{"Win.Dropper.Gh0stRAT-9980455-1": {"bis": [{"bi": "antivirus-flagged-artifact", "hashes": ["bad7e73891556abd526f9cf32e4b2e961d2c8b911624c43158e6e641d8fdd093", "905f03f2f3bb2f8138d3f31484a3ccdb462606303fbe93f6b9e161f329a0caa9", "78ca6de2cbde73fd0096e4f14311d439fee3a2f7646b0717a89fa2c14addbcc9", "62512c22b06a8e3d2ceeff6e8a0acded0d2a45e476c1fda5abdb86704fc71ad6", "23925c212a1511b15601983e61c448f0a81d5ff2400aad2b0dfb2130f83db26d", "6f3817e26b094cc3974970666a756edc4064ed535a347f04e74938a768cf8a27", "180ece74b103cdbf59f0a8f37f80d86735e257de0c63748342abc10e88844877", "39f7c40cdd521567c481ac4b6b876c2124aadc6068cb7706ea33097524ac4be9", "f7f3f418df156e1a6d1ee27d611baf7d77b64f9ce309cb1cfd0052ead9542b0b", "a265cf3a258b2af0b0e136f08569ebdf2ccd3f34513ed600d07accf8c270529b", "96d6db813da96f1508ff61080d630ae46408cc609ab7c3a40be628149325c11c", "45789525d5ccc00b4a5148aed0d15e980059525a4ce1ffd1b52f18e9f0606c27", "be79cac4f5fdef9437562409d9c4a37c985c3f9010f601efbbfe92d90c95e45a", "ba771c968b5a7f61320d6393753544ea54c4caf47204335ac805016e5dcbec49", "973c166822b4fb42e5f786842712f9688f34c2f6895d6a93e2fe926e39d1e183"], "mitre_attack_tags": []}, {"bi": "memory-execute-readwrite", "hashes": ["bad7e73891556abd526f9cf32e4b2e961d2c8b911624c43158e6e641d8fdd093", "905f03f2f3bb2f8138d3f31484a3ccdb462606303fbe93f6b9e161f329a0caa9", "78ca6de2cbde73fd0096e4f14311d439fee3a2f7646b0717a89fa2c14addbcc9", "62512c22b06a8e3d2ceeff6e8a0acded0d2a45e476c1fda5abdb86704fc71ad6", "23925c212a1511b15601983e61c448f0a81d5ff2400aad2b0dfb2130f83db26d", "6f3817e26b094cc3974970666a756edc4064ed535a347f04e74938a768cf8a27", "180ece74b103cdbf59f0a8f37f80d86735e257de0c63748342abc10e88844877", "39f7c40cdd521567c481ac4b6b876c2124aadc6068cb7706ea33097524ac4be9", "f7f3f418df156e1a6d1ee27d611baf7d77b64f9ce309cb1cfd0052ead9542b0b", "a265cf3a258b2af0b0e136f08569ebdf2ccd3f34513ed600d07accf8c270529b", "96d6db813da96f1508ff61080d630ae46408cc609ab7c3a40be628149325c11c", "45789525d5ccc00b4a5148aed0d15e980059525a4ce1ffd1b52f18e9f0606c27", "be79cac4f5fdef9437562409d9c4a37c985c3f9010f601efbbfe92d90c95e45a", "ba771c968b5a7f61320d6393753544ea54c4caf47204335ac805016e5dcbec49", "973c166822b4fb42e5f786842712f9688f34c2f6895d6a93e2fe926e39d1e183"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["bad7e73891556abd526f9cf32e4b2e961d2c8b911624c43158e6e641d8fdd093", "905f03f2f3bb2f8138d3f31484a3ccdb462606303fbe93f6b9e161f329a0caa9", "78ca6de2cbde73fd0096e4f14311d439fee3a2f7646b0717a89fa2c14addbcc9", "62512c22b06a8e3d2ceeff6e8a0acded0d2a45e476c1fda5abdb86704fc71ad6", "23925c212a1511b15601983e61c448f0a81d5ff2400aad2b0dfb2130f83db26d", "6f3817e26b094cc3974970666a756edc4064ed535a347f04e74938a768cf8a27", "180ece74b103cdbf59f0a8f37f80d86735e257de0c63748342abc10e88844877", "39f7c40cdd521567c481ac4b6b876c2124aadc6068cb7706ea33097524ac4be9", "f7f3f418df156e1a6d1ee27d611baf7d77b64f9ce309cb1cfd0052ead9542b0b", "a265cf3a258b2af0b0e136f08569ebdf2ccd3f34513ed600d07accf8c270529b", "96d6db813da96f1508ff61080d630ae46408cc609ab7c3a40be628149325c11c", "45789525d5ccc00b4a5148aed0d15e980059525a4ce1ffd1b52f18e9f0606c27", "be79cac4f5fdef9437562409d9c4a37c985c3f9010f601efbbfe92d90c95e45a", "ba771c968b5a7f61320d6393753544ea54c4caf47204335ac805016e5dcbec49", "973c166822b4fb42e5f786842712f9688f34c2f6895d6a93e2fe926e39d1e183"], "mitre_attack_tags": []}, {"bi": "pe-uses-armadillo", "hashes": ["bad7e73891556abd526f9cf32e4b2e961d2c8b911624c43158e6e641d8fdd093", "905f03f2f3bb2f8138d3f31484a3ccdb462606303fbe93f6b9e161f329a0caa9", "78ca6de2cbde73fd0096e4f14311d439fee3a2f7646b0717a89fa2c14addbcc9", "62512c22b06a8e3d2ceeff6e8a0acded0d2a45e476c1fda5abdb86704fc71ad6", "23925c212a1511b15601983e61c448f0a81d5ff2400aad2b0dfb2130f83db26d", "6f3817e26b094cc3974970666a756edc4064ed535a347f04e74938a768cf8a27", "180ece74b103cdbf59f0a8f37f80d86735e257de0c63748342abc10e88844877", "39f7c40cdd521567c481ac4b6b876c2124aadc6068cb7706ea33097524ac4be9", "f7f3f418df156e1a6d1ee27d611baf7d77b64f9ce309cb1cfd0052ead9542b0b", "a265cf3a258b2af0b0e136f08569ebdf2ccd3f34513ed600d07accf8c270529b", "96d6db813da96f1508ff61080d630ae46408cc609ab7c3a40be628149325c11c", "45789525d5ccc00b4a5148aed0d15e980059525a4ce1ffd1b52f18e9f0606c27", "be79cac4f5fdef9437562409d9c4a37c985c3f9010f601efbbfe92d90c95e45a", "ba771c968b5a7f61320d6393753544ea54c4caf47204335ac805016e5dcbec49", "973c166822b4fb42e5f786842712f9688f34c2f6895d6a93e2fe926e39d1e183"], "mitre_attack_tags": ["TA0005", "TA0007", "T1027"]}, {"bi": "feed-domain-rat", "hashes": ["bad7e73891556abd526f9cf32e4b2e961d2c8b911624c43158e6e641d8fdd093", "905f03f2f3bb2f8138d3f31484a3ccdb462606303fbe93f6b9e161f329a0caa9", "78ca6de2cbde73fd0096e4f14311d439fee3a2f7646b0717a89fa2c14addbcc9", "6f3817e26b094cc3974970666a756edc4064ed535a347f04e74938a768cf8a27", "180ece74b103cdbf59f0a8f37f80d86735e257de0c63748342abc10e88844877", "39f7c40cdd521567c481ac4b6b876c2124aadc6068cb7706ea33097524ac4be9", "f7f3f418df156e1a6d1ee27d611baf7d77b64f9ce309cb1cfd0052ead9542b0b", "a265cf3a258b2af0b0e136f08569ebdf2ccd3f34513ed600d07accf8c270529b", "96d6db813da96f1508ff61080d630ae46408cc609ab7c3a40be628149325c11c", "45789525d5ccc00b4a5148aed0d15e980059525a4ce1ffd1b52f18e9f0606c27", "ba771c968b5a7f61320d6393753544ea54c4caf47204335ac805016e5dcbec49", "973c166822b4fb42e5f786842712f9688f34c2f6895d6a93e2fe926e39d1e183"], "mitre_attack_tags": []}, {"bi": "feed-domain-antivirus-service", "hashes": ["bad7e73891556abd526f9cf32e4b2e961d2c8b911624c43158e6e641d8fdd093", "905f03f2f3bb2f8138d3f31484a3ccdb462606303fbe93f6b9e161f329a0caa9", "78ca6de2cbde73fd0096e4f14311d439fee3a2f7646b0717a89fa2c14addbcc9", "6f3817e26b094cc3974970666a756edc4064ed535a347f04e74938a768cf8a27", "180ece74b103cdbf59f0a8f37f80d86735e257de0c63748342abc10e88844877", "39f7c40cdd521567c481ac4b6b876c2124aadc6068cb7706ea33097524ac4be9", "f7f3f418df156e1a6d1ee27d611baf7d77b64f9ce309cb1cfd0052ead9542b0b", "a265cf3a258b2af0b0e136f08569ebdf2ccd3f34513ed600d07accf8c270529b", "96d6db813da96f1508ff61080d630ae46408cc609ab7c3a40be628149325c11c", "45789525d5ccc00b4a5148aed0d15e980059525a4ce1ffd1b52f18e9f0606c27", "ba771c968b5a7f61320d6393753544ea54c4caf47204335ac805016e5dcbec49", "973c166822b4fb42e5f786842712f9688f34c2f6895d6a93e2fe926e39d1e183"], "mitre_attack_tags": []}, {"bi": "malware-gh0st-rat-mutex-detected", "hashes": ["bad7e73891556abd526f9cf32e4b2e961d2c8b911624c43158e6e641d8fdd093", "78ca6de2cbde73fd0096e4f14311d439fee3a2f7646b0717a89fa2c14addbcc9", "6f3817e26b094cc3974970666a756edc4064ed535a347f04e74938a768cf8a27", "39f7c40cdd521567c481ac4b6b876c2124aadc6068cb7706ea33097524ac4be9", "f7f3f418df156e1a6d1ee27d611baf7d77b64f9ce309cb1cfd0052ead9542b0b", "a265cf3a258b2af0b0e136f08569ebdf2ccd3f34513ed600d07accf8c270529b", "96d6db813da96f1508ff61080d630ae46408cc609ab7c3a40be628149325c11c", "be79cac4f5fdef9437562409d9c4a37c985c3f9010f601efbbfe92d90c95e45a", "ba771c968b5a7f61320d6393753544ea54c4caf47204335ac805016e5dcbec49", "973c166822b4fb42e5f786842712f9688f34c2f6895d6a93e2fe926e39d1e183"], "mitre_attack_tags": []}, {"bi": "network-opendns-malicious", "hashes": ["905f03f2f3bb2f8138d3f31484a3ccdb462606303fbe93f6b9e161f329a0caa9", "78ca6de2cbde73fd0096e4f14311d439fee3a2f7646b0717a89fa2c14addbcc9", "6f3817e26b094cc3974970666a756edc4064ed535a347f04e74938a768cf8a27", "180ece74b103cdbf59f0a8f37f80d86735e257de0c63748342abc10e88844877", "39f7c40cdd521567c481ac4b6b876c2124aadc6068cb7706ea33097524ac4be9", "f7f3f418df156e1a6d1ee27d611baf7d77b64f9ce309cb1cfd0052ead9542b0b", "96d6db813da96f1508ff61080d630ae46408cc609ab7c3a40be628149325c11c", "45789525d5ccc00b4a5148aed0d15e980059525a4ce1ffd1b52f18e9f0606c27", "ba771c968b5a7f61320d6393753544ea54c4caf47204335ac805016e5dcbec49", "973c166822b4fb42e5f786842712f9688f34c2f6895d6a93e2fe926e39d1e183"], "mitre_attack_tags": []}, {"bi": "network-dns-category-cnc", "hashes": ["905f03f2f3bb2f8138d3f31484a3ccdb462606303fbe93f6b9e161f329a0caa9", "78ca6de2cbde73fd0096e4f14311d439fee3a2f7646b0717a89fa2c14addbcc9", "6f3817e26b094cc3974970666a756edc4064ed535a347f04e74938a768cf8a27", "180ece74b103cdbf59f0a8f37f80d86735e257de0c63748342abc10e88844877", "39f7c40cdd521567c481ac4b6b876c2124aadc6068cb7706ea33097524ac4be9", "f7f3f418df156e1a6d1ee27d611baf7d77b64f9ce309cb1cfd0052ead9542b0b", "96d6db813da96f1508ff61080d630ae46408cc609ab7c3a40be628149325c11c", "45789525d5ccc00b4a5148aed0d15e980059525a4ce1ffd1b52f18e9f0606c27", "ba771c968b5a7f61320d6393753544ea54c4caf47204335ac805016e5dcbec49", "973c166822b4fb42e5f786842712f9688f34c2f6895d6a93e2fe926e39d1e183"], "mitre_attack_tags": ["TA0011"]}, {"bi": "modified-file-in-program-dir", "hashes": ["905f03f2f3bb2f8138d3f31484a3ccdb462606303fbe93f6b9e161f329a0caa9", "23925c212a1511b15601983e61c448f0a81d5ff2400aad2b0dfb2130f83db26d", "180ece74b103cdbf59f0a8f37f80d86735e257de0c63748342abc10e88844877", "f7f3f418df156e1a6d1ee27d611baf7d77b64f9ce309cb1cfd0052ead9542b0b", "a265cf3a258b2af0b0e136f08569ebdf2ccd3f34513ed600d07accf8c270529b", "96d6db813da96f1508ff61080d630ae46408cc609ab7c3a40be628149325c11c", "45789525d5ccc00b4a5148aed0d15e980059525a4ce1ffd1b52f18e9f0606c27", "ba771c968b5a7f61320d6393753544ea54c4caf47204335ac805016e5dcbec49"], "mitre_attack_tags": []}, {"bi": "modified-executable", "hashes": ["905f03f2f3bb2f8138d3f31484a3ccdb462606303fbe93f6b9e161f329a0caa9", "23925c212a1511b15601983e61c448f0a81d5ff2400aad2b0dfb2130f83db26d", "180ece74b103cdbf59f0a8f37f80d86735e257de0c63748342abc10e88844877", "f7f3f418df156e1a6d1ee27d611baf7d77b64f9ce309cb1cfd0052ead9542b0b", "a265cf3a258b2af0b0e136f08569ebdf2ccd3f34513ed600d07accf8c270529b", "45789525d5ccc00b4a5148aed0d15e980059525a4ce1ffd1b52f18e9f0606c27", "ba771c968b5a7f61320d6393753544ea54c4caf47204335ac805016e5dcbec49"], "mitre_attack_tags": []}, {"bi": "registry-service-with-autostart-created", "hashes": ["905f03f2f3bb2f8138d3f31484a3ccdb462606303fbe93f6b9e161f329a0caa9", "23925c212a1511b15601983e61c448f0a81d5ff2400aad2b0dfb2130f83db26d", "180ece74b103cdbf59f0a8f37f80d86735e257de0c63748342abc10e88844877", "f7f3f418df156e1a6d1ee27d611baf7d77b64f9ce309cb1cfd0052ead9542b0b", "a265cf3a258b2af0b0e136f08569ebdf2ccd3f34513ed600d07accf8c270529b", "96d6db813da96f1508ff61080d630ae46408cc609ab7c3a40be628149325c11c", "ba771c968b5a7f61320d6393753544ea54c4caf47204335ac805016e5dcbec49"], "mitre_attack_tags": ["TA0005", "TA0003", "TA0004", "T1112", "T1574"]}, {"bi": "currentcontrolset-service-added", "hashes": ["905f03f2f3bb2f8138d3f31484a3ccdb462606303fbe93f6b9e161f329a0caa9", "23925c212a1511b15601983e61c448f0a81d5ff2400aad2b0dfb2130f83db26d", "180ece74b103cdbf59f0a8f37f80d86735e257de0c63748342abc10e88844877", "f7f3f418df156e1a6d1ee27d611baf7d77b64f9ce309cb1cfd0052ead9542b0b", "a265cf3a258b2af0b0e136f08569ebdf2ccd3f34513ed600d07accf8c270529b", "96d6db813da96f1508ff61080d630ae46408cc609ab7c3a40be628149325c11c", "ba771c968b5a7f61320d6393753544ea54c4caf47204335ac805016e5dcbec49"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1569", "T1547"]}, {"bi": "sample-launched-copy-of-self", "hashes": ["905f03f2f3bb2f8138d3f31484a3ccdb462606303fbe93f6b9e161f329a0caa9", "23925c212a1511b15601983e61c448f0a81d5ff2400aad2b0dfb2130f83db26d", "180ece74b103cdbf59f0a8f37f80d86735e257de0c63748342abc10e88844877", "f7f3f418df156e1a6d1ee27d611baf7d77b64f9ce309cb1cfd0052ead9542b0b", "a265cf3a258b2af0b0e136f08569ebdf2ccd3f34513ed600d07accf8c270529b", "96d6db813da96f1508ff61080d630ae46408cc609ab7c3a40be628149325c11c", "ba771c968b5a7f61320d6393753544ea54c4caf47204335ac805016e5dcbec49"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "new-service-launched", "hashes": ["905f03f2f3bb2f8138d3f31484a3ccdb462606303fbe93f6b9e161f329a0caa9", "23925c212a1511b15601983e61c448f0a81d5ff2400aad2b0dfb2130f83db26d", "180ece74b103cdbf59f0a8f37f80d86735e257de0c63748342abc10e88844877", "f7f3f418df156e1a6d1ee27d611baf7d77b64f9ce309cb1cfd0052ead9542b0b", "a265cf3a258b2af0b0e136f08569ebdf2ccd3f34513ed600d07accf8c270529b", "96d6db813da96f1508ff61080d630ae46408cc609ab7c3a40be628149325c11c", "ba771c968b5a7f61320d6393753544ea54c4caf47204335ac805016e5dcbec49"], "mitre_attack_tags": ["TA0002", "T1569"]}, {"bi": "malware-gh0st-rat-autorun-registry-detected", "hashes": ["905f03f2f3bb2f8138d3f31484a3ccdb462606303fbe93f6b9e161f329a0caa9", "23925c212a1511b15601983e61c448f0a81d5ff2400aad2b0dfb2130f83db26d", "180ece74b103cdbf59f0a8f37f80d86735e257de0c63748342abc10e88844877", "f7f3f418df156e1a6d1ee27d611baf7d77b64f9ce309cb1cfd0052ead9542b0b", "a265cf3a258b2af0b0e136f08569ebdf2ccd3f34513ed600d07accf8c270529b", "96d6db813da96f1508ff61080d630ae46408cc609ab7c3a40be628149325c11c", "ba771c968b5a7f61320d6393753544ea54c4caf47204335ac805016e5dcbec49"], "mitre_attack_tags": []}, {"bi": "network-only-safe-domains-contacted", "hashes": ["bad7e73891556abd526f9cf32e4b2e961d2c8b911624c43158e6e641d8fdd093", "39f7c40cdd521567c481ac4b6b876c2124aadc6068cb7706ea33097524ac4be9", "a265cf3a258b2af0b0e136f08569ebdf2ccd3f34513ed600d07accf8c270529b", "ba771c968b5a7f61320d6393753544ea54c4caf47204335ac805016e5dcbec49", "973c166822b4fb42e5f786842712f9688f34c2f6895d6a93e2fe926e39d1e183"], "mitre_attack_tags": []}, {"bi": "audio-video-mutex-detected", "hashes": ["bad7e73891556abd526f9cf32e4b2e961d2c8b911624c43158e6e641d8fdd093", "