{"Win.Downloader.Banload-9846782-0": {"bis": [{"bi": "pe-encrypted-section", "hashes": ["4fbd5b9f4b6fc12e109c1f0b711401a90dbae06427b33e6d472d0968a0a67a8e", "1ab100ea0c58f92f09c3b1ef06b4bbc9915fd7f877cb7624ee23ef0ea91f5d13", "4d25207402fcd112e88fd1b3610553408e2a5da707b308b6bb43aeb549d92030", "82e4b9eec8ce45fa217f4bfe065087e601ecbec59bcdbbbaf0bf9023ce9b3c3c", "aa270b649a24b18087439c7c44eb1d25bfe1e7390851e2a0f90b3e45b664bd3f", "c22e42572995f3c1f36531c4f3626742b0c2a1f4f7a6708f03dfe13989d610ea", "79fb9bf6ff6a69d77de997c4a26d84a387699755e6781c6936dd6de5971aaad4", "6a5577acf9fa2383aff69a89528437e19d925a617bc175cd64e084307f77d0d5", "bc8c8889e370b69061489e3d2f478d0126ae15cf6efa740193d0b06a98088218"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "memory-execute-readwrite", "hashes": ["4fbd5b9f4b6fc12e109c1f0b711401a90dbae06427b33e6d472d0968a0a67a8e", "1ab100ea0c58f92f09c3b1ef06b4bbc9915fd7f877cb7624ee23ef0ea91f5d13", "4d25207402fcd112e88fd1b3610553408e2a5da707b308b6bb43aeb549d92030", "82e4b9eec8ce45fa217f4bfe065087e601ecbec59bcdbbbaf0bf9023ce9b3c3c", "aa270b649a24b18087439c7c44eb1d25bfe1e7390851e2a0f90b3e45b664bd3f", "c22e42572995f3c1f36531c4f3626742b0c2a1f4f7a6708f03dfe13989d610ea", "79fb9bf6ff6a69d77de997c4a26d84a387699755e6781c6936dd6de5971aaad4", "6a5577acf9fa2383aff69a89528437e19d925a617bc175cd64e084307f77d0d5", "bc8c8889e370b69061489e3d2f478d0126ae15cf6efa740193d0b06a98088218"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "cta-static-analyzer-malicious", "hashes": ["4fbd5b9f4b6fc12e109c1f0b711401a90dbae06427b33e6d472d0968a0a67a8e", "1ab100ea0c58f92f09c3b1ef06b4bbc9915fd7f877cb7624ee23ef0ea91f5d13", "4d25207402fcd112e88fd1b3610553408e2a5da707b308b6bb43aeb549d92030", "82e4b9eec8ce45fa217f4bfe065087e601ecbec59bcdbbbaf0bf9023ce9b3c3c", "aa270b649a24b18087439c7c44eb1d25bfe1e7390851e2a0f90b3e45b664bd3f", "c22e42572995f3c1f36531c4f3626742b0c2a1f4f7a6708f03dfe13989d610ea", "79fb9bf6ff6a69d77de997c4a26d84a387699755e6781c6936dd6de5971aaad4", "6a5577acf9fa2383aff69a89528437e19d925a617bc175cd64e084307f77d0d5", "bc8c8889e370b69061489e3d2f478d0126ae15cf6efa740193d0b06a98088218"], "mitre_attack_tags": []}, {"bi": "pe-section-execute-writable", "hashes": ["4fbd5b9f4b6fc12e109c1f0b711401a90dbae06427b33e6d472d0968a0a67a8e", "1ab100ea0c58f92f09c3b1ef06b4bbc9915fd7f877cb7624ee23ef0ea91f5d13", "4d25207402fcd112e88fd1b3610553408e2a5da707b308b6bb43aeb549d92030", "82e4b9eec8ce45fa217f4bfe065087e601ecbec59bcdbbbaf0bf9023ce9b3c3c", "aa270b649a24b18087439c7c44eb1d25bfe1e7390851e2a0f90b3e45b664bd3f", "c22e42572995f3c1f36531c4f3626742b0c2a1f4f7a6708f03dfe13989d610ea", "79fb9bf6ff6a69d77de997c4a26d84a387699755e6781c6936dd6de5971aaad4", "6a5577acf9fa2383aff69a89528437e19d925a617bc175cd64e084307f77d0d5", "bc8c8889e370b69061489e3d2f478d0126ae15cf6efa740193d0b06a98088218"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-packed-upx", "hashes": ["4fbd5b9f4b6fc12e109c1f0b711401a90dbae06427b33e6d472d0968a0a67a8e", "1ab100ea0c58f92f09c3b1ef06b4bbc9915fd7f877cb7624ee23ef0ea91f5d13", "4d25207402fcd112e88fd1b3610553408e2a5da707b308b6bb43aeb549d92030", "82e4b9eec8ce45fa217f4bfe065087e601ecbec59bcdbbbaf0bf9023ce9b3c3c", "aa270b649a24b18087439c7c44eb1d25bfe1e7390851e2a0f90b3e45b664bd3f", "c22e42572995f3c1f36531c4f3626742b0c2a1f4f7a6708f03dfe13989d610ea", "79fb9bf6ff6a69d77de997c4a26d84a387699755e6781c6936dd6de5971aaad4", "6a5577acf9fa2383aff69a89528437e19d925a617bc175cd64e084307f77d0d5", "bc8c8889e370b69061489e3d2f478d0126ae15cf6efa740193d0b06a98088218"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "modified-file-in-system-dir", "hashes": ["4fbd5b9f4b6fc12e109c1f0b711401a90dbae06427b33e6d472d0968a0a67a8e", "1ab100ea0c58f92f09c3b1ef06b4bbc9915fd7f877cb7624ee23ef0ea91f5d13", "4d25207402fcd112e88fd1b3610553408e2a5da707b308b6bb43aeb549d92030", "82e4b9eec8ce45fa217f4bfe065087e601ecbec59bcdbbbaf0bf9023ce9b3c3c", "aa270b649a24b18087439c7c44eb1d25bfe1e7390851e2a0f90b3e45b664bd3f", "c22e42572995f3c1f36531c4f3626742b0c2a1f4f7a6708f03dfe13989d610ea", "79fb9bf6ff6a69d77de997c4a26d84a387699755e6781c6936dd6de5971aaad4", "6a5577acf9fa2383aff69a89528437e19d925a617bc175cd64e084307f77d0d5", "bc8c8889e370b69061489e3d2f478d0126ae15cf6efa740193d0b06a98088218"], "mitre_attack_tags": []}, {"bi": "pe-tls-callback", "hashes": ["4fbd5b9f4b6fc12e109c1f0b711401a90dbae06427b33e6d472d0968a0a67a8e", "1ab100ea0c58f92f09c3b1ef06b4bbc9915fd7f877cb7624ee23ef0ea91f5d13", "4d25207402fcd112e88fd1b3610553408e2a5da707b308b6bb43aeb549d92030", "82e4b9eec8ce45fa217f4bfe065087e601ecbec59bcdbbbaf0bf9023ce9b3c3c", "aa270b649a24b18087439c7c44eb1d25bfe1e7390851e2a0f90b3e45b664bd3f", "c22e42572995f3c1f36531c4f3626742b0c2a1f4f7a6708f03dfe13989d610ea", "79fb9bf6ff6a69d77de997c4a26d84a387699755e6781c6936dd6de5971aaad4", "6a5577acf9fa2383aff69a89528437e19d925a617bc175cd64e084307f77d0d5", "bc8c8889e370b69061489e3d2f478d0126ae15cf6efa740193d0b06a98088218"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-header-timestamp-prior", "hashes": ["4fbd5b9f4b6fc12e109c1f0b711401a90dbae06427b33e6d472d0968a0a67a8e", "1ab100ea0c58f92f09c3b1ef06b4bbc9915fd7f877cb7624ee23ef0ea91f5d13", "4d25207402fcd112e88fd1b3610553408e2a5da707b308b6bb43aeb549d92030", "82e4b9eec8ce45fa217f4bfe065087e601ecbec59bcdbbbaf0bf9023ce9b3c3c", "aa270b649a24b18087439c7c44eb1d25bfe1e7390851e2a0f90b3e45b664bd3f", "c22e42572995f3c1f36531c4f3626742b0c2a1f4f7a6708f03dfe13989d610ea", "79fb9bf6ff6a69d77de997c4a26d84a387699755e6781c6936dd6de5971aaad4", "6a5577acf9fa2383aff69a89528437e19d925a617bc175cd64e084307f77d0d5", "bc8c8889e370b69061489e3d2f478d0126ae15cf6efa740193d0b06a98088218"], "mitre_attack_tags": []}, {"bi": "malware-misspell-binary", "hashes": ["4fbd5b9f4b6fc12e109c1f0b711401a90dbae06427b33e6d472d0968a0a67a8e", "1ab100ea0c58f92f09c3b1ef06b4bbc9915fd7f877cb7624ee23ef0ea91f5d13", "4d25207402fcd112e88fd1b3610553408e2a5da707b308b6bb43aeb549d92030", "82e4b9eec8ce45fa217f4bfe065087e601ecbec59bcdbbbaf0bf9023ce9b3c3c", "aa270b649a24b18087439c7c44eb1d25bfe1e7390851e2a0f90b3e45b664bd3f", "c22e42572995f3c1f36531c4f3626742b0c2a1f4f7a6708f03dfe13989d610ea", "79fb9bf6ff6a69d77de997c4a26d84a387699755e6781c6936dd6de5971aaad4", "6a5577acf9fa2383aff69a89528437e19d925a617bc175cd64e084307f77d0d5", "bc8c8889e370b69061489e3d2f478d0126ae15cf6efa740193d0b06a98088218"], "mitre_attack_tags": ["TA0005", "T1036"]}, {"bi": "network-communications-http-get", "hashes": ["4fbd5b9f4b6fc12e109c1f0b711401a90dbae06427b33e6d472d0968a0a67a8e", "1ab100ea0c58f92f09c3b1ef06b4bbc9915fd7f877cb7624ee23ef0ea91f5d13", "4d25207402fcd112e88fd1b3610553408e2a5da707b308b6bb43aeb549d92030", "aa270b649a24b18087439c7c44eb1d25bfe1e7390851e2a0f90b3e45b664bd3f", "c22e42572995f3c1f36531c4f3626742b0c2a1f4f7a6708f03dfe13989d610ea", "79fb9bf6ff6a69d77de997c4a26d84a387699755e6781c6936dd6de5971aaad4", "6a5577acf9fa2383aff69a89528437e19d925a617bc175cd64e084307f77d0d5", "bc8c8889e370b69061489e3d2f478d0126ae15cf6efa740193d0b06a98088218"], "mitre_attack_tags": ["TA0011", "T1105"]}, {"bi": "network-only-safe-domains-contacted", "hashes": ["4fbd5b9f4b6fc12e109c1f0b711401a90dbae06427b33e6d472d0968a0a67a8e", "1ab100ea0c58f92f09c3b1ef06b4bbc9915fd7f877cb7624ee23ef0ea91f5d13", "4d25207402fcd112e88fd1b3610553408e2a5da707b308b6bb43aeb549d92030", "aa270b649a24b18087439c7c44eb1d25bfe1e7390851e2a0f90b3e45b664bd3f", "c22e42572995f3c1f36531c4f3626742b0c2a1f4f7a6708f03dfe13989d610ea", "6a5577acf9fa2383aff69a89528437e19d925a617bc175cd64e084307f77d0d5", "bc8c8889e370b69061489e3d2f478d0126ae15cf6efa740193d0b06a98088218"], "mitre_attack_tags": []}, {"bi": "http-response-redirect", "hashes": ["4fbd5b9f4b6fc12e109c1f0b711401a90dbae06427b33e6d472d0968a0a67a8e", "1ab100ea0c58f92f09c3b1ef06b4bbc9915fd7f877cb7624ee23ef0ea91f5d13", "4d25207402fcd112e88fd1b3610553408e2a5da707b308b6bb43aeb549d92030", "aa270b649a24b18087439c7c44eb1d25bfe1e7390851e2a0f90b3e45b664bd3f", "c22e42572995f3c1f36531c4f3626742b0c2a1f4f7a6708f03dfe13989d610ea", "6a5577acf9fa2383aff69a89528437e19d925a617bc175cd64e084307f77d0d5", "bc8c8889e370b69061489e3d2f478d0126ae15cf6efa740193d0b06a98088218"], "mitre_attack_tags": []}, {"bi": "html-small-file-redirect", "hashes": ["4fbd5b9f4b6fc12e109c1f0b711401a90dbae06427b33e6d472d0968a0a67a8e", "1ab100ea0c58f92f09c3b1ef06b4bbc9915fd7f877cb7624ee23ef0ea91f5d13", "4d25207402fcd112e88fd1b3610553408e2a5da707b308b6bb43aeb549d92030", "aa270b649a24b18087439c7c44eb1d25bfe1e7390851e2a0f90b3e45b664bd3f", "c22e42572995f3c1f36531c4f3626742b0c2a1f4f7a6708f03dfe13989d610ea", "6a5577acf9fa2383aff69a89528437e19d925a617bc175cd64e084307f77d0d5", "bc8c8889e370b69061489e3d2f478d0126ae15cf6efa740193d0b06a98088218"], "mitre_attack_tags": []}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["1ab100ea0c58f92f09c3b1ef06b4bbc9915fd7f877cb7624ee23ef0ea91f5d13", "4d25207402fcd112e88fd1b3610553408e2a5da707b308b6bb43aeb549d92030", "82e4b9eec8ce45fa217f4bfe065087e601ecbec59bcdbbbaf0bf9023ce9b3c3c", "aa270b649a24b18087439c7c44eb1d25bfe1e7390851e2a0f90b3e45b664bd3f", "79fb9bf6ff6a69d77de997c4a26d84a387699755e6781c6936dd6de5971aaad4", "6a5577acf9fa2383aff69a89528437e19d925a617bc175cd64e084307f77d0d5"], "mitre_attack_tags": []}, {"bi": "deleted-executable-in-system-dir", "hashes": ["4fbd5b9f4b6fc12e109c1f0b711401a90dbae06427b33e6d472d0968a0a67a8e", "82e4b9eec8ce45fa217f4bfe065087e601ecbec59bcdbbbaf0bf9023ce9b3c3c", "c22e42572995f3c1f36531c4f3626742b0c2a1f4f7a6708f03dfe13989d610ea", "6a5577acf9fa2383aff69a89528437e19d925a617bc175cd64e084307f77d0d5", "bc8c8889e370b69061489e3d2f478d0126ae15cf6efa740193d0b06a98088218"], "mitre_attack_tags": []}, {"bi": "network-fast-flux-domain", "hashes": ["1ab100ea0c58f92f09c3b1ef06b4bbc9915fd7f877cb7624ee23ef0ea91f5d13", "4d25207402fcd112e88fd1b3610553408e2a5da707b308b6bb43aeb549d92030", "aa270b649a24b18087439c7c44eb1d25bfe1e7390851e2a0f90b3e45b664bd3f", "79fb9bf6ff6a69d77de997c4a26d84a387699755e6781c6936dd6de5971aaad4"], "mitre_attack_tags": []}, {"bi": "artifact-flagged-anomaly", "hashes": ["1ab100ea0c58f92f09c3b1ef06b4bbc9915fd7f877cb7624ee23ef0ea91f5d13", "4d25207402fcd112e88fd1b3610553408e2a5da707b308b6bb43aeb549d92030", "aa270b649a24b18087439c7c44eb1d25bfe1e7390851e2a0f90b3e45b664bd3f"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "dns-query-nxdomain", "hashes": ["1ab100ea0c58f92f09c3b1ef06b4bbc9915fd7f877cb7624ee23ef0ea91f5d13", "82e4b9eec8ce45fa217f4bfe065087e601ecbec59bcdbbbaf0bf9023ce9b3c3c", "aa270b649a24b18087439c7c44eb1d25bfe1e7390851e2a0f90b3e45b664bd3f"], "mitre_attack_tags": []}, {"bi": "feed-domain-antivirus-service", "hashes": ["1ab100ea0c58f92f09c3b1ef06b4bbc9915fd7f877cb7624ee23ef0ea91f5d13", "82e4b9eec8ce45fa217f4bfe065087e601ecbec59bcdbbbaf0bf9023ce9b3c3c", "aa270b649a24b18087439c7c44eb1d25bfe1e7390851e2a0f90b3e45b664bd3f"], "mitre_attack_tags": []}, {"bi": "network-snort-protocol", "hashes": ["aa270b649a24b18087439c7c44eb1d25bfe1e7390851e2a0f90b3e45b664bd3f", "79fb9bf6ff6a69d77de997c4a26d84a387699755e6781c6936dd6de5971aaad4", "bc8c8889e370b69061489e3d2f478d0126ae15cf6efa740193d0b06a98088218"], "mitre_attack_tags": []}, {"bi": "netbios-query", "hashes": ["1ab100ea0c58f92f09c3b1ef06b4bbc9915fd7f877cb7624ee23ef0ea91f5d13", "aa270b649a24b18087439c7c44eb1d25bfe1e7390851e2a0f90b3e45b664bd3f"], "mitre_attack_tags": []}, {"bi": "network-fast-flux-nameserver", "hashes": ["1ab100ea0c58f92f09c3b1ef06b4bbc9915fd7f877cb7624ee23ef0ea91f5d13"], "mitre_attack_tags": []}, {"bi": "network-dns-safe-categories", "hashes": ["82e4b9eec8ce45fa217f4bfe065087e601ecbec59bcdbbbaf0bf9023ce9b3c3c"], "mitre_attack_tags": []}, {"bi": "network-dns-category-harmful", "hashes": ["82e4b9eec8ce45fa217f4bfe065087e601ecbec59bcdbbbaf0bf9023ce9b3c3c"], "mitre_attack_tags": []}, {"bi": "modified-file-in-user-dir", "hashes": ["aa270b649a24b18087439c7c44eb1d25bfe1e7390851e2a0f90b3e45b664bd3f"], "mitre_attack_tags": []}, {"bi": "artifact-flagged-obfuscation", "hashes": ["aa270b649a24b18087439c7c44eb1d25bfe1e7390851e2a0f90b3e45b664bd3f"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "network-file-uploaded", "hashes": ["aa270b649a24b18087439c7c44eb1d25bfe1e7390851e2a0f90b3e45b664bd3f"], "mitre_attack_tags": ["TA0010", "T1011"]}, {"bi": "network-communications-http-post", "hashes": ["aa270b649a24b18087439c7c44eb1d25bfe1e7390851e2a0f90b3e45b664bd3f"], "mitre_attack_tags": ["TA0010", "T1048"]}, {"bi": "url-forced-download-prompt", "hashes": ["aa270b649a24b18087439c7c44eb1d25bfe1e7390851e2a0f90b3e45b664bd3f"], "mitre_attack_tags": ["TA0011", "T1105"]}, {"bi": "network-file-downloaded-to-disk", "hashes": ["aa270b649a24b18087439c7c44eb1d25bfe1e7390851e2a0f90b3e45b664bd3f"], "mitre_attack_tags": []}, {"bi": "url-not-found", "hashes": ["aa270b649a24b18087439c7c44eb1d25bfe1e7390851e2a0f90b3e45b664bd3f"], "mitre_attack_tags": []}, {"bi": "script-contains-url", "hashes": ["aa270b649a24b18087439c7c44eb1d25bfe1e7390851e2a0f90b3e45b664bd3f"], "mitre_attack_tags": []}, {"bi": "js-uses-fromcharcode", "hashes": ["aa270b649a24b18087439c7c44eb1d25bfe1e7390851e2a0f90b3e45b664bd3f"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "js-uses-eval", "hashes": ["aa270b649a24b18087439c7c44eb1d25bfe1e7390851e2a0f90b3e45b664bd3f"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "js-contains-massive-strings", "hashes": ["aa270b649a24b18087439c7c44eb1d25bfe1e7390851e2a0f90b3e45b664bd3f"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "js-uses-encrypt-decrypt", "hashes": ["aa270b649a24b18087439c7c44eb1d25bfe1e7390851e2a0f90b3e45b664bd3f"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "html-excessive-javascript-function-declaration", "hashes": ["aa270b649a24b18087439c7c44eb1d25bfe1e7390851e2a0f90b3e45b664bd3f"], "mitre_attack_tags": ["TA0001", "T1566"]}, {"bi": "js-tostring-method-detected", "hashes": ["aa270b649a24b18087439c7c44eb1d25bfe1e7390851e2a0f90b3e45b664bd3f"], "mitre_attack_tags": []}, {"bi": "antivirus-service-flagged-artifact-mid", "hashes": ["c22e42572995f3c1f36531c4f3626742b0c2a1f4f7a6708f03dfe13989d610ea"], "mitre_attack_tags": []}, {"bi": "nginx-webserver-detected", "hashes": ["79fb9bf6ff6a69d77de997c4a26d84a387699755e6781c6936dd6de5971aaad4"], "mitre_attack_tags": []}, {"bi": "http-response-client-error", "hashes": ["79fb9bf6ff6a69d77de997c4a26d84a387699755e6781c6936dd6de5971aaad4"], "mitre_attack_tags": []}], "category": "Downloader", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": true, "Threat Grid": true, "Umbrella": false, "WSA": false}, "description": "Banload is a banking trojan believed to be developed by Brazilian cybercriminals and is used primarily to infect machines in Latin America. One notable aspect of Banload is its use of custom kernel-drivers to evade detection.", "hashes": ["1ab100ea0c58f92f09c3b1ef06b4bbc9915fd7f877cb7624ee23ef0ea91f5d13", "4d25207402fcd112e88fd1b3610553408e2a5da707b308b6bb43aeb549d92030", "4fbd5b9f4b6fc12e109c1f0b711401a90dbae06427b33e6d472d0968a0a67a8e", "6a5577acf9fa2383aff69a89528437e19d925a617bc175cd64e084307f77d0d5", "79fb9bf6ff6a69d77de997c4a26d84a387699755e6781c6936dd6de5971aaad4", "82e4b9eec8ce45fa217f4bfe065087e601ecbec59bcdbbbaf0bf9023ce9b3c3c", "aa270b649a24b18087439c7c44eb1d25bfe1e7390851e2a0f90b3e45b664bd3f", "bc8c8889e370b69061489e3d2f478d0126ae15cf6efa740193d0b06a98088218", "c22e42572995f3c1f36531c4f3626742b0c2a1f4f7a6708f03dfe13989d610ea", "f3460d8b80016a6babb713ff793ed20f9a1c52924bbc11be86a67363dbb0ddd9"], "iocs": {"domain": [{"hashes": ["4fbd5b9f4b6fc12e109c1f0b711401a90dbae06427b33e6d472d0968a0a67a8e", "6a5577acf9fa2383aff69a89528437e19d925a617bc175cd64e084307f77d0d5", "bc8c8889e370b69061489e3d2f478d0126ae15cf6efa740193d0b06a98088218", "c22e42572995f3c1f36531c4f3626742b0c2a1f4f7a6708f03dfe13989d610ea"], "host": "atualiizer[.]100free[.]com"}, {"hashes": ["1ab100ea0c58f92f09c3b1ef06b4bbc9915fd7f877cb7624ee23ef0ea91f5d13", "4d25207402fcd112e88fd1b3610553408e2a5da707b308b6bb43aeb549d92030", "aa270b649a24b18087439c7c44eb1d25bfe1e7390851e2a0f90b3e45b664bd3f"], "host": "www[.]bing[.]com"}, {"hashes": ["1ab100ea0c58f92f09c3b1ef06b4bbc9915fd7f877cb7624ee23ef0ea91f5d13", "f3460d8b80016a6babb713ff793ed20f9a1c52924bbc11be86a67363dbb0ddd9"], "host": "www3[.]l[.]google[.]com"}, {"hashes": ["1ab100ea0c58f92f09c3b1ef06b4bbc9915fd7f877cb7624ee23ef0ea91f5d13", "f3460d8b80016a6babb713ff793ed20f9a1c52924bbc11be86a67363dbb0ddd9"], "host": "www[.]gstatic[.]com"}, {"hashes": ["1ab100ea0c58f92f09c3b1ef06b4bbc9915fd7f877cb7624ee23ef0ea91f5d13", "f3460d8b80016a6babb713ff793ed20f9a1c52924bbc11be86a67363dbb0ddd9"], "host": "pagead46[.]l[.]doubleclick[.]net"}, {"hashes": ["1ab100ea0c58f92f09c3b1ef06b4bbc9915fd7f877cb7624ee23ef0ea91f5d13", "f3460d8b80016a6babb713ff793ed20f9a1c52924bbc11be86a67363dbb0ddd9"], "host": "googleads[.]g[.]doubleclick[.]net"}, {"hashes": ["1ab100ea0c58f92f09c3b1ef06b4bbc9915fd7f877cb7624ee23ef0ea91f5d13", "f3460d8b80016a6babb713ff793ed20f9a1c52924bbc11be86a67363dbb0ddd9"], "host": "adservice[.]google[.]com"}, {"hashes": ["1ab100ea0c58f92f09c3b1ef06b4bbc9915fd7f877cb7624ee23ef0ea91f5d13", "f3460d8b80016a6babb713ff793ed20f9a1c52924bbc11be86a67363dbb0ddd9"], "host": "www[.]google[.]com[.]br"}, {"hashes": ["1ab100ea0c58f92f09c3b1ef06b4bbc9915fd7f877cb7624ee23ef0ea91f5d13", "f3460d8b80016a6babb713ff793ed20f9a1c52924bbc11be86a67363dbb0ddd9"], "host": "plus[.]l[.]google[.]com"}, {"hashes": ["1ab100ea0c58f92f09c3b1ef06b4bbc9915fd7f877cb7624ee23ef0ea91f5d13", "f3460d8b80016a6babb713ff793ed20f9a1c52924bbc11be86a67363dbb0ddd9"], "host": "apis[.]google[.]com"}, {"hashes": ["1ab100ea0c58f92f09c3b1ef06b4bbc9915fd7f877cb7624ee23ef0ea91f5d13", "aa270b649a24b18087439c7c44eb1d25bfe1e7390851e2a0f90b3e45b664bd3f"], "host": "20009ft[.]com"}, {"hashes": ["1ab100ea0c58f92f09c3b1ef06b4bbc9915fd7f877cb7624ee23ef0ea91f5d13", "f3460d8b80016a6babb713ff793ed20f9a1c52924bbc11be86a67363dbb0ddd9"], "host": "adservice[.]google[.]com[.]br"}, {"hashes": ["1ab100ea0c58f92f09c3b1ef06b4bbc9915fd7f877cb7624ee23ef0ea91f5d13", "f3460d8b80016a6babb713ff793ed20f9a1c52924bbc11be86a67363dbb0ddd9"], "host": "ogs[.]google[.]com[.]br"}, {"hashes": ["aa270b649a24b18087439c7c44eb1d25bfe1e7390851e2a0f90b3e45b664bd3f"], "host": "play[.]google[.]com"}, {"hashes": ["aa270b649a24b18087439c7c44eb1d25bfe1e7390851e2a0f90b3e45b664bd3f"], "host": "www[.]google[.]com"}, {"hashes": ["aa270b649a24b18087439c7c44eb1d25bfe1e7390851e2a0f90b3e45b664bd3f"], "host": "fonts[.]gstatic[.]com"}, {"hashes": ["aa270b649a24b18087439c7c44eb1d25bfe1e7390851e2a0f90b3e45b664bd3f"], "host": "ssl[.]gstatic[.]com"}, {"hashes": ["79fb9bf6ff6a69d77de997c4a26d84a387699755e6781c6936dd6de5971aaad4"], "host": "upkl[.]201w[.]com"}, {"hashes": ["82e4b9eec8ce45fa217f4bfe065087e601ecbec59bcdbbbaf0bf9023ce9b3c3c"], "host": "k1pack[.]awardspace[.]com"}, {"hashes": ["4d25207402fcd112e88fd1b3610553408e2a5da707b308b6bb43aeb549d92030"], "host": "www[.]corehost[.]com[.]br"}, {"hashes": ["79fb9bf6ff6a69d77de997c4a26d84a387699755e6781c6936dd6de5971aaad4"], "host": "num2[.]17986[.]net"}, {"hashes": ["f3460d8b80016a6babb713ff793ed20f9a1c52924bbc11be86a67363dbb0ddd9"], "host": "corehost[.]com[.]br"}], "file": [{"hashes": ["1ab100ea0c58f92f09c3b1ef06b4bbc9915fd7f877cb7624ee23ef0ea91f5d13", "4d25207402fcd112e88fd1b3610553408e2a5da707b308b6bb43aeb549d92030", "4fbd5b9f4b6fc12e109c1f0b711401a90dbae06427b33e6d472d0968a0a67a8e", "6a5577acf9fa2383aff69a89528437e19d925a617bc175cd64e084307f77d0d5", "79fb9bf6ff6a69d77de997c4a26d84a387699755e6781c6936dd6de5971aaad4", "82e4b9eec8ce45fa217f4bfe065087e601ecbec59bcdbbbaf0bf9023ce9b3c3c", "aa270b649a24b18087439c7c44eb1d25bfe1e7390851e2a0f90b3e45b664bd3f", "bc8c8889e370b69061489e3d2f478d0126ae15cf6efa740193d0b06a98088218", "c22e42572995f3c1f36531c4f3626742b0c2a1f4f7a6708f03dfe13989d610ea"], "path": "%SystemRoot%\\SysWOW64\\crls"}, {"hashes": ["1ab100ea0c58f92f09c3b1ef06b4bbc9915fd7f877cb7624ee23ef0ea91f5d13", "4d25207402fcd112e88fd1b3610553408e2a5da707b308b6bb43aeb549d92030", "4fbd5b9f4b6fc12e109c1f0b711401a90dbae06427b33e6d472d0968a0a67a8e", "6a5577acf9fa2383aff69a89528437e19d925a617bc175cd64e084307f77d0d5", "79fb9bf6ff6a69d77de997c4a26d84a387699755e6781c6936dd6de5971aaad4", "82e4b9eec8ce45fa217f4bfe065087e601ecbec59bcdbbbaf0bf9023ce9b3c3c", "aa270b649a24b18087439c7c44eb1d25bfe1e7390851e2a0f90b3e45b664bd3f", "bc8c8889e370b69061489e3d2f478d0126ae15cf6efa740193d0b06a98088218", "c22e42572995f3c1f36531c4f3626742b0c2a1f4f7a6708f03dfe13989d610ea"], "path": "%SystemRoot%\\SysWOW64\\pics"}, {"hashes": ["1ab100ea0c58f92f09c3b1ef06b4bbc9915fd7f877cb7624ee23ef0ea91f5d13", "4d25207402fcd112e88fd1b3610553408e2a5da707b308b6bb43aeb549d92030", "4fbd5b9f4b6fc12e109c1f0b711401a90dbae06427b33e6d472d0968a0a67a8e", "6a5577acf9fa2383aff69a89528437e19d925a617bc175cd64e084307f77d0d5", "79fb9bf6ff6a69d77de997c4a26d84a387699755e6781c6936dd6de5971aaad4", "82e4b9eec8ce45fa217f4bfe065087e601ecbec59bcdbbbaf0bf9023ce9b3c3c", "aa270b649a24b18087439c7c44eb1d25bfe1e7390851e2a0f90b3e45b664bd3f", "bc8c8889e370b69061489e3d2f478d0126ae15cf6efa740193d0b06a98088218", "c22e42572995f3c1f36531c4f3626742b0c2a1f4f7a6708f03dfe13989d610ea"], "path": "%SystemRoot%\\SysWOW64\\pics\\cards"}, {"hashes": ["1ab100ea0c58f92f09c3b1ef06b4bbc9915fd7f877cb7624ee23ef0ea91f5d13", "4d25207402fcd112e88fd1b3610553408e2a5da707b308b6bb43aeb549d92030", "4fbd5b9f4b6fc12e109c1f0b711401a90dbae06427b33e6d472d0968a0a67a8e", "6a5577acf9fa2383aff69a89528437e19d925a617bc175cd64e084307f77d0d5", "79fb9bf6ff6a69d77de997c4a26d84a387699755e6781c6936dd6de5971aaad4", "82e4b9eec8ce45fa217f4bfe065087e601ecbec59bcdbbbaf0bf9023ce9b3c3c", "aa270b649a24b18087439c7c44eb1d25bfe1e7390851e2a0f90b3e45b664bd3f", "bc8c8889e370b69061489e3d2f478d0126ae15cf6efa740193d0b06a98088218", "c22e42572995f3c1f36531c4f3626742b0c2a1f4f7a6708f03dfe13989d610ea"], "path": "%SystemRoot%\\SysWOW64\\pics\\svchostt.avi"}, {"hashes": ["4fbd5b9f4b6fc12e109c1f0b711401a90dbae06427b33e6d472d0968a0a67a8e", "6a5577acf9fa2383aff69a89528437e19d925a617bc175cd64e084307f77d0d5", "82e4b9eec8ce45fa217f4bfe065087e601ecbec59bcdbbbaf0bf9023ce9b3c3c", "bc8c8889e370b69061489e3d2f478d0126ae15cf6efa740193d0b06a98088218", "c22e42572995f3c1f36531c4f3626742b0c2a1f4f7a6708f03dfe13989d610ea"], "path": "%SystemRoot%\\SysWOW64\\crls\\crls.exe"}, {"hashes": ["4fbd5b9f4b6fc12e109c1f0b711401a90dbae06427b33e6d472d0968a0a67a8e", "6a5577acf9fa2383aff69a89528437e19d925a617bc175cd64e084307f77d0d5", "82e4b9eec8ce45fa217f4bfe065087e601ecbec59bcdbbbaf0bf9023ce9b3c3c", "bc8c8889e370b69061489e3d2f478d0126ae15cf6efa740193d0b06a98088218", "c22e42572995f3c1f36531c4f3626742b0c2a1f4f7a6708f03dfe13989d610ea"], "path": "%SystemRoot%\\SysWOW64\\pics\\cards\\isaas.avi"}, {"hashes": ["1ab100ea0c58f92f09c3b1ef06b4bbc9915fd7f877cb7624ee23ef0ea91f5d13", "4d25207402fcd112e88fd1b3610553408e2a5da707b308b6bb43aeb549d92030", "79fb9bf6ff6a69d77de997c4a26d84a387699755e6781c6936dd6de5971aaad4", "aa270b649a24b18087439c7c44eb1d25bfe1e7390851e2a0f90b3e45b664bd3f"], "path": "%SystemRoot%\\SysWOW64\\PrBypasS.dll"}, {"hashes": ["1ab100ea0c58f92f09c3b1ef06b4bbc9915fd7f877cb7624ee23ef0ea91f5d13", "4d25207402fcd112e88fd1b3610553408e2a5da707b308b6bb43aeb549d92030", "79fb9bf6ff6a69d77de997c4a26d84a387699755e6781c6936dd6de5971aaad4", "aa270b649a24b18087439c7c44eb1d25bfe1e7390851e2a0f90b3e45b664bd3f"], "path": "%SystemRoot%\\SysWOW64\\SysteM.exe"}], "ip": [{"hashes": ["4fbd5b9f4b6fc12e109c1f0b711401a90dbae06427b33e6d472d0968a0a67a8e", "6a5577acf9fa2383aff69a89528437e19d925a617bc175cd64e084307f77d0d5", "bc8c8889e370b69061489e3d2f478d0126ae15cf6efa740193d0b06a98088218", "c22e42572995f3c1f36531c4f3626742b0c2a1f4f7a6708f03dfe13989d610ea"], "ip": "205[.]134[.]173[.]66"}, {"hashes": ["1ab100ea0c58f92f09c3b1ef06b4bbc9915fd7f877cb7624ee23ef0ea91f5d13", "4d25207402fcd112e88fd1b3610553408e2a5da707b308b6bb43aeb549d92030", "aa270b649a24b18087439c7c44eb1d25bfe1e7390851e2a0f90b3e45b664bd3f"], "ip": "172[.]217[.]10[.]35"}, {"hashes": ["1ab100ea0c58f92f09c3b1ef06b4bbc9915fd7f877cb7624ee23ef0ea91f5d13", "c22e42572995f3c1f36531c4f3626742b0c2a1f4f7a6708f03dfe13989d610ea", "f3460d8b80016a6babb713ff793ed20f9a1c52924bbc11be86a67363dbb0ddd9"], "ip": "209[.]85[.]201[.]94"}, {"hashes": ["1ab100ea0c58f92f09c3b1ef06b4bbc9915fd7f877cb7624ee23ef0ea91f5d13", "c22e42572995f3c1f36531c4f3626742b0c2a1f4f7a6708f03dfe13989d610ea"], "ip": "173[.]194[.]207[.]101"}, {"hashes": ["1ab100ea0c58f92f09c3b1ef06b4bbc9915fd7f877cb7624ee23ef0ea91f5d13", "f3460d8b80016a6babb713ff793ed20f9a1c52924bbc11be86a67363dbb0ddd9"], "ip": "173[.]194[.]204[.]94"}, {"hashes": ["1ab100ea0c58f92f09c3b1ef06b4bbc9915fd7f877cb7624ee23ef0ea91f5d13", "f3460d8b80016a6babb713ff793ed20f9a1c52924bbc11be86a67363dbb0ddd9"], "ip": "209[.]85[.]144[.]157"}, {"hashes": ["1ab100ea0c58f92f09c3b1ef06b4bbc9915fd7f877cb7624ee23ef0ea91f5d13", "c22e42572995f3c1f36531c4f3626742b0c2a1f4f7a6708f03dfe13989d610ea"], "ip": "173[.]194[.]175[.]138/31"}, {"hashes": ["1ab100ea0c58f92f09c3b1ef06b4bbc9915fd7f877cb7624ee23ef0ea91f5d13", "f3460d8b80016a6babb713ff793ed20f9a1c52924bbc11be86a67363dbb0ddd9"], "ip": "34[.]212[.]89[.]14"}, {"hashes": ["1ab100ea0c58f92f09c3b1ef06b4bbc9915fd7f877cb7624ee23ef0ea91f5d13"], "ip": "13[.]107[.]21[.]200"}, {"hashes": ["aa270b649a24b18087439c7c44eb1d25bfe1e7390851e2a0f90b3e45b664bd3f"], "ip": "172[.]217[.]10[.]66"}, {"hashes": ["aa270b649a24b18087439c7c44eb1d25bfe1e7390851e2a0f90b3e45b664bd3f"], "ip": "172[.]217[.]6[.]206"}, {"hashes": ["aa270b649a24b18087439c7c44eb1d25bfe1e7390851e2a0f90b3e45b664bd3f"], "ip": "172[.]217[.]10[.]110"}, {"hashes": ["aa270b649a24b18087439c7c44eb1d25bfe1e7390851e2a0f90b3e45b664bd3f"], "ip": "172[.]217[.]10[.]46"}, {"hashes": ["aa270b649a24b18087439c7c44eb1d25bfe1e7390851e2a0f90b3e45b664bd3f"], "ip": "172[.]217[.]10[.]3"}, {"hashes": ["aa270b649a24b18087439c7c44eb1d25bfe1e7390851e2a0f90b3e45b664bd3f"], "ip": "172[.]217[.]11[.]35"}, {"hashes": ["f3460d8b80016a6babb713ff793ed20f9a1c52924bbc11be86a67363dbb0ddd9"], "ip": "173[.]194[.]207[.]139"}, {"hashes": ["f3460d8b80016a6babb713ff793ed20f9a1c52924bbc11be86a67363dbb0ddd9"], "ip": "173[.]194[.]206[.]157"}, {"hashes": ["aa270b649a24b18087439c7c44eb1d25bfe1e7390851e2a0f90b3e45b664bd3f"], "ip": "172[.]217[.]11[.]4"}, {"hashes": ["c22e42572995f3c1f36531c4f3626742b0c2a1f4f7a6708f03dfe13989d610ea"], "ip": "172[.]217[.]197[.]106"}, {"hashes": ["c22e42572995f3c1f36531c4f3626742b0c2a1f4f7a6708f03dfe13989d610ea"], "ip": "172[.]217[.]197[.]138"}, {"hashes": ["f3460d8b80016a6babb713ff793ed20f9a1c52924bbc11be86a67363dbb0ddd9"], "ip": "173[.]194[.]175[.]157"}, {"hashes": ["c22e42572995f3c1f36531c4f3626742b0c2a1f4f7a6708f03dfe13989d610ea"], "ip": "74[.]125[.]192[.]94"}, {"hashes": ["f3460d8b80016a6babb713ff793ed20f9a1c52924bbc11be86a67363dbb0ddd9"], "ip": "173[.]194[.]175[.]100"}, {"hashes": ["aa270b649a24b18087439c7c44eb1d25bfe1e7390851e2a0f90b3e45b664bd3f"], "ip": "142[.]250[.]80[.]3"}, {"hashes": ["c22e42572995f3c1f36531c4f3626742b0c2a1f4f7a6708f03dfe13989d610ea"], "ip": "172[.]217[.]222[.]132"}, {"hashes": ["4d25207402fcd112e88fd1b3610553408e2a5da707b308b6bb43aeb549d92030"], "ip": "131[.]253[.]33[.]200"}, {"hashes": ["f3460d8b80016a6babb713ff793ed20f9a1c52924bbc11be86a67363dbb0ddd9"], "ip": "52[.]43[.]72[.]100"}, {"hashes": ["79fb9bf6ff6a69d77de997c4a26d84a387699755e6781c6936dd6de5971aaad4"], "ip": "104[.]160[.]174[.]190"}, {"hashes": ["c22e42572995f3c1f36531c4f3626742b0c2a1f4f7a6708f03dfe13989d610ea"], "ip": "173[.]194[.]207[.]84"}, {"hashes": ["1ab100ea0c58f92f09c3b1ef06b4bbc9915fd7f877cb7624ee23ef0ea91f5d13"], "ip": "172[.]217[.]197[.]156/31"}, {"hashes": ["f3460d8b80016a6babb713ff793ed20f9a1c52924bbc11be86a67363dbb0ddd9"], "ip": "52[.]85[.]149[.]98"}, {"hashes": ["1ab100ea0c58f92f09c3b1ef06b4bbc9915fd7f877cb7624ee23ef0ea91f5d13"], "ip": "52[.]38[.]43[.]101"}, {"hashes": ["4d25207402fcd112e88fd1b3610553408e2a5da707b308b6bb43aeb549d92030"], "ip": "192[.]185[.]215[.]2"}, {"hashes": ["79fb9bf6ff6a69d77de997c4a26d84a387699755e6781c6936dd6de5971aaad4"], "ip": "5[.]62[.]44[.]238"}, {"hashes": ["79fb9bf6ff6a69d77de997c4a26d84a387699755e6781c6936dd6de5971aaad4"], "ip": "52[.]206[.]193[.]220"}], "mutex": [], "registry": []}, "reports_count": 10}, "Win.Malware.Kovter-9845338-0": {"bis": [{"bi": "pe-encrypted-section", "hashes": ["ede6b4693e61cd08e91a2abfd846b7162ce1f263f32e4ef4604de3c77f31303d", "48d34fb1301914c623760787d9d98f64cd37a0adc639017a6bcec2d2726cc151"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "memory-execute-readwrite", "hashes": ["ede6b4693e61cd08e91a2abfd846b7162ce1f263f32e4ef4604de3c77f31303d", "48d34fb1301914c623760787d9d98f64cd37a0adc639017a6bcec2d2726cc151"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "modified-file-in-user-dir", "hashes": ["ede6b4693e61cd08e91a2abfd846b7162ce1f263f32e4ef4604de3c77f31303d", "48d34fb1301914c623760787d9d98f64cd37a0adc639017a6bcec2d2726cc151"], "mitre_attack_tags": []}, {"bi": "artifact-flagged-obfuscation", "hashes": ["ede6b4693e61cd08e91a2abfd846b7162ce1f263f32e4ef4604de3c77f31303d", "48d34fb1301914c623760787d9d98f64cd37a0adc639017a6bcec2d2726cc151"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "wmi-process-create", "hashes": ["ede6b4693e61cd08e91a2abfd846b7162ce1f263f32e4ef4604de3c77f31303d", "48d34fb1301914c623760787d9d98f64cd37a0adc639017a6bcec2d2726cc151"], "mitre_attack_tags": ["TA0005", "TA0002", "T1218", "T1047"]}, {"bi": "process-long-cmdline", "hashes": ["ede6b4693e61cd08e91a2abfd846b7162ce1f263f32e4ef4604de3c77f31303d", "48d34fb1301914c623760787d9d98f64cd37a0adc639017a6bcec2d2726cc151"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-uses-armadillo", "hashes": ["ede6b4693e61cd08e91a2abfd846b7162ce1f263f32e4ef4604de3c77f31303d", "48d34fb1301914c623760787d9d98f64cd37a0adc639017a6bcec2d2726cc151"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "deleted-submitted-file", "hashes": ["ede6b4693e61cd08e91a2abfd846b7162ce1f263f32e4ef4604de3c77f31303d", "48d34fb1301914c623760787d9d98f64cd37a0adc639017a6bcec2d2726cc151"], "mitre_attack_tags": ["TA0005", "T1070"]}, {"bi": "registry-autorun-key-modified", "hashes": ["ede6b4693e61cd08e91a2abfd846b7162ce1f263f32e4ef4604de3c77f31303d", "48d34fb1301914c623760787d9d98f64cd37a0adc639017a6bcec2d2726cc151"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "files-created-vbs", "hashes": ["ede6b4693e61cd08e91a2abfd846b7162ce1f263f32e4ef4604de3c77f31303d", "48d34fb1301914c623760787d9d98f64cd37a0adc639017a6bcec2d2726cc151"], "mitre_attack_tags": ["TA0002", "T1059"]}, {"bi": "vbs-calls-shell", "hashes": ["ede6b4693e61cd08e91a2abfd846b7162ce1f263f32e4ef4604de3c77f31303d", "48d34fb1301914c623760787d9d98f64cd37a0adc639017a6bcec2d2726cc151"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "potential-registry-script-execution", "hashes": ["ede6b4693e61cd08e91a2abfd846b7162ce1f263f32e4ef4604de3c77f31303d", "48d34fb1301914c623760787d9d98f64cd37a0adc639017a6bcec2d2726cc151"], "mitre_attack_tags": []}, {"bi": "registry-large-data-entry", "hashes": ["ede6b4693e61cd08e91a2abfd846b7162ce1f263f32e4ef4604de3c77f31303d", "48d34fb1301914c623760787d9d98f64cd37a0adc639017a6bcec2d2726cc151"], "mitre_attack_tags": ["TA0005", "T1112"]}, {"bi": "powershell-invoke-expression-environment", "hashes": ["ede6b4693e61cd08e91a2abfd846b7162ce1f263f32e4ef4604de3c77f31303d", "48d34fb1301914c623760787d9d98f64cd37a0adc639017a6bcec2d2726cc151"], "mitre_attack_tags": ["TA0005", "TA0002", "T1202", "T1059"]}, {"bi": "registry-modification-reg", "hashes": ["ede6b4693e61cd08e91a2abfd846b7162ce1f263f32e4ef4604de3c77f31303d", "48d34fb1301914c623760787d9d98f64cd37a0adc639017a6bcec2d2726cc151"], "mitre_attack_tags": []}, {"bi": "powershell-invoke-expression", "hashes": ["ede6b4693e61cd08e91a2abfd846b7162ce1f263f32e4ef4604de3c77f31303d", "48d34fb1301914c623760787d9d98f64cd37a0adc639017a6bcec2d2726cc151"], "mitre_attack_tags": ["TA0005", "TA0002", "T1202", "T1059"]}, {"bi": "vbs-creates-and-runs", "hashes": ["ede6b4693e61cd08e91a2abfd846b7162ce1f263f32e4ef4604de3c77f31303d", "48d34fb1301914c623760787d9d98f64cd37a0adc639017a6bcec2d2726cc151"], "mitre_attack_tags": ["TA0002", "T1059"]}, {"bi": "process-windows-script-launched", "hashes": ["ede6b4693e61cd08e91a2abfd846b7162ce1f263f32e4ef4604de3c77f31303d", "48d34fb1301914c623760787d9d98f64cd37a0adc639017a6bcec2d2726cc151"], "mitre_attack_tags": ["TA0002", "T1059"]}, {"bi": "files-created-batch", "hashes": ["ede6b4693e61cd08e91a2abfd846b7162ce1f263f32e4ef4604de3c77f31303d", "48d34fb1301914c623760787d9d98f64cd37a0adc639017a6bcec2d2726cc151"], "mitre_attack_tags": ["TA0002", "T1059"]}, {"bi": "startup-folder-modification", "hashes": ["ede6b4693e61cd08e91a2abfd846b7162ce1f263f32e4ef4604de3c77f31303d", "48d34fb1301914c623760787d9d98f64cd37a0adc639017a6bcec2d2726cc151"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "artifact-lnk-calls-cmd", "hashes": ["ede6b4693e61cd08e91a2abfd846b7162ce1f263f32e4ef4604de3c77f31303d", "48d34fb1301914c623760787d9d98f64cd37a0adc639017a6bcec2d2726cc151"], "mitre_attack_tags": ["TA0002", "T1059"]}, {"bi": "startup-folder-lnk-file", "hashes": ["ede6b4693e61cd08e91a2abfd846b7162ce1f263f32e4ef4604de3c77f31303d", "48d34fb1301914c623760787d9d98f64cd37a0adc639017a6bcec2d2726cc151"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "microsoft-block-rule-list-app-executed", "hashes": ["ede6b4693e61cd08e91a2abfd846b7162ce1f263f32e4ef4604de3c77f31303d", "48d34fb1301914c623760787d9d98f64cd37a0adc639017a6bcec2d2726cc151"], "mitre_attack_tags": ["TA0005", "T1562"]}, {"bi": "startup-folder-vbs-file", "hashes": ["ede6b4693e61cd08e91a2abfd846b7162ce1f263f32e4ef4604de3c77f31303d", "48d34fb1301914c623760787d9d98f64cd37a0adc639017a6bcec2d2726cc151"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "registry-shell-default-file-handler-created", "hashes": ["ede6b4693e61cd08e91a2abfd846b7162ce1f263f32e4ef4604de3c77f31303d", "48d34fb1301914c623760787d9d98f64cd37a0adc639017a6bcec2d2726cc151"], "mitre_attack_tags": ["TA0003", "TA0004", "T1546"]}, {"bi": "process-check-virtualbox", "hashes": ["ede6b4693e61cd08e91a2abfd846b7162ce1f263f32e4ef4604de3c77f31303d", "48d34fb1301914c623760787d9d98f64cd37a0adc639017a6bcec2d2726cc151"], "mitre_attack_tags": ["TA0005", "TA0007", "T1497"]}, {"bi": "malware-kovter-registry", "hashes": ["ede6b4693e61cd08e91a2abfd846b7162ce1f263f32e4ef4604de3c77f31303d", "48d34fb1301914c623760787d9d98f64cd37a0adc639017a6bcec2d2726cc151"], "mitre_attack_tags": []}, {"bi": "service-dll-registration", "hashes": ["ede6b4693e61cd08e91a2abfd846b7162ce1f263f32e4ef4604de3c77f31303d", "48d34fb1301914c623760787d9d98f64cd37a0adc639017a6bcec2d2726cc151"], "mitre_attack_tags": ["TA0003", "TA0004", "T1543"]}, {"bi": "registry-script-detected", "hashes": ["ede6b4693e61cd08e91a2abfd846b7162ce1f263f32e4ef4604de3c77f31303d", "48d34fb1301914c623760787d9d98f64cd37a0adc639017a6bcec2d2726cc151"], "mitre_attack_tags": ["TA0005", "TA0002", "T1112", "T1059"]}, {"bi": "process-mshta-cmdline-script", "hashes": ["ede6b4693e61cd08e91a2abfd846b7162ce1f263f32e4ef4604de3c77f31303d", "48d34fb1301914c623760787d9d98f64cd37a0adc639017a6bcec2d2726cc151"], "mitre_attack_tags": ["TA0005", "T1218"]}, {"bi": "registry-ie-zone-settings-modified", "hashes": ["ede6b4693e61cd08e91a2abfd846b7162ce1f263f32e4ef4604de3c77f31303d", "48d34fb1301914c623760787d9d98f64cd37a0adc639017a6bcec2d2726cc151"], "mitre_attack_tags": ["TA0005", "T1562"]}, {"bi": "mshta-in-registry", "hashes": ["ede6b4693e61cd08e91a2abfd846b7162ce1f263f32e4ef4604de3c77f31303d", "48d34fb1301914c623760787d9d98f64cd37a0adc639017a6bcec2d2726cc151"], "mitre_attack_tags": ["TA0005", "T1112", "T1218"]}, {"bi": "file-handler-registration", "hashes": ["ede6b4693e61cd08e91a2abfd846b7162ce1f263f32e4ef4604de3c77f31303d", "48d34fb1301914c623760787d9d98f64cd37a0adc639017a6bcec2d2726cc151"], "mitre_attack_tags": ["TA0003", "TA0004", "T1546"]}, {"bi": "files-deleted-used-vbs", "hashes": ["ede6b4693e61cd08e91a2abfd846b7162ce1f263f32e4ef4604de3c77f31303d", "48d34fb1301914c623760787d9d98f64cd37a0adc639017a6bcec2d2726cc151"], "mitre_attack_tags": ["TA0005", "T1070"]}, {"bi": "network-file-uploaded", "hashes": ["ede6b4693e61cd08e91a2abfd846b7162ce1f263f32e4ef4604de3c77f31303d"], "mitre_attack_tags": ["TA0010", "T1011"]}, {"bi": "network-http-numeric-ip", "hashes": ["ede6b4693e61cd08e91a2abfd846b7162ce1f263f32e4ef4604de3c77f31303d"], "mitre_attack_tags": ["TA0011", "T1071"]}, {"bi": "network-communications-http-post", "hashes": ["ede6b4693e61cd08e91a2abfd846b7162ce1f263f32e4ef4604de3c77f31303d"], "mitre_attack_tags": ["TA0010", "T1048"]}, {"bi": "http-response-client-error", "hashes": ["ede6b4693e61cd08e91a2abfd846b7162ce1f263f32e4ef4604de3c77f31303d"], "mitre_attack_tags": []}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["48d34fb1301914c623760787d9d98f64cd37a0adc639017a6bcec2d2726cc151"], "mitre_attack_tags": []}, {"bi": "network-private-ip-address", "hashes": ["48d34fb1301914c623760787d9d98f64cd37a0adc639017a6bcec2d2726cc151"], "mitre_attack_tags": ["TA0007", "T1016"]}, {"bi": "excessive-tcp-connections", "hashes": ["48d34fb1301914c623760787d9d98f64cd37a0adc639017a6bcec2d2726cc151"], "mitre_attack_tags": ["TA0011", "T1095", "T1008"]}], "category": "Malware", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": true, "Threat Grid": true, "Umbrella": false, "WSA": false}, "description": "Kovter is known for its fileless persistence mechanism. This family of malware creates several malicious registry entries which store its malicious code. Kovter is capable of reinfecting a system, even if the file system has been cleaned of the infection. Kovter has been used in the past to spread ransomware and click-fraud malware.", "hashes": ["1300c962a03a4099017b5a5e2a3bed9a90a697dd41225da8762254eb4672c646", "15cb8f599ed80224fb24091933d68e206dc6e279a4d4512484d9dd31945bb950", "26fff24f78cb3386f0510a4f5b67ca8a194820e86bdaef18a8fb85166e84fa9f", "2f3eea82005405ecc358e98f3b07c77773ffe94b5ed3702e54d1ab5cdc6f89f0", "3c07b43aaef53c14bdbc10ae21740070319d05d9821ae4731c42042861c25536", "3cb4925d431eb2fae05d4ba1ce7b1fa68d99bb5987cd32e98a882e4cac95aa39", "42581bde3d6d22851443ccf2940a0408aacd9fc8eb3a592e62464f47dafe6576", "48d34fb1301914c623760787d9d98f64cd37a0adc639017a6bcec2d2726cc151", "5d2a6d8d3564069e724fa822949c1fdf454c6354e63d66817f21abf00b4ce62e", "6f79da35f423864eb34a942f5a907c18059708262682ce97fd45aa064bea0d76", "87cb6b69ed9a495c07d65a1b64b69023859d2dcf1615d052b53931e70683fa5e", "92a7adb7899dddca4a943dd4fa3ccc3f0de17a14f90decdf7fd73dd9c684f152", "e603b132e8700e7ac5bd875eaf1da1e9d106e191f0a463ba94f828db1849480b", "ede6b4693e61cd08e91a2abfd846b7162ce1f263f32e4ef4604de3c77f31303d", "f2040be43fbf67a7a66e9d530ad539a88e74e61b28db97fc9397b14f2e93c538"], "iocs": {"domain": [], "file": [{"hashes": ["1300c962a03a4099017b5a5e2a3bed9a90a697dd41225da8762254eb4672c646", "15cb8f599ed80224fb24091933d68e206dc6e279a4d4512484d9dd31945bb950", "26fff24f78cb3386f0510a4f5b67ca8a194820e86bdaef18a8fb85166e84fa9f", "2f3eea82005405ecc358e98f3b07c77773ffe94b5ed3702e54d1ab5cdc6f89f0", "3c07b43aaef53c14bdbc10ae21740070319d05d9821ae4731c42042861c25536", "3cb4925d431eb2fae05d4ba1ce7b1fa68d99bb5987cd32e98a882e4cac95aa39", "42581bde3d6d22851443ccf2940a0408aacd9fc8eb3a592e62464f47dafe6576", "48d34fb1301914c623760787d9d98f64cd37a0adc639017a6bcec2d2726cc151", "5d2a6d8d3564069e724fa822949c1fdf454c6354e63d66817f21abf00b4ce62e", "6f79da35f423864eb34a942f5a907c18059708262682ce97fd45aa064bea0d76", "87cb6b69ed9a495c07d65a1b64b69023859d2dcf1615d052b53931e70683fa5e", "92a7adb7899dddca4a943dd4fa3ccc3f0de17a14f90decdf7fd73dd9c684f152", "e603b132e8700e7ac5bd875eaf1da1e9d106e191f0a463ba94f828db1849480b", "ede6b4693e61cd08e91a2abfd846b7162ce1f263f32e4ef4604de3c77f31303d", "f2040be43fbf67a7a66e9d530ad539a88e74e61b28db97fc9397b14f2e93c538"], "path": "%LOCALAPPDATA%\\4dd3cc"}, {"hashes": ["1300c962a03a4099017b5a5e2a3bed9a90a697dd41225da8762254eb4672c646", "15cb8f599ed80224fb24091933d68e206dc6e279a4d4512484d9dd31945bb950", "26fff24f78cb3386f0510a4f5b67ca8a194820e86bdaef18a8fb85166e84fa9f", "2f3eea82005405ecc358e98f3b07c77773ffe94b5ed3702e54d1ab5cdc6f89f0", "3c07b43aaef53c14bdbc10ae21740070319d05d9821ae4731c42042861c25536", "3cb4925d431eb2fae05d4ba1ce7b1fa68d99bb5987cd32e98a882e4cac95aa39", "42581bde3d6d22851443ccf2940a0408aacd9fc8eb3a592e62464f47dafe6576", "48d34fb1301914c623760787d9d98f64cd37a0adc639017a6bcec2d2726cc151", "5d2a6d8d3564069e724fa822949c1fdf454c6354e63d66817f21abf00b4ce62e", "6f79da35f423864eb34a942f5a907c18059708262682ce97fd45aa064bea0d76", "87cb6b69ed9a495c07d65a1b64b69023859d2dcf1615d052b53931e70683fa5e", "92a7adb7899dddca4a943dd4fa3ccc3f0de17a14f90decdf7fd73dd9c684f152", "e603b132e8700e7ac5bd875eaf1da1e9d106e191f0a463ba94f828db1849480b", "ede6b4693e61cd08e91a2abfd846b7162ce1f263f32e4ef4604de3c77f31303d", "f2040be43fbf67a7a66e9d530ad539a88e74e61b28db97fc9397b14f2e93c538"], "path": "%LOCALAPPDATA%\\4dd3cc\\519d0f.bat"}, {"hashes": ["1300c962a03a4099017b5a5e2a3bed9a90a697dd41225da8762254eb4672c646", "15cb8f599ed80224fb24091933d68e206dc6e279a4d4512484d9dd31945bb950", "26fff24f78cb3386f0510a4f5b67ca8a194820e86bdaef18a8fb85166e84fa9f", "2f3eea82005405ecc358e98f3b07c77773ffe94b5ed3702e54d1ab5cdc6f89f0", "3c07b43aaef53c14bdbc10ae21740070319d05d9821ae4731c42042861c25536", "3cb4925d431eb2fae05d4ba1ce7b1fa68d99bb5987cd32e98a882e4cac95aa39", "42581bde3d6d22851443ccf2940a0408aacd9fc8eb3a592e62464f47dafe6576", "48d34fb1301914c623760787d9d98f64cd37a0adc639017a6bcec2d2726cc151", "5d2a6d8d3564069e724fa822949c1fdf454c6354e63d66817f21abf00b4ce62e", "6f79da35f423864eb34a942f5a907c18059708262682ce97fd45aa064bea0d76", "87cb6b69ed9a495c07d65a1b64b69023859d2dcf1615d052b53931e70683fa5e", "92a7adb7899dddca4a943dd4fa3ccc3f0de17a14f90decdf7fd73dd9c684f152", "e603b132e8700e7ac5bd875eaf1da1e9d106e191f0a463ba94f828db1849480b", "ede6b4693e61cd08e91a2abfd846b7162ce1f263f32e4ef4604de3c77f31303d", "f2040be43fbf67a7a66e9d530ad539a88e74e61b28db97fc9397b14f2e93c538"], "path": "%LOCALAPPDATA%\\4dd3cc\\8e9866.8ca9d79"}, {"hashes": ["1300c962a03a4099017b5a5e2a3bed9a90a697dd41225da8762254eb4672c646", "15cb8f599ed80224fb24091933d68e206dc6e279a4d4512484d9dd31945bb950", "26fff24f78cb3386f0510a4f5b67ca8a194820e86bdaef18a8fb85166e84fa9f", "2f3eea82005405ecc358e98f3b07c77773ffe94b5ed3702e54d1ab5cdc6f89f0", "3c07b43aaef53c14bdbc10ae21740070319d05d9821ae4731c42042861c25536", "3cb4925d431eb2fae05d4ba1ce7b1fa68d99bb5987cd32e98a882e4cac95aa39", "42581bde3d6d22851443ccf2940a0408aacd9fc8eb3a592e62464f47dafe6576", "48d34fb1301914c623760787d9d98f64cd37a0adc639017a6bcec2d2726cc151", "5d2a6d8d3564069e724fa822949c1fdf454c6354e63d66817f21abf00b4ce62e", "6f79da35f423864eb34a942f5a907c18059708262682ce97fd45aa064bea0d76", "87cb6b69ed9a495c07d65a1b64b69023859d2dcf1615d052b53931e70683fa5e", "92a7adb7899dddca4a943dd4fa3ccc3f0de17a14f90decdf7fd73dd9c684f152", "e603b132e8700e7ac5bd875eaf1da1e9d106e191f0a463ba94f828db1849480b", "ede6b4693e61cd08e91a2abfd846b7162ce1f263f32e4ef4604de3c77f31303d", "f2040be43fbf67a7a66e9d530ad539a88e74e61b28db97fc9397b14f2e93c538"], "path": "%LOCALAPPDATA%\\4dd3cc\\d95adb.lnk"}, {"hashes": ["1300c962a03a4099017b5a5e2a3bed9a90a697dd41225da8762254eb4672c646", "15cb8f599ed80224fb24091933d68e206dc6e279a4d4512484d9dd31945bb950", "26fff24f78cb3386f0510a4f5b67ca8a194820e86bdaef18a8fb85166e84fa9f", "2f3eea82005405ecc358e98f3b07c77773ffe94b5ed3702e54d1ab5cdc6f89f0", "3c07b43aaef53c14bdbc10ae21740070319d05d9821ae4731c42042861c25536", "3cb4925d431eb2fae05d4ba1ce7b1fa68d99bb5987cd32e98a882e4cac95aa39", "42581bde3d6d22851443ccf2940a0408aacd9fc8eb3a592e62464f47dafe6576", "48d34fb1301914c623760787d9d98f64cd37a0adc639017a6bcec2d2726cc151", "5d2a6d8d3564069e724fa822949c1fdf454c6354e63d66817f21abf00b4ce62e", "6f79da35f423864eb34a942f5a907c18059708262682ce97fd45aa064bea0d76", "87cb6b69ed9a495c07d65a1b64b69023859d2dcf1615d052b53931e70683fa5e", "92a7adb7899dddca4a943dd4fa3ccc3f0de17a14f90decdf7fd73dd9c684f152", "e603b132e8700e7ac5bd875eaf1da1e9d106e191f0a463ba94f828db1849480b", "ede6b4693e61cd08e91a2abfd846b7162ce1f263f32e4ef4604de3c77f31303d", "f2040be43fbf67a7a66e9d530ad539a88e74e61b28db97fc9397b14f2e93c538"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\91b4e5.lnk"}, {"hashes": ["1300c962a03a4099017b5a5e2a3bed9a90a697dd41225da8762254eb4672c646", "15cb8f599ed80224fb24091933d68e206dc6e279a4d4512484d9dd31945bb950", "26fff24f78cb3386f0510a4f5b67ca8a194820e86bdaef18a8fb85166e84fa9f", "2f3eea82005405ecc358e98f3b07c77773ffe94b5ed3702e54d1ab5cdc6f89f0", "3c07b43aaef53c14bdbc10ae21740070319d05d9821ae4731c42042861c25536", "3cb4925d431eb2fae05d4ba1ce7b1fa68d99bb5987cd32e98a882e4cac95aa39", "42581bde3d6d22851443ccf2940a0408aacd9fc8eb3a592e62464f47dafe6576", "48d34fb1301914c623760787d9d98f64cd37a0adc639017a6bcec2d2726cc151", "5d2a6d8d3564069e724fa822949c1fdf454c6354e63d66817f21abf00b4ce62e", "6f79da35f423864eb34a942f5a907c18059708262682ce97fd45aa064bea0d76", "87cb6b69ed9a495c07d65a1b64b69023859d2dcf1615d052b53931e70683fa5e", "92a7adb7899dddca4a943dd4fa3ccc3f0de17a14f90decdf7fd73dd9c684f152", "e603b132e8700e7ac5bd875eaf1da1e9d106e191f0a463ba94f828db1849480b", "ede6b4693e61cd08e91a2abfd846b7162ce1f263f32e4ef4604de3c77f31303d", "f2040be43fbf67a7a66e9d530ad539a88e74e61b28db97fc9397b14f2e93c538"], "path": "%APPDATA%\\b08d66"}, {"hashes": ["1300c962a03a4099017b5a5e2a3bed9a90a697dd41225da8762254eb4672c646", "15cb8f599ed80224fb24091933d68e206dc6e279a4d4512484d9dd31945bb950", "26fff24f78cb3386f0510a4f5b67ca8a194820e86bdaef18a8fb85166e84fa9f", "2f3eea82005405ecc358e98f3b07c77773ffe94b5ed3702e54d1ab5cdc6f89f0", "3c07b43aaef53c14bdbc10ae21740070319d05d9821ae4731c42042861c25536", "3cb4925d431eb2fae05d4ba1ce7b1fa68d99bb5987cd32e98a882e4cac95aa39", "42581bde3d6d22851443ccf2940a0408aacd9fc8eb3a592e62464f47dafe6576", "48d34fb1301914c623760787d9d98f64cd37a0adc639017a6bcec2d2726cc151", "5d2a6d8d3564069e724fa822949c1fdf454c6354e63d66817f21abf00b4ce62e", "6f79da35f423864eb34a942f5a907c18059708262682ce97fd45aa064bea0d76", "87cb6b69ed9a495c07d65a1b64b69023859d2dcf1615d052b53931e70683fa5e", "92a7adb7899dddca4a943dd4fa3ccc3f0de17a14f90decdf7fd73dd9c684f152", "e603b132e8700e7ac5bd875eaf1da1e9d106e191f0a463ba94f828db1849480b", "ede6b4693e61cd08e91a2abfd846b7162ce1f263f32e4ef4604de3c77f31303d", "f2040be43fbf67a7a66e9d530ad539a88e74e61b28db97fc9397b14f2e93c538"], "path": "%APPDATA%\\b08d66\\0b3c0b.8ca9d79"}, {"hashes": ["1300c962a03a4099017b5a5e2a3bed9a90a697dd41225da8762254eb4672c646", "15cb8f599ed80224fb24091933d68e206dc6e279a4d4512484d9dd31945bb950", "26fff24f78cb3386f0510a4f5b67ca8a194820e86bdaef18a8fb85166e84fa9f", "2f3eea82005405ecc358e98f3b07c77773ffe94b5ed3702e54d1ab5cdc6f89f0", "3c07b43aaef53c14bdbc10ae21740070319d05d9821ae4731c42042861c25536", "3cb4925d431eb2fae05d4ba1ce7b1fa68d99bb5987cd32e98a882e4cac95aa39", "42581bde3d6d22851443ccf2940a0408aacd9fc8eb3a592e62464f47dafe6576", "48d34fb1301914c623760787d9d98f64cd37a0adc639017a6bcec2d2726cc151", "5d2a6d8d3564069e724fa822949c1fdf454c6354e63d66817f21abf00b4ce62e", "6f79da35f423864eb34a942f5a907c18059708262682ce97fd45aa064bea0d76", "87cb6b69ed9a495c07d65a1b64b69023859d2dcf1615d052b53931e70683fa5e", "92a7adb7899dddca4a943dd4fa3ccc3f0de17a14f90decdf7fd73dd9c684f152", "e603b132e8700e7ac5bd875eaf1da1e9d106e191f0a463ba94f828db1849480b", "ede6b4693e61cd08e91a2abfd846b7162ce1f263f32e4ef4604de3c77f31303d", "f2040be43fbf67a7a66e9d530ad539a88e74e61b28db97fc9397b14f2e93c538"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Octopus.vbs"}, {"hashes": ["1300c962a03a4099017b5a5e2a3bed9a90a697dd41225da8762254eb4672c646", "15cb8f599ed80224fb24091933d68e206dc6e279a4d4512484d9dd31945bb950", "26fff24f78cb3386f0510a4f5b67ca8a194820e86bdaef18a8fb85166e84fa9f", "2f3eea82005405ecc358e98f3b07c77773ffe94b5ed3702e54d1ab5cdc6f89f0", "3c07b43aaef53c14bdbc10ae21740070319d05d9821ae4731c42042861c25536", "3cb4925d431eb2fae05d4ba1ce7b1fa68d99bb5987cd32e98a882e4cac95aa39", "42581bde3d6d22851443ccf2940a0408aacd9fc8eb3a592e62464f47dafe6576", "48d34fb1301914c623760787d9d98f64cd37a0adc639017a6bcec2d2726cc151", "5d2a6d8d3564069e724fa822949c1fdf454c6354e63d66817f21abf00b4ce62e", "6f79da35f423864eb34a942f5a907c18059708262682ce97fd45aa064bea0d76", "87cb6b69ed9a495c07d65a1b64b69023859d2dcf1615d052b53931e70683fa5e", "92a7adb7899dddca4a943dd4fa3ccc3f0de17a14f90decdf7fd73dd9c684f152", "e603b132e8700e7ac5bd875eaf1da1e9d106e191f0a463ba94f828db1849480b", "ede6b4693e61cd08e91a2abfd846b7162ce1f263f32e4ef4604de3c77f31303d", "f2040be43fbf67a7a66e9d530ad539a88e74e61b28db97fc9397b14f2e93c538"], "path": "%TEMP%\\Octopus.txt"}, {"hashes": ["1300c962a03a4099017b5a5e2a3bed9a90a697dd41225da8762254eb4672c646", "15cb8f599ed80224fb24091933d68e206dc6e279a4d4512484d9dd31945bb950", "26fff24f78cb3386f0510a4f5b67ca8a194820e86bdaef18a8fb85166e84fa9f", "2f3eea82005405ecc358e98f3b07c77773ffe94b5ed3702e54d1ab5cdc6f89f0", "3c07b43aaef53c14bdbc10ae21740070319d05d9821ae4731c42042861c25536", "3cb4925d431eb2fae05d4ba1ce7b1fa68d99bb5987cd32e98a882e4cac95aa39", "42581bde3d6d22851443ccf2940a0408aacd9fc8eb3a592e62464f47dafe6576", "48d34fb1301914c623760787d9d98f64cd37a0adc639017a6bcec2d2726cc151", "5d2a6d8d3564069e724fa822949c1fdf454c6354e63d66817f21abf00b4ce62e", "6f79da35f423864eb34a942f5a907c18059708262682ce97fd45aa064bea0d76", "87cb6b69ed9a495c07d65a1b64b69023859d2dcf1615d052b53931e70683fa5e", "92a7adb7899dddca4a943dd4fa3ccc3f0de17a14f90decdf7fd73dd9c684f152", "e603b132e8700e7ac5bd875eaf1da1e9d106e191f0a463ba94f828db1849480b", "ede6b4693e61cd08e91a2abfd846b7162ce1f263f32e4ef4604de3c77f31303d", "f2040be43fbf67a7a66e9d530ad539a88e74e61b28db97fc9397b14f2e93c538"], "path": "%TEMP%\\Octopus.vbs"}, {"hashes": ["1300c962a03a4099017b5a5e2a3bed9a90a697dd41225da8762254eb4672c646", "15cb8f599ed80224fb24091933d68e206dc6e279a4d4512484d9dd31945bb950", "26fff24f78cb3386f0510a4f5b67ca8a194820e86bdaef18a8fb85166e84fa9f", "2f3eea82005405ecc358e98f3b07c77773ffe94b5ed3702e54d1ab5cdc6f89f0", "3c07b43aaef53c14bdbc10ae21740070319d05d9821ae4731c42042861c25536", "3cb4925d431eb2fae05d4ba1ce7b1fa68d99bb5987cd32e98a882e4cac95aa39", "42581bde3d6d22851443ccf2940a0408aacd9fc8eb3a592e62464f47dafe6576", "48d34fb1301914c623760787d9d98f64cd37a0adc639017a6bcec2d2726cc151", "5d2a6d8d3564069e724fa822949c1fdf454c6354e63d66817f21abf00b4ce62e", "6f79da35f423864eb34a942f5a907c18059708262682ce97fd45aa064bea0d76", "87cb6b69ed9a495c07d65a1b64b69023859d2dcf1615d052b53931e70683fa5e", "92a7adb7899dddca4a943dd4fa3ccc3f0de17a14f90decdf7fd73dd9c684f152", "e603b132e8700e7ac5bd875eaf1da1e9d106e191f0a463ba94f828db1849480b", "ede6b4693e61cd08e91a2abfd846b7162ce1f263f32e4ef4604de3c77f31303d", "f2040be43fbf67a7a66e9d530ad539a88e74e61b28db97fc9397b14f2e93c538"], "path": "%TEMP%\\cpy.vbs"}, {"hashes": ["1300c962a03a4099017b5a5e2a3bed9a90a697dd41225da8762254eb4672c646", "15cb8f599ed80224fb24091933d68e206dc6e279a4d4512484d9dd31945bb950", "2f3eea82005405ecc358e98f3b07c77773ffe94b5ed3702e54d1ab5cdc6f89f0", "3c07b43aaef53c14bdbc10ae21740070319d05d9821ae4731c42042861c25536", "3cb4925d431eb2fae05d4ba1ce7b1fa68d99bb5987cd32e98a882e4cac95aa39", "5d2a6d8d3564069e724fa822949c1fdf454c6354e63d66817f21abf00b4ce62e", "6f79da35f423864eb34a942f5a907c18059708262682ce97fd45aa064bea0d76", "87cb6b69ed9a495c07d65a1b64b69023859d2dcf1615d052b53931e70683fa5e", "92a7adb7899dddca4a943dd4fa3ccc3f0de17a14f90decdf7fd73dd9c684f152", "e603b132e8700e7ac5bd875eaf1da1e9d106e191f0a463ba94f828db1849480b"], "path": "%LOCALAPPDATA%\\4c1c13\\2059f9.bat"}, {"hashes": ["1300c962a03a4099017b5a5e2a3bed9a90a697dd41225da8762254eb4672c646", "15cb8f599ed80224fb24091933d68e206dc6e279a4d4512484d9dd31945bb950", "2f3eea82005405ecc358e98f3b07c77773ffe94b5ed3702e54d1ab5cdc6f89f0", "3c07b43aaef53c14bdbc10ae21740070319d05d9821ae4731c42042861c25536", "3cb4925d431eb2fae05d4ba1ce7b1fa68d99bb5987cd32e98a882e4cac95aa39", "5d2a6d8d3564069e724fa822949c1fdf454c6354e63d66817f21abf00b4ce62e", "6f79da35f423864eb34a942f5a907c18059708262682ce97fd45aa064bea0d76", "87cb6b69ed9a495c07d65a1b64b69023859d2dcf1615d052b53931e70683fa5e", "92a7adb7899dddca4a943dd4fa3ccc3f0de17a14f90decdf7fd73dd9c684f152", "e603b132e8700e7ac5bd875eaf1da1e9d106e191f0a463ba94f828db1849480b"], "path": "%LOCALAPPDATA%\\4c1c13\\648826.59ebfae"}, {"hashes": ["1300c962a03a4099017b5a5e2a3bed9a90a697dd41225da8762254eb4672c646", "15cb8f599ed80224fb24091933d68e206dc6e279a4d4512484d9dd31945bb950", "2f3eea82005405ecc358e98f3b07c77773ffe94b5ed3702e54d1ab5cdc6f89f0", "3c07b43aaef53c14bdbc10ae21740070319d05d9821ae4731c42042861c25536", "3cb4925d431eb2fae05d4ba1ce7b1fa68d99bb5987cd32e98a882e4cac95aa39", "5d2a6d8d3564069e724fa822949c1fdf454c6354e63d66817f21abf00b4ce62e", "6f79da35f423864eb34a942f5a907c18059708262682ce97fd45aa064bea0d76", "87cb6b69ed9a495c07d65a1b64b69023859d2dcf1615d052b53931e70683fa5e", "92a7adb7899dddca4a943dd4fa3ccc3f0de17a14f90decdf7fd73dd9c684f152", "e603b132e8700e7ac5bd875eaf1da1e9d106e191f0a463ba94f828db1849480b"], "path": "%LOCALAPPDATA%\\4c1c13\\81905c.lnk"}, {"hashes": ["1300c962a03a4099017b5a5e2a3bed9a90a697dd41225da8762254eb4672c646", "15cb8f599ed80224fb24091933d68e206dc6e279a4d4512484d9dd31945bb950", "2f3eea82005405ecc358e98f3b07c77773ffe94b5ed3702e54d1ab5cdc6f89f0", "3c07b43aaef53c14bdbc10ae21740070319d05d9821ae4731c42042861c25536", "3cb4925d431eb2fae05d4ba1ce7b1fa68d99bb5987cd32e98a882e4cac95aa39", "5d2a6d8d3564069e724fa822949c1fdf454c6354e63d66817f21abf00b4ce62e", "6f79da35f423864eb34a942f5a907c18059708262682ce97fd45aa064bea0d76", "87cb6b69ed9a495c07d65a1b64b69023859d2dcf1615d052b53931e70683fa5e", "92a7adb7899dddca4a943dd4fa3ccc3f0de17a14f90decdf7fd73dd9c684f152", "e603b132e8700e7ac5bd875eaf1da1e9d106e191f0a463ba94f828db1849480b"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\f1cd71.lnk"}, {"hashes": ["1300c962a03a4099017b5a5e2a3bed9a90a697dd41225da8762254eb4672c646", "15cb8f599ed80224fb24091933d68e206dc6e279a4d4512484d9dd31945bb950", "2f3eea82005405ecc358e98f3b07c77773ffe94b5ed3702e54d1ab5cdc6f89f0", "3c07b43aaef53c14bdbc10ae21740070319d05d9821ae4731c42042861c25536", "3cb4925d431eb2fae05d4ba1ce7b1fa68d99bb5987cd32e98a882e4cac95aa39", "5d2a6d8d3564069e724fa822949c1fdf454c6354e63d66817f21abf00b4ce62e", "6f79da35f423864eb34a942f5a907c18059708262682ce97fd45aa064bea0d76", "87cb6b69ed9a495c07d65a1b64b69023859d2dcf1615d052b53931e70683fa5e", "92a7adb7899dddca4a943dd4fa3ccc3f0de17a14f90decdf7fd73dd9c684f152", "e603b132e8700e7ac5bd875eaf1da1e9d106e191f0a463ba94f828db1849480b"], "path": "%APPDATA%\\ebbbd3\\2feee3.59ebfae"}, {"hashes": ["f2040be43fbf67a7a66e9d530ad539a88e74e61b28db97fc9397b14f2e93c538"], "path": "%APPDATA%\\cbb9ec\\ef9b33.319aa3d"}, {"hashes": ["f2040be43fbf67a7a66e9d530ad539a88e74e61b28db97fc9397b14f2e93c538"], "path": "%HOMEPATH%\\Local Settings\\Application Data\\b19ed2\\5b5a11.319aa3d"}, {"hashes": ["f2040be43fbf67a7a66e9d530ad539a88e74e61b28db97fc9397b14f2e93c538"], "path": "%HOMEPATH%\\Local Settings\\Application Data\\b19ed2\\a92069.lnk"}, {"hashes": ["f2040be43fbf67a7a66e9d530ad539a88e74e61b28db97fc9397b14f2e93c538"], "path": "%HOMEPATH%\\Local Settings\\Application Data\\b19ed2\\d9da95.bat"}, {"hashes": ["f2040be43fbf67a7a66e9d530ad539a88e74e61b28db97fc9397b14f2e93c538"], "path": "%HOMEPATH%\\Start Menu\\Programs\\Startup\\c6acd6.lnk"}, {"hashes": ["f2040be43fbf67a7a66e9d530ad539a88e74e61b28db97fc9397b14f2e93c538"], "path": "%HOMEPATH%\\Start Menu\\Programs\\Startup\\Octopus.vbs"}], "ip": [{"hashes": ["ede6b4693e61cd08e91a2abfd846b7162ce1f263f32e4ef4604de3c77f31303d"], "ip": "16[.]6[.]63[.]101"}, {"hashes": ["ede6b4693e61cd08e91a2abfd846b7162ce1f263f32e4ef4604de3c77f31303d"], "ip": "21[.]250[.]19[.]72"}, {"hashes": ["ede6b4693e61cd08e91a2abfd846b7162ce1f263f32e4ef4604de3c77f31303d"], "ip": "48[.]158[.]253[.]61"}, {"hashes": ["ede6b4693e61cd08e91a2abfd846b7162ce1f263f32e4ef4604de3c77f31303d"], "ip": "126[.]200[.]101[.]202"}, {"hashes": ["ede6b4693e61cd08e91a2abfd846b7162ce1f263f32e4ef4604de3c77f31303d"], "ip": "210[.]16[.]163[.]148"}, {"hashes": ["ede6b4693e61cd08e91a2abfd846b7162ce1f263f32e4ef4604de3c77f31303d"], "ip": "54[.]89[.]52[.]195"}, {"hashes": ["ede6b4693e61cd08e91a2abfd846b7162ce1f263f32e4ef4604de3c77f31303d"], "ip": "15[.]20[.]52[.]109"}, {"hashes": ["ede6b4693e61cd08e91a2abfd846b7162ce1f263f32e4ef4604de3c77f31303d"], "ip": "90[.]32[.]49[.]185"}, {"hashes": ["ede6b4693e61cd08e91a2abfd846b7162ce1f263f32e4ef4604de3c77f31303d"], "ip": "204[.]11[.]235[.]84"}, {"hashes": ["ede6b4693e61cd08e91a2abfd846b7162ce1f263f32e4ef4604de3c77f31303d"], "ip": "100[.]57[.]150[.]19"}, {"hashes": ["ede6b4693e61cd08e91a2abfd846b7162ce1f263f32e4ef4604de3c77f31303d"], "ip": "150[.]89[.]130[.]64"}, {"hashes": ["ede6b4693e61cd08e91a2abfd846b7162ce1f263f32e4ef4604de3c77f31303d"], "ip": "34[.]99[.]159[.]215"}, {"hashes": ["ede6b4693e61cd08e91a2abfd846b7162ce1f263f32e4ef4604de3c77f31303d"], "ip": "138[.]223[.]39[.]20"}, {"hashes": ["ede6b4693e61cd08e91a2abfd846b7162ce1f263f32e4ef4604de3c77f31303d"], "ip": "115[.]151[.]147[.]12"}, {"hashes": ["ede6b4693e61cd08e91a2abfd846b7162ce1f263f32e4ef4604de3c77f31303d"], "ip": "5[.]132[.]76[.]153"}, {"hashes": ["ede6b4693e61cd08e91a2abfd846b7162ce1f263f32e4ef4604de3c77f31303d"], "ip": "99[.]84[.]157[.]119"}, {"hashes": ["ede6b4693e61cd08e91a2abfd846b7162ce1f263f32e4ef4604de3c77f31303d"], "ip": "50[.]214[.]65[.]50"}, {"hashes": ["ede6b4693e61cd08e91a2abfd846b7162ce1f263f32e4ef4604de3c77f31303d"], "ip": "81[.]231[.]205[.]81"}, {"hashes": ["ede6b4693e61cd08e91a2abfd846b7162ce1f263f32e4ef4604de3c77f31303d"], "ip": "216[.]191[.]54[.]122"}, {"hashes": ["ede6b4693e61cd08e91a2abfd846b7162ce1f263f32e4ef4604de3c77f31303d"], "ip": "157[.]168[.]106[.]53"}, {"hashes": ["ede6b4693e61cd08e91a2abfd846b7162ce1f263f32e4ef4604de3c77f31303d"], "ip": "73[.]167[.]154[.]220"}, {"hashes": ["ede6b4693e61cd08e91a2abfd846b7162ce1f263f32e4ef4604de3c77f31303d"], "ip": "216[.]206[.]166[.]7"}, {"hashes": ["ede6b4693e61cd08e91a2abfd846b7162ce1f263f32e4ef4604de3c77f31303d"], "ip": "37[.]35[.]132[.]115"}, {"hashes": ["ede6b4693e61cd08e91a2abfd846b7162ce1f263f32e4ef4604de3c77f31303d"], "ip": "2[.]221[.]237[.]157"}, {"hashes": ["ede6b4693e61cd08e91a2abfd846b7162ce1f263f32e4ef4604de3c77f31303d"], "ip": "204[.]102[.]233[.]139"}, {"hashes": ["ede6b4693e61cd08e91a2abfd846b7162ce1f263f32e4ef4604de3c77f31303d"], "ip": "149[.]29[.]155[.]81"}, {"hashes": ["ede6b4693e61cd08e91a2abfd846b7162ce1f263f32e4ef4604de3c77f31303d"], "ip": "191[.]12[.]184[.]218"}, {"hashes": ["ede6b4693e61cd08e91a2abfd846b7162ce1f263f32e4ef4604de3c77f31303d"], "ip": "116[.]224[.]219[.]236"}, {"hashes": ["ede6b4693e61cd08e91a2abfd846b7162ce1f263f32e4ef4604de3c77f31303d"], "ip": "26[.]114[.]41[.]155"}, {"hashes": ["ede6b4693e61cd08e91a2abfd846b7162ce1f263f32e4ef4604de3c77f31303d"], "ip": "67[.]220[.]20[.]212"}, {"hashes": ["ede6b4693e61cd08e91a2abfd846b7162ce1f263f32e4ef4604de3c77f31303d"], "ip": "147[.]55[.]20[.]182"}, {"hashes": ["ede6b4693e61cd08e91a2abfd846b7162ce1f263f32e4ef4604de3c77f31303d"], "ip": "176[.]19[.]129[.]160"}, {"hashes": ["ede6b4693e61cd08e91a2abfd846b7162ce1f263f32e4ef4604de3c77f31303d"], "ip": "176[.]116[.]74[.]227"}, {"hashes": ["ede6b4693e61cd08e91a2abfd846b7162ce1f263f32e4ef4604de3c77f31303d"], "ip": "70[.]75[.]13[.]205"}, {"hashes": ["ede6b4693e61cd08e91a2abfd846b7162ce1f263f32e4ef4604de3c77f31303d"], "ip": "46[.]90[.]76[.]205"}, {"hashes": ["ede6b4693e61cd08e91a2abfd846b7162ce1f263f32e4ef4604de3c77f31303d"], "ip": "45[.]82[.]19[.]99"}, {"hashes": ["ede6b4693e61cd08e91a2abfd846b7162ce1f263f32e4ef4604de3c77f31303d"], "ip": "29[.]224[.]152[.]230"}, {"hashes": ["ede6b4693e61cd08e91a2abfd846b7162ce1f263f32e4ef4604de3c77f31303d"], "ip": "171[.]167[.]132[.]188"}, {"hashes": ["ede6b4693e61cd08e91a2abfd846b7162ce1f263f32e4ef4604de3c77f31303d"], "ip": "148[.]151[.]22[.]97"}, {"hashes": ["ede6b4693e61cd08e91a2abfd846b7162ce1f263f32e4ef4604de3c77f31303d"], "ip": "195[.]168[.]96[.]153"}, {"hashes": ["ede6b4693e61cd08e91a2abfd846b7162ce1f263f32e4ef4604de3c77f31303d"], "ip": "72[.]185[.]255[.]43"}, {"hashes": ["ede6b4693e61cd08e91a2abfd846b7162ce1f263f32e4ef4604de3c77f31303d"], "ip": "26[.]227[.]245[.]124"}, {"hashes": ["ede6b4693e61cd08e91a2abfd846b7162ce1f263f32e4ef4604de3c77f31303d"], "ip": "75[.]188[.]29[.]166"}, {"hashes": ["ede6b4693e61cd08e91a2abfd846b7162ce1f263f32e4ef4604de3c77f31303d"], "ip": "164[.]180[.]25[.]141"}, {"hashes": ["ede6b4693e61cd08e91a2abfd846b7162ce1f263f32e4ef4604de3c77f31303d"], "ip": "97[.]238[.]200[.]60"}, {"hashes": ["ede6b4693e61cd08e91a2abfd846b7162ce1f263f32e4ef4604de3c77f31303d"], "ip": "86[.]162[.]28[.]155"}, {"hashes": ["ede6b4693e61cd08e91a2abfd846b7162ce1f263f32e4ef4604de3c77f31303d"], "ip": "157[.]195[.]235[.]31"}, {"hashes": ["ede6b4693e61cd08e91a2abfd846b7162ce1f263f32e4ef4604de3c77f31303d"], "ip": "150[.]204[.]69[.]27"}, {"hashes": ["ede6b4693e61cd08e91a2abfd846b7162ce1f263f32e4ef4604de3c77f31303d"], "ip": "209[.]50[.]203[.]129"}, {"hashes": ["ede6b4693e61cd08e91a2abfd846b7162ce1f263f32e4ef4604de3c77f31303d"], "ip": "45[.]101[.]114[.]122"}], "mutex": [{"hashes": ["1300c962a03a4099017b5a5e2a3bed9a90a697dd41225da8762254eb4672c646", "15cb8f599ed80224fb24091933d68e206dc6e279a4d4512484d9dd31945bb950", "26fff24f78cb3386f0510a4f5b67ca8a194820e86bdaef18a8fb85166e84fa9f", "2f3eea82005405ecc358e98f3b07c77773ffe94b5ed3702e54d1ab5cdc6f89f0", "3c07b43aaef53c14bdbc10ae21740070319d05d9821ae4731c42042861c25536", "3cb4925d431eb2fae05d4ba1ce7b1fa68d99bb5987cd32e98a882e4cac95aa39", "42581bde3d6d22851443ccf2940a0408aacd9fc8eb3a592e62464f47dafe6576", "48d34fb1301914c623760787d9d98f64cd37a0adc639017a6bcec2d2726cc151", "5d2a6d8d3564069e724fa822949c1fdf454c6354e63d66817f21abf00b4ce62e", "6f79da35f423864eb34a942f5a907c18059708262682ce97fd45aa064bea0d76", "87cb6b69ed9a495c07d65a1b64b69023859d2dcf1615d052b53931e70683fa5e", "92a7adb7899dddca4a943dd4fa3ccc3f0de17a14f90decdf7fd73dd9c684f152", "e603b132e8700e7ac5bd875eaf1da1e9d106e191f0a463ba94f828db1849480b", "ede6b4693e61cd08e91a2abfd846b7162ce1f263f32e4ef4604de3c77f31303d", "f2040be43fbf67a7a66e9d530ad539a88e74e61b28db97fc9397b14f2e93c538"], "name": "EA4EC370D1E573DA"}, {"hashes": ["1300c962a03a4099017b5a5e2a3bed9a90a697dd41225da8762254eb4672c646", "15cb8f599ed80224fb24091933d68e206dc6e279a4d4512484d9dd31945bb950", "26fff24f78cb3386f0510a4f5b67ca8a194820e86bdaef18a8fb85166e84fa9f", "2f3eea82005405ecc358e98f3b07c77773ffe94b5ed3702e54d1ab5cdc6f89f0", "3c07b43aaef53c14bdbc10ae21740070319d05d9821ae4731c42042861c25536", "3cb4925d431eb2fae05d4ba1ce7b1fa68d99bb5987cd32e98a882e4cac95aa39", "42581bde3d6d22851443ccf2940a0408aacd9fc8eb3a592e62464f47dafe6576", "48d34fb1301914c623760787d9d98f64cd37a0adc639017a6bcec2d2726cc151", "5d2a6d8d3564069e724fa822949c1fdf454c6354e63d66817f21abf00b4ce62e", "6f79da35f423864eb34a942f5a907c18059708262682ce97fd45aa064bea0d76", "87cb6b69ed9a495c07d65a1b64b69023859d2dcf1615d052b53931e70683fa5e", "92a7adb7899dddca4a943dd4fa3ccc3f0de17a14f90decdf7fd73dd9c684f152", "e603b132e8700e7ac5bd875eaf1da1e9d106e191f0a463ba94f828db1849480b", "ede6b4693e61cd08e91a2abfd846b7162ce1f263f32e4ef4604de3c77f31303d", "f2040be43fbf67a7a66e9d530ad539a88e74e61b28db97fc9397b14f2e93c538"], "name": "A83BAA13F950654C"}, {"hashes": ["1300c962a03a4099017b5a5e2a3bed9a90a697dd41225da8762254eb4672c646", "15cb8f599ed80224fb24091933d68e206dc6e279a4d4512484d9dd31945bb950", "26fff24f78cb3386f0510a4f5b67ca8a194820e86bdaef18a8fb85166e84fa9f", "2f3eea82005405ecc358e98f3b07c77773ffe94b5ed3702e54d1ab5cdc6f89f0", "3c07b43aaef53c14bdbc10ae21740070319d05d9821ae4731c42042861c25536", "3cb4925d431eb2fae05d4ba1ce7b1fa68d99bb5987cd32e98a882e4cac95aa39", "42581bde3d6d22851443ccf2940a0408aacd9fc8eb3a592e62464f47dafe6576", "48d34fb1301914c623760787d9d98f64cd37a0adc639017a6bcec2d2726cc151", "5d2a6d8d3564069e724fa822949c1fdf454c6354e63d66817f21abf00b4ce62e", "6f79da35f423864eb34a942f5a907c18059708262682ce97fd45aa064bea0d76", "87cb6b69ed9a495c07d65a1b64b69023859d2dcf1615d052b53931e70683fa5e", "92a7adb7899dddca4a943dd4fa3ccc3f0de17a14f90decdf7fd73dd9c684f152", "e603b132e8700e7ac5bd875eaf1da1e9d106e191f0a463ba94f828db1849480b", "ede6b4693e61cd08e91a2abfd846b7162ce1f263f32e4ef4604de3c77f31303d", "f2040be43fbf67a7a66e9d530ad539a88e74e61b28db97fc9397b14f2e93c538"], "name": "Global\\7A7146875A8CDE1E"}, {"hashes": ["1300c962a03a4099017b5a5e2a3bed9a90a697dd41225da8762254eb4672c646", "15cb8f599ed80224fb24091933d68e206dc6e279a4d4512484d9dd31945bb950", "26fff24f78cb3386f0510a4f5b67ca8a194820e86bdaef18a8fb85166e84fa9f", "2f3eea82005405ecc358e98f3b07c77773ffe94b5ed3702e54d1ab5cdc6f89f0", "3c07b43aaef53c14bdbc10ae21740070319d05d9821ae4731c42042861c25536", "3cb4925d431eb2fae05d4ba1ce7b1fa68d99bb5987cd32e98a882e4cac95aa39", "42581bde3d6d22851443ccf2940a0408aacd9fc8eb3a592e62464f47dafe6576", "48d34fb1301914c623760787d9d98f64cd37a0adc639017a6bcec2d2726cc151", "5d2a6d8d3564069e724fa822949c1fdf454c6354e63d66817f21abf00b4ce62e", "6f79da35f423864eb34a942f5a907c18059708262682ce97fd45aa064bea0d76", "87cb6b69ed9a495c07d65a1b64b69023859d2dcf1615d052b53931e70683fa5e", "92a7adb7899dddca4a943dd4fa3ccc3f0de17a14f90decdf7fd73dd9c684f152", "e603b132e8700e7ac5bd875eaf1da1e9d106e191f0a463ba94f828db1849480b", "ede6b4693e61cd08e91a2abfd846b7162ce1f263f32e4ef4604de3c77f31303d", "f2040be43fbf67a7a66e9d530ad539a88e74e61b28db97fc9397b14f2e93c538"], "name": "B3E8F6F86CDD9D8B"}, {"hashes": ["1300c962a03a4099017b5a5e2a3bed9a90a697dd41225da8762254eb4672c646", "15cb8f599ed80224fb24091933d68e206dc6e279a4d4512484d9dd31945bb950", "26fff24f78cb3386f0510a4f5b67ca8a194820e86bdaef18a8fb85166e84fa9f", "2f3eea82005405ecc358e98f3b07c77773ffe94b5ed3702e54d1ab5cdc6f89f0", "3c07b43aaef53c14bdbc10ae21740070319d05d9821ae4731c42042861c25536", "3cb4925d431eb2fae05d4ba1ce7b1fa68d99bb5987cd32e98a882e4cac95aa39", "42581bde3d6d22851443ccf2940a0408aacd9fc8eb3a592e62464f47dafe6576", "48d34fb1301914c623760787d9d98f64cd37a0adc639017a6bcec2d2726cc151", "5d2a6d8d3564069e724fa822949c1fdf454c6354e63d66817f21abf00b4ce62e", "6f79da35f423864eb34a942f5a907c18059708262682ce97fd45aa064bea0d76", "87cb6b69ed9a495c07d65a1b64b69023859d2dcf1615d052b53931e70683fa5e", "92a7adb7899dddca4a943dd4fa3ccc3f0de17a14f90decdf7fd73dd9c684f152", "e603b132e8700e7ac5bd875eaf1da1e9d106e191f0a463ba94f828db1849480b", "ede6b4693e61cd08e91a2abfd846b7162ce1f263f32e4ef4604de3c77f31303d", "f2040be43fbf67a7a66e9d530ad539a88e74e61b28db97fc9397b14f2e93c538"], "name": "OByZwKVrV"}, {"hashes": ["1300c962a03a4099017b5a5e2a3bed9a90a697dd41225da8762254eb4672c646", "15cb8f599ed80224fb24091933d68e206dc6e279a4d4512484d9dd31945bb950", "26fff24f78cb3386f0510a4f5b67ca8a194820e86bdaef18a8fb85166e84fa9f", "2f3eea82005405ecc358e98f3b07c77773ffe94b5ed3702e54d1ab5cdc6f89f0", "3c07b43aaef53c14bdbc10ae21740070319d05d9821ae4731c42042861c25536", "3cb4925d431eb2fae05d4ba1ce7b1fa68d99bb5987cd32e98a882e4cac95aa39", "42581bde3d6d22851443ccf2940a0408aacd9fc8eb3a592e62464f47dafe6576", "48d34fb1301914c623760787d9d98f64cd37a0adc639017a6bcec2d2726cc151", "5d2a6d8d3564069e724fa822949c1fdf454c6354e63d66817f21abf00b4ce62e", "6f79da35f423864eb34a942f5a907c18059708262682ce97fd45aa064bea0d76", "87cb6b69ed9a495c07d65a1b64b69023859d2dcf1615d052b53931e70683fa5e", "92a7adb7899dddca4a943dd4fa3ccc3f0de17a14f90decdf7fd73dd9c684f152", "e603b132e8700e7ac5bd875eaf1da1e9d106e191f0a463ba94f828db1849480b", "ede6b4693e61cd08e91a2abfd846b7162ce1f263f32e4ef4604de3c77f31303d", "f2040be43fbf67a7a66e9d530ad539a88e74e61b28db97fc9397b14f2e93c538"], "name": "iPJAqez"}, {"hashes": ["1300c962a03a4099017b5a5e2a3bed9a90a697dd41225da8762254eb4672c646", "15cb8f599ed80224fb24091933d68e206dc6e279a4d4512484d9dd31945bb950", "26fff24f78cb3386f0510a4f5b67ca8a194820e86bdaef18a8fb85166e84fa9f", "2f3eea82005405ecc358e98f3b07c77773ffe94b5ed3702e54d1ab5cdc6f89f0", "3c07b43aaef53c14bdbc10ae21740070319d05d9821ae4731c42042861c25536", "3cb4925d431eb2fae05d4ba1ce7b1fa68d99bb5987cd32e98a882e4cac95aa39", "42581bde3d6d22851443ccf2940a0408aacd9fc8eb3a592e62464f47dafe6576", "48d34fb1301914c623760787d9d98f64cd37a0adc639017a6bcec2d2726cc151", "5d2a6d8d3564069e724fa822949c1fdf454c6354e63d66817f21abf00b4ce62e", "6f79da35f423864eb34a942f5a907c18059708262682ce97fd45aa064bea0d76", "87cb6b69ed9a495c07d65a1b64b69023859d2dcf1615d052b53931e70683fa5e", "92a7adb7899dddca4a943dd4fa3ccc3f0de17a14f90decdf7fd73dd9c684f152", "e603b132e8700e7ac5bd875eaf1da1e9d106e191f0a463ba94f828db1849480b", "ede6b4693e61cd08e91a2abfd846b7162ce1f263f32e4ef4604de3c77f31303d", "f2040be43fbf67a7a66e9d530ad539a88e74e61b28db97fc9397b14f2e93c538"], "name": "rrZgrgj"}, {"hashes": ["1300c962a03a4099017b5a5e2a3bed9a90a697dd41225da8762254eb4672c646", "15cb8f599ed80224fb24091933d68e206dc6e279a4d4512484d9dd31945bb950", "2f3eea82005405ecc358e98f3b07c77773ffe94b5ed3702e54d1ab5cdc6f89f0", "3c07b43aaef53c14bdbc10ae21740070319d05d9821ae4731c42042861c25536", "3cb4925d431eb2fae05d4ba1ce7b1fa68d99bb5987cd32e98a882e4cac95aa39", "5d2a6d8d3564069e724fa822949c1fdf454c6354e63d66817f21abf00b4ce62e", "6f79da35f423864eb34a942f5a907c18059708262682ce97fd45aa064bea0d76", "87cb6b69ed9a495c07d65a1b64b69023859d2dcf1615d052b53931e70683fa5e", "92a7adb7899dddca4a943dd4fa3ccc3f0de17a14f90decdf7fd73dd9c684f152", "e603b132e8700e7ac5bd875eaf1da1e9d106e191f0a463ba94f828db1849480b"], "name": "563CCFFF6B36C3AB"}, {"hashes": ["1300c962a03a4099017b5a5e2a3bed9a90a697dd41225da8762254eb4672c646", "15cb8f599ed80224fb24091933d68e206dc6e279a4d4512484d9dd31945bb950", "2f3eea82005405ecc358e98f3b07c77773ffe94b5ed3702e54d1ab5cdc6f89f0", "3c07b43aaef53c14bdbc10ae21740070319d05d9821ae4731c42042861c25536", "3cb4925d431eb2fae05d4ba1ce7b1fa68d99bb5987cd32e98a882e4cac95aa39", "5d2a6d8d3564069e724fa822949c1fdf454c6354e63d66817f21abf00b4ce62e", "6f79da35f423864eb34a942f5a907c18059708262682ce97fd45aa064bea0d76", "87cb6b69ed9a495c07d65a1b64b69023859d2dcf1615d052b53931e70683fa5e", "92a7adb7899dddca4a943dd4fa3ccc3f0de17a14f90decdf7fd73dd9c684f152", "e603b132e8700e7ac5bd875eaf1da1e9d106e191f0a463ba94f828db1849480b"], "name": "2070A5364843D9D3"}, {"hashes": ["1300c962a03a4099017b5a5e2a3bed9a90a697dd41225da8762254eb4672c646", "15cb8f599ed80224fb24091933d68e206dc6e279a4d4512484d9dd31945bb950", "2f3eea82005405ecc358e98f3b07c77773ffe94b5ed3702e54d1ab5cdc6f89f0", "3c07b43aaef53c14bdbc10ae21740070319d05d9821ae4731c42042861c25536", "3cb4925d431eb2fae05d4ba1ce7b1fa68d99bb5987cd32e98a882e4cac95aa39", "5d2a6d8d3564069e724fa822949c1fdf454c6354e63d66817f21abf00b4ce62e", "6f79da35f423864eb34a942f5a907c18059708262682ce97fd45aa064bea0d76", "87cb6b69ed9a495c07d65a1b64b69023859d2dcf1615d052b53931e70683fa5e", "92a7adb7899dddca4a943dd4fa3ccc3f0de17a14f90decdf7fd73dd9c684f152", "e603b132e8700e7ac5bd875eaf1da1e9d106e191f0a463ba94f828db1849480b"], "name": "Global\\B2A01B9EB1B404AD"}, {"hashes": ["f2040be43fbf67a7a66e9d530ad539a88e74e61b28db97fc9397b14f2e93c538"], "name": "Global\\9F84EBC0DC30D3FA"}, {"hashes": ["f2040be43fbf67a7a66e9d530ad539a88e74e61b28db97fc9397b14f2e93c538"], "name": "CF2F399CCFD46369"}, {"hashes": ["f2040be43fbf67a7a66e9d530ad539a88e74e61b28db97fc9397b14f2e93c538"], "name": "8450CD062CD6D8BB"}], "registry": [{"hashes": ["1300c962a03a4099017b5a5e2a3bed9a90a697dd41225da8762254eb4672c646", "15cb8f599ed80224fb24091933d68e206dc6e279a4d4512484d9dd31945bb950", "26fff24f78cb3386f0510a4f5b67ca8a194820e86bdaef18a8fb85166e84fa9f", "2f3eea82005405ecc358e98f3b07c77773ffe94b5ed3702e54d1ab5cdc6f89f0", "3c07b43aaef53c14bdbc10ae21740070319d05d9821ae4731c42042861c25536", "3cb4925d431eb2fae05d4ba1ce7b1fa68d99bb5987cd32e98a882e4cac95aa39", "42581bde3d6d22851443ccf2940a0408aacd9fc8eb3a592e62464f47dafe6576", "48d34fb1301914c623760787d9d98f64cd37a0adc639017a6bcec2d2726cc151", "5d2a6d8d3564069e724fa822949c1fdf454c6354e63d66817f21abf00b4ce62e", "6f79da35f423864eb34a942f5a907c18059708262682ce97fd45aa064bea0d76", "87cb6b69ed9a495c07d65a1b64b69023859d2dcf1615d052b53931e70683fa5e", "92a7adb7899dddca4a943dd4fa3ccc3f0de17a14f90decdf7fd73dd9c684f152", "e603b132e8700e7ac5bd875eaf1da1e9d106e191f0a463ba94f828db1849480b", "ede6b4693e61cd08e91a2abfd846b7162ce1f263f32e4ef4604de3c77f31303d", "f2040be43fbf67a7a66e9d530ad539a88e74e61b28db97fc9397b14f2e93c538"], "key": "<HKLM>\\SOFTWARE\\POLICIES\\MICROSOFT\\WINDOWS\\WINDOWSUPDATE", "value_name": "DisableOSUpgrade"}, {"hashes": ["1300c962a03a4099017b5a5e2a3bed9a90a697dd41225da8762254eb4672c646", "15cb8f599ed80224fb24091933d68e206dc6e279a4d4512484d9dd31945bb950", "26fff24f78cb3386f0510a4f5b67ca8a194820e86bdaef18a8fb85166e84fa9f", "2f3eea82005405ecc358e98f3b07c77773ffe94b5ed3702e54d1ab5cdc6f89f0", "3c07b43aaef53c14bdbc10ae21740070319d05d9821ae4731c42042861c25536", "3cb4925d431eb2fae05d4ba1ce7b1fa68d99bb5987cd32e98a882e4cac95aa39", "42581bde3d6d22851443ccf2940a0408aacd9fc8eb3a592e62464f47dafe6576", "48d34fb1301914c623760787d9d98f64cd37a0adc639017a6bcec2d2726cc151", "5d2a6d8d3564069e724fa822949c1fdf454c6354e63d66817f21abf00b4ce62e", "6f79da35f423864eb34a942f5a907c18059708262682ce97fd45aa064bea0d76", "87cb6b69ed9a495c07d65a1b64b69023859d2dcf1615d052b53931e70683fa5e", "92a7adb7899dddca4a943dd4fa3ccc3f0de17a14f90decdf7fd73dd9c684f152", "e603b132e8700e7ac5bd875eaf1da1e9d106e191f0a463ba94f828db1849480b", "ede6b4693e61cd08e91a2abfd846b7162ce1f263f32e4ef4604de3c77f31303d", "f2040be43fbf67a7a66e9d530ad539a88e74e61b28db97fc9397b14f2e93c538"], "key": "<HKLM>\\SOFTWARE\\POLICIES\\MICROSOFT\\WINDOWS\\WINDOWSUPDATE\\OSUPGRADE", "value_name": "ReservationsAllowed"}, {"hashes": ["1300c962a03a4099017b5a5e2a3bed9a90a697dd41225da8762254eb4672c646", "15cb8f599ed80224fb24091933d68e206dc6e279a4d4512484d9dd31945bb950", "26fff24f78cb3386f0510a4f5b67ca8a194820e86bdaef18a8fb85166e84fa9f", "2f3eea82005405ecc358e98f3b07c77773ffe94b5ed3702e54d1ab5cdc6f89f0", "3c07b43aaef53c14bdbc10ae21740070319d05d9821ae4731c42042861c25536", "3cb4925d431eb2fae05d4ba1ce7b1fa68d99bb5987cd32e98a882e4cac95aa39", "42581bde3d6d22851443ccf2940a0408aacd9fc8eb3a592e62464f47dafe6576", "48d34fb1301914c623760787d9d98f64cd37a0adc639017a6bcec2d2726cc151", "5d2a6d8d3564069e724fa822949c1fdf454c6354e63d66817f21abf00b4ce62e", "6f79da35f423864eb34a942f5a907c18059708262682ce97fd45aa064bea0d76", "87cb6b69ed9a495c07d65a1b64b69023859d2dcf1615d052b53931e70683fa5e", "92a7adb7899dddca4a943dd4fa3ccc3f0de17a14f90decdf7fd73dd9c684f152", "e603b132e8700e7ac5bd875eaf1da1e9d106e191f0a463ba94f828db1849480b", "ede6b4693e61cd08e91a2abfd846b7162ce1f263f32e4ef4604de3c77f31303d", "f2040be43fbf67a7a66e9d530ad539a88e74e61b28db97fc9397b14f2e93c538"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\XVYG", "value_name": "xedvpa"}, {"hashes": ["1300c962a03a4099017b5a5e2a3bed9a90a697dd41225da8762254eb4672c646", "15cb8f599ed80224fb24091933d68e206dc6e279a4d4512484d9dd31945bb950", "26fff24f78cb3386f0510a4f5b67ca8a194820e86bdaef18a8fb85166e84fa9f", "2f3eea82005405ecc358e98f3b07c77773ffe94b5ed3702e54d1ab5cdc6f89f0", "3c07b43aaef53c14bdbc10ae21740070319d05d9821ae4731c42042861c25536", "3cb4925d431eb2fae05d4ba1ce7b1fa68d99bb5987cd32e98a882e4cac95aa39", "42581bde3d6d22851443ccf2940a0408aacd9fc8eb3a592e62464f47dafe6576", "48d34fb1301914c623760787d9d98f64cd37a0adc639017a6bcec2d2726cc151", "5d2a6d8d3564069e724fa822949c1fdf454c6354e63d66817f21abf00b4ce62e", "6f79da35f423864eb34a942f5a907c18059708262682ce97fd45aa064bea0d76", "87cb6b69ed9a495c07d65a1b64b69023859d2dcf1615d052b53931e70683fa5e", "92a7adb7899dddca4a943dd4fa3ccc3f0de17a14f90decdf7fd73dd9c684f152", "e603b132e8700e7ac5bd875eaf1da1e9d106e191f0a463ba94f828db1849480b", "ede6b4693e61cd08e91a2abfd846b7162ce1f263f32e4ef4604de3c77f31303d", "f2040be43fbf67a7a66e9d530ad539a88e74e61b28db97fc9397b14f2e93c538"], "key": "<HKCU>\\SOFTWARE\\XVYG", "value_name": "xedvpa"}, {"hashes": ["1300c962a03a4099017b5a5e2a3bed9a90a697dd41225da8762254eb4672c646", "15cb8f599ed80224fb24091933d68e206dc6e279a4d4512484d9dd31945bb950", "26fff24f78cb3386f0510a4f5b67ca8a194820e86bdaef18a8fb85166e84fa9f", "2f3eea82005405ecc358e98f3b07c77773ffe94b5ed3702e54d1ab5cdc6f89f0", "3c07b43aaef53c14bdbc10ae21740070319d05d9821ae4731c42042861c25536", "3cb4925d431eb2fae05d4ba1ce7b1fa68d99bb5987cd32e98a882e4cac95aa39", "42581bde3d6d22851443ccf2940a0408aacd9fc8eb3a592e62464f47dafe6576", "48d34fb1301914c623760787d9d98f64cd37a0adc639017a6bcec2d2726cc151", "5d2a6d8d3564069e724fa822949c1fdf454c6354e63d66817f21abf00b4ce62e", "6f79da35f423864eb34a942f5a907c18059708262682ce97fd45aa064bea0d76", "87cb6b69ed9a495c07d65a1b64b69023859d2dcf1615d052b53931e70683fa5e", "92a7adb7899dddca4a943dd4fa3ccc3f0de17a14f90decdf7fd73dd9c684f152", "e603b132e8700e7ac5bd875eaf1da1e9d106e191f0a463ba94f828db1849480b", "ede6b4693e61cd08e91a2abfd846b7162ce1f263f32e4ef4604de3c77f31303d", "f2040be43fbf67a7a66e9d530ad539a88e74e61b28db97fc9397b14f2e93c538"], "key": "<HKCR>\\.8CA9D79", "value_name": ""}, {"hashes": ["1300c962a03a4099017b5a5e2a3bed9a90a697dd41225da8762254eb4672c646", "15cb8f599ed80224fb24091933d68e206dc6e279a4d4512484d9dd31945bb950", "26fff24f78cb3386f0510a4f5b67ca8a194820e86bdaef18a8fb85166e84fa9f", "2f3eea82005405ecc358e98f3b07c77773ffe94b5ed3702e54d1ab5cdc6f89f0", "3c07b43aaef53c14bdbc10ae21740070319d05d9821ae4731c42042861c25536", "3cb4925d431eb2fae05d4ba1ce7b1fa68d99bb5987cd32e98a882e4cac95aa39", "42581bde3d6d22851443ccf2940a0408aacd9fc8eb3a592e62464f47dafe6576", "48d34fb1301914c623760787d9d98f64cd37a0adc639017a6bcec2d2726cc151", "5d2a6d8d3564069e724fa822949c1fdf454c6354e63d66817f21abf00b4ce62e", "6f79da35f423864eb34a942f5a907c18059708262682ce97fd45aa064bea0d76", "87cb6b69ed9a495c07d65a1b64b69023859d2dcf1615d052b53931e70683fa5e", "92a7adb7899dddca4a943dd4fa3ccc3f0de17a14f90decdf7fd73dd9c684f152", "e603b132e8700e7ac5bd875eaf1da1e9d106e191f0a463ba94f828db1849480b", "ede6b4693e61cd08e91a2abfd846b7162ce1f263f32e4ef4604de3c77f31303d", "f2040be43fbf67a7a66e9d530ad539a88e74e61b28db97fc9397b14f2e93c538"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "\u0000vrxzdhbyv"}, {"hashes": ["1300c962a03a4099017b5a5e2a3bed9a90a697dd41225da8762254eb4672c646", "15cb8f599ed80224fb24091933d68e206dc6e279a4d4512484d9dd31945bb950", "26fff24f78cb3386f0510a4f5b67ca8a194820e86bdaef18a8fb85166e84fa9f", "2f3eea82005405ecc358e98f3b07c77773ffe94b5ed3702e54d1ab5cdc6f89f0", "3c07b43aaef53c14bdbc10ae21740070319d05d9821ae4731c42042861c25536", "3cb4925d431eb2fae05d4ba1ce7b1fa68d99bb5987cd32e98a882e4cac95aa39", "42581bde3d6d22851443ccf2940a0408aacd9fc8eb3a592e62464f47dafe6576", "48d34fb1301914c623760787d9d98f64cd37a0adc639017a6bcec2d2726cc151", "5d2a6d8d3564069e724fa822949c1fdf454c6354e63d66817f21abf00b4ce62e", "6f79da35f423864eb34a942f5a907c18059708262682ce97fd45aa064bea0d76", "87cb6b69ed9a495c07d65a1b64b69023859d2dcf1615d052b53931e70683fa5e", "92a7adb7899dddca4a943dd4fa3ccc3f0de17a14f90decdf7fd73dd9c684f152", "e603b132e8700e7ac5bd875eaf1da1e9d106e191f0a463ba94f828db1849480b", "ede6b4693e61cd08e91a2abfd846b7162ce1f263f32e4ef4604de3c77f31303d", "f2040be43fbf67a7a66e9d530ad539a88e74e61b28db97fc9397b14f2e93c538"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "ssishoff"}, {"hashes": ["1300c962a03a4099017b5a5e2a3bed9a90a697dd41225da8762254eb4672c646", "15cb8f599ed80224fb24091933d68e206dc6e279a4d4512484d9dd31945bb950", "26fff24f78cb3386f0510a4f5b67ca8a194820e86bdaef18a8fb85166e84fa9f", "2f3eea82005405ecc358e98f3b07c77773ffe94b5ed3702e54d1ab5cdc6f89f0", "3c07b43aaef53c14bdbc10ae21740070319d05d9821ae4731c42042861c25536", "3cb4925d431eb2fae05d4ba1ce7b1fa68d99bb5987cd32e98a882e4cac95aa39", "42581bde3d6d22851443ccf2940a0408aacd9fc8eb3a592e62464f47dafe6576", "48d34fb1301914c623760787d9d98f64cd37a0adc639017a6bcec2d2726cc151", "5d2a6d8d3564069e724fa822949c1fdf454c6354e63d66817f21abf00b4ce62e", "6f79da35f423864eb34a942f5a907c18059708262682ce97fd45aa064bea0d76", "87cb6b69ed9a495c07d65a1b64b69023859d2dcf1615d052b53931e70683fa5e", "92a7adb7899dddca4a943dd4fa3ccc3f0de17a14f90decdf7fd73dd9c684f152", "e603b132e8700e7ac5bd875eaf1da1e9d106e191f0a463ba94f828db1849480b", "ede6b4693e61cd08e91a2abfd846b7162ce1f263f32e4ef4604de3c77f31303d", "f2040be43fbf67a7a66e9d530ad539a88e74e61b28db97fc9397b14f2e93c538"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\XVYG", "value_name": "tbqjcmuct"}, {"hashes": ["1300c962a03a4099017b5a5e2a3bed9a90a697dd41225da8762254eb4672c646", "15cb8f599ed80224fb24091933d68e206dc6e279a4d4512484d9dd31945bb950", "26fff24f78cb3386f0510a4f5b67ca8a194820e86bdaef18a8fb85166e84fa9f", "2f3eea82005405ecc358e98f3b07c77773ffe94b5ed3702e54d1ab5cdc6f89f0", "3c07b43aaef53c14bdbc10ae21740070319d05d9821ae4731c42042861c25536", "3cb4925d431eb2fae05d4ba1ce7b1fa68d99bb5987cd32e98a882e4cac95aa39", "42581bde3d6d22851443ccf2940a0408aacd9fc8eb3a592e62464f47dafe6576", "48d34fb1301914c623760787d9d98f64cd37a0adc639017a6bcec2d2726cc151", "5d2a6d8d3564069e724fa822949c1fdf454c6354e63d66817f21abf00b4ce62e", "6f79da35f423864eb34a942f5a907c18059708262682ce97fd45aa064bea0d76", "87cb6b69ed9a495c07d65a1b64b69023859d2dcf1615d052b53931e70683fa5e", "92a7adb7899dddca4a943dd4fa3ccc3f0de17a14f90decdf7fd73dd9c684f152", "e603b132e8700e7ac5bd875eaf1da1e9d106e191f0a463ba94f828db1849480b", "ede6b4693e61cd08e91a2abfd846b7162ce1f263f32e4ef4604de3c77f31303d", "f2040be43fbf67a7a66e9d530ad539a88e74e61b28db97fc9397b14f2e93c538"], "key": "<HKCU>\\SOFTWARE\\XVYG", "value_name": "tbqjcmuct"}, {"hashes": ["1300c962a03a4099017b5a5e2a3bed9a90a697dd41225da8762254eb4672c646", "15cb8f599ed80224fb24091933d68e206dc6e279a4d4512484d9dd31945bb950", "26fff24f78cb3386f0510a4f5b67ca8a194820e86bdaef18a8fb85166e84fa9f", "2f3eea82005405ecc358e98f3b07c77773ffe94b5ed3702e54d1ab5cdc6f89f0", "3c07b43aaef53c14bdbc10ae21740070319d05d9821ae4731c42042861c25536", "3cb4925d431eb2fae05d4ba1ce7b1fa68d99bb5987cd32e98a882e4cac95aa39", "42581bde3d6d22851443ccf2940a0408aacd9fc8eb3a592e62464f47dafe6576", "48d34fb1301914c623760787d9d98f64cd37a0adc639017a6bcec2d2726cc151", "5d2a6d8d3564069e724fa822949c1fdf454c6354e63d66817f21abf00b4ce62e", "6f79da35f423864eb34a942f5a907c18059708262682ce97fd45aa064bea0d76", "87cb6b69ed9a495c07d65a1b64b69023859d2dcf1615d052b53931e70683fa5e", "92a7adb7899dddca4a943dd4fa3ccc3f0de17a14f90decdf7fd73dd9c684f152", "e603b132e8700e7ac5bd875eaf1da1e9d106e191f0a463ba94f828db1849480b", "ede6b4693e61cd08e91a2abfd846b7162ce1f263f32e4ef4604de3c77f31303d", "f2040be43fbf67a7a66e9d530ad539a88e74e61b28db97fc9397b14f2e93c538"], "key": "<HKLM>\\SOFTWARE\\POLICIES\\MICROSOFT\\WINDOWS\\WINDOWSUPDATE", "value_name": null}, {"hashes": ["1300c962a03a4099017b5a5e2a3bed9a90a697dd41225da8762254eb4672c646", "15cb8f599ed80224fb24091933d68e206dc6e279a4d4512484d9dd31945bb950", "26fff24f78cb3386f0510a4f5b67ca8a194820e86bdaef18a8fb85166e84fa9f", "2f3eea82005405ecc358e98f3b07c77773ffe94b5ed3702e54d1ab5cdc6f89f0", "3c07b43aaef53c14bdbc10ae21740070319d05d9821ae4731c42042861c25536", "3cb4925d431eb2fae05d4ba1ce7b1fa68d99bb5987cd32e98a882e4cac95aa39", "42581bde3d6d22851443ccf2940a0408aacd9fc8eb3a592e62464f47dafe6576", "48d34fb1301914c623760787d9d98f64cd37a0adc639017a6bcec2d2726cc151", "5d2a6d8d3564069e724fa822949c1fdf454c6354e63d66817f21abf00b4ce62e", "6f79da35f423864eb34a942f5a907c18059708262682ce97fd45aa064bea0d76", "87cb6b69ed9a495c07d65a1b64b69023859d2dcf1615d052b53931e70683fa5e", "92a7adb7899dddca4a943dd4fa3ccc3f0de17a14f90decdf7fd73dd9c684f152", "e603b132e8700e7ac5bd875eaf1da1e9d106e191f0a463ba94f828db1849480b", "ede6b4693e61cd08e91a2abfd846b7162ce1f263f32e4ef4604de3c77f31303d", "f2040be43fbf67a7a66e9d530ad539a88e74e61b28db97fc9397b14f2e93c538"], "key": "<HKLM>\\SOFTWARE\\POLICIES\\MICROSOFT\\WINDOWS\\WINDOWSUPDATE\\OSUPGRADE", "value_name": null}, {"hashes": ["1300c962a03a4099017b5a5e2a3bed9a90a697dd41225da8762254eb4672c646", "15cb8f599ed80224fb24091933d68e206dc6e279a4d4512484d9dd31945bb950", "26fff24f78cb3386f0510a4f5b67ca8a194820e86bdaef18a8fb85166e84fa9f", "2f3eea82005405ecc358e98f3b07c77773ffe94b5ed3702e54d1ab5cdc6f89f0", "3c07b43aaef53c14bdbc10ae21740070319d05d9821ae4731c42042861c25536", "3cb4925d431eb2fae05d4ba1ce7b1fa68d99bb5987cd32e98a882e4cac95aa39", "42581bde3d6d22851443ccf2940a0408aacd9fc8eb3a592e62464f47dafe6576", "48d34fb1301914c623760787d9d98f64cd37a0adc639017a6bcec2d2726cc151", "5d2a6d8d3564069e724fa822949c1fdf454c6354e63d66817f21abf00b4ce62e", "6f79da35f423864eb34a942f5a907c18059708262682ce97fd45aa064bea0d76", "87cb6b69ed9a495c07d65a1b64b69023859d2dcf1615d052b53931e70683fa5e", "92a7adb7899dddca4a943dd4fa3ccc3f0de17a14f90decdf7fd73dd9c684f152", "e603b132e8700e7ac5bd875eaf1da1e9d106e191f0a463ba94f828db1849480b", "ede6b4693e61cd08e91a2abfd846b7162ce1f263f32e4ef4604de3c77f31303d", "f2040be43fbf67a7a66e9d530ad539a88e74e61b28db97fc9397b14f2e93c538"], "key": "<HKCU>\\SOFTWARE\\XVYG", "value_name": null}, {"hashes": ["1300c962a03a4099017b5a5e2a3bed9a90a697dd41225da8762254eb4672c646", "15cb8f599ed80224fb24091933d68e206dc6e279a4d4512484d9dd31945bb950", "26fff24f78cb3386f0510a4f5b67ca8a194820e86bdaef18a8fb85166e84fa9f", "2f3eea82005405ecc358e98f3b07c77773ffe94b5ed3702e54d1ab5cdc6f89f0", "3c07b43aaef53c14bdbc10ae21740070319d05d9821ae4731c42042861c25536", "3cb4925d431eb2fae05d4ba1ce7b1fa68d99bb5987cd32e98a882e4cac95aa39", "42581bde3d6d22851443ccf2940a0408aacd9fc8eb3a592e62464f47dafe6576", "48d34fb1301914c623760787d9d98f64cd37a0adc639017a6bcec2d2726cc151", "5d2a6d8d3564069e724fa822949c1fdf454c6354e63d66817f21abf00b4ce62e", "6f79da35f423864eb34a942f5a907c18059708262682ce97fd45aa064bea0d76", "87cb6b69ed9a495c07d65a1b64b69023859d2dcf1615d052b53931e70683fa5e", "92a7adb7899dddca4a943dd4fa3ccc3f0de17a14f90decdf7fd73dd9c684f152", "e603b132e8700e7ac5bd875eaf1da1e9d106e191f0a463ba94f828db1849480b", "ede6b4693e61cd08e91a2abfd846b7162ce1f263f32e4ef4604de3c77f31303d", "f2040be43fbf67a7a66e9d530ad539a88e74e61b28db97fc9397b14f2e93c538"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\XVYG", "value_name": null}, {"hashes": ["1300c962a03a4099017b5a5e2a3bed9a90a697dd41225da8762254eb4672c646", "15cb8f599ed80224fb24091933d68e206dc6e279a4d4512484d9dd31945bb950", "26fff24f78cb3386f0510a4f5b67ca8a194820e86bdaef18a8fb85166e84fa9f", "2f3eea82005405ecc358e98f3b07c77773ffe94b5ed3702e54d1ab5cdc6f89f0", "3c07b43aaef53c14bdbc10ae21740070319d05d9821ae4731c42042861c25536", "3cb4925d431eb2fae05d4ba1ce7b1fa68d99bb5987cd32e98a882e4cac95aa39", "42581bde3d6d22851443ccf2940a0408aacd9fc8eb3a592e62464f47dafe6576", "48d34fb1301914c623760787d9d98f64cd37a0adc639017a6bcec2d2726cc151", "5d2a6d8d3564069e724fa822949c1fdf454c6354e63d66817f21abf00b4ce62e", "6f79da35f423864eb34a942f5a907c18059708262682ce97fd45aa064bea0d76", "87cb6b69ed9a495c07d65a1b64b69023859d2dcf1615d052b53931e70683fa5e", "92a7adb7899dddca4a943dd4fa3ccc3f0de17a14f90decdf7fd73dd9c684f152", "e603b132e8700e7ac5bd875eaf1da1e9d106e191f0a463ba94f828db1849480b", "ede6b4693e61cd08e91a2abfd846b7162ce1f263f32e4ef4604de3c77f31303d", "f2040be43fbf67a7a66e9d530ad539a88e74e61b28db97fc9397b14f2e93c538"], "key": "<HKCR>\\C3B616", "value_name": null}, {"hashes": ["1300c962a03a4099017b5a5e2a3bed9a90a697dd41225da8762254eb4672c646", "15cb8f599ed80224fb24091933d68e206dc6e279a4d4512484d9dd31945bb950", "26fff24f78cb3386f0510a4f5b67ca8a194820e86bdaef18a8fb85166e84fa9f", "2f3eea82005405ecc358e98f3b07c77773ffe94b5ed3702e54d1ab5cdc6f89f0", "3c07b43aaef53c14bdbc10ae21740070319d05d9821ae4731c42042861c25536", "3cb4925d431eb2fae05d4ba1ce7b1fa68d99bb5987cd32e98a882e4cac95aa39", "42581bde3d6d22851443ccf2940a0408aacd9fc8eb3a592e62464f47dafe6576", "48d34fb1301914c623760787d9d98f64cd37a0adc639017a6bcec2d2726cc151", "5d2a6d8d3564069e724fa822949c1fdf454c6354e63d66817f21abf00b4ce62e", "6f79da35f423864eb34a942f5a907c18059708262682ce97fd45aa064bea0d76", "87cb6b69ed9a495c07d65a1b64b69023859d2dcf1615d052b53931e70683fa5e", "92a7adb7899dddca4a943dd4fa3ccc3f0de17a14f90decdf7fd73dd9c684f152", "e603b132e8700e7ac5bd875eaf1da1e9d106e191f0a463ba94f828db1849480b", "ede6b4693e61cd08e91a2abfd846b7162ce1f263f32e4ef4604de3c77f31303d", "f2040be43fbf67a7a66e9d530ad539a88e74e61b28db97fc9397b14f2e93c538"], "key": "<HKCR>\\C3B616\\SHELL", "value_name": null}, {"hashes": ["1300c962a03a4099017b5a5e2a3bed9a90a697dd41225da8762254eb4672c646", "15cb8f599ed80224fb24091933d68e206dc6e279a4d4512484d9dd31945bb950", "26fff24f78cb3386f0510a4f5b67ca8a194820e86bdaef18a8fb85166e84fa9f", "2f3eea82005405ecc358e98f3b07c77773ffe94b5ed3702e54d1ab5cdc6f89f0", "3c07b43aaef53c14bdbc10ae21740070319d05d9821ae4731c42042861c25536", "3cb4925d431eb2fae05d4ba1ce7b1fa68d99bb5987cd32e98a882e4cac95aa39", "42581bde3d6d22851443ccf2940a0408aacd9fc8eb3a592e62464f47dafe6576", "48d34fb1301914c623760787d9d98f64cd37a0adc639017a6bcec2d2726cc151", "5d2a6d8d3564069e724fa822949c1fdf454c6354e63d66817f21abf00b4ce62e", "6f79da35f423864eb34a942f5a907c18059708262682ce97fd45aa064bea0d76", "87cb6b69ed9a495c07d65a1b64b69023859d2dcf1615d052b53931e70683fa5e", "92a7adb7899dddca4a943dd4fa3ccc3f0de17a14f90decdf7fd73dd9c684f152", "e603b132e8700e7ac5bd875eaf1da1e9d106e191f0a463ba94f828db1849480b", "ede6b4693e61cd08e91a2abfd846b7162ce1f263f32e4ef4604de3c77f31303d", "f2040be43fbf67a7a66e9d530ad539a88e74e61b28db97fc9397b14f2e93c538"], "key": "<HKCR>\\C3B616\\SHELL\\OPEN", "value_name": null}, {"hashes": ["1300c962a03a4099017b5a5e2a3bed9a90a697dd41225da8762254eb4672c646", "15cb8f599ed80224fb24091933d68e206dc6e279a4d4512484d9dd31945bb950", "26fff24f78cb3386f0510a4f5b67ca8a194820e86bdaef18a8fb85166e84fa9f", "2f3eea82005405ecc358e98f3b07c77773ffe94b5ed3702e54d1ab5cdc6f89f0", "3c07b43aaef53c14bdbc10ae21740070319d05d9821ae4731c42042861c25536", "3cb4925d431eb2fae05d4ba1ce7b1fa68d99bb5987cd32e98a882e4cac95aa39", "42581bde3d6d22851443ccf2940a0408aacd9fc8eb3a592e62464f47dafe6576", "48d34fb1301914c623760787d9d98f64cd37a0adc639017a6bcec2d2726cc151", "5d2a6d8d3564069e724fa822949c1fdf454c6354e63d66817f21abf00b4ce62e", "6f79da35f423864eb34a942f5a907c18059708262682ce97fd45aa064bea0d76", "87cb6b69ed9a495c07d65a1b64b69023859d2dcf1615d052b53931e70683fa5e", "92a7adb7899dddca4a943dd4fa3ccc3f0de17a14f90decdf7fd73dd9c684f152", "e603b132e8700e7ac5bd875eaf1da1e9d106e191f0a463ba94f828db1849480b", "ede6b4693e61cd08e91a2abfd846b7162ce1f263f32e4ef4604de3c77f31303d", "f2040be43fbf67a7a66e9d530ad539a88e74e61b28db97fc9397b14f2e93c538"], "key": "<HKCR>\\C3B616\\SHELL\\OPEN\\COMMAND", "value_name": null}, {"hashes": ["1300c962a03a4099017b5a5e2a3bed9a90a697dd41225da8762254eb4672c646", "15cb8f599ed80224fb24091933d68e206dc6e279a4d4512484d9dd31945bb950", "26fff24f78cb3386f0510a4f5b67ca8a194820e86bdaef18a8fb85166e84fa9f", "2f3eea82005405ecc358e98f3b07c77773ffe94b5ed3702e54d1ab5cdc6f89f0", "3c07b43aaef53c14bdbc10ae21740070319d05d9821ae4731c42042861c25536", "3cb4925d431eb2fae05d4ba1ce7b1fa68d99bb5987cd32e98a882e4cac95aa39", "42581bde3d6d22851443ccf2940a0408aacd9fc8eb3a592e62464f47dafe6576", "48d34fb1301914c623760787d9d98f64cd37a0adc639017a6bcec2d2726cc151", "5d2a6d8d3564069e724fa822949c1fdf454c6354e63d66817f21abf00b4ce62e", "6f79da35f423864eb34a942f5a907c18059708262682ce97fd45aa064bea0d76", "87cb6b69ed9a495c07d65a1b64b69023859d2dcf1615d052b53931e70683fa5e", "92a7adb7899dddca4a943dd4fa3ccc3f0de17a14f90decdf7fd73dd9c684f152", "e603b132e8700e7ac5bd875eaf1da1e9d106e191f0a463ba94f828db1849480b", "ede6b4693e61cd08e91a2abfd846b7162ce1f263f32e4ef4604de3c77f31303d", "f2040be43fbf67a7a66e9d530ad539a88e74e61b28db97fc9397b14f2e93c538"], "key": "<HKCR>\\.8CA9D79", "value_name": null}, {"hashes": ["6f79da35f423864eb34a942f5a907c18059708262682ce97fd45aa064bea0d76", "e603b132e8700e7ac5bd875eaf1da1e9d106e191f0a463ba94f828db1849480b", "ede6b4693e61cd08e91a2abfd846b7162ce1f263f32e4ef4604de3c77f31303d"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\XVYG", "value_name": "lujyoqmfl"}, {"hashes": ["6f79da35f423864eb34a942f5a907c18059708262682ce97fd45aa064bea0d76", "e603b132e8700e7ac5bd875eaf1da1e9d106e191f0a463ba94f828db1849480b", "ede6b4693e61cd08e91a2abfd846b7162ce1f263f32e4ef4604de3c77f31303d"], "key": "<HKCU>\\SOFTWARE\\XVYG", "value_name": "lujyoqmfl"}, {"hashes": ["26fff24f78cb3386f0510a4f5b67ca8a194820e86bdaef18a8fb85166e84fa9f"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\1B21DAD32ACEFC37", "value_name": "827CA526E3C26A5394D2"}, {"hashes": ["26fff24f78cb3386f0510a4f5b67ca8a194820e86bdaef18a8fb85166e84fa9f"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\L7ZCKDV", "value_name": "cYmslSvq4"}, {"hashes": ["2f3eea82005405ecc358e98f3b07c77773ffe94b5ed3702e54d1ab5cdc6f89f0"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\WNECRBHM3A", "value_name": "SRxcEUfP"}, {"hashes": ["2f3eea82005405ecc358e98f3b07c77773ffe94b5ed3702e54d1ab5cdc6f89f0"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\WNECRBHM3A", "value_name": "DCBRKn1"}, {"hashes": ["26fff24f78cb3386f0510a4f5b67ca8a194820e86bdaef18a8fb85166e84fa9f"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\L7ZCKDV", "value_name": "7ramW9r"}, {"hashes": ["48d34fb1301914c623760787d9d98f64cd37a0adc639017a6bcec2d2726cc151"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\BAE137569D1293C2", "value_name": null}, {"hashes": ["48d34fb1301914c623760787d9d98f64cd37a0adc639017a6bcec2d2726cc151"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\YYVINZ04B", "value_name": null}, {"hashes": ["48d34fb1301914c623760787d9d98f64cd37a0adc639017a6bcec2d2726cc151"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\BAE137569D1293C2", "value_name": "D59BCBAF0AD3BD54A41"}, {"hashes": ["48d34fb1301914c623760787d9d98f64cd37a0adc639017a6bcec2d2726cc151"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\YYVINZ04B", "value_name": "PuKHsIwPZF"}, {"hashes": ["48d34fb1301914c623760787d9d98f64cd37a0adc639017a6bcec2d2726cc151"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\YYVINZ04B", "value_name": "i6se2zW"}, {"hashes": ["6f79da35f423864eb34a942f5a907c18059708262682ce97fd45aa064bea0d76"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\ED13F3234DE84A58D", "value_name": null}, {"hashes": ["6f79da35f423864eb34a942f5a907c18059708262682ce97fd45aa064bea0d76"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\YN46ENQYR", "value_name": null}, {"hashes": ["6f79da35f423864eb34a942f5a907c18059708262682ce97fd45aa064bea0d76"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\ED13F3234DE84A58D", "value_name": "F89768005B73384572"}, {"hashes": ["6f79da35f423864eb34a942f5a907c18059708262682ce97fd45aa064bea0d76"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\YN46ENQYR", "value_name": "HLu4DYgtwI"}, {"hashes": ["6f79da35f423864eb34a942f5a907c18059708262682ce97fd45aa064bea0d76"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\YN46ENQYR", "value_name": "kmIELR"}, {"hashes": ["3cb4925d431eb2fae05d4ba1ce7b1fa68d99bb5987cd32e98a882e4cac95aa39"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\9D087E2C239A3F932", "value_name": null}, {"hashes": ["3cb4925d431eb2fae05d4ba1ce7b1fa68d99bb5987cd32e98a882e4cac95aa39"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\Y1HN8UI", "value_name": null}, {"hashes": ["3cb4925d431eb2fae05d4ba1ce7b1fa68d99bb5987cd32e98a882e4cac95aa39"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\9D087E2C239A3F932", "value_name": "9B1B8ECC2B9B85A6D"}, {"hashes": ["5d2a6d8d3564069e724fa822949c1fdf454c6354e63d66817f21abf00b4ce62e"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\C67FA0837DC5004E0", "value_name": null}, {"hashes": ["5d2a6d8d3564069e724fa822949c1fdf454c6354e63d66817f21abf00b4ce62e"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\WBRMQGBCS", "value_name": null}, {"hashes": ["5d2a6d8d3564069e724fa822949c1fdf454c6354e63d66817f21abf00b4ce62e"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\C67FA0837DC5004E0", "value_name": "5D3C42251C313CA69"}, {"hashes": ["3cb4925d431eb2fae05d4ba1ce7b1fa68d99bb5987cd32e98a882e4cac95aa39"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\Y1HN8UI", "value_name": "NgW77xTJZ"}, {"hashes": ["3cb4925d431eb2fae05d4ba1ce7b1fa68d99bb5987cd32e98a882e4cac95aa39"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\Y1HN8UI", "value_name": "bLsju61"}, {"hashes": ["92a7adb7899dddca4a943dd4fa3ccc3f0de17a14f90decdf7fd73dd9c684f152"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\2ED6C78C5E90619457", "value_name": null}, {"hashes": ["92a7adb7899dddca4a943dd4fa3ccc3f0de17a14f90decdf7fd73dd9c684f152"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\6NPMSYLZZH", "value_name": null}, {"hashes": ["92a7adb7899dddca4a943dd4fa3ccc3f0de17a14f90decdf7fd73dd9c684f152"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\2ED6C78C5E90619457", "value_name": "3CB1CC966B63F700AD3A"}, {"hashes": ["5d2a6d8d3564069e724fa822949c1fdf454c6354e63d66817f21abf00b4ce62e"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\WBRMQGBCS", "value_name": "GRIW6e"}, {"hashes": ["5d2a6d8d3564069e724fa822949c1fdf454c6354e63d66817f21abf00b4ce62e"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\WBRMQGBCS", "value_name": "ILDTPc"}, {"hashes": ["92a7adb7899dddca4a943dd4fa3ccc3f0de17a14f90decdf7fd73dd9c684f152"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\6NPMSYLZZH", "value_name": "XEeOfu0tT9"}, {"hashes": ["92a7adb7899dddca4a943dd4fa3ccc3f0de17a14f90decdf7fd73dd9c684f152"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\6NPMSYLZZH", "value_name": "KcMU3K8tQa"}]}, "reports_count": 