{"Win.Dropper.Remcos-9840541-0": {"bis": [{"bi": "memory-execute-readwrite", "hashes": ["e5e57425094babc789cd69616394e888681f05992a1cb14073655172ae3221df", "dbbbf8a197a81a53158c3ea83feea35b23716df8f5ba7e92265484c157749943", "d6575780888ebc64ba8cc181c289c2193d68d658bb79fbad75cb014e5843fe0f", "a50c6bc01cacaf3c8bd51ac98b682501f25486ad25c43f2f3ce6cdcd98fab40f", "414a14294a3c88613f1480a69fa0d7cf3dfbb83eedd5ef0acc3ad39f6e01ee65", "8d47d932cd5c29686d796320a2d14821df531ae1b0f839c5c887191448ecc777", "89de0738d31cdaca830f1e511eab1fb92f824d6da0b9e1a6ae2e3ef5419b1f0e", "cbf9a46b64bd4c5122f5bdf7a50b8e635f9cd8792d124a2d818df1562074d916", "f6083599947328d2637adb3cb9810fefd0d9195c504dc2e081fcfca776090c2b", "eb75f663d2145a509ae8db9126cee9d77d4942f0e24044db324ac45f894b4197", "5b4a1cdb25a26b59a7debb9a800df48fc287c78e21fbd373cf59cd7aec08225f", "46c297a1f124d12390c51e90c9b3c5dfe0df1fc472ff402c169680c7626cdf4c", "c8335dcc276062f714b7dcb5857a1773b5762ca763323537dde98fc81cce3f2f", "b8189bf838099e9c6aebaa083abe32c23d5eeb2737467151fe58ef17cc919a9e", "7e30717f2e9ba0317731b37c96d2412d36cd150f9ee35f952568e4ca855fe4f0", "56edbbad8c6bfd8ffece2f6d59e47d8b8ab4730c9b44f110d90c8beff0be8c03", "5fa2082fcb96450e08c2d7d1a679f79d70debbf80517c49f7eb24dbbba98c554", "9a12983c930602627ad459fba134a76ec4a419a103903155a54cc288a44bae35", "b87f1dc302e0bf49a65cd8fb24f8e44809d5488dce30257597a3856afb9f55c1"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "pe-invalid-checksum", "hashes": ["e5e57425094babc789cd69616394e888681f05992a1cb14073655172ae3221df", "dbbbf8a197a81a53158c3ea83feea35b23716df8f5ba7e92265484c157749943", "d6575780888ebc64ba8cc181c289c2193d68d658bb79fbad75cb014e5843fe0f", "a50c6bc01cacaf3c8bd51ac98b682501f25486ad25c43f2f3ce6cdcd98fab40f", "414a14294a3c88613f1480a69fa0d7cf3dfbb83eedd5ef0acc3ad39f6e01ee65", "8d47d932cd5c29686d796320a2d14821df531ae1b0f839c5c887191448ecc777", "89de0738d31cdaca830f1e511eab1fb92f824d6da0b9e1a6ae2e3ef5419b1f0e", "cbf9a46b64bd4c5122f5bdf7a50b8e635f9cd8792d124a2d818df1562074d916", "f6083599947328d2637adb3cb9810fefd0d9195c504dc2e081fcfca776090c2b", "eb75f663d2145a509ae8db9126cee9d77d4942f0e24044db324ac45f894b4197", "5b4a1cdb25a26b59a7debb9a800df48fc287c78e21fbd373cf59cd7aec08225f", "46c297a1f124d12390c51e90c9b3c5dfe0df1fc472ff402c169680c7626cdf4c", "c8335dcc276062f714b7dcb5857a1773b5762ca763323537dde98fc81cce3f2f", "b8189bf838099e9c6aebaa083abe32c23d5eeb2737467151fe58ef17cc919a9e", "7e30717f2e9ba0317731b37c96d2412d36cd150f9ee35f952568e4ca855fe4f0", "56edbbad8c6bfd8ffece2f6d59e47d8b8ab4730c9b44f110d90c8beff0be8c03", "5fa2082fcb96450e08c2d7d1a679f79d70debbf80517c49f7eb24dbbba98c554", "9a12983c930602627ad459fba134a76ec4a419a103903155a54cc288a44bae35", "b87f1dc302e0bf49a65cd8fb24f8e44809d5488dce30257597a3856afb9f55c1"], "mitre_attack_tags": []}, {"bi": "pe-uses-visual-basic", "hashes": ["e5e57425094babc789cd69616394e888681f05992a1cb14073655172ae3221df", "dbbbf8a197a81a53158c3ea83feea35b23716df8f5ba7e92265484c157749943", "d6575780888ebc64ba8cc181c289c2193d68d658bb79fbad75cb014e5843fe0f", "a50c6bc01cacaf3c8bd51ac98b682501f25486ad25c43f2f3ce6cdcd98fab40f", "414a14294a3c88613f1480a69fa0d7cf3dfbb83eedd5ef0acc3ad39f6e01ee65", "8d47d932cd5c29686d796320a2d14821df531ae1b0f839c5c887191448ecc777", "89de0738d31cdaca830f1e511eab1fb92f824d6da0b9e1a6ae2e3ef5419b1f0e", "cbf9a46b64bd4c5122f5bdf7a50b8e635f9cd8792d124a2d818df1562074d916", "f6083599947328d2637adb3cb9810fefd0d9195c504dc2e081fcfca776090c2b", "eb75f663d2145a509ae8db9126cee9d77d4942f0e24044db324ac45f894b4197", "5b4a1cdb25a26b59a7debb9a800df48fc287c78e21fbd373cf59cd7aec08225f", "46c297a1f124d12390c51e90c9b3c5dfe0df1fc472ff402c169680c7626cdf4c", "c8335dcc276062f714b7dcb5857a1773b5762ca763323537dde98fc81cce3f2f", "b8189bf838099e9c6aebaa083abe32c23d5eeb2737467151fe58ef17cc919a9e", "7e30717f2e9ba0317731b37c96d2412d36cd150f9ee35f952568e4ca855fe4f0", "56edbbad8c6bfd8ffece2f6d59e47d8b8ab4730c9b44f110d90c8beff0be8c03", "5fa2082fcb96450e08c2d7d1a679f79d70debbf80517c49f7eb24dbbba98c554", "9a12983c930602627ad459fba134a76ec4a419a103903155a54cc288a44bae35", "b87f1dc302e0bf49a65cd8fb24f8e44809d5488dce30257597a3856afb9f55c1"], "mitre_attack_tags": []}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["e5e57425094babc789cd69616394e888681f05992a1cb14073655172ae3221df", "dbbbf8a197a81a53158c3ea83feea35b23716df8f5ba7e92265484c157749943", "d6575780888ebc64ba8cc181c289c2193d68d658bb79fbad75cb014e5843fe0f", "a50c6bc01cacaf3c8bd51ac98b682501f25486ad25c43f2f3ce6cdcd98fab40f", "414a14294a3c88613f1480a69fa0d7cf3dfbb83eedd5ef0acc3ad39f6e01ee65", "8d47d932cd5c29686d796320a2d14821df531ae1b0f839c5c887191448ecc777", "89de0738d31cdaca830f1e511eab1fb92f824d6da0b9e1a6ae2e3ef5419b1f0e", "cbf9a46b64bd4c5122f5bdf7a50b8e635f9cd8792d124a2d818df1562074d916", "f6083599947328d2637adb3cb9810fefd0d9195c504dc2e081fcfca776090c2b", "eb75f663d2145a509ae8db9126cee9d77d4942f0e24044db324ac45f894b4197", "46c297a1f124d12390c51e90c9b3c5dfe0df1fc472ff402c169680c7626cdf4c", "b8189bf838099e9c6aebaa083abe32c23d5eeb2737467151fe58ef17cc919a9e", "7e30717f2e9ba0317731b37c96d2412d36cd150f9ee35f952568e4ca855fe4f0", "56edbbad8c6bfd8ffece2f6d59e47d8b8ab4730c9b44f110d90c8beff0be8c03", "5fa2082fcb96450e08c2d7d1a679f79d70debbf80517c49f7eb24dbbba98c554", "9a12983c930602627ad459fba134a76ec4a419a103903155a54cc288a44bae35", "b87f1dc302e0bf49a65cd8fb24f8e44809d5488dce30257597a3856afb9f55c1"], "mitre_attack_tags": []}, {"bi": "antivirus-flagged-artifact", "hashes": ["e5e57425094babc789cd69616394e888681f05992a1cb14073655172ae3221df", "d6575780888ebc64ba8cc181c289c2193d68d658bb79fbad75cb014e5843fe0f", "a50c6bc01cacaf3c8bd51ac98b682501f25486ad25c43f2f3ce6cdcd98fab40f", "414a14294a3c88613f1480a69fa0d7cf3dfbb83eedd5ef0acc3ad39f6e01ee65", "cbf9a46b64bd4c5122f5bdf7a50b8e635f9cd8792d124a2d818df1562074d916", "f6083599947328d2637adb3cb9810fefd0d9195c504dc2e081fcfca776090c2b", "eb75f663d2145a509ae8db9126cee9d77d4942f0e24044db324ac45f894b4197", "5b4a1cdb25a26b59a7debb9a800df48fc287c78e21fbd373cf59cd7aec08225f", "46c297a1f124d12390c51e90c9b3c5dfe0df1fc472ff402c169680c7626cdf4c", "b8189bf838099e9c6aebaa083abe32c23d5eeb2737467151fe58ef17cc919a9e", "56edbbad8c6bfd8ffece2f6d59e47d8b8ab4730c9b44f110d90c8beff0be8c03", "5fa2082fcb96450e08c2d7d1a679f79d70debbf80517c49f7eb24dbbba98c554", "9a12983c930602627ad459fba134a76ec4a419a103903155a54cc288a44bae35", "b87f1dc302e0bf49a65cd8fb24f8e44809d5488dce30257597a3856afb9f55c1"], "mitre_attack_tags": []}, {"bi": "modified-executable", "hashes": ["e5e57425094babc789cd69616394e888681f05992a1cb14073655172ae3221df", "d6575780888ebc64ba8cc181c289c2193d68d658bb79fbad75cb014e5843fe0f", "a50c6bc01cacaf3c8bd51ac98b682501f25486ad25c43f2f3ce6cdcd98fab40f", "414a14294a3c88613f1480a69fa0d7cf3dfbb83eedd5ef0acc3ad39f6e01ee65", "8d47d932cd5c29686d796320a2d14821df531ae1b0f839c5c887191448ecc777", "cbf9a46b64bd4c5122f5bdf7a50b8e635f9cd8792d124a2d818df1562074d916", "f6083599947328d2637adb3cb9810fefd0d9195c504dc2e081fcfca776090c2b", "eb75f663d2145a509ae8db9126cee9d77d4942f0e24044db324ac45f894b4197", "5b4a1cdb25a26b59a7debb9a800df48fc287c78e21fbd373cf59cd7aec08225f", "b8189bf838099e9c6aebaa083abe32c23d5eeb2737467151fe58ef17cc919a9e", "56edbbad8c6bfd8ffece2f6d59e47d8b8ab4730c9b44f110d90c8beff0be8c03", "5fa2082fcb96450e08c2d7d1a679f79d70debbf80517c49f7eb24dbbba98c554", "9a12983c930602627ad459fba134a76ec4a419a103903155a54cc288a44bae35", "b87f1dc302e0bf49a65cd8fb24f8e44809d5488dce30257597a3856afb9f55c1"], "mitre_attack_tags": []}, {"bi": "modified-file-in-user-dir", "hashes": ["e5e57425094babc789cd69616394e888681f05992a1cb14073655172ae3221df", "d6575780888ebc64ba8cc181c289c2193d68d658bb79fbad75cb014e5843fe0f", "a50c6bc01cacaf3c8bd51ac98b682501f25486ad25c43f2f3ce6cdcd98fab40f", "414a14294a3c88613f1480a69fa0d7cf3dfbb83eedd5ef0acc3ad39f6e01ee65", "8d47d932cd5c29686d796320a2d14821df531ae1b0f839c5c887191448ecc777", "cbf9a46b64bd4c5122f5bdf7a50b8e635f9cd8792d124a2d818df1562074d916", "f6083599947328d2637adb3cb9810fefd0d9195c504dc2e081fcfca776090c2b", "eb75f663d2145a509ae8db9126cee9d77d4942f0e24044db324ac45f894b4197", "5b4a1cdb25a26b59a7debb9a800df48fc287c78e21fbd373cf59cd7aec08225f", "b8189bf838099e9c6aebaa083abe32c23d5eeb2737467151fe58ef17cc919a9e", "56edbbad8c6bfd8ffece2f6d59e47d8b8ab4730c9b44f110d90c8beff0be8c03", "5fa2082fcb96450e08c2d7d1a679f79d70debbf80517c49f7eb24dbbba98c554", "9a12983c930602627ad459fba134a76ec4a419a103903155a54cc288a44bae35", "b87f1dc302e0bf49a65cd8fb24f8e44809d5488dce30257597a3856afb9f55c1"], "mitre_attack_tags": []}, {"bi": "network-opendns-malicious", "hashes": ["e5e57425094babc789cd69616394e888681f05992a1cb14073655172ae3221df", "d6575780888ebc64ba8cc181c289c2193d68d658bb79fbad75cb014e5843fe0f", "a50c6bc01cacaf3c8bd51ac98b682501f25486ad25c43f2f3ce6cdcd98fab40f", "414a14294a3c88613f1480a69fa0d7cf3dfbb83eedd5ef0acc3ad39f6e01ee65", "8d47d932cd5c29686d796320a2d14821df531ae1b0f839c5c887191448ecc777", "cbf9a46b64bd4c5122f5bdf7a50b8e635f9cd8792d124a2d818df1562074d916", "f6083599947328d2637adb3cb9810fefd0d9195c504dc2e081fcfca776090c2b", "eb75f663d2145a509ae8db9126cee9d77d4942f0e24044db324ac45f894b4197", "5b4a1cdb25a26b59a7debb9a800df48fc287c78e21fbd373cf59cd7aec08225f", "b8189bf838099e9c6aebaa083abe32c23d5eeb2737467151fe58ef17cc919a9e", "56edbbad8c6bfd8ffece2f6d59e47d8b8ab4730c9b44f110d90c8beff0be8c03", "5fa2082fcb96450e08c2d7d1a679f79d70debbf80517c49f7eb24dbbba98c554", "9a12983c930602627ad459fba134a76ec4a419a103903155a54cc288a44bae35", "b87f1dc302e0bf49a65cd8fb24f8e44809d5488dce30257597a3856afb9f55c1"], "mitre_attack_tags": []}, {"bi": "network-fast-flux-domain", "hashes": ["e5e57425094babc789cd69616394e888681f05992a1cb14073655172ae3221df", "d6575780888ebc64ba8cc181c289c2193d68d658bb79fbad75cb014e5843fe0f", "a50c6bc01cacaf3c8bd51ac98b682501f25486ad25c43f2f3ce6cdcd98fab40f", "414a14294a3c88613f1480a69fa0d7cf3dfbb83eedd5ef0acc3ad39f6e01ee65", "8d47d932cd5c29686d796320a2d14821df531ae1b0f839c5c887191448ecc777", "cbf9a46b64bd4c5122f5bdf7a50b8e635f9cd8792d124a2d818df1562074d916", "f6083599947328d2637adb3cb9810fefd0d9195c504dc2e081fcfca776090c2b", "eb75f663d2145a509ae8db9126cee9d77d4942f0e24044db324ac45f894b4197", "5b4a1cdb25a26b59a7debb9a800df48fc287c78e21fbd373cf59cd7aec08225f", "b8189bf838099e9c6aebaa083abe32c23d5eeb2737467151fe58ef17cc919a9e", "56edbbad8c6bfd8ffece2f6d59e47d8b8ab4730c9b44f110d90c8beff0be8c03", "5fa2082fcb96450e08c2d7d1a679f79d70debbf80517c49f7eb24dbbba98c554", "9a12983c930602627ad459fba134a76ec4a419a103903155a54cc288a44bae35", "b87f1dc302e0bf49a65cd8fb24f8e44809d5488dce30257597a3856afb9f55c1"], "mitre_attack_tags": []}, {"bi": "network-communications-http-get", "hashes": ["e5e57425094babc789cd69616394e888681f05992a1cb14073655172ae3221df", "d6575780888ebc64ba8cc181c289c2193d68d658bb79fbad75cb014e5843fe0f", "a50c6bc01cacaf3c8bd51ac98b682501f25486ad25c43f2f3ce6cdcd98fab40f", "414a14294a3c88613f1480a69fa0d7cf3dfbb83eedd5ef0acc3ad39f6e01ee65", "8d47d932cd5c29686d796320a2d14821df531ae1b0f839c5c887191448ecc777", "cbf9a46b64bd4c5122f5bdf7a50b8e635f9cd8792d124a2d818df1562074d916", "f6083599947328d2637adb3cb9810fefd0d9195c504dc2e081fcfca776090c2b", "eb75f663d2145a509ae8db9126cee9d77d4942f0e24044db324ac45f894b4197", "5b4a1cdb25a26b59a7debb9a800df48fc287c78e21fbd373cf59cd7aec08225f", "b8189bf838099e9c6aebaa083abe32c23d5eeb2737467151fe58ef17cc919a9e", "56edbbad8c6bfd8ffece2f6d59e47d8b8ab4730c9b44f110d90c8beff0be8c03", "5fa2082fcb96450e08c2d7d1a679f79d70debbf80517c49f7eb24dbbba98c554", "9a12983c930602627ad459fba134a76ec4a419a103903155a54cc288a44bae35", "b87f1dc302e0bf49a65cd8fb24f8e44809d5488dce30257597a3856afb9f55c1"], "mitre_attack_tags": ["TA0011", "T1105"]}, {"bi": "feed-domain-rat", "hashes": ["e5e57425094babc789cd69616394e888681f05992a1cb14073655172ae3221df", "d6575780888ebc64ba8cc181c289c2193d68d658bb79fbad75cb014e5843fe0f", "a50c6bc01cacaf3c8bd51ac98b682501f25486ad25c43f2f3ce6cdcd98fab40f", "414a14294a3c88613f1480a69fa0d7cf3dfbb83eedd5ef0acc3ad39f6e01ee65", "8d47d932cd5c29686d796320a2d14821df531ae1b0f839c5c887191448ecc777", "cbf9a46b64bd4c5122f5bdf7a50b8e635f9cd8792d124a2d818df1562074d916", "f6083599947328d2637adb3cb9810fefd0d9195c504dc2e081fcfca776090c2b", "eb75f663d2145a509ae8db9126cee9d77d4942f0e24044db324ac45f894b4197", "5b4a1cdb25a26b59a7debb9a800df48fc287c78e21fbd373cf59cd7aec08225f", "b8189bf838099e9c6aebaa083abe32c23d5eeb2737467151fe58ef17cc919a9e", "56edbbad8c6bfd8ffece2f6d59e47d8b8ab4730c9b44f110d90c8beff0be8c03", "5fa2082fcb96450e08c2d7d1a679f79d70debbf80517c49f7eb24dbbba98c554", "9a12983c930602627ad459fba134a76ec4a419a103903155a54cc288a44bae35", "b87f1dc302e0bf49a65cd8fb24f8e44809d5488dce30257597a3856afb9f55c1"], "mitre_attack_tags": []}, {"bi": "feed-domain-antivirus-service", "hashes": ["e5e57425094babc789cd69616394e888681f05992a1cb14073655172ae3221df", "d6575780888ebc64ba8cc181c289c2193d68d658bb79fbad75cb014e5843fe0f", "a50c6bc01cacaf3c8bd51ac98b682501f25486ad25c43f2f3ce6cdcd98fab40f", "414a14294a3c88613f1480a69fa0d7cf3dfbb83eedd5ef0acc3ad39f6e01ee65", "8d47d932cd5c29686d796320a2d14821df531ae1b0f839c5c887191448ecc777", "cbf9a46b64bd4c5122f5bdf7a50b8e635f9cd8792d124a2d818df1562074d916", "f6083599947328d2637adb3cb9810fefd0d9195c504dc2e081fcfca776090c2b", "eb75f663d2145a509ae8db9126cee9d77d4942f0e24044db324ac45f894b4197", "5b4a1cdb25a26b59a7debb9a800df48fc287c78e21fbd373cf59cd7aec08225f", "b8189bf838099e9c6aebaa083abe32c23d5eeb2737467151fe58ef17cc919a9e", "56edbbad8c6bfd8ffece2f6d59e47d8b8ab4730c9b44f110d90c8beff0be8c03", "5fa2082fcb96450e08c2d7d1a679f79d70debbf80517c49f7eb24dbbba98c554", "9a12983c930602627ad459fba134a76ec4a419a103903155a54cc288a44bae35", "b87f1dc302e0bf49a65cd8fb24f8e44809d5488dce30257597a3856afb9f55c1"], "mitre_attack_tags": []}, {"bi": "excessive-foreign-memory-modification", "hashes": ["e5e57425094babc789cd69616394e888681f05992a1cb14073655172ae3221df", "d6575780888ebc64ba8cc181c289c2193d68d658bb79fbad75cb014e5843fe0f", "a50c6bc01cacaf3c8bd51ac98b682501f25486ad25c43f2f3ce6cdcd98fab40f", "414a14294a3c88613f1480a69fa0d7cf3dfbb83eedd5ef0acc3ad39f6e01ee65", "8d47d932cd5c29686d796320a2d14821df531ae1b0f839c5c887191448ecc777", "cbf9a46b64bd4c5122f5bdf7a50b8e635f9cd8792d124a2d818df1562074d916", "f6083599947328d2637adb3cb9810fefd0d9195c504dc2e081fcfca776090c2b", "eb75f663d2145a509ae8db9126cee9d77d4942f0e24044db324ac45f894b4197", "5b4a1cdb25a26b59a7debb9a800df48fc287c78e21fbd373cf59cd7aec08225f", "b8189bf838099e9c6aebaa083abe32c23d5eeb2737467151fe58ef17cc919a9e", "56edbbad8c6bfd8ffece2f6d59e47d8b8ab4730c9b44f110d90c8beff0be8c03", "5fa2082fcb96450e08c2d7d1a679f79d70debbf80517c49f7eb24dbbba98c554", "9a12983c930602627ad459fba134a76ec4a419a103903155a54cc288a44bae35", "b87f1dc302e0bf49a65cd8fb24f8e44809d5488dce30257597a3856afb9f55c1"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "registry-autorun-key-modified", "hashes": ["e5e57425094babc789cd69616394e888681f05992a1cb14073655172ae3221df", "d6575780888ebc64ba8cc181c289c2193d68d658bb79fbad75cb014e5843fe0f", "a50c6bc01cacaf3c8bd51ac98b682501f25486ad25c43f2f3ce6cdcd98fab40f", "414a14294a3c88613f1480a69fa0d7cf3dfbb83eedd5ef0acc3ad39f6e01ee65", "8d47d932cd5c29686d796320a2d14821df531ae1b0f839c5c887191448ecc777", "cbf9a46b64bd4c5122f5bdf7a50b8e635f9cd8792d124a2d818df1562074d916", "f6083599947328d2637adb3cb9810fefd0d9195c504dc2e081fcfca776090c2b", "eb75f663d2145a509ae8db9126cee9d77d4942f0e24044db324ac45f894b4197", "5b4a1cdb25a26b59a7debb9a800df48fc287c78e21fbd373cf59cd7aec08225f", "b8189bf838099e9c6aebaa083abe32c23d5eeb2737467151fe58ef17cc919a9e", "56edbbad8c6bfd8ffece2f6d59e47d8b8ab4730c9b44f110d90c8beff0be8c03", "5fa2082fcb96450e08c2d7d1a679f79d70debbf80517c49f7eb24dbbba98c554", "9a12983c930602627ad459fba134a76ec4a419a103903155a54cc288a44bae35", "b87f1dc302e0bf49a65cd8fb24f8e44809d5488dce30257597a3856afb9f55c1"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "malware-known-trojan-av", "hashes": ["d6575780888ebc64ba8cc181c289c2193d68d658bb79fbad75cb014e5843fe0f", "a50c6bc01cacaf3c8bd51ac98b682501f25486ad25c43f2f3ce6cdcd98fab40f", "414a14294a3c88613f1480a69fa0d7cf3dfbb83eedd5ef0acc3ad39f6e01ee65", "cbf9a46b64bd4c5122f5bdf7a50b8e635f9cd8792d124a2d818df1562074d916", "f6083599947328d2637adb3cb9810fefd0d9195c504dc2e081fcfca776090c2b", "eb75f663d2145a509ae8db9126cee9d77d4942f0e24044db324ac45f894b4197", "46c297a1f124d12390c51e90c9b3c5dfe0df1fc472ff402c169680c7626cdf4c", "b8189bf838099e9c6aebaa083abe32c23d5eeb2737467151fe58ef17cc919a9e", "56edbbad8c6bfd8ffece2f6d59e47d8b8ab4730c9b44f110d90c8beff0be8c03", "5fa2082fcb96450e08c2d7d1a679f79d70debbf80517c49f7eb24dbbba98c554", "9a12983c930602627ad459fba134a76ec4a419a103903155a54cc288a44bae35", "b87f1dc302e0bf49a65cd8fb24f8e44809d5488dce30257597a3856afb9f55c1"], "mitre_attack_tags": []}, {"bi": "created-executable-in-user-dir", "hashes": ["d6575780888ebc64ba8cc181c289c2193d68d658bb79fbad75cb014e5843fe0f", "a50c6bc01cacaf3c8bd51ac98b682501f25486ad25c43f2f3ce6cdcd98fab40f", "414a14294a3c88613f1480a69fa0d7cf3dfbb83eedd5ef0acc3ad39f6e01ee65", "cbf9a46b64bd4c5122f5bdf7a50b8e635f9cd8792d124a2d818df1562074d916", "f6083599947328d2637adb3cb9810fefd0d9195c504dc2e081fcfca776090c2b", "eb75f663d2145a509ae8db9126cee9d77d4942f0e24044db324ac45f894b4197", "b8189bf838099e9c6aebaa083abe32c23d5eeb2737467151fe58ef17cc919a9e", "56edbbad8c6bfd8ffece2f6d59e47d8b8ab4730c9b44f110d90c8beff0be8c03", "5fa2082fcb96450e08c2d7d1a679f79d70debbf80517c49f7eb24dbbba98c554", "9a12983c930602627ad459fba134a76ec4a419a103903155a54cc288a44bae35", "b87f1dc302e0bf49a65cd8fb24f8e44809d5488dce30257597a3856afb9f55c1"], "mitre_attack_tags": []}, {"bi": "hook-installed", "hashes": ["d6575780888ebc64ba8cc181c289c2193d68d658bb79fbad75cb014e5843fe0f", "a50c6bc01cacaf3c8bd51ac98b682501f25486ad25c43f2f3ce6cdcd98fab40f", "414a14294a3c88613f1480a69fa0d7cf3dfbb83eedd5ef0acc3ad39f6e01ee65", "cbf9a46b64bd4c5122f5bdf7a50b8e635f9cd8792d124a2d818df1562074d916", "f6083599947328d2637adb3cb9810fefd0d9195c504dc2e081fcfca776090c2b", "eb75f663d2145a509ae8db9126cee9d77d4942f0e24044db324ac45f894b4197", "b8189bf838099e9c6aebaa083abe32c23d5eeb2737467151fe58ef17cc919a9e", "56edbbad8c6bfd8ffece2f6d59e47d8b8ab4730c9b44f110d90c8beff0be8c03", "5fa2082fcb96450e08c2d7d1a679f79d70debbf80517c49f7eb24dbbba98c554", "9a12983c930602627ad459fba134a76ec4a419a103903155a54cc288a44bae35", "b87f1dc302e0bf49a65cd8fb24f8e44809d5488dce30257597a3856afb9f55c1"], "mitre_attack_tags": ["TA0009", "TA0006", "T1056"]}, {"bi": "pe-uses-armadillo", "hashes": ["d6575780888ebc64ba8cc181c289c2193d68d658bb79fbad75cb014e5843fe0f", "a50c6bc01cacaf3c8bd51ac98b682501f25486ad25c43f2f3ce6cdcd98fab40f", "414a14294a3c88613f1480a69fa0d7cf3dfbb83eedd5ef0acc3ad39f6e01ee65", "cbf9a46b64bd4c5122f5bdf7a50b8e635f9cd8792d124a2d818df1562074d916", "f6083599947328d2637adb3cb9810fefd0d9195c504dc2e081fcfca776090c2b", "eb75f663d2145a509ae8db9126cee9d77d4942f0e24044db324ac45f894b4197", "b8189bf838099e9c6aebaa083abe32c23d5eeb2737467151fe58ef17cc919a9e", "56edbbad8c6bfd8ffece2f6d59e47d8b8ab4730c9b44f110d90c8beff0be8c03", "5fa2082fcb96450e08c2d7d1a679f79d70debbf80517c49f7eb24dbbba98c554", "9a12983c930602627ad459fba134a76ec4a419a103903155a54cc288a44bae35", "b87f1dc302e0bf49a65cd8fb24f8e44809d5488dce30257597a3856afb9f55c1"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "sample-launched-copy-of-self", "hashes": ["d6575780888ebc64ba8cc181c289c2193d68d658bb79fbad75cb014e5843fe0f", "a50c6bc01cacaf3c8bd51ac98b682501f25486ad25c43f2f3ce6cdcd98fab40f", "414a14294a3c88613f1480a69fa0d7cf3dfbb83eedd5ef0acc3ad39f6e01ee65", "cbf9a46b64bd4c5122f5bdf7a50b8e635f9cd8792d124a2d818df1562074d916", "f6083599947328d2637adb3cb9810fefd0d9195c504dc2e081fcfca776090c2b", "eb75f663d2145a509ae8db9126cee9d77d4942f0e24044db324ac45f894b4197", "b8189bf838099e9c6aebaa083abe32c23d5eeb2737467151fe58ef17cc919a9e", "56edbbad8c6bfd8ffece2f6d59e47d8b8ab4730c9b44f110d90c8beff0be8c03", "5fa2082fcb96450e08c2d7d1a679f79d70debbf80517c49f7eb24dbbba98c554", "9a12983c930602627ad459fba134a76ec4a419a103903155a54cc288a44bae35", "b87f1dc302e0bf49a65cd8fb24f8e44809d5488dce30257597a3856afb9f55c1"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "sample-launched-copy-domain-flagged", "hashes": ["d6575780888ebc64ba8cc181c289c2193d68d658bb79fbad75cb014e5843fe0f", "a50c6bc01cacaf3c8bd51ac98b682501f25486ad25c43f2f3ce6cdcd98fab40f", "414a14294a3c88613f1480a69fa0d7cf3dfbb83eedd5ef0acc3ad39f6e01ee65", "cbf9a46b64bd4c5122f5bdf7a50b8e635f9cd8792d124a2d818df1562074d916", "f6083599947328d2637adb3cb9810fefd0d9195c504dc2e081fcfca776090c2b", "eb75f663d2145a509ae8db9126cee9d77d4942f0e24044db324ac45f894b4197", "b8189bf838099e9c6aebaa083abe32c23d5eeb2737467151fe58ef17cc919a9e", "56edbbad8c6bfd8ffece2f6d59e47d8b8ab4730c9b44f110d90c8beff0be8c03", "5fa2082fcb96450e08c2d7d1a679f79d70debbf80517c49f7eb24dbbba98c554", "9a12983c930602627ad459fba134a76ec4a419a103903155a54cc288a44bae35", "b87f1dc302e0bf49a65cd8fb24f8e44809d5488dce30257597a3856afb9f55c1"], "mitre_attack_tags": ["TA0011", "T1102"]}, {"bi": "registry-autorun-key-data-dir", "hashes": ["d6575780888ebc64ba8cc181c289c2193d68d658bb79fbad75cb014e5843fe0f", "a50c6bc01cacaf3c8bd51ac98b682501f25486ad25c43f2f3ce6cdcd98fab40f", "414a14294a3c88613f1480a69fa0d7cf3dfbb83eedd5ef0acc3ad39f6e01ee65", "cbf9a46b64bd4c5122f5bdf7a50b8e635f9cd8792d124a2d818df1562074d916", "f6083599947328d2637adb3cb9810fefd0d9195c504dc2e081fcfca776090c2b", "eb75f663d2145a509ae8db9126cee9d77d4942f0e24044db324ac45f894b4197", "b8189bf838099e9c6aebaa083abe32c23d5eeb2737467151fe58ef17cc919a9e", "56edbbad8c6bfd8ffece2f6d59e47d8b8ab4730c9b44f110d90c8beff0be8c03", "5fa2082fcb96450e08c2d7d1a679f79d70debbf80517c49f7eb24dbbba98c554", "9a12983c930602627ad459fba134a76ec4a419a103903155a54cc288a44bae35", "b87f1dc302e0bf49a65cd8fb24f8e44809d5488dce30257597a3856afb9f55c1"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "cmd-exe-file-execution", "hashes": ["d6575780888ebc64ba8cc181c289c2193d68d658bb79fbad75cb014e5843fe0f", "a50c6bc01cacaf3c8bd51ac98b682501f25486ad25c43f2f3ce6cdcd98fab40f", "414a14294a3c88613f1480a69fa0d7cf3dfbb83eedd5ef0acc3ad39f6e01ee65", "cbf9a46b64bd4c5122f5bdf7a50b8e635f9cd8792d124a2d818df1562074d916", "f6083599947328d2637adb3cb9810fefd0d9195c504dc2e081fcfca776090c2b", "eb75f663d2145a509ae8db9126cee9d77d4942f0e24044db324ac45f894b4197", "b8189bf838099e9c6aebaa083abe32c23d5eeb2737467151fe58ef17cc919a9e", "56edbbad8c6bfd8ffece2f6d59e47d8b8ab4730c9b44f110d90c8beff0be8c03", "5fa2082fcb96450e08c2d7d1a679f79d70debbf80517c49f7eb24dbbba98c554", "9a12983c930602627ad459fba134a76ec4a419a103903155a54cc288a44bae35", "b87f1dc302e0bf49a65cd8fb24f8e44809d5488dce30257597a3856afb9f55c1"], "mitre_attack_tags": ["TA0002", "T1059"]}, {"bi": "unsigned-roaming-execution", "hashes": ["d6575780888ebc64ba8cc181c289c2193d68d658bb79fbad75cb014e5843fe0f", "a50c6bc01cacaf3c8bd51ac98b682501f25486ad25c43f2f3ce6cdcd98fab40f", "414a14294a3c88613f1480a69fa0d7cf3dfbb83eedd5ef0acc3ad39f6e01ee65", "cbf9a46b64bd4c5122f5bdf7a50b8e635f9cd8792d124a2d818df1562074d916", "f6083599947328d2637adb3cb9810fefd0d9195c504dc2e081fcfca776090c2b", "eb75f663d2145a509ae8db9126cee9d77d4942f0e24044db324ac45f894b4197", "b8189bf838099e9c6aebaa083abe32c23d5eeb2737467151fe58ef17cc919a9e", "56edbbad8c6bfd8ffece2f6d59e47d8b8ab4730c9b44f110d90c8beff0be8c03", "5fa2082fcb96450e08c2d7d1a679f79d70debbf80517c49f7eb24dbbba98c554", "9a12983c930602627ad459fba134a76ec4a419a103903155a54cc288a44bae35", "b87f1dc302e0bf49a65cd8fb24f8e44809d5488dce30257597a3856afb9f55c1"], "mitre_attack_tags": ["TA0005"]}, {"bi": "process-windows-script-launched", "hashes": ["d6575780888ebc64ba8cc181c289c2193d68d658bb79fbad75cb014e5843fe0f", "a50c6bc01cacaf3c8bd51ac98b682501f25486ad25c43f2f3ce6cdcd98fab40f", "414a14294a3c88613f1480a69fa0d7cf3dfbb83eedd5ef0acc3ad39f6e01ee65", "cbf9a46b64bd4c5122f5bdf7a50b8e635f9cd8792d124a2d818df1562074d916", "f6083599947328d2637adb3cb9810fefd0d9195c504dc2e081fcfca776090c2b", "eb75f663d2145a509ae8db9126cee9d77d4942f0e24044db324ac45f894b4197", "b8189bf838099e9c6aebaa083abe32c23d5eeb2737467151fe58ef17cc919a9e", "56edbbad8c6bfd8ffece2f6d59e47d8b8ab4730c9b44f110d90c8beff0be8c03", "5fa2082fcb96450e08c2d7d1a679f79d70debbf80517c49f7eb24dbbba98c554", "9a12983c930602627ad459fba134a76ec4a419a103903155a54cc288a44bae35", "b87f1dc302e0bf49a65cd8fb24f8e44809d5488dce30257597a3856afb9f55c1"], "mitre_attack_tags": ["TA0002", "T1059"]}, {"bi": "pe-imports-toolhelp", "hashes": ["d6575780888ebc64ba8cc181c289c2193d68d658bb79fbad75cb014e5843fe0f", "a50c6bc01cacaf3c8bd51ac98b682501f25486ad25c43f2f3ce6cdcd98fab40f", "414a14294a3c88613f1480a69fa0d7cf3dfbb83eedd5ef0acc3ad39f6e01ee65", "cbf9a46b64bd4c5122f5bdf7a50b8e635f9cd8792d124a2d818df1562074d916", "f6083599947328d2637adb3cb9810fefd0d9195c504dc2e081fcfca776090c2b", "eb75f663d2145a509ae8db9126cee9d77d4942f0e24044db324ac45f894b4197", "b8189bf838099e9c6aebaa083abe32c23d5eeb2737467151fe58ef17cc919a9e", "56edbbad8c6bfd8ffece2f6d59e47d8b8ab4730c9b44f110d90c8beff0be8c03", "5fa2082fcb96450e08c2d7d1a679f79d70debbf80517c49f7eb24dbbba98c554", "9a12983c930602627ad459fba134a76ec4a419a103903155a54cc288a44bae35", "b87f1dc302e0bf49a65cd8fb24f8e44809d5488dce30257597a3856afb9f55c1"], "mitre_attack_tags": ["TA0007", "T1057"]}, {"bi": "malware-remcos-mutex", "hashes": ["d6575780888ebc64ba8cc181c289c2193d68d658bb79fbad75cb014e5843fe0f", "a50c6bc01cacaf3c8bd51ac98b682501f25486ad25c43f2f3ce6cdcd98fab40f", "414a14294a3c88613f1480a69fa0d7cf3dfbb83eedd5ef0acc3ad39f6e01ee65", "cbf9a46b64bd4c5122f5bdf7a50b8e635f9cd8792d124a2d818df1562074d916", "f6083599947328d2637adb3cb9810fefd0d9195c504dc2e081fcfca776090c2b", "eb75f663d2145a509ae8db9126cee9d77d4942f0e24044db324ac45f894b4197", "b8189bf838099e9c6aebaa083abe32c23d5eeb2737467151fe58ef17cc919a9e", "56edbbad8c6bfd8ffece2f6d59e47d8b8ab4730c9b44f110d90c8beff0be8c03", "5fa2082fcb96450e08c2d7d1a679f79d70debbf80517c49f7eb24dbbba98c554", "9a12983c930602627ad459fba134a76ec4a419a103903155a54cc288a44bae35", "b87f1dc302e0bf49a65cd8fb24f8e44809d5488dce30257597a3856afb9f55c1"], "mitre_attack_tags": []}, {"bi": "malware-remcos-registry", "hashes": ["d6575780888ebc64ba8cc181c289c2193d68d658bb79fbad75cb014e5843fe0f", "a50c6bc01cacaf3c8bd51ac98b682501f25486ad25c43f2f3ce6cdcd98fab40f", "414a14294a3c88613f1480a69fa0d7cf3dfbb83eedd5ef0acc3ad39f6e01ee65", "cbf9a46b64bd4c5122f5bdf7a50b8e635f9cd8792d124a2d818df1562074d916", "f6083599947328d2637adb3cb9810fefd0d9195c504dc2e081fcfca776090c2b", "eb75f663d2145a509ae8db9126cee9d77d4942f0e24044db324ac45f894b4197", "b8189bf838099e9c6aebaa083abe32c23d5eeb2737467151fe58ef17cc919a9e", "56edbbad8c6bfd8ffece2f6d59e47d8b8ab4730c9b44f110d90c8beff0be8c03", "5fa2082fcb96450e08c2d7d1a679f79d70debbf80517c49f7eb24dbbba98c554", "9a12983c930602627ad459fba134a76ec4a419a103903155a54cc288a44bae35", "b87f1dc302e0bf49a65cd8fb24f8e44809d5488dce30257597a3856afb9f55c1"], "mitre_attack_tags": ["TA0009", "TA0006", "TA0011", "T1056", "T1113", "T1125", "T1123", "T1105"]}, {"bi": "files-deleted-used-vbs", "hashes": ["d6575780888ebc64ba8cc181c289c2193d68d658bb79fbad75cb014e5843fe0f", "a50c6bc01cacaf3c8bd51ac98b682501f25486ad25c43f2f3ce6cdcd98fab40f", "414a14294a3c88613f1480a69fa0d7cf3dfbb83eedd5ef0acc3ad39f6e01ee65", "cbf9a46b64bd4c5122f5bdf7a50b8e635f9cd8792d124a2d818df1562074d916", "f6083599947328d2637adb3cb9810fefd0d9195c504dc2e081fcfca776090c2b", "eb75f663d2145a509ae8db9126cee9d77d4942f0e24044db324ac45f894b4197", "b8189bf838099e9c6aebaa083abe32c23d5eeb2737467151fe58ef17cc919a9e", "56edbbad8c6bfd8ffece2f6d59e47d8b8ab4730c9b44f110d90c8beff0be8c03", "5fa2082fcb96450e08c2d7d1a679f79d70debbf80517c49f7eb24dbbba98c554", "9a12983c930602627ad459fba134a76ec4a419a103903155a54cc288a44bae35", "b87f1dc302e0bf49a65cd8fb24f8e44809d5488dce30257597a3856afb9f55c1"], "mitre_attack_tags": ["TA0005", "T1070"]}, {"bi": "dns-dynamic-domain", "hashes": ["e5e57425094babc789cd69616394e888681f05992a1cb14073655172ae3221df", "d6575780888ebc64ba8cc181c289c2193d68d658bb79fbad75cb014e5843fe0f", "414a14294a3c88613f1480a69fa0d7cf3dfbb83eedd5ef0acc3ad39f6e01ee65", "8d47d932cd5c29686d796320a2d14821df531ae1b0f839c5c887191448ecc777", "f6083599947328d2637adb3cb9810fefd0d9195c504dc2e081fcfca776090c2b", "eb75f663d2145a509ae8db9126cee9d77d4942f0e24044db324ac45f894b4197", "5b4a1cdb25a26b59a7debb9a800df48fc287c78e21fbd373cf59cd7aec08225f", "b8189bf838099e9c6aebaa083abe32c23d5eeb2737467151fe58ef17cc919a9e", "5fa2082fcb96450e08c2d7d1a679f79d70debbf80517c49f7eb24dbbba98c554", "9a12983c930602627ad459fba134a76ec4a419a103903155a54cc288a44bae35"], "mitre_attack_tags": ["TA0011", "T1568"]}, {"bi": "network-snort-protocol", "hashes": ["a50c6bc01cacaf3c8bd51ac98b682501f25486ad25c43f2f3ce6cdcd98fab40f", "8d47d932cd5c29686d796320a2d14821df531ae1b0f839c5c887191448ecc777", "cbf9a46b64bd4c5122f5bdf7a50b8e635f9cd8792d124a2d818df1562074d916", "f6083599947328d2637adb3cb9810fefd0d9195c504dc2e081fcfca776090c2b", "eb75f663d2145a509ae8db9126cee9d77d4942f0e24044db324ac45f894b4197", "b8189bf838099e9c6aebaa083abe32c23d5eeb2737467151fe58ef17cc919a9e", "56edbbad8c6bfd8ffece2f6d59e47d8b8ab4730c9b44f110d90c8beff0be8c03", "b87f1dc302e0bf49a65cd8fb24f8e44809d5488dce30257597a3856afb9f55c1"], "mitre_attack_tags": []}, {"bi": "pe-filename-mismatch", "hashes": ["e5e57425094babc789cd69616394e888681f05992a1cb14073655172ae3221df", "8d47d932cd5c29686d796320a2d14821df531ae1b0f839c5c887191448ecc777", "5b4a1cdb25a26b59a7debb9a800df48fc287c78e21fbd373cf59cd7aec08225f"], "mitre_attack_tags": []}, {"bi": "dns-excessive-domain-queries", "hashes": ["e5e57425094babc789cd69616394e888681f05992a1cb14073655172ae3221df", "8d47d932cd5c29686d796320a2d14821df531ae1b0f839c5c887191448ecc777", "5b4a1cdb25a26b59a7debb9a800df48fc287c78e21fbd373cf59cd7aec08225f"], "mitre_attack_tags": ["TA0011", "T1008"]}, {"bi": "artifact-windows-task", "hashes": ["e5e57425094babc789cd69616394e888681f05992a1cb14073655172ae3221df", "8d47d932cd5c29686d796320a2d14821df531ae1b0f839c5c887191448ecc777", "5b4a1cdb25a26b59a7debb9a800df48fc287c78e21fbd373cf59cd7aec08225f"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1053"]}, {"bi": "pe-uses-dot-net", "hashes": ["e5e57425094babc789cd69616394e888681f05992a1cb14073655172ae3221df", "8d47d932cd5c29686d796320a2d14821df531ae1b0f839c5c887191448ecc777", "5b4a1cdb25a26b59a7debb9a800df48fc287c78e21fbd373cf59cd7aec08225f"], "mitre_attack_tags": []}, {"bi": "malware-nanocore-artifact-detected", "hashes": ["e5e57425094babc789cd69616394e888681f05992a1cb14073655172ae3221df", "8d47d932cd5c29686d796320a2d14821df531ae1b0f839c5c887191448ecc777", "5b4a1cdb25a26b59a7debb9a800df48fc287c78e21fbd373cf59cd7aec08225f"], "mitre_attack_tags": []}, {"bi": "windows-util-schtask", "hashes": ["e5e57425094babc789cd69616394e888681f05992a1cb14073655172ae3221df", "8d47d932cd5c29686d796320a2d14821df531ae1b0f839c5c887191448ecc777", "5b4a1cdb25a26b59a7debb9a800df48fc287c78e21fbd373cf59cd7aec08225f"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1053"]}, {"bi": "schtask-forcefully-created", "hashes": ["e5e57425094babc789cd69616394e888681f05992a1cb14073655172ae3221df", "8d47d932cd5c29686d796320a2d14821df531ae1b0f839c5c887191448ecc777", "5b4a1cdb25a26b59a7debb9a800df48fc287c78e21fbd373cf59cd7aec08225f"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1053"]}, {"bi": "dns-public-server-contacted", "hashes": ["e5e57425094babc789cd69616394e888681f05992a1cb14073655172ae3221df", "8d47d932cd5c29686d796320a2d14821df531ae1b0f839c5c887191448ecc777", "5b4a1cdb25a26b59a7debb9a800df48fc287c78e21fbd373cf59cd7aec08225f"], "mitre_attack_tags": ["TA0011", "T1071"]}, {"bi": "windows-util-schtask-generic", "hashes": ["e5e57425094babc789cd69616394e888681f05992a1cb14073655172ae3221df", "8d47d932cd5c29686d796320a2d14821df531ae1b0f839c5c887191448ecc777", "5b4a1cdb25a26b59a7debb9a800df48fc287c78e21fbd373cf59cd7aec08225f"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1053"]}, {"bi": "modified-file-in-program-dir", "hashes": ["e5e57425094babc789cd69616394e888681f05992a1cb14073655172ae3221df", "8d47d932cd5c29686d796320a2d14821df531ae1b0f839c5c887191448ecc777", "5b4a1cdb25a26b59a7debb9a800df48fc287c78e21fbd373cf59cd7aec08225f"], "mitre_attack_tags": []}, {"bi": "network-dns-category-cnc", "hashes": ["e5e57425094babc789cd69616394e888681f05992a1cb14073655172ae3221df", "8d47d932cd5c29686d796320a2d14821df531ae1b0f839c5c887191448ecc777", "5b4a1cdb25a26b59a7debb9a800df48fc287c78e21fbd373cf59cd7aec08225f"], "mitre_attack_tags": ["TA0011"]}, {"bi": "regasm-network-connection", "hashes": ["e5e57425094babc789cd69616394e888681f05992a1cb14073655172ae3221df", "8d47d932cd5c29686d796320a2d14821df531ae1b0f839c5c887191448ecc777", "5b4a1cdb25a26b59a7debb9a800df48fc287c78e21fbd373cf59cd7aec08225f"], "mitre_attack_tags": ["TA0005", "TA0002", "T1121"]}, {"bi": "process-check-zone-identifier", "hashes": ["e5e57425094babc789cd69616394e888681f05992a1cb14073655172ae3221df", "8d47d932cd5c29686d796320a2d14821df531ae1b0f839c5c887191448ecc777", "5b4a1cdb25a26b59a7debb9a800df48fc287c78e21fbd373cf59cd7aec08225f"], "mitre_attack_tags": ["TA0007", "T1518"]}, {"bi": "network-private-ip-address", "hashes": ["f6083599947328d2637adb3cb9810fefd0d9195c504dc2e081fcfca776090c2b", "eb75f663d2145a509ae8db9126cee9d77d4942f0e24044db324ac45f894b4197", "b8189bf838099e9c6aebaa083abe32c23d5eeb2737467151fe58ef17cc919a9e"], "mitre_attack_tags": ["TA0007", "T1016"]}, {"bi": "rfc1918-ipaddress-detected", "hashes": ["f6083599947328d2637adb3cb9810fefd0d9195c504dc2e081fcfca776090c2b", "eb75f663d2145a509ae8db9126cee9d77d4942f0e24044db324ac45f894b4197", "b8189bf838099e9c6aebaa083abe32c23d5eeb2737467151fe58ef17cc919a9e"], "mitre_attack_tags": []}, {"bi": "antivirus-service-flagged-artifact-mid", "hashes": ["5b4a1cdb25a26b59a7debb9a800df48fc287c78e21fbd373cf59cd7aec08225f", "c8335dcc276062f714b7dcb5857a1773b5762ca763323537dde98fc81cce3f2f"], "mitre_attack_tags": []}], "category": "Dropper", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": true, "Threat Grid": true, "Umbrella": true, "WSA": true}, "description": "Remcos is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes, interact with a webcam, and capture screenshots. This malware is commonly delivered through Microsoft Office documents with macros, sent as attachments on malicious emails.", "hashes": ["414a14294a3c88613f1480a69fa0d7cf3dfbb83eedd5ef0acc3ad39f6e01ee65", "46c297a1f124d12390c51e90c9b3c5dfe0df1fc472ff402c169680c7626cdf4c", "56edbbad8c6bfd8ffece2f6d59e47d8b8ab4730c9b44f110d90c8beff0be8c03", "5b4a1cdb25a26b59a7debb9a800df48fc287c78e21fbd373cf59cd7aec08225f", "5fa2082fcb96450e08c2d7d1a679f79d70debbf80517c49f7eb24dbbba98c554", "7e30717f2e9ba0317731b37c96d2412d36cd150f9ee35f952568e4ca855fe4f0", "89de0738d31cdaca830f1e511eab1fb92f824d6da0b9e1a6ae2e3ef5419b1f0e", "8d47d932cd5c29686d796320a2d14821df531ae1b0f839c5c887191448ecc777", "9a12983c930602627ad459fba134a76ec4a419a103903155a54cc288a44bae35", "a50c6bc01cacaf3c8bd51ac98b682501f25486ad25c43f2f3ce6cdcd98fab40f", "b8189bf838099e9c6aebaa083abe32c23d5eeb2737467151fe58ef17cc919a9e", "b87f1dc302e0bf49a65cd8fb24f8e44809d5488dce30257597a3856afb9f55c1", "c8335dcc276062f714b7dcb5857a1773b5762ca763323537dde98fc81cce3f2f", "cbf9a46b64bd4c5122f5bdf7a50b8e635f9cd8792d124a2d818df1562074d916", "d6575780888ebc64ba8cc181c289c2193d68d658bb79fbad75cb014e5843fe0f", "dbbbf8a197a81a53158c3ea83feea35b23716df8f5ba7e92265484c157749943", "e5e57425094babc789cd69616394e888681f05992a1cb14073655172ae3221df", "eb75f663d2145a509ae8db9126cee9d77d4942f0e24044db324ac45f894b4197", "f6083599947328d2637adb3cb9810fefd0d9195c504dc2e081fcfca776090c2b"], "iocs": {"domain": [{"hashes": ["414a14294a3c88613f1480a69fa0d7cf3dfbb83eedd5ef0acc3ad39f6e01ee65", "56edbbad8c6bfd8ffece2f6d59e47d8b8ab4730c9b44f110d90c8beff0be8c03", "5b4a1cdb25a26b59a7debb9a800df48fc287c78e21fbd373cf59cd7aec08225f", "5fa2082fcb96450e08c2d7d1a679f79d70debbf80517c49f7eb24dbbba98c554", "8d47d932cd5c29686d796320a2d14821df531ae1b0f839c5c887191448ecc777", "9a12983c930602627ad459fba134a76ec4a419a103903155a54cc288a44bae35", "a50c6bc01cacaf3c8bd51ac98b682501f25486ad25c43f2f3ce6cdcd98fab40f", "b8189bf838099e9c6aebaa083abe32c23d5eeb2737467151fe58ef17cc919a9e", "b87f1dc302e0bf49a65cd8fb24f8e44809d5488dce30257597a3856afb9f55c1", "cbf9a46b64bd4c5122f5bdf7a50b8e635f9cd8792d124a2d818df1562074d916", "d6575780888ebc64ba8cc181c289c2193d68d658bb79fbad75cb014e5843fe0f", "e5e57425094babc789cd69616394e888681f05992a1cb14073655172ae3221df", "eb75f663d2145a509ae8db9126cee9d77d4942f0e24044db324ac45f894b4197", "f6083599947328d2637adb3cb9810fefd0d9195c504dc2e081fcfca776090c2b"], "host": "mtspsmjeli[.]sch[.]id"}, {"hashes": ["56edbbad8c6bfd8ffece2f6d59e47d8b8ab4730c9b44f110d90c8beff0be8c03", "a50c6bc01cacaf3c8bd51ac98b682501f25486ad25c43f2f3ce6cdcd98fab40f", "b87f1dc302e0bf49a65cd8fb24f8e44809d5488dce30257597a3856afb9f55c1", "cbf9a46b64bd4c5122f5bdf7a50b8e635f9cd8792d124a2d818df1562074d916"], "host": "ghdyuienah123[.]freedynamicdns[.]org"}, {"hashes": ["414a14294a3c88613f1480a69fa0d7cf3dfbb83eedd5ef0acc3ad39f6e01ee65", "5fa2082fcb96450e08c2d7d1a679f79d70debbf80517c49f7eb24dbbba98c554", "9a12983c930602627ad459fba134a76ec4a419a103903155a54cc288a44bae35", "d6575780888ebc64ba8cc181c289c2193d68d658bb79fbad75cb014e5843fe0f"], "host": "gsyagvxnzmkoplbhduisbagtevcnxmzlopljdgye[.]ydns[.]eu"}, {"hashes": ["b8189bf838099e9c6aebaa083abe32c23d5eeb2737467151fe58ef17cc919a9e", "eb75f663d2145a509ae8db9126cee9d77d4942f0e24044db324ac45f894b4197", "f6083599947328d2637adb3cb9810fefd0d9195c504dc2e081fcfca776090c2b"], "host": "hjduiebcvzcalpmjdbcnwqadhsiybcnzxswedgap[.]ydns[.]eu"}, {"hashes": ["5b4a1cdb25a26b59a7debb9a800df48fc287c78e21fbd373cf59cd7aec08225f", "8d47d932cd5c29686d796320a2d14821df531ae1b0f839c5c887191448ecc777", "e5e57425094babc789cd69616394e888681f05992a1cb14073655172ae3221df"], "host": "rhbavzcmkopdhunbsgwtfcvzcxgjhyegvbcnmgte[.]ydns[.]eu"}], "file": [{"hashes": ["414a14294a3c88613f1480a69fa0d7cf3dfbb83eedd5ef0acc3ad39f6e01ee65", "56edbbad8c6bfd8ffece2f6d59e47d8b8ab4730c9b44f110d90c8beff0be8c03", "5fa2082fcb96450e08c2d7d1a679f79d70debbf80517c49f7eb24dbbba98c554", "9a12983c930602627ad459fba134a76ec4a419a103903155a54cc288a44bae35", "a50c6bc01cacaf3c8bd51ac98b682501f25486ad25c43f2f3ce6cdcd98fab40f", "b8189bf838099e9c6aebaa083abe32c23d5eeb2737467151fe58ef17cc919a9e", "b87f1dc302e0bf49a65cd8fb24f8e44809d5488dce30257597a3856afb9f55c1", "cbf9a46b64bd4c5122f5bdf7a50b8e635f9cd8792d124a2d818df1562074d916", "d6575780888ebc64ba8cc181c289c2193d68d658bb79fbad75cb014e5843fe0f", "eb75f663d2145a509ae8db9126cee9d77d4942f0e24044db324ac45f894b4197", "f6083599947328d2637adb3cb9810fefd0d9195c504dc2e081fcfca776090c2b"], "path": "%APPDATA%\\logs.dat"}, {"hashes": ["414a14294a3c88613f1480a69fa0d7cf3dfbb83eedd5ef0acc3ad39f6e01ee65", "56edbbad8c6bfd8ffece2f6d59e47d8b8ab4730c9b44f110d90c8beff0be8c03", "5fa2082fcb96450e08c2d7d1a679f79d70debbf80517c49f7eb24dbbba98c554", "9a12983c930602627ad459fba134a76ec4a419a103903155a54cc288a44bae35", "a50c6bc01cacaf3c8bd51ac98b682501f25486ad25c43f2f3ce6cdcd98fab40f", "b8189bf838099e9c6aebaa083abe32c23d5eeb2737467151fe58ef17cc919a9e", "b87f1dc302e0bf49a65cd8fb24f8e44809d5488dce30257597a3856afb9f55c1", "cbf9a46b64bd4c5122f5bdf7a50b8e635f9cd8792d124a2d818df1562074d916", "d6575780888ebc64ba8cc181c289c2193d68d658bb79fbad75cb014e5843fe0f", "eb75f663d2145a509ae8db9126cee9d77d4942f0e24044db324ac45f894b4197", "f6083599947328d2637adb3cb9810fefd0d9195c504dc2e081fcfca776090c2b"], "path": "%TEMP%\\install.vbs"}, {"hashes": ["414a14294a3c88613f1480a69fa0d7cf3dfbb83eedd5ef0acc3ad39f6e01ee65", "56edbbad8c6bfd8ffece2f6d59e47d8b8ab4730c9b44f110d90c8beff0be8c03", "5fa2082fcb96450e08c2d7d1a679f79d70debbf80517c49f7eb24dbbba98c554", "9a12983c930602627ad459fba134a76ec4a419a103903155a54cc288a44bae35", "a50c6bc01cacaf3c8bd51ac98b682501f25486ad25c43f2f3ce6cdcd98fab40f", "b8189bf838099e9c6aebaa083abe32c23d5eeb2737467151fe58ef17cc919a9e", "b87f1dc302e0bf49a65cd8fb24f8e44809d5488dce30257597a3856afb9f55c1", "cbf9a46b64bd4c5122f5bdf7a50b8e635f9cd8792d124a2d818df1562074d916", "d6575780888ebc64ba8cc181c289c2193d68d658bb79fbad75cb014e5843fe0f", "eb75f663d2145a509ae8db9126cee9d77d4942f0e24044db324ac45f894b4197", "f6083599947328d2637adb3cb9810fefd0d9195c504dc2e081fcfca776090c2b"], "path": "%APPDATA%\\win.exe"}, {"hashes": ["5b4a1cdb25a26b59a7debb9a800df48fc287c78e21fbd373cf59cd7aec08225f", "8d47d932cd5c29686d796320a2d14821df531ae1b0f839c5c887191448ecc777", "e5e57425094babc789cd69616394e888681f05992a1cb14073655172ae3221df"], "path": "%ProgramFiles(x86)%\\AGP Manager"}, {"hashes": ["5b4a1cdb25a26b59a7debb9a800df48fc287c78e21fbd373cf59cd7aec08225f", "8d47d932cd5c29686d796320a2d14821df531ae1b0f839c5c887191448ecc777", "e5e57425094babc789cd69616394e888681f05992a1cb14073655172ae3221df"], "path": "%ProgramFiles(x86)%\\AGP Manager\\agpmgr.exe"}, {"hashes": ["5b4a1cdb25a26b59a7debb9a800df48fc287c78e21fbd373cf59cd7aec08225f", "8d47d932cd5c29686d796320a2d14821df531ae1b0f839c5c887191448ecc777", "e5e57425094babc789cd69616394e888681f05992a1cb14073655172ae3221df"], "path": "%APPDATA%\\D19AB989-A35F-4710-83DF-7B2DB7EFE7C5"}, {"hashes": ["5b4a1cdb25a26b59a7debb9a800df48fc287c78e21fbd373cf59cd7aec08225f", "8d47d932cd5c29686d796320a2d14821df531ae1b0f839c5c887191448ecc777", "e5e57425094babc789cd69616394e888681f05992a1cb14073655172ae3221df"], "path": "%APPDATA%\\D19AB989-A35F-4710-83DF-7B2DB7EFE7C5\\Logs"}, {"hashes": ["5b4a1cdb25a26b59a7debb9a800df48fc287c78e21fbd373cf59cd7aec08225f", "8d47d932cd5c29686d796320a2d14821df531ae1b0f839c5c887191448ecc777", "e5e57425094babc789cd69616394e888681f05992a1cb14073655172ae3221df"], "path": "%APPDATA%\\D19AB989-A35F-4710-83DF-7B2DB7EFE7C5\\Logs\\Administrator"}, {"hashes": ["5b4a1cdb25a26b59a7debb9a800df48fc287c78e21fbd373cf59cd7aec08225f", "8d47d932cd5c29686d796320a2d14821df531ae1b0f839c5c887191448ecc777", "e5e57425094babc789cd69616394e888681f05992a1cb14073655172ae3221df"], "path": "%APPDATA%\\D19AB989-A35F-4710-83DF-7B2DB7EFE7C5\\run.dat"}, {"hashes": ["5b4a1cdb25a26b59a7debb9a800df48fc287c78e21fbd373cf59cd7aec08225f", "8d47d932cd5c29686d796320a2d14821df531ae1b0f839c5c887191448ecc777", "e5e57425094babc789cd69616394e888681f05992a1cb14073655172ae3221df"], "path": "%APPDATA%\\D19AB989-A35F-4710-83DF-7B2DB7EFE7C5\\task.dat"}, {"hashes": ["5b4a1cdb25a26b59a7debb9a800df48fc287c78e21fbd373cf59cd7aec08225f", "8d47d932cd5c29686d796320a2d14821df531ae1b0f839c5c887191448ecc777", "e5e57425094babc789cd69616394e888681f05992a1cb14073655172ae3221df"], "path": "%System32%\\Tasks\\AGP Manager"}, {"hashes": ["5b4a1cdb25a26b59a7debb9a800df48fc287c78e21fbd373cf59cd7aec08225f", "8d47d932cd5c29686d796320a2d14821df531ae1b0f839c5c887191448ecc777", "e5e57425094babc789cd69616394e888681f05992a1cb14073655172ae3221df"], "path": "%System32%\\Tasks\\AGP Manager Task"}, {"hashes": ["5b4a1cdb25a26b59a7debb9a800df48fc287c78e21fbd373cf59cd7aec08225f", "8d47d932cd5c29686d796320a2d14821df531ae1b0f839c5c887191448ecc777", "e5e57425094babc789cd69616394e888681f05992a1cb14073655172ae3221df"], "path": "%TEMP%\\tmp<random, matching [A-F0-9]{1,4}>.tmp"}], "ip": [{"hashes": ["414a14294a3c88613f1480a69fa0d7cf3dfbb83eedd5ef0acc3ad39f6e01ee65", "56edbbad8c6bfd8ffece2f6d59e47d8b8ab4730c9b44f110d90c8beff0be8c03", "5b4a1cdb25a26b59a7debb9a800df48fc287c78e21fbd373cf59cd7aec08225f", "5fa2082fcb96450e08c2d7d1a679f79d70debbf80517c49f7eb24dbbba98c554", "8d47d932cd5c29686d796320a2d14821df531ae1b0f839c5c887191448ecc777", "9a12983c930602627ad459fba134a76ec4a419a103903155a54cc288a44bae35", "a50c6bc01cacaf3c8bd51ac98b682501f25486ad25c43f2f3ce6cdcd98fab40f", "b8189bf838099e9c6aebaa083abe32c23d5eeb2737467151fe58ef17cc919a9e", "b87f1dc302e0bf49a65cd8fb24f8e44809d5488dce30257597a3856afb9f55c1", "cbf9a46b64bd4c5122f5bdf7a50b8e635f9cd8792d124a2d818df1562074d916", "d6575780888ebc64ba8cc181c289c2193d68d658bb79fbad75cb014e5843fe0f", "e5e57425094babc789cd69616394e888681f05992a1cb14073655172ae3221df", "eb75f663d2145a509ae8db9126cee9d77d4942f0e24044db324ac45f894b4197", "f6083599947328d2637adb3cb9810fefd0d9195c504dc2e081fcfca776090c2b"], "ip": "103[.]150[.]60[.]242"}, {"hashes": ["56edbbad8c6bfd8ffece2f6d59e47d8b8ab4730c9b44f110d90c8beff0be8c03", "a50c6bc01cacaf3c8bd51ac98b682501f25486ad25c43f2f3ce6cdcd98fab40f", "b87f1dc302e0bf49a65cd8fb24f8e44809d5488dce30257597a3856afb9f55c1", "cbf9a46b64bd4c5122f5bdf7a50b8e635f9cd8792d124a2d818df1562074d916"], "ip": "36[.]255[.]99[.]32"}, {"hashes": ["414a14294a3c88613f1480a69fa0d7cf3dfbb83eedd5ef0acc3ad39f6e01ee65", "5fa2082fcb96450e08c2d7d1a679f79d70debbf80517c49f7eb24dbbba98c554", "9a12983c930602627ad459fba134a76ec4a419a103903155a54cc288a44bae35", "d6575780888ebc64ba8cc181c289c2193d68d658bb79fbad75cb014e5843fe0f"], "ip": "104[.]250[.]191[.]63"}, {"hashes": ["5b4a1cdb25a26b59a7debb9a800df48fc287c78e21fbd373cf59cd7aec08225f", "8d47d932cd5c29686d796320a2d14821df531ae1b0f839c5c887191448ecc777", "e5e57425094babc789cd69616394e888681f05992a1cb14073655172ae3221df"], "ip": "46[.]243[.]233[.]131"}, {"hashes": ["dbbbf8a197a81a53158c3ea83feea35b23716df8f5ba7e92265484c157749943"], "ip": "23[.]3[.]13[.]154"}], "mutex": [{"hashes": ["414a14294a3c88613f1480a69fa0d7cf3dfbb83eedd5ef0acc3ad39f6e01ee65", "56edbbad8c6bfd8ffece2f6d59e47d8b8ab4730c9b44f110d90c8beff0be8c03", "5fa2082fcb96450e08c2d7d1a679f79d70debbf80517c49f7eb24dbbba98c554", "9a12983c930602627ad459fba134a76ec4a419a103903155a54cc288a44bae35", "a50c6bc01cacaf3c8bd51ac98b682501f25486ad25c43f2f3ce6cdcd98fab40f", "b8189bf838099e9c6aebaa083abe32c23d5eeb2737467151fe58ef17cc919a9e", "b87f1dc302e0bf49a65cd8fb24f8e44809d5488dce30257597a3856afb9f55c1", "cbf9a46b64bd4c5122f5bdf7a50b8e635f9cd8792d124a2d818df1562074d916", "d6575780888ebc64ba8cc181c289c2193d68d658bb79fbad75cb014e5843fe0f", "eb75f663d2145a509ae8db9126cee9d77d4942f0e24044db324ac45f894b4197", "f6083599947328d2637adb3cb9810fefd0d9195c504dc2e081fcfca776090c2b"], "name": "Remcos_Mutex_Inj"}, {"hashes": ["56edbbad8c6bfd8ffece2f6d59e47d8b8ab4730c9b44f110d90c8beff0be8c03", "a50c6bc01cacaf3c8bd51ac98b682501f25486ad25c43f2f3ce6cdcd98fab40f", "b87f1dc302e0bf49a65cd8fb24f8e44809d5488dce30257597a3856afb9f55c1", "cbf9a46b64bd4c5122f5bdf7a50b8e635f9cd8792d124a2d818df1562074d916"], "name": "Remcos-6CDLVU"}, {"hashes": ["414a14294a3c88613f1480a69fa0d7cf3dfbb83eedd5ef0acc3ad39f6e01ee65", "5fa2082fcb96450e08c2d7d1a679f79d70debbf80517c49f7eb24dbbba98c554", "9a12983c930602627ad459fba134a76ec4a419a103903155a54cc288a44bae35", "d6575780888ebc64ba8cc181c289c2193d68d658bb79fbad75cb014e5843fe0f"], "name": "Remcos-Q25VW5"}, {"hashes": ["b8189bf838099e9c6aebaa083abe32c23d5eeb2737467151fe58ef17cc919a9e", "eb75f663d2145a509ae8db9126cee9d77d4942f0e24044db324ac45f894b4197", "f6083599947328d2637adb3cb9810fefd0d9195c504dc2e081fcfca776090c2b"], "name": "Remcos-E2OTZW"}, {"hashes": ["5b4a1cdb25a26b59a7debb9a800df48fc287c78e21fbd373cf59cd7aec08225f", "8d47d932cd5c29686d796320a2d14821df531ae1b0f839c5c887191448ecc777", "e5e57425094babc789cd69616394e888681f05992a1cb14073655172ae3221df"], "name": "Global\\{821002dd-ed5e-42c7-a12d-1ee4469918a4}"}], "registry": [{"hashes": ["414a14294a3c88613f1480a69fa0d7cf3dfbb83eedd5ef0acc3ad39f6e01ee65", "56edbbad8c6bfd8ffece2f6d59e47d8b8ab4730c9b44f110d90c8beff0be8c03", "5fa2082fcb96450e08c2d7d1a679f79d70debbf80517c49f7eb24dbbba98c554", "9a12983c930602627ad459fba134a76ec4a419a103903155a54cc288a44bae35", "a50c6bc01cacaf3c8bd51ac98b682501f25486ad25c43f2f3ce6cdcd98fab40f", "b8189bf838099e9c6aebaa083abe32c23d5eeb2737467151fe58ef17cc919a9e", "b87f1dc302e0bf49a65cd8fb24f8e44809d5488dce30257597a3856afb9f55c1", "cbf9a46b64bd4c5122f5bdf7a50b8e635f9cd8792d124a2d818df1562074d916", "d6575780888ebc64ba8cc181c289c2193d68d658bb79fbad75cb014e5843fe0f", "eb75f663d2145a509ae8db9126cee9d77d4942f0e24044db324ac45f894b4197", "f6083599947328d2637adb3cb9810fefd0d9195c504dc2e081fcfca776090c2b"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "win"}, {"hashes": ["56edbbad8c6bfd8ffece2f6d59e47d8b8ab4730c9b44f110d90c8beff0be8c03", "a50c6bc01cacaf3c8bd51ac98b682501f25486ad25c43f2f3ce6cdcd98fab40f", "b87f1dc302e0bf49a65cd8fb24f8e44809d5488dce30257597a3856afb9f55c1", "cbf9a46b64bd4c5122f5bdf7a50b8e635f9cd8792d124a2d818df1562074d916"], "key": "<HKCU>\\SOFTWARE\\REMCOS-6CDLVU", "value_name": null}, {"hashes": ["56edbbad8c6bfd8ffece2f6d59e47d8b8ab4730c9b44f110d90c8beff0be8c03", "a50c6bc01cacaf3c8bd51ac98b682501f25486ad25c43f2f3ce6cdcd98fab40f", "b87f1dc302e0bf49a65cd8fb24f8e44809d5488dce30257597a3856afb9f55c1", "cbf9a46b64bd4c5122f5bdf7a50b8e635f9cd8792d124a2d818df1562074d916"], "key": "<HKCU>\\SOFTWARE\\REMCOS-6CDLVU", "value_name": "exepath"}, {"hashes": ["56edbbad8c6bfd8ffece2f6d59e47d8b8ab4730c9b44f110d90c8beff0be8c03", "a50c6bc01cacaf3c8bd51ac98b682501f25486ad25c43f2f3ce6cdcd98fab40f", "b87f1dc302e0bf49a65cd8fb24f8e44809d5488dce30257597a3856afb9f55c1", "cbf9a46b64bd4c5122f5bdf7a50b8e635f9cd8792d124a2d818df1562074d916"], "key": "<HKCU>\\SOFTWARE\\REMCOS-6CDLVU", "value_name": "licence"}, {"hashes": ["414a14294a3c88613f1480a69fa0d7cf3dfbb83eedd5ef0acc3ad39f6e01ee65", "5fa2082fcb96450e08c2d7d1a679f79d70debbf80517c49f7eb24dbbba98c554", "9a12983c930602627ad459fba134a76ec4a419a103903155a54cc288a44bae35", "d6575780888ebc64ba8cc181c289c2193d68d658bb79fbad75cb014e5843fe0f"], "key": "<HKCU>\\SOFTWARE\\REMCOS-Q25VW5", "value_name": null}, {"hashes": ["414a14294a3c88613f1480a69fa0d7cf3dfbb83eedd5ef0acc3ad39f6e01ee65", "5fa2082fcb96450e08c2d7d1a679f79d70debbf80517c49f7eb24dbbba98c554", "9a12983c930602627ad459fba134a76ec4a419a103903155a54cc288a44bae35", "d6575780888ebc64ba8cc181c289c2193d68d658bb79fbad75cb014e5843fe0f"], "key": "<HKCU>\\SOFTWARE\\REMCOS-Q25VW5", "value_name": "exepath"}, {"hashes": ["414a14294a3c88613f1480a69fa0d7cf3dfbb83eedd5ef0acc3ad39f6e01ee65", "5fa2082fcb96450e08c2d7d1a679f79d70debbf80517c49f7eb24dbbba98c554", "9a12983c930602627ad459fba134a76ec4a419a103903155a54cc288a44bae35", "d6575780888ebc64ba8cc181c289c2193d68d658bb79fbad75cb014e5843fe0f"], "key": "<HKCU>\\SOFTWARE\\REMCOS-Q25VW5", "value_name": "licence"}, {"hashes": ["5b4a1cdb25a26b59a7debb9a800df48fc287c78e21fbd373cf59cd7aec08225f", "8d47d932cd5c29686d796320a2d14821df531ae1b0f839c5c887191448ecc777", "e5e57425094babc789cd69616394e888681f05992a1cb14073655172ae3221df"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "AGP Manager"}, {"hashes": ["b8189bf838099e9c6aebaa083abe32c23d5eeb2737467151fe58ef17cc919a9e", "eb75f663d2145a509ae8db9126cee9d77d4942f0e24044db324ac45f894b4197", "f6083599947328d2637adb3cb9810fefd0d9195c504dc2e081fcfca776090c2b"], "key": "<HKCU>\\SOFTWARE\\REMCOS-E2OTZW", "value_name": null}, {"hashes": ["b8189bf838099e9c6aebaa083abe32c23d5eeb2737467151fe58ef17cc919a9e", "eb75f663d2145a509ae8db9126cee9d77d4942f0e24044db324ac45f894b4197", "f6083599947328d2637adb3cb9810fefd0d9195c504dc2e081fcfca776090c2b"], "key": "<HKCU>\\SOFTWARE\\REMCOS-E2OTZW", "value_name": "exepath"}, {"hashes": ["b8189bf838099e9c6aebaa083abe32c23d5eeb2737467151fe58ef17cc919a9e", "eb75f663d2145a509ae8db9126cee9d77d4942f0e24044db324ac45f894b4197", "f6083599947328d2637adb3cb9810fefd0d9195c504dc2e081fcfca776090c2b"], "key": "<HKCU>\\SOFTWARE\\REMCOS-E2OTZW", "value_name": "licence"}]}, "reports_count": 19}, "Win.Malware.Kovter-9841885-0": {"bis": [{"bi": "memory-execute-readwrite", "hashes": ["dae404203ecb4942717717daa56c202eb90e48bff8c9df977f603f6044510991", "c222b7aa51213113b91b48fb7331d4351e6243e689d3241c322395667b01e884"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["dae404203ecb4942717717daa56c202eb90e48bff8c9df977f603f6044510991", "c222b7aa51213113b91b48fb7331d4351e6243e689d3241c322395667b01e884"], "mitre_attack_tags": []}, {"bi": "modified-file-in-user-dir", "hashes": ["dae404203ecb4942717717daa56c202eb90e48bff8c9df977f603f6044510991", "c222b7aa51213113b91b48fb7331d4351e6243e689d3241c322395667b01e884"], "mitre_attack_tags": []}, {"bi": "cta-static-analyzer-malicious", "hashes": ["dae404203ecb4942717717daa56c202eb90e48bff8c9df977f603f6044510991", "c222b7aa51213113b91b48fb7331d4351e6243e689d3241c322395667b01e884"], "mitre_attack_tags": []}, {"bi": "artifact-flagged-anomaly", "hashes": ["dae404203ecb4942717717daa56c202eb90e48bff8c9df977f603f6044510991", "c222b7aa51213113b91b48fb7331d4351e6243e689d3241c322395667b01e884"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "artifact-flagged-obfuscation", "hashes": ["dae404203ecb4942717717daa56c202eb90e48bff8c9df977f603f6044510991", "c222b7aa51213113b91b48fb7331d4351e6243e689d3241c322395667b01e884"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "wmi-process-create", "hashes": ["dae404203ecb4942717717daa56c202eb90e48bff8c9df977f603f6044510991", "c222b7aa51213113b91b48fb7331d4351e6243e689d3241c322395667b01e884"], "mitre_attack_tags": ["TA0005", "TA0002", "T1218", "T1047"]}, {"bi": "network-file-uploaded", "hashes": ["dae404203ecb4942717717daa56c202eb90e48bff8c9df977f603f6044510991", "c222b7aa51213113b91b48fb7331d4351e6243e689d3241c322395667b01e884"], "mitre_attack_tags": ["TA0010", "T1011"]}, {"bi": "process-long-cmdline", "hashes": ["dae404203ecb4942717717daa56c202eb90e48bff8c9df977f603f6044510991", "c222b7aa51213113b91b48fb7331d4351e6243e689d3241c322395667b01e884"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "network-http-numeric-ip", "hashes": ["dae404203ecb4942717717daa56c202eb90e48bff8c9df977f603f6044510991", "c222b7aa51213113b91b48fb7331d4351e6243e689d3241c322395667b01e884"], "mitre_attack_tags": ["TA0011", "T1071"]}, {"bi": "network-communications-http-post", "hashes": ["dae404203ecb4942717717daa56c202eb90e48bff8c9df977f603f6044510991", "c222b7aa51213113b91b48fb7331d4351e6243e689d3241c322395667b01e884"], "mitre_attack_tags": ["TA0010", "T1048"]}, {"bi": "network-private-ip-address", "hashes": ["dae404203ecb4942717717daa56c202eb90e48bff8c9df977f603f6044510991", "c222b7aa51213113b91b48fb7331d4351e6243e689d3241c322395667b01e884"], "mitre_attack_tags": ["TA0007", "T1016"]}, {"bi": "excessive-foreign-memory-modification", "hashes": ["dae404203ecb4942717717daa56c202eb90e48bff8c9df977f603f6044510991", "c222b7aa51213113b91b48fb7331d4351e6243e689d3241c322395667b01e884"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "pe-uses-visual-basic", "hashes": ["dae404203ecb4942717717daa56c202eb90e48bff8c9df977f603f6044510991", "c222b7aa51213113b91b48fb7331d4351e6243e689d3241c322395667b01e884"], "mitre_attack_tags": []}, {"bi": "deleted-submitted-file", "hashes": ["dae404203ecb4942717717daa56c202eb90e48bff8c9df977f603f6044510991", "c222b7aa51213113b91b48fb7331d4351e6243e689d3241c322395667b01e884"], "mitre_attack_tags": ["TA0005", "T1070"]}, {"bi": "compound-vb-self-delete", "hashes": ["dae404203ecb4942717717daa56c202eb90e48bff8c9df977f603f6044510991", "c222b7aa51213113b91b48fb7331d4351e6243e689d3241c322395667b01e884"], "mitre_attack_tags": []}, {"bi": "registry-autorun-key-modified", "hashes": ["dae404203ecb4942717717daa56c202eb90e48bff8c9df977f603f6044510991", "c222b7aa51213113b91b48fb7331d4351e6243e689d3241c322395667b01e884"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "excessive-tcp-connections", "hashes": ["dae404203ecb4942717717daa56c202eb90e48bff8c9df977f603f6044510991", "c222b7aa51213113b91b48fb7331d4351e6243e689d3241c322395667b01e884"], "mitre_attack_tags": ["TA0011", "T1095", "T1008"]}, {"bi": "potential-registry-script-execution", "hashes": ["dae404203ecb4942717717daa56c202eb90e48bff8c9df977f603f6044510991", "c222b7aa51213113b91b48fb7331d4351e6243e689d3241c322395667b01e884"], "mitre_attack_tags": []}, {"bi": "registry-large-data-entry", "hashes": ["dae404203ecb4942717717daa56c202eb90e48bff8c9df977f603f6044510991", "c222b7aa51213113b91b48fb7331d4351e6243e689d3241c322395667b01e884"], "mitre_attack_tags": ["TA0005", "T1112"]}, {"bi": "powershell-invoke-expression-environment", "hashes": ["dae404203ecb4942717717daa56c202eb90e48bff8c9df977f603f6044510991", "c222b7aa51213113b91b48fb7331d4351e6243e689d3241c322395667b01e884"], "mitre_attack_tags": ["TA0005", "TA0002", "T1202", "T1059"]}, {"bi": "registry-modification-reg", "hashes": ["dae404203ecb4942717717daa56c202eb90e48bff8c9df977f603f6044510991", "c222b7aa51213113b91b48fb7331d4351e6243e689d3241c322395667b01e884"], "mitre_attack_tags": []}, {"bi": "powershell-invoke-expression", "hashes": ["dae404203ecb4942717717daa56c202eb90e48bff8c9df977f603f6044510991", "c222b7aa51213113b91b48fb7331d4351e6243e689d3241c322395667b01e884"], "mitre_attack_tags": ["TA0005", "TA0002", "T1202", "T1059"]}, {"bi": "process-hollowing-detected", "hashes": ["dae404203ecb4942717717daa56c202eb90e48bff8c9df977f603f6044510991", "c222b7aa51213113b91b48fb7331d4351e6243e689d3241c322395667b01e884"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "files-created-batch", "hashes": ["dae404203ecb4942717717daa56c202eb90e48bff8c9df977f603f6044510991", "c222b7aa51213113b91b48fb7331d4351e6243e689d3241c322395667b01e884"], "mitre_attack_tags": ["TA0002", "T1059"]}, {"bi": "startup-folder-modification", "hashes": ["dae404203ecb4942717717daa56c202eb90e48bff8c9df977f603f6044510991", "c222b7aa51213113b91b48fb7331d4351e6243e689d3241c322395667b01e884"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "artifact-lnk-calls-cmd", "hashes": ["dae404203ecb4942717717daa56c202eb90e48bff8c9df977f603f6044510991", "c222b7aa51213113b91b48fb7331d4351e6243e689d3241c322395667b01e884"], "mitre_attack_tags": ["TA0002", "T1059"]}, {"bi": "startup-folder-lnk-file", "hashes": ["dae404203ecb4942717717daa56c202eb90e48bff8c9df977f603f6044510991", "c222b7aa51213113b91b48fb7331d4351e6243e689d3241c322395667b01e884"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "microsoft-block-rule-list-app-executed", "hashes": ["dae404203ecb4942717717daa56c202eb90e48bff8c9df977f603f6044510991", "c222b7aa51213113b91b48fb7331d4351e6243e689d3241c322395667b01e884"], "mitre_attack_tags": ["TA0005", "T1562"]}, {"bi": "registry-shell-default-file-handler-created", "hashes": ["dae404203ecb4942717717daa56c202eb90e48bff8c9df977f603f6044510991", "c222b7aa51213113b91b48fb7331d4351e6243e689d3241c322395667b01e884"], "mitre_attack_tags": ["TA0003", "TA0004", "T1546"]}, {"bi": "process-check-virtualbox", "hashes": ["dae404203ecb4942717717daa56c202eb90e48bff8c9df977f603f6044510991", "c222b7aa51213113b91b48fb7331d4351e6243e689d3241c322395667b01e884"], "mitre_attack_tags": ["TA0005", "TA0007", "T1497"]}, {"bi": "malware-kovter-registry", "hashes": ["dae404203ecb4942717717daa56c202eb90e48bff8c9df977f603f6044510991", "c222b7aa51213113b91b48fb7331d4351e6243e689d3241c322395667b01e884"], "mitre_attack_tags": []}, {"bi": "service-dll-registration", "hashes": ["dae404203ecb4942717717daa56c202eb90e48bff8c9df977f603f6044510991", "c222b7aa51213113b91b48fb7331d4351e6243e689d3241c322395667b01e884"], "mitre_attack_tags": ["TA0003", "TA0004", "T1543"]}, {"bi": "registry-script-detected", "hashes": ["dae404203ecb4942717717daa56c202eb90e48bff8c9df977f603f6044510991", "c222b7aa51213113b91b48fb7331d4351e6243e689d3241c322395667b01e884"], "mitre_attack_tags": ["TA0005", "TA0002", "T1112", "T1059"]}, {"bi": "process-mshta-cmdline-script", "hashes": ["dae404203ecb4942717717daa56c202eb90e48bff8c9df977f603f6044510991", "c222b7aa51213113b91b48fb7331d4351e6243e689d3241c322395667b01e884"], "mitre_attack_tags": ["TA0005", "T1218"]}, {"bi": "registry-ie-zone-settings-modified", "hashes": ["dae404203ecb4942717717daa56c202eb90e48bff8c9df977f603f6044510991", "c222b7aa51213113b91b48fb7331d4351e6243e689d3241c322395667b01e884"], "mitre_attack_tags": ["TA0005", "T1562"]}, {"bi": "mshta-in-registry", "hashes": ["dae404203ecb4942717717daa56c202eb90e48bff8c9df977f603f6044510991", "c222b7aa51213113b91b48fb7331d4351e6243e689d3241c322395667b01e884"], "mitre_attack_tags": ["TA0005", "T1112", "T1218"]}, {"bi": "file-handler-registration", "hashes": ["dae404203ecb4942717717daa56c202eb90e48bff8c9df977f603f6044510991", "c222b7aa51213113b91b48fb7331d4351e6243e689d3241c322395667b01e884"], "mitre_attack_tags": ["TA0003", "TA0004", "T1546"]}, {"bi": "nginx-webserver-detected", "hashes": ["dae404203ecb4942717717daa56c202eb90e48bff8c9df977f603f6044510991"], "mitre_attack_tags": []}, {"bi": "http-response-client-error", "hashes": ["dae404203ecb4942717717daa56c202eb90e48bff8c9df977f603f6044510991"], "mitre_attack_tags": []}], "category": "Malware", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": true, "Threat