180ece74b103cdbf59f0a8f37f80d86735e257de0c63748342abc10e88844877", "39f7c40cdd521567c481ac4b6b876c2124aadc6068cb7706ea33097524ac4be9", "ba771c968b5a7f61320d6393753544ea54c4caf47204335ac805016e5dcbec49", "973c166822b4fb42e5f786842712f9688f34c2f6895d6a93e2fe926e39d1e183"], "mitre_attack_tags": ["TA0009", "T1123", "T1125"]}, {"bi": "excessive-logical-drive-enumeration", "hashes": ["bad7e73891556abd526f9cf32e4b2e961d2c8b911624c43158e6e641d8fdd093", "180ece74b103cdbf59f0a8f37f80d86735e257de0c63748342abc10e88844877", "39f7c40cdd521567c481ac4b6b876c2124aadc6068cb7706ea33097524ac4be9", "ba771c968b5a7f61320d6393753544ea54c4caf47204335ac805016e5dcbec49", "973c166822b4fb42e5f786842712f9688f34c2f6895d6a93e2fe926e39d1e183"], "mitre_attack_tags": ["TA0007", "TA0009", "T1120", "T1025"]}, {"bi": "sample-launched-copy-domain-flagged", "hashes": ["905f03f2f3bb2f8138d3f31484a3ccdb462606303fbe93f6b9e161f329a0caa9", "180ece74b103cdbf59f0a8f37f80d86735e257de0c63748342abc10e88844877", "f7f3f418df156e1a6d1ee27d611baf7d77b64f9ce309cb1cfd0052ead9542b0b", "96d6db813da96f1508ff61080d630ae46408cc609ab7c3a40be628149325c11c", "ba771c968b5a7f61320d6393753544ea54c4caf47204335ac805016e5dcbec49"], "mitre_attack_tags": ["TA0011", "T1102"]}, {"bi": "registry-autorun-key-modified", "hashes": ["bad7e73891556abd526f9cf32e4b2e961d2c8b911624c43158e6e641d8fdd093", "78ca6de2cbde73fd0096e4f14311d439fee3a2f7646b0717a89fa2c14addbcc9", "be79cac4f5fdef9437562409d9c4a37c985c3f9010f601efbbfe92d90c95e45a", "973c166822b4fb42e5f786842712f9688f34c2f6895d6a93e2fe926e39d1e183"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "registry-autorun-key-points-to-temp", "hashes": ["bad7e73891556abd526f9cf32e4b2e961d2c8b911624c43158e6e641d8fdd093", "78ca6de2cbde73fd0096e4f14311d439fee3a2f7646b0717a89fa2c14addbcc9", "be79cac4f5fdef9437562409d9c4a37c985c3f9010f601efbbfe92d90c95e45a", "973c166822b4fb42e5f786842712f9688f34c2f6895d6a93e2fe926e39d1e183"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "deleted-submitted-file", "hashes": ["905f03f2f3bb2f8138d3f31484a3ccdb462606303fbe93f6b9e161f329a0caa9", "23925c212a1511b15601983e61c448f0a81d5ff2400aad2b0dfb2130f83db26d", "6f3817e26b094cc3974970666a756edc4064ed535a347f04e74938a768cf8a27", "f7f3f418df156e1a6d1ee27d611baf7d77b64f9ce309cb1cfd0052ead9542b0b"], "mitre_attack_tags": ["TA0005"]}, {"bi": "artifact-exec-extension-obfuscation", "hashes": ["905f03f2f3bb2f8138d3f31484a3ccdb462606303fbe93f6b9e161f329a0caa9", "23925c212a1511b15601983e61c448f0a81d5ff2400aad2b0dfb2130f83db26d", "f7f3f418df156e1a6d1ee27d611baf7d77b64f9ce309cb1cfd0052ead9542b0b", "96d6db813da96f1508ff61080d630ae46408cc609ab7c3a40be628149325c11c"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "excessive-tcp-connections", "hashes": ["62512c22b06a8e3d2ceeff6e8a0acded0d2a45e476c1fda5abdb86704fc71ad6", "23925c212a1511b15601983e61c448f0a81d5ff2400aad2b0dfb2130f83db26d", "6f3817e26b094cc3974970666a756edc4064ed535a347f04e74938a768cf8a27", "be79cac4f5fdef9437562409d9c4a37c985c3f9010f601efbbfe92d90c95e45a"], "mitre_attack_tags": ["TA0011", "T1095", "T1008"]}, {"bi": "altered-sample-dns-flagged", "hashes": ["905f03f2f3bb2f8138d3f31484a3ccdb462606303fbe93f6b9e161f329a0caa9", "6f3817e26b094cc3974970666a756edc4064ed535a347f04e74938a768cf8a27", "f7f3f418df156e1a6d1ee27d611baf7d77b64f9ce309cb1cfd0052ead9542b0b"], "mitre_attack_tags": ["TA0011", "T1102"]}, {"bi": "file-pending-delete", "hashes": ["905f03f2f3bb2f8138d3f31484a3ccdb462606303fbe93f6b9e161f329a0caa9", "23925c212a1511b15601983e61c448f0a81d5ff2400aad2b0dfb2130f83db26d", "f7f3f418df156e1a6d1ee27d611baf7d77b64f9ce309cb1cfd0052ead9542b0b"], "mitre_attack_tags": ["TA0005"]}, {"bi": "pe-header-numofsymbols", "hashes": ["905f03f2f3bb2f8138d3f31484a3ccdb462606303fbe93f6b9e161f329a0caa9", "180ece74b103cdbf59f0a8f37f80d86735e257de0c63748342abc10e88844877", "ba771c968b5a7f61320d6393753544ea54c4caf47204335ac805016e5dcbec49"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "dns-query-nxdomain", "hashes": ["6f3817e26b094cc3974970666a756edc4064ed535a347f04e74938a768cf8a27", "45789525d5ccc00b4a5148aed0d15e980059525a4ce1ffd1b52f18e9f0606c27"], "mitre_attack_tags": []}, {"bi": "netbios-query", "hashes": ["6f3817e26b094cc3974970666a756edc4064ed535a347f04e74938a768cf8a27", "45789525d5ccc00b4a5148aed0d15e980059525a4ce1ffd1b52f18e9f0606c27"], "mitre_attack_tags": ["TA0007", "T1016"]}, {"bi": "network-snort-indicator-compromise", "hashes": ["6f3817e26b094cc3974970666a756edc4064ed535a347f04e74938a768cf8a27", "45789525d5ccc00b4a5148aed0d15e980059525a4ce1ffd1b52f18e9f0606c27"], "mitre_attack_tags": []}, {"bi": "registry-autorun-key-bat-file", "hashes": ["96d6db813da96f1508ff61080d630ae46408cc609ab7c3a40be628149325c11c"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "pe-encrypted-section", "hashes": ["45789525d5ccc00b4a5148aed0d15e980059525a4ce1ffd1b52f18e9f0606c27"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-filename-mismatch", "hashes": ["45789525d5ccc00b4a5148aed0d15e980059525a4ce1ffd1b52f18e9f0606c27"], "mitre_attack_tags": []}, {"bi": "pe-section-execute-writable", "hashes": ["45789525d5ccc00b4a5148aed0d15e980059525a4ce1ffd1b52f18e9f0606c27"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-packed-upx", "hashes": ["45789525d5ccc00b4a5148aed0d15e980059525a4ce1ffd1b52f18e9f0606c27"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "network-fast-flux-nameserver", "hashes": ["45789525d5ccc00b4a5148aed0d15e980059525a4ce1ffd1b52f18e9f0606c27"], "mitre_attack_tags": []}, {"bi": "feed-domain-banking", "hashes": ["45789525d5ccc00b4a5148aed0d15e980059525a4ce1ffd1b52f18e9f0606c27"], "mitre_attack_tags": []}, {"bi": "malware-known-trojan-av", "hashes": ["45789525d5ccc00b4a5148aed0d15e980059525a4ce1ffd1b52f18e9f0606c27"], "mitre_attack_tags": []}, {"bi": "pe-resource-lang-russian", "hashes": ["45789525d5ccc00b4a5148aed0d15e980059525a4ce1ffd1b52f18e9f0606c27"], "mitre_attack_tags": []}, {"bi": "malware-ramnit-mutex", "hashes": ["45789525d5ccc00b4a5148aed0d15e980059525a4ce1ffd1b52f18e9f0606c27"], "mitre_attack_tags": []}, {"bi": "malware-ramnit", "hashes": ["45789525d5ccc00b4a5148aed0d15e980059525a4ce1ffd1b52f18e9f0606c27"], "mitre_attack_tags": []}], "category": "Dropper", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": true, "Threat Grid": true, "Umbrella": true, "WSA": true}, "description": "Gh0stRAT is a well-known family of remote access trojans designed to provide an attacker with complete control over an infected system. Capabilities include monitoring keystrokes, collecting video footage from the webcam, and uploading/executing follow-on malware. The source code for Gh0stRAT has been publicly available on the Internet for years, significantly lowering the barrier for actors to modify and reuse the code in new attacks.", "hashes": ["180ece74b103cdbf59f0a8f37f80d86735e257de0c63748342abc10e88844877", "23925c212a1511b15601983e61c448f0a81d5ff2400aad2b0dfb2130f83db26d", "39f7c40cdd521567c481ac4b6b876c2124aadc6068cb7706ea33097524ac4be9", "45789525d5ccc00b4a5148aed0d15e980059525a4ce1ffd1b52f18e9f0606c27", "62512c22b06a8e3d2ceeff6e8a0acded0d2a45e476c1fda5abdb86704fc71ad6", "6f3817e26b094cc3974970666a756edc4064ed535a347f04e74938a768cf8a27", "78ca6de2cbde73fd0096e4f14311d439fee3a2f7646b0717a89fa2c14addbcc9", "905f03f2f3bb2f8138d3f31484a3ccdb462606303fbe93f6b9e161f329a0caa9", "96d6db813da96f1508ff61080d630ae46408cc609ab7c3a40be628149325c11c", "973c166822b4fb42e5f786842712f9688f34c2f6895d6a93e2fe926e39d1e183", "a265cf3a258b2af0b0e136f08569ebdf2ccd3f34513ed600d07accf8c270529b", "ba771c968b5a7f61320d6393753544ea54c4caf47204335ac805016e5dcbec49", "bad7e73891556abd526f9cf32e4b2e961d2c8b911624c43158e6e641d8fdd093", "be79cac4f5fdef9437562409d9c4a37c985c3f9010f601efbbfe92d90c95e45a", "f7f3f418df156e1a6d1ee27d611baf7d77b64f9ce309cb1cfd0052ead9542b0b"], "iocs": {"domain": [{"hashes": ["180ece74b103cdbf59f0a8f37f80d86735e257de0c63748342abc10e88844877", "39f7c40cdd521567c481ac4b6b876c2124aadc6068cb7706ea33097524ac4be9", "78ca6de2cbde73fd0096e4f14311d439fee3a2f7646b0717a89fa2c14addbcc9", "905f03f2f3bb2f8138d3f31484a3ccdb462606303fbe93f6b9e161f329a0caa9", "96d6db813da96f1508ff61080d630ae46408cc609ab7c3a40be628149325c11c", "973c166822b4fb42e5f786842712f9688f34c2f6895d6a93e2fe926e39d1e183", "ba771c968b5a7f61320d6393753544ea54c4caf47204335ac805016e5dcbec49", "f7f3f418df156e1a6d1ee27d611baf7d77b64f9ce309cb1cfd0052ead9542b0b"], "host": "guduo[.]xyz"}, {"hashes": ["45789525d5ccc00b4a5148aed0d15e980059525a4ce1ffd1b52f18e9f0606c27", "6f3817e26b094cc3974970666a756edc4064ed535a347f04e74938a768cf8a27"], "host": "lqwljs[.]cn"}, {"hashes": ["45789525d5ccc00b4a5148aed0d15e980059525a4ce1ffd1b52f18e9f0606c27"], "host": "www[.]bing[.]com"}, {"hashes": ["ba771c968b5a7f61320d6393753544ea54c4caf47204335ac805016e5dcbec49"], "host": "ikun100[.]e2[.]luyouxia[.]net"}, {"hashes": ["45789525d5ccc00b4a5148aed0d15e980059525a4ce1ffd1b52f18e9f0606c27"], "host": "sjlwql[.]top"}, {"hashes": ["bad7e73891556abd526f9cf32e4b2e961d2c8b911624c43158e6e641d8fdd093"], "host": "zxjice[.]e2[.]luyouxia[.]net"}, {"hashes": ["973c166822b4fb42e5f786842712f9688f34c2f6895d6a93e2fe926e39d1e183"], "host": "wbswchrjx[.]e2[.]luyouxia[.]net"}, {"hashes": ["a265cf3a258b2af0b0e136f08569ebdf2ccd3f34513ed600d07accf8c270529b"], "host": "ovo520[.]e2[.]luyouxia[.]net"}, {"hashes": ["39f7c40cdd521567c481ac4b6b876c2124aadc6068cb7706ea33097524ac4be9"], "host": "chx031x[.]e2[.]luyouxia[.]net"}], "file": [{"hashes": ["45789525d5ccc00b4a5148aed0d15e980059525a4ce1ffd1b52f18e9f0606c27"], "path": "%ProgramFiles(x86)%\\Microsoft"}, {"hashes": ["45789525d5ccc00b4a5148aed0d15e980059525a4ce1ffd1b52f18e9f0606c27"], "path": "%ProgramFiles(x86)%\\Microsoft\\DesktopLayer.exe"}, {"hashes": ["f7f3f418df156e1a6d1ee27d611baf7d77b64f9ce309cb1cfd0052ead9542b0b"], "path": "%ProgramFiles(x86)%\\Cayeqau.exe"}, {"hashes": ["45789525d5ccc00b4a5148aed0d15e980059525a4ce1ffd1b52f18e9f0606c27"], "path": "%ProgramFiles(x86)%\\Microsoft\\px7B89.tmp"}, {"hashes": ["45789525d5ccc00b4a5148aed0d15e980059525a4ce1ffd1b52f18e9f0606c27"], "path": "\\TEMP\\62c619724cfde20c7571df62d38331b6Srv.exe"}, {"hashes": ["180ece74b103cdbf59f0a8f37f80d86735e257de0c63748342abc10e88844877"], "path": "%ProgramFiles(x86)%\\Thrnvvd.exe"}, {"hashes": ["905f03f2f3bb2f8138d3f31484a3ccdb462606303fbe93f6b9e161f329a0caa9"], "path": "%ProgramFiles(x86)%\\Ygkuwmk.exe"}, {"hashes": ["23925c212a1511b15601983e61c448f0a81d5ff2400aad2b0dfb2130f83db26d"], "path": "%ProgramFiles(x86)%\\Gkykrps.exe"}, {"hashes": ["a265cf3a258b2af0b0e136f08569ebdf2ccd3f34513ed600d07accf8c270529b"], "path": "%ProgramFiles(x86)%\\Bwfjsue.exe"}, {"hashes": ["96d6db813da96f1508ff61080d630ae46408cc609ab7c3a40be628149325c11c"], "path": "%ProgramFiles(x86)%\\Microsoft Fazazl"}, {"hashes": ["96d6db813da96f1508ff61080d630ae46408cc609ab7c3a40be628149325c11c"], "path": "%ProgramFiles(x86)%\\Microsoft Fazazl\\Vhipcno.bat"}, {"hashes": ["ba771c968b5a7f61320d6393753544ea54c4caf47204335ac805016e5dcbec49"], "path": "%ProgramFiles(x86)%\\Mgucqww.exe"}], "ip": [{"hashes": ["180ece74b103cdbf59f0a8f37f80d86735e257de0c63748342abc10e88844877", "39f7c40cdd521567c481ac4b6b876c2124aadc6068cb7706ea33097524ac4be9", "78ca6de2cbde73fd0096e4f14311d439fee3a2f7646b0717a89fa2c14addbcc9", "905f03f2f3bb2f8138d3f31484a3ccdb462606303fbe93f6b9e161f329a0caa9", "96d6db813da96f1508ff61080d630ae46408cc609ab7c3a40be628149325c11c", "973c166822b4fb42e5f786842712f9688f34c2f6895d6a93e2fe926e39d1e183", "ba771c968b5a7f61320d6393753544ea54c4caf47204335ac805016e5dcbec49", "f7f3f418df156e1a6d1ee27d611baf7d77b64f9ce309cb1cfd0052ead9542b0b"], "ip": "47[.]52[.]162[.]13"}, {"hashes": ["23925c212a1511b15601983e61c448f0a81d5ff2400aad2b0dfb2130f83db26d", "62512c22b06a8e3d2ceeff6e8a0acded0d2a45e476c1fda5abdb86704fc71ad6", "6f3817e26b094cc3974970666a756edc4064ed535a347f04e74938a768cf8a27"], "ip": "124[.]70[.]9[.]149"}, {"hashes": ["39f7c40cdd521567c481ac4b6b876c2124aadc6068cb7706ea33097524ac4be9", "a265cf3a258b2af0b0e136f08569ebdf2ccd3f34513ed600d07accf8c270529b", "bad7e73891556abd526f9cf32e4b2e961d2c8b911624c43158e6e641d8fdd093"], "ip": "123[.]99[.]198[.]201"}, {"hashes": ["973c166822b4fb42e5f786842712f9688f34c2f6895d6a93e2fe926e39d1e183", "ba771c968b5a7f61320d6393753544ea54c4caf47204335ac805016e5dcbec49"], "ip": "43[.]248[.]129[.]49"}, {"hashes": ["a265cf3a258b2af0b0e136f08569ebdf2ccd3f34513ed600d07accf8c270529b"], "ip": "154[.]19[.]202[.]186"}, {"hashes": ["be79cac4f5fdef9437562409d9c4a37c985c3f9010f601efbbfe92d90c95e45a"], "ip": "120[.]26[.]55[.]179"}, {"hashes": ["45789525d5ccc00b4a5148aed0d15e980059525a4ce1ffd1b52f18e9f0606c27"], "ip": "171[.]214[.]11[.]140"}, {"hashes": ["180ece74b103cdbf59f0a8f37f80d86735e257de0c63748342abc10e88844877"], "ip": "180[.]76[.]120[.]191"}, {"hashes": ["be79cac4f5fdef9437562409d9c4a37c985c3f9010f601efbbfe92d90c95e45a"], "ip": "111[.]67[.]207[.]155"}], "mutex": [{"hashes": ["45789525d5ccc00b4a5148aed0d15e980059525a4ce1ffd1b52f18e9f0606c27"], "name": "KyUffThOkYwRRtgPP"}, {"hashes": ["f7f3f418df156e1a6d1ee27d611baf7d77b64f9ce309cb1cfd0052ead9542b0b"], "name": "127.0.0.1:8888:Rscdxm