15}, "Win.Malware.Tofsee-9845289-1": {"bis": [{"bi": "antivirus-flagged-artifact", "hashes": ["01bc730c983b156f663b443386aa1717ea5b75fee667353d6f8eb94b807a4fa5"], "mitre_attack_tags": []}, {"bi": "pe-encrypted-section", "hashes": ["01bc730c983b156f663b443386aa1717ea5b75fee667353d6f8eb94b807a4fa5"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "memory-execute-readwrite", "hashes": ["01bc730c983b156f663b443386aa1717ea5b75fee667353d6f8eb94b807a4fa5"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "modified-executable", "hashes": ["01bc730c983b156f663b443386aa1717ea5b75fee667353d6f8eb94b807a4fa5"], "mitre_attack_tags": []}, {"bi": "created-executable-in-user-dir", "hashes": ["01bc730c983b156f663b443386aa1717ea5b75fee667353d6f8eb94b807a4fa5"], "mitre_attack_tags": []}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["01bc730c983b156f663b443386aa1717ea5b75fee667353d6f8eb94b807a4fa5"], "mitre_attack_tags": []}, {"bi": "modified-file-in-user-dir", "hashes": ["01bc730c983b156f663b443386aa1717ea5b75fee667353d6f8eb94b807a4fa5"], "mitre_attack_tags": []}, {"bi": "pe-invalid-checksum", "hashes": ["01bc730c983b156f663b443386aa1717ea5b75fee667353d6f8eb94b807a4fa5"], "mitre_attack_tags": []}, {"bi": "cta-static-analyzer-malicious", "hashes": ["01bc730c983b156f663b443386aa1717ea5b75fee667353d6f8eb94b807a4fa5"], "mitre_attack_tags": []}, {"bi": "registry-service-with-autostart-created", "hashes": ["01bc730c983b156f663b443386aa1717ea5b75fee667353d6f8eb94b807a4fa5"], "mitre_attack_tags": ["TA0005", "TA0003", "TA0004", "T1112", "T1574"]}, {"bi": "currentcontrolset-service-added", "hashes": ["01bc730c983b156f663b443386aa1717ea5b75fee667353d6f8eb94b807a4fa5"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1569", "T1547"]}, {"bi": "process-long-cmdline", "hashes": ["01bc730c983b156f663b443386aa1717ea5b75fee667353d6f8eb94b807a4fa5"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "network-fast-flux-domain", "hashes": ["01bc730c983b156f663b443386aa1717ea5b75fee667353d6f8eb94b807a4fa5"], "mitre_attack_tags": []}, {"bi": "network-communications-http-get", "hashes": ["01bc730c983b156f663b443386aa1717ea5b75fee667353d6f8eb94b807a4fa5"], "mitre_attack_tags": ["TA0011", "T1105"]}, {"bi": "network-fast-flux-nameserver", "hashes": ["01bc730c983b156f663b443386aa1717ea5b75fee667353d6f8eb94b807a4fa5"], "mitre_attack_tags": []}, {"bi": "network-communications-smtp", "hashes": ["01bc730c983b156f663b443386aa1717ea5b75fee667353d6f8eb94b807a4fa5"], "mitre_attack_tags": ["TA0011", "T1071"]}, {"bi": "dns-query-nxdomain", "hashes": ["01bc730c983b156f663b443386aa1717ea5b75fee667353d6f8eb94b807a4fa5"], "mitre_attack_tags": []}, {"bi": "network-snort-protocol", "hashes": ["01bc730c983b156f663b443386aa1717ea5b75fee667353d6f8eb94b807a4fa5"], "mitre_attack_tags": []}, {"bi": "network-smtp-spambot", "hashes": ["01bc730c983b156f663b443386aa1717ea5b75fee667353d6f8eb94b807a4fa5"], "mitre_attack_tags": []}, {"bi": "dns-excessive-domain-queries", "hashes": ["01bc730c983b156f663b443386aa1717ea5b75fee667353d6f8eb94b807a4fa5"], "mitre_attack_tags": ["TA0011", "T1008"]}, {"bi": "network-only-safe-domains-contacted", "hashes": ["01bc730c983b156f663b443386aa1717ea5b75fee667353d6f8eb94b807a4fa5"], "mitre_attack_tags": []}, {"bi": "feed-domain-rat", "hashes": ["01bc730c983b156f663b443386aa1717ea5b75fee667353d6f8eb94b807a4fa5"], "mitre_attack_tags": []}, {"bi": "network-smtp-spambot-v2", "hashes": ["01bc730c983b156f663b443386aa1717ea5b75fee667353d6f8eb94b807a4fa5"], "mitre_attack_tags": []}, {"bi": "network-snort-sensitive-data", "hashes": ["01bc730c983b156f663b443386aa1717ea5b75fee667353d6f8eb94b807a4fa5"], "mitre_attack_tags": []}, {"bi": "feed-domain-antivirus-service", "hashes": ["01bc730c983b156f663b443386aa1717ea5b75fee667353d6f8eb94b807a4fa5"], "mitre_attack_tags": []}, {"bi": "process-requested-named-pipe", "hashes": ["01bc730c983b156f663b443386aa1717ea5b75fee667353d6f8eb94b807a4fa5"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "excessive-foreign-memory-modification", "hashes": ["01bc730c983b156f663b443386aa1717ea5b75fee667353d6f8eb94b807a4fa5"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "network-dns-category-file-storage", "hashes": ["01bc730c983b156f663b443386aa1717ea5b75fee667353d6f8eb94b807a4fa5"], "mitre_attack_tags": []}, {"bi": "deleted-submitted-file", "hashes": ["01bc730c983b156f663b443386aa1717ea5b75fee667353d6f8eb94b807a4fa5"], "mitre_attack_tags": ["TA0005", "T1070"]}, {"bi": "listening-port-opened", "hashes": ["01bc730c983b156f663b443386aa1717ea5b75fee667353d6f8eb94b807a4fa5"], "mitre_attack_tags": ["TA0011", "T1219"]}, {"bi": "process-svchost-suspicious-launch", "hashes": ["01bc730c983b156f663b443386aa1717ea5b75fee667353d6f8eb94b807a4fa5"], "mitre_attack_tags": ["TA0005", "T1036"]}, {"bi": "localhost-ipaddress-detected", "hashes": ["01bc730c983b156f663b443386aa1717ea5b75fee667353d6f8eb94b807a4fa5"], "mitre_attack_tags": []}, {"bi": "excessive-tcp-connections", "hashes": ["01bc730c983b156f663b443386aa1717ea5b75fee667353d6f8eb94b807a4fa5"], "mitre_attack_tags": ["TA0011", "T1095", "T1008"]}, {"bi": "cmd-exe-file-execution", "hashes": ["01bc730c983b156f663b443386aa1717ea5b75fee667353d6f8eb94b807a4fa5"], "mitre_attack_tags": ["TA0002", "T1059"]}, {"bi": "imports-IsDebuggerPresent", "hashes": ["01bc730c983b156f663b443386aa1717ea5b75fee667353d6f8eb94b807a4fa5"], "mitre_attack_tags": []}, {"bi": "registry-large-data-entry", "hashes": ["01bc730c983b156f663b443386aa1717ea5b75fee667353d6f8eb94b807a4fa5"], "mitre_attack_tags": ["TA0005", "T1112"]}, {"bi": "malware-compound-cta-activity", "hashes": ["01bc730c983b156f663b443386aa1717ea5b75fee667353d6f8eb94b807a4fa5"], "mitre_attack_tags": []}, {"bi": "antivirus-flagged-artifact-cta", "hashes": ["01bc730c983b156f663b443386aa1717ea5b75fee667353d6f8eb94b807a4fa5"], "mitre_attack_tags": []}, {"bi": "sc-service-start", "hashes": ["01bc730c983b156f663b443386aa1717ea5b75fee667353d6f8eb94b807a4fa5"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1569", "T1543"]}, {"bi": "netbios-null-domain", "hashes": ["01bc730c983b156f663b443386aa1717ea5b75fee667353d6f8eb94b807a4fa5"], "mitre_attack_tags": []}, {"bi": "file-alternate-data-stream-modification", "hashes": ["01bc730c983b156f663b443386aa1717ea5b75fee667353d6f8eb94b807a4fa5"], "mitre_attack_tags": ["TA0005", "T1564"]}, {"bi": "malware-tofsee-cmd-detected", "hashes": ["01bc730c983b156f663b443386aa1717ea5b75fee667353d6f8eb94b807a4fa5"], "mitre_attack_tags": ["TA0005", "T1562"]}, {"bi": "netsh-firewall-generic", "hashes": ["01bc730c983b156f663b443386aa1717ea5b75fee667353d6f8eb94b807a4fa5"], "mitre_attack_tags": ["TA0007", "TA0005", "T1016", "T1562"]}, {"bi": "sc-service-create", "hashes": ["01bc730c983b156f663b443386aa1717ea5b75fee667353d6f8eb94b807a4fa5"], "mitre_attack_tags": ["TA0003", "TA0004", "T1543"]}, {"bi": "file-alternate-data-stream-creation", "hashes": ["01bc730c983b156f663b443386aa1717ea5b75fee667353d6f8eb94b807a4fa5"], "mitre_attack_tags": ["TA0005", "T1564"]}, {"bi": "new-service-launched", "hashes": ["01bc730c983b156f663b443386aa1717ea5b75fee667353d6f8eb94b807a4fa5"], "mitre_attack_tags": ["TA0002", "T1569"]}, {"bi": "registry-windows-defender-exclusions-added", "hashes": ["01bc730c983b156f663b443386aa1717ea5b75fee667353d6f8eb94b807a4fa5"], "mitre_attack_tags": ["TA0005", "T1562"]}, {"bi": "dns-bypassed-assigned-server", "hashes": ["01bc730c983b156f663b443386aa1717ea5b75fee667353d6f8eb94b807a4fa5"], "mitre_attack_tags": ["TA0011", "TA0005"]}, {"bi": "netsh-firewall-add", "hashes": ["01bc730c983b156f663b443386aa1717ea5b75fee667353d6f8eb94b807a4fa5"], "mitre_attack_tags": ["TA0005", "T1562"]}, {"bi": "pe-resource-lang-spanish", "hashes": ["01bc730c983b156f663b443386aa1717ea5b75fee667353d6f8eb94b807a4fa5"], "mitre_attack_tags": []}, {"bi": "malware-tofsee-domain-detected", "hashes": ["01bc730c983b156f663b443386aa1717ea5b75fee667353d6f8eb94b807a4fa5"], "mitre_attack_tags": []}, {"bi": "malware-tofsee-filepath", "hashes": ["01bc730c983b156f663b443386aa1717ea5b75fee667353d6f8eb94b807a4fa5"], "mitre_attack_tags": ["TA0011", "TA0005", "T1105", "T1112"]}, {"bi": "sc-service-create-execute", "hashes": ["01bc730c983b156f663b443386aa1717ea5b75fee667353d6f8eb94b807a4fa5"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1569", "T1543"]}, {"bi": "zen-spamhaus-domain-contacted", "hashes": ["01bc730c983b156f663b443386aa1717ea5b75fee667353d6f8eb94b807a4fa5"], "mitre_attack_tags": ["TA0005", "TA0007", "T1497"]}], "category": "Malware", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": true, "Threat Grid": true, "Umbrella": false, "WSA": true}, "description": "Tofsee is multi-purpose malware that features a number of modules used to carry out various activities such as sending spam messages, conducting click fraud, mining cryptocurrency, and more. Infected systems become part of the Tofsee spam botnet and are used to send large volumes of spam messages in an effort to infect additional systems and increase the overall size of the botnet under the operator's control.", "hashes": ["01bc730c983b156f663b443386aa1717ea5b75fee667353d6f8eb94b807a4fa5", "02cc79deb0d9147c6b045a8cd5870f4d6aa6e9a366590e37aecb284b158d2108", "1330567011cf9ad12bd452d2c531adaa05a741c33f2cc55208e59a3c73dc0d71", "17c2717faf577d5bf0b8360b0e533a3110040540bccbd5f50d46273ccb37d0f2", "25b5a8d1aacbc2d8a880c736fee04297eb304ef8f4f74a498cf986f4ccb15ff1", "2c0de19809e1468f47dfa13c48dd399303718aaa9c729876c19f0b6e9a95775f", "3902ea8038ef0c7f2359d0d5a4b32311d7c15462fd92bfabdf117dc713536551", "44a144f15f425f78e8a7ec02f7337f910dd037d4a5f93543670bdc7a38ae7db2", "4a4f9f05c67838ca6d55fb14b2313565216077b314f901622ef1ca8a3f7efb0e", "561d67715daa821c53a02b429229c92f65193019368dc415473cdf56a8e9b6e1", "6586f0eb287a42f86d73eadef30b1602bd42281e8a84f6c564333bf367a83f22", "6b45453fd503798b371539999e5dcf2848a9ef920b5ec5f7d43064303230332c", "a1537bbc0fa6c311cc4b7c6c091950a9d8f645ce4fa85c7cff109eba83f793a4", "ab94da640caf5cf54f4237f0b703a1d2cba9535c5552c741a0ea8aea807c7d56", "c23bc966d837e5115b52d816c0ceb45e5b067fffdcf7eb3e2a8ae50b5507aae6", "c2cb4a0e5d4afee7de94869114d9dae658f494a3b65ddb5ca88effee97fb43f9", "fb54ad850f974dfe9062c59b48eddda53f3e6c431e9d6737dd90679efb4a2088"], "iocs": {"domain": [{"hashes": ["01bc730c983b156f663b443386aa1717ea5b75fee667353d6f8eb94b807a4fa5", "02cc79deb0d9147c6b045a8cd5870f4d6aa6e9a366590e37aecb284b158d2108", "1330567011cf9ad12bd452d2c531adaa05a741c33f2cc55208e59a3c73dc0d71", "17c2717faf577d5bf0b8360b0e533a3110040540bccbd5f50d46273ccb37d0f2", "2c0de19809e1468f47dfa13c48dd399303718aaa9c729876c19f0b6e9a95775f", "3902ea8038ef0c7f2359d0d5a4b32311d7c15462fd92bfabdf117dc713536551", "44a144f15f425f78e8a7ec02f7337f910dd037d4a5f93543670bdc7a38ae7db2", "561d67715daa821c53a02b429229c92f65193019368dc415473cdf56a8e9b6e1", "6586f0eb287a42f86d73eadef30b1602bd42281e8a84f6c564333bf367a83f22", "6b45453fd503798b371539999e5dcf2848a9ef920b5ec5f7d43064303230332c", "a1537bbc0fa6c311cc4b7c6c091950a9d8f645ce4fa85c7cff109eba83f793a4", "ab94da640caf5cf54f4237f0b703a1d2cba9535c5552c741a0ea8aea807c7d56", "c23bc966d837e5115b52d816c0ceb45e5b067fffdcf7eb3e2a8ae50b5507aae6", "c2cb4a0e5d4afee7de94869114d9dae658f494a3b65ddb5ca88effee97fb43f9", "fb54ad850f974dfe9062c59b48eddda53f3e6c431e9d6737dd90679efb4a2088"], "host": "www[.]google[.]com"}, {"hashes": ["01bc730c983b156f663b443386aa1717ea5b75fee667353d6f8eb94b807a4fa5", "02cc79deb0d9147c6b045a8cd5870f4d6aa6e9a366590e37aecb284b158d2108", "1330567011cf9ad12bd452d2c531adaa05a741c33f2cc55208e59a3c73dc0d71", "17c2717faf577d5bf0b8360b0e533a3110040540bccbd5f50d46273ccb37d0f2", "2c0de19809e1468f47dfa13c48dd399303718aaa9c729876c19f0b6e9a95775f", "3902ea8038ef0c7f2359d0d5a4b32311d7c15462fd92bfabdf117dc713536551", "44a144f15f425f78e8a7ec02f7337f910dd037d4a5f93543670bdc7a38ae7db2", "561d67715daa821c53a02b429229c92f65193019368dc415473cdf56a8e9b6e1", "6586f0eb287a42f86d73eadef30b1602bd42281e8a84f6c564333bf367a83f22", "6b45453fd503798b371539999e5dcf2848a9ef920b5ec5f7d43064303230332c", "a1537bbc0fa6c311cc4b7c6c091950a9d8f645ce4fa85c7cff109eba83f793a4", "ab94da640caf5cf54f4237f0b703a1d2cba9535c5552c741a0ea8aea807c7d56", "c23bc966d837e5115b52d816c0ceb45e5b067fffdcf7eb3e2a8ae50b5507aae6", "c2cb4a0e5d4afee7de94869114d9dae658f494a3b65ddb5ca88effee97fb43f9", "fb54ad850f974dfe9062c59b48eddda53f3e6c431e9d6737dd90679efb4a2088"], "host": "msr[.]pool-pay[.]com"}, {"hashes": ["01bc730c983b156f663b443386aa1717ea5b75fee667353d6f8eb94b807a4fa5", "02cc79deb0d9147c6b045a8cd5870f4d6aa6e9a366590e37aecb284b158d2108", "17c2717faf577d5bf0b8360b0e533a3110040540bccbd5f50d46273ccb37d0f2", "3902ea8038ef0c7f2359d0d5a4b32311d7c15462fd92bfabdf117dc713536551", "44a144f15f425f78e8a7ec02f7337f910dd037d4a5f93543670bdc7a38ae7db2", "6586f0eb287a42f86d73eadef30b1602bd42281e8a84f6c564333bf367a83f22", "6b45453fd503798b371539999e5dcf2848a9ef920b5ec5f7d43064303230332c", "a1537bbc0fa6c311cc4b7c6c091950a9d8f645ce4fa85c7cff109eba83f793a4", "ab94da640caf5cf54f4237f0b703a1d2cba9535c5552c741a0ea8aea807c7d56", "c23bc966d837e5115b52d816c0ceb45e5b067fffdcf7eb3e2a8ae50b5507aae6", "c2cb4a0e5d4afee7de94869114d9dae658f494a3b65ddb5ca88effee97fb43f9"], "host": "z-p42-instagram[.]c10r[.]facebook[.]com"}, {"hashes": ["01bc730c983b156f663b443386aa1717ea5b75fee667353d6f8eb94b807a4fa5", "02cc79deb0d9147c6b045a8cd5870f4d6aa6e9a366590e37aecb284b158d2108", "17c2717faf577d5bf0b8360b0e533a3110040540bccbd5f50d46273ccb37d0f2", "3902ea8038ef0c7f2359d0d5a4b32311d7c15462fd92bfabdf117dc713536551", "44a144f15f425f78e8a7ec02f7337f910dd037d4a5f93543670bdc7a38ae7db2", "6586f0eb287a42f86d73eadef30b1602bd42281e8a84f6c564333bf367a83f22", "6b45453fd503798b371539999e5dcf2848a9ef920b5ec5f7d43064303230332c", "a1537bbc0fa6c311cc4b7c6c091950a9d8f645ce4fa85c7cff109eba83f793a4", "ab94da640caf5cf54f4237f0b703a1d2cba9535c5552c741a0ea8aea807c7d56", "c23bc966d837e5115b52d816c0ceb45e5b067fffdcf7eb3e2a8ae50b5507aae6", "c2cb4a0e5d4afee7de94869114d9dae658f494a3b65ddb5ca88effee97fb43f9"], "host": "www[.]instagram[.]com"}, {"hashes": ["01bc730c983b156f663b443386aa1717ea5b75fee667353d6f8eb94b807a4fa5", "1330567011cf9ad12bd452d2c531adaa05a741c33f2cc55208e59a3c73dc0d71", "3902ea8038ef0c7f2359d0d5a4b32311d7c15462fd92bfabdf117dc713536551", "44a144f15f425f78e8a7ec02f7337f910dd037d4a5f93543670bdc7a38ae7db2", "561d67715daa821c53a02b429229c92f65193019368dc415473cdf56a8e9b6e1", "6b45453fd503798b371539999e5dcf2848a9ef920b5ec5f7d43064303230332c", "a1537bbc0fa6c311cc4b7c6c091950a9d8f645ce4fa85c7cff109eba83f793a4", "fb54ad850f974dfe9062c59b48eddda53f3e6c431e9d6737dd90679efb4a2088"], "host": "117[.]151[.]167[.]12[.]in-addr[.]arpa"}, {"hashes": ["01bc730c983b156f663b443386aa1717ea5b75fee667353d6f8eb94b807a4fa5", "3902ea8038ef0c7f2359d0d5a4b32311d7c15462fd92bfabdf117dc713536551", "561d67715daa821c53a02b429229c92f65193019368dc415473cdf56a8e9b6e1", "6586f0eb287a42f86d73eadef30b1602bd42281e8a84f6c564333bf367a83f22", "a1537bbc0fa6c311cc4b7c6c091950a9d8f645ce4fa85c7cff109eba83f793a4", "fb54ad850f974dfe9062c59b48eddda53f3e6c431e9d6737dd90679efb4a2088"], "host": "market[.]yandex[.]ru"}, {"hashes": ["17c2717faf577d5bf0b8360b0e533a3110040540bccbd5f50d46273ccb37d0f2", "2c0de19809e1468f47dfa13c48dd399303718aaa9c729876c19f0b6e9a95775f", "6586f0eb287a42f86d73eadef30b1602bd42281e8a84f6c564333bf367a83f22", "ab94da640caf5cf54f4237f0b703a1d2cba9535c5552c741a0ea8aea807c7d56", "c23bc966d837e5115b52d816c0ceb45e5b067fffdcf7eb3e2a8ae50b5507aae6", "c2cb4a0e5d4afee7de94869114d9dae658f494a3b65ddb5ca88effee97fb43f9"], "host": "119[.]151[.]167[.]12[.]in-addr[.]arpa"}, {"hashes": ["01bc730c983b156f663b443386aa1717ea5b75fee667353d6f8eb94b807a4fa5", "1330567011cf9ad12bd452d2c531adaa05a741c33f2cc55208e59a3c73dc0d71", "561d67715daa821c53a02b429229c92f65193019368dc415473cdf56a8e9b6e1", "ab94da640caf5cf54f4237f0b703a1d2cba9535c5552c741a0ea8aea807c7d56", "c23bc966d837e5115b52d816c0ceb45e5b067fffdcf7eb3e2a8ae50b5507aae6"], "host": "work[.]a-poster[.]info"}, {"hashes": ["17c2717faf577d5bf0b8360b0e533a3110040540bccbd5f50d46273ccb37d0f2", "6b45453fd503798b371539999e5dcf2848a9ef920b5ec5f7d43064303230332c", "ab94da640caf5cf54f4237f0b703a1d2cba9535c5552c741a0ea8aea807c7d56", "c23bc966d837e5115b52d816c0ceb45e5b067fffdcf7eb3e2a8ae50b5507aae6"], "host": "www[.]google[.]dk"}, {"hashes": ["1330567011cf9ad12bd452d2c531adaa05a741c33f2cc55208e59a3c73dc0d71", "44a144f15f425f78e8a7ec02f7337f910dd037d4a5f93543670bdc7a38ae7db2", "561d67715daa821c53a02b429229c92f65193019368dc415473cdf56a8e9b6e1", "fb54ad850f974dfe9062c59b48eddda53f3e6c431e9d6737dd90679efb4a2088"], "host": "feelinsonice[.]l[.]google[.]com"}, {"hashes": ["1330567011cf9ad12bd452d2c531adaa05a741c33f2cc55208e59a3c73dc0d71", "44a144f15f425f78e8a7ec02f7337f910dd037d4a5f93543670bdc7a38ae7db2", "561d67715daa821c53a02b429229c92f65193019368dc415473cdf56a8e9b6e1", "fb54ad850f974dfe9062c59b48eddda53f3e6c431e9d6737dd90679efb4a2088"], "host": "app[.]snapchat[.]com"}, {"hashes": ["17c2717faf577d5bf0b8360b0e533a3110040540bccbd5f50d46273ccb37d0f2", "a1537bbc0fa6c311cc4b7c6c091950a9d8f645ce4fa85c7cff109eba83f793a4", "ab94da640caf5cf54f4237f0b703a1d2cba9535c5552c741a0ea8aea807c7d56"], "host": "ip[.]pr-cy[.]hacklix[.]com"}, {"hashes": ["01bc730c983b156f663b443386aa1717ea5b75fee667353d6f8eb94b807a4fa5", "6b45453fd503798b371539999e5dcf2848a9ef920b5ec5f7d43064303230332c", "a1537bbc0fa6c311cc4b7c6c091950a9d8f645ce4fa85c7cff109eba83f793a4"], "host": "alt2[.]gmail-smtp-in[.]l[.]google[.]com"}, {"hashes": ["3902ea8038ef0c7f2359d0d5a4b32311d7c15462fd92bfabdf117dc713536551", "44a144f15f425f78e8a7ec02f7337f910dd037d4a5f93543670bdc7a38ae7db2"], "host": "mxs[.]mail[.]ru"}, {"hashes": ["02cc79deb0d9147c6b045a8cd5870f4d6aa6e9a366590e37aecb284b158d2108", "6586f0eb287a42f86d73eadef30b1602bd42281e8a84f6c564333bf367a83f22"], "host": "e6225[.]x[.]akamaiedge[.]net"}, {"hashes": ["01bc730c983b156f663b443386aa1717ea5b75fee667353d6f8eb94b807a4fa5"], "host": "www[.]amazon[.]com"}, {"hashes": ["01bc730c983b156f663b443386aa1717ea5b75fee667353d6f8eb94b807a4fa5"], "host": "www[.]google[.]co[.]uk"}, {"hashes": ["02cc79deb0d9147c6b045a8cd5870f4d6aa6e9a366590e37aecb284b158d2108"], "host": "signin[.]ea[.]com"}, {"hashes": ["01bc730c983b156f663b443386aa1717ea5b75fee667353d6f8eb94b807a4fa5"], "host": "www[.]google[.]cl"}, {"hashes": ["02cc79deb0d9147c6b045a8cd5870f4d6aa6e9a366590e37aecb284b158d2108"], "host": "www[.]google[.]ru"}, {"hashes": ["44a144f15f425f78e8a7ec02f7337f910dd037d4a5f93543670bdc7a38ae7db2"], "host": "e15316[.]e22[.]akamaiedge[.]net"}, {"hashes": ["fb54ad850f974dfe9062c59b48eddda53f3e6c431e9d6737dd90679efb4a2088"], "host": "www[.]google[.]no"}, {"hashes": ["1330567011cf9ad12bd452d2c531adaa05a741c33f2cc55208e59a3c73dc0d71"], "host": "www[.]google[.]ae"}, {"hashes": ["01bc730c983b156f663b443386aa1717ea5b75fee667353d6f8eb94b807a4fa5"], "host": "gmail-smtp-in[.]l[.]google[.]com"}, {"hashes": ["3902ea8038ef0c7f2359d0d5a4b32311d7c15462fd92bfabdf117dc713536551"], "host": "www[.]google[.]com[.]tr"}, {"hashes": ["02cc79deb0d9147c6b045a8cd5870f4d6aa6e9a366590e37aecb284b158d2108"], "host": "d3ag4hukkh62yn[.]cloudfront[.]net"}, {"hashes": ["a1537bbc0fa6c311cc4b7c6c091950a9d8f645ce4fa85c7cff109eba83f793a4"], "host": "alt1[.]gmail-smtp-in[.]l[.]google[.]com"}, {"hashes": ["01bc730c983b156f663b443386aa1717ea5b75fee667353d6f8eb94b807a4fa5"], "host": "sso[.]godaddy[.]com"}, {"hashes": ["561d67715daa821c53a02b429229c92f65193019368dc415473cdf56a8e9b6e1"], "host": "prod[.]ros[.]rockstargames[.]com"}, {"hashes": ["02cc79deb0d9147c6b045a8cd5870f4d6aa6e9a366590e37aecb284b158d2108"], "host": "www2[.]l[.]google[.]com"}, {"hashes": ["02cc79deb0d9147c6b045a8cd5870f4d6aa6e9a366590e37aecb284b158d2108"], "host": "trends[.]google[.]com"}, {"hashes": ["6b45453fd503798b371539999e5dcf2848a9ef920b5ec5f7d43064303230332c"], "host": "tpop-api[.]twitter[.]com"}, {"hashes": ["6b45453fd503798b371539999e5dcf2848a9ef920b5ec5f7d43064303230332c"], "host": "api[.]twitter[.]com"}, {"hashes": ["01bc730c983b156f663b443386aa1717ea5b75fee667353d6f8eb94b807a4fa5"], "host": "ios[.]prod[.]ftl[.]netflix[.]com"}, {"hashes": ["c23bc966d837e5115b52d816c0ceb45e5b067fffdcf7eb3e2a8ae50b5507aae6"], "host": "alt4[.]gmail-smtp-in[.]l[.]google[.]com"}, {"hashes": ["01bc730c983b156f663b443386aa1717ea5b75fee667353d6f8eb94b807a4fa5"], "host": "alt3[.]gmail-smtp-in[.]l[.]google[.]com"}, {"hashes": ["ab94da640caf5cf54f4237f0b703a1d2cba9535c5552c741a0ea8aea807c7d56"], "host": "www[.]americanas[.]com[.]br"}, {"hashes": ["3902ea8038ef0c7f2359d0d5a4b32311d7c15462fd92bfabdf117dc713536551"], "host": "dlsq0ztllwnya[.]cloudfront[.]net"}, {"hashes": ["3902ea8038ef0c7f2359d0d5a4b32311d7c15462fd92bfabdf117dc713536551"], "host": "www[.]amazon[.]ae"}, {"hashes": ["6b45453fd503798b371539999e5dcf2848a9ef920b5ec5f7d43064303230332c"], "host": "api-2-0-0[.]twitter[.]com"}, {"hashes": ["02cc79deb0d9147c6b045a8cd5870f4d6aa6e9a366590e37aecb284b158d2108"], "host": "gateway[.]ea[.]com"}, {"hashes": ["2c0de19809e1468f47dfa13c48dd399303718aaa9c729876c19f0b6e9a95775f"], "host": "www[.]citilink[.]ru"}, {"hashes": ["ab94da640caf5cf54f4237f0b703a1d2cba9535c5552c741a0ea8aea807c7d56"], "host": "e96427[.]dscb[.]akamaiedge[.]net"}, {"hashes": ["c23bc966d837e5115b52d816c0ceb45e5b067fffdcf7eb3e2a8ae50b5507aae6"], "host": "oliverdock[.]com"}, {"hashes": ["c2cb4a0e5d4afee7de94869114d9dae658f494a3b65ddb5ca88effee97fb43f9"], "host": "imap[.]gmx[.]net"}, {"hashes": ["a1537bbc0fa6c311cc4b7c6c091950a9d8f645ce4fa85c7cff109eba83f793a4"], "host": "emailssl-farm16[.]kinghost[.]net"}, {"hashes": ["a1537bbc0fa6c311cc4b7c6c091950a9d8f645ce4fa85c7cff109eba83f793a4"], "host": "outlook-exo[.]trafficmanager[.]net"}, {"hashes": ["a1537bbc0fa6c311cc4b7c6c091950a9d8f645ce4fa85c7cff109eba83f793a4"], "host": "mail[.]multi-capital[.]ma"}, {"hashes": ["a1537bbc0fa6c311cc4b7c6c091950a9d8f645ce4fa85c7cff109eba83f793a4"], "host": "mail[.]novalar[.]com[.]br"}, {"hashes": ["a1537bbc0fa6c311cc4b7c6c091950a9d8f645ce4fa85c7cff109eba83f793a4"], "host": "smtp-mail[.]outlook[.]com"}], "file": [{"hashes": ["01bc730c983b156f663b443386aa1717ea5b75fee667353d6f8eb94b807a4fa5", "02cc79deb0d9147c6b045a8cd5870f4d6aa6e9a366590e37aecb284b158d2108", "1330567011cf9ad12bd452d2c531adaa05a741c33f2cc55208e59a3c73dc0d71", "17c2717faf577d5bf0b8360b0e533a3110040540bccbd5f50d46273ccb37d0f2", "25b5a8d1aacbc2d8a880c736fee04297eb304ef8f4f74a498cf986f4ccb15ff1", "2c0de19809e1468f47dfa13c48dd399303718aaa9c729876c19f0b6e9a95775f", "3902ea8038ef0c7f2359d0d5a4b32311d7c15462fd92bfabdf117dc713536551", "44a144f15f425f78e8a7ec02f7337f910dd037d4a5f93543670bdc7a38ae7db2", "4a4f9f05c67838ca6d55fb14b2313565216077b314f901622ef1ca8a3f7efb0e", "561d67715daa821c53a02b429229c92f65193019368dc415473cdf56a8e9b6e1", "6586f0eb287a42f86d73eadef30b1602bd42281e8a84f6c564333bf367a83f22", "6b45453fd503798b371539999e5dcf2848a9ef920b5ec5f7d43064303230332c", "a1537bbc0fa6c311cc4b7c6c091950a9d8f645ce4fa85c7cff109eba83f793a4", "ab94da640caf5cf54f4237f0b703a1d2cba9535c5552c741a0ea8aea807c7d56", "c23bc966d837e5115b52d816c0ceb45e5b067fffdcf7eb3e2a8ae50b5507aae6", "c2cb4a0e5d4afee7de94869114d9dae658f494a3b65ddb5ca88effee97fb43f9", "fb54ad850f974dfe9062c59b48eddda53f3e6c431e9d6737dd90679efb4a2088"], "path": "%TEMP%\\<random, matching '[a-z]{8}'>.exe"}, {"hashes": ["01bc730c983b156f663b443386aa1717ea5b75fee667353d6f8eb94b807a4fa5", "02cc79deb0d9147c6b045a8cd5870f4d6aa6e9a366590e37aecb284b158d2108", "1330567011cf9ad12bd452d2c531adaa05a741c33f2cc55208e59a3c73dc0d71", "17c2717faf577d5bf0b8360b0e533a3110040540bccbd5f50d46273ccb37d0f2", "25b5a8d1aacbc2d8a880c736fee04297eb304ef8f4f74a498cf986f4ccb15ff1", "2c0de19809e1468f47dfa13c48dd399303718aaa9c729876c19f0b6e9a95775f", "3902ea8038ef0c7f2359d0d5a4b32311d7c15462fd92bfabdf117dc713536551", "44a144f15f425f78e8a7ec02f7337f910dd037d4a5f93543670bdc7a38ae7db2", "4a4f9f05c67838ca6d55fb14b2313565216077b314f901622ef1ca8a3f7efb0e", "561d67715daa821c53a02b429229c92f65193019368dc415473cdf56a8e9b6e1", "6586f0eb287a42f86d73eadef30b1602bd42281e8a84f6c564333bf367a83f22", "6b45453fd503798b371539999e5dcf2848a9ef920b5ec5f7d43064303230332c", "a1537bbc0fa6c311cc4b7c6c091950a9d8f645ce4fa85c7cff109eba83f793a4", "ab94da640caf5cf54f4237f0b703a1d2cba9535c5552c741a0ea8aea807c7d56", "c23bc966d837e5115b52d816c0ceb45e5b067fffdcf7eb3e2a8ae50b5507aae6", "c2cb4a0e5d4afee7de94869114d9dae658f494a3b65ddb5ca88effee97fb43f9"], "path": "%SystemRoot%\\SysWOW64\\config\\systemprofile"}, {"hashes": ["01bc730c983b156f663b443386aa1717ea5b75fee667353d6f8eb94b807a4fa5", "02cc79deb0d9147c6b045a8cd5870f4d6aa6e9a366590e37aecb284b158d2108", "1330567011cf9ad12bd452d2c531adaa05a741c33f2cc55208e59a3c73dc0d71", "17c2717faf577d5bf0b8360b0e533a3110040540bccbd5f50d46273ccb37d0f2", "25b5a8d1aacbc2d8a880c736fee04297eb304ef8f4f74a498cf986f4ccb15ff1", "2c0de19809e1468f47dfa13c48dd399303718aaa9c729876c19f0b6e9a95775f", "3902ea8038ef0c7f2359d0d5a4b32311d7c15462fd92bfabdf117dc713536551", "44a144f15f425f78e8a7ec02f7337f910dd037d4a5f93543670bdc7a38ae7db2", "4a4f9f05c67838ca6d55fb14b2313565216077b314f901622ef1ca8a3f7efb0e", "561d67715daa821c53a02b429229c92f65193019368dc415473cdf56a8e9b6e1", "6586f0eb287a42f86d73eadef30b1602bd42281e8a84f6c564333bf367a83f22", "6b45453fd503798b371539999e5dcf2848a9ef920b5ec5f7d43064303230332c", "a1537bbc0fa6c311cc4b7c6c091950a9d8f645ce4fa85c7cff109eba83f793a4", "ab94da640caf5cf54f4237f0b703a1d2cba9535c5552c741a0ea8aea807c7d56", "c23bc966d837e5115b52d816c0ceb45e5b067fffdcf7eb3e2a8ae50b5507aae6", "c2cb4a0e5d4afee7de94869114d9dae658f494a3b65ddb5ca88effee97fb43f9"], "path": "%SystemRoot%\\SysWOW64\\config\\systemprofile:.repos"}, {"hashes": ["01bc730c983b156f663b443386aa1717ea5b75fee667353d6f8eb94b807a4fa5", "02cc79deb0d9147c6b045a8cd5870f4d6aa6e9a366590e37aecb284b158d2108", "1330567011cf9ad12bd452d2c531adaa05a741c33f2cc55208e59a3c73dc0d71", "17c2717faf577d5bf0b8360b0e533a3110040540bccbd5f50d46273ccb37d0f2", "25b5a8d1aacbc2d8a880c736fee04297eb304ef8f4f74a498cf986f4ccb15ff1", "2c0de19809e1468f47dfa13c48dd399303718aaa9c729876c19f0b6e9a95775f", "3902ea8038ef0c7f2359d0d5a4b32311d7c15462fd92bfabdf117dc713536551", "44a144f15f425f78e8a7ec02f7337f910dd037d4a5f93543670bdc7a38ae7db2", "4a4f9f05c67838ca6d55fb14b2313565216077b314f901622ef1ca8a3f7efb0e", "561d67715daa821c53a02b429229c92f65193019368dc415473cdf56a8e9b6e1", "6586f0eb287a42f86d73eadef30b1602bd42281e8a84f6c564333bf367a83f22", "6b45453fd503798b371539999e5dcf2848a9ef920b5ec5f7d43064303230332c", "a1537bbc0fa6c311cc4b7c6c091950a9d8f645ce4fa85c7cff109eba83f793a4", "ab94da640caf5cf54f4237f0b703a1d2cba9535c5552c741a0ea8aea807c7d56", "c23bc966d837e5115b52d816c0ceb45e5b067fffdcf7eb3e2a8ae50b5507aae6", "c2cb4a0e5d4afee7de94869114d9dae658f494a3b65ddb5ca88effee97fb43f9"], "path": "%SystemRoot%\\SysWOW64\\<random, matching '[a-z]{8}'>"}, {"hashes": ["01bc730c983b156f663b443386aa1717ea5b75fee667353d6f8eb94b807a4fa5", "02cc79deb0d9147c6b045a8cd5870f4d6aa6e9a366590e37aecb284b158d2108", "1330567011cf9ad12bd452d2c531adaa05a741c33f2cc55208e59a3c73dc0d71", "17c2717faf577d5bf0b8360b0e533a3110040540bccbd5f50d46273ccb37d0f2", "2c0de19809e1468f47dfa13c48dd399303718aaa9c729876c19f0b6e9a95775f", "3902ea8038ef0c7f2359d0d5a4b32311d7c15462fd92bfabdf117dc713536551", "44a144f15f425f78e8a7ec02f7337f910dd037d4a5f93543670bdc7a38ae7db2", "4a4f9f05c67838ca6d55fb14b2313565216077b314f901622ef1ca8a3f7efb0e", "561d67715daa821c53a02b429229c92f65193019368dc415473cdf56a8e9b6e1", "6586f0eb287a42f86d73eadef30b1602bd42281e8a84f6c564333bf367a83f22", "6b45453fd503798b371539999e5dcf2848a9ef920b5ec5f7d43064303230332c", "a1537bbc0fa6c311cc4b7c6c091950a9d8f645ce4fa85c7cff109eba83f793a4", "ab94da640caf5cf54f4237f0b703a1d2cba9535c5552c741a0ea8aea807c7d56", "c23bc966d837e5115b52d816c0ceb45e5b067fffdcf7eb3e2a8ae50b5507aae6", "c2cb4a0e5d4afee7de94869114d9dae658f494a3b65ddb5ca88effee97fb43f9", "fb54ad850f974dfe9062c59b48eddda53f3e6c431e9d6737dd90679efb4a2088"], "path": "\\Device\\ConDrv"}, {"hashes": ["01bc730c983b156f663b443386aa1717ea5b75fee667353d6f8eb94b807a4fa5", "02cc79deb0d9147c6b045a8cd5870f4d6aa6e9a366590e37aecb284b158d2108", "1330567011cf9ad12bd452d2c531adaa05a741c33f2cc55208e59a3c73dc0d71", "17c2717faf577d5bf0b8360b0e533a3110040540bccbd5f50d46273ccb37d0f2", "2c0de19809e1468f47dfa13c48dd399303718aaa9c729876c19f0b6e9a95775f", "3902ea8038ef0c7f2359d0d5a4b32311d7c15462fd92bfabdf117dc713536551", "44a144f15f425f78e8a7ec02f7337f910dd037d4a5f93543670bdc7a38ae7db2", "4a4f9f05c67838ca6d55fb14b2313565216077b314f901622ef1ca8a3f7efb0e", "561d67715daa821c53a02b429229c92f65193019368dc415473cdf56a8e9b6e1", "6586f0eb287a42f86d73eadef30b1602bd42281e8a84f6c564333bf367a83f22", "6b45453fd503798b371539999e5dcf2848a9ef920b5ec5f7d43064303230332c", "a1537bbc0fa6c311cc4b7c6c091950a9d8f645ce4fa85c7cff109eba83f793a4", "ab94da640caf5cf54f4237f0b703a1d2cba9535c5552c741a0ea8aea807c7d56", "c23bc966d837e5115b52d816c0ceb45e5b067fffdcf7eb3e2a8ae50b5507aae6", "c2cb4a0e5d4afee7de94869114d9dae658f494a3b65ddb5ca88effee97fb43f9", "fb54ad850f974dfe9062c59b48eddda53f3e6c431e9d6737dd90679efb4a2088"], "path": "%System32%\\config\\systemprofile:.repos"}, {"hashes": ["01bc730c983b156f663b443386aa1717ea5b75fee667353d6f8eb94b807a4fa5", "02cc79deb0d9147c6b045a8cd5870f4d6aa6e9a366590e37aecb284b158d2108", "17c2717faf577d5bf0b8360b0e533a3110040540bccbd5f50d46273ccb37d0f2", "2c0de19809e1468f47dfa13c48dd399303718aaa9c729876c19f0b6e9a95775f", "3902ea8038ef0c7f2359d0d5a4b32311d7c15462fd92bfabdf117dc713536551", "44a144f15f425f78e8a7ec02f7337f910dd037d4a5f93543670bdc7a38ae7db2", "4a4f9f05c67838ca6d55fb14b2313565216077b314f901622ef1ca8a3f7efb0e", "561d67715daa821c53a02b429229c92f65193019368dc415473cdf56a8e9b6e1", "6586f0eb287a42f86d73eadef30b1602bd42281e8a84f6c564333bf367a83f22", "6b45453fd503798b371539999e5dcf2848a9ef920b5ec5f7d43064303230332c", "a1537bbc0fa6c311cc4b7c6c091950a9d8f645ce4fa85c7cff109eba83f793a4", "ab94da640caf5cf54f4237f0b703a1d2cba9535c5552c741a0ea8aea807c7d56", "c2cb4a0e5d4afee7de94869114d9dae658f494a3b65ddb5ca88effee97fb43f9", "fb54ad850f974dfe9062c59b48eddda53f3e6c431e9d6737dd90679efb4a2088"], "path": "%System32%\\<random, matching '[a-z]{8}\\[a-z]{6,8}'>.exe (copy)"}, {"hashes": ["2c0de19809e1468f47dfa13c48dd399303718aaa9c729876c19f0b6e9a95775f"], "path": "%TEMP%\\uwrxqdn.exe"}, {"hashes": ["c23bc966d837e5115b52d816c0ceb45e5b067fffdcf7eb3e2a8ae50b5507aae6"], "path": "%System32%\\mleuxps\\godhusbb.exe (copy)"}, {"hashes": ["1330567011cf9ad12bd452d2c531adaa05a741c33f2cc55208e59a3c73dc0d71"], "path": "%System32%\\zjdkfht\\pysxpojf.exe (copy)"}], "ip": [{"hashes": ["01bc730c983b156f663b443386aa1717ea5b75fee667353d6f8eb94b807a4fa5", "02cc79deb0d9147c6b045a8cd5870f4d6aa6e9a366590e37aecb284b158d2108", "1330567011cf9ad12bd452d2c531adaa05a741c33f2cc55208e59a3c73dc0d71", "17c2717faf577d5bf0b8360b0e533a3110040540bccbd5f50d46273ccb37d0f2", "2c0de19809e1468f47dfa13c48dd399303718aaa9c729876c19f0b6e9a95775f", "3902ea8038ef0c7f2359d0d5a4b32311d7c15462fd92bfabdf117dc713536551", "44a144f15f425f78e8a7ec02f7337f910dd037d4a5f93543670bdc7a38ae7db2", "561d67715daa821c53a02b429229c92f65193019368dc415473cdf56a8e9b6e1", "6586f0eb287a42f86d73eadef30b1602bd42281e8a84f6c564333bf367a83f22", "6b45453fd503798b371539999e5dcf2848a9ef920b5ec5f7d43064303230332c", "a1537bbc0fa6c311cc4b7c6c091950a9d8f645ce4fa85c7cff109eba83f793a4", "ab94da640caf5cf54f4237f0b703a1d2cba9535c5552c741a0ea8aea807c7d56", "c23bc966d837e5115b52d816c0ceb45e5b067fffdcf7eb3e2a8ae50b5507aae6", "c2cb4a0e5d4afee7de94869114d9dae658f494a3b65ddb5ca88effee97fb43f9", "fb54ad850f974dfe9062c59b48eddda53f3e6c431e9d6737dd90679efb4a2088"], "ip": "43[.]231[.]4[.]7"}, {"hashes": ["01bc730c983b156f663b443386aa1717ea5b75fee667353d6f8eb94b807a4fa5", "02cc79deb0d9147c6b045a8cd5870f4d6aa6e9a366590e37aecb284b158d2108", "1330567011cf9ad12bd452d2c531adaa05a741c33f2cc55208e59a3c73dc0d71", "17c2717faf577d5bf0b8360b0e533a3110040540bccbd5f50d46273ccb37d0f2", "2c0de19809e1468f47dfa13c48dd399303718aaa9c729876c19f0b6e9a95775f", "3902ea8038ef0c7f2359d0d5a4b32311d7c15462fd92bfabdf117dc713536551", "44a144f15f425f78e8a7ec02f7337f910dd037d4a5f93543670bdc7a38ae7db2", "561d67715daa821c53a02b429229c92f65193019368dc415473cdf56a8e9b6e1", "6586f0eb287a42f86d73eadef30b1602bd42281e8a84f6c564333bf367a83f22", "6b45453fd503798b371539999e5dcf2848a9ef920b5ec5f7d43064303230332c", "a1537bbc0fa6c311cc4b7c6c091950a9d8f645ce4fa85c7cff109eba83f793a4", "ab94da640caf5cf54f4237f0b703a1d2cba9535c5552c741a0ea8aea807c7d56", "c23bc966d837e5115b52d816c0ceb45e5b067fffdcf7eb3e2a8ae50b5507aae6", "c2cb4a0e5d4afee7de94869114d9dae658f494a3b65ddb5ca88effee97fb43f9", "fb54ad850f974dfe9062c59b48eddda53f3e6c431e9d6737dd90679efb4a2088"], "ip": "5[.]9[.]72[.]48"}, {"hashes": ["01bc730c983b156f663b443386aa1717ea5b75fee667353d6f8eb94b807a4fa5", "02cc79deb0d9147c6b045a8cd5870f4d6aa6e9a366590e37aecb284b158d2108", "1330567011cf9ad12bd452d2c531adaa05a741c33f2cc55208e59a3c73dc0d71", "17c2717faf577d5bf0b8360b0e533a3110040540bccbd5f50d46273ccb37d0f2", "2c0de19809e1468f47dfa13c48dd399303718aaa9c729876c19f0b6e9a95775f", "3902ea8038ef0c7f2359d0d5a4b32311d7c15462fd92bfabdf117dc713536551", "44a144f15f425f78e8a7ec02f7337f910dd037d4a5f93543670bdc7a38ae7db2", "561d67715daa821c53a02b429229c92f65193019368dc415473cdf56a8e9b6e1", "6586f0eb287a42f86d73eadef30b1602bd42281e8a84f6c564333bf367a83f22", "6b45453fd503798b371539999e5dcf2848a9ef920b5ec5f7d43064303230332c", "a1537bbc0fa6c311cc4b7c6c091950a9d8f645ce4fa85c7cff109eba83f793a4", "ab94da640caf5cf54f4237f0b703a1d2cba9535c5552c741a0ea8aea807c7d56", "c23bc966d837e5115b52d816c0ceb45e5b067fffdcf7eb3e2a8ae50b5507aae6", "c2cb4a0e5d4afee7de94869114d9dae658f494a3b65ddb5ca88effee97fb43f9", "fb54ad850f974dfe9062c59b48eddda53f3e6c431e9d6737dd90679efb4a2088"], "ip": "217[.]172[.]179[.]54"}, {"hashes": ["01bc730c983b156f663b443386aa1717ea5b75fee667353d6f8eb94b807a4fa5", "02cc79deb0d9147c6b045a8cd5870f4d6aa6e9a366590e37aecb284b158d2108", "1330567011cf9ad12bd452d2c531adaa05a741c33f2cc55208e59a3c73dc0d71", "17c2717faf577d5bf0b8360b0e533a3110040540bccbd5f50d46273ccb37d0f2", "2c0de19809e1468f47dfa13c48dd399303718aaa9c729876c19f0b6e9a95775f", "3902ea8038ef0c7f2359d0d5a4b32311d7c15462fd92bfabdf117dc713536551", "44a144f15f425f78e8a7ec02f7337f910dd037d4a5f93543670bdc7a38ae7db2", "561d67715daa821c53a02b429229c92f65193019368dc415473cdf56a8e9b6e1", "6586f0eb287a42f86d73eadef30b1602bd42281e8a84f6c564333bf367a83f22", "6b45453fd503798b371539999e5dcf2848a9ef920b5ec5f7d43064303230332c", "a1537bbc0fa6c311cc4b7c6c091950a9d8f645ce4fa85c7cff109eba83f793a4", "ab94da640caf5cf54f4237f0b703a1d2cba9535c5552c741a0ea8aea807c7d56", "c23bc966d837e5115b52d816c0ceb45e5b067fffdcf7eb3e2a8ae50b5507aae6", "c2cb4a0e5d4afee7de94869114d9dae658f494a3b65ddb5ca88effee97fb43f9", "fb54ad850f974dfe9062c59b48eddda53f3e6c431e9d6737dd90679efb4a2088"], "ip": "130[.]0[.]232[.]208"}, {"hashes": ["01bc730c983b156f663b443386aa1717ea5b75fee667353d6f8eb94b807a4fa5", "02cc79deb0d9147c6b045a8cd5870f4d6aa6e9a366590e37aecb284b158d2108", "1330567011cf9ad12bd452d2c531adaa05a741c33f2cc55208e59a3c73dc0d71", "17c2717faf577d5bf0b8360b0e533a3110040540bccbd5f50d46273ccb37d0f2", "2c0de19809e1468f47dfa13c48dd399303718aaa9c729876c19f0b6e9a95775f", "3902ea8038ef0c7f2359d0d5a4b32311d7c15462fd92bfabdf117dc713536551", "44a144f15f425f78e8a7ec02f7337f910dd037d4a5f93543670bdc7a38ae7db2", "561d67715daa821c53a02b429229c92f65193019368dc415473cdf56a8e9b6e1", "6586f0eb287a42f86d73eadef30b1602bd42281e8a84f6c564333bf367a83f22", "6b45453fd503798b371539999e5dcf2848a9ef920b5ec5f7d43064303230332c", "a1537bbc0fa6c311cc4b7c6c091950a9d8f645ce4fa85c7cff109eba83f793a4", "ab94da640caf5cf54f4237f0b703a1d2cba9535c5552c741a0ea8aea807c7d56", "c23bc966d837e5115b52d816c0ceb45e5b067fffdcf7eb3e2a8ae50b5507aae6", "c2cb4a0e5d4afee7de94869114d9dae658f494a3b65ddb5ca88effee97fb43f9", "fb54ad850f974dfe9062c59b48eddda53f3e6c431e9d6737dd90679efb4a2088"], "ip": "144[.]76[.]108[.]82"}, {"hashes": ["01bc730c983b156f663b443386aa1717ea5b75fee667353d6f8eb94b807a4fa5", "02cc79deb0d9147c6b045a8cd5870f4d6aa6e9a366590e37aecb284b158d2108", "1330567011cf9ad12bd452d2c531adaa05a741c33f2cc55208e59a3c73dc0d71", "17c2717faf577d5bf0b8360b0e533a3110040540bccbd5f50d46273ccb37d0f2", "2c0de19809e1468f47dfa13c48dd399303718aaa9c729876c19f0b6e9a95775f", "3902ea8038ef0c7f2359d0d5a4b32311d7c15462fd92bfabdf117dc713536551", "44a144f15f425f78e8a7ec02f7337f910dd037d4a5f93543670bdc7a38ae7db2", "561d67715daa821c53a02b429229c92f65193019368dc415473cdf56a8e9b6e1", "6586f0eb287a42f86d73eadef30b1602bd42281e8a84f6c564333bf367a83f22", "6b45453fd503798b371539999e5dcf2848a9ef920b5ec5f7d43064303230332c", "a1537bbc0fa6c311cc4b7c6c091950a9d8f645ce4fa85c7cff109eba83f793a4", "ab94da640caf5cf54f4237f0b703a1d2cba9535c5552c741a0ea8aea807c7d56", "c23bc966d837e5115b52d816c0ceb45e5b067fffdcf7eb3e2a8ae50b5507aae6", "c2cb4a0e5d4afee7de94869114d9dae658f494a3b65ddb5ca88effee97fb43f9", "fb54ad850f974dfe9062c59b48eddda53f3e6c431e9d6737dd90679efb4a2088"], "ip": "185[.]253[.]217[.]20"}, {"hashes": ["01bc730c983b156f663b443386aa1717ea5b75fee667353d6f8eb94b807a4fa5", "02cc79deb0d9147c6b045a8cd5870f4d6aa6e9a366590e37aecb284b158d2108", "1330567011cf9ad12bd452d2c531adaa05a741c33f2cc55208e59a3c73dc0d71", "17c2717faf577d5bf0b8360b0e533a3110040540bccbd5f50d46273ccb37d0f2", "2c0de19809e1468f47dfa13c48dd399303718aaa9c729876c19f0b6e9a95775f", "3902ea8038ef0c7f2359d0d5a4b32311d7c15462fd92bfabdf117dc713536551", "44a144f15f425f78e8a7ec02f7337f910dd037d4a5f93543670bdc7a38ae7db2", "561d67715daa821c53a02b429229c92f65193019368dc415473cdf56a8e9b6e1", "6586f0eb287a42f86d73eadef30b1602bd42281e8a84f6c564333bf367a83f22", "6b45453fd503798b371539999e5dcf2848a9ef920b5ec5f7d43064303230332c", "a1537bbc0fa6c311cc4b7c6c091950a9d8f645ce4fa85c7cff109eba83f793a4", "ab94da640caf5cf54f4237f0b703a1d2cba9535c5552c741a0ea8aea807c7d56", "c23bc966d837e5115b52d816c0ceb45e5b067fffdcf7eb3e2a8ae50b5507aae6", "c2cb4a0e5d4afee7de94869114d9dae658f494a3b65ddb5ca88effee97fb43f9", "fb54ad850f974dfe9062c59b48eddda53f3e6c431e9d6737dd90679efb4a2088"], "ip": "45[.]90[.]34[.]87"}, {"hashes": ["01bc730c983b156f663b443386aa1717ea5b75fee667353d6f8eb94b807a4fa5", "02cc79deb0d9147c6b045a8cd5870f4d6aa6e9a366590e37aecb284b158d2108", "1330567011cf9ad12bd452d2c531adaa05a741c33f2cc55208e59a3c73dc0d71", "17c2717faf577d5bf0b8360b0e533a3110040540bccbd5f50d46273ccb37d0f2", "2c0de19809e1468f47dfa13c48dd399303718aaa9c729876c19f0b6e9a95775f", "3902ea8038ef0c7f2359d0d5a4b32311d7c15462fd92bfabdf117dc713536551", "44a144f15f425f78e8a7ec02f7337f910dd037d4a5f93543670bdc7a38ae7db2", "561d67715daa821c53a02b429229c92f65193019368dc415473cdf56a8e9b6e1", "6586f0eb287a42f86d73eadef30b1602bd42281e8a84f6c564333bf367a83f22", "6b45453fd503798b371539999e5dcf2848a9ef920b5ec5f7d43064303230332c", "a1537bbc0fa6c311cc4b7c6c091950a9d8f645ce4fa85c7cff109eba83f793a4", "ab94da640caf5cf54f4237f0b703a1d2cba9535c5552c741a0ea8aea807c7d56", "c23bc966d837e5115b52d816c0ceb45e5b067fffdcf7eb3e2a8ae50b5507aae6", "c2cb4a0e5d4afee7de94869114d9dae658f494a3b65ddb5ca88effee97fb43f9", "fb54ad850f974dfe9062c59b48eddda53f3e6c431e9d6737dd90679efb4a2088"], "ip": "185[.]254[.]190[.]218"}, {"hashes": ["01bc730c983b156f663b443386aa1717ea5b75fee667353d6f8eb94b807a4fa5", "02cc79deb0d9147c6b045a8cd5870f4d6aa6e9a366590e37aecb284b158d2108", "1330567011cf9ad12bd452d2c531adaa05a741c33f2cc55208e59a3c73dc0d71", "17c2717faf577d5bf0b8360b0e533a3110040540bccbd5f50d46273ccb37d0f2", "2c0de19809e1468f47dfa13c48dd399303718aaa9c729876c19f0b6e9a95775f", "3902ea8038ef0c7f2359d0d5a4b32311d7c15462fd92bfabdf117dc713536551", "44a144f15f425f78e8a7ec02f7337f910dd037d4a5f93543670bdc7a38ae7db2", "561d67715daa821c53a02b429229c92f65193019368dc415473cdf56a8e9b6e1", "6586f0eb287a42f86d73eadef30b1602bd42281e8a84f6c564333bf367a83f22", "6b45453fd503798b371539999e5dcf2848a9ef920b5ec5f7d43064303230332c", "a1537bbc0fa6c311cc4b7c6c091950a9d8f645ce4fa85c7cff109eba83f793a4", "ab94da640caf5cf54f4237f0b703a1d2cba9535c5552c741a0ea8aea807c7d56", "c23bc966d837e5115b52d816c0ceb45e5b067fffdcf7eb3e2a8ae50b5507aae6", "c2cb4a0e5d4afee7de94869114d9dae658f494a3b65ddb5ca88effee97fb43f9", "fb54ad850f974dfe9062c59b48eddda53f3e6c431e9d6737dd90679efb4a2088"], "ip": "176[.]9[.]119[.]47"}, {"hashes": ["01bc730c983b156f663b443386aa1717ea5b75fee667353d6f8eb94b807a4fa5", "02cc79deb0d9147c6b045a8cd5870f4d6aa6e9a366590e37aecb284b158d2108", "1330567011cf9ad12bd452d2c531adaa05a741c33f2cc55208e59a3c73dc0d71", "17c2717faf577d5bf0b8360b0e533a3110040540bccbd5f50d46273ccb37d0f2", "3902ea8038ef0c7f2359d0d5a4b32311d7c15462fd92bfabdf117dc713536551", "44a144f15f425f78e8a7ec02f7337f910dd037d4a5f93543670bdc7a38ae7db2", "561d67715daa821c53a02b429229c92f65193019368dc415473cdf56a8e9b6e1", "6586f0eb287a42f86d73eadef30b1602bd42281e8a84f6c564333bf367a83f22", "6b45453fd503798b371539999e5dcf2848a9ef920b5ec5f7d43064303230332c", "a1537bbc0fa6c311cc4b7c6c091950a9d8f645ce4fa85c7cff109eba83f793a4", "c23bc966d837e5115b52d816c0ceb45e5b067fffdcf7eb3e2a8ae50b5507aae6", "c2cb4a0e5d4afee7de94869114d9dae658f494a3b65ddb5ca88effee97fb43f9", "fb54ad850f974dfe9062c59b48eddda53f3e6c431e9d6737dd90679efb4a2088"], "ip": "172[.]217[.]197[.]106"}, {"hashes": ["01bc730c983b156f663b443386aa1717ea5b75fee667353d6f8eb94b807a4fa5", "1330567011cf9ad12bd452d2c531adaa05a741c33f2cc55208e59a3c73dc0d71", "17c2717faf577d5bf0b8360b0e533a3110040540bccbd5f50d46273ccb37d0f2", "3902ea8038ef0c7f2359d0d5a4b32311d7c15462fd92bfabdf117dc713536551", "44a144f15f425f78e8a7ec02f7337f910dd037d4a5f93543670bdc7a38ae7db2", "561d67715daa821c53a02b429229c92f65193019368dc415473cdf56a8e9b6e1", "6586f0eb287a42f86d73eadef30b1602bd42281e8a84f6c564333bf367a83f22", "6b45453fd503798b371539999e5dcf2848a9ef920b5ec5f7d43064303230332c", "a1537bbc0fa6c311cc4b7c6c091950a9d8f645ce4fa85c7cff109eba83f793a4", "ab94da640caf5cf54f4237f0b703a1d2cba9535c5552c741a0ea8aea807c7d56", "c23bc966d837e5115b52d816c0ceb45e5b067fffdcf7eb3e2a8ae50b5507aae6", "c2cb4a0e5d4afee7de94869114d9dae658f494a3b65ddb5ca88effee97fb43f9", "fb54ad850f974dfe9062c59b48eddda53f3e6c431e9d6737dd90679efb4a2088"], "ip": "172[.]217[.]197[.]147"}, {"hashes": ["01bc730c983b156f663b443386aa1717ea5b75fee667353d6f8eb94b807a4fa5", "1330567011cf9ad12bd452d2c531adaa05a741c33f2cc55208e59a3c73dc0d71", "17c2717faf577d5bf0b8360b0e533a3110040540bccbd5f50d46273ccb37d0f2", "3902ea8038ef0c7f2359d0d5a4b32311d7c15462fd92bfabdf117dc713536551", "44a144f15f425f78e8a7ec02f7337f910dd037d4a5f93543670bdc7a38ae7db2", "561d67715daa821c53a02b429229c92f65193019368dc415473cdf56a8e9b6e1", "6586f0eb287a42f86d73eadef30b1602bd42281e8a84f6c564333bf367a83f22", "6b45453fd503798b371539999e5dcf2848a9ef920b5ec5f7d43064303230332c", "ab94da640caf5cf54f4237f0b703a1d2cba9535c5552c741a0ea8aea807c7d56", "c23bc966d837e5115b52d816c0ceb45e5b067fffdcf7eb3e2a8ae50b5507aae6", "c2cb4a0e5d4afee7de94869114d9dae658f494a3b65ddb5ca88effee97fb43f9", "fb54ad850f974dfe9062c59b48eddda53f3e6c431e9d6737dd90679efb4a2088"], "ip": "172[.]217[.]197[.]99"}, {"hashes": ["01bc730c983b156f663b443386aa1717ea5b75fee667353d6f8eb94b807a4fa5", "02cc79deb0d9147c6b045a8cd5870f4d6aa6e9a366590e37aecb284b158d2108", "17c2717faf577d5bf0b8360b0e533a3110040540bccbd5f50d46273ccb37d0f2", "3902ea8038ef0c7f2359d0d5a4b32311d7c15462fd92bfabdf117dc713536551", "44a144f15f425f78e8a7ec02f7337f910dd037d4a5f93543670bdc7a38ae7db2", "6586f0eb287a42f86d73eadef30b1602bd42281e8a84f6c564333bf367a83f22", "6b45453fd503798b371539999e5dcf2848a9ef920b5ec5f7d43064303230332c", "a1537bbc0fa6c311cc4b7c6c091950a9d8f645ce4fa85c7cff109eba83f793a4", "ab94da640caf5cf54f4237f0b703a1d2cba9535c5552c741a0ea8aea807c7d56", "c23bc966d837e5115b52d816c0ceb45e5b067fffdcf7eb3e2a8ae50b5507aae6", "c2cb4a0e5d4afee7de94869114d9dae658f494a3b65ddb5ca88effee97fb43f9"], "ip": "157[.]240[.]2[.]174"}, {"hashes": ["02cc79deb0d9147c6b045a8cd5870f4d6aa6e9a366590e37aecb284b158d2108", "1330567011cf9ad12bd452d2c531adaa05a741c33f2cc55208e59a3c73dc0d71", "17c2717faf577d5bf0b8360b0e533a3110040540bccbd5f50d46273ccb37d0f2", "3902ea8038ef0c7f2359d0d5a4b32311d7c15462fd92bfabdf117dc713536551", "561d67715daa821c53a02b429229c92f65193019368dc415473cdf56a8e9b6e1", "6586f0eb287a42f86d73eadef30b1602bd42281e8a84f6c564333bf367a83f22", "6b45453fd503798b371539999e5dcf2848a9ef920b5ec5f7d43064303230332c", "a1537bbc0fa6c311cc4b7c6c091950a9d8f645ce4fa85c7cff109eba83f793a4", "ab94da640caf5cf54f4237f0b703a1d2cba9535c5552c741a0ea8aea807c7d56", "c23bc966d837e5115b52d816c0ceb45e5b067fffdcf7eb3e2a8ae50b5507aae6", "c2cb4a0e5d4afee7de94869114d9dae658f494a3b65ddb5ca88effee97fb43f9"], "ip": "172[.]217[.]197[.]103"}, {"hashes": ["01bc730c983b156f663b443386aa1717ea5b75fee667353d6f8eb94b807a4fa5", "1330567011cf9ad12bd452d2c531adaa05a741c33f2cc55208e59a3c73dc0d71", "3902ea8038ef0c7f2359d0d5a4b32311d7c15462fd92bfabdf117dc713536551", "44a144f15f425f78e8a7ec02f7337f910dd037d4a5f93543670bdc7a38ae7db2", "a1537bbc0fa6c311cc4b7c6c091950a9d8f645ce4fa85c7cff109eba83f793a4", "fb54ad850f974dfe9062c59b48eddda53f3e6c431e9d6737dd90679efb4a2088"], "ip": "104[.]47[.]126[.]33"}, {"hashes": ["01bc730c983b156f663b443386aa1717ea5b75fee667353d6f8eb94b807a4fa5", "3902ea8038ef0c7f2359d0d5a4b32311d7c15462fd92bfabdf117dc713536551", "561d67715daa821c53a02b429229c92f65193019368dc415473cdf56a8e9b6e1", "6586f0eb287a42f86d73eadef30b1602bd42281e8a84f6c564333bf367a83f22", "a1537bbc0fa6c311cc4b7c6c091950a9d8f645ce4fa85c7cff109eba83f793a4", "fb54ad850f974dfe9062c59b48eddda53f3e6c431e9d6737dd90679efb4a2088"], "ip": "87[.]250[.]250[.]22"}, {"hashes": ["01bc730c983b156f663b443386aa1717ea5b75fee667353d6f8eb94b807a4fa5", "1330567011cf9ad12bd452d2c531adaa05a741c33f2cc55208e59a3c73dc0d71", "2c0de19809e1468f47dfa13c48dd399303718aaa9c729876c19f0b6e9a95775f", "3902ea8038ef0c7f2359d0d5a4b32311d7c15462fd92bfabdf117dc713536551", "a1537bbc0fa6c311cc4b7c6c091950a9d8f645ce4fa85c7cff109eba83f793a4", "fb54ad850f974dfe9062c59b48eddda53f3e6c431e9d6737dd90679efb4a2088"], "ip": "98[.]136[.]96[.]92/31"}, {"hashes": ["17c2717faf577d5bf0b8360b0e533a3110040540bccbd5f50d46273ccb37d0f2", "6b45453fd503798b371539999e5dcf2848a9ef920b5ec5f7d43064303230332c", "ab94da640caf5cf54f4237f0b703a1d2cba9535c5552c741a0ea8aea807c7d56", "c23bc966d837e5115b52d816c0ceb45e5b067fffdcf7eb3e2a8ae50b5507aae6", "fb54ad850f974dfe9062c59b48eddda53f3e6c431e9d6737dd90679efb4a2088"], "ip": "173[.]194[.]66[.]94"}, {"hashes": ["01bc730c983b156f663b443386aa1717ea5b75fee667353d6f8eb94b807a4fa5", "3902ea8038ef0c7f2359d0d5a4b32311d7c15462fd92bfabdf117dc713536551", "44a144f15f425f78e8a7ec02f7337f910dd037d4a5f93543670bdc7a38ae7db2", "a1537bbc0fa6c311cc4b7c6c091950a9d8f645ce4fa85c7cff109eba83f793a4", "fb54ad850f974dfe9062c59b48eddda53f3e6c431e9d6737dd90679efb4a2088"], "ip": "67[.]195[.]228[.]106"}, {"hashes": ["01bc730c983b156f663b443386aa1717ea5b75fee667353d6f8eb94b807a4fa5", "2c0de19809e1468f47dfa13c48dd399303718aaa9c729876c19f0b6e9a95775f", "3902ea8038ef0c7f2359d0d5a4b32311d7c15462fd92bfabdf117dc713536551", "44a144f15f425f78e8a7ec02f7337f910dd037d4a5f93543670bdc7a38ae7db2", "a1537bbc0fa6c311cc4b7c6c091950a9d8f645ce4fa85c7cff109eba83f793a4"], "ip": "188[.]125[.]72[.]74"}, {"hashes": ["01bc730c983b156f663b443386aa1717ea5b75fee667353d6f8eb94b807a4fa5", "1330567011cf9ad12bd452d2c531adaa05a741c33f2cc55208e59a3c73dc0d71", "561d67715daa821c53a02b429229c92f65193019368dc415473cdf56a8e9b6e1", "ab94da640caf5cf54f4237f0b703a1d2cba9535c5552c741a0ea8aea807c7d56", "c23bc966d837e5115b52d816c0ceb45e5b067fffdcf7eb3e2a8ae50b5507aae6"], "ip": "37[.]1[.]217[.]172"}, {"hashes": ["01bc730c983b156f663b443386aa1717ea5b75fee667353d6f8eb94b807a4fa5", "3902ea8038ef0c7f2359d0d5a4b32311d7c15462fd92bfabdf117dc713536551", "a1537bbc0fa6c311cc4b7c6c091950a9d8f645ce4fa85c7cff109eba83f793a4", "fb54ad850f974dfe9062c59b48eddda53f3e6c431e9d6737dd90679efb4a2088"], "ip": "66[.]102[.]1[.]26"}, {"hashes": ["01bc730c983b156f663b443386aa1717ea5b75fee667353d6f8eb94b807a4fa5", "1330567011cf9ad12bd452d2c531adaa05a741c33f2cc55208e59a3c73dc0d71", "2c0de19809e1468f47dfa13c48dd399303718aaa9c729876c19f0b6e9a95775f", "3902ea8038ef0c7f2359d0d5a4b32311d7c15462fd92bfabdf117dc713536551"], "ip": "188[.]125[.]72[.]73"}, {"hashes": ["01bc730c983b156f663b443386aa1717ea5b75fee667353d6f8eb94b807a4fa5", "2c0de19809e1468f47dfa13c48dd399303718aaa9c729876c19f0b6e9a95775f", "3902ea8038ef0c7f2359d0d5a4b32311d7c15462fd92bfabdf117dc713536551", "a1537bbc0fa6c311cc4b7c6c091950a9d8f645ce4fa85c7cff109eba83f793a4"], "ip": "47[.]43[.]26[.]7"}, {"hashes": ["01bc730c983b156f663b443386aa1717ea5b75fee667353d6f8eb94b807a4fa5", "2c0de19809e1468f47dfa13c48dd399303718aaa9c729876c19f0b6e9a95775f", "3902ea8038ef0c7f2359d0d5a4b32311d7c15462fd92bfabdf117dc713536551", "a1537bbc0fa6c311cc4b7c6c091950a9d8f645ce4fa85c7cff109eba83f793a4"], "ip": "142[.]250[.]4[.]26"}, {"hashes": ["1330567011cf9ad12bd452d2c531adaa05a741c33f2cc55208e59a3c73dc0d71", "44a144f15f425f78e8a7ec02f7337f910dd037d4a5f93543670bdc7a38ae7db2", "561d67715daa821c53a02b429229c92f65193019368dc415473cdf56a8e9b6e1", "fb54ad850f974dfe9062c59b48eddda53f3e6c431e9d6737dd90679efb4a2088"], "ip": "216[.]239[.]36[.]126"}, {"hashes": ["44a144f15f425f78e8a7ec02f7337f910dd037d4a5f93543670bdc7a38ae7db2", "6586f0eb287a42f86d73eadef30b1602bd42281e8a84f6c564333bf367a83f22", "6b45453fd503798b371539999e5dcf2848a9ef920b5ec5f7d43064303230332c", "a1537bbc0fa6c311cc4b7c6c091950a9d8f645ce4fa85c7cff109eba83f793a4"], "ip": "172[.]217[.]197[.]104/31"}, {"hashes": ["01bc730c983b156f663b443386aa1717ea5b75fee667353d6f8eb94b807a4fa5", "3902ea8038ef0c7f2359d0d5a4b32311d7c15462fd92bfabdf117dc713536551", "a1537bbc0fa6c311cc4b7c6c091950a9d8f645ce4fa85c7cff109eba83f793a4"], "ip": "96[.]114[.]157[.]80"}, {"hashes": ["01bc730c983b156f663b443386aa1717ea5b75fee667353d6f8eb94b807a4fa5", "2c0de19809e1468f47dfa13c48dd399303718aaa9c729876c19f0b6e9a95775f", "a1537bbc0fa6c311cc4b7c6c091950a9d8f645ce4fa85c7cff109eba83f793a4"], "ip": "203[.]36[.]137[.]234"}, {"hashes": ["01bc730c983b156f663b443386aa1717ea5b75fee667353d6f8eb94b807a4fa5", "3902ea8038ef0c7f2359d0d5a4b32311d7c15462fd92bfabdf117dc713536551", "fb54ad850f974dfe9062c59b48eddda53f3e6c431e9d6737dd90679efb4a2088"], "ip": "82[.]57[.]200[.]133"}, {"hashes": ["3902ea8038ef0c7f2359d0d5a4b32311d7c15462fd92bfabdf117dc713536551", "a1537bbc0fa6c311cc4b7c6c091950a9d8f645ce4fa85c7cff109eba83f793a4", "fb54ad850f974dfe9062c59b48eddda53f3e6c431e9d6737dd90679efb4a2088"], "ip": "203[.]36[.]172[.]106"}, {"hashes": ["01bc730c983b156f663b443386aa1717ea5b75fee667353d6f8eb94b807a4fa5", "3902ea8038ef0c7f2359d0d5a4b32311d7c15462fd92bfabdf117dc713536551", "44a144f15f425f78e8a7ec02f7337f910dd037d4a5f93543670bdc7a38ae7db2"], "ip": "212[.]227[.]15[.]17"}, {"hashes": ["01bc730c983b156f663b443386aa1717ea5b75fee667353d6f8eb94b807a4fa5", "44a144f15f425f78e8a7ec02f7337f910dd037d4a5f93543670bdc7a38ae7db2", "fb54ad850f974dfe9062c59b48eddda53f3e6c431e9d6737dd90679efb4a2088"], "ip": "212[.]227[.]15[.]9"}, {"hashes": ["01bc730c983b156f663b443386aa1717ea5b75fee667353d6f8eb94b807a4fa5", "44a144f15f425f78e8a7ec02f7337f910dd037d4a5f93543670bdc7a38ae7db2", "a1537bbc0fa6c311cc4b7c6c091950a9d8f645ce4fa85c7cff109eba83f793a4"], "ip": "47[.]43[.]18[.]9"}, {"hashes": ["01bc730c983b156f663b443386aa1717ea5b75fee667353d6f8eb94b807a4fa5", "1330567011cf9ad12bd452d2c531adaa05a741c33f2cc55208e59a3c73dc0d71", "a1537bbc0fa6c311cc4b7c6c091950a9d8f645ce4fa85c7cff109eba83f793a4"], "ip": "212[.]227[.]17[.]8"}, {"hashes": ["02cc79deb0d9147c6b045a8cd5870f4d6aa6e9a366590e37aecb284b158d2108", "1330567011cf9ad12bd452d2c531adaa05a741c33f2cc55208e59a3c73dc0d71", "3902ea8038ef0c7f2359d0d5a4b32311d7c15462fd92bfabdf117dc713536551"], "ip": "172[.]217[.]197[.]94"}, {"hashes": ["01bc730c983b156f663b443386aa1717ea5b75fee667353d6f8eb94b807a4fa5", "6b45453fd503798b371539999e5dcf2848a9ef920b5ec5f7d43064303230332c", "a1537bbc0fa6c311cc4b7c6c091950a9d8f645ce4fa85c7cff109eba83f793a4"], "ip": "209[.]85[.]202[.]26/31"}, {"hashes": ["3902ea8038ef0c7f2359d0d5a4b32311d7c15462fd92bfabdf117dc713536551", "a1537bbc0fa6c311cc4b7c6c091950a9d8f645ce4fa85c7cff109eba83f793a4", "fb54ad850f974dfe9062c59b48eddda53f3e6c431e9d6737dd90679efb4a2088"], "ip": "194[.]25[.]134[.]8/31"}, {"hashes": ["1330567011cf9ad12bd452d2c531adaa05a741c33f2cc55208e59a3c73dc0d71", "44a144f15f425f78e8a7ec02f7337f910dd037d4a5f93543670bdc7a38ae7db2", "c23bc966d837e5115b52d816c0ceb45e5b067fffdcf7eb3e2a8ae50b5507aae6"], "ip": "104[.]47[.]58[.]161"}, {"hashes": ["01bc730c983b156f663b443386aa1717ea5b75fee667353d6f8eb94b807a4fa5", "3902ea8038ef0c7f2359d0d5a4b32311d7c15462fd92bfabdf117dc713536551", "a1537bbc0fa6c311cc4b7c6c091950a9d8f645ce4fa85c7cff109eba83f793a4"], "ip": "104[.]47[.]55[.]161"}, {"hashes": ["01bc730c983b156f663b443386aa1717ea5b75fee667353d6f8eb94b807a4fa5", "44a144f15f425f78e8a7ec02f7337f910dd037d4a5f93543670bdc7a38ae7db2", "a1537bbc0fa6c311cc4b7c6c091950a9d8f645ce4fa85c7cff109eba83f793a4"], "ip": "104[.]47[.]59[.]161"}, {"hashes": ["01bc730c983b156f663b443386aa1717ea5b75fee667353d6f8eb94b807a4fa5", "2c0de19809e1468f47dfa13c48dd399303718aaa9c729876c19f0b6e9a95775f", "3902ea8038ef0c7f2359d0d5a4b32311d7c15462fd92bfabdf117dc713536551"], "ip": "98[.]136[.]96[.]76/31"}, {"hashes": ["2c0de19809e1468f47dfa13c48dd399303718aaa9c729876c19f0b6e9a95775f", "44a144f15f425f78e8a7ec02f7337f910dd037d4a5f93543670bdc7a38ae7db2", "fb54ad850f974dfe9062c59b48eddda53f3e6c431e9d6737dd90679efb4a2088"], "ip": "108[.]177[.]97[.]26"}, {"hashes": ["17c2717faf577d5bf0b8360b0e533a3110040540bccbd5f50d46273ccb37d0f2", "a1537bbc0fa6c311cc4b7c6c091950a9d8f645ce4fa85c7cff109eba83f793a4", "ab94da640caf5cf54f4237f0b703a1d2cba9535c5552c741a0ea8aea807c7d56"], "ip": "163[.]172[.]32[.]74"}, {"hashes": ["01bc730c983b156f663b443386aa1717ea5b75fee667353d6f8eb94b807a4fa5", "1330567011cf9ad12bd452d2c531adaa05a741c33f2cc55208e59a3c73dc0d71", "fb54ad850f974dfe9062c59b48eddda53f3e6c431e9d6737dd90679efb4a2088"], "ip": "104[.]47[.]18[.]161"}, {"hashes": ["01bc730c983b156f663b443386aa1717ea5b75fee667353d6f8eb94b807a4fa5", "3902ea8038ef0c7f2359d0d5a4b32311d7c15462fd92bfabdf117dc713536551", "fb54ad850f974dfe9062c59b48eddda53f3e6c431e9d6737dd90679efb4a2088"], "ip": "51[.]81[.]57[.]58/31"}, {"hashes": ["01bc730c983b156f663b443386aa1717ea5b75fee667353d6f8eb94b807a4fa5", "1330567011cf9ad12bd452d2c531adaa05a741c33f2cc55208e59a3c73dc0d71", "3902ea8038ef0c7f2359d0d5a4b32311d7c15462fd92bfabdf117dc713536551"], "ip": "142[.]250[.]147[.]26"}, {"hashes": ["2c0de19809e1468f47dfa13c48dd399303718aaa9c729876c19f0b6e9a95775f", "3902ea8038ef0c7f2359d0d5a4b32311d7c15462fd92bfabdf117dc713536551"], "ip": "67[.]195[.]228[.]110/31"}, {"hashes": ["2c0de19809e1468f47dfa13c48dd399303718aaa9c729876c19f0b6e9a95775f", "fb54ad850f974dfe9062c59b48eddda53f3e6c431e9d6737dd90679efb4a2088"], "ip": "67[.]195[.]204[.]72/30"}, {"hashes": ["fb54ad850f974dfe9062c59b48eddda53f3e6c431e9d6737dd90679efb4a2088"], "ip": "98[.]136[.]96[.]74/31"}], "mutex": [], "registry": [{"hashes": ["01bc730c983b156f663b443386aa1717ea5b75fee667353d6f8eb94b807a4fa5", "02cc79deb0d9147c6b045a8cd5870f4d6aa6e9a366590e37aecb284b158d2108", "1330567011cf9ad12bd452d2c531adaa05a741c33f2cc55208e59a3c73dc0d71", "17c2717faf577d5bf0b8360b0e533a3110040540bccbd5f50d46273ccb37d0f2", "25b5a8d1aacbc2d8a880c736fee04297eb304ef8f4f74a498cf986f4ccb15ff1", "2c0de19809e1468f47dfa13c48dd399303718aaa9c729876c19f0b6e9a95775f", "3902ea8038ef0c7f2359d0d5a4b32311d7c15462fd92bfabdf117dc713536551", "44a144f15f425f78e8a7ec02f7337f910dd037d4a5f93543670bdc7a38ae7db2", "4a4f9f05c67838ca6d55fb14b2313565216077b314f901622ef1ca8a3f7efb0e", "561d67715daa821c53a02b429229c92f65193019368dc415473cdf56a8e9b6e1", "6586f0eb287a42f86d73eadef30b1602bd42281e8a84f6c564333bf367a83f22", "6b45453fd503798b371539999e5dcf2848a9ef920b5ec5f7d43064303230332c", "a1537bbc0fa6c311cc4b7c6c091950a9d8f645ce4fa85c7cff109eba83f793a4", "ab94da640caf5cf54f4237f0b703a1d2cba9535c5552c741a0ea8aea807c7d56", "c23bc966d837e5115b52d816c0ceb45e5b067fffdcf7eb3e2a8ae50b5507aae6", "c2cb4a0e5d4afee7de94869114d9dae658f494a3b65ddb5ca88effee97fb43f9"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\<random, matching '[A-Z0-9]{8}'>", "value_name": "Type"}, {"hashes": ["01bc730c983b156f663b443386aa1717ea5b75fee667353d6f8eb94b807a4fa5", "02cc79deb0d9147c6b045a8cd5870f4d6aa6e9a366590e37aecb284b158d2108", "1330567011cf9ad12bd452d2c531adaa05a741c33f2cc55208e59a3c73dc0d71", "17c2717faf577d5bf0b8360b0e533a3110040540bccbd5f50d46273ccb37d0f2", "25b5a8d1aacbc2d8a880c736fee04297eb304ef8f4f74a498cf986f4ccb15ff1", "2c0de19809e1468f47dfa13c48dd399303718aaa9c729876c19f0b6e9a95775f", "3902ea8038ef0c7f2359d0d5a4b32311d7c15462fd92bfabdf117dc713536551", "44a144f15f425f78e8a7ec02f7337f910dd037d4a5f93543670bdc7a38ae7db2", "4a4f9f05c67838ca6d55fb14b2313565216077b314f901622ef1ca8a3f7efb0e", "561d67715daa821c53a02b429229c92f65193019368dc415473cdf56a8e9b6e1", "6586f0eb287a42f86d73eadef30b1602bd42281e8a84f6c564333bf367a83f22", "6b45453fd503798b371539999e5dcf2848a9ef920b5ec5f7d43064303230332c", "a1537bbc0fa6c311cc4b7c6c091950a9d8f645ce4fa85c7cff109eba83f793a4", "ab94da640caf5cf54f4237f0b703a1d2cba9535c5552c741a0ea8aea807c7d56", "c23bc966d837e5115b52d816c0ceb45e5b067fffdcf7eb3e2a8ae50b5507aae6", "c2cb4a0e5d4afee7de94869114d9dae658f494a3b65ddb5ca88effee97fb43f9"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\<random, matching '[A-Z0-9]{8}'>", "value_name": "Start"}, {"hashes": ["01bc730c983b156f663b443386aa1717ea5b75fee667353d6f8eb94b807a4fa5", "02cc79deb0d9147c6b045a8cd5870f4d6aa6e9a366590e37aecb284b158d2108", "1330567011cf9ad12bd452d2c531adaa05a741c33f2cc55208e59a3c73dc0d71", "17c2717faf577d5bf0b8360b0e533a3110040540bccbd5f50d46273ccb37d0f2", "25b5a8d1aacbc2d8a880c736fee04297eb304ef8f4f74a498cf986f4ccb15ff1", "2c0de19809e1468f47dfa13c48dd399303718aaa9c729876c19f0b6e9a95775f", "3902ea8038ef0c7f2359d0d5a4b32311d7c15462fd92bfabdf117dc713536551", "44a144f15f425f78e8a7ec02f7337f910dd037d4a5f93543670bdc7a38ae7db2", "4a4f9f05c67838ca6d55fb14b2313565216077b314f901622ef1ca8a3f7efb0e", "561d67715daa821c53a02b429229c92f65193019368dc415473cdf56a8e9b6e1", "6586f0eb287a42f86d73eadef30b1602bd42281e8a84f6c564333bf367a83f22", "6b45453fd503798b371539999e5dcf2848a9ef920b5ec5f7d43064303230332c", "a1537bbc0fa6c311cc4b7c6c091950a9d8f645ce4fa85c7cff109eba83f793a4", "ab94da640caf5cf54f4237f0b703a1d2cba9535c5552c741a0ea8aea807c7d56", "c23bc966d837e5115b52d816c0ceb45e5b067fffdcf7eb3e2a8ae50b5507aae6", "c2cb4a0e5d4afee7de94869114d9dae658f494a3b65ddb5ca88effee97fb43f9"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\<random, matching '[A-Z0-9]{8}'>", "value_name": "ErrorControl"}, {"hashes": ["01bc730c983b156f663b443386aa1717ea5b75fee667353d6f8eb94b807a4fa5", "02cc79deb0d9147c6b045a8cd5870f4d6aa6e9a366590e37aecb284b158d2108", "1330567011cf9ad12bd452d2c531adaa05a741c33f2cc55208e59a3c73dc0d71", "17c2717faf577d5bf0b8360b0e533a3110040540bccbd5f50d46273ccb37d0f2", "25b5a8d1aacbc2d8a880c736fee04297eb304ef8f4f74a498cf986f4ccb15ff1", "2c0de19809e1468f47dfa13c48dd399303718aaa9c729876c19f0b6e9a95775f", "3902ea8038ef0c7f2359d0d5a4b32311d7c15462fd92bfabdf117dc713536551", "44a144f15f425f78e8a7ec02f7337f910dd037d4a5f93543670bdc7a38ae7db2", "4a4f9f05c67838ca6d55fb14b2313565216077b314f901622ef1ca8a3f7efb0e", "561d67715daa821c53a02b429229c92f65193019368dc415473cdf56a8e9b6e1", "6586f0eb287a42f86d73eadef30b1602bd42281e8a84f6c564333bf367a83f22", "6b45453fd503798b371539999e5dcf2848a9ef920b5ec5f7d43064303230332c", "a1537bbc0fa6c311cc4b7c6c091950a9d8f645ce4fa85c7cff109eba83f793a4", "ab94da640caf5cf54f4237f0b703a1d2cba9535c5552c741a0ea8aea807c7d56", "c23bc966d837e5115b52d816c0ceb45e5b067fffdcf7eb3e2a8ae50b5507aae6", "c2cb4a0e5d4afee7de94869114d9dae658f494a3b65ddb5ca88effee97fb43f9"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\<random, matching '[A-Z0-9]{8}'>", "value_name": "DisplayName"}, {"hashes": ["01bc730c983b156f663b443386aa1717ea5b75fee667353d6f8eb94b807a4fa5", "02cc79deb0d9147c6b045a8cd5870f4d6aa6e9a366590e37aecb284b158d2108", "1330567011cf9ad12bd452d2c531adaa05a741c33f2cc55208e59a3c73dc0d71", "17c2717faf577d5bf0b8360b0e533a3110040540bccbd5f50d46273ccb37d0f2", "25b5a8d1aacbc2d8a880c736fee04297eb304ef8f4f74a498cf986f4ccb15ff1", "2c0de19809e1468f47dfa13c48dd399303718aaa9c729876c19f0b6e9a95775f", "3902ea8038ef0c7f2359d0d5a4b32311d7c15462fd92bfabdf117dc713536551", "44a144f15f425f78e8a7ec02f7337f910dd037d4a5f93543670bdc7a38ae7db2", "4a4f9f05c67838ca6d55fb14b2313565216077b314f901622ef1ca8a3f7efb0e", "561d67715daa821c53a02b429229c92f65193019368dc415473cdf56a8e9b6e1", "6586f0eb287a42f86d73eadef30b1602bd42281e8a84f6c564333bf367a83f22", "6b45453fd503798b371539999e5dcf2848a9ef920b5ec5f7d43064303230332c", "a1537bbc0fa6c311cc4b7c6c091950a9d8f645ce4fa85c7cff109eba83f793a4", "ab94da640caf5cf54f4237f0b703a1d2cba9535c5552c741a0ea8aea807c7d56", "c23bc966d837e5115b52d816c0ceb45e5b067fffdcf7eb3e2a8ae50b5507aae6", "c2cb4a0e5d4afee7de94869114d9dae658f494a3b65ddb5ca88effee97fb43f9"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\<random, matching '[A-Z0-9]{8}'>", "value_name": "WOW64"}, {"hashes": ["01bc730c983b156f663b443386aa1717ea5b75fee667353d6f8eb94b807a4fa5", "02cc79deb0d9147c6b045a8cd5870f4d6aa6e9a366590e37aecb284b158d2108", "1330567011cf9ad12bd452d2c531adaa05a741c33f2cc55208e59a3c73dc0d71", "17c2717faf577d5bf0b8360b0e533a3110040540bccbd5f50d46273ccb37d0f2", "25b5a8d1aacbc2d8a880c736fee04297eb304ef8f4f74a498cf986f4ccb15ff1", "2c0de19809e1468f47dfa13c48dd399303718aaa9c729876c19f0b6e9a95775f", "3902ea8038ef0c7f2359d0d5a4b32311d7c15462fd92bfabdf117dc713536551", "44a144f15f425f78e8a7ec02f7337f910dd037d4a5f93543670bdc7a38ae7db2", "4a4f9f05c67838ca6d55fb14b2313565216077b314f901622ef1ca8a3f7efb0e", "561d67715daa821c53a02b429229c92f65193019368dc415473cdf56a8e9b6e1", "6586f0eb287a42f86d73eadef30b1602bd42281e8a84f6c564333bf367a83f22", "6b45453fd503798b371539999e5dcf2848a9ef920b5ec5f7d43064303230332c", "a1537bbc0fa6c311cc4b7c6c091950a9d8f645ce4fa85c7cff109eba83f793a4", "ab94da640caf5cf54f4237f0b703a1d2cba9535c5552c741a0ea8aea807c7d56", "c23bc966d837e5115b52d816c0ceb45e5b067fffdcf7eb3e2a8ae50b5507aae6", "c2cb4a0e5d4afee7de94869114d9dae658f494a3b65ddb5ca88effee97fb43f9"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\<random, matching '[A-Z0-9]{8}'>", "value_name": "ObjectName"}, {"hashes": ["01bc730c983b156f663b443386aa1717ea5b75fee667353d6f8eb94b807a4fa5", "02cc79deb0d9147c6b045a8cd5870f4d6aa6e9a366590e37aecb284b158d2108", "1330567011cf9ad12bd452d2c531adaa05a741c33f2cc55208e59a3c73dc0d71", "17c2717faf577d5bf0b8360b0e533a3110040540bccbd5f50d46273ccb37d0f2", "25b5a8d1aacbc2d8a880c736fee04297eb304ef8f4f74a498cf986f4ccb15ff1", "2c0de19809e1468f47dfa13c48dd399303718aaa9c729876c19f0b6e9a95775f", "3902ea8038ef0c7f2359d0d5a4b32311d7c15462fd92bfabdf117dc713536551", "44a144f15f425f78e8a7ec02f7337f910dd037d4a5f93543670bdc7a38ae7db2", "4a4f9f05c67838ca6d55fb14b2313565216077b314f901622ef1ca8a3f7efb0e", "561d67715daa821c53a02b429229c92f65193019368dc415473cdf56a8e9b6e1", "6586f0eb287a42f86d73eadef30b1602bd42281e8a84f6c564333bf367a83f22", "6b45453fd503798b371539999e5dcf2848a9ef920b5ec5f7d43064303230332c", "a1537bbc0fa6c311cc4b7c6c091950a9d8f645ce4fa85c7cff109eba83f793a4", "ab94da640caf5cf54f4237f0b703a1d2cba9535c5552c741a0ea8aea807c7d56", "c23bc966d837e5115b52d816c0ceb45e5b067fffdcf7eb3e2a8ae50b5507aae6", "c2cb4a0e5d4afee7de94869114d9dae658f494a3b65ddb5ca88effee97fb43f9"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\<random, matching '[A-Z0-9]{8}'>", "value_name": "Description"}, {"hashes": ["01bc730c983b156f663b443386aa1717ea5b75fee667353d6f8eb94b807a4fa5", "02cc79deb0d9147c6b045a8cd5870f4d6aa6e9a366590e37aecb284b158d2108", "1330567011cf9ad12bd452d2c531adaa05a741c33f2cc55208e59a3c73dc0d71", "17c2717faf577d5bf0b8360b0e533a3110040540bccbd5f50d46273ccb37d0f2", "25b5a8d1aacbc2d8a880c736fee04297eb304ef8f4f74a498cf986f4ccb15ff1", "2c0de19809e1468f47dfa13c48dd399303718aaa9c729876c19f0b6e9a95775f", "3902ea8038ef0c7f2359d0d5a4b32311d7c15462fd92bfabdf117dc713536551", "44a144f15f425f78e8a7ec02f7337f910dd037d4a5f93543670bdc7a38ae7db2", "4a4f9f05c67838ca6d55fb14b2313565216077b314f901622ef1ca8a3f7efb0e", "561d67715daa821c53a02b429229c92f65193019368dc415473cdf56a8e9b6e1", "6586f0eb287a42f86d73eadef30b1602bd42281e8a84f6c564333bf367a83f22", "6b45453fd503798b371539999e5dcf2848a9ef920b5ec5f7d43064303230332c", "a1537bbc0fa6c311cc4b7c6c091950a9d8f645ce4fa85c7cff109eba83f793a4", "ab94da640caf5cf54f4237f0b703a1d2cba9535c5552c741a0ea8aea807c7d56", "c23bc966d837e5115b52d816c0ceb45e5b067fffdcf7eb3e2a8ae50b5507aae6", "c2cb4a0e5d4afee7de94869114d9dae658f494a3b65ddb5ca88effee97fb43f9"], "key": "<HKU>\\.DEFAULT\\CONTROL PANEL\\BUSES", "value_name": null}, {"hashes": ["01bc730c983b156f663b443386aa1717ea5b75fee667353d6f8eb94b807a4fa5", "02cc79deb0d9147c6b045a8cd5870f4d6aa6e9a366590e37aecb284b158d2108", "1330567011cf9ad12bd452d2c531adaa05a741c33f2cc55208e59a3c73dc0d71", "17c2717faf577d5bf0b8360b0e533a3110040540bccbd5f50d46273ccb37d0f2", "25b5a8d1aacbc2d8a880c736fee04297eb304ef8f4f74a498cf986f4ccb15ff1", "2c0de19809e1468f47dfa13c48dd399303718aaa9c729876c19f0b6e9a95775f", "3902ea8038ef0c7f2359d0d5a4b32311d7c15462fd92bfabdf117dc713536551", "44a144f15f425f78e8a7ec02f7337f910dd037d4a5f93543670bdc7a38ae7db2", "4a4f9f05c67838ca6d55fb14b2313565216077b314f901622ef1ca8a3f7efb0e", "561d67715daa821c53a02b429229c92f65193019368dc415473cdf56a8e9b6e1", "6586f0eb287a42f86d73eadef30b1602bd42281e8a84f6c564333bf367a83f22", "6b45453fd503798b371539999e5dcf2848a9ef920b5ec5f7d43064303230332c", "a1537bbc0fa6c311cc4b7c6c091950a9d8f645ce4fa85c7cff109eba83f793a4", "ab94da640caf5cf54f4237f0b703a1d2cba9535c5552c741a0ea8aea807c7d56", "c23bc966d837e5115b52d816c0ceb45e5b067fffdcf7eb3e2a8ae50b5507aae6", "c2cb4a0e5d4afee7de94869114d9dae658f494a3b65ddb5ca88effee97fb43f9"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\<random, matching '[A-Z0-9]{8}'>", "value_name": null}, {"hashes": ["01bc730c983b156f663b443386aa1717ea5b75fee667353d6f8eb94b807a4fa5", "02cc79deb0d9147c6b045a8cd5870f4d6aa6e9a366590e37aecb284b158d2108", "1330567011cf9ad12bd452d2c531adaa05a741c33f2cc55208e59a3c73dc0d71", "17c2717faf577d5bf0b8360b0e533a3110040540bccbd5f50d46273ccb37d0f2", "25b5a8d1aacbc2d8a880c736fee04297eb304ef8f4f74a498cf986f4ccb15ff1", "2c0de19809e1468f47dfa13c48dd399303718aaa9c729876c19f0b6e9a95775f", "3902ea8038ef0c7f2359d0d5a4b32311d7c15462fd92bfabdf117dc713536551", "44a144f15f425f78e8a7ec02f7337f910dd037d4a5f93543670bdc7a38ae7db2", "4a4f9f05c67838ca6d55fb14b2313565216077b314f901622ef1ca8a3f7efb0e", "561d67715daa821c53a02b429229c92f65193019368dc415473cdf56a8e9b6e1", "6586f0eb287a42f86d73eadef30b1602bd42281e8a84f6c564333bf367a83f22", "6b45453fd503798b371539999e5dcf2848a9ef920b5ec5f7d43064303230332c", "a1537bbc0fa6c311cc4b7c6c091950a9d8f645ce4fa85c7cff109eba83f793a4", "ab94da640caf5cf54f4237f0b703a1d2cba9535c5552c741a0ea8aea807c7d56", "c23bc966d837e5115b52d816c0ceb45e5b067fffdcf7eb3e2a8ae50b5507aae6", "c2cb4a0e5d4afee7de94869114d9dae658f494a3b65ddb5ca88effee97fb43f9"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\<random, matching '[A-Z0-9]{8}'>", "value_name": "ImagePath"}, {"hashes": ["01bc730c983b156f663b443386aa1717ea5b75fee667353d6f8eb94b807a4fa5", "02cc79deb0d9147c6b045a8cd5870f4d6aa6e9a366590e37aecb284b158d2108", "1330567011cf9ad12bd452d2c531adaa05a741c33f2cc55208e59a3c73dc0d71", "17c2717faf577d5bf0b8360b0e533a3110040540bccbd5f50d46273ccb37d0f2", "25b5a8d1aacbc2d8a880c736fee04297eb304ef8f4f74a498cf986f4ccb15ff1", "2c0de19809e1468f47dfa13c48dd399303718aaa9c729876c19f0b6e9a95775f", "3902ea8038ef0c7f2359d0d5a4b32311d7c15462fd92bfabdf117dc713536551", "44a144f15f425f78e8a7ec02f7337f910dd037d4a5f93543670bdc7a38ae7db2", "4a4f9f05c67838ca6d55fb14b2313565216077b314f901622ef1ca8a3f7efb0e", "561d67715daa821c53a02b429229c92f65193019368dc415473cdf56a8e9b6e1", "6586f0eb287a42f86d73eadef30b1602bd42281e8a84f6c564333bf367a83f22", "6b45453fd503798b371539999e5dcf2848a9ef920b5ec5f7d43064303230332c", "a1537bbc0fa6c311cc4b7c6c091950a9d8f645ce4fa85c7cff109eba83f793a4", "ab94da640caf5cf54f4237f0b703a1d2cba9535c5552c741a0ea8aea807c7d56", "c23bc966d837e5115b52d816c0ceb45e5b067fffdcf7eb3e2a8ae50b5507aae6", "c2cb4a0e5d4afee7de94869114d9dae658f494a3b65ddb5ca88effee97fb43f9"], "key": "<HKU>\\.DEFAULT\\CONTROL PANEL\\BUSES", "value_name": "Config0"}, {"hashes": ["01bc730c983b156f663b443386aa1717ea5b75fee667353d6f8eb94b807a4fa5", "02cc79deb0d9147c6b045a8cd5870f4d6aa6e9a366590e37aecb284b158d2108", "1330567011cf9ad12bd452d2c531adaa05a741c33f2cc55208e59a3c73dc0d71", "17c2717faf577d5bf0b8360b0e533a3110040540bccbd5f50d46273ccb37d0f2", "25b5a8d1aacbc2d8a880c736fee04297eb304ef8f4f74a498cf986f4ccb15ff1", "2c0de19809e1468f47dfa13c48dd399303718aaa9c729876c19f0b6e9a95775f", "3902ea8038ef0c7f2359d0d5a4b32311d7c15462fd92bfabdf117dc713536551", "44a144f15f425f78e8a7ec02f7337f910dd037d4a5f93543670bdc7a38ae7db2", "4a4f9f05c67838ca6d55fb14b2313565216077b314f901622ef1ca8a3f7efb0e", "561d67715daa821c53a02b429229c92f65193019368dc415473cdf56a8e9b6e1", "6586f0eb287a42f86d73eadef30b1602bd42281e8a84f6c564333bf367a83f22", "6b45453fd503798b371539999e5dcf2848a9ef920b5ec5f7d43064303230332c", "a1537bbc0fa6c311cc4b7c6c091950a9d8f645ce4fa85c7cff109eba83f793a4", "ab94da640caf5cf54f4237f0b703a1d2cba9535c5552c741a0ea8aea807c7d56", "c23bc966d837e5115b52d816c0ceb45e5b067fffdcf7eb3e2a8ae50b5507aae6", "c2cb4a0e5d4afee7de94869114d9dae658f494a3b65ddb5ca88effee97fb43f9"], "key": "<HKU>\\.DEFAULT\\CONTROL PANEL\\BUSES", "value_name": "Config1"}, {"hashes": ["01bc730c983b156f663b443386aa1717ea5b75fee667353d6f8eb94b807a4fa5", "1330567011cf9ad12bd452d2c531adaa05a741c33f2cc55208e59a3c73dc0d71", "25b5a8d1aacbc2d8a880c736fee04297eb304ef8f4f74a498cf986f4ccb15ff1", "2c0de19809e1468f47dfa13c48dd399303718aaa9c729876c19f0b6e9a95775f", "3902ea8038ef0c7f2359d0d5a4b32311d7c15462fd92bfabdf117dc713536551", "44a144f15f425f78e8a7ec02f7337f910dd037d4a5f93543670bdc7a38ae7db2", "4a4f9f05c67838ca6d55fb14b2313565216077b314f901622ef1ca8a3f7efb0e", "561d67715daa821c53a02b429229c92f65193019368dc415473cdf56a8e9b6e1", "6586f0eb287a42f86d73eadef30b1602bd42281e8a84f6c564333bf367a83f22", "6b45453fd503798b371539999e5dcf2848a9ef920b5ec5f7d43064303230332c", "a1537bbc0fa6c311cc4b7c6c091950a9d8f645ce4fa85c7cff109eba83f793a4", "ab94da640caf5cf54f4237f0b703a1d2cba9535c5552c741a0ea8aea807c7d56", "c23bc966d837e5115b52d816c0ceb45e5b067fffdcf7eb3e2a8ae50b5507aae6", "c2cb4a0e5d4afee7de94869114d9dae658f494a3b65ddb5ca88effee97fb43f9"], "key": "<HKU>\\.DEFAULT\\CONTROL PANEL\\BUSES", "value_name": "Config2"}, {"hashes": ["a1537bbc0fa6c311cc4b7c6c091950a9d8f645ce4fa85c7cff109eba83f793a4", "c2cb4a0e5d4afee7de94869114d9dae658f494a3b65ddb5ca88effee97fb43f9"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS DEFENDER\\EXCLUSIONS\\PATHS", "value_name": "C:\\Windows\\SysWOW64\\nguazhnc"}, {"hashes": ["561d67715daa821c53a02b429229c92f65193019368dc415473cdf56a8e9b6e1", "c23bc966d837e5115b52d816c0ceb45e5b067fffdcf7eb3e2a8ae50b5507aae6"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS DEFENDER\\EXCLUSIONS\\PATHS", "value_name": "C:\\Windows\\SysWOW64\\kdrxwekz"}, {"hashes": ["3902ea8038ef0c7f2359d0d5a4b32311d7c15462fd92bfabdf117dc713536551", "6b45453fd503798b371539999e5dcf2848a9ef920b5ec5f7d43064303230332c"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS DEFENDER\\EXCLUSIONS\\PATHS", "value_name": "C:\\Windows\\SysWOW64\\piwcbjpe"}, {"hashes": ["ab94da640caf5cf54f4237f0b703a1d2cba9535c5552c741a0ea8aea807c7d56"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS DEFENDER\\EXCLUSIONS\\PATHS", "value_name": "C:\\Windows\\SysWOW64\\unbhgouj"}, {"hashes": ["2c0de19809e1468f47dfa13c48dd399303718aaa9c729876c19f0b6e9a95775f"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS DEFENDER\\EXCLUSIONS\\PATHS", "value_name": "C:\\Windows\\SysWOW64\\ibpvucix"}, {"hashes": ["44a144f15f425f78e8a7ec02f7337f910dd037d4a5f93543670bdc7a38ae7db2"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS DEFENDER\\EXCLUSIONS\\PATHS", "value_name": "C:\\Windows\\SysWOW64\\exlrqyet"}, {"hashes": ["01bc730c983b156f663b443386aa1717ea5b75fee667353d6f8eb94b807a4fa5"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS DEFENDER\\EXCLUSIONS\\PATHS", "value_name": "C:\\Windows\\SysWOW64\\athnmuap"}, {"hashes": ["17c2717faf577d5bf0b8360b0e533a3110040540bccbd5f50d46273ccb37d0f2"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS DEFENDER\\EXCLUSIONS\\PATHS", "value_name": "C:\\Windows\\SysWOW64\\jcqwvdjy"}, {"hashes": ["25b5a8d1aacbc2d8a880c736fee04297eb304ef8f4f74a498cf986f4ccb15ff1"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS DEFENDER\\EXCLUSIONS\\PATHS", "value_name": "C:\\Windows\\SysWOW64\\buionvbq"}, {"hashes": ["02cc79deb0d9147c6b045a8cd5870f4d6aa6e9a366590e37aecb284b158d2108"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS DEFENDER\\EXCLUSIONS\\PATHS", "value_name": "C:\\Windows\\SysWOW64\\lesyxfla"}, {"hashes": ["1330567011cf9ad12bd452d2c531adaa05a741c33f2cc55208e59a3c73dc0d71"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS DEFENDER\\EXCLUSIONS\\PATHS", "value_name": "C:\\Windows\\SysWOW64\\yrflksyn"}, {"hashes": ["6586f0eb287a42f86d73eadef30b1602bd42281e8a84f6c564333bf367a83f22"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS DEFENDER\\EXCLUSIONS\\PATHS", "value_name": "C:\\Windows\\SysWOW64\\vocihpvk"}, {"hashes": ["4a4f9f05c67838ca6d55fb14b2313565216077b314f901622ef1ca8a3f7efb0e"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS DEFENDER\\EXCLUSIONS\\PATHS", "value_name": "C:\\Windows\\SysWOW64\\qjxdckqf"}]}, "reports_count": 17}, "Win.Malware.TrickBot-9845695-1": {"bis": [{"bi": "antivirus-flagged-artifact", "hashes": ["4b068e62f1dfdeacfe1906a205aa83c05982b0d52231f834da95d6bc17e61a8e", "85b66b7fa25bfc1278f9f09ed9be8fede81f6f7118cf400ab5aacc85cb5d9e4d", "3e77d5838b700052a52026055ea50e6159e7867821ea66214238e10e2a2d5453", "3671072022208362d29582ab31b21bcc9972a82b6fee3e7a2322feaf46a1e120", "1eab8af346d74aa7050885c4f2a550140490e51ec65270f46df7b4e31ed76518", "9f48c80329b8f5da714681b029fed3f1392075b7b29e814188f51b3b9512592d", "2526749816b6832a4ce55f2a1a3ae283d8b11f96fe64eed75e7d04f46a63dd17", "4249ca992541801b3f6190210b85710380ce3ba7fc08082605c618a348a9339d", "9d43f7cbd00106eb67d4b0afaa7d5aeaddff4d453d1d53d4e2bb370529a0ac46", "ac2f9c84da5c87cce522edb5e12035aa0993687be931dd0afcba4ea85a602d96", "7252a7a296652a83ecee9a84db2ae010978e9fbb85dd7a32611895205be64db3", "994a464d76c2ccb4c53bc4e17316ded24f12f99fcc2d5a083c625279225a2fc3", "0a431cee114ef2f1f805c00261b1bff23aaf39a80f42ecdfcde1001acfa95581", "f15307fc5af93f23c30f79c1132c55e984215418670a7679f4e6be9eb7f04e79", "e5cd9eb83f3a3ffe35c28efcb98ed20bdf308800bf559fca6af43d9f092d3edd", "50b4ac7bfec05cb4eb9b2aefdbbc5787176600baf13124bad795a1791e9d5fbd", "2e2ae4f73c2817bcec1b3f5671f1f403fad5109ca3202bcfea152665a3a8b5de", "9f28c47a99c998d1356d26e1a56fdd16fd05ca945ca21881dc2bbc8d9ef7e5de", "c45982c94f7385350d087a48609099c9edc7600aab87a5f1b1e9ed2e65f2f463", "7272c0a27bbc3a4b6e66a259f4783aff668b27f47c9ca5ff0408e5d8a960982d", "8641148dc8b6350e9511a70a0b48ef7011cec13a0dbccf5e1e11d8adfe73dbfe", "1d2e817ba7bdce32aa0e35d96e06747fc07674fcdd713782053b0d565a108ba1", "658b6cb0f9eca4f860564dbfd1543fe50f4e64f42e5343427fd87c0bcafb5f61", "466302e97762ba8ef4c7f5d29c5e6053477e2874fb0746b69045bea44a450669", "ca3f6b91f5ecc73cc345c8b5aa721a2e7c8764bdb0d4e0e65049f1da070878e9", "28e14e1fc2315b99f94837b05a6a667d09cd5b233667816b655dae466ffc565c", "1e2f585e39a12ed54438a32616fbd89fbabd641272f9ae363e2786a4e2196c2f", "f61b319384aede6830480b70cb378988f4e09e401656b7c325d96bdbdc1ce9ce"], "mitre_attack_tags": []}, {"bi": "pe-encrypted-section", "hashes": ["4b068e62f1dfdeacfe1906a205aa83c05982b0d52231f834da95d6bc17e61a8e", "85b66b7fa25bfc1278f9f09ed9be8fede81f6f7118cf400ab5aacc85cb5d9e4d", "3e77d5838b700052a52026055ea50e6159e7867821ea66214238e10e2a2d5453", "3671072022208362d29582ab31b21bcc9972a82b6fee3e7a2322feaf46a1e120", "1eab8af346d74aa7050885c4f2a550140490e51ec65270f46df7b4e31ed76518", "9f48c80329b8f5da714681b029fed3f1392075b7b29e814188f51b3b9512592d", "2526749816b6832a4ce55f2a1a3ae283d8b11f96fe64eed75e7d04f46a63dd17", "4249ca992541801b3f6190210b85710380ce3ba7fc08082605c618a348a9339d", "9d43f7cbd00106eb67d4b0afaa7d5aeaddff4d453d1d53d4e2bb370529a0ac46", "ac2f9c84da5c87cce522edb5e12035aa0993687be931dd0afcba4ea85a602d96", "7252a7a296652a83ecee9a84db2ae010978e9fbb85dd7a32611895205be64db3", "994a464d76c2ccb4c53bc4e17316ded24f12f99fcc2d5a083c625279225a2fc3", "0a431cee114ef2f1f805c00261b1bff23aaf39a80f42ecdfcde1001acfa95581", "f15307fc5af93f23c30f79c1132c55e984215418670a7679f4e6be9eb7f04e79", "e5cd9eb83f3a3ffe35c28efcb98ed20bdf308800bf559fca6af43d9f092d3edd", "50b4ac7bfec05cb4eb9b2aefdbbc5787176600baf13124bad795a1791e9d5fbd", "2e2ae4f73c2817bcec1b3f5671f1f403fad5109ca3202bcfea152665a3a8b5de", "9f28c47a99c998d1356d26e1a56fdd16fd05ca945ca21881dc2bbc8d9ef7e5de", "c45982c94f7385350d087a48609099c9edc7600aab87a5f1b1e9ed2e65f2f463", "7272c0a27bbc3a4b6e66a259f4783aff668b27f47c9ca5ff0408e5d8a960982d", "8641148dc8b6350e9511a70a0b48ef7011cec13a0dbccf5e1e11d8adfe73dbfe", "1d2e817ba7bdce32aa0e35d96e06747fc07674fcdd713782053b0d565a108ba1", "658b6cb0f9eca4f860564dbfd1543fe50f4e64f42e5343427fd87c0bcafb5f61", "466302e97762ba8ef4c7f5d29c5e6053477e2874fb0746b69045bea44a450669", "ca3f6b91f5ecc73cc345c8b5aa721a2e7c8764bdb0d4e0e65049f1da070878e9", "28e14e1fc2315b99f94837b05a6a667d09cd5b233667816b655dae466ffc565c", "1e2f585e39a12ed54438a32616fbd89fbabd641272f9ae363e2786a4e2196c2f", "f61b319384aede6830480b70cb378988f4e09e401656b7c325d96bdbdc1ce9ce"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "memory-execute-readwrite", "hashes": ["4b068e62f1dfdeacfe1906a205aa83c05982b0d52231f834da95d6bc17e61a8e", "85b66b7fa25bfc1278f9f09ed9be8fede81f6f7118cf400ab5aacc85cb5d9e4d", "3e77d5838b700052a52026055ea50e6159e7867821ea66214238e10e2a2d5453", "3671072022208362d29582ab31b21bcc9972a82b6fee3e7a2322feaf46a1e120", "1eab8af346d74aa7050885c4f2a550140490e51ec65270f46df7b4e31ed76518", "9f48c80329b8f5da714681b029fed3f1392075b7b29e814188f51b3b9512592d", "2526749816b6832a4ce55f2a1a3ae283d8b11f96fe64eed75e7d04f46a63dd17", "4249ca992541801b3f6190210b85710380ce3ba7fc08082605c618a348a9339d", "9d43f7cbd00106eb67d4b0afaa7d5aeaddff4d453d1d53d4e2bb370529a0ac46", "ac2f9c84da5c87cce522edb5e12035aa0993687be931dd0afcba4ea85a602d96", "7252a7a296652a83ecee9a84db2ae010978e9fbb85dd7a32611895205be64db3", "994a464d76c2ccb4c53bc4e17316ded24f12f99fcc2d5a083c625279225a2fc3", "0a431cee114ef2f1f805c00261b1bff23aaf39a80f42ecdfcde1001acfa95581", "f15307fc5af93f23c30f79c1132c55e984215418670a7679f4e6be9eb7f04e79", "e5cd9eb83f3a3ffe35c28efcb98ed20bdf308800bf559fca6af43d9f092d3edd", "50b4ac7bfec05cb4eb9b2aefdbbc5787176600baf13124bad795a1791e9d5fbd", "2e2ae4f73c2817bcec1b3f5671f1f403fad5109ca3202bcfea152665a3a8b5de", "9f28c47a99c998d1356d26e1a56fdd16fd05ca945ca21881dc2bbc8d9ef7e5de", "c45982c94f7385350d087a48609099c9edc7600aab87a5f1b1e9ed2e65f2f463", "7272c0a27bbc3a4b6e66a259f4783aff668b27f47c9ca5ff0408e5d8a960982d", "8641148dc8b6350e9511a70a0b48ef7011cec13a0dbccf5e1e11d8adfe73dbfe", "1d2e817ba7bdce32aa0e35d96e06747fc07674fcdd713782053b0d565a108ba1", "658b6cb0f9eca4f860564dbfd1543fe50f4e64f42e5343427fd87c0bcafb5f61", "466302e97762ba8ef4c7f5d29c5e6053477e2874fb0746b69045bea44a450669", "ca3f6b91f5ecc73cc345c8b5aa721a2e7c8764bdb0d4e0e65049f1da070878e9", "28e14e1fc2315b99f94837b05a6a667d09cd5b233667816b655dae466ffc565c", "1e2f585e39a12ed54438a32616fbd89fbabd641272f9ae363e2786a4e2196c2f", "f61b319384aede6830480b70cb378988f4e09e401656b7c325d96bdbdc1ce9ce"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "modified-executable", "hashes": ["4b068e62f1dfdeacfe1906a205aa83c05982b0d52231f834da95d6bc17e61a8e", "85b66b7fa25bfc1278f9f09ed9be8fede81f6f7118cf400ab5aacc85cb5d9e4d", "3e77d5838b700052a52026055ea50e6159e7867821ea66214238e10e2a2d5453", "3671072022208362d29582ab31b21bcc9972a82b6fee3e7a2322feaf46a1e120", "1eab8af346d74aa7050885c4f2a550140490e51ec65270f46df7b4e31ed76518", "9f48c80329b8f5da714681b029fed3f1392075b7b29e814188f51b3b9512592d", "2526749816b6832a4ce55f2a1a3ae283d8b11f96fe64eed75e7d04f46a63dd17", "4249ca992541801b3f6190210b85710380ce3ba7fc08082605c618a348a9339d", "9d43f7cbd00106eb67d4b0afaa7d5aeaddff4d453d1d53d4e2bb370529a0ac46", "ac2f9c84da5c87cce522edb5e12035aa0993687be931dd0afcba4ea85a602d96", "7252a7a296652a83ecee9a84db2ae010978e9fbb85dd7a32611895205be64db3", "994a464d76c2ccb4c53bc4e17316ded24f12f99fcc2d5a083c625279225a2fc3", "0a431cee114ef2f1f805c00261b1bff23aaf39a80f42ecdfcde1001acfa95581", "f15307fc5af93f23c30f79c1132c55e984215418670a7679f4e6be9eb7f04e79", "e5cd9eb83f3a3ffe35c28efcb98ed20bdf308800bf559fca6af43d9f092d3edd", "50b4ac7bfec05cb4eb9b2aefdbbc5787176600baf13124bad795a1791e9d5fbd", "2e2ae4f73c2817bcec1b3f5671f1f403fad5109ca3202bcfea152665a3a8b5de", "9f28c47a99c998d1356d26e1a56fdd16fd05ca945ca21881dc2bbc8d9ef7e5de", "c45982c94f7385350d087a48609099c9edc7600aab87a5f1b1e9ed2e65f2f463", "7272c0a27bbc3a4b6e66a259f4783aff668b27f47c9ca5ff0408e5d8a960982d", "8641148dc8b6350e9511a70a0b48ef7011cec13a0dbccf5e1e11d8adfe73dbfe", "1d2e817ba7bdce32aa0e35d96e06747fc07674fcdd713782053b0d565a108ba1", "658b6cb0f9eca4f860564dbfd1543fe50f4e64f42e5343427fd87c0bcafb5f61", "466302e97762ba8ef4c7f5d29c5e6053477e2874fb0746b69045bea44a450669", "ca3f6b91f5ecc73cc345c8b5aa721a2e7c8764bdb0d4e0e65049f1da070878e9", "28e14e1fc2315b99f94837b05a6a667d09cd5b233667816b655dae466ffc565c", "1e2f585e39a12ed54438a32616fbd89fbabd641272f9ae363e2786a4e2196c2f", "f61b319384aede6830480b70cb378988f4e09e401656b7c325d96bdbdc1ce9ce"], "mitre_attack_tags": []}, {"bi": "created-executable-in-user-dir", "hashes": ["4b068e62f1dfdeacfe1906a205aa83c05982b0d52231f834da95d6bc17e61a8e", "85b66b7fa25bfc1278f9f09ed9be8fede81f6f7118cf400ab5aacc85cb5d9e4d", "3e77d5838b700052a52026055ea50e6159e7867821ea66214238e10e2a2d5453", "3671072022208362d29582ab31b21bcc9972a82b6fee3e7a2322feaf46a1e120", "1eab8af346d74aa7050885c4f2a550140490e51ec65270f46df7b4e31ed76518", "9f48c80329b8f5da714681b029fed3f1392075b7b29e814188f51b3b9512592d", "2526749816b6832a4ce55f2a1a3ae283d8b11f96fe64eed75e7d04f46a63dd17", "4249ca992541801b3f6190210b85710380ce3ba7fc08082605c618a348a9339d", "9d43f7cbd00106eb67d4b0afaa7d5aeaddff4d453d1d53d4e2bb370529a0ac46", "ac2f9c84da5c87cce522edb5e12035aa0993687be931dd0afcba4ea85a602d96", "7252a7a296652a83ecee9a84db2ae010978e9fbb85dd7a32611895205be64db3", "994a464d76c2ccb4c53bc4e17316ded24f12f99fcc2d5a083c625279225a2fc3", "0a431cee114ef2f1f805c00261b1bff23aaf39a80f42ecdfcde1001acfa95581", "f15307fc5af93f23c30f79c1132c55e984215418670a7679f4e6be9eb7f04e79", "e5cd9eb83f3a3ffe35c28efcb98ed20bdf308800bf559fca6af43d9f092d3edd", "50b4ac7bfec05cb4eb9b2aefdbbc5787176600baf13124bad795a1791e9d5fbd", "2e2ae4f73c2817bcec1b3f5671f1f403fad5109ca3202bcfea152665a3a8b5de", "9f28c47a99c998d1356d26e1a56fdd16fd05ca945ca21881dc2bbc8d9ef7e5de", "c45982c94f7385350d087a48609099c9edc7600aab87a5f1b1e9ed2e65f2f463", "7272c0a27bbc3a4b6e66a259f4783aff668b27f47c9ca5ff0408e5d8a960982d", "8641148dc8b6350e9511a70a0b48ef7011cec13a0dbccf5e1e11d8adfe73dbfe", "1d2e817ba7bdce32aa0e35d96e06747fc07674fcdd713782053b0d565a108ba1", "658b6cb0f9eca4f860564dbfd1543fe50f4e64f42e5343427fd87c0bcafb5f61", "466302e97762ba8ef4c7f5d29c5e6053477e2874fb0746b69045bea44a450669", "ca3f6b91f5ecc73cc345c8b5aa721a2e7c8764bdb0d4e0e65049f1da070878e9", "28e14e1fc2315b99f94837b05a6a667d09cd5b233667816b655dae466ffc565c", "1e2f585e39a12ed54438a32616fbd89fbabd641272f9ae363e2786a4e2196c2f", "f61b319384aede6830480b70cb378988f4e09e401656b7c325d96bdbdc1ce9ce"], "mitre_attack_tags": []}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["4b068e62f1dfdeacfe1906a205aa83c05982b0d52231f834da95d6bc17e61a8e", "85b66b7fa25bfc1278f9f09ed9be8fede81f6f7118cf400ab5aacc85cb5d9e4d", "3e77d5838b700052a52026055ea50e6159e7867821ea66214238e10e2a2d5453", "3671072022208362d29582ab31b21bcc9972a82b6fee3e7a2322feaf46a1e120", "1eab8af346d74aa7050885c4f2a550140490e51ec65270f46df7b4e31ed76518", "9f48c80329b8f5da714681b029fed3f1392075b7b29e814188f51b3b9512592d", "2526749816b6832a4ce55f2a1a3ae283d8b11f96fe64eed75e7d04f46a63dd17", "4249ca992541801b3f6190210b85710380ce3ba7fc08082605c618a348a9339d", "9d43f7cbd00106eb67d4b0afaa7d5aeaddff4d453d1d53d4e2bb370529a0ac46", "ac2f9c84da5c87cce522edb5e12035aa0993687be931dd0afcba4ea85a602d96", "7252a7a296652a83ecee9a84db2ae010978e9fbb85dd7a32611895205be64db3", "994a464d76c2ccb4c53bc4e17316ded24f12f99fcc2d5a083c625279225a2fc3", "0a431cee114ef2f1f805c00261b1bff23aaf39a80f42ecdfcde1001acfa95581", "f15307fc5af93f23c30f79c1132c55e984215418670a7679f4e6be9eb7f04e79", "e5cd9eb83f3a3ffe35c28efcb98ed20bdf308800bf559fca6af43d9f092d3edd", "50b4ac7bfec05cb4eb9b2aefdbbc5787176600baf13124bad795a1791e9d5fbd", "2e2ae4f73c2817bcec1b3f5671f1f403fad5109ca3202bcfea152665a3a8b5de", "9f28c47a99c998d1356d26e1a56fdd16fd05ca945ca21881dc2bbc8d9ef7e5de", "c45982c94f7385350d087a48609099c9edc7600aab87a5f1b1e9ed2e65f2f463", "7272c0a27bbc3a4b6e66a259f4783aff668b27f47c9ca5ff0408e5d8a960982d", "8641148dc8b6350e9511a70a0b48ef7011cec13a0dbccf5e1e11d8adfe73dbfe", "1d2e817ba7bdce32aa0e35d96e06747fc07674fcdd713782053b0d565a108ba1", "658b6cb0f9eca4f860564dbfd1543fe50f4e64f42e5343427fd87c0bcafb5f61", "466302e97762ba8ef4c7f5d29c5e6053477e2874fb0746b69045bea44a450669", "ca3f6b91f5ecc73cc345c8b5aa721a2e7c8764bdb0d4e0e65049f1da070878e9", "28e14e1fc2315b99f94837b05a6a667d09cd5b233667816b655dae466ffc565c", "1e2f585e39a12ed54438a32616fbd89fbabd641272f9ae363e2786a4e2196c2f", "f61b319384aede6830480b70cb378988f4e09e401656b7c325d96bdbdc1ce9ce"], "mitre_attack_tags": []}, {"bi": "modified-file-in-user-dir", "hashes": ["4b068e62f1dfdeacfe1906a205aa83c05982b0d52231f834da95d6bc17e61a8e", "85b66b7fa25bfc1278f9f09ed9be8fede81f6f7118cf400ab5aacc85cb5d9e4d", "3e77d5838b700052a52026055ea50e6159e7867821ea66214238e10e2a2d5453", "3671072022208362d29582ab31b21bcc9972a82b6fee3e7a2322feaf46a1e120", "1eab8af346d74aa7050885c4f2a550140490e51ec65270f46df7b4e31ed76518", "9f48c80329b8f5da714681b029fed3f1392075b7b29e814188f51b3b9512592d", "2526749816b6832a4ce55f2a1a3ae283d8b11f96fe64eed75e7d04f46a63dd17", "4249ca992541801b3f6190210b85710380ce3ba7fc08082605c618a348a9339d", "9d43f7cbd00106eb67d4b0afaa7d5aeaddff4d453d1d53d4e2bb370529a0ac46", "ac2f9c84da5c87cce522edb5e12035aa0993687be931dd0afcba4ea85a602d96", "7252a7a296652a83ecee9a84db2ae010978e9fbb85dd7a32611895205be64db3", "994a464d76c2ccb4c53bc4e17316ded24f12f99fcc2d5a083c625279225a2fc3", "0a431cee114ef2f1f805c00261b1bff23aaf39a80f42ecdfcde1001acfa95581", "f15307fc5af93f23c30f79c1132c55e984215418670a7679f4e6be9eb7f04e79", "e5cd9eb83f3a3ffe35c28efcb98ed20bdf308800bf559fca6af43d9f092d3edd", "50b4ac7bfec05cb4eb9b2aefdbbc5787176600baf13124bad795a1791e9d5fbd", "2e2ae4f73c2817bcec1b3f5671f1f403fad5109ca3202bcfea152665a3a8b5de", "9f28c47a99c998d1356d26e1a56fdd16fd05ca945ca21881dc2bbc8d9ef7e5de", "c45982c94f7385350d087a48609099c9edc7600aab87a5f1b1e9ed2e65f2f463", "7272c0a27bbc3a4b6e66a259f4783aff668b27f47c9ca5ff0408e5d8a960982d", "8641148dc8b6350e9511a70a0b48ef7011cec13a0dbccf5e1e11d8adfe73dbfe", "1d2e817ba7bdce32aa0e35d96e06747fc07674fcdd713782053b0d565a108ba1", "658b6cb0f9eca4f860564dbfd1543fe50f4e64f42e5343427fd87c0bcafb5f61", "466302e97762ba8ef4c7f5d29c5e6053477e2874fb0746b69045bea44a450669", "ca3f6b91f5ecc73cc345c8b5aa721a2e7c8764bdb0d4e0e65049f1da070878e9", "28e14e1fc2315b99f94837b05a6a667d09cd5b233667816b655dae466ffc565c", "1e2f585e39a12ed54438a32616fbd89fbabd641272f9ae363e2786a4e2196c2f", "f61b319384aede6830480b70cb378988f4e09e401656b7c325d96bdbdc1ce9ce"], "mitre_attack_tags": []}, {"bi": "pe-invalid-checksum", "hashes": ["4b068e62f1dfdeacfe1906a205aa83c05982b0d52231f834da95d6bc17e61a8e", "85b66b7fa25bfc1278f9f09ed9be8fede81f6f7118cf400ab5aacc85cb5d9e4d", "3e77d5838b700052a52026055ea50e6159e7867821ea66214238e10e2a2d5453", "3671072022208362d29582ab31b21bcc9972a82b6fee3e7a2322feaf46a1e120", "1eab8af346d74aa7050885c4f2a550140490e51ec65270f46df7b4e31ed76518", "9f48c80329b8f5da714681b029fed3f1392075b7b29e814188f51b3b9512592d", "2526749816b6832a4ce55f2a1a3ae283d8b11f96fe64eed75e7d04f46a63dd17", "4249ca992541801b3f6190210b85710380ce3ba7fc08082605c618a348a9339d", "9d43f7cbd00106eb67d4b0afaa7d5aeaddff4d453d1d53d4e2bb370529a0ac46", "ac2f9c84da5c87cce522edb5e12035aa0993687be931dd0afcba4ea85a602d96", "7252a7a296652a83ecee9a84db2ae010978e9fbb85dd7a32611895205be64db3", "994a464d76c2ccb4c53bc4e17316ded24f12f99fcc2d5a083c625279225a2fc3", "0a431cee114ef2f1f805c00261b1bff23aaf39a80f42ecdfcde1001acfa95581", "f15307fc5af93f23c30f79c1132c55e984215418670a7679f4e6be9eb7f04e79", "e5cd9eb83f3a3ffe35c28efcb98ed20bdf308800bf559fca6af43d9f092d3edd", "50b4ac7bfec05cb4eb9b2aefdbbc5787176600baf13124bad795a1791e9d5fbd", "2e2ae4f73c2817bcec1b3f5671f1f403fad5109ca3202bcfea152665a3a8b5de", "9f28c47a99c998d1356d26e1a56fdd16fd05ca945ca21881dc2bbc8d9ef7e5de", "c45982c94f7385350d087a48609099c9edc7600aab87a5f1b1e9ed2e65f2f463", "7272c0a27bbc3a4b6e66a259f4783aff668b27f47c9ca5ff0408e5d8a960982d", "8641148dc8b6350e9511a70a0b48ef7011cec13a0dbccf5e1e11d8adfe73dbfe", "1d2e817ba7bdce32aa0e35d96e06747fc07674fcdd713782053b0d565a108ba1", "658b6cb0f9eca4f860564dbfd1543fe50f4e64f42e5343427fd87c0bcafb5f61", "466302e97762ba8ef4c7f5d29c5e6053477e2874fb0746b69045bea44a450669", "ca3f6b91f5ecc73cc345c8b5aa721a2e7c8764bdb0d4e0e65049f1da070878e9", "28e14e1fc2315b99f94837b05a6a667d09cd5b233667816b655dae466ffc565c", "1e2f585e39a12ed54438a32616fbd89fbabd641272f9ae363e2786a4e2196c2f", "f61b319384aede6830480b70cb378988f4e09e401656b7c325d96bdbdc1ce9ce"], "mitre_attack_tags": []}, {"bi": "cta-static-analyzer-malicious", "hashes": ["4b068e62f1dfdeacfe1906a205aa83c05982b0d52231f834da95d6bc17e61a8e", "85b66b7fa25bfc1278f9f09ed9be8fede81f6f7118cf400ab5aacc85cb5d9e4d", "3e77d5838b700052a52026055ea50e6159e7867821ea66214238e10e2a2d5453", "3671072022208362d29582ab31b21bcc9972a82b6fee3e7a2322feaf46a1e120", "1eab8af346d74aa7050885c4f2a550140490e51ec65270f46df7b4e31ed76518", "9f48c80329b8f5da714681b029fed3f1392075b7b29e814188f51b3b9512592d", "2526749816b6832a4ce55f2a1a3ae283d8b11f96fe64eed75e7d04f46a63dd17", "4249ca992541801b3f6190210b85710380ce3ba7fc08082605c618a348a9339d", "9d43f7cbd00106eb67d4b0afaa7d5aeaddff4d453d1d53d4e2bb370529a0ac46", "ac2f9c84da5c87cce522edb5e12035aa0993687be931dd0afcba4ea85a602d96", "7252a7a296652a83ecee9a84db2ae010978e9fbb85dd7a32611895205be64db3", "994a464d76c2ccb4c53bc4e17316ded24f12f99fcc2d5a083c625279225a2fc3", "0a431cee114ef2f1f805c00261b1bff23aaf39a80f42ecdfcde1001acfa95581", "f15307fc5af93f23c30f79c1132c55e984215418670a7679f4e6be9eb7f04e79", "e5cd9eb83f3a3ffe35c28efcb98ed20bdf308800bf559fca6af43d9f092d3edd", "50b4ac7bfec05cb4eb9b2aefdbbc5787176600baf13124bad795a1791e9d5fbd", "2e2ae4f73c2817bcec1b3f5671f1f403fad5109ca3202bcfea152665a3a8b5de", "9f28c47a99c998d1356d26e1a56fdd16fd05ca945ca21881dc2bbc8d9ef7e5de", "c45982c94f7385350d087a48609099c9edc7600aab87a5f1b1e9ed2e65f2f463", "7272c0a27bbc3a4b6e66a259f4783aff668b27f47c9ca5ff0408e5d8a960982d", "8641148dc8b6350e9511a70a0b48ef7011cec13a0dbccf5e1e11d8adfe73dbfe", "1d2e817ba7bdce32aa0e35d96e06747fc07674fcdd713782053b0d565a108ba1", "658b6cb0f9eca4f860564dbfd1543fe50f4e64f42e5343427fd87c0bcafb5f61", "466302e97762ba8ef4c7f5d29c5e6053477e2874fb0746b69045bea44a450669", "ca3f6b91f5ecc73cc345c8b5aa721a2e7c8764bdb0d4e0e65049f1da070878e9", "28e14e1fc2315b99f94837b05a6a667d09cd5b233667816b655dae466ffc565c", "1e2f585e39a12ed54438a32616fbd89fbabd641272f9ae363e2786a4e2196c2f", "f61b319384aede6830480b70cb378988f4e09e401656b7c325d96bdbdc1ce9ce"], "mitre_attack_tags": []}, {"bi": "network-communications-http-get", "hashes": ["4b068e62f1dfdeacfe1906a205aa83c05982b0d52231f834da95d6bc17e61a8e", "85b66b7fa25bfc1278f9f09ed9be8fede81f6f7118cf400ab5aacc85cb5d9e4d", "3e77d5838b700052a52026055ea50e6159e7867821ea66214238e10e2a2d5453", "3671072022208362d29582ab31b21bcc9972a82b6fee3e7a2322feaf46a1e120", "1eab8af346d74aa7050885c4f2a550140490e51ec65270f46df7b4e31ed76518", "9f48c80329b8f5da714681b029fed3f1392075b7b29e814188f51b3b9512592d", "2526749816b6832a4ce55f2a1a3ae283d8b11f96fe64eed75e7d04f46a63dd17", "4249ca992541801b3f6190210b85710380ce3ba7fc08082605c618a348a9339d", "9d43f7cbd00106eb67d4b0afaa7d5aeaddff4d453d1d53d4e2bb370529a0ac46", "ac2f9c84da5c87cce522edb5e12035aa0993687be931dd0afcba4ea85a602d96", "7252a7a296652a83ecee9a84db2ae010978e9fbb85dd7a32611895205be64db3", "994a464d76c2ccb4c53bc4e17316ded24f12f99fcc2d5a083c625279225a2fc3", "0a431cee114ef2f1f805c00261b1bff23aaf39a80f42ecdfcde1001acfa95581", "f15307fc5af93f23c30f79c1132c55e984215418670a7679f4e6be9eb7f04e79", "e5cd9eb83f3a3ffe35c28efcb98ed20bdf308800bf559fca6af43d9f092d3edd", "50b4ac7bfec05