Grid": true, "Umbrella": false, "WSA": false}, "description": "Kovter is known for its fileless persistence mechanism. This family of malware creates several malicious registry entries which store its malicious code. Kovter is capable of reinfecting a system, even if the file system has been cleaned of the infection. Kovter has been used in the past to spread ransomware and click-fraud malware.", "hashes": ["0b7537200e29628a1838a8ca3607468ee06552aa6d97eed13fc7ed4a465dddc6", "2f36738c5d4df19393ca7e9a77b2689166b4d2b029369b14a24a9fafd1191c4a", "2f382f4c0a1760b262a8aef8f21967f8b96d7ac2c335152d690f50497a709b66", "86af7c36e2e4b2fae3bea62a2c8c4a690ee511194b1c936f38ce03fd77929203", "93799a8d8f9337a2563ef363c399e37a7b85452411ead280b3abcbeb1566eb78", "acae0418ee6920446be13ca46777a605f00663d34db43c8d5bdbca87c01152a0", "c222b7aa51213113b91b48fb7331d4351e6243e689d3241c322395667b01e884", "c26758c7c76f7eb2475302163081c60474d32e56464688da692bedd66428238d", "cd6c098b191569d91501714b4e38ff8d725972c1df35ec20a2ca77e891335206", "dae404203ecb4942717717daa56c202eb90e48bff8c9df977f603f6044510991"], "iocs": {"domain": [], "file": [{"hashes": ["0b7537200e29628a1838a8ca3607468ee06552aa6d97eed13fc7ed4a465dddc6", "2f36738c5d4df19393ca7e9a77b2689166b4d2b029369b14a24a9fafd1191c4a", "2f382f4c0a1760b262a8aef8f21967f8b96d7ac2c335152d690f50497a709b66", "86af7c36e2e4b2fae3bea62a2c8c4a690ee511194b1c936f38ce03fd77929203", "93799a8d8f9337a2563ef363c399e37a7b85452411ead280b3abcbeb1566eb78", "acae0418ee6920446be13ca46777a605f00663d34db43c8d5bdbca87c01152a0", "c222b7aa51213113b91b48fb7331d4351e6243e689d3241c322395667b01e884", "c26758c7c76f7eb2475302163081c60474d32e56464688da692bedd66428238d", "cd6c098b191569d91501714b4e38ff8d725972c1df35ec20a2ca77e891335206", "dae404203ecb4942717717daa56c202eb90e48bff8c9df977f603f6044510991"], "path": "%TEMP%\\VB<random, matching [A-F0-9]{3,4}>.tmp"}, {"hashes": ["2f36738c5d4df19393ca7e9a77b2689166b4d2b029369b14a24a9fafd1191c4a", "2f382f4c0a1760b262a8aef8f21967f8b96d7ac2c335152d690f50497a709b66", "86af7c36e2e4b2fae3bea62a2c8c4a690ee511194b1c936f38ce03fd77929203", "93799a8d8f9337a2563ef363c399e37a7b85452411ead280b3abcbeb1566eb78", "acae0418ee6920446be13ca46777a605f00663d34db43c8d5bdbca87c01152a0", "c222b7aa51213113b91b48fb7331d4351e6243e689d3241c322395667b01e884", "c26758c7c76f7eb2475302163081c60474d32e56464688da692bedd66428238d", "cd6c098b191569d91501714b4e38ff8d725972c1df35ec20a2ca77e891335206", "dae404203ecb4942717717daa56c202eb90e48bff8c9df977f603f6044510991"], "path": "%LOCALAPPDATA%\\4dd3cc"}, {"hashes": ["2f36738c5d4df19393ca7e9a77b2689166b4d2b029369b14a24a9fafd1191c4a", "2f382f4c0a1760b262a8aef8f21967f8b96d7ac2c335152d690f50497a709b66", "86af7c36e2e4b2fae3bea62a2c8c4a690ee511194b1c936f38ce03fd77929203", "93799a8d8f9337a2563ef363c399e37a7b85452411ead280b3abcbeb1566eb78", "acae0418ee6920446be13ca46777a605f00663d34db43c8d5bdbca87c01152a0", "c222b7aa51213113b91b48fb7331d4351e6243e689d3241c322395667b01e884", "c26758c7c76f7eb2475302163081c60474d32e56464688da692bedd66428238d", "cd6c098b191569d91501714b4e38ff8d725972c1df35ec20a2ca77e891335206", "dae404203ecb4942717717daa56c202eb90e48bff8c9df977f603f6044510991"], "path": "%LOCALAPPDATA%\\4dd3cc\\519d0f.bat"}, {"hashes": ["2f36738c5d4df19393ca7e9a77b2689166b4d2b029369b14a24a9fafd1191c4a", "2f382f4c0a1760b262a8aef8f21967f8b96d7ac2c335152d690f50497a709b66", "86af7c36e2e4b2fae3bea62a2c8c4a690ee511194b1c936f38ce03fd77929203", "93799a8d8f9337a2563ef363c399e37a7b85452411ead280b3abcbeb1566eb78", "acae0418ee6920446be13ca46777a605f00663d34db43c8d5bdbca87c01152a0", "c222b7aa51213113b91b48fb7331d4351e6243e689d3241c322395667b01e884", "c26758c7c76f7eb2475302163081c60474d32e56464688da692bedd66428238d", "cd6c098b191569d91501714b4e38ff8d725972c1df35ec20a2ca77e891335206", "dae404203ecb4942717717daa56c202eb90e48bff8c9df977f603f6044510991"], "path": "%LOCALAPPDATA%\\4dd3cc\\8e9866.8ca9d79"}, {"hashes": ["2f36738c5d4df19393ca7e9a77b2689166b4d2b029369b14a24a9fafd1191c4a", "2f382f4c0a1760b262a8aef8f21967f8b96d7ac2c335152d690f50497a709b66", "86af7c36e2e4b2fae3bea62a2c8c4a690ee511194b1c936f38ce03fd77929203", "93799a8d8f9337a2563ef363c399e37a7b85452411ead280b3abcbeb1566eb78", "acae0418ee6920446be13ca46777a605f00663d34db43c8d5bdbca87c01152a0", "c222b7aa51213113b91b48fb7331d4351e6243e689d3241c322395667b01e884", "c26758c7c76f7eb2475302163081c60474d32e56464688da692bedd66428238d", "cd6c098b191569d91501714b4e38ff8d725972c1df35ec20a2ca77e891335206", "dae404203ecb4942717717daa56c202eb90e48bff8c9df977f603f6044510991"], "path": "%LOCALAPPDATA%\\4dd3cc\\d95adb.lnk"}, {"hashes": ["2f36738c5d4df19393ca7e9a77b2689166b4d2b029369b14a24a9fafd1191c4a", "2f382f4c0a1760b262a8aef8f21967f8b96d7ac2c335152d690f50497a709b66", "86af7c36e2e4b2fae3bea62a2c8c4a690ee511194b1c936f38ce03fd77929203", "93799a8d8f9337a2563ef363c399e37a7b85452411ead280b3abcbeb1566eb78", "acae0418ee6920446be13ca46777a605f00663d34db43c8d5bdbca87c01152a0", "c222b7aa51213113b91b48fb7331d4351e6243e689d3241c322395667b01e884", "c26758c7c76f7eb2475302163081c60474d32e56464688da692bedd66428238d", "cd6c098b191569d91501714b4e38ff8d725972c1df35ec20a2ca77e891335206", "dae404203ecb4942717717daa56c202eb90e48bff8c9df977f603f6044510991"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\91b4e5.lnk"}, {"hashes": ["2f36738c5d4df19393ca7e9a77b2689166b4d2b029369b14a24a9fafd1191c4a", "2f382f4c0a1760b262a8aef8f21967f8b96d7ac2c335152d690f50497a709b66", "86af7c36e2e4b2fae3bea62a2c8c4a690ee511194b1c936f38ce03fd77929203", "93799a8d8f9337a2563ef363c399e37a7b85452411ead280b3abcbeb1566eb78", "acae0418ee6920446be13ca46777a605f00663d34db43c8d5bdbca87c01152a0", "c222b7aa51213113b91b48fb7331d4351e6243e689d3241c322395667b01e884", "c26758c7c76f7eb2475302163081c60474d32e56464688da692bedd66428238d", "cd6c098b191569d91501714b4e38ff8d725972c1df35ec20a2ca77e891335206", "dae404203ecb4942717717daa56c202eb90e48bff8c9df977f603f6044510991"], "path": "%APPDATA%\\b08d66"}, {"hashes": ["2f36738c5d4df19393ca7e9a77b2689166b4d2b029369b14a24a9fafd1191c4a", "2f382f4c0a1760b262a8aef8f21967f8b96d7ac2c335152d690f50497a709b66", "86af7c36e2e4b2fae3bea62a2c8c4a690ee511194b1c936f38ce03fd77929203", "93799a8d8f9337a2563ef363c399e37a7b85452411ead280b3abcbeb1566eb78", "acae0418ee6920446be13ca46777a605f00663d34db43c8d5bdbca87c01152a0", "c222b7aa51213113b91b48fb7331d4351e6243e689d3241c322395667b01e884", "c26758c7c76f7eb2475302163081c60474d32e56464688da692bedd66428238d", "cd6c098b191569d91501714b4e38ff8d725972c1df35ec20a2ca77e891335206", "dae404203ecb4942717717daa56c202eb90e48bff8c9df977f603f6044510991"], "path": "%APPDATA%\\b08d66\\0b3c0b.8ca9d79"}, {"hashes": ["2f382f4c0a1760b262a8aef8f21967f8b96d7ac2c335152d690f50497a709b66", "86af7c36e2e4b2fae3bea62a2c8c4a690ee511194b1c936f38ce03fd77929203", "93799a8d8f9337a2563ef363c399e37a7b85452411ead280b3abcbeb1566eb78", "c26758c7c76f7eb2475302163081c60474d32e56464688da692bedd66428238d"], "path": "%LOCALAPPDATA%\\4c1c13\\2059f9.bat"}, {"hashes": ["2f382f4c0a1760b262a8aef8f21967f8b96d7ac2c335152d690f50497a709b66", "86af7c36e2e4b2fae3bea62a2c8c4a690ee511194b1c936f38ce03fd77929203", "93799a8d8f9337a2563ef363c399e37a7b85452411ead280b3abcbeb1566eb78", "c26758c7c76f7eb2475302163081c60474d32e56464688da692bedd66428238d"], "path": "%LOCALAPPDATA%\\4c1c13\\648826.59ebfae"}, {"hashes": ["2f382f4c0a1760b262a8aef8f21967f8b96d7ac2c335152d690f50497a709b66", "86af7c36e2e4b2fae3bea62a2c8c4a690ee511194b1c936f38ce03fd77929203", "93799a8d8f9337a2563ef363c399e37a7b85452411ead280b3abcbeb1566eb78", "c26758c7c76f7eb2475302163081c60474d32e56464688da692bedd66428238d"], "path": "%LOCALAPPDATA%\\4c1c13\\81905c.lnk"}, {"hashes": ["2f382f4c0a1760b262a8aef8f21967f8b96d7ac2c335152d690f50497a709b66", "86af7c36e2e4b2fae3bea62a2c8c4a690ee511194b1c936f38ce03fd77929203", "93799a8d8f9337a2563ef363c399e37a7b85452411ead280b3abcbeb1566eb78", "c26758c7c76f7eb2475302163081c60474d32e56464688da692bedd66428238d"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\f1cd71.lnk"}, {"hashes": ["2f382f4c0a1760b262a8aef8f21967f8b96d7ac2c335152d690f50497a709b66", "86af7c36e2e4b2fae3bea62a2c8c4a690ee511194b1c936f38ce03fd77929203", "93799a8d8f9337a2563ef363c399e37a7b85452411ead280b3abcbeb1566eb78", "c26758c7c76f7eb2475302163081c60474d32e56464688da692bedd66428238d"], "path": "%APPDATA%\\ebbbd3\\2feee3.59ebfae"}], "ip": [{"hashes": ["86af7c36e2e4b2fae3bea62a2c8c4a690ee511194b1c936f38ce03fd77929203"], "ip": "156[.]177[.]224[.]13"}, {"hashes": ["86af7c36e2e4b2fae3bea62a2c8c4a690ee511194b1c936f38ce03fd77929203"], "ip": "79[.]117[.]3[.]133"}, {"hashes": ["86af7c36e2e4b2fae3bea62a2c8c4a690ee511194b1c936f38ce03fd77929203"], "ip": "137[.]247[.]65[.]109"}, {"hashes": ["86af7c36e2e4b2fae3bea62a2c8c4a690ee511194b1c936f38ce03fd77929203"], "ip": "51[.]245[.]14[.]172"}, {"hashes": ["86af7c36e2e4b2fae3bea62a2c8c4a690ee511194b1c936f38ce03fd77929203"], "ip": "158[.]132[.]163[.]126"}, {"hashes": ["86af7c36e2e4b2fae3bea62a2c8c4a690ee511194b1c936f38ce03fd77929203"], "ip": "155[.]24[.]190[.]122"}, {"hashes": ["86af7c36e2e4b2fae3bea62a2c8c4a690ee511194b1c936f38ce03fd77929203"], "ip": "41[.]8[.]182[.]162"}, {"hashes": ["86af7c36e2e4b2fae3bea62a2c8c4a690ee511194b1c936f38ce03fd77929203"], "ip": "212[.]140[.]105[.]191"}, {"hashes": ["86af7c36e2e4b2fae3bea62a2c8c4a690ee511194b1c936f38ce03fd77929203"], "ip": "193[.]42[.]232[.]97"}, {"hashes": ["86af7c36e2e4b2fae3bea62a2c8c4a690ee511194b1c936f38ce03fd77929203"], "ip": "22[.]183[.]51[.]194"}, {"hashes": ["86af7c36e2e4b2fae3bea62a2c8c4a690ee511194b1c936f38ce03fd77929203"], "ip": "63[.]87[.]161[.]130"}, {"hashes": ["86af7c36e2e4b2fae3bea62a2c8c4a690ee511194b1c936f38ce03fd77929203"], "ip": "101[.]110[.]80[.]108"}, {"hashes": ["86af7c36e2e4b2fae3bea62a2c8c4a690ee511194b1c936f38ce03fd77929203"], "ip": "84[.]231[.]249[.]67"}, {"hashes": ["86af7c36e2e4b2fae3bea62a2c8c4a690ee511194b1c936f38ce03fd77929203"], "ip": "145[.]103[.]38[.]134"}, {"hashes": ["86af7c36e2e4b2fae3bea62a2c8c4a690ee511194b1c936f38ce03fd77929203"], "ip": "187[.]9[.]188[.]168"}, {"hashes": ["86af7c36e2e4b2fae3bea62a2c8c4a690ee511194b1c936f38ce03fd77929203"], "ip": "218[.]59[.]115[.]81"}, {"hashes": ["86af7c36e2e4b2fae3bea62a2c8c4a690ee511194b1c936f38ce03fd77929203"], "ip": "185[.]61[.]114[.]148"}, {"hashes": ["86af7c36e2e4b2fae3bea62a2c8c4a690ee511194b1c936f38ce03fd77929203"], "ip": "37[.]144[.]97[.]224"}, {"hashes": ["86af7c36e2e4b2fae3bea62a2c8c4a690ee511194b1c936f38ce03fd77929203"], "ip": "166[.]253[.]117[.]155"}, {"hashes": ["86af7c36e2e4b2fae3bea62a2c8c4a690ee511194b1c936f38ce03fd77929203"], "ip": "201[.]173[.]201[.]198"}, {"hashes": ["86af7c36e2e4b2fae3bea62a2c8c4a690ee511194b1c936f38ce03fd77929203"], "ip": "153[.]224[.]90[.]94"}, {"hashes": ["86af7c36e2e4b2fae3bea62a2c8c4a690ee511194b1c936f38ce03fd77929203"], "ip": "34[.]47[.]38[.]208"}, {"hashes": ["86af7c36e2e4b2fae3bea62a2c8c4a690ee511194b1c936f38ce03fd77929203"], "ip": "164[.]174[.]35[.]125"}, {"hashes": ["86af7c36e2e4b2fae3bea62a2c8c4a690ee511194b1c936f38ce03fd77929203"], "ip": "82[.]63[.]153[.]218"}, {"hashes": ["86af7c36e2e4b2fae3bea62a2c8c4a690ee511194b1c936f38ce03fd77929203"], "ip": "61[.]144[.]109[.]181"}, {"hashes": ["86af7c36e2e4b2fae3bea62a2c8c4a690ee511194b1c936f38ce03fd77929203"], "ip": "24[.]171[.]247[.]154"}, {"hashes": ["86af7c36e2e4b2fae3bea62a2c8c4a690ee511194b1c936f38ce03fd77929203"], "ip": "189[.]9[.]77[.]200"}, {"hashes": ["86af7c36e2e4b2fae3bea62a2c8c4a690ee511194b1c936f38ce03fd77929203"], "ip": "71[.]228[.]82[.]134"}, {"hashes": ["86af7c36e2e4b2fae3bea62a2c8c4a690ee511194b1c936f38ce03fd77929203"], "ip": "54[.]148[.]23[.]243"}, {"hashes": ["86af7c36e2e4b2fae3bea62a2c8c4a690ee511194b1c936f38ce03fd77929203"], "ip": "122[.]54[.]148[.]221"}, {"hashes": ["86af7c36e2e4b2fae3bea62a2c8c4a690ee511194b1c936f38ce03fd77929203"], "ip": "85[.]241[.]227[.]182"}, {"hashes": ["86af7c36e2e4b2fae3bea62a2c8c4a690ee511194b1c936f38ce03fd77929203"], "ip": "219[.]22[.]78[.]64"}, {"hashes": ["86af7c36e2e4b2fae3bea62a2c8c4a690ee511194b1c936f38ce03fd77929203"], "ip": "205[.]105[.]168[.]255"}, {"hashes": ["86af7c36e2e4b2fae3bea62a2c8c4a690ee511194b1c936f38ce03fd77929203"], "ip": "21[.]163[.]65[.]170"}, {"hashes": ["86af7c36e2e4b2fae3bea62a2c8c4a690ee511194b1c936f38ce03fd77929203"], "ip": "150[.]201[.]111[.]167"}, {"hashes": ["86af7c36e2e4b2fae3bea62a2c8c4a690ee511194b1c936f38ce03fd77929203"], "ip": "62[.]10[.]35[.]228"}, {"hashes": ["86af7c36e2e4b2fae3bea62a2c8c4a690ee511194b1c936f38ce03fd77929203"], "ip": "223[.]147[.]123[.]90"}, {"hashes": ["86af7c36e2e4b2fae3bea62a2c8c4a690ee511194b1c936f38ce03fd77929203"], "ip": "117[.]174[.]98[.]149"}, {"hashes": ["86af7c36e2e4b2fae3bea62a2c8c4a690ee511194b1c936f38ce03fd77929203"], "ip": "111[.]203[.]152[.]126"}, {"hashes": ["86af7c36e2e4b2fae3bea62a2c8c4a690ee511194b1c936f38ce03fd77929203"], "ip": "131[.]242[.]115[.]184"}, {"hashes": ["86af7c36e2e4b2fae3bea62a2c8c4a690ee511194b1c936f38ce03fd77929203"], "ip": "90[.]9[.]180[.]28"}, {"hashes": ["86af7c36e2e4b2fae3bea62a2c8c4a690ee511194b1c936f38ce03fd77929203"], "ip": "177[.]29[.]137[.]143"}, {"hashes": ["86af7c36e2e4b2fae3bea62a2c8c4a690ee511194b1c936f38ce03fd77929203"], "ip": "54[.]221[.]90[.]119"}, {"hashes": ["86af7c36e2e4b2fae3bea62a2c8c4a690ee511194b1c936f38ce03fd77929203"], "ip": "161[.]255[.]108[.]183"}, {"hashes": ["86af7c36e2e4b2fae3bea62a2c8c4a690ee511194b1c936f38ce03fd77929203"], "ip": "166[.]222[.]7[.]175"}, {"hashes": ["86af7c36e2e4b2fae3bea62a2c8c4a690ee511194b1c936f38ce03fd77929203"], "ip": "7[.]41[.]8[.]26"}, {"hashes": ["86af7c36e2e4b2fae3bea62a2c8c4a690ee511194b1c936f38ce03fd77929203"], "ip": "161[.]234[.]239[.]19"}, {"hashes": ["86af7c36e2e4b2fae3bea62a2c8c4a690ee511194b1c936f38ce03fd77929203"], "ip": "201[.]2[.]116[.]72"}, {"hashes": ["86af7c36e2e4b2fae3bea62a2c8c4a690ee511194b1c936f38ce03fd77929203"], "ip": "114[.]55[.]163[.]254"}, {"hashes": ["86af7c36e2e4b2fae3bea62a2c8c4a690ee511194b1c936f38ce03fd77929203"], "ip": "179[.]148[.]79[.]151"}], "mutex": [{"hashes": ["2f36738c5d4df19393ca7e9a77b2689166b4d2b029369b14a24a9fafd1191c4a", "2f382f4c0a1760b262a8aef8f21967f8b96d7ac2c335152d690f50497a709b66", "86af7c36e2e4b2fae3bea62a2c8c4a690ee511194b1c936f38ce03fd77929203", "93799a8d8f9337a2563ef363c399e37a7b85452411ead280b3abcbeb1566eb78", "acae0418ee6920446be13ca46777a605f00663d34db43c8d5bdbca87c01152a0", "c222b7aa51213113b91b48fb7331d4351e6243e689d3241c322395667b01e884", "c26758c7c76f7eb2475302163081c60474d32e56464688da692bedd66428238d", "cd6c098b191569d91501714b4e38ff8d725972c1df35ec20a2ca77e891335206", "dae404203ecb4942717717daa56c202eb90e48bff8c9df977f603f6044510991"], "name": "EA4EC370D1E573DA"}, {"hashes": ["2f36738c5d4df19393ca7e9a77b2689166b4d2b029369b14a24a9fafd1191c4a", "2f382f4c0a1760b262a8aef8f21967f8b96d7ac2c335152d690f50497a709b66", "86af7c36e2e4b2fae3bea62a2c8c4a690ee511194b1c936f38ce03fd77929203", "93799a8d8f9337a2563ef363c399e37a7b85452411ead280b3abcbeb1566eb78", "acae0418ee6920446be13ca46777a605f00663d34db43c8d5bdbca87c01152a0", "c222b7aa51213113b91b48fb7331d4351e6243e689d3241c322395667b01e884", "c26758c7c76f7eb2475302163081c60474d32e56464688da692bedd66428238d", "cd6c098b191569d91501714b4e38ff8d725972c1df35ec20a2ca77e891335206", "dae404203ecb4942717717daa56c202eb90e48bff8c9df977f603f6044510991"], "name": "A83BAA13F950654C"}, {"hashes": ["2f36738c5d4df19393ca7e9a77b2689166b4d2b029369b14a24a9fafd1191c4a", "2f382f4c0a1760b262a8aef8f21967f8b96d7ac2c335152d690f50497a709b66", "86af7c36e2e4b2fae3bea62a2c8c4a690ee511194b1c936f38ce03fd77929203", "93799a8d8f9337a2563ef363c399e37a7b85452411ead280b3abcbeb1566eb78", "acae0418ee6920446be13ca46777a605f00663d34db43c8d5bdbca87c01152a0", "c222b7aa51213113b91b48fb7331d4351e6243e689d3241c322395667b01e884", "c26758c7c76f7eb2475302163081c60474d32e56464688da692bedd66428238d", "cd6c098b191569d91501714b4e38ff8d725972c1df35ec20a2ca77e891335206", "dae404203ecb4942717717daa56c202eb90e48bff8c9df977f603f6044510991"], "name": "Global\\7A7146875A8CDE1E"}, {"hashes": ["2f36738c5d4df19393ca7e9a77b2689166b4d2b029369b14a24a9fafd1191c4a", "2f382f4c0a1760b262a8aef8f21967f8b96d7ac2c335152d690f50497a709b66", "86af7c36e2e4b2fae3bea62a2c8c4a690ee511194b1c936f38ce03fd77929203", "93799a8d8f9337a2563ef363c399e37a7b85452411ead280b3abcbeb1566eb78", "acae0418ee6920446be13ca46777a605f00663d34db43c8d5bdbca87c01152a0", "c222b7aa51213113b91b48fb7331d4351e6243e689d3241c322395667b01e884", "c26758c7c76f7eb2475302163081c60474d32e56464688da692bedd66428238d", "cd6c098b191569d91501714b4e38ff8d725972c1df35ec20a2ca77e891335206", "dae404203ecb4942717717daa56c202eb90e48bff8c9df977f603f6044510991"], "name": "B3E8F6F86CDD9D8B"}, {"hashes": ["2f36738c5d4df19393ca7e9a77b2689166b4d2b029369b14a24a9fafd1191c4a", "2f382f4c0a1760b262a8aef8f21967f8b96d7ac2c335152d690f50497a709b66", "86af7c36e2e4b2fae3bea62a2c8c4a690ee511194b1c936f38ce03fd77929203", "93799a8d8f9337a2563ef363c399e37a7b85452411ead280b3abcbeb1566eb78", "c26758c7c76f7eb2475302163081c60474d32e56464688da692bedd66428238d"], "name": "563CCFFF6B36C3AB"}, {"hashes": ["2f36738c5d4df19393ca7e9a77b2689166b4d2b029369b14a24a9fafd1191c4a", "2f382f4c0a1760b262a8aef8f21967f8b96d7ac2c335152d690f50497a709b66", "86af7c36e2e4b2fae3bea62a2c8c4a690ee511194b1c936f38ce03fd77929203", "93799a8d8f9337a2563ef363c399e37a7b85452411ead280b3abcbeb1566eb78", "c26758c7c76f7eb2475302163081c60474d32e56464688da692bedd66428238d"], "name": "2070A5364843D9D3"}, {"hashes": ["2f36738c5d4df19393ca7e9a77b2689166b4d2b029369b14a24a9fafd1191c4a", "2f382f4c0a1760b262a8aef8f21967f8b96d7ac2c335152d690f50497a709b66", "86af7c36e2e4b2fae3bea62a2c8c4a690ee511194b1c936f38ce03fd77929203", "93799a8d8f9337a2563ef363c399e37a7b85452411ead280b3abcbeb1566eb78", "c26758c7c76f7eb2475302163081c60474d32e56464688da692bedd66428238d"], "name": "Global\\B2A01B9EB1B404AD"}, {"hashes": ["0b7537200e29628a1838a8ca3607468ee06552aa6d97eed13fc7ed4a465dddc6"], "name": "Global\\16ab9361-86e5-11eb-b5f8-00501e3ae7b6"}], "registry": [{"hashes": ["2f36738c5d4df19393ca7e9a77b2689166b4d2b029369b14a24a9fafd1191c4a", "2f382f4c0a1760b262a8aef8f21967f8b96d7ac2c335152d690f50497a709b66", "86af7c36e2e4b2fae3bea62a2c8c4a690ee511194b1c936f38ce03fd77929203", "93799a8d8f9337a2563ef363c399e37a7b85452411ead280b3abcbeb1566eb78", "acae0418ee6920446be13ca46777a605f00663d34db43c8d5bdbca87c01152a0", "c222b7aa51213113b91b48fb7331d4351e6243e689d3241c322395667b01e884", "c26758c7c76f7eb2475302163081c60474d32e56464688da692bedd66428238d", "cd6c098b191569d91501714b4e38ff8d725972c1df35ec20a2ca77e891335206", "dae404203ecb4942717717daa56c202eb90e48bff8c9df977f603f6044510991"], "key": "<HKLM>\\SOFTWARE\\POLICIES\\MICROSOFT\\WINDOWS\\WINDOWSUPDATE", "value_name": "DisableOSUpgrade"}, {"hashes": ["2f36738c5d4df19393ca7e9a77b2689166b4d2b029369b14a24a9fafd1191c4a", "2f382f4c0a1760b262a8aef8f21967f8b96d7ac2c335152d690f50497a709b66", "86af7c36e2e4b2fae3bea62a2c8c4a690ee511194b1c936f38ce03fd77929203", "93799a8d8f9337a2563ef363c399e37a7b85452411ead280b3abcbeb1566eb78", "acae0418ee6920446be13ca46777a605f00663d34db43c8d5bdbca87c01152a0", "c222b7aa51213113b91b48fb7331d4351e6243e689d3241c322395667b01e884", "c26758c7c76f7eb2475302163081c60474d32e56464688da692bedd66428238d", "cd6c098b191569d91501714b4e38ff8d725972c1df35ec20a2ca77e891335206", "dae404203ecb4942717717daa56c202eb90e48bff8c9df977f603f6044510991"], "key": "<HKLM>\\SOFTWARE\\POLICIES\\MICROSOFT\\WINDOWS\\WINDOWSUPDATE\\OSUPGRADE", "value_name": "ReservationsAllowed"}, {"hashes": ["2f36738c5d4df19393ca7e9a77b2689166b4d2b029369b14a24a9fafd1191c4a", "2f382f4c0a1760b262a8aef8f21967f8b96d7ac2c335152d690f50497a709b66", "86af7c36e2e4b2fae3bea62a2c8c4a690ee511194b1c936f38ce03fd77929203", "93799a8d8f9337a2563ef363c399e37a7b85452411ead280b3abcbeb1566eb78", "acae0418ee6920446be13ca46777a605f00663d34db43c8d5bdbca87c01152a0", "c222b7aa51213113b91b48fb7331d4351e6243e689d3241c322395667b01e884", "c26758c7c76f7eb2475302163081c60474d32e56464688da692bedd66428238d", "cd6c098b191569d91501714b4e38ff8d725972c1df35ec20a2ca77e891335206", "dae404203ecb4942717717daa56c202eb90e48bff8c9df977f603f6044510991"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\XVYG", "value_name": "xedvpa"}, {"hashes": ["2f36738c5d4df19393ca7e9a77b2689166b4d2b029369b14a24a9fafd1191c4a", "2f382f4c0a1760b262a8aef8f21967f8b96d7ac2c335152d690f50497a709b66", "86af7c36e2e4b2fae3bea62a2c8c4a690ee511194b1c936f38ce03fd77929203", "93799a8d8f9337a2563ef363c399e37a7b85452411ead280b3abcbeb1566eb78", "acae0418ee6920446be13ca46777a605f00663d34db43c8d5bdbca87c01152a0", "c222b7aa51213113b91b48fb7331d4351e6243e689d3241c322395667b01e884", "c26758c7c76f7eb2475302163081c60474d32e56464688da692bedd66428238d", "cd6c098b191569d91501714b4e38ff8d725972c1df35ec20a2ca77e891335206", "dae404203ecb4942717717daa56c202eb90e48bff8c9df977f603f6044510991"], "key": "<HKCU>\\SOFTWARE\\XVYG", "value_name": "xedvpa"}, {"hashes": ["2f36738c5d4df19393ca7e9a77b2689166b4d2b029369b14a24a9fafd1191c4a", "2f382f4c0a1760b262a8aef8f21967f8b96d7ac2c335152d690f50497a709b66", "86af7c36e2e4b2fae3bea62a2c8c4a690ee511194b1c936f38ce03fd77929203", "93799a8d8f9337a2563ef363c399e37a7b85452411ead280b3abcbeb1566eb78", "acae0418ee6920446be13ca46777a605f00663d34db43c8d5bdbca87c01152a0", "c222b7aa51213113b91b48fb7331d4351e6243e689d3241c322395667b01e884", "c26758c7c76f7eb2475302163081c60474d32e56464688da692bedd66428238d", "cd6c098b191569d91501714b4e38ff8d725972c1df35ec20a2ca77e891335206", "dae404203ecb4942717717daa56c202eb90e48bff8c9df977f603f6044510991"], "key": "<HKCR>\\.8CA9D79", "value_name": ""}, {"hashes": ["2f36738c5d4df19393ca7e9a77b2689166b4d2b029369b14a24a9fafd1191c4a", "2f382f4c0a1760b262a8aef8f21967f8b96d7ac2c335152d690f50497a709b66", "86af7c36e2e4b2fae3bea62a2c8c4a690ee511194b1c936f38ce03fd77929203", "93799a8d8f9337a2563ef363c399e37a7b85452411ead280b3abcbeb1566eb78", "acae0418ee6920446be13ca46777a605f00663d34db43c8d5bdbca87c01152a0", "c222b7aa51213113b91b48fb7331d4351e6243e689d3241c322395667b01e884", "c26758c7c76f7eb2475302163081c60474d32e56464688da692bedd66428238d", "cd6c098b191569d91501714b4e38ff8d725972c1df35ec20a2ca77e891335206", "dae404203ecb4942717717daa56c202eb90e48bff8c9df977f603f6044510991"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "\u0000vrxzdhbyv"}, {"hashes": ["2f36738c5d4df19393ca7e9a77b2689166b4d2b029369b14a24a9fafd1191c4a", "2f382f4c0a1760b262a8aef8f21967f8b96d7ac2c335152d690f50497a709b66", "86af7c36e2e4b2fae3bea62a2c8c4a690ee511194b1c936f38ce03fd77929203", "93799a8d8f9337a2563ef363c399e37a7b85452411ead280b3abcbeb1566eb78", "acae0418ee6920446be13ca46777a605f00663d34db43c8d5bdbca87c01152a0", "c222b7aa51213113b91b48fb7331d4351e6243e689d3241c322395667b01e884", "c26758c7c76f7eb2475302163081c60474d32e56464688da692bedd66428238d", "cd6c098b191569d91501714b4e38ff8d725972c1df35ec20a2ca77e891335206", "dae404203ecb4942717717daa56c202eb90e48bff8c9df977f603f6044510991"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "ssishoff"}, {"hashes": ["2f36738c5d4df19393ca7e9a77b2689166b4d2b029369b14a24a9fafd1191c4a", "2f382f4c0a1760b262a8aef8f21967f8b96d7ac2c335152d690f50497a709b66", "86af7c36e2e4b2fae3bea62a2c8c4a690ee511194b1c936f38ce03fd77929203", "93799a8d8f9337a2563ef363c399e37a7b85452411ead280b3abcbeb1566eb78", "acae0418ee6920446be13ca46777a605f00663d34db43c8d5bdbca87c01152a0", "c222b7aa51213113b91b48fb7331d4351e6243e689d3241c322395667b01e884", "c26758c7c76f7eb2475302163081c60474d32e56464688da692bedd66428238d", "cd6c098b191569d91501714b4e38ff8d725972c1df35ec20a2ca77e891335206", "dae404203ecb4942717717daa56c202eb90e48bff8c9df977f603f6044510991"], "key": "<HKLM>\\SOFTWARE\\POLICIES\\MICROSOFT\\WINDOWS\\WINDOWSUPDATE", "value_name": null}, {"hashes": ["2f36738c5d4df19393ca7e9a77b2689166b4d2b029369b14a24a9fafd1191c4a", "2f382f4c0a1760b262a8aef8f21967f8b96d7ac2c335152d690f50497a709b66", "86af7c36e2e4b2fae3bea62a2c8c4a690ee511194b1c936f38ce03fd77929203", "93799a8d8f9337a2563ef363c399e37a7b85452411ead280b3abcbeb1566eb78", "acae0418ee6920446be13ca46777a605f00663d34db43c8d5bdbca87c01152a0", "c222b7aa51213113b91b48fb7331d4351e6243e689d3241c322395667b01e884", "c26758c7c76f7eb2475302163081c60474d32e56464688da692bedd66428238d", "cd6c098b191569d91501714b4e38ff8d725972c1df35ec20a2ca77e891335206", "dae404203ecb4942717717daa56c202eb90e48bff8c9df977f603f6044510991"], "key": "<HKLM>\\SOFTWARE\\POLICIES\\MICROSOFT\\WINDOWS\\WINDOWSUPDATE\\OSUPGRADE", "value_name": null}, {"hashes": ["2f36738c5d4df19393ca7e9a77b2689166b4d2b029369b14a24a9fafd1191c4a", "2f382f4c0a1760b262a8aef8f21967f8b96d7ac2c335152d690f50497a709b66", "86af7c36e2e4b2fae3bea62a2c8c4a690ee511194b1c936f38ce03fd77929203", "93799a8d8f9337a2563ef363c399e37a7b85452411ead280b3abcbeb1566eb78", "acae0418ee6920446be13ca46777a605f00663d34db43c8d5bdbca87c01152a0", "c222b7aa51213113b91b48fb7331d4351e6243e689d3241c322395667b01e884", "c26758c7c76f7eb2475302163081c60474d32e56464688da692bedd66428238d", "cd6c098b191569d91501714b4e38ff8d725972c1df35ec20a2ca77e891335206", "dae404203ecb4942717717daa56c202eb90e48bff8c9df977f603f6044510991"], "key": "<HKCU>\\SOFTWARE\\XVYG", "value_name": null}, {"hashes": ["2f36738c5d4df19393ca7e9a77b2689166b4d2b029369b14a24a9fafd1191c4a", "2f382f4c0a1760b262a8aef8f21967f8b96d7ac2c335152d690f50497a709b66", "86af7c36e2e4b2fae3bea62a2c8c4a690ee511194b1c936f38ce03fd77929203", "93799a8d8f9337a2563ef363c399e37a7b85452411ead280b3abcbeb1566eb78", "acae0418ee6920446be13ca46777a605f00663d34db43c8d5bdbca87c01152a0", "c222b7aa51213113b91b48fb7331d4351e6243e689d3241c322395667b01e884", "c26758c7c76f7eb2475302163081c60474d32e56464688da692bedd66428238d", "cd6c098b191569d91501714b4e38ff8d725972c1df35ec20a2ca77e891335206", "dae404203ecb4942717717daa56c202eb90e48bff8c9df977f603f6044510991"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\XVYG", "value_name": null}, {"hashes": ["2f36738c5d4df19393ca7e9a77b2689166b4d2b029369b14a24a9fafd1191c4a", "2f382f4c0a1760b262a8aef8f21967f8b96d7ac2c335152d690f50497a709b66", "86af7c36e2e4b2fae3bea62a2c8c4a690ee511194b1c936f38ce03fd77929203", "93799a8d8f9337a2563ef363c399e37a7b85452411ead280b3abcbeb1566eb78", "acae0418ee6920446be13ca46777a605f00663d34db43c8d5bdbca87c01152a0", "c222b7aa51213113b91b48fb7331d4351e6243e689d3241c322395667b01e884", "c26758c7c76f7eb2475302163081c60474d32e56464688da692bedd66428238d", "cd6c098b191569d91501714b4e38ff8d725972c1df35ec20a2ca77e891335206", "dae404203ecb4942717717daa56c202eb90e48bff8c9df977f603f6044510991"], "key": "<HKCR>\\C3B616", "value_name": null}, {"hashes": ["2f36738c5d4df19393ca7e9a77b2689166b4d2b029369b14a24a9fafd1191c4a", "2f382f4c0a1760b262a8aef8f21967f8b96d7ac2c335152d690f50497a709b66", "86af7c36e2e4b2fae3bea62a2c8c4a690ee511194b1c936f38ce03fd77929203", "93799a8d8f9337a2563ef363c399e37a7b85452411ead280b3abcbeb1566eb78", "acae0418ee6920446be13ca46777a605f00663d34db43c8d5bdbca87c01152a0", "c222b7aa51213113b91b48fb7331d4351e6243e689d3241c322395667b01e884", "c26758c7c76f7eb2475302163081c60474d32e56464688da692bedd66428238d", "cd6c098b191569d91501714b4e38ff8d725972c1df35ec20a2ca77e891335206", "dae404203ecb4942717717daa56c202eb90e48bff8c9df977f603f6044510991"], "key": "<HKCR>\\C3B616\\SHELL", "value_name": null}, {"hashes": ["2f36738c5d4df19393ca7e9a77b2689166b4d2b029369b14a24a9fafd1191c4a", "2f382f4c0a1760b262a8aef8f21967f8b96d7ac2c335152d690f50497a709b66", "86af7c36e2e4b2fae3bea62a2c8c4a690ee511194b1c936f38ce03fd77929203", "93799a8d8f9337a2563ef363c399e37a7b85452411ead280b3abcbeb1566eb78", "acae0418ee6920446be13ca46777a605f00663d34db43c8d5bdbca87c01152a0", "c222b7aa51213113b91b48fb7331d4351e6243e689d3241c322395667b01e884", "c26758c7c76f7eb2475302163081c60474d32e56464688da692bedd66428238d", "cd6c098b191569d91501714b4e38ff8d725972c1df35ec20a2ca77e891335206", "dae404203ecb4942717717daa56c202eb90e48bff8c9df977f603f6044510991"], "key": "<HKCR>\\C3B616\\SHELL\\OPEN", "value_name": null}, {"hashes": ["2f36738c5d4df19393ca7e9a77b2689166b4d2b029369b14a24a9fafd1191c4a", "2f382f4c0a1760b262a8aef8f21967f8b96d7ac2c335152d690f50497a709b66", "86af7c36e2e4b2fae3bea62a2c8c4a690ee511194b1c936f38ce03fd77929203", "93799a8d8f9337a2563ef363c399e37a7b85452411ead280b3abcbeb1566eb78", "acae0418ee6920446be13ca46777a605f00663d34db43c8d5bdbca87c01152a0", "c222b7aa51213113b91b48fb7331d4351e6243e689d3241c322395667b01e884", "c26758c7c76f7eb2475302163081c60474d32e56464688da692bedd66428238d", "cd6c098b191569d91501714b4e38ff8d725972c1df35ec20a2ca77e891335206", "dae404203ecb4942717717daa56c202eb90e48bff8c9df977f603f6044510991"], "key": "<HKCR>\\C3B616\\SHELL\\OPEN\\COMMAND", "value_name": null}, {"hashes": ["2f36738c5d4df19393ca7e9a77b2689166b4d2b029369b14a24a9fafd1191c4a", "2f382f4c0a1760b262a8aef8f21967f8b96d7ac2c335152d690f50497a709b66", "86af7c36e2e4b2fae3bea62a2c8c4a690ee511194b1c936f38ce03fd77929203", "93799a8d8f9337a2563ef363c399e37a7b85452411ead280b3abcbeb1566eb78", "acae0418ee6920446be13ca46777a605f00663d34db43c8d5bdbca87c01152a0", "c222b7aa51213113b91b48fb7331d4351e6243e689d3241c322395667b01e884", "c26758c7c76f7eb2475302163081c60474d32e56464688da692bedd66428238d", "cd6c098b191569d91501714b4e38ff8d725972c1df35ec20a2ca77e891335206", "dae404203ecb4942717717daa56c202eb90e48bff8c9df977f603f6044510991"], "key": "<HKCR>\\.8CA9D79", "value_name": null}, {"hashes": ["2f36738c5d4df19393ca7e9a77b2689166b4d2b029369b14a24a9fafd1191c4a", "2f382f4c0a1760b262a8aef8f21967f8b96d7ac2c335152d690f50497a709b66", "86af7c36e2e4b2fae3bea62a2c8c4a690ee511194b1c936f38ce03fd77929203", "93799a8d8f9337a2563ef363c399e37a7b85452411ead280b3abcbeb1566eb78", "acae0418ee6920446be13ca46777a605f00663d34db43c8d5bdbca87c01152a0", "c222b7aa51213113b91b48fb7331d4351e6243e689d3241c322395667b01e884", "c26758c7c76f7eb2475302163081c60474d32e56464688da692bedd66428238d", "cd6c098b191569d91501714b4e38ff8d725972c1df35ec20a2ca77e891335206", "dae404203ecb4942717717daa56c202eb90e48bff8c9df977f603f6044510991"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\ACTION CENTER\\CHECKS\\{E8433B72-5842-4D43-8645-BC2C35960837}.CHECK.101", "value_name": "CheckSetting"}, {"hashes": ["2f36738c5d4df19393ca7e9a77b2689166b4d2b029369b14a24a9fafd1191c4a", "2f382f4c0a1760b262a8aef8f21967f8b96d7ac2c335152d690f50497a709b66", "86af7c36e2e4b2fae3bea62a2c8c4a690ee511194b1c936f38ce03fd77929203", "93799a8d8f9337a2563ef363c399e37a7b85452411ead280b3abcbeb1566eb78", "acae0418ee6920446be13ca46777a605f00663d34db43c8d5bdbca87c01152a0", "c222b7aa51213113b91b48fb7331d4351e6243e689d3241c322395667b01e884", "c26758c7c76f7eb2475302163081c60474d32e56464688da692bedd66428238d", "cd6c098b191569d91501714b4e38ff8d725972c1df35ec20a2ca77e891335206", "dae404203ecb4942717717daa56c202eb90e48bff8c9df977f603f6044510991"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\ACTION CENTER\\CHECKS\\{E8433B72-5842-4D43-8645-BC2C35960837}.CHECK.103", "value_name": "CheckSetting"}, {"hashes": ["2f36738c5d4df19393ca7e9a77b2689166b4d2b029369b14a24a9fafd1191c4a", "2f382f4c0a1760b262a8aef8f21967f8b96d7ac2c335152d690f50497a709b66", "86af7c36e2e4b2fae3bea62a2c8c4a690ee511194b1c936f38ce03fd77929203", "93799a8d8f9337a2563ef363c399e37a7b85452411ead280b3abcbeb1566eb78", "acae0418ee6920446be13ca46777a605f00663d34db43c8d5bdbca87c01152a0", "c222b7aa51213113b91b48fb7331d4351e6243e689d3241c322395667b01e884", "c26758c7c76f7eb2475302163081c60474d32e56464688da692bedd66428238d", "cd6c098b191569d91501714b4e38ff8d725972c1df35ec20a2ca77e891335206", "dae404203ecb4942717717daa56c202eb90e48bff8c9df977f603f6044510991"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\ACTION CENTER\\CHECKS\\{E8433B72-5842-4D43-8645-BC2C35960837}.CHECK.100", "value_name": "CheckSetting"}, {"hashes": ["2f36738c5d4df19393ca7e9a77b2689166b4d2b029369b14a24a9fafd1191c4a", "2f382f4c0a1760b262a8aef8f21967f8b96d7ac2c335152d690f50497a709b66", "86af7c36e2e4b2fae3bea62a2c8c4a690ee511194b1c936f38ce03fd77929203", "93799a8d8f9337a2563ef363c399e37a7b85452411ead280b3abcbeb1566eb78", "acae0418ee6920446be13ca46777a605f00663d34db43c8d5bdbca87c01152a0", "c222b7aa51213113b91b48fb7331d4351e6243e689d3241c322395667b01e884", "c26758c7c76f7eb2475302163081c60474d32e56464688da692bedd66428238d", "cd6c098b191569d91501714b4e38ff8d725972c1df35ec20a2ca77e891335206", "dae404203ecb4942717717daa56c202eb90e48bff8c9df977f603f6044510991"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\ACTION CENTER\\CHECKS\\{E8433B72-5842-4D43-8645-BC2C35960837}.CHECK.102", "value_name": "CheckSetting"}, {"hashes": ["2f36738c5d4df19393ca7e9a77b2689166b4d2b029369b14a24a9fafd1191c4a", "2f382f4c0a1760b262a8aef8f21967f8b96d7ac2c335152d690f50497a709b66", "86af7c36e2e4b2fae3bea62a2c8c4a690ee511194b1c936f38ce03fd77929203", "93799a8d8f9337a2563ef363c399e37a7b85452411ead280b3abcbeb1566eb78", "acae0418ee6920446be13ca46777a605f00663d34db43c8d5bdbca87c01152a0", "c222b7aa51213113b91b48fb7331d4351e6243e689d3241c322395667b01e884", "c26758c7c76f7eb2475302163081c60474d32e56464688da692bedd66428238d", "cd6c098b191569d91501714b4e38ff8d725972c1df35ec20a2ca77e891335206", "dae404203ecb4942717717daa56c202eb90e48bff8c9df977f603f6044510991"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\ACTION CENTER\\CHECKS\\{E8433B72-5842-4D43-8645-BC2C35960837}.CHECK.104", "value_name": "CheckSetting"}, {"hashes": ["2f36738c5d4df19393ca7e9a77b2689166b4d2b029369b14a24a9fafd1191c4a", "2f382f4c0a1760b262a8aef8f21967f8b96d7ac2c335152d690f50497a709b66", "86af7c36e2e4b2fae3bea62a2c8c4a690ee511194b1c936f38ce03fd77929203", "93799a8d8f9337a2563ef363c399e37a7b85452411ead280b3abcbeb1566eb78", "acae0418ee6920446be13ca46777a605f00663d34db43c8d5bdbca87c01152a0", "c222b7aa51213113b91b48fb7331d4351e6243e689d3241c322395667b01e884", "c26758c7c76f7eb2475302163081c60474d32e56464688da692bedd66428238d", "cd6c098b191569d91501714b4e38ff8d725972c1df35ec20a2ca77e891335206", "dae404203ecb4942717717daa56c202eb90e48bff8c9df977f603f6044510991"], "key": "<HKCU>\\SOFTWARE\\XVYG", "value_name": "tnzok"}, {"hashes": ["2f36738c5d4df19393ca7e9a77b2689166b4d2b029369b14a24a9fafd1191c4a", "2f382f4c0a1760b262a8aef8f21967f8b96d7ac2c335152d690f50497a709b66", "86af7c36e2e4b2fae3bea62a2c8c4a690ee511194b1c936f38ce03fd77929203", "93799a8d8f9337a2563ef363c399e37a7b85452411ead280b3abcbeb1566eb78", "acae0418ee6920446be13ca46777a605f00663d34db43c8d5bdbca87c01152a0", "c222b7aa51213113b91b48fb7331d4351e6243e689d3241c322395667b01e884", "c26758c7c76f7eb2475302163081c60474d32e56464688da692bedd66428238d", "cd6c098b191569d91501714b4e38ff8d725972c1df35ec20a2ca77e891335206", "dae404203ecb4942717717daa56c202eb90e48bff8c9df977f603f6044510991"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\XVYG", "value_name": "tnzok"}, {"hashes": ["2f36738c5d4df19393ca7e9a77b2689166b4d2b029369b14a24a9fafd1191c4a", "2f382f4c0a1760b262a8aef8f21967f8b96d7ac2c335152d690f50497a709b66", "86af7c36e2e4b2fae3bea62a2c8c4a690ee511194b1c936f38ce03fd77929203", "93799a8d8f9337a2563ef363c399e37a7b85452411ead280b3abcbeb1566eb78", "acae0418ee6920446be13ca46777a605f00663d34db43c8d5bdbca87c01152a0", "c222b7aa51213113b91b48fb7331d4351e6243e689d3241c322395667b01e884", "c26758c7c76f7eb2475302163081c60474d32e56464688da692bedd66428238d", "cd6c098b191569d91501714b4e38ff8d725972c1df35ec20a2ca77e891335206", "dae404203ecb4942717717daa56c202eb90e48bff8c9df977f603f6044510991"], "key": "<HKCU>\\SOFTWARE\\XVYG", "value_name": "usukxpt"}, {"hashes": ["2f36738c5d4df19393ca7e9a77b2689166b4d2b029369b14a24a9fafd1191c4a", "2f382f4c0a1760b262a8aef8f21967f8b96d7ac2c335152d690f50497a709b66", "86af7c36e2e4b2fae3bea62a2c8c4a690ee511194b1c936f38ce03fd77929203", "93799a8d8f9337a2563ef363c399e37a7b85452411ead280b3abcbeb1566eb78", "acae0418ee6920446be13ca46777a605f00663d34db43c8d5bdbca87c01152a0", "c222b7aa51213113b91b48fb7331d4351e6243e689d3241c322395667b01e884", "c26758c7c76f7eb2475302163081c60474d32e56464688da692bedd66428238d", "cd6c098b191569d91501714b4e38ff8d725972c1df35ec20a2ca77e891335206", "dae404203ecb4942717717daa56c202eb90e48bff8c9df977f603f6044510991"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\XVYG", "value_name": "usukxpt"}, {"hashes": ["2f36738c5d4df19393ca7e9a77b2689166b4d2b029369b14a24a9fafd1191c4a", "2f382f4c0a1760b262a8aef8f21967f8b96d7ac2c335152d690f50497a709b66", "86af7c36e2e4b2fae3bea62a2c8c4a690ee511194b1c936f38ce03fd77929203", "93799a8d8f9337a2563ef363c399e37a7b85452411ead280b3abcbeb1566eb78", "acae0418ee6920446be13ca46777a605f00663d34db43c8d5bdbca87c01152a0", "c222b7aa51213113b91b48fb7331d4351e6243e689d3241c322395667b01e884", "c26758c7c76f7eb2475302163081c60474d32e56464688da692bedd66428238d", "cd6c098b191569d91501714b4e38ff8d725972c1df35ec20a2ca77e891335206", "dae404203ecb4942717717daa56c202eb90e48bff8c9df977f603f6044510991"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\XVYG", "value_name": "svdjlvs"}, {"hashes": ["2f36738c5d4df19393ca7e9a77b2689166b4d2b029369b14a24a9fafd1191c4a", "2f382f4c0a1760b262a8aef8f21967f8b96d7ac2c335152d690f50497a709b66", "86af7c36e2e4b2fae3bea62a2c8c4a690ee511194b1c936f38ce03fd77929203", "93799a8d8f9337a2563ef363c399e37a7b85452411ead280b3abcbeb1566eb78", "acae0418ee6920446be13ca46777a605f00663d34db43c8d5bdbca87c01152a0", "c222b7aa51213113b91b48fb7331d4351e6243e689d3241c322395667b01e884", "c26758c7c76f7eb2475302163081c60474d32e56464688da692bedd66428238d", "cd6c098b191569d91501714b4e38ff8d725972c1df35ec20a2ca77e891335206", "dae404203ecb4942717717daa56c202eb90e48bff8c9df977f603f6044510991"], "key": "<HKCU>\\SOFTWARE\\XVYG", "value_name": "svdjlvs"}, {"hashes": ["2f36738c5d4df19393ca7e9a77b2689166b4d2b029369b14a24a9fafd1191c4a", "2f382f4c0a1760b262a8aef8f21967f8b96d7ac2c335152d690f50497a709b66", "86af7c36e2e4b2fae3bea62a2c8c4a690ee511194b1c936f38ce03fd77929203", "93799a8d8f9337a2563ef363c399e37a7b85452411ead280b3abcbeb1566eb78", "acae0418ee6920446be13ca46777a605f00663d34db43c8d5bdbca87c01152a0", "c222b7aa51213113b91b48fb7331d4351e6243e689d3241c322395667b01e884", "c26758c7c76f7eb2475302163081c60474d32e56464688da692bedd66428238d", "cd6c098b191569d91501714b4e38ff8d725972c1df35ec20a2ca77e891335206", "dae404203ecb4942717717daa56c202eb90e48bff8c9df977f603f6044510991"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "\u0000fcbburq"}, {"hashes": ["2f36738c5d4df19393ca7e9a77b2689166b4d2b029369b14a24a9fafd1191c4a", "2f382f4c0a1760b262a8aef8f21967f8b96d7ac2c335152d690f50497a709b66", "86af7c36e2e4b2fae3bea62a2c8c4a690ee511194b1c936f38ce03fd77929203", "93799a8d8f9337a2563ef363c399e37a7b85452411ead280b3abcbeb1566eb78", "acae0418ee6920446be13ca46777a605f00663d34db43c8d5bdbca87c01152a0", "c222b7aa51213113b91b48fb7331d4351e6243e689d3241c322395667b01e884", "c26758c7c76f7eb2475302163081c60474d32e56464688da692bedd66428238d", "cd6c098b191569d91501714b4e38ff8d725972c1df35ec20a2ca77e891335206", "dae404203ecb4942717717daa56c202eb90e48bff8c9df977f603f6044510991"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "\u0000fcbburq"}, {"hashes": ["2f36738c5d4df19393ca7e9a77b2689166b4d2b029369b14a24a9fafd1191c4a", "2f382f4c0a1760b262a8aef8f21967f8b96d7ac2c335152d690f50497a709b66", "86af7c36e2e4b2fae3bea62a2c8c4a690ee511194b1c936f38ce03fd77929203", "93799a8d8f9337a2563ef363c399e37a7b85452411ead280b3abcbeb1566eb78", "acae0418ee6920446be13ca46777a605f00663d34db43c8d5bdbca87c01152a0", "c222b7aa51213113b91b48fb7331d4351e6243e689d3241c322395667b01e884", "c26758c7c76f7eb2475302163081c60474d32e56464688da692bedd66428238d", "cd6c098b191569d91501714b4e38ff8d725972c1df35ec20a2ca77e891335206", "dae404203ecb4942717717daa56c202eb90e48bff8c9df977f603f6044510991"], "key": "<HKCR>\\C3B616\\SHELL\\OPEN\\COMMAND", "value_name": ""}, {"hashes": ["2f36738c5d4df19393ca7e9a77b2689166b4d2b029369b14a24a9fafd1191c4a", "86af7c36e2e4b2fae3bea62a2c8c4a690ee511194b1c936f38ce03fd77929203", "93799a8d8f9337a2563ef363c399e37a7b85452411ead280b3abcbeb1566eb78", "acae0418ee6920446be13ca46777a605f00663d34db43c8d5bdbca87c01152a0", "c222b7aa51213113b91b48fb7331d4351e6243e689d3241c322395667b01e884", "c26758c7c76f7eb2475302163081c60474d32e56464688da692bedd66428238d", "cd6c098b191569d91501714b4e38ff8d725972c1df35ec20a2ca77e891335206", "dae404203ecb4942717717daa56c202eb90e48bff8c9df977f603f6044510991"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\XVYG", "value_name": "lujyoqmfl"}, {"hashes": ["2f36738c5d4df19393ca7e9a77b2689166b4d2b029369b14a24a9fafd1191c4a", "86af7c36e2e4b2fae3bea62a2c8c4a690ee511194b1c936f38ce03fd77929203", "93799a8d8f9337a2563ef363c399e37a7b85452411ead280b3abcbeb1566eb78", "acae0418ee6920446be13ca46777a605f00663d34db43c8d5bdbca87c01152a0", "c222b7aa51213113b91b48fb7331d4351e6243e689d3241c322395667b01e884", "c26758c7c76f7eb2475302163081c60474d32e56464688da692bedd66428238d", "cd6c098b191569d91501714b4e38ff8d725972c1df35ec20a2ca77e891335206", "dae404203ecb4942717717daa56c202eb90e48bff8c9df977f603f6044510991"], "key": "<HKCU>\\SOFTWARE\\XVYG", "value_name": "lujyoqmfl"}, {"hashes": ["cd6c098b191569d91501714b4e38ff8d725972c1df35ec20a2ca77e891335206"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MUUIC4", "value_name": null}, {"hashes": ["c26758c7c76f7eb2475302163081c60474d32e56464688da692bedd66428238d"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\T0TD10XQQZ", "value_name": "BZAPRCFUh"}, {"hashes": ["cd6c098b191569d91501714b4e38ff8d725972c1df35ec20a2ca77e891335206"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\454D3D3B704E8F2DAF1", "value_name": "01AC376D911578962697"}, {"hashes": ["c26758c7c76f7eb2475302163081c60474d32e56464688da692bedd66428238d"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\T0TD10XQQZ", "value_name": "evp5nbJw"}, {"hashes": ["93799a8d8f9337a2563ef363c399e37a7b85452411ead280b3abcbeb1566eb78"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\VC9IE474", "value_name": "apgKQeo"}, {"hashes": ["93799a8d8f9337a2563ef363c399e37a7b85452411ead280b3abcbeb1566eb78"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\VC9IE474", "value_name": "NYO2tEwn4q"}, {"hashes": ["cd6c098b191569d91501714b4e38ff8d725972c1df35ec20a2ca77e891335206"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MUUIC4", "value_name": "Q8LHPZEvIt"}, {"hashes": ["cd6c098b191569d91501714b4e38ff8d725972c1df35ec20a2ca77e891335206"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MUUIC4", "value_name": "0Pi9l7m"}, {"hashes": ["86af7c36e2e4b2fae3bea62a2c8c4a690ee511194b1c936f38ce03fd77929203"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\A9D2E013C26E6D7DC20", "value_name": null}, {"hashes": ["86af7c36e2e4b2fae3bea62a2c8c4a690ee511194b1c936f38ce03fd77929203"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\WRZXDIA", "value_name": null}, {"hashes": ["86af7c36e2e4b2fae3bea62a2c8c4a690ee511194b1c936f38ce03fd77929203"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\A9D2E013C26E6D7DC20", "value_name": "50D258A9E5ADAADC87"}, {"hashes": ["86af7c36e2e4b2fae3bea62a2c8c4a690ee511194b1c936f38ce03fd77929203"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\WRZXDIA", "value_name": "C1oj5k6bDG"}, {"hashes": ["86af7c36e2e4b2fae3bea62a2c8c4a690ee511194b1c936f38ce03fd77929203"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\WRZXDIA", "value_name": "Ahgt8DzWhL"}, {"hashes": ["acae0418ee6920446be13ca46777a605f00663d34db43c8d5bdbca87c01152a0"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\C2C2070D4D113643D5B", "value_name": null}, {"hashes": ["acae0418ee6920446be13ca46777a605f00663d34db43c8d5bdbca87c01152a0"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\KI2PCJQ", "value_name": null}, {"hashes": ["acae0418ee6920446be13ca46777a605f00663d34db43c8d5bdbca87c01152a0"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\C2C2070D4D113643D5B", "value_name": "51F8AF4C4AD10715"}, {"hashes": ["acae0418ee6920446be13ca46777a605f00663d34db43c8d5bdbca87c01152a0"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\KI2PCJQ", "value_name": "XGQEinrCqj"}, {"hashes": ["acae0418ee6920446be13ca46777a605f00663d34db43c8d5bdbca87c01152a0"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\KI2PCJQ", "value_name": "iYGDS6IAt"}]}, "reports_count": 10}, "Win.Malware.Ursnif-9841720-0": {"bis": [{"bi": "memory-execute-readwrite", "hashes": ["35369d5df6086d4c576405c115dd134a2901aafc8d8be06d7ea14b482455c5d4", "235d6047ce8b66d0d8f0c8837994ddec77bc1850c4184d8994ed60acf8ec113f"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "artifact-flagged-anomaly", "hashes": ["35369d5df6086d4c576405c115dd134a2901aafc8d8be06d7ea14b482455c5d4", "235d6047ce8b66d0d8f0c8837994ddec77bc1850c4184d8994ed60acf8ec113f"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "network-opendns-malicious", "hashes": ["35369d5df6086d4c576405c115dd134a2901aafc8d8be06d7ea14b482455c5d4", "235d6047ce8b66d0d8f0c8837994ddec77bc1850c4184d8994ed60acf8ec113f"], "mitre_attack_tags": []}, {"bi": "nginx-webserver-detected", "hashes": ["35369d5df6086d4c576405c115dd134a2901aafc8d8be06d7ea14b482455c5d4", "235d6047ce8b66d0d8f0c8837994ddec77bc1850c4184d8994ed60acf8ec113f"], "mitre_attack_tags": []}, {"bi": "network-fast-flux-domain", "hashes": ["35369d5df6086d4c576405c115dd134a2901aafc8d8be06d7ea14b482455c5d4", "235d6047ce8b66d0d8f0c8837994ddec77bc1850c4184d8994ed60acf8ec113f"], "mitre_attack_tags": []}, {"bi": "network-communications-http-get", "hashes": ["35369d5df6086d4c576405c115dd134a2901aafc8d8be06d7ea14b482455c5d4", "235d6047ce8b66d0d8f0c8837994ddec77bc1850c4184d8994ed60acf8ec113f"], "mitre_attack_tags": ["TA0011", "T1105"]}, {"bi": "hook-installed", "hashes": ["35369d5df6086d4c576405c115dd134a2901aafc8d8be06d7ea14b482455c5d4", "235d6047ce8b66d0d8f0c8837994ddec77bc1850c4184d8994ed60acf8ec113f"], "mitre_attack_tags": ["TA0009", "TA0006", "T1056"]}, {"bi": "network-fast-flux-nameserver", "hashes": ["35369d5df6086d4c576405c115dd134a2901aafc8d8be06d7ea14b482455c5d4", "235d6047ce8b66d0d8f0c8837994ddec77bc1850c4184d8994ed60acf8ec113f"], "mitre_attack_tags": []}, {"bi": "dns-query-nxdomain", "hashes": ["35369d5df6086d4c576405c115dd134a2901aafc8d8be06d7ea14b482455c5d4", "235d6047ce8b66d0d8f0c8837994ddec77bc1850c4184d8994ed60acf8ec113f"], "mitre_attack_tags": []}, {"bi": "netbios-query", "hashes": ["35369d5df6086d4c576405c115dd134a2901aafc8d8be06d7ea14b482455c5d4", "235d6047ce8b66d0d8f0c8837994ddec77bc1850c4184d8994ed60acf8ec113f"], "mitre_attack_tags": []}, {"bi": "feed-domain-banking", "hashes": ["35369d5df6086d4c576405c115dd134a2901aafc8d8be06d7ea14b482455c5d4", "235d6047ce8b66d0d8f0c8837994ddec77bc1850c4184d8994ed60acf8ec113f"], "mitre_attack_tags": []}, {"bi": "network-snort-malware", "hashes": ["35369d5df6086d4c576405c115dd134a2901aafc8d8be06d7ea14b482455c5d4", "235d6047ce8b66d0d8f0c8837994ddec77bc1850c4184d8994ed60acf8ec113f"], "mitre_attack_tags": []}, {"bi": "imports-IsDebuggerPresent", "hashes": ["35369d5df6086d4c576405c115dd134a2901aafc8d8be06d7ea14b482455c5d4", "235d6047ce8b66d0d8f0c8837994ddec77bc1850c4184d8994ed60acf8ec113f"], "mitre_attack_tags": []}, {"bi": "process-with-multiple-children", "hashes": ["35369d5df6086d4c576405c115dd134a2901aafc8d8be06d7ea14b482455c5d4", "235d6047ce8b66d0d8f0c8837994ddec77bc1850c4184d8994ed60acf8ec113f"], "mitre_attack_tags": ["TA0005"]}, {"bi": "malware-ursnif-traffic-detected", "hashes": ["35369d5df6086d4c576405c115dd134a2901aafc8d8be06d7ea14b482455c5d4", "235d6047ce8b66d0d8f0c8837994ddec77bc1850c4184d8994ed60acf8ec113f"], "mitre_attack_tags": []}, {"bi": "windows-headless-iexplore", "hashes": ["35369d5df6086d4c576405c115dd134a2901aafc8d8be06d7ea14b482455c5d4", "235d6047ce8b66d0d8f0c8837994ddec77bc1850c4184d8994ed60acf8ec113f"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["235d6047ce8b66d0d8f0c8837994ddec77bc1850c4184d8994ed60acf8ec113f"], "mitre_attack_tags": []}, {"bi": "network-snort-server", "hashes": ["235d6047ce8b66d0d8f0c8837994ddec77bc1850c4184d8994ed60acf8ec113f"], "mitre_attack_tags": []}, {"bi": "feed-domain-antivirus-service", "hashes": ["235d6047ce8b66d0d8f0c8837994ddec77bc1850c4184d8994ed60acf8ec113f"], "mitre_attack_tags": []}], "category": "Malware", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": true, "Threat Grid": true, "Umbrella": true, "WSA": true}, "description": "Ursnif is used to steal sensitive information from an infected host and can also act as a malware downloader. It is commonly spread through malicious emails or exploit kits.", "hashes": ["00f71ee35e921b64d1c8adfef851e6a616eaa0f5cde9570132e7df8c3230a034", "07527e5c12e9d5d96a39bed1c0b6a77ff82c82a3c97d5067eda86ef176f433da", "0c783dc25b3e33b8f7360705780d0ec10642160458a56ad5f878e6bd8f88ee4b", "0de972520aae42799ef5019a45d7a574fb04e7cc20fa513da80d10d7aefcb792", "15299b22bdc021d100e1268d9b2068e3831814a8783107bede343856c17a87da", "1663e6291e245277b6fcf69f652d7f4d90267fdea3117cefc73c033e558a1bf0", "194b53b11a29a4afea0533bad7032d004bbc3ed5fa08274658f87763bcefd19f", "2077c2867bc09158fa46eba364d91c951f23d21cbd1f4bfc7398be6b2c880274", "235d6047ce8b66d0d8f0c8837994ddec77bc1850c4184d8994ed60acf8ec113f", "35369d5df6086d4c576405c115dd134a2901aafc8d8be06d7ea14b482455c5d4", "383d3860d1b96d33245088a0c8c8d41e34587cbd980ba1deecafa17549d2ebc4", "417b7ad69755586556e9e597c9627f1029729c969ab146b49cf5621fb3c02f6e", "430a3de4dc9618c5a55bcb460e41eef890c55b59a66add35bacd8f83bb3aef93", "456423684057db0c1834b14c8d799e8ce5436ccd4ab6730741078896386fbb5f", "53e4f11034dddd1f4fbc2a5d755aae8b78ba7baf69aa8f3a19ded7dae5684482", "5e0eb621bd40072894045dafa242d44d331ef88823160ec7252581ce878a4a59", "5f67a7f54471d039647ac07e4137875b05db75a3630e2c39a10fcb03754c4a00", "76bfc20fd631496981e0c79941ec8832b390d4c11b4a686a04061dfdfd84ec82", "7ad6683dcba0dac0b59896a79b7f1bda29c368669d174a807a25c7b4914f8d6a", "7e2641de3c394d94e031a107b199952fcbd212f8b62ba6e7b345c119d44d7a8e", "7ebba43bee701727eb7cee4917e1e51e124c1a2ac8ef836d1a27b939e90d0107", "7ee038add4f0694c3e8cbdefdaabfaaad7a74abca697e353366d85125968feec", "9616b0dabb5e189dfaa774799ff8e539a6f74a3730963d8e266712de7d51dfcd", "9dd24950cf5def3a310a2ce9a935bd75b49f658515f0862bc8df8855ded94a84", "a0bdd621b6fa08a1abbb2832460d8ffffcc94fadd7e914f6868e09f708943be3", "a8bfa8df708da47b568e69bb2e0642c641b0ffdf167bedb5705b10f75fd7acdc", "ad4e66b37f46895656b125920d9f513622c151363de201b1029a8070804c3f78", "ada13363c5944ec9cd54610412887ea9f086f068ba67ba2b4ca0a51c1693c7ad", "b4faadc6f83112a75a4950d41f47f21539d8590ae31736e55e1aa18327b29cb5", "b8b89409d4e313cfaefcaf82a4ea1e5f688400dfa51e2c7e535e14ddedce7e80", "bc180ab11dad170ad40e08bcd77c817e67a23e085cb74361ae28c72273b24b80", "bed83f70e7ddfc96c60f93d9274a2cbd3a762363846bf4463c076dbaa36b9bcd", "bf9ad078be481bf9c4262d76180dcef55cbdcb694c1b3f38362089b62359f75a", "c0001f5ad04e979a1ff5c052a8aa6b0466bb08d962a3f808e0544c01f286278a", "c8bd62701d6730895b06d33913be450def0e581344c451660127695fed73e779", "cde40331e18b83280c3a57a57d4978026e97bca113475f97e8ab028f5e1bc925", "d071524c962b44d9470cbe31208a2e5fabaaa7aef22250fce0e7ee6401cc0a17", "d6e9514dedae2eb01e0a9de24848d2e8326116ed8944ef040abd50850fe79045", "df1fe157d7876abe641658c42cf901645b203ad193c5ecf9b3fc435d18696f9c", "e44116c24814ed63c1f1ee63fcbfb03628619d64b7ea56cd3f950e9d2424ed1d", "ed7359c21eb7632affd48c53839b6c492cba5e70463aa8bc575fa4c9a82e3774", "f5c5b7e23de9bf60358fe394a49566b40ba7c54fb290f28dd25708ce8e4696c5", "f8869145e1bd57314a64540ee7f9fedecc229eee360784a31ab6ad768aa97e99", "f8ff71c41b1b0e2e89a18ce1ac3a848474df137b44694f727b2b973f37708896", "f918c19a41f5d714978cba3f4ce930eae5ff27e8414447839fb0811aad08f1d3", "f9d9be5b358bac11e946f5447dd0e185eb358775fb093abe7e9780ca4df20dd1", "f9e063a6d8df14ddd8848964f41203b5101550bf9f7b1bab6a32819150f14a35", "fa4fec1b331fab6d981b3e03c7130e61a1c70e5a90bc999a8c4ed4b6bfd7dede", "fb924a482c7045680a089edcd9a27f622e355fbbad55c76f73a4e7ba229f167c"], "iocs": {"domain": [{"hashes": ["00f71ee35e921b64d1c8adfef851e6a616eaa0f5cde9570132e7df8c3230a034", "07527e5c12e9d5d96a39bed1c0b6a77ff82c82a3c97d5067eda86ef176f433da", "0c783dc25b3e33b8f7360705780d0ec10642160458a56ad5f878e6bd8f88ee4b", "0de972520aae42799ef5019a45d7a574fb04e7cc20fa513da80d10d7aefcb792", "15299b22bdc021d100e1268d9b2068e3831814a8783107bede343856c17a87da", "1663e6291e245277b6fcf69f652d7f4d90267fdea3117cefc73c033e558a1bf0", "194b53b11a29a4afea0533bad7032d004bbc3ed5fa08274658f87763bcefd19f", "2077c2867bc09158fa46eba364d91c951f23d21cbd1f4bfc7398be6b2c880274", "235d6047ce8b66d0d8f0c8837994ddec77bc1850c4184d8994ed60acf8ec113f", "35369d5df6086d4c576405c115dd134a2901aafc8d8be06d7ea14b482455c5d4", "383d3860d1b96d33245088a0c8c8d41e34587cbd980ba1deecafa17549d2ebc4", "417b7ad69755586556e9e597c9627f1029729c969ab146b49cf5621fb3c02f6e", "430a3de4dc9618c5a55bcb460e41eef890c55b59a66add35bacd8f83bb3aef93", "456423684057db0c1834b14c8d799e8ce5436ccd4ab6730741078896386fbb5f", "53e4f11034dddd1f4fbc2a5d755aae8b78ba7baf69aa8f3a19ded7dae5684482", "5e0eb621bd40072894045dafa242d44d331ef88823160ec7252581ce878a4a59", "5f67a7f54471d039647ac07e4137875b05db75a3630e2c39a10fcb03754c4a00", "76bfc20fd631496981e0c79941ec8832b390d4c11b4a686a04061dfdfd84ec82", "7ad6683dcba0dac0b59896a79b7f1bda29c368669d174a807a25c7b4914f8d6a", "7e2641de3c394d94e031a107b199952fcbd212f8b62ba6e7b345c119d44d7a8e", "7ebba43bee701727eb7cee4917e1e51e124c1a2ac8ef836d1a27b939e90d0107", "7ee038add4f0694c3e8cbdefdaabfaaad7a74abca697e353366d85125968feec", "9616b0dabb5e189dfaa774799ff8e539a6f74a3730963d8e266712de7d51dfcd", "9dd24950cf5def3a310a2ce9a935bd75b49f658515f0862bc8df8855ded94a84", "a0bdd621b6fa08a1abbb2832460d8ffffcc94fadd7e914f6868e09f708943be3", "ad4e66b37f46895656b125920d9f513622c151363de201b1029a8070804c3f78", "bf9ad078be481bf9c4262d76180dcef55cbdcb694c1b3f38362089b62359f75a"], "host": "vzquiarisb[.]com"}, {"hashes": ["00f71ee35e921b64d1c8adfef851e6a616eaa0f5cde9570132e7df8c3230a034", "07527e5c12e9d5d96a39bed1c0b6a77ff82c82a3c97d5067eda86ef176f433da", "0c783dc25b3e33b8f7360705780d0ec10642160458a56ad5f878e6bd8f88ee4b", "0de972520aae42799ef5019a45d7a574fb04e7cc20fa513da80d10d7aefcb792", "15299b22bdc021d100e1268d9b2068e3831814a8783107bede343856c17a87da", "1663e6291e245277b6fcf69f652d7f4d90267fdea3117cefc73c033e558a1bf0", "194b53b11a29a4afea0533bad7032d004bbc3ed5fa08274658f87763bcefd19f", "2077c2867bc09158fa46eba364d91c951f23d21cbd1f4bfc7398be6b2c880274", "235d6047ce8b66d0d8f0c8837994ddec77bc1850c4184d8994ed60acf8ec113f", "35369d5df6086d4c576405c115dd134a2901aafc8d8be06d7ea14b482455c5d4", "383d3860d1b96d33245088a0c8c8d41e34587cbd980ba1deecafa17549d2ebc4", "417b7ad69755586556e9e597c9627f1029729c969ab146b49cf5621fb3c02f6e", "430a3de4dc9618c5a55bcb460e41eef890c55b59a66add35bacd8f83bb3aef93", "456423684057db0c1834b14c8d799e8ce5436ccd4ab6730741078896386fbb5f", "53e4f11034dddd1f4fbc2a5d755aae8b78ba7baf69aa8f3a19ded7dae5684482", "5e0eb621bd40072894045dafa242d44d331ef88823160ec7252581ce878a4a59", "5f67a7f54471d039647ac07e4137875b05db75a3630e2c39a10fcb03754c4a00", "76bfc20fd631496981e0c79941ec8832b390d4c11b4a686a04061dfdfd84ec82", "7ad6683dcba0dac0b59896a79b7f1bda29c368669d174a807a25c7b4914f8d6a", "7e2641de3c394d94e031a107b199952fcbd212f8b62ba6e7b345c119d44d7a8e", "7ebba43bee701727eb7cee4917e1e51e124c1a2ac8ef836d1a27b939e90d0107", "7ee038add4f0694c3e8cbdefdaabfaaad7a74abca697e353366d85125968feec", "9616b0dabb5e189dfaa774799ff8e539a6f74a3730963d8e266712de7d51dfcd", "9dd24950cf5def3a310a2ce9a935bd75b49f658515f0862bc8df8855ded94a84", "a0bdd621b6fa08a1abbb2832460d8ffffcc94fadd7e914f6868e09f708943be3", "ad4e66b37f46895656b125920d9f513622c151363de201b1029a8070804c3f78", "bf9ad078be481bf9c4262d76180dcef55cbdcb694c1b3f38362089b62359f75a"], "host": "z2814jjoa[.]info"}, {"hashes": ["00f71ee35e921b64d1c8adfef851e6a616eaa0f5cde9570132e7df8c3230a034", "07527e5c12e9d5d96a39bed1c0b6a77ff82c82a3c97d5067eda86ef176f433da", "0c783dc25b3e33b8f7360705780d0ec10642160458a56ad5f878e6bd8f88ee4b", "0de972520aae42799ef5019a45d7a574fb04e7cc20fa513da80d10d7aefcb792", "15299b22bdc021d100e1268d9b2068e3831814a8783107bede343856c17a87da", "1663e6291e245277b6fcf69f652d7f4d90267fdea3117cefc73c033e558a1bf0", "194b53b11a29a4afea0533bad7032d004bbc3ed5fa08274658f87763bcefd19f", "2077c2867bc09158fa46eba364d91c951f23d21cbd1f4bfc7398be6b2c880274", "235d6047ce8b66d0d8f0c8837994ddec77bc1850c4184d8994ed60acf8ec113f", "35369d5df6086d4c576405c115dd134a2901aafc8d8be06d7ea14b482455c5d4", "383d3860d1b96d33245088a0c8c8d41e34587cbd980ba1deecafa17549d2ebc4", "417b7ad69755586556e9e597c9627f1029729c969ab146b49cf5621fb3c02f6e", "430a3de4dc9618c5a55bcb460e41eef890c55b59a66add35bacd8f83bb3aef93", "456423684057db0c1834b14c8d799e8ce5436ccd4ab6730741078896386fbb5f", "53e4f11034dddd1f4fbc2a5d755aae8b78ba7baf69aa8f3a19ded7dae5684482", "5e0eb621bd40072894045dafa242d44d331ef88823160ec7252581ce878a4a59", "5f67a7f54471d039647ac07e4137875b05db75a3630e2c39a10fcb03754c4a00", "76bfc20fd631496981e0c79941ec8832b390d4c11b4a686a04061dfdfd84ec82", "7ad6683dcba0dac0b59896a79b7f1bda29c368669d174a807a25c7b4914f8d6a", "7e2641de3c394d94e031a107b199952fcbd212f8b62ba6e7b345c119d44d7a8e", "7ebba43bee701727eb7cee4917e1e51e124c1a2ac8ef836d1a27b939e90d0107", "7ee038add4f0694c3e8cbdefdaabfaaad7a74abca697e353366d85125968feec", "9616b0dabb5e189dfaa774799ff8e539a6f74a3730963d8e266712de7d51dfcd", "9dd24950cf5def3a310a2ce9a935bd75b49f658515f0862bc8df8855ded94a84", "a0bdd621b6fa08a1abbb2832460d8ffffcc94fadd7e914f6868e09f708943be3", "ad4e66b37f46895656b125920d9f513622c151363de201b1029a8070804c3f78", "bf9ad078be481bf9c4262d76180dcef55cbdcb694c1b3f38362089b62359f75a"], "host": "ghousydni[.]com"}], "file": [{"hashes": ["235d6047ce8b66d0d8f0c8837994ddec77bc1850c4184d8994ed60acf8ec113f", "35369d5df6086d4c576405c115dd134a2901aafc8d8be06d7ea14b482455c5d4", "ad4e66b37f46895656b125920d9f513622c151363de201b1029a8070804c3f78", "bf9ad078be481bf9c4262d76180dcef55cbdcb694c1b3f38362089b62359f75a"], "path": "%TEMP%\\www2.tmp"}, {"hashes": ["235d6047ce8b66d0d8f0c8837994ddec77bc1850c4184d8994ed60acf8ec113f", "35369d5df6086d4c576405c115dd134a2901aafc8d8be06d7ea14b482455c5d4", "ad4e66b37f46895656b125920d9f513622c151363de201b1029a8070804c3f78", "bf9ad078be481bf9c4262d76180dcef55cbdcb694c1b3f38362089b62359f75a"], "path": "%TEMP%\\www3.tmp"}, {"hashes": ["235d6047ce8b66d0d8f0c8837994ddec77bc1850c4184d8994ed60acf8ec113f", "35369d5df6086d4c576405c115dd134a2901aafc8d8be06d7ea14b482455c5d4", "ad4e66b37f46895656b125920d9f513622c151363de201b1029a8070804c3f78", "bf9ad078be481bf9c4262d76180dcef55cbdcb694c1b3f38362089b62359f75a"], "path": "%TEMP%\\www4.tmp"}, {"hashes": ["bf9ad078be481bf9c4262d76180dcef55cbdcb694c1b3f38362089b62359f75a"], "path": "%TEMP%\\~DF1F.tmp"}], "ip": [{"hashes": ["00f71ee35e921b64d1c8adfef851e6a616eaa0f5cde9570132e7df8c3230a034", "07527e5c12e9d5d96a39bed1c0b6a77ff82c82a3c97d5067eda86ef176f433da", "0c783dc25b3e33b8f7360705780d0ec10642160458a56ad5f878e6bd8f88ee4b", "0de972520aae42799ef5019a45d7a574fb04e7cc20fa513da80d10d7aefcb792", "15299b22bdc021d100e1268d9b2068e3831814a8783107bede343856c17a87da", "1663e6291e245277b6fcf69f652d7f4d90267fdea3117cefc73c033e558a1bf0", "194b53b11a29a4afea0533bad7032d004bbc3ed5fa08274658f87763bcefd19f", "2077c2867bc09158fa46eba364d91c951f23d21cbd1f4bfc7398be6b2c880274", "383d3860d1b96d33245088a0c8c8d41e34587cbd980ba1deecafa17549d2ebc4", "417b7ad69755586556e9e597c9627f1029729c969ab146b49cf5621fb3c02f6e", "430a3de4dc9618c5a55bcb460e41eef890c55b59a66add35bacd8f83bb3aef93", "456423684057db0c1834b14c8d799e8ce5436ccd4ab6730741078896386fbb5f", "53e4f11034dddd1f4fbc2a5d755aae8b78ba7baf69aa8f3a19ded7dae5684482", "5e0eb621bd40072894045dafa242d44d331ef88823160ec7252581ce878a4a59", "5f67a7f54471d039647ac07e4137875b05db75a3630e2c39a10fcb03754c4a00", "76bfc20fd631496981e0c79941ec8832b390d4c11b4a686a04061dfdfd84ec82", "7ad6683dcba0dac0b59896a79b7f1bda29c368669d174a807a25c7b4914f8d6a", "7e2641de3c394d94e031a107b199952fcbd212f8b62ba6e7b345c119d44d7a8e", "7ebba43bee701727eb7cee4917e1e51e124c1a2ac8ef836d1a27b939e90d0107", "7ee038add4f0694c3e8cbdefdaabfaaad7a74abca697e353366d85125968feec", "9616b0dabb5e189dfaa774799ff8e539a6f74a3730963d8e266712de7d51dfcd", "9dd24950cf5def3a310a2ce9a935bd75b49f658515f0862bc8df8855ded94a84", "a0bdd621b6fa08a1abbb2832460d8ffffcc94fadd7e914f6868e09f708943be3"], "ip": "206[.]191[.]152[.]38"}, {"hashes": ["235d6047ce8b66d0d8f0c8837994ddec77bc1850c4184d8994ed60acf8ec113f", "35369d5df6086d4c576405c115dd134a2901aafc8d8be06d7ea14b482455c5d4", "ad4e66b37f46895656b125920d9f513622c151363de201b1029a8070804c3f78", "bf9ad078be481bf9c4262d76180dcef55cbdcb694c1b3f38362089b62359f75a"], "ip": "94[.]250[.]250[.]103"}], "mutex": [], "registry": []}, "reports_count": 