riifdjka"}, {"hashes": ["45789525d5ccc00b4a5148aed0d15e980059525a4ce1ffd1b52f18e9f0606c27"], "name": "171.214.11.140:6666:Rsmwis uuasausu"}, {"hashes": ["78ca6de2cbde73fd0096e4f14311d439fee3a2f7646b0717a89fa2c14addbcc9"], "name": "127.0.0.1:8888:Rsrajf bxvuoiyo"}, {"hashes": ["bad7e73891556abd526f9cf32e4b2e961d2c8b911624c43158e6e641d8fdd093"], "name": "zxjice.e2.luyouxia.net:26000:Rsksig wcugiqya"}, {"hashes": ["6f3817e26b094cc3974970666a756edc4064ed535a347f04e74938a768cf8a27"], "name": "127.0.0.1:2022:Rsrcpv rfbcwoyq"}, {"hashes": ["62512c22b06a8e3d2ceeff6e8a0acded0d2a45e476c1fda5abdb86704fc71ad6"], "name": "192.168.1.159:2022:Rsdetk yarseriw"}, {"hashes": ["180ece74b103cdbf59f0a8f37f80d86735e257de0c63748342abc10e88844877"], "name": "180.76.120.191:8888:Rsgaqa miwweaek"}, {"hashes": ["905f03f2f3bb2f8138d3f31484a3ccdb462606303fbe93f6b9e161f329a0caa9"], "name": "lcaus786.e2.luyouxia.net:22785:21086:Rstezx rzpqcquk"}, {"hashes": ["be79cac4f5fdef9437562409d9c4a37c985c3f9010f601efbbfe92d90c95e45a"], "name": "111.67.207.155:2024:Rsieyo ysssmucy"}, {"hashes": ["23925c212a1511b15601983e61c448f0a81d5ff2400aad2b0dfb2130f83db26d"], "name": "192.168.1.45:80:Rswoae mymisigc"}, {"hashes": ["973c166822b4fb42e5f786842712f9688f34c2f6895d6a93e2fe926e39d1e183"], "name": "wbswchrjx.e2.luyouxia.net:28720:Rsdivy soncwnqq"}, {"hashes": ["a265cf3a258b2af0b0e136f08569ebdf2ccd3f34513ed600d07accf8c270529b"], "name": "ovo520.e2.luyouxia.net:20012:Rsqeiw yqkquikq"}, {"hashes": ["39f7c40cdd521567c481ac4b6b876c2124aadc6068cb7706ea33097524ac4be9"], "name": "chx031x.e2.luyouxia.net:6471:Rsflnl ppdpdwhy"}, {"hashes": ["96d6db813da96f1508ff61080d630ae46408cc609ab7c3a40be628149325c11c"], "name": "127.0.0.1:8000:Rsqqss iiqmoqcy"}, {"hashes": ["ba771c968b5a7f61320d6393753544ea54c4caf47204335ac805016e5dcbec49"], "name": "ikun100.e2.luyouxia.net:28249:Rsghzj kmnmrnla"}], "registry": [{"hashes": ["180ece74b103cdbf59f0a8f37f80d86735e257de0c63748342abc10e88844877", "23925c212a1511b15601983e61c448f0a81d5ff2400aad2b0dfb2130f83db26d", "905f03f2f3bb2f8138d3f31484a3ccdb462606303fbe93f6b9e161f329a0caa9", "96d6db813da96f1508ff61080d630ae46408cc609ab7c3a40be628149325c11c", "a265cf3a258b2af0b0e136f08569ebdf2ccd3f34513ed600d07accf8c270529b", "ba771c968b5a7f61320d6393753544ea54c4caf47204335ac805016e5dcbec49", "f7f3f418df156e1a6d1ee27d611baf7d77b64f9ce309cb1cfd0052ead9542b0b"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\RS<random, matching '[A-Z]{4} [A-Z]{8}'>", "value_name": null}, {"hashes": ["180ece74b103cdbf59f0a8f37f80d86735e257de0c63748342abc10e88844877", "23925c212a1511b15601983e61c448f0a81d5ff2400aad2b0dfb2130f83db26d", "905f03f2f3bb2f8138d3f31484a3ccdb462606303fbe93f6b9e161f329a0caa9", "96d6db813da96f1508ff61080d630ae46408cc609ab7c3a40be628149325c11c", "a265cf3a258b2af0b0e136f08569ebdf2ccd3f34513ed600d07accf8c270529b", "ba771c968b5a7f61320d6393753544ea54c4caf47204335ac805016e5dcbec49", "f7f3f418df156e1a6d1ee27d611baf7d77b64f9ce309cb1cfd0052ead9542b0b"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\RS<random, matching '[A-Z]{4} [A-Z]{8}'>", "value_name": "Type"}, {"hashes": ["180ece74b103cdbf59f0a8f37f80d86735e257de0c63748342abc10e88844877", "23925c212a1511b15601983e61c448f0a81d5ff2400aad2b0dfb2130f83db26d", "905f03f2f3bb2f8138d3f31484a3ccdb462606303fbe93f6b9e161f329a0caa9", "96d6db813da96f1508ff61080d630ae46408cc609ab7c3a40be628149325c11c", "a265cf3a258b2af0b0e136f08569ebdf2ccd3f34513ed600d07accf8c270529b", "ba771c968b5a7f61320d6393753544ea54c4caf47204335ac805016e5dcbec49", "f7f3f418df156e1a6d1ee27d611baf7d77b64f9ce309cb1cfd0052ead9542b0b"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\RS<random, matching '[A-Z]{4} [A-Z]{8}'>", "value_name": "Start"}, {"hashes": ["180ece74b103cdbf59f0a8f37f80d86735e257de0c63748342abc10e88844877", "23925c212a1511b15601983e61c448f0a81d5ff2400aad2b0dfb2130f83db26d", "905f03f2f3bb2f8138d3f31484a3ccdb462606303fbe93f6b9e161f329a0caa9", "96d6db813da96f1508ff61080d630ae46408cc609ab7c3a40be628149325c11c", "a265cf3a258b2af0b0e136f08569ebdf2ccd3f34513ed600d07accf8c270529b", "ba771c968b5a7f61320d6393753544ea54c4caf47204335ac805016e5dcbec49", "f7f3f418df156e1a6d1ee27d611baf7d77b64f9ce309cb1cfd0052ead9542b0b"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\RS<random, matching '[A-Z]{4} [A-Z]{8}'>", "value_name": "ErrorControl"}, {"hashes": ["180ece74b103cdbf59f0a8f37f80d86735e257de0c63748342abc10e88844877", "23925c212a1511b15601983e61c448f0a81d5ff2400aad2b0dfb2130f83db26d", "905f03f2f3bb2f8138d3f31484a3ccdb462606303fbe93f6b9e161f329a0caa9", "96d6db813da96f1508ff61080d630ae46408cc609ab7c3a40be628149325c11c", "a265cf3a258b2af0b0e136f08569ebdf2ccd3f34513ed600d07accf8c270529b", "ba771c968b5a7f61320d6393753544ea54c4caf47204335ac805016e5dcbec49", "f7f3f418df156e1a6d1ee27d611baf7d77b64f9ce309cb1cfd0052ead9542b0b"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\RS<random, matching '[A-Z]{4} [A-Z]{8}'>", "value_name": "ImagePath"}, {"hashes": ["180ece74b103cdbf59f0a8f37f80d86735e257de0c63748342abc10e88844877", "23925c212a1511b15601983e61c448f0a81d5ff2400aad2b0dfb2130f83db26d", "905f03f2f3bb2f8138d3f31484a3ccdb462606303fbe93f6b9e161f329a0caa9", "96d6db813da96f1508ff61080d630ae46408cc609ab7c3a40be628149325c11c", "a265cf3a258b2af0b0e136f08569ebdf2ccd3f34513ed600d07accf8c270529b", "ba771c968b5a7f61320d6393753544ea54c4caf47204335ac805016e5dcbec49", "f7f3f418df156e1a6d1ee27d611baf7d77b64f9ce309cb1cfd0052ead9542b0b"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\RS<random, matching '[A-Z]{4} [A-Z]{8}'>", "value_name": "DisplayName"}, {"hashes": ["180ece74b103cdbf59f0a8f37f80d86735e257de0c63748342abc10e88844877", "23925c212a1511b15601983e61c448f0a81d5ff2400aad2b0dfb2130f83db26d", "905f03f2f3bb2f8138d3f31484a3ccdb462606303fbe93f6b9e161f329a0caa9", "96d6db813da96f1508ff61080d630ae46408cc609ab7c3a40be628149325c11c", "a265cf3a258b2af0b0e136f08569ebdf2ccd3f34513ed600d07accf8c270529b", "ba771c968b5a7f61320d6393753544ea54c4caf47204335ac805016e5dcbec49", "f7f3f418df156e1a6d1ee27d611baf7d77b64f9ce309cb1cfd0052ead9542b0b"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\RS<random, matching '[A-Z]{4} [A-Z]{8}'>", "value_name": "WOW64"}, {"hashes": ["180ece74b103cdbf59f0a8f37f80d86735e257de0c63748342abc10e88844877", "23925c212a1511b15601983e61c448f0a81d5ff2400aad2b0dfb2130f83db26d", "905f03f2f3bb2f8138d3f31484a3ccdb462606303fbe93f6b9e161f329a0caa9", "96d6db813da96f1508ff61080d630ae46408cc609ab7c3a40be628149325c11c", "a265cf3a258b2af0b0e136f08569ebdf2ccd3f34513ed600d07accf8c270529b", "ba771c968b5a7f61320d6393753544ea54c4caf47204335ac805016e5dcbec49", "f7f3f418df156e1a6d1ee27d611baf7d77b64f9ce309cb1cfd0052ead9542b0b"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\RS<random, matching '[A-Z]{4} [A-Z]{8}'>", "value_name": "ObjectName"}, {"hashes": ["180ece74b103cdbf59f0a8f37f80d86735e257de0c63748342abc10e88844877", "23925c212a1511b15601983e61c448f0a81d5ff2400aad2b0dfb2130f83db26d", "905f03f2f3bb2f8138d3f31484a3ccdb462606303fbe93f6b9e161f329a0caa9", "96d6db813da96f1508ff61080d630ae46408cc609ab7c3a40be628149325c11c", "a265cf3a258b2af0b0e136f08569ebdf2ccd3f34513ed600d07accf8c270529b", "ba771c968b5a7f61320d6393753544ea54c4caf47204335ac805016e5dcbec49", "f7f3f418df156e1a6d1ee27d611baf7d77b64f9ce309cb1cfd0052ead9542b0b"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\RS<random, matching '[A-Z]{4} [A-Z]{8}'>", "value_name": "Description"}, {"hashes": ["180ece74b103cdbf59f0a8f37f80d86735e257de0c63748342abc10e88844877", "23925c212a1511b15601983e61c448f0a81d5ff2400aad2b0dfb2130f83db26d", "905f03f2f3bb2f8138d3f31484a3ccdb462606303fbe93f6b9e161f329a0caa9", "96d6db813da96f1508ff61080d630ae46408cc609ab7c3a40be628149325c11c", "a265cf3a258b2af0b0e136f08569ebdf2ccd3f34513ed600d07accf8c270529b", "ba771c968b5a7f61320d6393753544ea54c4caf47204335ac805016e5dcbec49", "f7f3f418df156e1a6d1ee27d611baf7d77b64f9ce309cb1cfd0052ead9542b0b"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\RS<random, matching '[A-Z]{4} [A-Z]{8}'>", "value_name": "FailureActions"}, {"hashes": ["78ca6de2cbde73fd0096e4f14311d439fee3a2f7646b0717a89fa2c14addbcc9", "973c166822b4fb42e5f786842712f9688f34c2f6895d6a93e2fe926e39d1e183", "bad7e73891556abd526f9cf32e4b2e961d2c8b911624c43158e6e641d8fdd093", "be79cac4f5fdef9437562409d9c4a37c985c3f9010f601efbbfe92d90c95e45a"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": ""}, {"hashes": ["bad7e73891556abd526f9cf32e4b2e961d2c8b911624c43158e6e641d8fdd093"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\CONTROL\\RSKSIG WCUGIQYA", "value_name": null}, {"hashes": ["180ece74b103cdbf59f0a8f37f80d86735e257de0c63748342abc10e88844877"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\CONTROL\\RSGAQA MIWWEAEK", "value_name": null}, {"hashes": ["bad7e73891556abd526f9cf32e4b2e961d2c8b911624c43158e6e641d8fdd093"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\CONTROL\\RSKSIG WCUGIQYA", "value_name": "ConnectGroup"}, {"hashes": ["bad7e73891556abd526f9cf32e4b2e961d2c8b911624c43158e6e641d8fdd093"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\CONTROL\\RSKSIG WCUGIQYA", "value_name": "MarkTime"}, {"hashes": ["180ece74b103cdbf59f0a8f37f80d86735e257de0c63748342abc10e88844877"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\CONTROL\\RSGAQA MIWWEAEK", "value_name": "ConnectGroup"}, {"hashes": ["6f3817e26b094cc3974970666a756edc4064ed535a347f04e74938a768cf8a27"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\CONTROL\\RSRCPV RFBCWOYQ", "value_name": null}, {"hashes": ["6f3817e26b094cc3974970666a756edc4064ed535a347f04e74938a768cf8a27"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\CONTROL\\RSRCPV RFBCWOYQ", "value_name": "ConnectGroup"}, {"hashes": ["180ece74b103cdbf59f0a8f37f80d86735e257de0c63748342abc10e88844877"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\CONTROL\\RSGAQA MIWWEAEK", "value_name": "MarkTime"}, {"hashes": ["6f3817e26b094cc3974970666a756edc4064ed535a347f04e74938a768cf8a27"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\CONTROL\\RSRCPV RFBCWOYQ", "value_name": "MarkTime"}, {"hashes": ["62512c22b06a8e3d2ceeff6e8a0acded0d2a45e476c1fda5abdb86704fc71ad6"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\CONTROL\\RSDETK YARSERIW", "value_name": null}, {"hashes": ["62512c22b06a8e3d2ceeff6e8a0acded0d2a45e476c1fda5abdb86704fc71ad6"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\CONTROL\\RSDETK YARSERIW", "value_name": "ConnectGroup"}, {"hashes": ["62512c22b06a8e3d2ceeff6e8a0acded0d2a45e476c1fda5abdb86704fc71ad6"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\CONTROL\\RSDETK YARSERIW", "value_name": "MarkTime"}, {"hashes": ["905f03f2f3bb2f8138d3f31484a3ccdb462606303fbe93f6b9e161f329a0caa9"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\CONTROL\\RSTEZX RZPQCQUK", "value_name": null}, {"hashes": ["905f03f2f3bb2f8138d3f31484a3ccdb462606303fbe93f6b9e161f329a0caa9"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\CONTROL\\RSTEZX RZPQCQUK", "value_name": "ConnectGroup"}, {"hashes": ["905f03f2f3bb2f8138d3f31484a3ccdb462606303fbe93f6b9e161f329a0caa9"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\CONTROL\\RSTEZX RZPQCQUK", "value_name": "MarkTime"}, {"hashes": ["be79cac4f5fdef9437562409d9c4a37c985c3f9010f601efbbfe92d90c95e45a"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\CONTROL\\RSIEYO YSSSMUCY", "value_name": null}, {"hashes": ["be79cac4f5fdef9437562409d9c4a37c985c3f9010f601efbbfe92d90c95e45a"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\CONTROL\\RSIEYO YSSSMUCY", "value_name": "ConnectGroup"}, {"hashes": ["be79cac4f5fdef9437562409d9c4a37c985c3f9010f601efbbfe92d90c95e45a"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\CONTROL\\RSIEYO YSSSMUCY", "value_name": "MarkTime"}, {"hashes": ["23925c212a1511b15601983e61c448f0a81d5ff2400aad2b0dfb2130f83db26d"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\CONTROL\\RSWOAE MYMISIGC", "value_name": null}, {"hashes": ["23925c212a1511b15601983e61c448f0a81d5ff2400aad2b0dfb2130f83db26d"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\CONTROL\\RSWOAE MYMISIGC", "value_name": "ConnectGroup"}, {"hashes": ["23925c212a1511b15601983e61c448f0a81d5ff2400aad2b0dfb2130f83db26d"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\CONTROL\\RSWOAE MYMISIGC", "value_name": "MarkTime"}, {"hashes": ["973c166822b4fb42e5f786842712f9688f34c2f6895d6a93e2fe926e39d1e183"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\CONTROL\\RSDIVY SONCWNQQ", "value_name": null}, {"hashes": ["973c166822b4fb42e5f786842712f9688f34c2f6895d6a93e2fe926e39d1e183"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\CONTROL\\RSDIVY SONCWNQQ", "value_name": "ConnectGroup"}, {"hashes": ["973c166822b4fb42e5f786842712f9688f34c2f6895d6a93e2fe926e39d1e183"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\CONTROL\\RSDIVY SONCWNQQ", "value_name": "MarkTime"}, {"hashes": ["f7f3f418df156e1a6d1ee27d611baf7d77b64f9ce309cb1cfd0052ead9542b0b"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\CONTROL\\RSCDXM RIIFDJKA", "value_name": "MarkTime"}, {"hashes": ["a265cf3a258b2af0b0e136f08569ebdf2ccd3f34513ed600d07accf8c270529b"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\CONTROL\\RSQEIW