cb4eb9b2aefdbbc5787176600baf13124bad795a1791e9d5fbd", "2e2ae4f73c2817bcec1b3f5671f1f403fad5109ca3202bcfea152665a3a8b5de", "9f28c47a99c998d1356d26e1a56fdd16fd05ca945ca21881dc2bbc8d9ef7e5de", "c45982c94f7385350d087a48609099c9edc7600aab87a5f1b1e9ed2e65f2f463", "7272c0a27bbc3a4b6e66a259f4783aff668b27f47c9ca5ff0408e5d8a960982d", "8641148dc8b6350e9511a70a0b48ef7011cec13a0dbccf5e1e11d8adfe73dbfe", "1d2e817ba7bdce32aa0e35d96e06747fc07674fcdd713782053b0d565a108ba1", "658b6cb0f9eca4f860564dbfd1543fe50f4e64f42e5343427fd87c0bcafb5f61", "466302e97762ba8ef4c7f5d29c5e6053477e2874fb0746b69045bea44a450669", "ca3f6b91f5ecc73cc345c8b5aa721a2e7c8764bdb0d4e0e65049f1da070878e9", "28e14e1fc2315b99f94837b05a6a667d09cd5b233667816b655dae466ffc565c", "1e2f585e39a12ed54438a32616fbd89fbabd641272f9ae363e2786a4e2196c2f", "f61b319384aede6830480b70cb378988f4e09e401656b7c325d96bdbdc1ce9ce"], "mitre_attack_tags": ["TA0011", "T1105"]}, {"bi": "network-only-safe-domains-contacted", "hashes": ["4b068e62f1dfdeacfe1906a205aa83c05982b0d52231f834da95d6bc17e61a8e", "85b66b7fa25bfc1278f9f09ed9be8fede81f6f7118cf400ab5aacc85cb5d9e4d", "3e77d5838b700052a52026055ea50e6159e7867821ea66214238e10e2a2d5453", "3671072022208362d29582ab31b21bcc9972a82b6fee3e7a2322feaf46a1e120", "1eab8af346d74aa7050885c4f2a550140490e51ec65270f46df7b4e31ed76518", "9f48c80329b8f5da714681b029fed3f1392075b7b29e814188f51b3b9512592d", "2526749816b6832a4ce55f2a1a3ae283d8b11f96fe64eed75e7d04f46a63dd17", "4249ca992541801b3f6190210b85710380ce3ba7fc08082605c618a348a9339d", "9d43f7cbd00106eb67d4b0afaa7d5aeaddff4d453d1d53d4e2bb370529a0ac46", "ac2f9c84da5c87cce522edb5e12035aa0993687be931dd0afcba4ea85a602d96", "7252a7a296652a83ecee9a84db2ae010978e9fbb85dd7a32611895205be64db3", "994a464d76c2ccb4c53bc4e17316ded24f12f99fcc2d5a083c625279225a2fc3", "0a431cee114ef2f1f805c00261b1bff23aaf39a80f42ecdfcde1001acfa95581", "f15307fc5af93f23c30f79c1132c55e984215418670a7679f4e6be9eb7f04e79", "e5cd9eb83f3a3ffe35c28efcb98ed20bdf308800bf559fca6af43d9f092d3edd", "50b4ac7bfec05cb4eb9b2aefdbbc5787176600baf13124bad795a1791e9d5fbd", "2e2ae4f73c2817bcec1b3f5671f1f403fad5109ca3202bcfea152665a3a8b5de", "9f28c47a99c998d1356d26e1a56fdd16fd05ca945ca21881dc2bbc8d9ef7e5de", "c45982c94f7385350d087a48609099c9edc7600aab87a5f1b1e9ed2e65f2f463", "7272c0a27bbc3a4b6e66a259f4783aff668b27f47c9ca5ff0408e5d8a960982d", "8641148dc8b6350e9511a70a0b48ef7011cec13a0dbccf5e1e11d8adfe73dbfe", "1d2e817ba7bdce32aa0e35d96e06747fc07674fcdd713782053b0d565a108ba1", "658b6cb0f9eca4f860564dbfd1543fe50f4e64f42e5343427fd87c0bcafb5f61", "466302e97762ba8ef4c7f5d29c5e6053477e2874fb0746b69045bea44a450669", "ca3f6b91f5ecc73cc345c8b5aa721a2e7c8764bdb0d4e0e65049f1da070878e9", "28e14e1fc2315b99f94837b05a6a667d09cd5b233667816b655dae466ffc565c", "1e2f585e39a12ed54438a32616fbd89fbabd641272f9ae363e2786a4e2196c2f", "f61b319384aede6830480b70cb378988f4e09e401656b7c325d96bdbdc1ce9ce"], "mitre_attack_tags": []}, {"bi": "excessive-foreign-memory-modification", "hashes": ["4b068e62f1dfdeacfe1906a205aa83c05982b0d52231f834da95d6bc17e61a8e", "85b66b7fa25bfc1278f9f09ed9be8fede81f6f7118cf400ab5aacc85cb5d9e4d", "3e77d5838b700052a52026055ea50e6159e7867821ea66214238e10e2a2d5453", "3671072022208362d29582ab31b21bcc9972a82b6fee3e7a2322feaf46a1e120", "1eab8af346d74aa7050885c4f2a550140490e51ec65270f46df7b4e31ed76518", "9f48c80329b8f5da714681b029fed3f1392075b7b29e814188f51b3b9512592d", "2526749816b6832a4ce55f2a1a3ae283d8b11f96fe64eed75e7d04f46a63dd17", "4249ca992541801b3f6190210b85710380ce3ba7fc08082605c618a348a9339d", "9d43f7cbd00106eb67d4b0afaa7d5aeaddff4d453d1d53d4e2bb370529a0ac46", "ac2f9c84da5c87cce522edb5e12035aa0993687be931dd0afcba4ea85a602d96", "7252a7a296652a83ecee9a84db2ae010978e9fbb85dd7a32611895205be64db3", "994a464d76c2ccb4c53bc4e17316ded24f12f99fcc2d5a083c625279225a2fc3", "0a431cee114ef2f1f805c00261b1bff23aaf39a80f42ecdfcde1001acfa95581", "f15307fc5af93f23c30f79c1132c55e984215418670a7679f4e6be9eb7f04e79", "e5cd9eb83f3a3ffe35c28efcb98ed20bdf308800bf559fca6af43d9f092d3edd", "50b4ac7bfec05cb4eb9b2aefdbbc5787176600baf13124bad795a1791e9d5fbd", "2e2ae4f73c2817bcec1b3f5671f1f403fad5109ca3202bcfea152665a3a8b5de", "9f28c47a99c998d1356d26e1a56fdd16fd05ca945ca21881dc2bbc8d9ef7e5de", "c45982c94f7385350d087a48609099c9edc7600aab87a5f1b1e9ed2e65f2f463", "7272c0a27bbc3a4b6e66a259f4783aff668b27f47c9ca5ff0408e5d8a960982d", "8641148dc8b6350e9511a70a0b48ef7011cec13a0dbccf5e1e11d8adfe73dbfe", "1d2e817ba7bdce32aa0e35d96e06747fc07674fcdd713782053b0d565a108ba1", "658b6cb0f9eca4f860564dbfd1543fe50f4e64f42e5343427fd87c0bcafb5f61", "466302e97762ba8ef4c7f5d29c5e6053477e2874fb0746b69045bea44a450669", "ca3f6b91f5ecc73cc345c8b5aa721a2e7c8764bdb0d4e0e65049f1da070878e9", "28e14e1fc2315b99f94837b05a6a667d09cd5b233667816b655dae466ffc565c", "1e2f585e39a12ed54438a32616fbd89fbabd641272f9ae363e2786a4e2196c2f", "f61b319384aede6830480b70cb378988f4e09e401656b7c325d96bdbdc1ce9ce"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "pe-uses-visual-basic", "hashes": ["4b068e62f1dfdeacfe1906a205aa83c05982b0d52231f834da95d6bc17e61a8e", "85b66b7fa25bfc1278f9f09ed9be8fede81f6f7118cf400ab5aacc85cb5d9e4d", "3e77d5838b700052a52026055ea50e6159e7867821ea66214238e10e2a2d5453", "3671072022208362d29582ab31b21bcc9972a82b6fee3e7a2322feaf46a1e120", "1eab8af346d74aa7050885c4f2a550140490e51ec65270f46df7b4e31ed76518", "9f48c80329b8f5da714681b029fed3f1392075b7b29e814188f51b3b9512592d", "2526749816b6832a4ce55f2a1a3ae283d8b11f96fe64eed75e7d04f46a63dd17", "4249ca992541801b3f6190210b85710380ce3ba7fc08082605c618a348a9339d", "9d43f7cbd00106eb67d4b0afaa7d5aeaddff4d453d1d53d4e2bb370529a0ac46", "ac2f9c84da5c87cce522edb5e12035aa0993687be931dd0afcba4ea85a602d96", "7252a7a296652a83ecee9a84db2ae010978e9fbb85dd7a32611895205be64db3", "994a464d76c2ccb4c53bc4e17316ded24f12f99fcc2d5a083c625279225a2fc3", "0a431cee114ef2f1f805c00261b1bff23aaf39a80f42ecdfcde1001acfa95581", "f15307fc5af93f23c30f79c1132c55e984215418670a7679f4e6be9eb7f04e79", "e5cd9eb83f3a3ffe35c28efcb98ed20bdf308800bf559fca6af43d9f092d3edd", "50b4ac7bfec05cb4eb9b2aefdbbc5787176600baf13124bad795a1791e9d5fbd", "2e2ae4f73c2817bcec1b3f5671f1f403fad5109ca3202bcfea152665a3a8b5de", "9f28c47a99c998d1356d26e1a56fdd16fd05ca945ca21881dc2bbc8d9ef7e5de", "c45982c94f7385350d087a48609099c9edc7600aab87a5f1b1e9ed2e65f2f463", "7272c0a27bbc3a4b6e66a259f4783aff668b27f47c9ca5ff0408e5d8a960982d", "8641148dc8b6350e9511a70a0b48ef7011cec13a0dbccf5e1e11d8adfe73dbfe", "1d2e817ba7bdce32aa0e35d96e06747fc07674fcdd713782053b0d565a108ba1", "658b6cb0f9eca4f860564dbfd1543fe50f4e64f42e5343427fd87c0bcafb5f61", "466302e97762ba8ef4c7f5d29c5e6053477e2874fb0746b69045bea44a450669", "ca3f6b91f5ecc73cc345c8b5aa721a2e7c8764bdb0d4e0e65049f1da070878e9", "28e14e1fc2315b99f94837b05a6a667d09cd5b233667816b655dae466ffc565c", "1e2f585e39a12ed54438a32616fbd89fbabd641272f9ae363e2786a4e2196c2f", "f61b319384aede6830480b70cb378988f4e09e401656b7c325d96bdbdc1ce9ce"], "mitre_attack_tags": []}, {"bi": "malware-known-trojan-av", "hashes": ["4b068e62f1dfdeacfe1906a205aa83c05982b0d52231f834da95d6bc17e61a8e", "85b66b7fa25bfc1278f9f09ed9be8fede81f6f7118cf400ab5aacc85cb5d9e4d", "3e77d5838b700052a52026055ea50e6159e7867821ea66214238e10e2a2d5453", "3671072022208362d29582ab31b21bcc9972a82b6fee3e7a2322feaf46a1e120", "1eab8af346d74aa7050885c4f2a550140490e51ec65270f46df7b4e31ed76518", "9f48c80329b8f5da714681b029fed3f1392075b7b29e814188f51b3b9512592d", "2526749816b6832a4ce55f2a1a3ae283d8b11f96fe64eed75e7d04f46a63dd17", "4249ca992541801b3f6190210b85710380ce3ba7fc08082605c618a348a9339d", "9d43f7cbd00106eb67d4b0afaa7d5aeaddff4d453d1d53d4e2bb370529a0ac46", "ac2f9c84da5c87cce522edb5e12035aa0993687be931dd0afcba4ea85a602d96", "7252a7a296652a83ecee9a84db2ae010978e9fbb85dd7a32611895205be64db3", "994a464d76c2ccb4c53bc4e17316ded24f12f99fcc2d5a083c625279225a2fc3", "0a431cee114ef2f1f805c00261b1bff23aaf39a80f42ecdfcde1001acfa95581", "f15307fc5af93f23c30f79c1132c55e984215418670a7679f4e6be9eb7f04e79", "e5cd9eb83f3a3ffe35c28efcb98ed20bdf308800bf559fca6af43d9f092d3edd", "50b4ac7bfec05cb4eb9b2aefdbbc5787176600baf13124bad795a1791e9d5fbd", "2e2ae4f73c2817bcec1b3f5671f1f403fad5109ca3202bcfea152665a3a8b5de", "9f28c47a99c998d1356d26e1a56fdd16fd05ca945ca21881dc2bbc8d9ef7e5de", "c45982c94f7385350d087a48609099c9edc7600aab87a5f1b1e9ed2e65f2f463", "7272c0a27bbc3a4b6e66a259f4783aff668b27f47c9ca5ff0408e5d8a960982d", "8641148dc8b6350e9511a70a0b48ef7011cec13a0dbccf5e1e11d8adfe73dbfe", "1d2e817ba7bdce32aa0e35d96e06747fc07674fcdd713782053b0d565a108ba1", "658b6cb0f9eca4f860564dbfd1543fe50f4e64f42e5343427fd87c0bcafb5f61", "466302e97762ba8ef4c7f5d29c5e6053477e2874fb0746b69045bea44a450669", "ca3f6b91f5ecc73cc345c8b5aa721a2e7c8764bdb0d4e0e65049f1da070878e9", "28e14e1fc2315b99f94837b05a6a667d09cd5b233667816b655dae466ffc565c", "1e2f585e39a12ed54438a32616fbd89fbabd641272f9ae363e2786a4e2196c2f", "f61b319384aede6830480b70cb378988f4e09e401656b7c325d96bdbdc1ce9ce"], "mitre_attack_tags": []}, {"bi": "sample-launched-copy-of-self", "hashes": ["4b068e62f1dfdeacfe1906a205aa83c05982b0d52231f834da95d6bc17e61a8e", "85b66b7fa25bfc1278f9f09ed9be8fede81f6f7118cf400ab5aacc85cb5d9e4d", "3e77d5838b700052a52026055ea50e6159e7867821ea66214238e10e2a2d5453", "3671072022208362d29582ab31b21bcc9972a82b6fee3e7a2322feaf46a1e120", "1eab8af346d74aa7050885c4f2a550140490e51ec65270f46df7b4e31ed76518", "9f48c80329b8f5da714681b029fed3f1392075b7b29e814188f51b3b9512592d", "2526749816b6832a4ce55f2a1a3ae283d8b11f96fe64eed75e7d04f46a63dd17", "4249ca992541801b3f6190210b85710380ce3ba7fc08082605c618a348a9339d", "9d43f7cbd00106eb67d4b0afaa7d5aeaddff4d453d1d53d4e2bb370529a0ac46", "ac2f9c84da5c87cce522edb5e12035aa0993687be931dd0afcba4ea85a602d96", "7252a7a296652a83ecee9a84db2ae010978e9fbb85dd7a32611895205be64db3", "994a464d76c2ccb4c53bc4e17316ded24f12f99fcc2d5a083c625279225a2fc3", "0a431cee114ef2f1f805c00261b1bff23aaf39a80f42ecdfcde1001acfa95581", "f15307fc5af93f23c30f79c1132c55e984215418670a7679f4e6be9eb7f04e79", "e5cd9eb83f3a3ffe35c28efcb98ed20bdf308800bf559fca6af43d9f092d3edd", "50b4ac7bfec05cb4eb9b2aefdbbc5787176600baf13124bad795a1791e9d5fbd", "2e2ae4f73c2817bcec1b3f5671f1f403fad5109ca3202bcfea152665a3a8b5de", "9f28c47a99c998d1356d26e1a56fdd16fd05ca945ca21881dc2bbc8d9ef7e5de", "c45982c94f7385350d087a48609099c9edc7600aab87a5f1b1e9ed2e65f2f463", "7272c0a27bbc3a4b6e66a259f4783aff668b27f47c9ca5ff0408e5d8a960982d", "8641148dc8b6350e9511a70a0b48ef7011cec13a0dbccf5e1e11d8adfe73dbfe", "1d2e817ba7bdce32aa0e35d96e06747fc07674fcdd713782053b0d565a108ba1", "658b6cb0f9eca4f860564dbfd1543fe50f4e64f42e5343427fd87c0bcafb5f61", "466302e97762ba8ef4c7f5d29c5e6053477e2874fb0746b69045bea44a450669", "ca3f6b91f5ecc73cc345c8b5aa721a2e7c8764bdb0d4e0e65049f1da070878e9", "28e14e1fc2315b99f94837b05a6a667d09cd5b233667816b655dae466ffc565c", "1e2f585e39a12ed54438a32616fbd89fbabd641272f9ae363e2786a4e2196c2f", "f61b319384aede6830480b70cb378988f4e09e401656b7c325d96bdbdc1ce9ce"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "artifact-windows-task", "hashes": ["4b068e62f1dfdeacfe1906a205aa83c05982b0d52231f834da95d6bc17e61a8e", "85b66b7fa25bfc1278f9f09ed9be8fede81f6f7118cf400ab5aacc85cb5d9e4d", "3e77d5838b700052a52026055ea50e6159e7867821ea66214238e10e2a2d5453", "3671072022208362d29582ab31b21bcc9972a82b6fee3e7a2322feaf46a1e120", "1eab8af346d74aa7050885c4f2a550140490e51ec65270f46df7b4e31ed76518", "9f48c80329b8f5da714681b029fed3f1392075b7b29e814188f51b3b9512592d", "2526749816b6832a4ce55f2a1a3ae283d8b11f96fe64eed75e7d04f46a63dd17", "4249ca992541801b3f6190210b85710380ce3ba7fc08082605c618a348a9339d", "9d43f7cbd00106eb67d4b0afaa7d5aeaddff4d453d1d53d4e2bb370529a0ac46", "ac2f9c84da5c87cce522edb5e12035aa0993687be931dd0afcba4ea85a602d96", "7252a7a296652a83ecee9a84db2ae010978e9fbb85dd7a32611895205be64db3", "994a464d76c2ccb4c53bc4e17316ded24f12f99fcc2d5a083c625279225a2fc3", "0a431cee114ef2f1f805c00261b1bff23aaf39a80f42ecdfcde1001acfa95581", "f15307fc5af93f23c30f79c1132c55e984215418670a7679f4e6be9eb7f04e79", "e5cd9eb83f3a3ffe35c28efcb98ed20bdf308800bf559fca6af43d9f092d3edd", "50b4ac7bfec05cb4eb9b2aefdbbc5787176600baf13124bad795a1791e9d5fbd", "2e2ae4f73c2817bcec1b3f5671f1f403fad5109ca3202bcfea152665a3a8b5de", "9f28c47a99c998d1356d26e1a56fdd16fd05ca945ca21881dc2bbc8d9ef7e5de", "c45982c94f7385350d087a48609099c9edc7600aab87a5f1b1e9ed2e65f2f463", "7272c0a27bbc3a4b6e66a259f4783aff668b27f47c9ca5ff0408e5d8a960982d", "8641148dc8b6350e9511a70a0b48ef7011cec13a0dbccf5e1e11d8adfe73dbfe", "1d2e817ba7bdce32aa0e35d96e06747fc07674fcdd713782053b0d565a108ba1", "658b6cb0f9eca4f860564dbfd1543fe50f4e64f42e5343427fd87c0bcafb5f61", "466302e97762ba8ef4c7f5d29c5e6053477e2874fb0746b69045bea44a450669", "ca3f6b91f5ecc73cc345c8b5aa721a2e7c8764bdb0d4e0e65049f1da070878e9", "28e14e1fc2315b99f94837b05a6a667d09cd5b233667816b655dae466ffc565c", "1e2f585e39a12ed54438a32616fbd89fbabd641272f9ae363e2786a4e2196c2f", "f61b319384aede6830480b70cb378988f4e09e401656b7c325d96bdbdc1ce9ce"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1053"]}, {"bi": "public-ip-address-identification-attempt", "hashes": ["4b068e62f1dfdeacfe1906a205aa83c05982b0d52231f834da95d6bc17e61a8e", "85b66b7fa25bfc1278f9f09ed9be8fede81f6f7118cf400ab5aacc85cb5d9e4d", "3e77d5838b700052a52026055ea50e6159e7867821ea66214238e10e2a2d5453", "3671072022208362d29582ab31b21bcc9972a82b6fee3e7a2322feaf46a1e120", "1eab8af346d74aa7050885c4f2a550140490e51ec65270f46df7b4e31ed76518", "9f48c80329b8f5da714681b029fed3f1392075b7b29e814188f51b3b9512592d", "2526749816b6832a4ce55f2a1a3ae283d8b11f96fe64eed75e7d04f46a63dd17", "4249ca992541801b3f6190210b85710380ce3ba7fc08082605c618a348a9339d", "9d43f7cbd00106eb67d4b0afaa7d5aeaddff4d453d1d53d4e2bb370529a0ac46", "ac2f9c84da5c87cce522edb5e12035aa0993687be931dd0afcba4ea85a602d96", "7252a7a296652a83ecee9a84db2ae010978e9fbb85dd7a32611895205be64db3", "994a464d76c2ccb4c53bc4e17316ded24f12f99fcc2d5a083c625279225a2fc3", "0a431cee114ef2f1f805c00261b1bff23aaf39a80f42ecdfcde1001acfa95581", "f15307fc5af93f23c30f79c1132c55e984215418670a7679f4e6be9eb7f04e79", "e5cd9eb83f3a3ffe35c28efcb98ed20bdf308800bf559fca6af43d9f092d3edd", "50b4ac7bfec05cb4eb9b2aefdbbc5787176600baf13124bad795a1791e9d5fbd", "2e2ae4f73c2817bcec1b3f5671f1f403fad5109ca3202bcfea152665a3a8b5de", "9f28c47a99c998d1356d26e1a56fdd16fd05ca945ca21881dc2bbc8d9ef7e5de", "c45982c94f7385350d087a48609099c9edc7600aab87a5f1b1e9ed2e65f2f463", "7272c0a27bbc3a4b6e66a259f4783aff668b27f47c9ca5ff0408e5d8a960982d", "8641148dc8b6350e9511a70a0b48ef7011cec13a0dbccf5e1e11d8adfe73dbfe", "1d2e817ba7bdce32aa0e35d96e06747fc07674fcdd713782053b0d565a108ba1", "658b6cb0f9eca4f860564dbfd1543fe50f4e64f42e5343427fd87c0bcafb5f61", "466302e97762ba8ef4c7f5d29c5e6053477e2874fb0746b69045bea44a450669", "ca3f6b91f5ecc73cc345c8b5aa721a2e7c8764bdb0d4e0e65049f1da070878e9", "28e14e1fc2315b99f94837b05a6a667d09cd5b233667816b655dae466ffc565c", "1e2f585e39a12ed54438a32616fbd89fbabd641272f9ae363e2786a4e2196c2f", "f61b319384aede6830480b70cb378988f4e09e401656b7c325d96bdbdc1ce9ce"], "mitre_attack_tags": ["TA0007", "T1082", "T1016"]}, {"bi": "unsigned-roaming-execution", "hashes": ["4b068e62f1dfdeacfe1906a205aa83c05982b0d52231f834da95d6bc17e61a8e", "85b66b7fa25bfc1278f9f09ed9be8fede81f6f7118cf400ab5aacc85cb5d9e4d", "3e77d5838b700052a52026055ea50e6159e7867821ea66214238e10e2a2d5453", "3671072022208362d29582ab31b21bcc9972a82b6fee3e7a2322feaf46a1e120", "1eab8af346d74aa7050885c4f2a550140490e51ec65270f46df7b4e31ed76518", "9f48c80329b8f5da714681b029fed3f1392075b7b29e814188f51b3b9512592d", "2526749816b6832a4ce55f2a1a3ae283d8b11f96fe64eed75e7d04f46a63dd17", "4249ca992541801b3f6190210b85710380ce3ba7fc08082605c618a348a9339d", "9d43f7cbd00106eb67d4b0afaa7d5aeaddff4d453d1d53d4e2bb370529a0ac46", "ac2f9c84da5c87cce522edb5e12035aa0993687be931dd0afcba4ea85a602d96", "7252a7a296652a83ecee9a84db2ae010978e9fbb85dd7a32611895205be64db3", "994a464d76c2ccb4c53bc4e17316ded24f12f99fcc2d5a083c625279225a2fc3", "0a431cee114ef2f1f805c00261b1bff23aaf39a80f42ecdfcde1001acfa95581", "f15307fc5af93f23c30f79c1132c55e984215418670a7679f4e6be9eb7f04e79", "e5cd9eb83f3a3ffe35c28efcb98ed20bdf308800bf559fca6af43d9f092d3edd", "50b4ac7bfec05cb4eb9b2aefdbbc5787176600baf13124bad795a1791e9d5fbd", "2e2ae4f73c2817bcec1b3f5671f1f403fad5109ca3202bcfea152665a3a8b5de", "9f28c47a99c998d1356d26e1a56fdd16fd05ca945ca21881dc2bbc8d9ef7e5de", "c45982c94f7385350d087a48609099c9edc7600aab87a5f1b1e9ed2e65f2f463", "7272c0a27bbc3a4b6e66a259f4783aff668b27f47c9ca5ff0408e5d8a960982d", "8641148dc8b6350e9511a70a0b48ef7011cec13a0dbccf5e1e11d8adfe73dbfe", "1d2e817ba7bdce32aa0e35d96e06747fc07674fcdd713782053b0d565a108ba1", "658b6cb0f9eca4f860564dbfd1543fe50f4e64f42e5343427fd87c0bcafb5f61", "466302e97762ba8ef4c7f5d29c5e6053477e2874fb0746b69045bea44a450669", "ca3f6b91f5ecc73cc345c8b5aa721a2e7c8764bdb0d4e0e65049f1da070878e9", "28e14e1fc2315b99f94837b05a6a667d09cd5b233667816b655dae466ffc565c", "1e2f585e39a12ed54438a32616fbd89fbabd641272f9ae363e2786a4e2196c2f", "f61b319384aede6830480b70cb378988f4e09e401656b7c325d96bdbdc1ce9ce"], "mitre_attack_tags": ["TA0005"]}, {"bi": "process-hollowing-detected", "hashes": ["4b068e62f1dfdeacfe1906a205aa83c05982b0d52231f834da95d6bc17e61a8e", "85b66b7fa25bfc1278f9f09ed9be8fede81f6f7118cf400ab5aacc85cb5d9e4d", "3e77d5838b700052a52026055ea50e6159e7867821ea66214238e10e2a2d5453", "3671072022208362d29582ab31b21bcc9972a82b6fee3e7a2322feaf46a1e120", "1eab8af346d74aa7050885c4f2a550140490e51ec65270f46df7b4e31ed76518", "9f48c80329b8f5da714681b029fed3f1392075b7b29e814188f51b3b9512592d", "2526749816b6832a4ce55f2a1a3ae283d8b11f96fe64eed75e7d04f46a63dd17", "4249ca992541801b3f6190210b85710380ce3ba7fc08082605c618a348a9339d", "9d43f7cbd00106eb67d4b0afaa7d5aeaddff4d453d1d53d4e2bb370529a0ac46", "ac2f9c84da5c87cce522edb5e12035aa0993687be931dd0afcba4ea85a602d96", "7252a7a296652a83ecee9a84db2ae010978e9fbb85dd7a32611895205be64db3", "994a464d76c2ccb4c53bc4e17316ded24f12f99fcc2d5a083c625279225a2fc3", "0a431cee114ef2f1f805c00261b1bff23aaf39a80f42ecdfcde1001acfa95581", "f15307fc5af93f23c30f79c1132c55e984215418670a7679f4e6be9eb7f04e79", "e5cd9eb83f3a3ffe35c28efcb98ed20bdf308800bf559fca6af43d9f092d3edd", "50b4ac7bfec05cb4eb9b2aefdbbc5787176600baf13124bad795a1791e9d5fbd", "2e2ae4f73c2817bcec1b3f5671f1f403fad5109ca3202bcfea152665a3a8b5de", "9f28c47a99c998d1356d26e1a56fdd16fd05ca945ca21881dc2bbc8d9ef7e5de", "c45982c94f7385350d087a48609099c9edc7600aab87a5f1b1e9ed2e65f2f463", "7272c0a27bbc3a4b6e66a259f4783aff668b27f47c9ca5ff0408e5d8a960982d", "8641148dc8b6350e9511a70a0b48ef7011cec13a0dbccf5e1e11d8adfe73dbfe", "1d2e817ba7bdce32aa0e35d96e06747fc07674fcdd713782053b0d565a108ba1", "658b6cb0f9eca4f860564dbfd1543fe50f4e64f42e5343427fd87c0bcafb5f61", "466302e97762ba8ef4c7f5d29c5e6053477e2874fb0746b69045bea44a450669", "ca3f6b91f5ecc73cc345c8b5aa721a2e7c8764bdb0d4e0e65049f1da070878e9", "28e14e1fc2315b99f94837b05a6a667d09cd5b233667816b655dae466ffc565c", "1e2f585e39a12ed54438a32616fbd89fbabd641272f9ae363e2786a4e2196c2f", "f61b319384aede6830480b70cb378988f4e09e401656b7c325d96bdbdc1ce9ce"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "malware-trickbot-mutex", "hashes": ["4b068e62f1dfdeacfe1906a205aa83c05982b0d52231f834da95d6bc17e61a8e", "85b66b7fa25bfc1278f9f09ed9be8fede81f6f7118cf400ab5aacc85cb5d9e4d", "3e77d5838b700052a52026055ea50e6159e7867821ea66214238e10e2a2d5453", "3671072022208362d29582ab31b21bcc9972a82b6fee3e7a2322feaf46a1e120", "1eab8af346d74aa7050885c4f2a550140490e51ec65270f46df7b4e31ed76518", "9f48c80329b8f5da714681b029fed3f1392075b7b29e814188f51b3b9512592d", "2526749816b6832a4ce55f2a1a3ae283d8b11f96fe64eed75e7d04f46a63dd17", "4249ca992541801b3f6190210b85710380ce3ba7fc08082605c618a348a9339d", "9d43f7cbd00106eb67d4b0afaa7d5aeaddff4d453d1d53d4e2bb370529a0ac46", "ac2f9c84da5c87cce522edb5e12035aa0993687be931dd0afcba4ea85a602d96", "7252a7a296652a83ecee9a84db2ae010978e9fbb85dd7a32611895205be64db3", "994a464d76c2ccb4c53bc4e17316ded24f12f99fcc2d5a083c625279225a2fc3", "0a431cee114ef2f1f805c00261b1bff23aaf39a80f42ecdfcde1001acfa95581", "f15307fc5af93f23c30f79c1132c55e984215418670a7679f4e6be9eb7f04e79", "e5cd9eb83f3a3ffe35c28efcb98ed20bdf308800bf559fca6af43d9f092d3edd", "50b4ac7bfec05cb4eb9b2aefdbbc5787176600baf13124bad795a1791e9d5fbd", "2e2ae4f73c2817bcec1b3f5671f1f403fad5109ca3202bcfea152665a3a8b5de", "9f28c47a99c998d1356d26e1a56fdd16fd05ca945ca21881dc2bbc8d9ef7e5de", "c45982c94f7385350d087a48609099c9edc7600aab87a5f1b1e9ed2e65f2f463", "7272c0a27bbc3a4b6e66a259f4783aff668b27f47c9ca5ff0408e5d8a960982d", "8641148dc8b6350e9511a70a0b48ef7011cec13a0dbccf5e1e11d8adfe73dbfe", "1d2e817ba7bdce32aa0e35d96e06747fc07674fcdd713782053b0d565a108ba1", "658b6cb0f9eca4f860564dbfd1543fe50f4e64f42e5343427fd87c0bcafb5f61", "466302e97762ba8ef4c7f5d29c5e6053477e2874fb0746b69045bea44a450669", "ca3f6b91f5ecc73cc345c8b5aa721a2e7c8764bdb0d4e0e65049f1da070878e9", "28e14e1fc2315b99f94837b05a6a667d09cd5b233667816b655dae466ffc565c", "1e2f585e39a12ed54438a32616fbd89fbabd641272f9ae363e2786a4e2196c2f", "f61b319384aede6830480b70cb378988f4e09e401656b7c325d96bdbdc1ce9ce"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "task-ran-using-system-account", "hashes": ["4b068e62f1dfdeacfe1906a205aa83c05982b0d52231f834da95d6bc17e61a8e", "85b66b7fa25bfc1278f9f09ed9be8fede81f6f7118cf400ab5aacc85cb5d9e4d", "3e77d5838b700052a52026055ea50e6159e7867821ea66214238e10e2a2d5453", "3671072022208362d29582ab31b21bcc9972a82b6fee3e7a2322feaf46a1e120", "1eab8af346d74aa7050885c4f2a550140490e51ec65270f46df7b4e31ed76518", "9f48c80329b8f5da714681b029fed3f1392075b7b29e814188f51b3b9512592d", "2526749816b6832a4ce55f2a1a3ae283d8b11f96fe64eed75e7d04f46a63dd17", "4249ca992541801b3f6190210b85710380ce3ba7fc08082605c618a348a9339d", "9d43f7cbd00106eb67d4b0afaa7d5aeaddff4d453d1d53d4e2bb370529a0ac46", "ac2f9c84da5c87cce522edb5e12035aa0993687be931dd0afcba4ea85a602d96", "7252a7a296652a83ecee9a84db2ae010978e9fbb85dd7a32611895205be64db3", "994a464d76c2ccb4c53bc4e17316ded24f12f99fcc2d5a083c625279225a2fc3", "0a431cee114ef2f1f805c00261b1bff23aaf39a80f42ecdfcde1001acfa95581", "f15307fc5af93f23c30f79c1132c55e984215418670a7679f4e6be9eb7f04e79", "e5cd9eb83f3a3ffe35c28efcb98ed20bdf308800bf559fca6af43d9f092d3edd", "50b4ac7bfec05cb4eb9b2aefdbbc5787176600baf13124bad795a1791e9d5fbd", "2e2ae4f73c2817bcec1b3f5671f1f403fad5109ca3202bcfea152665a3a8b5de", "9f28c47a99c998d1356d26e1a56fdd16fd05ca945ca21881dc2bbc8d9ef7e5de", "c45982c94f7385350d087a48609099c9edc7600aab87a5f1b1e9ed2e65f2f463", "7272c0a27bbc3a4b6e66a259f4783aff668b27f47c9ca5ff0408e5d8a960982d", "8641148dc8b6350e9511a70a0b48ef7011cec13a0dbccf5e1e11d8adfe73dbfe", "1d2e817ba7bdce32aa0e35d96e06747fc07674fcdd713782053b0d565a108ba1", "658b6cb0f9eca4f860564dbfd1543fe50f4e64f42e5343427fd87c0bcafb5f61", "466302e97762ba8ef4c7f5d29c5e6053477e2874fb0746b69045bea44a450669", "ca3f6b91f5ecc73cc345c8b5aa721a2e7c8764bdb0d4e0e65049f1da070878e9", "28e14e1fc2315b99f94837b05a6a667d09cd5b233667816b655dae466ffc565c", "1e2f585e39a12ed54438a32616fbd89fbabd641272f9ae363e2786a4e2196c2f", "f61b319384aede6830480b70cb378988f4e09e401656b7c325d96bdbdc1ce9ce"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1053"]}, {"bi": "registry-windows-defender-exclusions-added", "hashes": ["4b068e62f1dfdeacfe1906a205aa83c05982b0d52231f834da95d6bc17e61a8e", "85b66b7fa25bfc1278f9f09ed9be8fede81f6f7118cf400ab5aacc85cb5d9e4d", "3e77d5838b700052a52026055ea50e6159e7867821ea66214238e10e2a2d5453", "3671072022208362d29582ab31b21bcc9972a82b6fee3e7a2322feaf46a1e120", "1eab8af346d74aa7050885c4f2a550140490e51ec65270f46df7b4e31ed76518", "9f48c80329b8f5da714681b029fed3f1392075b7b29e814188f51b3b9512592d", "2526749816b6832a4ce55f2a1a3ae283d8b11f96fe64eed75e7d04f46a63dd17", "4249ca992541801b3f6190210b85710380ce3ba7fc08082605c618a348a9339d", "9d43f7cbd00106eb67d4b0afaa7d5aeaddff4d453d1d53d4e2bb370529a0ac46", "ac2f9c84da5c87cce522edb5e12035aa0993687be931dd0afcba4ea85a602d96", "7252a7a296652a83ecee9a84db2ae010978e9fbb85dd7a32611895205be64db3", "994a464d76c2ccb4c53bc4e17316ded24f12f99fcc2d5a083c625279225a2fc3", "0a431cee114ef2f1f805c00261b1bff23aaf39a80f42ecdfcde1001acfa95581", "f15307fc5af93f23c30f79c1132c55e984215418670a7679f4e6be9eb7f04e79", "e5cd9eb83f3a3ffe35c28efcb98ed20bdf308800bf559fca6af43d9f092d3edd", "50b4ac7bfec05cb4eb9b2aefdbbc5787176600baf13124bad795a1791e9d5fbd", "2e2ae4f73c2817bcec1b3f5671f1f403fad5109ca3202bcfea152665a3a8b5de", "9f28c47a99c998d1356d26e1a56fdd16fd05ca945ca21881dc2bbc8d9ef7e5de", "c45982c94f7385350d087a48609099c9edc7600aab87a5f1b1e9ed2e65f2f463", "7272c0a27bbc3a4b6e66a259f4783aff668b27f47c9ca5ff0408e5d8a960982d", "8641148dc8b6350e9511a70a0b48ef7011cec13a0dbccf5e1e11d8adfe73dbfe", "1d2e817ba7bdce32aa0e35d96e06747fc07674fcdd713782053b0d565a108ba1", "658b6cb0f9eca4f860564dbfd1543fe50f4e64f42e5343427fd87c0bcafb5f61", "466302e97762ba8ef4c7f5d29c5e6053477e2874fb0746b69045bea44a450669", "ca3f6b91f5ecc73cc345c8b5aa721a2e7c8764bdb0d4e0e65049f1da070878e9", "28e14e1fc2315b99f94837b05a6a667d09cd5b233667816b655dae466ffc565c", "1e2f585e39a12ed54438a32616fbd89fbabd641272f9ae363e2786a4e2196c2f", "f61b319384aede6830480b70cb378988f4e09e401656b7c325d96bdbdc1ce9ce"], "mitre_attack_tags": ["TA0005", "T1562"]}, {"bi": "malware-trojan-trickbot", "hashes": ["4b068e62f1dfdeacfe1906a205aa83c05982b0d52231f834da95d6bc17e61a8e", "85b66b7fa25bfc1278f9f09ed9be8fede81f6f7118cf400ab5aacc85cb5d9e4d", "3e77d5838b700052a52026055ea50e6159e7867821ea66214238e10e2a2d5453", "3671072022208362d29582ab31b21bcc9972a82b6fee3e7a2322feaf46a1e120", "1eab8af346d74aa7050885c4f2a550140490e51ec65270f46df7b4e31ed76518", "9f48c80329b8f5da714681b029fed3f1392075b7b29e814188f51b3b9512592d", "2526749816b6832a4ce55f2a1a3ae283d8b11f96fe64eed75e7d04f46a63dd17", "4249ca992541801b3f6190210b85710380ce3ba7fc08082605c618a348a9339d", "9d43f7cbd00106eb67d4b0afaa7d5aeaddff4d453d1d53d4e2bb370529a0ac46", "ac2f9c84da5c87cce522edb5e12035aa0993687be931dd0afcba4ea85a602d96", "7252a7a296652a83ecee9a84db2ae010978e9fbb85dd7a32611895205be64db3", "994a464d76c2ccb4c53bc4e17316ded24f12f99fcc2d5a083c625279225a2fc3", "0a431cee114ef2f1f805c00261b1bff23aaf39a80f42ecdfcde1001acfa95581", "f15307fc5af93f23c30f79c1132c55e984215418670a7679f4e6be9eb7f04e79", "e5cd9eb83f3a3ffe35c28efcb98ed20bdf308800bf559fca6af43d9f092d3edd", "50b4ac7bfec05cb4eb9b2aefdbbc5787176600baf13124bad795a1791e9d5fbd", "2e2ae4f73c2817bcec1b3f5671f1f403fad5109ca3202bcfea152665a3a8b5de", "9f28c47a99c998d1356d26e1a56fdd16fd05ca945ca21881dc2bbc8d9ef7e5de", "c45982c94f7385350d087a48609099c9edc7600aab87a5f1b1e9ed2e65f2f463", "7272c0a27bbc3a4b6e66a259f4783aff668b27f47c9ca5ff0408e5d8a960982d", "8641148dc8b6350e9511a70a0b48ef7011cec13a0dbccf5e1e11d8adfe73dbfe", "1d2e817ba7bdce32aa0e35d96e06747fc07674fcdd713782053b0d565a108ba1", "658b6cb0f9eca4f860564dbfd1543fe50f4e64f42e5343427fd87c0bcafb5f61", "466302e97762ba8ef4c7f5d29c5e6053477e2874fb0746b69045bea44a450669", "ca3f6b91f5ecc73cc345c8b5aa721a2e7c8764bdb0d4e0e65049f1da070878e9", "28e14e1fc2315b99f94837b05a6a667d09cd5b233667816b655dae466ffc565c", "1e2f585e39a12ed54438a32616fbd89fbabd641272f9ae363e2786a4e2196c2f", "f61b319384aede6830480b70cb378988f4e09e401656b7c325d96bdbdc1ce9ce"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "TA0009", "T1053", "T1005"]}, {"bi": "network-fast-flux-domain", "hashes": ["85b66b7fa25bfc1278f9f09ed9be8fede81f6f7118cf400ab5aacc85cb5d9e4d", "3e77d5838b700052a52026055ea50e6159e7867821ea66214238e10e2a2d5453", "9d43f7cbd00106eb67d4b0afaa7d5aeaddff4d453d1d53d4e2bb370529a0ac46", "7252a7a296652a83ecee9a84db2ae010978e9fbb85dd7a32611895205be64db3", "994a464d76c2ccb4c53bc4e17316ded24f12f99fcc2d5a083c625279225a2fc3", "0a431cee114ef2f1f805c00261b1bff23aaf39a80f42ecdfcde1001acfa95581", "f15307fc5af93f23c30f79c1132c55e984215418670a7679f4e6be9eb7f04e79", "e5cd9eb83f3a3ffe35c28efcb98ed20bdf308800bf559fca6af43d9f092d3edd", "9f28c47a99c998d1356d26e1a56fdd16fd05ca945ca21881dc2bbc8d9ef7e5de", "8641148dc8b6350e9511a70a0b48ef7011cec13a0dbccf5e1e11d8adfe73dbfe", "1d2e817ba7bdce32aa0e35d96e06747fc07674fcdd713782053b0d565a108ba1", "466302e97762ba8ef4c7f5d29c5e6053477e2874fb0746b69045bea44a450669", "f61b319384aede6830480b70cb378988f4e09e401656b7c325d96bdbdc1ce9ce"], "mitre_attack_tags": []}, {"bi": "http-response-redirect", "hashes": ["85b66b7fa25bfc1278f9f09ed9be8fede81f6f7118cf400ab5aacc85cb5d9e4d", "3e77d5838b700052a52026055ea50e6159e7867821ea66214238e10e2a2d5453", "3671072022208362d29582ab31b21bcc9972a82b6fee3e7a2322feaf46a1e120", "2526749816b6832a4ce55f2a1a3ae283d8b11f96fe64eed75e7d04f46a63dd17", "9d43f7cbd00106eb67d4b0afaa7d5aeaddff4d453d1d53d4e2bb370529a0ac46", "ac2f9c84da5c87cce522edb5e12035aa0993687be931dd0afcba4ea85a602d96", "7252a7a296652a83ecee9a84db2ae010978e9fbb85dd7a32611895205be64db3", "e5cd9eb83f3a3ffe35c28efcb98ed20bdf308800bf559fca6af43d9f092d3edd", "7272c0a27bbc3a4b6e66a259f4783aff668b27f47c9ca5ff0408e5d8a960982d", "ca3f6b91f5ecc73cc345c8b5aa721a2e7c8764bdb0d4e0e65049f1da070878e9", "f61b319384aede6830480b70cb378988f4e09e401656b7c325d96bdbdc1ce9ce"], "mitre_attack_tags": []}, {"bi": "registry-modified-rootcerts", "hashes": ["85b66b7fa25bfc1278f9f09ed9be8fede81f6f7118cf400ab5aacc85cb5d9e4d", "3671072022208362d29582ab31b21bcc9972a82b6fee3e7a2322feaf46a1e120", "2526749816b6832a4ce55f2a1a3ae283d8b11f96fe64eed75e7d04f46a63dd17", "9d43f7cbd00106eb67d4b0afaa7d5aeaddff4d453d1d53d4e2bb370529a0ac46", "7252a7a296652a83ecee9a84db2ae010978e9fbb85dd7a32611895205be64db3", "e5cd9eb83f3a3ffe35c28efcb98ed20bdf308800bf559fca6af43d9f092d3edd", "7272c0a27bbc3a4b6e66a259f4783aff668b27f47c9ca5ff0408e5d8a960982d", "ca3f6b91f5ecc73cc345c8b5aa721a2e7c8764bdb0d4e0e65049f1da070878e9", "f61b319384aede6830480b70cb378988f4e09e401656b7c325d96bdbdc1ce9ce"], "mitre_attack_tags": ["TA0005", "T1553"]}, {"bi": "feed-public-ip-check-dns", "hashes": ["85b66b7fa25bfc1278f9f09ed9be8fede81f6f7118cf400ab5aacc85cb5d9e4d", "3e77d5838b700052a52026055ea50e6159e7867821ea66214238e10e2a2d5453", "9d43f7cbd00106eb67d4b0afaa7d5aeaddff4d453d1d53d4e2bb370529a0ac46", "ac2f9c84da5c87cce522edb5e12035aa0993687be931dd0afcba4ea85a602d96", "f61b319384aede6830480b70cb378988f4e09e401656b7c325d96bdbdc1ce9ce"], "mitre_attack_tags": []}, {"bi": "network-snort-protocol", "hashes": ["85b66b7fa25bfc1278f9f09ed9be8fede81f6f7118cf400ab5aacc85cb5d9e4d", "3e77d5838b700052a52026055ea50e6159e7867821ea66214238e10e2a2d5453", "9d43f7cbd00106eb67d4b0afaa7d5aeaddff4d453d1d53d4e2bb370529a0ac46", "7252a7a296652a83ecee9a84db2ae010978e9fbb85dd7a32611895205be64db3"], "mitre_attack_tags": []}, {"bi": "http-response-client-error", "hashes": ["85b66b7fa25bfc1278f9f09ed9be8fede81f6f7118cf400ab5aacc85cb5d9e4d", "9d43f7cbd00106eb67d4b0afaa7d5aeaddff4d453d1d53d4e2bb370529a0ac46", "f61b319384aede6830480b70cb378988f4e09e401656b7c325d96bdbdc1ce9ce"], "mitre_attack_tags": []}, {"bi": "nginx-webserver-detected", "hashes": ["1eab8af346d74aa7050885c4f2a550140490e51ec65270f46df7b4e31ed76518", "9f48c80329b8f5da714681b029fed3f1392075b7b29e814188f51b3b9512592d", "658b6cb0f9eca4f860564dbfd1543fe50f4e64f42e5343427fd87c0bcafb5f61"], "mitre_attack_tags": []}, {"bi": "process-svchost-suspicious-launch", "hashes": ["85b66b7fa25bfc1278f9f09ed9be8fede81f6f7118cf400ab5aacc85cb5d9e4d"], "mitre_attack_tags": ["TA0005", "T1036"]}, {"bi": "malware-compound-cta-activity", "hashes": ["85b66b7fa25bfc1278f9f09ed9be8fede81f6f7118cf400ab5aacc85cb5d9e4d"], "mitre_attack_tags": []}], "category": "Malware", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": true, "Threat Grid": true, "Umbrella": false, "WSA": false}, "description": "TrickBot is a banking trojan targeting sensitive information for certain financial institutions. This malware is frequently distributed through malicious spam campaigns. Many of these campaigns rely on downloaders for distribution, such as VB scripts.", "hashes": ["0a431cee114ef2f1f805c00261b1bff23aaf39a80f42ecdfcde1001acfa95581", "1d2e817ba7bdce32aa0e35d96e06747fc07674fcdd713782053b0d565a108ba1", "1e2f585e39a12ed54438a32616fbd89fbabd641272f9ae363e2786a4e2196c2f", "1eab8af346d74aa7050885c4f2a550140490e51ec65270f46df7b4e31ed76518", "2526749816b6832a4ce55f2a1a3ae283d8b11f96fe64eed75e7d04f46a63dd17", "28e14e1fc2315b99f94837b05a6a667d09cd5b233667816b655dae466ffc565c", "2e2ae4f73c2817bcec1b3f5671f1f403fad5109ca3202bcfea152665a3a8b5de", "3671072022208362d29582ab31b21bcc9972a82b6fee3e7a2322feaf46a1e120", "3e77d5838b700052a52026055ea50e6159e7867821ea66214238e10e2a2d5453", "4249ca992541801b3f6190210b85710380ce3ba7fc08082605c618a348a9339d", "466302e97762ba8ef4c7f5d29c5e6053477e2874fb0746b69045bea44a450669", "4b068e62f1dfdeacfe1906a205aa83c05982b0d52231f834da95d6bc17e61a8e", "50b4ac7bfec05cb4eb9b2aefdbbc5787176600baf13124bad795a1791e9d5fbd", "658b6cb0f9eca4f860564dbfd1543fe50f4e64f42e5343427fd87c0bcafb5f61", "7252a7a296652a83ecee9a84db2ae010978e9fbb85dd7a32611895205be64db3", "7272c0a27bbc3a4b6e66a259f4783aff668b27f47c9ca5ff0408e5d8a960982d", "85b66b7fa25bfc1278f9f09ed9be8fede81f6f7118cf400ab5aacc85cb5d9e4d", "8641148dc8b6350e9511a70a0b48ef7011cec13a0dbccf5e1e11d8adfe73dbfe", "994a464d76c2ccb4c53bc4e17316ded24f12f99fcc2d5a083c625279225a2fc3", "9d43f7cbd00106eb67d4b0afaa7d5aeaddff4d453d1d53d4e2bb370529a0ac46", "9f28c47a99c998d1356d26e1a56fdd16fd05ca945ca21881dc2bbc8d9ef7e5de", "9f48c80329b8f5da714681b029fed3f1392075b7b29e814188f51b3b9512592d", "ac2f9c84da5c87cce522edb5e12035aa0993687be931dd0afcba4ea85a602d96", "c45982c94f7385350d087a48609099c9edc7600aab87a5f1b1e9ed2e65f2f463", "ca3f6b91f5ecc73cc345c8b5aa721a2e7c8764bdb0d4e0e65049f1da070878e9", "e5cd9eb83f3a3ffe35c28efcb98ed20bdf308800bf559fca6af43d9f092d3edd", "f15307fc5af93f23c30f79c1132c55e984215418670a7679f4e6be9eb7f04e79", "f61b319384aede6830480b70cb378988f4e09e401656b7c325d96bdbdc1ce9ce"], "iocs": {"domain": [{"hashes": ["2526749816b6832a4ce55f2a1a3ae283d8b11f96fe64eed75e7d04f46a63dd17", "3671072022208362d29582ab31b21bcc9972a82b6fee3e7a2322feaf46a1e120", "7252a7a296652a83ecee9a84db2ae010978e9fbb85dd7a32611895205be64db3", "7272c0a27bbc3a4b6e66a259f4783aff668b27f47c9ca5ff0408e5d8a960982d", "85b66b7fa25bfc1278f9f09ed9be8fede81f6f7118cf400ab5aacc85cb5d9e4d", "9d43f7cbd00106eb67d4b0afaa7d5aeaddff4d453d1d53d4e2bb370529a0ac46", "ca3f6b91f5ecc73cc345c8b5aa721a2e7c8764bdb0d4e0e65049f1da070878e9", "e5cd9eb83f3a3ffe35c28efcb98ed20bdf308800bf559fca6af43d9f092d3edd", "f61b319384aede6830480b70cb378988f4e09e401656b7c325d96bdbdc1ce9ce"], "host": "myexternalip[.]com"}, {"hashes": ["1d2e817ba7bdce32aa0e35d96e06747fc07674fcdd713782053b0d565a108ba1", "2526749816b6832a4ce55f2a1a3ae283d8b11f96fe64eed75e7d04f46a63dd17", "4249ca992541801b3f6190210b85710380ce3ba7fc08082605c618a348a9339d", "8641148dc8b6350e9511a70a0b48ef7011cec13a0dbccf5e1e11d8adfe73dbfe", "994a464d76c2ccb4c53bc4e17316ded24f12f99fcc2d5a083c625279225a2fc3"], "host": "elb097307-934924932[.]us-east-1[.]elb[.]amazonaws[.]com"}, {"hashes": ["1d2e817ba7bdce32aa0e35d96e06747fc07674fcdd713782053b0d565a108ba1", "2526749816b6832a4ce55f2a1a3ae283d8b11f96fe64eed75e7d04f46a63dd17", "4249ca992541801b3f6190210b85710380ce3ba7fc08082605c618a348a9339d", "8641148dc8b6350e9511a70a0b48ef7011cec13a0dbccf5e1e11d8adfe73dbfe", "994a464d76c2ccb4c53bc4e17316ded24f12f99fcc2d5a083c625279225a2fc3"], "host": "api[.]ipify[.]org"}, {"hashes": ["3e77d5838b700052a52026055ea50e6159e7867821ea66214238e10e2a2d5453", "4b068e62f1dfdeacfe1906a205aa83c05982b0d52231f834da95d6bc17e61a8e", "50b4ac7bfec05cb4eb9b2aefdbbc5787176600baf13124bad795a1791e9d5fbd", "ac2f9c84da5c87cce522edb5e12035aa0993687be931dd0afcba4ea85a602d96"], "host": "ipinfo[.]io"}, {"hashes": ["1e2f585e39a12ed54438a32616fbd89fbabd641272f9ae363e2786a4e2196c2f", "1eab8af346d74aa7050885c4f2a550140490e51ec65270f46df7b4e31ed76518", "466302e97762ba8ef4c7f5d29c5e6053477e2874fb0746b69045bea44a450669", "9f48c80329b8f5da714681b029fed3f1392075b7b29e814188f51b3b9512592d"], "host": "wtfismyip[.]com"}, {"hashes": ["85b66b7fa25bfc1278f9f09ed9be8fede81f6f7118cf400ab5aacc85cb5d9e4d", "9d43f7cbd00106eb67d4b0afaa7d5aeaddff4d453d1d53d4e2bb370529a0ac46", "f61b319384aede6830480b70cb378988f4e09e401656b7c325d96bdbdc1ce9ce"], "host": "icanhazip[.]com"}, {"hashes": ["1eab8af346d74aa7050885c4f2a550140490e51ec65270f46df7b4e31ed76518", "658b6cb0f9eca4f860564dbfd1543fe50f4e64f42e5343427fd87c0bcafb5f61", "9f48c80329b8f5da714681b029fed3f1392075b7b29e814188f51b3b9512592d"], "host": "ip[.]anysrc[.]net"}, {"hashes": ["28e14e1fc2315b99f94837b05a6a667d09cd5b233667816b655dae466ffc565c", "3e77d5838b700052a52026055ea50e6159e7867821ea66214238e10e2a2d5453", "658b6cb0f9eca4f860564dbfd1543fe50f4e64f42e5343427fd87c0bcafb5f61"], "host": "checkip[.]us-east-1[.]prod[.]check-ip[.]aws[.]a2z[.]com"}, {"hashes": ["28e14e1fc2315b99f94837b05a6a667d09cd5b233667816b655dae466ffc565c", "3e77d5838b700052a52026055ea50e6159e7867821ea66214238e10e2a2d5453", "658b6cb0f9eca4f860564dbfd1543fe50f4e64f42e5343427fd87c0bcafb5f61"], "host": "checkip[.]amazonaws[.]com"}, {"hashes": ["85b66b7fa25bfc1278f9f09ed9be8fede81f6f7118cf400ab5aacc85cb5d9e4d", "c45982c94f7385350d087a48609099c9edc7600aab87a5f1b1e9ed2e65f2f463", "ca3f6b91f5ecc73cc345c8b5aa721a2e7c8764bdb0d4e0e65049f1da070878e9"], "host": "ipecho[.]net"}], "file": [{"hashes": ["0a431cee114ef2f1f805c00261b1bff23aaf39a80f42ecdfcde1001acfa95581", "1d2e817ba7bdce32aa0e35d96e06747fc07674fcdd713782053b0d565a108ba1", "1e2f585e39a12ed54438a32616fbd89fbabd641272f9ae363e2786a4e2196c2f", "1eab8af346d74aa7050885c4f2a550140490e51ec65270f46df7b4e31ed76518", "2526749816b6832a4ce55f2a1a3ae283d8b11f96fe64eed75e7d04f46a63dd17", "28e14e1fc2315b99f94837b05a6a667d09cd5b233667816b655dae466ffc565c", "2e2ae4f73c2817bcec1b3f5671f1f403fad5109ca3202bcfea152665a3a8b5de", "3671072022208362d29582ab31b21bcc9972a82b6fee3e7a2322feaf46a1e120", "3e77d5838b700052a52026055ea50e6159e7867821ea66214238e10e2a2d5453", "4249ca992541801b3f6190210b85710380ce3ba7fc08082605c618a348a9339d", "466302e97762ba8ef4c7f5d29c5e6053477e2874fb0746b69045bea44a450669", "4b068e62f1dfdeacfe1906a205aa83c05982b0d52231f834da95d6bc17e61a8e", "50b4ac7bfec05cb4eb9b2aefdbbc5787176600baf13124bad795a1791e9d5fbd", "658b6cb0f9eca4f860564dbfd1543fe50f4e64f42e5343427fd87c0bcafb5f61", "7252a7a296652a83ecee9a84db2ae010978e9fbb85dd7a32611895205be64db3", "7272c0a27bbc3a4b6e66a259f4783aff668b27f47c9ca5ff0408e5d8a960982d", "85b66b7fa25bfc1278f9f09ed9be8fede81f6f7118cf400ab5aacc85cb5d9e4d", "8641148dc8b6350e9511a70a0b48ef7011cec13a0dbccf5e1e11d8adfe73dbfe", "994a464d76c2ccb4c53bc4e17316ded24f12f99fcc2d5a083c625279225a2fc3", "9d43f7cbd00106eb67d4b0afaa7d5aeaddff4d453d1d53d4e2bb370529a0ac46", "9f28c47a99c998d1356d26e1a56fdd16fd05ca945ca21881dc2bbc8d9ef7e5de", "9f48c80329b8f5da714681b029fed3f1392075b7b29e814188f51b3b9512592d", "ac2f9c84da5c87cce522edb5e12035aa0993687be931dd0afcba4ea85a602d96", "c45982c94f7385350d087a48609099c9edc7600aab87a5f1b1e9ed2e65f2f463", "ca3f6b91f5ecc73cc345c8b5aa721a2e7c8764bdb0d4e0e65049f1da070878e9", "e5cd9eb83f3a3ffe35c28efcb98ed20bdf308800bf559fca6af43d9f092d3edd", "f15307fc5af93f23c30f79c1132c55e984215418670a7679f4e6be9eb7f04e79", "f61b319384aede6830480b70cb378988f4e09e401656b7c325d96bdbdc1ce9ce"], "path": "%APPDATA%\\GoogleService\\client_id"}, {"hashes": ["0a431cee114ef2f1f805c00261b1bff23aaf39a80f42ecdfcde1001acfa95581", "1d2e817ba7bdce32aa0e35d96e06747fc07674fcdd713782053b0d565a108ba1", "1e2f585e39a12ed54438a32616fbd89fbabd641272f9ae363e2786a4e2196c2f", "1eab8af346d74aa7050885c4f2a550140490e51ec65270f46df7b4e31ed76518", "2526749816b6832a4ce55f2a1a3ae283d8b11f96fe64eed75e7d04f46a63dd17", "28e14e1fc2315b99f94837b05a6a667d09cd5b233667816b655dae466ffc565c", "2e2ae4f73c2817bcec1b3f5671f1f403fad5109ca3202bcfea152665a3a8b5de", "3671072022208362d29582ab31b21bcc9972a82b6fee3e7a2322feaf46a1e120", "3e77d5838b700052a52026055ea50e6159e7867821ea66214238e10e2a2d5453", "4249ca992541801b3f6190210b85710380ce3ba7fc08082605c618a348a9339d", "466302e97762ba8ef4c7f5d29c5e6053477e2874fb0746b69045bea44a450669", "4b068e62f1dfdeacfe1906a205aa83c05982b0d52231f834da95d6bc17e61a8e", "50b4ac7bfec05cb4eb9b2aefdbbc5787176600baf13124bad795a1791e9d5fbd", "658b6cb0f9eca4f860564dbfd1543fe50f4e64f42e5343427fd87c0bcafb5f61", "7252a7a296652a83ecee9a84db2ae010978e9fbb85dd7a32611895205be64db3", "7272c0a27bbc3a4b6e66a259f4783aff668b27f47c9ca5ff0408e5d8a960982d", "85b66b7fa25bfc1278f9f09ed9be8fede81f6f7118cf400ab5aacc85cb5d9e4d", "8641148dc8b6350e9511a70a0b48ef7011cec13a0dbccf5e1e11d8adfe73dbfe", "994a464d76c2ccb4c53bc4e17316ded24f12f99fcc2d5a083c625279225a2fc3", "9d43f7cbd00106eb67d4b0afaa7d5aeaddff4d453d1d53d4e2bb370529a0ac46", "9f28c47a99c998d1356d26e1a56fdd16fd05ca945ca21881dc2bbc8d9ef7e5de", "9f48c80329b8f5da714681b029fed3f1392075b7b29e814188f51b3b9512592d", "ac2f9c84da5c87cce522edb5e12035aa0993687be931dd0afcba4ea85a602d96", "c45982c94f7385350d087a48609099c9edc7600aab87a5f1b1e9ed2e65f2f463", "ca3f6b91f5ecc73cc345c8b5aa721a2e7c8764bdb0d4e0e65049f1da070878e9", "e5cd9eb83f3a3ffe35c28efcb98ed20bdf308800bf559fca6af43d9f092d3edd", "f15307fc5af93f23c30f79c1132c55e984215418670a7679f4e6be9eb7f04e79", "f61b319384aede6830480b70cb378988f4e09e401656b7c325d96bdbdc1ce9ce"], "path": "%APPDATA%\\GoogleService\\group_tag"}, {"hashes": ["0a431cee114ef2f1f805c00261b1bff23aaf39a80f42ecdfcde1001acfa95581", "1d2e817ba7bdce32aa0e35d96e06747fc07674fcdd713782053b0d565a108ba1", "1e2f585e39a12ed54438a32616fbd89fbabd641272f9ae363e2786a4e2196c2f", "1eab8af346d74aa7050885c4f2a550140490e51ec65270f46df7b4e31ed76518", "2526749816b6832a4ce55f2a1a3ae283d8b11f96fe64eed75e7d04f46a63dd17", "28e14e1fc2315b99f94837b05a6a667d09cd5b233667816b655dae466ffc565c", "2e2ae4f73c2817bcec1b3f5671f1f403fad5109ca3202bcfea152665a3a8b5de", "3671072022208362d29582ab31b21bcc9972a82b6fee3e7a2322feaf46a1e120", "3e77d5838b700052a52026055ea50e6159e7867821ea66214238e10e2a2d5453", "4249ca992541801b3f6190210b85710380ce3ba7fc08082605c618a348a9339d", "466302e97762ba8ef4c7f5d29c5e6053477e2874fb0746b69045bea44a450669", "4b068e62f1dfdeacfe1906a205aa83c05982b0d52231f834da95d6bc17e61a8e", "50b4ac7bfec05cb4eb9b2aefdbbc5787176600baf13124bad795a1791e9d5fbd", "658b6cb0f9eca4f860564dbfd1543fe50f4e64f42e5343427fd87c0bcafb5f61", "7252a7a296652a83ecee9a84db2ae010978e9fbb85dd7a32611895205be64db3", "7272c0a27bbc3a4b6e66a259f4783aff668b27f47c9ca5ff0408e5d8a960982d", "85b66b7fa25bfc1278f9f09ed9be8fede81f6f7118cf400ab5aacc85cb5d9e4d", "8641148dc8b6350e9511a70a0b48ef7011cec13a0dbccf5e1e11d8adfe73dbfe", "994a464d76c2ccb4c53bc4e17316ded24f12f99fcc2d5a083c625279225a2fc3", "9d43f7cbd00106eb67d4b0afaa7d5aeaddff4d453d1d53d4e2bb370529a0ac46", "9f28c47a99c998d1356d26e1a56fdd16fd05ca945ca21881dc2bbc8d9ef7e5de", "9f48c80329b8f5da714681b029fed3f1392075b7b29e814188f51b3b9512592d", "ac2f9c84da5c87cce522edb5e12035aa0993687be931dd0afcba4ea85a602d96", "c45982c94f7385350d087a48609099c9edc7600aab87a5f1b1e9ed2e65f2f463", "ca3f6b91f5ecc73cc345c8b5aa721a2e7c8764bdb0d4e0e65049f1da070878e9", "e5cd9eb83f3a3ffe35c28efcb98ed20bdf308800bf559fca6af43d9f092d3edd", "f15307fc5af93f23c30f79c1132c55e984215418670a7679f4e6be9eb7f04e79", "f61b319384aede6830480b70cb378988f4e09e401656b7c325d96bdbdc1ce9ce"], "path": "%System32%\\Tasks\\services update"}, {"hashes": ["0a431cee114ef2f1f805c00261b1bff23aaf39a80f42ecdfcde1001acfa95581", "1d2e817ba7bdce32aa0e35d96e06747fc07674fcdd713782053b0d565a108ba1", "1e2f585e39a12ed54438a32616fbd89fbabd641272f9ae363e2786a4e2196c2f", "1eab8af346d74aa7050885c4f2a550140490e51ec65270f46df7b4e31ed76518", "2526749816b6832a4ce55f2a1a3ae283d8b11f96fe64eed75e7d04f46a63dd17", "28e14e1fc2315b99f94837b05a6a667d09cd5b233667816b655dae466ffc565c", "2e2ae4f73c2817bcec1b3f5671f1f403fad5109ca3202bcfea152665a3a8b5de", "3671072022208362d29582ab31b21bcc9972a82b6fee3e7a2322feaf46a1e120", "3e77d5838b700052a52026055ea50e6159e7867821ea66214238e10e2a2d5453", "4249ca992541801b3f6190210b85710380ce3ba7fc08082605c618a348a9339d", "466302e97762ba8ef4c7f5d29c5e6053477e2874fb0746b69045bea44a450669", "4b068e62f1dfdeacfe1906a205aa83c05982b0d52231f834da95d6bc17e61a8e", "50b4ac7bfec05cb4eb9b2aefdbbc5787176600baf13124bad795a1791e9d5fbd", "658b6cb0f9eca4f860564dbfd1543fe50f4e64f42e5343427fd87c0bcafb5f61", "7252a7a296652a83ecee9a84db2ae010978e9fbb85dd7a32611895205be64db3", "7272c0a27bbc3a4b6e66a259f4783aff668b27f47c9ca5ff0408e5d8a960982d", "85b66b7fa25bfc1278f9f09ed9be8fede81f6f7118cf400ab5aacc85cb5d9e4d", "8641148dc8b6350e9511a70a0b48ef7011cec13a0dbccf5e1e11d8adfe73dbfe", "994a464d76c2ccb4c53bc4e17316ded24f12f99fcc2d5a083c625279225a2fc3", "9d43f7cbd00106eb67d4b0afaa7d5aeaddff4d453d1d53d4e2bb370529a0ac46", "9f28c47a99c998d1356d26e1a56fdd16fd05ca945ca21881dc2bbc8d9ef7e5de", "9f48c80329b8f5da714681b029fed3f1392075b7b29e814188f51b3b9512592d", "ac2f9c84da5c87cce522edb5e12035aa0993687be931dd0afcba4ea85a602d96", "c45982c94f7385350d087a48609099c9edc7600aab87a5f1b1e9ed2e65f2f463", "ca3f6b91f5ecc73cc345c8b5aa721a2e7c8764bdb0d4e0e65049f1da070878e9", "e5cd9eb83f3a3ffe35c28efcb98ed20bdf308800bf559fca6af43d9f092d3edd", "f15307fc5af93f23c30f79c1132c55e984215418670a7679f4e6be9eb7f04e79", "f61b319384aede6830480b70cb378988f4e09e401656b7c325d96bdbdc1ce9ce"], "path": "%APPDATA%\\GoogleService"}, {"hashes": ["0a431cee114ef2f1f805c00261b1bff23aaf39a80f42ecdfcde1001acfa95581", "1d2e817ba7bdce32aa0e35d96e06747fc07674fcdd713782053b0d565a108ba1", "1e2f585e39a12ed54438a32616fbd89fbabd641272f9ae363e2786a4e2196c2f", "1eab8af346d74aa7050885c4f2a550140490e51ec65270f46df7b4e31ed76518", "2526749816b6832a4ce55f2a1a3ae283d8b11f96fe64eed75e7d04f46a63dd17", "28e14e1fc2315b99f94837b05a6a667d09cd5b233667816b655dae466ffc565c", "2e2ae4f73c2817bcec1b3f5671f1f403fad5109ca3202bcfea152665a3a8b5de", "3671072022208362d29582ab31b21bcc9972a82b6fee3e7a2322feaf46a1e120", "3e77d5838b700052a52026055ea50e6159e7867821ea66214238e10e2a2d5453", "4249ca992541801b3f6190210b85710380ce3ba7fc08082605c618a348a9339d", "466302e97762ba8ef4c7f5d29c5e6053477e2874fb0746b69045bea44a450669", "4b068e62f1dfdeacfe1906a205aa83c05982b0d52231f834da95d6bc17e61a8e", "50b4ac7bfec05cb4eb9b2aefdbbc5787176600baf13124bad795a1791e9d5fbd", "658b6cb0f9eca4f860564dbfd1543fe50f4e64f42e5343427fd87c0bcafb5f61", "7252a7a296652a83ecee9a84db2ae010978e9fbb85dd7a32611895205be64db3", "7272c0a27bbc3a4b6e66a259f4783aff668b27f47c9ca5ff0408e5d8a960982d", "85b66b7fa25bfc1278f9f09ed9be8fede81f6f7118cf400ab5aacc85cb5d9e4d", "8641148dc8b6350e9511a70a0b48ef7011cec13a0dbccf5e1e11d8adfe73dbfe", "994a464d76c2ccb4c53bc4e17316ded24f12f99fcc2d5a083c625279225a2fc3", "9d43f7cbd00106eb67d4b0afaa7d5aeaddff4d453d1d53d4e2bb370529a0ac46", "9f28c47a99c998d1356d26e1a56fdd16fd05ca945ca21881dc2bbc8d9ef7e5de", "9f48c80329b8f5da714681b029fed3f1392075b7b29e814188f51b3b9512592d", "ac2f9c84da5c87cce522edb5e12035aa0993687be931dd0afcba4ea85a602d96", "c45982c94f7385350d087a48609099c9edc7600aab87a5f1b1e9ed2e65f2f463", "ca3f6b91f5ecc73cc345c8b5aa721a2e7c8764bdb0d4e0e65049f1da070878e9", "e5cd9eb83f3a3ffe35c28efcb98ed20bdf308800bf559fca6af43d9f092d3edd", "f15307fc5af93f23c30f79c1132c55e984215418670a7679f4e6be9eb7f04e79", "f61b319384aede6830480b70cb378988f4e09e401656b7c325d96bdbdc1ce9ce"], "path": "%APPDATA%\\GoogleService\\Modules"}, {"hashes": ["0a431cee114ef2f1f805c00261b1bff23aaf39a80f42ecdfcde1001acfa95581", "1d2e817ba7bdce32aa0e35d96e06747fc07674fcdd713782053b0d565a108ba1", "1e2f585e39a12ed54438a32616fbd89fbabd641272f9ae363e2786a4e2196c2f", "1eab8af346d74aa7050885c4f2a550140490e51ec65270f46df7b4e31ed76518", "2526749816b6832a4ce55f2a1a3ae283d8b11f96fe64eed75e7d04f46a63dd17", "28e14e1fc2315b99f94837b05a6a667d09cd5b233667816b655dae466ffc565c", "2e2ae4f73c2817bcec1b3f5671f1f403fad5109ca3202bcfea152665a3a8b5de", "3671072022208362d29582ab31b21bcc9972a82b6fee3e7a2322feaf46a1e120", "3e77d5838b700052a52026055ea50e6159e7867821ea66214238e10e2a2d5453", "4249ca992541801b3f6190210b85710380ce3ba7fc08082605c618a348a9339d", "466302e97762ba8ef4c7f5d29c5e6053477e2874fb0746b69045bea44a450669", "4b068e62f1dfdeacfe1906a205aa83c05982b0d52231f834da95d6bc17e61a8e", "50b4ac7bfec05cb4eb9b2aefdbbc5787176600baf13124bad795a1791e9d5fbd", "658b6cb0f9eca4f860564dbfd1543fe50f4e64f42e5343427fd87c0bcafb5f61", "7252a7a296652a83ecee9a84db2ae010978e9fbb85dd7a32611895205be64db3", "7272c0a27bbc3a4b6e66a259f4783aff668b27f47c9ca5ff0408e5d8a960982d", "85b66b7fa25bfc1278f9f09ed9be8fede81f6f7118cf400ab5aacc85cb5d9e4d", "8641148dc8b6350e9511a70a0b48ef7011cec13a0dbccf5e1e11d8adfe73dbfe", "994a464d76c2ccb4c53bc4e17316ded24f12f99fcc2d5a083c625279225a2fc3", "9d43f7cbd00106eb67d4b0afaa7d5aeaddff4d453d1d53d4e2bb370529a0ac46", "9f28c47a99c998d1356d26e1a56fdd16fd05ca945ca21881dc2bbc8d9ef7e5de", "9f48c80329b8f5da714681b029fed3f1392075b7b29e814188f51b3b9512592d", "ac2f9c84da5c87cce522edb5e12035aa0993687be931dd0afcba4ea85a602d96", "c45982c94f7385350d087a48609099c9edc7600aab87a5f1b1e9ed2e65f2f463", "ca3f6b91f5ecc73cc345c8b5aa721a2e7c8764bdb0d4e0e65049f1da070878e9", "e5cd9eb83f3a3ffe35c28efcb98ed20bdf308800bf559fca6af43d9f092d3edd", "f15307fc5af93f23c30f79c1132c55e984215418670a7679f4e6be9eb7f04e79", "f61b319384aede6830480b70cb378988f4e09e401656b7c325d96bdbdc1ce9ce"], "path": "%APPDATA%\\GOOGLESERVICE\\<original file name>.exe"}, {"hashes": ["3671072022208362d29582ab31b21bcc9972a82b6fee3e7a2322feaf46a1e120", "3e77d5838b700052a52026055ea50e6159e7867821ea66214238e10e2a2d5453", "4b068e62f1dfdeacfe1906a205aa83c05982b0d52231f834da95d6bc17e61a8e", "85b66b7fa25bfc1278f9f09ed9be8fede81f6f7118cf400ab5aacc85cb5d9e4d"], "path": "%SystemRoot%\\Tasks\\services update.job"}, {"hashes": ["3671072022208362d29582ab31b21bcc9972a82b6fee3e7a2322feaf46a1e120", "85b66b7fa25bfc1278f9f09ed9be8fede81f6f7118cf400ab5aacc85cb5d9e4d"], "path": "%APPDATA%\\GoogleService\\sunme.exe"}], "ip": [{"hashes": ["2526749816b6832a4ce55f2a1a3ae283d8b11f96fe64eed75e7d04f46a63dd17", "28e14e1fc2315b99f94837b05a6a667d09cd5b233667816b655dae466ffc565c", "2e2ae4f73c2817bcec1b3f5671f1f403fad5109ca3202bcfea152665a3a8b5de", "466302e97762ba8ef4c7f5d29c5e6053477e2874fb0746b69045bea44a450669", "658b6cb0f9eca4f860564dbfd1543fe50f4e64f42e5343427fd87c0bcafb5f61", "7252a7a296652a83ecee9a84db2ae010978e9fbb85dd7a32611895205be64db3", "7272c0a27bbc3a4b6e66a259f4783aff668b27f47c9ca5ff0408e5d8a960982d", "8641148dc8b6350e9511a70a0b48ef7011cec13a0dbccf5e1e11d8adfe73dbfe", "ac2f9c84da5c87cce522edb5e12035aa0993687be931dd0afcba4ea85a602d96", "c45982c94f7385350d087a48609099c9edc7600aab87a5f1b1e9ed2e65f2f463"], "ip": "5[.]133[.]179[.]108"}, {"hashes": ["1d2e817ba7bdce32aa0e35d96e06747fc07674fcdd713782053b0d565a108ba1", "3671072022208362d29582ab31b21bcc9972a82b6fee3e7a2322feaf46a1e120", "658b6cb0f9eca4f860564dbfd1543fe50f4e64f42e5343427fd87c0bcafb5f61", "7272c0a27bbc3a4b6e66a259f4783aff668b27f47c9ca5ff0408e5d8a960982d", "994a464d76c2ccb4c53bc4e17316ded24f12f99fcc2d5a083c625279225a2fc3", "9d43f7cbd00106eb67d4b0afaa7d5aeaddff4d453d1d53d4e2bb370529a0ac46", "e5cd9eb83f3a3ffe35c28efcb98ed20bdf308800bf559fca6af43d9f092d3edd"], "ip": "109[.]234[.]34[.]225"}, {"hashes": ["2526749816b6832a4ce55f2a1a3ae283d8b11f96fe64eed75e7d04f46a63dd17", "28e14e1fc2315b99f94837b05a6a667d09cd5b233667816b655dae466ffc565c", "2e2ae4f73c2817bcec1b3f5671f1f403fad5109ca3202bcfea152665a3a8b5de", "3671072022208362d29582ab31b21bcc9972a82b6fee3e7a2322feaf46a1e120", "4249ca992541801b3f6190210b85710380ce3ba7fc08082605c618a348a9339d", "466302e97762ba8ef4c7f5d29c5e6053477e2874fb0746b69045bea44a450669", "50b4ac7bfec05cb4eb9b2aefdbbc5787176600baf13124bad795a1791e9d5fbd"], "ip": "185[.]234[.]15[.]152"}, {"hashes": ["0a431cee114ef2f1f805c00261b1bff23aaf39a80f42ecdfcde1001acfa95581", "1eab8af346d74aa7050885c4f2a550140490e51ec65270f46df7b4e31ed76518", "8641148dc8b6350e9511a70a0b48ef7011cec13a0dbccf5e1e11d8adfe73dbfe", "9f48c80329b8f5da714681b029fed3f1392075b7b29e814188f51b3b9512592d", "c45982c94f7385350d087a48609099c9edc7600aab87a5f1b1e9ed2e65f2f463", "f15307fc5af93f23c30f79c1132c55e984215418670a7679f4e6be9eb7f04e79", "f61b319384aede6830480b70cb378988f4e09e401656b7c325d96bdbdc1ce9ce"], "ip": "80[.]87[.]197[.]127"}, {"hashes": ["2526749816b6832a4ce55f2a1a3ae283d8b11f96fe64eed75e7d04f46a63dd17", "3671072022208362d29582ab31b21bcc9972a82b6fee3e7a2322feaf46a1e120", "3e77d5838b700052a52026055ea50e6159e7867821ea66214238e10e2a2d5453", "85b66b7fa25bfc1278f9f09ed9be8fede81f6f7118cf400ab5aacc85cb5d9e4d", "e5cd9eb83f3a3ffe35c28efcb98ed20bdf308800bf559fca6af43d9f092d3edd", "f61b319384aede6830480b70cb378988f4e09e401656b7c325d96bdbdc1ce9ce"], "ip": "216[.]239[.]32[.]21"}, {"hashes": ["1d2e817ba7bdce32aa0e35d96e06747fc07674fcdd713782053b0d565a108ba1", "2526749816b6832a4ce55f2a1a3ae283d8b11f96fe64eed75e7d04f46a63dd17", "7252a7a296652a83ecee9a84db2ae010978e9fbb85dd7a32611895205be64db3", "8641148dc8b6350e9511a70a0b48ef7011cec13a0dbccf5e1e11d8adfe73dbfe", "ac2f9c84da5c87cce522edb5e12035aa0993687be931dd0afcba4ea85a602d96", "c45982c94f7385350d087a48609099c9edc7600aab87a5f1b1e9ed2e65f2f463"], "ip": "193[.]233[.]62[.]44"}, {"hashes": ["0a431cee114ef2f1f805c00261b1bff23aaf39a80f42ecdfcde1001acfa95581", "1d2e817ba7bdce32aa0e35d96e06747fc07674fcdd713782053b0d565a108ba1", "3671072022208362d29582ab31b21bcc9972a82b6fee3e7a2322feaf46a1e120", "658b6cb0f9eca4f860564dbfd1543fe50f4e64f42e5343427fd87c0bcafb5f61", "ca3f6b91f5ecc73cc345c8b5aa721a2e7c8764bdb0d4e0e65049f1da070878e9"], "ip": "80[.]87[.]197[.]29"}, {"hashes": ["994a464d76c2ccb4c53bc4e17316ded24f12f99fcc2d5a083c625279225a2fc3", "9d43f7cbd00106eb67d4b0afaa7d5aeaddff4d453d1d53d4e2bb370529a0ac46", "9f28c47a99c998d1356d26e1a56fdd16fd05ca945ca21881dc2bbc8d9ef7e5de", "ca3f6b91f5ecc73cc345c8b5aa721a2e7c8764bdb0d4e0e65049f1da070878e9", "f15307fc5af93f23c30f79c1132c55e984215418670a7679f4e6be9eb7f04e79"], "ip": "109[.]234[.]38[.]69"}, {"hashes": ["1e2f585e39a12ed54438a32616fbd89fbabd641272f9ae363e2786a4e2196c2f", "1eab8af346d74aa7050885c4f2a550140490e51ec65270f46df7b4e31ed76518", "466302e97762ba8ef4c7f5d29c5e6053477e2874fb0746b69045bea44a450669", "9f48c80329b8f5da714681b029fed3f1392075b7b29e814188f51b3b9512592d"], "ip": "69[.]195[.]159[.]158"}, {"hashes": ["3671072022208362d29582ab31b21bcc9972a82b6fee3e7a2322feaf46a1e120", "4b068e62f1dfdeacfe1906a205aa83c05982b0d52231f834da95d6bc17e61a8e", "994a464d76c2ccb4c53bc4e17316ded24f12f99fcc2d5a083c625279225a2fc3", "9d43f7cbd00106eb67d4b0afaa7d5aeaddff4d453d1d53d4e2bb370529a0ac46"], "ip": "78[.]155[.]206[.]222"}, {"hashes": ["50b4ac7bfec05cb4eb9b2aefdbbc5787176600baf13124bad795a1791e9d5fbd", "ac2f9c84da5c87cce522edb5e12035aa0993687be931dd0afcba4ea85a602d96", "ca3f6b91f5ecc73cc345c8b5aa721a2e7c8764bdb0d4e0e65049f1da070878e9"], "ip": "216[.]239[.]36[.]21"}, {"hashes": ["1eab8af346d74aa7050885c4f2a550140490e51ec65270f46df7b4e31ed76518", "658b6cb0f9eca4f860564dbfd1543fe50f4e64f42e5343427fd87c0bcafb5f61", "9f48c80329b8f5da714681b029fed3f1392075b7b29e814188f51b3b9512592d"], "ip": "116[.]203[.]16[.]95"}, {"hashes": ["1e2f585e39a12ed54438a32616fbd89fbabd641272f9ae363e2786a4e2196c2f", "1eab8af346d74aa7050885c4f2a550140490e51ec65270f46df7b4e31ed76518", "f61b319384aede6830480b70cb378988f4e09e401656b7c325d96bdbdc1ce9ce"], "ip": "194[.]87[.]144[.]12"}, {"hashes": ["1eab8af346d74aa7050885c4f2a550140490e51ec65270f46df7b4e31ed76518", "e5cd9eb83f3a3ffe35c28efcb98ed20bdf308800bf559fca6af43d9f092d3edd", "f15307fc5af93f23c30f79c1132c55e984215418670a7679f4e6be9eb7f04e79"], "ip": "78[.]155[.]207[.]95"}, {"hashes": ["7272c0a27bbc3a4b6e66a259f4783aff668b27f47c9ca5ff0408e5d8a960982d", "9d43f7cbd00106eb67d4b0afaa7d5aeaddff4d453d1d53d4e2bb370529a0ac46"], "ip": "216[.]239[.]34[.]21"}, {"hashes": ["4b068e62f1dfdeacfe1906a205aa83c05982b0d52231f834da95d6bc17e61a8e", "7252a7a296652a83ecee9a84db2ae010978e9fbb85dd7a32611895205be64db3"], "ip": "216[.]239[.]38[.]21"}, {"hashes": ["1eab8af346d74aa7050885c4f2a550140490e51ec65270f46df7b4e31ed76518", "9f48c80329b8f5da714681b029fed3f1392075b7b29e814188f51b3b9512592d"], "ip": "78[.]155[.]199[.]119"}, {"hashes": ["85b66b7fa25bfc1278f9f09ed9be8fede81f6f7118cf400ab5aacc85cb5d9e4d", "f61b319384aede6830480b70cb378988f4e09e401656b7c325d96bdbdc1ce9ce"], "ip": "104[.]22[.]19[.]188"}, {"hashes": ["1e2f585e39a12ed54438a32616fbd89fbabd641272f9ae363e2786a4e2196c2f", "466302e97762ba8ef4c7f5d29c5e6053477e2874fb0746b69045bea44a450669"], "ip": "23[.]3[.]13[.]88"}, {"hashes": ["3e77d5838b700052a52026055ea50e6159e7867821ea66214238e10e2a2d5453", "ac2f9c84da5c87cce522edb5e12035aa0993687be931dd0afcba4ea85a602d96"], "ip": "34[.]117[.]59[.]81"}, {"hashes": ["2526749816b6832a4ce55f2a1a3ae283d8b11f96fe64eed75e7d04f46a63dd17", "28e14e1fc2315b99f94837b05a6a667d09cd5b233667816b655dae466ffc565c"], "ip": "185[.]174[.]173[.]211"}, {"hashes": ["4b068e62f1dfdeacfe1906a205aa83c05982b0d52231f834da95d6bc17e61a8e"], "ip": "18[.]233[.]90[.]151"}, {"hashes": ["3e77d5838b700052a52026055ea50e6159e7867821ea66214238e10e2a2d5453"], "ip": "52[.]0[.]197[.]231"}, {"hashes": ["8641148dc8b6350e9511a70a0b48ef7011cec13a0dbccf5e1e11d8adfe73dbfe"], "ip": "23[.]21[.]252[.]4"}, {"hashes": ["0a431cee114ef2f1f805c00261b1bff23aaf39a80f42ecdfcde1001acfa95581"], "ip": "52[.]20[.]197[.]7"}, {"hashes": ["1d2e817ba7bdce32aa0e35d96e06747fc07674fcdd713782053b0d565a108ba1"], "ip": "52[.]204[.]109[.]97"}, {"hashes": ["f15307fc5af93f23c30f79c1132c55e984215418670a7679f4e6be9eb7f04e79"], "ip": "54[.]243[.]164[.]148"}, {"hashes": ["658b6cb0f9eca4f860564dbfd1543fe50f4e64f42e5343427fd87c0bcafb5f61"], "ip": "34[.]192[.]7[.]28"}, {"hashes": ["3e77d5838b700052a52026055ea50e6159e7867821ea66214238e10e2a2d5453"], "ip": "185[.]158[.]114[.]92"}, {"hashes": ["28e14e1fc2315b99f94837b05a6a667d09cd5b233667816b655dae466ffc565c"], "ip": "34[.]193[.]115[.]2"}, {"hashes": ["466302e97762ba8ef4c7f5d29c5e6053477e2874fb0746b69045bea44a450669"], "ip": "23[.]21[.]140[.]41"}, {"hashes": ["8641148dc8b6350e9511a70a0b48ef7011cec13a0dbccf5e1e11d8adfe73dbfe"], "ip": "50[.]19[.]96[.]218"}, {"hashes": ["9d43f7cbd00106eb67d4b0afaa7d5aeaddff4d453d1d53d4e2bb370529a0ac46"], "ip": "172[.]67[.]9[.]138"}, {"hashes": ["4249ca992541801b3f6190210b85710380ce3ba7fc08082605c618a348a9339d"], "ip": "54[.]225[.]129[.]141"}, {"hashes": ["994a464d76c2ccb4c53bc4e17316ded24f12f99fcc2d5a083c625279225a2fc3"], "ip": "50[.]19[.]242[.]215"}, {"hashes": ["2526749816b6832a4ce55f2a1a3ae283d8b11f96fe64eed75e7d04f46a63dd17"], "ip": "54[.]225[.]155[.]255"}, {"hashes": ["3671072022208362d29582ab31b21bcc9972a82b6fee3e7a2322feaf46a1e120"], "ip": "18[.]204[.]189[.]102"}, {"hashes": ["4b068e62f1dfdeacfe1906a205aa83c05982b0d52231f834da95d6bc17e61a8e"], "ip": "37[.]60[.]177[.]120"}, {"hashes": ["85b66b7fa25bfc1278f9f09ed9be8fede81f6f7118cf400ab5aacc85cb5d9e4d"], "ip": "212[.]38[.]166[.]126"}, {"hashes": ["ac2f9c84da5c87cce522edb5e12035aa0993687be931dd0afcba4ea85a602d96"], "ip": "46[.]173[.]214[.]225"}, {"hashes": ["994a464d76c2ccb4c53bc4e17316ded24f12f99fcc2d5a083c625279225a2fc3"], "ip": "54[.]225[.]157[.]230"}, {"hashes": ["1d2e817ba7bdce32aa0e35d96e06747fc07674fcdd713782053b0d565a108ba1"], "ip": "107[.]22[.]233[.]72"}, {"hashes": ["85b66b7fa25bfc1278f9f09ed9be8fede81f6f7118cf400ab5aacc85cb5d9e4d"], "ip": "78[.]155[.]218[.]105"}, {"hashes": ["3e77d5838b700052a52026055ea50e6159e7867821ea66214238e10e2a2d5453"], "ip": "82[.]146[.]53[.]253"}, {"hashes": ["4b068e62f1dfdeacfe1906a205aa83c05982b0d52231f834da95d6bc17e61a8e"], "ip": "80[.]87[.]196[.]6"}, {"hashes": ["85b66b7fa25bfc1278f9f09ed9be8fede81f6f7118cf400ab5aacc85cb5d9e4d"], "ip": "195[.]133[.]145[.]173"}, {"hashes": ["4b068e62f1dfdeacfe1906a205aa83c05982b0d52231f834da95d6bc17e61a8e"], "ip": "212[.]38[.]166[.]224"}, {"hashes": ["85b66b7fa25bfc1278f9f09ed9be8fede81f6f7118cf400ab5aacc85cb5d9e4d"], "ip": "94[.]103[.]80[.]33"}, {"hashes": ["4b068e62f1dfdeacfe1906a205aa83c05982b0d52231f834da95d6bc17e61a8e"], "ip": "185[.]228[.]232[.]225"}, {"hashes": ["4b068e62f1dfdeacfe1906a205aa83c05982b0d52231f834da95d6bc17e61a8e"], "ip": "185[.]224[.]215[.]94"}], "mutex": [{"hashes": ["0a431cee114ef2f1f805c00261b1bff23aaf39a80f42ecdfcde1001acfa95581", "1d2e817ba7bdce32aa0e35d96e06747fc07674fcdd713782053b0d565a108ba1", "1e2f585e39a12ed54438a32616fbd89fbabd641272f9ae363e2786a4e2196c2f", "1eab8af346d74aa7050885c4f2a550140490e51ec65270f46df7b4e31ed76518", "2526749816b6832a4ce55f2a1a3ae283d8b11f96fe64eed75e7d04f46a63dd17", "28e14e1fc2315b99f94837b05a6a667d09cd5b233667816b655dae466ffc565c", "2e2ae4f73c2817bcec1b3f5671f1f403fad5109ca3202bcfea152665a3a8b5de", "3671072022208362d29582ab31b21bcc9972a82b6fee3e7a2322feaf46a1e120", "3e77d5838b700052a52026055ea50e6159e7867821ea66214238e10e2a2d5453", "4249ca992541801b3f6190210b85710380ce3ba7fc08082605c618a348a9339d", "466302e97762ba8ef4c7f5d29c5e6053477e2874fb0746b69045bea44a450669", "4b068e62f1dfdeacfe1906a205aa83c05982b0d52231f834da95d6bc17e61a8e", "50b4ac7bfec05cb4eb9b2aefdbbc5787176600baf13124bad795a1791e9d5fbd", "658b6cb0f9eca4f860564dbfd1543fe50f4e64f42e5343427fd87c0bcafb5f61", "7252a7a296652a83ecee9a84db2ae010978e9fbb85dd7a32611895205be64db3", "7272c0a27bbc3a4b6e66a259f4783aff668b27f47c9ca5ff0408e5d8a960982d", "85b66b7fa25bfc1278f9f09ed9be8fede81f6f7118cf400ab5aacc85cb5d9e4d", "8641148dc8b6350e9511a70a0b48ef7011cec13a0dbccf5e1e11d8adfe73dbfe", "994a464d76c2ccb4c53bc4e17316ded24f12f99fcc2d5a083c625279225a2fc3", "9d43f7cbd00106eb67d4b0afaa7d5aeaddff4d453d1d53d4e2bb370529a0ac46", "9f28c47a99c998d1356d26e1a56fdd16fd05ca945ca21881dc2bbc8d9ef7e5de", "9f48c80329b8f5da714681b029fed3f1392075b7b29e814188f51b3b9512592d", "ac2f9c84da5c87cce522edb5e12035aa0993687be931dd0afcba4ea85a602d96", "c45982c94f7385350d087a48609099c9edc7600aab87a5f1b1e9ed2e65f2f463", "ca3f6b91f5ecc73cc345c8b5aa721a2e7c8764bdb0d4e0e65049f1da070878e9", "e5cd9eb83f3a3ffe35c28efcb98ed20bdf308800bf559fca6af43d9f092d3edd", "f15307fc5af93f23c30f79c1132c55e984215418670a7679f4e6be9eb7f04e79", "f61b319384aede6830480b70cb378988f4e09e401656b7c325d96bdbdc1ce9ce"], "name": "316D1C7871E00"}, {"hashes": ["3671072022208362d29582ab31b21bcc9972a82b6fee3e7a2322feaf46a1e120", "3e77d5838b700052a52026055ea50e6159e7867821ea66214238e10e2a2d5453", "4b068e62f1dfdeacfe1906a205aa83c05982b0d52231f834da95d6bc17e61a8e", "85b66b7fa25bfc1278f9f09ed9be8fede81f6f7118cf400ab5aacc85cb5d9e4d"], "name": "785161C887200"}, {"hashes": ["1e2f585e39a12ed54438a32616fbd89fbabd641272f9ae363e2786a4e2196c2f"], "name": "F50778D6E35832960"}, {"hashes": ["2e2ae4f73c2817bcec1b3f5671f1f403fad5109ca3202bcfea152665a3a8b5de"], "name": "B8EAD5B856E00"}, {"hashes": ["0a431cee114ef2f1f805c00261b1bff23aaf39a80f42ecdfcde1001acfa95581"], "name": "711C3DE8F7A00"}, {"hashes": ["1eab8af346d74aa7050885c4f2a550140490e51ec65270f46df7b4e31ed76518"], "name": "CB2EA45891600"}, {"hashes": ["1d2e817ba7bdce32aa0e35d96e06747fc07674fcdd713782053b0d565a108ba1"], "name": "4D5E12F84BE00"}, {"hashes": ["2526749816b6832a4ce55f2a1a3ae283d8b11f96fe64eed75e7d04f46a63dd17"], "name": "7350627689D832960"}, {"hashes": ["28e14e1fc2315b99f94837b05a6a667d09cd5b233667816b655dae466ffc565c"], "name": "AD145406501832960"}, {"hashes": ["50b4ac7bfec05cb4eb9b2aefdbbc5787176600baf13124bad795a1791e9d5fbd"], "name": "1234F78ADE2832832"}, {"hashes": ["9d43f7cbd00106eb67d4b0afaa7d5aeaddff4d453d1d53d4e2bb370529a0ac46"], "name": "1E755F207C800"}, {"hashes": ["ac2f9c84da5c87cce522edb5e12035aa0993687be931dd0afcba4ea85a602d96"], "name": "FB37C0A40290128"}, {"hashes": ["4249ca992541801b3f6190210b85710380ce3ba7fc08082605c618a348a9339d"], "name": "5C6901940650128"}, {"hashes": ["7272c0a27bbc3a4b6e66a259f4783aff668b27f47c9ca5ff0408e5d8a960982d"], "name": "A08858A2628832832"}, {"hashes": ["658b6cb0f9eca4f860564dbfd1543fe50f4e64f42e5343427fd87c0bcafb5f61"], "name": "6FC297245C90128"}, {"hashes": ["994a464d76c2ccb4c53bc4e17316ded24f12f99fcc2d5a083c625279225a2fc3"], "name": "99E847C21F0832832"}, {"hashes": ["7252a7a296652a83ecee9a84db2ae010978e9fbb85dd7a32611895205be64db3"], "name": "1ECEC93624D832960"}, {"hashes": ["466302e97762ba8ef4c7f5d29c5e6053477e2874fb0746b69045bea44a450669"], "name": "A57A6C66B19832960"}, {"hashes": ["ca3f6b91f5ecc73cc345c8b5aa721a2e7c8764bdb0d4e0e65049f1da070878e9"], "name": "0DF25D5A756832832"}, {"hashes": ["9f28c47a99c998d1356d26e1a56fdd16fd05ca945ca21881dc2bbc8d9ef7e5de"], "name": "C5C72C1AB06832832"}, {"hashes": ["9f48c80329b8f5da714681b029fed3f1392075b7b29e814188f51b3b9512592d"], "name": "3BF967909E400"}, {"hashes": ["c45982c94f7385350d087a48609099c9edc7600aab87a5f1b1e9ed2e65f2f463"], "name": "75A02A2AA8A832832"}, {"hashes": ["8641148dc8b6350e9511a70a0b48ef7011cec13a0dbccf5e1e11d8adfe73dbfe"], "name": "8500BFF6FFD832960"}, {"hashes": ["e5cd9eb83f3a3ffe35c28efcb98ed20bdf308800bf559fca6af43d9f092d3edd"], "name": "B570E03A80E832832"}, {"hashes": ["f15307fc5af93f23c30f79c1132c55e984215418670a7679f4e6be9eb7f04e79"], "name": "8888A6EA9BA832832"}, {"hashes": ["f61b319384aede6830480b70cb378988f4e09e401656b7c325d96bdbdc1ce9ce"], "name": "E98DB1C8C7200"}], "registry": [{"hashes": ["0a431cee114ef2f1f805c00261b1bff23aaf39a80f42ecdfcde1001acfa95581", "1d2e817ba7bdce32aa0e35d96e06747fc07674fcdd713782053b0d565a108ba1", "1e2f585e39a12ed54438a32616fbd89fbabd641272f9ae363e2786a4e2196c2f", "1eab8af346d74aa7050885c4f2a550140490e51ec65270f46df7b4e31ed76518", "2526749816b6832a4ce55f2a1a3ae283d8b11f96fe64eed75e7d04f46a63dd17", "28e14e1fc2315b99f94837b05a6a667d09cd5b233667816b655dae466ffc565c", "2e2ae4f73c2817bcec1b3f5671f1f403fad5109ca3202bcfea152665a3a8b5de", "3671072022208362d29582ab31b21bcc9972a82b6fee3e7a2322feaf46a1e120", "3e77d5838b700052a52026055ea50e6159e7867821ea66214238e10e2a2d5453", "4249ca992541801b3f6190210b85710380ce3ba7fc08082605c618a348a9339d", "466302e97762ba8ef4c7f5d29c5e6053477e2874fb0746b69045bea44a450669", "4b068e62f1dfdeacfe1906a205aa83c05982b0d52231f834da95d6bc17e61a8e", "50b4ac7bfec05cb4eb9b2aefdbbc5787176600baf13124bad795a1791e9d5fbd", "658b6cb0f9eca4f860564dbfd1543fe50f4e64f42e5343427fd87c0bcafb5f61", "7252a7a296652a83ecee9a84db2ae010978e9fbb85dd7a32611895205be64db3", "7272c0a27bbc3a4b6e66a259f4783aff668b27f47c9ca5ff0408e5d8a960982d", "85b66b7fa25bfc1278f9f09ed9be8fede81f6f7118cf400ab5aacc85cb5d9e4d", "8641148dc8b6350e9511a70a0b48ef7011cec13a0dbccf5e1e11d8adfe73dbfe", "994a464d76c2ccb4c53bc4e17316ded24f12f99fcc2d5a083c625279225a2fc3", "9d43f7cbd00106eb67d4b0afaa7d5aeaddff4d453d1d53d4e2bb370529a0ac46", "9f28c47a99c998d1356d26e1a56fdd16fd05ca945ca21881dc2bbc8d9ef7e5de", "9f48c80329b8f5da714681b029fed3f1392075b7b29e814188f51b3b9512592d", "ac2f9c84da5c87cce522edb5e12035aa0993687be931dd0afcba4ea85a602d96", "c45982c94f7385350d087a48609099c9edc7600aab87a5f1b1e9ed2e65f2f463", "ca3f6b91f5ecc73cc345c8b5aa721a2e7c8764bdb0d4e0e65049f1da070878e9", "e5cd9eb83f3a3ffe35c28efcb98ed20bdf308800bf559fca6af43d9f092d3edd", "f15307fc5af93f23c30f79c1132c55e984215418670a7679f4e6be9eb7f04e79", "f61b319384aede6830480b70cb378988f4e09e401656b7c325d96bdbdc1ce9ce"], "key": "<HKLM>\\SOFTWARE\\POLICIES\\MICROSOFT\\WINDOWS DEFENDER", "value_name": null}, {"hashes": ["0a431cee114ef2f1f805c00261b1bff23aaf39a80f42ecdfcde1001acfa95581", "1d2e817ba7bdce32aa0e35d96e06747fc07674fcdd713782053b0d565a108ba1", "1e2f585e39a12ed54438a32616fbd89fbabd641272f9ae363e2786a4e2196c2f", "1eab8af346d74aa7050885c4f2a550140490e51ec65270f46df7b4e31ed76518", "2526749816b6832a4ce55f2a1a3ae283d8b11f96fe64eed75e7d04f46a63dd17", "28e14e1fc2315b99f94837b05a6a667d09cd5b233667816b655dae466ffc565c", "2e2ae4f73c2817bcec1b3f5671f1f403fad5109ca3202bcfea152665a3a8b5de", "3671072022208362d29582ab31b21bcc9972a82b6fee3e7a2322feaf46a1e120", "3e77d5838b700052a52026055ea50e6159e7867821ea66214238e10e2a2d5453", "4249ca992541801b3f6190210b85710380ce3ba7fc08082605c618a348a9339d", "466302e97762ba8ef4c7f5d29c5e6053477e2874fb0746b69045bea44a450669", "4b068e62f1dfdeacfe1906a205aa83c05982b0d52231f834da95d6bc17e61a8e", "50b4ac7bfec05cb4eb9b2aefdbbc5787176600baf13124bad795a1791e9d5fbd", "658b6cb0f9eca4f860564dbfd1543fe50f4e64f42e5343427fd87c0bcafb5f61", "7252a7a296652a83ecee9a84db2ae010978e9fbb85dd7a32611895205be64db3", "7272c0a27bbc3a4b6e66a259f4783aff668b27f47c9ca5ff0408e5d8a960982d", "85b66b7fa25bfc1278f9f09ed9be8fede81f6f7118cf400ab5aacc85cb5d9e4d", "8641148dc8b6350e9511a70a0b48ef7011cec13a0dbccf5e1e11d8adfe73dbfe", "994a464d76c2ccb4c53bc4e17316ded24f12f99fcc2d5a083c625279225a2fc3", "9d43f7cbd00106eb67d4b0afaa7d5aeaddff4d453d1d53d4e2bb370529a0ac46", "9f28c47a99c998d1356d26e1a56fdd16fd05ca945ca21881dc2bbc8d9ef7e5de", "9f48c80329b8f5da714681b029fed3f1392075b7b29e814188f51b3b9512592d", "ac2f9c84da5c87cce522edb5e12035aa0993687be931dd0afcba4ea85a602d96", "c45982c94f7385350d087a48609099c9edc7600aab87a5f1b1e9ed2e65f2f463", "ca3f6b91f5ecc73cc345c8b5aa721a2e7c8764bdb0d4e0e65049f1da070878e9", "e5cd9eb83f3a3ffe35c28efcb98ed20bdf308800bf559fca6af43d9f092d3edd", "f15307fc5af93f23c30f79c1132c55e984215418670a7679f4e6be9eb7f04e79", "f61b319384aede6830480b70cb378988f4e09e401656b7c325d96bdbdc1ce9ce"], "key": "<HKLM>\\SOFTWARE\\POLICIES\\MICROSOFT\\WINDOWS DEFENDER\\EXCLUSIONS", "value_name": null}, {"hashes": ["0a431cee114ef2f1f805c00261b1bff23aaf39a80f42ecdfcde1001acfa95581", "1d2e817ba7bdce32aa0e35d96e06747fc07674fcdd713782053b0d565a108ba1", "1e2f585e39a12ed54438a32616fbd89fbabd641272f9ae363e2786a4e2196c2f", "1eab8af346d74aa7050885c4f2a550140490e51ec65270f46df7b4e31ed76518", "2526749816b6832a4ce55f2a1a3ae283d8b11f96fe64eed75e7d04f46a63dd17", "28e14e1fc2315b99f94837b05a6a667d09cd5b233667816b655dae466ffc565c", "2e2ae4f73c2817bcec1b3f5671f1f403fad5109ca3202bcfea152665a3a8b5de", "3671072022208362d29582ab31b21bcc9972a82b6fee3e7a2322feaf46a1e120", "3e77d5838b700052a52026055ea50e6159e7867821ea66214238e10e2a2d5453", "4249ca992541801b3f6190210b85710380ce3ba7fc08082605c618a348a9339d", "466302e97762ba8ef4c7f5d29c5e6053477e2874fb0746b69045bea44a450669", "4b068e62f1dfdeacfe1906a205aa83c05982b0d52231f834da95d6bc17e61a8e", "50b4ac7bfec05cb4eb9b2aefdbbc5787176600baf13124bad795a1791e9d5fbd", "658b6cb0f9eca4f860564dbfd1543fe50f4e64f42e5343427fd87c0bcafb5f61", "7252a7a296652a83ecee9a84db2ae010978e9fbb85dd7a32611895205be64db3", "7272c0a27bbc3a4b6e66a259f4783aff668b27f47c9ca5ff0408e5d8a960982d", "85b66b7fa25bfc1278f9f09ed9be8fede81f6f7118cf400ab5aacc85cb5d9e4d", "8641148dc8b6350e9511a70a0b48ef7011cec13a0dbccf5e1e11d8adfe73dbfe", "994a464d76c2ccb4c53bc4e17316ded24f12f99fcc2d5a083c625279225a2fc3", "9d43f7cbd00106eb67d4b0afaa7d5aeaddff4d453d1d53d4e2bb370529a0ac46", "9f28c47a99c998d1356d26e1a56fdd16fd05ca945ca21881dc2bbc8d9ef7e5de", "9f48c80329b8f5da714681b029fed3f1392075b7b29e814188f51b3b9512592d", "ac2f9c84da5c87cce522edb5e12035aa0993687be931dd0afcba4ea85a602d96", "c45982c94f7385350d087a48609099c9edc7600aab87a5f1b1e9ed2e65f2f463", "ca3f6b91f5ecc73cc345c8b5aa721a2e7c8764bdb0d4e0e65049f1da070878e9", "e5cd9eb83f3a3ffe35c28efcb98ed20bdf308800bf559fca6af43d9f092d3edd", "f15307fc5af93f23c30f79c1132c55e984215418670a7679f4e6be9eb7f04e79", "f61b319384aede6830480b70cb378988f4e09e401656b7c325d96bdbdc1ce9ce"], "key": "<HKLM>\\SOFTWARE\\POLICIES\\MICROSOFT\\WINDOWS DEFENDER\\EXCLUSIONS\\PATHS", "value_name": null}, {"hashes": ["0a431cee114ef2f1f805c00261b1bff23aaf39a80f42ecdfcde1001acfa95581", "1d2e817ba7bdce32aa0e35d96e06747fc07674fcdd713782053b0d565a108ba1", "1e2f585e39a12ed54438a32616fbd89fbabd641272f9ae363e2786a4e2196c2f", "1eab8af346d74aa7050885c4f2a550140490e51ec65270f46df7b4e31ed76518", "2526749816b6832a4ce55f2a1a3ae283d8b11f96fe64eed75e7d04f46a63dd17", "28e14e1fc2315b99f94837b05a6a667d09cd5b233667816b655dae466ffc565c", "2e2ae4f73c2817bcec1b3f5671f1f403fad5109ca3202bcfea152665a3a8b5de", "3671072022208362d29582ab31b21bcc9972a82b6fee3e7a2322feaf46a1e120", "3e77d5838b700052a52026055ea50e6159e7867821ea66214238e10e2a2d5453", "4249ca992541801b3f6190210b85710380ce3ba7fc08082605c618a348a9339d", "466302e97762ba8ef4c7f5d29c5e6053477e2874fb0746b69045bea44a450669", "4b068e62f1dfdeacfe1906a205aa83c05982b0d52231f834da95d6bc17e61a8e", "50b4ac7bfec05cb4eb9b2aefdbbc5787176600baf13124bad795a1791e9d5fbd", "658b6cb0f9eca4f860564dbfd1543fe50f4e64f42e5343427fd87c0bcafb5f61", "7252a7a296652a83ecee9a84db2ae010978e9fbb85dd7a32611895205be64db3", "7272c0a27bbc3a4b6e66a259f4783aff668b27f47c9ca5ff0408e5d8a960982d", "85b66b7fa25bfc1278f9f09ed9be8fede81f6f7118cf400ab5aacc85cb5d9e4d", "8641148dc8b6350e9511a70a0b48ef7011cec13a0dbccf5e1e11d8adfe73dbfe", "994a464d76c2ccb4c53bc4e17316ded24f12f99fcc2d5a083c625279225a2fc3", "9d43f7cbd00106eb67d4b0afaa7d5aeaddff4d453d1d53d4e2bb370529a0ac46", "9f28c47a99c998d1356d26e1a56fdd16fd05ca945ca21881dc2bbc8d9ef7e5de", "9f48c80329b8f5da714681b029fed3f1392075b7b29e814188f51b3b9512592d", "ac2f9c84da5c87cce522edb5e12035aa0993687be931dd0afcba4ea85a602d96", "c45982c94f7385350d087a48609099c9edc7600aab87a5f1b1e9ed2e65f2f463", "ca3f6b91f5ecc73cc345c8b5aa721a2e7c8764bdb0d4e0e65049f1da070878e9", "e5cd9eb83f3a3ffe35c28efcb98ed20bdf308800bf559fca6af43d9f092d3edd", "f15307fc5af93f23c30f79c1132c55e984215418670a7679f4e6be9eb7f04e79", "f61b319384aede6830480b70cb378988f4e09e401656b7c325d96bdbdc1ce9ce"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS DEFENDER\\EXCLUSIONS\\PATHS", "value_name": "C:\\Users\\Administrator\\AppData\\Roaming\\GoogleService\\"}, {"hashes": ["0a431cee114ef2f1f805c00261b1bff23aaf39a80f42ecdfcde1001acfa95581", "1d2e817ba7bdce32aa0e35d96e06747fc07674fcdd713782053b0d565a108ba1", "1e2f585e39a12ed54438a32616fbd89fbabd641272f9ae363e2786a4e2196c2f", "1eab8af346d74aa7050885c4f2a550140490e51ec65270f46df7b4e31ed76518", "2526749816b6832a4ce55f2a1a3ae283d8b11f96fe64eed75e7d04f46a63dd17", "28e14e1fc2315b99f94837b05a6a667d09cd5b233667816b655dae466ffc565c", "2e2ae4f73c2817bcec1b3f5671f1f403fad5109ca3202bcfea152665a3a8b5de", "3671072022208362d29582ab31b21bcc9972a82b6fee3e7a2322feaf46a1e120", "3e77d5838b700052a52026055ea50e6159e7867821ea66214238e10e2a2d5453", "4249ca992541801b3f6190210b85710380ce3ba7fc08082605c618a348a9339d", "466302e97762ba8ef4c7f5d29c5e6053477e2874fb0746b69045bea44a450669", "4b068e62f1dfdeacfe1906a205aa83c05982b0d52231f834da95d6bc17e61a8e", "50b4ac7bfec05cb4eb9b2aefdbbc5787176600baf13124bad795a1791e9d5fbd", "658b6cb0f9eca4f860564dbfd1543fe50f4e64f42e5343427fd87c0bcafb5f61", "7252a7a296652a83ecee9a84db2ae010978e9fbb85dd7a32611895205be64db3", "7272c0a27bbc3a4b6e66a259f4783aff668b27f47c9ca5ff0408e5d8a960982d", "85b66b7fa25bfc1278f9f09ed9be8fede81f6f7118cf400ab5aacc85cb5d9e4d", "8641148dc8b6350e9511a70a0b48ef7011cec13a0dbccf5e1e11d8adfe73dbfe", "994a464d76c2ccb4c53bc4e17316ded24f12f99fcc2d5a083c625279225a2fc3", "9d43f7cbd00106eb67d4b0afaa7d5aeaddff4d453d1d53d4e2bb370529a0ac46", "9f28c47a99c998d1356d26e1a56fdd16fd05ca945ca21881dc2bbc8d9ef7e5de", "9f48c80329b8f5da714681b029fed3f1392075b7b29e814188f51b3b9512592d", "ac2f9c84da5c87cce522edb5e12035aa0993687be931dd0afcba4ea85a602d96", "c45982c94f7385350d087a48609099c9edc7600aab87a5f1b1e9ed2e65f2f463", "ca3f6b91f5ecc73cc345c8b5aa721a2e7c8764bdb0d4e0e65049f1da070878e9", "e5cd9eb83f3a3ffe35c28efcb98ed20bdf308800bf559fca6af43d9f092d3edd", "f15307fc5af93f23c30f79c1132c55e984215418670a7679f4e6be9eb7f04e79", "f61b319384aede6830480b70cb378988f4e09e401656b7c325d96bdbdc1ce9ce"], "key": "<HKLM>\\SOFTWARE\\POLICIES\\MICROSOFT\\WINDOWS DEFENDER\\EXCLUSIONS\\PATHS", "value_name": "C:\\Users\\Administrator\\AppData\\Roaming\\GoogleService\\"}]}, "reports_count": 28}, "Win.Malware.Ursu-9845004-0": {"bis": [{"bi": "artifact-flagged-sandbox", "hashes": ["95a0e72f7e669a2344b646e56c9f6e4f46cae2f733a6f3f14c21dbc6823cd735", "73de874ed890efccff124baa3b432c11ed7e98f22595387f34c1e685c8bb00cf"], "mitre_attack_tags": ["TA0005", "TA0007", "T1497"]}, {"bi": "memory-execute-readwrite", "hashes": ["95a0e72f7e669a2344b646e56c9f6e4f46cae2f733a6f3f14c21dbc6823cd735", "73de874ed890efccff124baa3b432c11ed7e98f22595387f34c1e685c8bb00cf"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "modified-executable", "hashes": ["95a0e72f7e669a2344b646e56c9f6e4f46cae2f733a6f3f14c21dbc6823cd735", "73de874ed890efccff124baa3b432c11ed7e98f22595387f34c1e685c8bb00cf"], "mitre_attack_tags": []}, {"bi": "created-executable-in-user-dir", "hashes": ["95a0e72f7e669a2344b646e56c9f6e4f46cae2f733a6f3f14c21dbc6823cd735", "73de874ed890efccff124baa3b432c11ed7e98f22595387f34c1e685c8bb00cf"], "mitre_attack_tags": []}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["95a0e72f7e669a2344b646e56c9f6e4f46cae2f733a6f3f14c21dbc6823cd735", "73de874ed890efccff124baa3b432c11ed7e98f22595387f34c1e685c8bb00cf"], "mitre_attack_tags": []}, {"bi": "modified-file-in-user-dir", "hashes": ["95a0e72f7e669a2344b646e56c9f6e4f46cae2f733a6f3f14c21dbc6823cd735", "73de874ed890efccff124baa3b432c11ed7e98f22595387f34c1e685c8bb00cf"], "mitre_attack_tags": []}, {"bi": "pe-invalid-checksum", "hashes": ["95a0e72f7e669a2344b646e56c9f6e4f46cae2f733a6f3f14c21dbc6823cd735", "73de874ed890efccff124baa3b432c11ed7e98f22595387f34c1e685c8bb00cf"], "mitre_attack_tags": []}, {"bi": "artifact-flagged-anomaly", "hashes": ["95a0e72f7e669a2344b646e56c9f6e4f46cae2f733a6f3f14c21dbc6823cd735", "73de874ed890efccff124baa3b432c11ed7e98f22595387f34c1e685c8bb00cf"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "network-fast-flux-domain", "hashes": ["95a0e72f7e669a2344b646e56c9f6e4f46cae2f733a6f3f14c21dbc6823cd735", "73de874ed890efccff124baa3b432c11ed7e98f22595387f34c1e685c8bb00cf"], "mitre_attack_tags": []}, {"bi": "network-communications-http-get", "hashes": ["95a0e72f7e669a2344b646e56c9f6e4f46cae2f733a6f3f14c21dbc6823cd735", "73de874ed890efccff124baa3b432c11ed7e98f22595387f34c1e685c8bb00cf"], "mitre_attack_tags": ["TA0011", "T1105"]}, {"bi": "dns-query-nxdomain", "hashes": ["95a0e72f7e669a2344b646e56c9f6e4f46cae2f733a6f3f14c21dbc6823cd735", "73de874ed890efccff124baa3b432c11ed7e98f22595387f34c1e685c8bb00cf"], "mitre_attack_tags": []}, {"bi": "network-snort-protocol", "hashes": ["95a0e72f7e669a2344b646e56c9f6e4f46cae2f733a6f3f14c21dbc6823cd735", "73de874ed890efccff124baa3b432c11ed7e98f22595387f34c1e685c8bb00cf"], "mitre_attack_tags": []}, {"bi": "netbios-query", "hashes": ["95a0e72f7e669a2344b646e56c9f6e4f46cae2f733a6f3f14c21dbc6823cd735", "73de874ed890efccff124baa3b432c11ed7e98f22595387f34c1e685c8bb00cf"], "mitre_attack_tags": []}, {"bi": "network-only-safe-domains-contacted", "hashes": ["95a0e72f7e669a2344b646e56c9f6e4f46cae2f733a6f3f14c21dbc6823cd735", "73de874ed890efccff124baa3b432c11ed7e98f22595387f34c1e685c8bb00cf"], "mitre_attack_tags": []}, {"bi": "feed-domain-antivirus-service", "hashes": ["95a0e72f7e669a2344b646e56c9f6e4f46cae2f733a6f3f14c21dbc6823cd735", "73de874ed890efccff124baa3b432c11ed7e98f22595387f34c1e685c8bb00cf"], "mitre_attack_tags": []}, {"bi": "http-response-client-error", "hashes": ["95a0e72f7e669a2344b646e56c9f6e4f46cae2f733a6f3f14c21dbc6823cd735", "73de874ed890efccff124baa3b432c11ed7e98f22595387f34c1e685c8bb00cf"], "mitre_attack_tags": []}, {"bi": "registry-autorun-key-modified", "hashes": ["95a0e72f7e669a2344b646e56c9f6e4f46cae2f733a6f3f14c21dbc6823cd735", "73de874ed890efccff124baa3b432c11ed7e98f22595387f34c1e685c8bb00cf"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "potential-registry-persistence", "hashes": ["95a0e72f7e669a2344b646e56c9f6e4f46cae2f733a6f3f14c21dbc6823cd735", "73de874ed890efccff124baa3b432c11ed7e98f22595387f34c1e685c8bb00cf"], "mitre_attack_tags": []}, {"bi": "modified-file-in-program-dir", "hashes": ["95a0e72f7e669a2344b646e56c9f6e4f46cae2f733a6f3f14c21dbc6823cd735", "73de874ed890efccff124baa3b432c11ed7e98f22595387f34c1e685c8bb00cf"], "mitre_attack_tags": []}, {"bi": "artifact-flagged-vm", "hashes": ["95a0e72f7e669a2344b646e56c9f6e4f46cae2f733a6f3f14c21dbc6823cd735", "73de874ed890efccff124baa3b432c11ed7e98f22595387f34c1e685c8bb00cf"], "mitre_attack_tags": ["TA0005", "TA0007", "T1497"]}, {"bi": "http-response-redirect", "hashes": ["95a0e72f7e669a2344b646e56c9f6e4f46cae2f733a6f3f14c21dbc6823cd735", "73de874ed890efccff124baa3b432c11ed7e98f22595387f34c1e685c8bb00cf"], "mitre_attack_tags": []}, {"bi": "imports-IsDebuggerPresent", "hashes": ["95a0e72f7e669a2344b646e56c9f6e4f46cae2f733a6f3f14c21dbc6823cd735", "73de874ed890efccff124baa3b432c11ed7e98f22595387f34c1e685c8bb00cf"], "mitre_attack_tags": []}, {"bi": "registry-service-autostart-disabled", "hashes": ["95a0e72f7e669a2344b646e56c9f6e4f46cae2f733a6f3f14c21dbc6823cd735", "73de874ed890efccff124baa3b432c11ed7e98f22595387f34c1e685c8bb00cf"], "mitre_attack_tags": ["TA0005", "TA0040", "TA0003", "TA0004", "T1112", "T1574", "T1489"]}, {"bi": "artifact-vm-detect", "hashes": ["95a0e72f7e669a2344b646e56c9f6e4f46cae2f733a6f3f14c21dbc6823cd735", "73de874ed890efccff124baa3b432c11ed7e98f22595387f34c1e685c8bb00cf"], "mitre_attack_tags": ["TA0005", "TA0007", "T1497"]}, {"bi": "pe-certificate", "hashes": ["95a0e72f7e669a2344b646e56c9f6e4f46cae2f733a6f3f14c21dbc6823cd735", "73de874ed890efccff124baa3b432c11ed7e98f22595387f34c1e685c8bb00cf"], "mitre_attack_tags": []}, {"bi": "startup-folder-modification", "hashes": ["95a0e72f7e669a2344b646e56c9f6e4f46cae2f733a6f3f14c21dbc6823cd735", "73de874ed890efccff124baa3b432c11ed7e98f22595387f34c1e685c8bb00cf"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "file-ini-modified", "hashes": ["95a0e72f7e669a2344b646e56c9f6e4f46cae2f733a6f3f14c21dbc6823cd735", "73de874ed890efccff124baa3b432c11ed7e98f22595387f34c1e685c8bb00cf"], "mitre_attack_tags": ["TA0003"]}, {"bi": "process-check-virtualbox", "hashes": ["95a0e72f7e669a2344b646e56c9f6e4f46cae2f733a6f3f14c21dbc6823cd735", "73de874ed890efccff124baa3b432c11ed7e98f22595387f34c1e685c8bb00cf"], "mitre_attack_tags": ["TA0005", "TA0007", "T1497"]}, {"bi": "registry-service-delete-flag-set", "hashes": ["95a0e72f7e669a2344b646e56c9f6e4f46cae2f733a6f3f14c21dbc6823cd735", "73de874ed890efccff124baa3b432c11ed7e98f22595387f34c1e685c8bb00cf"], "mitre_attack_tags": ["TA0005", "TA0040", "TA0003", "TA0004", "T1112", "T1574", "T1489"]}, {"bi": "registry-safeboot-key-added", "hashes": ["95a0e72f7e669a2344b646e56c9f6e4f46cae2f733a6f3f14c21dbc6823cd735", "73de874ed890efccff124baa3b432c11ed7e98f22595387f34c1e685c8bb00cf"], "mitre_attack_tags": ["TA0005", "TA0003", "TA0004", "T1112", "T1547"]}, {"bi": "html-small-file-redirect", "hashes": ["95a0e72f7e669a2344b646e56c9f6e4f46cae2f733a6f3f14c21dbc6823cd735", "73de874ed890efccff124baa3b432c11ed7e98f22595387f34c1e685c8bb00cf"], "mitre_attack_tags": []}], "category": "Malware", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": true, "Threat Grid": true, "Umbrella": false, "WSA": false}, "description": "Ursu is a generic malware that has numerous functions. It contacts a C2 server and performs code injection in the address space of legitimate processes. It achieves persistence and collects confidential data after being spread via email.", "hashes": ["11c8eebf53b4d766db14e28298a4ef0afcedfde1be7b35b7fa78442122e548f3", "20c67f1a33c600120dc44511c619d913ac39d789309dce93270e26dbcb7bcfe9", "30f12307fff7991f5565587758a3cddf0530db6808434c5b8646fd47b3d695af", "36dc87b9dcbba2c90d65fe4c87f262ed0a7519c435ff1a713ec8479f91a4080b", "39690ae80613aee7e364ecdd2270038726df7c23c5b274aea350d6b05fadbc3a", "48b1df24e1a7e7fe8e14580b166395a92b73cf157797de16665d5b0bf7d7adc6", "695b4a38fde51379f6342135f70e3856fee1dd843eaecfc81dbd52f241220710", "6b32551e019a649dce9c7cf05080dcb73cd3f190b2267f4104587b2e2af1d5bb", "73de874ed890efccff124baa3b432c11ed7e98f22595387f34c1e685c8bb00cf", "7a4b981c720d4ac454742bc77c84848525e8b876a4d4a1b09673e3c6d5781df7", "95a0e72f7e669a2344b646e56c9f6e4f46cae2f733a6f3f14c21dbc6823cd735", "aa37ac0a3f87ef867f01848599c166f2aab31ad4bb87e6c2d31d696190c4142a", "aafde5c81c6b40b1070afa4b6815a9ab7c0eb98598ae41b789139f7c7bf6c2b7", "b4d0b5e744efc51d9fbfa026b0b07f8df2c0de40723fa4c03dd050e62a7c5096", "e0c0a74e16d2c64d01e424cf7fccc378a5581c40318aeb692ea4d282f385f8e8", "e623bf7556f90b3e153c7e9249cfacf616489f03f4c15e693f977cf3669a9d69", "f06b75274f2f0a10becf489b2e59a45a59a370cec1d8d200f1e6c1c4177a5322", "f5ecd02716b4461ccebc9eb8a647a62467ab8b9a8bd0792f1fe053592dbc1f2f"], "iocs": {"domain": [], "file": [{"hashes": ["20c67f1a33c600120dc44511c619d913ac39d789309dce93270e26dbcb7bcfe9", "30f12307fff7991f5565587758a3cddf0530db6808434c5b8646fd47b3d695af", "36dc87b9dcbba2c90d65fe4c87f262ed0a7519c435ff1a713ec8479f91a4080b", "39690ae80613aee7e364ecdd2270038726df7c23c5b274aea350d6b05fadbc3a", "695b4a38fde51379f6342135f70e3856fee1dd843eaecfc81dbd52f241220710", "6b32551e019a649dce9c7cf05080dcb73cd3f190b2267f4104587b2e2af1d5bb", "73de874ed890efccff124baa3b432c11ed7e98f22595387f34c1e685c8bb00cf", "7a4b981c720d4ac454742bc77c84848525e8b876a4d4a1b09673e3c6d5781df7", "95a0e72f7e669a2344b646e56c9f6e4f46cae2f733a6f3f14c21dbc6823cd735", "aa37ac0a3f87ef867f01848599c166f2aab31ad4bb87e6c2d31d696190c4142a", "aafde5c81c6b40b1070afa4b6815a9ab7c0eb98598ae41b789139f7c7bf6c2b7", "e0c0a74e16d2c64d01e424cf7fccc378a5581c40318aeb692ea4d282f385f8e8", "e623bf7556f90b3e153c7e9249cfacf616489f03f4c15e693f977cf3669a9d69", "f06b75274f2f0a10becf489b2e59a45a59a370cec1d8d200f1e6c1c4177a5322", "f5ecd02716b4461ccebc9eb8a647a62467ab8b9a8bd0792f1fe053592dbc1f2f"], "path": "%ProgramFiles%\\Microsoft Office\\outlook.doc"}, {"hashes": ["20c67f1a33c600120dc44511c619d913ac39d789309dce93270e26dbcb7bcfe9", "30f12307fff7991f5565587758a3cddf0530db6808434c5b8646fd47b3d695af", "36dc87b9dcbba2c90d65fe4c87f262ed0a7519c435ff1a713ec8479f91a4080b", "39690ae80613aee7e364ecdd2270038726df7c23c5b274aea350d6b05fadbc3a", "695b4a38fde51379f6342135f70e3856fee1dd843eaecfc81dbd52f241220710", "6b32551e019a649dce9c7cf05080dcb73cd3f190b2267f4104587b2e2af1d5bb", "73de874ed890efccff124baa3b432c11ed7e98f22595387f34c1e685c8bb00cf", "7a4b981c720d4ac454742bc77c84848525e8b876a4d4a1b09673e3c6d5781df7", "95a0e72f7e669a2344b646e56c9f6e4f46cae2f733a6f3f14c21dbc6823cd735", "aa37ac0a3f87ef867f01848599c166f2aab31ad4bb87e6c2d31d696190c4142a", "aafde5c81c6b40b1070afa4b6815a9ab7c0eb98598ae41b789139f7c7bf6c2b7", "e0c0a74e16d2c64d01e424cf7fccc378a5581c40318aeb692ea4d282f385f8e8", "e623bf7556f90b3e153c7e9249cfacf616489f03f4c15e693f977cf3669a9d69", "f06b75274f2f0a10becf489b2e59a45a59a370cec1d8d200f1e6c1c4177a5322", "f5ecd02716b4461ccebc9eb8a647a62467ab8b9a8bd0792f1fe053592dbc1f2f"], "path": "%ProgramFiles%\\Microsoft Office\\outlook.docx"}, {"hashes": ["20c67f1a33c600120dc44511c619d913ac39d789309dce93270e26dbcb7bcfe9", "30f12307fff7991f5565587758a3cddf0530db6808434c5b8646fd47b3d695af", "36dc87b9dcbba2c90d65fe4c87f262ed0a7519c435ff1a713ec8479f91a4080b", "39690ae80613aee7e364ecdd2270038726df7c23c5b274aea350d6b05fadbc3a", "695b4a38fde51379f6342135f70e3856fee1dd843eaecfc81dbd52f241220710", "6b32551e019a649dce9c7cf05080dcb73cd3f190b2267f4104587b2e2af1d5bb", "73de874ed890efccff124baa3b432c11ed7e98f22595387f34c1e685c8bb00cf", "7a4b981c720d4ac454742bc77c84848525e8b876a4d4a1b09673e3c6d5781df7", "95a0e72f7e669a2344b646e56c9f6e4f46cae2f733a6f3f14c21dbc6823cd735", "aa37ac0a3f87ef867f01848599c166f2aab31ad4bb87e6c2d31d696190c4142a", "aafde5c81c6b40b1070afa4b6815a9ab7c0eb98598ae41b789139f7c7bf6c2b7", "e0c0a74e16d2c64d01e424cf7fccc378a5581c40318aeb692ea4d282f385f8e8", "e623bf7556f90b3e153c7e9249cfacf616489f03f4c15e693f977cf3669a9d69", "f06b75274f2f0a10becf489b2e59a45a59a370cec1d8d200f1e6c1c4177a5322", "f5ecd02716b4461ccebc9eb8a647a62467ab8b9a8bd0792f1fe053592dbc1f2f"], "path": "%ProgramFiles%\\Microsoft Office\\outlook.ppt"}, {"hashes": ["20c67f1a33c600120dc44511c619d913ac39d789309dce93270e26dbcb7bcfe9", "30f12307fff7991f5565587758a3cddf0530db6808434c5b8646fd47b3d695af", "36dc87b9dcbba2c90d65fe4c87f262ed0a7519c435ff1a713ec8479f91a4080b", "39690ae80613aee7e364ecdd2270038726df7c23c5b274aea350d6b05fadbc3a", "695b4a38fde51379f6342135f70e3856fee1dd843eaecfc81dbd52f241220710", "6b32551e019a649dce9c7cf05080dcb73cd3f190b2267f4104587b2e2af1d5bb", "73de874ed890efccff124baa3b432c11ed7e98f22595387f34c1e685c8bb00cf", "7a4b981c720d4ac454742bc77c84848525e8b876a4d4a1b09673e3c6d5781df7", "95a0e72f7e669a2344b646e56c9f6e4f46cae2f733a6f3f14c21dbc6823cd735", "aa37ac0a3f87ef867f01848599c166f2aab31ad4bb87e6c2d31d696190c4142a", "aafde5c81c6b40b1070afa4b6815a9ab7c0eb98598ae41b789139f7c7bf6c2b7", "e0c0a74e16d2c64d01e424cf7fccc378a5581c40318aeb692ea4d282f385f8e8", "e623bf7556f90b3e153c7e9249cfacf616489f03f4c15e693f977cf3669a9d69", "f06b75274f2f0a10becf489b2e59a45a59a370cec1d8d200f1e6c1c4177a5322", "f5ecd02716b4461ccebc9eb8a647a62467ab8b9a8bd0792f1fe053592dbc1f2f"], "path": "%ProgramFiles%\\Microsoft Office\\outlook.ppts"}, {"hashes": ["20c67f1a33c600120dc44511c619d913ac39d789309dce93270e26dbcb7bcfe9", "30f12307fff7991f5565587758a3cddf0530db6808434c5b8646fd47b3d695af", "36dc87b9dcbba2c90d65fe4c87f262ed0a7519c435ff1a713ec8479f91a4080b", "39690ae80613aee7e364ecdd2270038726df7c23c5b274aea350d6b05fadbc3a", "695b4a38fde51379f6342135f70e3856fee1dd843eaecfc81dbd52f241220710", "6b32551e019a649dce9c7cf05080dcb73cd3f190b2267f4104587b2e2af1d5bb", "73de874ed890efccff124baa3b432c11ed7e98f22595387f34c1e685c8bb00cf", "7a4b981c720d4ac454742bc77c84848525e8b876a4d4a1b09673e3c6d5781df7", "95a0e72f7e669a2344b646e56c9f6e4f46cae2f733a6f3f14c21dbc6823cd735", "aa37ac0a3f87ef867f01848599c166f2aab31ad4bb87e6c2d31d696190c4142a", "aafde5c81c6b40b1070afa4b6815a9ab7c0eb98598ae41b789139f7c7bf6c2b7", "e0c0a74e16d2c64d01e424cf7fccc378a5581c40318aeb692ea4d282f385f8e8", "e623bf7556f90b3e153c7e9249cfacf616489f03f4c15e693f977cf3669a9d69", "f06b75274f2f0a10becf489b2e59a45a59a370cec1d8d200f1e6c1c4177a5322", "f5ecd02716b4461ccebc9eb8a647a62467ab8b9a8bd0792f1fe053592dbc1f2f"], "path": "%ProgramFiles%\\Microsoft Office\\outlook.pst"}, {"hashes": ["20c67f1a33c600120dc44511c619d913ac39d789309dce93270e26dbcb7bcfe9", "30f12307fff7991f5565587758a3cddf0530db6808434c5b8646fd47b3d695af", "36dc87b9dcbba2c90d65fe4c87f262ed0a7519c435ff1a713ec8479f91a4080b", "39690ae80613aee7e364ecdd2270038726df7c23c5b274aea350d6b05fadbc3a", "695b4a38fde51379f6342135f70e3856fee1dd843eaecfc81dbd52f241220710", "6b32551e019a649dce9c7cf05080dcb73cd3f190b2267f4104587b2e2af1d5bb", "73de874ed890efccff124baa3b432c11ed7e98f22595387f34c1e685c8bb00cf", "7a4b981c720d4ac454742bc77c84848525e8b876a4d4a1b09673e3c6d5781df7", "95a0e72f7e669a2344b646e56c9f6e4f46cae2f733a6f3f14c21dbc6823cd735", "aa37ac0a3f87ef867f01848599c166f2aab31ad4bb87e6c2d31d696190c4142a", "aafde5c81c6b40b1070afa4b6815a9ab7c0eb98598ae41b789139f7c7bf6c2b7", "e0c0a74e16d2c64d01e424cf7fccc378a5581c40318aeb692ea4d282f385f8e8", "e623bf7556f90b3e153c7e9249cfacf616489f03f4c15e693f977cf3669a9d69", "f06b75274f2f0a10becf489b2e59a45a59a370cec1d8d200f1e6c1c4177a5322", "f5ecd02716b4461ccebc9eb8a647a62467ab8b9a8bd0792f1fe053592dbc1f2f"], "path": "%ProgramFiles%\\Microsoft Office\\outlook.xls"}, {"hashes": ["20c67f1a33c600120dc44511c619d913ac39d789309dce93270e26dbcb7bcfe9", "30f12307fff7991f5565587758a3cddf0530db6808434c5b8646fd47b3d695af", "36dc87b9dcbba2c90d65fe4c87f262ed0a7519c435ff1a713ec8479f91a4080b", "39690ae80613aee7e364ecdd2270038726df7c23c5b274aea350d6b05fadbc3a", "695b4a38fde51379f6342135f70e3856fee1dd843eaecfc81dbd52f241220710", "6b32551e019a649dce9c7cf05080dcb73cd3f190b2267f4104587b2e2af1d5bb", "73de874ed890efccff124baa3b432c11ed7e98f22595387f34c1e685c8bb00cf", "7a4b981c720d4ac454742bc77c84848525e8b876a4d4a1b09673e3c6d5781df7", "95a0e72f7e669a2344b646e56c9f6e4f46cae2f733a6f3f14c21dbc6823cd735", "aa37ac0a3f87ef867f01848599c166f2aab31ad4bb87e6c2d31d696190c4142a", "aafde5c81c6b40b1070afa4b6815a9ab7c0eb98598ae41b789139f7c7bf6c2b7", "e0c0a74e16d2c64d01e424cf7fccc378a5581c40318aeb692ea4d282f385f8e8", "e623bf7556f90b3e153c7e9249cfacf616489f03f4c15e693f977cf3669a9d69", "f06b75274f2f0a10becf489b2e59a45a59a370cec1d8d200f1e6c1c4177a5322", "f5ecd02716b4461ccebc9eb8a647a62467ab8b9a8bd0792f1fe053592dbc1f2f"], "path": "%ProgramFiles%\\Microsoft