80", "69a26a27120e7a19d7a2de970cf2f03708748808e31fcc58165efe42f0cb6cb1", "e1bd68b699bd216423adebd9df3f586cceca8f90407a633f68a21f05068ffb7c", "82b42e4fe14922995be5e3c428c6472d2ce8195cb299f80804f86da0cca32e4f", "ae181cf422359fd0f829ea1e7421557a47fbe7c2ce2b0e1c2cc5b7313914470b", "17cf7375748d5b3279643a920833f0802362698e3a3f86ecdd4c647f6becd962", "5bec3cc7247f29d33baf13e50235787440c23f7a85a8ea39742a304b6f6e42e2", "29486237a4a0ae9fbaa7818ab21976338fd8e60b8cccdf5a6ed5e2a9361a2a2c", "70c77ba9ffd9be299a806dd76e48ee2b07282c2d289b22e3d93c36228d50a85a", "917d92b3abe443d5a30d8580c8a3f05ead1310dab993507c93f5b6f562283b5e", "e73bfb970fbfbe2ee525a381fe297353db86e28a646eb49ed5eda67e422495a6", "4aa98e131fe70965a8d8ab4ad09d496b69df33ce002c118836b05b568f34de62", "eb61100dd1555b46a0ffa05035231ff61c85292c327659f9a2c86db715c10d2a", "e236c9c2873df64284a4eae81c94a4f7de632c31236352f1e2fae4ca4a3d3fd7"], "mitre_attack_tags": []}, {"bi": "excessive-foreign-memory-modification", "hashes": ["0d407e709625354e5061de9ae8d8f7d3a6de00335d2d2958e8810c7ebc298231", "e34b945244705711e8db253bc49969b00426dd61408bd0d48c6527e23249b7c8", "e0b2a87a77ad32ded7b8ca5f2ae3c7195bded9e525f4feb91f8e0c1b5bfa5522", "96755cfa43314ea56aca17a7d626f2275244e508d79465a3955484dd14f23634", "6a952db179e898736f289a945027169d7f37aefe6301ed68820fc502e4b2acbc", "faec5be0de3f61425f674be3fb0a1f46e6a03ade19bffd26959912b6407d9aae", "027eb50a323c9a64411fa32ed72eb0a9cbefb7f0a7a7c91072c5167768543bee", "9865853b7b72f281ce7d42970db23926395cfe246eaff9839fcde8c542497ecf", "f515ddedac2d22db20265173cf39be8f486ce7fc2982c85b1b2e8d0bdf31823e", "5be2fc4c8d59abddd487be30063798bd4c5f13a9a5053b79faf585c60625be80", "69a26a27120e7a19d7a2de970cf2f03708748808e31fcc58165efe42f0cb6cb1", "e1bd68b699bd216423adebd9df3f586cceca8f90407a633f68a21f05068ffb7c", "82b42e4fe14922995be5e3c428c6472d2ce8195cb299f80804f86da0cca32e4f", "ae181cf422359fd0f829ea1e7421557a47fbe7c2ce2b0e1c2cc5b7313914470b", "17cf7375748d5b3279643a920833f0802362698e3a3f86ecdd4c647f6becd962", "5bec3cc7247f29d33baf13e50235787440c23f7a85a8ea39742a304b6f6e42e2", "29486237a4a0ae9fbaa7818ab21976338fd8e60b8cccdf5a6ed5e2a9361a2a2c", "70c77ba9ffd9be299a806dd76e48ee2b07282c2d289b22e3d93c36228d50a85a", "917d92b3abe443d5a30d8580c8a3f05ead1310dab993507c93f5b6f562283b5e", "e73bfb970fbfbe2ee525a381fe297353db86e28a646eb49ed5eda67e422495a6", "4aa98e131fe70965a8d8ab4ad09d496b69df33ce002c118836b05b568f34de62", "eb61100dd1555b46a0ffa05035231ff61c85292c327659f9a2c86db715c10d2a", "e236c9c2873df64284a4eae81c94a4f7de632c31236352f1e2fae4ca4a3d3fd7"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "dns-public-server-contacted", "hashes": ["0d407e709625354e5061de9ae8d8f7d3a6de00335d2d2958e8810c7ebc298231", "e34b945244705711e8db253bc49969b00426dd61408bd0d48c6527e23249b7c8", "e0b2a87a77ad32ded7b8ca5f2ae3c7195bded9e525f4feb91f8e0c1b5bfa5522", "96755cfa43314ea56aca17a7d626f2275244e508d79465a3955484dd14f23634", "6a952db179e898736f289a945027169d7f37aefe6301ed68820fc502e4b2acbc", "faec5be0de3f61425f674be3fb0a1f46e6a03ade19bffd26959912b6407d9aae", "027eb50a323c9a64411fa32ed72eb0a9cbefb7f0a7a7c91072c5167768543bee", "9865853b7b72f281ce7d42970db23926395cfe246eaff9839fcde8c542497ecf", "f515ddedac2d22db20265173cf39be8f486ce7fc2982c85b1b2e8d0bdf31823e", "5be2fc4c8d59abddd487be30063798bd4c5f13a9a5053b79faf585c60625be80", "69a26a27120e7a19d7a2de970cf2f03708748808e31fcc58165efe42f0cb6cb1", "e1bd68b699bd216423adebd9df3f586cceca8f90407a633f68a21f05068ffb7c", "82b42e4fe14922995be5e3c428c6472d2ce8195cb299f80804f86da0cca32e4f", "ae181cf422359fd0f829ea1e7421557a47fbe7c2ce2b0e1c2cc5b7313914470b", "17cf7375748d5b3279643a920833f0802362698e3a3f86ecdd4c647f6becd962", "5bec3cc7247f29d33baf13e50235787440c23f7a85a8ea39742a304b6f6e42e2", "29486237a4a0ae9fbaa7818ab21976338fd8e60b8cccdf5a6ed5e2a9361a2a2c", "70c77ba9ffd9be299a806dd76e48ee2b07282c2d289b22e3d93c36228d50a85a", "917d92b3abe443d5a30d8580c8a3f05ead1310dab993507c93f5b6f562283b5e", "e73bfb970fbfbe2ee525a381fe297353db86e28a646eb49ed5eda67e422495a6", "4aa98e131fe70965a8d8ab4ad09d496b69df33ce002c118836b05b568f34de62", "eb61100dd1555b46a0ffa05035231ff61c85292c327659f9a2c86db715c10d2a", "e236c9c2873df64284a4eae81c94a4f7de632c31236352f1e2fae4ca4a3d3fd7"], "mitre_attack_tags": ["TA0011", "T1071"]}, {"bi": "pe-resource-lang-russian", "hashes": ["0d407e709625354e5061de9ae8d8f7d3a6de00335d2d2958e8810c7ebc298231", "e34b945244705711e8db253bc49969b00426dd61408bd0d48c6527e23249b7c8", "e0b2a87a77ad32ded7b8ca5f2ae3c7195bded9e525f4feb91f8e0c1b5bfa5522", "96755cfa43314ea56aca17a7d626f2275244e508d79465a3955484dd14f23634", "6a952db179e898736f289a945027169d7f37aefe6301ed68820fc502e4b2acbc", "faec5be0de3f61425f674be3fb0a1f46e6a03ade19bffd26959912b6407d9aae", "027eb50a323c9a64411fa32ed72eb0a9cbefb7f0a7a7c91072c5167768543bee", "9865853b7b72f281ce7d42970db23926395cfe246eaff9839fcde8c542497ecf", "f515ddedac2d22db20265173cf39be8f486ce7fc2982c85b1b2e8d0bdf31823e", "5be2fc4c8d59abddd487be30063798bd4c5f13a9a5053b79faf585c60625be80", "69a26a27120e7a19d7a2de970cf2f03708748808e31fcc58165efe42f0cb6cb1", "e1bd68b699bd216423adebd9df3f586cceca8f90407a633f68a21f05068ffb7c", "82b42e4fe14922995be5e3c428c6472d2ce8195cb299f80804f86da0cca32e4f", "ae181cf422359fd0f829ea1e7421557a47fbe7c2ce2b0e1c2cc5b7313914470b", "17cf7375748d5b3279643a920833f0802362698e3a3f86ecdd4c647f6becd962", "5bec3cc7247f29d33baf13e50235787440c23f7a85a8ea39742a304b6f6e42e2", "29486237a4a0ae9fbaa7818ab21976338fd8e60b8cccdf5a6ed5e2a9361a2a2c", "70c77ba9ffd9be299a806dd76e48ee2b07282c2d289b22e3d93c36228d50a85a", "917d92b3abe443d5a30d8580c8a3f05ead1310dab993507c93f5b6f562283b5e", "e73bfb970fbfbe2ee525a381fe297353db86e28a646eb49ed5eda67e422495a6", "4aa98e131fe70965a8d8ab4ad09d496b69df33ce002c118836b05b568f34de62", "eb61100dd1555b46a0ffa05035231ff61c85292c327659f9a2c86db715c10d2a", "e236c9c2873df64284a4eae81c94a4f7de632c31236352f1e2fae4ca4a3d3fd7"], "mitre_attack_tags": []}, {"bi": "malware-nymaim-registry", "hashes": ["0d407e709625354e5061de9ae8d8f7d3a6de00335d2d2958e8810c7ebc298231", "e34b945244705711e8db253bc49969b00426dd61408bd0d48c6527e23249b7c8", "e0b2a87a77ad32ded7b8ca5f2ae3c7195bded9e525f4feb91f8e0c1b5bfa5522", "96755cfa43314ea56aca17a7d626f2275244e508d79465a3955484dd14f23634", "6a952db179e898736f289a945027169d7f37aefe6301ed68820fc502e4b2acbc", "faec5be0de3f61425f674be3fb0a1f46e6a03ade19bffd26959912b6407d9aae", "027eb50a323c9a64411fa32ed72eb0a9cbefb7f0a7a7c91072c5167768543bee", "9865853b7b72f281ce7d42970db23926395cfe246eaff9839fcde8c542497ecf", "f515ddedac2d22db20265173cf39be8f486ce7fc2982c85b1b2e8d0bdf31823e", "5be2fc4c8d59abddd487be30063798bd4c5f13a9a5053b79faf585c60625be80", "69a26a27120e7a19d7a2de970cf2f03708748808e31fcc58165efe42f0cb6cb1", "e1bd68b699bd216423adebd9df3f586cceca8f90407a633f68a21f05068ffb7c", "82b42e4fe14922995be5e3c428c6472d2ce8195cb299f80804f86da0cca32e4f", "ae181cf422359fd0f829ea1e7421557a47fbe7c2ce2b0e1c2cc5b7313914470b", "17cf7375748d5b3279643a920833f0802362698e3a3f86ecdd4c647f6becd962", "5bec3cc7247f29d33baf13e50235787440c23f7a85a8ea39742a304b6f6e42e2", "29486237a4a0ae9fbaa7818ab21976338fd8e60b8cccdf5a6ed5e2a9361a2a2c", "70c77ba9ffd9be299a806dd76e48ee2b07282c2d289b22e3d93c36228d50a85a", "917d92b3abe443d5a30d8580c8a3f05ead1310dab993507c93f5b6f562283b5e", "e73bfb970fbfbe2ee525a381fe297353db86e28a646eb49ed5eda67e422495a6", "4aa98e131fe70965a8d8ab4ad09d496b69df33ce002c118836b05b568f34de62", "eb61100dd1555b46a0ffa05035231ff61c85292c327659f9a2c86db715c10d2a", "e236c9c2873df64284a4eae81c94a4f7de632c31236352f1e2fae4ca4a3d3fd7"], "mitre_attack_tags": []}, {"bi": "possible-dga-communication", "hashes": ["0d407e709625354e5061de9ae8d8f7d3a6de00335d2d2958e8810c7ebc298231", "e34b945244705711e8db253bc49969b00426dd61408bd0d48c6527e23249b7c8", "e0b2a87a77ad32ded7b8ca5f2ae3c7195bded9e525f4feb91f8e0c1b5bfa5522", "96755cfa43314ea56aca17a7d626f2275244e508d79465a3955484dd14f23634", "6a952db179e898736f289a945027169d7f37aefe6301ed68820fc502e4b2acbc", "faec5be0de3f61425f674be3fb0a1f46e6a03ade19bffd26959912b6407d9aae", "027eb50a323c9a64411fa32ed72eb0a9cbefb7f0a7a7c91072c5167768543bee", "9865853b7b72f281ce7d42970db23926395cfe246eaff9839fcde8c542497ecf", "f515ddedac2d22db20265173cf39be8f486ce7fc2982c85b1b2e8d0bdf31823e", "5be2fc4c8d59abddd487be30063798bd4c5f13a9a5053b79faf585c60625be80", "69a26a27120e7a19d7a2de970cf2f03708748808e31fcc58165efe42f0cb6cb1", "e1bd68b699bd216423adebd9df3f586cceca8f90407a633f68a21f05068ffb7c", "82b42e4fe14922995be5e3c428c6472d2ce8195cb299f80804f86da0cca32e4f", "ae181cf422359fd0f829ea1e7421557a47fbe7c2ce2b0e1c2cc5b7313914470b", "17cf7375748d5b3279643a920833f0802362698e3a3f86ecdd4c647f6becd962", "5bec3cc7247f29d33baf13e50235787440c23f7a85a8ea39742a304b6f6e42e2", "29486237a4a0ae9fbaa7818ab21976338fd8e60b8cccdf5a6ed5e2a9361a2a2c", "70c77ba9ffd9be299a806dd76e48ee2b07282c2d289b22e3d93c36228d50a85a", "917d92b3abe443d5a30d8580c8a3f05ead1310dab993507c93f5b6f562283b5e", "e73bfb970fbfbe2ee525a381fe297353db86e28a646eb49ed5eda67e422495a6", "4aa98e131fe70965a8d8ab4ad09d496b69df33ce002c118836b05b568f34de62", "eb61100dd1555b46a0ffa05035231ff61c85292c327659f9a2c86db715c10d2a", "e236c9c2873df64284a4eae81c94a4f7de632c31236352f1e2fae4ca4a3d3fd7"], "mitre_attack_tags": ["TA0011", "T1568"]}, {"bi": "network-dns-safe-categories", "hashes": ["0d407e709625354e5061de9ae8d8f7d3a6de00335d2d2958e8810c7ebc298231", "e34b945244705711e8db253bc49969b00426dd61408bd0d48c6527e23249b7c8", "e0b2a87a77ad32ded7b8ca5f2ae3c7195bded9e525f4feb91f8e0c1b5bfa5522", "96755cfa43314ea56aca17a7d626f2275244e508d79465a3955484dd14f23634", "6a952db179e898736f289a945027169d7f37aefe6301ed68820fc502e4b2acbc", "faec5be0de3f61425f674be3fb0a1f46e6a03ade19bffd26959912b6407d9aae", "027eb50a323c9a64411fa32ed72eb0a9cbefb7f0a7a7c91072c5167768543bee", "9865853b7b72f281ce7d42970db23926395cfe246eaff9839fcde8c542497ecf", "f515ddedac2d22db20265173cf39be8f486ce7fc2982c85b1b2e8d0bdf31823e", "5be2fc4c8d59abddd487be30063798bd4c5f13a9a5053b79faf585c60625be80", "69a26a27120e7a19d7a2de970cf2f03708748808e31fcc58165efe42f0cb6cb1", "e1bd68b699bd216423adebd9df3f586cceca8f90407a633f68a21f05068ffb7c", "82b42e4fe14922995be5e3c428c6472d2ce8195cb299f80804f86da0cca32e4f", "ae181cf422359fd0f829ea1e7421557a47fbe7c2ce2b0e1c2cc5b7313914470b", "17cf7375748d5b3279643a920833f0802362698e3a3f86ecdd4c647f6becd962", "5bec3cc7247f29d33baf13e50235787440c23f7a85a8ea39742a304b6f6e42e2", "29486237a4a0ae9fbaa7818ab21976338fd8e60b8cccdf5a6ed5e2a9361a2a2c", "70c77ba9ffd9be299a806dd76e48ee2b07282c2d289b22e3d93c36228d50a85a", "917d92b3abe443d5a30d8580c8a3f05ead1310dab993507c93f5b6f562283b5e", "e73bfb970fbfbe2ee525a381fe297353db86e28a646eb49ed5eda67e422495a6", "4aa98e131fe70965a8d8ab4ad09d496b69df33ce002c118836b05b568f34de62", "eb61100dd1555b46a0ffa05035231ff61c85292c327659f9a2c86db715c10d2a", "e236c9c2873df64284a4eae81c94a4f7de632c31236352f1e2fae4ca4a3d3fd7"], "mitre_attack_tags": []}, {"bi": "registry-large-data-entry", "hashes": ["e34b945244705711e8db253bc49969b00426dd61408bd0d48c6527e23249b7c8", "96755cfa43314ea56aca17a7d626f2275244e508d79465a3955484dd14f23634", "9865853b7b72f281ce7d42970db23926395cfe246eaff9839fcde8c542497ecf", "917d92b3abe443d5a30d8580c8a3f05ead1310dab993507c93f5b6f562283b5e", "e236c9c2873df64284a4eae81c94a4f7de632c31236352f1e2fae4ca4a3d3fd7"], "mitre_attack_tags": ["TA0005", "T1112"]}, {"bi": "antivirus-flagged-artifact", "hashes": ["f515ddedac2d22db20265173cf39be8f486ce7fc2982c85b1b2e8d0bdf31823e"], "mitre_attack_tags": []}], "category": "Malware", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": true, "Threat Grid": true, "Umbrella": false, "WSA": false}, "description": "Nymaim is malware that can be used to deliver ransomware and other malicious payloads. It uses a domain generation algorithm to generate potential command and control (C2) domains to connect to additional payloads.", "hashes": ["027eb50a323c9a64411fa32ed72eb0a9cbefb7f0a7a7c91072c5167768543bee", "0d407e709625354e5061de9ae8d8f7d3a6de00335d2d2958e8810c7ebc298231", "17cf7375748d5b3279643a920833f0802362698e3a3f86ecdd4c647f6becd962", "29486237a4a0ae9fbaa7818ab21976338fd8e60b8cccdf5a6ed5e2a9361a2a2c", "4aa98e131fe70965a8d8ab4ad09d496b69df33ce002c118836b05b568f34de62", "5be2fc4c8d59abddd487be30063798bd4c5f13a9a5053b79faf585c60625be80", "5bec3cc7247f29d33baf13e50235787440c23f7a85a8ea39742a304b6f6e42e2", "69a26a27120e7a19d7a2de970cf2f03708748808e31fcc58165efe42f0cb6cb1", "6a952db179e898736f289a945027169d7f37aefe6301ed68820fc502e4b2acbc", "70c77ba9ffd9be299a806dd76e48ee2b07282c2d289b22e3d93c36228d50a85a", "82b42e4fe14922995be5e3c428c6472d2ce8195cb299f80804f86da0cca32e4f", "917d92b3abe443d5a30d8580c8a3f05ead1310dab993507c93f5b6f562283b5e", "96755cfa43314ea56aca17a7d626f2275244e508d79465a3955484dd14f23634", "9865853b7b72f281ce7d42970db23926395cfe246eaff9839fcde8c542497ecf", "ae181cf422359fd0f829ea1e7421557a47fbe7c2ce2b0e1c2cc5b7313914470b", "e0b2a87a77ad32ded7b8ca5f2ae3c7195bded9e525f4feb91f8e0c1b5bfa5522", "e1bd68b699bd216423adebd9df3f586cceca8f90407a633f68a21f05068ffb7c", "e236c9c2873df64284a4eae81c94a4f7de632c31236352f1e2fae4ca4a3d3fd7", "e34b945244705711e8db253bc49969b00426dd61408bd0d48c6527e23249b7c8", "e73bfb970fbfbe2ee525a381fe297353db86e28a646eb49ed5eda67e422495a6", "eb61100dd1555b46a0ffa05035231ff61c85292c327659f9a2c86db715c10d2a", "f515ddedac2d22db20265173cf39be8f486ce7fc2982c85b1b2e8d0bdf31823e", "faec5be0de3f61425f674be3fb0a1f46e6a03ade19bffd26959912b6407d9aae"], "iocs": {"domain": [{"hashes": ["027eb50a323c9a64411fa32ed72eb0a9cbefb7f0a7a7c91072c5167768543bee", "0d407e709625354e5061de9ae8d8f7d3a6de00335d2d2958e8810c7ebc298231", "17cf7375748d5b3279643a920833f0802362698e3a3f86ecdd4c647f6becd962", "29486237a4a0ae9fbaa7818ab21976338fd8e60b8cccdf5a6ed5e2a9361a2a2c", "4aa98e131fe70965a8d8ab4ad09d496b69df33ce002c118836b05b568f34de62", "5be2fc4c8d59abddd487be30063798bd4c5f13a9a5053b79faf585c60625be80", "5bec3cc7247f29d33baf13e50235787440c23f7a85a8ea39742a304b6f6e42e2", "69a26a27120e7a19d7a2de970cf2f03708748808e31fcc58165efe42f0cb6cb1", "6a952db179e898736f289a945027169d7f37aefe6301ed68820fc502e4b2acbc", "70c77ba9ffd9be299a806dd76e48ee2b07282c2d289b22e3d93c36228d50a85a", "82b42e4fe14922995be5e3c428c6472d2ce8195cb299f80804f86da0cca32e4f", "917d92b3abe443d5a30d8580c8a3f05ead1310dab993507c93f5b6f562283b5e", "96755cfa43314ea56aca17a7d626f2275244e508d79465a3955484dd14f23634", "9865853b7b72f281ce7d42970db23926395cfe246eaff9839fcde8c542497ecf", "ae181cf422359fd0f829ea1e7421557a47fbe7c2ce2b0e1c2cc5b7313914470b", "e0b2a87a77ad32ded7b8ca5f2ae3c7195bded9e525f4feb91f8e0c1b5bfa5522", "e1bd68b699bd216423adebd9df3f586cceca8f90407a633f68a21f05068ffb7c", "e236c9c2873df64284a4eae81c94a4f7de632c31236352f1e2fae4ca4a3d3fd7", "e34b945244705711e8db253bc49969b00426dd61408bd0d48c6527e23249b7c8", "e73bfb970fbfbe2ee525a381fe297353db86e28a646eb49ed5eda67e422495a6", "eb61100dd1555b46a0ffa05035231ff61c85292c327659f9a2c86db715c10d2a", "f515ddedac2d22db20265173cf39be8f486ce7fc2982c85b1b2e8d0bdf31823e", "faec5be0de3f61425f674be3fb0a1f46e6a03ade19bffd26959912b6407d9aae"], "host": "microsoft[.]com"}, {"hashes": ["027eb50a323c9a64411fa32ed72eb0a9cbefb7f0a7a7c91072c5167768543bee", "0d407e709625354e5061de9ae8d8f7d3a6de00335d2d2958e8810c7ebc298231", "17cf7375748d5b3279643a920833f0802362698e3a3f86ecdd4c647f6becd962", "29486237a4a0ae9fbaa7818ab21976338fd8e60b8cccdf5a6ed5e2a9361a2a2c", "4aa98e131fe70965a8d8ab4ad09d496b69df33ce002c118836b05b568f34de62", "5be2fc4c8d59abddd487be30063798bd4c5f13a9a5053b79faf585c60625be80", "5bec3cc7247f29d33baf13e50235787440c23f7a85a8ea39742a304b6f6e42e2", "69a26a27120e7a19d7a2de970cf2f03708748808e31fcc58165efe42f0cb6cb1", "6a952db179e898736f289a945027169d7f37aefe6301ed68820fc502e4b2acbc", "70c77ba9ffd9be299a806dd76e48ee2b07282c2d289b22e3d93c36228d50a85a", "82b42e4fe14922995be5e3c428c6472d2ce8195cb299f80804f86da0cca32e4f", "917d92b3abe443d5a30d8580c8a3f05ead1310dab993507c93f5b6f562283b5e", "96755cfa43314ea56aca17a7d626f2275244e508d79465a3955484dd14f23634", "9865853b7b72f281ce7d42970db23926395cfe246eaff9839fcde8c542497ecf", "ae181cf422359fd0f829ea1e7421557a47fbe7c2ce2b0e1c2cc5b7313914470b", "e0b2a87a77ad32ded7b8ca5f2ae3c7195bded9e525f4feb91f8e0c1b5bfa5522", "e1bd68b699bd216423adebd9df3f586cceca8f90407a633f68a21f05068ffb7c", "e236c9c2873df64284a4eae81c94a4f7de632c31236352f1e2fae4ca4a3d3fd7", "e34b945244705711e8db253bc49969b00426dd61408bd0d48c6527e23249b7c8", "e73bfb970fbfbe2ee525a381fe297353db86e28a646eb49ed5eda67e422495a6", "eb61100dd1555b46a0ffa05035231ff61c85292c327659f9a2c86db715c10d2a", "f515ddedac2d22db20265173cf39be8f486ce7fc2982c85b1b2e8d0bdf31823e", "faec5be0de3f61425f674be3fb0a1f46e6a03ade19bffd26959912b6407d9aae"], "host": "google[.]com"}, {"hashes": ["027eb50a323c9a64411fa32ed72eb0a9cbefb7f0a7a7c91072c5167768543bee", "0d407e709625354e5061de9ae8d8f7d3a6de00335d2d2958e8810c7ebc298231", "17cf7375748d5b3279643a920833f0802362698e3a3f86ecdd4c647f6becd962", "29486237a4a0ae9fbaa7818ab21976338fd8e60b8cccdf5a6ed5e2a9361a2a2c", "4aa98e131fe70965a8d8ab4ad09d496b69df33ce002c118836b05b568f34de62", "5be2fc4c8d59abddd487be30063798bd4c5f13a9a5053b79faf585c60625be80", "5bec3cc7247f29d33baf13e50235787440c23f7a85a8ea39742a304b6f6e42e2", "69a26a27120e7a19d7a2de970cf2f03708748808e31fcc58165efe42f0cb6cb1", "6a952db179e898736f289a945027169d7f37aefe6301ed68820fc502e4b2acbc", "70c77ba9ffd9be299a806dd76e48ee2b07282c2d289b22e3d93c36228d50a85a", "82b42e4fe14922995be5e3c428c6472d2ce8195cb299f80804f86da0cca32e4f", "917d92b3abe443d5a30d8580c8a3f05ead1310dab993507c93f5b6f562283b5e", "96755cfa43314ea56aca17a7d626f2275244e508d79465a3955484dd14f23634", "9865853b7b72f281ce7d42970db23926395cfe246eaff9839fcde8c542497ecf", "ae181cf422359fd0f829ea1e7421557a47fbe7c2ce2b0e1c2cc5b7313914470b", "e0b2a87a77ad32ded7b8ca5f2ae3c7195bded9e525f4feb91f8e0c1b5bfa5522", "e1bd68b699bd216423adebd9df3f586cceca8f90407a633f68a21f05068ffb7c", "e236c9c2873df64284a4eae81c94a4f7de632c31236352f1e2fae4ca4a3d3fd7", "e73bfb970fbfbe2ee525a381fe297353db86e28a646eb49ed5eda67e422495a6", "eb61100dd1555b46a0ffa05035231ff61c85292c327659f9a2c86db715c10d2a", "f515ddedac2d22db20265173cf39be8f486ce7fc2982c85b1b2e8d0bdf31823e", "faec5be0de3f61425f674be3fb0a1f46e6a03ade19bffd26959912b6407d9aae"], "host": "dcrrkfcuq[.]pw"}, {"hashes": ["027eb50a323c9a64411fa32ed72eb0a9cbefb7f0a7a7c91072c5167768543bee", "0d407e709625354e5061de9ae8d8f7d3a6de00335d2d2958e8810c7ebc298231", "17cf7375748d5b3279643a920833f0802362698e3a3f86ecdd4c647f6becd962", "29486237a4a0ae9fbaa7818ab21976338fd8e60b8cccdf5a6ed5e2a9361a2a2c", "4aa98e131fe70965a8d8ab4ad09d496b69df33ce002c118836b05b568f34de62", "5be2fc4c8d59abddd487be30063798bd4c5f13a9a5053b79faf585c60625be80", "5bec3cc7247f29d33baf13e50235787440c23f7a85a8ea39742a304b6f6e42e2", "69a26a27120e7a19d7a2de970cf2f03708748808e31fcc58165efe42f0cb6cb1", "6a952db179e898736f289a945027169d7f37aefe6301ed68820fc502e4b2acbc", "70c77ba9ffd9be299a806dd76e48ee2b07282c2d289b22e3d93c36228d50a85a", "82b42e4fe14922995be5e3c428c6472d2ce8195cb299f80804f86da0cca32e4f", "917d92b3abe443d5a30d8580c8a3f05ead1310dab993507c93f5b6f562283b5e", "96755cfa43314ea56aca17a7d626f2275244e508d79465a3955484dd14f23634", "9865853b7b72f281ce7d42970db23926395cfe246eaff9839fcde8c542497ecf", "ae181cf422359fd0f829ea1e7421557a47fbe7c2ce2b0e1c2cc5b7313914470b", "e0b2a87a77ad32ded7b8ca5f2ae3c7195bded9e525f4feb91f8e0c1b5bfa5522", "e1bd68b699bd216423adebd9df3f586cceca8f90407a633f68a21f05068ffb7c", "e236c9c2873df64284a4eae81c94a4f7de632c31236352f1e2fae4ca4a3d3fd7", "e73bfb970fbfbe2ee525a381fe297353db86e28a646eb49ed5eda67e422495a6", "eb61100dd1555b46a0ffa05035231ff61c85292c327659f9a2c86db715c10d2a", "f515ddedac2d22db20265173cf39be8f486ce7fc2982c85b1b2e8d0bdf31823e", "faec5be0de3f61425f674be3fb0a1f46e6a03ade19bffd26959912b6407d9aae"], "host": "djvxzgguj[.]pw"}, {"hashes": ["027eb50a323c9a64411fa32ed72eb0a9cbefb7f0a7a7c91072c5167768543bee", "0d407e709625354e5061de9ae8d8f7d3a6de00335d2d2958e8810c7ebc298231", "17cf7375748d5b3279643a920833f0802362698e3a3f86ecdd4c647f6becd962", "29486237a4a0ae9fbaa7818ab21976338fd8e60b8cccdf5a6ed5e2a9361a2a2c", "4aa98e131fe70965a8d8ab4ad09d496b69df33ce002c118836b05b568f34de62", "5be2fc4c8d59abddd487be30063798bd4c5f13a9a5053b79faf585c60625be80", "5bec3cc7247f29d33baf13e50235787440c23f7a85a8ea39742a304b6f6e42e2", "69a26a27120e7a19d7a2de970cf2f03708748808e31fcc58165efe42f0cb6cb1", "6a952db179e898736f289a945027169d7f37aefe6301ed68820fc502e4b2acbc", "70c77ba9ffd9be299a806dd76e48ee2b07282c2d289b22e3d93c36228d50a85a", "82b42e4fe14922995be5e3c428c6472d2ce8195cb299f80804f86da0cca32e4f", "917d92b3abe443d5a30d8580c8a3f05ead1310dab993507c93f5b6f562283b5e", "96755cfa43314ea56aca17a7d626f2275244e508d79465a3955484dd14f23634", "9865853b7b72f281ce7d42970db23926395cfe246eaff9839fcde8c542497ecf", "ae181cf422359fd0f829ea1e7421557a47fbe7c2ce2b0e1c2cc5b7313914470b", "e0b2a87a77ad32ded7b8ca5f2ae3c7195bded9e525f4feb91f8e0c1b5bfa5522", "e1bd68b699bd216423adebd9df3f586cceca8f90407a633f68a21f05068ffb7c", "e236c9c2873df64284a4eae81c94a4f7de632c31236352f1e2fae4ca4a3d3fd7", "e73bfb970fbfbe2ee525a381fe297353db86e28a646eb49ed5eda67e422495a6", "eb61100dd1555b46a0ffa05035231ff61c85292c327659f9a2c86db715c10d2a", "f515ddedac2d22db20265173cf39be8f486ce7fc2982c85b1b2e8d0bdf31823e", "faec5be0de3f61425f674be3fb0a1f46e6a03ade19bffd26959912b6407d9aae"], "host": "hbomnx[.]net"}, {"hashes": ["027eb50a323c9a64411fa32ed72eb0a9cbefb7f0a7a7c91072c5167768543bee", "0d407e709625354e5061de9ae8d8f7d3a6de00335d2d2958e8810c7ebc298231", "17cf7375748d5b3279643a920833f0802362698e3a3f86ecdd4c647f6becd962", "29486237a4a0ae9fbaa7818ab21976338fd8e60b8cccdf5a6ed5e2a9361a2a2c", "4aa98e131fe70965a8d8ab4ad09d496b69df33ce002c118836b05b568f34de62", "5be2fc4c8d59abddd487be30063798bd4c5f13a9a5053b79faf585c60625be80", "5bec3cc7247f29d33baf13e50235787440c23f7a85a8ea39742a304b6f6e42e2", "69a26a27120e7a19d7a2de970cf2f03708748808e31fcc58165efe42f0cb6cb1", "6a952db179e898736f289a945027169d7f37aefe6301ed68820fc502e4b2acbc", "70c77ba9ffd9be299a806dd76e48ee2b07282c2d289b22e3d93c36228d50a85a", "82b42e4fe14922995be5e3c428c6472d2ce8195cb299f80804f86da0cca32e4f", "917d92b3abe443d5a30d8580c8a3f05ead1310dab993507c93f5b6f562283b5e", "96755cfa43314ea56aca17a7d626f2275244e508d79465a3955484dd14f23634", "9865853b7b72f281ce7d42970db23926395cfe246eaff9839fcde8c542497ecf", "ae181cf422359fd0f829ea1e7421557a47fbe7c2ce2b0e1c2cc5b7313914470b", "e0b2a87a77ad32ded7b8ca5f2ae3c7195bded9e525f4feb91f8e0c1b5bfa5522", "e1bd68b699bd216423adebd9df3f586cceca8f90407a633f68a21f05068ffb7c", "e236c9c2873df64284a4eae81c94a4f7de632c31236352f1e2fae4ca4a3d3fd7", "e73bfb970fbfbe2ee525a381fe297353db86e28a646eb49ed5eda67e422495a6", "eb61100dd1555b46a0ffa05035231ff61c85292c327659f9a2c86db715c10d2a", "f515ddedac2d22db20265173cf39be8f486ce7fc2982c85b1b2e8d0bdf31823e", "faec5be0de3f61425f674be3fb0a1f46e6a03ade19bffd26959912b6407d9aae"], "host": "hhqpe[.]in"}, {"hashes": ["027eb50a323c9a64411fa32ed72eb0a9cbefb7f0a7a7c91072c5167768543bee", "0d407e709625354e5061de9ae8d8f7d3a6de00335d2d2958e8810c7ebc298231", "17cf7375748d5b3279643a920833f0802362698e3a3f86ecdd4c647f6becd962", "29486237a4a0ae9fbaa7818ab21976338fd8e60b8cccdf5a6ed5e2a9361a2a2c", "4aa98e131fe70965a8d8ab4ad09d496b69df33ce002c118836b05b568f34de62", "5be2fc4c8d59abddd487be30063798bd4c5f13a9a5053b79faf585c60625be80", "5bec3cc7247f29d33baf13e50235787440c23f7a85a8ea39742a304b6f6e42e2", "69a26a27120e7a19d7a2de970cf2f03708748808e31fcc58165efe42f0cb6cb1", "6a952db179e898736f289a945027169d7f37aefe6301ed68820fc502e4b2acbc", "70c77ba9ffd9be299a806dd76e48ee2b07282c2d289b22e3d93c36228d50a85a", "82b42e4fe14922995be5e3c428c6472d2ce8195cb299f80804f86da0cca32e4f", "917d92b3abe443d5a30d8580c8a3f05ead1310dab993507c93f5b6f562283b5e", "96755cfa43314ea56aca17a7d626f2275244e508d79465a3955484dd14f23634", "9865853b7b72f281ce7d42970db23926395cfe246eaff9839fcde8c542497ecf", "ae181cf422359fd0f829ea1e7421557a47fbe7c2ce2b0e1c2cc5b7313914470b", "e0b2a87a77ad32ded7b8ca5f2ae3c7195bded9e525f4feb91f8e0c1b5bfa5522", "e1bd68b699bd216423adebd9df3f586cceca8f90407a633f68a21f05068ffb7c", "e236c9c2873df64284a4eae81c94a4f7de632c31236352f1e2fae4ca4a3d3fd7", "e73bfb970fbfbe2ee525a381fe297353db86e28a646eb49ed5eda67e422495a6", "eb61100dd1555b46a0ffa05035231ff61c85292c327659f9a2c86db715c10d2a", "f515ddedac2d22db20265173cf39be8f486ce7fc2982c85b1b2e8d0bdf31823e", "faec5be0de3f61425f674be3fb0a1f46e6a03ade19bffd26959912b6407d9aae"], "host": "jimnouitvsah[.]in"}, {"hashes": ["027eb50a323c9a64411fa32ed72eb0a9cbefb7f0a7a7c91072c5167768543bee", "0d407e709625354e5061de9ae8d8f7d3a6de00335d2d2958e8810c7ebc298231", "17cf7375748d5b3279643a920833f0802362698e3a3f86ecdd4c647f6becd962", "29486237a4a0ae9fbaa7818ab21976338fd8e60b8cccdf5a6ed5e2a9361a2a2c", "4aa98e131fe70965a8d8ab4ad09d496b69df33ce002c118836b05b568f34de62", "5be2fc4c8d59abddd487be30063798bd4c5f13a9a5053b79faf585c60625be80", "5bec3cc7247f29d33baf13e50235787440c23f7a85a8ea39742a304b6f6e42e2", "69a26a27120e7a19d7a2de970cf2f03708748808e31fcc58165efe42f0cb6cb1", "6a952db179e898736f289a945027169d7f37aefe6301ed68820fc502e4b2acbc", "70c77ba9ffd9be299a806dd76e48ee2b07282c2d289b22e3d93c36228d50a85a", "82b42e4fe14922995be5e3c428c6472d2ce8195cb299f80804f86da0cca32e4f", "917d92b3abe443d5a30d8580c8a3f05ead1310dab993507c93f5b6f562283b5e", "96755cfa43314ea56aca17a7d626f2275244e508d79465a3955484dd14f23634", "9865853b7b72f281ce7d42970db23926395cfe246eaff9839fcde8c542497ecf", "ae181cf422359fd0f829ea1e7421557a47fbe7c2ce2b0e1c2cc5b7313914470b", "e0b2a87a77ad32ded7b8ca5f2ae3c7195bded9e525f4feb91f8e0c1b5bfa5522", "e1bd68b699bd216423adebd9df3f586cceca8f90407a633f68a21f05068ffb7c", "e236c9c2873df64284a4eae81c94a4f7de632c31236352f1e2fae4ca4a3d3fd7", "e73bfb970fbfbe2ee525a381fe297353db86e28a646eb49ed5eda67e422495a6", "eb61100dd1555b46a0ffa05035231ff61c85292c327659f9a2c86db715c10d2a", "f515ddedac2d22db20265173cf39be8f486ce7fc2982c85b1b2e8d0bdf31823e", "faec5be0de3f61425f674be3fb0a1f46e6a03ade19bffd26959912b6407d9aae"], "host": "nkguoc[.]pw"}, {"hashes": ["027eb50a323c9a64411fa32ed72eb0a9cbefb7f0a7a7c91072c5167768543bee", "0d407e709625354e5061de9ae8d8f7d3a6de00335d2d2958e8810c7ebc298231", "17cf7375748d5b3279643a920833f0802362698e3a3f86ecdd4c647f6becd962", "29486237a4a0ae9fbaa7818ab21976338fd8e60b8cccdf5a6ed5e2a9361a2a2c", "4aa98e131fe70965a8d8ab4ad09d496b69df33ce002c118836b05b568f34de62", "5be2fc4c8d59abddd487be30063798bd4c5f13a9a5053b79faf585c60625be80", "5bec3cc7247f29d33baf13e50235787440c23f7a85a8ea39742a304b6f6e42e2", "69a26a27120e7a19d7a2de970cf2f03708748808e31fcc58165efe42f0cb6cb1", "6a952db179e898736f289a945027169d7f37aefe6301ed68820fc502e4b2acbc", "70c77ba9ffd9be299a806dd76e48ee2b07282c2d289b22e3d93c36228d50a85a", "82b42e4fe14922995be5e3c428c6472d2ce8195cb299f80804f86da0cca32e4f", "917d92b3abe443d5a30d8580c8a3f05ead1310dab993507c93f5b6f562283b5e", "96755cfa43314ea56aca17a7d626f2275244e508d79465a3955484dd14f23634", "9865853b7b72f281ce7d42970db23926395cfe246eaff9839fcde8c542497ecf", "ae181cf422359fd0f829ea1e7421557a47fbe7c2ce2b0e1c2cc5b7313914470b", "e0b2a87a77ad32ded7b8ca5f2ae3c7195bded9e525f4feb91f8e0c1b5bfa5522", "e1bd68b699bd216423adebd9df3f586cceca8f90407a633f68a21f05068ffb7c", "e236c9c2873df64284a4eae81c94a4f7de632c31236352f1e2fae4ca4a3d3fd7", "e73bfb970fbfbe2ee525a381fe297353db86e28a646eb49ed5eda67e422495a6", "eb61100dd1555b46a0ffa05035231ff61c85292c327659f9a2c86db715c10d2a", "f515ddedac2d22db20265173cf39be8f486ce7fc2982c85b1b2e8d0bdf31823e", "faec5be0de3f61425f674be3fb0a1f46e6a03ade19bffd26959912b6407d9aae"], "host": "onjytulzjho[.]net"}, {"hashes": ["027eb50a323c9a64411fa32ed72eb0a9cbefb7f0a7a7c91072c5167768543bee", "0d407e709625354e5061de9ae8d8f7d3a6de00335d2d2958e8810c7ebc298231", "17cf7375748d5b3279643a920833f0802362698e3a3f86ecdd4c647f6becd962", "29486237a4a0ae9fbaa7818ab21976338fd8e60b8cccdf5a6ed5e2a9361a2a2c", "4aa98e131fe70965a8d8ab4ad09d496b69df33ce002c118836b05b568f34de62", "5be2fc4c8d59abddd487be30063798bd4c5f13a9a5053b79faf585c60625be80", "5bec3cc7247f29d33baf13e50235787440c23f7a85a8ea39742a304b6f6e42e2", "69a26a27120e7a19d7a2de970cf2f03708748808e31fcc58165efe42f0cb6cb1", "6a952db179e898736f289a945027169d7f37aefe6301ed68820fc502e4b2acbc", "70c77ba9ffd9be299a806dd76e48ee2b07282c2d289b22e3d93c36228d50a85a", "82b42e4fe14922995be5e3c428c6472d2ce8195cb299f80804f86da0cca32e4f", "917d92b3abe443d5a30d8580c8a3f05ead1310dab993507c93f5b6f562283b5e", "96755cfa43314ea56aca17a7d626f2275244e508d79465a3955484dd14f23634", "9865853b7b72f281ce7d42970db23926395cfe246eaff9839fcde8c542497ecf", "ae181cf422359fd0f829ea1e7421557a47fbe7c2ce2b0e1c2cc5b7313914470b", "e0b2a87a77ad32ded7b8ca5f2ae3c7195bded9e525f4feb91f8e0c1b5bfa5522", "e1bd68b699bd216423adebd9df3f586cceca8f90407a633f68a21f05068ffb7c", "e236c9c2873df64284a4eae81c94a4f7de632c31236352f1e2fae4ca4a3d3fd7", "e73bfb970fbfbe2ee525a381fe297353db86e28a646eb49ed5eda67e422495a6", "eb61100dd1555b46a0ffa05035231ff61c85292c327659f9a2c86db715c10d2a", "f515ddedac2d22db20265173cf39be8f486ce7fc2982c85b1b2e8d0bdf31823e", "faec5be0de3f61425f674be3fb0a1f46e6a03ade19bffd26959912b6407d9aae"], "host": "qfdhb[.]com"}, {"hashes": ["027eb50a323c9a64411fa32ed72eb0a9cbefb7f0a7a7c91072c5167768543bee", "0d407e709625354e5061de9ae8d8f7d3a6de00335d2d2958e8810c7ebc298231", "17cf7375748d5b3279643a920833f0802362698e3a3f86ecdd4c647f6becd962", "29486237a4a0ae9fbaa7818ab21976338fd8e60b8cccdf5a6ed5e2a9361a2a2c", "4aa98e131fe70965a8d8ab4ad09d496b69df33ce002c118836b05b568f34de62", "5be2fc4c8d59abddd487be30063798bd4c5f13a9a5053b79faf585c60625be80", "5bec3cc7247f29d33baf13e50235787440c23f7a85a8ea39742a304b6f6e42e2", "69a26a27120e7a19d7a2de970cf2f03708748808e31fcc58165efe42f0cb6cb1", "6a952db179e898736f289a945027169d7f37aefe6301ed68820fc502e4b2acbc", "70c77ba9ffd9be299a806dd76e48ee2b07282c2d289b22e3d93c36228d50a85a", "82b42e4fe14922995be5e3c428c6472d2ce8195cb299f80804f86da0cca32e4f", "917d92b3abe443d5a30d8580c8a3f05ead1310dab993507c93f5b6f562283b5e", "96755cfa43314ea56aca17a7d626f2275244e508d79465a3955484dd14f23634", "9865853b7b72f281ce7d42970db23926395cfe246eaff9839fcde8c542497ecf", "ae181cf422359fd0f829ea1e7421557a47fbe7c2ce2b0e1c2cc5b7313914470b", "e0b2a87a77ad32ded7b8ca5f2ae3c7195bded9e525f4feb91f8e0c1b5bfa5522", "e1bd68b699bd216423adebd9df3f586cceca8f90407a633f68a21f05068ffb7c", "e236c9c2873df64284a4eae81c94a4f7de632c31236352f1e2fae4ca4a3d3fd7", "e73bfb970fbfbe2ee525a381fe297353db86e28a646eb49ed5eda67e422495a6", "eb61100dd1555b46a0ffa05035231ff61c85292c327659f9a2c86db715c10d2a", "f515ddedac2d22db20265173cf39be8f486ce7fc2982c85b1b2e8d0bdf31823e", "faec5be0de3f61425f674be3fb0a1f46e6a03ade19bffd26959912b6407d9aae"], "host": "qkolgzehfwc[.]com"}, {"hashes": ["027eb50a323c9a64411fa32ed72eb0a9cbefb7f0a7a7c91072c5167768543bee", "0d407e709625354e5061de9ae8d8f7d3a6de00335d2d2958e8810c7ebc298231", "17cf7375748d5b3279643a920833f0802362698e3a3f86ecdd4c647f6becd962", "29486237a4a0ae9fbaa7818ab21976338fd8e60b8cccdf5a6ed5e2a9361a2a2c", "4aa98e131fe70965a8d8ab4ad09d496b69df33ce002c118836b05b568f34de62", "5be2fc4c8d59abddd487be30063798bd4c5f13a9a5053b79faf585c60625be80", "5bec3cc7247f29d33baf13e50235787440c23f7a85a8ea39742a304b6f6e42e2", "69a26a27120e7a19d7a2de970cf2f03708748808e31fcc58165efe42f0cb6cb1", "6a952db179e898736f289a945027169d7f37aefe6301ed68820fc502e4b2acbc", "70c77ba9ffd9be299a806dd76e48ee2b07282c2d289b22e3d93c36228d50a85a", "82b42e4fe14922995be5e3c428c6472d2ce8195cb299f80804f86da0cca32e4f", "917d92b3abe443d5a30d8580c8a3f05ead1310dab993507c93f5b6f562283b5e", "96755cfa43314ea56aca17a7d626f2275244e508d79465a3955484dd14f23634", "9865853b7b72f281ce7d42970db23926395cfe246eaff9839fcde8c542497ecf", "ae181cf422359fd0f829ea1e7421557a47fbe7c2ce2b0e1c2cc5b7313914470b", "e0b2a87a77ad32ded7b8ca5f2ae3c7195bded9e525f4feb91f8e0c1b5bfa5522", "e1bd68b699bd216423adebd9df3f586cceca8f90407a633f68a21f05068ffb7c", "e236c9c2873df64284a4eae81c94a4f7de632c31236352f1e2fae4ca4a3d3fd7", "e73bfb970fbfbe2ee525a381fe297353db86e28a646eb49ed5eda67e422495a6", "eb61100dd1555b46a0ffa05035231ff61c85292c327659f9a2c86db715c10d2a", "f515ddedac2d22db20265173cf39be8f486ce7fc2982c85b1b2e8d0bdf31823e", "faec5be0de3f61425f674be3fb0a1f46e6a03ade19bffd26959912b6407d9aae"], "host": "swhuuebusn[.]pw"}, {"hashes": ["027eb50a323c9a64411fa32ed72eb0a9cbefb7f0a7a7c91072c5167768543bee", "0d407e709625354e5061de9ae8d8f7d3a6de00335d2d2958e8810c7ebc298231", "17cf7375748d5b3279643a920833f0802362698e3a3f86ecdd4c647f6becd962", "29486237a4a0ae9fbaa7818ab21976338fd8e60b8cccdf5a6ed5e2a9361a2a2c", "4aa98e131fe70965a8d8ab4ad09d496b69df33ce002c118836b05b568f34de62", "5be2fc4c8d59abddd487be30063798bd4c5f13a9a5053b79faf585c60625be80", "5bec3cc7247f29d33baf13e50235787440c23f7a85a8ea39742a304b6f6e42e2", "69a26a27120e7a19d7a2de970cf2f03708748808e31fcc58165efe42f0cb6cb1", "6a952db179e898736f289a945027169d7f37aefe6301ed68820fc502e4b2acbc", "70c77ba9ffd9be299a806dd76e48ee2b07282c2d289b22e3d93c36228d50a85a", "82b42e4fe14922995be5e3c428c6472d2ce8195cb299f80804f86da0cca32e4f", "917d92b3abe443d5a30d8580c8a3f05ead1310dab993507c93f5b6f562283b5e", "96755cfa43314ea56aca17a7d626f2275244e508d79465a3955484dd14f23634", "9865853b7b72f281ce7d42970db23926395cfe246eaff9839fcde8c542497ecf", "ae181cf422359fd0f829ea1e7421557a47fbe7c2ce2b0e1c2cc5b7313914470b", "e0b2a87a77ad32ded7b8ca5f2ae3c7195bded9e525f4feb91f8e0c1b5bfa5522", "e1bd68b699bd216423adebd9df3f586cceca8f90407a633f68a21f05068ffb7c", "e236c9c2873df64284a4eae81c94a4f7de632c31236352f1e2fae4ca4a3d3fd7", "e73bfb970fbfbe2ee525a381fe297353db86e28a646eb49ed5eda67e422495a6", "eb61100dd1555b46a0ffa05035231ff61c85292c327659f9a2c86db715c10d2a", "f515ddedac2d22db20265173cf39be8f486ce7fc2982c85b1b2e8d0bdf31823e", "faec5be0de3f61425f674be3fb0a1f46e6a03ade19bffd26959912b6407d9aae"], "host": "tqlwoqyjxwhx[.]in"}, {"hashes": ["027eb50a323c9a64411fa32ed72eb0a9cbefb7f0a7a7c91072c5167768543bee", "0d407e709625354e5061de9ae8d8f7d3a6de00335d2d2958e8810c7ebc298231", "17cf7375748d5b3279643a920833f0802362698e3a3f86ecdd4c647f6becd962", "29486237a4a0ae9fbaa7818ab21976338fd8e60b8cccdf5a6ed5e2a9361a2a2c", "4aa98e131fe70965a8d8ab4ad09d496b69df33ce002c118836b05b568f34de62", "5be2fc4c8d59abddd487be30063798bd4c5f13a9a5053b79faf585c60625be80", "5bec3cc7247f29d33baf13e50235787440c23f7a85a8ea39742a304b6f6e42e2", "69a26a27120e7a19d7a2de970cf2f03708748808e31fcc58165efe42f0cb6cb1", "6a952db179e898736f289a945027169d7f37aefe6301ed68820fc502e4b2acbc", "70c77ba9ffd9be299a806dd76e48ee2b07282c2d289b22e3d93c36228d50a85a", "82b42e4fe14922995be5e3c428c6472d2ce8195cb299f80804f86da0cca32e4f", "917d92b3abe443d5a30d8580c8a3f05ead1310dab993507c93f5b6f562283b5e", "96755cfa43314ea56aca17a7d626f2275244e508d79465a3955484dd14f23634", "9865853b7b72f281ce7d42970db23926395cfe246eaff9839fcde8c542497ecf", "ae181cf422359fd0f829ea1e7421557a47fbe7c2ce2b0e1c2cc5b7313914470b", "e0b2a87a77ad32ded7b8ca5f2ae3c7195bded9e525f4feb91f8e0c1b5bfa5522", "e1bd68b699bd216423adebd9df3f586cceca8f90407a633f68a21f05068ffb7c", "e236c9c2873df64284a4eae81c94a4f7de632c31236352f1e2fae4ca4a3d3fd7", "e73bfb970fbfbe2ee525a381fe297353db86e28a646eb49ed5eda67e422495a6", "eb61100dd1555b46a0ffa05035231ff61c85292c327659f9a2c86db715c10d2a", "f515ddedac2d22db20265173cf39be8f486ce7fc2982c85b1b2e8d0bdf31823e", "faec5be0de3f61425f674be3fb0a1f46e6a03ade19bffd26959912b6407d9aae"], "host": "usqkmt[.]net"}, {"hashes": ["027eb50a323c9a64411fa32ed72eb0a9cbefb7f0a7a7c91072c5167768543bee", "0d407e709625354e5061de9ae8d8f7d3a6de00335d2d2958e8810c7ebc298231", "17cf7375748d5b3279643a920833f0802362698e3a3f86ecdd4c647f6becd962", "29486237a4a0ae9fbaa7818ab21976338fd8e60b8cccdf5a6ed5e2a9361a2a2c", "4aa98e131fe70965a8d8ab4ad09d496b69df33ce002c118836b05b568f34de62", "5be2fc4c8d59abddd487be30063798bd4c5f13a9a5053b79faf585c60625be80", "5bec3cc7247f29d33baf13e50235787440c23f7a85a8ea39742a304b6f6e42e2", "69a26a27120e7a19d7a2de970cf2f03708748808e31fcc58165efe42f0cb6cb1", "6a952db179e898736f289a945027169d7f37aefe6301ed68820fc502e4b2acbc", "70c77ba9ffd9be299a806dd76e48ee2b07282c2d289b22e3d93c36228d50a85a", "82b42e4fe14922995be5e3c428c6472d2ce8195cb299f80804f86da0cca32e4f", "917d92b3abe443d5a30d8580c8a3f05ead1310dab993507c93f5b6f562283b5e", "96755cfa43314ea56aca17a7d626f2275244e508d79465a3955484dd14f23634", "9865853b7b72f281ce7d42970db23926395cfe246eaff9839fcde8c542497ecf", "ae181cf422359fd0f829ea1e7421557a47fbe7c2ce2b0e1c2cc5b7313914470b", "e0b2a87a77ad32ded7b8ca5f2ae3c7195bded9e525f4feb91f8e0c1b5bfa5522", "e1bd68b699bd216423adebd9df3f586cceca8f90407a633f68a21f05068ffb7c", "e236c9c2873df64284a4eae81c94a4f7de632c31236352f1e2fae4ca4a3d3fd7", "e73bfb970fbfbe2ee525a381fe297353db86e28a646eb49ed5eda67e422495a6", "eb61100dd1555b46a0ffa05035231ff61c85292c327659f9a2c86db715c10d2a", "f515ddedac2d22db20265173cf39be8f486ce7fc2982c85b1b2e8d0bdf31823e", "faec5be0de3f61425f674be3fb0a1f46e6a03ade19bffd26959912b6407d9aae"], "host": "vqncbn[.]in"}, {"hashes": ["027eb50a323c9a64411fa32ed72eb0a9cbefb7f0a7a7c91072c5167768543bee", "0d407e709625354e5061de9ae8d8f7d3a6de00335d2d2958e8810c7ebc298231", "17cf7375748d5b3279643a920833f0802362698e3a3f86ecdd4c647f6becd962", "29486237a4a0ae9fbaa7818ab21976338fd8e60b8cccdf5a6ed5e2a9361a2a2c", "4aa98e131fe70965a8d8ab4ad09d496b69df33ce002c118836b05b568f34de62", "5be2fc4c8d59abddd487be30063798bd4c5f13a9a5053b79faf585c60625be80", "5bec3cc7247f29d33baf13e50235787440c23f7a85a8ea39742a304b6f6e42e2", "69a26a27120e7a19d7a2de970cf2f03708748808e31fcc58165efe42f0cb6cb1", "6a952db179e898736f289a945027169d7f37aefe6301ed68820fc502e4b2acbc", "70c77ba9ffd9be299a806dd76e48ee2b07282c2d289b22e3d93c36228d50a85a", "82b42e4fe14922995be5e3c428c6472d2ce8195cb299f80804f86da0cca32e4f", "917d92b3abe443d5a30d8580c8a3f05ead1310dab993507c93f5b6f562283b5e", "96755cfa43314ea56aca17a7d626f2275244e508d79465a3955484dd14f23634", "9865853b7b72f281ce7d42970db23926395cfe246eaff9839fcde8c542497ecf", "ae181cf422359fd0f829ea1e7421557a47fbe7c2ce2b0e1c2cc5b7313914470b", "e0b2a87a77ad32ded7b8ca5f2ae3c7195bded9e525f4feb91f8e0c1b5bfa5522", "e1bd68b699bd216423adebd9df3f586cceca8f90407a633f68a21f05068ffb7c", "e236c9c2873df64284a4eae81c94a4f7de632c31236352f1e2fae4ca4a3d3fd7", "e73bfb970fbfbe2ee525a381fe297353db86e28a646eb49ed5eda67e422495a6", "eb61100dd1555b46a0ffa05035231ff61c85292c327659f9a2c86db715c10d2a", "f515ddedac2d22db20265173cf39be8f486ce7fc2982c85b1b2e8d0bdf31823e", "faec5be0de3f61425f674be3fb0a1f46e6a03ade19bffd26959912b6407d9aae"], "host": "xnqtr[.]com"}, {"hashes": ["027eb50a323c9a64411fa32ed72eb0a9cbefb7f0a7a7c91072c5167768543bee", "0d407e709625354e5061de9ae8d8f7d3a6de00335d2d2958e8810c7ebc298231", "17cf7375748d5b3279643a920833f0802362698e3a3f86ecdd4c647f6becd962", "29486237a4a0ae9fbaa7818ab21976338fd8e60b8cccdf5a6ed5e2a9361a2a2c", "4aa98e131fe70965a8d8ab4ad09d496b69df33ce002c118836b05b568f34de62", "5be2fc4c8d59abddd487be30063798bd4c5f13a9a5053b79faf585c60625be80", "5bec3cc7247f29d33baf13e50235787440c23f7a85a8ea39742a304b6f6e42e2", "69a26a27120e7a19d7a2de970cf2f03708748808e31fcc58165efe42f0cb6cb1", "6a952db179e898736f289a945027169d7f37aefe6301ed68820fc502e4b2acbc", "70c77ba9ffd9be299a806dd76e48ee2b07282c2d289b22e3d93c36228d50a85a", "82b42e4fe14922995be5e3c428c6472d2ce8195cb299f80804f86da0cca32e4f", "917d92b3abe443d5a30d8580c8a3f05ead1310dab993507c93f5b6f562283b5e", "96755cfa43314ea56aca17a7d626f2275244e508d79465a3955484dd14f23634", "9865853b7b72f281ce7d42970db23926395cfe246eaff9839fcde8c542497ecf", "ae181cf422359fd0f829ea1e7421557a47fbe7c2ce2b0e1c2cc5b7313914470b", "e0b2a87a77ad32ded7b8ca5f2ae3c7195bded9e525f4feb91f8e0c1b5bfa5522", "e1bd68b699bd216423adebd9df3f586cceca8f90407a633f68a21f05068ffb7c", "e236c9c2873df64284a4eae81c94a4f7de632c31236352f1e2fae4ca4a3d3fd7", "e73bfb970fbfbe2ee525a381fe297353db86e28a646eb49ed5eda67e422495a6", "eb61100dd1555b46a0ffa05035231ff61c85292c327659f9a2c86db715c10d2a", "f515ddedac2d22db20265173cf39be8f486ce7fc2982c85b1b2e8d0bdf31823e", "faec5be0de3f61425f674be3fb0a1f46e6a03ade19bffd26959912b6407d9aae"], "host": "ykdkhdytpcs[.]net"}, {"hashes": ["e34b945244705711e8db253bc49969b00426dd61408bd0d48c6527e23249b7c8"], "host": "aiudzabvzp[.]in"}, {"hashes": ["e34b945244705711e8db253bc49969b00426dd61408bd0d48c6527e23249b7c8"], "host": "bkyktgi[.]in"}, {"hashes": ["e34b945244705711e8db253bc49969b00426dd61408bd0d48c6527e23249b7c8"], "host": "ccaqofkyvpz[.]net"}, {"hashes": ["e34b945244705711e8db253bc49969b00426dd61408bd0d48c6527e23249b7c8"], "host": "eciimwrswhwq[.]pw"}, {"hashes": ["e34b945244705711e8db253bc49969b00426dd61408bd0d48c6527e23249b7c8"], "host": "ecuhmpuhdoff[.]net"}, {"hashes": ["e34b945244705711e8db253bc49969b00426dd61408bd0d48c6527e23249b7c8"], "host": "emvqxhipzz[.]net"}, {"hashes": ["e34b945244705711e8db253bc49969b00426dd61408bd0d48c6527e23249b7c8"], "host": "ljcafafzcz[.]net"}, {"hashes": ["e34b945244705711e8db253bc49969b00426dd61408bd0d48c6527e23249b7c8"], "host": "mlgpku[.]pw"}, {"hashes": ["e34b945244705711e8db253bc49969b00426dd61408bd0d48c6527e23249b7c8"], "host": "puyqxgjc[.]net"}, {"hashes": ["e34b945244705711e8db253bc49969b00426dd61408bd0d48c6527e23249b7c8"], "host": "pwnsxc[.]pw"}, {"hashes": ["e34b945244705711e8db253bc49969b00426dd61408bd0d48c6527e23249b7c8"], "host": "suymdvx[.]com"}, {"hashes": ["e34b945244705711e8db253bc49969b00426dd61408bd0d48c6527e23249b7c8"], "host": "ugjfdyre[.]net"}, {"hashes": ["e34b945244705711e8db253bc49969b00426dd61408bd0d48c6527e23249b7c8"], "host": "uihwgaaks[.]com"}, {"hashes": ["e34b945244705711e8db253bc49969b00426dd61408bd0d48c6527e23249b7c8"], "host": "yifeyxxq[.]net"}, {"hashes": ["e34b945244705711e8db253bc49969b00426dd61408bd0d48c6527e23249b7c8"], "host": "ynprmsb[.]pw"}], "file": [{"hashes": ["027eb50a323c9a64411fa32ed72eb0a9cbefb7f0a7a7c91072c5167768543bee", "0d407e709625354e5061de9ae8d8f7d3a6de00335d2d2958e8810c7ebc298231", "17cf7375748d5b3279643a920833f0802362698e3a3f86ecdd4c647f6becd962", "29486237a4a0ae9fbaa7818ab21976338fd8e60b8cccdf5a6ed5e2a9361a2a2c", "4aa98e131fe70965a8d8ab4ad09d496b69df33ce002c118836b05b568f34de62", "5be2fc4c8d59abddd487be30063798bd4c5f13a9a5053b79faf585c60625be80", "5bec3cc7247f29d33baf13e50235787440c23f7a85a8ea39742a304b6f6e42e2", "69a26a27120e7a19d7a2de970cf2f03708748808e31fcc58165efe42f0cb6cb1", "6a952db179e898736f289a945027169d7f37aefe6301ed68820fc502e4b2acbc", "70c77ba9ffd9be299a806dd76e48ee2b07282c2d289b22e3d93c36228d50a85a", "82b42e4fe14922995be5e3c428c6472d2ce8195cb299f80804f86da0cca32e4f", "917d92b3abe443d5a30d8580c8a3f05ead1310dab993507c93f5b6f562283b5e", "96755cfa43314ea56aca17a7d626f2275244e508d79465a3955484dd14f23634", "9865853b7b72f281ce7d42970db23926395cfe246eaff9839fcde8c542497ecf", "ae181cf422359fd0f829ea1e7421557a47fbe7c2ce2b0e1c2cc5b7313914470b", "e0b2a87a77ad32ded7b8ca5f2ae3c7195bded9e525f4feb91f8e0c1b5bfa5522", "e1bd68b699bd216423adebd9df3f586cceca8f90407a633f68a21f05068ffb7c", "e236c9c2873df64284a4eae81c94a4f7de632c31236352f1e2fae4ca4a3d3fd7", "e34b945244705711e8db253bc49969b00426dd61408bd0d48c6527e23249b7c8", "e73bfb970fbfbe2ee525a381fe297353db86e28a646eb49ed5eda67e422495a6", "eb61100dd1555b46a0ffa05035231ff61c85292c327659f9a2c86db715c10d2a", "f515ddedac2d22db20265173cf39be8f486ce7fc2982c85b1b2e8d0bdf31823e", "faec5be0de3f61425f674be3fb0a1f46e6a03ade19bffd26959912b6407d9aae"], "path": "%ProgramData%\\ph"}, {"hashes": ["027eb50a323c9a64411fa32ed72eb0a9cbefb7f0a7a7c91072c5167768543bee", "0d407e709625354e5061de9ae8d8f7d3a6de00335d2d2958e8810c7ebc298231", "17cf7375748d5b3279643a920833f0802362698e3a3f86ecdd4c647f6becd962", "29486237a4a0ae9fbaa7818ab21976338fd8e60b8cccdf5a6ed5e2a9361a2a2c", "4aa98e131fe70965a8d8ab4ad09d496b69df33ce002c118836b05b568f34de62", "5be2fc4c8d59abddd487be30063798bd4c5f13a9a5053b79faf585c60625be80", "5bec3cc7247f29d33baf13e50235787440c23f7a85a8ea39742a304b6f6e42e2", "69a26a27120e7a19d7a2de970cf2f03708748808e31fcc58165efe42f0cb6cb1", "6a952db179e898736f289a945027169d7f37aefe6301ed68820fc502e4b2acbc", "70c77ba9ffd9be299a806dd76e48ee2b07282c2d289b22e3d93c36228d50a85a", "82b42e4fe14922995be5e3c428c6472d2ce8195cb299f80804f86da0cca32e4f", "917d92b3abe443d5a30d8580c8a3f05ead1310dab993507c93f5b6f562283b5e", "96755cfa43314ea56aca17a7d626f2275244e508d79465a3955484dd14f23634", "9865853b7b72f281ce7d42970db23926395cfe246eaff9839fcde8c542497ecf", "ae181cf422359fd0f829ea1e7421557a47fbe7c2ce2b0e1c2cc5b7313914470b", "e0b2a87a77ad32ded7b8ca5f2ae3c7195bded9e525f4feb91f8e0c1b5bfa5522", "e1bd68b699bd216423adebd9df3f586cceca8f90407a633f68a21f05068ffb7c", "e236c9c2873df64284a4eae81c94a4f7de632c31236352f1e2fae4ca4a3d3fd7", "e34b945244705711e8db253bc49969b00426dd61408bd0d48c6527e23249b7c8", "e73bfb970fbfbe2ee525a381fe297353db86e28a646eb49ed5eda67e422495a6", "eb61100dd1555b46a0ffa05035231ff61c85292c327659f9a2c86db715c10d2a", "f515ddedac2d22db20265173cf39be8f486ce7fc2982c85b1b2e8d0bdf31823e", "faec5be0de3f61425f674be3fb0a1f46e6a03ade19bffd26959912b6407d9aae"], "path": "%ProgramData%\\ph\\fktiipx.ftf"}, {"hashes": ["027eb50a323c9a64411fa32ed72eb0a9cbefb7f0a7a7c91072c5167768543bee", "0d407e709625354e5061de9ae8d8f7d3a6de00335d2d2958e8810c7ebc298231", "17cf7375748d5b3279643a920833f0802362698e3a3f86ecdd4c647f6becd962", "29486237a4a0ae9fbaa7818ab21976338fd8e60b8cccdf5a6ed5e2a9361a2a2c", "4aa98e131fe70965a8d8ab4ad09d496b69df33ce002c118836b05b568f34de62", "5be2fc4c8d59abddd487be30063798bd4c5f13a9a5053b79faf585c60625be80", "5bec3cc7247f29d33baf13e50235787440c23f7a85a8ea39742a304b6f6e42e2", "69a26a27120e7a19d7a2de970cf2f03708748808e31fcc58165efe42f0cb6cb1", "6a952db179e898736f289a945027169d7f37aefe6301ed68820fc502e4b2acbc", "70c77ba9ffd9be299a806dd76e48ee2b07282c2d289b22e3d93c36228d50a85a", "82b42e4fe14922995be5e3c428c6472d2ce8195cb299f80804f86da0cca32e4f", "917d92b3abe443d5a30d8580c8a3f05ead1310dab993507c93f5b6f562283b5e", "96755cfa43314ea56aca17a7d626f2275244e508d79465a3955484dd14f23634", "9865853b7b72f281ce7d42970db23926395cfe246eaff9839fcde8c542497ecf", "ae181cf422359fd0f829ea1e7421557a47fbe7c2ce2b0e1c2cc5b7313914470b", "e0b2a87a77ad32ded7b8ca5f2ae3c7195bded9e525f4feb91f8e0c1b5bfa5522", "e1bd68b699bd216423adebd9df3f586cceca8f90407a633f68a21f05068ffb7c", "e236c9c2873df64284a4eae81c94a4f7de632c31236352f1e2fae4ca4a3d3fd7", "e34b945244705711e8db253bc49969b00426dd61408bd0d48c6527e23249b7c8", "e73bfb970fbfbe2ee525a381fe297353db86e28a646eb49ed5eda67e422495a6", "eb61100dd1555b46a0ffa05035231ff61c85292c327659f9a2c86db715c10d2a", "f515ddedac2d22db20265173cf39be8f486ce7fc2982c85b1b2e8d0bdf31823e", "faec5be0de3f61425f674be3fb0a1f46e6a03ade19bffd26959912b6407d9aae"], "path": "%TEMP%\\gocf.ksv"}, {"hashes": ["027eb50a323c9a64411fa32ed72eb0a9cbefb7f0a7a7c91072c5167768543bee", "0d407e709625354e5061de9ae8d8f7d3a6de00335d2d2958e8810c7ebc298231", "17cf7375748d5b3279643a920833f0802362698e3a3f86ecdd4c647f6becd962", "29486237a4a0ae9fbaa7818ab21976338fd8e60b8cccdf5a6ed5e2a9361a2a2c", "4aa98e131fe70965a8d8ab4ad09d496b69df33ce002c118836b05b568f34de62", "5be2fc4c8d59abddd487be30063798bd4c5f13a9a5053b79faf585c60625be80", "5bec3cc7247f29d33baf13e50235787440c23f7a85a8ea39742a304b6f6e42e2", "69a26a27120e7a19d7a2de970cf2f03708748808e31fcc58165efe42f0cb6cb1", "6a952db179e898736f289a945027169d7f37aefe6301ed68820fc502e4b2acbc", "70c77ba9ffd9be299a806dd76e48ee2b07282c2d289b22e3d93c36228d50a85a", "82b42e4fe14922995be5e3c428c6472d2ce8195cb299f80804f86da0cca32e4f", "917d92b3abe443d5a30d8580c8a3f05ead1310dab993507c93f5b6f562283b5e", "96755cfa43314ea56aca17a7d626f2275244e508d79465a3955484dd14f23634", "9865853b7b72f281ce7d42970db23926395cfe246eaff9839fcde8c542497ecf", "ae181cf422359fd0f829ea1e7421557a47fbe7c2ce2b0e1c2cc5b7313914470b", "e0b2a87a77ad32ded7b8ca5f2ae3c7195bded9e525f4feb91f8e0c1b5bfa5522", "e1bd68b699bd216423adebd9df3f586cceca8f90407a633f68a21f05068ffb7c", "e236c9c2873df64284a4eae81c94a4f7de632c31236352f1e2fae4ca4a3d3fd7", "e34b945244705711e8db253bc49969b00426dd61408bd0d48c6527e23249b7c8", "e73bfb970fbfbe2ee525a381fe297353db86e28a646eb49ed5eda67e422495a6", "eb61100dd1555b46a0ffa05035231ff61c85292c327659f9a2c86db715c10d2a", "f515ddedac2d22db20265173cf39be8f486ce7fc2982c85b1b2e8d0bdf31823e", "faec5be0de3f61425f674be3fb0a1f46e6a03ade19bffd26959912b6407d9aae"], "path": "%ProgramData%\\jzk\\icolry.ylg"}, {"hashes": ["027eb50a323c9a64411fa32ed72eb0a9cbefb7f0a7a7c91072c5167768543bee", "0d407e709625354e5061de9ae8d8f7d3a6de00335d2d2958e8810c7ebc298231", "17cf7375748d5b3279643a920833f0802362698e3a3f86ecdd4c647f6becd962", "29486237a4a0ae9fbaa7818ab21976338fd8e60b8cccdf5a6ed5e2a9361a2a2c", "4aa98e131fe70965a8d8ab4ad09d496b69df33ce002c118836b05b568f34de62", "5be2fc4c8d59abddd487be30063798bd4c5f13a9a5053b79faf585c60625be80", "5bec3cc7247f29d33baf13e50235787440c23f7a85a8ea39742a304b6f6e42e2", "69a26a27120e7a19d7a2de970cf2f03708748808e31fcc58165efe42f0cb6cb1", "6a952db179e898736f289a945027169d7f37aefe6301ed68820fc502e4b2acbc", "70c77ba9ffd9be299a806dd76e48ee2b07282c2d289b22e3d93c36228d50a85a", "82b42e4fe14922995be5e3c428c6472d2ce8195cb299f80804f86da0cca32e4f", "917d92b3abe443d5a30d8580c8a3f05ead1310dab993507c93f5b6f562283b5e", "96755cfa43314ea56aca17a7d626f2275244e508d79465a3955484dd14f23634", "9865853b7b72f281ce7d42970db23926395cfe246eaff9839fcde8c542497ecf", "ae181cf422359fd0f829ea1e7421557a47fbe7c2ce2b0e1c2cc5b7313914470b", "e0b2a87a77ad32ded7b8ca5f2ae3c7195bded9e525f4feb91f8e0c1b5bfa5522", "e1bd68b699bd216423adebd9df3f586cceca8f90407a633f68a21f05068ffb7c", "e236c9c2873df64284a4eae81c94a4f7de632c31236352f1e2fae4ca4a3d3fd7", "e34b945244705711e8db253bc49969b00426dd61408bd0d48c6527e23249b7c8", "e73bfb970fbfbe2ee525a381fe297353db86e28a646eb49ed5eda67e422495a6", "eb61100dd1555b46a0ffa05035231ff61c85292c327659f9a2c86db715c10d2a", "f515ddedac2d22db20265173cf39be8f486ce7fc2982c85b1b2e8d0bdf31823e", "faec5be0de3f61425f674be3fb0a1f46e6a03ade19bffd26959912b6407d9aae"], "path": "%TEMP%\\qnvgtx.eww"}, {"hashes": ["027eb50a323c9a64411fa32ed72eb0a9cbefb7f0a7a7c91072c5167768543bee", "0d407e709625354e5061de9ae8d8f7d3a6de00335d2d2958e8810c7ebc298231", "17cf7375748d5b3279643a920833f0802362698e3a3f86ecdd4c647f6becd962", "29486237a4a0ae9fbaa7818ab21976338fd8e60b8cccdf5a6ed5e2a9361a2a2c", "4aa98e131fe70965a8d8ab4ad09d496b69df33ce002c118836b05b568f34de62", "5be2fc4c8d59abddd487be30063798bd4c5f13a9a5053b79faf585c60625be80", "5bec3cc7247f29d33baf13e50235787440c23f7a85a8ea39742a304b6f6e42e2", "69a26a27120e7a19d7a2de970cf2f03708748808e31fcc58165efe42f0cb6cb1", "6a952db179e898736f289a945027169d7f37aefe6301ed68820fc502e4b2acbc", "70c77ba9ffd9be299a806dd76e48ee2b07282c2d289b22e3d93c36228d50a85a", "82b42e4fe14922995be5e3c428c6472d2ce8195cb299f80804f86da0cca32e4f", "917d92b3abe443d5a30d8580c8a3f05ead1310dab993507c93f5b6f562283b5e", "96755cfa43314ea56aca17a7d626f2275244e508d79465a3955484dd14f23634", "9865853b7b72f281ce7d42970db23926395cfe246eaff9839fcde8c542497ecf", "ae181cf422359fd0f829ea1e7421557a47fbe7c2ce2b0e1c2cc5b7313914470b", "e0b2a87a77ad32ded7b8ca5f2ae3c7195bded9e525f4feb91f8e0c1b5bfa5522", "e1bd68b699bd216423adebd9df3f586cceca8f90407a633f68a21f05068ffb7c", "e236c9c2873df64284a4eae81c94a4f7de632c31236352f1e2fae4ca4a3d3fd7", "e34b945244705711e8db253bc49969b00426dd61408bd0d48c6527e23249b7c8", "e73bfb970fbfbe2ee525a381fe297353db86e28a646eb49ed5eda67e422495a6", "eb61100dd1555b46a0ffa05035231ff61c85292c327659f9a2c86db715c10d2a", "f515ddedac2d22db20265173cf39be8f486ce7fc2982c85b1b2e8d0bdf31823e", "faec5be0de3f61425f674be3fb0a1f46e6a03ade19bffd26959912b6407d9aae"], "path": "%ProgramData%\\<random, matching '[a-z0-9]{3,7}'>"}, {"hashes": ["027eb50a323c9a64411fa32ed72eb0a9cbefb7f0a7a7c91072c5167768543bee", "0d407e709625354e5061de9ae8d8f7d3a6de00335d2d2958e8810c7ebc298231", "17cf7375748d5b3279643a920833f0802362698e3a3f86ecdd4c647f6becd962", "29486237a4a0ae9fbaa7818ab21976338fd8e60b8cccdf5a6ed5e2a9361a2a2c", "4aa98e131fe70965a8d8ab4ad09d496b69df33ce002c118836b05b568f34de62", "5be2fc4c8d59abddd487be30063798bd4c5f13a9a5053b79faf585c60625be80", "5bec3cc7247f29d33baf13e50235787440c23f7a85a8ea39742a304b6f6e42e2", "69a26a27120e7a19d7a2de970cf2f03708748808e31fcc58165efe42f0cb6cb1", "6a952db179e898736f289a945027169d7f37aefe6301ed68820fc502e4b2acbc", "70c77ba9ffd9be299a806dd76e48ee2b07282c2d289b22e3d93c36228d50a85a", "82b42e4fe14922995be5e3c428c6472d2ce8195cb299f80804f86da0cca32e4f", "917d92b3abe443d5a30d8580c8a3f05ead1310dab993507c93f5b6f562283b5e", "96755cfa43314ea56aca17a7d626f2275244e508d79465a3955484dd14f23634", "9865853b7b72f281ce7d42970db23926395cfe246eaff9839fcde8c542497ecf", "ae181cf422359fd0f829ea1e7421557a47fbe7c2ce2b0e1c2cc5b7313914470b", "e0b2a87a77ad32ded7b8ca5f2ae3c7195bded9e525f4feb91f8e0c1b5bfa5522", "e1bd68b699bd216423adebd9df3f586cceca8f90407a633f68a21f05068ffb7c", "e236c9c2873df64284a4eae81c94a4f7de632c31236352f1e2fae4ca4a3d3fd7", "e34b945244705711e8db253bc49969b00426dd61408bd0d48c6527e23249b7c8", "e73bfb970fbfbe2ee525a381fe297353db86e28a646eb49ed5eda67e422495a6", "eb61100dd1555b46a0ffa05035231ff61c85292c327659f9a2c86db715c10d2a", "f515ddedac2d22db20265173cf39be8f486ce7fc2982c85b1b2e8d0bdf31823e", "faec5be0de3f61425f674be3fb0a1f46e6a03ade19bffd26959912b6407d9aae"], "path": "%APPDATA%\\<random, matching '[a-z0-9]{3,7}'>"}, {"hashes": ["027eb50a323c9a64411fa32ed72eb0a9cbefb7f0a7a7c91072c5167768543bee", "0d407e709625354e5061de9ae8d8f7d3a6de00335d2d2958e8810c7ebc298231", "17cf7375748d5b3279643a920833f0802362698e3a3f86ecdd4c647f6becd962", "29486237a4a0ae9fbaa7818ab21976338fd8e60b8cccdf5a6ed5e2a9361a2a2c", "4aa98e131fe70965a8d8ab4ad09d496b69df33ce002c118836b05b568f34de62", "5be2fc4c8d59abddd487be30063798bd4c5f13a9a5053b79faf585c60625be80", "5bec3cc7247f29d33baf13e50235787440c23f7a85a8ea39742a304b6f6e42e2", "69a26a27120e7a19d7a2de970cf2f03708748808e31fcc58165efe42f0cb6cb1", "6a952db179e898736f289a945027169d7f37aefe6301ed68820fc502e4b2acbc", "70c77ba9ffd9be299a806dd76e48ee2b07282c2d289b22e3d93c36228d50a85a", "82b42e4fe14922995be5e3c428c6472d2ce8195cb299f80804f86da0cca32e4f", "917d92b3abe443d5a30d8580c8a3f05ead1310dab993507c93f5b6f562283b5e", "96755cfa43314ea56aca17a7d626f2275244e508d79465a3955484dd14f23634", "9865853b7b72f281ce7d42970db23926395cfe246eaff9839fcde8c542497ecf", "ae181cf422359fd0f829ea1e7421557a47fbe7c2ce2b0e1c2cc5b7313914470b", "e0b2a87a77ad32ded7b8ca5f2ae3c7195bded9e525f4feb91f8e0c1b5bfa5522", "e1bd68b699bd216423adebd9df3f586cceca8f90407a633f68a21f05068ffb7c", "e236c9c2873df64284a4eae81c94a4f7de632c31236352f1e2fae4ca4a3d3fd7", "e34b945244705711e8db253bc49969b00426dd61408bd0d48c6527e23249b7c8", "e73bfb970fbfbe2ee525a381fe297353db86e28a646eb49ed5eda67e422495a6", "eb61100dd1555b46a0ffa05035231ff61c85292c327659f9a2c86db715c10d2a", "f515ddedac2d22db20265173cf39be8f486ce7fc2982c85b1b2e8d0bdf31823e", "faec5be0de3f61425f674be3fb0a1f46e6a03ade19bffd26959912b6407d9aae"], "path": "%LOCALAPPDATA%\\<random, matching '[a-z0-9]{3,7}'>"}, {"hashes": ["0d407e709625354e5061de9ae8d8f7d3a6de00335d2d2958e8810c7ebc298231", "17cf7375748d5b3279643a920833f0802362698e3a3f86ecdd4c647f6becd962", "4aa98e131fe70965a8d8ab4ad09d496b69df33ce002c118836b05b568f34de62", "5be2fc4c8d59abddd487be30063798bd4c5f13a9a5053b79faf585c60625be80", "6a952db179e898736f289a945027169d7f37aefe6301ed68820fc502e4b2acbc", "82b42e4fe14922995be5e3c428c6472d2ce8195cb299f80804f86da0cca32e4f", "ae181cf422359fd0f829ea1e7421557a47fbe7c2ce2b0e1c2cc5b7313914470b", "e0b2a87a77ad32ded7b8ca5f2ae3c7195bded9e525f4feb91f8e0c1b5bfa5522", "e73bfb970fbfbe2ee525a381fe297353db86e28a646eb49ed5eda67e422495a6", "f515ddedac2d22db20265173cf39be8f486ce7fc2982c85b1b2e8d0bdf31823e"], "path": "%LOCALAPPDATA%\\8w9"}, {"hashes": ["0d407e709625354e5061de9ae8d8f7d3a6de00335d2d2958e8810c7ebc298231", "17cf7375748d5b3279643a920833f0802362698e3a3f86ecdd4c647f6becd962", "4aa98e131fe70965a8d8ab4ad09d496b69df33ce002c118836b05b568f34de62", "5be2fc4c8d59abddd487be30063798bd4c5f13a9a5053b79faf585c60625be80", "6a952db179e898736f289a945027169d7f37aefe6301ed68820fc502e4b2acbc", "82b42e4fe14922995be5e3c428c6472d2ce8195cb299f80804f86da0cca32e4f", "ae181cf422359fd0f829ea1e7421557a47fbe7c2ce2b0e1c2cc5b7313914470b", "e0b2a87a77ad32ded7b8ca5f2ae3c7195bded9e525f4feb91f8e0c1b5bfa5522", "e73bfb970fbfbe2ee525a381fe297353db86e28a646eb49ed5eda67e422495a6", "f515ddedac2d22db20265173cf39be8f486ce7fc2982c85b1b2e8d0bdf31823e"], "path": "%APPDATA%\\akwr35"}, {"hashes": ["0d407e709625354e5061de9ae8d8f7d3a6de00335d2d2958e8810c7ebc298231", "17cf7375748d5b3279643a920833f0802362698e3a3f86ecdd4c647f6becd962", "4aa98e131fe70965a8d8ab4ad09d496b69df33ce002c118836b05b568f34de62", "5be2fc4c8d59abddd487be30063798bd4c5f13a9a5053b79faf585c60625be80", "6a952db179e898736f289a945027169d7f37aefe6301ed68820fc502e4b2acbc", "82b42e4fe14922995be5e3c428c6472d2ce8195cb299f80804f86da0cca32e4f", "ae181cf422359fd0f829ea1e7421557a47fbe7c2ce2b0e1c2cc5b7313914470b", "e0b2a87a77ad32ded7b8ca5f2ae3c7195bded9e525f4feb91f8e0c1b5bfa5522", "e73bfb970fbfbe2ee525a381fe297353db86e28a646eb49ed5eda67e422495a6", "f515ddedac2d22db20265173cf39be8f486ce7fc2982c85b1b2e8d0bdf31823e"], "path": "%ProgramData%\\5ltk"}], "ip": [], "mutex": [{"hashes": ["027eb50a323c9a64411fa32ed72eb0a9cbefb7f0a7a7c91072c5167768543bee", "0d407e709625354e5061de9ae8d8f7d3a6de00335d2d2958e8810c7ebc298231", "17cf7375748d5b3279643a920833f0802362698e3a3f86ecdd4c647f6becd962", "29486237a4a0ae9fbaa7818ab21976338fd8e60b8cccdf5a6ed5e2a9361a2a2c", "4aa98e131fe70965a8d8ab4ad09d496b69df33ce002c118836b05b568f34de62", "5be2fc4c8d59abddd487be30063798bd4c5f13a9a5053b79faf585c60625be80", "5bec3cc7247f29d33baf13e50235787440c23f7a85a8ea39742a304b6f6e42e2", "69a26a27120e7a19d7a2de970cf2f03708748808e31fcc58165efe42f0cb6cb1", "6a952db179e898736f289a945027169d7f37aefe6301ed68820fc502e4b2acbc", "70c77ba9ffd9be299a806dd76e48ee2b07282c2d289b22e3d93c36228d50a85a", "82b42e4fe14922995be5e3c428c6472d2ce8195cb299f80804f86da0cca32e4f", "917d92b3abe443d5a30d8580c8a3f05ead1310dab993507c93f5b6f562283b5e", "96755cfa43314ea56aca17a7d626f2275244e508d79465a3955484dd14f23634", "9865853b7b72f281ce7d42970db23926395cfe246eaff9839fcde8c542497ecf", "ae181cf422359fd0f829ea1e7421557a47fbe7c2ce2b0e1c2cc5b7313914470b", "e0b2a87a77ad32ded7b8ca5f2ae3c7195bded9e525f4feb91f8e0c1b5bfa5522", "e1bd68b699bd216423adebd9df3f586cceca8f90407a633f68a21f05068ffb7c", "e236c9c2873df64284a4eae81c94a4f7de632c31236352f1e2fae4ca4a3d3fd7", "e34b945244705711e8db253bc49969b00426dd61408bd0d48c6527e23249b7c8", "e73bfb970fbfbe2ee525a381fe297353db86e28a646eb49ed5eda67e422495a6", "eb61100dd1555b46a0ffa05035231ff61c85292c327659f9a2c86db715c10d2a", "f515ddedac2d22db20265173cf39be8f486ce7fc2982c85b1b2e8d0bdf31823e", "faec5be0de3f61425f674be3fb0a1f46e6a03ade19bffd26959912b6407d9aae"], "name": "Local\\{0CCE1A6D-10E1-4330-6D33-59F9418C9024}"}, {"hashes": ["027eb50a323c9a64411fa32ed72eb0a9cbefb7f0a7a7c91072c5167768543bee", "0d407e709625354e5061de9ae8d8f7d3a6de00335d2d2958e8810c7ebc298231", "17cf7375748d5b3279643a920833f0802362698e3a3f86ecdd4c647f6becd962", "29486237a4a0ae9fbaa7818ab21976338fd8e60b8cccdf5a6ed5e2a9361a2a2c", "4aa98e131fe70965a8d8ab4ad09d496b69df33ce002c118836b05b568f34de62", "5be2fc4c8d59abddd487be30063798bd4c5f13a9a5053b79faf585c60625be80", "5bec3cc7247f29d33baf13e50235787440c23f7a85a8ea39742a304b6f6e42e2", "69a26a27120e7a19d7a2de970cf2f03708748808e31fcc58165efe42f0cb6cb1", "6a952db179e898736f289a945027169d7f37aefe6301ed68820fc502e4b2acbc", "70c77ba9ffd9be299a806dd76e48ee2b07282c2d289b22e3d93c36228d50a85a", "82b42e4fe14922995be5e3c428c6472d2ce8195cb299f80804f86da0cca32e4f", "917d92b3abe443d5a30d8580c8a3f05ead1310dab993507c93f5b6f562283b5e", "96755cfa43314ea56aca17a7d626f2275244e508d79465a3955484dd14f23634", "9865853b7b72f281ce7d42970db23926395cfe246eaff9839fcde8c542497ecf", "ae181cf422359fd0f829ea1e7421557a47fbe7c2ce2b0e1c2cc5b7313914470b", "e0b2a87a77ad32ded7b8ca5f2ae3c7195bded9e525f4feb91f8e0c1b5bfa5522", "e1bd68b699bd216423adebd9df3f586cceca8f90407a633f68a21f05068ffb7c", "e236c9c2873df64284a4eae81c94a4f7de632c31236352f1e2fae4ca4a3d3fd7", "e34b945244705711e8db253bc49969b00426dd61408bd0d48c6527e23249b7c8", "e73bfb970fbfbe2ee525a381fe297353db86e28a646eb49ed5eda67e422495a6", "eb61100dd1555b46a0ffa05035231ff61c85292c327659f9a2c86db715c10d2a", "f515ddedac2d22db20265173cf39be8f486ce7fc2982c85b1b2e8d0bdf31823e", "faec5be0de3f61425f674be3fb0a1f46e6a03ade19bffd26959912b6407d9aae"], "name": "Local\\{1181F583-B634-69BF-E703-D4756599024F}"}, {"hashes": ["027eb50a323c9a64411fa32ed72eb0a9cbefb7f0a7a7c91072c5167768543bee", "0d407e709625354e5061de9ae8d8f7d3a6de00335d2d2958e8810c7ebc298231", "17cf7375748d5b3279643a920833f0802362698e3a3f86ecdd4c647f6becd962", "29486237a4a0ae9fbaa7818ab21976338fd8e60b8cccdf5a6ed5e2a9361a2a2c", "4aa98e131fe70965a8d8ab4ad09d496b69df33ce002c118836b05b568f34de62", "5be2fc4c8d59abddd487be30063798bd4c5f13a9a5053b79faf585c60625be80", "5bec3cc7247f29d33baf13e50235787440c23f7a85a8ea39742a304b6f6e42e2", "69a26a27120e7a19d7a2de970cf2f03708748808e31fcc58165efe42f0cb6cb1", "6a952db179e898736f289a945027169d7f37aefe6301ed68820fc502e4b2acbc", "70c77ba9ffd9be299a806dd76e48ee2b07282c2d289b22e3d93c36228d50a85a", "82b42e4fe14922995be5e3c428c6472d2ce8195cb299f80804f86da0cca32e4f", "917d92b3abe443d5a30d8580c8a3f05ead1310dab993507c93f5b6f562283b5e", "96755cfa43314ea56aca17a7d626f2275244e508d79465a3955484dd14f23634", "9865853b7b72f281ce7d42970db23926395cfe246eaff9839fcde8c542497ecf", "ae181cf422359fd0f829ea1e7421557a47fbe7c2ce2b0e1c2cc5b7313914470b", "e0b2a87a77ad32ded7b8ca5f2ae3c7195bded9e525f4feb91f8e0c1b5bfa5522", "e1bd68b699bd216423adebd9df3f586cceca8f90407a633f68a21f05068ffb7c", "e236c9c2873df64284a4eae81c94a4f7de632c31236352f1e2fae4ca4a3d3fd7", "e34b945244705711e8db253bc49969b00426dd61408bd0d48c6527e23249b7c8", "e73bfb970fbfbe2ee525a381fe297353db86e28a646eb49ed5eda67e422495a6", "eb61100dd1555b46a0ffa05035231ff61c85292c327659f9a2c86db715c10d2a", "f515ddedac2d22db20265173cf39be8f486ce7fc2982c85b1b2e8d0bdf31823e", "faec5be0de3f61425f674be3fb0a1f46e6a03ade19bffd26959912b6407d9aae"], "name": "Local\\{180BBEAD-0447-044A-68BD-247EB6D0E352}"}, {"hashes": ["027eb50a323c9a64411fa32ed72eb0a9cbefb7f0a7a7c91072c5167768543bee", "0d407e709625354e5061de9ae8d8f7d3a6de00335d2d2958e8810c7ebc298231", "17cf7375748d5b3279643a920833f0802362698e3a3f86ecdd4c647f6becd962", "29486237a4a0ae9fbaa7818ab21976338fd8e60b8cccdf5a6ed5e2a9361a2a2c", "4aa98e131fe70965a8d8ab4ad09d496b69df33ce002c118836b05b568f34de62", "5be2fc4c8d59abddd487be30063798bd4c5f13a9a5053b79faf585c60625be80", "5bec3cc7247f29d33baf13e50235787440c23f7a85a8ea39742a304b6f6e42e2", "69a26a27120e7a19d7a2de970cf2f03708748808e31fcc58165efe42f0cb6cb1", "6a952db179e898736f289a945027169d7f37aefe6301ed68820fc502e4b2acbc", "70c77ba9ffd9be299a806dd76e48ee2b07282c2d289b22e3d93c36228d50a85a", "82b42e4fe14922995be5e3c428c6472d2ce8195cb299f80804f86da0cca32e4f", "917d92b3abe443d5a30d8580c8a3f05ead1310dab993507c93f5b6f562283b5e", "96755cfa43314ea56aca17a7d626f2275244e508d79465a3955484dd14f23634", "9865853b7b72f281ce7d42970db23926395cfe246eaff9839fcde8c542497ecf", "ae181cf422359fd0f829ea1e7421557a47fbe7c2ce2b0e1c2cc5b7313914470b", "e0b2a87a77ad32ded7b8ca5f2ae3c7195bded9e525f4feb91f8e0c1b5bfa5522", "e1bd68b699bd216423adebd9df3f586cceca8f90407a633f68a21f05068ffb7c", "e236c9c2873df64284a4eae81c94a4f7de632c31236352f1e2fae4ca4a3d3fd7", "e34b945244705711e8db253bc49969b00426dd61408bd0d48c6527e23249b7c8", "e73bfb970fbfbe2ee525a381fe297353db86e28a646eb49ed5eda67e422495a6", "eb61100dd1555b46a0ffa05035231ff61c85292c327659f9a2c86db715c10d2a", "f515ddedac2d22db20265173cf39be8f486ce7fc2982c85b1b2e8d0bdf31823e", "faec5be0de3f61425f674be3fb0a1f46e6a03ade19bffd26959912b6407d9aae"], "name": "Local\\{18DD7903-1E96-FEAF-92BF-014008A1248C}"}, {"hashes": ["027eb50a323c9a64411fa32ed72eb0a9cbefb7f0a7a7c91072c5167768543bee", "0d407e709625354e5061de9ae8d8f7d3a6de00335d2d2958e8810c7ebc298231", "17cf7375748d5b3279643a920833f0802362698e3a3f86ecdd4c647f6becd962", "29486237a4a0ae9fbaa7818ab21976338fd8e60b8cccdf5a6ed5e2a9361a2a2c", "4aa98e131fe70965a8d8ab4ad09d496b69df33ce002c118836b05b568f34de62", "5be2fc4c8d59abddd487be30063798bd4c5f13a9a5053b79faf585c60625be80", "5bec3cc7247f29d33baf13e50235787440c23f7a85a8ea39742a304b6f6e42e2", "69a26a27120e7a19d7a2de970cf2f03708748808e31fcc58165efe42f0cb6cb1", "6a952db179e898736f289a945027169d7f37aefe6301ed68820fc502e4b2acbc", "70c77ba9ffd9be299a806dd76e48ee2b07282c2d289b22e3d93c36228d50a85a", "82b42e4fe14922995be5e3c428c6472d2ce8195cb299f80804f86da0cca32e4f", "917d92b3abe443d5a30d8580c8a3f05ead1310dab993507c93f5b6f562283b5e", "96755cfa43314ea56aca17a7d626f2275244e508d79465a3955484dd14f23634", "9865853b7b72f281ce7d42970db23926395cfe246eaff9839fcde8c542497ecf", "ae181cf422359fd0f829ea1e7421557a47fbe7c2ce2b0e1c2cc5b7313914470b", "e0b2a87a77ad32ded7b8ca5f2ae3c7195bded9e525f4feb91f8e0c1b5bfa5522", "e1bd68b699bd216423adebd9df3f586cceca8f90407a633f68a21f05068ffb7c", "e236c9c2873df64284a4eae81c94a4f7de632c31236352f1e2fae4ca4a3d3fd7", "e34b945244705711e8db253bc49969b00426dd61408bd0d48c6527e23249b7c8", "e73bfb970fbfbe2ee525a381fe297353db86e28a646eb49ed5eda67e422495a6", "eb61100dd1555b46a0ffa05035231ff61c85292c327659f9a2c86db715c10d2a", "f515ddedac2d22db20265173cf39be8f486ce7fc2982c85b1b2e8d0bdf31823e", "faec5be0de3f61425f674be3fb0a1f46e6a03ade19bffd26959912b6407d9aae"], "name": "Local\\{65E26329-DE88-D536-CB3A-203091D3DF68}"}, {"hashes": ["027eb50a323c9a64411fa32ed72eb0a9cbefb7f0a7a7c91072c5167768543bee", "0d407e709625354e5061de9ae8d8f7d3a6de00335d2d2958e8810c7ebc298231", "17cf7375748d5b3279643a920833f0802362698e3a3f86ecdd4c647f6becd962", "29486237a4a0ae9fbaa7818ab21976338fd8e60b8cccdf5a6ed5e2a9361a2a2c", "4aa98e131fe70965a8d8ab4ad09d496b69df33ce002c118836b05b568f34de62", "5be2fc4c8d59abddd487be30063798bd4c5f13a9a5053b79faf585c60625be80", "5bec3cc7247f29d33baf13e50235787440c23f7a85a8ea39742a304b6f6e42e2", "69a26a27120e7a19d7a2de970cf2f03708748808e31fcc58165efe42f0cb6cb1", "6a952db179e898736f289a945027169d7f37aefe6301ed68820fc502e4b2acbc", "70c77ba9ffd9be299a806dd76e48ee2b07282c2d289b22e3d93c36228d50a85a", "82b42e4fe14922995be5e3c428c6472d2ce8195cb299f80804f86da0cca32e4f", "917d92b3abe443d5a30d8580c8a3f05ead1310dab993507c93f5b6f562283b5e", "96755cfa43314ea56aca17a7d626f2275244e508d79465a3955484dd14f23634", "9865853b7b72f281ce7d42970db23926395cfe246eaff9839fcde8c542497ecf", "ae181cf422359fd0f829ea1e7421557a47fbe7c2ce2b0e1c2cc5b7313914470b", "e0b2a87a77ad32ded7b8ca5f2ae3c7195bded9e525f4feb91f8e0c1b5bfa5522", "e1bd68b699bd216423adebd9df3f586cceca8f90407a633f68a21f05068ffb7c", "e236c9c2873df64284a4eae81c94a4f7de632c31236352f1e2fae4ca4a3d3fd7", "e34b945244705711e8db253bc49969b00426dd61408bd0d48c6527e23249b7c8", "e73bfb970fbfbe2ee525a381fe297353db86e28a646eb49ed5eda67e422495a6", "eb61100dd1555b46a0ffa05035231ff61c85292c327659f9a2c86db715c10d2a", "f515ddedac2d22db20265173cf39be8f486ce7fc2982c85b1b2e8d0bdf31823e", "faec5be0de3f61425f674be3fb0a1f46e6a03ade19bffd26959912b6407d9aae"], "name": "Local\\{92502033-C012-7F46-D6A8-0AC972DF6662}"}, {"hashes": ["027eb50a323c9a64411fa32ed72eb0a9cbefb7f0a7a7c91072c5167768543bee", "0d407e709625354e5061de9ae8d8f7d3a6de00335d2d2958e8810c7ebc298231", "17cf7375748d5b3279643a920833f0802362698e3a3f86ecdd4c647f6becd962", "29486237a4a0ae9fbaa7818ab21976338fd8e60b8cccdf5a6ed5e2a9361a2a2c", "4aa98e131fe70965a8d8ab4ad09d496b69df33ce002c118836b05b568f34de62", "5be2fc4c8d59abddd487be30063798bd4c5f13a9a5053b79faf585c60625be80", "5bec3cc7247f29d33baf13e50235787440c23f7a85a8ea39742a304b6f6e42e2", "69a26a27120e7a19d7a2de970cf2f03708748808e31fcc58165efe42f0cb6cb1", "6a952db179e898736f289a945027169d7f37aefe6301ed68820fc502e4b2acbc", "70c77ba9ffd9be299a806dd76e48ee2b07282c2d289b22e3d93c36228d50a85a", "82b42e4fe14922995be5e3c428c6472d2ce8195cb299f80804f86da0cca32e4f", "917d92b3abe443d5a30d8580c8a3f05ead1310dab993507c93f5b6f562283b5e", "96755cfa43314ea56aca17a7d626f2275244e508d79465a3955484dd14f23634", "9865853b7b72f281ce7d42970db23926395cfe246eaff9839fcde8c542497ecf", "ae181cf422359fd0f829ea1e7421557a47fbe7c2ce2b0e1c2cc5b7313914470b", "e0b2a87a77ad32ded7b8ca5f2ae3c7195bded9e525f4feb91f8e0c1b5bfa5522", "e1bd68b699bd216423adebd9df3f586cceca8f90407a633f68a21f05068ffb7c", "e236c9c2873df64284a4eae81c94a4f7de632c31236352f1e2fae4ca4a3d3fd7", "e34b945244705711e8db253bc49969b00426dd61408bd0d48c6527e23249b7c8", "e73bfb970fbfbe2ee525a381fe297353db86e28a646eb49ed5eda67e422495a6", "eb61100dd1555b46a0ffa05035231ff61c85292c327659f9a2c86db715c10d2a", "f515ddedac2d22db20265173cf39be8f486ce7fc2982c85b1b2e8d0bdf31823e", "faec5be0de3f61425f674be3fb0a1f46e6a03ade19bffd26959912b6407d9aae"], "name": "Local\\{25754F3F-7A37-56CA-31BB-3C9D33DA226B}"}, {"hashes": ["027eb50a323c9a64411fa32ed72eb0a9cbefb7f0a7a7c91072c5167768543bee", "0d407e709625354e5061de9ae8d8f7d3a6de00335d2d2958e8810c7ebc298231", "17cf7375748d5b3279643a920833f0802362698e3a3f86ecdd4c647f6becd962", "29486237a4a0ae9fbaa7818ab21976338fd8e60b8cccdf5a6ed5e2a9361a2a2c", "4aa98e131fe70965a8d8ab4ad09d496b69df33ce002c118836b05b568f34de62", "5be2fc4c8d59abddd487be30063798bd4c5f13a9a5053b79faf585c60625be80", "5bec3cc7247f29d33baf13e50235787440c23f7a85a8ea39742a304b6f6e42e2", "69a26a27120e7a19d7a2de970cf2f03708748808e31fcc58165efe42f0cb6cb1", "6a952db179e898736f289a945027169d7f37aefe6301ed68820fc502e4b2acbc", "70c77ba9ffd9be299a806dd76e48ee2b07282c2d289b22e3d93c36228d50a85a", "82b42e4fe14922995be5e3c428c6472d2ce8195cb299f80804f86da0cca32e4f", "917d92b3abe443d5a30d8580c8a3f05ead1310dab993507c93f5b6f562283b5e", "96755cfa43314ea56aca17a7d626f2275244e508d79465a3955484dd14f23634", "9865853b7b72f281ce7d42970db23926395cfe246eaff9839fcde8c542497ecf", "ae181cf422359fd0f829ea1e7421557a47fbe7c2ce2b0e1c2cc5b7313914470b", "e0b2a87a77ad32ded7b8ca5f2ae3c7195bded9e525f4feb91f8e0c1b5bfa5522", "e1bd68b699bd216423adebd9df3f586cceca8f90407a633f68a21f05068ffb7c", "e236c9c2873df64284a4eae81c94a4f7de632c31236352f1e2fae4ca4a3d3fd7", "e34b945244705711e8db253bc49969b00426dd61408bd0d48c6527e23249b7c8", "e73bfb970fbfbe2ee525a381fe297353db86e28a646eb49ed5eda67e422495a6", "eb61100dd1555b46a0ffa05035231ff61c85292c327659f9a2c86db715c10d2a", "f515ddedac2d22db20265173cf39be8f486ce7fc2982c85b1b2e8d0bdf31823e", "faec5be0de3f61425f674be3fb0a1f46e6a03ade19bffd26959912b6407d9aae"], "name": "Local\\{8B75523D-CAF4-D06B-A2AD-13EEF593AC52}"}, {"hashes": ["027eb50a323c9a64411fa32ed72eb0a9cbefb7f0a7a7c91072c5167768543bee", "0d407e709625354e5061de9ae8d8f7d3a6de00335d2d2958e8810c7ebc298231", "17cf7375748d5b3279643a920833f0802362698e3a3f86ecdd4c647f6becd962", "29486237a4a0ae9fbaa7818ab21976338fd8e60b8cccdf5a6ed5e2a9361a2a2c", "4aa98e131fe70965a8d8ab4ad09d496b69df33ce002c118836b05b568f34de62", "5be2fc4c8d59abddd487be30063798bd4c5f13a9a5053b79faf585c60625be80", "5bec3cc7247f29d33baf13e50235787440c23f7a85a8ea39742a304b6f6e42e2", "69a26a27120e7a19d7a2de970cf2f03708748808e31fcc58165efe42f0cb6cb1", "6a952db179e898736f289a945027169d7f37aefe6301ed68820fc502e4b2acbc", "70c77ba9ffd9be299a806dd76e48ee2b07282c2d289b22e3d93c36228d50a85a", "82b42e4fe14922995be5e3c428c6472d2ce8195cb299f80804f86da0cca32e4f", "917d92b3abe443d5a30d8580c8a3f05ead1310dab993507c93f5b6f562283b5e", "96755cfa43314ea56aca17a7d626f2275244e508d79465a3955484dd14f23634", "9865853b7b72f281ce7d42970db23926395cfe246eaff9839fcde8c542497ecf", "ae181cf422359fd0f829ea1e7421557a47fbe7c2ce2b0e1c2cc5b7313914470b", "e0b2a87a77ad32ded7b8ca5f2ae3c7195bded9e525f4feb91f8e0c1b5bfa5522", "e1bd68b699bd216423adebd9df3f586cceca8f90407a633f68a21f05068ffb7c", "e236c9c2873df64284a4eae81c94a4f7de632c31236352f1e2fae4ca4a3d3fd7", "e34b945244705711e8db253bc49969b00426dd61408bd0d48c6527e23249b7c8", "e73bfb970fbfbe2ee525a381fe297353db86e28a646eb49ed5eda67e422495a6", "eb61100dd1555b46a0ffa05035231ff61c85292c327659f9a2c86db715c10d2a", "f515ddedac2d22db20265173cf39be8f486ce7fc2982c85b1b2e8d0bdf31823e", "faec5be0de3f61425f674be3fb0a1f46e6a03ade19bffd26959912b6407d9aae"], "name": "Local\\{D2CC4CCA-CB77-CF10-8293-17C78DEC853F}"}], "registry": [{"hashes": ["027eb50a323c9a64411fa32ed72eb0a9cbefb7f0a7a7c91072c5167768543bee", "0d407e709625354e5061de9ae8d8f7d3a6de00335d2d2958e8810c7ebc298231", "17cf7375748d5b3279643a920833f0802362698e3a3f86ecdd4c647f6becd962", "29486237a4a0ae9fbaa7818ab21976338fd8e60b8cccdf5a6ed5e2a9361a2a2c", "4aa98e131fe70965a8d8ab4ad09d496b69df33ce002c118836b05b568f34de62", "5be2fc4c8d59abddd487be30063798bd4c5f13a9a5053b79faf585c60625be80", "5bec3cc7247f29d33baf13e50235787440c23f7a85a8ea39742a304b6f6e42e2", "69a26a27120e7a19d7a2de970cf2f03708748808e31fcc58165efe42f0cb6cb1", "6a952db179e898736f289a945027169d7f37aefe6301ed68820fc502e4b2acbc", "70c77ba9ffd9be299a806dd76e48ee2b07282c2d289b22e3d93c36228d50a85a", "82b42e4fe14922995be5e3c428c6472d2ce8195cb299f80804f86da0cca32e4f", "917d92b3abe443d5a30d8580c8a3f05ead1310dab993507c93f5b6f562283b5e", "96755cfa43314ea56aca17a7d626f2275244e508d79465a3955484dd14f23634", "9865853b7b72f281ce7d42970db23926395cfe246eaff9839fcde8c542497ecf", "ae181cf422359fd0f829ea1e7421557a47fbe7c2ce2b0e1c2cc5b7313914470b", "e0b2a87a77ad32ded7b8ca5f2ae3c7195bded9e525f4feb91f8e0c1b5bfa5522", "e1bd68b699bd216423adebd9df3f586cceca8f90407a633f68a21f05068ffb7c", "e236c9c2873df64284a4eae81c94a4f7de632c31236352f1e2fae4ca4a3d3fd7", "e34b945244705711e8db253bc49969b00426dd61408bd0d48c6527e23249b7c8", "e73bfb970fbfbe2ee525a381fe297353db86e28a646eb49ed5eda67e422495a6", "eb61100dd1555b46a0ffa05035231ff61c85292c327659f9a2c86db715c10d2a", "f515ddedac2d22db20265173cf39be8f486ce7fc2982c85b1b2e8d0bdf31823e", "faec5be0de3f61425f674be3fb0a1f46e6a03ade19bffd26959912b6407d9aae"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\GOCFK", "value_name": null}, {"hashes": ["027eb50a323c9a64411fa32ed72eb0a9cbefb7f0a7a7c91072c5167768543bee", "0d407e709625354e5061de9ae8d8f7d3a6de00335d2d2958e8810c7ebc298231", "17cf7375748d5b3279643a920833f0802362698e3a3f86ecdd4c647f6becd962", "29486237a4a0ae9fbaa7818ab21976338fd8e60b8cccdf5a6ed5e2a9361a2a2c", "4aa98e131fe70965a8d8ab4ad09d496b69df33ce002c118836b05b568f34de62", "5be2fc4c8d59abddd487be30063798bd4c5f13a9a5053b79faf585c60625be80", "5bec3cc7247f29d33baf13e50235787440c23f7a85a8ea39742a304b6f6e42e2", "69a26a27120e7a19d7a2de970cf2f03708748808e31fcc58165efe42f0cb6cb1", "6a952db179e898736f289a945027169d7f37aefe6301ed68820fc502e4b2acbc", "70c77ba9ffd9be299a806dd76e48ee2b07282c2d289b22e3d93c36228d50a85a", "82b42e4fe14922995be5e3c428c6472d2ce8195cb299f80804f86da0cca32e4f", "917d92b3abe443d5a30d8580c8a3f05ead1310dab993507c93f5b6f562283b5e", "96755cfa43314ea56aca17a7d626f2275244e508d79465a3955484dd14f23634", "9865853b7b72f281ce7d42970db23926395cfe246eaff9839fcde8c542497ecf", "ae181cf422359fd0f829ea1e7421557a47fbe7c2ce2b0e1c2cc5b7313914470b", "e0b2a87a77ad32ded7b8ca5f2ae3c7195bded9e525f4feb91f8e0c1b5bfa5522", "e1bd68b699bd216423adebd9df3f586cceca8f90407a633f68a21f05068ffb7c", "e236c9c2873df64284a4eae81c94a4f7de632c31236352f1e2fae4ca4a3d3fd7", "e34b945244705711e8db253bc49969b00426dd61408bd0d48c6527e23249b7c8", "e73bfb970fbfbe2ee525a381fe297353db86e28a646eb49ed5eda67e422495a6", "eb61100dd1555b46a0ffa05035231ff61c85292c327659f9a2c86db715c10d2a", "f515ddedac2d22db20265173cf39be8f486ce7fc2982c85b1b2e8d0bdf31823e", "faec5be0de3f61425f674be3fb0a1f46e6a03ade19bffd26959912b6407d9aae"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\GOCFK", "value_name": "mbijg"}]}, "reports_count": 