YQKQUIKQ", "value_name": null}, {"hashes": ["a265cf3a258b2af0b0e136f08569ebdf2ccd3f34513ed600d07accf8c270529b"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\CONTROL\\RSQEIW YQKQUIKQ", "value_name": "ConnectGroup"}, {"hashes": ["a265cf3a258b2af0b0e136f08569ebdf2ccd3f34513ed600d07accf8c270529b"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\CONTROL\\RSQEIW YQKQUIKQ", "value_name": "MarkTime"}, {"hashes": ["39f7c40cdd521567c481ac4b6b876c2124aadc6068cb7706ea33097524ac4be9"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\CONTROL\\RSFLNL PPDPDWHY", "value_name": null}, {"hashes": ["39f7c40cdd521567c481ac4b6b876c2124aadc6068cb7706ea33097524ac4be9"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\CONTROL\\RSFLNL PPDPDWHY", "value_name": "ConnectGroup"}, {"hashes": ["39f7c40cdd521567c481ac4b6b876c2124aadc6068cb7706ea33097524ac4be9"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\CONTROL\\RSFLNL PPDPDWHY", "value_name": "MarkTime"}, {"hashes": ["96d6db813da96f1508ff61080d630ae46408cc609ab7c3a40be628149325c11c"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\CONTROL\\RSQQSS IIQMOQCY", "value_name": null}, {"hashes": ["96d6db813da96f1508ff61080d630ae46408cc609ab7c3a40be628149325c11c"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\CONTROL\\RSQQSS IIQMOQCY", "value_name": "ConnectGroup"}, {"hashes": ["96d6db813da96f1508ff61080d630ae46408cc609ab7c3a40be628149325c11c"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\CONTROL\\RSQQSS IIQMOQCY", "value_name": "MarkTime"}, {"hashes": ["ba771c968b5a7f61320d6393753544ea54c4caf47204335ac805016e5dcbec49"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\CONTROL\\RSGHZJ KMNMRNLA", "value_name": null}, {"hashes": ["ba771c968b5a7f61320d6393753544ea54c4caf47204335ac805016e5dcbec49"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\CONTROL\\RSGHZJ KMNMRNLA", "value_name": "ConnectGroup"}, {"hashes": ["ba771c968b5a7f61320d6393753544ea54c4caf47204335ac805016e5dcbec49"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\CONTROL\\RSGHZJ KMNMRNLA", "value_name": "MarkTime"}]}, "reports_count": 15}, "Win.Dropper.HawkEye-9980407-0": {"bis": [{"bi": "pe-encrypted-section", "hashes": ["9957b34b6ae296fb384c1a9af0656706b057dfd6f256095a555acaa875a1335a", "1000dae94027ea5274106454778d70f0bc7763b787cab16a017cd846e76e47a9", "2a19ae94bf110da3cb0c99d67fa313d12f5e4518d1bd2d88b0e8213c9c7e8c2b", "be0d39b9872aaf2a65ec3ee3dbfae1250384af42af67722bd295f12700e120aa", "0da2d12cb707f7dc768729a23151d848f3b55a478c4f5ef2ad291438d7fd8819", "e34558232611b82301ed2aa168242353b3f079e3e1eb5cf31fe6fee06a6d9174", "42e162ab2cc30abb0197559cd158ed6fc614be33b6e9d1357917356b057f4ca7", "0afc35bdc7a3c309c2d318c17fb022f4cb273b54f0e985214f35d78d2777b0b6", "3abccc8e7db8eb44d8baae4b98675c657901c080c5f79160f9cbe8ed9c3f2a4c", "c1d04473949f3e1018cf7bdf6117a3bd788c27932a0c304f09364983b96d689d", "1fb8d035253a9e76f108a7ffddf701cf15949ec012e4c26f0a6ecf67fc0af01c", "aaa39c2e014b8c48cd156777516987ae3ddde1c5993b47c07e6171e8ffa7733a", "757d1ccf4061ca76d7b7de49d9124a74738c7835d9df0ad1074c8643da562aa1", "f432a979674be1f744b5392c5034115f9761ecf7001c772d43516bc83e4bffdd", "c31306ed75a78889320033bdf936c9d801fd9da3b7cdda4aead41f8c8fbaa14b", "d2b9c63c6bc5b982cb25afe657fefe121593803e38cb60eb40484b6aed65ce87", "35f21ad3e2219dbf3936cecc2d8db36686467b87a5984c842a08214f3ab1e3c8"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "memory-execute-readwrite", "hashes": ["9957b34b6ae296fb384c1a9af0656706b057dfd6f256095a555acaa875a1335a", "1000dae94027ea5274106454778d70f0bc7763b787cab16a017cd846e76e47a9", "2a19ae94bf110da3cb0c99d67fa313d12f5e4518d1bd2d88b0e8213c9c7e8c2b", "be0d39b9872aaf2a65ec3ee3dbfae1250384af42af67722bd295f12700e120aa", "0da2d12cb707f7dc768729a23151d848f3b55a478c4f5ef2ad291438d7fd8819", "e34558232611b82301ed2aa168242353b3f079e3e1eb5cf31fe6fee06a6d9174", "42e162ab2cc30abb0197559cd158ed6fc614be33b6e9d1357917356b057f4ca7", "0afc35bdc7a3c309c2d318c17fb022f4cb273b54f0e985214f35d78d2777b0b6", "3abccc8e7db8eb44d8baae4b98675c657901c080c5f79160f9cbe8ed9c3f2a4c", "c1d04473949f3e1018cf7bdf6117a3bd788c27932a0c304f09364983b96d689d", "1fb8d035253a9e76f108a7ffddf701cf15949ec012e4c26f0a6ecf67fc0af01c", "aaa39c2e014b8c48cd156777516987ae3ddde1c5993b47c07e6171e8ffa7733a", "757d1ccf4061ca76d7b7de49d9124a74738c7835d9df0ad1074c8643da562aa1", "f432a979674be1f744b5392c5034115f9761ecf7001c772d43516bc83e4bffdd", "c31306ed75a78889320033bdf936c9d801fd9da3b7cdda4aead41f8c8fbaa14b", "d2b9c63c6bc5b982cb25afe657fefe121593803e38cb60eb40484b6aed65ce87", "35f21ad3e2219dbf3936cecc2d8db36686467b87a5984c842a08214f3ab1e3c8"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["9957b34b6ae296fb384c1a9af0656706b057dfd6f256095a555acaa875a1335a", "1000dae94027ea5274106454778d70f0bc7763b787cab16a017cd846e76e47a9", "2a19ae94bf110da3cb0c99d67fa313d12f5e4518d1bd2d88b0e8213c9c7e8c2b", "be0d39b9872aaf2a65ec3ee3dbfae1250384af42af67722bd295f12700e120aa", "0da2d12cb707f7dc768729a23151d848f3b55a478c4f5ef2ad291438d7fd8819", "e34558232611b82301ed2aa168242353b3f079e3e1eb5cf31fe6fee06a6d9174", "42e162ab2cc30abb0197559cd158ed6fc614be33b6e9d1357917356b057f4ca7", "0afc35bdc7a3c309c2d318c17fb022f4cb273b54f0e985214f35d78d2777b0b6", "3abccc8e7db8eb44d8baae4b98675c657901c080c5f79160f9cbe8ed9c3f2a4c", "c1d04473949f3e1018cf7bdf6117a3bd788c27932a0c304f09364983b96d689d", "1fb8d035253a9e76f108a7ffddf701cf15949ec012e4c26f0a6ecf67fc0af01c", "aaa39c2e014b8c48cd156777516987ae3ddde1c5993b47c07e6171e8ffa7733a", "757d1ccf4061ca76d7b7de49d9124a74738c7835d9df0ad1074c8643da562aa1", "f432a979674be1f744b5392c5034115f9761ecf7001c772d43516bc83e4bffdd", "c31306ed75a78889320033bdf936c9d801fd9da3b7cdda4aead41f8c8fbaa14b", "d2b9c63c6bc5b982cb25afe657fefe121593803e38cb60eb40484b6aed65ce87", "35f21ad3e2219dbf3936cecc2d8db36686467b87a5984c842a08214f3ab1e3c8"], "mitre_attack_tags": []}, {"bi": "hook-installed", "hashes": ["9957b34b6ae296fb384c1a9af0656706b057dfd6f256095a555acaa875a1335a", "1000dae94027ea5274106454778d70f0bc7763b787cab16a017cd846e76e47a9", "2a19ae94bf110da3cb0c99d67fa313d12f5e4518d1bd2d88b0e8213c9c7e8c2b", "be0d39b9872aaf2a65ec3ee3dbfae1250384af42af67722bd295f12700e120aa", "0da2d12cb707f7dc768729a23151d848f3b55a478c4f5ef2ad291438d7fd8819", "e34558232611b82301ed2aa168242353b3f079e3e1eb5cf31fe6fee06a6d9174", "42e162ab2cc30abb0197559cd158ed6fc614be33b6e9d1357917356b057f4ca7", "0afc35bdc7a3c309c2d318c17fb022f4cb273b54f0e985214f35d78d2777b0b6", "3abccc8e7db8eb44d8baae4b98675c657901c080c5f79160f9cbe8ed9c3f2a4c", "c1d04473949f3e1018cf7bdf6117a3bd788c27932a0c304f09364983b96d689d", "1fb8d035253a9e76f108a7ffddf701cf15949ec012e4c26f0a6ecf67fc0af01c", "aaa39c2e014b8c48cd156777516987ae3ddde1c5993b47c07e6171e8ffa7733a", "757d1ccf4061ca76d7b7de49d9124a74738c7835d9df0ad1074c8643da562aa1", "f432a979674be1f744b5392c5034115f9761ecf7001c772d43516bc83e4bffdd", "c31306ed75a78889320033bdf936c9d801fd9da3b7cdda4aead41f8c8fbaa14b", "d2b9c63c6bc5b982cb25afe657fefe121593803e38cb60eb40484b6aed65ce87", "35f21ad3e2219dbf3936cecc2d8db36686467b87a5984c842a08214f3ab1e3c8"], "mitre_attack_tags": ["TA0009", "TA0006", "T1056"]}, {"bi": "pe-tls-callback", "hashes": ["9957b34b6ae296fb384c1a9af0656706b057dfd6f256095a555acaa875a1335a", "1000dae94027ea5274106454778d70f0bc7763b787cab16a017cd846e76e47a9", "2a19ae94bf110da3cb0c99d67fa313d12f5e4518d1bd2d88b0e8213c9c7e8c2b", "be0d39b9872aaf2a65ec3ee3dbfae1250384af42af67722bd295f12700e120aa", "0da2d12cb707f7dc768729a23151d848f3b55a478c4f5ef2ad291438d7fd8819", "e34558232611b82301ed2aa168242353b3f079e3e1eb5cf31fe6fee06a6d9174", "42e162ab2cc30abb0197559cd158ed6fc614be33b6e9d1357917356b057f4ca7", "0afc35bdc7a3c309c2d318c17fb022f4cb273b54f0e985214f35d78d2777b0b6", "3abccc8e7db8eb44d8baae4b98675c657901c080c5f79160f9cbe8ed9c3f2a4c", "c1d04473949f3e1018cf7bdf6117a3bd788c27932a0c304f09364983b96d689d", "1fb8d035253a9e76f108a7ffddf701cf15949ec012e4c26f0a6ecf67fc0af01c", "aaa39c2e014b8c48cd156777516987ae3ddde1c5993b47c07e6171e8ffa7733a", "757d1ccf4061ca76d7b7de49d9124a74738c7835d9df0ad1074c8643da562aa1", "f432a979674be1f744b5392c5034115f9761ecf7001c772d43516bc83e4bffdd", "c31306ed75a78889320033bdf936c9d801fd9da3b7cdda4aead41f8c8fbaa14b", "d2b9c63c6bc5b982cb25afe657fefe121593803e38cb60eb40484b6aed65ce87", "35f21ad3e2219dbf3936cecc2d8db36686467b87a5984c842a08214f3ab1e3c8"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-header-timestamp-prior", "hashes": ["9957b34b6ae296fb384c1a9af0656706b057dfd6f256095a555acaa875a1335a", "1000dae94027ea5274106454778d70f0bc7763b787cab16a017cd846e76e47a9", "2a19ae94bf110da3cb0c99d67fa313d12f5e4518d1bd2d88b0e8213c9c7e8c2b", "be0d39b9872aaf2a65ec3ee3dbfae1250384af42af67722bd295f12700e120aa", "0da2d12cb707f7dc768729a23151d848f3b55a478c4f5ef2ad291438d7fd8819", "e34558232611b82301ed2aa168242353b3f079e3e1eb5cf31fe6fee06a6d9174", "42e162ab2cc30abb0197559cd158ed6fc614be33b6e9d1357917356b057f4ca7", "0afc35bdc7a3c309c2d318c17fb022f4cb273b54f0e985214f35d78d2777b0b6", "3abccc8e7db8eb44d8baae4b98675c657901c080c5f79160f9cbe8ed9c3f2a4c", "c1d04473949f3e1018cf7bdf6117a3bd788c27932a0c304f09364983b96d689d", "1fb8d035253a9e76f108a7ffddf701cf15949ec012e4c26f0a6ecf67fc0af01c", "aaa39c2e014b8c48cd156777516987ae3ddde1c5993b47c07e6171e8ffa7733a", "757d1ccf4061ca76d7b7de49d9124a74738c7835d9df0ad1074c8643da562aa1", "f432a979674be1f744b5392c5034115f9761ecf7001c772d43516bc83e4bffdd", "c31306ed75a78889320033bdf936c9d801fd9da3b7cdda4aead41f8c8fbaa14b", "d2b9c63c6bc5b982cb25afe657fefe121593803e38cb60eb40484b6aed65ce87", "35f21ad3e2219dbf3936cecc2d8db36686467b87a5984c842a08214f3ab1e3c8"], "mitre_attack_tags": []}, {"bi": "pe-section-shared", "hashes": ["9957b34b6ae296fb384c1a9af0656706b057dfd6f256095a555acaa875a1335a", "1000dae94027ea5274106454778d70f0bc7763b787cab16a017cd846e76e47a9", "2a19ae94bf110da3cb0c99d67fa313d12f5e4518d1bd2d88b0e8213c9c7e8c2b", "be0d39b9872aaf2a65ec3ee3dbfae1250384af42af67722bd295f12700e120aa", "0da2d12cb707f7dc768729a23151d848f3b55a478c4f5ef2ad291438d7fd8819", "e34558232611b82301ed2aa168242353b3f079e3e1eb5cf31fe6fee06a6d9174", "42e162ab2cc30abb0197559cd158ed6fc614be33b6e9d1357917356b057f4ca7", "0afc35bdc7a3c309c2d318c17fb022f4cb273b54f0e985214f35d78d2777b0b6", "3abccc8e7db8eb44d8baae4b98675c657901c080c5f79160f9cbe8ed9c3f2a4c", "c1d04473949f3e1018cf7bdf6117a3bd788c27932a0c304f09364983b96d689d", "1fb8d035253a9e76f108a7ffddf701cf15949ec012e4c26f0a6ecf67fc0af01c", "aaa39c2e014b8c48cd156777516987ae3ddde1c5993b47c07e6171e8ffa7733a", "757d1ccf4061ca76d7b7de49d9124a74738c7835d9df0ad1074c8643da562aa1", "f432a979674be1f744b5392c5034115f9761ecf7001c772d43516bc83e4bffdd", "c31306ed75a78889320033bdf936c9d801fd9da3b7cdda4aead41f8c8fbaa14b", "d2b9c63c6bc5b982cb25afe657fefe121593803e38cb60eb40484b6aed65ce87", "35f21ad3e2219dbf3936cecc2d8db36686467b87a5984c842a08214f3ab1e3c8"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "antivirus-flagged-artifact", "hashes": ["35f21ad3e2219dbf3936cecc2d8db36686467b87a5984c842a08214f3ab1e3c8"], "mitre_attack_tags": []}, {"bi": "modified-executable", "hashes": ["35f21ad3e2219dbf3936cecc2d8db36686467b87a5984c842a08214f3ab1e3c8"], "mitre_attack_tags": []}, {"bi": "created-executable-in-user-dir", "hashes": ["35f21ad3e2219dbf3936cecc2d8db36686467b87a5984c842a08214f3ab1e3c8"], "mitre_attack_tags": []}, {"bi": "modified-file-in-user-dir", "hashes": ["35f21ad3e2219dbf3936cecc2d8db36686467b87a5984c842a08214f3ab1e3c8"], "mitre_attack_tags": []}, {"bi": "network-fast-flux-domain", "hashes": ["35f21ad3e2219dbf3936cecc2d8db36686467b87a5984c842a08214f3ab1e3c8"], "mitre_attack_tags": []}, {"bi": "network-communications-http-get", "hashes": ["35f21ad3e2219dbf3936cecc2d8db36686467b87a5984c842a08214f3ab1e3c8"], "mitre_attack_tags": ["TA0011", "T1105"]}, {"bi": "dns-query-nxdomain", "hashes": ["35f21ad3e2219dbf3936cecc2d8db36686467b87a5984c842a08214f3ab1e3c8"], "mitre_attack_tags": []}, {"bi": "network-only-safe-domains-contacted", "hashes": ["35f21ad3e2219dbf3936cecc2d8db36686467b87a5984c842a08214f3ab1e3c8"], "mitre_attack_tags": []}, {"bi": "feed-domain-rat", "hashes": ["35f21ad3e2219dbf3936cecc2d8db36686467b87a5984c842a08214f3ab1e3c8"], "mitre_attack_tags": []}, {"bi": "feed-domain-antivirus-service", "hashes": ["35f21ad3e2219dbf3936cecc2d8db36686467b87a5984c842a08214f3ab1e3c8"], "mitre_attack_tags": []}, {"bi": "file-ini-read", "hashes": ["35f21ad3e2219dbf3936cecc2d8db36686467b87a5984c842a08214f3ab1e3c8"], "mitre_attack_tags": []}, {"bi": "excessive-foreign-memory-modification", "hashes": ["35f21ad3e2219dbf3936cecc2d8db36686467b87a5984c842a08214f3ab1e3c8"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "windows-vault-api", "hashes": ["35f21ad3e2219dbf3936cecc2d8db36686467b87a5984c842a08214f3ab1e3c8"], "mitre_attack_tags": ["TA0006", "T1003", "T1555"]}, {"bi": "firefox-password-manager-local-database-access", "hashes": ["35f21ad3e2219dbf3936cecc2d8db36686467b87a5984c842a08214f3ab1e3c8"], "mitre_attack_tags": ["TA0006", "T1003"]}, {"bi": "malware-known-trojan-av", "hashes": ["35f21ad3e2219dbf3936cecc2d8db36686467b87a5984c842a08214f3ab1e3c8"], "mitre_attack_tags": []}, {"bi": "enumeration-browser-information", "hashes": ["35f21ad3e2219dbf3936cecc2d8db36686467b87a5984c842a08214f3ab1e3