Office\\outlook.xlsx"}, {"hashes": ["20c67f1a33c600120dc44511c619d913ac39d789309dce93270e26dbcb7bcfe9", "30f12307fff7991f5565587758a3cddf0530db6808434c5b8646fd47b3d695af", "36dc87b9dcbba2c90d65fe4c87f262ed0a7519c435ff1a713ec8479f91a4080b", "39690ae80613aee7e364ecdd2270038726df7c23c5b274aea350d6b05fadbc3a", "695b4a38fde51379f6342135f70e3856fee1dd843eaecfc81dbd52f241220710", "6b32551e019a649dce9c7cf05080dcb73cd3f190b2267f4104587b2e2af1d5bb", "73de874ed890efccff124baa3b432c11ed7e98f22595387f34c1e685c8bb00cf", "7a4b981c720d4ac454742bc77c84848525e8b876a4d4a1b09673e3c6d5781df7", "95a0e72f7e669a2344b646e56c9f6e4f46cae2f733a6f3f14c21dbc6823cd735", "aa37ac0a3f87ef867f01848599c166f2aab31ad4bb87e6c2d31d696190c4142a", "aafde5c81c6b40b1070afa4b6815a9ab7c0eb98598ae41b789139f7c7bf6c2b7", "e0c0a74e16d2c64d01e424cf7fccc378a5581c40318aeb692ea4d282f385f8e8", "e623bf7556f90b3e153c7e9249cfacf616489f03f4c15e693f977cf3669a9d69", "f06b75274f2f0a10becf489b2e59a45a59a370cec1d8d200f1e6c1c4177a5322", "f5ecd02716b4461ccebc9eb8a647a62467ab8b9a8bd0792f1fe053592dbc1f2f"], "path": "%HOMEPATH%\\Documents\\outlook.doc"}, {"hashes": ["20c67f1a33c600120dc44511c619d913ac39d789309dce93270e26dbcb7bcfe9", "30f12307fff7991f5565587758a3cddf0530db6808434c5b8646fd47b3d695af", "36dc87b9dcbba2c90d65fe4c87f262ed0a7519c435ff1a713ec8479f91a4080b", "39690ae80613aee7e364ecdd2270038726df7c23c5b274aea350d6b05fadbc3a", "695b4a38fde51379f6342135f70e3856fee1dd843eaecfc81dbd52f241220710", "6b32551e019a649dce9c7cf05080dcb73cd3f190b2267f4104587b2e2af1d5bb", "73de874ed890efccff124baa3b432c11ed7e98f22595387f34c1e685c8bb00cf", "7a4b981c720d4ac454742bc77c84848525e8b876a4d4a1b09673e3c6d5781df7", "95a0e72f7e669a2344b646e56c9f6e4f46cae2f733a6f3f14c21dbc6823cd735", "aa37ac0a3f87ef867f01848599c166f2aab31ad4bb87e6c2d31d696190c4142a", "aafde5c81c6b40b1070afa4b6815a9ab7c0eb98598ae41b789139f7c7bf6c2b7", "e0c0a74e16d2c64d01e424cf7fccc378a5581c40318aeb692ea4d282f385f8e8", "e623bf7556f90b3e153c7e9249cfacf616489f03f4c15e693f977cf3669a9d69", "f06b75274f2f0a10becf489b2e59a45a59a370cec1d8d200f1e6c1c4177a5322", "f5ecd02716b4461ccebc9eb8a647a62467ab8b9a8bd0792f1fe053592dbc1f2f"], "path": "%HOMEPATH%\\Documents\\outlook.docx"}, {"hashes": ["20c67f1a33c600120dc44511c619d913ac39d789309dce93270e26dbcb7bcfe9", "30f12307fff7991f5565587758a3cddf0530db6808434c5b8646fd47b3d695af", "36dc87b9dcbba2c90d65fe4c87f262ed0a7519c435ff1a713ec8479f91a4080b", "39690ae80613aee7e364ecdd2270038726df7c23c5b274aea350d6b05fadbc3a", "695b4a38fde51379f6342135f70e3856fee1dd843eaecfc81dbd52f241220710", "6b32551e019a649dce9c7cf05080dcb73cd3f190b2267f4104587b2e2af1d5bb", "73de874ed890efccff124baa3b432c11ed7e98f22595387f34c1e685c8bb00cf", "7a4b981c720d4ac454742bc77c84848525e8b876a4d4a1b09673e3c6d5781df7", "95a0e72f7e669a2344b646e56c9f6e4f46cae2f733a6f3f14c21dbc6823cd735", "aa37ac0a3f87ef867f01848599c166f2aab31ad4bb87e6c2d31d696190c4142a", "aafde5c81c6b40b1070afa4b6815a9ab7c0eb98598ae41b789139f7c7bf6c2b7", "e0c0a74e16d2c64d01e424cf7fccc378a5581c40318aeb692ea4d282f385f8e8", "e623bf7556f90b3e153c7e9249cfacf616489f03f4c15e693f977cf3669a9d69", "f06b75274f2f0a10becf489b2e59a45a59a370cec1d8d200f1e6c1c4177a5322", "f5ecd02716b4461ccebc9eb8a647a62467ab8b9a8bd0792f1fe053592dbc1f2f"], "path": "%HOMEPATH%\\Documents\\outlook.ppt"}, {"hashes": ["20c67f1a33c600120dc44511c619d913ac39d789309dce93270e26dbcb7bcfe9", "30f12307fff7991f5565587758a3cddf0530db6808434c5b8646fd47b3d695af", "36dc87b9dcbba2c90d65fe4c87f262ed0a7519c435ff1a713ec8479f91a4080b", "39690ae80613aee7e364ecdd2270038726df7c23c5b274aea350d6b05fadbc3a", "695b4a38fde51379f6342135f70e3856fee1dd843eaecfc81dbd52f241220710", "6b32551e019a649dce9c7cf05080dcb73cd3f190b2267f4104587b2e2af1d5bb", "73de874ed890efccff124baa3b432c11ed7e98f22595387f34c1e685c8bb00cf", "7a4b981c720d4ac454742bc77c84848525e8b876a4d4a1b09673e3c6d5781df7", "95a0e72f7e669a2344b646e56c9f6e4f46cae2f733a6f3f14c21dbc6823cd735", "aa37ac0a3f87ef867f01848599c166f2aab31ad4bb87e6c2d31d696190c4142a", "aafde5c81c6b40b1070afa4b6815a9ab7c0eb98598ae41b789139f7c7bf6c2b7", "e0c0a74e16d2c64d01e424cf7fccc378a5581c40318aeb692ea4d282f385f8e8", "e623bf7556f90b3e153c7e9249cfacf616489f03f4c15e693f977cf3669a9d69", "f06b75274f2f0a10becf489b2e59a45a59a370cec1d8d200f1e6c1c4177a5322", "f5ecd02716b4461ccebc9eb8a647a62467ab8b9a8bd0792f1fe053592dbc1f2f"], "path": "%HOMEPATH%\\Documents\\outlook.ppts"}, {"hashes": ["20c67f1a33c600120dc44511c619d913ac39d789309dce93270e26dbcb7bcfe9", "30f12307fff7991f5565587758a3cddf0530db6808434c5b8646fd47b3d695af", "36dc87b9dcbba2c90d65fe4c87f262ed0a7519c435ff1a713ec8479f91a4080b", "39690ae80613aee7e364ecdd2270038726df7c23c5b274aea350d6b05fadbc3a", "695b4a38fde51379f6342135f70e3856fee1dd843eaecfc81dbd52f241220710", "6b32551e019a649dce9c7cf05080dcb73cd3f190b2267f4104587b2e2af1d5bb", "73de874ed890efccff124baa3b432c11ed7e98f22595387f34c1e685c8bb00cf", "7a4b981c720d4ac454742bc77c84848525e8b876a4d4a1b09673e3c6d5781df7", "95a0e72f7e669a2344b646e56c9f6e4f46cae2f733a6f3f14c21dbc6823cd735", "aa37ac0a3f87ef867f01848599c166f2aab31ad4bb87e6c2d31d696190c4142a", "aafde5c81c6b40b1070afa4b6815a9ab7c0eb98598ae41b789139f7c7bf6c2b7", "e0c0a74e16d2c64d01e424cf7fccc378a5581c40318aeb692ea4d282f385f8e8", "e623bf7556f90b3e153c7e9249cfacf616489f03f4c15e693f977cf3669a9d69", "f06b75274f2f0a10becf489b2e59a45a59a370cec1d8d200f1e6c1c4177a5322", "f5ecd02716b4461ccebc9eb8a647a62467ab8b9a8bd0792f1fe053592dbc1f2f"], "path": "%HOMEPATH%\\Documents\\outlook.pst"}, {"hashes": ["20c67f1a33c600120dc44511c619d913ac39d789309dce93270e26dbcb7bcfe9", "30f12307fff7991f5565587758a3cddf0530db6808434c5b8646fd47b3d695af", "36dc87b9dcbba2c90d65fe4c87f262ed0a7519c435ff1a713ec8479f91a4080b", "39690ae80613aee7e364ecdd2270038726df7c23c5b274aea350d6b05fadbc3a", "695b4a38fde51379f6342135f70e3856fee1dd843eaecfc81dbd52f241220710", "6b32551e019a649dce9c7cf05080dcb73cd3f190b2267f4104587b2e2af1d5bb", "73de874ed890efccff124baa3b432c11ed7e98f22595387f34c1e685c8bb00cf", "7a4b981c720d4ac454742bc77c84848525e8b876a4d4a1b09673e3c6d5781df7", "95a0e72f7e669a2344b646e56c9f6e4f46cae2f733a6f3f14c21dbc6823cd735", "aa37ac0a3f87ef867f01848599c166f2aab31ad4bb87e6c2d31d696190c4142a", "aafde5c81c6b40b1070afa4b6815a9ab7c0eb98598ae41b789139f7c7bf6c2b7", "e0c0a74e16d2c64d01e424cf7fccc378a5581c40318aeb692ea4d282f385f8e8", "e623bf7556f90b3e153c7e9249cfacf616489f03f4c15e693f977cf3669a9d69", "f06b75274f2f0a10becf489b2e59a45a59a370cec1d8d200f1e6c1c4177a5322", "f5ecd02716b4461ccebc9eb8a647a62467ab8b9a8bd0792f1fe053592dbc1f2f"], "path": "%HOMEPATH%\\Documents\\outlook.xls"}, {"hashes": ["20c67f1a33c600120dc44511c619d913ac39d789309dce93270e26dbcb7bcfe9", "30f12307fff7991f5565587758a3cddf0530db6808434c5b8646fd47b3d695af", "36dc87b9dcbba2c90d65fe4c87f262ed0a7519c435ff1a713ec8479f91a4080b", "39690ae80613aee7e364ecdd2270038726df7c23c5b274aea350d6b05fadbc3a", "695b4a38fde51379f6342135f70e3856fee1dd843eaecfc81dbd52f241220710", "6b32551e019a649dce9c7cf05080dcb73cd3f190b2267f4104587b2e2af1d5bb", "73de874ed890efccff124baa3b432c11ed7e98f22595387f34c1e685c8bb00cf", "7a4b981c720d4ac454742bc77c84848525e8b876a4d4a1b09673e3c6d5781df7", "95a0e72f7e669a2344b646e56c9f6e4f46cae2f733a6f3f14c21dbc6823cd735", "aa37ac0a3f87ef867f01848599c166f2aab31ad4bb87e6c2d31d696190c4142a", "aafde5c81c6b40b1070afa4b6815a9ab7c0eb98598ae41b789139f7c7bf6c2b7", "e0c0a74e16d2c64d01e424cf7fccc378a5581c40318aeb692ea4d282f385f8e8", "e623bf7556f90b3e153c7e9249cfacf616489f03f4c15e693f977cf3669a9d69", "f06b75274f2f0a10becf489b2e59a45a59a370cec1d8d200f1e6c1c4177a5322", "f5ecd02716b4461ccebc9eb8a647a62467ab8b9a8bd0792f1fe053592dbc1f2f"], "path": "%HOMEPATH%\\Documents\\outlook.xlsx"}, {"hashes": ["11c8eebf53b4d766db14e28298a4ef0afcedfde1be7b35b7fa78442122e548f3", "20c67f1a33c600120dc44511c619d913ac39d789309dce93270e26dbcb7bcfe9", "30f12307fff7991f5565587758a3cddf0530db6808434c5b8646fd47b3d695af", "39690ae80613aee7e364ecdd2270038726df7c23c5b274aea350d6b05fadbc3a", "48b1df24e1a7e7fe8e14580b166395a92b73cf157797de16665d5b0bf7d7adc6", "695b4a38fde51379f6342135f70e3856fee1dd843eaecfc81dbd52f241220710", "6b32551e019a649dce9c7cf05080dcb73cd3f190b2267f4104587b2e2af1d5bb", "73de874ed890efccff124baa3b432c11ed7e98f22595387f34c1e685c8bb00cf", "95a0e72f7e669a2344b646e56c9f6e4f46cae2f733a6f3f14c21dbc6823cd735", "aa37ac0a3f87ef867f01848599c166f2aab31ad4bb87e6c2d31d696190c4142a", "aafde5c81c6b40b1070afa4b6815a9ab7c0eb98598ae41b789139f7c7bf6c2b7", "e623bf7556f90b3e153c7e9249cfacf616489f03f4c15e693f977cf3669a9d69", "f06b75274f2f0a10becf489b2e59a45a59a370cec1d8d200f1e6c1c4177a5322", "f5ecd02716b4461ccebc9eb8a647a62467ab8b9a8bd0792f1fe053592dbc1f2f"], "path": "%HOMEPATH%\\Documents\\desktop.ini"}, {"hashes": ["11c8eebf53b4d766db14e28298a4ef0afcedfde1be7b35b7fa78442122e548f3", "20c67f1a33c600120dc44511c619d913ac39d789309dce93270e26dbcb7bcfe9", "30f12307fff7991f5565587758a3cddf0530db6808434c5b8646fd47b3d695af", "39690ae80613aee7e364ecdd2270038726df7c23c5b274aea350d6b05fadbc3a", "48b1df24e1a7e7fe8e14580b166395a92b73cf157797de16665d5b0bf7d7adc6", "695b4a38fde51379f6342135f70e3856fee1dd843eaecfc81dbd52f241220710", "6b32551e019a649dce9c7cf05080dcb73cd3f190b2267f4104587b2e2af1d5bb", "73de874ed890efccff124baa3b432c11ed7e98f22595387f34c1e685c8bb00cf", "95a0e72f7e669a2344b646e56c9f6e4f46cae2f733a6f3f14c21dbc6823cd735", "aa37ac0a3f87ef867f01848599c166f2aab31ad4bb87e6c2d31d696190c4142a", "aafde5c81c6b40b1070afa4b6815a9ab7c0eb98598ae41b789139f7c7bf6c2b7", "e623bf7556f90b3e153c7e9249cfacf616489f03f4c15e693f977cf3669a9d69", "f06b75274f2f0a10becf489b2e59a45a59a370cec1d8d200f1e6c1c4177a5322", "f5ecd02716b4461ccebc9eb8a647a62467ab8b9a8bd0792f1fe053592dbc1f2f"], "path": "\\Users\\root"}, {"hashes": ["11c8eebf53b4d766db14e28298a4ef0afcedfde1be7b35b7fa78442122e548f3", "20c67f1a33c600120dc44511c619d913ac39d789309dce93270e26dbcb7bcfe9", "30f12307fff7991f5565587758a3cddf0530db6808434c5b8646fd47b3d695af", "39690ae80613aee7e364ecdd2270038726df7c23c5b274aea350d6b05fadbc3a", "48b1df24e1a7e7fe8e14580b166395a92b73cf157797de16665d5b0bf7d7adc6", "695b4a38fde51379f6342135f70e3856fee1dd843eaecfc81dbd52f241220710", "6b32551e019a649dce9c7cf05080dcb73cd3f190b2267f4104587b2e2af1d5bb", "73de874ed890efccff124baa3b432c11ed7e98f22595387f34c1e685c8bb00cf", "95a0e72f7e669a2344b646e56c9f6e4f46cae2f733a6f3f14c21dbc6823cd735", "aa37ac0a3f87ef867f01848599c166f2aab31ad4bb87e6c2d31d696190c4142a", "aafde5c81c6b40b1070afa4b6815a9ab7c0eb98598ae41b789139f7c7bf6c2b7", "e623bf7556f90b3e153c7e9249cfacf616489f03f4c15e693f977cf3669a9d69", "f06b75274f2f0a10becf489b2e59a45a59a370cec1d8d200f1e6c1c4177a5322", "f5ecd02716b4461ccebc9eb8a647a62467ab8b9a8bd0792f1fe053592dbc1f2f"], "path": "\\Users\\root\\AppData"}, {"hashes": ["11c8eebf53b4d766db14e28298a4ef0afcedfde1be7b35b7fa78442122e548f3", "20c67f1a33c600120dc44511c619d913ac39d789309dce93270e26dbcb7bcfe9", "30f12307fff7991f5565587758a3cddf0530db6808434c5b8646fd47b3d695af", "39690ae80613aee7e364ecdd2270038726df7c23c5b274aea350d6b05fadbc3a", "48b1df24e1a7e7fe8e14580b166395a92b73cf157797de16665d5b0bf7d7adc6", "695b4a38fde51379f6342135f70e3856fee1dd843eaecfc81dbd52f241220710", "6b32551e019a649dce9c7cf05080dcb73cd3f190b2267f4104587b2e2af1d5bb", "73de874ed890efccff124baa3b432c11ed7e98f22595387f34c1e685c8bb00cf", "95a0e72f7e669a2344b646e56c9f6e4f46cae2f733a6f3f14c21dbc6823cd735", "aa37ac0a3f87ef867f01848599c166f2aab31ad4bb87e6c2d31d696190c4142a", "aafde5c81c6b40b1070afa4b6815a9ab7c0eb98598ae41b789139f7c7bf6c2b7", "e623bf7556f90b3e153c7e9249cfacf616489f03f4c15e693f977cf3669a9d69", "f06b75274f2f0a10becf489b2e59a45a59a370cec1d8d200f1e6c1c4177a5322", "f5ecd02716b4461ccebc9eb8a647a62467ab8b9a8bd0792f1fe053592dbc1f2f"], "path": "\\Users\\root\\AppData\\Roaming"}, {"hashes": ["11c8eebf53b4d766db14e28298a4ef0afcedfde1be7b35b7fa78442122e548f3", "20c67f1a33c600120dc44511c619d913ac39d789309dce93270e26dbcb7bcfe9", "30f12307fff7991f5565587758a3cddf0530db6808434c5b8646fd47b3d695af", "39690ae80613aee7e364ecdd2270038726df7c23c5b274aea350d6b05fadbc3a", "48b1df24e1a7e7fe8e14580b166395a92b73cf157797de16665d5b0bf7d7adc6", "695b4a38fde51379f6342135f70e3856fee1dd843eaecfc81dbd52f241220710", "6b32551e019a649dce9c7cf05080dcb73cd3f190b2267f4104587b2e2af1d5bb", "73de874ed890efccff124baa3b432c11ed7e98f22595387f34c1e685c8bb00cf", "95a0e72f7e669a2344b646e56c9f6e4f46cae2f733a6f3f14c21dbc6823cd735", "aa37ac0a3f87ef867f01848599c166f2aab31ad4bb87e6c2d31d696190c4142a", "aafde5c81c6b40b1070afa4b6815a9ab7c0eb98598ae41b789139f7c7bf6c2b7", "e623bf7556f90b3e153c7e9249cfacf616489f03f4c15e693f977cf3669a9d69", "f06b75274f2f0a10becf489b2e59a45a59a370cec1d8d200f1e6c1c4177a5322", "f5ecd02716b4461ccebc9eb8a647a62467ab8b9a8bd0792f1fe053592dbc1f2f"], "path": "\\Users\\root\\AppData\\Roaming\\Microsoft"}, {"hashes": ["11c8eebf53b4d766db14e28298a4ef0afcedfde1be7b35b7fa78442122e548f3", "20c67f1a33c600120dc44511c619d913ac39d789309dce93270e26dbcb7bcfe9", "30f12307fff7991f5565587758a3cddf0530db6808434c5b8646fd47b3d695af", "39690ae80613aee7e364ecdd2270038726df7c23c5b274aea350d6b05fadbc3a", "48b1df24e1a7e7fe8e14580b166395a92b73cf157797de16665d5b0bf7d7adc6", "695b4a38fde51379f6342135f70e3856fee1dd843eaecfc81dbd52f241220710", "6b32551e019a649dce9c7cf05080dcb73cd3f190b2267f4104587b2e2af1d5bb", "73de874ed890efccff124baa3b432c11ed7e98f22595387f34c1e685c8bb00cf", "95a0e72f7e669a2344b646e56c9f6e4f46cae2f733a6f3f14c21dbc6823cd735", "aa37ac0a3f87ef867f01848599c166f2aab31ad4bb87e6c2d31d696190c4142a", "aafde5c81c6b40b1070afa4b6815a9ab7c0eb98598ae41b789139f7c7bf6c2b7", "e623bf7556f90b3e153c7e9249cfacf616489f03f4c15e693f977cf3669a9d69", "f06b75274f2f0a10becf489b2e59a45a59a370cec1d8d200f1e6c1c4177a5322", "f5ecd02716b4461ccebc9eb8a647a62467ab8b9a8bd0792f1fe053592dbc1f2f"], "path": "\\Users\\root\\AppData\\Roaming\\Microsoft\\Windows"}, {"hashes": ["11c8eebf53b4d766db14e28298a4ef0afcedfde1be7b35b7fa78442122e548f3", "20c67f1a33c600120dc44511c619d913ac39d789309dce93270e26dbcb7bcfe9", "30f12307fff7991f5565587758a3cddf0530db6808434c5b8646fd47b3d695af", "39690ae80613aee7e364ecdd2270038726df7c23c5b274aea350d6b05fadbc3a", "48b1df24e1a7e7fe8e14580b166395a92b73cf157797de16665d5b0bf7d7adc6", "695b4a38fde51379f6342135f70e3856fee1dd843eaecfc81dbd52f241220710", "6b32551e019a649dce9c7cf05080dcb73cd3f190b2267f4104587b2e2af1d5bb", "73de874ed890efccff124baa3b432c11ed7e98f22595387f34c1e685c8bb00cf", "95a0e72f7e669a2344b646e56c9f6e4f46cae2f733a6f3f14c21dbc6823cd735", "aa37ac0a3f87ef867f01848599c166f2aab31ad4bb87e6c2d31d696190c4142a", "aafde5c81c6b40b1070afa4b6815a9ab7c0eb98598ae41b789139f7c7bf6c2b7", "e623bf7556f90b3e153c7e9249cfacf616489f03f4c15e693f977cf3669a9d69", "f06b75274f2f0a10becf489b2e59a45a59a370cec1d8d200f1e6c1c4177a5322", "f5ecd02716b4461ccebc9eb8a647a62467ab8b9a8bd0792f1fe053592dbc1f2f"], "path": "\\Users\\root\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu"}, {"hashes": ["11c8eebf53b4d766db14e28298a4ef0afcedfde1be7b35b7fa78442122e548f3", "20c67f1a33c600120dc44511c619d913ac39d789309dce93270e26dbcb7bcfe9", "30f12307fff7991f5565587758a3cddf0530db6808434c5b8646fd47b3d695af", "39690ae80613aee7e364ecdd2270038726df7c23c5b274aea350d6b05fadbc3a", "48b1df24e1a7e7fe8e14580b166395a92b73cf157797de16665d5b0bf7d7adc6", "695b4a38fde51379f6342135f70e3856fee1dd843eaecfc81dbd52f241220710", "6b32551e019a649dce9c7cf05080dcb73cd3f190b2267f4104587b2e2af1d5bb", "73de874ed890efccff124baa3b432c11ed7e98f22595387f34c1e685c8bb00cf", "95a0e72f7e669a2344b646e56c9f6e4f46cae2f733a6f3f14c21dbc6823cd735", "aa37ac0a3f87ef867f01848599c166f2aab31ad4bb87e6c2d31d696190c4142a", "aafde5c81c6b40b1070afa4b6815a9ab7c0eb98598ae41b789139f7c7bf6c2b7", "e623bf7556f90b3e153c7e9249cfacf616489f03f4c15e693f977cf3669a9d69", "f06b75274f2f0a10becf489b2e59a45a59a370cec1d8d200f1e6c1c4177a5322", "f5ecd02716b4461ccebc9eb8a647a62467ab8b9a8bd0792f1fe053592dbc1f2f"], "path": "\\Users\\root\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs"}, {"hashes": ["11c8eebf53b4d766db14e28298a4ef0afcedfde1be7b35b7fa78442122e548f3", "20c67f1a33c600120dc44511c619d913ac39d789309dce93270e26dbcb7bcfe9", "30f12307fff7991f5565587758a3cddf0530db6808434c5b8646fd47b3d695af", "39690ae80613aee7e364ecdd2270038726df7c23c5b274aea350d6b05fadbc3a", "48b1df24e1a7e7fe8e14580b166395a92b73cf157797de16665d5b0bf7d7adc6", "695b4a38fde51379f6342135f70e3856fee1dd843eaecfc81dbd52f241220710", "6b32551e019a649dce9c7cf05080dcb73cd3f190b2267f4104587b2e2af1d5bb", "73de874ed890efccff124baa3b432c11ed7e98f22595387f34c1e685c8bb00cf", "95a0e72f7e669a2344b646e56c9f6e4f46cae2f733a6f3f14c21dbc6823cd735", "aa37ac0a3f87ef867f01848599c166f2aab31ad4bb87e6c2d31d696190c4142a", "aafde5c81c6b40b1070afa4b6815a9ab7c0eb98598ae41b789139f7c7bf6c2b7", "e623bf7556f90b3e153c7e9249cfacf616489f03f4c15e693f977cf3669a9d69", "f06b75274f2f0a10becf489b2e59a45a59a370cec1d8d200f1e6c1c4177a5322", "f5ecd02716b4461ccebc9eb8a647a62467ab8b9a8bd0792f1fe053592dbc1f2f"], "path": "\\Users\\root\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup"}, {"hashes": ["11c8eebf53b4d766db14e28298a4ef0afcedfde1be7b35b7fa78442122e548f3", "20c67f1a33c600120dc44511c619d913ac39d789309dce93270e26dbcb7bcfe9", "30f12307fff7991f5565587758a3cddf0530db6808434c5b8646fd47b3d695af", "39690ae80613aee7e364ecdd2270038726df7c23c5b274aea350d6b05fadbc3a", "48b1df24e1a7e7fe8e14580b166395a92b73cf157797de16665d5b0bf7d7adc6", "695b4a38fde51379f6342135f70e3856fee1dd843eaecfc81dbd52f241220710", "6b32551e019a649dce9c7cf05080dcb73cd3f190b2267f4104587b2e2af1d5bb", "73de874ed890efccff124baa3b432c11ed7e98f22595387f34c1e685c8bb00cf", "95a0e72f7e669a2344b646e56c9f6e4f46cae2f733a6f3f14c21dbc6823cd735", "aa37ac0a3f87ef867f01848599c166f2aab31ad4bb87e6c2d31d696190c4142a", "aafde5c81c6b40b1070afa4b6815a9ab7c0eb98598ae41b789139f7c7bf6c2b7", "e623bf7556f90b3e153c7e9249cfacf616489f03f4c15e693f977cf3669a9d69", "f06b75274f2f0a10becf489b2e59a45a59a370cec1d8d200f1e6c1c4177a5322", "f5ecd02716b4461ccebc9eb8a647a62467ab8b9a8bd0792f1fe053592dbc1f2f"], "path": "\\Users\\root\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\StartupFile.exe"}, {"hashes": ["73de874ed890efccff124baa3b432c11ed7e98f22595387f34c1e685c8bb00cf", "95a0e72f7e669a2344b646e56c9f6e4f46cae2f733a6f3f14c21dbc6823cd735", "e0c0a74e16d2c64d01e424cf7fccc378a5581c40318aeb692ea4d282f385f8e8", "f5ecd02716b4461ccebc9eb8a647a62467ab8b9a8bd0792f1fe053592dbc1f2f"], "path": "\\<random, matching '[0-9]{5,6}'>.exe"}, {"hashes": ["f06b75274f2f0a10becf489b2e59a45a59a370cec1d8d200f1e6c1c4177a5322"], "path": "\\6273.exe"}, {"hashes": ["f06b75274f2f0a10becf489b2e59a45a59a370cec1d8d200f1e6c1c4177a5322"], "path": "\\6314.exe"}, {"hashes": ["f5ecd02716b4461ccebc9eb8a647a62467ab8b9a8bd0792f1fe053592dbc1f2f"], "path": "\\9925.exe"}], "ip": [{"hashes": ["95a0e72f7e669a2344b646e56c9f6e4f46cae2f733a6f3f14c21dbc6823cd735", "e0c0a74e16d2c64d01e424cf7fccc378a5581c40318aeb692ea4d282f385f8e8", "f5ecd02716b4461ccebc9eb8a647a62467ab8b9a8bd0792f1fe053592dbc1f2f"], "ip": "192[.]35[.]177[.]64"}, {"hashes": ["95a0e72f7e669a2344b646e56c9f6e4f46cae2f733a6f3f14c21dbc6823cd735", "e0c0a74e16d2c64d01e424cf7fccc378a5581c40318aeb692ea4d282f385f8e8", "f5ecd02716b4461ccebc9eb8a647a62467ab8b9a8bd0792f1fe053592dbc1f2f"], "ip": "93[.]93[.]131[.]124"}, {"hashes": ["95a0e72f7e669a2344b646e56c9f6e4f46cae2f733a6f3f14c21dbc6823cd735", "f5ecd02716b4461ccebc9eb8a647a62467ab8b9a8bd0792f1fe053592dbc1f2f"], "ip": "205[.]185[.]216[.]10"}, {"hashes": ["95a0e72f7e669a2344b646e56c9f6e4f46cae2f733a6f3f14c21dbc6823cd735", "f5ecd02716b4461ccebc9eb8a647a62467ab8b9a8bd0792f1fe053592dbc1f2f"], "ip": "14[.]0[.]63[.]141"}, {"hashes": ["e0c0a74e16d2c64d01e424cf7fccc378a5581c40318aeb692ea4d282f385f8e8"], "ip": "23[.]3[.]13[.]88"}, {"hashes": ["11c8eebf53b4d766db14e28298a4ef0afcedfde1be7b35b7fa78442122e548f3"], "ip": "15[.]11[.]35[.]18"}, {"hashes": ["11c8eebf53b4d766db14e28298a4ef0afcedfde1be7b35b7fa78442122e548f3"], "ip": "14[.]11[.]5[.]18"}, {"hashes": ["95a0e72f7e669a2344b646e56c9f6e4f46cae2f733a6f3f14c21dbc6823cd735"], "ip": "35[.]162[.]37[.]28"}, {"hashes": ["f5ecd02716b4461ccebc9eb8a647a62467ab8b9a8bd0792f1fe053592dbc1f2f"], "ip": "44[.]230[.]33[.]128"}, {"hashes": ["e0c0a74e16d2c64d01e424cf7fccc378a5581c40318aeb692ea4d282f385f8e8"], "ip": "14[.]0[.]32[.]88"}], "mutex": [{"hashes": ["11c8eebf53b4d766db14e28298a4ef0afcedfde1be7b35b7fa78442122e548f3", "20c67f1a33c600120dc44511c619d913ac39d789309dce93270e26dbcb7bcfe9", "30f12307fff7991f5565587758a3cddf0530db6808434c5b8646fd47b3d695af", "36dc87b9dcbba2c90d65fe4c87f262ed0a7519c435ff1a713ec8479f91a4080b", "39690ae80613aee7e364ecdd2270038726df7c23c5b274aea350d6b05fadbc3a", "48b1df24e1a7e7fe8e14580b166395a92b73cf157797de16665d5b0bf7d7adc6", "695b4a38fde51379f6342135f70e3856fee1dd843eaecfc81dbd52f241220710", "6b32551e019a649dce9c7cf05080dcb73cd3f190b2267f4104587b2e2af1d5bb", "73de874ed890efccff124baa3b432c11ed7e98f22595387f34c1e685c8bb00cf", "7a4b981c720d4ac454742bc77c84848525e8b876a4d4a1b09673e3c6d5781df7", "95a0e72f7e669a2344b646e56c9f6e4f46cae2f733a6f3f14c21dbc6823cd735", "aa37ac0a3f87ef867f01848599c166f2aab31ad4bb87e6c2d31d696190c4142a", "aafde5c81c6b40b1070afa4b6815a9ab7c0eb98598ae41b789139f7c7bf6c2b7", "b4d0b5e744efc51d9fbfa026b0b07f8df2c0de40723fa4c03dd050e62a7c5096", "e0c0a74e16d2c64d01e424cf7fccc378a5581c40318aeb692ea4d282f385f8e8", "e623bf7556f90b3e153c7e9249cfacf616489f03f4c15e693f977cf3669a9d69", "f06b75274f2f0a10becf489b2e59a45a59a370cec1d8d200f1e6c1c4177a5322", "f5ecd02716b4461ccebc9eb8a647a62467ab8b9a8bd0792f1fe053592dbc1f2f"], "name": "MUTEX_SINGLE_INSTANCE"}], "registry": [{"hashes": ["11c8eebf53b4d766db14e28298a4ef0afcedfde1be7b35b7fa78442122e548f3", "20c67f1a33c600120dc44511c619d913ac39d789309dce93270e26dbcb7bcfe9", "30f12307fff7991f5565587758a3cddf0530db6808434c5b8646fd47b3d695af", "36dc87b9dcbba2c90d65fe4c87f262ed0a7519c435ff1a713ec8479f91a4080b", "39690ae80613aee7e364ecdd2270038726df7c23c5b274aea350d6b05fadbc3a", "48b1df24e1a7e7fe8e14580b166395a92b73cf157797de16665d5b0bf7d7adc6", "695b4a38fde51379f6342135f70e3856fee1dd843eaecfc81dbd52f241220710", "6b32551e019a649dce9c7cf05080dcb73cd3f190b2267f4104587b2e2af1d5bb", "73de874ed890efccff124baa3b432c11ed7e98f22595387f34c1e685c8bb00cf", "95a0e72f7e669a2344b646e56c9f6e4f46cae2f733a6f3f14c21dbc6823cd735", "aa37ac0a3f87ef867f01848599c166f2aab31ad4bb87e6c2d31d696190c4142a", "b4d0b5e744efc51d9fbfa026b0b07f8df2c0de40723fa4c03dd050e62a7c5096", "e0c0a74e16d2c64d01e424cf7fccc378a5581c40318aeb692ea4d282f385f8e8", "e623bf7556f90b3e153c7e9249cfacf616489f03f4c15e693f977cf3669a9d69", "f06b75274f2f0a10becf489b2e59a45a59a370cec1d8d200f1e6c1c4177a5322", "f5ecd02716b4461ccebc9eb8a647a62467ab8b9a8bd0792f1fe053592dbc1f2f"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "RunKey"}, {"hashes": ["20c67f1a33c600120dc44511c619d913ac39d789309dce93270e26dbcb7bcfe9", "30f12307fff7991f5565587758a3cddf0530db6808434c5b8646fd47b3d695af", "36dc87b9dcbba2c90d65fe4c87f262ed0a7519c435ff1a713ec8479f91a4080b", "39690ae80613aee7e364ecdd2270038726df7c23c5b274aea350d6b05fadbc3a", "695b4a38fde51379f6342135f70e3856fee1dd843eaecfc81dbd52f241220710", "6b32551e019a649dce9c7cf05080dcb73cd3f190b2267f4104587b2e2af1d5bb", "73de874ed890efccff124baa3b432c11ed7e98f22595387f34c1e685c8bb00cf", "7a4b981c720d4ac454742bc77c84848525e8b876a4d4a1b09673e3c6d5781df7", "95a0e72f7e669a2344b646e56c9f6e4f46cae2f733a6f3f14c21dbc6823cd735", "aa37ac0a3f87ef867f01848599c166f2aab31ad4bb87e6c2d31d696190c4142a", "aafde5c81c6b40b1070afa4b6815a9ab7c0eb98598ae41b789139f7c7bf6c2b7", "b4d0b5e744efc51d9fbfa026b0b07f8df2c0de40723fa4c03dd050e62a7c5096", "e0c0a74e16d2c64d01e424cf7fccc378a5581c40318aeb692ea4d282f385f8e8", "e623bf7556f90b3e153c7e9249cfacf616489f03f4c15e693f977cf3669a9d69", "f06b75274f2f0a10becf489b2e59a45a59a370cec1d8d200f1e6c1c4177a5322", "f5ecd02716b4461ccebc9eb8a647a62467ab8b9a8bd0792f1fe053592dbc1f2f"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\CONTROL\\SAFEBOOT\\MINIMAL\\PEVSYSTEMSTART", "value_name": null}, {"hashes": ["20c67f1a33c600120dc44511c619d913ac39d789309dce93270e26dbcb7bcfe9", "30f12307fff7991f5565587758a3cddf0530db6808434c5b8646fd47b3d695af", "36dc87b9dcbba2c90d65fe4c87f262ed0a7519c435ff1a713ec8479f91a4080b", "39690ae80613aee7e364ecdd2270038726df7c23c5b274aea350d6b05fadbc3a", "695b4a38fde51379f6342135f70e3856fee1dd843eaecfc81dbd52f241220710", "6b32551e019a649dce9c7cf05080dcb73cd3f190b2267f4104587b2e2af1d5bb", "73de874ed890efccff124baa3b432c11ed7e98f22595387f34c1e685c8bb00cf", "7a4b981c720d4ac454742bc77c84848525e8b876a4d4a1b09673e3c6d5781df7", "95a0e72f7e669a2344b646e56c9f6e4f46cae2f733a6f3f14c21dbc6823cd735", "aa37ac0a3f87ef867f01848599c166f2aab31ad4bb87e6c2d31d696190c4142a", "aafde5c81c6b40b1070afa4b6815a9ab7c0eb98598ae41b789139f7c7bf6c2b7", "b4d0b5e744efc51d9fbfa026b0b07f8df2c0de40723fa4c03dd050e62a7c5096", "e0c0a74e16d2c64d01e424cf7fccc378a5581c40318aeb692ea4d282f385f8e8", "e623bf7556f90b3e153c7e9249cfacf616489f03f4c15e693f977cf3669a9d69", "f06b75274f2f0a10becf489b2e59a45a59a370cec1d8d200f1e6c1c4177a5322", "f5ecd02716b4461ccebc9eb8a647a62467ab8b9a8bd0792f1fe053592dbc1f2f"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\SYSTEM", "value_name": "StringName"}, {"hashes": ["20c67f1a33c600120dc44511c619d913ac39d789309dce93270e26dbcb7bcfe9", "30f12307fff7991f5565587758a3cddf0530db6808434c5b8646fd47b3d695af", "36dc87b9dcbba2c90d65fe4c87f262ed0a7519c435ff1a713ec8479f91a4080b", "39690ae80613aee7e364ecdd2270038726df7c23c5b274aea350d6b05fadbc3a", "695b4a38fde51379f6342135f70e3856fee1dd843eaecfc81dbd52f241220710", "6b32551e019a649dce9c7cf05080dcb73cd3f190b2267f4104587b2e2af1d5bb", "73de874ed890efccff124baa3b432c11ed7e98f22595387f34c1e685c8bb00cf", "7a4b981c720d4ac454742bc77c84848525e8b876a4d4a1b09673e3c6d5781df7", "95a0e72f7e669a2344b646e56c9f6e4f46cae2f733a6f3f14c21dbc6823cd735", "aa37ac0a3f87ef867f01848599c166f2aab31ad4bb87e6c2d31d696190c4142a", "aafde5c81c6b40b1070afa4b6815a9ab7c0eb98598ae41b789139f7c7bf6c2b7", "b4d0b5e744efc51d9fbfa026b0b07f8df2c0de40723fa4c03dd050e62a7c5096", "e0c0a74e16d2c64d01e424cf7fccc378a5581c40318aeb692ea4d282f385f8e8", "e623bf7556f90b3e153c7e9249cfacf616489f03f4c15e693f977cf3669a9d69", "f06b75274f2f0a10becf489b2e59a45a59a370cec1d8d200f1e6c1c4177a5322", "f5ecd02716b4461ccebc9eb8a647a62467ab8b9a8bd0792f1fe053592dbc1f2f"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\SYSTEM", "value_name": "ValueName"}, {"hashes": ["20c67f1a33c600120dc44511c619d913ac39d789309dce93270e26dbcb7bcfe9", "30f12307fff7991f5565587758a3cddf0530db6808434c5b8646fd47b3d695af", "36dc87b9dcbba2c90d65fe4c87f262ed0a7519c435ff1a713ec8479f91a4080b", "39690ae80613aee7e364ecdd2270038726df7c23c5b274aea350d6b05fadbc3a", "695b4a38fde51379f6342135f70e3856fee1dd843eaecfc81dbd52f241220710", "6b32551e019a649dce9c7cf05080dcb73cd3f190b2267f4104587b2e2af1d5bb", "73de874ed890efccff124baa3b432c11ed7e98f22595387f34c1e685c8bb00cf", "7a4b981c720d4ac454742bc77c84848525e8b876a4d4a1b09673e3c6d5781df7", "95a0e72f7e669a2344b646e56c9f6e4f46cae2f733a6f3f14c21dbc6823cd735", "aa37ac0a3f87ef867f01848599c166f2aab31ad4bb87e6c2d31d696190c4142a", "aafde5c81c6b40b1070afa4b6815a9ab7c0eb98598ae41b789139f7c7bf6c2b7", "b4d0b5e744efc51d9fbfa026b0b07f8df2c0de40723fa4c03dd050e62a7c5096", "e0c0a74e16d2c64d01e424cf7fccc378a5581c40318aeb692ea4d282f385f8e8", "e623bf7556f90b3e153c7e9249cfacf616489f03f4c15e693f977cf3669a9d69", "f06b75274f2f0a10becf489b2e59a45a59a370cec1d8d200f1e6c1c4177a5322", "f5ecd02716b4461ccebc9eb8a647a62467ab8b9a8bd0792f1fe053592dbc1f2f"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\CONTROL\\SAFEBOOT\\MINIMAL\\PEVSYSTEMSTART", "value_name": "StringName"}, {"hashes": ["20c67f1a33c600120dc44511c619d913ac39d789309dce93270e26dbcb7bcfe9", "30f12307fff7991f5565587758a3cddf0530db6808434c5b8646fd47b3d695af", "36dc87b9dcbba2c90d65fe4c87f262ed0a7519c435ff1a713ec8479f91a4080b", "39690ae80613aee7e364ecdd2270038726df7c23c5b274aea350d6b05fadbc3a", "695b4a38fde51379f6342135f70e3856fee1dd843eaecfc81dbd52f241220710", "6b32551e019a649dce9c7cf05080dcb73cd3f190b2267f4104587b2e2af1d5bb", "73de874ed890efccff124baa3b432c11ed7e98f22595387f34c1e685c8bb00cf", "7a4b981c720d4ac454742bc77c84848525e8b876a4d4a1b09673e3c6d5781df7", "95a0e72f7e669a2344b646e56c9f6e4f46cae2f733a6f3f14c21dbc6823cd735", "aa37ac0a3f87ef867f01848599c166f2aab31ad4bb87e6c2d31d696190c4142a", "aafde5c81c6b40b1070afa4b6815a9ab7c0eb98598ae41b789139f7c7bf6c2b7", "b4d0b5e744efc51d9fbfa026b0b07f8df2c0de40723fa4c03dd050e62a7c5096", "e0c0a74e16d2c64d01e424cf7fccc378a5581c40318aeb692ea4d282f385f8e8", "e623bf7556f90b3e153c7e9249cfacf616489f03f4c15e693f977cf3669a9d69", "f06b75274f2f0a10becf489b2e59a45a59a370cec1d8d200f1e6c1c4177a5322", "f5ecd02716b4461ccebc9eb8a647a62467ab8b9a8bd0792f1fe053592dbc1f2f"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\CONTROL\\SAFEBOOT\\MINIMAL\\PEVSYSTEMSTART", "value_name": "ValueName"}, {"hashes": ["20c67f1a33c600120dc44511c619d913ac39d789309dce93270e26dbcb7bcfe9", "30f12307fff7991f5565587758a3cddf0530db6808434c5b8646fd47b3d695af", "36dc87b9dcbba2c90d65fe4c87f262ed0a7519c435ff1a713ec8479f91a4080b", "39690ae80613aee7e364ecdd2270038726df7c23c5b274aea350d6b05fadbc3a", "695b4a38fde51379f6342135f70e3856fee1dd843eaecfc81dbd52f241220710", "6b32551e019a649dce9c7cf05080dcb73cd3f190b2267f4104587b2e2af1d5bb", "73de874ed890efccff124baa3b432c11ed7e98f22595387f34c1e685c8bb00cf", "7a4b981c720d4ac454742bc77c84848525e8b876a4d4a1b09673e3c6d5781df7", "95a0e72f7e669a2344b646e56c9f6e4f46cae2f733a6f3f14c21dbc6823cd735", "aa37ac0a3f87ef867f01848599c166f2aab31ad4bb87e6c2d31d696190c4142a", "aafde5c81c6b40b1070afa4b6815a9ab7c0eb98598ae41b789139f7c7bf6c2b7", "b4d0b5e744efc51d9fbfa026b0b07f8df2c0de40723fa4c03dd050e62a7c5096", "e0c0a74e16d2c64d01e424cf7fccc378a5581c40318aeb692ea4d282f385f8e8", "e623bf7556f90b3e153c7e9249cfacf616489f03f4c15e693f977cf3669a9d69", "f06b75274f2f0a10becf489b2e59a45a59a370cec1d8d200f1e6c1c4177a5322", "f5ecd02716b4461ccebc9eb8a647a62467ab8b9a8bd0792f1fe053592dbc1f2f"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\ACTION CENTER\\CHECKS\\{C8E6F269-B90A-4053-A3BE-499AFCEC98C4}.CHECK.0", "value_name": "CheckSetting"}, {"hashes": ["20c67f1a33c600120dc44511c619d913ac39d789309dce93270e26dbcb7bcfe9", "30f12307fff7991f5565587758a3cddf0530db6808434c5b8646fd47b3d695af", "36dc87b9dcbba2c90d65fe4c87f262ed0a7519c435ff1a713ec8479f91a4080b", "39690ae80613aee7e364ecdd2270038726df7c23c5b274aea350d6b05fadbc3a", "695b4a38fde51379f6342135f70e3856fee1dd843eaecfc81dbd52f241220710", "6b32551e019a649dce9c7cf05080dcb73cd3f190b2267f4104587b2e2af1d5bb", "73de874ed890efccff124baa3b432c11ed7e98f22595387f34c1e685c8bb00cf", "7a4b981c720d4ac454742bc77c84848525e8b876a4d4a1b09673e3c6d5781df7", "95a0e72f7e669a2344b646e56c9f6e4f46cae2f733a6f3f14c21dbc6823cd735", "aa37ac0a3f87ef867f01848599c166f2aab31ad4bb87e6c2d31d696190c4142a", "aafde5c81c6b40b1070afa4b6815a9ab7c0eb98598ae41b789139f7c7bf6c2b7", "e0c0a74e16d2c64d01e424cf7fccc378a5581c40318aeb692ea4d282f385f8e8", "e623bf7556f90b3e153c7e9249cfacf616489f03f4c15e693f977cf3669a9d69", "f06b75274f2f0a10becf489b2e59a45a59a370cec1d8d200f1e6c1c4177a5322", "f5ecd02716b4461ccebc9eb8a647a62467ab8b9a8bd0792f1fe053592dbc1f2f"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WSCSVC", "value_name": "Start"}, {"hashes": ["20c67f1a33c600120dc44511c619d913ac39d789309dce93270e26dbcb7bcfe9", "30f12307fff7991f5565587758a3cddf0530db6808434c5b8646fd47b3d695af", "36dc87b9dcbba2c90d65fe4c87f262ed0a7519c435ff1a713ec8479f91a4080b", "39690ae80613aee7e364ecdd2270038726df7c23c5b274aea350d6b05fadbc3a", "695b4a38fde51379f6342135f70e3856fee1dd843eaecfc81dbd52f241220710", "6b32551e019a649dce9c7cf05080dcb73cd3f190b2267f4104587b2e2af1d5bb", "73de874ed890efccff124baa3b432c11ed7e98f22595387f34c1e685c8bb00cf", "7a4b981c720d4ac454742bc77c84848525e8b876a4d4a1b09673e3c6d5781df7", "95a0e72f7e669a2344b646e56c9f6e4f46cae2f733a6f3f14c21dbc6823cd735", "aa37ac0a3f87ef867f01848599c166f2aab31ad4bb87e6c2d31d696190c4142a", "aafde5c81c6b40b1070afa4b6815a9ab7c0eb98598ae41b789139f7c7bf6c2b7", "e0c0a74e16d2c64d01e424cf7fccc378a5581c40318aeb692ea4d282f385f8e8", "e623bf7556f90b3e153c7e9249cfacf616489f03f4c15e693f977cf3669a9d69", "f06b75274f2f0a10becf489b2e59a45a59a370cec1d8d200f1e6c1c4177a5322", "f5ecd02716b4461ccebc9eb8a647a62467ab8b9a8bd0792f1fe053592dbc1f2f"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\MPSSVC", "value_name": "Start"}, {"hashes": ["20c67f1a33c600120dc44511c619d913ac39d789309dce93270e26dbcb7bcfe9", "30f12307fff7991f5565587758a3cddf0530db6808434c5b8646fd47b3d695af", "36dc87b9dcbba2c90d65fe4c87f262ed0a7519c435ff1a713ec8479f91a4080b", "39690ae80613aee7e364ecdd2270038726df7c23c5b274aea350d6b05fadbc3a", "695b4a38fde51379f6342135f70e3856fee1dd843eaecfc81dbd52f241220710", "6b32551e019a649dce9c7cf05080dcb73cd3f190b2267f4104587b2e2af1d5bb", "73de874ed890efccff124baa3b432c11ed7e98f22595387f34c1e685c8bb00cf", "7a4b981c720d4ac454742bc77c84848525e8b876a4d4a1b09673e3c6d5781df7", "95a0e72f7e669a2344b646e56c9f6e4f46cae2f733a6f3f14c21dbc6823cd735", "aa37ac0a3f87ef867f01848599c166f2aab31ad4bb87e6c2d31d696190c4142a", "aafde5c81c6b40b1070afa4b6815a9ab7c0eb98598ae41b789139f7c7bf6c2b7", "e0c0a74e16d2c64d01e424cf7fccc378a5581c40318aeb692ea4d282f385f8e8", "e623bf7556f90b3e153c7e9249cfacf616489f03f4c15e693f977cf3669a9d69", "f06b75274f2f0a10becf489b2e59a45a59a370cec1d8d200f1e6c1c4177a5322", "f5ecd02716b4461ccebc9eb8a647a62467ab8b9a8bd0792f1fe053592dbc1f2f"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\MPSSVC", "value_name": "DeleteFlag"}, {"hashes": ["20c67f1a33c600120dc44511c619d913ac39d789309dce93270e26dbcb7bcfe9", "30f12307fff7991f5565587758a3cddf0530db6808434c5b8646fd47b3d695af", "36dc87b9dcbba2c90d65fe4c87f262ed0a7519c435ff1a713ec8479f91a4080b", "39690ae80613aee7e364ecdd2270038726df7c23c5b274aea350d6b05fadbc3a", "695b4a38fde51379f6342135f70e3856fee1dd843eaecfc81dbd52f241220710", "6b32551e019a649dce9c7cf05080dcb73cd3f190b2267f4104587b2e2af1d5bb", "73de874ed890efccff124baa3b432c11ed7e98f22595387f34c1e685c8bb00cf", "7a4b981c720d4ac454742bc77c84848525e8b876a4d4a1b09673e3c6d5781df7", "95a0e72f7e669a2344b646e56c9f6e4f46cae2f733a6f3f14c21dbc6823cd735", "aa37ac0a3f87ef867f01848599c166f2aab31ad4bb87e6c2d31d696190c4142a", "aafde5c81c6b40b1070afa4b6815a9ab7c0eb98598ae41b789139f7c7bf6c2b7", "e0c0a74e16d2c64d01e424cf7fccc378a5581c40318aeb692ea4d282f385f8e8", "e623bf7556f90b3e153c7e9249cfacf616489f03f4c15e693f977cf3669a9d69", "f06b75274f2f0a10becf489b2e59a45a59a370cec1d8d200f1e6c1c4177a5322", "f5ecd02716b4461ccebc9eb8a647a62467ab8b9a8bd0792f1fe053592dbc1f2f"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WSCSVC", "value_name": "DeleteFlag"}, {"hashes": ["20c67f1a33c600120dc44511c619d913ac39d789309dce93270e26dbcb7bcfe9", "30f12307fff7991f5565587758a3cddf0530db6808434c5b8646fd47b3d695af", "36dc87b9dcbba2c90d65fe4c87f262ed0a7519c435ff1a713ec8479f91a4080b", "39690ae80613aee7e364ecdd2270038726df7c23c5b274aea350d6b05fadbc3a", "695b4a38fde51379f6342135f70e3856fee1dd843eaecfc81dbd52f241220710", "6b32551e019a649dce9c7cf05080dcb73cd3f190b2267f4104587b2e2af1d5bb", "73de874ed890efccff124baa3b432c11ed7e98f22595387f34c1e685c8bb00cf", "7a4b981c720d4ac454742bc77c84848525e8b876a4d4a1b09673e3c6d5781df7", "95a0e72f7e669a2344b646e56c9f6e4f46cae2f733a6f3f14c21dbc6823cd735", "aa37ac0a3f87ef867f01848599c166f2aab31ad4bb87e6c2d31d696190c4142a", "aafde5c81c6b40b1070afa4b6815a9ab7c0eb98598ae41b789139f7c7bf6c2b7", "e0c0a74e16d2c64d01e424cf7fccc378a5581c40318aeb692ea4d282f385f8e8", "e623bf7556f90b3e153c7e9249cfacf616489f03f4c15e693f977cf3669a9d69", "f06b75274f2f0a10becf489b2e59a45a59a370cec1d8d200f1e6c1c4177a5322", "f5ecd02716b4461ccebc9eb8a647a62467ab8b9a8bd0792f1fe053592dbc1f2f"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\BFE", "value_name": "Start"}, {"hashes": ["20c67f1a33c600120dc44511c619d913ac39d789309dce93270e26dbcb7bcfe9", "30f12307fff7991f5565587758a3cddf0530db6808434c5b8646fd47b3d695af", "36dc87b9dcbba2c90d65fe4c87f262ed0a7519c435ff1a713ec8479f91a4080b", "39690ae80613aee7e364ecdd2270038726df7c23c5b274aea350d6b05fadbc3a", "695b4a38fde51379f6342135f70e3856fee1dd843eaecfc81dbd52f241220710", "6b32551e019a649dce9c7cf05080dcb73cd3f190b2267f4104587b2e2af1d5bb", "73de874ed890efccff124baa3b432c11ed7e98f22595387f34c1e685c8bb00cf", "7a4b981c720d4ac454742bc77c84848525e8b876a4d4a1b09673e3c6d5781df7", "95a0e72f7e669a2344b646e56c9f6e4f46cae2f733a6f3f14c21dbc6823cd735", "aa37ac0a3f87ef867f01848599c166f2aab31ad4bb87e6c2d31d696190c4142a", "aafde5c81c6b40b1070afa4b6815a9ab7c0eb98598ae41b789139f7c7bf6c2b7", "e0c0a74e16d2c64d01e424cf7fccc378a5581c40318aeb692ea4d282f385f8e8", "e623bf7556f90b3e153c7e9249cfacf616489f03f4c15e693f977cf3669a9d69", "f06b75274f2f0a10becf489b2e59a45a59a370cec1d8d200f1e6c1c4177a5322", "f5ecd02716b4461ccebc9eb8a647a62467ab8b9a8bd0792f1fe053592dbc1f2f"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\BFE", "value_name": "DeleteFlag"}, {"hashes": ["6b32551e019a649dce9c7cf05080dcb73cd3f190b2267f4104587b2e2af1d5bb", "73de874ed890efccff124baa3b432c11ed7e98f22595387f34c1e685c8bb00cf", "7a4b981c720d4ac454742bc77c84848525e8b876a4d4a1b09673e3c6d5781df7", "95a0e72f7e669a2344b646e56c9f6e4f46cae2f733a6f3f14c21dbc6823cd735", "aafde5c81c6b40b1070afa4b6815a9ab7c0eb98598ae41b789139f7c7bf6c2b7", "b4d0b5e744efc51d9fbfa026b0b07f8df2c0de40723fa4c03dd050e62a7c5096", "e0c0a74e16d2c64d01e424cf7fccc378a5581c40318aeb692ea4d282f385f8e8", "f06b75274f2f0a10becf489b2e59a45a59a370cec1d8d200f1e6c1c4177a5322", "f5ecd02716b4461ccebc9eb8a647a62467ab8b9a8bd0792f1fe053592dbc1f2f"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\SHELLCOMPATIBILITY\\APPLICATIONS", "value_name": "VMware"}, {"hashes": ["6b32551e019a649dce9c7cf05080dcb73cd3f190b2267f4104587b2e2af1d5bb", "73de874ed890efccff124baa3b432c11ed7e98f22595387f34c1e685c8bb00cf", "7a4b981c720d4ac454742bc77c84848525e8b876a4d4a1b09673e3c6d5781df7", "95a0e72f7e669a2344b646e56c9f6e4f46cae2f733a6f3f14c21dbc6823cd735", "aafde5c81c6b40b1070afa4b6815a9ab7c0eb98598ae41b789139f7c7bf6c2b7", "b4d0b5e744efc51d9fbfa026b0b07f8df2c0de40723fa4c03dd050e62a7c5096", "e0c0a74e16d2c64d01e424cf7fccc378a5581c40318aeb692ea4d282f385f8e8", "f06b75274f2f0a10becf489b2e59a45a59a370cec1d8d200f1e6c1c4177a5322", "f5ecd02716b4461ccebc9eb8a647a62467ab8b9a8bd0792f1fe053592dbc1f2f"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\SHELLCOMPATIBILITY\\APPLICATIONS", "value_name": "VBox"}, {"hashes": ["6b32551e019a649dce9c7cf05080dcb73cd3f190b2267f4104587b2e2af1d5bb", "73de874ed890efccff124baa3b432c11ed7e98f22595387f34c1e685c8bb00cf", "7a4b981c720d4ac454742bc77c84848525e8b876a4d4a1b09673e3c6d5781df7", "95a0e72f7e669a2344b646e56c9f6e4f46cae2f733a6f3f14c21dbc6823cd735", "aafde5c81c6b40b1070afa4b6815a9ab7c0eb98598ae41b789139f7c7bf6c2b7", "b4d0b5e744efc51d9fbfa026b0b07f8df2c0de40723fa4c03dd050e62a7c5096", "e0c0a74e16d2c64d01e424cf7fccc378a5581c40318aeb692ea4d282f385f8e8", "f06b75274f2f0a10becf489b2e59a45a59a370cec1d8d200f1e6c1c4177a5322", "f5ecd02716b4461ccebc9eb8a647a62467ab8b9a8bd0792f1fe053592dbc1f2f"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\SHELLCOMPATIBILITY\\APPLICATIONS", "value_name": "Virtual Box"}, {"hashes": ["6b32551e019a649dce9c7cf05080dcb73cd3f190b2267f4104587b2e2af1d5bb", "73de874ed890efccff124baa3b432c11ed7e98f22595387f34c1e685c8bb00cf", "7a4b981c720d4ac454742bc77c84848525e8b876a4d4a1b09673e3c6d5781df7", "95a0e72f7e669a2344b646e56c9f6e4f46cae2f733a6f3f14c21dbc6823cd735", "aafde5c81c6b40b1070afa4b6815a9ab7c0eb98598ae41b789139f7c7bf6c2b7", "b4d0b5e744efc51d9fbfa026b0b07f8df2c0de40723fa4c03dd050e62a7c5096", "e0c0a74e16d2c64d01e424cf7fccc378a5581c40318aeb692ea4d282f385f8e8", "f06b75274f2f0a10becf489b2e59a45a59a370cec1d8d200f1e6c1c4177a5322", "f5ecd02716b4461ccebc9eb8a647a62467ab8b9a8bd0792f1fe053592dbc1f2f"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\SHELLCOMPATIBILITY\\APPLICATIONS", "value_name": "VirtualBox"}, {"hashes": ["11c8eebf53b4d766db14e28298a4ef0afcedfde1be7b35b7fa78442122e548f3", "6b32551e019a649dce9c7cf05080dcb73cd3f190b2267f4104587b2e2af1d5bb", "73de874ed890efccff124baa3b432c11ed7e98f22595387f34c1e685c8bb00cf", "95a0e72f7e669a2344b646e56c9f6e4f46cae2f733a6f3f14c21dbc6823cd735", "aafde5c81c6b40b1070afa4b6815a9ab7c0eb98598ae41b789139f7c7bf6c2b7", "b4d0b5e744efc51d9fbfa026b0b07f8df2c0de40723fa4c03dd050e62a7c5096", "f06b75274f2f0a10becf489b2e59a45a59a370cec1d8d200f1e6c1c4177a5322", "f5ecd02716b4461ccebc9eb8a647a62467ab8b9a8bd0792f1fe053592dbc1f2f"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "Norton"}, {"hashes": ["11c8eebf53b4d766db14e28298a4ef0afcedfde1be7b35b7fa78442122e548f3", "6b32551e019a649dce9c7cf05080dcb73cd3f190b2267f4104587b2e2af1d5bb", "73de874ed890efccff124baa3b432c11ed7e98f22595387f34c1e685c8bb00cf", "95a0e72f7e669a2344b646e56c9f6e4f46cae2f733a6f3f14c21dbc6823cd735", "aafde5c81c6b40b1070afa4b6815a9ab7c0eb98598ae41b789139f7c7bf6c2b7", "b4d0b5e744efc51d9fbfa026b0b07f8df2c0de40723fa4c03dd050e62a7c5096", "f06b75274f2f0a10becf489b2e59a45a59a370cec1d8d200f1e6c1c4177a5322", "f5ecd02716b4461ccebc9eb8a647a62467ab8b9a8bd0792f1fe053592dbc1f2f"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "Kaspersky"}, {"hashes": ["11c8eebf53b4d766db14e28298a4ef0afcedfde1be7b35b7fa78442122e548f3", "6b32551e019a649dce9c7cf05080dcb73cd3f190b2267f4104587b2e2af1d5bb", "73de874ed890efccff124baa3b432c11ed7e98f22595387f34c1e685c8bb00cf", "95a0e72f7e669a2344b646e56c9f6e4f46cae2f733a6f3f14c21dbc6823cd735", "aafde5c81c6b40b1070afa4b6815a9ab7c0eb98598ae41b789139f7c7bf6c2b7", "b4d0b5e744efc51d9fbfa026b0b07f8df2c0de40723fa4c03dd050e62a7c5096", "f06b75274f2f0a10becf489b2e59a45a59a370cec1d8d200f1e6c1c4177a5322", "f5ecd02716b4461ccebc9eb8a647a62467ab8b9a8bd0792f1fe053592dbc1f2f"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "PCCClient"}, {"hashes": ["11c8eebf53b4d766db14e28298a4ef0afcedfde1be7b35b7fa78442122e548f3", "36dc87b9dcbba2c90d65fe4c87f262ed0a7519c435ff1a713ec8479f91a4080b", "48b1df24e1a7e7fe8e14580b166395a92b73cf157797de16665d5b0bf7d7adc6", "7a4b981c720d4ac454742bc77c84848525e8b876a4d4a1b09673e3c6d5781df7", "aafde5c81c6b40b1070afa4b6815a9ab7c0eb98598ae41b789139f7c7bf6c2b7", "b4d0b5e744efc51d9fbfa026b0b07f8df2c0de40723fa4c03dd050e62a7c5096", "e0c0a74e16d2c64d01e424cf7fccc378a5581c40318aeb692ea4d282f385f8e8"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\EXPLORER\\ADVANCED", "value_name": "HideFileExt"}, {"hashes": ["73de874ed890efccff124baa3b432c11ed7e98f22595387f34c1e685c8bb00cf", "95a0e72f7e669a2344b646e56c9f6e4f46cae2f733a6f3f14c21dbc6823cd735", "f06b75274f2f0a10becf489b2e59a45a59a370cec1d8d200f1e6c1c4177a5322", "f5ecd02716b4461ccebc9eb8a647a62467ab8b9a8bd0792f1fe053592dbc1f2f"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\SYSTEMCERTIFICATES\\AUTHROOT\\CERTIFICATES\\F9B5B632455F9CBEEC575F80DCE96E2CC7B278B7", "value_name": "Blob"}]}, "reports_count": 18}, "Win.Malware.Zusy-9846696-0": {"bis": [{"bi": "pe-encrypted-section", "hashes": ["703dc3d15b6b04ab52820a352a2d6c4f6fe4217672b645a478169c6fae1b7649", "314eb31d3f5442559f72a17bb094bf877085e4ab0f3f75135368efb8a4b7c1b5", "70437e4a1f11ee31f7ede7630a6a806a5eb8025a5028f4d850d4adf071315887", "1fa46ce9b29bcf3b97d06b18cd1a417b2be686a92fa39d67be6274ec597e6f65", "a4a67bfecb7ae1f83223975395f2bec790e9587889185a704f20707b6db7e040", "f5e5fc53a2eaf6557d760f0f8e598305059ace1b32517634fed3c92746812a04", "8aacdc96b70e5c1ae05cd907aafa42fce1603575a47680c3f181136fffc75d34", "ecd3329c3fb8e735e78a75e810d29d476f7965c37206406d2a3d43f3776a0949", "aaf7886e6c9c2c4bff01a57a226a92dd02e6e3f4c8844cac3641c3e6f0b1615d", "9b6b4442bd37488e570de2ecb1e48bc4f537dcf86b756dd012d0d09b3a11efa6", "9f75d23933c9fd659f73770f89ba52880986f3dc3f50d0e50f621600cd69385a", "77c5a5fb8925f2931c9671bb570ee565806c9888bd7d3fa9412fa4a7e94dcec3", "656ab1d56affc39a84ac9f7fbd65b8cefa1ef53364ebd412e66421968b110e20", "75fab8efd859916d755bf7f81e54d6ca4fb989c3f37e29d6319c46897225e69e", "60af7e551f8007251606ad44e803d0c816d8452d6ab4158d9717fa16728cb733", "e72212a16ae91ecac558aa9422307887c8c1a10544d603b0b795e336def9d214"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "memory-execute-readwrite", "hashes": ["703dc3d15b6b04ab52820a352a2d6c4f6fe4217672b645a478169c6fae1b7649", "314eb31d3f5442559f72a17bb094bf877085e4ab0f3f75135368efb8a4b7c1b5", "70437e4a1f11ee31f7ede7630a6a806a5eb8025a5028f4d850d4adf071315887", "1fa46ce9b29bcf3b97d06b18cd1a417b2be686a92fa39d67be6274ec597e6f65", "a4a67bfecb7ae1f83223975395f2bec790e9587889185a704f20707b6db7e040", "f5e5fc53a2eaf6557d760f0f8e598305059ace1b32517634fed3c92746812a04", "8aacdc96b70e5c1ae05cd907aafa42fce1603575a47680c3f181136fffc75d34", "ecd3329c3fb8e735e78a75e810d29d476f7965c37206406d2a3d43f3776a0949", "aaf7886e6c9c2c4bff01a57a226a92dd02e6e3f4c8844cac3641c3e6f0b1615d", "9b6b4442bd37488e570de2ecb1e48bc4f537dcf86b756dd012d0d09b3a11efa6", "9f75d23933c9fd659f73770f89ba52880986f3dc3f50d0e50f621600cd69385a", "77c5a5fb8925f2931c9671bb570ee565806c9888bd7d3fa9412fa4a7e94dcec3", "656ab1d56affc39a84ac9f7fbd65b8cefa1ef53364ebd412e66421968b110e20", "75fab8efd859916d755bf7f81e54d6ca4fb989c3f37e29d6319c46897225e69e", "60af7e551f8007251606ad44e803d0c816d8452d6ab4158d9717fa16728cb733", "e72212a16ae91ecac558aa9422307887c8c1a10544d603b0b795e336def9d214"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["703dc3d15b6b04ab52820a352a2d6c4f6fe4217672b645a478169c6fae1b7649", "314eb31d3f5442559f72a17bb094bf877085e4ab0f3f75135368efb8a4b7c1b5", "70437e4a1f11ee31f7ede7630a6a806a5eb8025a5028f4d850d4adf071315887", "1fa46ce9b29bcf3b97d06b18cd1a417b2be686a92fa39d67be6274ec597e6f65", "a4a67bfecb7ae1f83223975395f2bec790e9587889185a704f20707b6db7e040", "f5e5fc53a2eaf6557d760f0f8e598305059ace1b32517634fed3c92746812a04", "8aacdc96b70e5c1ae05cd907aafa42fce1603575a47680c3f181136fffc75d34", "ecd3329c3fb8e735e78a75e810d29d476f7965c37206406d2a3d43f3776a0949", "aaf7886e6c9c2c4bff01a57a226a92dd02e6e3f4c8844cac3641c3e6f0b1615d", "9b6b4442bd37488e570de2ecb1e48bc4f537dcf86b756dd012d0d09b3a11efa6", "9f75d23933c9fd659f73770f89ba52880986f3dc3f50d0e50f621600cd69385a", "77c5a5fb8925f2931c9671bb570ee565806c9888bd7d3fa9412fa4a7e94dcec3", "656ab1d56affc39a84ac9f7fbd65b8cefa1ef53364ebd412e66421968b110e20", "75fab8efd859916d755bf7f81e54d6ca4fb989c3f37e29d6319c46897225e69e", "60af7e551f8007251606ad44e803d0c816d8452d6ab4158d9717fa16728cb733", "e72212a16ae91ecac558aa9422307887c8c1a10544d603b0b795e336def9d214"], "mitre_attack_tags": []}, {"bi": "modified-file-in-user-dir", "hashes": ["703dc3d15b6b04ab52820a352a2d6c4f6fe4217672b645a478169c6fae1b7649", "314eb31d3f5442559f72a17bb094bf877085e4ab0f3f75135368efb8a4b7c1b5", "70437e4a1f11ee31f7ede7630a6a806a5eb8025a5028f4d850d4adf071315887", "1fa46ce9b29bcf3b97d06b18cd1a417b2be686a92fa39d67be6274ec597e6f65", "a4a67bfecb7ae1f83223975395f2bec790e9587889185a704f20707b6db7e040", "f5e5fc53a2eaf6557d760f0f8e598305059ace1b32517634fed3c92746812a04", "8aacdc96b70e5c1ae05cd907aafa42fce1603575a47680c3f181136fffc75d34", "ecd3329c3fb8e735e78a75e810d29d476f7965c37206406d2a3d43f3776a0949", "aaf7886e6c9c2c4bff01a57a226a92dd02e6e3f4c8844cac3641c3e6f0b1615d", "9b6b4442bd37488e570de2ecb1e48bc4f537dcf86b756dd012d0d09b3a11efa6", "9f75d23933c9fd659f73770f89ba52880986f3dc3f50d0e50f621600cd69385a", "77c5a5fb8925f2931c9671bb570ee565806c9888bd7d3fa9412fa4a7e94dcec3", "656ab1d56affc39a84ac9f7fbd65b8cefa1ef53364ebd412e66421968b110e20", "75fab8efd859916d755bf7f81e54d6ca4fb989c3f37e29d6319c46897225e69e", "60af7e551f8007251606ad44e803d0c816d8452d6ab4158d9717fa16728cb733", "e72212a16ae91ecac558aa9422307887c8c1a10544d603b0b795e336def9d214"], "mitre_attack_tags": []}, {"bi": "cta-static-analyzer-malicious", "hashes": ["703dc3d15b6b04ab52820a352a2d6c4f6fe4217672b645a478169c6fae1b7649", "314eb31d3f5442559f72a17bb094bf877085e4ab0f3f75135368efb8a4b7c1b5", "70437e4a1f11ee31f7ede7630a6a806a5eb8025a5028f4d850d4adf071315887", "1fa46ce9b29bcf3b97d06b18cd1a417b2be686a92fa39d67be6274ec597e6f65", "a4a67bfecb7ae1f83223975395f2bec790e9587889185a704f20707b6db7e040", "f5e5fc53a2eaf6557d760f0f8e598305059ace1b32517634fed3c92746812a04", "8aacdc96b70e5c1ae05cd907aafa42fce1603575a47680c3f181136fffc75d34", "ecd3329c3fb8e735e78a75e810d29d476f7965c37206406d2a3d43f3776a0949", "aaf7886e6c9c2c4bff01a57a226a92dd02e6e3f4c8844cac3641c3e6f0b1615d", "9b6b4442bd37488e570de2ecb1e48bc4f537dcf86b756dd012d0d09b3a11efa6", "9f75d23933c9fd659f73770f89ba52880986f3dc3f50d0e50f621600cd69385a", "77c5a5fb8925f2931c9671bb570ee565806c9888bd7d3fa9412fa4a7e94dcec3", "656ab1d56affc39a84ac9f7fbd65b8cefa1ef53364ebd412e66421968b110e20", "75fab8efd859916d755bf7f81e54d6ca4fb989c3f37e29d6319c46897225e69e", "60af7e551f8007251606ad44e803d0c816d8452d6ab4158d9717fa16728cb733", "e72212a16ae91ecac558aa9422307887c8c1a10544d603b0b795e336def9d214"], "mitre_attack_tags": []}, {"bi": "excessive-foreign-memory-modification", "hashes": ["703dc3d15b6b04ab52820a352a2d6c4f6fe4217672b645a478169c6fae1b7649", "314eb31d3f5442559f72a17bb094bf877085e4ab0f3f75135368efb8a4b7c1b5", "70437e4a1f11ee31f7ede7630a6a806a5eb8025a5028f4d850d4adf071315887", "1fa46ce9b29bcf3b97d06b18cd1a417b2be686a92fa39d67be6274ec597e6f65", "a4a67bfecb7ae1f83223975395f2bec790e9587889185a704f20707b6db7e040", "f5e5fc53a2eaf6557d760f0f8e598305059ace1b32517634fed3c92746812a04", "8aacdc96b70e5c1ae05cd907aafa42fce1603575a47680c3f181136fffc75d34", "ecd3329c3fb8e735e78a75e810d29d476f7965c37206406d2a3d43f3776a0949", "aaf7886e6c9c2c4bff01a57a226a92dd02e6e3f4c8844cac3641c3e6f0b1615d", "9b6b4442bd37488e570de2ecb1e48bc4f537dcf86b756dd012d0d09b3a11efa6", "9f75d23933c9fd659f73770f89ba52880986f3dc3f50d0e50f621600cd69385a", "77c5a5fb8925f2931c9671bb570ee565806c9888bd7d3fa9412fa4a7e94dcec3", "656ab1d56affc39a84ac9f7fbd65b8cefa1ef53364ebd412e66421968b110e20", "75fab8efd859916d755bf7f81e54d6ca4fb989c3f37e29d6319c46897225e69e", "60af7e551f8007251606ad44e803d0c816d8452d6ab4158d9717fa16728cb733", "e72212a16ae91ecac558aa9422307887c8c1a10544d603b0b795e336def9d214"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "deleted-submitted-file", "hashes": ["703dc3d15b6b04ab52820a352a2d6c4f6fe4217672b645a478169c6fae1b7649", "314eb31d3f5442559f72a17bb094bf877085e4ab0f3f75135368efb8a4b7c1b5", "70437e4a1f11ee31f7ede7630a6a806a5eb8025a5028f4d850d4adf071315887", "1fa46ce9b29bcf3b97d06b18cd1a417b2be686a92fa39d67be6274ec597e6f65", "a4a67bfecb7ae1f83223975395f2bec790e9587889185a704f20707b6db7e040", "f5e5fc53a2eaf6557d760f0f8e598305059ace1b32517634fed3c92746812a04", "8aacdc96b70e5c1ae05cd907aafa42fce1603575a47680c3f181136fffc75d34", "ecd3329c3fb8e735e78a75e810d29d476f7965c37206406d2a3d43f3776a0949", "aaf7886e6c9c2c4bff01a57a226a92dd02e6e3f4c8844cac3641c3e6f0b1615d", "9b6b4442bd37488e570de2ecb1e48bc4f537dcf86b756dd012d0d09b3a11efa6", "9f75d23933c9fd659f73770f89ba52880986f3dc3f50d0e50f621600cd69385a", "77c5a5fb8925f2931c9671bb570ee565806c9888bd7d3fa9412fa4a7e94dcec3", "656ab1d56affc39a84ac9f7fbd65b8cefa1ef53364ebd412e66421968b110e20", "75fab8efd859916d755bf7f81e54d6ca4fb989c3f37e29d6319c46897225e69e", "60af7e551f8007251606ad44e803d0c816d8452d6ab4158d9717fa16728cb733", "e72212a16ae91ecac558aa9422307887c8c1a10544d603b0b795e336def9d214"], "mitre_attack_tags": ["TA0005", "T1070"]}, {"bi": "registry-autorun-key-data-dir", "hashes": ["703dc3d15b6b04ab52820a352a2d6c4f6fe4217672b645a478169c6fae1b7649", "314eb31d3f5442559f72a17bb094bf877085e4ab0f3f75135368efb8a4b7c1b5", "70437e4a1f11ee31f7ede7630a6a806a5eb8025a5028f4d850d4adf071315887", "1fa46ce9b29bcf3b97d06b18cd1a417b2be686a92fa39d67be6274ec597e6f65", "a4a67bfecb7ae1f83223975395f2bec790e9587889185a704f20707b6db7e040", "f5e5fc53a2eaf6557d760f0f8e598305059ace1b32517634fed3c92746812a04", "8aacdc96b70e5c1ae05cd907aafa42fce1603575a47680c3f181136fffc75d34", "ecd3329c3fb8e735e78a75e810d29d476f7965c37206406d2a3d43f3776a0949", "aaf7886e6c9c2c4bff01a57a226a92dd02e6e3f4c8844cac3641c3e6f0b1615d", "9b6b4442bd37488e570de2ecb1e48bc4f537dcf86b756dd012d0d09b3a11efa6", "9f75d23933c9fd659f73770f89ba52880986f3dc3f50d0e50f621600cd69385a", "77c5a5fb8925f2931c9671bb570ee565806c9888bd7d3fa9412fa4a7e94dcec3", "656ab1d56affc39a84ac9f7fbd65b8cefa1ef53364ebd412e66421968b110e20", "75fab8efd859916d755bf7f81e54d6ca4fb989c3f37e29d6319c46897225e69e", "60af7e551f8007251606ad44e803d0c816d8452d6ab4158d9717fa16728cb733", "e72212a16ae91ecac558aa9422307887c8c1a10544d603b0b795e336def9d214"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "registry-autorun-key-modified", "hashes": ["703dc3d15b6b04ab52820a352a2d6c4f6fe4217672b645a478169c6fae1b7649", "314eb31d3f5442559f72a17bb094bf877085e4ab0f3f75135368efb8a4b7c1b5", "70437e4a1f11ee31f7ede7630a6a806a5eb8025a5028f4d850d4adf071315887", "1fa46ce9b29bcf3b97d06b18cd1a417b2be686a92fa39d67be6274ec597e6f65", "a4a67bfecb7ae1f83223975395f2bec790e9587889185a704f20707b6db7e040", "f5e5fc53a2eaf6557d760f0f8e598305059ace1b32517634fed3c92746812a04", "8aacdc96b70e5c1ae05cd907aafa42fce1603575a47680c3f181136fffc75d34", "ecd3329c3fb8e735e78a75e810d29d476f7965c37206406d2a3d43f3776a0949", "aaf7886e6c9c2c4bff01a57a226a92dd02e6e3f4c8844cac3641c3e6f0b1615d", "9b6b4442bd37488e570de2ecb1e48bc4f537dcf86b756dd012d0d09b3a11efa6", "9f75d23933c9fd659f73770f89ba52880986f3dc3f50d0e50f621600cd69385a", "77c5a5fb8925f2931c9671bb570ee565806c9888bd7d3fa9412fa4a7e94dcec3", "656ab1d56affc39a84ac9f7fbd65b8cefa1ef53364ebd412e66421968b110e20", "75fab8efd859916d755bf7f81e54d6ca4fb989c3f37e29d6319c46897225e69e", "60af7e551f8007251606ad44e803d0c816d8452d6ab4158d9717fa16728cb733", "e72212a16ae91ecac558aa9422307887c8c1a10544d603b0b795e336def9d214"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "imports-IsDebuggerPresent", "hashes": ["703dc3d15b6b04ab52820a352a2d6c4f6fe4217672b645a478169c6fae1b7649", "314eb31d3f5442559f72a17bb094bf877085e4ab0f3f75135368efb8a4b7c1b5", "70437e4a1f11ee31f7ede7630a6a806a5eb8025a5028f4d850d4adf071315887", "1fa46ce9b29bcf3b97d06b18cd1a417b2be686a92fa39d67be6274ec597e6f65", "a4a67bfecb7ae1f83223975395f2bec790e9587889185a704f20707b6db7e040", "f5e5fc53a2eaf6557d760f0f8e598305059ace1b32517634fed3c92746812a04", "8aacdc96b70e5c1ae05cd907aafa42fce1603575a47680c3f181136fffc75d34", "ecd3329c3fb8e735e78a75e810d29d476f7965c37206406d2a3d43f3776a0949", "aaf7886e6c9c2c4bff01a57a226a92dd02e6e3f4c8844cac3641c3e6f0b1615d", "9b6b4442bd37488e570de2ecb1e48bc4f537dcf86b756dd012d0d09b3a11efa6", "9f75d23933c9fd659f73770f89ba52880986f3dc3f50d0e50f621600cd69385a", "77c5a5fb8925f2931c9671bb570ee565806c9888bd7d3fa9412fa4a7e94dcec3", "656ab1d56affc39a84ac9f7fbd65b8cefa1ef53364ebd412e66421968b110e20", "75fab8efd859916d755bf7f81e54d6ca4fb989c3f37e29d6319c46897225e69e", "60af7e551f8007251606ad44e803d0c816d8452d6ab4158d9717fa16728cb733", "e72212a16ae91ecac558aa9422307887c8c1a10544d603b0b795e336def9d214"], "mitre_attack_tags": []}, {"bi": "pe-imports-toolhelp", "hashes": ["703dc3d15b6b04ab52820a352a2d6c4f6fe4217672b645a478169c6fae1b7649", "314eb31d3f5442559f72a17bb094bf877085e4ab0f3f75135368efb8a4b7c1b5", "70437e4a1f11ee31f7ede7630a6a806a5eb8025a5028f4d850d4adf071315887", "1fa46ce9b29bcf3b97d06b18cd1a417b2be686a92fa39d67be6274ec597e6f65", "a4a67bfecb7ae1f83223975395f2bec790e9587889185a704f20707b6db7e040", "f5e5fc53a2eaf6557d760f0f8e598305059ace1b32517634fed3c92746812a04", "8aacdc96b70e5c1ae05cd907aafa42fce1603575a47680c3f181136fffc75d34", "ecd3329c3fb8e735e78a75e810d29d476f7965c37206406d2a3d43f3776a0949", "aaf7886e6c9c2c4bff01a57a226a92dd02e6e3f4c8844cac3641c3e6f0b1615d", "9b6b4442bd37488e570de2ecb1e48bc4f537dcf86b756dd012d0d09b3a11efa6", "9f75d23933c9fd659f73770f89ba52880986f3dc3f50d0e50f621600cd69385a", "77c5a5fb8925f2931c9671bb570ee565806c9888bd7d3fa9412fa4a7e94dcec3", "656ab1d56affc39a84ac9f7fbd65b8cefa1ef53364ebd412e66421968b110e20", "75fab8efd859916d755bf7f81e54d6ca4fb989c3f37e29d6319c46897225e69e", "60af7e551f8007251606ad44e803d0c816d8452d6ab4158d9717fa16728cb733", "e72212a16ae91ecac558aa9422307887c8c1a10544d603b0b795e336def9d214"], "mitre_attack_tags": ["TA0007", "T1057"]}, {"bi": "registry-ie-zone-settings-modified", "hashes": ["703dc3d15b6b04ab52820a352a2d6c4f6fe4217672b645a478169c6fae1b7649", "314eb31d3f5442559f72a17bb094bf877085e4ab0f3f75135368efb8a4b7c1b5", "70437e4a1f11ee31f7ede7630a6a806a5eb8025a5028f4d850d4adf071315887", "1fa46ce9b29bcf3b97d06b18cd1a417b2be686a92fa39d67be6274ec597e6f65", "a4a67bfecb7ae1f83223975395f2bec790e9587889185a704f20707b6db7e040", "f5e5fc53a2eaf6557d760f0f8e598305059ace1b32517634fed3c92746812a04", "8aacdc96b70e5c1ae05cd907aafa42fce1603575a47680c3f181136fffc75d34", "ecd3329c3fb8e735e78a75e810d29d476f7965c37206406d2a3d43f3776a0949", "aaf7886e6c9c2c4bff01a57a226a92dd02e6e3f4c8844cac3641c3e6f0b1615d", "9b6b4442bd37488e570de2ecb1e48bc4f537dcf86b756dd012d0d09b3a11efa6", "9f75d23933c9fd659f73770f89ba52880986f3dc3f50d0e50f621600cd69385a", "77c5a5fb8925f2931c9671bb570ee565806c9888bd7d3fa9412fa4a7e94dcec3", "656ab1d56affc39a84ac9f7fbd65b8cefa1ef53364ebd412e66421968b110e20", "75fab8efd859916d755bf7f81e54d6ca4fb989c3f37e29d6319c46897225e69e", "60af7e551f8007251606ad44e803d0c816d8452d6ab4158d9717fa16728cb733", "e72212a16ae91ecac558aa9422307887c8c1a10544d603b0b795e336def9d214"], "mitre_attack_tags": ["TA0005", "T1562"]}], "category": "Malware", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": false, "Threat Grid": true, "Umbrella": false, "WSA": false}, "description": "Zusy, also known as TinyBanker or Tinba, is a trojan that uses man-in-the-middle attacks to steal banking information. When executed, it injects itself into legitimate Windows processes such as \"explorer.exe\" and \"winver.exe\". When the user accesses a banking website, it displays a form to trick the user into submitting personal information.", "hashes": ["1fa46ce9b29bcf3b97d06b18cd1a417b2be686a92fa39d67be6274ec597e6f65", "314eb31d3f5442559f72a17bb094bf877085e4ab0f3f75135368efb8a4b7c1b5", "60af7e551f8007251606ad44e803d0c816d8452d6ab4158d9717fa16728cb733", "656ab1d56affc39a84ac9f7fbd65b8cefa1ef53364ebd412e66421968b110e20", "703dc3d15b6b04ab52820a352a2d6c4f6fe4217672b645a478169c6fae1b7649", "70437e4a1f11ee31f7ede7630a6a806a5eb8025a5028f4d850d4adf071315887", "75fab8efd859916d755bf7f81e54d6ca4fb989c3f37e29d6319c46897225e69e", "77c5a5fb8925f2931c9671bb570ee565806c9888bd7d3fa9412fa4a7e94dcec3", "8aacdc96b70e5c1ae05cd907aafa42fce1603575a47680c3f181136fffc75d34", "9b6b4442bd37488e570de2ecb1e48bc4f537dcf86b756dd012d0d09b3a11efa6", "9f75d23933c9fd659f73770f89ba52880986f3dc3f50d0e50f621600cd69385a", "a4a67bfecb7ae1f83223975395f2bec790e9587889185a704f20707b6db7e040", "aaf7886e6c9c2c4bff01a57a226a92dd02e6e3f4c8844cac3641c3e6f0b1615d", "e72212a16ae91ecac558aa9422307887c8c1a10544d603b0b795e336def9d214", "ecd3329c3fb8e735e78a75e810d29d476f7965c37206406d2a3d43f3776a0949", "f5e5fc53a2eaf6557d760f0f8e598305059ace1b32517634fed3c92746812a04"], "iocs": {"domain": [], "file": [{"hashes": ["1fa46ce9b29bcf3b97d06b18cd1a417b2be686a92fa39d67be6274ec597e6f65", "314eb31d3f5442559f72a17bb094bf877085e4ab0f3f75135368efb8a4b7c1b5", "60af7e551f8007251606ad44e803d0c816d8452d6ab4158d9717fa16728cb733", "656ab1d56affc39a84ac9f7fbd65b8cefa1ef53364ebd412e66421968b110e20", "703dc3d15b6b04ab52820a352a2d6c4f6fe4217672b645a478169c6fae1b7649", "70437e4a1f11ee31f7ede7630a6a806a5eb8025a5028f4d850d4adf071315887", "75fab8efd859916d755bf7f81e54d6ca4fb989c3f37e29d6319c46897225e69e", "77c5a5fb8925f2931c9671bb570ee565806c9888bd7d3fa9412fa4a7e94dcec3", "8aacdc96b70e5c1ae05cd907aafa42fce1603575a47680c3f181136fffc75d34", "9b6b4442bd37488e570de2ecb1e48bc4f537dcf86b756dd012d0d09b3a11efa6", "9f75d23933c9fd659f73770f89ba52880986f3dc3f50d0e50f621600cd69385a", "a4a67bfecb7ae1f83223975395f2bec790e9587889185a704f20707b6db7e040", "aaf7886e6c9c2c4bff01a57a226a92dd02e6e3f4c8844cac3641c3e6f0b1615d", "e72212a16ae91ecac558aa9422307887c8c1a10544d603b0b795e336def9d214", "ecd3329c3fb8e735e78a75e810d29d476f7965c37206406d2a3d43f3776a0949", "f5e5fc53a2eaf6557d760f0f8e598305059ace1b32517634fed3c92746812a04"], "path": "%LOCALAPPDATA%\\YuhaVgukg\\Sukac.dll"}, {"hashes": ["1fa46ce9b29bcf3b97d06b18cd1a417b2be686a92fa39d67be6274ec597e6f65", "314eb31d3f5442559f72a17bb094bf877085e4ab0f3f75135368efb8a4b7c1b5", "60af7e551f8007251606ad44e803d0c816d8452d6ab4158d9717fa16728cb733", "656ab1d56affc39a84ac9f7fbd65b8cefa1ef53364ebd412e66421968b110e20", "703dc3d15b6b04ab52820a352a2d6c4f6fe4217672b645a478169c6fae1b7649", "70437e4a1f11ee31f7ede7630a6a806a5eb8025a5028f4d850d4adf071315887", "75fab8efd859916d755bf7f81e54d6ca4fb989c3f37e29d6319c46897225e69e", "77c5a5fb8925f2931c9671bb570ee565806c9888bd7d3fa9412fa4a7e94dcec3", "8aacdc96b70e5c1ae05cd907aafa42fce1603575a47680c3f181136fffc75d34", "9b6b4442bd37488e570de2ecb1e48bc4f537dcf86b756dd012d0d09b3a11efa6", "9f75d23933c9fd659f73770f89ba52880986f3dc3f50d0e50f621600cd69385a", "a4a67bfecb7ae1f83223975395f2bec790e9587889185a704f20707b6db7e040", "aaf7886e6c9c2c4bff01a57a226a92dd02e6e3f4c8844cac3641c3e6f0b1615d", "e72212a16ae91ecac558aa9422307887c8c1a10544d603b0b795e336def9d214", "ecd3329c3fb8e735e78a75e810d29d476f7965c37206406d2a3d43f3776a0949", "f5e5fc53a2eaf6557d760f0f8e598305059ace1b32517634fed3c92746812a04"], "path": "%LOCALAPPDATA%\\YuhaVgukg\\WenUntu"}, {"hashes": ["1fa46ce9b29bcf3b97d06b18cd1a417b2be686a92fa39d67be6274ec597e6f65", "314eb31d3f5442559f72a17bb094bf877085e4ab0f3f75135368efb8a4b7c1b5", "60af7e551f8007251606ad44e803d0c816d8452d6ab4158d9717fa16728cb733", "656ab1d56affc39a84ac9f7fbd65b8cefa1ef53364ebd412e66421968b110e20", "703dc3d15b6b04ab52820a352a2d6c4f6fe4217672b645a478169c6fae1b7649", "70437e4a1f11ee31f7ede7630a6a806a5eb8025a5028f4d850d4adf071315887", "75fab8efd859916d755bf7f81e54d6ca4fb989c3f37e29d6319c46897225e69e", "77c5a5fb8925f2931c9671bb570ee565806c9888bd7d3fa9412fa4a7e94dcec3", "8aacdc96b70e5c1ae05cd907aafa42fce1603575a47680c3f181136fffc75d34", "9b6b4442bd37488e570de2ecb1e48bc4f537dcf86b756dd012d0d09b3a11efa6", "9f75d23933c9fd659f73770f89ba52880986f3dc3f50d0e50f621600cd69385a", "a4a67bfecb7ae1f83223975395f2bec790e9587889185a704f20707b6db7e040", "aaf7886e6c9c2c4bff01a57a226a92dd02e6e3f4c8844cac3641c3e6f0b1615d", "e72212a16ae91ecac558aa9422307887c8c1a10544d603b0b795e336def9d214", "ecd3329c3fb8e735e78a75e810d29d476f7965c37206406d2a3d43f3776a0949", "f5e5fc53a2eaf6557d760f0f8e598305059ace1b32517634fed3c92746812a04"], "path": "%LOCALAPPDATA%\\YuhaVgukg\\GakuYvak"}, {"hashes": ["1fa46ce9b29bcf3b97d06b18cd1a417b2be686a92fa39d67be6274ec597e6f65", "314eb31d3f5442559f72a17bb094bf877085e4ab0f3f75135368efb8a4b7c1b5", "60af7e551f8007251606ad44e803d0c816d8452d6ab4158d9717fa16728cb733", "656ab1d56affc39a84ac9f7fbd65b8cefa1ef53364ebd412e66421968b110e20", "703dc3d15b6b04ab52820a352a2d6c4f6fe4217672b645a478169c6fae1b7649", "77c5a5fb8925f2931c9671bb570ee565806c9888bd7d3fa9412fa4a7e94dcec3", "9b6b4442bd37488e570de2ecb1e48bc4f537dcf86b756dd012d0d09b3a11efa6", "9f75d23933c9fd659f73770f89ba52880986f3dc3f50d0e50f621600cd69385a", "a4a67bfecb7ae1f83223975395f2bec790e9587889185a704f20707b6db7e040", "e72212a16ae91ecac558aa9422307887c8c1a10544d603b0b795e336def9d214", "ecd3329c3fb8e735e78a75e810d29d476f7965c37206406d2a3d43f3776a0949"], "path": "%LOCALAPPDATA%\\YuhaVgukg"}], "ip": [], "mutex": [{"hashes": ["1fa46ce9b29bcf3b97d06b18cd1a417b2be686a92fa39d67be6274ec597e6f65", "314eb31d3f5442559f72a17bb094bf877085e4ab0f3f75135368efb8a4b7c1b5", "60af7e551f8007251606ad44e803d0c816d8452d6ab4158d9717fa16728cb733", "656ab1d56affc39a84ac9f7fbd65b8cefa1ef53364ebd412e66421968b110e20", "703dc3d15b6b04ab52820a352a2d6c4f6fe4217672b645a478169c6fae1b7649", "70437e4a1f11ee31f7ede7630a6a806a5eb8025a5028f4d850d4adf071315887", "75fab8efd859916d755bf7f81e54d6ca4fb989c3f37e29d6319c46897225e69e", "77c5a5fb8925f2931c9671bb570ee565806c9888bd7d3fa9412fa4a7e94dcec3", "8aacdc96b70e5c1ae05cd907aafa42fce1603575a47680c3f181136fffc75d34", "9b6b4442bd37488e570de2ecb1e48bc4f537dcf86b756dd012d0d09b3a11efa6", "9f75d23933c9fd659f73770f89ba52880986f3dc3f50d0e50f621600cd69385a", "a4a67bfecb7ae1f83223975395f2bec790e9587889185a704f20707b6db7e040", "aaf7886e6c9c2c4bff01a57a226a92dd02e6e3f4c8844cac3641c3e6f0b1615d", "e72212a16ae91ecac558aa9422307887c8c1a10544d603b0b795e336def9d214", "ecd3329c3fb8e735e78a75e810d29d476f7965c37206406d2a3d43f3776a0949", "f5e5fc53a2eaf6557d760f0f8e598305059ace1b32517634fed3c92746812a04"], "name": "{BBF16896-170A-4804-BA18-7822FFF7D070}"}], "registry": [{"hashes": ["1fa46ce9b29bcf3b97d06b18cd1a417b2be686a92fa39d67be6274ec597e6f65", "314eb31d3f5442559f72a17bb094bf877085e4ab0f3f75135368efb8a4b7c1b5", "60af7e551f8007251606ad44e803d0c816d8452d6ab4158d9717fa16728cb733", "656ab1d56affc39a84ac9f7fbd65b8cefa1ef53364ebd412e66421968b110e20", "703dc3d15b6b04ab52820a352a2d6c4f6fe4217672b645a478169c6fae1b7649", "70437e4a1f11ee31f7ede7630a6a806a5eb8025a5028f4d850d4adf071315887", "75fab8efd859916d755bf7f81e54d6ca4fb989c3f37e29d6319c46897225e69e", "77c5a5fb8925f2931c9671bb570ee565806c9888bd7d3fa9412fa4a7e94dcec3", "8aacdc96b70e5c1ae05cd907aafa42fce1603575a47680c3f181136fffc75d34", "9b6b4442bd37488e570de2ecb1e48bc4f537dcf86b756dd012d0d09b3a11efa6", "9f75d23933c9fd659f73770f89ba52880986f3dc3f50d0e50f621600cd69385a", "a4a67bfecb7ae1f83223975395f2bec790e9587889185a704f20707b6db7e040", "aaf7886e6c9c2c4bff01a57a226a92dd02e6e3f4c8844cac3641c3e6f0b1615d", "e72212a16ae91ecac558aa9422307887c8c1a10544d603b0b795e336def9d214", "ecd3329c3fb8e735e78a75e810d29d476f7965c37206406d2a3d43f3776a0949", "f5e5fc53a2eaf6557d760f0f8e598305059ace1b32517634fed3c92746812a04"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "4294833078"}, {"hashes": ["1fa46ce9b29bcf3b97d06b18cd1a417b2be686a92fa39d67be6274ec597e6f65", "314eb31d3f5442559f72a17bb094bf877085e4ab0f3f75135368efb8a4b7c1b5", "60af7e551f8007251606ad44e803d0c816d8452d6ab4158d9717fa16728cb733", "656ab1d56affc39a84ac9f7fbd65b8cefa1ef53364ebd412e66421968b110e20", "703dc3d15b6b04ab52820a352a2d6c4f6fe4217672b645a478169c6fae1b7649", "70437e4a1f11ee31f7ede7630a6a806a5eb8025a5028f4d850d4adf071315887", "75fab8efd859916d755bf7f81e54d6ca4fb989c3f37e29d6319c46897225e69e", "77c5a5fb8925f2931c9671bb570ee565806c9888bd7d3fa9412fa4a7e94dcec3", "8aacdc96b70e5c1ae05cd907aafa42fce1603575a47680c3f181136fffc75d34", "9b6b4442bd37488e570de2ecb1e48bc4f537dcf86b756dd012d0d09b3a11efa6", "9f75d23933c9fd659f73770f89ba52880986f3dc3f50d0e50f621600cd69385a", "a4a67bfecb7ae1f83223975395f2bec790e9587889185a704f20707b6db7e040", "aaf7886e6c9c2c4bff01a57a226a92dd02e6e3f4c8844cac3641c3e6f0b1615d", "e72212a16ae91ecac558aa9422307887c8c1a10544d603b0b795e336def9d214", "ecd3329c3fb8e735e78a75e810d29d476f7965c37206406d2a3d43f3776a0949", "f5e5fc53a2eaf6557d760f0f8e598305059ace1b32517634fed3c92746812a04"], "key": "<HKCU>\\SOFTWARE\\{47C5851A-4B01-4228-9EE3-D8E6DE7F68D4}", "value_name": null}, {"hashes": ["1fa46ce9b29bcf3b97d06b18cd1a417b2be686a92fa39d67be6274ec597e6f65", "314eb31d3f5442559f72a17bb094bf877085e4ab0f3f75135368efb8a4b7c1b5", "60af7e551f8007251606ad44e803d0c816d8452d6ab4158d9717fa16728cb733", "656ab1d56affc39a84ac9f7fbd65b8cefa1ef53364ebd412e66421968b110e20", "703dc3d15b6b04ab52820a352a2d6c4f6fe4217672b645a478169c6fae1b7649", "70437e4a1f11ee31f7ede7630a6a806a5eb8025a5028f4d850d4adf071315887", "75fab8efd859916d755bf7f81e54d6ca4fb989c3f37e29d6319c46897225e69e", "77c5a5fb8925f2931c9671bb570ee565806c9888bd7d3fa9412fa4a7e94dcec3", "8aacdc96b70e5c1ae05cd907aafa42fce1603575a47680c3f181136fffc75d34", "9b6b4442bd37488e570de2ecb1e48bc4f537dcf86b756dd012d0d09b3a11efa6", "9f75d23933c9fd659f73770f89ba52880986f3dc3f50d0e50f621600cd69385a", "a4a67bfecb7ae1f83223975395f2bec790e9587889185a704f20707b6db7e040", "aaf7886e6c9c2c4bff01a57a226a92dd02e6e3f4c8844cac3641c3e6f0b1615d", "e72212a16ae91ecac558aa9422307887c8c1a10544d603b0b795e336def9d214", "ecd3329c3fb8e735e78a75e810d29d476f7965c37206406d2a3d43f3776a0949", "f5e5fc53a2eaf6557d760f0f8e598305059ace1b32517634fed3c92746812a04"], "key": "<HKCU>\\SOFTWARE\\{47C5851A-4B01-4228-9EE3-D8E6DE7F68D4}\\1989", "value_name": null}, {"hashes": ["1fa46ce9b29bcf3b97d06b18cd1a417b2be686a92fa39d67be6274ec597e6f65", "314eb31d3f5442559f72a17bb094bf877085e4ab0f3f75135368efb8a4b7c1b5", "60af7e551f8007251606ad44e803d0c816d8452d6ab4158d9717fa16728cb733", "656ab1d56affc39a84ac9f7fbd65b8cefa1ef53364ebd412e66421968b110e20", "703dc3d15b6b04ab52820a352a2d6c4f6fe4217672b645a478169c6fae1b7649", "70437e4a1f11ee31f7ede7630a6a806a5eb8025a5028f4d850d4adf071315887", "75fab8efd859916d755bf7f81e54d6ca4fb989c3f37e29d6319c46897225e69e", "77c5a5fb8925f2931c9671bb570ee565806c9888bd7d3fa9412fa4a7e94dcec3", "8aacdc96b70e5c1ae05cd907aafa42fce1603575a47680c3f181136fffc75d34", "9b6b4442bd37488e570de2ecb1e48bc4f537dcf86b756dd012d0d09b3a11efa6", "9f75d23933c9fd659f73770f89ba52880986f3dc3f50d0e50f621600cd69385a", "a4a67bfecb7ae1f83223975395f2bec790e9587889185a704f20707b6db7e040", "aaf7886e6c9c2c4bff01a57a226a92dd02e6e3f4c8844cac3641c3e6f0b1615d", "e72212a16ae91ecac558aa9422307887c8c1a10544d603b0b795e336def9d214", "ecd3329c3fb8e735e78a75e810d29d476f7965c37206406d2a3d43f3776a0949", "f5e5fc53a2eaf6557d760f0f8e598305059ace1b32517634fed3c92746812a04"], "key": "<HKCU>\\SOFTWARE\\{47C5851A-4B01-4228-9EE3-D8E6DE7F68D4}\\1989", "value_name": "oieo"}]}, "reports_count": 16}, "Win.Packed.Dridex-9846082-1": {"bis": [{"bi": "pe-encrypted-section", "hashes": ["8d5bb3108d9fec1da62eb55f6f5be21d7958b03a44afc31c1c55275c42216912", "043c3ac07aed1995f1ff8bca35e470893ad9b04c1d2cb5cab908a197e282b6dc", "02616ff4abd1f0e2344de17212bfdb187601330e02dc5cb0a9390ee636365b65", "42cb05cdb7e2c931d7d86a55837ee6ca3eca52a99bf0c6b322605fbddbacdd12", "3ef957f17fad746719bf49a9242d25832b5a6fcd05267d800c3d1cc7d238fb19", "a5b666e0cce3020b15fd9d77db2ed0c955cccfade4df315d4ee0d357873350dd", "85629695382446ef6ec2b7874207429b737680149de0dfffcfc15242614f6086", "446f406d50ae3ec101f6a3b6fd942a11428dfb5456204bc96753effdb245d710", "5d9669ab405280ce153ad46fe14ee96825607a84718561eeb5869dad0ec7b6cb", "cc27e36940584e63510a03083434448f33bed6cc8c94b67310f1b980a6b6a776", "308f9e5583646a897d372a146c45ea358c29f9e4857c688f23da9ec66ec1f68f", "7452e7d560a570f841a2b064dcac9a1e2dda86497a7927c3746a3308daf596db", "af38cd40b8caf9ca19f0174baab3f10bd20c6531b68e03c03909213d4dbc532a", "18b655de153caf6def91628b68606333c91efad5f5827b3ec32bfceff662a36e", "ba0d4092f198ef4a8fb17617550e7ed6c875c81aaed9e8194b2d1db557632bf2", "a6a6e37f27efdbf46b542261c66343ae86b560caf0d9cd55333f0ff276ffd9c3", "7acf142aa1f91433902c6e14310d59fa67d3b1db657afac1f9a62af98c5b1b7d", "a2c64580e6e0d82a2249ad09667d09ca31edebe6b8f228377f7f6bb48b728737", "cf2c7e54001a98a71e0b478ab423bcb8dbe3b6eec685ec231af17f34d185a8ea", "caee503e803c565fe0525f0b88c79bccde6520cb4ee2f4cfb1ba6b58f426762a", "14650abd1bc508c04a1e336bb90fe3c79561c72babcc700da5f256f18f6a6823", "b0de96ea181d9c49d72660b7d6b824c1f28ca3cddeb6b525fd281ecfd3950442", "aaa425c7836465068597d9124769da735f0505b4d394d219970dd3d8366a066a", "07f42e9fbd8d371cd8c876635578b4ca2d998c43653faff79b5196835118f3e0", "af8588b958f39fb1bec1a1cb80960e31fcdc6915cf573541c2a7106b9298be33", "29cffc1cf83b0202634a97c088534f93d641c033a23651aee3e0d0341e499dfd", "5854538f45fb07597f4a98f0b4b78f4a994b3caec3d087e505f32132a9acc6f0", "eaea48b0b40baf3cb2e5aa27391faa6bbaffce7b05a3cfa80d43a527b358400c", "958e05988c19bba356b39e440850d1989d000bb07ba75524c314d3c6e3ca83f9", "dceb4870ebc9831e07fb662d9567a5ab3f7e3c1d0790b53cfe435ac37a44442c"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "memory-execute-readwrite", "hashes": ["8d5bb3108d9fec1da62eb55f6f5be21d7958b03a44afc31c1c55275c42216912", "043c3ac07aed1995f1ff8bca35e470893ad9b04c1d2cb5cab908a197e282b6dc", "02616ff4abd1f0e2344de17212bfdb187601330e02dc5cb0a9390ee636365b65", "42cb05cdb7e2c931d7d86a55837ee6ca3eca52a99bf0c6b322605fbddbacdd12", "3ef957f17fad746719bf49a9242d25832b5a6fcd05267d800c3d1cc7d238fb19", "a5b666e0cce3020b15fd9d77db2ed0c955cccfade4df315d4ee0d357873350dd", "85629695382446ef6ec2b7874207429b737680149de0dfffcfc15242614f6086", "446f406d50ae3ec101f6a3b6fd942a11428dfb5456204bc96753effdb245d710", "5d9669ab405280ce153ad46fe14ee96825607a84718561eeb5869dad0ec7b6cb", "cc27e36940584e63510a03083434448f33bed6cc8c94b67310f1b980a6b6a776", "308f9e5583646a897d372a146c45ea358c29f9e4857c688f23da9ec66ec1f68f", "7452e7d560a570f841a2b064dcac9a1e2dda86497a7927c3746a3308daf596db", "af38cd40b8caf9ca19f0174baab3f10bd20c6531b68e03c03909213d4dbc532a", "18b655de153caf6def91628b68606333c91efad5f5827b3ec32bfceff662a36e", "ba0d4092f198ef4a8fb17617550e7ed6c875c81aaed9e8194b2d1db557632bf2", "a6a6e37f27efdbf46b542261c66343ae86b560caf0d9cd55333f0ff276ffd9c3", "7acf142aa1f91433902c6e14310d59fa67d3b1db657afac1f9a62af98c5b1b7d", "a2c64580e6e0d82a2249ad09667d09ca31edebe6b8f228377f7f6bb48b728737", "cf2c7e54001a98a71e0b478ab423bcb8dbe3b6eec685ec231af17f34d185a8ea", "caee503e803c565fe0525f0b88c79bccde6520cb4ee2f4cfb1ba6b58f426762a", "14650abd1bc508c04a1e336bb90fe3c79561c72babcc700da5f256f18f6a6823", "b0de96ea181d9c49d72660b7d6b824c1f28ca3cddeb6b525fd281ecfd3950442", "aaa425c7836465068597d9124769da735f0505b4d394d219970dd3d8366a066a", "07f42e9fbd8d371cd8c876635578b4ca2d998c43653faff79b5196835118f3e0", "af8588b958f39fb1bec1a1cb80960e31fcdc6915cf573541c2a7106b9298be33", "29cffc1cf83b0202634a97c088534f93d641c033a23651aee3e0d0341e499dfd", "5854538f45fb07597f4a98f0b4b78f4a994b3caec3d087e505f32132a9acc6f0", "eaea48b0b40baf3cb2e5aa27391faa6bbaffce7b05a3cfa80d43a527b358400c", "958e05988c19bba356b39e440850d1989d000bb07ba75524c314d3c6e3ca83f9", "dceb4870ebc9831e07fb662d9567a5ab3f7e3c1d0790b53cfe435ac37a44442c"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "modified-file-in-user-dir", "hashes": ["8d5bb3108d9fec1da62eb55f6f5be21d7958b03a44afc31c1c55275c42216912", "043c3ac07aed1995f1ff8bca35e470893ad9b04c1d2cb5cab908a197e282b6dc", "02616ff4abd1f0e2344de17212bfdb187601330e02dc5cb0a9390ee636365b65", "42cb05cdb7e2c931d7d86a55837ee6ca3eca52a99bf0c6b322605fbddbacdd12", "3ef957f17fad746719bf49a9242d25832b5a6fcd05267d800c3d1cc7d238fb19", "a5b666e0cce3020b15fd9d77db2ed0c955cccfade4df315d4ee0d357873350dd", "85629695382446ef6ec2b7874207429b737680149de0dfffcfc15242614f6086", "446f406d50ae3ec101f6a3b6fd942a11428dfb5456204bc96753effdb245d710", "5d9669ab405280ce153ad46fe14ee96825607a84718561eeb5869dad0ec7b6cb", "cc27e36940584e63510a03083434448f33bed6cc8c94b67310f1b980a6b6a776", "308f9e5583646a897d372a146c45ea358c29f9e4857c688f23da9ec66ec1f68f", "7452e7d560a570f841a2b064dcac9a1e2dda86497a7927c3746a3308daf596db", "af38cd40b8caf9ca19f0174baab3f10bd20c6531b68e03c03909213d4dbc532a", "18b655de153caf6def91628b68606333c91efad5f5827b3ec32bfceff662a36e", "ba0d4092f198ef4a8fb17617550e7ed6c875c81aaed9e8194b2d1db557632bf2", "a6a6e37f27efdbf46b542261c66343ae86b560caf0d9cd55333f0ff276ffd9c3", "7acf142aa1f91433902c6e14310d59fa67d3b1db657afac1f9a62af98c5b1b7d", "a2c64580e6e0d82a2249ad09667d09ca31edebe6b8f228377f7f6bb48b728737", "cf2c7e54001a98a71e0b478ab423bcb8dbe3b6eec685ec231af17f34d185a8ea", "caee503e803c565fe0525f0b88c79bccde6520cb4ee2f4cfb1ba6b58f426762a", "14650abd1bc508c04a1e336bb90fe3c79561c72babcc700da5f256f18f6a6823", "b0de96ea181d9c49d72660b7d6b824c1f28ca3cddeb6b525fd281ecfd3950442", "aaa425c7836465068597d9124769da735f0505b4d394d219970dd3d8366a066a", "07f42e9fbd8d371cd8c876635578b4ca2d998c43653faff79b5196835118f3e0", "af8588b958f39fb1bec1a1cb80960e31fcdc6915cf573541c2a7106b9298be33", "29cffc1cf83b0202634a97c088534f93d641c033a23651aee3e0d0341e499dfd", "5854538f45fb07597f4a98f0b4b78f4a994b3caec3d087e505f32132a9acc6f0", "eaea48b0b40baf3cb2e5aa27391faa6bbaffce7b05a3cfa80d43a527b358400c", "958e05988c19bba356b39e440850d1989d000bb07ba75524c314d3c6e3ca83f9", "dceb4870ebc9831e07fb662d9567a5ab3f7e3c1d0790b53cfe435ac37a44442c"], "mitre_attack_tags": []}, {"bi": "cta-static-analyzer-malicious", "hashes": ["8d5bb3108d9fec1da62eb55f6f5be21d7958b03a44afc31c1c55275c42216912", "043c3ac07aed1995f1ff8bca35e470893ad9b04c1d2cb5cab908a197e282b6dc", "02616ff4abd1f0e2344de17212bfdb187601330e02dc5cb0a9390ee636365b65", "42cb05cdb7e2c931d7d86a55837ee6ca3eca52a99bf0c6b322605fbddbacdd12", "3ef957f17fad746719bf49a9242d25832b5a6fcd05267d800c3d1cc7d238fb19", "a5b666e0cce3020b15fd9d77db2ed0c955cccfade4df315d4ee0d357873350dd", "85629695382446ef6ec2b7874207429b737680149de0dfffcfc15242614f6086", "446f406d50ae3ec101f6a3b6fd942a11428dfb5456204bc96753effdb245d710", "5d9669ab405280ce153ad46fe14ee96825607a84718561eeb5869dad0ec7b6cb", "cc27e36940584e63510a03083434448f33bed6cc8c94b67310f1b980a6b6a776", "308f9e5583646a897d372a146c45ea358c29f9e4857c688f23da9ec66ec1f68f", "7452e7d560a570f841a2b064dcac9a1e2dda86497a7927c3746a3308daf596db", "af38cd40b8caf9ca19f0174baab3f10bd20c6531b68e03c03909213d4dbc532a", "18b655de153caf6def91628b68606333c91efad5f5827b3ec32bfceff662a36e", "ba0d4092f198ef4a8fb17617550e7ed6c875c81aaed9e8194b2d1db557632bf2", "a6a6e37f27efdbf46b542261c66343ae86b560caf0d9cd55333f0ff276ffd9c3", "7acf142aa1f91433902c6e14310d59fa67d3b1db657afac1f9a62af98c5b1b7d", "a2c64580e6e0d82a2249ad09667d09ca31edebe6b8f228377f7f6bb48b728737", "cf2c7e54001a98a71e0b478ab423bcb8dbe3b6eec685ec231af17f34d185a8ea", "caee503e803c565fe0525f0b88c79bccde6520cb4ee2f4cfb1ba6b58f426762a", "14650abd1bc508c04a1e336bb90fe3c79561c72babcc700da5f256f18f6a6823", "b0de96ea181d9c49d72660b7d6b824c1f28ca3cddeb6b525fd281ecfd3950442", "aaa425c7836465068597d9124769da735f0505b4d394d219970dd3d8366a066a", "07f42e9fbd8d371cd8c876635578b4ca2d998c43653faff79b5196835118f3e0", "af8588b958f39fb1bec1a1cb80960e31fcdc6915cf573541c2a7106b9298be33", "29cffc1cf83b0202634a97c088534f93d641c033a23651aee3e0d0341e499dfd", "5854538f45fb07597f4a98f0b4b78f4a994b3caec3d087e505f32132a9acc6f0", "eaea48b0b40baf3cb2e5aa27391faa6bbaffce7b05a3cfa80d43a527b358400c", "958e05988c19bba356b39e440850d1989d000bb07ba75524c314d3c6e3ca83f9", "dceb4870ebc9831e07fb662d9567a5ab3f7e3c1d0790b53cfe435ac37a44442c"], "mitre_attack_tags": []}, {"bi": "dns-query-nxdomain", "hashes": ["8d5bb3108d9fec1da62eb55f6f5be21d7958b03a44afc31c1c55275c42216912", "043c3ac07aed1995f1ff8bca35e470893ad9b04c1d2cb5cab908a197e282b6dc", "02616ff4abd1f0e2344de17212bfdb187601330e02dc5cb0a9390ee636365b65", "42cb05cdb7e2c931d7d86a55837ee6ca3eca52a99bf0c6b322605fbddbacdd12", "3ef957f17fad746719bf49a9242d25832b5a6fcd05267d800c3d1cc7d238fb19", "a5b666e0cce3020b15fd9d77db2ed0c955cccfade4df315d4ee0d357873350dd", "85629695382446ef6ec2b7874207429b737680149de0dfffcfc15242614f6086", "446f406d50ae3ec101f6a3b6fd942a11428dfb5456204bc96753effdb245d710", "5d9669ab405280ce153ad46fe14ee96825607a84718561eeb5869dad0ec7b6cb", "cc27e36940584e63510a03083434448f33bed6cc8c94b67310f1b980a6b6a776", "308f9e5583646a897d372a146c45ea358c29f9e4857c688f23da9ec66ec1f68f", "7452e7d560a570f841a2b064dcac9a1e2dda86497a7927c3746a3308daf596db", "af38cd40b8caf9ca19f0174baab3f10bd20c6531b68e03c03909213d4dbc532a", "18b655de153caf6def91628b68606333c91efad5f5827b3ec32bfceff662a36e", "ba0d4092f198ef4a8fb17617550e7ed6c875c81aaed9e8194b2d1db557632bf2", "a6a6e37f27efdbf46b542261c66343ae86b560caf0d9cd55333f0ff276ffd9c3", "7acf142aa1f91433902c6e14310d59fa67d3b1db657afac1f9a62af98c5b1b7d", "a2c64580e6e0d82a2249ad09667d09ca31edebe6b8f228377f7f6bb48b728737", "cf2c7e54001a98a71e0b478ab423bcb8dbe3b6eec685ec231af17f34d185a8ea", "caee503e803c565fe0525f0b88c79bccde6520cb4ee2f4cfb1ba6b58f426762a", "14650abd1bc508c04a1e336bb90fe3c79561c72babcc700da5f256f18f6a6823", "b0de96ea181d9c49d72660b7d6b824c1f28ca3cddeb6b525fd281ecfd3950442", "aaa425c7836465068597d9124769da735f0505b4d394d219970dd3d8366a066a", "07f42e9fbd8d371cd8c876635578b4ca2d998c43653faff79b5196835118f3e0", "af8588b958f39fb1bec1a1cb80960e31fcdc6915cf573541c2a7106b9298be33", "29cffc1cf83b0202634a97c088534f93d641c033a23651aee3e0d0341e499dfd", "5854538f45fb07597f4a98f0b4b78f4a994b3caec3d087e505f32132a9acc6f0", "eaea48b0b40baf3cb2e5aa27391faa6bbaffce7b05a3cfa80d43a527b358400c", "958e05988c19bba356b39e440850d1989d000bb07ba75524c314d3c6e3ca83f9", "dceb4870ebc9831e07fb662d9567a5ab3f7e3c1d0790b53cfe435ac37a44442c"], "mitre_attack_tags": []}, {"bi": "deleted-submitted-file", "hashes": ["8d5bb3108d9fec1da62eb55f6f5be21d7958b03a44afc31c1c55275c42216912", "043c3ac07aed1995f1ff8bca35e470893ad9b04c1d2cb5cab908a197e282b6dc", "02616ff4abd1f0e2344de17212bfdb187601330e02dc5cb0a9390ee636365b65", "42cb05cdb7e2c931d7d86a55837ee6ca3eca52a99bf0c6b322605fbddbacdd12", "3ef957f17fad746719bf49a9242d25832b5a6fcd05267d800c3d1cc7d238fb19", "a5b666e0cce3020b15fd9d77db2ed0c955cccfade4df315d4ee0d357873350dd", "85629695382446ef6ec2b7874207429b737680149de0dfffcfc15242614f6086", "446f406d50ae3ec101f6a3b6fd942a11428dfb5456204bc96753effdb245d710", "5d9669ab405280ce153ad46fe14ee96825607a84718561eeb5869dad0ec7b6cb", "cc27e36940584e63510a03083434448f33bed6cc8c94b67310f1b980a6b6a776", "308f9e5583646a897d372a146c45ea358c29f9e4857c688f23da9ec66ec1f68f", "7452e7d560a570f841a2b064dcac9a1e2dda86497a7927c3746a3308daf596db", "af38cd40b8caf9ca19f0174baab3f10bd20c6531b68e03c03909213d4dbc532a", "18b655de153caf6def91628b68606333c91efad5f5827b3ec32bfceff662a36e", "ba0d4092f198ef4a8fb17617550e7ed6c875c81aaed9e8194b2d1db557632bf2", "a6a6e37f27efdbf46b542261c66343ae86b560caf0d9cd55333f0ff276ffd9c3", "7acf142aa1f91433902c6e14310d59fa67d3b1db657afac1f9a62af98c5b1b7d", "a2c64580e6e0d82a2249ad09667d09ca31edebe6b8f228377f7f6bb48b728737", "cf2c7e54001a98a71e0b478ab423bcb8dbe3b6eec685ec231af17f34d185a8ea", "caee503e803c565fe0525f0b88c79bccde6520cb4ee2f4cfb1ba6b58f426762a", "14650abd1bc508c04a1e336bb90fe3c79561c72babcc700da5f256f18f6a6823", "b0de96ea181d9c49d72660b7d6b824c1f28ca3cddeb6b525fd281ecfd3950442", "aaa425c7836465068597d9124769da735f0505b4d394d219970dd3d8366a066a", "07f42e9fbd8d371cd8c876635578b4ca2d998c43653faff79b5196835118f3e0", "af8588b958f39fb1bec1a1cb80960e31fcdc6915cf573541c2a7106b9298be33", "29cffc1cf83b0202634a97c088534f93d641c033a23651aee3e0d0341e499dfd", "5854538f45fb07597f4a98f0b4b78f4a994b3caec3d087e505f32132a9acc6f0", "eaea48b0b40baf3cb2e5aa27391faa6bbaffce7b05a3cfa80d43a527b358400c", "958e05988c19bba356b39e440850d1989d000bb07ba75524c314d3c6e3ca83f9", "dceb4870ebc9831e07fb662d9567a5ab3f7e3c1d0790b53cfe435ac37a44442c"], "mitre_attack_tags": ["TA0005", "T1070"]}, {"bi": "network-dns-safe-categories", "hashes": ["8d5bb3108d9fec1da62eb55f6f5be21d7958b03a44afc31c1c55275c42216912", "043c3ac07aed1995f1ff8bca35e470893ad9b04c1d2cb5cab908a197e282b6dc", "02616ff4abd1f0e2344de17212bfdb187601330e02dc5cb0a9390ee636365b65", "42cb05cdb7e2c931d7d86a55837ee6ca3eca52a99bf0c6b322605fbddbacdd12", "3ef957f17fad746719bf49a9242d25832b5a6fcd05267d800c3d1cc7d238fb19", "a5b666e0cce3020b15fd9d77db2ed0c955cccfade4df315d4ee0d357873350dd", "85629695382446ef6ec2b7874207429b737680149de0dfffcfc15242614f6086", "446f406d50ae3ec101f6a3b6fd942a11428dfb5456204bc96753effdb245d710", "5d9669ab405280ce153ad46fe14ee96825607a84718561eeb5869dad0ec7b6cb", "cc27e36940584e63510a03083434448f33bed6cc8c94b67310f1b980a6b6a776", "308f9e5583646a897d372a146c45ea358c29f9e4857c688f23da9ec66ec1f68f", "7452e7d560a570f841a2b064dcac9a1e2dda86497a7927c3746a3308daf596db", "af38cd40b8caf9ca19f0174baab3f10bd20c6531b68e03c03909213d4dbc532a", "18b655de153caf6def91628b68606333c91efad5f5827b3ec32bfceff662a36e", "ba0d4092f198ef4a8fb17617550e7ed6c875c81aaed9e8194b2d1db557632bf2", "a6a6e37f27efdbf46b542261c66343ae86b560caf0d9cd55333f0ff276ffd9c3", "7acf142aa1f91433902c6e14310d59fa67d3b1db657afac1f9a62af98c5b1b7d", "a2c64580e6e0d82a2249ad09667d09ca31edebe6b8f228377f7f6bb48b728737", "cf2c7e54001a98a71e0b478ab423bcb8dbe3b6eec685ec231af17f34d185a8ea", "caee503e803c565fe0525f0b88c79bccde6520cb4ee2f4cfb1ba6b58f426762a", "14650abd1bc508c04a1e336bb90fe3c79561c72babcc700da5f256f18f6a6823", "b0de96ea181d9c49d72660b7d6b824c1f28ca3cddeb6b525fd281ecfd3950442", "aaa425c7836465068597d9124769da735f0505b4d394d219970dd3d8366a066a", "07f42e9fbd8d371cd8c876635578b4ca2d998c43653faff79b5196835118f3e0", "af8588b958f39fb1bec1a1cb80960e31fcdc6915cf573541c2a7106b9298be33", "29cffc1cf83b0202634a97c088534f93d641c033a23651aee3e0d0341e499dfd", "5854538f45fb07597f4a98f0b4b78f4a994b3caec3d087e505f32132a9acc6f0", "eaea48b0b40baf3cb2e5aa27391faa6bbaffce7b05a3cfa80d43a527b358400c", "958e05988c19bba356b39e440850d1989d000bb07ba75524c314d3c6e3ca83f9", "dceb4870ebc9831e07fb662d9567a5ab3f7e3c1d0790b53cfe435ac37a44442c"], "mitre_attack_tags": []}, {"bi": "windows-util-nslookup", "hashes": ["8d5bb3108d9fec1da62eb55f6f5be21d7958b03a44afc31c1c55275c42216912", "043c3ac07aed1995f1ff8bca35e470893ad9b04c1d2cb5cab908a197e282b6dc", "02616ff4abd1f0e2344de17212bfdb187601330e02dc5cb0a9390ee636365b65", "42cb05cdb7e2c931d7d86a55837ee6ca3eca52a99bf0c6b322605fbddbacdd12", "3ef957f17fad746719bf49a9242d25832b5a6fcd05267d800c3d1cc7d238fb19", "a5b666e0cce3020b15fd9d77db2ed0c955cccfade4df315d4ee0d357873350dd", "85629695382446ef6ec2b7874207429b737680149de0dfffcfc15242614f6086", "446f406d50ae3ec101f6a3b6fd942a11428dfb5456204bc96753effdb245d710", "5d9669ab405280ce153ad46fe14ee96825607a84718561eeb5869dad0ec7b6cb", "cc27e36940584e63510a03083434448f33bed6cc8c94b67310f1b980a6b6a776", "308f9e5583646a897d372a146c45ea358c29f9e4857c688f23da9ec66ec1f68f", "7452e7d560a570f841a2b064dcac9a1e2dda86497a7927c3746a3308daf596db", "af38cd40b8caf9ca19f0174baab3f10bd20c6531b68e03c03909213d4dbc532a", "18b655de153caf6def91628b68606333c91efad5f5827b3ec32bfceff662a36e", "ba0d4092f198ef4a8fb17617550e7ed6c875c81aaed9e8194b2d1db557632bf2", "a6a6e37f27efdbf46b542261c66343ae86b560caf0d9cd55333f0ff276ffd9c3", "7acf142aa1f91433902c6e14310d59fa67d3b1db657afac1f9a62af98c5b1b7d", "a2c64580e6e0d82a2249ad09667d09ca31edebe6b8f228377f7f6bb48b728737", "cf2c7e54001a98a71e0b478ab423bcb8dbe3b6eec685ec231af17f34d185a8ea", "caee503e803c565fe0525f0b88c79bccde6520cb4ee2f4cfb1ba6b58f426762a", "14650abd1bc508c04a1e336bb90fe3c79561c72babcc700da5f256f18f6a6823", "b0de96ea181d9c49d72660b7d6b824c1f28ca3cddeb6b525fd281ecfd3950442", "aaa425c7836465068597d9124769da735f0505b4d394d219970dd3d8366a066a", "07f42e9fbd8d371cd8c876635578b4ca2d998c43653faff79b5196835118f3e0", "af8588b958f39fb1bec1a1cb80960e31fcdc6915cf573541c2a7106b9298be33", "29cffc1cf83b0202634a97c088534f93d641c033a23651aee3e0d0341e499dfd", "5854538f45fb07597f4a98f0b4b78f4a994b3caec3d087e505f32132a9acc6f0", "eaea48b0b40baf3cb2e5aa27391faa6bbaffce7b05a3cfa80d43a527b358400c", "958e05988c19bba356b39e440850d1989d000bb07ba75524c314d3c6e3ca83f9", "dceb4870ebc9831e07fb662d9567a5ab3f7e3c1d0790b53cfe435ac37a44442c"], "mitre_attack_tags": ["TA0007", "T1046"]}, {"bi": "process-injection-using-atom", "hashes": ["8d5bb3108d9fec1da62eb55f6f5be21d7958b03a44afc31c1c55275c42216912", "043c3ac07aed1995f1ff8bca35e470893ad9b04c1d2cb5cab908a197e282b6dc", "02616ff4abd1f0e2344de17212bfdb187601330e02dc5cb0a9390ee636365b65", "42cb05cdb7e2c931d7d86a55837ee6ca3eca52a99bf0c6b322605fbddbacdd12", "3ef957f17fad746719bf49a9242d25832b5a6fcd05267d800c3d1cc7d238fb19", "a5b666e0cce3020b15fd9d77db2ed0c955cccfade4df315d4ee0d357873350dd", "85629695382446ef6ec2b7874207429b737680149de0dfffcfc15242614f6086", "446f406d50ae3ec101f6a3b6fd942a11428dfb5456204bc96753effdb245d710", "5d9669ab405280ce153ad46fe14ee96825607a84718561eeb5869dad0ec7b6cb", "cc27e36940584e63510a03083434448f33bed6cc8c94b67310f1b980a6b6a776", "308f9e5583646a897d372a146c45ea358c29f9e4857c688f23da9ec66ec1f68f", "7452e7d560a570f841a2b064dcac9a1e2dda86497a7927c3746a3308daf596db", "af38cd40b8caf9ca19f0174baab3f10bd20c6531b68e03c03909213d4dbc532a", "18b655de153caf6def91628b68606333c91efad5f5827b3ec32bfceff662a36e", "ba0d4092f198ef4a8fb17617550e7ed6c875c81aaed9e8194b2d1db557632bf2", "a6a6e37f27efdbf46b542261c66343ae86b560caf0d9cd55333f0ff276ffd9c3", "7acf142aa1f91433902c6e14310d59fa67d3b1db657afac1f9a62af98c5b1b7d", "a2c64580e6e0d82a2249ad09667d09ca31edebe6b8f228377f7f6bb48b728737", "cf2c7e54001a98a71e0b478ab423bcb8dbe3b6eec685ec231af17f34d185a8ea", "caee503e803c565fe0525f0b88c79bccde6520cb4ee2f4cfb1ba6b58f426762a", "14650abd1bc508c04a1e336bb90fe3c79561c72babcc700da5f256f18f6a6823", "b0de96ea181d9c49d72660b7d6b824c1f28ca3cddeb6b525fd281ecfd3950442", "aaa425c7836465068597d9124769da735f0505b4d394d219970dd3d8366a066a", "07f42e9fbd8d371cd8c876635578b4ca2d998c43653faff79b5196835118f3e0", "af8588b958f39fb1bec1a1cb80960e31fcdc6915cf573541c2a7106b9298be33", "29cffc1cf83b0202634a97c088534f93d641c033a23651aee3e0d0341e499dfd", "5854538f45fb07597f4a98f0b4b78f4a994b3caec3d087e505f32132a9acc6f0", "eaea48b0b40baf3cb2e5aa27391faa6bbaffce7b05a3cfa80d43a527b358400c", "958e05988c19bba356b39e440850d1989d000bb07ba75524c314d3c6e3ca83f9", "dceb4870ebc9831e07fb662d9567a5ab3f7e3c1d0790b53cfe435ac37a44442c"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "windows-util-whoami", "hashes": ["8d5bb3108d9fec1da62eb55f6f5be21d7958b03a44afc31c1c55275c42216912", "043c3ac07aed1995f1ff8bca35e470893ad9b04c1d2cb5cab908a197e282b6dc", "02616ff4abd1f0e2344de17212bfdb187601330e02dc5cb0a9390ee636365b65", "42cb05cdb7e2c931d7d86a55837ee6ca3eca52a99bf0c6b322605fbddbacdd12", "3ef957f17fad746719bf49a9242d25832b5a6fcd05267d800c3d1cc7d238fb19", "a5b666e0cce3020b15fd9d77db2ed0c955cccfade4df315d4ee0d357873350dd", "85629695382446ef6ec2b7874207429b737680149de0dfffcfc15242614f6086", "446f406d50ae3ec101f6a3b6fd942a11428dfb5456204bc96753effdb245d710", "5d9669ab405280ce153ad46fe14ee96825607a84718561eeb5869dad0ec7b6cb", "cc27e36940584e63510a03083434448f33bed6cc8c94b67310f1b980a6b6a776", "308f9e5583646a897d372a146c45ea358c29f9e4857c688f23da9ec66ec1f68f", "7452e7d560a570f841a2b064dcac9a1e2dda86497a7927c3746a3308daf596db", "af38cd40b8caf9ca19f0174baab3f10bd20c6531b68e03c03909213d4dbc532a", "18b655de153caf6def91628b68606333c91efad5f5827b3ec32bfceff662a36e", "ba0d4092f198ef4a8fb17617550e7ed6c875c81aaed9e8194b2d1db557632bf2", "a6a6e37f27efdbf46b542261c66343ae86b560caf0d9cd55333f0ff276ffd9c3", "7acf142aa1f91433902c6e14310d59fa67d3b1db657afac1f9a62af98c5b1b7d", "a2c64580e6e0d82a2249ad09667d09ca31edebe6b8f228377f7f6bb48b728737", "cf2c7e54001a98a71e0b478ab423bcb8dbe3b6eec685ec231af17f34d185a8ea", "caee503e803c565fe0525f0b88c79bccde6520cb4ee2f4cfb1ba6b58f426762a", "14650abd1bc508c04a1e336bb90fe3c79561c72babcc700da5f256f18f6a6823", "b0de96ea181d9c49d72660b7d6b824c1f28ca3cddeb6b525fd281ecfd3950442", "aaa425c7836465068597d9124769da735f0505b4d394d219970dd3d8366a066a", "07f42e9fbd8d371cd8c876635578b4ca2d998c43653faff79b5196835118f3e0", "af8588b958f39fb1bec1a1cb80960e31fcdc6915cf573541c2a7106b9298be33", "29cffc1cf83b0202634a97c088534f93d641c033a23651aee3e0d0341e499dfd", "5854538f45fb07597f4a98f0b4b78f4a994b3caec3d087e505f32132a9acc6f0", "eaea48b0b40baf3cb2e5aa27391faa6bbaffce7b05a3cfa80d43a527b358400c", "958e05988c19bba356b39e440850d1989d000bb07ba75524c314d3c6e3ca83f9", "dceb4870ebc9831e07fb662d9567a5ab3f7e3c1d0790b53cfe435ac37a44442c"], "mitre_attack_tags": ["TA0007", "T1082"]}, {"bi": "malware-dridex-loader-detected", "hashes": ["8d5bb3108d9fec1da62eb55f6f5be21d7958b03a44afc31c1c55275c42216912", "043c3ac07aed1995f1ff8bca35e470893ad9b04c1d2cb5cab908a197e282b6dc", "02616ff4abd1f0e2344de17212bfdb187601330e02dc5cb0a9390ee636365b65", "42cb05cdb7e2c931d7d86a55837ee6ca3eca52a99bf0c6b322605fbddbacdd12", "3ef957f17fad746719bf49a9242d25832b5a6fcd05267d800c3d1cc7d238fb19", "a5b666e0cce3020b15fd9d77db2ed0c955cccfade4df315d4ee0d357873350dd", "85629695382446ef6ec2b7874207429b737680149de0dfffcfc15242614f6086", "446f406d50ae3ec101f6a3b6fd942a11428dfb5456204bc96753effdb245d710", "5d9669ab405280ce153ad46fe14ee96825607a84718561eeb5869dad0ec7b6cb", "cc27e36940584e63510a03083434448f33bed6cc8c94b67310f1b980a6b6a776", "308f9e5583646a897d372a146c45ea358c29f9e4857c688f23da9ec66ec1f68f", "7452e7d560a570f841a2b064dcac9a1e2dda86497a7927c3746a3308daf596db", "af38cd40b8caf9ca19f0174baab3f10bd20c6531b68e03c03909213d4dbc532a", "18b655de153caf6def91628b68606333c91efad5f5827b3ec32bfceff662a36e", "ba0d4092f198ef4a8fb17617550e7ed6c875c81aaed9e8194b2d1db557632bf2", "a6a6e37f27efdbf46b542261c66343ae86b560caf0d9cd55333f0ff276ffd9c3", "7acf142aa1f91433902c6e14310d59fa67d3b1db657afac1f9a62af98c5b1b7d", "a2c64580e6e0d82a2249ad09667d09ca31edebe6b8f228377f7f6bb48b728737", "cf2c7e54001a98a71e0b478ab423bcb8dbe3b6eec685ec231af17f34d185a8ea", "caee503e803c565fe0525f0b88c79bccde6520cb4ee2f4cfb1ba6b58f426762a", "14650abd1bc508c04a1e336bb90fe3c79561c72babcc700da5f256f18f6a6823", "b0de96ea181d9c49d72660b7d6b824c1f28ca3cddeb6b525fd281ecfd3950442", "aaa425c7836465068597d9124769da735f0505b4d394d219970dd3d8366a066a", "07f42e9fbd8d371cd8c876635578b4ca2d998c43653faff79b5196835118f3e0", "af8588b958f39fb1bec1a1cb80960e31fcdc6915cf573541c2a7106b9298be33", "29cffc1cf83b0202634a97c088534f93d641c033a23651aee3e0d0341e499dfd", "5854538f45fb07597f4a98f0b4b78f4a994b3caec3d087e505f32132a9acc6f0", "eaea48b0b40baf3cb2e5aa27391faa6bbaffce7b05a3cfa80d43a527b358400c", "958e05988c19bba356b39e440850d1989d000bb07ba75524c314d3c6e3ca83f9", "dceb4870ebc9831e07fb662d9567a5ab3f7e3c1d0790b53cfe435ac37a44442c"], "mitre_attack_tags": []}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["8d5bb3108d9fec1da62eb55f6f5be21d7958b03a44afc31c1c55275c42216912", "043c3ac07aed1995f1ff8bca35e470893ad9b04c1d2cb5cab908a197e282b6dc", "02616ff4abd1f0e2344de17212bfdb187601330e02dc5cb0a9390ee636365b65", "42cb05cdb7e2c931d7d86a55837ee6ca3eca52a99bf0c6b322605fbddbacdd12", "3ef957f17fad746719bf49a9242d25832b5a6fcd05267d800c3d1cc7d238fb19", "a5b666e0cce3020b15fd9d77db2ed0c955cccfade4df315d4ee0d357873350dd", "446f406d50ae3ec101f6a3b6fd942a11428dfb5456204bc96753effdb245d710", "5d9669ab405280ce153ad46fe14ee96825607a84718561eeb5869dad0ec7b6cb", "cc27e36940584e63510a03083434448f33bed6cc8c94b67310f1b980a6b6a776", "308f9e5583646a897d372a146c45ea358c29f9e4857c688f23da9ec66ec1f68f", "7452e7d560a570f841a2b064dcac9a1e2dda86497a7927c3746a3308daf596db", "af38cd40b8caf9ca19f0174baab3f10bd20c6531b68e03c03909213d4dbc532a", "18b655de153caf6def91628b68606333c91efad5f5827b3ec32bfceff662a36e", "ba0d4092f198ef4a8fb17617550e7ed6c875c81aaed9e8194b2d1db557632bf2", "a6a6e37f27efdbf46b542261c66343ae86b560caf0d9cd55333f0ff276ffd9c3", "7acf142aa1f91433902c6e14310d59fa67d3b1db657afac1f9a62af98c5b1b7d", "a2c64580e6e0d82a2249ad09667d09ca31edebe6b8f228377f7f6bb48b728737", "cf2c7e54001a98a71e0b478ab423bcb8dbe3b6eec685ec231af17f34d185a8ea", "caee503e803c565fe0525f0b88c79bccde6520cb4ee2f4cfb1ba6b58f426762a", "14650abd1bc508c04a1e336bb90fe3c79561c72babcc700da5f256f18f6a6823", "b0de96ea181d9c49d72660b7d6b824c1f28ca3cddeb6b525fd281ecfd3950442", "aaa425c7836465068597d9124769da735f0505b4d394d219970dd3d8366a066a", "07f42e9fbd8d371cd8c876635578b4ca2d998c43653faff79b5196835118f3e0", "af8588b958f39fb1bec1a1cb80960e31fcdc6915cf573541c2a7106b9298be33", "29cffc1cf83b0202634a97c088534f93d641c033a23651aee3e0d0341e499dfd", "5854538f45fb07597f4a98f0b4b78f4a994b3caec3d087e505f32132a9acc6f0", "eaea48b0b40baf3cb2e5aa27391faa6bbaffce7b05a3cfa80d43a527b358400c", "dceb4870ebc9831e07fb662d9567a5ab3f7e3c1d0790b53cfe435ac37a44442c"], "mitre_attack_tags": []}], "category": "Packed", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": false, "Threat Grid": true, "Umbrella": false, "WSA": false}, "description": "Dridex is a well-known banking trojan that aims to steal credentials and other sensitive information from an infected