23}, "Win.Packed.CoinMiner-9833198-1": {"bis": [{"bi": "antivirus-flagged-artifact", "hashes": ["0fb3382e2773d2c89b5df7b08f19001bc8ea66783a720118a2f317f45f460cb8", "0964b8355fa66c316052a8b1c301a7bcc71917337ff17aea4098ee0fd14bd3fa", "036b8a21e359548bb8e801e61a2a563e8877c39b5e689a7e679751bcad46d477", "1b07efa7944cb20c5d2864a86922f48bc8548eb1168da8f6ac225afd53816e10", "21e9b45282e01ebabd61e07cf9aa204e46e032a1d1acfb2303b8e0f670567448", "1bc5c6fd70de7b1d23cc5092a2272e38f99deceadf0e28ee03f0035885c8d4ab", "19885be40ef5a7b44b26d32d64bf4efcf9d3c5fc70c6edefd2ad40635f6d9912", "10d7b61a9abd5c49650304f5d0bb19f392e1bbe5f910d100441b8cb6f3ac1877", "ab39df8543a09d8c29eee030bb7dbad74c07c3b0b206a9d35880c4f26cf36452", "04dc096af986a9add7a85214455d58e97a34e4bdf3dee7272c455a401e3680d0", "15012baf2a25fbd426ced94c36175f41337b0e50128a0c5d475572e7e3c20d3b", "22b08643b67050fa5d35661cf4f52640ca54cb51f0284653f1de6ae6d78be228", "064e38cda346c8cfa42db4ef0a2a4c188586e8d4a303e5f97c32b42fb5482d78", "03addbd129b7de3d7d508d1d1b8deba6aee86127f98c4918022c9b43f78b072e", "133900dd382c7a2159a5718a5aabf95c68fd47d77220d663ff2d48bf4d798162", "1f2701d2976175f9ee326c37acd01d1a639d43264002c1fc9bd33e7cf92c8aaf", "00f589b973d9ddf0e3db6d567f77886c0e8a0ad7920f000de3f6cc3948439281", "2097e8760dc7d3e2a3db2dcd4731a54a49ec71671f16c0d57c0653897bb05e07", "15ccf19e26a40e2da63e6fc533a26fa39230374ec8cc8e0898680e7539d2383f", "2aae4aacd43eb084f256832fc79063d2f32c7b761913b98137fb35dcfe89f39b", "21c3fa1c14e8b604d2aef7f3c9037889e8dcbc8dc3a4b5f70d57da3fe6f474e9", "215203c148bbf1653422a1ad3a81a28e1b0d98cd299325f8698f56e40d9274f8", "0f71d11f24c6d489ee01b40eda3d9278452b0d2ba928feb20fa1c2906270f695", "0a63ab3b6b1943a68da5b5edd037422fe0c7bbe646f2578b8c5affb58f9f6b22", "1f3cc8fb5799308801f2d42a2aef65fd3edb8463d997ff55d62f40bdd7b9ebde", "0f284c56661707f11c7bf248323d1699f0d3c3f747b5a720d9d2f51deae00104"], "mitre_attack_tags": []}, {"bi": "pe-encrypted-section", "hashes": ["0fb3382e2773d2c89b5df7b08f19001bc8ea66783a720118a2f317f45f460cb8", "0964b8355fa66c316052a8b1c301a7bcc71917337ff17aea4098ee0fd14bd3fa", "036b8a21e359548bb8e801e61a2a563e8877c39b5e689a7e679751bcad46d477", "1b07efa7944cb20c5d2864a86922f48bc8548eb1168da8f6ac225afd53816e10", "21e9b45282e01ebabd61e07cf9aa204e46e032a1d1acfb2303b8e0f670567448", "1bc5c6fd70de7b1d23cc5092a2272e38f99deceadf0e28ee03f0035885c8d4ab", "19885be40ef5a7b44b26d32d64bf4efcf9d3c5fc70c6edefd2ad40635f6d9912", "10d7b61a9abd5c49650304f5d0bb19f392e1bbe5f910d100441b8cb6f3ac1877", "ab39df8543a09d8c29eee030bb7dbad74c07c3b0b206a9d35880c4f26cf36452", "04dc096af986a9add7a85214455d58e97a34e4bdf3dee7272c455a401e3680d0", "15012baf2a25fbd426ced94c36175f41337b0e50128a0c5d475572e7e3c20d3b", "22b08643b67050fa5d35661cf4f52640ca54cb51f0284653f1de6ae6d78be228", "064e38cda346c8cfa42db4ef0a2a4c188586e8d4a303e5f97c32b42fb5482d78", "03addbd129b7de3d7d508d1d1b8deba6aee86127f98c4918022c9b43f78b072e", "133900dd382c7a2159a5718a5aabf95c68fd47d77220d663ff2d48bf4d798162", "1f2701d2976175f9ee326c37acd01d1a639d43264002c1fc9bd33e7cf92c8aaf", "00f589b973d9ddf0e3db6d567f77886c0e8a0ad7920f000de3f6cc3948439281", "2097e8760dc7d3e2a3db2dcd4731a54a49ec71671f16c0d57c0653897bb05e07", "15ccf19e26a40e2da63e6fc533a26fa39230374ec8cc8e0898680e7539d2383f", "2aae4aacd43eb084f256832fc79063d2f32c7b761913b98137fb35dcfe89f39b", "21c3fa1c14e8b604d2aef7f3c9037889e8dcbc8dc3a4b5f70d57da3fe6f474e9", "215203c148bbf1653422a1ad3a81a28e1b0d98cd299325f8698f56e40d9274f8", "0f71d11f24c6d489ee01b40eda3d9278452b0d2ba928feb20fa1c2906270f695", "0a63ab3b6b1943a68da5b5edd037422fe0c7bbe646f2578b8c5affb58f9f6b22", "1f3cc8fb5799308801f2d42a2aef65fd3edb8463d997ff55d62f40bdd7b9ebde", "0f284c56661707f11c7bf248323d1699f0d3c3f747b5a720d9d2f51deae00104"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "memory-execute-readwrite", "hashes": ["0fb3382e2773d2c89b5df7b08f19001bc8ea66783a720118a2f317f45f460cb8", "0964b8355fa66c316052a8b1c301a7bcc71917337ff17aea4098ee0fd14bd3fa", "036b8a21e359548bb8e801e61a2a563e8877c39b5e689a7e679751bcad46d477", "1b07efa7944cb20c5d2864a86922f48bc8548eb1168da8f6ac225afd53816e10", "21e9b45282e01ebabd61e07cf9aa204e46e032a1d1acfb2303b8e0f670567448", "1bc5c6fd70de7b1d23cc5092a2272e38f99deceadf0e28ee03f0035885c8d4ab", "19885be40ef5a7b44b26d32d64bf4efcf9d3c5fc70c6edefd2ad40635f6d9912", "10d7b61a9abd5c49650304f5d0bb19f392e1bbe5f910d100441b8cb6f3ac1877", "ab39df8543a09d8c29eee030bb7dbad74c07c3b0b206a9d35880c4f26cf36452", "04dc096af986a9add7a85214455d58e97a34e4bdf3dee7272c455a401e3680d0", "15012baf2a25fbd426ced94c36175f41337b0e50128a0c5d475572e7e3c20d3b", "22b08643b67050fa5d35661cf4f52640ca54cb51f0284653f1de6ae6d78be228", "064e38cda346c8cfa42db4ef0a2a4c188586e8d4a303e5f97c32b42fb5482d78", "03addbd129b7de3d7d508d1d1b8deba6aee86127f98c4918022c9b43f78b072e", "133900dd382c7a2159a5718a5aabf95c68fd47d77220d663ff2d48bf4d798162", "1f2701d2976175f9ee326c37acd01d1a639d43264002c1fc9bd33e7cf92c8aaf", "00f589b973d9ddf0e3db6d567f77886c0e8a0ad7920f000de3f6cc3948439281", "2097e8760dc7d3e2a3db2dcd4731a54a49ec71671f16c0d57c0653897bb05e07", "15ccf19e26a40e2da63e6fc533a26fa39230374ec8cc8e0898680e7539d2383f", "2aae4aacd43eb084f256832fc79063d2f32c7b761913b98137fb35dcfe89f39b", "21c3fa1c14e8b604d2aef7f3c9037889e8dcbc8dc3a4b5f70d57da3fe6f474e9", "215203c148bbf1653422a1ad3a81a28e1b0d98cd299325f8698f56e40d9274f8", "0f71d11f24c6d489ee01b40eda3d9278452b0d2ba928feb20fa1c2906270f695", "0a63ab3b6b1943a68da5b5edd037422fe0c7bbe646f2578b8c5affb58f9f6b22", "1f3cc8fb5799308801f2d42a2aef65fd3edb8463d997ff55d62f40bdd7b9ebde", "0f284c56661707f11c7bf248323d1699f0d3c3f747b5a720d9d2f51deae00104"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "modified-executable", "hashes": ["0fb3382e2773d2c89b5df7b08f19001bc8ea66783a720118a2f317f45f460cb8", "0964b8355fa66c316052a8b1c301a7bcc71917337ff17aea4098ee0fd14bd3fa", "036b8a21e359548bb8e801e61a2a563e8877c39b5e689a7e679751bcad46d477", "1b07efa7944cb20c5d2864a86922f48bc8548eb1168da8f6ac225afd53816e10", "21e9b45282e01ebabd61e07cf9aa204e46e032a1d1acfb2303b8e0f670567448", "1bc5c6fd70de7b1d23cc5092a2272e38f99deceadf0e28ee03f0035885c8d4ab", "19885be40ef5a7b44b26d32d64bf4efcf9d3c5fc70c6edefd2ad40635f6d9912", "10d7b61a9abd5c49650304f5d0bb19f392e1bbe5f910d100441b8cb6f3ac1877", "ab39df8543a09d8c29eee030bb7dbad74c07c3b0b206a9d35880c4f26cf36452", "04dc096af986a9add7a85214455d58e97a34e4bdf3dee7272c455a401e3680d0", "15012baf2a25fbd426ced94c36175f41337b0e50128a0c5d475572e7e3c20d3b", "22b08643b67050fa5d35661cf4f52640ca54cb51f0284653f1de6ae6d78be228", "064e38cda346c8cfa42db4ef0a2a4c188586e8d4a303e5f97c32b42fb5482d78", "03addbd129b7de3d7d508d1d1b8deba6aee86127f98c4918022c9b43f78b072e", "133900dd382c7a2159a5718a5aabf95c68fd47d77220d663ff2d48bf4d798162", "1f2701d2976175f9ee326c37acd01d1a639d43264002c1fc9bd33e7cf92c8aaf", "00f589b973d9ddf0e3db6d567f77886c0e8a0ad7920f000de3f6cc3948439281", "2097e8760dc7d3e2a3db2dcd4731a54a49ec71671f16c0d57c0653897bb05e07", "15ccf19e26a40e2da63e6fc533a26fa39230374ec8cc8e0898680e7539d2383f", "2aae4aacd43eb084f256832fc79063d2f32c7b761913b98137fb35dcfe89f39b", "21c3fa1c14e8b604d2aef7f3c9037889e8dcbc8dc3a4b5f70d57da3fe6f474e9", "215203c148bbf1653422a1ad3a81a28e1b0d98cd299325f8698f56e40d9274f8", "0f71d11f24c6d489ee01b40eda3d9278452b0d2ba928feb20fa1c2906270f695", "0a63ab3b6b1943a68da5b5edd037422fe0c7bbe646f2578b8c5affb58f9f6b22", "1f3cc8fb5799308801f2d42a2aef65fd3edb8463d997ff55d62f40bdd7b9ebde", "0f284c56661707f11c7bf248323d1699f0d3c3f747b5a720d9d2f51deae00104"], "mitre_attack_tags": []}, {"bi": "created-executable-in-user-dir", "hashes": ["0fb3382e2773d2c89b5df7b08f19001bc8ea66783a720118a2f317f45f460cb8", "0964b8355fa66c316052a8b1c301a7bcc71917337ff17aea4098ee0fd14bd3fa", "036b8a21e359548bb8e801e61a2a563e8877c39b5e689a7e679751bcad46d477", "1b07efa7944cb20c5d2864a86922f48bc8548eb1168da8f6ac225afd53816e10", "21e9b45282e01ebabd61e07cf9aa204e46e032a1d1acfb2303b8e0f670567448", "1bc5c6fd70de7b1d23cc5092a2272e38f99deceadf0e28ee03f0035885c8d4ab", "19885be40ef5a7b44b26d32d64bf4efcf9d3c5fc70c6edefd2ad40635f6d9912", "10d7b61a9abd5c49650304f5d0bb19f392e1bbe5f910d100441b8cb6f3ac1877", "ab39df8543a09d8c29eee030bb7dbad74c07c3b0b206a9d35880c4f26cf36452", "04dc096af986a9add7a85214455d58e97a34e4bdf3dee7272c455a401e3680d0", "15012baf2a25fbd426ced94c36175f41337b0e50128a0c5d475572e7e3c20d3b", "22b08643b67050fa5d35661cf4f52640ca54cb51f0284653f1de6ae6d78be228", "064e38cda346c8cfa42db4ef0a2a4c188586e8d4a303e5f97c32b42fb5482d78", "03addbd129b7de3d7d508d1d1b8deba6aee86127f98c4918022c9b43f78b072e", "133900dd382c7a2159a5718a5aabf95c68fd47d77220d663ff2d48bf4d798162", "1f2701d2976175f9ee326c37acd01d1a639d43264002c1fc9bd33e7cf92c8aaf", "00f589b973d9ddf0e3db6d567f77886c0e8a0ad7920f000de3f6cc3948439281", "2097e8760dc7d3e2a3db2dcd4731a54a49ec71671f16c0d57c0653897bb05e07", "15ccf19e26a40e2da63e6fc533a26fa39230374ec8cc8e0898680e7539d2383f", "2aae4aacd43eb084f256832fc79063d2f32c7b761913b98137fb35dcfe89f39b", "21c3fa1c14e8b604d2aef7f3c9037889e8dcbc8dc3a4b5f70d57da3fe6f474e9", "215203c148bbf1653422a1ad3a81a28e1b0d98cd299325f8698f56e40d9274f8", "0f71d11f24c6d489ee01b40eda3d9278452b0d2ba928feb20fa1c2906270f695", "0a63ab3b6b1943a68da5b5edd037422fe0c7bbe646f2578b8c5affb58f9f6b22", "1f3cc8fb5799308801f2d42a2aef65fd3edb8463d997ff55d62f40bdd7b9ebde", "0f284c56661707f11c7bf248323d1699f0d3c3f747b5a720d9d2f51deae00104"], "mitre_attack_tags": []}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["0fb3382e2773d2c89b5df7b08f19001bc8ea66783a720118a2f317f45f460cb8", "0964b8355fa66c316052a8b1c301a7bcc71917337ff17aea4098ee0fd14bd3fa", "036b8a21e359548bb8e801e61a2a563e8877c39b5e689a7e679751bcad46d477", "1b07efa7944cb20c5d2864a86922f48bc8548eb1168da8f6ac225afd53816e10", "21e9b45282e01ebabd61e07cf9aa204e46e032a1d1acfb2303b8e0f670567448", "1bc5c6fd70de7b1d23cc5092a2272e38f99deceadf0e28ee03f0035885c8d4ab", "19885be40ef5a7b44b26d32d64bf4efcf9d3c5fc70c6edefd2ad40635f6d9912", "10d7b61a9abd5c49650304f5d0bb19f392e1bbe5f910d100441b8cb6f3ac1877", "ab39df8543a09d8c29eee030bb7dbad74c07c3b0b206a9d35880c4f26cf36452", "04dc096af986a9add7a85214455d58e97a34e4bdf3dee7272c455a401e3680d0", "15012baf2a25fbd426ced94c36175f41337b0e50128a0c5d475572e7e3c20d3b", "22b08643b67050fa5d35661cf4f52640ca54cb51f0284653f1de6ae6d78be228", "064e38cda346c8cfa42db4ef0a2a4c188586e8d4a303e5f97c32b42fb5482d78", "03addbd129b7de3d7d508d1d1b8deba6aee86127f98c4918022c9b43f78b072e", "133900dd382c7a2159a5718a5aabf95c68fd47d77220d663ff2d48bf4d798162", "1f2701d2976175f9ee326c37acd01d1a639d43264002c1fc9bd33e7cf92c8aaf", "00f589b973d9ddf0e3db6d567f77886c0e8a0ad7920f000de3f6cc3948439281", "2097e8760dc7d3e2a3db2dcd4731a54a49ec71671f16c0d57c0653897bb05e07", "15ccf19e26a40e2da63e6fc533a26fa39230374ec8cc8e0898680e7539d2383f", "2aae4aacd43eb084f256832fc79063d2f32c7b761913b98137fb35dcfe89f39b", "21c3fa1c14e8b604d2aef7f3c9037889e8dcbc8dc3a4b5f70d57da3fe6f474e9", "215203c148bbf1653422a1ad3a81a28e1b0d98cd299325f8698f56e40d9274f8", "0f71d11f24c6d489ee01b40eda3d9278452b0d2ba928feb20fa1c2906270f695", "0a63ab3b6b1943a68da5b5edd037422fe0c7bbe646f2578b8c5affb58f9f6b22", "1f3cc8fb5799308801f2d42a2aef65fd3edb8463d997ff55d62f40bdd7b9ebde", "0f284c56661707f11c7bf248323d1699f0d3c3f747b5a720d9d2f51deae00104"], "mitre_attack_tags": []}, {"bi": "modified-file-in-user-dir", "hashes": ["0fb3382e2773d2c89b5df7b08f19001bc8ea66783a720118a2f317f45f460cb8", "0964b8355fa66c316052a8b1c301a7bcc71917337ff17aea4098ee0fd14bd3fa", "036b8a21e359548bb8e801e61a2a563e8877c39b5e689a7e679751bcad46d477", "1b07efa7944cb20c5d2864a86922f48bc8548eb1168da8f6ac225afd53816e10", "21e9b45282e01ebabd61e07cf9aa204e46e032a1d1acfb2303b8e0f670567448", "1bc5c6fd70de7b1d23cc5092a2272e38f99deceadf0e28ee03f0035885c8d4ab", "19885be40ef5a7b44b26d32d64bf4efcf9d3c5fc70c6edefd2ad40635f6d9912", "10d7b61a9abd5c49650304f5d0bb19f392e1bbe5f910d100441b8cb6f3ac1877", "ab39df8543a09d8c29eee030bb7dbad74c07c3b0b206a9d35880c4f26cf36452", "04dc096af986a9add7a85214455d58e97a34e4bdf3dee7272c455a401e3680d0", "15012baf2a25fbd426ced94c36175f41337b0e50128a0c5d475572e7e3c20d3b", "22b08643b67050fa5d35661cf4f52640ca54cb51f0284653f1de6ae6d78be228", "064e38cda346c8cfa42db4ef0a2a4c188586e8d4a303e5f97c32b42fb5482d78", "03addbd129b7de3d7d508d1d1b8deba6aee86127f98c4918022c9b43f78b072e", "133900dd382c7a2159a5718a5aabf95c68fd47d77220d663ff2d48bf4d798162", "1f2701d2976175f9ee326c37acd01d1a639d43264002c1fc9bd33e7cf92c8aaf", "00f589b973d9ddf0e3db6d567f77886c0e8a0ad7920f000de3f6cc3948439281", "2097e8760dc7d3e2a3db2dcd4731a54a49ec71671f16c0d57c0653897bb05e07", "15ccf19e26a40e2da63e6fc533a26fa39230374ec8cc8e0898680e7539d2383f", "2aae4aacd43eb084f256832fc79063d2f32c7b761913b98137fb35dcfe89f39b", "21c3fa1c14e8b604d2aef7f3c9037889e8dcbc8dc3a4b5f70d57da3fe6f474e9", "215203c148bbf1653422a1ad3a81a28e1b0d98cd299325f8698f56e40d9274f8", "0f71d11f24c6d489ee01b40eda3d9278452b0d2ba928feb20fa1c2906270f695", "0a63ab3b6b1943a68da5b5edd037422fe0c7bbe646f2578b8c5affb58f9f6b22", "1f3cc8fb5799308801f2d42a2aef65fd3edb8463d997ff55d62f40bdd7b9ebde", "0f284c56661707f11c7bf248323d1699f0d3c3f747b5a720d9d2f51deae00104"], "mitre_attack_tags": []}, {"bi": "cta-static-analyzer-malicious", "hashes": ["0fb3382e2773d2c89b5df7b08f19001bc8ea66783a720118a2f317f45f460cb8", "0964b8355fa66c316052a8b1c301a7bcc71917337ff17aea4098ee0fd14bd3fa", "036b8a21e359548bb8e801e61a2a563e8877c39b5e689a7e679751bcad46d477", "1b07efa7944cb20c5d2864a86922f48bc8548eb1168da8f6ac225afd53816e10", "21e9b45282e01ebabd61e07cf9aa204e46e032a1d1acfb2303b8e0f670567448", "1bc5c6fd70de7b1d23cc5092a2272e38f99deceadf0e28ee03f0035885c8d4ab", "19885be40ef5a7b44b26d32d64bf4efcf9d3c5fc70c6edefd2ad40635f6d9912", "10d7b61a9abd5c49650304f5d0bb19f392e1bbe5f910d100441b8cb6f3ac1877", "ab39df8543a09d8c29eee030bb7dbad74c07c3b0b206a9d35880c4f26cf36452", "04dc096af986a9add7a85214455d58e97a34e4bdf3dee7272c455a401e3680d0", "15012baf2a25fbd426ced94c36175f41337b0e50128a0c5d475572e7e3c20d3b", "22b08643b67050fa5d35661cf4f52640ca54cb51f0284653f1de6ae6d78be228", "064e38cda346c8cfa42db4ef0a2a4c188586e8d4a303e5f97c32b42fb5482d78", "03addbd129b7de3d7d508d1d1b8deba6aee86127f98c4918022c9b43f78b072e", "133900dd382c7a2159a5718a5aabf95c68fd47d77220d663ff2d48bf4d798162", "1f2701d2976175f9ee326c37acd01d1a639d43264002c1fc9bd33e7cf92c8aaf", "00f589b973d9ddf0e3db6d567f77886c0e8a0ad7920f000de3f6cc3948439281", "2097e8760dc7d3e2a3db2dcd4731a54a49ec71671f16c0d57c0653897bb05e07", "15ccf19e26a40e2da63e6fc533a26fa39230374ec8cc8e0898680e7539d2383f", "2aae4aacd43eb084f256832fc79063d2f32c7b761913b98137fb35dcfe89f39b", "21c3fa1c14e8b604d2aef7f3c9037889e8dcbc8dc3a4b5f70d57da3fe6f474e9", "215203c148bbf1653422a1ad3a81a28e1b0d98cd299325f8698f56e40d9274f8", "0f71d11f24c6d489ee01b40eda3d9278452b0d2ba928feb20fa1c2906270f695", "0a63ab3b6b1943a68da5b5edd037422fe0c7bbe646f2578b8c5affb58f9f6b22", "1f3cc8fb5799308801f2d42a2aef65fd3edb8463d997ff55d62f40bdd7b9ebde", "0f284c56661707f11c7bf248323d1699f0d3c3f747b5a720d9d2f51deae00104"], "mitre_attack_tags": []}, {"bi": "artifact-flagged-anomaly", "hashes": ["0fb3382e2773d2c89b5df7b08f19001bc8ea66783a720118a2f317f45f460cb8", "0964b8355fa66c316052a8b1c301a7bcc71917337ff17aea4098ee0fd14bd3fa", "036b8a21e359548bb8e801e61a2a563e8877c39b5e689a7e679751bcad46d477", "1b07efa7944cb20c5d2864a86922f48bc8548eb1168da8f6ac225afd53816e10", "21e9b45282e01ebabd61e07cf9aa204e46e032a1d1acfb2303b8e0f670567448", "1bc5c6fd70de7b1d23cc5092a2272e38f99deceadf0e28ee03f0035885c8d4ab", "19885be40ef5a7b44b26d32d64bf4efcf9d3c5fc70c6edefd2ad40635f6d9912", "10d7b61a9abd5c49650304f5d0bb19f392e1bbe5f910d100441b8cb6f3ac1877", "ab39df8543a09d8c29eee030bb7dbad74c07c3b0b206a9d35880c4f26cf36452", "04dc096af986a9add7a85214455d58e97a34e4bdf3dee7272c455a401e3680d0", "15012baf2a25fbd426ced94c36175f41337b0e50128a0c5d475572e7e3c20d3b", "22b08643b67050fa5d35661cf4f52640ca54cb51f0284653f1de6ae6d78be228", "064e38cda346c8cfa42db4ef0a2a4c188586e8d4a303e5f97c32b42fb5482d78", "03addbd129b7de3d7d508d1d1b8deba6aee86127f98c4918022c9b43f78b072e", "133900dd382c7a2159a5718a5aabf95c68fd47d77220d663ff2d48bf4d798162", "1f2701d2976175f9ee326c37acd01d1a639d43264002c1fc9bd33e7cf92c8aaf", "00f589b973d9ddf0e3db6d567f77886c0e8a0ad7920f000de3f6cc3948439281", "2097e8760dc7d3e2a3db2dcd4731a54a49ec71671f16c0d57c0653897bb05e07", "15ccf19e26a40e2da63e6fc533a26fa39230374ec8cc8e0898680e7539d2383f", "2aae4aacd43eb084f256832fc79063d2f32c7b761913b98137fb35dcfe89f39b", "21c3fa1c14e8b604d2aef7f3c9037889e8dcbc8dc3a4b5f70d57da3fe6f474e9", "215203c148bbf1653422a1ad3a81a28e1b0d98cd299325f8698f56e40d9274f8", "0f71d11f24c6d489ee01b40eda3d9278452b0d2ba928feb20fa1c2906270f695", "0a63ab3b6b1943a68da5b5edd037422fe0c7bbe646f2578b8c5affb58f9f6b22", "1f3cc8fb5799308801f2d42a2aef65fd3edb8463d997ff55d62f40bdd7b9ebde", "0f284c56661707f11c7bf248323d1699f0d3c3f747b5a720d9d2f51deae00104"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-filename-mismatch", "hashes": ["0fb3382e2773d2c89b5df7b08f19001bc8ea66783a720118a2f317f45f460cb8", "0964b8355fa66c316052a8b1c301a7bcc71917337ff17aea4098ee0fd14bd3fa", "036b8a21e359548bb8e801e61a2a563e8877c39b5e689a7e679751bcad46d477", "1b07efa7944cb20c5d2864a86922f48bc8548eb1168da8f6ac225afd53816e10", "21e9b45282e01ebabd61e07cf9aa204e46e032a1d1acfb2303b8e0f670567448", "1bc5c6fd70de7b1d23cc5092a2272e38f99deceadf0e28ee03f0035885c8d4ab", "19885be40ef5a7b44b26d32d64bf4efcf9d3c5fc70c6edefd2ad40635f6d9912", "10d7b61a9abd5c49650304f5d0bb19f392e1bbe5f910d100441b8cb6f3ac1877", "ab39df8543a09d8c29eee030bb7dbad74c07c3b0b206a9d35880c4f26cf36452", "04dc096af986a9add7a85214455d58e97a34e4bdf3dee7272c455a401e3680d0", "15012baf2a25fbd426ced94c36175f41337b0e50128a0c5d475572e7e3c20d3b", "22b08643b67050fa5d35661cf4f52640ca54cb51f0284653f1de6ae6d78be228", "064e38cda346c8cfa42db4ef0a2a4c188586e8d4a303e5f97c32b42fb5482d78", "03addbd129b7de3d7d508d1d1b8deba6aee86127f98c4918022c9b43f78b072e", "133900dd382c7a2159a5718a5aabf95c68fd47d77220d663ff2d48bf4d798162", "1f2701d2976175f9ee326c37acd01d1a639d43264002c1fc9bd33e7cf92c8aaf", "00f589b973d9ddf0e3db6d567f77886c0e8a0ad7920f000de3f6cc3948439281", "2097e8760dc7d3e2a3db2dcd4731a54a49ec71671f16c0d57c0653897bb05e07", "15ccf19e26a40e2da63e6fc533a26fa39230374ec8cc8e0898680e7539d2383f", "2aae4aacd43eb084f256832fc79063d2f32c7b761913b98137fb35dcfe89f39b", "21c3fa1c14e8b604d2aef7f3c9037889e8dcbc8dc3a4b5f70d57da3fe6f474e9", "215203c148bbf1653422a1ad3a81a28e1b0d98cd299325f8698f56e40d9274f8", "0f71d11f24c6d489ee01b40eda3d9278452b0d2ba928feb20fa1c2906270f695", "0a63ab3b6b1943a68da5b5edd037422fe0c7bbe646f2578b8c5affb58f9f6b22", "1f3cc8fb5799308801f2d42a2aef65fd3edb8463d997ff55d62f40bdd7b9ebde", "0f284c56661707f11c7bf248323d1699f0d3c3f747b5a720d9d2f51deae00104"], "mitre_attack_tags": []}, {"bi": "process-long-cmdline", "hashes": ["0fb3382e2773d2c89b5df7b08f19001bc8ea66783a720118a2f317f45f460cb8", "0964b8355fa66c316052a8b1c301a7bcc71917337ff17aea4098ee0fd14bd3fa", "036b8a21e359548bb8e801e61a2a563e8877c39b5e689a7e679751bcad46d477", "1b07efa7944cb20c5d2864a86922f48bc8548eb1168da8f6ac225afd53816e10", "21e9b45282e01ebabd61e07cf9aa204e46e032a1d1acfb2303b8e0f670567448", "1bc5c6fd70de7b1d23cc5092a2272e38f99deceadf0e28ee03f0035885c8d4ab", "19885be40ef5a7b44b26d32d64bf4efcf9d3c5fc70c6edefd2ad40635f6d9912", "10d7b61a9abd5c49650304f5d0bb19f392e1bbe5f910d100441b8cb6f3ac1877", "ab39df8543a09d8c29eee030bb7dbad74c07c3b0b206a9d35880c4f26cf36452", "04dc096af986a9add7a85214455d58e97a34e4bdf3dee7272c455a401e3680d0", "15012baf2a25fbd426ced94c36175f41337b0e50128a0c5d475572e7e3c20d3b", "22b08643b67050fa5d35661cf4f52640ca54cb51f0284653f1de6ae6d78be228", "064e38cda346c8cfa42db4ef0a2a4c188586e8d4a303e5f97c32b42fb5482d78", "03addbd129b7de3d7d508d1d1b8deba6aee86127f98c4918022c9b43f78b072e", "133900dd382c7a2159a5718a5aabf95c68fd47d77220d663ff2d48bf4d798162", "1f2701d2976175f9ee326c37acd01d1a639d43264002c1fc9bd33e7cf92c8aaf", "00f589b973d9ddf0e3db6d567f77886c0e8a0ad7920f000de3f6cc3948439281", "2097e8760dc7d3e2a3db2dcd4731a54a49ec71671f16c0d57c0653897bb05e07", "15ccf19e26a40e2da63e6fc533a26fa39230374ec8cc8e0898680e7539d2383f", "2aae4aacd43eb084f256832fc79063d2f32c7b761913b98137fb35dcfe89f39b", "21c3fa1c14e8b604d2aef7f3c9037889e8dcbc8dc3a4b5f70d57da3fe6f474e9", "215203c148bbf1653422a1ad3a81a28e1b0d98cd299325f8698f56e40d9274f8", "0f71d11f24c6d489ee01b40eda3d9278452b0d2ba928feb20fa1c2906270f695", "0a63ab3b6b1943a68da5b5edd037422fe0c7bbe646f2578b8c5affb58f9f6b22", "1f3cc8fb5799308801f2d42a2aef65fd3edb8463d997ff55d62f40bdd7b9ebde", "0f284c56661707f11c7bf248323d1699f0d3c3f747b5a720d9d2f51deae00104"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "network-fast-flux-domain", "hashes": ["0fb3382e2773d2c89b5df7b08f19001bc8ea66783a720118a2f317f45f460cb8", "0964b8355fa66c316052a8b1c301a7bcc71917337ff17aea4098ee0fd14bd3fa", "036b8a21e359548bb8e801e61a2a563e8877c39b5e689a7e679751bcad46d477", "1b07efa7944cb20c5d2864a86922f48bc8548eb1168da8f6ac225afd53816e10", "21e9b45282e01ebabd61e07cf9aa204e46e032a1d1acfb2303b8e0f670567448", "1bc5c6fd70de7b1d23cc5092a2272e38f99deceadf0e28ee03f0035885c8d4ab", "19885be40ef5a7b44b26d32d64bf4efcf9d3c5fc70c6edefd2ad40635f6d9912", "10d7b61a9abd5c49650304f5d0bb19f392e1bbe5f910d100441b8cb6f3ac1877", "ab39df8543a09d8c29eee030bb7dbad74c07c3b0b206a9d35880c4f26cf36452", "04dc096af986a9add7a85214455d58e97a34e4bdf3dee7272c455a401e3680d0", "15012baf2a25fbd426ced94c36175f41337b0e50128a0c5d475572e7e3c20d3b", "22b08643b67050fa5d35661cf4f52640ca54cb51f0284653f1de6ae6d78be228", "064e38cda346c8cfa42db4ef0a2a4c188586e8d4a303e5f97c32b42fb5482d78", "03addbd129b7de3d7d508d1d1b8deba6aee86127f98c4918022c9b43f78b072e", "133900dd382c7a2159a5718a5aabf95c68fd47d77220d663ff2d48bf4d798162", "1f2701d2976175f9ee326c37acd01d1a639d43264002c1fc9bd33e7cf92c8aaf", "00f589b973d9ddf0e3db6d567f77886c0e8a0ad7920f000de3f6cc3948439281", "2097e8760dc7d3e2a3db2dcd4731a54a49ec71671f16c0d57c0653897bb05e07", "15ccf19e26a40e2da63e6fc533a26fa39230374ec8cc8e0898680e7539d2383f", "2aae4aacd43eb084f256832fc79063d2f32c7b761913b98137fb35dcfe89f39b", "21c3fa1c14e8b604d2aef7f3c9037889e8dcbc8dc3a4b5f70d57da3fe6f474e9", "215203c148bbf1653422a1ad3a81a28e1b0d98cd299325f8698f56e40d9274f8", "0f71d11f24c6d489ee01b40eda3d9278452b0d2ba928feb20fa1c2906270f695", "0a63ab3b6b1943a68da5b5edd037422fe0c7bbe646f2578b8c5affb58f9f6b22", "1f3cc8fb5799308801f2d42a2aef65fd3edb8463d997ff55d62f40bdd7b9ebde", "0f284c56661707f11c7bf248323d1699f0d3c3f747b5a720d9d2f51deae00104"], "mitre_attack_tags": []}, {"bi": "network-only-safe-domains-contacted", "hashes": ["0fb3382e2773d2c89b5df7b08f19001bc8ea66783a720118a2f317f45f460cb8", "0964b8355fa66c316052a8b1c301a7bcc71917337ff17aea4098ee0fd14bd3fa", "036b8a21e359548bb8e801e61a2a563e8877c39b5e689a7e679751bcad46d477", "1b07efa7944cb20c5d2864a86922f48bc8548eb1168da8f6ac225afd53816e10", "21e9b45282e01ebabd61e07cf9aa204e46e032a1d1acfb2303b8e0f670567448", "1bc5c6fd70de7b1d23cc5092a2272e38f99deceadf0e28ee03f0035885c8d4ab", "19885be40ef5a7b44b26d32d64bf4efcf9d3c5fc70c6edefd2ad40635f6d9912", "10d7b61a9abd5c49650304f5d0bb19f392e1bbe5f910d100441b8cb6f3ac1877", "ab39df8543a09d8c29eee030bb7dbad74c07c3b0b206a9d35880c4f26cf36452", "04dc096af986a9add7a85214455d58e97a34e4bdf3dee7272c455a401e3680d0", "15012baf2a25fbd426ced94c36175f41337b0e50128a0c5d475572e7e3c20d3b", "22b08643b67050fa5d35661cf4f52640ca54cb51f0284653f1de6ae6d78be228", "064e38cda346c8cfa42db4ef0a2a4c188586e8d4a303e5f97c32b42fb5482d78", "03addbd129b7de3d7d508d1d1b8deba6aee86127f98c4918022c9b43f78b072e", "133900dd382c7a2159a5718a5aabf95c68fd47d77220d663ff2d48bf4d798162", "1f2701d2976175f9ee326c37acd01d1a639d43264002c1fc9bd33e7cf92c8aaf", "00f589b973d9ddf0e3db6d567f77886c0e8a0ad7920f000de3f6cc3948439281", "2097e8760dc7d3e2a3db2dcd4731a54a49ec71671f16c0d57c0653897bb05e07", "15ccf19e26a40e2da63e6fc533a26fa39230374ec8cc8e0898680e7539d2383f", "2aae4aacd43eb084f256832fc79063d2f32c7b761913b98137fb35dcfe89f39b", "21c3fa1c14e8b604d2aef7f3c9037889e8dcbc8dc3a4b5f70d57da3fe6f474e9", "215203c148bbf1653422a1ad3a81a28e1b0d98cd299325f8698f56e40d9274f8", "0f71d11f24c6d489ee01b40eda3d9278452b0d2ba928feb20fa1c2906270f695", "0a63ab3b6b1943a68da5b5edd037422fe0c7bbe646f2578b8c5affb58f9f6b22", "1f3cc8fb5799308801f2d42a2aef65fd3edb8463d997ff55d62f40bdd7b9ebde", "0f284c56661707f11c7bf248323d1699f0d3c3f747b5a720d9d2f51deae00104"], "mitre_attack_tags": []}, {"bi": "excessive-foreign-memory-modification", "hashes": ["0fb3382e2773d2c89b5df7b08f19001bc8ea66783a720118a2f317f45f460cb8", "0964b8355fa66c316052a8b1c301a7bcc71917337ff17aea4098ee0fd14bd3fa", "036b8a21e359548bb8e801e61a2a563e8877c39b5e689a7e679751bcad46d477", "1b07efa7944cb20c5d2864a86922f48bc8548eb1168da8f6ac225afd53816e10", "21e9b45282e01ebabd61e07cf9aa204e46e032a1d1acfb2303b8e0f670567448", "1bc5c6fd70de7b1d23cc5092a2272e38f99deceadf0e28ee03f0035885c8d4ab", "19885be40ef5a7b44b26d32d64bf4efcf9d3c5fc70c6edefd2ad40635f6d9912", "10d7b61a9abd5c49650304f5d0bb19f392e1bbe5f910d100441b8cb6f3ac1877", "ab39df8543a09d8c29eee030bb7dbad74c07c3b0b206a9d35880c4f26cf36452", "04dc096af986a9add7a85214455d58e97a34e4bdf3dee7272c455a401e3680d0", "15012baf2a25fbd426ced94c36175f41337b0e50128a0c5d475572e7e3c20d3b", "22b08643b67050fa5d35661cf4f52640ca54cb51f0284653f1de6ae6d78be228", "064e38cda346c8cfa42db4ef0a2a4c188586e8d4a303e5f97c32b42fb5482d78", "03addbd129b7de3d7d508d1d1b8deba6aee86127f98c4918022c9b43f78b072e", "133900dd382c7a2159a5718a5aabf95c68fd47d77220d663ff2d48bf4d798162", "1f2701d2976175f9ee326c37acd01d1a639d43264002c1fc9bd33e7cf92c8aaf", "00f589b973d9ddf0e3db6d567f77886c0e8a0ad7920f000de3f6cc3948439281", "2097e8760dc7d3e2a3db2dcd4731a54a49ec71671f16c0d57c0653897bb05e07", "15ccf19e26a40e2da63e6fc533a26fa39230374ec8cc8e0898680e7539d2383f", "2aae4aacd43eb084f256832fc79063d2f32c7b761913b98137fb35dcfe89f39b", "21c3fa1c14e8b604d2aef7f3c9037889e8dcbc8dc3a4b5f70d57da3fe6f474e9", "215203c148bbf1653422a1ad3a81a28e1b0d98cd299325f8698f56e40d9274f8", "0f71d11f24c6d489ee01b40eda3d9278452b0d2ba928feb20fa1c2906270f695", "0a63ab3b6b1943a68da5b5edd037422fe0c7bbe646f2578b8c5affb58f9f6b22", "1f3cc8fb5799308801f2d42a2aef65fd3edb8463d997ff55d62f40bdd7b9ebde", "0f284c56661707f11c7bf248323d1699f0d3c3f747b5a720d9d2f51deae00104"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "deleted-submitted-file", "hashes": ["0fb3382e2773d2c89b5df7b08f19001bc8ea66783a720118a2f317f45f460cb8", "0964b8355fa66c316052a8b1c301a7bcc71917337ff17aea4098ee0fd14bd3fa", "036b8a21e359548bb8e801e61a2a563e8877c39b5e689a7e679751bcad46d477", "1b07efa7944cb20c5d2864a86922f48bc8548eb1168da8f6ac225afd53816e10", "21e9b45282e01ebabd61e07cf9aa204e46e032a1d1acfb2303b8e0f670567448", "1bc5c6fd70de7b1d23cc5092a2272e38f99deceadf0e28ee03f0035885c8d4ab", "19885be40ef5a7b44b26d32d64bf4efcf9d3c5fc70c6edefd2ad40635f6d9912", "10d7b61a9abd5c49650304f5d0bb19f392e1bbe5f910d100441b8cb6f3ac1877", "ab39df8543a09d8c29eee030bb7dbad74c07c3b0b206a9d35880c4f26cf36452", "04dc096af986a9add7a85214455d58e97a34e4bdf3dee7272c455a401e3680d0", "15012baf2a25fbd426ced94c36175f41337b0e50128a0c5d475572e7e3c20d3b", "22b08643b67050fa5d35661cf4f52640ca54cb51f0284653f1de6ae6d78be228", "064e38cda346c8cfa42db4ef0a2a4c188586e8d4a303e5f97c32b42fb5482d78", "03addbd129b7de3d7d508d1d1b8deba6aee86127f98c4918022c9b43f78b072e", "133900dd382c7a2159a5718a5aabf95c68fd47d77220d663ff2d48bf4d798162", "1f2701d2976175f9ee326c37acd01d1a639d43264002c1fc9bd33e7cf92c8aaf", "00f589b973d9ddf0e3db6d567f77886c0e8a0ad7920f000de3f6cc3948439281", "2097e8760dc7d3e2a3db2dcd4731a54a49ec71671f16c0d57c0653897bb05e07", "15ccf19e26a40e2da63e6fc533a26fa39230374ec8cc8e0898680e7539d2383f", "2aae4aacd43eb084f256832fc79063d2f32c7b761913b98137fb35dcfe89f39b", "21c3fa1c14e8b604d2aef7f3c9037889e8dcbc8dc3a4b5f70d57da3fe6f474e9", "215203c148bbf1653422a1ad3a81a28e1b0d98cd299325f8698f56e40d9274f8", "0f71d11f24c6d489ee01b40eda3d9278452b0d2ba928feb20fa1c2906270f695", "0a63ab3b6b1943a68da5b5edd037422fe0c7bbe646f2578b8c5affb58f9f6b22", "1f3cc8fb5799308801f2d42a2aef65fd3edb8463d997ff55d62f40bdd7b9ebde", "0f284c56661707f11c7bf248323d1699f0d3c3f747b5a720d9d2f51deae00104"], "mitre_attack_tags": ["TA0005", "T1070"]}, {"bi": "sample-launched-copy-of-self", "hashes": ["0fb3382e2773d2c89b5df7b08f19001bc8ea66783a720118a2f317f45f460cb8", "0964b8355fa66c316052a8b1c301a7bcc71917337ff17aea4098ee0fd14bd3fa", "036b8a21e359548bb8e801e61a2a563e8877c39b5e689a7e679751bcad46d477", "1b07efa7944cb20c5d2864a86922f48bc8548eb1168da8f6ac225afd53816e10", "21e9b45282e01ebabd61e07cf9aa204e46e032a1d1acfb2303b8e0f670567448", "1bc5c6fd70de7b1d23cc5092a2272e38f99deceadf0e28ee03f0035885c8d4ab", "19885be40ef5a7b44b26d32d64bf4efcf9d3c5fc70c6edefd2ad40635f6d9912", "10d7b61a9abd5c49650304f5d0bb19f392e1bbe5f910d100441b8cb6f3ac1877", "ab39df8543a09d8c29eee030bb7dbad74c07c3b0b206a9d35880c4f26cf36452", "04dc096af986a9add7a85214455d58e97a34e4bdf3dee7272c455a401e3680d0", "15012baf2a25fbd426ced94c36175f41337b0e50128a0c5d475572e7e3c20d3b", "22b08643b67050fa5d35661cf4f52640ca54cb51f0284653f1de6ae6d78be228", "064e38cda346c8cfa42db4ef0a2a4c188586e8d4a303e5f97c32b42fb5482d78", "03addbd129b7de3d7d508d1d1b8deba6aee86127f98c4918022c9b43f78b072e", "133900dd382c7a2159a5718a5aabf95c68fd47d77220d663ff2d48bf4d798162", "1f2701d2976175f9ee326c37acd01d1a639d43264002c1fc9bd33e7cf92c8aaf", "00f589b973d9ddf0e3db6d567f77886c0e8a0ad7920f000de3f6cc3948439281", "2097e8760dc7d3e2a3db2dcd4731a54a49ec71671f16c0d57c0653897bb05e07", "15ccf19e26a40e2da63e6fc533a26fa39230374ec8cc8e0898680e7539d2383f", "2aae4aacd43eb084f256832fc79063d2f32c7b761913b98137fb35dcfe89f39b", "21c3fa1c14e8b604d2aef7f3c9037889e8dcbc8dc3a4b5f70d57da3fe6f474e9", "215203c148bbf1653422a1ad3a81a28e1b0d98cd299325f8698f56e40d9274f8", "0f71d11f24c6d489ee01b40eda3d9278452b0d2ba928feb20fa1c2906270f695", "0a63ab3b6b1943a68da5b5edd037422fe0c7bbe646f2578b8c5affb58f9f6b22", "1f3cc8fb5799308801f2d42a2aef65fd3edb8463d997ff55d62f40bdd7b9ebde", "0f284c56661707f11c7bf248323d1699f0d3c3f747b5a720d9d2f51deae00104"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "artifact-windows-task", "hashes": ["0fb3382e2773d2c89b5df7b08f19001bc8ea66783a720118a2f317f45f460cb8", "0964b8355fa66c316052a8b1c301a7bcc71917337ff17aea4098ee0fd14bd3fa", "036b8a21e359548bb8e801e61a2a563e8877c39b5e689a7e679751bcad46d477", "1b07efa7944cb20c5d2864a86922f48bc8548eb1168da8f6ac225afd53816e10", "21e9b45282e01ebabd61e07cf9aa204e46e032a1d1acfb2303b8e0f670567448", "1bc5c6fd70de7b1d23cc5092a2272e38f99deceadf0e28ee03f0035885c8d4ab", "19885be40ef5a7b44b26d32d64bf4efcf9d3c5fc70c6edefd2ad40635f6d9912", "10d7b61a9abd5c49650304f5d0bb19f392e1bbe5f910d100441b8cb6f3ac1877", "ab39df8543a09d8c29eee030bb7dbad74c07c3b0b206a9d35880c4f26cf36452", "04dc096af986a9add7a85214455d58e97a34e4bdf3dee7272c455a401e3680d0", "15012baf2a25fbd426ced94c36175f41337b0e50128a0c5d475572e7e3c20d3b", "22b08643b67050fa5d35661cf4f52640ca54cb51f0284653f1de6ae6d78be228", "064e38cda346c8cfa42db4ef0a2a4c188586e8d4a303e5f97c32b42fb5482d78", "03addbd129b7de3d7d508d1d1b8deba6aee86127f98c4918022c9b43f78b072e", "133900dd382c7a2159a5718a5aabf95c68fd47d77220d663ff2d48bf4d798162", "1f2701d2976175f9ee326c37acd01d1a639d43264002c1fc9bd33e7cf92c8aaf", "00f589b973d9ddf0e3db6d567f77886c0e8a0ad7920f000de3f6cc3948439281", "2097e8760dc7d3e2a3db2dcd4731a54a49ec71671f16c0d57c0653897bb05e07", "15ccf19e26a40e2da63e6fc533a26fa39230374ec8cc8e0898680e7539d2383f", "2aae4aacd43eb084f256832fc79063d2f32c7b761913b98137fb35dcfe89f39b", "21c3fa1c14e8b604d2aef7f3c9037889e8dcbc8dc3a4b5f70d57da3fe6f474e9", "215203c148bbf1653422a1ad3a81a28e1b0d98cd299325f8698f56e40d9274f8", "0f71d11f24c6d489ee01b40eda3d9278452b0d2ba928feb20fa1c2906270f695", "0a63ab3b6b1943a68da5b5edd037422fe0c7bbe646f2578b8c5affb58f9f6b22", "1f3cc8fb5799308801f2d42a2aef65fd3edb8463d997ff55d62f40bdd7b9ebde", "0f284c56661707f11c7bf248323d1699f0d3c3f747b5a720d9d2f51deae00104"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1053"]}, {"bi": "pe-uses-dot-net", "hashes": ["0fb3382e2773d2c89b5df7b08f19001bc8ea66783a720118a2f317f45f460cb8", "0964b8355fa66c316052a8b1c301a7bcc71917337ff17aea4098ee0fd14bd3fa", "036b8a21e359548bb8e801e61a2a563e8877c39b5e689a7e679751bcad46d477", "1b07efa7944cb20c5d2864a86922f48bc8548eb1168da8f6ac225afd53816e10", "21e9b45282e01ebabd61e07cf9aa204e46e032a1d1acfb2303b8e0f670567448", "1bc5c6fd70de7b1d23cc5092a2272e38f99deceadf0e28ee03f0035885c8d4ab", "19885be40ef5a7b44b26d32d64bf4efcf9d3c5fc70c6edefd2ad40635f6d9912", "10d7b61a9abd5c49650304f5d0bb19f392e1bbe5f910d100441b8cb6f3ac1877", "ab39df8543a09d8c29eee030bb7dbad74c07c3b0b206a9d35880c4f26cf36452", "04dc096af986a9add7a85214455d58e97a34e4bdf3dee7272c455a401e3680d0", "15012baf2a25fbd426ced94c36175f41337b0e50128a0c5d475572e7e3c20d3b", "22b08643b67050fa5d35661cf4f52640ca54cb51f0284653f1de6ae6d78be228", "064e38cda346c8cfa42db4ef0a2a4c188586e8d4a303e5f97c32b42fb5482d78", "03addbd129b7de3d7d508d1d1b8deba6aee86127f98c4918022c9b43f78b072e", "133900dd382c7a2159a5718a5aabf95c68fd47d77220d663ff2d48bf4d798162", "1f2701d2976175f9ee326c37acd01d1a639d43264002c1fc9bd33e7cf92c8aaf", "00f589b973d9ddf0e3db6d567f77886c0e8a0ad7920f000de3f6cc3948439281", "2097e8760dc7d3e2a3db2dcd4731a54a49ec71671f16c0d57c0653897bb05e07", "15ccf19e26a40e2da63e6fc533a26fa39230374ec8cc8e0898680e7539d2383f", "2aae4aacd43eb084f256832fc79063d2f32c7b761913b98137fb35dcfe89f39b", "21c3fa1c14e8b604d2aef7f3c9037889e8dcbc8dc3a4b5f70d57da3fe6f474e9", "215203c148bbf1653422a1ad3a81a28e1b0d98cd299325f8698f56e40d9274f8", "0f71d11f24c6d489ee01b40eda3d9278452b0d2ba928feb20fa1c2906270f695", "0a63ab3b6b1943a68da5b5edd037422fe0c7bbe646f2578b8c5affb58f9f6b22", "1f3cc8fb5799308801f2d42a2aef65fd3edb8463d997ff55d62f40bdd7b9ebde", "0f284c56661707f11c7bf248323d1699f0d3c3f747b5a720d9d2f51deae00104"], "mitre_attack_tags": []}, {"bi": "public-ip-address-identification-attempt", "hashes": ["0fb3382e2773d2c89b5df7b08f19001bc8ea66783a720118a2f317f45f460cb8", "0964b8355fa66c316052a8b1c301a7bcc71917337ff17aea4098ee0fd14bd3fa", "036b8a21e359548bb8e801e61a2a563e8877c39b5e689a7e679751bcad46d477", "1b07efa7944cb20c5d2864a86922f48bc8548eb1168da8f6ac225afd53816e10", "21e9b45282e01ebabd61e07cf9aa204e46e032a1d1acfb2303b8e0f670567448", "1bc5c6fd70de7b1d23cc5092a2272e38f99deceadf0e28ee03f0035885c8d4ab", "19885be40ef5a7b44b26d32d64bf4efcf9d3c5fc70c6edefd2ad40635f6d9912", "10d7b61a9abd5c49650304f5d0bb19f392e1bbe5f910d100441b8cb6f3ac1877", "ab39df8543a09d8c29eee030bb7dbad74c07c3b0b206a9d35880c4f26cf36452", "04dc096af986a9add7a85214455d58e97a34e4bdf3dee7272c455a401e3680d0", "15012baf2a25fbd426ced94c36175f41337b0e50128a0c5d475572e7e3c20d3b", "22b08643b67050fa5d35661cf4f52640ca54cb51f0284653f1de6ae6d78be228", "064e38cda346c8cfa42db4ef0a2a4c188586e8d4a303e5f97c32b42fb5482d78", "03addbd129b7de3d7d508d1d1b8deba6aee86127f98c4918022c9b43f78b072e", "133900dd382c7a2159a5718a5aabf95c68fd47d77220d663ff2d48bf4d798162", "1f2701d2976175f9ee326c37acd01d1a639d43264002c1fc9bd33e7cf92c8aaf", "00f589b973d9ddf0e3db6d567f77886c0e8a0ad7920f000de3f6cc3948439281", "2097e8760dc7d3e2a3db2dcd4731a54a49ec71671f16c0d57c0653897bb05e07", "15ccf19e26a40e2da63e6fc533a26fa39230374ec8cc8e0898680e7539d2383f", "2aae4aacd43eb084f256832fc79063d2f32c7b761913b98137fb35dcfe89f39b", "21c3fa1c14e8b604d2aef7f3c9037889e8dcbc8dc3a4b5f70d57da3fe6f474e9", "215203c148bbf1653422a1ad3a81a28e1b0d98cd299325f8698f56e40d9274f8", "0f71d11f24c6d489ee01b40eda3d9278452b0d2ba928feb20fa1c2906270f695", "0a63ab3b6b1943a68da5b5edd037422fe0c7bbe646f2578b8c5affb58f9f6b22", "1f3cc8fb5799308801f2d42a2aef65fd3edb8463d997ff55d62f40bdd7b9ebde", "0f284c56661707f11c7bf248323d1699f0d3c3f747b5a720d9d2f51deae00104"], "mitre_attack_tags": ["TA0007", "T1082", "T1016"]}, {"bi": "feed-public-ip-check-dns", "hashes": ["0fb3382e2773d2c89b5df7b08f19001bc8ea66783a720118a2f317f45f460cb8", "0964b8355fa66c316052a8b1c301a7bcc71917337ff17aea4098ee0fd14bd3fa", "036b8a21e359548bb8e801e61a2a563e8877c39b5e689a7e679751bcad46d477", "1b07efa7944cb20c5d2864a86922f48bc8548eb1168da8f6ac225afd53816e10", "21e9b45282e01ebabd61e07cf9aa204e46e032a1d1acfb2303b8e0f670567448", "1bc5c6fd70de7b1d23cc5092a2272e38f99deceadf0e28ee03f0035885c8d4ab", "19885be40ef5a7b44b26d32d64bf4efcf9d3c5fc70c6edefd2ad40635f6d9912", "10d7b61a9abd5c49650304f5d0bb19f392e1bbe5f910d100441b8cb6f3ac1877", "ab39df8543a09d8c29eee030bb7dbad74c07c3b0b206a9d35880c4f26cf36452", "04dc096af986a9add7a85214455d58e97a34e4bdf3dee7272c455a401e3680d0", "15012baf2a25fbd426ced94c36175f41337b0e50128a0c5d475572e7e3c20d3b", "22b08643b67050fa5d35661cf4f52640ca54cb51f0284653f1de6ae6d78be228", "064e38cda346c8cfa42db4ef0a2a4c188586e8d4a303e5f97c32b42fb5482d78", "03addbd129b7de3d7d508d1d1b8deba6aee86127f98c4918022c9b43f78b072e", "133900dd382c7a2159a5718a5aabf95c68fd47d77220d663ff2d48bf4d798162", "1f2701d2976175f9ee326c37acd01d1a639d43264002c1fc9bd33e7cf92c8aaf", "00f589b973d9ddf0e3db6d567f77886c0e8a0ad7920f000de3f6cc3948439281", "2097e8760dc7d3e2a3db2dcd4731a54a49ec71671f16c0d57c0653897bb05e07", "15ccf19e26a40e2da63e6fc533a26fa39230374ec8cc8e0898680e7539d2383f", "2aae4aacd43eb084f256832fc79063d2f32c7b761913b98137fb35dcfe89f39b", "21c3fa1c14e8b604d2aef7f3c9037889e8dcbc8dc3a4b5f70d57da3fe6f474e9", "215203c148bbf1653422a1ad3a81a28e1b0d98cd299325f8698f56e40d9274f8", "0f71d11f24c6d489ee01b40eda3d9278452b0d2ba928feb20fa1c2906270f695", "0a63ab3b6b1943a68da5b5edd037422fe0c7bbe646f2578b8c5affb58f9f6b22", "1f3cc8fb5799308801f2d42a2aef65fd3edb8463d997ff55d62f40bdd7b9ebde", "0f284c56661707f11c7bf248323d1699f0d3c3f747b5a720d9d2f51deae00104"], "mitre_attack_tags": []}, {"bi": "windows-util-schtask", "hashes": ["0fb3382e2773d2c89b5df7b08f19001bc8ea66783a720118a2f317f45f460cb8", "0964b8355fa66c316052a8b1c301a7bcc71917337ff17aea4098ee0fd14bd3fa", "036b8a21e359548bb8e801e61a2a563e8877c39b5e689a7e679751bcad46d477", "1b07efa7944cb20c5d2864a86922f48bc8548eb1168da8f6ac225afd53816e10", "21e9b45282e01ebabd61e07cf9aa204e46e032a1d1acfb2303b8e0f670567448", "1bc5c6fd70de7b1d23cc5092a2272e38f99deceadf0e28ee03f0035885c8d4ab", "19885be40ef5a7b44b26d32d64bf4efcf9d3c5fc70c6edefd2ad40635f6d9912", "10d7b61a9abd5c49650304f5d0bb19f392e1bbe5f910d100441b8cb6f3ac1877", "ab39df8543a09d8c29eee030bb7dbad74c07c3b0b206a9d35880c4f26cf36452", "04dc096af986a9add7a85214455d58e97a34e4bdf3dee7272c455a401e3680d0", "15012baf2a25fbd426ced94c36175f41337b0e50128a0c5d475572e7e3c20d3b", "22b08643b67050fa5d35661cf4f52640ca54cb51f0284653f1de6ae6d78be228", "064e38cda346c8cfa42db4ef0a2a4c188586e8d4a303e5f97c32b42fb5482d78", "03addbd129b7de3d7d508d1d1b8deba6aee86127f98c4918022c9b43f78b072e", "133900dd382c7a2159a5718a5aabf95c68fd47d77220d663ff2d48bf4d798162", "1f2701d2976175f9ee326c37acd01d1a639d43264002c1fc9bd33e7cf92c8aaf", "00f589b973d9ddf0e3db6d567f77886c0e8a0ad7920f000de3f6cc3948439281", "2097e8760dc7d3e2a3db2dcd4731a54a49ec71671f16c0d57c0653897bb05e07", "15ccf19e26a40e2da63e6fc533a26fa39230374ec8cc8e0898680e7539d2383f", "2aae4aacd43eb084f256832fc79063d2f32c7b761913b98137fb35dcfe89f39b", "21c3fa1c14e8b604d2aef7f3c9037889e8dcbc8dc3a4b5f70d57da3fe6f474e9", "215203c148bbf1653422a1ad3a81a28e1b0d98cd299325f8698f56e40d9274f8", "0f71d11f24c6d489ee01b40eda3d9278452b0d2ba928feb20fa1c2906270f695", "0a63ab3b6b1943a68da5b5edd037422fe0c7bbe646f2578b8c5affb58f9f6b22", "1f3cc8fb5799308801f2d42a2aef65fd3edb8463d997ff55d62f40bdd7b9ebde", "0f284c56661707f11c7bf248323d1699f0d3c3f747b5a720d9d2f51deae00104"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1053"]}, {"bi": "windows-util-schtask-generic", "hashes": ["0fb3382e2773d2c89b5df7b08f19001bc8ea66783a720118a2f317f45f460cb8", "0964b8355fa66c316052a8b1c301a7bcc71917337ff17aea4098ee0fd14bd3fa", "036b8a21e359548bb8e801e61a2a563e8877c39b5e689a7e679751bcad46d477", "1b07efa7944cb20c5d2864a86922f48bc8548eb1168da8f6ac225afd53816e10", "21e9b45282e01ebabd61e07cf9aa204e46e032a1d1acfb2303b8e0f670567448", "1bc5c6fd70de7b1d23cc5092a2272e38f99deceadf0e28ee03f0035885c8d4ab", "19885be40ef5a7b44b26d32d64bf4efcf9d3c5fc70c6edefd2ad40635f6d9912", "10d7b61a9abd5c49650304f5d0bb19f392e1bbe5f910d100441b8cb6f3ac1877", "ab39df8543a09d8c29eee030bb7dbad74c07c3b0b206a9d35880c4f26cf36452", "04dc096af986a9add7a85214455d58e97a34e4bdf3dee7272c455a401e3680d0", "15012baf2a25fbd426ced94c36175f41337b0e50128a0c5d475572e7e3c20d3b", "22b08643b67050fa5d35661cf4f52640ca54cb51f0284653f1de6ae6d78be228", "064e38cda346c8cfa42db4ef0a2a4c188586e8d4a303e5f97c32b42fb5482d78", "03addbd129b7de3d7d508d1d1b8deba6aee86127f98c4918022c9b43f78b072e", "133900dd382c7a2159a5718a5aabf95c68fd47d77220d663ff2d48bf4d798162", "1f2701d2976175f9ee326c37acd01d1a639d43264002c1fc9bd33e7cf92c8aaf", "00f589b973d9ddf0e3db6d567f77886c0e8a0ad7920f000de3f6cc3948439281", "2097e8760dc7d3e2a3db2dcd4731a54a49ec71671f16c0d57c0653897bb05e07", "15ccf19e26a40e2da63e6fc533a26fa39230374ec8cc8e0898680e7539d2383f", "2aae4aacd43eb084f256832fc79063d2f32c7b761913b98137fb35dcfe89f39b", "21c3fa1c14e8b604d2aef7f3c9037889e8dcbc8dc3a4b5f70d57da3fe6f474e9", "215203c148bbf1653422a1ad3a81a28e1b0d98cd299325f8698f56e40d9274f8", "0f71d11f24c6d489ee01b40eda3d9278452b0d2ba928feb20fa1c2906270f695", "0a63ab3b6b1943a68da5b5edd037422fe0c7bbe646f2578b8c5affb58f9f6b22", "1f3cc8fb5799308801f2d42a2aef65fd3edb8463d997ff55d62f40bdd7b9ebde", "0f284c56661707f11c7bf248323d1699f0d3c3f747b5a720d9d2f51deae00104"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1053"]}, {"bi": "imports-IsDebuggerPresent", "hashes": ["0fb3382e2773d2c89b5df7b08f19001bc8ea66783a720118a2f317f45f460cb8", "0964b8355fa66c316052a8b1c301a7bcc71917337ff17aea4098ee0fd14bd3fa", "036b8a21e359548bb8e801e61a2a563e8877c39b5e689a7e679751bcad46d477", "1b07efa7944cb20c5d2864a86922f48bc8548eb1168da8f6ac225afd53816e10", "21e9b45282e01ebabd61e07cf9aa204e46e032a1d1acfb2303b8e0f670567448", "1bc5c6fd70de7b1d23cc5092a2272e38f99deceadf0e28ee03f0035885c8d4ab", "19885be40ef5a7b44b26d32d64bf4efcf9d3c5fc70c6edefd2ad40635f6d9912", "10d7b61a9abd5c49650304f5d0bb19f392e1bbe5f910d100441b8cb6f3ac1877", "ab39df8543a09d8c29eee030bb7dbad74c07c3b0b206a9d35880c4f26cf36452", "04dc096af986a9add7a85214455d58e97a34e4bdf3dee7272c455a401e3680d0", "15012baf2a25fbd426ced94c36175f41337b0e50128a0c5d475572e7e3c20d3b", "22b08643b67050fa5d35661cf4f52640ca54cb51f0284653f1de6ae6d78be228", "064e38cda346c8cfa42db4ef0a2a4c188586e8d4a303e5f97c32b42fb5482d78", "03addbd129b7de3d7d508d1d1b8deba6aee86127f98c4918022c9b43f78b072e", "133900dd382c7a2159a5718a5aabf95c68fd47d77220d663ff2d48bf4d798162", "1f2701d2976175f9ee326c37acd01d1a639d43264002c1fc9bd33e7cf92c8aaf", "00f589b973d9ddf0e3db6d567f77886c0e8a0ad7920f000de3f6cc3948439281", "2097e8760dc7d3e2a3db2dcd4731a54a49ec71671f16c0d57c0653897bb05e07", "15ccf19e26a40e2da63e6fc533a26fa39230374ec8cc8e0898680e7539d2383f", "2aae4aacd43eb084f256832fc79063d2f32c7b761913b98137fb35dcfe89f39b", "21c3fa1c14e8b604d2aef7f3c9037889e8dcbc8dc3a4b5f70d57da3fe6f474e9", "215203c148bbf1653422a1ad3a81a28e1b0d98cd299325f8698f56e40d9274f8", "0f71d11f24c6d489ee01b40eda3d9278452b0d2ba928feb20fa1c2906270f695", "0a63ab3b6b1943a68da5b5edd037422fe0c7bbe646f2578b8c5affb58f9f6b22", "1f3cc8fb5799308801f2d42a2aef65fd3edb8463d997ff55d62f40bdd7b9ebde", "0f284c56661707f11c7bf248323d1699f0d3c3f747b5a720d9d2f51deae00104"], "mitre_attack_tags": []}, {"bi": "pe-imports-psapi-dll", "hashes": ["0fb3382e2773d2c89b5df7b08f19001bc8ea66783a720118a2f317f45f460cb8", "0964b8355fa66c316052a8b1c301a7bcc71917337ff17aea4098ee0fd14bd3fa", "036b8a21e359548bb8e801e61a2a563e8877c39b5e689a7e679751bcad46d477", "1b07efa7944cb20c5d2864a86922f48bc8548eb1168da8f6ac225afd53816e10", "21e9b45282e01ebabd61e07cf9aa204e46e032a1d1acfb2303b8e0f670567448", "1bc5c6fd70de7b1d23cc5092a2272e38f99deceadf0e28ee03f0035885c8d4ab", "19885be40ef5a7b44b26d32d64bf4efcf9d3c5fc70c6edefd2ad40635f6d9912", "10d7b61a9abd5c49650304f5d0bb19f392e1bbe5f910d100441b8cb6f3ac1877", "ab39df8543a09d8c29eee030bb7dbad74c07c3b0b206a9d35880c4f26cf36452", "04dc096af986a9add7a85214455d58e97a34e4bdf3dee7272c455a401e3680d0", "15012baf2a25fbd426ced94c36175f41337b0e50128a0c5d475572e7e3c20d3b", "22b08643b67050fa5d35661cf4f52640ca54cb51f0284653f1de6ae6d78be228", "064e38cda346c8cfa42db4ef0a2a4c188586e8d4a303e5f97c32b42fb5482d78", "03addbd129b7de3d7d508d1d1b8deba6aee86127f98c4918022c9b43f78b072e", "133900dd382c7a2159a5718a5aabf95c68fd47d77220d663ff2d48bf4d798162", "1f2701d2976175f9ee326c37acd01d1a639d43264002c1fc9bd33e7cf92c8aaf", "00f589b973d9ddf0e3db6d567f77886c0e8a0ad7920f000de3f6cc3948439281", "2097e8760dc7d3e2a3db2dcd4731a54a49ec71671f16c0d57c0653897bb05e07", "15ccf19e26a40e2da63e6fc533a26fa39230374ec8cc8e0898680e7539d2383f", "2aae4aacd43eb084f256832fc79063d2f32c7b761913b98137fb35dcfe89f39b", "21c3fa1c14e8b604d2aef7f3c9037889e8dcbc8dc3a4b5f70d57da3fe6f474e9", "215203c148bbf1653422a1ad3a81a28e1b0d98cd299325f8698f56e40d9274f8", "0f71d11f24c6d489ee01b40eda3d9278452b0d2ba928feb20fa1c2906270f695", "0a63ab3b6b1943a68da5b5edd037422fe0c7bbe646f2578b8c5affb58f9f6b22", "1f3cc8fb5799308801f2d42a2aef65fd3edb8463d997ff55d62f40bdd7b9ebde", "0f284c56661707f11c7bf248323d1699f0d3c3f747b5a720d9d2f51deae00104"], "mitre_attack_tags": ["TA0007", "T1057"]}, {"bi": "unsigned-roaming-execution", "hashes": ["0fb3382e2773d2c89b5df7b08f19001bc8ea66783a720118a2f317f45f460cb8", "0964b8355fa66c316052a8b1c301a7bcc71917337ff17aea4098ee0fd14bd3fa", "036b8a21e359548bb8e801e61a2a563e8877c39b5e689a7e679751bcad46d477", "1b07efa7944cb20c5d2864a86922f48bc8548eb1168da8f6ac225afd53816e10", "21e9b45282e01ebabd61e07cf9aa204e46e032a1d1acfb2303b8e0f670567448", "1bc5c6fd70de7b1d23cc5092a2272e38f99deceadf0e28ee03f0035885c8d4ab", "19885be40ef5a7b44b26d32d64bf4efcf9d3c5fc70c6edefd2ad40635f6d9912", "10d7b61a9abd5c49650304f5d0bb19f392e1bbe5f910d100441b8cb6f3ac1877", "ab39df8543a09d8c29eee030bb7dbad74c07c3b0b206a9d35880c4f26cf36452", "04dc096af986a9add7a85214455d58e97a34e4bdf3dee7272c455a401e3680d0", "15012baf2a25fbd426ced94c36175f41337b0e50128a0c5d475572e7e3c20d3b", "22b08643b67050fa5d35661cf4f52640ca54cb51f0284653f1de6ae6d78be228", "064e38cda346c8cfa42db4ef0a2a4c188586e8d4a303e5f97c32b42fb5482d78", "03addbd129b7de3d7d508d1d1b8deba6aee86127f98c4918022c9b43f78b072e", "133900dd382c7a2159a5718a5aabf95c68fd47d77220d663ff2d48bf4d798162", "1f2701d2976175f9ee326c37acd01d1a639d43264002c1fc9bd33e7cf92c8aaf", "00f589b973d9ddf0e3db6d567f77886c0e8a0ad7920f000de3f6cc3948439281", "2097e8760dc7d3e2a3db2dcd4731a54a49ec71671f16c0d57c0653897bb05e07", "15ccf19e26a40e2da63e6fc533a26fa39230374ec8cc8e0898680e7539d2383f", "2aae4aacd43eb084f256832fc79063d2f32c7b761913b98137fb35dcfe89f39b", "21c3fa1c14e8b604d2aef7f3c9037889e8dcbc8dc3a4b5f70d57da3fe6f474e9", "215203c148bbf1653422a1ad3a81a28e1b0d98cd299325f8698f56e40d9274f8", "0f71d11f24c6d489ee01b40eda3d9278452b0d2ba928feb20fa1c2906270f695", "0a63ab3b6b1943a68da5b5edd037422fe0c7bbe646f2578b8c5affb58f9f6b22", "1f3cc8fb5799308801f2d42a2aef65fd3edb8463d997ff55d62f40bdd7b9ebde", "0f284c56661707f11c7bf248323d1699f0d3c3f747b5a720d9d2f51deae00104"], "mitre_attack_tags": ["TA0005"]}, {"bi": "pe-tls-callback", "hashes": ["0fb3382e2773d2c89b5df7b08f19001bc8ea66783a720118a2f317f45f460cb8", "0964b8355fa66c316052a8b1c301a7bcc71917337ff17aea4098ee0fd14bd3fa", "036b8a21e359548bb8e801e61a2a563e8877c39b5e689a7e679751bcad46d477", "1b07efa7944cb20c5d2864a86922f48bc8548eb1168da8f6ac225afd53816e10", "21e9b45282e01ebabd61e07cf9aa204e46e032a1d1acfb2303b8e0f670567448", "1bc5c6fd70de7b1d23cc5092a2272e38f99deceadf0e28ee03f0035885c8d4ab", "19885be40ef5a7b44b26d32d64bf4efcf9d3c5fc70c6edefd2ad40635f6d9912", "10d7b61a9abd5c49650304f5d0bb19f392e1bbe5f910d100441b8cb6f3ac1877", "ab39df8543a09d8c29eee030bb7dbad74c07c3b0b206a9d35880c4f26cf36452", "04dc096af986a9add7a85214455d58e97a34e4bdf3dee7272c455a401e3680d0", "15012baf2a25fbd426ced94c36175f41337b0e50128a0c5d475572e7e3c20d3b", "22b08643b67050fa5d35661cf4f52640ca54cb51f0284653f1de6ae6d78be228", "064e38cda346c8cfa42db4ef0a2a4c188586e8d4a303e5f97c32b42fb5482d78", "03addbd129b7de3d7d508d1d1b8deba6aee86127f98c4918022c9b43f78b072e", "133900dd382c7a2159a5718a5aabf95c68fd47d77220d663ff2d48bf4d798162", "1f2701d2976175f9ee326c37acd01d1a639d43264002c1fc9bd33e7cf92c8aaf", "00f589b973d9ddf0e3db6d567f77886c0e8a0ad7920f000de3f6cc3948439281", "2097e8760dc7d3e2a3db2dcd4731a54a49ec71671f16c0d57c0653897bb05e07", "15ccf19e26a40e2da63e6fc533a26fa39230374ec8cc8e0898680e7539d2383f", "2aae4aacd43eb084f256832fc79063d2f32c7b761913b98137fb35dcfe89f39b", "21c3fa1c14e8b604d2aef7f3c9037889e8dcbc8dc3a4b5f70d57da3fe6f474e9", "215203c148bbf1653422a1ad3a81a28e1b0d98cd299325f8698f56e40d9274f8", "0f71d11f24c6d489ee01b40eda3d9278452b0d2ba928feb20fa1c2906270f695", "0a63ab3b6b1943a68da5b5edd037422fe0c7bbe646f2578b8c5affb58f9f6b22", "1f3cc8fb5799308801f2d42a2aef65fd3edb8463d997ff55d62f40bdd7b9ebde", "0f284c56661707f11c7bf248323d1699f0d3c3f747b5a720d9d2f51deae00104"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-imports-toolhelp", "hashes": ["0fb3382e2773d2c89b5df7b08f19001bc8ea66783a720118a2f317f45f460cb8", "0964b8355fa66c316052a8b1c301a7bcc71917337ff17aea4098ee0fd14bd3fa", "036b8a21e359548bb8e801e61a2a563e8877c39b5e689a7e679751bcad46d477", "1b07efa7944cb20c5d2864a86922f48bc8548eb1168da8f6ac225afd53816e10", "21e9b45282e01ebabd61e07cf9aa204e46e032a1d1acfb2303b8e0f670567448", "1bc5c6fd70de7b1d23cc5092a2272e38f99deceadf0e28ee03f0035885c8d4ab", "19885be40ef5a7b44b26d32d64bf4efcf9d3c5fc70c6edefd2ad40635f6d9912", "10d7b61a9abd5c49650304f5d0bb19f392e1bbe5f910d100441b8cb6f3ac1877", "ab39df8543a09d8c29eee030bb7dbad74c07c3b0b206a9d35880c4f26cf36452", "04dc096af986a9add7a85214455d58e97a34e4bdf3dee7272c455a401e3680d0", "15012baf2a25fbd426ced94c36175f41337b0e50128a0c5d475572e7e3c20d3b", "22b08643b67050fa5d35661cf4f52640ca54cb51f0284653f1de6ae6d78be228", "064e38cda346c8cfa42db4ef0a2a4c188586e8d4a303e5f97c32b42fb5482d78", "03addbd129b7de3d7d508d1d1b8deba6aee86127f98c4918022c9b43f78b072e", "133900dd382c7a2159a5718a5aabf95c68fd47d77220d663ff2d48bf4d798162", "1f2701d2976175f9ee326c37acd01d1a639d43264002c1fc9bd33e7cf92c8aaf", "00f589b973d9ddf0e3db6d567f77886c0e8a0ad7920f000de3f6cc3948439281", "2097e8760dc7d3e2a3db2dcd4731a54a49ec71671f16c0d57c0653897bb05e07", "15ccf19e26a40e2da63e6fc533a26fa39230374ec8cc8e0898680e7539d2383f", "2aae4aacd43eb084f256832fc79063d2f32c7b761913b98137fb35dcfe89f39b", "21c3fa1c14e8b604d2aef7f3c9037889e8dcbc8dc3a4b5f70d57da3fe6f474e9", "215203c148bbf1653422a1ad3a81a28e1b0d98cd299325f8698f56e40d9274f8", "0f71d11f24c6d489ee01b40eda3d9278452b0d2ba928feb20fa1c2906270f695", "0a63ab3b6b1943a68da5b5edd037422fe0c7bbe646f2578b8c5affb58f9f6b22", "1f3cc8fb5799308801f2d42a2aef65fd3edb8463d997ff55d62f40bdd7b9ebde", "0f284c56661707f11c7bf248323d1699f0d3c3f747b5a720d9d2f51deae00104"], "mitre_attack_tags": ["TA0007", "T1057"]}, {"bi": "antivirus-flagged-artifact-cta", "hashes": ["0fb3382e2773d2c89b5df7b08f19001bc8ea66783a720118a2f317f45f460cb8", "0964b8355fa66c316052a8b1c301a7bcc71917337ff17aea4098ee0fd14bd3fa", "036b8a21e359548bb8e801e61a2a563e8877c39b5e689a7e679751bcad46d477", "1b07efa7944cb20c5d2864a86922f48bc8548eb1168da8f6ac225afd53816e10", "21e9b45282e01ebabd61e07cf9aa204e46e032a1d1acfb2303b8e0f670567448", "1bc5c6fd70de7b1d23cc5092a2272e38f99deceadf0e28ee03f0035885c8d4ab", "19885be40ef5a7b44b26d32d64bf4efcf9d3c5fc70c6edefd2ad40635f6d9912", "10d7b61a9abd5c49650304f5d0bb19f392e1bbe5f910d100441b8cb6f3ac1877", "ab39df8543a09d8c29eee030bb7dbad74c07c3b0b206a9d35880c4f26cf36452", "04dc096af986a9add7a85214455d58e97a34e4bdf3dee7272c455a401e3680d0", "15012baf2a25fbd426ced94c36175f41337b0e50128a0c5d475572e7e3c20d3b", "22b08643b67050fa5d35661cf4f52640ca54cb51f0284653f1de6ae6d78be228", "064e38cda346c8cfa42db4ef0a2a4c188586e8d4a303e5f97c32b42fb5482d78", "03addbd129b7de3d7d508d1d1b8deba6aee86127f98c4918022c9b43f78b072e", "133900dd382c7a2159a5718a5aabf95c68fd47d77220d663ff2d48bf4d798162", "1f2701d2976175f9ee326c37acd01d1a639d43264002c1fc9bd33e7cf92c8aaf", "00f589b973d9ddf0e3db6d567f77886c0e8a0ad7920f000de3f6cc3948439281", "2097e8760dc7d3e2a3db2dcd4731a54a49ec71671f16c0d57c0653897bb05e07", "15ccf19e26a40e2da63e6fc533a26fa39230374ec8cc8e0898680e7539d2383f", "2aae4aacd43eb084f256832fc79063d2f32c7b761913b98137fb35dcfe89f39b", "21c3fa1c14e8b604d2aef7f3c9037889e8dcbc8dc3a4b5f70d57da3fe6f474e9", "215203c148bbf1653422a1ad3a81a28e1b0d98cd299325f8698f56e40d9274f8", "0f71d11f24c6d489ee01b40eda3d9278452b0d2ba928feb20fa1c2906270f695", "0a63ab3b6b1943a68da5b5edd037422fe0c7bbe646f2578b8c5affb58f9f6b22", "1f3cc8fb5799308801f2d42a2aef65fd3edb8463d997ff55d62f40bdd7b9ebde", "0f284c56661707f11c7bf248323d1699f0d3c3f747b5a720d9d2f51deae00104"], "mitre_attack_tags": []}, {"bi": "malware-trojan-coinminer-detected", "hashes": ["0fb3382e2773d2c89b5df7b08f19001bc8ea66783a720118a2f317f45f460cb8", "0964b8355fa66c316052a8b1c301a7bcc71917337ff17aea4098ee0fd14bd3fa", "036b8a21e359548bb8e801e61a2a563e8877c39b5e689a7e679751bcad46d477", "1b07efa7944cb20c5d2864a86922f48bc8548eb1168da8f6ac225afd53816e10", "21e9b45282e01ebabd61e07cf9aa204e46e032a1d1acfb2303b8e0f670567448", "1bc5c6fd70de7b1d23cc5092a2272e38f99deceadf0e28ee03f0035885c8d4ab", "19885be40ef5a7b44b26d32d64bf4efcf9d3c5fc70c6edefd2ad40635f6d9912", "10d7b61a9abd5c49650304f5d0bb19f392e1bbe5f910d100441b8cb6f3ac1877", "ab39df8543a09d8c29eee030bb7dbad74c07c3b0b206a9d35880c4f26cf36452", "04dc096af986a9add7a85214455d58e97a34e4bdf3dee7272c455a401e3680d0", "15012baf2a25fbd426ced94c36175f41337b0e50128a0c5d475572e7e3c20d3b", "22b08643b67050fa5d35661cf4f52640ca54cb51f0284653f1de6ae6d78be228", "064e38cda346c8cfa42db4ef0a2a4c188586e8d4a303e5f97c32b42fb5482d78", "03addbd129b7de3d7d508d1d1b8deba6aee86127f98c4918022c9b43f78b072e", "133900dd382c7a2159a5718a5aabf95c68fd47d77220d663ff2d48bf4d798162", "1f2701d2976175f9ee326c37acd01d1a639d43264002c1fc9bd33e7cf92c8aaf", "00f589b973d9ddf0e3db6d567f77886c0e8a0ad7920f000de3f6cc3948439281", "2097e8760dc7d3e2a3db2dcd4731a54a49ec71671f16c0d57c0653897bb05e07", "15ccf19e26a40e2da63e6fc533a26fa39230374ec8cc8e0898680e7539d2383f", "2aae4aacd43eb084f256832fc79063d2f32c7b761913b98137fb35dcfe89f39b", "21c3fa1c14e8b604d2aef7f3c9037889e8dcbc8dc3a4b5f70d57da3fe6f474e9", "215203c148bbf1653422a1ad3a81a28e1b0d98cd299325f8698f56e40d9274f8", "0f71d11f24c6d489ee01b40eda3d9278452b0d2ba928feb20fa1c2906270f695", "0a63ab3b6b1943a68da5b5edd037422fe0c7bbe646f2578b8c5affb58f9f6b22", "1f3cc8fb5799308801f2d42a2aef65fd3edb8463d997ff55d62f40bdd7b9ebde", "0f284c56661707f11c7bf248323d1699f0d3c3f747b5a720d9d2f51deae00104"], "mitre_attack_tags": []}, {"bi": "artifact-flagged-malware", "hashes": ["0fb3382e2773d2c89b5df7b08f19001bc8ea66783a720118a2f317f45f460cb8", "0964b8355fa66c316052a8b1c301a7bcc71917337ff17aea4098ee0fd14bd3fa", "036b8a21e359548bb8e801e61a2a563e8877c39b5e689a7e679751bcad46d477", "1b07efa7944cb20c5d2864a86922f48bc8548eb1168da8f6ac225afd53816e10", "21e9b45282e01ebabd61e07cf9aa204e46e032a1d1acfb2303b8e0f670567448", "1bc5c6fd70de7b1d23cc5092a2272e38f99deceadf0e28ee03f0035885c8d4ab", "19885be40ef5a7b44b26d32d64bf4efcf9d3c5fc70c6edefd2ad40635f6d9912", "10d7b61a9abd5c49650304f5d0bb19f392e1bbe5f910d100441b8cb6f3ac1877", "ab39df8543a09d8c29eee030bb7dbad74c07c3b0b206a9d35880c4f26cf36452", "04dc096af986a9add7a85214455d58e97a34e4bdf3dee7272c455a401e3680d0", "15012baf2a25fbd426ced94c36175f41337b0e50128a0c5d475572e7e3c20d3b", "22b08643b67050fa5d35661cf4f52640ca54cb51f0284653f1de6ae6d78be228", "064e38cda346c8cfa42db4ef0a2a4c188586e8d4a303e5f97c32b42fb5482d78", "03addbd129b7de3d7d508d1d1b8deba6aee86127f98c4918022c9b43f78b072e", "133900dd382c7a2159a5718a5aabf95c68fd47d77220d663ff2d48bf4d798162", "1f2701d2976175f9ee326c37acd01d1a639d43264002c1fc9bd33e7cf92c8aaf", "00f589b973d9ddf0e3db6d567f77886c0e8a0ad7920f000de3f6cc3948439281", "2097e8760dc7d3e2a3db2dcd4731a54a49ec71671f16c0d57c0653897bb05e07", "15ccf19e26a40e2da63e6fc533a26fa39230374ec8cc8e0898680e7539d2383f", "2aae4aacd43eb084f256832fc79063d2f32c7b761913b98137fb35dcfe89f39b", "21c3fa1c14e8b604d2aef7f3c9037889e8dcbc8dc3a4b5f70d57da3fe6f474e9", "215203c148bbf1653422a1ad3a81a28e1b0d98cd299325f8698f56e40d9274f8", "0f71d11f24c6d489ee01b40eda3d9278452b0d2ba928feb20fa1c2906270f695", "0a63ab3b6b1943a68da5b5edd037422fe0c7bbe646f2578b8c5affb58f9f6b22", "1f3cc8fb5799308801f2d42a2aef65fd3edb8463d997ff55d62f40bdd7b9ebde", "0f284c56661707f11c7bf248323d1699f0d3c3f747b5a720d9d2f51deae00104"], "mitre_attack_tags": []}, {"bi": "cryptonight-library-detected", "hashes": ["0fb3382e2773d2c89b5df7b08f19001bc8ea66783a720118a2f317f45f460cb8", "0964b8355fa66c316052a8b1c301a7bcc71917337ff17aea4098ee0fd14bd3fa", "036b8a21e359548bb8e801e61a2a563e8877c39b5e689a7e679751bcad46d477", "1b07efa7944cb20c5d2864a86922f48bc8548eb1168da8f6ac225afd53816e10", "21e9b45282e01ebabd61e07cf9aa204e46e032a1d1acfb2303b8e0f670567448", "1bc5c6fd70de7b1d23cc5092a2272e38f99deceadf0e28ee03f0035885c8d4ab", "19885be40ef5a7b44b26d32d64bf4efcf9d3c5fc70c6edefd2ad40635f6d9912", "10d7b61a9abd5c49650304f5d0bb19f392e1bbe5f910d100441b8cb6f3ac1877", "ab39df8543a09d8c29eee030bb7dbad74c07c3b0b206a9d35880c4f26cf36452", "04dc096af986a9add7a85214455d58e97a34e4bdf3dee7272c455a401e3680d0", "15012baf2a25fbd426ced94c36175f41337b0e50128a0c5d475572e7e3c20d3b", "22b08643b67050fa5d35661cf4f52640ca54cb51f0284653f1de6ae6d78be228", "064e38cda346c8cfa42db4ef0a2a4c188586e8d4a303e5f97c32b42fb5482d78", "03addbd129b7de3d7d508d1d1b8deba6aee86127f98c4918022c9b43f78b072e", "133900dd382c7a2159a5718a5aabf95c68fd47d77220d663ff2d48bf4d798162", "1f2701d2976175f9ee326c37acd01d1a639d43264002c1fc9bd33e7cf92c8aaf", "00f589b973d9ddf0e3db6d567f77886c0e8a0ad7920f000de3f6cc3948439281", "2097e8760dc7d3e2a3db2dcd4731a54a49ec71671f16c0d57c0653897bb05e07", "15ccf19e26a40e2da63e6fc533a26fa39230374ec8cc8e0898680e7539d2383f", "2aae4aacd43eb084f256832fc79063d2f32c7b761913b98137fb35dcfe89f39b", "21c3fa1c14e8b604d2aef7f3c9037889e8dcbc8dc3a4b5f70d57da3fe6f474e9", "215203c148bbf1653422a1ad3a81a28e1b0d98cd299325f8698f56e40d9274f8", "0f71d11f24c6d489ee01b40eda3d9278452b0d2ba928feb20fa1c2906270f695", "0a63ab3b6b1943a68da5b5edd037422fe0c7bbe646f2578b8c5affb58f9f6b22", "1f3cc8fb5799308801f2d42a2aef65fd3edb8463d997ff55d62f40bdd7b9ebde", "0f284c56661707f11c7bf248323d1699f0d3c3f747b5a720d9d2f51deae00104"], "mitre_attack_tags": []}, {"bi": "pe-header-linker-major", "hashes": ["0fb3382e2773d2c89b5df7b08f19001bc8ea66783a720118a2f317f45f460cb8", "0964b8355fa66c316052a8b1c301a7bcc71917337ff17aea4098ee0fd14bd3fa", "036b8a21e359548bb8e801e61a2a563e8877c39b5e689a7e679751bcad46d477", "1b07efa7944cb20c5d2864a86922f48bc8548eb1168da8f6ac225afd53816e10", "21e9b45282e01ebabd61e07cf9aa204e46e032a1d1acfb2303b8e0f670567448", "1bc5c6fd70de7b1d23cc5092a2272e38f99deceadf0e28ee03f0035885c8d4ab", "19885be40ef5a7b44b26d32d64bf4efcf9d3c5fc70c6edefd2ad40635f6d9912", "10d7b61a9abd5c49650304f5d0bb19f392e1bbe5f910d100441b8cb6f3ac1877", "ab39df8543a09d8c29eee030bb7dbad74c07c3b0b206a9d35880c4f26cf36452", "04dc096af986a9add7a85214455d58e97a34e4bdf3dee7272c455a401e3680d0", "15012baf2a25fbd426ced94c36175f41337b0e50128a0c5d475572e7e3c20d3b", "22b08643b67050fa5d35661cf4f52640ca54cb51f0284653f1de6ae6d78be228", "064e38cda346c8cfa42db4ef0a2a4c188586e8d4a303e5f97c32b42fb5482d78", "03addbd129b7de3d7d508d1d1b8deba6aee86127f98c4918022c9b43f78b072e", "133900dd382c7a2159a5718a5aabf95c68fd47d77220d663ff2d48bf4d798162", "1f2701d2976175f9ee326c37acd01d1a639d43264002c1fc9bd33e7cf92c8aaf", "00f589b973d9ddf0e3db6d567f77886c0e8a0ad7920f000de3f6cc3948439281", "2097e8760dc7d3e2a3db2dcd4731a54a49ec71671f16c0d57c0653897bb05e07", "15ccf19e26a40e2da63e6fc533a26fa39230374ec8cc8e0898680e7539d2383f", "2aae4aacd43eb084f256832fc79063d2f32c7b761913b98137fb35dcfe89f39b", "21c3fa1c14e8b604d2aef7f3c9037889e8dcbc8dc3a4b5f70d57da3fe6f474e9", "215203c148bbf1653422a1ad3a81a28e1b0d98cd299325f8698f56e40d9274f8", "0f71d11f24c6d489ee01b40eda3d9278452b0d2ba928feb20fa1c2906270f695", "0a63ab3b6b1943a68da5b5edd037422fe0c7bbe646f2578b8c5affb58f9f6b22", "1f3cc8fb5799308801f2d42a2aef65fd3edb8463d997ff55d62f40bdd7b9ebde", "0f284c56661707f11c7bf248323d1699f0d3c3f747b5a720d9d2f51deae00104"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "network-communications-http-get", "hashes": ["0fb3382e2773d2c89b5df7b08f19001bc8ea66783a720118a2f317f45f460cb8", "0964b8355fa66c316052a8b1c301a7bcc71917337ff17aea4098ee0fd14bd3fa", "036b8a21e359548bb8e801e61a2a563e8877c39b5e689a7e679751bcad46d477", "1b07efa7944cb20c5d2864a86922f48bc8548eb1168da8f6ac225afd53816e10", "21e9b45282e01ebabd61e07cf9aa204e46e032a1d1acfb2303b8e0f670567448", "1bc5c6fd70de7b1d23cc5092a2272e38f99deceadf0e28ee03f0035885c8d4ab", "19885be40ef5a7b44b26d32d64bf4efcf9d3c5fc70c6edefd2ad40635f6d9912", "10d7b61a9abd5c49650304f5d0bb19f392e1bbe5f910d100441b8cb6f3ac1877", "ab39df8543a09d8c29eee030bb7dbad74c07c3b0b206a9d35880c4f26cf36452", "04dc096af986a9add7a85214455d58e97a34e4bdf3dee7272c455a401e3680d0", "15012baf2a25fbd426ced94c36175f41337b0e50128a0c5d475572e7e3c20d3b", "22b08643b67050fa5d35661cf4f52640ca54cb51f0284653f1de6ae6d78be228", "064e38cda346c8cfa42db4ef0a2a4c188586e8d4a303e5f97c32b42fb5482d78", "03addbd129b7de3d7d508d1d1b8deba6aee86127f98c4918022c9b43f78b072e", "133900dd382c7a2159a5718a5aabf95c68fd47d77220d663ff2d48bf4d798162", "00f589b973d9ddf0e3db6d567f77886c0e8a0ad7920f000de3f6cc3948439281", "2097e8760dc7d3e2a3db2dcd4731a54a49ec71671f16c0d57c0653897bb05e07", "15ccf19e26a40e2da63e6fc533a26fa39230374ec8cc8e0898680e7539d2383f", "2aae4aacd43eb084f256832fc79063d2f32c7b761913b98137fb35dcfe89f39b", "21c3fa1c14e8b604d2aef7f3c9037889e8dcbc8dc3a4b5f70d57da3fe6f474e9", "215203c148bbf1653422a1ad3a81a28e1b0d98cd299325f8698f56e40d9274f8", "0a63ab3b6b1943a68da5b5edd037422fe0c7bbe646f2578b8c5affb58f9f6b22", "1f3cc8fb5799308801f2d42a2aef65fd3edb8463d997ff55d62f40bdd7b9ebde", "0f284c56661707f11c7bf248323d1699f0d3c3f747b5a720d9d2f51deae00104"], "mitre_attack_tags": ["TA0011", "T1105"]}, {"bi": "network-http-blank-user-agent", "hashes": ["0fb3382e2773d2c89b5df7b08f19001bc8ea66783a720118a2f317f45f460cb8", "0964b8355fa66c316052a8b1c301a7bcc71917337ff17aea4098ee0fd14bd3fa", "036b8a21e359548bb8e801e61a2a563e8877c39b5e689a7e679751bcad46d477", "1b07efa7944cb20c5d2864a86922f48bc8548eb1168da8f6ac225afd53816e10", "21e9b45282e01ebabd61e07cf9aa204e46e032a1d1acfb2303b8e0f670567448", "1bc5c6fd70de7b1d23cc5092a2272e38f99deceadf0e28ee03f0035885c8d4ab", "19885be40ef5a7b44b26d32d64bf4efcf9d3c5fc70c6edefd2ad40635f6d9912", "10d7b61a9abd5c49650304f5d0bb19f392e1bbe5f910d100441b8cb6f3ac1877", "ab39df8543a09d8c29eee030bb7dbad74c07c3b0b206a9d35880c4f26cf36452", "04dc096af986a9add7a85214455d58e97a34e4bdf3dee7272c455a401e3680d0", "15012baf2a25fbd426ced94c36175f41337b0e50128a0c5d475572e7e3c20d3b", "22b08643b67050fa5d35661cf4f52640ca54cb51f0284653f1de6ae6d78be228", "064e38cda346c8cfa42db4ef0a2a4c188586e8d4a303e5f97c32b42fb5482d78", "03addbd129b7de3d7d508d1d1b8deba6aee86127f98c4918022c9b43f78b072e", "133900dd382c7a2159a5718a5aabf95c68fd47d77220d663ff2d48bf4d798162", "00f589b973d9ddf0e3db6d567f77886c0e8a0ad7920f000de3f6cc3948439281", "2097e8760dc7d3e2a3db2dcd4731a54a49ec71671f16c0d57c0653897bb05e07", "15ccf19e26a40e2da63e6fc533a26fa39230374ec8cc8e0898680e7539d2383f", "2aae4aacd43eb084f256832fc79063d2f32c7b761913b98137fb35dcfe89f39b", "21c3fa1c14e8b604d2aef7f3c9037889e8dcbc8dc3a4b5f70d57da3fe6f474e9", "215203c148bbf1653422a1ad3a81a28e1b0d98cd299325f8698f56e40d9274f8", "0a63ab3b6b1943a68da5b5edd037422fe0c7bbe646f2578b8c5affb58f9f6b22", "1f3cc8fb5799308801f2d42a2aef65fd3edb8463d997ff55d62f40bdd7b9ebde", "0f284c56661707f11c7bf248323d1699f0d3c3f747b5a720d9d2f51deae00104"], "mitre_attack_tags": ["TA0011", "T1071"]}, {"bi": "process-hollowing-detected", "hashes": ["0964b8355fa66c316052a8b1c301a7bcc71917337ff17aea4098ee0fd14bd3fa", "036b8a21e359548bb8e801e61a2a563e8877c39b5e689a7e679751bcad46d477", "1b07efa7944cb20c5d2864a86922f48bc8548eb1168da8f6ac225afd53816e10", "21e9b45282e01ebabd61e07cf9aa204e46e032a1d1acfb2303b8e0f670567448", "19885be40ef5a7b44b26d32d64bf4efcf9d3c5fc70c6edefd2ad40635f6d9912", "10d7b61a9abd5c49650304f5d0bb19f392e1bbe5f910d100441b8cb6f3ac1877", "ab39df8543a09d8c29eee030bb7dbad74c07c3b0b206a9d35880c4f26cf36452", "04dc096af986a9add7a85214455d58e97a34e4bdf3dee7272c455a401e3680d0", "15012baf2a25fbd426ced94c36175f41337b0e50128a0c5d475572e7e3c20d3b", "22b08643b67050fa5d35661cf4f52640ca54cb51f0284653f1de6ae6d78be228", "064e38cda346c8cfa42db4ef0a2a4c188586e8d4a303e5f97c32b42fb5482d78", "03addbd129b7de3d7d508d1d1b8deba6aee86127f98c4918022c9b43f78b072e", "133900dd382c7a2159a5718a5aabf95c68fd47d77220d663ff2d48bf4d798162", "1f2701d2976175f9ee326c37acd01d1a639d43264002c1fc9bd33e7cf92c8aaf", "2097e8760dc7d3e2a3db2dcd4731a54a49ec71671f16c0d57c0653897bb05e07", "15ccf19e26a40e2da63e6fc533a26fa39230374ec8cc8e0898680e7539d2383f", "2aae4aacd43eb084f256832fc79063d2f32c7b761913b98137fb35dcfe89f39b", "21c3fa1c14e8b604d2aef7f3c9037889e8dcbc8dc3a4b5f70d57da3fe6f474e9", "215203c148bbf1653422a1ad3a81a28e1b0d98cd299325f8698f56e40d9274f8", "0f71d11f24c6d489ee01b40eda3d9278452b0d2ba928feb20fa1c2906270f695", "0a63ab3b6b1943a68da5b5edd037422fe0c7bbe646f2578b8c5affb58f9f6b22", "1f3cc8fb5799308801f2d42a2aef65fd3edb8463d997ff55d62f40bdd7b9ebde", "0f284c56661707f11c7bf248323d1699f0d3c3f747b5a720d9d2f51deae00104"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "nginx-webserver-detected", "hashes": ["0fb3382e2773d2c89b5df7b08f19001bc8ea66783a720118a2f317f45f460cb8", "0964b8355fa66c316052a8b1c301a7bcc71917337ff17aea4098ee0fd14bd3fa", "036b8a21e359548bb8e801e61a2a563e8877c39b5e689a7e679751bcad46d477", "1b07efa7944cb20c5d2864a86922f48bc8548eb1168da8f6ac225afd53816e10", "21e9b45282e01ebabd61e07cf9aa204e46e032a1d1acfb2303b8e0f670567448", "1bc5c6fd70de7b1d23cc5092a2272e38f99deceadf0e28ee03f0035885c8d4ab", "19885be40ef5a7b44b26d32d64bf4efcf9d3c5fc70c6edefd2ad40635f6d9912", "10d7b61a9abd5c49650304f5d0bb19f392e1bbe5f910d100441b8cb6f3ac1877", "ab39df8543a09d8c29eee030bb7dbad74c07c3b0b206a9d35880c4f26cf36452", "04dc096af986a9add7a85214455d58e97a34e4bdf3dee7272c455a401e3680d0", "22b08643b67050fa5d35661cf4f52640ca54cb51f0284653f1de6ae6d78be228", "064e38cda346c8cfa42db4ef0a2a4c188586e8d4a303e5f97c32b42fb5482d78", "133900dd382c7a2159a5718a5aabf95c68fd47d77220d663ff2d48bf4d798162", "00f589b973d9ddf0e3db6d567f77886c0e8a0ad7920f000de3f6cc3948439281", "2097e8760dc7d3e2a3db2dcd4731a54a49ec71671f16c0d57c0653897bb05e07", "15ccf19e26a40e2da63e6fc533a26fa39230374ec8cc8e0898680e7539d2383f", "2aae4aacd43eb084f256832fc79063d2f32c7b761913b98137fb35dcfe89f39b", "21c3fa1c14e8b604d2aef7f3c9037889e8dcbc8dc3a4b5f70d57da3fe6f474e9", "215203c148bbf1653422a1ad3a81a28e1b0d98cd299325f8698f56e40d9274f8", "0a63ab3b6b1943a68da5b5edd037422fe0c7bbe646f2578b8c5affb58f9f6b22", "0f284c56661707f11c7bf248323d1699f0d3c3f747b5a720d9d2f51deae00104"], "mitre_attack_tags": []}, {"bi": "network-snort-protocol", "hashes": ["0fb3382e2773d2c89b5df7b08f19001bc8ea66783a720118a2f317f45f460cb8", "19885be40ef5a7b44b26d32d64bf4efcf9d3c5fc70c6edefd2ad40635f6d9912", "15012baf2a25fbd426ced94c36175f41337b0e50128a0c5d475572e7e3c20d3b", "22b08643b67050fa5d35661cf4f52640ca54cb51f0284653f1de6ae6d78be228", "2aae4aacd43eb084f256832fc79063d2f32c7b761913b98137fb35dcfe89f39b", "21c3fa1c14e8b604d2aef7f3c9037889e8dcbc8dc3a4b5f70d57da3fe6f474e9", "0a63ab3b6b1943a68da5b5edd037422fe0c7bbe646f2578b8c5affb58f9f6b22", "1f3cc8fb5799308801f2d42a2aef65fd3edb8463d997ff55d62f40bdd7b9ebde"], "mitre_attack_tags": []}], "category": "Packed", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": true, "Threat Grid": true, "Umbrella": false, "WSA": false}, "description": "This malware installs and executes cryptocurrency mining software. You can read more about this kind of threat on our blog https://blog.talosintelligence.com/2018/07/blocking-cryptomining.html.", "hashes": ["00f589b973d9ddf0e3db6d567f77886c0e8a0ad7920f000de3f6cc3948439281", "036b8a21e359548bb8e801e61a2a563e8877c39b5e689a7e679751bcad46d477", "03addbd129b7de3d7d508d1d1b8deba6aee86127f98c4918022c9b43f78b072e", "04dc096af986a9add7a85214455d58e97a34e4bdf3dee7272c455a401e3680d0", "064e38cda346c8cfa42db4ef0a2a4c188586e8d4a303e5f97c32b42fb5482d78", "0964b8355fa66c316052a8b1c301a7bcc71917337ff17aea4098ee0fd14bd3fa", "0a63ab3b6b1943a68da5b5edd037422fe0c7bbe646f2578b8c5affb58f9f6b22", "0f284c56661707f11c7bf248323d1699f0d3c3f747b5a720d9d2f51deae00104", "0f71d11f24c6d489ee01b40eda3d9278452b0d2ba928feb20fa1c2906270f695", "0fb3382e2773d2c89b5df7b08f19001bc8ea66783a720118a2f317f45f460cb8", "10d7b61a9abd5c49650304f5d0bb19f392e1bbe5f910d100441b8cb6f3ac1877", "133900dd382c7a2159a5718a5aabf95c68fd47d77220d663ff2d48bf4d798162", "15012baf2a25fbd426ced94c36175f41337b0e50128a0c5d475572e7e3c20d3b", "15ccf19e26a40e2da63e6fc533a26fa39230374ec8cc8e0898680e7539d2383f", "19885be40ef5a7b44b26d32d64bf4efcf9d3c5fc70c6edefd2ad40635f6d9912", "1b07efa7944cb20c5d2864a86922f48bc8548eb1168da8f6ac225afd53816e10", "1bc5c6fd70de7b1d23cc5092a2272e38f99deceadf0e28ee03f0035885c8d4ab", "1f2701d2976175f9ee326c37acd01d1a639d43264002c1fc9bd33e7cf92c8aaf", "1f3cc8fb5799308801f2d42a2aef65fd3edb8463d997ff55d62f40bdd7b9ebde", "2097e8760dc7d3e2a3db2dcd4731a54a49ec71671f16c0d57c0653897bb05e07", "215203c148bbf1653422a1ad3a81a28e1b0d98cd299325f8698f56e40d9274f8", "21c3fa1c14e8b604d2aef7f3c9037889e8dcbc8dc3a4b5f70d57da3fe6f474e9", "21e9b45282e01ebabd61e07cf9aa204e46e032a1d1acfb2303b8e0f670567448", "22b08643b67050fa5d35661cf4f52640ca54cb51f0284653f1de6ae6d78be228", "2aae4aacd43eb084f256832fc79063d2f32c7b761913b98137fb35dcfe89f39b", "2d9d3d41de57c11e30964f1ebd9204ce363c42c6dbed4f53105988e32a13980f", "2f809506c3acae4ce656128890a95bc09b1ce4086aef1a35c418a4ef09096d5a", "306fecc82df47f93b483ae53d4d142ed33943f09990a07f9d4244aaf62a32f52", "314b58b1114b2947a8b550e30e7b486d1606754bbfcfea5a3a6c9be803102e6a", "31791784cc2fd94627ccb8cf7ae28b971c518196527643ee3a5e5f151b114086", "31ce2ead0440bdae8bc0883b78f7ffa47a96c08ba131f1383013faf3d838f753", "32f59ab0148a6e2bb0538b965acb8230ac5e4a5d899150d52acb6f300e479f1e", "3413237c433621d0790ff4fd0d503fdd12caffcb27f255855a12c1b831e35c07", "34fac9aacca63d2e4a05db6beb988efc6999081de4d318dc67cbaf56c5b287a0", "389e62591188ba9c3e1d1a20328ec1b1c3a0cca6bceb8c20b3593cd2ef86c935", "3b7e3f7aec3656b3d836f5daa36ae96314c49aa389dc18d14ceb97a60b5d2ceb", "3d1417524f6a7d5e54f72981ecab39a525c9228f66850d4b3717ecd1ad447999", "3e0643f48f2eb2dd486bc153ae2d4652ff02405d4a6d5fc47eb86ebfeb5058a9", "3e47ddfd350c4dc765325d12013bd54a28b9b86db419b0c23b31e40790145f13", "3e88c30267bb07c4dcc6fb285d4466c309b5be672ee1328a9332d25e488face1", "3f15519a5ebe637b6f05a7817016d8dad3ba93b999e30b93a5729cc9db816857", "4515410801c524434d7495d05d4c5421330f983de1dce0358fc4f73166286944", "4e0582331143d7d4ad33fe3d4155eb3a6079d1f8c30437416e5af90a86ad4474", "4e2e1f2eaebd3c91b81a633534eff7a407cebb150bab28261eaecbdd4e255ec8", "50f63d8ba5b27e2039b851ec1f61b85d1a46c833f9c15faaeb82f20940b2548b", "5168e138b73f3345acb3f45c452acf02b1986411a0f9d3e5d4898c5b085dcc93", "52b9d32161b98dda9133e1b8764609c50b74842317e91710b1e8387737318d62", "54375e3e1309d44a4d8efe36d8a7ab3569f71f99ea696e8eba83575f9362e636", "5c1ba3ceb164e6f09265216ed71ce8b5c1d71c20e0cf34f34559ed9423927a90", "5eac9e9830b7aa39c98e992f07e3fbc0bb897442530d1b05b0209d78876e210c", "617f2577ccc4be84e7505a1ba68b351d462b28fd3608de0bc4386e67bf164c11", "63d0a1c20b7c650807e3705d5154c8c82a53581e4720eb2df504aeff3dc2bed4", "64d28966120e3238981bf8a7ab19e90ee6b2d63c3c5dd43278f2cf458cf9a9be", "683b8608cf99ef0c9cffb9687799706bec32db42d54e3541997a9a7bbfaefefe", "6e80b6fed55fc93a754cb1785210973f02e945d81d24d36503cbbf7beb94424b", "747846d23db1de05ff211d32304396f6b60dabfe2822661d5e05e21781505c86", "75b696bf557c9c923c95ca64a7a324081d63bdaef484538a769452ff89b57afa", "75d22f7778249bce870d5b2e09ec83d8a81da93fc8832bcc269583e787675411", "79d3a43829834b65a473e9ec106a81f8a7e1a9f1b2433b1006e2bfea638e40b6", "7b1746574f60b8235bb880d27cf123b7305399b00ee47ffcc3c3b52accd050b1", "7c7f91205fa6e317a3e2c0358279241f9e287d5265db4bfbd8980f5bf2defd56", "7e6467b1ddac5f3ab0d2013aeed957d82b2693b35559fbed49a15f8d9c36283a", "7f1b7171b3c5d6ab60e36738b39d64c38d1a200b78002262b328a273fe1d0ce0", "8215669c8d802ee25d07847e03c0907d86f303cdf5fbff966dc76cc896816bb5", "826728e0de4b5dffc8dd58ed3f86aa89220e899c39ddcb9fe56b848da3639281", "82c10d51b1fab514a6f9f5681966e6f0e938d9e384232b79259024aaea908795", "85da0517dfeb036577049f4e75cc153f909e1e404797232c2f53a01c0ebbbe2c", "85f622fe52f4bee1d31ffe1d2e9967b280a57725b96b684b7c14f99e05480f76", "8a73e40f678bdf3f4f84b01933e6d4c5a0a60f511f40c4d8f8c2d5b23950b30b", "8b5be725fc3996a0e4d1dbb016e701f0dd2aa2c895eddc66c9f6ef6832863a5b", "8b974a1611d625ff9e146610eab856ce28cc17e80c7dce495ea582e8ebe51176", "94c0cf4a5c82e4a477bc23dd41da142dd7a0946d6c0700ef09cf3afc194729ae", "981663d85ddfb34a9c387dcaddb8cc1320154a865cc9ea09bdfba7e57d829ab2", "9a7da328c944a2430977dd3743509a2f3a48207b6b91cfe7c8dd431a9b68f060", "9d16e428d99f416bc1f5d0cdb53fd7614a424fc991c786702a8423dc359d9ffb", "9dc01b8a2d555cb5343854a34c23a7091ab21f08b5e32025c0f4f8ce4a331538", "a03daaf5dbda2dfb9d74706a48701e6b178bf278a0bb08e9b9cbde2d813b8ede", "a7747343291c8a2735df321194d42134f4dd5bea6a1c4addefa3909c4d20b7e4", "a9d31c421d8ae6fa91325cb03300de5d8459371672ea0bfc7f6593638d4d8a85", "ab39df8543a09d8c29eee030bb7dbad74c07c3b0b206a9d35880c4f26cf36452", "add7347da1fe4945829ed5900a5f4629ff4fd261a80bd66106edd20b8a5a4f0b", "ae9f21e994994c7d538df1032eb81cba7c3cbff6a76e8c15d91c8fe6f78dfa28", "b293c4b00fb9d5c382779229c7c6be0b424cfdcc927ddf8c5a19ec19f95a9904", "b37dc519c37b4e0328abc9dbfce7747c1c6d14775c1bb4821fb1659df6cee3e1", "b384bcfbb58ff02f4e1715f60662d0c4c0d1a1258417561d0e85ff9e1c0c0643", "b5b69be02e7f2ff7c3598c05ea4c8eac6126e1931c25ab15c2f5702fc1f13f2d", "b74f284f6e3b859d236b0282ea222c9f3a5fd08ad66d8710f4683acb810fa4db", "bc2886c57cefda870332e0db0cde0aa43ae6c992dc79ee645096b3466857fe26", "bd78620aa23ad357403fd8c492585b380f7786d164e6aa8cda82b0871b613f72", "bd953ea93466f310aff0f4a33736ecea1258f8b844626cc7c7236eb609c0e9ce", "bfe1f3b33a6c95a106fd65a5f99ebd929c52813c0efce904a91993e9d8e4e21d", "c4c8d5755e48b1a46b49a0f3a46721dd21dd8f829ad2770ac2a8fbc17f7f52eb", "c64649900cf3272cf0ff35d22478d6a98503f7f8787225f7eff9ca3406e80294", "c9a8e9c4e53b6fc472ed3a21752c24774e8d24b62ff22b21f6aff7be842c7bcb", "ca44a74a3b6eda2f782e0b371c120ed490b18535effbeef936ec82154ddcf7dd", "cd9fa481fefe308e84c61cdd2335806e4151803a1650679aff7d839b2a1e109e", "d1b947de48b2853f61fdb56c0f5fda51bf332d1f113a46d86918969587cde0e4", "d4e1e183fd0c81ebed6ae6e4cc465a8ae2b5a78f4a0739e2a689fb96a0f6c6e9", "d8a84d7746ac51acf88da514590115ec9abed06f8b70d58e64784a23b1245b6e", "dafb094595eda0199172e6e6f1ad61174732168835c4b563227a242595c3b755", "dba7fa4ca5932c807373f547e267a41d24700d38d20c53cf0f76619092580cb5", "dd2bc465a16fdc5ebd4536ea113cb27a36ba9c1772377770e1852361290d02ad", "ddab9ac61a01c1010edbdbacd31db2d5ff01c733fba0c3bb58aef55518c615a7", "e7e150833d2613061a2cbf863c8564320c865f43aec3928ffd76d803e33880da", "ebb27f7f89ba84d27766ed787387751a3a2f8c811f1886e60912347bf088303d", "ec0ae1e2110a65e412ef58a3051bc125b00cf2ae7959e3f02a120224d290d245", "ed43d8c55dda0af7a1b4e2cbb419a67a6217251d7dca90734640304f3a777c62", "ef46d799987df1badd644b4c9b89ee2303419b39c0ee69aeda439da98ae038bd", "f0c83a9e677cb36f9405650d1418e5bff02d660d9dbeea2f4211e8bcb7b57085", "f3d43e1d8f959cbe3daaf3ce6cc0e3cbb179b958a8ef9f7e15398fb203f68072", "f3d5427a8c5bf6e7ab2d949c5472c250b8de536767aba242cdc04f53fdb4ab5b", "f6614fd4d8b2972d1a70ebb41f7113fabb1b9299856fc89ba80aea0e2cfe90db", "f9e6bf2efb425529bd238002482811b92ceefd4aa2d6e1f0e44c2f6c512b7aed", "fba733e180d53cf66eae8e6606f6522a099ae50f8498d5bb075165c211dc2b3e", "fcc11446078fada93ccbdb75ac7d46ac196668afaae6fc9f6ee8d6e6fb19b8aa", "fe62acdc58e4d8fad8b0d33ab7dafb11c10b90ba878a2573ea9e6008337a591e"], "iocs": {"domain": [{"hashes": ["00f589b973d9ddf0e3db6d567f77886c0e8a0ad7920f000de3f6cc3948439281", "036b8a21e359548bb8e801e61a2a563e8877c39b5e689a7e679751bcad46d477", "03addbd129b7de3d7d508d1d1b8deba6aee86127f98c4918022c9b43f78b072e", "04dc096af986a9add7a85214455d58e97a34e4bdf3dee7272c455a401e3680d0", "064e38cda346c8cfa42db4ef0a2a4c188586e8d4a303e5f97c32b42fb5482d78", "0964b8355fa66c316052a8b1c301a7bcc71917337ff17aea4098ee0fd14bd3fa", "0a63ab3b6b1943a68da5b5edd037422fe0c7bbe646f2578b8c5affb58f9f6b22", "0f284c56661707f11c7bf248323d1699f0d3c3f747b5a720d9d2f51deae00104", "0f71d11f24c6d489ee01b40eda3d9278452b0d2ba928feb20fa1c2906270f695", "0fb3382e2773d2c89b5df7b08f19001bc8ea66783a720118a2f317f45f460cb8", "10d7b61a9abd5c49650304f5d0bb19f392e1bbe5f910d100441b8cb6f3ac1877", "133900dd382c7a2159a5718a5aabf95c68fd47d77220d663ff2d48bf4d798162", "15012baf2a25fbd426ced94c36175f41337b0e50128a0c5d475572e7e3c20d3b", "15ccf19e26a40e2da63e6fc533a26fa39230374ec8cc8e0898680e7539d2383f", "19885be40ef5a7b44b26d32d64bf4efcf9d3c5fc70c6edefd2ad40635f6d9912", "1b07efa7944cb20c5d2864a86922f48bc8548eb1168da8f6ac225afd53816e10", "1bc5c6fd70de7b1d23cc5092a2272e38f99deceadf0e28ee03f0035885c8d4ab", "1f2701d2976175f9ee326c37acd01d1a639d43264002c1fc9bd33e7cf92c8aaf", "1f3cc8fb5799308801f2d42a2aef65fd3edb8463d997ff55d62f40bdd7b9ebde", "2097e8760dc7d3e2a3db2dcd4731a54a49ec71671f16c0d57c0653897bb05e07", "215203c148bbf1653422a1ad3a81a28e1b0d98cd299325f8698f56e40d9274f8", "21c3fa1c14e8b604d2aef7f3c9037889e8dcbc8dc3a4b5f70d57da3fe6f474e9", "21e9b45282e01ebabd61e07cf9aa204e46e032a1d1acfb2303b8e0f670567448", "22b08643b67050fa5d35661cf4f52640ca54cb51f0284653f1de6ae6d78be228", "2aae4aacd43eb084f256832fc79063d2f32c7b761913b98137fb35dcfe89f39b", "ab39df8543a09d8c29eee030bb7dbad74c07c3b0b206a9d35880c4f26cf36452"], "host": "icanhazip[.]com"}, {"hashes": ["00f589b973d9ddf0e3db6d567f77886c0e8a0ad7920f000de3f6cc3948439281", "036b8a21e359548bb8e801e61a2a563e8877c39b5e689a7e679751bcad46d477", "03addbd129b7de3d7d508d1d1b8deba6aee86127f98c4918022c9b43f78b072e", "04dc096af986a9add7a85214455d58e97a34e4bdf3dee7272c455a401e3680d0", "064e38cda346c8cfa42db4ef0a2a4c188586e8d4a303e5f97c32b42fb5482d78", "0964b8355fa66c316052a8b1c301a7bcc71917337ff17aea4098ee0fd14bd3fa", "0a63ab3b6b1943a68da5b5edd037422fe0c7bbe646f2578b8c5affb58f9f6b22", "0f284c56661707f11c7bf248323d1699f0d3c3f747b5a720d9d2f51deae00104", "0f71d11f24c6d489ee01b40eda3d9278452b0d2ba928feb20fa1c2906270f695", "0fb3382e2773d2c89b5df7b08f19001bc8ea66783a720118a2f317f45f460cb8", "10d7b61a9abd5c49650304f5d0bb19f392e1bbe5f910d100441b8cb6f3ac1877", "133900dd382c7a2159a5718a5aabf95c68fd47d77220d663ff2d48bf4d798162", "15012baf2a25fbd426ced94c36175f41337b0e50128a0c5d475572e7e3c20d3b", "15ccf19e26a40e2da63e6fc533a26fa39230374ec8cc8e0898680e7539d2383f", "19885be40ef5a7b44b26d32d64bf4efcf9d3c5fc70c6edefd2ad40635f6d9912", "1b07efa7944cb20c5d2864a86922f48bc8548eb1168da8f6ac225afd53816e10", "1bc5c6fd70de7b1d23cc5092a2272e38f99deceadf0e28ee03f0035885c8d4ab", "1f2701d2976175f9ee326c37acd01d1a639d43264002c1fc9bd33e7cf92c8aaf", "1f3cc8fb5799308801f2d42a2aef65fd3edb8463d997ff55d62f40bdd7b9ebde", "2097e8760dc7d3e2a3db2dcd4731a54a49ec71671f16c0d57c0653897bb05e07", "215203c148bbf1653422a1ad3a81a28e1b0d98cd299325f8698f56e40d9274f8", "21c3fa1c14e8b604d2aef7f3c9037889e8dcbc8dc3a4b5f70d57da3fe6f474e9", "21e9b45282e01ebabd61e07cf9aa204e46e032a1d1acfb2303b8e0f670567448", "22b08643b67050fa5d35661cf4f52640ca54cb51f0284653f1de6ae6d78be228", "2aae4aacd43eb084f256832fc79063d2f32c7b761913b98137fb35dcfe89f39b", "ab39df8543a09d8c29eee030bb7dbad74c07c3b0b206a9d35880c4f26cf36452"], "host": "thesellminingpanelka[.]space"}, {"hashes": ["00f589b973d9ddf0e3db6d567f77886c0e8a0ad7920f000de3f6cc3948439281", "036b8a21e359548bb8e801e61a2a563e8877c39b5e689a7e679751bcad46d477", "03addbd129b7de3d7d508d1d1b8deba6aee86127f98c4918022c9b43f78b072e", "04dc096af986a9add7a85214455d58e97a34e4bdf3dee7272c455a401e3680d0", "064e38cda346c8cfa42db4ef0a2a4c188586e8d4a303e5f97c32b42fb5482d78", "0964b8355fa66c316052a8b1c301a7bcc71917337ff17aea4098ee0fd14bd3fa", "0f284c56661707f11c7bf248323d1699f0d3c3f747b5a720d9d2f51deae00104", "0f71d11f24c6d489ee01b40eda3d9278452b0d2ba928feb20fa1c2906270f695", "0fb3382e2773d2c89b5df7b08f19001bc8ea66783a720118a2f317f45f460cb8", "10d7b61a9abd5c49650304f5d0bb19f392e1bbe5f910d100441b8cb6f3ac1877", "15012baf2a25fbd426ced94c36175f41337b0e50128a0c5d475572e7e3c20d3b", "15ccf19e26a40e2da63e6fc533a26fa39230374ec8cc8e0898680e7539d2383f", "1bc5c6fd70de7b1d23cc5092a2272e38f99deceadf0e28ee03f0035885c8d4ab", "1f2701d2976175f9ee326c37acd01d1a639d43264002c1fc9bd33e7cf92c8aaf", "1f3cc8fb5799308801f2d42a2aef65fd3edb8463d997ff55d62f40bdd7b9ebde", "2097e8760dc7d3e2a3db2dcd4731a54a49ec71671f16c0d57c0653897bb05e07", "215203c148bbf1653422a1ad3a81a28e1b0d98cd299325f8698f56e40d9274f8", "21c3fa1c14e8b604d2aef7f3c9037889e8dcbc8dc3a4b5f70d57da3fe6f474e9", "21e9b45282e01ebabd61e07cf9aa204e46e032a1d1acfb2303b8e0f670567448", "22b08643b67050fa5d35661cf4f52640ca54cb51f0284653f1de6ae6d78be228", "2aae4aacd43eb084f256832fc79063d2f32c7b761913b98137fb35dcfe89f39b"], "host": "api[.]ipify[.]org"}], "file": [{"hashes": ["00f589b973d9ddf0e3db6d567f77886c0e8a0ad7920f000de3f6cc3948439281", "036b8a21e359548bb8e801e61a2a563e8877c39b5e689a7e679751bcad46d477", "03addbd129b7de3d7d508d1d1b8deba6aee86127f98c4918022c9b43f78b072e", "04dc096af986a9add7a85214455d58e97a34e4bdf3dee7272c455a401e3680d0", "064e38cda346c8cfa42db4ef0a2a4c188586e8d4a303e5f97c32b42fb5482d78", "0964b8355fa66c316052a8b1c301a7bcc71917337ff17aea4098ee0fd14bd3fa", "0a63ab3b6b1943a68da5b5edd037422fe0c7bbe646f2578b8c5affb58f9f6b22", "0f284c56661707f11c7bf248323d1699f0d3c3f747b5a720d9d2f51deae00104", "0f71d11f24c6d489ee01b40eda3d9278452b0d2ba928feb20fa1c2906270f695", "0fb3382e2773d2c89b5df7b08f19001bc8ea66783a720118a2f317f45f460cb8", "10d7b61a9abd5c49650304f5d0bb19f392e1bbe5f910d100441b8cb6f3ac1877", "133900dd382c7a2159a5718a5aabf95c68fd47d77220d663ff2d48bf4d798162", "15012baf2a25fbd426ced94c36175f41337b0e50128a0c5d475572e7e3c20d3b", "15ccf19e26a40e2da63e6fc533a26fa39230374ec8cc8e0898680e7539d2383f", "19885be40ef5a7b44b26d32d64bf4efcf9d3c5fc70c6edefd2ad40635f6d9912", "1b07efa7944cb20c5d2864a86922f48bc8548eb1168da8f6ac225afd53816e10", "1bc5c6fd70de7b1d23cc5092a2272e38f99deceadf0e28ee03f0035885c8d4ab", "1f2701d2976175f9ee326c37acd01d1a639d43264002c1fc9bd33e7cf92c8aaf", "1f3cc8fb5799308801f2d42a2aef65fd3edb8463d997ff55d62f40bdd7b9ebde", "2097e8760dc7d3e2a3db2dcd4731a54a49ec71671f16c0d57c0653897bb05e07", "215203c148bbf1653422a1ad3a81a28e1b0d98cd299325f8698f56e40d9274f8", "21c3fa1c14e8b604d2aef7f3c9037889e8dcbc8dc3a4b5f70d57da3fe6f474e9", "21e9b45282e01ebabd61e07cf9aa204e46e032a1d1acfb2303b8e0f670567448", "22b08643b67050fa5d35661cf4f52640ca54cb51f0284653f1de6ae6d78be228", "2aae4aacd43eb084f256832fc79063d2f32c7b761913b98137fb35dcfe89f39b", "ab39df8543a09d8c29eee030bb7dbad74c07c3b0b206a9d35880c4f26cf36452"], "path": "%APPDATA%\\WinHost"}, {"hashes": ["00f589b973d9ddf0e3db6d567f77886c0e8a0ad7920f000de3f6cc3948439281", "036b8a21e359548bb8e801e61a2a563e8877c39b5e689a7e679751bcad46d477", "03addbd129b7de3d7d508d1d1b8deba6aee86127f98c4918022c9b43f78b072e", "04dc096af986a9add7a85214455d58e97a34e4bdf3dee7272c455a401e3680d0", "064e38cda346c8cfa42db4ef0a2a4c188586e8d4a303e5f97c32b42fb5482d78", "0964b8355fa66c316052a8b1c301a7bcc71917337ff17aea4098ee0fd14bd3fa", "0a63ab3b6b1943a68da5b5edd037422fe0c7bbe646f2578b8c5affb58f9f6b22", "0f284c56661707f11c7bf248323d1699f0d3c3f747b5a720d9d2f51deae00104", "0f71d11f24c6d489ee01b40eda3d9278452b0d2ba928feb20fa1c2906270f695", "0fb3382e2773d2c89b5df7b08f19001bc8ea66783a720118a2f317f45f460cb8", "10d7b61a9abd5c49650304f5d0bb19f392e1bbe5f910d100441b8cb6f3ac1877", "133900dd382c7a2159a5718a5aabf95c68fd47d77220d663ff2d48bf4d798162", "15012baf2a25fbd426ced94c36175f41337b0e50128a0c5d475572e7e3c20d3b", "15ccf19e26a40e2da63e6fc533a26fa39230374ec8cc8e0898680e7539d2383f", "19885be40ef5a7b44b26d32d64bf4efcf9d3c5fc70c6edefd2ad40635f6d9912", "1b07efa7944cb20c5d2864a86922f48bc8548eb1168da8f6ac225afd53816e10", "1bc5c6fd70de7b1d23cc5092a2272e38f99deceadf0e28ee03f0035885c8d4ab", "1f2701d2976175f9ee326c37acd01d1a639d43264002c1fc9bd33e7cf92c8aaf", "1f3cc8fb5799308801f2d42a2aef65fd3edb8463d997ff55d62f40bdd7b9ebde", "2097e8760dc7d3e2a3db2dcd4731a54a49ec71671f16c0d57c0653897bb05e07", "215203c148bbf1653422a1ad3a81a28e1b0d98cd299325f8698f56e40d9274f8", "21c3fa1c14e8b604d2aef7f3c9037889e8dcbc8dc3a4b5f70d57da3fe6f474e9", "21e9b45282e01ebabd61e07cf9aa204e46e032a1d1acfb2303b8e0f670567448", "22b08643b67050fa5d35661cf4f52640ca54cb51f0284653f1de6ae6d78be228", "2aae4aacd43eb084f256832fc79063d2f32c7b761913b98137fb35dcfe89f39b", "ab39df8543a09d8c29eee030bb7dbad74c07c3b0b206a9d35880c4f26cf36452"], "path": "%APPDATA%\\WinHost\\.msdat"}, {"hashes": ["00f589b973d9ddf0e3db6d567f77886c0e8a0ad7920f000de3f6cc3948439281", "036b8a21e359548bb8e801e61a2a563e8877c39b5e689a7e679751bcad46d477", "03addbd129b7de3d7d508d1d1b8deba6aee86127f98c4918022c9b43f78b072e", "04dc096af986a9add7a85214455d58e97a34e4bdf3dee7272c455a401e3680d0", "064e38cda346c8cfa42db4ef0a2a4c188586e8d4a303e5f97c32b42fb5482d78", "0964b8355fa66c316052a8b1c301a7bcc71917337ff17aea4098ee0fd14bd3fa", "0a63ab3b6b1943a68da5b5edd037422fe0c7bbe646f2578b8c5affb58f9f6b22", "0f284c56661707f11c7bf248323d1699f0d3c3f747b5a720d9d2f51deae00104", "0f71d11f24c6d489ee01b40eda3d9278452b0d2ba928feb20fa1c2906270f695", "0fb3382e2773d2c89b5df7b08f19001bc8ea66783a720118a2f317f45f460cb8", "10d7b61a9abd5c49650304f5d0bb19f392e1bbe5f910d100441b8cb6f3ac1877", "133900dd382c7a2159a5718a5aabf95c68fd47d77220d663ff2d48bf4d798162", "15012baf2a25fbd426ced94c36175f41337b0e50128a0c5d475572e7e3c20d3b", "15ccf19e26a40e2da63e6fc533a26fa39230374ec8cc8e0898680e7539d2383f", "19885be40ef5a7b44b26d32d64bf4efcf9d3c5fc70c6edefd2ad40635f6d9912", "1b07efa7944cb20c5d2864a86922f48bc8548eb1168da8f6ac225afd53816e10", "1bc5c6fd70de7b1d23cc5092a2272e38f99deceadf0e28ee03f0035885c8d4ab", "1f2701d2976175f9ee326c37acd01d1a639d43264002c1fc9bd33e7cf92c8aaf", "1f3cc8fb5799308801f2d42a2aef65fd3edb8463d997ff55d62f40bdd7b9ebde", "2097e8760dc7d3e2a3db2dcd4731a54a49ec71671f16c0d57c0653897bb05e07", "215203c148bbf1653422a1ad3a81a28e1b0d98cd299325f8698f56e40d9274f8", "21c3fa1c14e8b604d2aef7f3c9037889e8dcbc8dc3a4b5f70d57da3fe6f474e9", "21e9b45282e01ebabd61e07cf9aa204e46e032a1d1acfb2303b8e0f670567448", "22b08643b67050fa5d35661cf4f52640ca54cb51f0284653f1de6ae6d78be228", "2aae4aacd43eb084f256832fc79063d2f32c7b761913b98137fb35dcfe89f39b", "ab39df8543a09d8c29eee030bb7dbad74c07c3b0b206a9d35880c4f26cf36452"], "path": "%APPDATA%\\WinHost\\kernel.exe"}, {"hashes": ["00f589b973d9ddf0e3db6d567f77886c0e8a0ad7920f000de3f6cc3948439281", "036b8a21e359548bb8e801e61a2a563e8877c39b5e689a7e679751bcad46d477", "03addbd129b7de3d7d508d1d1b8deba6aee86127f98c4918022c9b43f78b072e", "04dc096af986a9add7a85214455d58e97a34e4bdf3dee7272c455a401e3680d0", "064e38cda346c8cfa42db4ef0a2a4c188586e8d4a303e5f97c32b42fb5482d78", "0964b8355fa66c316052a8b1c301a7bcc71917337ff17aea4098ee0fd14bd3fa", "0a63ab3b6b1943a68da5b5edd037422fe0c7bbe646f2578b8c5affb58f9f6b22", "0f284c56661707f11c7bf248323d1699f0d3c3f747b5a720d9d2f51deae00104", "0f71d11f24c6d489ee01b40eda3d9278452b0d2ba928feb20fa1c2906270f695", "0fb3382e2773d2c89b5df7b08f19001bc8ea66783a720118a2f317f45f460cb8", "10d7b61a9abd5c49650304f5d0bb19f392e1bbe5f910d100441b8cb6f3ac1877", "133900dd382c7a2159a5718a5aabf95c68fd47d77220d663ff2d48bf4d798162", "15012baf2a25fbd426ced94c36175f41337b0e50128a0c5d475572e7e3c20d3b", "15ccf19e26a40e2da63e6fc533a26fa39230374ec8cc8e0898680e7539d2383f", "19885be40ef5a7b44b26d32d64bf4efcf9d3c5fc70c6edefd2ad40635f6d9912", "1b07efa7944cb20c5d2864a86922f48bc8548eb1168da8f6ac225afd53816e10", "1bc5c6fd70de7b1d23cc5092a2272e38f99deceadf0e28ee03f0035885c8d4ab", "1f2701d2976175f9ee326c37acd01d1a639d43264002c1fc9bd33e7cf92c8aaf", "1f3cc8fb5799308801f2d42a2aef65fd3edb8463d997ff55d62f40bdd7b9ebde", "2097e8760dc7d3e2a3db2dcd4731a54a49ec71671f16c0d57c0653897bb05e07", "215203c148bbf1653422a1ad3a81a28e1b0d98cd299325f8698f56e40d9274f8", "21c3fa1c14e8b604d2aef7f3c9037889e8dcbc8dc3a4b5f70d57da3fe6f474e9", "21e9b45282e01ebabd61e07cf9aa204e46e032a1d1acfb2303b8e0f670567448", "22b08643b67050fa5d35661cf4f52640ca54cb51f0284653f1de6ae6d78be228", "2aae4aacd43eb084f256832fc79063d2f32c7b761913b98137fb35dcfe89f39b", "ab39df8543a09d8c29eee030bb7dbad74c07c3b0b206a9d35880c4f26cf36452"], "path": "%APPDATA%\\WinHost\\syswow.exe"}, {"hashes": ["00f589b973d9ddf0e3db6d567f77886c0e8a0ad7920f000de3f6cc3948439281", "036b8a21e359548bb8e801e61a2a563e8877c39b5e689a7e679751bcad46d477", "03addbd129b7de3d7d508d1d1b8deba6aee86127f98c4918022c9b43f78b072e", "04dc096af986a9add7a85214455d58e97a34e4bdf3dee7272c455a401e3680d0", "064e38cda346c8cfa42db4ef0a2a4c188586e8d4a303e5f97c32b42fb5482d78", "0964b8355fa66c316052a8b1c301a7bcc71917337ff17aea4098ee0fd14bd3fa", "0a63ab3b6b1943a68da5b5edd037422fe0c7bbe646f2578b8c5affb58f9f6b22", "0f284c56661707f11c7bf248323d1699f0d3c3f747b5a720d9d2f51deae00104", "0f71d11f24c6d489ee01b40eda3d9278452b0d2ba928feb20fa1c2906270f695", "0fb3382e2773d2c89b5df7b08f19001bc8ea66783a720118a2f317f45f460cb8", "10d7b61a9abd5c49650304f5d0bb19f392e1bbe5f910d100441b8cb6f3ac1877", "133900dd382c7a2159a5718a5aabf95c68fd47d77220d663ff2d48bf4d798162", "15012baf2a25fbd426ced94c36175f41337b0e50128a0c5d475572e7e3c20d3b", "15ccf19e26a40e2da63e6fc533a26fa39230374ec8cc8e0898680e7539d2383f", "19885be40ef5a7b44b26d32d64bf4efcf9d3c5fc70c6edefd2ad40635f6d9912", "1b07efa7944cb20c5d2864a86922f48bc8548eb1168da8f6ac225afd53816e10", "1bc5c6fd70de7b1d23cc5092a2272e38f99deceadf0e28ee03f0035885c8d4ab", "1f2701d2976175f9ee326c37acd01d1a639d43264002c1fc9bd33e7cf92c8aaf", "1f3cc8fb5799308801f2d42a2aef65fd3edb8463d997ff55d62f40bdd7b9ebde", "2097e8760dc7d3e2a3db2dcd4731a54a49ec71671f16c0d57c0653897bb05e07", "215203c148bbf1653422a1ad3a81a28e1b0d98cd299325f8698f56e40d9274f8", "21c3fa1c14e8b604d2aef7f3c9037889e8dcbc8dc3a4b5f70d57da3fe6f474e9", "21e9b45282e01ebabd61e07cf9aa204e46e032a1d1acfb2303b8e0f670567448", "22b08643b67050fa5d35661cf4f52640ca54cb51f0284653f1de6ae6d78be228", "2aae4aacd43eb084f256832fc79063d2f32c7b761913b98137fb35dcfe89f39b", "ab39df8543a09d8c29eee030bb7dbad74c07c3b0b206a9d35880c4f26cf36452"], "path": "%System32%\\Tasks\\UpdateWindows"}], "ip": [{"hashes": ["00f589b973d9ddf0e3db6d567f77886c0e8a0ad7920f000de3f6cc3948439281", "036b8a21e359548bb8e801e61a2a563e8877c39b5e689a7e679751bcad46d477", "03addbd129b7de3d7d508d1d1b8deba6aee86127f98c4918022c9b43f78b072e", "04dc096af986a9add7a85214455d58e97a34e4bdf3dee7272c455a401e3680d0", "064e38cda346c8cfa42db4ef0a2a4c188586e8d4a303e5f97c32b42fb5482d78", "0964b8355fa66c316052a8b1c301a7bcc71917337ff17aea4098ee0fd14bd3fa", "0a63ab3b6b1943a68da5b5edd037422fe0c7bbe646f2578b8c5affb58f9f6b22", "0f284c56661707f11c7bf248323d1699f0d3c3f747b5a720d9d2f51deae00104", "0f71d11f24c6d489ee01b40eda3d9278452b0d2ba928feb20fa1c2906270f695", "0fb3382e2773d2c89b5df7b08f19001bc8ea66783a720118a2f317f45f460cb8", "10d7b61a9abd5c49650304f5d0bb19f392e1bbe5f910d100441b8cb6f3ac1877", "133900dd382c7a2159a5718a5aabf95c68fd47d77220d663ff2d48bf4d798162", "15012baf2a25fbd426ced94c36175f41337b0e50128a0c5d475572e7e3c20d3b", "15ccf19e26a40e2da63e6fc533a26fa39230374ec8cc8e0898680e7539d2383f", "19885be40ef5a7b44b26d32d64bf4efcf9d3c5fc70c6edefd2ad40635f6d9912", "1b07efa7944cb20c5d2864a86922f48bc8548eb1168da8f6ac225afd53816e10", "1bc5c6fd70de7b1d23cc5092a2272e38f99deceadf0e28ee03f0035885c8d4ab", "1f2701d2976175f9ee326c37acd01d1a639d43264002c1fc9bd33e7cf92c8aaf", "1f3cc8fb5799308801f2d42a2aef65fd3edb8463d997ff55d62f40bdd7b9ebde", "2097e8760dc7d3e2a3db2dcd4731a54a49ec71671f16c0d57c0653897bb05e07", "215203c148bbf1653422a1ad3a81a28e1b0d98cd299325f8698f56e40d9274f8", "21c3fa1c14e8b604d2aef7f3c9037889e8dcbc8dc3a4b5f70d57da3fe6f474e9", "21e9b45282e01ebabd61e07cf9aa204e46e032a1d1acfb2303b8e0f670567448", "22b08643b67050fa5d35661cf4f52640ca54cb51f0284653f1de6ae6d78be228", "2aae4aacd43eb084f256832fc79063d2f32c7b761913b98137fb35dcfe89f39b", "ab39df8543a09d8c29eee030bb7dbad74c07c3b0b206a9d35880c4f26cf36452"], "ip": "136[.]144[.]56[.]255"}, {"hashes": ["00f589b973d9ddf0e3db6d567f77886c0e8a0ad7920f000de3f6cc3948439281", "036b8a21e359548bb8e801e61a2a563e8877c39b5e689a7e679751bcad46d477", "03addbd129b7de3d7d508d1d1b8deba6aee86127f98c4918022c9b43f78b072e", "04dc096af986a9add7a85214455d58e97a34e4bdf3dee7272c455a401e3680d0", "064e38cda346c8cfa42db4ef0a2a4c188586e8d4a303e5f97c32b42fb5482d78", "0964b8355fa66c316052a8b1c301a7bcc71917337ff17aea4098ee0fd14bd3fa", "0a63ab3b6b1943a68da5b5edd037422fe0c7bbe646f2578b8c5affb58f9f6b22", "0f284c56661707f11c7bf248323d1699f0d3c3f747b5a720d9d2f51deae00104", "0f71d11f24c6d489ee01b40eda3d9278452b0d2ba928feb20fa1c2906270f695", "0fb3382e2773d2c89b5df7b08f19001bc8ea66783a720118a2f317f45f460cb8", "10d7b61a9abd5c49650304f5d0bb19f392e1bbe5f910d100441b8cb6f3ac1877", "133900dd382c7a2159a5718a5aabf95c68fd47d77220d663ff2d48bf4d798162", "15012baf2a25fbd426ced94c36175f41337b0e50128a0c5d475572e7e3c20d3b", "15ccf19e26a40e2da63e6fc533a26fa39230374ec8cc8e0898680e7539d2383f", "19885be40ef5a7b44b26d32d64bf4efcf9d3c5fc70c6edefd2ad40635f6d9912", "1b07efa7944cb20c5d2864a86922f48bc8548eb1168da8f6ac225afd53816e10", "1bc5c6fd70de7b1d23cc5092a2272e38f99deceadf0e28ee03f0035885c8d4ab", "1f2701d2976175f9ee326c37acd01d1a639d43264002c1fc9bd33e7cf92c8aaf", "1f3cc8fb5799308801f2d42a2aef65fd3edb8463d997ff55d62f40bdd7b9ebde", "2097e8760dc7d3e2a3db2dcd4731a54a49ec71671f16c0d57c0653897bb05e07", "215203c148bbf1653422a1ad3a81a28e1b0d98cd299325f8698f56e40d9274f8", "21c3fa1c14e8b604d2aef7f3c9037889e8dcbc8dc3a4b5f70d57da3fe6f474e9", "21e9b45282e01ebabd61e07cf9aa204e46e032a1d1acfb2303b8e0f670567448", "22b08643b67050fa5d35661cf4f52640ca54cb51f0284653f1de6ae6d78be228", "2aae4aacd43eb084f256832fc79063d2f32c7b761913b98137fb35dcfe89f39b", "ab39df8543a09d8c29eee030bb7dbad74c07c3b0b206a9d35880c4f26cf36452"], "ip": "147[.]75[.]47[.]199"}, {"hashes": ["00f589b973d9ddf0e3db6d567f77886c0e8a0ad7920f000de3f6cc3948439281", "036b8a21e359548bb8e801e61a2a563e8877c39b5e689a7e679751bcad46d477", "03addbd129b7de3d7d508d1d1b8deba6aee86127f98c4918022c9b43f78b072e", "04dc096af986a9add7a85214455d58e97a34e4bdf3dee7272c455a401e3680d0", "064e38cda346c8cfa42db4ef0a2a4c188586e8d4a303e5f97c32b42fb5482d78", "0964b8355fa66c316052a8b1c301a7bcc71917337ff17aea4098ee0fd14bd3fa", "0a63ab3b6b1943a68da5b5edd037422fe0c7bbe646f2578b8c5affb58f9f6b22", "0f284c56661707f11c7bf248323d1699f0d3c3f747b5a720d9d2f51deae00104", "0f71d11f24c6d489ee01b40eda3d9278452b0d2ba928feb20fa1c2906270f695", "0fb3382e2773d2c89b5df7b08f19001bc8ea66783a720118a2f317f45f460cb8", "10d7b61a9abd5c49650304f5d0bb19f392e1bbe5f910d100441b8cb6f3ac1877", "133900dd382c7a2159a5718a5aabf95c68fd47d77220d663ff2d48bf4d798162", "15012baf2a25fbd426ced94c36175f41337b0e50128a0c5d475572e7e3c20d3b", "15ccf19e26a40e2da63e6fc533a26fa39230374ec8cc8e0898680e7539d2383f", "19885be40ef5a7b44b26d32d64bf4efcf9d3c5fc70c6edefd2ad40635f6d9912", "1b07efa7944cb20c5d2864a86922f48bc8548eb1168da8f6ac225afd53816e10", "1bc5c6fd70de7b1d23cc5092a2272e38f99deceadf0e28ee03f0035885c8d4ab", "1f2701d2976175f9ee326c37acd01d1a639d43264002c1fc9bd33e7cf92c8aaf", "1f3cc8fb5799308801f2d42a2aef65fd3edb8463d997ff55d62f40bdd7b9ebde", "2097e8760dc7d3e2a3db2dcd4731a54a49ec71671f16c0d57c0653897bb05e07", "215203c148bbf1653422a1ad3a81a28e1b0d98cd299325f8698f56e40d9274f8", "21c3fa1c14e8b604d2aef7f3c9037889e8dcbc8dc3a4b5f70d57da3fe6f474e9", "21e9b45282e01ebabd61e07cf9aa204e46e032a1d1acfb2303b8e0f670567448", "22b08643b67050fa5d35661cf4f52640ca54cb51f0284653f1de6ae6d78be228", "2aae4aacd43eb084f256832fc79063d2f32c7b761913b98137fb35dcfe89f39b", "ab39df8543a09d8c29eee030bb7dbad74c07c3b0b206a9d35880c4f26cf36452"], "ip": "135[.]181[.]49[.]32"}, {"hashes": ["03addbd129b7de3d7d508d1d1b8deba6aee86127f98c4918022c9b43f78b072e", "04dc096af986a9add7a85214455d58e97a34e4bdf3dee7272c455a401e3680d0", "064e38cda346c8cfa42db4ef0a2a4c188586e8d4a303e5f97c32b42fb5482d78", "0964b8355fa66c316052a8b1c301a7bcc71917337ff17aea4098ee0fd14bd3fa", "0a63ab3b6b1943a68da5b5edd037422fe0c7bbe646f2578b8c5affb58f9f6b22", "0f284c56661707f11c7bf248323d1699f0d3c3f747b5a720d9d2f51deae00104", "10d7b61a9abd5c49650304f5d0bb19f392e1bbe5f910d100441b8cb6f3ac1877", "15012baf2a25fbd426ced94c36175f41337b0e50128a0c5d475572e7e3c20d3b", "15ccf19e26a40e2da63e6fc533a26fa39230374ec8cc8e0898680e7539d2383f", "1bc5c6fd70de7b1d23cc5092a2272e38f99deceadf0e28ee03f0035885c8d4ab", "1f3cc8fb5799308801f2d42a2aef65fd3edb8463d997ff55d62f40bdd7b9ebde", "2097e8760dc7d3e2a3db2dcd4731a54a49ec71671f16c0d57c0653897bb05e07", "21c3fa1c14e8b604d2aef7f3c9037889e8dcbc8dc3a4b5f70d57da3fe6f474e9", "21e9b45282e01ebabd61e07cf9aa204e46e032a1d1acfb2303b8e0f670567448", "2aae4aacd43eb084f256832fc79063d2f32c7b761913b98137fb35dcfe89f39b"], "ip": "172[.]67[.]155[.]149"}, {"hashes": ["00f589b973d9ddf0e3db6d567f77886c0e8a0ad7920f000de3f6cc3948439281", "036b8a21e359548bb8e801e61a2a563e8877c39b5e689a7e679751bcad46d477", "0f71d11f24c6d489ee01b40eda3d9278452b0d2ba928feb20fa1c2906270f695", "0fb3382e2773d2c89b5df7b08f19001bc8ea66783a720118a2f317f45f460cb8", "133900dd382c7a2159a5718a5aabf95c68fd47d77220d663ff2d48bf4d798162", "19885be40ef5a7b44b26d32d64bf4efcf9d3c5fc70c6edefd2ad40635f6d9912", "1b07efa7944cb20c5d2864a86922f48bc8548eb1168da8f6ac225afd53816e10", "1f2701d2976175f9ee326c37acd01d1a639d43264002c1fc9bd33e7cf92c8aaf", "215203c148bbf1653422a1ad3a81a28e1b0d98cd299325f8698f56e40d9274f8", "22b08643b67050fa5d35661cf4f52640ca54cb51f0284653f1de6ae6d78be228", "ab39df8543a09d8c29eee030bb7dbad74c07c3b0b206a9d35880c4f26cf36452"], "ip": "104[.]21[.]80[.]237"}, {"hashes": ["03addbd129b7de3d7d508d1d1b8deba6aee86127f98c4918022c9b43f78b072e", "0f71d11f24c6d489ee01b40eda3d9278452b0d2ba928feb20fa1c2906270f695", "15ccf19e26a40e2da63e6fc533a26fa39230374ec8cc8e0898680e7539d2383f", "1f3cc8fb5799308801f2d42a2aef65fd3edb8463d997ff55d62f40bdd7b9ebde"], "ip": "50[.]19[.]252[.]36"}, {"hashes": ["0f71d11f24c6d489ee01b40eda3d9278452b0d2ba928feb20fa1c2906270f695", "10d7b61a9abd5c49650304f5d0bb19f392e1bbe5f910d100441b8cb6f3ac1877", "1f3cc8fb5799308801f2d42a2aef65fd3edb8463d997ff55d62f40bdd7b9ebde", "2aae4aacd43eb084f256832fc79063d2f32c7b761913b98137fb35dcfe89f39b"], "ip": "23[.]21[.]76[.]253"}, {"hashes": ["15012baf2a25fbd426ced94c36175f41337b0e50128a0c5d475572e7e3c20d3b", "15ccf19e26a40e2da63e6fc533a26fa39230374ec8cc8e0898680e7539d2383f", "1f2701d2976175f9ee326c37acd01d1a639d43264002c1fc9bd33e7cf92c8aaf"], "ip": "54[.]225[.]220[.]115"}, {"hashes": ["036b8a21e359548bb8e801e61a2a563e8877c39b5e689a7e679751bcad46d477", "0964b8355fa66c316052a8b1c301a7bcc71917337ff17aea4098ee0fd14bd3fa", "1f2701d2976175f9ee326c37acd01d1a639d43264002c1fc9bd33e7cf92c8aaf"], "ip": "54[.]235[.]189[.]250"}, {"hashes": ["036b8a21e359548bb8e801e61a2a563e8877c39b5e689a7e679751bcad46d477", "21c3fa1c14e8b604d2aef7f3c9037889e8dcbc8dc3a4b5f70d57da3fe6f474e9"], "ip": "54[.]225[.]66[.]103"}, {"hashes": ["15012baf2a25fbd426ced94c36175f41337b0e50128a0c5d475572e7e3c20d3b", "22b08643b67050fa5d35661cf4f52640ca54cb51f0284653f1de6ae6d78be228"], "ip": "54[.]235[.]83[.]248"}, {"hashes": ["215203c148bbf1653422a1ad3a81a28e1b0d98cd299325f8698f56e40d9274f8", "21e9b45282e01ebabd61e07cf9aa204e46e032a1d1acfb2303b8e0f670567448"], "ip": "23[.]21[.]126[.]66"}, {"hashes": ["00f589b973d9ddf0e3db6d567f77886c0e8a0ad7920f000de3f6cc3948439281", "1bc5c6fd70de7b1d23cc5092a2272e38f99deceadf0e28ee03f0035885c8d4ab"], "ip": "54[.]221[.]253[.]252"}, {"hashes": ["064e38cda346c8cfa42db4ef0a2a4c188586e8d4a303e5f97c32b42fb5482d78"], "ip": "23[.]21[.]252[.]4"}, {"hashes": ["04dc096af986a9add7a85214455d58e97a34e4bdf3dee7272c455a401e3680d0"], "ip": "54[.]235[.]142[.]93"}, {"hashes": ["2097e8760dc7d3e2a3db2dcd4731a54a49ec71671f16c0d57c0653897bb05e07"], "ip": "54[.]243[.]164[.]148"}, {"hashes": ["0f284c56661707f11c7bf248323d1699f0d3c3f747b5a720d9d2f51deae00104"], "ip": "23[.]21[.]140[.]41"}, {"hashes": ["0fb3382e2773d2c89b5df7b08f19001bc8ea66783a720118a2f317f45f460cb8"], "ip": "50[.]19[.]96[.]218"}, {"hashes": ["03addbd129b7de3d7d508d1d1b8deba6aee86127f98c4918022c9b43f78b072e"], "ip": "23[.]21[.]48[.]44"}], "mutex": [], "registry": []}, "reports_count": 