27}, "Win.Malware.Zusy-9840642-0": {"bis": [{"bi": "pe-encrypted-section", "hashes": ["bebcd2dfe662c7b62812b5fb85ed93e52b5eb837d647e3b6e7a95ec287c75364", "d7dff7408892c44160e471cae9c50db644de55b0e6391463af003b8697766175"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "memory-execute-readwrite", "hashes": ["bebcd2dfe662c7b62812b5fb85ed93e52b5eb837d647e3b6e7a95ec287c75364", "d7dff7408892c44160e471cae9c50db644de55b0e6391463af003b8697766175"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["bebcd2dfe662c7b62812b5fb85ed93e52b5eb837d647e3b6e7a95ec287c75364", "d7dff7408892c44160e471cae9c50db644de55b0e6391463af003b8697766175"], "mitre_attack_tags": []}, {"bi": "modified-file-in-user-dir", "hashes": ["bebcd2dfe662c7b62812b5fb85ed93e52b5eb837d647e3b6e7a95ec287c75364", "d7dff7408892c44160e471cae9c50db644de55b0e6391463af003b8697766175"], "mitre_attack_tags": []}, {"bi": "cta-static-analyzer-malicious", "hashes": ["bebcd2dfe662c7b62812b5fb85ed93e52b5eb837d647e3b6e7a95ec287c75364", "d7dff7408892c44160e471cae9c50db644de55b0e6391463af003b8697766175"], "mitre_attack_tags": []}, {"bi": "network-fast-flux-domain", "hashes": ["bebcd2dfe662c7b62812b5fb85ed93e52b5eb837d647e3b6e7a95ec287c75364", "d7dff7408892c44160e471cae9c50db644de55b0e6391463af003b8697766175"], "mitre_attack_tags": []}, {"bi": "hook-installed", "hashes": ["bebcd2dfe662c7b62812b5fb85ed93e52b5eb837d647e3b6e7a95ec287c75364", "d7dff7408892c44160e471cae9c50db644de55b0e6391463af003b8697766175"], "mitre_attack_tags": ["TA0009", "TA0006", "T1056"]}, {"bi": "pe-uses-armadillo", "hashes": ["bebcd2dfe662c7b62812b5fb85ed93e52b5eb837d647e3b6e7a95ec287c75364", "d7dff7408892c44160e471cae9c50db644de55b0e6391463af003b8697766175"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "sample-launched-copy-of-self", "hashes": ["bebcd2dfe662c7b62812b5fb85ed93e52b5eb837d647e3b6e7a95ec287c75364", "d7dff7408892c44160e471cae9c50db644de55b0e6391463af003b8697766175"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "cmd-exe-file-execution", "hashes": ["bebcd2dfe662c7b62812b5fb85ed93e52b5eb837d647e3b6e7a95ec287c75364", "d7dff7408892c44160e471cae9c50db644de55b0e6391463af003b8697766175"], "mitre_attack_tags": ["TA0002", "T1059"]}, {"bi": "windows-crash-tool-execution-detected", "hashes": ["bebcd2dfe662c7b62812b5fb85ed93e52b5eb837d647e3b6e7a95ec287c75364", "d7dff7408892c44160e471cae9c50db644de55b0e6391463af003b8697766175"], "mitre_attack_tags": []}, {"bi": "crash-dump-file-created", "hashes": ["bebcd2dfe662c7b62812b5fb85ed93e52b5eb837d647e3b6e7a95ec287c75364", "d7dff7408892c44160e471cae9c50db644de55b0e6391463af003b8697766175"], "mitre_attack_tags": []}, {"bi": "fault-report-file-created", "hashes": ["bebcd2dfe662c7b62812b5fb85ed93e52b5eb837d647e3b6e7a95ec287c75364", "d7dff7408892c44160e471cae9c50db644de55b0e6391463af003b8697766175"], "mitre_attack_tags": []}, {"bi": "pe-resource-lang-russian", "hashes": ["bebcd2dfe662c7b62812b5fb85ed93e52b5eb837d647e3b6e7a95ec287c75364", "d7dff7408892c44160e471cae9c50db644de55b0e6391463af003b8697766175"], "mitre_attack_tags": []}, {"bi": "pe-tls-callback", "hashes": ["bebcd2dfe662c7b62812b5fb85ed93e52b5eb837d647e3b6e7a95ec287c75364", "d7dff7408892c44160e471cae9c50db644de55b0e6391463af003b8697766175"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "process-uses-localhost-traffic", "hashes": ["bebcd2dfe662c7b62812b5fb85ed93e52b5eb837d647e3b6e7a95ec287c75364", "d7dff7408892c44160e471cae9c50db644de55b0e6391463af003b8697766175"], "mitre_attack_tags": ["TA0007", "T1049"]}, {"bi": "process-ping", "hashes": ["bebcd2dfe662c7b62812b5fb85ed93e52b5eb837d647e3b6e7a95ec287c75364", "d7dff7408892c44160e471cae9c50db644de55b0e6391463af003b8697766175"], "mitre_attack_tags": ["TA0007", "T1049"]}, {"bi": "process-ping-localhost", "hashes": ["bebcd2dfe662c7b62812b5fb85ed93e52b5eb837d647e3b6e7a95ec287c75364", "d7dff7408892c44160e471cae9c50db644de55b0e6391463af003b8697766175"], "mitre_attack_tags": ["TA0007", "T1016"]}], "category": "Malware", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": false, "Threat Grid": true, "Umbrella": false, "WSA": false}, "description": "Zusy, also known as TinyBanker or Tinba, is a trojan that uses man-in-the-middle attacks to steal banking information. When executed, it injects itself into legitimate Windows processes such as \"explorer.exe\" and \"winver.exe. When the user accesses a banking website, it displays a form to trick the user into submitting personal information.", "hashes": ["0759ecfb6613a3788a6f29abde89858584c523a648e6e485ecfbb16493253428", "1347b8af6e6f11d08744c1696b3ec6ec358db7ba5093d93838657db7dec98be1", "165ac49ce6fb5a65b743a541cca30c88a1bc0c2b47967763b367228250810222", "17d90990ddfa4beb4173be61e014f45377ef1c7438cedc8198e3cbf4a0110fa7", "256aab086eaac76312b20c9cb2ee01c1f485bd22bfd9d1fe70f32f82451e25b6", "2f550378dd29e75997a393a537d162c7bfbb3c9542734366618503b9c110fafd", "3dbed7ef45630d856cbfc570e1602c24980c9aded9d206288b3c0b2316d29124", "3e158d390a6306522b9de279bd8558a43d9d3038d82e6847e066a213c4256746", "46e645ea2c939a24a6d1cb8fcf68c12203bd70affcfc744ddf1a10211f8a23ab", "5108b8d4f5860c4aa9f37cedccc78a707c41366f91d6f39988d433d073f61efb", "56535633c9a6435690fd92eafc1e4737207249c0ef3bed902868433551563727", "5785d0a5f8515d88c775b53a090b03ec11a34c6f6886be540dd59e2a488cab2c", "591b9542b2e8047755851732fc2c8d78b34c442744599b365d60930d5cd218a9", "7d797459aa96cd34efc556ac46e886c93a5f25d4e0ee585903e136a48c7ac61f", "7ef06cf9f5695ad678675616e8d23e99b8be0bf6c275e19e3f8047594566356d", "7f994cd2f83cce45389af12678a01462def3b50c8e1a98b935a5989494c57b77", "873854efc23ea4470a18c9f53bddfaf399077cb9267e913cae3f2f8b783091aa", "99597e6858975184102525fc8105286cab4a21bb078bd677c376ffc60ed2ba1f", "a2847c3e862af5cf55e80f420d207ae16f8214f02e797f0705f2dde8f250ab3e", "a8b20e0a2ee4f5e737524e5665529ba7f05b8983ab35e887592f7ace2f8bb169", "bebcd2dfe662c7b62812b5fb85ed93e52b5eb837d647e3b6e7a95ec287c75364", "c9eb2b1874ccd21636a2f904a32165607ed19d4bc24ad69f5837312cd774424f", "d03433673b5520ebd96017c817f9b1df45fd45a4b6d2c2ef893df489b94623cc", "d18f3a70e4a59ed0748b63087548cad9f60101ed1267d56c5eaf89c4892a7458", "d7dff7408892c44160e471cae9c50db644de55b0e6391463af003b8697766175", "e94210f60802f9fe04efbde94c2c78cfd5b871d0e806d6f0a02d818d3bf82459"], "iocs": {"domain": [], "file": [{"hashes": ["0759ecfb6613a3788a6f29abde89858584c523a648e6e485ecfbb16493253428", "1347b8af6e6f11d08744c1696b3ec6ec358db7ba5093d93838657db7dec98be1", "165ac49ce6fb5a65b743a541cca30c88a1bc0c2b47967763b367228250810222", "17d90990ddfa4beb4173be61e014f45377ef1c7438cedc8198e3cbf4a0110fa7", "256aab086eaac76312b20c9cb2ee01c1f485bd22bfd9d1fe70f32f82451e25b6", "2f550378dd29e75997a393a537d162c7bfbb3c9542734366618503b9c110fafd", "3dbed7ef45630d856cbfc570e1602c24980c9aded9d206288b3c0b2316d29124", "46e645ea2c939a24a6d1cb8fcf68c12203bd70affcfc744ddf1a10211f8a23ab", "5108b8d4f5860c4aa9f37cedccc78a707c41366f91d6f39988d433d073f61efb", "56535633c9a6435690fd92eafc1e4737207249c0ef3bed902868433551563727", "5785d0a5f8515d88c775b53a090b03ec11a34c6f6886be540dd59e2a488cab2c", "591b9542b2e8047755851732fc2c8d78b34c442744599b365d60930d5cd218a9", "7d797459aa96cd34efc556ac46e886c93a5f25d4e0ee585903e136a48c7ac61f", "7ef06cf9f5695ad678675616e8d23e99b8be0bf6c275e19e3f8047594566356d", "7f994cd2f83cce45389af12678a01462def3b50c8e1a98b935a5989494c57b77", "873854efc23ea4470a18c9f53bddfaf399077cb9267e913cae3f2f8b783091aa", "99597e6858975184102525fc8105286cab4a21bb078bd677c376ffc60ed2ba1f", "a2847c3e862af5cf55e80f420d207ae16f8214f02e797f0705f2dde8f250ab3e", "a8b20e0a2ee4f5e737524e5665529ba7f05b8983ab35e887592f7ace2f8bb169", "bebcd2dfe662c7b62812b5fb85ed93e52b5eb837d647e3b6e7a95ec287c75364", "c9eb2b1874ccd21636a2f904a32165607ed19d4bc24ad69f5837312cd774424f", "d03433673b5520ebd96017c817f9b1df45fd45a4b6d2c2ef893df489b94623cc", "d18f3a70e4a59ed0748b63087548cad9f60101ed1267d56c5eaf89c4892a7458", "d7dff7408892c44160e471cae9c50db644de55b0e6391463af003b8697766175", "e94210f60802f9fe04efbde94c2c78cfd5b871d0e806d6f0a02d818d3bf82459"], "path": "%ProgramFiles(x86)%\\MachinerData"}], "ip": [{"hashes": ["3dbed7ef45630d856cbfc570e1602c24980c9aded9d206288b3c0b2316d29124"], "ip": "13[.]32[.]204[.]108"}], "mutex": [{"hashes": ["0759ecfb6613a3788a6f29abde89858584c523a648e6e485ecfbb16493253428", "1347b8af6e6f11d08744c1696b3ec6ec358db7ba5093d93838657db7dec98be1", "165ac49ce6fb5a65b743a541cca30c88a1bc0c2b47967763b367228250810222", "17d90990ddfa4beb4173be61e014f45377ef1c7438cedc8198e3cbf4a0110fa7", "256aab086eaac76312b20c9cb2ee01c1f485bd22bfd9d1fe70f32f82451e25b6", "2f550378dd29e75997a393a537d162c7bfbb3c9542734366618503b9c110fafd", "3dbed7ef45630d856cbfc570e1602c24980c9aded9d206288b3c0b2316d29124", "46e645ea2c939a24a6d1cb8fcf68c12203bd70affcfc744ddf1a10211f8a23ab", "5108b8d4f5860c4aa9f37cedccc78a707c41366f91d6f39988d433d073f61efb", "56535633c9a6435690fd92eafc1e4737207249c0ef3bed902868433551563727", "5785d0a5f8515d88c775b53a090b03ec11a34c6f6886be540dd59e2a488cab2c", "591b9542b2e8047755851732fc2c8d78b34c442744599b365d60930d5cd218a9", "7d797459aa96cd34efc556ac46e886c93a5f25d4e0ee585903e136a48c7ac61f", "7ef06cf9f5695ad678675616e8d23e99b8be0bf6c275e19e3f8047594566356d", "7f994cd2f83cce45389af12678a01462def3b50c8e1a98b935a5989494c57b77", "873854efc23ea4470a18c9f53bddfaf399077cb9267e913cae3f2f8b783091aa", "99597e6858975184102525fc8105286cab4a21bb078bd677c376ffc60ed2ba1f", "a2847c3e862af5cf55e80f420d207ae16f8214f02e797f0705f2dde8f250ab3e", "a8b20e0a2ee4f5e737524e5665529ba7f05b8983ab35e887592f7ace2f8bb169", "bebcd2dfe662c7b62812b5fb85ed93e52b5eb837d647e3b6e7a95ec287c75364", "c9eb2b1874ccd21636a2f904a32165607ed19d4bc24ad69f5837312cd774424f", "d03433673b5520ebd96017c817f9b1df45fd45a4b6d2c2ef893df489b94623cc", "d18f3a70e4a59ed0748b63087548cad9f60101ed1267d56c5eaf89c4892a7458", "d7dff7408892c44160e471cae9c50db644de55b0e6391463af003b8697766175", "e94210f60802f9fe04efbde94c2c78cfd5b871d0e806d6f0a02d818d3bf82459"], "name": "Global\\<random guid>"}], "registry": [{"hashes": ["0759ecfb6613a3788a6f29abde89858584c523a648e6e485ecfbb16493253428", "1347b8af6e6f11d08744c1696b3ec6ec358db7ba5093d93838657db7dec98be1", "165ac49ce6fb5a65b743a541cca30c88a1bc0c2b47967763b367228250810222", "17d90990ddfa4beb4173be61e014f45377ef1c7438cedc8198e3cbf4a0110fa7", "256aab086eaac76312b20c9cb2ee01c1f485bd22bfd9d1fe70f32f82451e25b6", "2f550378dd29e75997a393a537d162c7bfbb3c9542734366618503b9c110fafd", "3dbed7ef45630d856cbfc570e1602c24980c9aded9d206288b3c0b2316d29124", "46e645ea2c939a24a6d1cb8fcf68c12203bd70affcfc744ddf1a10211f8a23ab", "5108b8d4f5860c4aa9f37cedccc78a707c41366f91d6f39988d433d073f61efb", "56535633c9a6435690fd92eafc1e4737207249c0ef3bed902868433551563727", "5785d0a5f8515d88c775b53a090b03ec11a34c6f6886be540dd59e2a488cab2c", "591b9542b2e8047755851732fc2c8d78b34c442744599b365d60930d5cd218a9", "7d797459aa96cd34efc556ac46e886c93a5f25d4e0ee585903e136a48c7ac61f", "7ef06cf9f5695ad678675616e8d23e99b8be0bf6c275e19e3f8047594566356d", "7f994cd2f83cce45389af12678a01462def3b50c8e1a98b935a5989494c57b77", "873854efc23ea4470a18c9f53bddfaf399077cb9267e913cae3f2f8b783091aa", "99597e6858975184102525fc8105286cab4a21bb078bd677c376ffc60ed2ba1f", "a2847c3e862af5cf55e80f420d207ae16f8214f02e797f0705f2dde8f250ab3e", "a8b20e0a2ee4f5e737524e5665529ba7f05b8983ab35e887592f7ace2f8bb169", "bebcd2dfe662c7b62812b5fb85ed93e52b5eb837d647e3b6e7a95ec287c75364", "c9eb2b1874ccd21636a2f904a32165607ed19d4bc24ad69f5837312cd774424f", "d03433673b5520ebd96017c817f9b1df45fd45a4b6d2c2ef893df489b94623cc", "d18f3a70e4a59ed0748b63087548cad9f60101ed1267d56c5eaf89c4892a7458", "d7dff7408892c44160e471cae9c50db644de55b0e6391463af003b8697766175", "e94210f60802f9fe04efbde94c2c78cfd5b871d0e806d6f0a02d818d3bf82459"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MACHINER", "value_name": null}, {"hashes": ["0759ecfb6613a3788a6f29abde89858584c523a648e6e485ecfbb16493253428", "1347b8af6e6f11d08744c1696b3ec6ec358db7ba5093d93838657db7dec98be1", "165ac49ce6fb5a65b743a541cca30c88a1bc0c2b47967763b367228250810222", "17d90990ddfa4beb4173be61e014f45377ef1c7438cedc8198e3cbf4a0110fa7", "256aab086eaac76312b20c9cb2ee01c1f485bd22bfd9d1fe70f32f82451e25b6", "2f550378dd29e75997a393a537d162c7bfbb3c9542734366618503b9c110fafd", "3dbed7ef45630d856cbfc570e1602c24980c9aded9d206288b3c0b2316d29124", "46e645ea2c939a24a6d1cb8fcf68c12203bd70affcfc744ddf1a10211f8a23ab", "5108b8d4f5860c4aa9f37cedccc78a707c41366f91d6f39988d433d073f61efb", "56535633c9a6435690fd92eafc1e4737207249c0ef3bed902868433551563727", "5785d0a5f8515d88c775b53a090b03ec11a34c6f6886be540dd59e2a488cab2c", "591b9542b2e8047755851732fc2c8d78b34c442744599b365d60930d5cd218a9", "7d797459aa96cd34efc556ac46e886c93a5f25d4e0ee585903e136a48c7ac61f", "7ef06cf9f5695ad678675616e8d23e99b8be0bf6c275e19e3f8047594566356d", "7f994cd2f83cce45389af12678a01462def3b50c8e1a98b935a5989494c57b77", "873854efc23ea4470a18c9f53bddfaf399077cb9267e913cae3f2f8b783091aa", "99597e6858975184102525fc8105286cab4a21bb078bd677c376ffc60ed2ba1f", "a2847c3e862af5cf55e80f420d207ae16f8214f02e797f0705f2dde8f250ab3e", "a8b20e0a2ee4f5e737524e5665529ba7f05b8983ab35e887592f7ace2f8bb169", "bebcd2dfe662c7b62812b5fb85ed93e52b5eb837d647e3b6e7a95ec287c75364", "c9eb2b1874ccd21636a2f904a32165607ed19d4bc24ad69f5837312cd774424f", "d03433673b5520ebd96017c817f9b1df45fd45a4b6d2c2ef893df489b94623cc", "d18f3a70e4a59ed0748b63087548cad9f60101ed1267d56c5eaf89c4892a7458", "d7dff7408892c44160e471cae9c50db644de55b0e6391463af003b8697766175", "e94210f60802f9fe04efbde94c2c78cfd5b871d0e806d6f0a02d818d3bf82459"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MACHINER", "value_name": "id"}]}, "reports_count": 26}, "Win.Packed.Dridex-9841183-1": {"bis": [{"bi": "pe-encrypted-section", "hashes": ["83474bc61eb436f59bce4cf1258c00d5606601f22f2a3ddc836c32a0421d19d8", "69d7e712be93bec826ab557052313f29af0ad4dbb84f54f62543bb4545c686ea"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "memory-execute-readwrite", "hashes": ["83474bc61eb436f59bce4cf1258c00d5606601f22f2a3ddc836c32a0421d19d8", "69d7e712be93bec826ab557052313f29af0ad4dbb84f54f62543bb4545c686ea"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "modified-executable", "hashes": ["83474bc61eb436f59bce4cf1258c00d5606601f22f2a3ddc836c32a0421d19d8", "69d7e712be93bec826ab557052313f29af0ad4dbb84f54f62543bb4545c686ea"], "mitre_attack_tags": []}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["83474bc61eb436f59bce4cf1258c00d5606601f22f2a3ddc836c32a0421d19d8", "69d7e712be93bec826ab557052313f29af0ad4dbb84f54f62543bb4545c686ea"], "mitre_attack_tags": []}, {"bi": "cta-static-analyzer-malicious", "hashes": ["83474bc61eb436f59bce4cf1258c00d5606601f22f2a3ddc836c32a0421d19d8", "69d7e712be93bec826ab557052313f29af0ad4dbb84f54f62543bb4545c686ea"], "mitre_attack_tags": []}, {"bi": "artifact-flagged-anomaly", "hashes": ["83474bc61eb436f59bce4cf1258c00d5606601f22f2a3ddc836c32a0421d19d8", "69d7e712be93bec826ab557052313f29af0ad4dbb84f54f62543bb4545c686ea"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-section-execute-writable", "hashes": ["83474bc61eb436f59bce4cf1258c00d5606601f22f2a3ddc836c32a0421d19d8", "69d7e712be93bec826ab557052313f29af0ad4dbb84f54f62543bb4545c686ea"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "network-fast-flux-domain", "hashes": ["83474bc61eb436f59bce4cf1258c00d5606601f22f2a3ddc836c32a0421d19d8", "69d7e712be93bec826ab557052313f29af0ad4dbb84f54f62543bb4545c686ea"], "mitre_attack_tags": []}, {"bi": "network-communications-http-get", "hashes": ["83474bc61eb436f59bce4cf1258c00d5606601f22f2a3ddc836c32a0421d19d8", "69d7e712be93bec826ab557052313f29af0ad4dbb84f54f62543bb4545c686ea"], "mitre_attack_tags": ["TA0011", "T1105"]}, {"bi": "hook-installed", "hashes": ["83474bc61eb436f59bce4cf1258c00d5606601f22f2a3ddc836c32a0421d19d8", "69d7e712be93bec826ab557052313f29af0ad4dbb84f54f62543bb4545c686ea"], "mitre_attack_tags": ["TA0009", "TA0006", "T1056"]}, {"bi": "network-fast-flux-nameserver", "hashes": ["83474bc61eb436f59bce4cf1258c00d5606601f22f2a3ddc836c32a0421d19d8", "69d7e712be93bec826ab557052313f29af0ad4dbb84f54f62543bb4545c686ea"], "mitre_attack_tags": []}, {"bi": "dns-query-nxdomain", "hashes": ["83474bc61eb436f59bce4cf1258c00d5606601f22f2a3ddc836c32a0421d19d8", "69d7e712be93bec826ab557052313f29af0ad4dbb84f54f62543bb4545c686ea"], "mitre_attack_tags": []}, {"bi": "network-snort-protocol", "hashes": ["83474bc61eb436f59bce4cf1258c00d5606601f22f2a3ddc836c32a0421d19d8", "69d7e712be93bec826ab557052313f29af0ad4dbb84f54f62543bb4545c686ea"], "mitre_attack_tags": []}, {"bi": "network-only-safe-domains-contacted", "hashes": ["83474bc61eb436f59bce4cf1258c00d5606601f22f2a3ddc836c32a0421d19d8", "69d7e712be93bec826ab557052313f29af0ad4dbb84f54f62543bb4545c686ea"], "mitre_attack_tags": []}, {"bi": "feed-domain-banking", "hashes": ["83474bc61eb436f59bce4cf1258c00d5606601f22f2a3ddc836c32a0421d19d8", "69d7e712be93bec826ab557052313f29af0ad4dbb84f54f62543bb4545c686ea"], "mitre_attack_tags": []}, {"bi": "feed-domain-antivirus-service", "hashes": ["83474bc61eb436f59bce4cf1258c00d5606601f22f2a3ddc836c32a0421d19d8", "69d7e712be93bec826ab557052313f29af0ad4dbb84f54f62543bb4545c686ea"], "mitre_attack_tags": []}, {"bi": "http-response-client-error", "hashes": ["83474bc61eb436f59bce4cf1258c00d5606601f22f2a3ddc836c32a0421d19d8", "69d7e712be93bec826ab557052313f29af0ad4dbb84f54f62543bb4545c686ea"], "mitre_attack_tags": []}, {"bi": "deleted-submitted-file", "hashes": ["83474bc61eb436f59bce4cf1258c00d5606601f22f2a3ddc836c32a0421d19d8", "69d7e712be93bec826ab557052313f29af0ad4dbb84f54f62543bb4545c686ea"], "mitre_attack_tags": ["TA0005", "T1070"]}, {"bi": "artifact-windows-task", "hashes": ["83474bc61eb436f59bce4cf1258c00d5606601f22f2a3ddc836c32a0421d19d8", "69d7e712be93bec826ab557052313f29af0ad4dbb84f54f62543bb4545c686ea"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1053"]}, {"bi": "registry-autorun-key-modified", "hashes": ["83474bc61eb436f59bce4cf1258c00d5606601f22f2a3ddc836c32a0421d19d8", "69d7e712be93bec826ab557052313f29af0ad4dbb84f54f62543bb4545c686ea"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "potential-registry-persistence", "hashes": ["83474bc61eb436f59bce4cf1258c00d5606601f22f2a3ddc836c32a0421d19d8", "69d7e712be93bec826ab557052313f29af0ad4dbb84f54f62543bb4545c686ea"], "mitre_attack_tags": []}, {"bi": "http-response-redirect", "hashes": ["83474bc61eb436f59bce4cf1258c00d5606601f22f2a3ddc836c32a0421d19d8", "69d7e712be93bec826ab557052313f29af0ad4dbb84f54f62543bb4545c686ea"], "mitre_attack_tags": []}, {"bi": "imports-IsDebuggerPresent", "hashes": ["83474bc61eb436f59bce4cf1258c00d5606601f22f2a3ddc836c32a0421d19d8", "69d7e712be93bec826ab557052313f29af0ad4dbb84f54f62543bb4545c686ea"], "mitre_attack_tags": []}, {"bi": "pe-tls-callback", "hashes": ["83474bc61eb436f59bce4cf1258c00d5606601f22f2a3ddc836c32a0421d19d8", "69d7e712be93bec826ab557052313f29af0ad4dbb84f54f62543bb4545c686ea"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "sample-pe-modified-on-disk", "hashes": ["83474bc61eb436f59bce4cf1258c00d5606601f22f2a3ddc836c32a0421d19d8", "69d7e712be93bec826ab557052313f29af0ad4dbb84f54f62543bb4545c686ea"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "malware-compound-cta-activity", "hashes": ["83474bc61eb436f59bce4cf1258c00d5606601f22f2a3ddc836c32a0421d19d8", "69d7e712be93bec826ab557052313f29af0ad4dbb84f54f62543bb4545c686ea"], "mitre_attack_tags": []}, {"bi": "task-manager-disabled", "hashes": ["83474bc61eb436f59bce4cf1258c00d5606601f22f2a3ddc836c32a0421d19d8", "69d7e712be93bec826ab557052313f29af0ad4dbb84f54f62543bb4545c686ea"], "mitre_attack_tags": ["TA0040", "T1499"]}, {"bi": "pe-header-timestamp-prior", "hashes": ["83474bc61eb436f59bce4cf1258c00d5606601f22f2a3ddc836c32a0421d19d8", "69d7e712be93bec826ab557052313f29af0ad4dbb84f54f62543bb4545c686ea"], "mitre_attack_tags": []}, {"bi": "possible-dga-communication", "hashes": ["83474bc61eb436f59bce4cf1258c00d5606601f22f2a3ddc836c32a0421d19d8", "69d7e712be93bec826ab557052313f29af0ad4dbb84f54f62543bb4545c686ea"], "mitre_attack_tags": ["TA0011", "T1568"]}, {"bi": "windows-os-reboot-detected", "hashes": ["83474bc61eb436f59bce4cf1258c00d5606601f22f2a3ddc836c32a0421d19d8", "69d7e712be93bec826ab557052313f29af0ad4dbb84f54f62543bb4545c686ea"], "mitre_attack_tags": ["TA0040", "T1529"]}, {"bi": "pe-header-timestamp-null", "hashes": ["83474bc61eb436f59bce4cf1258c00d5606601f22f2a3ddc836c32a0421d19d8", "69d7e712be93bec826ab557052313f29af0ad4dbb84f54f62543bb4545c686ea"], "mitre_attack_tags": []}, {"bi": "sample-modified-deleted", "hashes": ["83474bc61eb436f59bce4cf1258c00d5606601f22f2a3ddc836c32a0421d19d8", "69d7e712be93bec826ab557052313f29af0ad4dbb84f54f62543bb4545c686ea"], "mitre_attack_tags": ["TA0005", "T1070"]}, {"bi": "malware-dridex-detected", "hashes": ["83474bc61eb436f59bce4cf1258c00d5606601f22f2a3ddc836c32a0421d19d8", "69d7e712be93bec826ab557052313f29af0ad4dbb84f54f62543bb4545c686ea"], "mitre_attack_tags": []}, {"bi": "url-pastebin-service", "hashes": ["83474bc61eb436f59bce4cf1258c00d5606601f22f2a3ddc836c32a0421d19d8", "69d7e712be93bec826ab557052313f29af0ad4dbb84f54f62543bb4545c686ea"], "mitre_attack_tags": ["TA0011", "T1102"]}], "category": "Packed", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": true, "Threat Grid": true, "Umbrella": false, "WSA": false}, "description": "Dridex is a well-known banking trojan that aims to steal credentials and other sensitive information from an infected machine.", "hashes": ["273e78aecebe6b365e6140008709d38fc8db06a3c936a10ec16f9bdeea5dc292", "2cd9b2d9ddfc9fa3f75c4829bccaac0a27840ca9fa83a5448aa3fdf29e545e98", "69d7e712be93bec826ab557052313f29af0ad4dbb84f54f62543bb4545c686ea", "77cf960d5ee90452d78f0929f4072079c3cfe84dfd8249e0c70a4800dd518aaa", "795477e99fb32f612f262d82c5fc95deda3f1ee2a2ef315a53d22bd8c9923ab3", "83474bc61eb436f59bce4cf1258c00d5606601f22f2a3ddc836c32a0421d19d8", "87204c96fae66d5a5ce21400d8f955caaf9fb82763ebf3e76a4c28269dad1b19", "913b6d60db12e310f8ed32c305705704a3e405eab8ca7969c5d5d0592fd5dee3", "914e65f35736f3fdb7bba0a290a02751ad6a3a0a10cac85434c0afc04bcc92d1", "9ffb732aebcbe347657133e5743799c26df78793ec98884134268db8e06cad2b", "abbc6d65b9589c68253cfa7038617834b8d4df0bfd81bd5b1623e37fcabe402c", "b8cfe2fc17e25d98193f783dcd738d7267652fa906eaceb040967883c3df6a2d", "bc99c80a8d7044530e355e7c363e75391045cdc2a5affb2c7a10b36cc09de4f3", "be0e27636f0ea96cc074487f83d5a65dd0ed021d649d869f095208a43c5cb4a6", "ca55f6464757493505ebf72ab37403ed8a2b689a3f044159b29eb2994c7e4b6d", "cda7f652de1d14d0a46b5da801dcc0151311dd9ea4074b3bade983422bfca705", "dfd68989d8c731b0ea6de17e995271e32a70c304ec086de19ea49efeb15310f6", "e61329c07c2ad87b88df7a676d9802fdb79735c62a3a5ce034207533a9c91ec9"], "iocs": {"domain": [{"hashes": ["2cd9b2d9ddfc9fa3f75c4829bccaac0a27840ca9fa83a5448aa3fdf29e545e98", "69d7e712be93bec826ab557052313f29af0ad4dbb84f54f62543bb4545c686ea", "77cf960d5ee90452d78f0929f4072079c3cfe84dfd8249e0c70a4800dd518aaa", "795477e99fb32f612f262d82c5fc95deda3f1ee2a2ef315a53d22bd8c9923ab3", "83474bc61eb436f59bce4cf1258c00d5606601f22f2a3ddc836c32a0421d19d8", "87204c96fae66d5a5ce21400d8f955caaf9fb82763ebf3e76a4c28269dad1b19", "913b6d60db12e310f8ed32c305705704a3e405eab8ca7969c5d5d0592fd5dee3", "914e65f35736f3fdb7bba0a290a02751ad6a3a0a10cac85434c0afc04bcc92d1", "9ffb732aebcbe347657133e5743799c26df78793ec98884134268db8e06cad2b", "abbc6d65b9589c68253cfa7038617834b8d4df0bfd81bd5b1623e37fcabe402c", "b8cfe2fc17e25d98193f783dcd738d7267652fa906eaceb040967883c3df6a2d", "bc99c80a8d7044530e355e7c363e75391045cdc2a5affb2c7a10b36cc09de4f3", "be0e27636f0ea96cc074487f83d5a65dd0ed021d649d869f095208a43c5cb4a6", "ca55f6464757493505ebf72ab37403ed8a2b689a3f044159b29eb2994c7e4b6d", "cda7f652de1d14d0a46b5da801dcc0151311dd9ea4074b3bade983422bfca705"], "host": "pastebin[.]com"}, {"hashes": ["2cd9b2d9ddfc9fa3f75c4829bccaac0a27840ca9fa83a5448aa3fdf29e545e98", "69d7e712be93bec826ab557052313f29af0ad4dbb84f54f62543bb4545c686ea", "77cf960d5ee90452d78f0929f4072079c3cfe84dfd8249e0c70a4800dd518aaa", "795477e99fb32f612f262d82c5fc95deda3f1ee2a2ef315a53d22bd8c9923ab3", "83474bc61eb436f59bce4cf1258c00d5606601f22f2a3ddc836c32a0421d19d8", "87204c96fae66d5a5ce21400d8f955caaf9fb82763ebf3e76a4c28269dad1b19", "913b6d60db12e310f8ed32c305705704a3e405eab8ca7969c5d5d0592fd5dee3", "914e65f35736f3fdb7bba0a290a02751ad6a3a0a10cac85434c0afc04bcc92d1", "9ffb732aebcbe347657133e5743799c26df78793ec98884134268db8e06cad2b", "abbc6d65b9589c68253cfa7038617834b8d4df0bfd81bd5b1623e37fcabe402c", "b8cfe2fc17e25d98193f783dcd738d7267652fa906eaceb040967883c3df6a2d", "bc99c80a8d7044530e355e7c363e75391045cdc2a5affb2c7a10b36cc09de4f3", "be0e27636f0ea96cc074487f83d5a65dd0ed021d649d869f095208a43c5cb4a6", "ca55f6464757493505ebf72ab37403ed8a2b689a3f044159b29eb2994c7e4b6d", "cda7f652de1d14d0a46b5da801dcc0151311dd9ea4074b3bade983422bfca705"], "host": "www3[.]l[.]google[.]com"}, {"hashes": ["2cd9b2d9ddfc9fa3f75c4829bccaac0a27840ca9fa83a5448aa3fdf29e545e98", "69d7e712be93bec826ab557052313f29af0ad4dbb84f54f62543bb4545c686ea", "77cf960d5ee90452d78f0929f4072079c3cfe84dfd8249e0c70a4800dd518aaa", "795477e99fb32f612f262d82c5fc95deda3f1ee2a2ef315a53d22bd8c9923ab3", "83474bc61eb436f59bce4cf1258c00d5606601f22f2a3ddc836c32a0421d19d8", "87204c96fae66d5a5ce21400d8f955caaf9fb82763ebf3e76a4c28269dad1b19", "913b6d60db12e310f8ed32c305705704a3e405eab8ca7969c5d5d0592fd5dee3", "914e65f35736f3fdb7bba0a290a02751ad6a3a0a10cac85434c0afc04bcc92d1", "9ffb732aebcbe347657133e5743799c26df78793ec98884134268db8e06cad2b", "abbc6d65b9589c68253cfa7038617834b8d4df0bfd81bd5b1623e37fcabe402c", "b8cfe2fc17e25d98193f783dcd738d7267652fa906eaceb040967883c3df6a2d", "bc99c80a8d7044530e355e7c363e75391045cdc2a5affb2c7a10b36cc09de4f3", "be0e27636f0ea96cc074487f83d5a65dd0ed021d649d869f095208a43c5cb4a6", "ca55f6464757493505ebf72ab37403ed8a2b689a3f044159b29eb2994c7e4b6d", "cda7f652de1d14d0a46b5da801dcc0151311dd9ea4074b3bade983422bfca705"], "host": "w[.]google[.]com"}, {"hashes": ["87204c96fae66d5a5ce21400d8f955caaf9fb82763ebf3e76a4c28269dad1b19", "913b6d60db12e310f8ed32c305705704a3e405eab8ca7969c5d5d0592fd5dee3", "9ffb732aebcbe347657133e5743799c26df78793ec98884134268db8e06cad2b", "be0e27636f0ea96cc074487f83d5a65dd0ed021d649d869f095208a43c5cb4a6"], "host": "auto[.]au[.]download[.]windowsupdate[.]com[.]c[.]footprint[.]net"}, {"hashes": ["795477e99fb32f612f262d82c5fc95deda3f1ee2a2ef315a53d22bd8c9923ab3", "83474bc61eb436f59bce4cf1258c00d5606601f22f2a3ddc836c32a0421d19d8", "ca55f6464757493505ebf72ab37403ed8a2b689a3f044159b29eb2994c7e4b6d"], "host": "cds[.]d2s7q6s2[.]hwcdn[.]net"}, {"hashes": ["913b6d60db12e310f8ed32c305705704a3e405eab8ca7969c5d5d0592fd5dee3"], "host": "www[.]m1yds8goup[.]com"}, {"hashes": ["913b6d60db12e310f8ed32c305705704a3e405eab8ca7969c5d5d0592fd5dee3"], "host": "www[.]chedwr0dpg[.]com"}, {"hashes": ["913b6d60db12e310f8ed32c305705704a3e405eab8ca7969c5d5d0592fd5dee3"], "host": "www[.]fsxv1dmkwz[.]com"}, {"hashes": ["913b6d60db12e310f8ed32c305705704a3e405eab8ca7969c5d5d0592fd5dee3"], "host": "www[.]goawzih5m5[.]com"}, {"hashes": ["913b6d60db12e310f8ed32c305705704a3e405eab8ca7969c5d5d0592fd5dee3"], "host": "www[.]3melnibjsc[.]com"}, {"hashes": ["795477e99fb32f612f262d82c5fc95deda3f1ee2a2ef315a53d22bd8c9923ab3"], "host": "www[.]rdqpz0vn9d[.]com"}, {"hashes": ["795477e99fb32f612f262d82c5fc95deda3f1ee2a2ef315a53d22bd8c9923ab3"], "host": "www[.]tykpka6lil[.]com"}, {"hashes": ["795477e99fb32f612f262d82c5fc95deda3f1ee2a2ef315a53d22bd8c9923ab3"], "host": "www[.]k6y5yrtgv6[.]com"}, {"hashes": ["795477e99fb32f612f262d82c5fc95deda3f1ee2a2ef315a53d22bd8c9923ab3"], "host": "www[.]ttrmkymovi[.]com"}, {"hashes": ["795477e99fb32f612f262d82c5fc95deda3f1ee2a2ef315a53d22bd8c9923ab3"], "host": "www[.]kfxuc4hx2g[.]com"}, {"hashes": ["795477e99fb32f612f262d82c5fc95deda3f1ee2a2ef315a53d22bd8c9923ab3"], "host": "www[.]kjertmmeys[.]com"}, {"hashes": ["795477e99fb32f612f262d82c5fc95deda3f1ee2a2ef315a53d22bd8c9923ab3"], "host": "www[.]1oy4bx0zzv[.]com"}, {"hashes": ["795477e99fb32f612f262d82c5fc95deda3f1ee2a2ef315a53d22bd8c9923ab3"], "host": "www[.]ke3ig5thpq[.]com"}, {"hashes": ["b8cfe2fc17e25d98193f783dcd738d7267652fa906eaceb040967883c3df6a2d"], "host": "www[.]lqffccvhu5[.]com"}, {"hashes": ["87204c96fae66d5a5ce21400d8f955caaf9fb82763ebf3e76a4c28269dad1b19"], "host": "www[.]cjmec0tlpi[.]com"}, {"hashes": ["b8cfe2fc17e25d98193f783dcd738d7267652fa906eaceb040967883c3df6a2d"], "host": "www[.]6xhxkpcpma[.]com"}, {"hashes": ["87204c96fae66d5a5ce21400d8f955caaf9fb82763ebf3e76a4c28269dad1b19"], "host": "www[.]itj6lydif7[.]com"}, {"hashes": ["b8cfe2fc17e25d98193f783dcd738d7267652fa906eaceb040967883c3df6a2d"], "host": "www[.]a1yiss06on[.]com"}, {"hashes": ["87204c96fae66d5a5ce21400d8f955caaf9fb82763ebf3e76a4c28269dad1b19"], "host": "www[.]damc8kpy9t[.]com"}, {"hashes": ["b8cfe2fc17e25d98193f783dcd738d7267652fa906eaceb040967883c3df6a2d"], "host": "www[.]yk5tv6zymi[.]com"}, {"hashes": ["87204c96fae66d5a5ce21400d8f955caaf9fb82763ebf3e76a4c28269dad1b19"], "host": "www[.]opfk1e2yaq[.]com"}, {"hashes": ["b8cfe2fc17e25d98193f783dcd738d7267652fa906eaceb040967883c3df6a2d"], "host": "www[.]wc8vacyc76[.]com"}, {"hashes": ["87204c96fae66d5a5ce21400d8f955caaf9fb82763ebf3e76a4c28269dad1b19"], "host": "www[.]ak1xmkmblh[.]com"}, {"hashes": ["b8cfe2fc17e25d98193f783dcd738d7267652fa906eaceb040967883c3df6a2d"], "host": "www[.]dnfuchhbre[.]com"}, {"hashes": ["87204c96fae66d5a5ce21400d8f955caaf9fb82763ebf3e76a4c28269dad1b19"], "host": "www[.]rwjlwntlbd[.]com"}, {"hashes": ["b8cfe2fc17e25d98193f783dcd738d7267652fa906eaceb040967883c3df6a2d"], "host": "www[.]sixn9rfagh[.]com"}, {"hashes": ["b8cfe2fc17e25d98193f783dcd738d7267652fa906eaceb040967883c3df6a2d"], "host": "www[.]k8h5pexvrh[.]com"}, {"hashes": ["87204c96fae66d5a5ce21400d8f955caaf9fb82763ebf3e76a4c28269dad1b19"], "host": "www[.]nyxb1dz5cj[.]com"}, {"hashes": ["87204c96fae66d5a5ce21400d8f955caaf9fb82763ebf3e76a4c28269dad1b19"], "host": "www[.]0pryl8jv2t[.]com"}, {"hashes": ["ca55f6464757493505ebf72ab37403ed8a2b689a3f044159b29eb2994c7e4b6d"], "host": "www[.]h7ntrflwmk[.]com"}, {"hashes": ["be0e27636f0ea96cc074487f83d5a65dd0ed021d649d869f095208a43c5cb4a6"], "host": "www[.]v0ctfnrlku[.]com"}, {"hashes": ["ca55f6464757493505ebf72ab37403ed8a2b689a3f044159b29eb2994c7e4b6d"], "host": "www[.]cwpngax2h7[.]com"}, {"hashes": ["be0e27636f0ea96cc074487f83d5a65dd0ed021d649d869f095208a43c5cb4a6"], "host": "www[.]hqlwladhpu[.]com"}, {"hashes": ["ca55f6464757493505ebf72ab37403ed8a2b689a3f044159b29eb2994c7e4b6d"], "host": "www[.]nzkzygdohm[.]com"}, {"hashes": ["be0e27636f0ea96cc074487f83d5a65dd0ed021d649d869f095208a43c5cb4a6"], "host": "www[.]lo8zryskdl[.]com"}, {"hashes": ["ca55f6464757493505ebf72ab37403ed8a2b689a3f044159b29eb2994c7e4b6d"], "host": "www[.]aei9qk8c0w[.]com"}, {"hashes": ["be0e27636f0ea96cc074487f83d5a65dd0ed021d649d869f095208a43c5cb4a6"], "host": "www[.]flx1ecvswt[.]com"}, {"hashes": ["be0e27636f0ea96cc074487f83d5a65dd0ed021d649d869f095208a43c5cb4a6"], "host": "www[.]hfaii30zzv[.]com"}, {"hashes": ["ca55f6464757493505ebf72ab37403ed8a2b689a3f044159b29eb2994c7e4b6d"], "host": "www[.]htyigdrros[.]com"}, {"hashes": ["ca55f6464757493505ebf72ab37403ed8a2b689a3f044159b29eb2994c7e4b6d"], "host": "www[.]necf7cfjbd[.]com"}, {"hashes": ["ca55f6464757493505ebf72ab37403ed8a2b689a3f044159b29eb2994c7e4b6d"], "host": "www[.]tmgygv0o1l[.]com"}, {"hashes": ["ca55f6464757493505ebf72ab37403ed8a2b689a3f044159b29eb2994c7e4b6d"], "host": "www[.]x1mfiv0die[.]com"}, {"hashes": ["be0e27636f0ea96cc074487f83d5a65dd0ed021d649d869f095208a43c5cb4a6"], "host": "www[.]sbjxtpwvhh[.]com"}, {"hashes": ["be0e27636f0ea96cc074487f83d5a65dd0ed021d649d869f095208a43c5cb4a6"], "host": "www[.]akyhzcsjbx[.]com"}, {"hashes": ["be0e27636f0ea96cc074487f83d5a65dd0ed021d649d869f095208a43c5cb4a6"], "host": "www[.]byyutfuqaj[.]com"}], "file": [{"hashes": ["273e78aecebe6b365e6140008709d38fc8db06a3c936a10ec16f9bdeea5dc292", "2cd9b2d9ddfc9fa3f75c4829bccaac0a27840ca9fa83a5448aa3fdf29e545e98", "69d7e712be93bec826ab557052313f29af0ad4dbb84f54f62543bb4545c686ea", "77cf960d5ee90452d78f0929f4072079c3cfe84dfd8249e0c70a4800dd518aaa", "795477e99fb32f612f262d82c5fc95deda3f1ee2a2ef315a53d22bd8c9923ab3", "83474bc61eb436f59bce4cf1258c00d5606601f22f2a3ddc836c32a0421d19d8", "87204c96fae66d5a5ce21400d8f955caaf9fb82763ebf3e76a4c28269dad1b19", "913b6d60db12e310f8ed32c305705704a3e405eab8ca7969c5d5d0592fd5dee3", "914e65f35736f3fdb7bba0a290a02751ad6a3a0a10cac85434c0afc04bcc92d1", "9ffb732aebcbe347657133e5743799c26df78793ec98884134268db8e06cad2b", "abbc6d65b9589c68253cfa7038617834b8d4df0bfd81bd5b1623e37fcabe402c", "b8cfe2fc17e25d98193f783dcd738d7267652fa906eaceb040967883c3df6a2d", "bc99c80a8d7044530e355e7c363e75391045cdc2a5affb2c7a10b36cc09de4f3", "be0e27636f0ea96cc074487f83d5a65dd0ed021d649d869f095208a43c5cb4a6", "ca55f6464757493505ebf72ab37403ed8a2b689a3f044159b29eb2994c7e4b6d", "cda7f652de1d14d0a46b5da801dcc0151311dd9ea4074b3bade983422bfca705", "dfd68989d8c731b0ea6de17e995271e32a70c304ec086de19ea49efeb15310f6", "e61329c07c2ad87b88df7a676d9802fdb79735c62a3a5ce034207533a9c91ec9"], "path": "<malware cwd>\\old_<malware exe name> (copy)"}, {"hashes": ["9ffb732aebcbe347657133e5743799c26df78793ec98884134268db8e06cad2b"], "path": "\\Temp\\HncDownload\\Update.log"}, {"hashes": ["9ffb732aebcbe347657133e5743799c26df78793ec98884134268db8e06cad2b"], "path": "%ProgramData%\\Microsoft\\Windows\\SystemData\\S-1-5-18\\ReadOnly\\LockScreen_Z\\LockScreen___1024_0768_notdimmed.jpg (copy)"}, {"hashes": ["9ffb732aebcbe347657133e5743799c26df78793ec98884134268db8e06cad2b"], "path": "%ProgramData%\\Microsoft\\Windows\\SystemData\\S-1-5-18\\ReadOnly\\LockScreen_Z\\~ockScreen___1024_0768_notdimmed.tmp"}, {"hashes": ["9ffb732aebcbe347657133e5743799c26df78793ec98884134268db8e06cad2b"], "path": "%LOCALAPPDATA%\\Microsoft\\CLR_v2.0_32\\UsageLogs\\HncCheck.exe.log"}], "ip": [{"hashes": ["2cd9b2d9ddfc9fa3f75c4829bccaac0a27840ca9fa83a5448aa3fdf29e545e98", "77cf960d5ee90452d78f0929f4072079c3cfe84dfd8249e0c70a4800dd518aaa", "795477e99fb32f612f262d82c5fc95deda3f1ee2a2ef315a53d22bd8c9923ab3", "9ffb732aebcbe347657133e5743799c26df78793ec98884134268db8e06cad2b", "abbc6d65b9589c68253cfa7038617834b8d4df0bfd81bd5b1623e37fcabe402c", "b8cfe2fc17e25d98193f783dcd738d7267652fa906eaceb040967883c3df6a2d", "be0e27636f0ea96cc074487f83d5a65dd0ed021d649d869f095208a43c5cb4a6", "cda7f652de1d14d0a46b5da801dcc0151311dd9ea4074b3bade983422bfca705"], "ip": "104[.]23[.]98[.]190"}, {"hashes": ["69d7e712be93bec826ab557052313f29af0ad4dbb84f54f62543bb4545c686ea", "83474bc61eb436f59bce4cf1258c00d5606601f22f2a3ddc836c32a0421d19d8", "87204c96fae66d5a5ce21400d8f955caaf9fb82763ebf3e76a4c28269dad1b19", "913b6d60db12e310f8ed32c305705704a3e405eab8ca7969c5d5d0592fd5dee3", "914e65f35736f3fdb7bba0a290a02751ad6a3a0a10cac85434c0afc04bcc92d1", "bc99c80a8d7044530e355e7c363e75391045cdc2a5affb2c7a10b36cc09de4f3", "ca55f6464757493505ebf72ab37403ed8a2b689a3f044159b29eb2994c7e4b6d"], "ip": "104[.]23[.]99[.]190"}, {"hashes": ["77cf960d5ee90452d78f0929f4072079c3cfe84dfd8249e0c70a4800dd518aaa", "913b6d60db12e310f8ed32c305705704a3e405eab8ca7969c5d5d0592fd5dee3", "b8cfe2fc17e25d98193f783dcd738d7267652fa906eaceb040967883c3df6a2d", "bc99c80a8d7044530e355e7c363e75391045cdc2a5affb2c7a10b36cc09de4f3", "ca55f6464757493505ebf72ab37403ed8a2b689a3f044159b29eb2994c7e4b6d"], "ip": "173[.]194[.]175[.]102"}, {"hashes": ["2cd9b2d9ddfc9fa3f75c4829bccaac0a27840ca9fa83a5448aa3fdf29e545e98", "69d7e712be93bec826ab557052313f29af0ad4dbb84f54f62543bb4545c686ea", "83474bc61eb436f59bce4cf1258c00d5606601f22f2a3ddc836c32a0421d19d8", "9ffb732aebcbe347657133e5743799c26df78793ec98884134268db8e06cad2b", "abbc6d65b9589c68253cfa7038617834b8d4df0bfd81bd5b1623e37fcabe402c"], "ip": "173[.]194[.]175[.]138"}, {"hashes": ["914e65f35736f3fdb7bba0a290a02751ad6a3a0a10cac85434c0afc04bcc92d1", "9ffb732aebcbe347657133e5743799c26df78793ec98884134268db8e06cad2b", "be0e27636f0ea96cc074487f83d5a65dd0ed021d649d869f095208a43c5cb4a6", "cda7f652de1d14d0a46b5da801dcc0151311dd9ea4074b3bade983422bfca705"], "ip": "173[.]194[.]175[.]113"}, {"hashes": ["795477e99fb32f612f262d82c5fc95deda3f1ee2a2ef315a53d22bd8c9923ab3", "87204c96fae66d5a5ce21400d8f955caaf9fb82763ebf3e76a4c28269dad1b19", "9ffb732aebcbe347657133e5743799c26df78793ec98884134268db8e06cad2b"], "ip": "173[.]194[.]175[.]100/31"}, {"hashes": ["795477e99fb32f612f262d82c5fc95deda3f1ee2a2ef315a53d22bd8c9923ab3", "ca55f6464757493505ebf72ab37403ed8a2b689a3f044159b29eb2994c7e4b6d"], "ip": "205[.]185[.]216[.]42"}, {"hashes": ["9ffb732aebcbe347657133e5743799c26df78793ec98884134268db8e06cad2b"], "ip": "173[.]194[.]207[.]113"}, {"hashes": ["2cd9b2d9ddfc9fa3f75c4829bccaac0a27840ca9fa83a5448aa3fdf29e545e98"], "ip": "72[.]21[.]81[.]240"}, {"hashes": ["9ffb732aebcbe347657133e5743799c26df78793ec98884134268db8e06cad2b"], "ip": "172[.]217[.]197[.]102"}, {"hashes": ["9ffb732aebcbe347657133e5743799c26df78793ec98884134268db8e06cad2b"], "ip": "173[.]194[.]66[.]94"}, {"hashes": ["83474bc61eb436f59bce4cf1258c00d5606601f22f2a3ddc836c32a0421d19d8"], "ip": "205[.]185[.]216[.]10"}, {"hashes": ["9ffb732aebcbe347657133e5743799c26df78793ec98884134268db8e06cad2b"], "ip": "172[.]217[.]197[.]147"}, {"hashes": ["9ffb732aebcbe347657133e5743799c26df78793ec98884134268db8e06cad2b"], "ip": "74[.]125[.]192[.]94"}, {"hashes": ["9ffb732aebcbe347657133e5743799c26df78793ec98884134268db8e06cad2b"], "ip": "209[.]85[.]201[.]94"}, {"hashes": ["9ffb732aebcbe347657133e5743799c26df78793ec98884134268db8e06cad2b"], "ip": "209[.]85[.]232[.]94"}, {"hashes": ["913b6d60db12e310f8ed32c305705704a3e405eab8ca7969c5d5d0592fd5dee3"], "ip": "8[.]253[.]45[.]214"}, {"hashes": ["9ffb732aebcbe347657133e5743799c26df78793ec98884134268db8e06cad2b"], "ip": "8[.]249[.]233[.]254"}, {"hashes": ["be0e27636f0ea96cc074487f83d5a65dd0ed021d649d869f095208a43c5cb4a6"], "ip": "8[.]248[.]159[.]254"}, {"hashes": ["87204c96fae66d5a5ce21400d8f955caaf9fb82763ebf3e76a4c28269dad1b19"], "ip": "8[.]253[.]132[.]121"}, {"hashes": ["9ffb732aebcbe347657133e5743799c26df78793ec98884134268db8e06cad2b"], "ip": "8[.]249[.]245[.]254"}, {"hashes": ["9ffb732aebcbe347657133e5743799c26df78793ec98884134268db8e06cad2b"], "ip": "173[.]194[.]205[.]95"}, {"hashes": ["9ffb732aebcbe347657133e5743799c26df78793ec98884134268db8e06cad2b"], "ip": "172[.]217[.]222[.]132"}, {"hashes": ["9ffb732aebcbe347657133e5743799c26df78793ec98884134268db8e06cad2b"], "ip": "173[.]194[.]207[.]84"}, {"hashes": ["9ffb732aebcbe347657133e5743799c26df78793ec98884134268db8e06cad2b"], "ip": "74[.]125[.]155[.]105"}], "mutex": [{"hashes": ["273e78aecebe6b365e6140008709d38fc8db06a3c936a10ec16f9bdeea5dc292", "2cd9b2d9ddfc9fa3f75c4829bccaac0a27840ca9fa83a5448aa3fdf29e545e98", "69d7e712be93bec826ab557052313f29af0ad4dbb84f54f62543bb4545c686ea", "77cf960d5ee90452d78f0929f4072079c3cfe84dfd8249e0c70a4800dd518aaa", "795477e99fb32f612f262d82c5fc95deda3f1ee2a2ef315a53d22bd8c9923ab3", "83474bc61eb436f59bce4cf1258c00d5606601f22f2a3ddc836c32a0421d19d8", "87204c96fae66d5a5ce21400d8f955caaf9fb82763ebf3e76a4c28269dad1b19", "913b6d60db12e310f8ed32c305705704a3e405eab8ca7969c5d5d0592fd5dee3", "914e65f35736f3fdb7bba0a290a02751ad6a3a0a10cac85434c0afc04bcc92d1", "9ffb732aebcbe347657133e5743799c26df78793ec98884134268db8e06cad2b", "abbc6d65b9589c68253cfa7038617834b8d4df0bfd81bd5b1623e37fcabe402c", "b8cfe2fc17e25d98193f783dcd738d7267652fa906eaceb040967883c3df6a2d", "bc99c80a8d7044530e355e7c363e75391045cdc2a5affb2c7a10b36cc09de4f3", "be0e27636f0ea96cc074487f83d5a65dd0ed021d649d869f095208a43c5cb4a6", "ca55f6464757493505ebf72ab37403ed8a2b689a3f044159b29eb2994c7e4b6d", "cda7f652de1d14d0a46b5da801dcc0151311dd9ea4074b3bade983422bfca705", "dfd68989d8c731b0ea6de17e995271e32a70c304ec086de19ea49efeb15310f6", "e61329c07c2ad87b88df7a676d9802fdb79735c62a3a5ce034207533a9c91ec9"], "name": "<random, matching [A-Z0-9]{10}>"}], "registry": [{"hashes": ["273e78aecebe6b365e6140008709d38fc8db06a3c936a10ec16f9bdeea5dc292", "2cd9b2d9ddfc9fa3f75c4829bccaac0a27840ca9fa83a5448aa3fdf29e545e98", "69d7e712be93bec826ab557052313f29af0ad4dbb84f54f62543bb4545c686ea", "77cf960d5ee90452d78f0929f4072079c3cfe84dfd8249e0c70a4800dd518aaa", "795477e99fb32f612f262d82c5fc95deda3f1ee2a2ef315a53d22bd8c9923ab3", "83474bc61eb436f59bce4cf1258c00d5606601f22f2a3ddc836c32a0421d19d8", "87204c96fae66d5a5ce21400d8f955caaf9fb82763ebf3e76a4c28269dad1b19", "913b6d60db12e310f8ed32c305705704a3e405eab8ca7969c5d5d0592fd5dee3", "914e65f35736f3fdb7bba0a290a02751ad6a3a0a10cac85434c0afc04bcc92d1", "9ffb732aebcbe347657133e5743799c26df78793ec98884134268db8e06cad2b", "abbc6d65b9589c68253cfa7038617834b8d4df0bfd81bd5b1623e37fcabe402c", "b8cfe2fc17e25d98193f783dcd738d7267652fa906eaceb040967883c3df6a2d", "bc99c80a8d7044530e355e7c363e75391045cdc2a5affb2c7a10b36cc09de4f3", "be0e27636f0ea96cc074487f83d5a65dd0ed021d649d869f095208a43c5cb4a6", "ca55f6464757493505ebf72ab37403ed8a2b689a3f044159b29eb2994c7e4b6d", "cda7f652de1d14d0a46b5da801dcc0151311dd9ea4074b3bade983422bfca705", "dfd68989d8c731b0ea6de17e995271e32a70c304ec086de19ea49efeb15310f6", "e61329c07c2ad87b88df7a676d9802fdb79735c62a3a5ce034207533a9c91ec9"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUNONCE", "value_name": "trkcore"}, {"hashes": ["273e78aecebe6b365e6140008709d38fc8db06a3c936a10ec16f9bdeea5dc292", "2cd9b2d9ddfc9fa3f75c4829bccaac0a27840ca9fa83a5448aa3fdf29e545e98", "69d7e712be93bec826ab557052313f29af0ad4dbb84f54f62543bb4545c686ea", "77cf960d5ee90452d78f0929f4072079c3cfe84dfd8249e0c70a4800dd518aaa", "795477e99fb32f612f262d82c5fc95deda3f1ee2a2ef315a53d22bd8c9923ab3", "83474bc61eb436f59bce4cf1258c00d5606601f22f2a3ddc836c32a0421d19d8", "87204c96fae66d5a5ce21400d8f955caaf9fb82763ebf3e76a4c28269dad1b19", "913b6d60db12e310f8ed32c305705704a3e405eab8ca7969c5d5d0592fd5dee3", "914e65f35736f3fdb7bba0a290a02751ad6a3a0a10cac85434c0afc04bcc92d1", "9ffb732aebcbe347657133e5743799c26df78793ec98884134268db8e06cad2b", "abbc6d65b9589c68253cfa7038617834b8d4df0bfd81bd5b1623e37fcabe402c", "b8cfe2fc17e25d98193f783dcd738d7267652fa906eaceb040967883c3df6a2d", "bc99c80a8d7044530e355e7c363e75391045cdc2a5affb2c7a10b36cc09de4f3", "be0e27636f0ea96cc074487f83d5a65dd0ed021d649d869f095208a43c5cb4a6", "ca55f6464757493505ebf72ab37403ed8a2b689a3f044159b29eb2994c7e4b6d", "cda7f652de1d14d0a46b5da801dcc0151311dd9ea4074b3bade983422bfca705", "dfd68989d8c731b0ea6de17e995271e32a70c304ec086de19ea49efeb15310f6", "e61329c07c2ad87b88df7a676d9802fdb79735c62a3a5ce034207533a9c91ec9"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\SYSTEM", "value_name": "DisableTaskMgr"}, {"hashes": ["273e78aecebe6b365e6140008709d38fc8db06a3c936a10ec16f9bdeea5dc292", "2cd9b2d9ddfc9fa3f75c4829bccaac0a27840ca9fa83a5448aa3fdf29e545e98", "69d7e712be93bec826ab557052313f29af0ad4dbb84f54f62543bb4545c686ea", "77cf960d5ee90452d78f0929f4072079c3cfe84dfd8249e0c70a4800dd518aaa", "795477e99fb32f612f262d82c5fc95deda3f1ee2a2ef315a53d22bd8c9923ab3", "83474bc61eb436f59bce4cf1258c00d5606601f22f2a3ddc836c32a0421d19d8", "87204c96fae66d5a5ce21400d8f955caaf9fb82763ebf3e76a4c28269dad1b19", "913b6d60db12e310f8ed32c305705704a3e405eab8ca7969c5d5d0592fd5dee3", "914e65f35736f3fdb7bba0a290a02751ad6a3a0a10cac85434c0afc04bcc92d1", "9ffb732aebcbe347657133e5743799c26df78793ec98884134268db8e06cad2b", "abbc6d65b9589c68253cfa7038617834b8d4df0bfd81bd5b1623e37fcabe402c", "b8cfe2fc17e25d98193f783dcd738d7267652fa906eaceb040967883c3df6a2d", "bc99c80a8d7044530e355e7c363e75391045cdc2a5affb2c7a10b36cc09de4f3", "be0e27636f0ea96cc074487f83d5a65dd0ed021d649d869f095208a43c5cb4a6", "ca55f6464757493505ebf72ab37403ed8a2b689a3f044159b29eb2994c7e4b6d", "cda7f652de1d14d0a46b5da801dcc0151311dd9ea4074b3bade983422bfca705", "dfd68989d8c731b0ea6de17e995271e32a70c304ec086de19ea49efeb15310f6", "e61329c07c2ad87b88df7a676d9802fdb79735c62a3a5ce034207533a9c91ec9"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\ACTION CENTER\\CHECKS\\{C8E6F269-B90A-4053-A3BE-499AFCEC98C4}.CHECK.0", "value_name": "CheckSetting"}]}, "reports_count": 18}, "Win.Packed.Tofsee-9840468-0": {"bis": [{"bi": "pe-encrypted-section", "hashes": ["59baffc524a5e9853bd26cfb3272d3b3bcb50c4a84002e4853affbf2855e584d", "61e0604d33d33b189d984da00e393472b328233c41af921f8b14eab9b928d4b8", "7b782d02e6ff6d56139663c74b03e57f517b305fc78b2b54aff90a4952cdb6eb", "1c7901421275b33dbae9698ac798a8fdcc4999fdbd04bcd8d221c70fb75c91ae", "6308ca8901f9d0ec5dcf5831c0b016b1992535a05977949ddfa67a66b09470c4", "563bbef37b9b7578a75170ee0a05e3655a1f97ed5df3882c229ef1b4f375c16d", "eaf4c97da44d07dacf2f639e845bcdfa869cd09f1a069ba16f3f99954c245419", "271ea89850fffcb08deab3cc8296bcbeb144603e77280847a89504678f40a102", "c2c35746fe97baf481b6d8cd6281a7d9542c187de80e6d2aad04f06c79841e5d", "3e30d8161b24b957254b37d23c34c045e90bc4d8aa0475dc479cc1985f4d0e47", "a7c21d784caff9a2c6e1baaa77f544bd532a8fb48be0a62480c0e7278d900f3d", "d08017aa9a9b0f146c422c66b33347b35d47ee9c98b2b36aad4554356043ec10"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "memory-execute-readwrite", "hashes": ["59baffc524a5e9853bd26cfb3272d3b3bcb50c4a84002e4853affbf2855e584d", "61e0604d33d33b189d984da00e393472b328233c41af921f8b14eab9b928d4b8", "7b782d02e6ff6d56139663c74b03e57f517b305fc78b2b54aff90a4952cdb6eb", "1c7901421275b33dbae9698ac798a8fdcc4999fdbd04bcd8d221c70fb75c91ae", "6308ca8901f9d0ec5dcf5831c0b016b1992535a05977949ddfa67a66b09470c4", "563bbef37b9b7578a75170ee0a05e3655a1f97ed5df3882c229ef1b4f375c16d", "eaf4c97da44d07dacf2f639e845bcdfa869cd09f1a069ba16f3f99954c245419", "271ea89850fffcb08deab3cc8296bcbeb144603e77280847a89504678f40a102", "c2c35746fe97baf481b6d8cd6281a7d9542c187de80e6d2aad04f06c79841e5d", "3e30d8161b24b957254b37d23c34c045e90bc4d8aa0475dc479cc1985f4d0e47", "a7c21d784caff9a2c6e1baaa77f544bd532a8fb48be0a62480c0e7278d900f3d", "d08017aa9a9b0f146c422c66b33347b35d47ee9c98b2b36aad4554356043ec10"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "modified-executable", "hashes": ["59baffc524a5e9853bd26cfb3272d3b3bcb50c4a84002e4853affbf2855e584d", "61e0604d33d33b189d984da00e393472b328233c41af921f8b14eab9b928d4b8", "7b782d02e6ff6d56139663c74b03e57f517b305fc78b2b54aff90a4952cdb6eb", "1c7901421275b33dbae9698ac798a8fdcc4999fdbd04bcd8d221c70fb75c91ae", "6308ca8901f9d0ec5dcf5831c0b016b1992535a05977949ddfa67a66b09470c4", "563bbef37b9b7578a75170ee0a05e3655a1f97ed5df3882c229ef1b4f375c16d", "eaf4c97da44d07dacf2f639e845bcdfa869cd09f1a069ba16f3f99954c245419", "271ea89850fffcb08deab3cc8296bcbeb144603e77280847a89504678f40a102", "c2c35746fe97baf481b6d8cd6281a7d9542c187de80e6d2aad04f06c79841e5d", "3e30d8161b24b957254b37d23c34c045e90bc4d8aa0475dc479cc1985f4d0e47", "a7c21d784caff9a2c6e1baaa77f544bd532a8fb48be0a62480c0e7278d900f3d", "d08017aa9a9b0f146c422c66b33347b35d47ee9c98b2b36aad4554356043ec10"], "mitre_attack_tags": []}, {"bi": "created-executable-in-user-dir", "hashes": ["59baffc524a5e9853bd26cfb3272d3b3bcb50c4a84002e4853affbf2855e584d", "61e0604d33d33b189d984da00e393472b328233c41af921f8b14eab9b928d4b8", "7b782d02e6ff6d56139663c74b03e57f517b305fc78b2b54aff90a4952cdb6eb", "1c7901421275b33dbae9698ac798a8fdcc4999fdbd04bcd8d221c70fb75c91ae", "6308ca8901f9d0ec5dcf5831c0b016b1992535a05977949ddfa67a66b09470c4", "563bbef37b9b7578a75170ee0a05e3655a1f97ed5df3882c229ef1b4f375c16d", "eaf4c97da44d07dacf2f639e845bcdfa869cd09f1a069ba16f3f99954c245419", "271ea89850fffcb08deab3cc8296bcbeb144603e77280847a89504678f40a102", "c2c35746fe97baf481b6d8cd6281a7d9542c187de80e6d2aad04f06c79841e5d", "3e30d8161b24b957254b37d23c34c045e90bc4d8aa0475dc479cc1985f4d0e47", "a7c21d784caff9a2c6e1baaa77f544bd532a8fb48be0a62480c0e7278d900f3d", "d08017aa9a9b0f146c422c66b33347b35d47ee9c98b2b36aad4554356043ec10"], "mitre_attack_tags": []}, {"bi": "modified-file-in-user-dir", "hashes": ["59baffc524a5e9853bd26cfb3272d3b3bcb50c4a84002e4853affbf2855e584d", "61e0604d33d33b189d984da00e393472b328233c41af921f8b14eab9b928d4b8", "7b782d02e6ff6d56139663c74b03e57f517b305fc78b2b54aff90a4952cdb6eb", "1c7901421275b33dbae9698ac798a8fdcc4999fdbd04bcd8d221c70fb75c91ae", "6308ca8901f9d0ec5dcf5831c0b016b1992535a05977949ddfa67a66b09470c4", "563bbef37b9b7578a75170ee0a05e3655a1f97ed5df3882c229ef1b4f375c16d", "eaf4c97da44d07dacf2f639e845bcdfa869cd09f1a069ba16f3f99954c245419", "271ea89850fffcb08deab3cc8296bcbeb144603e77280847a89504678f40a102", "c2c35746fe97baf481b6d8cd6281a7d9542c187de80e6d2aad04f06c79841e5d", "3e30d8161b24b957254b37d23c34c045e90bc4d8aa0475dc479cc1985f4d0e47", "a7c21d784caff9a2c6e1baaa77f544bd532a8fb48be0a62480c0e7278d900f3d", "d08017aa9a9b0f146c422c66b33347b35d47ee9c98b2b36aad4554356043ec10"], "mitre_attack_tags": []}, {"bi": "pe-invalid-checksum", "hashes": ["59baffc524a5e9853bd26cfb3272d3b3bcb50c4a84002e4853affbf2855e584d", "61e0604d33d33b189d984da00e393472b328233c41af921f8b14eab9b928d4b8", "7b782d02e6ff6d56139663c74b03e57f517b305fc78b2b54aff90a4952cdb6eb", "1c7901421275b33dbae9698ac798a8fdcc4999fdbd04bcd8d221c70fb75c91ae", "6308ca8901f9d0ec5dcf5831c0b016b1992535a05977949ddfa67a66b09470c4", "563bbef37b9b7578a75170ee0a05e3655a1f97ed5df3882c229ef1b4f375c16d", "eaf4c97da44d07dacf2f639e845bcdfa869cd09f1a069ba16f3f99954c245419", "271ea89850fffcb08deab3cc8296bcbeb144603e77280847a89504678f40a102", "c2c35746fe97baf481b6d8cd6281a7d9542c187de80e6d2aad04f06c79841e5d", "3e30d8161b24b957254b37d23c34c045e90bc4d8aa0475dc479cc1985f4d0e47", "a7c21d784caff9a2c6e1baaa77f544bd532a8fb48be0a62480c0e7278d900f3d", "d08017aa9a9b0f146c422c66b33347b35d47ee9c98b2b36aad4554356043ec10"], "mitre_attack_tags": []}, {"bi": "cta-static-analyzer-malicious", "hashes": ["59baffc524a5e9853bd26cfb3272d3b3bcb50c4a84002e4853affbf2855e584d", "61e0604d33d33b189d984da00e393472b328233c41af921f8b14eab9b928d4b8", "7b782d02e6ff6d56139663c74b03e57f517b305fc78b2b54aff90a4952cdb6eb", "1c7901421275b33dbae9698ac798a8fdcc4999fdbd04bcd8d221c70fb75c91ae", "6308ca8901f9d0ec5dcf5831c0b016b1992535a05977949ddfa67a66b09470c4", "563bbef37b9b7578a75170ee0a05e3655a1f97ed5df3882c229ef1b4f375c16d", "eaf4c97da44d07dacf2f639e845bcdfa869cd09f1a069ba16f3f99954c245419", "271ea89850fffcb08deab3cc8296bcbeb144603e77280847a89504678f40a102", "c2c35746fe97baf481b6d8cd6281a7d9542c187de80e6d2aad04f06c79841e5d", "3e30d8161b24b957254b37d23c34c045e90bc4d8aa0475dc479cc1985f4d0e47", "a7c21d784caff9a2c6e1baaa77f544bd532a8fb48be0a62480c0e7278d900f3d", "d08017aa9a9b0f146c422c66b33347b35d47ee9c98b2b36aad4554356043ec10"], "mitre_attack_tags": []}, {"bi": "registry-service-with-autostart-created", "hashes": ["59baffc524a5e9853bd26cfb3272d3b3bcb50c4a84002e4853affbf2855e584d", "61e0604d33d33b189d984da00e393472b328233c41af921f8b14eab9b928d4b8", "7b782d02e6ff6d56139663c74b03e57f517b305fc78b2b54aff90a4952cdb6eb", "1c7901421275b33dbae9698ac798a8fdcc4999fdbd04bcd8d221c70fb75c91ae", "6308ca8901f9d0ec5dcf5831c0b016b1992535a05977949ddfa67a66b09470c4", "563bbef37b9b7578a75170ee0a05e3655a1f97ed5df3882c229ef1b4f375c16d", "eaf4c97da44d07dacf2f639e845bcdfa869cd09f1a069ba16f3f99954c245419", "271ea89850fffcb08deab3cc8296bcbeb144603e77280847a89504678f40a102", "c2c35746fe97baf481b6d8cd6281a7d9542c187de80e6d2aad04f06c79841e5d", "3e30d8161b24b957254b37d23c34c045e90bc4d8aa0475dc479cc1985f4d0e47", "a7c21d784caff9a2c6e1baaa77f544bd532a8fb48be0a62480c0e7278d900f3d", "d08017aa9a9b0f146c422c66b33347b35d47ee9c98b2b36aad4554356043ec10"], "mitre_attack_tags": ["TA0005", "TA0003", "TA0004", "T1112", "T1574"]}, {"bi": "currentcontrolset-service-added", "hashes": ["59baffc524a5e9853bd26cfb3272d3b3bcb50c4a84002e4853affbf2855e584d", "61e0604d33d33b189d984da00e393472b328233c41af921f8b14eab9b928d4b8", "7b782d02e6ff6d56139663c74b03e57f517b305fc78b2b54aff90a4952cdb6eb", "1c7901421275b33dbae9698ac798a8fdcc4999fdbd04bcd8d221c70fb75c91ae", "6308ca8901f9d0ec5dcf5831c0b016b1992535a05977949ddfa67a66b09470c4", "563bbef37b9b7578a75170ee0a05e3655a1f97ed5df3882c229ef1b4f375c16d", "eaf4c97da44d07dacf2f639e845bcdfa869cd09f1a069ba16f3f99954c245419", "271ea89850fffcb08deab3cc8296bcbeb144603e77280847a89504678f40a102", "c2c35746fe97baf481b6d8cd6281a7d9542c187de80e6d2aad04f06c79841e5d", "3e30d8161b24b957254b37d23c34c045e90bc4d8aa0475dc479cc1985f4d0e47", "a7c21d784caff9a2c6e1baaa77f544bd532a8fb48be0a62480c0e7278d900f3d", "d08017aa9a9b0f146c422c66b33347b35d47ee9c98b2b36aad4554356043ec10"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1569", "T1547"]}, {"bi": "process-long-cmdline", "hashes": ["59baffc524a5e9853bd26cfb3272d3b3bcb50c4a84002e4853affbf2855e584d", "61e0604d33d33b189d984da00e393472b328233c41af921f8b14eab9b928d4b8", "7b782d02e6ff6d56139663c74b03e57f517b305fc78b2b54aff90a4952cdb6eb", "1c7901421275b33dbae9698ac798a8fdcc4999fdbd04bcd8d221c70fb75c91ae", "6308ca8901f9d0ec5dcf5831c0b016b1992535a05977949ddfa67a66b09470c4", "563bbef37b9b7578a75170ee0a05e3655a1f97ed5df3882c229ef1b4f375c16d", "eaf4c97da44d07dacf2f639e845bcdfa869cd09f1a069ba16f3f99954c245419", "271ea89850fffcb08deab3cc8296bcbeb144603e77280847a89504678f40a102", "c2c35746fe97baf481b6d8cd6281a7d9542c187de80e6d2aad04f06c79841e5d", "3e30d8161b24b957254b37d23c34c045e90bc4d8aa0475dc479cc1985f4d0e47", "a7c21d784caff9a2c6e1baaa77f544bd532a8fb48be0a62480c0e7278d900f3d", "d08017aa9a9b0f146c422c66b33347b35d47ee9c98b2b36aad4554356043ec10"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "network-fast-flux-domain", "hashes": ["59baffc524a5e9853bd26cfb3272d3b3bcb50c4a84002e4853affbf2855e584d", "61e0604d33d33b189d984da00e393472b328233c41af921f8b14eab9b928d4b8", "7b782d02e6ff6d56139663c74b03e57f517b305fc78b2b54aff90a4952cdb6eb", "1c7901421275b33dbae9698ac798a8fdcc4999fdbd04bcd8d221c70fb75c91ae", "6308ca8901f9d0ec5dcf5831c0b016b1992535a05977949ddfa67a66b09470c4", "563bbef37b9b7578a75170ee0a05e3655a1f97ed5df3882c229ef1b4f375c16d", "eaf4c97da44d07dacf2f639e845bcdfa869cd09f1a069ba16f3f99954c245419", "271ea89850fffcb08deab3cc8296bcbeb144603e77280847a89504678f40a102", "c2c35746fe97baf481b6d8cd6281a7d9542c187de80e6d2aad04f06c79841e5d", "3e30d8161b24b957254b37d23c34c045e90bc4d8aa0475dc479cc1985f4d0e47", "a7c21d784caff9a2c6e1baaa77f544bd532a8fb48be0a62480c0e7278d900f3d", "d08017aa9a9b0f146c422c66b33347b35d47ee9c98b2b36aad4554356043ec10"], "mitre_attack_tags": []}, {"bi": "network-communications-http-get", "hashes": ["59baffc524a5e9853bd26cfb3272d3b3bcb50c4a84002e4853affbf2855e584d", "61e0604d33d33b189d984da00e393472b328233c41af921f8b14eab9b928d4b8", "7b782d02e6ff6d56139663c74b03e57f517b305fc78b2b54aff90a4952cdb6eb", "1c7901421275b33dbae9698ac798a8fdcc4999fdbd04bcd8d221c70fb75c91ae", "6308ca8901f9d0ec5dcf5831c0b016b1992535a05977949ddfa67a66b09470c4", "563bbef37b9b7578a75170ee0a05e3655a1f97ed5df3882c229ef1b4f375c16d", "eaf4c97da44d07dacf2f639e845bcdfa869cd09f1a069ba16f3f99954c245419", "271ea89850fffcb08deab3cc8296bcbeb144603e77280847a89504678f40a102", "c2c35746fe97baf481b6d8cd6281a7d9542c187de80e6d2aad04f06c79841e5d", "3e30d8161b24b957254b37d23c34c045e90bc4d8aa0475dc479cc1985f4d0e47", "a7c21d784caff9a2c6e1baaa77f544bd532a8fb48be0a62480c0e7278d900f3d", "d08017aa9a9b0f146c422c66b33347b35d47ee9c98b2b36aad4554356043ec10"], "mitre_attack_tags": ["TA0011", "T1105"]}, {"bi": "network-fast-flux-nameserver", "hashes": ["59baffc524a5e9853bd26cfb3272d3b3bcb50c4a84002e4853affbf2855e584d", "61e0604d33d33b189d984da00e393472b328233c41af921f8b14eab9b928d4b8", "7b782d02e6ff6d56139663c74b03e57f517b305fc78b2b54aff90a4952cdb6eb", "1c7901421275b33dbae9698ac798a8fdcc4999fdbd04bcd8d221c70fb75c91ae", "6308ca8901f9d0ec5dcf5831c0b016b1992535a05977949ddfa67a66b09470c4", "563bbef37b9b7578a75170ee0a05e3655a1f97ed5df3882c229ef1b4f375c16d", "eaf4c97da44d07dacf2f639e845bcdfa869cd09f1a069ba16f3f99954c245419", "271ea89850fffcb08deab3cc8296bcbeb144603e77280847a89504678f40a102", "c2c35746fe97baf481b6d8cd6281a7d9542c187de80e6d2aad04f06c79841e5d", "3e30d8161b24b957254b37d23c34c045e90bc4d8aa0475dc479cc1985f4d0e47", "a7c21d784caff9a2c6e1baaa77f544bd532a8fb48be0a62480c0e7278d900f3d", "d08017aa9a9b0f146c422c66b33347b35d47ee9c98b2b36aad4554356043ec10"], "mitre_attack_tags": []}, {"bi": "network-communications-smtp", "hashes": ["59baffc524a5e9853bd26cfb3272d3b3bcb50c4a84002e4853affbf2855e584d", "61e0604d33d33b189d984da00e393472b328233c41af921f8b14eab9b928d4b8", "7b782d02e6ff6d56139663c74b03e57f517b305fc78b2b54aff90a4952cdb6eb", "1c7901421275b33dbae9698ac798a8fdcc4999fdbd04bcd8d221c70fb75c91ae", "6308ca8901f9d0ec5dcf5831c0b016b1992535a05977949ddfa67a66b09470c4", "563bbef37b9b7578a75170ee0a05e3655a1f97ed5df3882c229ef1b4f375c16d", "eaf4c97da44d07dacf2f639e845bcdfa869cd09f1a069ba16f3f99954c245419", "271ea89850fffcb08deab3cc8296bcbeb144603e77280847a89504678f40a102", "c2c35746fe97baf481b6d8cd6281a7d9542c187de80e6d2aad04f06c79841e5d", "3e30d8161b24b957254b37d23c34c045e90bc4d8aa0475dc479cc1985f4d0e47", "a7c21d784caff9a2c6e1baaa77f544bd532a8fb48be0a62480c0e7278d900f3d", "d08017aa9a9b0f146c422c66b33347b35d47ee9c98b2b36aad4554356043ec10"], "mitre_attack_tags": ["TA0011", "T1071"]}, {"bi": "dns-query-nxdomain", "hashes": ["59baffc524a5e9853bd26cfb3272d3b3bcb50c4a84002e4853affbf2855e584d", "61e0604d33d33b189d984da00e393472b328233c41af921f8b14eab9b928d4b8", "7b782d02e6ff6d56139663c74b03e57f517b305fc78b2b54aff90a4952cdb6eb", "1c7901421275b33dbae9698ac798a8fdcc4999fdbd04bcd8d221c70fb75c91ae", "6308ca8901f9d0ec5dcf5831c0b016b1992535a05977949ddfa67a66b09470c4", "563bbef37b9b7578a75170ee0a05e3655a1f97ed5df3882c229ef1b4f375c16d", "eaf4c97da44d07dacf2f639e845bcdfa869cd09f1a069ba16f3f99954c245419", "271ea89850fffcb08deab3cc8296bcbeb144603e77280847a89504678f40a102", "c2c35746fe97baf481b6d8cd6281a7d9542c187de80e6d2aad04f06c79841e5d", "3e30d8161b24b957254b37d23c34c045e90bc4d8aa0475dc479cc1985f4d0e47", "a7c21d784caff9a2c6e1baaa77f544bd532a8fb48be0a62480c0e7278d900f3d", "d08017aa9a9b0f146c422c66b33347b35d47ee9c98b2b36aad4554356043ec10"], "mitre_attack_tags": []}, {"bi": "network-snort-protocol", "hashes": ["59baffc524a5e9853bd26cfb3272d3b3bcb50c4a84002e4853affbf2855e584d", "61e0604d33d33b189d984da00e393472b328233c41af921f8b14eab9b928d4b8", "7b782d02e6ff6d56139663c74b03e57f517b305fc78b2b54aff90a4952cdb6eb", "1c7901421275b33dbae9698ac798a8fdcc4999fdbd04bcd8d221c70fb75c91ae", "6308ca8901f9d0ec5dcf5831c0b016b1992535a05977949ddfa67a66b09470c4", "563bbef37b9b7578a75170ee0a05e3655a1f97ed5df3882c229ef1b4f375c16d", "eaf4c97da44d07dacf2f639e845bcdfa869cd09f1a069ba16f3f99954c245419", "271ea89850fffcb08deab3cc8296bcbeb144603e77280847a89504678f40a102", "c2c35746fe97baf481b6d8cd6281a7d9542c187de80e6d2aad04f06c79841e5d", "3e30d8161b24b957254b37d23c34c045e90bc4d8aa0475dc479cc1985f4d0e47", "a7c21d784caff9a2c6e1baaa77f544bd532a8fb48be0a62480c0e7278d900f3d", "d08017aa9a9b0f146c422c66b33347b35d47ee9c98b2b36aad4554356043ec10"], "mitre_attack_tags": []}, {"bi": "network-smtp-spambot", "hashes": ["59baffc524a5e9853bd26cfb3272d3b3bcb50c4a84002e4853affbf2855e584d", "61e0604d33d33b189d984da00e393472b328233c41af921f8b14eab9b928d4b8", "7b782d02e6ff6d56139663c74b03e57f517b305fc78b2b54aff90a4952cdb6eb", "1c7901421275b33dbae9698ac798a8fdcc4999fdbd04bcd8d221c70fb75c91ae", "6308ca8901f9d0ec5dcf5831c0b016b1992535a05977949ddfa67a66b09470c4", "563bbef37b9b7578a75170ee0a05e3655a1f97ed5df3882c229ef1b4f375c16d", "eaf4c97da44d07dacf2f639e845bcdfa869cd09f1a069ba16f3f99954c245419", "271ea89850fffcb08deab3cc8296bcbeb144603e77280847a89504678f40a102", "c2c35746fe97baf481b6d8cd6281a7d9542c187de80e6d2aad04f06c79841e5d", "3e30d8161b24b957254b37d23c34c045e90bc4d8aa0475dc479cc1985f4d0e47", "a7c21d784caff9a2c6e1baaa77f544bd532a8fb48be0a62480c0e7278d900f3d", "d08017aa9a9b0f146c422c66b33347b35d47ee9c98b2b36aad4554356043ec10"], "mitre_attack_tags": []}, {"bi": "network-only-safe-domains-contacted", "hashes": ["59baffc524a5e9853bd26cfb3272d3b3bcb50c4a84002e4853affbf2855e584d", "61e0604d33d33b189d984da00e393472b328233c41af921f8b14eab9b928d4b8", "7b782d02e6ff6d56139663c74b03e57f517b305fc78b2b54aff90a4952cdb6eb", "1c7901421275b33dbae9698ac798a8fdcc4999fdbd04bcd8d221c70fb75c91ae", "6308ca8901f9d0ec5dcf5831c0b016b1992535a05977949ddfa67a66b09470c4", "563bbef37b9b7578a75170ee0a05e3655a1f97ed5df3882c229ef1b4f375c16d", "eaf4c97da44d07dacf2f639e845bcdfa869cd09f1a069ba16f3f99954c245419", "271ea89850fffcb08deab3cc8296bcbeb144603e77280847a89504678f40a102", "c2c35746fe97baf481b6d8cd6281a7d9542c187de80e6d2aad04f06c79841e5d", "3e30d8161b24b957254b37d23c34c045e90bc4d8aa0475dc479cc1985f4d0e47", "a7c21d784caff9a2c6e1baaa77f544bd532a8fb48be0a62480c0e7278d900