machine.", "hashes": ["02616ff4abd1f0e2344de17212bfdb187601330e02dc5cb0a9390ee636365b65", "043c3ac07aed1995f1ff8bca35e470893ad9b04c1d2cb5cab908a197e282b6dc", "07f42e9fbd8d371cd8c876635578b4ca2d998c43653faff79b5196835118f3e0", "14650abd1bc508c04a1e336bb90fe3c79561c72babcc700da5f256f18f6a6823", "18b655de153caf6def91628b68606333c91efad5f5827b3ec32bfceff662a36e", "29cffc1cf83b0202634a97c088534f93d641c033a23651aee3e0d0341e499dfd", "308f9e5583646a897d372a146c45ea358c29f9e4857c688f23da9ec66ec1f68f", "3ef957f17fad746719bf49a9242d25832b5a6fcd05267d800c3d1cc7d238fb19", "42cb05cdb7e2c931d7d86a55837ee6ca3eca52a99bf0c6b322605fbddbacdd12", "446f406d50ae3ec101f6a3b6fd942a11428dfb5456204bc96753effdb245d710", "5854538f45fb07597f4a98f0b4b78f4a994b3caec3d087e505f32132a9acc6f0", "5d9669ab405280ce153ad46fe14ee96825607a84718561eeb5869dad0ec7b6cb", "7452e7d560a570f841a2b064dcac9a1e2dda86497a7927c3746a3308daf596db", "7acf142aa1f91433902c6e14310d59fa67d3b1db657afac1f9a62af98c5b1b7d", "85629695382446ef6ec2b7874207429b737680149de0dfffcfc15242614f6086", "8d5bb3108d9fec1da62eb55f6f5be21d7958b03a44afc31c1c55275c42216912", "958e05988c19bba356b39e440850d1989d000bb07ba75524c314d3c6e3ca83f9", "a2c64580e6e0d82a2249ad09667d09ca31edebe6b8f228377f7f6bb48b728737", "a5b666e0cce3020b15fd9d77db2ed0c955cccfade4df315d4ee0d357873350dd", "a6a6e37f27efdbf46b542261c66343ae86b560caf0d9cd55333f0ff276ffd9c3", "aaa425c7836465068597d9124769da735f0505b4d394d219970dd3d8366a066a", "af38cd40b8caf9ca19f0174baab3f10bd20c6531b68e03c03909213d4dbc532a", "af8588b958f39fb1bec1a1cb80960e31fcdc6915cf573541c2a7106b9298be33", "b0de96ea181d9c49d72660b7d6b824c1f28ca3cddeb6b525fd281ecfd3950442", "ba0d4092f198ef4a8fb17617550e7ed6c875c81aaed9e8194b2d1db557632bf2", "caee503e803c565fe0525f0b88c79bccde6520cb4ee2f4cfb1ba6b58f426762a", "cc27e36940584e63510a03083434448f33bed6cc8c94b67310f1b980a6b6a776", "cf2c7e54001a98a71e0b478ab423bcb8dbe3b6eec685ec231af17f34d185a8ea", "d6219899aef1cb6f1e77c86360d7ac78f5bd819f57896b9f3202bb6141b3e068", "dceb4870ebc9831e07fb662d9567a5ab3f7e3c1d0790b53cfe435ac37a44442c", "e34ee24c731649b85f68c42a617bb9232404783339dcd68352b499286b8a6848", "eaea48b0b40baf3cb2e5aa27391faa6bbaffce7b05a3cfa80d43a527b358400c", "f45474d1276095c8e0916f1d6d2dc0969061a0e7ee7723b3071c2a89fea2f4a3"], "iocs": {"domain": [{"hashes": ["02616ff4abd1f0e2344de17212bfdb187601330e02dc5cb0a9390ee636365b65", "043c3ac07aed1995f1ff8bca35e470893ad9b04c1d2cb5cab908a197e282b6dc", "07f42e9fbd8d371cd8c876635578b4ca2d998c43653faff79b5196835118f3e0", "14650abd1bc508c04a1e336bb90fe3c79561c72babcc700da5f256f18f6a6823", "18b655de153caf6def91628b68606333c91efad5f5827b3ec32bfceff662a36e", "29cffc1cf83b0202634a97c088534f93d641c033a23651aee3e0d0341e499dfd", "308f9e5583646a897d372a146c45ea358c29f9e4857c688f23da9ec66ec1f68f", "3ef957f17fad746719bf49a9242d25832b5a6fcd05267d800c3d1cc7d238fb19", "42cb05cdb7e2c931d7d86a55837ee6ca3eca52a99bf0c6b322605fbddbacdd12", "446f406d50ae3ec101f6a3b6fd942a11428dfb5456204bc96753effdb245d710", "5854538f45fb07597f4a98f0b4b78f4a994b3caec3d087e505f32132a9acc6f0", "5d9669ab405280ce153ad46fe14ee96825607a84718561eeb5869dad0ec7b6cb", "7452e7d560a570f841a2b064dcac9a1e2dda86497a7927c3746a3308daf596db", "7acf142aa1f91433902c6e14310d59fa67d3b1db657afac1f9a62af98c5b1b7d", "85629695382446ef6ec2b7874207429b737680149de0dfffcfc15242614f6086", "8d5bb3108d9fec1da62eb55f6f5be21d7958b03a44afc31c1c55275c42216912", "958e05988c19bba356b39e440850d1989d000bb07ba75524c314d3c6e3ca83f9", "a2c64580e6e0d82a2249ad09667d09ca31edebe6b8f228377f7f6bb48b728737", "a5b666e0cce3020b15fd9d77db2ed0c955cccfade4df315d4ee0d357873350dd", "a6a6e37f27efdbf46b542261c66343ae86b560caf0d9cd55333f0ff276ffd9c3", "aaa425c7836465068597d9124769da735f0505b4d394d219970dd3d8366a066a", "af38cd40b8caf9ca19f0174baab3f10bd20c6531b68e03c03909213d4dbc532a", "af8588b958f39fb1bec1a1cb80960e31fcdc6915cf573541c2a7106b9298be33", "b0de96ea181d9c49d72660b7d6b824c1f28ca3cddeb6b525fd281ecfd3950442", "ba0d4092f198ef4a8fb17617550e7ed6c875c81aaed9e8194b2d1db557632bf2", "caee503e803c565fe0525f0b88c79bccde6520cb4ee2f4cfb1ba6b58f426762a", "cc27e36940584e63510a03083434448f33bed6cc8c94b67310f1b980a6b6a776", "cf2c7e54001a98a71e0b478ab423bcb8dbe3b6eec685ec231af17f34d185a8ea", "dceb4870ebc9831e07fb662d9567a5ab3f7e3c1d0790b53cfe435ac37a44442c", "eaea48b0b40baf3cb2e5aa27391faa6bbaffce7b05a3cfa80d43a527b358400c"], "host": "1[.]1[.]168[.]192[.]in-addr[.]arpa"}, {"hashes": ["02616ff4abd1f0e2344de17212bfdb187601330e02dc5cb0a9390ee636365b65", "043c3ac07aed1995f1ff8bca35e470893ad9b04c1d2cb5cab908a197e282b6dc", "07f42e9fbd8d371cd8c876635578b4ca2d998c43653faff79b5196835118f3e0", "14650abd1bc508c04a1e336bb90fe3c79561c72babcc700da5f256f18f6a6823", "18b655de153caf6def91628b68606333c91efad5f5827b3ec32bfceff662a36e", "29cffc1cf83b0202634a97c088534f93d641c033a23651aee3e0d0341e499dfd", "308f9e5583646a897d372a146c45ea358c29f9e4857c688f23da9ec66ec1f68f", "3ef957f17fad746719bf49a9242d25832b5a6fcd05267d800c3d1cc7d238fb19", "42cb05cdb7e2c931d7d86a55837ee6ca3eca52a99bf0c6b322605fbddbacdd12", "446f406d50ae3ec101f6a3b6fd942a11428dfb5456204bc96753effdb245d710", "5854538f45fb07597f4a98f0b4b78f4a994b3caec3d087e505f32132a9acc6f0", "5d9669ab405280ce153ad46fe14ee96825607a84718561eeb5869dad0ec7b6cb", "7452e7d560a570f841a2b064dcac9a1e2dda86497a7927c3746a3308daf596db", "7acf142aa1f91433902c6e14310d59fa67d3b1db657afac1f9a62af98c5b1b7d", "85629695382446ef6ec2b7874207429b737680149de0dfffcfc15242614f6086", "8d5bb3108d9fec1da62eb55f6f5be21d7958b03a44afc31c1c55275c42216912", "958e05988c19bba356b39e440850d1989d000bb07ba75524c314d3c6e3ca83f9", "a2c64580e6e0d82a2249ad09667d09ca31edebe6b8f228377f7f6bb48b728737", "a5b666e0cce3020b15fd9d77db2ed0c955cccfade4df315d4ee0d357873350dd", "a6a6e37f27efdbf46b542261c66343ae86b560caf0d9cd55333f0ff276ffd9c3", "aaa425c7836465068597d9124769da735f0505b4d394d219970dd3d8366a066a", "af38cd40b8caf9ca19f0174baab3f10bd20c6531b68e03c03909213d4dbc532a", "af8588b958f39fb1bec1a1cb80960e31fcdc6915cf573541c2a7106b9298be33", "b0de96ea181d9c49d72660b7d6b824c1f28ca3cddeb6b525fd281ecfd3950442", "ba0d4092f198ef4a8fb17617550e7ed6c875c81aaed9e8194b2d1db557632bf2", "caee503e803c565fe0525f0b88c79bccde6520cb4ee2f4cfb1ba6b58f426762a", "cc27e36940584e63510a03083434448f33bed6cc8c94b67310f1b980a6b6a776", "cf2c7e54001a98a71e0b478ab423bcb8dbe3b6eec685ec231af17f34d185a8ea", "dceb4870ebc9831e07fb662d9567a5ab3f7e3c1d0790b53cfe435ac37a44442c", "eaea48b0b40baf3cb2e5aa27391faa6bbaffce7b05a3cfa80d43a527b358400c"], "host": "localhost"}], "file": [{"hashes": ["02616ff4abd1f0e2344de17212bfdb187601330e02dc5cb0a9390ee636365b65", "043c3ac07aed1995f1ff8bca35e470893ad9b04c1d2cb5cab908a197e282b6dc", "14650abd1bc508c04a1e336bb90fe3c79561c72babcc700da5f256f18f6a6823", "18b655de153caf6def91628b68606333c91efad5f5827b3ec32bfceff662a36e", "29cffc1cf83b0202634a97c088534f93d641c033a23651aee3e0d0341e499dfd", "308f9e5583646a897d372a146c45ea358c29f9e4857c688f23da9ec66ec1f68f", "3ef957f17fad746719bf49a9242d25832b5a6fcd05267d800c3d1cc7d238fb19", "42cb05cdb7e2c931d7d86a55837ee6ca3eca52a99bf0c6b322605fbddbacdd12", "446f406d50ae3ec101f6a3b6fd942a11428dfb5456204bc96753effdb245d710", "5d9669ab405280ce153ad46fe14ee96825607a84718561eeb5869dad0ec7b6cb", "7452e7d560a570f841a2b064dcac9a1e2dda86497a7927c3746a3308daf596db", "7acf142aa1f91433902c6e14310d59fa67d3b1db657afac1f9a62af98c5b1b7d", "85629695382446ef6ec2b7874207429b737680149de0dfffcfc15242614f6086", "8d5bb3108d9fec1da62eb55f6f5be21d7958b03a44afc31c1c55275c42216912", "958e05988c19bba356b39e440850d1989d000bb07ba75524c314d3c6e3ca83f9", "a2c64580e6e0d82a2249ad09667d09ca31edebe6b8f228377f7f6bb48b728737", "a5b666e0cce3020b15fd9d77db2ed0c955cccfade4df315d4ee0d357873350dd", "a6a6e37f27efdbf46b542261c66343ae86b560caf0d9cd55333f0ff276ffd9c3", "aaa425c7836465068597d9124769da735f0505b4d394d219970dd3d8366a066a", "af38cd40b8caf9ca19f0174baab3f10bd20c6531b68e03c03909213d4dbc532a", "af8588b958f39fb1bec1a1cb80960e31fcdc6915cf573541c2a7106b9298be33", "b0de96ea181d9c49d72660b7d6b824c1f28ca3cddeb6b525fd281ecfd3950442", "ba0d4092f198ef4a8fb17617550e7ed6c875c81aaed9e8194b2d1db557632bf2", "caee503e803c565fe0525f0b88c79bccde6520cb4ee2f4cfb1ba6b58f426762a", "cc27e36940584e63510a03083434448f33bed6cc8c94b67310f1b980a6b6a776", "dceb4870ebc9831e07fb662d9567a5ab3f7e3c1d0790b53cfe435ac37a44442c", "eaea48b0b40baf3cb2e5aa27391faa6bbaffce7b05a3cfa80d43a527b358400c"], "path": "%TEMP%\\<random, matching '[a-z]{3}[A-F0-9]{3,4}'>.tmp"}, {"hashes": ["07f42e9fbd8d371cd8c876635578b4ca2d998c43653faff79b5196835118f3e0"], "path": "%TEMP%\\WC33D.tmp"}, {"hashes": ["07f42e9fbd8d371cd8c876635578b4ca2d998c43653faff79b5196835118f3e0"], "path": "%TEMP%\\wCABF.tmp"}, {"hashes": ["5d9669ab405280ce153ad46fe14ee96825607a84718561eeb5869dad0ec7b6cb"], "path": "%TEMP%\\5oEC311.tmp"}, {"hashes": ["af38cd40b8caf9ca19f0174baab3f10bd20c6531b68e03c03909213d4dbc532a"], "path": "%TEMP%\\2C5FB.tmp"}, {"hashes": ["02616ff4abd1f0e2344de17212bfdb187601330e02dc5cb0a9390ee636365b65"], "path": "%TEMP%\\oCDEB.tmp"}, {"hashes": ["af38cd40b8caf9ca19f0174baab3f10bd20c6531b68e03c03909213d4dbc532a"], "path": "%TEMP%\\8CB0C.tmp"}, {"hashes": ["29cffc1cf83b0202634a97c088534f93d641c033a23651aee3e0d0341e499dfd"], "path": "%TEMP%\\0CD1A2.tmp"}, {"hashes": ["29cffc1cf83b0202634a97c088534f93d641c033a23651aee3e0d0341e499dfd"], "path": "%TEMP%\\NC5DB.tmp"}, {"hashes": ["af38cd40b8caf9ca19f0174baab3f10bd20c6531b68e03c03909213d4dbc532a"], "path": "%TEMP%\\CCF90.tmp"}, {"hashes": ["5d9669ab405280ce153ad46fe14ee96825607a84718561eeb5869dad0ec7b6cb"], "path": "%TEMP%\\kC6D9.tmp"}, {"hashes": ["308f9e5583646a897d372a146c45ea358c29f9e4857c688f23da9ec66ec1f68f"], "path": "%TEMP%\\oC446.tmp"}, {"hashes": ["af8588b958f39fb1bec1a1cb80960e31fcdc6915cf573541c2a7106b9298be33"], "path": "%TEMP%\\ECA3F.tmp"}, {"hashes": ["5854538f45fb07597f4a98f0b4b78f4a994b3caec3d087e505f32132a9acc6f0"], "path": "%TEMP%\\6D29B.tmp"}, {"hashes": ["85629695382446ef6ec2b7874207429b737680149de0dfffcfc15242614f6086"], "path": "%TEMP%\\DC9C2.tmp"}, {"hashes": ["b0de96ea181d9c49d72660b7d6b824c1f28ca3cddeb6b525fd281ecfd3950442"], "path": "%TEMP%\\6DWC88A.tmp"}, {"hashes": ["85629695382446ef6ec2b7874207429b737680149de0dfffcfc15242614f6086"], "path": "%TEMP%\\Hy6D0B7.tmp"}, {"hashes": ["5854538f45fb07597f4a98f0b4b78f4a994b3caec3d087e505f32132a9acc6f0"], "path": "%TEMP%\\9Q8CCAF.tmp"}, {"hashes": ["b0de96ea181d9c49d72660b7d6b824c1f28ca3cddeb6b525fd281ecfd3950442"], "path": "%TEMP%\\OD1B2.tmp"}, {"hashes": ["b0de96ea181d9c49d72660b7d6b824c1f28ca3cddeb6b525fd281ecfd3950442"], "path": "%TEMP%\\WCDCA.tmp"}, {"hashes": ["5854538f45fb07597f4a98f0b4b78f4a994b3caec3d087e505f32132a9acc6f0"], "path": "%TEMP%\\R9D6FF.tmp"}, {"hashes": ["ba0d4092f198ef4a8fb17617550e7ed6c875c81aaed9e8194b2d1db557632bf2"], "path": "%TEMP%\\B1C07F.tmp"}, {"hashes": ["3ef957f17fad746719bf49a9242d25832b5a6fcd05267d800c3d1cc7d238fb19"], "path": "%TEMP%\\DC40A.tmp"}, {"hashes": ["8d5bb3108d9fec1da62eb55f6f5be21d7958b03a44afc31c1c55275c42216912"], "path": "%TEMP%\\ZC224.tmp"}, {"hashes": ["a2c64580e6e0d82a2249ad09667d09ca31edebe6b8f228377f7f6bb48b728737"], "path": "%TEMP%\\5KWC84B.tmp"}, {"hashes": ["a2c64580e6e0d82a2249ad09667d09ca31edebe6b8f228377f7f6bb48b728737"], "path": "%TEMP%\\DM9CFCE.tmp"}, {"hashes": ["446f406d50ae3ec101f6a3b6fd942a11428dfb5456204bc96753effdb245d710"], "path": "%TEMP%\\2CD0F.tmp"}, {"hashes": ["a2c64580e6e0d82a2249ad09667d09ca31edebe6b8f228377f7f6bb48b728737"], "path": "%TEMP%\\p6CCC1.tmp"}, {"hashes": ["446f406d50ae3ec101f6a3b6fd942a11428dfb5456204bc96753effdb245d710"], "path": "%TEMP%\\ZC8E7.tmp"}, {"hashes": ["a6a6e37f27efdbf46b542261c66343ae86b560caf0d9cd55333f0ff276ffd9c3"], "path": "%TEMP%\\40CA51.tmp"}, {"hashes": ["a6a6e37f27efdbf46b542261c66343ae86b560caf0d9cd55333f0ff276ffd9c3"], "path": "%TEMP%\\Q4CE58.tmp"}, {"hashes": ["a6a6e37f27efdbf46b542261c66343ae86b560caf0d9cd55333f0ff276ffd9c3"], "path": "%TEMP%\\e7C4B3.tmp"}, {"hashes": ["a5b666e0cce3020b15fd9d77db2ed0c955cccfade4df315d4ee0d357873350dd"], "path": "%TEMP%\\1gD856.tmp"}, {"hashes": ["7acf142aa1f91433902c6e14310d59fa67d3b1db657afac1f9a62af98c5b1b7d"], "path": "%TEMP%\\13D421.tmp"}, {"hashes": ["7acf142aa1f91433902c6e14310d59fa67d3b1db657afac1f9a62af98c5b1b7d"], "path": "%TEMP%\\2rD895.tmp"}, {"hashes": ["7acf142aa1f91433902c6e14310d59fa67d3b1db657afac1f9a62af98c5b1b7d"], "path": "%TEMP%\\R8GCD99.tmp"}, {"hashes": ["7452e7d560a570f841a2b064dcac9a1e2dda86497a7927c3746a3308daf596db"], "path": "%TEMP%\\FD49B.tmp"}, {"hashes": ["7452e7d560a570f841a2b064dcac9a1e2dda86497a7927c3746a3308daf596db"], "path": "%TEMP%\\a41DAC5.tmp"}, {"hashes": ["043c3ac07aed1995f1ff8bca35e470893ad9b04c1d2cb5cab908a197e282b6dc"], "path": "%TEMP%\\WCE96.tmp"}, {"hashes": ["cc27e36940584e63510a03083434448f33bed6cc8c94b67310f1b980a6b6a776"], "path": "%TEMP%\\2D329.tmp"}, {"hashes": ["dceb4870ebc9831e07fb662d9567a5ab3f7e3c1d0790b53cfe435ac37a44442c"], "path": "%TEMP%\\2CD377.tmp"}, {"hashes": ["dceb4870ebc9831e07fb662d9567a5ab3f7e3c1d0790b53cfe435ac37a44442c"], "path": "%TEMP%\\MD7FC.tmp"}, {"hashes": ["cc27e36940584e63510a03083434448f33bed6cc8c94b67310f1b980a6b6a776"], "path": "%TEMP%\\UDC70.tmp"}, {"hashes": ["cf2c7e54001a98a71e0b478ab423bcb8dbe3b6eec685ec231af17f34d185a8ea"], "path": "%TEMP%\\aC87F.tmp"}, {"hashes": ["cf2c7e54001a98a71e0b478ab423bcb8dbe3b6eec685ec231af17f34d185a8ea"], "path": "%TEMP%\\bD1D5.tmp"}, {"hashes": ["cf2c7e54001a98a71e0b478ab423bcb8dbe3b6eec685ec231af17f34d185a8ea"], "path": "%TEMP%\\iCE1D.tmp"}, {"hashes": ["caee503e803c565fe0525f0b88c79bccde6520cb4ee2f4cfb1ba6b58f426762a"], "path": "%TEMP%\\Zw9D6F4.tmp"}, {"hashes": ["caee503e803c565fe0525f0b88c79bccde6520cb4ee2f4cfb1ba6b58f426762a"], "path": "%TEMP%\\z8ID251.tmp"}, {"hashes": ["eaea48b0b40baf3cb2e5aa27391faa6bbaffce7b05a3cfa80d43a527b358400c"], "path": "%TEMP%\\2CCE39.tmp"}, {"hashes": ["eaea48b0b40baf3cb2e5aa27391faa6bbaffce7b05a3cfa80d43a527b358400c"], "path": "%TEMP%\\q9aD2BE.tmp"}], "ip": [{"hashes": ["02616ff4abd1f0e2344de17212bfdb187601330e02dc5cb0a9390ee636365b65", "043c3ac07aed1995f1ff8bca35e470893ad9b04c1d2cb5cab908a197e282b6dc", "07f42e9fbd8d371cd8c876635578b4ca2d998c43653faff79b5196835118f3e0", "14650abd1bc508c04a1e336bb90fe3c79561c72babcc700da5f256f18f6a6823", "18b655de153caf6def91628b68606333c91efad5f5827b3ec32bfceff662a36e", "29cffc1cf83b0202634a97c088534f93d641c033a23651aee3e0d0341e499dfd", "308f9e5583646a897d372a146c45ea358c29f9e4857c688f23da9ec66ec1f68f", "3ef957f17fad746719bf49a9242d25832b5a6fcd05267d800c3d1cc7d238fb19", "42cb05cdb7e2c931d7d86a55837ee6ca3eca52a99bf0c6b322605fbddbacdd12", "446f406d50ae3ec101f6a3b6fd942a11428dfb5456204bc96753effdb245d710", "5854538f45fb07597f4a98f0b4b78f4a994b3caec3d087e505f32132a9acc6f0", "5d9669ab405280ce153ad46fe14ee96825607a84718561eeb5869dad0ec7b6cb", "7452e7d560a570f841a2b064dcac9a1e2dda86497a7927c3746a3308daf596db", "7acf142aa1f91433902c6e14310d59fa67d3b1db657afac1f9a62af98c5b1b7d", "85629695382446ef6ec2b7874207429b737680149de0dfffcfc15242614f6086", "8d5bb3108d9fec1da62eb55f6f5be21d7958b03a44afc31c1c55275c42216912", "958e05988c19bba356b39e440850d1989d000bb07ba75524c314d3c6e3ca83f9", "a2c64580e6e0d82a2249ad09667d09ca31edebe6b8f228377f7f6bb48b728737", "a5b666e0cce3020b15fd9d77db2ed0c955cccfade4df315d4ee0d357873350dd", "a6a6e37f27efdbf46b542261c66343ae86b560caf0d9cd55333f0ff276ffd9c3", "aaa425c7836465068597d9124769da735f0505b4d394d219970dd3d8366a066a", "af38cd40b8caf9ca19f0174baab3f10bd20c6531b68e03c03909213d4dbc532a", "af8588b958f39fb1bec1a1cb80960e31fcdc6915cf573541c2a7106b9298be33", "b0de96ea181d9c49d72660b7d6b824c1f28ca3cddeb6b525fd281ecfd3950442", "ba0d4092f198ef4a8fb17617550e7ed6c875c81aaed9e8194b2d1db557632bf2", "caee503e803c565fe0525f0b88c79bccde6520cb4ee2f4cfb1ba6b58f426762a", "cc27e36940584e63510a03083434448f33bed6cc8c94b67310f1b980a6b6a776", "cf2c7e54001a98a71e0b478ab423bcb8dbe3b6eec685ec231af17f34d185a8ea", "dceb4870ebc9831e07fb662d9567a5ab3f7e3c1d0790b53cfe435ac37a44442c", "eaea48b0b40baf3cb2e5aa27391faa6bbaffce7b05a3cfa80d43a527b358400c"], "ip": "64[.]87[.]26[.]16"}], "mutex": [{"hashes": ["02616ff4abd1f0e2344de17212bfdb187601330e02dc5cb0a9390ee636365b65", "043c3ac07aed1995f1ff8bca35e470893ad9b04c1d2cb5cab908a197e282b6dc", "07f42e9fbd8d371cd8c876635578b4ca2d998c43653faff79b5196835118f3e0", "14650abd1bc508c04a1e336bb90fe3c79561c72babcc700da5f256f18f6a6823", "18b655de153caf6def91628b68606333c91efad5f5827b3ec32bfceff662a36e", "29cffc1cf83b0202634a97c088534f93d641c033a23651aee3e0d0341e499dfd", "308f9e5583646a897d372a146c45ea358c29f9e4857c688f23da9ec66ec1f68f", "3ef957f17fad746719bf49a9242d25832b5a6fcd05267d800c3d1cc7d238fb19", "42cb05cdb7e2c931d7d86a55837ee6ca3eca52a99bf0c6b322605fbddbacdd12", "446f406d50ae3ec101f6a3b6fd942a11428dfb5456204bc96753effdb245d710", "5854538f45fb07597f4a98f0b4b78f4a994b3caec3d087e505f32132a9acc6f0", "5d9669ab405280ce153ad46fe14ee96825607a84718561eeb5869dad0ec7b6cb", "7452e7d560a570f841a2b064dcac9a1e2dda86497a7927c3746a3308daf596db", "7acf142aa1f91433902c6e14310d59fa67d3b1db657afac1f9a62af98c5b1b7d", "85629695382446ef6ec2b7874207429b737680149de0dfffcfc15242614f6086", "8d5bb3108d9fec1da62eb55f6f5be21d7958b03a44afc31c1c55275c42216912", "958e05988c19bba356b39e440850d1989d000bb07ba75524c314d3c6e3ca83f9", "a2c64580e6e0d82a2249ad09667d09ca31edebe6b8f228377f7f6bb48b728737", "a5b666e0cce3020b15fd9d77db2ed0c955cccfade4df315d4ee0d357873350dd", "a6a6e37f27efdbf46b542261c66343ae86b560caf0d9cd55333f0ff276ffd9c3", "aaa425c7836465068597d9124769da735f0505b4d394d219970dd3d8366a066a", "af38cd40b8caf9ca19f0174baab3f10bd20c6531b68e03c03909213d4dbc532a", "af8588b958f39fb1bec1a1cb80960e31fcdc6915cf573541c2a7106b9298be33", "b0de96ea181d9c49d72660b7d6b824c1f28ca3cddeb6b525fd281ecfd3950442", "ba0d4092f198ef4a8fb17617550e7ed6c875c81aaed9e8194b2d1db557632bf2", "caee503e803c565fe0525f0b88c79bccde6520cb4ee2f4cfb1ba6b58f426762a", "cc27e36940584e63510a03083434448f33bed6cc8c94b67310f1b980a6b6a776", "cf2c7e54001a98a71e0b478ab423bcb8dbe3b6eec685ec231af17f34d185a8ea", "dceb4870ebc9831e07fb662d9567a5ab3f7e3c1d0790b53cfe435ac37a44442c", "eaea48b0b40baf3cb2e5aa27391faa6bbaffce7b05a3cfa80d43a527b358400c"], "name": "{24d07012-9955-711c-e323-1079ebcbe1f4}"}, {"hashes": ["02616ff4abd1f0e2344de17212bfdb187601330e02dc5cb0a9390ee636365b65", "043c3ac07aed1995f1ff8bca35e470893ad9b04c1d2cb5cab908a197e282b6dc", "07f42e9fbd8d371cd8c876635578b4ca2d998c43653faff79b5196835118f3e0", "14650abd1bc508c04a1e336bb90fe3c79561c72babcc700da5f256f18f6a6823", "18b655de153caf6def91628b68606333c91efad5f5827b3ec32bfceff662a36e", "29cffc1cf83b0202634a97c088534f93d641c033a23651aee3e0d0341e499dfd", "308f9e5583646a897d372a146c45ea358c29f9e4857c688f23da9ec66ec1f68f", "3ef957f17fad746719bf49a9242d25832b5a6fcd05267d800c3d1cc7d238fb19", "42cb05cdb7e2c931d7d86a55837ee6ca3eca52a99bf0c6b322605fbddbacdd12", "446f406d50ae3ec101f6a3b6fd942a11428dfb5456204bc96753effdb245d710", "5854538f45fb07597f4a98f0b4b78f4a994b3caec3d087e505f32132a9acc6f0", "5d9669ab405280ce153ad46fe14ee96825607a84718561eeb5869dad0ec7b6cb", "7452e7d560a570f841a2b064dcac9a1e2dda86497a7927c3746a3308daf596db", "7acf142aa1f91433902c6e14310d59fa67d3b1db657afac1f9a62af98c5b1b7d", "85629695382446ef6ec2b7874207429b737680149de0dfffcfc15242614f6086", "8d5bb3108d9fec1da62eb55f6f5be21d7958b03a44afc31c1c55275c42216912", "958e05988c19bba356b39e440850d1989d000bb07ba75524c314d3c6e3ca83f9", "a2c64580e6e0d82a2249ad09667d09ca31edebe6b8f228377f7f6bb48b728737", "a5b666e0cce3020b15fd9d77db2ed0c955cccfade4df315d4ee0d357873350dd", "a6a6e37f27efdbf46b542261c66343ae86b560caf0d9cd55333f0ff276ffd9c3", "aaa425c7836465068597d9124769da735f0505b4d394d219970dd3d8366a066a", "af38cd40b8caf9ca19f0174baab3f10bd20c6531b68e03c03909213d4dbc532a", "af8588b958f39fb1bec1a1cb80960e31fcdc6915cf573541c2a7106b9298be33", "b0de96ea181d9c49d72660b7d6b824c1f28ca3cddeb6b525fd281ecfd3950442", "ba0d4092f198ef4a8fb17617550e7ed6c875c81aaed9e8194b2d1db557632bf2", "caee503e803c565fe0525f0b88c79bccde6520cb4ee2f4cfb1ba6b58f426762a", "cc27e36940584e63510a03083434448f33bed6cc8c94b67310f1b980a6b6a776", "cf2c7e54001a98a71e0b478ab423bcb8dbe3b6eec685ec231af17f34d185a8ea", "dceb4870ebc9831e07fb662d9567a5ab3f7e3c1d0790b53cfe435ac37a44442c", "eaea48b0b40baf3cb2e5aa27391faa6bbaffce7b05a3cfa80d43a527b358400c"], "name": "{655c7ed4-095a-878f-8a02-ccacb7724214}"}, {"hashes": ["02616ff4abd1f0e2344de17212bfdb187601330e02dc5cb0a9390ee636365b65", "043c3ac07aed1995f1ff8bca35e470893ad9b04c1d2cb5cab908a197e282b6dc", "07f42e9fbd8d371cd8c876635578b4ca2d998c43653faff79b5196835118f3e0", "14650abd1bc508c04a1e336bb90fe3c79561c72babcc700da5f256f18f6a6823", "18b655de153caf6def91628b68606333c91efad5f5827b3ec32bfceff662a36e", "29cffc1cf83b0202634a97c088534f93d641c033a23651aee3e0d0341e499dfd", "308f9e5583646a897d372a146c45ea358c29f9e4857c688f23da9ec66ec1f68f", "3ef957f17fad746719bf49a9242d25832b5a6fcd05267d800c3d1cc7d238fb19", "42cb05cdb7e2c931d7d86a55837ee6ca3eca52a99bf0c6b322605fbddbacdd12", "446f406d50ae3ec101f6a3b6fd942a11428dfb5456204bc96753effdb245d710", "5854538f45fb07597f4a98f0b4b78f4a994b3caec3d087e505f32132a9acc6f0", "5d9669ab405280ce153ad46fe14ee96825607a84718561eeb5869dad0ec7b6cb", "7452e7d560a570f841a2b064dcac9a1e2dda86497a7927c3746a3308daf596db", "7acf142aa1f91433902c6e14310d59fa67d3b1db657afac1f9a62af98c5b1b7d", "85629695382446ef6ec2b7874207429b737680149de0dfffcfc15242614f6086", "8d5bb3108d9fec1da62eb55f6f5be21d7958b03a44afc31c1c55275c42216912", "958e05988c19bba356b39e440850d1989d000bb07ba75524c314d3c6e3ca83f9", "a2c64580e6e0d82a2249ad09667d09ca31edebe6b8f228377f7f6bb48b728737", "a5b666e0cce3020b15fd9d77db2ed0c955cccfade4df315d4ee0d357873350dd", "a6a6e37f27efdbf46b542261c66343ae86b560caf0d9cd55333f0ff276ffd9c3", "aaa425c7836465068597d9124769da735f0505b4d394d219970dd3d8366a066a", "af38cd40b8caf9ca19f0174baab3f10bd20c6531b68e03c03909213d4dbc532a", "af8588b958f39fb1bec1a1cb80960e31fcdc6915cf573541c2a7106b9298be33", "b0de96ea181d9c49d72660b7d6b824c1f28ca3cddeb6b525fd281ecfd3950442", "ba0d4092f198ef4a8fb17617550e7ed6c875c81aaed9e8194b2d1db557632bf2", "caee503e803c565fe0525f0b88c79bccde6520cb4ee2f4cfb1ba6b58f426762a", "cc27e36940584e63510a03083434448f33bed6cc8c94b67310f1b980a6b6a776", "cf2c7e54001a98a71e0b478ab423bcb8dbe3b6eec685ec231af17f34d185a8ea", "dceb4870ebc9831e07fb662d9567a5ab3f7e3c1d0790b53cfe435ac37a44442c", "eaea48b0b40baf3cb2e5aa27391faa6bbaffce7b05a3cfa80d43a527b358400c"], "name": "{b6cf1860-bcd5-9a08-6f96-ff055b773bc6}"}, {"hashes": ["02616ff4abd1f0e2344de17212bfdb187601330e02dc5cb0a9390ee636365b65", "043c3ac07aed1995f1ff8bca35e470893ad9b04c1d2cb5cab908a197e282b6dc", "07f42e9fbd8d371cd8c876635578b4ca2d998c43653faff79b5196835118f3e0", "14650abd1bc508c04a1e336bb90fe3c79561c72babcc700da5f256f18f6a6823", "18b655de153caf6def91628b68606333c91efad5f5827b3ec32bfceff662a36e", "29cffc1cf83b0202634a97c088534f93d641c033a23651aee3e0d0341e499dfd", "308f9e5583646a897d372a146c45ea358c29f9e4857c688f23da9ec66ec1f68f", "3ef957f17fad746719bf49a9242d25832b5a6fcd05267d800c3d1cc7d238fb19", "42cb05cdb7e2c931d7d86a55837ee6ca3eca52a99bf0c6b322605fbddbacdd12", "446f406d50ae3ec101f6a3b6fd942a11428dfb5456204bc96753effdb245d710", "5854538f45fb07597f4a98f0b4b78f4a994b3caec3d087e505f32132a9acc6f0", "5d9669ab405280ce153ad46fe14ee96825607a84718561eeb5869dad0ec7b6cb", "7452e7d560a570f841a2b064dcac9a1e2dda86497a7927c3746a3308daf596db", "7acf142aa1f91433902c6e14310d59fa67d3b1db657afac1f9a62af98c5b1b7d", "85629695382446ef6ec2b7874207429b737680149de0dfffcfc15242614f6086", "8d5bb3108d9fec1da62eb55f6f5be21d7958b03a44afc31c1c55275c42216912", "958e05988c19bba356b39e440850d1989d000bb07ba75524c314d3c6e3ca83f9", "a2c64580e6e0d82a2249ad09667d09ca31edebe6b8f228377f7f6bb48b728737", "a5b666e0cce3020b15fd9d77db2ed0c955cccfade4df315d4ee0d357873350dd", "a6a6e37f27efdbf46b542261c66343ae86b560caf0d9cd55333f0ff276ffd9c3", "aaa425c7836465068597d9124769da735f0505b4d394d219970dd3d8366a066a", "af38cd40b8caf9ca19f0174baab3f10bd20c6531b68e03c03909213d4dbc532a", "af8588b958f39fb1bec1a1cb80960e31fcdc6915cf573541c2a7106b9298be33", "b0de96ea181d9c49d72660b7d6b824c1f28ca3cddeb6b525fd281ecfd3950442", "ba0d4092f198ef4a8fb17617550e7ed6c875c81aaed9e8194b2d1db557632bf2", "caee503e803c565fe0525f0b88c79bccde6520cb4ee2f4cfb1ba6b58f426762a", "cc27e36940584e63510a03083434448f33bed6cc8c94b67310f1b980a6b6a776", "cf2c7e54001a98a71e0b478ab423bcb8dbe3b6eec685ec231af17f34d185a8ea", "dceb4870ebc9831e07fb662d9567a5ab3f7e3c1d0790b53cfe435ac37a44442c", "eaea48b0b40baf3cb2e5aa27391faa6bbaffce7b05a3cfa80d43a527b358400c"], "name": "{<random GUID>}"}, {"hashes": ["29cffc1cf83b0202634a97c088534f93d641c033a23651aee3e0d0341e499dfd", "308f9e5583646a897d372a146c45ea358c29f9e4857c688f23da9ec66ec1f68f", "85629695382446ef6ec2b7874207429b737680149de0dfffcfc15242614f6086", "8d5bb3108d9fec1da62eb55f6f5be21d7958b03a44afc31c1c55275c42216912", "b0de96ea181d9c49d72660b7d6b824c1f28ca3cddeb6b525fd281ecfd3950442", "cf2c7e54001a98a71e0b478ab423bcb8dbe3b6eec685ec231af17f34d185a8ea"], "name": "{fbfe4188-b02d-68e8-0b12-8b7ec736b337}"}, {"hashes": ["14650abd1bc508c04a1e336bb90fe3c79561c72babcc700da5f256f18f6a6823", "18b655de153caf6def91628b68606333c91efad5f5827b3ec32bfceff662a36e", "7acf142aa1f91433902c6e14310d59fa67d3b1db657afac1f9a62af98c5b1b7d", "cc27e36940584e63510a03083434448f33bed6cc8c94b67310f1b980a6b6a776", "dceb4870ebc9831e07fb662d9567a5ab3f7e3c1d0790b53cfe435ac37a44442c"], "name": "{2960081c-881c-9415-8e26-6a61cfdeeca4}"}, {"hashes": ["3ef957f17fad746719bf49a9242d25832b5a6fcd05267d800c3d1cc7d238fb19", "446f406d50ae3ec101f6a3b6fd942a11428dfb5456204bc96753effdb245d710", "5854538f45fb07597f4a98f0b4b78f4a994b3caec3d087e505f32132a9acc6f0", "a2c64580e6e0d82a2249ad09667d09ca31edebe6b8f228377f7f6bb48b728737", "af38cd40b8caf9ca19f0174baab3f10bd20c6531b68e03c03909213d4dbc532a"], "name": "{2faed926-f00a-73d2-1a17-267c47f6a1cb}"}], "registry": []}, "reports_count": 30}, "Win.Virus.Xpiro-9845473-1": {"bis": [{"bi": "antivirus-flagged-artifact", "hashes": ["dab2cf3ce1f6e8296dadb5c2b408d8fad7af1b10cf4fafcda6f5e10b76635bb3", "95e2661e4a6add09c7a5d50db0c4f3ee24b91559b41fbb6829dde00393ae0dbb", "58ded283f8e88aa3b7c961a6d8c649a2a820db777683c38bd605754bff2a1b46", "30dd9806d7fe6f3fecf98796862b12d600ecf9bf37164ad0f3562e2b92241711", "7342e2e6fbbc5dfb3480341d18a6db87209bc2827210a83d439a9875a8c6c922", "7228b71bb5292e8d9d7d8ce43641fe5dbf187343a6aa21e51a160932c7200bf4", "4fa102772fe3e3d8a2cef5817e51832f09b38b4728167c6a1174df9daa1b73ed", "85e5d25c134536a992ec0548d18dcf91ac55ce771ddc8a51dfad1d5f71feac65", "ed17811edaaf8818bc5e9ed634eb41422cc3b3ef3a8688a194f5fb449a036bd4", "c1bbdd977499c88ac725bb9583871553d3f35e74ac53bb28b3dc654991417340", "8788781d868e0c411ab75c53ca2f2684adb966e0621453cec303fcd19a17ae09", "ed58cd5205debf5c6d3409bb961af4f88ef5bd7b8f6cd422ee789f2e5f352a4e", "5195a09384e48b1e0a99ffe138a813af64497b21eabadf5bda3ec303d5cd0512", "9f8d7eca78e4172e603ab0beb8e5c2b38d9753c43d74c5a6ed653de63099195d"], "mitre_attack_tags": []}, {"bi": "pe-encrypted-section", "hashes": ["dab2cf3ce1f6e8296dadb5c2b408d8fad7af1b10cf4fafcda6f5e10b76635bb3", "95e2661e4a6add09c7a5d50db0c4f3ee24b91559b41fbb6829dde00393ae0dbb", "58ded283f8e88aa3b7c961a6d8c649a2a820db777683c38bd605754bff2a1b46", "30dd9806d7fe6f3fecf98796862b12d600ecf9bf37164ad0f3562e2b92241711", "7342e2e6fbbc5dfb3480341d18a6db87209bc2827210a83d439a9875a8c6c922", "7228b71bb5292e8d9d7d8ce43641fe5dbf187343a6aa21e51a160932c7200bf4", "4fa102772fe3e3d8a2cef5817e51832f09b38b4728167c6a1174df9daa1b73ed", "85e5d25c134536a992ec0548d18dcf91ac55ce771ddc8a51dfad1d5f71feac65", "ed17811edaaf8818bc5e9ed634eb41422cc3b3ef3a8688a194f5fb449a036bd4", "c1bbdd977499c88ac725bb9583871553d3f35e74ac53bb28b3dc654991417340", "8788781d868e0c411ab75c53ca2f2684adb966e0621453cec303fcd19a17ae09", "ed58cd5205debf5c6d3409bb961af4f88ef5bd7b8f6cd422ee789f2e5f352a4e", "5195a09384e48b1e0a99ffe138a813af64497b21eabadf5bda3ec303d5cd0512", "9f8d7eca78e4172e603ab0beb8e5c2b38d9753c43d74c5a6ed653de63099195d"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "memory-execute-readwrite", "hashes": ["dab2cf3ce1f6e8296dadb5c2b408d8fad7af1b10cf4fafcda6f5e10b76635bb3", "95e2661e4a6add09c7a5d50db0c4f3ee24b91559b41fbb6829dde00393ae0dbb", "58ded283f8e88aa3b7c961a6d8c649a2a820db777683c38bd605754bff2a1b46", "30dd9806d7fe6f3fecf98796862b12d600ecf9bf37164ad0f3562e2b92241711", "7342e2e6fbbc5dfb3480341d18a6db87209bc2827210a83d439a9875a8c6c922", "7228b71bb5292e8d9d7d8ce43641fe5dbf187343a6aa21e51a160932c7200bf4", "4fa102772fe3e3d8a2cef5817e51832f09b38b4728167c6a1174df9daa1b73ed", "85e5d25c134536a992ec0548d18dcf91ac55ce771ddc8a51dfad1d5f71feac65", "ed17811edaaf8818bc5e9ed634eb41422cc3b3ef3a8688a194f5fb449a036bd4", "c1bbdd977499c88ac725bb9583871553d3f35e74ac53bb28b3dc654991417340", "8788781d868e0c411ab75c53ca2f2684adb966e0621453cec303fcd19a17ae09", "ed58cd5205debf5c6d3409bb961af4f88ef5bd7b8f6cd422ee789f2e5f352a4e", "5195a09384e48b1e0a99ffe138a813af64497b21eabadf5bda3ec303d5cd0512", "9f8d7eca78e4172e603ab0beb8e5c2b38d9753c43d74c5a6ed653de63099195d"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "modified-executable", "hashes": ["dab2cf3ce1f6e8296dadb5c2b408d8fad7af1b10cf4fafcda6f5e10b76635bb3", "95e2661e4a6add09c7a5d50db0c4f3ee24b91559b41fbb6829dde00393ae0dbb", "58ded283f8e88aa3b7c961a6d8c649a2a820db777683c38bd605754bff2a1b46", "30dd9806d7fe6f3fecf98796862b12d600ecf9bf37164ad0f3562e2b92241711", "7342e2e6fbbc5dfb3480341d18a6db87209bc2827210a83d439a9875a8c6c922", "7228b71bb5292e8d9d7d8ce43641fe5dbf187343a6aa21e51a160932c7200bf4", "4fa102772fe3e3d8a2cef5817e51832f09b38b4728167c6a1174df9daa1b73ed", "85e5d25c134536a992ec0548d18dcf91ac55ce771ddc8a51dfad1d5f71feac65", "ed17811edaaf8818bc5e9ed634eb41422cc3b3ef3a8688a194f5fb449a036bd4", "c1bbdd977499c88ac725bb9583871553d3f35e74ac53bb28b3dc654991417340", "8788781d868e0c411ab75c53ca2f2684adb966e0621453cec303fcd19a17ae09", "ed58cd5205debf5c6d3409bb961af4f88ef5bd7b8f6cd422ee789f2e5f352a4e", "5195a09384e48b1e0a99ffe138a813af64497b21eabadf5bda3ec303d5cd0512", "9f8d7eca78e4172e603ab0beb8e5c2b38d9753c43d74c5a6ed653de63099195d"], "mitre_attack_tags": []}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["dab2cf3ce1f6e8296dadb5c2b408d8fad7af1b10cf4fafcda6f5e10b76635bb3", "95e2661e4a6add09c7a5d50db0c4f3ee24b91559b41fbb6829dde00393ae0dbb", "58ded283f8e88aa3b7c961a6d8c649a2a820db777683c38bd605754bff2a1b46", "30dd9806d7fe6f3fecf98796862b12d600ecf9bf37164ad0f3562e2b92241711", "7342e2e6fbbc5dfb3480341d18a6db87209bc2827210a83d439a9875a8c6c922", "7228b71bb5292e8d9d7d8ce43641fe5dbf187343a6aa21e51a160932c7200bf4", "4fa102772fe3e3d8a2cef5817e51832f09b38b4728167c6a1174df9daa1b73ed", "85e5d25c134536a992ec0548d18dcf91ac55ce771ddc8a51dfad1d5f71feac65", "ed17811edaaf8818bc5e9ed634eb41422cc3b3ef3a8688a194f5fb449a036bd4", "c1bbdd977499c88ac725bb9583871553d3f35e74ac53bb28b3dc654991417340", "8788781d868e0c411ab75c53ca2f2684adb966e0621453cec303fcd19a17ae09", "ed58cd5205debf5c6d3409bb961af4f88ef5bd7b8f6cd422ee789f2e5f352a4e", "5195a09384e48b1e0a99ffe138a813af64497b21eabadf5bda3ec303d5cd0512", "9f8d7eca78e4172e603ab0beb8e5c2b38d9753c43d74c5a6ed653de63099195d"], "mitre_attack_tags": []}, {"bi": "modified-file-in-user-dir", "hashes": ["dab2cf3ce1f6e8296dadb5c2b408d8fad7af1b10cf4fafcda6f5e10b76635bb3", "95e2661e4a6add09c7a5d50db0c4f3ee24b91559b41fbb6829dde00393ae0dbb", "58ded283f8e88aa3b7c961a6d8c649a2a820db777683c38bd605754bff2a1b46", "30dd9806d7fe6f3fecf98796862b12d600ecf9bf37164ad0f3562e2b92241711", "7342e2e6fbbc5dfb3480341d18a6db87209bc2827210a83d439a9875a8c6c922", "7228b71bb5292e8d9d7d8ce43641fe5dbf187343a6aa21e51a160932c7200bf4", "4fa102772fe3e3d8a2cef5817e51832f09b38b4728167c6a1174df9daa1b73ed", "85e5d25c134536a992ec0548d18dcf91ac55ce771ddc8a51dfad1d5f71feac65", "ed17811edaaf8818bc5e9ed634eb41422cc3b3ef3a8688a194f5fb449a036bd4", "c1bbdd977499c88ac725bb9583871553d3f35e74ac53bb28b3dc654991417340", "8788781d868e0c411ab75c53ca2f2684adb966e0621453cec303fcd19a17ae09", "ed58cd5205debf5c6d3409bb961af4f88ef5bd7b8f6cd422ee789f2e5f352a4e", "5195a09384e48b1e0a99ffe138a813af64497b21eabadf5bda3ec303d5cd0512", "9f8d7eca78e4172e603ab0beb8e5c2b38d9753c43d74c5a6ed653de63099195d"], "mitre_attack_tags": []}, {"bi": "pe-invalid-checksum", "hashes": ["dab2cf3ce1f6e8296dadb5c2b408d8fad7af1b10cf4fafcda6f5e10b76635bb3", "95e2661e4a6add09c7a5d50db0c4f3ee24b91559b41fbb6829dde00393ae0dbb", "58ded283f8e88aa3b7c961a6d8c649a2a820db777683c38bd605754bff2a1b46", "30dd9806d7fe6f3fecf98796862b12d600ecf9bf37164ad0f3562e2b92241711", "7342e2e6fbbc5dfb3480341d18a6db87209bc2827210a83d439a9875a8c6c922", "7228b71bb5292e8d9d7d8ce43641fe5dbf187343a6aa21e51a160932c7200bf4", "4fa102772fe3e3d8a2cef5817e51832f09b38b4728167c6a1174df9daa1b73ed", "85e5d25c134536a992ec0548d18dcf91ac55ce771ddc8a51dfad1d5f71feac65", "ed17811edaaf8818bc5e9ed634eb41422cc3b3ef3a8688a194f5fb449a036bd4", "c1bbdd977499c88ac725bb9583871553d3f35e74ac53bb28b3dc654991417340", "8788781d868e0c411ab75c53ca2f2684adb966e0621453cec303fcd19a17ae09", "ed58cd5205debf5c6d3409bb961af4f88ef5bd7b8f6cd422ee789f2e5f352a4e", "5195a09384e48b1e0a99ffe138a813af64497b21eabadf5bda3ec303d5cd0512", "9f8d7eca78e4172e603ab0beb8e5c2b38d9753c43d74c5a6ed653de63099195d"], "mitre_attack_tags": []}, {"bi": "cta-static-analyzer-malicious", "hashes": ["dab2cf3ce1f6e8296dadb5c2b408d8fad7af1b10cf4fafcda6f5e10b76635bb3", "95e2661e4a6add09c7a5d50db0c4f3ee24b91559b41fbb6829dde00393ae0dbb", "58ded283f8e88aa3b7c961a6d8c649a2a820db777683c38bd605754bff2a1b46", "30dd9806d7fe6f3fecf98796862b12d600ecf9bf37164ad0f3562e2b92241711", "7342e2e6fbbc5dfb3480341d18a6db87209bc2827210a83d439a9875a8c6c922", "7228b71bb5292e8d9d7d8ce43641fe5dbf187343a6aa21e51a160932c7200bf4", "4fa102772fe3e3d8a2cef5817e51832f09b38b4728167c6a1174df9daa1b73ed", "85e5d25c134536a992ec0548d18dcf91ac55ce771ddc8a51dfad1d5f71feac65", "ed17811edaaf8818bc5e9ed634eb41422cc3b3ef3a8688a194f5fb449a036bd4", "c1bbdd977499c88ac725bb9583871553d3f35e74ac53bb28b3dc654991417340", "8788781d868e0c411ab75c53ca2f2684adb966e0621453cec303fcd19a17ae09", "ed58cd5205debf5c6d3409bb961af4f88ef5bd7b8f6cd422ee789f2e5f352a4e", "5195a09384e48b1e0a99ffe138a813af64497b21eabadf5bda3ec303d5cd0512", "9f8d7eca78e4172e603ab0beb8e5c2b38d9753c43d74c5a6ed653de63099195d"], "mitre_attack_tags": []}, {"bi": "artifact-flagged-anomaly", "hashes": ["dab2cf3ce1f6e8296dadb5c2b408d8fad7af1b10cf4fafcda6f5e10b76635bb3", "95e2661e4a6add09c7a5d50db0c4f3ee24b91559b41fbb6829dde00393ae0dbb", "58ded283f8e88aa3b7c961a6d8c649a2a820db777683c38bd605754bff2a1b46", "30dd9806d7fe6f3fecf98796862b12d600ecf9bf37164ad0f3562e2b92241711", "7342e2e6fbbc5dfb3480341d18a6db87209bc2827210a83d439a9875a8c6c922", "7228b71bb5292e8d9d7d8ce43641fe5dbf187343a6aa21e51a160932c7200bf4", "4fa102772fe3e3d8a2cef5817e51832f09b38b4728167c6a1174df9daa1b73ed", "85e5d25c134536a992ec0548d18dcf91ac55ce771ddc8a51dfad1d5f71feac65", "ed17811edaaf8818bc5e9ed634eb41422cc3b3ef3a8688a194f5fb449a036bd4", "c1bbdd977499c88ac725bb9583871553d3f35e74ac53bb28b3dc654991417340", "8788781d868e0c411ab75c53ca2f2684adb966e0621453cec303fcd19a17ae09", "ed58cd5205debf5c6d3409bb961af4f88ef5bd7b8f6cd422ee789f2e5f352a4e", "5195a09384e48b1e0a99ffe138a813af64497b21eabadf5bda3ec303d5cd0512", "9f8d7eca78e4172e603ab0beb8e5c2b38d9753c43d74c5a6ed653de63099195d"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-filename-mismatch", "hashes": ["dab2cf3ce1f6e8296dadb5c2b408d8fad7af1b10cf4fafcda6f5e10b76635bb3", "95e2661e4a6add09c7a5d50db0c4f3ee24b91559b41fbb6829dde00393ae0dbb", "58ded283f8e88aa3b7c961a6d8c649a2a820db777683c38bd605754bff2a1b46", "30dd9806d7fe6f3fecf98796862b12d600ecf9bf37164ad0f3562e2b92241711", "7342e2e6fbbc5dfb3480341d18a6db87209bc2827210a83d439a9875a8c6c922", "7228b71bb5292e8d9d7d8ce43641fe5dbf187343a6aa21e51a160932c7200bf4", "4fa102772fe3e3d8a2cef5817e51832f09b38b4728167c6a1174df9daa1b73ed", "85e5d25c134536a992ec0548d18dcf91ac55ce771ddc8a51dfad1d5f71feac65", "ed17811edaaf8818bc5e9ed634eb41422cc3b3ef3a8688a194f5fb449a036bd4", "c1bbdd977499c88ac725bb9583871553d3f35e74ac53bb28b3dc654991417340", "8788781d868e0c411ab75c53ca2f2684adb966e0621453cec303fcd19a17ae09", "ed58cd5205debf5c6d3409bb961af4f88ef5bd7b8f6cd422ee789f2e5f352a4e", "5195a09384e48b1e0a99ffe138a813af64497b21eabadf5bda3ec303d5cd0512", "9f8d7eca78e4172e603ab0beb8e5c2b38d9753c43d74c5a6ed653de63099195d"], "mitre_attack_tags": []}, {"bi": "pe-section-execute-writable", "hashes": ["dab2cf3ce1f6e8296dadb5c2b408d8fad7af1b10cf4fafcda6f5e10b76635bb3", "95e2661e4a6add09c7a5d50db0c4f3ee24b91559b41fbb6829dde00393ae0dbb", "58ded283f8e88aa3b7c961a6d8c649a2a820db777683c38bd605754bff2a1b46", "30dd9806d7fe6f3fecf98796862b12d600ecf9bf37164ad0f3562e2b92241711", "7342e2e6fbbc5dfb3480341d18a6db87209bc2827210a83d439a9875a8c6c922", "7228b71bb5292e8d9d7d8ce43641fe5dbf187343a6aa21e51a160932c7200bf4", "4fa102772fe3e3d8a2cef5817e51832f09b38b4728167c6a1174df9daa1b73ed", "85e5d25c134536a992ec0548d18dcf91ac55ce771ddc8a51dfad1d5f71feac65", "ed17811edaaf8818bc5e9ed634eb41422cc3b3ef3a8688a194f5fb449a036bd4", "c1bbdd977499c88ac725bb9583871553d3f35e74ac53bb28b3dc654991417340", "8788781d868e0c411ab75c53ca2f2684adb966e0621453cec303fcd19a17ae09", "ed58cd5205debf5c6d3409bb961af4f88ef5bd7b8f6cd422ee789f2e5f352a4e", "5195a09384e48b1e0a99ffe138a813af64497b21eabadf5bda3ec303d5cd0512", "9f8d7eca78e4172e603ab0beb8e5c2b38d9753c43d74c5a6ed653de63099195d"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "hook-installed", "hashes": ["dab2cf3ce1f6e8296dadb5c2b408d8fad7af1b10cf4fafcda6f5e10b76635bb3", "95e2661e4a6add09c7a5d50db0c4f3ee24b91559b41fbb6829dde00393ae0dbb", "58ded283f8e88aa3b7c961a6d8c649a2a820db777683c38bd605754bff2a1b46", "30dd9806d7fe6f3fecf98796862b12d600ecf9bf37164ad0f3562e2b92241711", "7342e2e6fbbc5dfb3480341d18a6db87209bc2827210a83d439a9875a8c6c922", "7228b71bb5292e8d9d7d8ce43641fe5dbf187343a6aa21e51a160932c7200bf4", "4fa102772fe3e3d8a2cef5817e51832f09b38b4728167c6a1174df9daa1b73ed", "85e5d25c134536a992ec0548d18dcf91ac55ce771ddc8a51dfad1d5f71feac65", "ed17811edaaf8818bc5e9ed634eb41422cc3b3ef3a8688a194f5fb449a036bd4", "c1bbdd977499c88ac725bb9583871553d3f35e74ac53bb28b3dc654991417340", "8788781d868e0c411ab75c53ca2f2684adb966e0621453cec303fcd19a17ae09", "ed58cd5205debf5c6d3409bb961af4f88ef5bd7b8f6cd422ee789f2e5f352a4e", "5195a09384e48b1e0a99ffe138a813af64497b21eabadf5bda3ec303d5cd0512", "9f8d7eca78e4172e603ab0beb8e5c2b38d9753c43d74c5a6ed653de63099195d"], "mitre_attack_tags": ["TA0009", "TA0006", "T1056"]}, {"bi": "file-ini-read", "hashes": ["dab2cf3ce1f6e8296dadb5c2b408d8fad7af1b10cf4fafcda6f5e10b76635bb3", "95e2661e4a6add09c7a5d50db0c4f3ee24b91559b41fbb6829dde00393ae0dbb", "58ded283f8e88aa3b7c961a6d8c649a2a820db777683c38bd605754bff2a1b46", "30dd9806d7fe6f3fecf98796862b12d600ecf9bf37164ad0f3562e2b92241711", "7342e2e6fbbc5dfb3480341d18a6db87209bc2827210a83d439a9875a8c6c922", "7228b71bb5292e8d9d7d8ce43641fe5dbf187343a6aa21e51a160932c7200bf4", "4fa102772fe3e3d8a2cef5817e51832f09b38b4728167c6a1174df9daa1b73ed", "85e5d25c134536a992ec0548d18dcf91ac55ce771ddc8a51dfad1d5f71feac65", "ed17811edaaf8818bc5e9ed634eb41422cc3b3ef3a8688a194f5fb449a036bd4", "c1bbdd977499c88ac725bb9583871553d3f35e74ac53bb28b3dc654991417340", "8788781d868e0c411ab75c53ca2f2684adb966e0621453cec303fcd19a17ae09", "ed58cd5205debf5c6d3409bb961af4f88ef5bd7b8f6cd422ee789f2e5f352a4e", "5195a09384e48b1e0a99ffe138a813af64497b21eabadf5bda3ec303d5cd0512", "9f8d7eca78e4172e603ab0beb8e5c2b38d9753c43d74c5a6ed653de63099195d"], "mitre_attack_tags": []}, {"bi": "enumeration-browser-information", "hashes": ["dab2cf3ce1f6e8296dadb5c2b408d8fad7af1b10cf4fafcda6f5e10b76635bb3", "95e2661e4a6add09c7a5d50db0c4f3ee24b91559b41fbb6829dde00393ae0dbb", "58ded283f8e88aa3b7c961a6d8c649a2a820db777683c38bd605754bff2a1b46", "30dd9806d7fe6f3fecf98796862b12d600ecf9bf37164ad0f3562e2b92241711", "7342e2e6fbbc5dfb3480341d18a6db87209bc2827210a83d439a9875a8c6c922", "7228b71bb5292e8d9d7d8ce43641fe5dbf187343a6aa21e51a160932c7200bf4", "4fa102772fe3e3d8a2cef5817e51832f09b38b4728167c6a1174df9daa1b73ed", "85e5d25c134536a992ec0548d18dcf91ac55ce771ddc8a51dfad1d5f71feac65", "ed17811edaaf8818bc5e9ed634eb41422cc3b3ef3a8688a194f5fb449a036bd4", "c1bbdd977499c88ac725bb9583871553d3f35e74ac53bb28b3dc654991417340", "8788781d868e0c411ab75c53ca2f2684adb966e0621453cec303fcd19a17ae09", "ed58cd5205debf5c6d3409bb961af4f88ef5bd7b8f6cd422ee789f2e5f352a4e", "5195a09384e48b1e0a99ffe138a813af64497b21eabadf5bda3ec303d5cd0512", "9f8d7eca78e4172e603ab0beb8e5c2b38d9753c43d74c5a6ed653de63099195d"], "mitre_attack_tags": ["TA0007", "TA0009", "TA0006", "T1083", "T1217", "T1005", "T1119", "T1552"]}, {"bi": "pe-uses-dot-net", "hashes": ["dab2cf3ce1f6e8296dadb5c2b408d8fad7af1b10cf4fafcda6f5e10b76635bb3", "95e2661e4a6add09c7a5d50db0c4f3ee24b91559b41fbb6829dde00393ae0dbb", "58ded283f8e88aa3b7c961a6d8c649a2a820db777683c38bd605754bff2a1b46", "30dd9806d7fe6f3fecf98796862b12d600ecf9bf37164ad0f3562e2b92241711", "7342e2e6fbbc5dfb3480341d18a6db87209bc2827210a83d439a9875a8c6c922", "7228b71bb5292e8d9d7d8ce43641fe5dbf187343a6aa21e51a160932c7200bf4", "4fa102772fe3e3d8a2cef5817e51832f09b38b4728167c6a1174df9daa1b73ed", "85e5d25c134536a992ec0548d18dcf91ac55ce771ddc8a51dfad1d5f71feac65", "ed17811edaaf8818bc5e9ed634eb41422cc3b3ef3a8688a194f5fb449a036bd4", "c1bbdd977499c88ac725bb9583871553d3f35e74ac53bb28b3dc654991417340", "8788781d868e0c411ab75c53ca2f2684adb966e0621453cec303fcd19a17ae09", "ed58cd5205debf5c6d3409bb961af4f88ef5bd7b8f6cd422ee789f2e5f352a4e", "5195a09384e48b1e0a99ffe138a813af64497b21eabadf5bda3ec303d5cd0512", "9f8d7eca78e4172e603ab0beb8e5c2b38d9753c43d74c5a6ed653de63099195d"], "mitre_attack_tags": []}, {"bi": "modified-file-in-program-dir", "hashes": ["dab2cf3ce1f6e8296dadb5c2b408d8fad7af1b10cf4fafcda6f5e10b76635bb3", "95e2661e4a6add09c7a5d50db0c4f3ee24b91559b41fbb6829dde00393ae0dbb", "58ded283f8e88aa3b7c961a6d8c649a2a820db777683c38bd605754bff2a1b46", "30dd9806d7fe6f3fecf98796862b12d600ecf9bf37164ad0f3562e2b92241711", "7342e2e6fbbc5dfb3480341d18a6db87209bc2827210a83d439a9875a8c6c922", "7228b71bb5292e8d9d7d8ce43641fe5dbf187343a6aa21e51a160932c7200bf4", "4fa102772fe3e3d8a2cef5817e51832f09b38b4728167c6a1174df9daa1b73ed", "85e5d25c134536a992ec0548d18dcf91ac55ce771ddc8a51dfad1d5f71feac65", "ed17811edaaf8818bc5e9ed634eb41422cc3b3ef3a8688a194f5fb449a036bd4", "c1bbdd977499c88ac725bb9583871553d3f35e74ac53bb28b3dc654991417340", "8788781d868e0c411ab75c53ca2f2684adb966e0621453cec303fcd19a17ae09", "ed58cd5205debf5c6d3409bb961af4f88ef5bd7b8f6cd422ee789f2e5f352a4e", "5195a09384e48b1e0a99ffe138a813af64497b21eabadf5bda3ec303d5cd0512", "9f8d7eca78e4172e603ab0beb8e5c2b38d9753c43d74c5a6ed653de63099195d"], "mitre_attack_tags": []}, {"bi": "modified-file-in-system-dir", "hashes": ["dab2cf3ce1f6e8296dadb5c2b408d8fad7af1b10cf4fafcda6f5e10b76635bb3", "95e2661e4a6add09c7a5d50db0c4f3ee24b91559b41fbb6829dde00393ae0dbb", "58ded283f8e88aa3b7c961a6d8c649a2a820db777683c38bd605754bff2a1b46", "30dd9806d7fe6f3fecf98796862b12d600ecf9bf37164ad0f3562e2b92241711", "7342e2e6fbbc5dfb3480341d18a6db87209bc2827210a83d439a9875a8c6c922", "7228b71bb5292e8d9d7d8ce43641fe5dbf187343a6aa21e51a160932c7200bf4", "4fa102772fe3e3d8a2cef5817e51832f09b38b4728167c6a1174df9daa1b73ed", "85e5d25c134536a992ec0548d18dcf91ac55ce771ddc8a51dfad1d5f71feac65", "ed17811edaaf8818bc5e9ed634eb41422cc3b3ef3a8688a194f5fb449a036bd4", "c1bbdd977499c88ac725bb9583871553d3f35e74ac53bb28b3dc654991417340", "8788781d868e0c411ab75c53ca2f2684adb966e0621453cec303fcd19a17ae09", "ed58cd5205debf5c6d3409bb961af4f88ef5bd7b8f6cd422ee789f2e5f352a4e", "5195a09384e48b1e0a99ffe138a813af64497b21eabadf5bda3ec303d5cd0512", "9f8d7eca78e4172e603ab0beb8e5c2b38d9753c43d74c5a6ed653de63099195d"], "mitre_attack_tags": []}, {"bi": "imports-IsDebuggerPresent", "hashes": ["dab2cf3ce1f6e8296dadb5c2b408d8fad7af1b10cf4fafcda6f5e10b76635bb3", "95e2661e4a6add09c7a5d50db0c4f3ee24b91559b41fbb6829dde00393ae0dbb", "58ded283f8e88aa3b7c961a6d8c649a2a820db777683c38bd605754bff2a1b46", "30dd9806d7fe6f3fecf98796862b12d600ecf9bf37164ad0f3562e2b92241711", "7342e2e6fbbc5dfb3480341d18a6db87209bc2827210a83d439a9875a8c6c922", "7228b71bb5292e8d9d7d8ce43641fe5dbf187343a6aa21e51a160932c7200bf4", "4fa102772fe3e3d8a2cef5817e51832f09b38b4728167c6a1174df9daa1b73ed", "85e5d25c134536a992ec0548d18dcf91ac55ce771ddc8a51dfad1d5f71feac65", "ed17811edaaf8818bc5e9ed634eb41422cc3b3ef3a8688a194f5fb449a036bd4", "c1bbdd977499c88ac725bb9583871553d3f35e74ac53bb28b3dc654991417340", "8788781d868e0c411ab75c53ca2f2684adb966e0621453cec303fcd19a17ae09", "ed58cd5205debf5c6d3409bb961af4f88ef5bd7b8f6cd422ee789f2e5f352a4e", "5195a09384e48b1e0a99ffe138a813af64497b21eabadf5bda3ec303d5cd0512", "9f8d7eca78e4172e603ab0beb8e5c2b38d9753c43d74c5a6ed653de63099195d"], "mitre_attack_tags": []}, {"bi": "registry-service-autostart-disabled", "hashes": ["dab2cf3ce1f6e8296dadb5c2b408d8fad7af1b10cf4fafcda6f5e10b76635bb3", "95e2661e4a6add09c7a5d50db0c4f3ee24b91559b41fbb6829dde00393ae0dbb", "58ded283f8e88aa3b7c961a6d8c649a2a820db777683c38bd605754bff2a1b46", "30dd9806d7fe6f3fecf98796862b12d600ecf9bf37164ad0f3562e2b92241711", "7342e2e6fbbc5dfb3480341d18a6db87209bc2827210a83d439a9875a8c6c922", "7228b71bb5292e8d9d7d8ce43641fe5dbf187343a6aa21e51a160932c7200bf4", "4fa102772fe3e3d8a2cef5817e51832f09b38b4728167c6a1174df9daa1b73ed", "85e5d25c134536a992ec0548d18dcf91ac55ce771ddc8a51dfad1d5f71feac65", "ed17811edaaf8818bc5e9ed634eb41422cc3b3ef3a8688a194f5fb449a036bd4", "c1bbdd977499c88ac725bb9583871553d3f35e74ac53bb28b3dc654991417340", "8788781d868e0c411ab75c53ca2f2684adb966e0621453cec303fcd19a17ae09", "ed58cd5205debf5c6d3409bb961af4f88ef5bd7b8f6cd422ee789f2e5f352a4e", "5195a09384e48b1e0a99ffe138a813af64497b21eabadf5bda3ec303d5cd0512", "9f8d7eca78e4172e603ab0beb8e5c2b38d9753c43d74c5a6ed653de63099195d"], "mitre_attack_tags": ["TA0005", "TA0040", "TA0003", "TA0004", "T1112", "T1574", "T1489"]}, {"bi": "process-with-multiple-children", "hashes": ["dab2cf3ce1f6e8296dadb5c2b408d8fad7af1b10cf4fafcda6f5e10b76635bb3", "95e2661e4a6add09c7a5d50db0c4f3ee24b91559b41fbb6829dde00393ae0dbb", "58ded283f8e88aa3b7c961a6d8c649a2a820db777683c38bd605754bff2a1b46", "30dd9806d7fe6f3fecf98796862b12d600ecf9bf37164ad0f3562e2b92241711", "7342e2e6fbbc5dfb3480341d18a6db87209bc2827210a83d439a9875a8c6c922", "7228b71bb5292e8d9d7d8ce43641fe5dbf187343a6aa21e51a160932c7200bf4", "4fa102772fe3e3d8a2cef5817e51832f09b38b4728167c6a1174df9daa1b73ed", "85e5d25c134536a992ec0548d18dcf91ac55ce771ddc8a51dfad1d5f71feac65", "ed17811edaaf8818bc5e9ed634eb41422cc3b3ef3a8688a194f5fb449a036bd4", "c1bbdd977499c88ac725bb9583871553d3f35e74ac53bb28b3dc654991417340", "8788781d868e0c411ab75c53ca2f2684adb966e0621453cec303fcd19a17ae09", "ed58cd5205debf5c6d3409bb961af4f88ef5bd7b8f6cd422ee789f2e5f352a4e", "5195a09384e48b1e0a99ffe138a813af64497b21eabadf5bda3ec303d5cd0512", "9f8d7eca78e4172e603ab0beb8e5c2b38d9753c43d74c5a6ed653de63099195d"], "mitre_attack_tags": ["TA0005"]}, {"bi": "pe-imports-toolhelp", "hashes": ["dab2cf3ce1f6e8296dadb5c2b408d8fad7af1b10cf4fafcda6f5e10b76635bb3", "95e2661e4a6add09c7a5d50db0c4f3ee24b91559b41fbb6829dde00393ae0dbb", "58ded283f8e88aa3b7c961a6d8c649a2a820db777683c38bd605754bff2a1b46", "30dd9806d7fe6f3fecf98796862b12d600ecf9bf37164ad0f3562e2b92241711", "7342e2e6fbbc5dfb3480341d18a6db87209bc2827210a83d439a9875a8c6c922", "7228b71bb5292e8d9d7d8ce43641fe5dbf187343a6aa21e51a160932c7200bf4", "4fa102772fe3e3d8a2cef5817e51832f09b38b4728167c6a1174df9daa1b73ed", "85e5d25c134536a992ec0548d18dcf91ac55ce771ddc8a51dfad1d5f71feac65", "ed17811edaaf8818bc5e9ed634eb41422cc3b3ef3a8688a194f5fb449a036bd4", "c1bbdd977499c88ac725bb9583871553d3f35e74ac53bb28b3dc654991417340", "8788781d868e0c411ab75c53ca2f2684adb966e0621453cec303fcd19a17ae09", "ed58cd5205debf5c6d3409bb961af4f88ef5bd7b8f6cd422ee789f2e5f352a4e", "5195a09384e48b1e0a99ffe138a813af64497b21eabadf5bda3ec303d5cd0512", "9f8d7eca78e4172e603ab0beb8e5c2b38d9753c43d74c5a6ed653de63099195d"], "mitre_attack_tags": ["TA0007", "T1057"]}, {"bi": "antivirus-flagged-artifact-cta", "hashes": ["dab2cf3ce1f6e8296dadb5c2b408d8fad7af1b10cf4fafcda6f5e10b76635bb3", "95e2661e4a6add09c7a5d50db0c4f3ee24b91559b41fbb6829dde00393ae0dbb", "58ded283f8e88aa3b7c961a6d8c649a2a820db777683c38bd605754bff2a1b46", "30dd9806d7fe6f3fecf98796862b12d600ecf9bf37164ad0f3562e2b92241711", "7342e2e6fbbc5dfb3480341d18a6db87209bc2827210a83d439a9875a8c6c922", "7228b71bb5292e8d9d7d8ce43641fe5dbf187343a6aa21e51a160932c7200bf4", "4fa102772fe3e3d8a2cef5817e51832f09b38b4728167c6a1174df9daa1b73ed", "85e5d25c134536a992ec0548d18dcf91ac55ce771ddc8a51dfad1d5f71feac65", "ed17811edaaf8818bc5e9ed634eb41422cc3b3ef3a8688a194f5fb449a036bd4", "c1bbdd977499c88ac725bb9583871553d3f35e74ac53bb28b3dc654991417340", "8788781d868e0c411ab75c53ca2f2684adb966e0621453cec303fcd19a17ae09", "ed58cd5205debf5c6d3409bb961af4f88ef5bd7b8f6cd422ee789f2e5f352a4e", "5195a09384e48b1e0a99ffe138a813af64497b21eabadf5bda3ec303d5cd0512", "9f8d7eca78e4172e603ab0beb8e5c2b38d9753c43d74c5a6ed653de63099195d"], "mitre_attack_tags": []}, {"bi": "file-ini-modified", "hashes": ["dab2cf3ce1f6e8296dadb5c2b408d8fad7af1b10cf4fafcda6f5e10b76635bb3", "95e2661e4a6add09c7a5d50db0c4f3ee24b91559b41fbb6829dde00393ae0dbb", "58ded283f8e88aa3b7c961a6d8c649a2a820db777683c38bd605754bff2a1b46", "30dd9806d7fe6f3fecf98796862b12d600ecf9bf37164ad0f3562e2b92241711", "7342e2e6fbbc5dfb3480341d18a6db87209bc2827210a83d439a9875a8c6c922", "7228b71bb5292e8d9d7d8ce43641fe5dbf187343a6aa21e51a160932c7200bf4", "4fa102772fe3e3d8a2cef5817e51832f09b38b4728167c6a1174df9daa1b73ed", "85e5d25c134536a992ec0548d18dcf91ac55ce771ddc8a51dfad1d5f71feac65", "ed17811edaaf8818bc5e9ed634eb41422cc3b3ef3a8688a194f5fb449a036bd4", "c1bbdd977499c88ac725bb9583871553d3f35e74ac53bb28b3dc654991417340", "8788781d868e0c411ab75c53ca2f2684adb966e0621453cec303fcd19a17ae09", "ed58cd5205debf5c6d3409bb961af4f88ef5bd7b8f6cd422ee789f2e5f352a4e", "5195a09384e48b1e0a99ffe138a813af64497b21eabadf5bda3ec303d5cd0512", "9f8d7eca78e4172e603ab0beb8e5c2b38d9753c43d74c5a6ed653de63099195d"], "mitre_attack_tags": ["TA0003"]}, {"bi": "registry-ie-zone-settings-modified", "hashes": ["dab2cf3ce1f6e8296dadb5c2b408d8fad7af1b10cf4fafcda6f5e10b76635bb3", "95e2661e4a6add09c7a5d50db0c4f3ee24b91559b41fbb6829dde00393ae0dbb", "58ded283f8e88aa3b7c961a6d8c649a2a820db777683c38bd605754bff2a1b46", "30dd9806d7fe6f3fecf98796862b12d600ecf9bf37164ad0f3562e2b92241711", "7342e2e6fbbc5dfb3480341d18a6db87209bc2827210a83d439a9875a8c6c922", "7228b71bb5292e8d9d7d8ce43641fe5dbf187343a6aa21e51a160932c7200bf4", "4fa102772fe3e3d8a2cef5817e51832f09b38b4728167c6a1174df9daa1b73ed", "85e5d25c134536a992ec0548d18dcf91ac55ce771ddc8a51dfad1d5f71feac65", "ed17811edaaf8818bc5e9ed634eb41422cc3b3ef3a8688a194f5fb449a036bd4", "c1bbdd977499c88ac725bb9583871553d3f35e74ac53bb28b3dc654991417340", "8788781d868e0c411ab75c53ca2f2684adb966e0621453cec303fcd19a17ae09", "ed58cd5205debf5c6d3409bb961af4f88ef5bd7b8f6cd422ee789f2e5f352a4e", "5195a09384e48b1e0a99ffe138a813af64497b21eabadf5bda3ec303d5cd0512", "9f8d7eca78e4172e603ab0beb8e5c2b38d9753c43d74c5a6ed653de63099195d"], "mitre_attack_tags": ["TA0005", "T1562"]}, {"bi": "registry-service-type-modified", "hashes": ["dab2cf3ce1f6e8296dadb5c2b408d8fad7af1b10cf4fafcda6f5e10b76635bb3", "95e2661e4a6add09c7a5d50db0c4f3ee24b91559b41fbb6829dde00393ae0dbb", "58ded283f8e88aa3b7c961a6d8c649a2a820db777683c38bd605754bff2a1b46", "30dd9806d7fe6f3fecf98796862b12d600ecf9bf37164ad0f3562e2b92241711", "7342e2e6fbbc5dfb3480341d18a6db87209bc2827210a83d439a9875a8c6c922", "7228b71bb5292e8d9d7d8ce43641fe5dbf187343a6aa21e51a160932c7200bf4", "4fa102772fe3e3d8a2cef5817e51832f09b38b4728167c6a1174df9daa1b73ed", "85e5d25c134536a992ec0548d18dcf91ac55ce771ddc8a51dfad1d5f71feac65", "ed17811edaaf8818bc5e9ed634eb41422cc3b3ef3a8688a194f5fb449a036bd4", "c1bbdd977499c88ac725bb9583871553d3f35e74ac53bb28b3dc654991417340", "8788781d868e0c411ab75c53ca2f2684adb966e0621453cec303fcd19a17ae09", "ed58cd5205debf5c6d3409bb961af4f88ef5bd7b8f6cd422ee789f2e5f352a4e", "5195a09384e48b1e0a99ffe138a813af64497b21eabadf5bda3ec303d5cd0512", "9f8d7eca78e4172e603ab0beb8e5c2b38d9753c43d74c5a6ed653de63099195d"], "mitre_attack_tags": ["TA0005", "TA0003", "TA0004", "T1112", "T1574"]}, {"bi": "pe-packed-vmprotect", "hashes": ["dab2cf3ce1f6e8296dadb5c2b408d8fad7af1b10cf4fafcda6f5e10b76635bb3", "95e2661e4a6add09c7a5d50db0c4f3ee24b91559b41fbb6829dde00393ae0dbb", "58ded283f8e88aa3b7c961a6d8c649a2a820db777683c38bd605754bff2a1b46", "30dd9806d7fe6f3fecf98796862b12d600ecf9bf37164ad0f3562e2b92241711", "7342e2e6fbbc5dfb3480341d18a6db87209bc2827210a83d439a9875a8c6c922", "7228b71bb5292e8d9d7d8ce43641fe5dbf187343a6aa21e51a160932c7200bf4", "4fa102772fe3e3d8a2cef5817e51832f09b38b4728167c6a1174df9daa1b73ed", "85e5d25c134536a992ec0548d18dcf91ac55ce771ddc8a51dfad1d5f71feac65", "ed17811edaaf8818bc5e9ed634eb41422cc3b3ef3a8688a194f5fb449a036bd4", "c1bbdd977499c88ac725bb9583871553d3f35e74ac53bb28b3dc654991417340", "8788781d868e0c411ab75c53ca2f2684adb966e0621453cec303fcd19a17ae09", "ed58cd5205debf5c6d3409bb961af4f88ef5bd7b8f6cd422ee789f2e5f352a4e", "5195a09384e48b1e0a99ffe138a813af64497b21eabadf5bda3ec303d5cd0512", "9f8d7eca78e4172e603ab0beb8e5c2b38d9753c43d74c5a6ed653de63099195d"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "malware-xpiro-mutex", "hashes": ["dab2cf3ce1f6e8296dadb5c2b408d8fad7af1b10cf4fafcda6f5e10b76635bb3", "95e2661e4a6add09c7a5d50db0c4f3ee24b91559b41fbb6829dde00393ae0dbb", "58ded283f8e88aa3b7c961a6d8c649a2a820db777683c38bd605754bff2a1b46", "30dd9806d7fe6f3fecf98796862b12d600ecf9bf37164ad0f3562e2b92241711", "7342e2e6fbbc5dfb3480341d18a6db87209bc2827210a83d439a9875a8c6c922", "7228b71bb5292e8d9d7d8ce43641fe5dbf187343a6aa21e51a160932c7200bf4", "4fa102772fe3e3d8a2cef5817e51832f09b38b4728167c6a1174df9daa1b73ed", "85e5d25c134536a992ec0548d18dcf91ac55ce771ddc8a51dfad1d5f71feac65", "ed17811edaaf8818bc5e9ed634eb41422cc3b3ef3a8688a194f5fb449a036bd4", "c1bbdd977499c88ac725bb9583871553d3f35e74ac53bb28b3dc654991417340", "8788781d868e0c411ab75c53ca2f2684adb966e0621453cec303fcd19a17ae09", "ed58cd5205debf5c6d3409bb961af4f88ef5bd7b8f6cd422ee789f2e5f352a4e", "5195a09384e48b1e0a99ffe138a813af64497b21eabadf5bda3ec303d5cd0512", "9f8d7eca78e4172e603ab0beb8e5c2b38d9753c43d74c5a6ed653de63099195d"], "mitre_attack_tags": []}, {"bi": "artifact-flagged-antianalysis", "hashes": ["dab2cf3ce1f6e8296dadb5c2b408d8fad7af1b10cf4fafcda6f5e10b76635bb3", "95e2661e4a6add09c7a5d50db0c4f3ee24b91559b41fbb6829dde00393ae0dbb", "58ded283f8e88aa3b7c961a6d8c649a2a820db777683c38bd605754bff2a1b46", "30dd9806d7fe6f3fecf98796862b12d600ecf9bf37164ad0f3562e2b92241711", "7342e2e6fbbc5dfb3480341d18a6db87209bc2827210a83d439a9875a8c6c922", "7228b71bb5292e8d9d7d8ce43641fe5dbf187343a6aa21e51a160932c7200bf4", "4fa102772fe3e3d8a2cef5817e51832f09b38b4728167c6a1174df9daa1b73ed", "85e5d25c134536a992ec0548d18dcf91ac55ce771ddc8a51dfad1d5f71feac65", "ed17811edaaf8818bc5e9ed634eb41422cc3b3ef3a8688a194f5fb449a036bd4", "c1bbdd977499c88ac725bb9583871553d3f35e74ac53bb28b3dc654991417340", "8788781d868e0c411ab75c53ca2f2684adb966e0621453cec303fcd19a17ae09", "ed58cd5205debf5c6d3409bb961af4f88ef5bd7b8f6cd422ee789f2e5f352a4e", "5195a09384e48b1e0a99ffe138a813af64497b21eabadf5bda3ec303d5cd0512"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "malware-trojan-xpiro-compound", "hashes": ["dab2cf3ce1f6e8296dadb5c2b408d8fad7af1b10cf4fafcda6f5e10b76635bb3", "95e2661e4a6add09c7a5d50db0c4f3ee24b91559b41fbb6829dde00393ae0dbb", "58ded283f8e88aa3b7c961a6d8c649a2a820db777683c38bd605754bff2a1b46", "30dd9806d7fe6f3fecf98796862b12d600ecf9bf37164ad0f3562e2b92241711", "7342e2e6fbbc5dfb3480341d18a6db87209bc2827210a83d439a9875a8c6c922", "7228b71bb5292e8d9d7d8ce43641fe5dbf187343a6aa21e51a160932c7200bf4", "4fa102772fe3e3d8a2cef5817e51832f09b38b4728167c6a1174df9daa1b73ed", "85e5d25c134536a992ec0548d18dcf91ac55ce771ddc8a51dfad1d5f71feac65", "ed17811edaaf8818bc5e9ed634eb41422cc3b3ef3a8688a194f5fb449a036bd4", "c1bbdd977499c88ac725bb9583871553d3f35e74ac53bb28b3dc654991417340", "8788781d868e0c411ab75c53ca2f2684adb966e0621453cec303fcd19a17ae09", "ed58cd5205debf5c6d3409bb961af4f88ef5bd7b8f6cd422ee789f2e5f352a4e", "5195a09384e48b1e0a99ffe138a813af64497b21eabadf5bda3ec303d5cd0512"], "mitre_attack_tags": []}, {"bi": "pe-imports-virtual-disk-api-dll", "hashes": ["dab2cf3ce1f6e8296dadb5c2b408d8fad7af1b10cf4fafcda6f5e10b76635bb3", "95e2661e4a6add09c7a5d50db0c4f3ee24b91559b41fbb6829dde00393ae0dbb", "58ded283f8e88aa3b7c961a6d8c649a2a820db777683c38bd605754bff2a1b46", "30dd9806d7fe6f3fecf98796862b12d600ecf9bf37164ad0f3562e2b92241711", "7342e2e6fbbc5dfb3480341d18a6db87209bc2827210a83d439a9875a8c6c922", "7228b71bb5292e8d9d7d8ce43641fe5dbf187343a6aa21e51a160932c7200bf4", "4fa102772fe3e3d8a2cef5817e51832f09b38b4728167c6a1174df9daa1b73ed", "85e5d25c134536a992ec0548d18dcf91ac55ce771ddc8a51dfad1d5f71feac65", "ed17811edaaf8818bc5e9ed634eb41422cc3b3ef3a8688a194f5fb449a036bd4", "c1bbdd977499c88ac725bb9583871553d3f35e74ac53bb28b3dc654991417340", "8788781d868e0c411ab75c53ca2f2684adb966e0621453cec303fcd19a17ae09", "ed58cd5205debf5c6d3409bb961af4f88ef5bd7b8f6cd422ee789f2e5f352a4e", "5195a09384e48b1e0a99ffe138a813af64497b21eabadf5bda3ec303d5cd0512"], "mitre_attack_tags": ["TA0005", "TA0007", "T1497"]}, {"bi": "pe-imports-empty", "hashes": ["9f8d7eca78e4172e603ab0beb8e5c2b38d9753c43d74c5a6ed653de63099195d"], "mitre_attack_tags": []}], "category": "Virus", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": false, "Threat Grid": true, "Umbrella": false, "WSA": false}, "description": "Expiro is a known file infector and information-stealer that hinders analysis with anti-debugging and anti-analysis tricks.", "hashes": ["30dd9806d7fe6f3fecf98796862b12d600ecf9bf37164ad0f3562e2b92241711", "4fa102772fe3e3d8a2cef5817e51832f09b38b4728167c6a1174df9daa1b73ed", "5195a09384e48b1e0a99ffe138a813af64497b21eabadf5bda3ec303d5cd0512", "58ded283f8e88aa3b7c961a6d8c649a2a820db777683c38bd605754bff2a1b46", "7228b71bb5292e8d9d7d8ce43641fe5dbf187343a6aa21e51a160932c7200bf4", "7342e2e6fbbc5dfb3480341d18a6db87209bc2827210a83d439a9875a8c6c922", "85e5d25c134536a992ec0548d18dcf91ac55ce771ddc8a51dfad1d5f71feac65", "8788781d868e0c411ab75c53ca2f2684adb966e0621453cec303fcd19a17ae09", "95e2661e4a6add09c7a5d50db0c4f3ee24b91559b41fbb6829dde00393ae0dbb", "9f8d7eca78e4172e603ab0beb8e5c2b38d9753c43d74c5a6ed653de63099195d", "c1bbdd977499c88ac725bb9583871553d3f35e74ac53bb28b3dc654991417340", "dab2cf3ce1f6e8296dadb5c2b408d8fad7af1b10cf4fafcda6f5e10b76635bb3", "ed17811edaaf8818bc5e9ed634eb41422cc3b3ef3a8688a194f5fb449a036bd4", "ed58cd5205debf5c6d3409bb961af4f88ef5bd7b8f6cd422ee789f2e5f352a4e"], "iocs": {"domain": [], "file": [{"hashes": ["30dd9806d7fe6f3fecf98796862b12d600ecf9bf37164ad0f3562e2b92241711", "4fa102772fe3e3d8a2cef5817e51832f09b38b4728167c6a1174df9daa1b73ed", "5195a09384e48b1e0a99ffe138a813af64497b21eabadf5bda3ec303d5cd0512", "58ded283f8e88aa3b7c961a6d8c649a2a820db777683c38bd605754bff2a1b46", "7228b71bb5292e8d9d7d8ce43641fe5dbf187343a6aa21e51a160932c7200bf4", "7342e2e6fbbc5dfb3480341d18a6db87209bc2827210a83d439a9875a8c6c922", "85e5d25c134536a992ec0548d18dcf91ac55ce771ddc8a51dfad1d5f71feac65", "8788781d868e0c411ab75c53ca2f2684adb966e0621453cec303fcd19a17ae09", "95e2661e4a6add09c7a5d50db0c4f3ee24b91559b41fbb6829dde00393ae0dbb", "9f8d7eca78e4172e603ab0beb8e5c2b38d9753c43d74c5a6ed653de63099195d", "c1bbdd977499c88ac725bb9583871553d3f35e74ac53bb28b3dc654991417340", "dab2cf3ce1f6e8296dadb5c2b408d8fad7af1b10cf4fafcda6f5e10b76635bb3", "ed17811edaaf8818bc5e9ed634eb41422cc3b3ef3a8688a194f5fb449a036bd4", "ed58cd5205debf5c6d3409bb961af4f88ef5bd7b8f6cd422ee789f2e5f352a4e"], "path": "\\MSOCache\\All Users\\{91140000-0011-0000-0000-0000000FF1CE}-C\\setup.vir"}, {"hashes": ["30dd9806d7fe6f3fecf98796862b12d600ecf9bf37164ad0f3562e2b92241711", "4fa102772fe3e3d8a2cef5817e51832f09b38b4728167c6a1174df9daa1b73ed", "5195a09384e48b1e0a99ffe138a813af64497b21eabadf5bda3ec303d5cd0512", "58ded283f8e88aa3b7c961a6d8c649a2a820db777683c38bd605754bff2a1b46", "7228b71bb5292e8d9d7d8ce43641fe5dbf187343a6aa21e51a160932c7200bf4", "7342e2e6fbbc5dfb3480341d18a6db87209bc2827210a83d439a9875a8c6c922", "85e5d25c134536a992ec0548d18dcf91ac55ce771ddc8a51dfad1d5f71feac65", "8788781d868e0c411ab75c53ca2f2684adb966e0621453cec303fcd19a17ae09", "95e2661e4a6add09c7a5d50db0c4f3ee24b91559b41fbb6829dde00393ae0dbb", "9f8d7eca78e4172e603ab0beb8e5c2b38d9753c43d74c5a6ed653de63099195d", "c1bbdd977499c88ac725bb9583871553d3f35e74ac53bb28b3dc654991417340", "dab2cf3ce1f6e8296dadb5c2b408d8fad7af1b10cf4fafcda6f5e10b76635bb3", "ed17811edaaf8818bc5e9ed634eb41422cc3b3ef3a8688a194f5fb449a036bd4", "ed58cd5205debf5c6d3409bb961af4f88ef5bd7b8f6cd422ee789f2e5f352a4e"], "path": "%CommonProgramFiles%\\Microsoft Shared\\OFFICE14\\MSOXMLED.vir"}, {"hashes": ["30dd9806d7fe6f3fecf98796862b12d600ecf9bf37164ad0f3562e2b92241711", "4fa102772fe3e3d8a2cef5817e51832f09b38b4728167c6a1174df9daa1b73ed", "5195a09384e48b1e0a99ffe138a813af64497b21eabadf5bda3ec303d5cd0512", "58ded283f8e88aa3b7c961a6d8c649a2a820db777683c38bd605754bff2a1b46", "7228b71bb5292e8d9d7d8ce43641fe5dbf187343a6aa21e51a160932c7200bf4", "7342e2e6fbbc5dfb3480341d18a6db87209bc2827210a83d439a9875a8c6c922", "85e5d25c134536a992ec0548d18dcf91ac55ce771ddc8a51dfad1d5f71feac65", "8788781d868e0c411ab75c53ca2f2684adb966e0621453cec303fcd19a17ae09", "95e2661e4a6add09c7a5d50db0c4f3ee24b91559b41fbb6829dde00393ae0dbb", "9f8d7eca78e4172e603ab0beb8e5c2b38d9753c43d74c5a6ed653de63099195d", "c1bbdd977499c88ac725bb9583871553d3f35e74ac53bb28b3dc654991417340", "dab2cf3ce1f6e8296dadb5c2b408d8fad7af1b10cf4fafcda6f5e10b76635bb3", "ed17811edaaf8818bc5e9ed634eb41422cc3b3ef3a8688a194f5fb449a036bd4", "ed58cd5205debf5c6d3409bb961af4f88ef5bd7b8f6cd422ee789f2e5f352a4e"], "path": "%CommonProgramFiles%\\Microsoft Shared\\VSTO\\10.0\\VSTOInstaller.vir"}, {"hashes": ["30dd9806d7fe6f3fecf98796862b12d600ecf9bf37164ad0f3562e2b92241711", "4fa102772fe3e3d8a2cef5817e51832f09b38b4728167c6a1174df9daa1b73ed", "5195a09384e48b1e0a99ffe138a813af64497b21eabadf5bda3ec303d5cd0512", "58ded283f8e88aa3b7c961a6d8c649a2a820db777683c38bd605754bff2a1b46", "7228b71bb5292e8d9d7d8ce43641fe5dbf187343a6aa21e51a160932c7200bf4", "7342e2e6fbbc5dfb3480341d18a6db87209bc2827210a83d439a9875a8c6c922", "85e5d25c134536a992ec0548d18dcf91ac55ce771ddc8a51dfad1d5f71feac65", "8788781d868e0c411ab75c53ca2f2684adb966e0621453cec303fcd19a17ae09", "95e2661e4a6add09c7a5d50db0c4f3ee24b91559b41fbb6829dde00393ae0dbb", "9f8d7eca78e4172e603ab0beb8e5c2b38d9753c43d74c5a6ed653de63099195d", "c1bbdd977499c88ac725bb9583871553d3f35e74ac53bb28b3dc654991417340", "dab2cf3ce1f6e8296dadb5c2b408d8fad7af1b10cf4fafcda6f5e10b76635bb3", "ed17811edaaf8818bc5e9ed634eb41422cc3b3ef3a8688a194f5fb449a036bd4", "ed58cd5205debf5c6d3409bb961af4f88ef5bd7b8f6cd422ee789f2e5f352a4e"], "path": "%CommonProgramFiles%\\Microsoft Shared\\ink\\ConvertInkStore.vir"}, {"hashes": ["30dd9806d7fe6f3fecf98796862b12d600ecf9bf37164ad0f3562e2b92241711", "4fa102772fe3e3d8a2cef5817e51832f09b38b4728167c6a1174df9daa1b73ed", "5195a09384e48b1e0a99ffe138a813af64497b21eabadf5bda3ec303d5cd0512", "58ded283f8e88aa3b7c961a6d8c649a2a820db777683c38bd605754bff2a1b46", "7228b71bb5292e8d9d7d8ce43641fe5dbf187343a6aa21e51a160932c7200bf4", "7342e2e6fbbc5dfb3480341d18a6db87209bc2827210a83d439a9875a8c6c922", "85e5d25c134536a992ec0548d18dcf91ac55ce771ddc8a51dfad1d5f71feac65", "8788781d868e0c411ab75c53ca2f2684adb966e0621453cec303fcd19a17ae09", "95e2661e4a6add09c7a5d50db0c4f3ee24b91559b41fbb6829dde00393ae0dbb", "9f8d7eca78e4172e603ab0beb8e5c2b38d9753c43d74c5a6ed653de63099195d", "c1bbdd977499c88ac725bb9583871553d3f35e74ac53bb28b3dc654991417340", "dab2cf3ce1f6e8296dadb5c2b408d8fad7af1b10cf4fafcda6f5e10b76635bb3", "ed17811edaaf8818bc5e9ed634eb41422cc3b3ef3a8688a194f5fb449a036bd4", "ed58cd5205debf5c6d3409bb961af4f88ef5bd7b8f6cd422ee789f2e5f352a4e"], "path": "%CommonProgramFiles%\\Microsoft Shared\\ink\\InputPersonalization.vir"}, {"hashes": ["30dd9806d7fe6f3fecf98796862b12d600ecf9bf37164ad0f3562e2b92241711", "4fa102772fe3e3d8a2cef5817e51832f09b38b4728167c6a1174df9daa1b73ed", "5195a09384e48b1e0a99ffe138a813af64497b21eabadf5bda3ec303d5cd0512", "58ded283f8e88aa3b7c961a6d8c649a2a820db777683c38bd605754bff2a1b46", "7228b71bb5292e8d9d7d8ce43641fe5dbf187343a6aa21e51a160932c7200bf4", "7342e2e6fbbc5dfb3480341d18a6db87209bc2827210a83d439a9875a8c6c922", "85e5d25c134536a992ec0548d18dcf91ac55ce771ddc8a51dfad1d5f71feac65", "8788781d868e0c411ab75c53ca2f2684adb966e0621453cec303fcd19a17ae09", "95e2661e4a6add09c7a5d50db0c4f3ee24b91559b41fbb6829dde00393ae0dbb", "9f8d7eca78e4172e603ab0beb8e5c2b38d9753c43d74c5a6ed653de63099195d", "c1bbdd977499c88ac725bb9583871553d3f35e74ac53bb28b3dc654991417340", "dab2cf3ce1f6e8296dadb5c2b408d8fad7af1b10cf4fafcda6f5e10b76635bb3", "ed17811edaaf8818bc5e9ed634eb41422cc3b3ef3a8688a194f5fb449a036bd4", "ed58cd5205debf5c6d3409bb961af4f88ef5bd7b8f6cd422ee789f2e5f352a4e"], "path": "%CommonProgramFiles%\\Microsoft Shared\\ink\\ShapeCollector.vir"}, {"hashes": ["30dd9806d7fe6f3fecf98796862b12d600ecf9bf37164ad0f3562e2b92241711", "4fa102772fe3e3d8a2cef5817e51832f09b38b4728167c6a1174df9daa1b73ed", "5195a09384e48b1e0a99ffe138a813af64497b21eabadf5bda3ec303d5cd0512", "58ded283f8e88aa3b7c961a6d8c649a2a820db777683c38bd605754bff2a1b46", "7228b71bb5292e8d9d7d8ce43641fe5dbf187343a6aa21e51a160932c7200bf4", "7342e2e6fbbc5dfb3480341d18a6db87209bc2827210a83d439a9875a8c6c922", "85e5d25c134536a992ec0548d18dcf91ac55ce771ddc8a51dfad1d5f71feac65", "8788781d868e0c411ab75c53ca2f2684adb966e0621453cec303fcd19a17ae09", "95e2661e4a6add09c7a5d50db0c4f3ee24b91559b41fbb6829dde00393ae0dbb", "9f8d7eca78e4172e603ab0beb8e5c2b38d9753c43d74c5a6ed653de63099195d", "c1bbdd977499c88ac725bb9583871553d3f35e74ac53bb28b3dc654991417340", "dab2cf3ce1f6e8296dadb5c2b408d8fad7af1b10cf4fafcda6f5e10b76635bb3", "ed17811edaaf8818bc5e9ed634eb41422cc3b3ef3a8688a194f5fb449a036bd4", "ed58cd5205debf5c6d3409bb961af4f88ef5bd7b8f6cd422ee789f2e5f352a4e"], "path": "%CommonProgramFiles%\\Microsoft Shared\\ink\\TabTip.vir"}, {"hashes": ["30dd9806d7fe6f3fecf98796862b12d600ecf9bf37164ad0f3562e2b92241711", "4fa102772fe3e3d8a2cef5817e51832f09b38b4728167c6a1174df9daa1b73ed", "5195a09384e48b1e0a99ffe138a813af64497b21eabadf5bda3ec303d5cd0512", "58ded283f8e88aa3b7c961a6d8c649a2a820db777683c38bd605754bff2a1b46", "7228b71bb5292e8d9d7d8ce43641fe5dbf187343a6aa21e51a160932c7200bf4", "7342e2e6fbbc5dfb3480341d18a6db87209bc2827210a83d439a9875a8c6c922", "85e5d25c134536a992ec0548d18dcf91ac55ce771ddc8a51dfad1d5f71feac65", "8788781d868e0c411ab75c53ca2f2684adb966e0621453cec303fcd19a17ae09", "95e2661e4a6add09c7a5d50db0c4f3ee24b91559b41fbb6829dde00393ae0dbb", "9f8d7eca78e4172e603ab0beb8e5c2b38d9753c43d74c5a6ed653de63099195d", "c1bbdd977499c88ac725bb9583871553d3f35e74ac53bb28b3dc654991417340", "dab2cf3ce1f6e8296dadb5c2b408d8fad7af1b10cf4fafcda6f5e10b76635bb3", "ed17811edaaf8818bc5e9ed634eb41422cc3b3ef3a8688a194f5fb449a036bd4", "ed58cd5205debf5c6d3409bb961af4f88ef5bd7b8f6cd422ee789f2e5f352a4e"], "path": "%CommonProgramFiles%\\Microsoft Shared\\ink\\mip.vir"}, {"hashes": ["30dd9806d7fe6f3fecf98796862b12d600ecf9bf37164ad0f3562e2b92241711", "4fa102772fe3e3d8a2cef5817e51832f09b38b4728167c6a1174df9daa1b73ed", "5195a09384e48b1e0a99ffe138a813af64497b21eabadf5bda3ec303d5cd0512", "58ded283f8e88aa3b7c961a6d8c649a2a820db777683c38bd605754bff2a1b46", "7228b71bb5292e8d9d7d8ce43641fe5dbf187343a6aa21e51a160932c7200bf4", "7342e2e6fbbc5dfb3480341d18a6db87209bc2827210a83d439a9875a8c6c922", "85e5d25c134536a992ec0548d18dcf91ac55ce771ddc8a51dfad1d5f71feac65", "8788781d868e0c411ab75c53ca2f2684adb966e0621453cec303fcd19a17ae09", "95e2661e4a6add09c7a5d50db0c4f3ee24b91559b41fbb6829dde00393ae0dbb", "9f8d7eca78e4172e603ab0beb8e5c2b38d9753c43d74c5a6ed653de63099195d", "c1bbdd977499c88ac725bb9583871553d3f35e74ac53bb28b3dc654991417340", "dab2cf3ce1f6e8296dadb5c2b408d8fad7af1b10cf4fafcda6f5e10b76635bb3", "ed17811edaaf8818bc5e9ed634eb41422cc3b3ef3a8688a194f5fb449a036bd4", "ed58cd5205debf5c6d3409bb961af4f88ef5bd7b8f6cd422ee789f2e5f352a4e"], "path": "%ProgramFiles%\\DVD Maker\\DVDMaker.vir"}, {"hashes": ["30dd9806d7fe6f3fecf98796862b12d600ecf9bf37164ad0f3562e2b92241711", "4fa102772fe3e3d8a2cef5817e51832f09b38b4728167c6a1174df9daa1b73ed", "5195a09384e48b1e0a99ffe138a813af64497b21eabadf5bda3ec303d5cd0512", "58ded283f8e88aa3b7c961a6d8c649a2a820db777683c38bd605754bff2a1b46", "7228b71bb5292e8d9d7d8ce43641fe5dbf187343a6aa21e51a160932c7200bf4", "7342e2e6fbbc5dfb3480341d18a6db87209bc2827210a83d439a9875a8c6c922", "85e5d25c134536a992ec0548d18dcf91ac55ce771ddc8a51dfad1d5f71feac65", "8788781d868e0c411ab75c53ca2f2684adb966e0621453cec303fcd19a17ae09", "95e2661e4a6add09c7a5d50db0c4f3ee24b91559b41fbb6829dde00393ae0dbb", "9f8d7eca78e4172e603ab0beb8e5c2b38d9753c43d74c5a6ed653de63099195d", "c1bbdd977499c88ac725bb9583871553d3f35e74ac53bb28b3dc654991417340", "dab2cf3ce1f6e8296dadb5c2b408d8fad7af1b10cf4fafcda6f5e10b76635bb3", "ed17811edaaf8818bc5e9ed634eb41422cc3b3ef3a8688a194f5fb449a036bd4", "ed58cd5205debf5c6d3409bb961af4f88ef5bd7b8f6cd422ee789f2e5f352a4e"], "path": "%ProgramFiles%\\Internet Explorer\\ieinstal.vir"}, {"hashes": ["30dd9806d7fe6f3fecf98796862b12d600ecf9bf37164ad0f3562e2b92241711", "4fa102772fe3e3d8a2cef5817e51832f09b38b4728167c6a1174df9daa1b73ed", "5195a09384e48b1e0a99ffe138a813af64497b21eabadf5bda3ec303d5cd0512", "58ded283f8e88aa3b7c961a6d8c649a2a820db777683c38bd605754bff2a1b46", "7228b71bb5292e8d9d7d8ce43641fe5dbf187343a6aa21e51a160932c7200bf4", "7342e2e6fbbc5dfb3480341d18a6db87209bc2827210a83d439a9875a8c6c922", "85e5d25c134536a992ec0548d18dcf91ac55ce771ddc8a51dfad1d5f71feac65", "8788781d868e0c411ab75c53ca2f2684adb966e0621453cec303fcd19a17ae09", "95e2661e4a6add09c7a5d50db0c4f3ee24b91559b41fbb6829dde00393ae0dbb", "9f8d7eca78e4172e603ab0beb8e5c2b38d9753c43d74c5a6ed653de63099195d", "c1bbdd977499c88ac725bb9583871553d3f35e74ac53bb28b3dc654991417340", "dab2cf3ce1f6e8296dadb5c2b408d8fad7af1b10cf4fafcda6f5e10b76635bb3", "ed17811edaaf8818bc5e9ed634eb41422cc3b3ef3a8688a194f5fb449a036bd4", "ed58cd5205debf5c6d3409bb961af4f88ef5bd7b8f6cd422ee789f2e5f352a4e"], "path": "%ProgramFiles%\\Internet Explorer\\ielowutil.vir"}, {"hashes": ["30dd9806d7fe6f3fecf98796862b12d600ecf9bf37164ad0f3562e2b92241711", "4fa102772fe3e3d8a2cef5817e51832f09b38b4728167c6a1174df9daa1b73ed", "5195a09384e48b1e0a99ffe138a813af64497b21eabadf5bda3ec303d5cd0512", "58ded283f8e88aa3b7c961a6d8c649a2a820db777683c38bd605754bff2a1b46", "7228b71bb5292e8d9d7d8ce43641fe5dbf187343a6aa21e51a160932c7200bf4", "7342e2e6fbbc5dfb3480341d18a6db87209bc2827210a83d439a9875a8c6c922", "85e5d25c134536a992ec0548d18dcf91ac55ce771ddc8a51dfad1d5f71feac65", "8788781d868e0c411ab75c53ca2f2684adb966e0621453cec303fcd19a17ae09", "95e2661e4a6add09c7a5d50db0c4f3ee24b91559b41fbb6829dde00393ae0dbb", "9f8d7eca78e4172e603ab0beb8e5c2b38d9753c43d74c5a6ed653de63099195d", "c1bbdd977499c88ac725bb9583871553d3f35e74ac53bb28b3dc654991417340", "dab2cf3ce1f6e8296dadb5c2b408d8fad7af1b10cf4fafcda6f5e10b76635bb3", "ed17811edaaf8818bc5e9ed634eb41422cc3b3ef3a8688a194f5fb449a036bd4", "ed58cd5205debf5c6d3409bb961af4f88ef5bd7b8f6cd422ee789f2e5f352a4e"], "path": "%ProgramFiles%\\Internet Explorer\\iexplore.vir"}, {"hashes": ["30dd9806d7fe6f3fecf98796862b12d600ecf9bf37164ad0f3562e2b92241711", "4fa102772fe3e3d8a2cef5817e51832f09b38b4728167c6a1174df9daa1b73ed", "5195a09384e48b1e0a99ffe138a813af64497b21eabadf5bda3ec303d5cd0512", "58ded283f8e88aa3b7c961a6d8c649a2a820db777683c38bd605754bff2a1b46", "7228b71bb5292e8d9d7d8ce43641fe5dbf187343a6aa21e51a160932c7200bf4", "7342e2e6fbbc5dfb3480341d18a6db87209bc2827210a83d439a9875a8c6c922", "85e5d25c134536a992ec0548d18dcf91ac55ce771ddc8a51dfad1d5f71feac65", "8788781d868e0c411ab75c53ca2f2684adb966e0621453cec303fcd19a17ae09", "95e2661e4a6add09c7a5d50db0c4f3ee24b91559b41fbb6829dde00393ae0dbb", "9f8d7eca78e4172e603ab0beb8e5c2b38d9753c43d74c5a6ed653de63099195d", "c1bbdd977499c88ac725bb9583871553d3f35e74ac53bb28b3dc654991417340", "dab2cf3ce1f6e8296dadb5c2b408d8fad7af1b10cf4fafcda6f5e10b76635bb3", "ed17811edaaf8818bc5e9ed634eb41422cc3b3ef3a8688a194f5fb449a036bd4", "ed58cd5205debf5c6d3409bb961af4f88ef5bd7b8f6cd422ee789f2e5f352a4e"], "path": "%ProgramFiles%\\Java\\jre6\\bin\\java.vir"}, {"hashes": ["30dd9806d7fe6f3fecf98796862b12d600ecf9bf37164ad0f3562e2b92241711", "4fa102772fe3e3d8a2cef5817e51832f09b38b4728167c6a1174df9daa1b73ed", "5195a09384e48b1e0a99ffe138a813af64497b21eabadf5bda3ec303d5cd0512", "58ded283f8e88aa3b7c961a6d8c649a2a820db777683c38bd605754bff2a1b46", "7228b71bb5292e8d9d7d8ce43641fe5dbf187343a6aa21e51a160932c7200bf4", "7342e2e6fbbc5dfb3480341d18a6db87209bc2827210a83d439a9875a8c6c922", "85e5d25c134536a992ec0548d18dcf91ac55ce771ddc8a51dfad1d5f71feac65", "8788781d868e0c411ab75c53ca2f2684adb966e0621453cec303fcd19a17ae09", "95e2661e4a6add09c7a5d50db0c4f3ee24b91559b41fbb6829dde00393ae0dbb", "9f8d7eca78e4172e603ab0beb8e5c2b38d9753c43d74c5a6ed653de63099195d", "c1bbdd977499c88ac725bb9583871553d3f35e74ac53bb28b3dc654991417340", "dab2cf3ce1f6e8296dadb5c2b408d8fad7af1b10cf4fafcda6f5e10b76635bb3", "ed17811edaaf8818bc5e9ed634eb41422cc3b3ef3a8688a194f5fb449a036bd4", "ed58cd5205debf5c6d3409bb961af4f88ef5bd7b8f6cd422ee789f2e5f352a4e"], "path": "%ProgramFiles%\\Java\\jre6\\bin\\javaw.vir"}, {"hashes": ["30dd9806d7fe6f3fecf98796862b12d600ecf9bf37164ad0f3562e2b92241711", "4fa102772fe3e3d8a2cef5817e51832f09b38b4728167c6a1174df9daa1b73ed", "5195a09384e48b1e0a99ffe138a813af64497b21eabadf5bda3ec303d5cd0512", "58ded283f8e88aa3b7c961a6d8c649a2a820db777683c38bd605754bff2a1b46", "7228b71bb5292e8d9d7d8ce43641fe5dbf187343a6aa21e51a160932c7200bf4", "7342e2e6fbbc5dfb3480341d18a6db87209bc2827210a83d439a9875a8c6c922", "85e5d25c134536a992ec0548d18dcf91ac55ce771ddc8a51dfad1d5f71feac65", "8788781d868e0c411ab75c53ca2f2684adb966e0621453cec303fcd19a17ae09", "95e2661e4a6add09c7a5d50db0c4f3ee24b91559b41fbb6829dde00393ae0dbb", "9f8d7eca78e4172e603ab0beb8e5c2b38d9753c43d74c5a6ed653de63099195d", "c1bbdd977499c88ac725bb9583871553d3f35e74ac53bb28b3dc654991417340", "dab2cf3ce1f6e8296dadb5c2b408d8fad7af1b10cf4fafcda6f5e10b76635bb3", "ed17811edaaf8818bc5e9ed634eb41422cc3b3ef3a8688a194f5fb449a036bd4", "ed58cd5205debf5c6d3409bb961af4f88ef5bd7b8f6cd422ee789f2e5f352a4e"], "path": "%ProgramFiles%\\Java\\jre6\\bin\\javaws.vir"}, {"hashes": ["30dd9806d7fe6f3fecf98796862b12d600ecf9bf37164ad0f3562e2b92241711", "4fa102772fe3e3d8a2cef5817e51832f09b38b4728167c6a1174df9daa1b73ed", "5195a09384e48b1e0a99ffe138a813af64497b21eabadf5bda3ec303d5cd0512", "58ded283f8e88aa3b7c961a6d8c649a2a820db777683c38bd605754bff2a1b46", "7228b71bb5292e8d9d7d8ce43641fe5dbf187343a6aa21e51a160932c7200bf4", "7342e2e6fbbc5dfb3480341d18a6db87209bc2827210a83d439a9875a8c6c922", "85e5d25c134536a992ec0548d18dcf91ac55ce771ddc8a51dfad1d5f71feac65", "8788781d868e0c411ab75c53ca2f2684adb966e0621453cec303fcd19a17ae09", "95e2661e4a6add09c7a5d50db0c4f3ee24b91559b41fbb6829dde00393ae0dbb", "9f8d7eca78e4172e603ab0beb8e5c2b38d9753c43d74c5a6ed653de63099195d", "c1bbdd977499c88ac725bb9583871553d3f35e74ac53bb28b3dc654991417340", "dab2cf3ce1f6e8296dadb5c2b408d8fad7af1b10cf4fafcda6f5e10b76635bb3", "ed17811edaaf8818bc5e9ed634eb41422cc3b3ef3a8688a194f5fb449a036bd4", "ed58cd5205debf5c6d3409bb961af4f88ef5bd7b8f6cd422ee789f2e5f352a4e"], "path": "%ProgramFiles%\\Java\\jre6\\bin\\unpack200.vir"}, {"hashes": ["30dd9806d7fe6f3fecf98796862b12d600ecf9bf37164ad0f3562e2b92241711", "4fa102772fe3e3d8a2cef5817e51832f09b38b4728167c6a1174df9daa1b73ed", "5195a09384e48b1e0a99ffe138a813af64497b21eabadf5bda3ec303d5cd0512", "58ded283f8e88aa3b7c961a6d8c649a2a820db777683c38bd605754bff2a1b46", "7228b71bb5292e8d9d7d8ce43641fe5dbf187343a6aa21e51a160932c7200bf4", "7342e2e6fbbc5dfb3480341d18a6db87209bc2827210a83d439a9875a8c6c922", "85e5d25c134536a992ec0548d18dcf91ac55ce771ddc8a51dfad1d5f71feac65", "8788781d868e0c411ab75c53ca2f2684adb966e0621453cec303fcd19a17ae09", "95e2661e4a6add09c7a5d50db0c4f3ee24b91559b41fbb6829dde00393ae0dbb", "9f8d7eca78e4172e603ab0beb8e5c2b38d9753c43d74c5a6ed653de63099195d", "c1bbdd977499c88ac725bb9583871553d3f35e74ac53bb28b3dc654991417340", "dab2cf3ce1f6e8296dadb5c2b408d8fad7af1b10cf4fafcda6f5e10b76635bb3", "ed17811edaaf8818bc5e9ed634eb41422cc3b3ef3a8688a194f5fb449a036bd4", "ed58cd5205debf5c6d3409bb961af4f88ef5bd7b8f6cd422ee789f2e5f352a4e"], "path": "%ProgramFiles%\\Java\\jre7\\bin\\jabswitch.vir"}, {"hashes": ["30dd9806d7fe6f3fecf98796862b12d600ecf9bf37164ad0f3562e2b92241711", "4fa102772fe3e3d8a2cef5817e51832f09b38b4728167c6a1174df9daa1b73ed", "5195a09384e48b1e0a99ffe138a813af64497b21eabadf5bda3ec303d5cd0512", "58ded283f8e88aa3b7c961a6d8c649a2a820db777683c38bd605754bff2a1b46", "7228b71bb5292e8d9d7d8ce43641fe5dbf187343a6aa21e51a160932c7200bf4", "7342e2e6fbbc5dfb3480341d18a6db87209bc2827210a83d439a9875a8c6c922", "85e5d25c134536a992ec0548d18dcf91ac55ce771ddc8a51dfad1d5f71feac65", "8788781d868e0c411ab75c53ca2f2684adb966e0621453cec303fcd19a17ae09", "95e2661e4a6add09c7a5d50db0c4f3ee24b91559b41fbb6829dde00393ae0dbb", "9f8d7eca78e4172e603ab0beb8e5c2b38d9753c43d74c5a6ed653de63099195d", "c1bbdd977499c88ac725bb9583871553d3f35e74ac53bb28b3dc654991417340", "dab2cf3ce1f6e8296dadb5c2b408d8fad7af1b10cf4fafcda6f5e10b76635bb3", "ed17811edaaf8818bc5e9ed634eb41422cc3b3ef3a8688a194f5fb449a036bd4", "ed58cd5205debf5c6d3409bb961af4f88ef5bd7b8f6cd422ee789f2e5f352a4e"], "path": "%ProgramFiles%\\Java\\jre7\\bin\\java.vir"}, {"hashes": ["30dd9806d7fe6f3fecf98796862b12d600ecf9bf37164ad0f3562e2b92241711", "4fa102772fe3e3d8a2cef5817e51832f09b38b4728167c6a1174df9daa1b73ed", "5195a09384e48b1e0a99ffe138a813af64497b21eabadf5bda3ec303d5cd0512", "58ded283f8e88aa3b7c961a6d8c649a2a820db777683c38bd605754bff2a1b46", "7228b71bb5292e8d9d7d8ce43641fe5dbf187343a6aa21e51a160932c7200bf4", "7342e2e6fbbc5dfb3480341d18a6db87209bc2827210a83d439a9875a8c6c922", "85e5d25c134536a992ec0548d18dcf91ac55ce771ddc8a51dfad1d5f71feac65", "8788781d868e0c411ab75c53ca2f2684adb966e0621453cec303fcd19a17ae09", "95e2661e4a6add09c7a5d50db0c4f3ee24b91559b41fbb6829dde00393ae0dbb", "9f8d7eca78e4172e603ab0beb8e5c2b38d9753c43d74c5a6ed653de63099195d", "c1bbdd977499c88ac725bb9583871553d3f35e74ac53bb28b3dc654991417340", "dab2cf3ce1f6e8296dadb5c2b408d8fad7af1b10cf4fafcda6f5e10b76635bb3", "ed17811edaaf8818bc5e9ed634eb41422cc3b3ef3a8688a194f5fb449a036bd4", "ed58cd5205debf5c6d3409bb961af4f88ef5bd7b8f6cd422ee789f2e5f352a4e"], "path": "%ProgramFiles%\\Java\\jre7\\bin\\javacpl.vir"}, {"hashes": ["30dd9806d7fe6f3fecf98796862b12d600ecf9bf37164ad0f3562e2b92241711", "4fa102772fe3e3d8a2cef5817e51832f09b38b4728167c6a1174df9daa1b73ed", "5195a09384e48b1e0a99ffe138a813af64497b21eabadf5bda3ec303d5cd0512", "58ded283f8e88aa3b7c961a6d8c649a2a820db777683c38bd605754bff2a1b46", "7228b71bb5292e8d9d7d8ce43641fe5dbf187343a6aa21e51a160932c7200bf4", "7342e2e6fbbc5dfb3480341d18a6db87209bc2827210a83d439a9875a8c6c922", "85e5d25c134536a992ec0548d18dcf91ac55ce771ddc8a51dfad1d5f71feac65", "8788781d868e0c411ab75c53ca2f2684adb966e0621453cec303fcd19a17ae09", "95e2661e4a6add09c7a5d50db0c4f3ee24b91559b41fbb6829dde00393ae0dbb", "9f8d7eca78e4172e603ab0beb8e5c2b38d9753c43d74c5a6ed653de63099195d", "c1bbdd977499c88ac725bb9583871553d3f35e74ac53bb28b3dc654991417340", "dab2cf3ce1f6e8296dadb5c2b408d8fad7af1b10cf4fafcda6f5e10b76635bb3", "ed17811edaaf8818bc5e9ed634eb41422cc3b3ef3a8688a194f5fb449a036bd4", "ed58cd5205debf5c6d3409bb961af4f88ef5bd7b8f6cd422ee789f2e5f352a4e"], "path": "%APPDATA%\\Mozilla\\Firefox\\Profiles\\<profile ID>.default\\extensions.sqlite-journal"}, {"hashes": ["30dd9806d7fe6f3fecf98796862b12d600ecf9bf37164ad0f3562e2b92241711", "4fa102772fe3e3d8a2cef5817e51832f09b38b4728167c6a1174df9daa1b73ed", "5195a09384e48b1e0a99ffe138a813af64497b21eabadf5bda3ec303d5cd0512", "58ded283f8e88aa3b7c961a6d8c649a2a820db777683c38bd605754bff2a1b46", "7228b71bb5292e8d9d7d8ce43641fe5dbf187343a6aa21e51a160932c7200bf4", "7342e2e6fbbc5dfb3480341d18a6db87209bc2827210a83d439a9875a8c6c922", "85e5d25c134536a992ec0548d18dcf91ac55ce771ddc8a51dfad1d5f71feac65", "8788781d868e0c411ab75c53ca2f2684adb966e0621453cec303fcd19a17ae09", "95e2661e4a6add09c7a5d50db0c4f3ee24b91559b41fbb6829dde00393ae0dbb", "9f8d7eca78e4172e603ab0beb8e5c2b38d9753c43d74c5a6ed653de63099195d", "c1bbdd977499c88ac725bb9583871553d3f35e74ac53bb28b3dc654991417340", "dab2cf3ce1f6e8296dadb5c2b408d8fad7af1b10cf4fafcda6f5e10b76635bb3", "ed17811edaaf8818bc5e9ed634eb41422cc3b3ef3a8688a194f5fb449a036bd4", "ed58cd5205debf5c6d3409bb961af4f88ef5bd7b8f6cd422ee789f2e5f352a4e"], "path": "%APPDATA%\\Mozilla\\Firefox\\Profiles\\<profile ID>.default\\extensions\\{ec9032c7-c20a-464f-7b0e-13a3a9e97385}\\chrome.manifest"}, {"hashes": ["30dd9806d7fe6f3fecf98796862b12d600ecf9bf37164ad0f3562e2b92241711", "4fa102772fe3e3d8a2cef5817e51832f09b38b4728167c6a1174df9daa1b73ed", "5195a09384e48b1e0a99ffe138a813af64497b21eabadf5bda3ec303d5cd0512", "58ded283f8e88aa3b7c961a6d8c649a2a820db777683c38bd605754bff2a1b46", "7228b71bb5292e8d9d7d8ce43641fe5dbf187343a6aa21e51a160932c7200bf4", "7342e2e6fbbc5dfb3480341d18a6db87209bc2827210a83d439a9875a8c6c922", "85e5d25c134536a992ec0548d18dcf91ac55ce771ddc8a51dfad1d5f71feac65", "8788781d868e0c411ab75c53ca2f2684adb966e0621453cec303fcd19a17ae09", "95e2661e4a6add09c7a5d50db0c4f3ee24b91559b41fbb6829dde00393ae0dbb", "9f8d7eca78e4172e603ab0beb8e5c2b38d9753c43d74c5a6ed653de63099195d", "c1bbdd977499c88ac725bb9583871553d3f35e74ac53bb28b3dc654991417340", "dab2cf3ce1f6e8296dadb5c2b408d8fad7af1b10cf4fafcda6f5e10b76635bb3", "ed17811edaaf8818bc5e9ed634eb41422cc3b3ef3a8688a194f5fb449a036bd4", "ed58cd5205debf5c6d3409bb961af4f88ef5bd7b8f6cd422ee789f2e5f352a4e"], "path": "%APPDATA%\\Mozilla\\Firefox\\Profiles\\<profile ID>.default\\extensions\\{ec9032c7-c20a-464f-7b0e-13a3a9e97385}\\chrome\\content.jar"}, {"hashes": ["30dd9806d7fe6f3fecf98796862b12d600ecf9bf37164ad0f3562e2b92241711", "4fa102772fe3e3d8a2cef5817e51832f09b38b4728167c6a1174df9daa1b73ed", "5195a09384e48b1e0a99ffe138a813af64497b21eabadf5bda3ec303d5cd0512", "58ded283f8e88aa3b7c961a6d8c649a2a820db777683c38bd605754bff2a1b46", "7228b71bb5292e8d9d7d8ce43641fe5dbf187343a6aa21e51a160932c7200bf4", "7342e2e6fbbc5dfb3480341d18a6db87209bc2827210a83d439a9875a8c6c922", "85e5d25c134536a992ec0548d18dcf91ac55ce771ddc8a51dfad1d5f71feac65", "8788781d868e0c411ab75c53ca2f2684adb966e0621453cec303fcd19a17ae09", "95e2661e4a6add09c7a5d50db0c4f3ee24b91559b41fbb6829dde00393ae0dbb", "9f8d7eca78e4172e603ab0beb8e5c2b38d9753c43d74c5a6ed653de63099195d", "c1bbdd977499c88ac725bb9583871553d3f35e74ac53bb28b3dc654991417340", "dab2cf3ce1f6e8296dadb5c2b408d8fad7af1b10cf4fafcda6f5e10b76635bb3", "ed17811edaaf8818bc5e9ed634eb41422cc3b3ef3a8688a194f5fb449a036bd4", "ed58cd5205debf5c6d3409bb961af4f88ef5bd7b8f6cd422ee789f2e5f352a4e"], "path": "%APPDATA%\\Mozilla\\Firefox\\Profiles\\<profile ID>.default\\extensions\\{ec9032c7-c20a-464f-7b0e-13a3a9e97385}\\components\\red.js"}, {"hashes": ["30dd9806d7fe6f3fecf98796862b12d600ecf9bf37164ad0f3562e2b92241711", "4fa102772fe3e3d8a2cef5817e51832f09b38b4728167c6a1174df9daa1b73ed", "5195a09384e48b1e0a99ffe138a813af64497b21eabadf5bda3ec303d5cd0512", "58ded283f8e88aa3b7c961a6d8c649a2a820db777683c38bd605754bff2a1b46", "7228b71bb5292e8d9d7d8ce43641fe5dbf187343a6aa21e51a160932c7200bf4", "7342e2e6fbbc5dfb3480341d18a6db87209bc2827210a83d439a9875a8c6c922", "85e5d25c134536a992ec0548d18dcf91ac55ce771ddc8a51dfad1d5f71feac65", "8788781d868e0c411ab75c53ca2f2684adb966e0621453cec303fcd19a17ae09", "95e2661e4a6add09c7a5d50db0c4f3ee24b91559b41fbb6829dde00393ae0dbb", "9f8d7eca78e4172e603ab0beb8e5c2b38d9753c43d74c5a6ed653de63099195d", "c1bbdd977499c88ac725bb9583871553d3f35e74ac53bb28b3dc654991417340", "dab2cf3ce1f6e8296dadb5c2b408d8fad7af1b10cf4fafcda6f5e10b76635bb3", "ed17811edaaf8818bc5e9ed634eb41422cc3b3ef3a8688a194f5fb449a036bd4", "ed58cd5205debf5c6d3409bb961af4f88ef5bd7b8f6cd422ee789f2e5f352a4e"], "path": "%APPDATA%\\Mozilla\\Firefox\\Profiles\\<profile ID>.default\\extensions\\{ec9032c7-c20a-464f-7b0e-13a3a9e97385}\\install.rdf"}, {"hashes": ["30dd9806d7fe6f3fecf98796862b12d600ecf9bf37164ad0f3562e2b92241711", "4fa102772fe3e3d8a2cef5817e51832f09b38b4728167c6a1174df9daa1b73ed", "5195a09384e48b1e0a99ffe138a813af64497b21eabadf5bda3ec303d5cd0512", "58ded283f8e88aa3b7c961a6d8c649a2a820db777683c38bd605754bff2a1b46", "7228b71bb5292e8d9d7d8ce43641fe5dbf187343a6aa21e51a160932c7200bf4", "7342e2e6fbbc5dfb3480341d18a6db87209bc2827210a83d439a9875a8c6c922", "85e5d25c134536a992ec0548d18dcf91ac55ce771ddc8a51dfad1d5f71feac65", "8788781d868e0c411ab75c53ca2f2684adb966e0621453cec303fcd19a17ae09", "95e2661e4a6add09c7a5d50db0c4f3ee24b91559b41fbb6829dde00393ae0dbb", "9f8d7eca78e4172e603ab0beb8e5c2b38d9753c43d74c5a6ed653de63099195d", "c1bbdd977499c88ac725bb9583871553d3f35e74ac53bb28b3dc654991417340", "dab2cf3ce1f6e8296dadb5c2b408d8fad7af1b10cf4fafcda6f5e10b76635bb3", "ed17811edaaf8818bc5e9ed634eb41422cc3b3ef3a8688a194f5fb449a036bd4", "ed58cd5205debf5c6d3409bb961af4f88ef5bd7b8f6cd422ee789f2e5f352a4e"], "path": "%CommonProgramFiles(x86)%\\microsoft shared\\source engine\\ose.vir"}, {"hashes": ["30dd9806d7fe6f3fecf98796862b12d600ecf9bf37164ad0f3562e2b92241711", "4fa102772fe3e3d8a2cef5817e51832f09b38b4728167c6a1174df9daa1b73ed", "5195a09384e48b1e0a99ffe138a813af64497b21eabadf5bda3ec303d5cd0512", "58ded283f8e88aa3b7c961a6d8c649a2a820db777683c38bd605754bff2a1b46", "7228b71bb5292e8d9d7d8ce43641fe5dbf187343a6aa21e51a160932c7200bf4", "7342e2e6fbbc5dfb3480341d18a6db87209bc2827210a83d439a9875a8c6c922", "85e5d25c134536a992ec0548d18dcf91ac55ce771ddc8a51dfad1d5f71feac65", "8788781d868e0c411ab75c53ca2f2684adb966e0621453cec303fcd19a17ae09", "95e2661e4a6add09c7a5d50db0c4f3ee24b91559b41fbb6829dde00393ae0dbb", "9f8d7eca78e4172e603ab0beb8e5c2b38d9753c43d74c5a6ed653de63099195d", "c1bbdd977499c88ac725bb9583871553d3f35e74ac53bb28b3dc654991417340", "dab2cf3ce1f6e8296dadb5c2b408d8fad7af1b10cf4fafcda6f5e10b76635bb3", "ed17811edaaf8818bc5e9ed634eb41422cc3b3ef3a8688a194f5fb449a036bd4", "ed58cd5205debf5c6d3409bb961af4f88ef5bd7b8f6cd422ee789f2e5f352a4e"], "path": "%ProgramFiles(x86)%\\microsoft office\\office14\\groove.vir"}, {"hashes": ["30dd9806d7fe6f3fecf98796862b12d600ecf9bf37164ad0f3562e2b92241711", "4fa102772fe3e3d8a2cef5817e51832f09b38b4728167c6a1174df9daa1b73ed", "5195a09384e48b1e0a99ffe138a813af64497b21eabadf5bda3ec303d5cd0512", "58ded283f8e88aa3b7c961a6d8c649a2a820db777683c38bd605754bff2a1b46", "7228b71bb5292e8d9d7d8ce43641fe5dbf187343a6aa21e51a160932c7200bf4", "7342e2e6fbbc5dfb3480341d18a6db87209bc2827210a83d439a9875a8c6c922", "85e5d25c134536a992ec0548d18dcf91ac55ce771ddc8a51dfad1d5f71feac65", "8788781d868e0c411ab75c53ca2f2684adb966e0621453cec303fcd19a17ae09", "95e2661e4a6add09c7a5d50db0c4f3ee24b91559b41fbb6829dde00393ae0dbb", "9f8d7eca78e4172e603ab0beb8e5c2b38d9753c43d74c5a6ed653de63099195d", "c1bbdd977499c88ac725bb9583871553d3f35e74ac53bb28b3dc654991417340", "dab2cf3ce1f6e8296dadb5c2b408d8fad7af1b10cf4fafcda6f5e10b76635bb3", "ed17811edaaf8818bc5e9ed634eb41422cc3b3ef3a8688a194f5fb449a036bd4", "ed58cd5205debf5c6d3409bb961af4f88ef5bd7b8f6cd422ee789f2e5f352a4e"], "path": "%ProgramFiles(x86)%\\mozilla maintenance service\\maintenanceservice.vir"}, {"hashes": ["30dd9806d7fe6f3fecf98796862b12d600ecf9bf37164ad0f3562e2b92241711", "4fa102772fe3e3d8a2cef5817e51832f09b38b4728167c6a1174df9daa1b73ed", "5195a09384e48b1e0a99ffe138a813af64497b21eabadf5bda3ec303d5cd0512", "58ded283f8e88aa3b7c961a6d8c649a2a820db777683c38bd605754bff2a1b46", "7228b71bb5292e8d9d7d8ce43641fe5dbf187343a6aa21e51a160932c7200bf4", "7342e2e6fbbc5dfb3480341d18a6db87209bc2827210a83d439a9875a8c6c922", "85e5d25c134536a992ec0548d18dcf91ac55ce771ddc8a51dfad1d5f71feac65", "8788781d868e0c411ab75c53ca2f2684adb966e0621453cec303fcd19a17ae09", "95e2661e4a6add09c7a5d50db0c4f3ee24b91559b41fbb6829dde00393ae0dbb", "9f8d7eca78e4172e603ab0beb8e5c2b38d9753c43d74c5a6ed653de63099195d", "c1bbdd977499c88ac725bb9583871553d3f35e74ac53bb28b3dc654991417340", "dab2cf3ce1f6e8296dadb5c2b408d8fad7af1b10cf4fafcda6f5e10b76635bb3", "ed17811edaaf8818bc5e9ed634eb41422cc3b3ef3a8688a194f5fb449a036bd4", "ed58cd5205debf5c6d3409bb961af4f88ef5bd7b8f6cd422ee789f2e5f352a4e"], "path": "%CommonProgramFiles%\\microsoft