26}, "Win.Packed.Dridex-9833501-1": {"bis": [{"bi": "pe-encrypted-section", "hashes": ["5e1e4f805c3e18e77f59585774c160e27e577f993e3f89610574d47320354f3d", "3d8145249e8c326d93c5d41889be15281e793082cd35d54a8ca943b529ca3b38", "9585d3dc928b2d61e93e2c865b2c9a91d08997d1d2d011a222259e770f3f43c2", "6e35bbccb1acacc25c051e8776752d398fcfa99290cb3003e16ce2d447e06f4f", "4b7722bafa8983254b2100291560bd1387e89aa098e6272fc654565a606d62cf", "cff6a811ddf5a35878fc58cc37c63bae6858bfa0c1d579b37e8b087dd3b005ac", "3aac71ff580fd15ebdaf1b23928eced0fb5af5155d94ec8c7fec5c0bfb5b5a0b", "29c11e08afae3ab8a6a710ba9ddb9fa7ff7940b11c2b1f923a678eb751e5bd85", "513528abdc5db50033b92f9a3400e0cf9f5263e1749377f5ef0aff2e1b9b21d6", "1630e7419f11c53228dd0686a5129ee44f6b1e6a73767f418c5a716d12a075c4", "6a183798948fb128face5ebf15d7dbbc39420f370905ed19293697fcf4f4e799", "94cbe027b84ae0c215a6b1e53874c5abbae2ad1171c67d9036d5fb3a475cd4c3", "6646576f008d36954245ed5bf69a3b23366f320c5d6706034d19481972d4d0f3", "23464363cba08e27fe80216b5fd4357dcacf8a5224595e93a9140f31d5cbc566", "51fa5c10aa5dc6afff5c83bae523901b4de99d3a59ed4bc9120153d6312c54b9", "7be5d5f55d1600a3a7a08d8dd4f442ad2ef6e966bf42b1294ab77dd6d0c71280", "2fc84c525ac1d702f88e30859959de5ca80ddf2f72dbfa05a448d66c8b753256", "22a719fe3597d52a4ab83bd9d0be81ab84ad0fc7409338bdee9966988b572c85", "88d28d8f8f4b4ba6592bd826e2881e243322018751e5695d841984d629d9eada", "4822a7b53c1869b43a3ebc118b43916f4f77bd03f5bdf3498b18a378f3e86803", "1995d1a3435e5b7d9eb425973c2d3cb34059bcd852a4eb8748837ae706054781", "4a48c638dab35fa78192f7747b068cc129da710066028c43170ae12eb460f167", "48c34b58244f2d1849f3f0bd00920032e968efe02c3f883151cb4aa88943117f", "9a633c5cb26ec4fdda6a2291b2baa62b74c9f228a993969554a2f67d5ab6ff78", "353336a6c39312c51f7666cc2b3d80d1b27c239235dd2399154f193f3b2df4a1", "430a27095ef10105e48f9f28c1c4ac4071fb18f761b5d13aa96ba0cacb3ae45b"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "memory-execute-readwrite", "hashes": ["5e1e4f805c3e18e77f59585774c160e27e577f993e3f89610574d47320354f3d", "3d8145249e8c326d93c5d41889be15281e793082cd35d54a8ca943b529ca3b38", "9585d3dc928b2d61e93e2c865b2c9a91d08997d1d2d011a222259e770f3f43c2", "6e35bbccb1acacc25c051e8776752d398fcfa99290cb3003e16ce2d447e06f4f", "4b7722bafa8983254b2100291560bd1387e89aa098e6272fc654565a606d62cf", "cff6a811ddf5a35878fc58cc37c63bae6858bfa0c1d579b37e8b087dd3b005ac", "3aac71ff580fd15ebdaf1b23928eced0fb5af5155d94ec8c7fec5c0bfb5b5a0b", "29c11e08afae3ab8a6a710ba9ddb9fa7ff7940b11c2b1f923a678eb751e5bd85", "513528abdc5db50033b92f9a3400e0cf9f5263e1749377f5ef0aff2e1b9b21d6", "1630e7419f11c53228dd0686a5129ee44f6b1e6a73767f418c5a716d12a075c4", "6a183798948fb128face5ebf15d7dbbc39420f370905ed19293697fcf4f4e799", "94cbe027b84ae0c215a6b1e53874c5abbae2ad1171c67d9036d5fb3a475cd4c3", "6646576f008d36954245ed5bf69a3b23366f320c5d6706034d19481972d4d0f3", "23464363cba08e27fe80216b5fd4357dcacf8a5224595e93a9140f31d5cbc566", "51fa5c10aa5dc6afff5c83bae523901b4de99d3a59ed4bc9120153d6312c54b9", "7be5d5f55d1600a3a7a08d8dd4f442ad2ef6e966bf42b1294ab77dd6d0c71280", "2fc84c525ac1d702f88e30859959de5ca80ddf2f72dbfa05a448d66c8b753256", "22a719fe3597d52a4ab83bd9d0be81ab84ad0fc7409338bdee9966988b572c85", "88d28d8f8f4b4ba6592bd826e2881e243322018751e5695d841984d629d9eada", "4822a7b53c1869b43a3ebc118b43916f4f77bd03f5bdf3498b18a378f3e86803", "1995d1a3435e5b7d9eb425973c2d3cb34059bcd852a4eb8748837ae706054781", "4a48c638dab35fa78192f7747b068cc129da710066028c43170ae12eb460f167", "48c34b58244f2d1849f3f0bd00920032e968efe02c3f883151cb4aa88943117f", "9a633c5cb26ec4fdda6a2291b2baa62b74c9f228a993969554a2f67d5ab6ff78", "353336a6c39312c51f7666cc2b3d80d1b27c239235dd2399154f193f3b2df4a1", "430a27095ef10105e48f9f28c1c4ac4071fb18f761b5d13aa96ba0cacb3ae45b"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "modified-executable", "hashes": ["5e1e4f805c3e18e77f59585774c160e27e577f993e3f89610574d47320354f3d", "3d8145249e8c326d93c5d41889be15281e793082cd35d54a8ca943b529ca3b38", "9585d3dc928b2d61e93e2c865b2c9a91d08997d1d2d011a222259e770f3f43c2", "6e35bbccb1acacc25c051e8776752d398fcfa99290cb3003e16ce2d447e06f4f", "4b7722bafa8983254b2100291560bd1387e89aa098e6272fc654565a606d62cf", "cff6a811ddf5a35878fc58cc37c63bae6858bfa0c1d579b37e8b087dd3b005ac", "3aac71ff580fd15ebdaf1b23928eced0fb5af5155d94ec8c7fec5c0bfb5b5a0b", "29c11e08afae3ab8a6a710ba9ddb9fa7ff7940b11c2b1f923a678eb751e5bd85", "513528abdc5db50033b92f9a3400e0cf9f5263e1749377f5ef0aff2e1b9b21d6", "1630e7419f11c53228dd0686a5129ee44f6b1e6a73767f418c5a716d12a075c4", "6a183798948fb128face5ebf15d7dbbc39420f370905ed19293697fcf4f4e799", "94cbe027b84ae0c215a6b1e53874c5abbae2ad1171c67d9036d5fb3a475cd4c3", "6646576f008d36954245ed5bf69a3b23366f320c5d6706034d19481972d4d0f3", "23464363cba08e27fe80216b5fd4357dcacf8a5224595e93a9140f31d5cbc566", "51fa5c10aa5dc6afff5c83bae523901b4de99d3a59ed4bc9120153d6312c54b9", "7be5d5f55d1600a3a7a08d8dd4f442ad2ef6e966bf42b1294ab77dd6d0c71280", "2fc84c525ac1d702f88e30859959de5ca80ddf2f72dbfa05a448d66c8b753256", "22a719fe3597d52a4ab83bd9d0be81ab84ad0fc7409338bdee9966988b572c85", "88d28d8f8f4b4ba6592bd826e2881e243322018751e5695d841984d629d9eada", "4822a7b53c1869b43a3ebc118b43916f4f77bd03f5bdf3498b18a378f3e86803", "1995d1a3435e5b7d9eb425973c2d3cb34059bcd852a4eb8748837ae706054781", "4a48c638dab35fa78192f7747b068cc129da710066028c43170ae12eb460f167", "48c34b58244f2d1849f3f0bd00920032e968efe02c3f883151cb4aa88943117f", "9a633c5cb26ec4fdda6a2291b2baa62b74c9f228a993969554a2f67d5ab6ff78", "353336a6c39312c51f7666cc2b3d80d1b27c239235dd2399154f193f3b2df4a1", "430a27095ef10105e48f9f28c1c4ac4071fb18f761b5d13aa96ba0cacb3ae45b"], "mitre_attack_tags": []}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["5e1e4f805c3e18e77f59585774c160e27e577f993e3f89610574d47320354f3d", "3d8145249e8c326d93c5d41889be15281e793082cd35d54a8ca943b529ca3b38", "9585d3dc928b2d61e93e2c865b2c9a91d08997d1d2d011a222259e770f3f43c2", "6e35bbccb1acacc25c051e8776752d398fcfa99290cb3003e16ce2d447e06f4f", "4b7722bafa8983254b2100291560bd1387e89aa098e6272fc654565a606d62cf", "cff6a811ddf5a35878fc58cc37c63bae6858bfa0c1d579b37e8b087dd3b005ac", "3aac71ff580fd15ebdaf1b23928eced0fb5af5155d94ec8c7fec5c0bfb5b5a0b", "29c11e08afae3ab8a6a710ba9ddb9fa7ff7940b11c2b1f923a678eb751e5bd85", "513528abdc5db50033b92f9a3400e0cf9f5263e1749377f5ef0aff2e1b9b21d6", "1630e7419f11c53228dd0686a5129ee44f6b1e6a73767f418c5a716d12a075c4", "6a183798948fb128face5ebf15d7dbbc39420f370905ed19293697fcf4f4e799", "94cbe027b84ae0c215a6b1e53874c5abbae2ad1171c67d9036d5fb3a475cd4c3", "6646576f008d36954245ed5bf69a3b23366f320c5d6706034d19481972d4d0f3", "23464363cba08e27fe80216b5fd4357dcacf8a5224595e93a9140f31d5cbc566", "51fa5c10aa5dc6afff5c83bae523901b4de99d3a59ed4bc9120153d6312c54b9", "7be5d5f55d1600a3a7a08d8dd4f442ad2ef6e966bf42b1294ab77dd6d0c71280", "2fc84c525ac1d702f88e30859959de5ca80ddf2f72dbfa05a448d66c8b753256", "22a719fe3597d52a4ab83bd9d0be81ab84ad0fc7409338bdee9966988b572c85", "88d28d8f8f4b4ba6592bd826e2881e243322018751e5695d841984d629d9eada", "4822a7b53c1869b43a3ebc118b43916f4f77bd03f5bdf3498b18a378f3e86803", "1995d1a3435e5b7d9eb425973c2d3cb34059bcd852a4eb8748837ae706054781", "4a48c638dab35fa78192f7747b068cc129da710066028c43170ae12eb460f167", "48c34b58244f2d1849f3f0bd00920032e968efe02c3f883151cb4aa88943117f", "9a633c5cb26ec4fdda6a2291b2baa62b74c9f228a993969554a2f67d5ab6ff78", "353336a6c39312c51f7666cc2b3d80d1b27c239235dd2399154f193f3b2df4a1", "430a27095ef10105e48f9f28c1c4ac4071fb18f761b5d13aa96ba0cacb3ae45b"], "mitre_attack_tags": []}, {"bi": "cta-static-analyzer-malicious", "hashes": ["5e1e4f805c3e18e77f59585774c160e27e577f993e3f89610574d47320354f3d", "3d8145249e8c326d93c5d41889be15281e793082cd35d54a8ca943b529ca3b38", "9585d3dc928b2d61e93e2c865b2c9a91d08997d1d2d011a222259e770f3f43c2", "6e35bbccb1acacc25c051e8776752d398fcfa99290cb3003e16ce2d447e06f4f", "4b7722bafa8983254b2100291560bd1387e89aa098e6272fc654565a606d62cf", "cff6a811ddf5a35878fc58cc37c63bae6858bfa0c1d579b37e8b087dd3b005ac", "3aac71ff580fd15ebdaf1b23928eced0fb5af5155d94ec8c7fec5c0bfb5b5a0b", "29c11e08afae3ab8a6a710ba9ddb9fa7ff7940b11c2b1f923a678eb751e5bd85", "513528abdc5db50033b92f9a3400e0cf9f5263e1749377f5ef0aff2e1b9b21d6", "1630e7419f11c53228dd0686a5129ee44f6b1e6a73767f418c5a716d12a075c4", "6a183798948fb128face5ebf15d7dbbc39420f370905ed19293697fcf4f4e799", "94cbe027b84ae0c215a6b1e53874c5abbae2ad1171c67d9036d5fb3a475cd4c3", "6646576f008d36954245ed5bf69a3b23366f320c5d6706034d19481972d4d0f3", "23464363cba08e27fe80216b5fd4357dcacf8a5224595e93a9140f31d5cbc566", "51fa5c10aa5dc6afff5c83bae523901b4de99d3a59ed4bc9120153d6312c54b9", "7be5d5f55d1600a3a7a08d8dd4f442ad2ef6e966bf42b1294ab77dd6d0c71280", "2fc84c525ac1d702f88e30859959de5ca80ddf2f72dbfa05a448d66c8b753256", "22a719fe3597d52a4ab83bd9d0be81ab84ad0fc7409338bdee9966988b572c85", "88d28d8f8f4b4ba6592bd826e2881e243322018751e5695d841984d629d9eada", "4822a7b53c1869b43a3ebc118b43916f4f77bd03f5bdf3498b18a378f3e86803", "1995d1a3435e5b7d9eb425973c2d3cb34059bcd852a4eb8748837ae706054781", "4a48c638dab35fa78192f7747b068cc129da710066028c43170ae12eb460f167", "48c34b58244f2d1849f3f0bd00920032e968efe02c3f883151cb4aa88943117f", "9a633c5cb26ec4fdda6a2291b2baa62b74c9f228a993969554a2f67d5ab6ff78", "353336a6c39312c51f7666cc2b3d80d1b27c239235dd2399154f193f3b2df4a1", "430a27095ef10105e48f9f28c1c4ac4071fb18f761b5d13aa96ba0cacb3ae45b"], "mitre_attack_tags": []}, {"bi": "artifact-flagged-anomaly", "hashes": ["5e1e4f805c3e18e77f59585774c160e27e577f993e3f89610574d47320354f3d", "3d8145249e8c326d93c5d41889be15281e793082cd35d54a8ca943b529ca3b38", "9585d3dc928b2d61e93e2c865b2c9a91d08997d1d2d011a222259e770f3f43c2", "6e35bbccb1acacc25c051e8776752d398fcfa99290cb3003e16ce2d447e06f4f", "4b7722bafa8983254b2100291560bd1387e89aa098e6272fc654565a606d62cf", "cff6a811ddf5a35878fc58cc37c63bae6858bfa0c1d579b37e8b087dd3b005ac", "3aac71ff580fd15ebdaf1b23928eced0fb5af5155d94ec8c7fec5c0bfb5b5a0b", "29c11e08afae3ab8a6a710ba9ddb9fa7ff7940b11c2b1f923a678eb751e5bd85", "513528abdc5db50033b92f9a3400e0cf9f5263e1749377f5ef0aff2e1b9b21d6", "1630e7419f11c53228dd0686a5129ee44f6b1e6a73767f418c5a716d12a075c4", "6a183798948fb128face5ebf15d7dbbc39420f370905ed19293697fcf4f4e799", "94cbe027b84ae0c215a6b1e53874c5abbae2ad1171c67d9036d5fb3a475cd4c3", "6646576f008d36954245ed5bf69a3b23366f320c5d6706034d19481972d4d0f3", "23464363cba08e27fe80216b5fd4357dcacf8a5224595e93a9140f31d5cbc566", "51fa5c10aa5dc6afff5c83bae523901b4de99d3a59ed4bc9120153d6312c54b9", "7be5d5f55d1600a3a7a08d8dd4f442ad2ef6e966bf42b1294ab77dd6d0c71280", "2fc84c525ac1d702f88e30859959de5ca80ddf2f72dbfa05a448d66c8b753256", "22a719fe3597d52a4ab83bd9d0be81ab84ad0fc7409338bdee9966988b572c85", "88d28d8f8f4b4ba6592bd826e2881e243322018751e5695d841984d629d9eada", "4822a7b53c1869b43a3ebc118b43916f4f77bd03f5bdf3498b18a378f3e86803", "1995d1a3435e5b7d9eb425973c2d3cb34059bcd852a4eb8748837ae706054781", "4a48c638dab35fa78192f7747b068cc129da710066028c43170ae12eb460f167", "48c34b58244f2d1849f3f0bd00920032e968efe02c3f883151cb4aa88943117f", "9a633c5cb26ec4fdda6a2291b2baa62b74c9f228a993969554a2f67d5ab6ff78", "353336a6c39312c51f7666cc2b3d80d1b27c239235dd2399154f193f3b2df4a1", "430a27095ef10105e48f9f28c1c4ac4071fb18f761b5d13aa96ba0cacb3ae45b"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-section-execute-writable", "hashes": ["5e1e4f805c3e18e77f59585774c160e27e577f993e3f89610574d47320354f3d", "3d8145249e8c326d93c5d41889be15281e793082cd35d54a8ca943b529ca3b38", "9585d3dc928b2d61e93e2c865b2c9a91d08997d1d2d011a222259e770f3f43c2", "6e35bbccb1acacc25c051e8776752d398fcfa99290cb3003e16ce2d447e06f4f", "4b7722bafa8983254b2100291560bd1387e89aa098e6272fc654565a606d62cf", "cff6a811ddf5a35878fc58cc37c63bae6858bfa0c1d579b37e8b087dd3b005ac", "3aac71ff580fd15ebdaf1b23928eced0fb5af5155d94ec8c7fec5c0bfb5b5a0b", "29c11e08afae3ab8a6a710ba9ddb9fa7ff7940b11c2b1f923a678eb751e5bd85", "513528abdc5db50033b92f9a3400e0cf9f5263e1749377f5ef0aff2e1b9b21d6", "1630e7419f11c53228dd0686a5129ee44f6b1e6a73767f418c5a716d12a075c4", "6a183798948fb128face5ebf15d7dbbc39420f370905ed19293697fcf4f4e799", "94cbe027b84ae0c215a6b1e53874c5abbae2ad1171c67d9036d5fb3a475cd4c3", "6646576f008d36954245ed5bf69a3b23366f320c5d6706034d19481972d4d0f3", "23464363cba08e27fe80216b5fd4357dcacf8a5224595e93a9140f31d5cbc566", "51fa5c10aa5dc6afff5c83bae523901b4de99d3a59ed4bc9120153d6312c54b9", "7be5d5f55d1600a3a7a08d8dd4f442ad2ef6e966bf42b1294ab77dd6d0c71280", "2fc84c525ac1d702f88e30859959de5ca80ddf2f72dbfa05a448d66c8b753256", "22a719fe3597d52a4ab83bd9d0be81ab84ad0fc7409338bdee9966988b572c85", "88d28d8f8f4b4ba6592bd826e2881e243322018751e5695d841984d629d9eada", "4822a7b53c1869b43a3ebc118b43916f4f77bd03f5bdf3498b18a378f3e86803", "1995d1a3435e5b7d9eb425973c2d3cb34059bcd852a4eb8748837ae706054781", "4a48c638dab35fa78192f7747b068cc129da710066028c43170ae12eb460f167", "48c34b58244f2d1849f3f0bd00920032e968efe02c3f883151cb4aa88943117f", "9a633c5cb26ec4fdda6a2291b2baa62b74c9f228a993969554a2f67d5ab6ff78", "353336a6c39312c51f7666cc2b3d80d1b27c239235dd2399154f193f3b2df4a1", "430a27095ef10105e48f9f28c1c4ac4071fb18f761b5d13aa96ba0cacb3ae45b"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "network-fast-flux-domain", "hashes": ["5e1e4f805c3e18e77f59585774c160e27e577f993e3f89610574d47320354f3d", "3d8145249e8c326d93c5d41889be15281e793082cd35d54a8ca943b529ca3b38", "9585d3dc928b2d61e93e2c865b2c9a91d08997d1d2d011a222259e770f3f43c2", "6e35bbccb1acacc25c051e8776752d398fcfa99290cb3003e16ce2d447e06f4f", "4b7722bafa8983254b2100291560bd1387e89aa098e6272fc654565a606d62cf", "cff6a811ddf5a35878fc58cc37c63bae6858bfa0c1d579b37e8b087dd3b005ac", "3aac71ff580fd15ebdaf1b23928eced0fb5af5155d94ec8c7fec5c0bfb5b5a0b", "29c11e08afae3ab8a6a710ba9ddb9fa7ff7940b11c2b1f923a678eb751e5bd85", "513528abdc5db50033b92f9a3400e0cf9f5263e1749377f5ef0aff2e1b9b21d6", "1630e7419f11c53228dd0686a5129ee44f6b1e6a73767f418c5a716d12a075c4", "6a183798948fb128face5ebf15d7dbbc39420f370905ed19293697fcf4f4e799", "94cbe027b84ae0c215a6b1e53874c5abbae2ad1171c67d9036d5fb3a475cd4c3", "6646576f008d36954245ed5bf69a3b23366f320c5d6706034d19481972d4d0f3", "23464363cba08e27fe80216b5fd4357dcacf8a5224595e93a9140f31d5cbc566", "51fa5c10aa5dc6afff5c83bae523901b4de99d3a59ed4bc9120153d6312c54b9", "7be5d5f55d1600a3a7a08d8dd4f442ad2ef6e966bf42b1294ab77dd6d0c71280", "2fc84c525ac1d702f88e30859959de5ca80ddf2f72dbfa05a448d66c8b753256", "22a719fe3597d52a4ab83bd9d0be81ab84ad0fc7409338bdee9966988b572c85", "88d28d8f8f4b4ba6592bd826e2881e243322018751e5695d841984d629d9eada", "4822a7b53c1869b43a3ebc118b43916f4f77bd03f5bdf3498b18a378f3e86803", "1995d1a3435e5b7d9eb425973c2d3cb34059bcd852a4eb8748837ae706054781", "4a48c638dab35fa78192f7747b068cc129da710066028c43170ae12eb460f167", "48c34b58244f2d1849f3f0bd00920032e968efe02c3f883151cb4aa88943117f", "9a633c5cb26ec4fdda6a2291b2baa62b74c9f228a993969554a2f67d5ab6ff78", "353336a6c39312c51f7666cc2b3d80d1b27c239235dd2399154f193f3b2df4a1", "430a27095ef10105e48f9f28c1c4ac4071fb18f761b5d13aa96ba0cacb3ae45b"], "mitre_attack_tags": []}, {"bi": "network-communications-http-get", "hashes": ["5e1e4f805c3e18e77f59585774c160e27e577f993e3f89610574d47320354f3d", "3d8145249e8c326d93c5d41889be15281e793082cd35d54a8ca943b529ca3b38", "9585d3dc928b2d61e93e2c865b2c9a91d08997d1d2d011a222259e770f3f43c2", "6e35bbccb1acacc25c051e8776752d398fcfa99290cb3003e16ce2d447e06f4f", "4b7722bafa8983254b2100291560bd1387e89aa098e6272fc654565a606d62cf", "cff6a811ddf5a35878fc58cc37c63bae6858bfa0c1d579b37e8b087dd3b005ac", "3aac71ff580fd15ebdaf1b23928eced0fb5af5155d94ec8c7fec5c0bfb5b5a0b", "29c11e08afae3ab8a6a710ba9ddb9fa7ff7940b11c2b1f923a678eb751e5bd85", "513528abdc5db50033b92f9a3400e0cf9f5263e1749377f5ef0aff2e1b9b21d6", "1630e7419f11c53228dd0686a5129ee44f6b1e6a73767f418c5a716d12a075c4", "6a183798948fb128face5ebf15d7dbbc39420f370905ed19293697fcf4f4e799", "94cbe027b84ae0c215a6b1e53874c5abbae2ad1171c67d9036d5fb3a475cd4c3", "6646576f008d36954245ed5bf69a3b23366f320c5d6706034d19481972d4d0f3", "23464363cba08e27fe80216b5fd4357dcacf8a5224595e93a9140f31d5cbc566", "51fa5c10aa5dc6afff5c83bae523901b4de99d3a59ed4bc9120153d6312c54b9", "7be5d5f55d1600a3a7a08d8dd4f442ad2ef6e966bf42b1294ab77dd6d0c71280", "2fc84c525ac1d702f88e30859959de5ca80ddf2f72dbfa05a448d66c8b753256", "22a719fe3597d52a4ab83bd9d0be81ab84ad0fc7409338bdee9966988b572c85", "88d28d8f8f4b4ba6592bd826e2881e243322018751e5695d841984d629d9eada", "4822a7b53c1869b43a3ebc118b43916f4f77bd03f5bdf3498b18a378f3e86803", "1995d1a3435e5b7d9eb425973c2d3cb34059bcd852a4eb8748837ae706054781", "4a48c638dab35fa78192f7747b068cc129da710066028c43170ae12eb460f167", "48c34b58244f2d1849f3f0bd00920032e968efe02c3f883151cb4aa88943117f", "9a633c5cb26ec4fdda6a2291b2baa62b74c9f228a993969554a2f67d5ab6ff78", "353336a6c39312c51f7666cc2b3d80d1b27c239235dd2399154f193f3b2df4a1", "430a27095ef10105e48f9f28c1c4ac4071fb18f761b5d13aa96ba0cacb3ae45b"], "mitre_attack_tags": ["TA0011", "T1105"]}, {"bi": "network-fast-flux-nameserver", "hashes": ["5e1e4f805c3e18e77f59585774c160e27e577f993e3f89610574d47320354f3d", "3d8145249e8c326d93c5d41889be15281e793082cd35d54a8ca943b529ca3b38", "9585d3dc928b2d61e93e2c865b2c9a91d08997d1d2d011a222259e770f3f43c2", "6e35bbccb1acacc25c051e8776752d398fcfa99290cb3003e16ce2d447e06f4f", "4b7722bafa8983254b2100291560bd1387e89aa098e6272fc654565a606d62cf", "cff6a811ddf5a35878fc58cc37c63bae6858bfa0c1d579b37e8b087dd3b005ac", "3aac71ff580fd15ebdaf1b23928eced0fb5af5155d94ec8c7fec5c0bfb5b5a0b", "29c11e08afae3ab8a6a710ba9ddb9fa7ff7940b11c2b1f923a678eb751e5bd85", "513528abdc5db50033b92f9a3400e0cf9f5263e1749377f5ef0aff2e1b9b21d6", "1630e7419f11c53228dd0686a5129ee44f6b1e6a73767f418c5a716d12a075c4", "6a183798948fb128face5ebf15d7dbbc39420f370905ed19293697fcf4f4e799", "94cbe027b84ae0c215a6b1e53874c5abbae2ad1171c67d9036d5fb3a475cd4c3", "6646576f008d36954245ed5bf69a3b23366f320c5d6706034d19481972d4d0f3", "23464363cba08e27fe80216b5fd4357dcacf8a5224595e93a9140f31d5cbc566", "51fa5c10aa5dc6afff5c83bae523901b4de99d3a59ed4bc9120153d6312c54b9", "7be5d5f55d1600a3a7a08d8dd4f442ad2ef6e966bf42b1294ab77dd6d0c71280", "2fc84c525ac1d702f88e30859959de5ca80ddf2f72dbfa05a448d66c8b753256", "22a719fe3597d52a4ab83bd9d0be81ab84ad0fc7409338bdee9966988b572c85", "88d28d8f8f4b4ba6592bd826e2881e243322018751e5695d841984d629d9eada", "4822a7b53c1869b43a3ebc118b43916f4f77bd03f5bdf3498b18a378f3e86803", "1995d1a3435e5b7d9eb425973c2d3cb34059bcd852a4eb8748837ae706054781", "4a48c638dab35fa78192f7747b068cc129da710066028c43170ae12eb460f167", "48c34b58244f2d1849f3f0bd00920032e968efe02c3f883151cb4aa88943117f", "9a633c5cb26ec4fdda6a2291b2baa62b74c9f228a993969554a2f67d5ab6ff78", "353336a6c39312c51f7666cc2b3d80d1b27c239235dd2399154f193f3b2df4a1", "430a27095ef10105e48f9f28c1c4ac4071fb18f761b5d13aa96ba0cacb3ae45b"], "mitre_attack_tags": []}, {"bi": "dns-query-nxdomain", "hashes": ["5e1e4f805c3e18e77f59585774c160e27e577f993e3f89610574d47320354f3d", "3d8145249e8c326d93c5d41889be15281e793082cd35d54a8ca943b529ca3b38", "9585d3dc928b2d61e93e2c865b2c9a91d08997d1d2d011a222259e770f3f43c2", "6e35bbccb1acacc25c051e8776752d398fcfa99290cb3003e16ce2d447e06f4f", "4b7722bafa8983254b2100291560bd1387e89aa098e6272fc654565a606d62cf", "cff6a811ddf5a35878fc58cc37c63bae6858bfa0c1d579b37e8b087dd3b005ac", "3aac71ff580fd15ebdaf1b23928eced0fb5af5155d94ec8c7fec5c0bfb5b5a0b", "29c11e08afae3ab8a6a710ba9ddb9fa7ff7940b11c2b1f923a678eb751e5bd85", "513528abdc5db50033b92f9a3400e0cf9f5263e1749377f5ef0aff2e1b9b21d6", "1630e7419f11c53228dd0686a5129ee44f6b1e6a73767f418c5a716d12a075c4", "6a183798948fb128face5ebf15d7dbbc39420f370905ed19293697fcf4f4e799", "94cbe027b84ae0c215a6b1e53874c5abbae2ad1171c67d9036d5fb3a475cd4c3", "6646576f008d36954245ed5bf69a3b23366f320c5d6706034d19481972d4d0f3", "23464363cba08e27fe80216b5fd4357dcacf8a5224595e93a9140f31d5cbc566", "51fa5c10aa5dc6afff5c83bae523901b4de99d3a59ed4bc9120153d6312c54b9", "7be5d5f55d1600a3a7a08d8dd4f442ad2ef6e966bf42b1294ab77dd6d0c71280", "2fc84c525ac1d702f88e30859959de5ca80ddf2f72dbfa05a448d66c8b753256", "22a719fe3597d52a4ab83bd9d0be81ab84ad0fc7409338bdee9966988b572c85", "88d28d8f8f4b4ba6592bd826e2881e243322018751e5695d841984d629d9eada", "4822a7b53c1869b43a3ebc118b43916f4f77bd03f5bdf3498b18a378f3e86803", "1995d1a3435e5b7d9eb425973c2d3cb34059bcd852a4eb8748837ae706054781", "4a48c638dab35fa78192f7747b068cc129da710066028c43170ae12eb460f167", "48c34b58244f2d1849f3f0bd00920032e968efe02c3f883151cb4aa88943117f", "9a633c5cb26ec4fdda6a2291b2baa62b74c9f228a993969554a2f67d5ab6ff78", "353336a6c39312c51f7666cc2b3d80d1b27c239235dd2399154f193f3b2df4a1", "430a27095ef10105e48f9f28c1c4ac4071fb18f761b5d13aa96ba0cacb3ae45b"], "mitre_attack_tags": []}, {"bi": "network-snort-protocol", "hashes": ["5e1e4f805c3e18e77f59585774c160e27e577f993e3f89610574d47320354f3d", "3d8145249e8c326d93c5d41889be15281e793082cd35d54a8ca943b529ca3b38", "9585d3dc928b2d61e93e2c865b2c9a91d08997d1d2d011a222259e770f3f43c2", "6e35bbccb1acacc25c051e8776752d398fcfa99290cb3003e16ce2d447e06f4f", "4b7722bafa8983254b2100291560bd1387e89aa098e6272fc654565a606d62cf", "cff6a811ddf5a35878fc58cc37c63bae6858bfa0c1d579b37e8b087dd3b005ac", "3aac71ff580fd15ebdaf1b23928eced0fb5af5155d94ec8c7fec5c0bfb5b5a0b", "29c11e08afae3ab8a6a710ba9ddb9fa7ff7940b11c2b1f923a678eb751e5bd85", "513528abdc5db50033b92f9a3400e0cf9f5263e1749377f5ef0aff2e1b9b21d6", "1630e7419f11c53228dd0686a5129ee44f6b1e6a73767f418c5a716d12a075c4", "6a183798948fb128face5ebf15d7dbbc39420f370905ed19293697fcf4f4e799", "94cbe027b84ae0c215a6b1e53874c5abbae2ad1171c67d9036d5fb3a475cd4c3", "6646576f008d36954245ed5bf69a3b23366f320c5d6706034d19481972d4d0f3", "23464363cba08e27fe80216b5fd4357dcacf8a5224595e93a9140f31d5cbc566", "51fa5c10aa5dc6afff5c83bae523901b4de99d3a59ed4bc9120153d6312c54b9", "7be5d5f55d1600a3a7a08d8dd4f442ad2ef6e966bf42b1294ab77dd6d0c71280", "2fc84c525ac1d702f88e30859959de5ca80ddf2f72dbfa05a448d66c8b753256", "22a719fe3597d52a4ab83bd9d0be81ab84ad0fc7409338bdee9966988b572c85", "88d28d8f8f4b4ba6592bd826e2881e243322018751e5695d841984d629d9eada", "4822a7b53c1869b43a3ebc118b43916f4f77bd03f5bdf3498b18a378f3e86803", "1995d1a3435e5b7d9eb425973c2d3cb34059bcd852a4eb8748837ae706054781", "4a48c638dab35fa78192f7747b068cc129da710066028c43170ae12eb460f167", "48c34b58244f2d1849f3f0bd00920032e968efe02c3f883151cb4aa88943117f", "9a633c5cb26ec4fdda6a2291b2baa62b74c9f228a993969554a2f67d5ab6ff78", "353336a6c39312c51f7666cc2b3d80d1b27c239235dd2399154f193f3b2df4a1", "430a27095ef10105e48f9f28c1c4ac4071fb18f761b5d13aa96ba0cacb3ae45b"], "mitre_attack_tags": []}, {"bi": "network-only-safe-domains-contacted", "hashes": ["5e1e4f805c3e18e77f59585774c160e27e577f993e3f89610574d47320354f3d", "3d8145249e8c326d93c5d41889be15281e793082cd35d54a8ca943b529ca3b38", "9585d3dc928b2d61e93e2c865b2c9a91d08997d1d2d011a222259e770f3f43c2", "6e35bbccb1acacc25c051e8776752d398fcfa99290cb3003e16ce2d447e06f4f", "4b7722bafa8983254b2100291560bd1387e89aa098e6272fc654565a606d62cf", "cff6a811ddf5a35878fc58cc37c63bae6858bfa0c1d579b37e8b087dd3b005ac", "3aac71ff580fd15ebdaf1b23928eced0fb5af5155d94ec8c7fec5c0bfb5b5a0b", "29c11e08afae3ab8a6a710ba9ddb9fa7ff7940b11c2b1f923a678eb751e5bd85", "513528abdc5db50033b92f9a3400e0cf9f5263e1749377f5ef0aff2e1b9b21d6", "1630e7419f11c53228dd0686a5129ee44f6b1e6a73767f418c5a716d12a075c4", "6a183798948fb128face5ebf15d7dbbc39420f370905ed19293697fcf4f4e799", "94cbe027b84ae0c215a6b1e53874c5abbae2ad1171c67d9036d5fb3a475cd4c3", "6646576f008d36954245ed5bf69a3b23366f320c5d6706034d19481972d4d0f3", "23464363cba08e27fe80216b5fd4357dcacf8a5224595e93a9140f31d5cbc566", "51fa5c10aa5dc6afff5c83bae523901b4de99d3a59ed4bc9120153d6312c54b9", "7be5d5f55d1600a3a7a08d8dd4f442ad2ef6e966bf42b1294ab77dd6d0c71280", "2fc84c525ac1d702f88e30859959de5ca80ddf2f72dbfa05a448d66c8b753256", "22a719fe3597d52a4ab83bd9d0be81ab84ad0fc7409338bdee9966988b572c85", "88d28d8f8f4b4ba6592bd826e2881e243322018751e5695d841984d629d9eada", "4822a7b53c1869b43a3ebc118b43916f4f77bd03f5bdf3498b18a378f3e86803", "1995d1a3435e5b7d9eb425973c2d3cb34059bcd852a4eb8748837ae706054781", "4a48c638dab35fa78192f7747b068cc129da710066028c43170ae12eb460f167", "48c34b58244f2d1849f3f0bd00920032e968efe02c3f883151cb4aa88943117f", "9a633c5cb26ec4fdda6a2291b2baa62b74c9f228a993969554a2f67d5ab6ff78", "353336a6c39312c51f7666cc2b3d80d1b27c239235dd2399154f193f3b2df4a1", "430a27095ef10105e48f9f28c1c4ac4071fb18f761b5d13aa96ba0cacb3ae45b"], "mitre_attack_tags": []}, {"bi": "feed-domain-banking", "hashes": ["5e1e4f805c3e18e77f59585774c160e27e577f993e3f89610574d47320354f3d", "3d8145249e8c326d93c5d41889be15281e793082cd35d54a8ca943b529ca3b38", "9585d3dc928b2d61e93e2c865b2c9a91d08997d1d2d011a222259e770f3f43c2", "6e35bbccb1acacc25c051e8776752d398fcfa99290cb3003e16ce2d447e06f4f", "4b7722bafa8983254b2100291560bd1387e89aa098e6272fc654565a606d62cf", "cff6a811ddf5a35878fc58cc37c63bae6858bfa0c1d579b37e8b087dd3b005ac", "3aac71ff580fd15ebdaf1b23928eced0fb5af5155d94ec8c7fec5c0bfb5b5a0b", "29c11e08afae3ab8a6a710ba9ddb9fa7ff7940b11c2b1f923a678eb751e5bd85", "513528abdc5db50033b92f9a3400e0cf9f5263e1749377f5ef0aff2e1b9b21d6", "1630e7419f11c53228dd0686a5129ee44f6b1e6a73767f418c5a716d12a075c4", "6a183798948fb128face5ebf15d7dbbc39420f370905ed19293697fcf4f4e799", "94cbe027b84ae0c215a6b1e53874c5abbae2ad1171c67d9036d5fb3a475cd4c3", "6646576f008d36954245ed5bf69a3b23366f320c5d6706034d19481972d4d0f3", "23464363cba08e27fe80216b5fd4357dcacf8a5224595e93a9140f31d5cbc566", "51fa5c10aa5dc6afff5c83bae523901b4de99d3a59ed4bc9120153d6312c54b9", "7be5d5f55d1600a3a7a08d8dd4f442ad2ef6e966bf42b1294ab77dd6d0c71280", "2fc84c525ac1d702f88e30859959de5ca80ddf2f72dbfa05a448d66c8b753256", "22a719fe3597d52a4ab83bd9d0be81ab84ad0fc7409338bdee9966988b572c85", "88d28d8f8f4b4ba6592bd826e2881e243322018751e5695d841984d629d9eada", "4822a7b53c1869b43a3ebc118b43916f4f77bd03f5bdf3498b18a378f3e86803", "1995d1a3435e5b7d9eb425973c2d3cb34059bcd852a4eb8748837ae706054781", "4a48c638dab35fa78192f7747b068cc129da710066028c43170ae12eb460f167", "48c34b58244f2d1849f3f0bd00920032e968efe02c3f883151cb4aa88943117f", "9a633c5cb26ec4fdda6a2291b2baa62b74c9f228a993969554a2f67d5ab6ff78", "353336a6c39312c51f7666cc2b3d80d1b27c239235dd2399154f193f3b2df4a1", "430a27095ef10105e48f9f28c1c4ac4071fb18f761b5d13aa96ba0cacb3ae45b"], "mitre_attack_tags": []}, {"bi": "feed-domain-antivirus-service", "hashes": ["5e1e4f805c3e18e77f59585774c160e27e577f993e3f89610574d47320354f3d", "3d8145249e8c326d93c5d41889be15281e793082cd35d54a8ca943b529ca3b38", "9585d3dc928b2d61e93e2c865b2c9a91d08997d1d2d011a222259e770f3f43c2", "6e35bbccb1acacc25c051e8776752d398fcfa99290cb3003e16ce2d447e06f4f", "4b7722bafa8983254b2100291560bd1387e89aa098e6272fc654565a606d62cf", "cff6a811ddf5a35878fc58cc37c63bae6858bfa0c1d579b37e8b087dd3b005ac", "3aac71ff580fd15ebdaf1b23928eced0fb5af5155d94ec8c7fec5c0bfb5b5a0b", "29c11e08afae3ab8a6a710ba9ddb9fa7ff7940b11c2b1f923a678eb751e5bd85", "513528abdc5db50033b92f9a3400e0cf9f5263e1749377f5ef0aff2e1b9b21d6", "1630e7419f11c53228dd0686a5129ee44f6b1e6a73767f418c5a716d12a075c4", "6a183798948fb128face5ebf15d7dbbc39420f370905ed19293697fcf4f4e799", "94cbe027b84ae0c215a6b1e53874c5abbae2ad1171c67d9036d5fb3a475cd4c3", "6646576f008d36954245ed5bf69a3b23366f320c5d6706034d19481972d4d0f3", "23464363cba08e27fe80216b5fd4357dcacf8a5224595e93a9140f31d5cbc566", "51fa5c10aa5dc6afff5c83bae523901b4de99d3a59ed4bc9120153d6312c54b9", "7be5d5f55d1600a3a7a08d8dd4f442ad2ef6e966bf42b1294ab77dd6d0c71280", "2fc84c525ac1d702f88e30859959de5ca80ddf2f72dbfa05a448d66c8b753256", "22a719fe3597d52a4ab83bd9d0be81ab84ad0fc7409338bdee9966988b572c85", "88d28d8f8f4b4ba6592bd826e2881e243322018751e5695d841984d629d9eada", "4822a7b53c1869b43a3ebc118b43916f4f77bd03f5bdf3498b18a378f3e86803", "1995d1a3435e5b7d9eb425973c2d3cb34059bcd852a4eb8748837ae706054781", "4a48c638dab35fa78192f7747b068cc129da710066028c43170ae12eb460f167", "48c34b58244f2d1849f3f0bd00920032e968efe02c3f883151cb4aa88943117f", "9a633c5cb26ec4fdda6a2291b2baa62b74c9f228a993969554a2f67d5ab6ff78", "353336a6c39312c51f7666cc2b3d80d1b27c239235dd2399154f193f3b2df4a1", "430a27095ef10105e48f9f28c1c4ac4071fb18f761b5d13aa96ba0cacb3ae45b"], "mitre_attack_tags": []}, {"bi": "http-response-client-error", "hashes": ["5e1e4f805c3e18e77f59585774c160e27e577f993e3f89610574d47320354f3d", "3d8145249e8c326d93c5d41889be15281e793082cd35d54a8ca943b529ca3b38", "9585d3dc928b2d61e93e2c865b2c9a91d08997d1d2d011a222259e770f3f43c2", "6e35bbccb1acacc25c051e8776752d398fcfa99290cb3003e16ce2d447e06f4f", "4b7722bafa8983254b2100291560bd1387e89aa098e6272fc654565a606d62cf", "cff6a811ddf5a35878fc58cc37c63bae6858bfa0c1d579b37e8b087dd3b005ac", "3aac71ff580fd15ebdaf1b23928eced0fb5af5155d94ec8c7fec5c0bfb5b5a0b", "29c11e08afae3ab8a6a710ba9ddb9fa7ff7940b11c2b1f923a678eb751e5bd85", "513528abdc5db50033b92f9a3400e0cf9f5263e1749377f5ef0aff2e1b9b21d6", "1630e7419f11c53228dd0686a5129ee44f6b1e6a73767f418c5a716d12a075c4", "6a183798948fb128face5ebf15d7dbbc39420f370905ed19293697fcf4f4e799", "94cbe027b84ae0c215a6b1e53874c5abbae2ad1171c67d9036d5fb3a475cd4c3", "6646576f008d36954245ed5bf69a3b23366f320c5d6706034d19481972d4d0f3", "23464363cba08e27fe80216b5fd4357dcacf8a5224595e93a9140f31d5cbc566", "51fa5c10aa5dc6afff5c83bae523901b4de99d3a59ed4bc9120153d6312c54b9", "7be5d5f55d1600a3a7a08d8dd4f442ad2ef6e966bf42b1294ab77dd6d0c71280", "2fc84c525ac1d702f88e30859959de5ca80ddf2f72dbfa05a448d66c8b753256", "22a719fe3597d52a4ab83bd9d0be81ab84ad0fc7409338bdee9966988b572c85", "88d28d8f8f4b4ba6592bd826e2881e243322018751e5695d841984d629d9eada", "4822a7b53c1869b43a3ebc118b43916f4f77bd03f5bdf3498b18a378f3e86803", "1995d1a3435e5b7d9eb425973c2d3cb34059bcd852a4eb8748837ae706054781", "4a48c638dab35fa78192f7747b068cc129da710066028c43170ae12eb460f167", "48c34b58244f2d1849f3f0bd00920032e968efe02c3f883151cb4aa88943117f", "9a633c5cb26ec4fdda6a2291b2baa62b74c9f228a993969554a2f67d5ab6ff78", "353336a6c39312c51f7666cc2b3d80d1b27c239235dd2399154f193f3b2df4a1", "430a27095ef10105e48f9f28c1c4ac4071fb18f761b5d13aa96ba0cacb3ae45b"], "mitre_attack_tags": []}, {"bi": "deleted-submitted-file", "hashes": ["5e1e4f805c3e18e77f59585774c160e27e577f993e3f89610574d47320354f3d", "3d8145249e8c326d93c5d41889be15281e793082cd35d54a8ca943b529ca3b38", "9585d3dc928b2d61e93e2c865b2c9a91d08997d1d2d011a222259e770f3f43c2", "6e35bbccb1acacc25c051e8776752d398fcfa99290cb3003e16ce2d447e06f4f", "4b7722bafa8983254b2100291560bd1387e89aa098e6272fc654565a606d62cf", "cff6a811ddf5a35878fc58cc37c63bae6858bfa0c1d579b37e8b087dd3b005ac", "3aac71ff580fd15ebdaf1b23928eced0fb5af5155d94ec8c7fec5c0bfb5b5a0b", "29c11e08afae3ab8a6a710ba9ddb9fa7ff7940b11c2b1f923a678eb751e5bd85", "513528abdc5db50033b92f9a3400e0cf9f5263e1749377f5ef0aff2e1b9b21d6", "1630e7419f11c53228dd0686a5129ee44f6b1e6a73767f418c5a716d12a075c4", "6a183798948fb128face5ebf15d7dbbc39420f370905ed19293697fcf4f4e799", "94cbe027b84ae0c215a6b1e53874c5abbae2ad1171c67d9036d5fb3a475cd4c3", "6646576f008d36954245ed5bf69a3b23366f320c5d6706034d19481972d4d0f3", "23464363cba08e27fe80216b5fd4357dcacf8a5224595e93a9140f31d5cbc566", "51fa5c10aa5dc6afff5c83bae523901b4de99d3a59ed4bc9120153d6312c54b9", "7be5d5f55d1600a3a7a08d8dd4f442ad2ef6e966bf42b1294ab77dd6d0c71280", "2fc84c525ac1d702f88e30859959de5ca80ddf2f72dbfa05a448d66c8b753256", "22a719fe3597d52a4ab83bd9d0be81ab84ad0fc7409338bdee9966988b572c85", "88d28d8f8f4b4ba6592bd826e2881e243322018751e5695d841984d629d9eada", "4822a7b53c1869b43a3ebc118b43916f4f77bd03f5bdf3498b18a378f3e86803", "1995d1a3435e5b7d9eb425973c2d3cb34059bcd852a4eb8748837ae706054781", "4a48c638dab35fa78192f7747b068cc129da710066028c43170ae12eb460f167", "48c34b58244f2d1849f3f0bd00920032e968efe02c3f883151cb4aa88943117f", "9a633c5cb26ec4fdda6a2291b2baa62b74c9f228a993969554a2f67d5ab6ff78", "353336a6c39312c51f7666cc2b3d80d1b27c239235dd2399154f193f3b2df4a1", "430a27095ef10105e48f9f28c1c4ac4071fb18f761b5d13aa96ba0cacb3ae45b"], "mitre_attack_tags": ["TA0005", "T1070"]}, {"bi": "registry-autorun-key-modified", "hashes": ["5e1e4f805c3e18e77f59585774c160e27e577f993e3f89610574d47320354f3d", "3d8145249e8c326d93c5d41889be15281e793082cd35d54a8ca943b529ca3b38", "9585d3dc928b2d61e93e2c865b2c9a91d08997d1d2d011a222259e770f3f43c2", "6e35bbccb1acacc25c051e8776752d398fcfa99290cb3003e16ce2d447e06f4f", "4b7722bafa8983254b2100291560bd1387e89aa098e6272fc654565a606d62cf", "cff6a811ddf5a35878fc58cc37c63bae6858bfa0c1d579b37e8b087dd3b005ac", "3aac71ff580fd15ebdaf1b23928eced0fb5af5155d94ec8c7fec5c0bfb5b5a0b", "29c11e08afae3ab8a6a710ba9ddb9fa7ff7940b11c2b1f923a678eb751e5bd85", "513528abdc5db50033b92f9a3400e0cf9f5263e1749377f5ef0aff2e1b9b21d6", "1630e7419f11c53228dd0686a5129ee44f6b1e6a73767f418c5a716d12a075c4", "6a183798948fb128face5ebf15d7dbbc39420f370905ed19293697fcf4f4e799", "94cbe027b84ae0c215a6b1e53874c5abbae2ad1171c67d9036d5fb3a475cd4c3", "6646576f008d36954245ed5bf69a3b23366f320c5d6706034d19481972d4d0f3", "23464363cba08e27fe80216b5fd4357dcacf8a5224595e93a9140f31d5cbc566", "51fa5c10aa5dc6afff5c83bae523901b4de99d3a59ed4bc9120153d6312c54b9", "7be5d5f55d1600a3a7a08d8dd4f442ad2ef6e966bf42b1294ab77dd6d0c71280", "2fc84c525ac1d702f88e30859959de5ca80ddf2f72dbfa05a448d66c8b753256", "22a719fe3597d52a4ab83bd9d0be81ab84ad0fc7409338bdee9966988b572c85", "88d28d8f8f4b4ba6592bd826e2881e243322018751e5695d841984d629d9eada", "4822a7b53c1869b43a3ebc118b43916f4f77bd03f5bdf3498b18a378f3e86803", "1995d1a3435e5b7d9eb425973c2d3cb34059bcd852a4eb8748837ae706054781", "4a48c638dab35fa78192f7747b068cc129da710066028c43170ae12eb460f167", "48c34b58244f2d1849f3f0bd00920032e968efe02c3f883151cb4aa88943117f", "9a633c5cb26ec4fdda6a2291b2baa62b74c9f228a993969554a2f67d5ab6ff78", "353336a6c39312c51f7666cc2b3d80d1b27c239235dd2399154f193f3b2df4a1", "430a27095ef10105e48f9f28c1c4ac4071fb18f761b5d13aa96ba0cacb3ae45b"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "potential-registry-persistence", "hashes": ["5e1e4f805c3e18e77f59585774c160e27e577f993e3f89610574d47320354f3d", "3d8145249e8c326d93c5d41889be15281e793082cd35d54a8ca943b529ca3b38", "9585d3dc928b2d61e93e2c865b2c9a91d08997d1d2d011a222259e770f3f43c2", "6e35bbccb1acacc25c051e8776752d398fcfa99290cb3003e16ce2d447e06f4f", "4b7722bafa8983254b2100291560bd1387e89aa098e6272fc654565a606d62cf", "cff6a811ddf5a35878fc58cc37c63bae6858bfa0c1d579b37e8b087dd3b005ac", "3aac71ff580fd15ebdaf1b23928eced0fb5af5155d94ec8c7fec5c0bfb5b5a0b", "29c11e08afae3ab8a6a710ba9ddb9fa7ff7940b11c2b1f923a678eb751e5bd85", "513528abdc5db50033b92f9a3400e0cf9f5263e1749377f5ef0aff2e1b9b21d6", "1630e7419f11c53228dd0686a5129ee44f6b1e6a73767f418c5a716d12a075c4", "6a183798948fb128face5ebf15d7dbbc39420f370905ed19293697fcf4f4e799", "94cbe027b84ae0c215a6b1e53874c5abbae2ad1171c67d9036d5fb3a475cd4c3", "6646576f008d36954245ed5bf69a3b23366f320c5d6706034d19481972d4d0f3", "23464363cba08e27fe80216b5fd4357dcacf8a5224595e93a9140f31d5cbc566", "51fa5c10aa5dc6afff5c83bae523901b4de99d3a59ed4bc9120153d6312c54b9", "7be5d5f55d1600a3a7a08d8dd4f442ad2ef6e966bf42b1294ab77dd6d0c71280", "2fc84c525ac1d702f88e30859959de5ca80ddf2f72dbfa05a448d66c8b753256", "22a719fe3597d52a4ab83bd9d0be81ab84ad0fc7409338bdee9966988b572c85", "88d28d8f8f4b4ba6592bd826e2881e243322018751e5695d841984d629d9eada", "4822a7b53c1869b43a3ebc118b43916f4f77bd03f5bdf3498b18a378f3e86803", "1995d1a3435e5b7d9eb425973c2d3cb34059bcd852a4eb8748837ae706054781", "4a48c638dab35fa78192f7747b068cc129da710066028c43170ae12eb460f167", "48c34b58244f2d1849f3f0bd00920032e968efe02c3f883151cb4aa88943117f", "9a633c5cb26ec4fdda6a2291b2baa62b74c9f228a993969554a2f67d5ab6ff78", "353336a6c39312c51f7666cc2b3d80d1b27c239235dd2399154f193f3b2df4a1", "430a27095ef10105e48f9f28c1c4ac4071fb18f761b5d13aa96ba0cacb3ae45b"], "mitre_attack_tags": []}, {"bi": "http-response-redirect", "hashes": ["5e1e4f805c3e18e77f59585774c160e27e577f993e3f89610574d47320354f3d", "3d8145249e8c326d93c5d41889be15281e793082cd35d54a8ca943b529ca3b38", "9585d3dc928b2d61e93e2c865b2c9a91d08997d1d2d011a222259e770f3f43c2", "6e35bbccb1acacc25c051e8776752d398fcfa99290cb3003e16ce2d447e06f4f", "4b7722bafa8983254b2100291560bd1387e89aa098e6272fc654565a606d62cf", "cff6a811ddf5a35878fc58cc37c63bae6858bfa0c1d579b37e8b087dd3b005ac", "3aac71ff580fd15ebdaf1b23928eced0fb5af5155d94ec8c7fec5c0bfb5b5a0b", "29c11e08afae3ab8a6a710ba9ddb9fa7ff7940b11c2b1f923a678eb751e5bd85", "513528abdc5db50033b92f9a3400e0cf9f5263e1749377f5ef0aff2e1b9b21d6", "1630e7419f11c53228dd0686a5129ee44f6b1e6a73767f418c5a716d12a075c4", "6a183798948fb128face5ebf15d7dbbc39420f370905ed19293697fcf4f4e799", "94cbe027b84ae0c215a6b1e53874c5abbae2ad1171c67d9036d5fb3a475cd4c3", "6646576f008d36954245ed5bf69a3b23366f320c5d6706034d19481972d4d0f3", "23464363cba08e27fe80216b5fd4357dcacf8a5224595e93a9140f31d5cbc566", "51fa5c10aa5dc6afff5c83bae523901b4de99d3a59ed4bc9120153d6312c54b9", "7be5d5f55d1600a3a7a08d8dd4f442ad2ef6e966bf42b1294ab77dd6d0c71280", "2fc84c525ac1d702f88e30859959de5ca80ddf2f72dbfa05a448d66c8b753256", "22a719fe3597d52a4ab83bd9d0be81ab84ad0fc7409338bdee9966988b572c85", "88d28d8f8f4b4ba6592bd826e2881e243322018751e5695d841984d629d9eada", "4822a7b53c1869b43a3ebc118b43916f4f77bd03f5bdf3498b18a378f3e86803", "1995d1a3435e5b7d9eb425973c2d3cb34059bcd852a4eb8748837ae706054781", "4a48c638dab35fa78192f7747b068cc129da710066028c43170ae12eb460f167", "48c34b58244f2d1849f3f0bd00920032e968efe02c3f883151cb4aa88943117f", "9a633c5cb26ec4fdda6a2291b2baa62b74c9f228a993969554a2f67d5ab6ff78", "353336a6c39312c51f7666cc2b3d80d1b27c239235dd2399154f193f3b2df4a1", "430a27095ef10105e48f9f28c1c4ac4071fb18f761b5d13aa96ba0cacb3ae45b"], "mitre_attack_tags": []}, {"bi": "pe-tls-callback", "hashes": ["5e1e4f805c3e18e77f59585774c160e27e577f993e3f89610574d47320354f3d", "3d8145249e8c326d93c5d41889be15281e793082cd35d54a8ca943b529ca3b38", "9585d3dc928b2d61e93e2c865b2c9a91d08997d1d2d011a222259e770f3f43c2", "6e35bbccb1acacc25c051e8776752d398fcfa99290cb3003e16ce2d447e06f4f", "4b7722bafa8983254b2100291560bd1387e89aa098e6272fc654565a606d62cf", "cff6a811ddf5a35878fc58cc37c63bae6858bfa0c1d579b37e8b087dd3b005ac", "3aac71ff580fd15ebdaf1b23928eced0fb5af5155d94ec8c7fec5c0bfb5b5a0b", "29c11e08afae3ab8a6a710ba9ddb9fa7ff7940b11c2b1f923a678eb751e5bd85", "513528abdc5db50033b92f9a3400e0cf9f5263e1749377f5ef0aff2e1b9b21d6", "1630e7419f11c53228dd0686a5129ee44f6b1e6a73767f418c5a716d12a075c4", "6a183798948fb128face5ebf15d7dbbc39420f370905ed19293697fcf4f4e799", "94cbe027b84ae0c215a6b1e53874c5abbae2ad1171c67d9036d5fb3a475cd4c3", "6646576f008d36954245ed5bf69a3b23366f320c5d6706034d19481972d4d0f3", "23464363cba08e27fe80216b5fd4357dcacf8a5224595e93a9140f31d5cbc566", "51fa5c10aa5dc6afff5c83bae523901b4de99d3a59ed4bc9120153d6312c54b9", "7be5d5f55d1600a3a7a08d8dd4f442ad2ef6e966bf42b1294ab77dd6d0c71280", "2fc84c525ac1d702f88e30859959de5ca80ddf2f72dbfa05a448d66c8b753256", "22a719fe3597d52a4ab83bd9d0be81ab84ad0fc7409338bdee9966988b572c85", "88d28d8f8f4b4ba6592bd826e2881e243322018751e5695d841984d629d9eada", "4822a7b53c1869b43a3ebc118b43916f4f77bd03f5bdf3498b18a378f3e86803", "1995d1a3435e5b7d9eb425973c2d3cb34059bcd852a4eb8748837ae706054781", "4a48c638dab35fa78192f7747b068cc129da710066028c43170ae12eb460f167", "48c34b58244f2d1849f3f0bd00920032e968efe02c3f883151cb4aa88943117f", "9a633c5cb26ec4fdda6a2291b2baa62b74c9f228a993969554a2f67d5ab6ff78", "353336a6c39312c51f7666cc2b3d80d1b27c239235dd2399154f193f3b2df4a1", "430a27095ef10105e48f9f28c1c4ac4071fb18f761b5d13aa96ba0cacb3ae45b"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "sample-pe-modified-on-disk", "hashes": ["5e1e4f805c3e18e77f59585774c160e27e577f993e3f89610574d47320354f3d", "3d8145249e8c326d93c5d41889be15281e793082cd35d54a8ca943b529ca3b38", "9585d3dc928b2d61e93e2c865b2c9a91d08997d1d2d011a222259e770f3f43c2", "6e35bbccb1acacc25c051e8776752d398fcfa99290cb3003e16ce2d447e06f4f", "4b7722bafa8983254b2100291560bd1387e89aa098e6272fc654565a606d62cf", "cff6a811ddf5a35878fc58cc37c63bae6858bfa0c1d579b37e8b087dd3b005ac", "3aac71ff580fd15ebdaf1b23928eced0fb5af5155d94ec8c7fec5c0bfb5b5a0b", "29c11e08afae3ab8a6a710ba9ddb9fa7ff7940b11c2b1f923a678eb751e5bd85", "513528abdc5db50033b92f9a3400e0cf9f5263e1749377f5ef0aff2e1b9b21d6", "1630e7419f11c53228dd0686a5129ee44f6b1e6a73767f418c5a716d12a075c4", "6a183798948fb128face5ebf15d7dbbc39420f370905ed19293697fcf4f4e799", "94cbe027b84ae0c215a6b1e53874c5abbae2ad1171c67d9036d5fb3a475cd4c3", "6646576f008d36954245ed5bf69a3b23366f320c5d6706034d19481972d4d0f3", "23464363cba08e27fe80216b5fd4357dcacf8a5224595e93a9140f31d5cbc566", "51fa5c10aa5dc6afff5c83bae523901b4de99d3a59ed4bc9120153d6312c54b9", "7be5d5f55d1600a3a7a08d8dd4f442ad2ef6e966bf42b1294ab77dd6d0c71280", "2fc84c525ac1d702f88e30859959de5ca80ddf2f72dbfa05a448d66c8b753256", "22a719fe3597d52a4ab83bd9d0be81ab84ad0fc7409338bdee9966988b572c85", "88d28d8f8f4b4ba6592bd826e2881e243322018751e5695d841984d629d9eada", "4822a7b53c1869b43a3ebc118b43916f4f77bd03f5bdf3498b18a378f3e86803", "1995d1a3435e5b7d9eb425973c2d3cb34059bcd852a4eb8748837ae706054781", "4a48c638dab35fa78192f7747b068cc129da710066028c43170ae12eb460f167", "48c34b58244f2d1849f3f0bd00920032e968efe02c3f883151cb4aa88943117f", "9a633c5cb26ec4fdda6a2291b2baa62b74c9f228a993969554a2f67d5ab6ff78", "353336a6c39312c51f7666cc2b3d80d1b27c239235dd2399154f193f3b2df4a1", "430a27095ef10105e48f9f28c1c4ac4071fb18f761b5d13aa96ba0cacb3ae45b"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "malware-compound-cta-activity", "hashes": ["5e1e4f805c3e18e77f59585774c160e27e577f993e3f89610574d47320354f3d", "3d8145249e8c326d93c5d41889be15281e793082cd35d54a8ca943b529ca3b38", "9585d3dc928b2d61e93e2c865b2c9a91d08997d1d2d011a222259e770f3f43c2", "6e35bbccb1acacc25c051e8776752d398fcfa99290cb3003e16ce2d447e06f4f", "4b7722bafa8983254b2100291560bd1387e89aa098e6272fc654565a606d62cf", "cff6a811ddf5a35878fc58cc37c63bae6858bfa0c1d579b37e8b087dd3b005ac", "3aac71ff580fd15ebdaf1b23928eced0fb5af5155d94ec8c7fec5c0bfb5b5a0b", "29c11e08afae3ab8a6a710ba9ddb9fa7ff7940b11c2b1f923a678eb751e5bd85", "513528abdc5db50033b92f9a3400e0cf9f5263e1749377f5ef0aff2e1b9b21d6", "1630e7419f11c53228dd0686a5129ee44f6b1e6a73767f418c5a716d12a075c4", "6a183798948fb128face5ebf15d7dbbc39420f370905ed19293697fcf4f4e799", "94cbe027b84ae0c215a6b1e53874c5abbae2ad1171c67d9036d5fb3a475cd4c3", "6646576f008d36954245ed5bf69a3b23366f320c5d6706034d19481972d4d0f3", "23464363cba08e27fe80216b5fd4357dcacf8a5224595e93a9140f31d5cbc566", "51fa5c10aa5dc6afff5c83bae523901b4de99d3a59ed4bc9120153d6312c54b9", "7be5d5f55d1600a3a7a08d8dd4f442ad2ef6e966bf42b1294ab77dd6d0c71280", "2fc84c525ac1d702f88e30859959de5ca80ddf2f72dbfa05a448d66c8b753256", "22a719fe3597d52a4ab83bd9d0be81ab84ad0fc7409338bdee9966988b572c85", "88d28d8f8f4b4ba6592bd826e2881e243322018751e5695d841984d629d9eada", "4822a7b53c1869b43a3ebc118b43916f4f77bd03f5bdf3498b18a378f3e86803", "1995d1a3435e5b7d9eb425973c2d3cb34059bcd852a4eb8748837ae706054781", "4a48c638dab35fa78192f7747b068cc129da710066028c43170ae12eb460f167", "48c34b58244f2d1849f3f0bd00920032e968efe02c3f883151cb4aa88943117f", "9a633c5cb26ec4fdda6a2291b2baa62b74c9f228a993969554a2f67d5ab6ff78", "353336a6c39312c51f7666cc2b3d80d1b27c239235dd2399154f193f3b2df4a1", "430a27095ef10105e48f9f28c1c4ac4071fb18f761b5d13aa96ba0cacb3ae45b"], "mitre_attack_tags": []}, {"bi": "task-manager-disabled", "hashes": ["5e1e4f805c3e18e77f59585774c160e27e577f993e3f89610574d47320354f3d", "3d8145249e8c326d93c5d41889be15281e793082cd35d54a8ca943b529ca3b38", "9585d3dc928b2d61e93e2c865b2c9a91d08997d1d2d011a222259e770f3f43c2", "6e35bbccb1acacc25c051e8776752d398fcfa99290cb3003e16ce2d447e06f4f", "4b7722bafa8983254b2100291560bd1387e89aa098e6272fc654565a606d62cf", "cff6a811ddf5a35878fc58cc37c63bae6858bfa0c1d579b37e8b087dd3b005ac", "3aac71ff580fd15ebdaf1b23928eced0fb5af5155d94ec8c7fec5c0bfb5b5a0b", "29c11e08afae3ab8a6a710ba9ddb9fa7ff7940b11c2b1f923a678eb751e5bd85", "513528abdc5db50033b92f9a3400e0cf9f5263e1749377f5ef0aff2e1b9b21d6", "1630e7419f11c53228dd0686a5129ee44f6b1e6a73767f418c5a716d12a075c4", "6a183798948fb128face5ebf15d7dbbc39420f370905ed19293697fcf4f4e799", "94cbe027b84ae0c215a6b1e53874c5abbae2ad1171c67d9036d5fb3a475cd4c3", "6646576f008d36954245ed5bf69a3b23366f320c5d6706034d19481972d4d0f3", "23464363cba08e27fe80216b5fd4357dcacf8a5224595e93a9140f31d5cbc566", "51fa5c10aa5dc6afff5c83bae523901b4de99d3a59ed4bc9120153d6312c54b9", "7be5d5f55d1600a3a7a08d8dd4f442ad2ef6e966bf42b1294ab77dd6d0c71280", "2fc84c525ac1d702f88e30859959de5ca80ddf2f72dbfa05a448d66c8b753256", "22a719fe3597d52a4ab83bd9d0be81ab84ad0fc7409338bdee9966988b572c85", "88d28d8f8f4b4ba6592bd826e2881e243322018751e5695d841984d629d9eada", "4822a7b53c1869b43a3ebc118b43916f4f77bd03f5bdf3498b18a378f3e86803", "1995d1a3435e5b7d9eb425973c2d3cb34059bcd852a4eb8748837ae706054781", "4a48c638dab35fa78192f7747b068cc129da710066028c43170ae12eb460f167", "48c34b58244f2d1849f3f0bd00920032e968efe02c3f883151cb4aa88943117f", "9a633c5cb26ec4fdda6a2291b2baa62b74c9f228a993969554a2f67d5ab6ff78", "353336a6c39312c51f7666cc2b3d80d1b27c239235dd2399154f193f3b2df4a1", "430a27095ef10105e48f9f28c1c4ac4071fb18f761b5d13aa96ba0cacb3ae45b"], "mitre_attack_tags": ["TA0040", "T1499"]}, {"bi": "pe-header-timestamp-prior", "hashes": ["5e1e4f805c3e18e77f59585774c160e27e577f993e3f89610574d47320354f3d", "3d8145249e8c326d93c5d41889be15281e793082cd35d54a8ca943b529ca3b38", "9585d3dc928b2d61e93e2c865b2c9a91d08997d1d2d011a222259e770f3f43c2", "6e35bbccb1acacc25c051e8776752d398fcfa99290cb3003e16ce2d447e06f4f", "4b7722bafa8983254b2100291560bd1387e89aa098e6272fc654565a606d62cf", "cff6a811ddf5a35878fc58cc37c63bae6858bfa0c1d579b37e8b087dd3b005ac", "3aac71ff580fd15ebdaf1b23928eced0fb5af5155d94ec8c7fec5c0bfb5b5a0b", "29c11e08afae3ab8a6a710ba9ddb9fa7ff7940b11c2b1f923a678eb751e5bd85", "513528abdc5db50033b92f9a3400e0cf9f5263e1749377f5ef0aff2e1b9b21d6", "1630e7419f11c53228dd0686a5129ee44f6b1e6a73767f418c5a716d12a075c4", "6a183798948fb128face5ebf15d7dbbc39420f370905ed19293697fcf4f4e799", "94cbe027b84ae0c215a6b1e53874c5abbae2ad1171c67d9036d5fb3a475cd4c3", "6646576f008d36954245ed5bf69a3b23366f320c5d6706034d19481972d4d0f3", "23464363cba08e27fe80216b5fd4357dcacf8a5224595e93a9140f31d5cbc566", "51fa5c10aa5dc6afff5c83bae523901b4de99d3a59ed4bc9120153d6312c54b9", "7be5d5f55d1600a3a7a08d8dd4f442ad2ef6e966bf42b1294ab77dd6d0c71280", "2fc84c525ac1d702f88e30859959de5ca80ddf2f72dbfa05a448d66c8b753256", "22a719fe3597d52a4ab83bd9d0be81ab84ad0fc7409338bdee9966988b572c85", "88d28d8f8f4b4ba6592bd826e2881e243322018751e5695d841984d629d9eada", "4822a7b53c1869b43a3ebc118b43916f4f77bd03f5bdf3498b18a378f3e86803", "1995d1a3435e5b7d9eb425973c2d3cb34059bcd852a4eb8748837ae706054781", "4a48c638dab35fa78192f7747b068cc129da710066028c43170ae12eb460f167", "48c34b58244f2d1849f3f0bd00920032e968efe02c3f883151cb4aa88943117f", "9a633c5cb26ec4fdda6a2291b2baa62b74c9f228a993969554a2f67d5ab6ff78", "353336a6c39312c51f7666cc2b3d80d1b27c239235dd2399154f193f3b2df4a1", "430a27095ef10105e48f9f28c1c4ac4071fb18f761b5d13aa96ba0cacb3ae45b"], "mitre_attack_tags": []}, {"bi": "pe-header-timestamp-null", "hashes": ["5e1e4f805c3e18e77f59585774c160e27e577f993e3f89610574d47320354f3d", "3d8145249e8c326d93c5d41889be15281e793082cd35d54a8ca943b529ca3b38", "9585d3dc928b2d61e93e2c865b2c9a91d08997d1d2d011a222259e770f3f43c2", "6e35bbccb1acacc25c051e8776752d398fcfa99290cb3003e16ce2d447e06f4f", "4b7722bafa8983254b2100291560bd1387e89aa098e6272fc654565a606d62cf", "cff6a811ddf5a35878fc58cc37c63bae6858bfa0c1d579b37e8b087dd3b005ac", "3aac71ff580fd15ebdaf1b23928eced0fb5af5155d94ec8c7fec5c0bfb5b5a0b", "29c11e08afae3ab8a6a710ba9ddb9fa7ff7940b11c2b1f923a678eb751e5bd85", "513528abdc5db50033b92f9a3400e0cf9f5263e1749377f5ef0aff2e1b9b21d6", "1630e7419f11c53228dd0686a5129ee44f6b1e6a73767f418c5a716d12a075c4", "6a183798948fb128face5ebf15d7dbbc39420f370905ed19293697fcf4f4e799", "94cbe027b84ae0c215a6b1e53874c5abbae2ad1171c67d9036d5fb3a475cd4c3", "6646576f008d36954245ed5bf69a3b23366f320c5d6706034d19481972d4d0f3", "23464363cba08e27fe80216b5fd4357dcacf8a5224595e93a9140f31d5cbc566", "51fa5c10aa5dc6afff5c83bae523901b4de99d3a59ed4bc9120153d6312c54b9", "7be5d5f55d1600a3a7a08d8dd4f442ad2ef6e966bf42b1294ab77dd6d0c71280", "2fc84c525ac1d702f88e30859959de5ca80ddf2f72dbfa05a448d66c8b753256", "22a719fe3597d52a4ab83bd9d0be81ab84ad0fc7409338bdee9966988b572c85", "88d28d8f8f4b4ba6592bd826e2881e243322018751e5695d841984d629d9eada", "4822a7b53c1869b43a3ebc118b43916f4f77bd03f5bdf3498b18a378f3e86803", "1995d1a3435e5b7d9eb425973c2d3cb34059bcd852a4eb8748837ae706054781", "4a48c638dab35fa78192f7747b068cc129da710066028c43170ae12eb460f167", "48c34b58244f2d1849f3f0bd00920032e968efe02c3f883151cb4aa88943117f", "9a633c5cb26ec4fdda6a2291b2baa62b74c9f228a993969554a2f67d5ab6ff78", "353336a6c39312c51f7666cc2b3d80d1b27c239235dd2399154f193f3b2df4a1", "430a27095ef10105e48f9f28c1c4ac4071fb18f761b5d13aa96ba0cacb3ae45b"], "mitre_attack_tags": []}, {"bi": "sample-modified-deleted", "hashes": ["5e1e4f805c3e18e77f59585774c160e27e577f993e3f89610574d47320354f3d", "3d8145249e8c326d93c5d41889be15281e793082cd35d54a8ca943b529ca3b38", "9585d3dc928b2d61e93e2c865b2c9a91d08997d1d2d011a222259e770f3f43c2", "6e35bbccb1acacc25c051e8776752d398fcfa99290cb3003e16ce2d447e06f4f", "4b7722bafa8983254b2100291560bd1387e89aa098e6272fc654565a606d62cf", "cff6a811ddf5a35878fc58cc37c63bae6858bfa0c1d579b37e8b087dd3b005ac", "3aac71ff580fd15ebdaf1b23928eced0fb5af5155d94ec8c7fec5c0bfb5b5a0b", "29c11e08afae3ab8a6a710ba9ddb9fa7ff7940b11c2b1f923a678eb751e5bd85", "513528abdc5db50033b92f9a3400e0cf9f5263e1749377f5ef0aff2e1b9b21d6", "1630e7419f11c53228dd0686a5129ee44f6b1e6a73767f418c5a716d12a075c4", "6a183798948fb128face5ebf15d7dbbc39420f370905ed19293697fcf4f4e799", "94cbe027b84ae0c215a6b1e53874c5abbae2ad1171c67d9036d5fb3a475cd4c3", "6646576f008d36954245ed5bf69a3b23366f320c5d6706034d19481972d4d0f3", "23464363cba08e27fe80216b5fd4357dcacf8a5224595e93a9140f31d5cbc566", "51fa5c10aa5dc6afff5c83bae523901b4de99d3a59ed4bc9120153d6312c54b9", "7be5d5f55d1600a3a7a08d8dd4f442ad2ef6e966bf42b1294ab77dd6d0c71280", "2fc84c525ac1d702f88e30859959de5ca80ddf2f72dbfa05a448d66c8b753256", "22a719fe3597d52a4ab83bd9d0be81ab84ad0fc7409338bdee9966988b572c85", "88d28d8f8f4b4ba6592bd826e2881e243322018751e5695d841984d629d9eada", "4822a7b53c1869b43a3ebc118b43916f4f77bd03f5bdf3498b18a378f3e86803", "1995d1a3435e5b7d9eb425973c2d3cb34059bcd852a4eb8748837ae706054781", "4a48c638dab35fa78192f7747b068cc129da710066028c43170ae12eb460f167", "48c34b58244f2d1849f3f0bd00920032e968efe02c3f883151cb4aa88943117f", "9a633c5cb26ec4fdda6a2291b2baa62b74c9f228a993969554a2f67d5ab6ff78", "353336a6c39312c51f7666cc2b3d80d1b27c239235dd2399154f193f3b2df4a1", "430a27095ef10105e48f9f28c1c4ac4071fb18f761b5d13aa96ba0cacb3ae45b"], "mitre_attack_tags": ["TA0005", "T1070"]}, {"bi": "malware-dridex-detected", "hashes": ["5e1e4f805c3e18e77f59585774c160e27e577f993e3f89610574d47320354f3d", "3d8145249e8c326d93c5d41889be15281e793082cd35d54a8ca943b529ca3b38", "9585d3dc928b2d61e93e2c865b2c9a91d08997d1d2d011a222259e770f3f43c2", "6e35bbccb1acacc25c051e8776752d398fcfa99290cb3003e16ce2d447e06f4f", "4b7722bafa8983254b2100291560bd1387e89aa098e6272fc654565a606d62cf", "cff6a811ddf5a35878fc58cc37c63bae6858bfa0c1d579b37e8b087dd3b005ac", "3aac71ff580fd15ebdaf1b23928eced0fb5af5155d94ec8c7fec5c0bfb5b5a0b", "29c11e08afae3ab8a6a710ba9ddb9fa7ff7940b11c2b1f923a678eb751e5bd85", "513528abdc5db50033b92f9a3400e0cf9f5263e1749377f5ef0aff2e1b9b21d6", "1630e7419f11c53228dd0686a5129ee44f6b1e6a73767f418c5a716d12a075c4", "6a183798948fb128face5ebf15d7dbbc39420f370905ed19293697fcf4f4e799", "94cbe027b84ae0c215a6b1e53874c5abbae2ad1171c67d9036d5fb3a475cd4c3", "6646576f008d36954245ed5bf69a3b23366f320c5d6706034d19481972d4d0f3", "23464363cba08e27fe80216b5fd4357dcacf8a5224595e93a9140f31d5cbc566", "51fa5c10aa5dc6afff5c83bae523901b4de99d3a59ed4bc9120153d6312c54b9", "7be5d5f55d1600a3a7a08d8dd4f442ad2ef6e966bf42b1294ab77dd6d0c71280", "2fc84c525ac1d702f88e30859959de5ca80ddf2f72dbfa05a448d66c8b753256", "22a719fe3597d52a4ab83bd9d0be81ab84ad0fc7409338bdee9966988b572c85", "88d28d8f8f4b4ba6592bd826e2881e243322018751e5695d841984d629d9eada", "4822a7b53c1869b43a3ebc118b43916f4f77bd03f5bdf3498b18a378f3e86803", "1995d1a3435e5b7d9eb425973c2d3cb34059bcd852a4eb8748837ae706054781", "4a48c638dab35fa78192f7747b068cc129da710066028c43170ae12eb460f167", "48c34b58244f2d1849f3f0bd00920032e968efe02c3f883151cb4aa88943117f", "9a633c5cb26ec4fdda6a2291b2baa62b74c9f228a993969554a2f67d5ab6ff78", "353336a6c39312c51f7666cc2b3d80d1b27c239235dd2399154f193f3b2df4a1", "430a27095ef10105e48f9f28c1c4ac4071fb18f761b5d13aa96ba0cacb3ae45b"], "mitre_attack_tags": []}, {"bi": "url-pastebin-service", "hashes": ["5e1e4f805c3e18e77f59585774c160e27e577f993e3f89610574d47320354f3d", "3d8145249e8c326d93c5d41889be15281e793082cd35d54a8ca943b529ca3b38", "9585d3dc928b2d61e93e2c865b2c9a91d08997d1d2d011a222259e770f3f43c2", "6e35bbccb1acacc25c051e8776752d398fcfa99290cb3003e16ce2d447e06f4f", "4b7722bafa8983254b2100291560bd1387e89aa098e6272fc654565a606d62cf", "cff6a811ddf5a35878fc58cc37c63bae6858bfa0c1d579b37e8b087dd3b005ac", "3aac71ff580fd15ebdaf1b23928eced0fb5af5155d94ec8c7fec5c0bfb5b5a0b", "29c11e08afae3ab8a6a710ba9ddb9fa7ff7940b11c2b1f923a678eb751e5bd85", "513528abdc5db50033b92f9a3400e0cf9f5263e1749377f5ef0aff2e1b9b21d6", "1630e7419f11c53228dd0686a5129ee44f6b1e6a73767f418c5a716d12a075c4", "6a183798948fb128face5ebf15d7dbbc39420f370905ed19293697fcf4f4e799", "94cbe027b84ae0c215a6b1e53874c5abbae2ad1171c67d9036d5fb3a475cd4c3", "6646576f008d36954245ed5bf69a3b23366f320c5d6706034d19481972d4d0f3", "23464363cba08e27fe80216b5fd4357dcacf8a5224595e93a9140f31d5cbc566", "51fa5c10aa5dc6afff5c83bae523901b4de99d3a59ed4bc9120153d6312c54b9", "7be5d5f55d1600a3a7a08d8dd4f442ad2ef6e966bf42b1294ab77dd6d0c71280", "2fc84c525ac1d702f88e30859959de5ca80ddf2f72dbfa05a448d66c8b753256", "22a719fe3597d52a4ab83bd9d0be81ab84ad0fc7409338bdee9966988b572c85", "88d28d8f8f4b4ba6592bd826e2881e243322018751e5695d841984d629d9eada", "4822a7b53c1869b43a3ebc118b43916f4f77bd03f5bdf3498b18a378f3e86803", "1995d1a3435e5b7d9eb425973c2d3cb34059bcd852a4eb8748837ae706054781", "4a48c638dab35fa78192f7747b068cc129da710066028c43170ae12eb460f167", "48c34b58244f2d1849f3f0bd00920032e968efe02c3f883151cb4aa88943117f", "9a633c5cb26ec4fdda6a2291b2baa62b74c9f228a993969554a2f67d5ab6ff78", "353336a6c39312c51f7666cc2b3d80d1b27c239235dd2399154f193f3b2df4a1", "430a27095ef10105e48f9f28c1c4ac4071fb18f761b5d13aa96ba0cacb3ae45b"], "mitre_attack_tags": ["TA0011", "T1102"]}, {"bi": "hook-installed", "hashes": ["5e1e4f805c3e18e77f59585774c160e27e577f993e3f89610574d47320354f3d", "3d8145249e8c326d93c5d41889be15281e793082cd35d54a8ca943b529ca3b38", "9585d3dc928b2d61e93e2c865b2c9a91d08997d1d2d011a222259e770f3f43c2", "6e35bbccb1acacc25c051e8776752d398fcfa99290cb3003e16ce2d447e06f4f", "4b7722bafa8983254b2100291560bd1387e89aa098e6272fc654565a606d62cf", "cff6a811ddf5a35878fc58cc37c63bae6858bfa0c1d579b37e8b087dd3b005ac", "3aac71ff580fd15ebdaf1b23928eced0fb5af5155d94ec8c7fec5c0bfb5b5a0b", "29c11e08afae3ab8a6a710ba9ddb9fa7ff7940b11c2b1f923a678eb751e5bd85", "513528abdc5db50033b92f9a3400e0cf9f5263e1749377f5ef0aff2e1b9b21d6", "1630e7419f11c53228dd0686a5129ee44f6b1e6a73767f418c5a716d12a075c4", "94cbe027b84ae0c215a6b1e53874c5abbae2ad1171c67d9036d5fb3a475cd4c3", "6646576f008d36954245ed5bf69a3b23366f320c5d6706034d19481972d4d0f3", "23464363cba08e27fe80216b5fd4357dcacf8a5224595e93a9140f31d5cbc566", "51fa5c10aa5dc6afff5c83bae523901b4de99d3a59ed4bc9120153d6312c54b9", "7be5d5f55d1600a3a7a08d8dd4f442ad2ef6e966bf42b1294ab77dd6d0c71280", "2fc84c525ac1d702f88e30859959de5ca80ddf2f72dbfa05a448d66c8b753256", "88d28d8f8f4b4ba6592bd826e2881e243322018751e5695d841984d629d9eada", "4822a7b53c1869b43a3ebc118b43916f4f77bd03f5bdf3498b18a378f3e86803", "1995d1a3435e5b7d9eb425973c2d3cb34059bcd852a4eb8748837ae706054781", "4a48c638dab35fa78192f7747b068cc129da710066028c43170ae12eb460f167", "48c34b58244f2d1849f3f0bd00920032e968efe02c3f883151cb4aa88943117f", "9a633c5cb26ec4fdda6a2291b2baa62b74c9f228a993969554a2f67d5ab6ff78", "353336a6c39312c51f7666cc2b3d80d1b27c239235dd2399154f193f3b2df4a1", "430a27095ef10105e48f9f28c1c4ac4071fb18f761b5d13aa96ba0cacb3ae45b"], "mitre_attack_tags": ["TA0009", "TA0006", "T1056"]}, {"bi": "artifact-windows-task", "hashes": ["5e1e4f805c3e18e77f59585774c160e27e577f993e3f89610574d47320354f3d", "3d8145249e8c326d93c5d41889be15281e793082cd35d54a8ca943b529ca3b38", "9585d3dc928b2d61e93e2c865b2c9a91d08997d1d2d011a222259e770f3f43c2", "6e35bbccb1acacc25c051e8776752d398fcfa99290cb3003e16ce2d447e06f4f", "4b7722bafa8983254b2100291560bd1387e89aa098e6272fc654565a606d62cf", "cff6a811ddf5a35878fc58cc37c63bae6858bfa0c1d579b37e8b087dd3b005ac", "3aac71ff580fd15ebdaf1b23928eced0fb5af5155d94ec8c7fec5c0bfb5b5a0b", "29c11e08afae3ab8a6a710ba9ddb9fa7ff7940b11c2b1f923a678eb751e5bd85", "513528abdc5db50033b92f9a3400e0cf9f5263e1749377f5ef0aff2e1b9b21d6", "1630e7419f11c53228dd0686a5129ee44f6b1e6a73767f418c5a716d12a075c4", "94cbe027b84ae0c215a6b1e53874c5abbae2ad1171c67d9036d5fb3a475cd4c3", "6646576f008d36954245ed5bf69a3b23366f320c5d6706034d19481972d4d0f3", "23464363cba08e27fe80216b5fd4357dcacf8a5224595e93a9140f31d5cbc566", "51fa5c10aa5dc6afff5c83bae523901b4de99d3a59ed4bc9120153d6312c54b9", "7be5d5f55d1600a3a7a08d8dd4f442ad2ef6e966bf42b1294ab77dd6d0c71280", "2fc84c525ac1d702f88e30859959de5ca80ddf2f72dbfa05a448d66c8b753256", "88d28d8f8f4b4ba6592bd826e2881e243322018751e5695d841984d629d9eada", "4822a7b53c1869b43a3ebc118b43916f4f77bd03f5bdf3498b18a378f3e86803", "1995d1a3435e5b7d9eb425973c2d3cb34059bcd852a4eb8748837ae706054781", "4a48c638dab35fa78192f7747b068cc129da710066028c43170ae12eb460f167", "48c34b58244f2d1849f3f0bd00920032e968efe02c3f883151cb4aa88943117f", "9a633c5cb26ec4fdda6a2291b2baa62b74c9f228a993969554a2f67d5ab6ff78", "353336a6c39312c51f7666cc2b3d80d1b27c239235dd2399154f193f3b2df4a1", "430a27095ef10105e48f9f28c1c4ac4071fb18f761b5d13aa96ba0cacb3ae45b"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1053"]}, {"bi": "windows-os-reboot-detected", "hashes": ["5e1e4f805c3e18e77f59585774c160e27e577f993e3f89610574d47320354f3d", "3d8145249e8c326d93c5d41889be15281e793082cd35d54a8ca943b529ca3b38", "9585d3dc928b2d61e93e2c865b2c9a91d08997d1d2d011a222259e770f3f43c2", "6e35bbccb1acacc25c051e8776752d398fcfa99290cb3003e16ce2d447e06f4f", "4b7722bafa8983254b2100291560bd1387e89aa098e6272fc654565a606d62cf", "cff6a811ddf5a35878fc58cc37c63bae6858bfa0c1d579b37e8b087dd3b005ac", "3aac71ff580fd15ebdaf1b23928eced0fb5af5155d94ec8c7fec5c0bfb5b5a0b", "29c11e08afae3ab8a6a710ba9ddb9fa7ff7940b11c2b1f923a678eb751e5bd85", "513528abdc5db50033b92f9a3400e0cf9f5263e1749377f5ef0aff2e1b9b21d6", "1630e7419f11c53228dd0686a5129ee44f6b1e6a73767f418c5a716d12a075c4", "94cbe027b84ae0c215a6b1e53874c5abbae2ad1171c67d9036d5fb3a475cd4c3", "6646576f008d36954245ed5bf69a3b23366f320c5d6706034d19481972d4d0f3", "23464363cba08e27fe80216b5fd4357dcacf8a5224595e93a9140f31d5cbc566", "51fa5c10aa5dc6afff5c83bae523901b4de99d3a59ed4bc9120153d6312c54b9", "7be5d5f55d1600a3a7a08d8dd4f442ad2ef6e966bf42b1294ab77dd6d0c71280", "2fc84c525ac1d702f88e30859959de5ca80ddf2f72dbfa05a448d66c8b753256", "88d28d8f8f4b4ba6592bd826e2881e243322018751e5695d841984d629d9eada", "4822a7b53c1869b43a3ebc118b43916f4f77bd03f5bdf3498b18a378f3e86803", "1995d1a3435e5b7d9eb425973c2d3cb34059bcd852a4eb8748837ae706054781", "4a48c638dab35fa78192f7747b068cc129da710066028c43170ae12eb460f167", "48c34b58244f2d1849f3f0bd00920032e968efe02c3f883151cb4aa88943117f", "9a633c5cb26ec4fdda6a2291b2baa62b74c9f228a993969554a2f67d5ab6ff78", "353336a6c39312c51f7666cc2b3d80d1b27c239235dd2399154f193f3b2df4a1", "430a27095ef10105e48f9f28c1c4ac4071fb18f761b5d13aa96ba0cacb3ae45b"], "mitre_attack_tags": ["TA0040", "T1529"]}, {"bi": "imports-IsDebuggerPresent", "hashes": ["5e1e4f805c3e18e77f59585774c160e27e577f993e3f89610574d47320354f3d", "3d8145249e8c326d93c5d41889be15281e793082cd35d54a8ca943b529ca3b38", "9585d3dc928b2d61e93e2c865b2c9a91d08997d1d2d011a222259e770f3f43c2", "6e35bbccb1acacc25c051e8776752d398fcfa99290cb3003e16ce2d447e06f4f", "4b7722bafa8983254b2100291560bd1387e89aa098e6272fc654565a606d62cf", "cff6a811ddf5a35878fc58cc37c63bae6858bfa0c1d579b37e8b087dd3b005ac", "3aac71ff580fd15ebdaf1b23928eced0fb5af5155d94ec8c7fec5c0bfb5b5a0b", "29c11e08afae3ab8a6a710ba9ddb9fa7ff7940b11c2b1f923a678eb751e5bd85", "513528abdc5db50033b92f9a3400e0cf9f5263e1749377f5ef0aff2e1b9b21d6", "1630e7419f11c53228dd0686a5129ee44f6b1e6a73767f418c5a716d12a075c4", "94cbe027b84ae0c215a6b1e53874c5abbae2ad1171c67d9036d5fb3a475cd4c3", "6646576f008d36954245ed5bf69a3b23366f320c5d6706034d19481972d4d0f3", "23464363cba08e27fe80216b5fd4357dcacf8a5224595e93a9140f31d5cbc566", "51fa5c10aa5dc6afff5c83bae523901b4de99d3a59ed4bc9120153d6312c54b9", "2fc84c525ac1d702f88e30859959de5ca80ddf2f72dbfa05a448d66c8b753256", "88d28d8f8f4b4ba6592bd826e2881e243322018751e5695d841984d629d9eada", "4822a7b53c1869b43a3ebc118b43916f4f77bd03f5bdf3498b18a378f3e86803", "1995d1a3435e5b7d9eb425973c2d3cb34059bcd852a4eb8748837ae706054781", "4a48c638dab35fa78192f7747b068cc129da710066028c43170ae12eb460f167", "48c34b58244f2d1849f3f0bd00920032e968efe02c3f883151cb4aa88943117f", "9a633c5cb26ec4fdda6a2291b2baa62b74c9f228a993969554a2f67d5ab6ff78", "353336a6c39312c51f7666cc2b3d80d1b27c239235dd2399154f193f3b2df4a1", "430a27095ef10105e48f9f28c1c4ac4071fb18f761b5d13aa96ba0cacb3ae45b"], "mitre_attack_tags": []}, {"bi": "possible-dga-communication", "hashes": ["5e1e4f805c3e18e77f59585774c160e27e577f993e3f89610574d47320354f3d", "3d8145249e8c326d93c5d41889be15281e793082cd35d54a8ca943b529ca3b38", "9585d3dc928b2d61e93e2c865b2c9a91d08997d1d2d011a222259e770f3f43c2", "6e35bbccb1acacc25c051e8776752d398fcfa99290cb3003e16ce2d447e06f4f", "4b7722bafa8983254b2100291560bd1387e89aa098e6272fc654565a606d62cf", "cff6a811ddf5a35878fc58cc37c63bae6858bfa0c1d579b37e8b087dd3b005ac", "3aac71ff580fd15ebdaf1b23928eced0fb5af5155d94ec8c7fec5c0bfb5b5a0b", "1630e7419f11c53228dd0686a5129ee44f6b1e6a73767f418c5a716d12a075c4", "6a183798948fb128face5ebf15d7dbbc39420f370905ed19293697fcf4f4e799", "94cbe027b84ae0c215a6b1e53874c5abbae2ad1171c67d9036d5fb3a475cd4c3", "23464363cba08e27fe80216b5fd4357dcacf8a5224595e93a9140f31d5cbc566", "51fa5c10aa5dc6afff5c83bae523901b4de99d3a59ed4bc9120153d6312c54b9", "7be5d5f55d1600a3a7a08d8dd4f442ad2ef6e966bf42b1294ab77dd6d0c71280", "22a719fe3597d52a4ab83bd9d0be81ab84ad0fc7409338bdee9966988b572c85", "88d28d8f8f4b4ba6592bd826e2881e243322018751e5695d841984d629d9eada", "4822a7b53c1869b43a3ebc118b43916f4f77bd03f5bdf3498b18a378f3e86803", "4a48c638dab35fa78192f7747b068cc129da710066028c43170ae12eb460f167", "48c34b58244f2d1849f3f0bd00920032e968efe02c3f883151cb4aa88943117f", "9a633c5cb26ec4fdda6a2291b2baa62b74c9f228a993969554a2f67d5ab6ff78", "353336a6c39312c51f7666cc2b3d80d1b27c239235dd2399154f193f3b2df4a1", "430a27095ef10105e48f9f28c1c4ac4071fb18f761b5d13aa96ba0cacb3ae45b"], "mitre_attack_tags": ["TA0011", "T1568"]}], "category": "Packed", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": true, "Threat Grid": true, "Umbrella": false, "WSA": false}, "description": "Dridex is a well-known banking trojan that aims to steal credentials and other sensitive information from an infected machine.", "hashes": ["1630e7419f11c53228dd0686a5129ee44f6b1e6a73767f418c5a716d12a075c4", "1995d1a3435e5b7d9eb425973c2d3cb34059bcd852a4eb8748837ae706054781", "22a719fe3597d52a4ab83bd9d0be81ab84ad0fc7409338bdee9966988b572c85", "23464363cba08e27fe80216b5fd4357dcacf8a5224595e93a9140f31d5cbc566", "29c11e08afae3ab8a6a710ba9ddb9fa7ff7940b11c2b1f923a678eb751e5bd85", "2fc84c525ac1d702f88e30859959de5ca80ddf2f72dbfa05a448d66c8b753256", "353336a6c39312c51f7666cc2b3d80d1b27c239235dd2399154f193f3b2df4a1", "3aac71ff580fd15ebdaf1b23928eced0fb5af5155d94ec8c7fec5c0bfb5b5a0b", "3d8145249e8c326d93c5d41889be15281e793082cd35d54a8ca943b529ca3b38", "430a27095ef10105e48f9f28c1c4ac4071fb18f761b5d13aa96ba0cacb3ae45b", "4822a7b53c1869b43a3ebc118b43916f4f77bd03f5bdf3498b18a378f3e86803", "48c34b58244f2d1849f3f0bd00920032e968efe02c3f883151cb4aa88943117f", "4a48c638dab35fa78192f7747b068cc129da710066028c43170ae12eb460f167", "4b7722bafa8983254b2100291560bd1387e89aa098e6272fc654565a606d62cf", "513528abdc5db50033b92f9a3400e0cf9f5263e1749377f5ef0aff2e1b9b21d6", "51fa5c10aa5dc6afff5c83bae523901b4de99d3a59ed4bc9120153d6312c54b9", "5e1e4f805c3e18e77f59585774c160e27e577f993e3f89610574d47320354f3d", "6646576f008d36954245ed5bf69a3b23366f320c5d6706034d19481972d4d0f3", "6a183798948fb128face5ebf15d7dbbc39420f370905ed19293697fcf4f4e799", "6e35bbccb1acacc25c051e8776752d398fcfa99290cb3003e16ce2d447e06f4f", "7be5d5f55d1600a3a7a08d8dd4f442ad2ef6e966bf42b1294ab77dd6d0c71280", "88d28d8f8f4b4ba6592bd826e2881e243322018751e5695d841984d629d9eada", "94cbe027b84ae0c215a6b1e53874c5abbae2ad1171c67d9036d5fb3a475cd4c3", "9585d3dc928b2d61e93e2c865b2c9a91d08997d1d2d011a222259e770f3f43c2", "9a633c5cb26ec4fdda6a2291b2baa62b74c9f228a993969554a2f67d5ab6ff78", "a1f5a9fab6b76e924aeecd9bc2613ecd00affc79e74c61cc42e1dc6714421808", "a82d2dbbe334538a956c8de04092848e2fc58c4371efc58641c3d56d2714d99d", "b04fa8e46a1662f266ade1c776cd2207a75db8f754fa3703b76844f4248cccfe", "b2a1e7eed03c2f0c33a0d86b883c10aeca6b26fc8bc49237fba70ab6091c0ffe", "b2a20590bddbb49360a271693d125e558cd3f51d63bd4ea22eef191c438c5f44", "be58ba8a548306ccdd8881668195c511dea7a76af035b96835240d6afe857f0a", "bf5bf306b91fc24adb9dad8c4bbcb2bdd1d150b8ebeb03bbca0d65370dd0f562", "cce3197e75c83d426bf5e0da9e59226d5ddb38f480514402a4e0015cacf0a85d", "cea2ba5c27bcba0350edb5ef0185d92f306a14517b6f59c9e0e3694425ca9204", "cff6a811ddf5a35878fc58cc37c63bae6858bfa0c1d579b37e8b087dd3b005ac", "ebb4ead13a216e2bc8d8b77bae7f2572155c831f3bc5ec1d092aa40c100988dc", "ecda73de1d66af7139592541d9fba8a9f593f88897d884d4381b79bda549813b", "ecea733df52fe060e5a17cc36a3dcab7c260f95da060306b3547a26387ba1724", "ee1fb0ec951202ab5b9bfcbaf771edf1db33a2daa144f7589c146e9f8f145570", "efae561019af621526e02ad7cfb966fc982729476aca9f0e21fd1cf013b3122e", "f041d18914142ae9807f55f25ac2fa90cef4833b671dab77de619138295395c6", "f67e47015f5702b2c668e3843a79fd9390c22d1dd3b77de8198d695a2053a528", "fd782b771ffae6911fb2a5b2be4271ab988e6de4a63132511496436d08311001", "fe0d888a3d4842ec91648a390700fd54b84275b870c056a768da9539571f871f"], "iocs": {"domain": [{"hashes": ["1630e7419f11c53228dd0686a5129ee44f6b1e6a73767f418c5a716d12a075c4", "1995d1a3435e5b7d9eb425973c2d3cb34059bcd852a4eb8748837ae706054781", "22a719fe3597d52a4ab83bd9d0be81ab84ad0fc7409338bdee9966988b572c85", "23464363cba08e27fe80216b5fd4357dcacf8a5224595e93a9140f31d5cbc566", "29c11e08afae3ab8a6a710ba9ddb9fa7ff7940b11c2b1f923a678eb751e5bd85", "2fc84c525ac1d702f88e30859959de5ca80ddf2f72dbfa05a448d66c8b753256", "353336a6c39312c51f7666cc2b3d80d1b27c239235dd2399154f193f3b2df4a1", "3aac71ff580fd15ebdaf1b23928eced0fb5af5155d94ec8c7fec5c0bfb5b5a0b", "3d8145249e8c326d93c5d41889be15281e793082cd35d54a8ca943b529ca3b38", "430a27095ef10105e48f9f28c1c4ac4071fb18f761b5d13aa96ba0cacb3ae45b", "4822a7b53c1869b43a3ebc118b43916f4f77bd03f5bdf3498b18a378f3e86803", "48c34b58244f2d1849f3f0bd00920032e968efe02c3f883151cb4aa88943117f", "4a48c638dab35fa78192f7747b068cc129da710066028c43170ae12eb460f167", "4b7722bafa8983254b2100291560bd1387e89aa098e6272fc654565a606d62cf", "513528abdc5db50033b92f9a3400e0cf9f5263e1749377f5ef0aff2e1b9b21d6", "51fa5c10aa5dc6afff5c83bae523901b4de99d3a59ed4bc9120153d6312c54b9", "5e1e4f805c3e18e77f59585774c160e27e577f993e3f89610574d47320354f3d", "6646576f008d36954245ed5bf69a3b23366f320c5d6706034d19481972d4d0f3", "6a183798948fb128face5ebf15d7dbbc39420f370905ed19293697fcf4f4e799", "6e35bbccb1acacc25c051e8776752d398fcfa99290cb3003e16ce2d447e06f4f", "7be5d5f55d1600a3a7a08d8dd4f442ad2ef6e966bf42b1294ab77dd6d0c71280", "88d28d8f8f4b4ba6592bd826e2881e243322018751e5695d841984d629d9eada", "94cbe027b84ae0c215a6b1e53874c5abbae2ad1171c67d9036d5fb3a475cd4c3", "9585d3dc928b2d61e93e2c865b2c9a91d08997d1d2d011a222259e770f3f43c2", "9a633c5cb26ec4fdda6a2291b2baa62b74c9f228a993969554a2f67d5ab6ff78", "cff6a811ddf5a35878fc58cc37c63bae6858bfa0c1d579b37e8b087dd3b005ac"], "host": "pastebin[.]com"}, {"hashes": ["1630e7419f11c53228dd0686a5129ee44f6b1e6a73767f418c5a716d12a075c4", "1995d1a3435e5b7d9eb425973c2d3cb34059bcd852a4eb8748837ae706054781", "22a719fe3597d52a4ab83bd9d0be81ab84ad0fc7409338bdee9966988b572c85", "23464363cba08e27fe80216b5fd4357dcacf8a5224595e93a9140f31d5cbc566", "29c11e08afae3ab8a6a710ba9ddb9fa7ff7940b11c2b1f923a678eb751e5bd85", "2fc84c525ac1d702f88e30859959de5ca80ddf2f72dbfa05a448d66c8b753256", "353336a6c39312c51f7666cc2b3d80d1b27c239235dd2399154f193f3b2df4a1", "3aac71ff580fd15ebdaf1b23928eced0fb5af5155d94ec8c7fec5c0bfb5b5a0b", "3d8145249e8c326d93c5d41889be15281e793082cd35d54a8ca943b529ca3b38", "430a27095ef10105e48f9f28c1c4ac4071fb18f761b5d13aa96ba0cacb3ae45b", "4822a7b53c1869b43a3ebc118b43916f4f77bd03f5bdf3498b18a378f3e86803", "48c34b58244f2d1849f3f0bd00920032e968efe02c3f883151cb4aa88943117f", "4a48c638dab35fa78192f7747b068cc129da710066028c43170ae12eb460f167", "4b7722bafa8983254b2100291560bd1387e89aa098e6272fc654565a606d62cf", "513528abdc5db50033b92f9a3400e0cf9f5263e1749377f5ef0aff2e1b9b21d6", "51fa5c10aa5dc6afff5c83bae523901b4de99d3a59ed4bc9120153d6312c54b9", "5e1e4f805c3e18e77f59585774c160e27e577f993e3f89610574d47320354f3d", "6646576f008d36954245ed5bf69a3b23366f320c5d6706034d19481972d4d0f3", "6a183798948fb128face5ebf15d7dbbc39420f370905ed19293697fcf4f4e799", "6e35bbccb1acacc25c051e8776752d398fcfa99290cb3003e16ce2d447e06f4f", "7be5d5f55d1600a3a7a08d8dd4f442ad2ef6e966bf42b1294ab77dd6d0c71280", "88d28d8f8f4b4ba6592bd826e2881e243322018751e5695d841984d629d9eada", "94cbe027b84ae0c215a6b1e53874c5abbae2ad1171c67d9036d5fb3a475cd4c3", "9585d3dc928b2d61e93e2c865b2c9a91d08997d1d2d011a222259e770f3f43c2", "9a633c5cb26ec4fdda6a2291b2baa62b74c9f228a993969554a2f67d5ab6ff78", "cff6a811ddf5a35878fc58cc37c63bae6858bfa0c1d579b37e8b087dd3b005ac"], "host": "w[.]google[.]com"}, {"hashes": ["1630e7419f11c53228dd0686a5129ee44f6b1e6a73767f418c5a716d12a075c4", "1995d1a3435e5b7d9eb425973c2d3cb34059bcd852a4eb8748837ae706054781", "22a719fe3597d52a4ab83bd9d0be81ab84ad0fc7409338bdee9966988b572c85", "23464363cba08e27fe80216b5fd4357dcacf8a5224595e93a9140f31d5cbc566", "29c11e08afae3ab8a6a710ba9ddb9fa7ff7940b11c2b1f923a678eb751e5bd85", "2fc84c525ac1d702f88e30859959de5ca80ddf2f72dbfa05a448d66c8b753256", "353336a6c39312c51f7666cc2b3d80d1b27c239235dd2399154f193f3b2df4a1", "3aac71ff580fd15ebdaf1b23928eced0fb5af5155d94ec8c7fec5c0bfb5b5a0b", "3d8145249e8c326d93c5d41889be15281e793082cd35d54a8ca943b529ca3b38", "430a27095ef10105e48f9f28c1c4ac4071fb18f761b5d13aa96ba0cacb3ae45b", "4822a7b53c1869b43a3ebc118b43916f4f77bd03f5bdf3498b18a378f3e86803", "48c34b58244f2d1849f3f0bd00920032e968efe02c3f883151cb4aa88943117f", "4a48c638dab35fa78192f7747b068cc129da710066028c43170ae12eb460f167", "4b7722bafa8983254b2100291560bd1387e89aa098e6272fc654565a606d62cf", "513528abdc5db50033b92f9a3400e0cf9f5263e1749377f5ef0aff2e1b9b21d6", "51fa5c10aa5dc6afff5c83bae523901b4de99d3a59ed4bc9120153d6312c54b9", "5e1e4f805c3e18e77f59585774c160e27e577f993e3f89610574d47320354f3d", "6646576f008d36954245ed5bf69a3b23366f320c5d6706034d19481972d4d0f3", "6a183798948fb128face5ebf15d7dbbc39420f370905ed19293697fcf4f4e799", "6e35bbccb1acacc25c051e8776752d398fcfa99290cb3003e16ce2d447e06f4f", "7be5d5f55d1600a3a7a08d8dd4f442ad2ef6e966bf42b1294ab77dd6d0c71280", "88d28d8f8f4b4ba6592bd826e2881e243322018751e5695d841984d629d9eada", "94cbe027b84ae0c215a6b1e53874c5abbae2ad1171c67d9036d5fb3a475cd4c3", "9585d3dc928b2d61e93e2c865b2c9a91d08997d1d2d011a222259e770f3f43c2", "9a633c5cb26ec4fdda6a2291b2baa62b74c9f228a993969554a2f67d5ab6ff78"], "host": "www3[.]l[.]google[.]com"}, {"hashes": ["1630e7419f11c53228dd0686a5129ee44f6b1e6a73767f418c5a716d12a075c4", "22a719fe3597d52a4ab83bd9d0be81ab84ad0fc7409338bdee9966988b572c85", "23464363cba08e27fe80216b5fd4357dcacf8a5224595e93a9140f31d5cbc566", "2fc84c525ac1d702f88e30859959de5ca80ddf2f72dbfa05a448d66c8b753256", "353336a6c39312c51f7666cc2b3d80d1b27c239235dd2399154f193f3b2df4a1", "430a27095ef10105e48f9f28c1c4ac4071fb18f761b5d13aa96ba0cacb3ae45b", "4a48c638dab35fa78192f7747b068cc129da710066028c43170ae12eb460f167", "4b7722bafa8983254b2100291560bd1387e89aa098e6272fc654565a606d62cf", "51fa5c10aa5dc6afff5c83bae523901b4de99d3a59ed4bc9120153d6312c54b9", "5e1e4f805c3e18e77f59585774c160e27e577f993e3f89610574d47320354f3d", "6646576f008d36954245ed5bf69a3b23366f320c5d6706034d19481972d4d0f3", "6a183798948fb128face5ebf15d7dbbc39420f370905ed19293697fcf4f4e799", "6e35bbccb1acacc25c051e8776752d398fcfa99290cb3003e16ce2d447e06f4f", "7be5d5f55d1600a3a7a08d8dd4f442ad2ef6e966bf42b1294ab77dd6d0c71280", "88d28d8f8f4b4ba6592bd826e2881e243322018751e5695d841984d629d9eada", "94cbe027b84ae0c215a6b1e53874c5abbae2ad1171c67d9036d5fb3a475cd4c3", "9585d3dc928b2d61e93e2c865b2c9a91d08997d1d2d011a222259e770f3f43c2", "9a633c5cb26ec4fdda6a2291b2baa62b74c9f228a993969554a2f67d5ab6ff78"], "host": "ctldl[.]windowsupdate[.]com"}, {"hashes": ["23464363cba08e27fe80216b5fd4357dcacf8a5224595e93a9140f31d5cbc566", "353336a6c39312c51f7666cc2b3d80d1b27c239235dd2399154f193f3b2df4a1", "4a48c638dab35fa78192f7747b068cc129da710066028c43170ae12eb460f167", "51fa5c10aa5dc6afff5c83bae523901b4de99d3a59ed4bc9120153d6312c54b9", "5e1e4f805c3e18e77f59585774c160e27e577f993e3f89610574d47320354f3d", "6646576f008d36954245ed5bf69a3b23366f320c5d6706034d19481972d4d0f3", "6a183798948fb128face5ebf15d7dbbc39420f370905ed19293697fcf4f4e799", "6e35bbccb1acacc25c051e8776752d398fcfa99290cb3003e16ce2d447e06f4f", "9585d3dc928b2d61e93e2c865b2c9a91d08997d1d2d011a222259e770f3f43c2", "9a633c5cb26ec4fdda6a2291b2baa62b74c9f228a993969554a2f67d5ab6ff78"], "host": "a767[.]dscg3[.]akamai[.]net"}, {"hashes": ["1630e7419f11c53228dd0686a5129ee44f6b1e6a73767f418c5a716d12a075c4", "22a719fe3597d52a4ab83bd9d0be81ab84ad0fc7409338bdee9966988b572c85", "2fc84c525ac1d702f88e30859959de5ca80ddf2f72dbfa05a448d66c8b753256", "430a27095ef10105e48f9f28c1c4ac4071fb18f761b5d13aa96ba0cacb3ae45b", "4b7722bafa8983254b2100291560bd1387e89aa098e6272fc654565a606d62cf", "7be5d5f55d1600a3a7a08d8dd4f442ad2ef6e966bf42b1294ab77dd6d0c71280", "88d28d8f8f4b4ba6592bd826e2881e243322018751e5695d841984d629d9eada", "94cbe027b84ae0c215a6b1e53874c5abbae2ad1171c67d9036d5fb3a475cd4c3"], "host": "cs11[.]wpc[.]v0cdn[.]net"}, {"hashes": ["4a48c638dab35fa78192f7747b068cc129da710066028c43170ae12eb460f167", "88d28d8f8f4b4ba6592bd826e2881e243322018751e5695d841984d629d9eada"], "host": "www[.]upz7qrbwmu[.]com"}, {"hashes": ["4a48c638dab35fa78192f7747b068cc129da710066028c43170ae12eb460f167", "88d28d8f8f4b4ba6592bd826e2881e243322018751e5695d841984d629d9eada"], "host": "www[.]eckjconcv9[.]com"}, {"hashes": ["4a48c638dab35fa78192f7747b068cc129da710066028c43170ae12eb460f167", "88d28d8f8f4b4ba6592bd826e2881e243322018751e5695d841984d629d9eada"], "host": "www[.]2qpihnec9c[.]com"}, {"hashes": ["4a48c638dab35fa78192f7747b068cc129da710066028c43170ae12eb460f167", "88d28d8f8f4b4ba6592bd826e2881e243322018751e5695d841984d629d9eada"], "host": "www[.]pywy4qb7e8[.]com"}, {"hashes": ["4a48c638dab35fa78192f7747b068cc129da710066028c43170ae12eb460f167", "88d28d8f8f4b4ba6592bd826e2881e243322018751e5695d841984d629d9eada"], "host": "www[.]h1dfqgsnro[.]com"}, {"hashes": ["4a48c638dab35fa78192f7747b068cc129da710066028c43170ae12eb460f167", "88d28d8f8f4b4ba6592bd826e2881e243322018751e5695d841984d629d9eada"], "host": "www[.]su0tipnipi[.]com"}, {"hashes": ["4a48c638dab35fa78192f7747b068cc129da710066028c43170ae12eb460f167", "88d28d8f8f4b4ba6592bd826e2881e243322018751e5695d841984d629d9eada"], "host": "www[.]7br0aq6uuk[.]com"}, {"hashes": ["4822a7b53c1869b43a3ebc118b43916f4f77bd03f5bdf3498b18a378f3e86803", "7be5d5f55d1600a3a7a08d8dd4f442ad2ef6e966bf42b1294ab77dd6d0c71280"], "host": "www[.]kweqxn5kq0[.]com"}, {"hashes": ["4822a7b53c1869b43a3ebc118b43916f4f77bd03f5bdf3498b18a378f3e86803", "7be5d5f55d1600a3a7a08d8dd4f442ad2ef6e966bf42b1294ab77dd6d0c71280"], "host": "www[.]cxp0bxh0do[.]com"}, {"hashes": ["4822a7b53c1869b43a3ebc118b43916f4f77bd03f5bdf3498b18a378f3e86803", "7be5d5f55d1600a3a7a08d8dd4f442ad2ef6e966bf42b1294ab77dd6d0c71280"], "host": "www[.]rpucoty6ru[.]com"}, {"hashes": ["4822a7b53c1869b43a3ebc118b43916f4f77bd03f5bdf3498b18a378f3e86803", "7be5d5f55d1600a3a7a08d8dd4f442ad2ef6e966bf42b1294ab77dd6d0c71280"], "host": "www[.]sd2ylwl2qq[.]com"}, {"hashes": ["4822a7b53c1869b43a3ebc118b43916f4f77bd03f5bdf3498b18a378f3e86803", "7be5d5f55d1600a3a7a08d8dd4f442ad2ef6e966bf42b1294ab77dd6d0c71280"], "host": "www[.]k4aiunpqhu[.]com"}, {"hashes": ["4822a7b53c1869b43a3ebc118b43916f4f77bd03f5bdf3498b18a378f3e86803", "7be5d5f55d1600a3a7a08d8dd4f442ad2ef6e966bf42b1294ab77dd6d0c71280"], "host": "www[.]z4gzstsojt[.]com"}, {"hashes": ["430a27095ef10105e48f9f28c1c4ac4071fb18f761b5d13aa96ba0cacb3ae45b", "88d28d8f8f4b4ba6592bd826e2881e243322018751e5695d841984d629d9eada"], "host": "www[.]0lye7vcyap[.]com"}, {"hashes": ["430a27095ef10105e48f9f28c1c4ac4071fb18f761b5d13aa96ba0cacb3ae45b", "88d28d8f8f4b4ba6592bd826e2881e243322018751e5695d841984d629d9eada"], "host": "www[.]3ekqkrbab5[.]com"}, {"hashes": ["430a27095ef10105e48f9f28c1c4ac4071fb18f761b5d13aa96ba0cacb3ae45b", "88d28d8f8f4b4ba6592bd826e2881e243322018751e5695d841984d629d9eada"], "host": "www[.]brni2gfck5[.]com"}, {"hashes": ["430a27095ef10105e48f9f28c1c4ac4071fb18f761b5d13aa96ba0cacb3ae45b", "88d28d8f8f4b4ba6592bd826e2881e243322018751e5695d841984d629d9eada"], "host": "www[.]in8t4hicui[.]com"}, {"hashes": ["430a27095ef10105e48f9f28c1c4ac4071fb18f761b5d13aa96ba0cacb3ae45b", "88d28d8f8f4b4ba6592bd826e2881e243322018751e5695d841984d629d9eada"], "host": "www[.]ioxl2nqbhx[.]com"}, {"hashes": ["430a27095ef10105e48f9f28c1c4ac4071fb18f761b5d13aa96ba0cacb3ae45b", "88d28d8f8f4b4ba6592bd826e2881e243322018751e5695d841984d629d9eada"], "host": "www[.]mz2xcs9uhn[.]com"}, {"hashes": ["430a27095ef10105e48f9f28c1c4ac4071fb18f761b5d13aa96ba0cacb3ae45b", "88d28d8f8f4b4ba6592bd826e2881e243322018751e5695d841984d629d9eada"], "host": "www[.]trziicqaku[.]com"}, {"hashes": ["430a27095ef10105e48f9f28c1c4ac4071fb18f761b5d13aa96ba0cacb3ae45b", "88d28d8f8f4b4ba6592bd826e2881e243322018751e5695d841984d629d9eada"], "host": "www[.]xw3ele1l8g[.]com"}, {"hashes": ["4a48c638dab35fa78192f7747b068cc129da710066028c43170ae12eb460f167", "88d28d8f8f4b4ba6592bd826e2881e243322018751e5695d841984d629d9eada"], "host": "www[.]midhpdxadj[.]com"}, {"hashes": ["4b7722bafa8983254b2100291560bd1387e89aa098e6272fc654565a606d62cf"], "host": "www[.]kiuhbwf1ex[.]com"}, {"hashes": ["4b7722bafa8983254b2100291560bd1387e89aa098e6272fc654565a606d62cf"], "host": "www[.]ctgrns6kol[.]com"}, {"hashes": ["4b7722bafa8983254b2100291560bd1387e89aa098e6272fc654565a606d62cf"], "host": "www[.]q0xatnl5v7[.]com"}, {"hashes": ["4b7722bafa8983254b2100291560bd1387e89aa098e6272fc654565a606d62cf"], "host": "www[.]blqmrxtaqd[.]com"}, {"hashes": ["4b7722bafa8983254b2100291560bd1387e89aa098e6272fc654565a606d62cf"], "host": "www[.]polcncf6qq[.]com"}, {"hashes": ["3d8145249e8c326d93c5d41889be15281e793082cd35d54a8ca943b529ca3b38"], "host": "www[.]kn56uvjklj[.]com"}, {"hashes": ["3d8145249e8c326d93c5d41889be15281e793082cd35d54a8ca943b529ca3b38"], "host": "www[.]tfw3penonz[.]com"}, {"hashes": ["3d8145249e8c326d93c5d41889be15281e793082cd35d54a8ca943b529ca3b38"], "host": "www[.]fi1u8sx1kp[.]com"}, {"hashes": ["3d8145249e8c326d93c5d41889be15281e793082cd35d54a8ca943b529ca3b38"], "host": "www[.]mmeutrir5f[.]com"}, {"hashes": ["3d8145249e8c326d93c5d41889be15281e793082cd35d54a8ca943b529ca3b38"], "host": "www[.]diq4bm9add[.]com"}, {"hashes": ["3d8145249e8c326d93c5d41889be15281e793082cd35d54a8ca943b529ca3b38"], "host": "www[.]n9o1ropjb6[.]com"}, {"hashes": ["3d8145249e8c326d93c5d41889be15281e793082cd35d54a8ca943b529ca3b38"], "host": "www[.]vljsggex0w[.]com"}, {"hashes": ["3d8145249e8c326d93c5d41889be15281e793082cd35d54a8ca943b529ca3b38"], "host": "www[.]xoldxonyeu[.]com"}, {"hashes": ["9585d3dc928b2d61e93e2c865b2c9a91d08997d1d2d011a222259e770f3f43c2"], "host": "www[.]gj9auiac5q[.]com"}, {"hashes": ["9a633c5cb26ec4fdda6a2291b2baa62b74c9f228a993969554a2f67d5ab6ff78"], "host": "www[.]uwylpdghws[.]com"}, {"hashes": ["9a633c5cb26ec4fdda6a2291b2baa62b74c9f228a993969554a2f67d5ab6ff78"], "host": "www[.]gtgckjsa6m[.]com"}, {"hashes": ["9a633c5cb26ec4fdda6a2291b2baa62b74c9f228a993969554a2f67d5ab6ff78"], "host": "www[.]n7yixboudw[.]com"}, {"hashes": ["9a633c5cb26ec4fdda6a2291b2baa62b74c9f228a993969554a2f67d5ab6ff78"], "host": "www[.]knsjdqk0km[.]com"}, {"hashes": ["9a633c5cb26ec4fdda6a2291b2baa62b74c9f228a993969554a2f67d5ab6ff78"], "host": "www[.]4brftkcomy[.]com"}, {"hashes": ["9a633c5cb26ec4fdda6a2291b2baa62b74c9f228a993969554a2f67d5ab6ff78"], "host": "www[.]1uvvupqj6k[.]com"}, {"hashes": ["9a633c5cb26ec4fdda6a2291b2baa62b74c9f228a993969554a2f67d5ab6ff78"], "host": "www[.]yhjsfnkz7j[.]com"}, {"hashes": ["9a633c5cb26ec4fdda6a2291b2baa62b74c9f228a993969554a2f67d5ab6ff78"], "host": "www[.]r4kdzlss5h[.]com"}], "file": [{"hashes": ["1630e7419f11c53228dd0686a5129ee44f6b1e6a73767f418c5a716d12a075c4", "1995d1a3435e5b7d9eb425973c2d3cb34059bcd852a4eb8748837ae706054781", "22a719fe3597d52a4ab83bd9d0be81ab84ad0fc7409338bdee9966988b572c85", "23464363cba08e27fe80216b5fd4357dcacf8a5224595e93a9140f31d5cbc566", "29c11e08afae3ab8a6a710ba9ddb9fa7ff7940b11c2b1f923a678eb751e5bd85", "2fc84c525ac1d702f88e30859959de5ca80ddf2f72dbfa05a448d66c8b753256", "353336a6c39312c51f7666cc2b3d80d1b27c239235dd2399154f193f3b2df4a1", "3aac71ff580fd15ebdaf1b23928eced0fb5af5155d94ec8c7fec5c0bfb5b5a0b", "3d8145249e8c326d93c5d41889be15281e793082cd35d54a8ca943b529ca3b38", "430a27095ef10105e48f9f28c1c4ac4071fb18f761b5d13aa96ba0cacb3ae45b", "4822a7b53c1869b43a3ebc118b43916f4f77bd03f5bdf3498b18a378f3e86803", "48c34b58244f2d1849f3f0bd00920032e968efe02c3f883151cb4aa88943117f", "4a48c638dab35fa78192f7747b068cc129da710066028c43170ae12eb460f167", "4b7722bafa8983254b2100291560bd1387e89aa098e6272fc654565a606d62cf", "513528abdc5db50033b92f9a3400e0cf9f5263e1749377f5ef0aff2e1b9b21d6", "51fa5c10aa5dc6afff5c83bae523901b4de99d3a59ed4bc9120153d6312c54b9", "5e1e4f805c3e18e77f59585774c160e27e577f993e3f89610574d47320354f3d", "6646576f008d36954245ed5bf69a3b23366f320c5d6706034d19481972d4d0f3", "6a183798948fb128face5ebf15d7dbbc39420f370905ed19293697fcf4f4e799", "6e35bbccb1acacc25c051e8776752d398fcfa99290cb3003e16ce2d447e06f4f", "7be5d5f55d1600a3a7a08d8dd4f442ad2ef6e966bf42b1294ab77dd6d0c71280", "88d28d8f8f4b4ba6592bd826e2881e243322018751e5695d841984d629d9eada", "94cbe027b84ae0c215a6b1e53874c5abbae2ad1171c67d9036d5fb3a475cd4c3", "9585d3dc928b2d61e93e2c865b2c9a91d08997d1d2d011a222259e770f3f43c2", "9a633c5cb26ec4fdda6a2291b2baa62b74c9f228a993969554a2f67d5ab6ff78"], "path": "<malware