f3d", "d08017aa9a9b0f146c422c66b33347b35d47ee9c98b2b36aad4554356043ec10"], "mitre_attack_tags": []}, {"bi": "feed-domain-rat", "hashes": ["59baffc524a5e9853bd26cfb3272d3b3bcb50c4a84002e4853affbf2855e584d", "61e0604d33d33b189d984da00e393472b328233c41af921f8b14eab9b928d4b8", "7b782d02e6ff6d56139663c74b03e57f517b305fc78b2b54aff90a4952cdb6eb", "1c7901421275b33dbae9698ac798a8fdcc4999fdbd04bcd8d221c70fb75c91ae", "6308ca8901f9d0ec5dcf5831c0b016b1992535a05977949ddfa67a66b09470c4", "563bbef37b9b7578a75170ee0a05e3655a1f97ed5df3882c229ef1b4f375c16d", "eaf4c97da44d07dacf2f639e845bcdfa869cd09f1a069ba16f3f99954c245419", "271ea89850fffcb08deab3cc8296bcbeb144603e77280847a89504678f40a102", "c2c35746fe97baf481b6d8cd6281a7d9542c187de80e6d2aad04f06c79841e5d", "3e30d8161b24b957254b37d23c34c045e90bc4d8aa0475dc479cc1985f4d0e47", "a7c21d784caff9a2c6e1baaa77f544bd532a8fb48be0a62480c0e7278d900f3d", "d08017aa9a9b0f146c422c66b33347b35d47ee9c98b2b36aad4554356043ec10"], "mitre_attack_tags": []}, {"bi": "process-requested-named-pipe", "hashes": ["59baffc524a5e9853bd26cfb3272d3b3bcb50c4a84002e4853affbf2855e584d", "61e0604d33d33b189d984da00e393472b328233c41af921f8b14eab9b928d4b8", "7b782d02e6ff6d56139663c74b03e57f517b305fc78b2b54aff90a4952cdb6eb", "1c7901421275b33dbae9698ac798a8fdcc4999fdbd04bcd8d221c70fb75c91ae", "6308ca8901f9d0ec5dcf5831c0b016b1992535a05977949ddfa67a66b09470c4", "563bbef37b9b7578a75170ee0a05e3655a1f97ed5df3882c229ef1b4f375c16d", "eaf4c97da44d07dacf2f639e845bcdfa869cd09f1a069ba16f3f99954c245419", "271ea89850fffcb08deab3cc8296bcbeb144603e77280847a89504678f40a102", "c2c35746fe97baf481b6d8cd6281a7d9542c187de80e6d2aad04f06c79841e5d", "3e30d8161b24b957254b37d23c34c045e90bc4d8aa0475dc479cc1985f4d0e47", "a7c21d784caff9a2c6e1baaa77f544bd532a8fb48be0a62480c0e7278d900f3d", "d08017aa9a9b0f146c422c66b33347b35d47ee9c98b2b36aad4554356043ec10"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "excessive-foreign-memory-modification", "hashes": ["59baffc524a5e9853bd26cfb3272d3b3bcb50c4a84002e4853affbf2855e584d", "61e0604d33d33b189d984da00e393472b328233c41af921f8b14eab9b928d4b8", "7b782d02e6ff6d56139663c74b03e57f517b305fc78b2b54aff90a4952cdb6eb", "1c7901421275b33dbae9698ac798a8fdcc4999fdbd04bcd8d221c70fb75c91ae", "6308ca8901f9d0ec5dcf5831c0b016b1992535a05977949ddfa67a66b09470c4", "563bbef37b9b7578a75170ee0a05e3655a1f97ed5df3882c229ef1b4f375c16d", "eaf4c97da44d07dacf2f639e845bcdfa869cd09f1a069ba16f3f99954c245419", "271ea89850fffcb08deab3cc8296bcbeb144603e77280847a89504678f40a102", "c2c35746fe97baf481b6d8cd6281a7d9542c187de80e6d2aad04f06c79841e5d", "3e30d8161b24b957254b37d23c34c045e90bc4d8aa0475dc479cc1985f4d0e47", "a7c21d784caff9a2c6e1baaa77f544bd532a8fb48be0a62480c0e7278d900f3d", "d08017aa9a9b0f146c422c66b33347b35d47ee9c98b2b36aad4554356043ec10"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "network-dns-category-file-storage", "hashes": ["59baffc524a5e9853bd26cfb3272d3b3bcb50c4a84002e4853affbf2855e584d", "61e0604d33d33b189d984da00e393472b328233c41af921f8b14eab9b928d4b8", "7b782d02e6ff6d56139663c74b03e57f517b305fc78b2b54aff90a4952cdb6eb", "1c7901421275b33dbae9698ac798a8fdcc4999fdbd04bcd8d221c70fb75c91ae", "6308ca8901f9d0ec5dcf5831c0b016b1992535a05977949ddfa67a66b09470c4", "563bbef37b9b7578a75170ee0a05e3655a1f97ed5df3882c229ef1b4f375c16d", "eaf4c97da44d07dacf2f639e845bcdfa869cd09f1a069ba16f3f99954c245419", "271ea89850fffcb08deab3cc8296bcbeb144603e77280847a89504678f40a102", "c2c35746fe97baf481b6d8cd6281a7d9542c187de80e6d2aad04f06c79841e5d", "3e30d8161b24b957254b37d23c34c045e90bc4d8aa0475dc479cc1985f4d0e47", "a7c21d784caff9a2c6e1baaa77f544bd532a8fb48be0a62480c0e7278d900f3d", "d08017aa9a9b0f146c422c66b33347b35d47ee9c98b2b36aad4554356043ec10"], "mitre_attack_tags": []}, {"bi": "deleted-submitted-file", "hashes": ["59baffc524a5e9853bd26cfb3272d3b3bcb50c4a84002e4853affbf2855e584d", "61e0604d33d33b189d984da00e393472b328233c41af921f8b14eab9b928d4b8", "7b782d02e6ff6d56139663c74b03e57f517b305fc78b2b54aff90a4952cdb6eb", "1c7901421275b33dbae9698ac798a8fdcc4999fdbd04bcd8d221c70fb75c91ae", "6308ca8901f9d0ec5dcf5831c0b016b1992535a05977949ddfa67a66b09470c4", "563bbef37b9b7578a75170ee0a05e3655a1f97ed5df3882c229ef1b4f375c16d", "eaf4c97da44d07dacf2f639e845bcdfa869cd09f1a069ba16f3f99954c245419", "271ea89850fffcb08deab3cc8296bcbeb144603e77280847a89504678f40a102", "c2c35746fe97baf481b6d8cd6281a7d9542c187de80e6d2aad04f06c79841e5d", "3e30d8161b24b957254b37d23c34c045e90bc4d8aa0475dc479cc1985f4d0e47", "a7c21d784caff9a2c6e1baaa77f544bd532a8fb48be0a62480c0e7278d900f3d", "d08017aa9a9b0f146c422c66b33347b35d47ee9c98b2b36aad4554356043ec10"], "mitre_attack_tags": ["TA0005", "T1070"]}, {"bi": "listening-port-opened", "hashes": ["59baffc524a5e9853bd26cfb3272d3b3bcb50c4a84002e4853affbf2855e584d", "61e0604d33d33b189d984da00e393472b328233c41af921f8b14eab9b928d4b8", "7b782d02e6ff6d56139663c74b03e57f517b305fc78b2b54aff90a4952cdb6eb", "1c7901421275b33dbae9698ac798a8fdcc4999fdbd04bcd8d221c70fb75c91ae", "6308ca8901f9d0ec5dcf5831c0b016b1992535a05977949ddfa67a66b09470c4", "563bbef37b9b7578a75170ee0a05e3655a1f97ed5df3882c229ef1b4f375c16d", "eaf4c97da44d07dacf2f639e845bcdfa869cd09f1a069ba16f3f99954c245419", "271ea89850fffcb08deab3cc8296bcbeb144603e77280847a89504678f40a102", "c2c35746fe97baf481b6d8cd6281a7d9542c187de80e6d2aad04f06c79841e5d", "3e30d8161b24b957254b37d23c34c045e90bc4d8aa0475dc479cc1985f4d0e47", "a7c21d784caff9a2c6e1baaa77f544bd532a8fb48be0a62480c0e7278d900f3d", "d08017aa9a9b0f146c422c66b33347b35d47ee9c98b2b36aad4554356043ec10"], "mitre_attack_tags": ["TA0011", "T1219"]}, {"bi": "process-svchost-suspicious-launch", "hashes": ["59baffc524a5e9853bd26cfb3272d3b3bcb50c4a84002e4853affbf2855e584d", "61e0604d33d33b189d984da00e393472b328233c41af921f8b14eab9b928d4b8", "7b782d02e6ff6d56139663c74b03e57f517b305fc78b2b54aff90a4952cdb6eb", "1c7901421275b33dbae9698ac798a8fdcc4999fdbd04bcd8d221c70fb75c91ae", "6308ca8901f9d0ec5dcf5831c0b016b1992535a05977949ddfa67a66b09470c4", "563bbef37b9b7578a75170ee0a05e3655a1f97ed5df3882c229ef1b4f375c16d", "eaf4c97da44d07dacf2f639e845bcdfa869cd09f1a069ba16f3f99954c245419", "271ea89850fffcb08deab3cc8296bcbeb144603e77280847a89504678f40a102", "c2c35746fe97baf481b6d8cd6281a7d9542c187de80e6d2aad04f06c79841e5d", "3e30d8161b24b957254b37d23c34c045e90bc4d8aa0475dc479cc1985f4d0e47", "a7c21d784caff9a2c6e1baaa77f544bd532a8fb48be0a62480c0e7278d900f3d", "d08017aa9a9b0f146c422c66b33347b35d47ee9c98b2b36aad4554356043ec10"], "mitre_attack_tags": ["TA0005", "T1036"]}, {"bi": "localhost-ipaddress-detected", "hashes": ["59baffc524a5e9853bd26cfb3272d3b3bcb50c4a84002e4853affbf2855e584d", "61e0604d33d33b189d984da00e393472b328233c41af921f8b14eab9b928d4b8", "7b782d02e6ff6d56139663c74b03e57f517b305fc78b2b54aff90a4952cdb6eb", "1c7901421275b33dbae9698ac798a8fdcc4999fdbd04bcd8d221c70fb75c91ae", "6308ca8901f9d0ec5dcf5831c0b016b1992535a05977949ddfa67a66b09470c4", "563bbef37b9b7578a75170ee0a05e3655a1f97ed5df3882c229ef1b4f375c16d", "eaf4c97da44d07dacf2f639e845bcdfa869cd09f1a069ba16f3f99954c245419", "271ea89850fffcb08deab3cc8296bcbeb144603e77280847a89504678f40a102", "c2c35746fe97baf481b6d8cd6281a7d9542c187de80e6d2aad04f06c79841e5d", "3e30d8161b24b957254b37d23c34c045e90bc4d8aa0475dc479cc1985f4d0e47", "a7c21d784caff9a2c6e1baaa77f544bd532a8fb48be0a62480c0e7278d900f3d", "d08017aa9a9b0f146c422c66b33347b35d47ee9c98b2b36aad4554356043ec10"], "mitre_attack_tags": []}, {"bi": "cmd-exe-file-execution", "hashes": ["59baffc524a5e9853bd26cfb3272d3b3bcb50c4a84002e4853affbf2855e584d", "61e0604d33d33b189d984da00e393472b328233c41af921f8b14eab9b928d4b8", "7b782d02e6ff6d56139663c74b03e57f517b305fc78b2b54aff90a4952cdb6eb", "1c7901421275b33dbae9698ac798a8fdcc4999fdbd04bcd8d221c70fb75c91ae", "6308ca8901f9d0ec5dcf5831c0b016b1992535a05977949ddfa67a66b09470c4", "563bbef37b9b7578a75170ee0a05e3655a1f97ed5df3882c229ef1b4f375c16d", "eaf4c97da44d07dacf2f639e845bcdfa869cd09f1a069ba16f3f99954c245419", "271ea89850fffcb08deab3cc8296bcbeb144603e77280847a89504678f40a102", "c2c35746fe97baf481b6d8cd6281a7d9542c187de80e6d2aad04f06c79841e5d", "3e30d8161b24b957254b37d23c34c045e90bc4d8aa0475dc479cc1985f4d0e47", "a7c21d784caff9a2c6e1baaa77f544bd532a8fb48be0a62480c0e7278d900f3d", "d08017aa9a9b0f146c422c66b33347b35d47ee9c98b2b36aad4554356043ec10"], "mitre_attack_tags": ["TA0002", "T1059"]}, {"bi": "imports-IsDebuggerPresent", "hashes": ["59baffc524a5e9853bd26cfb3272d3b3bcb50c4a84002e4853affbf2855e584d", "61e0604d33d33b189d984da00e393472b328233c41af921f8b14eab9b928d4b8", "7b782d02e6ff6d56139663c74b03e57f517b305fc78b2b54aff90a4952cdb6eb", "1c7901421275b33dbae9698ac798a8fdcc4999fdbd04bcd8d221c70fb75c91ae", "6308ca8901f9d0ec5dcf5831c0b016b1992535a05977949ddfa67a66b09470c4", "563bbef37b9b7578a75170ee0a05e3655a1f97ed5df3882c229ef1b4f375c16d", "eaf4c97da44d07dacf2f639e845bcdfa869cd09f1a069ba16f3f99954c245419", "271ea89850fffcb08deab3cc8296bcbeb144603e77280847a89504678f40a102", "c2c35746fe97baf481b6d8cd6281a7d9542c187de80e6d2aad04f06c79841e5d", "3e30d8161b24b957254b37d23c34c045e90bc4d8aa0475dc479cc1985f4d0e47", "a7c21d784caff9a2c6e1baaa77f544bd532a8fb48be0a62480c0e7278d900f3d", "d08017aa9a9b0f146c422c66b33347b35d47ee9c98b2b36aad4554356043ec10"], "mitre_attack_tags": []}, {"bi": "registry-large-data-entry", "hashes": ["59baffc524a5e9853bd26cfb3272d3b3bcb50c4a84002e4853affbf2855e584d", "61e0604d33d33b189d984da00e393472b328233c41af921f8b14eab9b928d4b8", "7b782d02e6ff6d56139663c74b03e57f517b305fc78b2b54aff90a4952cdb6eb", "1c7901421275b33dbae9698ac798a8fdcc4999fdbd04bcd8d221c70fb75c91ae", "6308ca8901f9d0ec5dcf5831c0b016b1992535a05977949ddfa67a66b09470c4", "563bbef37b9b7578a75170ee0a05e3655a1f97ed5df3882c229ef1b4f375c16d", "eaf4c97da44d07dacf2f639e845bcdfa869cd09f1a069ba16f3f99954c245419", "271ea89850fffcb08deab3cc8296bcbeb144603e77280847a89504678f40a102", "c2c35746fe97baf481b6d8cd6281a7d9542c187de80e6d2aad04f06c79841e5d", "3e30d8161b24b957254b37d23c34c045e90bc4d8aa0475dc479cc1985f4d0e47", "a7c21d784caff9a2c6e1baaa77f544bd532a8fb48be0a62480c0e7278d900f3d", "d08017aa9a9b0f146c422c66b33347b35d47ee9c98b2b36aad4554356043ec10"], "mitre_attack_tags": ["TA0005", "T1112"]}, {"bi": "malware-compound-cta-activity", "hashes": ["59baffc524a5e9853bd26cfb3272d3b3bcb50c4a84002e4853affbf2855e584d", "61e0604d33d33b189d984da00e393472b328233c41af921f8b14eab9b928d4b8", "7b782d02e6ff6d56139663c74b03e57f517b305fc78b2b54aff90a4952cdb6eb", "1c7901421275b33dbae9698ac798a8fdcc4999fdbd04bcd8d221c70fb75c91ae", "6308ca8901f9d0ec5dcf5831c0b016b1992535a05977949ddfa67a66b09470c4", "563bbef37b9b7578a75170ee0a05e3655a1f97ed5df3882c229ef1b4f375c16d", "eaf4c97da44d07dacf2f639e845bcdfa869cd09f1a069ba16f3f99954c245419", "271ea89850fffcb08deab3cc8296bcbeb144603e77280847a89504678f40a102", "c2c35746fe97baf481b6d8cd6281a7d9542c187de80e6d2aad04f06c79841e5d", "3e30d8161b24b957254b37d23c34c045e90bc4d8aa0475dc479cc1985f4d0e47", "a7c21d784caff9a2c6e1baaa77f544bd532a8fb48be0a62480c0e7278d900f3d", "d08017aa9a9b0f146c422c66b33347b35d47ee9c98b2b36aad4554356043ec10"], "mitre_attack_tags": []}, {"bi": "sc-service-start", "hashes": ["59baffc524a5e9853bd26cfb3272d3b3bcb50c4a84002e4853affbf2855e584d", "61e0604d33d33b189d984da00e393472b328233c41af921f8b14eab9b928d4b8", "7b782d02e6ff6d56139663c74b03e57f517b305fc78b2b54aff90a4952cdb6eb", "1c7901421275b33dbae9698ac798a8fdcc4999fdbd04bcd8d221c70fb75c91ae", "6308ca8901f9d0ec5dcf5831c0b016b1992535a05977949ddfa67a66b09470c4", "563bbef37b9b7578a75170ee0a05e3655a1f97ed5df3882c229ef1b4f375c16d", "eaf4c97da44d07dacf2f639e845bcdfa869cd09f1a069ba16f3f99954c245419", "271ea89850fffcb08deab3cc8296bcbeb144603e77280847a89504678f40a102", "c2c35746fe97baf481b6d8cd6281a7d9542c187de80e6d2aad04f06c79841e5d", "3e30d8161b24b957254b37d23c34c045e90bc4d8aa0475dc479cc1985f4d0e47", "a7c21d784caff9a2c6e1baaa77f544bd532a8fb48be0a62480c0e7278d900f3d", "d08017aa9a9b0f146c422c66b33347b35d47ee9c98b2b36aad4554356043ec10"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1569", "T1543"]}, {"bi": "netbios-null-domain", "hashes": ["59baffc524a5e9853bd26cfb3272d3b3bcb50c4a84002e4853affbf2855e584d", "61e0604d33d33b189d984da00e393472b328233c41af921f8b14eab9b928d4b8", "7b782d02e6ff6d56139663c74b03e57f517b305fc78b2b54aff90a4952cdb6eb", "1c7901421275b33dbae9698ac798a8fdcc4999fdbd04bcd8d221c70fb75c91ae", "6308ca8901f9d0ec5dcf5831c0b016b1992535a05977949ddfa67a66b09470c4", "563bbef37b9b7578a75170ee0a05e3655a1f97ed5df3882c229ef1b4f375c16d", "eaf4c97da44d07dacf2f639e845bcdfa869cd09f1a069ba16f3f99954c245419", "271ea89850fffcb08deab3cc8296bcbeb144603e77280847a89504678f40a102", "c2c35746fe97baf481b6d8cd6281a7d9542c187de80e6d2aad04f06c79841e5d", "3e30d8161b24b957254b37d23c34c045e90bc4d8aa0475dc479cc1985f4d0e47", "a7c21d784caff9a2c6e1baaa77f544bd532a8fb48be0a62480c0e7278d900f3d", "d08017aa9a9b0f146c422c66b33347b35d47ee9c98b2b36aad4554356043ec10"], "mitre_attack_tags": []}, {"bi": "file-alternate-data-stream-modification", "hashes": ["59baffc524a5e9853bd26cfb3272d3b3bcb50c4a84002e4853affbf2855e584d", "61e0604d33d33b189d984da00e393472b328233c41af921f8b14eab9b928d4b8", "7b782d02e6ff6d56139663c74b03e57f517b305fc78b2b54aff90a4952cdb6eb", "1c7901421275b33dbae9698ac798a8fdcc4999fdbd04bcd8d221c70fb75c91ae", "6308ca8901f9d0ec5dcf5831c0b016b1992535a05977949ddfa67a66b09470c4", "563bbef37b9b7578a75170ee0a05e3655a1f97ed5df3882c229ef1b4f375c16d", "eaf4c97da44d07dacf2f639e845bcdfa869cd09f1a069ba16f3f99954c245419", "271ea89850fffcb08deab3cc8296bcbeb144603e77280847a89504678f40a102", "c2c35746fe97baf481b6d8cd6281a7d9542c187de80e6d2aad04f06c79841e5d", "3e30d8161b24b957254b37d23c34c045e90bc4d8aa0475dc479cc1985f4d0e47", "a7c21d784caff9a2c6e1baaa77f544bd532a8fb48be0a62480c0e7278d900f3d", "d08017aa9a9b0f146c422c66b33347b35d47ee9c98b2b36aad4554356043ec10"], "mitre_attack_tags": ["TA0005", "T1564"]}, {"bi": "malware-tofsee-cmd-detected", "hashes": ["59baffc524a5e9853bd26cfb3272d3b3bcb50c4a84002e4853affbf2855e584d", "61e0604d33d33b189d984da00e393472b328233c41af921f8b14eab9b928d4b8", "7b782d02e6ff6d56139663c74b03e57f517b305fc78b2b54aff90a4952cdb6eb", "1c7901421275b33dbae9698ac798a8fdcc4999fdbd04bcd8d221c70fb75c91ae", "6308ca8901f9d0ec5dcf5831c0b016b1992535a05977949ddfa67a66b09470c4", "563bbef37b9b7578a75170ee0a05e3655a1f97ed5df3882c229ef1b4f375c16d", "eaf4c97da44d07dacf2f639e845bcdfa869cd09f1a069ba16f3f99954c245419", "271ea89850fffcb08deab3cc8296bcbeb144603e77280847a89504678f40a102", "c2c35746fe97baf481b6d8cd6281a7d9542c187de80e6d2aad04f06c79841e5d", "3e30d8161b24b957254b37d23c34c045e90bc4d8aa0475dc479cc1985f4d0e47", "a7c21d784caff9a2c6e1baaa77f544bd532a8fb48be0a62480c0e7278d900f3d", "d08017aa9a9b0f146c422c66b33347b35d47ee9c98b2b36aad4554356043ec10"], "mitre_attack_tags": ["TA0005", "T1562"]}, {"bi": "netsh-firewall-generic", "hashes": ["59baffc524a5e9853bd26cfb3272d3b3bcb50c4a84002e4853affbf2855e584d", "61e0604d33d33b189d984da00e393472b328233c41af921f8b14eab9b928d4b8", "7b782d02e6ff6d56139663c74b03e57f517b305fc78b2b54aff90a4952cdb6eb", "1c7901421275b33dbae9698ac798a8fdcc4999fdbd04bcd8d221c70fb75c91ae", "6308ca8901f9d0ec5dcf5831c0b016b1992535a05977949ddfa67a66b09470c4", "563bbef37b9b7578a75170ee0a05e3655a1f97ed5df3882c229ef1b4f375c16d", "eaf4c97da44d07dacf2f639e845bcdfa869cd09f1a069ba16f3f99954c245419", "271ea89850fffcb08deab3cc8296bcbeb144603e77280847a89504678f40a102", "c2c35746fe97baf481b6d8cd6281a7d9542c187de80e6d2aad04f06c79841e5d", "3e30d8161b24b957254b37d23c34c045e90bc4d8aa0475dc479cc1985f4d0e47", "a7c21d784caff9a2c6e1baaa77f544bd532a8fb48be0a62480c0e7278d900f3d", "d08017aa9a9b0f146c422c66b33347b35d47ee9c98b2b36aad4554356043ec10"], "mitre_attack_tags": ["TA0007", "TA0005", "T1016", "T1562"]}, {"bi": "sc-service-create", "hashes": ["59baffc524a5e9853bd26cfb3272d3b3bcb50c4a84002e4853affbf2855e584d", "61e0604d33d33b189d984da00e393472b328233c41af921f8b14eab9b928d4b8", "7b782d02e6ff6d56139663c74b03e57f517b305fc78b2b54aff90a4952cdb6eb", "1c7901421275b33dbae9698ac798a8fdcc4999fdbd04bcd8d221c70fb75c91ae", "6308ca8901f9d0ec5dcf5831c0b016b1992535a05977949ddfa67a66b09470c4", "563bbef37b9b7578a75170ee0a05e3655a1f97ed5df3882c229ef1b4f375c16d", "eaf4c97da44d07dacf2f639e845bcdfa869cd09f1a069ba16f3f99954c245419", "271ea89850fffcb08deab3cc8296bcbeb144603e77280847a89504678f40a102", "c2c35746fe97baf481b6d8cd6281a7d9542c187de80e6d2aad04f06c79841e5d", "3e30d8161b24b957254b37d23c34c045e90bc4d8aa0475dc479cc1985f4d0e47", "a7c21d784caff9a2c6e1baaa77f544bd532a8fb48be0a62480c0e7278d900f3d", "d08017aa9a9b0f146c422c66b33347b35d47ee9c98b2b36aad4554356043ec10"], "mitre_attack_tags": ["TA0003", "TA0004", "T1543"]}, {"bi": "file-alternate-data-stream-creation", "hashes": ["59baffc524a5e9853bd26cfb3272d3b3bcb50c4a84002e4853affbf2855e584d", "61e0604d33d33b189d984da00e393472b328233c41af921f8b14eab9b928d4b8", "7b782d02e6ff6d56139663c74b03e57f517b305fc78b2b54aff90a4952cdb6eb", "1c7901421275b33dbae9698ac798a8fdcc4999fdbd04bcd8d221c70fb75c91ae", "6308ca8901f9d0ec5dcf5831c0b016b1992535a05977949ddfa67a66b09470c4", "563bbef37b9b7578a75170ee0a05e3655a1f97ed5df3882c229ef1b4f375c16d", "eaf4c97da44d07dacf2f639e845bcdfa869cd09f1a069ba16f3f99954c245419", "271ea89850fffcb08deab3cc8296bcbeb144603e77280847a89504678f40a102", "c2c35746fe97baf481b6d8cd6281a7d9542c187de80e6d2aad04f06c79841e5d", "3e30d8161b24b957254b37d23c34c045e90bc4d8aa0475dc479cc1985f4d0e47", "a7c21d784caff9a2c6e1baaa77f544bd532a8fb48be0a62480c0e7278d900f3d", "d08017aa9a9b0f146c422c66b33347b35d47ee9c98b2b36aad4554356043ec10"], "mitre_attack_tags": ["TA0005", "T1564"]}, {"bi": "new-service-launched", "hashes": ["59baffc524a5e9853bd26cfb3272d3b3bcb50c4a84002e4853affbf2855e584d", "61e0604d33d33b189d984da00e393472b328233c41af921f8b14eab9b928d4b8", "7b782d02e6ff6d56139663c74b03e57f517b305fc78b2b54aff90a4952cdb6eb", "1c7901421275b33dbae9698ac798a8fdcc4999fdbd04bcd8d221c70fb75c91ae", "6308ca8901f9d0ec5dcf5831c0b016b1992535a05977949ddfa67a66b09470c4", "563bbef37b9b7578a75170ee0a05e3655a1f97ed5df3882c229ef1b4f375c16d", "eaf4c97da44d07dacf2f639e845bcdfa869cd09f1a069ba16f3f99954c245419", "271ea89850fffcb08deab3cc8296bcbeb144603e77280847a89504678f40a102", "c2c35746fe97baf481b6d8cd6281a7d9542c187de80e6d2aad04f06c79841e5d", "3e30d8161b24b957254b37d23c34c045e90bc4d8aa0475dc479cc1985f4d0e47", "a7c21d784caff9a2c6e1baaa77f544bd532a8fb48be0a62480c0e7278d900f3d", "d08017aa9a9b0f146c422c66b33347b35d47ee9c98b2b36aad4554356043ec10"], "mitre_attack_tags": ["TA0002", "T1569"]}, {"bi": "registry-windows-defender-exclusions-added", "hashes": ["59baffc524a5e9853bd26cfb3272d3b3bcb50c4a84002e4853affbf2855e584d", "61e0604d33d33b189d984da00e393472b328233c41af921f8b14eab9b928d4b8", "7b782d02e6ff6d56139663c74b03e57f517b305fc78b2b54aff90a4952cdb6eb", "1c7901421275b33dbae9698ac798a8fdcc4999fdbd04bcd8d221c70fb75c91ae", "6308ca8901f9d0ec5dcf5831c0b016b1992535a05977949ddfa67a66b09470c4", "563bbef37b9b7578a75170ee0a05e3655a1f97ed5df3882c229ef1b4f375c16d", "eaf4c97da44d07dacf2f639e845bcdfa869cd09f1a069ba16f3f99954c245419", "271ea89850fffcb08deab3cc8296bcbeb144603e77280847a89504678f40a102", "c2c35746fe97baf481b6d8cd6281a7d9542c187de80e6d2aad04f06c79841e5d", "3e30d8161b24b957254b37d23c34c045e90bc4d8aa0475dc479cc1985f4d0e47", "a7c21d784caff9a2c6e1baaa77f544bd532a8fb48be0a62480c0e7278d900f3d", "d08017aa9a9b0f146c422c66b33347b35d47ee9c98b2b36aad4554356043ec10"], "mitre_attack_tags": ["TA0005", "T1562"]}, {"bi": "dns-bypassed-assigned-server", "hashes": ["59baffc524a5e9853bd26cfb3272d3b3bcb50c4a84002e4853affbf2855e584d", "61e0604d33d33b189d984da00e393472b328233c41af921f8b14eab9b928d4b8", "7b782d02e6ff6d56139663c74b03e57f517b305fc78b2b54aff90a4952cdb6eb", "1c7901421275b33dbae9698ac798a8fdcc4999fdbd04bcd8d221c70fb75c91ae", "6308ca8901f9d0ec5dcf5831c0b016b1992535a05977949ddfa67a66b09470c4", "563bbef37b9b7578a75170ee0a05e3655a1f97ed5df3882c229ef1b4f375c16d", "eaf4c97da44d07dacf2f639e845bcdfa869cd09f1a069ba16f3f99954c245419", "271ea89850fffcb08deab3cc8296bcbeb144603e77280847a89504678f40a102", "c2c35746fe97baf481b6d8cd6281a7d9542c187de80e6d2aad04f06c79841e5d", "3e30d8161b24b957254b37d23c34c045e90bc4d8aa0475dc479cc1985f4d0e47", "a7c21d784caff9a2c6e1baaa77f544bd532a8fb48be0a62480c0e7278d900f3d", "d08017aa9a9b0f146c422c66b33347b35d47ee9c98b2b36aad4554356043ec10"], "mitre_attack_tags": ["TA0011", "TA0005"]}, {"bi": "netsh-firewall-add", "hashes": ["59baffc524a5e9853bd26cfb3272d3b3bcb50c4a84002e4853affbf2855e584d", "61e0604d33d33b189d984da00e393472b328233c41af921f8b14eab9b928d4b8", "7b782d02e6ff6d56139663c74b03e57f517b305fc78b2b54aff90a4952cdb6eb", "1c7901421275b33dbae9698ac798a8fdcc4999fdbd04bcd8d221c70fb75c91ae", "6308ca8901f9d0ec5dcf5831c0b016b1992535a05977949ddfa67a66b09470c4", "563bbef37b9b7578a75170ee0a05e3655a1f97ed5df3882c229ef1b4f375c16d", "eaf4c97da44d07dacf2f639e845bcdfa869cd09f1a069ba16f3f99954c245419", "271ea89850fffcb08deab3cc8296bcbeb144603e77280847a89504678f40a102", "c2c35746fe97baf481b6d8cd6281a7d9542c187de80e6d2aad04f06c79841e5d", "3e30d8161b24b957254b37d23c34c045e90bc4d8aa0475dc479cc1985f4d0e47", "a7c21d784caff9a2c6e1baaa77f544bd532a8fb48be0a62480c0e7278d900f3d", "d08017aa9a9b0f146c422c66b33347b35d47ee9c98b2b36aad4554356043ec10"], "mitre_attack_tags": ["TA0005", "T1562"]}, {"bi": "malware-tofsee-domain-detected", "hashes": ["59baffc524a5e9853bd26cfb3272d3b3bcb50c4a84002e4853affbf2855e584d", "61e0604d33d33b189d984da00e393472b328233c41af921f8b14eab9b928d4b8", "7b782d02e6ff6d56139663c74b03e57f517b305fc78b2b54aff90a4952cdb6eb", "1c7901421275b33dbae9698ac798a8fdcc4999fdbd04bcd8d221c70fb75c91ae", "6308ca8901f9d0ec5dcf5831c0b016b1992535a05977949ddfa67a66b09470c4", "563bbef37b9b7578a75170ee0a05e3655a1f97ed5df3882c229ef1b4f375c16d", "eaf4c97da44d07dacf2f639e845bcdfa869cd09f1a069ba16f3f99954c245419", "271ea89850fffcb08deab3cc8296bcbeb144603e77280847a89504678f40a102", "c2c35746fe97baf481b6d8cd6281a7d9542c187de80e6d2aad04f06c79841e5d", "3e30d8161b24b957254b37d23c34c045e90bc4d8aa0475dc479cc1985f4d0e47", "a7c21d784caff9a2c6e1baaa77f544bd532a8fb48be0a62480c0e7278d900f3d", "d08017aa9a9b0f146c422c66b33347b35d47ee9c98b2b36aad4554356043ec10"], "mitre_attack_tags": []}, {"bi": "malware-tofsee-filepath", "hashes": ["59baffc524a5e9853bd26cfb3272d3b3bcb50c4a84002e4853affbf2855e584d", "61e0604d33d33b189d984da00e393472b328233c41af921f8b14eab9b928d4b8", "7b782d02e6ff6d56139663c74b03e57f517b305fc78b2b54aff90a4952cdb6eb", "1c7901421275b33dbae9698ac798a8fdcc4999fdbd04bcd8d221c70fb75c91ae", "6308ca8901f9d0ec5dcf5831c0b016b1992535a05977949ddfa67a66b09470c4", "563bbef37b9b7578a75170ee0a05e3655a1f97ed5df3882c229ef1b4f375c16d", "eaf4c97da44d07dacf2f639e845bcdfa869cd09f1a069ba16f3f99954c245419", "271ea89850fffcb08deab3cc8296bcbeb144603e77280847a89504678f40a102", "c2c35746fe97baf481b6d8cd6281a7d9542c187de80e6d2aad04f06c79841e5d", "3e30d8161b24b957254b37d23c34c045e90bc4d8aa0475dc479cc1985f4d0e47", "a7c21d784caff9a2c6e1baaa77f544bd532a8fb48be0a62480c0e7278d900f3d", "d08017aa9a9b0f146c422c66b33347b35d47ee9c98b2b36aad4554356043ec10"], "mitre_attack_tags": ["TA0011", "TA0005", "T1105", "T1112"]}, {"bi": "sc-service-create-execute", "hashes": ["59baffc524a5e9853bd26cfb3272d3b3bcb50c4a84002e4853affbf2855e584d", "61e0604d33d33b189d984da00e393472b328233c41af921f8b14eab9b928d4b8", "7b782d02e6ff6d56139663c74b03e57f517b305fc78b2b54aff90a4952cdb6eb", "1c7901421275b33dbae9698ac798a8fdcc4999fdbd04bcd8d221c70fb75c91ae", "6308ca8901f9d0ec5dcf5831c0b016b1992535a05977949ddfa67a66b09470c4", "563bbef37b9b7578a75170ee0a05e3655a1f97ed5df3882c229ef1b4f375c16d", "eaf4c97da44d07dacf2f639e845bcdfa869cd09f1a069ba16f3f99954c245419", "271ea89850fffcb08deab3cc8296bcbeb144603e77280847a89504678f40a102", "c2c35746fe97baf481b6d8cd6281a7d9542c187de80e6d2aad04f06c79841e5d", "3e30d8161b24b957254b37d23c34c045e90bc4d8aa0475dc479cc1985f4d0e47", "a7c21d784caff9a2c6e1baaa77f544bd532a8fb48be0a62480c0e7278d900f3d", "d08017aa9a9b0f146c422c66b33347b35d47ee9c98b2b36aad4554356043ec10"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1569", "T1543"]}, {"bi": "zen-spamhaus-domain-contacted", "hashes": ["59baffc524a5e9853bd26cfb3272d3b3bcb50c4a84002e4853affbf2855e584d", "61e0604d33d33b189d984da00e393472b328233c41af921f8b14eab9b928d4b8", "7b782d02e6ff6d56139663c74b03e57f517b305fc78b2b54aff90a4952cdb6eb", "1c7901421275b33dbae9698ac798a8fdcc4999fdbd04bcd8d221c70fb75c91ae", "6308ca8901f9d0ec5dcf5831c0b016b1992535a05977949ddfa67a66b09470c4", "563bbef37b9b7578a75170ee0a05e3655a1f97ed5df3882c229ef1b4f375c16d", "eaf4c97da44d07dacf2f639e845bcdfa869cd09f1a069ba16f3f99954c245419", "271ea89850fffcb08deab3cc8296bcbeb144603e77280847a89504678f40a102", "c2c35746fe97baf481b6d8cd6281a7d9542c187de80e6d2aad04f06c79841e5d", "3e30d8161b24b957254b37d23c34c045e90bc4d8aa0475dc479cc1985f4d0e47", "a7c21d784caff9a2c6e1baaa77f544bd532a8fb48be0a62480c0e7278d900f3d", "d08017aa9a9b0f146c422c66b33347b35d47ee9c98b2b36aad4554356043ec10"], "mitre_attack_tags": ["TA0005", "TA0007", "T1497"]}, {"bi": "network-smtp-spambot-v2", "hashes": ["59baffc524a5e9853bd26cfb3272d3b3bcb50c4a84002e4853affbf2855e584d", "61e0604d33d33b189d984da00e393472b328233c41af921f8b14eab9b928d4b8", "7b782d02e6ff6d56139663c74b03e57f517b305fc78b2b54aff90a4952cdb6eb", "6308ca8901f9d0ec5dcf5831c0b016b1992535a05977949ddfa67a66b09470c4", "563bbef37b9b7578a75170ee0a05e3655a1f97ed5df3882c229ef1b4f375c16d", "eaf4c97da44d07dacf2f639e845bcdfa869cd09f1a069ba16f3f99954c245419", "271ea89850fffcb08deab3cc8296bcbeb144603e77280847a89504678f40a102", "c2c35746fe97baf481b6d8cd6281a7d9542c187de80e6d2aad04f06c79841e5d", "3e30d8161b24b957254b37d23c34c045e90bc4d8aa0475dc479cc1985f4d0e47", "a7c21d784caff9a2c6e1baaa77f544bd532a8fb48be0a62480c0e7278d900f3d", "d08017aa9a9b0f146c422c66b33347b35d47ee9c98b2b36aad4554356043ec10"], "mitre_attack_tags": []}, {"bi": "network-snort-sensitive-data", "hashes": ["59baffc524a5e9853bd26cfb3272d3b3bcb50c4a84002e4853affbf2855e584d", "7b782d02e6ff6d56139663c74b03e57f517b305fc78b2b54aff90a4952cdb6eb", "6308ca8901f9d0ec5dcf5831c0b016b1992535a05977949ddfa67a66b09470c4", "563bbef37b9b7578a75170ee0a05e3655a1f97ed5df3882c229ef1b4f375c16d", "eaf4c97da44d07dacf2f639e845bcdfa869cd09f1a069ba16f3f99954c245419", "271ea89850fffcb08deab3cc8296bcbeb144603e77280847a89504678f40a102", "c2c35746fe97baf481b6d8cd6281a7d9542c187de80e6d2aad04f06c79841e5d", "3e30d8161b24b957254b37d23c34c045e90bc4d8aa0475dc479cc1985f4d0e47", "a7c21d784caff9a2c6e1baaa77f544bd532a8fb48be0a62480c0e7278d900f3d", "d08017aa9a9b0f146c422c66b33347b35d47ee9c98b2b36aad4554356043ec10"], "mitre_attack_tags": []}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["7b782d02e6ff6d56139663c74b03e57f517b305fc78b2b54aff90a4952cdb6eb", "1c7901421275b33dbae9698ac798a8fdcc4999fdbd04bcd8d221c70fb75c91ae", "6308ca8901f9d0ec5dcf5831c0b016b1992535a05977949ddfa67a66b09470c4", "563bbef37b9b7578a75170ee0a05e3655a1f97ed5df3882c229ef1b4f375c16d", "eaf4c97da44d07dacf2f639e845bcdfa869cd09f1a069ba16f3f99954c245419", "271ea89850fffcb08deab3cc8296bcbeb144603e77280847a89504678f40a102", "c2c35746fe97baf481b6d8cd6281a7d9542c187de80e6d2aad04f06c79841e5d", "3e30d8161b24b957254b37d23c34c045e90bc4d8aa0475dc479cc1985f4d0e47", "a7c21d784caff9a2c6e1baaa77f544bd532a8fb48be0a62480c0e7278d900f3d", "d08017aa9a9b0f146c422c66b33347b35d47ee9c98b2b36aad4554356043ec10"], "mitre_attack_tags": []}, {"bi": "feed-domain-antivirus-service", "hashes": ["7b782d02e6ff6d56139663c74b03e57f517b305fc78b2b54aff90a4952cdb6eb", "1c7901421275b33dbae9698ac798a8fdcc4999fdbd04bcd8d221c70fb75c91ae", "6308ca8901f9d0ec5dcf5831c0b016b1992535a05977949ddfa67a66b09470c4", "563bbef37b9b7578a75170ee0a05e3655a1f97ed5df3882c229ef1b4f375c16d", "eaf4c97da44d07dacf2f639e845bcdfa869cd09f1a069ba16f3f99954c245419", "271ea89850fffcb08deab3cc8296bcbeb144603e77280847a89504678f40a102", "c2c35746fe97baf481b6d8cd6281a7d9542c187de80e6d2aad04f06c79841e5d", "3e30d8161b24b957254b37d23c34c045e90bc4d8aa0475dc479cc1985f4d0e47", "a7c21d784caff9a2c6e1baaa77f544bd532a8fb48be0a62480c0e7278d900f3d", "d08017aa9a9b0f146c422c66b33347b35d47ee9c98b2b36aad4554356043ec10"], "mitre_attack_tags": []}, {"bi": "nginx-webserver-detected", "hashes": ["59baffc524a5e9853bd26cfb3272d3b3bcb50c4a84002e4853affbf2855e584d", "7b782d02e6ff6d56139663c74b03e57f517b305fc78b2b54aff90a4952cdb6eb", "1c7901421275b33dbae9698ac798a8fdcc4999fdbd04bcd8d221c70fb75c91ae", "6308ca8901f9d0ec5dcf5831c0b016b1992535a05977949ddfa67a66b09470c4", "563bbef37b9b7578a75170ee0a05e3655a1f97ed5df3882c229ef1b4f375c16d", "eaf4c97da44d07dacf2f639e845bcdfa869cd09f1a069ba16f3f99954c245419", "271ea89850fffcb08deab3cc8296bcbeb144603e77280847a89504678f40a102", "a7c21d784caff9a2c6e1baaa77f544bd532a8fb48be0a62480c0e7278d900f3d", "d08017aa9a9b0f146c422c66b33347b35d47ee9c98b2b36aad4554356043ec10"], "mitre_attack_tags": []}, {"bi": "dns-excessive-domain-queries", "hashes": ["59baffc524a5e9853bd26cfb3272d3b3bcb50c4a84002e4853affbf2855e584d", "7b782d02e6ff6d56139663c74b03e57f517b305fc78b2b54aff90a4952cdb6eb", "1c7901421275b33dbae9698ac798a8fdcc4999fdbd04bcd8d221c70fb75c91ae", "6308ca8901f9d0ec5dcf5831c0b016b1992535a05977949ddfa67a66b09470c4", "eaf4c97da44d07dacf2f639e845bcdfa869cd09f1a069ba16f3f99954c245419", "271ea89850fffcb08deab3cc8296bcbeb144603e77280847a89504678f40a102", "c2c35746fe97baf481b6d8cd6281a7d9542c187de80e6d2aad04f06c79841e5d", "3e30d8161b24b957254b37d23c34c045e90bc4d8aa0475dc479cc1985f4d0e47", "d08017aa9a9b0f146c422c66b33347b35d47ee9c98b2b36aad4554356043ec10"], "mitre_attack_tags": ["TA0011", "T1008"]}, {"bi": "network-snort-server", "hashes": ["59baffc524a5e9853bd26cfb3272d3b3bcb50c4a84002e4853affbf2855e584d", "7b782d02e6ff6d56139663c74b03e57f517b305fc78b2b54aff90a4952cdb6eb", "563bbef37b9b7578a75170ee0a05e3655a1f97ed5df3882c229ef1b4f375c16d", "eaf4c97da44d07dacf2f639e845bcdfa869cd09f1a069ba16f3f99954c245419", "271ea89850fffcb08deab3cc8296bcbeb144603e77280847a89504678f40a102", "c2c35746fe97baf481b6d8cd6281a7d9542c187de80e6d2aad04f06c79841e5d", "d08017aa9a9b0f146c422c66b33347b35d47ee9c98b2b36aad4554356043ec10"], "mitre_attack_tags": []}, {"bi": "network-file-uploaded", "hashes": ["59baffc524a5e9853bd26cfb3272d3b3bcb50c4a84002e4853affbf2855e584d", "7b782d02e6ff6d56139663c74b03e57f517b305fc78b2b54aff90a4952cdb6eb", "1c7901421275b33dbae9698ac798a8fdcc4999fdbd04bcd8d221c70fb75c91ae", "563bbef37b9b7578a75170ee0a05e3655a1f97ed5df3882c229ef1b4f375c16d", "d08017aa9a9b0f146c422c66b33347b35d47ee9c98b2b36aad4554356043ec10"], "mitre_attack_tags": ["TA0010", "T1011"]}, {"bi": "network-http-non-standard-port", "hashes": ["59baffc524a5e9853bd26cfb3272d3b3bcb50c4a84002e4853affbf2855e584d", "7b782d02e6ff6d56139663c74b03e57f517b305fc78b2b54aff90a4952cdb6eb", "1c7901421275b33dbae9698ac798a8fdcc4999fdbd04bcd8d221c70fb75c91ae", "563bbef37b9b7578a75170ee0a05e3655a1f97ed5df3882c229ef1b4f375c16d", "d08017aa9a9b0f146c422c66b33347b35d47ee9c98b2b36aad4554356043ec10"], "mitre_attack_tags": ["TA0011", "T1571"]}, {"bi": "network-communications-http-post", "hashes": ["59baffc524a5e9853bd26cfb3272d3b3bcb50c4a84002e4853affbf2855e584d", "7b782d02e6ff6d56139663c74b03e57f517b305fc78b2b54aff90a4952cdb6eb", "1c7901421275b33dbae9698ac798a8fdcc4999fdbd04bcd8d221c70fb75c91ae", "563bbef37b9b7578a75170ee0a05e3655a1f97ed5df3882c229ef1b4f375c16d", "d08017aa9a9b0f146c422c66b33347b35d47ee9c98b2b36aad4554356043ec10"], "mitre_attack_tags": ["TA0010", "T1048"]}, {"bi": "double-url-detected", "hashes": ["59baffc524a5e9853bd26cfb3272d3b3bcb50c4a84002e4853affbf2855e584d", "7b782d02e6ff6d56139663c74b03e57f517b305fc78b2b54aff90a4952cdb6eb", "1c7901421275b33dbae9698ac798a8fdcc4999fdbd04bcd8d221c70fb75c91ae", "563bbef37b9b7578a75170ee0a05e3655a1f97ed5df3882c229ef1b4f375c16d", "d08017aa9a9b0f146c422c66b33347b35d47ee9c98b2b36aad4554356043ec10"], "mitre_attack_tags": ["TA0011", "T1102"]}, {"bi": "excessive-tcp-connections", "hashes": ["7b782d02e6ff6d56139663c74b03e57f517b305fc78b2b54aff90a4952cdb6eb", "eaf4c97da44d07dacf2f639e845bcdfa869cd09f1a069ba16f3f99954c245419", "3e30d8161b24b957254b37d23c34c045e90bc4d8aa0475dc479cc1985f4d0e47", "d08017aa9a9b0f146c422c66b33347b35d47ee9c98b2b36aad4554356043ec10"], "mitre_attack_tags": ["TA0011", "T1095", "T1008"]}, {"bi": "network-dns-category-proxy", "hashes": ["6308ca8901f9d0ec5dcf5831c0b016b1992535a05977949ddfa67a66b09470c4", "eaf4c97da44d07dacf2f639e845bcdfa869cd09f1a069ba16f3f99954c245419", "271ea89850fffcb08deab3cc8296bcbeb144603e77280847a89504678f40a102", "a7c21d784caff9a2c6e1baaa77f544bd532a8fb48be0a62480c0e7278d900f3d"], "mitre_attack_tags": []}, {"bi": "windows-utility-downloaded-artifact", "hashes": ["59baffc524a5e9853bd26cfb3272d3b3bcb50c4a84002e4853affbf2855e584d", "7b782d02e6ff6d56139663c74b03e57f517b305fc78b2b54aff90a4952cdb6eb"], "mitre_attack_tags": ["TA0011", "T1105"]}, {"bi": "eml-mismatched-name-from-header", "hashes": ["59baffc524a5e9853bd26cfb3272d3b3bcb50c4a84002e4853affbf2855e584d", "7b782d02e6ff6d56139663c74b03e57f517b305fc78b2b54aff90a4952cdb6eb"], "mitre_attack_tags": ["TA0001", "T1566"]}, {"bi": "netbios-query", "hashes": ["6308ca8901f9d0ec5dcf5831c0b016b1992535a05977949ddfa67a66b09470c4", "d08017aa9a9b0f146c422c66b33347b35d47ee9c98b2b36aad4554356043ec10"], "mitre_attack_tags": []}], "category": "Packed", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": true, "Threat Grid": true, "Umbrella": false, "WSA": true}, "description": "Tofsee is multi-purpose malware that features a number of modules used to carry out various activities such as sending spam messages, conducting click fraud, mining cryptocurrency, and more. Infected systems become part of the Tofsee spam botnet and are used to send large volumes of spam messages in an effort to infect additional systems and increase the overall size of the botnet under the operator's control.", "hashes": ["1c7901421275b33dbae9698ac798a8fdcc4999fdbd04bcd8d221c70fb75c91ae", "271ea89850fffcb08deab3cc8296bcbeb144603e77280847a89504678f40a102", "3e30d8161b24b957254b37d23c34c045e90bc4d8aa0475dc479cc1985f4d0e47", "563bbef37b9b7578a75170ee0a05e3655a1f97ed5df3882c229ef1b4f375c16d", "59baffc524a5e9853bd26cfb3272d3b3bcb50c4a84002e4853affbf2855e584d", "61e0604d33d33b189d984da00e393472b328233c41af921f8b14eab9b928d4b8", "6308ca8901f9d0ec5dcf5831c0b016b1992535a05977949ddfa67a66b09470c4", "7b782d02e6ff6d56139663c74b03e57f517b305fc78b2b54aff90a4952cdb6eb", "a7c21d784caff9a2c6e1baaa77f544bd532a8fb48be0a62480c0e7278d900f3d", "c2c35746fe97baf481b6d8cd6281a7d9542c187de80e6d2aad04f06c79841e5d", "d08017aa9a9b0f146c422c66b33347b35d47ee9c98b2b36aad4554356043ec10", "eaf4c97da44d07dacf2f639e845bcdfa869cd09f1a069ba16f3f99954c245419"], "iocs": {"domain": [{"hashes": ["1c7901421275b33dbae9698ac798a8fdcc4999fdbd04bcd8d221c70fb75c91ae", "271ea89850fffcb08deab3cc8296bcbeb144603e77280847a89504678f40a102", "3e30d8161b24b957254b37d23c34c045e90bc4d8aa0475dc479cc1985f4d0e47", "563bbef37b9b7578a75170ee0a05e3655a1f97ed5df3882c229ef1b4f375c16d", "59baffc524a5e9853bd26cfb3272d3b3bcb50c4a84002e4853affbf2855e584d", "61e0604d33d33b189d984da00e393472b328233c41af921f8b14eab9b928d4b8", "6308ca8901f9d0ec5dcf5831c0b016b1992535a05977949ddfa67a66b09470c4", "7b782d02e6ff6d56139663c74b03e57f517b305fc78b2b54aff90a4952cdb6eb", "a7c21d784caff9a2c6e1baaa77f544bd532a8fb48be0a62480c0e7278d900f3d", "c2c35746fe97baf481b6d8cd6281a7d9542c187de80e6d2aad04f06c79841e5d", "d08017aa9a9b0f146c422c66b33347b35d47ee9c98b2b36aad4554356043ec10", "eaf4c97da44d07dacf2f639e845bcdfa869cd09f1a069ba16f3f99954c245419"], "host": "schema[.]org"}, {"hashes": ["1c7901421275b33dbae9698ac798a8fdcc4999fdbd04bcd8d221c70fb75c91ae", "271ea89850fffcb08deab3cc8296bcbeb144603e77280847a89504678f40a102", "3e30d8161b24b957254b37d23c34c045e90bc4d8aa0475dc479cc1985f4d0e47", "563bbef37b9b7578a75170ee0a05e3655a1f97ed5df3882c229ef1b4f375c16d", "59baffc524a5e9853bd26cfb3272d3b3bcb50c4a84002e4853affbf2855e584d", "61e0604d33d33b189d984da00e393472b328233c41af921f8b14eab9b928d4b8", "6308ca8901f9d0ec5dcf5831c0b016b1992535a05977949ddfa67a66b09470c4", "7b782d02e6ff6d56139663c74b03e57f517b305fc78b2b54aff90a4952cdb6eb", "a7c21d784caff9a2c6e1baaa77f544bd532a8fb48be0a62480c0e7278d900f3d", "c2c35746fe97baf481b6d8cd6281a7d9542c187de80e6d2aad04f06c79841e5d", "d08017aa9a9b0f146c422c66b33347b35d47ee9c98b2b36aad4554356043ec10", "eaf4c97da44d07dacf2f639e845bcdfa869cd09f1a069ba16f3f99954c245419"], "host": "249[.]5[.]55[.]69[.]bl[.]spamcop[.]net"}, {"hashes": ["1c7901421275b33dbae9698ac798a8fdcc4999fdbd04bcd8d221c70fb75c91ae", "271ea89850fffcb08deab3cc8296bcbeb144603e77280847a89504678f40a102", "3e30d8161b24b957254b37d23c34c045e90bc4d8aa0475dc479cc1985f4d0e47", "563bbef37b9b7578a75170ee0a05e3655a1f97ed5df3882c229ef1b4f375c16d", "59baffc524a5e9853bd26cfb3272d3b3bcb50c4a84002e4853affbf2855e584d", "61e0604d33d33b189d984da00e393472b328233c41af921f8b14eab9b928d4b8", "6308ca8901f9d0ec5dcf5831c0b016b1992535a05977949ddfa67a66b09470c4", "7b782d02e6ff6d56139663c74b03e57f517b305fc78b2b54aff90a4952cdb6eb", "a7c21d784caff9a2c6e1baaa77f544bd532a8fb48be0a62480c0e7278d900f3d", "c2c35746fe97baf481b6d8cd6281a7d9542c187de80e6d2aad04f06c79841e5d", "d08017aa9a9b0f146c422c66b33347b35d47ee9c98b2b36aad4554356043ec10", "eaf4c97da44d07dacf2f639e845bcdfa869cd09f1a069ba16f3f99954c245419"], "host": "249[.]5[.]55[.]69[.]cbl[.]abuseat[.]org"}, {"hashes": ["1c7901421275b33dbae9698ac798a8fdcc4999fdbd04bcd8d221c70fb75c91ae", "271ea89850fffcb08deab3cc8296bcbeb144603e77280847a89504678f40a102", "3e30d8161b24b957254b37d23c34c045e90bc4d8aa0475dc479cc1985f4d0e47", "563bbef37b9b7578a75170ee0a05e3655a1f97ed5df3882c229ef1b4f375c16d", "59baffc524a5e9853bd26cfb3272d3b3bcb50c4a84002e4853affbf2855e584d", "61e0604d33d33b189d984da00e393472b328233c41af921f8b14eab9b928d4b8", "6308ca8901f9d0ec5dcf5831c0b016b1992535a05977949ddfa67a66b09470c4", "7b782d02e6ff6d56139663c74b03e57f517b305fc78b2b54aff90a4952cdb6eb", "a7c21d784caff9a2c6e1baaa77f544bd532a8fb48be0a62480c0e7278d900f3d", "c2c35746fe97baf481b6d8cd6281a7d9542c187de80e6d2aad04f06c79841e5d", "d08017aa9a9b0f146c422c66b33347b35d47ee9c98b2b36aad4554356043ec10", "eaf4c97da44d07dacf2f639e845bcdfa869cd09f1a069ba16f3f99954c245419"], "host": "249[.]5[.]55[.]69[.]dnsbl[.]sorbs[.]net"}, {"hashes": ["1c7901421275b33dbae9698ac798a8fdcc4999fdbd04bcd8d221c70fb75c91ae", "271ea89850fffcb08deab3cc8296bcbeb144603e77280847a89504678f40a102", "3e30d8161b24b957254b37d23c34c045e90bc4d8aa0475dc479cc1985f4d0e47", "563bbef37b9b7578a75170ee0a05e3655a1f97ed5df3882c229ef1b4f375c16d", "59baffc524a5e9853bd26cfb3272d3b3bcb50c4a84002e4853affbf2855e584d", "61e0604d33d33b189d984da00e393472b328233c41af921f8b14eab9b928d4b8", "6308ca8901f9d0ec5dcf5831c0b016b1992535a05977949ddfa67a66b09470c4", "7b782d02e6ff6d56139663c74b03e57f517b305fc78b2b54aff90a4952cdb6eb", "a7c21d784caff9a2c6e1baaa77f544bd532a8fb48be0a62480c0e7278d900f3d", "c2c35746fe97baf481b6d8cd6281a7d9542c187de80e6d2aad04f06c79841e5d", "d08017aa9a9b0f146c422c66b33347b35d47ee9c98b2b36aad4554356043ec10", "eaf4c97da44d07dacf2f639e845bcdfa869cd09f1a069ba16f3f99954c245419"], "host": "249[.]5[.]55[.]69[.]in-addr[.]arpa"}, {"hashes": ["1c7901421275b33dbae9698ac798a8fdcc4999fdbd04bcd8d221c70fb75c91ae", "271ea89850fffcb08deab3cc8296bcbeb144603e77280847a89504678f40a102", "3e30d8161b24b957254b37d23c34c045e90bc4d8aa0475dc479cc1985f4d0e47", "563bbef37b9b7578a75170ee0a05e3655a1f97ed5df3882c229ef1b4f375c16d", "59baffc524a5e9853bd26cfb3272d3b3bcb50c4a84002e4853affbf2855e584d", "61e0604d33d33b189d984da00e393472b328233c41af921f8b14eab9b928d4b8", "6308ca8901f9d0ec5dcf5831c0b016b1992535a05977949ddfa67a66b09470c4", "7b782d02e6ff6d56139663c74b03e57f517b305fc78b2b54aff90a4952cdb6eb", "a7c21d784caff9a2c6e1baaa77f544bd532a8fb48be0a62480c0e7278d900f3d", "c2c35746fe97baf481b6d8cd6281a7d9542c187de80e6d2aad04f06c79841e5d", "d08017aa9a9b0f146c422c66b33347b35d47ee9c98b2b36aad4554356043ec10", "eaf4c97da44d07dacf2f639e845bcdfa869cd09f1a069ba16f3f99954c245419"], "host": "249[.]5[.]55[.]69[.]sbl-xbl[.]spamhaus[.]org"}, {"hashes": ["1c7901421275b33dbae9698ac798a8fdcc4999fdbd04bcd8d221c70fb75c91ae", "271ea89850fffcb08deab3cc8296bcbeb144603e77280847a89504678f40a102", "3e30d8161b24b957254b37d23c34c045e90bc4d8aa0475dc479cc1985f4d0e47", "563bbef37b9b7578a75170ee0a05e3655a1f97ed5df3882c229ef1b4f375c16d", "59baffc524a5e9853bd26cfb3272d3b3bcb50c4a84002e4853affbf2855e584d", "61e0604d33d33b189d984da00e393472b328233c41af921f8b14eab9b928d4b8", "6308ca8901f9d0ec5dcf5831c0b016b1992535a05977949ddfa67a66b09470c4", "7b782d02e6ff6d56139663c74b03e57f517b305fc78b2b54aff90a4952cdb6eb", "a7c21d784caff9a2c6e1baaa77f544bd532a8fb48be0a62480c0e7278d900f3d", "c2c35746fe97baf481b6d8cd6281a7d9542c187de80e6d2aad04f06c79841e5d", "d08017aa9a9b0f146c422c66b33347b35d47ee9c98b2b36aad4554356043ec10", "eaf4c97da44d07dacf2f639e845bcdfa869cd09f1a069ba16f3f99954c245419"], "host": "249[.]5[.]55[.]69[.]zen[.]spamhaus[.]org"}, {"hashes": ["1c7901421275b33dbae9698ac798a8fdcc4999fdbd04bcd8d221c70fb75c91ae", "271ea89850fffcb08deab3cc8296bcbeb144603e77280847a89504678f40a102", "3e30d8161b24b957254b37d23c34c045e90bc4d8aa0475dc479cc1985f4d0e47", "563bbef37b9b7578a75170ee0a05e3655a1f97ed5df3882c229ef1b4f375c16d", "59baffc524a5e9853bd26cfb3272d3b3bcb50c4a84002e4853affbf2855e584d", "61e0604d33d33b189d984da00e393472b328233c41af921f8b14eab9b928d4b8", "6308ca8901f9d0ec5dcf5831c0b016b1992535a05977949ddfa67a66b09470c4", "7b782d02e6ff6d56139663c74b03e57f517b305fc78b2b54aff90a4952cdb6eb", "a7c21d784caff9a2c6e1baaa77f544bd532a8fb48be0a62480c0e7278d900f3d", "c2c35746fe97baf481b6d8cd6281a7d9542c187de80e6d2aad04f06c79841e5d", "d08017aa9a9b0f146c422c66b33347b35d47ee9c98b2b36aad4554356043ec10", "eaf4c97da44d07dacf2f639e845bcdfa869cd09f1a069ba16f3f99954c245419"], "host": "accounts[.]google[.]com"}, {"hashes": ["1c7901421275b33dbae9698ac798a8fdcc4999fdbd04bcd8d221c70fb75c91ae", "271ea89850fffcb08deab3cc8296bcbeb144603e77280847a89504678f40a102", "3e30d8161b24b957254b37d23c34c045e90bc4d8aa0475dc479cc1985f4d0e47", "563bbef37b9b7578a75170ee0a05e3655a1f97ed5df3882c229ef1b4f375c16d", "59baffc524a5e9853bd26cfb3272d3b3bcb50c4a84002e4853affbf2855e584d", "61e0604d33d33b189d984da00e393472b328233c41af921f8b14eab9b928d4b8", "6308ca8901f9d0ec5dcf5831c0b016b1992535a05977949ddfa67a66b09470c4", "7b782d02e6ff6d56139663c74b03e57f517b305fc78b2b54aff90a4952cdb6eb", "a7c21d784caff9a2c6e1baaa77f544bd532a8fb48be0a62480c0e7278d900f3d", "c2c35746fe97baf481b6d8cd6281a7d9542c187de80e6d2aad04f06c79841e5d", "d08017aa9a9b0f146c422c66b33347b35d47ee9c98b2b36aad4554356043ec10", "eaf4c97da44d07dacf2f639e845bcdfa869cd09f1a069ba16f3f99954c245419"], "host": "drive[.]google[.]com"}, {"hashes": ["1c7901421275b33dbae9698ac798a8fdcc4999fdbd04bcd8d221c70fb75c91ae", "271ea89850fffcb08deab3cc8296bcbeb144603e77280847a89504678f40a102", "3e30d8161b24b957254b37d23c34c045e90bc4d8aa0475dc479cc1985f4d0e47", "563bbef37b9b7578a75170ee0a05e3655a1f97ed5df3882c229ef1b4f375c16d", "59baffc524a5e9853bd26cfb3272d3b3bcb50c4a84002e4853affbf2855e584d", "61e0604d33d33b189d984da00e393472b328233c41af921f8b14eab9b928d4b8", "6308ca8901f9d0ec5dcf5831c0b016b1992535a05977949ddfa67a66b09470c4", "7b782d02e6ff6d56139663c74b03e57f517b305fc78b2b54aff90a4952cdb6eb", "a7c21d784caff9a2c6e1baaa77f544bd532a8fb48be0a62480c0e7278d900f3d", "c2c35746fe97baf481b6d8cd6281a7d9542c187de80e6d2aad04f06c79841e5d", "d08017aa9a9b0f146c422c66b33347b35d47ee9c98b2b36aad4554356043ec10", "eaf4c97da44d07dacf2f639e845bcdfa869cd09f1a069ba16f3f99954c245419"], "host": "mail[.]google[.]com"}, {"hashes": ["1c7901421275b33dbae9698ac798a8fdcc4999fdbd04bcd8d221c70fb75c91ae", "271ea89850fffcb08deab3cc8296bcbeb144603e77280847a89504678f40a102", "3e30d8161b24b957254b37d23c34c045e90bc4d8aa0475dc479cc1985f4d0e47", "563bbef37b9b7578a75170ee0a05e3655a1f97ed5df3882c229ef1b4f375c16d", "59baffc524a5e9853bd26cfb3272d3b3bcb50c4a84002e4853affbf2855e584d", "61e0604d33d33b189d984da00e393472b328233c41af921f8b14eab9b928d4b8", "6308ca8901f9d0ec5dcf5831c0b016b1992535a05977949ddfa67a66b09470c4", "7b782d02e6ff6d56139663c74b03e57f517b305fc78b2b54aff90a4952cdb6eb", "a7c21d784caff9a2c6e1baaa77f544bd532a8fb48be0a62480c0e7278d900f3d", "c2c35746fe97baf481b6d8cd6281a7d9542c187de80e6d2aad04f06c79841e5d", "d08017aa9a9b0f146c422c66b33347b35d47ee9c98b2b36aad4554356043ec10", "eaf4c97da44d07dacf2f639e845bcdfa869cd09f1a069ba16f3f99954c245419"], "host": "maps[.]google[.]com"}, {"hashes": ["1c7901421275b33dbae9698ac798a8fdcc4999fdbd04bcd8d221c70fb75c91ae", "271ea89850fffcb08deab3cc8296bcbeb144603e77280847a89504678f40a102", "3e30d8161b24b957254b37d23c34c045e90bc4d8aa0475dc479cc1985f4d0e47", "563bbef37b9b7578a75170ee0a05e3655a1f97ed5df3882c229ef1b4f375c16d", "59baffc524a5e9853bd26cfb3272d3b3bcb50c4a84002e4853affbf2855e584d", "61e0604d33d33b189d984da00e393472b328233c41af921f8b14eab9b928d4b8", "6308ca8901f9d0ec5dcf5831c0b016b1992535a05977949ddfa67a66b09470c4", "7b782d02e6ff6d56139663c74b03e57f517b305fc78b2b54aff90a4952cdb6eb", "a7c21d784caff9a2c6e1baaa77f544bd532a8fb48be0a62480c0e7278d900f3d", "c2c35746fe97baf481b6d8cd6281a7d9542c187de80e6d2aad04f06c79841e5d", "d08017aa9a9b0f146c422c66b33347b35d47ee9c98b2b36aad4554356043ec10", "eaf4c97da44d07dacf2f639e845bcdfa869cd09f1a069ba16f3f99954c245419"], "host": "microsoft-com[.]mail[.]protection[.]outlook[.]com"}, {"hashes": ["1c7901421275b33dbae9698ac798a8fdcc4999fdbd04bcd8d221c70fb75c91ae", "271ea89850fffcb08deab3cc8296bcbeb144603e77280847a89504678f40a102", "3e30d8161b24b957254b37d23c34c045e90bc4d8aa0475dc479cc1985f4d0e47", "563bbef37b9b7578a75170ee0a05e3655a1f97ed5df3882c229ef1b4f375c16d", "59baffc524a5e9853bd26cfb3272d3b3bcb50c4a84002e4853affbf2855e584d", "61e0604d33d33b189d984da00e393472b328233c41af921f8b14eab9b928d4b8", "6308ca8901f9d0ec5dcf5831c0b016b1992535a05977949ddfa67a66b09470c4", "7b782d02e6ff6d56139663c74b03e57f517b305fc78b2b54aff90a4952cdb6eb", "a7c21d784caff9a2c6e1baaa77f544bd532a8fb48be0a62480c0e7278d900f3d", "c2c35746fe97baf481b6d8cd6281a7d9542c187de80e6d2aad04f06c79841e5d", "d08017aa9a9b0f146c422c66b33347b35d47ee9c98b2b36aad4554356043ec10", "eaf4c97da44d07dacf2f639e845bcdfa869cd09f1a069ba16f3f99954c245419"], "host": "microsoft[.]com"}, {"hashes": ["1c7901421275b33dbae9698ac798a8fdcc4999fdbd04bcd8d221c70fb75c91ae", "271ea89850fffcb08deab3cc8296bcbeb144603e77280847a89504678f40a102", "3e30d8161b24b957254b37d23c34c045e90bc4d8aa0475dc479cc1985f4d0e47", "563bbef37b9b7578a75170ee0a05e3655a1f97ed5df3882c229ef1b4f375c16d", "59baffc524a5e9853bd26cfb3272d3b3bcb50c4a84002e4853affbf2855e584d", "61e0604d33d33b189d984da00e393472b328233c41af921f8b14eab9b928d4b8", "6308ca8901f9d0ec5dcf5831c0b016b1992535a05977949ddfa67a66b09470c4", "7b782d02e6ff6d56139663c74b03e57f517b305fc78b2b54aff90a4952cdb6eb", "a7c21d784caff9a2c6e1baaa77f544bd532a8fb48be0a62480c0e7278d900f3d", "c2c35746fe97baf481b6d8cd6281a7d9542c187de80e6d2aad04f06c79841e5d", "d08017aa9a9b0f146c422c66b33347b35d47ee9c98b2b36aad4554356043ec10", "eaf4c97da44d07dacf2f639e845bcdfa869cd09f1a069ba16f3f99954c245419"], "host": "news[.]google[.]com"}, {"hashes": ["1c7901421275b33dbae9698ac798a8fdcc4999fdbd04bcd8d221c70fb75c91ae", "271ea89850fffcb08deab3cc8296bcbeb144603e77280847a89504678f40a102", "3e30d8161b24b957254b37d23c34c045e90bc4d8aa0475dc479cc1985f4d0e47", "563bbef37b9b7578a75170ee0a05e3655a1f97ed5df3882c229ef1b4f375c16d", "59baffc524a5e9853bd26cfb3272d3b3bcb50c4a84002e4853affbf2855e584d", "61e0604d33d33b189d984da00e393472b328233c41af921f8b14eab9b928d4b8", "6308ca8901f9d0ec5dcf5831c0b016b1992535a05977949ddfa67a66b09470c4", "7b782d02e6ff6d56139663c74b03e57f517b305fc78b2b54aff90a4952cdb6eb", "a7c21d784caff9a2c6e1baaa77f544bd532a8fb48be0a62480c0e7278d900f3d", "c2c35746fe97baf481b6d8cd6281a7d9542c187de80e6d2aad04f06c79841e5d", "d08017aa9a9b0f146c422c66b33347b35d47ee9c98b2b36aad4554356043ec10", "eaf4c97da44d07dacf2f639e845bcdfa869cd09f1a069ba16f3f99954c245419"], "host": "play[.]google[.]com"}, {"hashes": ["1c7901421275b33dbae9698ac798a8fdcc4999fdbd04bcd8d221c70fb75c91ae", "271ea89850fffcb08deab3cc8296bcbeb144603e77280847a89504678f40a102", "3e30d8161b24b957254b37d23c34c045e90bc4d8aa0475dc479cc1985f4d0e47", "563bbef37b9b7578a75170ee0a05e3655a1f97ed5df3882c229ef1b4f375c16d", "59baffc524a5e9853bd26cfb3272d3b3bcb50c4a84002e4853affbf2855e584d", "61e0604d33d33b189d984da00e393472b328233c41af921f8b14eab9b928d4b8", "6308ca8901f9d0ec5dcf5831c0b016b1992535a05977949ddfa67a66b09470c4", "7b782d02e6ff6d56139663c74b03e57f517b305fc78b2b54aff90a4952cdb6eb", "a7c21d784caff9a2c6e1baaa77f544bd532a8fb48be0a62480c0e7278d900f3d", "c2c35746fe97baf481b6d8cd6281a7d9542c187de80e6d2aad04f06c79841e5d", "d08017aa9a9b0f146c422c66b33347b35d47ee9c98b2b36aad4554356043ec10", "eaf4c97da44d07dacf2f639e845bcdfa869cd09f1a069ba16f3f99954c245419"], "host": "www[.]youtube[.]com"}, {"hashes": ["271ea89850fffcb08deab3cc8296bcbeb144603e77280847a89504678f40a102", "3e30d8161b24b957254b37d23c34c045e90bc4d8aa0475dc479cc1985f4d0e47", "563bbef37b9b7578a75170ee0a05e3655a1f97ed5df3882c229ef1b4f375c16d", "59baffc524a5e9853bd26cfb3272d3b3bcb50c4a84002e4853affbf2855e584d", "61e0604d33d33b189d984da00e393472b328233c41af921f8b14eab9b928d4b8", "6308ca8901f9d0ec5dcf5831c0b016b1992535a05977949ddfa67a66b09470c4", "7b782d02e6ff6d56139663c74b03e57f517b305fc78b2b54aff90a4952cdb6eb", "a7c21d784caff9a2c6e1baaa77f544bd532a8fb48be0a62480c0e7278d900f3d", "d08017aa9a9b0f146c422c66b33347b35d47ee9c98b2b36aad4554356043ec10", "eaf4c97da44d07dacf2f639e845bcdfa869cd09f1a069ba16f3f99954c245419"], "host": "www[.]google[.]com"}, {"hashes": ["271ea89850fffcb08deab3cc8296bcbeb144603e77280847a89504678f40a102", "3e30d8161b24b957254b37d23c34c045e90bc4d8aa0475dc479cc1985f4d0e47", "563bbef37b9b7578a75170ee0a05e3655a1f97ed5df3882c229ef1b4f375c16d", "59baffc524a5e9853bd26cfb3272d3b3bcb50c4a84002e4853affbf2855e584d", "61e0604d33d33b189d984da00e393472b328233c41af921f8b14eab9b928d4b8", "6308ca8901f9d0ec5dcf5831c0b016b1992535a05977949ddfa67a66b09470c4", "7b782d02e6ff6d56139663c74b03e57f517b305fc78b2b54aff90a4952cdb6eb", "a7c21d784caff9a2c6e1baaa77f544bd532a8fb48be0a62480c0e7278d900f3d", "d08017aa9a9b0f146c422c66b33347b35d47ee9c98b2b36aad4554356043ec10", "eaf4c97da44d07dacf2f639e845bcdfa869cd09f1a069ba16f3f99954c245419"], "host": "msr[.]pool-pay[.]com"}, {"hashes": ["271ea89850fffcb08deab3cc8296bcbeb144603e77280847a89504678f40a102", "3e30d8161b24b957254b37d23c34c045e90bc4d8aa0475dc479cc1985f4d0e47", "563bbef37b9b7578a75170ee0a05e3655a1f97ed5df3882c229ef1b4f375c16d", "59baffc524a5e9853bd26cfb3272d3b3bcb50c4a84002e4853affbf2855e584d", "61e0604d33d33b189d984da00e393472b328233c41af921f8b14eab9b928d4b8", "6308ca8901f9d0ec5dcf5831c0b016b1992535a05977949ddfa67a66b09470c4", "7b782d02e6ff6d56139663c74b03e57f517b305fc78b2b54aff90a4952cdb6eb", "a7c21d784caff9a2c6e1baaa77f544bd532a8fb48be0a62480c0e7278d900f3d", "d08017aa9a9b0f146c422c66b33347b35d47ee9c98b2b36aad4554356043ec10"], "host": "z-p42-instagram[.]c10r[.]facebook[.]com"}, {"hashes": ["271ea89850fffcb08deab3cc8296bcbeb144603e77280847a89504678f40a102", "3e30d8161b24b957254b37d23c34c045e90bc4d8aa0475dc479cc1985f4d0e47", "563bbef37b9b7578a75170ee0a05e3655a1f97ed5df3882c229ef1b4f375c16d", "59baffc524a5e9853bd26cfb3272d3b3bcb50c4a84002e4853affbf2855e584d", "61e0604d33d33b189d984da00e393472b328233c41af921f8b14eab9b928d4b8", "6308ca8901f9d0ec5dcf5831c0b016b1992535a05977949ddfa67a66b09470c4", "7b782d02e6ff6d56139663c74b03e57f517b305fc78b2b54aff90a4952cdb6eb", "a7c21d784caff9a2c6e1baaa77f544bd532a8fb48be0a62480c0e7278d900f3d", "d08017aa9a9b0f146c422c66b33347b35d47ee9c98b2b36aad4554356043ec10"], "host": "www[.]instagram[.]com"}, {"hashes": ["1c7901421275b33dbae9698ac798a8fdcc4999fdbd04bcd8d221c70fb75c91ae", "3e30d8161b24b957254b37d23c34c045e90bc4d8aa0475dc479cc1985f4d0e47", "563bbef37b9b7578a75170ee0a05e3655a1f97ed5df3882c229ef1b4f375c16d", "59baffc524a5e9853bd26cfb3272d3b3bcb50c4a84002e4853affbf2855e584d", "6308ca8901f9d0ec5dcf5831c0b016b1992535a05977949ddfa67a66b09470c4", "7b782d02e6ff6d56139663c74b03e57f517b305fc78b2b54aff90a4952cdb6eb", "d08017aa9a9b0f146c422c66b33347b35d47ee9c98b2b36aad4554356043ec10", "eaf4c97da44d07dacf2f639e845bcdfa869cd09f1a069ba16f3f99954c245419"], "host": "www[.]google[.]fr"}, {"hashes": ["271ea89850fffcb08deab3cc8296bcbeb144603e77280847a89504678f40a102", "3e30d8161b24b957254b37d23c34c045e90bc4d8aa0475dc479cc1985f4d0e47", "563bbef37b9b7578a75170ee0a05e3655a1f97ed5df3882c229ef1b4f375c16d", "59baffc524a5e9853bd26cfb3272d3b3bcb50c4a84002e4853affbf2855e584d", "61e0604d33d33b189d984da00e393472b328233c41af921f8b14eab9b928d4b8", "6308ca8901f9d0ec5dcf5831c0b016b1992535a05977949ddfa67a66b09470c4", "a7c21d784caff9a2c6e1baaa77f544bd532a8fb48be0a62480c0e7278d900f3d"], "host": "market[.]yandex[.]ru"}, {"hashes": ["271ea89850fffcb08deab3cc8296bcbeb144603e77280847a89504678f40a102", "3e30d8161b24b957254b37d23c34c045e90bc4d8aa0475dc479cc1985f4d0e47", "59baffc524a5e9853bd26cfb3272d3b3bcb50c4a84002e4853affbf2855e584d", "61e0604d33d33b189d984da00e393472b328233c41af921f8b14eab9b928d4b8", "6308ca8901f9d0ec5dcf5831c0b016b1992535a05977949ddfa67a66b09470c4", "d08017aa9a9b0f146c422c66b33347b35d47ee9c98b2b36aad4554356043ec10"], "host": "api[.]sendspace[.]com"}, {"hashes": ["1c7901421275b33dbae9698ac798a8fdcc4999fdbd04bcd8d221c70fb75c91ae", "563bbef37b9b7578a75170ee0a05e3655a1f97ed5df3882c229ef1b4f375c16d", "59baffc524a5e9853bd26cfb3272d3b3bcb50c4a84002e4853affbf2855e584d", "61e0604d33d33b189d984da00e393472b328233c41af921f8b14eab9b928d4b8", "c2c35746fe97baf481b6d8cd6281a7d9542c187de80e6d2aad04f06c79841e5d", "d08017aa9a9b0f146c422c66b33347b35d47ee9c98b2b36aad4554356043ec10"], "host": "app[.]snapchat[.]com"}, {"hashes": ["1c7901421275b33dbae9698ac798a8fdcc4999fdbd04bcd8d221c70fb75c91ae", "563bbef37b9b7578a75170ee0a05e3655a1f97ed5df3882c229ef1b4f375c16d", "59baffc524a5e9853bd26cfb3272d3b3bcb50c4a84002e4853affbf2855e584d", "7b782d02e6ff6d56139663c74b03e57f517b305fc78b2b54aff90a4952cdb6eb", "d08017aa9a9b0f146c422c66b33347b35d47ee9c98b2b36aad4554356043ec10"], "host": "work[.]a-poster[.]info"}, {"hashes": ["59baffc524a5e9853bd26cfb3272d3b3bcb50c4a84002e4853affbf2855e584d", "61e0604d33d33b189d984da00e393472b328233c41af921f8b14eab9b928d4b8", "7b782d02e6ff6d56139663c74b03e57f517b305fc78b2b54aff90a4952cdb6eb", "a7c21d784caff9a2c6e1baaa77f544bd532a8fb48be0a62480c0e7278d900f3d", "d08017aa9a9b0f146c422c66b33347b35d47ee9c98b2b36aad4554356043ec10"], "host": "alt3[.]gmail-smtp-in[.]l[.]google[.]com"}, {"hashes": ["271ea89850fffcb08deab3cc8296bcbeb144603e77280847a89504678f40a102", "59baffc524a5e9853bd26cfb3272d3b3bcb50c4a84002e4853affbf2855e584d", "c2c35746fe97baf481b6d8cd6281a7d9542c187de80e6d2aad04f06c79841e5d", "d08017aa9a9b0f146c422c66b33347b35d47ee9c98b2b36aad4554356043ec10"], "host": "ip[.]pr-cy[.]hacklix[.]com"}, {"hashes": ["271ea89850fffcb08deab3cc8296bcbeb144603e77280847a89504678f40a102", "3e30d8161b24b957254b37d23c34c045e90bc4d8aa0475dc479cc1985f4d0e47", "61e0604d33d33b189d984da00e393472b328233c41af921f8b14eab9b928d4b8", "d08017aa9a9b0f146c422c66b33347b35d47ee9c98b2b36aad4554356043ec10"], "host": "www[.]amazon[.]com"}, {"hashes": ["271ea89850fffcb08deab3cc8296bcbeb144603e77280847a89504678f40a102", "3e30d8161b24b957254b37d23c34c045e90bc4d8aa0475dc479cc1985f4d0e47", "7b782d02e6ff6d56139663c74b03e57f517b305fc78b2b54aff90a4952cdb6eb", "d08017aa9a9b0f146c422c66b33347b35d47ee9c98b2b36aad4554356043ec10"], "host": "118[.]151[.]167[.]12[.]in-addr[.]arpa"}, {"hashes": ["271ea89850fffcb08deab3cc8296bcbeb144603e77280847a89504678f40a102", "61e0604d33d33b189d984da00e393472b328233c41af921f8b14eab9b928d4b8", "7b782d02e6ff6d56139663c74b03e57f517b305fc78b2b54aff90a4952cdb6eb"], "host": "e15316[.]e22[.]akamaiedge[.]net"}, {"hashes": ["271ea89850fffcb08deab3cc8296bcbeb144603e77280847a89504678f40a102", "7b782d02e6ff6d56139663c74b03e57f517b305fc78b2b54aff90a4952cdb6eb", "d08017aa9a9b0f146c422c66b33347b35d47ee9c98b2b36aad4554356043ec10"], "host": "gmail-smtp-in[.]l[.]google[.]com"}, {"hashes": ["271ea89850fffcb08deab3cc8296bcbeb144603e77280847a89504678f40a102", "61e0604d33d33b189d984da00e393472b328233c41af921f8b14eab9b928d4b8", "d08017aa9a9b0f146c422c66b33347b35d47ee9c98b2b36aad4554356043ec10"], "host": "amazon[.]com"}, {"hashes": ["3e30d8161b24b957254b37d23c34c045e90bc4d8aa0475dc479cc1985f4d0e47", "563bbef37b9b7578a75170ee0a05e3655a1f97ed5df3882c229ef1b4f375c16d", "a7c21d784caff9a2c6e1baaa77f544bd532a8fb48be0a62480c0e7278d900f3d"], "host": "feelinsonice[.]l[.]google[.]com"}, {"hashes": ["1c7901421275b33dbae9698ac798a8fdcc4999fdbd04bcd8d221c70fb75c91ae", "59baffc524a5e9853bd26cfb3272d3b3bcb50c4a84002e4853affbf2855e584d", "c2c35746fe97baf481b6d8cd6281a7d9542c187de80e6d2aad04f06c79841e5d"], "host": "alt1[.]gmail-smtp-in[.]l[.]google[.]com"}, {"hashes": ["563bbef37b9b7578a75170ee0a05e3655a1f97ed5df3882c229ef1b4f375c16d", "61e0604d33d33b189d984da00e393472b328233c41af921f8b14eab9b928d4b8"], "host": "116[.]151[.]167[.]12[.]in-addr[.]arpa"}, {"hashes": ["59baffc524a5e9853bd26cfb3272d3b3bcb50c4a84002e4853affbf2855e584d", "7b782d02e6ff6d56139663c74b03e57f517b305fc78b2b54aff90a4952cdb6eb"], "host": "www[.]google[.]co[.]uk"}, {"hashes": ["6308ca8901f9d0ec5dcf5831c0b016b1992535a05977949ddfa67a66b09470c4", "a7c21d784caff9a2c6e1baaa77f544bd532a8fb48be0a62480c0e7278d900f3d"], "host": "115[.]151[.]167[.]12[.]in-addr[.]arpa"}, {"hashes": ["59baffc524a5e9853bd26cfb3272d3b3bcb50c4a84002e4853affbf2855e584d", "eaf4c97da44d07dacf2f639e845bcdfa869cd09f1a069ba16f3f99954c245419"], "host": "119[.]151[.]167[.]12[.]in-addr[.]arpa"}, {"hashes": ["a7c21d784caff9a2c6e1baaa77f544bd532a8fb48be0a62480c0e7278d900f3d", "d08017aa9a9b0f146c422c66b33347b35d47ee9c98b2b36aad4554356043ec10"], "host": "d3ag4hukkh62yn[.]cloudfront[.]net"}, {"hashes": ["271ea89850fffcb08deab3cc8296bcbeb144603e77280847a89504678f40a102", "6308ca8901f9d0ec5dcf5831c0b016b1992535a05977949ddfa67a66b09470c4"], "host": "signup[.]live[.]com"}, {"hashes": ["59baffc524a5e9853bd26cfb3272d3b3bcb50c4a84002e4853affbf2855e584d", "6308ca8901f9d0ec5dcf5831c0b016b1992535a05977949ddfa67a66b09470c4"], "host": "www[.]amazon[.]ae"}, {"hashes": ["271ea89850fffcb08deab3cc8296bcbeb144603e77280847a89504678f40a102", "59baffc524a5e9853bd26cfb3272d3b3bcb50c4a84002e4853affbf2855e584d"], "host": "www[.]kickz[.]com"}, {"hashes": ["59baffc524a5e9853bd26cfb3272d3b3bcb50c4a84002e4853affbf2855e584d"], "host": "www[.]luisaviaroma[.]com"}, {"hashes": ["59baffc524a5e9853bd26cfb3272d3b3bcb50c4a84002e4853affbf2855e584d"], "host": "alt2[.]gmail-smtp-in[.]l[.]google[.]com"}, {"hashes": ["7b782d02e6ff6d56139663c74b03e57f517b305fc78b2b54aff90a4952cdb6eb"], "host": "login[.]live[.]com"}, {"hashes": ["7b782d02e6ff6d56139663c74b03e57f517b305fc78b2b54aff90a4952cdb6eb"], "host": "lumtest[.]com"}, {"hashes": ["6308ca8901f9d0ec5dcf5831c0b016b1992535a05977949ddfa67a66b09470c4"], "host": "alt4[.]gmail-smtp-in[.]l[.]google[.]com"}, {"hashes": ["d08017aa9a9b0f146c422c66b33347b35d47ee9c98b2b36aad4554356043ec10"], "host": "smtp[.]nyshcr[.]org"}, {"hashes": ["d08017aa9a9b0f146c422c66b33347b35d47ee9c98b2b36aad4554356043ec10"], "host": "mx[.]nyshcr[.]org"}, {"hashes": ["d08017aa9a9b0f146c422c66b33347b35d47ee9c98b2b36aad4554356043ec10"], "host": "smtpauth[.]nyshcr[.]org"}], "file": [{"hashes": ["1c7901421275b33dbae9698ac798a8fdcc4999fdbd04bcd8d221c70fb75c91ae", "271ea89850fffcb08deab3cc8296bcbeb144603e77280847a89504678f40a102", "3e30d8161b24b957254b37d23c34c045e90bc4d8aa0475dc479cc1985f4d0e47", "563bbef37b9b7578a75170ee0a05e3655a1f97ed5df3882c229ef1b4f375c16d", "59baffc524a5e9853bd26cfb3272d3b3bcb50c4a84002e4853affbf2855e584d", "61e0604d33d33b189d984da00e393472b328233c41af921f8b14eab9b928d4b8", "6308ca8901f9d0ec5dcf5831c0b016b1992535a05977949ddfa67a66b09470c4", "7b782d02e6ff6d56139663c74b03e57f517b305fc78b2b54aff90a4952cdb6eb", "a7c21d784caff9a2c6e1baaa77f544bd532a8fb48be0a62480c0e7278d900f3d", "c2c35746fe97baf481b6d8cd6281a7d9542c187de80e6d2aad04f06c79841e5d", "d08017aa9a9b0f146c422c66b33347b35d47ee9c98b2b36aad4554356043ec10", "eaf4c97da44d07dacf2f639e845bcdfa869cd09f1a069ba16f3f99954c245419"], "path": "%SystemRoot%\\SysWOW64\\config\\systemprofile"}, {"hashes": ["1c7901421275b33dbae9698ac798a8fdcc4999fdbd04bcd8d221c70fb75c91ae", "271ea89850fffcb08deab3cc8296bcbeb144603e77280847a89504678f40a102", "3e30d8161b24b957254b37d23c34c045e90bc4d8aa0475dc479cc1985f4d0e47", "563bbef37b9b7578a75170ee0a05e3655a1f97ed5df3882c229ef1b4f375c16d", "59baffc524a5e9853bd26cfb3272d3b3bcb50c4a84002e4853affbf2855e584d", "61e0604d33d33b189d984da00e393472b328233c41af921f8b14eab9b928d4b8", "6308ca8901f9d0ec5dcf5831c0b016b1992535a05977949ddfa67a66b09470c4", "7b782d02e6ff6d56139663c74b03e57f517b305fc78b2b54aff90a4952cdb6eb", "a7c21d784caff9a2c6e1baaa77f544bd532a8fb48be0a62480c0e7278d900f3d", "c2c35746fe97baf481b6d8cd6281a7d9542c187de80e6d2aad04f06c79841e5d", "d08017aa9a9b0f146c422c66b33347b35d47ee9c98b2b36aad4554356043ec10", "eaf4c97da44d07dacf2f639e845bcdfa869cd09f1a069ba16f3f99954c245419"], "path": "%SystemRoot%\\SysWOW64\\config\\systemprofile:.repos"}, {"hashes": ["1c7901421275b33dbae9698ac798a8fdcc4999fdbd04bcd8d221c70fb75c91ae", "271ea89850fffcb08deab3cc8296bcbeb144603e77280847a89504678f40a102", "3e30d8161b24b957254b37d23c34c045e90bc4d8aa0475dc479cc1985f4d0e47", "563bbef37b9b7578a75170ee0a05e3655a1f97ed5df3882c229ef1b4f375c16d", "59baffc524a5e9853bd26cfb3272d3b3bcb50c4a84002e4853affbf2855e584d", "61e0604d33d33b189d984da00e393472b328233c41af921f8b14eab9b928d4b8", "6308ca8901f9d0ec5dcf5831c0b016b1992535a05977949ddfa67a66b09470c4", "7b782d02e6ff6d56139663c74b03e57f517b305fc78b2b54aff90a4952cdb6eb", "a7c21d784caff9a2c6e1baaa77f544bd532a8fb48be0a62480c0e7278d900f3d", "c2c35746fe97baf481b6d8cd6281a7d9542c187de80e6d2aad04f06c79841e5d", "d08017aa9a9b0f146c422c66b33347b35d47ee9c98b2b36aad4554356043ec10", "eaf4c97da44d07dacf2f639e845bcdfa869cd09f1a069ba16f3f99954c245419"], "path": "%SystemRoot%\\SysWOW64\\<random, matching '[a-z]{8}'>"}, {"hashes": ["1c7901421275b33dbae9698ac798a8fdcc4999fdbd04bcd8d221c70fb75c91ae", "271ea89850fffcb08deab3cc8296bcbeb144603e77280847a89504678f40a102", "3e30d8161b24b957254b37d23c34c045e90bc4d8aa0475dc479cc1985f4d0e47", "563bbef37b9b7578a75170ee0a05e3655a1f97ed5df3882c229ef1b4f375c16d", "59baffc524a5e9853bd26cfb3272d3b3bcb50c4a84002e4853affbf2855e584d", "61e0604d33d33b189d984da00e393472b328233c41af921f8b14eab9b928d4b8", "6308ca8901f9d0ec5dcf5831c0b016b1992535a05977949ddfa67a66b09470c4", "7b782d02e6ff6d56139663c74b03e57f517b305fc78b2b54aff90a4952cdb6eb", "a7c21d784caff9a2c6e1baaa77f544bd532a8fb48be0a62480c0e7278d900f3d", "c2c35746fe97baf481b6d8cd6281a7d9542c187de80e6d2aad04f06c79841e5d", "d08017aa9a9b0f146c422c66b33347b35d47ee9c98b2b36aad4554356043ec10", "eaf4c97da44d07dacf2f639e845bcdfa869cd09f1a069ba16f3f99954c245419"], "path": "%System32%\\config\\systemprofile:.repos"}, {"hashes": ["1c7901421275b33dbae9698ac798a8fdcc4999fdbd04bcd8d221c70fb75c91ae", "271ea89850fffcb08deab3cc8296bcbeb144603e77280847a89504678f40a102", "3e30d8161b24b957254b37d23c34c045e90bc4d8aa0475dc479cc1985f4d0e47", "563bbef37b9b7578a75170ee0a05e3655a1f97ed5df3882c229ef1b4f375c16d", "59baffc524a5e9853bd26cfb3272d3b3bcb50c4a84002e4853affbf2855e584d", "61e0604d33d33b189d984da00e393472b328233c41af921f8b14eab9b928d4b8", "6308ca8901f9d0ec5dcf5831c0b016b1992535a05977949ddfa67a66b09470c4", "7b782d02e6ff6d56139663c74b03e57f517b305fc78b2b54aff90a4952cdb6eb", "a7c21d784caff9a2c6e1baaa77f544bd532a8fb48be0a62480c0e7278d900f3d", "c2c35746fe97baf481b6d8cd6281a7d9542c187de80e6d2aad04f06c79841e5d", "d08017aa9a9b0f146c422c66b33347b35d47ee9c98b2b36aad4554356043ec10", "eaf4c97da44d07dacf2f639e845bcdfa869cd09f1a069ba16f3f99954c245419"], "path": "%TEMP%\\<random, matching '[a-z]{8}'>.exe"}, {"hashes": ["1c7901421275b33dbae9698ac798a8fdcc4999fdbd04bcd8d221c70fb75c91ae", "271ea89850fffcb08deab3cc8296bcbeb144603e77280847a89504678f40a102", "3e30d8161b24b957254b37d23c34c045e90bc4d8aa0475dc479cc1985f4d0e47", "563bbef37b9b7578a75170ee0a05e3655a1f97ed5df3882c229ef1b4f375c16d", "59baffc524a5e9853bd26cfb3272d3b3bcb50c4a84002e4853affbf2855e584d", "61e0604d33d33b189d984da00e393472b328233c41af921f8b14eab9b928d4b8", "6308ca8901f9d0ec5dcf5831c0b016b1992535a05977949ddfa67a66b09470c4", "7b782d02e6ff6d56139663c74b03e57f517b305fc78b2b54aff90a4952cdb6eb", "a7c21d784caff9a2c6e1baaa77f544bd532a8fb48be0a62480c0e7278d900f3d", "c2c35746fe97baf481b6d8cd6281a7d9542c187de80e6d2aad04f06c79841e5d", "d08017aa9a9b0f146c422c66b33347b35d47ee9c98b2b36aad4554356043ec10", "eaf4c97da44d07dacf2f639e845bcdfa869cd09f1a069ba16f3f99954c245419"], "path": "%System32%\\<random, matching '[a-z]{8}\\[a-z]{6,8}'>.exe (copy)"}, {"hashes": ["c2c35746fe97baf481b6d8cd6281a7d9542c187de80e6d2aad04f06c79841e5d"], "path": "%TEMP%\\jlgmfsc.exe"}, {"hashes": ["eaf4c97da44d07dacf2f639e845bcdfa869cd09f1a069ba16f3f99954c245419"], "path": "%TEMP%\\rtounak.exe"}, {"hashes": ["1c7901421275b33dbae9698ac798a8fdcc4999fdbd04bcd8d221c70fb75c91ae"], "path": "%TEMP%\\vxsyreo.exe"}], "ip": [{"hashes": ["1c7901421275b33dbae9698ac798a8fdcc4999fdbd04bcd8d221c70fb75c91ae", "271ea89850fffcb08deab3cc8296bcbeb144603e77280847a89504678f40a102", "3e30d8161b24b957254b37d23c34c045e90bc4d8aa0475dc479cc1985f4d0e47", "563bbef37b9b7578a75170ee0a05e3655a1f97ed5df3882c229ef1b4f375c16d", "59baffc524a5e9853bd26cfb3272d3b3bcb50c4a84002e4853affbf2855e584d", "61e0604d33d33b189d984da00e393472b328233c41af921f8b14eab9b928d4b8", "6308ca8901f9d0ec5dcf5831c0b016b1992535a05977949ddfa67a66b09470c4", "7b782d02e6ff6d56139663c74b03e57f517b305fc78b2b54aff90a4952cdb6eb", "c2c35746fe97baf481b6d8cd6281a7d9542c187de80e6d2aad04f06c79841e5d", "d08017aa9a9b0f146c422c66b33347b35d47ee9c98b2b36aad4554356043ec10", "eaf4c97da44d07dacf2f639e845bcdfa869cd09f1a069ba16f3f99954c245419"], "ip": "157[.]240[.]18[.]174"}, {"hashes": ["1c7901421275b33dbae9698ac798a8fdcc4999fdbd04bcd8d221c70fb75c91ae", "271ea89850fffcb08deab3cc8296bcbeb144603e77280847a89504678f40a102", "3e30d8161b24b957254b37d23c34c045e90bc4d8aa0475dc479cc1985f4d0e47", "563bbef37b9b7578a75170ee0a05e3655a1f97ed5df3882c229ef1b4f375c16d", "6308ca8901f9d0ec5dcf5831c0b016b1992535a05977949ddfa67a66b09470c4", "7b782d02e6ff6d56139663c74b03e57f517b305fc78b2b54aff90a4952cdb6eb", "a7c21d784caff9a2c6e1baaa77f544bd532a8fb48be0a62480c0e7278d900f3d", "c2c35746fe97baf481b6d8cd6281a7d9542c187de80e6d2aad04f06c79841e5d", "d08017aa9a9b0f146c422c66b33347b35d47ee9c98b2b36aad4554356043ec10", "eaf4c97da44d07dacf2f639e845bcdfa869cd09f1a069ba16f3f99954c245419"], "ip": "172[.]217[.]12[.]132"}, {"hashes": ["271ea89850fffcb08deab3cc8296bcbeb144603e77280847a89504678f40a102", "3e30d8161b24b957254b37d23c34c045e90bc4d8aa0475dc479cc1985f4d0e47", "563bbef37b9b7578a75170ee0a05e3655a1f97ed5df3882c229ef1b4f375c16d", "59baffc524a5e9853bd26cfb3272d3b3bcb50c4a84002e4853affbf2855e584d", "61e0604d33d33b189d984da00e393472b328233c41af921f8b14eab9b928d4b8", "6308ca8901f9d0ec5dcf5831c0b016b1992535a05977949ddfa67a66b09470c4", "7b782d02e6ff6d56139663c74b03e57f517b305fc78b2b54aff90a4952cdb6eb", "a7c21d784caff9a2c6e1baaa77f544bd532a8fb48be0a62480c0e7278d900f3d", "d08017aa9a9b0f146c422c66b33347b35d47ee9c98b2b36aad4554356043ec10", "eaf4c97da44d07dacf2f639e845bcdfa869cd09f1a069ba16f3f99954c245419"], "ip": "43[.]231[.]4[.]7"}, {"hashes": ["271ea89850fffcb08deab3cc8296bcbeb144603e77280847a89504678f40a102", "3e30d8161b24b957254b37d23c34c045e90bc4d8aa0475dc479cc1985f4d0e47", "563bbef37b9b7578a75170ee0a05e3655a1f97ed5df3882c229ef1b4f375c16d", "59baffc524a5e9853bd26cfb3272d3b3bcb50c4a84002e4853affbf2855e584d", "61e0604d33d33b189d984da00e393472b328233c41af921f8b14eab9b928d4b8", "6308ca8901f9d0ec5dcf5831c0b016b1992535a05977949ddfa67a66b09470c4", "7b782d02e6ff6d56139663c74b03e57f517b305fc78b2b54aff90a4952cdb6eb", "c2c35746fe97baf481b6d8cd6281a7d9542c187de80e6d2aad04f06c79841e5d", "d08017aa9a9b0f146c422c66b33347b35d47ee9c98b2b36aad4554356043ec10", "eaf4c97da44d07dacf2f639e845bcdfa869cd09f1a069ba16f3f99954c245419"], "ip": "67[.]195[.]204[.]72/30"}, {"hashes": ["271ea89850fffcb08deab3cc8296bcbeb144603e77280847a89504678f40a102", "3e30d8161b24b957254b37d23c34c045e90bc4d8aa0475dc479cc1985f4d0e47", "563bbef37b9b7578a75170ee0a05e3655a1f97ed5df3882c229ef1b4f375c16d", "59baffc524a5e9853bd26cfb3272d3b3bcb50c4a84002e4853affbf2855e584d", "61e0604d33d33b189d984da00e393472b328233c41af921f8b14eab9b928d4b8", "6308ca8901f9d0ec5dcf5831c0b016b1992535a05977949ddfa67a66b09470c4", "7b782d02e6ff6d56139663c74b03e57f517b305fc78b2b54aff90a4952cdb6eb", "a7c21d784caff9a2c6e1baaa77f544bd532a8fb48be0a62480c0e7278d900f3d", "d08017aa9a9b0f146c422c66b33347b35d47ee9c98b2b36aad4554356043ec10", "eaf4c97da44d07dacf2f639e845bcdfa869cd09f1a069ba16f3f99954c245419"], "ip": "5[.]9[.]72[.]48"}, {"hashes": ["271ea89850fffcb08deab3cc8296bcbeb144603e77280847a89504678f40a102", "3e30d8161b24b957254b37d23c34c045e90bc4d8aa0475dc479cc1985f4d0e47", "563bbef37b9b7578a75170ee0a05e3655a1f97ed5df3882c229ef1b4f375c16d", "59baffc524a5e9853bd26cfb3272d3b3bcb50c4a84002e4853affbf2855e584d", "61e0604d33d33b189d984da00e393472b328233c41af921f8b14eab9b928d4b8", "6308ca8901f9d0ec5dcf5831c0b016b1992535a05977949ddfa67a66b09470c4", "7b782d02e6ff6d56139663c74b03e57f517b305fc78b2b54aff90a4952cdb6eb", "a7c21d784caff9a2c6e1baaa77f544bd532a8fb48be0a62480c0e7278d900f3d", "d08017aa9a9b0f146c422c66b33347b35d47ee9c98b2b36aad4554356043ec10", "eaf4c97da44d07dacf2f639e845bcdfa869cd09f1a069ba16f3f99954c245419"], "ip": "217[.]172[.]179[.]54"}, {"hashes": ["271ea89850fffcb08deab3cc8296bcbeb144603e77280847a89504678f40a102", "3e30d8161b24b957254b37d23c34c045e90bc4d8aa0475dc479cc1985f4d0e47", "563bbef37b9b7578a75170ee0a05e3655a1f97ed5df3882c229ef1b4f375c16d", "59baffc524a5e9853bd26cfb3272d3b3bcb50c4a84002e4853affbf2855e584d", "61e0604d33d33b189d984da00e393472b328233c41af921f8b14eab9b928d4b8", "6308ca8901f9d0ec5dcf5831c0b016b1992535a05977949ddfa67a66b09470c4", "7b782d02e6ff6d56139663c74b03e57f517b305fc78b2b54aff90a4952cdb6eb", "a7c21d784caff9a2c6e1baaa77f544bd532a8fb48be0a62480c0e7278d900f3d", "d08017aa9a9b0f146c422c66b33347b35d47ee9c98b2b36aad4554356043ec10", "eaf4c97da44d07dacf2f639e845bcdfa869cd09f1a069ba16f3f99954c245419"], "ip": "130[.]0[.]232[.]208"}, {"hashes": ["271ea89850fffcb08deab3cc8296bcbeb144603e77280847a89504678f40a102", "3e30d8161b24b957254b37d23c34c045e90bc4d8aa0475dc479cc1985f4d0e47", "563bbef37b9b7578a75170ee0a05e3655a1f97ed5df3882c229ef1b4f375c16d", "59baffc524a5e9853bd26cfb3272d3b3bcb50c4a84002e4853affbf2855e584d", "61e0604d33d33b189d984da00e393472b328233c41af921f8b14eab9b928d4b8", "6308ca8901f9d0ec5dcf5831c0b016b1992535a05977949ddfa67a66b09470c4", "7b782d02e6ff6d56139663c74b03e57f517b305fc78b2b54aff90a4952cdb6eb", "a7c21d784caff9a2c6e1baaa77f544bd532a8fb48be0a62480c0e7278d900f3d", "d08017aa9a9b0f146c422c66b33347b35d47ee9c98b2b36aad4554356043ec10", "eaf4c97da44d07dacf2f639e845bcdfa869cd09f1a069ba16f3f99954c245419"], "ip": "144[.]76[.]108[.]82"}, {"hashes": ["271ea89850fffcb08deab3cc8296bcbeb144603e77280847a89504678f40a102", "3e30d8161b24b957254b37d23c34c045e90bc4d8aa0475dc479cc1985f4d0e47", "563bbef37b9b7578a75170ee0a05e3655a1f97ed5df3882c229ef1b4f375c16d", "59baffc524a5e9853bd26cfb3272d3b3bcb50c4a84002e4853affbf2855e584d", "61e0604d33d33b189d984da00e393472b328233c41af921f8b14eab9b928d4b8", "6308ca8901f9d0ec5dcf5831c0b016b1992535a05977949ddfa67a66b09470c4", "7b782d02e6ff6d56139663c74b03e57f517b305fc78b2b54aff90a4952cdb6eb", "a7c21d784caff9a2c6e1baaa77f544bd532a8fb48be0a62480c0e7278d900f3d", "d08017aa9a9b0f146c422c66b33347b35d47ee9c98b2b36aad4554356043ec10", "eaf4c97da44d07dacf2f639e845bcdfa869cd09f1a069ba16f3f99954c245419"], "ip": "185[.]253[.]217[.]20"}, {"hashes": ["271ea89850fffcb08deab3cc8296bcbeb144603e77280847a89504678f40a102", "3e30d8161b24b957254b37d23c34c045e90bc4d8aa0475dc479cc1985f4d0e47", "563bbef37b9b7578a75170ee0a05e3655a1f97ed5df3882c229ef1b4f375c16d", "59baffc524a5e9853bd26cfb3272d3b3bcb50c4a84002e4853affbf2855e584d", "61e0604d33d33b189d984da00e393472b328233c41af921f8b14eab9b928d4b8", "6308ca8901f9d0ec5dcf5831c0b016b1992535a05977949ddfa67a66b09470c4", "7b782d02e6ff6d56139663c74b03e57f517b305fc78b2b54aff90a4952cdb6eb", "a7c21d784caff9a2c6e1baaa77f544bd532a8fb48be0a62480c0e7278d900f3d", "d08017aa9a9b0f146c422c66b33347b35d47ee9c98b2b36aad4554356043ec10", "eaf4c97da44d07dacf2f639e845bcdfa869cd09f1a069ba16f3f99954c245419"], "ip": "45[.]90[.]34[.]87"}, {"hashes": ["271ea89850fffcb08deab3cc8296bcbeb144603e77280847a89504678f40a102", "3e30d8161b24b957254b37d23c34c045e90bc4d8aa0475dc479cc1985f4d0e47", "563bbef37b9b7578a75170ee0a05e3655a1f97ed5df3882c229ef1b4f375c16d", "59baffc524a5e9853bd26cfb3272d3b3bcb50c4a84002e4853affbf2855e584d", "61e0604d33d33b189d984da00e393472b328233c41af921f8b14eab9b928d4b8", "6308ca8901f9d0ec5dcf5831c0b016b1992535a05977949ddfa67a66b09470c4", "7b782d02e6ff6d56139663c74b03e57f517b305fc78b2b54aff90a4952cdb6eb", "a7c21d784caff9a2c6e1baaa77f544bd532a8fb48be0a62480c0e7278d900f3d", "d08017aa9a9b0f146c422c66b33347b35d47ee9c98b2b36aad4554356043ec10", "eaf4c97da44d07dacf2f639e845bcdfa869cd09f1a069ba16f3f99954c245419"], "ip": "185[.]254[.]190[.]218"}, {"hashes": ["271ea89850fffcb08deab3cc8296bcbeb144603e77280847a89504678f40a102", "3e30d8161b24b957254b37d23c34c045e90bc4d8aa0475dc479cc1985f4d0e47", "563bbef37b9b7578a75170ee0a05e3655a1f97ed5df3882c229ef1b4f375c16d", "59baffc524a5e9853bd26cfb3272d3b3bcb50c4a84002e4853affbf2855e584d", "61e0604d33d33b189d984da00e393472b328233c41af921f8b14eab9b928d4b8", "6308ca8901f9d0ec5dcf5831c0b016b1992535a05977949ddfa67a66b09470c4", "7b782d02e6ff6d56139663c74b03e57f517b305fc78b2b54aff90a4952cdb6eb", "a7c21d784caff9a2c6e1baaa77f544bd532a8fb48be0a62480c0e7278d900f3d", "d08017aa9a9b0f146c422c66b33347b35d47ee9c98b2b36aad4554356043ec10", "eaf4c97da44d07dacf2f639e845bcdfa869cd09f1a069ba16f3f99954c245419"], "ip": "176[.]9[.]119[.]47"}, {"hashes": ["271ea89850fffcb08deab3cc8296bcbeb144603e77280847a89504678f40a102", "3e30d8161b24b957254b37d23c34c045e90bc4d8aa0475dc479cc1985f4d0e47", "563bbef37b9b7578a75170ee0a05e3655a1f97ed5df3882c229ef1b4f375c16d", "59baffc524a5e9853bd26cfb3272d3b3bcb50c4a84002e4853affbf2855e584d", "61e0604d33d33b189d984da00e393472b328233c41af921f8b14eab9b928d4b8", "6308ca8901f9d0ec5dcf5831c0b016b1992535a05977949ddfa67a66b09470c4", "7b782d02e6ff6d56139663c74b03e57f517b305fc78b2b54aff90a4952cdb6eb", "a7c21d784caff9a2c6e1baaa77f544bd532a8fb48be0a62480c0e7278d900f3d", "d08017aa9a9b0f146c422c66b33347b35d47ee9c98b2b36aad4554356043ec10"], "ip": "157[.]240[.]2[.]174"}, {"hashes": ["271ea89850fffcb08deab3cc8296bcbeb144603e77280847a89504678f40a102", "3e30d8161b24b957254b37d23c34c045e90bc4d8aa0475dc479cc1985f4d0e47", "563bbef37b9b7578a75170ee0a05e3655a1f97ed5df3882c229ef1b4f375c16d", "59baffc524a5e9853bd26cfb3272d3b3bcb50c4a84002e4853affbf2855e584d", "6308ca8901f9d0ec5dcf5831c0b016b1992535a05977949ddfa67a66b09470c4", "7b782d02e6ff6d56139663c74b03e57f517b305fc78b2b54aff90a4952cdb6eb", "a7c21d784caff9a2c6e1baaa77f544bd532a8fb48be0a62480c0e7278d900f3d", "d08017aa9a9b0f146c422c66b33347b35d47ee9c98b2b36aad4554356043ec10", "eaf4c97da44d07dacf2f639e845bcdfa869cd09f1a069ba16f3f99954c245419"], "ip": "172[.]217[.]197[.]106"}, {"hashes": ["1c7901421275b33dbae9698ac798a8fdcc4999fdbd04bcd8d221c70fb75c91ae", "3e30d8161b24b957254b37d23c34c045e90bc4d8aa0475dc479cc1985f4d0e47", "563bbef37b9b7578a75170ee0a05e3655a1f97ed5df3882c229ef1b4f375c16d", "59baffc524a5e9853bd26cfb3272d3b3bcb50c4a84002e4853affbf2855e584d", "6308ca8901f9d0ec5dcf5831c0b016b1992535a05977949ddfa67a66b09470c4", "7b782d02e6ff6d56139663c74b03e57f517b305fc78b2b54aff90a4952cdb6eb", "d08017aa9a9b0f146c422c66b33347b35d47ee9c98b2b36aad4554356043ec10", "eaf4c97da44d07dacf2f639e845bcdfa869cd09f1a069ba16f3f99954c245419"], "ip": "172[.]217[.]10[.]67"}, {"hashes": ["271ea89850fffcb08deab3cc8296bcbeb144603e77280847a89504678f40a102", "563bbef37b9b7578a75170ee0a05e3655a1f97ed5df3882c229ef1b4f375c16d", "59baffc524a5e9853bd26cfb3272d3b3bcb50c4a84002e4853affbf2855e584d", "61e0604d33d33b189d984da00e393472b328233c41af921f8b14eab9b928d4b8", "6308ca8901f9d0ec5dcf5831c0b016b1992535a05977949ddfa67a66b09470c4", "7b782d02e6ff6d56139663c74b03e57f517b305fc78b2b54aff90a4952cdb6eb", "a7c21d784caff9a2c6e1baaa77f544bd532a8fb48be0a62480c0e7278d900f3d", "eaf4c97da44d07dacf2f639e845bcdfa869cd09f1a069ba16f3f99954c245419"], "ip": "172[.]217[.]197[.]103"}, {"hashes": ["271ea89850fffcb08deab3cc8296bcbeb144603e77280847a89504678f40a102", "3e30d8161b24b957254b37d23c34c045e90bc4d8aa0475dc479cc1985f4d0e47", "59baffc524a5e9853bd26cfb3272d3b3bcb50c4a84002e4853affbf2855e584d", "61e0604d33d33b189d984da00e393472b328233c41af921f8b14eab9b928d4b8", "6308ca8901f9d0ec5dcf5831c0b016b1992535a05977949ddfa67a66b09470c4", "7b782d02e6ff6d56139663c74b03e57f517b305fc78b2b54aff90a4952cdb6eb", "d08017aa9a9b0f146c422c66b33347b35d47ee9c98b2b36aad4554356043ec10", "eaf4c97da44d07dacf2f639e845bcdfa869cd09f1a069ba16f3f99954c245419"], "ip": "172[.]217[.]197[.]147"}, {"hashes": ["271ea89850fffcb08deab3cc8296bcbeb144603e77280847a89504678f40a102", "3e30d8161b24b957254b37d23c34c045e90bc4d8aa0475dc479cc1985f4d0e47", "563bbef37b9b7578a75170ee0a05e3655a1f97ed5df3882c229ef1b4f375c16d", "59baffc524a5e9853bd26cfb3272d3b3bcb50c4a84002e4853affbf2855e584d", "6308ca8901f9d0ec5dcf5831c0b016b1992535a05977949ddfa67a66b09470c4", "7b782d02e6ff6d56139663c74b03e57f517b305fc78b2b54aff90a4952cdb6eb", "a7c21d784caff9a2c6e1baaa77f544bd532a8fb48be0a62480c0e7278d900f3d", "d08017aa9a9b0f146c422c66b33347b35d47ee9c98b2b36aad4554356043ec10"], "ip": "172[.]217[.]197[.]99"}, {"hashes": ["3e30d8161b24b957254b37d23c34c045e90bc4d8aa0475dc479cc1985f4d0e47", "61e0604d33d33b189d984da00e393472b328233c41af921f8b14eab9b928d4b8", "6308ca8901f9d0ec5dcf5831c0b016b1992535a05977949ddfa67a66b09470c4", "7b782d02e6ff6d56139663c74b03e57f517b305fc78b2b54aff90a4952cdb6eb", "c2c35746fe97baf481b6d8cd6281a7d9542c187de80e6d2aad04f06c79841e5d", "d08017aa9a9b0f146c422c66b33347b35d47ee9c98b2b36aad4554356043ec10", "eaf4c97da44d07dacf2f639e845bcdfa869cd09f1a069ba16f3f99954c245419"], "ip": "212[.]227[.]15[.]17"}, {"hashes": ["563bbef37b9b7578a75170ee0a05e3655a1f97ed5df3882c229ef1b4f375c16d", "59baffc524a5e9853bd26cfb3272d3b3bcb50c4a84002e4853affbf2855e584d", "6308ca8901f9d0ec5dcf5831c0b016b1992535a05977949ddfa67a66b09470c4", "7b782d02e6ff6d56139663c74b03e57f517b305fc78b2b54aff90a4952cdb6eb", "a7c21d784caff9a2c6e1baaa77f544bd532a8fb48be0a62480c0e7278d900f3d", "c2c35746fe97baf481b6d8cd6281a7d9542c187de80e6d2aad04f06c79841e5d", "eaf4c97da44d07dacf2f639e845bcdfa869cd09f1a069ba16f3f99954c245419"], "ip": "213[.]209[.]1[.]129"}, {"hashes": ["271ea89850fffcb08deab3cc8296bcbeb144603e77280847a89504678f40a102", "59baffc524a5e9853bd26cfb3272d3b3bcb50c4a84002e4853affbf2855e584d", "61e0604d33d33b189d984da00e393472b328233c41af921f8b14eab9b928d4b8", "6308ca8901f9d0ec5dcf5831c0b016b1992535a05977949ddfa67a66b09470c4", "7b782d02e6ff6d56139663c74b03e57f517b305fc78b2b54aff90a4952cdb6eb", "d08017aa9a9b0f146c422c66b33347b35d47ee9c98b2b36aad4554356043ec10", "eaf4c97da44d07dacf2f639e845bcdfa869cd09f1a069ba16f3f99954c245419"], "ip": "203[.]36[.]172[.]106"}, {"hashes": ["271ea89850fffcb08deab3cc8296bcbeb144603e77280847a89504678f40a102", "3e30d8161b24b957254b37d23c34c045e90bc4d8aa0475dc479cc1985f4d0e47", "563bbef37b9b7578a75170ee0a05e3655a1f97ed5df3882c229ef1b4f375c16d", "59baffc524a5e9853bd26cfb3272d3b3bcb50c4a84002e4853affbf2855e584d", "61e0604d33d33b189d984da00e393472b328233c41af921f8b14eab9b928d4b8", "6308ca8901f9d0ec5dcf5831c0b016b1992535a05977949ddfa67a66b09470c4", "a7c21d784caff9a2c6e1baaa77f544bd532a8fb48be0a62480c0e7278d900f3d"], "ip": "87[.]250[.]250[.]22"}, {"hashes": ["59baffc524a5e9853bd26cfb3272d3b3bcb50c4a84002e4853affbf2855e584d", "61e0604d33d33b189d984da00e393472b328233c41af921f8b14eab9b928d4b8", "7b782d02e6ff6d56139663c74b03e57f517b305fc78b2b54aff90a4952cdb6eb", "a7c21d784caff9a2c6e1baaa77f544bd532a8fb48be0a62480c0e7278d900f3d", "c2c35746fe97baf481b6d8cd6281a7d9542c187de80e6d2aad04f06c79841e5d", "d08017aa9a9b0f146c422c66b33347b35d47ee9c98b2b36aad4554356043ec10", "eaf4c97da44d07dacf2f639e845bcdfa869cd09f1a069ba16f3f99954c245419"], "ip": "74[.]125[.]71[.]26/31"}, {"hashes": ["271ea89850fffcb08deab3cc8296bcbeb144603e77280847a89504678f40a102", "563bbef37b9b7578a75170ee0a05e3655a1f97ed5df3882c229ef1b4f375c16d", "59baffc524a5e9853bd26cfb3272d3b3bcb50c4a84002e4853affbf2855e584d", "61e0604d33d33b189d984da00e393472b328233c41af921f8b14eab9b928d4b8", "6308ca8901f9d0ec5dcf5831c0b016b1992535a05977949ddfa67a66b09470c4", "d08017aa9a9b0f146c422c66b33347b35d47ee9c98b2b36aad4554356043ec10", "eaf4c97da44d07dacf2f639e845bcdfa869cd09f1a069ba16f3f99954c245419"], "ip": "194[.]25[.]134[.]8/31"}, {"hashes": ["271ea89850fffcb08deab3cc8296bcbeb144603e77280847a89504678f40a102", "59baffc524a5e9853bd26cfb3272d3b3bcb50c4a84002e4853affbf2855e584d", "6308ca8901f9d0ec5dcf5831c0b016b1992535a05977949ddfa67a66b09470c4", "a7c21d784caff9a2c6e1baaa77f544bd532a8fb48be0a62480c0e7278d900f3d", "c2c35746fe97baf481b6d8cd6281a7d9542c187de80e6d2aad04f06c79841e5d", "d08017aa9a9b0f146c422c66b33347b35d47ee9c98b2b36aad4554356043ec10", "eaf4c97da44d07dacf2f639e845bcdfa869cd09f1a069ba16f3f99954c245419"], "ip": "209[.]85[.]233[.]26/31"}, {"hashes": ["271ea89850fffcb08deab3cc8296bcbeb144603e77280847a89504678f40a102", "3e30d8161b24b957254b37d23c34c045e90bc4d8aa0475dc479cc1985f4d0e47", "563bbef37b9b7578a75170ee0a05e3655a1f97ed5df3882c229ef1b4f375c16d", "c2c35746fe97baf481b6d8cd6281a7d9542c187de80e6d2aad04f06c79841e5d", "d08017aa9a9b0f146c422c66b33347b35d47ee9c98b2b36aad4554356043ec10", "eaf4c97da44d07dacf2f639e845bcdfa869cd09f1a069ba16f3f99954c245419"], "ip": "35[.]162[.]106[.]154"}, {"hashes": ["1c7901421275b33dbae9698ac798a8fdcc4999fdbd04bcd8d221c70fb75c91ae", "563bbef37b9b7578a75170ee0a05e3655a1f97ed5df3882c229ef1b4f375c16d", "59baffc524a5e9853bd26cfb3272d3b3bcb50c4a84002e4853affbf2855e584d", "61e0604d33d33b189d984da00e393472b328233c41af921f8b14eab9b928d4b8", "c2c35746fe97baf481b6d8cd6281a7d9542c187de80e6d2aad04f06c79841e5d", "d08017aa9a9b0f146c422c66b33347b35d47ee9c98b2b36aad4554356043ec10"], "ip": "216[.]239[.]36[.]126"}, {"hashes": ["271ea89850fffcb08deab3cc8296bcbeb144603e77280847a89504678f40a102", "3e30d8161b24b957254b37d23c34c045e90bc4d8aa0475dc479cc1985f4d0e47", "61e0604d33d33b189d984da00e393472b328233c41af921f8b14eab9b928d4b8", "c2c35746fe97baf481b6d8cd6281a7d9542c187de80e6d2aad04f06c79841e5d", "d08017aa9a9b0f146c422c66b33347b35d47ee9c98b2b36aad4554356043ec10", "eaf4c97da44d07dacf2f639e845bcdfa869cd09f1a069ba16f3f99954c245419"], "ip": "142[.]250[.]4[.]26/31"}, {"hashes": ["271ea89850fffcb08deab3cc8296bcbeb144603e77280847a89504678f40a102", "563bbef37b9b7578a75170ee0a05e3655a1f97ed5df3882c229ef1b4f375c16d", "61e0604d33d33b189d984da00e393472b328233c41af921f8b14eab9b928d4b8", "6308ca8901f9d0ec5dcf5831c0b016b1992535a05977949ddfa67a66b09470c4", "a7c21d784caff9a2c6e1baaa77f544bd532a8fb48be0a62480c0e7278d900f3d", "eaf4c97da44d07dacf2f639e845bcdfa869cd09f1a069ba16f3f99954c245419"], "ip": "172[.]217[.]197[.]104/31"}, {"hashes": ["271ea89850fffcb08deab3cc8296bcbeb144603e77280847a89504678f40a102", "3e30d8161b24b957254b37d23c34c045e90bc4d8aa0475dc479cc1985f4d0e47", "59baffc524a5e9853bd26cfb3272d3b3bcb50c4a84002e4853affbf2855e584d", "d08017aa9a9b0f146c422c66b33347b35d47ee9c98b2b36aad4554356043ec10", "eaf4c97da44d07dacf2f639e845bcdfa869cd09f1a069ba16f3f99954c245419"], "ip": "104[.]47[.]37[.]33"}, {"hashes": ["3e30d8161b24b957254b37d23c34c045e90bc4d8aa0475dc479cc1985f4d0e47", "59baffc524a5e9853bd26cfb3272d3b3bcb50c4a84002e4853affbf2855e584d", "6308ca8901f9d0ec5dcf5831c0b016b1992535a05977949ddfa67a66b09470c4", "7b782d02e6ff6d56139663c74b03e57f517b305fc78b2b54aff90a4952cdb6eb", "c2c35746fe97baf481b6d8cd6281a7d9542c187de80e6d2aad04f06c79841e5d"], "ip": "104[.]70[.]85[.]16"}, {"hashes": ["271ea89850fffcb08deab3cc8296bcbeb144603e77280847a89504678f40a102", "3e30d8161b24b957254b37d23c34c045e90bc4d8aa0475dc479cc1985f4d0e47", "59baffc524a5e9853bd26cfb3272d3b3bcb50c4a84002e4853affbf2855e584d", "d08017aa9a9b0f146c422c66b33347b35d47ee9c98b2b36aad4554356043ec10"], "ip": "67[.]195[.]228[.]94"}, {"hashes": ["1c7901421275b33dbae9698ac798a8fdcc4999fdbd04bcd8d221c70fb75c91ae", "563bbef37b9b7578a75170ee0a05e3655a1f97ed5df3882c229ef1b4f375c16d", "59baffc524a5e9853bd26cfb3272d3b3bcb50c4a84002e4853affbf2855e584d", "c2c35746fe97baf481b6d8cd6281a7d9542c187de80e6d2aad04f06c79841e5d"], "ip": "64[.]233[.]186[.]26/31"}, {"hashes": ["3e30d8161b24b957254b37d23c34c045e90bc4d8aa0475dc479cc1985f4d0e47", "6308ca8901f9d0ec5dcf5831c0b016b1992535a05977949ddfa67a66b09470c4", "d08017aa9a9b0f146c422c66b33347b35d47ee9c98b2b36aad4554356043ec10", "eaf4c97da44d07dacf2f639e845bcdfa869cd09f1a069ba16f3f99954c245419"], "ip": "194[.]25[.]134[.]72/31"}, {"hashes": ["271ea89850fffcb08deab3cc8296bcbeb144603e77280847a89504678f40a102", "6308ca8901f9d0ec5dcf5831c0b016b1992535a05977949ddfa67a66b09470c4", "7b782d02e6ff6d56139663c74b03e57f517b305fc78b2b54aff90a4952cdb6eb", "c2c35746fe97baf481b6d8cd6281a7d9542c187de80e6d2aad04f06c79841e5d"], "ip": "67[.]195[.]204[.]82/31"}, {"hashes": ["271ea89850fffcb08deab3cc8296bcbeb144603e77280847a89504678f40a102", "59baffc524a5e9853bd26cfb3272d3b3bcb50c4a84002e4853affbf2855e584d", "c2c35746fe97baf481b6d8cd6281a7d9542c187de80e6d2aad04f06c79841e5d", "d08017aa9a9b0f146c422c66b33347b35d47ee9c98b2b36aad4554356043ec10"], "ip": "163[.]172[.]32[.]74"}, {"hashes": ["271ea89850fffcb08deab3cc8296bcbeb144603e77280847a89504678f40a102", "59baffc524a5e9853bd26cfb3272d3b3bcb50c4a84002e4853affbf2855e584d", "d08017aa9a9b0f146c422c66b33347b35d47ee9c98b2b36aad4554356043ec10", "eaf4c97da44d07dacf2f639e845bcdfa869cd09f1a069ba16f3f99954c245419"], "ip": "142[.]251[.]9[.]27"}, {"hashes": ["271ea89850fffcb08deab3cc8296bcbeb144603e77280847a89504678f40a102", "3e30d8161b24b957254b37d23c34c045e90bc4d8aa0475dc479cc1985f4d0e47", "59baffc524a5e9853bd26cfb3272d3b3bcb50c4a84002e4853affbf2855e584d", "d08017aa9a9b0f146c422c66b33347b35d47ee9c98b2b36aad4554356043ec10"], "ip": "172[.]64[.]103[.]30"}, {"hashes": ["59baffc524a5e9853bd26cfb3272d3b3bcb50c4a84002e4853affbf2855e584d", "61e0604d33d33b189d984da00e393472b328233c41af921f8b14eab9b928d4b8", "6308ca8901f9d0ec5dcf5831c0b016b1992535a05977949ddfa67a66b09470c4", "d08017aa9a9b0f146c422c66b33347b35d47ee9c98b2b36aad4554356043ec10"], "ip": "172[.]64[.]102[.]30"}, {"hashes": ["271ea89850fffcb08deab3cc8296bcbeb144603e77280847a89504678f40a102", "3e30d8161b24b957254b37d23c34c045e90bc4d8aa0475dc479cc1985f4d0e47", "59baffc524a5e9853bd26cfb3272d3b3bcb50c4a84002e4853affbf2855e584d"], "ip": "68[.]87[.]20[.]5"}, {"hashes": ["271ea89850fffcb08deab3cc8296bcbeb144603e77280847a89504678f40a102", "59baffc524a5e9853bd26cfb3272d3b3bcb50c4a84002e4853affbf2855e584d", "d08017aa9a9b0f146c422c66b33347b35d47ee9c98b2b36aad4554356043ec10"], "ip": "96[.]114[.]157[.]80"}, {"hashes": ["271ea89850fffcb08deab3cc8296bcbeb144603e77280847a89504678f40a102", "59baffc524a5e9853bd26cfb3272d3b3bcb50c4a84002e4853affbf2855e584d", "eaf4c97da44d07dacf2f639e845bcdfa869cd09f1a069ba16f3f99954c245419"], "ip": "74[.]208[.]5[.]20/31"}, {"hashes": ["271ea89850fffcb08deab3cc8296bcbeb144603e77280847a89504678f40a102", "59baffc524a5e9853bd26cfb3272d3b3bcb50c4a84002e4853affbf2855e584d", "d08017aa9a9b0f146c422c66b33347b35d47ee9c98b2b36aad4554356043ec10"], "ip": "104[.]47[.]70[.]33"}, {"hashes": ["271ea89850fffcb08deab3cc8296bcbeb144603e77280847a89504678f40a102", "3e30d8161b24b957254b37d23c34c045e90bc4d8aa0475dc479cc1985f4d0e47", "59baffc524a5e9853bd26cfb3272d3b3bcb50c4a84002e4853affbf2855e584d"], "ip": "67[.]195[.]204[.]79"}, {"hashes": ["271ea89850fffcb08deab3cc8296bcbeb144603e77280847a89504678f40a102", "59baffc524a5e9853bd26cfb3272d3b3bcb50c4a84002e4853affbf2855e584d", "d08017aa9a9b0f146c422c66b33347b35d47ee9c98b2b36aad4554356043ec10"], "ip": "98[.]136[.]96[.]92"}, {"hashes": ["271ea89850fffcb08deab3cc8296bcbeb144603e77280847a89504678f40a102", "59baffc524a5e9853bd26cfb3272d3b3bcb50c4a84002e4853affbf2855e584d", "d08017aa9a9b0f146c422c66b33347b35d47ee9c98b2b36aad4554356043ec10"], "ip": "47[.]43[.]26[.]7"}, {"hashes": ["271ea89850fffcb08deab3cc8296bcbeb144603e77280847a89504678f40a102", "59baffc524a5e9853bd26cfb3272d3b3bcb50c4a84002e4853affbf2855e584d"], "ip": "212[.]227[.]15[.]9"}, {"hashes": ["271ea89850fffcb08deab3cc8296bcbeb144603e77280847a89504678f40a102", "59baffc524a5e9853bd26cfb3272d3b3bcb50c4a84002e4853affbf2855e584d"], "ip": "64[.]233[.]184[.]27"}, {"hashes": ["271ea89850fffcb08deab3cc8296bcbeb144603e77280847a89504678f40a102", "59baffc524a5e9853bd26cfb3272d3b3bcb50c4a84002e4853affbf2855e584d"], "ip": "67[.]195[.]204[.]77"}, {"hashes": ["271ea89850fffcb08deab3cc8296bcbeb144603e77280847a89504678f40a102", "59baffc524a5e9853bd26cfb3272d3b3bcb50c4a84002e4853affbf2855e584d"], "ip": "188[.]125[.]72[.]74"}], "mutex": [], "registry": [{"hashes": ["1c7901421275b33dbae9698ac798a8fdcc4999fdbd04bcd8d221c70fb75c91ae", "271ea89850fffcb08deab3cc8296bcbeb144603e77280847a89504678f40a102", "3e30d8161b24b957254b37d23c34c045e90bc4d8aa0475dc479cc1985f4d0e47", "563bbef37b9b7578a75170ee0a05e3655a1f97ed5df3882c229ef1b4f375c16d", "59baffc524a5e9853bd26cfb3272d3b3bcb50c4a84002e4853affbf2855e584d", "61e0604d33d33b189d984da00e393472b328233c41af921f8b14eab9b928d4b8", "6308ca8901f9d0ec5dcf5831c0b016b1992535a05977949ddfa67a66b09470c4", "7b782d02e6ff6d56139663c74b03e57f517b305fc78b2b54aff90a4952cdb6eb", "a7c21d784caff9a2c6e1baaa77f544bd532a8fb48be0a62480c0e7278d900f3d", "c2c35746fe97baf481b6d8cd6281a7d9542c187de80e6d2aad04f06c79841e5d", "d08017aa9a9b0f146c422c66b33347b35d47ee9c98b2b36aad4554356043ec10", "eaf4c97da44d07dacf2f639e845bcdfa869cd09f1a069ba16f3f99954c245419"], "key": "<HKU>\\.DEFAULT\\CONTROL PANEL\\BUSES", "value_name": null}, {"hashes": ["1c7901421275b33dbae9698ac798a8fdcc4999fdbd04bcd8d221c70fb75c91ae", "271ea89850fffcb08deab3cc8296bcbeb144603e77280847a89504678f40a102", "3e30d8161b24b957254b37d23c34c045e90bc4d8aa0475dc479cc1985f4d0e47", "563bbef37b9b7578a75170ee0a05e3655a1f97ed5df3882c229ef1b4f375c16d", "59baffc524a5e9853bd26cfb3272d3b3bcb50c4a84002e4853affbf2855e584d", "61e0604d33d33b189d984da00e393472b328233c41af921f8b14eab9b928d4b8", "6308ca8901f9d0ec5dcf5831c0b016b1992535a05977949ddfa67a66b09470c4", "7b782d02e6ff6d56139663c74b03e57f517b305fc78b2b54aff90a4952cdb6eb", "a7c21d784caff9a2c6e1baaa77f544bd532a8fb48be0a62480c0e7278d900f3d", "c2c35746fe97baf481b6d8cd6281a7d9542c187de80e6d2aad04f06c79841e5d", "d08017aa9a9b0f146c422c66b33347b35d47ee9c98b2b36aad4554356043ec10", "eaf4c97da44d07dacf2f639e845bcdfa869cd09f1a069ba16f3f99954c245419"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\<random, matching '[A-Z0-9]{8}'>", "value_name": null}, {"hashes": ["1c7901421275b33dbae9698ac798a8fdcc4999fdbd04bcd8d221c70fb75c91ae", "271ea89850fffcb08deab3cc8296bcbeb144603e77280847a89504678f40a102", "3e30d8161b24b957254b37d23c34c045e90bc4d8aa0475dc479cc1985f4d0e47", "563bbef37b9b7578a75170ee0a05e3655a1f97ed5df3882c229ef1b4f375c16d", "59baffc524a5e9853bd26cfb3272d3b3bcb50c4a84002e4853affbf2855e584d", "61e0604d33d33b189d984da00e393472b328233c41af921f8b14eab9b928d4b8", "6308ca8901f9d0ec5dcf5831c0b016b1992535a05977949ddfa67a66b09470c4", "7b782d02e6ff6d56139663c74b03e57f517b305fc78b2b54aff90a4952cdb6eb", "a7c21d784caff9a2c6e1baaa77f544bd532a8fb48be0a62480c0e7278d900f3d", "c2c35746fe97baf481b6d8cd6281a7d9542c187de80e6d2aad04f06c79841e5d", "d08017aa9a9b0f146c422c66b33347b35d47ee9c98b2b36aad4554356043ec10", "eaf4c97da44d07dacf2f639e845bcdfa869cd09f1a069ba16f3f99954c245419"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\<random, matching '[A-Z0-9]{8}'>", "value_name": "Type"}, {"hashes": ["1c7901421275b33dbae9698ac798a8fdcc4999fdbd04bcd8d221c70fb75c91ae", "271ea89850fffcb08deab3cc8296bcbeb144603e77280847a89504678f40a102", "3e30d8161b24b957254b37d23c34c045e90bc4d8aa0475dc479cc1985f4d0e47", "563bbef37b9b7578a75170ee0a05e3655a1f97ed5df3882c229ef1b4f375c16d", "59baffc524a5e9853bd26cfb3272d3b3bcb50c4a84002e4853affbf2855e584d", "61e0604d33d33b189d984da00e393472b328233c41af921f8b14eab9b928d4b8", "6308ca8901f9d0ec5dcf5831c0b016b1992535a05977949ddfa67a66b09470c4", "7b782d02e6ff6d56139663c74b03e57f517b305fc78b2b54aff90a4952cdb6eb", "a7c21d784caff9a2c6e1baaa77f544bd532a8fb48be0a62480c0e7278d900f3d", "c2c35746fe97baf481b6d8cd6281a7d9542c187de80e6d2aad04f06c79841e5d", "d08017aa9a9b0f146c422c66b33347b35d47ee9c98b2b36aad4554356043ec10", "eaf4c97da44d07dacf2f639e845bcdfa869cd09f1a069ba16f3f99954c245419"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\<random, matching '[A-Z0-9]{8}'>", "value_name": "Start"}, {"hashes": ["1c7901421275b33dbae9698ac798a8fdcc4999fdbd04bcd8d221c70fb75c91ae", "271ea89850fffcb08deab3cc8296bcbeb144603e77280847a89504678f40a102", "3e30d8161b24b957254b37d23c34c045e90bc4d8aa0475dc479cc1985f4d0e47", "563bbef37b9b7578a75170ee0a05e3655a1f97ed5df3882c229ef1b4f375c16d", "59baffc524a5e9853bd26cfb3272d3b3bcb50c4a84002e4853affbf2855e584d", "61e0604d33d33b189d984da00e393472b328233c41af921f8b14eab9b928d4b8", "6308ca8901f9d0ec5dcf5831c0b016b1992535a05977949ddfa67a66b09470c4", "7b782d02e6ff6d56139663c74b03e57f517b305fc78b2b54aff90a4952cdb6eb", "a7c21d784caff9a2c6e1baaa77f544bd532a8fb48be0a62480c0e7278d900f3d", "c2c35746fe97baf481b6d8cd6281a7d9542c187de80e6d2aad04f06c79841e5d", "d08017aa9a9b0f146c422c66b33347b35d47ee9c98b2b36aad4554356043ec10", "eaf4c97da44d07dacf2f639e845bcdfa869cd09f1a069ba16f3f99954c245419"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\<random, matching '[A-Z0-9]{8}'>", "value_name": "ErrorControl"}, {"hashes": ["1c7901421275b33dbae9698ac798a8fdcc4999fdbd04bcd8d221c70fb75c91ae", "271ea89850fffcb08deab3cc8296bcbeb144603e77280847a89504678f40a102", "3e30d8161b24b957254b37d23c34c045e90bc4d8aa0475dc479cc1985f4d0e47", "563bbef37b9b7578a75170ee0a05e3655a1f97ed5df3882c229ef1b4f375c16d", "59baffc524a5e9853bd26cfb3272d3b3bcb50c4a84002e4853affbf2855e584d", "61e0604d33d33b189d984da00e393472b328233c41af921f8b14eab9b928d4b8", "6308ca8901f9d0ec5dcf5831c0b016b1992535a05977949ddfa67a66b09470c4", "7b782d02e6ff6d56139663c74b03e57f517b305fc78b2b54aff90a4952cdb6eb", "a7c21d784caff9a2c6e1baaa77f544bd532a8fb48be0a62480c0e7278d900f3d", "c2c35746fe97baf481b6d8cd6281a7d9542c187de80e6d2aad04f06c79841e5d", "d08017aa9a9b0f146c422c66b33347b35d47ee9c98b2b36aad4554356043ec10", "eaf4c97da44d07dacf2f639e845bcdfa869cd09f1a069ba16f3f99954c245419"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\<random, matching '[A-Z0-9]{8}'>", "value_name": "DisplayName"}, {"hashes": ["1c7901421275b33dbae9698ac798a8fdcc4999fdbd04bcd8d221c70fb75c91ae", "271ea89850fffcb08deab3cc8296bcbeb144603e77280847a89504678f40a102", "3e30d8161b24b957254b37d23c34c045e90bc4d8aa0475dc479cc1985f4d0e47", "563bbef37b9b7578a75170ee0a05e3655a1f97ed5df3882c229ef1b4f375c16d", "59baffc524a5e9853bd26cfb3272d3b3bcb50c4a84002e4853affbf2855e584d", "61e0604d33d33b189d984da00e393472b328233c41af921f8b14eab9b928d4b8", "6308ca8901f9d0ec5dcf5831c0b016b1992535a05977949ddfa67a66b09470c4", "7b782d02e6ff6d56139663c74b03e57f517b305fc78b2b54aff90a4952cdb6eb", "a7c21d784caff9a2c6e1baaa77f544bd532a8fb48be0a62480c0e7278d900f3d", "c2c35746fe97baf481b6d8cd6281a7d9542c187de80e6d2aad04f06c79841e5d", "d08017aa9a9b0f146c422c66b33347b35d47ee9c98b2b36aad4554356043ec10", "eaf4c97da44d07dacf2f639e845bcdfa869cd09f1a069ba16f3f99954c245419"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\<random, matching '[A-Z0-9]{8}'>", "value_name": "WOW64"}, {"hashes": ["1c7901421275b33dbae9698ac798a8fdcc4999fdbd04bcd8d221c70fb75c91ae", "271ea89850fffcb08deab3cc8296bcbeb144603e77280847a89504678f40a102", "3e30d8161b24b957254b37d23c34c045e90bc4d8aa0475dc479cc1985f4d0e47", "563bbef37b9b7578a75170ee0a05e3655a1f97ed5df3882c229ef1b4f375c16d", "59baffc524a5e9853bd26cfb3272d3b3bcb50c4a84002e4853affbf2855e584d", "61e0604d33d33b189d984da00e393472b328233c41af921f8b14eab9b928d4b8", "6308ca8901f9d0ec5dcf5831c0b016b1992535a05977949ddfa67a66b09470c4", "7b782d02e6ff6d56139663c74b03e57f517b305fc78b2b54aff90a4952cdb6eb", "a7c21d784caff9a2c6e1baaa77f544bd532a8fb48be0a62480c0e7278d900f3d", "c2c35746fe97baf481b6d8cd6281a7d9542c187de80e6d2aad04f06c79841e5d", "d08017aa9a9b0f146c422c66b33347b35d47ee9c98b2b36aad4554356043ec10", "eaf4c97da44d07dacf2f639e845bcdfa869cd09f1a069ba16f3f99954c245419"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\<random, matching '[A-Z0-9]{8}'>", "value_name": "ObjectName"}, {"hashes": ["1c7901421275b33dbae9698ac798a8fdcc4999fdbd04bcd8d221c70fb75c91ae", "271ea89850fffcb08deab3cc8296bcbeb144603e77280847a89504678f40a102", "3e30d8161b24b957254b37d23c34c045e90bc4d8aa0475dc479cc1985f4d0e47", "563bbef37b9b7578a75170ee0a05e3655a1f97ed5df3882c229ef1b4f375c16d", "59baffc524a5e9853bd26cfb3272d3b3bcb50c4a84002e4853affbf2855e584d", "61e0604d33d33b189d984da00e393472b328233c41af921f8b14eab9b928d4b8", "6308ca8901f9d0ec5dcf5831c0b016b1992535a05977949ddfa67a66b09470c4", "7b782d02e6ff6d56139663c74b03e57f517b305fc78b2b54aff90a4952cdb6eb", "a7c21d784caff9a2c6e1baaa77f544bd532a8fb48be0a62480c0e7278d900f3d", "c2c35746fe97baf481b6d8cd6281a7d9542c187de80e6d2aad04f06c79841e5d", "d08017aa9a9b0f146c422c66b33347b35d47ee9c98b2b36aad4554356043ec10", "eaf4c97da44d07dacf2f639e845bcdfa869cd09f1a069ba16f3f99954c245419"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\<random, matching '[A-Z0-9]{8}'>", "value_name": "Description"}, {"hashes": ["1c7901421275b33dbae9698ac798a8fdcc4999fdbd04bcd8d221c70fb75c91ae", "271ea89850fffcb08deab3cc8296bcbeb144603e77280847a89504678f40a102", "3e30d8161b24b957254b37d23c34c045e90bc4d8aa0475dc479cc1985f4d0e47", "563bbef37b9b7578a75170ee0a05e3655a1f97ed5df3882c229ef1b4f375c16d", "59baffc524a5e9853bd26cfb3272d3b3bcb50c4a84002e4853affbf2855e584d", "61e0604d33d33b189d984da00e393472b328233c41af921f8b14eab9b928d4b8", "6308ca8901f9d0ec5dcf5831c0b016b1992535a05977949ddfa67a66b09470c4", "7b782d02e6ff6d56139663c74b03e57f517b305fc78b2b54aff90a4952cdb6eb", "a7c21d784caff9a2c6e1baaa77f544bd532a8fb48be0a62480c0e7278d900f3d", "c2c35746fe97baf481b6d8cd6281a7d9542c187de80e6d2aad04f06c79841e5d", "d08017aa9a9b0f146c422c66b33347b35d47ee9c98b2b36aad4554356043ec10", "eaf4c97da44d07dacf2f639e845bcdfa869cd09f1a069ba16f3f99954c245419"], "key": "<HKU>\\.DEFAULT\\CONTROL PANEL\\BUSES", "value_name": "Config2"}, {"hashes": ["1c7901421275b33dbae9698ac798a8fdcc4999fdbd04bcd8d221c70fb75c91ae", "271ea89850fffcb08deab3cc8296bcbeb144603e77280847a89504678f40a102", "3e30d8161b24b957254b37d23c34c045e90bc4d8aa0475dc479cc1985f4d0e47", "563bbef37b9b7578a75170ee0a05e3655a1f97ed5df3882c229ef1b4f375c16d", "59baffc524a5e9853bd26cfb3272d3b3bcb50c4a84002e4853affbf2855e584d", "61e0604d33d33b189d984da00e393472b328233c41af921f8b14eab9b928d4b8", "6308ca8901f9d0ec5dcf5831c0b016b1992535a05977949ddfa67a66b09470c4", "7b782d02e6ff6d56139663c74b03e57f517b305fc78b2b54aff90a4952cdb6eb", "a7c21d784caff9a2c6e1baaa77f544bd532a8fb48be0a62480c0e7278d900f3d", "c2c35746fe97baf481b6d8cd6281a7d9542c187de80e6d2aad04f06c79841e5d", "d08017aa9a9b0f146c422c66b33347b35d47ee9c98b2b36aad4554356043ec10", "eaf4c97da44d07dacf2f639e845bcdfa869cd09f1a069ba16f3f99954c245419"], "key": "<HKU>\\.DEFAULT\\CONTROL PANEL\\BUSES", "value_name": "Config0"}, {"hashes": ["1c7901421275b33dbae9698ac798a8fdcc4999fdbd04bcd8d221c70fb75c91ae", "271ea89850fffcb08deab3cc8296bcbeb144603e77280847a89504678f40a102", "3e30d8161b24b957254b37d23c34c045e90bc4d8aa0475dc479cc1985f4d0e47", "563bbef37b9b7578a75170ee0a05e3655a1f97ed5df3882c229ef1b4f375c16d", "59baffc524a5e9853bd26cfb3272d3b3bcb50c4a84002e4853affbf2855e584d", "61e0604d33d33b189d984da00e393472b328233c41af921f8b14eab9b928d4b8", "6308ca8901f9d0ec5dcf5831c0b016b1992535a05977949ddfa67a66b09470c4", "7b782d02e6ff6d56139663c74b03e57f517b305fc78b2b54aff90a4952cdb6eb", "a7c21d784caff9a2c6e1baaa77f544bd532a8fb48be0a62480c0e7278d900f3d", "c2c35746fe97baf481b6d8cd6281a7d9542c187de80e6d2aad04f06c79841e5d", "d08017aa9a9b0f146c422c66b33347b35d47ee9c98b2b36aad4554356043ec10", "eaf4c97da44d07dacf2f639e845bcdfa869cd09f1a069ba16f3f99954c245419"], "key": "<HKU>\\.DEFAULT\\CONTROL PANEL\\BUSES", "value_name": "Config1"}, {"hashes": ["1c7901421275b33dbae9698ac798a8fdcc4999fdbd04bcd8d221c70fb75c91ae", "271ea89850fffcb08deab3cc8296bcbeb144603e77280847a89504678f40a102", "563bbef37b9b7578a75170ee0a05e3655a1f97ed5df3882c229ef1b4f375c16d", "59baffc524a5e9853bd26cfb3272d3b3bcb50c4a84002e4853affbf2855e584d", "61e0604d33d33b189d984da00e393472b328233c41af921f8b14eab9b928d4b8", "6308ca8901f9d0ec5dcf5831c0b016b1992535a05977949ddfa67a66b09470c4", "7b782d02e6ff6d56139663c74b03e57f517b305fc78b2b54aff90a4952cdb6eb", "a7c21d784caff9a2c6e1baaa77f544bd532a8fb48be0a62480c0e7278d900f3d", "c2c35746fe97baf481b6d8cd6281a7d9542c187de80e6d2aad04f06c79841e5d", "d08017aa9a9b0f146c422c66b33347b35d47ee9c98b2b36aad4554356043ec10", "eaf4c97da44d07dacf2f639e845bcdfa869cd09f1a069ba16f3f99954c245419"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\<random, matching '[A-Z0-9]{8}'>", "value_name": "ImagePath"}, {"hashes": ["3e30d8161b24b957254b37d23c34c045e90bc4d8aa0475dc479cc1985f4d0e47", "a7c21d784caff9a2c6e1baaa77f544bd532a8fb48be0a62480c0e7278d900f3d"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS DEFENDER\\EXCLUSIONS\\PATHS", "value_name": "C:\\Windows\\SysWOW64\\jcqwvdjy"}, {"hashes": ["6308ca8901f9d0ec5dcf5831c0b016b1992535a05977949ddfa67a66b09470c4"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS DEFENDER\\EXCLUSIONS\\PATHS", "value_name": "C:\\Windows\\SysWOW64\\gzntsagv"}, {"hashes": ["7b782d02e6ff6d56139663c74b03e57f517b305fc78b2b54aff90a4952cdb6eb"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS DEFENDER\\EXCLUSIONS\\PATHS", "value_name": "C:\\Windows\\SysWOW64\\exlrqyet"}, {"hashes": ["563bbef37b9b7578a75170ee0a05e3655a1f97ed5df3882c229ef1b4f375c16d"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS DEFENDER\\EXCLUSIONS\\PATHS", "value_name": "C:\\Windows\\SysWOW64\\kdrxwekz"}, {"hashes": ["59baffc524a5e9853bd26cfb3272d3b3bcb50c4a84002e4853affbf2855e584d"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS DEFENDER\\EXCLUSIONS\\PATHS", "value_name": "C:\\Windows\\SysWOW64\\tmagfnti"}, {"hashes": ["61e0604d33d33b189d984da00e393472b328233c41af921f8b14eab9b928d4b8"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS DEFENDER\\EXCLUSIONS\\PATHS", "value_name": "C:\\Windows\\SysWOW64\\zsgmltzo"}, {"hashes": ["eaf4c97da44d07dacf2f639e845bcdfa869cd09f1a069ba16f3f99954c245419"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS DEFENDER\\EXCLUSIONS\\PATHS", "value_name": "C:\\Windows\\SysWOW64\\yrflksyn"}, {"hashes": ["271ea89850fffcb08deab3cc8296bcbeb144603e77280847a89504678f40a102"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS DEFENDER\\EXCLUSIONS\\PATHS", "value_name": "C:\\Windows\\SysWOW64\\rkyedlrg"}, {"hashes": ["d08017aa9a9b0f146c422c66b33347b35d47ee9c98b2b36aad4554356043ec10"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS DEFENDER\\EXCLUSIONS\\PATHS", "value_name": "C:\\Windows\\SysWOW64\\fymsrzfu"}, {"hashes": ["1c7901421275b33dbae9698ac798a8fdcc4999fdbd04bcd8d221c70fb75c91ae"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS DEFENDER\\EXCLUSIONS\\PATHS", "value_name": "C:\\Windows\\SysWOW64\\mftzygmb"}, {"hashes": ["c2c35746fe97baf481b6d8cd6281a7d9542c187de80e6d2aad04f06c79841e5d"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS DEFENDER\\EXCLUSIONS\\PATHS", "value_name": "C:\\Windows\\SysWOW64\\cvjpowcr"}]}, "reports_count": 12}, "Win.Spyware.Zbot-9840421-0": {"bis": [{"bi": "pe-encrypted-section", "hashes": ["aeaa3ca819bb66d0b37c3431b1f2f06292f2ef5d087953d421bff33daea4d05a", "5a236442f530936ccc7e9a14a26ac6dc4f6f02a11330f25c3c9e419a4563d552", "086dbeb4f3e6b35380143a6544188ee595fc8cfdd4953225a78620eb536289e6", "8ac5cfda7819b7f982e0da37494baf2fac075a32cf245fa732ff3e18a2027038", "9dffc20f428c686f9cb23e661e84a4685bc30753c974b93ae888b5fd4fd3839c", "673f3e45b7658625d8ccac690740b92e6be40661d684d0cfcb0115a5b69d6776", "5373c7db5436d8bacdca6ab5c641f81098f47e9dedd96e69cd4a2d1a67c94148", "7155b2bf1f3f12bb43e2dc14e97d654c96632f015111bc5df1aa8a3092e3709b", "9f568cc3b8ebc6d459507dc82cbcbdf281f9026b0c3a102be356e42c414f0c0a", "3ffaa4a54e3c545b5d909311336dc9aa8bf3df5b9b6ed5c588cd9b37d3ed875c", "2489553cd8989ab972e401217d9de6ca9d4066bc5c9968a404295ef5d485744d", "2364f9888c9eb3151922a9a3604ecb0e58599b98b6d0f2945e7b12ad1eaf55c1", "99d874daee72df966dc53ffb6e32672bb3568ac3c58fb56cce34329cb3538137", "36bf2a512750368b9172755f207ea9c16a8b2a35a48c5d32d0d62ad4af8a5ad0", "2a1a35f142ac65ac1f5fb2455feee3a3d91320aae6f590d7420cbcc6bab931d4", "8cef6afdfbe964f5839d1f616578a5a648d24152c483b4291c954585b612e53d", "0cb2fa3faed99b9357ed49700e6ea1ea7bfca1142c119c8efd5ade39af168d48", "786c63680d8479cc659709f118c03c1785a700fc690861d851b63d46f4d14fa2", "2fa0a901e5fe7ee8fa15ff714df7e91954194aac9fffb0ab9d532f20b0c4b6c4", "6bb31571dfbc84cb6286e9e57e781326792d1b218125b32a4a46a390aa173471", "6a57ed2c0966ac30b926b317e6f338874772f48e1d2a4e7edf374e521793d2d9", "81fb97b88520f85d7b8f23a119e410785a99646362bc532d034fb0e3ad581211", "7b7b3078f9ced8cd158ed3cf3c86c2a21425b88c717db7b064746ac7eeb20bca", "72c4886dc019c3135205759375a6461d85288628c69d842c700bd867455810e0", "38e75a4b1a9568ca953376efdb22944db7f2a7829b513f4a1fbf94ba6cc11bcf"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "memory-execute-readwrite", "hashes": ["aeaa3ca819bb66d0b37c3431b1f2f06292f2ef5d087953d421bff33daea4d05a", "5a236442f530936ccc7e9a14a26ac6dc4f6f02a11330f25c3c9e419a4563d552", "086dbeb4f3e6b35380143a6544188ee595fc8cfdd4953225a78620eb536289e6", "8ac5cfda7819b7f982e0da37494baf2fac075a32cf245fa732ff3e18a2027038", "9dffc20f428c686f9cb23e661e84a4685bc30753c974b93ae888b5fd4fd3839c", "673f3e45b7658625d8ccac690740b92e6be40661d684d0cfcb0115a5b69d6776", "5373c7db5436d8bacdca6ab5c641f81098f47e9dedd96e69cd4a2d1a67c94148", "7155b2bf1f3f12bb43e2dc14e97d654c96632f015111bc5df1aa8a3092e3709b", "9f568cc3b8ebc6d459507dc82cbcbdf281f9026b0c3a102be356e42c414f0c0a", "3ffaa4a54e3c545b5d909311336dc9aa8bf3df5b9b6ed5c588cd9b37d3ed875c", "2489553cd8989ab972e401217d9de6ca9d4066bc5c9968a404295ef5d485744d", "2364f9888c9eb3151922a9a3604ecb0e58599b98b6d0f2945e7b12ad1eaf55c1", "99d874daee72df966dc53ffb6e32672bb3568ac3c58fb56cce34329cb3538137", "36bf2a512750368b9172755f207ea9c16a8b2a35a48c5d32d0d62ad4af8a5ad0", "2a1a35f142ac65ac1f5fb2455feee3a3d91320aae6f590d7420cbcc6bab931d4", "8cef6afdfbe964f5839d1f616578a5a648d24152c483b4291c954585b612e53d", "0cb2fa3faed99b9357ed49700e6ea1ea7bfca1142c119c8efd5ade39af168d48", "786c63680d8479cc659709f118c03c1785a700fc690861d851b63d46f4d14fa2", "2fa0a901e5fe7ee8fa15ff714df7e91954194aac9fffb0ab9d532f20b0c4b6c4", "6bb31571dfbc84cb6286e9e57e781326792d1b218125b32a4a46a390aa173471", "6a57ed2c0966ac30b926b317e6f338874772f48e1d2a4e7edf374e521793d2d9", "81fb97b88520f85d7b8f23a119e410785a99646362bc532d034fb0e3ad581211", "7b7b3078f9ced8cd158ed3cf3c86c2a21425b88c717db7b064746ac7eeb20bca", "72c4886dc019c3135205759375a6461d85288628c69d842c700bd867455810e0", "38e75a4b1a9568ca953376efdb22944db7f2a7829b513f4a1fbf94ba6cc11bcf"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "cta-static-analyzer-malicious", "hashes": ["aeaa3ca819bb66d0b37c3431b1f2f06292f2ef5d087953d421bff33daea4d05a", "5a236442f530936ccc7e9a14a26ac6dc4f6f02a11330f25c3c9e419a4563d552", "086dbeb4f3e6b35380143a6544188ee595fc8cfdd4953225a78620eb536289e6", "8ac5cfda7819b7f982e0da37494baf2fac075a32cf245fa732ff3e18a2027038", "9dffc20f428c686f9cb23e661e84a4685bc30753c974b93ae888b5fd4fd3839c", "673f3e45b7658625d8ccac690740b92e6be40661d684d0cfcb0115a5b69d6776", "5373c7db5436d8bacdca6ab5c641f81098f47e9dedd96e69cd4a2d1a67c94148", "7155b2bf1f3f12bb43e2dc14e97d654c96632f015111bc5df1aa8a3092e3709b", "9f568cc3b8ebc6d459507dc82cbcbdf281f9026b0c3a102be356e42c414f0c0a", "3ffaa4a54e3c545b5d909311336dc9aa8bf3df5b9b6ed5c588cd9b37d3ed875c", "2489553cd8989ab972e401217d9de6ca9d4066bc5c9968a404295ef5d485744d", "2364f9888c9eb3151922a9a3604ecb0e58599b98b6d0f2945e7b12ad1eaf55c1", "99d874daee72df966dc53ffb6e32672bb3568ac3c58fb56cce34329cb3538137", "36bf2a512750368b9172755f207ea9c16a8b2a35a48c5d32d0d62ad4af8a5ad0", "2a1a35f142ac65ac1f5fb2455feee3a3d91320aae6f590d7420cbcc6bab931d4", "8cef6afdfbe964f5839d1f616578a5a648d24152c483b4291c954585b612e53d", "0cb2fa3faed99b9357ed49700e6ea1ea7bfca1142c119c8efd5ade39af168d48", "786c63680d8479cc659709f118c03c1785a700fc690861d851b63d46f4d14fa2", "2fa0a901e5fe7ee8fa15ff714df7e91954194aac9fffb0ab9d532f20b0c4b6c4", "6bb31571dfbc84cb6286e9e57e781326792d1b218125b32a4a46a390aa173471", "6a57ed2c0966ac30b926b317e6f338874772f48e1d2a4e7edf374e521793d2d9", "81fb97b88520f85d7b8f23a119e410785a99646362bc532d034fb0e3ad581211", "7b7b3078f9ced8cd158ed3cf3c86c2a21425b88c717db7b064746ac7eeb20bca", "72c4886dc019c3135205759375a6461d85288628c69d842c700bd867455810e0", "38e75a4b1a9568ca953376efdb22944db7f2a7829b513f4a1fbf94ba6cc11bcf"], "mitre_attack_tags": []}, {"bi": "pe-uses-armadillo", "hashes": ["aeaa3ca819bb66d0b37c3431b1f2f06292f2ef5d087953d421bff33daea4d05a", "5a236442f530936ccc7e9a14a26ac6dc4f6f02a11330f25c3c9e419a4563d552", "086dbeb4f3e6b35380143a6544188ee595fc8cfdd4953225a78620eb536289e6", "8ac5cfda7819b7f982e0da37494baf2fac075a32cf245fa732ff3e18a2027038", "9dffc20f428c686f9cb23e661e84a4685bc30753c974b93ae888b5fd4fd3839c", "673f3e45b7658625d8ccac690740b92e6be40661d684d0cfcb0115a5b69d6776", "5373c7db5436d8bacdca6ab5c641f81098f47e9dedd96e69cd4a2d1a67c94148", "7155b2bf1f3f12bb43e2dc14e97d654c96632f015111bc5df1aa8a3092e3709b", "9f568cc3b8ebc6d459507dc82cbcbdf281f9026b0c3a102be356e42c414f0c0a", "3ffaa4a54e3c545b5d909311336dc9aa8bf3df5b9b6ed5c588cd9b37d3ed875c", "2489553cd8989ab972e401217d9de6ca9d4066bc5c9968a404295ef5d485744d", "2364f9888c9eb3151922a9a3604ecb0e58599b98b6d0f2945e7b12ad1eaf55c1", "99d874daee72df966dc53ffb6e32672bb3568ac3c58fb56cce34329cb3538137", "36bf2a512750368b9172755f207ea9c16a8b2a35a48c5d32d0d62ad4af8a5ad0", "2a1a35f142ac65ac1f5fb2455feee3a3d91320aae6f590d7420cbcc6bab931d4", "8cef6afdfbe964f5839d1f616578a5a648d24152c483b4291c954585b612e53d", "0cb2fa3faed99b9357ed49700e6ea1ea7bfca1142c119c8efd5ade39af168d48", "786c63680d8479cc659709f118c03c1785a700fc690861d851b63d46f4d14fa2", "2fa0a901e5fe7ee8fa15ff714df7e91954194aac9fffb0ab9d532f20b0c4b6c4", "6bb31571dfbc84cb6286e9e57e781326792d1b218125b32a4a46a390aa173471", "6a57ed2c0966ac30b926b317e6f338874772f48e1d2a4e7edf374e521793d2d9", "81fb97b88520f85d7b8f23a119e410785a99646362bc532d034fb0e3ad581211", "7b7b3078f9ced8cd158ed3cf3c86c2a21425b88c717db7b064746ac7eeb20bca", "72c4886dc019c3135205759375a6461d85288628c69d842c700bd867455810e0", "38e75a4b1a9568ca953376efdb22944db7f2a7829b513f4a1fbf94ba6cc11bcf"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["aeaa3ca819bb66d0b37c3431b1f2f06292f2ef5d087953d421bff33daea4d05a", "5a236442f530936ccc7e9a14a26ac6dc4f6f02a11330f25c3c9e419a4563d552", "086dbeb4f3e6b35380143a6544188ee595fc8cfdd4953225a78620eb536289e6", "8ac5cfda7819b7f982e0da37494baf2fac075a32cf245fa732ff3e18a2027038", "9dffc20f428c686f9cb23e661e84a4685bc30753c974b93ae888b5fd4fd3839c", "673f3e45b7658625d8ccac690740b92e6be40661d684d0cfcb0115a5b69d6776", "5373c7db5436d8bacdca6ab5c641f81098f47e9dedd96e69cd4a2d1a67c94148", "7155b2bf1f3f12bb43e2dc14e97d654c96632f015111bc5df1aa8a3092e3709b", "9f568cc3b8ebc6d459507dc82cbcbdf281f9026b0c3a102be356e42c414f0c0a", "3ffaa4a54e3c545b5d909311336dc9aa8bf3df5b9b6ed5c588cd9b37d3ed875c", "2489553cd8989ab972e401217d9de6ca9d4066bc5c9968a404295ef5d485744d", "2364f9888c9eb3151922a9a3604ecb0e58599b98b6d0f2945e7b12ad1eaf55c1", "99d874daee72df966dc53ffb6e32672bb3568ac3c58fb56cce34329cb3538137", "36bf2a512750368b9172755f207ea9c16a8b2a35a48c5d32d0d62ad4af8a5ad0", "2a1a35f142ac65ac1f5fb2455feee3a3d91320aae6f590d7420cbcc6bab931d4", "8cef6afdfbe964f5839d1f616578a5a648d24152c483b4291c954585b612e53d", "0cb2fa3faed99b9357ed49700e6ea1ea7bfca1142c119c8efd5ade39af168d48", "786c63680d8479cc659709f118c03c1785a700fc690861d851b63d46f4d14fa2", "2fa0a901e5fe7ee8fa15ff714df7e91954194aac9fffb0ab9d532f20b0c4b6c4", "6bb31571dfbc84cb6286e9e57e781326792d1b218125b32a4a46a390aa173471", "6a57ed2c0966ac30b926b317e6f338874772f48e1d2a4e7edf374e521793d2d9", "81fb97b88520f85d7b8f23a119e410785a99646362bc532d034fb0e3ad581211", "7b7b3078f9ced8cd158ed3cf3c86c2a21425b88c717db7b064746ac7eeb20bca", "72c4886dc019c3135205759375a6461d85288628c69d842c700bd867455810e0"], "mitre_attack_tags": []}, {"bi": "artifact-flagged-anomaly", "hashes": ["7b7b3078f9ced8cd158ed3cf3c86c2a21425b88c717db7b064746ac7eeb20bca"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "antivirus-flagged-artifact", "hashes": ["72c4886dc019c3135205759375a6461d85288628c69d842c700bd867455810e0"], "mitre_attack_tags": []}, {"bi": "modified-executable", "hashes": ["72c4886dc019c3135205759375a6461d85288628c69d842c700bd867455810e0"], "mitre_attack_tags": []}, {"bi": "created-executable-in-user-dir", "hashes": ["72c4886dc019c3135205759375a6461d85288628c69d842c700bd867455810e0"], "mitre_attack_tags": []}, {"bi": "modified-file-in-user-dir", "hashes": ["72c4886dc019c3135205759375a6461d85288628c69d842c700bd867455810e0"], "mitre_attack_tags": []}, {"bi": "network-opendns-malicious", "hashes": ["72c4886dc019c3135205759375a6461d85288628c69d842c700bd867455810e0"], "mitre_attack_tags": []}, {"bi": "hook-installed", "hashes": ["72c4886dc019c3135205759375a6461d85288628c69d842c700bd867455810e0"], "mitre_attack_tags": ["TA0009", "TA0006", "T1056"]}, {"bi": "network-fast-flux-nameserver", "hashes": ["72c4886dc019c3135205759375a6461d85288628c69d842c700bd867455810e0"], "mitre_attack_tags": []}, {"bi": "dns-query-nxdomain", "hashes": ["72c4886dc019c3135205759375a6461d85288628c69d842c700bd867455810e0"], "mitre_attack_tags": []}, {"bi": "network-snort-protocol", "hashes": ["72c4886dc019c3135205759375a6461d85288628c69d842c700bd867455810e0"], "mitre_attack_tags": []}, {"bi": "feed-domain-rat", "hashes": ["72c4886dc019c3135205759375a6461d85288628c69d842c700bd867455810e0"], "mitre_attack_tags": []}, {"bi": "feed-domain-banking", "hashes": ["72c4886dc019c3135205759375a6461d85288628c69d842c700bd867455810e0"], "mitre_attack_tags": []}, {"bi": "feed-domain-antivirus-service", "hashes": ["72c4886dc019c3135205759375a6461d85288628c69d842c700bd867455810e0"], "mitre_attack_tags": []}, {"bi": "excessive-foreign-memory-modification", "hashes": ["72c4886dc019c3135205759375a6461d85288628c69d842c700bd867455810e0"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "deleted-submitted-file", "hashes": ["72c4886dc019c3135205759375a6461d85288628c69d842c700bd867455810e0"], "mitre_attack_tags": ["TA0005", "T1070"]}, {"bi": "malware-known-trojan-av", "hashes": ["72c4886dc019c3135205759375a6461d85288628c69d842c700bd867455810e0"], "mitre_attack_tags": []}, {"bi": "listening-port-opened", "hashes": ["72c4886dc019c3135205759375a6461d85288628c69d842c700bd867455810e0"], "mitre_attack_tags": ["TA0011", "T1219"]}, {"bi": "altered-sample-dns-flagged", "hashes": ["72c4886dc019c3135205759375a6461d85288628c69d842c700bd867455810e0"], "mitre_attack_tags": ["TA0011", "T1102"]}, {"bi": "registry-autorun-key-data-dir", "hashes": ["72c4886dc019c3135205759375a6461d85288628c69d842c700bd867455810e0"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "registry-autorun-key-modified", "hashes": ["72c4886dc019c3135205759375a6461d85288628c69d842c700bd867455810e0"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "files-deleted-used-batch", "hashes": ["72c4886dc019c3135205759375a6461d85288628c69d842c700bd867455810e0"], "mitre_attack_tags": ["TA0005", "T1070"]}, {"bi": "cmd-exe-file-execution", "hashes": ["72c4886dc019c3135205759375a6461d85288628c69d842c700bd867455810e0"], "mitre_attack_tags": ["TA0002", "T1059"]}, {"bi": "pe-resource-lang-russian", "hashes": ["72c4886dc019c3135205759375a6461d85288628c69d842c700bd867455810e0"], "mitre_attack_tags": []}, {"bi": "unsigned-roaming-execution", "hashes": ["72c4886dc019c3135205759375a6461d85288628c69d842c700bd867455810e0"], "mitre_attack_tags": ["TA0005"]}, {"bi": "pe-certificate", "hashes": ["72c4886dc019c3135205759375a6461d85288628c69d842c700bd867455810e0"], "mitre_attack_tags": []}, {"bi": "pe-imports-toolhelp", "hashes": ["72c4886dc019c3135205759375a6461d85288628c69d842c700bd867455810e0"], "mitre_attack_tags": ["TA0007", "T1057"]}, {"bi": "sample-pe-modified-on-disk", "hashes": ["72c4886dc019c3135205759375a6461d85288628c69d842c700bd867455810e0"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "malware-compound-cta-activity", "hashes": ["72c4886dc019c3135205759375a6461d85288628c69d842c700bd867455810e0"], "mitre_attack_tags": []}, {"bi": "artifact-exec-extension-obfuscation", "hashes": ["72c4886dc019c3135205759375a6461d85288628c69d842c700bd867455810e0"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "file-alternate-data-stream-modification", "hashes": ["72c4886dc019c3135205759375a6461d85288628c69d842c700bd867455810e0"], "mitre_attack_tags": ["TA0005", "T1564"]}, {"bi": "file-alternate-data-stream-creation", "hashes": ["72c4886dc019c3135205759375a6461d85288628c69d842c700bd867455810e0"], "mitre_attack_tags": ["TA0005", "T1564"]}, {"bi": "pe-resource-lang-spanish", "hashes": ["72c4886dc019c3135205759375a6461d85288628c69d842c700bd867455810e0"], "mitre_attack_tags": []}, {"bi": "registry-ie-zone-settings-modified", "hashes": ["72c4886dc019c3135205759375a6461d85288628c69d842c700bd867455810e0"], "mitre_attack_tags": ["TA0005", "T1562"]}, {"bi": "malware-zeus-mutex-detected", "hashes": ["72c4886dc019c3135205759375a6461d85288628c69d842c700bd867455810e0"], "mitre_attack_tags": []}, {"bi": "pe-resource-lang-korean", "hashes": ["72c4886dc019c3135205759375a6461d85288628c69d842c700bd867455810e0"], "mitre_attack_tags": []}, {"bi": "pe-resource-lang-arabic", "hashes": ["72c4886dc019c3135205759375a6461d85288628c69d842c700bd867455810e0"], "mitre_attack_tags": []}, {"bi": "sample-modified-deleted", "hashes": ["72c4886dc019c3135205759375a6461d85288628c69d842c700bd867455810e0"], "mitre_attack_tags": ["TA0005", "T1070"]}, {"bi": "eml-same-sender-recipient", "hashes": ["72c4886dc019c3135205759375a6461d85288628c69d842c700bd867455810e0"], "mitre_attack_tags": ["TA0001", "T1566"]}, {"bi": "enumeration-email-program-information", "hashes": ["72c4886dc019c3135205759375a6461d85288628c69d842c700bd867455810e0"], "mitre_attack_tags": ["TA0007", "TA0009", "TA0006", "T1083", "T1005", "T1119", "T1114", "T1552"]}, {"bi": "outlook-express-com-server", "hashes": ["72c4886dc019c3135205759375a6461d85288628c69d842c700bd867455810e0"], "mitre_attack_tags": ["TA0009", "TA0003", "TA0004", "T1114", "T1546"]}, {"bi": "eml-link", "hashes": ["72c4886dc019c3135205759375a6461d85288628c69d842c700bd867455810e0"], "mitre_attack_tags": ["TA0001", "T1566"]}, {"bi": "eml-mismatched-name-to-header", "hashes": ["72c4886dc019c3135205759375a6461d85288628c69d842c700bd867455810e0"], "mitre_attack_tags": ["TA0001", "T1566"]}, {"bi": "email-same-sender-receiver-domain", "hashes": ["72c4886dc019c3135205759375a6461d85288628c69d842c700bd867455810e0"], "mitre_attack_tags": []}, {"bi": "antivirus-service-flagged-artifact-mid", "hashes": ["38e75a4b1a9568ca953376efdb22944db7f2a7829b513f4a1fbf94ba6cc11bcf"], "mitre_attack_tags": []}], "category": "Spyware", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": true, "Threat Grid": true, "Umbrella": true, "WSA": true}, "description": "Zbot, also known as Zeus, is a trojan that steals information, such as banking credentials, using methods such as key-logging and