c8"], "mitre_attack_tags": ["TA0007", "TA0009", "TA0006", "T1083", "T1217", "T1005", "T1119", "T1552", "T1539", "T1555"]}, {"bi": "sample-launched-copy-of-self", "hashes": ["35f21ad3e2219dbf3936cecc2d8db36686467b87a5984c842a08214f3ab1e3c8"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "listening-port-opened", "hashes": ["35f21ad3e2219dbf3936cecc2d8db36686467b87a5984c842a08214f3ab1e3c8"], "mitre_attack_tags": ["TA0011", "T1219"]}, {"bi": "network-http-blank-user-agent", "hashes": ["35f21ad3e2219dbf3936cecc2d8db36686467b87a5984c842a08214f3ab1e3c8"], "mitre_attack_tags": ["TA0011", "T1071"]}, {"bi": "registry-autorun-key-data-dir", "hashes": ["35f21ad3e2219dbf3936cecc2d8db36686467b87a5984c842a08214f3ab1e3c8"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "public-ip-address-identification-attempt", "hashes": ["35f21ad3e2219dbf3936cecc2d8db36686467b87a5984c842a08214f3ab1e3c8"], "mitre_attack_tags": ["TA0007", "T1082", "T1016"]}, {"bi": "registry-autorun-key-modified", "hashes": ["35f21ad3e2219dbf3936cecc2d8db36686467b87a5984c842a08214f3ab1e3c8"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "feed-public-ip-check-dns", "hashes": ["35f21ad3e2219dbf3936cecc2d8db36686467b87a5984c842a08214f3ab1e3c8"], "mitre_attack_tags": []}, {"bi": "registry-autorun-suspicious-public-ip", "hashes": ["35f21ad3e2219dbf3936cecc2d8db36686467b87a5984c842a08214f3ab1e3c8"], "mitre_attack_tags": []}, {"bi": "files-created-vbs", "hashes": ["35f21ad3e2219dbf3936cecc2d8db36686467b87a5984c842a08214f3ab1e3c8"], "mitre_attack_tags": ["TA0002", "T1059"]}, {"bi": "http-response-redirect", "hashes": ["35f21ad3e2219dbf3936cecc2d8db36686467b87a5984c842a08214f3ab1e3c8"], "mitre_attack_tags": []}, {"bi": "unsigned-roaming-execution", "hashes": ["35f21ad3e2219dbf3936cecc2d8db36686467b87a5984c842a08214f3ab1e3c8"], "mitre_attack_tags": ["TA0005"]}, {"bi": "artifact-memory-vm-detect", "hashes": ["35f21ad3e2219dbf3936cecc2d8db36686467b87a5984c842a08214f3ab1e3c8"], "mitre_attack_tags": ["TA0005", "TA0007", "T1497"]}, {"bi": "startup-folder-modification", "hashes": ["35f21ad3e2219dbf3936cecc2d8db36686467b87a5984c842a08214f3ab1e3c8"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "compiler-vbc-run", "hashes": ["35f21ad3e2219dbf3936cecc2d8db36686467b87a5984c842a08214f3ab1e3c8"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "process-check-browser-mail-client-files", "hashes": ["35f21ad3e2219dbf3936cecc2d8db36686467b87a5984c842a08214f3ab1e3c8"], "mitre_attack_tags": ["TA0007", "T1518"]}, {"bi": "malware-hawkeye-detected", "hashes": ["35f21ad3e2219dbf3936cecc2d8db36686467b87a5984c842a08214f3ab1e3c8"], "mitre_attack_tags": []}, {"bi": "dot-net-process-hollowing-detected", "hashes": ["35f21ad3e2219dbf3936cecc2d8db36686467b87a5984c842a08214f3ab1e3c8"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "file-alternate-data-stream-modification", "hashes": ["35f21ad3e2219dbf3936cecc2d8db36686467b87a5984c842a08214f3ab1e3c8"], "mitre_attack_tags": ["TA0005", "T1564"]}, {"bi": "file-alternate-data-stream-creation", "hashes": ["35f21ad3e2219dbf3936cecc2d8db36686467b87a5984c842a08214f3ab1e3c8"], "mitre_attack_tags": ["TA0005", "T1564"]}, {"bi": "startup-folder-vbs-file", "hashes": ["35f21ad3e2219dbf3936cecc2d8db36686467b87a5984c842a08214f3ab1e3c8"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "file-alternate-data-stream-zero-data", "hashes": ["35f21ad3e2219dbf3936cecc2d8db36686467b87a5984c842a08214f3ab1e3c8"], "mitre_attack_tags": ["TA0005", "T1564"]}, {"bi": "malware-generic-infostealer", "hashes": ["35f21ad3e2219dbf3936cecc2d8db36686467b87a5984c842a08214f3ab1e3c8"], "mitre_attack_tags": ["TA0007", "TA0009", "TA0006", "T1083", "T1005", "T1119", "T1552"]}, {"bi": "enumeration-email-program-information", "hashes": ["35f21ad3e2219dbf3936cecc2d8db36686467b87a5984c842a08214f3ab1e3c8"], "mitre_attack_tags": ["TA0007", "TA0009", "TA0006", "T1083", "T1087", "T1005", "T1119", "T1114", "T1552"]}, {"bi": "created-executable-sample-appdata", "hashes": ["35f21ad3e2219dbf3936cecc2d8db36686467b87a5984c842a08214f3ab1e3c8"], "mitre_attack_tags": ["TA0005", "T1564"]}], "category": "Dropper", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": false, "Threat Grid": true, "Umbrella": false, "WSA": false}, "description": "Hawkeye is an information stealing malware that specifically targets usernames and passwords stored by web browsers and mail clients on an infected machine. It is commonly spread via email and can also propagate through removable media.", "hashes": ["0afc35bdc7a3c309c2d318c17fb022f4cb273b54f0e985214f35d78d2777b0b6", "0da2d12cb707f7dc768729a23151d848f3b55a478c4f5ef2ad291438d7fd8819", "1000dae94027ea5274106454778d70f0bc7763b787cab16a017cd846e76e47a9", "1fb8d035253a9e76f108a7ffddf701cf15949ec012e4c26f0a6ecf67fc0af01c", "2a19ae94bf110da3cb0c99d67fa313d12f5e4518d1bd2d88b0e8213c9c7e8c2b", "35f21ad3e2219dbf3936cecc2d8db36686467b87a5984c842a08214f3ab1e3c8", "3abccc8e7db8eb44d8baae4b98675c657901c080c5f79160f9cbe8ed9c3f2a4c", "42e162ab2cc30abb0197559cd158ed6fc614be33b6e9d1357917356b057f4ca7", "757d1ccf4061ca76d7b7de49d9124a74738c7835d9df0ad1074c8643da562aa1", "9957b34b6ae296fb384c1a9af0656706b057dfd6f256095a555acaa875a1335a", "aaa39c2e014b8c48cd156777516987ae3ddde1c5993b47c07e6171e8ffa7733a", "be0d39b9872aaf2a65ec3ee3dbfae1250384af42af67722bd295f12700e120aa", "c1d04473949f3e1018cf7bdf6117a3bd788c27932a0c304f09364983b96d689d", "c31306ed75a78889320033bdf936c9d801fd9da3b7cdda4aead41f8c8fbaa14b", "d2b9c63c6bc5b982cb25afe657fefe121593803e38cb60eb40484b6aed65ce87", "e34558232611b82301ed2aa168242353b3f079e3e1eb5cf31fe6fee06a6d9174", "f432a979674be1f744b5392c5034115f9761ecf7001c772d43516bc83e4bffdd"], "iocs": {"domain": [{"hashes": ["35f21ad3e2219dbf3936cecc2d8db36686467b87a5984c842a08214f3ab1e3c8"], "host": "whatismyipaddress[.]com"}, {"hashes": ["35f21ad3e2219dbf3936cecc2d8db36686467b87a5984c842a08214f3ab1e3c8"], "host": "mail[.]curtisjnr[.]org"}], "file": [{"hashes": ["35f21ad3e2219dbf3936cecc2d8db36686467b87a5984c842a08214f3ab1e3c8"], "path": "%APPDATA%\\pid.txt"}, {"hashes": ["35f21ad3e2219dbf3936cecc2d8db36686467b87a5984c842a08214f3ab1e3c8"], "path": "%APPDATA%\\pidloc.txt"}, {"hashes": ["35f21ad3e2219dbf3936cecc2d8db36686467b87a5984c842a08214f3ab1e3c8"], "path": "%TEMP%\\holdermail.txt"}, {"hashes": ["35f21ad3e2219dbf3936cecc2d8db36686467b87a5984c842a08214f3ab1e3c8"], "path": "%TEMP%\\holderwb.txt"}, {"hashes": ["35f21ad3e2219dbf3936cecc2d8db36686467b87a5984c842a08214f3ab1e3c8"], "path": "%APPDATA%\\WindowsUpdate.exe"}, {"hashes": ["35f21ad3e2219dbf3936cecc2d8db36686467b87a5984c842a08214f3ab1e3c8"], "path": "%APPDATA%\\WindowsUpdate.exe\\:ZoneIdentifier:$DATA"}, {"hashes": ["35f21ad3e2219dbf3936cecc2d8db36686467b87a5984c842a08214f3ab1e3c8"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\gykjt.vbs"}, {"hashes": ["35f21ad3e2219dbf3936cecc2d8db36686467b87a5984c842a08214f3ab1e3c8"], "path": "%APPDATA%\\gykjt"}, {"hashes": ["35f21ad3e2219dbf3936cecc2d8db36686467b87a5984c842a08214f3ab1e3c8"], "path": "%APPDATA%\\gykjt\\hhuyi.exe"}, {"hashes": ["35f21ad3e2219dbf3936cecc2d8db36686467b87a5984c842a08214f3ab1e3c8"], "path": "%APPDATA%\\gykjt\\hhuyi.exe:ZoneIdentifier"}], "ip": [{"hashes": ["35f21ad3e2219dbf3936cecc2d8db36686467b87a5984c842a08214f3ab1e3c8"], "ip": "104[.]16[.]155[.]36"}], "mutex": [], "registry": [{"hashes": ["35f21ad3e2219dbf3936cecc2d8db36686467b87a5984c842a08214f3ab1e3c8"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\EXPLORER\\ADVANCED", "value_name": "Hidden"}, {"hashes": ["35f21ad3e2219dbf3936cecc2d8db36686467b87a5984c842a08214f3ab1e3c8"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "Windows Update"}]}, "reports_count": 17}, "Win.Dropper.Lokibot-9980537-1": {"bis": [{"bi": "memory-execute-readwrite", "hashes": ["7a91d1ce466d52a1d498fad63e47f24771356bbb79cca25bd585026d78ead807", "d4b206b6dff3baf8ead3fb174e80025d8f84edb4787813d0e704147097596c1b", "f9a5b6cf55cfdf80c976902388c26e62bbf622cd3434baa49dff92ffca8f6a58", "a86c38bebebc72b6749ad50c370c738a83fe3799a1c0357c14099d0e1275750c", "00eb04840db63230036691b00cacffe5567aadd6b229d17393fc8c719cf48dab", "6c30fa3b8b0ab3bc9c9311d3af030214806b1e5acb04cebdb3a559e4e7bf11b3", "aa7079829cb7eaa96ef06d420f44ff2a834233ff9534c5dc8d4d04671b873a59", "8e9a4886218312983692cd92e8fc24cea285604b1ad4e933dbd572f8feb4a8d8", "1182fc97b4bbff5c4e196604c56c432dbfd21333a298456429abf24c96c2b584", "a29a76409e778370383c89c0b69ce5291664268e9a65c3a7d3274a5a49398179", "353dbb46d2a041ec26b1b56c51166bf733de21550ef8dcba55d03705713d5791", "05b6a0c3ab87724b04839a99ed6e25b3325df807106ebc7ce9066a4c77fe326f", "61bdf6a8fda9449af2d057b6f6c11487c5ca41389f19ecc1dfa809f4cb4bdc33", "8009a2d6798bde4245567a8472beb123edfb5631c13f1d8e6ec62ef0ff20c617", "47f5e1a9b0b645de6a2c17f817e3563c2aa2b2a2d1c2eb7fa266503d1871ccf4", "aa1e0983c213de92652f85e8ba2f5f0d8a8cd7ceb395981495ba1762917dfa33", "b82e08212cee722bc2d004a001523a97572823e1be786e0dc596bed10d52a8fd", "c0b402a4f08b7d9a40d478350300d15c71de3da80c65d21e046a30ce37a459e3", "53e152a481cd7982ebe8e8e75a9c075f220262dfced375704e2ca22dfb3e7c87", "7ce3ee2f73f5a31415b558e28a46c05817ae82fb6e58b381d7d0d3a5eec2f293", "7385eb0f72f1aa66592d330fc64ed2d850c97abbf67d9e61206e29e646d2032f"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["7a91d1ce466d52a1d498fad63e47f24771356bbb79cca25bd585026d78ead807", "d4b206b6dff3baf8ead3fb174e80025d8f84edb4787813d0e704147097596c1b", "f9a5b6cf55cfdf80c976902388c26e62bbf622cd3434baa49dff92ffca8f6a58", "a86c38bebebc72b6749ad50c370c738a83fe3799a1c0357c14099d0e1275750c", "00eb04840db63230036691b00cacffe5567aadd6b229d17393fc8c719cf48dab", "6c30fa3b8b0ab3bc9c9311d3af030214806b1e5acb04cebdb3a559e4e7bf11b3", "aa7079829cb7eaa96ef06d420f44ff2a834233ff9534c5dc8d4d04671b873a59", "8e9a4886218312983692cd92e8fc24cea285604b1ad4e933dbd572f8feb4a8d8", "1182fc97b4bbff5c4e196604c56c432dbfd21333a298456429abf24c96c2b584", "a29a76409e778370383c89c0b69ce5291664268e9a65c3a7d3274a5a49398179", "353dbb46d2a041ec26b1b56c51166bf733de21550ef8dcba55d03705713d5791", "05b6a0c3ab87724b04839a99ed6e25b3325df807106ebc7ce9066a4c77fe326f", "61bdf6a8fda9449af2d057b6f6c11487c5ca41389f19ecc1dfa809f4cb4bdc33", "8009a2d6798bde4245567a8472beb123edfb5631c13f1d8e6ec62ef0ff20c617", "47f5e1a9b0b645de6a2c17f817e3563c2aa2b2a2d1c2eb7fa266503d1871ccf4", "aa1e0983c213de92652f85e8ba2f5f0d8a8cd7ceb395981495ba1762917dfa33", "b82e08212cee722bc2d004a001523a97572823e1be786e0dc596bed10d52a8fd", "c0b402a4f08b7d9a40d478350300d15c71de3da80c65d21e046a30ce37a459e3", "53e152a481cd7982ebe8e8e75a9c075f220262dfced375704e2ca22dfb3e7c87", "7ce3ee2f73f5a31415b558e28a46c05817ae82fb6e58b381d7d0d3a5eec2f293", "7385eb0f72f1aa66592d330fc64ed2d850c97abbf67d9e61206e29e646d2032f"], "mitre_attack_tags": []}, {"bi": "pe-uses-visual-basic", "hashes": ["7a91d1ce466d52a1d498fad63e47f24771356bbb79cca25bd585026d78ead807", "d4b206b6dff3baf8ead3fb174e80025d8f84edb4787813d0e704147097596c1b", "f9a5b6cf55cfdf80c976902388c26e62bbf622cd3434baa49dff92ffca8f6a58", "a86c38bebebc72b6749ad50c370c738a83fe3799a1c0357c14099d0e1275750c", "00eb04840db63230036691b00cacffe5567aadd6b229d17393fc8c719cf48dab", "6c30fa3b8b0ab3bc9c9311d3af030214806b1e5acb04cebdb3a559e4e7bf11b3", "aa7079829cb7eaa96ef06d420f44ff2a834233ff9534c5dc8d4d04671b873a59", "8e9a4886218312983692cd92e8fc24cea285604b1ad4e933dbd572f8feb4a8d8", "1182fc97b4bbff5c4e196604c56c432dbfd21333a298456429abf24c96c2b584", "a29a76409e778370383c89c0b69ce5291664268e9a65c3a7d3274a5a49398179", "353dbb46d2a041ec26b1b56c51166bf733de21550ef8dcba55d03705713d5791", "05b6a0c3ab87724b04839a99ed6e25b3325df807106ebc7ce9066a4c77fe326f", "61bdf6a8fda9449af2d057b6f6c11487c5ca41389f19ecc1dfa809f4cb4bdc33", "8009a2d6798bde4245567a8472beb123edfb5631c13f1d8e6ec62ef0ff20c617", "47f5e1a9b0b645de6a2c17f817e3563c2aa2b2a2d1c2eb7fa266503d1871ccf4", "aa1e0983c213de92652f85e8ba2f5f0d8a8cd7ceb395981495ba1762917dfa33", "b82e08212cee722bc2d004a001523a97572823e1be786e0dc596bed10d52a8fd", "c0b402a4f08b7d9a40d478350300d15c71de3da80c65d21e046a30ce37a459e3", "53e152a481cd7982ebe8e8e75a9c075f220262dfced375704e2ca22dfb3e7c87", "7ce3ee2f73f5a31415b558e28a46c05817ae82fb6e58b381d7d0d3a5eec2f293", "7385eb0f72f1aa66592d330fc64ed2d850c97abbf67d9e61206e29e646d2032f"], "mitre_attack_tags": []}, {"bi": "pe-encrypted-section", "hashes": ["7a91d1ce466d52a1d498fad63e47f24771356bbb79cca25bd585026d78ead807", "d4b206b6dff3baf8ead3fb174e80025d8f84edb4787813d0e704147097596c1b", "f9a5b6cf55cfdf80c976902388c26e62bbf622cd3434baa49dff92ffca8f6a58", "a86c38bebebc72b6749ad50c370c738a83fe3799a1c0357c14099d0e1275750c", "00eb04840db63230036691b00cacffe5567aadd6b229d17393fc8c719cf48dab", "6c30fa3b8b0ab3bc9c9311d3af030214806b1e5acb04cebdb3a559e4e7bf11b3", "aa7079829cb7eaa96ef06d420f44ff2a834233ff9534c5dc8d4d04671b873a59", "8e9a4886218312983692cd92e8fc24cea285604b1ad4e933dbd572f8feb4a8d8", "1182fc97b4bbff5c4e196604c56c432dbfd21333a298456429abf24c96c2b584", "a29a76409e778370383c89c0b69ce5291664268e9a65c3a7d3274a5a49398179", "05b6a0c3ab87724b04839a99ed6e25b3325df807106ebc7ce9066a4c77fe326f", "61bdf6a8fda9449af2d057b6f6c11487c5ca41389f19ecc1dfa809f4cb4bdc33", "8009a2d6798bde4245567a8472beb123edfb5631c13f1d8e6ec