cwd>\\old_<malware exe name> (copy)"}, {"hashes": ["22a719fe3597d52a4ab83bd9d0be81ab84ad0fc7409338bdee9966988b572c85", "9a633c5cb26ec4fdda6a2291b2baa62b74c9f228a993969554a2f67d5ab6ff78"], "path": "\\Temp\\HncDownload\\Update.log"}, {"hashes": ["22a719fe3597d52a4ab83bd9d0be81ab84ad0fc7409338bdee9966988b572c85", "9a633c5cb26ec4fdda6a2291b2baa62b74c9f228a993969554a2f67d5ab6ff78"], "path": "%ProgramData%\\Microsoft\\Windows\\SystemData\\S-1-5-18\\ReadOnly\\LockScreen_Z\\LockScreen___1024_0768_notdimmed.jpg (copy)"}, {"hashes": ["22a719fe3597d52a4ab83bd9d0be81ab84ad0fc7409338bdee9966988b572c85", "9a633c5cb26ec4fdda6a2291b2baa62b74c9f228a993969554a2f67d5ab6ff78"], "path": "%ProgramData%\\Microsoft\\Windows\\SystemData\\S-1-5-18\\ReadOnly\\LockScreen_Z\\~ockScreen___1024_0768_notdimmed.tmp"}], "ip": [{"hashes": ["1630e7419f11c53228dd0686a5129ee44f6b1e6a73767f418c5a716d12a075c4", "1995d1a3435e5b7d9eb425973c2d3cb34059bcd852a4eb8748837ae706054781", "22a719fe3597d52a4ab83bd9d0be81ab84ad0fc7409338bdee9966988b572c85", "23464363cba08e27fe80216b5fd4357dcacf8a5224595e93a9140f31d5cbc566", "29c11e08afae3ab8a6a710ba9ddb9fa7ff7940b11c2b1f923a678eb751e5bd85", "2fc84c525ac1d702f88e30859959de5ca80ddf2f72dbfa05a448d66c8b753256", "353336a6c39312c51f7666cc2b3d80d1b27c239235dd2399154f193f3b2df4a1", "3aac71ff580fd15ebdaf1b23928eced0fb5af5155d94ec8c7fec5c0bfb5b5a0b", "3d8145249e8c326d93c5d41889be15281e793082cd35d54a8ca943b529ca3b38", "430a27095ef10105e48f9f28c1c4ac4071fb18f761b5d13aa96ba0cacb3ae45b", "4822a7b53c1869b43a3ebc118b43916f4f77bd03f5bdf3498b18a378f3e86803", "48c34b58244f2d1849f3f0bd00920032e968efe02c3f883151cb4aa88943117f", "4a48c638dab35fa78192f7747b068cc129da710066028c43170ae12eb460f167", "4b7722bafa8983254b2100291560bd1387e89aa098e6272fc654565a606d62cf", "513528abdc5db50033b92f9a3400e0cf9f5263e1749377f5ef0aff2e1b9b21d6", "51fa5c10aa5dc6afff5c83bae523901b4de99d3a59ed4bc9120153d6312c54b9", "5e1e4f805c3e18e77f59585774c160e27e577f993e3f89610574d47320354f3d", "6646576f008d36954245ed5bf69a3b23366f320c5d6706034d19481972d4d0f3", "6a183798948fb128face5ebf15d7dbbc39420f370905ed19293697fcf4f4e799", "6e35bbccb1acacc25c051e8776752d398fcfa99290cb3003e16ce2d447e06f4f", "7be5d5f55d1600a3a7a08d8dd4f442ad2ef6e966bf42b1294ab77dd6d0c71280", "88d28d8f8f4b4ba6592bd826e2881e243322018751e5695d841984d629d9eada", "94cbe027b84ae0c215a6b1e53874c5abbae2ad1171c67d9036d5fb3a475cd4c3", "9a633c5cb26ec4fdda6a2291b2baa62b74c9f228a993969554a2f67d5ab6ff78", "cff6a811ddf5a35878fc58cc37c63bae6858bfa0c1d579b37e8b087dd3b005ac"], "ip": "172[.]217[.]10[.]78"}, {"hashes": ["1630e7419f11c53228dd0686a5129ee44f6b1e6a73767f418c5a716d12a075c4", "29c11e08afae3ab8a6a710ba9ddb9fa7ff7940b11c2b1f923a678eb751e5bd85", "2fc84c525ac1d702f88e30859959de5ca80ddf2f72dbfa05a448d66c8b753256", "353336a6c39312c51f7666cc2b3d80d1b27c239235dd2399154f193f3b2df4a1", "430a27095ef10105e48f9f28c1c4ac4071fb18f761b5d13aa96ba0cacb3ae45b", "4822a7b53c1869b43a3ebc118b43916f4f77bd03f5bdf3498b18a378f3e86803", "4a48c638dab35fa78192f7747b068cc129da710066028c43170ae12eb460f167", "513528abdc5db50033b92f9a3400e0cf9f5263e1749377f5ef0aff2e1b9b21d6", "51fa5c10aa5dc6afff5c83bae523901b4de99d3a59ed4bc9120153d6312c54b9", "6646576f008d36954245ed5bf69a3b23366f320c5d6706034d19481972d4d0f3", "6a183798948fb128face5ebf15d7dbbc39420f370905ed19293697fcf4f4e799", "6e35bbccb1acacc25c051e8776752d398fcfa99290cb3003e16ce2d447e06f4f", "94cbe027b84ae0c215a6b1e53874c5abbae2ad1171c67d9036d5fb3a475cd4c3", "9a633c5cb26ec4fdda6a2291b2baa62b74c9f228a993969554a2f67d5ab6ff78", "cff6a811ddf5a35878fc58cc37c63bae6858bfa0c1d579b37e8b087dd3b005ac"], "ip": "104[.]23[.]98[.]190"}, {"hashes": ["1995d1a3435e5b7d9eb425973c2d3cb34059bcd852a4eb8748837ae706054781", "22a719fe3597d52a4ab83bd9d0be81ab84ad0fc7409338bdee9966988b572c85", "23464363cba08e27fe80216b5fd4357dcacf8a5224595e93a9140f31d5cbc566", "3aac71ff580fd15ebdaf1b23928eced0fb5af5155d94ec8c7fec5c0bfb5b5a0b", "3d8145249e8c326d93c5d41889be15281e793082cd35d54a8ca943b529ca3b38", "48c34b58244f2d1849f3f0bd00920032e968efe02c3f883151cb4aa88943117f", "4b7722bafa8983254b2100291560bd1387e89aa098e6272fc654565a606d62cf", "5e1e4f805c3e18e77f59585774c160e27e577f993e3f89610574d47320354f3d", "7be5d5f55d1600a3a7a08d8dd4f442ad2ef6e966bf42b1294ab77dd6d0c71280", "88d28d8f8f4b4ba6592bd826e2881e243322018751e5695d841984d629d9eada", "9585d3dc928b2d61e93e2c865b2c9a91d08997d1d2d011a222259e770f3f43c2"], "ip": "104[.]23[.]99[.]190"}, {"hashes": ["22a719fe3597d52a4ab83bd9d0be81ab84ad0fc7409338bdee9966988b572c85", "29c11e08afae3ab8a6a710ba9ddb9fa7ff7940b11c2b1f923a678eb751e5bd85", "430a27095ef10105e48f9f28c1c4ac4071fb18f761b5d13aa96ba0cacb3ae45b", "4a48c638dab35fa78192f7747b068cc129da710066028c43170ae12eb460f167", "4b7722bafa8983254b2100291560bd1387e89aa098e6272fc654565a606d62cf", "513528abdc5db50033b92f9a3400e0cf9f5263e1749377f5ef0aff2e1b9b21d6", "6a183798948fb128face5ebf15d7dbbc39420f370905ed19293697fcf4f4e799", "7be5d5f55d1600a3a7a08d8dd4f442ad2ef6e966bf42b1294ab77dd6d0c71280", "88d28d8f8f4b4ba6592bd826e2881e243322018751e5695d841984d629d9eada", "9585d3dc928b2d61e93e2c865b2c9a91d08997d1d2d011a222259e770f3f43c2", "9a633c5cb26ec4fdda6a2291b2baa62b74c9f228a993969554a2f67d5ab6ff78"], "ip": "173[.]194[.]68[.]100/31"}, {"hashes": ["1630e7419f11c53228dd0686a5129ee44f6b1e6a73767f418c5a716d12a075c4", "22a719fe3597d52a4ab83bd9d0be81ab84ad0fc7409338bdee9966988b572c85", "2fc84c525ac1d702f88e30859959de5ca80ddf2f72dbfa05a448d66c8b753256", "430a27095ef10105e48f9f28c1c4ac4071fb18f761b5d13aa96ba0cacb3ae45b", "4b7722bafa8983254b2100291560bd1387e89aa098e6272fc654565a606d62cf", "7be5d5f55d1600a3a7a08d8dd4f442ad2ef6e966bf42b1294ab77dd6d0c71280", "88d28d8f8f4b4ba6592bd826e2881e243322018751e5695d841984d629d9eada", "94cbe027b84ae0c215a6b1e53874c5abbae2ad1171c67d9036d5fb3a475cd4c3"], "ip": "72[.]21[.]81[.]240"}, {"hashes": ["5e1e4f805c3e18e77f59585774c160e27e577f993e3f89610574d47320354f3d", "6646576f008d36954245ed5bf69a3b23366f320c5d6706034d19481972d4d0f3", "6a183798948fb128face5ebf15d7dbbc39420f370905ed19293697fcf4f4e799", "6e35bbccb1acacc25c051e8776752d398fcfa99290cb3003e16ce2d447e06f4f", "9585d3dc928b2d61e93e2c865b2c9a91d08997d1d2d011a222259e770f3f43c2", "9a633c5cb26ec4fdda6a2291b2baa62b74c9f228a993969554a2f67d5ab6ff78"], "ip": "23[.]3[.]13[.]154"}, {"hashes": ["1630e7419f11c53228dd0686a5129ee44f6b1e6a73767f418c5a716d12a075c4", "353336a6c39312c51f7666cc2b3d80d1b27c239235dd2399154f193f3b2df4a1", "3aac71ff580fd15ebdaf1b23928eced0fb5af5155d94ec8c7fec5c0bfb5b5a0b", "3d8145249e8c326d93c5d41889be15281e793082cd35d54a8ca943b529ca3b38", "4822a7b53c1869b43a3ebc118b43916f4f77bd03f5bdf3498b18a378f3e86803", "6646576f008d36954245ed5bf69a3b23366f320c5d6706034d19481972d4d0f3"], "ip": "173[.]194[.]68[.]113"}, {"hashes": ["1995d1a3435e5b7d9eb425973c2d3cb34059bcd852a4eb8748837ae706054781", "2fc84c525ac1d702f88e30859959de5ca80ddf2f72dbfa05a448d66c8b753256", "48c34b58244f2d1849f3f0bd00920032e968efe02c3f883151cb4aa88943117f", "51fa5c10aa5dc6afff5c83bae523901b4de99d3a59ed4bc9120153d6312c54b9", "5e1e4f805c3e18e77f59585774c160e27e577f993e3f89610574d47320354f3d", "6e35bbccb1acacc25c051e8776752d398fcfa99290cb3003e16ce2d447e06f4f"], "ip": "173[.]194[.]68[.]138/31"}, {"hashes": ["23464363cba08e27fe80216b5fd4357dcacf8a5224595e93a9140f31d5cbc566", "353336a6c39312c51f7666cc2b3d80d1b27c239235dd2399154f193f3b2df4a1", "4a48c638dab35fa78192f7747b068cc129da710066028c43170ae12eb460f167", "51fa5c10aa5dc6afff5c83bae523901b4de99d3a59ed4bc9120153d6312c54b9"], "ip": "23[.]3[.]13[.]88"}, {"hashes": ["23464363cba08e27fe80216b5fd4357dcacf8a5224595e93a9140f31d5cbc566", "94cbe027b84ae0c215a6b1e53874c5abbae2ad1171c67d9036d5fb3a475cd4c3"], "ip": "173[.]194[.]68[.]102"}, {"hashes": ["9585d3dc928b2d61e93e2c865b2c9a91d08997d1d2d011a222259e770f3f43c2"], "ip": "172[.]217[.]6[.]238"}], "mutex": [{"hashes": ["1630e7419f11c53228dd0686a5129ee44f6b1e6a73767f418c5a716d12a075c4", "1995d1a3435e5b7d9eb425973c2d3cb34059bcd852a4eb8748837ae706054781", "22a719fe3597d52a4ab83bd9d0be81ab84ad0fc7409338bdee9966988b572c85", "23464363cba08e27fe80216b5fd4357dcacf8a5224595e93a9140f31d5cbc566", "29c11e08afae3ab8a6a710ba9ddb9fa7ff7940b11c2b1f923a678eb751e5bd85", "2fc84c525ac1d702f88e30859959de5ca80ddf2f72dbfa05a448d66c8b753256", "353336a6c39312c51f7666cc2b3d80d1b27c239235dd2399154f193f3b2df4a1", "3aac71ff580fd15ebdaf1b23928eced0fb5af5155d94ec8c7fec5c0bfb5b5a0b", "3d8145249e8c326d93c5d41889be15281e793082cd35d54a8ca943b529ca3b38", "430a27095ef10105e48f9f28c1c4ac4071fb18f761b5d13aa96ba0cacb3ae45b", "4822a7b53c1869b43a3ebc118b43916f4f77bd03f5bdf3498b18a378f3e86803", "48c34b58244f2d1849f3f0bd00920032e968efe02c3f883151cb4aa88943117f", "4a48c638dab35fa78192f7747b068cc129da710066028c43170ae12eb460f167", "4b7722bafa8983254b2100291560bd1387e89aa098e6272fc654565a606d62cf", "513528abdc5db50033b92f9a3400e0cf9f5263e1749377f5ef0aff2e1b9b21d6", "51fa5c10aa5dc6afff5c83bae523901b4de99d3a59ed4bc9120153d6312c54b9", "5e1e4f805c3e18e77f59585774c160e27e577f993e3f89610574d47320354f3d", "6646576f008d36954245ed5bf69a3b23366f320c5d6706034d19481972d4d0f3", "6a183798948fb128face5ebf15d7dbbc39420f370905ed19293697fcf4f4e799", "6e35bbccb1acacc25c051e8776752d398fcfa99290cb3003e16ce2d447e06f4f", "7be5d5f55d1600a3a7a08d8dd4f442ad2ef6e966bf42b1294ab77dd6d0c71280", "88d28d8f8f4b4ba6592bd826e2881e243322018751e5695d841984d629d9eada", "94cbe027b84ae0c215a6b1e53874c5abbae2ad1171c67d9036d5fb3a475cd4c3", "9585d3dc928b2d61e93e2c865b2c9a91d08997d1d2d011a222259e770f3f43c2", "9a633c5cb26ec4fdda6a2291b2baa62b74c9f228a993969554a2f67d5ab6ff78", "cff6a811ddf5a35878fc58cc37c63bae6858bfa0c1d579b37e8b087dd3b005ac"], "name": "<random, matching [A-Z0-9]{10}>"}], "registry": [{"hashes": ["1630e7419f11c53228dd0686a5129ee44f6b1e6a73767f418c5a716d12a075c4", "1995d1a3435e5b7d9eb425973c2d3cb34059bcd852a4eb8748837ae706054781", "22a719fe3597d52a4ab83bd9d0be81ab84ad0fc7409338bdee9966988b572c85", "23464363cba08e27fe80216b5fd4357dcacf8a5224595e93a9140f31d5cbc566", "29c11e08afae3ab8a6a710ba9ddb9fa7ff7940b11c2b1f923a678eb751e5bd85", "2fc84c525ac1d702f88e30859959de5ca80ddf2f72dbfa05a448d66c8b753256", "353336a6c39312c51f7666cc2b3d80d1b27c239235dd2399154f193f3b2df4a1", "3aac71ff580fd15ebdaf1b23928eced0fb5af5155d94ec8c7fec5c0bfb5b5a0b", "3d8145249e8c326d93c5d41889be15281e793082cd35d54a8ca943b529ca3b38", "430a27095ef10105e48f9f28c1c4ac4071fb18f761b5d13aa96ba0cacb3ae45b", "4822a7b53c1869b43a3ebc118b43916f4f77bd03f5bdf3498b18a378f3e86803", "48c34b58244f2d1849f3f0bd00920032e968efe02c3f883151cb4aa88943117f", "4a48c638dab35fa78192f7747b068cc129da710066028c43170ae12eb460f167", "4b7722bafa8983254b2100291560bd1387e89aa098e6272fc654565a606d62cf", "513528abdc5db50033b92f9a3400e0cf9f5263e1749377f5ef0aff2e1b9b21d6", "51fa5c10aa5dc6afff5c83bae523901b4de99d3a59ed4bc9120153d6312c54b9", "5e1e4f805c3e18e77f59585774c160e27e577f993e3f89610574d47320354f3d", "6646576f008d36954245ed5bf69a3b23366f320c5d6706034d19481972d4d0f3", "6a183798948fb128face5ebf15d7dbbc39420f370905ed19293697fcf4f4e799", "6e35bbccb1acacc25c051e8776752d398fcfa99290cb3003e16ce2d447e06f4f", "7be5d5f55d1600a3a7a08d8dd4f442ad2ef6e966bf42b1294ab77dd6d0c71280", "88d28d8f8f4b4ba6592bd826e2881e243322018751e5695d841984d629d9eada", "94cbe027b84ae0c215a6b1e53874c5abbae2ad1171c67d9036d5fb3a475cd4c3", "9585d3dc928b2d61e93e2c865b2c9a91d08997d1d2d011a222259e770f3f43c2", "9a633c5cb26ec4fdda6a2291b2baa62b74c9f228a993969554a2f67d5ab6ff78", "cff6a811ddf5a35878fc58cc37c63bae6858bfa0c1d579b37e8b087dd3b005ac"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUNONCE", "value_name": "trkcore"}, {"hashes": ["1630e7419f11c53228dd0686a5129ee44f6b1e6a73767f418c5a716d12a075c4", "1995d1a3435e5b7d9eb425973c2d3cb34059bcd852a4eb8748837ae706054781", "22a719fe3597d52a4ab83bd9d0be81ab84ad0fc7409338bdee9966988b572c85", "23464363cba08e27fe80216b5fd4357dcacf8a5224595e93a9140f31d5cbc566", "29c11e08afae3ab8a6a710ba9ddb9fa7ff7940b11c2b1f923a678eb751e5bd85", "2fc84c525ac1d702f88e30859959de5ca80ddf2f72dbfa05a448d66c8b753256", "353336a6c39312c51f7666cc2b3d80d1b27c239235dd2399154f193f3b2df4a1", "3aac71ff580fd15ebdaf1b23928eced0fb5af5155d94ec8c7fec5c0bfb5b5a0b", "3d8145249e8c326d93c5d41889be15281e793082cd35d54a8ca943b529ca3b38", "430a27095ef10105e48f9f28c1c4ac4071fb18f761b5d13aa96ba0cacb3ae45b", "4822a7b53c1869b43a3ebc118b43916f4f77bd03f5bdf3498b18a378f3e86803", "48c34b58244f2d1849f3f0bd00920032e968efe02c3f883151cb4aa88943117f", "4a48c638dab35fa78192f7747b068cc129da710066028c43170ae12eb460f167", "4b7722bafa8983254b2100291560bd1387e89aa098e6272fc654565a606d62cf", "513528abdc5db50033b92f9a3400e0cf9f5263e1749377f5ef0aff2e1b9b21d6", "51fa5c10aa5dc6afff5c83bae523901b4de99d3a59ed4bc9120153d6312c54b9", "5e1e4f805c3e18e77f59585774c160e27e577f993e3f89610574d47320354f3d", "6646576f008d36954245ed5bf69a3b23366f320c5d6706034d19481972d4d0f3", "6a183798948fb128face5ebf15d7dbbc39420f370905ed19293697fcf4f4e799", "6e35bbccb1acacc25c051e8776752d398fcfa99290cb3003e16ce2d447e06f4f", "7be5d5f55d1600a3a7a08d8dd4f442ad2ef6e966bf42b1294ab77dd6d0c71280", "88d28d8f8f4b4ba6592bd826e2881e243322018751e5695d841984d629d9eada", "94cbe027b84ae0c215a6b1e53874c5abbae2ad1171c67d9036d5fb3a475cd4c3", "9585d3dc928b2d61e93e2c865b2c9a91d08997d1d2d011a222259e770f3f43c2", "9a633c5cb26ec4fdda6a2291b2baa62b74c9f228a993969554a2f67d5ab6ff78", "cff6a811ddf5a35878fc58cc37c63bae6858bfa0c1d579b37e8b087dd3b005ac"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\SYSTEM", "value_name": "DisableTaskMgr"}, {"hashes": ["1630e7419f11c53228dd0686a5129ee44f6b1e6a73767f418c5a716d12a075c4", "1995d1a3435e5b7d9eb425973c2d3cb34059bcd852a4eb8748837ae706054781", "22a719fe3597d52a4ab83bd9d0be81ab84ad0fc7409338bdee9966988b572c85", "23464363cba08e27fe80216b5fd4357dcacf8a5224595e93a9140f31d5cbc566", "29c11e08afae3ab8a6a710ba9ddb9fa7ff7940b11c2b1f923a678eb751e5bd85", "2fc84c525ac1d702f88e30859959de5ca80ddf2f72dbfa05a448d66c8b753256", "353336a6c39312c51f7666cc2b3d80d1b27c239235dd2399154f193f3b2df4a1", "3aac71ff580fd15ebdaf1b23928eced0fb5af5155d94ec8c7fec5c0bfb5b5a0b", "3d8145249e8c326d93c5d41889be15281e793082cd35d54a8ca943b529ca3b38", "430a27095ef10105e48f9f28c1c4ac4071fb18f761b5d13aa96ba0cacb3ae45b", "4822a7b53c1869b43a3ebc118b43916f4f77bd03f5bdf3498b18a378f3e86803", "48c34b58244f2d1849f3f0bd00920032e968efe02c3f883151cb4aa88943117f", "4a48c638dab35fa78192f7747b068cc129da710066028c43170ae12eb460f167", "4b7722bafa8983254b2100291560bd1387e89aa098e6272fc654565a606d62cf", "513528abdc5db50033b92f9a3400e0cf9f5263e1749377f5ef0aff2e1b9b21d6", "51fa5c10aa5dc6afff5c83bae523901b4de99d3a59ed4bc9120153d6312c54b9", "5e1e4f805c3e18e77f59585774c160e27e577f993e3f89610574d47320354f3d", "6646576f008d36954245ed5bf69a3b23366f320c5d6706034d19481972d4d0f3", "6a183798948fb128face5ebf15d7dbbc39420f370905ed19293697fcf4f4e799", "6e35bbccb1acacc25c051e8776752d398fcfa99290cb3003e16ce2d447e06f4f", "7be5d5f55d1600a3a7a08d8dd4f442ad2ef6e966bf42b1294ab77dd6d0c71280", "88d28d8f8f4b4ba6592bd826e2881e243322018751e5695d841984d629d9eada", "94cbe027b84ae0c215a6b1e53874c5abbae2ad1171c67d9036d5fb3a475cd4c3", "9585d3dc928b2d61e93e2c865b2c9a91d08997d1d2d011a222259e770f3f43c2", "9a633c5cb26ec4fdda6a2291b2baa62b74c9f228a993969554a2f67d5ab6ff78", "cff6a811ddf5a35878fc58cc37c63bae6858bfa0c1d579b37e8b087dd3b005ac"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\ACTION CENTER\\CHECKS\\{C8E6F269-B90A-4053-A3BE-499AFCEC98C4}.CHECK.0", "value_name": "CheckSetting"}]}, "reports_count": 26}, "Win.Packed.Tofsee-9833646-1": {"bis": [{"bi": "pe-encrypted-section", "hashes": ["23d38422d193586d40a773cea01e9b20ad2935d94f51e036b27b9c19e63b5fb4", "5e9e1276b69aafe7717457e61f37c671f10d539ed1844462de07604fd8e6f214", "360643ca70455c23e649632316369a4f5b78d4f31079bb62ac8e31f082678ee4", "b23fba78118e9face6efde8949e51525be2dce027352eeab823ebcac57cc92fe", "edbc8a3a4410e15b89475ee80910b7834483c99611ee06e8174aa47991ad91b1", "d2cc7925069b06a85f93854c5c187f006f3800b7d6d4437b62842562fc45ff4a", "d250bc1a48c31bc22668874060b6bb14cffe0141fd2d24dc91abccfdcef5525b", "eee1c88dfa7550f80af89e0eb151d63b42e39f688a1c0e0cbabcea9b05216e89", "1989d79448592be105ab6f1f234ea0af27c1e026aa432af52ef318796b0e8d58", "4d3739cee22be1965a27e0a93d86f9ec687da085bda0316bc2b3d5b91dab8c66", "c69b9f88539107e056445c94a042726977728159b570f9a7bbda367e79a5dd8a", "71987716ea01b25067278eab5961dd5e5cd8fb927a808d1799d25b41b12a5978", "818c99fec2aa30a09921ccf803d9ea06a61e5ee7cb9fd08723496193913dfe86", "c85745a40df2c26178036737592f758834a02d9cd0d27b755e55576c808babed", "5a308309eba7e75ef942ca1b1fd3858d475cafa2cd7c579e3a3f49043ce14cc0", "94aa2b152bc6fcccef890e6171571098fc13b2f4bff3c6a266c5322bdcb5cb0e", "a24e0b91c1cdb0c394ac924702a338aff81bcf2f1a043c277caea2f85cde91c1", "ba4dec73b5fe31e0558314905aed00bedda81639cc86dcfb23397a610154d437"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "memory-execute-readwrite", "hashes": ["23d38422d193586d40a773cea01e9b20ad2935d94f51e036b27b9c19e63b5fb4", "5e9e1276b69aafe7717457e61f37c671f10d539ed1844462de07604fd8e6f214", "360643ca70455c23e649632316369a4f5b78d4f31079bb62ac8e31f082678ee4", "b23fba78118e9face6efde8949e51525be2dce027352eeab823ebcac57cc92fe", "edbc8a3a4410e15b89475ee80910b7834483c99611ee06e8174aa47991ad91b1", "d2cc7925069b06a85f93854c5c187f006f3800b7d6d4437b62842562fc45ff4a", "d250bc1a48c31bc22668874060b6bb14cffe0141fd2d24dc91abccfdcef5525b", "eee1c88dfa7550f80af89e0eb151d63b42e39f688a1c0e0cbabcea9b05216e89", "1989d79448592be105ab6f1f234ea0af27c1e026aa432af52ef318796b0e8d58", "4d3739cee22be1965a27e0a93d86f9ec687da085bda0316bc2b3d5b91dab8c66", "c69b9f88539107e056445c94a042726977728159b570f9a7bbda367e79a5dd8a", "71987716ea01b25067278eab5961dd5e5cd8fb927a808d1799d25b41b12a5978", "818c99fec2aa30a09921ccf803d9ea06a61e5ee7cb9fd08723496193913dfe86", "c85745a40df2c26178036737592f758834a02d9cd0d27b755e55576c808babed", "5a308309eba7e75ef942ca1b1fd3858d475cafa2cd7c579e3a3f49043ce14cc0", "94aa2b152bc6fcccef890e6171571098fc13b2f4bff3c6a266c5322bdcb5cb0e", "a24e0b91c1cdb0c394ac924702a338aff81bcf2f1a043c277caea2f85cde91c1", "ba4dec73b5fe31e0558314905aed00bedda81639cc86dcfb23397a610154d437"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["23d38422d193586d40a773cea01e9b20ad2935d94f51e036b27b9c19e63b5fb4", "5e9e1276b69aafe7717457e61f37c671f10d539ed1844462de07604fd8e6f214", "360643ca70455c23e649632316369a4f5b78d4f31079bb62ac8e31f082678ee4", "b23fba78118e9face6efde8949e51525be2dce027352eeab823ebcac57cc92fe", "edbc8a3a4410e15b89475ee80910b7834483c99611ee06e8174aa47991ad91b1", "d2cc7925069b06a85f93854c5c187f006f3800b7d6d4437b62842562fc45ff4a", "d250bc1a48c31bc22668874060b6bb14cffe0141fd2d24dc91abccfdcef5525b", "eee1c88dfa7550f80af89e0eb151d63b42e39f688a1c0e0cbabcea9b05216e89", "1989d79448592be105ab6f1f234ea0af27c1e026aa432af52ef318796b0e8d58", "4d3739cee22be1965a27e0a93d86f9ec687da085bda0316bc2b3d5b91dab8c66", "c69b9f88539107e056445c94a042726977728159b570f9a7bbda367e79a5dd8a", "71987716ea01b25067278eab5961dd5e5cd8fb927a808d1799d25b41b12a5978", "818c99fec2aa30a09921ccf803d9ea06a61e5ee7cb9fd08723496193913dfe86", "c85745a40df2c26178036737592f758834a02d9cd0d27b755e55576c808babed", "5a308309eba7e75ef942ca1b1fd3858d475cafa2cd7c579e3a3f49043ce14cc0", "94aa2b152bc6fcccef890e6171571098fc13b2f4bff3c6a266c5322bdcb5cb0e", "a24e0b91c1cdb0c394ac924702a338aff81bcf2f1a043c277caea2f85cde91c1", "ba4dec73b5fe31e0558314905aed00bedda81639cc86dcfb23397a610154d437"], "mitre_attack_tags": []}, {"bi": "cta-static-analyzer-malicious", "hashes": ["23d38422d193586d40a773cea01e9b20ad2935d94f51e036b27b9c19e63b5fb4", "5e9e1276b69aafe7717457e61f37c671f10d539ed1844462de07604fd8e6f214", "360643ca70455c23e649632316369a4f5b78d4f31079bb62ac8e31f082678ee4", "b23fba78118e9face6efde8949e51525be2dce027352eeab823ebcac57cc92fe", "edbc8a3a4410e15b89475ee80910b7834483c99611ee06e8174aa47991ad91b1", "d2cc7925069b06a85f93854c5c187f006f3800b7d6d4437b62842562fc45ff4a", "d250bc1a48c31bc22668874060b6bb14cffe0141fd2d24dc91abccfdcef5525b", "eee1c88dfa7550f80af89e0eb151d63b42e39f688a1c0e0cbabcea9b05216e89", "1989d79448592be105ab6f1f234ea0af27c1e026aa432af52ef318796b0e8d58", "4d3739cee22be1965a27e0a93d86f9ec687da085bda0316bc2b3d5b91dab8c66", "c69b9f88539107e056445c94a042726977728159b570f9a7bbda367e79a5dd8a", "71987716ea01b25067278eab5961dd5e5cd8fb927a808d1799d25b41b12a5978", "818c99fec2aa30a09921ccf803d9ea06a61e5ee7cb9fd08723496193913dfe86", "c85745a40df2c26178036737592f758834a02d9cd0d27b755e55576c808babed", "5a308309eba7e75ef942ca1b1fd3858d475cafa2cd7c579e3a3f49043ce14cc0", "94aa2b152bc6fcccef890e6171571098fc13b2f4bff3c6a266c5322bdcb5cb0e", "a24e0b91c1cdb0c394ac924702a338aff81bcf2f1a043c277caea2f85cde91c1", "ba4dec73b5fe31e0558314905aed00bedda81639cc86dcfb23397a610154d437"], "mitre_attack_tags": []}, {"bi": "imports-IsDebuggerPresent", "hashes": ["23d38422d193586d40a773cea01e9b20ad2935d94f51e036b27b9c19e63b5fb4", "5e9e1276b69aafe7717457e61f37c671f10d539ed1844462de07604fd8e6f214", "360643ca70455c23e649632316369a4f5b78d4f31079bb62ac8e31f082678ee4", "b23fba78118e9face6efde8949e51525be2dce027352eeab823ebcac57cc92fe", "edbc8a3a4410e15b89475ee80910b7834483c99611ee06e8174aa47991ad91b1", "d2cc7925069b06a85f93854c5c187f006f3800b7d6d4437b62842562fc45ff4a", "d250bc1a48c31bc22668874060b6bb14cffe0141fd2d24dc91abccfdcef5525b", "eee1c88dfa7550f80af89e0eb151d63b42e39f688a1c0e0cbabcea9b05216e89", "1989d79448592be105ab6f1f234ea0af27c1e026aa432af52ef318796b0e8d58", "4d3739cee22be1965a27e0a93d86f9ec687da085bda0316bc2b3d5b91dab8c66", "c69b9f88539107e056445c94a042726977728159b570f9a7bbda367e79a5dd8a", "71987716ea01b25067278eab5961dd5e5cd8fb927a808d1799d25b41b12a5978", "818c99fec2aa30a09921ccf803d9ea06a61e5ee7cb9fd08723496193913dfe86", "c85745a40df2c26178036737592f758834a02d9cd0d27b755e55576c808babed", "5a308309eba7e75ef942ca1b1fd3858d475cafa2cd7c579e3a3f49043ce14cc0", "94aa2b152bc6fcccef890e6171571098fc13b2f4bff3c6a266c5322bdcb5cb0e", "a24e0b91c1cdb0c394ac924702a338aff81bcf2f1a043c277caea2f85cde91c1", "ba4dec73b5fe31e0558314905aed00bedda81639cc86dcfb23397a610154d437"], "mitre_attack_tags": []}, {"bi": "modified-file-in-user-dir", "hashes": ["23d38422d193586d40a773cea01e9b20ad2935d94f51e036b27b9c19e63b5fb4", "5e9e1276b69aafe7717457e61f37c671f10d539ed1844462de07604fd8e6f214", "360643ca70455c23e649632316369a4f5b78d4f31079bb62ac8e31f082678ee4", "b23fba78118e9face6efde8949e51525be2dce027352eeab823ebcac57cc92fe", "edbc8a3a4410e15b89475ee80910b7834483c99611ee06e8174aa47991ad91b1", "d250bc1a48c31bc22668874060b6bb14cffe0141fd2d24dc91abccfdcef5525b", "eee1c88dfa7550f80af89e0eb151d63b42e39f688a1c0e0cbabcea9b05216e89", "1989d79448592be105ab6f1f234ea0af27c1e026aa432af52ef318796b0e8d58", "4d3739cee22be1965a27e0a93d86f9ec687da085bda0316bc2b3d5b91dab8c66", "71987716ea01b25067278eab5961dd5e5cd8fb927a808d1799d25b41b12a5978", "818c99fec2aa30a09921ccf803d9ea06a61e5ee7cb9fd08723496193913dfe86", "c85745a40df2c26178036737592f758834a02d9cd0d27b755e55576c808babed", "5a308309eba7e75ef942ca1b1fd3858d475cafa2cd7c579e3a3f49043ce14cc0", "94aa2b152bc6fcccef890e6171571098fc13b2f4bff3c6a266c5322bdcb5cb0e", "a24e0b91c1cdb0c394ac924702a338aff81bcf2f1a043c277caea2f85cde91c1", "ba4dec73b5fe31e0558314905aed00bedda81639cc86dcfb23397a610154d437"], "mitre_attack_tags": []}, {"bi": "modified-executable", "hashes": ["23d38422d193586d40a773cea01e9b20ad2935d94f51e036b27b9c19e63b5fb4", "5e9e1276b69aafe7717457e61f37c671f10d539ed1844462de07604fd8e6f214", "b23fba78118e9face6efde8949e51525be2dce027352eeab823ebcac57cc92fe", "edbc8a3a4410e15b89475ee80910b7834483c99611ee06e8174aa47991ad91b1", "d250bc1a48c31bc22668874060b6bb14cffe0141fd2d24dc91abccfdcef5525b", "eee1c88dfa7550f80af89e0eb151d63b42e39f688a1c0e0cbabcea9b05216e89", "1989d79448592be105ab6f1f234ea0af27c1e026aa432af52ef318796b0e8d58", "4d3739cee22be1965a27e0a93d86f9ec687da085bda0316bc2b3d5b91dab8c66", "71987716ea01b25067278eab5961dd5e5cd8fb927a808d1799d25b41b12a5978", "818c99fec2aa30a09921ccf803d9ea06a61e5ee7cb9fd08723496193913dfe86", "c85745a40df2c26178036737592f758834a02d9cd0d27b755e55576c808babed", "5a308309eba7e75ef942ca1b1fd3858d475cafa2cd7c579e3a3f49043ce14cc0", "94aa2b152bc6fcccef890e6171571098fc13b2f4bff3c6a266c5322bdcb5cb0e", "a24e0b91c1cdb0c394ac924702a338aff81bcf2f1a043c277caea2f85cde91c1", "ba4dec73b5fe31e0558314905aed00bedda81639cc86dcfb23397a610154d437"], "mitre_attack_tags": []}, {"bi": "created-executable-in-user-dir", "hashes": ["23d38422d193586d40a773cea01e9b20ad2935d94f51e036b27b9c19e63b5fb4", "5e9e1276b69aafe7717457e61f37c671f10d539ed1844462de07604fd8e6f214", "b23fba78118e9face6efde8949e51525be2dce027352eeab823ebcac57cc92fe", "edbc8a3a4410e15b89475ee80910b7834483c99611ee06e8174aa47991ad91b1", "d250bc1a48c31bc22668874060b6bb14cffe0141fd2d24dc91abccfdcef5525b", "eee1c88dfa7550f80af89e0eb151d63b42e39f688a1c0e0cbabcea9b05216e89", "1989d79448592be105ab6f1f234ea0af27c1e026aa432af52ef318796b0e8d58", "4d3739cee22be1965a27e0a93d86f9ec687da085bda0316bc2b3d5b91dab8c66", "71987716ea01b25067278eab5961dd5e5cd8fb927a808d1799d25b41b12a5978", "818c99fec2aa30a09921ccf803d9ea06a61e5ee7cb9fd08723496193913dfe86", "c85745a40df2c26178036737592f758834a02d9cd0d27b755e55576c808babed", "94aa2b152bc6fcccef890e6171571098fc13b2f4bff3c6a266c5322bdcb5cb0e", "a24e0b91c1cdb0c394ac924702a338aff81bcf2f1a043c277caea2f85cde91c1", "ba4dec73b5fe31e0558314905aed00bedda81639cc86dcfb23397a610154d437"], "mitre_attack_tags": []}, {"bi": "network-fast-flux-domain", "hashes": ["23d38422d193586d40a773cea01e9b20ad2935d94f51e036b27b9c19e63b5fb4", "5e9e1276b69aafe7717457e61f37c671f10d539ed1844462de07604fd8e6f214", "edbc8a3a4410e15b89475ee80910b7834483c99611ee06e8174aa47991ad91b1", "d250bc1a48c31bc22668874060b6bb14cffe0141fd2d24dc91abccfdcef5525b", "eee1c88dfa7550f80af89e0eb151d63b42e39f688a1c0e0cbabcea9b05216e89", "1989d79448592be105ab6f1f234ea0af27c1e026aa432af52ef318796b0e8d58", "4d3739cee22be1965a27e0a93d86f9ec687da085bda0316bc2b3d5b91dab8c66", "71987716ea01b25067278eab5961dd5e5cd8fb927a808d1799d25b41b12a5978", "818c99fec2aa30a09921ccf803d9ea06a61e5ee7cb9fd08723496193913dfe86", "c85745a40df2c26178036737592f758834a02d9cd0d27b755e55576c808babed", "5a308309eba7e75ef942ca1b1fd3858d475cafa2cd7c579e3a3f49043ce14cc0", "94aa2b152bc6fcccef890e6171571098fc13b2f4bff3c6a266c5322bdcb5cb0e", "a24e0b91c1cdb0c394ac924702a338aff81bcf2f1a043c277caea2f85cde91c1", "ba4dec73b5fe31e0558314905aed00bedda81639cc86dcfb23397a610154d437"], "mitre_attack_tags": []}, {"bi": "network-only-safe-domains-contacted", "hashes": ["23d38422d193586d40a773cea01e9b20ad2935d94f51e036b27b9c19e63b5fb4", "5e9e1276b69aafe7717457e61f37c671f10d539ed1844462de07604fd8e6f214", "b23fba78118e9face6efde8949e51525be2dce027352eeab823ebcac57cc92fe", "edbc8a3a4410e15b89475ee80910b7834483c99611ee06e8174aa47991ad91b1", "d250bc1a48c31bc22668874060b6bb14cffe0141fd2d24dc91abccfdcef5525b", "eee1c88dfa7550f80af89e0eb151d63b42e39f688a1c0e0cbabcea9b05216e89", "1989d79448592be105ab6f1f234ea0af27c1e026aa432af52ef318796b0e8d58", "4d3739cee22be1965a27e0a93d86f9ec687da085bda0316bc2b3d5b91dab8c66", "71987716ea01b25067278eab5961dd5e5cd8fb927a808d1799d25b41b12a5978", "818c99fec2aa30a09921ccf803d9ea06a61e5ee7cb9fd08723496193913dfe86", "c85745a40df2c26178036737592f758834a02d9cd0d27b755e55576c808babed", "94aa2b152bc6fcccef890e6171571098fc13b2f4bff3c6a266c5322bdcb5cb0e", "a24e0b91c1cdb0c394ac924702a338aff81bcf2f1a043c277caea2f85cde91c1", "ba4dec73b5fe31e0558314905aed00bedda81639cc86dcfb23397a610154d437"], "mitre_attack_tags": []}, {"bi": "feed-domain-rat", "hashes": ["23d38422d193586d40a773cea01e9b20ad2935d94f51e036b27b9c19e63b5fb4", "5e9e1276b69aafe7717457e61f37c671f10d539ed1844462de07604fd8e6f214", "edbc8a3a4410e15b89475ee80910b7834483c99611ee06e8174aa47991ad91b1", "d250bc1a48c31bc22668874060b6bb14cffe0141fd2d24dc91abccfdcef5525b", "eee1c88dfa7550f80af89e0eb151d63b42e39f688a1c0e0cbabcea9b05216e89", "1989d79448592be105ab6f1f234ea0af27c1e026aa432af52ef318796b0e8d58", "4d3739cee22be1965a27e0a93d86f9ec687da085bda0316bc2b3d5b91dab8c66", "71987716ea01b25067278eab5961dd5e5cd8fb927a808d1799d25b41b12a5978", "818c99fec2aa30a09921ccf803d9ea06a61e5ee7cb9fd08723496193913dfe86", "c85745a40df2c26178036737592f758834a02d9cd0d27b755e55576c808babed", "5a308309eba7e75ef942ca1b1fd3858d475cafa2cd7c579e3a3f49043ce14cc0", "94aa2b152bc6fcccef890e6171571098fc13b2f4bff3c6a266c5322bdcb5cb0e", "a24e0b91c1cdb0c394ac924702a338aff81bcf2f1a043c277caea2f85cde91c1", "ba4dec73b5fe31e0558314905aed00bedda81639cc86dcfb23397a610154d437"], "mitre_attack_tags": []}, {"bi": "feed-domain-antivirus-service", "hashes": ["23d38422d193586d40a773cea01e9b20ad2935d94f51e036b27b9c19e63b5fb4", "5e9e1276b69aafe7717457e61f37c671f10d539ed1844462de07604fd8e6f214", "edbc8a3a4410e15b89475ee80910b7834483c99611ee06e8174aa47991ad91b1", "d250bc1a48c31bc22668874060b6bb14cffe0141fd2d24dc91abccfdcef5525b", "eee1c88dfa7550f80af89e0eb151d63b42e39f688a1c0e0cbabcea9b05216e89", "1989d79448592be105ab6f1f234ea0af27c1e026aa432af52ef318796b0e8d58", "4d3739cee22be1965a27e0a93d86f9ec687da085bda0316bc2b3d5b91dab8c66", "71987716ea01b25067278eab5961dd5e5cd8fb927a808d1799d25b41b12a5978", "818c99fec2aa30a09921ccf803d9ea06a61e5ee7cb9fd08723496193913dfe86", "c85745a40df2c26178036737592f758834a02d9cd0d27b755e55576c808babed", "5a308309eba7e75ef942ca1b1fd3858d475cafa2cd7c579e3a3f49043ce14cc0", "94aa2b152bc6fcccef890e6171571098fc13b2f4bff3c6a266c5322bdcb5cb0e", "a24e0b91c1cdb0c394ac924702a338aff81bcf2f1a043c277caea2f85cde91c1", "ba4dec73b5fe31e0558314905aed00bedda81639cc86dcfb23397a610154d437"], "mitre_attack_tags": []}, {"bi": "cmd-exe-file-execution", "hashes": ["23d38422d193586d40a773cea01e9b20ad2935d94f51e036b27b9c19e63b5fb4", "5e9e1276b69aafe7717457e61f37c671f10d539ed1844462de07604fd8e6f214", "edbc8a3a4410e15b89475ee80910b7834483c99611ee06e8174aa47991ad91b1", "d250bc1a48c31bc22668874060b6bb14cffe0141fd2d24dc91abccfdcef5525b", "eee1c88dfa7550f80af89e0eb151d63b42e39f688a1c0e0cbabcea9b05216e89", "1989d79448592be105ab6f1f234ea0af27c1e026aa432af52ef318796b0e8d58", "4d3739cee22be1965a27e0a93d86f9ec687da085bda0316bc2b3d5b91dab8c66", "71987716ea01b25067278eab5961dd5e5cd8fb927a808d1799d25b41b12a5978", "818c99fec2aa30a09921ccf803d9ea06a61e5ee7cb9fd08723496193913dfe86", "c85745a40df2c26178036737592f758834a02d9cd0d27b755e55576c808babed", "5a308309eba7e75ef942ca1b1fd3858d475cafa2cd7c579e3a3f49043ce14cc0", "94aa2b152bc6fcccef890e6171571098fc13b2f4bff3c6a266c5322bdcb5cb0e", "a24e0b91c1cdb0c394ac924702a338aff81bcf2f1a043c277caea2f85cde91c1", "ba4dec73b5fe31e0558314905aed00bedda81639cc86dcfb23397a610154d437"], "mitre_attack_tags": ["TA0002", "T1059"]}, {"bi": "registry-service-with-autostart-created", "hashes": ["23d38422d193586d40a773cea01e9b20ad2935d94f51e036b27b9c19e63b5fb4", "5e9e1276b69aafe7717457e61f37c671f10d539ed1844462de07604fd8e6f214", "edbc8a3a4410e15b89475ee80910b7834483c99611ee06e8174aa47991ad91b1", "d250bc1a48c31bc22668874060b6bb14cffe0141fd2d24dc91abccfdcef5525b", "eee1c88dfa7550f80af89e0eb151d63b42e39f688a1c0e0cbabcea9b05216e89", "1989d79448592be105ab6f1f234ea0af27c1e026aa432af52ef318796b0e8d58", "4d3739cee22be1965a27e0a93d86f9ec687da085bda0316bc2b3d5b91dab8c66", "71987716ea01b25067278eab5961dd5e5cd8fb927a808d1799d25b41b12a5978", "818c99fec2aa30a09921ccf803d9ea06a61e5ee7cb9fd08723496193913dfe86", "c85745a40df2c26178036737592f758834a02d9cd0d27b755e55576c808babed", "94aa2b152bc6fcccef890e6171571098fc13b2f4bff3c6a266c5322bdcb5cb0e", "a24e0b91c1cdb0c394ac924702a338aff81bcf2f1a043c277caea2f85cde91c1", "ba4dec73b5fe31e0558314905aed00bedda81639cc86dcfb23397a610154d437"], "mitre_attack_tags": ["TA0005", "TA0003", "TA0004", "T1112", "T1574"]}, {"bi": "currentcontrolset-service-added", "hashes": ["23d38422d193586d40a773cea01e9b20ad2935d94f51e036b27b9c19e63b5fb4", "5e9e1276b69aafe7717457e61f37c671f10d539ed1844462de07604fd8e6f214", "edbc8a3a4410e15b89475ee80910b7834483c99611ee06e8174aa47991ad91b1", "d250bc1a48c31bc22668874060b6bb14cffe0141fd2d24dc91abccfdcef5525b", "eee1c88dfa7550f80af89e0eb151d63b42e39f688a1c0e0cbabcea9b05216e89", "1989d79448592be105ab6f1f234ea0af27c1e026aa432af52ef318796b0e8d58", "4d3739cee22be1965a27e0a93d86f9ec687da085bda0316bc2b3d5b91dab8c66", "71987716ea01b25067278eab5961dd5e5cd8fb927a808d1799d25b41b12a5978", "818c99fec2aa30a09921ccf803d9ea06a61e5ee7cb9fd08723496193913dfe86", "c85745a40df2c26178036737592f758834a02d9cd0d27b755e55576c808babed", "94aa2b152bc6fcccef890e6171571098fc13b2f4bff3c6a266c5322bdcb5cb0e", "a24e0b91c1cdb0c394ac924702a338aff81bcf2f1a043c277caea2f85cde91c1", "ba4dec73b5fe31e0558314905aed00bedda81639cc86dcfb23397a610154d437"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1569", "T1547"]}, {"bi": "process-long-cmdline", "hashes": ["23d38422d193586d40a773cea01e9b20ad2935d94f51e036b27b9c19e63b5fb4", "5e9e1276b69aafe7717457e61f37c671f10d539ed1844462de07604fd8e6f214", "edbc8a3a4410e15b89475ee80910b7834483c99611ee06e8174aa47991ad91b1", "d250bc1a48c31bc22668874060b6bb14cffe0141fd2d24dc91abccfdcef5525b", "eee1c88dfa7550f80af89e0eb151d63b42e39f688a1c0e0cbabcea9b05216e89", "1989d79448592be105ab6f1f234ea0af27c1e026aa432af52ef318796b0e8d58", "4d3739cee22be1965a27e0a93d86f9ec687da085bda0316bc2b3d5b91dab8c66", "71987716ea01b25067278eab5961dd5e5cd8fb927a808d1799d25b41b12a5978", "818c99fec2aa30a09921ccf803d9ea06a61e5ee7cb9fd08723496193913dfe86", "c85745a40df2c26178036737592f758834a02d9cd0d27b755e55576c808babed", "94aa2b152bc6fcccef890e6171571098fc13b2f4bff3c6a266c5322bdcb5cb0e", "a24e0b91c1cdb0c394ac924702a338aff81bcf2f1a043c277caea2f85cde91c1", "ba4dec73b5fe31e0558314905aed00bedda81639cc86dcfb23397a610154d437"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "network-communications-http-get", "hashes": ["23d38422d193586d40a773cea01e9b20ad2935d94f51e036b27b9c19e63b5fb4", "5e9e1276b69aafe7717457e61f37c671f10d539ed1844462de07604fd8e6f214", "b23fba78118e9face6efde8949e51525be2dce027352eeab823ebcac57cc92fe", "edbc8a3a4410e15b89475ee80910b7834483c99611ee06e8174aa47991ad91b1", "d250bc1a48c31bc22668874060b6bb14cffe0141fd2d24dc91abccfdcef5525b", "eee1c88dfa7550f80af89e0eb151d63b42e39f688a1c0e0cbabcea9b05216e89", "1989d79448592be105ab6f1f234ea0af27c1e026aa432af52ef318796b0e8d58", "71987716ea01b25067278eab5961dd5e5cd8fb927a808d1799d25b41b12a5978", "818c99fec2aa30a09921ccf803d9ea06a61e5ee7cb9fd08723496193913dfe86", "c85745a40df2c26178036737592f758834a02d9cd0d27b755e55576c808babed", "94aa2b152bc6fcccef890e6171571098fc13b2f4bff3c6a266c5322bdcb5cb0e", "a24e0b91c1cdb0c394ac924702a338aff81bcf2f1a043c277caea2f85cde91c1", "ba4dec73b5fe31e0558314905aed00bedda81639cc86dcfb23397a610154d437"], "mitre_attack_tags": ["TA0011", "T1105"]}, {"bi": "dns-query-nxdomain", "hashes": ["23d38422d193586d40a773cea01e9b20ad2935d94f51e036b27b9c19e63b5fb4", "5e9e1276b69aafe7717457e61f37c671f10d539ed1844462de07604fd8e6f214", "edbc8a3a4410e15b89475ee80910b7834483c99611ee06e8174aa47991ad91b1", "d250bc1a48c31bc22668874060b6bb14cffe0141fd2d24dc91abccfdcef5525b", "eee1c88dfa7550f80af89e0eb151d63b42e39f688a1c0e0cbabcea9b05216e89", "1989d79448592be105ab6f1f234ea0af27c1e026aa432af52ef318796b0e8d58", "4d3739cee22be1965a27e0a93d86f9ec687da085bda0316bc2b3d5b91dab8c66", "71987716ea01b25067278eab5961dd5e5cd8fb927a808d1799d25b41b12a5978", "818c99fec2aa30a09921ccf803d9ea06a61e5ee7cb9fd08723496193913dfe86", "c85745a40df2c26178036737592f758834a02d9cd0d27b755e55576c808babed", "94aa2b152bc6fcccef890e6171571098fc13b2f4bff3c6a266c5322bdcb5cb0e", "a24e0b91c1cdb0c394ac924702a338aff81bcf2f1a043c277caea2f85cde91c1", "ba4dec73b5fe31e0558314905aed00bedda81639cc86dcfb23397a610154d437"], "mitre_attack_tags": []}, {"bi": "netsh-firewall-generic", "hashes": ["23d38422d193586d40a773cea01e9b20ad2935d94f51e036b27b9c19e63b5fb4", "5e9e1276b69aafe7717457e61f37c671f10d539ed1844462de07604fd8e6f214", "edbc8a3a4410e15b89475ee80910b7834483c99611ee06e8174aa47991ad91b1", "d250bc1a48c31bc22668874060b6bb14cffe0141fd2d24dc91abccfdcef5525b", "eee1c88dfa7550f80af89e0eb151d63b42e39f688a1c0e0cbabcea9b05216e89", "1989d79448592be105ab6f1f234ea0af27c1e026aa432af52ef318796b0e8d58", "4d3739cee22be1965a27e0a93d86f9ec687da085bda0316bc2b3d5b91dab8c66", "71987716ea01b25067278eab5961dd5e5cd8fb927a808d1799d25b41b12a5978", "818c99fec2aa30a09921ccf803d9ea06a61e5ee7cb9fd08723496193913dfe86", "c85745a40df2c26178036737592f758834a02d9cd0d27b755e55576c808babed", "94aa2b152bc6fcccef890e6171571098fc13b2f4bff3c6a266c5322bdcb5cb0e", "a24e0b91c1cdb0c394ac924702a338aff81bcf2f1a043c277caea2f85cde91c1", "ba4dec73b5fe31e0558314905aed00bedda81639cc86dcfb23397a610154d437"], "mitre_attack_tags": ["TA0007", "TA0005", "T1016", "T1562"]}, {"bi": "registry-windows-defender-exclusions-added", "hashes": ["23d38422d193586d40a773cea01e9b20ad2935d94f51e036b27b9c19e63b5fb4", "5e9e1276b69aafe7717457e61f37c671f10d539ed1844462de07604fd8e6f214", "edbc8a3a4410e15b89475ee80910b7834483c99611ee06e8174aa47991ad91b1", "d250bc1a48c31bc22668874060b6bb14cffe0141fd2d24dc91abccfdcef5525b", "eee1c88dfa7550f80af89e0eb151d63b42e39f688a1c0e0cbabcea9b05216e89", "1989d79448592be105ab6f1f234ea0af27c1e026aa432af52ef318796b0e8d58", "4d3739cee22be1965a27e0a93d86f9ec687da085bda0316bc2b3d5b91dab8c66", "71987716ea01b25067278eab5961dd5e5cd8fb927a808d1799d25b41b12a5978", "818c99fec2aa30a09921ccf803d9ea06a61e5ee7cb9fd08723496193913dfe86", "c85745a40df2c26178036737592f758834a02d9cd0d27b755e55576c808babed", "94aa2b152bc6fcccef890e6171571098fc13b2f4bff3c6a266c5322bdcb5cb0e", "a24e0b91c1cdb0c394ac924702a338aff81bcf2f1a043c277caea2f85cde91c1", "ba4dec73b5fe31e0558314905aed00bedda81639cc86dcfb23397a610154d437"], "mitre_attack_tags": ["TA0005", "T1562"]}, {"bi": "netsh-firewall-add", "hashes": ["23d38422d193586d40a773cea01e9b20ad2935d94f51e036b27b9c19e63b5fb4", "5e9e1276b69aafe7717457e61f37c671f10d539ed1844462de07604fd8e6f214", "edbc8a3a4410e15b89475ee80910b7834483c99611ee06e8174aa47991ad91b1", "d250bc1a48c31bc22668874060b6bb14cffe0141fd2d24dc91abccfdcef5525b", "eee1c88dfa7550f80af89e0eb151d63b42e39f688a1c0e0cbabcea9b05216e89", "1989d79448592be105ab6f1f234ea0af27c1e026aa432af52ef318796b0e8d58", "4d3739cee22be1965a27e0a93d86f9ec687da085bda0316bc2b3d5b91dab8c66", "71987716ea01b25067278eab5961dd5e5cd8fb927a808d1799d25b41b12a5978", "818c99fec2aa30a09921ccf803d9ea06a61e5ee7cb9fd08723496193913dfe86", "c85745a40df2c26178036737592f758834a02d9cd0d27b755e55576c808babed", "94aa2b152bc6fcccef890e6171571098fc13b2f4bff3c6a266c5322bdcb5cb0e", "a24e0b91c1cdb0c394ac924702a338aff81bcf2f1a043c277caea2f85cde91c1", "ba4dec73b5fe31e0558314905aed00bedda81639cc86dcfb23397a610154d437"], "mitre_attack_tags": ["TA0005", "T1562"]}, {"bi": "listening-port-opened", "hashes": ["23d38422d193586d40a773cea01e9b20ad2935d94f51e036b27b9c19e63b5fb4", "5e9e1276b69aafe7717457e61f37c671f10d539ed1844462de07604fd8e6f214", "edbc8a3a4410e15b89475ee80910b7834483c99611ee06e8174aa47991ad91b1", "d250bc1a48c31bc22668874060b6bb14cffe0141fd2d24dc91abccfdcef5525b", "eee1c88dfa7550f80af89e0eb151d63b42e39f688a1c0e0cbabcea9b05216e89", "1989d79448592be105ab6f1f234ea0af27c1e026aa432af52ef318796b0e8d58", "71987716ea01b25067278eab5961dd5e5cd8fb927a808d1799d25b41b12a5978", "818c99fec2aa30a09921ccf803d9ea06a61e5ee7cb9fd08723496193913dfe86", "c85745a40df2c26178036737592f758834a02d9cd0d27b755e55576c808babed", "94aa2b152bc6fcccef890e6171571098fc13b2f4bff3c6a266c5322bdcb5cb0e", "a24e0b91c1cdb0c394ac924702a338aff81bcf2f1a043c277caea2f85cde91c1", "ba4dec73b5fe31e0558314905aed00bedda81639cc86dcfb23397a610154d437"], "mitre_attack_tags": ["TA0011", "T1219"]}, {"bi": "network-snort-protocol", "hashes": ["edbc8a3a4410e15b89475ee80910b7834483c99611ee06e8174aa47991ad91b1", "d250bc1a48c31bc22668874060b6bb14cffe0141fd2d24dc91abccfdcef5525b", "4d3739cee22be1965a27e0a93d86f9ec687da085bda0316bc2b3d5b91dab8c66", "71987716ea01b25067278eab5961dd5e5cd8fb927a808d1799d25b41b12a5978", "818c99fec2aa30a09921ccf803d9ea06a61e5ee7cb9fd08723496193913dfe86", "c85745a40df2c26178036737592f758834a02d9cd0d27b755e55576c808babed", "5a308309eba7e75ef942ca1b1fd3858d475cafa2cd7c579e3a3f49043ce14cc0", "94aa2b152bc6fcccef890e6171571098fc13b2f4bff3c6a266c5322bdcb5cb0e", "a24e0b91c1cdb0c394ac924702a338aff81bcf2f1a043c277caea2f85cde91c1", "ba4dec73b5fe31e0558314905aed00bedda81639cc86dcfb23397a610154d437"], "mitre_attack_tags": []}, {"bi": "excessive-foreign-memory-modification", "hashes": ["edbc8a3a4410e15b89475ee80910b7834483c99611ee06e8174aa47991ad91b1", "d250bc1a48c31bc22668874060b6bb14cffe0141fd2d24dc91abccfdcef5525b", "4d3739cee22be1965a27e0a93d86f9ec687da085bda0316bc2b3d5b91dab8c66", "71987716ea01b25067278eab5961dd5e5cd8fb927a808d1799d25b41b12a5978", "818c99fec2aa30a09921ccf803d9ea06a61e5ee7cb9fd08723496193913dfe86", "c85745a40df2c26178036737592f758834a02d9cd0d27b755e55576c808babed", "5a308309eba7e75ef942ca1b1fd3858d475cafa2cd7c579e3a3f49043ce14cc0", "94aa2b152bc6fcccef890e6171571098fc13b2f4bff3c6a266c5322bdcb5cb0e", "a24e0b91c1cdb0c394ac924702a338aff81bcf2f1a043c277caea2f85cde91c1", "ba4dec73b5fe31e0558314905aed00bedda81639cc86dcfb23397a610154d437"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "file-alternate-data-stream-modification", "hashes": ["edbc8a3a4410e15b89475ee80910b7834483c99611ee06e8174aa47991ad91b1", "d250bc1a48c31bc22668874060b6bb14cffe0141fd2d24dc91abccfdcef5525b", "4d3739cee22be1965a27e0a93d86f9ec687da085bda0316bc2b3d5b91dab8c66", "71987716ea01b25067278eab5961dd5e5cd8fb927a808d1799d25b41b12a5978", "818c99fec2aa30a09921ccf803d9ea06a61e5ee7cb9fd08723496193913dfe86", "c85745a40df2c26178036737592f758834a02d9cd0d27b755e55576c808babed", "5a308309eba7e75ef942ca1b1fd3858d475cafa2cd7c579e3a3f49043ce14cc0", "94aa2b152bc6fcccef890e6171571098fc13b2f4bff3c6a266c5322bdcb5cb0e", "a24e0b91c1cdb0c394ac924702a338aff81bcf2f1a043c277caea2f85cde91c1", "ba4dec73b5fe31e0558314905aed00bedda81639cc86dcfb23397a610154d437"], "mitre_attack_tags": ["TA0005", "T1564"]}, {"bi": "file-alternate-data-stream-creation", "hashes": ["edbc8a3a4410e15b89475ee80910b7834483c99611ee06e8174aa47991ad91b1", "d250bc1a48c31bc22668874060b6bb14cffe0141fd2d24dc91abccfdcef5525b", "4d3739cee22be1965a27e0a93d86f9ec687da085bda0316bc2b3d5b91dab8c66", "71987716ea01b25067278eab5961dd5e5cd8fb927a808d1799d25b41b12a5978", "818c99fec2aa30a09921ccf803d9ea06a61e5ee7cb9fd08723496193913dfe86", "c85745a40df2c26178036737592f758834a02d9cd0d27b755e55576c808babed", "5a308309eba7e75ef942ca1b1fd3858d475cafa2cd7c579e3a3f49043ce14cc0", "94aa2b152bc6fcccef890e6171571098fc13b2f4bff3c6a266c5322bdcb5cb0e", "a24e0b91c1cdb0c394ac924702a338aff81bcf2f1a043c277caea2f85cde91c1", "ba4dec73b5fe31e0558314905aed00bedda81639cc86dcfb23397a610154d437"], "mitre_attack_tags": ["TA0005", "T1564"]}, {"bi": "pe-invalid-checksum", "hashes": ["edbc8a3a4410e15b89475ee80910b7834483c99611ee06e8174aa47991ad91b1", "d250bc1a48c31bc22668874060b6bb14cffe0141fd2d24dc91abccfdcef5525b", "4d3739cee22be1965a27e0a93d86f9ec687da085bda0316bc2b3d5b91dab8c66", "71987716ea01b25067278eab5961dd5e5cd8fb927a808d1799d25b41b12a5978", "818c99fec2aa30a09921ccf803d9ea06a61e5ee7cb9fd08723496193913dfe86", "c85745a40df2c26178036737592f758834a02d9cd0d27b755e55576c808babed", "94aa2b152bc6fcccef890e6171571098fc13b2f4bff3c6a266c5322bdcb5cb0e", "a24e0b91c1cdb0c394ac924702a338aff81bcf2f1a043c277caea2f85cde91c1", "ba4dec73b5fe31e0558314905aed00bedda81639cc86dcfb23397a610154d437"], "mitre_attack_tags": []}, {"bi": "network-communications-smtp", "hashes": ["edbc8a3a4410e15b89475ee80910b7834483c99611ee06e8174aa47991ad91b1", "d250bc1a48c31bc22668874060b6bb14cffe0141fd2d24dc91abccfdcef5525b", "4d3739cee22be1965a27e0a93d86f9ec687da085bda0316bc2b3d5b91dab8c66", "71987716ea01b25067278eab5961dd5e5cd8fb927a808d1799d25b41b12a5978", "818c99fec2aa30a09921ccf803d9ea06a61e5ee7cb9fd08723496193913dfe86", "c85745a40df2c26178036737592f758834a02d9cd0d27b755e55576c808babed", "94aa2b152bc6fcccef890e6171571098fc13b2f4bff3c6a266c5322bdcb5cb0e", "a24e0b91c1cdb0c394ac924702a338aff81bcf2f1a043c277caea2f85cde91c1", "ba4dec73b5fe31e0558314905aed00bedda81639cc86dcfb23397a610154d437"], "mitre_attack_tags": ["TA0011", "T1071"]}, {"bi": "network-smtp-spambot", "hashes": ["edbc8a3a4410e15b89475ee80910b7834483c99611ee06e8174aa47991ad91b1", "d250bc1a48c31bc22668874060b6bb14cffe0141fd2d24dc91abccfdcef5525b", "4d3739cee22be1965a27e0a93d86f9ec687da085bda0316bc2b3d5b91dab8c66", "71987716ea01b25067278eab5961dd5e5cd8fb927a808d1799d25b41b12a5978", "818c99fec2aa30a09921ccf803d9ea06a61e5ee7cb9fd08723496193913dfe86", "c85745a40df2c26178036737592f758834a02d9cd0d27b755e55576c808babed", "94aa2b152bc6fcccef890e6171571098fc13b2f4bff3c6a266c5322bdcb5cb0e", "a24e0b91c1cdb0c394ac924702a338aff81bcf2f1a043c277caea2f85cde91c1", "ba4dec73b5fe31e0558314905aed00bedda81639cc86dcfb23397a610154d437"], "mitre_attack_tags": []}, {"bi": "process-requested-named-pipe", "hashes": ["edbc8a3a4410e15b89475ee80910b7834483c99611ee06e8174aa47991ad91b1", "d250bc1a48c31bc22668874060b6bb14cffe0141fd2d24dc91abccfdcef5525b", "4d3739cee22be1965a27e0a93d86f9ec687da085bda0316bc2b3d5b91dab8c66", "71987716ea01b25067278eab5961dd5e5cd8fb927a808d1799d25b41b12a5978", "818c99fec2aa30a09921ccf803d9ea06a61e5ee7cb9fd08723496193913dfe86", "c85745a40df2c26178036737592f758834a02d9cd0d27b755e55576c808babed", "94aa2b152bc6fcccef890e6171571098fc13b2f4bff3c6a266c5322bdcb5cb0e", "a24e0b91c1cdb0c394ac924702a338aff81bcf2f1a043c277caea2f85cde91c1", "ba4dec73b5fe31e0558314905aed00bedda81639cc86dcfb23397a610154d437"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "deleted-submitted-file", "hashes": ["edbc8a3a4410e15b89475ee80910b7834483c99611ee06e8174aa47991ad91b1", "d250bc1a48c31bc22668874060b6bb14cffe0141fd2d24dc91abccfdcef5525b", "4d3739cee22be1965a27e0a93d86f9ec687da085bda0316bc2b3d5b91dab8c66", "71987716ea01b25067278eab5961dd5e5cd8fb927a808d1799d25b41b12a5978", "818c99fec2aa30a09921ccf803d9ea06a61e5ee7cb9fd08723496193913dfe86", "c85745a40df2c26178036737592f758834a02d9cd0d27b755e55576c808babed", "94aa2b152bc6fcccef890e6171571098fc13b2f4bff3c6a266c5322bdcb5cb0e", "a24e0b91c1cdb0c394ac924702a338aff81bcf2f1a043c277caea2f85cde91c1", "ba4dec73b5fe31e0558314905aed00bedda81639cc86dcfb23397a610154d437"], "mitre_attack_tags": ["TA0005", "T1070"]}, {"bi": "process-svchost-suspicious-launch", "hashes": ["edbc8a3a4410e15b89475ee80910b7834483c99611ee06e8174aa47991ad91b1", "d250bc1a48c31bc22668874060b6bb14cffe0141fd2d24dc91abccfdcef5525b", "4d3739cee22be1965a27e0a93d86f9ec687da085bda0316bc2b3d5b91dab8c66", "71987716ea01b25067278eab5961dd5e5cd8fb927a808d1799d25b41b12a5978", "818c99fec2aa30a09921ccf803d9ea06a61e5ee7cb9fd08723496193913dfe86", "c85745a40df2c26178036737592f758834a02d9cd0d27b755e55576c808babed", "94aa2b152bc6fcccef890e6171571098fc13b2f4bff3c6a266c5322bdcb5cb0e", "a24e0b91c1cdb0c394ac924702a338aff81bcf2f1a043c277caea2f85cde91c1", "ba4dec73b5fe31e0558314905aed00bedda81639cc86dcfb23397a610154d437"], "mitre_attack_tags": ["TA0005", "T1036"]}, {"bi": "malware-compound-cta-activity", "hashes": ["edbc8a3a4410e15b89475ee80910b7834483c99611ee06e8174aa47991ad91b1", "d250bc1a48c31bc22668874060b6bb14cffe0141fd2d24dc91abccfdcef5525b", "4d3739cee22be1965a27e0a93d86f9ec687da085bda0316bc2b3d5b91dab8c66", "71987716ea01b25067278eab5961dd5e5cd8fb927a808d1799d25b41b12a5978", "818c99fec2aa30a09921ccf803d9ea06a61e5ee7cb9fd08723496193913dfe86", "c85745a40df2c26178036737592f758834a02d9cd0d27b755e55576c808babed", "94aa2b152bc6fcccef890e6171571098fc13b2f4bff3c6a266c5322bdcb5cb0e", "a24e0b91c1cdb0c394ac924702a338aff81bcf2f1a043c277caea2f85cde91c1", "ba4dec73b5fe31e0558314905aed00bedda81639cc86dcfb23397a610154d437"], "mitre_attack_tags": []}, {"bi": "sc-service-start", "hashes": ["edbc8a3a4410e15b89475ee80910b7834483c99611ee06e8174aa47991ad91b1", "d250bc1a48c31bc22668874060b6bb14cffe0141fd2d24dc91abccfdcef5525b", "4d3739cee22be1965a27e0a93d86f9ec687da085bda0316bc2b3d5b91dab8c66", "71987716ea01b25067278eab5961dd5e5cd8fb927a808d1799d25b41b12a5978", "818c99fec2aa30a09921ccf803d9ea06a61e5ee7cb9fd08723496193913dfe86", "c85745a40df2c26178036737592f758834a02d9cd0d27b755e55576c808babed", "94aa2b152bc6fcccef890e6171571098fc13b2f4bff3c6a266c5322bdcb5cb0e", "a24e0b91c1cdb0c394ac924702a338aff81bcf2f1a043c277caea2f85cde91c1", "ba4dec73b5fe31e0558314905aed00bedda81639cc86dcfb23397a610154d437"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1569", "T1543"]}, {"bi": "netbios-null-domain", "hashes": ["edbc8a3a4410e15b89475ee80910b7834483c99611ee06e8174aa47991ad91b1", "d250bc1a48c31bc22668874060b6bb14cffe0141fd2d24dc91abccfdcef5525b", "4d3739cee22be1965a27e0a93d86f9ec687da085bda0316bc2b3d5b91dab8c66", "71987716ea01b25067278eab5961dd5e5cd8fb927a808d1799d25b41b12a5978", "818c99fec2aa30a09921ccf803d9ea06a61e5ee7cb9fd08723496193913dfe86", "c85745a40df2c26178036737592f758834a02d9cd0d27b755e55576c808babed", "94aa2b152bc6fcccef890e6171571098fc13b2f4bff3c6a266c5322bdcb5cb0e", "a24e0b91c1cdb0c394ac924702a338aff81bcf2f1a043c277caea2f85cde91c1", "ba4dec73b5fe31e0558314905aed00bedda81639cc86dcfb23397a610154d437"], "mitre_attack_tags": []}, {"bi": "malware-tofsee-cmd-detected", "hashes": ["edbc8a3a4410e15b89475ee80910b7834483c99611ee06e8174aa47991ad91b1", "d250bc1a48c31bc22668874060b6bb14cffe0141fd2d24dc91abccfdcef5525b", "4d3739cee22be1965a27e0a93d86f9ec687da085bda0316bc2b3d5b91dab8c66", "71987716ea01b25067278eab5961dd5e5cd8fb927a808d1799d25b41b12a5978", "818c99fec2aa30a09921ccf803d9ea06a61e5ee7cb9fd08723496193913dfe86", "c85745a40df2c26178036737592f758834a02d9cd0d27b755e55576c808babed", "94aa2b152bc6fcccef890e6171571098fc13b2f4bff3c6a266c5322bdcb5cb0e", "a24e0b91c1cdb0c394ac924702a338aff81bcf2f1a043c277caea2f85cde91c1", "ba4dec73b5fe31e0558314905aed00bedda81639cc86dcfb23397a610154d437"], "mitre_attack_tags": ["TA0005", "T1562"]}, {"bi": "sc-service-create", "hashes": ["edbc8a3a4410e15b89475ee80910b7834483c99611ee06e8174aa47991ad91b1", "d250bc1a48c31bc22668874060b6bb14cffe0141fd2d24dc91abccfdcef5525b", "4d3739cee22be1965a27e0a93d86f9ec687da085bda0316bc2b3d5b91dab8c66", "71987716ea01b25067278eab5961dd5e5cd8fb927a808d1799d25b41b12a5978", "818c99fec2aa30a09921ccf803d9ea06a61e5ee7cb9fd08723496193913dfe86", "c85745a40df2c26178036737592f758834a02d9cd0d27b755e55576c808babed", "94aa2b152bc6fcccef890e6171571098fc13b2f4bff3c6a266c5322bdcb5cb0e", "a24e0b91c1cdb0c394ac924702a338aff81bcf2f1a043c277caea2f85cde91c1", "ba4dec73b5fe31e0558314905aed00bedda81639cc86dcfb23397a610154d437"], "mitre_attack_tags": ["TA0003", "TA0004", "T1543"]}, {"bi": "new-service-launched", "hashes": ["edbc8a3a4410e15b89475ee80910b7834483c99611ee06e8174aa47991ad91b1", "d250bc1a48c31bc22668874060b6bb14cffe0141fd2d24dc91abccfdcef5525b", "4d3739cee22be1965a27e0a93d86f9ec687da085bda0316bc2b3d5b91dab8c66", "71987716ea01b25067278eab5961dd5e5cd8fb927a808d1799d25b41b12a5978", "818c99fec2aa30a09921ccf803d9ea06a61e5ee7cb9fd08723496193913dfe86", "c85745a40df2c26178036737592f758834a02d9cd0d27b755e55576c808babed", "94aa2b152bc6fcccef890e6171571098fc13b2f4bff3c6a266c5322bdcb5cb0e", "a24e0b91c1cdb0c394ac924702a338aff81bcf2f1a043c277caea2f85cde91c1", "ba4dec73b5fe31e0558314905aed00bedda81639cc86dcfb23397a610154d437"], "mitre_attack_tags": ["TA0002", "T1569"]}, {"bi": "dns-bypassed-assigned-server", "hashes": ["edbc8a3a4410e15b89475ee80910b7834483c99611ee06e8174aa47991ad91b1", "d250bc1a48c31bc22668874060b6bb14cffe0141fd2d24dc91abccfdcef5525b", "4d3739cee22be1965a27e0a93d86f9ec687da085bda0316bc2b3d5b91dab8c66", "71987716ea01b25067278eab5961dd5e5cd8fb927a808d1799d25b41b12a5978", "818c99fec2aa30a09921ccf803d9ea06a61e5ee7cb9fd08723496193913dfe86", "c85745a40df2c26178036737592f758834a02d9cd0d27b755e55576c808babed", "94aa2b152bc6fcccef890e6171571098fc13b2f4bff3c6a266c5322bdcb5cb0e", "a24e0b91c1cdb0c394ac924702a338aff81bcf2f1a043c277caea2f85cde91c1", "ba4dec73b5fe31e0558314905aed00bedda81639cc86dcfb23397a610154d437"], "mitre_attack_tags": ["TA0011", "TA0005"]}, {"bi": "sc-service-create-execute", "hashes": ["edbc8a3a4410e15b89475ee80910b7834483c99611ee06e8174aa47991ad91b1", "d250bc1a48c31bc22668874060b6bb14cffe0141fd2d24dc91abccfdcef5525b", "4d3739cee22be1965a27e0a93d86f9ec687da085bda0316bc2b3d5b91dab8c66", "71987716ea01b25067278eab5961dd5e5cd8fb927a808d1799d25b41b12a5978", "818c99fec2aa30a09921ccf803d9ea06a61e5ee7cb9fd08723496193913dfe86", "c85745a40df2c26178036737592f758834a02d9cd0d27b755e55576c808babed", "94aa2b152bc6fcccef890e6171571098fc13b2f4bff3c6a266c5322bdcb5cb0e", "a24e0b91c1cdb0c394ac924702a338aff81bcf2f1a043c277caea2f85cde91c1", "ba4dec73b5fe31e0558314905aed00bedda81639cc86dcfb23397a610154d437"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1569", "T1543"]}, {"bi": "network-communications-http-post", "hashes": ["23d38422d193586d40a773cea01e9b20ad2935d94f51e036b27b9c19e63b5fb4", "5e9e1276b69aafe7717457e61f37c671f10d539ed1844462de07604fd8e6f214", "edbc8a3a4410e15b89475ee80910b7834483c99611ee06e8174aa47991ad91b1", "d250bc1a48c31bc22668874060b6bb14cffe0141fd2d24dc91abccfdcef5525b", "1989d79448592be105ab6f1f234ea0af27c1e026aa432af52ef318796b0e8d58", "71987716ea01b25067278eab5961dd5e5cd8fb927a808d1799d25b41b12a5978", "818c99fec2aa30a09921ccf803d9ea06a61e5ee7cb9fd08723496193913dfe86", "ba4dec73b5fe31e0558314905aed00bedda81639cc86dcfb23397a610154d437"], "mitre_attack_tags": ["TA0010", "T1048"]}, {"bi": "http-response-redirect", "hashes": ["23d38422d193586d40a773cea01e9b20ad2935d94f51e036b27b9c19e63b5fb4", "5e9e1276b69aafe7717457e61f37c671f10d539ed1844462de07604fd8e6f214", "edbc8a3a4410e15b89475ee80910b7834483c99611ee06e8174aa47991ad91b1", "eee1c88dfa7550f80af89e0eb151d63b42e39f688a1c0e0cbabcea9b05216e89", "1989d79448592be105ab6f1f234ea0af27c1e026aa432af52ef318796b0e8d58", "c85745a40df2c26178036737592f758834a02d9cd0d27b755e55576c808babed", "94aa2b152bc6fcccef890e6171571098fc13b2f4bff3c6a266c5322bdcb5cb0e", "a24e0b91c1cdb0c394ac924702a338aff81bcf2f1a043c277caea2f85cde91c1"], "mitre_attack_tags": []}, {"bi": "nginx-webserver-detected", "hashes": ["edbc8a3a4410e15b89475ee80910b7834483c99611ee06e8174aa47991ad91b1", "d250bc1a48c31bc22668874060b6bb14cffe0141fd2d24dc91abccfdcef5525b", "71987716ea01b25067278eab5961dd5e5cd8fb927a808d1799d25b41b12a5978", "818c99fec2aa30a09921ccf803d9ea06a61e5ee7cb9fd08723496193913dfe86", "c85745a40df2c26178036737592f758834a02d9cd0d27b755e55576c808babed", "94aa2b152bc6fcccef890e6171571098fc13b2f4bff3c6a266c5322bdcb5cb0e", "a24e0b91c1cdb0c394ac924702a338aff81bcf2f1a043c277caea2f85cde91c1", "ba4dec73b5fe31e0558314905aed00bedda81639cc86dcfb23397a610154d437"], "mitre_attack_tags": []}, {"bi": "network-fast-flux-nameserver", "hashes": ["edbc8a3a4410e15b89475ee80910b7834483c99611ee06e8174aa47991ad91b1", "d250bc1a48c31bc22668874060b6bb14cffe0141fd2d24dc91abccfdcef5525b", "71987716ea01b25067278eab5961dd5e5cd8fb927a808d1799d25b41b12a5978", "818c99fec2aa30a09921ccf803d9ea06a61e5ee7cb9fd08723496193913dfe86", "c85745a40df2c26178036737592f758834a02d9cd0d27b755e55576c808babed", "94aa2b152bc6fcccef890e6171571098fc13b2f4bff3c6a266c5322bdcb5cb0e", "a24e0b91c1cdb0c394ac924702a338aff81bcf2f1a043c277caea2f85cde91c1", "ba4dec73b5fe31e0558314905aed00bedda81639cc86dcfb23397a610154d437"], "mitre_attack_tags": []}, {"bi": "dns-excessive-domain-queries", "hashes": ["edbc8a3a4410e15b89475ee80910b7834483c99611ee06e8174aa47991ad91b1", "d250bc1a48c31bc22668874060b6bb14cffe0141fd2d24dc91abccfdcef5525b", "71987716ea01b25067278eab5961dd5e5cd8fb927a808d1799d25b41b12a5978", "818c99fec2aa30a09921ccf803d9ea06a61e5ee7cb9fd08723496193913dfe86", "c85745a40df2c26178036737592f758834a02d9cd0d27b755e55576c808babed", "94aa2b152bc6fcccef890e6171571098fc13b2f4bff3c6a266c5322bdcb5cb0e", "a24e0b91c1cdb0c394ac924702a338aff81bcf2f1a043c277caea2f85cde91c1", "ba4dec73b5fe31e0558314905aed00bedda81639cc86dcfb23397a610154d437"], "mitre_attack_tags": ["TA0011", "T1008"]}, {"bi": "localhost-ipaddress-detected", "hashes": ["edbc8a3a4410e15b89475ee80910b7834483c99611ee06e8174aa47991ad91b1", "d250bc1a48c31bc22668874060b6bb14cffe0141fd2d24dc91abccfdcef5525b", "71987716ea01b25067278eab5961dd5e5cd8fb927a808d1799d25b41b12a5978", "818c99fec2aa30a09921ccf803d9ea06a61e5ee7cb9fd08723496193913dfe86", "c85745a40df2c26178036737592f758834a02d9cd0d27b755e55576c808babed", "94aa2b152bc6fcccef890e6171571098fc13b2f4bff3c6a266c5322bdcb5cb0e", "a24e0b91c1cdb0c394ac924702a338aff81bcf2f1a043c277caea2f85cde91c1", "ba4dec73b5fe31e0558314905aed00bedda81639cc86dcfb23397a610154d437"], "mitre_attack_tags": []}, {"bi": "registry-large-data-entry", "hashes": ["edbc8a3a4410e15b89475ee80910b7834483c99611ee06e8174aa47991ad91b1", "d250bc1a48c31bc22668874060b6bb14cffe0141fd2d24dc91abccfdcef5525b", "71987716ea01b25067278eab5961dd5e5cd8fb927a808d1799d25b41b12a5978", "818c99fec2aa30a09921ccf803d9ea06a61e5ee7cb9fd08723496193913dfe86", "c85745a40df2c26178036737592f758834a02d9cd0d27b755e55576c808babed", "94aa2b152bc6fcccef890e6171571098fc13b2f4bff3c6a266c5322bdcb5cb0e", "a24e0b91c1cdb0c394ac924702a338aff81bcf2f1a043c277caea2f85cde91c1", "ba4dec73b5fe31e0558314905aed00bedda81639cc86dcfb23397a610154d437"], "mitre_attack_tags": ["TA0005", "T1112"]}, {"bi": "malware-tofsee-domain-detected", "hashes": ["edbc8a3a4410e15b89475ee80910b7834483c99611ee06e8174aa47991ad91b1", "d250bc1a48c31bc22668874060b6bb14cffe0141fd2d24dc91abccfdcef5525b", "71987716ea01b25067278eab5961dd5e5cd8fb927a808d1799d25b41b12a5978", "818c99fec2aa30a09921ccf803d9ea06a61e5ee7cb9fd08723496193913dfe86", "c85745a40df2c26178036737592f758834a02d9cd0d27b755e55576c808babed", "94aa2b152bc6fcccef890e6171571098fc13b2f4bff3c6a266c5322bdcb5cb0e", "a24e0b91c1cdb0c394ac924702a338aff81bcf2f1a043c277caea2f85cde91c1", "ba4dec73b5fe31e0558314905aed00bedda81639cc86dcfb23397a610154d437"], "mitre_attack_tags": []}, {"bi": "malware-tofsee-filepath", "hashes": ["edbc8a3a4410e15b89475ee80910b7834483c99611ee06e8174aa47991ad91b1", "d250bc1a48c31bc22668874060b6bb14cffe0141fd2d24dc91abccfdcef5525b", "71987716ea01b25067278eab5961dd5e5cd8fb927a808d1799d25b41b12a5978", "818c99fec2aa30a09921ccf803d9ea06a61e5ee7cb9fd08723496193913dfe86", "c85745a40df2c26178036737592f758834a02d9cd0d27b755e55576c808babed", "94aa2b152bc6fcccef890e6171571098fc13b2f4bff3c6a266c5322bdcb5cb0e", "a24e0b91c1cdb0c394ac924702a338aff81bcf2f1a043c277caea2f85cde91c1", "ba4dec73b5fe31e0558314905aed00bedda81639cc86dcfb23397a610154d437"], "mitre_attack_tags": ["TA0011", "TA0005", "T1105", "T1112"]}, {"bi": "zen-spamhaus-domain-contacted", "hashes": ["edbc8a3a4410e15b89475ee80910b7834483c99611ee06e8174aa47991ad91b1", "d250bc1a48c31bc22668874060b6bb14cffe0141fd2d24dc91abccfdcef5525b", "71987716ea01b25067278eab5961dd5e5cd8fb927a808d1799d25b41b12a5978", "818c99fec2aa30a09921ccf803d9ea06a61e5ee7cb9fd08723496193913dfe86", "c85745a40df2c26178036737592f758834a02d9cd0d27b755e55576c808babed", "94aa2b152bc6fcccef890e6171571098fc13b2f4bff3c6a266c5322bdcb5cb0e", "a24e0b91c1cdb0c394ac924702a338aff81bcf2f1a043c277caea2f85cde91c1", "ba4dec73b5fe31e0558314905aed00bedda81639cc86dcfb23397a610154d437"], "mitre_attack_tags": ["TA0005", "TA0007", "T1497"]}, {"bi": "excessive-tcp-connections", "hashes": ["23d38422d193586d40a773cea01e9b20ad2935d94f51e036b27b9c19e63b5fb4", "5e9e1276b69aafe7717457e61f37c671f10d539ed1844462de07604fd8e6f214", "edbc8a3a4410e15b89475ee80910b7834483c99611ee06e8174aa47991ad91b1", "1989d79448592be105ab6f1f234ea0af27c1e026aa432af52ef318796b0e8d58", "71987716ea01b25067278eab5961dd5e5cd8fb927a808d1799d25b41b12a5978", "818c99fec2aa30a09921ccf803d9ea06a61e5ee7cb9fd08723496193913dfe86", "94aa2b152bc6fcccef890e6171571098fc13b2f4bff3c6a266c5322bdcb5cb0e"], "mitre_attack_tags": ["TA0011", "T1095", "T1008"]}, {"bi": "network-snort-sensitive-data", "hashes": ["edbc8a3a4410e15b89475ee80910b7834483c99611ee06e8174aa47991ad91b1", "d250bc1a48c31bc22668874060b6bb14cffe0141fd2d24dc91abccfdcef5525b", "71987716ea01b25067278eab5961dd5e5cd8fb927a808d1799d25b41b12a5978", "818c99fec2aa30a09921ccf803d9ea06a61e5ee7cb9fd08723496193913dfe86", "c85745a40df2c26178036737592f758834a02d9cd0d27b755e55576c808babed", "94aa2b152bc6fcccef890e6171571098fc13b2f4bff3c6a266c5322bdcb5cb0e", "ba4dec73b5fe31e0558314905aed00bedda81639cc86dcfb23397a610154d437"], "mitre_attack_tags": []}, {"bi": "double-url-detected", "hashes": ["edbc8a3a4410e15b89475ee80910b7834483c99611ee06e8174aa47991ad91b1", "d250bc1a48c31bc22668874060b6bb14cffe0141fd2d24dc91abccfdcef5525b", "71987716ea01b25067278eab5961dd5e5cd8fb927a808d1799d25b41b12a5978", "818c99fec2aa30a09921ccf803d9ea06a61e5ee7cb9fd08723496193913dfe86", "94aa2b152bc6fcccef890e6171571098fc13b2f4bff3c6a266c5322bdcb5cb0e", "a24e0b91c1cdb0c394ac924702a338aff81bcf2f1a043c277caea2f85cde91c1", "ba4dec73b5fe31e0558314905aed00bedda81639cc86dcfb23397a610154d437"], "mitre_attack_tags": ["TA0011", "T1102"]}, {"bi": "network-dns-category-file-storage", "hashes": ["d250bc1a48c31bc22668874060b6bb14cffe0141fd2d24dc91abccfdcef5525b", "71987716ea01b25067278eab5961dd5e5cd8fb927a808d1799d25b41b12a5978", "818c99fec2aa30a09921ccf803d9ea06a61e5ee7cb9fd08723496193913dfe86", "c85745a40df2c26178036737592f758834a02d9cd0d27b755e55576c808babed", "94aa2b152bc6fcccef890e6171571098fc13b2f4bff3c6a266c5322bdcb5cb0e", "a24e0b91c1cdb0c394ac924702a338aff81bcf2f1a043c277caea2f85cde91c1", "ba4dec73b5fe31e0558314905aed00bedda81639cc86dcfb23397a610154d437"], "mitre_attack_tags": []}, {"bi": "antivirus-flagged-artifact", "hashes": ["23d38422d193586d40a773cea01e9b20ad2935d94f51e036b27b9c19e63b5fb4", "5e9e1276b69aafe7717457e61f37c671f10d539ed1844462de07604fd8e6f214", "b23fba78118e9face6efde8949e51525be2dce027352eeab823ebcac57cc92fe", "eee1c88dfa7550f80af89e0eb151d63b42e39f688a1c0e0cbabcea9b05216e89", "1989d79448592be105ab6f1f234ea0af27c1e026aa432af52ef318796b0e8d58", "5a308309eba7e75ef942ca1b1fd3858d475cafa2cd7c579e3a3f49043ce14cc0"], "mitre_attack_tags": []}, {"bi": "artifact-flagged-anomaly", "hashes": ["23d38422d193586d40a773cea01e9b20ad2935d94f51e036b27b9c19e63b5fb4", "5e9e1276b69aafe7717457e61f37c671f10d539ed1844462de07604fd8e6f214", "edbc8a3a4410e15b89475ee80910b7834483c99611ee06e8174aa47991ad91b1", "eee1c88dfa7550f80af89e0eb151d63b42e39f688a1c0e0cbabcea9b05216e89", "1989d79448592be105ab6f1f234ea0af27c1e026aa432af52ef318796b0e8d58", "94aa2b152bc6fcccef890e6171571098fc13b2f4bff3c6a266c5322bdcb5cb0e"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "http-response-client-error", "hashes": ["23d38422d193586d40a773cea01e9b20ad2935d94f51e036b27b9c19e63b5fb4", "5e9e1276b69aafe7717457e61f37c671f10d539ed1844462de07604fd8e6f214", "b23fba78118e9face6efde8949e51525be2dce027352eeab823ebcac57cc92fe", "edbc8a3a4410e15b89475ee80910b7834483c99611ee06e8174aa47991ad91b1", "eee1c88dfa7550f80af89e0eb151d63b42e39f688a1c0e0cbabcea9b05216e89", "1989d79448592be105ab6f1f234ea0af27c1e026aa432af52ef318796b0e8d58"], "mitre_attack_tags": []}, {"bi": "artifact-windows-task", "hashes": ["23d38422d193586d40a773cea01e9b20ad2935d94f51e036b27b9c19e63b5fb4", "5e9e1276b69aafe7717457e61f37c671f10d539ed1844462de07604fd8e6f214", "d2cc7925069b06a85f93854c5c187f006f3800b7d6d4437b62842562fc45ff4a", "eee1c88dfa7550f80af89e0eb151d63b42e39f688a1c0e0cbabcea9b05216e89", "1989d79448592be105ab6f1f234ea0af27c1e026aa432af52ef318796b0e8d58", "c69b9f88539107e056445c94a042726977728159b570f9a7bbda367e79a5dd8a"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1053"]}, {"bi": "network-snort-server", "hashes": ["edbc8a3a4410e15b89475ee80910b7834483c99611ee06e8174aa47991ad91b1", "d250bc1a48c31bc22668874060b6bb14cffe0141fd2d24dc91abccfdcef5525b", "71987716ea01b25067278eab5961dd5e5cd8fb927a808d1799d25b41b12a5978", "818c99fec2aa30a09921ccf803d9ea06a61e5ee7cb9fd08723496193913dfe86", "94aa2b152bc6fcccef890e6171571098fc13b2f4bff3c6a266c5322bdcb5cb0e", "ba4dec73b5fe31e0558314905aed00bedda81639cc86dcfb23397a610154d437"], "mitre_attack_tags": []}, {"bi": "network-smtp-spambot-v2", "hashes": ["edbc8a3a4410e15b89475ee80910b7834483c99611ee06e8174aa47991ad91b1", "d250bc1a48c31bc22668874060b6bb14cffe0141fd2d24dc91abccfdcef5525b", "71987716ea01b25067278eab5961dd5e5cd8fb927a808d1799d25b41b12a5978", "818c99fec2aa30a09921ccf803d9ea06a61e5ee7cb9fd08723496193913dfe86", "94aa2b152bc6fcccef890e6171571098fc13b2f4bff3c6a266c5322bdcb5cb0e", "ba4dec73b5fe31e0558314905aed00bedda81639cc86dcfb23397a610154d437"], "mitre_attack_tags": []}, {"bi": "windows-utility-downloaded-artifact", "hashes": ["23d38422d193586d40a773cea01e9b20ad2935d94f51e036b27b9c19e63b5fb4", "5e9e1276b69aafe7717457e61f37c671f10d539ed1844462de07604fd8e6f214", "d250bc1a48c31bc22668874060b6bb14cffe0141fd2d24dc91abccfdcef5525b", "1989d79448592be105ab6f1f234ea0af27c1e026aa432af52ef318796b0e8d58", "71987716ea01b25067278eab5961dd5e5cd8fb927a808d1799d25b41b12a5978"], "mitre_attack_tags": ["TA0011", "T1105"]}, {"bi": "sample-launched-copy-of-self", "hashes": ["23d38422d193586d40a773cea01e9b20ad2935d94f51e036b27b9c19e63b5fb4", "5e9e1276b69aafe7717457e61f37c671f10d539ed1844462de07604fd8e6f214", "eee1c88dfa7550f80af89e0eb151d63b42e39f688a1c0e0cbabcea9b05216e89", "1989d79448592be105ab6f1f234ea0af27c1e026aa432af52ef318796b0e8d58", "5a308309eba7e75ef942ca1b1fd3858d475cafa2cd7c579e3a3f49043ce14cc0"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "artifact-flagged-vm", "hashes": ["23d38422d193586d40a773cea01e9b20ad2935d94f51e036b27b9c19e63b5fb4", "5e9e1276b69aafe7717457e61f37c671f10d539ed1844462de07604fd8e6f214", "360643ca70455c23e649632316369a4f5b78d4f31079bb62ac8e31f082678ee4", "eee1c88dfa7550f80af89e0eb151d63b42e39f688a1c0e0cbabcea9b05216e89", "1989d79448592be105ab6f1f234ea0af27c1e026aa432af52ef318796b0e8d58"], "mitre_attack_tags": ["TA0005", "TA0007", "T1497"]}, {"bi": "pe-certificate", "hashes": ["23d38422d193586d40a773cea01e9b20ad2935d94f51e036b27b9c19e63b5fb4", "5e9e1276b69aafe7717457e61f37c671f10d539ed1844462de07604fd8e6f214", "360643ca70455c23e649632316369a4f5b78d4f31079bb62ac8e31f082678ee4", "eee1c88dfa7550f80af89e0eb151d63b42e39f688a1c0e0cbabcea9b05216e89", "1989d79448592be105ab6f1f234ea0af27c1e026aa432af52ef318796b0e8d58"], "mitre_attack_tags": []}, {"bi": "artifact-flagged-antianalysis", "hashes": ["23d38422d193586d40a773cea01e9b20ad2935d94f51e036b27b9c19e63b5fb4", "5e9e1276b69aafe7717457e61f37c671f10d539ed1844462de07604fd8e6f214", "360643ca70455c23e649632316369a4f5b78d4f31079bb62ac8e31f082678ee4", "eee1c88dfa7550f80af89e0eb151d63b42e39f688a1c0e0cbabcea9b05216e89", "1989d79448592be105ab6f1f234ea0af27c1e026aa432af52ef318796b0e8d58"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "hook-installed", "hashes": ["5e9e1276b69aafe7717457e61f37c671f10d539ed1844462de07604fd8e6f214", "b23fba78118e9face6efde8949e51525be2dce027352eeab823ebcac57cc92fe", "d2cc7925069b06a85f93854c5c187f006f3800b7d6d4437b62842562fc45ff4a", "1989d79448592be105ab6f1f234ea0af27c1e026aa432af52ef318796b0e8d58", "c69b9f88539107e056445c94a042726977728159b570f9a7bbda367e79a5dd8a"], "mitre_attack_tags": ["TA0009", "TA0006", "T1056"]}, {"bi": "network-file-uploaded", "hashes": ["edbc8a3a4410e15b89475ee80910b7834483c99611ee06e8174aa47991ad91b1", "d250bc1a48c31bc22668874060b6bb14cffe0141fd2d24dc91abccfdcef5525b", "71987716ea01b25067278eab5961dd5e5cd8fb927a808d1799d25b41b12a5978", "818c99fec2aa30a09921ccf803d9ea06a61e5ee7cb9fd08723496193913dfe86", "ba4dec73b5fe31e0558314905aed00bedda81639cc86dcfb23397a610154d437"], "mitre_attack_tags": ["TA0010", "T1011"]}, {"bi": "network-http-non-standard-port", "hashes": ["edbc8a3a4410e15b89475ee80910b7834483c99611ee06e8174aa47991ad91b1", "d250bc1a48c31bc22668874060b6bb14cffe0141fd2d24dc91abccfdcef5525b", "71987716ea01b25067278eab5961dd5e5cd8fb927a808d1799d25b41b12a5978", "818c99fec2aa30a09921ccf803d9ea06a61e5ee7cb9fd08723496193913dfe86", "ba4dec73b5fe31e0558314905aed00bedda81639cc86dcfb23397a610154d437"], "mitre_attack_tags": ["TA0011", "T1571"]}, {"bi": "pe-section-execute-writable", "hashes": ["23d38422d193586d40a773cea01e9b20ad2935d94f51e036b27b9c19e63b5fb4", "5e9e1276b69aafe7717457e61f37c671f10d539ed1844462de07604fd8e6f214", "eee1c88dfa7550f80af89e0eb151d63b42e39f688a1c0e0cbabcea9b05216e89", "1989d79448592be105ab6f1f234ea0af27c1e026aa432af52ef318796b0e8d58"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "enumeration-browser-information", "hashes": ["23d38422d193586d40a773cea01e9b20ad2935d94f51e036b27b9c19e63b5fb4", "5e9e1276b69aafe7717457e61f37c671f10d539ed1844462de07604fd8e6f214", "eee1c88dfa7550f80af89e0eb151d63b42e39f688a1c0e0cbabcea9b05216e89", "1989d79448592be105ab6f1f234ea0af27c1e026aa432af52ef318796b0e8d58"], "mitre_attack_tags": ["TA0007", "TA0009", "TA0006", "T1083", "T1217", "T1005", "T1119", "T1552"]}, {"bi": "registry-autorun-key-modified", "hashes": ["23d38422d193586d40a773cea01e9b20ad2935d94f51e036b27b9c19e63b5fb4", "5e9e1276b69aafe7717457e61f37c671f10d539ed1844462de07604fd8e6f214", "eee1c88dfa7550f80af89e0eb151d63b42e39f688a1c0e0cbabcea9b05216e89", "1989d79448592be105ab6f1f234ea0af27c1e026aa432af52ef318796b0e8d58"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "windows-util-schtask", "hashes": ["23d38422d193586d40a773cea01e9b20ad2935d94f51e036b27b9c19e63b5fb4", "5e9e1276b69aafe7717457e61f37c671f10d539ed1844462de07604fd8e6f214", "eee1c88dfa7550f80af89e0eb151d63b42e39f688a1c0e0cbabcea9b05216e89", "1989d79448592be105ab6f1f234ea0af27c1e026aa432af52ef318796b0e8d58"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1053"]}, {"bi": "windows-util-schtask-generic", "hashes": ["23d38422d193586d40a773cea01e9b20ad2935d94f51e036b27b9c19e63b5fb4", "5e9e1276b69aafe7717457e61f37c671f10d539ed1844462de07604fd8e6f214", "eee1c88dfa7550f80af89e0eb151d63b42e39f688a1c0e0cbabcea9b05216e89", "1989d79448592be105ab6f1f234ea0af27c1e026aa432af52ef318796b0e8d58"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1053"]}, {"bi": "potential-registry-persistence", "hashes": ["23d38422d193586d40a773cea01e9b20ad2935d94f51e036b27b9c19e63b5fb4", "5e9e1276b69aafe7717457e61f37c671f10d539ed1844462de07604fd8e6f214", "eee1c88dfa7550f80af89e0eb151d63b42e39f688a1c0e0cbabcea9b05216e89", "1989d79448592be105ab6f1f234ea0af27c1e026aa432af52ef318796b0e8d58"], "mitre_attack_tags": []}, {"bi": "modified-file-in-system-dir", "hashes": ["23d38422d193586d40a773cea01e9b20ad2935d94f51e036b27b9c19e63b5fb4", "5e9e1276b69aafe7717457e61f37c671f10d539ed1844462de07604fd8e6f214", "eee1c88dfa7550f80af89e0eb151d63b42e39f688a1c0e0cbabcea9b05216e89", "1989d79448592be105ab6f1f234ea0af27c1e026aa432af52ef318796b0e8d58"], "mitre_attack_tags": []}, {"bi": "registry-autorun-key-system-dir", "hashes": ["23d38422d193586d40a773cea01e9b20ad2935d94f51e036b27b9c19e63b5fb4", "5e9e1276b69aafe7717457e61f37c671f10d539ed1844462de07604fd8e6f214", "eee1c88dfa7550f80af89e0eb151d63b42e39f688a1c0e0cbabcea9b05216e89", "1989d79448592be105ab6f1f234ea0af27c1e026aa432af52ef318796b0e8d58"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "pe-imports-empty", "hashes": ["23d38422d193586d40a773cea01e9b20ad2935d94f51e036b27b9c19e63b5fb4", "5e9e1276b69aafe7717457e61f37c671f10d539ed1844462de07604fd8e6f214", "eee1c88dfa7550f80af89e0eb151d63b42e39f688a1c0e0cbabcea9b05216e89", "1989d79448592be105ab6f1f234ea0af27c1e026aa432af52ef318796b0e8d58"], "mitre_attack_tags": []}, {"bi": "registry-service-autostart-disabled", "hashes": ["23d38422d193586d40a773cea01e9b20ad2935d94f51e036b27b9c19e63b5fb4", "5e9e1276b69aafe7717457e61f37c671f10d539ed1844462de07604fd8e6f214", "eee1c88dfa7550f80af89e0eb151d63b42e39f688a1c0e0cbabcea9b05216e89", "1989d79448592be105ab6f1f234ea0af27c1e026aa432af52ef318796b0e8d58"], "mitre_attack_tags": ["TA0005", "TA0040", "TA0003", "TA0004", "T1112", "T1574", "T1489"]}, {"bi": "process-with-multiple-children", "hashes": ["23d38422d193586d40a773cea01e9b20ad2935d94f51e036b27b9c19e63b5fb4", "5e9e1276b69aafe7717457e61f37c671f10d539ed1844462de07604fd8e6f214", "eee1c88dfa7550f80af89e0eb151d63b42e39f688a1c0e0cbabcea9b05216e89", "1989d79448592be105ab6f1f234ea0af27c1e026aa432af52ef318796b0e8d58"], "mitre_attack_tags": ["TA0005"]}, {"bi": "pe-tls-callback", "hashes": ["23d38422d193586d40a773cea01e9b20ad2935d94f51e036b27b9c19e63b5fb4", "5e9e1276b69aafe7717457e61f37c671f10d539ed1844462de07604fd8e6f214", "eee1c88dfa7550f80af89e0eb151d63b42e39f688a1c0e0cbabcea9b05216e89", "1989d79448592be105ab6f1f234ea0af27c1e026aa432af52ef318796b0e8d58"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-imports-exe", "hashes": ["23d38422d193586d40a773cea01e9b20ad2935d94f51e036b27b9c19e63b5fb4", "5e9e1276b69aafe7717457e61f37c671f10d539ed1844462de07604fd8e6f214", "eee1c88dfa7550f80af89e0eb151d63b42e39f688a1c0e0cbabcea9b05216e89", "1989d79448592be105ab6f1f234ea0af27c1e026aa432af52ef318796b0e8d58"], "mitre_attack_tags": []}, {"bi": "process-check-virtualbox", "hashes": ["23d38422d193586d40a773cea01e9b20ad2935d94f51e036b27b9c19e63b5fb4", "5e9e1276b69aafe7717457e61f37c671f10d539ed1844462de07604fd8e6f214", "eee1c88dfa7550f80af89e0eb151d63b42e39f688a1c0e0cbabcea9b05216e89", "1989d79448592be105ab6f1f234ea0af27c1e026aa432af52ef318796b0e8d58"], "mitre_attack_tags": ["TA0005", "TA0007", "T1497"]}, {"bi": "registry-service-type-modified", "hashes": ["23d38422d193586d40a773cea01e9b20ad2935d94f51e036b27b9c19e63b5fb4", "5e9e1276b69aafe7717457e61f37c671f10d539ed1844462de07604fd8e6f214", "eee1c88dfa7550f80af89e0eb151d63b42e39f688a1c0e0cbabcea9b05216e89", "1989d79448592be105ab6f1f234ea0af27c1e026aa432af52ef318796b0e8d58"], "mitre_attack_tags": ["TA0005", "TA0003", "TA0004", "T1112", "T1574"]}, {"bi": "pe-header-subsystem", "hashes": ["23d38422d193586d40a773cea01e9b20ad2935d94f51e036b27b9c19e63b5fb4", "5e9e1276b69aafe7717457e61f37c671f10d539ed1844462de07604fd8e6f214", "eee1c88dfa7550f80af89e0eb151d63b42e39f688a1c0e0cbabcea9b05216e89", "1989d79448592be105ab6f1f234ea0af27c1e026aa432af52ef318796b0e8d58"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "registry-service-delete-flag-set", "hashes": ["23d38422d193586d40a773cea01e9b20ad2935d94f51e036b27b9c19e63b5fb4", "5e9e1276b69aafe7717457e61f37c671f10d539ed1844462de07604fd8e6f214", "eee1c88dfa7550f80af89e0eb151d63b42e39f688a1c0e0cbabcea9b05216e89", "1989d79448592be105ab6f1f234ea0af27c1e026aa432af52ef318796b0e8d58"], "mitre_attack_tags": ["TA0005", "TA0040", "TA0003", "TA0004", "T1112", "T1574", "T1489"]}, {"bi": "enumeration-bcdedit", "hashes": ["23d38422d193586d40a773cea01e9b20ad2935d94f51e036b27b9c19e63b5fb4", "5e9e1276b69aafe7717457e61f37c671f10d539ed1844462de07604fd8e6f214", "eee1c88dfa7550f80af89e0eb151d63b42e39f688a1c0e0cbabcea9b05216e89", "1989d79448592be105ab6f1f234ea0af27c1e026aa432af52ef318796b0e8d58"], "mitre_attack_tags": ["TA0007", "T1082"]}, {"bi": "malware-glupteba-bot-mutex-detected", "hashes": ["23d38422d193586d40a773cea01e9b20ad2935d94f51e036b27b9c19e63b5fb4", "5e9e1276b69aafe7717457e61f37c671f10d539ed1844462de07604fd8e6f214", "eee1c88dfa7550f80af89e0eb151d63b42e39f688a1c0e0cbabcea9b05216e89", "1989d79448592be105ab6f1f234ea0af27c1e026aa432af52ef318796b0e8d58"], "mitre_attack_tags": []}, {"bi": "artifact-av-detect", "hashes": ["23d38422d193586d40a773cea01e9b20ad2935d94f51e036b27b9c19e63b5fb4", "5e9e1276b69aafe7717457e61f37c671f10d539ed1844462de07604fd8e6f214", "eee1c88dfa7550f80af89e0eb151d63b42e39f688a1c0e0cbabcea9b05216e89", "1989d79448592be105ab6f1f234ea0af27c1e026aa432af52ef318796b0e8d58"], "mitre_attack_tags": ["TA0007", "T1518"]}, {"bi": "windows-util-schtask-create-onlogon", "hashes": ["23d38422d193586d40a773cea01e9b20ad2935d94f51e036b27b9c19e63b5fb4", "5e9e1276b69aafe7717457e61f37c671f10d539ed1844462de07604fd8e6f214", "eee1c88dfa7550f80af89e0eb151d63b42e39f688a1c0e0cbabcea9b05216e89", "1989d79448592be105ab6f1f234ea0af27c1e026aa432af52ef318796b0e8d58"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1053"]}, {"bi": "task-pointed-to-appdata-directory", "hashes": ["23d38422d193586d40a773cea01e9b20ad2935d94f51e036b27b9c19e63b5fb4", "5e9e1276b69aafe7717457e61f37c671f10d539ed1844462de07604fd8e6f214", "eee1c88dfa7550f80af89e0eb151d63b42e39f688a1c0e0cbabcea9b05216e89", "1989d79448592be105ab6f1f234ea0af27c1e026aa432af52ef318796b0e8d58"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1053"]}, {"bi": "pe-artifact-invalid-certificate-signature", "hashes": ["23d38422d193586d40a773cea01e9b20ad2935d94f51e036b27b9c19e63b5fb4", "5e9e1276b69aafe7717457e61f37c671f10d539ed1844462de07604fd8e6f214", "eee1c88dfa7550f80af89e0eb151d63b42e39f688a1c0e0cbabcea9b05216e89", "1989d79448592be105ab6f1f234ea0af27c1e026aa432af52ef318796b0e8d58"], "mitre_attack_tags": ["TA0005", "T1553"]}, {"bi": "windows-util-bcdedit", "hashes": ["23d38422d193586d40a773cea01e9b20ad2935d94f51e036b27b9c19e63b5fb4", "5e9e1276b69aafe7717457e61f37c671f10d539ed1844462de07604fd8e6f214", "eee1c88dfa7550f80af89e0eb151d63b42e39f688a1c0e0cbabcea9b05216e89", "1989d79448592be105ab6f1f234ea0af27c1e026aa432af52ef318796b0e8d58"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "sc-service-security-descriptor-modified", "hashes": ["23d38422d193586d40a773cea01e9b20ad2935d94f51e036b27b9c19e63b5fb4", "5e9e1276b69aafe7717457e61f37c671f10d539ed1844462de07604fd8e6f214", "eee1c88dfa7550f80af89e0eb151d63b42e39f688a1c0e0cbabcea9b05216e89", "1989d79448592be105ab6f1f234ea0af27c1e026aa432af52ef318796b0e8d58"], "mitre_attack_tags": ["TA0005", "T1562"]}, {"bi": "sc-service-security-descriptor-deny", "hashes": ["23d38422d193586d40a773cea01e9b20ad2935d94f51e036b27b9c19e63b5fb4", "5e9e1276b69aafe7717457e61f37c671f10d539ed1844462de07604fd8e6f214", "eee1c88dfa7550f80af89e0eb151d63b42e39f688a1c0e0cbabcea9b05216e89", "1989d79448592be105ab6f1f234ea0af27c1e026aa432af52ef318796b0e8d58"], "mitre_attack_tags": ["TA0005", "T1562"]}, {"bi": "dns-query-txt", "hashes": ["23d38422d193586d40a773cea01e9b20ad2935d94f51e036b27b9c19e63b5fb4", "5e9e1276b69aafe7717457e61f37c671f10d539ed1844462de07604fd8e6f214", "eee1c88dfa7550f80af89e0eb151d63b42e39f688a1c0e0cbabcea9b05216e89", "1989d79448592be105ab6f1f234ea0af27c1e026aa432af52ef318796b0e8d58"], "mitre_attack_tags": ["TA0011", "T1095"]}, {"bi": "public-ip-address-identification-attempt", "hashes": ["b23fba78118e9face6efde8949e51525be2dce027352eeab823ebcac57cc92fe", "edbc8a3a4410e15b89475ee80910b7834483c99611ee06e8174aa47991ad91b1", "c85745a40df2c26178036737592f758834a02d9cd0d27b755e55576c808babed", "a24e0b91c1cdb0c394ac924702a338aff81bcf2f1a043c277caea2f85cde91c1"], "mitre_attack_tags": ["TA0007", "T1082", "T1016"]}, {"bi": "feed-public-ip-check-dns", "hashes": ["b23fba78118e9face6efde8949e51525be2dce027352eeab823ebcac57cc92fe", "edbc8a3a4410e15b89475ee80910b7834483c99611ee06e8174aa47991ad91b1", "c85745a40df2c26178036737592f758834a02d9cd0d27b755e55576c808babed", "a24e0b91c1cdb0c394ac924702a338aff81bcf2f1a043c277caea2f85cde91c1"], "mitre_attack_tags": []}, {"bi": "network-snort-policy", "hashes": ["edbc8a3a4410e15b89475ee80910b7834483c99611ee06e8174aa47991ad91b1", "c85745a40df2c26178036737592f758834a02d9cd0d27b755e55576c808babed", "94aa2b152bc6fcccef890e6171571098fc13b2f4bff3c6a266c5322bdcb5cb0e", "a24e0b91c1cdb0c394ac924702a338aff81bcf2f1a043c277caea2f85cde91c1"], "mitre_attack_tags": []}, {"bi": "pe-packed-upx", "hashes": ["23d38422d193586d40a773cea01e9b20ad2935d94f51e036b27b9c19e63b5fb4", "5e9e1276b69aafe7717457e61f37c671f10d539ed1844462de07604fd8e6f214", "1989d79448592be105ab6f1f234ea0af27c1e026aa432af52ef318796b0e8d58"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "network-snort-indicator-shellcode", "hashes": ["23d38422d193586d40a773cea01e9b20ad2935d94f51e036b27b9c19e63b5fb4", "5e9e1276b69aafe7717457e61f37c671f10d539ed1844462de07604fd8e6f214", "1989d79448592be105ab6f1f234ea0af27c1e026aa432af52ef318796b0e8d58"], "mitre_attack_tags": []}, {"bi": "url-forced-download-prompt", "hashes": ["23d38422d193586d40a773cea01e9b20ad2935d94f51e036b27b9c19e63b5fb4", "5e9e1276b69aafe7717457e61f37c671f10d539ed1844462de07604fd8e6f214", "1989d79448592be105ab6f1f234ea0af27c1e026aa432af52ef318796b0e8d58"], "mitre_attack_tags": ["TA0011", "T1105"]}, {"bi": "network-downloaded-executable", "hashes": ["23d38422d193586d40a773cea01e9b20ad2935d94f51e036b27b9c19e63b5fb4", "5e9e1276b69aafe7717457e61f37c671f10d539ed1844462de07604fd8e6f214", "1989d79448592be105ab6f1f234ea0af27c1e026aa432af52ef318796b0e8d58"], "mitre_attack_tags": ["TA0011", "T1105"]}, {"bi": "network-snort-file-exe", "hashes": ["23d38422d193586d40a773cea01e9b20ad2935d94f51e036b27b9c19e63b5fb4", "5e9e1276b69aafe7717457e61f37c671f10d539ed1844462de07604fd8e6f214", "1989d79448592be105ab6f1f234ea0af27c1e026aa432af52ef318796b0e8d58"], "mitre_attack_tags": []}, {"bi": "network-downloaded-obfuscated-executable", "hashes": ["23d38422d193586d40a773cea01e9b20ad2935d94f51e036b27b9c19e63b5fb4", "5e9e1276b69aafe7717457e61f37c671f10d539ed1844462de07604fd8e6f214", "1989d79448592be105ab6f1f234ea0af27c1e026aa432af52ef318796b0e8d58"], "mitre_attack_tags": ["TA0005", "TA0011", "T1027", "T1105"]}, {"bi": "network-private-ip-address", "hashes": ["23d38422d193586d40a773cea01e9b20ad2935d94f51e036b27b9c19e63b5fb4", "5e9e1276b69aafe7717457e61f37c671f10d539ed1844462de07604fd8e6f214", "1989d79448592be105ab6f1f234ea0af27c1e026aa432af52ef318796b0e8d58"], "mitre_attack_tags": ["TA0007", "T1016"]}, {"bi": "network-snort-file-generic", "hashes": ["23d38422d193586d40a773cea01e9b20ad2935d94f51e036b27b9c19e63b5fb4", "5e9e1276b69aafe7717457e61f37c671f10d539ed1844462de07604fd8e6f214", "1989d79448592be105ab6f1f234ea0af27c1e026aa432af52ef318796b0e8d58"], "mitre_attack_tags": []}, {"bi": "malware-known-trojan-av", "hashes": ["23d38422d193586d40a773cea01e9b20ad2935d94f51e036b27b9c19e63b5fb4", "5e9e1276b69aafe7717457e61f37c671f10d539ed1844462de07604fd8e6f214", "1989d79448592be105ab6f1f234ea0af27c1e026aa432af52ef318796b0e8d58"], "mitre_attack_tags": []}, {"bi": "excessive-process-creates", "hashes": ["23d38422d193586d40a773cea01e9b20ad2935d94f51e036b27b9c19e63b5fb4", "5e9e1276b69aafe7717457e61f37c671f10d539ed1844462de07604fd8e6f214", "1989d79448592be105ab6f1f234ea0af27c1e026aa432af52ef318796b0e8d58"], "mitre_attack_tags": ["TA0040", "T1499"]}, {"bi": "network-downloaded-antivirus-flagged", "hashes": ["23d38422d193586d40a773cea01e9b20ad2935d94f51e036b27b9c19e63b5fb4", "5e9e1276b69aafe7717457e61f37c671f10d539ed1844462de07604fd8e6f214", "1989d79448592be105ab6f1f234ea0af27c1e026aa432af52ef318796b0e8d58"], "mitre_attack_tags": []}, {"bi": "html-small-file-redirect", "hashes": ["edbc8a3a4410e15b89475ee80910b7834483c99611ee06e8174aa47991ad91b1", "94aa2b152bc6fcccef890e6171571098fc13b2f4bff3c6a266c5322bdcb5cb0e", "a24e0b91c1cdb0c394ac924702a338aff81bcf2f1a043c277caea2f85cde91c1"], "mitre_attack_tags": []}, {"bi": "network-dns-category-proxy", "hashes": ["c85745a40df2c26178036737592f758834a02d9cd0d27b755e55576c808babed", "94aa2b152bc6fcccef890e6171571098fc13b2f4bff3c6a266c5322bdcb5cb0e", "a24e0b91c1cdb0c394ac924702a338aff81bcf2f1a043c277caea2f85cde91c1"], "mitre_attack_tags": []}, {"bi": "artifact-exec-extension-obfuscation", "hashes": ["360643ca70455c23e649632316369a4f5b78d4f31079bb62ac8e31f082678ee4", "5a308309eba7e75ef942ca1b1fd3858d475cafa2cd7c579e3a3f49043ce14cc0"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-imports-psapi-dll", "hashes": ["b23fba78118e9face6efde8949e51525be2dce027352eeab823ebcac57cc92fe", "5a308309eba7e75ef942ca1b1fd3858d475cafa2cd7c579e3a3f49043ce14cc0"], "mitre_attack_tags": ["TA0007", "T1057"]}, {"bi": "pe-imports-toolhelp", "hashes": ["b23fba78118e9face6efde8949e51525be2dce027352eeab823ebcac57cc92fe", "5a308309eba7e75ef942ca1b1fd3858d475cafa2cd7c579e3a3f49043ce14cc0"], "mitre_attack_tags": ["TA0007", "T1057"]}, {"bi": "windows-os-reboot-detected", "hashes": ["d2cc7925069b06a85f93854c5c187f006f3800b7d6d4437b62842562fc45ff4a", "c69b9f88539107e056445c94a042726977728159b570f9a7bbda367e79a5dd8a"], "mitre_attack_tags": ["TA0040", "T1529"]}, {"bi": "mbr-modified", "hashes": ["d2cc7925069b06a85f93854c5c187f006f3800b7d6d4437b62842562fc45ff4a", "c69b9f88539107e056445c94a042726977728159b570f9a7bbda367e79a5dd8a"], "mitre_attack_tags": ["TA0005", "TA0003", "TA0040", "T1542", "T1561"]}, {"bi": "eml-mismatched-name-from-header", "hashes": ["d250bc1a48c31bc22668874060b6bb14cffe0141fd2d24dc91abccfdcef5525b", "71987716ea01b25067278eab5961dd5e5cd8fb927a808d1799d25b41b12a5978"], "mitre_attack_tags": ["TA0001", "T1566"]}, {"bi": "pe-filename-mismatch", "hashes": ["360643ca70455c23e649632316369a4f5b78d4f31079bb62ac8e31f082678ee4"], "mitre_attack_tags": []}, {"bi": "windows-crash-tool-execution-detected", "hashes": ["360643ca70455c23e649632316369a4f5b78d4f31079bb62ac8e31f082678ee4"], "mitre_attack_tags": []}, {"bi": "crash-dump-file-created", "hashes": ["360643ca70455c23e649632316369a4f5b78d4f31079bb62ac8e31f082678ee4"], "mitre_attack_tags": []}, {"bi": "fault-report-file-created", "hashes": ["360643ca70455c23e649632316369a4f5b78d4f31079bb62ac8e31f082678ee4"], "mitre_attack_tags": []}, {"bi": "network-opendns-malicious", "hashes": ["b23fba78118e9face6efde8949e51525be2dce027352eeab823ebcac57cc92fe"], "mitre_attack_tags": []}, {"bi": "netbios-query", "hashes": ["b23fba78118e9face6efde8949e51525be2dce027352eeab823ebcac57cc92fe"], "mitre_attack_tags": []}, {"bi": "network-file-downloaded-to-disk", "hashes": ["b23fba78118e9face6efde8949e51525be2dce027352eeab823ebcac57cc92fe"], "mitre_attack_tags": []}, {"bi": "network-snort-indicator-compromise", "hashes": ["b23fba78118e9face6efde8949e51525be2dce027352eeab823ebcac57cc92fe"], "mitre_attack_tags": []}, {"bi": "network-url-tracking-service", "hashes": ["b23fba78118e9face6efde8949e51525be2dce027352eeab823ebcac57cc92fe"], "mitre_attack_tags": ["TA0011", "T1102"]}, {"bi": "url-not-found", "hashes": ["eee1c88dfa7550f80af89e0eb151d63b42e39f688a1c0e0cbabcea9b05216e89"], "mitre_attack_tags": []}, {"bi": "feed-domain-ransomware", "hashes": ["c85745a40df2c26178036737592f758834a02d9cd0d27b755e55576c808babed"], "mitre_attack_tags": []}, {"bi": "network-discord-domain-detected", "hashes": ["c85745a40df2c26178036737592f758834a02d9cd0d27b755e55576c808babed"], "mitre_attack_tags": ["TA0011", "T1102"]}, {"bi": "artifact-flagged-obfuscation", "hashes": ["5a308309eba7e75ef942ca1b1fd3858d475cafa2cd7c579e3a3f49043ce14cc0"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "network-dns-category-dynamic", "hashes": ["5a308309eba7e75ef942ca1b1fd3858d475cafa2cd7c579e3a3f49043ce14cc0"], "mitre_attack_tags": []}, {"bi": "registry-autorun-key-modified-nt", "hashes": ["5a308309eba7e75ef942ca1b1fd3858d475cafa2cd7c579e3a3f49043ce14cc0"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "registry-modification-reg", "hashes": ["5a308309eba7e75ef942ca1b1fd3858d475cafa2cd7c579e3a3f49043ce14cc0"], "mitre_attack_tags": []}, {"bi": "files-created-batch", "hashes": ["5a308309eba7e75ef942ca1b1fd3858d475cafa2cd7c579e3a3f49043ce14cc0"], "mitre_attack_tags": ["TA0002", "T1064"]}, {"bi": "startup-folder-modification", "hashes": ["5a308309eba7e75ef942ca1b1fd3858d475cafa2cd7c579e3a3f49043ce14cc0"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "audio-video-mutex-detected", "hashes": ["5a308309eba7e75ef942ca1b1fd3858d475cafa2cd7c579e3a3f49043ce14cc0"], "mitre_attack_tags": ["TA0009", "T1123", "T1125"]}, {"bi": "sc-service-stop-windefend", "hashes": ["5a308309eba7e75ef942ca1b1fd3858d475cafa2cd7c579e3a3f49043ce14cc0"], "mitre_attack_tags": ["TA0005", "T1562"]}, {"bi": "malware-avemaria-detected", "hashes": ["5a308309eba7e75ef942ca1b1fd3858d475cafa2cd7c579e3a3f49043ce14cc0"], "mitre_attack_tags": []}, {"bi": "malware-avemaria-file-path-detected", "hashes": ["5a308309eba7e75ef942ca1b1fd3858d475cafa2cd7c579e3a3f49043ce14cc0"], "mitre_attack_tags": []}, {"bi": "pe-uses-heavens-gate", "hashes": ["5a308309eba7e75ef942ca1b1fd3858d475cafa2cd7c579e3a3f49043ce14cc0"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "suspicious-user-agent", "hashes": ["94aa2b152bc6fcccef890e6171571098fc13b2f4bff3c6a266c5322bdcb5cb0e"], "mitre_attack_tags": ["TA0011", "T1071"]}], "category": "Packed", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": true, "Threat