form-grabbing.", "hashes": ["086dbeb4f3e6b35380143a6544188ee595fc8cfdd4953225a78620eb536289e6", "0cb2fa3faed99b9357ed49700e6ea1ea7bfca1142c119c8efd5ade39af168d48", "2364f9888c9eb3151922a9a3604ecb0e58599b98b6d0f2945e7b12ad1eaf55c1", "2489553cd8989ab972e401217d9de6ca9d4066bc5c9968a404295ef5d485744d", "2a1a35f142ac65ac1f5fb2455feee3a3d91320aae6f590d7420cbcc6bab931d4", "2fa0a901e5fe7ee8fa15ff714df7e91954194aac9fffb0ab9d532f20b0c4b6c4", "36bf2a512750368b9172755f207ea9c16a8b2a35a48c5d32d0d62ad4af8a5ad0", "38e75a4b1a9568ca953376efdb22944db7f2a7829b513f4a1fbf94ba6cc11bcf", "3ffaa4a54e3c545b5d909311336dc9aa8bf3df5b9b6ed5c588cd9b37d3ed875c", "5373c7db5436d8bacdca6ab5c641f81098f47e9dedd96e69cd4a2d1a67c94148", "5a236442f530936ccc7e9a14a26ac6dc4f6f02a11330f25c3c9e419a4563d552", "673f3e45b7658625d8ccac690740b92e6be40661d684d0cfcb0115a5b69d6776", "6a57ed2c0966ac30b926b317e6f338874772f48e1d2a4e7edf374e521793d2d9", "6bb31571dfbc84cb6286e9e57e781326792d1b218125b32a4a46a390aa173471", "7155b2bf1f3f12bb43e2dc14e97d654c96632f015111bc5df1aa8a3092e3709b", "72c4886dc019c3135205759375a6461d85288628c69d842c700bd867455810e0", "786c63680d8479cc659709f118c03c1785a700fc690861d851b63d46f4d14fa2", "7b7b3078f9ced8cd158ed3cf3c86c2a21425b88c717db7b064746ac7eeb20bca", "81fb97b88520f85d7b8f23a119e410785a99646362bc532d034fb0e3ad581211", "8ac5cfda7819b7f982e0da37494baf2fac075a32cf245fa732ff3e18a2027038", "8cef6afdfbe964f5839d1f616578a5a648d24152c483b4291c954585b612e53d", "99d874daee72df966dc53ffb6e32672bb3568ac3c58fb56cce34329cb3538137", "9dffc20f428c686f9cb23e661e84a4685bc30753c974b93ae888b5fd4fd3839c", "9f568cc3b8ebc6d459507dc82cbcbdf281f9026b0c3a102be356e42c414f0c0a", "aeaa3ca819bb66d0b37c3431b1f2f06292f2ef5d087953d421bff33daea4d05a", "af27c6079b6d96c92c4c61504f1db61deccbcd1c97ea0c2e4d2d516be76ade0c", "bb3bb43154d1e9c7e3e8537f3d342b02edd3ed5440c820ebd99769e4c363bae8", "c44197eb493995c08278cadb6b4a79fa5dbef4bcd3758075b3419a21fabf7e25", "cfe4d9d716e708bcbadce3077438a99a3e127243909c18cdbf5a869ab97a2164", "d1eda4b42f5969ea1c9f15ae4805eb227fa063f0bed4817744c7f75e98c41437", "d3f1c6a30d91ce005ef119a7f1ac85e5b8510ce4d4555a50d9db5ee1b5fdcf22", "da6ce04bc319ed27124df562850841379a66f31a602347b8cfd2ddc3fe9349a4", "dada5774922a53cb051deb8861e7febffd76aae98576bd66203fdbd979d30773", "e54ed29085b51c60b041f3cfe45d37f80da3d7a8ad5f18b7d0d75497571caca8", "e707c558d392b051f383b5e0c5aa2f44191d8bd0af09e321ccdb140754419565", "e88930765252df57dae4044aac45da2c760f5e9481af288de0a929d0a2d3b1c1", "ebcce5461dc53dac57a5f38516960299bbe5b273afbb7086465cdf1a12f24bb6", "f178e62571924de9678ef971c8164d8991426bf790f30ac8e9a0f55aa7a9983a", "f5f3410555606048625f5cd406d905f326261a390f74b8c18c6d0fc56b3be709", "f7942088dc2efd8a2b23b96da25b648156761f8cbe23d42992d32d8e68005579", "ffa9caa8c52cde3404a1139c933d0757a5a4833f0315b77b7a5959b8e9670d00"], "iocs": {"domain": [{"hashes": ["72c4886dc019c3135205759375a6461d85288628c69d842c700bd867455810e0"], "host": "go[.]microsoft[.]com"}, {"hashes": ["72c4886dc019c3135205759375a6461d85288628c69d842c700bd867455810e0"], "host": "approvaldesignteam1[.]com"}, {"hashes": ["72c4886dc019c3135205759375a6461d85288628c69d842c700bd867455810e0"], "host": "ghgng43fgjl82309dfg99df4[.]com"}, {"hashes": ["72c4886dc019c3135205759375a6461d85288628c69d842c700bd867455810e0"], "host": "ghgng44fgjl82509dfg90df[.]com"}], "file": [{"hashes": ["72c4886dc019c3135205759375a6461d85288628c69d842c700bd867455810e0"], "path": "%TEMP%\\ppcrlui_1108_2"}, {"hashes": ["72c4886dc019c3135205759375a6461d85288628c69d842c700bd867455810e0"], "path": "%TEMP%\\ppcrlui_1108_2.ui"}, {"hashes": ["72c4886dc019c3135205759375a6461d85288628c69d842c700bd867455810e0"], "path": "%APPDATA%\\Uzfy"}, {"hashes": ["72c4886dc019c3135205759375a6461d85288628c69d842c700bd867455810e0"], "path": "%LOCALAPPDATA%\\Microsoft\\Windows Mail\\Local Folders\\Inbox\\3FBE5FC4-00000001.eml"}, {"hashes": ["72c4886dc019c3135205759375a6461d85288628c69d842c700bd867455810e0"], "path": "%LOCALAPPDATA%\\Microsoft\\Windows Mail\\Local Folders\\Inbox\\3FBE5FC4-00000001.eml:OECustomProperty"}, {"hashes": ["72c4886dc019c3135205759375a6461d85288628c69d842c700bd867455810e0"], "path": "%APPDATA%\\Doanwo\\idaq.ytw"}, {"hashes": ["72c4886dc019c3135205759375a6461d85288628c69d842c700bd867455810e0"], "path": "%TEMP%\\tmpdb853b4f.bat"}, {"hashes": ["72c4886dc019c3135205759375a6461d85288628c69d842c700bd867455810e0"], "path": "%APPDATA%\\Doanwo"}, {"hashes": ["72c4886dc019c3135205759375a6461d85288628c69d842c700bd867455810e0"], "path": "%APPDATA%\\Ugorel"}, {"hashes": ["72c4886dc019c3135205759375a6461d85288628c69d842c700bd867455810e0"], "path": "%APPDATA%\\Ugorel\\ucfy.exe"}, {"hashes": ["72c4886dc019c3135205759375a6461d85288628c69d842c700bd867455810e0"], "path": "%APPDATA%\\Uzfy\\huabx.aba"}], "ip": [], "mutex": [{"hashes": ["72c4886dc019c3135205759375a6461d85288628c69d842c700bd867455810e0"], "name": "GLOBAL\\{<random GUID>}"}, {"hashes": ["72c4886dc019c3135205759375a6461d85288628c69d842c700bd867455810e0"], "name": "Local\\{<random GUID>}"}], "registry": [{"hashes": ["72c4886dc019c3135205759375a6461d85288628c69d842c700bd867455810e0"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\INTERNET EXPLORER\\PRIVACY", "value_name": "CleanCookies"}, {"hashes": ["72c4886dc019c3135205759375a6461d85288628c69d842c700bd867455810e0"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\ACTION CENTER\\CHECKS\\{E8433B72-5842-4D43-8645-BC2C35960837}.CHECK.101", "value_name": "CheckSetting"}, {"hashes": ["72c4886dc019c3135205759375a6461d85288628c69d842c700bd867455810e0"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\ACTION CENTER\\CHECKS\\{E8433B72-5842-4D43-8645-BC2C35960837}.CHECK.103", "value_name": "CheckSetting"}, {"hashes": ["72c4886dc019c3135205759375a6461d85288628c69d842c700bd867455810e0"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\ACTION CENTER\\CHECKS\\{E8433B72-5842-4D43-8645-BC2C35960837}.CHECK.100", "value_name": "CheckSetting"}, {"hashes": ["72c4886dc019c3135205759375a6461d85288628c69d842c700bd867455810e0"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\ACTION CENTER\\CHECKS\\{E8433B72-5842-4D43-8645-BC2C35960837}.CHECK.102", "value_name": "CheckSetting"}, {"hashes": ["72c4886dc019c3135205759375a6461d85288628c69d842c700bd867455810e0"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\ACTION CENTER\\CHECKS\\{E8433B72-5842-4D43-8645-BC2C35960837}.CHECK.104", "value_name": "CheckSetting"}, {"hashes": ["72c4886dc019c3135205759375a6461d85288628c69d842c700bd867455810e0"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "Yreqhupy"}, {"hashes": ["72c4886dc019c3135205759375a6461d85288628c69d842c700bd867455810e0"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\YZCO", "value_name": "Ciifuq"}, {"hashes": ["72c4886dc019c3135205759375a6461d85288628c69d842c700bd867455810e0"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\YZCO", "value_name": null}]}, "reports_count": 25}, "Win.Trojan.Zegost-9840609-0": {"bis": [{"bi": "memory-execute-readwrite", "hashes": ["eedb3753a1321c56557a8c51362cd6ed66d59360b4e12e78983c8659a299aeef", "dbfb0576d8d5917bf4231a870525191f93915a97f255694184d94761e5887e05", "a62e78411c35c33b30e55063918e75e234e25d88195b46df97db9c00581162db"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "pe-invalid-checksum", "hashes": ["eedb3753a1321c56557a8c51362cd6ed66d59360b4e12e78983c8659a299aeef", "dbfb0576d8d5917bf4231a870525191f93915a97f255694184d94761e5887e05", "a62e78411c35c33b30e55063918e75e234e25d88195b46df97db9c00581162db"], "mitre_attack_tags": []}, {"bi": "imports-IsDebuggerPresent", "hashes": ["eedb3753a1321c56557a8c51362cd6ed66d59360b4e12e78983c8659a299aeef", "dbfb0576d8d5917bf4231a870525191f93915a97f255694184d94761e5887e05", "a62e78411c35c33b30e55063918e75e234e25d88195b46df97db9c00581162db"], "mitre_attack_tags": []}, {"bi": "pe-imports-toolhelp", "hashes": ["eedb3753a1321c56557a8c51362cd6ed66d59360b4e12e78983c8659a299aeef", "dbfb0576d8d5917bf4231a870525191f93915a97f255694184d94761e5887e05", "a62e78411c35c33b30e55063918e75e234e25d88195b46df97db9c00581162db"], "mitre_attack_tags": ["TA0007", "T1057"]}, {"bi": "modified-executable", "hashes": ["eedb3753a1321c56557a8c51362cd6ed66d59360b4e12e78983c8659a299aeef", "dbfb0576d8d5917bf4231a870525191f93915a97f255694184d94761e5887e05"], "mitre_attack_tags": []}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["eedb3753a1321c56557a8c51362cd6ed66d59360b4e12e78983c8659a299aeef", "dbfb0576d8d5917bf4231a870525191f93915a97f255694184d94761e5887e05"], "mitre_attack_tags": []}, {"bi": "feed-domain-antivirus-service", "hashes": ["eedb3753a1321c56557a8c51362cd6ed66d59360b4e12e78983c8659a299aeef", "dbfb0576d8d5917bf4231a870525191f93915a97f255694184d94761e5887e05"], "mitre_attack_tags": []}, {"bi": "registry-autorun-key-modified", "hashes": ["eedb3753a1321c56557a8c51362cd6ed66d59360b4e12e78983c8659a299aeef", "dbfb0576d8d5917bf4231a870525191f93915a97f255694184d94761e5887e05"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "modified-file-in-program-dir", "hashes": ["eedb3753a1321c56557a8c51362cd6ed66d59360b4e12e78983c8659a299aeef", "dbfb0576d8d5917bf4231a870525191f93915a97f255694184d94761e5887e05"], "mitre_attack_tags": []}, {"bi": "files-created-batch", "hashes": ["eedb3753a1321c56557a8c51362cd6ed66d59360b4e12e78983c8659a299aeef", "dbfb0576d8d5917bf4231a870525191f93915a97f255694184d94761e5887e05"], "mitre_attack_tags": ["TA0002", "T1059"]}, {"bi": "registry-autorun-key-bat-file", "hashes": ["eedb3753a1321c56557a8c51362cd6ed66d59360b4e12e78983c8659a299aeef", "dbfb0576d8d5917bf4231a870525191f93915a97f255694184d94761e5887e05"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "network-snort-indicator-compromise", "hashes": ["eedb3753a1321c56557a8c51362cd6ed66d59360b4e12e78983c8659a299aeef"], "mitre_attack_tags": []}, {"bi": "network-fast-flux-domain", "hashes": ["dbfb0576d8d5917bf4231a870525191f93915a97f255694184d94761e5887e05"], "mitre_attack_tags": []}, {"bi": "modified-file-in-user-dir", "hashes": ["a62e78411c35c33b30e55063918e75e234e25d88195b46df97db9c00581162db"], "mitre_attack_tags": []}, {"bi": "windows-crash-tool-execution-detected", "hashes": ["a62e78411c35c33b30e55063918e75e234e25d88195b46df97db9c00581162db"], "mitre_attack_tags": []}, {"bi": "crash-dump-file-created", "hashes": ["a62e78411c35c33b30e55063918e75e234e25d88195b46df97db9c00581162db"], "mitre_attack_tags": []}, {"bi": "fault-report-file-created", "hashes": ["a62e78411c35c33b30e55063918e75e234e25d88195b46df97db9c00581162db"], "mitre_attack_tags": []}], "category": "Trojan", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": true, "Threat Grid": true, "Umbrella": false, "WSA": false}, "description": "Zegost, also known as Zusy, uses man-in-the-middle attacks to steal banking information. When executed, it injects itself into legitimate Windows processes such as \"explorer.exe\" and \"winver.exe.\" When the user accesses a banking website, it displays a form to trick the user into submitting personal information.", "hashes": ["0a23f7f118563e505bfa822035b533f3bbb2e0cbc102dfb2d3549ee79db2c74b", "0aa9328fe3389516d2fd282e56138b9c130d368e82ea70dd9419667b19b191fb", "15e497d04bd67acedf599fbdbcf16ce5f71e1ba0f1d001282b7e4bd6d9e3e8e9", "2387accc86adf52eeb9a74114e0c153732dbb4d50064c1d020faa51580adc4ab", "36c65ee22789d37e92d6fbcc135eb6fd3a9cee15bb01727607ff65f06e29adbf", "3d6172eab86b890404efea00baa9f39de291ab1c31b65bce1d5a15419a2dab6e", "537eaf4e525ea7d75823181020c47c57e959b248ed2c9ac84b29c7d6c42a8001", "6749e8fa7a8d6d26b282caff8e51ffaa3508caa2c5f77bcb7ca619921a152c83", "a62e78411c35c33b30e55063918e75e234e25d88195b46df97db9c00581162db", "c1d4338fb9c6697e129499664ea108524fb0fa4b2c46182dc87c4c2bb06358c5", "c6ab181425933c831575fd11d1f07ca5b6c8de80e9d544143a5ddc3081587f6d", "c89b76b189cb388e323df3f8055ccad897158c5b485afa01711b87fc47620255", "d96135894616742836f8c0520c4db3a925623dba9ae6e60dcfd10a299406ac3b", "dbfb0576d8d5917bf4231a870525191f93915a97f255694184d94761e5887e05", "eedb3753a1321c56557a8c51362cd6ed66d59360b4e12e78983c8659a299aeef"], "iocs": {"domain": [{"hashes": ["c1d4338fb9c6697e129499664ea108524fb0fa4b2c46182dc87c4c2bb06358c5", "d96135894616742836f8c0520c4db3a925623dba9ae6e60dcfd10a299406ac3b"], "host": "ceo[.]ok85[.]cn"}, {"hashes": ["15e497d04bd67acedf599fbdbcf16ce5f71e1ba0f1d001282b7e4bd6d9e3e8e9", "c89b76b189cb388e323df3f8055ccad897158c5b485afa01711b87fc47620255"], "host": "niaopi[.]f3322[.]net"}, {"hashes": ["3d6172eab86b890404efea00baa9f39de291ab1c31b65bce1d5a15419a2dab6e"], "host": "www[.]aabao[.]top"}, {"hashes": ["2387accc86adf52eeb9a74114e0c153732dbb4d50064c1d020faa51580adc4ab"], "host": "a[.]yxwbyt[.]com"}, {"hashes": ["eedb3753a1321c56557a8c51362cd6ed66d59360b4e12e78983c8659a299aeef"], "host": "www[.]ddoss[.]top[.]ddoss[.]top"}], "file": [{"hashes": ["0a23f7f118563e505bfa822035b533f3bbb2e0cbc102dfb2d3549ee79db2c74b", "0aa9328fe3389516d2fd282e56138b9c130d368e82ea70dd9419667b19b191fb", "15e497d04bd67acedf599fbdbcf16ce5f71e1ba0f1d001282b7e4bd6d9e3e8e9", "2387accc86adf52eeb9a74114e0c153732dbb4d50064c1d020faa51580adc4ab", "36c65ee22789d37e92d6fbcc135eb6fd3a9cee15bb01727607ff65f06e29adbf", "3d6172eab86b890404efea00baa9f39de291ab1c31b65bce1d5a15419a2dab6e", "537eaf4e525ea7d75823181020c47c57e959b248ed2c9ac84b29c7d6c42a8001", "6749e8fa7a8d6d26b282caff8e51ffaa3508caa2c5f77bcb7ca619921a152c83", "c1d4338fb9c6697e129499664ea108524fb0fa4b2c46182dc87c4c2bb06358c5", "c6ab181425933c831575fd11d1f07ca5b6c8de80e9d544143a5ddc3081587f6d", "c89b76b189cb388e323df3f8055ccad897158c5b485afa01711b87fc47620255", "d96135894616742836f8c0520c4db3a925623dba9ae6e60dcfd10a299406ac3b", "dbfb0576d8d5917bf4231a870525191f93915a97f255694184d94761e5887e05", "eedb3753a1321c56557a8c51362cd6ed66d59360b4e12e78983c8659a299aeef"], "path": "%ProgramFiles%\\mysqldata\\123.bat"}, {"hashes": ["0a23f7f118563e505bfa822035b533f3bbb2e0cbc102dfb2d3549ee79db2c74b", "0aa9328fe3389516d2fd282e56138b9c130d368e82ea70dd9419667b19b191fb", "15e497d04bd67acedf599fbdbcf16ce5f71e1ba0f1d001282b7e4bd6d9e3e8e9", "2387accc86adf52eeb9a74114e0c153732dbb4d50064c1d020faa51580adc4ab", "36c65ee22789d37e92d6fbcc135eb6fd3a9cee15bb01727607ff65f06e29adbf", "3d6172eab86b890404efea00baa9f39de291ab1c31b65bce1d5a15419a2dab6e", "537eaf4e525ea7d75823181020c47c57e959b248ed2c9ac84b29c7d6c42a8001", "6749e8fa7a8d6d26b282caff8e51ffaa3508caa2c5f77bcb7ca619921a152c83", "c1d4338fb9c6697e129499664ea108524fb0fa4b2c46182dc87c4c2bb06358c5", "c6ab181425933c831575fd11d1f07ca5b6c8de80e9d544143a5ddc3081587f6d", "c89b76b189cb388e323df3f8055ccad897158c5b485afa01711b87fc47620255", "d96135894616742836f8c0520c4db3a925623dba9ae6e60dcfd10a299406ac3b", "dbfb0576d8d5917bf4231a870525191f93915a97f255694184d94761e5887e05", "eedb3753a1321c56557a8c51362cd6ed66d59360b4e12e78983c8659a299aeef"], "path": "%ProgramFiles%\\mysqldata\\server.exe"}, {"hashes": ["0a23f7f118563e505bfa822035b533f3bbb2e0cbc102dfb2d3549ee79db2c74b", "0aa9328fe3389516d2fd282e56138b9c130d368e82ea70dd9419667b19b191fb", "15e497d04bd67acedf599fbdbcf16ce5f71e1ba0f1d001282b7e4bd6d9e3e8e9", "2387accc86adf52eeb9a74114e0c153732dbb4d50064c1d020faa51580adc4ab", "36c65ee22789d37e92d6fbcc135eb6fd3a9cee15bb01727607ff65f06e29adbf", "3d6172eab86b890404efea00baa9f39de291ab1c31b65bce1d5a15419a2dab6e", "537eaf4e525ea7d75823181020c47c57e959b248ed2c9ac84b29c7d6c42a8001", "6749e8fa7a8d6d26b282caff8e51ffaa3508caa2c5f77bcb7ca619921a152c83", "c1d4338fb9c6697e129499664ea108524fb0fa4b2c46182dc87c4c2bb06358c5", "c6ab181425933c831575fd11d1f07ca5b6c8de80e9d544143a5ddc3081587f6d", "c89b76b189cb388e323df3f8055ccad897158c5b485afa01711b87fc47620255", "d96135894616742836f8c0520c4db3a925623dba9ae6e60dcfd10a299406ac3b", "dbfb0576d8d5917bf4231a870525191f93915a97f255694184d94761e5887e05", "eedb3753a1321c56557a8c51362cd6ed66d59360b4e12e78983c8659a299aeef"], "path": "%ProgramFiles%\\mysqldata"}], "ip": [{"hashes": ["0a23f7f118563e505bfa822035b533f3bbb2e0cbc102dfb2d3549ee79db2c74b", "0aa9328fe3389516d2fd282e56138b9c130d368e82ea70dd9419667b19b191fb"], "ip": "123[.]249[.]45[.]228"}, {"hashes": ["15e497d04bd67acedf599fbdbcf16ce5f71e1ba0f1d001282b7e4bd6d9e3e8e9", "c89b76b189cb388e323df3f8055ccad897158c5b485afa01711b87fc47620255"], "ip": "104[.]149[.]23[.]9"}, {"hashes": ["3d6172eab86b890404efea00baa9f39de291ab1c31b65bce1d5a15419a2dab6e"], "ip": "107[.]151[.]214[.]247"}, {"hashes": ["d96135894616742836f8c0520c4db3a925623dba9ae6e60dcfd10a299406ac3b"], "ip": "183[.]131[.]83[.]31"}, {"hashes": ["eedb3753a1321c56557a8c51362cd6ed66d59360b4e12e78983c8659a299aeef"], "ip": "171[.]214[.]11[.]85"}], "mutex": [{"hashes": ["0a23f7f118563e505bfa822035b533f3bbb2e0cbc102dfb2d3549ee79db2c74b", "0aa9328fe3389516d2fd282e56138b9c130d368e82ea70dd9419667b19b191fb"], "name": "np+gq5+hlquhoqufn5XN"}, {"hashes": ["c1d4338fb9c6697e129499664ea108524fb0fa4b2c46182dc87c4c2bb06358c5", "d96135894616742836f8c0520c4db3a925623dba9ae6e60dcfd10a299406ac3b"], "name": "8PLsq+zolaKr8OvN"}, {"hashes": ["2387accc86adf52eeb9a74114e0c153732dbb4d50064c1d020faa51580adc4ab", "36c65ee22789d37e92d6fbcc135eb6fd3a9cee15bb01727607ff65f06e29adbf"], "name": "7qvW1eTv1uGr8OzqzQ=="}, {"hashes": ["15e497d04bd67acedf599fbdbcf16ce5f71e1ba0f1d001282b7e4bd6d9e3e8e9", "c89b76b189cb388e323df3f8055ccad897158c5b485afa01711b87fc47620255"], "name": "6+bu7N3mq/OgoJ+fq+vy4c0="}, {"hashes": ["3d6172eab86b890404efea00baa9f39de291ab1c31b65bce1d5a15419a2dab6e"], "name": "5OTkq+7u7+7sq+Hs3c0="}, {"hashes": ["eedb3753a1321c56557a8c51362cd6ed66d59360b4e12e78983c8659a299aeef"], "name": "5OTkq/Hx7ODgq+Hs3avx8ezg4Kvh7N3N"}, {"hashes": ["dbfb0576d8d5917bf4231a870525191f93915a97f255694184d94761e5887e05"], "name": "5OTkq6Ojo6Oe5Ozs7Omr8OzqzQ=="}, {"hashes": ["a62e78411c35c33b30e55063918e75e234e25d88195b46df97db9c00581162db"], "name": "Global\\c3a98be1-8310-11eb-b5f8-00501e3ae7b6"}], "registry": [{"hashes": ["0a23f7f118563e505bfa822035b533f3bbb2e0cbc102dfb2d3549ee79db2c74b", "0aa9328fe3389516d2fd282e56138b9c130d368e82ea70dd9419667b19b191fb", "15e497d04bd67acedf599fbdbcf16ce5f71e1ba0f1d001282b7e4bd6d9e3e8e9", "2387accc86adf52eeb9a74114e0c153732dbb4d50064c1d020faa51580adc4ab", "36c65ee22789d37e92d6fbcc135eb6fd3a9cee15bb01727607ff65f06e29adbf", "3d6172eab86b890404efea00baa9f39de291ab1c31b65bce1d5a15419a2dab6e", "537eaf4e525ea7d75823181020c47c57e959b248ed2c9ac84b29c7d6c42a8001", "6749e8fa7a8d6d26b282caff8e51ffaa3508caa2c5f77bcb7ca619921a152c83", "c1d4338fb9c6697e129499664ea108524fb0fa4b2c46182dc87c4c2bb06358c5", "c6ab181425933c831575fd11d1f07ca5b6c8de80e9d544143a5ddc3081587f6d", "c89b76b189cb388e323df3f8055ccad897158c5b485afa01711b87fc47620255", "d96135894616742836f8c0520c4db3a925623dba9ae6e60dcfd10a299406ac3b", "dbfb0576d8d5917bf4231a870525191f93915a97f255694184d94761e5887e05", "eedb3753a1321c56557a8c51362cd6ed66d59360b4e12e78983c8659a299aeef"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "mysqldata"}]}, "reports_count": 15}, "Win.Virus.Xpiro-9840486-1": {"bis": [{"bi": "antivirus-flagged-artifact", "hashes": ["d144a2d806f787aed58f5b9373bb63989c435510256a79eb4e6417b08e017879", "5e98e799e86a45e116b92f12a3de23dc9e3c4277e0905b068d76500adadb9b2f", "8ecfa25626cd017f47d2c4697fc5b1cef207a30a93cf34c71b8f5a7b8b265270", "0a02e9ff2470c87e6713b09e7e99652c497d1e5eeb5ccbdd527b289c871cf4a7", "e9bd0fd8a733b3d3839e92ecb6f31f69aafc3d4c8ea81230e197920d98f8be89", "6afbdc965e8e4146a81bd388b7385cb8340ddf9826d56a7f2cd14c5e68ca63f8", "619d9389ddc28121761c04013dc87d57de06b267fd4f88b68aa3844395faaa10", "97015bd3b326c7a149acdedd86793e9f6dfeadf714a183ec6dbf5ef8539c8f75", "39f05a3801197ca302764e303c23b71079f8d2d58f4def0c54b37a2e133d48c1", "c7027c531dfe86334180062dc17b4259f9c103076cbb35edc1d5d46a54721553", "13bd2fa278f7d0b76d813a689d1f70a58d962eb3d0958ef190b17457e2cd4d8f", "8fb66857237c75f91b98f015ad0c921b81b9c675f107cb26d88b792e90373c37"], "mitre_attack_tags": []}, {"bi": "pe-encrypted-section", "hashes": ["d144a2d806f787aed58f5b9373bb63989c435510256a79eb4e6417b08e017879", "5e98e799e86a45e116b92f12a3de23dc9e3c4277e0905b068d76500adadb9b2f", "8ecfa25626cd017f47d2c4697fc5b1cef207a30a93cf34c71b8f5a7b8b265270", "0a02e9ff2470c87e6713b09e7e99652c497d1e5eeb5ccbdd527b289c871cf4a7", "e9bd0fd8a733b3d3839e92ecb6f31f69aafc3d4c8ea81230e197920d98f8be89", "6afbdc965e8e4146a81bd388b7385cb8340ddf9826d56a7f2cd14c5e68ca63f8", "619d9389ddc28121761c04013dc87d57de06b267fd4f88b68aa3844395faaa10", "97015bd3b326c7a149acdedd86793e9f6dfeadf714a183ec6dbf5ef8539c8f75", "39f05a3801197ca302764e303c23b71079f8d2d58f4def0c54b37a2e133d48c1", "c7027c531dfe86334180062dc17b4259f9c103076cbb35edc1d5d46a54721553", "13bd2fa278f7d0b76d813a689d1f70a58d962eb3d0958ef190b17457e2cd4d8f", "8fb66857237c75f91b98f015ad0c921b81b9c675f107cb26d88b792e90373c37"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "memory-execute-readwrite", "hashes": ["d144a2d806f787aed58f5b9373bb63989c435510256a79eb4e6417b08e017879", "5e98e799e86a45e116b92f12a3de23dc9e3c4277e0905b068d76500adadb9b2f", "8ecfa25626cd017f47d2c4697fc5b1cef207a30a93cf34c71b8f5a7b8b265270", "0a02e9ff2470c87e6713b09e7e99652c497d1e5eeb5ccbdd527b289c871cf4a7", "e9bd0fd8a733b3d3839e92ecb6f31f69aafc3d4c8ea81230e197920d98f8be89", "6afbdc965e8e4146a81bd388b7385cb8340ddf9826d56a7f2cd14c5e68ca63f8", "619d9389ddc28121761c04013dc87d57de06b267fd4f88b68aa3844395faaa10", "97015bd3b326c7a149acdedd86793e9f6dfeadf714a183ec6dbf5ef8539c8f75", "39f05a3801197ca302764e303c23b71079f8d2d58f4def0c54b37a2e133d48c1", "c7027c531dfe86334180062dc17b4259f9c103076cbb35edc1d5d46a54721553", "13bd2fa278f7d0b76d813a689d1f70a58d962eb3d0958ef190b17457e2cd4d8f", "8fb66857237c75f91b98f015ad0c921b81b9c675f107cb26d88b792e90373c37"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "modified-executable", "hashes": ["d144a2d806f787aed58f5b9373bb63989c435510256a79eb4e6417b08e017879", "5e98e799e86a45e116b92f12a3de23dc9e3c4277e0905b068d76500adadb9b2f", "8ecfa25626cd017f47d2c4697fc5b1cef207a30a93cf34c71b8f5a7b8b265270", "0a02e9ff2470c87e6713b09e7e99652c497d1e5eeb5ccbdd527b289c871cf4a7", "e9bd0fd8a733b3d3839e92ecb6f31f69aafc3d4c8ea81230e197920d98f8be89", "6afbdc965e8e4146a81bd388b7385cb8340ddf9826d56a7f2cd14c5e68ca63f8", "619d9389ddc28121761c04013dc87d57de06b267fd4f88b68aa3844395faaa10", "97015bd3b326c7a149acdedd86793e9f6dfeadf714a183ec6dbf5ef8539c8f75", "39f05a3801197ca302764e303c23b71079f8d2d58f4def0c54b37a2e133d48c1", "c7027c531dfe86334180062dc17b4259f9c103076cbb35edc1d5d46a54721553", "13bd2fa278f7d0b76d813a689d1f70a58d962eb3d0958ef190b17457e2cd4d8f", "8fb66857237c75f91b98f015ad0c921b81b9c675f107cb26d88b792e90373c37"], "mitre_attack_tags": []}, {"bi": "pe-invalid-checksum", "hashes": ["d144a2d806f787aed58f5b9373bb63989c435510256a79eb4e6417b08e017879", "5e98e799e86a45e116b92f12a3de23dc9e3c4277e0905b068d76500adadb9b2f", "8ecfa25626cd017f47d2c4697fc5b1cef207a30a93cf34c71b8f5a7b8b265270", "0a02e9ff2470c87e6713b09e7e99652c497d1e5eeb5ccbdd527b289c871cf4a7", "e9bd0fd8a733b3d3839e92ecb6f31f69aafc3d4c8ea81230e197920d98f8be89", "6afbdc965e8e4146a81bd388b7385cb8340ddf9826d56a7f2cd14c5e68ca63f8", "619d9389ddc28121761c04013dc87d57de06b267fd4f88b68aa3844395faaa10", "97015bd3b326c7a149acdedd86793e9f6dfeadf714a183ec6dbf5ef8539c8f75", "39f05a3801197ca302764e303c23b71079f8d2d58f4def0c54b37a2e133d48c1", "c7027c531dfe86334180062dc17b4259f9c103076cbb35edc1d5d46a54721553", "13bd2fa278f7d0b76d813a689d1f70a58d962eb3d0958ef190b17457e2cd4d8f", "8fb66857237c75f91b98f015ad0c921b81b9c675f107cb26d88b792e90373c37"], "mitre_attack_tags": []}, {"bi": "cta-static-analyzer-malicious", "hashes": ["d144a2d806f787aed58f5b9373bb63989c435510256a79eb4e6417b08e017879", "5e98e799e86a45e116b92f12a3de23dc9e3c4277e0905b068d76500adadb9b2f", "8ecfa25626cd017f47d2c4697fc5b1cef207a30a93cf34c71b8f5a7b8b265270", "0a02e9ff2470c87e6713b09e7e99652c497d1e5eeb5ccbdd527b289c871cf4a7", "e9bd0fd8a733b3d3839e92ecb6f31f69aafc3d4c8ea81230e197920d98f8be89", "6afbdc965e8e4146a81bd388b7385cb8340ddf9826d56a7f2cd14c5e68ca63f8", "619d9389ddc28121761c04013dc87d57de06b267fd4f88b68aa3844395faaa10", "97015bd3b326c7a149acdedd86793e9f6dfeadf714a183ec6dbf5ef8539c8f75", "39f05a3801197ca302764e303c23b71079f8d2d58f4def0c54b37a2e133d48c1", "c7027c531dfe86334180062dc17b4259f9c103076cbb35edc1d5d46a54721553", "13bd2fa278f7d0b76d813a689d1f70a58d962eb3d0958ef190b17457e2cd4d8f", "8fb66857237c75f91b98f015ad0c921b81b9c675f107cb26d88b792e90373c37"], "mitre_attack_tags": []}, {"bi": "artifact-flagged-anomaly", "hashes": ["d144a2d806f787aed58f5b9373bb63989c435510256a79eb4e6417b08e017879", "5e98e799e86a45e116b92f12a3de23dc9e3c4277e0905b068d76500adadb9b2f", "8ecfa25626cd017f47d2c4697fc5b1cef207a30a93cf34c71b8f5a7b8b265270", "0a02e9ff2470c87e6713b09e7e99652c497d1e5eeb5ccbdd527b289c871cf4a7", "e9bd0fd8a733b3d3839e92ecb6f31f69aafc3d4c8ea81230e197920d98f8be89", "6afbdc965e8e4146a81bd388b7385cb8340ddf9826d56a7f2cd14c5e68ca63f8", "619d9389ddc28121761c04013dc87d57de06b267fd4f88b68aa3844395faaa10", "97015bd3b326c7a149acdedd86793e9f6dfeadf714a183ec6dbf5ef8539c8f75", "39f05a3801197ca302764e303c23b71079f8d2d58f4def0c54b37a2e133d48c1", "c7027c531dfe86334180062dc17b4259f9c103076cbb35edc1d5d46a54721553", "13bd2fa278f7d0b76d813a689d1f70a58d962eb3d0958ef190b17457e2cd4d8f", "8fb66857237c75f91b98f015ad0c921b81b9c675f107cb26d88b792e90373c37"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-filename-mismatch", "hashes": ["d144a2d806f787aed58f5b9373bb63989c435510256a79eb4e6417b08e017879", "5e98e799e86a45e116b92f12a3de23dc9e3c4277e0905b068d76500adadb9b2f", "8ecfa25626cd017f47d2c4697fc5b1cef207a30a93cf34c71b8f5a7b8b265270", "0a02e9ff2470c87e6713b09e7e99652c497d1e5eeb5ccbdd527b289c871cf4a7", "e9bd0fd8a733b3d3839e92ecb6f31f69aafc3d4c8ea81230e197920d98f8be89", "6afbdc965e8e4146a81bd388b7385cb8340ddf9826d56a7f2cd14c5e68ca63f8", "619d9389ddc28121761c04013dc87d57de06b267fd4f88b68aa3844395faaa10", "97015bd3b326c7a149acdedd86793e9f6dfeadf714a183ec6dbf5ef8539c8f75", "39f05a3801197ca302764e303c23b71079f8d2d58f4def0c54b37a2e133d48c1", "c7027c531dfe86334180062dc17b4259f9c103076cbb35edc1d5d46a54721553", "13bd2fa278f7d0b76d813a689d1f70a58d962eb3d0958ef190b17457e2cd4d8f", "8fb66857237c75f91b98f015ad0c921b81b9c675f107cb26d88b792e90373c37"], "mitre_attack_tags": []}, {"bi": "pe-section-execute-writable", "hashes": ["d144a2d806f787aed58f5b9373bb63989c435510256a79eb4e6417b08e017879", "5e98e799e86a45e116b92f12a3de23dc9e3c4277e0905b068d76500adadb9b2f", "8ecfa25626cd017f47d2c4697fc5b1cef207a30a93cf34c71b8f5a7b8b265270", "0a02e9ff2470c87e6713b09e7e99652c497d1e5eeb5ccbdd527b289c871cf4a7", "e9bd0fd8a733b3d3839e92ecb6f31f69aafc3d4c8ea81230e197920d98f8be89", "6afbdc965e8e4146a81bd388b7385cb8340ddf9826d56a7f2cd14c5e68ca63f8", "619d9389ddc28121761c04013dc87d57de06b267fd4f88b68aa3844395faaa10", "97015bd3b326c7a149acdedd86793e9f6dfeadf714a183ec6dbf5ef8539c8f75", "39f05a3801197ca302764e303c23b71079f8d2d58f4def0c54b37a2e133d48c1", "c7027c531dfe86334180062dc17b4259f9c103076cbb35edc1d5d46a54721553", "13bd2fa278f7d0b76d813a689d1f70a58d962eb3d0958ef190b17457e2cd4d8f", "8fb66857237c75f91b98f015ad0c921b81b9c675f107cb26d88b792e90373c37"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "hook-installed", "hashes": ["d144a2d806f787aed58f5b9373bb63989c435510256a79eb4e6417b08e017879", "5e98e799e86a45e116b92f12a3de23dc9e3c4277e0905b068d76500adadb9b2f", "8ecfa25626cd017f47d2c4697fc5b1cef207a30a93cf34c71b8f5a7b8b265270", "0a02e9ff2470c87e6713b09e7e99652c497d1e5eeb5ccbdd527b289c871cf4a7", "e9bd0fd8a733b3d3839e92ecb6f31f69aafc3d4c8ea81230e197920d98f8be89", "6afbdc965e8e4146a81bd388b7385cb8340ddf9826d56a7f2cd14c5e68ca63f8", "619d9389ddc28121761c04013dc87d57de06b267fd4f88b68aa3844395faaa10", "97015bd3b326c7a149acdedd86793e9f6dfeadf714a183ec6dbf5ef8539c8f75", "39f05a3801197ca302764e303c23b71079f8d2d58f4def0c54b37a2e133d48c1", "c7027c531dfe86334180062dc17b4259f9c103076cbb35edc1d5d46a54721553", "13bd2fa278f7d0b76d813a689d1f70a58d962eb3d0958ef190b17457e2cd4d8f", "8fb66857237c75f91b98f015ad0c921b81b9c675f107cb26d88b792e90373c37"], "mitre_attack_tags": ["TA0009", "TA0006", "T1056"]}, {"bi": "enumeration-browser-information", "hashes": ["d144a2d806f787aed58f5b9373bb63989c435510256a79eb4e6417b08e017879", "5e98e799e86a45e116b92f12a3de23dc9e3c4277e0905b068d76500adadb9b2f", "8ecfa25626cd017f47d2c4697fc5b1cef207a30a93cf34c71b8f5a7b8b265270", "0a02e9ff2470c87e6713b09e7e99652c497d1e5eeb5ccbdd527b289c871cf4a7", "e9bd0fd8a733b3d3839e92ecb6f31f69aafc3d4c8ea81230e197920d98f8be89", "6afbdc965e8e4146a81bd388b7385cb8340ddf9826d56a7f2cd14c5e68ca63f8", "619d9389ddc28121761c04013dc87d57de06b267fd4f88b68aa3844395faaa10", "97015bd3b326c7a149acdedd86793e9f6dfeadf714a183ec6dbf5ef8539c8f75", "39f05a3801197ca302764e303c23b71079f8d2d58f4def0c54b37a2e133d48c1", "c7027c531dfe86334180062dc17b4259f9c103076cbb35edc1d5d46a54721553", "13bd2fa278f7d0b76d813a689d1f70a58d962eb3d0958ef190b17457e2cd4d8f", "8fb66857237c75f91b98f015ad0c921b81b9c675f107cb26d88b792e90373c37"], "mitre_attack_tags": ["TA0007", "TA0009", "TA0006", "T1083", "T1217", "T1005", "T1119", "T1552"]}, {"bi": "pe-uses-dot-net", "hashes": ["d144a2d806f787aed58f5b9373bb63989c435510256a79eb4e6417b08e017879", "5e98e799e86a45e116b92f12a3de23dc9e3c4277e0905b068d76500adadb9b2f", "8ecfa25626cd017f47d2c4697fc5b1cef207a30a93cf34c71b8f5a7b8b265270", "0a02e9ff2470c87e6713b09e7e99652c497d1e5eeb5ccbdd527b289c871cf4a7", "e9bd0fd8a733b3d3839e92ecb6f31f69aafc3d4c8ea81230e197920d98f8be89", "6afbdc965e8e4146a81bd388b7385cb8340ddf9826d56a7f2cd14c5e68ca63f8", "619d9389ddc28121761c04013dc87d57de06b267fd4f88b68aa3844395faaa10", "97015bd3b326c7a149acdedd86793e9f6dfeadf714a183ec6dbf5ef8539c8f75", "39f05a3801197ca302764e303c23b71079f8d2d58f4def0c54b37a2e133d48c1", "c7027c531dfe86334180062dc17b4259f9c103076cbb35edc1d5d46a54721553", "13bd2fa278f7d0b76d813a689d1f70a58d962eb3d0958ef190b17457e2cd4d8f", "8fb66857237c75f91b98f015ad0c921b81b9c675f107cb26d88b792e90373c37"], "mitre_attack_tags": []}, {"bi": "modified-file-in-program-dir", "hashes": ["d144a2d806f787aed58f5b9373bb63989c435510256a79eb4e6417b08e017879", "5e98e799e86a45e116b92f12a3de23dc9e3c4277e0905b068d76500adadb9b2f", "8ecfa25626cd017f47d2c4697fc5b1cef207a30a93cf34c71b8f5a7b8b265270", "0a02e9ff2470c87e6713b09e7e99652c497d1e5eeb5ccbdd527b289c871cf4a7", "e9bd0fd8a733b3d3839e92ecb6f31f69aafc3d4c8ea81230e197920d98f8be89", "6afbdc965e8e4146a81bd388b7385cb8340ddf9826d56a7f2cd14c5e68ca63f8", "619d9389ddc28121761c04013dc87d57de06b267fd4f88b68aa3844395faaa10", "97015bd3b326c7a149acdedd86793e9f6dfeadf714a183ec6dbf5ef8539c8f75", "39f05a3801197ca302764e303c23b71079f8d2d58f4def0c54b37a2e133d48c1", "c7027c531dfe86334180062dc17b4259f9c103076cbb35edc1d5d46a54721553", "13bd2fa278f7d0b76d813a689d1f70a58d962eb3d0958ef190b17457e2cd4d8f", "8fb66857237c75f91b98f015ad0c921b81b9c675f107cb26d88b792e90373c37"], "mitre_attack_tags": []}, {"bi": "modified-file-in-system-dir", "hashes": ["d144a2d806f787aed58f5b9373bb63989c435510256a79eb4e6417b08e017879", "5e98e799e86a45e116b92f12a3de23dc9e3c4277e0905b068d76500adadb9b2f", "8ecfa25626cd017f47d2c4697fc5b1cef207a30a93cf34c71b8f5a7b8b265270", "0a02e9ff2470c87e6713b09e7e99652c497d1e5eeb5ccbdd527b289c871cf4a7", "e9bd0fd8a733b3d3839e92ecb6f31f69aafc3d4c8ea81230e197920d98f8be89", "6afbdc965e8e4146a81bd388b7385cb8340ddf9826d56a7f2cd14c5e68ca63f8", "619d9389ddc28121761c04013dc87d57de06b267fd4f88b68aa3844395faaa10", "97015bd3b326c7a149acdedd86793e9f6dfeadf714a183ec6dbf5ef8539c8f75", "39f05a3801197ca302764e303c23b71079f8d2d58f4def0c54b37a2e133d48c1", "c7027c531dfe86334180062dc17b4259f9c103076cbb35edc1d5d46a54721553", "13bd2fa278f7d0b76d813a689d1f70a58d962eb3d0958ef190b17457e2cd4d8f", "8fb66857237c75f91b98f015ad0c921b81b9c675f107cb26d88b792e90373c37"], "mitre_attack_tags": []}, {"bi": "imports-IsDebuggerPresent", "hashes": ["d144a2d806f787aed58f5b9373bb63989c435510256a79eb4e6417b08e017879", "5e98e799e86a45e116b92f12a3de23dc9e3c4277e0905b068d76500adadb9b2f", "8ecfa25626cd017f47d2c4697fc5b1cef207a30a93cf34c71b8f5a7b8b265270", "0a02e9ff2470c87e6713b09e7e99652c497d1e5eeb5ccbdd527b289c871cf4a7", "e9bd0fd8a733b3d3839e92ecb6f31f69aafc3d4c8ea81230e197920d98f8be89", "6afbdc965e8e4146a81bd388b7385cb8340ddf9826d56a7f2cd14c5e68ca63f8", "619d9389ddc28121761c04013dc87d57de06b267fd4f88b68aa3844395faaa10", "97015bd3b326c7a149acdedd86793e9f6dfeadf714a183ec6dbf5ef8539c8f75", "39f05a3801197ca302764e303c23b71079f8d2d58f4def0c54b37a2e133d48c1", "c7027c531dfe86334180062dc17b4259f9c103076cbb35edc1d5d46a54721553", "13bd2fa278f7d0b76d813a689d1f70a58d962eb3d0958ef190b17457e2cd4d8f", "8fb66857237c75f91b98f015ad0c921b81b9c675f107cb26d88b792e90373c37"], "mitre_attack_tags": []}, {"bi": "registry-service-autostart-disabled", "hashes": ["d144a2d806f787aed58f5b9373bb63989c435510256a79eb4e6417b08e017879", "5e98e799e86a45e116b92f12a3de23dc9e3c4277e0905b068d76500adadb9b2f", "8ecfa25626cd017f47d2c4697fc5b1cef207a30a93cf34c71b8f5a7b8b265270", "0a02e9ff2470c87e6713b09e7e99652c497d1e5eeb5ccbdd527b289c871cf4a7", "e9bd0fd8a733b3d3839e92ecb6f31f69aafc3d4c8ea81230e197920d98f8be89", "6afbdc965e8e4146a81bd388b7385cb8340ddf9826d56a7f2cd14c5e68ca63f8", "619d9389ddc28121761c04013dc87d57de06b267fd4f88b68aa3844395faaa10", "97015bd3b326c7a149acdedd86793e9f6dfeadf714a183ec6dbf5ef8539c8f75", "39f05a3801197ca302764e303c23b71079f8d2d58f4def0c54b37a2e133d48c1", "c7027c531dfe86334180062dc17b4259f9c103076cbb35edc1d5d46a54721553", "13bd2fa278f7d0b76d813a689d1f70a58d962eb3d0958ef190b17457e2cd4d8f", "8fb66857237c75f91b98f015ad0c921b81b9c675f107cb26d88b792e90373c37"], "mitre_attack_tags": ["TA0005", "TA0040", "TA0003", "TA0004", "T1112", "T1574", "T1489"]}, {"bi": "registry-action-center-disabled", "hashes": ["d144a2d806f787aed58f5b9373bb63989c435510256a79eb4e6417b08e017879", "5e98e799e86a45e116b92f12a3de23dc9e3c4277e0905b068d76500adadb9b2f", "8ecfa25626cd017f47d2c4697fc5b1cef207a30a93cf34c71b8f5a7b8b265270", "0a02e9ff2470c87e6713b09e7e99652c497d1e5eeb5ccbdd527b289c871cf4a7", "e9bd0fd8a733b3d3839e92ecb6f31f69aafc3d4c8ea81230e197920d98f8be89", "6afbdc965e8e4146a81bd388b7385cb8340ddf9826d56a7f2cd14c5e68ca63f8", "619d9389ddc28121761c04013dc87d57de06b267fd4f88b68aa3844395faaa10", "97015bd3b326c7a149acdedd86793e9f6dfeadf714a183ec6dbf5ef8539c8f75", "39f05a3801197ca302764e303c23b71079f8d2d58f4def0c54b37a2e133d48c1", "c7027c531dfe86334180062dc17b4259f9c103076cbb35edc1d5d46a54721553", "13bd2fa278f7d0b76d813a689d1f70a58d962eb3d0958ef190b17457e2cd4d8f", "8fb66857237c75f91b98f015ad0c921b81b9c675f107cb26d88b792e90373c37"], "mitre_attack_tags": ["TA0005", "T1562"]}, {"bi": "pe-imports-toolhelp", "hashes": ["d144a2d806f787aed58f5b9373bb63989c435510256a79eb4e6417b08e017879", "5e98e799e86a45e116b92f12a3de23dc9e3c4277e0905b068d76500adadb9b2f", "8ecfa25626cd017f47d2c4697fc5b1cef207a30a93cf34c71b8f5a7b8b265270", "0a02e9ff2470c87e6713b09e7e99652c497d1e5eeb5ccbdd527b289c871cf4a7", "e9bd0fd8a733b3d3839e92ecb6f31f69aafc3d4c8ea81230e197920d98f8be89", "6afbdc965e8e4146a81bd388b7385cb8340ddf9826d56a7f2cd14c5e68ca63f8", "619d9389ddc28121761c04013dc87d57de06b267fd4f88b68aa3844395faaa10", "97015bd3b326c7a149acdedd86793e9f6dfeadf714a183ec6dbf5ef8539c8f75", "39f05a3801197ca302764e303c23b71079f8d2d58f4def0c54b37a2e133d48c1", "c7027c531dfe86334180062dc17b4259f9c103076cbb35edc1d5d46a54721553", "13bd2fa278f7d0b76d813a689d1f70a58d962eb3d0958ef190b17457e2cd4d8f", "8fb66857237c75f91b98f015ad0c921b81b9c675f107cb26d88b792e90373c37"], "mitre_attack_tags": ["TA0007", "T1057"]}, {"bi": "antivirus-flagged-artifact-cta", "hashes": ["d144a2d806f787aed58f5b9373bb63989c435510256a79eb4e6417b08e017879", "5e98e799e86a45e116b92f12a3de23dc9e3c4277e0905b068d76500adadb9b2f", "8ecfa25626cd017f47d2c4697fc5b1cef207a30a93cf34c71b8f5a7b8b265270", "0a02e9ff2470c87e6713b09e7e99652c497d1e5eeb5ccbdd527b289c871cf4a7", "e9bd0fd8a733b3d3839e92ecb6f31f69aafc3d4c8ea81230e197920d98f8be89", "6afbdc965e8e4146a81bd388b7385cb8340ddf9826d56a7f2cd14c5e68ca63f8", "619d9389ddc28121761c04013dc87d57de06b267fd4f88b68aa3844395faaa10", "97015bd3b326c7a149acdedd86793e9f6dfeadf714a183ec6dbf5ef8539c8f75", "39f05a3801197ca302764e303c23b71079f8d2d58f4def0c54b37a2e133d48c1", "c7027c531dfe86334180062dc17b4259f9c103076cbb35edc1d5d46a54721553", "13bd2fa278f7d0b76d813a689d1f70a58d962eb3d0958ef190b17457e2cd4d8f", "8fb66857237c75f91b98f015ad0c921b81b9c675f107cb26d88b792e90373c37"], "mitre_attack_tags": []}, {"bi": "artifact-flagged-antianalysis", "hashes": ["d144a2d806f787aed58f5b9373bb63989c435510256a79eb4e6417b08e017879", "5e98e799e86a45e116b92f12a3de23dc9e3c4277e0905b068d76500adadb9b2f", "8ecfa25626cd017f47d2c4697fc5b1cef207a30a93cf34c71b8f5a7b8b265270", "0a02e9ff2470c87e6713b09e7e99652c497d1e5eeb5ccbdd527b289c871cf4a7", "e9bd0fd8a733b3d3839e92ecb6f31f69aafc3d4c8ea81230e197920d98f8be89", "6afbdc965e8e4146a81bd388b7385cb8340ddf9826d56a7f2cd14c5e68ca63f8", "619d9389ddc28121761c04013dc87d57de06b267fd4f88b68aa3844395faaa10", "97015bd3b326c7a149acdedd86793e9f6dfeadf714a183ec6dbf5ef8539c8f75", "39f05a3801197ca302764e303c23b71079f8d2d58f4def0c54b37a2e133d48c1", "c7027c531dfe86334180062dc17b4259f9c103076cbb35edc1d5d46a54721553", "13bd2fa278f7d0b76d813a689d1f70a58d962eb3d0958ef190b17457e2cd4d8f", "8fb66857237c75f91b98f015ad0c921b81b9c675f107cb26d88b792e90373c37"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "registry-ie-zone-settings-modified", "hashes": ["d144a2d806f787aed58f5b9373bb63989c435510256a79eb4e6417b08e017879", "5e98e799e86a45e116b92f12a3de23dc9e3c4277e0905b068d76500adadb9b2f", "8ecfa25626cd017f47d2c4697fc5b1cef207a30a93cf34c71b8f5a7b8b265270", "0a02e9ff2470c87e6713b09e7e99652c497d1e5eeb5ccbdd527b289c871cf4a7", "e9bd0fd8a733b3d3839e92ecb6f31f69aafc3d4c8ea81230e197920d98f8be89", "6afbdc965e8e4146a81bd388b7385cb8340ddf9826d56a7f2cd14c5e68ca63f8", "619d9389ddc28121761c04013dc87d57de06b267fd4f88b68aa3844395faaa10", "97015bd3b326c7a149acdedd86793e9f6dfeadf714a183ec6dbf5ef8539c8f75", "39f05a3801197ca302764e303c23b71079f8d2d58f4def0c54b37a2e133d48c1", "c7027c531dfe86334180062dc17b4259f9c103076cbb35edc1d5d46a54721553", "13bd2fa278f7d0b76d813a689d1f70a58d962eb3d0958ef190b17457e2cd4d8f", "8fb66857237c75f91b98f015ad0c921b81b9c675f107cb26d88b792e90373c37"], "mitre_attack_tags": ["TA0005", "T1562"]}, {"bi": "registry-service-type-modified", "hashes": ["d144a2d806f787aed58f5b9373bb63989c435510256a79eb4e6417b08e017879", "5e98e799e86a45e116b92f12a3de23dc9e3c4277e0905b068d76500adadb9b2f", "8ecfa25626cd017f47d2c4697fc5b1cef207a30a93cf34c71b8f5a7b8b265270", "0a02e9ff2470c87e6713b09e7e99652c497d1e5eeb5ccbdd527b289c871cf4a7", "e9bd0fd8a733b3d3839e92ecb6f31f69aafc3d4c8ea81230e197920d98f8be89", "6afbdc965e8e4146a81bd388b7385cb8340ddf9826d56a7f2cd14c5e68ca63f8", "619d9389ddc28121761c04013dc87d57de06b267fd4f88b68aa3844395faaa10", "97015bd3b326c7a149acdedd86793e9f6dfeadf714a183ec6dbf5ef8539c8f75", "39f05a3801197ca302764e303c23b71079f8d2d58f4def0c54b37a2e133d48c1", "c7027c531dfe86334180062dc17b4259f9c103076cbb35edc1d5d46a54721553", "13bd2fa278f7d0b76d813a689d1f70a58d962eb3d0958ef190b17457e2cd4d8f", "8fb66857237c75f91b98f015ad0c921b81b9c675f107cb26d88b792e90373c37"], "mitre_attack_tags": ["TA0005", "TA0003", "TA0004", "T1112", "T1574"]}, {"bi": "malware-xpiro-mutex", "hashes": ["d144a2d806f787aed58f5b9373bb63989c435510256a79eb4e6417b08e017879", "5e98e799e86a45e116b92f12a3de23dc9e3c4277e0905b068d76500adadb9b2f", "8ecfa25626cd017f47d2c4697fc5b1cef207a30a93cf34c71b8f5a7b8b265270", "0a02e9ff2470c87e6713b09e7e99652c497d1e5eeb5ccbdd527b289c871cf4a7", "e9bd0fd8a733b3d3839e92ecb6f31f69aafc3d4c8ea81230e197920d98f8be89", "6afbdc965e8e4146a81bd388b7385cb8340ddf9826d56a7f2cd14c5e68ca63f8", "619d9389ddc28121761c04013dc87d57de06b267fd4f88b68aa3844395faaa10", "97015bd3b326c7a149acdedd86793e9f6dfeadf714a183ec6dbf5ef8539c8f75", "39f05a3801197ca302764e303c23b71079f8d2d58f4def0c54b37a2e133d48c1", "c7027c531dfe86334180062dc17b4259f9c103076cbb35edc1d5d46a54721553", "13bd2fa278f7d0b76d813a689d1f70a58d962eb3d0958ef190b17457e2cd4d8f", "8fb66857237c75f91b98f015ad0c921b81b9c675f107cb26d88b792e90373c37"], "mitre_attack_tags": []}, {"bi": "malware-trojan-xpiro-compound", "hashes": ["d144a2d806f787aed58f5b9373bb63989c435510256a79eb4e6417b08e017879", "5e98e799e86a45e116b92f12a3de23dc9e3c4277e0905b068d76500adadb9b2f", "8ecfa25626cd017f47d2c4697fc5b1cef207a30a93cf34c71b8f5a7b8b265270", "0a02e9ff2470c87e6713b09e7e99652c497d1e5eeb5ccbdd527b289c871cf4a7", "e9bd0fd8a733b3d3839e92ecb6f31f69aafc3d4c8ea81230e197920d98f8be89", "6afbdc965e8e4146a81bd388b7385cb8340ddf9826d56a7f2cd14c5e68ca63f8", "619d9389ddc28121761c04013dc87d57de06b267fd4f88b68aa3844395faaa10", "97015bd3b326c7a149acdedd86793e9f6dfeadf714a183ec6dbf5ef8539c8f75", "39f05a3801197ca302764e303c23b71079f8d2d58f4def0c54b37a2e133d48c1", "c7027c531dfe86334180062dc17b4259f9c103076cbb35edc1d5d46a54721553", "13bd2fa278f7d0b76d813a689d1f70a58d962eb3d0958ef190b17457e2cd4d8f", "8fb66857237c75f91b98f015ad0c921b81b9c675f107cb26d88b792e90373c37"], "mitre_attack_tags": []}, {"bi": "registry-disable-smartscreen", "hashes": ["d144a2d806f787aed58f5b9373bb63989c435510256a79eb4e6417b08e017879", "5e98e799e86a45e116b92f12a3de23dc9e3c4277e0905b068d76500adadb9b2f", "8ecfa25626cd017f47d2c4697fc5b1cef207a30a93cf34c71b8f5a7b8b265270", "0a02e9ff2470c87e6713b09e7e99652c497d1e5eeb5ccbdd527b289c871cf4a7", "e9bd0fd8a733b3d3839e92ecb6f31f69aafc3d4c8ea81230e197920d98f8be89", "6afbdc965e8e4146a81bd388b7385cb8340ddf9826d56a7f2cd14c5e68ca63f8", "619d9389ddc28121761c04013dc87d57de06b267fd4f88b68aa3844395faaa10", "97015bd3b326c7a149acdedd86793e9f6dfeadf714a183ec6dbf5ef8539c8f75", "39f05a3801197ca302764e303c23b71079f8d2d58f4def0c54b37a2e133d48c1", "c7027c531dfe86334180062dc17b4259f9c103076cbb35edc1d5d46a54721553", "13bd2fa278f7d0b76d813a689d1f70a58d962eb3d0958ef190b17457e2cd4d8f", "8fb66857237c75f91b98f015ad0c921b81b9c675f107cb26d88b792e90373c37"], "mitre_attack_tags": ["TA0005", "T1562"]}, {"bi": "pe-imports-virtual-disk-api-dll", "hashes": ["d144a2d806f787aed58f5b9373bb63989c435510256a79eb4e6417b08e017879", "5e98e799e86a45e116b92f12a3de23dc9e3c4277e0905b068d76500adadb9b2f", "8ecfa25626cd017f47d2c4697fc5b1cef207a30a93cf34c71b8f5a7b8b265270", "0a02e9ff2470c87e6713b09e7e99652c497d1e5eeb5ccbdd527b289c871cf4a7", "e9bd0fd8a733b3d3839e92ecb6f31f69aafc3d4c8ea81230e197920d98f8be89", "6afbdc965e8e4146a81bd388b7385cb8340ddf9826d56a7f2cd14c5e68ca63f8", "619d9389ddc28121761c04013dc87d57de06b267fd4f88b68aa3844395faaa10", "97015bd3b326c7a149acdedd86793e9f6dfeadf714a183ec6dbf5ef8539c8f75", "39f05a3801197ca302764e303c23b71079f8d2d58f4def0c54b37a2e133d48c1", "c7027c531dfe86334180062dc17b4259f9c103076cbb35edc1d5d46a54721553", "13bd2fa278f7d0b76d813a689d1f70a58d962eb3d0958ef190b17457e2cd4d8f", "8fb66857237c75f91b98f015ad0c921b81b9c675f107cb26d88b792e90373c37"], "mitre_attack_tags": ["TA0005", "TA0007", "T1497"]}, {"bi": "process-with-multiple-children", "hashes": ["d144a2d806f787aed58f5b9373bb63989c435510256a79eb4e6417b08e017879", "5e98e799e86a45e116b92f12a3de23dc9e3c4277e0905b068d76500adadb9b2f", "8ecfa25626cd017f47d2c4697fc5b1cef207a30a93cf34c71b8f5a7b8b265270", "0a02e9ff2470c87e6713b09e7e99652c497d1e5eeb5ccbdd527b289c871cf4a7", "e9bd0fd8a733b3d3839e92ecb6f31f69aafc3d4c8ea81230e197920d98f8be89", "6afbdc965e8e4146a81bd388b7385cb8340ddf9826d56a7f2cd14c5e68ca63f8", "619d9389ddc28121761c04013dc87d57de06b267fd4f88b68aa3844395faaa10", "97015bd3b326c7a149acdedd86793e9f6dfeadf714a183ec6dbf5ef8539c8f75", "c7027c531dfe86334180062dc17b4259f9c103076cbb35edc1d5d46a54721553", "13bd2fa278f7d0b76d813a689d1f70a58d962eb3d0958ef190b17457e2cd4d8f", "8fb66857237c75f91b98f015ad0c921b81b9c675f107cb26d88b792e90373c37"], "mitre_attack_tags": ["TA0005"]}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["8ecfa25626cd017f47d2c4697fc5b1cef207a30a93cf34c71b8f5a7b8b265270", "e9bd0fd8a733b3d3839e92ecb6f31f69aafc3d4c8ea81230e197920d98f8be89", "c7027c531dfe86334180062dc17b4259f9c103076cbb35edc1d5d46a54721553", "13bd2fa278f7d0b76d813a689d1f70a58d962eb3d0958ef190b17457e2cd4d8f"], "mitre_attack_tags": []}, {"bi": "malware-known-trojan-av", "hashes": ["d144a2d806f787aed58f5b9373bb63989c435510256a79eb4e6417b08e017879"], "mitre_attack_tags": []}, {"bi": "artifact-flagged-vm", "hashes": ["e9bd0fd8a733b3d3839e92ecb6f31f69aafc3d4c8ea81230e197920d98f8be89"], "mitre_attack_tags": ["TA0005", "TA0007", "T1497"]}], "category": "Virus", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": false, "Threat Grid": true, "Umbrella": false, "WSA": false}, "description": "Expiro is a known file infector and information-stealer that hinders analysis with anti-debugging and anti-analysis tricks.", "hashes": ["0a02e9ff2470c87e6713b09e7e99652c497d1e5eeb5ccbdd527b289c871cf4a7", "13bd2fa278f7d0b76d813a689d1f70a58d962eb3d0958ef190b17457e2cd4d8f", "39f05a3801197ca302764e303c23b71079f8d2d58f4def0c54b37a2e133d48c1", "5e98e799e86a45e116b92f12a3de23dc9e3c4277e0905b068d76500adadb9b2f", "619d9389ddc28121761c04013dc87d57de06b267fd4f88b68aa3844395faaa10", "6afbdc965e8e4146a81bd388b7385cb8340ddf9826d56a7f2cd14c5e68ca63f8", "8ecfa25626cd017f47d2c4697fc5b1cef207a30a93cf34c71b8f5a7b8b265270", "8fb66857237c75f91b98f015ad0c921b81b9c675f107cb26d88b792e90373c37", "97015bd3b326c7a149acdedd86793e9f6dfeadf714a183ec6dbf5ef8539c8f75", "c7027c531dfe86334180062dc17b4259f9c103076cbb35edc1d5d46a54721553", "d144a2d806f787aed58f5b9373bb63989c435510256a79eb4e6417b08e017879", "e9bd0fd8a733b3d3839e92ecb6f31f69aafc3d4c8ea81230e197920d98f8be89"], "iocs": {"domain": [], "file": [{"hashes": ["0a02e9ff2470c87e6713b09e7e99652c497d1e5eeb5ccbdd527b289c871cf4a7", "13bd2fa278f7d0b76d813a689d1f70a58d962eb3d0958ef190b17457e2cd4d8f", "39f05a3801197ca302764e303c23b71079f8d2d58f4def0c54b37a2e133d48c1", "5e98e799e86a45e116b92f12a3de23dc9e3c4277e0905b068d76500adadb9b2f", "619d9389ddc28121761c04013dc87d57de06b267fd4f88b68aa3844395faaa10", "6afbdc965e8e4146a81bd388b7385cb8340ddf9826d56a7f2cd14c5e68ca63f8", "8ecfa25626cd017f47d2c4697fc5b1cef207a30a93cf34c71b8f5a7b8b265270", "8fb66857237c75f91b98f015ad0c921b81b9c675f107cb26d88b792e90373c37", "97015bd3b326c7a149acdedd86793e9f6dfeadf714a183ec6dbf5ef8539c8f75", "c7027c531dfe86334180062dc17b4259f9c103076cbb35edc1d5d46a54721553", "d144a2d806f787aed58f5b9373bb63989c435510256a79eb4e6417b08e017879", "e9bd0fd8a733b3d3839e92ecb6f31f69aafc3d4c8ea81230e197920d98f8be89"], "path": "%System32%\\alg.exe"}, {"hashes": ["0a02e9ff2470c87e6713b09e7e99652c497d1e5eeb5ccbdd527b289c871cf4a7", "13bd2fa278f7d0b76d813a689d1f70a58d962eb3d0958ef190b17457e2cd4d8f", "39f05a3801197ca302764e303c23b71079f8d2d58f4def0c54b37a2e133d48c1", "5e98e799e86a45e116b92f12a3de23dc9e3c4277e0905b068d76500adadb9b2f", "619d9389ddc28121761c04013dc87d57de06b267fd4f88b68aa3844395faaa10", "6afbdc965e8e4146a81bd388b7385cb8340ddf9826d56a7f2cd14c5e68ca63f8", "8ecfa25626cd017f47d2c4697fc5b1cef207a30a93cf34c71b8f5a7b8b265270", "8fb66857237c75f91b98f015ad0c921b81b9c675f107cb26d88b792e90373c37", "97015bd3b326c7a149acdedd86793e9f6dfeadf714a183ec6dbf5ef8539c8f75", "c7027c531dfe86334180062dc17b4259f9c103076cbb35edc1d5d46a54721553", "d144a2d806f787aed58f5b9373bb63989c435510256a79eb4e6417b08e017879", "e9bd0fd8a733b3d3839e92ecb6f31f69aafc3d4c8ea81230e197920d98f8be89"], "path": "%System32%\\dllhost.exe"}, {"hashes": ["0a02e9ff2470c87e6713b09e7e99652c497d1e5eeb5ccbdd527b289c871cf4a7", "13bd2fa278f7d0b76d813a689d1f70a58d962eb3d0958ef190b17457e2cd4d8f", "39f05a3801197ca302764e303c23b71079f8d2d58f4def0c54b37a2e133d48c1", "5e98e799e86a45e116b92f12a3de23dc9e3c4277e0905b068d76500adadb9b2f", "619d9389ddc28121761c04013dc87d57de06b267fd4f88b68aa3844395faaa10", "6afbdc965e8e4146a81bd388b7385cb8340ddf9826d56a7f2cd14c5e68ca63f8", "8ecfa25626cd017f47d2c4697fc5b1cef207a30a93cf34c71b8f5a7b8b265270", "8fb66857237c75f91b98f015ad0c921b81b9c675f107cb26d88b792e90373c37", "97015bd3b326c7a149acdedd86793e9f6dfeadf714a183ec6dbf5ef8539c8f75", "c7027c531dfe86334180062dc17b4259f9c103076cbb35edc1d5d46a54721553", "d144a2d806f787aed58f5b9373bb63989c435510256a79eb4e6417b08e017879", "e9bd0fd8a733b3d3839e92ecb6f31f69aafc3d4c8ea81230e197920d98f8be89"], "path": "%System32%\\ieetwcollector.exe"}, {"hashes": ["0a02e9ff2470c87e6713b09e7e99652c497d1e5eeb5ccbdd527b289c871cf4a7", "13bd2fa278f7d0b76d813a689d1f70a58d962eb3d0958ef190b17457e2cd4d8f", "39f05a3801197ca302764e303c23b71079f8d2d58f4def0c54b37a2e133d48c1", "5e98e799e86a45e116b92f12a3de23dc9e3c4277e0905b068d76500adadb9b2f", "619d9389ddc28121761c04013dc87d57de06b267fd4f88b68aa3844395faaa10", "6afbdc965e8e4146a81bd388b7385cb8340ddf9826d56a7f2cd14c5e68ca63f8", "8ecfa25626cd017f47d2c4697fc5b1cef207a30a93cf34c71b8f5a7b8b265270", "8fb66857237c75f91b98f015ad0c921b81b9c675f107cb26d88b792e90373c37", "97015bd3b326c7a149acdedd86793e9f6dfeadf714a183ec6dbf5ef8539c8f75", "c7027c531dfe86334180062dc17b4259f9c103076cbb35edc1d5d46a54721553", "d144a2d806f787aed58f5b9373bb63989c435510256a79eb4e6417b08e017879", "e9bd0fd8a733b3d3839e92ecb6f31f69aafc3d4c8ea81230e197920d98f8be89"], "path": "%System32%\\msdtc.exe"}, {"hashes": ["0a02e9ff2470c87e6713b09e7e99652c497d1e5eeb5ccbdd527b289c871cf4a7", "13bd2fa278f7d0b76d813a689d1f70a58d962eb3d0958ef190b17457e2cd4d8f", "39f05a3801197ca302764e303c23b71079f8d2d58f4def0c54b37a2e133d48c1", "5e98e799e86a45e116b92f12a3de23dc9e3c4277e0905b068d76500adadb9b2f", "619d9389ddc28121761c04013dc87d57de06b267fd4f88b68aa3844395faaa10", "6afbdc965e8e4146a81bd388b7385cb8340ddf9826d56a7f2cd14c5e68ca63f8", "8ecfa25626cd017f47d2c4697fc5b1cef207a30a93cf34c71b8f5a7b8b265270", "8fb66857237c75f91b98f015ad0c921b81b9c675f107cb26d88b792e90373c37", "97015bd3b326c7a149acdedd86793e9f6dfeadf714a183ec6dbf5ef8539c8f75", "c7027c531dfe86334180062dc17b4259f9c103076cbb35edc1d5d46a54721553", "d144a2d806f787aed58f5b9373bb63989c435510256a79eb4e6417b08e017879", "e9bd0fd8a733b3d3839e92ecb6f31f69aafc3d4c8ea81230e197920d98f8be89"], "path": "%System32%\\msiexec.exe"}, {"hashes": ["0a02e9ff2470c87e6713b09e7e99652c497d1e5eeb5ccbdd527b289c871cf4a7", "13bd2fa278f7d0b76d813a689d1f70a58d962eb3d0958ef190b17457e2cd4d8f", "39f05a3801197ca302764e303c23b71079f8d2d58f4def0c54b37a2e133d48c1", "5e98e799e86a45e116b92f12a3de23dc9e3c4277e0905b068d76500adadb9b2f", "619d9389ddc28121761c04013dc87d57de06b267fd4f88b68aa3844395faaa10", "6afbdc965e8e4146a81bd388b7385cb8340ddf9826d56a7f2cd14c5e68ca63f8", "8ecfa25626cd017f47d2c4697fc5b1cef207a30a93cf34c71b8f5a7b8b265270", "8fb66857237c75f91b98f015ad0c921b81b9c675f107cb26d88b792e90373c37", "97015bd3b326c7a149acdedd86793e9f6dfeadf714a183ec6dbf5ef8539c8f75", "c7027c531dfe86334180062dc17b4259f9c103076cbb35edc1d5d46a54721553", "d144a2d806f787aed58f5b9373bb63989c435510256a79eb4e6417b08e017879", "e9bd0fd8a733b3d3839e92ecb6f31f69aafc3d4c8ea81230e197920d98f8be89"], "path": "%System32%\\snmptrap.exe"}, {"hashes": ["0a02e9ff2470c87e6713b09e7e99652c497d1e5eeb5ccbdd527b289c871cf4a7", "13bd2fa278f7d0b76d813a689d1f70a58d962eb3d0958ef190b17457e2cd4d8f", "39f05a3801197ca302764e303c23b71079f8d2d58f4def0c54b37a2e133d48c1", "5e98e799e86a45e116b92f12a3de23dc9e3c4277e0905b068d76500adadb9b2f", "619d9389ddc28121761c04013dc87d57de06b267fd4f88b68aa3844395faaa10", "6afbdc965e8e4146a81bd388b7385cb8340ddf9826d56a7f2cd14c5e68ca63f8", "8ecfa25626cd017f47d2c4697fc5b1cef207a30a93cf34c71b8f5a7b8b265270", "8fb66857237c75f91b98f015ad0c921b81b9c675f107cb26d88b792e90373c37", "97015bd3b326c7a149acdedd86793e9f6dfeadf714a183ec6dbf5ef8539c8f75", "c7027c531dfe86334180062dc17b4259f9c103076cbb35edc1d5d46a54721553", "d144a2d806f787aed58f5b9373bb63989c435510256a79eb4e6417b08e017879", "e9bd0fd8a733b3d3839e92ecb6f31f69aafc3d4c8ea81230e197920d98f8be89"], "path": "%System32%\\sppsvc.exe"}, {"hashes": ["0a02e9ff2470c87e6713b09e7e99652c497d1e5eeb5ccbdd527b289c871cf4a7", "13bd2fa278f7d0b76d813a689d1f70a58d962eb3d0958ef190b17457e2cd4d8f", "39f05a3801197ca302764e303c23b71079f8d2d58f4def0c54b37a2e133d48c1", "5e98e799e86a45e116b92f12a3de23dc9e3c4277e0905b068d76500adadb9b2f", "619d9389ddc28121761c04013dc87d57de06b267fd4f88b68aa3844395faaa10", "6afbdc965e8e4146a81bd388b7385cb8340ddf9826d56a7f2cd14c5e68ca63f8", "8ecfa25626cd017f47d2c4697fc5b1cef207a30a93cf34c71b8f5a7b8b265270", "8fb66857237c75f91b98f015ad0c921b81b9c675f107cb26d88b792e90373c37", "97015bd3b326c7a149acdedd86793e9f6dfeadf714a183ec6dbf5ef8539c8f75", "c7027c531dfe86334180062dc17b4259f9c103076cbb35edc1d5d46a54721553", "d144a2d806f787aed58f5b9373bb63989c435510256a79eb4e6417b08e017879", "e9bd0fd8a733b3d3839e92ecb6f31f69aafc3d4c8ea81230e197920d98f8be89"], "path": "%System32%\\vds.exe"}, {"hashes": ["0a02e9ff2470c87e6713b09e7e99652c497d1e5eeb5ccbdd527b289c871cf4a7", "13bd2fa278f7d0b76d813a689d1f70a58d962eb3d0958ef190b17457e2cd4d8f", "39f05a3801197ca302764e303c23b71079f8d2d58f4def0c54b37a2e133d48c1", "5e98e799e86a45e116b92f12a3de23dc9e3c4277e0905b068d76500adadb9b2f", "619d9389ddc28121761c04013dc87d57de06b267fd4f88b68aa3844395faaa10", "6afbdc965e8e4146a81bd388b7385cb8340ddf9826d56a7f2cd14c5e68ca63f8", "8ecfa25626cd017f47d2c4697fc5b1cef207a30a93cf34c71b8f5a7b8b265270", "8fb66857237c75f91b98f015ad0c921b81b9c675f107cb26d88b792e90373c37", "97015bd3b326c7a149acdedd86793e9f6dfeadf714a183ec6dbf5ef8539c8f75", "c7027c531dfe86334180062dc17b4259f9c103076cbb35edc1d5d46a54721553", "d144a2d806f787aed58f5b9373bb63989c435510256a79eb4e6417b08e017879", "e9bd0fd8a733b3d3839e92ecb6f31f69aafc3d4c8ea81230e197920d98f8be89"], "path": "%System32%\\wbem\\WmiApSrv.exe"}, {"hashes": ["0a02e9ff2470c87e6713b09e7e99652c497d1e5eeb5ccbdd527b289c871cf4a7", "13bd2fa278f7d0b76d813a689d1f70a58d962eb3d0958ef190b17457e2cd4d8f", "39f05a3801197ca302764e303c23b71079f8d2d58f4def0c54b37a2e133d48c1", "5e98e799e86a45e116b92f12a3de23dc9e3c4277e0905b068d76500adadb9b2f", "619d9389ddc28121761c04013dc87d57de06b267fd4f88b68aa3844395faaa10", "6afbdc965e8e4146a81bd388b7385cb8340ddf9826d56a7f2cd14c5e68ca63f8", "8ecfa25626cd017f47d2c4697fc5b1cef207a30a93cf34c71b8f5a7b8b265270", "8fb66857237c75f91b98f015ad0c921b81b9c675f107cb26d88b792e90373c37", "97015bd3b326c7a149acdedd86793e9f6dfeadf714a183ec6dbf5ef8539c8f75", "c7027c531dfe86334180062dc17b4259f9c103076cbb35edc1d5d46a54721553", "d144a2d806f787aed58f5b9373bb63989c435510256a79eb4e6417b08e017879", "e9bd0fd8a733b3d3839e92ecb6f31f69aafc3d4c8ea81230e197920d98f8be89"], "path": "%System32%\\wbengine.exe"}, {"hashes": ["0a02e9ff2470c87e6713b09e7e99652c497d1e5eeb5ccbdd527b289c871cf4a7", "13bd2fa278f7d0b76d813a689d1f70a58d962eb3d0958ef190b17457e2cd4d8f", "39f05a3801197ca302764e303c23b71079f8d2d58f4def0c54b37a2e133d48c1", "5e98e799e86a45e116b92f12a3de23dc9e3c4277e0905b068d76500adadb9b2f", "619d9389ddc28121761c04013dc87d57de06b267fd4f88b68aa3844395faaa10", "6afbdc965e8e4146a81bd388b7385cb8340ddf9826d56a7f2cd14c5e68ca63f8", "8ecfa25626cd017f47d2c4697fc5b1cef207a30a93cf34c71b8f5a7b8b265270", "8fb66857237c75f91b98f015ad0c921b81b9c675f107cb26d88b792e90373c37", "97015bd3b326c7a149acdedd86793e9f6dfeadf714a183ec6dbf5ef8539c8f75", "c7027c531dfe86334180062dc17b4259f9c103076cbb35edc1d5d46a54721553", "d144a2d806f787aed58f5b9373bb63989c435510256a79eb4e6417b08e017879", "e9bd0fd8a733b3d3839e92ecb6f31f69aafc3d4c8ea81230e197920d98f8be89"], "path": "%SystemRoot%\\ehome\\ehrecvr.exe"}, {"hashes": ["0a02e9ff2470c87e6713b09e7e99652c497d1e5eeb5ccbdd527b289c871cf4a7", "13bd2fa278f7d0b76d813a689d1f70a58d962eb3d0958ef190b17457e2cd4d8f", "39f05a3801197ca302764e303c23b71079f8d2d58f4def0c54b37a2e133d48c1", "5e98e799e86a45e116b92f12a3de23dc9e3c4277e0905b068d76500adadb9b2f", "619d9389ddc28121761c04013dc87d57de06b267fd4f88b68aa3844395faaa10", "6afbdc965e8e4146a81bd388b7385cb8340ddf9826d56a7f2cd14c5e68ca63f8", "8ecfa25626cd017f47d2c4697fc5b1cef207a30a93cf34c71b8f5a7b8b265270", "8fb66857237c75f91b98f015ad0c921b81b9c675f107cb26d88b792e90373c37", "97015bd3b326c7a149acdedd86793e9f6dfeadf714a183ec6dbf5ef8539c8f75", "c7027c531dfe86334180062dc17b4259f9c103076cbb35edc1d5d46a54721553", "d144a2d806f787aed58f5b9373bb63989c435510256a79eb4e6417b08e017879", "e9bd0fd8a733b3d3839e92ecb6f31f69aafc3d4c8ea81230e197920d98f8be89"], "path": "%SystemRoot%\\ehome\\ehsched.exe"}, {"hashes": ["0a02e9ff2470c87e6713b09e7e99652c497d1e5eeb5ccbdd527b289c871cf4a7", "13bd2fa278f7d0b76d813a689d1f70a58d962eb3d0958ef190b17457e2cd4d8f", "39f05a3801197ca302764e303c23b71079f8d2d58f4def0c54b37a2e133d48c1", "5e98e799e86a45e116b92f12a3de23dc9e3c4277e0905b068d76500adadb9b2f", "619d9389ddc28121761c04013dc87d57de06b267fd4f88b68aa3844395faaa10", "6afbdc965e8e4146a81bd388b7385cb8340ddf9826d56a7f2cd14c5e68ca63f8", "8ecfa25626cd017f47d2c4697fc5b1cef207a30a93cf34c71b8f5a7b8b265270", "8fb66857237c75f91b98f015ad0c921b81b9c675f107cb26d88b792e90373c37", "97015bd3b326c7a149acdedd86793e9f6dfeadf714a183ec6dbf5ef8539c8f75", "c7027c531dfe86334180062dc17b4259f9c103076cbb35edc1d5d46a54721553", "d144a2d806f787aed58f5b9373bb63989c435510256a79eb4e6417b08e017879", "e9bd0fd8a733b3d3839e92ecb6f31f69aafc3d4c8ea81230e197920d98f8be89"], "path": "\\MSOCache\\All Users\\{90140000-0115-0409-0000-0000000FF1CE}-C\\ncjookla.tmp"}, {"hashes": ["0a02e9ff2470c87e6713b09e7e99652c497d1e5eeb5ccbdd527b289c871cf4a7", "13bd2fa278f7d0b76d813a689d1f70a58d962eb3d0958ef190b17457e2cd4d8f", "39f05a3801197ca302764e303c23b71079f8d2d58f4def0c54b37a2e133d48c1", "5e98e799e86a45e116b92f12a3de23dc9e3c4277e0905b068d76500adadb9b2f", "619d9389ddc28121761c04013dc87d57de06b267fd4f88b68aa3844395faaa10", "6afbdc965e8e4146a81bd388b7385cb8340ddf9826d56a7f2cd14c5e68ca63f8", "8ecfa25626cd017f47d2c4697fc5b1cef207a30a93cf34c71b8f5a7b8b265270", "8fb66857237c75f91b98f015ad0c921b81b9c675f107cb26d88b792e90373c37", "97015bd3b326c7a149acdedd86793e9f6dfeadf714a183ec6dbf5ef8539c8f75", "c7027c531dfe86334180062dc17b4259f9c103076cbb35edc1d5d46a54721553", "d144a2d806f787aed58f5b9373bb63989c435510256a79eb4e6417b08e017879", "e9bd0fd8a733b3d3839e92ecb6f31f69aafc3d4c8ea81230e197920d98f8be89"], "path": "\\MSOCache\\All Users\\{90140000-0115-0409-0000-0000000FF1CE}-C\\pijiegfa.tmp"}, {"hashes": ["0a02e9ff2470c87e6713b09e7e99652c497d1e5eeb5ccbdd527b289c871cf4a7", "13bd2fa278f7d0b76d813a689d1f70a58d962eb3d0958ef190b17457e2cd4d8f", "39f05a3801197ca302764e303c23b71079f8d2d58f4def0c54b37a2e133d48c1", "5e98e799e86a45e116b92f12a3de23dc9e3c4277e0905b068d76500adadb9b2f", "619d9389ddc28121761c04013dc87d57de06b267fd4f88b68aa3844395faaa10", "6afbdc965e8e4146a81bd388b7385cb8340ddf9826d56a7f2cd14c5e68ca63f8", "8ecfa25626cd017f47d2c4697fc5b1cef207a30a93cf34c71b8f5a7b8b265270", "8fb66857237c75f91b98f015ad0c921b81b9c675f107cb26d88b792e90373c37", "97015bd3b326c7a149acdedd86793e9f6dfeadf714a183ec6dbf5ef8539c8f75", "c7027c531dfe86334180062dc17b4259f9c103076cbb35edc1d5d46a54721553", "d144a2d806f787aed58f5b9373bb63989c435510256a79eb4e6417b08e017879", "e9bd0fd8a733b3d3839e92ecb6f31f69aafc3d4c8ea81230e197920d98f8be89"], "path": "\\MSOCache\\All Users\\{91140000-0011-0000-0000-0000000FF1CE}-C\\afaqkaok.tmp"}, {"hashes": ["0a02e9ff2470c87e6713b09e7e99652c497d1e5eeb5ccbdd527b289c871cf4a7", "13bd2fa278f7d0b76d813a689d1f70a58d962eb3d0958ef190b17457e2cd4d8f", "39f05a3801197ca302764e303c23b71079f8d2d58f4def0c54b37a2e133d48c1", "5e98e799e86a45e116b92f12a3de23dc9e3c4277e0905b068d76500adadb9b2f", "619d9389ddc28121761c04013dc87d57de06b267fd4f88b68aa3844395faaa10", "6afbdc965e8e4146a81bd388b7385cb8340ddf9826d56a7f2cd14c5e68ca63f8", "8ecfa25626cd017f47d2c4697fc5b1cef207a30a93cf34c71b8f5a7b8b265270", "8fb66857237c75f91b98f015ad0c921b81b9c675f107cb26d88b792e90373c37", "97015bd3b326c7a149acdedd86793e9f6dfeadf714a183ec6dbf5ef8539c8f75", "c7027c531dfe86334180062dc17b4259f9c103076cbb35edc1d5d46a54721553", "d144a2d806f787aed58f5b9373bb63989c435510256a79eb4e6417b08e017879", "e9bd0fd8a733b3d3839e92ecb6f31f69aafc3d4c8ea81230e197920d98f8be89"], "path": "\\MSOCache\\All Users\\{91140000-0011-0000-0000-0000000FF1CE}-C\\amhadgcp.tmp"}, {"hashes": ["0a02e9ff2470c87e6713b09e7e99652c497d1e5eeb5ccbdd527b289c871cf4a7", "13bd2fa278f7d0b76d813a689d1f70a58d962eb3d0958ef190b17457e2cd4d8f", "39f05a3801197ca302764e303c23b71079f8d2d58f4def0c54b37a2e133d48c1", "5e98e799e86a45e116b92f12a3de23dc9e3c4277e0905b068d76500adadb9b2f", "619d9389ddc28121761c04013dc87d57de06b267fd4f88b68aa3844395faaa10", "6afbdc965e8e4146a81bd388b7385cb8340ddf9826d56a7f2cd14c5e68ca63f8", "8ecfa25626cd017f47d2c4697fc5b1cef207a30a93cf34c71b8f5a7b8b265270", "8fb66857237c75f91b98f015ad0c921b81b9c675f107cb26d88b792e90373c37", "97015bd3b326c7a149acdedd86793e9f6dfeadf714a183ec6dbf5ef8539c8f75", "c7027c531dfe86334180062dc17b4259f9c103076cbb35edc1d5d46a54721553", "d144a2d806f787aed58f5b9373bb63989c435510256a79eb4e6417b08e017879", "e9bd0fd8a733b3d3839e92ecb6f31f69aafc3d4c8ea81230e197920d98f8be89"], "path": "%CommonProgramFiles%\\Microsoft Shared\\ink\\ighnagcm.tmp"}, {"hashes": ["0a02e9ff2470c87e6713b09e7e99652c497d1e5eeb5ccbdd527b289c871cf4a7", "13bd2fa278f7d0b76d813a689d1f70a58d962eb3d0958ef190b17457e2cd4d8f", "39f05a3801197ca302764e303c23b71079f8d2d58f4def0c54b37a2e133d48c1", "5e98e799e86a45e116b92f12a3de23dc9e3c4277e0905b068d76500adadb9b2f", "619d9389ddc28121761c04013dc87d57de06b267fd4f88b68aa3844395faaa10", "6afbdc965e8e4146a81bd388b7385cb8340ddf9826d56a7f2cd14c5e68ca63f8", "8ecfa25626cd017f47d2c4697fc5b1cef207a30a93cf34c71b8f5a7b8b265270", "8fb66857237c75f91b98f015ad0c921b81b9c675f107cb26d88b792e90373c37", "97015bd3b326c7a149acdedd86793e9f6dfeadf714a183ec6dbf5ef8539c8f75", "c7027c531dfe86334180062dc17b4259f9c103076cbb35edc1d5d46a54721553", "d144a2d806f787aed58f5b9373bb63989c435510256a79eb4e6417b08e017879", "e9bd0fd8a733b3d3839e92ecb6f31f69aafc3d4c8ea81230e197920d98f8be89"], "path": "%CommonProgramFiles%\\Microsoft