shared\\officesoftwareprotectionplatform\\osppsvc.vir"}, {"hashes": ["30dd9806d7fe6f3fecf98796862b12d600ecf9bf37164ad0f3562e2b92241711", "4fa102772fe3e3d8a2cef5817e51832f09b38b4728167c6a1174df9daa1b73ed", "5195a09384e48b1e0a99ffe138a813af64497b21eabadf5bda3ec303d5cd0512", "58ded283f8e88aa3b7c961a6d8c649a2a820db777683c38bd605754bff2a1b46", "7228b71bb5292e8d9d7d8ce43641fe5dbf187343a6aa21e51a160932c7200bf4", "7342e2e6fbbc5dfb3480341d18a6db87209bc2827210a83d439a9875a8c6c922", "85e5d25c134536a992ec0548d18dcf91ac55ce771ddc8a51dfad1d5f71feac65", "8788781d868e0c411ab75c53ca2f2684adb966e0621453cec303fcd19a17ae09", "95e2661e4a6add09c7a5d50db0c4f3ee24b91559b41fbb6829dde00393ae0dbb", "9f8d7eca78e4172e603ab0beb8e5c2b38d9753c43d74c5a6ed653de63099195d", "c1bbdd977499c88ac725bb9583871553d3f35e74ac53bb28b3dc654991417340", "dab2cf3ce1f6e8296dadb5c2b408d8fad7af1b10cf4fafcda6f5e10b76635bb3", "ed17811edaaf8818bc5e9ed634eb41422cc3b3ef3a8688a194f5fb449a036bd4", "ed58cd5205debf5c6d3409bb961af4f88ef5bd7b8f6cd422ee789f2e5f352a4e"], "path": "%SystemRoot%\\ehome\\ehsched.vir"}, {"hashes": ["30dd9806d7fe6f3fecf98796862b12d600ecf9bf37164ad0f3562e2b92241711", "4fa102772fe3e3d8a2cef5817e51832f09b38b4728167c6a1174df9daa1b73ed", "5195a09384e48b1e0a99ffe138a813af64497b21eabadf5bda3ec303d5cd0512", "58ded283f8e88aa3b7c961a6d8c649a2a820db777683c38bd605754bff2a1b46", "7228b71bb5292e8d9d7d8ce43641fe5dbf187343a6aa21e51a160932c7200bf4", "7342e2e6fbbc5dfb3480341d18a6db87209bc2827210a83d439a9875a8c6c922", "85e5d25c134536a992ec0548d18dcf91ac55ce771ddc8a51dfad1d5f71feac65", "8788781d868e0c411ab75c53ca2f2684adb966e0621453cec303fcd19a17ae09", "95e2661e4a6add09c7a5d50db0c4f3ee24b91559b41fbb6829dde00393ae0dbb", "9f8d7eca78e4172e603ab0beb8e5c2b38d9753c43d74c5a6ed653de63099195d", "c1bbdd977499c88ac725bb9583871553d3f35e74ac53bb28b3dc654991417340", "dab2cf3ce1f6e8296dadb5c2b408d8fad7af1b10cf4fafcda6f5e10b76635bb3", "ed17811edaaf8818bc5e9ed634eb41422cc3b3ef3a8688a194f5fb449a036bd4", "ed58cd5205debf5c6d3409bb961af4f88ef5bd7b8f6cd422ee789f2e5f352a4e"], "path": "%SystemRoot%\\microsoft.net\\framework64\\v2.0.50727\\mscorsvw.vir"}, {"hashes": ["30dd9806d7fe6f3fecf98796862b12d600ecf9bf37164ad0f3562e2b92241711", "4fa102772fe3e3d8a2cef5817e51832f09b38b4728167c6a1174df9daa1b73ed", "5195a09384e48b1e0a99ffe138a813af64497b21eabadf5bda3ec303d5cd0512", "58ded283f8e88aa3b7c961a6d8c649a2a820db777683c38bd605754bff2a1b46", "7228b71bb5292e8d9d7d8ce43641fe5dbf187343a6aa21e51a160932c7200bf4", "7342e2e6fbbc5dfb3480341d18a6db87209bc2827210a83d439a9875a8c6c922", "85e5d25c134536a992ec0548d18dcf91ac55ce771ddc8a51dfad1d5f71feac65", "8788781d868e0c411ab75c53ca2f2684adb966e0621453cec303fcd19a17ae09", "95e2661e4a6add09c7a5d50db0c4f3ee24b91559b41fbb6829dde00393ae0dbb", "9f8d7eca78e4172e603ab0beb8e5c2b38d9753c43d74c5a6ed653de63099195d", "c1bbdd977499c88ac725bb9583871553d3f35e74ac53bb28b3dc654991417340", "dab2cf3ce1f6e8296dadb5c2b408d8fad7af1b10cf4fafcda6f5e10b76635bb3", "ed17811edaaf8818bc5e9ed634eb41422cc3b3ef3a8688a194f5fb449a036bd4", "ed58cd5205debf5c6d3409bb961af4f88ef5bd7b8f6cd422ee789f2e5f352a4e"], "path": "%SystemRoot%\\microsoft.net\\framework64\\v4.0.30319\\mscorsvw.vir"}, {"hashes": ["30dd9806d7fe6f3fecf98796862b12d600ecf9bf37164ad0f3562e2b92241711", "4fa102772fe3e3d8a2cef5817e51832f09b38b4728167c6a1174df9daa1b73ed", "5195a09384e48b1e0a99ffe138a813af64497b21eabadf5bda3ec303d5cd0512", "58ded283f8e88aa3b7c961a6d8c649a2a820db777683c38bd605754bff2a1b46", "7228b71bb5292e8d9d7d8ce43641fe5dbf187343a6aa21e51a160932c7200bf4", "7342e2e6fbbc5dfb3480341d18a6db87209bc2827210a83d439a9875a8c6c922", "85e5d25c134536a992ec0548d18dcf91ac55ce771ddc8a51dfad1d5f71feac65", "8788781d868e0c411ab75c53ca2f2684adb966e0621453cec303fcd19a17ae09", "95e2661e4a6add09c7a5d50db0c4f3ee24b91559b41fbb6829dde00393ae0dbb", "9f8d7eca78e4172e603ab0beb8e5c2b38d9753c43d74c5a6ed653de63099195d", "c1bbdd977499c88ac725bb9583871553d3f35e74ac53bb28b3dc654991417340", "dab2cf3ce1f6e8296dadb5c2b408d8fad7af1b10cf4fafcda6f5e10b76635bb3", "ed17811edaaf8818bc5e9ed634eb41422cc3b3ef3a8688a194f5fb449a036bd4", "ed58cd5205debf5c6d3409bb961af4f88ef5bd7b8f6cd422ee789f2e5f352a4e"], "path": "%SystemRoot%\\microsoft.net\\framework\\v2.0.50727\\mscorsvw.vir"}, {"hashes": ["30dd9806d7fe6f3fecf98796862b12d600ecf9bf37164ad0f3562e2b92241711", "4fa102772fe3e3d8a2cef5817e51832f09b38b4728167c6a1174df9daa1b73ed", "5195a09384e48b1e0a99ffe138a813af64497b21eabadf5bda3ec303d5cd0512", "58ded283f8e88aa3b7c961a6d8c649a2a820db777683c38bd605754bff2a1b46", "7228b71bb5292e8d9d7d8ce43641fe5dbf187343a6aa21e51a160932c7200bf4", "7342e2e6fbbc5dfb3480341d18a6db87209bc2827210a83d439a9875a8c6c922", "85e5d25c134536a992ec0548d18dcf91ac55ce771ddc8a51dfad1d5f71feac65", "8788781d868e0c411ab75c53ca2f2684adb966e0621453cec303fcd19a17ae09", "95e2661e4a6add09c7a5d50db0c4f3ee24b91559b41fbb6829dde00393ae0dbb", "9f8d7eca78e4172e603ab0beb8e5c2b38d9753c43d74c5a6ed653de63099195d", "c1bbdd977499c88ac725bb9583871553d3f35e74ac53bb28b3dc654991417340", "dab2cf3ce1f6e8296dadb5c2b408d8fad7af1b10cf4fafcda6f5e10b76635bb3", "ed17811edaaf8818bc5e9ed634eb41422cc3b3ef3a8688a194f5fb449a036bd4", "ed58cd5205debf5c6d3409bb961af4f88ef5bd7b8f6cd422ee789f2e5f352a4e"], "path": "%SystemRoot%\\microsoft.net\\framework\\v4.0.30319\\mscorsvw.vir"}, {"hashes": ["30dd9806d7fe6f3fecf98796862b12d600ecf9bf37164ad0f3562e2b92241711", "4fa102772fe3e3d8a2cef5817e51832f09b38b4728167c6a1174df9daa1b73ed", "5195a09384e48b1e0a99ffe138a813af64497b21eabadf5bda3ec303d5cd0512", "58ded283f8e88aa3b7c961a6d8c649a2a820db777683c38bd605754bff2a1b46", "7228b71bb5292e8d9d7d8ce43641fe5dbf187343a6aa21e51a160932c7200bf4", "7342e2e6fbbc5dfb3480341d18a6db87209bc2827210a83d439a9875a8c6c922", "85e5d25c134536a992ec0548d18dcf91ac55ce771ddc8a51dfad1d5f71feac65", "8788781d868e0c411ab75c53ca2f2684adb966e0621453cec303fcd19a17ae09", "95e2661e4a6add09c7a5d50db0c4f3ee24b91559b41fbb6829dde00393ae0dbb", "9f8d7eca78e4172e603ab0beb8e5c2b38d9753c43d74c5a6ed653de63099195d", "c1bbdd977499c88ac725bb9583871553d3f35e74ac53bb28b3dc654991417340", "dab2cf3ce1f6e8296dadb5c2b408d8fad7af1b10cf4fafcda6f5e10b76635bb3", "ed17811edaaf8818bc5e9ed634eb41422cc3b3ef3a8688a194f5fb449a036bd4", "ed58cd5205debf5c6d3409bb961af4f88ef5bd7b8f6cd422ee789f2e5f352a4e"], "path": "%System32%\\alg.vir"}, {"hashes": ["30dd9806d7fe6f3fecf98796862b12d600ecf9bf37164ad0f3562e2b92241711", "4fa102772fe3e3d8a2cef5817e51832f09b38b4728167c6a1174df9daa1b73ed", "5195a09384e48b1e0a99ffe138a813af64497b21eabadf5bda3ec303d5cd0512", "58ded283f8e88aa3b7c961a6d8c649a2a820db777683c38bd605754bff2a1b46", "7228b71bb5292e8d9d7d8ce43641fe5dbf187343a6aa21e51a160932c7200bf4", "7342e2e6fbbc5dfb3480341d18a6db87209bc2827210a83d439a9875a8c6c922", "85e5d25c134536a992ec0548d18dcf91ac55ce771ddc8a51dfad1d5f71feac65", "8788781d868e0c411ab75c53ca2f2684adb966e0621453cec303fcd19a17ae09", "95e2661e4a6add09c7a5d50db0c4f3ee24b91559b41fbb6829dde00393ae0dbb", "9f8d7eca78e4172e603ab0beb8e5c2b38d9753c43d74c5a6ed653de63099195d", "c1bbdd977499c88ac725bb9583871553d3f35e74ac53bb28b3dc654991417340", "dab2cf3ce1f6e8296dadb5c2b408d8fad7af1b10cf4fafcda6f5e10b76635bb3", "ed17811edaaf8818bc5e9ed634eb41422cc3b3ef3a8688a194f5fb449a036bd4", "ed58cd5205debf5c6d3409bb961af4f88ef5bd7b8f6cd422ee789f2e5f352a4e"], "path": "%System32%\\dllhost.vir"}, {"hashes": ["30dd9806d7fe6f3fecf98796862b12d600ecf9bf37164ad0f3562e2b92241711", "4fa102772fe3e3d8a2cef5817e51832f09b38b4728167c6a1174df9daa1b73ed", "5195a09384e48b1e0a99ffe138a813af64497b21eabadf5bda3ec303d5cd0512", "58ded283f8e88aa3b7c961a6d8c649a2a820db777683c38bd605754bff2a1b46", "7228b71bb5292e8d9d7d8ce43641fe5dbf187343a6aa21e51a160932c7200bf4", "7342e2e6fbbc5dfb3480341d18a6db87209bc2827210a83d439a9875a8c6c922", "85e5d25c134536a992ec0548d18dcf91ac55ce771ddc8a51dfad1d5f71feac65", "8788781d868e0c411ab75c53ca2f2684adb966e0621453cec303fcd19a17ae09", "95e2661e4a6add09c7a5d50db0c4f3ee24b91559b41fbb6829dde00393ae0dbb", "9f8d7eca78e4172e603ab0beb8e5c2b38d9753c43d74c5a6ed653de63099195d", "c1bbdd977499c88ac725bb9583871553d3f35e74ac53bb28b3dc654991417340", "dab2cf3ce1f6e8296dadb5c2b408d8fad7af1b10cf4fafcda6f5e10b76635bb3", "ed17811edaaf8818bc5e9ed634eb41422cc3b3ef3a8688a194f5fb449a036bd4", "ed58cd5205debf5c6d3409bb961af4f88ef5bd7b8f6cd422ee789f2e5f352a4e"], "path": "%System32%\\fxssvc.vir"}, {"hashes": ["30dd9806d7fe6f3fecf98796862b12d600ecf9bf37164ad0f3562e2b92241711", "4fa102772fe3e3d8a2cef5817e51832f09b38b4728167c6a1174df9daa1b73ed", "5195a09384e48b1e0a99ffe138a813af64497b21eabadf5bda3ec303d5cd0512", "58ded283f8e88aa3b7c961a6d8c649a2a820db777683c38bd605754bff2a1b46", "7228b71bb5292e8d9d7d8ce43641fe5dbf187343a6aa21e51a160932c7200bf4", "7342e2e6fbbc5dfb3480341d18a6db87209bc2827210a83d439a9875a8c6c922", "85e5d25c134536a992ec0548d18dcf91ac55ce771ddc8a51dfad1d5f71feac65", "8788781d868e0c411ab75c53ca2f2684adb966e0621453cec303fcd19a17ae09", "95e2661e4a6add09c7a5d50db0c4f3ee24b91559b41fbb6829dde00393ae0dbb", "9f8d7eca78e4172e603ab0beb8e5c2b38d9753c43d74c5a6ed653de63099195d", "c1bbdd977499c88ac725bb9583871553d3f35e74ac53bb28b3dc654991417340", "dab2cf3ce1f6e8296dadb5c2b408d8fad7af1b10cf4fafcda6f5e10b76635bb3", "ed17811edaaf8818bc5e9ed634eb41422cc3b3ef3a8688a194f5fb449a036bd4", "ed58cd5205debf5c6d3409bb961af4f88ef5bd7b8f6cd422ee789f2e5f352a4e"], "path": "%System32%\\ieetwcollector.vir"}, {"hashes": ["30dd9806d7fe6f3fecf98796862b12d600ecf9bf37164ad0f3562e2b92241711", "4fa102772fe3e3d8a2cef5817e51832f09b38b4728167c6a1174df9daa1b73ed", "5195a09384e48b1e0a99ffe138a813af64497b21eabadf5bda3ec303d5cd0512", "58ded283f8e88aa3b7c961a6d8c649a2a820db777683c38bd605754bff2a1b46", "7228b71bb5292e8d9d7d8ce43641fe5dbf187343a6aa21e51a160932c7200bf4", "7342e2e6fbbc5dfb3480341d18a6db87209bc2827210a83d439a9875a8c6c922", "85e5d25c134536a992ec0548d18dcf91ac55ce771ddc8a51dfad1d5f71feac65", "8788781d868e0c411ab75c53ca2f2684adb966e0621453cec303fcd19a17ae09", "95e2661e4a6add09c7a5d50db0c4f3ee24b91559b41fbb6829dde00393ae0dbb", "9f8d7eca78e4172e603ab0beb8e5c2b38d9753c43d74c5a6ed653de63099195d", "c1bbdd977499c88ac725bb9583871553d3f35e74ac53bb28b3dc654991417340", "dab2cf3ce1f6e8296dadb5c2b408d8fad7af1b10cf4fafcda6f5e10b76635bb3", "ed17811edaaf8818bc5e9ed634eb41422cc3b3ef3a8688a194f5fb449a036bd4", "ed58cd5205debf5c6d3409bb961af4f88ef5bd7b8f6cd422ee789f2e5f352a4e"], "path": "%System32%\\msdtc.vir"}, {"hashes": ["30dd9806d7fe6f3fecf98796862b12d600ecf9bf37164ad0f3562e2b92241711", "4fa102772fe3e3d8a2cef5817e51832f09b38b4728167c6a1174df9daa1b73ed", "5195a09384e48b1e0a99ffe138a813af64497b21eabadf5bda3ec303d5cd0512", "58ded283f8e88aa3b7c961a6d8c649a2a820db777683c38bd605754bff2a1b46", "7228b71bb5292e8d9d7d8ce43641fe5dbf187343a6aa21e51a160932c7200bf4", "7342e2e6fbbc5dfb3480341d18a6db87209bc2827210a83d439a9875a8c6c922", "85e5d25c134536a992ec0548d18dcf91ac55ce771ddc8a51dfad1d5f71feac65", "8788781d868e0c411ab75c53ca2f2684adb966e0621453cec303fcd19a17ae09", "95e2661e4a6add09c7a5d50db0c4f3ee24b91559b41fbb6829dde00393ae0dbb", "9f8d7eca78e4172e603ab0beb8e5c2b38d9753c43d74c5a6ed653de63099195d", "c1bbdd977499c88ac725bb9583871553d3f35e74ac53bb28b3dc654991417340", "dab2cf3ce1f6e8296dadb5c2b408d8fad7af1b10cf4fafcda6f5e10b76635bb3", "ed17811edaaf8818bc5e9ed634eb41422cc3b3ef3a8688a194f5fb449a036bd4", "ed58cd5205debf5c6d3409bb961af4f88ef5bd7b8f6cd422ee789f2e5f352a4e"], "path": "%System32%\\msiexec.vir"}, {"hashes": ["30dd9806d7fe6f3fecf98796862b12d600ecf9bf37164ad0f3562e2b92241711", "4fa102772fe3e3d8a2cef5817e51832f09b38b4728167c6a1174df9daa1b73ed", "5195a09384e48b1e0a99ffe138a813af64497b21eabadf5bda3ec303d5cd0512", "58ded283f8e88aa3b7c961a6d8c649a2a820db777683c38bd605754bff2a1b46", "7228b71bb5292e8d9d7d8ce43641fe5dbf187343a6aa21e51a160932c7200bf4", "7342e2e6fbbc5dfb3480341d18a6db87209bc2827210a83d439a9875a8c6c922", "85e5d25c134536a992ec0548d18dcf91ac55ce771ddc8a51dfad1d5f71feac65", "8788781d868e0c411ab75c53ca2f2684adb966e0621453cec303fcd19a17ae09", "95e2661e4a6add09c7a5d50db0c4f3ee24b91559b41fbb6829dde00393ae0dbb", "9f8d7eca78e4172e603ab0beb8e5c2b38d9753c43d74c5a6ed653de63099195d", "c1bbdd977499c88ac725bb9583871553d3f35e74ac53bb28b3dc654991417340", "dab2cf3ce1f6e8296dadb5c2b408d8fad7af1b10cf4fafcda6f5e10b76635bb3", "ed17811edaaf8818bc5e9ed634eb41422cc3b3ef3a8688a194f5fb449a036bd4", "ed58cd5205debf5c6d3409bb961af4f88ef5bd7b8f6cd422ee789f2e5f352a4e"], "path": "%System32%\\snmptrap.vir"}, {"hashes": ["30dd9806d7fe6f3fecf98796862b12d600ecf9bf37164ad0f3562e2b92241711", "4fa102772fe3e3d8a2cef5817e51832f09b38b4728167c6a1174df9daa1b73ed", "5195a09384e48b1e0a99ffe138a813af64497b21eabadf5bda3ec303d5cd0512", "58ded283f8e88aa3b7c961a6d8c649a2a820db777683c38bd605754bff2a1b46", "7228b71bb5292e8d9d7d8ce43641fe5dbf187343a6aa21e51a160932c7200bf4", "7342e2e6fbbc5dfb3480341d18a6db87209bc2827210a83d439a9875a8c6c922", "85e5d25c134536a992ec0548d18dcf91ac55ce771ddc8a51dfad1d5f71feac65", "8788781d868e0c411ab75c53ca2f2684adb966e0621453cec303fcd19a17ae09", "95e2661e4a6add09c7a5d50db0c4f3ee24b91559b41fbb6829dde00393ae0dbb", "9f8d7eca78e4172e603ab0beb8e5c2b38d9753c43d74c5a6ed653de63099195d", "c1bbdd977499c88ac725bb9583871553d3f35e74ac53bb28b3dc654991417340", "dab2cf3ce1f6e8296dadb5c2b408d8fad7af1b10cf4fafcda6f5e10b76635bb3", "ed17811edaaf8818bc5e9ed634eb41422cc3b3ef3a8688a194f5fb449a036bd4", "ed58cd5205debf5c6d3409bb961af4f88ef5bd7b8f6cd422ee789f2e5f352a4e"], "path": "%System32%\\sppsvc.vir"}, {"hashes": ["30dd9806d7fe6f3fecf98796862b12d600ecf9bf37164ad0f3562e2b92241711", "4fa102772fe3e3d8a2cef5817e51832f09b38b4728167c6a1174df9daa1b73ed", "5195a09384e48b1e0a99ffe138a813af64497b21eabadf5bda3ec303d5cd0512", "58ded283f8e88aa3b7c961a6d8c649a2a820db777683c38bd605754bff2a1b46", "7228b71bb5292e8d9d7d8ce43641fe5dbf187343a6aa21e51a160932c7200bf4", "7342e2e6fbbc5dfb3480341d18a6db87209bc2827210a83d439a9875a8c6c922", "85e5d25c134536a992ec0548d18dcf91ac55ce771ddc8a51dfad1d5f71feac65", "8788781d868e0c411ab75c53ca2f2684adb966e0621453cec303fcd19a17ae09", "95e2661e4a6add09c7a5d50db0c4f3ee24b91559b41fbb6829dde00393ae0dbb", "9f8d7eca78e4172e603ab0beb8e5c2b38d9753c43d74c5a6ed653de63099195d", "c1bbdd977499c88ac725bb9583871553d3f35e74ac53bb28b3dc654991417340", "dab2cf3ce1f6e8296dadb5c2b408d8fad7af1b10cf4fafcda6f5e10b76635bb3", "ed17811edaaf8818bc5e9ed634eb41422cc3b3ef3a8688a194f5fb449a036bd4", "ed58cd5205debf5c6d3409bb961af4f88ef5bd7b8f6cd422ee789f2e5f352a4e"], "path": "%System32%\\ui0detect.vir"}, {"hashes": ["30dd9806d7fe6f3fecf98796862b12d600ecf9bf37164ad0f3562e2b92241711", "4fa102772fe3e3d8a2cef5817e51832f09b38b4728167c6a1174df9daa1b73ed", "5195a09384e48b1e0a99ffe138a813af64497b21eabadf5bda3ec303d5cd0512", "58ded283f8e88aa3b7c961a6d8c649a2a820db777683c38bd605754bff2a1b46", "7228b71bb5292e8d9d7d8ce43641fe5dbf187343a6aa21e51a160932c7200bf4", "7342e2e6fbbc5dfb3480341d18a6db87209bc2827210a83d439a9875a8c6c922", "85e5d25c134536a992ec0548d18dcf91ac55ce771ddc8a51dfad1d5f71feac65", "8788781d868e0c411ab75c53ca2f2684adb966e0621453cec303fcd19a17ae09", "95e2661e4a6add09c7a5d50db0c4f3ee24b91559b41fbb6829dde00393ae0dbb", "9f8d7eca78e4172e603ab0beb8e5c2b38d9753c43d74c5a6ed653de63099195d", "c1bbdd977499c88ac725bb9583871553d3f35e74ac53bb28b3dc654991417340", "dab2cf3ce1f6e8296dadb5c2b408d8fad7af1b10cf4fafcda6f5e10b76635bb3", "ed17811edaaf8818bc5e9ed634eb41422cc3b3ef3a8688a194f5fb449a036bd4", "ed58cd5205debf5c6d3409bb961af4f88ef5bd7b8f6cd422ee789f2e5f352a4e"], "path": "%System32%\\vds.vir"}, {"hashes": ["30dd9806d7fe6f3fecf98796862b12d600ecf9bf37164ad0f3562e2b92241711", "4fa102772fe3e3d8a2cef5817e51832f09b38b4728167c6a1174df9daa1b73ed", "5195a09384e48b1e0a99ffe138a813af64497b21eabadf5bda3ec303d5cd0512", "58ded283f8e88aa3b7c961a6d8c649a2a820db777683c38bd605754bff2a1b46", "7228b71bb5292e8d9d7d8ce43641fe5dbf187343a6aa21e51a160932c7200bf4", "7342e2e6fbbc5dfb3480341d18a6db87209bc2827210a83d439a9875a8c6c922", "85e5d25c134536a992ec0548d18dcf91ac55ce771ddc8a51dfad1d5f71feac65", "8788781d868e0c411ab75c53ca2f2684adb966e0621453cec303fcd19a17ae09", "95e2661e4a6add09c7a5d50db0c4f3ee24b91559b41fbb6829dde00393ae0dbb", "9f8d7eca78e4172e603ab0beb8e5c2b38d9753c43d74c5a6ed653de63099195d", "c1bbdd977499c88ac725bb9583871553d3f35e74ac53bb28b3dc654991417340", "dab2cf3ce1f6e8296dadb5c2b408d8fad7af1b10cf4fafcda6f5e10b76635bb3", "ed17811edaaf8818bc5e9ed634eb41422cc3b3ef3a8688a194f5fb449a036bd4", "ed58cd5205debf5c6d3409bb961af4f88ef5bd7b8f6cd422ee789f2e5f352a4e"], "path": "%System32%\\vssvc.vir"}, {"hashes": ["30dd9806d7fe6f3fecf98796862b12d600ecf9bf37164ad0f3562e2b92241711", "4fa102772fe3e3d8a2cef5817e51832f09b38b4728167c6a1174df9daa1b73ed", "5195a09384e48b1e0a99ffe138a813af64497b21eabadf5bda3ec303d5cd0512", "58ded283f8e88aa3b7c961a6d8c649a2a820db777683c38bd605754bff2a1b46", "7228b71bb5292e8d9d7d8ce43641fe5dbf187343a6aa21e51a160932c7200bf4", "7342e2e6fbbc5dfb3480341d18a6db87209bc2827210a83d439a9875a8c6c922", "85e5d25c134536a992ec0548d18dcf91ac55ce771ddc8a51dfad1d5f71feac65", "8788781d868e0c411ab75c53ca2f2684adb966e0621453cec303fcd19a17ae09", "95e2661e4a6add09c7a5d50db0c4f3ee24b91559b41fbb6829dde00393ae0dbb", "9f8d7eca78e4172e603ab0beb8e5c2b38d9753c43d74c5a6ed653de63099195d", "c1bbdd977499c88ac725bb9583871553d3f35e74ac53bb28b3dc654991417340", "dab2cf3ce1f6e8296dadb5c2b408d8fad7af1b10cf4fafcda6f5e10b76635bb3", "ed17811edaaf8818bc5e9ed634eb41422cc3b3ef3a8688a194f5fb449a036bd4", "ed58cd5205debf5c6d3409bb961af4f88ef5bd7b8f6cd422ee789f2e5f352a4e"], "path": "%System32%\\wbem\\wmiApsrv.vir"}, {"hashes": ["30dd9806d7fe6f3fecf98796862b12d600ecf9bf37164ad0f3562e2b92241711", "4fa102772fe3e3d8a2cef5817e51832f09b38b4728167c6a1174df9daa1b73ed", "5195a09384e48b1e0a99ffe138a813af64497b21eabadf5bda3ec303d5cd0512", "58ded283f8e88aa3b7c961a6d8c649a2a820db777683c38bd605754bff2a1b46", "7228b71bb5292e8d9d7d8ce43641fe5dbf187343a6aa21e51a160932c7200bf4", "7342e2e6fbbc5dfb3480341d18a6db87209bc2827210a83d439a9875a8c6c922", "85e5d25c134536a992ec0548d18dcf91ac55ce771ddc8a51dfad1d5f71feac65", "8788781d868e0c411ab75c53ca2f2684adb966e0621453cec303fcd19a17ae09", "95e2661e4a6add09c7a5d50db0c4f3ee24b91559b41fbb6829dde00393ae0dbb", "9f8d7eca78e4172e603ab0beb8e5c2b38d9753c43d74c5a6ed653de63099195d", "c1bbdd977499c88ac725bb9583871553d3f35e74ac53bb28b3dc654991417340", "dab2cf3ce1f6e8296dadb5c2b408d8fad7af1b10cf4fafcda6f5e10b76635bb3", "ed17811edaaf8818bc5e9ed634eb41422cc3b3ef3a8688a194f5fb449a036bd4", "ed58cd5205debf5c6d3409bb961af4f88ef5bd7b8f6cd422ee789f2e5f352a4e"], "path": "%System32%\\wbengine.vir"}, {"hashes": ["30dd9806d7fe6f3fecf98796862b12d600ecf9bf37164ad0f3562e2b92241711", "4fa102772fe3e3d8a2cef5817e51832f09b38b4728167c6a1174df9daa1b73ed", "5195a09384e48b1e0a99ffe138a813af64497b21eabadf5bda3ec303d5cd0512", "58ded283f8e88aa3b7c961a6d8c649a2a820db777683c38bd605754bff2a1b46", "7228b71bb5292e8d9d7d8ce43641fe5dbf187343a6aa21e51a160932c7200bf4", "7342e2e6fbbc5dfb3480341d18a6db87209bc2827210a83d439a9875a8c6c922", "85e5d25c134536a992ec0548d18dcf91ac55ce771ddc8a51dfad1d5f71feac65", "8788781d868e0c411ab75c53ca2f2684adb966e0621453cec303fcd19a17ae09", "95e2661e4a6add09c7a5d50db0c4f3ee24b91559b41fbb6829dde00393ae0dbb", "9f8d7eca78e4172e603ab0beb8e5c2b38d9753c43d74c5a6ed653de63099195d", "c1bbdd977499c88ac725bb9583871553d3f35e74ac53bb28b3dc654991417340", "dab2cf3ce1f6e8296dadb5c2b408d8fad7af1b10cf4fafcda6f5e10b76635bb3", "ed17811edaaf8818bc5e9ed634eb41422cc3b3ef3a8688a194f5fb449a036bd4", "ed58cd5205debf5c6d3409bb961af4f88ef5bd7b8f6cd422ee789f2e5f352a4e"], "path": "%ProgramFiles%\\7-Zip\\7z.vir"}, {"hashes": ["30dd9806d7fe6f3fecf98796862b12d600ecf9bf37164ad0f3562e2b92241711", "4fa102772fe3e3d8a2cef5817e51832f09b38b4728167c6a1174df9daa1b73ed", "5195a09384e48b1e0a99ffe138a813af64497b21eabadf5bda3ec303d5cd0512", "58ded283f8e88aa3b7c961a6d8c649a2a820db777683c38bd605754bff2a1b46", "7228b71bb5292e8d9d7d8ce43641fe5dbf187343a6aa21e51a160932c7200bf4", "7342e2e6fbbc5dfb3480341d18a6db87209bc2827210a83d439a9875a8c6c922", "85e5d25c134536a992ec0548d18dcf91ac55ce771ddc8a51dfad1d5f71feac65", "8788781d868e0c411ab75c53ca2f2684adb966e0621453cec303fcd19a17ae09", "95e2661e4a6add09c7a5d50db0c4f3ee24b91559b41fbb6829dde00393ae0dbb", "9f8d7eca78e4172e603ab0beb8e5c2b38d9753c43d74c5a6ed653de63099195d", "c1bbdd977499c88ac725bb9583871553d3f35e74ac53bb28b3dc654991417340", "dab2cf3ce1f6e8296dadb5c2b408d8fad7af1b10cf4fafcda6f5e10b76635bb3", "ed17811edaaf8818bc5e9ed634eb41422cc3b3ef3a8688a194f5fb449a036bd4", "ed58cd5205debf5c6d3409bb961af4f88ef5bd7b8f6cd422ee789f2e5f352a4e"], "path": "%ProgramFiles%\\7-Zip\\7zFM.vir"}, {"hashes": ["30dd9806d7fe6f3fecf98796862b12d600ecf9bf37164ad0f3562e2b92241711", "4fa102772fe3e3d8a2cef5817e51832f09b38b4728167c6a1174df9daa1b73ed", "5195a09384e48b1e0a99ffe138a813af64497b21eabadf5bda3ec303d5cd0512", "58ded283f8e88aa3b7c961a6d8c649a2a820db777683c38bd605754bff2a1b46", "7228b71bb5292e8d9d7d8ce43641fe5dbf187343a6aa21e51a160932c7200bf4", "7342e2e6fbbc5dfb3480341d18a6db87209bc2827210a83d439a9875a8c6c922", "85e5d25c134536a992ec0548d18dcf91ac55ce771ddc8a51dfad1d5f71feac65", "8788781d868e0c411ab75c53ca2f2684adb966e0621453cec303fcd19a17ae09", "95e2661e4a6add09c7a5d50db0c4f3ee24b91559b41fbb6829dde00393ae0dbb", "9f8d7eca78e4172e603ab0beb8e5c2b38d9753c43d74c5a6ed653de63099195d", "c1bbdd977499c88ac725bb9583871553d3f35e74ac53bb28b3dc654991417340", "dab2cf3ce1f6e8296dadb5c2b408d8fad7af1b10cf4fafcda6f5e10b76635bb3", "ed17811edaaf8818bc5e9ed634eb41422cc3b3ef3a8688a194f5fb449a036bd4", "ed58cd5205debf5c6d3409bb961af4f88ef5bd7b8f6cd422ee789f2e5f352a4e"], "path": "%ProgramFiles%\\7-Zip\\7zG.vir"}, {"hashes": ["30dd9806d7fe6f3fecf98796862b12d600ecf9bf37164ad0f3562e2b92241711", "4fa102772fe3e3d8a2cef5817e51832f09b38b4728167c6a1174df9daa1b73ed", "5195a09384e48b1e0a99ffe138a813af64497b21eabadf5bda3ec303d5cd0512", "58ded283f8e88aa3b7c961a6d8c649a2a820db777683c38bd605754bff2a1b46", "7228b71bb5292e8d9d7d8ce43641fe5dbf187343a6aa21e51a160932c7200bf4", "7342e2e6fbbc5dfb3480341d18a6db87209bc2827210a83d439a9875a8c6c922", "85e5d25c134536a992ec0548d18dcf91ac55ce771ddc8a51dfad1d5f71feac65", "8788781d868e0c411ab75c53ca2f2684adb966e0621453cec303fcd19a17ae09", "95e2661e4a6add09c7a5d50db0c4f3ee24b91559b41fbb6829dde00393ae0dbb", "9f8d7eca78e4172e603ab0beb8e5c2b38d9753c43d74c5a6ed653de63099195d", "c1bbdd977499c88ac725bb9583871553d3f35e74ac53bb28b3dc654991417340", "dab2cf3ce1f6e8296dadb5c2b408d8fad7af1b10cf4fafcda6f5e10b76635bb3", "ed17811edaaf8818bc5e9ed634eb41422cc3b3ef3a8688a194f5fb449a036bd4", "ed58cd5205debf5c6d3409bb961af4f88ef5bd7b8f6cd422ee789f2e5f352a4e"], "path": "%ProgramFiles%\\7-Zip\\Uninstall.vir"}], "ip": [], "mutex": [{"hashes": ["30dd9806d7fe6f3fecf98796862b12d600ecf9bf37164ad0f3562e2b92241711", "4fa102772fe3e3d8a2cef5817e51832f09b38b4728167c6a1174df9daa1b73ed", "5195a09384e48b1e0a99ffe138a813af64497b21eabadf5bda3ec303d5cd0512", "58ded283f8e88aa3b7c961a6d8c649a2a820db777683c38bd605754bff2a1b46", "7228b71bb5292e8d9d7d8ce43641fe5dbf187343a6aa21e51a160932c7200bf4", "7342e2e6fbbc5dfb3480341d18a6db87209bc2827210a83d439a9875a8c6c922", "85e5d25c134536a992ec0548d18dcf91ac55ce771ddc8a51dfad1d5f71feac65", "8788781d868e0c411ab75c53ca2f2684adb966e0621453cec303fcd19a17ae09", "95e2661e4a6add09c7a5d50db0c4f3ee24b91559b41fbb6829dde00393ae0dbb", "9f8d7eca78e4172e603ab0beb8e5c2b38d9753c43d74c5a6ed653de63099195d", "c1bbdd977499c88ac725bb9583871553d3f35e74ac53bb28b3dc654991417340", "dab2cf3ce1f6e8296dadb5c2b408d8fad7af1b10cf4fafcda6f5e10b76635bb3", "ed17811edaaf8818bc5e9ed634eb41422cc3b3ef3a8688a194f5fb449a036bd4", "ed58cd5205debf5c6d3409bb961af4f88ef5bd7b8f6cd422ee789f2e5f352a4e"], "name": "kkq-vx_mtx1"}, {"hashes": ["30dd9806d7fe6f3fecf98796862b12d600ecf9bf37164ad0f3562e2b92241711", "4fa102772fe3e3d8a2cef5817e51832f09b38b4728167c6a1174df9daa1b73ed", "5195a09384e48b1e0a99ffe138a813af64497b21eabadf5bda3ec303d5cd0512", "58ded283f8e88aa3b7c961a6d8c649a2a820db777683c38bd605754bff2a1b46", "7228b71bb5292e8d9d7d8ce43641fe5dbf187343a6aa21e51a160932c7200bf4", "7342e2e6fbbc5dfb3480341d18a6db87209bc2827210a83d439a9875a8c6c922", "85e5d25c134536a992ec0548d18dcf91ac55ce771ddc8a51dfad1d5f71feac65", "8788781d868e0c411ab75c53ca2f2684adb966e0621453cec303fcd19a17ae09", "95e2661e4a6add09c7a5d50db0c4f3ee24b91559b41fbb6829dde00393ae0dbb", "9f8d7eca78e4172e603ab0beb8e5c2b38d9753c43d74c5a6ed653de63099195d", "c1bbdd977499c88ac725bb9583871553d3f35e74ac53bb28b3dc654991417340", "dab2cf3ce1f6e8296dadb5c2b408d8fad7af1b10cf4fafcda6f5e10b76635bb3", "ed17811edaaf8818bc5e9ed634eb41422cc3b3ef3a8688a194f5fb449a036bd4", "ed58cd5205debf5c6d3409bb961af4f88ef5bd7b8f6cd422ee789f2e5f352a4e"], "name": "kkq-vx_mtx66"}, {"hashes": ["30dd9806d7fe6f3fecf98796862b12d600ecf9bf37164ad0f3562e2b92241711", "4fa102772fe3e3d8a2cef5817e51832f09b38b4728167c6a1174df9daa1b73ed", "5195a09384e48b1e0a99ffe138a813af64497b21eabadf5bda3ec303d5cd0512", "58ded283f8e88aa3b7c961a6d8c649a2a820db777683c38bd605754bff2a1b46", "7228b71bb5292e8d9d7d8ce43641fe5dbf187343a6aa21e51a160932c7200bf4", "7342e2e6fbbc5dfb3480341d18a6db87209bc2827210a83d439a9875a8c6c922", "85e5d25c134536a992ec0548d18dcf91ac55ce771ddc8a51dfad1d5f71feac65", "8788781d868e0c411ab75c53ca2f2684adb966e0621453cec303fcd19a17ae09", "95e2661e4a6add09c7a5d50db0c4f3ee24b91559b41fbb6829dde00393ae0dbb", "9f8d7eca78e4172e603ab0beb8e5c2b38d9753c43d74c5a6ed653de63099195d", "c1bbdd977499c88ac725bb9583871553d3f35e74ac53bb28b3dc654991417340", "dab2cf3ce1f6e8296dadb5c2b408d8fad7af1b10cf4fafcda6f5e10b76635bb3", "ed17811edaaf8818bc5e9ed634eb41422cc3b3ef3a8688a194f5fb449a036bd4", "ed58cd5205debf5c6d3409bb961af4f88ef5bd7b8f6cd422ee789f2e5f352a4e"], "name": "kkq-vx_mtx67"}, {"hashes": ["30dd9806d7fe6f3fecf98796862b12d600ecf9bf37164ad0f3562e2b92241711", "4fa102772fe3e3d8a2cef5817e51832f09b38b4728167c6a1174df9daa1b73ed", "5195a09384e48b1e0a99ffe138a813af64497b21eabadf5bda3ec303d5cd0512", "58ded283f8e88aa3b7c961a6d8c649a2a820db777683c38bd605754bff2a1b46", "7228b71bb5292e8d9d7d8ce43641fe5dbf187343a6aa21e51a160932c7200bf4", "7342e2e6fbbc5dfb3480341d18a6db87209bc2827210a83d439a9875a8c6c922", "85e5d25c134536a992ec0548d18dcf91ac55ce771ddc8a51dfad1d5f71feac65", "8788781d868e0c411ab75c53ca2f2684adb966e0621453cec303fcd19a17ae09", "95e2661e4a6add09c7a5d50db0c4f3ee24b91559b41fbb6829dde00393ae0dbb", "9f8d7eca78e4172e603ab0beb8e5c2b38d9753c43d74c5a6ed653de63099195d", "c1bbdd977499c88ac725bb9583871553d3f35e74ac53bb28b3dc654991417340", "dab2cf3ce1f6e8296dadb5c2b408d8fad7af1b10cf4fafcda6f5e10b76635bb3", "ed17811edaaf8818bc5e9ed634eb41422cc3b3ef3a8688a194f5fb449a036bd4", "ed58cd5205debf5c6d3409bb961af4f88ef5bd7b8f6cd422ee789f2e5f352a4e"], "name": "kkq-vx_mtx68"}, {"hashes": ["30dd9806d7fe6f3fecf98796862b12d600ecf9bf37164ad0f3562e2b92241711", "4fa102772fe3e3d8a2cef5817e51832f09b38b4728167c6a1174df9daa1b73ed", "5195a09384e48b1e0a99ffe138a813af64497b21eabadf5bda3ec303d5cd0512", "58ded283f8e88aa3b7c961a6d8c649a2a820db777683c38bd605754bff2a1b46", "7228b71bb5292e8d9d7d8ce43641fe5dbf187343a6aa21e51a160932c7200bf4", "7342e2e6fbbc5dfb3480341d18a6db87209bc2827210a83d439a9875a8c6c922", "85e5d25c134536a992ec0548d18dcf91ac55ce771ddc8a51dfad1d5f71feac65", "8788781d868e0c411ab75c53ca2f2684adb966e0621453cec303fcd19a17ae09", "95e2661e4a6add09c7a5d50db0c4f3ee24b91559b41fbb6829dde00393ae0dbb", "9f8d7eca78e4172e603ab0beb8e5c2b38d9753c43d74c5a6ed653de63099195d", "c1bbdd977499c88ac725bb9583871553d3f35e74ac53bb28b3dc654991417340", "dab2cf3ce1f6e8296dadb5c2b408d8fad7af1b10cf4fafcda6f5e10b76635bb3", "ed17811edaaf8818bc5e9ed634eb41422cc3b3ef3a8688a194f5fb449a036bd4", "ed58cd5205debf5c6d3409bb961af4f88ef5bd7b8f6cd422ee789f2e5f352a4e"], "name": "kkq-vx_mtx69"}, {"hashes": ["30dd9806d7fe6f3fecf98796862b12d600ecf9bf37164ad0f3562e2b92241711", "4fa102772fe3e3d8a2cef5817e51832f09b38b4728167c6a1174df9daa1b73ed", "5195a09384e48b1e0a99ffe138a813af64497b21eabadf5bda3ec303d5cd0512", "58ded283f8e88aa3b7c961a6d8c649a2a820db777683c38bd605754bff2a1b46", "7228b71bb5292e8d9d7d8ce43641fe5dbf187343a6aa21e51a160932c7200bf4", "7342e2e6fbbc5dfb3480341d18a6db87209bc2827210a83d439a9875a8c6c922", "85e5d25c134536a992ec0548d18dcf91ac55ce771ddc8a51dfad1d5f71feac65", "8788781d868e0c411ab75c53ca2f2684adb966e0621453cec303fcd19a17ae09", "95e2661e4a6add09c7a5d50db0c4f3ee24b91559b41fbb6829dde00393ae0dbb", "9f8d7eca78e4172e603ab0beb8e5c2b38d9753c43d74c5a6ed653de63099195d", "c1bbdd977499c88ac725bb9583871553d3f35e74ac53bb28b3dc654991417340", "dab2cf3ce1f6e8296dadb5c2b408d8fad7af1b10cf4fafcda6f5e10b76635bb3", "ed17811edaaf8818bc5e9ed634eb41422cc3b3ef3a8688a194f5fb449a036bd4", "ed58cd5205debf5c6d3409bb961af4f88ef5bd7b8f6cd422ee789f2e5f352a4e"], "name": "kkq-vx_mtx70"}, {"hashes": ["30dd9806d7fe6f3fecf98796862b12d600ecf9bf37164ad0f3562e2b92241711", "4fa102772fe3e3d8a2cef5817e51832f09b38b4728167c6a1174df9daa1b73ed", "5195a09384e48b1e0a99ffe138a813af64497b21eabadf5bda3ec303d5cd0512", "58ded283f8e88aa3b7c961a6d8c649a2a820db777683c38bd605754bff2a1b46", "7228b71bb5292e8d9d7d8ce43641fe5dbf187343a6aa21e51a160932c7200bf4", "7342e2e6fbbc5dfb3480341d18a6db87209bc2827210a83d439a9875a8c6c922", "85e5d25c134536a992ec0548d18dcf91ac55ce771ddc8a51dfad1d5f71feac65", "8788781d868e0c411ab75c53ca2f2684adb966e0621453cec303fcd19a17ae09", "95e2661e4a6add09c7a5d50db0c4f3ee24b91559b41fbb6829dde00393ae0dbb", "9f8d7eca78e4172e603ab0beb8e5c2b38d9753c43d74c5a6ed653de63099195d", "c1bbdd977499c88ac725bb9583871553d3f35e74ac53bb28b3dc654991417340", "dab2cf3ce1f6e8296dadb5c2b408d8fad7af1b10cf4fafcda6f5e10b76635bb3", "ed17811edaaf8818bc5e9ed634eb41422cc3b3ef3a8688a194f5fb449a036bd4", "ed58cd5205debf5c6d3409bb961af4f88ef5bd7b8f6cd422ee789f2e5f352a4e"], "name": "kkq-vx_mtx71"}, {"hashes": ["30dd9806d7fe6f3fecf98796862b12d600ecf9bf37164ad0f3562e2b92241711", "4fa102772fe3e3d8a2cef5817e51832f09b38b4728167c6a1174df9daa1b73ed", "5195a09384e48b1e0a99ffe138a813af64497b21eabadf5bda3ec303d5cd0512", "58ded283f8e88aa3b7c961a6d8c649a2a820db777683c38bd605754bff2a1b46", "7228b71bb5292e8d9d7d8ce43641fe5dbf187343a6aa21e51a160932c7200bf4", "7342e2e6fbbc5dfb3480341d18a6db87209bc2827210a83d439a9875a8c6c922", "85e5d25c134536a992ec0548d18dcf91ac55ce771ddc8a51dfad1d5f71feac65", "8788781d868e0c411ab75c53ca2f2684adb966e0621453cec303fcd19a17ae09", "95e2661e4a6add09c7a5d50db0c4f3ee24b91559b41fbb6829dde00393ae0dbb", "9f8d7eca78e4172e603ab0beb8e5c2b38d9753c43d74c5a6ed653de63099195d", "c1bbdd977499c88ac725bb9583871553d3f35e74ac53bb28b3dc654991417340", "dab2cf3ce1f6e8296dadb5c2b408d8fad7af1b10cf4fafcda6f5e10b76635bb3", "ed17811edaaf8818bc5e9ed634eb41422cc3b3ef3a8688a194f5fb449a036bd4", "ed58cd5205debf5c6d3409bb961af4f88ef5bd7b8f6cd422ee789f2e5f352a4e"], "name": "kkq-vx_mtx72"}, {"hashes": ["30dd9806d7fe6f3fecf98796862b12d600ecf9bf37164ad0f3562e2b92241711", "4fa102772fe3e3d8a2cef5817e51832f09b38b4728167c6a1174df9daa1b73ed", "5195a09384e48b1e0a99ffe138a813af64497b21eabadf5bda3ec303d5cd0512", "58ded283f8e88aa3b7c961a6d8c649a2a820db777683c38bd605754bff2a1b46", "7228b71bb5292e8d9d7d8ce43641fe5dbf187343a6aa21e51a160932c7200bf4", "7342e2e6fbbc5dfb3480341d18a6db87209bc2827210a83d439a9875a8c6c922", "85e5d25c134536a992ec0548d18dcf91ac55ce771ddc8a51dfad1d5f71feac65", "8788781d868e0c411ab75c53ca2f2684adb966e0621453cec303fcd19a17ae09", "95e2661e4a6add09c7a5d50db0c4f3ee24b91559b41fbb6829dde00393ae0dbb", "9f8d7eca78e4172e603ab0beb8e5c2b38d9753c43d74c5a6ed653de63099195d", "c1bbdd977499c88ac725bb9583871553d3f35e74ac53bb28b3dc654991417340", "dab2cf3ce1f6e8296dadb5c2b408d8fad7af1b10cf4fafcda6f5e10b76635bb3", "ed17811edaaf8818bc5e9ed634eb41422cc3b3ef3a8688a194f5fb449a036bd4", "ed58cd5205debf5c6d3409bb961af4f88ef5bd7b8f6cd422ee789f2e5f352a4e"], "name": "kkq-vx_mtx73"}, {"hashes": ["30dd9806d7fe6f3fecf98796862b12d600ecf9bf37164ad0f3562e2b92241711", "4fa102772fe3e3d8a2cef5817e51832f09b38b4728167c6a1174df9daa1b73ed", "5195a09384e48b1e0a99ffe138a813af64497b21eabadf5bda3ec303d5cd0512", "58ded283f8e88aa3b7c961a6d8c649a2a820db777683c38bd605754bff2a1b46", "7228b71bb5292e8d9d7d8ce43641fe5dbf187343a6aa21e51a160932c7200bf4", "7342e2e6fbbc5dfb3480341d18a6db87209bc2827210a83d439a9875a8c6c922", "85e5d25c134536a992ec0548d18dcf91ac55ce771ddc8a51dfad1d5f71feac65", "8788781d868e0c411ab75c53ca2f2684adb966e0621453cec303fcd19a17ae09", "95e2661e4a6add09c7a5d50db0c4f3ee24b91559b41fbb6829dde00393ae0dbb", "9f8d7eca78e4172e603ab0beb8e5c2b38d9753c43d74c5a6ed653de63099195d", "c1bbdd977499c88ac725bb9583871553d3f35e74ac53bb28b3dc654991417340", "dab2cf3ce1f6e8296dadb5c2b408d8fad7af1b10cf4fafcda6f5e10b76635bb3", "ed17811edaaf8818bc5e9ed634eb41422cc3b3ef3a8688a194f5fb449a036bd4", "ed58cd5205debf5c6d3409bb961af4f88ef5bd7b8f6cd422ee789f2e5f352a4e"], "name": "kkq-vx_mtx74"}, {"hashes": ["30dd9806d7fe6f3fecf98796862b12d600ecf9bf37164ad0f3562e2b92241711", "4fa102772fe3e3d8a2cef5817e51832f09b38b4728167c6a1174df9daa1b73ed", "5195a09384e48b1e0a99ffe138a813af64497b21eabadf5bda3ec303d5cd0512", "58ded283f8e88aa3b7c961a6d8c649a2a820db777683c38bd605754bff2a1b46", "7228b71bb5292e8d9d7d8ce43641fe5dbf187343a6aa21e51a160932c7200bf4", "7342e2e6fbbc5dfb3480341d18a6db87209bc2827210a83d439a9875a8c6c922", "85e5d25c134536a992ec0548d18dcf91ac55ce771ddc8a51dfad1d5f71feac65", "8788781d868e0c411ab75c53ca2f2684adb966e0621453cec303fcd19a17ae09", "95e2661e4a6add09c7a5d50db0c4f3ee24b91559b41fbb6829dde00393ae0dbb", "9f8d7eca78e4172e603ab0beb8e5c2b38d9753c43d74c5a6ed653de63099195d", "c1bbdd977499c88ac725bb9583871553d3f35e74ac53bb28b3dc654991417340", "dab2cf3ce1f6e8296dadb5c2b408d8fad7af1b10cf4fafcda6f5e10b76635bb3", "ed17811edaaf8818bc5e9ed634eb41422cc3b3ef3a8688a194f5fb449a036bd4", "ed58cd5205debf5c6d3409bb961af4f88ef5bd7b8f6cd422ee789f2e5f352a4e"], "name": "kkq-vx_mtx75"}, {"hashes": ["30dd9806d7fe6f3fecf98796862b12d600ecf9bf37164ad0f3562e2b92241711", "4fa102772fe3e3d8a2cef5817e51832f09b38b4728167c6a1174df9daa1b73ed", "5195a09384e48b1e0a99ffe138a813af64497b21eabadf5bda3ec303d5cd0512", "58ded283f8e88aa3b7c961a6d8c649a2a820db777683c38bd605754bff2a1b46", "7228b71bb5292e8d9d7d8ce43641fe5dbf187343a6aa21e51a160932c7200bf4", "7342e2e6fbbc5dfb3480341d18a6db87209bc2827210a83d439a9875a8c6c922", "85e5d25c134536a992ec0548d18dcf91ac55ce771ddc8a51dfad1d5f71feac65", "8788781d868e0c411ab75c53ca2f2684adb966e0621453cec303fcd19a17ae09", "95e2661e4a6add09c7a5d50db0c4f3ee24b91559b41fbb6829dde00393ae0dbb", "9f8d7eca78e4172e603ab0beb8e5c2b38d9753c43d74c5a6ed653de63099195d", "c1bbdd977499c88ac725bb9583871553d3f35e74ac53bb28b3dc654991417340", "dab2cf3ce1f6e8296dadb5c2b408d8fad7af1b10cf4fafcda6f5e10b76635bb3", "ed17811edaaf8818bc5e9ed634eb41422cc3b3ef3a8688a194f5fb449a036bd4", "ed58cd5205debf5c6d3409bb961af4f88ef5bd7b8f6cd422ee789f2e5f352a4e"], "name": "kkq-vx_mtx76"}, {"hashes": ["30dd9806d7fe6f3fecf98796862b12d600ecf9bf37164ad0f3562e2b92241711", "4fa102772fe3e3d8a2cef5817e51832f09b38b4728167c6a1174df9daa1b73ed", "5195a09384e48b1e0a99ffe138a813af64497b21eabadf5bda3ec303d5cd0512", "58ded283f8e88aa3b7c961a6d8c649a2a820db777683c38bd605754bff2a1b46", "7228b71bb5292e8d9d7d8ce43641fe5dbf187343a6aa21e51a160932c7200bf4", "7342e2e6fbbc5dfb3480341d18a6db87209bc2827210a83d439a9875a8c6c922", "85e5d25c134536a992ec0548d18dcf91ac55ce771ddc8a51dfad1d5f71feac65", "8788781d868e0c411ab75c53ca2f2684adb966e0621453cec303fcd19a17ae09", "95e2661e4a6add09c7a5d50db0c4f3ee24b91559b41fbb6829dde00393ae0dbb", "9f8d7eca78e4172e603ab0beb8e5c2b38d9753c43d74c5a6ed653de63099195d", "c1bbdd977499c88ac725bb9583871553d3f35e74ac53bb28b3dc654991417340", "dab2cf3ce1f6e8296dadb5c2b408d8fad7af1b10cf4fafcda6f5e10b76635bb3", "ed17811edaaf8818bc5e9ed634eb41422cc3b3ef3a8688a194f5fb449a036bd4", "ed58cd5205debf5c6d3409bb961af4f88ef5bd7b8f6cd422ee789f2e5f352a4e"], "name": "kkq-vx_mtx77"}, {"hashes": ["30dd9806d7fe6f3fecf98796862b12d600ecf9bf37164ad0f3562e2b92241711", "4fa102772fe3e3d8a2cef5817e51832f09b38b4728167c6a1174df9daa1b73ed", "5195a09384e48b1e0a99ffe138a813af64497b21eabadf5bda3ec303d5cd0512", "58ded283f8e88aa3b7c961a6d8c649a2a820db777683c38bd605754bff2a1b46", "7228b71bb5292e8d9d7d8ce43641fe5dbf187343a6aa21e51a160932c7200bf4", "7342e2e6fbbc5dfb3480341d18a6db87209bc2827210a83d439a9875a8c6c922", "85e5d25c134536a992ec0548d18dcf91ac55ce771ddc8a51dfad1d5f71feac65", "8788781d868e0c411ab75c53ca2f2684adb966e0621453cec303fcd19a17ae09", "95e2661e4a6add09c7a5d50db0c4f3ee24b91559b41fbb6829dde00393ae0dbb", "9f8d7eca78e4172e603ab0beb8e5c2b38d9753c43d74c5a6ed653de63099195d", "c1bbdd977499c88ac725bb9583871553d3f35e74ac53bb28b3dc654991417340", "dab2cf3ce1f6e8296dadb5c2b408d8fad7af1b10cf4fafcda6f5e10b76635bb3", "ed17811edaaf8818bc5e9ed634eb41422cc3b3ef3a8688a194f5fb449a036bd4", "ed58cd5205debf5c6d3409bb961af4f88ef5bd7b8f6cd422ee789f2e5f352a4e"], "name": "kkq-vx_mtx78"}, {"hashes": ["30dd9806d7fe6f3fecf98796862b12d600ecf9bf37164ad0f3562e2b92241711", "4fa102772fe3e3d8a2cef5817e51832f09b38b4728167c6a1174df9daa1b73ed", "5195a09384e48b1e0a99ffe138a813af64497b21eabadf5bda3ec303d5cd0512", "58ded283f8e88aa3b7c961a6d8c649a2a820db777683c38bd605754bff2a1b46", "7228b71bb5292e8d9d7d8ce43641fe5dbf187343a6aa21e51a160932c7200bf4", "7342e2e6fbbc5dfb3480341d18a6db87209bc2827210a83d439a9875a8c6c922", "85e5d25c134536a992ec0548d18dcf91ac55ce771ddc8a51dfad1d5f71feac65", "8788781d868e0c411ab75c53ca2f2684adb966e0621453cec303fcd19a17ae09", "95e2661e4a6add09c7a5d50db0c4f3ee24b91559b41fbb6829dde00393ae0dbb", "9f8d7eca78e4172e603ab0beb8e5c2b38d9753c43d74c5a6ed653de63099195d", "c1bbdd977499c88ac725bb9583871553d3f35e74ac53bb28b3dc654991417340", "dab2cf3ce1f6e8296dadb5c2b408d8fad7af1b10cf4fafcda6f5e10b76635bb3", "ed17811edaaf8818bc5e9ed634eb41422cc3b3ef3a8688a194f5fb449a036bd4", "ed58cd5205debf5c6d3409bb961af4f88ef5bd7b8f6cd422ee789f2e5f352a4e"], "name": "kkq-vx_mtx79"}, {"hashes": ["30dd9806d7fe6f3fecf98796862b12d600ecf9bf37164ad0f3562e2b92241711", "4fa102772fe3e3d8a2cef5817e51832f09b38b4728167c6a1174df9daa1b73ed", "5195a09384e48b1e0a99ffe138a813af64497b21eabadf5bda3ec303d5cd0512", "58ded283f8e88aa3b7c961a6d8c649a2a820db777683c38bd605754bff2a1b46", "7228b71bb5292e8d9d7d8ce43641fe5dbf187343a6aa21e51a160932c7200bf4", "7342e2e6fbbc5dfb3480341d18a6db87209bc2827210a83d439a9875a8c6c922", "85e5d25c134536a992ec0548d18dcf91ac55ce771ddc8a51dfad1d5f71feac65", "8788781d868e0c411ab75c53ca2f2684adb966e0621453cec303fcd19a17ae09", "95e2661e4a6add09c7a5d50db0c4f3ee24b91559b41fbb6829dde00393ae0dbb", "9f8d7eca78e4172e603ab0beb8e5c2b38d9753c43d74c5a6ed653de63099195d", "c1bbdd977499c88ac725bb9583871553d3f35e74ac53bb28b3dc654991417340", "dab2cf3ce1f6e8296dadb5c2b408d8fad7af1b10cf4fafcda6f5e10b76635bb3", "ed17811edaaf8818bc5e9ed634eb41422cc3b3ef3a8688a194f5fb449a036bd4", "ed58cd5205debf5c6d3409bb961af4f88ef5bd7b8f6cd422ee789f2e5f352a4e"], "name": "kkq-vx_mtx80"}, {"hashes": ["30dd9806d7fe6f3fecf98796862b12d600ecf9bf37164ad0f3562e2b92241711", "4fa102772fe3e3d8a2cef5817e51832f09b38b4728167c6a1174df9daa1b73ed", "5195a09384e48b1e0a99ffe138a813af64497b21eabadf5bda3ec303d5cd0512", "58ded283f8e88aa3b7c961a6d8c649a2a820db777683c38bd605754bff2a1b46", "7228b71bb5292e8d9d7d8ce43641fe5dbf187343a6aa21e51a160932c7200bf4", "7342e2e6fbbc5dfb3480341d18a6db87209bc2827210a83d439a9875a8c6c922", "85e5d25c134536a992ec0548d18dcf91ac55ce771ddc8a51dfad1d5f71feac65", "8788781d868e0c411ab75c53ca2f2684adb966e0621453cec303fcd19a17ae09", "95e2661e4a6add09c7a5d50db0c4f3ee24b91559b41fbb6829dde00393ae0dbb", "9f8d7eca78e4172e603ab0beb8e5c2b38d9753c43d74c5a6ed653de63099195d", "c1bbdd977499c88ac725bb9583871553d3f35e74ac53bb28b3dc654991417340", "dab2cf3ce1f6e8296dadb5c2b408d8fad7af1b10cf4fafcda6f5e10b76635bb3", "ed17811edaaf8818bc5e9ed634eb41422cc3b3ef3a8688a194f5fb449a036bd4", "ed58cd5205debf5c6d3409bb961af4f88ef5bd7b8f6cd422ee789f2e5f352a4e"], "name": "kkq-vx_mtx81"}, {"hashes": ["30dd9806d7fe6f3fecf98796862b12d600ecf9bf37164ad0f3562e2b92241711", "4fa102772fe3e3d8a2cef5817e51832f09b38b4728167c6a1174df9daa1b73ed", "5195a09384e48b1e0a99ffe138a813af64497b21eabadf5bda3ec303d5cd0512", "58ded283f8e88aa3b7c961a6d8c649a2a820db777683c38bd605754bff2a1b46", "7228b71bb5292e8d9d7d8ce43641fe5dbf187343a6aa21e51a160932c7200bf4", "7342e2e6fbbc5dfb3480341d18a6db87209bc2827210a83d439a9875a8c6c922", "85e5d25c134536a992ec0548d18dcf91ac55ce771ddc8a51dfad1d5f71feac65", "8788781d868e0c411ab75c53ca2f2684adb966e0621453cec303fcd19a17ae09", "95e2661e4a6add09c7a5d50db0c4f3ee24b91559b41fbb6829dde00393ae0dbb", "9f8d7eca78e4172e603ab0beb8e5c2b38d9753c43d74c5a6ed653de63099195d", "c1bbdd977499c88ac725bb9583871553d3f35e74ac53bb28b3dc654991417340", "dab2cf3ce1f6e8296dadb5c2b408d8fad7af1b10cf4fafcda6f5e10b76635bb3", "ed17811edaaf8818bc5e9ed634eb41422cc3b3ef3a8688a194f5fb449a036bd4", "ed58cd5205debf5c6d3409bb961af4f88ef5bd7b8f6cd422ee789f2e5f352a4e"], "name": "kkq-vx_mtx82"}, {"hashes": ["30dd9806d7fe6f3fecf98796862b12d600ecf9bf37164ad0f3562e2b92241711", "4fa102772fe3e3d8a2cef5817e51832f09b38b4728167c6a1174df9daa1b73ed", "5195a09384e48b1e0a99ffe138a813af64497b21eabadf5bda3ec303d5cd0512", "58ded283f8e88aa3b7c961a6d8c649a2a820db777683c38bd605754bff2a1b46", "7228b71bb5292e8d9d7d8ce43641fe5dbf187343a6aa21e51a160932c7200bf4", "7342e2e6fbbc5dfb3480341d18a6db87209bc2827210a83d439a9875a8c6c922", "85e5d25c134536a992ec0548d18dcf91ac55ce771ddc8a51dfad1d5f71feac65", "8788781d868e0c411ab75c53ca2f2684adb966e0621453cec303fcd19a17ae09", "95e2661e4a6add09c7a5d50db0c4f3ee24b91559b41fbb6829dde00393ae0dbb", "9f8d7eca78e4172e603ab0beb8e5c2b38d9753c43d74c5a6ed653de63099195d", "c1bbdd977499c88ac725bb9583871553d3f35e74ac53bb28b3dc654991417340", "dab2cf3ce1f6e8296dadb5c2b408d8fad7af1b10cf4fafcda6f5e10b76635bb3", "ed17811edaaf8818bc5e9ed634eb41422cc3b3ef3a8688a194f5fb449a036bd4", "ed58cd5205debf5c6d3409bb961af4f88ef5bd7b8f6cd422ee789f2e5f352a4e"], "name": "kkq-vx_mtx83"}, {"hashes": ["30dd9806d7fe6f3fecf98796862b12d600ecf9bf37164ad0f3562e2b92241711", "4fa102772fe3e3d8a2cef5817e51832f09b38b4728167c6a1174df9daa1b73ed", "5195a09384e48b1e0a99ffe138a813af64497b21eabadf5bda3ec303d5cd0512", "58ded283f8e88aa3b7c961a6d8c649a2a820db777683c38bd605754bff2a1b46", "7228b71bb5292e8d9d7d8ce43641fe5dbf187343a6aa21e51a160932c7200bf4", "7342e2e6fbbc5dfb3480341d18a6db87209bc2827210a83d439a9875a8c6c922", "85e5d25c134536a992ec0548d18dcf91ac55ce771ddc8a51dfad1d5f71feac65", "8788781d868e0c411ab75c53ca2f2684adb966e0621453cec303fcd19a17ae09", "95e2661e4a6add09c7a5d50db0c4f3ee24b91559b41fbb6829dde00393ae0dbb", "9f8d7eca78e4172e603ab0beb8e5c2b38d9753c43d74c5a6ed653de63099195d", "c1bbdd977499c88ac725bb9583871553d3f35e74ac53bb28b3dc654991417340", "dab2cf3ce1f6e8296dadb5c2b408d8fad7af1b10cf4fafcda6f5e10b76635bb3", "ed17811edaaf8818bc5e9ed634eb41422cc3b3ef3a8688a194f5fb449a036bd4", "ed58cd5205debf5c6d3409bb961af4f88ef5bd7b8f6cd422ee789f2e5f352a4e"], "name": "kkq-vx_mtx84"}, {"hashes": ["30dd9806d7fe6f3fecf98796862b12d600ecf9bf37164ad0f3562e2b92241711", "4fa102772fe3e3d8a2cef5817e51832f09b38b4728167c6a1174df9daa1b73ed", "5195a09384e48b1e0a99ffe138a813af64497b21eabadf5bda3ec303d5cd0512", "58ded283f8e88aa3b7c961a6d8c649a2a820db777683c38bd605754bff2a1b46", "7228b71bb5292e8d9d7d8ce43641fe5dbf187343a6aa21e51a160932c7200bf4", "7342e2e6fbbc5dfb3480341d18a6db87209bc2827210a83d439a9875a8c6c922", "85e5d25c134536a992ec0548d18dcf91ac55ce771ddc8a51dfad1d5f71feac65", "8788781d868e0c411ab75c53ca2f2684adb966e0621453cec303fcd19a17ae09", "95e2661e4a6add09c7a5d50db0c4f3ee24b91559b41fbb6829dde00393ae0dbb", "9f8d7eca78e4172e603ab0beb8e5c2b38d9753c43d74c5a6ed653de63099195d", "c1bbdd977499c88ac725bb9583871553d3f35e74ac53bb28b3dc654991417340", "dab2cf3ce1f6e8296dadb5c2b408d8fad7af1b10cf4fafcda6f5e10b76635bb3", "ed17811edaaf8818bc5e9ed634eb41422cc3b3ef3a8688a194f5fb449a036bd4", "ed58cd5205debf5c6d3409bb961af4f88ef5bd7b8f6cd422ee789f2e5f352a4e"], "name": "kkq-vx_mtx85"}, {"hashes": ["30dd9806d7fe6f3fecf98796862b12d600ecf9bf37164ad0f3562e2b92241711", "4fa102772fe3e3d8a2cef5817e51832f09b38b4728167c6a1174df9daa1b73ed", "5195a09384e48b1e0a99ffe138a813af64497b21eabadf5bda3ec303d5cd0512", "58ded283f8e88aa3b7c961a6d8c649a2a820db777683c38bd605754bff2a1b46", "7228b71bb5292e8d9d7d8ce43641fe5dbf187343a6aa21e51a160932c7200bf4", "7342e2e6fbbc5dfb3480341d18a6db87209bc2827210a83d439a9875a8c6c922", "85e5d25c134536a992ec0548d18dcf91ac55ce771ddc8a51dfad1d5f71feac65", "8788781d868e0c411ab75c53ca2f2684adb966e0621453cec303fcd19a17ae09", "95e2661e4a6add09c7a5d50db0c4f3ee24b91559b41fbb6829dde00393ae0dbb", "9f8d7eca78e4172e603ab0beb8e5c2b38d9753c43d74c5a6ed653de63099195d", "c1bbdd977499c88ac725bb9583871553d3f35e74ac53bb28b3dc654991417340", "dab2cf3ce1f6e8296dadb5c2b408d8fad7af1b10cf4fafcda6f5e10b76635bb3", "ed17811edaaf8818bc5e9ed634eb41422cc3b3ef3a8688a194f5fb449a036bd4", "ed58cd5205debf5c6d3409bb961af4f88ef5bd7b8f6cd422ee789f2e5f352a4e"], "name": "kkq-vx_mtx86"}, {"hashes": ["30dd9806d7fe6f3fecf98796862b12d600ecf9bf37164ad0f3562e2b92241711", "4fa102772fe3e3d8a2cef5817e51832f09b38b4728167c6a1174df9daa1b73ed", "5195a09384e48b1e0a99ffe138a813af64497b21eabadf5bda3ec303d5cd0512", "58ded283f8e88aa3b7c961a6d8c649a2a820db777683c38bd605754bff2a1b46", "7228b71bb5292e8d9d7d8ce43641fe5dbf187343a6aa21e51a160932c7200bf4", "7342e2e6fbbc5dfb3480341d18a6db87209bc2827210a83d439a9875a8c6c922", "85e5d25c134536a992ec0548d18dcf91ac55ce771ddc8a51dfad1d5f71feac65", "8788781d868e0c411ab75c53ca2f2684adb966e0621453cec303fcd19a17ae09", "95e2661e4a6add09c7a5d50db0c4f3ee24b91559b41fbb6829dde00393ae0dbb", "9f8d7eca78e4172e603ab0beb8e5c2b38d9753c43d74c5a6ed653de63099195d", "c1bbdd977499c88ac725bb9583871553d3f35e74ac53bb28b3dc654991417340", "dab2cf3ce1f6e8296dadb5c2b408d8fad7af1b10cf4fafcda6f5e10b76635bb3", "ed17811edaaf8818bc5e9ed634eb41422cc3b3ef3a8688a194f5fb449a036bd4", "ed58cd5205debf5c6d3409bb961af4f88ef5bd7b8f6cd422ee789f2e5f352a4e"], "name": "kkq-vx_mtx87"}, {"hashes": ["30dd9806d7fe6f3fecf98796862b12d600ecf9bf37164ad0f3562e2b92241711", "4fa102772fe3e3d8a2cef5817e51832f09b38b4728167c6a1174df9daa1b73ed", "5195a09384e48b1e0a99ffe138a813af64497b21eabadf5bda3ec303d5cd0512", "58ded283f8e88aa3b7c961a6d8c649a2a820db777683c38bd605754bff2a1b46", "7228b71bb5292e8d9d7d8ce43641fe5dbf187343a6aa21e51a160932c7200bf4", "7342e2e6fbbc5dfb3480341d18a6db87209bc2827210a83d439a9875a8c6c922", "85e5d25c134536a992ec0548d18dcf91ac55ce771ddc8a51dfad1d5f71feac65", "8788781d868e0c411ab75c53ca2f2684adb966e0621453cec303fcd19a17ae09", "95e2661e4a6add09c7a5d50db0c4f3ee24b91559b41fbb6829dde00393ae0dbb", "9f8d7eca78e4172e603ab0beb8e5c2b38d9753c43d74c5a6ed653de63099195d", "c1bbdd977499c88ac725bb9583871553d3f35e74ac53bb28b3dc654991417340", "dab2cf3ce1f6e8296dadb5c2b408d8fad7af1b10cf4fafcda6f5e10b76635bb3", "ed17811edaaf8818bc5e9ed634eb41422cc3b3ef3a8688a194f5fb449a036bd4", "ed58cd5205debf5c6d3409bb961af4f88ef5bd7b8f6cd422ee789f2e5f352a4e"], "name": "kkq-vx_mtx88"}, {"hashes": ["30dd9806d7fe6f3fecf98796862b12d600ecf9bf37164ad0f3562e2b92241711", "4fa102772fe3e3d8a2cef5817e51832f09b38b4728167c6a1174df9daa1b73ed", "5195a09384e48b1e0a99ffe138a813af64497b21eabadf5bda3ec303d5cd0512", "58ded283f8e88aa3b7c961a6d8c649a2a820db777683c38bd605754bff2a1b46", "7228b71bb5292e8d9d7d8ce43641fe5dbf187343a6aa21e51a160932c7200bf4", "7342e2e6fbbc5dfb3480341d18a6db87209bc2827210a83d439a9875a8c6c922", "85e5d25c134536a992ec0548d18dcf91ac55ce771ddc8a51dfad1d5f71feac65", "8788781d868e0c411ab75c53ca2f2684adb966e0621453cec303fcd19a17ae09", "95e2661e4a6add09c7a5d50db0c4f3ee24b91559b41fbb6829dde00393ae0dbb", "9f8d7eca78e4172e603ab0beb8e5c2b38d9753c43d74c5a6ed653de63099195d", "c1bbdd977499c88ac725bb9583871553d3f35e74ac53bb28b3dc654991417340", "dab2cf3ce1f6e8296dadb5c2b408d8fad7af1b10cf4fafcda6f5e10b76635bb3", "ed17811edaaf8818bc5e9ed634eb41422cc3b3ef3a8688a194f5fb449a036bd4", "ed58cd5205debf5c6d3409bb961af4f88ef5bd7b8f6cd422ee789f2e5f352a4e"], "name": "kkq-vx_mtx89"}, {"hashes": ["30dd9806d7fe6f3fecf98796862b12d600ecf9bf37164ad0f3562e2b92241711", "4fa102772fe3e3d8a2cef5817e51832f09b38b4728167c6a1174df9daa1b73ed", "5195a09384e48b1e0a99ffe138a813af64497b21eabadf5bda3ec303d5cd0512", "58ded283f8e88aa3b7c961a6d8c649a2a820db777683c38bd605754bff2a1b46", "7228b71bb5292e8d9d7d8ce43641fe5dbf187343a6aa21e51a160932c7200bf4", "7342e2e6fbbc5dfb3480341d18a6db87209bc2827210a83d439a9875a8c6c922", "85e5d25c134536a992ec0548d18dcf91ac55ce771ddc8a51dfad1d5f71feac65", "8788781d868e0c411ab75c53ca2f2684adb966e0621453cec303fcd19a17ae09", "95e2661e4a6add09c7a5d50db0c4f3ee24b91559b41fbb6829dde00393ae0dbb", "9f8d7eca78e4172e603ab0beb8e5c2b38d9753c43d74c5a6ed653de63099195d", "c1bbdd977499c88ac725bb9583871553d3f35e74ac53bb28b3dc654991417340", "dab2cf3ce1f6e8296dadb5c2b408d8fad7af1b10cf4fafcda6f5e10b76635bb3", "ed17811edaaf8818bc5e9ed634eb41422cc3b3ef3a8688a194f5fb449a036bd4", "ed58cd5205debf5c6d3409bb961af4f88ef5bd7b8f6cd422ee789f2e5f352a4e"], "name": "kkq-vx_mtx90"}, {"hashes": ["30dd9806d7fe6f3fecf98796862b12d600ecf9bf37164ad0f3562e2b92241711", "4fa102772fe3e3d8a2cef5817e51832f09b38b4728167c6a1174df9daa1b73ed", "5195a09384e48b1e0a99ffe138a813af64497b21eabadf5bda3ec303d5cd0512", "58ded283f8e88aa3b7c961a6d8c649a2a820db777683c38bd605754bff2a1b46", "7228b71bb5292e8d9d7d8ce43641fe5dbf187343a6aa21e51a160932c7200bf4", "7342e2e6fbbc5dfb3480341d18a6db87209bc2827210a83d439a9875a8c6c922", "85e5d25c134536a992ec0548d18dcf91ac55ce771ddc8a51dfad1d5f71feac65", "8788781d868e0c411ab75c53ca2f2684adb966e0621453cec303fcd19a17ae09", "95e2661e4a6add09c7a5d50db0c4f3ee24b91559b41fbb6829dde00393ae0dbb", "9f8d7eca78e4172e603ab0beb8e5c2b38d9753c43d74c5a6ed653de63099195d", "c1bbdd977499c88ac725bb9583871553d3f35e74ac53bb28b3dc654991417340", "dab2cf3ce1f6e8296dadb5c2b408d8fad7af1b10cf4fafcda6f5e10b76635bb3", "ed17811edaaf8818bc5e9ed634eb41422cc3b3ef3a8688a194f5fb449a036bd4", "ed58cd5205debf5c6d3409bb961af4f88ef5bd7b8f6cd422ee789f2e5f352a4e"], "name": "kkq-vx_mtx91"}, {"hashes": ["30dd9806d7fe6f3fecf98796862b12d600ecf9bf37164ad0f3562e2b92241711", "4fa102772fe3e3d8a2cef5817e51832f09b38b4728167c6a1174df9daa1b73ed", "5195a09384e48b1e0a99ffe138a813af64497b21eabadf5bda3ec303d5cd0512", "58ded283f8e88aa3b7c961a6d8c649a2a820db777683c38bd605754bff2a1b46", "7228b71bb5292e8d9d7d8ce43641fe5dbf187343a6aa21e51a160932c7200bf4", "7342e2e6fbbc5dfb3480341d18a6db87209bc2827210a83d439a9875a8c6c922", "85e5d25c134536a992ec0548d18dcf91ac55ce771ddc8a51dfad1d5f71feac65", "8788781d868e0c411ab75c53ca2f2684adb966e0621453cec303fcd19a17ae09", "95e2661e4a6add09c7a5d50db0c4f3ee24b91559b41fbb6829dde00393ae0dbb", "9f8d7eca78e4172e603ab0beb8e5c2b38d9753c43d74c5a6ed653de63099195d", "c1bbdd977499c88ac725bb9583871553d3f35e74ac53bb28b3dc654991417340", "dab2cf3ce1f6e8296dadb5c2b408d8fad7af1b10cf4fafcda6f5e10b76635bb3", "ed17811edaaf8818bc5e9ed634eb41422cc3b3ef3a8688a194f5fb449a036bd4", "ed58cd5205debf5c6d3409bb961af4f88ef5bd7b8f6cd422ee789f2e5f352a4e"], "name": "kkq-vx_mtx92"}, {"hashes": ["30dd9806d7fe6f3fecf98796862b12d600ecf9bf37164ad0f3562e2b92241711", "4fa102772fe3e3d8a2cef5817e51832f09b38b4728167c6a1174df9daa1b73ed", "5195a09384e48b1e0a99ffe138a813af64497b21eabadf5bda3ec303d5cd0512", "58ded283f8e88aa3b7c961a6d8c649a2a820db777683c38bd605754bff2a1b46", "7228b71bb5292e8d9d7d8ce43641fe5dbf187343a6aa21e51a160932c7200bf4", "7342e2e6fbbc5dfb3480341d18a6db87209bc2827210a83d439a9875a8c6c922", "85e5d25c134536a992ec0548d18dcf91ac55ce771ddc8a51dfad1d5f71feac65", "8788781d868e0c411ab75c53ca2f2684adb966e0621453cec303fcd19a17ae09", "95e2661e4a6add09c7a5d50db0c4f3ee24b91559b41fbb6829dde00393ae0dbb", "9f8d7eca78e4172e603ab0beb8e5c2b38d9753c43d74c5a6ed653de63099195d", "c1bbdd977499c88ac725bb9583871553d3f35e74ac53bb28b3dc654991417340", "dab2cf3ce1f6e8296dadb5c2b408d8fad7af1b10cf4fafcda6f5e10b76635bb3", "ed17811edaaf8818bc5e9ed634eb41422cc3b3ef3a8688a194f5fb449a036bd4", "ed58cd5205debf5c6d3409bb961af4f88ef5bd7b8f6cd422ee789f2e5f352a4e"], "name": "kkq-vx_mtx93"}, {"hashes": ["30dd9806d7fe6f3fecf98796862b12d600ecf9bf37164ad0f3562e2b92241711", "4fa102772fe3e3d8a2cef5817e51832f09b38b4728167c6a1174df9daa1b73ed", "5195a09384e48b1e0a99ffe138a813af64497b21eabadf5bda3ec303d5cd0512", "58ded283f8e88aa3b7c961a6d8c649a2a820db777683c38bd605754bff2a1b46", "7228b71bb5292e8d9d7d8ce43641fe5dbf187343a6aa21e51a160932c7200bf4", "7342e2e6fbbc5dfb3480341d18a6db87209bc2827210a83d439a9875a8c6c922", "85e5d25c134536a992ec0548d18dcf91ac55ce771ddc8a51dfad1d5f71feac65", "8788781d868e0c411ab75c53ca2f2684adb966e0621453cec303fcd19a17ae09", "95e2661e4a6add09c7a5d50db0c4f3ee24b91559b41fbb6829dde00393ae0dbb", "9f8d7eca78e4172e603ab0beb8e5c2b38d9753c43d74c5a6ed653de63099195d", "c1bbdd977499c88ac725bb9583871553d3f35e74ac53bb28b3dc654991417340", "dab2cf3ce1f6e8296dadb5c2b408d8fad7af1b10cf4fafcda6f5e10b76635bb3", "ed17811edaaf8818bc5e9ed634eb41422cc3b3ef3a8688a194f5fb449a036bd4", "ed58cd5205debf5c6d3409bb961af4f88ef5bd7b8f6cd422ee789f2e5f352a4e"], "name": "kkq-vx_mtx94"}, {"hashes": ["30dd9806d7fe6f3fecf98796862b12d600ecf9bf37164ad0f3562e2b92241711", "4fa102772fe3e3d8a2cef5817e51832f09b38b4728167c6a1174df9daa1b73ed", "5195a09384e48b1e0a99ffe138a813af64497b21eabadf5bda3ec303d5cd0512", "58ded283f8e88aa3b7c961a6d8c649a2a820db777683c38bd605754bff2a1b46", "7228b71bb5292e8d9d7d8ce43641fe5dbf187343a6aa21e51a160932c7200bf4", "7342e2e6fbbc5dfb3480341d18a6db87209bc2827210a83d439a9875a8c6c922", "85e5d25c134536a992ec0548d18dcf91ac55ce771ddc8a51dfad1d5f71feac65", "8788781d868e0c411ab75c53ca2f2684adb966e0621453cec303fcd19a17ae09", "95e2661e4a6add09c7a5d50db0c4f3ee24b91559b41fbb6829dde00393ae0dbb", "9f8d7eca78e4172e603ab0beb8e5c2b38d9753c43d74c5a6ed653de63099195d", "c1bbdd977499c88ac725bb9583871553d3f35e74ac53bb28b3dc654991417340", "dab2cf3ce1f6e8296dadb5c2b408d8fad7af1b10cf4fafcda6f5e10b76635bb3", "ed17811edaaf8818bc5e9ed634eb41422cc3b3ef3a8688a194f5fb449a036bd4", "ed58cd5205debf5c6d3409bb961af4f88ef5bd7b8f6cd422ee789f2e5f352a4e"], "name": "kkq-vx_mtx95"}, {"hashes": ["30dd9806d7fe6f3fecf98796862b12d600ecf9bf37164ad0f3562e2b92241711", "4fa102772fe3e3d8a2cef5817e51832f09b38b4728167c6a1174df9daa1b73ed", "5195a09384e48b1e0a99ffe138a813af64497b21eabadf5bda3ec303d5cd0512", "58ded283f8e88aa3b7c961a6d8c649a2a820db777683c38bd605754bff2a1b46", "7228b71bb5292e8d9d7d8ce43641fe5dbf187343a6aa21e51a160932c7200bf4", "7342e2e6fbbc5dfb3480341d18a6db87209bc2827210a83d439a9875a8c6c922", "85e5d25c134536a992ec0548d18dcf91ac55ce771ddc8a51dfad1d5f71feac65", "8788781d868e0c411ab75c53ca2f2684adb966e0621453cec303fcd19a17ae09", "95e2661e4a6add09c7a5d50db0c4f3ee24b91559b41fbb6829dde00393ae0dbb", "9f8d7eca78e4172e603ab0beb8e5c2b38d9753c43d74c5a6ed653de63099195d", "c1bbdd977499c88ac725bb9583871553d3f35e74ac53bb28b3dc654991417340", "dab2cf3ce1f6e8296dadb5c2b408d8fad7af1b10cf4fafcda6f5e10b76635bb3", "ed17811edaaf8818bc5e9ed634eb41422cc3b3ef3a8688a194f5fb449a036bd4", "ed58cd5205debf5c6d3409bb961af4f88ef5bd7b8f6cd422ee789f2e5f352a4e"], "name": "kkq-vx_mtx96"}, {"hashes": ["30dd9806d7fe6f3fecf98796862b12d600ecf9bf37164ad0f3562e2b92241711", "4fa102772fe3e3d8a2cef5817e51832f09b38b4728167c6a1174df9daa1b73ed", "5195a09384e48b1e0a99ffe138a813af64497b21eabadf5bda3ec303d5cd0512", "58ded283f8e88aa3b7c961a6d8c649a2a820db777683c38bd605754bff2a1b46", "7228b71bb5292e8d9d7d8ce43641fe5dbf187343a6aa21e51a160932c7200bf4", "7342e2e6fbbc5dfb3480341d18a6db87209bc2827210a83d439a9875a8c6c922", "85e5d25c134536a992ec0548d18dcf91ac55ce771ddc8a51dfad1d5f71feac65", "8788781d868e0c411ab75c53ca2f2684adb966e0621453cec303fcd19a17ae09", "95e2661e4a6add09c7a5d50db0c4f3ee24b91559b41fbb6829dde00393ae0dbb", "9f8d7eca78e4172e603ab0beb8e5c2b38d9753c43d74c5a6ed653de63099195d", "c1bbdd977499c88ac725bb9583871553d3f35e74ac53bb28b3dc654991417340", "dab2cf3ce1f6e8296dadb5c2b408d8fad7af1b10cf4fafcda6f5e10b76635bb3", "ed17811edaaf8818bc5e9ed634eb41422cc3b3ef3a8688a194f5fb449a036bd4", "ed58cd5205debf5c6d3409bb961af4f88ef5bd7b8f6cd422ee789f2e5f352a4e"], "name": "kkq-vx_mtx97"}, {"hashes": ["30dd9806d7fe6f3fecf98796862b12d600ecf9bf37164ad0f3562e2b92241711", "4fa102772fe3e3d8a2cef5817e51832f09b38b4728167c6a1174df9daa1b73ed", "5195a09384e48b1e0a99ffe138a813af64497b21eabadf5bda3ec303d5cd0512", "58ded283f8e88aa3b7c961a6d8c649a2a820db777683c38bd605754bff2a1b46", "7228b71bb5292e8d9d7d8ce43641fe5dbf187343a6aa21e51a160932c7200bf4", "7342e2e6fbbc5dfb3480341d18a6db87209bc2827210a83d439a9875a8c6c922", "85e5d25c134536a992ec0548d18dcf91ac55ce771ddc8a51dfad1d5f71feac65", "8788781d868e0c411ab75c53ca2f2684adb966e0621453cec303fcd19a17ae09", "95e2661e4a6add09c7a5d50db0c4f3ee24b91559b41fbb6829dde00393ae0dbb", "9f8d7eca78e4172e603ab0beb8e5c2b38d9753c43d74c5a6ed653de63099195d", "c1bbdd977499c88ac725bb9583871553d3f35e74ac53bb28b3dc654991417340", "dab2cf3ce1f6e8296dadb5c2b408d8fad7af1b10cf4fafcda6f5e10b76635bb3", "ed17811edaaf8818bc5e9ed634eb41422cc3b3ef3a8688a194f5fb449a036bd4", "ed58cd5205debf5c6d3409bb961af4f88ef5bd7b8f6cd422ee789f2e5f352a4e"], "name": "kkq-vx_mtx98"}, {"hashes": ["30dd9806d7fe6f3fecf98796862b12d600ecf9bf37164ad0f3562e2b92241711", "4fa102772fe3e3d8a2cef5817e51832f09b38b4728167c6a1174df9daa1b73ed", "5195a09384e48b1e0a99ffe138a813af64497b21eabadf5bda3ec303d5cd0512", "58ded283f8e88aa3b7c961a6d8c649a2a820db777683c38bd605754bff2a1b46", "7228b71bb5292e8d9d7d8ce43641fe5dbf187343a6aa21e51a160932c7200bf4", "7342e2e6fbbc5dfb3480341d18a6db87209bc2827210a83d439a9875a8c6c922", "85e5d25c134536a992ec0548d18dcf91ac55ce771ddc8a51dfad1d5f71feac65", "8788781d868e0c411ab75c53ca2f2684adb966e0621453cec303fcd19a17ae09", "95e2661e4a6add09c7a5d50db0c4f3ee24b91559b41fbb6829dde00393ae0dbb", "9f8d7eca78e4172e603ab0beb8e5c2b38d9753c43d74c5a6ed653de63099195d", "c1bbdd977499c88ac725bb9583871553d3f35e74ac53bb28b3dc654991417340", "dab2cf3ce1f6e8296dadb5c2b408d8fad7af1b10cf4fafcda6f5e10b76635bb3", "ed17811edaaf8818bc5e9ed634eb41422cc3b3ef3a8688a194f5fb449a036bd4", "ed58cd5205debf5c6d3409bb961af4f88ef5bd7b8f6cd422ee789f2e5f352a4e"], "name": "kkq-vx_mtx99"}, {"hashes": ["30dd9806d7fe6f3fecf98796862b12d600ecf9bf37164ad0f3562e2b92241711", "4fa102772fe3e3d8a2cef5817e51832f09b38b4728167c6a1174df9daa1b73ed", "5195a09384e48b1e0a99ffe138a813af64497b21eabadf5bda3ec303d5cd0512", "58ded283f8e88aa3b7c961a6d8c649a2a820db777683c38bd605754bff2a1b46", "7228b71bb5292e8d9d7d8ce43641fe5dbf187343a6aa21e51a160932c7200bf4", "7342e2e6fbbc5dfb3480341d18a6db87209bc2827210a83d439a9875a8c6c922", "85e5d25c134536a992ec0548d18dcf91ac55ce771ddc8a51dfad1d5f71feac65", "8788781d868e0c411ab75c53ca2f2684adb966e0621453cec303fcd19a17ae09", "95e2661e4a6add09c7a5d50db0c4f3ee24b91559b41fbb6829dde00393ae0dbb", "9f8d7eca78e4172e603ab0beb8e5c2b38d9753c43d74c5a6ed653de63099195d", "c1bbdd977499c88ac725bb9583871553d3f35e74ac53bb28b3dc654991417340", "dab2cf3ce1f6e8296dadb5c2b408d8fad7af1b10cf4fafcda6f5e10b76635bb3", "ed17811edaaf8818bc5e9ed634eb41422cc3b3ef3a8688a194f5fb449a036bd4", "ed58cd5205debf5c6d3409bb961af4f88ef5bd7b8f6cd422ee789f2e5f352a4e"], "name": "gazavat-svc"}, {"hashes": ["30dd9806d7fe6f3fecf98796862b12d600ecf9bf37164ad0f3562e2b92241711", "4fa102772fe3e3d8a2cef5817e51832f09b38b4728167c6a1174df9daa1b73ed", "5195a09384e48b1e0a99ffe138a813af64497b21eabadf5bda3ec303d5cd0512", "58ded283f8e88aa3b7c961a6d8c649a2a820db777683c38bd605754bff2a1b46", "7228b71bb5292e8d9d7d8ce43641fe5dbf187343a6aa21e51a160932c7200bf4", "7342e2e6fbbc5dfb3480341d18a6db87209bc2827210a83d439a9875a8c6c922", "85e5d25c134536a992ec0548d18dcf91ac55ce771ddc8a51dfad1d5f71feac65", "8788781d868e0c411ab75c53ca2f2684adb966e0621453cec303fcd19a17ae09", "95e2661e4a6add09c7a5d50db0c4f3ee24b91559b41fbb6829dde00393ae0dbb", "9f8d7eca78e4172e603ab0beb8e5c2b38d9753c43d74c5a6ed653de63099195d", "c1bbdd977499c88ac725bb9583871553d3f35e74ac53bb28b3dc654991417340", "dab2cf3ce1f6e8296dadb5c2b408d8fad7af1b10cf4fafcda6f5e10b76635bb3", "ed17811edaaf8818bc5e9ed634eb41422cc3b3ef3a8688a194f5fb449a036bd4", "ed58cd5205debf5c6d3409bb961af4f88ef5bd7b8f6cd422ee789f2e5f352a4e"], "name": "kkq-vx_mtx31"}, {"hashes": ["30dd9806d7fe6f3fecf98796862b12d600ecf9bf37164ad0f3562e2b92241711", "4fa102772fe3e3d8a2cef5817e51832f09b38b4728167c6a1174df9daa1b73ed", "5195a09384e48b1e0a99ffe138a813af64497b21eabadf5bda3ec303d5cd0512", "58ded283f8e88aa3b7c961a6d8c649a2a820db777683c38bd605754bff2a1b46", "7228b71bb5292e8d9d7d8ce43641fe5dbf187343a6aa21e51a160932c7200bf4", "7342e2e6fbbc5dfb3480341d18a6db87209bc2827210a83d439a9875a8c6c922", "85e5d25c134536a992ec0548d18dcf91ac55ce771ddc8a51dfad1d5f71feac65", "8788781d868e0c411ab75c53ca2f2684adb966e0621453cec303fcd19a17ae09", "95e2661e4a6add09c7a5d50db0c4f3ee24b91559b41fbb6829dde00393ae0dbb", "9f8d7eca78e4172e603ab0beb8e5c2b38d9753c43d74c5a6ed653de63099195d", "c1bbdd977499c88ac725bb9583871553d3f35e74ac53bb28b3dc654991417340", "dab2cf3ce1f6e8296dadb5c2b408d8fad7af1b10cf4fafcda6f5e10b76635bb3", "ed17811edaaf8818bc5e9ed634eb41422cc3b3ef3a8688a194f5fb449a036bd4", "ed58cd5205debf5c6d3409bb961af4f88ef5bd7b8f6cd422ee789f2e5f352a4e"], "name": "kkq-vx_mtx32"}, {"hashes": ["30dd9806d7fe6f3fecf98796862b12d600ecf9bf37164ad0f3562e2b92241711", "4fa102772fe3e3d8a2cef5817e51832f09b38b4728167c6a1174df9daa1b73ed", "5195a09384e48b1e0a99ffe138a813af64497b21eabadf5bda3ec303d5cd0512", "58ded283f8e88aa3b7c961a6d8c649a2a820db777683c38bd605754bff2a1b46", "7228b71bb5292e8d9d7d8ce43641fe5dbf187343a6aa21e51a160932c7200bf4", "7342e2e6fbbc5dfb3480341d18a6db87209bc2827210a83d439a9875a8c6c922", "85e5d25c134536a992ec0548d18dcf91ac55ce771ddc8a51dfad1d5f71feac65", "8788781d868e0c411ab75c53ca2f2684adb966e0621453cec303fcd19a17ae09", "95e2661e4a6add09c7a5d50db0c4f3ee24b91559b41fbb6829dde00393ae0dbb", "9f8d7eca78e4172e603ab0beb8e5c2b38d9753c43d74c5a6ed653de63099195d", "c1bbdd977499c88ac725bb9583871553d3f35e74ac53bb28b3dc654991417340", "dab2cf3ce1f6e8296dadb5c2b408d8fad7af1b10cf4fafcda6f5e10b76635bb3", "ed17811edaaf8818bc5e9ed634eb41422cc3b3ef3a8688a194f5fb449a036bd4", "ed58cd5205debf5c6d3409bb961af4f88ef5bd7b8f6cd422ee789f2e5f352a4e"], "name": "kkq-vx_mtx33"}, {"hashes": ["30dd9806d7fe6f3fecf98796862b12d600ecf9bf37164ad0f3562e2b92241711", "4fa102772fe3e3d8a2cef5817e51832f09b38b4728167c6a1174df9daa1b73ed", "5195a09384e48b1e0a99ffe138a813af64497b21eabadf5bda3ec303d5cd0512", "58ded283f8e88aa3b7c961a6d8c649a2a820db777683c38bd605754bff2a1b46", "7228b71bb5292e8d9d7d8ce43641fe5dbf187343a6aa21e51a160932c7200bf4", "7342e2e6fbbc5dfb3480341d18a6db87209bc2827210a83d439a9875a8c6c922", "85e5d25c134536a992ec0548d18dcf91ac55ce771ddc8a51dfad1d5f71feac65", "8788781d868e0c411ab75c53ca2f2684adb966e0621453cec303fcd19a17ae09", "95e2661e4a6add09c7a5d50db0c4f3ee24b91559b41fbb6829dde00393ae0dbb", "9f8d7eca78e4172e603ab0beb8e5c2b38d9753c43d74c5a6ed653de63099195d", "c1bbdd977499c88ac725bb9583871553d3f35e74ac53bb28b3dc654991417340", "dab2cf3ce1f6e8296dadb5c2b408d8fad7af1b10cf4fafcda6f5e10b76635bb3", "ed17811edaaf8818bc5e9ed634eb41422cc3b3ef3a8688a194f5fb449a036bd4", "ed58cd5205debf5c6d3409bb961af4f88ef5bd7b8f6cd422ee789f2e5f352a4e"], "name": "kkq-vx_mtx34"}, {"hashes": ["30dd9806d7fe6f3fecf98796862b12d600ecf9bf37164ad0f3562e2b92241711", "4fa102772fe3e3d8a2cef5817e51832f09b38b4728167c6a1174df9daa1b73ed", "5195a09384e48b1e0a99ffe138a813af64497b21eabadf5bda3ec303d5cd0512", "58ded283f8e88aa3b7c961a6d8c649a2a820db777683c38bd605754bff2a1b46", "7228b71bb5292e8d9d7d8ce43641fe5dbf187343a6aa21e51a160932c7200bf4", "7342e2e6fbbc5dfb3480341d18a6db87209bc2827210a83d439a9875a8c6c922", "85e5d25c134536a992ec0548d18dcf91ac55ce771ddc8a51dfad1d5f71feac65", "8788781d868e0c411ab75c53ca2f2684adb966e0621453cec303fcd19a17ae09", "95e2661e4a6add09c7a5d50db0c4f3ee24b91559b41fbb6829dde00393ae0dbb", "9f8d7eca78e4172e603ab0beb8e5c2b38d9753c43d74c5a6ed653de63099195d", "c1bbdd977499c88ac725bb9583871553d3f35e74ac53bb28b3dc654991417340", "dab2cf3ce1f6e8296dadb5c2b408d8fad7af1b10cf4fafcda6f5e10b76635bb3", "ed17811edaaf8818bc5e9ed634eb41422cc3b3ef3a8688a194f5fb449a036bd4", "ed58cd5205debf5c6d3409bb961af4f88ef5bd7b8f6cd422ee789f2e5f352a4e"], "name": "kkq-vx_mtx35"}, {"hashes": ["30dd9806d7fe6f3fecf98796862b12d600ecf9bf37164ad0f3562e2b92241711", "4fa102772fe3e3d8a2cef5817e51832f09b38b4728167c6a1174df9daa1b73ed", "5195a09384e48b1e0a99ffe138a813af64497b21eabadf5bda3ec303d5cd0512", "58ded283f8e88aa3b7c961a6d8c649a2a820db777683c38bd605754bff2a1b46", "7228b71bb5292e8d9d7d8ce43641fe5dbf187343a6aa21e51a160932c7200bf4", "7342e2e6fbbc5dfb3480341d18a6db87209bc2827210a83d439a9875a8c6c922", "85e5d25c134536a992ec0548d18dcf91ac55ce771ddc8a51dfad1d5f71feac65", "8788781d868e0c411ab75c53ca2f2684adb966e0621453cec303fcd19a17ae09", "95e2661e4a6add09c7a5d50db0c4f3ee24b91559b41fbb6829dde00393ae0dbb", "9f8d7eca78e4172e603ab0beb8e5c2b38d9753c43d74c5a6ed653de63099195d", "c1bbdd977499c88ac725bb9583871553d3f35e74ac53bb28b3dc654991417340", "dab2cf3ce1f6e8296dadb5c2b408d8fad7af1b10cf4fafcda6f5e10b76635bb3", "ed17811edaaf8818bc5e9ed634eb41422cc3b3ef3a8688a194f5fb449a036bd4", "ed58cd5205debf5c6d3409bb961af4f88ef5bd7b8f6cd422ee789f2e5f352a4e"], "name": "kkq-vx_mtx36"}, {"hashes": ["30dd9806d7fe6f3fecf98796862b12d600ecf9bf37164ad0f3562e2b92241711", "4fa102772fe3e3d8a2cef5817e51832f09b38b4728167c6a1174df9daa1b73ed", "5195a09384e48b1e0a99ffe138a813af64497b21eabadf5bda3ec303d5cd0512", "58ded283f8e88aa3b7c961a6d8c649a2a820db777683c38bd605754bff2a1b46", "7228b71bb5292e8d9d7d8ce43641fe5dbf187343a6aa21e51a160932c7200bf4", "7342e2e6fbbc5dfb3480341d18a6db87209bc2827210a83d439a9875a8c6c922", "85e5d25c134536a992ec0548d18dcf91ac55ce771ddc8a51dfad1d5f71feac65", "8788781d868e0c411ab75c53ca2f2684adb966e0621453cec303fcd19a17ae09", "95e2661e4a6add09c7a5d50db0c4f3ee24b91559b41fbb6829dde00393ae0dbb", "9f8d7eca78e4172e603ab0beb8e5c2b38d9753c43d74c5a6ed653de63099195d", "c1bbdd977499c88ac725bb9583871553d3f35e74ac53bb28b3dc654991417340", "dab2cf3ce1f6e8296dadb5c2b408d8fad7af1b10cf4fafcda6f5e10b76635bb3", "ed17811edaaf8818bc5e9ed634eb41422cc3b3ef3a8688a194f5fb449a036bd4", "ed58cd5205debf5c6d3409bb961af4f88ef5bd7b8f6cd422ee789f2e5f352a4e"], "name": "kkq-vx_mtx37"}, {"hashes": ["30dd9806d7fe6f3fecf98796862b12d600ecf9bf37164ad0f3562e2b92241711", "4fa102772fe3e3d8a2cef5817e51832f09b38b4728167c6a1174df9daa1b73ed", "5195a09384e48b1e0a99ffe138a813af64497b21eabadf5bda3ec303d5cd0512", "58ded283f8e88aa3b7c961a6d8c649a2a820db777683c38bd605754bff2a1b46", "7228b71bb5292e8d9d7d8ce43641fe5dbf187343a6aa21e51a160932c7200bf4", "7342e2e6fbbc5dfb3480341d18a6db87209bc2827210a83d439a9875a8c6c922", "85e5d25c134536a992ec0548d18dcf91ac55ce771ddc8a51dfad1d5f71feac65", "8788781d868e0c411ab75c53ca2f2684adb966e0621453cec303fcd19a17ae09", "95e2661e4a6add09c7a5d50db0c4f3ee24b91559b41fbb6829dde00393ae0dbb", "9f8d7eca78e4172e603ab0beb8e5c2b38d9753c43d74c5a6ed653de63099195d", "c1bbdd977499c88ac725bb9583871553d3f35e74ac53bb28b3dc654991417340", "dab2cf3ce1f6e8296dadb5c2b408d8fad7af1b10cf4fafcda6f5e10b76635bb3", "ed17811edaaf8818bc5e9ed634eb41422cc3b3ef3a8688a194f5fb449a036bd4", "ed58cd5205debf5c6d3409bb961af4f88ef5bd7b8f6cd422ee789f2e5f352a4e"], "name": "kkq-vx_mtx38"}, {"hashes": ["30dd9806d7fe6f3fecf98796862b12d600ecf9bf37164ad0f3562e2b92241711", "4fa102772fe3e3d8a2cef5817e51832f09b38b4728167c6a1174df9daa1b73ed", "5195a09384e48b1e0a99ffe138a813af64497b21eabadf5bda3ec303d5cd0512", "58ded283f8e88aa3b7c961a6d8c649a2a820db777683c38bd605754bff2a1b46", "7228b71bb5292e8d9d7d8ce43641fe5dbf187343a6aa21e51a160932c7200bf4", "7342e2e6fbbc5dfb3480341d18a6db87209bc2827210a83d439a9875a8c6c922", "85e5d25c134536a992ec0548d18dcf91ac55ce771ddc8a51dfad1d5f71feac65", "8788781d868e0c411ab75c53ca2f2684adb966e0621453cec303fcd19a17ae09", "95e2661e4a6add09c7a5d50db0c4f3ee24b91559b41fbb6829dde00393ae0dbb", "9f8d7eca78e4172e603ab0beb8e5c2b38d9753c43d74c5a6ed653de63099195d", "c1bbdd977499c88ac725bb9583871553d3f35e74ac53bb28b3dc654991417340", "dab2cf3ce1f6e8296dadb5c2b408d8fad7af1b10cf4fafcda6f5e10b76635bb3", "ed17811edaaf8818bc5e9ed634eb41422cc3b3ef3a8688a194f5fb449a036bd4", "ed58cd5205debf5c6d3409bb961af4f88ef5bd7b8f6cd422ee789f2e5f352a4e"], "name": "kkq-vx_mtx39"}, {"hashes": ["30dd9806d7fe6f3fecf98796862b12d600ecf9bf37164ad0f3562e2b92241711", "4fa102772fe3e3d8a2cef5817e51832f09b38b4728167c6a1174df9daa1b73ed", "5195a09384e48b1e0a99ffe138a813af64497b21eabadf5bda3ec303d5cd0512", "58ded283f8e88aa3b7c961a6d8c649a2a820db777683c38bd605754bff2a1b46", "7228b71bb5292e8d9d7d8ce43641fe5dbf187343a6aa21e51a160932c7200bf4", "7342e2e6fbbc5dfb3480341d18a6db87209bc2827210a83d439a9875a8c6c922", "85e5d25c134536a992ec0548d18dcf91ac55ce771ddc8a51dfad1d5f71feac65", "8788781d868e0c411ab75c53ca2f2684adb966e0621453cec303fcd19a17ae09", "95e2661e4a6add09c7a5d50db0c4f3ee24b91559b41fbb6829dde00393ae0dbb", "9f8d7eca78e4172e603ab0beb8e5c2b38d9753c43d74c5a6ed653de63099195d", "c1bbdd977499c88ac725bb9583871553d3f35e74ac53bb28b3dc654991417340", "dab2cf3ce1f6e8296dadb5c2b408d8fad7af1b10cf4fafcda6f5e10b76635bb3", "ed17811edaaf8818bc5e9ed634eb41422cc3b3ef3a8688a194f5fb449a036bd4", "ed58cd5205debf5c6d3409bb961af4f88ef5bd7b8f6cd422ee789f2e5f352a4e"], "name": "kkq-vx_mtx30"}, {"hashes": ["30dd9806d7fe6f3fecf98796862b12d600ecf9bf37164ad0f3562e2b92241711", "4fa102772fe3e3d8a2cef5817e51832f09b38b4728167c6a1174df9daa1b73ed", "5195a09384e48b1e0a99ffe138a813af64497b21eabadf5bda3ec303d5cd0512", "58ded283f8e88aa3b7c961a6d8c649a2a820db777683c38bd605754bff2a1b46", "7228b71bb5292e8d9d7d8ce43641fe5dbf187343a6aa21e51a160932c7200bf4", "7342e2e6fbbc5dfb3480341d18a6db87209bc2827210a83d439a9875a8c6c922", "85e5d25c134536a992ec0548d18dcf91ac55ce771ddc8a51dfad1d5f71feac65", "8788781d868e0c411ab75c53ca2f2684adb966e0621453cec303fcd19a17ae09", "95e2661e4a6add09c7a5d50db0c4f3ee24b91559b41fbb6829dde00393ae0dbb", "9f8d7eca78e4172e603ab0beb8e5c2b38d9753c43d74c5a6ed653de63099195d", "c1bbdd977499c88ac725bb9583871553d3f35e74ac53bb28b3dc654991417340", "dab2cf3ce1f6e8296dadb5c2b408d8fad7af1b10cf4fafcda6f5e10b76635bb3", "ed17811edaaf8818bc5e9ed634eb41422cc3b3ef3a8688a194f5fb449a036bd4", "ed58cd5205debf5c6d3409bb961af4f88ef5bd7b8f6cd422ee789f2e5f352a4e"], "name": "kkq-vx_mtx28"}, {"hashes": ["30dd9806d7fe6f3fecf98796862b12d600ecf9bf37164ad0f3562e2b92241711", "4fa102772fe3e3d8a2cef5817e51832f09b38b4728167c6a1174df9daa1b73ed", "5195a09384e48b1e0a99ffe138a813af64497b21eabadf5bda3ec303d5cd0512", "58ded283f8e88aa3b7c961a6d8c649a2a820db777683c38bd605754bff2a1b46", "7228b71bb5292e8d9d7d8ce43641fe5dbf187343a6aa21e51a160932c7200bf4", "7342e2e6fbbc5dfb3480341d18a6db87209bc2827210a83d439a9875a8c6c922", "85e5d25c134536a992ec0548d18dcf91ac55ce771ddc8a51dfad1d5f71feac65", "8788781d868e0c411ab75c53ca2f2684adb966e0621453cec303fcd19a17ae09", "95e2661e4a6add09c7a5d50db0c4f3ee24b91559b41fbb6829dde00393ae0dbb", "9f8d7eca78e4172e603ab0beb8e5c2b38d9753c43d74c5a6ed653de63099195d", "c1bbdd977499c88ac725bb9583871553d3f35e74ac53bb28b3dc654991417340", "dab2cf3ce1f6e8296dadb5c2b408d8fad7af1b10cf4fafcda6f5e10b76635bb3", "ed17811edaaf8818bc5e9ed634eb41422cc3b3ef3a8688a194f5fb449a036bd4", "ed58cd5205debf5c6d3409bb961af4f88ef5bd7b8f6cd422ee789f2e5f352a4e"], "name": "kkq-vx_mtx29"}, {"hashes": ["30dd9806d7fe6f3fecf98796862b12d600ecf9bf37164ad0f3562e2b92241711", "4fa102772fe3e3d8a2cef5817e51832f09b38b4728167c6a1174df9daa1b73ed", "5195a09384e48b1e0a99ffe138a813af64497b21eabadf5bda3ec303d5cd0512", "58ded283f8e88aa3b7c961a6d8c649a2a820db777683c38bd605754bff2a1b46", "7228b71bb5292e8d9d7d8ce43641fe5dbf187343a6aa21e51a160932c7200bf4", "7342e2e6fbbc5dfb3480341d18a6db87209bc2827210a83d439a9875a8c6c922", "85e5d25c134536a992ec0548d18dcf91ac55ce771ddc8a51dfad1d5f71feac65", "8788781d868e0c411ab75c53ca2f2684adb966e0621453cec303fcd19a17ae09", "95e2661e4a6add09c7a5d50db0c4f3ee24b91559b41fbb6829dde00393ae0dbb", "9f8d7eca78e4172e603ab0beb8e5c2b38d9753c43d74c5a6ed653de63099195d", "c1bbdd977499c88ac725bb9583871553d3f35e74ac53bb28b3dc654991417340", "dab2cf3ce1f6e8296dadb5c2b408d8fad7af1b10cf4fafcda6f5e10b76635bb3", "ed17811edaaf8818bc5e9ed634eb41422cc3b3ef3a8688a194f5fb449a036bd4", "ed58cd5205debf5c6d3409bb961af4f88ef5bd7b8f6cd422ee789f2e5f352a4e"], "name": "gazavat-svc_28"}, {"hashes": ["30dd9806d7fe6f3fecf98796862b12d600ecf9bf37164ad0f3562e2b92241711", "4fa102772fe3e3d8a2cef5817e51832f09b38b4728167c6a1174df9daa1b73ed", "5195a09384e48b1e0a99ffe138a813af64497b21eabadf5bda3ec303d5cd0512", "58ded283f8e88aa3b7c961a6d8c649a2a820db777683c38bd605754bff2a1b46", "7228b71bb5292e8d9d7d8ce43641fe5dbf187343a6aa21e51a160932c7200bf4", "7342e2e6fbbc5dfb3480341d18a6db87209bc2827210a83d439a9875a8c6c922", "85e5d25c134536a992ec0548d18dcf91ac55ce771ddc8a51dfad1d5f71feac65", "8788781d868e0c411ab75c53ca2f2684adb966e0621453cec303fcd19a17ae09", "95e2661e4a6add09c7a5d50db0c4f3ee24b91559b41fbb6829dde00393ae0dbb", "9f8d7eca78e4172e603ab0beb8e5c2b38d9753c43d74c5a6ed653de63099195d", "c1bbdd977499c88ac725bb9583871553d3f35e74ac53bb28b3dc654991417340", "dab2cf3ce1f6e8296dadb5c2b408d8fad7af1b10cf4fafcda6f5e10b76635bb3", "ed17811edaaf8818bc5e9ed634eb41422cc3b3ef3a8688a194f5fb449a036bd4", "ed58cd5205debf5c6d3409bb961af4f88ef5bd7b8f6cd422ee789f2e5f352a4e"], "name": "Global\\OfficeSourceEngineMutex"}], "registry": [{"hashes": ["30dd9806d7fe6f3fecf98796862b12d600ecf9bf37164ad0f3562e2b92241711", "4fa102772fe3e3d8a2cef5817e51832f09b38b4728167c6a1174df9daa1b73ed", "5195a09384e48b1e0a99ffe138a813af64497b21eabadf5bda3ec303d5cd0512", "58ded283f8e88aa3b7c961a6d8c649a2a820db777683c38bd605754bff2a1b46", "7228b71bb5292e8d9d7d8ce43641fe5dbf187343a6aa21e51a160932c7200bf4", "7342e2e6fbbc5dfb3480341d18a6db87209bc2827210a83d439a9875a8c6c922", "85e5d25c134536a992ec0548d18dcf91ac55ce771ddc8a51dfad1d5f71feac65", "8788781d868e0c411ab75c53ca2f2684adb966e0621453cec303fcd19a17ae09", "95e2661e4a6add09c7a5d50db0c4f3ee24b91559b41fbb6829dde00393ae0dbb", "9f8d7eca78e4172e603ab0beb8e5c2b38d9753c43d74c5a6ed653de63099195d", "c1bbdd977499c88ac725bb9583871553d3f35e74ac53bb28b3dc654991417340", "dab2cf3ce1f6e8296dadb5c2b408d8fad7af1b10cf4fafcda6f5e10b76635bb3", "ed17811edaaf8818bc5e9ed634eb41422cc3b3ef3a8688a194f5fb449a036bd4", "ed58cd5205debf5c6d3409bb961af4f88ef5bd7b8f6cd422ee789f2e5f352a4e"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\CLR_OPTIMIZATION_V2.0.50727_64", "value_name": "Type"}, {"hashes": ["30dd9806d7fe6f3fecf98796862b12d600ecf9bf37164ad0f3562e2b92241711", "4fa102772fe3e3d8a2cef5817e51832f09b38b4728167c6a1174df9daa1b73ed", "5195a09384e48b1e0a99ffe138a813af64497b21eabadf5bda3ec303d5cd0512", "58ded283f8e88aa3b7c961a6d8c649a2a820db777683c38bd605754bff2a1b46", "7228b71bb5292e8d9d7d8ce43641fe5dbf187343a6aa21e51a160932c7200bf4", "7342e2e6fbbc5dfb3480341d18a6db87209bc2827210a83d439a9875a8c6c922", "85e5d25c134536a992ec0548d18dcf91ac55ce771ddc8a51dfad1d5f71feac65", "8788781d868e0c411ab75c53ca2f2684adb966e0621453cec303fcd19a17ae09", "95e2661e4a6add09c7a5d50db0c4f3ee24b91559b41fbb6829dde00393ae0dbb", "9f8d7eca78e4172e603ab0beb8e5c2b38d9753c43d74c5a6ed653de63099195d", "c1bbdd977499c88ac725bb9583871553d3f35e74ac53bb28b3dc654991417340", "dab2cf3ce1f6e8296dadb5c2b408d8fad7af1b10cf4fafcda6f5e10b76635bb3", "ed17811edaaf8818bc5e9ed634eb41422cc3b3ef3a8688a194f5fb449a036bd4", "ed58cd5205debf5c6d3409bb961af4f88ef5bd7b8f6cd422ee789f2e5f352a4e"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\CLR_OPTIMIZATION_V4.0.30319_32", "value_name": "Type"}, {"hashes": ["30dd9806d7fe6f3fecf98796862b12d600ecf9bf37164ad0f3562e2b92241711", "4fa102772fe3e3d8a2cef5817e51832f09b38b4728167c6a1174df9daa1b73ed", "5195a09384e48b1e0a99ffe138a813af64497b21eabadf5bda3ec303d5cd0512", "58ded283f8e88aa3b7c961a6d8c649a2a820db777683c38bd605754bff2a1b46", "7228b71bb5292e8d9d7d8ce43641fe5dbf187343a6aa21e51a160932c7200bf4", "7342e2e6fbbc5dfb3480341d18a6db87209bc2827210a83d439a9875a8c6c922", "85e5d25c134536a992ec0548d18dcf91ac55ce771ddc8a51dfad1d5f71feac65", "8788781d868e0c411ab75c53ca2f2684adb966e0621453cec303fcd19a17ae09", "95e2661e4a6add09c7a5d50db0c4f3ee24b91559b41fbb6829dde00393ae0dbb", "9f8d7eca78e4172e603ab0beb8e5c2b38d9753c43d74c5a6ed653de63099195d", "c1bbdd977499c88ac725bb9583871553d3f35e74ac53bb28b3dc654991417340", "dab2cf3ce1f6e8296dadb5c2b408d8fad7af1b10cf4fafcda6f5e10b76635bb3", "ed17811edaaf8818bc5e9ed634eb41422cc3b3ef3a8688a194f5fb449a036bd4", "ed58cd5205debf5c6d3409bb961af4f88ef5bd7b8f6cd422ee789f2e5f352a4e"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\CLR_OPTIMIZATION_V4.0.30319_32", "value_name": "Start"}, {"hashes": ["30dd9806d7fe6f3fecf98796862b12d600ecf9bf37164ad0f3562e2b92241711", "4fa102772fe3e3d8a2cef5817e51832f09b38b4728167c6a1174df9daa1b73ed", "5195a09384e48b1e0a99ffe138a813af64497b21eabadf5bda3ec303d5cd0512", "58ded283f8e88aa3b7c961a6d8c649a2a820db777683c38bd605754bff2a1b46", "7228b71bb5292e8d9d7d8ce43641fe5dbf187343a6aa21e51a160932c7200bf4", "7342e2e6fbbc5dfb3480341d18a6db87209bc2827210a83d439a9875a8c6c922", "85e5d25c134536a992ec0548d18dcf91ac55ce771ddc8a51dfad1d5f71feac65", "8788781d868e0c411ab75c53ca2f2684adb966e0621453cec303fcd19a17ae09", "95e2661e4a6add09c7a5d50db0c4f3ee24b91559b41fbb6829dde00393ae0dbb", "9f8d7eca78e4172e603ab0beb8e5c2b38d9753c43d74c5a6ed653de63099195d", "c1bbdd977499c88ac725bb9583871553d3f35e74ac53bb28b3dc654991417340", "dab2cf3ce1f6e8296dadb5c2b408d8fad7af1b10cf4fafcda6f5e10b76635bb3", "ed17811edaaf8818bc5e9ed634eb41422cc3b3ef3a8688a194f5fb449a036bd4", "ed58cd5205debf5c6d3409bb961af4f88ef5bd7b8f6cd422ee789f2e5f352a4e"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\CLR_OPTIMIZATION_V4.0.30319_64", "value_name": "Type"}, {"hashes": ["30dd9806d7fe6f3fecf98796862b12d600ecf9bf37164ad0f3562e2b92241711", "4fa102772fe3e3d8a2cef5817e51832f09b38b4728167c6a1174df9daa1b73ed", "5195a09384e48b1e0a99ffe138a813af64497b21eabadf5bda3ec303d5cd0512", "58ded283f8e88aa3b7c961a6d8c649a2a820db777683c38bd605754bff2a1b46", "7228b71bb5292e8d9d7d8ce43641fe5dbf187343a6aa21e51a160932c7200bf4", "7342e2e6fbbc5dfb3480341d18a6db87209bc2827210a83d439a9875a8c6c922", "85e5d25c134536a992ec0548d18dcf91ac55ce771ddc8a51dfad1d5f71feac65", "8788781d868e0c411ab75c53ca2f2684adb966e0621453cec303fcd19a17ae09", "95e2661e4a6add09c7a5d50db0c4f3ee24b91559b41fbb6829dde00393ae0dbb", "9f8d7eca78e4172e603ab0beb8e5c2b38d9753c43d74c5a6ed653de63099195d", "c1bbdd977499c88ac725bb9583871553d3f35e74ac53bb28b3dc654991417340", "dab2cf3ce1f6e8296dadb5c2b408d8fad7af1b10cf4fafcda6f5e10b76635bb3", "ed17811edaaf8818bc5e9ed634eb41422cc3b3ef3a8688a194f5fb449a036bd4", "ed58cd5205debf5c6d3409bb961af4f88ef5bd7b8f6cd422ee789f2e5f352a4e"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\CLR_OPTIMIZATION_V4.0.30319_64", "value_name": "Start"}, {"hashes": ["30dd9806d7fe6f3fecf98796862b12d600ecf9bf37164ad0f3562e2b92241711", "4fa102772fe3e3d8a2cef5817e51832f09b38b4728167c6a1174df9daa1b73ed", "5195a09384e48b1e0a99ffe138a813af64497b21eabadf5bda3ec303d5cd0512", "58ded283f8e88aa3b7c961a6d8c649a2a820db777683c38bd605754bff2a1b46", "7228b71bb5292e8d9d7d8ce43641fe5dbf187343a6aa21e51a160932c7200bf4", "7342e2e6fbbc5dfb3480341d18a6db87209bc2827210a83d439a9875a8c6c922", "85e5d25c134536a992ec0548d18dcf91ac55ce771ddc8a51dfad1d5f71feac65", "8788781d868e0c411ab75c53ca2f2684adb966e0621453cec303fcd19a17ae09", "95e2661e4a6add09c7a5d50db0c4f3ee24b91559b41fbb6829dde00393ae0dbb", "9f8d7eca78e4172e603ab0beb8e5c2b38d9753c43d74c5a6ed653de63099195d", "c1bbdd977499c88ac725bb9583871553d3f35e74ac53bb28b3dc654991417340", "dab2cf3ce1f6e8296dadb5c2b408d8fad7af1b10cf4fafcda6f5e10b76635bb3", "ed17811edaaf8818bc5e9ed634eb41422cc3b3ef3a8688a194f5fb449a036bd4", "ed58cd5205debf5c6d3409bb961af4f88ef5bd7b8f6cd422ee789f2e5f352a4e"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\COMSYSAPP", "value_name": "Type"}, {"hashes": ["30dd9806d7fe6f3fecf98796862b12d600ecf9bf37164ad0f3562e2b92241711", "4fa102772fe3e3d8a2cef5817e51832f09b38b4728167c6a1174df9daa1b73ed", "5195a09384e48b1e0a99ffe138a813af64497b21eabadf5bda3ec303d5cd0512", "58ded283f8e88aa3b7c961a6d8c649a2a820db777683c38bd605754bff2a1b46", "7228b71bb5292e8d9d7d8ce43641fe5dbf187343a6aa21e51a160932c7200bf4", "7342e2e6fbbc5dfb3480341d18a6db87209bc2827210a83d439a9875a8c6c922", "85e5d25c134536a992ec0548d18dcf91ac55ce771ddc8a51dfad1d5f71feac65", "8788781d868e0c411ab75c53ca2f2684adb966e0621453cec303fcd19a17ae09", "95e2661e4a6add09c7a5d50db0c4f3ee24b91559b41fbb6829dde00393ae0dbb", "9f8d7eca78e4172e603ab0beb8e5c2b38d9753c43d74c5a6ed653de63099195d", "c1bbdd977499c88ac725bb9583871553d3f35e74ac53bb28b3dc654991417340", "dab2cf3ce1f6e8296dadb5c2b408d8fad7af1b10cf4fafcda6f5e10b76635bb3", "ed17811edaaf8818bc5e9ed634eb41422cc3b3ef3a8688a194f5fb449a036bd4", "ed58cd5205debf5c6d3409bb961af4f88ef5bd7b8f6cd422ee789f2e5f352a4e"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\COMSYSAPP", "value_name": "Start"}, {"hashes": ["30dd9806d7fe6f3fecf98796862b12d600ecf9bf37164ad0f3562e2b92241711", "4fa102772fe3e3d8a2cef5817e51832f09b38b4728167c6a1174df9daa1b73ed", "5195a09384e48b1e0a99ffe138a813af64497b21eabadf5bda3ec303d5cd0512", "58ded283f8e88aa3b7c961a6d8c649a2a820db777683c38bd605754bff2a1b46", "7228b71bb5292e8d9d7d8ce43641fe5dbf187343a6aa21e51a160932c7200bf4", "7342e2e6fbbc5dfb3480341d18a6db87209bc2827210a83d439a9875a8c6c922", "85e5d25c134536a992ec0548d18dcf91ac55ce771ddc8a51dfad1d5f71feac65", "8788781d868e0c411ab75c53ca2f2684adb966e0621453cec303fcd19a17ae09", "95e2661e4a6add09c7a5d50db0c4f3ee24b91559b41fbb6829dde00393ae0dbb", "9f8d7eca78e4172e603ab0beb8e5c2b38d9753c43d74c5a6ed653de63099195d", "c1bbdd977499c88ac725bb9583871553d3f35e74ac53bb28b3dc654991417340", "dab2cf3ce1f6e8296dadb5c2b408d8fad7af1b10cf4fafcda6f5e10b76635bb3", "ed17811edaaf8818bc5e9ed634eb41422cc3b3ef3a8688a194f5fb449a036bd4", "ed58cd5205debf5c6d3409bb961af4f88ef5bd7b8f6cd422ee789f2e5f352a4e"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\IEETWCOLLECTORSERVICE", "value_name": "Type"}, {"hashes": ["30dd9806d7fe6f3fecf98796862b12d600ecf9bf37164ad0f3562e2b92241711", "4fa102772fe3e3d8a2cef5817e51832f09b38b4728167c6a1174df9daa1b73ed", "5195a09384e48b1e0a99ffe138a813af64497b21eabadf5bda3ec303d5cd0512", "58ded283f8e88aa3b7c961a6d8c649a2a820db777683c38bd605754bff2a1b46", "7228b71bb5292e8d9d7d8ce43641fe5dbf187343a6aa21e51a160932c7200bf4", "7342e2e6fbbc5dfb3480341d18a6db87209bc2827210a83d439a9875a8c6c922", "85e5d25c134536a992ec0548d18dcf91ac55ce771ddc8a51dfad1d5f71feac65", "8788781d868e0c411ab75c53ca2f2684adb966e0621453cec303fcd19a17ae09", "95e2661e4a6add09c7a5d50db0c4f3ee24b91559b41fbb6829dde00393ae0dbb", "9f8d7eca78e4172e603ab0beb8e5c2b38d9753c43d74c5a6ed653de63099195d", "c1bbdd977499c88ac725bb9583871553d3f35e74ac53bb28b3dc654991417340", "dab2cf3ce1f6e8296dadb5c2b408d8fad7af1b10cf4fafcda6f5e10b76635bb3", "ed17811edaaf8818bc5e9ed634eb41422cc3b3ef3a8688a194f5fb449a036bd4", "ed58cd5205debf5c6d3409bb961af4f88ef5bd7b8f6cd422ee789f2e5f352a4e"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\IEETWCOLLECTORSERVICE", "value_name": "Start"}, {"hashes": ["30dd9806d7fe6f3fecf98796862b12d600ecf9bf37164ad0f3562e2b92241711", "4fa102772fe3e3d8a2cef5817e51832f09b38b4728167c6a1174df9daa1b73ed", "5195a09384e48b1e0a99ffe138a813af64497b21eabadf5bda3ec303d5cd0512", "58ded283f8e88aa3b7c961a6d8c649a2a820db777683c38bd605754bff2a1b46", "7228b71bb5292e8d9d7d8ce43641fe5dbf187343a6aa21e51a160932c7200bf4", "7342e2e6fbbc5dfb3480341d18a6db87209bc2827210a83d439a9875a8c6c922", "85e5d25c134536a992ec0548d18dcf91ac55ce771ddc8a51dfad1d5f71feac65", "8788781d868e0c411ab75c53ca2f2684adb966e0621453cec303fcd19a17ae09", "95e2661e4a6add09c7a5d50db0c4f3ee24b91559b41fbb6829dde00393ae0dbb", "9f8d7eca78e4172e603ab0beb8e5c2b38d9753c43d74c5a6ed653de63099195d", "c1bbdd977499c88ac725bb9583871553d3f35e74ac53bb28b3dc654991417340", "dab2cf3ce1f6e8296dadb5c2b408d8fad7af1b10cf4fafcda6f5e10b76635bb3", "ed17811edaaf8818bc5e9ed634eb41422cc3b3ef3a8688a194f5fb449a036bd4", "ed58cd5205debf5c6d3409bb961af4f88ef5bd7b8f6cd422ee789f2e5f352a4e"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\MOZILLAMAINTENANCE", "value_name": "Type"}, {"hashes": ["30dd9806d7fe6f3fecf98796862b12d600ecf9bf37164ad0f3562e2b92241711", "4fa102772fe3e3d8a2cef5817e51832f09b38b4728167c6a1174df9daa1b73ed", "5195a09384e48b1e0a99ffe138a813af64497b21eabadf5bda3ec303d5cd0512", "58ded283f8e88aa3b7c961a6d8c649a2a820db777683c38bd605754bff2a1b46", "7228b71bb5292e8d9d7d8ce43641fe5dbf187343a6aa21e51a160932c7200bf4", "7342e2e6fbbc5dfb3480341d18a6db87209bc2827210a83d439a9875a8c6c922", "85e5d25c134536a992ec0548d18dcf91ac55ce771ddc8a51dfad1d5f71feac65", "8788781d868e0c411ab75c53ca2f2684adb966e0621453cec303fcd19a17ae09", "95e2661e4a6add09c7a5d50db0c4f3ee24b91559b41fbb6829dde00393ae0dbb", "9f8d7eca78e4172e603ab0beb8e5c2b38d9753c43d74c5a6ed653de63099195d", "c1bbdd977499c88ac725bb9583871553d3f35e74ac53bb28b3dc654991417340", "dab2cf3ce1f6e8296dadb5c2b408d8fad7af1b10cf4fafcda6f5e10b76635bb3", "ed17811edaaf8818bc5e9ed634eb41422cc3b3ef3a8688a194f5fb449a036bd4", "ed58cd5205debf5c6d3409bb961af4f88ef5bd7b8f6cd422ee789f2e5f352a4e"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\MOZILLAMAINTENANCE", "value_name": "Start"}, {"hashes": ["30dd9806d7fe6f3fecf98796862b12d600ecf9bf37164ad0f3562e2b92241711", "4fa102772fe3e3d8a2cef5817e51832f09b38b4728167c6a1174df9daa1b73ed", "5195a09384e48b1e0a99ffe138a813af64497b21eabadf5bda3ec303d5cd0512", "58ded283f8e88aa3b7c961a6d8c649a2a820db777683c38bd605754bff2a1b46", "7228b71bb5292e8d9d7d8ce43641fe5dbf187343a6aa21e51a160932c7200bf4", "7342e2e6fbbc5dfb3480341d18a6db87209bc2827210a83d439a9875a8c6c922", "85e5d25c134536a992ec0548d18dcf91ac55ce771ddc8a51dfad1d5f71feac65", "8788781d868e0c411ab75c53ca2f2684adb966e0621453cec303fcd19a17ae09", "95e2661e4a6add09c7a5d50db0c4f3ee24b91559b41fbb6829dde00393ae0dbb", "9f8d7eca78e4172e603ab0beb8e5c2b38d9753c43d74c5a6ed653de63099195d", "c1bbdd977499c88ac725bb9583871553d3f35e74ac53bb28b3dc654991417340", "dab2cf3ce1f6e8296dadb5c2b408d8fad7af1b10cf4fafcda6f5e10b76635bb3", "ed17811edaaf8818bc5e9ed634eb41422cc3b3ef3a8688a194f5fb449a036bd4", "ed58cd5205debf5c6d3409bb961af4f88ef5bd7b8f6cd422ee789f2e5f352a4e"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\MSISERVER", "value_name": "Type"}, {"hashes": ["30dd9806d7fe6f3fecf98796862b12d600ecf9bf37164ad0f3562e2b92241711", "4fa102772fe3e3d8a2cef5817e51832f09b38b4728167c6a1174df9daa1b73ed", "5195a09384e48b1e0a99ffe138a813af64497b21eabadf5bda3ec303d5cd0512", "58ded283f8e88aa3b7c961a6d8c649a2a820db777683c38bd605754bff2a1b46", "7228b71bb5292e8d9d7d8ce43641fe5dbf187343a6aa21e51a160932c7200bf4", "7342e2e6fbbc5dfb3480341d18a6db87209bc2827210a83d439a9875a8c6c922", "85e5d25c134536a992ec0548d18dcf91ac55ce771ddc8a51dfad1d5f71feac65", "8788781d868e0c411ab75c53ca2f2684adb966e0621453cec303fcd19a17ae09", "95e2661e4a6add09c7a5d50db0c4f3ee24b91559b41fbb6829dde00393ae0dbb", "9f8d7eca78e4172e603ab0beb8e5c2b38d9753c43d74c5a6ed653de63099195d", "c1bbdd977499c88ac725bb9583871553d3f35e74ac53bb28b3dc654991417340", "dab2cf3ce1f6e8296dadb5c2b408d8fad7af1b10cf4fafcda6f5e10b76635bb3", "ed17811edaaf8818bc5e9ed634eb41422cc3b3ef3a8688a194f5fb449a036bd4", "ed58cd5205debf5c6d3409bb961af4f88ef5bd7b8f6cd422ee789f2e5f352a4e"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\MSISERVER", "value_name": "Start"}, {"hashes": ["30dd9806d7fe6f3fecf98796862b12d600ecf9bf37164ad0f3562e2b92241711", "4fa102772fe3e3d8a2cef5817e51832f09b38b4728167c6a1174df9daa1b73ed", "5195a09384e48b1e0a99ffe138a813af64497b21eabadf5bda3ec303d5cd0512", "58ded283f8e88aa3b7c961a6d8c649a2a820db777683c38bd605754bff2a1b46", "7228b71bb5292e8d9d7d8ce43641fe5dbf187343a6aa21e51a160932c7200bf4", "7342e2e6fbbc5dfb3480341d18a6db87209bc2827210a83d439a9875a8c6c922", "85e5d25c134536a992ec0548d18dcf91ac55ce771ddc8a51dfad1d5f71feac65", "8788781d868e0c411ab75c53ca2f2684adb966e0621453cec303fcd19a17ae09", "95e2661e4a6add09c7a5d50db0c4f3ee24b91559b41fbb6829dde00393ae0dbb", "9f8d7eca78e4172e603ab0beb8e5c2b38d9753c43d74c5a6ed653de63099195d", "c1bbdd977499c88ac725bb9583871553d3f35e74ac53bb28b3dc654991417340", "dab2cf3ce1f6e8296dadb5c2b408d8fad7af1b10cf4fafcda6f5e10b76635bb3", "ed17811edaaf8818bc5e9ed634eb41422cc3b3ef3a8688a194f5fb449a036bd4", "ed58cd5205debf5c6d3409bb961af4f88ef5bd7b8f6cd422ee789f2e5f352a4e"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\OSE", "value_name": "Type"}, {"hashes": ["30dd9806d7fe6f3fecf98796862b12d600ecf9bf37164ad0f3562e2b92241711", "4fa102772fe3e3d8a2cef5817e51832f09b38b4728167c6a1174df9daa1b73ed", "5195a09384e48b1e0a99ffe138a813af64497b21eabadf5bda3ec303d5cd0512", "58ded283f8e88aa3b7c961a6d8c649a2a820db777683c38bd605754bff2a1b46", "7228b71bb5292e8d9d7d8ce43641fe5dbf187343a6aa21e51a160932c7200bf4", "7342e2e6fbbc5dfb3480341d18a6db87209bc2827210a83d439a9875a8c6c922", "85e5d25c134536a992ec0548d18dcf91ac55ce771ddc8a51dfad1d5f71feac65", "8788781d868e0c411ab75c53ca2f2684adb966e0621453cec303fcd19a17ae09", "95e2661e4a6add09c7a5d50db0c4f3ee24b91559b41fbb6829dde00393ae0dbb", "9f8d7eca78e4172e603ab0beb8e5c2b38d9753c43d74c5a6ed653de63099195d", "c1bbdd977499c88ac725bb9583871553d3f35e74ac53bb28b3dc654991417340", "dab2cf3ce1f6e8296dadb5c2b408d8fad7af1b10cf4fafcda6f5e10b76635bb3", "ed17811edaaf8818bc5e9ed634eb41422cc3b3ef3a8688a194f5fb449a036bd4", "ed58cd5205debf5c6d3409bb961af4f88ef5bd7b8f6cd422ee789f2e5f352a4e"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\OSE", "value_name": "Start"}, {"hashes": ["30dd9806d7fe6f3fecf98796862b12d600ecf9bf37164ad0f3562e2b92241711", "4fa102772fe3e3d8a2cef5817e51832f09b38b4728167c6a1174df9daa1b73ed", "5195a09384e48b1e0a99ffe138a813af64497b21eabadf5bda3ec303d5cd0512", "58ded283f8e88aa3b7c961a6d8c649a2a820db777683c38bd605754bff2a1b46", "7228b71bb5292e8d9d7d8ce43641fe5dbf187343a6aa21e51a160932c7200bf4", "7342e2e6fbbc5dfb3480341d18a6db87209bc2827210a83d439a9875a8c6c922", "85e5d25c134536a992ec0548d18dcf91ac55ce771ddc8a51dfad1d5f71feac65", "8788781d868e0c411ab75c53ca2f2684adb966e0621453cec303fcd19a17ae09", "95e2661e4a6add09c7a5d50db0c4f3ee24b91559b41fbb6829dde00393ae0dbb", "9f8d7eca78e4172e603ab0beb8e5c2b38d9753c43d74c5a6ed653de63099195d", "c1bbdd977499c88ac725bb9583871553d3f35e74ac53bb28b3dc654991417340", "dab2cf3ce1f6e8296dadb5c2b408d8fad7af1b10cf4fafcda6f5e10b76635bb3", "ed17811edaaf8818bc5e9ed634eb41422cc3b3ef3a8688a194f5fb449a036bd4", "ed58cd5205debf5c6d3409bb961af4f88ef5bd7b8f6cd422ee789f2e5f352a4e"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\UI0DETECT", "value_name": "Type"}, {"hashes": ["30dd9806d7fe6f3fecf98796862b12d600ecf9bf37164ad0f3562e2b92241711", "4fa102772fe3e3d8a2cef5817e51832f09b38b4728167c6a1174df9daa1b73ed", "5195a09384e48b1e0a99ffe138a813af64497b21eabadf5bda3ec303d5cd0512", "58ded283f8e88aa3b7c961a6d8c649a2a820db777683c38bd605754bff2a1b46", "7228b71bb5292e8d9d7d8ce43641fe5dbf187343a6aa21e51a160932c7200bf4", "7342e2e6fbbc5dfb3480341d18a6db87209bc2827210a83d439a9875a8c6c922", "85e5d25c134536a992ec0548d18dcf91ac55ce771ddc8a51dfad1d5f71feac65", "8788781d868e0c411ab75c53ca2f2684adb966e0621453cec303fcd19a17ae09", "95e2661e4a6add09c7a5d50db0c4f3ee24b91559b41fbb6829dde00393ae0dbb", "9f8d7eca78e4172e603ab0beb8e5c2b38d9753c43d74c5a6ed653de63099195d", "c1bbdd977499c88ac725bb9583871553d3f35e74ac53bb28b3dc654991417340", "dab2cf3ce1f6e8296dadb5c2b408d8fad7af1b10cf4fafcda6f5e10b76635bb3", "ed17811edaaf8818bc5e9ed634eb41422cc3b3ef3a8688a194f5fb449a036bd4", "ed58cd5205debf5c6d3409bb961af4f88ef5bd7b8f6cd422ee789f2e5f352a4e"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\UI0DETECT", "value_name": "Start"}, {"hashes": ["30dd9806d7fe6f3fecf98796862b12d600ecf9bf37164ad0f3562e2b92241711", "4fa102772fe3e3d8a2cef5817e51832f09b38b4728167c6a1174df9daa1b73ed", "5195a09384e48b1e0a99ffe138a813af64497b21eabadf5bda3ec303d5cd0512", "58ded283f8e88aa3b7c961a6d8c649a2a820db777683c38bd605754bff2a1b46", "7228b71bb5292e8d9d7d8ce43641fe5dbf187343a6aa21e51a160932c7200bf4", "7342e2e6fbbc5dfb3480341d18a6db87209bc2827210a83d439a9875a8c6c922", "85e5d25c134536a992ec0548d18dcf91ac55ce771ddc8a51dfad1d5f71feac65", "8788781d868e0c411ab75c53ca2f2684adb966e0621453cec303fcd19a17ae09", "95e2661e4a6add09c7a5d50db0c4f3ee24b91559b41fbb6829dde00393ae0dbb", "9f8d7eca78e4172e603ab0beb8e5c2b38d9753c43d74c5a6ed653de63099195d", "c1bbdd977499c88ac725bb9583871553d3f35e74ac53bb28b3dc654991417340", "dab2cf3ce1f6e8296dadb5c2b408d8fad7af1b10cf4fafcda6f5e10b76635bb3", "ed17811edaaf8818bc5e9ed634eb41422cc3b3ef3a8688a194f5fb449a036bd4", "ed58cd5205debf5c6d3409bb961af4f88ef5bd7b8f6cd422ee789f2e5f352a4e"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\VDS", "value_name": "Type"}, {"hashes": ["30dd9806d7fe6f3fecf98796862b12d600ecf9bf37164ad0f3562e2b92241711", "4fa102772fe3e3d8a2cef5817e51832f09b38b4728167c6a1174df9daa1b73ed", "5195a09384e48b1e0a99ffe138a813af64497b21eabadf5bda3ec303d5cd0512", "58ded283f8e88aa3b7c961a6d8c649a2a820db777683c38bd605754bff2a1b46", "7228b71bb5292e8d9d7d8ce43641fe5dbf187343a6aa21e51a160932c7200bf4", "7342e2e6fbbc5dfb3480341d18a6db87209bc2827210a83d439a9875a8c6c922", "85e5d25c134536a992ec0548d18dcf91ac55ce771ddc8a51dfad1d5f71feac65", "8788781d868e0c411ab75c53ca2f2684adb966e0621453cec303fcd19a17ae09", "95e2661e4a6add09c7a5d50db0c4f3ee24b91559b41fbb6829dde00393ae0dbb", "9f8d7eca78e4172e603ab0beb8e5c2b38d9753c43d74c5a6ed653de63099195d", "c1bbdd977499c88ac725bb9583871553d3f35e74ac53bb28b3dc654991417340", "dab2cf3ce1f6e8296dadb5c2b408d8fad7af1b10cf4fafcda6f5e10b76635bb3", "ed17811edaaf8818bc5e9ed634eb41422cc3b3ef3a8688a194f5fb449a036bd4", "ed58cd5205debf5c6d3409bb961af4f88ef5bd7b8f6cd422ee789f2e5f352a4e"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\VDS", "value_name": "Start"}, {"hashes": ["30dd9806d7fe6f3fecf98796862b12d600ecf9bf37164ad0f3562e2b92241711", "4fa102772fe3e3d8a2cef5817e51832f09b38b4728167c6a1174df9daa1b73ed", "5195a09384e48b1e0a99ffe138a813af64497b21eabadf5bda3ec303d5cd0512", "58ded283f8e88aa3b7c961a6d8c649a2a820db777683c38bd605754bff2a1b46", "7228b71bb5292e8d9d7d8ce43641fe5dbf187343a6aa21e51a160932c7200bf4", "7342e2e6fbbc5dfb3480341d18a6db87209bc2827210a83d439a9875a8c6c922", "85e5d25c134536a992ec0548d18dcf91ac55ce771ddc8a51dfad1d5f71feac65", "8788781d868e0c411ab75c53ca2f2684adb966e0621453cec303fcd19a17ae09", "95e2661e4a6add09c7a5d50db0c4f3ee24b91559b41fbb6829dde00393ae0dbb", "9f8d7eca78e4172e603ab0beb8e5c2b38d9753c43d74c5a6ed653de63099195d", "c1bbdd977499c88ac725bb9583871553d3f35e74ac53bb28b3dc654991417340", "dab2cf3ce1f6e8296dadb5c2b408d8fad7af1b10cf4fafcda6f5e10b76635bb3", "ed17811edaaf8818bc5e9ed634eb41422cc3b3ef3a8688a194f5fb449a036bd4", "ed58cd5205debf5c6d3409bb961af4f88ef5bd7b8f6cd422ee789f2e5f352a4e"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\VSS", "value_name": "Type"}, {"hashes": ["30dd9806d7fe6f3fecf98796862b12d600ecf9bf37164ad0f3562e2b92241711", "4fa102772fe3e3d8a2cef5817e51832f09b38b4728167c6a1174df9daa1b73ed", "5195a09384e48b1e0a99ffe138a813af64497b21eabadf5bda3ec303d5cd0512", "58ded283f8e88aa3b7c961a6d8c649a2a820db777683c38bd605754bff2a1b46", "7228b71bb5292e8d9d7d8ce43641fe5dbf187343a6aa21e51a160932c7200bf4", "7342e2e6fbbc5dfb3480341d18a6db87209bc2827210a83d439a9875a8c6c922", "85e5d25c134536a992ec0548d18dcf91ac55ce771ddc8a51dfad1d5f71feac65", "8788781d868e0c411ab75c53ca2f2684adb966e0621453cec303fcd19a17ae09", "95e2661e4a6add09c7a5d50db0c4f3ee24b91559b41fbb6829dde00393ae0dbb", "9f8d7eca78e4172e603ab0beb8e5c2b38d9753c43d74c5a6ed653de63099195d", "c1bbdd977499c88ac725bb9583871553d3f35e74ac53bb28b3dc654991417340", "dab2cf3ce1f6e8296dadb5c2b408d8fad7af1b10cf4fafcda6f5e10b76635bb3", "ed17811edaaf8818bc5e9ed634eb41422cc3b3ef3a8688a194f5fb449a036bd4", "ed58cd5205debf5c6d3409bb961af4f88ef5bd7b8f6cd422ee789f2e5f352a4e"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\VSS", "value_name": "Start"}, {"hashes": ["30dd9806d7fe6f3fecf98796862b12d600ecf9bf37164ad0f3562e2b92241711", "4fa102772fe3e3d8a2cef5817e51832f09b38b4728167c6a1174df9daa1b73ed", "5195a09384e48b1e0a99ffe138a813af64497b21eabadf5bda3ec303d5cd0512", "58ded283f8e88aa3b7c961a6d8c649a2a820db777683c38bd605754bff2a1b46", "7228b71bb5292e8d9d7d8ce43641fe5dbf187343a6aa21e51a160932c7200bf4", "7342e2e6fbbc5dfb3480341d18a6db87209bc2827210a83d439a9875a8c6c922", "85e5d25c134536a992ec0548d18dcf91ac55ce771ddc8a51dfad1d5f71feac65", "8788781d868e0c411ab75c53ca2f2684adb966e0621453cec303fcd19a17ae09", "95e2661e4a6add09c7a5d50db0c4f3ee24b91559b41fbb6829dde00393ae0dbb", "9f8d7eca78e4172e603ab0beb8e5c2b38d9753c43d74c5a6ed653de63099195d", "c1bbdd977499c88ac725bb9583871553d3f35e74ac53bb28b3dc654991417340", "dab2cf3ce1f6e8296dadb5c2b408d8fad7af1b10cf4fafcda6f5e10b76635bb3", "ed17811edaaf8818bc5e9ed634eb41422cc3b3ef3a8688a194f5fb449a036bd4", "ed58cd5205debf5c6d3409bb961af4f88ef5bd7b8f6cd422ee789f2e5f352a4e"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WBENGINE", "value_name": "Type"}, {"hashes": ["30dd9806d7fe6f3fecf98796862b12d600ecf9bf37164ad0f3562e2b92241711", "4fa102772fe3e3d8a2cef5817e51832f09b38b4728167c6a1174df9daa1b73ed", "5195a09384e48b1e0a99ffe138a813af64497b21eabadf5bda3ec303d5cd0512", "58ded283f8e88aa3b7c961a6d8c649a2a820db777683c38bd605754bff2a1b46", "7228b71bb5292e8d9d7d8ce43641fe5dbf187343a6aa21e51a160932c7200bf4", "7342e2e6fbbc5dfb3480341d18a6db87209bc2827210a83d439a9875a8c6c922", "85e5d25c134536a992ec0548d18dcf91ac55ce771ddc8a51dfad1d5f71feac65", "8788781d868e0c411ab75c53ca2f2684adb966e0621453cec303fcd19a17ae09", "95e2661e4a6add09c7a5d50db0c4f3ee24b91559b41fbb6829dde00393ae0dbb", "9f8d7eca78e4172e603ab0beb8e5c2b38d9753c43d74c5a6ed653de63099195d", "c1bbdd977499c88ac725bb9583871553d3f35e74ac53bb28b3dc654991417340", "dab2cf3ce1f6e8296dadb5c2b408d8fad7af1b10cf4fafcda6f5e10b76635bb3", "ed17811edaaf8818bc5e9ed634eb41422cc3b3ef3a8688a194f5fb449a036bd4", "ed58cd5205debf5c6d3409bb961af4f88ef5bd7b8f6cd422ee789f2e5f352a4e"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WBENGINE", "value_name": "Start"}, {"hashes": ["30dd9806d7fe6f3fecf98796862b12d600ecf9bf37164ad0f3562e2b92241711", "4fa102772fe3e3d8a2cef5817e51832f09b38b4728167c6a1174df9daa1b73ed", "5195a09384e48b1e0a99ffe138a813af64497b21eabadf5bda3ec303d5cd0512", "58ded283f8e88aa3b7c961a6d8c649a2a820db777683c38bd605754bff2a1b46", "7228b71bb5292e8d9d7d8ce43641fe5dbf187343a6aa21e51a160932c7200bf4", "7342e2e6fbbc5dfb3480341d18a6db87209bc2827210a83d439a9875a8c6c922", "85e5d25c134536a992ec0548d18dcf91ac55ce771ddc8a51dfad1d5f71feac65", "8788781d868e0c411ab75c53ca2f2684adb966e0621453cec303fcd19a17ae09", "95e2661e4a6add09c7a5d50db0c4f3ee24b91559b41fbb6829dde00393ae0dbb", "9f8d7eca78e4172e603ab0beb8e5c2b38d9753c43d74c5a6ed653de63099195d", "c1bbdd977499c88ac725bb9583871553d3f35e74ac53bb28b3dc654991417340", "dab2cf3ce1f6e8296dadb5c2b408d8fad7af1b10cf4fafcda6f5e10b76635bb3", "ed17811edaaf8818bc5e9ed634eb41422cc3b3ef3a8688a194f5fb449a036bd4", "ed58cd5205debf5c6d3409bb961af4f88ef5bd7b8f6cd422ee789f2e5f352a4e"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WMIAPSRV", "value_name": "Type"}, {"hashes": ["30dd9806d7fe6f3fecf98796862b12d600ecf9bf37164ad0f3562e2b92241711", "4fa102772fe3e3d8a2cef5817e51832f09b38b4728167c6a1174df9daa1b73ed", "5195a09384e48b1e0a99ffe138a813af64497b21eabadf5bda3ec303d5cd0512", "58ded283f8e88aa3b7c961a6d8c649a2a820db777683c38bd605754bff2a1b46", "7228b71bb5292e8d9d7d8ce43641fe5dbf187343a6aa21e51a160932c7200bf4", "7342e2e6fbbc5dfb3480341d18a6db87209bc2827210a83d439a9875a8c6c922", "85e5d25c134536a992ec0548d18dcf91ac55ce771ddc8a51dfad1d5f71feac65", "8788781d868e0c411ab75c53ca2f2684adb966e0621453cec303fcd19a17ae09", "95e2661e4a6add09c7a5d50db0c4f3ee24b91559b41fbb6829dde00393ae0dbb", "9f8d7eca78e4172e603ab0beb8e5c2b38d9753c43d74c5a6ed653de63099195d", "c1bbdd977499c88ac725bb9583871553d3f35e74ac53bb28b3dc654991417340", "dab2cf3ce1f6e8296dadb5c2b408d8fad7af1b10cf4fafcda6f5e10b76635bb3", "ed17811edaaf8818bc5e9ed634eb41422cc3b3ef3a8688a194f5fb449a036bd4", "ed58cd5205debf5c6d3409bb961af4f88ef5bd7b8f6cd422ee789f2e5f352a4e"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WMIAPSRV", "value_name": "Start"}, {"hashes": ["30dd9806d7fe6f3fecf98796862b12d600ecf9bf37164ad0f3562e2b92241711", "4fa102772fe3e3d8a2cef5817e51832f09b38b4728167c6a1174df9daa1b73ed", "5195a09384e48b1e0a99ffe138a813af64497b21eabadf5bda3ec303d5cd0512", "58ded283f8e88aa3b7c961a6d8c649a2a820db777683c38bd605754bff2a1b46", "7228b71bb5292e8d9d7d8ce43641fe5dbf187343a6aa21e51a160932c7200bf4", "7342e2e6fbbc5dfb3480341d18a6db87209bc2827210a83d439a9875a8c6c922", "85e5d25c134536a992ec0548d18dcf91ac55ce771ddc8a51dfad1d5f71feac65", "8788781d868e0c411ab75c53ca2f2684adb966e0621453cec303fcd19a17ae09", "95e2661e4a6add09c7a5d50db0c4f3ee24b91559b41fbb6829dde00393ae0dbb", "9f8d7eca78e4172e603ab0beb8e5c2b38d9753c43d74c5a6ed653de63099195d", "c1bbdd977499c88ac725bb9583871553d3f35e74ac53bb28b3dc654991417340", "dab2cf3ce1f6e8296dadb5c2b408d8fad7af1b10cf4fafcda6f5e10b76635bb3", "ed17811edaaf8818bc5e9ed634eb41422cc3b3ef3a8688a194f5fb449a036bd4", "ed58cd5205debf5c6d3409bb961af4f88ef5bd7b8f6cd422ee789f2e5f352a4e"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\SECURITY CENTER\\SVC\\S-1-5-21-2580483871-590521980-3826313501-500", "value_name": null}, {"hashes": ["30dd9806d7fe6f3fecf98796862b12d600ecf9bf37164ad0f3562e2b92241711", "4fa102772fe3e3d8a2cef5817e51832f09b38b4728167c6a1174df9daa1b73ed", "5195a09384e48b1e0a99ffe138a813af64497b21eabadf5bda3ec303d5cd0512", "58ded283f8e88aa3b7c961a6d8c649a2a820db777683c38bd605754bff2a1b46", "7228b71bb5292e8d9d7d8ce43641fe5dbf187343a6aa21e51a160932c7200bf4", "7342e2e6fbbc5dfb3480341d18a6db87209bc2827210a83d439a9875a8c6c922", "85e5d25c134536a992ec0548d18dcf91ac55ce771ddc8a51dfad1d5f71feac65", "8788781d868e0c411ab75c53ca2f2684adb966e0621453cec303fcd19a17ae09", "95e2661e4a6add09c7a5d50db0c4f3ee24b91559b41fbb6829dde00393ae0dbb", "9f8d7eca78e4172e603ab0beb8e5c2b38d9753c43d74c5a6ed653de63099195d", "c1bbdd977499c88ac725bb9583871553d3f35e74ac53bb28b3dc654991417340", "dab2cf3ce1f6e8296dadb5c2b408d8fad7af1b10cf4fafcda6f5e10b76635bb3", "ed17811edaaf8818bc5e9ed634eb41422cc3b3ef3a8688a194f5fb449a036bd4", "ed58cd5205debf5c6d3409bb961af4f88ef5bd7b8f6cd422ee789f2e5f352a4e"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\SECURITY