62ef0ff20c617", "47f5e1a9b0b645de6a2c17f817e3563c2aa2b2a2d1c2eb7fa266503d1871ccf4", "aa1e0983c213de92652f85e8ba2f5f0d8a8cd7ceb395981495ba1762917dfa33", "b82e08212cee722bc2d004a001523a97572823e1be786e0dc596bed10d52a8fd", "c0b402a4f08b7d9a40d478350300d15c71de3da80c65d21e046a30ce37a459e3", "53e152a481cd7982ebe8e8e75a9c075f220262dfced375704e2ca22dfb3e7c87", "7ce3ee2f73f5a31415b558e28a46c05817ae82fb6e58b381d7d0d3a5eec2f293", "7385eb0f72f1aa66592d330fc64ed2d850c97abbf67d9e61206e29e646d2032f"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-certificate", "hashes": ["7a91d1ce466d52a1d498fad63e47f24771356bbb79cca25bd585026d78ead807", "d4b206b6dff3baf8ead3fb174e80025d8f84edb4787813d0e704147097596c1b", "f9a5b6cf55cfdf80c976902388c26e62bbf622cd3434baa49dff92ffca8f6a58", "00eb04840db63230036691b00cacffe5567aadd6b229d17393fc8c719cf48dab", "6c30fa3b8b0ab3bc9c9311d3af030214806b1e5acb04cebdb3a559e4e7bf11b3", "aa7079829cb7eaa96ef06d420f44ff2a834233ff9534c5dc8d4d04671b873a59", "8e9a4886218312983692cd92e8fc24cea285604b1ad4e933dbd572f8feb4a8d8", "1182fc97b4bbff5c4e196604c56c432dbfd21333a298456429abf24c96c2b584", "a29a76409e778370383c89c0b69ce5291664268e9a65c3a7d3274a5a49398179", "353dbb46d2a041ec26b1b56c51166bf733de21550ef8dcba55d03705713d5791", "05b6a0c3ab87724b04839a99ed6e25b3325df807106ebc7ce9066a4c77fe326f", "61bdf6a8fda9449af2d057b6f6c11487c5ca41389f19ecc1dfa809f4cb4bdc33", "8009a2d6798bde4245567a8472beb123edfb5631c13f1d8e6ec62ef0ff20c617", "47f5e1a9b0b645de6a2c17f817e3563c2aa2b2a2d1c2eb7fa266503d1871ccf4", "aa1e0983c213de92652f85e8ba2f5f0d8a8cd7ceb395981495ba1762917dfa33", "b82e08212cee722bc2d004a001523a97572823e1be786e0dc596bed10d52a8fd", "c0b402a4f08b7d9a40d478350300d15c71de3da80c65d21e046a30ce37a459e3", "7ce3ee2f73f5a31415b558e28a46c05817ae82fb6e58b381d7d0d3a5eec2f293", "7385eb0f72f1aa66592d330fc64ed2d850c97abbf67d9e61206e29e646d2032f"], "mitre_attack_tags": []}, {"bi": "modified-file-in-user-dir", "hashes": ["7a91d1ce466d52a1d498fad63e47f24771356bbb79cca25bd585026d78ead807", "d4b206b6dff3baf8ead3fb174e80025d8f84edb4787813d0e704147097596c1b", "f9a5b6cf55cfdf80c976902388c26e62bbf622cd3434baa49dff92ffca8f6a58", "a86c38bebebc72b6749ad50c370c738a83fe3799a1c0357c14099d0e1275750c", "00eb04840db63230036691b00cacffe5567aadd6b229d17393fc8c719cf48dab", "6c30fa3b8b0ab3bc9c9311d3af030214806b1e5acb04cebdb3a559e4e7bf11b3", "aa7079829cb7eaa96ef06d420f44ff2a834233ff9534c5dc8d4d04671b873a59", "8e9a4886218312983692cd92e8fc24cea285604b1ad4e933dbd572f8feb4a8d8", "1182fc97b4bbff5c4e196604c56c432dbfd21333a298456429abf24c96c2b584", "a29a76409e778370383c89c0b69ce5291664268e9a65c3a7d3274a5a49398179", "61bdf6a8fda9449af2d057b6f6c11487c5ca41389f19ecc1dfa809f4cb4bdc33", "47f5e1a9b0b645de6a2c17f817e3563c2aa2b2a2d1c2eb7fa266503d1871ccf4", "aa1e0983c213de92652f85e8ba2f5f0d8a8cd7ceb395981495ba1762917dfa33", "b82e08212cee722bc2d004a001523a97572823e1be786e0dc596bed10d52a8fd", "c0b402a4f08b7d9a40d478350300d15c71de3da80c65d21e046a30ce37a459e3", "53e152a481cd7982ebe8e8e75a9c075f220262dfced375704e2ca22dfb3e7c87", "7ce3ee2f73f5a31415b558e28a46c05817ae82fb6e58b381d7d0d3a5eec2f293"], "mitre_attack_tags": []}, {"bi": "pe-certificate-short-serial", "hashes": ["7a91d1ce466d52a1d498fad63e47f24771356bbb79cca25bd585026d78ead807", "d4b206b6dff3baf8ead3fb174e80025d8f84edb4787813d0e704147097596c1b", "f9a5b6cf55cfdf80c976902388c26e62bbf622cd3434baa49dff92ffca8f6a58", "00eb04840db63230036691b00cacffe5567aadd6b229d17393fc8c719cf48dab", "6c30fa3b8b0ab3bc9c9311d3af030214806b1e5acb04cebdb3a559e4e7bf11b3", "aa7079829cb7eaa96ef06d420f44ff2a834233ff9534c5dc8d4d04671b873a59", "8e9a4886218312983692cd92e8fc24cea285604b1ad4e933dbd572f8feb4a8d8", "1182fc97b4bbff5c4e196604c56c432dbfd21333a298456429abf24c96c2b584", "a29a76409e778370383c89c0b69ce5291664268e9a65c3a7d3274a5a49398179", "61bdf6a8fda9449af2d057b6f6c11487c5ca41389f19ecc1dfa809f4cb4bdc33", "8009a2d6798bde4245567a8472beb123edfb5631c13f1d8e6ec62ef0ff20c617", "47f5e1a9b0b645de6a2c17f817e3563c2aa2b2a2d1c2eb7fa266503d1871ccf4", "b82e08212cee722bc2d004a001523a97572823e1be786e0dc596bed10d52a8fd", "c0b402a4f08b7d9a40d478350300d15c71de3da80c65d21e046a30ce37a459e3", "7ce3ee2f73f5a31415b558e28a46c05817ae82fb6e58b381d7d0d3a5eec2f293", "7385eb0f72f1aa66592d330fc64ed2d850c97abbf67d9e61206e29e646d2032f"], "mitre_attack_tags": []}, {"bi": "enumeration-browser-information", "hashes": ["7a91d1ce466d52a1d498fad63e47f24771356bbb79cca25bd585026d78ead807", "d4b206b6dff3baf8ead3fb174e80025d8f84edb4787813d0e704147097596c1b", "f9a5b6cf55cfdf80c976902388c26e62bbf622cd3434baa49dff92ffca8f6a58", "a86c38bebebc72b6749ad50c370c738a83fe3799a1c0357c14099d0e1275750c", "00eb04840db63230036691b00cacffe5567aadd6b229d17393fc8c719cf48dab", "8e9a4886218312983692cd92e8fc24cea285604b1ad4e933dbd572f8feb4a8d8", "1182fc97b4bbff5c4e196604c56c432dbfd21333a298456429abf24c96c2b584", "a29a76409e778370383c89c0b69ce5291664268e9a65c3a7d3274a5a49398179", "353dbb46d2a041ec26b1b56c51166bf733de21550ef8dcba55d03705713d5791", "05b6a0c3ab87724b04839a99ed6e25b3325df807106ebc7ce9066a4c77fe326f", "61bdf6a8fda9449af2d057b6f6c11487c5ca41389f19ecc1dfa809f4cb4bdc33", "8009a2d6798bde4245567a8472beb123edfb5631c13f1d8e6ec62ef0ff20c617", "aa1e0983c213de92652f85e8ba2f5f0d8a8cd7ceb395981495ba1762917dfa33", "b82e08212cee722bc2d004a001523a97572823e1be786e0dc596bed10d52a8fd", "c0b402a4f08b7d9a40d478350300d15c71de3da80c65d21e046a30ce37a459e3"], "mitre_attack_tags": ["TA0007", "TA0009", "TA0006", "T1083", "T1217", "T1005", "T1119", "T1552", "T1539", "T1555"]}, {"bi": "file-ini-read", "hashes": ["7a91d1ce466d52a1d498fad63e47f24771356bbb79cca25bd585026d78ead807", "d4b206b6dff3baf8ead3fb174e80025d8f84edb4787813d0e704147097596c1b", "f9a5b6cf55cfdf80c976902388c26e62bbf622cd3434baa49dff92ffca8f6a58", "a86c38bebebc72b6749ad50c370c738a83fe3799a1c0357c14099d0e1275750c", "00eb04840db63230036691b00cacffe5567aadd6b229d17393fc8c719cf48dab", "8e9a4886218312983692cd92e8fc24cea285604b1ad4e933dbd572f8feb4a8d8", "1182fc97b4bbff5c4e196604c56c432dbfd21333a298456429abf24c96c2b584", "a29a76409e778370383c89c0b69ce5291664268e9a65c3a7d3274a5a49398179", "353dbb46d2a041ec26b1b56c51166bf733de21550ef8dcba55d03705713d5791", "05b6a0c3ab87724b04839a99ed6e25b3325df807106ebc7ce9066a4c77fe326f", "61bdf6a8fda9449af2d057b6f6c11487c5ca41389f19ecc1dfa809f4cb4bdc33", "aa1e0983c213de92652f85e8ba2f5f0d8a8cd7ceb395981495ba1762917dfa33", "b82e08212cee722bc2d004a001523a97572823e1be786e0dc596bed10d52a8fd", "c0b402a4f08b7d9a40d478350300d15c71de3da80c65d21e046a30ce37a459e3"], "mitre_attack_tags": []}, {"bi": "windows-vault-api", "hashes": ["7a91d1ce466d52a1d498fad63e47f24771356bbb79cca25bd585026d78ead807", "d4b206b6dff3baf8ead3fb174e80025d8f84edb4787813d0e704147097596c1b", "f9a5b6cf55cfdf80c976902388c26e62bbf622cd3434baa49dff92ffca8f6a58", "a86c38bebebc72b6749ad50c370c738a83fe3799a1c0357c14099d0e1275750c", "00eb04840db63230036691b00cacffe5567aadd6b229d17393fc8c719cf48dab", "8e9a4886218312983692cd92e8fc24cea285604b1ad4e933dbd572f8feb4a8d8", "1182fc97b4bbff5c4e196604c56c432dbfd21333a298456429abf24c96c2b584", "a29a76409e778370383c89c0b69ce5291664268e9a65c3a7d3274a5a49398179", "353dbb46d2a041ec26b1b56c51166bf733de21550ef8dcba55d03705713d5791", "05b6a0c3ab87724b04839a99ed6e25b3325df807106ebc7ce9066a4c77fe326f", "61bdf6a8fda9449af2d057b6f6c11487c5ca41389f19ecc1dfa809f4cb4bdc33", "8009a2d6798bde4245567a8472beb123edfb5631c13f1d8e6ec62ef0ff20c617", "b82e08212cee722bc2d004a001523a97572823e1be786e0dc596bed10d52a8fd", "c0b402a4f08b7d9a40d478350300d15c71de3da80c65d21e046a30ce37a459e3"], "mitre_attack_tags": ["TA0006", "T1003", "T1555"]}, {"bi": "antivirus-flagged-artifact", "hashes": ["7a91d1ce466d52a1d498fad63e47f24771356bbb79cca25bd585026d78ead807", "d4b206b6dff3baf8ead3fb174e80025d8f84edb4787813d0e704147097596c1b", "f9a5b6cf55cfdf80c976902388c26e62bbf622cd3434baa49dff92ffca8f6a58", "a86c38bebebc72b6749ad50c370c738a83fe3799a1c0357c14099d0e1275750c", "00eb04840db63230036691b00cacffe5567aadd6b229d17393fc8c719cf48dab", "1182fc97b4bbff5c4e196604c56c432dbfd21333a298456429abf24c96c2b584", "a29a76409e778370383c89c0b69ce5291664268e9a65c3a7d3274a5a49398179", "353dbb46d2a041ec26b1b56c51166bf733de21550ef8dcba55d03705713d5791", "05b6a0c3ab87724b04839a99ed6e25b3325df807106ebc7ce9066a4c77fe326f", "61bdf6a8fda9449af2d057b6f6c11487c5ca41389f19ecc1dfa809f4cb4bdc33", "8009a2d6798bde4245567a8472beb123edfb5631c13f1d8e6ec62ef0ff20c617", "b82e08212cee722bc2d004a001523a97572823e1be786e0dc596bed10d52a8fd", "c0b402a4f08b7d9a40d478350300d15c71de3da80c65d21e046a30ce37a459e3"], "mitre_attack_tags": []}, {"bi": "firefox-password-manager-local-database-access", "hashes": ["7a91d1ce466d52a1d498fad63e47f24771356bbb79cca25bd585026d78ead807", "d4b206b6dff3baf8ead3fb174e80025d8f84edb4787813d0e704147097596c1b", "f9a5b6cf55cfdf80c976902388c26e62bbf622cd3434baa49dff92ffca8f6a58", "a86c38bebebc72b6749ad50c370c738a83fe3799a1c0357c14099d0e1275750c", "00eb04840db63230036691b00cacffe5567aadd6b229d17393fc8c719cf48dab", "8e9a4886218312983692cd92e8fc24cea285604b1ad4e933dbd572f8feb4a8d8", "1182fc97b4bbff5c4e196604c56c432dbfd21333a298456429abf24c96c2b584", "a29a76409e778370383c89c0b69ce5291664268e9a65c3a7d3274a5a49398179", "353dbb46d2a041ec26b1b56c51166bf733de21550ef8dcba55d03705713d5791", "05b6a0c3ab87724b04839a99ed6e25b3325df807106ebc7ce9066a4c77fe326f", "61bdf6a8fda9449af2d057b6f6c11487c5ca41389f19ecc1dfa809f4cb4bdc33", "b82e08212cee722bc2d004a001523a97572823e1be786e0dc596bed10d52a8fd", "c0b402a4f08b7d9a40d478350300d15c71de3da80c65d21e046a30ce37a459e3"], "mitre_attack_tags": ["TA0006", "T1003"]}, {"bi": "feed-domain-antivirus-service", "hashes": ["7a91d1ce466d52a1d498fad63e47f24771356bbb79cca25bd585026d78ead807", "d4b206b6dff3baf8ead3fb174e80025d8f84edb4787813d0e704147097596c1b", "a86c38bebebc72b6749ad50c370c738a83fe3799a1c0357c14099d0e1275750c", "8e9a4886218312983692cd92e8fc24cea285604b1ad4e933dbd572f8feb4a8d8", "1182fc97b4bbff5c4e196604c56c432dbfd21333a298456429abf24c96c2b584", "a29a76409e778370383c89c0b69ce5291664268e9a65c3a7d3274a5a49398179", "353dbb46d2a041ec26b1b56c51166bf733de21550ef8dcba55d03705713d5791", "05b6a0c3ab87724b04839a99ed6e25b3325df807106ebc7ce9066a4c77fe326f", "61bdf6a8fda9449af2d057b6f6c11487c5ca41389f19ecc1dfa809f4cb4bdc33", "8009a2d6798bde4245567a8472beb123edfb5631c13f1d8e6ec62ef0ff20c617", "b82e08212cee722bc2d004a001523a97572823e1be786e0dc596bed10d52a8fd", "c0b402a4f08b7d9a40d478350300d15c71de3da80c65d21e046a30ce37a459e3"], "mitre_attack_tags": []}, {"bi": "malware-known-trojan-av", "hashes": ["7a91d1ce466d52a1d498fad63e47f24771356bbb79cca25bd585026d78ead807", "d4b206b6dff3baf8ead3fb174e80025d8f84edb4787813d0e704147097596c1b", "f9a5b6cf55cfdf80c976902388c26e62bbf622cd3434baa49dff92ffca8f6a58", "a86c38bebebc72b6749ad50c370c738a83fe3799a1c0357c14099d0e1275750c", "00eb04840db63230036691b00cacffe5567aadd6b229d17393fc8c719cf48dab", "1182fc97b4bbff5c4e196604c56c432dbfd21333a298456429abf24c96c2b584", "a29a76409e778370383c89c0b69ce5291664268e9a65c3a7d3274a5a49398179", "353dbb46d2a041ec26b1b56c51166bf733de21550ef8dcba55d03705713d5791", "05b6a0c3ab87724b04839a99ed6e25b3325df807106ebc7ce9066a4c77fe326f", "61bdf6a8fda9449af2d057b6f6c11487c5ca41389f19ecc1dfa809f4cb4bdc33", "b82e08212cee722bc2d004a001523a97572823e1be786e0dc596bed10d52a8fd", "c0b402a4f08b7d9a40d478350300d15c71de3da80c65d21e046a30ce37a459e3"], "mitre_attack_tags": []}, {"bi": "pe-uses-heavens-gate", "hashes": ["7a91d1ce466d52a1d498fad63e47f24771356bbb79cca25bd585026d78ead807", "d4b206b6dff3baf8ead3fb174e80025d8f84edb4787813d0e704147097596c1b", "f9a5b6cf55cfdf80c976902388c26e62bbf622cd3434baa49dff92ffca8f6a58", "a86c38bebebc72b6749ad50c370c738a83fe3799a1c0357c14099d0e1275750c", "00eb04840db63230036691b00cacffe5567aadd6b229d17393fc8c719cf48dab", "1182fc97b4bbff5c4e196604c56c432dbfd21333a298456429abf24c96c2b584", "a29a76409e778370383c89c0b69ce5291664268e9a65c3a7d3274a5a49398179", "353dbb46d2a041ec26b1b56c51166bf733de21550ef8dcba55d03705713d5791", "05b6a0c3ab87724b04839a99ed6e25b3325df807106ebc7ce9066a4c77fe326f", "61bdf6a8fda9449af2d057b6f6c11487c5ca41389f19ecc1dfa809f4cb4bdc33", "b82e08212cee722bc2d004a001523a97572823e1be786e0dc596bed10d52a8fd", "c0b402a4f08b7d9a40d478350300d15c71de3da80c65d21e046a30ce37a459e3"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "sample-launched-copy-of-self", "hashes": ["6c30fa3b8b0ab3bc9c9311d3af030214806b1e5acb04cebdb3a559e4e7bf11b3", "aa7079829cb7eaa96ef06d420f44ff2a834233ff9534c5dc8d4d04671b873a59", "8e9a4886218312983692cd92e8fc24cea285604b1ad4e933dbd572f8feb4a8d8", "353dbb46d2a041ec26b1b56c51166bf733de21550ef8dcba55d03705713d5791", "05b6a0c3ab87724b04839a99ed6e25b3325df807106ebc7ce9066a4c77fe326f", "8009a2d6798bde4245567a8472beb123edfb5631c13f1d8e6ec62ef0ff20c617", "47f5e1a9b0b645de6a2c17f817e3563c2aa2b2a2d1c2eb7fa266503d1871ccf4", "aa1e0983c213de92652f85e8ba2f5f0d8a8cd7ceb395981495ba1762917dfa33", "53e152a481cd7982ebe8e8e75a9c075f220262dfced375704e2ca22dfb3e7c87", "7ce3ee2f73f5a31415b558e28a46c05817ae82fb6e58b381d7d0d3a5eec2f293", "7385eb0f72f1aa66592d330fc64ed2d850c97abbf67d9e61206e29e646d2032f"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "feed-domain-rat", "hashes": ["7a91d1ce466d52a1d498fad63e47f24