Grid": true, "Umbrella": true, "WSA": true}, "description": "Tofsee is multi-purpose malware that features a number of modules used to carry out various activities such as sending spam messages, conducting click fraud, mining cryptocurrency, and more. Infected systems become part of the Tofsee spam botnet and are used to send large volumes of spam messages in an effort to infect additional systems and increase the overall size of the botnet under the operator's control.", "hashes": ["1989d79448592be105ab6f1f234ea0af27c1e026aa432af52ef318796b0e8d58", "23d38422d193586d40a773cea01e9b20ad2935d94f51e036b27b9c19e63b5fb4", "360643ca70455c23e649632316369a4f5b78d4f31079bb62ac8e31f082678ee4", "4d3739cee22be1965a27e0a93d86f9ec687da085bda0316bc2b3d5b91dab8c66", "5a308309eba7e75ef942ca1b1fd3858d475cafa2cd7c579e3a3f49043ce14cc0", "5e9e1276b69aafe7717457e61f37c671f10d539ed1844462de07604fd8e6f214", "71987716ea01b25067278eab5961dd5e5cd8fb927a808d1799d25b41b12a5978", "818c99fec2aa30a09921ccf803d9ea06a61e5ee7cb9fd08723496193913dfe86", "94aa2b152bc6fcccef890e6171571098fc13b2f4bff3c6a266c5322bdcb5cb0e", "a24e0b91c1cdb0c394ac924702a338aff81bcf2f1a043c277caea2f85cde91c1", "b23fba78118e9face6efde8949e51525be2dce027352eeab823ebcac57cc92fe", "ba4dec73b5fe31e0558314905aed00bedda81639cc86dcfb23397a610154d437", "c69b9f88539107e056445c94a042726977728159b570f9a7bbda367e79a5dd8a", "c85745a40df2c26178036737592f758834a02d9cd0d27b755e55576c808babed", "d250bc1a48c31bc22668874060b6bb14cffe0141fd2d24dc91abccfdcef5525b", "d2cc7925069b06a85f93854c5c187f006f3800b7d6d4437b62842562fc45ff4a", "edbc8a3a4410e15b89475ee80910b7834483c99611ee06e8174aa47991ad91b1", "eee1c88dfa7550f80af89e0eb151d63b42e39f688a1c0e0cbabcea9b05216e89"], "iocs": {"domain": [{"hashes": ["4d3739cee22be1965a27e0a93d86f9ec687da085bda0316bc2b3d5b91dab8c66", "71987716ea01b25067278eab5961dd5e5cd8fb927a808d1799d25b41b12a5978", "818c99fec2aa30a09921ccf803d9ea06a61e5ee7cb9fd08723496193913dfe86", "94aa2b152bc6fcccef890e6171571098fc13b2f4bff3c6a266c5322bdcb5cb0e", "a24e0b91c1cdb0c394ac924702a338aff81bcf2f1a043c277caea2f85cde91c1", "ba4dec73b5fe31e0558314905aed00bedda81639cc86dcfb23397a610154d437", "c85745a40df2c26178036737592f758834a02d9cd0d27b755e55576c808babed", "d250bc1a48c31bc22668874060b6bb14cffe0141fd2d24dc91abccfdcef5525b", "edbc8a3a4410e15b89475ee80910b7834483c99611ee06e8174aa47991ad91b1"], "host": "249[.]5[.]55[.]69[.]in-addr[.]arpa"}, {"hashes": ["4d3739cee22be1965a27e0a93d86f9ec687da085bda0316bc2b3d5b91dab8c66", "71987716ea01b25067278eab5961dd5e5cd8fb927a808d1799d25b41b12a5978", "818c99fec2aa30a09921ccf803d9ea06a61e5ee7cb9fd08723496193913dfe86", "94aa2b152bc6fcccef890e6171571098fc13b2f4bff3c6a266c5322bdcb5cb0e", "a24e0b91c1cdb0c394ac924702a338aff81bcf2f1a043c277caea2f85cde91c1", "ba4dec73b5fe31e0558314905aed00bedda81639cc86dcfb23397a610154d437", "c85745a40df2c26178036737592f758834a02d9cd0d27b755e55576c808babed", "d250bc1a48c31bc22668874060b6bb14cffe0141fd2d24dc91abccfdcef5525b", "edbc8a3a4410e15b89475ee80910b7834483c99611ee06e8174aa47991ad91b1"], "host": "microsoft-com[.]mail[.]protection[.]outlook[.]com"}, {"hashes": ["4d3739cee22be1965a27e0a93d86f9ec687da085bda0316bc2b3d5b91dab8c66", "71987716ea01b25067278eab5961dd5e5cd8fb927a808d1799d25b41b12a5978", "818c99fec2aa30a09921ccf803d9ea06a61e5ee7cb9fd08723496193913dfe86", "94aa2b152bc6fcccef890e6171571098fc13b2f4bff3c6a266c5322bdcb5cb0e", "a24e0b91c1cdb0c394ac924702a338aff81bcf2f1a043c277caea2f85cde91c1", "ba4dec73b5fe31e0558314905aed00bedda81639cc86dcfb23397a610154d437", "c85745a40df2c26178036737592f758834a02d9cd0d27b755e55576c808babed", "d250bc1a48c31bc22668874060b6bb14cffe0141fd2d24dc91abccfdcef5525b", "edbc8a3a4410e15b89475ee80910b7834483c99611ee06e8174aa47991ad91b1"], "host": "microsoft[.]com"}, {"hashes": ["71987716ea01b25067278eab5961dd5e5cd8fb927a808d1799d25b41b12a5978", "818c99fec2aa30a09921ccf803d9ea06a61e5ee7cb9fd08723496193913dfe86", "94aa2b152bc6fcccef890e6171571098fc13b2f4bff3c6a266c5322bdcb5cb0e", "a24e0b91c1cdb0c394ac924702a338aff81bcf2f1a043c277caea2f85cde91c1", "ba4dec73b5fe31e0558314905aed00bedda81639cc86dcfb23397a610154d437", "c85745a40df2c26178036737592f758834a02d9cd0d27b755e55576c808babed", "d250bc1a48c31bc22668874060b6bb14cffe0141fd2d24dc91abccfdcef5525b", "edbc8a3a4410e15b89475ee80910b7834483c99611ee06e8174aa47991ad91b1"], "host": "249[.]5[.]55[.]69[.]bl[.]spamcop[.]net"}, {"hashes": ["71987716ea01b25067278eab5961dd5e5cd8fb927a808d1799d25b41b12a5978", "818c99fec2aa30a09921ccf803d9ea06a61e5ee7cb9fd08723496193913dfe86", "94aa2b152bc6fcccef890e6171571098fc13b2f4bff3c6a266c5322bdcb5cb0e", "a24e0b91c1cdb0c394ac924702a338aff81bcf2f1a043c277caea2f85cde91c1", "ba4dec73b5fe31e0558314905aed00bedda81639cc86dcfb23397a610154d437", "c85745a40df2c26178036737592f758834a02d9cd0d27b755e55576c808babed", "d250bc1a48c31bc22668874060b6bb14cffe0141fd2d24dc91abccfdcef5525b", "edbc8a3a4410e15b89475ee80910b7834483c99611ee06e8174aa47991ad91b1"], "host": "249[.]5[.]55[.]69[.]cbl[.]abuseat[.]org"}, {"hashes": ["71987716ea01b25067278eab5961dd5e5cd8fb927a808d1799d25b41b12a5978", "818c99fec2aa30a09921ccf803d9ea06a61e5ee7cb9fd08723496193913dfe86", "94aa2b152bc6fcccef890e6171571098fc13b2f4bff3c6a266c5322bdcb5cb0e", "a24e0b91c1cdb0c394ac924702a338aff81bcf2f1a043c277caea2f85cde91c1", "ba4dec73b5fe31e0558314905aed00bedda81639cc86dcfb23397a610154d437", "c85745a40df2c26178036737592f758834a02d9cd0d27b755e55576c808babed", "d250bc1a48c31bc22668874060b6bb14cffe0141fd2d24dc91abccfdcef5525b", "edbc8a3a4410e15b89475ee80910b7834483c99611ee06e8174aa47991ad91b1"], "host": "249[.]5[.]55[.]69[.]dnsbl[.]sorbs[.]net"}, {"hashes": ["71987716ea01b25067278eab5961dd5e5cd8fb927a808d1799d25b41b12a5978", "818c99fec2aa30a09921ccf803d9ea06a61e5ee7cb9fd08723496193913dfe86", "94aa2b152bc6fcccef890e6171571098fc13b2f4bff3c6a266c5322bdcb5cb0e", "a24e0b91c1cdb0c394ac924702a338aff81bcf2f1a043c277caea2f85cde91c1", "ba4dec73b5fe31e0558314905aed00bedda81639cc86dcfb23397a610154d437", "c85745a40df2c26178036737592f758834a02d9cd0d27b755e55576c808babed", "d250bc1a48c31bc22668874060b6bb14cffe0141fd2d24dc91abccfdcef5525b", "edbc8a3a4410e15b89475ee80910b7834483c99611ee06e8174aa47991ad91b1"], "host": "249[.]5[.]55[.]69[.]sbl-xbl[.]spamhaus[.]org"}, {"hashes": ["71987716ea01b25067278eab5961dd5e5cd8fb927a808d1799d25b41b12a5978", "818c99fec2aa30a09921ccf803d9ea06a61e5ee7cb9fd08723496193913dfe86", "94aa2b152bc6fcccef890e6171571098fc13b2f4bff3c6a266c5322bdcb5cb0e", "a24e0b91c1cdb0c394ac924702a338aff81bcf2f1a043c277caea2f85cde91c1", "ba4dec73b5fe31e0558314905aed00bedda81639cc86dcfb23397a610154d437", "c85745a40df2c26178036737592f758834a02d9cd0d27b755e55576c808babed", "d250bc1a48c31bc22668874060b6bb14cffe0141fd2d24dc91abccfdcef5525b", "edbc8a3a4410e15b89475ee80910b7834483c99611ee06e8174aa47991ad91b1"], "host": "249[.]5[.]55[.]69[.]zen[.]spamhaus[.]org"}, {"hashes": ["71987716ea01b25067278eab5961dd5e5cd8fb927a808d1799d25b41b12a5978", "818c99fec2aa30a09921ccf803d9ea06a61e5ee7cb9fd08723496193913dfe86", "94aa2b152bc6fcccef890e6171571098fc13b2f4bff3c6a266c5322bdcb5cb0e", "a24e0b91c1cdb0c394ac924702a338aff81bcf2f1a043c277caea2f85cde91c1", "ba4dec73b5fe31e0558314905aed00bedda81639cc86dcfb23397a610154d437", "c85745a40df2c26178036737592f758834a02d9cd0d27b755e55576c808babed", "d250bc1a48c31bc22668874060b6bb14cffe0141fd2d24dc91abccfdcef5525b", "edbc8a3a4410e15b89475ee80910b7834483c99611ee06e8174aa47991ad91b1"], "host": "www[.]amazon[.]com"}, {"hashes": ["71987716ea01b25067278eab5961dd5e5cd8fb927a808d1799d25b41b12a5978", "818c99fec2aa30a09921ccf803d9ea06a61e5ee7cb9fd08723496193913dfe86", "94aa2b152bc6fcccef890e6171571098fc13b2f4bff3c6a266c5322bdcb5cb0e", "a24e0b91c1cdb0c394ac924702a338aff81bcf2f1a043c277caea2f85cde91c1", "ba4dec73b5fe31e0558314905aed00bedda81639cc86dcfb23397a610154d437", "c85745a40df2c26178036737592f758834a02d9cd0d27b755e55576c808babed", "d250bc1a48c31bc22668874060b6bb14cffe0141fd2d24dc91abccfdcef5525b", "edbc8a3a4410e15b89475ee80910b7834483c99611ee06e8174aa47991ad91b1"], "host": "www[.]instagram[.]com"}, {"hashes": ["71987716ea01b25067278eab5961dd5e5cd8fb927a808d1799d25b41b12a5978", "818c99fec2aa30a09921ccf803d9ea06a61e5ee7cb9fd08723496193913dfe86", "94aa2b152bc6fcccef890e6171571098fc13b2f4bff3c6a266c5322bdcb5cb0e", "a24e0b91c1cdb0c394ac924702a338aff81bcf2f1a043c277caea2f85cde91c1", "ba4dec73b5fe31e0558314905aed00bedda81639cc86dcfb23397a610154d437", "c85745a40df2c26178036737592f758834a02d9cd0d27b755e55576c808babed", "d250bc1a48c31bc22668874060b6bb14cffe0141fd2d24dc91abccfdcef5525b"], "host": "schema[.]org"}, {"hashes": ["71987716ea01b25067278eab5961dd5e5cd8fb927a808d1799d25b41b12a5978", "818c99fec2aa30a09921ccf803d9ea06a61e5ee7cb9fd08723496193913dfe86", "94aa2b152bc6fcccef890e6171571098fc13b2f4bff3c6a266c5322bdcb5cb0e", "a24e0b91c1cdb0c394ac924702a338aff81bcf2f1a043c277caea2f85cde91c1", "ba4dec73b5fe31e0558314905aed00bedda81639cc86dcfb23397a610154d437", "c85745a40df2c26178036737592f758834a02d9cd0d27b755e55576c808babed", "d250bc1a48c31bc22668874060b6bb14cffe0141fd2d24dc91abccfdcef5525b"], "host": "accounts[.]google[.]com"}, {"hashes": ["71987716ea01b25067278eab5961dd5e5cd8fb927a808d1799d25b41b12a5978", "818c99fec2aa30a09921ccf803d9ea06a61e5ee7cb9fd08723496193913dfe86", "94aa2b152bc6fcccef890e6171571098fc13b2f4bff3c6a266c5322bdcb5cb0e", "a24e0b91c1cdb0c394ac924702a338aff81bcf2f1a043c277caea2f85cde91c1", "ba4dec73b5fe31e0558314905aed00bedda81639cc86dcfb23397a610154d437", "c85745a40df2c26178036737592f758834a02d9cd0d27b755e55576c808babed", "d250bc1a48c31bc22668874060b6bb14cffe0141fd2d24dc91abccfdcef5525b"], "host": "drive[.]google[.]com"}, {"hashes": ["71987716ea01b25067278eab5961dd5e5cd8fb927a808d1799d25b41b12a5978", "818c99fec2aa30a09921ccf803d9ea06a61e5ee7cb9fd08723496193913dfe86", "94aa2b152bc6fcccef890e6171571098fc13b2f4bff3c6a266c5322bdcb5cb0e", "a24e0b91c1cdb0c394ac924702a338aff81bcf2f1a043c277caea2f85cde91c1", "ba4dec73b5fe31e0558314905aed00bedda81639cc86dcfb23397a610154d437", "c85745a40df2c26178036737592f758834a02d9cd0d27b755e55576c808babed", "d250bc1a48c31bc22668874060b6bb14cffe0141fd2d24dc91abccfdcef5525b"], "host": "mail[.]google[.]com"}, {"hashes": ["71987716ea01b25067278eab5961dd5e5cd8fb927a808d1799d25b41b12a5978", "818c99fec2aa30a09921ccf803d9ea06a61e5ee7cb9fd08723496193913dfe86", "94aa2b152bc6fcccef890e6171571098fc13b2f4bff3c6a266c5322bdcb5cb0e", "a24e0b91c1cdb0c394ac924702a338aff81bcf2f1a043c277caea2f85cde91c1", "ba4dec73b5fe31e0558314905aed00bedda81639cc86dcfb23397a610154d437", "c85745a40df2c26178036737592f758834a02d9cd0d27b755e55576c808babed", "d250bc1a48c31bc22668874060b6bb14cffe0141fd2d24dc91abccfdcef5525b"], "host": "maps[.]google[.]com"}, {"hashes": ["71987716ea01b25067278eab5961dd5e5cd8fb927a808d1799d25b41b12a5978", "818c99fec2aa30a09921ccf803d9ea06a61e5ee7cb9fd08723496193913dfe86", "94aa2b152bc6fcccef890e6171571098fc13b2f4bff3c6a266c5322bdcb5cb0e", "ba4dec73b5fe31e0558314905aed00bedda81639cc86dcfb23397a610154d437", "c85745a40df2c26178036737592f758834a02d9cd0d27b755e55576c808babed", "d250bc1a48c31bc22668874060b6bb14cffe0141fd2d24dc91abccfdcef5525b", "edbc8a3a4410e15b89475ee80910b7834483c99611ee06e8174aa47991ad91b1"], "host": "market[.]yandex[.]ru"}, {"hashes": ["71987716ea01b25067278eab5961dd5e5cd8fb927a808d1799d25b41b12a5978", "818c99fec2aa30a09921ccf803d9ea06a61e5ee7cb9fd08723496193913dfe86", "94aa2b152bc6fcccef890e6171571098fc13b2f4bff3c6a266c5322bdcb5cb0e", "a24e0b91c1cdb0c394ac924702a338aff81bcf2f1a043c277caea2f85cde91c1", "ba4dec73b5fe31e0558314905aed00bedda81639cc86dcfb23397a610154d437", "c85745a40df2c26178036737592f758834a02d9cd0d27b755e55576c808babed", "d250bc1a48c31bc22668874060b6bb14cffe0141fd2d24dc91abccfdcef5525b"], "host": "news[.]google[.]com"}, {"hashes": ["71987716ea01b25067278eab5961dd5e5cd8fb927a808d1799d25b41b12a5978", "818c99fec2aa30a09921ccf803d9ea06a61e5ee7cb9fd08723496193913dfe86", "94aa2b152bc6fcccef890e6171571098fc13b2f4bff3c6a266c5322bdcb5cb0e", "a24e0b91c1cdb0c394ac924702a338aff81bcf2f1a043c277caea2f85cde91c1", "ba4dec73b5fe31e0558314905aed00bedda81639cc86dcfb23397a610154d437", "c85745a40df2c26178036737592f758834a02d9cd0d27b755e55576c808babed", "d250bc1a48c31bc22668874060b6bb14cffe0141fd2d24dc91abccfdcef5525b"], "host": "play[.]google[.]com"}, {"hashes": ["71987716ea01b25067278eab5961dd5e5cd8fb927a808d1799d25b41b12a5978", "818c99fec2aa30a09921ccf803d9ea06a61e5ee7cb9fd08723496193913dfe86", "94aa2b152bc6fcccef890e6171571098fc13b2f4bff3c6a266c5322bdcb5cb0e", "a24e0b91c1cdb0c394ac924702a338aff81bcf2f1a043c277caea2f85cde91c1", "ba4dec73b5fe31e0558314905aed00bedda81639cc86dcfb23397a610154d437", "c85745a40df2c26178036737592f758834a02d9cd0d27b755e55576c808babed", "d250bc1a48c31bc22668874060b6bb14cffe0141fd2d24dc91abccfdcef5525b"], "host": "www[.]youtube[.]com"}, {"hashes": ["23d38422d193586d40a773cea01e9b20ad2935d94f51e036b27b9c19e63b5fb4", "5e9e1276b69aafe7717457e61f37c671f10d539ed1844462de07604fd8e6f214", "818c99fec2aa30a09921ccf803d9ea06a61e5ee7cb9fd08723496193913dfe86", "ba4dec73b5fe31e0558314905aed00bedda81639cc86dcfb23397a610154d437", "c85745a40df2c26178036737592f758834a02d9cd0d27b755e55576c808babed", "edbc8a3a4410e15b89475ee80910b7834483c99611ee06e8174aa47991ad91b1", "eee1c88dfa7550f80af89e0eb151d63b42e39f688a1c0e0cbabcea9b05216e89"], "host": "www[.]google[.]com"}, {"hashes": ["23d38422d193586d40a773cea01e9b20ad2935d94f51e036b27b9c19e63b5fb4", "5e9e1276b69aafe7717457e61f37c671f10d539ed1844462de07604fd8e6f214", "b23fba78118e9face6efde8949e51525be2dce027352eeab823ebcac57cc92fe", "c69b9f88539107e056445c94a042726977728159b570f9a7bbda367e79a5dd8a", "d2cc7925069b06a85f93854c5c187f006f3800b7d6d4437b62842562fc45ff4a", "eee1c88dfa7550f80af89e0eb151d63b42e39f688a1c0e0cbabcea9b05216e89"], "host": "ctldl[.]windowsupdate[.]com"}, {"hashes": ["23d38422d193586d40a773cea01e9b20ad2935d94f51e036b27b9c19e63b5fb4", "5e9e1276b69aafe7717457e61f37c671f10d539ed1844462de07604fd8e6f214", "c69b9f88539107e056445c94a042726977728159b570f9a7bbda367e79a5dd8a", "d2cc7925069b06a85f93854c5c187f006f3800b7d6d4437b62842562fc45ff4a", "eee1c88dfa7550f80af89e0eb151d63b42e39f688a1c0e0cbabcea9b05216e89"], "host": "a767[.]dscg3[.]akamai[.]net"}, {"hashes": ["94aa2b152bc6fcccef890e6171571098fc13b2f4bff3c6a266c5322bdcb5cb0e", "a24e0b91c1cdb0c394ac924702a338aff81bcf2f1a043c277caea2f85cde91c1", "ba4dec73b5fe31e0558314905aed00bedda81639cc86dcfb23397a610154d437", "d250bc1a48c31bc22668874060b6bb14cffe0141fd2d24dc91abccfdcef5525b", "edbc8a3a4410e15b89475ee80910b7834483c99611ee06e8174aa47991ad91b1"], "host": "ip[.]pr-cy[.]hacklix[.]com"}, {"hashes": ["71987716ea01b25067278eab5961dd5e5cd8fb927a808d1799d25b41b12a5978", "818c99fec2aa30a09921ccf803d9ea06a61e5ee7cb9fd08723496193913dfe86", "ba4dec73b5fe31e0558314905aed00bedda81639cc86dcfb23397a610154d437", "d250bc1a48c31bc22668874060b6bb14cffe0141fd2d24dc91abccfdcef5525b", "edbc8a3a4410e15b89475ee80910b7834483c99611ee06e8174aa47991ad91b1"], "host": "iv0001-npxs01001-00[.]auth[.]np[.]ac[.]playstation[.]net"}, {"hashes": ["71987716ea01b25067278eab5961dd5e5cd8fb927a808d1799d25b41b12a5978", "818c99fec2aa30a09921ccf803d9ea06a61e5ee7cb9fd08723496193913dfe86", "ba4dec73b5fe31e0558314905aed00bedda81639cc86dcfb23397a610154d437", "d250bc1a48c31bc22668874060b6bb14cffe0141fd2d24dc91abccfdcef5525b", "edbc8a3a4410e15b89475ee80910b7834483c99611ee06e8174aa47991ad91b1"], "host": "work[.]a-poster[.]info"}, {"hashes": ["818c99fec2aa30a09921ccf803d9ea06a61e5ee7cb9fd08723496193913dfe86", "ba4dec73b5fe31e0558314905aed00bedda81639cc86dcfb23397a610154d437", "c85745a40df2c26178036737592f758834a02d9cd0d27b755e55576c808babed", "edbc8a3a4410e15b89475ee80910b7834483c99611ee06e8174aa47991ad91b1"], "host": "z-p42-instagram[.]c10r[.]facebook[.]com"}, {"hashes": ["1989d79448592be105ab6f1f234ea0af27c1e026aa432af52ef318796b0e8d58", "23d38422d193586d40a773cea01e9b20ad2935d94f51e036b27b9c19e63b5fb4", "5e9e1276b69aafe7717457e61f37c671f10d539ed1844462de07604fd8e6f214", "eee1c88dfa7550f80af89e0eb151d63b42e39f688a1c0e0cbabcea9b05216e89"], "host": "msdl[.]microsoft[.]com"}, {"hashes": ["1989d79448592be105ab6f1f234ea0af27c1e026aa432af52ef318796b0e8d58", "23d38422d193586d40a773cea01e9b20ad2935d94f51e036b27b9c19e63b5fb4", "5e9e1276b69aafe7717457e61f37c671f10d539ed1844462de07604fd8e6f214", "eee1c88dfa7550f80af89e0eb151d63b42e39f688a1c0e0cbabcea9b05216e89"], "host": "vsblobprodscussu5shard35[.]blob[.]core[.]windows[.]net"}, {"hashes": ["1989d79448592be105ab6f1f234ea0af27c1e026aa432af52ef318796b0e8d58", "23d38422d193586d40a773cea01e9b20ad2935d94f51e036b27b9c19e63b5fb4", "5e9e1276b69aafe7717457e61f37c671f10d539ed1844462de07604fd8e6f214", "eee1c88dfa7550f80af89e0eb151d63b42e39f688a1c0e0cbabcea9b05216e89"], "host": "vsblobprodscussu5shard60[.]blob[.]core[.]windows[.]net"}, {"hashes": ["94aa2b152bc6fcccef890e6171571098fc13b2f4bff3c6a266c5322bdcb5cb0e", "a24e0b91c1cdb0c394ac924702a338aff81bcf2f1a043c277caea2f85cde91c1", "c85745a40df2c26178036737592f758834a02d9cd0d27b755e55576c808babed", "edbc8a3a4410e15b89475ee80910b7834483c99611ee06e8174aa47991ad91b1"], "host": "login[.]live[.]com"}, {"hashes": ["1989d79448592be105ab6f1f234ea0af27c1e026aa432af52ef318796b0e8d58", "23d38422d193586d40a773cea01e9b20ad2935d94f51e036b27b9c19e63b5fb4", "5e9e1276b69aafe7717457e61f37c671f10d539ed1844462de07604fd8e6f214", "eee1c88dfa7550f80af89e0eb151d63b42e39f688a1c0e0cbabcea9b05216e89"], "host": "fotamene[.]com"}, {"hashes": ["1989d79448592be105ab6f1f234ea0af27c1e026aa432af52ef318796b0e8d58", "23d38422d193586d40a773cea01e9b20ad2935d94f51e036b27b9c19e63b5fb4", "5e9e1276b69aafe7717457e61f37c671f10d539ed1844462de07604fd8e6f214", "eee1c88dfa7550f80af89e0eb151d63b42e39f688a1c0e0cbabcea9b05216e89"], "host": "pioncker[.]com"}, {"hashes": ["818c99fec2aa30a09921ccf803d9ea06a61e5ee7cb9fd08723496193913dfe86", "ba4dec73b5fe31e0558314905aed00bedda81639cc86dcfb23397a610154d437", "c85745a40df2c26178036737592f758834a02d9cd0d27b755e55576c808babed", "edbc8a3a4410e15b89475ee80910b7834483c99611ee06e8174aa47991ad91b1"], "host": "msr[.]pool-pay[.]com"}, {"hashes": ["1989d79448592be105ab6f1f234ea0af27c1e026aa432af52ef318796b0e8d58", "23d38422d193586d40a773cea01e9b20ad2935d94f51e036b27b9c19e63b5fb4", "5e9e1276b69aafe7717457e61f37c671f10d539ed1844462de07604fd8e6f214", "eee1c88dfa7550f80af89e0eb151d63b42e39f688a1c0e0cbabcea9b05216e89"], "host": "sndvoices[.]com"}, {"hashes": ["71987716ea01b25067278eab5961dd5e5cd8fb927a808d1799d25b41b12a5978", "818c99fec2aa30a09921ccf803d9ea06a61e5ee7cb9fd08723496193913dfe86", "c85745a40df2c26178036737592f758834a02d9cd0d27b755e55576c808babed"], "host": "www[.]google[.]com[.]au"}, {"hashes": ["a24e0b91c1cdb0c394ac924702a338aff81bcf2f1a043c277caea2f85cde91c1", "c85745a40df2c26178036737592f758834a02d9cd0d27b755e55576c808babed", "edbc8a3a4410e15b89475ee80910b7834483c99611ee06e8174aa47991ad91b1"], "host": "api[.]ipify[.]org"}, {"hashes": ["1989d79448592be105ab6f1f234ea0af27c1e026aa432af52ef318796b0e8d58", "23d38422d193586d40a773cea01e9b20ad2935d94f51e036b27b9c19e63b5fb4", "5e9e1276b69aafe7717457e61f37c671f10d539ed1844462de07604fd8e6f214"], "host": "myysuper[.]com"}, {"hashes": ["1989d79448592be105ab6f1f234ea0af27c1e026aa432af52ef318796b0e8d58", "23d38422d193586d40a773cea01e9b20ad2935d94f51e036b27b9c19e63b5fb4", "5e9e1276b69aafe7717457e61f37c671f10d539ed1844462de07604fd8e6f214"], "host": "thirdptop[.]com"}, {"hashes": ["23d38422d193586d40a773cea01e9b20ad2935d94f51e036b27b9c19e63b5fb4", "5e9e1276b69aafe7717457e61f37c671f10d539ed1844462de07604fd8e6f214", "eee1c88dfa7550f80af89e0eb151d63b42e39f688a1c0e0cbabcea9b05216e89"], "host": "swebgames[.]site"}, {"hashes": ["23d38422d193586d40a773cea01e9b20ad2935d94f51e036b27b9c19e63b5fb4", "5e9e1276b69aafe7717457e61f37c671f10d539ed1844462de07604fd8e6f214", "eee1c88dfa7550f80af89e0eb151d63b42e39f688a1c0e0cbabcea9b05216e89"], "host": "translate[.]googleapis[.]com"}, {"hashes": ["23d38422d193586d40a773cea01e9b20ad2935d94f51e036b27b9c19e63b5fb4", "5e9e1276b69aafe7717457e61f37c671f10d539ed1844462de07604fd8e6f214", "eee1c88dfa7550f80af89e0eb151d63b42e39f688a1c0e0cbabcea9b05216e89"], "host": "clients[.]l[.]google[.]com"}, {"hashes": ["23d38422d193586d40a773cea01e9b20ad2935d94f51e036b27b9c19e63b5fb4", "5e9e1276b69aafe7717457e61f37c671f10d539ed1844462de07604fd8e6f214", "eee1c88dfa7550f80af89e0eb151d63b42e39f688a1c0e0cbabcea9b05216e89"], "host": "clients4[.]google[.]com"}, {"hashes": ["23d38422d193586d40a773cea01e9b20ad2935d94f51e036b27b9c19e63b5fb4", "5e9e1276b69aafe7717457e61f37c671f10d539ed1844462de07604fd8e6f214", "eee1c88dfa7550f80af89e0eb151d63b42e39f688a1c0e0cbabcea9b05216e89"], "host": "clients2[.]google[.]com"}, {"hashes": ["23d38422d193586d40a773cea01e9b20ad2935d94f51e036b27b9c19e63b5fb4", "5e9e1276b69aafe7717457e61f37c671f10d539ed1844462de07604fd8e6f214", "eee1c88dfa7550f80af89e0eb151d63b42e39f688a1c0e0cbabcea9b05216e89"], "host": "alhadithhazro[.]github[.]io"}, {"hashes": ["23d38422d193586d40a773cea01e9b20ad2935d94f51e036b27b9c19e63b5fb4", "5e9e1276b69aafe7717457e61f37c671f10d539ed1844462de07604fd8e6f214", "eee1c88dfa7550f80af89e0eb151d63b42e39f688a1c0e0cbabcea9b05216e89"], "host": "cdnjs[.]cloudflare[.]com"}, {"hashes": ["23d38422d193586d40a773cea01e9b20ad2935d94f51e036b27b9c19e63b5fb4", "5e9e1276b69aafe7717457e61f37c671f10d539ed1844462de07604fd8e6f214", "eee1c88dfa7550f80af89e0eb151d63b42e39f688a1c0e0cbabcea9b05216e89"], "host": "setbird[.]site"}, {"hashes": ["23d38422d193586d40a773cea01e9b20ad2935d94f51e036b27b9c19e63b5fb4", "5e9e1276b69aafe7717457e61f37c671f10d539ed1844462de07604fd8e6f214", "eee1c88dfa7550f80af89e0eb151d63b42e39f688a1c0e0cbabcea9b05216e89"], "host": "cdn[.]webrtc-experiment[.]com"}, {"hashes": ["1989d79448592be105ab6f1f234ea0af27c1e026aa432af52ef318796b0e8d58", "23d38422d193586d40a773cea01e9b20ad2935d94f51e036b27b9c19e63b5fb4", "5e9e1276b69aafe7717457e61f37c671f10d539ed1844462de07604fd8e6f214"], "host": "2makestorage[.]com"}, {"hashes": ["23d38422d193586d40a773cea01e9b20ad2935d94f51e036b27b9c19e63b5fb4", "5e9e1276b69aafe7717457e61f37c671f10d539ed1844462de07604fd8e6f214", "eee1c88dfa7550f80af89e0eb151d63b42e39f688a1c0e0cbabcea9b05216e89"], "host": "humisnee[.]com"}, {"hashes": ["ba4dec73b5fe31e0558314905aed00bedda81639cc86dcfb23397a610154d437", "edbc8a3a4410e15b89475ee80910b7834483c99611ee06e8174aa47991ad91b1"], "host": "www[.]google[.]co[.]uk"}], "file": [{"hashes": ["1989d79448592be105ab6f1f234ea0af27c1e026aa432af52ef318796b0e8d58", "23d38422d193586d40a773cea01e9b20ad2935d94f51e036b27b9c19e63b5fb4", "4d3739cee22be1965a27e0a93d86f9ec687da085bda0316bc2b3d5b91dab8c66", "5e9e1276b69aafe7717457e61f37c671f10d539ed1844462de07604fd8e6f214", "71987716ea01b25067278eab5961dd5e5cd8fb927a808d1799d25b41b12a5978", "818c99fec2aa30a09921ccf803d9ea06a61e5ee7cb9fd08723496193913dfe86", "94aa2b152bc6fcccef890e6171571098fc13b2f4bff3c6a266c5322bdcb5cb0e", "a24e0b91c1cdb0c394ac924702a338aff81bcf2f1a043c277caea2f85cde91c1", "ba4dec73b5fe31e0558314905aed00bedda81639cc86dcfb23397a610154d437", "c85745a40df2c26178036737592f758834a02d9cd0d27b755e55576c808babed", "d250bc1a48c31bc22668874060b6bb14cffe0141fd2d24dc91abccfdcef5525b", "edbc8a3a4410e15b89475ee80910b7834483c99611ee06e8174aa47991ad91b1", "eee1c88dfa7550f80af89e0eb151d63b42e39f688a1c0e0cbabcea9b05216e89"], "path": "%TEMP%\\<random, matching '[a-z]{8}'>.exe"}, {"hashes": ["4d3739cee22be1965a27e0a93d86f9ec687da085bda0316bc2b3d5b91dab8c66", "71987716ea01b25067278eab5961dd5e5cd8fb927a808d1799d25b41b12a5978", "818c99fec2aa30a09921ccf803d9ea06a61e5ee7cb9fd08723496193913dfe86", "94aa2b152bc6fcccef890e6171571098fc13b2f4bff3c6a266c5322bdcb5cb0e", "a24e0b91c1cdb0c394ac924702a338aff81bcf2f1a043c277caea2f85cde91c1", "ba4dec73b5fe31e0558314905aed00bedda81639cc86dcfb23397a610154d437", "c85745a40df2c26178036737592f758834a02d9cd0d27b755e55576c808babed", "d250bc1a48c31bc22668874060b6bb14cffe0141fd2d24dc91abccfdcef5525b", "edbc8a3a4410e15b89475ee80910b7834483c99611ee06e8174aa47991ad91b1"], "path": "%SystemRoot%\\SysWOW64\\config\\systemprofile"}, {"hashes": ["4d3739cee22be1965a27e0a93d86f9ec687da085bda0316bc2b3d5b91dab8c66", "71987716ea01b25067278eab5961dd5e5cd8fb927a808d1799d25b41b12a5978", "818c99fec2aa30a09921ccf803d9ea06a61e5ee7cb9fd08723496193913dfe86", "94aa2b152bc6fcccef890e6171571098fc13b2f4bff3c6a266c5322bdcb5cb0e", "a24e0b91c1cdb0c394ac924702a338aff81bcf2f1a043c277caea2f85cde91c1", "ba4dec73b5fe31e0558314905aed00bedda81639cc86dcfb23397a610154d437", "c85745a40df2c26178036737592f758834a02d9cd0d27b755e55576c808babed", "d250bc1a48c31bc22668874060b6bb14cffe0141fd2d24dc91abccfdcef5525b", "edbc8a3a4410e15b89475ee80910b7834483c99611ee06e8174aa47991ad91b1"], "path": "%SystemRoot%\\SysWOW64\\config\\systemprofile:.repos"}, {"hashes": ["4d3739cee22be1965a27e0a93d86f9ec687da085bda0316bc2b3d5b91dab8c66", "71987716ea01b25067278eab5961dd5e5cd8fb927a808d1799d25b41b12a5978", "818c99fec2aa30a09921ccf803d9ea06a61e5ee7cb9fd08723496193913dfe86", "94aa2b152bc6fcccef890e6171571098fc13b2f4bff3c6a266c5322bdcb5cb0e", "a24e0b91c1cdb0c394ac924702a338aff81bcf2f1a043c277caea2f85cde91c1", "ba4dec73b5fe31e0558314905aed00bedda81639cc86dcfb23397a610154d437", "c85745a40df2c26178036737592f758834a02d9cd0d27b755e55576c808babed", "d250bc1a48c31bc22668874060b6bb14cffe0141fd2d24dc91abccfdcef5525b", "edbc8a3a4410e15b89475ee80910b7834483c99611ee06e8174aa47991ad91b1"], "path": "%SystemRoot%\\SysWOW64\\<random, matching '[a-z]{8}'>"}, {"hashes": ["4d3739cee22be1965a27e0a93d86f9ec687da085bda0316bc2b3d5b91dab8c66", "71987716ea01b25067278eab5961dd5e5cd8fb927a808d1799d25b41b12a5978", "818c99fec2aa30a09921ccf803d9ea06a61e5ee7cb9fd08723496193913dfe86", "94aa2b152bc6fcccef890e6171571098fc13b2f4bff3c6a266c5322bdcb5cb0e", "a24e0b91c1cdb0c394ac924702a338aff81bcf2f1a043c277caea2f85cde91c1", "ba4dec73b5fe31e0558314905aed00bedda81639cc86dcfb23397a610154d437", "c85745a40df2c26178036737592f758834a02d9cd0d27b755e55576c808babed", "d250bc1a48c31bc22668874060b6bb14cffe0141fd2d24dc91abccfdcef5525b", "edbc8a3a4410e15b89475ee80910b7834483c99611ee06e8174aa47991ad91b1"], "path": "%System32%\\config\\systemprofile:.repos"}, {"hashes": ["4d3739cee22be1965a27e0a93d86f9ec687da085bda0316bc2b3d5b91dab8c66", "71987716ea01b25067278eab5961dd5e5cd8fb927a808d1799d25b41b12a5978", "94aa2b152bc6fcccef890e6171571098fc13b2f4bff3c6a266c5322bdcb5cb0e", "a24e0b91c1cdb0c394ac924702a338aff81bcf2f1a043c277caea2f85cde91c1", "ba4dec73b5fe31e0558314905aed00bedda81639cc86dcfb23397a610154d437"], "path": "%System32%\\<random, matching '[a-z]{8}\\[a-z]{6,8}'>.exe (copy)"}, {"hashes": ["1989d79448592be105ab6f1f234ea0af27c1e026aa432af52ef318796b0e8d58", "23d38422d193586d40a773cea01e9b20ad2935d94f51e036b27b9c19e63b5fb4", "5e9e1276b69aafe7717457e61f37c671f10d539ed1844462de07604fd8e6f214", "eee1c88dfa7550f80af89e0eb151d63b42e39f688a1c0e0cbabcea9b05216e89"], "path": "%SystemRoot%\\Logs\\CBS\\CBS.log"}, {"hashes": ["1989d79448592be105ab6f1f234ea0af27c1e026aa432af52ef318796b0e8d58", "23d38422d193586d40a773cea01e9b20ad2935d94f51e036b27b9c19e63b5fb4", "5e9e1276b69aafe7717457e61f37c671f10d539ed1844462de07604fd8e6f214", "eee1c88dfa7550f80af89e0eb151d63b42e39f688a1c0e0cbabcea9b05216e89"], "path": "%SystemRoot%\\rss"}, {"hashes": ["1989d79448592be105ab6f1f234ea0af27c1e026aa432af52ef318796b0e8d58", "23d38422d193586d40a773cea01e9b20ad2935d94f51e036b27b9c19e63b5fb4", "5e9e1276b69aafe7717457e61f37c671f10d539ed1844462de07604fd8e6f214", "eee1c88dfa7550f80af89e0eb151d63b42e39f688a1c0e0cbabcea9b05216e89"], "path": "%SystemRoot%\\rss\\csrss.exe"}, {"hashes": ["1989d79448592be105ab6f1f234ea0af27c1e026aa432af52ef318796b0e8d58", "23d38422d193586d40a773cea01e9b20ad2935d94f51e036b27b9c19e63b5fb4", "5e9e1276b69aafe7717457e61f37c671f10d539ed1844462de07604fd8e6f214", "eee1c88dfa7550f80af89e0eb151d63b42e39f688a1c0e0cbabcea9b05216e89"], "path": "%TEMP%\\csrss"}, {"hashes": ["1989d79448592be105ab6f1f234ea0af27c1e026aa432af52ef318796b0e8d58", "23d38422d193586d40a773cea01e9b20ad2935d94f51e036b27b9c19e63b5fb4", "5e9e1276b69aafe7717457e61f37c671f10d539ed1844462de07604fd8e6f214", "eee1c88dfa7550f80af89e0eb151d63b42e39f688a1c0e0cbabcea9b05216e89"], "path": "%TEMP%\\csrss\\dsefix.exe"}, {"hashes": ["1989d79448592be105ab6f1f234ea0af27c1e026aa432af52ef318796b0e8d58", "23d38422d193586d40a773cea01e9b20ad2935d94f51e036b27b9c19e63b5fb4", "5e9e1276b69aafe7717457e61f37c671f10d539ed1844462de07604fd8e6f214", "eee1c88dfa7550f80af89e0eb151d63b42e39f688a1c0e0cbabcea9b05216e89"], "path": "%TEMP%\\csrss\\patch.exe"}, {"hashes": ["1989d79448592be105ab6f1f234ea0af27c1e026aa432af52ef318796b0e8d58", "23d38422d193586d40a773cea01e9b20ad2935d94f51e036b27b9c19e63b5fb4", "5e9e1276b69aafe7717457e61f37c671f10d539ed1844462de07604fd8e6f214", "eee1c88dfa7550f80af89e0eb151d63b42e39f688a1c0e0cbabcea9b05216e89"], "path": "%System32%\\drivers\\Winmon.sys"}, {"hashes": ["1989d79448592be105ab6f1f234ea0af27c1e026aa432af52ef318796b0e8d58", "23d38422d193586d40a773cea01e9b20ad2935d94f51e036b27b9c19e63b5fb4", "5e9e1276b69aafe7717457e61f37c671f10d539ed1844462de07604fd8e6f214", "eee1c88dfa7550f80af89e0eb151d63b42e39f688a1c0e0cbabcea9b05216e89"], "path": "%System32%\\drivers\\WinmonFS.sys"}, {"hashes": ["1989d79448592be105ab6f1f234ea0af27c1e026aa432af52ef318796b0e8d58", "23d38422d193586d40a773cea01e9b20ad2935d94f51e036b27b9c19e63b5fb4", "5e9e1276b69aafe7717457e61f37c671f10d539ed1844462de07604fd8e6f214", "eee1c88dfa7550f80af89e0eb151d63b42e39f688a1c0e0cbabcea9b05216e89"], "path": "%System32%\\drivers\\WinmonProcessMonitor.sys"}, {"hashes": ["1989d79448592be105ab6f1f234ea0af27c1e026aa432af52ef318796b0e8d58", "23d38422d193586d40a773cea01e9b20ad2935d94f51e036b27b9c19e63b5fb4", "5e9e1276b69aafe7717457e61f37c671f10d539ed1844462de07604fd8e6f214", "eee1c88dfa7550f80af89e0eb151d63b42e39f688a1c0e0cbabcea9b05216e89"], "path": "%TEMP%\\Symbols"}, {"hashes": ["1989d79448592be105ab6f1f234ea0af27c1e026aa432af52ef318796b0e8d58", "23d38422d193586d40a773cea01e9b20ad2935d94f51e036b27b9c19e63b5fb4", "5e9e1276b69aafe7717457e61f37c671f10d539ed1844462de07604fd8e6f214", "eee1c88dfa7550f80af89e0eb151d63b42e39f688a1c0e0cbabcea9b05216e89"], "path": "%TEMP%\\Symbols\\ntkrnlmp.pdb"}, {"hashes": ["1989d79448592be105ab6f1f234ea0af27c1e026aa432af52ef318796b0e8d58", "23d38422d193586d40a773cea01e9b20ad2935d94f51e036b27b9c19e63b5fb4", "5e9e1276b69aafe7717457e61f37c671f10d539ed1844462de07604fd8e6f214", "eee1c88dfa7550f80af89e0eb151d63b42e39f688a1c0e0cbabcea9b05216e89"], "path": "%TEMP%\\Symbols\\ntkrnlmp.pdb\\9E22A5947A15489895CE716436B45BE02"}, {"hashes": ["1989d79448592be105ab6f1f234ea0af27c1e026aa432af52ef318796b0e8d58", "23d38422d193586d40a773cea01e9b20ad2935d94f51e036b27b9c19e63b5fb4", "5e9e1276b69aafe7717457e61f37c671f10d539ed1844462de07604fd8e6f214", "eee1c88dfa7550f80af89e0eb151d63b42e39f688a1c0e0cbabcea9b05216e89"], "path": "%TEMP%\\Symbols\\ntkrnlmp.pdb\\9E22A5947A15489895CE716436B45BE02\\download.error"}, {"hashes": ["1989d79448592be105ab6f1f234ea0af27c1e026aa432af52ef318796b0e8d58", "23d38422d193586d40a773cea01e9b20ad2935d94f51e036b27b9c19e63b5fb4", "5e9e1276b69aafe7717457e61f37c671f10d539ed1844462de07604fd8e6f214", "eee1c88dfa7550f80af89e0eb151d63b42e39f688a1c0e0cbabcea9b05216e89"], "path": "%TEMP%\\Symbols\\pingme.txt"}, {"hashes": ["1989d79448592be105ab6f1f234ea0af27c1e026aa432af52ef318796b0e8d58", "23d38422d193586d40a773cea01e9b20ad2935d94f51e036b27b9c19e63b5fb4", "5e9e1276b69aafe7717457e61f37c671f10d539ed1844462de07604fd8e6f214", "eee1c88dfa7550f80af89e0eb151d63b42e39f688a1c0e0cbabcea9b05216e89"], "path": "%TEMP%\\Symbols\\winload_prod.pdb"}, {"hashes": ["1989d79448592be105ab6f1f234ea0af27c1e026aa432af52ef318796b0e8d58", "23d38422d193586d40a773cea01e9b20ad2935d94f51e036b27b9c19e63b5fb4", "5e9e1276b69aafe7717457e61f37c671f10d539ed1844462de07604fd8e6f214", "eee1c88dfa7550f80af89e0eb151d63b42e39f688a1c0e0cbabcea9b05216e89"], "path": "%TEMP%\\Symbols\\winload_prod.pdb\\B7B16B17E078406E806A050C8BEE2E361"}, {"hashes": ["1989d79448592be105ab6f1f234ea0af27c1e026aa432af52ef318796b0e8d58", "23d38422d193586d40a773cea01e9b20ad2935d94f51e036b27b9c19e63b5fb4", "5e9e1276b69aafe7717457e61f37c671f10d539ed1844462de07604fd8e6f214", "eee1c88dfa7550f80af89e0eb151d63b42e39f688a1c0e0cbabcea9b05216e89"], "path": "%TEMP%\\Symbols\\winload_prod.pdb\\B7B16B17E078406E806A050C8BEE2E361\\download.error"}, {"hashes": ["1989d79448592be105ab6f1f234ea0af27c1e026aa432af52ef318796b0e8d58", "23d38422d193586d40a773cea01e9b20ad2935d94f51e036b27b9c19e63b5fb4", "5e9e1276b69aafe7717457e61f37c671f10d539ed1844462de07604fd8e6f214", "eee1c88dfa7550f80af89e0eb151d63b42e39f688a1c0e0cbabcea9b05216e89"], "path": "%TEMP%\\dbghelp.dll"}, {"hashes": ["1989d79448592be105ab6f1f234ea0af27c1e026aa432af52ef318796b0e8d58", "23d38422d193586d40a773cea01e9b20ad2935d94f51e036b27b9c19e63b5fb4", "5e9e1276b69aafe7717457e61f37c671f10d539ed1844462de07604fd8e6f214", "eee1c88dfa7550f80af89e0eb151d63b42e39f688a1c0e0cbabcea9b05216e89"], "path": "%TEMP%\\symsrv.dll"}, {"hashes": ["1989d79448592be105ab6f1f234ea0af27c1e026aa432af52ef318796b0e8d58", "23d38422d193586d40a773cea01e9b20ad2935d94f51e036b27b9c19e63b5fb4", "5e9e1276b69aafe7717457e61f37c671f10d539ed1844462de07604fd8e6f214", "eee1c88dfa7550f80af89e0eb151d63b42e39f688a1c0e0cbabcea9b05216e89"], "path": "%TEMP%\\csrss\\DBG0.tmp"}, {"hashes": ["1989d79448592be105ab6f1f234ea0af27c1e026aa432af52ef318796b0e8d58", "23d38422d193586d40a773cea01e9b20ad2935d94f51e036b27b9c19e63b5fb4", "5e9e1276b69aafe7717457e61f37c671f10d539ed1844462de07604fd8e6f214", "eee1c88dfa7550f80af89e0eb151d63b42e39f688a1c0e0cbabcea9b05216e89"], "path": "%System32%\\Tasks\\ScheduledUpdate"}, {"hashes": ["1989d79448592be105ab6f1f234ea0af27c1e026aa432af52ef318796b0e8d58", "23d38422d193586d40a773cea01e9b20ad2935d94f51e036b27b9c19e63b5fb4", "5e9e1276b69aafe7717457e61f37c671f10d539ed1844462de07604fd8e6f214", "eee1c88dfa7550f80af89e0eb151d63b42e39f688a1c0e0cbabcea9b05216e89"], "path": "%System32%\\Tasks\\csrss"}, {"hashes": ["1989d79448592be105ab6f1f234ea0af27c1e026aa432af52ef318796b0e8d58", "23d38422d193586d40a773cea01e9b20ad2935d94f51e036b27b9c19e63b5fb4", "5e9e1276b69aafe7717457e61f37c671f10d539ed1844462de07604fd8e6f214", "eee1c88dfa7550f80af89e0eb151d63b42e39f688a1c0e0cbabcea9b05216e89"], "path": "%TEMP%\\csrss\\u20200626.exe"}, {"hashes": ["1989d79448592be105ab6f1f234ea0af27c1e026aa432af52ef318796b0e8d58", "23d38422d193586d40a773cea01e9b20ad2935d94f51e036b27b9c19e63b5fb4", "5e9e1276b69aafe7717457e61f37c671f10d539ed1844462de07604fd8e6f214", "eee1c88dfa7550f80af89e0eb151d63b42e39f688a1c0e0cbabcea9b05216e89"], "path": "%TEMP%\\csrss\\m672.exe"}, {"hashes": ["1989d79448592be105ab6f1f234ea0af27c1e026aa432af52ef318796b0e8d58", "23d38422d193586d40a773cea01e9b20ad2935d94f51e036b27b9c19e63b5fb4", "5e9e1276b69aafe7717457e61f37c671f10d539ed1844462de07604fd8e6f214", "eee1c88dfa7550f80af89e0eb151d63b42e39f688a1c0e0cbabcea9b05216e89"], "path": "%TEMP%\\csrss\\mg20201223-1.exe"}, {"hashes": ["1989d79448592be105ab6f1f234ea0af27c1e026aa432af52ef318796b0e8d58", "23d38422d193586d40a773cea01e9b20ad2935d94f51e036b27b9c19e63b5fb4", "5e9e1276b69aafe7717457e61f37c671f10d539ed1844462de07604fd8e6f214", "eee1c88dfa7550f80af89e0eb151d63b42e39f688a1c0e0cbabcea9b05216e89"], "path": "%TEMP%\\csrss\\ml20201223.exe"}, {"hashes": ["1989d79448592be105ab6f1f234ea0af27c1e026aa432af52ef318796b0e8d58", "23d38422d193586d40a773cea01e9b20ad2935d94f51e036b27b9c19e63b5fb4", "5e9e1276b69aafe7717457e61f37c671f10d539ed1844462de07604fd8e6f214", "eee1c88dfa7550f80af89e0eb151d63b42e39f688a1c0e0cbabcea9b05216e89"], "path": "%TEMP%\\csrss\\ww31.exe"}, {"hashes": ["1989d79448592be105ab6f1f234ea0af27c1e026aa432af52ef318796b0e8d58", "23d38422d193586d40a773cea01e9b20ad2935d94f51e036b27b9c19e63b5fb4", "5e9e1276b69aafe7717457e61f37c671f10d539ed1844462de07604fd8e6f214", "eee1c88dfa7550f80af89e0eb151d63b42e39f688a1c0e0cbabcea9b05216e89"], "path": "%TEMP%\\csrss\\getfp.exe"}, {"hashes": ["1989d79448592be105ab6f1f234ea0af27c1e026aa432af52ef318796b0e8d58", "eee1c88dfa7550f80af89e0eb151d63b42e39f688a1c0e0cbabcea9b05216e89"], "path": "%TEMP%\\csrss\\updateprofile-15.exe"}, {"hashes": ["360643ca70455c23e649632316369a4f5b78d4f31079bb62ac8e31f082678ee4"], "path": "%TEMP%\\CC4F.tmp"}, {"hashes": ["5a308309eba7e75ef942ca1b1fd3858d475cafa2cd7c579e3a3f49043ce14cc0"], "path": "%ProgramData%:ApplicationData"}, {"hashes": ["5a308309eba7e75ef942ca1b1fd3858d475cafa2cd7c579e3a3f49043ce14cc0"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\programs.bat"}, {"hashes": ["5a308309eba7e75ef942ca1b1fd3858d475cafa2cd7c579e3a3f49043ce14cc0"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\programs.bat:start"}, {"hashes": ["5a308309eba7e75ef942ca1b1fd3858d475cafa2cd7c579e3a3f49043ce14cc0"], "path": "%ProgramData%\\$wz$images.exe"}, {"hashes": ["94aa2b152bc6fcccef890e6171571098fc13b2f4bff3c6a266c5322bdcb5cb0e"], "path": "%TEMP%\\vxsyreo.exe"}, {"hashes": ["b23fba78118e9face6efde8949e51525be2dce027352eeab823ebcac57cc92fe"], "path": "%APPDATA%\\paperships\\geo.txt"}, {"hashes": ["b23fba78118e9face6efde8949e51525be2dce027352eeab823ebcac57cc92fe"], "path": "%APPDATA%\\paperships\\noabu.exe"}, {"hashes": ["b23fba78118e9face6efde8949e51525be2dce027352eeab823ebcac57cc92fe"], "path": "%APPDATA%\\paperships\\noabud.exe"}, {"hashes": ["eee1c88dfa7550f80af89e0eb151d63b42e39f688a1c0e0cbabcea9b05216e89"], "path": "%TEMP%\\268116370"}, {"hashes": ["eee1c88dfa7550f80af89e0eb151d63b42e39f688a1c0e0cbabcea9b05216e89"], "path": "%TEMP%\\268116370-journal"}, {"hashes": ["eee1c88dfa7550f80af89e0eb151d63b42e39f688a1c0e0cbabcea9b05216e89"], "path": "%TEMP%\\866452937"}, {"hashes": ["edbc8a3a4410e15b89475ee80910b7834483c99611ee06e8174aa47991ad91b1"], "path": "%System32%\\jfkrjfp\\ehnhwhsy.exe (copy)"}], "ip": [{"hashes": ["4d3739cee22be1965a27e0a93d86f9ec687da085bda0316bc2b3d5b91dab8c66", "71987716ea01b25067278eab5961dd5e5cd8fb927a808d1799d25b41b12a5978", "818c99fec2aa30a09921ccf803d9ea06a61e5ee7cb9fd08723496193913dfe86", "94aa2b152bc6fcccef890e6171571098fc13b2f4bff3c6a266c5322bdcb5cb0e", "a24e0b91c1cdb0c394ac924702a338aff81bcf2f1a043c277caea2f85cde91c1", "ba4dec73b5fe31e0558314905aed00bedda81639cc86dcfb23397a610154d437", "c85745a40df2c26178036737592f758834a02d9cd0d27b755e55576c808babed", "d250bc1a48c31bc22668874060b6bb14cffe0141fd2d24dc91abccfdcef5525b", "edbc8a3a4410e15b89475ee80910b7834483c99611ee06e8174aa47991ad91b1"], "ip": "43[.]231[.]4[.]7"}, {"hashes": ["4d3739cee22be1965a27e0a93d86f9ec687da085bda0316bc2b3d5b91dab8c66", "71987716ea01b25067278eab5961dd5e5cd8fb927a808d1799d25b41b12a5978", "818c99fec2aa30a09921ccf803d9ea06a61e5ee7cb9fd08723496193913dfe86", "94aa2b152bc6fcccef890e6171571098fc13b2f4bff3c6a266c5322bdcb5cb0e", "a24e0b91c1cdb0c394ac924702a338aff81bcf2f1a043c277caea2f85cde91c1", "ba4dec73b5fe31e0558314905aed00bedda81639cc86dcfb23397a610154d437", "c85745a40df2c26178036737592f758834a02d9cd0d27b755e55576c808babed", "d250bc1a48c31bc22668874060b6bb14cffe0141fd2d24dc91abccfdcef5525b", "edbc8a3a4410e15b89475ee80910b7834483c99611ee06e8174aa47991ad91b1"], "ip": "185[.]254[.]190[.]218"}, {"hashes": ["71987716ea01b25067278eab5961dd5e5cd8fb927a808d1799d25b41b12a5978", "818c99fec2aa30a09921ccf803d9ea06a61e5ee7cb9fd08723496193913dfe86", "94aa2b152bc6fcccef890e6171571098fc13b2f4bff3c6a266c5322bdcb5cb0e", "a24e0b91c1cdb0c394ac924702a338aff81bcf2f1a043c277caea2f85cde91c1", "ba4dec73b5fe31e0558314905aed00bedda81639cc86dcfb23397a610154d437", "c85745a40df2c26178036737592f758834a02d9cd0d27b755e55576c808babed", "d250bc1a48c31bc22668874060b6bb14cffe0141fd2d24dc91abccfdcef5525b", "edbc8a3a4410e15b89475ee80910b7834483c99611ee06e8174aa47991ad91b1"], "ip": "157[.]240[.]18[.]174"}, {"hashes": ["71987716ea01b25067278eab5961dd5e5cd8fb927a808d1799d25b41b12a5978", "818c99fec2aa30a09921ccf803d9ea06a61e5ee7cb9fd08723496193913dfe86", "94aa2b152bc6fcccef890e6171571098fc13b2f4bff3c6a266c5322bdcb5cb0e", "a24e0b91c1cdb0c394ac924702a338aff81bcf2f1a043c277caea2f85cde91c1", "ba4dec73b5fe31e0558314905aed00bedda81639cc86dcfb23397a610154d437", "c85745a40df2c26178036737592f758834a02d9cd0d27b755e55576c808babed", "d250bc1a48c31bc22668874060b6bb14cffe0141fd2d24dc91abccfdcef5525b", "edbc8a3a4410e15b89475ee80910b7834483c99611ee06e8174aa47991ad91b1"], "ip": "217[.]172[.]179[.]54"}, {"hashes": ["71987716ea01b25067278eab5961dd5e5cd8fb927a808d1799d25b41b12a5978", "818c99fec2aa30a09921ccf803d9ea06a61e5ee7cb9fd08723496193913dfe86", "94aa2b152bc6fcccef890e6171571098fc13b2f4bff3c6a266c5322bdcb5cb0e", "a24e0b91c1cdb0c394ac924702a338aff81bcf2f1a043c277caea2f85cde91c1", "ba4dec73b5fe31e0558314905aed00bedda81639cc86dcfb23397a610154d437", "c85745a40df2c26178036737592f758834a02d9cd0d27b755e55576c808babed", "d250bc1a48c31bc22668874060b6bb14cffe0141fd2d24dc91abccfdcef5525b", "edbc8a3a4410e15b89475ee80910b7834483c99611ee06e8174aa47991ad91b1"], "ip": "5[.]9[.]72[.]48"}, {"hashes": ["71987716ea01b25067278eab5961dd5e5cd8fb927a808d1799d25b41b12a5978", "818c99fec2aa30a09921ccf803d9ea06a61e5ee7cb9fd08723496193913dfe86", "94aa2b152bc6fcccef890e6171571098fc13b2f4bff3c6a266c5322bdcb5cb0e", "a24e0b91c1cdb0c394ac924702a338aff81bcf2f1a043c277caea2f85cde91c1", "ba4dec73b5fe31e0558314905aed00bedda81639cc86dcfb23397a610154d437", "c85745a40df2c26178036737592f758834a02d9cd0d27b755e55576c808babed", "d250bc1a48c31bc22668874060b6bb14cffe0141fd2d24dc91abccfdcef5525b", "edbc8a3a4410e15b89475ee80910b7834483c99611ee06e8174aa47991ad91b1"], "ip": "130[.]0[.]232[.]208"}, {"hashes": ["71987716ea01b25067278eab5961dd5e5cd8fb927a808d1799d25b41b12a5978", "818c99fec2aa30a09921ccf803d9ea06a61e5ee7cb9fd08723496193913dfe86", "94aa2b152bc6fcccef890e6171571098fc13b2f4bff3c6a266c5322bdcb5cb0e", "a24e0b91c1cdb0c394ac924702a338aff81bcf2f1a043c277caea2f85cde91c1", "ba4dec73b5fe31e0558314905aed00bedda81639cc86dcfb23397a610154d437", "c85745a40df2c26178036737592f758834a02d9cd0d27b755e55576c808babed", "d250bc1a48c31bc22668874060b6bb14cffe0141fd2d24dc91abccfdcef5525b", "edbc8a3a4410e15b89475ee80910b7834483c99611ee06e8174aa47991ad91b1"], "ip": "144[.]76[.]108[.]82"}, {"hashes": ["71987716ea01b25067278eab5961dd5e5cd8fb927a808d1799d25b41b12a5978", "818c99fec2aa30a09921ccf803d9ea06a61e5ee7cb9fd08723496193913dfe86", "94aa2b152bc6fcccef890e6171571098fc13b2f4bff3c6a266c5322bdcb5cb0e", "a24e0b91c1cdb0c394ac924702a338aff81bcf2f1a043c277caea2f85cde91c1", "ba4dec73b5fe31e0558314905aed00bedda81639cc86dcfb23397a610154d437", "c85745a40df2c26178036737592f758834a02d9cd0d27b755e55576c808babed", "d250bc1a48c31bc22668874060b6bb14cffe0141fd2d24dc91abccfdcef5525b", "edbc8a3a4410e15b89475ee80910b7834483c99611ee06e8174aa47991ad91b1"], "ip": "185[.]253[.]217[.]20"}, {"hashes": ["71987716ea01b25067278eab5961dd5e5cd8fb927a808d1799d25b41b12a5978", "818c99fec2aa30a09921ccf803d9ea06a61e5ee7cb9fd08723496193913dfe86", "94aa2b152bc6fcccef890e6171571098fc13b2f4bff3c6a266c5322bdcb5cb0e", "a24e0b91c1cdb0c394ac924702a338aff81bcf2f1a043c277caea2f85cde91c1", "ba4dec73b5fe31e0558314905aed00bedda81639cc86dcfb23397a610154d437", "c85745a40df2c26178036737592f758834a02d9cd0d27b755e55576c808babed", "d250bc1a48c31bc22668874060b6bb14cffe0141fd2d24dc91abccfdcef5525b", "edbc8a3a4410e15b89475ee80910b7834483c99611ee06e8174aa47991ad91b1"], "ip": "45[.]90[.]34[.]87"}, {"hashes": ["71987716ea01b25067278eab5961dd5e5cd8fb927a808d1799d25b41b12a5978", "818c99fec2aa30a09921ccf803d9ea06a61e5ee7cb9fd08723496193913dfe86", "94aa2b152bc6fcccef890e6171571098fc13b2f4bff3c6a266c5322bdcb5cb0e", "ba4dec73b5fe31e0558314905aed00bedda81639cc86dcfb23397a610154d437", "c85745a40df2c26178036737592f758834a02d9cd0d27b755e55576c808babed", "d250bc1a48c31bc22668874060b6bb14cffe0141fd2d24dc91abccfdcef5525b", "edbc8a3a4410e15b89475ee80910b7834483c99611ee06e8174aa47991ad91b1"], "ip": "172[.]217[.]12[.]132"}, {"hashes": ["71987716ea01b25067278eab5961dd5e5cd8fb927a808d1799d25b41b12a5978", "818c99fec2aa30a09921ccf803d9ea06a61e5ee7cb9fd08723496193913dfe86", "94aa2b152bc6fcccef890e6171571098fc13b2f4bff3c6a266c5322bdcb5cb0e", "ba4dec73b5fe31e0558314905aed00bedda81639cc86dcfb23397a610154d437", "c85745a40df2c26178036737592f758834a02d9cd0d27b755e55576c808babed", "d250bc1a48c31bc22668874060b6bb14cffe0141fd2d24dc91abccfdcef5525b", "edbc8a3a4410e15b89475ee80910b7834483c99611ee06e8174aa47991ad91b1"], "ip": "87[.]250[.]250[.]22"}, {"hashes": ["4d3739cee22be1965a27e0a93d86f9ec687da085bda0316bc2b3d5b91dab8c66", "94aa2b152bc6fcccef890e6171571098fc13b2f4bff3c6a266c5322bdcb5cb0e", "a24e0b91c1cdb0c394ac924702a338aff81bcf2f1a043c277caea2f85cde91c1", "ba4dec73b5fe31e0558314905aed00bedda81639cc86dcfb23397a610154d437", "c85745a40df2c26178036737592f758834a02d9cd0d27b755e55576c808babed", "d250bc1a48c31bc22668874060b6bb14cffe0141fd2d24dc91abccfdcef5525b", "edbc8a3a4410e15b89475ee80910b7834483c99611ee06e8174aa47991ad91b1"], "ip": "104[.]47[.]54[.]36"}, {"hashes": ["71987716ea01b25067278eab5961dd5e5cd8fb927a808d1799d25b41b12a5978", "818c99fec2aa30a09921ccf803d9ea06a61e5ee7cb9fd08723496193913dfe86", "94aa2b152bc6fcccef890e6171571098fc13b2f4bff3c6a266c5322bdcb5cb0e", "a24e0b91c1cdb0c394ac924702a338aff81bcf2f1a043c277caea2f85cde91c1", "ba4dec73b5fe31e0558314905aed00bedda81639cc86dcfb23397a610154d437", "c85745a40df2c26178036737592f758834a02d9cd0d27b755e55576c808babed", "d250bc1a48c31bc22668874060b6bb14cffe0141fd2d24dc91abccfdcef5525b"], "ip": "23[.]216[.]244[.]163"}, {"hashes": ["818c99fec2aa30a09921ccf803d9ea06a61e5ee7cb9fd08723496193913dfe86", "94aa2b152bc6fcccef890e6171571098fc13b2f4bff3c6a266c5322bdcb5cb0e", "ba4dec73b5fe31e0558314905aed00bedda81639cc86dcfb23397a610154d437", "c85745a40df2c26178036737592f758834a02d9cd0d27b755e55576c808babed", "d250bc1a48c31bc22668874060b6bb14cffe0141fd2d24dc91abccfdcef5525b", "edbc8a3a4410e15b89475ee80910b7834483c99611ee06e8174aa47991ad91b1"], "ip": "216[.]239[.]34[.]21"}, {"hashes": ["71987716ea01b25067278eab5961dd5e5cd8fb927a808d1799d25b41b12a5978", "818c99fec2aa30a09921ccf803d9ea06a61e5ee7cb9fd08723496193913dfe86", "94aa2b152bc6fcccef890e6171571098fc13b2f4bff3c6a266c5322bdcb5cb0e", "a24e0b91c1cdb0c394ac924702a338aff81bcf2f1a043c277caea2f85cde91c1", "ba4dec73b5fe31e0558314905aed00bedda81639cc86dcfb23397a610154d437", "d250bc1a48c31bc22668874060b6bb14cffe0141fd2d24dc91abccfdcef5525b"], "ip": "216[.]239[.]36[.]21"}, {"hashes": ["71987716ea01b25067278eab5961dd5e5cd8fb927a808d1799d25b41b12a5978", "818c99fec2aa30a09921ccf803d9ea06a61e5ee7cb9fd08723496193913dfe86", "94aa2b152bc6fcccef890e6171571098fc13b2f4bff3c6a266c5322bdcb5cb0e", "a24e0b91c1cdb0c394ac924702a338aff81bcf2f1a043c277caea2f85cde91c1", "ba4dec73b5fe31e0558314905aed00bedda81639cc86dcfb23397a610154d437", "d250bc1a48c31bc22668874060b6bb14cffe0141fd2d24dc91abccfdcef5525b"], "ip": "104[.]47[.]22[.]161"}, {"hashes": ["71987716ea01b25067278eab5961dd5e5cd8fb927a808d1799d25b41b12a5978", "818c99fec2aa30a09921ccf803d9ea06a61e5ee7cb9fd08723496193913dfe86", "ba4dec73b5fe31e0558314905aed00bedda81639cc86dcfb23397a610154d437", "d250bc1a48c31bc22668874060b6bb14cffe0141fd2d24dc91abccfdcef5525b", "edbc8a3a4410e15b89475ee80910b7834483c99611ee06e8174aa47991ad91b1"], "ip": "23[.]5[.]227[.]69"}, {"hashes": ["71987716ea01b25067278eab5961dd5e5cd8fb927a808d1799d25b41b12a5978", "818c99fec2aa30a09921ccf803d9ea06a61e5ee7cb9fd08723496193913dfe86", "ba4dec73b5fe31e0558314905aed00bedda81639cc86dcfb23397a610154d437", "d250bc1a48c31bc22668874060b6bb14cffe0141fd2d24dc91abccfdcef5525b", "edbc8a3a4410e15b89475ee80910b7834483c99611ee06e8174aa47991ad91b1"], "ip": "37[.]1[.]217[.]172"}, {"hashes": ["94aa2b152bc6fcccef890e6171571098fc13b2f4bff3c6a266c5322bdcb5cb0e", "a24e0b91c1cdb0c394ac924702a338aff81bcf2f1a043c277caea2f85cde91c1", "ba4dec73b5fe31e0558314905aed00bedda81639cc86dcfb23397a610154d437", "d250bc1a48c31bc22668874060b6bb14cffe0141fd2d24dc91abccfdcef5525b", "edbc8a3a4410e15b89475ee80910b7834483c99611ee06e8174aa47991ad91b1"], "ip": "163[.]172[.]32[.]74"}, {"hashes": ["71987716ea01b25067278eab5961dd5e5cd8fb927a808d1799d25b41b12a5978", "818c99fec2aa30a09921ccf803d9ea06a61e5ee7cb9fd08723496193913dfe86", "a24e0b91c1cdb0c394ac924702a338aff81bcf2f1a043c277caea2f85cde91c1", "c85745a40df2c26178036737592f758834a02d9cd0d27b755e55576c808babed", "d250bc1a48c31bc22668874060b6bb14cffe0141fd2d24dc91abccfdcef5525b"], "ip": "23[.]10[.]134[.]216"}, {"hashes": ["818c99fec2aa30a09921ccf803d9ea06a61e5ee7cb9fd08723496193913dfe86", "ba4dec73b5fe31e0558314905aed00bedda81639cc86dcfb23397a610154d437", "c85745a40df2c26178036737592f758834a02d9cd0d27b755e55576c808babed", "edbc8a3a4410e15b89475ee80910b7834483c99611ee06e8174aa47991ad91b1"], "ip": "209[.]85[.]232[.]99"}, {"hashes": ["818c99fec2aa30a09921ccf803d9ea06a61e5ee7cb9fd08723496193913dfe86", "ba4dec73b5fe31e0558314905aed00bedda81639cc86dcfb23397a610154d437", "c85745a40df2c26178036737592f758834a02d9cd0d27b755e55576c808babed", "edbc8a3a4410e15b89475ee80910b7834483c99611ee06e8174aa47991ad91b1"], "ip": "157[.]240[.]2[.]174"}, {"hashes": ["94aa2b152bc6fcccef890e6171571098fc13b2f4bff3c6a266c5322bdcb5cb0e", "a24e0b91c1cdb0c394ac924702a338aff81bcf2f1a043c277caea2f85cde91c1", "c85745a40df2c26178036737592f758834a02d9cd0d27b755e55576c808babed", "edbc8a3a4410e15b89475ee80910b7834483c99611ee06e8174aa47991ad91b1"], "ip": "67[.]195[.]204[.]151"}, {"hashes": ["1989d79448592be105ab6f1f234ea0af27c1e026aa432af52ef318796b0e8d58", "23d38422d193586d40a773cea01e9b20ad2935d94f51e036b27b9c19e63b5fb4", "5e9e1276b69aafe7717457e61f37c671f10d539ed1844462de07604fd8e6f214", "eee1c88dfa7550f80af89e0eb151d63b42e39f688a1c0e0cbabcea9b05216e89"], "ip": "204[.]79[.]197[.]219"}, {"hashes": ["23d38422d193586d40a773cea01e9b20ad2935d94f51e036b27b9c19e63b5fb4", "5e9e1276b69aafe7717457e61f37c671f10d539ed1844462de07604fd8e6f214", "c69b9f88539107e056445c94a042726977728159b570f9a7bbda367e79a5dd8a", "eee1c88dfa7550f80af89e0eb151d63b42e39f688a1c0e0cbabcea9b05216e89"], "ip": "23[.]3[.]13[.]88"}, {"hashes": ["818c99fec2aa30a09921ccf803d9ea06a61e5ee7cb9fd08723496193913dfe86", "ba4dec73b5fe31e0558314905aed00bedda81639cc86dcfb23397a610154d437", "c85745a40df2c26178036737592f758834a02d9cd0d27b755e55576c808babed", "edbc8a3a4410e15b89475ee80910b7834483c99611ee06e8174aa47991ad91b1"], "ip": "176[.]9[.]119[.]47"}, {"hashes": ["71987716ea01b25067278eab5961dd5e5cd8fb927a808d1799d25b41b12a5978", "818c99fec2aa30a09921ccf803d9ea06a61e5ee7cb9fd08723496193913dfe86", "c85745a40df2c26178036737592f758834a02d9cd0d27b755e55576c808babed", "d250bc1a48c31bc22668874060b6bb14cffe0141fd2d24dc91abccfdcef5525b"], "ip": "184[.]85[.]151[.]184"}, {"hashes": ["94aa2b152bc6fcccef890e6171571098fc13b2f4bff3c6a266c5322bdcb5cb0e", "a24e0b91c1cdb0c394ac924702a338aff81bcf2f1a043c277caea2f85cde91c1", "ba4dec73b5fe31e0558314905aed00bedda81639cc86dcfb23397a610154d437", "c85745a40df2c26178036737592f758834a02d9cd0d27b755e55576c808babed"], "ip": "172[.]217[.]11[.]34/31"}, {"hashes": ["23d38422d193586d40a773cea01e9b20ad2935d94f51e036b27b9c19e63b5fb4", "5e9e1276b69aafe7717457e61f37c671f10d539ed1844462de07604fd8e6f214", "eee1c88dfa7550f80af89e0eb151d63b42e39f688a1c0e0cbabcea9b05216e89"], "ip": "209[.]197[.]3[.]24"}, {"hashes": ["23d38422d193586d40a773cea01e9b20ad2935d94f51e036b27b9c19e63b5fb4", "5e9e1276b69aafe7717457e61f37c671f10d539ed1844462de07604fd8e6f214", "eee1c88dfa7550f80af89e0eb151d63b42e39f688a1c0e0cbabcea9b05216e89"], "ip": "172[.]217[.]222[.]94"}, {"hashes": ["23d38422d193586d40a773cea01e9b20ad2935d94f51e036b27b9c19e63b5fb4", "5e9e1276b69aafe7717457e61f37c671f10d539ed1844462de07604fd8e6f214", "eee1c88dfa7550f80af89e0eb151d63b42e39f688a1c0e0cbabcea9b05216e89"], "ip": "173[.]194[.]68[.]95"}, {"hashes": ["ba4dec73b5fe31e0558314905aed00bedda81639cc86dcfb23397a610154d437", "c85745a40df2c26178036737592f758834a02d9cd0d27b755e55576c808babed", "d250bc1a48c31bc22668874060b6bb14cffe0141fd2d24dc91abccfdcef5525b"], "ip": "27[.]86[.]106[.]68"}, {"hashes": ["23d38422d193586d40a773cea01e9b20ad2935d94f51e036b27b9c19e63b5fb4", "5e9e1276b69aafe7717457e61f37c671f10d539ed1844462de07604fd8e6f214", "eee1c88dfa7550f80af89e0eb151d63b42e39f688a1c0e0cbabcea9b05216e89"], "ip": "172[.]67[.]222[.]187"}, {"hashes": ["23d38422d193586d40a773cea01e9b20ad2935d94f51e036b27b9c19e63b5fb4", "5e9e1276b69aafe7717457e61f37c671f10d539ed1844462de07604fd8e6f214", "eee1c88dfa7550f80af89e0eb151d63b42e39f688a1c0e0cbabcea9b05216e89"], "ip": "172[.]67[.]168[.]157"}, {"hashes": ["23d38422d193586d40a773cea01e9b20ad2935d94f51e036b27b9c19e63b5fb4", "5e9e1276b69aafe7717457e61f37c671f10d539ed1844462de07604fd8e6f214", "eee1c88dfa7550f80af89e0eb151d63b42e39f688a1c0e0cbabcea9b05216e89"], "ip": "104[.]21[.]21[.]231"}, {"hashes": ["1989d79448592be105ab6f1f234ea0af27c1e026aa432af52ef318796b0e8d58", "23d38422d193586d40a773cea01e9b20ad2935d94f51e036b27b9c19e63b5fb4", "5e9e1276b69aafe7717457e61f37c671f10d539ed1844462de07604fd8e6f214"], "ip": "172[.]67[.]164[.]1"}, {"hashes": ["23d38422d193586d40a773cea01e9b20ad2935d94f51e036b27b9c19e63b5fb4", "5e9e1276b69aafe7717457e61f37c671f10d539ed1844462de07604fd8e6f214", "eee1c88dfa7550f80af89e0eb151d63b42e39f688a1c0e0cbabcea9b05216e89"], "ip": "104[.]21[.]82[.]213"}, {"hashes": ["c85745a40df2c26178036737592f758834a02d9cd0d27b755e55576c808babed", "edbc8a3a4410e15b89475ee80910b7834483c99611ee06e8174aa47991ad91b1", "eee1c88dfa7550f80af89e0eb151d63b42e39f688a1c0e0cbabcea9b05216e89"], "ip": "209[.]85[.]232[.]102/31"}, {"hashes": ["71987716ea01b25067278eab5961dd5e5cd8fb927a808d1799d25b41b12a5978", "d250bc1a48c31bc22668874060b6bb14cffe0141fd2d24dc91abccfdcef5525b"], "ip": "211[.]231[.]108[.]46/31"}, {"hashes": ["94aa2b152bc6fcccef890e6171571098fc13b2f4bff3c6a266c5322bdcb5cb0e", "edbc8a3a4410e15b89475ee80910b7834483c99611ee06e8174aa47991ad91b1"], "ip": "66[.]218[.]87[.]15"}, {"hashes": ["b23fba78118e9face6efde8949e51525be2dce027352eeab823ebcac57cc92fe", "edbc8a3a4410e15b89475ee80910b7834483c99611ee06e8174aa47991ad91b1"], "ip": "208[.]95[.]112[.]1"}, {"hashes": ["c69b9f88539107e056445c94a042726977728159b570f9a7bbda367e79a5dd8a", "d2cc7925069b06a85f93854c5c187f006f3800b7d6d4437b62842562fc45ff4a"], "ip": "212[.]83[.]167[.]93"}, {"hashes": ["23d38422d193586d40a773cea01e9b20ad2935d94f51e036b27b9c19e63b5fb4", "5e9e1276b69aafe7717457e61f37c671f10d539ed1844462de07604fd8e6f214"], "ip": "136[.]243[.]40[.]71"}, {"hashes": ["23d38422d193586d40a773cea01e9b20ad2935d94f51e036b27b9c19e63b5fb4", "5e9e1276b69aafe7717457e61f37c671f10d539ed1844462de07604fd8e6f214"], "ip": "172[.]67[.]176[.]246"}, {"hashes": ["1989d79448592be105ab6f1f234ea0af27c1e026aa432af52ef318796b0e8d58", "23d38422d193586d40a773cea01e9b20ad2935d94f51e036b27b9c19e63b5fb4"], "ip": "172[.]67[.]128[.]242"}, {"hashes": ["23d38422d193586d40a773cea01e9b20ad2935d94f51e036b27b9c19e63b5fb4", "5e9e1276b69aafe7717457e61f37c671f10d539ed1844462de07604fd8e6f214"], "ip": "104[.]21[.]1[.]88"}, {"hashes": ["1989d79448592be105ab6f1f234ea0af27c1e026aa432af52ef318796b0e8d58", "23d38422d193586d40a773cea01e9b20ad2935d94f51e036b27b9c19e63b5fb4"], "ip": "104[.]21[.]26[.]241"}, {"hashes": ["edbc8a3a4410e15b89475ee80910b7834483c99611ee06e8174aa47991ad91b1"], "ip": "104[.]47[.]12[.]33"}, {"hashes": ["edbc8a3a4410e15b89475ee80910b7834483c99611ee06e8174aa47991ad91b1"], "ip": "104[.]111[.]99[.]5"}, {"hashes": ["818c99fec2aa30a09921ccf803d9ea06a61e5ee7cb9fd08723496193913dfe86"], "ip": "209[.]85[.]232[.]104/31"}], "mutex": [{"hashes": ["1989d79448592be105ab6f1f234ea0af27c1e026aa432af52ef318796b0e8d58", "23d38422d193586d40a773cea01e9b20ad2935d94f51e036b27b9c19e63b5fb4", "5e9e1276b69aafe7717457e61f37c671f10d539ed1844462de07604fd8e6f214", "eee1c88dfa7550f80af89e0eb151d63b42e39f688a1c0e0cbabcea9b05216e89"], "name": "Global\\SetupLog"}, {"hashes": ["1989d79448592be105ab6f1f234ea0af27c1e026aa432af52ef318796b0e8d58", "23d38422d193586d40a773cea01e9b20ad2935d94f51e036b27b9c19e63b5fb4", "5e9e1276b69aafe7717457e61f37c671f10d539ed1844462de07604fd8e6f214", "eee1c88dfa7550f80af89e0eb151d63b42e39f688a1c0e0cbabcea9b05216e89"], "name": "Global\\WdsSetupLogInit"}, {"hashes": ["1989d79448592be105ab6f1f234ea0af27c1e026aa432af52ef318796b0e8d58", "23d38422d193586d40a773cea01e9b20ad2935d94f51e036b27b9c19e63b5fb4", "5e9e1276b69aafe7717457e61f37c671f10d539ed1844462de07604fd8e6f214", "eee1c88dfa7550f80af89e0eb151d63b42e39f688a1c0e0cbabcea9b05216e89"], "name": "Global\\h48yorbq6rm87zot"}, {"hashes": ["1989d79448592be105ab6f1f234ea0af27c1e026aa432af52ef318796b0e8d58", "23d38422d193586d40a773cea01e9b20ad2935d94f51e036b27b9c19e63b5fb4", "5e9e1276b69aafe7717457e61f37c671f10d539ed1844462de07604fd8e6f214", "eee1c88dfa7550f80af89e0eb151d63b42e39f688a1c0e0cbabcea9b05216e89"], "name": "Global\\ewzy5hgt3x5sof4v"}, {"hashes": ["1989d79448592be105ab6f1f234ea0af27c1e026aa432af52ef318796b0e8d58", "23d38422d193586d40a773cea01e9b20ad2935d94f51e036b27b9c19e63b5fb4", "5e9e1276b69aafe7717457e61f37c671f10d539ed1844462de07604fd8e6f214", "eee1c88dfa7550f80af89e0eb151d63b42e39f688a1c0e0cbabcea9b05216e89"], "name": "Global\\xmrigMUTEX31337"}, {"hashes": ["1989d79448592be105ab6f1f234ea0af27c1e026aa432af52ef318796b0e8d58", "23d38422d193586d40a773cea01e9b20ad2935d94f51e036b27b9c19e63b5fb4", "5e9e1276b69aafe7717457e61f37c671f10d539ed1844462de07604fd8e6f214", "eee1c88dfa7550f80af89e0eb151d63b42e39f688a1c0e0cbabcea9b05216e89"], "name": "WininetConnectionMutex"}, {"hashes": ["1989d79448592be105ab6f1f234ea0af27c1e026aa432af52ef318796b0e8d58", "23d38422d193586d40a773cea01e9b20ad2935d94f51e036b27b9c19e63b5fb4", "5e9e1276b69aafe7717457e61f37c671f10d539ed1844462de07604fd8e6f214"], "name": "Global\\wpsSerMutex2"}, {"hashes": ["c69b9f88539107e056445c94a042726977728159b570f9a7bbda367e79a5dd8a", "d2cc7925069b06a85f93854c5c187f006f3800b7d6d4437b62842562fc45ff4a"], "name": "DNcyagdluDonKsuVmC"}, {"hashes": ["360643ca70455c23e649632316369a4f5b78d4f31079bb62ac8e31f082678ee4"], "name": "Global\\52e0e5c1-7401-11eb-b5f8-00501e3ae7b6"}], "registry": [{"hashes": ["1989d79448592be105ab6f1f234ea0af27c1e026aa432af52ef318796b0e8d58", "23d38422d193586d40a773cea01e9b20ad2935d94f51e036b27b9c19e63b5fb4", "4d3739cee22be1965a27e0a93d86f9ec687da085bda0316bc2b3d5b91dab8c66", "5e9e1276b69aafe7717457e61f37c671f10d539ed1844462de07604fd8e6f214", "71987716ea01b25067278eab5961dd5e5cd8fb927a808d1799d25b41b12a5978", "818c99fec2aa30a09921ccf803d9ea06a61e5ee7cb9fd08723496193913dfe86", "94aa2b152bc6fcccef890e6171571098fc13b2f4bff3c6a266c5322bdcb5cb0e", "a24e0b91c1cdb0c394ac924702a338aff81bcf2f1a043c277caea2f85cde91c1", "ba4dec73b5fe31e0558314905aed00bedda81639cc86dcfb23397a610154d437", "c85745a40df2c26178036737592f758834a02d9cd0d27b755e55576c808babed", "d250bc1a48c31bc22668874060b6bb14cffe0141fd2d24dc91abccfdcef5525b", "edbc8a3a4410e15b89475ee80910b7834483c99611ee06e8174aa47991ad91b1", "eee1c88dfa7550f80af89e0eb151d63b42e39f688a1c0e0cbabcea9b05216e89"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\<random, matching '[A-Z0-9]{8}'>", "value_name": "Type"}, {"hashes": ["1989d79448592be105ab6f1f234ea0af27c1e026aa432af52ef318796b0e8d58", "23d38422d193586d40a773cea01e9b20ad2935d94f51e036b27b9c19e63b5fb4", "4d3739cee22be1965a27e0a93d86f9ec687da085bda0316bc2b3d5b91dab8c66", "5e9e1276b69aafe7717457e61f37c671f10d539ed1844462de07604fd8e6f214", "71987716ea01b25067278eab5961dd5e5cd8fb927a808d1799d25b41b12a5978", "818c99fec2aa30a09921ccf803d9ea06a61e5ee7cb9fd08723496193913dfe86", "94aa2b152bc6fcccef890e6171571098fc13b2f4bff3c6a266c5322bdcb5cb0e", "a24e0b91c1cdb0c394ac924702a338aff81bcf2f1a043c277caea2f85cde91c1", "ba4dec73b5fe31e0558314905aed00bedda81639cc86dcfb23397a610154d437", "c85745a40df2c26178036737592f758834a02d9cd0d27b755e55576c808babed", "d250bc1a48c31bc22668874060b6bb14cffe0141fd2d24dc91abccfdcef5525b", "edbc8a3a4410e15b89475ee80910b7834483c99611ee06e8174aa47991ad91b1", "eee1c88dfa7550f80af89e0eb151d63b42e39f688a1c0e0cbabcea9b05216e89"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\<random, matching '[A-Z0-9]{8}'>", "value_name": "ErrorControl"}, {"hashes": ["1989d79448592be105ab6f1f234ea0af27c1e026aa432af52ef318796b0e8d58", "23d38422d193586d40a773cea01e9b20ad2935d94f51e036b27b9c19e63b5fb4", "4d3739cee22be1965a27e0a93d86f9ec687da085bda0316bc2b3d5b91dab8c66", "5e9e1276b69aafe7717457e61f37c671f10d539ed1844462de07604fd8e6f214", "71987716ea01b25067278eab5961dd5e5cd8fb927a808d1799d25b41b12a5978", "818c99fec2aa30a09921ccf803d9ea06a61e5ee7cb9fd08723496193913dfe86", "94aa2b152bc6fcccef890e6171571098fc13b2f4bff3c6a266c5322bdcb5cb0e", "a24e0b91c1cdb0c394ac924702a338aff81bcf2f1a043c277caea2f85cde91c1", "ba4dec73b5fe31e0558314905aed00bedda81639cc86dcfb23397a610154d437", "c85745a40df2c26178036737592f758834a02d9cd0d27b755e55576c808babed", "d250bc1a48c31bc22668874060b6bb14cffe0141fd2d24dc91abccfdcef5525b", "edbc8a3a4410e15b89475ee80910b7834483c99611ee06e8174aa47991ad91b1", "eee1c88dfa7550f80af89e0eb151d63b42e39f688a1c0e0cbabcea9b05216e89"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\<random, matching '[A-Z0-9]{8}'>", "value_name": "ImagePath"}, {"hashes": ["1989d79448592be105ab6f1f234ea0af27c1e026aa432af52ef318796b0e8d58", "23d38422d193586d40a773cea01e9b20ad2935d94f51e036b27b9c19e63b5fb4", "4d3739cee22be1965a27e0a93d86f9ec687da085bda0316bc2b3d5b91dab8c66", "5e9e1276b69aafe7717457e61f37c671f10d539ed1844462de07604fd8e6f214", "71987716ea01b25067278eab5961dd5e5cd8fb927a808d1799d25b41b12a5978", "818c99fec2aa30a09921ccf803d9ea06a61e5ee7cb9fd08723496193913dfe86", "94aa2b152bc6fcccef890e6171571098fc13b2f4bff3c6a266c5322bdcb5cb0e", "a24e0b91c1cdb0c394ac924702a338aff81bcf2f1a043c277caea2f85cde91c1", "ba4dec73b5fe31e0558314905aed00bedda81639cc86dcfb23397a610154d437", "c85745a40df2c26178036737592f758834a02d9cd0d27b755e55576c808babed", "d250bc1a48c31bc22668874060b6bb14cffe0141fd2d24dc91abccfdcef5525b", "edbc8a3a4410e15b89475ee80910b7834483c99611ee06e8174aa47991ad91b1", "eee1c88dfa7550f80af89e0eb151d63b42e39f688a1c0e0cbabcea9b05216e89"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\<random, matching '[A-Z0-9]{8}'>", "value_name": "DisplayName"}, {"hashes": ["1989d79448592be105ab6f1f234ea0af27c1e026aa432af52ef318796b0e8d58", "23d38422d193586d40a773cea01e9b20ad2935d94f51e036b27b9c19e63b5fb4", "4d3739cee22be1965a27e0a93d86f9ec687da085bda0316bc2b3d5b91dab8c66", "5e9e1276b69aafe7717457e61f37c671f10d539ed1844462de07604fd8e6f214", "71987716ea01b25067278eab5961dd5e5cd8fb927a808d1799d25b41b12a5978", "818c99fec2aa30a09921ccf803d9ea06a61e5ee7cb9fd08723496193913dfe86", "94aa2b152bc6fcccef890e6171571098fc13b2f4bff3c6a266c5322bdcb5cb0e", "a24e0b91c1cdb0c394ac924702a338aff81bcf2f1a043c277caea2f85cde91c1", "ba4dec73b5fe31e0558314905aed00bedda81639cc86dcfb23397a610154d437", "c85745a40df2c26178036737592f758834a02d9cd0d27b755e55576c808babed", "d250bc1a48c31bc22668874060b6bb14cffe0141fd2d24dc91abccfdcef5525b", "edbc8a3a4410e15b89475ee80910b7834483c99611ee06e8174aa47991ad91b1", "eee1c88dfa7550f80af89e0eb151d63b42e39f688a1c0e0cbabcea9b05216e89"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\<random, matching '[A-Z0-9]{8}'>", "value_name": "WOW64"}, {"hashes": ["1989d79448592be105ab6f1f234ea0af27c1e026aa432af52ef318796b0e8d58", "23d38422d193586d40a773cea01e9b20ad2935d94f51e036b27b9c19e63b5fb4", "4d3739cee22be1965a27e0a93d86f9ec687da085bda0316bc2b3d5b91dab8c66", "5e9e1276b69aafe7717457e61f37c671f10d539ed1844462de07604fd8e6f214", "71987716ea01b25067278eab5961dd5e5cd8fb927a808d1799d25b41b12a5978", "818c99fec2aa30a09921ccf803d9ea06a61e5ee7cb9fd08723496193913dfe86", "94aa2b152bc6fcccef890e6171571098fc13b2f4bff3c6a266c5322bdcb5cb0e", "a24e0b91c1cdb0c394ac924702a338aff81bcf2f1a043c277caea2f85cde91c1", "ba4dec73b5fe31e0558314905aed00bedda81639cc86dcfb23397a610154d437", "c85745a40df2c26178036737592f758834a02d9cd0d27b755e55576c808babed", "d250bc1a48c31bc22668874060b6bb14cffe0141fd2d24dc91abccfdcef5525b", "edbc8a3a4410e15b89475ee80910b7834483c99611ee06e8174aa47991ad91b1", "eee1c88dfa7550f80af89e0eb151d63b42e39f688a1c0e0cbabcea9b05216e89"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\<random, matching '[A-Z0-9]{8}'>", "value_name": "Start"}, {"hashes": ["1989d79448592be105ab6f1f234ea0af27c1e026aa432af52ef318796b0e8d58", "23d38422d193586d40a773cea01e9b20ad2935d94f51e036b27b9c19e63b5fb4", "4d3739cee22be1965a27e0a93d86f9ec687da085bda0316bc2b3d5b91dab8c66", "5e9e1276b69aafe7717457e61f37c671f10d539ed1844462de07604fd8e6f214", "71987716ea01b25067278eab5961dd5e5cd8fb927a808d1799d25b41b12a5978", "818c99fec2aa30a09921ccf803d9ea06a61e5ee7cb9fd08723496193913dfe86", "94aa2b152bc6fcccef890e6171571098fc13b2f4bff3c6a266c5322bdcb5cb0e", "a24e0b91c1cdb0c394ac924702a338aff81bcf2f1a043c277caea2f85cde91c1", "ba4dec73b5fe31e0558314905aed00bedda81639cc86dcfb23397a610154d437", "c85745a40df2c26178036737592f758834a02d9cd0d27b755e55576c808babed", "d250bc1a48c31bc22668874060b6bb14cffe0141fd2d24dc91abccfdcef5525b", "edbc8a3a4410e15b89475ee80910b7834483c99611ee06e8174aa47991ad91b1", "eee1c88dfa7550f80af89e0eb151d63b42e39f688a1c0e0cbabcea9b05216e89"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\<random, matching '[A-Z0-9]{8}'>", "value_name": null}, {"hashes": ["4d3739cee22be1965a27e0a93d86f9ec687da085bda0316bc2b3d5b91dab8c66", "71987716ea01b25067278eab5961dd5e5cd8fb927a808d1799d25b41b12a5978", "818c99fec2aa30a09921ccf803d9ea06a61e5ee7cb9fd08723496193913dfe86", "94aa2b152bc6fcccef890e6171571098fc13b2f4bff3c6a266c5322bdcb5cb0e", "a24e0b91c1cdb0c394ac924702a338aff81bcf2f1a043c277caea2f85cde91c1", "ba4dec73b5fe31e0558314905aed00bedda81639cc86dcfb23397a610154d437", "c85745a40df2c26178036737592f758834a02d9cd0d27b755e55576c808babed", "d250bc1a48c31bc22668874060b6bb14cffe0141fd2d24dc91abccfdcef5525b", "edbc8a3a4410e15b89475ee80910b7834483c99611ee06e8174aa47991ad91b1"], "key": "<HKU>\\.DEFAULT\\CONTROL PANEL\\BUSES", "value_name": null}, {"hashes": ["4d3739cee22be1965a27e0a93d86f9ec687da085bda0316bc2b3d5b91dab8c66", "71987716ea01b25067278eab5961dd5e5cd8fb927a808d1799d25b41b12a5978", "818c99fec2aa30a09921ccf803d9ea06a61e5ee7cb9fd08723496193913dfe86", "94aa2b152bc6fcccef890e6171571098fc13b2f4bff3c6a266c5322bdcb5cb0e", "a24e0b91c1cdb0c394ac924702a338aff81bcf2f1a043c277caea2f85cde91c1", "ba4dec73b5fe31e0558314905aed00bedda81639cc86dcfb23397a610154d437", "c85745a40df2c26178036737592f758834a02d9cd0d27b755e55576c808babed", "d250bc1a48c31bc22668874060b6bb14cffe0141fd2d24dc91abccfdcef5525b", "edbc8a3a4410e15b89475ee80910b7834483c99611ee06e8174aa47991ad91b1"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\<random, matching '[A-Z0-9]{8}'>", "value_name": "ObjectName"}, {"hashes": ["4d3739cee22be1965a27e0a93d86f9ec687da085bda0316bc2b3d5b91dab8c66", "71987716ea01b25067278eab5961dd5e5cd8fb927a808d1799d25b41b12a5978", "818c99fec2aa30a09921ccf803d9ea06a61e5ee7cb9fd08723496193913dfe86", "94aa2b152bc6fcccef890e6171571098fc13b2f4bff3c6a266c5322bdcb5cb0e", "a24e0b91c1cdb0c394ac924702a338aff81bcf2f1a043c277caea2f85cde91c1", "ba4dec73b5fe31e0558314905aed00bedda81639cc86dcfb23397a610154d437", "c85745a40df2c26178036737592f758834a02d9cd0d27b755e55576c808babed", "d250bc1a48c31bc22668874060b6bb14cffe0141fd2d24dc91abccfdcef5525b", "edbc8a3a4410e15b89475ee80910b7834483c99611ee06e8174aa47991ad91b1"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\<random, matching '[A-Z0-9]{8}'>", "value_name": "Description"}, {"hashes": ["71987716ea01b25067278eab5961dd5e5cd8fb927a808d1799d25b41b12a5978", "818c99fec2aa30a09921ccf803d9ea06a61e5ee7cb9fd08723496193913dfe86", "94aa2b152bc6fcccef890e6171571098fc13b2f4bff3c6a266c5322bdcb5cb0e", "a24e0b91c1cdb0c394ac924702a338aff81bcf2f1a043c277caea2f85cde91c1", "ba4dec73b5fe31e0558314905aed00bedda81639cc86dcfb23397a610154d437", "c85745a40df2c26178036737592f758834a02d9cd0d27b755e55576c808babed", "d250bc1a48c31bc22668874060b6bb14cffe0141fd2d24dc91abccfdcef5525b", "edbc8a3a4410e15b89475ee80910b7834483c99611ee06e8174aa47991ad91b1"], "key": "<HKU>\\.DEFAULT\\CONTROL