Shared\\ink\\iibndipn.tmp"}, {"hashes": ["0a02e9ff2470c87e6713b09e7e99652c497d1e5eeb5ccbdd527b289c871cf4a7", "13bd2fa278f7d0b76d813a689d1f70a58d962eb3d0958ef190b17457e2cd4d8f", "39f05a3801197ca302764e303c23b71079f8d2d58f4def0c54b37a2e133d48c1", "5e98e799e86a45e116b92f12a3de23dc9e3c4277e0905b068d76500adadb9b2f", "619d9389ddc28121761c04013dc87d57de06b267fd4f88b68aa3844395faaa10", "6afbdc965e8e4146a81bd388b7385cb8340ddf9826d56a7f2cd14c5e68ca63f8", "8ecfa25626cd017f47d2c4697fc5b1cef207a30a93cf34c71b8f5a7b8b265270", "8fb66857237c75f91b98f015ad0c921b81b9c675f107cb26d88b792e90373c37", "97015bd3b326c7a149acdedd86793e9f6dfeadf714a183ec6dbf5ef8539c8f75", "c7027c531dfe86334180062dc17b4259f9c103076cbb35edc1d5d46a54721553", "d144a2d806f787aed58f5b9373bb63989c435510256a79eb4e6417b08e017879", "e9bd0fd8a733b3d3839e92ecb6f31f69aafc3d4c8ea81230e197920d98f8be89"], "path": "%CommonProgramFiles%\\Microsoft Shared\\ink\\jiianoje.tmp"}, {"hashes": ["0a02e9ff2470c87e6713b09e7e99652c497d1e5eeb5ccbdd527b289c871cf4a7", "13bd2fa278f7d0b76d813a689d1f70a58d962eb3d0958ef190b17457e2cd4d8f", "39f05a3801197ca302764e303c23b71079f8d2d58f4def0c54b37a2e133d48c1", "5e98e799e86a45e116b92f12a3de23dc9e3c4277e0905b068d76500adadb9b2f", "619d9389ddc28121761c04013dc87d57de06b267fd4f88b68aa3844395faaa10", "6afbdc965e8e4146a81bd388b7385cb8340ddf9826d56a7f2cd14c5e68ca63f8", "8ecfa25626cd017f47d2c4697fc5b1cef207a30a93cf34c71b8f5a7b8b265270", "8fb66857237c75f91b98f015ad0c921b81b9c675f107cb26d88b792e90373c37", "97015bd3b326c7a149acdedd86793e9f6dfeadf714a183ec6dbf5ef8539c8f75", "c7027c531dfe86334180062dc17b4259f9c103076cbb35edc1d5d46a54721553", "d144a2d806f787aed58f5b9373bb63989c435510256a79eb4e6417b08e017879", "e9bd0fd8a733b3d3839e92ecb6f31f69aafc3d4c8ea81230e197920d98f8be89"], "path": "%ProgramFiles%\\Java\\jre7\\bin\\kefbfhkg.tmp"}, {"hashes": ["0a02e9ff2470c87e6713b09e7e99652c497d1e5eeb5ccbdd527b289c871cf4a7", "13bd2fa278f7d0b76d813a689d1f70a58d962eb3d0958ef190b17457e2cd4d8f", "39f05a3801197ca302764e303c23b71079f8d2d58f4def0c54b37a2e133d48c1", "5e98e799e86a45e116b92f12a3de23dc9e3c4277e0905b068d76500adadb9b2f", "619d9389ddc28121761c04013dc87d57de06b267fd4f88b68aa3844395faaa10", "6afbdc965e8e4146a81bd388b7385cb8340ddf9826d56a7f2cd14c5e68ca63f8", "8ecfa25626cd017f47d2c4697fc5b1cef207a30a93cf34c71b8f5a7b8b265270", "8fb66857237c75f91b98f015ad0c921b81b9c675f107cb26d88b792e90373c37", "97015bd3b326c7a149acdedd86793e9f6dfeadf714a183ec6dbf5ef8539c8f75", "c7027c531dfe86334180062dc17b4259f9c103076cbb35edc1d5d46a54721553", "d144a2d806f787aed58f5b9373bb63989c435510256a79eb4e6417b08e017879", "e9bd0fd8a733b3d3839e92ecb6f31f69aafc3d4c8ea81230e197920d98f8be89"], "path": "%ProgramFiles%\\Java\\jre7\\bin\\kfefgkli.tmp"}, {"hashes": ["0a02e9ff2470c87e6713b09e7e99652c497d1e5eeb5ccbdd527b289c871cf4a7", "13bd2fa278f7d0b76d813a689d1f70a58d962eb3d0958ef190b17457e2cd4d8f", "39f05a3801197ca302764e303c23b71079f8d2d58f4def0c54b37a2e133d48c1", "5e98e799e86a45e116b92f12a3de23dc9e3c4277e0905b068d76500adadb9b2f", "619d9389ddc28121761c04013dc87d57de06b267fd4f88b68aa3844395faaa10", "6afbdc965e8e4146a81bd388b7385cb8340ddf9826d56a7f2cd14c5e68ca63f8", "8ecfa25626cd017f47d2c4697fc5b1cef207a30a93cf34c71b8f5a7b8b265270", "8fb66857237c75f91b98f015ad0c921b81b9c675f107cb26d88b792e90373c37", "97015bd3b326c7a149acdedd86793e9f6dfeadf714a183ec6dbf5ef8539c8f75", "c7027c531dfe86334180062dc17b4259f9c103076cbb35edc1d5d46a54721553", "d144a2d806f787aed58f5b9373bb63989c435510256a79eb4e6417b08e017879", "e9bd0fd8a733b3d3839e92ecb6f31f69aafc3d4c8ea81230e197920d98f8be89"], "path": "%ProgramFiles%\\Java\\jre7\\bin\\llopmkim.tmp"}, {"hashes": ["0a02e9ff2470c87e6713b09e7e99652c497d1e5eeb5ccbdd527b289c871cf4a7", "13bd2fa278f7d0b76d813a689d1f70a58d962eb3d0958ef190b17457e2cd4d8f", "39f05a3801197ca302764e303c23b71079f8d2d58f4def0c54b37a2e133d48c1", "5e98e799e86a45e116b92f12a3de23dc9e3c4277e0905b068d76500adadb9b2f", "619d9389ddc28121761c04013dc87d57de06b267fd4f88b68aa3844395faaa10", "6afbdc965e8e4146a81bd388b7385cb8340ddf9826d56a7f2cd14c5e68ca63f8", "8ecfa25626cd017f47d2c4697fc5b1cef207a30a93cf34c71b8f5a7b8b265270", "8fb66857237c75f91b98f015ad0c921b81b9c675f107cb26d88b792e90373c37", "97015bd3b326c7a149acdedd86793e9f6dfeadf714a183ec6dbf5ef8539c8f75", "c7027c531dfe86334180062dc17b4259f9c103076cbb35edc1d5d46a54721553", "d144a2d806f787aed58f5b9373bb63989c435510256a79eb4e6417b08e017879", "e9bd0fd8a733b3d3839e92ecb6f31f69aafc3d4c8ea81230e197920d98f8be89"], "path": "%ProgramFiles%\\Java\\jre7\\bin\\qfemblig.tmp"}, {"hashes": ["0a02e9ff2470c87e6713b09e7e99652c497d1e5eeb5ccbdd527b289c871cf4a7", "13bd2fa278f7d0b76d813a689d1f70a58d962eb3d0958ef190b17457e2cd4d8f", "39f05a3801197ca302764e303c23b71079f8d2d58f4def0c54b37a2e133d48c1", "5e98e799e86a45e116b92f12a3de23dc9e3c4277e0905b068d76500adadb9b2f", "619d9389ddc28121761c04013dc87d57de06b267fd4f88b68aa3844395faaa10", "6afbdc965e8e4146a81bd388b7385cb8340ddf9826d56a7f2cd14c5e68ca63f8", "8ecfa25626cd017f47d2c4697fc5b1cef207a30a93cf34c71b8f5a7b8b265270", "8fb66857237c75f91b98f015ad0c921b81b9c675f107cb26d88b792e90373c37", "97015bd3b326c7a149acdedd86793e9f6dfeadf714a183ec6dbf5ef8539c8f75", "c7027c531dfe86334180062dc17b4259f9c103076cbb35edc1d5d46a54721553", "d144a2d806f787aed58f5b9373bb63989c435510256a79eb4e6417b08e017879", "e9bd0fd8a733b3d3839e92ecb6f31f69aafc3d4c8ea81230e197920d98f8be89"], "path": "%ProgramFiles%\\Java\\jre6\\bin\\cpkcoelj.tmp"}, {"hashes": ["0a02e9ff2470c87e6713b09e7e99652c497d1e5eeb5ccbdd527b289c871cf4a7", "13bd2fa278f7d0b76d813a689d1f70a58d962eb3d0958ef190b17457e2cd4d8f", "39f05a3801197ca302764e303c23b71079f8d2d58f4def0c54b37a2e133d48c1", "5e98e799e86a45e116b92f12a3de23dc9e3c4277e0905b068d76500adadb9b2f", "619d9389ddc28121761c04013dc87d57de06b267fd4f88b68aa3844395faaa10", "6afbdc965e8e4146a81bd388b7385cb8340ddf9826d56a7f2cd14c5e68ca63f8", "8ecfa25626cd017f47d2c4697fc5b1cef207a30a93cf34c71b8f5a7b8b265270", "8fb66857237c75f91b98f015ad0c921b81b9c675f107cb26d88b792e90373c37", "97015bd3b326c7a149acdedd86793e9f6dfeadf714a183ec6dbf5ef8539c8f75", "c7027c531dfe86334180062dc17b4259f9c103076cbb35edc1d5d46a54721553", "d144a2d806f787aed58f5b9373bb63989c435510256a79eb4e6417b08e017879", "e9bd0fd8a733b3d3839e92ecb6f31f69aafc3d4c8ea81230e197920d98f8be89"], "path": "%ProgramFiles%\\Java\\jre7\\bin\\nlfifejp.tmp"}, {"hashes": ["0a02e9ff2470c87e6713b09e7e99652c497d1e5eeb5ccbdd527b289c871cf4a7", "13bd2fa278f7d0b76d813a689d1f70a58d962eb3d0958ef190b17457e2cd4d8f", "39f05a3801197ca302764e303c23b71079f8d2d58f4def0c54b37a2e133d48c1", "5e98e799e86a45e116b92f12a3de23dc9e3c4277e0905b068d76500adadb9b2f", "619d9389ddc28121761c04013dc87d57de06b267fd4f88b68aa3844395faaa10", "6afbdc965e8e4146a81bd388b7385cb8340ddf9826d56a7f2cd14c5e68ca63f8", "8ecfa25626cd017f47d2c4697fc5b1cef207a30a93cf34c71b8f5a7b8b265270", "8fb66857237c75f91b98f015ad0c921b81b9c675f107cb26d88b792e90373c37", "97015bd3b326c7a149acdedd86793e9f6dfeadf714a183ec6dbf5ef8539c8f75", "c7027c531dfe86334180062dc17b4259f9c103076cbb35edc1d5d46a54721553", "d144a2d806f787aed58f5b9373bb63989c435510256a79eb4e6417b08e017879", "e9bd0fd8a733b3d3839e92ecb6f31f69aafc3d4c8ea81230e197920d98f8be89"], "path": "%ProgramFiles%\\7-Zip\\dklkkafp.tmp"}, {"hashes": ["0a02e9ff2470c87e6713b09e7e99652c497d1e5eeb5ccbdd527b289c871cf4a7", "13bd2fa278f7d0b76d813a689d1f70a58d962eb3d0958ef190b17457e2cd4d8f", "39f05a3801197ca302764e303c23b71079f8d2d58f4def0c54b37a2e133d48c1", "5e98e799e86a45e116b92f12a3de23dc9e3c4277e0905b068d76500adadb9b2f", "619d9389ddc28121761c04013dc87d57de06b267fd4f88b68aa3844395faaa10", "6afbdc965e8e4146a81bd388b7385cb8340ddf9826d56a7f2cd14c5e68ca63f8", "8ecfa25626cd017f47d2c4697fc5b1cef207a30a93cf34c71b8f5a7b8b265270", "8fb66857237c75f91b98f015ad0c921b81b9c675f107cb26d88b792e90373c37", "97015bd3b326c7a149acdedd86793e9f6dfeadf714a183ec6dbf5ef8539c8f75", "c7027c531dfe86334180062dc17b4259f9c103076cbb35edc1d5d46a54721553", "d144a2d806f787aed58f5b9373bb63989c435510256a79eb4e6417b08e017879", "e9bd0fd8a733b3d3839e92ecb6f31f69aafc3d4c8ea81230e197920d98f8be89"], "path": "%ProgramFiles%\\7-Zip\\klonohhl.tmp"}, {"hashes": ["0a02e9ff2470c87e6713b09e7e99652c497d1e5eeb5ccbdd527b289c871cf4a7", "13bd2fa278f7d0b76d813a689d1f70a58d962eb3d0958ef190b17457e2cd4d8f", "39f05a3801197ca302764e303c23b71079f8d2d58f4def0c54b37a2e133d48c1", "5e98e799e86a45e116b92f12a3de23dc9e3c4277e0905b068d76500adadb9b2f", "619d9389ddc28121761c04013dc87d57de06b267fd4f88b68aa3844395faaa10", "6afbdc965e8e4146a81bd388b7385cb8340ddf9826d56a7f2cd14c5e68ca63f8", "8ecfa25626cd017f47d2c4697fc5b1cef207a30a93cf34c71b8f5a7b8b265270", "8fb66857237c75f91b98f015ad0c921b81b9c675f107cb26d88b792e90373c37", "97015bd3b326c7a149acdedd86793e9f6dfeadf714a183ec6dbf5ef8539c8f75", "c7027c531dfe86334180062dc17b4259f9c103076cbb35edc1d5d46a54721553", "d144a2d806f787aed58f5b9373bb63989c435510256a79eb4e6417b08e017879", "e9bd0fd8a733b3d3839e92ecb6f31f69aafc3d4c8ea81230e197920d98f8be89"], "path": "%ProgramFiles%\\7-Zip\\nklemblo.tmp"}, {"hashes": ["0a02e9ff2470c87e6713b09e7e99652c497d1e5eeb5ccbdd527b289c871cf4a7", "13bd2fa278f7d0b76d813a689d1f70a58d962eb3d0958ef190b17457e2cd4d8f", "39f05a3801197ca302764e303c23b71079f8d2d58f4def0c54b37a2e133d48c1", "5e98e799e86a45e116b92f12a3de23dc9e3c4277e0905b068d76500adadb9b2f", "619d9389ddc28121761c04013dc87d57de06b267fd4f88b68aa3844395faaa10", "6afbdc965e8e4146a81bd388b7385cb8340ddf9826d56a7f2cd14c5e68ca63f8", "8ecfa25626cd017f47d2c4697fc5b1cef207a30a93cf34c71b8f5a7b8b265270", "8fb66857237c75f91b98f015ad0c921b81b9c675f107cb26d88b792e90373c37", "97015bd3b326c7a149acdedd86793e9f6dfeadf714a183ec6dbf5ef8539c8f75", "c7027c531dfe86334180062dc17b4259f9c103076cbb35edc1d5d46a54721553", "d144a2d806f787aed58f5b9373bb63989c435510256a79eb4e6417b08e017879", "e9bd0fd8a733b3d3839e92ecb6f31f69aafc3d4c8ea81230e197920d98f8be89"], "path": "%ProgramFiles%\\7-Zip\\nnknaeep.tmp"}, {"hashes": ["0a02e9ff2470c87e6713b09e7e99652c497d1e5eeb5ccbdd527b289c871cf4a7", "13bd2fa278f7d0b76d813a689d1f70a58d962eb3d0958ef190b17457e2cd4d8f", "39f05a3801197ca302764e303c23b71079f8d2d58f4def0c54b37a2e133d48c1", "5e98e799e86a45e116b92f12a3de23dc9e3c4277e0905b068d76500adadb9b2f", "619d9389ddc28121761c04013dc87d57de06b267fd4f88b68aa3844395faaa10", "6afbdc965e8e4146a81bd388b7385cb8340ddf9826d56a7f2cd14c5e68ca63f8", "8ecfa25626cd017f47d2c4697fc5b1cef207a30a93cf34c71b8f5a7b8b265270", "8fb66857237c75f91b98f015ad0c921b81b9c675f107cb26d88b792e90373c37", "97015bd3b326c7a149acdedd86793e9f6dfeadf714a183ec6dbf5ef8539c8f75", "c7027c531dfe86334180062dc17b4259f9c103076cbb35edc1d5d46a54721553", "d144a2d806f787aed58f5b9373bb63989c435510256a79eb4e6417b08e017879", "e9bd0fd8a733b3d3839e92ecb6f31f69aafc3d4c8ea81230e197920d98f8be89"], "path": "%CommonProgramFiles%\\Microsoft Shared\\MSInfo\\gakpqfhp.tmp"}, {"hashes": ["0a02e9ff2470c87e6713b09e7e99652c497d1e5eeb5ccbdd527b289c871cf4a7", "13bd2fa278f7d0b76d813a689d1f70a58d962eb3d0958ef190b17457e2cd4d8f", "39f05a3801197ca302764e303c23b71079f8d2d58f4def0c54b37a2e133d48c1", "5e98e799e86a45e116b92f12a3de23dc9e3c4277e0905b068d76500adadb9b2f", "619d9389ddc28121761c04013dc87d57de06b267fd4f88b68aa3844395faaa10", "6afbdc965e8e4146a81bd388b7385cb8340ddf9826d56a7f2cd14c5e68ca63f8", "8ecfa25626cd017f47d2c4697fc5b1cef207a30a93cf34c71b8f5a7b8b265270", "8fb66857237c75f91b98f015ad0c921b81b9c675f107cb26d88b792e90373c37", "97015bd3b326c7a149acdedd86793e9f6dfeadf714a183ec6dbf5ef8539c8f75", "c7027c531dfe86334180062dc17b4259f9c103076cbb35edc1d5d46a54721553", "d144a2d806f787aed58f5b9373bb63989c435510256a79eb4e6417b08e017879", "e9bd0fd8a733b3d3839e92ecb6f31f69aafc3d4c8ea81230e197920d98f8be89"], "path": "%CommonProgramFiles%\\Microsoft Shared\\OFFICE14\\nimidobm.tmp"}, {"hashes": ["0a02e9ff2470c87e6713b09e7e99652c497d1e5eeb5ccbdd527b289c871cf4a7", "13bd2fa278f7d0b76d813a689d1f70a58d962eb3d0958ef190b17457e2cd4d8f", "39f05a3801197ca302764e303c23b71079f8d2d58f4def0c54b37a2e133d48c1", "5e98e799e86a45e116b92f12a3de23dc9e3c4277e0905b068d76500adadb9b2f", "619d9389ddc28121761c04013dc87d57de06b267fd4f88b68aa3844395faaa10", "6afbdc965e8e4146a81bd388b7385cb8340ddf9826d56a7f2cd14c5e68ca63f8", "8ecfa25626cd017f47d2c4697fc5b1cef207a30a93cf34c71b8f5a7b8b265270", "8fb66857237c75f91b98f015ad0c921b81b9c675f107cb26d88b792e90373c37", "97015bd3b326c7a149acdedd86793e9f6dfeadf714a183ec6dbf5ef8539c8f75", "c7027c531dfe86334180062dc17b4259f9c103076cbb35edc1d5d46a54721553", "d144a2d806f787aed58f5b9373bb63989c435510256a79eb4e6417b08e017879", "e9bd0fd8a733b3d3839e92ecb6f31f69aafc3d4c8ea81230e197920d98f8be89"], "path": "%CommonProgramFiles%\\Microsoft Shared\\VSTO\\10.0\\knqknjlo.tmp"}, {"hashes": ["0a02e9ff2470c87e6713b09e7e99652c497d1e5eeb5ccbdd527b289c871cf4a7", "13bd2fa278f7d0b76d813a689d1f70a58d962eb3d0958ef190b17457e2cd4d8f", "39f05a3801197ca302764e303c23b71079f8d2d58f4def0c54b37a2e133d48c1", "5e98e799e86a45e116b92f12a3de23dc9e3c4277e0905b068d76500adadb9b2f", "619d9389ddc28121761c04013dc87d57de06b267fd4f88b68aa3844395faaa10", "6afbdc965e8e4146a81bd388b7385cb8340ddf9826d56a7f2cd14c5e68ca63f8", "8ecfa25626cd017f47d2c4697fc5b1cef207a30a93cf34c71b8f5a7b8b265270", "8fb66857237c75f91b98f015ad0c921b81b9c675f107cb26d88b792e90373c37", "97015bd3b326c7a149acdedd86793e9f6dfeadf714a183ec6dbf5ef8539c8f75", "c7027c531dfe86334180062dc17b4259f9c103076cbb35edc1d5d46a54721553", "d144a2d806f787aed58f5b9373bb63989c435510256a79eb4e6417b08e017879", "e9bd0fd8a733b3d3839e92ecb6f31f69aafc3d4c8ea81230e197920d98f8be89"], "path": "%CommonProgramFiles%\\Microsoft Shared\\ink\\akaajeom.tmp"}, {"hashes": ["0a02e9ff2470c87e6713b09e7e99652c497d1e5eeb5ccbdd527b289c871cf4a7", "13bd2fa278f7d0b76d813a689d1f70a58d962eb3d0958ef190b17457e2cd4d8f", "39f05a3801197ca302764e303c23b71079f8d2d58f4def0c54b37a2e133d48c1", "5e98e799e86a45e116b92f12a3de23dc9e3c4277e0905b068d76500adadb9b2f", "619d9389ddc28121761c04013dc87d57de06b267fd4f88b68aa3844395faaa10", "6afbdc965e8e4146a81bd388b7385cb8340ddf9826d56a7f2cd14c5e68ca63f8", "8ecfa25626cd017f47d2c4697fc5b1cef207a30a93cf34c71b8f5a7b8b265270", "8fb66857237c75f91b98f015ad0c921b81b9c675f107cb26d88b792e90373c37", "97015bd3b326c7a149acdedd86793e9f6dfeadf714a183ec6dbf5ef8539c8f75", "c7027c531dfe86334180062dc17b4259f9c103076cbb35edc1d5d46a54721553", "d144a2d806f787aed58f5b9373bb63989c435510256a79eb4e6417b08e017879", "e9bd0fd8a733b3d3839e92ecb6f31f69aafc3d4c8ea81230e197920d98f8be89"], "path": "%CommonProgramFiles%\\Microsoft Shared\\ink\\eqiodbdg.tmp"}, {"hashes": ["0a02e9ff2470c87e6713b09e7e99652c497d1e5eeb5ccbdd527b289c871cf4a7", "13bd2fa278f7d0b76d813a689d1f70a58d962eb3d0958ef190b17457e2cd4d8f", "39f05a3801197ca302764e303c23b71079f8d2d58f4def0c54b37a2e133d48c1", "5e98e799e86a45e116b92f12a3de23dc9e3c4277e0905b068d76500adadb9b2f", "619d9389ddc28121761c04013dc87d57de06b267fd4f88b68aa3844395faaa10", "6afbdc965e8e4146a81bd388b7385cb8340ddf9826d56a7f2cd14c5e68ca63f8", "8ecfa25626cd017f47d2c4697fc5b1cef207a30a93cf34c71b8f5a7b8b265270", "8fb66857237c75f91b98f015ad0c921b81b9c675f107cb26d88b792e90373c37", "97015bd3b326c7a149acdedd86793e9f6dfeadf714a183ec6dbf5ef8539c8f75", "c7027c531dfe86334180062dc17b4259f9c103076cbb35edc1d5d46a54721553", "d144a2d806f787aed58f5b9373bb63989c435510256a79eb4e6417b08e017879", "e9bd0fd8a733b3d3839e92ecb6f31f69aafc3d4c8ea81230e197920d98f8be89"], "path": "%CommonProgramFiles%\\Microsoft Shared\\ink\\gdaoemja.tmp"}, {"hashes": ["0a02e9ff2470c87e6713b09e7e99652c497d1e5eeb5ccbdd527b289c871cf4a7", "13bd2fa278f7d0b76d813a689d1f70a58d962eb3d0958ef190b17457e2cd4d8f", "39f05a3801197ca302764e303c23b71079f8d2d58f4def0c54b37a2e133d48c1", "5e98e799e86a45e116b92f12a3de23dc9e3c4277e0905b068d76500adadb9b2f", "619d9389ddc28121761c04013dc87d57de06b267fd4f88b68aa3844395faaa10", "6afbdc965e8e4146a81bd388b7385cb8340ddf9826d56a7f2cd14c5e68ca63f8", "8ecfa25626cd017f47d2c4697fc5b1cef207a30a93cf34c71b8f5a7b8b265270", "8fb66857237c75f91b98f015ad0c921b81b9c675f107cb26d88b792e90373c37", "97015bd3b326c7a149acdedd86793e9f6dfeadf714a183ec6dbf5ef8539c8f75", "c7027c531dfe86334180062dc17b4259f9c103076cbb35edc1d5d46a54721553", "d144a2d806f787aed58f5b9373bb63989c435510256a79eb4e6417b08e017879", "e9bd0fd8a733b3d3839e92ecb6f31f69aafc3d4c8ea81230e197920d98f8be89"], "path": "%CommonProgramFiles%\\Microsoft Shared\\ink\\onakajab.tmp"}, {"hashes": ["0a02e9ff2470c87e6713b09e7e99652c497d1e5eeb5ccbdd527b289c871cf4a7", "13bd2fa278f7d0b76d813a689d1f70a58d962eb3d0958ef190b17457e2cd4d8f", "39f05a3801197ca302764e303c23b71079f8d2d58f4def0c54b37a2e133d48c1", "5e98e799e86a45e116b92f12a3de23dc9e3c4277e0905b068d76500adadb9b2f", "619d9389ddc28121761c04013dc87d57de06b267fd4f88b68aa3844395faaa10", "6afbdc965e8e4146a81bd388b7385cb8340ddf9826d56a7f2cd14c5e68ca63f8", "8ecfa25626cd017f47d2c4697fc5b1cef207a30a93cf34c71b8f5a7b8b265270", "8fb66857237c75f91b98f015ad0c921b81b9c675f107cb26d88b792e90373c37", "97015bd3b326c7a149acdedd86793e9f6dfeadf714a183ec6dbf5ef8539c8f75", "c7027c531dfe86334180062dc17b4259f9c103076cbb35edc1d5d46a54721553", "d144a2d806f787aed58f5b9373bb63989c435510256a79eb4e6417b08e017879", "e9bd0fd8a733b3d3839e92ecb6f31f69aafc3d4c8ea81230e197920d98f8be89"], "path": "%ProgramFiles%\\DVD Maker\\gmoggjie.tmp"}, {"hashes": ["0a02e9ff2470c87e6713b09e7e99652c497d1e5eeb5ccbdd527b289c871cf4a7", "13bd2fa278f7d0b76d813a689d1f70a58d962eb3d0958ef190b17457e2cd4d8f", "39f05a3801197ca302764e303c23b71079f8d2d58f4def0c54b37a2e133d48c1", "5e98e799e86a45e116b92f12a3de23dc9e3c4277e0905b068d76500adadb9b2f", "619d9389ddc28121761c04013dc87d57de06b267fd4f88b68aa3844395faaa10", "6afbdc965e8e4146a81bd388b7385cb8340ddf9826d56a7f2cd14c5e68ca63f8", "8ecfa25626cd017f47d2c4697fc5b1cef207a30a93cf34c71b8f5a7b8b265270", "8fb66857237c75f91b98f015ad0c921b81b9c675f107cb26d88b792e90373c37", "97015bd3b326c7a149acdedd86793e9f6dfeadf714a183ec6dbf5ef8539c8f75", "c7027c531dfe86334180062dc17b4259f9c103076cbb35edc1d5d46a54721553", "d144a2d806f787aed58f5b9373bb63989c435510256a79eb4e6417b08e017879", "e9bd0fd8a733b3d3839e92ecb6f31f69aafc3d4c8ea81230e197920d98f8be89"], "path": "%ProgramFiles%\\Internet Explorer\\emdpmifb.tmp"}, {"hashes": ["0a02e9ff2470c87e6713b09e7e99652c497d1e5eeb5ccbdd527b289c871cf4a7", "13bd2fa278f7d0b76d813a689d1f70a58d962eb3d0958ef190b17457e2cd4d8f", "39f05a3801197ca302764e303c23b71079f8d2d58f4def0c54b37a2e133d48c1", "5e98e799e86a45e116b92f12a3de23dc9e3c4277e0905b068d76500adadb9b2f", "619d9389ddc28121761c04013dc87d57de06b267fd4f88b68aa3844395faaa10", "6afbdc965e8e4146a81bd388b7385cb8340ddf9826d56a7f2cd14c5e68ca63f8", "8ecfa25626cd017f47d2c4697fc5b1cef207a30a93cf34c71b8f5a7b8b265270", "8fb66857237c75f91b98f015ad0c921b81b9c675f107cb26d88b792e90373c37", "97015bd3b326c7a149acdedd86793e9f6dfeadf714a183ec6dbf5ef8539c8f75", "c7027c531dfe86334180062dc17b4259f9c103076cbb35edc1d5d46a54721553", "d144a2d806f787aed58f5b9373bb63989c435510256a79eb4e6417b08e017879", "e9bd0fd8a733b3d3839e92ecb6f31f69aafc3d4c8ea81230e197920d98f8be89"], "path": "%ProgramFiles%\\Internet Explorer\\odadaonc.tmp"}, {"hashes": ["0a02e9ff2470c87e6713b09e7e99652c497d1e5eeb5ccbdd527b289c871cf4a7", "13bd2fa278f7d0b76d813a689d1f70a58d962eb3d0958ef190b17457e2cd4d8f", "39f05a3801197ca302764e303c23b71079f8d2d58f4def0c54b37a2e133d48c1", "5e98e799e86a45e116b92f12a3de23dc9e3c4277e0905b068d76500adadb9b2f", "619d9389ddc28121761c04013dc87d57de06b267fd4f88b68aa3844395faaa10", "6afbdc965e8e4146a81bd388b7385cb8340ddf9826d56a7f2cd14c5e68ca63f8", "8ecfa25626cd017f47d2c4697fc5b1cef207a30a93cf34c71b8f5a7b8b265270", "8fb66857237c75f91b98f015ad0c921b81b9c675f107cb26d88b792e90373c37", "97015bd3b326c7a149acdedd86793e9f6dfeadf714a183ec6dbf5ef8539c8f75", "c7027c531dfe86334180062dc17b4259f9c103076cbb35edc1d5d46a54721553", "d144a2d806f787aed58f5b9373bb63989c435510256a79eb4e6417b08e017879", "e9bd0fd8a733b3d3839e92ecb6f31f69aafc3d4c8ea81230e197920d98f8be89"], "path": "%ProgramFiles%\\Java\\jre6\\bin\\aglddoil.tmp"}, {"hashes": ["0a02e9ff2470c87e6713b09e7e99652c497d1e5eeb5ccbdd527b289c871cf4a7", "13bd2fa278f7d0b76d813a689d1f70a58d962eb3d0958ef190b17457e2cd4d8f", "39f05a3801197ca302764e303c23b71079f8d2d58f4def0c54b37a2e133d48c1", "5e98e799e86a45e116b92f12a3de23dc9e3c4277e0905b068d76500adadb9b2f", "619d9389ddc28121761c04013dc87d57de06b267fd4f88b68aa3844395faaa10", "6afbdc965e8e4146a81bd388b7385cb8340ddf9826d56a7f2cd14c5e68ca63f8", "8ecfa25626cd017f47d2c4697fc5b1cef207a30a93cf34c71b8f5a7b8b265270", "8fb66857237c75f91b98f015ad0c921b81b9c675f107cb26d88b792e90373c37", "97015bd3b326c7a149acdedd86793e9f6dfeadf714a183ec6dbf5ef8539c8f75", "c7027c531dfe86334180062dc17b4259f9c103076cbb35edc1d5d46a54721553", "d144a2d806f787aed58f5b9373bb63989c435510256a79eb4e6417b08e017879", "e9bd0fd8a733b3d3839e92ecb6f31f69aafc3d4c8ea81230e197920d98f8be89"], "path": "%ProgramFiles%\\Java\\jre6\\bin\\bhlnifll.tmp"}, {"hashes": ["0a02e9ff2470c87e6713b09e7e99652c497d1e5eeb5ccbdd527b289c871cf4a7", "13bd2fa278f7d0b76d813a689d1f70a58d962eb3d0958ef190b17457e2cd4d8f", "39f05a3801197ca302764e303c23b71079f8d2d58f4def0c54b37a2e133d48c1", "5e98e799e86a45e116b92f12a3de23dc9e3c4277e0905b068d76500adadb9b2f", "619d9389ddc28121761c04013dc87d57de06b267fd4f88b68aa3844395faaa10", "6afbdc965e8e4146a81bd388b7385cb8340ddf9826d56a7f2cd14c5e68ca63f8", "8ecfa25626cd017f47d2c4697fc5b1cef207a30a93cf34c71b8f5a7b8b265270", "8fb66857237c75f91b98f015ad0c921b81b9c675f107cb26d88b792e90373c37", "97015bd3b326c7a149acdedd86793e9f6dfeadf714a183ec6dbf5ef8539c8f75", "c7027c531dfe86334180062dc17b4259f9c103076cbb35edc1d5d46a54721553", "d144a2d806f787aed58f5b9373bb63989c435510256a79eb4e6417b08e017879", "e9bd0fd8a733b3d3839e92ecb6f31f69aafc3d4c8ea81230e197920d98f8be89"], "path": "%ProgramFiles%\\Java\\jre6\\bin\\onnmbqjl.tmp"}, {"hashes": ["0a02e9ff2470c87e6713b09e7e99652c497d1e5eeb5ccbdd527b289c871cf4a7", "13bd2fa278f7d0b76d813a689d1f70a58d962eb3d0958ef190b17457e2cd4d8f", "39f05a3801197ca302764e303c23b71079f8d2d58f4def0c54b37a2e133d48c1", "5e98e799e86a45e116b92f12a3de23dc9e3c4277e0905b068d76500adadb9b2f", "619d9389ddc28121761c04013dc87d57de06b267fd4f88b68aa3844395faaa10", "6afbdc965e8e4146a81bd388b7385cb8340ddf9826d56a7f2cd14c5e68ca63f8", "8ecfa25626cd017f47d2c4697fc5b1cef207a30a93cf34c71b8f5a7b8b265270", "8fb66857237c75f91b98f015ad0c921b81b9c675f107cb26d88b792e90373c37", "97015bd3b326c7a149acdedd86793e9f6dfeadf714a183ec6dbf5ef8539c8f75", "c7027c531dfe86334180062dc17b4259f9c103076cbb35edc1d5d46a54721553", "d144a2d806f787aed58f5b9373bb63989c435510256a79eb4e6417b08e017879", "e9bd0fd8a733b3d3839e92ecb6f31f69aafc3d4c8ea81230e197920d98f8be89"], "path": "%ProgramFiles%\\Java\\jre7\\bin\\ckillgah.tmp"}, {"hashes": ["0a02e9ff2470c87e6713b09e7e99652c497d1e5eeb5ccbdd527b289c871cf4a7", "13bd2fa278f7d0b76d813a689d1f70a58d962eb3d0958ef190b17457e2cd4d8f", "39f05a3801197ca302764e303c23b71079f8d2d58f4def0c54b37a2e133d48c1", "5e98e799e86a45e116b92f12a3de23dc9e3c4277e0905b068d76500adadb9b2f", "619d9389ddc28121761c04013dc87d57de06b267fd4f88b68aa3844395faaa10", "6afbdc965e8e4146a81bd388b7385cb8340ddf9826d56a7f2cd14c5e68ca63f8", "8ecfa25626cd017f47d2c4697fc5b1cef207a30a93cf34c71b8f5a7b8b265270", "8fb66857237c75f91b98f015ad0c921b81b9c675f107cb26d88b792e90373c37", "97015bd3b326c7a149acdedd86793e9f6dfeadf714a183ec6dbf5ef8539c8f75", "c7027c531dfe86334180062dc17b4259f9c103076cbb35edc1d5d46a54721553", "d144a2d806f787aed58f5b9373bb63989c435510256a79eb4e6417b08e017879", "e9bd0fd8a733b3d3839e92ecb6f31f69aafc3d4c8ea81230e197920d98f8be89"], "path": "%ProgramFiles%\\Java\\jre7\\bin\\feqkbkgm.tmp"}, {"hashes": ["0a02e9ff2470c87e6713b09e7e99652c497d1e5eeb5ccbdd527b289c871cf4a7", "13bd2fa278f7d0b76d813a689d1f70a58d962eb3d0958ef190b17457e2cd4d8f", "39f05a3801197ca302764e303c23b71079f8d2d58f4def0c54b37a2e133d48c1", "5e98e799e86a45e116b92f12a3de23dc9e3c4277e0905b068d76500adadb9b2f", "619d9389ddc28121761c04013dc87d57de06b267fd4f88b68aa3844395faaa10", "6afbdc965e8e4146a81bd388b7385cb8340ddf9826d56a7f2cd14c5e68ca63f8", "8ecfa25626cd017f47d2c4697fc5b1cef207a30a93cf34c71b8f5a7b8b265270", "8fb66857237c75f91b98f015ad0c921b81b9c675f107cb26d88b792e90373c37", "97015bd3b326c7a149acdedd86793e9f6dfeadf714a183ec6dbf5ef8539c8f75", "c7027c531dfe86334180062dc17b4259f9c103076cbb35edc1d5d46a54721553", "d144a2d806f787aed58f5b9373bb63989c435510256a79eb4e6417b08e017879", "e9bd0fd8a733b3d3839e92ecb6f31f69aafc3d4c8ea81230e197920d98f8be89"], "path": "%ProgramFiles%\\Java\\jre7\\bin\\gnciljmn.tmp"}, {"hashes": ["0a02e9ff2470c87e6713b09e7e99652c497d1e5eeb5ccbdd527b289c871cf4a7", "13bd2fa278f7d0b76d813a689d1f70a58d962eb3d0958ef190b17457e2cd4d8f", "39f05a3801197ca302764e303c23b71079f8d2d58f4def0c54b37a2e133d48c1", "5e98e799e86a45e116b92f12a3de23dc9e3c4277e0905b068d76500adadb9b2f", "619d9389ddc28121761c04013dc87d57de06b267fd4f88b68aa3844395faaa10", "6afbdc965e8e4146a81bd388b7385cb8340ddf9826d56a7f2cd14c5e68ca63f8", "8ecfa25626cd017f47d2c4697fc5b1cef207a30a93cf34c71b8f5a7b8b265270", "8fb66857237c75f91b98f015ad0c921b81b9c675f107cb26d88b792e90373c37", "97015bd3b326c7a149acdedd86793e9f6dfeadf714a183ec6dbf5ef8539c8f75", "c7027c531dfe86334180062dc17b4259f9c103076cbb35edc1d5d46a54721553", "d144a2d806f787aed58f5b9373bb63989c435510256a79eb4e6417b08e017879", "e9bd0fd8a733b3d3839e92ecb6f31f69aafc3d4c8ea81230e197920d98f8be89"], "path": "%System32%\\<random, matching '[a-z]{8}'>.tmp"}, {"hashes": ["0a02e9ff2470c87e6713b09e7e99652c497d1e5eeb5ccbdd527b289c871cf4a7", "13bd2fa278f7d0b76d813a689d1f70a58d962eb3d0958ef190b17457e2cd4d8f", "39f05a3801197ca302764e303c23b71079f8d2d58f4def0c54b37a2e133d48c1", "5e98e799e86a45e116b92f12a3de23dc9e3c4277e0905b068d76500adadb9b2f", "619d9389ddc28121761c04013dc87d57de06b267fd4f88b68aa3844395faaa10", "6afbdc965e8e4146a81bd388b7385cb8340ddf9826d56a7f2cd14c5e68ca63f8", "8ecfa25626cd017f47d2c4697fc5b1cef207a30a93cf34c71b8f5a7b8b265270", "8fb66857237c75f91b98f015ad0c921b81b9c675f107cb26d88b792e90373c37", "97015bd3b326c7a149acdedd86793e9f6dfeadf714a183ec6dbf5ef8539c8f75", "c7027c531dfe86334180062dc17b4259f9c103076cbb35edc1d5d46a54721553", "d144a2d806f787aed58f5b9373bb63989c435510256a79eb4e6417b08e017879", "e9bd0fd8a733b3d3839e92ecb6f31f69aafc3d4c8ea81230e197920d98f8be89"], "path": "%SystemRoot%\\microsoft.net\\framework\\v2.0.50727\\<random, matching '[a-z]{8}'>.tmp"}, {"hashes": ["0a02e9ff2470c87e6713b09e7e99652c497d1e5eeb5ccbdd527b289c871cf4a7", "13bd2fa278f7d0b76d813a689d1f70a58d962eb3d0958ef190b17457e2cd4d8f", "39f05a3801197ca302764e303c23b71079f8d2d58f4def0c54b37a2e133d48c1", "5e98e799e86a45e116b92f12a3de23dc9e3c4277e0905b068d76500adadb9b2f", "619d9389ddc28121761c04013dc87d57de06b267fd4f88b68aa3844395faaa10", "6afbdc965e8e4146a81bd388b7385cb8340ddf9826d56a7f2cd14c5e68ca63f8", "8ecfa25626cd017f47d2c4697fc5b1cef207a30a93cf34c71b8f5a7b8b265270", "8fb66857237c75f91b98f015ad0c921b81b9c675f107cb26d88b792e90373c37", "97015bd3b326c7a149acdedd86793e9f6dfeadf714a183ec6dbf5ef8539c8f75", "c7027c531dfe86334180062dc17b4259f9c103076cbb35edc1d5d46a54721553", "d144a2d806f787aed58f5b9373bb63989c435510256a79eb4e6417b08e017879", "e9bd0fd8a733b3d3839e92ecb6f31f69aafc3d4c8ea81230e197920d98f8be89"], "path": "%SystemRoot%\\microsoft.net\\framework64\\v2.0.50727\\<random, matching '[a-z]{8}'>.tmp"}, {"hashes": ["0a02e9ff2470c87e6713b09e7e99652c497d1e5eeb5ccbdd527b289c871cf4a7", "13bd2fa278f7d0b76d813a689d1f70a58d962eb3d0958ef190b17457e2cd4d8f", "39f05a3801197ca302764e303c23b71079f8d2d58f4def0c54b37a2e133d48c1", "5e98e799e86a45e116b92f12a3de23dc9e3c4277e0905b068d76500adadb9b2f", "619d9389ddc28121761c04013dc87d57de06b267fd4f88b68aa3844395faaa10", "6afbdc965e8e4146a81bd388b7385cb8340ddf9826d56a7f2cd14c5e68ca63f8", "8ecfa25626cd017f47d2c4697fc5b1cef207a30a93cf34c71b8f5a7b8b265270", "8fb66857237c75f91b98f015ad0c921b81b9c675f107cb26d88b792e90373c37", "97015bd3b326c7a149acdedd86793e9f6dfeadf714a183ec6dbf5ef8539c8f75", "c7027c531dfe86334180062dc17b4259f9c103076cbb35edc1d5d46a54721553", "d144a2d806f787aed58f5b9373bb63989c435510256a79eb4e6417b08e017879", "e9bd0fd8a733b3d3839e92ecb6f31f69aafc3d4c8ea81230e197920d98f8be89"], "path": "%SystemRoot%\\microsoft.net\\framework\\v4.0.30319\\<random, matching '[a-z]{8}'>.tmp"}, {"hashes": ["0a02e9ff2470c87e6713b09e7e99652c497d1e5eeb5ccbdd527b289c871cf4a7", "13bd2fa278f7d0b76d813a689d1f70a58d962eb3d0958ef190b17457e2cd4d8f", "39f05a3801197ca302764e303c23b71079f8d2d58f4def0c54b37a2e133d48c1", "5e98e799e86a45e116b92f12a3de23dc9e3c4277e0905b068d76500adadb9b2f", "619d9389ddc28121761c04013dc87d57de06b267fd4f88b68aa3844395faaa10", "6afbdc965e8e4146a81bd388b7385cb8340ddf9826d56a7f2cd14c5e68ca63f8", "8ecfa25626cd017f47d2c4697fc5b1cef207a30a93cf34c71b8f5a7b8b265270", "8fb66857237c75f91b98f015ad0c921b81b9c675f107cb26d88b792e90373c37", "97015bd3b326c7a149acdedd86793e9f6dfeadf714a183ec6dbf5ef8539c8f75", "c7027c531dfe86334180062dc17b4259f9c103076cbb35edc1d5d46a54721553", "d144a2d806f787aed58f5b9373bb63989c435510256a79eb4e6417b08e017879", "e9bd0fd8a733b3d3839e92ecb6f31f69aafc3d4c8ea81230e197920d98f8be89"], "path": "%SystemRoot%\\microsoft.net\\framework64\\v4.0.30319\\<random, matching '[a-z]{8}'>.tmp"}], "ip": [], "mutex": [{"hashes": ["0a02e9ff2470c87e6713b09e7e99652c497d1e5eeb5ccbdd527b289c871cf4a7", "13bd2fa278f7d0b76d813a689d1f70a58d962eb3d0958ef190b17457e2cd4d8f", "39f05a3801197ca302764e303c23b71079f8d2d58f4def0c54b37a2e133d48c1", "5e98e799e86a45e116b92f12a3de23dc9e3c4277e0905b068d76500adadb9b2f", "619d9389ddc28121761c04013dc87d57de06b267fd4f88b68aa3844395faaa10", "6afbdc965e8e4146a81bd388b7385cb8340ddf9826d56a7f2cd14c5e68ca63f8", "8ecfa25626cd017f47d2c4697fc5b1cef207a30a93cf34c71b8f5a7b8b265270", "8fb66857237c75f91b98f015ad0c921b81b9c675f107cb26d88b792e90373c37", "97015bd3b326c7a149acdedd86793e9f6dfeadf714a183ec6dbf5ef8539c8f75", "c7027c531dfe86334180062dc17b4259f9c103076cbb35edc1d5d46a54721553", "d144a2d806f787aed58f5b9373bb63989c435510256a79eb4e6417b08e017879", "e9bd0fd8a733b3d3839e92ecb6f31f69aafc3d4c8ea81230e197920d98f8be89"], "name": "kkq-vx_mtx63"}, {"hashes": ["0a02e9ff2470c87e6713b09e7e99652c497d1e5eeb5ccbdd527b289c871cf4a7", "13bd2fa278f7d0b76d813a689d1f70a58d962eb3d0958ef190b17457e2cd4d8f", "39f05a3801197ca302764e303c23b71079f8d2d58f4def0c54b37a2e133d48c1", "5e98e799e86a45e116b92f12a3de23dc9e3c4277e0905b068d76500adadb9b2f", "619d9389ddc28121761c04013dc87d57de06b267fd4f88b68aa3844395faaa10", "6afbdc965e8e4146a81bd388b7385cb8340ddf9826d56a7f2cd14c5e68ca63f8", "8ecfa25626cd017f47d2c4697fc5b1cef207a30a93cf34c71b8f5a7b8b265270", "8fb66857237c75f91b98f015ad0c921b81b9c675f107cb26d88b792e90373c37", "97015bd3b326c7a149acdedd86793e9f6dfeadf714a183ec6dbf5ef8539c8f75", "c7027c531dfe86334180062dc17b4259f9c103076cbb35edc1d5d46a54721553", "d144a2d806f787aed58f5b9373bb63989c435510256a79eb4e6417b08e017879", "e9bd0fd8a733b3d3839e92ecb6f31f69aafc3d4c8ea81230e197920d98f8be89"], "name": "kkq-vx_mtx64"}, {"hashes": ["0a02e9ff2470c87e6713b09e7e99652c497d1e5eeb5ccbdd527b289c871cf4a7", "13bd2fa278f7d0b76d813a689d1f70a58d962eb3d0958ef190b17457e2cd4d8f", "39f05a3801197ca302764e303c23b71079f8d2d58f4def0c54b37a2e133d48c1", "5e98e799e86a45e116b92f12a3de23dc9e3c4277e0905b068d76500adadb9b2f", "619d9389ddc28121761c04013dc87d57de06b267fd4f88b68aa3844395faaa10", "6afbdc965e8e4146a81bd388b7385cb8340ddf9826d56a7f2cd14c5e68ca63f8", "8ecfa25626cd017f47d2c4697fc5b1cef207a30a93cf34c71b8f5a7b8b265270", "8fb66857237c75f91b98f015ad0c921b81b9c675f107cb26d88b792e90373c37", "97015bd3b326c7a149acdedd86793e9f6dfeadf714a183ec6dbf5ef8539c8f75", "c7027c531dfe86334180062dc17b4259f9c103076cbb35edc1d5d46a54721553", "d144a2d806f787aed58f5b9373bb63989c435510256a79eb4e6417b08e017879", "e9bd0fd8a733b3d3839e92ecb6f31f69aafc3d4c8ea81230e197920d98f8be89"], "name": "kkq-vx_mtx65"}, {"hashes": ["0a02e9ff2470c87e6713b09e7e99652c497d1e5eeb5ccbdd527b289c871cf4a7", "13bd2fa278f7d0b76d813a689d1f70a58d962eb3d0958ef190b17457e2cd4d8f", "39f05a3801197ca302764e303c23b71079f8d2d58f4def0c54b37a2e133d48c1", "5e98e799e86a45e116b92f12a3de23dc9e3c4277e0905b068d76500adadb9b2f", "619d9389ddc28121761c04013dc87d57de06b267fd4f88b68aa3844395faaa10", "6afbdc965e8e4146a81bd388b7385cb8340ddf9826d56a7f2cd14c5e68ca63f8", "8ecfa25626cd017f47d2c4697fc5b1cef207a30a93cf34c71b8f5a7b8b265270", "8fb66857237c75f91b98f015ad0c921b81b9c675f107cb26d88b792e90373c37", "97015bd3b326c7a149acdedd86793e9f6dfeadf714a183ec6dbf5ef8539c8f75", "c7027c531dfe86334180062dc17b4259f9c103076cbb35edc1d5d46a54721553", "d144a2d806f787aed58f5b9373bb63989c435510256a79eb4e6417b08e017879", "e9bd0fd8a733b3d3839e92ecb6f31f69aafc3d4c8ea81230e197920d98f8be89"], "name": "kkq-vx_mtx66"}, {"hashes": ["0a02e9ff2470c87e6713b09e7e99652c497d1e5eeb5ccbdd527b289c871cf4a7", "13bd2fa278f7d0b76d813a689d1f70a58d962eb3d0958ef190b17457e2cd4d8f", "39f05a3801197ca302764e303c23b71079f8d2d58f4def0c54b37a2e133d48c1", "5e98e799e86a45e116b92f12a3de23dc9e3c4277e0905b068d76500adadb9b2f", "619d9389ddc28121761c04013dc87d57de06b267fd4f88b68aa3844395faaa10", "6afbdc965e8e4146a81bd388b7385cb8340ddf9826d56a7f2cd14c5e68ca63f8", "8ecfa25626cd017f47d2c4697fc5b1cef207a30a93cf34c71b8f5a7b8b265270", "8fb66857237c75f91b98f015ad0c921b81b9c675f107cb26d88b792e90373c37", "97015bd3b326c7a149acdedd86793e9f6dfeadf714a183ec6dbf5ef8539c8f75", "c7027c531dfe86334180062dc17b4259f9c103076cbb35edc1d5d46a54721553", "d144a2d806f787aed58f5b9373bb63989c435510256a79eb4e6417b08e017879", "e9bd0fd8a733b3d3839e92ecb6f31f69aafc3d4c8ea81230e197920d98f8be89"], "name": "kkq-vx_mtx67"}, {"hashes": ["0a02e9ff2470c87e6713b09e7e99652c497d1e5eeb5ccbdd527b289c871cf4a7", "13bd2fa278f7d0b76d813a689d1f70a58d962eb3d0958ef190b17457e2cd4d8f", "39f05a3801197ca302764e303c23b71079f8d2d58f4def0c54b37a2e133d48c1", "5e98e799e86a45e116b92f12a3de23dc9e3c4277e0905b068d76500adadb9b2f", "619d9389ddc28121761c04013dc87d57de06b267fd4f88b68aa3844395faaa10", "6afbdc965e8e4146a81bd388b7385cb8340ddf9826d56a7f2cd14c5e68ca63f8", "8ecfa25626cd017f47d2c4697fc5b1cef207a30a93cf34c71b8f5a7b8b265270", "8fb66857237c75f91b98f015ad0c921b81b9c675f107cb26d88b792e90373c37", "97015bd3b326c7a149acdedd86793e9f6dfeadf714a183ec6dbf5ef8539c8f75", "c7027c531dfe86334180062dc17b4259f9c103076cbb35edc1d5d46a54721553", "d144a2d806f787aed58f5b9373bb63989c435510256a79eb4e6417b08e017879", "e9bd0fd8a733b3d3839e92ecb6f31f69aafc3d4c8ea81230e197920d98f8be89"], "name": "kkq-vx_mtx68"}, {"hashes": ["0a02e9ff2470c87e6713b09e7e99652c497d1e5eeb5ccbdd527b289c871cf4a7", "13bd2fa278f7d0b76d813a689d1f70a58d962eb3d0958ef190b17457e2cd4d8f", "39f05a3801197ca302764e303c23b71079f8d2d58f4def0c54b37a2e133d48c1", "5e98e799e86a45e116b92f12a3de23dc9e3c4277e0905b068d76500adadb9b2f", "619d9389ddc28121761c04013dc87d57de06b267fd4f88b68aa3844395faaa10", "6afbdc965e8e4146a81bd388b7385cb8340ddf9826d56a7f2cd14c5e68ca63f8", "8ecfa25626cd017f47d2c4697fc5b1cef207a30a93cf34c71b8f5a7b8b265270", "8fb66857237c75f91b98f015ad0c921b81b9c675f107cb26d88b792e90373c37", "97015bd3b326c7a149acdedd86793e9f6dfeadf714a183ec6dbf5ef8539c8f75", "c7027c531dfe86334180062dc17b4259f9c103076cbb35edc1d5d46a54721553", "d144a2d806f787aed58f5b9373bb63989c435510256a79eb4e6417b08e017879", "e9bd0fd8a733b3d3839e92ecb6f31f69aafc3d4c8ea81230e197920d98f8be89"], "name": "kkq-vx_mtx69"}, {"hashes": ["0a02e9ff2470c87e6713b09e7e99652c497d1e5eeb5ccbdd527b289c871cf4a7", "13bd2fa278f7d0b76d813a689d1f70a58d962eb3d0958ef190b17457e2cd4d8f", "39f05a3801197ca302764e303c23b71079f8d2d58f4def0c54b37a2e133d48c1", "5e98e799e86a45e116b92f12a3de23dc9e3c4277e0905b068d76500adadb9b2f", "619d9389ddc28121761c04013dc87d57de06b267fd4f88b68aa3844395faaa10", "6afbdc965e8e4146a81bd388b7385cb8340ddf9826d56a7f2cd14c5e68ca63f8", "8ecfa25626cd017f47d2c4697fc5b1cef207a30a93cf34c71b8f5a7b8b265270", "8fb66857237c75f91b98f015ad0c921b81b9c675f107cb26d88b792e90373c37", "97015bd3b326c7a149acdedd86793e9f6dfeadf714a183ec6dbf5ef8539c8f75", "c7027c531dfe86334180062dc17b4259f9c103076cbb35edc1d5d46a54721553", "d144a2d806f787aed58f5b9373bb63989c435510256a79eb4e6417b08e017879", "e9bd0fd8a733b3d3839e92ecb6f31f69aafc3d4c8ea81230e197920d98f8be89"], "name": "kkq-vx_mtx70"}, {"hashes": ["0a02e9ff2470c87e6713b09e7e99652c497d1e5eeb5ccbdd527b289c871cf4a7", "13bd2fa278f7d0b76d813a689d1f70a58d962eb3d0958ef190b17457e2cd4d8f", "39f05a3801197ca302764e303c23b71079f8d2d58f4def0c54b37a2e133d48c1", "5e98e799e86a45e116b92f12a3de23dc9e3c4277e0905b068d76500adadb9b2f", "619d9389ddc28121761c04013dc87d57de06b267fd4f88b68aa3844395faaa10", "6afbdc965e8e4146a81bd388b7385cb8340ddf9826d56a7f2cd14c5e68ca63f8", "8ecfa25626cd017f47d2c4697fc5b1cef207a30a93cf34c71b8f5a7b8b265270", "8fb66857237c75f91b98f015ad0c921b81b9c675f107cb26d88b792e90373c37", "97015bd3b326c7a149acdedd86793e9f6dfeadf714a183ec6dbf5ef8539c8f75", "c7027c531dfe86334180062dc17b4259f9c103076cbb35edc1d5d46a54721553", "d144a2d806f787aed58f5b9373bb63989c435510256a79eb4e6417b08e017879", "e9bd0fd8a733b3d3839e92ecb6f31f69aafc3d4c8ea81230e197920d98f8be89"], "name": "kkq-vx_mtx71"}, {"hashes": ["0a02e9ff2470c87e6713b09e7e99652c497d1e5eeb5ccbdd527b289c871cf4a7", "13bd2fa278f7d0b76d813a689d1f70a58d962eb3d0958ef190b17457e2cd4d8f", "39f05a3801197ca302764e303c23b71079f8d2d58f4def0c54b37a2e133d48c1", "5e98e799e86a45e116b92f12a3de23dc9e3c4277e0905b068d76500adadb9b2f", "619d9389ddc28121761c04013dc87d57de06b267fd4f88b68aa3844395faaa10", "6afbdc965e8e4146a81bd388b7385cb8340ddf9826d56a7f2cd14c5e68ca63f8", "8ecfa25626cd017f47d2c4697fc5b1cef207a30a93cf34c71b8f5a7b8b265270", "8fb66857237c75f91b98f015ad0c921b81b9c675f107cb26d88b792e90373c37", "97015bd3b326c7a149acdedd86793e9f6dfeadf714a183ec6dbf5ef8539c8f75", "c7027c531dfe86334180062dc17b4259f9c103076cbb35edc1d5d46a54721553", "d144a2d806f787aed58f5b9373bb63989c435510256a79eb4e6417b08e017879", "e9bd0fd8a733b3d3839e92ecb6f31f69aafc3d4c8ea81230e197920d98f8be89"], "name": "kkq-vx_mtx72"}, {"hashes": ["0a02e9ff2470c87e6713b09e7e99652c497d1e5eeb5ccbdd527b289c871cf4a7", "13bd2fa278f7d0b76d813a689d1f70a58d962eb3d0958ef190b17457e2cd4d8f", "39f05a3801197ca302764e303c23b71079f8d2d58f4def0c54b37a2e133d48c1", "5e98e799e86a45e116b92f12a3de23dc9e3c4277e0905b068d76500adadb9b2f", "619d9389ddc28121761c04013dc87d57de06b267fd4f88b68aa3844395faaa10", "6afbdc965e8e4146a81bd388b7385cb8340ddf9826d56a7f2cd14c5e68ca63f8", "8ecfa25626cd017f47d2c4697fc5b1cef207a30a93cf34c71b8f5a7b8b265270", "8fb66857237c75f91b98f015ad0c921b81b9c675f107cb26d88b792e90373c37", "97015bd3b326c7a149acdedd86793e9f6dfeadf714a183ec6dbf5ef8539c8f75", "c7027c531dfe86334180062dc17b4259f9c103076cbb35edc1d5d46a54721553", "d144a2d806f787aed58f5b9373bb63989c435510256a79eb4e6417b08e017879", "e9bd0fd8a733b3d3839e92ecb6f31f69aafc3d4c8ea81230e197920d98f8be89"], "name": "kkq-vx_mtx73"}, {"hashes": ["0a02e9ff2470c87e6713b09e7e99652c497d1e5eeb5ccbdd527b289c871cf4a7", "13bd2fa278f7d0b76d813a689d1f70a58d962eb3d0958ef190b17457e2cd4d8f", "39f05a3801197ca302764e303c23b71079f8d2d58f4def0c54b37a2e133d48c1", "5e98e799e86a45e116b92f12a3de23dc9e3c4277e0905b068d76500adadb9b2f", "619d9389ddc28121761c04013dc87d57de06b267fd4f88b68aa3844395faaa10", "6afbdc965e8e4146a81bd388b7385cb8340ddf9826d56a7f2cd14c5e68ca63f8", "8ecfa25626cd017f47d2c4697fc5b1cef207a30a93cf34c71b8f5a7b8b265270", "8fb66857237c75f91b98f015ad0c921b81b9c675f107cb26d88b792e90373c37", "97015bd3b326c7a149acdedd86793e9f6dfeadf714a183ec6dbf5ef8539c8f75", "c7027c531dfe86334180062dc17b4259f9c103076cbb35edc1d5d46a54721553", "d144a2d806f787aed58f5b9373bb63989c435510256a79eb4e6417b08e017879", "e9bd0fd8a733b3d3839e92ecb6f31f69aafc3d4c8ea81230e197920d98f8be89"], "name": "kkq-vx_mtx74"}, {"hashes": ["0a02e9ff2470c87e6713b09e7e99652c497d1e5eeb5ccbdd527b289c871cf4a7", "13bd2fa278f7d0b76d813a689d1f70a58d962eb3d0958ef190b17457e2cd4d8f", "39f05a3801197ca302764e303c23b71079f8d2d58f4def0c54b37a2e133d48c1", "5e98e799e86a45e116b92f12a3de23dc9e3c4277e0905b068d76500adadb9b2f", "619d9389ddc28121761c04013dc87d57de06b267fd4f88b68aa3844395faaa10", "6afbdc965e8e4146a81bd388b7385cb8340ddf9826d56a7f2cd14c5e68ca63f8", "8ecfa25626cd017f47d2c4697fc5b1cef207a30a93cf34c71b8f5a7b8b265270", "8fb66857237c75f91b98f015ad0c921b81b9c675f107cb26d88b792e90373c37", "97015bd3b326c7a149acdedd86793e9f6dfeadf714a183ec6dbf5ef8539c8f75", "c7027c531dfe86334180062dc17b4259f9c103076cbb35edc1d5d46a54721553", "d144a2d806f787aed58f5b9373bb63989c435510256a79eb4e6417b08e017879", "e9bd0fd8a733b3d3839e92ecb6f31f69aafc3d4c8ea81230e197920d98f8be89"], "name": "kkq-vx_mtx75"}, {"hashes": ["0a02e9ff2470c87e6713b09e7e99652c497d1e5eeb5ccbdd527b289c871cf4a7", "13bd2fa278f7d0b76d813a689d1f70a58d962eb3d0958ef190b17457e2cd4d8f", "39f05a3801197ca302764e303c23b71079f8d2d58f4def0c54b37a2e133d48c1", "5e98e799e86a45e116b92f12a3de23dc9e3c4277e0905b068d76500adadb9b2f", "619d9389ddc28121761c04013dc87d57de06b267fd4f88b68aa3844395faaa10", "6afbdc965e8e4146a81bd388b7385cb8340ddf9826d56a7f2cd14c5e68ca63f8", "8ecfa25626cd017f47d2c4697fc5b1cef207a30a93cf34c71b8f5a7b8b265270", "8fb66857237c75f91b98f015ad0c921b81b9c675f107cb26d88b792e90373c37", "97015bd3b326c7a149acdedd86793e9f6dfeadf714a183ec6dbf5ef8539c8f75", "c7027c531dfe86334180062dc17b4259f9c103076cbb35edc1d5d46a54721553", "d144a2d806f787aed58f5b9373bb63989c435510256a79eb4e6417b08e017879", "e9bd0fd8a733b3d3839e92ecb6f31f69aafc3d4c8ea81230e197920d98f8be89"], "name": "kkq-vx_mtx76"}, {"hashes": ["0a02e9ff2470c87e6713b09e7e99652c497d1e5eeb5ccbdd527b289c871cf4a7", "13bd2fa278f7d0b76d813a689d1f70a58d962eb3d0958ef190b17457e2cd4d8f", "39f05a3801197ca302764e303c23b71079f8d2d58f4def0c54b37a2e133d48c1", "5e98e799e86a45e116b92f12a3de23dc9e3c4277e0905b068d76500adadb9b2f", "619d9389ddc28121761c04013dc87d57de06b267fd4f88b68aa3844395faaa10", "6afbdc965e8e4146a81bd388b7385cb8340ddf9826d56a7f2cd14c5e68ca63f8", "8ecfa25626cd017f47d2c4697fc5b1cef207a30a93cf34c71b8f5a7b8b265270", "8fb66857237c75f91b98f015ad0c921b81b9c675f107cb26d88b792e90373c37", "97015bd3b326c7a149acdedd86793e9f6dfeadf714a183ec6dbf5ef8539c8f75", "c7027c531dfe86334180062dc17b4259f9c103076cbb35edc1d5d46a54721553", "d144a2d806f787aed58f5b9373bb63989c435510256a79eb4e6417b08e017879", "e9bd0fd8a733b3d3839e92ecb6f31f69aafc3d4c8ea81230e197920d98f8be89"], "name": "kkq-vx_mtx77"}, {"hashes": ["0a02e9ff2470c87e6713b09e7e99652c497d1e5eeb5ccbdd527b289c871cf4a7", "13bd2fa278f7d0b76d813a689d1f70a58d962eb3d0958ef190b17457e2cd4d8f", "39f05a3801197ca302764e303c23b71079f8d2d58f4def0c54b37a2e133d48c1", "5e98e799e86a45e116b92f12a3de23dc9e3c4277e0905b068d76500adadb9b2f", "619d9389ddc28121761c04013dc87d57de06b267fd4f88b68aa3844395faaa10", "6afbdc965e8e4146a81bd388b7385cb8340ddf9826d56a7f2cd14c5e68ca63f8", "8ecfa25626cd017f47d2c4697fc5b1cef207a30a93cf34c71b8f5a7b8b265270", "8fb66857237c75f91b98f015ad0c921b81b9c675f107cb26d88b792e90373c37", "97015bd3b326c7a149acdedd86793e9f6dfeadf714a183ec6dbf5ef8539c8f75", "c7027c531dfe86334180062dc17b4259f9c103076cbb35edc1d5d46a54721553", "d144a2d806f787aed58f5b9373bb63989c435510256a79eb4e6417b08e017879", "e9bd0fd8a733b3d3839e92ecb6f31f69aafc3d4c8ea81230e197920d98f8be89"], "name": "kkq-vx_mtx78"}, {"hashes": ["0a02e9ff2470c87e6713b09e7e99652c497d1e5eeb5ccbdd527b289c871cf4a7", "13bd2fa278f7d0b76d813a689d1f70a58d962eb3d0958ef190b17457e2cd4d8f", "39f05a3801197ca302764e303c23b71079f8d2d58f4def0c54b37a2e133d48c1", "5e98e799e86a45e116b92f12a3de23dc9e3c4277e0905b068d76500adadb9b2f", "619d9389ddc28121761c04013dc87d57de06b267fd4f88b68aa3844395faaa10", "6afbdc965e8e4146a81bd388b7385cb8340ddf9826d56a7f2cd14c5e68ca63f8", "8ecfa25626cd017f47d2c4697fc5b1cef207a30a93cf34c71b8f5a7b8b265270", "8fb66857237c75f91b98f015ad0c921b81b9c675f107cb26d88b792e90373c37", "97015bd3b326c7a149acdedd86793e9f6dfeadf714a183ec6dbf5ef8539c8f75", "c7027c531dfe86334180062dc17b4259f9c103076cbb35edc1d5d46a54721553", "d144a2d806f787aed58f5b9373bb63989c435510256a79eb4e6417b08e017879", "e9bd0fd8a733b3d3839e92ecb6f31f69aafc3d4c8ea81230e197920d98f8be89"], "name": "kkq-vx_mtx79"}, {"hashes": ["0a02e9ff2470c87e6713b09e7e99652c497d1e5eeb5ccbdd527b289c871cf4a7", "13bd2fa278f7d0b76d813a689d1f70a58d962eb3d0958ef190b17457e2cd4d8f", "39f05a3801197ca302764e303c23b71079f8d2d58f4def0c54b37a2e133d48c1", "5e98e799e86a45e116b92f12a3de23dc9e3c4277e0905b068d76500adadb9b2f", "619d9389ddc28121761c04013dc87d57de06b267fd4f88b68aa3844395faaa10", "6afbdc965e8e4146a81bd388b7385cb8340ddf9826d56a7f2cd14c5e68ca63f8", "8ecfa25626cd017f47d2c4697fc5b1cef207a30a93cf34c71b8f5a7b8b265270", "8fb66857237c75f91b98f015ad0c921b81b9c675f107cb26d88b792e90373c37", "97015bd3b326c7a149acdedd86793e9f6dfeadf714a183ec6dbf5ef8539c8f75", "c7027c531dfe86334180062dc17b4259f9c103076cbb35edc1d5d46a54721553", "d144a2d806f787aed58f5b9373bb63989c435510256a79eb4e6417b08e017879", "e9bd0fd8a733b3d3839e92ecb6f31f69aafc3d4c8ea81230e197920d98f8be89"], "name": "kkq-vx_mtx80"}, {"hashes": ["0a02e9ff2470c87e6713b09e7e99652c497d1e5eeb5ccbdd527b289c871cf4a7", "13bd2fa278f7d0b76d813a689d1f70a58d962eb3d0958ef190b17457e2cd4d8f", "39f05a3801197ca302764e303c23b71079f8d2d58f4def0c54b37a2e133d48c1", "5e98e799e86a45e116b92f12a3de23dc9e3c4277e0905b068d76500adadb9b2f", "619d9389ddc28121761c04013dc87d57de06b267fd4f88b68aa3844395faaa10", "6afbdc965e8e4146a81bd388b7385cb8340ddf9826d56a7f2cd14c5e68ca63f8", "8ecfa25626cd017f47d2c4697fc5b1cef207a30a93cf34c71b8f5a7b8b265270", "8fb66857237c75f91b98f015ad0c921b81b9c675f107cb26d88b792e90373c37", "97015bd3b326c7a149acdedd86793e9f6dfeadf714a183ec6dbf5ef8539c8f75", "c7027c531dfe86334180062dc17b4259f9c103076cbb35edc1d5d46a54721553", "d144a2d806f787aed58f5b9373bb63989c435510256a79eb4e6417b08e017879", "e9bd0fd8a733b3d3839e92ecb6f31f69aafc3d4c8ea81230e197920d98f8be89"], "name": "kkq-vx_mtx81"}, {"hashes": ["0a02e9ff2470c87e6713b09e7e99652c497d1e5eeb5ccbdd527b289c871cf4a7", "13bd2fa278f7d0b76d813a689d1f70a58d962eb3d0958ef190b17457e2cd4d8f", "39f05a3801197ca302764e303c23b71079f8d2d58f4def0c54b37a2e133d48c1", "5e98e799e86a45e116b92f12a3de23dc9e3c4277e0905b068d76500adadb9b2f", "619d9389ddc28121761c04013dc87d57de06b267fd4f88b68aa3844395faaa10", "6afbdc965e8e4146a81bd388b7385cb8340ddf9826d56a7f2cd14c5e68ca63f8", "8ecfa25626cd017f47d2c4697fc5b1cef207a30a93cf34c71b8f5a7b8b265270", "8fb66857237c75f91b98f015ad0c921b81b9c675f107cb26d88b792e90373c37", "97015bd3b326c7a149acdedd86793e9f6dfeadf714a183ec6dbf5ef8539c8f75", "c7027c531dfe86334180062dc17b4259f9c103076cbb35edc1d5d46a54721553", "d144a2d806f787aed58f5b9373bb63989c435510256a79eb4e6417b08e017879", "e9bd0fd8a733b3d3839e92ecb6f31f69aafc3d4c8ea81230e197920d98f8be89"], "name": "kkq-vx_mtx82"}, {"hashes": ["0a02e9ff2470c87e6713b09e7e99652c497d1e5eeb5ccbdd527b289c871cf4a7", "13bd2fa278f7d0b76d813a689d1f70a58d962eb3d0958ef190b17457e2cd4d8f", "39f05a3801197ca302764e303c23b71079f8d2d58f4def0c54b37a2e133d48c1", "5e98e799e86a45e116b92f12a3de23dc9e3c4277e0905b068d76500adadb9b2f", "619d9389ddc28121761c04013dc87d57de06b267fd4f88b68aa3844395faaa10", "6afbdc965e8e4146a81bd388b7385cb8340ddf9826d56a7f2cd14c5e68ca63f8", "8ecfa25626cd017f47d2c4697fc5b1cef207a30a93cf34c71b8f5a7b8b265270", "8fb66857237c75f91b98f015ad0c921b81b9c675f107cb26d88b792e90373c37", "97015bd3b326c7a149acdedd86793e9f6dfeadf714a183ec6dbf5ef8539c8f75", "c7027c531dfe86334180062dc17b4259f9c103076cbb35edc1d5d46a54721553", "d144a2d806f787aed58f5b9373bb63989c435510256a79eb4e6417b08e017879", "e9bd0fd8a733b3d3839e92ecb6f31f69aafc3d4c8ea81230e197920d98f8be89"], "name": "kkq-vx_mtx83"}, {"hashes": ["0a02e9ff2470c87e6713b09e7e99652c497d1e5eeb5ccbdd527b289c871cf4a7", "13bd2fa278f7d0b76d813a689d1f70a58d962eb3d0958ef190b17457e2cd4d8f", "39f05a3801197ca302764e303c23b71079f8d2d58f4def0c54b37a2e133d48c1", "5e98e799e86a45e116b92f12a3de23dc9e3c4277e0905b068d76500adadb9b2f", "619d9389ddc28121761c04013dc87d57de06b267fd4f88b68aa3844395faaa10", "6afbdc965e8e4146a81bd388b7385cb8340ddf9826d56a7f2cd14c5e68ca63f8", "8ecfa25626cd017f47d2c4697fc5b1cef207a30a93cf34c71b8f5a7b8b265270", "8fb66857237c75f91b98f015ad0c921b81b9c675f107cb26d88b792e90373c37", "97015bd3b326c7a149acdedd86793e9f6dfeadf714a183ec6dbf5ef8539c8f75", "c7027c531dfe86334180062dc17b4259f9c103076cbb35edc1d5d46a54721553", "d144a2d806f787aed58f5b9373bb63989c435510256a79eb4e6417b08e017879", "e9bd0fd8a733b3d3839e92ecb6f31f69aafc3d4c8ea81230e197920d98f8be89"], "name": "kkq-vx_mtx84"}, {"hashes": ["0a02e9ff2470c87e6713b09e7e99652c497d1e5eeb5ccbdd527b289c871cf4a7", "13bd2fa278f7d0b76d813a689d1f70a58d962eb3d0958ef190b17457e2cd4d8f", "39f05a3801197ca302764e303c23b71079f8d2d58f4def0c54b37a2e133d48c1", "5e98e799e86a45e116b92f12a3de23dc9e3c4277e0905b068d76500adadb9b2f", "619d9389ddc28121761c04013dc87d57de06b267fd4f88b68aa3844395faaa10", "6afbdc965e8e4146a81bd388b7385cb8340ddf9826d56a7f2cd14c5e68ca63f8", "8ecfa25626cd017f47d2c4697fc5b1cef207a30a93cf34c71b8f5a7b8b265270", "8fb66857237c75f91b98f015ad0c921b81b9c675f107cb26d88b792e90373c37", "97015bd3b326c7a149acdedd86793e9f6dfeadf714a183ec6dbf5ef8539c8f75", "c7027c531dfe86334180062dc17b4259f9c103076cbb35edc1d5d46a54721553", "d144a2d806f787aed58f5b9373bb63989c435510256a79eb4e6417b08e017879", "e9bd0fd8a733b3d3839e92ecb6f31f69aafc3d4c8ea81230e197920d98f8be89"], "name": "kkq-vx_mtx85"}, {"hashes": ["0a02e9ff2470c87e6713b09e7e99652c497d1e5eeb5ccbdd527b289c871cf4a7", "13bd2fa278f7d0b76d813a689d1f70a58d962eb3d0958ef190b17457e2cd4d8f", "39f05a3801197ca302764e303c23b71079f8d2d58f4def0c54b37a2e133d48c1", "5e98e799e86a45e116b92f12a3de23dc9e3c4277e0905b068d76500adadb9b2f", "619d9389ddc28121761c04013dc87d57de06b267fd4f88b68aa3844395faaa10", "6afbdc965e8e4146a81bd388b7385cb8340ddf9826d56a7f2cd14c5e68ca63f8", "8ecfa25626cd017f47d2c4697fc5b1cef207a30a93cf34c71b8f5a7b8b265270", "8fb66857237c75f91b98f015ad0c921b81b9c675f107cb26d88b792e90373c37", "97015bd3b326c7a149acdedd86793e9f6dfeadf714a183ec6dbf5ef8539c8f75", "c7027c531dfe86334180062dc17b4259f9c103076cbb35edc1d5d46a54721553", "d144a2d806f787aed58f5b9373bb63989c435510256a79eb4e6417b08e017879", "e9bd0fd8a733b3d3839e92ecb6f31f69aafc3d4c8ea81230e197920d98f8be89"], "name": "kkq-vx_mtx86"}, {"hashes": ["0a02e9ff2470c87e6713b09e7e99652c497d1e5eeb5ccbdd527b289c871cf4a7", "13bd2fa278f7d0b76d813a689d1f70a58d962eb3d0958ef190b17457e2cd4d8f", "39f05a3801197ca302764e303c23b71079f8d2d58f4def0c54b37a2e133d48c1", "5e98e799e86a45e116b92f12a3de23dc9e3c4277e0905b068d76500adadb9b2f", "619d9389ddc28121761c04013dc87d57de06b267fd4f88b68aa3844395faaa10", "6afbdc965e8e4146a81bd388b7385cb8340ddf9826d56a7f2cd14c5e68ca63f8", "8ecfa25626cd017f47d2c4697fc5b1cef207a30a93cf34c71b8f5a7b8b265270", "8fb66857237c75f91b98f015ad0c921b81b9c675f107cb26d88b792e90373c37", "97015bd3b326c7a149acdedd86793e9f6dfeadf714a183ec6dbf5ef8539c8f75", "c7027c531dfe86334180062dc17b4259f9c103076cbb35edc1d5d46a54721553", "d144a2d806f787aed58f5b9373bb63989c435510256a79eb4e6417b08e017879", "e9bd0fd8a733b3d3839e92ecb6f31f69aafc3d4c8ea81230e197920d98f8be89"], "name": "kkq-vx_mtx87"}, {"hashes": ["0a02e9ff2470c87e6713b09e7e99652c497d1e5eeb5ccbdd527b289c871cf4a7", "13bd2fa278f7d0b76d813a689d1f70a58d962eb3d0958ef190b17457e2cd4d8f", "39f05a3801197ca302764e303c23b71079f8d2d58f4def0c54b37a2e133d48c1", "5e98e799e86a45e116b92f12a3de23dc9e3c4277e0905b068d76500adadb9b2f", "619d9389ddc28121761c04013dc87d57de06b267fd4f88b68aa3844395faaa10", "6afbdc965e8e4146a81bd388b7385cb8340ddf9826d56a7f2cd14c5e68ca63f8", "8ecfa25626cd017f47d2c4697fc5b1cef207a30a93cf34c71b8f5a7b8b265270", "8fb66857237c75f91b98f015ad0c921b81b9c675f107cb26d88b792e90373c37", "97015bd3b326c7a149acdedd86793e9f6dfeadf714a183ec6dbf5ef8539c8f75", "c7027c531dfe86334180062dc17b4259f9c103076cbb35edc1d5d46a54721553", "d144a2d806f787aed58f5b9373bb63989c435510256a79eb4e6417b08e017879", "e9bd0fd8a733b3d3839e92ecb6f31f69aafc3d4c8ea81230e197920d98f8be89"], "name": "kkq-vx_mtx88"}, {"hashes": ["0a02e9ff2470c87e6713b09e7e99652c497d1e5eeb5ccbdd527b289c871cf4a7", "13bd2fa278f7d0b76d813a689d1f70a58d962eb3d0958ef190b17457e2cd4d8f", "39f05a3801197ca302764e303c23b71079f8d2d58f4def0c54b37a2e133d48c1", "5e98e799e86a45e116b92f12a3de23dc9e3c4277e0905b068d76500adadb9b2f", "619d9389ddc28121761c04013dc87d57de06b267fd4f88b68aa3844395faaa10", "6afbdc965e8e4146a81bd388b7385cb8340ddf9826d56a7f2cd14c5e68ca63f8", "8ecfa25626cd017f47d2c4697fc5b1cef207a30a93cf34c71b8f5a7b8b265270", "8fb66857237c75f91b98f015ad0c921b81b9c675f107cb26d88b792e90373c37", "97015bd3b326c7a149acdedd86793e9f6dfeadf714a183ec6dbf5ef8539c8f75", "c7027c531dfe86334180062dc17b4259f9c103076cbb35edc1d5d46a54721553", "d144a2d806f787aed58f5b9373bb63989c435510256a79eb4e6417b08e017879", "e9bd0fd8a733b3d3839e92ecb6f31f69aafc3d4c8ea81230e197920d98f8be89"], "name": "kkq-vx_mtx89"}, {"hashes": ["0a02e9ff2470c87e6713b09e7e99652c497d1e5eeb5ccbdd527b289c871cf4a7", "13bd2fa278f7d0b76d813a689d1f70a58d962eb3d0958ef190b17457e2cd4d8f", "39f05a3801197ca302764e303c23b71079f8d2d58f4def0c54b37a2e133d48c1", "5e98e799e86a45e116b92f12a3de23dc9e3c4277e0905b068d76500adadb9b2f", "619d9389ddc28121761c04013dc87d57de06b267fd4f88b68aa3844395faaa10", "6afbdc965e8e4146a81bd388b7385cb8340ddf9826d56a7f2cd14c5e68ca63f8", "8ecfa25626cd017f47d2c4697fc5b1cef207a30a93cf34c71b8f5a7b8b265270", "8fb66857237c75f91b98f015ad0c921b81b9c675f107cb26d88b792e90373c37", "97015bd3b326c7a149acdedd86793e9f6dfeadf714a183ec6dbf5ef8539c8f75", "c7027c531dfe86334180062dc17b4259f9c103076cbb35edc1d5d46a54721553", "d144a2d806f787aed58f5b9373bb63989c435510256a79eb4e6417b08e017879", "e9bd0fd8a733b3d3839e92ecb6f31f69aafc3d4c8ea81230e197920d98f8be89"], "name": "kkq-vx_mtx90"}, {"hashes": ["0a02e9ff2470c87e6713b09e7e99652c497d1e5eeb5ccbdd527b289c871cf4a7", "13bd2fa278f7d0b76d813a689d1f70a58d962eb3d0958ef190b17457e2cd4d8f", "39f05a3801197ca302764e303c23b71079f8d2d58f4def0c54b37a2e133d48c1", "5e98e799e86a45e116b92f12a3de23dc9e3c4277e0905b068d76500adadb9b2f", "619d9389ddc28121761c04013dc87d57de06b267fd4f88b68aa3844395faaa10", "6afbdc965e8e4146a81bd388b7385cb8340ddf9826d56a7f2cd14c5e68ca63f8", "8ecfa25626cd017f47d2c4697fc5b1cef207a30a93cf34c71b8f5a7b8b265270", "8fb66857237c75f91b98f015ad0c921b81b9c675f107cb26d88b792e90373c37", "97015bd3b326c7a149acdedd86793e9f6dfeadf714a183ec6dbf5ef8539c8f75", "c7027c531dfe86334180062dc17b4259f9c103076cbb35edc1d5d46a54721553", "d144a2d806f787aed58f5b9373bb63989c435510256a79eb4e6417b08e017879", "e9bd0fd8a733b3d3839e92ecb6f31f69aafc3d4c8ea81230e197920d98f8be89"], "name": "kkq-vx_mtx91"}, {"hashes": ["0a02e9ff2470c87e6713b09e7e99652c497d1e5eeb5ccbdd527b289c871cf4a7", "13bd2fa278f7d0b76d813a689d1f70a58d962eb3d0958ef190b17457e2cd4d8f", "39f05a3801197ca302764e303c23b71079f8d2d58f4def0c54b37a2e133d48c1", "5e98e799e86a45e116b92f12a3de23dc9e3c4277e0905b068d76500adadb9b2f", "619d9389ddc28121761c04013dc87d57de06b267fd4f88b68aa3844395faaa10", "6afbdc965e8e4146a81bd388b7385cb8340ddf9826d56a7f2cd14c5e68ca63f8", "8ecfa25626cd017f47d2c4697fc5b1cef207a30a93cf34c71b8f5a7b8b265270", "8fb66857237c75f91b98f015ad0c921b81b9c675f107cb26d88b792e90373c37", "97015bd3b326c7a149acdedd86793e9f6dfeadf714a183ec6dbf5ef8539c8f75", "c7027c531dfe86334180062dc17b4259f9c103076cbb35edc1d5d46a54721553", "d144a2d806f787aed58f5b9373bb63989c435510256a79eb4e6417b08e017879", "e9bd0fd8a733b3d3839e92ecb6f31f69aafc3d4c8ea81230e197920d98f8be89"], "name": "kkq-vx_mtx92"}, {"hashes": ["0a02e9ff2470c87e6713b09e7e99652c497d1e5eeb5ccbdd527b289c871cf4a7", "13bd2fa278f7d0b76d813a689d1f70a58d962eb3d0958ef190b17457e2cd4d8f", "39f05a3801197ca302764e303c23b71079f8d2d58f4def0c54b37a2e133d48c1", "5e98e799e86a45e116b92f12a3de23dc9e3c4277e0905b068d76500adadb9b2f", "619d9389ddc28121761c04013dc87d57de06b267fd4f88b68aa3844395faaa10", "6afbdc965e8e4146a81bd388b7385cb8340ddf9826d56a7f2cd14c5e68ca63f8", "8ecfa25626cd017f47d2c4697fc5b1cef207a30a93cf34c71b8f5a7b8b265270", "8fb66857237c75f91b98f015ad0c921b81b9c675f107cb26d88b792e90373c37", "97015bd3b326c7a149acdedd86793e9f6dfeadf714a183ec6dbf5ef8539c8f75", "c7027c531dfe86334180062dc17b4259f9c103076cbb35edc1d5d46a54721553", "d144a2d806f787aed58f5b9373bb63989c435510256a79eb4e6417b08e017879", "e9bd0fd8a733b3d3839e92ecb6f31f69aafc3d4c8ea81230e197920d98f8be89"], "name": "kkq-vx_mtx93"}, {"hashes": ["0a02e9ff2470c87e6713b09e7e99652c497d1e5eeb5ccbdd527b289c871cf4a7", "13bd2fa278f7d0b76d813a689d1f70a58d962eb3d0958ef190b17457e2cd4d8f", "39f05a3801197ca302764e303c23b71079f8d2d58f4def0c54b37a2e133d48c1", "5e98e799e86a45e116b92f12a3de23dc9e3c4277e0905b068d76500adadb9b2f", "619d9389ddc28121761c04013dc87d57de06b267fd4f88b68aa3844395faaa10", "6afbdc965e8e4146a81bd388b7385cb8340ddf9826d56a7f2cd14c5e68ca63f8", "8ecfa25626cd017f47d2c4697fc5b1cef207a30a93cf34c71b8f5a7b8b265270", "8fb66857237c75f91b98f015ad0c921b81b9c675f107cb26d88b792e90373c37", "97015bd3b326c7a149acdedd86793e9f6dfeadf714a183ec6dbf5ef8539c8f75", "c7027c531dfe86334180062dc17b4259f9c103076cbb35edc1d5d46a54721553", "d144a2d806f787aed58f5b9373bb63989c435510256a79eb4e6417b08e017879", "e9bd0fd8a733b3d3839e92ecb6f31f69aafc3d4c8ea81230e197920d98f8be89"], "name": "kkq-vx_mtx94"}, {"hashes": ["0a02e9ff2470c87e6713b09e7e99652c497d1e5eeb5ccbdd527b289c871cf4a7", "13bd2fa278f7d0b76d813a689d1f70a58d962eb3d0958ef190b17457e2cd4d8f", "39f05a3801197ca302764e303c23b71079f8d2d58f4def0c54b37a2e133d48c1", "5e98e799e86a45e116b92f12a3de23dc9e3c4277e0905b068d76500adadb9b2f", "619d9389ddc28121761c04013dc87d57de06b267fd4f88b68aa3844395faaa10", "6afbdc965e8e4146a81bd388b7385cb8340ddf9826d56a7f2cd14c5e68ca63f8", "8ecfa25626cd017f47d2c4697fc5b1cef207a30a93cf34c71b8f5a7b8b265270", "8fb66857237c75f91b98f015ad0c921b81b9c675f107cb26d88b792e90373c37", "97015bd3b326c7a149acdedd86793e9f6dfeadf714a183ec6dbf5ef8539c8f75", "c7027c531dfe86334180062dc17b4259f9c103076cbb35edc1d5d46a54721553", "d144a2d806f787aed58f5b9373bb63989c435510256a79eb4e6417b08e017879", "e9bd0fd8a733b3d3839e92ecb6f31f69aafc3d4c8ea81230e197920d98f8be89"], "name": "kkq-vx_mtx95"}, {"hashes": ["0a02e9ff2470c87e6713b09e7e99652c497d1e5eeb5ccbdd527b289c871cf4a7", "13bd2fa278f7d0b76d813a689d1f70a58d962eb3d0958ef190b17457e2cd4d8f", "39f05a3801197ca302764e303c23b71079f8d2d58f4def0c54b37a2e133d48c1", "5e98e799e86a45e116b92f12a3de23dc9e3c4277e0905b068d76500adadb9b2f", "619d9389ddc28121761c04013dc87d57de06b267fd4f88b68aa3844395faaa10", "6afbdc965e8e4146a81bd388b7385cb8340ddf9826d56a7f2cd14c5e68ca63f8", "8ecfa25626cd017f47d2c4697fc5b1cef207a30a93cf34c71b8f5a7b8b265270", "8fb66857237c75f91b98f015ad0c921b81b9c675f107cb26d88b792e90373c37", "97015bd3b326c7a149acdedd86793e9f6dfeadf714a183ec6dbf5ef8539c8f75", "c7027c531dfe86334180062dc17b4259f9c103076cbb35edc1d5d46a54721553", "d144a2d806f787aed58f5b9373bb63989c435510256a79eb4e6417b08e017879", "e9bd0fd8a733b3d3839e92ecb6f31f69aafc3d4c8ea81230e197920d98f8be89"], "name": "kkq-vx_mtx96"}, {"hashes": ["0a02e9ff2470c87e6713b09e7e99652c497d1e5eeb5ccbdd527b289c871cf4a7", "13bd2fa278f7d0b76d813a689d1f70a58d962eb3d0958ef190b17457e2cd4d8f", "39f05a3801197ca302764e303c23b71079f8d2d58f4def0c54b37a2e133d48c1", "5e98e799e86a45e116b92f12a3de23dc9e3c4277e0905b068d76500adadb9b2f", "619d9389ddc28121761c04013dc87d57de06b267fd4f88b68aa3844395faaa10", "6afbdc965e8e4146a81bd388b7385cb8340ddf9826d56a7f2cd14c5e68ca63f8", "8ecfa25626cd017f47d2c4697fc5b1cef207a30a93cf34c71b8f5a7b8b265270", "8fb66857237c75f91b98f015ad0c921b81b9c675f107cb26d88b792e90373c37", "97015bd3b326c7a149acdedd86793e9f6dfeadf714a183ec6dbf5ef8539c8f75", "c7027c531dfe86334180062dc17b4259f9c103076cbb35edc1d5d46a54721553", "d144a2d806f787aed58f5b9373bb63989c435510256a79eb4e6417b08e017879", "e9bd0fd8a733b3d3839e92ecb6f31f69aafc3d4c8ea81230e197920d98f8be89"], "name": "kkq-vx_mtx97"}, {"hashes": ["0a02e9ff2470c87e6713b09e7e99652c497d1e5eeb5ccbdd527b289c871cf4a7", "13bd2fa278f7d0b76d813a689d1f70a58d962eb3d0958ef190b17457e2cd4d8f", "39f05a3801197ca302764e303c23b71079f8d2d58f4def0c54b37a2e133d48c1", "5e98e799e86a45e116b92f12a3de23dc9e3c4277e0905b068d76500adadb9b2f", "619d9389ddc28121761c04013dc87d57de06b267fd4f88b68aa3844395faaa10", "6afbdc965e8e4146a81bd388b7385cb8340ddf9826d56a7f2cd14c5e68ca63f8", "8ecfa25626cd017f47d2c4697fc5b1cef207a30a93cf34c71b8f5a7b8b265270", "8fb66857237c75f91b98f015ad0c921b81b9c675f107cb26d88b792e90373c37", "97015bd3b326c7a149acdedd86793e9f6dfeadf714a183ec6dbf5ef8539c8f75", "c7027c531dfe86334180062dc17b4259f9c103076cbb35edc1d5d46a54721553", "d144a2d806f787aed58f5b9373bb63989c435510256a79eb4e6417b08e017879", "e9bd0fd8a733b3d3839e92ecb6f31f69aafc3d4c8ea81230e197920d98f8be89"], "name": "kkq-vx_mtx98"}, {"hashes": ["0a02e9ff2470c87e6713b09e7e99652c497d1e5eeb5ccbdd527b289c871cf4a7", "13bd2fa278f7d0b76d813a689d1f70a58d962eb3d0958ef190b17457e2cd4d8f", "39f05a3801197ca302764e303c23b71079f8d2d58f4def0c54b37a2e133d48c1", "5e98e799e86a45e116b92f12a3de23dc9e3c4277e0905b068d76500adadb9b2f", "619d9389ddc28121761c04013dc87d57de06b267fd4f88b68aa3844395faaa10", "6afbdc965e8e4146a81bd388b7385cb8340ddf9826d56a7f2cd14c5e68ca63f8", "8ecfa25626cd017f47d2c4697fc5b1cef207a30a93cf34c71b8f5a7b8b265270", "8fb66857237c75f91b98f015ad0c921b81b9c675f107cb26d88b792e90373c37", "97015bd3b326c7a149acdedd86793e9f6dfeadf714a183ec6