771356bbb79cca25bd585026d78ead807", "d4b206b6dff3baf8ead3fb174e80025d8f84edb4787813d0e704147097596c1b", "a86c38bebebc72b6749ad50c370c738a83fe3799a1c0357c14099d0e1275750c", "1182fc97b4bbff5c4e196604c56c432dbfd21333a298456429abf24c96c2b584", "a29a76409e778370383c89c0b69ce5291664268e9a65c3a7d3274a5a49398179", "353dbb46d2a041ec26b1b56c51166bf733de21550ef8dcba55d03705713d5791", "05b6a0c3ab87724b04839a99ed6e25b3325df807106ebc7ce9066a4c77fe326f", "61bdf6a8fda9449af2d057b6f6c11487c5ca41389f19ecc1dfa809f4cb4bdc33", "b82e08212cee722bc2d004a001523a97572823e1be786e0dc596bed10d52a8fd", "c0b402a4f08b7d9a40d478350300d15c71de3da80c65d21e046a30ce37a459e3"], "mitre_attack_tags": []}, {"bi": "malware-lokibot-mutex-detected", "hashes": ["7a91d1ce466d52a1d498fad63e47f24771356bbb79cca25bd585026d78ead807", "d4b206b6dff3baf8ead3fb174e80025d8f84edb4787813d0e704147097596c1b", "f9a5b6cf55cfdf80c976902388c26e62bbf622cd3434baa49dff92ffca8f6a58", "a86c38bebebc72b6749ad50c370c738a83fe3799a1c0357c14099d0e1275750c", "00eb04840db63230036691b00cacffe5567aadd6b229d17393fc8c719cf48dab", "1182fc97b4bbff5c4e196604c56c432dbfd21333a298456429abf24c96c2b584", "a29a76409e778370383c89c0b69ce5291664268e9a65c3a7d3274a5a49398179", "61bdf6a8fda9449af2d057b6f6c11487c5ca41389f19ecc1dfa809f4cb4bdc33", "b82e08212cee722bc2d004a001523a97572823e1be786e0dc596bed10d52a8fd", "c0b402a4f08b7d9a40d478350300d15c71de3da80c65d21e046a30ce37a459e3"], "mitre_attack_tags": []}, {"bi": "network-fast-flux-domain", "hashes": ["6c30fa3b8b0ab3bc9c9311d3af030214806b1e5acb04cebdb3a559e4e7bf11b3", "aa7079829cb7eaa96ef06d420f44ff2a834233ff9534c5dc8d4d04671b873a59", "8e9a4886218312983692cd92e8fc24cea285604b1ad4e933dbd572f8feb4a8d8", "353dbb46d2a041ec26b1b56c51166bf733de21550ef8dcba55d03705713d5791", "05b6a0c3ab87724b04839a99ed6e25b3325df807106ebc7ce9066a4c77fe326f", "8009a2d6798bde4245567a8472beb123edfb5631c13f1d8e6ec62ef0ff20c617", "47f5e1a9b0b645de6a2c17f817e3563c2aa2b2a2d1c2eb7fa266503d1871ccf4", "aa1e0983c213de92652f85e8ba2f5f0d8a8cd7ceb395981495ba1762917dfa33", "53e152a481cd7982ebe8e8e75a9c075f220262dfced375704e2ca22dfb3e7c87", "7ce3ee2f73f5a31415b558e28a46c05817ae82fb6e58b381d7d0d3a5eec2f293"], "mitre_attack_tags": []}, {"bi": "network-opendns-malicious", "hashes": ["d4b206b6dff3baf8ead3fb174e80025d8f84edb4787813d0e704147097596c1b", "1182fc97b4bbff5c4e196604c56c432dbfd21333a298456429abf24c96c2b584", "a29a76409e778370383c89c0b69ce5291664268e9a65c3a7d3274a5a49398179", "353dbb46d2a041ec26b1b56c51166bf733de21550ef8dcba55d03705713d5791", "05b6a0c3ab87724b04839a99ed6e25b3325df807106ebc7ce9066a4c77fe326f", "61bdf6a8fda9449af2d057b6f6c11487c5ca41389f19ecc1dfa809f4cb4bdc33", "8009a2d6798bde4245567a8472beb123edfb5631c13f1d8e6ec62ef0ff20c617", "b82e08212cee722bc2d004a001523a97572823e1be786e0dc596bed10d52a8fd"], "mitre_attack_tags": []}, {"bi": "dns-query-nxdomain", "hashes": ["d4b206b6dff3baf8ead3fb174e80025d8f84edb4787813d0e704147097596c1b", "a86c38bebebc72b6749ad50c370c738a83fe3799a1c0357c14099d0e1275750c", "8e9a4886218312983692cd92e8fc24cea285604b1ad4e933dbd572f8feb4a8d8", "1182fc97b4bbff5c4e196604c56c432dbfd21333a298456429abf24c96c2b584", "a29a76409e778370383c89c0b69ce5291664268e9a65c3a7d3274a5a49398179", "61bdf6a8fda9449af2d057b6f6c11487c5ca41389f19ecc1dfa809f4cb4bdc33", "8009a2d6798bde4245567a8472beb123edfb5631c13f1d8e6ec62ef0ff20c617", "b82e08212cee722bc2d004a001523a97572823e1be786e0dc596bed10d52a8fd"], "mitre_attack_tags": []}, {"bi": "network-only-safe-domains-contacted", "hashes": ["6c30fa3b8b0ab3bc9c9311d3af030214806b1e5acb04cebdb3a559e4e7bf11b3", "aa7079829cb7eaa96ef06d420f44ff2a834233ff9534c5dc8d4d04671b873a59", "8e9a4886218312983692cd92e8fc24cea285604b1ad4e933dbd572f8feb4a8d8", "8009a2d6798bde4245567a8472beb123edfb5631c13f1d8e6ec62ef0ff20c617", "47f5e1a9b0b645de6a2c17f817e3563c2aa2b2a2d1c2eb7fa266503d1871ccf4", "aa1e0983c213de92652f85e8ba2f5f0d8a8cd7ceb395981495ba1762917dfa33", "53e152a481cd7982ebe8e8e75a9c075f220262dfced375704e2ca22dfb3e7c87", "7ce3ee2f73f5a31415b558e28a46c05817ae82fb6e58b381d7d0d3a5eec2f293"], "mitre_attack_tags": []}, {"bi": "network-http-blank-user-agent", "hashes": ["6c30fa3b8b0ab3bc9c9311d3af030214806b1e5acb04cebdb3a559e4e7bf11b3", "aa7079829cb7eaa96ef06d420f44ff2a834233ff9534c5dc8d4d04671b873a59", "8e9a4886218312983692cd92e8fc24cea285604b1ad4e933dbd572f8feb4a8d8", "8009a2d6798bde4245567a8472beb123edfb5631c13f1d8e6ec62ef0ff20c617", "47f5e1a9b0b645de6a2c17f817e3563c2aa2b2a2d1c2eb7fa266503d1871ccf4", "aa1e0983c213de92652f85e8ba2f5f0d8a8cd7ceb395981495ba1762917dfa33", "53e152a481cd7982ebe8e8e75a9c075f220262dfced375704e2ca22dfb3e7c87", "7ce3ee2f73f5a31415b558e28a46c05817ae82fb6e58b381d7d0d3a5eec2f293"], "mitre_attack_tags": ["TA0011", "T1071"]}, {"bi": "public-ip-address-identification-attempt", "hashes": ["6c30fa3b8b0ab3bc9c9311d3af030214806b1e5acb04cebdb3a559e4e7bf11b3", "aa7079829cb7eaa96ef06d420f44ff2a834233ff9534c5dc8d4d04671b873a59", "8e9a4886218312983692cd92e8fc24cea285604b1ad4e933dbd572f8feb4a8d8", "8009a2d6798bde4245567a8472beb123edfb5631c13f1d8e6ec62ef0ff20c617", "47f5e1a9b0b645de6a2c17f817e3563c2aa2b2a2d1c2eb7fa266503d1871ccf4", "aa1e0983c213de92652f85e8ba2f5f0d8a8cd7ceb395981495ba1762917dfa33", "53e152a481cd7982ebe8e8e75a9c075f220262dfced375704e2ca22dfb3e7c87", "7ce3ee2f73f5a31415b558e28a46c05817ae82fb6e58b381d7d0d3a5eec2f293"], "mitre_attack_tags": ["TA0007", "T1082", "T1016"]}, {"bi": "modified-executable", "hashes": ["6c30fa3b8b0ab3bc9c9311d3af030214806b1e5acb04cebdb3a559e4e7bf11b3", "aa7079829cb7eaa96ef06d420f44ff2a834233ff9534c5dc8d4d04671b873a59", "8e9a4886218312983692cd92e8fc24cea285604b1ad4e933dbd572f8feb4a8d8", "47f5e1a9b0b645de6a2c17f817e3563c2aa2b2a2d1c2eb7fa266503d1871ccf4", "aa1e0983c213de92652f85e8ba2f5f0d8a8cd7ceb395981495ba1762917dfa33", "53e152a481cd7982ebe8e8e75a9c075f220262dfced375704e2ca22dfb3e7c87", "7ce3ee2f73f5a31415b558e28a46c05817ae82fb6e58b381d7d0d3a5eec2f293"], "mitre_attack_tags": []}, {"bi": "created-executable-in-user-dir", "hashes": ["6c30fa3b8b0ab3bc9c9311d3af030214806b1e5acb04cebdb3a559e4e7bf11b3", "aa7079829cb7eaa96ef06d420f44ff2a834233ff9534c5dc8d4d04671b873a59", "8e9a4886218312983692cd92e8fc24cea285604b1ad4e933dbd572f8feb4a8d8", "47f5e1a9b0b645de6a2c17f817e3563c2aa2b2a2d1c2eb7fa266503d1871ccf4", "aa1e0983c213de92652f85e8ba2f5f0d8a8cd7ceb395981495ba1762917dfa33", "53e152a481cd7982ebe8e8e75a9c075f220262dfced375704e2ca22dfb3e7c87", "7ce3ee2f73f5a31415b558e28a46c05817ae82fb6e58b381d7d0d3a5eec2f293"], "mitre_attack_tags": []}, {"bi": "network-communications-http-get", "hashes": ["6c30fa3b8b0ab3bc9c9311d3af030214806b1e5acb04cebdb3a559e4e7bf11b3", "aa7079829cb7eaa96ef06d420f44ff2a834233ff9534c5dc8d4d04671b873a59", "8e9a4886218312983692cd92e8fc24cea285604b1ad4e933dbd572f8feb4a8d8", "47f5e1a9b0b645de6a2c17f817e3563c2aa2b2a2d1c2eb7fa266503d1871ccf4", "aa1e0983c213de92652f85e8ba2f5f0d8a8cd7ceb395981495ba1762917dfa33", "53e152a481cd7982ebe8e8e75a9c075f220262dfced375704e2ca22dfb3e7c87", "7ce3ee2f73f5a31415b558e28a46c05817ae82fb6e58b381d7d0d3a5eec2f293"], "mitre_attack_tags": ["TA0011", "T1105"]}, {"bi": "registry-autorun-key-modified", "hashes": ["6c30fa3b8b0ab3bc9c9311d3af030214806b1e5acb04cebdb3a559e4e7bf11b3", "aa7079829cb7eaa96ef06d420f44ff2a834233ff9534c5dc8d4d04671b873a59", "8e9a4886218312983692cd92e8fc24cea285604b1ad4e933dbd572f8feb4a8d8", "47f5e1a9b0b645de6a2c17f817e3563c2aa2b2a2d1c2eb7fa266503d1871ccf4", "aa1e0983c213de92652f85e8ba2f5f0d8a8cd7ceb395981495ba1762917dfa33", "53e152a481cd7982ebe8e8e75a9c075f220262dfced375704e2ca22dfb3e7c87", "7ce3ee2f73f5a31415b558e28a46c05817ae82fb6e58b381d7d0d3a5eec2f293"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "created-executable-sample-appdata", "hashes": ["6c30fa3b8b0ab3bc9c9311d3af030214806b1e5acb04cebdb3a559e4e7bf11b3", "aa7079829cb7eaa96ef06d420f44ff2a834233ff9534c5dc8d4d04671b873a59", "8e9a4886218312983692cd92e8fc24cea285604b1ad4e933dbd572f8feb4a8d8", "47f5e1a9b0b645de6a2c17f817e3563c2aa2b2a2d1c2eb7fa266503d1871ccf4", "aa1e0983c213de92652f85e8ba2f5f0d8a8cd7ceb395981495ba1762917dfa33", "53e152a481cd7982ebe8e8e75a9c075f220262dfced375704e2ca22dfb3e7c87", "7ce3ee2f73f5a31415b558e28a46c05817ae82fb6e58b381d7d0d3a5eec2f293"], "mitre_attack_tags": ["TA0005", "T1564"]}, {"bi": "excessive-foreign-memory-modification", "hashes": ["6c30fa3b8b0ab3bc9c9311d3af030214806b1e5acb04cebdb3a559e4e7bf11b3", "aa7079829cb7eaa96ef06d420f44ff2a834233ff9534c5dc8d4d04671b873a59", "8e9a4886218312983692cd92e8fc24cea285604b1ad4e933dbd572f8feb4a8d8", "47f5e1a9b0b645de6a2c17f817e3563c2aa2b2a2d1c2eb7fa266503d1871ccf4", "53e152a481cd7982ebe8e8e75a9c075f220262dfced375704e2ca22dfb3e7c87", "7ce3ee2f73f5a31415b558e28a46c05817ae82fb6e58b381d7d0d3a5eec2f293"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "listening-port-opened", "hashes": ["6c30fa3b8b0ab3bc9c9311d3af030214806b1e5acb04cebdb3a559e4e7bf11b3", "aa7079829cb7eaa96ef06d420f44ff2a834233ff9534c5dc8d4d04671b873a59", "8e9a4886218312983692cd92e8fc24cea285604b1ad4e933dbd572f8feb4a8d8", "47f5e1a9b0b645de6a2c17f817e3563c2aa2b2a2d1c2eb7fa266503d1871ccf4", "53e152a481cd7982ebe8e8e75a9c075f220262dfced375704e2ca22dfb3e7c87", "7ce3ee2f73f5a31415b558e28a46c05817ae82fb6e58b381d7d0d3a5eec2f293"], "mitre_attack_tags": ["TA0011", "T1219"]}, {"bi": "registry-autorun-key-data-dir", "hashes": ["6c30fa3b8b0ab3bc9c9311d3af030214806b1e5acb04cebdb3a559e4e7bf11b3", "aa7079829cb7eaa96ef06d420f44ff2a834233ff9534c5dc8d4d04671b873a59", "8e9a4886218312983692cd92e8fc24cea285604b1ad4e933dbd572f8feb4a8d8", "47f5e1a9b0b645de6a2c17f817e3563c2aa2b2a2d1c2eb7fa266503d1871ccf4", "53e152a481cd7982ebe8e8e75a9c075f220262dfced375704e2ca22dfb3e7c87", "7ce3ee2f73f5a31415b558e28a46c05817ae82fb6e58b381d7d0d3a5eec2f293"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "registry-autorun-suspicious-public-ip", "hashes": ["6c30fa3b8b0ab3bc9c9311d3af030214806b1e5acb04cebdb3a559e4e7bf11b3", "aa7079829cb7eaa96ef06d420f44ff2a834233ff9534c5dc8d4d04671b873a59", "8e9a4886218312983692cd92e8fc24cea285604b1ad4e933dbd572f8feb4a8d8", "47f5e1a9b0b645de6a2c17f817e3563c2aa2b2a2d1c2eb7fa266503d1871ccf4", "53e152a481cd7982ebe8e8e75a9c075f220262dfced375704e2ca22dfb3e7c87", "7ce3ee2f73f5a31415b558e28a46c05817ae82fb6e58b381d7d0d3a5eec2f293"], "mitre_attack_tags": []}, {"bi": "http-response-redirect", "hashes": ["6c30fa3b8b0ab3bc9c9311d3af030214806b1e5acb04cebdb3a559e4e7bf11b3", "aa7079829cb7eaa96ef06d420f44ff2a834233ff9534c5dc8d4d04671b873a59", "8e9a4886218312983692cd92e8fc24cea285604b1ad4e933dbd572f8feb4a8d8", "47f5e1a9b0b645de6a2c17f817e3563c2aa2b2a2d1c2eb7fa266503d1871ccf4", "53e152a481cd7982ebe8e8e75a9c075f220262dfced375704e2ca22dfb3e7c87", "7ce3ee2f73f5a31415b558e28a46c05817ae82fb6e58b381d7d0d3a5eec2f293"], "mitre_attack_tags": []}, {"bi": "compiler-vbc-run", "hashes": ["6c30fa3b8b0ab3bc9c9311d3af030214806b1e5acb04cebdb3a559e4e7bf11b3", "aa7079829cb7eaa96ef06d420f44ff2a834233ff9534c5dc8d4d04671b873a59", "8e9a4886218312983692cd92e8fc24cea285604b1ad4e933dbd572f8feb4a8d8", "47f5e1a9b0b645de6a2c17f817e3563c2aa2b2a2d1c2eb7fa266503d1871ccf4", "53e152a481cd7982ebe8e8e75a9c075f220262dfced375704e2ca22dfb3e7c87", "7ce3ee2f73f5a31415b558e28a46c05817ae82fb6e58b381d7d0d3a5eec2f293"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "malware-hawkeye-detected", "hashes": ["6c30fa3b8b0ab3bc9c9311d3af030214806b1e5acb04cebdb3a559e4e7bf11b3", "aa7079829cb7eaa96ef06d420f44ff2a834233ff9534c5dc8d4d04671b873a59", "8e9a4886218312983692cd92e8fc24cea285604b1ad4e933dbd572f8feb4a8d8", "47f5e1a9b0b645de6a2c17f817e3563c2aa2b2a2d1c2eb7fa266503d1871ccf4", "53e152a481cd7982ebe8e8e75a9c075f220262dfced375704e2ca22dfb3e7c87", "7ce3ee2f73f5a31415b558e28a46c05817ae82fb6e58b381d7d0d3a5eec2f293"], "mitre_attack_tags": []}, {"bi": "dot-net-process-hollowing-detected", "hashes": ["6c30fa3b8b0ab3bc9c9311d3af030214806b1e5acb04cebdb3a559e4e7bf11b3", "aa7079829cb7eaa96ef06d420f44ff2a834233ff9534c5dc8d4d04671b873a59", "8e9a4886218312983692cd92e8fc24cea285604b1ad4e933dbd572f8feb4a8d8", "47f5e1a9b0b645de6a2c17f817e3563c2aa2b2a2d1c2eb7fa266503d1871ccf4", "53e152a481cd7982ebe8e8e75a9c075f220262dfced375704e2ca22dfb3e7c87", "7ce3ee2f73f5a31415b558e28a46c05817ae82fb6e58b381d7d0d3a5eec2f293"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "process-hollowing-detected", "hashes": ["aa7079829cb7eaa96ef06d420f44ff2a834233ff9534c5dc8d4d04671b873a59", "8e9a4886218312983692cd92e8fc24cea285604b1ad4e933dbd572f8feb4a8d8", "aa1e0983c213de92652f85e8ba2f5f0d8a8cd7ceb395981495ba1762917dfa33", "c0b402a4f08b7d9a40d478350300d15c71de3da80c65d21e046a30ce37a459e3", "53e152a481cd7982ebe8e8e75a9c075f220262dfced375704e2ca22dfb3e7c87", "7ce3ee2f73f5a31415b558e28a46c05817ae82fb6e58b381d7d0d3a5eec2f293"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "network-communications-http-post", "hashes": ["7a91d1ce466d52a1d498fad63e47f24771356bbb79cca25bd585026d78ead807", "353dbb46d2a041ec26b1b56c51166bf733de21550ef8dcba55d03705713d5791", "05b6a0c3ab87724b04839a99ed6e25b3325df807106ebc7ce9066a4c77fe326f", "8009a2d6798bde4245567a8472beb123edfb5631c13f1d8e6ec62ef0ff20c617", "c0b402a4f08b7d9a40d478350300d15c71de3da80c65d21e046a30ce37a459e3"], "mitre_attack_tags": ["TA0010", "T1048"]}, {"bi": "netbios-query