PANEL\\BUSES", "value_name": "Config2"}, {"hashes": ["1989d79448592be105ab6f1f234ea0af27c1e026aa432af52ef318796b0e8d58", "23d38422d193586d40a773cea01e9b20ad2935d94f51e036b27b9c19e63b5fb4", "5e9e1276b69aafe7717457e61f37c671f10d539ed1844462de07604fd8e6f214", "eee1c88dfa7550f80af89e0eb151d63b42e39f688a1c0e0cbabcea9b05216e89"], "key": "<HKLM>\\BCD00000000\\OBJECTS\\{71A3C7FC-F751-4982-AEC1-E958357E6813}\\ELEMENTS\\16000009", "value_name": null}, {"hashes": ["1989d79448592be105ab6f1f234ea0af27c1e026aa432af52ef318796b0e8d58", "23d38422d193586d40a773cea01e9b20ad2935d94f51e036b27b9c19e63b5fb4", "5e9e1276b69aafe7717457e61f37c671f10d539ed1844462de07604fd8e6f214", "eee1c88dfa7550f80af89e0eb151d63b42e39f688a1c0e0cbabcea9b05216e89"], "key": "<HKLM>\\BCD00000000\\OBJECTS\\{71A3C7FC-F751-4982-AEC1-E958357E6813}\\ELEMENTS\\12000002", "value_name": null}, {"hashes": ["1989d79448592be105ab6f1f234ea0af27c1e026aa432af52ef318796b0e8d58", "23d38422d193586d40a773cea01e9b20ad2935d94f51e036b27b9c19e63b5fb4", "5e9e1276b69aafe7717457e61f37c671f10d539ed1844462de07604fd8e6f214", "eee1c88dfa7550f80af89e0eb151d63b42e39f688a1c0e0cbabcea9b05216e89"], "key": "<HKLM>\\BCD00000000\\OBJECTS\\{71A3C7FC-F751-4982-AEC1-E958357E6813}\\ELEMENTS\\14000006", "value_name": null}, {"hashes": ["1989d79448592be105ab6f1f234ea0af27c1e026aa432af52ef318796b0e8d58", "23d38422d193586d40a773cea01e9b20ad2935d94f51e036b27b9c19e63b5fb4", "5e9e1276b69aafe7717457e61f37c671f10d539ed1844462de07604fd8e6f214", "eee1c88dfa7550f80af89e0eb151d63b42e39f688a1c0e0cbabcea9b05216e89"], "key": "<HKLM>\\BCD00000000\\OBJECTS\\{71A3C7FC-F751-4982-AEC1-E958357E6813}\\ELEMENTS\\16000048", "value_name": null}, {"hashes": ["1989d79448592be105ab6f1f234ea0af27c1e026aa432af52ef318796b0e8d58", "23d38422d193586d40a773cea01e9b20ad2935d94f51e036b27b9c19e63b5fb4", "5e9e1276b69aafe7717457e61f37c671f10d539ed1844462de07604fd8e6f214", "eee1c88dfa7550f80af89e0eb151d63b42e39f688a1c0e0cbabcea9b05216e89"], "key": "<HKLM>\\BCD00000000\\OBJECTS\\{71A3C7FC-F751-4982-AEC1-E958357E6813}\\ELEMENTS\\25000020", "value_name": null}, {"hashes": ["1989d79448592be105ab6f1f234ea0af27c1e026aa432af52ef318796b0e8d58", "23d38422d193586d40a773cea01e9b20ad2935d94f51e036b27b9c19e63b5fb4", "5e9e1276b69aafe7717457e61f37c671f10d539ed1844462de07604fd8e6f214", "eee1c88dfa7550f80af89e0eb151d63b42e39f688a1c0e0cbabcea9b05216e89"], "key": "<HKLM>\\BCD00000000\\OBJECTS\\{71A3C7FC-F751-4982-AEC1-E958357E6813}\\ELEMENTS\\22000002", "value_name": null}, {"hashes": ["1989d79448592be105ab6f1f234ea0af27c1e026aa432af52ef318796b0e8d58", "23d38422d193586d40a773cea01e9b20ad2935d94f51e036b27b9c19e63b5fb4", "5e9e1276b69aafe7717457e61f37c671f10d539ed1844462de07604fd8e6f214", "eee1c88dfa7550f80af89e0eb151d63b42e39f688a1c0e0cbabcea9b05216e89"], "key": "<HKLM>\\BCD00000000\\OBJECTS\\{71A3C7FC-F751-4982-AEC1-E958357E6813}\\ELEMENTS\\21000001", "value_name": null}, {"hashes": ["1989d79448592be105ab6f1f234ea0af27c1e026aa432af52ef318796b0e8d58", "23d38422d193586d40a773cea01e9b20ad2935d94f51e036b27b9c19e63b5fb4", "5e9e1276b69aafe7717457e61f37c671f10d539ed1844462de07604fd8e6f214", "eee1c88dfa7550f80af89e0eb151d63b42e39f688a1c0e0cbabcea9b05216e89"], "key": "<HKLM>\\BCD00000000\\OBJECTS\\{71A3C7FC-F751-4982-AEC1-E958357E6813}\\ELEMENTS\\11000001", "value_name": null}, {"hashes": ["1989d79448592be105ab6f1f234ea0af27c1e026aa432af52ef318796b0e8d58", "23d38422d193586d40a773cea01e9b20ad2935d94f51e036b27b9c19e63b5fb4", "5e9e1276b69aafe7717457e61f37c671f10d539ed1844462de07604fd8e6f214", "eee1c88dfa7550f80af89e0eb151d63b42e39f688a1c0e0cbabcea9b05216e89"], "key": "<HKLM>\\BCD00000000\\OBJECTS\\{71A3C7FC-F751-4982-AEC1-E958357E6813}", "value_name": null}, {"hashes": ["1989d79448592be105ab6f1f234ea0af27c1e026aa432af52ef318796b0e8d58", "23d38422d193586d40a773cea01e9b20ad2935d94f51e036b27b9c19e63b5fb4", "5e9e1276b69aafe7717457e61f37c671f10d539ed1844462de07604fd8e6f214", "eee1c88dfa7550f80af89e0eb151d63b42e39f688a1c0e0cbabcea9b05216e89"], "key": "<HKLM>\\BCD00000000\\OBJECTS\\{71A3C7FC-F751-4982-AEC1-E958357E6813}\\DESCRIPTION", "value_name": null}, {"hashes": ["1989d79448592be105ab6f1f234ea0af27c1e026aa432af52ef318796b0e8d58", "23d38422d193586d40a773cea01e9b20ad2935d94f51e036b27b9c19e63b5fb4", "5e9e1276b69aafe7717457e61f37c671f10d539ed1844462de07604fd8e6f214", "eee1c88dfa7550f80af89e0eb151d63b42e39f688a1c0e0cbabcea9b05216e89"], "key": "<HKLM>\\BCD00000000\\OBJECTS\\{71A3C7FC-F751-4982-AEC1-E958357E6813}\\ELEMENTS", "value_name": null}, {"hashes": ["1989d79448592be105ab6f1f234ea0af27c1e026aa432af52ef318796b0e8d58", "23d38422d193586d40a773cea01e9b20ad2935d94f51e036b27b9c19e63b5fb4", "5e9e1276b69aafe7717457e61f37c671f10d539ed1844462de07604fd8e6f214", "eee1c88dfa7550f80af89e0eb151d63b42e39f688a1c0e0cbabcea9b05216e89"], "key": "<HKLM>\\BCD00000000\\OBJECTS\\{71A3C7FC-F751-4982-AEC1-E958357E6813}\\ELEMENTS\\12000004", "value_name": null}, {"hashes": ["1989d79448592be105ab6f1f234ea0af27c1e026aa432af52ef318796b0e8d58", "23d38422d193586d40a773cea01e9b20ad2935d94f51e036b27b9c19e63b5fb4", "5e9e1276b69aafe7717457e61f37c671f10d539ed1844462de07604fd8e6f214", "eee1c88dfa7550f80af89e0eb151d63b42e39f688a1c0e0cbabcea9b05216e89"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WINMON", "value_name": null}, {"hashes": ["1989d79448592be105ab6f1f234ea0af27c1e026aa432af52ef318796b0e8d58", "23d38422d193586d40a773cea01e9b20ad2935d94f51e036b27b9c19e63b5fb4", "5e9e1276b69aafe7717457e61f37c671f10d539ed1844462de07604fd8e6f214", "eee1c88dfa7550f80af89e0eb151d63b42e39f688a1c0e0cbabcea9b05216e89"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WINMON\\SECURITY", "value_name": null}, {"hashes": ["1989d79448592be105ab6f1f234ea0af27c1e026aa432af52ef318796b0e8d58", "23d38422d193586d40a773cea01e9b20ad2935d94f51e036b27b9c19e63b5fb4", "5e9e1276b69aafe7717457e61f37c671f10d539ed1844462de07604fd8e6f214", "eee1c88dfa7550f80af89e0eb151d63b42e39f688a1c0e0cbabcea9b05216e89"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WINMONFS\\SECURITY", "value_name": null}, {"hashes": ["1989d79448592be105ab6f1f234ea0af27c1e026aa432af52ef318796b0e8d58", "23d38422d193586d40a773cea01e9b20ad2935d94f51e036b27b9c19e63b5fb4", "5e9e1276b69aafe7717457e61f37c671f10d539ed1844462de07604fd8e6f214", "eee1c88dfa7550f80af89e0eb151d63b42e39f688a1c0e0cbabcea9b05216e89"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WINMONPROCESSMONITOR", "value_name": null}, {"hashes": ["1989d79448592be105ab6f1f234ea0af27c1e026aa432af52ef318796b0e8d58", "23d38422d193586d40a773cea01e9b20ad2935d94f51e036b27b9c19e63b5fb4", "5e9e1276b69aafe7717457e61f37c671f10d539ed1844462de07604fd8e6f214", "eee1c88dfa7550f80af89e0eb151d63b42e39f688a1c0e0cbabcea9b05216e89"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WINMONPROCESSMONITOR\\SECURITY", "value_name": null}, {"hashes": ["1989d79448592be105ab6f1f234ea0af27c1e026aa432af52ef318796b0e8d58", "23d38422d193586d40a773cea01e9b20ad2935d94f51e036b27b9c19e63b5fb4", "5e9e1276b69aafe7717457e61f37c671f10d539ed1844462de07604fd8e6f214", "eee1c88dfa7550f80af89e0eb151d63b42e39f688a1c0e0cbabcea9b05216e89"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\A1890984", "value_name": "DistributorID"}, {"hashes": ["1989d79448592be105ab6f1f234ea0af27c1e026aa432af52ef318796b0e8d58", "23d38422d193586d40a773cea01e9b20ad2935d94f51e036b27b9c19e63b5fb4", "5e9e1276b69aafe7717457e61f37c671f10d539ed1844462de07604fd8e6f214", "eee1c88dfa7550f80af89e0eb151d63b42e39f688a1c0e0cbabcea9b05216e89"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\A1890984", "value_name": "SB"}, {"hashes": ["1989d79448592be105ab6f1f234ea0af27c1e026aa432af52ef318796b0e8d58", "23d38422d193586d40a773cea01e9b20ad2935d94f51e036b27b9c19e63b5fb4", "5e9e1276b69aafe7717457e61f37c671f10d539ed1844462de07604fd8e6f214", "eee1c88dfa7550f80af89e0eb151d63b42e39f688a1c0e0cbabcea9b05216e89"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\A1890984", "value_name": "PatchTime"}, {"hashes": ["1989d79448592be105ab6f1f234ea0af27c1e026aa432af52ef318796b0e8d58", "23d38422d193586d40a773cea01e9b20ad2935d94f51e036b27b9c19e63b5fb4", "5e9e1276b69aafe7717457e61f37c671f10d539ed1844462de07604fd8e6f214", "eee1c88dfa7550f80af89e0eb151d63b42e39f688a1c0e0cbabcea9b05216e89"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\A1890984", "value_name": "PGDSE"}, {"hashes": ["1989d79448592be105ab6f1f234ea0af27c1e026aa432af52ef318796b0e8d58", "23d38422d193586d40a773cea01e9b20ad2935d94f51e036b27b9c19e63b5fb4", "5e9e1276b69aafe7717457e61f37c671f10d539ed1844462de07604fd8e6f214", "eee1c88dfa7550f80af89e0eb151d63b42e39f688a1c0e0cbabcea9b05216e89"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\A1890984", "value_name": null}, {"hashes": ["1989d79448592be105ab6f1f234ea0af27c1e026aa432af52ef318796b0e8d58", "23d38422d193586d40a773cea01e9b20ad2935d94f51e036b27b9c19e63b5fb4", "5e9e1276b69aafe7717457e61f37c671f10d539ed1844462de07604fd8e6f214", "eee1c88dfa7550f80af89e0eb151d63b42e39f688a1c0e0cbabcea9b05216e89"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\A1890984", "value_name": "Firewall"}, {"hashes": ["1989d79448592be105ab6f1f234ea0af27c1e026aa432af52ef318796b0e8d58", "23d38422d193586d40a773cea01e9b20ad2935d94f51e036b27b9c19e63b5fb4", "5e9e1276b69aafe7717457e61f37c671f10d539ed1844462de07604fd8e6f214", "eee1c88dfa7550f80af89e0eb151d63b42e39f688a1c0e0cbabcea9b05216e89"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\A1890984", "value_name": "Defender"}, {"hashes": ["1989d79448592be105ab6f1f234ea0af27c1e026aa432af52ef318796b0e8d58", "23d38422d193586d40a773cea01e9b20ad2935d94f51e036b27b9c19e63b5fb4", "5e9e1276b69aafe7717457e61f37c671f10d539ed1844462de07604fd8e6f214", "eee1c88dfa7550f80af89e0eb151d63b42e39f688a1c0e0cbabcea9b05216e89"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\A1890984", "value_name": "FirstInstallDate"}, {"hashes": ["1989d79448592be105ab6f1f234ea0af27c1e026aa432af52ef318796b0e8d58", "23d38422d193586d40a773cea01e9b20ad2935d94f51e036b27b9c19e63b5fb4", "5e9e1276b69aafe7717457e61f37c671f10d539ed1844462de07604fd8e6f214", "eee1c88dfa7550f80af89e0eb151d63b42e39f688a1c0e0cbabcea9b05216e89"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\A1890984", "value_name": "ServiceVersion"}, {"hashes": ["1989d79448592be105ab6f1f234ea0af27c1e026aa432af52ef318796b0e8d58", "23d38422d193586d40a773cea01e9b20ad2935d94f51e036b27b9c19e63b5fb4", "5e9e1276b69aafe7717457e61f37c671f10d539ed1844462de07604fd8e6f214", "eee1c88dfa7550f80af89e0eb151d63b42e39f688a1c0e0cbabcea9b05216e89"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\A1890984", "value_name": "SC"}, {"hashes": ["1989d79448592be105ab6f1f234ea0af27c1e026aa432af52ef318796b0e8d58", "23d38422d193586d40a773cea01e9b20ad2935d94f51e036b27b9c19e63b5fb4", "5e9e1276b69aafe7717457e61f37c671f10d539ed1844462de07604fd8e6f214", "eee1c88dfa7550f80af89e0eb151d63b42e39f688a1c0e0cbabcea9b05216e89"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\A1890984", "value_name": "VC"}, {"hashes": ["1989d79448592be105ab6f1f234ea0af27c1e026aa432af52ef318796b0e8d58", "23d38422d193586d40a773cea01e9b20ad2935d94f51e036b27b9c19e63b5fb4", "5e9e1276b69aafe7717457e61f37c671f10d539ed1844462de07604fd8e6f214", "eee1c88dfa7550f80af89e0eb151d63b42e39f688a1c0e0cbabcea9b05216e89"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\A1890984", "value_name": "ServersVersion"}, {"hashes": ["1989d79448592be105ab6f1f234ea0af27c1e026aa432af52ef318796b0e8d58", "23d38422d193586d40a773cea01e9b20ad2935d94f51e036b27b9c19e63b5fb4", "5e9e1276b69aafe7717457e61f37c671f10d539ed1844462de07604fd8e6f214", "eee1c88dfa7550f80af89e0eb151d63b42e39f688a1c0e0cbabcea9b05216e89"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\A1890984", "value_name": "OSArchitecture"}, {"hashes": ["1989d79448592be105ab6f1f234ea0af27c1e026aa432af52ef318796b0e8d58", "23d38422d193586d40a773cea01e9b20ad2935d94f51e036b27b9c19e63b5fb4", "5e9e1276b69aafe7717457e61f37c671f10d539ed1844462de07604fd8e6f214", "eee1c88dfa7550f80af89e0eb151d63b42e39f688a1c0e0cbabcea9b05216e89"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\A1890984", "value_name": "IsAdmin"}, {"hashes": ["1989d79448592be105ab6f1f234ea0af27c1e026aa432af52ef318796b0e8d58", "23d38422d193586d40a773cea01e9b20ad2935d94f51e036b27b9c19e63b5fb4", "5e9e1276b69aafe7717457e61f37c671f10d539ed1844462de07604fd8e6f214", "eee1c88dfa7550f80af89e0eb151d63b42e39f688a1c0e0cbabcea9b05216e89"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\A1890984", "value_name": "AV"}, {"hashes": ["1989d79448592be105ab6f1f234ea0af27c1e026aa432af52ef318796b0e8d58", "23d38422d193586d40a773cea01e9b20ad2935d94f51e036b27b9c19e63b5fb4", "5e9e1276b69aafe7717457e61f37c671f10d539ed1844462de07604fd8e6f214", "eee1c88dfa7550f80af89e0eb151d63b42e39f688a1c0e0cbabcea9b05216e89"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\A1890984", "value_name": "CPU"}, {"hashes": ["1989d79448592be105ab6f1f234ea0af27c1e026aa432af52ef318796b0e8d58", "23d38422d193586d40a773cea01e9b20ad2935d94f51e036b27b9c19e63b5fb4", "5e9e1276b69aafe7717457e61f37c671f10d539ed1844462de07604fd8e6f214", "eee1c88dfa7550f80af89e0eb151d63b42e39f688a1c0e0cbabcea9b05216e89"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\A1890984", "value_name": "GPU"}, {"hashes": ["1989d79448592be105ab6f1f234ea0af27c1e026aa432af52ef318796b0e8d58", "23d38422d193586d40a773cea01e9b20ad2935d94f51e036b27b9c19e63b5fb4", "5e9e1276b69aafe7717457e61f37c671f10d539ed1844462de07604fd8e6f214", "eee1c88dfa7550f80af89e0eb151d63b42e39f688a1c0e0cbabcea9b05216e89"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\A1890984", "value_name": "OSCaption"}, {"hashes": ["1989d79448592be105ab6f1f234ea0af27c1e026aa432af52ef318796b0e8d58", "23d38422d193586d40a773cea01e9b20ad2935d94f51e036b27b9c19e63b5fb4", "5e9e1276b69aafe7717457e61f37c671f10d539ed1844462de07604fd8e6f214", "eee1c88dfa7550f80af89e0eb151d63b42e39f688a1c0e0cbabcea9b05216e89"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\SYSTEMCERTIFICATES\\ROOT\\CERTIFICATES\\DF3C24F9BFD666761B268073FE06D1CC8D4F82A4", "value_name": null}, {"hashes": ["1989d79448592be105ab6f1f234ea0af27c1e026aa432af52ef318796b0e8d58", "23d38422d193586d40a773cea01e9b20ad2935d94f51e036b27b9c19e63b5fb4", "5e9e1276b69aafe7717457e61f37c671f10d539ed1844462de07604fd8e6f214", "eee1c88dfa7550f80af89e0eb151d63b42e39f688a1c0e0cbabcea9b05216e89"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\A1890984", "value_name": "CDN"}, {"hashes": ["1989d79448592be105ab6f1f234ea0af27c1e026aa432af52ef318796b0e8d58", "23d38422d193586d40a773cea01e9b20ad2935d94f51e036b27b9c19e63b5fb4", "5e9e1276b69aafe7717457e61f37c671f10d539ed1844462de07604fd8e6f214", "eee1c88dfa7550f80af89e0eb151d63b42e39f688a1c0e0cbabcea9b05216e89"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\A1890984", "value_name": "Servers"}, {"hashes": ["1989d79448592be105ab6f1f234ea0af27c1e026aa432af52ef318796b0e8d58", "23d38422d193586d40a773cea01e9b20ad2935d94f51e036b27b9c19e63b5fb4", "5e9e1276b69aafe7717457e61f37c671f10d539ed1844462de07604fd8e6f214", "eee1c88dfa7550f80af89e0eb151d63b42e39f688a1c0e0cbabcea9b05216e89"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\EB9C244087", "value_name": null}]}, "reports_count": 18}, "Win.Packed.njRAT-9833170-1": {"bis": [{"bi": "memory-execute-readwrite", "hashes": ["53866f76ec02d7b28ebe834130523393a4228ff644cb9ff4ba96c4b5f6eb7d35", "dbd197e117b5bab38c804eaba8b01b6618134418dffcfd63307e81dd67297b85", "f76ef7de1759f6716082b5a5dec905382c9995d2d8f3f77039488df2bcc195f0", "1032f1415153dedcd1209bdb2a83049c7af94b3c5dfaa8444a711668b44a64e7", "377ee96a9cad458044adf93f4489e073498ba035225f659ceb8f454579bcf00a", "7996eb113ec08dce2dae366b5906bdc47e308e1bd3c8021c0e5e075044973d3a", "d397d4fdf0b7d492cf6ef35cbff4f597103ae38541baa9d42ab0a70e46ada8ac", "a9c4abecd7507afbf0158e074e1cb86ce4d8fe044dda116c8c8b61ef0be17b2d", "9174438c87aedbe8ace4830cf495e79ac8017fac6a053be6c4a1e425c7127879", "b824602e58c113b6fa3bee703b305ce7afdca6f623dfd45433f1bf91b7161f88", "0db9ac0a62287da4d0b80263a45ddabc79dd3f54d6f989e89185cd63dc22e566", "c654a3b65a1618c56ec031abba4351ce8a2e4ad588e97055f300ed8315b30005", "219067b11bde409cbfe74925bba7a4edeb737bb3e7335c944b1ddd285a8121bc", "f27c56ad0fc37b98fc3eb8dd614d8b6dbaa7a85a70c4c12ae581b9b43b5e272a", "be3de999cb21edb7cc05c0c8cd9c351fe43baee6332b3cfa8e4c94bcc14f2aec"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["53866f76ec02d7b28ebe834130523393a4228ff644cb9ff4ba96c4b5f6eb7d35", "dbd197e117b5bab38c804eaba8b01b6618134418dffcfd63307e81dd67297b85", "f76ef7de1759f6716082b5a5dec905382c9995d2d8f3f77039488df2bcc195f0", "1032f1415153dedcd1209bdb2a83049c7af94b3c5dfaa8444a711668b44a64e7", "377ee96a9cad458044adf93f4489e073498ba035225f659ceb8f454579bcf00a", "7996eb113ec08dce2dae366b5906bdc47e308e1bd3c8021c0e5e075044973d3a", "d397d4fdf0b7d492cf6ef35cbff4f597103ae38541baa9d42ab0a70e46ada8ac", "a9c4abecd7507afbf0158e074e1cb86ce4d8fe044dda116c8c8b61ef0be17b2d", "9174438c87aedbe8ace4830cf495e79ac8017fac6a053be6c4a1e425c7127879", "b824602e58c113b6fa3bee703b305ce7afdca6f623dfd45433f1bf91b7161f88", "0db9ac0a62287da4d0b80263a45ddabc79dd3f54d6f989e89185cd63dc22e566", "c654a3b65a1618c56ec031abba4351ce8a2e4ad588e97055f300ed8315b30005", "219067b11bde409cbfe74925bba7a4edeb737bb3e7335c944b1ddd285a8121bc", "f27c56ad0fc37b98fc3eb8dd614d8b6dbaa7a85a70c4c12ae581b9b43b5e272a", "be3de999cb21edb7cc05c0c8cd9c351fe43baee6332b3cfa8e4c94bcc14f2aec"], "mitre_attack_tags": []}, {"bi": "cta-static-analyzer-malicious", "hashes": ["53866f76ec02d7b28ebe834130523393a4228ff644cb9ff4ba96c4b5f6eb7d35", "dbd197e117b5bab38c804eaba8b01b6618134418dffcfd63307e81dd67297b85", "f76ef7de1759f6716082b5a5dec905382c9995d2d8f3f77039488df2bcc195f0", "1032f1415153dedcd1209bdb2a83049c7af94b3c5dfaa8444a711668b44a64e7", "377ee96a9cad458044adf93f4489e073498ba035225f659ceb8f454579bcf00a", "7996eb113ec08dce2dae366b5906bdc47e308e1bd3c8021c0e5e075044973d3a", "d397d4fdf0b7d492cf6ef35cbff4f597103ae38541baa9d42ab0a70e46ada8ac", "a9c4abecd7507afbf0158e074e1cb86ce4d8fe044dda116c8c8b61ef0be17b2d", "9174438c87aedbe8ace4830cf495e79ac8017fac6a053be6c4a1e425c7127879", "b824602e58c113b6fa3bee703b305ce7afdca6f623dfd45433f1bf91b7161f88", "0db9ac0a62287da4d0b80263a45ddabc79dd3f54d6f989e89185cd63dc22e566", "c654a3b65a1618c56ec031abba4351ce8a2e4ad588e97055f300ed8315b30005", "219067b11bde409cbfe74925bba7a4edeb737bb3e7335c944b1ddd285a8121bc", "f27c56ad0fc37b98fc3eb8dd614d8b6dbaa7a85a70c4c12ae581b9b43b5e272a", "be3de999cb21edb7cc05c0c8cd9c351fe43baee6332b3cfa8e4c94bcc14f2aec"], "mitre_attack_tags": []}, {"bi": "pe-uses-dot-net", "hashes": ["53866f76ec02d7b28ebe834130523393a4228ff644cb9ff4ba96c4b5f6eb7d35", "dbd197e117b5bab38c804eaba8b01b6618134418dffcfd63307e81dd67297b85", "f76ef7de1759f6716082b5a5dec905382c9995d2d8f3f77039488df2bcc195f0", "1032f1415153dedcd1209bdb2a83049c7af94b3c5dfaa8444a711668b44a64e7", "377ee96a9cad458044adf93f4489e073498ba035225f659ceb8f454579bcf00a", "7996eb113ec08dce2dae366b5906bdc47e308e1bd3c8021c0e5e075044973d3a", "d397d4fdf0b7d492cf6ef35cbff4f597103ae38541baa9d42ab0a70e46ada8ac", "a9c4abecd7507afbf0158e074e1cb86ce4d8fe044dda116c8c8b61ef0be17b2d", "9174438c87aedbe8ace4830cf495e79ac8017fac6a053be6c4a1e425c7127879", "b824602e58c113b6fa3bee703b305ce7afdca6f623dfd45433f1bf91b7161f88", "0db9ac0a62287da4d0b80263a45ddabc79dd3f54d6f989e89185cd63dc22e566", "c654a3b65a1618c56ec031abba4351ce8a2e4ad588e97055f300ed8315b30005", "219067b11bde409cbfe74925bba7a4edeb737bb3e7335c944b1ddd285a8121bc", "f27c56ad0fc37b98fc3eb8dd614d8b6dbaa7a85a70c4c12ae581b9b43b5e272a", "be3de999cb21edb7cc05c0c8cd9c351fe43baee6332b3cfa8e4c94bcc14f2aec"], "mitre_attack_tags": []}, {"bi": "registry-disable-open-file-security-warning", "hashes": ["53866f76ec02d7b28ebe834130523393a4228ff644cb9ff4ba96c4b5f6eb7d35", "dbd197e117b5bab38c804eaba8b01b6618134418dffcfd63307e81dd67297b85", "f76ef7de1759f6716082b5a5dec905382c9995d2d8f3f77039488df2bcc195f0", "1032f1415153dedcd1209bdb2a83049c7af94b3c5dfaa8444a711668b44a64e7", "377ee96a9cad458044adf93f4489e073498ba035225f659ceb8f454579bcf00a", "7996eb113ec08dce2dae366b5906bdc47e308e1bd3c8021c0e5e075044973d3a", "d397d4fdf0b7d492cf6ef35cbff4f597103ae38541baa9d42ab0a70e46ada8ac", "a9c4abecd7507afbf0158e074e1cb86ce4d8fe044dda116c8c8b61ef0be17b2d", "9174438c87aedbe8ace4830cf495e79ac8017fac6a053be6c4a1e425c7127879", "b824602e58c113b6fa3bee703b305ce7afdca6f623dfd45433f1bf91b7161f88", "0db9ac0a62287da4d0b80263a45ddabc79dd3f54d6f989e89185cd63dc22e566", "c654a3b65a1618c56ec031abba4351ce8a2e4ad588e97055f300ed8315b30005", "219067b11bde409cbfe74925bba7a4edeb737bb3e7335c944b1ddd285a8121bc", "f27c56ad0fc37b98fc3eb8dd614d8b6dbaa7a85a70c4c12ae581b9b43b5e272a", "be3de999cb21edb7cc05c0c8cd9c351fe43baee6332b3cfa8e4c94bcc14f2aec"], "mitre_attack_tags": ["TA0005", "T1112", "T1562"]}, {"bi": "registry-parseautoexec", "hashes": ["53866f76ec02d7b28ebe834130523393a4228ff644cb9ff4ba96c4b5f6eb7d35", "dbd197e117b5bab38c804eaba8b01b6618134418dffcfd63307e81dd67297b85", "f76ef7de1759f6716082b5a5dec905382c9995d2d8f3f77039488df2bcc195f0", "1032f1415153dedcd1209bdb2a83049c7af94b3c5dfaa8444a711668b44a64e7", "377ee96a9cad458044adf93f4489e073498ba035225f659ceb8f454579bcf00a", "7996eb113ec08dce2dae366b5906bdc47e308e1bd3c8021c0e5e075044973d3a", "d397d4fdf0b7d492cf6ef35cbff4f597103ae38541baa9d42ab0a70e46ada8ac", "a9c4abecd7507afbf0158e074e1cb86ce4d8fe044dda116c8c8b61ef0be17b2d", "9174438c87aedbe8ace4830cf495e79ac8017fac6a053be6c4a1e425c7127879", "b824602e58c113b6fa3bee703b305ce7afdca6f623dfd45433f1bf91b7161f88", "0db9ac0a62287da4d0b80263a45ddabc79dd3f54d6f989e89185cd63dc22e566", "c654a3b65a1618c56ec031abba4351ce8a2e4ad588e97055f300ed8315b30005", "219067b11bde409cbfe74925bba7a4edeb737bb3e7335c944b1ddd285a8121bc", "f27c56ad0fc37b98fc3eb8dd614d8b6dbaa7a85a70c4c12ae581b9b43b5e272a", "be3de999cb21edb7cc05c0c8cd9c351fe43baee6332b3cfa8e4c94bcc14f2aec"], "mitre_attack_tags": ["TA0005", "T1112"]}, {"bi": "modified-executable", "hashes": ["53866f76ec02d7b28ebe834130523393a4228ff644cb9ff4ba96c4b5f6eb7d35", "dbd197e117b5bab38c804eaba8b01b6618134418dffcfd63307e81dd67297b85", "f76ef7de1759f6716082b5a5dec905382c9995d2d8f3f77039488df2bcc195f0", "377ee96a9cad458044adf93f4489e073498ba035225f659ceb8f454579bcf00a", "7996eb113ec08dce2dae366b5906bdc47e308e1bd3c8021c0e5e075044973d3a", "d397d4fdf0b7d492cf6ef35cbff4f597103ae38541baa9d42ab0a70e46ada8ac", "a9c4abecd7507afbf0158e074e1cb86ce4d8fe044dda116c8c8b61ef0be17b2d", "9174438c87aedbe8ace4830cf495e79ac8017fac6a053be6c4a1e425c7127879", "b824602e58c113b6fa3bee703b305ce7afdca6f623dfd45433f1bf91b7161f88", "0db9ac0a62287da4d0b80263a45ddabc79dd3f54d6f989e89185cd63dc22e566", "c654a3b65a1618c56ec031abba4351ce8a2e4ad588e97055f300ed8315b30005", "219067b11bde409cbfe74925bba7a4edeb737bb3e7335c944b1ddd285a8121bc", "f27c56ad0fc37b98fc3eb8dd614d8b6dbaa7a85a70c4c12ae581b9b43b5e272a", "be3de999cb21edb7cc05c0c8cd9c351fe43baee6332b3cfa8e4c94bcc14f2aec"], "mitre_attack_tags": []}, {"bi": "created-executable-in-user-dir", "hashes": ["53866f76ec02d7b28ebe834130523393a4228ff644cb9ff4ba96c4b5f6eb7d35", "dbd197e117b5bab38c804eaba8b01b6618134418dffcfd63307e81dd67297b85", "f76ef7de1759f6716082b5a5dec905382c9995d2d8f3f77039488df2bcc195f0", "377ee96a9cad458044adf93f4489e073498ba035225f659ceb8f454579bcf00a", "7996eb113ec08dce2dae366b5906bdc47e308e1bd3c8021c0e5e075044973d3a", "d397d4fdf0b7d492cf6ef35cbff4f597103ae38541baa9d42ab0a70e46ada8ac", "a9c4abecd7507afbf0158e074e1cb86ce4d8fe044dda116c8c8b61ef0be17b2d", "9174438c87aedbe8ace4830cf495e79ac8017fac6a053be6c4a1e425c7127879", "b824602e58c113b6fa3bee703b305ce7afdca6f623dfd45433f1bf91b7161f88", "0db9ac0a62287da4d0b80263a45ddabc79dd3f54d6f989e89185cd63dc22e566", "c654a3b65a1618c56ec031abba4351ce8a2e4ad588e97055f300ed8315b30005", "219067b11bde409cbfe74925bba7a4edeb737bb3e7335c944b1ddd285a8121bc", "f27c56ad0fc37b98fc3eb8dd614d8b6dbaa7a85a70c4c12ae581b9b43b5e272a", "be3de999cb21edb7cc05c0c8cd9c351fe43baee6332b3cfa8e4c94bcc14f2aec"], "mitre_attack_tags": []}, {"bi": "modified-file-in-user-dir", "hashes": ["53866f76ec02d7b28ebe834130523393a4228ff644cb9ff4ba96c4b5f6eb7d35", "dbd197e117b5bab38c804eaba8b01b6618134418dffcfd63307e81dd67297b85", "f76ef7de1759f6716082b5a5dec905382c9995d2d8f3f77039488df2bcc195f0", "377ee96a9cad458044adf93f4489e073498ba035225f659ceb8f454579bcf00a", "7996eb113ec08dce2dae366b5906bdc47e308e1bd3c8021c0e5e075044973d3a", "d397d4fdf0b7d492cf6ef35cbff4f597103ae38541baa9d42ab0a70e46ada8ac", "a9c4abecd7507afbf0158e074e1cb86ce4d8fe044dda116c8c8b61ef0be17b2d", "9174438c87aedbe8ace4830cf495e79ac8017fac6a053be6c4a1e425c7127879", "b824602e58c113b6fa3bee703b305ce7afdca6f623dfd45433f1bf91b7161f88", "0db9ac0a62287da4d0b80263a45ddabc79dd3f54d6f989e89185cd63dc22e566", "c654a3b65a1618c56ec031abba4351ce8a2e4ad588e97055f300ed8315b30005", "219067b11bde409cbfe74925bba7a4edeb737bb3e7335c944b1ddd285a8121bc", "f27c56ad0fc37b98fc3eb8dd614d8b6dbaa7a85a70c4c12ae581b9b43b5e272a", "be3de999cb21edb7cc05c0c8cd9c351fe43baee6332b3cfa8e4c94bcc14f2aec"], "mitre_attack_tags": []}, {"bi": "registry-autorun-key-modified", "hashes": ["53866f76ec02d7b28ebe834130523393a4228ff644cb9ff4ba96c4b5f6eb7d35", "dbd197e117b5bab38c804eaba8b01b6618134418dffcfd63307e81dd67297b85", "f76ef7de1759f6716082b5a5dec905382c9995d2d8f3f77039488df2bcc195f0", "377ee96a9cad458044adf93f4489e073498ba035225f659ceb8f454579bcf00a", "7996eb113ec08dce2dae366b5906bdc47e308e1bd3c8021c0e5e075044973d3a", "d397d4fdf0b7d492cf6ef35cbff4f597103ae38541baa9d42ab0a70e46ada8ac", "a9c4abecd7507afbf0158e074e1cb86ce4d8fe044dda116c8c8b61ef0be17b2d", "9174438c87aedbe8ace4830cf495e79ac8017fac6a053be6c4a1e425c7127879", "b824602e58c113b6fa3bee703b305ce7afdca6f623dfd45433f1bf91b7161f88", "0db9ac0a62287da4d0b80263a45ddabc79dd3f54d6f989e89185cd63dc22e566", "c654a3b65a1618c56ec031abba4351ce8a2e4ad588e97055f300ed8315b30005", "219067b11bde409cbfe74925bba7a4edeb737bb3e7335c944b1ddd285a8121bc", "f27c56ad0fc37b98fc3eb8dd614d8b6dbaa7a85a70c4c12ae581b9b43b5e272a", "be3de999cb21edb7cc05c0c8cd9c351fe43baee6332b3cfa8e4c94bcc14f2aec"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "startup-folder-modification", "hashes": ["53866f76ec02d7b28ebe834130523393a4228ff644cb9ff4ba96c4b5f6eb7d35", "dbd197e117b5bab38c804eaba8b01b6618134418dffcfd63307e81dd67297b85", "f76ef7de1759f6716082b5a5dec905382c9995d2d8f3f77039488df2bcc195f0", "377ee96a9cad458044adf93f4489e073498ba035225f659ceb8f454579bcf00a", "7996eb113ec08dce2dae366b5906bdc47e308e1bd3c8021c0e5e075044973d3a", "d397d4fdf0b7d492cf6ef35cbff4f597103ae38541baa9d42ab0a70e46ada8ac", "a9c4abecd7507afbf0158e074e1cb86ce4d8fe044dda116c8c8b61ef0be17b2d", "9174438c87aedbe8ace4830cf495e79ac8017fac6a053be6c4a1e425c7127879", "b824602e58c113b6fa3bee703b305ce7afdca6f623dfd45433f1bf91b7161f88", "0db9ac0a62287da4d0b80263a45ddabc79dd3f54d6f989e89185cd63dc22e566", "c654a3b65a1618c56ec031abba4351ce8a2e4ad588e97055f300ed8315b30005", "219067b11bde409cbfe74925bba7a4edeb737bb3e7335c944b1ddd285a8121bc", "f27c56ad0fc37b98fc3eb8dd614d8b6dbaa7a85a70c4c12ae581b9b43b5e272a", "be3de999cb21edb7cc05c0c8cd9c351fe43baee6332b3cfa8e4c94bcc14f2aec"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "netsh-firewall-generic", "hashes": ["53866f76ec02d7b28ebe834130523393a4228ff644cb9ff4ba96c4b5f6eb7d35", "dbd197e117b5bab38c804eaba8b01b6618134418dffcfd63307e81dd67297b85", "f76ef7de1759f6716082b5a5dec905382c9995d2d8f3f77039488df2bcc195f0", "377ee96a9cad458044adf93f4489e073498ba035225f659ceb8f454579bcf00a", "7996eb113ec08dce2dae366b5906bdc47e308e1bd3c8021c0e5e075044973d3a", "d397d4fdf0b7d492cf6ef35cbff4f597103ae38541baa9d42ab0a70e46ada8ac", "a9c4abecd7507afbf0158e074e1cb86ce4d8fe044dda116c8c8b61ef0be17b2d", "9174438c87aedbe8ace4830cf495e79ac8017fac6a053be6c4a1e425c7127879", "b824602e58c113b6fa3bee703b305ce7afdca6f623dfd45433f1bf91b7161f88", "0db9ac0a62287da4d0b80263a45ddabc79dd3f54d6f989e89185cd63dc22e566", "c654a3b65a1618c56ec031abba4351ce8a2e4ad588e97055f300ed8315b30005", "219067b11bde409cbfe74925bba7a4edeb737bb3e7335c944b1ddd285a8121bc", "f27c56ad0fc37b98fc3eb8dd614d8b6dbaa7a85a70c4c12ae581b9b43b5e272a", "be3de999cb21edb7cc05c0c8cd9c351fe43baee6332b3cfa8e4c94bcc14f2aec"], "mitre_attack_tags": ["TA0007", "TA0005", "T1016", "T1562"]}, {"bi": "netsh-firewall-add", "hashes": ["53866f76ec02d7b28ebe834130523393a4228ff644cb9ff4ba96c4b5f6eb7d35", "dbd197e117b5bab38c804eaba8b01b6618134418dffcfd63307e81dd67297b85", "f76ef7de1759f6716082b5a5dec905382c9995d2d8f3f77039488df2bcc195f0", "377ee96a9cad458044adf93f4489e073498ba035225f659ceb8f454579bcf00a", "7996eb113ec08dce2dae366b5906bdc47e308e1bd3c8021c0e5e075044973d3a", "d397d4fdf0b7d492cf6ef35cbff4f597103ae38541baa9d42ab0a70e46ada8ac", "a9c4abecd7507afbf0158e074e1cb86ce4d8fe044dda116c8c8b61ef0be17b2d", "9174438c87aedbe8ace4830cf495e79ac8017fac6a053be6c4a1e425c7127879", "b824602e58c113b6fa3bee703b305ce7afdca6f623dfd45433f1bf91b7161f88", "0db9ac0a62287da4d0b80263a45ddabc79dd3f54d6f989e89185cd63dc22e566", "c654a3b65a1618c56ec031abba4351ce8a2e4ad588e97055f300ed8315b30005", "219067b11bde409cbfe74925bba7a4edeb737bb3e7335c944b1ddd285a8121bc", "f27c56ad0fc37b98fc3eb8dd614d8b6dbaa7a85a70c4c12ae581b9b43b5e272a", "be3de999cb21edb7cc05c0c8cd9c351fe43baee6332b3cfa8e4c94bcc14f2aec"], "mitre_attack_tags": ["TA0005", "T1562"]}, {"bi": "malware-generic-dotnet-trojan-uses-random-guid-mutex", "hashes": ["53866f76ec02d7b28ebe834130523393a4228ff644cb9ff4ba96c4b5f6eb7d35", "dbd197e117b5bab38c804eaba8b01b6618134418dffcfd63307e81dd67297b85", "f76ef7de1759f6716082b5a5dec905382c9995d2d8f3f77039488df2bcc195f0", "377ee96a9cad458044adf93f4489e073498ba035225f659ceb8f454579bcf00a", "7996eb113ec08dce2dae366b5906bdc47e308e1bd3c8021c0e5e075044973d3a", "d397d4fdf0b7d492cf6ef35cbff4f597103ae38541baa9d42ab0a70e46ada8ac", "a9c4abecd7507afbf0158e074e1cb86ce4d8fe044dda116c8c8b61ef0be17b2d", "9174438c87aedbe8ace4830cf495e79ac8017fac6a053be6c4a1e425c7127879", "b824602e58c113b6fa3bee703b305ce7afdca6f623dfd45433f1bf91b7161f88", "0db9ac0a62287da4d0b80263a45ddabc79dd3f54d6f989e89185cd63dc22e566", "c654a3b65a1618c56ec031abba4351ce8a2e4ad588e97055f300ed8315b30005", "219067b11bde409cbfe74925bba7a4edeb737bb3e7335c944b1ddd285a8121bc", "f27c56ad0fc37b98fc3eb8dd614d8b6dbaa7a85a70c4c12ae581b9b43b5e272a", "be3de999cb21edb7cc05c0c8cd9c351fe43baee6332b3cfa8e4c94bcc14f2aec"], "mitre_attack_tags": []}, {"bi": "firewall-exception-user-dir", "hashes": ["53866f76ec02d7b28ebe834130523393a4228ff644cb9ff4ba96c4b5f6eb7d35", "dbd197e117b5bab38c804eaba8b01b6618134418dffcfd63307e81dd67297b85", "f76ef7de1759f6716082b5a5dec905382c9995d2d8f3f77039488df2bcc195f0", "377ee96a9cad458044adf93f4489e073498ba035225f659ceb8f454579bcf00a", "7996eb113ec08dce2dae366b5906bdc47e308e1bd3c8021c0e5e075044973d3a", "d397d4fdf0b7d492cf6ef35cbff4f597103ae38541baa9d42ab0a70e46ada8ac", "a9c4abecd7507afbf0158e074e1cb86ce4d8fe044dda116c8c8b61ef0be17b2d", "9174438c87aedbe8ace4830cf495e79ac8017fac6a053be6c4a1e425c7127879", "b824602e58c113b6fa3bee703b305ce7afdca6f623dfd45433f1bf91b7161f88", "0db9ac0a62287da4d0b80263a45ddabc79dd3f54d6f989e89185cd63dc22e566", "c654a3b65a1618c56ec031abba4351ce8a2e4ad588e97055f300ed8315b30005", "219067b11bde409cbfe74925bba7a4edeb737bb3e7335c944b1ddd285a8121bc", "f27c56ad0fc37b98fc3eb8dd614d8b6dbaa7a85a70c4c12ae581b9b43b5e272a", "be3de999cb21edb7cc05c0c8cd9c351fe43baee6332b3cfa8e4c94bcc14f2aec"], "mitre_attack_tags": ["TA0005", "T1562"]}, {"bi": "registry-autorun-key-temp-dir", "hashes": ["53866f76ec02d7b28ebe834130523393a4228ff644cb9ff4ba96c4b5f6eb7d35", "dbd197e117b5bab38c804eaba8b01b6618134418dffcfd63307e81dd67297b85", "f76ef7de1759f6716082b5a5dec905382c9995d2d8f3f77039488df2bcc195f0", "377ee96a9cad458044adf93f4489e073498ba035225f659ceb8f454579bcf00a", "7996eb113ec08dce2dae366b5906bdc47e308e1bd3c8021c0e5e075044973d3a", "d397d4fdf0b7d492cf6ef35cbff4f597103ae38541baa9d42ab0a70e46ada8ac", "a9c4abecd7507afbf0158e074e1cb86ce4d8fe044dda116c8c8b61ef0be17b2d", "9174438c87aedbe8ace4830cf495e79ac8017fac6a053be6c4a1e425c7127879", "b824602e58c113b6fa3bee703b305ce7afdca6f623dfd45433f1bf91b7161f88", "c654a3b65a1618c56ec031abba4351ce8a2e4ad588e97055f300ed8315b30005", "219067b11bde409cbfe74925bba7a4edeb737bb3e7335c944b1ddd285a8121bc", "f27c56ad0fc37b98fc3eb8dd614d8b6dbaa7a85a70c4c12ae581b9b43b5e272a", "be3de999cb21edb7cc05c0c8cd9c351fe43baee6332b3cfa8e4c94bcc14f2aec"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "malware-trojan-njrat-registry", "hashes": ["53866f76ec02d7b28ebe834130523393a4228ff644cb9ff4ba96c4b5f6eb7d35", "dbd197e117b5bab38c804eaba8b01b6618134418dffcfd63307e81dd67297b85", "f76ef7de1759f6716082b5a5dec905382c9995d2d8f3f77039488df2bcc195f0", "377ee96a9cad458044adf93f4489e073498ba035225f659ceb8f454579bcf00a", "7996eb113ec08dce2dae366b5906bdc47e308e1bd3c8021c0e5e075044973d3a", "d397d4fdf0b7d492cf6ef35cbff4f597103ae38541baa9d42ab0a70e46ada8ac", "a9c4abecd7507afbf0158e074e1cb86ce4d8fe044dda116c8c8b61ef0be17b2d", "9174438c87aedbe8ace4830cf495e79ac8017fac6a053be6c4a1e425c7127879", "b824602e58c113b6fa3bee703b305ce7afdca6f623dfd45433f1bf91b7161f88", "c654a3b65a1618c56ec031abba4351ce8a2e4ad588e97055f300ed8315b30005", "219067b11bde409cbfe74925bba7a4edeb737bb3e7335c944b1ddd285a8121bc", "f27c56ad0fc37b98fc3eb8dd614d8b6dbaa7a85a70c4c12ae581b9b43b5e272a", "be3de999cb21edb7cc05c0c8cd9c351fe43baee6332b3cfa8e4c94bcc14f2aec"], "mitre_attack_tags": ["TA0005", "T1112"]}, {"bi": "excessive-sample-duplication", "hashes": ["53866f76ec02d7b28ebe834130523393a4228ff644cb9ff4ba96c4b5f6eb7d35", "dbd197e117b5bab38c804eaba8b01b6618134418dffcfd63307e81dd67297b85", "377ee96a9cad458044adf93f4489e073498ba035225f659ceb8f454579bcf00a", "7996eb113ec08dce2dae366b5906bdc47e308e1bd3c8021c0e5e075044973d3a", "d397d4fdf0b7d492cf6ef35cbff4f597103ae38541baa9d42ab0a70e46ada8ac", "a9c4abecd7507afbf0158e074e1cb86ce4d8fe044dda116c8c8b61ef0be17b2d", "b824602e58c113b6fa3bee703b305ce7afdca6f623dfd45433f1bf91b7161f88", "0db9ac0a62287da4d0b80263a45ddabc79dd3f54d6f989e89185cd63dc22e566", "c654a3b65a1618c56ec031abba4351ce8a2e4ad588e97055f300ed8315b30005", "219067b11bde409cbfe74925bba7a4edeb737bb3e7335c944b1ddd285a8121bc", "f27c56ad0fc37b98fc3eb8dd614d8b6dbaa7a85a70c4c12ae581b9b43b5e272a", "be3de999cb21edb7cc05c0c8cd9c351fe43baee6332b3cfa8e4c94bcc14f2aec"], "mitre_attack_tags": ["TA0005", "TA0003"]}, {"bi": "modified-file-on-usb", "hashes": ["53866f76ec02d7b28ebe834130523393a4228ff644cb9ff4ba96c4b5f6eb7d35", "dbd197e117b5bab38c804eaba8b01b6618134418dffcfd63307e81dd67297b85", "377ee96a9cad458044adf93f4489e073498ba035225f659ceb8f454579bcf00a", "7996eb113ec08dce2dae366b5906bdc47e308e1bd3c8021c0e5e075044973d3a", "d397d4fdf0b7d492cf6ef35cbff4f597103ae38541baa9d42ab0a70e46ada8ac", "a9c4abecd7507afbf0158e074e1cb86ce4d8fe044dda116c8c8b61ef0be17b2d", "b824602e58c113b6fa3bee703b305ce7afdca6f623dfd45433f1bf91b7161f88", "0db9ac0a62287da4d0b80263a45ddabc79dd3f54d6f989e89185cd63dc22e566", "c654a3b65a1618c56ec031abba4351ce8a2e4ad588e97055f300ed8315b30005", "219067b11bde409cbfe74925bba7a4edeb737bb3e7335c944b1ddd285a8121bc", "f27c56ad0fc37b98fc3eb8dd614d8b6dbaa7a85a70c4c12ae581b9b43b5e272a", "be3de999cb21edb7cc05c0c8cd9c351fe43baee6332b3cfa8e4c94bcc14f2aec"], "mitre_attack_tags": ["TA0011", "T1092"]}, {"bi": "created-executable-on-usb", "hashes": ["53866f76ec02d7b28ebe834130523393a4228ff644cb9ff4ba96c4b5f6eb7d35", "dbd197e117b5bab38c804eaba8b01b6618134418dffcfd63307e81dd67297b85", "377ee96a9cad458044adf93f4489e073498ba035225f659ceb8f454579bcf00a", "7996eb113ec08dce2dae366b5906bdc47e308e1bd3c8021c0e5e075044973d3a", "d397d4fdf0b7d492cf6ef35cbff4f597103ae38541baa9d42ab0a70e46ada8ac", "a9c4abecd7507afbf0158e074e1cb86ce4d8fe044dda116c8c8b61ef0be17b2d", "b824602e58c113b6fa3bee703b305ce7afdca6f623dfd45433f1bf91b7161f88", "0db9ac0a62287da4d0b80263a45ddabc79dd3f54d6f989e89185cd63dc22e566", "c654a3b65a1618c56ec031abba4351ce8a2e4ad588e97055f300ed8315b30005", "219067b11bde409cbfe74925bba7a4edeb737bb3e7335c944b1ddd285a8121bc", "f27c56ad0fc37b98fc3eb8dd614d8b6dbaa7a85a70c4c12ae581b9b43b5e272a", "be3de999cb21edb7cc05c0c8cd9c351fe43baee6332b3cfa8e4c94bcc14f2aec"], "mitre_attack_tags": ["TA0001", "TA0008", "T1091"]}, {"bi": "sample-copied-to-usb", "hashes": ["53866f76ec02d7b28ebe834130523393a4228ff644cb9ff4ba96c4b5f6eb7d35", "dbd197e117b5bab38c804eaba8b01b6618134418dffcfd63307e81dd67297b85", "377ee96a9cad458044adf93f4489e073498ba035225f659ceb8f454579bcf00a", "7996eb113ec08dce2dae366b5906bdc47e308e1bd3c8021c0e5e075044973d3a", "d397d4fdf0b7d492cf6ef35cbff4f597103ae38541baa9d42ab0a70e46ada8ac", "a9c4abecd7507afbf0158e074e1cb86ce4d8fe044dda116c8c8b61ef0be17b2d", "b824602e58c113b6fa3bee703b305ce7afdca6f623dfd45433f1bf91b7161f88", "0db9ac0a62287da4d0b80263a45ddabc79dd3f54d6f989e89185cd63dc22e566", "c654a3b65a1618c56ec031abba4351ce8a2e4ad588e97055f300ed8315b30005", "219067b11bde409cbfe74925bba7a4edeb737bb3e7335c944b1ddd285a8121bc", "f27c56ad0fc37b98fc3eb8dd614d8b6dbaa7a85a70c4c12ae581b9b43b5e272a", "be3de999cb21edb7cc05c0c8cd9c351fe43baee6332b3cfa8e4c94bcc14f2aec"], "mitre_attack_tags": ["TA0001", "TA0008", "T1091"]}, {"bi": "feed-domain-rat", "hashes": ["7996eb113ec08dce2dae366b5906bdc47e308e1bd3c8021c0e5e075044973d3a", "d397d4fdf0b7d492cf6ef35cbff4f597103ae38541baa9d42ab0a70e46ada8ac", "b824602e58c113b6fa3bee703b305ce7afdca6f623dfd45433f1bf91b7161f88", "c654a3b65a1618c56ec031abba4351ce8a2e4ad588e97055f300ed8315b30005", "219067b11bde409cbfe74925bba7a4edeb737bb3e7335c944b1ddd285a8121bc", "f27c56ad0fc37b98fc3eb8dd614d8b6dbaa7a85a70c4c12ae581b9b43b5e272a", "be3de999cb21edb7cc05c0c8cd9c351fe43baee6332b3cfa8e4c94bcc14f2aec"], "mitre_attack_tags": []}, {"bi": "feed-domain-antivirus-service", "hashes": ["7996eb113ec08dce2dae366b5906bdc47e308e1bd3c8021c0e5e075044973d3a", "d397d4fdf0b7d492cf6ef35cbff4f597103ae38541baa9d42ab0a70e46ada8ac", "b824602e58c113b6fa3bee703b305ce7afdca6f623dfd45433f1bf91b7161f88", "c654a3b65a1618c56ec031abba4351ce8a2e4ad588e97055f300ed8315b30005", "219067b11bde409cbfe74925bba7a4edeb737bb3e7335c944b1ddd285a8121bc", "f27c56ad0fc37b98fc3eb8dd614d8b6dbaa7a85a70c4c12ae581b9b43b5e272a", "be3de999cb21edb7cc05c0c8cd9c351fe43baee6332b3cfa8e4c94bcc14f2aec"], "mitre_attack_tags": []}, {"bi": "network-dns-category-dynamic", "hashes": ["7996eb113ec08dce2dae366b5906bdc47e308e1bd3c8021c0e5e075044973d3a", "d397d4fdf0b7d492cf6ef35cbff4f597103ae38541baa9d42ab0a70e46ada8ac", "b824602e58c113b6fa3bee703b305ce7afdca6f623dfd45433f1bf91b7161f88", "c654a3b65a1618c56ec031abba4351ce8a2e4ad588e97055f300ed8315b30005", "219067b11bde409cbfe74925bba7a4edeb737bb3e7335c944b1ddd285a8121bc", "f27c56ad0fc37b98fc3eb8dd614d8b6dbaa7a85a70c4c12ae581b9b43b5e272a", "be3de999cb21edb7cc05c0c8cd9c351fe43baee6332b3cfa8e4c94bcc14f2aec"], "mitre_attack_tags": []}, {"bi": "dns-query-nxdomain", "hashes": ["7996eb113ec08dce2dae366b5906bdc47e308e1bd3c8021c0e5e075044973d3a", "d397d4fdf0b7d492cf6ef35cbff4f597103ae38541baa9d42ab0a70e46ada8ac", "b824602e58c113b6fa3bee703b305ce7afdca6f623dfd45433f1bf91b7161f88", "219067b11bde409cbfe74925bba7a4edeb737bb3e7335c944b1ddd285a8121bc", "f27c56ad0fc37b98fc3eb8dd614d8b6dbaa7a85a70c4c12ae581b9b43b5e272a", "be3de999cb21edb7cc05c0c8cd9c351fe43baee6332b3cfa8e4c94bcc14f2aec"], "mitre_attack_tags": []}, {"bi": "artifact-windows-component-suspicious-creation", "hashes": ["53866f76ec02d7b28ebe834130523393a4228ff644cb9ff4ba96c4b5f6eb7d35", "7996eb113ec08dce2dae366b5906bdc47e308e1bd3c8021c0e5e075044973d3a", "a9c4abecd7507afbf0158e074e1cb86ce4d8fe044dda116c8c8b61ef0be17b2d", "9174438c87aedbe8ace4830cf495e79ac8017fac6a053be6c4a1e425c7127879", "be3de999cb21edb7cc05c0c8cd9c351fe43baee6332b3cfa8e4c94bcc14f2aec"], "mitre_attack_tags": ["TA0005", "T1036"]}, {"bi": "netbios-query", "hashes": ["7996eb113ec08dce2dae366b5906bdc47e308e1bd3c8021c0e5e075044973d3a", "d397d4fdf0b7d492cf6ef35cbff4f597103ae38541baa9d42ab0a70e46ada8ac", "b824602e58c113b6fa3bee703b305ce7afdca6f623dfd45433f1bf91b7161f88"], "mitre_attack_tags": []}, {"bi": "malware-misspell-binary", "hashes": ["b824602e58c113b6fa3bee703b305ce7afdca6f623dfd45433f1bf91b7161f88", "c654a3b65a1618c56ec031abba4351ce8a2e4ad588e97055f300ed8315b30005"], "mitre_attack_tags": []}, {"bi": "artifact-exec-extension-obfuscation", "hashes": ["1032f1415153dedcd1209bdb2a83049c7af94b3c5dfaa8444a711668b44a64e7"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "network-fast-flux-nameserver", "hashes": ["377ee96a9cad458044adf93f4489e073498ba035225f659ceb8f454579bcf00a"], "mitre_attack_tags": []}, {"bi": "dns-dynamic-domain", "hashes": ["377ee96a9cad458044adf93f4489e073498ba035225f659ceb8f454579bcf00a"], "mitre_attack_tags": ["TA0011", "T1568"]}, {"bi": "network-dns-safe-categories", "hashes": ["377ee96a9cad458044adf93f4489e073498ba035225f659ceb8f454579bcf00a"], "mitre_attack_tags": []}, {"bi": "hook-installed", "hashes": ["9174438c87aedbe8ace4830cf495e79ac8017fac6a053be6c4a1e425c7127879"], "mitre_attack_tags": ["TA0009", "TA0006", "T1056"]}, {"bi": "artifact-windows-task", "hashes": ["9174438c87aedbe8ace4830cf495e79ac8017fac6a053be6c4a1e425c7127879"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1053"]}, {"bi": "imports-IsDebuggerPresent", "hashes": ["9174438c87aedbe8ace4830cf495e79ac8017fac6a053be6c4a1e425c7127879"], "mitre_attack_tags": []}, {"bi": "windows-crash-tool-execution-detected", "hashes": ["9174438c87aedbe8ace4830cf495e79ac8017fac6a053be6c4a1e425c7127879"], "mitre_attack_tags": []}, {"bi": "crash-dump-file-created", "hashes": ["9174438c87aedbe8ace4830cf495e79ac8017fac6a053be6c4a1e425c7127879"], "mitre_attack_tags": []}, {"bi": "fault-report-file-created", "hashes": ["9174438c87aedbe8ace4830cf495e79ac8017fac6a053be6c4a1e425c7127879"], "mitre_attack_tags": []}, {"bi": "windows-os-reboot-detected", "hashes": ["9174438c87aedbe8ace4830cf495e79ac8017fac6a053be6c4a1e425c7127879"], "mitre_attack_tags": ["TA0040", "T1529"]}, {"bi": "malware-svchost-misspell", "hashes": ["b824602e58c113b6fa3bee703b305ce7afdca6f623dfd45433f1bf91b7161f88"], "mitre_attack_tags": []}, {"bi": "sample-launched-copy-of-self", "hashes": ["0db9ac0a62287da4d0b80263a45ddabc79dd3f54d6f989e89185cd63dc22e566"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "registry-autorun-key-data-dir", "hashes": ["0db9ac0a62287da4d0b80263a45ddabc79dd3f54d6f989e89185cd63dc22e566"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "unsigned-roaming-execution", "hashes": ["0db9ac0a62287da4d0b80263a45ddabc79dd3f54d6f989e89185cd63dc22e566"], "mitre_attack_tags": ["TA0005"]}, {"bi": "artifact-multiple-extensions", "hashes": ["0db9ac0a62287da4d0b80263a45ddabc79dd3f54d6f989e89185cd63dc22e566"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "network-fast-flux-domain", "hashes": ["c654a3b65a1618c56ec031abba4351ce8a2e4ad588e97055f300ed8315b30005"], "mitre_attack_tags": []}, {"bi": "network-snort-protocol", "hashes": ["c654a3b65a1618c56ec031abba4351ce8a2e4ad588e97055f300ed8315b30005"], "mitre_attack_tags": []}, {"bi": "network-only-safe-domains-contacted", "hashes": ["c654a3b65a1618c56ec031abba4351ce8a2e4ad588e97055f300ed8315b30005"], "mitre_attack_tags": []}], "category": "Packed", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": true, "Threat Grid": true, "Umbrella": false, "WSA": false}, "description": "njRAT, also known as Bladabindi, is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes and remotely turn on the victim's webcam and microphone. njRAT was developed by the Sparclyheason group. Some of the largest attacks using this malware date back to 2014.", "hashes": ["0db9ac0a62287da4d0b80263a45ddabc79dd3f54d6f989e89185cd63dc22e566", "1032f1415153dedcd1209bdb2a83049c7af94b3c5dfaa8444a711668b44a64e7", "219067b11bde409cbfe74925bba7a4edeb737bb3e7335c944b1ddd285a8121bc", "377ee96a9cad458044adf93f4489e073498ba035225f659ceb8f454579bcf00a", "53866f76ec02d7b28ebe834130523393a4228ff644cb9ff4ba96c4b5f6eb7d35", "7996eb113ec08dce2dae366b5906bdc47e308e1bd3c8021c0e5e075044973d3a", "9174438c87aedbe8ace4830cf495e79ac8017fac6a053be6c4a1e425c7127879", "a9c4abecd7507afbf0158e074e1cb86ce4d8fe044dda116c8c8b61ef0be17b2d", "b824602e58c113b6fa3bee703b305ce7afdca6f623dfd45433f1bf91b7161f88", "be3de999cb21edb7cc05c0c8cd9c351fe43baee6332b3cfa8e4c94bcc14f2aec", "c654a3b65a1618c56ec031abba4351ce8a2e4ad588e97055f300ed8315b30005", "d397d4fdf0b7d492cf6ef35cbff4f597103ae38541baa9d42ab0a70e46ada8ac", "dbd197e117b5bab38c804eaba8b01b6618134418dffcfd63307e81dd67297b85", "f27c56ad0fc37b98fc3eb8dd614d8b6dbaa7a85a70c4c12ae581b9b43b5e272a", "f76ef7de1759f6716082b5a5dec905382c9995d2d8f3f77039488df2bcc195f0"], "iocs": {"domain": [{"hashes": ["9174438c87aedbe8ace4830cf495e79ac8017fac6a053be6c4a1e425c7127879"], "host": "ctldl[.]windowsupdate[.]com"}, {"hashes": ["9174438c87aedbe8ace4830cf495e79ac8017fac6a053be6c4a1e425c7127879"], "host": "a767[.]dscg3[.]akamai[.]net"}, {"hashes": ["f27c56ad0fc37b98fc3eb8dd614d8b6dbaa7a85a70c4c12ae581b9b43b5e272a"], "host": "sistem1[.]gotdns[.]ch"}, {"hashes": ["be3de999cb21edb7cc05c0c8cd9c351fe43baee6332b3cfa8e4c94bcc14f2aec"], "host": "balakis[.]ddns[.]net"}, {"hashes": ["d397d4fdf0b7d492cf6ef35cbff4f597103ae38541baa9d42ab0a70e46ada8ac"], "host": "f00[.]ddns[.]net"}, {"hashes": ["c654a3b65a1618c56ec031abba4351ce8a2e4ad588e97055f300ed8315b30005"], "host": "hikonorz[.]no-ip[.]org"}, {"hashes": ["7996eb113ec08dce2dae366b5906bdc47e308e1bd3c8021c0e5e075044973d3a"], "host": "vida01[.]ddns[.]net"}, {"hashes": ["b824602e58c113b6fa3bee703b305ce7afdca6f623dfd45433f1bf91b7161f88"], "host": "litchh[.]ddns[.]net"}, {"hashes": ["377ee96a9cad458044adf93f4489e073498ba035225f659ceb8f454579bcf00a"], "host": "spacespy[.]zapto[.]org"}, {"hashes": ["219067b11bde409cbfe74925bba7a4edeb737bb3e7335c944b1ddd285a8121bc"], "host": "trojanoficial1936[.]ddns[.]net"}], "file": [{"hashes": ["0db9ac0a62287da4d0b80263a45ddabc79dd3f54d6f989e89185cd63dc22e566", "1032f1415153dedcd1209bdb2a83049c7af94b3c5dfaa8444a711668b44a64e7", "219067b11bde409cbfe74925bba7a4edeb737bb3e7335c944b1ddd285a8121bc", "377ee96a9cad458044adf93f4489e073498ba035225f659ceb8f454579bcf00a", "53866f76ec02d7b28ebe834130523393a4228ff644cb9ff4ba96c4b5f6eb7d35", "7996eb113ec08dce2dae366b5906bdc47e308e1bd3c8021c0e5e075044973d3a", "9174438c87aedbe8ace4830cf495e79ac8017fac6a053be6c4a1e425c7127879", "a9c4abecd7507afbf0158e074e1cb86ce4d8fe044dda116c8c8b61ef0be17b2d", "b824602e58c113b6fa3bee703b305ce7afdca6f623dfd45433f1bf91b7161f88", "be3de999cb21edb7cc05c0c8cd9c351fe43baee6332b3cfa8e4c94bcc14f2aec", "c654a3b65a1618c56ec031abba4351ce8a2e4ad588e97055f300ed8315b30005", "d397d4fdf0b7d492cf6ef35cbff4f597103ae38541baa9d42ab0a70e46ada8ac", "dbd197e117b5bab38c804eaba8b01b6618134418dffcfd63307e81dd67297b85", "f27c56ad0fc37b98fc3eb8dd614d8b6dbaa7a85a70c4c12ae581b9b43b5e272a", "f76ef7de1759f6716082b5a5dec905382c9995d2d8f3f77039488df2bcc195f0"], "path": "%LOCALAPPDATA%\\Microsoft\\CLR_v4.0_32\\UsageLogs\\<exe name>.log"}, {"hashes": ["53866f76ec02d7b28ebe834130523393a4228ff644cb9ff4ba96c4b5f6eb7d35", "7996eb113ec08dce2dae366b5906bdc47e308e1bd3c8021c0e5e075044973d3a", "a9c4abecd7507afbf0158e074e1cb86ce4d8fe044dda116c8c8b61ef0be17b2d", "be3de999cb21edb7cc05c0c8cd9c351fe43baee6332b3cfa8e4c94bcc14f2aec"], "path": "\\ba4c12bee3027d94da5c81db2d196bfd.exe"}, {"hashes": ["53866f76ec02d7b28ebe834130523393a4228ff644cb9ff4ba96c4b5f6eb7d35", "7996eb113ec08dce2dae366b5906bdc47e308e1bd3c8021c0e5e075044973d3a", "a9c4abecd7507afbf0158e074e1cb86ce4d8fe044dda116c8c8b61ef0be17b2d", "be3de999cb21edb7cc05c0c8cd9c351fe43baee6332b3cfa8e4c94bcc14f2aec"], "path": "%TEMP%\\svchost.exe"}, {"hashes": ["53866f76ec02d7b28ebe834130523393a4228ff644cb9ff4ba96c4b5f6eb7d35", "7996eb113ec08dce2dae366b5906bdc47e308e1bd3c8021c0e5e075044973d3a", "a9c4abecd7507afbf0158e074e1cb86ce4d8fe044dda116c8c8b61ef0be17b2d", "be3de999cb21edb7cc05c0c8cd9c351fe43baee6332b3cfa8e4c94bcc14f2aec"], "path": "%TEMP%\\svchost.exe.tmp"}, {"hashes": ["53866f76ec02d7b28ebe834130523393a4228ff644cb9ff4ba96c4b5f6eb7d35", "7996eb113ec08dce2dae366b5906bdc47e308e1bd3c8021c0e5e075044973d3a", "a9c4abecd7507afbf0158e074e1cb86ce4d8fe044dda116c8c8b61ef0be17b2d", "be3de999cb21edb7cc05c0c8cd9c351fe43baee6332b3cfa8e4c94bcc14f2aec"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\ba4c12bee3027d94da5c81db2d196bfd.exe"}, {"hashes": ["53866f76ec02d7b28ebe834130523393a4228ff644cb9ff4ba96c4b5f6eb7d35", "7996eb113ec08dce2dae366b5906bdc47e308e1bd3c8021c0e5e075044973d3a", "a9c4abecd7507afbf0158e074e1cb86ce4d8fe044dda116c8c8b61ef0be17b2d", "be3de999cb21edb7cc05c0c8cd9c351fe43baee6332b3cfa8e4c94bcc14f2aec"], "path": "E:\\ba4c12bee3027d94da5c81db2d196bfd.exe"}, {"hashes": ["c654a3b65a1618c56ec031abba4351ce8a2e4ad588e97055f300ed8315b30005", "f27c56ad0fc37b98fc3eb8dd614d8b6dbaa7a85a70c4c12ae581b9b43b5e272a", "f76ef7de1759f6716082b5a5dec905382c9995d2d8f3f77039488df2bcc195f0"], "path": "%TEMP%\\ Explorer.exe"}, {"hashes": ["c654a3b65a1618c56ec031abba4351ce8a2e4ad588e97055f300ed8315b30005", "f27c56ad0fc37b98fc3eb8dd614d8b6dbaa7a85a70c4c12ae581b9b43b5e272a", "f76ef7de1759f6716082b5a5dec905382c9995d2d8f3f77039488df2bcc195f0"], "path": "%TEMP%\\ Explorer.exe.tmp"}, {"hashes": ["f27c56ad0fc37b98fc3eb8dd614d8b6dbaa7a85a70c4c12ae581b9b43b5e272a", "f76ef7de1759f6716082b5a5dec905382c9995d2d8f3f77039488df2bcc195f0"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\772d3e1cf411932582ba4607caf9d2f7.exe"}, {"hashes": ["219067b11bde409cbfe74925bba7a4edeb737bb3e7335c944b1ddd285a8121bc"], "path": "%TEMP%\\server.exe"}, {"hashes": ["b824602e58c113b6fa3bee703b305ce7afdca6f623dfd45433f1bf91b7161f88"], "path": "%TEMP%\\svhost.exe"}, {"hashes": ["9174438c87aedbe8ace4830cf495e79ac8017fac6a053be6c4a1e425c7127879"], "path": "%TEMP%\\csrss.exe"}, {"hashes": ["219067b11bde409cbfe74925bba7a4edeb737bb3e7335c944b1ddd285a8121bc"], "path": "%TEMP%\\server.exe.tmp"}, {"hashes": ["219067b11bde409cbfe74925bba7a4edeb737bb3e7335c944b1ddd285a8121bc"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\babe8364d0b44de2ea6e4bcccd70281e.exe"}, {"hashes": ["f27c56ad0fc37b98fc3eb8dd614d8b6dbaa7a85a70c4c12ae581b9b43b5e272a"], "path": "E:\\772d3e1cf411932582ba4607caf9d2f7.exe"}, {"hashes": ["f27c56ad0fc37b98fc3eb8dd614d8b6dbaa7a85a70c4c12ae581b9b43b5e272a"], "path": "\\772d3e1cf411932582ba4607caf9d2f7.exe"}, {"hashes": ["9174438c87aedbe8ace4830cf495e79ac8017fac6a053be6c4a1e425c7127879"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\e101a39ab5de59589562aa0ff3295ba5.exe"}, {"hashes": ["0db9ac0a62287da4d0b80263a45ddabc79dd3f54d6f989e89185cd63dc22e566"], "path": "E:\\4cad00898e83b5ca86cd4000a82f9e90.exe"}, {"hashes": ["0db9ac0a62287da4d0b80263a45ddabc79dd3f54d6f989e89185cd63dc22e566"], "path": "%APPDATA%\\ Explorer.exe.tmp"}, {"hashes": ["0db9ac0a62287da4d0b80263a45ddabc79dd3f54d6f989e89185cd63dc22e566"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\4cad00898e83b5ca86cd4000a82f9e90.exe"}, {"hashes": ["0db9ac0a62287da4d0b80263a45ddabc79dd3f54d6f989e89185cd63dc22e566"], "path": "\\4cad00898e83b5ca86cd4000a82f9e90.exe"}, {"hashes": ["0db9ac0a62287da4d0b80263a45ddabc79dd3f54d6f989e89185cd63dc22e566"], "path": "%APPDATA%\\ Explorer.exe"}, {"hashes": ["dbd197e117b5bab38c804eaba8b01b6618134418dffcfd63307e81dd67297b85"], "path": "E:\\87434db012ce80357c71a896aba97c20.exe"}, {"hashes": ["dbd197e117b5bab38c804eaba8b01b6618134418dffcfd63307e81dd67297b85"], "path": "%TEMP%\\BOT-YT.exe.tmp"}, {"hashes": ["dbd197e117b5bab38c804eaba8b01b6618134418dffcfd63307e81dd67297b85"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\87434db012ce80357c71a896aba97c20.exe"}, {"hashes": ["dbd197e117b5bab38c804eaba8b01b6618134418dffcfd63307e81dd67297b85"], "path": "\\87434db012ce80357c71a896aba97c20.exe"}, {"hashes": ["dbd197e117b5bab38c804eaba8b01b6618134418dffcfd63307e81dd67297b85"], "path": "%TEMP%\\BOT-YT.exe"}, {"hashes": ["1032f1415153dedcd1209bdb2a83049c7af94b3c5dfaa8444a711668b44a64e7"], "path": "%TEMP%\\gif"}, {"hashes": ["d397d4fdf0b7d492cf6ef35cbff4f597103ae38541baa9d42ab0a70e46ada8ac"], "path": "E:\\35d975fc8d3e0345929d3e95a8d6f4c2.exe"}, {"hashes": ["d397d4fdf0b7d492cf6ef35cbff4f597103ae38541baa9d42ab0a70e46ada8ac"], "path": "%TEMP%\\ extraaaaaa.exe.tmp"}, {"hashes": ["d397d4fdf0b7d492cf6ef35cbff4f597103ae38541baa9d42ab0a70e46ada8ac"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\35d975fc8d3e0345929d3e95a8d6f4c2.exe"}, {"hashes": ["d397d4fdf0b7d492cf6ef35cbff4f597103ae38541baa9d42ab0a70e46ada8ac"], "path": "\\35d975fc8d3e0345929d3e95a8d6f4c2.exe"}, {"hashes": ["c654a3b65a1618c56ec031abba4351ce8a2e4ad588e97055f300ed8315b30005"], "path": "E:\\5e011aaca4f51544d66d9a8ebc598e98.exe"}, {"hashes": ["c654a3b65a1618c56ec031abba4351ce8a2e4ad588e97055f300ed8315b30005"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\5e011aaca4f51544d66d9a8ebc598e98.exe"}, {"hashes": ["c654a3b65a1618c56ec031abba4351ce8a2e4ad588e97055f300ed8315b30005"], "path": "\\5e011aaca4f51544d66d9a8ebc598e98.exe"}, {"hashes": ["d397d4fdf0b7d492cf6ef35cbff4f597103ae38541baa9d42ab0a70e46ada8ac"], "path": "%TEMP%\\ extraaaaaa.exe"}, {"hashes": ["b824602e58c113b6fa3bee703b305ce7afdca6f623dfd45433f1bf91b7161f88"], "path": "E:\\35d1703cd61867afaf567473dc316f87.exe"}, {"hashes": ["b824602e58c113b6fa3bee703b305ce7afdca6f623dfd45433f1bf91b7161f88"], "path": "%TEMP%\\svhost.exe.tmp"}, {"hashes": ["b824602e58c113b6fa3bee703b305ce7afdca6f623dfd45433f1bf91b7161f88"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\35d1703cd61867afaf567473dc316f87.exe"}, {"hashes": ["b824602e58c113b6fa3bee703b305ce7afdca6f623dfd45433f1bf91b7161f88"], "path": "\\35d1703cd61867afaf567473dc316f87.exe"}, {"hashes": ["377ee96a9cad458044adf93f4489e073498ba035225f659ceb8f454579bcf00a"], "path": "E:\\39b2bd9f5e47c243f7921f25608a9dc9.exe"}, {"hashes": ["377ee96a9cad458044adf93f4489e073498ba035225f659ceb8f454579bcf00a"], "path": "%TEMP%\\StarterPvP.exe.tmp"}, {"hashes": ["377ee96a9cad458044adf93f4489e073498ba035225f659ceb8f454579bcf00a"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\39b2bd9f5e47c243f7921f25608a9dc9.exe"}, {"hashes": ["377ee96a9cad458044adf93f4489e073498ba035225f659ceb8f454579bcf00a"], "path": "\\39b2bd9f5e47c243f7921f25608a9dc9.exe"}, {"hashes": ["377ee96a9cad458044adf93f4489e073498ba035225f659ceb8f454579bcf00a"], "path": "%TEMP%\\StarterPvP.exe"}, {"hashes": ["219067b11bde409cbfe74925bba7a4edeb737bb3e7335c944b1ddd285a8121bc"], "path": "E:\\babe8364d0b44de2ea6e4bcccd70281e.exe"}, {"hashes": ["219067b11bde409cbfe74925bba7a4edeb737bb3e7335c944b1ddd285a8121bc"], "path": "\\babe8364d0b44de2ea6e4bcccd70281e.exe"}], "ip": [{"hashes": ["9174438c87aedbe8ace4830cf495e79ac8017fac6a053be6c4a1e425c7127879"], "ip": "23[.]3[.]13[.]154"}, {"hashes": ["9174438c87aedbe8ace4830cf495e79ac8017fac6a053be6c4a1e425c7127879"], "ip": "23[.]3[.]13[.]88"}, {"hashes": ["c654a3b65a1618c56ec031abba4351ce8a2e4ad588e97055f300ed8315b30005"], "ip": "191[.]251[.]55[.]8"}], "mutex": [{"hashes": ["0db9ac0a62287da4d0b80263a45ddabc79dd3f54d6f989e89185cd63dc22e566", "219067b11bde409cbfe74925bba7a4edeb737bb3e7335c944b1ddd285a8121bc", "377ee96a9cad458044adf93f4489e073498ba035225f659ceb8f454579bcf00a", "53866f76ec02d7b28ebe834130523393a4228ff644cb9ff4ba96c4b5f6eb7d35", "7996eb113ec08dce2dae366b5906bdc47e308e1bd3c8021c0e5e075044973d3a", "9174438c87aedbe8ace4830cf495e79ac8017fac6a053be6c4a1e425c7127879", "a9c4abecd7507afbf0158e074e1cb86ce4d8fe044dda116c8c8b61ef0be17b2d", "b824602e58c113b6fa3bee703b305ce7afdca6f623dfd45433f1bf91b7161f88", "be3de999cb21edb7cc05c0c8cd9c351fe43baee6332b3cfa8e4c94bcc14f2aec", "c654a3b65a1618c56ec031abba4351ce8a2e4ad588e97055f300ed8315b30005", "d397d4fdf0b7d492cf6ef35cbff4f597103ae38541baa9d42ab0a70e46ada8ac", "dbd197e117b5bab38c804eaba8b01b6618134418dffcfd63307e81dd67297b85", "f27c56ad0fc37b98fc3eb8dd614d8b6dbaa7a85a70c4c12ae581b9b43b5e272a", "f76ef7de1759f6716082b5a5dec905382c9995d2d8f3f77039488df2bcc195f0"], "name": "<32 random hex characters>"}, {"hashes": ["9174438c87aedbe8ace4830cf495e79ac8017fac6a053be6c4a1e425c7127879"], "name": "Global\\c0b9ada1-72a0-11eb-b5f8-00501e3ae7b6"}], "registry": [{"hashes": ["0db9ac0a62287da4d0b80263a45ddabc79dd3f54d6f989e89185cd63dc22e566", "1032f1415153dedcd1209bdb2a83049c7af94b3c5dfaa8444a711668b44a64e7", "219067b11bde409cbfe74925bba7a4edeb737bb3e7335c944b1ddd285a8121bc", "377ee96a9cad458044adf93f4489e073498ba035225f659ceb8f454579bcf00a", "53866f76ec02d7b28ebe834130523393a4228ff644cb9ff4ba96c4b5f6eb7d35", "7996eb113ec08dce2dae366b5906bdc47e308e1bd3c8021c0e5e075044973d3a", "9174438c87aedbe8ace4830cf495e79ac8017fac6a053be6c4a1e425c7127879", "a9c4abecd7507afbf0158e074e1cb86ce4d8fe044dda116c8c8b61ef0be17b2d", "b824602e58c113b6fa3bee703b305ce7afdca6f623dfd45433f1bf91b7161f88", "be3de999cb21edb7cc05c0c8cd9c351fe43baee6332b3cfa8e4c94bcc14f2aec", "c654a3b65a1618c56ec031abba4351ce8a2e4ad588e97055f300ed8315b30005", "d397d4fdf0b7d492cf6ef35cbff4f597103ae38541baa9d42ab0a70e46ada8ac", "dbd197e117b5bab38c804eaba8b01b6618134418dffcfd63307e81dd67297b85", "f27c56ad0fc37b98fc3eb8dd614d8b6dbaa7a85a70c4c12ae581b9b43b5e272a", "f76ef7de1759f6716082b5a5dec905382c9995d2d8f3f77039488df2bcc195f0"], "key": "<HKCU>\\ENVIRONMENT", "value_name": "SEE_MASK_NOZONECHECKS"}, {"hashes": ["0db9ac0a62287da4d0b80263a45ddabc79dd3f54d6f989e89185cd63dc22e566", "1032f1415153dedcd1209bdb2a83049c7af94b3c5dfaa8444a711668b44a64e7", "219067b11bde409cbfe74925bba7a4edeb737bb3e7335c944b1ddd285a8121bc", "377ee96a9cad458044adf93f4489e073498ba035225f659ceb8f454579bcf00a", "53866f76ec02d7b28ebe834130523393a4228ff644cb9ff4ba96c4b5f6eb7d35", "7996eb113ec08dce2dae366b5906bdc47e308e1bd3c8021c0e5e075044973d3a", "9174438c87aedbe8ace4830cf495e79ac8017fac6a053be6c4a1e425c7127879", "a9c4abecd7507afbf0158e074e1cb86ce4d8fe044dda116c8c8b61ef0be17b2d", "b824602e58c113b6fa3bee703b305ce7afdca6f623dfd45433f1bf91b7161f88", "be3de999cb21edb7cc05c0c8cd9c351fe43baee6332b3cfa8e4c94bcc14f2aec", "c654a3b65a1618c56ec031abba4351ce8a2e4ad588e97055f300ed8315b30005", "d397d4fdf0b7d492cf6ef35cbff4f597103ae38541baa9d42ab0a70e46ada8ac", "dbd197e117b5bab38c804eaba8b01b6618134418dffcfd63307e81dd67297b85", "f27c56ad0fc37b98fc3eb8dd614d8b6dbaa7a85a70c4c12ae581b9b43b5e272a", "f76ef7de1759f6716082b5a5dec905382c9995d2d8f3f77039488df2bcc195f0"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINLOGON", "value_name": "ParseAutoexec"}, {"hashes": ["53866f76ec02d7b28ebe834130523393a4228ff644cb9ff4ba96c4b5f6eb7d35", "7996eb113ec08dce2dae366b5906bdc47e308e1bd3c8021c0e5e075044973d3a", "a9c4abecd7507afbf0158e074e1cb86ce4d8fe044dda116c8c8b61ef0be17b2d", "be3de999cb21edb7cc05c0c8cd9c351fe43baee6332b3cfa8e4c94bcc14f2aec"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "ba4c12bee3027d94da5c81db2d196bfd"}, {"hashes": ["53866f76ec02d7b28ebe834130523393a4228ff644cb9ff4ba96c4b5f6eb7d35", "7996eb113ec08dce2dae366b5906bdc47e308e1bd3c8021c0e5e075044973d3a", "a9c4abecd7507afbf0158e074e1cb86ce4d8fe044dda116c8c8b61ef0be17b2d", "be3de999cb21edb7cc05c0c8cd9c351fe43baee6332b3cfa8e4c94bcc14f2aec"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "ba4c12bee3027d94da5c81db2d196bfd"}, {"hashes": ["53866f76ec02d7b28ebe834130523393a4228ff644cb9ff4ba96c4b5f6eb7d35", "7996eb113ec08dce2dae366b5906bdc47e308e1bd3c8021c0e5e075044973d3a", "a9c4abecd7507afbf0158e074e1cb86ce4d8fe044dda116c8c8b61ef0be17b2d", "be3de999cb21edb7cc05c0c8cd9c351fe43baee6332b3cfa8e4c94bcc14f2aec"], "key": "<HKCU>\\SOFTWARE\\BA4C12BEE3027D94DA5C81DB2D196BFD", "value_name": "US"}, {"hashes": ["53866f76ec02d7b28ebe834130523393a4228ff644cb9ff4ba96c4b5f6eb7d35", "7996eb113ec08dce2dae366b5906bdc47e308e1bd3c8021c0e5e075044973d3a", "a9c4abecd7507afbf0158e074e1cb86ce4d8fe044dda116c8c8b61ef0be17b2d", "be3de999cb21edb7cc05c0c8cd9c351fe43baee6332b3cfa8e4c94bcc14f2aec"], "key": "<HKCU>\\SOFTWARE\\BA4C12BEE3027D94DA5C81DB2D196BFD", "value_name": null}, {"hashes": ["f27c56ad0fc37b98fc3eb8dd614d8b6dbaa7a85a70c4c12ae581b9b43b5e272a", "f76ef7de1759f6716082b5a5dec905382c9995d2d8f3f77039488df2bcc195f0"], "key": "<HKCU>\\SOFTWARE\\772D3E1CF411932582BA4607CAF9D2F7", "value_name": "US"}, {"hashes": ["f27c56ad0fc37b98fc3eb8dd614d8b6dbaa7a85a70c4c12ae581b9b43b5e272a", "f76ef7de1759f6716082b5a5dec905382c9995d2d8f3f77039488df2bcc195f0"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "772d3e1cf411932582ba4607caf9d2f7"}, {"hashes": ["f27c56ad0fc37b98fc3eb8dd614d8b6dbaa7a85a70c4c12ae581b9b43b5e272a", "f76ef7de1759f6716082b5a5dec905382c9995d2d8f3f77039488df2bcc195f0"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "772d3e1cf411932582ba4607caf9d2f7"}, {"hashes": ["f27c56ad0fc37b98fc3eb8dd614d8b6dbaa7a85a70c4c12ae581b9b43b5e272a", "f76ef7de1759f6716082b5a5dec905382c9995d2d8f3f77039488df2bcc195f0"], "key": "<HKCU>\\SOFTWARE\\772D3E1CF411932582BA4607CAF9D2F7", "value_name": null}, {"hashes": ["9174438c87aedbe8ace4830cf495e79ac8017fac6a053be6c4a1e425c7127879"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "e101a39ab5de59589562aa0ff3295ba5"}, {"hashes": ["9174438c87aedbe8ace4830cf495e79ac8017fac6a053be6c4a1e425c7127879"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "e101a39ab5de59589562aa0ff3295ba5"}, {"hashes": ["219067b11bde409cbfe74925bba7a4edeb737bb3e7335c944b1ddd285a8121bc"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "babe8364d0b44de2ea6e4bcccd70281e"}, {"hashes": ["219067b11bde409cbfe74925bba7a4edeb737bb3e7335c944b1ddd285a8121bc"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "babe8364d0b44de2ea6e4bcccd70281e"}, {"hashes": ["1032f1415153dedcd1209bdb2a83049c7af94b3c5dfaa8444a711668b44a64e7"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\EXPLORER\\FILEEXTS\\OPENWITHLIST", "value_name": null}, {"hashes": ["0db9ac0a62287da4d0b80263a45ddabc79dd3f54d6f989e89185cd63dc22e566"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "4cad00898e83b5ca86cd4000a82f9e90"}, {"hashes": ["0db9ac0a62287da4d0b80263a45ddabc79dd3f54d6f989e89185cd63dc22e566"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "4cad00898e83b5ca86cd4000a82f9e90"}, {"hashes": ["0db9ac0a62287da4d0b80263a45ddabc79dd3f54d6f989e89185cd63dc22e566"], "key": "<HKCU>\\SOFTWARE\\4CAD00898E83B5CA86CD4000A82F9E90", "value_name": null}, {"hashes": ["0db9ac0a62287da4d0b80263a45ddabc79dd3f54d6f989e89185cd63dc22e566"], "key": "<HKCU>\\SOFTWARE\\4CAD00898E83B5CA86CD4000A82F9E90", "value_name": "US"}, {"hashes": ["dbd197e117b5bab38c804eaba8b01b6618134418dffcfd63307e81dd67297b85"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "87434db012ce80357c71a896aba97c20"}, {"hashes": ["dbd197e117b5bab38c804eaba8b01b6618134418dffcfd63307e81dd67297b85"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "87434db012ce80357c71a896aba97c20"}, {"hashes": ["dbd197e117b5bab38c804eaba8b01b6618134418dffcfd63307e81dd67297b85"], "key": "<HKCU>\\SOFTWARE\\87434DB012CE80357C71A896ABA97C20", "value_name": null}, {"hashes": ["dbd197e117b5bab38c804eaba8b01b6618134418dffcfd63307e81dd67297b85"], "key": "<HKCU>\\SOFTWARE\\87434DB012CE80357C71A896ABA97C20", "value_name": "US"}, {"hashes": ["1032f1415153dedcd1209bdb2a83049c7af94b3c5dfaa8444a711668b44a64e7"], "key": "<HKCU>\\SOFTWARE\\2969DBEA9B653B908B01B2012E4BC676", "value_name": null}, {"hashes": ["1032f1415153dedcd1209bdb2a83049c7af94b3c5dfaa8444a711668b44a64e7"], "key": "<HKCU>\\SOFTWARE\\2969DBEA9B653B908B01B2012E4BC676", "value_name": "US"}, {"hashes": ["d397d4fdf0b7d492cf6ef35cbff4f597103ae38541baa9d42ab0a70e46ada8ac"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "35d975fc8d3e0345929d3e95a8d6f4c2"}, {"hashes": ["d397d4fdf0b7d492cf6ef35cbff4f597103ae38541baa9d42ab0a70e46ada8ac"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "35d975fc8d3e0345929d3e95a8d6f4c2"}, {"hashes": ["c654a3b65a1618c56ec031abba4351ce8a2e4ad588e97055f300ed8315b30005"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "5e011aaca4f51544d66d9a8ebc598e98"}, {"hashes": ["d397d4fdf0b7d492cf6ef35cbff4f597103ae38541baa9d42ab0a70e46ada8ac"], "key": "<HKCU>\\SOFTWARE\\35D975FC8D3E0345929D3E95A8D6F4C2", "value_name": null}, {"hashes": ["c654a3b65a1618c56ec031abba4351ce8a2e4ad588e97055f300ed8315b30005"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "5e011aaca4f51544d66d9a8ebc598e98"}, {"hashes": ["d397d4fdf0b7d492cf6ef35cbff4f597103ae38541baa9d42ab0a70e46ada8ac"], "key": "<HKCU>\\SOFTWARE\\35D975FC8D3E0345929D3E95A8D6F4C2", "value_name": "US"}, {"hashes": ["c654a3b65a1618c56ec031abba4351ce8a2e4ad588e97055f300ed8315b30005"], "key": "<HKCU>\\SOFTWARE\\5E011AACA4F51544D66D9A8EBC598E98", "value_name": null}, {"hashes": ["c654a3b65a1618c56ec031abba4351ce8a2e4ad588e97055f300ed8315b30005"], "key": "<HKCU>\\SOFTWARE\\5E011AACA4F51544D66D9A8EBC598E98", "value_name": "US"}, {"hashes": ["9174438c87aedbe8ace4830cf495e79ac8017fac6a053be6c4a1e425c7127879"], "key": "<HKCU>\\SOFTWARE\\E101A39AB5DE59589562AA0FF3295BA5", "value_name": null}, {"hashes": ["9174438c87aedbe8ace4830cf495e79ac8017fac6a053be6c4a1e425c7127879"], "key": "<HKCU>\\SOFTWARE\\E101A39AB5DE59589562AA0FF3295BA5", "value_name": "US"}, {"hashes": ["b824602e58c113b6fa3bee703b305ce7afdca6f623dfd45433f1bf91b7161f88"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "35d1703cd61867afaf567473dc316f87"}, {"hashes": ["b824602e58c113b6fa3bee703b305ce7afdca6f623dfd45433f1bf91b7161f88"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "35d1703cd61867afaf567473dc316f87"}, {"hashes": ["b824602e58c113b6fa3bee703b305ce7afdca6f623dfd45433f1bf91b7161f88"], "key": "<HKCU>\\SOFTWARE\\35D1703CD61867AFAF567473DC316F87", "value_name": null}, {"hashes": ["b824602e58c113b6fa3bee703b305ce7afdca6f623dfd45433f1bf91b7161f88"], "key": "<HKCU>\\SOFTWARE\\35D1703CD61867AFAF567473DC316F87", "value_name": "US"}, {"hashes": ["377ee96a9cad458044adf93f4489e073498ba035225f659ceb8f454579bcf00a"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "39b2bd9f5e47c243f7921f25608a9dc9"}, {"hashes": ["377ee96a9cad458044adf93f4489e073498ba035225f659ceb8f454579bcf00a"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "39b2bd9f5e47c243f7921f25608a9dc9"}, {"hashes": ["377ee96a9cad458044adf93f4489e073498ba035225f659ceb8f454579bcf00a"], "key": "<HKCU>\\SOFTWARE\\39B2BD9F5E47C243F7921F25608A9DC9", "value_name": null}, {"hashes": ["377ee96a9cad458044adf93f4489e073498ba035225f659ceb8f454579bcf00a"], "key": "<HKCU>\\SOFTWARE\\39B2BD9F5E47C243F7921F25608A9DC9", "value_name": "US"}, {"hashes": ["219067b11bde409cbfe74925bba7a4edeb737bb3e7335c944b1ddd285a8121bc"], "key": "<HKCU>\\SOFTWARE\\BABE8364D0B44DE2EA6E4BCCCD70281E", "value_name": null}, {"hashes": ["219067b11bde409cbfe74925bba7a4edeb737bb3e7335c944b1ddd285a8121bc"], "key": "<HKCU>\\SOFTWARE\\BABE8364D0B44DE2EA6E4BCCCD70281E", "value_name": "US"}]}, "reports_count": 15}, "Win.Ransomware.Cerber-9833115-0": {"bis": [{"bi": "memory-execute-readwrite", "hashes": ["323e92297b154f1877a7f3980d18de98bc8e1fdfcd92339c3f706d0284abb522", "284dae8aa042a069dd0f8b3f2b802566e528bb28e7483c91e7fe414619807668", "a0b463ad143af62657991abed04c6e1e652aacd83597b1ffd1ccd601a761ef4a", "1c0afc71808c9204a208791841e9f2fedf7a15f2d262d87cf270729d351e6a66", "29e31b81930067f1ee57a9331217a21264c4717e15f272ae60de56451ae7f6b3", "53003b37fae55889b7a594122def69c18e0668999939586cbad9e1850ab684de", "02b265f4d4743586c8d060f43dac872f617bea4211979e3c4de291a1fd2dbeab", "ceec5ccdf87cd9d1a986798a26fdf602331ab552c0d12279e60d1984e503d2ee", "86530bf646068f707f799a8a5422e5e5468d18df117cf02cd9e8b5f69a22d163", "e126e3d595ed5fb389aad77a378cbbff627875efccde879ceb2f69466a6338de", "8af81aeaf846f4a71085ed1abf063b8e8b4ff87b10805cdb703850954fd58cd4"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["323e92297b154f1877a7f3980d18de98bc8e1fdfcd92339c3f706d0284abb522", "284dae8aa042a069dd0f8b3f2b802566e528bb28e7483c91e7fe414619807668", "a0b463ad143af62657991abed04c6e1e652aacd83597b1ffd1ccd601a761ef4a", "1c0afc71808c9204a208791841e9f2fedf7a15f2d262d87cf270729d351e6a66", "29e31b81930067f1ee57a9331217a21264c4717e15f272ae60de56451ae7f6b3", "53003b37fae55889b7a594122def69c18e0668999939586cbad9e1850ab684de", "02b265f4d4743586c8d060f43dac872f617bea4211979e3c4de291a1fd2dbeab", "ceec5ccdf87cd9d1a986798a26fdf602331ab552c0d12279e60d1984e503d2ee", "86530bf646068f707f799a8a5422e5e5468d18df117cf02cd9e8b5f69a22d163", "e126e3d595ed5fb389aad77a378cbbff627875efccde879ceb2f69466a6338de", "8af81aeaf846f4a71085ed1abf063b8e8b4ff87b10805cdb703850954fd58cd4"], "mitre_attack_tags": []}, {"bi": "pe-invalid-checksum", "hashes": ["323e92297b154f1877a7f3980d18de98bc8e1fdfcd92339c3f706d0284abb522", "284dae8aa042a069dd0f8b3f2b802566e528bb28e7483c91e7fe414619807668", "a0b463ad143af62657991abed04c6e1e652aacd83597b1ffd1ccd601a761ef4a", "1c0afc71808c9204a208791841e9f2fedf7a15f2d262d87cf270729d351e6a66", "29e31b81930067f1ee57a9331217a21264c4717e15f272ae60de56451ae7f6b3", "53003b37fae55889b7a594122def69c18e0668999939586cbad9e1850ab684de", "02b265f4d4743586c8d060f43dac872f617bea4211979e3c4de291a1fd2dbeab", "ceec5ccdf87cd9d1a986798a26fdf602331ab552c0d12279e60d1984e503d2ee", "86530bf646068f707f799a8a5422e5e5468d18df117cf02cd9e8b5f69a22d163", "e126e3d595ed5fb389aad77a378cbbff627875efccde879ceb2f69466a6338de", "8af81aeaf846f4a71085ed1abf063b8e8b4ff87b10805cdb703850954fd58cd4"], "mitre_attack_tags": []}, {"bi": "cta-static-analyzer-malicious", "hashes": ["323e92297b154f1877a7f3980d18de98bc8e1fdfcd92339c3f706d0284abb522", "284dae8aa042a069dd0f8b3f2b802566e528bb28e7483c91e7fe414619807668", "a0b463ad143af62657991abed04c6e1e652aacd83597b1ffd1ccd601a761ef4a", "1c0afc71808c9204a208791841e9f2fedf7a15f2d262d87cf270729d351e6a66", "29e31b81930067f1ee57a9331217a21264c4717e15f272ae60de56451ae7f6b3", "53003b37fae55889b7a594122def69c18e0668999939586cbad9e1850ab684de", "02b265f4d4743586c8d060f43dac872f617bea4211979e3c4de291a1fd2dbeab", "ceec5ccdf87cd9d1a986798a26fdf602331ab552c0d12279e60d1984e503d2ee", "86530bf646068f707f799a8a5422e5e5468d18df117cf02cd9e8b5f69a22d163", "e126e3d595ed5fb389aad77a378cbbff627875efccde879ceb2f69466a6338de", "8af81aeaf846f4a71085ed1abf063b8e8b4ff87b10805cdb703850954fd58cd4"], "mitre_attack_tags": []}, {"bi": "excessive-foreign-memory-modification", "hashes": ["323e92297b154f1877a7f3980d18de98bc8e1fdfcd92339c3f706d0284abb522", "284dae8aa042a069dd0f8b3f2b802566e528bb28e7483c91e7fe414619807668", "a0b463ad143af62657991abed04c6e1e652aacd83597b1ffd1ccd601a761ef4a", "1c0afc71808c9204a208791841e9f2fedf7a15f2d262d87cf270729d351e6a66", "29e31b81930067f1ee57a9331217a21264c4717e15f272ae60de56451ae7f6b3", "53003b37fae55889b7a594122def69c18e0668999939586cbad9e1850ab684de", "02b265f4d4743586c8d060f43dac872f617bea4211979e3c4de291a1fd2dbeab", "ceec5ccdf87cd9d1a986798a26fdf602331ab552c0d12279e60d1984e503d2ee", "86530bf646068f707f799a8a5422e5e5468d18df117cf02cd9e8b5f69a22d163", "e126e3d595ed5fb389aad77a378cbbff627875efccde879ceb2f69466a6338de", "8af81aeaf846f4a71085ed1abf063b8e8b4ff87b10805cdb703850954fd58cd4"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "pe-uses-visual-basic", "hashes": ["323e92297b154f1877a7f3980d18de98bc8e1fdfcd92339c3f706d0284abb522", "284dae8aa042a069dd0f8b3f2b802566e528bb28e7483c91e7fe414619807668", "a0b463ad143af62657991abed04c6e1e652aacd83597b1ffd1ccd601a761ef4a", "1c0afc71808c9204a208791841e9f2fedf7a15f2d262d87cf270729d351e6a66", "29e31b81930067f1ee57a9331217a21264c4717e15f272ae60de56451ae7f6b3", "53003b37fae55889b7a594122def69c18e0668999939586cbad9e1850ab684de", "02b265f4d4743586c8d060f43dac872f617bea4211979e3c4de291a1fd2dbeab", "ceec5ccdf87cd9d1a986798a26fdf602331ab552c0d12279e60d1984e503d2ee", "86530bf646068f707f799a8a5422e5e5468d18df117cf02cd9e8b5f69a22d163", "e126e3d595ed5fb389aad77a378cbbff627875efccde879ceb2f69466a6338de", "8af81aeaf846f4a71085ed1abf063b8e8b4ff87b10805cdb703850954fd58cd4"], "mitre_attack_tags": []}, {"bi": "sample-launched-copy-of-self", "hashes": ["323e92297b154f1877a7f3980d18de98bc8e1fdfcd92339c3f706d0284abb522", "284dae8aa042a069dd0f8b3f2b802566e528bb28e7483c91e7fe414619807668", "a0b463ad143af62657991abed04c6e1e652aacd83597b1ffd1ccd601a761ef4a", "1c0afc71808c9204a208791841e9f2fedf7a15f2d262d87cf270729d351e6a66", "29e31b81930067f1ee57a9331217a21264c4717e15f272ae60de56451ae7f6b3", "53003b37fae55889b7a594122def69c18e0668999939586cbad9e1850ab684de", "02b265f4d4743586c8d060f43dac872f617bea4211979e3c4de291a1fd2dbeab", "ceec5ccdf87cd9d1a986798a26fdf602331ab552c0d12279e60d1984e503d2ee", "86530bf646068f707f799a8a5422e5e5468d18df117cf02cd9e8b5f69a22d163", "e126e3d595ed5fb389aad77a378cbbff627875efccde879ceb2f69466a6338de", "8af81aeaf846f4a71085ed1abf063b8e8b4ff87b10805cdb703850954fd58cd4"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "process-hollowing-detected", "hashes": ["323e92297b154f1877a7f3980d18de98bc8e1fdfcd92339c3f706d0284abb522", "284dae8aa042a069dd0f8b3f2b802566e528bb28e7483c91e7fe414619807668", "a0b463ad143af62657991abed04c6e1e652aacd83597b1ffd1ccd601a761ef4a", "1c0afc71808c9204a208791841e9f2fedf7a15f2d262d87cf270729d351e6a66", "29e31b81930067f1ee57a9331217a21264c4717e15f272ae60de56451ae7f6b3", "53003b37fae55889b7a594122def69c18e0668999939586cbad9e1850ab684de", "02b265f4d4743586c8d060f43dac872f617bea4211979e3c4de291a1fd2dbeab", "ceec5ccdf87cd9d1a986798a26fdf602331ab552c0d12279e60d1984e503d2ee", "86530bf646068f707f799a8a5422e5e5468d18df117cf02cd9e8b5f69a22d163", "e126e3d595ed5fb389aad77a378cbbff627875efccde879ceb2f69466a6338de", "8af81aeaf846f4a71085ed1abf063b8e8b4ff87b10805cdb703850954fd58cd4"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "antivirus-flagged-artifact", "hashes": ["323e92297b154f1877a7f3980d18de98bc8e1fdfcd92339c3f706d0284abb522", "284dae8aa042a069dd0f8b3f2b802566e528bb28e7483c91e7fe414619807668", "a0b463ad143af62657991abed04c6e1e652aacd83597b1ffd1ccd601a761ef4a", "1c0afc71808c9204a208791841e9f2fedf7a15f2d262d87cf270729d351e6a66", "29e31b81930067f1ee57a9331217a21264c4717e15f272ae60de56451ae7f6b3", "53003b37fae55889b7a594122def69c18e0668999939586cbad9e1850ab684de", "ceec5ccdf87cd9d1a986798a26fdf602331ab552c0d12279e60d1984e503d2ee", "86530bf646068f707f799a8a5422e5e5468d18df117cf02cd9e8b5f69a22d163", "e126e3d595ed5fb389aad77a378cbbff627875efccde879ceb2f69466a6338de", "8af81aeaf846f4a71085ed1abf063b8e8b4ff87b10805cdb703850954fd58cd4"], "mitre_attack_tags": []}, {"bi": "modified-executable", "hashes": ["323e92297b154f1877a7f3980d18de98bc8e1fdfcd92339c3f706d0284abb522", "284dae8aa042a069dd0f8b3f2b802566e528bb28e7483c91e7fe414619807668", "a0b463ad143af62657991abed04c6e1e652aacd83597b1ffd1ccd601a761ef4a", "1c0afc71808c9204a208791841e9f2fedf7a15f2d262d87cf270729d351e6a66", "29e31b81930067f1ee57a9331217a21264c4717e15f272ae60de56451ae7f6b3", "53003b37fae55889b7a594122def69c18e0668999939586cbad9e1850ab684de", "ceec5ccdf87cd9d1a986798a26fdf602331ab552c0d12279e60d1984e503d2ee", "86530bf646068f707f799a8a5422e5e5468d18df117cf02cd9e8b5f69a22d163", "e126e3d595ed5fb389aad77a378cbbff627875efccde879ceb2f69466a6338de", "8af81aeaf846f4a71085ed1abf063b8e8b4ff87b10805cdb703850954fd58cd4"], "mitre_attack_tags": []}, {"bi": "created-executable-in-user-dir", "hashes": ["323e92297b154f1877a7f3980d18de98bc8e1fdfcd92339c3f706d0284abb522", "284dae8aa042a069dd0f8b3f2b802566e528bb28e7483c91e7fe414619807668", "a0b463ad143af62657991abed04c6e1e652aacd83597b1ffd1ccd601a761ef4a", "1c0afc71808c9204a208791841e9f2fedf7a15f2d262d87cf270729d351e6a66", "29e31b81930067f1ee57a9331217a21264c4717e15f272ae60de56451ae7f6b3", "53003b37fae55889b7a594122def69c18e0668999939586cbad9e1850ab684de", "ceec5ccdf87cd9d1a986798a26fdf602331ab552c0d12279e60d1984e503d2ee", "86530bf646068f707f799a8a5422e5e5468d18df117cf02cd9e8b5f69a22d163", "e126e3d595ed5fb389aad77a378cbbff627875efccde879ceb2f69466a6338de", "8af81aeaf846f4a71085ed1abf063b8e8b4ff87b10805cdb703850954fd58cd4"], "mitre_attack_tags": []}, {"bi": "modified-file-in-user-dir", "hashes": ["323e92297b154f1877a7f3980d18de98bc8e1fdfcd92339c3f706d0284abb522", "284dae8aa042a069dd0f8b3f2b802566e528bb28e7483c91e7fe414619807668", "a0b463ad143af62657991abed04c6e1e652aacd83597b1ffd1ccd601a761ef4a", "1c0afc71808c9204a208791841e9f2fedf7a15f2d262d87cf270729d351e6a66", "29e31b81930067f1ee57a9331217a21264c4717e15f272ae60de56451ae7f6b3", "53003b37fae55889b7a594122def69c18e0668999939586cbad9e1850ab684de", "ceec5ccdf87cd9d1a986798a26fdf602331ab552c0d12279e60d1984e503d2ee", "86530bf646068f707f799a8a5422e5e5468d18df117cf02cd9e8b5f69a22d163", "e126e3d595ed5fb389aad77a378cbbff627875efccde879ceb2f69466a6338de", "8af81aeaf846f4a71085ed1abf063b8e8b4ff87b10805cdb703850954fd58cd4"], "mitre_attack_tags": []}, {"bi": "artifact-flagged-anomaly", "hashes": ["323e92297b154f1877a7f3980d18de98bc8e1fdfcd92339c3f706d0284abb522", "284dae8aa042a069dd0f8b3f2b802566e528bb28e7483c91e7fe414619807668", "a0b463ad143af62657991abed04c6e1e652aacd83597b1ffd1ccd601a761ef4a", "1c0afc71808c9204a208791841e9f2fedf7a15f2d262d87cf270729d351e6a66", "29e31b81930067f1ee57a9331217a21264c4717e15f272ae60de56451ae7f6b3", "53003b37fae55889b7a594122def69c18e0668999939586cbad9e1850ab684de", "ceec5ccdf87cd9d1a986798a26fdf602331ab552c0d12279e60d1984e503d2ee", "86530bf646068f707f799a8a5422e5e5468d18df117cf02cd9e8b5f69a22d163", "e126e3d595ed5fb389aad77a378cbbff627875efccde879ceb2f69466a6338de", "8af81aeaf846f4a71085ed1abf063b8e8b4ff87b10805cdb703850954fd58cd4"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "process-long-cmdline", "hashes": ["323e92297b154f1877a7f3980d18de98bc8e1fdfcd92339c3f706d0284abb522", "284dae8aa042a069dd0f8b3f2b802566e528bb28e7483c91e7fe414619807668", "a0b463ad143af62657991abed04c6e1e652aacd83597b1ffd1ccd601a761ef4a", "1c0afc71808c9204a208791841e9f2fedf7a15f2d262d87cf270729d351e6a66", "29e31b81930067f1ee57a9331217a21264c4717e15f272ae60de56451ae7f6b3", "53003b37fae55889b7a594122def69c18e0668999939586cbad9e1850ab684de", "ceec5ccdf87cd9d1a986798a26fdf602331ab552c0d12279e60d1984e503d2ee", "86530bf646068f707f799a8a5422e5e5468d18df117cf02cd9e8b5f69a22d163", "e126e3d595ed5fb389aad77a378cbbff627875efccde879ceb2f69466a6338de", "8af81aeaf846f4a71085ed1abf063b8e8b4ff87b10805cdb703850954fd58cd4"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "network-file-downloaded-to-disk", "hashes": ["323e92297b154f1877a7f3980d18de98bc8e1fdfcd92339c3f706d0284abb522", "284dae8aa042a069dd0f8b3f2b802566e528bb28e7483c91e7fe414619807668", "a0b463ad143af62657991abed04c6e1e652aacd83597b1ffd1ccd601a761ef4a", "1c0afc71808c9204a208791841e9f2fedf7a15f2d262d87cf270729d351e6a66", "29e31b81930067f1ee57a9331217a21264c4717e15f272ae60de56451ae7f6b3", "53003b37fae55889b7a594122def69c18e0668999939586cbad9e1850ab684de", "ceec5ccdf87cd9d1a986798a26fdf602331ab552c0d12279e60d1984e503d2ee", "86530bf646068f707f799a8a5422e5e5468d18df117cf02cd9e8b5f69a22d163", "e126e3d595ed5fb389aad77a378cbbff627875efccde879ceb2f69466a6338de", "8af81aeaf846f4a71085ed1abf063b8e8b4ff87b10805cdb703850954fd58cd4"], "mitre_attack_tags": []}, {"bi": "deleted-submitted-file", "hashes": ["323e92297b154f1877a7f3980d18de98bc8e1fdfcd92339c3f706d0284abb522", "284dae8aa042a069dd0f8b3f2b802566e528bb28e7483c91e7fe414619807668", "a0b463ad143af62657991abed04c6e1e652aacd83597b1ffd1ccd601a761ef4a", "1c0afc71808c9204a208791841e9f2fedf7a15f2d262d87cf270729d351e6a66", "29e31b81930067f1ee57a9331217a21264c4717e15f272ae60de56451ae7f6b3", "53003b37fae55889b7a594122def69c18e0668999939586cbad9e1850ab684de", "ceec5ccdf87cd9d1a986798a26fdf602331ab552c0d12279e60d1984e503d2ee", "86530bf646068f707f799a8a5422e5e5468d18df117cf02cd9e8b5f69a22d163", "e126e3d595ed5fb389aad77a378cbbff627875efccde879ceb2f69466a6338de", "8af81aeaf846f4a71085ed1abf063b8e8b4ff87b10805cdb703850954fd58cd4"], "mitre_attack_tags": ["TA0005", "T1070"]}, {"bi": "compound-vb-self-delete", "hashes": ["323e92297b154f1877a7f3980d18de98bc8e1fdfcd92339c3f706d0284abb522", "284dae8aa042a069dd0f8b3f2b802566e528bb28e7483c91e7fe414619807668", "a0b463ad143af62657991abed04c6e1e652aacd83597b1ffd1ccd601a761ef4a", "1c0afc71808c9204a208791841e9f2fedf7a15f2d262d87cf270729d351e6a66", "29e31b81930067f1ee57a9331217a21264c4717e15f272ae60de56451ae7f6b3", "53003b37fae55889b7a594122def69c18e0668999939586cbad9e1850ab684de", "ceec5ccdf87cd9d1a986798a26fdf602331ab552c0d12279e60d1984e503d2ee", "86530bf646068f707f799a8a5422e5e5468d18df117cf02cd9e8b5f69a22d163", "e126e3d595ed5fb389aad77a378cbbff627875efccde879ceb2f69466a6338de", "8af81aeaf846f4a71085ed1abf063b8e8b4ff87b10805cdb703850954fd58cd4"], "mitre_attack_tags": []}, {"bi": "artifact-windows-task", "hashes": ["323e92297b154f1877a7f3980d18de98bc8e1fdfcd92339c3f706d0284abb522", "284dae8aa042a069dd0f8b3f2b802566e528bb28e7483c91e7fe414619807668", "a0b463ad143af62657991abed04c6e1e652aacd83597b1ffd1ccd601a761ef4a", "1c0afc71808c9204a208791841e9f2fedf7a15f2d262d87cf270729d351e6a66", "29e31b81930067f1ee57a9331217a21264c4717e15f272ae60de56451ae7f6b3", "53003b37fae55889b7a594122def69c18e0668999939586cbad9e1850ab684de", "ceec5ccdf87cd9d1a986798a26fdf602331ab552c0d12279e60d1984e503d2ee", "86530bf646068f707f799a8a5422e5e5468d18df117cf02cd9e8b5f69a22d163", "e126e3d595ed5fb389aad77a378cbbff627875efccde879ceb2f69466a6338de", "8af81aeaf846f4a71085ed1abf063b8e8b4ff87b10805cdb703850954fd58cd4"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1053"]}, {"bi": "registry-autorun-key-data-dir", "hashes": ["323e92297b154f1877a7f3980d18de98bc8e1fdfcd92339c3f706d0284abb522", "284dae8aa042a069dd0f8b3f2b802566e528bb28e7483c91e7fe414619807668", "a0b463ad143af62657991abed04c6e1e652aacd83597b1ffd1ccd601a761ef4a", "1c0afc71808c9204a208791841e9f2fedf7a15f2d262d87cf270729d351e6a66", "29e31b81930067f1ee57a9331217a21264c4717e15f272ae60de56451ae7f6b3", "53003b37fae55889b7a594122def69c18e0668999939586cbad9e1850ab684de", "ceec5ccdf87cd9d1a986798a26fdf602331ab552c0d12279e60d1984e503d2ee", "86530bf646068f707f799a8a5422e5e5468d18df117cf02cd9e8b5f69a22d163", "e126e3d595ed5fb389aad77a378cbbff627875efccde879ceb2f69466a6338de", "8af81aeaf846f4a71085ed1abf063b8e8b4ff87b10805cdb703850954fd58cd4"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "registry-autorun-key-modified", "hashes": ["323e92297b154f1877a7f3980d18de98bc8e1fdfcd92339c3f706d0284abb522", "284dae8aa042a069dd0f8b3f2b802566e528bb28e7483c91e7fe414619807668", "a0b463ad143af62657991abed04c6e1e652aacd83597b1ffd1ccd601a761ef4a", "1c0afc71808c9204a208791841e9f2fedf7a15f2d262d87cf270729d351e6a66", "29e31b81930067f1ee57a9331217a21264c4717e15f272ae60de56451ae7f6b3", "53003b37fae55889b7a594122def69c18e0668999939586cbad9e1850ab684de", "ceec5ccdf87cd9d1a986798a26fdf602331ab552c0d12279e60d1984e503d2ee", "86530bf646068f707f799a8a5422e5e5468d18df117cf02cd9e8b5f69a22d163", "e126e3d595ed5fb389aad77a378cbbff627875efccde879ceb2f69466a6338de", "8af81aeaf846f4a71085ed1abf063b8e8b4ff87b10805cdb703850954fd58cd4"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "unsigned-roaming-execution", "hashes": ["323e92297b154f1877a7f3980d18de98bc8e1fdfcd92339c3f706d0284abb522", "284dae8aa042a069dd0f8b3f2b802566e528bb28e7483c91e7fe414619807668", "a0b463ad143af62657991abed04c6e1e652aacd83597b1ffd1ccd601a761ef4a", "1c0afc71808c9204a208791841e9f2fedf7a15f2d262d87cf270729d351e6a66", "29e31b81930067f1ee57a9331217a21264c4717e15f272ae60de56451ae7f6b3", "53003b37fae55889b7a594122def69c18e0668999939586cbad9e1850ab684de", "ceec5ccdf87cd9d1a986798a26fdf602331ab552c0d12279e60d1984e503d2ee", "86530bf646068f707f799a8a5422e5e5468d18df117cf02cd9e8b5f69a22d163", "e126e3d595ed5fb389aad77a378cbbff627875efccde879ceb2f69466a6338de", "8af81aeaf846f4a71085ed1abf063b8e8b4ff87b10805cdb703850954fd58cd4"], "mitre_attack_tags": ["TA0005"]}, {"bi": "pe-imports-toolhelp", "hashes": ["323e92297b154f1877a7f3980d18de98bc8e1fdfcd92339c3f706d0284abb522", "284dae8aa042a069dd0f8b3f2b802566e528bb28e7483c91e7fe414619807668", "a0b463ad143af62657991abed04c6e1e652aacd83597b1ffd1ccd601a761ef4a", "1c0afc71808c9204a208791841e9f2fedf7a15f2d262d87cf270729d351e6a66", "29e31b81930067f1ee57a9331217a21264c4717e15f272ae60de56451ae7f6b3", "53003b37fae55889b7a594122def69c18e0668999939586cbad9e1850ab684de", "ceec5ccdf87cd9d1a986798a26fdf602331ab552c0d12279e60d1984e503d2ee", "86530bf646068f707f799a8a5422e5e5468d18df117cf02cd9e8b5f69a22d163", "e126e3d595ed5fb389aad77a378cbbff627875efccde879ceb2f69466a6338de", "8af81aeaf846f4a71085ed1abf063b8e8b4ff87b10805cdb703850954fd58cd4"], "mitre_attack_tags": ["TA0007", "T1057"]}, {"bi": "excessive-udp-connections", "hashes": ["323e92297b154f1877a7f3980d18de98bc8e1fdfcd92339c3f706d0284abb522", "284dae8aa042a069dd0f8b3f2b802566e528bb28e7483c91e7fe414619807668", "a0b463ad143af62657991abed04c6e1e652aacd83597b1ffd1ccd601a761ef4a", "1c0afc71808c9204a208791841e9f2fedf7a15f2d262d87cf270729d351e6a66", "29e31b81930067f1ee57a9331217a21264c4717e15f272ae60de56451ae7f6b3", "53003b37fae55889b7a594122def69c18e0668999939586cbad9e1850ab684de", "ceec5ccdf87cd9d1a986798a26fdf602331ab552c0d12279e60d1984e503d2ee", "86530bf646068f707f799a8a5422e5e5468d18df117cf02cd9e8b5f69a22d163", "e126e3d595ed5fb389aad77a378cbbff627875efccde879ceb2f69466a6338de", "8af81aeaf846f4a71085ed1abf063b8e8b4ff87b10805cdb703850954fd58cd4"], "mitre_attack_tags": ["TA0011", "T1095", "T1008"]}, {"bi": "malware-ransomware-cerber", "hashes": ["323e92297b154f1877a7f3980d18de98bc8e1fdfcd92339c3f706d0284abb522", "284dae8aa042a069dd0f8b3f2b802566e528bb28e7483c91e7fe414619807668", "a0b463ad143af62657991abed04c6e1e652aacd83597b1ffd1ccd601a761ef4a", "1c0afc71808c9204a208791841e9f2fedf7a15f2d262d87cf270729d351e6a66", "29e31b81930067f1ee57a9331217a21264c4717e15f272ae60de56451ae7f6b3", "53003b37fae55889b7a594122def69c18e0668999939586cbad9e1850ab684de", "ceec5ccdf87cd9d1a986798a26fdf602331ab552c0d12279e60d1984e503d2ee", "86530bf646068f707f799a8a5422e5e5468d18df117cf02cd9e8b5f69a22d163", "e126e3d595ed5fb389aad77a378cbbff627875efccde879ceb2f69466a6338de", "8af81aeaf846f4a71085ed1abf063b8e8b4ff87b10805cdb703850954fd58cd4"], "mitre_attack_tags": ["TA0040", "T1486"]}, {"bi": "startup-folder-modification", "hashes": ["323e92297b154f1877a7f3980d18de98bc8e1fdfcd92339c3f706d0284abb522", "284dae8aa042a069dd0f8b3f2b802566e528bb28e7483c91e7fe414619807668", "a0b463ad143af62657991abed04c6e1e652aacd83597b1ffd1ccd601a761ef4a", "1c0afc71808c9204a208791841e9f2fedf7a15f2d262d87cf270729d351e6a66", "29e31b81930067f1ee57a9331217a21264c4717e15f272ae60de56451ae7f6b3", "53003b37fae55889b7a594122def69c18e0668999939586cbad9e1850ab684de", "ceec5ccdf87cd9d1a986798a26fdf602331ab552c0d12279e60d1984e503d2ee", "86530bf646068f707f799a8a5422e5e5468d18df117cf02cd9e8b5f69a22d163", "e126e3d595ed5fb389aad77a378cbbff627875efccde879ceb2f69466a6338de", "8af81aeaf846f4a71085ed1abf063b8e8b4ff87b10805cdb703850954fd58cd4"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "process-uses-localhost-traffic", "hashes": ["323e92297b154f1877a7f3980d18de98bc8e1fdfcd92339c3f706d0284abb522", "284dae8aa042a069dd0f8b3f2b802566e528bb28e7483c91e7fe414619807668", "a0b463ad143af62657991abed04c6e1e652aacd83597b1ffd1ccd601a761ef4a", "1c0afc71808c9204a208791841e9f2fedf7a15f2d262d87cf270729d351e6a66", "29e31b81930067f1ee57a9331217a21264c4717e15f272ae60de56451ae7f6b3", "53003b37fae55889b7a594122def69c18e0668999939586cbad9e1850ab684de", "ceec5ccdf87cd9d1a986798a26fdf602331ab552c0d12279e60d1984e503d2ee", "86530bf646068f707f799a8a5422e5e5468d18df117cf02cd9e8b5f69a22d163", "e126e3d595ed5fb389aad77a378cbbff627875efccde879ceb2f69466a6338de", "8af81aeaf846f4a71085ed1abf063b8e8b4ff87b10805cdb703850954fd58cd4"], "mitre_attack_tags": ["TA0007", "T1049"]}, {"bi": "process-ping", "hashes": ["323e92297b154f1877a7f3980d18de98bc8e1fdfcd92339c3f706d0284