dbf5ef8539c8f75", "c7027c531dfe86334180062dc17b4259f9c103076cbb35edc1d5d46a54721553", "d144a2d806f787aed58f5b9373bb63989c435510256a79eb4e6417b08e017879", "e9bd0fd8a733b3d3839e92ecb6f31f69aafc3d4c8ea81230e197920d98f8be89"], "name": "kkq-vx_mtx99"}, {"hashes": ["0a02e9ff2470c87e6713b09e7e99652c497d1e5eeb5ccbdd527b289c871cf4a7", "13bd2fa278f7d0b76d813a689d1f70a58d962eb3d0958ef190b17457e2cd4d8f", "39f05a3801197ca302764e303c23b71079f8d2d58f4def0c54b37a2e133d48c1", "5e98e799e86a45e116b92f12a3de23dc9e3c4277e0905b068d76500adadb9b2f", "619d9389ddc28121761c04013dc87d57de06b267fd4f88b68aa3844395faaa10", "6afbdc965e8e4146a81bd388b7385cb8340ddf9826d56a7f2cd14c5e68ca63f8", "8ecfa25626cd017f47d2c4697fc5b1cef207a30a93cf34c71b8f5a7b8b265270", "8fb66857237c75f91b98f015ad0c921b81b9c675f107cb26d88b792e90373c37", "97015bd3b326c7a149acdedd86793e9f6dfeadf714a183ec6dbf5ef8539c8f75", "c7027c531dfe86334180062dc17b4259f9c103076cbb35edc1d5d46a54721553", "d144a2d806f787aed58f5b9373bb63989c435510256a79eb4e6417b08e017879", "e9bd0fd8a733b3d3839e92ecb6f31f69aafc3d4c8ea81230e197920d98f8be89"], "name": "gazavat-svc"}, {"hashes": ["0a02e9ff2470c87e6713b09e7e99652c497d1e5eeb5ccbdd527b289c871cf4a7", "13bd2fa278f7d0b76d813a689d1f70a58d962eb3d0958ef190b17457e2cd4d8f", "39f05a3801197ca302764e303c23b71079f8d2d58f4def0c54b37a2e133d48c1", "5e98e799e86a45e116b92f12a3de23dc9e3c4277e0905b068d76500adadb9b2f", "619d9389ddc28121761c04013dc87d57de06b267fd4f88b68aa3844395faaa10", "6afbdc965e8e4146a81bd388b7385cb8340ddf9826d56a7f2cd14c5e68ca63f8", "8ecfa25626cd017f47d2c4697fc5b1cef207a30a93cf34c71b8f5a7b8b265270", "8fb66857237c75f91b98f015ad0c921b81b9c675f107cb26d88b792e90373c37", "97015bd3b326c7a149acdedd86793e9f6dfeadf714a183ec6dbf5ef8539c8f75", "c7027c531dfe86334180062dc17b4259f9c103076cbb35edc1d5d46a54721553", "d144a2d806f787aed58f5b9373bb63989c435510256a79eb4e6417b08e017879", "e9bd0fd8a733b3d3839e92ecb6f31f69aafc3d4c8ea81230e197920d98f8be89"], "name": "kkq-vx_mtx31"}, {"hashes": ["0a02e9ff2470c87e6713b09e7e99652c497d1e5eeb5ccbdd527b289c871cf4a7", "13bd2fa278f7d0b76d813a689d1f70a58d962eb3d0958ef190b17457e2cd4d8f", "39f05a3801197ca302764e303c23b71079f8d2d58f4def0c54b37a2e133d48c1", "5e98e799e86a45e116b92f12a3de23dc9e3c4277e0905b068d76500adadb9b2f", "619d9389ddc28121761c04013dc87d57de06b267fd4f88b68aa3844395faaa10", "6afbdc965e8e4146a81bd388b7385cb8340ddf9826d56a7f2cd14c5e68ca63f8", "8ecfa25626cd017f47d2c4697fc5b1cef207a30a93cf34c71b8f5a7b8b265270", "8fb66857237c75f91b98f015ad0c921b81b9c675f107cb26d88b792e90373c37", "97015bd3b326c7a149acdedd86793e9f6dfeadf714a183ec6dbf5ef8539c8f75", "c7027c531dfe86334180062dc17b4259f9c103076cbb35edc1d5d46a54721553", "d144a2d806f787aed58f5b9373bb63989c435510256a79eb4e6417b08e017879", "e9bd0fd8a733b3d3839e92ecb6f31f69aafc3d4c8ea81230e197920d98f8be89"], "name": "kkq-vx_mtx32"}, {"hashes": ["0a02e9ff2470c87e6713b09e7e99652c497d1e5eeb5ccbdd527b289c871cf4a7", "13bd2fa278f7d0b76d813a689d1f70a58d962eb3d0958ef190b17457e2cd4d8f", "39f05a3801197ca302764e303c23b71079f8d2d58f4def0c54b37a2e133d48c1", "5e98e799e86a45e116b92f12a3de23dc9e3c4277e0905b068d76500adadb9b2f", "619d9389ddc28121761c04013dc87d57de06b267fd4f88b68aa3844395faaa10", "6afbdc965e8e4146a81bd388b7385cb8340ddf9826d56a7f2cd14c5e68ca63f8", "8ecfa25626cd017f47d2c4697fc5b1cef207a30a93cf34c71b8f5a7b8b265270", "8fb66857237c75f91b98f015ad0c921b81b9c675f107cb26d88b792e90373c37", "97015bd3b326c7a149acdedd86793e9f6dfeadf714a183ec6dbf5ef8539c8f75", "c7027c531dfe86334180062dc17b4259f9c103076cbb35edc1d5d46a54721553", "d144a2d806f787aed58f5b9373bb63989c435510256a79eb4e6417b08e017879", "e9bd0fd8a733b3d3839e92ecb6f31f69aafc3d4c8ea81230e197920d98f8be89"], "name": "kkq-vx_mtx33"}, {"hashes": ["0a02e9ff2470c87e6713b09e7e99652c497d1e5eeb5ccbdd527b289c871cf4a7", "13bd2fa278f7d0b76d813a689d1f70a58d962eb3d0958ef190b17457e2cd4d8f", "39f05a3801197ca302764e303c23b71079f8d2d58f4def0c54b37a2e133d48c1", "5e98e799e86a45e116b92f12a3de23dc9e3c4277e0905b068d76500adadb9b2f", "619d9389ddc28121761c04013dc87d57de06b267fd4f88b68aa3844395faaa10", "6afbdc965e8e4146a81bd388b7385cb8340ddf9826d56a7f2cd14c5e68ca63f8", "8ecfa25626cd017f47d2c4697fc5b1cef207a30a93cf34c71b8f5a7b8b265270", "8fb66857237c75f91b98f015ad0c921b81b9c675f107cb26d88b792e90373c37", "97015bd3b326c7a149acdedd86793e9f6dfeadf714a183ec6dbf5ef8539c8f75", "c7027c531dfe86334180062dc17b4259f9c103076cbb35edc1d5d46a54721553", "d144a2d806f787aed58f5b9373bb63989c435510256a79eb4e6417b08e017879", "e9bd0fd8a733b3d3839e92ecb6f31f69aafc3d4c8ea81230e197920d98f8be89"], "name": "kkq-vx_mtx34"}, {"hashes": ["0a02e9ff2470c87e6713b09e7e99652c497d1e5eeb5ccbdd527b289c871cf4a7", "13bd2fa278f7d0b76d813a689d1f70a58d962eb3d0958ef190b17457e2cd4d8f", "39f05a3801197ca302764e303c23b71079f8d2d58f4def0c54b37a2e133d48c1", "5e98e799e86a45e116b92f12a3de23dc9e3c4277e0905b068d76500adadb9b2f", "619d9389ddc28121761c04013dc87d57de06b267fd4f88b68aa3844395faaa10", "6afbdc965e8e4146a81bd388b7385cb8340ddf9826d56a7f2cd14c5e68ca63f8", "8ecfa25626cd017f47d2c4697fc5b1cef207a30a93cf34c71b8f5a7b8b265270", "8fb66857237c75f91b98f015ad0c921b81b9c675f107cb26d88b792e90373c37", "97015bd3b326c7a149acdedd86793e9f6dfeadf714a183ec6dbf5ef8539c8f75", "c7027c531dfe86334180062dc17b4259f9c103076cbb35edc1d5d46a54721553", "d144a2d806f787aed58f5b9373bb63989c435510256a79eb4e6417b08e017879", "e9bd0fd8a733b3d3839e92ecb6f31f69aafc3d4c8ea81230e197920d98f8be89"], "name": "kkq-vx_mtx35"}, {"hashes": ["0a02e9ff2470c87e6713b09e7e99652c497d1e5eeb5ccbdd527b289c871cf4a7", "13bd2fa278f7d0b76d813a689d1f70a58d962eb3d0958ef190b17457e2cd4d8f", "39f05a3801197ca302764e303c23b71079f8d2d58f4def0c54b37a2e133d48c1", "5e98e799e86a45e116b92f12a3de23dc9e3c4277e0905b068d76500adadb9b2f", "619d9389ddc28121761c04013dc87d57de06b267fd4f88b68aa3844395faaa10", "6afbdc965e8e4146a81bd388b7385cb8340ddf9826d56a7f2cd14c5e68ca63f8", "8ecfa25626cd017f47d2c4697fc5b1cef207a30a93cf34c71b8f5a7b8b265270", "8fb66857237c75f91b98f015ad0c921b81b9c675f107cb26d88b792e90373c37", "97015bd3b326c7a149acdedd86793e9f6dfeadf714a183ec6dbf5ef8539c8f75", "c7027c531dfe86334180062dc17b4259f9c103076cbb35edc1d5d46a54721553", "d144a2d806f787aed58f5b9373bb63989c435510256a79eb4e6417b08e017879", "e9bd0fd8a733b3d3839e92ecb6f31f69aafc3d4c8ea81230e197920d98f8be89"], "name": "kkq-vx_mtx36"}, {"hashes": ["0a02e9ff2470c87e6713b09e7e99652c497d1e5eeb5ccbdd527b289c871cf4a7", "13bd2fa278f7d0b76d813a689d1f70a58d962eb3d0958ef190b17457e2cd4d8f", "39f05a3801197ca302764e303c23b71079f8d2d58f4def0c54b37a2e133d48c1", "5e98e799e86a45e116b92f12a3de23dc9e3c4277e0905b068d76500adadb9b2f", "619d9389ddc28121761c04013dc87d57de06b267fd4f88b68aa3844395faaa10", "6afbdc965e8e4146a81bd388b7385cb8340ddf9826d56a7f2cd14c5e68ca63f8", "8ecfa25626cd017f47d2c4697fc5b1cef207a30a93cf34c71b8f5a7b8b265270", "8fb66857237c75f91b98f015ad0c921b81b9c675f107cb26d88b792e90373c37", "97015bd3b326c7a149acdedd86793e9f6dfeadf714a183ec6dbf5ef8539c8f75", "c7027c531dfe86334180062dc17b4259f9c103076cbb35edc1d5d46a54721553", "d144a2d806f787aed58f5b9373bb63989c435510256a79eb4e6417b08e017879", "e9bd0fd8a733b3d3839e92ecb6f31f69aafc3d4c8ea81230e197920d98f8be89"], "name": "kkq-vx_mtx37"}, {"hashes": ["0a02e9ff2470c87e6713b09e7e99652c497d1e5eeb5ccbdd527b289c871cf4a7", "13bd2fa278f7d0b76d813a689d1f70a58d962eb3d0958ef190b17457e2cd4d8f", "39f05a3801197ca302764e303c23b71079f8d2d58f4def0c54b37a2e133d48c1", "5e98e799e86a45e116b92f12a3de23dc9e3c4277e0905b068d76500adadb9b2f", "619d9389ddc28121761c04013dc87d57de06b267fd4f88b68aa3844395faaa10", "6afbdc965e8e4146a81bd388b7385cb8340ddf9826d56a7f2cd14c5e68ca63f8", "8ecfa25626cd017f47d2c4697fc5b1cef207a30a93cf34c71b8f5a7b8b265270", "8fb66857237c75f91b98f015ad0c921b81b9c675f107cb26d88b792e90373c37", "97015bd3b326c7a149acdedd86793e9f6dfeadf714a183ec6dbf5ef8539c8f75", "c7027c531dfe86334180062dc17b4259f9c103076cbb35edc1d5d46a54721553", "d144a2d806f787aed58f5b9373bb63989c435510256a79eb4e6417b08e017879", "e9bd0fd8a733b3d3839e92ecb6f31f69aafc3d4c8ea81230e197920d98f8be89"], "name": "kkq-vx_mtx38"}, {"hashes": ["0a02e9ff2470c87e6713b09e7e99652c497d1e5eeb5ccbdd527b289c871cf4a7", "13bd2fa278f7d0b76d813a689d1f70a58d962eb3d0958ef190b17457e2cd4d8f", "39f05a3801197ca302764e303c23b71079f8d2d58f4def0c54b37a2e133d48c1", "5e98e799e86a45e116b92f12a3de23dc9e3c4277e0905b068d76500adadb9b2f", "619d9389ddc28121761c04013dc87d57de06b267fd4f88b68aa3844395faaa10", "6afbdc965e8e4146a81bd388b7385cb8340ddf9826d56a7f2cd14c5e68ca63f8", "8ecfa25626cd017f47d2c4697fc5b1cef207a30a93cf34c71b8f5a7b8b265270", "8fb66857237c75f91b98f015ad0c921b81b9c675f107cb26d88b792e90373c37", "97015bd3b326c7a149acdedd86793e9f6dfeadf714a183ec6dbf5ef8539c8f75", "c7027c531dfe86334180062dc17b4259f9c103076cbb35edc1d5d46a54721553", "d144a2d806f787aed58f5b9373bb63989c435510256a79eb4e6417b08e017879", "e9bd0fd8a733b3d3839e92ecb6f31f69aafc3d4c8ea81230e197920d98f8be89"], "name": "kkq-vx_mtx39"}, {"hashes": ["0a02e9ff2470c87e6713b09e7e99652c497d1e5eeb5ccbdd527b289c871cf4a7", "13bd2fa278f7d0b76d813a689d1f70a58d962eb3d0958ef190b17457e2cd4d8f", "39f05a3801197ca302764e303c23b71079f8d2d58f4def0c54b37a2e133d48c1", "5e98e799e86a45e116b92f12a3de23dc9e3c4277e0905b068d76500adadb9b2f", "619d9389ddc28121761c04013dc87d57de06b267fd4f88b68aa3844395faaa10", "6afbdc965e8e4146a81bd388b7385cb8340ddf9826d56a7f2cd14c5e68ca63f8", "8ecfa25626cd017f47d2c4697fc5b1cef207a30a93cf34c71b8f5a7b8b265270", "8fb66857237c75f91b98f015ad0c921b81b9c675f107cb26d88b792e90373c37", "97015bd3b326c7a149acdedd86793e9f6dfeadf714a183ec6dbf5ef8539c8f75", "c7027c531dfe86334180062dc17b4259f9c103076cbb35edc1d5d46a54721553", "d144a2d806f787aed58f5b9373bb63989c435510256a79eb4e6417b08e017879", "e9bd0fd8a733b3d3839e92ecb6f31f69aafc3d4c8ea81230e197920d98f8be89"], "name": "gazavat-svc_31"}, {"hashes": ["0a02e9ff2470c87e6713b09e7e99652c497d1e5eeb5ccbdd527b289c871cf4a7", "13bd2fa278f7d0b76d813a689d1f70a58d962eb3d0958ef190b17457e2cd4d8f", "39f05a3801197ca302764e303c23b71079f8d2d58f4def0c54b37a2e133d48c1", "5e98e799e86a45e116b92f12a3de23dc9e3c4277e0905b068d76500adadb9b2f", "619d9389ddc28121761c04013dc87d57de06b267fd4f88b68aa3844395faaa10", "6afbdc965e8e4146a81bd388b7385cb8340ddf9826d56a7f2cd14c5e68ca63f8", "8ecfa25626cd017f47d2c4697fc5b1cef207a30a93cf34c71b8f5a7b8b265270", "8fb66857237c75f91b98f015ad0c921b81b9c675f107cb26d88b792e90373c37", "97015bd3b326c7a149acdedd86793e9f6dfeadf714a183ec6dbf5ef8539c8f75", "c7027c531dfe86334180062dc17b4259f9c103076cbb35edc1d5d46a54721553", "d144a2d806f787aed58f5b9373bb63989c435510256a79eb4e6417b08e017879", "e9bd0fd8a733b3d3839e92ecb6f31f69aafc3d4c8ea81230e197920d98f8be89"], "name": "Global\\WIATRACE_MUTEX"}, {"hashes": ["0a02e9ff2470c87e6713b09e7e99652c497d1e5eeb5ccbdd527b289c871cf4a7", "13bd2fa278f7d0b76d813a689d1f70a58d962eb3d0958ef190b17457e2cd4d8f", "39f05a3801197ca302764e303c23b71079f8d2d58f4def0c54b37a2e133d48c1", "5e98e799e86a45e116b92f12a3de23dc9e3c4277e0905b068d76500adadb9b2f", "619d9389ddc28121761c04013dc87d57de06b267fd4f88b68aa3844395faaa10", "6afbdc965e8e4146a81bd388b7385cb8340ddf9826d56a7f2cd14c5e68ca63f8", "8ecfa25626cd017f47d2c4697fc5b1cef207a30a93cf34c71b8f5a7b8b265270", "8fb66857237c75f91b98f015ad0c921b81b9c675f107cb26d88b792e90373c37", "97015bd3b326c7a149acdedd86793e9f6dfeadf714a183ec6dbf5ef8539c8f75", "c7027c531dfe86334180062dc17b4259f9c103076cbb35edc1d5d46a54721553", "d144a2d806f787aed58f5b9373bb63989c435510256a79eb4e6417b08e017879", "e9bd0fd8a733b3d3839e92ecb6f31f69aafc3d4c8ea81230e197920d98f8be89"], "name": "00f2bea0-8394-4b51-9979-2a0d4c78cf4e"}], "registry": [{"hashes": ["0a02e9ff2470c87e6713b09e7e99652c497d1e5eeb5ccbdd527b289c871cf4a7", "13bd2fa278f7d0b76d813a689d1f70a58d962eb3d0958ef190b17457e2cd4d8f", "39f05a3801197ca302764e303c23b71079f8d2d58f4def0c54b37a2e133d48c1", "5e98e799e86a45e116b92f12a3de23dc9e3c4277e0905b068d76500adadb9b2f", "619d9389ddc28121761c04013dc87d57de06b267fd4f88b68aa3844395faaa10", "6afbdc965e8e4146a81bd388b7385cb8340ddf9826d56a7f2cd14c5e68ca63f8", "8ecfa25626cd017f47d2c4697fc5b1cef207a30a93cf34c71b8f5a7b8b265270", "8fb66857237c75f91b98f015ad0c921b81b9c675f107cb26d88b792e90373c37", "97015bd3b326c7a149acdedd86793e9f6dfeadf714a183ec6dbf5ef8539c8f75", "c7027c531dfe86334180062dc17b4259f9c103076cbb35edc1d5d46a54721553", "d144a2d806f787aed58f5b9373bb63989c435510256a79eb4e6417b08e017879", "e9bd0fd8a733b3d3839e92ecb6f31f69aafc3d4c8ea81230e197920d98f8be89"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WSCSVC", "value_name": "Start"}, {"hashes": ["0a02e9ff2470c87e6713b09e7e99652c497d1e5eeb5ccbdd527b289c871cf4a7", "13bd2fa278f7d0b76d813a689d1f70a58d962eb3d0958ef190b17457e2cd4d8f", "39f05a3801197ca302764e303c23b71079f8d2d58f4def0c54b37a2e133d48c1", "5e98e799e86a45e116b92f12a3de23dc9e3c4277e0905b068d76500adadb9b2f", "619d9389ddc28121761c04013dc87d57de06b267fd4f88b68aa3844395faaa10", "6afbdc965e8e4146a81bd388b7385cb8340ddf9826d56a7f2cd14c5e68ca63f8", "8ecfa25626cd017f47d2c4697fc5b1cef207a30a93cf34c71b8f5a7b8b265270", "8fb66857237c75f91b98f015ad0c921b81b9c675f107cb26d88b792e90373c37", "97015bd3b326c7a149acdedd86793e9f6dfeadf714a183ec6dbf5ef8539c8f75", "c7027c531dfe86334180062dc17b4259f9c103076cbb35edc1d5d46a54721553", "d144a2d806f787aed58f5b9373bb63989c435510256a79eb4e6417b08e017879", "e9bd0fd8a733b3d3839e92ecb6f31f69aafc3d4c8ea81230e197920d98f8be89"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WINDEFEND", "value_name": "Start"}, {"hashes": ["0a02e9ff2470c87e6713b09e7e99652c497d1e5eeb5ccbdd527b289c871cf4a7", "13bd2fa278f7d0b76d813a689d1f70a58d962eb3d0958ef190b17457e2cd4d8f", "39f05a3801197ca302764e303c23b71079f8d2d58f4def0c54b37a2e133d48c1", "5e98e799e86a45e116b92f12a3de23dc9e3c4277e0905b068d76500adadb9b2f", "619d9389ddc28121761c04013dc87d57de06b267fd4f88b68aa3844395faaa10", "6afbdc965e8e4146a81bd388b7385cb8340ddf9826d56a7f2cd14c5e68ca63f8", "8ecfa25626cd017f47d2c4697fc5b1cef207a30a93cf34c71b8f5a7b8b265270", "8fb66857237c75f91b98f015ad0c921b81b9c675f107cb26d88b792e90373c37", "97015bd3b326c7a149acdedd86793e9f6dfeadf714a183ec6dbf5ef8539c8f75", "c7027c531dfe86334180062dc17b4259f9c103076cbb35edc1d5d46a54721553", "d144a2d806f787aed58f5b9373bb63989c435510256a79eb4e6417b08e017879", "e9bd0fd8a733b3d3839e92ecb6f31f69aafc3d4c8ea81230e197920d98f8be89"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\EXPLORER", "value_name": "HideSCAHealth"}, {"hashes": ["0a02e9ff2470c87e6713b09e7e99652c497d1e5eeb5ccbdd527b289c871cf4a7", "13bd2fa278f7d0b76d813a689d1f70a58d962eb3d0958ef190b17457e2cd4d8f", "39f05a3801197ca302764e303c23b71079f8d2d58f4def0c54b37a2e133d48c1", "5e98e799e86a45e116b92f12a3de23dc9e3c4277e0905b068d76500adadb9b2f", "619d9389ddc28121761c04013dc87d57de06b267fd4f88b68aa3844395faaa10", "6afbdc965e8e4146a81bd388b7385cb8340ddf9826d56a7f2cd14c5e68ca63f8", "8ecfa25626cd017f47d2c4697fc5b1cef207a30a93cf34c71b8f5a7b8b265270", "8fb66857237c75f91b98f015ad0c921b81b9c675f107cb26d88b792e90373c37", "97015bd3b326c7a149acdedd86793e9f6dfeadf714a183ec6dbf5ef8539c8f75", "c7027c531dfe86334180062dc17b4259f9c103076cbb35edc1d5d46a54721553", "d144a2d806f787aed58f5b9373bb63989c435510256a79eb4e6417b08e017879", "e9bd0fd8a733b3d3839e92ecb6f31f69aafc3d4c8ea81230e197920d98f8be89"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WUAUSERV", "value_name": "Start"}, {"hashes": ["0a02e9ff2470c87e6713b09e7e99652c497d1e5eeb5ccbdd527b289c871cf4a7", "13bd2fa278f7d0b76d813a689d1f70a58d962eb3d0958ef190b17457e2cd4d8f", "39f05a3801197ca302764e303c23b71079f8d2d58f4def0c54b37a2e133d48c1", "5e98e799e86a45e116b92f12a3de23dc9e3c4277e0905b068d76500adadb9b2f", "619d9389ddc28121761c04013dc87d57de06b267fd4f88b68aa3844395faaa10", "6afbdc965e8e4146a81bd388b7385cb8340ddf9826d56a7f2cd14c5e68ca63f8", "8ecfa25626cd017f47d2c4697fc5b1cef207a30a93cf34c71b8f5a7b8b265270", "8fb66857237c75f91b98f015ad0c921b81b9c675f107cb26d88b792e90373c37", "97015bd3b326c7a149acdedd86793e9f6dfeadf714a183ec6dbf5ef8539c8f75", "c7027c531dfe86334180062dc17b4259f9c103076cbb35edc1d5d46a54721553", "d144a2d806f787aed58f5b9373bb63989c435510256a79eb4e6417b08e017879", "e9bd0fd8a733b3d3839e92ecb6f31f69aafc3d4c8ea81230e197920d98f8be89"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\CLR_OPTIMIZATION_V2.0.50727_32", "value_name": "Type"}, {"hashes": ["0a02e9ff2470c87e6713b09e7e99652c497d1e5eeb5ccbdd527b289c871cf4a7", "13bd2fa278f7d0b76d813a689d1f70a58d962eb3d0958ef190b17457e2cd4d8f", "39f05a3801197ca302764e303c23b71079f8d2d58f4def0c54b37a2e133d48c1", "5e98e799e86a45e116b92f12a3de23dc9e3c4277e0905b068d76500adadb9b2f", "619d9389ddc28121761c04013dc87d57de06b267fd4f88b68aa3844395faaa10", "6afbdc965e8e4146a81bd388b7385cb8340ddf9826d56a7f2cd14c5e68ca63f8", "8ecfa25626cd017f47d2c4697fc5b1cef207a30a93cf34c71b8f5a7b8b265270", "8fb66857237c75f91b98f015ad0c921b81b9c675f107cb26d88b792e90373c37", "97015bd3b326c7a149acdedd86793e9f6dfeadf714a183ec6dbf5ef8539c8f75", "c7027c531dfe86334180062dc17b4259f9c103076cbb35edc1d5d46a54721553", "d144a2d806f787aed58f5b9373bb63989c435510256a79eb4e6417b08e017879", "e9bd0fd8a733b3d3839e92ecb6f31f69aafc3d4c8ea81230e197920d98f8be89"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\CLR_OPTIMIZATION_V2.0.50727_64", "value_name": "Type"}, {"hashes": ["0a02e9ff2470c87e6713b09e7e99652c497d1e5eeb5ccbdd527b289c871cf4a7", "13bd2fa278f7d0b76d813a689d1f70a58d962eb3d0958ef190b17457e2cd4d8f", "39f05a3801197ca302764e303c23b71079f8d2d58f4def0c54b37a2e133d48c1", "5e98e799e86a45e116b92f12a3de23dc9e3c4277e0905b068d76500adadb9b2f", "619d9389ddc28121761c04013dc87d57de06b267fd4f88b68aa3844395faaa10", "6afbdc965e8e4146a81bd388b7385cb8340ddf9826d56a7f2cd14c5e68ca63f8", "8ecfa25626cd017f47d2c4697fc5b1cef207a30a93cf34c71b8f5a7b8b265270", "8fb66857237c75f91b98f015ad0c921b81b9c675f107cb26d88b792e90373c37", "97015bd3b326c7a149acdedd86793e9f6dfeadf714a183ec6dbf5ef8539c8f75", "c7027c531dfe86334180062dc17b4259f9c103076cbb35edc1d5d46a54721553", "d144a2d806f787aed58f5b9373bb63989c435510256a79eb4e6417b08e017879", "e9bd0fd8a733b3d3839e92ecb6f31f69aafc3d4c8ea81230e197920d98f8be89"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\CLR_OPTIMIZATION_V4.0.30319_32", "value_name": "Type"}, {"hashes": ["0a02e9ff2470c87e6713b09e7e99652c497d1e5eeb5ccbdd527b289c871cf4a7", "13bd2fa278f7d0b76d813a689d1f70a58d962eb3d0958ef190b17457e2cd4d8f", "39f05a3801197ca302764e303c23b71079f8d2d58f4def0c54b37a2e133d48c1", "5e98e799e86a45e116b92f12a3de23dc9e3c4277e0905b068d76500adadb9b2f", "619d9389ddc28121761c04013dc87d57de06b267fd4f88b68aa3844395faaa10", "6afbdc965e8e4146a81bd388b7385cb8340ddf9826d56a7f2cd14c5e68ca63f8", "8ecfa25626cd017f47d2c4697fc5b1cef207a30a93cf34c71b8f5a7b8b265270", "8fb66857237c75f91b98f015ad0c921b81b9c675f107cb26d88b792e90373c37", "97015bd3b326c7a149acdedd86793e9f6dfeadf714a183ec6dbf5ef8539c8f75", "c7027c531dfe86334180062dc17b4259f9c103076cbb35edc1d5d46a54721553", "d144a2d806f787aed58f5b9373bb63989c435510256a79eb4e6417b08e017879", "e9bd0fd8a733b3d3839e92ecb6f31f69aafc3d4c8ea81230e197920d98f8be89"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\CLR_OPTIMIZATION_V4.0.30319_32", "value_name": "Start"}, {"hashes": ["0a02e9ff2470c87e6713b09e7e99652c497d1e5eeb5ccbdd527b289c871cf4a7", "13bd2fa278f7d0b76d813a689d1f70a58d962eb3d0958ef190b17457e2cd4d8f", "39f05a3801197ca302764e303c23b71079f8d2d58f4def0c54b37a2e133d48c1", "5e98e799e86a45e116b92f12a3de23dc9e3c4277e0905b068d76500adadb9b2f", "619d9389ddc28121761c04013dc87d57de06b267fd4f88b68aa3844395faaa10", "6afbdc965e8e4146a81bd388b7385cb8340ddf9826d56a7f2cd14c5e68ca63f8", "8ecfa25626cd017f47d2c4697fc5b1cef207a30a93cf34c71b8f5a7b8b265270", "8fb66857237c75f91b98f015ad0c921b81b9c675f107cb26d88b792e90373c37", "97015bd3b326c7a149acdedd86793e9f6dfeadf714a183ec6dbf5ef8539c8f75", "c7027c531dfe86334180062dc17b4259f9c103076cbb35edc1d5d46a54721553", "d144a2d806f787aed58f5b9373bb63989c435510256a79eb4e6417b08e017879", "e9bd0fd8a733b3d3839e92ecb6f31f69aafc3d4c8ea81230e197920d98f8be89"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\CLR_OPTIMIZATION_V4.0.30319_64", "value_name": "Type"}, {"hashes": ["0a02e9ff2470c87e6713b09e7e99652c497d1e5eeb5ccbdd527b289c871cf4a7", "13bd2fa278f7d0b76d813a689d1f70a58d962eb3d0958ef190b17457e2cd4d8f", "39f05a3801197ca302764e303c23b71079f8d2d58f4def0c54b37a2e133d48c1", "5e98e799e86a45e116b92f12a3de23dc9e3c4277e0905b068d76500adadb9b2f", "619d9389ddc28121761c04013dc87d57de06b267fd4f88b68aa3844395faaa10", "6afbdc965e8e4146a81bd388b7385cb8340ddf9826d56a7f2cd14c5e68ca63f8", "8ecfa25626cd017f47d2c4697fc5b1cef207a30a93cf34c71b8f5a7b8b265270", "8fb66857237c75f91b98f015ad0c921b81b9c675f107cb26d88b792e90373c37", "97015bd3b326c7a149acdedd86793e9f6dfeadf714a183ec6dbf5ef8539c8f75", "c7027c531dfe86334180062dc17b4259f9c103076cbb35edc1d5d46a54721553", "d144a2d806f787aed58f5b9373bb63989c435510256a79eb4e6417b08e017879", "e9bd0fd8a733b3d3839e92ecb6f31f69aafc3d4c8ea81230e197920d98f8be89"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\CLR_OPTIMIZATION_V4.0.30319_64", "value_name": "Start"}, {"hashes": ["0a02e9ff2470c87e6713b09e7e99652c497d1e5eeb5ccbdd527b289c871cf4a7", "13bd2fa278f7d0b76d813a689d1f70a58d962eb3d0958ef190b17457e2cd4d8f", "39f05a3801197ca302764e303c23b71079f8d2d58f4def0c54b37a2e133d48c1", "5e98e799e86a45e116b92f12a3de23dc9e3c4277e0905b068d76500adadb9b2f", "619d9389ddc28121761c04013dc87d57de06b267fd4f88b68aa3844395faaa10", "6afbdc965e8e4146a81bd388b7385cb8340ddf9826d56a7f2cd14c5e68ca63f8", "8ecfa25626cd017f47d2c4697fc5b1cef207a30a93cf34c71b8f5a7b8b265270", "8fb66857237c75f91b98f015ad0c921b81b9c675f107cb26d88b792e90373c37", "97015bd3b326c7a149acdedd86793e9f6dfeadf714a183ec6dbf5ef8539c8f75", "c7027c531dfe86334180062dc17b4259f9c103076cbb35edc1d5d46a54721553", "d144a2d806f787aed58f5b9373bb63989c435510256a79eb4e6417b08e017879", "e9bd0fd8a733b3d3839e92ecb6f31f69aafc3d4c8ea81230e197920d98f8be89"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\COMSYSAPP", "value_name": "Type"}, {"hashes": ["0a02e9ff2470c87e6713b09e7e99652c497d1e5eeb5ccbdd527b289c871cf4a7", "13bd2fa278f7d0b76d813a689d1f70a58d962eb3d0958ef190b17457e2cd4d8f", "39f05a3801197ca302764e303c23b71079f8d2d58f4def0c54b37a2e133d48c1", "5e98e799e86a45e116b92f12a3de23dc9e3c4277e0905b068d76500adadb9b2f", "619d9389ddc28121761c04013dc87d57de06b267fd4f88b68aa3844395faaa10", "6afbdc965e8e4146a81bd388b7385cb8340ddf9826d56a7f2cd14c5e68ca63f8", "8ecfa25626cd017f47d2c4697fc5b1cef207a30a93cf34c71b8f5a7b8b265270", "8fb66857237c75f91b98f015ad0c921b81b9c675f107cb26d88b792e90373c37", "97015bd3b326c7a149acdedd86793e9f6dfeadf714a183ec6dbf5ef8539c8f75", "c7027c531dfe86334180062dc17b4259f9c103076cbb35edc1d5d46a54721553", "d144a2d806f787aed58f5b9373bb63989c435510256a79eb4e6417b08e017879", "e9bd0fd8a733b3d3839e92ecb6f31f69aafc3d4c8ea81230e197920d98f8be89"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\COMSYSAPP", "value_name": "Start"}, {"hashes": ["0a02e9ff2470c87e6713b09e7e99652c497d1e5eeb5ccbdd527b289c871cf4a7", "13bd2fa278f7d0b76d813a689d1f70a58d962eb3d0958ef190b17457e2cd4d8f", "39f05a3801197ca302764e303c23b71079f8d2d58f4def0c54b37a2e133d48c1", "5e98e799e86a45e116b92f12a3de23dc9e3c4277e0905b068d76500adadb9b2f", "619d9389ddc28121761c04013dc87d57de06b267fd4f88b68aa3844395faaa10", "6afbdc965e8e4146a81bd388b7385cb8340ddf9826d56a7f2cd14c5e68ca63f8", "8ecfa25626cd017f47d2c4697fc5b1cef207a30a93cf34c71b8f5a7b8b265270", "8fb66857237c75f91b98f015ad0c921b81b9c675f107cb26d88b792e90373c37", "97015bd3b326c7a149acdedd86793e9f6dfeadf714a183ec6dbf5ef8539c8f75", "c7027c531dfe86334180062dc17b4259f9c103076cbb35edc1d5d46a54721553", "d144a2d806f787aed58f5b9373bb63989c435510256a79eb4e6417b08e017879", "e9bd0fd8a733b3d3839e92ecb6f31f69aafc3d4c8ea81230e197920d98f8be89"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\IEETWCOLLECTORSERVICE", "value_name": "Type"}, {"hashes": ["0a02e9ff2470c87e6713b09e7e99652c497d1e5eeb5ccbdd527b289c871cf4a7", "13bd2fa278f7d0b76d813a689d1f70a58d962eb3d0958ef190b17457e2cd4d8f", "39f05a3801197ca302764e303c23b71079f8d2d58f4def0c54b37a2e133d48c1", "5e98e799e86a45e116b92f12a3de23dc9e3c4277e0905b068d76500adadb9b2f", "619d9389ddc28121761c04013dc87d57de06b267fd4f88b68aa3844395faaa10", "6afbdc965e8e4146a81bd388b7385cb8340ddf9826d56a7f2cd14c5e68ca63f8", "8ecfa25626cd017f47d2c4697fc5b1cef207a30a93cf34c71b8f5a7b8b265270", "8fb66857237c75f91b98f015ad0c921b81b9c675f107cb26d88b792e90373c37", "97015bd3b326c7a149acdedd86793e9f6dfeadf714a183ec6dbf5ef8539c8f75", "c7027c531dfe86334180062dc17b4259f9c103076cbb35edc1d5d46a54721553", "d144a2d806f787aed58f5b9373bb63989c435510256a79eb4e6417b08e017879", "e9bd0fd8a733b3d3839e92ecb6f31f69aafc3d4c8ea81230e197920d98f8be89"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\IEETWCOLLECTORSERVICE", "value_name": "Start"}, {"hashes": ["0a02e9ff2470c87e6713b09e7e99652c497d1e5eeb5ccbdd527b289c871cf4a7", "13bd2fa278f7d0b76d813a689d1f70a58d962eb3d0958ef190b17457e2cd4d8f", "39f05a3801197ca302764e303c23b71079f8d2d58f4def0c54b37a2e133d48c1", "5e98e799e86a45e116b92f12a3de23dc9e3c4277e0905b068d76500adadb9b2f", "619d9389ddc28121761c04013dc87d57de06b267fd4f88b68aa3844395faaa10", "6afbdc965e8e4146a81bd388b7385cb8340ddf9826d56a7f2cd14c5e68ca63f8", "8ecfa25626cd017f47d2c4697fc5b1cef207a30a93cf34c71b8f5a7b8b265270", "8fb66857237c75f91b98f015ad0c921b81b9c675f107cb26d88b792e90373c37", "97015bd3b326c7a149acdedd86793e9f6dfeadf714a183ec6dbf5ef8539c8f75", "c7027c531dfe86334180062dc17b4259f9c103076cbb35edc1d5d46a54721553", "d144a2d806f787aed58f5b9373bb63989c435510256a79eb4e6417b08e017879", "e9bd0fd8a733b3d3839e92ecb6f31f69aafc3d4c8ea81230e197920d98f8be89"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\MOZILLAMAINTENANCE", "value_name": "Type"}, {"hashes": ["0a02e9ff2470c87e6713b09e7e99652c497d1e5eeb5ccbdd527b289c871cf4a7", "13bd2fa278f7d0b76d813a689d1f70a58d962eb3d0958ef190b17457e2cd4d8f", "39f05a3801197ca302764e303c23b71079f8d2d58f4def0c54b37a2e133d48c1", "5e98e799e86a45e116b92f12a3de23dc9e3c4277e0905b068d76500adadb9b2f", "619d9389ddc28121761c04013dc87d57de06b267fd4f88b68aa3844395faaa10", "6afbdc965e8e4146a81bd388b7385cb8340ddf9826d56a7f2cd14c5e68ca63f8", "8ecfa25626cd017f47d2c4697fc5b1cef207a30a93cf34c71b8f5a7b8b265270", "8fb66857237c75f91b98f015ad0c921b81b9c675f107cb26d88b792e90373c37", "97015bd3b326c7a149acdedd86793e9f6dfeadf714a183ec6dbf5ef8539c8f75", "c7027c531dfe86334180062dc17b4259f9c103076cbb35edc1d5d46a54721553", "d144a2d806f787aed58f5b9373bb63989c435510256a79eb4e6417b08e017879", "e9bd0fd8a733b3d3839e92ecb6f31f69aafc3d4c8ea81230e197920d98f8be89"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\MOZILLAMAINTENANCE", "value_name": "Start"}, {"hashes": ["0a02e9ff2470c87e6713b09e7e99652c497d1e5eeb5ccbdd527b289c871cf4a7", "13bd2fa278f7d0b76d813a689d1f70a58d962eb3d0958ef190b17457e2cd4d8f", "39f05a3801197ca302764e303c23b71079f8d2d58f4def0c54b37a2e133d48c1", "5e98e799e86a45e116b92f12a3de23dc9e3c4277e0905b068d76500adadb9b2f", "619d9389ddc28121761c04013dc87d57de06b267fd4f88b68aa3844395faaa10", "6afbdc965e8e4146a81bd388b7385cb8340ddf9826d56a7f2cd14c5e68ca63f8", "8ecfa25626cd017f47d2c4697fc5b1cef207a30a93cf34c71b8f5a7b8b265270", "8fb66857237c75f91b98f015ad0c921b81b9c675f107cb26d88b792e90373c37", "97015bd3b326c7a149acdedd86793e9f6dfeadf714a183ec6dbf5ef8539c8f75", "c7027c531dfe86334180062dc17b4259f9c103076cbb35edc1d5d46a54721553", "d144a2d806f787aed58f5b9373bb63989c435510256a79eb4e6417b08e017879", "e9bd0fd8a733b3d3839e92ecb6f31f69aafc3d4c8ea81230e197920d98f8be89"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\MSISERVER", "value_name": "Type"}, {"hashes": ["0a02e9ff2470c87e6713b09e7e99652c497d1e5eeb5ccbdd527b289c871cf4a7", "13bd2fa278f7d0b76d813a689d1f70a58d962eb3d0958ef190b17457e2cd4d8f", "39f05a3801197ca302764e303c23b71079f8d2d58f4def0c54b37a2e133d48c1", "5e98e799e86a45e116b92f12a3de23dc9e3c4277e0905b068d76500adadb9b2f", "619d9389ddc28121761c04013dc87d57de06b267fd4f88b68aa3844395faaa10", "6afbdc965e8e4146a81bd388b7385cb8340ddf9826d56a7f2cd14c5e68ca63f8", "8ecfa25626cd017f47d2c4697fc5b1cef207a30a93cf34c71b8f5a7b8b265270", "8fb66857237c75f91b98f015ad0c921b81b9c675f107cb26d88b792e90373c37", "97015bd3b326c7a149acdedd86793e9f6dfeadf714a183ec6dbf5ef8539c8f75", "c7027c531dfe86334180062dc17b4259f9c103076cbb35edc1d5d46a54721553", "d144a2d806f787aed58f5b9373bb63989c435510256a79eb4e6417b08e017879", "e9bd0fd8a733b3d3839e92ecb6f31f69aafc3d4c8ea81230e197920d98f8be89"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\MSISERVER", "value_name": "Start"}, {"hashes": ["0a02e9ff2470c87e6713b09e7e99652c497d1e5eeb5ccbdd527b289c871cf4a7", "13bd2fa278f7d0b76d813a689d1f70a58d962eb3d0958ef190b17457e2cd4d8f", "39f05a3801197ca302764e303c23b71079f8d2d58f4def0c54b37a2e133d48c1", "5e98e799e86a45e116b92f12a3de23dc9e3c4277e0905b068d76500adadb9b2f", "619d9389ddc28121761c04013dc87d57de06b267fd4f88b68aa3844395faaa10", "6afbdc965e8e4146a81bd388b7385cb8340ddf9826d56a7f2cd14c5e68ca63f8", "8ecfa25626cd017f47d2c4697fc5b1cef207a30a93cf34c71b8f5a7b8b265270", "8fb66857237c75f91b98f015ad0c921b81b9c675f107cb26d88b792e90373c37", "97015bd3b326c7a149acdedd86793e9f6dfeadf714a183ec6dbf5ef8539c8f75", "c7027c531dfe86334180062dc17b4259f9c103076cbb35edc1d5d46a54721553", "d144a2d806f787aed58f5b9373bb63989c435510256a79eb4e6417b08e017879", "e9bd0fd8a733b3d3839e92ecb6f31f69aafc3d4c8ea81230e197920d98f8be89"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\OSE", "value_name": "Type"}, {"hashes": ["0a02e9ff2470c87e6713b09e7e99652c497d1e5eeb5ccbdd527b289c871cf4a7", "13bd2fa278f7d0b76d813a689d1f70a58d962eb3d0958ef190b17457e2cd4d8f", "39f05a3801197ca302764e303c23b71079f8d2d58f4def0c54b37a2e133d48c1", "5e98e799e86a45e116b92f12a3de23dc9e3c4277e0905b068d76500adadb9b2f", "619d9389ddc28121761c04013dc87d57de06b267fd4f88b68aa3844395faaa10", "6afbdc965e8e4146a81bd388b7385cb8340ddf9826d56a7f2cd14c5e68ca63f8", "8ecfa25626cd017f47d2c4697fc5b1cef207a30a93cf34c71b8f5a7b8b265270", "8fb66857237c75f91b98f015ad0c921b81b9c675f107cb26d88b792e90373c37", "97015bd3b326c7a149acdedd86793e9f6dfeadf714a183ec6dbf5ef8539c8f75", "c7027c531dfe86334180062dc17b4259f9c103076cbb35edc1d5d46a54721553", "d144a2d806f787aed58f5b9373bb63989c435510256a79eb4e6417b08e017879", "e9bd0fd8a733b3d3839e92ecb6f31f69aafc3d4c8ea81230e197920d98f8be89"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\OSE", "value_name": "Start"}, {"hashes": ["0a02e9ff2470c87e6713b09e7e99652c497d1e5eeb5ccbdd527b289c871cf4a7", "13bd2fa278f7d0b76d813a689d1f70a58d962eb3d0958ef190b17457e2cd4d8f", "39f05a3801197ca302764e303c23b71079f8d2d58f4def0c54b37a2e133d48c1", "5e98e799e86a45e116b92f12a3de23dc9e3c4277e0905b068d76500adadb9b2f", "619d9389ddc28121761c04013dc87d57de06b267fd4f88b68aa3844395faaa10", "6afbdc965e8e4146a81bd388b7385cb8340ddf9826d56a7f2cd14c5e68ca63f8", "8ecfa25626cd017f47d2c4697fc5b1cef207a30a93cf34c71b8f5a7b8b265270", "8fb66857237c75f91b98f015ad0c921b81b9c675f107cb26d88b792e90373c37", "97015bd3b326c7a149acdedd86793e9f6dfeadf714a183ec6dbf5ef8539c8f75", "c7027c531dfe86334180062dc17b4259f9c103076cbb35edc1d5d46a54721553", "d144a2d806f787aed58f5b9373bb63989c435510256a79eb4e6417b08e017879", "e9bd0fd8a733b3d3839e92ecb6f31f69aafc3d4c8ea81230e197920d98f8be89"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\UI0DETECT", "value_name": "Type"}, {"hashes": ["0a02e9ff2470c87e6713b09e7e99652c497d1e5eeb5ccbdd527b289c871cf4a7", "13bd2fa278f7d0b76d813a689d1f70a58d962eb3d0958ef190b17457e2cd4d8f", "39f05a3801197ca302764e303c23b71079f8d2d58f4def0c54b37a2e133d48c1", "5e98e799e86a45e116b92f12a3de23dc9e3c4277e0905b068d76500adadb9b2f", "619d9389ddc28121761c04013dc87d57de06b267fd4f88b68aa3844395faaa10", "6afbdc965e8e4146a81bd388b7385cb8340ddf9826d56a7f2cd14c5e68ca63f8", "8ecfa25626cd017f47d2c4697fc5b1cef207a30a93cf34c71b8f5a7b8b265270", "8fb66857237c75f91b98f015ad0c921b81b9c675f107cb26d88b792e90373c37", "97015bd3b326c7a149acdedd86793e9f6dfeadf714a183ec6dbf5ef8539c8f75", "c7027c531dfe86334180062dc17b4259f9c103076cbb35edc1d5d46a54721553", "d144a2d806f787aed58f5b9373bb63989c435510256a79eb4e6417b08e017879", "e9bd0fd8a733b3d3839e92ecb6f31f69aafc3d4c8ea81230e197920d98f8be89"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\UI0DETECT", "value_name": "Start"}, {"hashes": ["0a02e9ff2470c87e6713b09e7e99652c497d1e5eeb5ccbdd527b289c871cf4a7", "13bd2fa278f7d0b76d813a689d1f70a58d962eb3d0958ef190b17457e2cd4d8f", "39f05a3801197ca302764e303c23b71079f8d2d58f4def0c54b37a2e133d48c1", "5e98e799e86a45e116b92f12a3de23dc9e3c4277e0905b068d76500adadb9b2f", "619d9389ddc28121761c04013dc87d57de06b267fd4f88b68aa3844395faaa10", "6afbdc965e8e4146a81bd388b7385cb8340ddf9826d56a7f2cd14c5e68ca63f8", "8ecfa25626cd017f47d2c4697fc5b1cef207a30a93cf34c71b8f5a7b8b265270", "8fb66857237c75f91b98f015ad0c921b81b9c675f107cb26d88b792e90373c37", "97015bd3b326c7a149acdedd86793e9f6dfeadf714a183ec6dbf5ef8539c8f75", "c7027c531dfe86334180062dc17b4259f9c103076cbb35edc1d5d46a54721553", "d144a2d806f787aed58f5b9373bb63989c435510256a79eb4e6417b08e017879", "e9bd0fd8a733b3d3839e92ecb6f31f69aafc3d4c8ea81230e197920d98f8be89"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\VDS", "value_name": "Type"}, {"hashes": ["0a02e9ff2470c87e6713b09e7e99652c497d1e5eeb5ccbdd527b289c871cf4a7", "13bd2fa278f7d0b76d813a689d1f70a58d962eb3d0958ef190b17457e2cd4d8f", "39f05a3801197ca302764e303c23b71079f8d2d58f4def0c54b37a2e133d48c1", "5e98e799e86a45e116b92f12a3de23dc9e3c4277e0905b068d76500adadb9b2f", "619d9389ddc28121761c04013dc87d57de06b267fd4f88b68aa3844395faaa10", "6afbdc965e8e4146a81bd388b7385cb8340ddf9826d56a7f2cd14c5e68ca63f8", "8ecfa25626cd017f47d2c4697fc5b1cef207a30a93cf34c71b8f5a7b8b265270", "8fb66857237c75f91b98f015ad0c921b81b9c675f107cb26d88b792e90373c37", "97015bd3b326c7a149acdedd86793e9f6dfeadf714a183ec6dbf5ef8539c8f75", "c7027c531dfe86334180062dc17b4259f9c103076cbb35edc1d5d46a54721553", "d144a2d806f787aed58f5b9373bb63989c435510256a79eb4e6417b08e017879", "e9bd0fd8a733b3d3839e92ecb6f31f69aafc3d4c8ea81230e197920d98f8be89"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\VDS", "value_name": "Start"}, {"hashes": ["0a02e9ff2470c87e6713b09e7e99652c497d1e5eeb5ccbdd527b289c871cf4a7", "13bd2fa278f7d0b76d813a689d1f70a58d962eb3d0958ef190b17457e2cd4d8f", "39f05a3801197ca302764e303c23b71079f8d2d58f4def0c54b37a2e133d48c1", "5e98e799e86a45e116b92f12a3de23dc9e3c4277e0905b068d76500adadb9b2f", "619d9389ddc28121761c04013dc87d57de06b267fd4f88b68aa3844395faaa10", "6afbdc965e8e4146a81bd388b7385cb8340ddf9826d56a7f2cd14c5e68ca63f8", "8ecfa25626cd017f47d2c4697fc5b1cef207a30a93cf34c71b8f5a7b8b265270", "8fb66857237c75f91b98f015ad0c921b81b9c675f107cb26d88b792e90373c37", "97015bd3b326c7a149acdedd86793e9f6dfeadf714a183ec6dbf5ef8539c8f75", "c7027c531dfe86334180062dc17b4259f9c103076cbb35edc1d5d46a54721553", "d144a2d806f787aed58f5b9373bb63989c435510256a79eb4e6417b08e017879", "e9bd0fd8a733b3d3839e92ecb6f31f69aafc3d4c8ea81230e197920d98f8be89"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\VSS", "value_name": "Type"}, {"hashes": ["0a02e9ff2470c87e6713b09e7e99652c497d1e5eeb5ccbdd527b289c871cf4a7", "13bd2fa278f7d0b76d813a689d1f70a58d962eb3d0958ef190b17457e2cd4d8f", "39f05a3801197ca302764e303c23b71079f8d2d58f4def0c54b37a2e133d48c1", "5e98e799e86a45e116b92f12a3de23dc9e3c4277e0905b068d76500adadb9b2f", "619d9389ddc28121761c04013dc87d57de06b267fd4f88b68aa3844395faaa10", "6afbdc965e8e4146a81bd388b7385cb8340ddf9826d56a7f2cd14c5e68ca63f8", "8ecfa25626cd017f47d2c4697fc5b1cef207a30a93cf34c71b8f5a7b8b265270", "8fb66857237c75f91b98f015ad0c921b81b9c675f107cb26d88b792e90373c37", "97015bd3b326c7a149acdedd86793e9f6dfeadf714a183ec6dbf5ef8539c8f75", "c7027c531dfe86334180062dc17b4259f9c103076cbb35edc1d5d46a54721553", "d144a2d806f787aed58f5b9373bb63989c435510256a79eb4e6417b08e017879", "e9bd0fd8a733b3d3839e92ecb6f31f69aafc3d4c8ea81230e197920d98f8be89"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\VSS", "value_name": "Start"}, {"hashes": ["0a02e9ff2470c87e6713b09e7e99652c497d1e5eeb5ccbdd527b289c871cf4a7", "13bd2fa278f7d0b76d813a689d1f70a58d962eb3d0958ef190b17457e2cd4d8f", "39f05a3801197ca302764e303c23b71079f8d2d58f4def0c54b37a2e133d48c1", "5e98e799e86a45e116b92f12a3de23dc9e3c4277e0905b068d76500adadb9b2f", "619d9389ddc28121761c04013dc87d57de06b267fd4f88b68aa3844395faaa10", "6afbdc965e8e4146a81bd388b7385cb8340ddf9826d56a7f2cd14c5e68ca63f8", "8ecfa25626cd017f47d2c4697fc5b1cef207a30a93cf34c71b8f5a7b8b265270", "8fb66857237c75f91b98f015ad0c921b81b9c675f107cb26d88b792e90373c37", "97015bd3b326c7a149acdedd86793e9f6dfeadf714a183ec6dbf5ef8539c8f75", "c7027c531dfe86334180062dc17b4259f9c103076cbb35edc1d5d46a54721553", "d144a2d806f787aed58f5b9373bb63989c435510256a79eb4e6417b08e017879", "e9bd0fd8a733b3d3839e92ecb6f31f69aafc3d4c8ea81230e197920d98f8be89"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WBENGINE", "value_name": "Type"}, {"hashes": ["0a02e9ff2470c87e6713b09e7e99652c497d1e5eeb5ccbdd527b289c871cf4a7", "13bd2fa278f7d0b76d813a689d1f70a58d962eb3d0958ef190b17457e2cd4d8f", "39f05a3801197ca302764e303c23b71079f8d2d58f4def0c54b37a2e133d48c1", "5e98e799e86a45e116b92f12a3de23dc9e3c4277e0905b068d76500adadb9b2f", "619d9389ddc28121761c04013dc87d57de06b267fd4f88b68aa3844395faaa10", "6afbdc965e8e4146a81bd388b7385cb8340ddf9826d56a7f2cd14c5e68ca63f8", "8ecfa25626cd017f47d2c4697fc5b1cef207a30a93cf34c71b8f5a7b8b265270", "8fb66857237c75f91b98f015ad0c921b81b9c675f107cb26d88b792e90373c37", "97015bd3b326c7a149acdedd86793e9f6dfeadf714a183ec6dbf5ef8539c8f75", "c7027c531dfe86334180062dc17b4259f9c103076cbb35edc1d5d46a54721553", "d144a2d806f787aed58f5b9373bb63989c435510256a79eb4e6417b08e017879", "e9bd0fd8a733b3d3839e92ecb6f31f69aafc3d4c8ea81230e197920d98f8be89"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WBENGINE", "value_name": "Start"}, {"hashes": ["0a02e9ff2470c87e6713b09e7e99652c497d1e5eeb5ccbdd527b289c871cf4a7", "13bd2fa278f7d0b76d813a689d1f70a58d962eb3d0958ef190b17457e2cd4d8f", "39f05a3801197ca302764e303c23b71079f8d2d58f4def0c54b37a2e133d48c1", "5e98e799e86a45e116b92f12a3de23dc9e3c4277e0905b068d76500adadb9b2f", "619d9389ddc28121761c04013dc87d57de06b267fd4f88b68aa3844395faaa10", "6afbdc965e8e4146a81bd388b7385cb8340ddf9826d56a7f2cd14c5e68ca63f8", "8ecfa25626cd017f47d2c4697fc5b1cef207a30a93cf34c71b8f5a7b8b265270", "8fb66857237c75f91b98f015ad0c921b81b9c675f107cb26d88b792e90373c37", "97015bd3b326c7a149acdedd86793e9f6dfeadf714a183ec6dbf5ef8539c8f75", "c7027c531dfe86334180062dc17b4259f9c103076cbb35edc1d5d46a54721553", "d144a2d806f787aed58f5b9373bb63989c435510256a79eb4e6417b08e017879", "e9bd0fd8a733b3d3839e92ecb6f31f69aafc3d4c8ea81230e197920d98f8be89"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WMIAPSRV", "value_name": "Type"}, {"hashes": ["0a02e9ff2470c87e6713b09e7e99652c497d1e5eeb5ccbdd527b289c871cf4a7", "13bd2fa278f7d0b76d813a689d1f70a58d962eb3d0958ef190b17457e2cd4d8f", "39f05a3801197ca302764e303c23b71079f8d2d58f4def0c54b37a2e133d48c1", "5e98e799e86a45e116b92f12a3de23dc9e3c4277e0905b068d76500adadb9b2f", "619d9389ddc28121761c04013dc87d57de06b267fd4f88b68aa3844395faaa10", "6afbdc965e8e4146a81bd388b7385cb8340ddf9826d56a7f2cd14c5e68ca63f8", "8ecfa25626cd017f47d2c4697fc5b1cef207a30a93cf34c71b8f5a7b8b265270", "8fb66857237c75f91b98f015ad0c921b81b9c675f107cb26d88b792e90373c37", "97015bd3b326c7a149acdedd86793e9f6dfeadf714a183ec6dbf5ef8539c8f75", "c7027c531dfe86334180062dc17b4259f9c103076cbb35edc1d5d46a54721553", "d144a2d806f787aed58f5b9373bb63989c435510256a79eb4e6417b08e017879", "e9bd0fd8a733b3d3839e92ecb6f31f69aafc3d4c8ea81230e197920d98f8be89"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WMIAPSRV", "value_name": "Start"}, {"hashes": ["0a02e9ff2470c87e6713b09e7e99652c497d1e5eeb5ccbdd527b289c871cf4a7", "13bd2fa278f7d0b76d813a689d1f70a58d962eb3d0958ef190b17457e2cd4d8f", "39f05a3801197ca302764e303c23b71079f8d2d58f4def0c54b37a2e133d48c1", "5e98e799e86a45e116b92f12a3de23dc9e3c4277e0905b068d76500adadb9b2f", "619d9389ddc28121761c04013dc87d57de06b267fd4f88b68aa3844395faaa10", "6afbdc965e8e4146a81bd388b7385cb8340ddf9826d56a7f2cd14c5e68ca63f8", "8ecfa25626cd017f47d2c4697fc5b1cef207a30a93cf34c71b8f5a7b8b265270", "8fb66857237c75f91b98f015ad0c921b81b9c675f107cb26d88b792e90373c37", "97015bd3b326c7a149acdedd86793e9f6dfeadf714a183ec6dbf5ef8539c8f75", "c7027c531dfe86334180062dc17b4259f9c103076cbb35edc1d5d46a54721553", "d144a2d806f787aed58f5b9373bb63989c435510256a79eb4e6417b08e017879", "e9bd0fd8a733b3d3839e92ecb6f31f69aafc3d4c8ea81230e197920d98f8be89"], "key": "<HKLM>\\SOFTWARE\\POLICIES\\MICROSOFT\\WINDOWS\\SYSTEM", "value_name": "EnableSmartScreen"}, {"hashes": ["0a02e9ff2470c87e6713b09e7e99652c497d1e5eeb5ccbdd527b289c871cf4a7", "13bd2fa278f7d0b76d813a689d1f70a58d962eb3d0958ef190b17457e2cd4d8f", "39f05a3801197ca302764e303c23b71079f8d2d58f4def0c54b37a2e133d48c1", "5e98e799e86a45e116b92f12a3de23dc9e3c4277e0905b068d76500adadb9b2f", "619d9389ddc28121761c04013dc87d57de06b267fd4f88b68aa3844395faaa10", "6afbdc965e8e4146a81bd388b7385cb8340ddf9826d56a7f2cd14c5e68ca63f8", "8ecfa25626cd017f47d2c4697fc5b1cef207a30a93cf34c71b8f5a7b8b265270", "8fb66857237c75f91b98f015ad0c921b81b9c675f107cb26d88b792e90373c37", "97015bd3b326c7a149acdedd86793e9f6dfeadf714a183ec6dbf5ef8539c8f75", "c7027c531dfe86334180062dc17b4259f9c103076cbb35edc1d5d46a54721553", "d144a2d806f787aed58f5b9373bb63989c435510256a79eb4e6417b08e017879", "e9bd0fd8a733b3d3839e92ecb6f31f69aafc3d4c8ea81230e197920d98f8be89"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\SECURITY CENTER\\SVC\\S-1-5-21-2580483871-590521980-3826313501-500", "value_name": null}, {"hashes": ["0a02e9ff2470c87e6713b09e7e99652c497d1e5eeb5ccbdd527b289c871cf4a7", "13bd2fa278f7d0b76d813a689d1f70a58d962eb3d0958ef190b17457e2cd4d8f", "39f05a3801197ca302764e303c23b71079f8d2d58f4def0c54b37a2e133d48c1", "5e98e799e86a45e116b92f12a3de23dc9e3c4277e0905b068d76500adadb9b2f", "619d9389ddc28121761c04013dc87d57de06b267fd4f88b68aa3844395faaa10", "6afbdc965e8e4146a81bd388b7385cb8340ddf9826d56a7f2cd14c5e68ca63f8", "8ecfa25626cd017f47d2c4697fc5b1cef207a30a93cf34c71b8f5a7b8b265270", "8fb66857237c75f91b98f015ad0c921b81b9c675f107cb26d88b792e90373c37", "97015bd3b326c7a149acdedd86793e9f6dfeadf714a183ec6dbf5ef8539c8f75", "c7027c531dfe86334180062dc17b4259f9c103076cbb35edc1d5d46a54721553", "d144a2d806f787aed58f5b9373bb63989c435510256a79eb4e6417b08e017879", "e9bd0fd8a733b3d3839e92ecb6f31f69aafc3d4c8ea81230e197920d98f8be89"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\SECURITY CENTER\\SVC\\S-1-5-21-2580483871-590521980-3826313501-500", "value_name": "EnableNotifications"}, {"hashes": ["0a02e9ff2470c87e6713b09e7e99652c497d1e5eeb5ccbdd527b289c871cf4a7", "13bd2fa278f7d0b76d813a689d1f70a58d962eb3d0958ef190b17457e2cd4d8f", "39f05a3801197ca302764e303c23b71079f8d2d58f4def0c54b37a2e133d48c1", "5e98e799e86a45e116b92f12a3de23dc9e3c4277e0905b068d76500adadb9b2f", "619d9389ddc28121761c04013dc87d57de06b267fd4f88b68aa3844395faaa10", "6afbdc965e8e4146a81bd388b7385cb8340ddf9826d56a7f2cd14c5e68ca63f8", "8ecfa25626cd017f47d2c4697fc5b1cef207a30a93cf34c71b8f5a7b8b265270", "8fb66857237c75f91b98f015ad0c921b81b9c675f107cb26d88b792e90373c37", "97015bd3b326c7a149acdedd86793e9f6dfeadf714a183ec6dbf5ef8539c8f75", "c7027c531dfe86334180062dc17b4259f9c103076cbb35edc1d5d46a54721553", "d144a2d806f787aed58f5b9373bb63989c435510256a79eb4e6417b08e017879", "e9bd0fd8a733b3d3839e92ecb6f31f69aafc3d4c8ea81230e197920d98f8be89"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\CLR_OPTIMIZATION_V2.0.50727_32", "value_name": "Start"}, {"hashes": ["0a02e9ff2470c87e6713b09e7e99652c497d1e5eeb5ccbdd527b289c871cf4a7", "13bd2fa278f7d0b76d813a689d1f70a58d962eb3d0958ef190b17457e2cd4d8f", "39f05a3801197ca302764e303c23b71079f8d2d58f4def0c54b37a2e133d48c1", "5e98e799e86a45e116b92f12a3de23dc9e3c4277e0905b068d76500adadb9b2f", "619d9389ddc28121761c04013dc87d57de06b267fd4f88b68aa3844395faaa10", "6afbdc965e8e4146a81bd388b7385cb8340ddf9826d56a7f2cd14c5e68ca63f8", "8ecfa25626cd017f47d2c4697fc5b1cef207a30a93cf34c71b8f5a7b8b265270", "8fb66857237c75f91b98f015ad0c921b81b9c675f107cb26d88b792e90373c37", "97015bd3b326c7a149acdedd86793e9f6dfeadf714a183ec6dbf5ef8539c8f75", "c7027c531dfe86334180062dc17b4259f9c103076cbb35edc1d5d46a54721553", "d144a2d806f787aed58f5b9373bb63989c435510256a79eb4e6417b08e017879", "e9bd0fd8a733b3d3839e92ecb6f31f69aafc3d4c8ea81230e197920d98f8be89"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\CLR_OPTIMIZATION_V2.0.50727_64", "value_name": "Start"}, {"hashes": ["0a02e9ff2470c87e6713b09e7e99652c497d1e5eeb5ccbdd527b289c871cf4a7", "13bd2fa278f7d0b76d813a689d1f70a58d962eb3d0958ef190b17457e2cd4d8f", "39f05a3801197ca302764e303c23b71079f8d2d58f4def0c54b37a2e133d48c1", "5e98e799e86a45e116b92f12a3de23dc9e3c4277e0905b068d76500adadb9b2f", "619d9389ddc28121761c04013dc87d57de06b267fd4f88b68aa3844395faaa10", "6afbdc965e8e4146a81bd388b7385cb8340ddf9826d56a7f2cd14c5e68ca63f8", "8ecfa25626cd017f47d2c4697fc5b1cef207a30a93cf34c71b8f5a7b8b265270", "8fb66857237c75f91b98f015ad0c921b81b9c675f107cb26d88b792e90373c37", "97015bd3b326c7a149acdedd86793e9f6dfeadf714a183ec6dbf5ef8539c8f75", "c7027c531dfe86334180062dc17b4259f9c103076cbb35edc1d5d46a54721553", "d144a2d806f787aed58f5b9373bb63989c435510256a79eb4e6417b08e017879", "e9bd0fd8a733b3d3839e92ecb6f31f69aafc3d4c8ea81230e197920d98f8be89"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\.NETFRAMEWORK\\V2.0.50727\\NGENSERVICE\\STATE", "value_name": "AccumulatedWaitIdleTime"}, {"hashes": ["0a02e9ff2470c87e6713b09e7e99652c497d1e5eeb5ccbdd527b289c871cf4a7", "13bd2fa278f7d0b76d813a689d1f70a58d962eb3d0958ef190b17457e2cd4d8f", "39f05a3801197ca302764e303c23b71079f8d2d58f4def0c54b37a2e133d48c1", "5e98e799e86a45e116b92f12a3de23dc9e3c4277e0905b068d76500adadb9b2f", "619d9389ddc28121761c04013dc87d57de06b267fd4f88b68aa3844395faaa10", "6afbdc965e8e4146a81bd388b7385cb8340ddf9826d56a7f2cd14c5e68ca63f8", "8ecfa25626cd017f47d2c4697fc5b1cef207a30a93cf34c71b8f5a7b8b265270", "8fb66857237c75f91b98f015ad0c921b81b9c675f107cb26d88b792e90373c37", "97015bd3b326c7a149acdedd86793e9f6dfeadf714a183ec6dbf5ef8539c8f75", "c7027c531dfe86334180062dc17b4259f9c103076cbb35edc1d5d46a54721553", "d144a2d806f787aed58f5b9373bb63989c435510256a79eb4e6417b08e017879", "e9bd0fd8a733b3d3839e92ecb6f31f69aafc3d4c8ea81230e197920d98f8be89"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\.NETFRAMEWORK\\V2.0.50727\\NGENSERVICE\\LISTENEDSTATE", "value_name": "RootstoreDirty"}, {"hashes": ["0a02e9ff2470c87e6713b09e7e99652c497d1e5eeb5ccbdd527b289c871cf4a7", "13bd2fa278f7d0b76d813a689d1f70a58d962eb3d0958ef190b17457e2cd4d8f", "39f05a3801197ca302764e303c23b71079f8d2d58f4def0c54b37a2e133d48c1", "5e98e799e86a45e116b92f12a3de23dc9e3c4277e0905b068d76500adadb9b2f", "619d9389ddc28121761c04013dc87d57de06b267fd4f88b68aa3844395faaa10", "6afbdc965e8e4146a81bd388b7385cb8340ddf9826d56a7f2cd14c5e68ca63f8", "8ecfa25626cd017f47d2c4697fc5b1cef207a30a93cf34c71b8f5a7b8b265270", "8fb66857237c75f91b98f015ad0c921b81b9c675f107cb26d88b792e90373c37", "97015bd3b326c7a149acdedd86793e9f6dfeadf714a183ec6dbf5ef8539c8f75", "c7027c531dfe86334180062dc17b4259f9c103076cbb35edc1d5d46a54721553", "d144a2d806f787aed58f5b9373bb63989c435510256a79eb4e6417b08e017879", "e9bd0fd8a733b3d3839e92ecb6f31f69aafc3d4c8ea81230e197920d98f8be89"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\.NETFRAMEWORK\\V2.0.50727\\NGENSERVICE\\STATE", "value_name": "AccumulatedWaitIdleTime"}, {"hashes": ["0a02e9ff2470c87e6713b09e7e99652c497d1e5eeb5ccbdd527b289c871cf4a7", "13bd2fa278f7d0b76d813a689d1f70a58d962eb3d0958ef190b17457e2cd4d8f", "39f05a3801197ca302764e303c23b71079f8d2d58f4def0c54b37a2e133d48c1", "5e98e799e86a45e116b92f12a3de23dc9e3c4277e0905b068d76500adadb9b2f", "619d9389ddc28121761c04013dc87d57de06b267fd4f88b68aa3844395faaa10", "6afbdc965e8e4146a81bd388b7385cb8340ddf9826d56a7f2cd14c5e68ca63f8", "8ecfa25626cd017f47d2c4697fc5b1cef207a30a93cf34c71b8f5a7b8b265270", "8fb66857237c75f91b98f015ad0c921b81b9c675f107cb26d88b792e90373c37", "97015bd3b326c7a149acdedd86793e9f6dfeadf714a183ec6dbf5ef8539c8f75", "c7027c531dfe86334180062dc17b4259f9c103076cbb35edc1d5d46a54721553", "d144a2d806f787aed58f5b9373bb63989c435510256a79eb4e6417b08e017879", "e9bd0fd8a733b3d3839e92ecb6f31f69aafc3d4c8ea81230e197920d98f8be89"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\.NETFRAMEWORK\\V2.0.50727\\NGENSERVICE\\LISTENEDSTATE", "value_name": "RootstoreDirty"}, {"hashes": ["39f05a3801197ca302764e303c23b71079f8d2d58f4def0c54b37a2e133d48c1", "6afbdc965e8e4146a81bd388b7385cb8340ddf9826d56a7f2cd14c5e68ca63f8"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\.NETFRAMEWORK\\V2.0.50727\\NGENSERVICE\\ROOTS\\SYSTEM, VERSION=4.0.0.0, CULTURE=NEUTRAL, PUBLICKEYTOKEN=B77A5C561934E089\\1", "value_name": "Status"}, {"hashes": ["39f05a3801197ca302764e303c23b71079f8d2d58f4def0c54b37a2e133d48c1", "6afbdc965e8e4146a81bd388b7385cb8340ddf9826d56a7f2cd14c5e68ca63f8"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\.NETFRAMEWORK\\V2.0.50727\\NGENSERVICE\\ROOTS\\MSCORLIB, VERSION=4.0.0.0, CULTURE=NEUTRAL, PUBLICKEYTOKEN=B77A5C561934E089\\0", "value_name": "Scenario"}, {"hashes": ["39f05a3801197ca302764e303c23b71079f8d2d58f4def0c54b37a2e133d48c1", "6afbdc965e8e4146a81bd388b7385cb8340ddf9826d56a7f2cd14c5e68ca63f8"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\.NETFRAMEWORK\\V2.0.50727\\NGENSERVICE\\ROOTS\\MSCORLIB, VERSION=4.0.0.0, CULTURE=NEUTRAL, PUBLICKEYTOKEN=B77A5C561934E089\\0", "value_name": "Status"}, {"hashes": ["39f05a3801197ca302764e303c23b71079f8d2d58f4def0c54b37a2e133d48c1", "6afbdc965e8e4146a81bd388b7385cb8340ddf9826d56a7f2cd14c5e68ca63f8"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\.NETFRAMEWORK\\V2.0.50727\\NGENSERVICE\\ROOTS\\MSCORLIB, VERSION=4.0.0.0, CULTURE=NEUTRAL, PUBLICKEYTOKEN=B77A5C561934E089\\0", "value_name": "RuntimeVersion"}, {"hashes": ["39f05a3801197ca302764e303c23b71079f8d2d58f4def0c54b37a2e133d48c1", "6afbdc965e8e4146a81bd388b7385cb8340ddf9826d56a7f2cd14c5e68ca63f8"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\.NETFRAMEWORK\\V2.0.50727\\NGENSERVICE\\ROOTS\\MSCORLIB, VERSION=4.0.0.0, CULTURE=NEUTRAL, PUBLICKEYTOKEN=B77A5C561934E089\\0", "value_name": "ImageList"}, {"hashes": ["39f05a3801197ca302764e303c23b71079f8d2d58f4def0c54b37a2e133d48c1", "6afbdc965e8e4146a81bd388b7385cb8340ddf9826d56a7f2cd14c5e68ca63f8"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\.NETFRAMEWORK\\V2.0.50727\\NGENSERVICE\\ROOTS\\SYSTEM, VERSION=4.0.0.0, CULTURE=NEUTRAL, PUBLICKEYTOKEN=B77A5C561934E089\\0", "value_name": "Scenario"}, {"hashes": ["39f05a3801197ca302764e303c23b71079f8d2d58f4def0c54b37a2e133d48c1", "6afbdc965e8e4146a81bd388b7385cb8340ddf9826d56a7f2cd14c5e68ca63f8"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\.NETFRAMEWORK\\V2.0.50727\\NGENSERVICE\\ROOTS\\SYSTEM, VERSION=4.0.0.0, CULTURE=NEUTRAL, PUBLICKEYTOKEN=B77A5C561934E089\\0", "value_name": "Status"}, {"hashes": ["39f05a3801197ca302764e303c23b71079f8d2d58f4def0c54b37a2e133d48c1", "6afbdc965e8e4146a81bd388b7385cb8340ddf9826d56a7f2cd14c5e68ca63f8"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\.NETFRAMEWORK\\V2.0.50727\\NGENSERVICE\\ROOTS\\SYSTEM, VERSION=4.0.0.0, CULTURE=NEUTRAL, PUBLICKEYTOKEN=B77A5C561934E089\\0", "value_name": "RuntimeVersion"}, {"hashes": ["39f05a3801197ca302764e303c23b71079f8d2d58f4def0c54b37a2e133d48c1", "6afbdc965e8e4146a81bd388b7385cb8340ddf9826d56a7f2cd14c5e68ca63f8"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\.NETFRAMEWORK\\V2.0.50727\\NGENSERVICE\\ROOTS\\SYSTEM, VERSION=4.0.0.0, CULTURE=NEUTRAL, PUBLICKEYTOKEN=B77A5C561934E089\\0", "value_name": "ImageList"}, {"hashes": ["39f05a3801197ca302764e303c23b71079f8d2d58f4def0c54b37a2e133d48c1", "6afbdc965e8e4146a81bd388b7385cb8340ddf9826d56a7f2cd14c5e68ca63f8"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\.NETFRAMEWORK\\V2.0.50727\\NGENSERVICE\\ROOTS\\MSCORLIB, VERSION=4.0.0.0, CULTURE=NEUTRAL, PUBLICKEYTOKEN=B77A5C561934E089", "value_name": "Status"}, {"hashes": ["39f05a3801197ca302764e303c23b71079f8d2d58f4def0c54b37a2e133d48c1", "6afbdc965e8e4146a81bd388b7385cb8340ddf9826d56a7f2cd14c5e68ca63f8"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\.NETFRAMEWORK\\V2.0.50727\\NGENSERVICE\\ROOTS\\SYSTEM, VERSION=4.0.0.0, CULTURE=NEUTRAL, PUBLICKEYTOKEN=B77A5C561934E089", "value_name": "Status"}]}, "reports_count": 12}, "exprev": [{"count": 11916, "description": "Process hollowing is a technique used by some programs to avoid static analysis. In typical usage, a process is started and its obfuscated or encrypted contents are unpacked into memory. The parent then manually sets up the first stages of launching a child process, but before launching it, the memory is cleared and filled in with the memory from the parent instead.", "name": "Process hollowing detected"}, {"count": 2673, "description": "A PowerShell command with a very long command line argument that may indicate an obfuscated script has been detected. PowerShell is an extensible Windows scripting language present on all versions of Windows. Malware authors use PowerShell in an attempt to evade security software or other monitoring that is not tuned to detect PowerShell based threats.", "name": "Excessively long PowerShell command detected"}, {"count": 2527, "description": "An exploit payload intended to connect back to an attacker controlled host using tcp has been detected.", "name": "Reverse tcp payload detected"}, {"count": 1344, "description": "Crystalbit-Apple DLL double hijack was detected. During this attack, the adversary abuses two legitimate vendor applications, such as CrystalBit and Apple, as part of a dll double hijack attack chain that starts with a fraudulent software bundle and eventually leads to a persistent miner and in some cases spyware deployment.", "name": "Crystalbit-Apple DLL double hijack detected"}, {"count": 826, "description": "A process was injected into, most likely by an existing Kovter infection. Kovter is a click fraud Trojan that can also act as an information stealer. Kovter is also file-less malware meaning the malicious DLL is stored inside Windows registry and injected directly into memory using PowerShell. It can detect and report the usage of monitoring software such as wireshark and sandboxes to its C2. It spreads through malicious advertising and spam campaigns.", "name": "Kovter injection detected"}, {"count": 682, "description": "A process associated with Microsoft Office, such as EXCEL.exe or WINWORD.exe, has started a Windows utility such as powershell.exe or cmd.exe. This is typical behavior of malicious documents executing additional scripts. This behavior is extremely suspicious and is associated with many malware different malware campaigns and families.", "name": "A Microsoft Office process has started a windows utility."}, {"count": 593, "description": "An attempt to bypass application whitelisting via the \"Squiblydoo\" technique has been detected. This typically involves using regsvr32.exe to execute script content hosted on an attacker controlled server.", "name": "Squiblydoo application whitelist bypass attempt detected."}, {"count": 214, "description": "DealPly is adware, which claims to improve your online shopping experience. It is often bundled into other legitimate installers and is difficult to uninstall. It creates pop-up advertisements and injects advertisements on webpages. Adware has also been known to download and install malware.", "name": "Dealply adware detected"}, {"count": 144, "description": "Gamarue is a family of malware that can download files and steal information from an infected system. Worm variants of the Gamarue family may spread by infecting USB drives or portable hard disks that have been plugged into a compromised system.", "name": "Gamarue malware detected"}, {"count": 109, "description": "Trickbot is a banking Trojan which appeared in late 2016. Due to the similarities between Trickbot and Dyre, it is suspected some of the individuals responsible for Dyre are now responsible for Trickbot. Trickbot has been rapidly evolving over the months since it has appeared. However, Trickbot is still missing some of the capabilities Dyre possessed. Its current modules include DLL injection, system information gathering, and email searching.", "name": "Trickbot malware detected"}, {"count": 57, "description": "An attempt to exploit CVE-2019-0708 has been detected. The vulnerability, dubbed BlueKeep, is a heap memory corruption which can be triggered by sending a specially crafted Remote Desktop Protocol (RDP) request. Since this vulnerability can be triggered without authentication and allows remote code execution, it can be used by worms to spread automatically without human interaction.", "name": "CVE-2019-0708 detected"}, {"count": 29, "description": "Houdini/HWORM detected. This worm uses an obfuscated VBScript to drop additional malware such as njRAT.", "name": "Houdini/HWORM detected"}, {"count": 26, "description": "IcedID is a banking Trojan. It uses both web browser injection and browser redirection to steal banking and/or other financial credentials and data. The features and sophistication of IcedID demonstrate the malware author's knowledge and technical skill for this kind of fraud, and suggest the authors have previous experience creating banking Trojans. IcedID has been observed being installed by Emotet or Ursnif. Systems infected with IcedID should also be scanned for additional malware infections.", "name": "IcedID malware detected"}, {"count": 19, "description": "A site commonly used by fileless malware to download additional data has been detected. Several different families of malware have been observed using these sites to download additional stages to inject into other processes.", "name": "Possible fileless malware download"}, {"count": 11, "description": "Smoke Loader has been detected. Smokeloader is used mainly to execute other malicious software, like ransomware or cryptocurrency miners. Its initial infection vector is usually an email with a malicious Microsoft Word document or delivered through an exploit kit. Smokeloader uses various plugins designed to steal data from its victims, particularly credentials stored on the system or transfered over HTTP, HTTPS, FTP, SMTP, POP3 or IMAP.", "name": "Smoke Loader detected"}, {"count": 10, "description": "A malware dropper has been detected. A dropper will download or unpack addtional malware during it's execution. A variety of techniques can be employed for the payload to gain persistence and escalate privelege if neccessary.", "name": "Malware dropper detected"}, {"count": 9, "description": "Install core is an installer which bundles legitimate applications with offers for additional third-party applications that may be unwanted. The unwanted applications are often adware that display advertising in the form of popups or by injecting into browsers and adding or altering advertisements on webpages. Adware is known to sometimes download and install malware.", "name": "Installcore adware detected"}, {"count": 9, "description": "Maze ransomware has been detected injecting into rundll32.exe or regsvr32.exe. Maze can encrypt files on the victim and demand a ransom. It can also exfiltrate data back to the attacker prior to encryption.", "name": "Maze ransomware detected"}, {"count": 7, "description": "Command line options indicating usage of XMRig Miner have been detected. Malware sometimes uses compromised hosts to mine for cryptocurrency on behalf of the attacker.", "name": "XMRig Miner Detected"}], "info": {"origin": "Cisco Talos Intelligence Group", "publication_date": "2021-03-19T17:59:46+00:00", "version": "2.1", "warning": "As a reminder, the information provided for the following threatsin this post is non-exhaustive and current as of the date ofpublication. Additionally, please keep in mind that IOC searchingis only one part of threat hunting. Spotting a single IOC does notnecessarily indicate maliciousness. Detection and coverage for thefollowing threats is subject to updates, pending additional threator vulnerability analysis. For the most current information, pleaserefer to your Firepower Management Center, Snort.org, or ClamAV.net."}, "signatures": ["Win.Spyware.Zbot-9840421-0", "Win.Packed.Dridex-9841183-1", "Win.Packed.Tofsee-9840468-0", "Win.Virus.Xpiro-9840486-1", "Win.Dropper.Remcos-9840541-0", "Win.Trojan.Zegost-9840609-0", "Win.Malware.Zusy-9840642-0", "Win.Malware.Ursnif-9841720-0", "Win.Malware.Kovter-9841885-0"]}