CENTER\\SVC\\S-1-5-21-2580483871-590521980-3826313501-500", "value_name": "EnableNotifications"}, {"hashes": ["30dd9806d7fe6f3fecf98796862b12d600ecf9bf37164ad0f3562e2b92241711", "4fa102772fe3e3d8a2cef5817e51832f09b38b4728167c6a1174df9daa1b73ed", "5195a09384e48b1e0a99ffe138a813af64497b21eabadf5bda3ec303d5cd0512", "58ded283f8e88aa3b7c961a6d8c649a2a820db777683c38bd605754bff2a1b46", "7228b71bb5292e8d9d7d8ce43641fe5dbf187343a6aa21e51a160932c7200bf4", "7342e2e6fbbc5dfb3480341d18a6db87209bc2827210a83d439a9875a8c6c922", "85e5d25c134536a992ec0548d18dcf91ac55ce771ddc8a51dfad1d5f71feac65", "8788781d868e0c411ab75c53ca2f2684adb966e0621453cec303fcd19a17ae09", "95e2661e4a6add09c7a5d50db0c4f3ee24b91559b41fbb6829dde00393ae0dbb", "9f8d7eca78e4172e603ab0beb8e5c2b38d9753c43d74c5a6ed653de63099195d", "c1bbdd977499c88ac725bb9583871553d3f35e74ac53bb28b3dc654991417340", "dab2cf3ce1f6e8296dadb5c2b408d8fad7af1b10cf4fafcda6f5e10b76635bb3", "ed17811edaaf8818bc5e9ed634eb41422cc3b3ef3a8688a194f5fb449a036bd4", "ed58cd5205debf5c6d3409bb961af4f88ef5bd7b8f6cd422ee789f2e5f352a4e"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\CLR_OPTIMIZATION_V2.0.50727_32", "value_name": "Start"}, {"hashes": ["30dd9806d7fe6f3fecf98796862b12d600ecf9bf37164ad0f3562e2b92241711", "4fa102772fe3e3d8a2cef5817e51832f09b38b4728167c6a1174df9daa1b73ed", "5195a09384e48b1e0a99ffe138a813af64497b21eabadf5bda3ec303d5cd0512", "58ded283f8e88aa3b7c961a6d8c649a2a820db777683c38bd605754bff2a1b46", "7228b71bb5292e8d9d7d8ce43641fe5dbf187343a6aa21e51a160932c7200bf4", "7342e2e6fbbc5dfb3480341d18a6db87209bc2827210a83d439a9875a8c6c922", "85e5d25c134536a992ec0548d18dcf91ac55ce771ddc8a51dfad1d5f71feac65", "8788781d868e0c411ab75c53ca2f2684adb966e0621453cec303fcd19a17ae09", "95e2661e4a6add09c7a5d50db0c4f3ee24b91559b41fbb6829dde00393ae0dbb", "9f8d7eca78e4172e603ab0beb8e5c2b38d9753c43d74c5a6ed653de63099195d", "c1bbdd977499c88ac725bb9583871553d3f35e74ac53bb28b3dc654991417340", "dab2cf3ce1f6e8296dadb5c2b408d8fad7af1b10cf4fafcda6f5e10b76635bb3", "ed17811edaaf8818bc5e9ed634eb41422cc3b3ef3a8688a194f5fb449a036bd4", "ed58cd5205debf5c6d3409bb961af4f88ef5bd7b8f6cd422ee789f2e5f352a4e"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINMINE", "value_name": "Difficulty"}, {"hashes": ["30dd9806d7fe6f3fecf98796862b12d600ecf9bf37164ad0f3562e2b92241711", "4fa102772fe3e3d8a2cef5817e51832f09b38b4728167c6a1174df9daa1b73ed", "5195a09384e48b1e0a99ffe138a813af64497b21eabadf5bda3ec303d5cd0512", "58ded283f8e88aa3b7c961a6d8c649a2a820db777683c38bd605754bff2a1b46", "7228b71bb5292e8d9d7d8ce43641fe5dbf187343a6aa21e51a160932c7200bf4", "7342e2e6fbbc5dfb3480341d18a6db87209bc2827210a83d439a9875a8c6c922", "85e5d25c134536a992ec0548d18dcf91ac55ce771ddc8a51dfad1d5f71feac65", "8788781d868e0c411ab75c53ca2f2684adb966e0621453cec303fcd19a17ae09", "95e2661e4a6add09c7a5d50db0c4f3ee24b91559b41fbb6829dde00393ae0dbb", "9f8d7eca78e4172e603ab0beb8e5c2b38d9753c43d74c5a6ed653de63099195d", "c1bbdd977499c88ac725bb9583871553d3f35e74ac53bb28b3dc654991417340", "dab2cf3ce1f6e8296dadb5c2b408d8fad7af1b10cf4fafcda6f5e10b76635bb3", "ed17811edaaf8818bc5e9ed634eb41422cc3b3ef3a8688a194f5fb449a036bd4", "ed58cd5205debf5c6d3409bb961af4f88ef5bd7b8f6cd422ee789f2e5f352a4e"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINMINE", "value_name": "Height"}, {"hashes": ["30dd9806d7fe6f3fecf98796862b12d600ecf9bf37164ad0f3562e2b92241711", "4fa102772fe3e3d8a2cef5817e51832f09b38b4728167c6a1174df9daa1b73ed", "5195a09384e48b1e0a99ffe138a813af64497b21eabadf5bda3ec303d5cd0512", "58ded283f8e88aa3b7c961a6d8c649a2a820db777683c38bd605754bff2a1b46", "7228b71bb5292e8d9d7d8ce43641fe5dbf187343a6aa21e51a160932c7200bf4", "7342e2e6fbbc5dfb3480341d18a6db87209bc2827210a83d439a9875a8c6c922", "85e5d25c134536a992ec0548d18dcf91ac55ce771ddc8a51dfad1d5f71feac65", "8788781d868e0c411ab75c53ca2f2684adb966e0621453cec303fcd19a17ae09", "95e2661e4a6add09c7a5d50db0c4f3ee24b91559b41fbb6829dde00393ae0dbb", "9f8d7eca78e4172e603ab0beb8e5c2b38d9753c43d74c5a6ed653de63099195d", "c1bbdd977499c88ac725bb9583871553d3f35e74ac53bb28b3dc654991417340", "dab2cf3ce1f6e8296dadb5c2b408d8fad7af1b10cf4fafcda6f5e10b76635bb3", "ed17811edaaf8818bc5e9ed634eb41422cc3b3ef3a8688a194f5fb449a036bd4", "ed58cd5205debf5c6d3409bb961af4f88ef5bd7b8f6cd422ee789f2e5f352a4e"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINMINE", "value_name": "Width"}, {"hashes": ["30dd9806d7fe6f3fecf98796862b12d600ecf9bf37164ad0f3562e2b92241711", "4fa102772fe3e3d8a2cef5817e51832f09b38b4728167c6a1174df9daa1b73ed", "5195a09384e48b1e0a99ffe138a813af64497b21eabadf5bda3ec303d5cd0512", "58ded283f8e88aa3b7c961a6d8c649a2a820db777683c38bd605754bff2a1b46", "7228b71bb5292e8d9d7d8ce43641fe5dbf187343a6aa21e51a160932c7200bf4", "7342e2e6fbbc5dfb3480341d18a6db87209bc2827210a83d439a9875a8c6c922", "85e5d25c134536a992ec0548d18dcf91ac55ce771ddc8a51dfad1d5f71feac65", "8788781d868e0c411ab75c53ca2f2684adb966e0621453cec303fcd19a17ae09", "95e2661e4a6add09c7a5d50db0c4f3ee24b91559b41fbb6829dde00393ae0dbb", "9f8d7eca78e4172e603ab0beb8e5c2b38d9753c43d74c5a6ed653de63099195d", "c1bbdd977499c88ac725bb9583871553d3f35e74ac53bb28b3dc654991417340", "dab2cf3ce1f6e8296dadb5c2b408d8fad7af1b10cf4fafcda6f5e10b76635bb3", "ed17811edaaf8818bc5e9ed634eb41422cc3b3ef3a8688a194f5fb449a036bd4", "ed58cd5205debf5c6d3409bb961af4f88ef5bd7b8f6cd422ee789f2e5f352a4e"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINMINE", "value_name": "Mines"}, {"hashes": ["30dd9806d7fe6f3fecf98796862b12d600ecf9bf37164ad0f3562e2b92241711", "4fa102772fe3e3d8a2cef5817e51832f09b38b4728167c6a1174df9daa1b73ed", "5195a09384e48b1e0a99ffe138a813af64497b21eabadf5bda3ec303d5cd0512", "58ded283f8e88aa3b7c961a6d8c649a2a820db777683c38bd605754bff2a1b46", "7228b71bb5292e8d9d7d8ce43641fe5dbf187343a6aa21e51a160932c7200bf4", "7342e2e6fbbc5dfb3480341d18a6db87209bc2827210a83d439a9875a8c6c922", "85e5d25c134536a992ec0548d18dcf91ac55ce771ddc8a51dfad1d5f71feac65", "8788781d868e0c411ab75c53ca2f2684adb966e0621453cec303fcd19a17ae09", "95e2661e4a6add09c7a5d50db0c4f3ee24b91559b41fbb6829dde00393ae0dbb", "9f8d7eca78e4172e603ab0beb8e5c2b38d9753c43d74c5a6ed653de63099195d", "c1bbdd977499c88ac725bb9583871553d3f35e74ac53bb28b3dc654991417340", "dab2cf3ce1f6e8296dadb5c2b408d8fad7af1b10cf4fafcda6f5e10b76635bb3", "ed17811edaaf8818bc5e9ed634eb41422cc3b3ef3a8688a194f5fb449a036bd4", "ed58cd5205debf5c6d3409bb961af4f88ef5bd7b8f6cd422ee789f2e5f352a4e"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINMINE", "value_name": "Mark"}, {"hashes": ["30dd9806d7fe6f3fecf98796862b12d600ecf9bf37164ad0f3562e2b92241711", "4fa102772fe3e3d8a2cef5817e51832f09b38b4728167c6a1174df9daa1b73ed", "5195a09384e48b1e0a99ffe138a813af64497b21eabadf5bda3ec303d5cd0512", "58ded283f8e88aa3b7c961a6d8c649a2a820db777683c38bd605754bff2a1b46", "7228b71bb5292e8d9d7d8ce43641fe5dbf187343a6aa21e51a160932c7200bf4", "7342e2e6fbbc5dfb3480341d18a6db87209bc2827210a83d439a9875a8c6c922", "85e5d25c134536a992ec0548d18dcf91ac55ce771ddc8a51dfad1d5f71feac65", "8788781d868e0c411ab75c53ca2f2684adb966e0621453cec303fcd19a17ae09", "95e2661e4a6add09c7a5d50db0c4f3ee24b91559b41fbb6829dde00393ae0dbb", "9f8d7eca78e4172e603ab0beb8e5c2b38d9753c43d74c5a6ed653de63099195d", "c1bbdd977499c88ac725bb9583871553d3f35e74ac53bb28b3dc654991417340", "dab2cf3ce1f6e8296dadb5c2b408d8fad7af1b10cf4fafcda6f5e10b76635bb3", "ed17811edaaf8818bc5e9ed634eb41422cc3b3ef3a8688a194f5fb449a036bd4", "ed58cd5205debf5c6d3409bb961af4f88ef5bd7b8f6cd422ee789f2e5f352a4e"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINMINE", "value_name": "AlreadyPlayed"}, {"hashes": ["30dd9806d7fe6f3fecf98796862b12d600ecf9bf37164ad0f3562e2b92241711", "4fa102772fe3e3d8a2cef5817e51832f09b38b4728167c6a1174df9daa1b73ed", "5195a09384e48b1e0a99ffe138a813af64497b21eabadf5bda3ec303d5cd0512", "58ded283f8e88aa3b7c961a6d8c649a2a820db777683c38bd605754bff2a1b46", "7228b71bb5292e8d9d7d8ce43641fe5dbf187343a6aa21e51a160932c7200bf4", "7342e2e6fbbc5dfb3480341d18a6db87209bc2827210a83d439a9875a8c6c922", "85e5d25c134536a992ec0548d18dcf91ac55ce771ddc8a51dfad1d5f71feac65", "8788781d868e0c411ab75c53ca2f2684adb966e0621453cec303fcd19a17ae09", "95e2661e4a6add09c7a5d50db0c4f3ee24b91559b41fbb6829dde00393ae0dbb", "9f8d7eca78e4172e603ab0beb8e5c2b38d9753c43d74c5a6ed653de63099195d", "c1bbdd977499c88ac725bb9583871553d3f35e74ac53bb28b3dc654991417340", "dab2cf3ce1f6e8296dadb5c2b408d8fad7af1b10cf4fafcda6f5e10b76635bb3", "ed17811edaaf8818bc5e9ed634eb41422cc3b3ef3a8688a194f5fb449a036bd4", "ed58cd5205debf5c6d3409bb961af4f88ef5bd7b8f6cd422ee789f2e5f352a4e"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINMINE", "value_name": "Color"}, {"hashes": ["30dd9806d7fe6f3fecf98796862b12d600ecf9bf37164ad0f3562e2b92241711", "4fa102772fe3e3d8a2cef5817e51832f09b38b4728167c6a1174df9daa1b73ed", "5195a09384e48b1e0a99ffe138a813af64497b21eabadf5bda3ec303d5cd0512", "58ded283f8e88aa3b7c961a6d8c649a2a820db777683c38bd605754bff2a1b46", "7228b71bb5292e8d9d7d8ce43641fe5dbf187343a6aa21e51a160932c7200bf4", "7342e2e6fbbc5dfb3480341d18a6db87209bc2827210a83d439a9875a8c6c922", "85e5d25c134536a992ec0548d18dcf91ac55ce771ddc8a51dfad1d5f71feac65", "8788781d868e0c411ab75c53ca2f2684adb966e0621453cec303fcd19a17ae09", "95e2661e4a6add09c7a5d50db0c4f3ee24b91559b41fbb6829dde00393ae0dbb", "9f8d7eca78e4172e603ab0beb8e5c2b38d9753c43d74c5a6ed653de63099195d", "c1bbdd977499c88ac725bb9583871553d3f35e74ac53bb28b3dc654991417340", "dab2cf3ce1f6e8296dadb5c2b408d8fad7af1b10cf4fafcda6f5e10b76635bb3", "ed17811edaaf8818bc5e9ed634eb41422cc3b3ef3a8688a194f5fb449a036bd4", "ed58cd5205debf5c6d3409bb961af4f88ef5bd7b8f6cd422ee789f2e5f352a4e"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINMINE", "value_name": "Sound"}, {"hashes": ["30dd9806d7fe6f3fecf98796862b12d600ecf9bf37164ad0f3562e2b92241711", "4fa102772fe3e3d8a2cef5817e51832f09b38b4728167c6a1174df9daa1b73ed", "5195a09384e48b1e0a99ffe138a813af64497b21eabadf5bda3ec303d5cd0512", "58ded283f8e88aa3b7c961a6d8c649a2a820db777683c38bd605754bff2a1b46", "7228b71bb5292e8d9d7d8ce43641fe5dbf187343a6aa21e51a160932c7200bf4", "7342e2e6fbbc5dfb3480341d18a6db87209bc2827210a83d439a9875a8c6c922", "85e5d25c134536a992ec0548d18dcf91ac55ce771ddc8a51dfad1d5f71feac65", "8788781d868e0c411ab75c53ca2f2684adb966e0621453cec303fcd19a17ae09", "95e2661e4a6add09c7a5d50db0c4f3ee24b91559b41fbb6829dde00393ae0dbb", "9f8d7eca78e4172e603ab0beb8e5c2b38d9753c43d74c5a6ed653de63099195d", "c1bbdd977499c88ac725bb9583871553d3f35e74ac53bb28b3dc654991417340", "dab2cf3ce1f6e8296dadb5c2b408d8fad7af1b10cf4fafcda6f5e10b76635bb3", "ed17811edaaf8818bc5e9ed634eb41422cc3b3ef3a8688a194f5fb449a036bd4", "ed58cd5205debf5c6d3409bb961af4f88ef5bd7b8f6cd422ee789f2e5f352a4e"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINMINE", "value_name": "Xpos"}, {"hashes": ["30dd9806d7fe6f3fecf98796862b12d600ecf9bf37164ad0f3562e2b92241711", "4fa102772fe3e3d8a2cef5817e51832f09b38b4728167c6a1174df9daa1b73ed", "5195a09384e48b1e0a99ffe138a813af64497b21eabadf5bda3ec303d5cd0512", "58ded283f8e88aa3b7c961a6d8c649a2a820db777683c38bd605754bff2a1b46", "7228b71bb5292e8d9d7d8ce43641fe5dbf187343a6aa21e51a160932c7200bf4", "7342e2e6fbbc5dfb3480341d18a6db87209bc2827210a83d439a9875a8c6c922", "85e5d25c134536a992ec0548d18dcf91ac55ce771ddc8a51dfad1d5f71feac65", "8788781d868e0c411ab75c53ca2f2684adb966e0621453cec303fcd19a17ae09", "95e2661e4a6add09c7a5d50db0c4f3ee24b91559b41fbb6829dde00393ae0dbb", "9f8d7eca78e4172e603ab0beb8e5c2b38d9753c43d74c5a6ed653de63099195d", "c1bbdd977499c88ac725bb9583871553d3f35e74ac53bb28b3dc654991417340", "dab2cf3ce1f6e8296dadb5c2b408d8fad7af1b10cf4fafcda6f5e10b76635bb3", "ed17811edaaf8818bc5e9ed634eb41422cc3b3ef3a8688a194f5fb449a036bd4", "ed58cd5205debf5c6d3409bb961af4f88ef5bd7b8f6cd422ee789f2e5f352a4e"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINMINE", "value_name": "Ypos"}, {"hashes": ["30dd9806d7fe6f3fecf98796862b12d600ecf9bf37164ad0f3562e2b92241711", "4fa102772fe3e3d8a2cef5817e51832f09b38b4728167c6a1174df9daa1b73ed", "5195a09384e48b1e0a99ffe138a813af64497b21eabadf5bda3ec303d5cd0512", "58ded283f8e88aa3b7c961a6d8c649a2a820db777683c38bd605754bff2a1b46", "7228b71bb5292e8d9d7d8ce43641fe5dbf187343a6aa21e51a160932c7200bf4", "7342e2e6fbbc5dfb3480341d18a6db87209bc2827210a83d439a9875a8c6c922", "85e5d25c134536a992ec0548d18dcf91ac55ce771ddc8a51dfad1d5f71feac65", "8788781d868e0c411ab75c53ca2f2684adb966e0621453cec303fcd19a17ae09", "95e2661e4a6add09c7a5d50db0c4f3ee24b91559b41fbb6829dde00393ae0dbb", "9f8d7eca78e4172e603ab0beb8e5c2b38d9753c43d74c5a6ed653de63099195d", "c1bbdd977499c88ac725bb9583871553d3f35e74ac53bb28b3dc654991417340", "dab2cf3ce1f6e8296dadb5c2b408d8fad7af1b10cf4fafcda6f5e10b76635bb3", "ed17811edaaf8818bc5e9ed634eb41422cc3b3ef3a8688a194f5fb449a036bd4", "ed58cd5205debf5c6d3409bb961af4f88ef5bd7b8f6cd422ee789f2e5f352a4e"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINMINE", "value_name": "Time1"}, {"hashes": ["30dd9806d7fe6f3fecf98796862b12d600ecf9bf37164ad0f3562e2b92241711", "4fa102772fe3e3d8a2cef5817e51832f09b38b4728167c6a1174df9daa1b73ed", "5195a09384e48b1e0a99ffe138a813af64497b21eabadf5bda3ec303d5cd0512", "58ded283f8e88aa3b7c961a6d8c649a2a820db777683c38bd605754bff2a1b46", "7228b71bb5292e8d9d7d8ce43641fe5dbf187343a6aa21e51a160932c7200bf4", "7342e2e6fbbc5dfb3480341d18a6db87209bc2827210a83d439a9875a8c6c922", "85e5d25c134536a992ec0548d18dcf91ac55ce771ddc8a51dfad1d5f71feac65", "8788781d868e0c411ab75c53ca2f2684adb966e0621453cec303fcd19a17ae09", "95e2661e4a6add09c7a5d50db0c4f3ee24b91559b41fbb6829dde00393ae0dbb", "9f8d7eca78e4172e603ab0beb8e5c2b38d9753c43d74c5a6ed653de63099195d", "c1bbdd977499c88ac725bb9583871553d3f35e74ac53bb28b3dc654991417340", "dab2cf3ce1f6e8296dadb5c2b408d8fad7af1b10cf4fafcda6f5e10b76635bb3", "ed17811edaaf8818bc5e9ed634eb41422cc3b3ef3a8688a194f5fb449a036bd4", "ed58cd5205debf5c6d3409bb961af4f88ef5bd7b8f6cd422ee789f2e5f352a4e"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINMINE", "value_name": "Time2"}, {"hashes": ["30dd9806d7fe6f3fecf98796862b12d600ecf9bf37164ad0f3562e2b92241711", "4fa102772fe3e3d8a2cef5817e51832f09b38b4728167c6a1174df9daa1b73ed", "5195a09384e48b1e0a99ffe138a813af64497b21eabadf5bda3ec303d5cd0512", "58ded283f8e88aa3b7c961a6d8c649a2a820db777683c38bd605754bff2a1b46", "7228b71bb5292e8d9d7d8ce43641fe5dbf187343a6aa21e51a160932c7200bf4", "7342e2e6fbbc5dfb3480341d18a6db87209bc2827210a83d439a9875a8c6c922", "85e5d25c134536a992ec0548d18dcf91ac55ce771ddc8a51dfad1d5f71feac65", "8788781d868e0c411ab75c53ca2f2684adb966e0621453cec303fcd19a17ae09", "95e2661e4a6add09c7a5d50db0c4f3ee24b91559b41fbb6829dde00393ae0dbb", "9f8d7eca78e4172e603ab0beb8e5c2b38d9753c43d74c5a6ed653de63099195d", "c1bbdd977499c88ac725bb9583871553d3f35e74ac53bb28b3dc654991417340", "dab2cf3ce1f6e8296dadb5c2b408d8fad7af1b10cf4fafcda6f5e10b76635bb3", "ed17811edaaf8818bc5e9ed634eb41422cc3b3ef3a8688a194f5fb449a036bd4", "ed58cd5205debf5c6d3409bb961af4f88ef5bd7b8f6cd422ee789f2e5f352a4e"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINMINE", "value_name": "Time3"}, {"hashes": ["30dd9806d7fe6f3fecf98796862b12d600ecf9bf37164ad0f3562e2b92241711", "4fa102772fe3e3d8a2cef5817e51832f09b38b4728167c6a1174df9daa1b73ed", "5195a09384e48b1e0a99ffe138a813af64497b21eabadf5bda3ec303d5cd0512", "58ded283f8e88aa3b7c961a6d8c649a2a820db777683c38bd605754bff2a1b46", "7228b71bb5292e8d9d7d8ce43641fe5dbf187343a6aa21e51a160932c7200bf4", "7342e2e6fbbc5dfb3480341d18a6db87209bc2827210a83d439a9875a8c6c922", "85e5d25c134536a992ec0548d18dcf91ac55ce771ddc8a51dfad1d5f71feac65", "8788781d868e0c411ab75c53ca2f2684adb966e0621453cec303fcd19a17ae09", "95e2661e4a6add09c7a5d50db0c4f3ee24b91559b41fbb6829dde00393ae0dbb", "9f8d7eca78e4172e603ab0beb8e5c2b38d9753c43d74c5a6ed653de63099195d", "c1bbdd977499c88ac725bb9583871553d3f35e74ac53bb28b3dc654991417340", "dab2cf3ce1f6e8296dadb5c2b408d8fad7af1b10cf4fafcda6f5e10b76635bb3", "ed17811edaaf8818bc5e9ed634eb41422cc3b3ef3a8688a194f5fb449a036bd4", "ed58cd5205debf5c6d3409bb961af4f88ef5bd7b8f6cd422ee789f2e5f352a4e"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINMINE", "value_name": "Name1"}, {"hashes": ["30dd9806d7fe6f3fecf98796862b12d600ecf9bf37164ad0f3562e2b92241711", "4fa102772fe3e3d8a2cef5817e51832f09b38b4728167c6a1174df9daa1b73ed", "5195a09384e48b1e0a99ffe138a813af64497b21eabadf5bda3ec303d5cd0512", "58ded283f8e88aa3b7c961a6d8c649a2a820db777683c38bd605754bff2a1b46", "7228b71bb5292e8d9d7d8ce43641fe5dbf187343a6aa21e51a160932c7200bf4", "7342e2e6fbbc5dfb3480341d18a6db87209bc2827210a83d439a9875a8c6c922", "85e5d25c134536a992ec0548d18dcf91ac55ce771ddc8a51dfad1d5f71feac65", "8788781d868e0c411ab75c53ca2f2684adb966e0621453cec303fcd19a17ae09", "95e2661e4a6add09c7a5d50db0c4f3ee24b91559b41fbb6829dde00393ae0dbb", "9f8d7eca78e4172e603ab0beb8e5c2b38d9753c43d74c5a6ed653de63099195d", "c1bbdd977499c88ac725bb9583871553d3f35e74ac53bb28b3dc654991417340", "dab2cf3ce1f6e8296dadb5c2b408d8fad7af1b10cf4fafcda6f5e10b76635bb3", "ed17811edaaf8818bc5e9ed634eb41422cc3b3ef3a8688a194f5fb449a036bd4", "ed58cd5205debf5c6d3409bb961af4f88ef5bd7b8f6cd422ee789f2e5f352a4e"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINMINE", "value_name": "Name2"}, {"hashes": ["30dd9806d7fe6f3fecf98796862b12d600ecf9bf37164ad0f3562e2b92241711", "4fa102772fe3e3d8a2cef5817e51832f09b38b4728167c6a1174df9daa1b73ed", "5195a09384e48b1e0a99ffe138a813af64497b21eabadf5bda3ec303d5cd0512", "58ded283f8e88aa3b7c961a6d8c649a2a820db777683c38bd605754bff2a1b46", "7228b71bb5292e8d9d7d8ce43641fe5dbf187343a6aa21e51a160932c7200bf4", "7342e2e6fbbc5dfb3480341d18a6db87209bc2827210a83d439a9875a8c6c922", "85e5d25c134536a992ec0548d18dcf91ac55ce771ddc8a51dfad1d5f71feac65", "8788781d868e0c411ab75c53ca2f2684adb966e0621453cec303fcd19a17ae09", "95e2661e4a6add09c7a5d50db0c4f3ee24b91559b41fbb6829dde00393ae0dbb", "9f8d7eca78e4172e603ab0beb8e5c2b38d9753c43d74c5a6ed653de63099195d", "c1bbdd977499c88ac725bb9583871553d3f35e74ac53bb28b3dc654991417340", "dab2cf3ce1f6e8296dadb5c2b408d8fad7af1b10cf4fafcda6f5e10b76635bb3", "ed17811edaaf8818bc5e9ed634eb41422cc3b3ef3a8688a194f5fb449a036bd4", "ed58cd5205debf5c6d3409bb961af4f88ef5bd7b8f6cd422ee789f2e5f352a4e"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINMINE", "value_name": "Name3"}, {"hashes": ["30dd9806d7fe6f3fecf98796862b12d600ecf9bf37164ad0f3562e2b92241711", "4fa102772fe3e3d8a2cef5817e51832f09b38b4728167c6a1174df9daa1b73ed", "5195a09384e48b1e0a99ffe138a813af64497b21eabadf5bda3ec303d5cd0512", "58ded283f8e88aa3b7c961a6d8c649a2a820db777683c38bd605754bff2a1b46", "7228b71bb5292e8d9d7d8ce43641fe5dbf187343a6aa21e51a160932c7200bf4", "7342e2e6fbbc5dfb3480341d18a6db87209bc2827210a83d439a9875a8c6c922", "85e5d25c134536a992ec0548d18dcf91ac55ce771ddc8a51dfad1d5f71feac65", "8788781d868e0c411ab75c53ca2f2684adb966e0621453cec303fcd19a17ae09", "95e2661e4a6add09c7a5d50db0c4f3ee24b91559b41fbb6829dde00393ae0dbb", "9f8d7eca78e4172e603ab0beb8e5c2b38d9753c43d74c5a6ed653de63099195d", "c1bbdd977499c88ac725bb9583871553d3f35e74ac53bb28b3dc654991417340", "dab2cf3ce1f6e8296dadb5c2b408d8fad7af1b10cf4fafcda6f5e10b76635bb3", "ed17811edaaf8818bc5e9ed634eb41422cc3b3ef3a8688a194f5fb449a036bd4", "ed58cd5205debf5c6d3409bb961af4f88ef5bd7b8f6cd422ee789f2e5f352a4e"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\CLR_OPTIMIZATION_V2.0.50727_64", "value_name": "Start"}, {"hashes": ["30dd9806d7fe6f3fecf98796862b12d600ecf9bf37164ad0f3562e2b92241711", "4fa102772fe3e3d8a2cef5817e51832f09b38b4728167c6a1174df9daa1b73ed", "5195a09384e48b1e0a99ffe138a813af64497b21eabadf5bda3ec303d5cd0512", "58ded283f8e88aa3b7c961a6d8c649a2a820db777683c38bd605754bff2a1b46", "7228b71bb5292e8d9d7d8ce43641fe5dbf187343a6aa21e51a160932c7200bf4", "7342e2e6fbbc5dfb3480341d18a6db87209bc2827210a83d439a9875a8c6c922", "85e5d25c134536a992ec0548d18dcf91ac55ce771ddc8a51dfad1d5f71feac65", "8788781d868e0c411ab75c53ca2f2684adb966e0621453cec303fcd19a17ae09", "95e2661e4a6add09c7a5d50db0c4f3ee24b91559b41fbb6829dde00393ae0dbb", "9f8d7eca78e4172e603ab0beb8e5c2b38d9753c43d74c5a6ed653de63099195d", "c1bbdd977499c88ac725bb9583871553d3f35e74ac53bb28b3dc654991417340", "dab2cf3ce1f6e8296dadb5c2b408d8fad7af1b10cf4fafcda6f5e10b76635bb3", "ed17811edaaf8818bc5e9ed634eb41422cc3b3ef3a8688a194f5fb449a036bd4", "ed58cd5205debf5c6d3409bb961af4f88ef5bd7b8f6cd422ee789f2e5f352a4e"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\.NETFRAMEWORK\\V2.0.50727\\NGENSERVICE\\STATE", "value_name": "AccumulatedWaitIdleTime"}, {"hashes": ["30dd9806d7fe6f3fecf98796862b12d600ecf9bf37164ad0f3562e2b92241711", "4fa102772fe3e3d8a2cef5817e51832f09b38b4728167c6a1174df9daa1b73ed", "5195a09384e48b1e0a99ffe138a813af64497b21eabadf5bda3ec303d5cd0512", "58ded283f8e88aa3b7c961a6d8c649a2a820db777683c38bd605754bff2a1b46", "7228b71bb5292e8d9d7d8ce43641fe5dbf187343a6aa21e51a160932c7200bf4", "7342e2e6fbbc5dfb3480341d18a6db87209bc2827210a83d439a9875a8c6c922", "85e5d25c134536a992ec0548d18dcf91ac55ce771ddc8a51dfad1d5f71feac65", "8788781d868e0c411ab75c53ca2f2684adb966e0621453cec303fcd19a17ae09", "95e2661e4a6add09c7a5d50db0c4f3ee24b91559b41fbb6829dde00393ae0dbb", "9f8d7eca78e4172e603ab0beb8e5c2b38d9753c43d74c5a6ed653de63099195d", "c1bbdd977499c88ac725bb9583871553d3f35e74ac53bb28b3dc654991417340", "dab2cf3ce1f6e8296dadb5c2b408d8fad7af1b10cf4fafcda6f5e10b76635bb3", "ed17811edaaf8818bc5e9ed634eb41422cc3b3ef3a8688a194f5fb449a036bd4", "ed58cd5205debf5c6d3409bb961af4f88ef5bd7b8f6cd422ee789f2e5f352a4e"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\.NETFRAMEWORK\\V2.0.50727\\NGENSERVICE\\LISTENEDSTATE", "value_name": "RootstoreDirty"}, {"hashes": ["30dd9806d7fe6f3fecf98796862b12d600ecf9bf37164ad0f3562e2b92241711", "4fa102772fe3e3d8a2cef5817e51832f09b38b4728167c6a1174df9daa1b73ed", "5195a09384e48b1e0a99ffe138a813af64497b21eabadf5bda3ec303d5cd0512", "58ded283f8e88aa3b7c961a6d8c649a2a820db777683c38bd605754bff2a1b46", "7228b71bb5292e8d9d7d8ce43641fe5dbf187343a6aa21e51a160932c7200bf4", "7342e2e6fbbc5dfb3480341d18a6db87209bc2827210a83d439a9875a8c6c922", "85e5d25c134536a992ec0548d18dcf91ac55ce771ddc8a51dfad1d5f71feac65", "8788781d868e0c411ab75c53ca2f2684adb966e0621453cec303fcd19a17ae09", "95e2661e4a6add09c7a5d50db0c4f3ee24b91559b41fbb6829dde00393ae0dbb", "9f8d7eca78e4172e603ab0beb8e5c2b38d9753c43d74c5a6ed653de63099195d", "c1bbdd977499c88ac725bb9583871553d3f35e74ac53bb28b3dc654991417340", "dab2cf3ce1f6e8296dadb5c2b408d8fad7af1b10cf4fafcda6f5e10b76635bb3", "ed17811edaaf8818bc5e9ed634eb41422cc3b3ef3a8688a194f5fb449a036bd4", "ed58cd5205debf5c6d3409bb961af4f88ef5bd7b8f6cd422ee789f2e5f352a4e"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\.NETFRAMEWORK\\V2.0.50727\\NGENSERVICE\\STATE", "value_name": "AccumulatedWaitIdleTime"}, {"hashes": ["30dd9806d7fe6f3fecf98796862b12d600ecf9bf37164ad0f3562e2b92241711", "4fa102772fe3e3d8a2cef5817e51832f09b38b4728167c6a1174df9daa1b73ed", "5195a09384e48b1e0a99ffe138a813af64497b21eabadf5bda3ec303d5cd0512", "58ded283f8e88aa3b7c961a6d8c649a2a820db777683c38bd605754bff2a1b46", "7228b71bb5292e8d9d7d8ce43641fe5dbf187343a6aa21e51a160932c7200bf4", "7342e2e6fbbc5dfb3480341d18a6db87209bc2827210a83d439a9875a8c6c922", "85e5d25c134536a992ec0548d18dcf91ac55ce771ddc8a51dfad1d5f71feac65", "8788781d868e0c411ab75c53ca2f2684adb966e0621453cec303fcd19a17ae09", "95e2661e4a6add09c7a5d50db0c4f3ee24b91559b41fbb6829dde00393ae0dbb", "9f8d7eca78e4172e603ab0beb8e5c2b38d9753c43d74c5a6ed653de63099195d", "c1bbdd977499c88ac725bb9583871553d3f35e74ac53bb28b3dc654991417340", "dab2cf3ce1f6e8296dadb5c2b408d8fad7af1b10cf4fafcda6f5e10b76635bb3", "ed17811edaaf8818bc5e9ed634eb41422cc3b3ef3a8688a194f5fb449a036bd4", "ed58cd5205debf5c6d3409bb961af4f88ef5bd7b8f6cd422ee789f2e5f352a4e"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\.NETFRAMEWORK\\V2.0.50727\\NGENSERVICE\\LISTENEDSTATE", "value_name": "RootstoreDirty"}, {"hashes": ["30dd9806d7fe6f3fecf98796862b12d600ecf9bf37164ad0f3562e2b92241711", "4fa102772fe3e3d8a2cef5817e51832f09b38b4728167c6a1174df9daa1b73ed", "5195a09384e48b1e0a99ffe138a813af64497b21eabadf5bda3ec303d5cd0512", "58ded283f8e88aa3b7c961a6d8c649a2a820db777683c38bd605754bff2a1b46", "7228b71bb5292e8d9d7d8ce43641fe5dbf187343a6aa21e51a160932c7200bf4", "7342e2e6fbbc5dfb3480341d18a6db87209bc2827210a83d439a9875a8c6c922", "85e5d25c134536a992ec0548d18dcf91ac55ce771ddc8a51dfad1d5f71feac65", "8788781d868e0c411ab75c53ca2f2684adb966e0621453cec303fcd19a17ae09", "95e2661e4a6add09c7a5d50db0c4f3ee24b91559b41fbb6829dde00393ae0dbb", "9f8d7eca78e4172e603ab0beb8e5c2b38d9753c43d74c5a6ed653de63099195d", "c1bbdd977499c88ac725bb9583871553d3f35e74ac53bb28b3dc654991417340", "dab2cf3ce1f6e8296dadb5c2b408d8fad7af1b10cf4fafcda6f5e10b76635bb3", "ed17811edaaf8818bc5e9ed634eb41422cc3b3ef3a8688a194f5fb449a036bd4", "ed58cd5205debf5c6d3409bb961af4f88ef5bd7b8f6cd422ee789f2e5f352a4e"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINMINE", "value_name": null}]}, "reports_count": 14}, "Win.Worm.Ruskill-9845542-1": {"bis": [{"bi": "cta-static-analyzer-malicious", "hashes": ["687e9c7b5e3641dea44df6592a5601dab1aa659facba415fbebaae83db37b50b", "8e5297c9450cb307302dd88be7c1846ff34ba1ce2f94f20b0edc949e2cbd86ec", "1fbcb9a9b3809d4a2912e33e6d81da4cfaa39b0e98798524038c4efc1f7029bc", "136808800e80d3a17169a14cb6d4037795ae1ac603e9e94f3176e395456d414d", "9110658caa6bb771c0f983f9351adb1258c6e1c976401c40acb674427dfe4179", "02c1fe4bff0b944b8a24c35c165601bc7093a2897502ed76339bf223a2e22f82", "1025cd12d003a503435a11e1895155e3dac8102b8925af75a116e229dbc8872f", "66f684e5e2db840156a6c2d48b927bff9affb2da3b470e2755486ad44f1ea589", "2951c2b198fc106c8b69701b7fc8fa455614c20fbb1da0e52ff61fd987a1df37", "43f9d6d4c3ab089052a39c9f26360c533390f1de5e297cac1d22db4ddbe885f9", "33a91fae1833f6b8af5d267435bc603ef6e764de4de71bae4d8b96022dced505", "20778098c7dc13af998594df8a92dc8ecf7d285549de0a57c8de62b3c027aa53", "8e8b95696a72f4048474132a4fbbd9caa6c2e3a39501f523e48ebe65bc542f37", "770788592bd5c473ac428057c58a26b31a522aed62fd4862c863c31b6ee8a347", "86891b7bec3a856e22137362efcaf955452686a950b545943a082683aec32db6", "66c875f739c0a053e199fe7087630ab566686eef2ecf18ab807f577bb61b3c43", "43c92c29429065668f1dcc5b0a76a0dba668c9e1565e3e19671fae3fc65799f6", "0a8e589f74b44031e8d0b94f8033cd942037eb26db6975ebd3fc789100391467", "6c812c6bd7e2f641c3b1e309510841759690c66df67c118693c239752b03f6b4", "421ab44e6b82e1a7738c4d5c8061f4e77162c0b82e0f54e3420191bb3289a4e8", "8974024a1a3062076484ad6c6091b193940d1009d1534ff468d285ed1d647744", "05a271b6a5a32cf561640fa6228ecb78ce9ff13611d6c618efb48721cb618961", "1ccd0791516841b7ba7d1a96a9eb64769f0a1c6e80b7c1795d3539b7e147f9c9", "925e60ead73bbd8000e8bf8858bdd23e6d800a292127f7a48d85cb72e2ebf154", "4d0461dc7dcbc4ef89e7fa7f391b40309ca0544112511fe9acb19d57b3d262e3"], "mitre_attack_tags": []}, {"bi": "imports-IsDebuggerPresent", "hashes": ["687e9c7b5e3641dea44df6592a5601dab1aa659facba415fbebaae83db37b50b", "8e5297c9450cb307302dd88be7c1846ff34ba1ce2f94f20b0edc949e2cbd86ec", "1fbcb9a9b3809d4a2912e33e6d81da4cfaa39b0e98798524038c4efc1f7029bc", "136808800e80d3a17169a14cb6d4037795ae1ac603e9e94f3176e395456d414d", "9110658caa6bb771c0f983f9351adb1258c6e1c976401c40acb674427dfe4179", "02c1fe4bff0b944b8a24c35c165601bc7093a2897502ed76339bf223a2e22f82", "1025cd12d003a503435a11e1895155e3dac8102b8925af75a116e229dbc8872f", "66f684e5e2db840156a6c2d48b927bff9affb2da3b470e2755486ad44f1ea589", "2951c2b198fc106c8b69701b7fc8fa455614c20fbb1da0e52ff61fd987a1df37", "43f9d6d4c3ab089052a39c9f26360c533390f1de5e297cac1d22db4ddbe885f9", "33a91fae1833f6b8af5d267435bc603ef6e764de4de71bae4d8b96022dced505", "20778098c7dc13af998594df8a92dc8ecf7d285549de0a57c8de62b3c027aa53", "8e8b95696a72f4048474132a4fbbd9caa6c2e3a39501f523e48ebe65bc542f37", "770788592bd5c473ac428057c58a26b31a522aed62fd4862c863c31b6ee8a347", "86891b7bec3a856e22137362efcaf955452686a950b545943a082683aec32db6", "66c875f739c0a053e199fe7087630ab566686eef2ecf18ab807f577bb61b3c43", "43c92c29429065668f1dcc5b0a76a0dba668c9e1565e3e19671fae3fc65799f6", "0a8e589f74b44031e8d0b94f8033cd942037eb26db6975ebd3fc789100391467", "6c812c6bd7e2f641c3b1e309510841759690c66df67c118693c239752b03f6b4", "421ab44e6b82e1a7738c4d5c8061f4e77162c0b82e0f54e3420191bb3289a4e8", "8974024a1a3062076484ad6c6091b193940d1009d1534ff468d285ed1d647744", "05a271b6a5a32cf561640fa6228ecb78ce9ff13611d6c618efb48721cb618961", "1ccd0791516841b7ba7d1a96a9eb64769f0a1c6e80b7c1795d3539b7e147f9c9", "925e60ead73bbd8000e8bf8858bdd23e6d800a292127f7a48d85cb72e2ebf154", "4d0461dc7dcbc4ef89e7fa7f391b40309ca0544112511fe9acb19d57b3d262e3"], "mitre_attack_tags": []}, {"bi": "antivirus-flagged-artifact", "hashes": ["687e9c7b5e3641dea44df6592a5601dab1aa659facba415fbebaae83db37b50b", "8e5297c9450cb307302dd88be7c1846ff34ba1ce2f94f20b0edc949e2cbd86ec", "1fbcb9a9b3809d4a2912e33e6d81da4cfaa39b0e98798524038c4efc1f7029bc", "136808800e80d3a17169a14cb6d4037795ae1ac603e9e94f3176e395456d414d", "02c1fe4bff0b944b8a24c35c165601bc7093a2897502ed76339bf223a2e22f82", "1025cd12d003a503435a11e1895155e3dac8102b8925af75a116e229dbc8872f", "66f684e5e2db840156a6c2d48b927bff9affb2da3b470e2755486ad44f1ea589", "2951c2b198fc106c8b69701b7fc8fa455614c20fbb1da0e52ff61fd987a1df37", "43f9d6d4c3ab089052a39c9f26360c533390f1de5e297cac1d22db4ddbe885f9", "33a91fae1833f6b8af5d267435bc603ef6e764de4de71bae4d8b96022dced505", "20778098c7dc13af998594df8a92dc8ecf7d285549de0a57c8de62b3c027aa53", "8e8b95696a72f4048474132a4fbbd9caa6c2e3a39501f523e48ebe65bc542f37", "770788592bd5c473ac428057c58a26b31a522aed62fd4862c863c31b6ee8a347", "86891b7bec3a856e22137362efcaf955452686a950b545943a082683aec32db6", "66c875f739c0a053e199fe7087630ab566686eef2ecf18ab807f577bb61b3c43", "43c92c29429065668f1dcc5b0a76a0dba668c9e1565e3e19671fae3fc65799f6", "0a8e589f74b44031e8d0b94f8033cd942037eb26db6975ebd3fc789100391467", "6c812c6bd7e2f641c3b1e309510841759690c66df67c118693c239752b03f6b4", "421ab44e6b82e1a7738c4d5c8061f4e77162c0b82e0f54e3420191bb3289a4e8", "8974024a1a3062076484ad6c6091b193940d1009d1534ff468d285ed1d647744", "05a271b6a5a32cf561640fa6228ecb78ce9ff13611d6c618efb48721cb618961", "1ccd0791516841b7ba7d1a96a9eb64769f0a1c6e80b7c1795d3539b7e147f9c9", "925e60ead73bbd8000e8bf8858bdd23e6d800a292127f7a48d85cb72e2ebf154", "4d0461dc7dcbc4ef89e7fa7f391b40309ca0544112511fe9acb19d57b3d262e3"], "mitre_attack_tags": []}, {"bi": "memory-execute-readwrite", "hashes": ["687e9c7b5e3641dea44df6592a5601dab1aa659facba415fbebaae83db37b50b", "8e5297c9450cb307302dd88be7c1846ff34ba1ce2f94f20b0edc949e2cbd86ec", "1fbcb9a9b3809d4a2912e33e6d81da4cfaa39b0e98798524038c4efc1f7029bc", "136808800e80d3a17169a14cb6d4037795ae1ac603e9e94f3176e395456d414d", "02c1fe4bff0b944b8a24c35c165601bc7093a2897502ed76339bf223a2e22f82", "1025cd12d003a503435a11e1895155e3dac8102b8925af75a116e229dbc8872f", "66f684e5e2db840156a6c2d48b927bff9affb2da3b470e2755486ad44f1ea589", "2951c2b198fc106c8b69701b7fc8fa455614c20fbb1da0e52ff61fd987a1df37", "43f9d6d4c3ab089052a39c9f26360c533390f1de5e297cac1d22db4ddbe885f9", "33a91fae1833f6b8af5d267435bc603ef6e764de4de71bae4d8b96022dced505", "20778098c7dc13af998594df8a92dc8ecf7d285549de0a57c8de62b3c027aa53", "8e8b95696a72f4048474132a4fbbd9caa6c2e3a39501f523e48ebe65bc542f37", "770788592bd5c473ac428057c58a26b31a522aed62fd4862c863c31b6ee8a347", "86891b7bec3a856e22137362efcaf955452686a950b545943a082683aec32db6", "66c875f739c0a053e199fe7087630ab566686eef2ecf18ab807f577bb61b3c43", "43c92c29429065668f1dcc5b0a76a0dba668c9e1565e3e19671fae3fc65799f6", "0a8e589f74b44031e8d0b94f8033cd942037eb26db6975ebd3fc789100391467", "6c812c6bd7e2f641c3b1e309510841759690c66df67c118693c239752b03f6b4", "421ab44e6b82e1a7738c4d5c8061f4e77162c0b82e0f54e3420191bb3289a4e8", "8974024a1a3062076484ad6c6091b193940d1009d1534ff468d285ed1d647744", "05a271b6a5a32cf561640fa6228ecb78ce9ff13611d6c618efb48721cb618961", "1ccd0791516841b7ba7d1a96a9eb64769f0a1c6e80b7c1795d3539b7e147f9c9", "925e60ead73bbd8000e8bf8858bdd23e6d800a292127f7a48d85cb72e2ebf154", "4d0461dc7dcbc4ef89e7fa7f391b40309ca0544112511fe9acb19d57b3d262e3"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "modified-executable", "hashes": ["687e9c7b5e3641dea44df6592a5601dab1aa659facba415fbebaae83db37b50b", "8e5297c9450cb307302dd88be7c1846ff34ba1ce2f94f20b0edc949e2cbd86ec", "1fbcb9a9b3809d4a2912e33e6d81da4cfaa39b0e98798524038c4efc1f7029bc", "136808800e80d3a17169a14cb6d4037795ae1ac603e9e94f3176e395456d414d", "02c1fe4bff0b944b8a24c35c165601bc7093a2897502ed76339bf223a2e22f82", "1025cd12d003a503435a11e1895155e3dac8102b8925af75a116e229dbc8872f", "66f684e5e2db840156a6c2d48b927bff9affb2da3b470e2755486ad44f1ea589", "2951c2b198fc106c8b69701b7fc8fa455614c20fbb1da0e52ff61fd987a1df37", "43f9d6d4c3ab089052a39c9f26360c533390f1de5e297cac1d22db4ddbe885f9", "33a91fae1833f6b8af5d267435bc603ef6e764de4de71bae4d8b96022dced505", "20778098c7dc13af998594df8a92dc8ecf7d285549de0a57c8de62b3c027aa53", "8e8b95696a72f4048474132a4fbbd9caa6c2e3a39501f523e48ebe65bc542f37", "770788592bd5c473ac428057c58a26b31a522aed62fd4862c863c31b6ee8a347", "86891b7bec3a856e22137362efcaf955452686a950b545943a082683aec32db6", "66c875f739c0a053e199fe7087630ab566686eef2ecf18ab807f577bb61b3c43", "43c92c29429065668f1dcc5b0a76a0dba668c9e1565e3e19671fae3fc65799f6", "0a8e589f74b44031e8d0b94f8033cd942037eb26db6975ebd3fc789100391467", "6c812c6bd7e2f641c3b1e309510841759690c66df67c118693c239752b03f6b4", "421ab44e6b82e1a7738c4d5c8061f4e77162c0b82e0f54e3420191bb3289a4e8", "8974024a1a3062076484ad6c6091b193940d1009d1534ff468d285ed1d647744", "05a271b6a5a32cf561640fa6228ecb78ce9ff13611d6c618efb48721cb618961", "1ccd0791516841b7ba7d1a96a9eb64769f0a1c6e80b7c1795d3539b7e147f9c9", "925e60ead73bbd8000e8bf8858bdd23e6d800a292127f7a48d85cb72e2ebf154", "4d0461dc7dcbc4ef89e7fa7f391b40309ca0544112511fe9acb19d57b3d262e3"], "mitre_attack_tags": []}, {"bi": "created-executable-in-user-dir", "hashes": ["687e9c7b5e3641dea44df6592a5601dab1aa659facba415fbebaae83db37b50b", "8e5297c9450cb307302dd88be7c1846ff34ba1ce2f94f20b0edc949e2cbd86ec", "1fbcb9a9b3809d4a2912e33e6d81da4cfaa39b0e98798524038c4efc1f7029bc", "136808800e80d3a17169a14cb6d4037795ae1ac603e9e94f3176e395456d414d", "02c1fe4bff0b944b8a24c35c165601bc7093a2897502ed76339bf223a2e22f82", "1025cd12d003a503435a11e1895155e3dac8102b8925af75a116e229dbc8872f", "66f684e5e2db840156a6c2d48b927bff9affb2da3b470e2755486ad44f1ea589", "2951c2b198fc106c8b69701b7fc8fa455614c20fbb1da0e52ff61fd987a1df37", "43f9d6d4c3ab089052a39c9f26360c533390f1de5e297cac1d22db4ddbe885f9", "33a91fae1833f6b8af5d267435bc603ef6e764de4de71bae4d8b96022dced505", "20778098c7dc13af998594df8a92dc8ecf7d285549de0a57c8de62b3c027aa53", "8e8b95696a72f4048474132a4fbbd9caa6c2e3a39501f523e48ebe65bc542f37", "770788592bd5c473ac428057c58a26b31a522aed62fd4862c863c31b6ee8a347", "86891b7bec3a856e22137362efcaf955452686a950b545943a082683aec32db6", "66c875f739c0a053e199fe7087630ab566686eef2ecf18ab807f577bb61b3c43", "43c92c29429065668f1dcc5b0a76a0dba668c9e1565e3e19671fae3fc65799f6", "0a8e589f74b44031e8d0b94f8033cd942037eb26db6975ebd3fc789100391467", "6c812c6bd7e2f641c3b1e309510841759690c66df67c118693c239752b03f6b4", "421ab44e6b82e1a7738c4d5c8061f4e77162c0b82e0f54e3420191bb3289a4e8", "8974024a1a3062076484ad6c6091b193940d1009d1534ff468d285ed1d647744", "05a271b6a5a32cf561640fa6228ecb78ce9ff13611d6c618efb48721cb618961", "1ccd0791516841b7ba7d1a96a9eb64769f0a1c6e80b7c1795d3539b7e147f9c9", "925e60ead73bbd8000e8bf8858bdd23e6d800a292127f7a48d85cb72e2ebf154", "4d0461dc7dcbc4ef89e7fa7f391b40309ca0544112511fe9acb19d57b3d262e3"], "mitre_attack_tags": []}, {"bi": "modified-file-in-user-dir", "hashes": ["687e9c7b5e3641dea44df6592a5601dab1aa659facba415fbebaae83db37b50b", "8e5297c9450cb307302dd88be7c1846ff34ba1ce2f94f20b0edc949e2cbd86ec", "1fbcb9a9b3809d4a2912e33e6d81da4cfaa39b0e98798524038c4efc1f7029bc", "136808800e80d3a17169a14cb6d4037795ae1ac603e9e94f3176e395456d414d", "02c1fe4bff0b944b8a24c35c165601bc7093a2897502ed76339bf223a2e22f82", "1025cd12d003a503435a11e1895155e3dac8102b8925af75a116e229dbc8872f", "66f684e5e2db840156a6c2d48b927bff9affb2da3b470e2755486ad44f1ea589", "2951c2b198fc106c8b69701b7fc8fa455614c20fbb1da0e52ff61fd987a1df37", "43f9d6d4c3ab089052a39c9f26360c533390f1de5e297cac1d22db4ddbe885f9", "33a91fae1833f6b8af5d267435bc603ef6e764de4de71bae4d8b96022dced505", "20778098c7dc13af998594df8a92dc8ecf7d285549de0a57c8de62b3c027aa53", "8e8b95696a72f4048474132a4fbbd9caa6c2e3a39501f523e48ebe65bc542f37", "770788592bd5c473ac428057c58a26b31a522aed62fd4862c863c31b6ee8a347", "86891b7bec3a856e22137362efcaf955452686a950b545943a082683aec32db6", "66c875f739c0a053e199fe7087630ab566686eef2ecf18ab807f577bb61b3c43", "43c92c29429065668f1dcc5b0a76a0dba668c9e1565e3e19671fae3fc65799f6", "0a8e589f74b44031e8d0b94f8033cd942037eb26db6975ebd3fc789100391467", "6c812c6bd7e2f641c3b1e309510841759690c66df67c118693c239752b03f6b4", "421ab44e6b82e1a7738c4d5c8061f4e77162c0b82e0f54e3420191bb3289a4e8", "8974024a1a3062076484ad6c6091b193940d1009d1534ff468d285ed1d647744", "05a271b6a5a32cf561640fa6228ecb78ce9ff13611d6c618efb48721cb618961", "1ccd0791516841b7ba7d1a96a9eb64769f0a1c6e80b7c1795d3539b7e147f9c9", "925e60ead73bbd8000e8bf8858bdd23e6d800a292127f7a48d85cb72e2ebf154", "4d0461dc7dcbc4ef89e7fa7f391b40309ca0544112511fe9acb19d57b3d262e3"], "mitre_attack_tags": []}, {"bi": "network-opendns-malicious", "hashes": ["687e9c7b5e3641dea44df6592a5601dab1aa659facba415fbebaae83db37b50b", "8e5297c9450cb307302dd88be7c1846ff34ba1ce2f94f20b0edc949e2cbd86ec", "1fbcb9a9b3809d4a2912e33e6d81da4cfaa39b0e98798524038c4efc1f7029bc", "136808800e80d3a17169a14cb6d4037795ae1ac603e9e94f3176e395456d414d", "02c1fe4bff0b944b8a24c35c165601bc7093a2897502ed76339bf223a2e22f82", "1025cd12d003a503435a11e1895155e3dac8102b8925af75a116e229dbc8872f", "66f684e5e2db840156a6c2d48b927bff9affb2da3b470e2755486ad44f1ea589", "2951c2b198fc106c8b69701b7fc8fa455614c20fbb1da0e52ff61fd987a1df37", "43f9d6d4c3ab089052a39c9f26360c533390f1de5e297cac1d22db4ddbe885f9", "33a91fae1833f6b8af5d267435bc603ef6e764de4de71bae4d8b96022dced505", "20778098c7dc13af998594df8a92dc8ecf7d285549de0a57c8de62b3c027aa53", "8e8b95696a72f4048474132a4fbbd9caa6c2e3a39501f523e48ebe65bc542f37", "770788592bd5c473ac428057c58a26b31a522aed62fd4862c863c31b6ee8a347", "86891b7bec3a856e22137362efcaf955452686a950b545943a082683aec32db6", "66c875f739c0a053e199fe7087630ab566686eef2ecf18ab807f577bb61b3c43", "43c92c29429065668f1dcc5b0a76a0dba668c9e1565e3e19671fae3fc65799f6", "0a8e589f74b44031e8d0b94f8033cd942037eb26db6975ebd3fc789100391467", "6c812c6bd7e2f641c3b1e309510841759690c66df67c118693c239752b03f6b4", "421ab44e6b82e1a7738c4d5c8061f4e77162c0b82e0f54e3420191bb3289a4e8", "8974024a1a3062076484ad6c6091b193940d1009d1534ff468d285ed1d647744", "05a271b6a5a32cf561640fa6228ecb78ce9ff13611d6c618efb48721cb618961", "1ccd0791516841b7ba7d1a96a9eb64769f0a1c6e80b7c1795d3539b7e147f9c9", "925e60ead73bbd8000e8bf8858bdd23e6d800a292127f7a48d85cb72e2ebf154", "4d0461dc7dcbc4ef89e7fa7f391b40309ca0544112511fe9acb19d57b3d262e3"], "mitre_attack_tags": []}, {"bi": "nginx-webserver-detected", "hashes": ["687e9c7b5e3641dea44df6592a5601dab1aa659facba415fbebaae83db37b50b", "8e5297c9450cb307302dd88be7c1846ff34ba1ce2f94f20b0edc949e2cbd86ec", "1fbcb9a9b3809d4a2912e33e6d81da4cfaa39b0e98798524038c4efc1f7029bc", "136808800e80d3a17169a14cb6d4037795ae1ac603e9e94f3176e395456d414d", "02c1fe4bff0b944b8a24c35c165601bc7093a2897502ed76339bf223a2e22f82", "1025cd12d003a503435a11e1895155e3dac8102b8925af75a116e229dbc8872f", "66f684e5e2db840156a6c2d48b927bff9affb2da3b470e2755486ad44f1ea589", "2951c2b198fc106c8b69701b7fc8fa455614c20fbb1da0e52ff61fd987a1df37", "43f9d6d4c3ab089052a39c9f26360c533390f1de5e297cac1d22db4ddbe885f9", "33a91fae1833f6b8af5d267435bc603ef6e764de4de71bae4d8b96022dced505", "20778098c7dc13af998594df8a92dc8ecf7d285549de0a57c8de62b3c027aa53", "8e8b95696a72f4048474132a4fbbd9caa6c2e3a39501f523e48ebe65bc542f37", "770788592bd5c473ac428057c58a26b31a522aed62fd4862c863c31b6ee8a347", "86891b7bec3a856e22137362efcaf955452686a950b545943a082683aec32db6", "66c875f739c0a053e199fe7087630ab566686eef2ecf18ab807f577bb61b3c43", "43c92c29429065668f1dcc5b0a76a0dba668c9e1565e3e19671fae3fc65799f6", "0a8e589f74b44031e8d0b94f8033cd942037eb26db6975ebd3fc789100391467", "6c812c6bd7e2f641c3b1e309510841759690c66df67c118693c239752b03f6b4", "421ab44e6b82e1a7738c4d5c8061f4e77162c0b82e0f54e3420191bb3289a4e8", "8974024a1a3062076484ad6c6091b193940d1009d1534ff468d285ed1d647744", "05a271b6a5a32cf561640fa6228ecb78ce9ff13611d6c618efb48721cb618961", "1ccd0791516841b7ba7d1a96a9eb64769f0a1c6e80b7c1795d3539b7e147f9c9", "925e60ead73bbd8000e8bf8858bdd23e6d800a292127f7a48d85cb72e2ebf154", "4d0461dc7dcbc4ef89e7fa7f391b40309ca0544112511fe9acb19d57b3d262e3"], "mitre_attack_tags": []}, {"bi": "network-fast-flux-domain", "hashes": ["687e9c7b5e3641dea44df6592a5601dab1aa659facba415fbebaae83db37b50b", "8e5297c9450cb307302dd88be7c1846ff34ba1ce2f94f20b0edc949e2cbd86ec", "1fbcb9a9b3809d4a2912e33e6d81da4cfaa39b0e98798524038c4efc1f7029bc", "136808800e80d3a17169a14cb6d4037795ae1ac603e9e94f3176e395456d414d", "02c1fe4bff0b944b8a24c35c165601bc7093a2897502ed76339bf223a2e22f82", "1025cd12d003a503435a11e1895155e3dac8102b8925af75a116e229dbc8872f", "66f684e5e2db840156a6c2d48b927bff9affb2da3b470e2755486ad44f1ea589", "2951c2b198fc106c8b69701b7fc8fa455614c20fbb1da0e52ff61fd987a1df37", "43f9d6d4c3ab089052a39c9f26360c533390f1de5e297cac1d22db4ddbe885f9", "33a91fae1833f6b8af5d267435bc603ef6e764de4de71bae4d8b96022dced505", "20778098c7dc13af998594df8a92dc8ecf7d285549de0a57c8de62b3c027aa53", "8e8b95696a72f4048474132a4fbbd9caa6c2e3a39501f523e48ebe65bc542f37", "770788592bd5c473ac428057c58a26b31a522aed62fd4862c863c31b6ee8a347", "86891b7bec3a856e22137362efcaf955452686a950b545943a082683aec32db6", "66c875f739c0a053e199fe7087630ab566686eef2ecf18ab807f577bb61b3c43", "43c92c29429065668f1dcc5b0a76a0dba668c9e1565e3e19671fae3fc65799f6", "0a8e589f74b44031e8d0b94f8033cd942037eb26db6975ebd3fc789100391467", "6c812c6bd7e2f641c3b1e309510841759690c66df67c118693c239752b03f6b4", "421ab44e6b82e1a7738c4d5c8061f4e77162c0b82e0f54e3420191bb3289a4e8", "8974024a1a3062076484ad6c6091b193940d1009d1534ff468d285ed1d647744", "05a271b6a5a32cf561640fa6228ecb78ce9ff13611d6c618efb48721cb618961", "1ccd0791516841b7ba7d1a96a9eb64769f0a1c6e80b7c1795d3539b7e147f9c9", "925e60ead73bbd8000e8bf8858bdd23e6d800a292127f7a48d85cb72e2ebf154", "4d0461dc7dcbc4ef89e7fa7f391b40309ca0544112511fe9acb19d57b3d262e3"], "mitre_attack_tags": []}, {"bi": "network-communications-http-get", "hashes": ["687e9c7b5e3641dea44df6592a5601dab1aa659facba415fbebaae83db37b50b", "8e5297c9450cb307302dd88be7c1846ff34ba1ce2f94f20b0edc949e2cbd86ec", "1fbcb9a9b3809d4a2912e33e6d81da4cfaa39b0e98798524038c4efc1f7029bc", "136808800e80d3a17169a14cb6d4037795ae1ac603e9e94f3176e395456d414d", "02c1fe4bff0b944b8a24c35c165601bc7093a2897502ed76339bf223a2e22f82", "1025cd12d003a503435a11e1895155e3dac8102b8925af75a116e229dbc8872f", "66f684e5e2db840156a6c2d48b927bff9affb2da3b470e2755486ad44f1ea589", "2951c2b198fc106c8b69701b7fc8fa455614c20fbb1da0e52ff61fd987a1df37", "43f9d6d4c3ab089052a39c9f26360c533390f1de5e297cac1d22db4ddbe885f9", "33a91fae1833f6b8af5d267435bc603ef6e764de4de71bae4d8b96022dced505", "20778098c7dc13af998594df8a92dc8ecf7d285549de0a57c8de62b3c027aa53", "8e8b95696a72f4048474132a4fbbd9caa6c2e3a39501f523e48ebe65bc542f37", "770788592bd5c473ac428057c58a26b31a522aed62fd4862c863c31b6ee8a347", "86891b7bec3a856e22137362efcaf955452686a950b545943a082683aec32db6", "66c875f739c0a053e199fe7087630ab566686eef2ecf18ab807f577bb61b3c43", "43c92c29429065668f1dcc5b0a76a0dba668c9e1565e3e19671fae3fc65799f6", "0a8e589f74b44031e8d0b94f8033cd942037eb26db6975ebd3fc789100391467", "6c812c6bd7e2f641c3b1e309510841759690c66df67c118693c239752b03f6b4", "421ab44e6b82e1a7738c4d5c8061f4e77162c0b82e0f54e3420191bb3289a4e8", "8974024a1a3062076484ad6c6091b193940d1009d1534ff468d285ed1d647744", "05a271b6a5a32cf561640fa6228ecb78ce9ff13611d6c618efb48721cb618961", "1ccd0791516841b7ba7d1a96a9eb64769f0a1c6e80b7c1795d3539b7e147f9c9", "925e60ead73bbd8000e8bf8858bdd23e6d800a292127f7a48d85cb72e2ebf154", "4d0461dc7dcbc4ef89e7fa7f391b40309ca0544112511fe9acb19d57b3d262e3"], "mitre_attack_tags": ["TA0011", "T1105"]}, {"bi": "dns-query-nxdomain", "hashes": ["687e9c7b5e3641dea44df6592a5601dab1aa659facba415fbebaae83db37b50b", "8e5297c9450cb307302dd88be7c1846ff34ba1ce2f94f20b0edc949e2cbd86ec", "1fbcb9a9b3809d4a2912e33e6d81da4cfaa39b0e98798524038c4efc1f7029bc", "136808800e80d3a17169a14cb6d4037795ae1ac603e9e94f3176e395456d414d", "02c1fe4bff0b944b8a24c35c165601bc7093a2897502ed76339bf223a2e22f82", "1025cd12d003a503435a11e1895155e3dac8102b8925af75a116e229dbc8872f", "66f684e5e2db840156a6c2d48b927bff9affb2da3b470e2755486ad44f1ea589", "2951c2b198fc106c8b69701b7fc8fa455614c20fbb1da0e52ff61fd987a1df37", "43f9d6d4c3ab089052a39c9f26360c533390f1de5e297cac1d22db4ddbe885f9", "33a91fae1833f6b8af5d267435bc603ef6e764de4de71bae4d8b96022dced505", "20778098c7dc13af998594df8a92dc8ecf7d285549de0a57c8de62b3c027aa53", "8e8b95696a72f4048474132a4fbbd9caa6c2e3a39501f523e48ebe65bc542f37", "770788592bd5c473ac428057c58a26b31a522aed62fd4862c863c31b6ee8a347", "86891b7bec3a856e22137362efcaf955452686a950b545943a082683aec32db6", "66c875f739c0a053e199fe7087630ab566686eef2ecf18ab807f577bb61b3c43", "43c92c29429065668f1dcc5b0a76a0dba668c9e1565e3e19671fae3fc65799f6", "0a8e589f74b44031e8d0b94f8033cd942037eb26db6975ebd3fc789100391467", "6c812c6bd7e2f641c3b1e309510841759690c66df67c118693c239752b03f6b4", "421ab44e6b82e1a7738c4d5c8061f4e77162c0b82e0f54e3420191bb3289a4e8", "8974024a1a3062076484ad6c6091b193940d1009d1534ff468d285ed1d647744", "05a271b6a5a32cf561640fa6228ecb78ce9ff13611d6c618efb48721cb618961", "1ccd0791516841b7ba7d1a96a9eb64769f0a1c6e80b7c1795d3539b7e147f9c9", "925e60ead73bbd8000e8bf8858bdd23e6d800a292127f7a48d85cb72e2ebf154", "4d0461dc7dcbc4ef89e7fa7f391b40309ca0544112511fe9acb19d57b3d262e3"], "mitre_attack_tags": []}, {"bi": "network-snort-protocol", "hashes": ["687e9c7b5e3641dea44df6592a5601dab1aa659facba415fbebaae83db37b50b", "8e5297c9450cb307302dd88be7c1846ff34ba1ce2f94f20b0edc949e2cbd86ec", "1fbcb9a9b3809d4a2912e33e6d81da4cfaa39b0e98798524038c4efc1f7029bc", "136808800e80d3a17169a14cb6d4037795ae1ac603e9e94f3176e395456d414d", "02c1fe4bff0b944b8a24c35c165601bc7093a2897502ed76339bf223a2e22f82", "1025cd12d003a503435a11e1895155e3dac8102b8925af75a116e229dbc8872f", "66f684e5e2db840156a6c2d48b927bff9affb2da3b470e2755486ad44f1ea589", "2951c2b198fc106c8b69701b7fc8fa455614c20fbb1da0e52ff61fd987a1df37", "43f9d6d4c3ab089052a39c9f26360c533390f1de5e297cac1d22db4ddbe885f9", "33a91fae1833f6b8af5d267435bc603ef6e764de4de71bae4d8b96022dced505", "20778098c7dc13af998594df8a92dc8ecf7d285549de0a57c8de62b3c027aa53", "8e8b95696a72f4048474132a4fbbd9caa6c2e3a39501f523e48ebe65bc542f37", "770788592bd5c473ac428057c58a26b31a522aed62fd4862c863c31b6ee8a347", "86891b7bec3a856e22137362efcaf955452686a950b545943a082683aec32db6", "66c875f739c0a053e199fe7087630ab566686eef2ecf18ab807f577bb61b3c43", "43c92c29429065668f1dcc5b0a76a0dba668c9e1565e3e19671fae3fc65799f6", "0a8e589f74b44031e8d0b94f8033cd942037eb26db6975ebd3fc789100391467", "6c812c6bd7e2f641c3b1e309510841759690c66df67c118693c239752b03f6b4", "421ab44e6b82e1a7738c4d5c8061f4e77162c0b82e0f54e3420191bb3289a4e8", "8974024a1a3062076484ad6c6091b193940d1009d1534ff468d285ed1d647744", "05a271b6a5a32cf561640fa6228ecb78ce9ff13611d6c618efb48721cb618961", "1ccd0791516841b7ba7d1a96a9eb64769f0a1c6e80b7c1795d3539b7e147f9c9", "925e60ead73bbd8000e8bf8858bdd23e6d800a292127f7a48d85cb72e2ebf154", "4d0461dc7dcbc4ef89e7fa7f391b40309ca0544112511fe9acb19d57b3d262e3"], "mitre_attack_tags": []}, {"bi": "network-only-safe-domains-contacted", "hashes": ["687e9c7b5e3641dea44df6592a5601dab1aa659facba415fbebaae83db37b50b", "8e5297c9450cb307302dd88be7c1846ff34ba1ce2f94f20b0edc949e2cbd86ec", "1fbcb9a9b3809d4a2912e33e6d81da4cfaa39b0e98798524038c4efc1f7029bc", "136808800e80d3a17169a14cb6d4037795ae1ac603e9e94f3176e395456d414d", "02c1fe4bff0b944b8a24c35c165601bc7093a2897502ed76339bf223a2e22f82", "1025cd12d003a503435a11e1895155e3dac8102b8925af75a116e229dbc8872f", "66f684e5e2db840156a6c2d48b927bff9affb2da3b470e2755486ad44f1ea589", "2951c2b198fc106c8b69701b7fc8fa455614c20fbb1da0e52ff61fd987a1df37", "43f9d6d4c3ab089052a39c9f26360c533390f1de5e297cac1d22db4ddbe885f9", "33a91fae1833f6b8af5d267435bc603ef6e764de4de71bae4d8b96022dced505", "20778098c7dc13af998594df8a92dc8ecf7d285549de0a57c8de62b3c027aa53", "8e8b95696a72f4048474132a4fbbd9caa6c2e3a39501f523e48ebe65bc542f37", "770788592bd5c473ac428057c58a26b31a522aed62fd4862c863c31b6ee8a347", "86891b7bec3a856e22137362efcaf955452686a950b545943a082683aec32db6", "66c875f739c0a053e199fe7087630ab566686eef2ecf18ab807f577bb61b3c43", "43c92c29429065668f1dcc5b0a76a0dba668c9e1565e3e19671fae3fc65799f6", "0a8e589f74b44031e8d0b94f8033cd942037eb26db6975ebd3fc789100391467", "6c812c6bd7e2f641c3b1e309510841759690c66df67c118693c239752b03f6b4", "421ab44e6b82e1a7738c4d5c8061f4e77162c0b82e0f54e3420191bb3289a4e8", "8974024a1a3062076484ad6c6091b193940d1009d1534ff468d285ed1d647744", "05a271b6a5a32cf561640fa6228ecb78ce9ff13611d6c618efb48721cb618961", "1ccd0791516841b7ba7d1a96a9eb64769f0a1c6e80b7c1795d3539b7e147f9c9", "925e60ead73bbd8000e8bf8858bdd23e6d800a292127f7a48d85cb72e2ebf154", "4d0461dc7dcbc4ef89e7fa7f391b40309ca0544112511fe9acb19d57b3d262e3"], "mitre_attack_tags": []}, {"bi": "feed-domain-rat", "hashes": ["687e9c7b5e3641dea44df6592a5601dab1aa659facba415fbebaae83db37b50b", "8e5297c9450cb307302dd88be7c1846ff34ba1ce2f94f20b0edc949e2cbd86ec", "1fbcb9a9b3809d4a2912e33e6d81da4cfaa39b0e98798524038c4efc1f7029bc", "136808800e80d3a17169a14cb6d4037795ae1ac603e9e94f3176e395456d414d", "02c1fe4bff0b944b8a24c35c165601bc7093a2897502ed76339bf223a2e22f82", "1025cd12d003a503435a11e1895155e3dac8102b8925af75a116e229dbc8872f", "66f684e5e2db840156a6c2d48b927bff9affb2da3b470e2755486ad44f1ea589", "2951c2b198fc106c8b69701b7fc8fa455614c20fbb1da0e52ff61fd987a1df37", "43f9d6d4c3ab089052a39c9f26360c533390f1de5e297cac1d22db4ddbe885f9", "33a91fae1833f6b8af5d267435bc603ef6e764de4de71bae4d8b96022dced505", "20778098c7dc13af998594df8a92dc8ecf7d285549de0a57c8de62b3c027aa53", "8e8b95696a72f4048474132a4fbbd9caa6c2e3a39501f523e48ebe65bc542f37", "770788592bd5c473ac428057c58a26b31a522aed62fd4862c863c31b6ee8a347", "86891b7bec3a856e22137362efcaf955452686a950b545943a082683aec32db6", "66c875f739c0a053e199fe7087630ab566686eef2ecf18ab807f577bb61b3c43", "43c92c29429065668f1dcc5b0a76a0dba668c9e1565e3e19671fae3fc65799f6", "0a8e589f74b44031e8d0b94f8033cd942037eb26db6975ebd3fc789100391467", "6c812c6bd7e2f641c3b1e309510841759690c66df67c118693c239752b03f6b4", "421ab44e6b82e1a7738c4d5c8061f4e77162c0b82e0f54e3420191bb3289a4e8", "8974024a1a3062076484ad6c6091b193940d1009d1534ff468d285ed1d647744", "05a271b6a5a32cf561640fa6228ecb78ce9ff13611d6c618efb48721cb618961", "1ccd0791516841b7ba7d1a96a9eb64769f0a1c6e80b7c1795d3539b7e147f9c9", "925e60ead73bbd8000e8bf8858bdd23e6d800a292127f7a48d85cb72e2ebf154", "4d0461dc7dcbc4ef89e7fa7f391b40309ca0544112511fe9acb19d57b3d262e3"], "mitre_attack_tags": []}, {"bi": "feed-domain-antivirus-service", "hashes": ["687e9c7b5e3641dea44df6592a5601dab1aa659facba415fbebaae83db37b50b", "8e5297c9450cb307302dd88be7c1846ff34ba1ce2f94f20b0edc949e2cbd86ec", "1fbcb9a9b3809d4a2912e33e6d81da4cfaa39b0e98798524038c4efc1f7029bc", "136808800e80d3a17169a14cb6d4037795ae1ac603e9e94f3176e395456d414d", "02c1fe4bff0b944b8a24c35c165601bc7093a2897502ed76339bf223a2e22f82", "1025cd12d003a503435a11e1895155e3dac8102b8925af75a116e229dbc8872f", "66f684e5e2db840156a6c2d48b927bff9affb2da3b470e2755486ad44f1ea589", "2951c2b198fc106c8b69701b7fc8fa455614c20fbb1da0e52ff61fd987a1df37", "43f9d6d4c3ab089052a39c9f26360c533390f1de5e297cac1d22db4ddbe885f9", "33a91fae1833f6b8af5d267435bc603ef6e764de4de71bae4d8b96022dced505", "20778098c7dc13af998594df8a92dc8ecf7d285549de0a57c8de62b3c027aa53", "8e8b95696a72f4048474132a4fbbd9caa6c2e3a39501f523e48ebe65bc542f37", "770788592bd5c473ac428057c58a26b31a522aed62fd4862c863c31b6ee8a347", "86891b7bec3a856e22137362efcaf955452686a950b545943a082683aec32db6", "66c875f739c0a053e199fe7087630ab566686eef2ecf18ab807f577bb61b3c43", "43c92c29429065668f1dcc5b0a76a0dba668c9e1565e3e19671fae3fc65799f6", "0a8e589f74b44031e8d0b94f8033cd942037eb26db6975ebd3fc789100391467", "6c812c6bd7e2f641c3b1e309510841759690c66df67c118693c239752b03f6b4", "421ab44e6b82e1a7738c4d5c8061f4e77162c0b82e0f54e3420191bb3289a4e8", "8974024a1a3062076484ad6c6091b193940d1009d1534ff468d285ed1d647744", "05a271b6a5a32cf561640fa6228ecb78ce9ff13611d6c618efb48721cb618961", "1ccd0791516841b7ba7d1a96a9eb64769f0a1c6e80b7c1795d3539b7e147f9c9", "925e60ead73bbd8000e8bf8858bdd23e6d800a292127f7a48d85cb72e2ebf154", "4d0461dc7dcbc4ef89e7fa7f391b40309ca0544112511fe9acb19d57b3d262e3"], "mitre_attack_tags": []}, {"bi": "process-requested-named-pipe", "hashes": ["687e9c7b5e3641dea44df6592a5601dab1aa659facba415fbebaae83db37b50b", "8e5297c9450cb307302dd88be7c1846ff34ba1ce2f94f20b0edc949e2cbd86ec", "1fbcb9a9b3809d4a2912e33e6d81da4cfaa39b0e98798524038c4efc1f7029bc", "136808800e80d3a17169a14cb6d4037795ae1ac603e9e94f3176e395456d414d", "02c1fe4bff0b944b8a24c35c165601bc7093a2897502ed76339bf223a2e22f82", "1025cd12d003a503435a11e1895155e3dac8102b8925af75a116e229dbc8872f", "66f684e5e2db840156a6c2d48b927bff9affb2da3b470e2755486ad44f1ea589", "2951c2b198fc106c8b69701b7fc8fa455614c20fbb1da0e52ff61fd987a1df37", "43f9d6d4c3ab089052a39c9f26360c533390f1de5e297cac1d22db4ddbe885f9", "33a91fae1833f6b8af5d267435bc603ef6e764de4de71bae4d8b96022dced505", "20778098c7dc13af998594df8a92dc8ecf7d285549de0a57c8de62b3c027aa53", "8e8b95696a72f4048474132a4fbbd9caa6c2e3a39501f523e48ebe65bc542f37", "770788592bd5c473ac428057c58a26b31a522aed62fd4862c863c31b6ee8a347", "86891b7bec3a856e22137362efcaf955452686a950b545943a082683aec32db6", "66c875f739c0a053e199fe7087630ab566686eef2ecf18ab807f577bb61b3c43", "43c92c29429065668f1dcc5b0a76a0dba668c9e1565e3e19671fae3fc65799f6", "0a8e589f74b44031e8d0b94f8033cd942037eb26db6975ebd3fc789100391467", "6c812c6bd7e2f641c3b1e309510841759690c66df67c118693c239752b03f6b4", "421ab44e6b82e1a7738c4d5c8061f4e77162c0b82e0f54e3420191bb3289a4e8", "8974024a1a3062076484ad6c6091b193940d1009d1534ff468d285ed1d647744", "05a271b6a5a32cf561640fa6228ecb78ce9ff13611d6c618efb48721cb618961", "1ccd0791516841b7ba7d1a96a9eb64769f0a1c6e80b7c1795d3539b7e147f9c9", "925e60ead73bbd8000e8bf8858bdd23e6d800a292127f7a48d85cb72e2ebf154", "4d0461dc7dcbc4ef89e7fa7f391b40309ca0544112511fe9acb19d57b3d262e3"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "network-snort-indicator-compromise", "hashes": ["687e9c7b5e3641dea44df6592a5601dab1aa659facba415fbebaae83db37b50b", "8e5297c9450cb307302dd88be7c1846ff34ba1ce2f94f20b0edc949e2cbd86ec", "1fbcb9a9b3809d4a2912e33e6d81da4cfaa39b0e98798524038c4efc1f7029bc", "136808800e80d3a17169a14cb6d4037795ae1ac603e9e94f3176e395456d414d", "02c1fe4bff0b944b8a24c35c165601bc7093a2897502ed76339bf223a2e22f82", "1025cd12d003a503435a11e1895155e3dac8102b8925af75a116e229dbc8872f", "66f684e5e2db840156a6c2d48b927bff9affb2da3b470e2755486ad44f1ea589", "2951c2b198fc106c8b69701b7fc8fa455614c20fbb1da0e52ff61fd987a1df37", "43f9d6d4c3ab089052a39c9f26360c533390f1de5e297cac1d22db4ddbe885f9", "33a91fae1833f6b8af5d267435bc603ef6e764de4de71bae4d8b96022dced505", "20778098c7dc13af998594df8a92dc8ecf7d285549de0a57c8de62b3c027aa53", "8e8b95696a72f4048474132a4fbbd9caa6c2e3a39501f523e48ebe65bc542f37", "770788592bd5c473ac428057c58a26b31a522aed62fd4862c863c31b6ee8a347", "86891b7bec3a856e22137362efcaf955452686a950b545943a082683aec32db6", "66c875f739c0a053e199fe7087630ab566686eef2ecf18ab807f577bb61b3c43", "43c92c29429065668f1dcc5b0a76a0dba668c9e1565e3e19671fae3fc65799f6", "0a8e589f74b44031e8d0b94f8033cd942037eb26db6975ebd3fc789100391467", "6c812c6bd7e2f641c3b1e309510841759690c66df67c118693c239752b03f6b4", "421ab44e6b82e1a7738c4d5c8061f4e77162c0b82e0f54e3420191bb3289a4e8", "8974024a1a3062076484ad6c6091b193940d1009d1534ff468d285ed1d647744", "05a271b6a5a32cf561640fa6228ecb78ce9ff13611d6c618efb48721cb618961", "1ccd0791516841b7ba7d1a96a9eb64769f0a1c6e80b7c1795d3539b7e147f9c9", "925e60ead73bbd8000e8bf8858bdd23e6d800a292127f7a48d85cb72e2ebf154", "4d0461dc7dcbc4ef89e7fa7f391b40309ca0544112511fe9acb19d57b3d262e3"], "mitre_attack_tags": []}, {"bi": "excessive-foreign-memory-modification", "hashes": ["687e9c7b5e3641dea44df6592a5601dab1aa659facba415fbebaae83db37b50b", "8e5297c9450cb307302dd88be7c1846ff34ba1ce2f94f20b0edc949e2cbd86ec", "1fbcb9a9b3809d4a2912e33e6d81da4cfaa39b0e98798524038c4efc1f7029bc", "136808800e80d3a17169a14cb6d4037795ae1ac603e9e94f3176e395456d414d", "02c1fe4bff0b944b8a24c35c165601bc7093a2897502ed76339bf223a2e22f82", "1025cd12d003a503435a11e1895155e3dac8102b8925af75a116e229dbc8872f", "66f684e5e2db840156a6c2d48b927bff9affb2da3b470e2755486ad44f1ea589", "2951c2b198fc106c8b69701b7fc8fa455614c20fbb1da0e52ff61fd987a1df37", "43f9d6d4c3ab089052a39c9f26360c533390f1de5e297cac1d22db4ddbe885f9", "33a91fae1833f6b8af5d267435bc603ef6e764de4de71bae4d8b96022dced505", "20778098c7dc13af998594df8a92dc8ecf7d285549de0a57c8de62b3c027aa53", "8e8b95696a72f4048474132a4fbbd9caa6c2e3a39501f523e48ebe65bc542f37", "770788592bd5c473ac428057c58a26b31a522aed62fd4862c863c31b6ee8a347", "86891b7bec3a856e22137362efcaf955452686a950b545943a082683aec32db6", "66c875f739c0a053e199fe7087630ab566686eef2ecf18ab807f577bb61b3c43", "43c92c29429065668f1dcc5b0a76a0dba668c9e1565e3e19671fae3fc65799f6", "0a8e589f74b44031e8d0b94f8033cd942037eb26db6975ebd3fc789100391467", "6c812c6bd7e2f641c3b1e309510841759690c66df67c118693c239752b03f6b4", "421ab44e6b82e1a7738c4d5c8061f4e77162c0b82e0f54e3420191bb3289a4e8", "8974024a1a3062076484ad6c6091b193940d1009d1534ff468d285ed1d647744", "05a271b6a5a32cf561640fa6228ecb78ce9ff13611d6c618efb48721cb618961", "1ccd0791516841b7ba7d1a96a9eb64769f0a1c6e80b7c1795d3539b7e147f9c9", "925e60ead73bbd8000e8bf8858bdd23e6d800a292127f7a48d85cb72e2ebf154", "4d0461dc7dcbc4ef89e7fa7f391b40309ca0544112511fe9acb19d57b3d262e3"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "deleted-submitted-file", "hashes": ["687e9c7b5e3641dea44df6592a5601dab1aa659facba415fbebaae83db37b50b", "8e5297c9450cb307302dd88be7c1846ff34ba1ce2f94f20b0edc949e2cbd86ec", "1fbcb9a9b3809d4a2912e33e6d81da4cfaa39b0e98798524038c4efc1f7029bc", "136808800e80d3a17169a14cb6d4037795ae1ac603e9e94f3176e395456d414d", "02c1fe4bff0b944b8a24c35c165601bc7093a2897502ed76339bf223a2e22f82", "1025cd12d003a503435a11e1895155e3dac8102b8925af75a116e229dbc8872f", "66f684e5e2db840156a6c2d48b927bff9affb2da3b470e2755486ad44f1ea589", "2951c2b198fc106c8b69701b7fc8fa455614c20fbb1da0e52ff61fd987a1df37", "43f9d6d4c3ab089052a39c9f26360c533390f1de5e297cac1d22db4ddbe885f9", "33a91fae1833f6b8af5d267435bc603ef6e764de4de71bae4d8b96022dced505", "20778098c7dc13af998594df8a92dc8ecf7d285549de0a57c8de62b3c027aa53", "8e8b95696a72f4048474132a4fbbd9caa6c2e3a39501f523e48ebe65bc542f37", "770788592bd5c473ac428057c58a26b31a522aed62fd4862c863c31b6ee8a347", "86891b7bec3a856e22137362efcaf955452686a950b545943a082683aec32db6", "66c875f739c0a053e199fe7087630ab566686eef2ecf18ab807f577bb61b3c43", "43c92c29429065668f1dcc5b0a76a0dba668c9e1565e3e19671fae3fc65799f6", "0a8e589f74b44031e8d0b94f8033cd942037eb26db6975ebd3fc789100391467", "6c812c6bd7e2f641c3b1e309510841759690c66df67c118693c239752b03f6b4", "421ab44e6b82e1a7738c4d5c8061f4e77162c0b82e0f54e3420191bb3289a4e8", "8974024a1a3062076484ad6c6091b193940d1009d1534ff468d285ed1d647744", "05a271b6a5a32cf561640fa6228ecb78ce9ff13611d6c618efb48721cb618961", "1ccd0791516841b7ba7d1a96a9eb64769f0a1c6e80b7c1795d3539b7e147f9c9", "925e60ead73bbd8000e8bf8858bdd23e6d800a292127f7a48d85cb72e2ebf154", "4d0461dc7dcbc4ef89e7fa7f391b40309ca0544112511fe9acb19d57b3d262e3"], "mitre_attack_tags": ["TA0005", "T1070"]}, {"bi": "altered-sample-dns-flagged", "hashes": ["687e9c7b5e3641dea44df6592a5601dab1aa659facba415fbebaae83db37b50b", "8e5297c9450cb307302dd88be7c1846ff34ba1ce2f94f20b0edc949e2cbd86ec", "1fbcb9a9b3809d4a2912e33e6d81da4cfaa39b0e98798524038c4efc1f7029bc", "136808800e80d3a17169a14cb6d4037795ae1ac603e9e94f3176e395456d414d", "02c1fe4bff0b944b8a24c35c165601bc7093a2897502ed76339bf223a2e22f82", "1025cd12d003a503435a11e1895155e3dac8102b8925af75a116e229dbc8872f", "66f684e5e2db840156a6c2d48b927bff9affb2da3b470e2755486ad44f1ea589", "2951c2b198fc106c8b69701b7fc8fa455614c20fbb1da0e52ff61fd987a1df37", "43f9d6d4c3ab089052a39c9f26360c533390f1de5e297cac1d22db4ddbe885f9", "33a91fae1833f6b8af5d267435bc603ef6e764de4de71bae4d8b96022dced505", "20778098c7dc13af998594df8a92dc8ecf7d285549de0a57c8de62b3c027aa53", "8e8b95696a72f4048474132a4fbbd9caa6c2e3a39501f523e48ebe65bc542f37", "770788592bd5c473ac428057c58a26b31a522aed62fd4862c863c31b6ee8a347", "86891b7bec3a856e22137362efcaf955452686a950b545943a082683aec32db6", "66c875f739c0a053e199fe7087630ab566686eef2ecf18ab807f577bb61b3c43", "43c92c29429065668f1dcc5b0a76a0dba668c9e1565e3e19671fae3fc65799f6", "0a8e589f74b44031e8d0b94f8033cd942037eb26db6975ebd3fc789100391467", "6c812c6bd7e2f641c3b1e309510841759690c66df67c118693c239752b03f6b4", "421ab44e6b82e1a7738c4d5c8061f4e77162c0b82e0f54e3420191bb3289a4e8", "8974024a1a3062076484ad6c6091b193940d1009d1534ff468d285ed1d647744", "05a271b6a5a32cf561640fa6228ecb78ce9ff13611d6c618efb48721cb618961", "1ccd0791516841b7ba7d1a96a9eb64769f0a1c6e80b7c1795d3539b7e147f9c9", "925e60ead73bbd8000e8bf8858bdd23e6d800a292127f7a48d85cb72e2ebf154", "4d0461dc7dcbc4ef89e7fa7f391b40309ca0544112511fe9acb19d57b3d262e3"], "mitre_attack_tags": ["TA0011", "T1102"]}, {"bi": "registry-autorun-key-data-dir", "hashes": ["687e9c7b5e3641dea44df6592a5601dab1aa659facba415fbebaae83db37b50b", "8e5297c9450cb307302dd88be7c1846ff34ba1ce2f94f20b0edc949e2cbd86ec", "1fbcb9a9b3809d4a2912e33e6d81da4cfaa39b0e98798524038c4efc1f7029bc", "136808800e80d3a17169a14cb6d4037795ae1ac603e9e94f3176e395456d414d", "02c1fe4bff0b944b8a24c35c165601bc7093a2897502ed76339bf223a2e22f82", "1025cd12d003a503435a11e1895155e3dac8102b8925af75a116e229dbc8872f", "66f684e5e2db840156a6c2d48b927bff9affb2da3b470e2755486ad44f1ea589", "2951c2b198fc106c8b69701b7fc8fa455614c20fbb1da0e52ff61fd987a1df37", "43f9d6d4c3ab089052a39c9f26360c533390f1de5e297cac1d22db4ddbe885f9", "33a91fae1833f6b8af5d267435bc603ef6e764de4de71bae4d8b96022dced505", "20778098c7dc13af998594df8a92dc8ecf7d285549de0a57c8de62b3c027aa53", "8e8b95696a72f4048474132a4fbbd9caa6c2e3a39501f523e48ebe65bc542f37", "770788592bd5c473ac428057c58a26b31a522aed62fd4862c863c31b6ee8a347", "86891b7bec3a856e22137362efcaf955452686a950b545943a082683aec32db6", "66c875f739c0a053e199fe7087630ab566686eef2ecf18ab807f577bb61b3c43", "43c92c29429065668f1dcc5b0a76a0dba668c9e1565e3e19671fae3fc65799f6", "0a8e589f74b44031e8d0b94f8033cd942037eb26db6975ebd3fc789100391467", "6c812c6bd7e2f641c3b1e309510841759690c66df67c118693c239752b03f6b4", "421ab44e6b82e1a7738c4d5c8061f4e77162c0b82e0f54e3420191bb3289a4e8", "8974024a1a3062076484ad6c6091b193940d1009d1534ff468d285ed1d647744", "05a271b6a5a32cf561640fa6228ecb78ce9ff13611d6c618efb48721cb618961", "1ccd0791516841b7ba7d1a96a9eb64769f0a1c6e80b7c1795d3539b7e147f9c9", "925e60ead73bbd8000e8bf8858bdd23e6d800a292127f7a48d85cb72e2ebf154", "4d0461dc7dcbc4ef89e7fa7f391b40309ca0544112511fe9acb19d57b3d262e3"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "public-ip-address-identification-attempt", "hashes": ["687e9c7b5e3641dea44df6592a5601dab1aa659facba415fbebaae83db37b50b", "8e5297c9450cb307302dd88be7c1846ff34ba1ce2f94f20b0edc949e2cbd86ec", "1fbcb9a9b3809d4a2912e33e6d81da4cfaa39b0e98798524038c4efc1f7029bc", "136808800e80d3a17169a14cb6d4037795ae1ac603e9e94f3176e395456d414d", "02c1fe4bff0b944b8a24c35c165601bc7093a2897502ed76339bf223a2e22f82", "1025cd12d003a503435a11e1895155e3dac8102b8925af75a116e229dbc8872f", "66f684e5e2db840156a6c2d48b927bff9affb2da3b470e2755486ad44f1ea589", "2951c2b198fc106c8b69701b7fc8fa455614c20fbb1da0e52ff61fd987a1df37", "43f9d6d4c3ab089052a39c9f26360c533390f1de5e297cac1d22db4ddbe885f9", "33a91fae1833f6b8af5d267435bc603ef6e764de4de71bae4d8b96022dced505", "20778098c7dc13af998594df8a92dc8ecf7d285549de0a57c8de62b3c027aa53", "8e8b95696a72f4048474132a4fbbd9caa6c2e3a39501f523e48ebe65bc542f37", "770788592bd5c473ac428057c58a26b31a522aed62fd4862c863c31b6ee8a347", "86891b7bec3a856e22137362efcaf955452686a950b545943a082683aec32db6", "66c875f739c0a053e199fe7087630ab566686eef2ecf18ab807f577bb61b3c43", "43c92c29429065668f1dcc5b0a76a0dba668c9e1565e3e19671fae3fc65799f6", "0a8e589f74b44031e8d0b94f8033cd942037eb26db6975ebd3fc789100391467", "6c812c6bd7e2f641c3b1e309510841759690c66df67c118693c239752b03f6b4", "421ab44e6b82e1a7738c4d5c8061f4e77162c0b82e0f54e3420191bb3289a4e8", "8974024a1a3062076484ad6c6091b193940d1009d1534ff468d285ed1d647744", "05a271b6a5a32cf561640fa6228ecb78ce9ff13611d6c618efb48721cb618961", "1ccd0791516841b7ba7d1a96a9eb64769f0a1c6e80b7c1795d3539b7e147f9c9", "925e60ead73bbd8000e8bf8858bdd23e6d800a292127f7a48d85cb72e2ebf154", "4d0461dc7dcbc4ef89e7fa7f391b40309ca0544112511fe9acb19d57b3d262e3"], "mitre_attack_tags": ["TA0007", "T1082", "T1016"]}, {"bi": "registry-autorun-key-modified", "hashes": ["687e9c7b5e3641dea44df6592a5601dab1aa659facba415fbebaae83db37b50b", "8e5297c9450cb307302dd88be7c1846ff34ba1ce2f94f20b0edc949e2cbd86ec", "1fbcb9a9b3809d4a2912e33e6d81da4cfaa39b0e98798524038c4efc1f7029bc", "136808800e80d3a17169a14cb6d4037795ae1ac603e9e94f3176e395456d414d", "02c1fe4bff0b944b8a24c35c165601bc7093a2897502ed76339bf223a2e22f82", "1025cd12d003a503435a11e1895155e3dac8102b8925af75a116e229dbc8872f", "66f684e5e2db840156a6c2d48b927bff9affb2da3b470e2755486ad44f1ea589", "2951c2b198fc106c8b69701b7fc8fa455614c20fbb1da0e52ff61fd987a1df37", "43f9d6d4c3ab089052a39c9f26360c533390f1de5e297cac1d22db4ddbe885f9", "33a91fae1833f6b8af5d267435bc603ef6e764de4de71bae4d8b96022dced505", "20778098c7dc13af998594df8a92dc8ecf7d285549de0a57c8de62b3c027aa53", "8e8b95696a72f4048474132a4fbbd9caa6c2e3a39501f523e48ebe65bc542f37", "770788592bd5c473ac428057c58a26b31a522aed62fd4862c863c31b6ee8a347", "86891b7bec3a856e22137362efcaf955452686a950b545943a082683aec32db6", "66c875f739c0a053e199fe7087630ab566686eef2ecf18ab807f577bb61b3c43", "43c92c29429065668f1dcc5b0a76a0dba668c9e1565e3e19671fae3fc65799f6", "0a8e589f74b44031e8d0b94f8033cd942037eb26db6975ebd3fc789100391467", "6c812c6bd7e2f641c3b1e309510841759690c66df67c118693c239752b03f6b4", "421ab44e6b82e1a7738c4d5c8061f4e77162c0b82e0f54e3420191bb3289a4e8", "8974024a1a3062076484ad6c6091b193940d1009d1534ff468d285ed1d647744", "05a271b6a5a32cf561640fa6228ecb78ce9ff13611d6c618efb48721cb618961", "1ccd0791516841b7ba7d1a96a9eb64769f0a1c6e80b7c1795d3539b7e147f9c9", "925e60ead73bbd8000e8bf8858bdd23e6d800a292127f7a48d85cb72e2ebf154", "4d0461dc7dcbc4ef89e7fa7f391b40309ca0544112511fe9acb19d57b3d262e3"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "feed-public-ip-check-dns", "hashes": ["687e9c7b5e3641dea44df6592a5601dab1aa659facba415fbebaae83db37b50b", "8e5297c9450cb307302dd88be7c1846ff34ba1ce2f94f20b0edc949e2cbd86ec", "1fbcb9a9b3809d4a2912e33e6d81da4cfaa39b0e98798524038c4efc1f7029bc", "136808800e80d3a17169a14cb6d4037795ae1ac603e9e94f3176e395456d414d", "02c1fe4bff0b944b8a24c35c165601bc7093a2897502ed76339bf223a2e22f82", "1025cd12d003a503435a11e1895155e3dac8102b8925af75a116e229dbc8872f", "66f684e5e2db840156a6c2d48b927bff9affb2da3b470e2755486ad44f1ea589", "2951c2b198fc106c8b69701b7fc8fa455614c20fbb1da0e52ff61fd987a1df37", "43f9d6d4c3ab089052a39c9f26360c533390f1de5e297cac1d22db4ddbe885f9", "33a91fae1833f6b8af5d267435bc603ef6e764de4de71bae4d8b96022dced505", "20778098c7dc13af998594df8a92dc8ecf7d285549de0a57c8de62b3c027aa53", "8e8b95696a72f4048474132a4fbbd9caa6c2e3a39501f523e48ebe65bc542f37", "770788592bd5c473ac428057c58a26b31a522aed62fd4862c863c31b6ee8a347", "86891b7bec3a856e22137362efcaf955452686a950b545943a082683aec32db6", "66c875f739c0a053e199fe7087630ab566686eef2ecf18ab807f577bb61b3c43", "43c92c29429065668f1dcc5b0a76a0dba668c9e1565e3e19671fae3fc65799f6", "0a8e589f74b44031e8d0b94f8033cd942037eb26db6975ebd3fc789100391467", "6c812c6bd7e2f641c3b1e309510841759690c66df67c118693c239752b03f6b4", "421ab44e6b82e1a7738c4d5c8061f4e77162c0b82e0f54e3420191bb3289a4e8", "8974024a1a3062076484ad6c6091b193940d1009d1534ff468d285ed1d647744", "05a271b6a5a32cf561640fa6228ecb78ce9ff13611d6c618efb48721cb618961", "1ccd0791516841b7ba7d1a96a9eb64769f0a1c6e80b7c1795d3539b7e147f9c9", "925e60ead73bbd8000e8bf8858bdd23e6d800a292127f7a48d85cb72e2ebf154", "4d0461dc7dcbc4ef89e7fa7f391b40309ca0544112511fe9acb19d57b3d262e3"], "mitre_attack_tags": []}, {"bi": "registry-autorun-suspicious-public-ip", "hashes": ["687e9c7b5e3641dea44df6592a5601dab1aa659facba415fbebaae83db37b50b", "8e5297c9450cb307302dd88be7c1846ff34ba1ce2f94f20b0edc949e2cbd86ec", "1fbcb9a9b3809d4a2912e33e6d81da4cfaa39b0e98798524038c4efc1f7029bc", "136808800e80d3a17169a14cb6d4037795ae1ac603e9e94f3176e395456d414d", "02c1fe4bff0b944b8a24c35c165601bc7093a2897502ed76339bf223a2e22f82", "1025cd12d003a503435a11e1895155e3dac8102b8925af75a116e229dbc8872f", "66f684e5e2db840156a6c2d48b927bff9affb2da3b470e2755486ad44f1ea589", "2951c2b198fc106c8b69701b7fc8fa455614c20fbb1da0e52ff61fd987a1df37", "43f9d6d4c3ab089052a39c9f26360c533390f1de5e297cac1d22db4ddbe885f9", "33a91fae1833f6b8af5d267435bc603ef6e764de4de71bae4d8b96022dced505", "20778098c7dc13af998594df8a92dc8ecf7d285549de0a57c8de62b3c027aa53", "8e8b95696a72f4048474132a4fbbd9caa6c2e3a39501f523e48ebe65bc542f37", "770788592bd5c473ac428057c58a26b31a522aed62fd4862c863c31b6ee8a347", "86891b7bec3a856e22137362efcaf955452686a950b545943a082683aec32db6", "66c875f739c0a053e199fe7087630ab566686eef2ecf18ab807f577bb61b3c43", "43c92c29429065668f1dcc5b0a76a0dba668c9e1565e3e19671fae3fc65799f6", "0a8e589f74b44031e8d0b94f8033cd942037eb26db6975ebd3fc789100391467", "6c812c6bd7e2f641c3b1e309510841759690c66df67c118693c239752b03f6b4", "421ab44e6b82e1a7738c4d5c8061f4e77162c0b82e0f54e3420191bb3289a4e8", "8974024a1a3062076484ad6c6091b193940d1009d1534ff468d285ed1d647744", "05a271b6a5a32cf561640fa6228ecb78ce9ff13611d6c618efb48721cb618961", "1ccd0791516841b7ba7d1a96a9eb64769f0a1c6e80b7c1795d3539b7e147f9c9", "925e60ead73bbd8000e8bf8858bdd23e6d800a292127f7a48d85cb72e2ebf154", "4d0461dc7dcbc4ef89e7fa7f391b40309ca0544112511fe9acb19d57b3d262e3"], "mitre_attack_tags": []}, {"bi": "windows-util-schtask-generic", "hashes": ["687e9c7b5e3641dea44df6592a5601dab1aa659facba415fbebaae83db37b50b", "8e5297c9450cb307302dd88be7c1846ff34ba1ce2f94f20b0edc949e2cbd86ec", "1fbcb9a9b3809d4a2912e33e6d81da4cfaa39b0e98798524038c4efc1f7029bc", "136808800e80d3a17169a14cb6d4037795ae1ac603e9e94f3176e395456d414d", "02c1fe4bff0b944b8a24c35c165601bc7093a2897502ed76339bf223a2e22f82", "1025cd12d003a503435a11e1895155e3dac8102b8925af75a116e229dbc8872f", "66f684e5e2db840156a6c2d48b927bff9affb2da3b470e2755486ad44f1ea589", "2951c2b198fc106c8b69701b7fc8fa455614c20fbb1da0e52ff61fd987a1df37", "43f9d6d4c3ab089052a39c9f26360c533390f1de5e297cac1d22db4ddbe885f9", "33a91fae1833f6b8af5d267435bc603ef6e764de4de71bae4d8b96022dced505", "20778098c7dc13af998594df8a92dc8ecf7d285549de0a57c8de62b3c027aa53", "8e8b95696a72f4048474132a4fbbd9caa6c2e3a39501f523e48ebe65bc542f37", "770788592bd5c473ac428057c58a26b31a522aed62fd4862c863c31b6ee8a347", "86891b7bec3a856e22137362efcaf955452686a950b545943a082683aec32db6", "66c875f739c0a053e199fe7087630ab566686eef2ecf18ab807f577bb61b3c43", "43c92c29429065668f1dcc5b0a76a0dba668c9e1565e3e19671fae3fc65799f6", "0a8e589f74b44031e8d0b94f8033cd942037eb26db6975ebd3fc789100391467", "6c812c6bd7e2f641c3b1e309510841759690c66df67c118693c239752b03f6b4", "421ab44e6b82e1a7738c4d5c8061f4e77162c0b82e0f54e3420191bb3289a4e8", "8974024a1a3062076484ad6c6091b193940d1009d1534ff468d285ed1d647744", "05a271b6a5a32cf561640fa6228ecb78ce9ff13611d6c618efb48721cb618961", "1ccd0791516841b7ba7d1a96a9eb64769f0a1c6e80b7c1795d3539b7e147f9c9", "925e60ead73bbd8000e8bf8858bdd23e6d800a292127f7a48d85cb72e2ebf154", "4d0461dc7dcbc4ef89e7fa7f391b40309ca0544112511fe9acb19d57b3d262e3"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1053"]}, {"bi": "excessive-sample-duplication", "hashes": ["687e9c7b5e3641dea44df6592a5601dab1aa659facba415fbebaae83db37b50b", "8e5297c9450cb307302dd88be7c1846ff34ba1ce2f94f20b0edc949e2cbd86ec", "1fbcb9a9b3809d4a2912e33e6d81da4cfaa39b0e98798524038c4efc1f7029bc", "136808800e80d3a17169a14cb6d4037795ae1ac603e9e94f3176e395456d414d", "02c1fe4bff0b944b8a24c35c165601bc7093a2897502ed76339bf223a2e22f82", "1025cd12d003a503435a11e1895155e3dac8102b8925af75a116e229dbc8872f", "66f684e5e2db840156a6c2d48b927bff9affb2da3b470e2755486ad44f1ea589", "2951c2b198fc106c8b69701b7fc8fa455614c20fbb1da0e52ff61fd987a1df37", "43f9d6d4c3ab089052a39c9f26360c533390f1de5e297cac1d22db4ddbe885f9", "33a91fae1833f6b8af5d267435bc603ef6e764de4de71bae4d8b96022dced505", "20778098c7dc13af998594df8a92dc8ecf7d285549de0a57c8de62b3c027aa53", "8e8b95696a72f4048474132a4fbbd9caa6c2e3a39501f523e48ebe65bc542f37", "770788592bd5c473ac428057c58a26b31a522aed62fd4862c863c31b6ee8a347", "86891b7bec3a856e22137362efcaf955452686a950b545943a082683aec32db6", "66c875f739c0a053e199fe7087630ab566686eef2ecf18ab807f577bb61b3c43", "43c92c29429065668f1dcc5b0a76a0dba668c9e1565e3e19671fae3fc65799f6", "0a8e589f74b44031e8d0b94f8033cd942037eb26db6975ebd3fc789100391467", "6c812c6bd7e2f641c3b1e309510841759690c66df67c118693c239752b03f6b4", "421ab44e6b82e1a7738c4d5c8061f4e77162c0b82e0f54e3420191bb3289a4e8", "8974024a1a3062076484ad6c6091b193940d1009d1534ff468d285ed1d647744", "05a271b6a5a32cf561640fa6228ecb78ce9ff13611d6c618efb48721cb618961", "1ccd0791516841b7ba7d1a96a9eb64769f0a1c6e80b7c1795d3539b7e147f9c9", "925e60ead73bbd8000e8bf8858bdd23e6d800a292127f7a48d85cb72e2ebf154", "4d0461dc7dcbc4ef89e7fa7f391b40309ca0544112511fe9acb19d57b3d262e3"], "mitre_attack_tags": ["TA0005", "TA0003"]}, {"bi": "network-dns-category-cnc", "hashes": ["687e9c7b5e3641dea44df6592a5601dab1aa659facba415fbebaae83db37b50b", "8e5297c9450cb307302dd88be7c1846ff34ba1ce2f94f20b0edc949e2cbd86ec", "1fbcb9a9b3809d4a2912e33e6d81da4cfaa39b0e98798524038c4efc1f7029bc", "136808800e80d3a17169a14cb6d4037795ae1ac603e9e94f3176e395456d414d", "02c1fe4bff0b944b8a24c35c165601bc7093a2897502ed76339bf223a2e22f82", "1025cd12d003a503435a11e1895155e3dac8102b8925af75a116e229dbc8872f", "66f684e5e2db840156a6c2d48b927bff9affb2da3b470e2755486ad44f1ea589", "2951c2b198fc106c8b69701b7fc8fa455614c20fbb1da0e52ff61fd987a1df37", "43f9d6d4c3ab089052a39c9f26360c533390f1de5e297cac1d22db4ddbe885f9", "33a91fae1833f6b8af5d267435bc603ef6e764de4de71bae4d8b96022dced505", "20778098c7dc13af998594df8a92dc8ecf7d285549de0a57c8de62b3c027aa53", "8e8b95696a72f4048474132a4fbbd9caa6c2e3a39501f523e48ebe65bc542f37", "770788592bd5c473ac428057c58a26b31a522aed62fd4862c863c31b6ee8a347", "86891b7bec3a856e22137362efcaf955452686a950b545943a082683aec32db6", "66c875f739c0a053e199fe7087630ab566686eef2ecf18ab807f577bb61b3c43", "43c92c29429065668f1dcc5b0a76a0dba668c9e1565e3e19671fae3fc65799f6", "0a8e589f74b44031e8d0b94f8033cd942037eb26db6975ebd3fc789100391467", "6c812c6bd7e2f641c3b1e309510841759690c66df67c118693c239752b03f6b4", "421ab44e6b82e1a7738c4d5c8061f4e77162c0b82e0f54e3420191bb3289a4e8", "8974024a1a3062076484ad6c6091b193940d1009d1534ff468d285ed1d647744", "05a271b6a5a32cf561640fa6228ecb78ce9ff13611d6c618efb48721cb618961", "1ccd0791516841b7ba7d1a96a9eb64769f0a1c6e80b7c1795d3539b7e147f9c9", "925e60ead73bbd8000e8bf8858bdd23e6d800a292127f7a48d85cb72e2ebf154", "4d0461dc7dcbc4ef89e7fa7f391b40309ca0544112511fe9acb19d57b3d262e3"], "mitre_attack_tags": ["TA0011"]}, {"bi": "network-benign-process", "hashes": ["687e9c7b5e3641dea44df6592a5601dab1aa659facba415fbebaae83db37b50b", "8e5297c9450cb307302dd88be7c1846ff34ba1ce2f94f20b0edc949e2cbd86ec", "1fbcb9a9b3809d4a2912e33e6d81da4cfaa39b0e98798524038c4efc1f7029bc", "136808800e80d3a17169a14cb6d4037795ae1ac603e9e94f3176e395456d414d", "02c1fe4bff0b944b8a24c35c165601bc7093a2897502ed76339bf223a2e22f82", "1025cd12d003a503435a11e1895155e3dac8102b8925af75a116e229dbc8872f", "66f684e5e2db840156a6c2d48b927bff9affb2da3b470e2755486ad44f1ea589", "2951c2b198fc106c8b69701b7fc8fa455614c20fbb1da0e52ff61fd987a1df37", "43f9d6d4c3ab089052a39c9f26360c533390f1de5e297cac1d22db4ddbe885f9", "33a91fae1833f6b8af5d267435bc603ef6e764de4de71bae4d8b96022dced505", "20778098c7dc13af998594df8a92dc8ecf7d285549de0a57c8de62b3c027aa53", "8e8b95696a72f4048474132a4fbbd9caa6c2e3a39501f523e48ebe65bc542f37", "770788592bd5c473ac428057c58a26b31a522aed62fd4862c863c31b6ee8a347", "86891b7bec3a856e22137362efcaf955452686a950b545943a082683aec32db6", "66c875f739c0a053e199fe7087630ab566686eef2ecf18ab807f577bb61b3c43", "43c92c29429065668f1dcc5b0a76a0dba668c9e1565e3e19671fae3fc65799f6", "0a8e589f74b44031e8d0b94f8033cd942037eb26db6975ebd3fc789100391467", "6c812c6bd7e2f641c3b1e309510841759690c66df67c118693c239752b03f6b4", "421ab44e6b82e1a7738c4d5c8061f4e77162c0b82e0f54e3420191bb3289a4e8", "8974024a1a3062076484ad6c6091b193940d1009d1534ff468d285ed1d647744", "05a271b6a5a32cf561640fa6228ecb78ce9ff13611d6c618efb48721cb618961", "1ccd0791516841b7ba7d1a96a9eb64769f0a1c6e80b7c1795d3539b7e147f9c9", "925e60ead73bbd8000e8bf8858bdd23e6d800a292127f7a48d85cb72e2ebf154", "4d0461dc7dcbc4ef89e7fa7f391b40309ca0544112511fe9acb19d57b3d262e3"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "modified-file-on-usb", "hashes": ["687e9c7b5e3641dea44df6592a5601dab1aa659facba415fbebaae83db37b50b", "8e5297c9450cb307302dd88be7c1846ff34ba1ce2f94f20b0edc949e2cbd86ec", "1fbcb9a9b3809d4a2912e33e6d81da4cfaa39b0e98798524038c4efc1f7029bc", "136808800e80d3a17169a14cb6d4037795ae1ac603e9e94f3176e395456d414d", "02c1fe4bff0b944b8a24c35c165601bc7093a2897502ed76339bf223a2e22f82", "1025cd12d003a503435a11e1895155e3dac8102b8925af75a116e229dbc8872f", "66f684e5e2db840156a6c2d48b927bff9affb2da3b470e2755486ad44f1ea589", "2951c2b198fc106c8b69701b7fc8fa455614c20fbb1da0e52ff61fd987a1df37", "43f9d6d4c3ab089052a39c9f26360c533390f1de5e297cac1d22db4ddbe885f9", "33a91fae1833f6b8af5d267435bc603ef6e764de4de71bae4d8b96022dced505", "20778098c7dc13af998594df8a92dc8ecf7d285549de0a57c8de62b3c027aa53", "8e8b95696a72f4048474132a4fbbd9caa6c2e3a39501f523e48ebe65bc542f37", "770788592bd5c473ac428057c58a26b31a522aed62fd4862c863c31b6ee8a347", "86891b7bec3a856e22137362efcaf955452686a950b545943a082683aec32db6", "66c875f739c0a053e199fe7087630ab566686eef2ecf18ab807f577bb61b3c43", "43c92c29429065668f1dcc5b0a76a0dba668c9e1565e3e19671fae3fc65799f6", "0a8e589f74b44031e8d0b94f8033cd942037eb26db6975ebd3fc789100391467", "6c812c6bd7e2f641c3b1e309510841759690c66df67c118693c239752b03f6b4", "421ab44e6b82e1a7738c4d5c8061f4e77162c0b82e0f54e3420191bb3289a4e8", "8974024a1a3062076484ad6c6091b193940d1009d1534ff468d285ed1d647744", "05a271b6a5a32cf561640fa6228ecb78ce9ff13611d6c618efb48721cb618961", "1ccd0791516841b7ba7d1a96a9eb64769f0a1c6e80b7c1795d3539b7e147f9c9", "925e60ead73bbd8000e8bf8858bdd23e6d800a292127f7a48d85cb72e2ebf154", "4d0461dc7dcbc4ef89e7fa7f391b40309ca0544112511fe9acb19d57b3d262e3"], "mitre_attack_tags": ["TA0011", "T1092"]}, {"bi": "created-executable-on-usb", "hashes": ["687e9c7b5e3641dea44df6592a5601dab1aa659facba415fbebaae83db37b50b", "8e5297c9450cb307302dd88be7c1846ff34ba1ce2f94f20b0edc949e2cbd86ec", "1fbcb9a9b3809d4a2912e33e6d81da4cfaa39b0e98798524038c4efc1f7029bc", "136808800e80d3a17169a14cb6d4037795ae1ac603e9e94f3176e395456d414d", "02c1fe4bff0b944b8a24c35c165601bc7093a2897502ed76339bf223a2e22f82", "1025cd12d003a503435a11e1895155e3dac8102b8925af75a116e229dbc8872f", "66f684e5e2db840156a6c2d48b927bff9affb2da3b470e2755486ad44f1ea589", "2951c2b198fc106c8b69701b7fc8fa455614c20fbb1da0e52ff61fd987a1df37", "43f9d6d4c3ab089052a39c9f26360c533390f1de5e297cac1d22db4ddbe885f9", "33a91fae1833f6b8af5d267435bc603ef6e764de4de71bae4d8b96022dced505", "20778098c7dc13af998594df8a92dc8ecf7d285549de0a57c8de62b3c027aa53", "8e8b95696a72f4048474132a4fbbd9caa6c2e3a39501f523e48ebe65bc542f37", "770788592bd5c473ac428057c58a26b31a522aed62fd4862c863c31b6ee8a347", "86891b7bec3a856e22137362efcaf955452686a950b545943a082683aec32db6", "66c875f739c0a053e199fe7087630ab566686eef2ecf18ab807f577bb61b3c43", "43c92c29429065668f1dcc5b0a76a0dba668c9e1565e3e19671fae3fc65799f6", "0a8e589f74b44031e8d0b94f8033cd942037eb26db6975ebd3fc789100391467", "6c812c6bd7e2f641c3b1e309510841759690c66df67c118693c239752b03f6b4", "421ab44e6b82e1a7738c4d5c8061f4e77162c0b82e0f54e3420191bb3289a4e8", "8974024a1a3062076484ad6c6091b193940d1009d1534ff468d285ed1d647744", "05a271b6a5a32cf561640fa6228ecb78ce9ff13611d6c618efb48721cb618961", "1ccd0791516841b7ba7d1a96a9eb64769f0a1c6e80b7c1795d3539b7e147f9c9", "925e60ead73bbd8000e8bf8858bdd23e6d800a292127f7a48d85cb72e2ebf154", "4d0461dc7dcbc4ef89e7fa7f391b40309ca0544112511fe9acb19d57b3d262e3"], "mitre_attack_tags": ["TA0001", "TA0008", "T1091"]}, {"bi": "sample-copied-to-usb", "hashes": ["687e9c7b5e3641dea44df6592a5601dab1aa659facba415fbebaae83db37b50b", "8e5297c9450cb307302dd88be7c1846ff34ba1ce2f94f20b0edc949e2cbd86ec", "1fbcb9a9b3809d4a2912e33e6d81da4cfaa39b0e98798524038c4efc1f7029bc", "136808800e80d3a17169a14cb6d4037795ae1ac603e9e94f3176e395456d414d", "02c1fe4bff0b944b8a24c35c165601bc7093a2897502ed76339bf223a2e22f82", "1025cd12d003a503435a11e1895155e3dac8102b8925af75a116e229dbc8872f", "66f684e5e2db840156a6c2d48b927bff9affb2da3b470e2755486ad44f1ea589", "2951c2b198fc106c8b69701b7fc8fa455614c20fbb1da0e52ff61fd987a1df37", "43f9d6d4c3ab089052a39c9f26360c533390f1de5e297cac1d22db4ddbe885f9", "33a91fae1833f6b8af5d267435bc603ef6e764de4de71bae4d8b96022dced505", "20778098c7dc13af998594df8a92dc8ecf7d285549de0a57c8de62b3c027aa53", "8e8b95696a72f4048474132a4fbbd9caa6c2e3a39501f523e48ebe65bc542f37", "770788592bd5c473ac428057c58a26b31a522aed62fd4862c863c31b6ee8a347", "86891b7bec3a856e22137362efcaf955452686a950b545943a082683aec32db6", "66c875f739c0a053e199fe7087630ab566686eef2ecf18ab807f577bb61b3c43", "43c92c29429065668f1dcc5b0a76a0dba668c9e1565e3e19671fae3fc65799f6", "0a8e589f74b44031e8d0b94f8033cd942037eb26db6975ebd3fc789100391467", "6c812c6bd7e2f641c3b1e309510841759690c66df67c118693c239752b03f6b4", "421ab44e6b82e1a7738c4d5c8061f4e77162c0b82e0f54e3420191bb3289a4e8", "8974024a1a3062076484ad6c6091b193940d1009d1534ff468d285ed1d647744", "05a271b6a5a32cf561640fa6228ecb78ce9ff13611d6c618efb48721cb618961", "1ccd0791516841b7ba7d1a96a9eb64769f0a1c6e80b7c1795d3539b7e147f9c9", "925e60ead73bbd8000e8bf8858bdd23e6d800a292127f7a48d85cb72e2ebf154", "4d0461dc7dcbc4ef89e7fa7f391b40309ca0544112511fe9acb19d57b3d262e3"], "mitre_attack_tags": ["TA0001", "TA0008", "T1091"]}, {"bi": "artifact-windows-component-suspicious-creation", "hashes": ["687e9c7b5e3641dea44df6592a5601dab1aa659facba415fbebaae83db37b50b", "8e5297c9450cb307302dd88be7c1846ff34ba1ce2f94f20b0edc949e2cbd86ec", "1fbcb9a9b3809d4a2912e33e6d81da4cfaa39b0e98798524038c4efc1f7029bc", "136808800e80d3a17169a14cb6d4037795ae1ac603e9e94f3176e395456d414d", "02c1fe4bff0b944b8a24c35c165601bc7093a2897502ed76339bf223a2e22f82", "1025cd12d003a503435a11e1895155e3dac8102b8925af75a116e229dbc8872f", "66f684e5e2db840156a6c2d48b927bff9affb2da3b470e2755486ad44f1ea589", "2951c2b198fc106c8b69701b7fc8fa455614c20fbb1da0e52ff61fd987a1df37", "43f9d6d4c3ab089052a39c9f26360c533390f1de5e297cac1d22db4ddbe885f9", "33a91fae1833f6b8af5d267435bc603ef6e764de4de71bae4d8b96022dced505", "20778098c7dc13af998594df8a92dc8ecf7d285549de0a57c8de62b3c027aa53", "8e8b95696a72f4048474132a4fbbd9caa6c2e3a39501f523e48ebe65bc542f37", "770788592bd5c473ac428057c58a26b31a522aed62fd4862c863c31b6ee8a347", "86891b7bec3a856e22137362efcaf955452686a950b545943a082683aec32db6", "66c875f739c0a053e199fe7087630ab566686eef2ecf18ab807f577bb61b3c43", "43c92c29429065668f1dcc5b0a76a0dba668c9e1565e3e19671fae3fc65799f6", "0a8e589f74b44031e8d0b94f8033cd942037eb26db6975ebd3fc789100391467", "6c812c6bd7e2f641c3b1e309510841759690c66df67c118693c239752b03f6b4", "421ab44e6b82e1a7738c4d5c8061f4e77162c0b82e0f54e3420191bb3289a4e8", "8974024a1a3062076484ad6c6091b193940d1009d1534ff468d285ed1d647744", "05a271b6a5a32cf561640fa6228ecb78ce9ff13611d6c618efb48721cb618961", "1ccd0791516841b7ba7d1a96a9eb64769f0a1c6e80b7c1795d3539b7e147f9c9", "925e60ead73bbd8000e8bf8858bdd23e6d800a292127f7a48d85cb72e2ebf154", "4d0461dc7dcbc4ef89e7fa7f391b40309ca0544112511fe9acb19d57b3d262e3"], "mitre_attack_tags": ["TA0005", "TA0002", "T1036", "T1569"]}, {"bi": "possible-dga-communication", "hashes": ["687e9c7b5e3641dea44df6592a5601dab1aa659facba415fbebaae83db37b50b", "8e5297c9450cb307302dd88be7c1846ff34ba1ce2f94f20b0edc949e2cbd86ec", "1fbcb9a9b3809d4a2912e33e6d81da4cfaa39b0e98798524038c4efc1f7029bc", "136808800e80d3a17169a14cb6d4037795ae1ac603e9e94f3176e395456d414d", "02c1fe4bff0b944b8a24c35c165601bc7093a2897502ed76339bf223a2e22f82", "1025cd12d003a503435a11e1895155e3dac8102b8925af75a116e229dbc8872f", "66f684e5e2db840156a6c2d48b927bff9affb2da3b470e2755486ad44f1ea589", "2951c2b198fc106c8b69701b7fc8fa455614c20fbb1da0e52ff61fd987a1df37", "43f9d6d4c3ab089052a39c9f26360c533390f1de5e297cac1d22db4ddbe885f9", "33a91fae1833f6b8af5d267435bc603ef6e764de4de71bae4d8b96022dced505", "20778098c7dc13af998594df8a92dc8ecf7d285549de0a57c8de62b3c027aa53", "8e8b95696a72f4048474132a4fbbd9caa6c2e3a39501f523e48ebe65bc542f37", "770788592bd5c473ac428057c58a26b31a522aed62fd4862c863c31b6ee8a347", "86891b7bec3a856e22137362efcaf955452686a950b545943a082683aec32db6", "66c875f739c0a053e199fe7087630ab566686eef2ecf18ab807f577bb61b3c43", "43c92c29429065668f1dcc5b0a76a0dba668c9e1565e3e19671fae3fc65799f6", "0a8e589f74b44031e8d0b94f8033cd942037eb26db6975ebd3fc789100391467", "6c812c6bd7e2f641c3b1e309510841759690c66df67c118693c239752b03f6b4", "421ab44e6b82e1a7738c4d5c8061f4e77162c0b82e0f54e3420191bb3289a4e8", "8974024a1a3062076484ad6c6091b193940d1009d1534ff468d285ed1d647744", "05a271b6a5a32cf561640fa6228ecb78ce9ff13611d6c618efb48721cb618961", "1ccd0791516841b7ba7d1a96a9eb64769f0a1c6e80b7c1795d3539b7e147f9c9", "925e60ead73bbd8000e8bf8858bdd23e6d800a292127f7a48d85cb72e2ebf154", "4d0461dc7dcbc4ef89e7fa7f391b40309ca0544112511fe9acb19d57b3d262e3"], "mitre_attack_tags": ["TA0011", "T1568"]}, {"bi": "artifact-lnk-calls-cmd", "hashes": ["687e9c7b5e3641dea44df6592a5601dab1aa659facba415fbebaae83db37b50b", "8e5297c9450cb307302dd88be7c1846ff34ba1ce2f94f20b0edc949e2cbd86ec", "1fbcb9a9b3809d4a2912e33e6d81da4cfaa39b0e98798524038c4efc1f7029bc", "136808800e80d3a17169a14cb6d4037795ae1ac603e9e94f3176e395456d414d", "02c1fe4bff0b944b8a24c35c165601bc7093a2897502ed76339bf223a2e22f82", "1025cd12d003a503435a11e1895155e3dac8102b8925af75a116e229dbc8872f", "66f684e5e2db840156a6c2d48b927bff9affb2da3b470e2755486ad44f1ea589", "2951c2b198fc106c8b69701b7fc8fa455614c20fbb1da0e52ff61fd987a1df37", "43f9d6d4c3ab089052a39c9f26360c533390f1de5e297cac1d22db4ddbe885f9", "33a91fae1833f6b8af5d267435bc603ef6e764de4de71bae4d8b96022dced505", "20778098c7dc13af998594df8a92dc8ecf7d285549de0a57c8de62b3c027aa53", "8e8b95696a72f4048474132a4fbbd9caa6c2e3a39501f523e48ebe65bc542f37", "770788592bd5c473ac428057c58a26b31a522aed62fd4862c863c31b6ee8a347", "86891b7bec3a856e22137362efcaf955452686a950b545943a082683aec32db6", "66c875f739c0a053e199fe7087630ab566686eef2ecf18ab807f577bb61b3c43", "43c92c29429065668f1dcc5b0a76a0dba668c9e1565e3e19671fae3fc65799f6", "0a8e589f74b44031e8d0b94f8033cd942037eb26db6975ebd3fc789100391467", "6c812c6bd7e2f641c3b1e309510841759690c66df67c118693c239752b03f6b4", "421ab44e6b82e1a7738c4d5c8061f4e77162c0b82e0f54e3420191bb3289a4e8", "8974024a1a3062076484ad6c6091b193940d1009d1534ff468d285ed1d647744", "05a271b6a5a32cf561640fa6228ecb78ce9ff13611d6c618efb48721cb618961", "1ccd0791516841b7ba7d1a96a9eb64769f0a1c6e80b7c1795d3539b7e147f9c9", "925e60ead73bbd8000e8bf8858bdd23e6d800a292127f7a48d85cb72e2ebf154", "4d0461dc7dcbc4ef89e7fa7f391b40309ca0544112511fe9acb19d57b3d262e3"], "mitre_attack_tags": ["TA0002", "T1059"]}, {"bi": "process-requested-file-external-drive", "hashes": ["687e9c7b5e3641dea44df6592a5601dab1aa659facba415fbebaae83db37b50b", "8e5297c9450cb307302dd88be7c1846ff34ba1ce2f94f20b0edc949e2cbd86ec", "1fbcb9a9b3809d4a2912e33e6d81da4cfaa39b0e98798524038c4efc1f7029bc", "136808800e80d3a17169a14cb6d4037795ae1ac603e9e94f3176e395456d414d", "02c1fe4bff0b944b8a24c35c165601bc7093a2897502ed76339bf223a2e22f82", "1025cd12d003a503435a11e1895155e3dac8102b8925af75a116e229dbc8872f", "66f684e5e2db840156a6c2d48b927bff9affb2da3b470e2755486ad44f1ea589", "2951c2b198fc106c8b69701b7fc8fa455614c20fbb1da0e52ff61fd987a1df37", "43f9d6d4c3ab089052a39c9f26360c533390f1de5e297cac1d22db4ddbe885f9", "33a91fae1833f6b8af5d267435bc603ef6e764de4de71bae4d8b96022dced505", "20778098c7dc13af998594df8a92dc8ecf7d285549de0a57c8de62b3c027aa53", "8e8b95696a72f4048474132a4fbbd9caa6c2e3a39501f523e48ebe65bc542f37", "770788592bd5c473ac428057c58a26b31a522aed62fd4862c863c31b6ee8a347", "86891b7bec3a856e22137362efcaf955452686a950b545943a082683aec32db6", "66c875f739c0a053e199fe7087630ab566686eef2ecf18ab807f577bb61b3c43", "43c92c29429065668f1dcc5b0a76a0dba668c9e1565e3e19671fae3fc65799f6", "0a8e589f74b44031e8d0b94f8033cd942037eb26db6975ebd3fc789100391467", "6c812c6bd7e2f641c3b1e309510841759690c66df67c118693c239752b03f6b4", "421ab44e6b82e1a7738c4d5c8061f4e77162c0b82e0f54e3420191bb3289a4e8", "8974024a1a3062076484ad6c6091b193940d1009d1534ff468d285ed1d647744", "05a271b6a5a32cf561640fa6228ecb78ce9ff13611d6c618efb48721cb618961", "1ccd0791516841b7ba7d1a96a9eb64769f0a1c6e80b7c1795d3539b7e147f9c9", "925e60ead73bbd8000e8bf8858bdd23e6d800a292127f7a48d85cb72e2ebf154", "4d0461dc7dcbc4ef89e7fa7f391b40309ca0544112511fe9acb19d57b3d262e3"], "mitre_attack_tags": ["TA0009", "T1025"]}, {"bi": "lnk-no-creation-date", "hashes": ["687e9c7b5e3641dea44df6592a5601dab1aa659facba415fbebaae83db37b50b", "8e5297c9450cb307302dd88be7c1846ff34ba1ce2f94f20b0edc949e2cbd86ec", "1fbcb9a9b3809d4a2912e33e6d81da4cfaa39b0e98798524038c4efc1f7029bc", "136808800e80d3a17169a14cb6d4037795ae1ac603e9e94f3176e395456d414d", "02c1fe4bff0b944b8a24c35c165601bc7093a2897502ed76339bf223a2e22f82", "1025cd12d003a503435a11e1895155e3dac8102b8925af75a116e229dbc8872f", "66f684e5e2db840156a6c2d48b927bff9affb2da3b470e2755486ad44f1ea589", "2951c2b198fc106c8b69701b7fc8fa455614c20fbb1da0e52ff61fd987a1df37", "43f9d6d4c3ab089052a39c9f26360c533390f1de5e297cac1d22db4ddbe885f9", "33a91fae1833f6b8af5d267435bc603ef6e764de4de71bae4d8b96022dced505", "20778098c7dc13af998594df8a92dc8ecf7d285549de0a57c8de62b3c027aa53", "8e8b95696a72f4048474132a4fbbd9caa6c2e3a39501f523e48ebe65bc542f37", "770788592bd5c473ac428057c58a26b31a522aed62fd4862c863c31b6ee8a347", "86891b7bec3a856e22137362efcaf955452686a950b545943a082683aec32db6", "66c875f739c0a053e199fe7087630ab566686eef2ecf18ab807f577bb61b3c43", "43c92c29429065668f1dcc5b0a76a0dba668c9e1565e3e19671fae3fc65799f6", "0a8e589f74b44031e8d0b94f8033cd942037eb26db6975ebd3fc789100391467", "6c812c6bd7e2f641c3b1e309510841759690c66df67c118693c239752b03f6b4", "421ab44e6b82e1a7738c4d5c8061f4e77162c0b82e0f54e3420191bb3289a4e8", "8974024a1a3062076484ad6c6091b193940d1009d1534ff468d285ed1d647744", "05a271b6a5a32cf561640fa6228ecb78ce9ff13611d6c618efb48721cb618961", "1ccd0791516841b7ba7d1a96a9eb64769f0a1c6e80b7c1795d3539b7e147f9c9", "925e60ead73bbd8000e8bf8858bdd23e6d800a292127f7a48d85cb72e2ebf154", "4d0461dc7dcbc4ef89e7fa7f391b40309ca0544112511fe9acb19d57b3d262e3"], "mitre_attack_tags": ["TA0002", "T1203"]}, {"bi": "malware-ruskill-mutex-detected", "hashes": ["687e9c7b5e3641dea44df6592a5601dab1aa659facba415fbebaae83db37b50b", "8e5297c9450cb307302dd88be7c1846ff34ba1ce2f94f20b0edc949e2cbd86ec", "1fbcb9a9b3809d4a2912e33e6d81da4cfaa39b0e98798524038c4efc1f7029bc", "136808800e80d3a17169a14cb6d4037795ae1ac603e9e94f3176e395456d414d", "02c1fe4bff0b944b8a24c35c165601bc7093a2897502ed76339bf223a2e22f82", "1025cd12d003a503435a11e1895155e3dac8102b8925af75a116e229dbc8872f", "66f684e5e2db840156a6c2d48b927bff9affb2da3b470e2755486ad44f1ea589", "2951c2b198fc106c8b69701b7fc8fa455614c20fbb1da0e52ff61fd987a1df37", "43f9d6d4c3ab089052a39c9f26360c533390f1de5e297cac1d22db4ddbe885f9", "33a91fae1833f6b8af5d267435bc603ef6e764de4de71bae4d8b96022dced505", "20778098c7dc13af998594df8a92dc8ecf7d285549de0a57c8de62b3c027aa53", "8e8b95696a72f4048474132a4fbbd9caa6c2e3a39501f523e48ebe65bc542f37", "770788592bd5c473ac428057c58a26b31a522aed62fd4862c863c31b6ee8a347", "86891b7bec3a856e22137362efcaf955452686a950b545943a082683aec32db6", "66c875f739c0a053e199fe7087630ab566686eef2ecf18ab807f577bb61b3c43", "43c92c29429065668f1dcc5b0a76a0dba668c9e1565e3e19671fae3fc65799f6", "0a8e589f74b44031e8d0b94f8033cd942037eb26db6975ebd3fc789100391467", "6c812c6bd7e2f641c3b1e309510841759690c66df67c118693c239752b03f6b4", "421ab44e6b82e1a7738c4d5c8061f4e77162c0b82e0f54e3420191bb3289a4e8", "8974024a1a3062076484ad6c6091b193940d1009d1534ff468d285ed1d647744", "05a271b6a5a32cf561640fa6228ecb78ce9ff13611d6c618efb48721cb618961", "1ccd0791516841b7ba7d1a96a9eb64769f0a1c6e80b7c1795d3539b7e147f9c9", "925e60ead73bbd8000e8bf8858bdd23e6d800a292127f7a48d85cb72e2ebf154", "4d0461dc7dcbc4ef89e7fa7f391b40309ca0544112511fe9acb19d57b3d262e3"], "mitre_attack_tags": []}, {"bi": "artifact-lnk-calls-cmd-exit", "hashes": ["687e9c7b5e3641dea44df6592a5601dab1aa659facba415fbebaae83db37b50b", "8e5297c9450cb307302dd88be7c1846ff34ba1ce2f94f20b0edc949e2cbd86ec", "1fbcb9a9b3809d4a2912e33e6d81da4cfaa39b0e98798524038c4efc1f7029bc", "136808800e80d3a17169a14cb6d4037795ae1ac603e9e94f3176e395456d414d", "02c1fe4bff0b944b8a24c35c165601bc7093a2897502ed76339bf223a2e22f82", "1025cd12d003a503435a11e1895155e3dac8102b8925af75a116e229dbc8872f", "66f684e5e2db840156a6c2d48b927bff9affb2da3b470e2755486ad44f1ea589", "2951c2b198fc106c8b69701b7fc8fa455614c20fbb1da0e52ff61fd987a1df37", "43f9d6d4c3ab089052a39c9f26360c533390f1de5e297cac1d22db4ddbe885f9", "33a91fae1833f6b8af5d267435bc603ef6e764de4de71bae4d8b96022dced505", "20778098c7dc13af998594df8a92dc8ecf7d285549de0a57c8de62b3c027aa53", "8e8b95696a72f4048474132a4fbbd9caa6c2e3a39501f523e48ebe65bc542f37", "770788592bd5c473ac428057c58a26b31a522aed62fd4862c863c31b6ee8a347", "86891b7bec3a856e22137362efcaf955452686a950b545943a082683aec32db6", "66c875f739c0a053e199fe7087630ab566686eef2ecf18ab807f577bb61b3c43", "43c92c29429065668f1dcc5b0a76a0dba668c9e1565e3e19671fae3fc65799f6", "0a8e589f74b44031e8d0b94f8033cd942037eb26db6975ebd3fc789100391467", "6c812c6bd7e2f641c3b1e309510841759690c66df67c118693c239752b03f6b4", "421ab44e6b82e1a7738c4d5c8061f4e77162c0b82e0f54e3420191bb3289a4e8", "8974024a1a3062076484ad6c6091b193940d1009d1534ff468d285ed1d647744", "05a271b6a5a32cf561640fa6228ecb78ce9ff13611d6c618efb48721cb618961", "1ccd0791516841b7ba7d1a96a9eb64769f0a1c6e80b7c1795d3539b7e147f9c9", "925e60ead73bbd8000e8bf8858bdd23e6d800a292127f7a48d85cb72e2ebf154", "4d0461dc7dcbc4ef89e7fa7f391b40309ca0544112511fe9acb19d57b3d262e3"], "mitre_attack_tags": ["TA0002", "T1059"]}, {"bi": "artifact-multiple-extensions", "hashes": ["687e9c7b5e3641dea44df6592a5601dab1aa659facba415fbebaae83db37b50b", "8e5297c9450cb307302dd88be7c1846ff34ba1ce2f94f20b0edc949e2cbd86ec", "1fbcb9a9b3809d4a2912e33e6d81da4cfaa39b0e98798524038c4efc1f7029bc", "136808800e80d3a17169a14cb6d4037795ae1ac603e9e94f3176e395456d414d", "02c1fe4bff0b944b8a24c35c165601bc7093a2897502ed76339bf223a2e22f82", "1025cd12d003a503435a11e1895155e3dac8102b8925af75a116e229dbc8872f", "66f684e5e2db840156a6c2d48b927bff9affb2da3b470e2755486ad44f1ea589", "2951c2b198fc106c8b69701b7fc8fa455614c20fbb1da0e52ff61fd987a1df37", "43f9d6d4c3ab089052a39c9f26360c533390f1de5e297cac1d22db4ddbe885f9", "33a91fae1833f6b8af5d267435bc603ef6e764de4de71bae4d8b96022dced505", "20778098c7dc13af998594df8a92dc8ecf7d285549de0a57c8de62b3c027aa53", "8e8b95696a72f4048474132a4fbbd9caa6c2e3a39501f523e48ebe65bc542f37", "770788592bd5c473ac428057c58a26b31a522aed62fd4862c863c31b6ee8a347", "86891b7bec3a856e22137362efcaf955452686a950b545943a082683aec32db6", "66c875f739c0a053e199fe7087630ab566686eef2ecf18ab807f577bb61b3c43", "43c92c29429065668f1dcc5b0a76a0dba668c9e1565e3e19671fae3fc65799f6", "0a8e589f74b44031e8d0b94f8033cd942037eb26db6975ebd3fc789100391467", "6c812c6bd7e2f641c3b1e309510841759690c66df67c118693c239752b03f6b4", "421ab44e6b82e1a7738c4d5c8061f4e77162c0b82e0f54e3420191bb3289a4e8", "8974024a1a3062076484ad6c6091b193940d1009d1534ff468d285ed1d647744", "05a271b6a5a32cf561640fa6228ecb78ce9ff13611d6c618efb48721cb618961", "1ccd0791516841b7ba7d1a96a9eb64769f0a1c6e80b7c1795d3539b7e147f9c9", "925e60ead73bbd8000e8bf8858bdd23e6d800a292127f7a48d85cb72e2ebf154", "4d0461dc7dcbc4ef89e7fa7f391b40309ca0544112511fe9acb19d57b3d262e3"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["687e9c7b5e3641dea44df6592a5601dab1aa659facba415fbebaae83db37b50b", "8e5297c9450cb307302dd88be7c1846ff34ba1ce2f94f20b0edc949e2cbd86ec", "1fbcb9a9b3809d4a2912e33e6d81da4cfaa39b0e98798524038c4efc1f7029bc", "136808800e80d3a17169a14cb6d4037795ae1ac603e9e94f3176e395456d414d", "9110658caa6bb771c0f983f9351adb1258c6e1c976401c40acb674427dfe4179", "02c1fe4bff0b944b8a24c35c165601bc7093a2897502ed76339bf223a2e22f82", "1025cd12d003a503435a11e1895155e3dac8102b8925af75a116e229dbc8872f", "66f684e5e2db840156a6c2d48b927bff9affb2da3b470e2755486ad44f1ea589", "2951c2b198fc106c8b69701b7fc8fa455614c20fbb1da0e52ff61fd987a1df37", "43f9d6d4c3ab089052a39c9f26360c533390f1de5e297cac1d22db4ddbe885f9", "33a91fae1833f6b8af5d267435bc603ef6e764de4de71bae4d8b96022dced505", "20778098c7dc13af998594df8a92dc8ecf7d285549de0a57c8de62b3c027aa53", "770788592bd5c473ac428057c58a26b31a522aed62fd4862c863c31b6ee8a347", "66c875f739c0a053e199fe7087630ab566686eef2ecf18ab807f577bb61b3c43", "43c92c29429065668f1dcc5b0a76a0dba668c9e1565e3e19671fae3fc65799f6", "0a8e589f74b44031e8d0b94f8033cd942037eb26db6975ebd3fc789100391467", "6c812c6bd7e2f641c3b1e309510841759690c66df67c118693c239752b03f6b4", "421ab44e6b82e1a7738c4d5c8061f4e77162c0b82e0f54e3420191bb3289a4e8", "8974024a1a3062076484ad6c6091b193940d1009d1534ff468d285ed1d647744", "05a271b6a5a32cf561640fa6228ecb78ce9ff13611d6c618efb48721cb618961", "1ccd0791516841b7ba7d1a96a9eb64769f0a1c6e80b7c1795d3539b7e147f9c9", "925e60ead73bbd8000e8bf8858bdd23e6d800a292127f7a48d85cb72e2ebf154", "4d0461dc7dcbc4ef89e7fa7f391b40309ca0544112511fe9acb19d57b3d262e3"], "mitre_attack_tags": []}, {"bi": "pe-section-execute-writable", "hashes": ["687e9c7b5e3641dea44df6592a5601dab1aa659facba415fbebaae83db37b50b", "8e5297c9450cb307302dd88be7c1846ff34ba1ce2f94f20b0edc949e2cbd86ec", "1fbcb9a9b3809d4a2912e33e6d81da4cfaa39b0e98798524038c4efc1f7029bc", "136808800e80d3a17169a14cb6d4037795ae1ac603e9e94f3176e395456d414d", "02c1fe4bff0b944b8a24c35c165601bc7093a2897502ed76339bf223a2e22f82", "1025cd12d003a503435a11e1895155e3dac8102b8925af75a116e229dbc8872f", "66f684e5e2db840156a6c2d48b927bff9affb2da3b470e2755486ad44f1ea589", "2951c2b198fc106c8b69701b7fc8fa455614c20fbb1da0e52ff61fd987a1df37", "43f9d6d4c3ab089052a39c9f26360c533390f1de5e297cac1d22db4ddbe885f9", "33a91fae1833f6b8af5d267435bc603ef6e764de4de71bae4d8b96022dced505", "8e8b95696a72f4048474132a4fbbd9caa6c2e3a39501f523e48ebe65bc542f37", "86891b7bec3a856e22137362efcaf955452686a950b545943a082683aec32db6", "66c875f739c0a053e199fe7087630ab566686eef2ecf18ab807f577bb61b3c43", "43c92c29429065668f1dcc5b0a76a0dba668c9e1565e3e19671fae3fc65799f6", "0a8e589f74b44031e8d0b94f8033cd942037eb26db6975ebd3fc789100391467", "6c812c6bd7e2f641c3b1e309510841759690c66df67c118693c239752b03f6b4", "421ab44e6b82e1a7738c4d5c8061f4e77162c0b82e0f54e3420191bb3289a4e8", "8974024a1a3062076484ad6c6091b193940d1009d1534ff468d285ed1d647744", "05a271b6a5a32cf561640fa6228ecb78ce9ff13611d6c618efb48721cb618961", "1ccd0791516841b7ba7d1a96a9eb64769f0a1c6e80b7c1795d3539b7e147f9c9", "925e60ead73bbd8000e8bf8858bdd23e6d800a292127f7a48d85cb72e2ebf154", "4d0461dc7dcbc4ef89e7fa7f391b40309ca0544112511fe9acb19d57b3d262e3"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "artifact-exec-extension-obfuscation", "hashes": ["687e9c7b5e3641dea44df6592a5601dab1aa659facba415fbebaae83db37b50b", "8e5297c9450cb307302dd88be7c1846ff34ba1ce2f94f20b0edc949e2cbd86ec", "1fbcb9a9b3809d4a2912e33e6d81da4cfaa39b0e98798524038c4efc1f7029bc", "136808800e80d3a17169a14cb6d4037795ae1ac603e9e94f3176e395456d414d", "02c1fe4bff0b944b8a24c35c165601bc7093a2897502ed76339bf223a2e22f82", "66f684e5e2db840156a6c2d48b927bff9affb2da3b470e2755486ad44f1ea589", "2951c2b198fc106c8b69701b7fc8fa455614c20fbb1da0e52ff61fd987a1df37", "43f9d6d4c3ab089052a39c9f26360c533390f1de5e297cac1d22db4ddbe885f9", "33a91fae1833f6b8af5d267435bc603ef6e764de4de71bae4d8b96022dced505", "20778098c7dc13af998594df8a92dc8ecf7d285549de0a57c8de62b3c027aa53", "8e8b95696a72f4048474132a4fbbd9caa6c2e3a39501f523e48ebe65bc542f37", "770788592bd5c473ac428057c58a26b31a522aed62fd4862c863c31b6ee8a347", "86891b7bec3a856e22137362efcaf955452686a950b545943a082683aec32db6", "66c875f739c0a053e199fe7087630ab566686eef2ecf18ab807f577bb61b3c43", "0a8e589f74b44031e8d0b94f8033cd942037eb26db6975ebd3fc789100391467", "6c812c6bd7e2f641c3b1e309510841759690c66df67c118693c239752b03f6b4", "421ab44e6b82e1a7738c4d5c8061f4e77162c0b82e0f54e3420191bb3289a4e8", "8974024a1a3062076484ad6c6091b193940d1009d1534ff468d285ed1d647744", "05a271b6a5a32cf561640fa6228ecb78ce9ff13611d6c618efb48721cb618961", "1ccd0791516841b7ba7d1a96a9eb64769f0a1c6e80b7c1795d3539b7e147f9c9", "925e60ead73bbd8000e8bf8858bdd23e6d800a292127f7a48d85cb72e2ebf154", "4d0461dc7dcbc4ef89e7fa7f391b40309ca0544112511fe9acb19d57b3d262e3"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "network-fast-flux-nameserver", "hashes": ["1025cd12d003a503435a11e1895155e3dac8102b8925af75a116e229dbc8872f", "66f684e5e2db840156a6c2d48b927bff9affb2da3b470e2755486ad44f1ea589", "20778098c7dc13af998594df8a92dc8ecf7d285549de0a57c8de62b3c027aa53", "66c875f739c0a053e199fe7087630ab566686eef2ecf18ab807f577bb61b3c43", "0a8e589f74b44031e8d0b94f8033cd942037eb26db6975ebd3fc789100391467", "05a271b6a5a32cf561640fa6228ecb78ce9ff13611d6c618efb48721cb618961"], "mitre_attack_tags": []}, {"bi": "pe-invalid-checksum", "hashes": ["687e9c7b5e3641dea44df6592a5601dab1aa659facba415fbebaae83db37b50b", "43f9d6d4c3ab089052a39c9f26360c533390f1de5e297cac1d22db4ddbe885f9", "8974024a1a3062076484ad6c6091b193940d1009d1534ff468d285ed1d647744", "925e60ead73bbd8000e8bf8858bdd23e6d800a292127f7a48d85cb72e2ebf154", "4d0461dc7dcbc4ef89e7fa7f391b40309ca0544112511fe9acb19d57b3d262e3"], "mitre_attack_tags": []}, {"bi": "pe-encrypted-section", "hashes": ["8e5297c9450cb307302dd88be7c1846ff34ba1ce2f94f20b0edc949e2cbd86ec", "6c812c6bd7e2f641c3b1e309510841759690c66df67c118693c239752b03f6b4"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "process-hollowing-detected", "hashes": ["770788592bd5c473ac428057c58a26b31a522aed62fd4862c863c31b6ee8a347"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}], "category": "Worm", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": true, "Threat