abb522", "284dae8aa042a069dd0f8b3f2b802566e528bb28e7483c91e7fe414619807668", "a0b463ad143af62657991abed04c6e1e652aacd83597b1ffd1ccd601a761ef4a", "1c0afc71808c9204a208791841e9f2fedf7a15f2d262d87cf270729d351e6a66", "29e31b81930067f1ee57a9331217a21264c4717e15f272ae60de56451ae7f6b3", "53003b37fae55889b7a594122def69c18e0668999939586cbad9e1850ab684de", "ceec5ccdf87cd9d1a986798a26fdf602331ab552c0d12279e60d1984e503d2ee", "86530bf646068f707f799a8a5422e5e5468d18df117cf02cd9e8b5f69a22d163", "e126e3d595ed5fb389aad77a378cbbff627875efccde879ceb2f69466a6338de", "8af81aeaf846f4a71085ed1abf063b8e8b4ff87b10805cdb703850954fd58cd4"], "mitre_attack_tags": ["TA0007", "T1049"]}, {"bi": "process-ping-localhost", "hashes": ["323e92297b154f1877a7f3980d18de98bc8e1fdfcd92339c3f706d0284abb522", "284dae8aa042a069dd0f8b3f2b802566e528bb28e7483c91e7fe414619807668", "a0b463ad143af62657991abed04c6e1e652aacd83597b1ffd1ccd601a761ef4a", "1c0afc71808c9204a208791841e9f2fedf7a15f2d262d87cf270729d351e6a66", "29e31b81930067f1ee57a9331217a21264c4717e15f272ae60de56451ae7f6b3", "53003b37fae55889b7a594122def69c18e0668999939586cbad9e1850ab684de", "ceec5ccdf87cd9d1a986798a26fdf602331ab552c0d12279e60d1984e503d2ee", "86530bf646068f707f799a8a5422e5e5468d18df117cf02cd9e8b5f69a22d163", "e126e3d595ed5fb389aad77a378cbbff627875efccde879ceb2f69466a6338de", "8af81aeaf846f4a71085ed1abf063b8e8b4ff87b10805cdb703850954fd58cd4"], "mitre_attack_tags": ["TA0007", "T1016"]}, {"bi": "startup-folder-lnk-file", "hashes": ["323e92297b154f1877a7f3980d18de98bc8e1fdfcd92339c3f706d0284abb522", "284dae8aa042a069dd0f8b3f2b802566e528bb28e7483c91e7fe414619807668", "a0b463ad143af62657991abed04c6e1e652aacd83597b1ffd1ccd601a761ef4a", "1c0afc71808c9204a208791841e9f2fedf7a15f2d262d87cf270729d351e6a66", "29e31b81930067f1ee57a9331217a21264c4717e15f272ae60de56451ae7f6b3", "53003b37fae55889b7a594122def69c18e0668999939586cbad9e1850ab684de", "ceec5ccdf87cd9d1a986798a26fdf602331ab552c0d12279e60d1984e503d2ee", "86530bf646068f707f799a8a5422e5e5468d18df117cf02cd9e8b5f69a22d163", "e126e3d595ed5fb389aad77a378cbbff627875efccde879ceb2f69466a6338de", "8af81aeaf846f4a71085ed1abf063b8e8b4ff87b10805cdb703850954fd58cd4"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "command-deleted-shadow-copy", "hashes": ["323e92297b154f1877a7f3980d18de98bc8e1fdfcd92339c3f706d0284abb522", "284dae8aa042a069dd0f8b3f2b802566e528bb28e7483c91e7fe414619807668", "a0b463ad143af62657991abed04c6e1e652aacd83597b1ffd1ccd601a761ef4a", "1c0afc71808c9204a208791841e9f2fedf7a15f2d262d87cf270729d351e6a66", "29e31b81930067f1ee57a9331217a21264c4717e15f272ae60de56451ae7f6b3", "53003b37fae55889b7a594122def69c18e0668999939586cbad9e1850ab684de", "ceec5ccdf87cd9d1a986798a26fdf602331ab552c0d12279e60d1984e503d2ee", "86530bf646068f707f799a8a5422e5e5468d18df117cf02cd9e8b5f69a22d163", "e126e3d595ed5fb389aad77a378cbbff627875efccde879ceb2f69466a6338de", "8af81aeaf846f4a71085ed1abf063b8e8b4ff87b10805cdb703850954fd58cd4"], "mitre_attack_tags": ["TA0040", "T1490"]}, {"bi": "malware-generic-ransomware-backup-del", "hashes": ["323e92297b154f1877a7f3980d18de98bc8e1fdfcd92339c3f706d0284abb522", "284dae8aa042a069dd0f8b3f2b802566e528bb28e7483c91e7fe414619807668", "a0b463ad143af62657991abed04c6e1e652aacd83597b1ffd1ccd601a761ef4a", "1c0afc71808c9204a208791841e9f2fedf7a15f2d262d87cf270729d351e6a66", "29e31b81930067f1ee57a9331217a21264c4717e15f272ae60de56451ae7f6b3", "53003b37fae55889b7a594122def69c18e0668999939586cbad9e1850ab684de", "ceec5ccdf87cd9d1a986798a26fdf602331ab552c0d12279e60d1984e503d2ee", "86530bf646068f707f799a8a5422e5e5468d18df117cf02cd9e8b5f69a22d163", "e126e3d595ed5fb389aad77a378cbbff627875efccde879ceb2f69466a6338de", "8af81aeaf846f4a71085ed1abf063b8e8b4ff87b10805cdb703850954fd58cd4"], "mitre_attack_tags": []}, {"bi": "wmic-shadowcopy-delete", "hashes": ["323e92297b154f1877a7f3980d18de98bc8e1fdfcd92339c3f706d0284abb522", "284dae8aa042a069dd0f8b3f2b802566e528bb28e7483c91e7fe414619807668", "a0b463ad143af62657991abed04c6e1e652aacd83597b1ffd1ccd601a761ef4a", "1c0afc71808c9204a208791841e9f2fedf7a15f2d262d87cf270729d351e6a66", "29e31b81930067f1ee57a9331217a21264c4717e15f272ae60de56451ae7f6b3", "53003b37fae55889b7a594122def69c18e0668999939586cbad9e1850ab684de", "ceec5ccdf87cd9d1a986798a26fdf602331ab552c0d12279e60d1984e503d2ee", "86530bf646068f707f799a8a5422e5e5468d18df117cf02cd9e8b5f69a22d163", "e126e3d595ed5fb389aad77a378cbbff627875efccde879ceb2f69466a6338de", "8af81aeaf846f4a71085ed1abf063b8e8b4ff87b10805cdb703850954fd58cd4"], "mitre_attack_tags": ["TA0002", "TA0040", "T1047", "T1490"]}, {"bi": "microsoft-block-rule-list-app-executed", "hashes": ["323e92297b154f1877a7f3980d18de98bc8e1fdfcd92339c3f706d0284abb522", "284dae8aa042a069dd0f8b3f2b802566e528bb28e7483c91e7fe414619807668", "a0b463ad143af62657991abed04c6e1e652aacd83597b1ffd1ccd601a761ef4a", "1c0afc71808c9204a208791841e9f2fedf7a15f2d262d87cf270729d351e6a66", "29e31b81930067f1ee57a9331217a21264c4717e15f272ae60de56451ae7f6b3", "53003b37fae55889b7a594122def69c18e0668999939586cbad9e1850ab684de", "ceec5ccdf87cd9d1a986798a26fdf602331ab552c0d12279e60d1984e503d2ee", "86530bf646068f707f799a8a5422e5e5468d18df117cf02cd9e8b5f69a22d163", "e126e3d595ed5fb389aad77a378cbbff627875efccde879ceb2f69466a6338de", "8af81aeaf846f4a71085ed1abf063b8e8b4ff87b10805cdb703850954fd58cd4"], "mitre_attack_tags": ["TA0005", "T1089"]}, {"bi": "bcdedit-disable-recovery", "hashes": ["323e92297b154f1877a7f3980d18de98bc8e1fdfcd92339c3f706d0284abb522", "284dae8aa042a069dd0f8b3f2b802566e528bb28e7483c91e7fe414619807668", "a0b463ad143af62657991abed04c6e1e652aacd83597b1ffd1ccd601a761ef4a", "1c0afc71808c9204a208791841e9f2fedf7a15f2d262d87cf270729d351e6a66", "29e31b81930067f1ee57a9331217a21264c4717e15f272ae60de56451ae7f6b3", "53003b37fae55889b7a594122def69c18e0668999939586cbad9e1850ab684de", "ceec5ccdf87cd9d1a986798a26fdf602331ab552c0d12279e60d1984e503d2ee", "86530bf646068f707f799a8a5422e5e5468d18df117cf02cd9e8b5f69a22d163", "e126e3d595ed5fb389aad77a378cbbff627875efccde879ceb2f69466a6338de", "8af81aeaf846f4a71085ed1abf063b8e8b4ff87b10805cdb703850954fd58cd4"], "mitre_attack_tags": ["TA0040", "T1490"]}, {"bi": "process-taskkill", "hashes": ["323e92297b154f1877a7f3980d18de98bc8e1fdfcd92339c3f706d0284abb522", "284dae8aa042a069dd0f8b3f2b802566e528bb28e7483c91e7fe414619807668", "a0b463ad143af62657991abed04c6e1e652aacd83597b1ffd1ccd601a761ef4a", "1c0afc71808c9204a208791841e9f2fedf7a15f2d262d87cf270729d351e6a66", "29e31b81930067f1ee57a9331217a21264c4717e15f272ae60de56451ae7f6b3", "53003b37fae55889b7a594122def69c18e0668999939586cbad9e1850ab684de", "ceec5ccdf87cd9d1a986798a26fdf602331ab552c0d12279e60d1984e503d2ee", "86530bf646068f707f799a8a5422e5e5468d18df117cf02cd9e8b5f69a22d163", "e126e3d595ed5fb389aad77a378cbbff627875efccde879ceb2f69466a6338de", "8af81aeaf846f4a71085ed1abf063b8e8b4ff87b10805cdb703850954fd58cd4"], "mitre_attack_tags": ["TA0005", "T1562"]}, {"bi": "bcdedit-ignore-failure", "hashes": ["323e92297b154f1877a7f3980d18de98bc8e1fdfcd92339c3f706d0284abb522", "284dae8aa042a069dd0f8b3f2b802566e528bb28e7483c91e7fe414619807668", "a0b463ad143af62657991abed04c6e1e652aacd83597b1ffd1ccd601a761ef4a", "1c0afc71808c9204a208791841e9f2fedf7a15f2d262d87cf270729d351e6a66", "29e31b81930067f1ee57a9331217a21264c4717e15f272ae60de56451ae7f6b3", "53003b37fae55889b7a594122def69c18e0668999939586cbad9e1850ab684de", "ceec5ccdf87cd9d1a986798a26fdf602331ab552c0d12279e60d1984e503d2ee", "86530bf646068f707f799a8a5422e5e5468d18df117cf02cd9e8b5f69a22d163", "e126e3d595ed5fb389aad77a378cbbff627875efccde879ceb2f69466a6338de", "8af81aeaf846f4a71085ed1abf063b8e8b4ff87b10805cdb703850954fd58cd4"], "mitre_attack_tags": ["TA0040", "T1490"]}, {"bi": "lnk-no-creation-date", "hashes": ["323e92297b154f1877a7f3980d18de98bc8e1fdfcd92339c3f706d0284abb522", "284dae8aa042a069dd0f8b3f2b802566e528bb28e7483c91e7fe414619807668", "a0b463ad143af62657991abed04c6e1e652aacd83597b1ffd1ccd601a761ef4a", "1c0afc71808c9204a208791841e9f2fedf7a15f2d262d87cf270729d351e6a66", "29e31b81930067f1ee57a9331217a21264c4717e15f272ae60de56451ae7f6b3", "53003b37fae55889b7a594122def69c18e0668999939586cbad9e1850ab684de", "ceec5ccdf87cd9d1a986798a26fdf602331ab552c0d12279e60d1984e503d2ee", "86530bf646068f707f799a8a5422e5e5468d18df117cf02cd9e8b5f69a22d163", "e126e3d595ed5fb389aad77a378cbbff627875efccde879ceb2f69466a6338de", "8af81aeaf846f4a71085ed1abf063b8e8b4ff87b10805cdb703850954fd58cd4"], "mitre_attack_tags": ["TA0002", "T1203"]}, {"bi": "registry-autorun-commandprocessor", "hashes": ["323e92297b154f1877a7f3980d18de98bc8e1fdfcd92339c3f706d0284abb522", "284dae8aa042a069dd0f8b3f2b802566e528bb28e7483c91e7fe414619807668", "a0b463ad143af62657991abed04c6e1e652aacd83597b1ffd1ccd601a761ef4a", "1c0afc71808c9204a208791841e9f2fedf7a15f2d262d87cf270729d351e6a66", "29e31b81930067f1ee57a9331217a21264c4717e15f272ae60de56451ae7f6b3", "53003b37fae55889b7a594122def69c18e0668999939586cbad9e1850ab684de", "ceec5ccdf87cd9d1a986798a26fdf602331ab552c0d12279e60d1984e503d2ee", "86530bf646068f707f799a8a5422e5e5468d18df117cf02cd9e8b5f69a22d163", "e126e3d595ed5fb389aad77a378cbbff627875efccde879ceb2f69466a6338de", "8af81aeaf846f4a71085ed1abf063b8e8b4ff87b10805cdb703850954fd58cd4"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "screen-saver-modified", "hashes": ["323e92297b154f1877a7f3980d18de98bc8e1fdfcd92339c3f706d0284abb522", "284dae8aa042a069dd0f8b3f2b802566e528bb28e7483c91e7fe414619807668", "a0b463ad143af62657991abed04c6e1e652aacd83597b1ffd1ccd601a761ef4a", "1c0afc71808c9204a208791841e9f2fedf7a15f2d262d87cf270729d351e6a66", "29e31b81930067f1ee57a9331217a21264c4717e15f272ae60de56451ae7f6b3", "53003b37fae55889b7a594122def69c18e0668999939586cbad9e1850ab684de", "ceec5ccdf87cd9d1a986798a26fdf602331ab552c0d12279e60d1984e503d2ee", "86530bf646068f707f799a8a5422e5e5468d18df117cf02cd9e8b5f69a22d163", "e126e3d595ed5fb389aad77a378cbbff627875efccde879ceb2f69466a6338de", "8af81aeaf846f4a71085ed1abf063b8e8b4ff87b10805cdb703850954fd58cd4"], "mitre_attack_tags": ["TA0003", "TA0004", "T1546"]}, {"bi": "process-check-deep-freeze", "hashes": ["323e92297b154f1877a7f3980d18de98bc8e1fdfcd92339c3f706d0284abb522", "284dae8aa042a069dd0f8b3f2b802566e528bb28e7483c91e7fe414619807668", "a0b463ad143af62657991abed04c6e1e652aacd83597b1ffd1ccd601a761ef4a", "1c0afc71808c9204a208791841e9f2fedf7a15f2d262d87cf270729d351e6a66", "29e31b81930067f1ee57a9331217a21264c4717e15f272ae60de56451ae7f6b3", "53003b37fae55889b7a594122def69c18e0668999939586cbad9e1850ab684de", "ceec5ccdf87cd9d1a986798a26fdf602331ab552c0d12279e60d1984e503d2ee", "86530bf646068f707f799a8a5422e5e5468d18df117cf02cd9e8b5f69a22d163", "e126e3d595ed5fb389aad77a378cbbff627875efccde879ceb2f69466a6338de", "8af81aeaf846f4a71085ed1abf063b8e8b4ff87b10805cdb703850954fd58cd4"], "mitre_attack_tags": ["TA0005", "TA0007", "T1497"]}, {"bi": "process-check-analysis-tools", "hashes": ["323e92297b154f1877a7f3980d18de98bc8e1fdfcd92339c3f706d0284abb522", "284dae8aa042a069dd0f8b3f2b802566e528bb28e7483c91e7fe414619807668", "a0b463ad143af62657991abed04c6e1e652aacd83597b1ffd1ccd601a761ef4a", "1c0afc71808c9204a208791841e9f2fedf7a15f2d262d87cf270729d351e6a66", "29e31b81930067f1ee57a9331217a21264c4717e15f272ae60de56451ae7f6b3", "53003b37fae55889b7a594122def69c18e0668999939586cbad9e1850ab684de", "ceec5ccdf87cd9d1a986798a26fdf602331ab552c0d12279e60d1984e503d2ee", "86530bf646068f707f799a8a5422e5e5468d18df117cf02cd9e8b5f69a22d163", "e126e3d595ed5fb389aad77a378cbbff627875efccde879ceb2f69466a6338de", "8af81aeaf846f4a71085ed1abf063b8e8b4ff87b10805cdb703850954fd58cd4"], "mitre_attack_tags": ["TA0005", "TA0007", "T1497"]}, {"bi": "pe-imports-virtual-disk-api-dll", "hashes": ["323e92297b154f1877a7f3980d18de98bc8e1fdfcd92339c3f706d0284abb522", "284dae8aa042a069dd0f8b3f2b802566e528bb28e7483c91e7fe414619807668", "a0b463ad143af62657991abed04c6e1e652aacd83597b1ffd1ccd601a761ef4a", "1c0afc71808c9204a208791841e9f2fedf7a15f2d262d87cf270729d351e6a66", "29e31b81930067f1ee57a9331217a21264c4717e15f272ae60de56451ae7f6b3", "53003b37fae55889b7a594122def69c18e0668999939586cbad9e1850ab684de", "ceec5ccdf87cd9d1a986798a26fdf602331ab552c0d12279e60d1984e503d2ee", "86530bf646068f707f799a8a5422e5e5468d18df117cf02cd9e8b5f69a22d163", "e126e3d595ed5fb389aad77a378cbbff627875efccde879ceb2f69466a6338de", "8af81aeaf846f4a71085ed1abf063b8e8b4ff87b10805cdb703850954fd58cd4"], "mitre_attack_tags": ["TA0005", "TA0007", "T1497"]}, {"bi": "process-with-multiple-children", "hashes": ["a0b463ad143af62657991abed04c6e1e652aacd83597b1ffd1ccd601a761ef4a", "53003b37fae55889b7a594122def69c18e0668999939586cbad9e1850ab684de"], "mitre_attack_tags": ["TA0005"]}], "category": "Ransomware", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": false, "Threat Grid": true, "Umbrella": false, "WSA": false}, "description": "Cerber is ransomware that encrypts documents, photos, databases and other important files. Historically, this malware would replace files with encrypted versions and add the file extension \".cerber,\" although in more recent campaigns, other file extensions are used.", "hashes": ["02b265f4d4743586c8d060f43dac872f617bea4211979e3c4de291a1fd2dbeab", "1c0afc71808c9204a208791841e9f2fedf7a15f2d262d87cf270729d351e6a66", "284dae8aa042a069dd0f8b3f2b802566e528bb28e7483c91e7fe414619807668", "29e31b81930067f1ee57a9331217a21264c4717e15f272ae60de56451ae7f6b3", "323e92297b154f1877a7f3980d18de98bc8e1fdfcd92339c3f706d0284abb522", "53003b37fae55889b7a594122def69c18e0668999939586cbad9e1850ab684de", "86530bf646068f707f799a8a5422e5e5468d18df117cf02cd9e8b5f69a22d163", "8af81aeaf846f4a71085ed1abf063b8e8b4ff87b10805cdb703850954fd58cd4", "a0b463ad143af62657991abed04c6e1e652aacd83597b1ffd1ccd601a761ef4a", "ceec5ccdf87cd9d1a986798a26fdf602331ab552c0d12279e60d1984e503d2ee", "e126e3d595ed5fb389aad77a378cbbff627875efccde879ceb2f69466a6338de"], "iocs": {"domain": [], "file": [{"hashes": ["1c0afc71808c9204a208791841e9f2fedf7a15f2d262d87cf270729d351e6a66", "284dae8aa042a069dd0f8b3f2b802566e528bb28e7483c91e7fe414619807668", "29e31b81930067f1ee57a9331217a21264c4717e15f272ae60de56451ae7f6b3", "323e92297b154f1877a7f3980d18de98bc8e1fdfcd92339c3f706d0284abb522", "53003b37fae55889b7a594122def69c18e0668999939586cbad9e1850ab684de", "86530bf646068f707f799a8a5422e5e5468d18df117cf02cd9e8b5f69a22d163", "8af81aeaf846f4a71085ed1abf063b8e8b4ff87b10805cdb703850954fd58cd4", "a0b463ad143af62657991abed04c6e1e652aacd83597b1ffd1ccd601a761ef4a", "ceec5ccdf87cd9d1a986798a26fdf602331ab552c0d12279e60d1984e503d2ee", "e126e3d595ed5fb389aad77a378cbbff627875efccde879ceb2f69466a6338de"], "path": "%APPDATA%\\{6F885251-E36F-0FE6-9629-63208157D7A2}"}, {"hashes": ["29e31b81930067f1ee57a9331217a21264c4717e15f272ae60de56451ae7f6b3"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\StartUp\\eventvwr.lnk"}, {"hashes": ["29e31b81930067f1ee57a9331217a21264c4717e15f272ae60de56451ae7f6b3"], "path": "%APPDATA%\\{6F885251-E36F-0FE6-9629-63208157D7A2}\\eventvwr.exe"}, {"hashes": ["1c0afc71808c9204a208791841e9f2fedf7a15f2d262d87cf270729d351e6a66"], "path": "%System32%\\Tasks\\wimserv"}, {"hashes": ["1c0afc71808c9204a208791841e9f2fedf7a15f2d262d87cf270729d351e6a66"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\StartUp\\wimserv.lnk"}, {"hashes": ["1c0afc71808c9204a208791841e9f2fedf7a15f2d262d87cf270729d351e6a66"], "path": "%APPDATA%\\{6F885251-E36F-0FE6-9629-63208157D7A2}\\wimserv.exe"}, {"hashes": ["29e31b81930067f1ee57a9331217a21264c4717e15f272ae60de56451ae7f6b3"], "path": "%System32%\\Tasks\\eventvwr"}, {"hashes": ["86530bf646068f707f799a8a5422e5e5468d18df117cf02cd9e8b5f69a22d163"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\StartUp\\sdchange.lnk"}, {"hashes": ["86530bf646068f707f799a8a5422e5e5468d18df117cf02cd9e8b5f69a22d163"], "path": "%APPDATA%\\{6F885251-E36F-0FE6-9629-63208157D7A2}\\sdchange.exe"}, {"hashes": ["86530bf646068f707f799a8a5422e5e5468d18df117cf02cd9e8b5f69a22d163"], "path": "%System32%\\Tasks\\sdchange"}, {"hashes": ["ceec5ccdf87cd9d1a986798a26fdf602331ab552c0d12279e60d1984e503d2ee"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\StartUp\\at.lnk"}, {"hashes": ["ceec5ccdf87cd9d1a986798a26fdf602331ab552c0d12279e60d1984e503d2ee"], "path": "%APPDATA%\\{6F885251-E36F-0FE6-9629-63208157D7A2}\\at.exe"}, {"hashes": ["ceec5ccdf87cd9d1a986798a26fdf602331ab552c0d12279e60d1984e503d2ee"], "path": "%System32%\\Tasks\\at"}, {"hashes": ["8af81aeaf846f4a71085ed1abf063b8e8b4ff87b10805cdb703850954fd58cd4"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\StartUp\\fc.lnk"}, {"hashes": ["8af81aeaf846f4a71085ed1abf063b8e8b4ff87b10805cdb703850954fd58cd4"], "path": "%APPDATA%\\{6F885251-E36F-0FE6-9629-63208157D7A2}\\fc.exe"}, {"hashes": ["8af81aeaf846f4a71085ed1abf063b8e8b4ff87b10805cdb703850954fd58cd4"], "path": "%System32%\\Tasks\\fc"}, {"hashes": ["e126e3d595ed5fb389aad77a378cbbff627875efccde879ceb2f69466a6338de"], "path": "%System32%\\Tasks\\ntkrnlpa"}, {"hashes": ["e126e3d595ed5fb389aad77a378cbbff627875efccde879ceb2f69466a6338de"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\StartUp\\ntkrnlpa.lnk"}, {"hashes": ["e126e3d595ed5fb389aad77a378cbbff627875efccde879ceb2f69466a6338de"], "path": "%APPDATA%\\{6F885251-E36F-0FE6-9629-63208157D7A2}\\ntkrnlpa.exe"}, {"hashes": ["a0b463ad143af62657991abed04c6e1e652aacd83597b1ffd1ccd601a761ef4a"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\StartUp\\unlodctr.lnk"}, {"hashes": ["a0b463ad143af62657991abed04c6e1e652aacd83597b1ffd1ccd601a761ef4a"], "path": "%APPDATA%\\{6F885251-E36F-0FE6-9629-63208157D7A2}\\unlodctr.exe"}, {"hashes": ["323e92297b154f1877a7f3980d18de98bc8e1fdfcd92339c3f706d0284abb522"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\StartUp\\TSTheme.lnk"}, {"hashes": ["323e92297b154f1877a7f3980d18de98bc8e1fdfcd92339c3f706d0284abb522"], "path": "%APPDATA%\\{6F885251-E36F-0FE6-9629-63208157D7A2}\\TSTheme.exe"}, {"hashes": ["a0b463ad143af62657991abed04c6e1e652aacd83597b1ffd1ccd601a761ef4a"], "path": "%System32%\\Tasks\\unlodctr"}, {"hashes": ["284dae8aa042a069dd0f8b3f2b802566e528bb28e7483c91e7fe414619807668"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\StartUp\\ReAgentc.lnk"}, {"hashes": ["284dae8aa042a069dd0f8b3f2b802566e528bb28e7483c91e7fe414619807668"], "path": "%APPDATA%\\{6F885251-E36F-0FE6-9629-63208157D7A2}\\ReAgentc.exe"}, {"hashes": ["53003b37fae55889b7a594122def69c18e0668999939586cbad9e1850ab684de"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\StartUp\\WPDShextAutoplay.lnk"}, {"hashes": ["53003b37fae55889b7a594122def69c18e0668999939586cbad9e1850ab684de"], "path": "%APPDATA%\\{6F885251-E36F-0FE6-9629-63208157D7A2}\\WPDShextAutoplay.exe"}, {"hashes": ["323e92297b154f1877a7f3980d18de98bc8e1fdfcd92339c3f706d0284abb522"], "path": "%System32%\\Tasks\\TSTheme"}, {"hashes": ["284dae8aa042a069dd0f8b3f2b802566e528bb28e7483c91e7fe414619807668"], "path": "%System32%\\Tasks\\ReAgentc"}, {"hashes": ["53003b37fae55889b7a594122def69c18e0668999939586cbad9e1850ab684de"], "path": "%System32%\\Tasks\\WPDShextAutoplay"}, {"hashes": ["a0b463ad143af62657991abed04c6e1e652aacd83597b1ffd1ccd601a761ef4a"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\wbengine.lnk"}, {"hashes": ["1c0afc71808c9204a208791841e9f2fedf7a15f2d262d87cf270729d351e6a66"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\raserver.lnk"}, {"hashes": ["284dae8aa042a069dd0f8b3f2b802566e528bb28e7483c91e7fe414619807668"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\wbadmin.lnk"}, {"hashes": ["8af81aeaf846f4a71085ed1abf063b8e8b4ff87b10805cdb703850954fd58cd4"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\UserAccountControlSettings.lnk"}, {"hashes": ["53003b37fae55889b7a594122def69c18e0668999939586cbad9e1850ab684de"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\PnPutil.lnk"}, {"hashes": ["86530bf646068f707f799a8a5422e5e5468d18df117cf02cd9e8b5f69a22d163"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\WFS.lnk"}, {"hashes": ["284dae8aa042a069dd0f8b3f2b802566e528bb28e7483c91e7fe414619807668"], "path": "%APPDATA%\\{E54604EF-479C-998A-5968-6EF7F0120D4B}\\wbadmin.exe"}, {"hashes": ["29e31b81930067f1ee57a9331217a21264c4717e15f272ae60de56451ae7f6b3"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\ndadmin.lnk"}, {"hashes": ["29e31b81930067f1ee57a9331217a21264c4717e15f272ae60de56451ae7f6b3"], "path": "%APPDATA%\\{60757241-B567-09EE-D5DE-C1F7D49141FA}\\ndadmin.exe"}, {"hashes": ["53003b37fae55889b7a594122def69c18e0668999939586cbad9e1850ab684de"], "path": "%APPDATA%\\{0DD643F7-FC7F-D701-F44A-02FFBD531EF7}\\PnPutil.exe"}, {"hashes": ["86530bf646068f707f799a8a5422e5e5468d18df117cf02cd9e8b5f69a22d163"], "path": "%APPDATA%\\{BC3951BD-F994-230A-070B-5C0EE0A4A138}\\WFS.exe"}, {"hashes": ["323e92297b154f1877a7f3980d18de98bc8e1fdfcd92339c3f706d0284abb522"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\PresentationSettings.lnk"}, {"hashes": ["323e92297b154f1877a7f3980d18de98bc8e1fdfcd92339c3f706d0284abb522"], "path": "%APPDATA%\\{97A0E0EA-8785-C6D1-F2C0-830D8D0D27E6}\\PresentationSettings.exe"}, {"hashes": ["ceec5ccdf87cd9d1a986798a26fdf602331ab552c0d12279e60d1984e503d2ee"], "path": "%APPDATA%\\{1EAF8DEC-FC54-EBAE-F2C1-89C627198079}\\LaunchTM.exe"}, {"hashes": ["8af81aeaf846f4a71085ed1abf063b8e8b4ff87b10805cdb703850954fd58cd4"], "path": "%APPDATA%\\{887170FA-92BE-4CF1-DD8F-2216FA18A319}\\UserAccountControlSettings.exe"}, {"hashes": ["a0b463ad143af62657991abed04c6e1e652aacd83597b1ffd1ccd601a761ef4a"], "path": "%APPDATA%\\{8B1BA67C-2042-7677-E8EC-4EF9833392FB}\\wbengine.exe"}, {"hashes": ["e126e3d595ed5fb389aad77a378cbbff627875efccde879ceb2f69466a6338de"], "path": "%APPDATA%\\{6599F447-DCC8-5C9A-9C51-32AABE25741F}\\fhmanagew.exe"}, {"hashes": ["1c0afc71808c9204a208791841e9f2fedf7a15f2d262d87cf270729d351e6a66"], "path": "%APPDATA%\\{4645B428-C5AA-9118-30BD-B8AFB4738A6E}\\raserver.exe"}], "ip": [{"hashes": ["1c0afc71808c9204a208791841e9f2fedf7a15f2d262d87cf270729d351e6a66", "284dae8aa042a069dd0f8b3f2b802566e528bb28e7483c91e7fe414619807668", "29e31b81930067f1ee57a9331217a21264c4717e15f272ae60de56451ae7f6b3", "323e92297b154f1877a7f3980d18de98bc8e1fdfcd92339c3f706d0284abb522", "53003b37fae55889b7a594122def69c18e0668999939586cbad9e1850ab684de", "86530bf646068f707f799a8a5422e5e5468d18df117cf02cd9e8b5f69a22d163", "8af81aeaf846f4a71085ed1abf063b8e8b4ff87b10805cdb703850954fd58cd4", "a0b463ad143af62657991abed04c6e1e652aacd83597b1ffd1ccd601a761ef4a", "ceec5ccdf87cd9d1a986798a26fdf602331ab552c0d12279e60d1984e503d2ee", "e126e3d595ed5fb389aad77a378cbbff627875efccde879ceb2f69466a6338de"], "ip": "85[.]93[.]0[.]0/18"}], "mutex": [{"hashes": ["1c0afc71808c9204a208791841e9f2fedf7a15f2d262d87cf270729d351e6a66", "284dae8aa042a069dd0f8b3f2b802566e528bb28e7483c91e7fe414619807668", "29e31b81930067f1ee57a9331217a21264c4717e15f272ae60de56451ae7f6b3", "323e92297b154f1877a7f3980d18de98bc8e1fdfcd92339c3f706d0284abb522", "53003b37fae55889b7a594122def69c18e0668999939586cbad9e1850ab684de", "86530bf646068f707f799a8a5422e5e5468d18df117cf02cd9e8b5f69a22d163", "8af81aeaf846f4a71085ed1abf063b8e8b4ff87b10805cdb703850954fd58cd4", "a0b463ad143af62657991abed04c6e1e652aacd83597b1ffd1ccd601a761ef4a", "ceec5ccdf87cd9d1a986798a26fdf602331ab552c0d12279e60d1984e503d2ee", "e126e3d595ed5fb389aad77a378cbbff627875efccde879ceb2f69466a6338de"], "name": "shell.{381828AA-8B28-3374-1B67-35680555C5EF}"}, {"hashes": ["1c0afc71808c9204a208791841e9f2fedf7a15f2d262d87cf270729d351e6a66", "284dae8aa042a069dd0f8b3f2b802566e528bb28e7483c91e7fe414619807668", "29e31b81930067f1ee57a9331217a21264c4717e15f272ae60de56451ae7f6b3", "323e92297b154f1877a7f3980d18de98bc8e1fdfcd92339c3f706d0284abb522", "53003b37fae55889b7a594122def69c18e0668999939586cbad9e1850ab684de", "86530bf646068f707f799a8a5422e5e5468d18df117cf02cd9e8b5f69a22d163", "8af81aeaf846f4a71085ed1abf063b8e8b4ff87b10805cdb703850954fd58cd4", "a0b463ad143af62657991abed04c6e1e652aacd83597b1ffd1ccd601a761ef4a", "ceec5ccdf87cd9d1a986798a26fdf602331ab552c0d12279e60d1984e503d2ee", "e126e3d595ed5fb389aad77a378cbbff627875efccde879ceb2f69466a6338de"], "name": "Frz_State"}, {"hashes": ["1c0afc71808c9204a208791841e9f2fedf7a15f2d262d87cf270729d351e6a66", "284dae8aa042a069dd0f8b3f2b802566e528bb28e7483c91e7fe414619807668", "29e31b81930067f1ee57a9331217a21264c4717e15f272ae60de56451ae7f6b3", "323e92297b154f1877a7f3980d18de98bc8e1fdfcd92339c3f706d0284abb522", "53003b37fae55889b7a594122def69c18e0668999939586cbad9e1850ab684de", "86530bf646068f707f799a8a5422e5e5468d18df117cf02cd9e8b5f69a22d163", "8af81aeaf846f4a71085ed1abf063b8e8b4ff87b10805cdb703850954fd58cd4", "a0b463ad143af62657991abed04c6e1e652aacd83597b1ffd1ccd601a761ef4a", "ceec5ccdf87cd9d1a986798a26fdf602331ab552c0d12279e60d1984e503d2ee", "e126e3d595ed5fb389aad77a378cbbff627875efccde879ceb2f69466a6338de"], "name": "shell.{<random GUID>}"}], "registry": [{"hashes": ["1c0afc71808c9204a208791841e9f2fedf7a15f2d262d87cf270729d351e6a66", "284dae8aa042a069dd0f8b3f2b802566e528bb28e7483c91e7fe414619807668", "29e31b81930067f1ee57a9331217a21264c4717e15f272ae60de56451ae7f6b3", "323e92297b154f1877a7f3980d18de98bc8e1fdfcd92339c3f706d0284abb522", "53003b37fae55889b7a594122def69c18e0668999939586cbad9e1850ab684de", "86530bf646068f707f799a8a5422e5e5468d18df117cf02cd9e8b5f69a22d163", "8af81aeaf846f4a71085ed1abf063b8e8b4ff87b10805cdb703850954fd58cd4", "a0b463ad143af62657991abed04c6e1e652aacd83597b1ffd1ccd601a761ef4a", "ceec5ccdf87cd9d1a986798a26fdf602331ab552c0d12279e60d1984e503d2ee", "e126e3d595ed5fb389aad77a378cbbff627875efccde879ceb2f69466a6338de"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\EXPLORER", "value_name": "Run"}, {"hashes": ["1c0afc71808c9204a208791841e9f2fedf7a15f2d262d87cf270729d351e6a66", "284dae8aa042a069dd0f8b3f2b802566e528bb28e7483c91e7fe414619807668", "29e31b81930067f1ee57a9331217a21264c4717e15f272ae60de56451ae7f6b3", "323e92297b154f1877a7f3980d18de98bc8e1fdfcd92339c3f706d0284abb522", "53003b37fae55889b7a594122def69c18e0668999939586cbad9e1850ab684de", "86530bf646068f707f799a8a5422e5e5468d18df117cf02cd9e8b5f69a22d163", "8af81aeaf846f4a71085ed1abf063b8e8b4ff87b10805cdb703850954fd58cd4", "a0b463ad143af62657991abed04c6e1e652aacd83597b1ffd1ccd601a761ef4a", "ceec5ccdf87cd9d1a986798a26fdf602331ab552c0d12279e60d1984e503d2ee", "e126e3d595ed5fb389aad77a378cbbff627875efccde879ceb2f69466a6338de"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\COMMAND PROCESSOR", "value_name": "AutoRun"}, {"hashes": ["1c0afc71808c9204a208791841e9f2fedf7a15f2d262d87cf270729d351e6a66", "284dae8aa042a069dd0f8b3f2b802566e528bb28e7483c91e7fe414619807668", "29e31b81930067f1ee57a9331217a21264c4717e15f272ae60de56451ae7f6b3", "323e92297b154f1877a7f3980d18de98bc8e1fdfcd92339c3f706d0284abb522", "53003b37fae55889b7a594122def69c18e0668999939586cbad9e1850ab684de", "86530bf646068f707f799a8a5422e5e5468d18df117cf02cd9e8b5f69a22d163", "8af81aeaf846f4a71085ed1abf063b8e8b4ff87b10805cdb703850954fd58cd4", "a0b463ad143af62657991abed04c6e1e652aacd83597b1ffd1ccd601a761ef4a", "ceec5ccdf87cd9d1a986798a26fdf602331ab552c0d12279e60d1984e503d2ee", "e126e3d595ed5fb389aad77a378cbbff627875efccde879ceb2f69466a6338de"], "key": "<HKCU>\\PRINTERS\\DEFAULTS\\{21A3D5EE-E123-244A-98A1-8E36C26EFF6D}", "value_name": null}, {"hashes": ["1c0afc71808c9204a208791841e9f2fedf7a15f2d262d87cf270729d351e6a66", "284dae8aa042a069dd0f8b3f2b802566e528bb28e7483c91e7fe414619807668", "29e31b81930067f1ee57a9331217a21264c4717e15f272ae60de56451ae7f6b3", "323e92297b154f1877a7f3980d18de98bc8e1fdfcd92339c3f706d0284abb522", "53003b37fae55889b7a594122def69c18e0668999939586cbad9e1850ab684de", "86530bf646068f707f799a8a5422e5e5468d18df117cf02cd9e8b5f69a22d163", "8af81aeaf846f4a71085ed1abf063b8e8b4ff87b10805cdb703850954fd58cd4", "a0b463ad143af62657991abed04c6e1e652aacd83597b1ffd1ccd601a761ef4a", "ceec5ccdf87cd9d1a986798a26fdf602331ab552c0d12279e60d1984e503d2ee", "e126e3d595ed5fb389aad77a378cbbff627875efccde879ceb2f69466a6338de"], "key": "<HKCU>\\PRINTERS\\DEFAULTS", "value_name": null}, {"hashes": ["1c0afc71808c9204a208791841e9f2fedf7a15f2d262d87cf270729d351e6a66", "284dae8aa042a069dd0f8b3f2b802566e528bb28e7483c91e7fe414619807668", "29e31b81930067f1ee57a9331217a21264c4717e15f272ae60de56451ae7f6b3", "323e92297b154f1877a7f3980d18de98bc8e1fdfcd92339c3f706d0284abb522", "53003b37fae55889b7a594122def69c18e0668999939586cbad9e1850ab684de", "86530bf646068f707f799a8a5422e5e5468d18df117cf02cd9e8b5f69a22d163", "8af81aeaf846f4a71085ed1abf063b8e8b4ff87b10805cdb703850954fd58cd4", "a0b463ad143af62657991abed04c6e1e652aacd83597b1ffd1ccd601a761ef4a", "ceec5ccdf87cd9d1a986798a26fdf602331ab552c0d12279e60d1984e503d2ee", "e126e3d595ed5fb389aad77a378cbbff627875efccde879ceb2f69466a6338de"], "key": "<HKCU>\\PRINTERS\\DEFAULTS\\{21A3D5EE-E123-244A-98A1-8E36C26EFF6D}", "value_name": "Component_01"}, {"hashes": ["1c0afc71808c9204a208791841e9f2fedf7a15f2d262d87cf270729d351e6a66", "284dae8aa042a069dd0f8b3f2b802566e528bb28e7483c91e7fe414619807668", "29e31b81930067f1ee57a9331217a21264c4717e15f272ae60de56451ae7f6b3", "323e92297b154f1877a7f3980d18de98bc8e1fdfcd92339c3f706d0284abb522", "53003b37fae55889b7a594122def69c18e0668999939586cbad9e1850ab684de", "86530bf646068f707f799a8a5422e5e5468d18df117cf02cd9e8b5f69a22d163", "8af81aeaf846f4a71085ed1abf063b8e8b4ff87b10805cdb703850954fd58cd4", "a0b463ad143af62657991abed04c6e1e652aacd83597b1ffd1ccd601a761ef4a", "ceec5ccdf87cd9d1a986798a26fdf602331ab552c0d12279e60d1984e503d2ee", "e126e3d595ed5fb389aad77a378cbbff627875efccde879ceb2f69466a6338de"], "key": "<HKCU>\\PRINTERS\\DEFAULTS\\{21A3D5EE-E123-244A-98A1-8E36C26EFF6D}", "value_name": "Component_00"}, {"hashes": ["1c0afc71808c9204a208791841e9f2fedf7a15f2d262d87cf270729d351e6a66"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "wimserv"}, {"hashes": ["1c0afc71808c9204a208791841e9f2fedf7a15f2d262d87cf270729d351e6a66"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUNONCE", "value_name": "wimserv"}, {"hashes": ["e126e3d595ed5fb389aad77a378cbbff627875efccde879ceb2f69466a6338de"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "ntkrnlpa"}, {"hashes": ["e126e3d595ed5fb389aad77a378cbbff627875efccde879ceb2f69466a6338de"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUNONCE", "value_name": "ntkrnlpa"}, {"hashes": ["323e92297b154f1877a7f3980d18de98bc8e1fdfcd92339c3f706d0284abb522"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "TSTheme"}, {"hashes": ["323e92297b154f1877a7f3980d18de98bc8e1fdfcd92339c3f706d0284abb522"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUNONCE", "value_name": "TSTheme"}, {"hashes": ["29e31b81930067f1ee57a9331217a21264c4717e15f272ae60de56451ae7f6b3"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "eventvwr"}, {"hashes": ["29e31b81930067f1ee57a9331217a21264c4717e15f272ae60de56451ae7f6b3"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUNONCE", "value_name": "eventvwr"}, {"hashes": ["8af81aeaf846f4a71085ed1abf063b8e8b4ff87b10805cdb703850954fd58cd4"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "fc"}, {"hashes": ["8af81aeaf846f4a71085ed1abf063b8e8b4ff87b10805cdb703850954fd58cd4"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUNONCE", "value_name": "fc"}, {"hashes": ["ceec5ccdf87cd9d1a986798a26fdf602331ab552c0d12279e60d1984e503d2ee"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "at"}, {"hashes": ["ceec5ccdf87cd9d1a986798a26fdf602331ab552c0d12279e60d1984e503d2ee"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUNONCE", "value_name": "at"}, {"hashes": ["284dae8aa042a069dd0f8b3f2b802566e528bb28e7483c91e7fe414619807668"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "ReAgentc"}, {"hashes": ["284dae8aa042a069dd0f8b3f2b802566e528bb28e7483c91e7fe414619807668"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUNONCE", "value_name": "ReAgentc"}, {"hashes": ["86530bf646068f707f799a8a5422e5e5468d18df117cf02cd9e8b5f69a22d163"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "sdchange"}, {"hashes": ["86530bf646068f707f799a8a5422e5e5468d18df117cf02cd9e8b5f69a22d163"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUNONCE", "value_name": "sdchange"}, {"hashes": ["a0b463ad143af62657991abed04c6e1e652aacd83597b1ffd1ccd601a761ef4a"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "unlodctr"}, {"hashes": ["a0b463ad143af62657991abed04c6e1e652aacd83597b1ffd1ccd601a761ef4a"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUNONCE", "value_name": "unlodctr"}, {"hashes": ["53003b37fae55889b7a594122def69c18e0668999939586cbad9e1850ab684de"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "WPDShextAutoplay"}, {"hashes": ["53003b37fae55889b7a594122def69c18e0668999939586cbad9e1850ab684de"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUNONCE", "value_name": "WPDShextAutoplay"}]}, "reports_count": 11}, "Win.Ransomware.Kovter-9833136-1": {"bis": [{"bi": "memory-execute-readwrite", "hashes": ["81f0391485f1fb1f01ae93b273afba5ad96453cabc5e3b76de2263896b093974", "b29bf4f0b5db1ac2e5c3ea5876054cb46695c10ba0dbfbb2243adf1799cd9f49", "05a177654f44ee39d7b1ff4dad3ba33ab486d49a958a3d472e0c135692d725da", "e56419521157bd1339e2e002d9a1d265d85676196960cd03abc9234e0fd93025", "29e136e598502f9e97562e922ef3b229e5853398c73fd8520afd61e816368543", "e07241141e556c7b56f792c8956b171dd74c462593d9c64b937bb6382427f88c", "48d95eb09f9056d00be35f7971ecc98df7ea73ed60afaf83b1985f3033154b20", "4647c95a77f8dd9ee11e19fc7acd6bbf7d0e2d28a4cc5567f303b41302a57ab8", "808e091ab01acfaa9e3b06eb71cea6ee080bfa341e6bccaa6e279c9256fe87cc", "ebf58d601873b6d4ca516bf6a607f7cd6edf6074e4be0677c89aa941beb16992", "8deb937eb197eb8de2075272b4337e5f211cb0f175d84b938b9a3e532de25218", "ec973dc07054ca2d243b516dde72172d162726f517c5c4f837ca6a72eeb2230d"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["81f0391485f1fb1f01ae93b273afba5ad96453cabc5e3b76de2263896b093974", "b29bf4f0b5db1ac2e5c3ea5876054cb46695c10ba0dbfbb2243adf1799cd9f49", "05a177654f44ee39d7b1ff4dad3ba33ab486d49a958a3d472e0c135692d725da", "e56419521157bd1339e2e002d9a1d265d85676196960cd03abc9234e0fd93025", "29e136e598502f9e97562e922ef3b229e5853398c73fd8520afd61e816368543", "e07241141e556c7b56f792c8956b171dd74c462593d9c64b937bb6382427f88c", "48d95eb09f9056d00be35f7971ecc98df7ea73ed60afaf83b1985f3033154b20", "4647c95a77f8dd9ee11e19fc7acd6bbf7d0e2d28a4cc5567f303b41302a57ab8", "808e091ab01acfaa9e3b06eb71cea6ee080bfa341e6bccaa6e279c9256fe87cc", "ebf58d601873b6d4ca516bf6a607f7cd6edf6074e4be0677c89aa941beb16992", "8deb937eb197eb8de2075272b4337e5f211cb0f175d84b938b9a3e532de25218", "ec973dc07054ca2d243b516dde72172d162726f517c5c4f837ca6a72eeb2230d"], "mitre_attack_tags": []}, {"bi": "cta-static-analyzer-malicious", "hashes": ["81f0391485f1fb1f01ae93b273afba5ad96453cabc5e3b76de2263896b093974", "b29bf4f0b5db1ac2e5c3ea5876054cb46695c10ba0dbfbb2243adf1799cd9f49", "05a177654f44ee39d7b1ff4dad3ba33ab486d49a958a3d472e0c135692d725da", "e56419521157bd1339e2e002d9a1d265d85676196960cd03abc9234e0fd93025", "29e136e598502f9e97562e922ef3b229e5853398c73fd8520afd61e816368543", "e07241141e556c7b56f792c8956b171dd74c462593d9c64b937bb6382427f88c", "48d95eb09f9056d00be35f7971ecc98df7ea73ed60afaf83b1985f3033154b20", "4647c95a77f8dd9ee11e19fc7acd6bbf7d0e2d28a4cc5567f303b41302a57ab8", "808e091ab01acfaa9e3b06eb71cea6ee080bfa341e6bccaa6e279c9256fe87cc", "ebf58d601873b6d4ca516bf6a607f7cd6edf6074e4be0677c89aa941beb16992", "8deb937eb197eb8de2075272b4337e5f211cb0f175d84b938b9a3e532de25218", "ec973dc07054ca2d243b516dde72172d162726f517c5c4f837ca6a72eeb2230d"], "mitre_attack_tags": []}, {"bi": "artifact-flagged-anomaly", "hashes": ["81f0391485f1fb1f01ae93b273afba5ad96453cabc5e3b76de2263896b093974", "b29bf4f0b5db1ac2e5c3ea5876054cb46695c10ba0dbfbb2243adf1799cd9f49", "05a177654f44ee39d7b1ff4dad3ba33ab486d49a958a3d472e0c135692d725da", "e56419521157bd1339e2e002d9a1d265d85676196960cd03abc9234e0fd93025", "29e136e598502f9e97562e922ef3b229e5853398c73fd8520afd61e816368543", "e07241141e556c7b56f792c8956b171dd74c462593d9c64b937bb6382427f88c", "48d95eb09f9056d00be35f7971ecc98df7ea73ed60afaf83b1985f3033154b20", "4647c95a77f8dd9ee11e19fc7acd6bbf7d0e2d28a4cc5567f303b41302a57ab8", "808e091ab01acfaa9e3b06eb71cea6ee080bfa341e6bccaa6e279c9256fe87cc", "ebf58d601873b6d4ca516bf6a607f7cd6edf6074e4be0677c89aa941beb16992", "8deb937eb197eb8de2075272b4337e5f211cb0f175d84b938b9a3e532de25218", "ec973dc07054ca2d243b516dde72172d162726f517c5c4f837ca6a72eeb2230d"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "artifact-flagged-obfuscation", "hashes": ["81f0391485f1fb1f01ae93b273afba5ad96453cabc5e3b76de2263896b093974", "b29bf4f0b5db1ac2e5c3ea5876054cb46695c10ba0dbfbb2243adf1799cd9f49", "05a177654f44ee39d7b1ff4dad3ba33ab486d49a958a3d472e0c135692d725da", "e56419521157bd1339e2e002d9a1d265d85676196960cd03abc9234e0fd93025", "29e136e598502f9e97562e922ef3b229e5853398c73fd8520afd61e816368543", "e07241141e556c7b56f792c8956b171dd74c462593d9c64b937bb6382427f88c", "48d95eb09f9056d00be35f7971ecc98df7ea73ed60afaf83b1985f3033154b20", "4647c95a77f8dd9ee11e19fc7acd6bbf7d0e2d28a4cc5567f303b41302a57ab8", "808e091ab01acfaa9e3b06eb71cea6ee080bfa341e6bccaa6e279c9256fe87cc", "ebf58d601873b6d4ca516bf6a607f7cd6edf6074e4be0677c89aa941beb16992", "8deb937eb197eb8de2075272b4337e5f211cb0f175d84b938b9a3e532de25218", "ec973dc07054ca2d243b516dde72172d162726f517c5c4f837ca6a72eeb2230d"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "wmi-process-create", "hashes": ["81f0391485f1fb1f01ae93b273afba5ad96453cabc5e3b76de2263896b093974", "b29bf4f0b5db1ac2e5c3ea5876054cb46695c10ba0dbfbb2243adf1799cd9f49", "05a177654f44ee39d7b1ff4dad3ba33ab486d49a958a3d472e0c135692d725da", "e56419521157bd1339e2e002d9a1d265d85676196960cd03abc9234e0fd93025", "29e136e598502f9e97562e922ef3b229e5853398c73fd8520afd61e816368543", "e07241141e556c7b56f792c8956b171dd74c462593d9c64b937bb6382427f88c", "48d95eb09f9056d00be35f7971ecc98df7ea73ed60afaf83b1985f3033154b20", "4647c95a77f8dd9ee11e19fc7acd6bbf7d0e2d28a4cc5567f303b41302a57ab8", "808e091ab01acfaa9e3b06eb71cea6ee080bfa341e6bccaa6e279c9256fe87cc", "ebf58d601873b6d4ca516bf6a607f7cd6edf6074e4be0677c89aa941beb16992", "8deb937eb197eb8de2075272b4337e5f211cb0f175d84b938b9a3e532de25218", "ec973dc07054ca2d243b516dde72172d162726f517c5c4f837ca6a72eeb2230d"], "mitre_attack_tags": ["TA0005", "TA0002", "T1218", "T1047"]}, {"bi": "process-long-cmdline", "hashes": ["81f0391485f1fb1f01ae93b273afba5ad96453cabc5e3b76de2263896b093974", "b29bf4f0b5db1ac2e5c3ea5876054cb46695c10ba0dbfbb2243adf1799cd9f49", "05a177654f44ee39d7b1ff4dad3ba33ab486d49a958a3d472e0c135692d725da", "e56419521157bd1339e2e002d9a1d265d85676196960cd03abc9234e0fd93025", "29e136e598502f9e97562e922ef3b229e5853398c73fd8520afd61e816368543", "e07241141e556c7b56f792c8956b171dd74c462593d9c64b937bb6382427f88c", "48d95eb09f9056d00be35f7971ecc98df7ea73ed60afaf83b1985f3033154b20", "4647c95a77f8dd9ee11e19fc7acd6bbf7d0e2d28a4cc5567f303b41302a57ab8", "808e091ab01acfaa9e3b06eb71cea6ee080bfa341e6bccaa6e279c9256fe87cc", "ebf58d601873b6d4ca516bf6a607f7cd6edf6074e4be0677c89aa941beb16992", "8deb937eb197eb8de2075272b4337e5f211cb0f175d84b938b9a3e532de25218", "ec973dc07054ca2d243b516dde72172d162726f517c5c4f837ca6a72eeb2230d"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "excessive-foreign-memory-modification", "hashes": ["81f0391485f1fb1f01ae93b273afba5ad96453cabc5e3b76de2263896b093974", "b29bf4f0b5db1ac2e5c3ea5876054cb46695c10ba0dbfbb2243adf1799cd9f49", "05a177654f44ee39d7b1ff4dad3ba33ab486d49a958a3d472e0c135692d725da", "e56419521157bd1339e2e002d9a1d265d85676196960cd03abc9234e0fd93025", "29e136e598502f9e97562e922ef3b229e5853398c73fd8520afd61e816368543", "e07241141e556c7b56f792c8956b171dd74c462593d9c64b937bb6382427f88c", "48d95eb09f9056d00be35f7971ecc98df7ea73ed60afaf83b1985f3033154b20", "4647c95a77f8dd9ee11e19fc7acd6bbf7d0e2d28a4cc5567f303b41302a57ab8", "808e091ab01acfaa9e3b06eb71cea6ee080bfa341e6bccaa6e279c9256fe87cc", "ebf58d601873b6d4ca516bf6a607f7cd6edf6074e4be0677c89aa941beb16992", "8deb937eb197eb8de2075272b4337e5f211cb0f175d84b938b9a3e532de25218", "ec973dc07054ca2d243b516dde72172d162726f517c5c4f837ca6a72eeb2230d"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "pe-uses-visual-basic", "hashes": ["81f0391485f1fb1f01ae93b273afba5ad96453cabc5e3b76de2263896b093974", "b29bf4f0b5db1ac2e5c3ea5876054cb46695c10ba0dbfbb2243adf1799cd9f49", "05a177654f44ee39d7b1ff4dad3ba33ab486d49a958a3d472e0c135692d725da", "e56419521157bd1339e2e002d9a1d265d85676196960cd03abc9234e0fd93025", "29e136e598502f9e97562e922ef3b229e5853398c73fd8520afd61e816368543", "e07241141e556c7b56f792c8956b171dd74c462593d9c64b937bb6382427f88c", "48d95eb09f9056d00be35f7971ecc98df7ea73ed60afaf83b1985f3033154b20", "4647c95a77f8dd9ee11e19fc7acd6bbf7d0e2d28a4cc5567f303b41302a57ab8", "808e091ab01acfaa9e3b06eb71cea6ee080bfa341e6bccaa6e279c9256fe87cc", "ebf58d601873b6d4ca516bf6a607f7cd6edf6074e4be0677c89aa941beb16992", "8deb937eb197eb8de2075272b4337e5f211cb0f175d84b938b9a3e532de25218", "ec973dc07054ca2d243b516dde72172d162726f517c5c4f837ca6a72eeb2230d"], "mitre_attack_tags": []}, {"bi": "deleted-submitted-file", "hashes": ["81f0391485f1fb1f01ae93b273afba5ad96453cabc5e3b76de2263896b093974", "b29bf4f0b5db1ac2e5c3ea5876054cb46695c10ba0dbfbb2243adf1799cd9f49", "05a177654f44ee39d7b1ff4dad3ba33ab486d49a958a3d472e0c135692d725da", "e56419521157bd1339e2e002d9a1d265d85676196960cd03abc9234e0fd93025", "29e136e598502f9e97562e922ef3b229e5853398c73fd8520afd61e816368543", "e07241141e556c7b56f792c8956b171dd74c462593d9c64b937bb6382427f88c", "48d95eb09f9056d00be35f7971ecc98df7ea73ed60afaf83b1985f3033154b20", "4647c95a77f8dd9ee11e19fc7acd6bbf7d0e2d28a4cc5567f303b41302a57ab8", "808e091ab01acfaa9e3b06eb71cea6ee080bfa341e6bccaa6e279c9256fe87cc", "ebf58d601873b6d4ca516bf6a607f7cd6edf6074e4be0677c89aa941beb16992", "8deb937eb197eb8de2075272b4337e5f211cb0f175d84b938b9a3e532de25218", "ec973dc07054ca2d243b516dde72172d162726f517c5c4f837ca6a72eeb2230d"], "mitre_attack_tags": ["TA0005", "T1070"]}, {"bi": "compound-vb-self-delete", "hashes": ["81f0391485f1fb1f01ae93b273afba5ad96453cabc5e3b76de2263896b093974", "b29bf4f0b5db1ac2e5c3ea5876054cb46695c10ba0dbfbb2243adf1799cd9f49", "05a177654f44ee39d7b1ff4dad3ba33ab486d49a958a3d472e0c135692d725da", "e56419521157bd1339e2e002d9a1d265d85676196960cd03abc9234e0fd93025", "29e136e598502f9e97562e922ef3b229e5853398c73fd8520afd61e816368543", "e07241141e556c7b56f792c8956b171dd74c462593d9c64b937bb6382427f88c", "48d95eb09f9056d00be35f7971ecc98df7ea73ed60afaf83b1985f3033154b20", "4647c95a77f8dd9ee11e19fc7acd6bbf7d0e2d28a4cc5567f303b41302a57ab8", "808e091ab01acfaa9e3b06eb71cea6ee080bfa341e6bccaa6e279c9256fe87cc", "ebf58d601873b6d4ca516bf6a607f7cd6edf6074e4be0677c89aa941beb16992", "8deb937eb197eb8de2075272b4337e5f211cb0f175d84b938b9a3e532de25218", "ec973dc07054ca2d243b516dde72172d162726f517c5c4f837ca6a72eeb2230d"], "mitre_attack_tags": []}, {"bi": "registry-autorun-key-modified", "hashes": ["81f0391485f1fb1f01ae93b273afba5ad96453cabc5e3b76de2263896b093974", "b29bf4f0b5db1ac2e5c3ea5876054cb46695c10ba0dbfbb2243adf1799cd9f49", "05a177654f44ee39d7b1ff4dad3ba33ab486d49a958a3d472e0c135692d725da", "e56419521157bd1339e2e002d9a1d265d85676196960cd03abc9234e0fd93025", "29e136e598502f9e97562e922ef3b229e5853398c73fd8520afd61e816368543", "e07241141e556c7b56f792c8956b171dd74c462593d9c64b937bb6382427f88c", "48d95eb09f9056d00be35f7971ecc98df7ea73ed60afaf83b1985f3033154b20", "4647c95a77f8dd9ee11e19fc7acd6bbf7d0e2d28a4cc5567f303b41302a57ab8", "808e091ab01acfaa9e3b06eb71cea6ee080bfa341e6bccaa6e279c9256fe87cc", "ebf58d601873b6d4ca516bf6a607f7cd6edf6074e4be0677c89aa941beb16992", "8deb937eb197eb8de2075272b4337e5f211cb0f175d84b938b9a3e532de25218", "ec973dc07054ca2d243b516dde72172d162726f517c5c4f837ca6a72eeb2230d"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "excessive-tcp-connections", "hashes": ["81f0391485f1fb1f01ae93b273afba5ad96453cabc5e3b76de2263896b093974", "b29bf4f0b5db1ac2e5c3ea5876054cb46695c10ba0dbfbb2243adf1799cd9f49", "05a177654f44ee39d7b1ff4dad3ba33ab486d49a958a3d472e0c135692d725da", "e56419521157bd1339e2e002d9a1d265d85676196960cd03abc9234e0fd93025", "29e136e598502f9e97562e922ef3b229e5853398c73fd8520afd61e816368543", "e07241141e556c7b56f792c8956b171dd74c462593d9c64b937bb6382427f88c", "48d95eb09f9056d00be35f7971ecc98df7ea73ed60afaf83b1985f3033154b20", "4647c95a77f8dd9ee11e19fc7acd6bbf7d0e2d28a4cc5567f303b41302a57ab8", "808e091ab01acfaa9e3b06eb71cea6ee080bfa341e6bccaa6e279c9256fe87cc", "ebf58d601873b6d4ca516bf6a607f7cd6edf6074e4be0677c89aa941beb16992", "8deb937eb197eb8de2075272b4337e5f211cb0f175d84b938b9a3e532de25218", "ec973dc07054ca2d243b516dde72172d162726f517c5c4f837ca6a72eeb2230d"], "mitre_attack_tags": ["TA0011", "T1095", "T1008"]}, {"bi": "potential-registry-script-execution", "hashes": ["81f0391485f1fb1f01ae93b273afba5ad96453cabc5e3b76de2263896b093974", "b29bf4f0b5db1ac2e5c3ea5876054cb46695c10ba0dbfbb2243adf1799cd9f49", "05a177654f44ee39d7b1ff4dad3ba33ab486d49a958a3d472e0c135692d725da", "e56419521157bd1339e2e002d9a1d265d85676196960cd03abc9234e0fd93025", "29e136e598502f9e97562e922ef3b229e5853398c73fd8520afd61e816368543", "e07241141e556c7b56f792c8956b171dd74c462593d9c64b937bb6382427f88c", "48d95eb09f9056d00be35f7971ecc98df7ea73ed60afaf83b1985f3033154b20", "4647c95a77f8dd9ee11e19fc7acd6bbf7d0e2d28a4cc5567f303b41302a57ab8", "808e091ab01acfaa9e3b06eb71cea6ee080bfa341e6bccaa6e279c9256fe87cc", "ebf58d601873b6d4ca516bf6a607f7cd6edf6074e4be0677c89aa941beb16992", "8deb937eb197eb8de2075272b4337e5f211cb0f175d84b938b9a3e532de25218", "ec973dc07054ca2d243b516dde72172d162726f517c5c4f837ca6a72eeb2230d"], "mitre_attack_tags": []}, {"bi": "registry-large-data-entry", "hashes": ["81f0391485f1fb1f01ae93b273afba5ad96453cabc5e3b76de2263896b093974", "b29bf4f0b5db1ac2e5c3ea5876054cb46695c10ba0dbfbb2243adf1799cd9f49", "05a177654f44ee39d7b1ff4dad3ba33ab486d49a958a3d472e0c135692d725da", "e56419521157bd1339e2e002d9a1d265d85676196960cd03abc9234e0fd93025", "29e136e598502f9e97562e922ef3b229e5853398c73fd8520afd61e816368543", "e07241141e556c7b56f792c8956b171dd74c462593d9c64b937bb6382427f88c", "48d95eb09f9056d00be35f7971ecc98df7ea73ed60afaf83b1985f3033154b20", "4647c95a77f8dd9ee11e19fc7acd6bbf7d0e2d28a4cc5567f303b41302a57ab8", "808e091ab01acfaa9e3b06eb71cea6ee080bfa341e6bccaa6e279c9256fe87cc", "ebf58d601873b6d4ca516bf6a607f7cd6edf6074e4be0677c89aa941beb16992", "8deb937eb197eb8de2075272b4337e5f211cb0f175d84b938b9a3e532de25218", "ec973dc07054ca2d243b516dde72172d162726f517c5c4f837ca6a72eeb2230d"], "mitre_attack_tags": ["TA0005", "T1112"]}, {"bi": "powershell-invoke-expression-environment", "hashes": ["81f0391485f1fb1f01ae93b273afba5ad96453cabc5e3b76de2263896b093974", "b29bf4f0b5db1ac2e5c3ea5876054cb46695c10ba0dbfbb2243adf1799cd9f49", "05a177654f44ee39d7b1ff4dad3ba33ab486d49a958a3d472e0c135692d725da", "e56419521157bd1339e2e002d9a1d265d85676196960cd03abc9234e0fd93025", "29e136e598502f9e97562e922ef3b229e5853398c73fd8520afd61e816368543", "e07241141e556c7b56f792c8956b171dd74c462593d9c64b937bb6382427f88c", "48d95eb09f9056d00be35f7971ecc98df7ea73ed60afaf83b1985f3033154b20", "4647c95a77f8dd9ee11e19fc7acd6bbf7d0e2d28a4cc5567f303b41302a57ab8", "808e091ab01acfaa9e3b06eb71cea6ee080bfa341e6bccaa6e279c9256fe87cc", "ebf58d601873b6d4ca516bf6a607f7cd6edf6074e4be0677c89aa941beb16992", "8deb937eb197eb8de2075272b4337e5f211cb0f175d84b938b9a3e532de25218", "ec973dc07054ca2d243b516dde72172d162726f517c5c4f837ca6a72eeb2230d"], "mitre_attack_tags": ["TA0005", "TA0002", "T1202", "T1059"]}, {"bi": "registry-modification-reg", "hashes": ["81f0391485f1fb1f01ae93b273afba5ad96453cabc5e3b76de2263896b093974", "b29bf4f0b5db1ac2e5c3ea5876054cb46695c10ba0dbfbb2243adf1799cd9f49", "05a177654f44ee39d7b1ff4dad3ba33ab486d49a958a3d472e0c135692d725da", "e56419521157bd1339e2e002d9a1d265d85676196960cd03abc9234e0fd93025", "29e136e598502f9e97562e922ef3b229e5853398c73fd8520afd61e816368543", "e07241141e556c7b56f792c8956b171dd74c462593d9c64b937bb6382427f88c", "48d95eb09f9056d00be35f7971ecc98df7ea73ed60afaf83b1985f3033154b20", "4647c95a77f8dd9ee11e19fc7acd6bbf7d0e2d28a4cc5567f303b41302a57ab8", "808e091ab01acfaa9e3b06eb71cea6ee080bfa341e6bccaa6e279c9256fe87cc", "ebf58d601873b6d4ca516bf6a607f7cd6edf6074e4be0677c89aa941beb16992", "8deb937eb197eb8de2075272b4337e5f211cb0f175d84b938b9a3e532de25218", "ec973dc07054ca2d243b516dde72172d162726f517c5c4f837ca6a72eeb2230d"], "mitre_attack_tags": []}, {"bi": "powershell-invoke-expression", "hashes": ["81f0391485f1fb1f01ae93b273afba5ad96453cabc5e3b76de2263896b093974", "b29bf4f0b5db1ac2e5c3ea5876054cb46695c10ba0dbfbb2243adf1799cd9f49", "05a177654f44ee39d7b1ff4dad3ba33ab486d49a958a3d472e0c135692d725da", "e56419521157bd1339e2e002d9a1d265d85676196960cd03abc9234e0fd93025", "29e136e598502f9e97562e922ef3b229e5853398c73fd8520afd61e816368543", "e07241141e556c7b56f792c8956b171dd74c462593d9c64b937bb6382427f88c", "48d95eb09f9056d00be35f7971ecc98df7ea73ed60afaf83b1985f3033154b20", "4647c95a77f8dd9ee11e19fc7acd6bbf7d0e2d28a4cc5567f303b41302a57ab8", "808e091ab01acfaa9e3b06eb71cea6ee080bfa341e6bccaa6e279c9256fe87cc", "ebf58d601873b6d4ca516bf6a607f7cd6edf6074e4be0677c89aa941beb16992", "8deb937eb197eb8de2075272b4337e5f211cb0f175d84b938b9a3e532de25218", "ec973dc07054ca2d243b516dde72172d162726f517c5c4f837ca6a72eeb2230d"], "mitre_attack_tags": ["TA0005", "TA0002", "T1202", "T1059"]}, {"bi": "process-hollowing-detected", "hashes": ["81f0391485f1fb1f01ae93b273afba5ad96453cabc5e3b76de2263896b093974", "b29bf4f0b5db1ac2e5c3ea5876054cb46695c10ba0dbfbb2243adf1799cd9f49", "05a177654f44ee39d7b1ff4dad3ba33ab486d49a958a3d472e0c135692d725da", "e56419521157bd1339e2e002d9a1d265d85676196960cd03abc9234e0fd93025", "29e136e598502f9e97562e922ef3b229e5853398c73fd8520afd61e816368543", "e07241141e556c7b56f792c8956b171dd74c462593d9c64b937bb6382427f88c", "48d95eb09f9056d00be35f7971ecc98df7ea73ed60afaf83b1985f3033154b20", "4647c95a77f8dd9ee11e19fc7acd6bbf7d0e2d28a4cc5567f303b41302a57ab8", "808e091ab01acfaa9e3b06eb71cea6ee080bfa341e6bccaa6e279c9256fe87cc", "ebf58d601873b6d4ca516bf6a607f7cd6edf6074e4be0677c89aa941beb16992", "8deb937eb197eb8de2075272b4337e5f211cb0f175d84b938b9a3e532de25218", "ec973dc07054ca2d243b516dde72172d162726f517c5c4f837ca6a72eeb2230d"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "microsoft-block-rule-list-app-executed", "hashes": ["81f0391485f1fb1f01ae93b273afba5ad96453cabc5e3b76de2263896b093974", "b29bf4f0b5db1ac2e5c3ea5876054cb46695c10ba0dbfbb2243adf1799cd9f49", "05a177654f44ee39d7b1ff4dad3ba33ab486d49a958a3d472e0c135692d725da", "e56419521157bd1339e2e002d9a1d265d85676196960cd03abc9234e0fd93025", "29e136e598502f9e97562e922ef3b229e5853398c73fd8520afd61e816368543", "e07241141e556c7b56f792c8956b171dd74c462593d9c64b937bb6382427f88c", "48d95eb09f9056d00be35f7971ecc98df7ea73ed60afaf83b1985f3033154b20", "4647c95a77f8dd9ee11e19fc7acd6bbf7d0e2d28a4cc5567f303b41302a57ab8", "808e091ab01acfaa9e3b06eb71cea6ee080bfa341e6bccaa6e279c9256fe87cc", "ebf58d601873b6d4ca516bf6a607f7cd6edf6074e4be0677c89aa941beb16992", "8deb937eb197eb8de2075272b4337e5f211cb0f175d84b938b9a3e532de25218", "ec973dc07054ca2d243b516dde72172d162726f517c5c4f837ca6a72eeb2230d"], "mitre_attack_tags": ["TA0005", "T1089"]}, {"bi": "process-check-virtualbox", "hashes": ["81f0391485f1fb1f01ae93b273afba5ad96453cabc5e3b76de2263896b093974", "b29bf4f0b5db1ac2e5c3ea5876054cb46695c10ba0dbfbb2243adf1799cd9f49", "05a177654f44ee39d7b1ff4dad3ba33ab486d49a958a3d472e0c135692d725da", "e56419521157bd1339e2e002d9a1d265d85676196960cd03abc9234e0fd93025", "29e136e598502f9e97562e922ef3b229e5853398c73fd8520afd61e816368543", "e07241141e556c7b56f792c8956b171dd74c462593d9c64b937bb6382427f88c", "48d95eb09f9056d00be35f7971ecc98df7ea73ed60afaf83b1985f3033154b20", "4647c95a77f8dd9ee11e19fc7acd6bbf7d0e2d28a4cc5567f303b41302a57ab8", "808e091ab01acfaa9e3b06eb71cea6ee080bfa341e6bccaa6e279c9256fe87cc", "ebf58d601873b6d4ca516bf6a607f7cd6edf6074e4be0677c89aa941beb16992", "8deb937eb197eb8de2075272b4337e5f211cb0f175d84b938b9a3e532de25218", "ec973dc07054ca2d243b516dde72172d162726f517c5c4f837ca6a72eeb2230d"], "mitre_attack_tags": ["TA0005", "TA0007", "T1497"]}, {"bi": "malware-kovter-registry", "hashes": ["81f0391485f1fb1f01ae93b273afba5ad96453cabc5e3b76de2263896b093974", "b29bf4f0b5db1ac2e5c3ea5876054cb46695c10ba0dbfbb2243adf1799cd9f49", "05a177654f44ee39d7b1ff4dad3ba33ab486d49a958a3d472e0c135692d725da", "e56419521157bd1339e2e002d9a1d265d85676196960cd03abc9234e0fd93025", "29e136e598502f9e97562e922ef3b229e5853398c73fd8520afd61e816368543", "e07241141e556c7b56f792c8956b171dd74c462593d9c64b937bb6382427f88c", "48d95eb09f9056d00be35f7971ecc98df7ea73ed60afaf83b1985f3033154b20", "4647c95a77f8dd9ee11e19fc7acd6bbf7d0e2d28a4cc5567f303b41302a57ab8", "808e091ab01acfaa9e3b06eb71cea6ee080bfa341e6bccaa6e279c9256fe87cc", "ebf58d601873b6d4ca516bf6a607f7cd6edf6074e4be0677c89aa941beb16992", "8deb937eb197eb8de2075272b4337e5f211cb0f175d84b938b9a3e532de25218", "ec973dc07054ca2d243b516dde72172d162726f517c5c4f837ca6a72eeb2230d"], "mitre_attack_tags": []}, {"bi": "service-dll-registration", "hashes": ["81f0391485f1fb1f01ae93b273afba5ad96453cabc5e3b76de2263896b093974", "b29bf4f0b5db1ac2e5c3ea5876054cb46695c10ba0dbfbb2243adf1799cd9f49", "05a177654f44ee39d7b1ff4dad3ba33ab486d49a958a3d472e0c135692d725da", "e56419521157bd1339e2e002d9a1d265d85676196960cd03abc9234e0fd93025", "29e136e598502f9e97562e922ef3b229e5853398c73fd8520afd61e816368543", "e07241141e556c7b56f792c8956b171dd74c462593d9c64b937bb6382427f88c", "48d95eb09f9056d00be35f7971ecc98df7ea73ed60afaf83b1985f3033154b20", "4647c95a77f8dd9ee11e19fc7acd6bbf7d0e2d28a4cc5567f303b41302a57ab8", "808e091ab01acfaa9e3b06eb71cea6ee080bfa341e6bccaa6e279c9256fe87cc", "ebf58d601873b6d4ca516bf6a607f7cd6edf6074e4be0677c89aa941beb16992", "8deb937eb197eb8de2075272b4337e5f211cb0f175d84b938b9a3e532de25218", "ec973dc07054ca2d243b516dde72172d162726f517c5c4f837ca6a72eeb2230d"], "mitre_attack_tags": ["TA0003", "TA0004", "T1543"]}, {"bi": "registry-script-detected", "hashes": ["81f0391485f1fb1f01ae93b273afba5ad96453cabc5e3b76de2263896b093974", "b29bf4f0b5db1ac2e5c3ea5876054cb46695c10ba0dbfbb2243adf1799cd9f49", "05a177654f44ee39d7b1ff4dad3ba33ab486d49a958a3d472e0c135692d725da", "e56419521157bd1339e2e002d9a1d265d85676196960cd03abc9234e0fd93025", "29e136e598502f9e97562e922ef3b229e5853398c73fd8520afd61e816368543", "e07241141e556c7b56f792c8956b171dd74c462593d9c64b937bb6382427f88c", "48d95eb09f9056d00be35f7971ecc98df7ea73ed60afaf83b1985f3033154b20", "4647c95a77f8dd9ee11e19fc7acd6bbf7d0e2d28a4cc5567f303b41302a57ab8", "808e091ab01acfaa9e3b06eb71cea6ee080bfa341e6bccaa6e279c9256fe87cc", "ebf58d601873b6d4ca516bf6a607f7cd6edf6074e4be0677c89aa941beb16992", "8deb937eb197eb8de2075272b4337e5f211cb0f175d84b938b9a3e532de25218", "ec973dc07054ca2d243b516dde72172d162726f517c5c4f837ca6a72eeb2230d"], "mitre_attack_tags": ["TA0005", "TA0002", "T1112", "T1059"]}, {"bi": "process-mshta-cmdline-script", "hashes": ["81f0391485f1fb1f01ae93b273afba5ad96453cabc5e3b76de2263896b093974", "b29bf4f0b5db1ac2e5c3ea5876054cb46695c10ba0dbfbb2243adf1799cd9f49", "05a177654f44ee39d7b1ff4dad3ba33ab486d49a958a3d472e0c135692d725da", "e56419521157bd1339e2e002d9a1d265d85676196960cd03abc9234e0fd93025", "29e136e598502f9e97562e922ef3b229e5853398c73fd8520afd61e816368543", "e07241141e556c7b56f792c8956b171dd74c462593d9c64b937bb6382427f88c", "48d95eb09f9056d00be35f7971ecc98df7ea73ed60afaf83b1985f3033154b20", "4647c95a77f8dd9ee11e19fc7acd6bbf7d0e2d28a4cc5567f303b41302a57ab8", "808e091ab01acfaa9e3b06eb71cea6ee080bfa341e6bccaa6e279c9256fe87cc", "ebf58d601873b6d4ca516bf6a607f7cd6edf6074e4be0677c89aa941beb16992", "8deb937eb197eb8de2075272b4337e5f211cb0f175d84b938b9a3e532de25218", "ec973dc07054ca2d243b516dde72172d162726f517c5c4f837ca6a72eeb2230d"], "mitre_attack_tags": ["TA0005", "T1218"]}, {"bi": "registry-ie-zone-settings-modified", "hashes": ["81f0391485f1fb1f01ae93b273afba5ad96453cabc5e3b76de2263896b093974", "b29bf4f0b5db1ac2e5c3ea5876054cb46695c10ba0dbfbb2243adf1799cd9f49", "05a177654f44ee39d7b1ff4dad3ba33ab486d49a958a3d472e0c135692d725da", "e56419521157bd1339e2e002d9a1d265d85676196960cd03abc9234e0fd93025", "29e136e598502f9e97562e922ef3b229e5853398c73fd8520afd61e816368543", "e07241141e556c7b56f792c8956b171dd74c462593d9c64b937bb6382427f88c", "48d95eb09f9056d00be35f7971ecc98df7ea73ed60afaf83b1985f3033154b20", "4647c95a77f8dd9ee11e19fc7acd6bbf7d0e2d28a4cc5567f303b41302a57ab8", "808e091ab01acfaa9e3b06eb71cea6ee080bfa341e6bccaa6e279c9256fe87cc", "ebf58d601873b6d4ca516bf6a607f7cd6edf6074e4be0677c89aa941beb16992", "8deb937eb197eb8de2075272b4337e5f211cb0f175d84b938b9a3e532de25218", "ec973dc07054ca2d243b516dde72172d162726f517c5c4f837ca6a72eeb2230d"], "mitre_attack_tags": ["TA0005", "T1562"]}, {"bi": "mshta-in-registry", "hashes": ["81f0391485f1fb1f01ae93b273afba5ad96453cabc5e3b76de2263896b093974", "b29bf4f0b5db1ac2e5c3ea5876054cb46695c10ba0dbfbb2243adf1799cd9f49", "05a177654f44ee39d7b1ff4dad3ba33ab486d49a958a3d472e0c135692d725da", "e56419521157bd1339e2e002d9a1d265d85676196960cd03abc9234e0fd93025", "29e136e598502f9e97562e922ef3b229e5853398c73fd8520afd61e816368543", "e07241141e556c7b56f792c8956b171dd74c462593d9c64b937bb6382427f88c", "48d95eb09f9056d00be35f7971ecc98df7ea73ed60afaf83b1985f3033154b20", "4647c95a77f8dd9ee11e19fc7acd6bbf7d0e2d28a4cc5567f303b41302a57ab8", "808e091ab01acfaa9e3b06eb71cea6ee080bfa341e6bccaa6e279c9256fe87cc", "ebf58d601873b6d4ca516bf6a607f7cd6edf6074e4be0677c89aa941beb16992", "8deb937eb197eb8de2075272b4337e5f211cb0f175d84b938b9a3e532de25218", "ec973dc07054ca2d243b516dde72172d162726f517c5c4f837ca6a72eeb2230d"], "mitre_attack_tags": ["TA0005", "T1112", "T1218"]}, {"bi": "network-file-uploaded", "hashes": ["81f0391485f1fb1f01ae93b273afba5ad96453cabc5e3b76de2263896b093974", "b29bf4f0b5db1ac2e5c3ea5876054cb46695c10ba0dbfbb2243adf1799cd9f49", "05a177654f44ee39d7b1ff4dad3ba33ab486d49a958a3d472e0c135692d725da", "e56419521157bd1339e2e002d9a1d265d85676196960cd03abc9234e0fd93025", "29e136e598502f9e97562e922ef3b229e5853398c73fd8520afd61e816368543", "48d95eb09f9056d00be35f7971ecc98df7ea73ed60afaf83b1985f3033154b20", "808e091ab01acfaa9e3b06eb71cea6ee080bfa341e6bccaa6e279c9256fe87cc", "ebf58d601873b6d4ca516bf6a607f7cd6edf6074e4be0677c89aa941beb16992", "8deb937eb197eb8de2075272b4337e5f211cb0f175d84b938b9a3e532de25218", "ec973dc07054ca2d243b516dde72172d162726f517c5c4f837ca6a72eeb2230d"], "mitre_attack_tags": ["TA0010", "T1011"]}, {"bi": "network-http-numeric-ip", "hashes": ["81f0391485f1fb1f01ae93b273afba5ad96453cabc5e3b76de2263896b093974", "b29bf4f0b5db1ac2e5c3ea5876054cb46695c10ba0dbfbb2243adf1799cd9f49", "05a177654f44ee39d7b1ff4dad3ba33ab486d49a958a3d472e0c135692d725da", "e56419521157bd1339e2e002d9a1d265d85676196960cd03abc9234e0fd93025", "29e136e598502f9e97562e922ef3b229e5853398c73fd8520afd61e816368543", "48d95eb09f9056d00be35f7971ecc98df7ea73ed60afaf83b1985f3033154b20", "808e091ab01acfaa9e3b06eb71cea6ee080bfa341e6bccaa6e279c9256fe87cc", "ebf58d601873b6d4ca516bf6a607f7cd6edf6074e4be0677c89aa941beb16992", "8deb937eb197eb8de2075272b4337e5f211cb0f175d84b938b9a3e532de25218", "ec973dc07054ca2d243b516dde72172d162726f517c5c4f837ca6a72eeb2230d"], "mitre_attack_tags": ["TA0011", "T1071"]}, {"bi": "network-communications-http-post", "hashes": ["81f0391485f1fb1f01ae93b273afba5ad96453cabc5e3b76de2263896b093974", "b29bf4f0b5db1ac2e5c3ea5876054cb46695c10ba0dbfbb2243adf1799cd9f49", "05a177654f44ee39d7b1ff4dad3ba33ab486d49a958a3d472e0c135692d725da", "e56419521157bd1339e2e002d9a1d265d85676196960cd03abc9234e0fd93025", "29e136e598502f9e97562e922ef3b229e5853398c73fd8520afd61e816368543", "48d95eb09f9056d00be35f7971ecc98df7ea73ed60afaf83b1985f3033154b20", "808e091ab01acfaa9e3b06eb71cea6ee080bfa341e6bccaa6e279c9256fe87cc", "ebf58d601873b6d4ca516bf6a607f7cd6edf6074e4be0677c89aa941beb16992", "8deb937eb197eb8de2075272b4337e5f211cb0f175d84b938b9a3e532de25218", "ec973dc07054ca2d243b516dde72172d162726f517c5c4f837ca6a72eeb2230d"], "mitre_attack_tags": ["TA0010", "T1048"]}, {"bi": "network-private-ip-address", "hashes": ["b29bf4f0b5db1ac2e5c3ea5876054cb46695c10ba0dbfbb2243adf1799cd9f49", "05a177654f44ee39d7b1ff4dad3ba33ab486d49a958a3d472e0c135692d725da", "e56419521157bd1339e2e002d9a1d265d85676196960cd03abc9234e0fd93025", "e07241141e556c7b56f792c8956b171dd74c462593d9c64b937bb6382427f88c", "808e091ab01acfaa9e3b06eb71cea6ee080bfa341e6bccaa6e279c9256fe87cc", "ebf58d601873b6d4ca516bf6a607f7cd6edf6074e4be0677c89aa941beb16992", "ec973dc07054ca2d243b516dde72172d162726f517c5c4f837ca6a72eeb2230d"], "mitre_attack_tags": ["TA0007", "T1016"]}, {"bi": "http-response-client-error", "hashes": ["b29bf4f0b5db1ac2e5c3ea5876054cb46695c10ba0dbfbb2243adf1799cd9f49", "29e136e598502f9e97562e922ef3b229e5853398c73fd8520afd61e816368543"], "mitre_attack_tags": []}, {"bi": "nginx-webserver-detected", "hashes": ["05a177654f44ee39d7b1ff4dad3ba33ab486d49a958a3d472e0c135692d725da", "8deb937eb197eb8de2075272b4337e5f211cb0f175d84b938b9a3e532de25218"], "mitre_attack_tags": []}, {"bi": "html-phishing-page", "hashes": ["81f0391485f1fb1f01ae93b273afba5ad96453cabc5e3b76de2263896b093974"], "mitre_attack_tags": ["TA0001", "TA0005", "TA0003", "TA0004", "T1189", "T1078"]}, {"bi": "html-email-login-page", "hashes": ["81f0391485f1fb1f01ae93b273afba5ad96453cabc5e3b76de2263896b093974"], "mitre_attack_tags": ["TA0007", "T1087"]}, {"bi": "network-only-safe-domains-contacted", "hashes": ["05a177654f44ee39d7b1ff4dad3ba33ab486d49a958a3d472e0c135692d725da"], "mitre_attack_tags": []}, {"bi": "http-response-redirect", "hashes": ["05a177654f44ee39d7b1ff4dad3ba33ab486d49a958a3d472e0c135692d725da"], "mitre_attack_tags": []}, {"bi": "url-not-found", "hashes": ["05a177654f44ee39d7b1ff4dad3ba33ab486d49a958a3d472e0c135692d725da"], "mitre_attack_tags": []}, {"bi": "html-small-file-redirect", "hashes": ["05a177654f44ee39d7b1ff4dad3ba33ab486d49a958a3d472e0c135692d725da"], "mitre_attack_tags": []}, {"bi": "html-phishing-redirect-with-suspicious-title", "hashes": ["05a177654f44ee39d7b1ff4dad3ba33ab486d49a958a3d472e0c135692d725da"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "process-av-strings", "hashes": ["e56419521157bd1339e2e002d9a1d265d85676196960cd03abc9234e0fd93025"], "mitre_attack_tags": ["TA0005", "T1562"]}, {"bi": "http-response-server-error", "hashes": ["ebf58d601873b6d4ca516bf6a607f7cd6edf6074e4be0677c89aa941beb16992"], "mitre_attack_tags": []}], "category": "Ransomware", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": true, "Threat Grid": true, "Umbrella": false, "WSA": false}, "description": "Kovter is known for its fileless persistence mechanism. This family of malware creates several malicious registry entries which store its malicious code. Kovter is capable of reinfecting a system, even if the file system has been cleaned of the infection. Kovter has been used in the past to spread ransomware and click-fraud malware.", "hashes": ["05a177654f44ee39d7b1ff4dad3ba33ab486d49a958a3d472e0c135692d725da", "29e136e598502f9e97562e922ef3b229e5853398c73fd8520afd61e816368543", "4647c95a77f8dd9ee11e19fc7acd6bbf7d0e2d28a4cc5567f303b41302a57ab8", "48d95eb09f9056d00be35f7971ecc98df7ea73ed60afaf83b1985f3033154b20", "808e091ab01acfaa9e3b06eb71cea6ee080bfa341e6bccaa6e279c9256fe87cc", "81f0391485f1fb1f01ae93b273afba5ad96453cabc5e3b76de2263896b093974", "8deb937eb197eb8de2075272b4337e5f211cb0f175d84b938b9a3e532de25218", "b29bf4f0b5db1ac2e5c3ea5876054cb46695c10ba0dbfbb2243adf1799cd9f49", "e07241141e556c7b56f792c8956b171dd74c462593d9c64b937bb6382427f88c", "e56419521157bd1339e2e002d9a1d265d85676196960cd03abc9234e0fd93025", "ebf58d601873b6d4ca516bf6a607f7cd6edf6074e4be0677c89aa941beb16992", "ec973dc07054ca2d243b516dde72172d162726f517c5c4f837ca6a72eeb2230d"], "iocs": {"domain": [{"hashes": ["8deb937eb197eb8de2075272b4337e5f211cb0f175d84b938b9a3e532de25218"], "host": "www[.]baidu[.]com"}, {"hashes": ["8deb937eb197eb8de2075272b4337e5f211cb0f175d84b938b9a3e532de25218"], "host": "www[.]wshifen[.]com"}, {"hashes": ["b29bf4f0b5db1ac2e5c3ea5876054cb46695c10ba0dbfbb2243adf1799cd9f49"], "host": "cp[.]aliyun[.]com"}, {"hashes": ["b29bf4f0b5db1ac2e5c3ea5876054cb46695c10ba0dbfbb2243adf1799cd9f49"], "host": "netcn[.]console[.]aliyun[.]com"}, {"hashes": ["81f0391485f1fb1f01ae93b273afba5ad96453cabc5e3b76de2263896b093974"], "host": "www[.]altn[.]com"}, {"hashes": ["05a177654f44ee39d7b1ff4dad3ba33ab486d49a958a3d472e0c135692d725da"], "host": "jordandevolder[.]freeboxos[.]fr"}], "file": [], "ip": [{"hashes": ["ec973dc07054ca2d243b516dde72172d162726f517c5c4f837ca6a72eeb2230d"], "ip": "39[.]41[.]74[.]205"}, {"hashes": ["ec973dc07054ca2d243b516dde72172d162726f517c5c4f837ca6a72eeb2230d"], "ip": "77[.]202[.]113[.]6"}, {"hashes": ["ec973dc07054ca2d243b516dde72172d162726f517c5c4f837ca6a72eeb2230d"], "ip": "89[.]101[.]88[.]42"}, {"hashes": ["ec973dc07054ca2d243b516dde72172d162726f517c5c4f837ca6a72eeb2230d"], "ip": "97[.]20[.]114[.]223"}, {"hashes": ["ec973dc07054ca2d243b516dde72172d162726f517c5c4f837ca6a72eeb2230d"], "ip": "62[.]28[.]76[.]51"}, {"hashes": ["ec973dc07054ca2d243b516dde72172d162726f517c5c4f837ca6a72eeb2230d"], "ip": "88[.]141[.]17[.]182"}, {"hashes": ["ec973dc07054ca2d243b516dde72172d162726f517c5c4f837ca6a72eeb2230d"], "ip": "137[.]198[.]55[.]19"}, {"hashes": ["ec973dc07054ca2d243b516dde72172d162726f517c5c4f837ca6a72eeb2230d"], "ip": "21[.]156[.]102[.]3"}, {"hashes": ["ec973dc07054ca2d243b516dde72172d162726f517c5c4f837ca6a72eeb2230d"], "ip": "158[.]15[.]118[.]150"}, {"hashes": ["ec973dc07054ca2d243b516dde72172d162726f517c5c4f837ca6a72eeb2230d"], "ip": "12[.]58[.]62[.]253"}, {"hashes": ["ec973dc07054ca2d243b516dde72172d162726f517c5c4f837ca6a72eeb2230d"], "ip": "137[.]235[.]50[.]180"}, {"hashes": ["ec973dc07054ca2d243b516dde72172d162726f517c5c4f837ca6a72eeb2230d"], "ip": "82[.]91[.]169[.]186"}, {"hashes": ["ec973dc07054ca2d243b516dde72172d162726f517c5c4f837ca6a72eeb2230d"], "ip": "196[.]148[.]247[.]198"}, {"hashes": ["ec973dc07054ca2d243b516dde72172d162726f517c5c4f837ca6a72eeb2230d"], "ip": "105[.]69[.]77[.]222"}, {"hashes": ["ec973dc07054ca2d243b516dde72172d162726f517c5c4f837ca6a72eeb2230d"], "ip": "114[.]126[.]180[.]231"}, {"hashes": ["ec973dc07054ca2d243b516dde72172d162726f517c5c4f837ca6a72eeb2230d"], "ip": "151[.]145[.]81[.]78"}, {"hashes": ["ec973dc07054ca2d243b516dde72172d162726f517c5c4f837ca6a72eeb2230d"], "ip": "23[.]244[.]235[.]167"}, {"hashes": ["ec973dc07054ca2d243b516dde72172d162726f517c5c4f837ca6a72eeb2230d"], "ip": "130[.]245[.]123[.]90"}, {"hashes": ["ec973dc07054ca2d243b516dde72172d162726f517c5c4f837ca6a72eeb2230d"], "ip": "164[.]226[.]36[.]205"}, {"hashes": ["ec973dc07054ca2d243b516dde72172d162726f517c5c4f837ca6a72eeb2230d"], "ip": "171[.]174[.]77[.]112"}, {"hashes": ["ec973dc07054ca2d243b516dde72172d162726f517c5c4f837ca6a72eeb2230d"], "ip": "191[.]8[.]153[.]111"}, {"hashes": ["ec973dc07054ca2d243b516dde72172d162726f517c5c4f837ca6a72eeb2230d"], "ip": "63[.]31[.]92[.]80"}, {"hashes": ["ec973dc07054ca2d243b516dde72172d162726f517c5c4f837ca6a72eeb2230d"], "ip": "160[.]37[.]10[.]183"}, {"hashes": ["ec973dc07054ca2d243b516dde72172d162726f517c5c4f837ca6a72eeb2230d"], "ip": "51[.]25[.]1[.]206"}, {"hashes": ["ec973dc07054ca2d243b516dde72172d162726f517c5c4f837ca6a72eeb2230d"], "ip": "142[.]154[.]222[.]111"}, {"hashes": ["ec973dc07054ca2d243b516dde72172d162726f517c5c4f837ca6a72eeb2230d"], "ip": "192[.]220[.]198[.]122"}, {"hashes": ["ec973dc07054ca2d243b516dde72172d162726f517c5c4f837ca6a72eeb2230d"], "ip": "69[.]248[.]253[.]104"}, {"hashes": ["ec973dc07054ca2d243b516dde72172d162726f517c5c4f837ca6a72eeb2230d"], "ip": "149[.]126[.]50[.]79"}, {"hashes": ["ec973dc07054ca2d243b516dde72172d162726f517c5c4f837ca6a72eeb2230d"], "ip": "190[.]15[.]248[.]129"}, {"hashes": ["ec973dc07054ca2d243b516dde72172d162726f517c5c4f837ca6a72eeb2230d"], "ip": "144[.]121[.]130[.]246"}, {"hashes": ["ec973dc07054ca2d243b516dde72172d162726f517c5c4f837ca6a72eeb2230d"], "ip": "46[.]161[.]194[.]193"}, {"hashes": ["ec973dc07054ca2d243b516dde72172d162726f517c5c4f837ca6a72eeb2230d"], "ip": "173[.]91[.]2[.]60"}, {"hashes": ["ec973dc07054ca2d243b516dde72172d162726f517c5c4f837ca6a72eeb2230d"], "ip": "33[.]150[.]164[.]119"}, {"hashes": ["ec973dc07054ca2d243b516dde72172d162726f517c5c4f837ca6a72eeb2230d"], "ip": "1[.]66[.]11[.]216"}, {"hashes": ["ec973dc07054ca2d243b516dde72172d162726f517c5c4f837ca6a72eeb2230d"], "ip": "33[.]232[.]169[.]204"}, {"hashes": ["ec973dc07054ca2d243b516dde72172d162726f517c5c4f837ca6a72eeb2230d"], "ip": "74[.]32[.]112[.]135"}, {"hashes": ["ec973dc07054ca2d243b516dde72172d162726f517c5c4f837ca6a72eeb2230d"], "ip": "46[.]18[.]237[.]175"}, {"hashes": ["ec973dc07054ca2d243b516dde72172d162726f517c5c4f837ca6a72eeb2230d"], "ip": "52[.]223[.]159[.]32"}, {"hashes": ["ec973dc07054ca2d243b516dde72172d162726f517c5c4f837ca6a72eeb2230d"], "ip": "22[.]165[.]34[.]216"}, {"hashes": ["ec973dc07054ca2d243b516dde72172d162726f517c5c4f837ca6a72eeb2230d"], "ip": "9[.]49[.]241[.]243"}, {"hashes": ["ec973dc07054ca2d243b516dde72172d162726f517c5c4f837ca6a72eeb2230d"], "ip": "58[.]215[.]132[.]161"}, {"hashes": ["ec973dc07054ca2d243b516dde72172d162726f517c5c4f837ca6a72eeb2230d"], "ip": "207[.]14[.]148[.]176"}, {"hashes": ["ec973dc07054ca2d243b516dde72172d162726f517c5c4f837ca6a72eeb2230d"], "ip": "64[.]145[.]73[.]130"}, {"hashes": ["ec973dc07054ca2d243b516dde72172d162726f517c5c4f837ca6a72eeb2230d"], "ip": "110[.]219[.]140[.]27"}, {"hashes": ["ec973dc07054ca2d243b516dde72172d162726f517c5c4f837ca6a72eeb2230d"], "ip": "132[.]69[.]120[.]138"}, {"hashes": ["ec973dc07054ca2d243b516dde72172d162726f517c5c4f837ca6a72eeb2230d"], "ip": "193[.]39[.]219[.]161"}, {"hashes": ["ec973dc07054ca2d243b516dde72172d162726f517c5c4f837ca6a72eeb2230d"], "ip": "18[.]167[.]250[.]22"}, {"hashes": ["ec973dc07054ca2d243b516dde72172d162726f517c5c4f837ca6a72eeb2230d"], "ip": "101[.]95[.]213[.]76"}, {"hashes": ["ec973dc07054ca2d243b516dde72172d162726f517c5c4f837ca6a72eeb2230d"], "ip": "84[.]74[.]136[.]137"}, {"hashes": ["ec973dc07054ca2d243b516dde72172d162726f517c5c4f837ca6a72eeb2230d"], "ip": "33[.]65[.]137[.]230"}], "mutex": [{"hashes": ["05a177654f44ee39d7b1ff4dad3ba33ab486d49a958a3d472e0c135692d725da", "29e136e598502f9e97562e922ef3b229e5853398c73fd8520afd61e816368543", "4647c95a77f8dd9ee11e19fc7acd6bbf7d0e2d28a4cc5567f303b41302a57ab8", "48d95eb09f9056d00be35f7971ecc98df7ea73ed60afaf83b1985f3033154b20", "808e091ab01acfaa9e3b06eb71cea6ee080bfa341e6bccaa6e279c9256fe87cc", "81f0391485f1fb1f01ae93b273afba5ad96453cabc5e3b76de2263896b093974", "8deb937eb197eb8de2075272b4337e5f211cb0f175d84b938b9a3e532de25218", "b29bf4f0b5db1ac2e5c3ea5876054cb46695c10ba0dbfbb2243adf1799cd9f49", "e07241141e556c7b56f792c8956b171dd74c462593d9c64b937bb6382427f88c", "e56419521157bd1339e2e002d9a1d265d85676196960cd03abc9234e0fd93025", "ebf58d601873b6d4ca516bf6a607f7cd6edf6074e4be0677c89aa941beb16992", "ec973dc07054ca2d243b516dde72172d162726f517c5c4f837ca6a72eeb2230d"], "name": "EA4EC370D1E573DA"}, {"hashes": ["05a177654f44ee39d7b1ff4dad3ba33ab486d49a958a3d472e0c135692d725da", "29e136e598502f9e97562e922ef3b229e5853398c73fd8520afd61e816368543", "4647c95a77f8dd9ee11e19fc7acd6bbf7d0e2d28a4cc5567f303b41302a57ab8", "48d95eb09f9056d00be35f7971ecc98df7ea73ed60afaf83b1985f3033154b20", "808e091ab01acfaa9e3b06eb71cea6ee080bfa341e6bccaa6e279c9256fe87cc", "81f0391485f1fb1f01ae93b273afba5ad96453cabc5e3b76de2263896b093974", "8deb937eb197eb8de2075272b4337e5f211cb0f175d84b938b9a3e532de25218", "b29bf4f0b5db1ac2e5c3ea5876054cb46695c10ba0dbfbb2243adf1799cd9f49", "e07241141e556c7b56f792c8956b171dd74c462593d9c64b937bb6382427f88c", "e56419521157bd1339e2e002d9a1d265d85676196960cd03abc9234e0fd93025", "ebf58d601873b6d4ca516bf6a607f7cd6edf6074e4be0677c89aa941beb16992", "ec973dc07054ca2d243b516dde72172d162726f517c5c4f837ca6a72eeb2230d"], "name": "A83BAA13F950654C"}, {"hashes": ["05a177654f44ee39d7b1ff4dad3ba33ab486d49a958a3d472e0c135692d725da", "29e136e598502f9e97562e922ef3b229e5853398c73fd8520afd61e816368543", "4647c95a77f8dd9ee11e19fc7acd6bbf7d0e2d28a4cc5567f303b41302a57ab8", "48d95eb09f9056d00be35f7971ecc98df7ea73ed60afaf83b1985f3033154b20", "808e091ab01acfaa9e3b06eb71cea6ee080bfa341e6bccaa6e279c9256fe87cc", "81f0391485f1fb1f01ae93b273afba5ad96453cabc5e3b76de2263896b093974", "8deb937eb197eb8de2075272b4337e5f211cb0f175d84b938b9a3e532de25218", "b29bf4f0b5db1ac2e5c3ea5876054cb46695c10ba0dbfbb2243adf1799cd9f49", "e07241141e556c7b56f792c8956b171dd74c462593d9c64b937bb6382427f88c", "e56419521157bd1339e2e002d9a1d265d85676196960cd03abc9234e0fd93025", "ebf58d601873b6d4ca516bf6a607f7cd6edf6074e4be0677c89aa941beb16992", "ec973dc07054ca2d243b516dde72172d162726f517c5c4f837ca6a72eeb2230d"], "name": "Global\\7A7146875A8CDE1E"}, {"hashes": ["05a177654f44ee39d7b1ff4dad3ba33ab486d49a958a3d472e0c135692d725da", "29e136e598502f9e97562e922ef3b229e5853398c73fd8520afd61e816368543", "4647c95a77f8dd9ee11e19fc7acd6bbf7d0e2d28a4cc5567f303b41302a57ab8", "48d95eb09f9056d00be35f7971ecc98df7ea73ed60afaf83b1985f3033154b20", "808e091ab01acfaa9e3b06eb71cea6ee080bfa341e6bccaa6e279c9256fe87cc", "81f0391485f1fb1f01ae93b273afba5ad96453cabc5e3b76de2263896b093974", "8deb937eb197eb8de2075272b4337e5f211cb0f175d84b938b9a3e532de25218", "b29bf4f0b5db1ac2e5c3ea5876054cb46695c10ba0dbfbb2243adf1799cd9f49", "e07241141e556c7b56f792c8956b171dd74c462593d9c64b937bb6382427f88c", "e56419521157bd1339e2e002d9a1d265d85676196960cd03abc9234e0fd93025", "ebf58d601873b6d4ca516bf6a607f7cd6edf6074e4be0677c89aa941beb16992", "ec973dc07054ca2d243b516dde72172d162726f517c5c4f837ca6a72eeb2230d"], "name": "B3E8F6F86CDD9D8B"}, {"hashes": ["05a177654f44ee39d7b1ff4dad3ba33ab486d49a958a3d472e0c135692d725da", "29e136e598502f9e97562e922ef3b229e5853398c73fd8520afd61e816368543", "4647c95a77f8dd9ee11e19fc7acd6bbf7d0e2d28a4cc5567f303b41302a57ab8", "48d95eb09f9056d00be35f7971ecc98df7ea73ed60afaf83b1985f3033154b20", "81f0391485f1fb1f01ae93b273afba5ad96453cabc5e3b76de2263896b093974", "8deb937eb197eb8de2075272b4337e5f211cb0f175d84b938b9a3e532de25218", "b29bf4f0b5db1ac2e5c3ea5876054cb46695c10ba0dbfbb2243adf1799cd9f49", "e07241141e556c7b56f792c8956b171dd74c462593d9c64b937bb6382427f88c", "e56419521157bd1339e2e002d9a1d265d85676196960cd03abc9234e0fd93025", "ebf58d601873b6d4ca516bf6a607f7cd6edf6074e4be0677c89aa941beb16992", "ec973dc07054ca2d243b516dde72172d162726f517c5c4f837ca6a72eeb2230d"], "name": "563CCFFF6B36C3AB"}, {"hashes": ["05a177654f44ee39d7b1ff4dad3ba33ab486d49a958a3d472e0c135692d725da", "29e136e598502f9e97562e922ef3b229e5853398c73fd8520afd61e816368543", "4647c95a77f8dd9ee11e19fc7acd6bbf7d0e2d28a4cc5567f303b41302a57ab8", "48d95eb09f9056d00be35f7971ecc98df7ea73ed60afaf83b1985f3033154b20", "81f0391485f1fb1f01ae93b273afba5ad96453cabc5e3b76de2263896b093974", "8deb937eb197eb8de2075272b4337e5f211cb0f175d84b938b9a3e532de25218", "b29bf4f0b5db1ac2e5c3ea5876054cb46695c10ba0dbfbb2243adf1799cd9f49", "e07241141e556c7b56f792c8956b171dd74c462593d9c64b937bb6382427f88c", "e56419521157bd1339e2e002d9a1d265d85676196960cd03abc9234e0fd93025", "ebf58d601873b6d4ca516bf6a607f7cd6edf6074e4be0677c89aa941beb16992", "ec973dc07054ca2d243b516dde72172d162726f517c5c4f837ca6a72eeb2230d"], "name": "2070A5364843D9D3"}, {"hashes": ["05a177654f44ee39d7b1ff4dad3ba33ab486d49a958a3d472e0c135692d725da", "29e136e598502f9e97562e922ef3b229e5853398c73fd8520afd61e816368543", "4647c95a77f8dd9ee11e19fc7acd6bbf7d0e2d28a4cc5567f303b41302a57ab8", "48d95eb09f9056d00be35f7971ecc98df7ea73ed60afaf83b1985f3033154b20", "81f0391485f1fb1f01ae93b273afba5ad96453cabc5e3b76de2263896b093974", "8deb937eb197eb8de2075272b4337e5f211cb0f175d84b938b9a3e532de25218", "b29bf4f0b5db1ac2e5c3ea5876054cb46695c10ba0dbfbb2243adf1799cd9f49", "e07241141e556c7b56f792c8956b171dd74c462593d9c64b937bb6382427f88c", "e56419521157bd1339e2e002d9a1d265d85676196960cd03abc9234e0fd93025", "ebf58d601873b6d4ca516bf6a607f7cd6edf6074e4be0677c89aa941beb16992", "ec973dc07054ca2d243b516dde72172d162726f517c5c4f837ca6a72eeb2230d"], "name": "Global\\B2A01B9EB1B404AD"}], "registry": [{"hashes": ["05a177654f44ee39d7b1ff4dad3ba33ab486d49a958a3d472e0c135692d725da", "29e136e598502f9e97562e922ef3b229e5853398c73fd8520afd61e816368543", "4647c95a77f8dd9ee11e19fc7acd6bbf7d0e2d28a4cc5567f303b41302a57ab8", "48d95eb09f9056d00be35f7971ecc98df7ea73ed60afaf83b1985f3033154b20", "808e091ab01acfaa9e3b06eb71cea6ee080bfa341e6bccaa6e279c9256fe87cc", "81f0391485f1fb1f01ae93b273afba5ad96453cabc5e3b76de2263896b093974", "8deb937eb197eb8de2075272b4337e5f211cb0f175d84b938b9a3e532de25218", "b29bf4f0b5db1ac2e5c3ea5876054cb46695c10ba0dbfbb2243adf1799cd9f49", "e07241141e556c7b56f792c8956b171dd74c462593d9c64b937bb6382427f88c", "e56419521157bd1339e2e002d9a1d265d85676196960cd03abc9234e0fd93025", "ebf58d601873b6d4ca516bf6a607f7cd6edf6074e4be0677c89aa941beb16992", "ec973dc07054ca2d243b516dde72172d162726f517c5c4f837ca6a72eeb2230d"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\3A91C13AB1", "value_name": "96f717b3"}, {"hashes": ["05a177654f44ee39d7b1ff4dad3ba33ab486d49a958a3d472e0c135692d725da", "29e136e598502f9e97562e922ef3b229e5853398c73fd8520afd61e816368543", "4647c95a77f8dd9ee11e19fc7acd6bbf7d0e2d28a4cc5567f303b41302a57ab8", "48d95eb09f9056d00be35f7971ecc98df7ea73ed60afaf83b1985f3033154b20", "808e091ab01acfaa9e3b06eb71cea6ee080bfa341e6bccaa6e279c9256fe87cc", "81f0391485f1fb1f01ae93b273afba5ad96453cabc5e3b76de2263896b093974", "8deb937eb197eb8de2075272b4337e5f211cb0f175d84b938b9a3e532de25218", "b29bf4f0b5db1ac2e5c3ea5876054cb46695c10ba0dbfbb2243adf1799cd9f49", "e07241141e556c7b56f792c8956b171dd74c462593d9c64b937bb6382427f88c", "e56419521157bd1339e2e002d9a1d265d85676196960cd03abc9234e0fd93025", "ebf58d601873b6d4ca516bf6a607f7cd6edf6074e4be0677c89aa941beb16992", "ec973dc07054ca2d243b516dde72172d162726f517c5c4f837ca6a72eeb2230d"], "key": "<HKCU>\\SOFTWARE\\3A91C13AB1", "value_name": "96f717b3"}, {"hashes": ["05a177654f44ee39d7b1ff4dad3ba33ab486d49a958a3d472e0c135692d725da", "29e136e598502f9e97562e922ef3b229e5853398c73fd8520afd61e816368543", "4647c95a77f8dd9ee11e19fc7acd6bbf7d0e2d28a4cc5567f303b41302a57ab8", "48d95eb09f9056d00be35f7971ecc98df7ea73ed60afaf83b1985f3033154b20", "808e091ab01acfaa9e3b06eb71cea6ee080bfa341e6bccaa6e279c9256fe87cc", "81f0391485f1fb1f01ae93b273afba5ad96453cabc5e3b76de2263896b093974", "8deb937eb197eb8de2075272b4337e5f211cb0f175d84b938b9a3e532de25218", "b29bf4f0b5db1ac2e5c3ea5876054cb46695c10ba0dbfbb2243adf1799cd9f49", "e07241141e556c7b56f792c8956b171dd74c462593d9c64b937bb6382427f88c", "e56419521157bd1339e2e002d9a1d265d85676196960cd03abc9234e0fd93025", "ebf58d601873b6d4ca516bf6a607f7cd6edf6074e4be0677c89aa941beb16992", "ec973dc07054ca2d243b516dde72172d162726f517c5c4f837ca6a72eeb2230d"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\3A91C13AB1", "value_name": "656f27d6"}, {"hashes": ["05a177654f44ee39d7b1ff4dad3ba33ab486d49a958a3d472e0c135692d725da", "29e136e598502f9e97562e922ef3b229e5853398c73fd8520afd61e816368543", "4647c95a77f8dd9ee11e19fc7acd6bbf7d0e2d28a4cc5567f303b41302a57ab8", "48d95eb09f9056d00be35f7971ecc98df7ea73ed60afaf83b1985f3033154b20", "808e091ab01acfaa9e3b06eb71cea6ee080bfa341e6bccaa6e279c9256fe87cc", "81f0391485f1fb1f01ae93b273afba5ad96453cabc5e3b76de2263896b093974", "8deb937eb197eb8de2075272b4337e5f211cb0f175d84b938b9a3e532de25218", "b29bf4f0b5db1ac2e5c3ea5876054cb46695c10ba0dbfbb2243adf1799cd9f49", "e07241141e556c7b56f792c8956b171dd74c462593d9c64b937bb6382427f88c", "e56419521157bd1339e2e002d9a1d265d85676196960cd03abc9234e0fd93025", "ebf58d601873b6d4ca516bf6a607f7cd6edf6074e4be0677c89aa941beb16992", "ec973dc07054ca2d243b516dde72172d162726f517c5c4f837ca6a72eeb2230d"], "key": "<HKCU>\\SOFTWARE\\3A91C13AB1", "value_name": "656f27d6"}, {"hashes": ["05a177654f44ee39d7b1ff4dad3ba33ab486d49a958a3d472e0c135692d725da", "29e136e598502f9e97562e922ef3b229e5853398c73fd8520afd61e816368543", "4647c95a77f8dd9ee11e19fc7acd6bbf7d0e2d28a4cc5567f303b41302a57ab8", "48d95eb09f9056d00be35f7971ecc98df7ea73ed60afaf83b1985f3033154b20", "808e091ab01acfaa9e3b06eb71cea6ee080bfa341e6bccaa6e279c9256fe87cc", "81f0391485f1fb1f01ae93b273afba5ad96453cabc5e3b76de2263896b093974", "8deb937eb197eb8de2075272b4337e5f211cb0f175d84b938b9a3e532de25218", "b29bf4f0b5db1ac2e5c3ea5876054cb46695c10ba0dbfbb2243adf1799cd9f49", "e07241141e556c7b56f792c8956b171dd74c462593d9c64b937bb6382427f88c", "e56419521157bd1339e2e002d9a1d265d85676196960cd03abc9234e0fd93025", "ebf58d601873b6d4ca516bf6a607f7cd6edf6074e4be0677c89aa941beb16992", "ec973dc07054ca2d243b516dde72172d162726f517c5c4f837ca6a72eeb2230d"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\EXPLORER\\RUN", "value_name": null}, {"hashes": ["05a177654f44ee39d7b1ff4dad3ba33ab486d49a958a3d472e0c135692d725da", "29e136e598502f9e97562e922ef3b229e5853398c73fd8520afd61e816368543", "4647c95a77f8dd9ee11e19fc7acd6bbf7d0e2d28a4cc5567f303b41302a57ab8", "48d95eb09f9056d00be35f7971ecc98df7ea73ed60afaf83b1985f3033154b20", "808e091ab01acfaa9e3b06eb71cea6ee080bfa341e6bccaa6e279c9256fe87cc", "81f0391485f1fb1f01ae93b273afba5ad96453cabc5e3b76de2263896b093974", "8deb937eb197eb8de2075272b4337e5f211cb0f175d84b938b9a3e532de25218", "b29bf4f0b5db1ac2e5c3ea5876054cb46695c10ba0dbfbb2243adf1799cd9f49", "e07241141e556c7b56f792c8956b171dd74c462593d9c64b937bb6382427f88c", "e56419521157bd1339e2e002d9a1d265d85676196960cd03abc9234e0fd93025", "ebf58d601873b6d4ca516bf6a607f7cd6edf6074e4be0677c89aa941beb16992", "ec973dc07054ca2d243b516dde72172d162726f517c5c4f837ca6a72eeb2230d"], "key": "<HKCU>\\SOFTWARE\\3A91C13AB1", "value_name": null}, {"hashes": ["05a177654f44ee39d7b1ff4dad3ba33ab486d49a958a3d472e0c135692d725da", "29e136e598502f9e97562e922ef3b229e5853398c73fd8520afd61e816368543", "4647c95a77f8dd9ee11e19fc7acd6bbf7d0e2d28a4cc5567f303b41302a57ab8", "48d95eb09f9056d00be35f7971ecc98df7ea73ed60afaf83b1985f3033154b20", "808e091ab01acfaa9e3b06eb71cea6ee080bfa341e6bccaa6e279c9256fe87cc", "81f0391485f1fb1f01ae93b273afba5ad96453cabc5e3b76de2263896b093974", "8deb937eb197eb8de2075272b4337e5f211cb0f175d84b938b9a3e532de25218", "b29bf4f0b5db1ac2e5c3ea5876054cb46695c10ba0dbfbb2243adf1799cd9f49", "e07241141e556c7b56f792c8956b171dd74c462593d9c64b937bb6382427f88c", "e56419521157bd1339e2e002d9a1d265d85676196960cd03abc9234e0fd93025", "ebf58d601873b6d4ca516bf6a607f7cd6edf6074e4be0677c89aa941beb16992", "ec973dc07054ca2d243b516dde72172d162726f517c5c4f837ca6a72eeb2230d"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\3A91C13AB1", "value_name": null}, {"hashes": ["05a177654f44ee39d7b1ff4dad3ba33ab486d49a958a3d472e0c135692d725da", "29e136e598502f9e97562e922ef3b229e5853398c73fd8520afd61e816368543", "4647c95a77f8dd9ee11e19fc7acd6bbf7d0e2d28a4cc5567f303b41302a57ab8", "48d95eb09f9056d00be35f7971ecc98df7ea73ed60afaf83b1985f3033154b20", "808e091ab01acfaa9e3b06eb71cea6ee080bfa341e6bccaa6e279c9256fe87cc", "81f0391485f1fb1f01ae93b273afba5ad96453cabc5e3b76de2263896b093974", "8deb937eb197eb8de2075272b4337e5f211cb0f175d84b938b9a3e532de25218", "b29bf4f0b5db1ac2e5c3ea5876054cb46695c10ba0dbfbb2243adf1799cd9f49", "e07241141e556c7b56f792c8956b171dd74c462593d9c64b937bb6382427f88c", "e56419521157bd1339e2e002d9a1d265d85676196960cd03abc9234e0fd93025", "ebf58d601873b6d4ca516bf6a607f7cd6edf6074e4be0677c89aa941beb16992", "ec973dc07054ca2d243b516dde72172d162726f517c5c4f837ca6a72eeb2230d"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\ACTION