Grid": true, "Umbrella": true, "WSA": true}, "description": "Ruskill, also known as Dorkbot, is a botnet client that steals credentials and facilitates distributed denial-of-service (DDoS) attacks. It spreads via removable media and instant messaging applications.", "hashes": ["02c1fe4bff0b944b8a24c35c165601bc7093a2897502ed76339bf223a2e22f82", "05a271b6a5a32cf561640fa6228ecb78ce9ff13611d6c618efb48721cb618961", "0a8e589f74b44031e8d0b94f8033cd942037eb26db6975ebd3fc789100391467", "1025cd12d003a503435a11e1895155e3dac8102b8925af75a116e229dbc8872f", "136808800e80d3a17169a14cb6d4037795ae1ac603e9e94f3176e395456d414d", "1ccd0791516841b7ba7d1a96a9eb64769f0a1c6e80b7c1795d3539b7e147f9c9", "1fbcb9a9b3809d4a2912e33e6d81da4cfaa39b0e98798524038c4efc1f7029bc", "20778098c7dc13af998594df8a92dc8ecf7d285549de0a57c8de62b3c027aa53", "2951c2b198fc106c8b69701b7fc8fa455614c20fbb1da0e52ff61fd987a1df37", "33a91fae1833f6b8af5d267435bc603ef6e764de4de71bae4d8b96022dced505", "421ab44e6b82e1a7738c4d5c8061f4e77162c0b82e0f54e3420191bb3289a4e8", "43c92c29429065668f1dcc5b0a76a0dba668c9e1565e3e19671fae3fc65799f6", "43f9d6d4c3ab089052a39c9f26360c533390f1de5e297cac1d22db4ddbe885f9", "4d0461dc7dcbc4ef89e7fa7f391b40309ca0544112511fe9acb19d57b3d262e3", "66c875f739c0a053e199fe7087630ab566686eef2ecf18ab807f577bb61b3c43", "66f684e5e2db840156a6c2d48b927bff9affb2da3b470e2755486ad44f1ea589", "687e9c7b5e3641dea44df6592a5601dab1aa659facba415fbebaae83db37b50b", "6c812c6bd7e2f641c3b1e309510841759690c66df67c118693c239752b03f6b4", "770788592bd5c473ac428057c58a26b31a522aed62fd4862c863c31b6ee8a347", "86891b7bec3a856e22137362efcaf955452686a950b545943a082683aec32db6", "8974024a1a3062076484ad6c6091b193940d1009d1534ff468d285ed1d647744", "8e5297c9450cb307302dd88be7c1846ff34ba1ce2f94f20b0edc949e2cbd86ec", "8e8b95696a72f4048474132a4fbbd9caa6c2e3a39501f523e48ebe65bc542f37", "9110658caa6bb771c0f983f9351adb1258c6e1c976401c40acb674427dfe4179", "925e60ead73bbd8000e8bf8858bdd23e6d800a292127f7a48d85cb72e2ebf154", "929664954de495382197d1e9886894f4022d1a86dec6a27560c451341121f5a7", "96f31fa532114750818c42c033fcf04680aa94b9783bb71c940aa2a4129275f3", "bbcf664ef0d4124c6280844acf0347091219dee833ce279473de3657cf2e9171", "bf679bdb9ab9984d88db91e23424da59573548ecb026b85ba667bb5cf8b4d190", "c52a6d7667920b04321880317f36e02b54c2f399d4283d63edaf4d78219f80da", "c5af8bc08f401609d5cdc0d95a9af4251146786e62f13814ffe8f543936742eb", "c976c155287022f9e32bf2e4ee4923aedd2e0e8fe86456db0540f520dc090db5", "f0f08f033c5275b3ed484f375b5e86a4855f40668220d6a240aca584713bd247", "f59a2d739526972bbaf347dac5c7e25f8bc301eac5e778de58ef5164a73ebcfd", "f8999a236ee98036583a7549e2aed1e758d77bcd8b7cee89f410d65914edf512"], "iocs": {"domain": [{"hashes": ["02c1fe4bff0b944b8a24c35c165601bc7093a2897502ed76339bf223a2e22f82", "05a271b6a5a32cf561640fa6228ecb78ce9ff13611d6c618efb48721cb618961", "0a8e589f74b44031e8d0b94f8033cd942037eb26db6975ebd3fc789100391467", "1025cd12d003a503435a11e1895155e3dac8102b8925af75a116e229dbc8872f", "136808800e80d3a17169a14cb6d4037795ae1ac603e9e94f3176e395456d414d", "1ccd0791516841b7ba7d1a96a9eb64769f0a1c6e80b7c1795d3539b7e147f9c9", "1fbcb9a9b3809d4a2912e33e6d81da4cfaa39b0e98798524038c4efc1f7029bc", "20778098c7dc13af998594df8a92dc8ecf7d285549de0a57c8de62b3c027aa53", "2951c2b198fc106c8b69701b7fc8fa455614c20fbb1da0e52ff61fd987a1df37", "33a91fae1833f6b8af5d267435bc603ef6e764de4de71bae4d8b96022dced505", "421ab44e6b82e1a7738c4d5c8061f4e77162c0b82e0f54e3420191bb3289a4e8", "43c92c29429065668f1dcc5b0a76a0dba668c9e1565e3e19671fae3fc65799f6", "43f9d6d4c3ab089052a39c9f26360c533390f1de5e297cac1d22db4ddbe885f9", "4d0461dc7dcbc4ef89e7fa7f391b40309ca0544112511fe9acb19d57b3d262e3", "66c875f739c0a053e199fe7087630ab566686eef2ecf18ab807f577bb61b3c43", "66f684e5e2db840156a6c2d48b927bff9affb2da3b470e2755486ad44f1ea589", "687e9c7b5e3641dea44df6592a5601dab1aa659facba415fbebaae83db37b50b", "6c812c6bd7e2f641c3b1e309510841759690c66df67c118693c239752b03f6b4", "770788592bd5c473ac428057c58a26b31a522aed62fd4862c863c31b6ee8a347", "86891b7bec3a856e22137362efcaf955452686a950b545943a082683aec32db6", "8974024a1a3062076484ad6c6091b193940d1009d1534ff468d285ed1d647744", "8e5297c9450cb307302dd88be7c1846ff34ba1ce2f94f20b0edc949e2cbd86ec", "8e8b95696a72f4048474132a4fbbd9caa6c2e3a39501f523e48ebe65bc542f37", "925e60ead73bbd8000e8bf8858bdd23e6d800a292127f7a48d85cb72e2ebf154"], "host": "api[.]wipmania[.]com"}, {"hashes": ["02c1fe4bff0b944b8a24c35c165601bc7093a2897502ed76339bf223a2e22f82", "05a271b6a5a32cf561640fa6228ecb78ce9ff13611d6c618efb48721cb618961", "0a8e589f74b44031e8d0b94f8033cd942037eb26db6975ebd3fc789100391467", "1025cd12d003a503435a11e1895155e3dac8102b8925af75a116e229dbc8872f", "136808800e80d3a17169a14cb6d4037795ae1ac603e9e94f3176e395456d414d", "1ccd0791516841b7ba7d1a96a9eb64769f0a1c6e80b7c1795d3539b7e147f9c9", "1fbcb9a9b3809d4a2912e33e6d81da4cfaa39b0e98798524038c4efc1f7029bc", "20778098c7dc13af998594df8a92dc8ecf7d285549de0a57c8de62b3c027aa53", "2951c2b198fc106c8b69701b7fc8fa455614c20fbb1da0e52ff61fd987a1df37", "33a91fae1833f6b8af5d267435bc603ef6e764de4de71bae4d8b96022dced505", "421ab44e6b82e1a7738c4d5c8061f4e77162c0b82e0f54e3420191bb3289a4e8", "43c92c29429065668f1dcc5b0a76a0dba668c9e1565e3e19671fae3fc65799f6", "43f9d6d4c3ab089052a39c9f26360c533390f1de5e297cac1d22db4ddbe885f9", "4d0461dc7dcbc4ef89e7fa7f391b40309ca0544112511fe9acb19d57b3d262e3", "66c875f739c0a053e199fe7087630ab566686eef2ecf18ab807f577bb61b3c43", "66f684e5e2db840156a6c2d48b927bff9affb2da3b470e2755486ad44f1ea589", "687e9c7b5e3641dea44df6592a5601dab1aa659facba415fbebaae83db37b50b", "6c812c6bd7e2f641c3b1e309510841759690c66df67c118693c239752b03f6b4", "770788592bd5c473ac428057c58a26b31a522aed62fd4862c863c31b6ee8a347", "86891b7bec3a856e22137362efcaf955452686a950b545943a082683aec32db6", "8974024a1a3062076484ad6c6091b193940d1009d1534ff468d285ed1d647744", "8e5297c9450cb307302dd88be7c1846ff34ba1ce2f94f20b0edc949e2cbd86ec", "8e8b95696a72f4048474132a4fbbd9caa6c2e3a39501f523e48ebe65bc542f37", "925e60ead73bbd8000e8bf8858bdd23e6d800a292127f7a48d85cb72e2ebf154"], "host": "n[.]ezjhyxxbf[.]ru"}, {"hashes": ["02c1fe4bff0b944b8a24c35c165601bc7093a2897502ed76339bf223a2e22f82", "05a271b6a5a32cf561640fa6228ecb78ce9ff13611d6c618efb48721cb618961", "0a8e589f74b44031e8d0b94f8033cd942037eb26db6975ebd3fc789100391467", "1025cd12d003a503435a11e1895155e3dac8102b8925af75a116e229dbc8872f", "136808800e80d3a17169a14cb6d4037795ae1ac603e9e94f3176e395456d414d", "1ccd0791516841b7ba7d1a96a9eb64769f0a1c6e80b7c1795d3539b7e147f9c9", "1fbcb9a9b3809d4a2912e33e6d81da4cfaa39b0e98798524038c4efc1f7029bc", "20778098c7dc13af998594df8a92dc8ecf7d285549de0a57c8de62b3c027aa53", "2951c2b198fc106c8b69701b7fc8fa455614c20fbb1da0e52ff61fd987a1df37", "33a91fae1833f6b8af5d267435bc603ef6e764de4de71bae4d8b96022dced505", "421ab44e6b82e1a7738c4d5c8061f4e77162c0b82e0f54e3420191bb3289a4e8", "43c92c29429065668f1dcc5b0a76a0dba668c9e1565e3e19671fae3fc65799f6", "43f9d6d4c3ab089052a39c9f26360c533390f1de5e297cac1d22db4ddbe885f9", "4d0461dc7dcbc4ef89e7fa7f391b40309ca0544112511fe9acb19d57b3d262e3", "66c875f739c0a053e199fe7087630ab566686eef2ecf18ab807f577bb61b3c43", "66f684e5e2db840156a6c2d48b927bff9affb2da3b470e2755486ad44f1ea589", "687e9c7b5e3641dea44df6592a5601dab1aa659facba415fbebaae83db37b50b", "6c812c6bd7e2f641c3b1e309510841759690c66df67c118693c239752b03f6b4", "770788592bd5c473ac428057c58a26b31a522aed62fd4862c863c31b6ee8a347", "86891b7bec3a856e22137362efcaf955452686a950b545943a082683aec32db6", "8974024a1a3062076484ad6c6091b193940d1009d1534ff468d285ed1d647744", "8e5297c9450cb307302dd88be7c1846ff34ba1ce2f94f20b0edc949e2cbd86ec", "8e8b95696a72f4048474132a4fbbd9caa6c2e3a39501f523e48ebe65bc542f37", "925e60ead73bbd8000e8bf8858bdd23e6d800a292127f7a48d85cb72e2ebf154"], "host": "n[.]hmiblgoja[.]ru"}, {"hashes": ["02c1fe4bff0b944b8a24c35c165601bc7093a2897502ed76339bf223a2e22f82", "05a271b6a5a32cf561640fa6228ecb78ce9ff13611d6c618efb48721cb618961", "0a8e589f74b44031e8d0b94f8033cd942037eb26db6975ebd3fc789100391467", "1025cd12d003a503435a11e1895155e3dac8102b8925af75a116e229dbc8872f", "136808800e80d3a17169a14cb6d4037795ae1ac603e9e94f3176e395456d414d", "1ccd0791516841b7ba7d1a96a9eb64769f0a1c6e80b7c1795d3539b7e147f9c9", "1fbcb9a9b3809d4a2912e33e6d81da4cfaa39b0e98798524038c4efc1f7029bc", "20778098c7dc13af998594df8a92dc8ecf7d285549de0a57c8de62b3c027aa53", "2951c2b198fc106c8b69701b7fc8fa455614c20fbb1da0e52ff61fd987a1df37", "33a91fae1833f6b8af5d267435bc603ef6e764de4de71bae4d8b96022dced505", "421ab44e6b82e1a7738c4d5c8061f4e77162c0b82e0f54e3420191bb3289a4e8", "43c92c29429065668f1dcc5b0a76a0dba668c9e1565e3e19671fae3fc65799f6", "43f9d6d4c3ab089052a39c9f26360c533390f1de5e297cac1d22db4ddbe885f9", "4d0461dc7dcbc4ef89e7fa7f391b40309ca0544112511fe9acb19d57b3d262e3", "66c875f739c0a053e199fe7087630ab566686eef2ecf18ab807f577bb61b3c43", "66f684e5e2db840156a6c2d48b927bff9affb2da3b470e2755486ad44f1ea589", "687e9c7b5e3641dea44df6592a5601dab1aa659facba415fbebaae83db37b50b", "6c812c6bd7e2f641c3b1e309510841759690c66df67c118693c239752b03f6b4", "770788592bd5c473ac428057c58a26b31a522aed62fd4862c863c31b6ee8a347", "86891b7bec3a856e22137362efcaf955452686a950b545943a082683aec32db6", "8974024a1a3062076484ad6c6091b193940d1009d1534ff468d285ed1d647744", "8e5297c9450cb307302dd88be7c1846ff34ba1ce2f94f20b0edc949e2cbd86ec", "8e8b95696a72f4048474132a4fbbd9caa6c2e3a39501f523e48ebe65bc542f37", "925e60ead73bbd8000e8bf8858bdd23e6d800a292127f7a48d85cb72e2ebf154"], "host": "n[.]jntbxduhz[.]ru"}, {"hashes": ["02c1fe4bff0b944b8a24c35c165601bc7093a2897502ed76339bf223a2e22f82", "05a271b6a5a32cf561640fa6228ecb78ce9ff13611d6c618efb48721cb618961", "0a8e589f74b44031e8d0b94f8033cd942037eb26db6975ebd3fc789100391467", "1025cd12d003a503435a11e1895155e3dac8102b8925af75a116e229dbc8872f", "136808800e80d3a17169a14cb6d4037795ae1ac603e9e94f3176e395456d414d", "1ccd0791516841b7ba7d1a96a9eb64769f0a1c6e80b7c1795d3539b7e147f9c9", "1fbcb9a9b3809d4a2912e33e6d81da4cfaa39b0e98798524038c4efc1f7029bc", "20778098c7dc13af998594df8a92dc8ecf7d285549de0a57c8de62b3c027aa53", "2951c2b198fc106c8b69701b7fc8fa455614c20fbb1da0e52ff61fd987a1df37", "33a91fae1833f6b8af5d267435bc603ef6e764de4de71bae4d8b96022dced505", "421ab44e6b82e1a7738c4d5c8061f4e77162c0b82e0f54e3420191bb3289a4e8", "43c92c29429065668f1dcc5b0a76a0dba668c9e1565e3e19671fae3fc65799f6", "43f9d6d4c3ab089052a39c9f26360c533390f1de5e297cac1d22db4ddbe885f9", "4d0461dc7dcbc4ef89e7fa7f391b40309ca0544112511fe9acb19d57b3d262e3", "66c875f739c0a053e199fe7087630ab566686eef2ecf18ab807f577bb61b3c43", "66f684e5e2db840156a6c2d48b927bff9affb2da3b470e2755486ad44f1ea589", "687e9c7b5e3641dea44df6592a5601dab1aa659facba415fbebaae83db37b50b", "6c812c6bd7e2f641c3b1e309510841759690c66df67c118693c239752b03f6b4", "770788592bd5c473ac428057c58a26b31a522aed62fd4862c863c31b6ee8a347", "86891b7bec3a856e22137362efcaf955452686a950b545943a082683aec32db6", "8974024a1a3062076484ad6c6091b193940d1009d1534ff468d285ed1d647744", "8e5297c9450cb307302dd88be7c1846ff34ba1ce2f94f20b0edc949e2cbd86ec", "8e8b95696a72f4048474132a4fbbd9caa6c2e3a39501f523e48ebe65bc542f37", "925e60ead73bbd8000e8bf8858bdd23e6d800a292127f7a48d85cb72e2ebf154"], "host": "n[.]jupoofsnc[.]ru"}, {"hashes": ["02c1fe4bff0b944b8a24c35c165601bc7093a2897502ed76339bf223a2e22f82", "05a271b6a5a32cf561640fa6228ecb78ce9ff13611d6c618efb48721cb618961", "0a8e589f74b44031e8d0b94f8033cd942037eb26db6975ebd3fc789100391467", "1025cd12d003a503435a11e1895155e3dac8102b8925af75a116e229dbc8872f", "136808800e80d3a17169a14cb6d4037795ae1ac603e9e94f3176e395456d414d", "1ccd0791516841b7ba7d1a96a9eb64769f0a1c6e80b7c1795d3539b7e147f9c9", "1fbcb9a9b3809d4a2912e33e6d81da4cfaa39b0e98798524038c4efc1f7029bc", "20778098c7dc13af998594df8a92dc8ecf7d285549de0a57c8de62b3c027aa53", "2951c2b198fc106c8b69701b7fc8fa455614c20fbb1da0e52ff61fd987a1df37", "33a91fae1833f6b8af5d267435bc603ef6e764de4de71bae4d8b96022dced505", "421ab44e6b82e1a7738c4d5c8061f4e77162c0b82e0f54e3420191bb3289a4e8", "43c92c29429065668f1dcc5b0a76a0dba668c9e1565e3e19671fae3fc65799f6", "43f9d6d4c3ab089052a39c9f26360c533390f1de5e297cac1d22db4ddbe885f9", "4d0461dc7dcbc4ef89e7fa7f391b40309ca0544112511fe9acb19d57b3d262e3", "66c875f739c0a053e199fe7087630ab566686eef2ecf18ab807f577bb61b3c43", "66f684e5e2db840156a6c2d48b927bff9affb2da3b470e2755486ad44f1ea589", "687e9c7b5e3641dea44df6592a5601dab1aa659facba415fbebaae83db37b50b", "6c812c6bd7e2f641c3b1e309510841759690c66df67c118693c239752b03f6b4", "770788592bd5c473ac428057c58a26b31a522aed62fd4862c863c31b6ee8a347", "86891b7bec3a856e22137362efcaf955452686a950b545943a082683aec32db6", "8974024a1a3062076484ad6c6091b193940d1009d1534ff468d285ed1d647744", "8e5297c9450cb307302dd88be7c1846ff34ba1ce2f94f20b0edc949e2cbd86ec", "8e8b95696a72f4048474132a4fbbd9caa6c2e3a39501f523e48ebe65bc542f37", "925e60ead73bbd8000e8bf8858bdd23e6d800a292127f7a48d85cb72e2ebf154"], "host": "n[.]lotys[.]ru"}, {"hashes": ["02c1fe4bff0b944b8a24c35c165601bc7093a2897502ed76339bf223a2e22f82", "05a271b6a5a32cf561640fa6228ecb78ce9ff13611d6c618efb48721cb618961", "0a8e589f74b44031e8d0b94f8033cd942037eb26db6975ebd3fc789100391467", "1025cd12d003a503435a11e1895155e3dac8102b8925af75a116e229dbc8872f", "136808800e80d3a17169a14cb6d4037795ae1ac603e9e94f3176e395456d414d", "1ccd0791516841b7ba7d1a96a9eb64769f0a1c6e80b7c1795d3539b7e147f9c9", "1fbcb9a9b3809d4a2912e33e6d81da4cfaa39b0e98798524038c4efc1f7029bc", "20778098c7dc13af998594df8a92dc8ecf7d285549de0a57c8de62b3c027aa53", "2951c2b198fc106c8b69701b7fc8fa455614c20fbb1da0e52ff61fd987a1df37", "33a91fae1833f6b8af5d267435bc603ef6e764de4de71bae4d8b96022dced505", "421ab44e6b82e1a7738c4d5c8061f4e77162c0b82e0f54e3420191bb3289a4e8", "43c92c29429065668f1dcc5b0a76a0dba668c9e1565e3e19671fae3fc65799f6", "43f9d6d4c3ab089052a39c9f26360c533390f1de5e297cac1d22db4ddbe885f9", "4d0461dc7dcbc4ef89e7fa7f391b40309ca0544112511fe9acb19d57b3d262e3", "66c875f739c0a053e199fe7087630ab566686eef2ecf18ab807f577bb61b3c43", "66f684e5e2db840156a6c2d48b927bff9affb2da3b470e2755486ad44f1ea589", "687e9c7b5e3641dea44df6592a5601dab1aa659facba415fbebaae83db37b50b", "6c812c6bd7e2f641c3b1e309510841759690c66df67c118693c239752b03f6b4", "770788592bd5c473ac428057c58a26b31a522aed62fd4862c863c31b6ee8a347", "86891b7bec3a856e22137362efcaf955452686a950b545943a082683aec32db6", "8974024a1a3062076484ad6c6091b193940d1009d1534ff468d285ed1d647744", "8e5297c9450cb307302dd88be7c1846ff34ba1ce2f94f20b0edc949e2cbd86ec", "8e8b95696a72f4048474132a4fbbd9caa6c2e3a39501f523e48ebe65bc542f37", "925e60ead73bbd8000e8bf8858bdd23e6d800a292127f7a48d85cb72e2ebf154"], "host": "n[.]oceardpku[.]ru"}, {"hashes": ["02c1fe4bff0b944b8a24c35c165601bc7093a2897502ed76339bf223a2e22f82", "05a271b6a5a32cf561640fa6228ecb78ce9ff13611d6c618efb48721cb618961", "0a8e589f74b44031e8d0b94f8033cd942037eb26db6975ebd3fc789100391467", "1025cd12d003a503435a11e1895155e3dac8102b8925af75a116e229dbc8872f", "136808800e80d3a17169a14cb6d4037795ae1ac603e9e94f3176e395456d414d", "1ccd0791516841b7ba7d1a96a9eb64769f0a1c6e80b7c1795d3539b7e147f9c9", "1fbcb9a9b3809d4a2912e33e6d81da4cfaa39b0e98798524038c4efc1f7029bc", "20778098c7dc13af998594df8a92dc8ecf7d285549de0a57c8de62b3c027aa53", "2951c2b198fc106c8b69701b7fc8fa455614c20fbb1da0e52ff61fd987a1df37", "33a91fae1833f6b8af5d267435bc603ef6e764de4de71bae4d8b96022dced505", "421ab44e6b82e1a7738c4d5c8061f4e77162c0b82e0f54e3420191bb3289a4e8", "43c92c29429065668f1dcc5b0a76a0dba668c9e1565e3e19671fae3fc65799f6", "43f9d6d4c3ab089052a39c9f26360c533390f1de5e297cac1d22db4ddbe885f9", "4d0461dc7dcbc4ef89e7fa7f391b40309ca0544112511fe9acb19d57b3d262e3", "66c875f739c0a053e199fe7087630ab566686eef2ecf18ab807f577bb61b3c43", "66f684e5e2db840156a6c2d48b927bff9affb2da3b470e2755486ad44f1ea589", "687e9c7b5e3641dea44df6592a5601dab1aa659facba415fbebaae83db37b50b", "6c812c6bd7e2f641c3b1e309510841759690c66df67c118693c239752b03f6b4", "770788592bd5c473ac428057c58a26b31a522aed62fd4862c863c31b6ee8a347", "86891b7bec3a856e22137362efcaf955452686a950b545943a082683aec32db6", "8974024a1a3062076484ad6c6091b193940d1009d1534ff468d285ed1d647744", "8e5297c9450cb307302dd88be7c1846ff34ba1ce2f94f20b0edc949e2cbd86ec", "8e8b95696a72f4048474132a4fbbd9caa6c2e3a39501f523e48ebe65bc542f37", "925e60ead73bbd8000e8bf8858bdd23e6d800a292127f7a48d85cb72e2ebf154"], "host": "n[.]vbemnggcj[.]ru"}, {"hashes": ["02c1fe4bff0b944b8a24c35c165601bc7093a2897502ed76339bf223a2e22f82", "05a271b6a5a32cf561640fa6228ecb78ce9ff13611d6c618efb48721cb618961", "0a8e589f74b44031e8d0b94f8033cd942037eb26db6975ebd3fc789100391467", "1025cd12d003a503435a11e1895155e3dac8102b8925af75a116e229dbc8872f", "136808800e80d3a17169a14cb6d4037795ae1ac603e9e94f3176e395456d414d", "1ccd0791516841b7ba7d1a96a9eb64769f0a1c6e80b7c1795d3539b7e147f9c9", "1fbcb9a9b3809d4a2912e33e6d81da4cfaa39b0e98798524038c4efc1f7029bc", "20778098c7dc13af998594df8a92dc8ecf7d285549de0a57c8de62b3c027aa53", "2951c2b198fc106c8b69701b7fc8fa455614c20fbb1da0e52ff61fd987a1df37", "33a91fae1833f6b8af5d267435bc603ef6e764de4de71bae4d8b96022dced505", "421ab44e6b82e1a7738c4d5c8061f4e77162c0b82e0f54e3420191bb3289a4e8", "43c92c29429065668f1dcc5b0a76a0dba668c9e1565e3e19671fae3fc65799f6", "43f9d6d4c3ab089052a39c9f26360c533390f1de5e297cac1d22db4ddbe885f9", "4d0461dc7dcbc4ef89e7fa7f391b40309ca0544112511fe9acb19d57b3d262e3", "66c875f739c0a053e199fe7087630ab566686eef2ecf18ab807f577bb61b3c43", "66f684e5e2db840156a6c2d48b927bff9affb2da3b470e2755486ad44f1ea589", "687e9c7b5e3641dea44df6592a5601dab1aa659facba415fbebaae83db37b50b", "6c812c6bd7e2f641c3b1e309510841759690c66df67c118693c239752b03f6b4", "770788592bd5c473ac428057c58a26b31a522aed62fd4862c863c31b6ee8a347", "86891b7bec3a856e22137362efcaf955452686a950b545943a082683aec32db6", "8974024a1a3062076484ad6c6091b193940d1009d1534ff468d285ed1d647744", "8e5297c9450cb307302dd88be7c1846ff34ba1ce2f94f20b0edc949e2cbd86ec", "8e8b95696a72f4048474132a4fbbd9caa6c2e3a39501f523e48ebe65bc542f37", "925e60ead73bbd8000e8bf8858bdd23e6d800a292127f7a48d85cb72e2ebf154"], "host": "n[.]yqqufklho[.]ru"}, {"hashes": ["02c1fe4bff0b944b8a24c35c165601bc7093a2897502ed76339bf223a2e22f82", "05a271b6a5a32cf561640fa6228ecb78ce9ff13611d6c618efb48721cb618961", "0a8e589f74b44031e8d0b94f8033cd942037eb26db6975ebd3fc789100391467", "1025cd12d003a503435a11e1895155e3dac8102b8925af75a116e229dbc8872f", "136808800e80d3a17169a14cb6d4037795ae1ac603e9e94f3176e395456d414d", "1ccd0791516841b7ba7d1a96a9eb64769f0a1c6e80b7c1795d3539b7e147f9c9", "1fbcb9a9b3809d4a2912e33e6d81da4cfaa39b0e98798524038c4efc1f7029bc", "20778098c7dc13af998594df8a92dc8ecf7d285549de0a57c8de62b3c027aa53", "2951c2b198fc106c8b69701b7fc8fa455614c20fbb1da0e52ff61fd987a1df37", "33a91fae1833f6b8af5d267435bc603ef6e764de4de71bae4d8b96022dced505", "421ab44e6b82e1a7738c4d5c8061f4e77162c0b82e0f54e3420191bb3289a4e8", "43c92c29429065668f1dcc5b0a76a0dba668c9e1565e3e19671fae3fc65799f6", "43f9d6d4c3ab089052a39c9f26360c533390f1de5e297cac1d22db4ddbe885f9", "4d0461dc7dcbc4ef89e7fa7f391b40309ca0544112511fe9acb19d57b3d262e3", "66c875f739c0a053e199fe7087630ab566686eef2ecf18ab807f577bb61b3c43", "66f684e5e2db840156a6c2d48b927bff9affb2da3b470e2755486ad44f1ea589", "687e9c7b5e3641dea44df6592a5601dab1aa659facba415fbebaae83db37b50b", "6c812c6bd7e2f641c3b1e309510841759690c66df67c118693c239752b03f6b4", "770788592bd5c473ac428057c58a26b31a522aed62fd4862c863c31b6ee8a347", "86891b7bec3a856e22137362efcaf955452686a950b545943a082683aec32db6", "8974024a1a3062076484ad6c6091b193940d1009d1534ff468d285ed1d647744", "8e5297c9450cb307302dd88be7c1846ff34ba1ce2f94f20b0edc949e2cbd86ec", "8e8b95696a72f4048474132a4fbbd9caa6c2e3a39501f523e48ebe65bc542f37", "925e60ead73bbd8000e8bf8858bdd23e6d800a292127f7a48d85cb72e2ebf154"], "host": "n[.]yxntnyrap[.]ru"}, {"hashes": ["02c1fe4bff0b944b8a24c35c165601bc7093a2897502ed76339bf223a2e22f82", "05a271b6a5a32cf561640fa6228ecb78ce9ff13611d6c618efb48721cb618961", "0a8e589f74b44031e8d0b94f8033cd942037eb26db6975ebd3fc789100391467", "1025cd12d003a503435a11e1895155e3dac8102b8925af75a116e229dbc8872f", "136808800e80d3a17169a14cb6d4037795ae1ac603e9e94f3176e395456d414d", "1ccd0791516841b7ba7d1a96a9eb64769f0a1c6e80b7c1795d3539b7e147f9c9", "1fbcb9a9b3809d4a2912e33e6d81da4cfaa39b0e98798524038c4efc1f7029bc", "20778098c7dc13af998594df8a92dc8ecf7d285549de0a57c8de62b3c027aa53", "2951c2b198fc106c8b69701b7fc8fa455614c20fbb1da0e52ff61fd987a1df37", "33a91fae1833f6b8af5d267435bc603ef6e764de4de71bae4d8b96022dced505", "421ab44e6b82e1a7738c4d5c8061f4e77162c0b82e0f54e3420191bb3289a4e8", "43c92c29429065668f1dcc5b0a76a0dba668c9e1565e3e19671fae3fc65799f6", "43f9d6d4c3ab089052a39c9f26360c533390f1de5e297cac1d22db4ddbe885f9", "4d0461dc7dcbc4ef89e7fa7f391b40309ca0544112511fe9acb19d57b3d262e3", "66c875f739c0a053e199fe7087630ab566686eef2ecf18ab807f577bb61b3c43", "66f684e5e2db840156a6c2d48b927bff9affb2da3b470e2755486ad44f1ea589", "687e9c7b5e3641dea44df6592a5601dab1aa659facba415fbebaae83db37b50b", "6c812c6bd7e2f641c3b1e309510841759690c66df67c118693c239752b03f6b4", "770788592bd5c473ac428057c58a26b31a522aed62fd4862c863c31b6ee8a347", "86891b7bec3a856e22137362efcaf955452686a950b545943a082683aec32db6", "8974024a1a3062076484ad6c6091b193940d1009d1534ff468d285ed1d647744", "8e5297c9450cb307302dd88be7c1846ff34ba1ce2f94f20b0edc949e2cbd86ec", "8e8b95696a72f4048474132a4fbbd9caa6c2e3a39501f523e48ebe65bc542f37", "925e60ead73bbd8000e8bf8858bdd23e6d800a292127f7a48d85cb72e2ebf154"], "host": "n[.]zhgcuntif[.]ru"}, {"hashes": ["02c1fe4bff0b944b8a24c35c165601bc7093a2897502ed76339bf223a2e22f82", "05a271b6a5a32cf561640fa6228ecb78ce9ff13611d6c618efb48721cb618961", "0a8e589f74b44031e8d0b94f8033cd942037eb26db6975ebd3fc789100391467", "1025cd12d003a503435a11e1895155e3dac8102b8925af75a116e229dbc8872f", "136808800e80d3a17169a14cb6d4037795ae1ac603e9e94f3176e395456d414d", "1ccd0791516841b7ba7d1a96a9eb64769f0a1c6e80b7c1795d3539b7e147f9c9", "20778098c7dc13af998594df8a92dc8ecf7d285549de0a57c8de62b3c027aa53", "2951c2b198fc106c8b69701b7fc8fa455614c20fbb1da0e52ff61fd987a1df37", "33a91fae1833f6b8af5d267435bc603ef6e764de4de71bae4d8b96022dced505", "421ab44e6b82e1a7738c4d5c8061f4e77162c0b82e0f54e3420191bb3289a4e8", "43c92c29429065668f1dcc5b0a76a0dba668c9e1565e3e19671fae3fc65799f6", "43f9d6d4c3ab089052a39c9f26360c533390f1de5e297cac1d22db4ddbe885f9", "4d0461dc7dcbc4ef89e7fa7f391b40309ca0544112511fe9acb19d57b3d262e3", "66c875f739c0a053e199fe7087630ab566686eef2ecf18ab807f577bb61b3c43", "66f684e5e2db840156a6c2d48b927bff9affb2da3b470e2755486ad44f1ea589", "687e9c7b5e3641dea44df6592a5601dab1aa659facba415fbebaae83db37b50b", "6c812c6bd7e2f641c3b1e309510841759690c66df67c118693c239752b03f6b4", "86891b7bec3a856e22137362efcaf955452686a950b545943a082683aec32db6", "8e5297c9450cb307302dd88be7c1846ff34ba1ce2f94f20b0edc949e2cbd86ec", "8e8b95696a72f4048474132a4fbbd9caa6c2e3a39501f523e48ebe65bc542f37", "925e60ead73bbd8000e8bf8858bdd23e6d800a292127f7a48d85cb72e2ebf154"], "host": "n[.]aoyylwyxd[.]ru"}, {"hashes": ["0a8e589f74b44031e8d0b94f8033cd942037eb26db6975ebd3fc789100391467", "1025cd12d003a503435a11e1895155e3dac8102b8925af75a116e229dbc8872f", "33a91fae1833f6b8af5d267435bc603ef6e764de4de71bae4d8b96022dced505", "43f9d6d4c3ab089052a39c9f26360c533390f1de5e297cac1d22db4ddbe885f9", "66c875f739c0a053e199fe7087630ab566686eef2ecf18ab807f577bb61b3c43", "687e9c7b5e3641dea44df6592a5601dab1aa659facba415fbebaae83db37b50b"], "host": "n[.]kvupdstwh[.]ru"}], "file": [{"hashes": ["02c1fe4bff0b944b8a24c35c165601bc7093a2897502ed76339bf223a2e22f82", "05a271b6a5a32cf561640fa6228ecb78ce9ff13611d6c618efb48721cb618961", "0a8e589f74b44031e8d0b94f8033cd942037eb26db6975ebd3fc789100391467", "1025cd12d003a503435a11e1895155e3dac8102b8925af75a116e229dbc8872f", "136808800e80d3a17169a14cb6d4037795ae1ac603e9e94f3176e395456d414d", "1ccd0791516841b7ba7d1a96a9eb64769f0a1c6e80b7c1795d3539b7e147f9c9", "1fbcb9a9b3809d4a2912e33e6d81da4cfaa39b0e98798524038c4efc1f7029bc", "20778098c7dc13af998594df8a92dc8ecf7d285549de0a57c8de62b3c027aa53", "2951c2b198fc106c8b69701b7fc8fa455614c20fbb1da0e52ff61fd987a1df37", "33a91fae1833f6b8af5d267435bc603ef6e764de4de71bae4d8b96022dced505", "421ab44e6b82e1a7738c4d5c8061f4e77162c0b82e0f54e3420191bb3289a4e8", "43c92c29429065668f1dcc5b0a76a0dba668c9e1565e3e19671fae3fc65799f6", "43f9d6d4c3ab089052a39c9f26360c533390f1de5e297cac1d22db4ddbe885f9", "4d0461dc7dcbc4ef89e7fa7f391b40309ca0544112511fe9acb19d57b3d262e3", "66c875f739c0a053e199fe7087630ab566686eef2ecf18ab807f577bb61b3c43", "66f684e5e2db840156a6c2d48b927bff9affb2da3b470e2755486ad44f1ea589", "687e9c7b5e3641dea44df6592a5601dab1aa659facba415fbebaae83db37b50b", "6c812c6bd7e2f641c3b1e309510841759690c66df67c118693c239752b03f6b4", "770788592bd5c473ac428057c58a26b31a522aed62fd4862c863c31b6ee8a347", "86891b7bec3a856e22137362efcaf955452686a950b545943a082683aec32db6", "8974024a1a3062076484ad6c6091b193940d1009d1534ff468d285ed1d647744", "8e5297c9450cb307302dd88be7c1846ff34ba1ce2f94f20b0edc949e2cbd86ec", "8e8b95696a72f4048474132a4fbbd9caa6c2e3a39501f523e48ebe65bc542f37", "925e60ead73bbd8000e8bf8858bdd23e6d800a292127f7a48d85cb72e2ebf154"], "path": "\\$RECYCLE.BIN.lnk"}, {"hashes": ["02c1fe4bff0b944b8a24c35c165601bc7093a2897502ed76339bf223a2e22f82", "05a271b6a5a32cf561640fa6228ecb78ce9ff13611d6c618efb48721cb618961", "0a8e589f74b44031e8d0b94f8033cd942037eb26db6975ebd3fc789100391467", "1025cd12d003a503435a11e1895155e3dac8102b8925af75a116e229dbc8872f", "136808800e80d3a17169a14cb6d4037795ae1ac603e9e94f3176e395456d414d", "1ccd0791516841b7ba7d1a96a9eb64769f0a1c6e80b7c1795d3539b7e147f9c9", "1fbcb9a9b3809d4a2912e33e6d81da4cfaa39b0e98798524038c4efc1f7029bc", "20778098c7dc13af998594df8a92dc8ecf7d285549de0a57c8de62b3c027aa53", "2951c2b198fc106c8b69701b7fc8fa455614c20fbb1da0e52ff61fd987a1df37", "33a91fae1833f6b8af5d267435bc603ef6e764de4de71bae4d8b96022dced505", "421ab44e6b82e1a7738c4d5c8061f4e77162c0b82e0f54e3420191bb3289a4e8", "43c92c29429065668f1dcc5b0a76a0dba668c9e1565e3e19671fae3fc65799f6", "43f9d6d4c3ab089052a39c9f26360c533390f1de5e297cac1d22db4ddbe885f9", "4d0461dc7dcbc4ef89e7fa7f391b40309ca0544112511fe9acb19d57b3d262e3", "66c875f739c0a053e199fe7087630ab566686eef2ecf18ab807f577bb61b3c43", "66f684e5e2db840156a6c2d48b927bff9affb2da3b470e2755486ad44f1ea589", "687e9c7b5e3641dea44df6592a5601dab1aa659facba415fbebaae83db37b50b", "6c812c6bd7e2f641c3b1e309510841759690c66df67c118693c239752b03f6b4", "770788592bd5c473ac428057c58a26b31a522aed62fd4862c863c31b6ee8a347", "86891b7bec3a856e22137362efcaf955452686a950b545943a082683aec32db6", "8974024a1a3062076484ad6c6091b193940d1009d1534ff468d285ed1d647744", "8e5297c9450cb307302dd88be7c1846ff34ba1ce2f94f20b0edc949e2cbd86ec", "8e8b95696a72f4048474132a4fbbd9caa6c2e3a39501f523e48ebe65bc542f37", "925e60ead73bbd8000e8bf8858bdd23e6d800a292127f7a48d85cb72e2ebf154"], "path": "\\System_Volume_Information.lnk"}, {"hashes": ["02c1fe4bff0b944b8a24c35c165601bc7093a2897502ed76339bf223a2e22f82", "05a271b6a5a32cf561640fa6228ecb78ce9ff13611d6c618efb48721cb618961", "0a8e589f74b44031e8d0b94f8033cd942037eb26db6975ebd3fc789100391467", "1025cd12d003a503435a11e1895155e3dac8102b8925af75a116e229dbc8872f", "136808800e80d3a17169a14cb6d4037795ae1ac603e9e94f3176e395456d414d", "1ccd0791516841b7ba7d1a96a9eb64769f0a1c6e80b7c1795d3539b7e147f9c9", "1fbcb9a9b3809d4a2912e33e6d81da4cfaa39b0e98798524038c4efc1f7029bc", "20778098c7dc13af998594df8a92dc8ecf7d285549de0a57c8de62b3c027aa53", "2951c2b198fc106c8b69701b7fc8fa455614c20fbb1da0e52ff61fd987a1df37", "33a91fae1833f6b8af5d267435bc603ef6e764de4de71bae4d8b96022dced505", "421ab44e6b82e1a7738c4d5c8061f4e77162c0b82e0f54e3420191bb3289a4e8", "43c92c29429065668f1dcc5b0a76a0dba668c9e1565e3e19671fae3fc65799f6", "43f9d6d4c3ab089052a39c9f26360c533390f1de5e297cac1d22db4ddbe885f9", "4d0461dc7dcbc4ef89e7fa7f391b40309ca0544112511fe9acb19d57b3d262e3", "66c875f739c0a053e199fe7087630ab566686eef2ecf18ab807f577bb61b3c43", "66f684e5e2db840156a6c2d48b927bff9affb2da3b470e2755486ad44f1ea589", "687e9c7b5e3641dea44df6592a5601dab1aa659facba415fbebaae83db37b50b", "6c812c6bd7e2f641c3b1e309510841759690c66df67c118693c239752b03f6b4", "770788592bd5c473ac428057c58a26b31a522aed62fd4862c863c31b6ee8a347", "86891b7bec3a856e22137362efcaf955452686a950b545943a082683aec32db6", "8974024a1a3062076484ad6c6091b193940d1009d1534ff468d285ed1d647744", "8e5297c9450cb307302dd88be7c1846ff34ba1ce2f94f20b0edc949e2cbd86ec", "8e8b95696a72f4048474132a4fbbd9caa6c2e3a39501f523e48ebe65bc542f37", "925e60ead73bbd8000e8bf8858bdd23e6d800a292127f7a48d85cb72e2ebf154"], "path": "\\jsdrpAj.exe"}, {"hashes": ["02c1fe4bff0b944b8a24c35c165601bc7093a2897502ed76339bf223a2e22f82", "05a271b6a5a32cf561640fa6228ecb78ce9ff13611d6c618efb48721cb618961", "0a8e589f74b44031e8d0b94f8033cd942037eb26db6975ebd3fc789100391467", "1025cd12d003a503435a11e1895155e3dac8102b8925af75a116e229dbc8872f", "136808800e80d3a17169a14cb6d4037795ae1ac603e9e94f3176e395456d414d", "1ccd0791516841b7ba7d1a96a9eb64769f0a1c6e80b7c1795d3539b7e147f9c9", "1fbcb9a9b3809d4a2912e33e6d81da4cfaa39b0e98798524038c4efc1f7029bc", "20778098c7dc13af998594df8a92dc8ecf7d285549de0a57c8de62b3c027aa53", "2951c2b198fc106c8b69701b7fc8fa455614c20fbb1da0e52ff61fd987a1df37", "33a91fae1833f6b8af5d267435bc603ef6e764de4de71bae4d8b96022dced505", "421ab44e6b82e1a7738c4d5c8061f4e77162c0b82e0f54e3420191bb3289a4e8", "43c92c29429065668f1dcc5b0a76a0dba668c9e1565e3e19671fae3fc65799f6", "43f9d6d4c3ab089052a39c9f26360c533390f1de5e297cac1d22db4ddbe885f9", "4d0461dc7dcbc4ef89e7fa7f391b40309ca0544112511fe9acb19d57b3d262e3", "66c875f739c0a053e199fe7087630ab566686eef2ecf18ab807f577bb61b3c43", "66f684e5e2db840156a6c2d48b927bff9affb2da3b470e2755486ad44f1ea589", "687e9c7b5e3641dea44df6592a5601dab1aa659facba415fbebaae83db37b50b", "6c812c6bd7e2f641c3b1e309510841759690c66df67c118693c239752b03f6b4", "770788592bd5c473ac428057c58a26b31a522aed62fd4862c863c31b6ee8a347", "86891b7bec3a856e22137362efcaf955452686a950b545943a082683aec32db6", "8974024a1a3062076484ad6c6091b193940d1009d1534ff468d285ed1d647744", "8e5297c9450cb307302dd88be7c1846ff34ba1ce2f94f20b0edc949e2cbd86ec", "8e8b95696a72f4048474132a4fbbd9caa6c2e3a39501f523e48ebe65bc542f37", "925e60ead73bbd8000e8bf8858bdd23e6d800a292127f7a48d85cb72e2ebf154"], "path": "E:\\$RECYCLE.BIN.lnk"}, {"hashes": ["02c1fe4bff0b944b8a24c35c165601bc7093a2897502ed76339bf223a2e22f82", "05a271b6a5a32cf561640fa6228ecb78ce9ff13611d6c618efb48721cb618961", "0a8e589f74b44031e8d0b94f8033cd942037eb26db6975ebd3fc789100391467", "1025cd12d003a503435a11e1895155e3dac8102b8925af75a116e229dbc8872f", "136808800e80d3a17169a14cb6d4037795ae1ac603e9e94f3176e395456d414d", "1ccd0791516841b7ba7d1a96a9eb64769f0a1c6e80b7c1795d3539b7e147f9c9", "1fbcb9a9b3809d4a2912e33e6d81da4cfaa39b0e98798524038c4efc1f7029bc", "20778098c7dc13af998594df8a92dc8ecf7d285549de0a57c8de62b3c027aa53", "2951c2b198fc106c8b69701b7fc8fa455614c20fbb1da0e52ff61fd987a1df37", "33a91fae1833f6b8af5d267435bc603ef6e764de4de71bae4d8b96022dced505", "421ab44e6b82e1a7738c4d5c8061f4e77162c0b82e0f54e3420191bb3289a4e8", "43c92c29429065668f1dcc5b0a76a0dba668c9e1565e3e19671fae3fc65799f6", "43f9d6d4c3ab089052a39c9f26360c533390f1de5e297cac1d22db4ddbe885f9", "4d0461dc7dcbc4ef89e7fa7f391b40309ca0544112511fe9acb19d57b3d262e3", "66c875f739c0a053e199fe7087630ab566686eef2ecf18ab807f577bb61b3c43", "66f684e5e2db840156a6c2d48b927bff9affb2da3b470e2755486ad44f1ea589", "687e9c7b5e3641dea44df6592a5601dab1aa659facba415fbebaae83db37b50b", "6c812c6bd7e2f641c3b1e309510841759690c66df67c118693c239752b03f6b4", "770788592bd5c473ac428057c58a26b31a522aed62fd4862c863c31b6ee8a347", "86891b7bec3a856e22137362efcaf955452686a950b545943a082683aec32db6", "8974024a1a3062076484ad6c6091b193940d1009d1534ff468d285ed1d647744", "8e5297c9450cb307302dd88be7c1846ff34ba1ce2f94f20b0edc949e2cbd86ec", "8e8b95696a72f4048474132a4fbbd9caa6c2e3a39501f523e48ebe65bc542f37", "925e60ead73bbd8000e8bf8858bdd23e6d800a292127f7a48d85cb72e2ebf154"], "path": "%APPDATA%\\Microsoft\\Windows\\themes\\Eoawaa.exe"}, {"hashes": ["02c1fe4bff0b944b8a24c35c165601bc7093a2897502ed76339bf223a2e22f82", "05a271b6a5a32cf561640fa6228ecb78ce9ff13611d6c618efb48721cb618961", "0a8e589f74b44031e8d0b94f8033cd942037eb26db6975ebd3fc789100391467", "1025cd12d003a503435a11e1895155e3dac8102b8925af75a116e229dbc8872f", "136808800e80d3a17169a14cb6d4037795ae1ac603e9e94f3176e395456d414d", "1ccd0791516841b7ba7d1a96a9eb64769f0a1c6e80b7c1795d3539b7e147f9c9", "1fbcb9a9b3809d4a2912e33e6d81da4cfaa39b0e98798524038c4efc1f7029bc", "20778098c7dc13af998594df8a92dc8ecf7d285549de0a57c8de62b3c027aa53", "2951c2b198fc106c8b69701b7fc8fa455614c20fbb1da0e52ff61fd987a1df37", "33a91fae1833f6b8af5d267435bc603ef6e764de4de71bae4d8b96022dced505", "421ab44e6b82e1a7738c4d5c8061f4e77162c0b82e0f54e3420191bb3289a4e8", "43c92c29429065668f1dcc5b0a76a0dba668c9e1565e3e19671fae3fc65799f6", "43f9d6d4c3ab089052a39c9f26360c533390f1de5e297cac1d22db4ddbe885f9", "4d0461dc7dcbc4ef89e7fa7f391b40309ca0544112511fe9acb19d57b3d262e3", "66c875f739c0a053e199fe7087630ab566686eef2ecf18ab807f577bb61b3c43", "66f684e5e2db840156a6c2d48b927bff9affb2da3b470e2755486ad44f1ea589", "687e9c7b5e3641dea44df6592a5601dab1aa659facba415fbebaae83db37b50b", "6c812c6bd7e2f641c3b1e309510841759690c66df67c118693c239752b03f6b4", "770788592bd5c473ac428057c58a26b31a522aed62fd4862c863c31b6ee8a347", "86891b7bec3a856e22137362efcaf955452686a950b545943a082683aec32db6", "8974024a1a3062076484ad6c6091b193940d1009d1534ff468d285ed1d647744", "8e5297c9450cb307302dd88be7c1846ff34ba1ce2f94f20b0edc949e2cbd86ec", "8e8b95696a72f4048474132a4fbbd9caa6c2e3a39501f523e48ebe65bc542f37", "925e60ead73bbd8000e8bf8858bdd23e6d800a292127f7a48d85cb72e2ebf154"], "path": "E:\\System_Volume_Information.lnk"}, {"hashes": ["02c1fe4bff0b944b8a24c35c165601bc7093a2897502ed76339bf223a2e22f82", "05a271b6a5a32cf561640fa6228ecb78ce9ff13611d6c618efb48721cb618961", "0a8e589f74b44031e8d0b94f8033cd942037eb26db6975ebd3fc789100391467", "1025cd12d003a503435a11e1895155e3dac8102b8925af75a116e229dbc8872f", "136808800e80d3a17169a14cb6d4037795ae1ac603e9e94f3176e395456d414d", "1ccd0791516841b7ba7d1a96a9eb64769f0a1c6e80b7c1795d3539b7e147f9c9", "1fbcb9a9b3809d4a2912e33e6d81da4cfaa39b0e98798524038c4efc1f7029bc", "20778098c7dc13af998594df8a92dc8ecf7d285549de0a57c8de62b3c027aa53", "2951c2b198fc106c8b69701b7fc8fa455614c20fbb1da0e52ff61fd987a1df37", "33a91fae1833f6b8af5d267435bc603ef6e764de4de71bae4d8b96022dced505", "421ab44e6b82e1a7738c4d5c8061f4e77162c0b82e0f54e3420191bb3289a4e8", "43c92c29429065668f1dcc5b0a76a0dba668c9e1565e3e19671fae3fc65799f6", "43f9d6d4c3ab089052a39c9f26360c533390f1de5e297cac1d22db4ddbe885f9", "4d0461dc7dcbc4ef89e7fa7f391b40309ca0544112511fe9acb19d57b3d262e3", "66c875f739c0a053e199fe7087630ab566686eef2ecf18ab807f577bb61b3c43", "66f684e5e2db840156a6c2d48b927bff9affb2da3b470e2755486ad44f1ea589", "687e9c7b5e3641dea44df6592a5601dab1aa659facba415fbebaae83db37b50b", "6c812c6bd7e2f641c3b1e309510841759690c66df67c118693c239752b03f6b4", "770788592bd5c473ac428057c58a26b31a522aed62fd4862c863c31b6ee8a347", "86891b7bec3a856e22137362efcaf955452686a950b545943a082683aec32db6", "8974024a1a3062076484ad6c6091b193940d1009d1534ff468d285ed1d647744", "8e5297c9450cb307302dd88be7c1846ff34ba1ce2f94f20b0edc949e2cbd86ec", "8e8b95696a72f4048474132a4fbbd9caa6c2e3a39501f523e48ebe65bc542f37", "925e60ead73bbd8000e8bf8858bdd23e6d800a292127f7a48d85cb72e2ebf154"], "path": "E:\\c731200"}, {"hashes": ["02c1fe4bff0b944b8a24c35c165601bc7093a2897502ed76339bf223a2e22f82", "05a271b6a5a32cf561640fa6228ecb78ce9ff13611d6c618efb48721cb618961", "0a8e589f74b44031e8d0b94f8033cd942037eb26db6975ebd3fc789100391467", "1025cd12d003a503435a11e1895155e3dac8102b8925af75a116e229dbc8872f", "136808800e80d3a17169a14cb6d4037795ae1ac603e9e94f3176e395456d414d", "1ccd0791516841b7ba7d1a96a9eb64769f0a1c6e80b7c1795d3539b7e147f9c9", "1fbcb9a9b3809d4a2912e33e6d81da4cfaa39b0e98798524038c4efc1f7029bc", "20778098c7dc13af998594df8a92dc8ecf7d285549de0a57c8de62b3c027aa53", "2951c2b198fc106c8b69701b7fc8fa455614c20fbb1da0e52ff61fd987a1df37", "33a91fae1833f6b8af5d267435bc603ef6e764de4de71bae4d8b96022dced505", "421ab44e6b82e1a7738c4d5c8061f4e77162c0b82e0f54e3420191bb3289a4e8", "43c92c29429065668f1dcc5b0a76a0dba668c9e1565e3e19671fae3fc65799f6", "43f9d6d4c3ab089052a39c9f26360c533390f1de5e297cac1d22db4ddbe885f9", "4d0461dc7dcbc4ef89e7fa7f391b40309ca0544112511fe9acb19d57b3d262e3", "66c875f739c0a053e199fe7087630ab566686eef2ecf18ab807f577bb61b3c43", "66f684e5e2db840156a6c2d48b927bff9affb2da3b470e2755486ad44f1ea589", "687e9c7b5e3641dea44df6592a5601dab1aa659facba415fbebaae83db37b50b", "6c812c6bd7e2f641c3b1e309510841759690c66df67c118693c239752b03f6b4", "770788592bd5c473ac428057c58a26b31a522aed62fd4862c863c31b6ee8a347", "86891b7bec3a856e22137362efcaf955452686a950b545943a082683aec32db6", "8974024a1a3062076484ad6c6091b193940d1009d1534ff468d285ed1d647744", "8e5297c9450cb307302dd88be7c1846ff34ba1ce2f94f20b0edc949e2cbd86ec", "8e8b95696a72f4048474132a4fbbd9caa6c2e3a39501f523e48ebe65bc542f37", "925e60ead73bbd8000e8bf8858bdd23e6d800a292127f7a48d85cb72e2ebf154"], "path": "E:\\jsdrpAj.exe"}, {"hashes": ["02c1fe4bff0b944b8a24c35c165601bc7093a2897502ed76339bf223a2e22f82", "05a271b6a5a32cf561640fa6228ecb78ce9ff13611d6c618efb48721cb618961", "0a8e589f74b44031e8d0b94f8033cd942037eb26db6975ebd3fc789100391467", "1025cd12d003a503435a11e1895155e3dac8102b8925af75a116e229dbc8872f", "136808800e80d3a17169a14cb6d4037795ae1ac603e9e94f3176e395456d414d", "1ccd0791516841b7ba7d1a96a9eb64769f0a1c6e80b7c1795d3539b7e147f9c9", "1fbcb9a9b3809d4a2912e33e6d81da4cfaa39b0e98798524038c4efc1f7029bc", "20778098c7dc13af998594df8a92dc8ecf7d285549de0a57c8de62b3c027aa53", "2951c2b198fc106c8b69701b7fc8fa455614c20fbb1da0e52ff61fd987a1df37", "33a91fae1833f6b8af5d267435bc603ef6e764de4de71bae4d8b96022dced505", "421ab44e6b82e1a7738c4d5c8061f4e77162c0b82e0f54e3420191bb3289a4e8", "43c92c29429065668f1dcc5b0a76a0dba668c9e1565e3e19671fae3fc65799f6", "43f9d6d4c3ab089052a39c9f26360c533390f1de5e297cac1d22db4ddbe885f9", "4d0461dc7dcbc4ef89e7fa7f391b40309ca0544112511fe9acb19d57b3d262e3", "66c875f739c0a053e199fe7087630ab566686eef2ecf18ab807f577bb61b3c43", "66f684e5e2db840156a6c2d48b927bff9affb2da3b470e2755486ad44f1ea589", "687e9c7b5e3641dea44df6592a5601dab1aa659facba415fbebaae83db37b50b", "6c812c6bd7e2f641c3b1e309510841759690c66df67c118693c239752b03f6b4", "770788592bd5c473ac428057c58a26b31a522aed62fd4862c863c31b6ee8a347", "86891b7bec3a856e22137362efcaf955452686a950b545943a082683aec32db6", "8974024a1a3062076484ad6c6091b193940d1009d1534ff468d285ed1d647744", "8e5297c9450cb307302dd88be7c1846ff34ba1ce2f94f20b0edc949e2cbd86ec", "8e8b95696a72f4048474132a4fbbd9caa6c2e3a39501f523e48ebe65bc542f37", "925e60ead73bbd8000e8bf8858bdd23e6d800a292127f7a48d85cb72e2ebf154"], "path": "%APPDATA%\\Update"}, {"hashes": ["02c1fe4bff0b944b8a24c35c165601bc7093a2897502ed76339bf223a2e22f82", "05a271b6a5a32cf561640fa6228ecb78ce9ff13611d6c618efb48721cb618961", "0a8e589f74b44031e8d0b94f8033cd942037eb26db6975ebd3fc789100391467", "1025cd12d003a503435a11e1895155e3dac8102b8925af75a116e229dbc8872f", "136808800e80d3a17169a14cb6d4037795ae1ac603e9e94f3176e395456d414d", "1ccd0791516841b7ba7d1a96a9eb64769f0a1c6e80b7c1795d3539b7e147f9c9", "1fbcb9a9b3809d4a2912e33e6d81da4cfaa39b0e98798524038c4efc1f7029bc", "20778098c7dc13af998594df8a92dc8ecf7d285549de0a57c8de62b3c027aa53", "2951c2b198fc106c8b69701b7fc8fa455614c20fbb1da0e52ff61fd987a1df37", "33a91fae1833f6b8af5d267435bc603ef6e764de4de71bae4d8b96022dced505", "421ab44e6b82e1a7738c4d5c8061f4e77162c0b82e0f54e3420191bb3289a4e8", "43c92c29429065668f1dcc5b0a76a0dba668c9e1565e3e19671fae3fc65799f6", "43f9d6d4c3ab089052a39c9f26360c533390f1de5e297cac1d22db4ddbe885f9", "4d0461dc7dcbc4ef89e7fa7f391b40309ca0544112511fe9acb19d57b3d262e3", "66c875f739c0a053e199fe7087630ab566686eef2ecf18ab807f577bb61b3c43", "66f684e5e2db840156a6c2d48b927bff9affb2da3b470e2755486ad44f1ea589", "687e9c7b5e3641dea44df6592a5601dab1aa659facba415fbebaae83db37b50b", "6c812c6bd7e2f641c3b1e309510841759690c66df67c118693c239752b03f6b4", "770788592bd5c473ac428057c58a26b31a522aed62fd4862c863c31b6ee8a347", "86891b7bec3a856e22137362efcaf955452686a950b545943a082683aec32db6", "8974024a1a3062076484ad6c6091b193940d1009d1534ff468d285ed1d647744", "8e5297c9450cb307302dd88be7c1846ff34ba1ce2f94f20b0edc949e2cbd86ec", "8e8b95696a72f4048474132a4fbbd9caa6c2e3a39501f523e48ebe65bc542f37", "925e60ead73bbd8000e8bf8858bdd23e6d800a292127f7a48d85cb72e2ebf154"], "path": "%APPDATA%\\Update\\Explorer.exe"}, {"hashes": ["02c1fe4bff0b944b8a24c35c165601bc7093a2897502ed76339bf223a2e22f82", "05a271b6a5a32cf561640fa6228ecb78ce9ff13611d6c618efb48721cb618961", "0a8e589f74b44031e8d0b94f8033cd942037eb26db6975ebd3fc789100391467", "1025cd12d003a503435a11e1895155e3dac8102b8925af75a116e229dbc8872f", "136808800e80d3a17169a14cb6d4037795ae1ac603e9e94f3176e395456d414d", "1ccd0791516841b7ba7d1a96a9eb64769f0a1c6e80b7c1795d3539b7e147f9c9", "1fbcb9a9b3809d4a2912e33e6d81da4cfaa39b0e98798524038c4efc1f7029bc", "20778098c7dc13af998594df8a92dc8ecf7d285549de0a57c8de62b3c027aa53", "2951c2b198fc106c8b69701b7fc8fa455614c20fbb1da0e52ff61fd987a1df37", "33a91fae1833f6b8af5d267435bc603ef6e764de4de71bae4d8b96022dced505", "421ab44e6b82e1a7738c4d5c8061f4e77162c0b82e0f54e3420191bb3289a4e8", "43c92c29429065668f1dcc5b0a76a0dba668c9e1565e3e19671fae3fc65799f6", "43f9d6d4c3ab089052a39c9f26360c533390f1de5e297cac1d22db4ddbe885f9", "4d0461dc7dcbc4ef89e7fa7f391b40309ca0544112511fe9acb19d57b3d262e3", "66c875f739c0a053e199fe7087630ab566686eef2ecf18ab807f577bb61b3c43", "66f684e5e2db840156a6c2d48b927bff9affb2da3b470e2755486ad44f1ea589", "687e9c7b5e3641dea44df6592a5601dab1aa659facba415fbebaae83db37b50b", "6c812c6bd7e2f641c3b1e309510841759690c66df67c118693c239752b03f6b4", "770788592bd5c473ac428057c58a26b31a522aed62fd4862c863c31b6ee8a347", "86891b7bec3a856e22137362efcaf955452686a950b545943a082683aec32db6", "8974024a1a3062076484ad6c6091b193940d1009d1534ff468d285ed1d647744", "8e5297c9450cb307302dd88be7c1846ff34ba1ce2f94f20b0edc949e2cbd86ec", "8e8b95696a72f4048474132a4fbbd9caa6c2e3a39501f523e48ebe65bc542f37", "925e60ead73bbd8000e8bf8858bdd23e6d800a292127f7a48d85cb72e2ebf154"], "path": "%APPDATA%\\Update\\Update.exe"}, {"hashes": ["02c1fe4bff0b944b8a24c35c165601bc7093a2897502ed76339bf223a2e22f82", "05a271b6a5a32cf561640fa6228ecb78ce9ff13611d6c618efb48721cb618961", "0a8e589f74b44031e8d0b94f8033cd942037eb26db6975ebd3fc789100391467", "1025cd12d003a503435a11e1895155e3dac8102b8925af75a116e229dbc8872f", "136808800e80d3a17169a14cb6d4037795ae1ac603e9e94f3176e395456d414d", "1ccd0791516841b7ba7d1a96a9eb64769f0a1c6e80b7c1795d3539b7e147f9c9", "1fbcb9a9b3809d4a2912e33e6d81da4cfaa39b0e98798524038c4efc1f7029bc", "20778098c7dc13af998594df8a92dc8ecf7d285549de0a57c8de62b3c027aa53", "2951c2b198fc106c8b69701b7fc8fa455614c20fbb1da0e52ff61fd987a1df37", "33a91fae1833f6b8af5d267435bc603ef6e764de4de71bae4d8b96022dced505", "421ab44e6b82e1a7738c4d5c8061f4e77162c0b82e0f54e3420191bb3289a4e8", "43c92c29429065668f1dcc5b0a76a0dba668c9e1565e3e19671fae3fc65799f6", "43f9d6d4c3ab089052a39c9f26360c533390f1de5e297cac1d22db4ddbe885f9", "4d0461dc7dcbc4ef89e7fa7f391b40309ca0544112511fe9acb19d57b3d262e3", "66c875f739c0a053e199fe7087630ab566686eef2ecf18ab807f577bb61b3c43", "66f684e5e2db840156a6c2d48b927bff9affb2da3b470e2755486ad44f1ea589", "687e9c7b5e3641dea44df6592a5601dab1aa659facba415fbebaae83db37b50b", "6c812c6bd7e2f641c3b1e309510841759690c66df67c118693c239752b03f6b4", "770788592bd5c473ac428057c58a26b31a522aed62fd4862c863c31b6ee8a347", "86891b7bec3a856e22137362efcaf955452686a950b545943a082683aec32db6", "8974024a1a3062076484ad6c6091b193940d1009d1534ff468d285ed1d647744", "8e5297c9450cb307302dd88be7c1846ff34ba1ce2f94f20b0edc949e2cbd86ec", "8e8b95696a72f4048474132a4fbbd9caa6c2e3a39501f523e48ebe65bc542f37", "925e60ead73bbd8000e8bf8858bdd23e6d800a292127f7a48d85cb72e2ebf154"], "path": "%APPDATA%\\WindowsUpdate"}, {"hashes": ["02c1fe4bff0b944b8a24c35c165601bc7093a2897502ed76339bf223a2e22f82", "05a271b6a5a32cf561640fa6228ecb78ce9ff13611d6c618efb48721cb618961", "0a8e589f74b44031e8d0b94f8033cd942037eb26db6975ebd3fc789100391467", "1025cd12d003a503435a11e1895155e3dac8102b8925af75a116e229dbc8872f", "136808800e80d3a17169a14cb6d4037795ae1ac603e9e94f3176e395456d414d", "1ccd0791516841b7ba7d1a96a9eb64769f0a1c6e80b7c1795d3539b7e147f9c9", "1fbcb9a9b3809d4a2912e33e6d81da4cfaa39b0e98798524038c4efc1f7029bc", "20778098c7dc13af998594df8a92dc8ecf7d285549de0a57c8de62b3c027aa53", "2951c2b198fc106c8b69701b7fc8fa455614c20fbb1da0e52ff61fd987a1df37", "33a91fae1833f6b8af5d267435bc603ef6e764de4de71bae4d8b96022dced505", "421ab44e6b82e1a7738c4d5c8061f4e77162c0b82e0f54e3420191bb3289a4e8", "43c92c29429065668f1dcc5b0a76a0dba668c9e1565e3e19671fae3fc65799f6", "43f9d6d4c3ab089052a39c9f26360c533390f1de5e297cac1d22db4ddbe885f9", "4d0461dc7dcbc4ef89e7fa7f391b40309ca0544112511fe9acb19d57b3d262e3", "66c875f739c0a053e199fe7087630ab566686eef2ecf18ab807f577bb61b3c43", "66f684e5e2db840156a6c2d48b927bff9affb2da3b470e2755486ad44f1ea589", "687e9c7b5e3641dea44df6592a5601dab1aa659facba415fbebaae83db37b50b", "6c812c6bd7e2f641c3b1e309510841759690c66df67c118693c239752b03f6b4", "770788592bd5c473ac428057c58a26b31a522aed62fd4862c863c31b6ee8a347", "86891b7bec3a856e22137362efcaf955452686a950b545943a082683aec32db6", "8974024a1a3062076484ad6c6091b193940d1009d1534ff468d285ed1d647744", "8e5297c9450cb307302dd88be7c1846ff34ba1ce2f94f20b0edc949e2cbd86ec", "8e8b95696a72f4048474132a4fbbd9caa6c2e3a39501f523e48ebe65bc542f37", "925e60ead73bbd8000e8bf8858bdd23e6d800a292127f7a48d85cb72e2ebf154"], "path": "%APPDATA%\\WindowsUpdate\\Updater.exe"}, {"hashes": ["02c1fe4bff0b944b8a24c35c165601bc7093a2897502ed76339bf223a2e22f82", "05a271b6a5a32cf561640fa6228ecb78ce9ff13611d6c618efb48721cb618961", "0a8e589f74b44031e8d0b94f8033cd942037eb26db6975ebd3fc789100391467", "1025cd12d003a503435a11e1895155e3dac8102b8925af75a116e229dbc8872f", "136808800e80d3a17169a14cb6d4037795ae1ac603e9e94f3176e395456d414d", "1ccd0791516841b7ba7d1a96a9eb64769f0a1c6e80b7c1795d3539b7e147f9c9", "1fbcb9a9b3809d4a2912e33e6d81da4cfaa39b0e98798524038c4efc1f7029bc", "20778098c7dc13af998594df8a92dc8ecf7d285549de0a57c8de62b3c027aa53", "2951c2b198fc106c8b69701b7fc8fa455614c20fbb1da0e52ff61fd987a1df37", "33a91fae1833f6b8af5d267435bc603ef6e764de4de71bae4d8b96022dced505", "421ab44e6b82e1a7738c4d5c8061f4e77162c0b82e0f54e3420191bb3289a4e8", "43c92c29429065668f1dcc5b0a76a0dba668c9e1565e3e19671fae3fc65799f6", "43f9d6d4c3ab089052a39c9f26360c533390f1de5e297cac1d22db4ddbe885f9", "4d0461dc7dcbc4ef89e7fa7f391b40309ca0544112511fe9acb19d57b3d262e3", "66c875f739c0a053e199fe7087630ab566686eef2ecf18ab807f577bb61b3c43", "66f684e5e2db840156a6c2d48b927bff9affb2da3b470e2755486ad44f1ea589", "687e9c7b5e3641dea44df6592a5601dab1aa659facba415fbebaae83db37b50b", "6c812c6bd7e2f641c3b1e309510841759690c66df67c118693c239752b03f6b4", "770788592bd5c473ac428057c58a26b31a522aed62fd4862c863c31b6ee8a347", "86891b7bec3a856e22137362efcaf955452686a950b545943a082683aec32db6", "8974024a1a3062076484ad6c6091b193940d1009d1534ff468d285ed1d647744", "8e5297c9450cb307302dd88be7c1846ff34ba1ce2f94f20b0edc949e2cbd86ec", "8e8b95696a72f4048474132a4fbbd9caa6c2e3a39501f523e48ebe65bc542f37", "925e60ead73bbd8000e8bf8858bdd23e6d800a292127f7a48d85cb72e2ebf154"], "path": "%APPDATA%\\c731200"}, {"hashes": ["02c1fe4bff0b944b8a24c35c165601bc7093a2897502ed76339bf223a2e22f82", "05a271b6a5a32cf561640fa6228ecb78ce9ff13611d6c618efb48721cb618961", "0a8e589f74b44031e8d0b94f8033cd942037eb26db6975ebd3fc789100391467", "1025cd12d003a503435a11e1895155e3dac8102b8925af75a116e229dbc8872f", "136808800e80d3a17169a14cb6d4037795ae1ac603e9e94f3176e395456d414d", "1ccd0791516841b7ba7d1a96a9eb64769f0a1c6e80b7c1795d3539b7e147f9c9", "1fbcb9a9b3809d4a2912e33e6d81da4cfaa39b0e98798524038c4efc1f7029bc", "20778098c7dc13af998594df8a92dc8ecf7d285549de0a57c8de62b3c027aa53", "2951c2b198fc106c8b69701b7fc8fa455614c20fbb1da0e52ff61fd987a1df37", "33a91fae1833f6b8af5d267435bc603ef6e764de4de71bae4d8b96022dced505", "421ab44e6b82e1a7738c4d5c8061f4e77162c0b82e0f54e3420191bb3289a4e8", "43c92c29429065668f1dcc5b0a76a0dba668c9e1565e3e19671fae3fc65799f6", "43f9d6d4c3ab089052a39c9f26360c533390f1de5e297cac1d22db4ddbe885f9", "4d0461dc7dcbc4ef89e7fa7f391b40309ca0544112511fe9acb19d57b3d262e3", "66c875f739c0a053e199fe7087630ab566686eef2ecf18ab807f577bb61b3c43", "66f684e5e2db840156a6c2d48b927bff9affb2da3b470e2755486ad44f1ea589", "687e9c7b5e3641dea44df6592a5601dab1aa659facba415fbebaae83db37b50b", "6c812c6bd7e2f641c3b1e309510841759690c66df67c118693c239752b03f6b4", "770788592bd5c473ac428057c58a26b31a522aed62fd4862c863c31b6ee8a347", "86891b7bec3a856e22137362efcaf955452686a950b545943a082683aec32db6", "8974024a1a3062076484ad6c6091b193940d1009d1534ff468d285ed1d647744", "8e5297c9450cb307302dd88be7c1846ff34ba1ce2f94f20b0edc949e2cbd86ec", "8e8b95696a72f4048474132a4fbbd9caa6c2e3a39501f523e48ebe65bc542f37", "925e60ead73bbd8000e8bf8858bdd23e6d800a292127f7a48d85cb72e2ebf154"], "path": "%TEMP%\\c731200"}, {"hashes": ["02c1fe4bff0b944b8a24c35c165601bc7093a2897502ed76339bf223a2e22f82", "0a8e589f74b44031e8d0b94f8033cd942037eb26db6975ebd3fc789100391467", "1025cd12d003a503435a11e1895155e3dac8102b8925af75a116e229dbc8872f", "136808800e80d3a17169a14cb6d4037795ae1ac603e9e94f3176e395456d414d", "1ccd0791516841b7ba7d1a96a9eb64769f0a1c6e80b7c1795d3539b7e147f9c9", "1fbcb9a9b3809d4a2912e33e6d81da4cfaa39b0e98798524038c4efc1f7029bc", "2951c2b198fc106c8b69701b7fc8fa455614c20fbb1da0e52ff61fd987a1df37", "33a91fae1833f6b8af5d267435bc603ef6e764de4de71bae4d8b96022dced505", "421ab44e6b82e1a7738c4d5c8061f4e77162c0b82e0f54e3420191bb3289a4e8", "43c92c29429065668f1dcc5b0a76a0dba668c9e1565e3e19671fae3fc65799f6", "43f9d6d4c3ab089052a39c9f26360c533390f1de5e297cac1d22db4ddbe885f9", "4d0461dc7dcbc4ef89e7fa7f391b40309ca0544112511fe9acb19d57b3d262e3", "66c875f739c0a053e199fe7087630ab566686eef2ecf18ab807f577bb61b3c43", "66f684e5e2db840156a6c2d48b927bff9affb2da3b470e2755486ad44f1ea589", "687e9c7b5e3641dea44df6592a5601dab1aa659facba415fbebaae83db37b50b", "6c812c6bd7e2f641c3b1e309510841759690c66df67c118693c239752b03f6b4", "770788592bd5c473ac428057c58a26b31a522aed62fd4862c863c31b6ee8a347", "86891b7bec3a856e22137362efcaf955452686a950b545943a082683aec32db6", "8974024a1a3062076484ad6c6091b193940d1009d1534ff468d285ed1d647744", "8e5297c9450cb307302dd88be7c1846ff34ba1ce2f94f20b0edc949e2cbd86ec", "8e8b95696a72f4048474132a4fbbd9caa6c2e3a39501f523e48ebe65bc542f37", "925e60ead73bbd8000e8bf8858bdd23e6d800a292127f7a48d85cb72e2ebf154"], "path": "%System32%\\catroot2\\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\\catdb"}, {"hashes": ["02c1fe4bff0b944b8a24c35c165601bc7093a2897502ed76339bf223a2e22f82", "0a8e589f74b44031e8d0b94f8033cd942037eb26db6975ebd3fc789100391467", "1025cd12d003a503435a11e1895155e3dac8102b8925af75a116e229dbc8872f", "136808800e80d3a17169a14cb6d4037795ae1ac603e9e94f3176e395456d414d", "1ccd0791516841b7ba7d1a96a9eb64769f0a1c6e80b7c1795d3539b7e147f9c9", "1fbcb9a9b3809d4a2912e33e6d81da4cfaa39b0e98798524038c4efc1f7029bc", "2951c2b198fc106c8b69701b7fc8fa455614c20fbb1da0e52ff61fd987a1df37", "33a91fae1833f6b8af5d267435bc603ef6e764de4de71bae4d8b96022dced505", "421ab44e6b82e1a7738c4d5c8061f4e77162c0b82e0f54e3420191bb3289a4e8", "43c92c29429065668f1dcc5b0a76a0dba668c9e1565e3e19671fae3fc65799f6", "43f9d6d4c3ab089052a39c9f26360c533390f1de5e297cac1d22db4ddbe885f9", "4d0461dc7dcbc4ef89e7fa7f391b40309ca0544112511fe9acb19d57b3d262e3", "66c875f739c0a053e199fe7087630ab566686eef2ecf18ab807f577bb61b3c43", "66f684e5e2db840156a6c2d48b927bff9affb2da3b470e2755486ad44f1ea589", "687e9c7b5e3641dea44df6592a5601dab1aa659facba415fbebaae83db37b50b", "6c812c6bd7e2f641c3b1e309510841759690c66df67c118693c239752b03f6b4", "770788592bd5c473ac428057c58a26b31a522aed62fd4862c863c31b6ee8a347", "86891b7bec3a856e22137362efcaf955452686a950b545943a082683aec32db6", "8974024a1a3062076484ad6c6091b193940d1009d1534ff468d285ed1d647744", "8e5297c9450cb307302dd88be7c1846ff34ba1ce2f94f20b0edc949e2cbd86ec", "8e8b95696a72f4048474132a4fbbd9caa6c2e3a39501f523e48ebe65bc542f37", "925e60ead73bbd8000e8bf8858bdd23e6d800a292127f7a48d85cb72e2ebf154"], "path": "%System32%\\catroot2\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\catdb"}, {"hashes": ["02c1fe4bff0b944b8a24c35c165601bc7093a2897502ed76339bf223a2e22f82", "0a8e589f74b44031e8d0b94f8033cd942037eb26db6975ebd3fc789100391467", "1025cd12d003a503435a11e1895155e3dac8102b8925af75a116e229dbc8872f", "136808800e80d3a17169a14cb6d4037795ae1ac603e9e94f3176e395456d414d", "1ccd0791516841b7ba7d1a96a9eb64769f0a1c6e80b7c1795d3539b7e147f9c9", "1fbcb9a9b3809d4a2912e33e6d81da4cfaa39b0e98798524038c4efc1f7029bc", "2951c2b198fc106c8b69701b7fc8fa455614c20fbb1da0e52ff61fd987a1df37", "33a91fae1833f6b8af5d267435bc603ef6e764de4de71bae4d8b96022dced505", "421ab44e6b82e1a7738c4d5c8061f4e77162c0b82e0f54e3420191bb3289a4e8", "43c92c29429065668f1dcc5b0a76a0dba668c9e1565e3e19671fae3fc65799f6", "43f9d6d4c3ab089052a39c9f26360c533390f1de5e297cac1d22db4ddbe885f9", "4d0461dc7dcbc4ef89e7fa7f391b40309ca0544112511fe9acb19d57b3d262e3", "66c875f739c0a053e199fe7087630ab566686eef2ecf18ab807f577bb61b3c43", "66f684e5e2db840156a6c2d48b927bff9affb2da3b470e2755486ad44f1ea589", "687e9c7b5e3641dea44df6592a5601dab1aa659facba415fbebaae83db37b50b", "6c812c6bd7e2f641c3b1e309510841759690c66df67c118693c239752b03f6b4", "770788592bd5c473ac428057c58a26b31a522aed62fd4862c863c31b6ee8a347", "86891b7bec3a856e22137362efcaf955452686a950b545943a082683aec32db6", "8974024a1a3062076484ad6c6091b193940d1009d1534ff468d285ed1d647744", "8e5297c9450cb307302dd88be7c1846ff34ba1ce2f94f20b0edc949e2cbd86ec", "8e8b95696a72f4048474132a4fbbd9caa6c2e3a39501f523e48ebe65bc542f37", "925e60ead73bbd8000e8bf8858bdd23e6d800a292127f7a48d85cb72e2ebf154"], "path": "%System32%\\sru\\SRU.chk"}, {"hashes": ["02c1fe4bff0b944b8a24c35c165601bc7093a2897502ed76339bf223a2e22f82", "0a8e589f74b44031e8d0b94f8033cd942037eb26db6975ebd3fc789100391467", "1025cd12d003a503435a11e1895155e3dac8102b8925af75a116e229dbc8872f", "136808800e80d3a17169a14cb6d4037795ae1ac603e9e94f3176e395456d414d", "1ccd0791516841b7ba7d1a96a9eb64769f0a1c6e80b7c1795d3539b7e147f9c9", "1fbcb9a9b3809d4a2912e33e6d81da4cfaa39b0e98798524038c4efc1f7029bc", "2951c2b198fc106c8b69701b7fc8fa455614c20fbb1da0e52ff61fd987a1df37", "33a91fae1833f6b8af5d267435bc603ef6e764de4de71bae4d8b96022dced505", "421ab44e6b82e1a7738c4d5c8061f4e77162c0b82e0f54e3420191bb3289a4e8", "43c92c29429065668f1dcc5b0a76a0dba668c9e1565e3e19671fae3fc65799f6", "43f9d6d4c3ab089052a39c9f26360c533390f1de5e297cac1d22db4ddbe885f9", "4d0461dc7dcbc4ef89e7fa7f391b40309ca0544112511fe9acb19d57b3d262e3", "66c875f739c0a053e199fe7087630ab566686eef2ecf18ab807f577bb61b3c43", "66f684e5e2db840156a6c2d48b927bff9affb2da3b470e2755486ad44f1ea589", "687e9c7b5e3641dea44df6592a5601dab1aa659facba415fbebaae83db37b50b", "6c812c6bd7e2f641c3b1e309510841759690c66df67c118693c239752b03f6b4", "770788592bd5c473ac428057c58a26b31a522aed62fd4862c863c31b6ee8a347", "86891b7bec3a856e22137362efcaf955452686a950b545943a082683aec32db6", "8974024a1a3062076484ad6c6091b193940d1009d1534ff468d285ed1d647744", "8e5297c9450cb307302dd88be7c1846ff34ba1ce2f94f20b0edc949e2cbd86ec", "8e8b95696a72f4048474132a4fbbd9caa6c2e3a39501f523e48ebe65bc542f37", "925e60ead73bbd8000e8bf8858bdd23e6d800a292127f7a48d85cb72e2ebf154"], "path": "%System32%\\sru\\SRU.log"}, {"hashes": ["02c1fe4bff0b944b8a24c35c165601bc7093a2897502ed76339bf223a2e22f82", "0a8e589f74b44031e8d0b94f8033cd942037eb26db6975ebd3fc789100391467", "1025cd12d003a503435a11e1895155e3dac8102b8925af75a116e229dbc8872f", "136808800e80d3a17169a14cb6d4037795ae1ac603e9e94f3176e395456d414d", "1ccd0791516841b7ba7d1a96a9eb64769f0a1c6e80b7c1795d3539b7e147f9c9", "1fbcb9a9b3809d4a2912e33e6d81da4cfaa39b0e98798524038c4efc1f7029bc", "2951c2b198fc106c8b69701b7fc8fa455614c20fbb1da0e52ff61fd987a1df37", "33a91fae1833f6b8af5d267435bc603ef6e764de4de71bae4d8b96022dced505", "421ab44e6b82e1a7738c4d5c8061f4e77162c0b82e0f54e3420191bb3289a4e8", "43c92c29429065668f1dcc5b0a76a0dba668c9e1565e3e19671fae3fc65799f6", "43f9d6d4c3ab089052a39c9f26360c533390f1de5e297cac1d22db4ddbe885f9", "4d0461dc7dcbc4ef89e7fa7f391b40309ca0544112511fe9acb19d57b3d262e3", "66c875f739c0a053e199fe7087630ab566686eef2ecf18ab807f577bb61b3c43", "66f684e5e2db840156a6c2d48b927bff9affb2da3b470e2755486ad44f1ea589", "687e9c7b5e3641dea44df6592a5601dab1aa659facba415fbebaae83db37b50b", "6c812c6bd7e2f641c3b1e309510841759690c66df67c118693c239752b03f6b4", "770788592bd5c473ac428057c58a26b31a522aed62fd4862c863c31b6ee8a347", "86891b7bec3a856e22137362efcaf955452686a950b545943a082683aec32db6", "8974024a1a3062076484ad6c6091b193940d1009d1534ff468d285ed1d647744", "8e5297c9450cb307302dd88be7c1846ff34ba1ce2f94f20b0edc949e2cbd86ec", "8e8b95696a72f4048474132a4fbbd9caa6c2e3a39501f523e48ebe65bc542f37", "925e60ead73bbd8000e8bf8858bdd23e6d800a292127f7a48d85cb72e2ebf154"], "path": "%System32%\\sru\\SRUDB.dat"}, {"hashes": ["02c1fe4bff0b944b8a24c35c165601bc7093a2897502ed76339bf223a2e22f82", "0a8e589f74b44031e8d0b94f8033cd942037eb26db6975ebd3fc789100391467", "1025cd12d003a503435a11e1895155e3dac8102b8925af75a116e229dbc8872f", "2951c2b198fc106c8b69701b7fc8fa455614c20fbb1da0e52ff61fd987a1df37", "33a91fae1833f6b8af5d267435bc603ef6e764de4de71bae4d8b96022dced505", "421ab44e6b82e1a7738c4d5c8061f4e77162c0b82e0f54e3420191bb3289a4e8", "43f9d6d4c3ab089052a39c9f26360c533390f1de5e297cac1d22db4ddbe885f9", "6c812c6bd7e2f641c3b1e309510841759690c66df67c118693c239752b03f6b4", "8974024a1a3062076484ad6c6091b193940d1009d1534ff468d285ed1d647744", "8e5297c9450cb307302dd88be7c1846ff34ba1ce2f94f20b0edc949e2cbd86ec", "8e8b95696a72f4048474132a4fbbd9caa6c2e3a39501f523e48ebe65bc542f37", "925e60ead73bbd8000e8bf8858bdd23e6d800a292127f7a48d85cb72e2ebf154"], "path": "%System32%\\sru\\SRUtmp.log"}, {"hashes": ["02c1fe4bff0b944b8a24c35c165601bc7093a2897502ed76339bf223a2e22f82", "0a8e589f74b44031e8d0b94f8033cd942037eb26db6975ebd3fc789100391467", "1025cd12d003a503435a11e1895155e3dac8102b8925af75a116e229dbc8872f", "2951c2b198fc106c8b69701b7fc8fa455614c20fbb1da0e52ff61fd987a1df37", "33a91fae1833f6b8af5d267435bc603ef6e764de4de71bae4d8b96022dced505", "421ab44e6b82e1a7738c4d5c8061f4e77162c0b82e0f54e3420191bb3289a4e8", "43f9d6d4c3ab089052a39c9f26360c533390f1de5e297cac1d22db4ddbe885f9", "6c812c6bd7e2f641c3b1e309510841759690c66df67c118693c239752b03f6b4", "8974024a1a3062076484ad6c6091b193940d1009d1534ff468d285ed1d647744", "8e5297c9450cb307302dd88be7c1846ff34ba1ce2f94f20b0edc949e2cbd86ec", "8e8b95696a72f4048474132a4fbbd9caa6c2e3a39501f523e48ebe65bc542f37", "925e60ead73bbd8000e8bf8858bdd23e6d800a292127f7a48d85cb72e2ebf154"], "path": "%System32%\\SRU\\SRU.log (copy)"}, {"hashes": ["02c1fe4bff0b944b8a24c35c165601bc7093a2897502ed76339bf223a2e22f82", "0a8e589f74b44031e8d0b94f8033cd942037eb26db6975ebd3fc789100391467", "1025cd12d003a503435a11e1895155e3dac8102b8925af75a116e229dbc8872f", "2951c2b198fc106c8b69701b7fc8fa455614c20fbb1da0e52ff61fd987a1df37", "33a91fae1833f6b8af5d267435bc603ef6e764de4de71bae4d8b96022dced505", "421ab44e6b82e1a7738c4d5c8061f4e77162c0b82e0f54e3420191bb3289a4e8", "43f9d6d4c3ab089052a39c9f26360c533390f1de5e297cac1d22db4ddbe885f9", "6c812c6bd7e2f641c3b1e309510841759690c66df67c118693c239752b03f6b4", "8974024a1a3062076484ad6c6091b193940d1009d1534ff468d285ed1d647744", "8e5297c9450cb307302dd88be7c1846ff34ba1ce2f94f20b0edc949e2cbd86ec", "8e8b95696a72f4048474132a4fbbd9caa6c2e3a39501f523e48ebe65bc542f37", "925e60ead73bbd8000e8bf8858bdd23e6d800a292127f7a48d85cb72e2ebf154"], "path": "%System32%\\SRU\\SRU000A8.log (copy)"}, {"hashes": ["4d0461dc7dcbc4ef89e7fa7f391b40309ca0544112511fe9acb19d57b3d262e3", "6c812c6bd7e2f641c3b1e309510841759690c66df67c118693c239752b03f6b4", "86891b7bec3a856e22137362efcaf955452686a950b545943a082683aec32db6"], "path": "%System32%\\WDI\\BootPerformanceDiagnostics_SystemData.bin"}, {"hashes": ["20778098c7dc13af998594df8a92dc8ecf7d285549de0a57c8de62b3c027aa53"], "path": "%APPDATA%\\Microsoft\\Windows\\Themes\\Uxoioc.exe"}, {"hashes": ["02c1fe4bff0b944b8a24c35c165601bc7093a2897502ed76339bf223a2e22f82"], "path": "%APPDATA%\\Microsoft\\Windows\\Themes\\Jwewef.exe"}, {"hashes": ["1025cd12d003a503435a11e1895155e3dac8102b8925af75a116e229dbc8872f"], "path": "%APPDATA%\\Microsoft\\Windows\\Themes\\Rtacat.exe"}, {"hashes": ["33a91fae1833f6b8af5d267435bc603ef6e764de4de71bae4d8b96022dced505"], "path": "%APPDATA%\\Microsoft\\Windows\\Themes\\Zhwlwk.exe"}, {"hashes": ["66c875f739c0a053e199fe7087630ab566686eef2ecf18ab807f577bb61b3c43"], "path": "%APPDATA%\\Microsoft\\Windows\\Themes\\Pwdxdm.exe"}, {"hashes": ["66f684e5e2db840156a6c2d48b927bff9affb2da3b470e2755486ad44f1ea589"], "path": "%APPDATA%\\Microsoft\\Windows\\Themes\\Bmeteu.exe"}, {"hashes": ["0a8e589f74b44031e8d0b94f8033cd942037eb26db6975ebd3fc789100391467"], "path": "%APPDATA%\\Microsoft\\Windows\\Themes\\Xsfkfh.exe"}, {"hashes": ["2951c2b198fc106c8b69701b7fc8fa455614c20fbb1da0e52ff61fd987a1df37"], "path": "%APPDATA%\\Microsoft\\Windows\\Themes\\Pvdrdg.exe"}, {"hashes": ["1ccd0791516841b7ba7d1a96a9eb64769f0a1c6e80b7c1795d3539b7e147f9c9"], "path": "%APPDATA%\\Microsoft\\Windows\\Themes\\Ffvbvg.exe"}, {"hashes": ["687e9c7b5e3641dea44df6592a5601dab1aa659facba415fbebaae83db37b50b"], "path": "%APPDATA%\\Microsoft\\Windows\\Themes\\Glxvxb.exe"}, {"hashes": ["421ab44e6b82e1a7738c4d5c8061f4e77162c0b82e0f54e3420191bb3289a4e8"], "path": "%APPDATA%\\Microsoft\\Windows\\Themes\\Ahemem.exe"}, {"hashes": ["136808800e80d3a17169a14cb6d4037795ae1ac603e9e94f3176e395456d414d"], "path": "%APPDATA%\\Microsoft\\Windows\\Themes\\Xfmamx.exe"}, {"hashes": ["8974024a1a3062076484ad6c6091b193940d1009d1534ff468d285ed1d647744"], "path": "%APPDATA%\\Microsoft\\Windows\\Themes\\Rvnbns.exe"}, {"hashes": ["43f9d6d4c3ab089052a39c9f26360c533390f1de5e297cac1d22db4ddbe885f9"], "path": "%APPDATA%\\Microsoft\\Windows\\Themes\\Nspmpz.exe"}, {"hashes": ["1fbcb9a9b3809d4a2912e33e6d81da4cfaa39b0e98798524038c4efc1f7029bc"], "path": "%APPDATA%\\Microsoft\\Windows\\Themes\\Majmjy.exe"}, {"hashes": ["43c92c29429065668f1dcc5b0a76a0dba668c9e1565e3e19671fae3fc65799f6"], "path": "%APPDATA%\\Microsoft\\Windows\\Themes\\Gdkcki.exe"}, {"hashes": ["6c812c6bd7e2f641c3b1e309510841759690c66df67c118693c239752b03f6b4"], "path": "%APPDATA%\\Microsoft\\Windows\\Themes\\Nryrye.exe"}, {"hashes": ["770788592bd5c473ac428057c58a26b31a522aed62fd4862c863c31b6ee8a347"], "path": "%APPDATA%\\Microsoft\\Windows\\Themes\\Ncojow.exe"}, {"hashes": ["86891b7bec3a856e22137362efcaf955452686a950b545943a082683aec32db6"], "path": "%APPDATA%\\Microsoft\\Windows\\Themes\\Txngnz.exe"}, {"hashes": ["86891b7bec3a856e22137362efcaf955452686a950b545943a082683aec32db6"], "path": "%System32%\\WDI\\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\\{2c1f1c2e-0b0b-4eef-b952-ab96a1c2f942}\\snapshot.etl"}, {"hashes": ["8e8b95696a72f4048474132a4fbbd9caa6c2e3a39501f523e48ebe65bc542f37"], "path": "%APPDATA%\\Microsoft\\Windows\\Themes\\Wudddz.exe"}, {"hashes": ["925e60ead73bbd8000e8bf8858bdd23e6d800a292127f7a48d85cb72e2ebf154"], "path": "%APPDATA%\\Microsoft\\Windows\\Themes\\Pulold.exe"}, {"hashes": ["4d0461dc7dcbc4ef89e7fa7f391b40309ca0544112511fe9acb19d57b3d262e3"], "path": "%APPDATA%\\Microsoft\\Windows\\Themes\\Wmteta.exe"}, {"hashes": ["8e5297c9450cb307302dd88be7c1846ff34ba1ce2f94f20b0edc949e2cbd86ec"], "path": "%APPDATA%\\Microsoft\\Windows\\Themes\\Ydatar.exe"}], "ip": [{"hashes": ["02c1fe4bff0b944b8a24c35c165601bc7093a2897502ed76339bf223a2e22f82", "05a271b6a5a32cf561640fa6228ecb78ce9ff13611d6c618efb48721cb618961", "0a8e589f74b44031e8d0b94f8033cd942037eb26db6975ebd3fc789100391467", "1025cd12d003a503435a11e1895155e3dac8102b8925af75a116e229dbc8872f", "136808800e80d3a17169a14cb6d4037795ae1ac603e9e94f3176e395456d414d", "1ccd0791516841b7ba7d1a96a9eb64769f0a1c6e80b7c1795d3539b7e147f9c9", "1fbcb9a9b3809d4a2912e33e6d81da4cfaa39b0e98798524038c4efc1f7029bc", "20778098c7dc13af998594df8a92dc8ecf7d285549de0a57c8de62b3c027aa53", "2951c2b198fc106c8b69701b7fc8fa455614c20fbb1da0e52ff61fd987a1df37", "33a91fae1833f6b8af5d267435bc603ef6e764de4de71bae4d8b96022dced505", "421ab44e6b82e1a7738c4d5c8061f4e77162c0b82e0f54e3420191bb3289a4e8", "43c92c29429065668f1dcc5b0a76a0dba668c9e1565e3e19671fae3fc65799f6", "43f9d6d4c3ab089052a39c9f26360c533390f1de5e297cac1d22db4ddbe885f9", "4d0461dc7dcbc4ef89e7fa7f391b40309ca0544112511fe9acb19d57b3d262e3", "66c875f739c0a053e199fe7087630ab566686eef2ecf18ab807f577bb61b3c43", "66f684e5e2db840156a6c2d48b927bff9affb2da3b470e2755486ad44f1ea589", "687e9c7b5e3641dea44df6592a5601dab1aa659facba415fbebaae83db37b50b", "6c812c6bd7e2f641c3b1e309510841759690c66df67c118693c239752b03f6b4", "770788592bd5c473ac428057c58a26b31a522aed62fd4862c863c31b6ee8a347", "86891b7bec3a856e22137362efcaf955452686a950b545943a082683aec32db6", "8974024a1a3062076484ad6c6091b193940d1009d1534ff468d285ed1d647744", "8e5297c9450cb307302dd88be7c1846ff34ba1ce2f94f20b0edc949e2cbd86ec", "8e8b95696a72f4048474132a4fbbd9caa6c2e3a39501f523e48ebe65bc542f37", "925e60ead73bbd8000e8bf8858bdd23e6d800a292127f7a48d85cb72e2ebf154"], "ip": "212[.]83[.]168[.]196"}, {"hashes": ["02c1fe4bff0b944b8a24c35c165601bc7093a2897502ed76339bf223a2e22f82", "05a271b6a5a32cf561640fa6228ecb78ce9ff13611d6c618efb48721cb618961", "0a8e589f74b44031e8d0b94f8033cd942037eb26db6975ebd3fc789100391467", "1025cd12d003a503435a11e1895155e3dac8102b8925af75a116e229dbc8872f", "136808800e80d3a17169a14cb6d4037795ae1ac603e9e94f3176e395456d414d", "1ccd0791516841b7ba7d1a96a9eb64769f0a1c6e80b7c1795d3539b7e147f9c9", "1fbcb9a9b3809d4a2912e33e6d81da4cfaa39b0e98798524038c4efc1f7029bc", "20778098c7dc13af998594df8a92dc8ecf7d285549de0a57c8de62b3c027aa53", "2951c2b198fc106c8b69701b7fc8fa455614c20fbb1da0e52ff61fd987a1df37", "33a91fae1833f6b8af5d267435bc603ef6e764de4de71bae4d8b96022dced505", "421ab44e6b82e1a7738c4d5c8061f4e77162c0b82e0f54e3420191bb3289a4e8", "43c92c29429065668f1dcc5b0a76a0dba668c9e1565e3e19671fae3fc65799f6", "43f9d6d4c3ab089052a39c9f26360c533390f1de5e297cac1d22db4ddbe885f9", "4d0461dc7dcbc4ef89e7fa7f391b40309ca0544112511fe9acb19d57b3d262e3", "66c875f739c0a053e199fe7087630ab566686eef2ecf18ab807f577bb61b3c43", "66f684e5e2db840156a6c2d48b927bff9affb2da3b470e2755486ad44f1ea589", "687e9c7b5e3641dea44df6592a5601dab1aa659facba415fbebaae83db37b50b", "6c812c6bd7e2f641c3b1e309510841759690c66df67c118693c239752b03f6b4", "770788592bd5c473ac428057c58a26b31a522aed62fd4862c863c31b6ee8a347", "86891b7bec3a856e22137362efcaf955452686a950b545943a082683aec32db6", "8974024a1a3062076484ad6c6091b193940d1009d1534ff468d285ed1d647744", "8e5297c9450cb307302dd88be7c1846ff34ba1ce2f94f20b0edc949e2cbd86ec", "8e8b95696a72f4048474132a4fbbd9caa6c2e3a39501f523e48ebe65bc542f37", "925e60ead73bbd8000e8bf8858bdd23e6d800a292127f7a48d85cb72e2ebf154"], "ip": "204[.]95[.]99[.]243"}, {"hashes": ["02c1fe4bff0b944b8a24c35c165601bc7093a2897502ed76339bf223a2e22f82", "05a271b6a5a32cf561640fa6228ecb78ce9ff13611d6c618efb48721cb618961", "0a8e589f74b44031e8d0b94f8033cd942037eb26db6975ebd3fc789100391467", "1025cd12d003a503435a11e1895155e3dac8102b8925af75a116e229dbc8872f", "136808800e80d3a17169a14cb6d4037795ae1ac603e9e94f3176e395456d414d", "1ccd0791516841b7ba7d1a96a9eb64769f0a1c6e80b7c1795d3539b7e147f9c9", "1fbcb9a9b3809d4a2912e33e6d81da4cfaa39b0e98798524038c4efc1f7029bc", "20778098c7dc13af998594df8a92dc8ecf7d285549de0a57c8de62b3c027aa53", "2951c2b198fc106c8b69701b7fc8fa455614c20fbb1da0e52ff61fd987a1df37", "33a91fae1833f6b8af5d267435bc603ef6e764de4de71bae4d8b96022dced505", "421ab44e6b82e1a7738c4d5c8061f4e77162c0b82e0f54e3420191bb3289a4e8", "43c92c29429065668f1dcc5b0a76a0dba668c9e1565e3e19671fae3fc65799f6", "43f9d6d4c3ab089052a39c9f26360c533390f1de5e297cac1d22db4ddbe885f9", "4d0461dc7dcbc4ef89e7fa7f391b40309ca0544112511fe9acb19d57b3d262e3", "66c875f739c0a053e199fe7087630ab566686eef2ecf18ab807f577bb61b3c43", "66f684e5e2db840156a6c2d48b927bff9affb2da3b470e2755486ad44f1ea589", "687e9c7b5e3641dea44df6592a5601dab1aa659facba415fbebaae83db37b50b", "6c812c6bd7e2f641c3b1e309510841759690c66df67c118693c239752b03f6b4", "770788592bd5c473ac428057c58a26b31a522aed62fd4862c863c31b6ee8a347", "86891b7bec3a856e22137362efcaf955452686a950b545943a082683aec32db6", "8974024a1a3062076484ad6c6091b193940d1009d1534ff468d285ed1d647744", "8e5297c9450cb307302dd88be7c1846ff34ba1ce2f94f20b0edc949e2cbd86ec", "8e8b95696a72f4048474132a4fbbd9caa6c2e3a39501f523e48ebe65bc542f37", "925e60ead73bbd8000e8bf8858bdd23e6d800a292127f7a48d85cb72e2ebf154"], "ip": "162[.]217[.]99[.]134"}, {"hashes": ["20778098c7dc13af998594df8a92dc8ecf7d285549de0a57c8de62b3c027aa53"], "ip": "195[.]22[.]28[.]196"}], "mutex": [{"hashes": ["02c1fe4bff0b944b8a24c35c165601bc7093a2897502ed76339bf223a2e22f82", "05a271b6a5a32cf561640fa6228ecb78ce9ff13611d6c618efb48721cb618961", "0a8e589f74b44031e8d0b94f8033cd942037eb26db6975ebd3fc789100391467", "1025cd12d003a503435a11e1895155e3dac8102b8925af75a116e229dbc8872f", "136808800e80d3a17169a14cb6d4037795ae1ac603e9e94f3176e395456d414d", "1ccd0791516841b7ba7d1a96a9eb64769f0a1c6e80b7c1795d3539b7e147f9c9", "1fbcb9a9b3809d4a2912e33e6d81da4cfaa39b0e98798524038c4efc1f7029bc", "20778098c7dc13af998594df8a92dc8ecf7d285549de0a57c8de62b3c027aa53", "2951c2b198fc106c8b69701b7fc8fa455614c20fbb1da0e52ff61fd987a1df37", "33a91fae1833f6b8af5d267435bc603ef6e764de4de71bae4d8b96022dced505", "421ab44e6b82e1a7738c4d5c8061f4e77162c0b82e0f54e3420191bb3289a4e8", "43c92c29429065668f1dcc5b0a76a0dba668c9e1565e3e19671fae3fc65799f6", "43f9d6d4c3ab089052a39c9f26360c533390f1de5e297cac1d22db4ddbe885f9", "4d0461dc7dcbc4ef89e7fa7f391b40309ca0544112511fe9acb19d57b3d262e3", "66c875f739c0a053e199fe7087630ab566686eef2ecf18ab807f577bb61b3c43", "66f684e5e2db840156a6c2d48b927bff9affb2da3b470e2755486ad44f1ea589", "687e9c7b5e3641dea44df6592a5601dab1aa659facba415fbebaae83db37b50b", "6c812c6bd7e2f641c3b1e309510841759690c66df67c118693c239752b03f6b4", "770788592bd5c473ac428057c58a26b31a522aed62fd4862c863c31b6ee8a347", "86891b7bec3a856e22137362efcaf955452686a950b545943a082683aec32db6", "8974024a1a3062076484ad6c6091b193940d1009d1534ff468d285ed1d647744", "8e5297c9450cb307302dd88be7c1846ff34ba1ce2f94f20b0edc949e2cbd86ec", "8e8b95696a72f4048474132a4fbbd9caa6c2e3a39501f523e48ebe65bc542f37", "925e60ead73bbd8000e8bf8858bdd23e6d800a292127f7a48d85cb72e2ebf154"], "name": "c731200"}, {"hashes": ["02c1fe4bff0b944b8a24c35c165601bc7093a2897502ed76339bf223a2e22f82", "05a271b6a5a32cf561640fa6228ecb78ce9ff13611d6c618efb48721cb618961", "0a8e589f74b44031e8d0b94f8033cd942037eb26db6975ebd3fc789100391467", "1025cd12d003a503435a11e1895155e3dac8102b8925af75a116e229dbc8872f", "136808800e80d3a17169a14cb6d4037795ae1ac603e9e94f3176e395456d414d", "1ccd0791516841b7ba7d1a96a9eb64769f0a1c6e80b7c1795d3539b7e147f9c9", "1fbcb9a9b3809d4a2912e33e6d81da4cfaa39b0e98798524038c4efc1f7029bc", "20778098c7dc13af998594df8a92dc8ecf7d285549de0a57c8de62b3c027aa53", "2951c2b198fc106c8b69701b7fc8fa455614c20fbb1da0e52ff61fd987a1df37", "33a91fae1833f6b8af5d267435bc603ef6e764de4de71bae4d8b96022dced505", "421ab44e6b82e1a7738c4d5c8061f4e77162c0b82e0f54e3420191bb3289a4e8", "43c92c29429065668f1dcc5b0a76a0dba668c9e1565e3e19671fae3fc65799f6", "43f9d6d4c3ab089052a39c9f26360c533390f1de5e297cac1d22db4ddbe885f9", "4d0461dc7dcbc4ef89e7fa7f391b40309ca0544112511fe9acb19d57b3d262e3", "66c875f739c0a053e199fe7087630ab566686eef2ecf18ab807f577bb61b3c43", "66f684e5e2db840156a6c2d48b927bff9affb2da3b470e2755486ad44f1ea589", "687e9c7b5e3641dea44df6592a5601dab1aa659facba415fbebaae83db37b50b", "6c812c6bd7e2f641c3b1e309510841759690c66df67c118693c239752b03f6b4", "770788592bd5c473ac428057c58a26b31a522aed62fd4862c863c31b6ee8a347", "86891b7bec3a856e22137362efcaf955452686a950b545943a082683aec32db6", "8974024a1a3062076484ad6c6091b193940d1009d1534ff468d285ed1d647744", "8e5297c9450cb307302dd88be7c1846ff34ba1ce2f94f20b0edc949e2cbd86ec", "8e8b95696a72f4048474132a4fbbd9caa6c2e3a39501f523e48ebe65bc542f37", "925e60ead73bbd8000e8bf8858bdd23e6d800a292127f7a48d85cb72e2ebf154"], "name": "-9caf4c3fMutex"}, {"hashes": ["02c1fe4bff0b944b8a24c35c165601bc7093a2897502ed76339bf223a2e22f82", "05a271b6a5a32cf561640fa6228ecb78ce9ff13611d6c618efb48721cb618961", "0a8e589f74b44031e8d0b94f8033cd942037eb26db6975ebd3fc789100391467", "1025cd12d003a503435a11e1895155e3dac8102b8925af75a116e229dbc8872f", "136808800e80d3a17169a14cb6d4037795ae1ac603e9e94f3176e395456d414d", "1ccd0791516841b7ba7d1a96a9eb64769f0a1c6e80b7c1795d3539b7e147f9c9", "1fbcb9a9b3809d4a2912e33e6d81da4cfaa39b0e98798524038c4efc1f7029bc", "20778098c7dc13af998594df8a92dc8ecf7d285549de0a57c8de62b3c027aa53", "2951c2b198fc106c8b69701b7fc8fa455614c20fbb1da0e52ff61fd987a1df37", "33a91fae1833f6b8af5d267435bc603ef6e764de4de71bae4d8b96022dced505", "421ab44e6b82e1a7738c4d5c8061f4e77162c0b82e0f54e3420191bb3289a4e8", "43c92c29429065668f1dcc5b0a76a0dba668c9e1565e3e19671fae3fc65799f6", "43f9d6d4c3ab089052a39c9f26360c533390f1de5e297cac1d22db4ddbe885f9", "4d0461dc7dcbc4ef89e7fa7f391b40309ca0544112511fe9acb19d57b3d262e3", "66c875f739c0a053e199fe7087630ab566686eef2ecf18ab807f577bb61b3c43", "66f684e5e2db840156a6c2d48b927bff9affb2da3b470e2755486ad44f1ea589", "687e9c7b5e3641dea44df6592a5601dab1aa659facba415fbebaae83db37b50b", "6c812c6bd7e2f641c3b1e309510841759690c66df67c118693c239752b03f6b4", "770788592bd5c473ac428057c58a26b31a522aed62fd4862c863c31b6ee8a347", "86891b7bec3a856e22137362efcaf955452686a950b545943a082683aec32db6", "8974024a1a3062076484ad6c6091b193940d1009d1534ff468d285ed1d647744", "8e5297c9450cb307302dd88be7c1846ff34ba1ce2f94f20b0edc949e2cbd86ec", "8e8b95696a72f4048474132a4fbbd9caa6c2e3a39501f523e48ebe65bc542f37", "925e60ead73bbd8000e8bf8858bdd23e6d800a292127f7a48d85cb72e2ebf154"], "name": "FvLQ49I\u007f\u203a\u00ac{Ljj6m"}, {"hashes": ["02c1fe4bff0b944b8a24c35c165601bc7093a2897502ed76339bf223a2e22f82", "05a271b6a5a32cf561640fa6228ecb78ce9ff13611d6c618efb48721cb618961", "0a8e589f74b44031e8d0b94f8033cd942037eb26db6975ebd3fc789100391467", "1025cd12d003a503435a11e1895155e3dac8102b8925af75a116e229dbc8872f", "136808800e80d3a17169a14cb6d4037795ae1ac603e9e94f3176e395456d414d", "1ccd0791516841b7ba7d1a96a9eb64769f0a1c6e80b7c1795d3539b7e147f9c9", "1fbcb9a9b3809d4a2912e33e6d81da4cfaa39b0e98798524038c4efc1f7029bc", "20778098c7dc13af998594df8a92dc8ecf7d285549de0a57c8de62b3c027aa53", "2951c2b198fc106c8b69701b7fc8fa455614c20fbb1da0e52ff61fd987a1df37", "33a91fae1833f6b8af5d267435bc603ef6e764de4de71bae4d8b96022dced505", "421ab44e6b82e1a7738c4d5c8061f4e77162c0b82e0f54e3420191bb3289a4e8", "43c92c29429065668f1dcc5b0a76a0dba668c9e1565e3e19671fae3fc65799f6", "43f9d6d4c3ab089052a39c9f26360c533390f1de5e297cac1d22db4ddbe885f9", "4d0461dc7dcbc4ef89e7fa7f391b40309ca0544112511fe9acb19d57b3d262e3", "66c875f739c0a053e199fe7087630ab566686eef2ecf18ab807f577bb61b3c43", "66f684e5e2db840156a6c2d48b927bff9affb2da3b470e2755486ad44f1ea589", "687e9c7b5e3641dea44df6592a5601dab1aa659facba415fbebaae83db37b50b", "6c812c6bd7e2f641c3b1e309510841759690c66df67c118693c239752b03f6b4", "770788592bd5c473ac428057c58a26b31a522aed62fd4862c863c31b6ee8a347", "86891b7bec3a856e22137362efcaf955452686a950b545943a082683aec32db6", "8974024a1a3062076484ad6c6091b193940d1009d1534ff468d285ed1d647744", "8e5297c9450cb307302dd88be7c1846ff34ba1ce2f94f20b0edc949e2cbd86ec", "8e8b95696a72f4048474132a4fbbd9caa6c2e3a39501f523e48ebe65bc542f37", "925e60ead73bbd8000e8bf8858bdd23e6d800a292127f7a48d85cb72e2ebf154"], "name": "SSLOADasdasc000900"}, {"hashes": ["02c1fe4bff0b944b8a24c35c165601bc7093a2897502ed76339bf223a2e22f82", "05a271b6a5a32cf561640fa6228ecb78ce9ff13611d6c618efb48721cb618961", "0a8e589f74b44031e8d0b94f8033cd942037eb26db6975ebd3fc789100391467", "1025cd12d003a503435a11e1895155e3dac8102b8925af75a116e229dbc8872f", "136808800e80d3a17169a14cb6d4037795ae1ac603e9e94f3176e395456d414d", "1ccd0791516841b7ba7d1a96a9eb64769f0a1c6e80b7c1795d3539b7e147f9c9", "1fbcb9a9b3809d4a2912e33e6d81da4cfaa39b0e98798524038c4efc1f7029bc", "20778098c7dc13af998594df8a92dc8ecf7d285549de0a57c8de62b3c027aa53", "2951c2b198fc106c8b69701b7fc8fa455614c20fbb1da0e52ff61fd987a1df37", "33a91fae1833f6b8af5d267435bc603ef6e764de4de71bae4d8b96022dced505", "421ab44e6b82e1a7738c4d5c8061f4e77162c0b82e0f54e3420191bb3289a4e8", "43c92c29429065668f1dcc5b0a76a0dba668c9e1565e3e19671fae3fc65799f6", "43f9d6d4c3ab089052a39c9f26360c533390f1de5e297cac1d22db4ddbe885f9", "4d0461dc7dcbc4ef89e7fa7f391b40309ca0544112511fe9acb19d57b3d262e3", "66c875f739c0a053e199fe7087630ab566686eef2ecf18ab807f577bb61b3c43", "66f684e5e2db840156a6c2d48b927bff9affb2da3b470e2755486ad44f1ea589", "687e9c7b5e3641dea44df6592a5601dab1aa659facba415fbebaae83db37b50b", "6c812c6bd7e2f641c3b1e309510841759690c66df67c118693c239752b03f6b4", "770788592bd5c473ac428057c58a26b31a522aed62fd4862c863c31b6ee8a347", "86891b7bec3a856e22137362efcaf955452686a950b545943a082683aec32db6", "8974024a1a3062076484ad6c6091b193940d1009d1534ff468d285ed1d647744", "8e5297c9450cb307302dd88be7c1846ff34ba1ce2f94f20b0edc949e2cbd86ec", "8e8b95696a72f4048474132a4fbbd9caa6c2e3a39501f523e48ebe65bc542f37", "925e60ead73bbd8000e8bf8858bdd23e6d800a292127f7a48d85cb72e2ebf154"], "name": "SVCHOST_MUTEX_OBJECT_RELEASED_c0009X00GOAL"}, {"hashes": ["02c1fe4bff0b944b8a24c35c165601bc7093a2897502ed76339bf223a2e22f82", "0a8e589f74b44031e8d0b94f8033cd942037eb26db6975ebd3fc789100391467", "1025cd12d003a503435a11e1895155e3dac8102b8925af75a116e229dbc8872f", "136808800e80d3a17169a14cb6d4037795ae1ac603e9e94f3176e395456d414d", "1ccd0791516841b7ba7d1a96a9eb64769f0a1c6e80b7c1795d3539b7e147f9c9", "1fbcb9a9b3809d4a2912e33e6d81da4cfaa39b0e98798524038c4efc1f7029bc", "2951c2b198fc106c8b69701b7fc8fa455614c20fbb1da0e52ff61fd987a1df37", "33a91fae1833f6b8af5d267435bc603ef6e764de4de71bae4d8b96022dced505", "421ab44e6b82e1a7738c4d5c8061f4e77162c0b82e0f54e3420191bb3289a4e8", "43c92c29429065668f1dcc5b0a76a0dba668c9e1565e3e19671fae3fc65799f6", "43f9d6d4c3ab089052a39c9f26360c533390f1de5e297cac1d22db4ddbe885f9", "4d0461dc7dcbc4ef89e7fa7f391b40309ca0544112511fe9acb19d57b3d262e3", "66c875f739c0a053e199fe7087630ab566686eef2ecf18ab807f577bb61b3c43", "66f684e5e2db840156a6c2d48b927bff9affb2da3b470e2755486ad44f1ea589", "687e9c7b5e3641dea44df6592a5601dab1aa659facba415fbebaae83db37b50b", "6c812c6bd7e2f641c3b1e309510841759690c66df67c118693c239752b03f6b4", "770788592bd5c473ac428057c58a26b31a522aed62fd4862c863c31b6ee8a347", "86891b7bec3a856e22137362efcaf955452686a950b545943a082683aec32db6", "8974024a1a3062076484ad6c6091b193940d1009d1534ff468d285ed1d647744", "8e5297c9450cb307302dd88be7c1846ff34ba1ce2f94f20b0edc949e2cbd86ec", "8e8b95696a72f4048474132a4fbbd9caa6c2e3a39501f523e48ebe65bc542f37", "925e60ead73bbd8000e8bf8858bdd23e6d800a292127f7a48d85cb72e2ebf154"], "name": "FvLQ49I   {Ljj6m"}], "registry": [{"hashes": ["02c1fe4bff0b944b8a24c35c165601bc7093a2897502ed76339bf223a2e22f82", "05a271b6a5a32cf561640fa6228ecb78ce9ff13611d6c618efb48721cb618961", "0a8e589f74b44031e8d0b94f8033cd942037eb26db6975ebd3fc789100391467", "1025cd12d003a503435a11e1895155e3dac8102b8925af75a116e229dbc8872f", "136808800e80d3a17169a14cb6d4037795ae1ac603e9e94f3176e395456d414d", "1ccd0791516841b7ba7d1a96a9eb64769f0a1c6e80b7c1795d3539b7e147f9c9", "1fbcb9a9b3809d4a2912e33e6d81da4cfaa39b0e98798524038c4efc1f7029bc", "20778098c7dc13af998594df8a92dc8ecf7d285549de0a57c8de62b3c027aa53", "2951c2b198fc106c8b69701b7fc8fa455614c20fbb1da0e52ff61fd987a1df37", "33a91fae1833f6b8af5d267435bc603ef6e764de4de71bae4d8b96022dced505", "421ab44e6b82e1a7738c4d5c8061f4e77162c0b82e0f54e3420191bb3289a4e8", "43c92c29429065668f1dcc5b0a76a0dba668c9e1565e3e19671fae3fc65799f6", "43f9d6d4c3ab089052a39c9f26360c533390f1de5e297cac1d22db4ddbe885f9", "4d0461dc7dcbc4ef89e7fa7f391b40309ca0544112511fe9acb19d57b3d262e3", "66c875f739c0a053e199fe7087630ab566686eef2ecf18ab807f577bb61b3c43", "66f684e5e2db840156a6c2d48b927bff9affb2da3b470e2755486ad44f1ea589", "687e9c7b5e3641dea44df6592a5601dab1aa659facba415fbebaae83db37b50b", "6c812c6bd7e2f641c3b1e309510841759690c66df67c118693c239752b03f6b4", "770788592bd5c473ac428057c58a26b31a522aed62fd4862c863c31b6ee8a347", "86891b7bec3a856e22137362efcaf955452686a950b545943a082683aec32db6", "8974024a1a3062076484ad6c6091b193940d1009d1534ff468d285ed1d647744", "8e5297c9450cb307302dd88be7c1846ff34ba1ce2f94f20b0edc949e2cbd86ec", "8e8b95696a72f4048474132a4fbbd9caa6c2e3a39501f523e48ebe65bc542f37", "925e60ead73bbd8000e8bf8858bdd23e6d800a292127f7a48d85cb72e2ebf154"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "Eoawaa"}, {"hashes": ["02c1fe4bff0b944b8a24c35c165601bc7093a2897502ed76339bf223a2e22f82", "05a271b6a5a32cf561640fa6228ecb78ce9ff13611d6c618efb48721cb618961", "0a8e589f74b44031e8d0b94f8033cd942037eb26db6975ebd3fc789100391467", "1025cd12d003a503435a11e1895155e3dac8102b8925af75a116e229dbc8872f", "136808800e80d3a17169a14cb6d4037795ae1ac603e9e94f3176e395456d414d", "1ccd0791516841b7ba7d1a96a9eb64769f0a1c6e80b7c1795d3539b7e147f9c9", "1fbcb9a9b3809d4a2912e33e6d81da4cfaa39b0e98798524038c4efc1f7029bc", "20778098c7dc13af998594df8a92dc8ecf7d285549de0a57c8de62b3c027aa53", "2951c2b198fc106c8b69701b7fc8fa455614c20fbb1da0e52ff61fd987a1df37", "33a91fae1833f6b8af5d267435bc603ef6e764de4de71bae4d8b96022dced505", "421ab44e6b82e1a7738c4d5c8061f4e77162c0b82e0f54e3420191bb3289a4e8", "43c92c29429065668f1dcc5b0a76a0dba668c9e1565e3e19671fae3fc65799f6", "43f9d6d4c3ab089052a39c9f26360c533390f1de5e297cac1d22db4ddbe885f9", "4d0461dc7dcbc4ef89e7fa7f391b40309ca0544112511fe9acb19d57b3d262e3", "66c875f739c0a053e199fe7087630ab566686eef2ecf18ab807f577bb61b3c43", "66f684e5e2db840156a6c2d48b927bff9affb2da3b470e2755486ad44f1ea589", "687e9c7b5e3641dea44df6592a5601dab1aa659facba415fbebaae83db37b50b", "6c812c6bd7e2f641c3b1e309510841759690c66df67c118693c239752b03f6b4", "770788592bd5c473ac428057c58a26b31a522aed62fd4862c863c31b6ee8a347", "86891b7bec3a856e22137362efcaf955452686a950b545943a082683aec32db6", "8974024a1a3062076484ad6c6091b193940d1009d1534ff468d285ed1d647744", "8e5297c9450cb307302dd88be7c1846ff34ba1ce2f94f20b0edc949e2cbd86ec", "8e8b95696a72f4048474132a4fbbd9caa6c2e3a39501f523e48ebe65bc542f37", "925e60ead73bbd8000e8bf8858bdd23e6d800a292127f7a48d85cb72e2ebf154"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "Windows Update Installer"}, {"hashes": ["02c1fe4bff0b944b8a24c35c165601bc7093a2897502ed76339bf223a2e22f82", "05a271b6a5a32cf561640fa6228ecb78ce9ff13611d6c618efb48721cb618961", "0a8e589f74b44031e8d0b94f8033cd942037eb26db6975ebd3fc789100391467", "1025cd12d003a503435a11e1895155e3dac8102b8925af75a116e229dbc8872f", "136808800e80d3a17169a14cb6d4037795ae1ac603e9e94f3176e395456d414d", "1ccd0791516841b7ba7d1a96a9eb64769f0a1c6e80b7c1795d3539b7e147f9c9", "1fbcb9a9b3809d4a2912e33e6d81da4cfaa39b0e98798524038c4efc1f7029bc", "20778098c7dc13af998594df8a92dc8ecf7d285549de0a57c8de62b3c027aa53", "2951c2b198fc106c8b69701b7fc8fa455614c20fbb1da0e52ff61fd987a1df37", "33a91fae1833f6b8af5d267435bc603ef6e764de4de71bae4d8b96022dced505", "421ab44e6b82e1a7738c4d5c8061f4e77162c0b82e0f54e3420191bb3289a4e8", "43c92c29429065668f1dcc5b0a76a0dba668c9e1565e3e19671fae3fc65799f6", "43f9d6d4c3ab089052a39c9f26360c533390f1de5e297cac1d22db4ddbe885f9", "4d0461dc7dcbc4ef89e7fa7f391b40309ca0544112511fe9acb19d57b3d262e3", "66c875f739c0a053e199fe7087630ab566686eef2ecf18ab807f577bb61b3c43", "66f684e5e2db840156a6c2d48b927bff9affb2da3b470e2755486ad44f1ea589", "687e9c7b5e3641dea44df6592a5601dab1aa659facba415fbebaae83db37b50b", "6c812c6bd7e2f641c3b1e309510841759690c66df67c118693c239752b03f6b4", "770788592bd5c473ac428057c58a26b31a522aed62fd4862c863c31b6ee8a347", "86891b7bec3a856e22137362efcaf955452686a950b545943a082683aec32db6", "8974024a1a3062076484ad6c6091b193940d1009d1534ff468d285ed1d647744", "8e5297c9450cb307302dd88be7c1846ff34ba1ce2f94f20b0edc949e2cbd86ec", "8e8b95696a72f4048474132a4fbbd9caa6c2e3a39501f523e48ebe65bc542f37", "925e60ead73bbd8000e8bf8858bdd23e6d800a292127f7a48d85cb72e2ebf154"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "BCSSync"}]}, "reports_count": 25}, "exprev": [{"count": 9938, "description": "Process hollowing is a technique used by some programs to avoid static analysis. In typical usage, a process is started and its obfuscated or encrypted contents are unpacked into memory. The parent then manually sets up the first stages of launching a child process, but before launching it, the memory is cleared and filled in with the memory from the parent instead.", "name": "Process hollowing detected"}, {"count": 2964, "description": "A PowerShell command with a very long command line argument that may indicate an obfuscated script has been detected. PowerShell is an extensible Windows scripting language present on all versions of Windows. Malware authors use PowerShell in an attempt to evade security software or other monitoring that is not tuned to detect PowerShell based threats.", "name": "Excessively long PowerShell command detected"}, {"count": 2019, "description": "An exploit payload intended to connect back to an attacker controlled host using tcp has been detected.", "name": "Reverse tcp payload detected"}, {"count": 1243, "description": "Crystalbit-Apple DLL double hijack was detected. During this attack, the adversary abuses two legitimate vendor applications, such as CrystalBit and Apple, as part of a dll double hijack attack chain that starts with a fraudulent software bundle and eventually leads to a persistent miner and in some cases spyware deployment.", "name": "Crystalbit-Apple DLL double hijack detected"}, {"count": 703, "description": "A process was injected into, most likely by an existing Kovter infection. Kovter is a click fraud Trojan that can also act as an information stealer. Kovter is also file-less malware meaning the malicious DLL is stored inside Windows registry and injected directly into memory using PowerShell. It can detect and report the usage of monitoring software such as wireshark and sandboxes to its C2. It spreads through malicious advertising and spam campaigns.", "name": "Kovter injection detected"}, {"count": 620, "description": "A process associated with Microsoft Office, such as EXCEL.exe or WINWORD.exe, has started a Windows utility such as powershell.exe or cmd.exe. This is typical behavior of malicious documents executing additional scripts. This behavior is extremely suspicious and is associated with many malware different malware campaigns and families.", "name": "A Microsoft Office process has started a windows utility."}, {"count": 548, "description": "An attempt to bypass application whitelisting via the \"Squiblydoo\" technique has been detected. This typically involves using regsvr32.exe to execute script content hosted on an attacker controlled server.", "name": "Squiblydoo application whitelist bypass attempt detected."}, {"count": 276, "description": "Trickbot is a banking Trojan which appeared in late 2016. Due to the similarities between Trickbot and Dyre, it is suspected some of the individuals responsible for Dyre are now responsible for Trickbot. Trickbot has been rapidly evolving over the months since it has appeared. However, Trickbot is still missing some of the capabilities Dyre possessed. Its current modules include DLL injection, system information gathering, and email searching.", "name": "Trickbot malware detected"}, {"count": 246, "description": "DealPly is adware, which claims to improve your online shopping experience. It is often bundled into other legitimate installers and is difficult to uninstall. It creates pop-up advertisements and injects advertisements on webpages. Adware has also been known to download and install malware.", "name": "Dealply adware detected"}, {"count": 234, "description": "Maze ransomware has been detected injecting into rundll32.exe or regsvr32.exe. Maze can encrypt files on the victim and demand a ransom. It can also exfiltrate data back to the attacker prior to encryption.", "name": "Maze ransomware detected"}, {"count": 146, "description": "Gamarue is a family of malware that can download files and steal information from an infected system. Worm variants of the Gamarue family may spread by infecting USB drives or portable hard disks that have been plugged into a compromised system.", "name": "Gamarue malware detected"}, {"count": 54, "description": "An attempt to exploit CVE-2019-0708 has been detected. The vulnerability, dubbed BlueKeep, is a heap memory corruption which can be triggered by sending a specially crafted Remote Desktop Protocol (RDP) request. Since this vulnerability can be triggered without authentication and allows remote code execution, it can be used by worms to spread automatically without human interaction.", "name": "CVE-2019-0708 detected"}, {"count": 54, "description": "Houdini/HWORM detected. This worm uses an obfuscated VBScript to drop additional malware such as njRAT.", "name": "Houdini/HWORM detected"}, {"count": 31, "description": "IcedID is a banking Trojan. It uses both web browser injection and browser redirection to steal banking and/or other financial credentials and data. The features and sophistication of IcedID demonstrate the malware author's knowledge and technical skill for this kind of fraud, and suggest the authors have previous experience creating banking Trojans. IcedID has been observed being installed by Emotet or Ursnif. Systems infected with IcedID should also be scanned for additional malware infections.", "name": "IcedID malware detected"}, {"count": 18, "description": "A site commonly used by fileless malware to download additional data has been detected. Several different families of malware have been observed using these sites to download additional stages to inject into other processes.", "name": "Possible fileless malware download"}, {"count": 15, "description": "Smoke Loader has been detected. Smokeloader is used mainly to execute other malicious software, like ransomware or cryptocurrency miners. Its initial infection vector is usually an email with a malicious Microsoft Word document or delivered through an exploit kit. Smokeloader uses various plugins designed to steal data from its victims, particularly credentials stored on the system or transfered over HTTP, HTTPS, FTP, SMTP, POP3 or IMAP.", "name": "Smoke Loader detected"}, {"count": 5, "description": "DivX is a package of video codecs for playing video in a web browser or other video players. Most DivX installers (including signed installers downloaded from the DivX website) contain adware that is difficult or impossible to avoid installing along with DivX.", "name": "Divx adware detected"}], "info": {"origin": "Cisco Talos Intelligence Group", "publication_date": "2021-03-26T14:46:59+00:00", "version": "2.1", "warning": "As a reminder, the information provided for the following threatsin this post is non-exhaustive and current as of the date ofpublication. Additionally, please keep in mind that IOC searchingis only one part of threat hunting. Spotting a single IOC does notnecessarily indicate maliciousness. Detection and coverage for thefollowing threats is subject to updates, pending additional threator vulnerability analysis. For the most current information, pleaserefer to your Firepower Management Center, Snort.org, or ClamAV.net."}, "signatures": ["Win.Malware.Ursu-9845004-0", "Win.Malware.Zusy-9846696-0", "Win.Malware.TrickBot-9845695-1", "Win.Downloader.Banload-9846782-0", "Win.Malware.Tofsee-9845289-1", "Win.Malware.Kovter-9845338-0", "Win.Virus.Xpiro-9845473-1", "Win.Worm.Ruskill-9845542-1", "Win.Packed.Dridex-9846082-1"]}