CENTER\\CHECKS\\{E8433B72-5842-4D43-8645-BC2C35960837}.CHECK.101", "value_name": "CheckSetting"}, {"hashes": ["05a177654f44ee39d7b1ff4dad3ba33ab486d49a958a3d472e0c135692d725da", "29e136e598502f9e97562e922ef3b229e5853398c73fd8520afd61e816368543", "4647c95a77f8dd9ee11e19fc7acd6bbf7d0e2d28a4cc5567f303b41302a57ab8", "48d95eb09f9056d00be35f7971ecc98df7ea73ed60afaf83b1985f3033154b20", "808e091ab01acfaa9e3b06eb71cea6ee080bfa341e6bccaa6e279c9256fe87cc", "81f0391485f1fb1f01ae93b273afba5ad96453cabc5e3b76de2263896b093974", "8deb937eb197eb8de2075272b4337e5f211cb0f175d84b938b9a3e532de25218", "b29bf4f0b5db1ac2e5c3ea5876054cb46695c10ba0dbfbb2243adf1799cd9f49", "e07241141e556c7b56f792c8956b171dd74c462593d9c64b937bb6382427f88c", "e56419521157bd1339e2e002d9a1d265d85676196960cd03abc9234e0fd93025", "ebf58d601873b6d4ca516bf6a607f7cd6edf6074e4be0677c89aa941beb16992", "ec973dc07054ca2d243b516dde72172d162726f517c5c4f837ca6a72eeb2230d"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\ACTION CENTER\\CHECKS\\{E8433B72-5842-4D43-8645-BC2C35960837}.CHECK.103", "value_name": "CheckSetting"}, {"hashes": ["05a177654f44ee39d7b1ff4dad3ba33ab486d49a958a3d472e0c135692d725da", "29e136e598502f9e97562e922ef3b229e5853398c73fd8520afd61e816368543", "4647c95a77f8dd9ee11e19fc7acd6bbf7d0e2d28a4cc5567f303b41302a57ab8", "48d95eb09f9056d00be35f7971ecc98df7ea73ed60afaf83b1985f3033154b20", "808e091ab01acfaa9e3b06eb71cea6ee080bfa341e6bccaa6e279c9256fe87cc", "81f0391485f1fb1f01ae93b273afba5ad96453cabc5e3b76de2263896b093974", "8deb937eb197eb8de2075272b4337e5f211cb0f175d84b938b9a3e532de25218", "b29bf4f0b5db1ac2e5c3ea5876054cb46695c10ba0dbfbb2243adf1799cd9f49", "e07241141e556c7b56f792c8956b171dd74c462593d9c64b937bb6382427f88c", "e56419521157bd1339e2e002d9a1d265d85676196960cd03abc9234e0fd93025", "ebf58d601873b6d4ca516bf6a607f7cd6edf6074e4be0677c89aa941beb16992", "ec973dc07054ca2d243b516dde72172d162726f517c5c4f837ca6a72eeb2230d"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\ACTION CENTER\\CHECKS\\{E8433B72-5842-4D43-8645-BC2C35960837}.CHECK.100", "value_name": "CheckSetting"}, {"hashes": ["05a177654f44ee39d7b1ff4dad3ba33ab486d49a958a3d472e0c135692d725da", "29e136e598502f9e97562e922ef3b229e5853398c73fd8520afd61e816368543", "4647c95a77f8dd9ee11e19fc7acd6bbf7d0e2d28a4cc5567f303b41302a57ab8", "48d95eb09f9056d00be35f7971ecc98df7ea73ed60afaf83b1985f3033154b20", "808e091ab01acfaa9e3b06eb71cea6ee080bfa341e6bccaa6e279c9256fe87cc", "81f0391485f1fb1f01ae93b273afba5ad96453cabc5e3b76de2263896b093974", "8deb937eb197eb8de2075272b4337e5f211cb0f175d84b938b9a3e532de25218", "b29bf4f0b5db1ac2e5c3ea5876054cb46695c10ba0dbfbb2243adf1799cd9f49", "e07241141e556c7b56f792c8956b171dd74c462593d9c64b937bb6382427f88c", "e56419521157bd1339e2e002d9a1d265d85676196960cd03abc9234e0fd93025", "ebf58d601873b6d4ca516bf6a607f7cd6edf6074e4be0677c89aa941beb16992", "ec973dc07054ca2d243b516dde72172d162726f517c5c4f837ca6a72eeb2230d"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\ACTION CENTER\\CHECKS\\{E8433B72-5842-4D43-8645-BC2C35960837}.CHECK.102", "value_name": "CheckSetting"}, {"hashes": ["05a177654f44ee39d7b1ff4dad3ba33ab486d49a958a3d472e0c135692d725da", "29e136e598502f9e97562e922ef3b229e5853398c73fd8520afd61e816368543", "4647c95a77f8dd9ee11e19fc7acd6bbf7d0e2d28a4cc5567f303b41302a57ab8", "48d95eb09f9056d00be35f7971ecc98df7ea73ed60afaf83b1985f3033154b20", "808e091ab01acfaa9e3b06eb71cea6ee080bfa341e6bccaa6e279c9256fe87cc", "81f0391485f1fb1f01ae93b273afba5ad96453cabc5e3b76de2263896b093974", "8deb937eb197eb8de2075272b4337e5f211cb0f175d84b938b9a3e532de25218", "b29bf4f0b5db1ac2e5c3ea5876054cb46695c10ba0dbfbb2243adf1799cd9f49", "e07241141e556c7b56f792c8956b171dd74c462593d9c64b937bb6382427f88c", "e56419521157bd1339e2e002d9a1d265d85676196960cd03abc9234e0fd93025", "ebf58d601873b6d4ca516bf6a607f7cd6edf6074e4be0677c89aa941beb16992", "ec973dc07054ca2d243b516dde72172d162726f517c5c4f837ca6a72eeb2230d"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\ACTION CENTER\\CHECKS\\{E8433B72-5842-4D43-8645-BC2C35960837}.CHECK.104", "value_name": "CheckSetting"}, {"hashes": ["05a177654f44ee39d7b1ff4dad3ba33ab486d49a958a3d472e0c135692d725da", "29e136e598502f9e97562e922ef3b229e5853398c73fd8520afd61e816368543", "4647c95a77f8dd9ee11e19fc7acd6bbf7d0e2d28a4cc5567f303b41302a57ab8", "48d95eb09f9056d00be35f7971ecc98df7ea73ed60afaf83b1985f3033154b20", "808e091ab01acfaa9e3b06eb71cea6ee080bfa341e6bccaa6e279c9256fe87cc", "81f0391485f1fb1f01ae93b273afba5ad96453cabc5e3b76de2263896b093974", "8deb937eb197eb8de2075272b4337e5f211cb0f175d84b938b9a3e532de25218", "b29bf4f0b5db1ac2e5c3ea5876054cb46695c10ba0dbfbb2243adf1799cd9f49", "e07241141e556c7b56f792c8956b171dd74c462593d9c64b937bb6382427f88c", "e56419521157bd1339e2e002d9a1d265d85676196960cd03abc9234e0fd93025", "ebf58d601873b6d4ca516bf6a607f7cd6edf6074e4be0677c89aa941beb16992", "ec973dc07054ca2d243b516dde72172d162726f517c5c4f837ca6a72eeb2230d"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\3A91C13AB1", "value_name": "ffcfae7b"}, {"hashes": ["05a177654f44ee39d7b1ff4dad3ba33ab486d49a958a3d472e0c135692d725da", "29e136e598502f9e97562e922ef3b229e5853398c73fd8520afd61e816368543", "4647c95a77f8dd9ee11e19fc7acd6bbf7d0e2d28a4cc5567f303b41302a57ab8", "48d95eb09f9056d00be35f7971ecc98df7ea73ed60afaf83b1985f3033154b20", "808e091ab01acfaa9e3b06eb71cea6ee080bfa341e6bccaa6e279c9256fe87cc", "81f0391485f1fb1f01ae93b273afba5ad96453cabc5e3b76de2263896b093974", "8deb937eb197eb8de2075272b4337e5f211cb0f175d84b938b9a3e532de25218", "b29bf4f0b5db1ac2e5c3ea5876054cb46695c10ba0dbfbb2243adf1799cd9f49", "e07241141e556c7b56f792c8956b171dd74c462593d9c64b937bb6382427f88c", "e56419521157bd1339e2e002d9a1d265d85676196960cd03abc9234e0fd93025", "ebf58d601873b6d4ca516bf6a607f7cd6edf6074e4be0677c89aa941beb16992", "ec973dc07054ca2d243b516dde72172d162726f517c5c4f837ca6a72eeb2230d"], "key": "<HKCU>\\SOFTWARE\\3A91C13AB1", "value_name": "ffcfae7b"}, {"hashes": ["05a177654f44ee39d7b1ff4dad3ba33ab486d49a958a3d472e0c135692d725da", "29e136e598502f9e97562e922ef3b229e5853398c73fd8520afd61e816368543", "4647c95a77f8dd9ee11e19fc7acd6bbf7d0e2d28a4cc5567f303b41302a57ab8", "48d95eb09f9056d00be35f7971ecc98df7ea73ed60afaf83b1985f3033154b20", "808e091ab01acfaa9e3b06eb71cea6ee080bfa341e6bccaa6e279c9256fe87cc", "81f0391485f1fb1f01ae93b273afba5ad96453cabc5e3b76de2263896b093974", "8deb937eb197eb8de2075272b4337e5f211cb0f175d84b938b9a3e532de25218", "b29bf4f0b5db1ac2e5c3ea5876054cb46695c10ba0dbfbb2243adf1799cd9f49", "e07241141e556c7b56f792c8956b171dd74c462593d9c64b937bb6382427f88c", "e56419521157bd1339e2e002d9a1d265d85676196960cd03abc9234e0fd93025", "ebf58d601873b6d4ca516bf6a607f7cd6edf6074e4be0677c89aa941beb16992", "ec973dc07054ca2d243b516dde72172d162726f517c5c4f837ca6a72eeb2230d"], "key": "<HKCU>\\SOFTWARE\\3A91C13AB1", "value_name": "78758f10"}, {"hashes": ["05a177654f44ee39d7b1ff4dad3ba33ab486d49a958a3d472e0c135692d725da", "29e136e598502f9e97562e922ef3b229e5853398c73fd8520afd61e816368543", "4647c95a77f8dd9ee11e19fc7acd6bbf7d0e2d28a4cc5567f303b41302a57ab8", "48d95eb09f9056d00be35f7971ecc98df7ea73ed60afaf83b1985f3033154b20", "808e091ab01acfaa9e3b06eb71cea6ee080bfa341e6bccaa6e279c9256fe87cc", "81f0391485f1fb1f01ae93b273afba5ad96453cabc5e3b76de2263896b093974", "8deb937eb197eb8de2075272b4337e5f211cb0f175d84b938b9a3e532de25218", "b29bf4f0b5db1ac2e5c3ea5876054cb46695c10ba0dbfbb2243adf1799cd9f49", "e07241141e556c7b56f792c8956b171dd74c462593d9c64b937bb6382427f88c", "e56419521157bd1339e2e002d9a1d265d85676196960cd03abc9234e0fd93025", "ebf58d601873b6d4ca516bf6a607f7cd6edf6074e4be0677c89aa941beb16992", "ec973dc07054ca2d243b516dde72172d162726f517c5c4f837ca6a72eeb2230d"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\3A91C13AB1", "value_name": "78758f10"}, {"hashes": ["05a177654f44ee39d7b1ff4dad3ba33ab486d49a958a3d472e0c135692d725da", "29e136e598502f9e97562e922ef3b229e5853398c73fd8520afd61e816368543", "4647c95a77f8dd9ee11e19fc7acd6bbf7d0e2d28a4cc5567f303b41302a57ab8", "48d95eb09f9056d00be35f7971ecc98df7ea73ed60afaf83b1985f3033154b20", "808e091ab01acfaa9e3b06eb71cea6ee080bfa341e6bccaa6e279c9256fe87cc", "81f0391485f1fb1f01ae93b273afba5ad96453cabc5e3b76de2263896b093974", "8deb937eb197eb8de2075272b4337e5f211cb0f175d84b938b9a3e532de25218", "b29bf4f0b5db1ac2e5c3ea5876054cb46695c10ba0dbfbb2243adf1799cd9f49", "e07241141e556c7b56f792c8956b171dd74c462593d9c64b937bb6382427f88c", "e56419521157bd1339e2e002d9a1d265d85676196960cd03abc9234e0fd93025", "ebf58d601873b6d4ca516bf6a607f7cd6edf6074e4be0677c89aa941beb16992", "ec973dc07054ca2d243b516dde72172d162726f517c5c4f837ca6a72eeb2230d"], "key": "<HKCU>\\SOFTWARE\\3A91C13AB1", "value_name": "c3ab6058"}, {"hashes": ["05a177654f44ee39d7b1ff4dad3ba33ab486d49a958a3d472e0c135692d725da", "29e136e598502f9e97562e922ef3b229e5853398c73fd8520afd61e816368543", "4647c95a77f8dd9ee11e19fc7acd6bbf7d0e2d28a4cc5567f303b41302a57ab8", "48d95eb09f9056d00be35f7971ecc98df7ea73ed60afaf83b1985f3033154b20", "808e091ab01acfaa9e3b06eb71cea6ee080bfa341e6bccaa6e279c9256fe87cc", "81f0391485f1fb1f01ae93b273afba5ad96453cabc5e3b76de2263896b093974", "8deb937eb197eb8de2075272b4337e5f211cb0f175d84b938b9a3e532de25218", "b29bf4f0b5db1ac2e5c3ea5876054cb46695c10ba0dbfbb2243adf1799cd9f49", "e07241141e556c7b56f792c8956b171dd74c462593d9c64b937bb6382427f88c", "e56419521157bd1339e2e002d9a1d265d85676196960cd03abc9234e0fd93025", "ebf58d601873b6d4ca516bf6a607f7cd6edf6074e4be0677c89aa941beb16992", "ec973dc07054ca2d243b516dde72172d162726f517c5c4f837ca6a72eeb2230d"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\3A91C13AB1", "value_name": "c3ab6058"}, {"hashes": ["05a177654f44ee39d7b1ff4dad3ba33ab486d49a958a3d472e0c135692d725da", "29e136e598502f9e97562e922ef3b229e5853398c73fd8520afd61e816368543", "4647c95a77f8dd9ee11e19fc7acd6bbf7d0e2d28a4cc5567f303b41302a57ab8", "48d95eb09f9056d00be35f7971ecc98df7ea73ed60afaf83b1985f3033154b20", "808e091ab01acfaa9e3b06eb71cea6ee080bfa341e6bccaa6e279c9256fe87cc", "81f0391485f1fb1f01ae93b273afba5ad96453cabc5e3b76de2263896b093974", "8deb937eb197eb8de2075272b4337e5f211cb0f175d84b938b9a3e532de25218", "b29bf4f0b5db1ac2e5c3ea5876054cb46695c10ba0dbfbb2243adf1799cd9f49", "e07241141e556c7b56f792c8956b171dd74c462593d9c64b937bb6382427f88c", "e56419521157bd1339e2e002d9a1d265d85676196960cd03abc9234e0fd93025", "ebf58d601873b6d4ca516bf6a607f7cd6edf6074e4be0677c89aa941beb16992", "ec973dc07054ca2d243b516dde72172d162726f517c5c4f837ca6a72eeb2230d"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "\u00008567f942"}, {"hashes": ["05a177654f44ee39d7b1ff4dad3ba33ab486d49a958a3d472e0c135692d725da", "29e136e598502f9e97562e922ef3b229e5853398c73fd8520afd61e816368543", "4647c95a77f8dd9ee11e19fc7acd6bbf7d0e2d28a4cc5567f303b41302a57ab8", "48d95eb09f9056d00be35f7971ecc98df7ea73ed60afaf83b1985f3033154b20", "808e091ab01acfaa9e3b06eb71cea6ee080bfa341e6bccaa6e279c9256fe87cc", "81f0391485f1fb1f01ae93b273afba5ad96453cabc5e3b76de2263896b093974", "8deb937eb197eb8de2075272b4337e5f211cb0f175d84b938b9a3e532de25218", "b29bf4f0b5db1ac2e5c3ea5876054cb46695c10ba0dbfbb2243adf1799cd9f49", "e07241141e556c7b56f792c8956b171dd74c462593d9c64b937bb6382427f88c", "e56419521157bd1339e2e002d9a1d265d85676196960cd03abc9234e0fd93025", "ebf58d601873b6d4ca516bf6a607f7cd6edf6074e4be0677c89aa941beb16992", "ec973dc07054ca2d243b516dde72172d162726f517c5c4f837ca6a72eeb2230d"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\EXPLORER\\RUN", "value_name": "\u0000e7ec9eed"}, {"hashes": ["05a177654f44ee39d7b1ff4dad3ba33ab486d49a958a3d472e0c135692d725da", "29e136e598502f9e97562e922ef3b229e5853398c73fd8520afd61e816368543", "4647c95a77f8dd9ee11e19fc7acd6bbf7d0e2d28a4cc5567f303b41302a57ab8", "48d95eb09f9056d00be35f7971ecc98df7ea73ed60afaf83b1985f3033154b20", "808e091ab01acfaa9e3b06eb71cea6ee080bfa341e6bccaa6e279c9256fe87cc", "81f0391485f1fb1f01ae93b273afba5ad96453cabc5e3b76de2263896b093974", "8deb937eb197eb8de2075272b4337e5f211cb0f175d84b938b9a3e532de25218", "b29bf4f0b5db1ac2e5c3ea5876054cb46695c10ba0dbfbb2243adf1799cd9f49", "e07241141e556c7b56f792c8956b171dd74c462593d9c64b937bb6382427f88c", "e56419521157bd1339e2e002d9a1d265d85676196960cd03abc9234e0fd93025", "ebf58d601873b6d4ca516bf6a607f7cd6edf6074e4be0677c89aa941beb16992", "ec973dc07054ca2d243b516dde72172d162726f517c5c4f837ca6a72eeb2230d"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "\u00008567f942"}, {"hashes": ["05a177654f44ee39d7b1ff4dad3ba33ab486d49a958a3d472e0c135692d725da", "29e136e598502f9e97562e922ef3b229e5853398c73fd8520afd61e816368543", "48d95eb09f9056d00be35f7971ecc98df7ea73ed60afaf83b1985f3033154b20", "808e091ab01acfaa9e3b06eb71cea6ee080bfa341e6bccaa6e279c9256fe87cc", "81f0391485f1fb1f01ae93b273afba5ad96453cabc5e3b76de2263896b093974", "8deb937eb197eb8de2075272b4337e5f211cb0f175d84b938b9a3e532de25218", "b29bf4f0b5db1ac2e5c3ea5876054cb46695c10ba0dbfbb2243adf1799cd9f49", "e56419521157bd1339e2e002d9a1d265d85676196960cd03abc9234e0fd93025", "ebf58d601873b6d4ca516bf6a607f7cd6edf6074e4be0677c89aa941beb16992", "ec973dc07054ca2d243b516dde72172d162726f517c5c4f837ca6a72eeb2230d"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\3A91C13AB1", "value_name": "01b2a448"}, {"hashes": ["05a177654f44ee39d7b1ff4dad3ba33ab486d49a958a3d472e0c135692d725da", "29e136e598502f9e97562e922ef3b229e5853398c73fd8520afd61e816368543", "48d95eb09f9056d00be35f7971ecc98df7ea73ed60afaf83b1985f3033154b20", "808e091ab01acfaa9e3b06eb71cea6ee080bfa341e6bccaa6e279c9256fe87cc", "81f0391485f1fb1f01ae93b273afba5ad96453cabc5e3b76de2263896b093974", "8deb937eb197eb8de2075272b4337e5f211cb0f175d84b938b9a3e532de25218", "b29bf4f0b5db1ac2e5c3ea5876054cb46695c10ba0dbfbb2243adf1799cd9f49", "e56419521157bd1339e2e002d9a1d265d85676196960cd03abc9234e0fd93025", "ebf58d601873b6d4ca516bf6a607f7cd6edf6074e4be0677c89aa941beb16992", "ec973dc07054ca2d243b516dde72172d162726f517c5c4f837ca6a72eeb2230d"], "key": "<HKCU>\\SOFTWARE\\3A91C13AB1", "value_name": "01b2a448"}, {"hashes": ["29e136e598502f9e97562e922ef3b229e5853398c73fd8520afd61e816368543"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\174127A8DFD6952D52", "value_name": null}, {"hashes": ["29e136e598502f9e97562e922ef3b229e5853398c73fd8520afd61e816368543"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\JHJONDY", "value_name": null}, {"hashes": ["29e136e598502f9e97562e922ef3b229e5853398c73fd8520afd61e816368543"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\174127A8DFD6952D52", "value_name": "B42C88BB01CDD16F"}, {"hashes": ["e07241141e556c7b56f792c8956b171dd74c462593d9c64b937bb6382427f88c"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\8GKWUD", "value_name": null}, {"hashes": ["05a177654f44ee39d7b1ff4dad3ba33ab486d49a958a3d472e0c135692d725da"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\561EC6ADC413F2A2", "value_name": "5CF9C6E1F1FDEEC2"}, {"hashes": ["e07241141e556c7b56f792c8956b171dd74c462593d9c64b937bb6382427f88c"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\F0C8D039DD17EFF1753D", "value_name": "383431C4D3EA72E1"}, {"hashes": ["29e136e598502f9e97562e922ef3b229e5853398c73fd8520afd61e816368543"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\JHJONDY", "value_name": "K6KQfjcE"}, {"hashes": ["29e136e598502f9e97562e922ef3b229e5853398c73fd8520afd61e816368543"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\JHJONDY", "value_name": "oq5SCUjCtG"}, {"hashes": ["05a177654f44ee39d7b1ff4dad3ba33ab486d49a958a3d472e0c135692d725da"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\IKXBZOS", "value_name": "zOD4Q6W"}, {"hashes": ["ec973dc07054ca2d243b516dde72172d162726f517c5c4f837ca6a72eeb2230d"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\4ADCD5DA62B73EE07A89", "value_name": null}, {"hashes": ["ec973dc07054ca2d243b516dde72172d162726f517c5c4f837ca6a72eeb2230d"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\CG1MESASIE", "value_name": null}, {"hashes": ["e07241141e556c7b56f792c8956b171dd74c462593d9c64b937bb6382427f88c"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\8GKWUD", "value_name": "cN6M1jfXA"}, {"hashes": ["ec973dc07054ca2d243b516dde72172d162726f517c5c4f837ca6a72eeb2230d"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\4ADCD5DA62B73EE07A89", "value_name": "722A08FB40BB765A76"}, {"hashes": ["05a177654f44ee39d7b1ff4dad3ba33ab486d49a958a3d472e0c135692d725da"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\IKXBZOS", "value_name": "TOGexzzSo"}, {"hashes": ["e07241141e556c7b56f792c8956b171dd74c462593d9c64b937bb6382427f88c"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\8GKWUD", "value_name": "Ys4KSeuJj"}, {"hashes": ["e56419521157bd1339e2e002d9a1d265d85676196960cd03abc9234e0fd93025"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\CDD1A24A760D5D4FB", "value_name": null}, {"hashes": ["e56419521157bd1339e2e002d9a1d265d85676196960cd03abc9234e0fd93025"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\PEUR2QQ", "value_name": null}, {"hashes": ["e56419521157bd1339e2e002d9a1d265d85676196960cd03abc9234e0fd93025"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\CDD1A24A760D5D4FB", "value_name": "5F63ECEAF257B9D3C47"}, {"hashes": ["ec973dc07054ca2d243b516dde72172d162726f517c5c4f837ca6a72eeb2230d"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\CG1MESASIE", "value_name": "HN4sOPA"}, {"hashes": ["ec973dc07054ca2d243b516dde72172d162726f517c5c4f837ca6a72eeb2230d"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\CG1MESASIE", "value_name": "4hZ6LCiD"}, {"hashes": ["e56419521157bd1339e2e002d9a1d265d85676196960cd03abc9234e0fd93025"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\PEUR2QQ", "value_name": "P7W4pa6"}, {"hashes": ["e56419521157bd1339e2e002d9a1d265d85676196960cd03abc9234e0fd93025"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\PEUR2QQ", "value_name": "JtFWHxlew"}, {"hashes": ["b29bf4f0b5db1ac2e5c3ea5876054cb46695c10ba0dbfbb2243adf1799cd9f49"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\D512E07C0A2180C1", "value_name": null}, {"hashes": ["b29bf4f0b5db1ac2e5c3ea5876054cb46695c10ba0dbfbb2243adf1799cd9f49"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\PKM8BDY", "value_name": null}, {"hashes": ["b29bf4f0b5db1ac2e5c3ea5876054cb46695c10ba0dbfbb2243adf1799cd9f49"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\D512E07C0A2180C1", "value_name": "53418A324786EEE6"}, {"hashes": ["b29bf4f0b5db1ac2e5c3ea5876054cb46695c10ba0dbfbb2243adf1799cd9f49"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\PKM8BDY", "value_name": "nQnH3pAW"}, {"hashes": ["b29bf4f0b5db1ac2e5c3ea5876054cb46695c10ba0dbfbb2243adf1799cd9f49"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\PKM8BDY", "value_name": "KN6N9jd0tu"}]}, "reports_count": 12}, "Win.Trojan.Remcos-9835338-1": {"bis": [{"bi": "memory-execute-readwrite", "hashes": ["4ef3b9bb1838d76bda8e4e09b033c1948ed6d96c4df1962d7e8b3006ac121158", "75888910c75a9858137089eb35d48b6b1af6d43817e9a1dbb9fbc409fdaad511", "422cc4ab46ac67030dcf4da2b6211913c55dbc51962f578a6419ea52417db806", "496fa2a5a6abbc22d6a4c63e31847156d61c240d8e3a793e1b4de46e09827b52", "6141efb6f1598e2205806c5a788e61c489440dfc942984ee1688bb68ad0f18df", "6df0138ef184c816e119879763ce7cad7c71662ad1c7100fa28de9053166f121", "4fb16635e5aa65a5447e6d3122aa855802ded38ad924449c5c1da1b663a60a87", "1d1034f544122ee61bd440c91e70919f815933418efae74b22215b5f384a9492", "b168d039dfea8607880d790f371ae8eccd008a980a15d44568c95784f5c5cf47", "4a2f8900f2a6f2f2b06ab5fe12cb39bfa77be36739b4c59e6d8a7706c2262f4e", "93534ad76f71c7ba49fceec2156c76a715aa354fa01a8894e7542c76e853d896", "c79daeeb345b091760f3f1ac357454315d5d7b12792a129396b37da6a4bda5cf"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["4ef3b9bb1838d76bda8e4e09b033c1948ed6d96c4df1962d7e8b3006ac121158", "75888910c75a9858137089eb35d48b6b1af6d43817e9a1dbb9fbc409fdaad511", "422cc4ab46ac67030dcf4da2b6211913c55dbc51962f578a6419ea52417db806", "496fa2a5a6abbc22d6a4c63e31847156d61c240d8e3a793e1b4de46e09827b52", "6141efb6f1598e2205806c5a788e61c489440dfc942984ee1688bb68ad0f18df", "6df0138ef184c816e119879763ce7cad7c71662ad1c7100fa28de9053166f121", "4fb16635e5aa65a5447e6d3122aa855802ded38ad924449c5c1da1b663a60a87", "1d1034f544122ee61bd440c91e70919f815933418efae74b22215b5f384a9492", "b168d039dfea8607880d790f371ae8eccd008a980a15d44568c95784f5c5cf47", "4a2f8900f2a6f2f2b06ab5fe12cb39bfa77be36739b4c59e6d8a7706c2262f4e", "93534ad76f71c7ba49fceec2156c76a715aa354fa01a8894e7542c76e853d896", "c79daeeb345b091760f3f1ac357454315d5d7b12792a129396b37da6a4bda5cf"], "mitre_attack_tags": []}, {"bi": "pe-invalid-checksum", "hashes": ["4ef3b9bb1838d76bda8e4e09b033c1948ed6d96c4df1962d7e8b3006ac121158", "75888910c75a9858137089eb35d48b6b1af6d43817e9a1dbb9fbc409fdaad511", "422cc4ab46ac67030dcf4da2b6211913c55dbc51962f578a6419ea52417db806", "496fa2a5a6abbc22d6a4c63e31847156d61c240d8e3a793e1b4de46e09827b52", "6141efb6f1598e2205806c5a788e61c489440dfc942984ee1688bb68ad0f18df", "6df0138ef184c816e119879763ce7cad7c71662ad1c7100fa28de9053166f121", "4fb16635e5aa65a5447e6d3122aa855802ded38ad924449c5c1da1b663a60a87", "1d1034f544122ee61bd440c91e70919f815933418efae74b22215b5f384a9492", "b168d039dfea8607880d790f371ae8eccd008a980a15d44568c95784f5c5cf47", "4a2f8900f2a6f2f2b06ab5fe12cb39bfa77be36739b4c59e6d8a7706c2262f4e", "93534ad76f71c7ba49fceec2156c76a715aa354fa01a8894e7542c76e853d896", "c79daeeb345b091760f3f1ac357454315d5d7b12792a129396b37da6a4bda5cf"], "mitre_attack_tags": []}, {"bi": "pe-uses-visual-basic", "hashes": ["4ef3b9bb1838d76bda8e4e09b033c1948ed6d96c4df1962d7e8b3006ac121158", "75888910c75a9858137089eb35d48b6b1af6d43817e9a1dbb9fbc409fdaad511", "422cc4ab46ac67030dcf4da2b6211913c55dbc51962f578a6419ea52417db806", "496fa2a5a6abbc22d6a4c63e31847156d61c240d8e3a793e1b4de46e09827b52", "6141efb6f1598e2205806c5a788e61c489440dfc942984ee1688bb68ad0f18df", "6df0138ef184c816e119879763ce7cad7c71662ad1c7100fa28de9053166f121", "4fb16635e5aa65a5447e6d3122aa855802ded38ad924449c5c1da1b663a60a87", "1d1034f544122ee61bd440c91e70919f815933418efae74b22215b5f384a9492", "b168d039dfea8607880d790f371ae8eccd008a980a15d44568c95784f5c5cf47", "4a2f8900f2a6f2f2b06ab5fe12cb39bfa77be36739b4c59e6d8a7706c2262f4e", "93534ad76f71c7ba49fceec2156c76a715aa354fa01a8894e7542c76e853d896", "c79daeeb345b091760f3f1ac357454315d5d7b12792a129396b37da6a4bda5cf"], "mitre_attack_tags": []}, {"bi": "modified-executable", "hashes": ["4ef3b9bb1838d76bda8e4e09b033c1948ed6d96c4df1962d7e8b3006ac121158", "75888910c75a9858137089eb35d48b6b1af6d43817e9a1dbb9fbc409fdaad511", "496fa2a5a6abbc22d6a4c63e31847156d61c240d8e3a793e1b4de46e09827b52", "6141efb6f1598e2205806c5a788e61c489440dfc942984ee1688bb68ad0f18df", "6df0138ef184c816e119879763ce7cad7c71662ad1c7100fa28de9053166f121", "4fb16635e5aa65a5447e6d3122aa855802ded38ad924449c5c1da1b663a60a87", "1d1034f544122ee61bd440c91e70919f815933418efae74b22215b5f384a9492", "b168d039dfea8607880d790f371ae8eccd008a980a15d44568c95784f5c5cf47", "93534ad76f71c7ba49fceec2156c76a715aa354fa01a8894e7542c76e853d896", "c79daeeb345b091760f3f1ac357454315d5d7b12792a129396b37da6a4bda5cf"], "mitre_attack_tags": []}, {"bi": "modified-file-in-user-dir", "hashes": ["4ef3b9bb1838d76bda8e4e09b033c1948ed6d96c4df1962d7e8b3006ac121158", "75888910c75a9858137089eb35d48b6b1af6d43817e9a1dbb9fbc409fdaad511", "496fa2a5a6abbc22d6a4c63e31847156d61c240d8e3a793e1b4de46e09827b52", "6141efb6f1598e2205806c5a788e61c489440dfc942984ee1688bb68ad0f18df", "6df0138ef184c816e119879763ce7cad7c71662ad1c7100fa28de9053166f121", "4fb16635e5aa65a5447e6d3122aa855802ded38ad924449c5c1da1b663a60a87", "1d1034f544122ee61bd440c91e70919f815933418efae74b22215b5f384a9492", "b168d039dfea8607880d790f371ae8eccd008a980a15d44568c95784f5c5cf47", "93534ad76f71c7ba49fceec2156c76a715aa354fa01a8894e7542c76e853d896", "c79daeeb345b091760f3f1ac357454315d5d7b12792a129396b37da6a4bda5cf"], "mitre_attack_tags": []}, {"bi": "network-opendns-malicious", "hashes": ["4ef3b9bb1838d76bda8e4e09b033c1948ed6d96c4df1962d7e8b3006ac121158", "75888910c75a9858137089eb35d48b6b1af6d43817e9a1dbb9fbc409fdaad511", "496fa2a5a6abbc22d6a4c63e31847156d61c240d8e3a793e1b4de46e09827b52", "6141efb6f1598e2205806c5a788e61c489440dfc942984ee1688bb68ad0f18df", "6df0138ef184c816e119879763ce7cad7c71662ad1c7100fa28de9053166f121", "4fb16635e5aa65a5447e6d3122aa855802ded38ad924449c5c1da1b663a60a87", "1d1034f544122ee61bd440c91e70919f815933418efae74b22215b5f384a9492", "b168d039dfea8607880d790f371ae8eccd008a980a15d44568c95784f5c5cf47", "93534ad76f71c7ba49fceec2156c76a715aa354fa01a8894e7542c76e853d896", "c79daeeb345b091760f3f1ac357454315d5d7b12792a129396b37da6a4bda5cf"], "mitre_attack_tags": []}, {"bi": "network-fast-flux-domain", "hashes": ["4ef3b9bb1838d76bda8e4e09b033c1948ed6d96c4df1962d7e8b3006ac121158", "75888910c75a9858137089eb35d48b6b1af6d43817e9a1dbb9fbc409fdaad511", "496fa2a5a6abbc22d6a4c63e31847156d61c240d8e3a793e1b4de46e09827b52", "6141efb6f1598e2205806c5a788e61c489440dfc942984ee1688bb68ad0f18df", "6df0138ef184c816e119879763ce7cad7c71662ad1c7100fa28de9053166f121", "4fb16635e5aa65a5447e6d3122aa855802ded38ad924449c5c1da1b663a60a87", "1d1034f544122ee61bd440c91e70919f815933418efae74b22215b5f384a9492", "b168d039dfea8607880d790f371ae8eccd008a980a15d44568c95784f5c5cf47", "93534ad76f71c7ba49fceec2156c76a715aa354fa01a8894e7542c76e853d896", "c79daeeb345b091760f3f1ac357454315d5d7b12792a129396b37da6a4bda5cf"], "mitre_attack_tags": []}, {"bi": "network-communications-http-get", "hashes": ["4ef3b9bb1838d76bda8e4e09b033c1948ed6d96c4df1962d7e8b3006ac121158", "75888910c75a9858137089eb35d48b6b1af6d43817e9a1dbb9fbc409fdaad511", "496fa2a5a6abbc22d6a4c63e31847156d61c240d8e3a793e1b4de46e09827b52", "6141efb6f1598e2205806c5a788e61c489440dfc942984ee1688bb68ad0f18df", "6df0138ef184c816e119879763ce7cad7c71662ad1c7100fa28de9053166f121", "4fb16635e5aa65a5447e6d3122aa855802ded38ad924449c5c1da1b663a60a87", "1d1034f544122ee61bd440c91e70919f815933418efae74b22215b5f384a9492", "b168d039dfea8607880d790f371ae8eccd008a980a15d44568c95784f5c5cf47", "93534ad76f71c7ba49fceec2156c76a715aa354fa01a8894e7542c76e853d896", "c79daeeb345b091760f3f1ac357454315d5d7b12792a129396b37da6a4bda5cf"], "mitre_attack_tags": ["TA0011", "T1105"]}, {"bi": "feed-domain-rat", "hashes": ["4ef3b9bb1838d76bda8e4e09b033c1948ed6d96c4df1962d7e8b3006ac121158", "75888910c75a9858137089eb35d48b6b1af6d43817e9a1dbb9fbc409fdaad511", "496fa2a5a6abbc22d6a4c63e31847156d61c240d8e3a793e1b4de46e09827b52", "6141efb6f1598e2205806c5a788e61c489440dfc942984ee1688bb68ad0f18df", "6df0138ef184c816e119879763ce7cad7c71662ad1c7100fa28de9053166f121", "4fb16635e5aa65a5447e6d3122aa855802ded38ad924449c5c1da1b663a60a87", "1d1034f544122ee61bd440c91e70919f815933418efae74b22215b5f384a9492", "b168d039dfea8607880d790f371ae8eccd008a980a15d44568c95784f5c5cf47", "93534ad76f71c7ba49fceec2156c76a715aa354fa01a8894e7542c76e853d896", "c79daeeb345b091760f3f1ac357454315d5d7b12792a129396b37da6a4bda5cf"], "mitre_attack_tags": []}, {"bi": "feed-domain-antivirus-service", "hashes": ["4ef3b9bb1838d76bda8e4e09b033c1948ed6d96c4df1962d7e8b3006ac121158", "75888910c75a9858137089eb35d48b6b1af6d43817e9a1dbb9fbc409fdaad511", "496fa2a5a6abbc22d6a4c63e31847156d61c240d8e3a793e1b4de46e09827b52", "6141efb6f1598e2205806c5a788e61c489440dfc942984ee1688bb68ad0f18df", "6df0138ef184c816e119879763ce7cad7c71662ad1c7100fa28de9053166f121", "4fb16635e5aa65a5447e6d3122aa855802ded38ad924449c5c1da1b663a60a87", "1d1034f544122ee61bd440c91e70919f815933418efae74b22215b5f384a9492", "b168d039dfea8607880d790f371ae8eccd008a980a15d44568c95784f5c5cf47", "93534ad76f71c7ba49fceec2156c76a715aa354fa01a8894e7542c76e853d896", "c79daeeb345b091760f3f1ac357454315d5d7b12792a129396b37da6a4bda5cf"], "mitre_attack_tags": []}, {"bi": "registry-autorun-key-modified", "hashes": ["4ef3b9bb1838d76bda8e4e09b033c1948ed6d96c4df1962d7e8b3006ac121158", "75888910c75a9858137089eb35d48b6b1af6d43817e9a1dbb9fbc409fdaad511", "496fa2a5a6abbc22d6a4c63e31847156d61c240d8e3a793e1b4de46e09827b52", "6141efb6f1598e2205806c5a788e61c489440dfc942984ee1688bb68ad0f18df", "6df0138ef184c816e119879763ce7cad7c71662ad1c7100fa28de9053166f121", "4fb16635e5aa65a5447e6d3122aa855802ded38ad924449c5c1da1b663a60a87", "1d1034f544122ee61bd440c91e70919f815933418efae74b22215b5f384a9492", "b168d039dfea8607880d790f371ae8eccd008a980a15d44568c95784f5c5cf47", "93534ad76f71c7ba49fceec2156c76a715aa354fa01a8894e7542c76e853d896", "c79daeeb345b091760f3f1ac357454315d5d7b12792a129396b37da6a4bda5cf"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "dns-dynamic-domain", "hashes": ["4ef3b9bb1838d76bda8e4e09b033c1948ed6d96c4df1962d7e8b3006ac121158", "75888910c75a9858137089eb35d48b6b1af6d43817e9a1dbb9fbc409fdaad511", "496fa2a5a6abbc22d6a4c63e31847156d61c240d8e3a793e1b4de46e09827b52", "6141efb6f1598e2205806c5a788e61c489440dfc942984ee1688bb68ad0f18df", "6df0138ef184c816e119879763ce7cad7c71662ad1c7100fa28de9053166f121", "4fb16635e5aa65a5447e6d3122aa855802ded38ad924449c5c1da1b663a60a87", "1d1034f544122ee61bd440c91e70919f815933418efae74b22215b5f384a9492", "93534ad76f71c7ba49fceec2156c76a715aa354fa01a8894e7542c76e853d896", "c79daeeb345b091760f3f1ac357454315d5d7b12792a129396b37da6a4bda5cf"], "mitre_attack_tags": ["TA0011", "T1568"]}, {"bi": "excessive-foreign-memory-modification", "hashes": ["75888910c75a9858137089eb35d48b6b1af6d43817e9a1dbb9fbc409fdaad511", "496fa2a5a6abbc22d6a4c63e31847156d61c240d8e3a793e1b4de46e09827b52", "6141efb6f1598e2205806c5a788e61c489440dfc942984ee1688bb68ad0f18df", "6df0138ef184c816e119879763ce7cad7c71662ad1c7100fa28de9053166f121", "4fb16635e5aa65a5447e6d3122aa855802ded38ad924449c5c1da1b663a60a87", "1d1034f544122ee61bd440c91e70919f815933418efae74b22215b5f384a9492", "b168d039dfea8607880d790f371ae8eccd008a980a15d44568c95784f5c5cf47", "93534ad76f71c7ba49fceec2156c76a715aa354fa01a8894e7542c76e853d896", "c79daeeb345b091760f3f1ac357454315d5d7b12792a129396b37da6a4bda5cf"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "antivirus-flagged-artifact", "hashes": ["496fa2a5a6abbc22d6a4c63e31847156d61c240d8e3a793e1b4de46e09827b52", "6141efb6f1598e2205806c5a788e61c489440dfc942984ee1688bb68ad0f18df", "6df0138ef184c816e119879763ce7cad7c71662ad1c7100fa28de9053166f121", "4fb16635e5aa65a5447e6d3122aa855802ded38ad924449c5c1da1b663a60a87", "1d1034f544122ee61bd440c91e70919f815933418efae74b22215b5f384a9492", "b168d039dfea8607880d790f371ae8eccd008a980a15d44568c95784f5c5cf47", "93534ad76f71c7ba49fceec2156c76a715aa354fa01a8894e7542c76e853d896", "c79daeeb345b091760f3f1ac357454315d5d7b12792a129396b37da6a4bda5cf"], "mitre_attack_tags": []}, {"bi": "created-executable-in-user-dir", "hashes": ["496fa2a5a6abbc22d6a4c63e31847156d61c240d8e3a793e1b4de46e09827b52", "6141efb6f1598e2205806c5a788e61c489440dfc942984ee1688bb68ad0f18df", "6df0138ef184c816e119879763ce7cad7c71662ad1c7100fa28de9053166f121", "4fb16635e5aa65a5447e6d3122aa855802ded38ad924449c5c1da1b663a60a87", "1d1034f544122ee61bd440c91e70919f815933418efae74b22215b5f384a9492", "b168d039dfea8607880d790f371ae8eccd008a980a15d44568c95784f5c5cf47", "93534ad76f71c7ba49fceec2156c76a715aa354fa01a8894e7542c76e853d896", "c79daeeb345b091760f3f1ac357454315d5d7b12792a129396b37da6a4bda5cf"], "mitre_attack_tags": []}, {"bi": "hook-installed", "hashes": ["496fa2a5a6abbc22d6a4c63e31847156d61c240d8e3a793e1b4de46e09827b52", "6141efb6f1598e2205806c5a788e61c489440dfc942984ee1688bb68ad0f18df", "6df0138ef184c816e119879763ce7cad7c71662ad1c7100fa28de9053166f121", "4fb16635e5aa65a5447e6d3122aa855802ded38ad924449c5c1da1b663a60a87", "1d1034f544122ee61bd440c91e70919f815933418efae74b22215b5f384a9492", "b168d039dfea8607880d790f371ae8eccd008a980a15d44568c95784f5c5cf47", "93534ad76f71c7ba49fceec2156c76a715aa354fa01a8894e7542c76e853d896", "c79daeeb345b091760f3f1ac357454315d5d7b12792a129396b37da6a4bda5cf"], "mitre_attack_tags": ["TA0009", "TA0006", "T1056"]}, {"bi": "pe-uses-armadillo", "hashes": ["496fa2a5a6abbc22d6a4c63e31847156d61c240d8e3a793e1b4de46e09827b52", "6141efb6f1598e2205806c5a788e61c489440dfc942984ee1688bb68ad0f18df", "6df0138ef184c816e119879763ce7cad7c71662ad1c7100fa28de9053166f121", "4fb16635e5aa65a5447e6d3122aa855802ded38ad924449c5c1da1b663a60a87", "1d1034f544122ee61bd440c91e70919f815933418efae74b22215b5f384a9492", "b168d039dfea8607880d790f371ae8eccd008a980a15d44568c95784f5c5cf47", "93534ad76f71c7ba49fceec2156c76a715aa354fa01a8894e7542c76e853d896", "c79daeeb345b091760f3f1ac357454315d5d7b12792a129396b37da6a4bda5cf"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "malware-known-trojan-av", "hashes": ["496fa2a5a6abbc22d6a4c63e31847156d61c240d8e3a793e1b4de46e09827b52", "6141efb6f1598e2205806c5a788e61c489440dfc942984ee1688bb68ad0f18df", "6df0138ef184c816e119879763ce7cad7c71662ad1c7100fa28de9053166f121", "4fb16635e5aa65a5447e6d3122aa855802ded38ad924449c5c1da1b663a60a87", "1d1034f544122ee61bd440c91e70919f815933418efae74b22215b5f384a9492", "b168d039dfea8607880d790f371ae8eccd008a980a15d44568c95784f5c5cf47", "93534ad76f71c7ba49fceec2156c76a715aa354fa01a8894e7542c76e853d896", "c79daeeb345b091760f3f1ac357454315d5d7b12792a129396b37da6a4bda5cf"], "mitre_attack_tags": []}, {"bi": "sample-launched-copy-of-self", "hashes": ["496fa2a5a6abbc22d6a4c63e31847156d61c240d8e3a793e1b4de46e09827b52", "6141efb6f1598e2205806c5a788e61c489440dfc942984ee1688bb68ad0f18df", "6df0138ef184c816e119879763ce7cad7c71662ad1c7100fa28de9053166f121", "4fb16635e5aa65a5447e6d3122aa855802ded38ad924449c5c1da1b663a60a87", "1d1034f544122ee61bd440c91e70919f815933418efae74b22215b5f384a9492", "b168d039dfea8607880d790f371ae8eccd008a980a15d44568c95784f5c5cf47", "93534ad76f71c7ba49fceec2156c76a715aa354fa01a8894e7542c76e853d896", "c79daeeb345b091760f3f1ac357454315d5d7b12792a129396b37da6a4bda5cf"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "sample-launched-copy-domain-flagged", "hashes": ["496fa2a5a6abbc22d6a4c63e31847156d61c240d8e3a793e1b4de46e09827b52", "6141efb6f1598e2205806c5a788e61c489440dfc942984ee1688bb68ad0f18df", "6df0138ef184c816e119879763ce7cad7c71662ad1c7100fa28de9053166f121", "4fb16635e5aa65a5447e6d3122aa855802ded38ad924449c5c1da1b663a60a87", "1d1034f544122ee61bd440c91e70919f815933418efae74b22215b5f384a9492", "b168d039dfea8607880d790f371ae8eccd008a980a15d44568c95784f5c5cf47", "93534ad76f71c7ba49fceec2156c76a715aa354fa01a8894e7542c76e853d896", "c79daeeb345b091760f3f1ac357454315d5d7b12792a129396b37da6a4bda5cf"], "mitre_attack_tags": ["TA0011", "T1102"]}, {"bi": "registry-autorun-key-data-dir", "hashes": ["496fa2a5a6abbc22d6a4c63e31847156d61c240d8e3a793e1b4de46e09827b52", "6141efb6f1598e2205806c5a788e61c489440dfc942984ee1688bb68ad0f18df", "6df0138ef184c816e119879763ce7cad7c71662ad1c7100fa28de9053166f121", "4fb16635e5aa65a5447e6d3122aa855802ded38ad924449c5c1da1b663a60a87", "1d1034f544122ee61bd440c91e70919f815933418efae74b22215b5f384a9492", "b168d039dfea8607880d790f371ae8eccd008a980a15d44568c95784f5c5cf47", "93534ad76f71c7ba49fceec2156c76a715aa354fa01a8894e7542c76e853d896", "c79daeeb345b091760f3f1ac357454315d5d7b12792a129396b37da6a4bda5cf"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "cmd-exe-file-execution", "hashes": ["496fa2a5a6abbc22d6a4c63e31847156d61c240d8e3a793e1b4de46e09827b52", "6141efb6f1598e2205806c5a788e61c489440dfc942984ee1688bb68ad0f18df", "6df0138ef184c816e119879763ce7cad7c71662ad1c7100fa28de9053166f121", "4fb16635e5aa65a5447e6d3122aa855802ded38ad924449c5c1da1b663a60a87", "1d1034f544122ee61bd440c91e70919f815933418efae74b22215b5f384a9492", "b168d039dfea8607880d790f371ae8eccd008a980a15d44568c95784f5c5cf47", "93534ad76f71c7ba49fceec2156c76a715aa354fa01a8894e7542c76e853d896", "c79daeeb345b091760f3f1ac357454315d5d7b12792a129396b37da6a4bda5cf"], "mitre_attack_tags": ["TA0002", "T1059"]}, {"bi": "unsigned-roaming-execution", "hashes": ["496fa2a5a6abbc22d6a4c63e31847156d61c240d8e3a793e1b4de46e09827b52", "6141efb6f1598e2205806c5a788e61c489440dfc942984ee1688bb68ad0f18df", "6df0138ef184c816e119879763ce7cad7c71662ad1c7100fa28de9053166f121", "4fb16635e5aa65a5447e6d3122aa855802ded38ad924449c5c1da1b663a60a87", "1d1034f544122ee61bd440c91e70919f815933418efae74b22215b5f384a9492", "b168d039dfea8607880d790f371ae8eccd008a980a15d44568c95784f5c5cf47", "93534ad76f71c7ba49fceec2156c76a715aa354fa01a8894e7542c76e853d896", "c79daeeb345b091760f3f1ac357454315d5d7b12792a129396b37da6a4bda5cf"], "mitre_attack_tags": ["TA0005"]}, {"bi": "process-windows-script-launched", "hashes": ["496fa2a5a6abbc22d6a4c63e31847156d61c240d8e3a793e1b4de46e09827b52", "6141efb6f1598e2205806c5a788e61c489440dfc942984ee1688bb68ad0f18df", "6df0138ef184c816e119879763ce7cad7c71662ad1c7100fa28de9053166f121", "4fb16635e5aa65a5447e6d3122aa855802ded38ad924449c5c1da1b663a60a87", "1d1034f544122ee61bd440c91e70919f815933418efae74b22215b5f384a9492", "b168d039dfea8607880d790f371ae8eccd008a980a15d44568c95784f5c5cf47", "93534ad76f71c7ba49fceec2156c76a715aa354fa01a8894e7542c76e853d896", "c79daeeb345b091760f3f1ac357454315d5d7b12792a129396b37da6a4bda5cf"], "mitre_attack_tags": ["TA0002", "T1059"]}, {"bi": "pe-imports-toolhelp", "hashes": ["496fa2a5a6abbc22d6a4c63e31847156d61c240d8e3a793e1b4de46e09827b52", "6141efb6f1598e2205806c5a788e61c489440dfc942984ee1688bb68ad0f18df", "6df0138ef184c816e119879763ce7cad7c71662ad1c7100fa28de9053166f121", "4fb16635e5aa65a5447e6d3122aa855802ded38ad924449c5c1da1b663a60a87", "1d1034f544122ee61bd440c91e70919f815933418efae74b22215b5f384a9492", "b168d039dfea8607880d790f371ae8eccd008a980a15d44568c95784f5c5cf47", "93534ad76f71c7ba49fceec2156c76a715aa354fa01a8894e7542c76e853d896", "c79daeeb345b091760f3f1ac357454315d5d7b12792a129396b37da6a4bda5cf"], "mitre_attack_tags": ["TA0007", "T1057"]}, {"bi": "malware-remcos-mutex", "hashes": ["496fa2a5a6abbc22d6a4c63e31847156d61c240d8e3a793e1b4de46e09827b52", "6141efb6f1598e2205806c5a788e61c489440dfc942984ee1688bb68ad0f18df", "6df0138ef184c816e119879763ce7cad7c71662ad1c7100fa28de9053166f121", "4fb16635e5aa65a5447e6d3122aa855802ded38ad924449c5c1da1b663a60a87", "1d1034f544122ee61bd440c91e70919f815933418efae74b22215b5f384a9492", "b168d039dfea8607880d790f371ae8eccd008a980a15d44568c95784f5c5cf47", "93534ad76f71c7ba49fceec2156c76a715aa354fa01a8894e7542c76e853d896", "c79daeeb345b091760f3f1ac357454315d5d7b12792a129396b37da6a4bda5cf"], "mitre_attack_tags": []}, {"bi": "malware-remcos-registry", "hashes": ["496fa2a5a6abbc22d6a4c63e31847156d61c240d8e3a793e1b4de46e09827b52", "6141efb6f1598e2205806c5a788e61c489440dfc942984ee1688bb68ad0f18df", "6df0138ef184c816e119879763ce7cad7c71662ad1c7100fa28de9053166f121", "4fb16635e5aa65a5447e6d3122aa855802ded38ad924449c5c1da1b663a60a87", "1d1034f544122ee61bd440c91e70919f815933418efae74b22215b5f384a9492", "b168d039dfea8607880d790f371ae8eccd008a980a15d44568c95784f5c5cf47", "93534ad76f71c7ba49fceec2156c76a715aa354fa01a8894e7542c76e853d896", "c79daeeb345b091760f3f1ac357454315d5d7b12792a129396b37da6a4bda5cf"], "mitre_attack_tags": ["TA0009", "TA0006", "TA0011", "T1056", "T1113", "T1125", "T1123", "T1105"]}, {"bi": "files-deleted-used-vbs", "hashes": ["496fa2a5a6abbc22d6a4c63e31847156d61c240d8e3a793e1b4de46e09827b52", "6141efb6f1598e2205806c5a788e61c489440dfc942984ee1688bb68ad0f18df", "6df0138ef184c816e119879763ce7cad7c71662ad1c7100fa28de9053166f121", "4fb16635e5aa65a5447e6d3122aa855802ded38ad924449c5c1da1b663a60a87", "1d1034f544122ee61bd440c91e70919f815933418efae74b22215b5f384a9492", "b168d039dfea8607880d790f371ae8eccd008a980a15d44568c95784f5c5cf47", "93534ad76f71c7ba49fceec2156c76a715aa354fa01a8894e7542c76e853d896", "c79daeeb345b091760f3f1ac357454315d5d7b12792a129396b37da6a4bda5cf"], "mitre_attack_tags": ["TA0005", "T1070"]}, {"bi": "network-snort-protocol", "hashes": ["496fa2a5a6abbc22d6a4c63e31847156d61c240d8e3a793e1b4de46e09827b52", "b168d039dfea8607880d790f371ae8eccd008a980a15d44568c95784f5c5cf47", "93534ad76f71c7ba49fceec2156c76a715aa354fa01a8894e7542c76e853d896"], "mitre_attack_tags": []}, {"bi": "pe-filename-mismatch", "hashes": ["4ef3b9bb1838d76bda8e4e09b033c1948ed6d96c4df1962d7e8b3006ac121158", "75888910c75a9858137089eb35d48b6b1af6d43817e9a1dbb9fbc409fdaad511"], "mitre_attack_tags": []}, {"bi": "dns-excessive-domain-queries", "hashes": ["4ef3b9bb1838d76bda8e4e09b033c1948ed6d96c4df1962d7e8b3006ac121158", "75888910c75a9858137089eb35d48b6b1af6d43817e9a1dbb9fbc409fdaad511"], "mitre_attack_tags": ["TA0011", "T1008"]}, {"bi": "artifact-windows-task", "hashes": ["4ef3b9bb1838d76bda8e4e09b033c1948ed6d96c4df1962d7e8b3006ac121158", "75888910c75a9858137089eb35d48b6b1af6d43817e9a1dbb9fbc409fdaad511"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1053"]}, {"bi": "pe-uses-dot-net", "hashes": ["4ef3b9bb1838d76bda8e4e09b033c1948ed6d96c4df1962d7e8b3006ac121158", "75888910c75a9858137089eb35d48b6b1af6d43817e9a1dbb9fbc409fdaad511"], "mitre_attack_tags": []}, {"bi": "malware-nanocore-artifact-detected", "hashes": ["4ef3b9bb1838d76bda8e4e09b033c1948ed6d96c4df1962d7e8b3006ac121158", "75888910c75a9858137089eb35d48b6b1af6d43817e9a1dbb9fbc409fdaad511"], "mitre_attack_tags": []}, {"bi": "windows-util-schtask", "hashes": ["4ef3b9bb1838d76bda8e4e09b033c1948ed6d96c4df1962d7e8b3006ac121158", "75888910c75a9858137089eb35d48b6b1af6d43817e9a1dbb9fbc409fdaad511"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1053"]}, {"bi": "schtask-forcefully-created", "hashes": ["4ef3b9bb1838d76bda8e4e09b033c1948ed6d96c4df1962d7e8b3006ac121158", "75888910c75a9858137089eb35d48b6b1af6d43817e9a1dbb9fbc409fdaad511"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1053"]}, {"bi": "dns-public-server-contacted", "hashes": ["4ef3b9bb1838d76bda8e4e09b033c1948ed6d96c4df1962d7e8b3006ac121158", "75888910c75a9858137089eb35d48b6b1af6d43817e9a1dbb9fbc409fdaad511"], "mitre_attack_tags": ["TA0011", "T1071"]}, {"bi": "windows-util-schtask-generic", "hashes": ["4ef3b9bb1838d76bda8e4e09b033c1948ed6d96c4df1962d7e8b3006ac121158", "75888910c75a9858137089eb35d48b6b1af6d43817e9a1dbb9fbc409fdaad511"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1053"]}, {"bi": "modified-file-in-program-dir", "hashes": ["4ef3b9bb1838d76bda8e4e09b033c1948ed6d96c4df1962d7e8b3006ac121158", "75888910c75a9858137089eb35d48b6b1af6d43817e9a1dbb9fbc409fdaad511"], "mitre_attack_tags": []}, {"bi": "regasm-network-connection", "hashes": ["4ef3b9bb1838d76bda8e4e09b033c1948ed6d96c4df1962d7e8b3006ac121158", "75888910c75a9858137089eb35d48b6b1af6d43817e9a1dbb9fbc409fdaad511"], "mitre_attack_tags": ["TA0005", "T1218"]}, {"bi": "network-private-ip-address", "hashes": ["496fa2a5a6abbc22d6a4c63e31847156d61c240d8e3a793e1b4de46e09827b52", "93534ad76f71c7ba49fceec2156c76a715aa354fa01a8894e7542c76e853d896"], "mitre_attack_tags": ["TA0007", "T1016"]}, {"bi": "rfc1918-ipaddress-detected", "hashes": ["496fa2a5a6abbc22d6a4c63e31847156d61c240d8e3a793e1b4de46e09827b52", "93534ad76f71c7ba49fceec2156c76a715aa354fa01a8894e7542c76e853d896"], "mitre_attack_tags": []}], "category": "Trojan", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": true, "Threat Grid": true, "Umbrella": true, "WSA": true}, "description": "Remcos is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes, interact with a webcam and capture screenshots. This malware is commonly delivered through Microsoft Office documents with macros sent as attachments on malicious emails.", "hashes": ["1d1034f544122ee61bd440c91e70919f815933418efae74b22215b5f384a9492", "422cc4ab46ac67030dcf4da2b6211913c55dbc51962f578a6419ea52417db806", "496fa2a5a6abbc22d6a4c63e31847156d61c240d8e3a793e1b4de46e09827b52", "4a2f8900f2a6f2f2b06ab5fe12cb39bfa77be36739b4c59e6d8a7706c2262f4e", "4ef3b9bb1838d76bda8e4e09b033c1948ed6d96c4df1962d7e8b3006ac121158", "4fb16635e5aa65a5447e6d3122aa855802ded38ad924449c5c1da1b663a60a87", "6141efb6f1598e2205806c5a788e61c489440dfc942984ee1688bb68ad0f18df", "6df0138ef184c816e119879763ce7cad7c71662ad1c7100fa28de9053166f121", "75888910c75a9858137089eb35d48b6b1af6d43817e9a1dbb9fbc409fdaad511", "93534ad76f71c7ba49fceec2156c76a715aa354fa01a8894e7542c76e853d896", "b168d039dfea8607880d790f371ae8eccd008a980a15d44568c95784f5c5cf47", "c79daeeb345b091760f3f1ac357454315d5d7b12792a129396b37da6a4bda5cf"], "iocs": {"domain": [{"hashes": ["1d1034f544122ee61bd440c91e70919f815933418efae74b22215b5f384a9492", "496fa2a5a6abbc22d6a4c63e31847156d61c240d8e3a793e1b4de46e09827b52", "4ef3b9bb1838d76bda8e4e09b033c1948ed6d96c4df1962d7e8b3006ac121158", "4fb16635e5aa65a5447e6d3122aa855802ded38ad924449c5c1da1b663a60a87", "6141efb6f1598e2205806c5a788e61c489440dfc942984ee1688bb68ad0f18df", "6df0138ef184c816e119879763ce7cad7c71662ad1c7100fa28de9053166f121", "75888910c75a9858137089eb35d48b6b1af6d43817e9a1dbb9fbc409fdaad511", "93534ad76f71c7ba49fceec2156c76a715aa354fa01a8894e7542c76e853d896", "b168d039dfea8607880d790f371ae8eccd008a980a15d44568c95784f5c5cf47", "c79daeeb345b091760f3f1ac357454315d5d7b12792a129396b37da6a4bda5cf"], "host": "mtspsmjeli[.]sch[.]id"}, {"hashes": ["4fb16635e5aa65a5447e6d3122aa855802ded38ad924449c5c1da1b663a60a87", "6141efb6f1598e2205806c5a788e61c489440dfc942984ee1688bb68ad0f18df", "c79daeeb345b091760f3f1ac357454315d5d7b12792a129396b37da6a4bda5cf"], "host": "hsyuwbvxczbansmloiujdhsbnbcgywqauaghxvz[.]ydns[.]eu"}, {"hashes": ["4ef3b9bb1838d76bda8e4e09b033c1948ed6d96c4df1962d7e8b3006ac121158", "75888910c75a9858137089eb35d48b6b1af6d43817e9a1dbb9fbc409fdaad511"], "host": "ghsgatvxbznmklopwagdhusvxbznxgtewuahjkop[.]ydns[.]eu"}, {"hashes": ["496fa2a5a6abbc22d6a4c63e31847156d61c240d8e3a793e1b4de46e09827b52", "93534ad76f71c7ba49fceec2156c76a715aa354fa01a8894e7542c76e853d896"], "host": "hjduiebcvzcalpmjdbcnwqadhsiybcnzxswedgap[.]ydns[.]eu"}, {"hashes": ["6df0138ef184c816e119879763ce7cad7c71662ad1c7100fa28de9053166f121"], "host": "swryijgrvcsgkopnmcdertvgdswbvmophtfdczxs[.]ydns[.]eu"}, {"hashes": ["b168d039dfea8607880d790f371ae8eccd008a980a15d44568c95784f5c5cf47"], "host": "ghdyuienah123[.]freedynamicdns[.]org"}, {"hashes": ["1d1034f544122ee61bd440c91e70919f815933418efae74b22215b5f384a9492"], "host": "gsyagvxnzmkoplbhduisbagtevcnxmzlopljdgye[.]ydns[.]eu"}], "file": [{"hashes": ["1d1034f544122ee61bd440c91e70919f815933418efae74b22215b5f384a9492", "496fa2a5a6abbc22d6a4c63e31847156d61c240d8e3a793e1b4de46e09827b52", "4fb16635e5aa65a5447e6d3122aa855802ded38ad924449c5c1da1b663a60a87", "6141efb6f1598e2205806c5a788e61c489440dfc942984ee1688bb68ad0f18df", "6df0138ef184c816e119879763ce7cad7c71662ad1c7100fa28de9053166f121", "93534ad76f71c7ba49fceec2156c76a715aa354fa01a8894e7542c76e853d896", "b168d039dfea8607880d790f371ae8eccd008a980a15d44568c95784f5c5cf47", "c79daeeb345b091760f3f1ac357454315d5d7b12792a129396b37da6a4bda5cf"], "path": "%APPDATA%\\logs.dat"}, {"hashes": ["1d1034f544122ee61bd440c91e70919f815933418efae74b22215b5f384a9492", "496fa2a5a6abbc22d6a4c63e31847156d61c240d8e3a793e1b4de46e09827b52", "4fb16635e5aa65a5447e6d3122aa855802ded38ad924449c5c1da1b663a60a87", "6141efb6f1598e2205806c5a788e61c489440dfc942984ee1688bb68ad0f18df", "6df0138ef184c816e119879763ce7cad7c71662ad1c7100fa28de9053166f121", "93534ad76f71c7ba49fceec2156c76a715aa354fa01a8894e7542c76e853d896", "b168d039dfea8607880d790f371ae8eccd008a980a15d44568c95784f5c5cf47", "c79daeeb345b091760f3f1ac357454315d5d7b12792a129396b37da6a4bda5cf"], "path": "%TEMP%\\install.vbs"}, {"hashes": ["1d1034f544122ee61bd440c91e70919f815933418efae74b22215b5f384a9492", "496fa2a5a6abbc22d6a4c63e31847156d61c240d8e3a793e1b4de46e09827b52", "4fb16635e5aa65a5447e6d3122aa855802ded38ad924449c5c1da1b663a60a87", "6141efb6f1598e2205806c5a788e61c489440dfc942984ee1688bb68ad0f18df", "93534ad76f71c7ba49fceec2156c76a715aa354fa01a8894e7542c76e853d896", "b168d039dfea8607880d790f371ae8eccd008a980a15d44568c95784f5c5cf47", "c79daeeb345b091760f3f1ac357454315d5d7b12792a129396b37da6a4bda5cf"], "path": "%APPDATA%\\win.exe"}, {"hashes": ["4ef3b9bb1838d76bda8e4e09b033c1948ed6d96c4df1962d7e8b3006ac121158", "75888910c75a9858137089eb35d48b6b1af6d43817e9a1dbb9fbc409fdaad511"], "path": "%ProgramFiles(x86)%\\AGP Manager"}, {"hashes": ["4ef3b9bb1838d76bda8e4e09b033c1948ed6d96c4df1962d7e8b3006ac121158", "75888910c75a9858137089eb35d48b6b1af6d43817e9a1dbb9fbc409fdaad511"], "path": "%ProgramFiles(x86)%\\AGP Manager\\agpmgr.exe"}, {"hashes": ["4ef3b9bb1838d76bda8e4e09b033c1948ed6d96c4df1962d7e8b3006ac121158", "75888910c75a9858137089eb35d48b6b1af6d43817e9a1dbb9fbc409fdaad511"], "path": "%APPDATA%\\D19AB989-A35F-4710-83DF-7B2DB7EFE7C5"}, {"hashes": ["4ef3b9bb1838d76bda8e4e09b033c1948ed6d96c4df1962d7e8b3006ac121158", "75888910c75a9858137089eb35d48b6b1af6d43817e9a1dbb9fbc409fdaad511"], "path": "%APPDATA%\\D19AB989-A35F-4710-83DF-7B2DB7EFE7C5\\Logs"}, {"hashes": ["4ef3b9bb1838d76bda8e4e09b033c1948ed6d96c4df1962d7e8b3006ac121158", "75888910c75a9858137089eb35d48b6b1af6d43817e9a1dbb9fbc409fdaad511"], "path": "%APPDATA%\\D19AB989-A35F-4710-83DF-7B2DB7EFE7C5\\Logs\\Administrator"}, {"hashes": ["4ef3b9bb1838d76bda8e4e09b033c1948ed6d96c4df1962d7e8b3006ac121158", "75888910c75a9858137089eb35d48b6b1af6d43817e9a1dbb9fbc409fdaad511"], "path": "%APPDATA%\\D19AB989-A35F-4710-83DF-7B2DB7EFE7C5\\run.dat"}, {"hashes": ["4ef3b9bb1838d76bda8e4e09b033c1948ed6d96c4df1962d7e8b3006ac121158", "75888910c75a9858137089eb35d48b6b1af6d43817e9a1dbb9fbc409fdaad511"], "path": "%APPDATA%\\D19AB989-A35F-4710-83DF-7B2DB7EFE7C5\\task.dat"}, {"hashes": ["4ef3b9bb1838d76bda8e4e09b033c1948ed6d96c4df1962d7e8b3006ac121158", "75888910c75a9858137089eb35d48b6b1af6d43817e9a1dbb9fbc409fdaad511"], "path": "%System32%\\Tasks\\AGP Manager"}, {"hashes": ["4ef3b9bb1838d76bda8e4e09b033c1948ed6d96c4df1962d7e8b3006ac121158", "75888910c75a9858137089eb35d48b6b1af6d43817e9a1dbb9fbc409fdaad511"], "path": "%System32%\\Tasks\\AGP Manager Task"}, {"hashes": ["4ef3b9bb1838d76bda8e4e09b033c1948ed6d96c4df1962d7e8b3006ac121158"], "path": "%TEMP%\\tmp50F9.tmp"}, {"hashes": ["75888910c75a9858137089eb35d48b6b1af6d43817e9a1dbb9fbc409fdaad511"], "path": "%TEMP%\\tmp5888.tmp"}, {"hashes": ["75888910c75a9858137089eb35d48b6b1af6d43817e9a1dbb9fbc409fdaad511"], "path": "%TEMP%\\tmp5E24.tmp"}, {"hashes": ["4ef3b9bb1838d76bda8e4e09b033c1948ed6d96c4df1962d7e8b3006ac121158"], "path": "%TEMP%\\tmp5667.tmp"}, {"hashes": ["6df0138ef184c816e119879763ce7cad7c71662ad1c7100fa28de9053166f121"], "path": "%APPDATA%\\vlc.exe"}], "ip": [{"hashes": ["1d1034f544122ee61bd440c91e70919f815933418efae74b22215b5f384a9492", "496fa2a5a6abbc22d6a4c63e31847156d61c240d8e3a793e1b4de46e09827b52", "4ef3b9bb1838d76bda8e4e09b033c1948ed6d96c4df1962d7e8b3006ac121158", "4fb16635e5aa65a5447e6d3122aa855802ded38ad924449c5c1da1b663a60a87", "6141efb6f1598e2205806c5a788e61c489440dfc942984ee1688bb68ad0f18df", "6df0138ef184c816e119879763ce7cad7c71662ad1c7100fa28de9053166f121", "75888910c75a9858137089eb35d48b6b1af6d43817e9a1dbb9fbc409fdaad511", "93534ad76f71c7ba49fceec2156c76a715aa354fa01a8894e7542c76e853d896", "b168d039dfea8607880d790f371ae8eccd008a980a15d44568c95784f5c5cf47", "c79daeeb345b091760f3f1ac357454315d5d7b12792a129396b37da6a4bda5cf"], "ip": "103[.]150[.]60[.]242"}, {"hashes": ["4fb16635e5aa65a5447e6d3122aa855802ded38ad924449c5c1da1b663a60a87", "6141efb6f1598e2205806c5a788e61c489440dfc942984ee1688bb68ad0f18df", "c79daeeb345b091760f3f1ac357454315d5d7b12792a129396b37da6a4bda5cf"], "ip": "192[.]253[.]246[.]142"}, {"hashes": ["4ef3b9bb1838d76bda8e4e09b033c1948ed6d96c4df1962d7e8b3006ac121158", "75888910c75a9858137089eb35d48b6b1af6d43817e9a1dbb9fbc409fdaad511"], "ip": "104[.]250[.]185[.]70"}, {"hashes": ["1d1034f544122ee61bd440c91e70919f815933418efae74b22215b5f384a9492"], "ip": "45[.]74[.]32[.]12"}, {"hashes": ["b168d039dfea8607880d790f371ae8eccd008a980a15d44568c95784f5c5cf47"], "ip": "37[.]230[.]130[.]153"}, {"hashes": ["6df0138ef184c816e119879763ce7cad7c71662ad1c7100fa28de9053166f121"], "ip": "196[.]251[.]67[.]199"}], "mutex": [{"hashes": ["1d1034f544122ee61bd440c91e70919f815933418efae74b22215b5f384a9492", "496fa2a5a6abbc22d6a4c63e31847156d61c240d8e3a793e1b4de46e09827b52", "4fb16635e5aa65a5447e6d3122aa855802ded38ad924449c5c1da1b663a60a87", "6141efb6f1598e2205806c5a788e61c489440dfc942984ee1688bb68ad0f18df", "6df0138ef184c816e119879763ce7cad7c71662ad1c7100fa28de9053166f121", "93534ad76f71c7ba49fceec2156c76a715aa354fa01a8894e7542c76e853d896", "b168d039dfea8607880d790f371ae8eccd008a980a15d44568c95784f5c5cf47", "c79daeeb345b091760f3f1ac357454315d5d7b12792a129396b37da6a4bda5cf"], "name": "Remcos_Mutex_Inj"}, {"hashes": ["1d1034f544122ee61bd440c91e70919f815933418efae74b22215b5f384a9492", "496fa2a5a6abbc22d6a4c63e31847156d61c240d8e3a793e1b4de46e09827b52", "4fb16635e5aa65a5447e6d3122aa855802ded38ad924449c5c1da1b663a60a87", "6141efb6f1598e2205806c5a788e61c489440dfc942984ee1688bb68ad0f18df", "6df0138ef184c816e119879763ce7cad7c71662ad1c7100fa28de9053166f121", "93534ad76f71c7ba49fceec2156c76a715aa354fa01a8894e7542c76e853d896", "b168d039dfea8607880d790f371ae8eccd008a980a15d44568c95784f5c5cf47", "c79daeeb345b091760f3f1ac357454315d5d7b12792a129396b37da6a4bda5cf"], "name": "Remcos-<random, matching [A-Z0-9]{6}>"}, {"hashes": ["4ef3b9bb1838d76bda8e4e09b033c1948ed6d96c4df1962d7e8b3006ac121158", "75888910c75a9858137089eb35d48b6b1af6d43817e9a1dbb9fbc409fdaad511"], "name": "Global\\{8b6f465d-30c8-4bc5-bfa5-37d69ca0c565}"}], "registry": [{"hashes": ["1d1034f544122ee61bd440c91e70919f815933418efae74b22215b5f384a9492", "496fa2a5a6abbc22d6a4c63e31847156d61c240d8e3a793e1b4de46e09827b52", "4fb16635e5aa65a5447e6d3122aa855802ded38ad924449c5c1da1b663a60a87", "6141efb6f1598e2205806c5a788e61c489440dfc942984ee1688bb68ad0f18df", "6df0138ef184c816e119879763ce7cad7c71662ad1c7100fa28de9053166f121", "93534ad76f71c7ba49fceec2156c76a715aa354fa01a8894e7542c76e853d896", "b168d039dfea8607880d790f371ae8eccd008a980a15d44568c95784f5c5cf47", "c79daeeb345b091760f3f1ac357454315d5d7b12792a129396b37da6a4bda5cf"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "win"}, {"hashes": ["1d1034f544122ee61bd440c91e70919f815933418efae74b22215b5f384a9492", "496fa2a5a6abbc22d6a4c63e31847156d61c240d8e3a793e1b4de46e09827b52", "4fb16635e5aa65a5447e6d3122aa855802ded38ad924449c5c1da1b663a60a87", "6141efb6f1598e2205806c5a788e61c489440dfc942984ee1688bb68ad0f18df", "6df0138ef184c816e119879763ce7cad7c71662ad1c7100fa28de9053166f121", "93534ad76f71c7ba49fceec2156c76a715aa354fa01a8894e7542c76e853d896", "b168d039dfea8607880d790f371ae8eccd008a980a15d44568c95784f5c5cf47", "c79daeeb345b091760f3f1ac357454315d5d7b12792a129396b37da6a4bda5cf"], "key": "<HKCU>\\Software\\Remcos-<random, matching '[A-Z0-9]{6}'>", "value_name": null}, {"hashes": ["1d1034f544122ee61bd440c91e70919f815933418efae74b22215b5f384a9492", "496fa2a5a6abbc22d6a4c63e31847156d61c240d8e3a793e1b4de46e09827b52", "4fb16635e5aa65a5447e6d3122aa855802ded38ad924449c5c1da1b663a60a87", "6141efb6f1598e2205806c5a788e61c489440dfc942984ee1688bb68ad0f18df", "6df0138ef184c816e119879763ce7cad7c71662ad1c7100fa28de9053166f121", "93534ad76f71c7ba49fceec2156c76a715aa354fa01a8894e7542c76e853d896", "b168d039dfea8607880d790f371ae8eccd008a980a15d44568c95784f5c5cf47", "c79daeeb345b091760f3f1ac357454315d5d7b12792a129396b37da6a4bda5cf"], "key": "<HKCU>\\Software\\Remcos-<random, matching '[A-Z0-9]{6}'>", "value_name": "exepath"}, {"hashes": ["1d1034f544122ee61bd440c91e70919f815933418efae74b22215b5f384a9492", "496fa2a5a6abbc22d6a4c63e31847156d61c240d8e3a793e1b4de46e09827b52", "4fb16635e5aa65a5447e6d3122aa855802ded38ad924449c5c1da1b663a60a87", "6141efb6f1598e2205806c5a788e61c489440dfc942984ee1688bb68ad0f18df", "6df0138ef184c816e119879763ce7cad7c71662ad1c7100fa28de9053166f121", "93534ad76f71c7ba49fceec2156c76a715aa354fa01a8894e7542c76e853d896", "b168d039dfea8607880d790f371ae8eccd008a980a15d44568c95784f5c5cf47", "c79daeeb345b091760f3f1ac357454315d5d7b12792a129396b37da6a4bda5cf"], "key": "<HKCU>\\Software\\Remcos-<random, matching '[A-Z0-9]{6}'>", "value_name": "licence"}, {"hashes": ["4ef3b9bb1838d76bda8e4e09b033c1948ed6d96c4df1962d7e8b3006ac121158", "75888910c75a9858137089eb35d48b6b1af6d43817e9a1dbb9fbc409fdaad511"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "AGP Manager"}]}, "reports_count": 12}, "Win.Trojan.Ursu-9833566-0": {"bis": [{"bi": "pe-encrypted-section", "hashes": ["14fc4196ea8536770a6dd344b37b2531c3ef69c9b41c1d7cfc63e861675a98a9", "8a7dd84bd58d3e20f1431089bf938c03317c962f26c0db3c12e8f9d4c077cf8f", "b3a416835f48ba77c5557dfa59bda6be558c6894bcea1f878283314ebb9406a4", "99c1234ee2e63ba69d2755939176350714d421717c5bbb9b1ab024c2fe1868b6", "86043f4901ea8e49dda0cf901d6a5c8820e84dfe24bbde9fbd086439659ec975", "a724b470595a55f6619752ebd7e77b6d22acfe4631ca27ad593523ef242963c6", "2ddb5912847e754fd5a8d2b17772bbb2d3f5d4e01d51c20a5bdc696265bd13ed", "9b532bc2d822d20f692d79fc4522022276fa88766527d978dd1cde707cb2b27e", "98a8d22f2acd74ff9e5be3f282a4966e8802b99457b00a805c5f86ce5ffa9303", "a134b1360963ce687e575c11dbe2f417d0fbf0ad9010ff3153385c69967fde99", "78ad16035993f75dd01b184ee5aaaa388bc85913714b333f2669a4935b3e53c5", "a47d1bbe15dc3a680598d7901134b0f119a4814b090c233e66df3928685e744e", "450625843bea9b2705979362b2353fece2a4d3bfebda14127be0ba47e315d5c6", "b094c730d346b98f437a8bbe38a6821243fd1175e4630a486b2a51c13db2e70b", "71ea9c92d2a9e996cbc35a9f6673a8e3474a01aa3908442d3111660c21b490f3", "607497d377216cb257c37d60dff60e7c57e6661525bfea6962f405fbce806a0d", "c4f82df82004b5d05c8528ede22a2f5c06bb3a26a729525901183640f491b7d0", "b227cc350406f3f3a0a9c82e10f4a489d890f2f789c2e75d6e8dc27f44a5be1c", "2867514ffd3024c44067180bdf69e9e8e183dadcbbac511a7793efe21a6d95f0", "73d7ccc74c8cb5d16b0332788bfc0c82a9beb4887113fba568c41d85ba72e42f", "201fbd917ff780cf872c17db19c500400506a213bd653d83f1b4ae2b3d690dac", "62c463a4653d787dbaf68834273c753747be4fe8fe7eb6ade3ecf034f461359f", "8d33b7cd396e374d131d13ecf88b1675e0053c892efcce58bc14ab53cd1cbdc3", "8b989f40ec0944529cfb1b4387865ae058015993a73665f45dc7da644ab08d5d", "1417908c87ae8c41691659a80a8e5335a7266f078a4222369879f50d7ea22773"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-invalid-checksum", "hashes": ["14fc4196ea8536770a6dd344b37b2531c3ef69c9b41c1d7cfc63e861675a98a9", "8a7dd84bd58d3e20f1431089bf938c03317c962f26c0db3c12e8f9d4c077cf8f", "b3a416835f48ba77c5557dfa59bda6be558c6894bcea1f878283314ebb9406a4", "99c1234ee2e63ba69d2755939176350714d421717c5bbb9b1ab024c2fe1868b6", "86043f4901ea8e49dda0cf901d6a5c8820e84dfe24bbde9fbd086439659ec975", "a724b470595a55f6619752ebd7e77b6d22acfe4631ca27ad593523ef242963c6", "2ddb5912847e754fd5a8d2b17772bbb2d3f5d4e01d51c20a5bdc696265bd13ed", "9b532bc2d822d20f692d79fc4522022276fa88766527d978dd1cde707cb2b27e", "98a8d22f2acd74ff9e5be3f282a4966e8802b99457b00a805c5f86ce5ffa9303", "a134b1360963ce687e575c11dbe2f417d0fbf0ad9010ff3153385c69967fde99", "78ad16035993f75dd01b184ee5aaaa388bc85913714b333f2669a4935b3e53c5", "a47d1bbe15dc3a680598d7901134b0f119a4814b090c233e66df3928685e744e", "450625843bea9b2705979362b2353fece2a4d3bfebda14127be0ba47e315d5c6", "b094c730d346b98f437a8bbe38a6821243fd1175e4630a486b2a51c13db2e70b", "71ea9c92d2a9e996cbc35a9f6673a8e3474a01aa3908442d3111660c21b490f3", "607497d377216cb257c37d60dff60e7c57e6661525bfea6962f405fbce806a0d", "c4f82df82004b5d05c8528ede22a2f5c06bb3a26a729525901183640f491b7d0", "b227cc350406f3f3a0a9c82e10f4a489d890f2f789c2e75d6e8dc27f44a5be1c", "2867514ffd3024c44067180bdf69e9e8e183dadcbbac511a7793efe21a6d95f0", "73d7ccc74c8cb5d16b0332788bfc0c82a9beb4887113fba568c41d85ba72e42f", "201fbd917ff780cf872c17db19c500400506a213bd653d83f1b4ae2b3d690dac", "62c463a4653d787dbaf68834273c753747be4fe8fe7eb6ade3ecf034f461359f", "8d33b7cd396e374d131d13ecf88b1675e0053c892efcce58bc14ab53cd1cbdc3", "8b989f40ec0944529cfb1b4387865ae058015993a73665f45dc7da644ab08d5d", "1417908c87ae8c41691659a80a8e5335a7266f078a4222369879f50d7ea22773"], "mitre_attack_tags": []}, {"bi": "cta-static-analyzer-malicious", "hashes": ["14fc4196ea8536770a6dd344b37b2531c3ef69c9b41c1d7cfc63e861675a98a9", "8a7dd84bd58d3e20f1431089bf938c03317c962f26c0db3c12e8f9d4c077cf8f", "b3a416835f48ba77c5557dfa59bda6be558c6894bcea1f878283314ebb9406a4", "99c1234ee2e63ba69d2755939176350714d421717c5bbb9b1ab024c2fe1868b6", "86043f4901ea8e49dda0cf901d6a5c8820e84dfe24bbde9fbd086439659ec975", "a724b470595a55f6619752ebd7e77b6d22acfe4631ca27ad593523ef242963c6", "2ddb5912847e754fd5a8d2b17772bbb2d3f5d4e01d51c20a5bdc696265bd13ed", "9b532bc2d822d20f692d79fc4522022276fa88766527d978dd1cde707cb2b27e", "98a8d22f2acd74ff9e5be3f282a4966e8802b99457b00a805c5f86ce5ffa9303", "a134b1360963ce687e575c11dbe2f417d0fbf0ad9010ff3153385c69967fde99", "78ad16035993f75dd01b184ee5aaaa388bc85913714b333f2669a4935b3e53c5", "a47d1bbe15dc3a680598d7901134b0f119a4814b090c233e66df3928685e744e", "450625843bea9b2705979362b2353fece2a4d3bfebda14127be0ba47e315d5c6", "b094c730d346b98f437a8bbe38a6821243fd1175e4630a486b2a51c13db2e70b", "71ea9c92d2a9e996cbc35a9f6673a8e3474a01aa3908442d3111660c21b490f3", "607497d377216cb257c37d60dff60e7c57e6661525bfea6962f405fbce806a0d", "c4f82df82004b5d05c8528ede22a2f5c06bb3a26a729525901183640f491b7d0", "b227cc350406f3f3a0a9c82e10f4a489d890f2f789c2e75d6e8dc27f44a5be1c", "2867514ffd3024c44067180bdf69e9e8e183dadcbbac511a7793efe21a6d95f0", "73d7ccc74c8cb5d16b0332788bfc0c82a9beb4887113fba568c41d85ba72e42f", "201fbd917ff780cf872c17db19c500400506a213bd653d83f1b4ae2b3d690dac", "62c463a4653d787dbaf68834273c753747be4fe8fe7eb6ade3ecf034f461359f", "8d33b7cd396e374d131d13ecf88b1675e0053c892efcce58bc14ab53cd1cbdc3", "8b989f40ec0944529cfb1b4387865ae058015993a73665f45dc7da644ab08d5d", "1417908c87ae8c41691659a80a8e5335a7266f078a4222369879f50d7ea22773"], "mitre_attack_tags": []}, {"bi": "pe-section-execute-writable", "hashes": ["14fc4196ea8536770a6dd344b37b2531c3ef69c9b41c1d7cfc63e861675a98a9", "8a7dd84bd58d3e20f1431089bf938c03317c962f26c0db3c12e8f9d4c077cf8f", "b3a416835f48ba77c5557dfa59bda6be558c6894bcea1f878283314ebb9406a4", "99c1234ee2e63ba69d2755939176350714d421717c5bbb9b1ab024c2fe1868b6", "86043f4901ea8e49dda0cf901d6a5c8820e84dfe24bbde9fbd086439659ec975", "a724b470595a55f6619752ebd7e77b6d22acfe4631ca27ad593523ef242963c6", "2ddb5912847e754fd5a8d2b17772bbb2d3f5d4e01d51c20a5bdc696265bd13ed", "9b532bc2d822d20f692d79fc4522022276fa88766527d978dd1cde707cb2b27e", "98a8d22f2acd74ff9e5be3f282a4966e8802b99457b00a805c5f86ce5ffa9303", "a134b1360963ce687e575c11dbe2f417d0fbf0ad9010ff3153385c69967fde99", "78ad16035993f75dd01b184ee5aaaa388bc85913714b333f2669a4935b3e53c5", "a47d1bbe15dc3a680598d7901134b0f119a4814b090c233e66df3928685e744e", "450625843bea9b2705979362b2353fece2a4d3bfebda14127be0ba47e315d5c6", "b094c730d346b98f437a8bbe38a6821243fd1175e4630a486b2a51c13db2e70b", "71ea9c92d2a9e996cbc35a9f6673a8e3474a01aa3908442d3111660c21b490f3", "607497d377216cb257c37d60dff60e7c57e6661525bfea6962f405fbce806a0d", "c4f82df82004b5d05c8528ede22a2f5c06bb3a26a729525901183640f491b7d0", "b227cc350406f3f3a0a9c82e10f4a489d890f2f789c2e75d6e8dc27f44a5be1c", "2867514ffd3024c44067180bdf69e9e8e183dadcbbac511a7793efe21a6d95f0", "73d7ccc74c8cb5d16b0332788bfc0c82a9beb4887113fba568c41d85ba72e42f", "201fbd917ff780cf872c17db19c500400506a213bd653d83f1b4ae2b3d690dac", "62c463a4653d787dbaf68834273c753747be4fe8fe7eb6ade3ecf034f461359f", "8d33b7cd396e374d131d13ecf88b1675e0053c892efcce58bc14ab53cd1cbdc3", "8b989f40ec0944529cfb1b4387865ae058015993a73665f45dc7da644ab08d5d", "1417908c87ae8c41691659a80a8e5335a7266f078a4222369879f50d7ea22773"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["14fc4196ea8536770a6dd344b37b2531c3ef69c9b41c1d7cfc63e861675a98a9", "8a7dd84bd58d3e20f1431089bf938c03317c962f26c0db3c12e8f9d4c077cf8f", "b3a416835f48ba77c5557dfa59bda6be558c6894bcea1f878283314ebb9406a4", "86043f4901ea8e49dda0cf901d6a5c8820e84dfe24bbde9fbd086439659ec975", "a724b470595a55f6619752ebd7e77b6d22acfe4631ca27ad593523ef242963c6", "2ddb5912847e754fd5a8d2b17772bbb2d3f5d4e01d51c20a5bdc696265bd13ed", "9b532bc2d822d20f692d79fc4522022276fa88766527d978dd1cde707cb2b27e", "98a8d22f2acd74ff9e5be3f282a4966e8802b99457b00a805c5f86ce5ffa9303", "a134b1360963ce687e575c11dbe2f417d0fbf0ad9010ff3153385c69967fde99", "78ad16035993f75dd01b184ee5aaaa388bc85913714b333f2669a4935b3e53c5", "a47d1bbe15dc3a680598d7901134b0f119a4814b090c233e66df3928685e744e", "450625843bea9b2705979362b2353fece2a4d3bfebda14127be0ba47e315d5c6", "b094c730d346b98f437a8bbe38a6821243fd1175e4630a486b2a51c13db2e70b", "71ea9c92d2a9e996cbc35a9f6673a8e3474a01aa3908442d3111660c21b490f3", "607497d377216cb257c37d60dff60e7c57e6661525bfea6962f405fbce806a0d", "c4f82df82004b5d05c8528ede22a2f5c06bb3a26a729525901183640f491b7d0", "b227cc350406f3f3a0a9c82e10f4a489d890f2f789c2e75d6e8dc27f44a5be1c", "2867514ffd3024c44067180bdf69e9e8e183dadcbbac511a7793efe21a6d95f0", "73d7ccc74c8cb5d16b0332788bfc0c82a9beb4887113fba568c41d85ba72e42f", "201fbd917ff780cf872c17db19c500400506a213bd653d83f1b4ae2b3d690dac", "62c463a4653d787dbaf68834273c753747be4fe8fe7eb6ade3ecf034f461359f", "8d33b7cd396e374d131d13ecf88b1675e0053c892efcce58bc14ab53cd1cbdc3", "8b989f40ec0944529cfb1b4387865ae058015993a73665f45dc7da644ab08d5d", "1417908c87ae8c41691659a80a8e5335a7266f078a4222369879f50d7ea22773"], "mitre_attack_tags": []}, {"bi": "memory-execute-readwrite", "hashes": ["b3a416835f48ba77c5557dfa59bda6be558c6894bcea1f878283314ebb9406a4", "86043f4901ea8e49dda0cf901d6a5c8820e84dfe24bbde9fbd086439659ec975", "62c463a4653d787dbaf68834273c753747be4fe8fe7eb6ade3ecf034f461359f", "8d33b7cd396e374d131d13ecf88b1675e0053c892efcce58bc14ab53cd1cbdc3"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "network-fast-flux-domain", "hashes": ["b3a416835f48ba77c5557dfa59bda6be558c6894bcea1f878283314ebb9406a4", "86043f4901ea8e49dda0cf901d6a5c8820e84dfe24bbde9fbd086439659ec975", "62c463a4653d787dbaf68834273c753747be4fe8fe7eb6ade3ecf034f461359f", "8d33b7cd396e374d131d13ecf88b1675e0053c892efcce58bc14ab53cd1cbdc3"], "mitre_attack_tags": []}, {"bi": "feed-domain-antivirus-service", "hashes": ["b3a416835f48ba77c5557dfa59bda6be558c6894bcea1f878283314ebb9406a4", "86043f4901ea8e49dda0cf901d6a5c8820e84dfe24bbde9fbd086439659ec975", "62c463a4653d787dbaf68834273c753747be4fe8fe7eb6ade3ecf034f461359f", "8d33b7cd396e374d131d13ecf88b1675e0053c892efcce58bc14ab53cd1cbdc3"], "mitre_attack_tags": []}, {"bi": "network-snort-indicator-compromise", "hashes": ["b3a416835f48ba77c5557dfa59bda6be558c6894bcea1f878283314ebb9406a4", "86043f4901ea8e49dda0cf901d6a5c8820e84dfe24bbde9fbd086439659ec975", "62c463a4653d787dbaf68834273c753747be4fe8fe7eb6ade3ecf034f461359f", "8d33b7cd396e374d131d13ecf88b1675e0053c892efcce58bc14ab53cd1cbdc3"], "mitre_attack_tags": []}, {"bi": "modified-file-in-program-dir", "hashes": ["b3a416835f48ba77c5557dfa59bda6be558c6894bcea1f878283314ebb9406a4", "86043f4901ea8e49dda0cf901d6a5c8820e84dfe24bbde9fbd086439659ec975", "62c463a4653d787dbaf68834273c753747be4fe8fe7eb6ade3ecf034f461359f", "8d33b7cd396e374d131d13ecf88b1675e0053c892efcce58bc14ab53cd1cbdc3"], "mitre_attack_tags": []}, {"bi": "excessive-sample-duplication", "hashes": ["b3a416835f48ba77c5557dfa59bda6be558c6894bcea1f878283314ebb9406a4", "86043f4901ea8e49dda0cf901d6a5c8820e84dfe24bbde9fbd086439659ec975", "62c463a4653d787dbaf68834273c753747be4fe8fe7eb6ade3ecf034f461359f", "8d33b7cd396e374d131d13ecf88b1675e0053c892efcce58bc14ab53cd1cbdc3"], "mitre_attack_tags": ["TA0005", "TA0003"]}, {"bi": "pe-header-sizeofoptionalheader", "hashes": ["62c463a4653d787dbaf68834273c753747be4fe8fe7eb6ade3ecf034f461359f"], "mitre_attack_tags": ["TA0005", "T1027"]}], "category": "Trojan", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": true, "Threat Grid": true, "Umbrella": false, "WSA": false}, "description": "Ursu is a generic malware that has numerous functions. It contacts a C2 server and performs code injection in the address space of legitimate processes. Once Ursu infects a system, it looks to steal confidential information. This malware is commonly spread via email.", "hashes": ["1417908c87ae8c41691659a80a8e5335a7266f078a4222369879f50d7ea22773", "14fc4196ea8536770a6dd344b37b2531c3ef69c9b41c1d7cfc63e861675a98a9", "201fbd917ff780cf872c17db19c500400506a213bd653d83f1b4ae2b3d690dac", "2867514ffd3024c44067180bdf69e9e8e183dadcbbac511a7793efe21a6d95f0", "2ddb5912847e754fd5a8d2b17772bbb2d3f5d4e01d51c20a5bdc696265bd13ed", "450625843bea9b2705979362b2353fece2a4d3bfebda14127be0ba47e315d5c6", "607497d377216cb257c37d60dff60e7c57e6661525bfea6962f405fbce806a0d", "62c463a4653d787dbaf68834273c753747be4fe8fe7eb6ade3ecf034f461359f", "71ea9c92d2a9e996cbc35a9f6673a8e3474a01aa3908442d3111660c21b490f3", "73d7ccc74c8cb5d16b0332788bfc0c82a9beb4887113fba568c41d85ba72e42f", "78ad16035993f75dd01b184ee5aaaa388bc85913714b333f2669a4935b3e53c5", "86043f4901ea8e49dda0cf901d6a5c8820e84dfe24bbde9fbd086439659ec975", "8a7dd84bd58d3e20f1431089bf938c03317c962f26c0db3c12e8f9d4c077cf8f", "8b989f40ec0944529cfb1b4387865ae058015993a73665f45dc7da644ab08d5d", "8d33b7cd396e374d131d13ecf88b1675e0053c892efcce58bc14ab53cd1cbdc3", "98a8d22f2acd74ff9e5be3f282a4966e8802b99457b00a805c5f86ce5ffa9303", "99c1234ee2e63ba69d2755939176350714d421717c5bbb9b1ab024c2fe1868b6", "9b532bc2d822d20f692d79fc4522022276fa88766527d978dd1cde707cb2b27e", "a134b1360963ce687e575c11dbe2f417d0fbf0ad9010ff3153385c69967fde99", "a47d1bbe15dc3a680598d7901134b0f119a4814b090c233e66df3928685e744e", "a724b470595a55f6619752ebd7e77b6d22acfe4631ca27ad593523ef242963c6", "b094c730d346b98f437a8bbe38a6821243fd1175e4630a486b2a51c13db2e70b", "b227cc350406f3f3a0a9c82e10f4a489d890f2f789c2e75d6e8dc27f44a5be1c", "b3a416835f48ba77c5557dfa59bda6be558c6894bcea1f878283314ebb9406a4", "c4f82df82004b5d05c8528ede22a2f5c06bb3a26a729525901183640f491b7d0", "c786eccfe187855c13be042be171a8669e69ee865a5acfbd5b3cb5744925d4ca", "d855ac57930b3a25e334a438a886bc842bc265116c2d74a98103ba42842e877b", "eb4fa6a921f779a7adf9ac7507dad57ae547457dfefe3d888e8904347828ee70", "f1a3eb523f01b49fe0a2f401e24f562eed4eba275eff08eadabcb5d7efdaf904", "fc4025ffa9f037d9df79a067f59520f3bd93e07d4c23602119e20ab64909488a", "fde687287ef8cd7e6a6ce655355eaca2fba25fd6c22cc1e4040281f73205ba90"], "iocs": {"domain": [{"hashes": ["62c463a4653d787dbaf68834273c753747be4fe8fe7eb6ade3ecf034f461359f", "86043f4901ea8e49dda0cf901d6a5c8820e84dfe24bbde9fbd086439659ec975", "8d33b7cd396e374d131d13ecf88b1675e0053c892efcce58bc14ab53cd1cbdc3", "b3a416835f48ba77c5557dfa59bda6be558c6894bcea1f878283314ebb9406a4"], "host": "52eva[.]top"}], "file": [{"hashes": ["62c463a4653d787dbaf68834273c753747be4fe8fe7eb6ade3ecf034f461359f", "86043f4901ea8e49dda0cf901d6a5c8820e84dfe24bbde9fbd086439659ec975", "8d33b7cd396e374d131d13ecf88b1675e0053c892efcce58bc14ab53cd1cbdc3", "b3a416835f48ba77c5557dfa59bda6be558c6894bcea1f878283314ebb9406a4"], "path": "%ProgramFiles(x86)%\\Adobe\\Reader 9.0\\Reader\\rasadhlp.dll"}, {"hashes": ["62c463a4653d787dbaf68834273c753747be4fe8fe7eb6ade3ecf034f461359f", "86043f4901ea8e49dda0cf901d6a5c8820e84dfe24bbde9fbd086439659ec975", "8d33b7cd396e374d131d13ecf88b1675e0053c892efcce58bc14ab53cd1cbdc3", "b3a416835f48ba77c5557dfa59bda6be558c6894bcea1f878283314ebb9406a4"], "path": "%ProgramFiles(x86)%\\Java\\jre6\\rasadhlp.dll"}, {"hashes": ["62c463a4653d787dbaf68834273c753747be4fe8fe7eb6ade3ecf034f461359f", "86043f4901ea8e49dda0cf901d6a5c8820e84dfe24bbde9fbd086439659ec975", "8d33b7cd396e374d131d13ecf88b1675e0053c892efcce58bc14ab53cd1cbdc3", "b3a416835f48ba77c5557dfa59bda6be558c6894bcea1f878283314ebb9406a4"], "path": "%ProgramFiles(x86)%\\Java\\jre7\\rasadhlp.dll"}, {"hashes": ["62c463a4653d787dbaf68834273c753747be4fe8fe7eb6ade3ecf034f461359f", "86043f4901ea8e49dda0cf901d6a5c8820e84dfe24bbde9fbd086439659ec975", "8d33b7cd396e374d131d13ecf88b1675e0053c892efcce58bc14ab53cd1cbdc3", "b3a416835f48ba77c5557dfa59bda6be558c6894bcea1f878283314ebb9406a4"], "path": "%ProgramFiles(x86)%\\Microsoft Office\\rasadhlp.dll"}, {"hashes": ["62c463a4653d787dbaf68834273c753747be4fe8fe7eb6ade3ecf034f461359f", "86043f4901ea8e49dda0cf901d6a5c8820e84dfe24bbde9fbd086439659ec975", "8d33b7cd396e374d131d13ecf88b1675e0053c892efcce58bc14ab53cd1cbdc3", "b3a416835f48ba77c5557dfa59bda6be558c6894bcea1f878283314ebb9406a4"], "path": "%ProgramFiles(x86)%\\Mozilla Firefox\\rasadhlp.dll"}, {"hashes": ["62c463a4653d787dbaf68834273c753747be4fe8fe7eb6ade3ecf034f461359f", "86043f4901ea8e49dda0cf901d6a5c8820e84dfe24bbde9fbd086439659ec975", "8d33b7cd396e374d131d13ecf88b1675e0053c892efcce58bc14ab53cd1cbdc3", "b3a416835f48ba77c5557dfa59bda6be558c6894bcea1f878283314ebb9406a4"], "path": "%ProgramFiles%\\WinRAP"}, {"hashes": ["62c463a4653d787dbaf68834273c753747be4fe8fe7eb6ade3ecf034f461359f", "86043f4901ea8e49dda0cf901d6a5c8820e84dfe24bbde9fbd086439659ec975", "8d33b7cd396e374d131d13ecf88b1675e0053c892efcce58bc14ab53cd1cbdc3", "b3a416835f48ba77c5557dfa59bda6be558c6894bcea1f878283314ebb9406a4"], "path": "%ProgramFiles%\\WinRAP\\RarExt32.dll"}, {"hashes": ["86043f4901ea8e49dda0cf901d6a5c8820e84dfe24bbde9fbd086439659ec975", "8d33b7cd396e374d131d13ecf88b1675e0053c892efcce58bc14ab53cd1cbdc3", "b3a416835f48ba77c5557dfa59bda6be558c6894bcea1f878283314ebb9406a4"], "path": "%System32%\\wbem\\rasadhlp.dll"}, {"hashes": ["86043f4901ea8e49dda0cf901d6a5c8820e84dfe24bbde9fbd086439659ec975", "8d33b7cd396e374d131d13ecf88b1675e0053c892efcce58bc14ab53cd1cbdc3", "b3a416835f48ba77c5557dfa59bda6be558c6894bcea1f878283314ebb9406a4"], "path": "%SystemRoot%\\SystemApps\\ShellExperienceHost_cw5n1h2txyewy\\rasadhlp.dll"}, {"hashes": ["86043f4901ea8e49dda0cf901d6a5c8820e84dfe24bbde9fbd086439659ec975", "8d33b7cd396e374d131d13ecf88b1675e0053c892efcce58bc14ab53cd1cbdc3", "b3a416835f48ba77c5557dfa59bda6be558c6894bcea1f878283314ebb9406a4"], "path": "%SystemRoot%\\rasadhlp.dll"}], "ip": [{"hashes": ["62c463a4653d787dbaf68834273c753747be4fe8fe7eb6ade3ecf034f461359f", "86043f4901ea8e49dda0cf901d6a5c8820e84dfe24bbde9fbd086439659ec975", "8d33b7cd396e374d131d13ecf88b1675e0053c892efcce58bc14ab53cd1cbdc3", "b3a416835f48ba77c5557dfa59bda6be558c6894bcea1f878283314ebb9406a4"], "ip": "208[.]100[.]26[.]242"}, {"hashes": ["a47d1bbe15dc3a680598d7901134b0f119a4814b090c233e66df3928685e744e"], "ip": "192[.]109[.]92[.]99"}], "mutex": [{"hashes": ["62c463a4653d787dbaf68834273c753747be4fe8fe7eb6ade3ecf034f461359f", "86043f4901ea8e49dda0cf901d6a5c8820e84dfe24bbde9fbd086439659ec975", "8d33b7cd396e374d131d13ecf88b1675e0053c892efcce58bc14ab53cd1cbdc3", "b3a416835f48ba77c5557dfa59bda6be558c6894bcea1f878283314ebb9406a4"], "name": "USERNAME"}], "registry": []}, "reports_count": 25}, "exprev": [{"count": 10120, "description": "Crystalbit-Apple DLL double hijack was detected. During this attack, the adversary abuses two legitimate vendor applications, such as CrystalBit and Apple, as part of a dll double hijack attack chain that starts with a fraudulent software bundle and eventually leads to a persistent miner and in some cases spyware deployment.", "name": "Crystalbit-Apple DLL double hijack detected"}, {"count": 3572, "description": "Process hollowing is a technique used by some programs to avoid static analysis. In typical usage, a process is started and its obfuscated or encrypted contents are unpacked into memory. The parent then manually sets up the first stages of launching a child process, but before launching it, the memory is cleared and filled in with the memory from the parent instead.", "name": "Process hollowing detected"}, {"count": 2886, "description": "A PowerShell command with a very long command line argument that may indicate an obfuscated script has been detected. PowerShell is an extensible Windows scripting language present on all versions of Windows. Malware authors use PowerShell in an attempt to evade security software or other monitoring that is not tuned to detect PowerShell based threats.", "name": "Excessively long PowerShell command detected"}, {"count": 1687, "description": "A process associated with Microsoft Office, such as EXCEL.exe or WINWORD.exe, has started a Windows utility such as powershell.exe or cmd.exe. This is typical behavior of malicious documents executing additional scripts. This behavior is extremely suspicious and is associated with many malware different malware campaigns and families.", "name": "A Microsoft Office process has started a windows utility."}, {"count": 739, "description": "A process was injected into, most likely by an existing Kovter infection. Kovter is a click fraud Trojan that can also act as an information stealer. Kovter is also file-less malware meaning the malicious DLL is stored inside Windows registry and injected directly into memory using PowerShell. It can detect and report the usage of monitoring software such as wireshark and sandboxes to its C2. It spreads through malicious advertising and spam campaigns.", "name": "Kovter injection detected"}, {"count": 698, "description": "An attempt to bypass application whitelisting via the \"Squiblydoo\" technique has been detected. This typically involves using regsvr32.exe to execute script content hosted on an attacker controlled server.", "name": "Squiblydoo application whitelist bypass attempt detected."}, {"count": 114, "description": "An attempt to exploit CVE-2019-0708 has been detected. The vulnerability, dubbed BlueKeep, is a heap memory corruption which can be triggered by sending a specially crafted Remote Desktop Protocol (RDP) request. Since this vulnerability can be triggered without authentication and allows remote code execution, it can be used by worms to spread automatically without human interaction.", "name": "CVE-2019-0708 detected"}, {"count": 107, "description": "Gamarue is a family of malware that can download files and steal information from an infected system. Worm variants of the Gamarue family may spread by infecting USB drives or portable hard disks that have been plugged into a compromised system.", "name": "Gamarue malware detected"}, {"count": 85, "description": "Trickbot is a banking Trojan which appeared in late 2016. Due to the similarities between Trickbot and Dyre, it is suspected some of the individuals responsible for Dyre are now responsible for Trickbot. Trickbot has been rapidly evolving over the months since it has appeared. However, Trickbot is still missing some of the capabilities Dyre possessed. Its current modules include DLL injection, system information gathering, and email searching.", "name": "Trickbot malware detected"}, {"count": 53, "description": "DealPly is adware, which claims to improve your online shopping experience. It is often bundled into other legitimate installers and is difficult to uninstall. It creates pop-up advertisements and injects advertisements on webpages. Adware has also been known to download and install malware.", "name": "Dealply adware detected"}, {"count": 44, "description": "Maze ransomware has been detected injecting into rundll32.exe or regsvr32.exe. Maze can encrypt files on the victim and demand a ransom. It can also exfiltrate data back to the attacker prior to encryption.", "name": "Maze ransomware detected"}, {"count": 43, "description": "An exploit payload intended to connect back to an attacker controlled host using tcp has been detected.", "name": "Reverse tcp payload detected"}, {"count": 35, "description": "IcedID is a banking Trojan. It uses both web browser injection and browser redirection to steal banking and/or other financial credentials and data. The features and sophistication of IcedID demonstrate the malware author's knowledge and technical skill for this kind of fraud, and suggest the authors have previous experience creating banking Trojans. IcedID has been observed being installed by Emotet or Ursnif. Systems infected with IcedID should also be scanned for additional malware infections.", "name": "IcedID malware detected"}, {"count": 26, "description": "Houdini/HWORM detected. This worm uses an obfuscated VBScript to drop additional malware such as njRAT.", "name": "Houdini/HWORM detected"}, {"count": 23, "description": "A site commonly used by fileless malware to download additional data has been detected. Several different families of malware have been observed using these sites to download additional stages to inject into other processes.", "name": "Possible fileless malware download"}, {"count": 18, "description": "A malicious document used in combination with rundll32.exe has been detected. This is a known technique of Bazar loader. Bazar has been observed delivering variants of Trickbot", "name": "Bazar Loader activity detected"}, {"count": 13, "description": "A malware dropper has been detected. A dropper will download or unpack addtional malware during it's execution. A variety of techniques can be employed for the payload to gain persistence and escalate privelege if neccessary.", "name": "Malware dropper detected"}, {"count": 12, "description": "An unknown adware family was detected. Adware displays unwanted advertising in the form of popups or by injecting into browsers and altering advertisements on webpages. Adware has also been known to download and install malware.", "name": "Unknown adware family detected"}, {"count": 11, "description": "Command line options indicating usage of XMRig Miner have been detected. Malware sometimes uses compromised hosts to mine for cryptocurrency on behalf of the attacker.", "name": "XMRig Miner Detected"}, {"count": 8, "description": "Smoke Loader has been detected. Smokeloader is used mainly to execute other malicious software, like ransomware or cryptocurrency miners. Its initial infection vector is usually an email with a malicious Microsoft Word document or delivered through an exploit kit. Smokeloader uses various plugins designed to steal data from its victims, particularly credentials stored on the system or transfered over HTTP, HTTPS, FTP, SMTP, POP3 or IMAP.", "name": "Smoke Loader detected"}, {"count": 6, "description": "Install core is an installer which bundles legitimate applications with offers for additional third-party applications that may be unwanted. The unwanted applications are often adware that display advertising in the form of popups or by injecting into browsers and adding or altering advertisements on webpages. Adware is known to sometimes download and install malware.", "name": "Installcore adware detected"}, {"count": 6, "description": "Corebot is a Trojan with many capabilities found in other prominent families. It features a plugin system to enable it to load a variety of features from the C&C server at any time. Known plugins include RAT capabilities such as taking desktop screenshots, as well as being able to intercept and modify browser communications and steal data, especially data related to banking.", "name": "Corebot malware detected"}, {"count": 6, "description": "The certutil.exe utility has been detected downloading and executing a file. Upon execution, the downloaded file behaved suspiciously. The normal usage of certutil.exe involves retrieving certificate information. Attackers can use this utility to download additional malicious payloads.", "name": "Certutil.exe is downloading a file"}], "info": {"origin": "Cisco Talos Intelligence Group", "publication_date": "2021-02-26T13:44:48+00:00", "version": "2.1", "warning": "As a reminder, the information provided for the following threatsin this post is non-exhaustive and current as of the date ofpublication. Additionally, please keep in mind that IOC searchingis only one part of threat hunting. Spotting a single IOC does notnecessarily indicate maliciousness. Detection and coverage for thefollowing threats is subject to updates, pending additional threator vulnerability analysis. For the most current information, pleaserefer to your Firepower Management Center, Snort.org, or ClamAV.net."}, "signatures": ["Win.Packed.Tofsee-9833646-1", "Win.Ransomware.Cerber-9833115-0", "Win.Ransomware.Kovter-9833136-1", "Win.Malware.Nymaim-9833164-0", "Win.Packed.njRAT-9833170-1", "Win.Packed.CoinMiner-9833198-1", "Win.Trojan.Remcos-9835338-1", "Win.Packed.Dridex-9833501-1", "Win.Trojan.Ursu-9833566-0"]}