", "hashes": ["d4b206b6dff3baf8ead3fb174e80025d8f84edb4787813d0e704147097596c1b", "a86c38bebebc72b6749ad50c370c738a83fe3799a1c0357c14099d0e1275750c", "1182fc97b4bbff5c4e196604c56c432dbfd21333a298456429abf24c96c2b584", "a29a76409e778370383c89c0b69ce5291664268e9a65c3a7d3274a5a49398179", "61bdf6a8fda9449af2d057b6f6c11487c5ca41389f19ecc1dfa809f4cb4bdc33"], "mitre_attack_tags": ["TA0007", "T1016"]}, {"bi": "windows-crash-tool-execution-detected", "hashes": ["6c30fa3b8b0ab3bc9c9311d3af030214806b1e5acb04cebdb3a559e4e7bf11b3", "aa7079829cb7eaa96ef06d420f44ff2a834233ff9534c5dc8d4d04671b873a59", "47f5e1a9b0b645de6a2c17f817e3563c2aa2b2a2d1c2eb7fa266503d1871ccf4", "53e152a481cd7982ebe8e8e75a9c075f220262dfced375704e2ca22dfb3e7c87", "7ce3ee2f73f5a31415b558e28a46c05817ae82fb6e58b381d7d0d3a5eec2f293"], "mitre_attack_tags": []}, {"bi": "crash-dump-file-created", "hashes": ["6c30fa3b8b0ab3bc9c9311d3af030214806b1e5acb04cebdb3a559e4e7bf11b3", "aa7079829cb7eaa96ef06d420f44ff2a834233ff9534c5dc8d4d04671b873a59", "47f5e1a9b0b645de6a2c17f817e3563c2aa2b2a2d1c2eb7fa266503d1871ccf4", "53e152a481cd7982ebe8e8e75a9c075f220262dfced375704e2ca22dfb3e7c87", "7ce3ee2f73f5a31415b558e28a46c05817ae82fb6e58b381d7d0d3a5eec2f293"], "mitre_attack_tags": []}, {"bi": "fault-report-file-created", "hashes": ["6c30fa3b8b0ab3bc9c9311d3af030214806b1e5acb04cebdb3a559e4e7bf11b3", "aa7079829cb7eaa96ef06d420f44ff2a834233ff9534c5dc8d4d04671b873a59", "47f5e1a9b0b645de6a2c17f817e3563c2aa2b2a2d1c2eb7fa266503d1871ccf4", "53e152a481cd7982ebe8e8e75a9c075f220262dfced375704e2ca22dfb3e7c87", "7ce3ee2f73f5a31415b558e28a46c05817ae82fb6e58b381d7d0d3a5eec2f293"], "mitre_attack_tags": []}, {"bi": "network-file-uploaded", "hashes": ["7a91d1ce466d52a1d498fad63e47f24771356bbb79cca25bd585026d78ead807", "353dbb46d2a041ec26b1b56c51166bf733de21550ef8dcba55d03705713d5791", "05b6a0c3ab87724b04839a99ed6e25b3325df807106ebc7ce9066a4c77fe326f", "c0b402a4f08b7d9a40d478350300d15c71de3da80c65d21e046a30ce37a459e3"], "mitre_attack_tags": ["TA0010", "T1011"]}, {"bi": "network-snort-malware", "hashes": ["7a91d1ce466d52a1d498fad63e47f24771356bbb79cca25bd585026d78ead807", "353dbb46d2a041ec26b1b56c51166bf733de21550ef8dcba55d03705713d5791", "05b6a0c3ab87724b04839a99ed6e25b3325df807106ebc7ce9066a4c77fe326f", "c0b402a4f08b7d9a40d478350300d15c71de3da80c65d21e046a30ce37a459e3"], "mitre_attack_tags": []}, {"bi": "suspicious-user-agent", "hashes": ["7a91d1ce466d52a1d498fad63e47f24771356bbb79cca25bd585026d78ead807", "353dbb46d2a041ec26b1b56c51166bf733de21550ef8dcba55d03705713d5791", "05b6a0c3ab87724b04839a99ed6e25b3325df807106ebc7ce9066a4c77fe326f", "c0b402a4f08b7d9a40d478350300d15c71de3da80c65d21e046a30ce37a459e3"], "mitre_attack_tags": ["TA0011", "T1071"]}, {"bi": "malware-lokibot-user-agent-detected", "hashes": ["7a91d1ce466d52a1d498fad63e47f24771356bbb79cca25bd585026d78ead807", "353dbb46d2a041ec26b1b56c51166bf733de21550ef8dcba55d03705713d5791", "05b6a0c3ab87724b04839a99ed6e25b3325df807106ebc7ce9066a4c77fe326f", "c0b402a4f08b7d9a40d478350300d15c71de3da80c65d21e046a30ce37a459e3"], "mitre_attack_tags": []}, {"bi": "dot-net-crash-tool-execution-detected", "hashes": ["6c30fa3b8b0ab3bc9c9311d3af030214806b1e5acb04cebdb3a559e4e7bf11b3", "aa7079829cb7eaa96ef06d420f44ff2a834233ff9534c5dc8d4d04671b873a59", "47f5e1a9b0b645de6a2c17f817e3563c2aa2b2a2d1c2eb7fa266503d1871ccf4", "7ce3ee2f73f5a31415b558e28a46c05817ae82fb6e58b381d7d0d3a5eec2f293"], "mitre_attack_tags": []}, {"bi": "imports-IsDebuggerPresent", "hashes": ["8e9a4886218312983692cd92e8fc24cea285604b1ad4e933dbd572f8feb4a8d8", "8009a2d6798bde4245567a8472beb123edfb5631c13f1d8e6ec62ef0ff20c617", "aa1e0983c213de92652f85e8ba2f5f0d8a8cd7ceb395981495ba1762917dfa33", "53e152a481cd7982ebe8e8e75a9c075f220262dfced375704e2ca22dfb3e7c87"], "mitre_attack_tags": ["TA0005", "TA0007"]}, {"bi": "pe-imports-toolhelp", "hashes": ["8e9a4886218312983692cd92e8fc24cea285604b1ad4e933dbd572f8feb4a8d8", "8009a2d6798bde4245567a8472beb123edfb5631c13f1d8e6ec62ef0ff20c617", "aa1e0983c213de92652f85e8ba2f5f0d8a8cd7ceb395981495ba1762917dfa33", "53e152a481cd7982ebe8e8e75a9c075f220262dfced375704e2ca22dfb3e7c87"], "mitre_attack_tags": ["TA0007", "T1057"]}, {"bi": "network-fast-flux-nameserver", "hashes": ["a86c38bebebc72b6749ad50c370c738a83fe3799a1c0357c14099d0e1275750c", "a29a76409e778370383c89c0b69ce5291664268e9a65c3a7d3274a5a49398179", "b82e08212cee722bc2d004a001523a97572823e1be786e0dc596bed10d52a8fd"], "mitre_attack_tags": []}, {"bi": "enumeration-email-program-information", "hashes": ["8e9a4886218312983692cd92e8fc24cea285604b1ad4e933dbd572f8feb4a8d8", "8009a2d6798bde4245567a8472beb123edfb5631c13f1d8e6ec62ef0ff20c617", "53e152a481cd7982ebe8e8e75a9c075f220262dfced375704e2ca22dfb3e7c87"], "mitre_attack_tags": ["TA0007", "TA0009", "TA0006", "T1083", "T1087", "T1005", "T1119", "T1114", "T1552"]}, {"bi": "sample-launched-copy-domain-flagged", "hashes": ["353dbb46d2a041ec26b1b56c51166bf733de21550ef8dcba55d03705713d5791", "05b6a0c3ab87724b04839a99ed6e25b3325df807106ebc7ce9066a4c77fe326f", "8009a2d6798bde4245567a8472beb123edfb5631c13f1d8e6ec62ef0ff20c617"], "mitre_attack_tags": ["TA0011", "T1102"]}, {"bi": "pe-invalid-certificate-signature", "hashes": ["353dbb46d2a041ec26b1b56c51166bf733de21550ef8dcba55d03705713d5791", "05b6a0c3ab87724b04839a99ed6e25b3325df807106ebc7ce9066a4c77fe326f", "aa1e0983c213de92652f85e8ba2f5f0d8a8cd7ceb395981495ba1762917dfa33"], "mitre_attack_tags": ["TA0005", "T1553"]}, {"bi": "nginx-webserver-detected", "hashes": ["7a91d1ce466d52a1d498fad63e47f24771356bbb79cca25bd585026d78ead807", "c0b402a4f08b7d9a40d478350300d15c71de3da80c65d21e046a30ce37a459e3"], "mitre_attack_tags": []}, {"bi": "http-response-client-error", "hashes": ["7a91d1ce466d52a1d498fad63e47f24771356bbb79cca25bd585026d78ead807", "c0b402a4f08b7d9a40d478350300d15c71de3da80c65d21e046a30ce37a459e3"], "mitre_attack_tags": []}, {"bi": "feed-public-ip-check-dns", "hashes": ["8e9a4886218312983692cd92e8fc24cea285604b1ad4e933dbd572f8feb4a8d8", "8009a2d6798bde4245567a8472beb123edfb5631c13f1d8e6ec62ef0ff20c617"], "mitre_attack_tags": []}, {"bi": "malware-generic-infostealer", "hashes": ["8e9a4886218312983692cd92e8fc24cea285604b1ad4e933dbd572f8feb4a8d8", "8009a2d6798bde4245567a8472beb123edfb5631c13f1d8e6ec62ef0ff20c617"], "mitre_attack_tags": ["TA0007", "TA0009", "TA0006", "T1083", "T1005", "T1119", "T1552"]}, {"bi": "network-dns-malicious-snort", "hashes": ["353dbb46d2a041ec26b1b56c51166bf733de21550ef8dcba55d03705713d5791", "05b6a0c3ab87724b04839a99ed6e25b3325df807106ebc7ce9066a4c77fe326f"], "mitre_attack_tags": ["TA0011", "T1102"]}, {"bi": "network-dns-upload-file", "hashes": ["353dbb46d2a041ec26b1b56c51166bf733de21550ef8dcba55d03705713d5791", "05b6a0c3ab87724b04839a99ed6e25b3325df807106ebc7ce9066a4c77fe326f"], "mitre_attack_tags": []}, {"bi": "files-created-vbs", "hashes": ["aa1e0983c213de92652f85e8ba2f5f0d8a8cd7ceb395981495ba1762917dfa33", "7ce3ee2f73f5a31415b558e28a46c05817ae82fb6e58b381d7d0d3a5eec2f293"], "mitre_attack_tags": ["TA0002", "T1059"]}, {"bi": "vbs-calls-shell", "hashes": ["aa1e0983c213de92652f85e8ba2f5f0d8a8cd7ceb395981495ba1762917dfa33", "7ce3ee2f73f5a31415b558e28a46c05817ae82fb6e58b381d7d0d3a5eec2f293"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "vbs-creates-and-runs", "hashes": ["aa1e0983c213de92652f85e8ba2f5f0d8a8cd7ceb395981495ba1762917dfa33", "7ce3ee2f73f5a31415b558e28a46c05817ae82fb6e58b381d7d0d3a5eec2f293"], "mitre_attack_tags": ["TA0002", "T1059"]}, {"bi": "process-windows-script-launched", "hashes": ["aa1e0983c213de92652f85e8ba2f5f0d8a8cd7ceb395981495ba1762917dfa33", "7ce3ee2f73f5a31415b558e28a46c05817ae82fb6e58b381d7d0d3a5eec2f293"], "mitre_attack_tags": ["TA0002", "T1059"]}, {"bi": "deleted-submitted-file", "hashes": ["a86c38bebebc72b6749ad50c370c738a83fe3799a1c0357c14099d0e1275750c"], "mitre_attack_tags": ["TA0005"]}, {"bi": "compound-vb-self-delete", "hashes": ["a86c38bebebc72b6749ad50c370c738a83fe3799a1c0357c14099d0e1275750c"], "mitre_attack_tags": []}, {"bi": "process-check-browser-mail-client-files", "hashes": ["8e9a4886218312983692cd92e8fc24cea285604b1ad4e933dbd572f8feb4a8d8"], "mitre_attack_tags": ["TA0007", "T1518"]}, {"bi": "pe-imports-psapi-dll", "hashes": ["8009a2d6798bde4245567a8472beb123edfb5631c13f1d8e6ec62ef0ff20c617"], "mitre_attack_tags": ["TA0007", "T1057"]}, {"bi": "malware-vidar-mutex-detected", "hashes": ["8009a2d6798bde4245567a8472beb123edfb5631c13f1d8e6ec62ef0ff20c617"], "mitre_attack_tags": []}, {"bi": "malware-vidar-file-detected", "hashes": ["8009a2d6798bde4245567a8472beb123edfb5631c13f1d8e6ec62ef0ff20c617"], "mitre_attack_tags": ["TA0010", "T1041"]}, {"bi": "malware-oski-file-path-detected", "hashes": ["8009a2d6798bde4245567a8472beb123edfb5631c13f1d8e6ec62ef0ff20c617"], "mitre_attack_tags": ["TA0007", "TA0009", "TA0010", "TA0006", "T1083", "T1005", "T1119", "T1020", "T1041", "T1552"]}, {"bi": "hosts-file-modification", "hashes": ["aa1e0983c213de92652f85e8ba2f5f0d8a8cd7ceb395981495ba1762917dfa33"], "mitre_attack_tags": ["TA0011", "TA0005"]}, {"bi": "network-snort-indicator-compromise", "hashes": ["b82e08212cee722bc2d004a001523a97572823e1be786e0dc596bed10d52a8fd"], "mitre_attack_tags": []}, {"bi": "pe-invalid-checksum", "hashes": ["53e152a481cd7982ebe8e8e75a9c075f220262dfced375704e2ca22dfb3e7c87"], "mitre_attack_tags": []}], "category": "Dropper", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": true, "Threat Grid": true, "Umbrella": true, "WSA": true}, "description": "Lokibot is an information-stealing malware designed to siphon off sensitive information stored on an infected device. It is modular in nature, supporting the ability to steal sensitive information from a number of popular applications. It is commonly pushed via malicious documents delivered via spam emails.", "hashes": ["00eb04840db63230036691b00cacffe5567aadd6b229d17393fc8c719cf48dab", "05b6a0c3ab87724b04839a99ed6e25b3325df807106ebc7ce9066a4c77fe326f", "1182fc97b4bbff5c4e196604c56c432dbfd21333a298456429abf24c96c2b584", "353dbb46d2a041ec26b1b56c51166bf733de21550ef8dcba55d03705713d5791", "47f5e1a9b0b645de6a2c17f817e3563c2aa2b2a2d1c2eb7fa266503d1871ccf4", "53e152a481cd7982ebe8e8e75a9c075f220262dfced375704e2ca22dfb3e7c87", "61bdf6a8fda9449af2d057b6f6c11487c5ca41389f19ecc1dfa809f4cb4bdc33", "6c30fa3b8b0ab3bc9c9311d3af030214806b1e5acb04cebdb3a559e4e7bf11b3", "7385eb0f72f1aa66592d330fc64ed2d850c97abbf67d9e61206e29e646d2032f", "7a91d1ce466d52a1d498fad63e47f24771356bbb79cca25bd585026d78ead807", "7ce3ee2f73f5a31415b558e28a46c05817ae82fb6e58b381d7d0d3a5eec2f293", "8009a2d6798bde4245567a8472beb123edfb5631c13f1d8e6ec62ef0ff20c617", "8e9a4886218312983692cd92e8fc24cea285604b1ad4e933dbd572f8feb4a8d8", "a29a76409e778370383c89c0b69ce5291664268e9a65c3a7d3274a5a49398179", "a86c38bebebc72b6749ad50c370c738a83fe3799a1c0357c14099d0e1275750c", "aa1e0983c213de92652f85e8ba2f5f0d8a8cd7ceb395981495ba1762917dfa33", "aa7079829cb7eaa96ef06d420f44ff2a834233ff9534c5dc8d4d04671b873a59", "b82e08212cee722bc2d004a001523a97572823e1be786e0dc596bed10d52a8fd", "c0b402a4f08b7d9a40d478350300d15c71de3da80c65d21e046a30ce37a459e3", "d4b206b6dff3baf8ead3fb174e80025d8f84edb4787813d0e704147097596c1b", "f9a5b6cf55cfdf80c976902388c26e62bbf622cd3434baa49dff92ffca8f6a58"], "iocs": {"domain": [{"hashes": ["47f5e1a9b0b645de6a2c17f817e3563c2aa2b2a2d1c2eb7fa266503d1871ccf4", "53e152a481cd7982ebe8e8e75a9c075f220262dfced375704e2ca22dfb3e7c87", "6c30fa3b8b0ab3bc9c9311d3af030214806b1e5acb04cebdb3a559e4e7bf11b3", "7ce3ee2f73f5a31415b558e28a46c05817ae82fb6e58b381d7d0d3a5eec2f293", "8e9a4886218312983692cd92e8fc24cea285604b1ad4e933dbd572f8feb4a8d8", "aa7079829cb7eaa96ef06d420f44ff2a834233ff9534c5dc8d4d04671b873a59"], "host": "whatismyipaddress[.]com"}, {"hashes": ["1182fc97b4bbff5c4e196604c56c432dbfd21333a298456429abf24c96c2b584", "61bdf6a8fda9449af2d057b6f6c11487c5ca41389f19ecc1dfa809f4cb4bdc33", "a29a76409e778370383c89c0b69ce5291664268e9a65c3a7d3274a5a49398179"], "host": "optimurn[.]host"}, {"hashes": ["05b6a0c3ab87724b04839a99ed6e25b3325df807106ebc7ce9066a4c77fe326f", "353dbb46d2a041ec26b1b56c51166bf733de21550ef8dcba55d03705713d5791"], "host": "thammyvienanthea[.]com"}, {"hashes": ["7a91d1ce466d52a1d498fad63e47f24771356bbb79cca25bd585026d78ead807", "c0b402a4f08b7d9a40d478350300d15c71de3da80c65d21e046a30ce37a459e3"], "host": "changdeacorp[.]com"}, {"hashes": ["8009a2d6798bde4245567a8472beb123edfb5631c13f1d8e6ec62ef0ff20c617"], "host": "ip-api[.]com"}, {"hashes": ["aa1e0983c213de92652f85e8ba2f5f0d8a8cd7ceb395981495ba1762917dfa33"], "host": "checkip[.]amazonaws[.]com"}, {"hashes": ["d4b206b6dff3baf8ead3fb174e80025d8f84edb4787813d0e704147097596c1b"], "host": "rikolexx[.]com"}, {"hashes": ["a86c38bebebc72b6749ad50c370c738a83fe3799a1c0357c14099d0e1275750c"], "host": "hooklinez[.]us"}, {"hashes": ["8e9a4886218312983692cd92e8fc24cea285604b1ad4e933dbd572f8feb4a8d8"], "host": "smtp[.]easterncarqo[.]co[.]in"}, {"hashes": ["8009a2d6798bde4245567a8472beb123edfb5631c13f1d8e6ec62ef0ff20c617"], "host": "mytradecrypto[.]ug"}, {"hashes": ["b82e08212cee722bc2d004a001523a97572823e1be786e0dc596bed10d52a8fd"], "host": "www[.]forgivers2019[.]tk"}], "file": [{"hashes": ["00eb04840db63230036691b00cacffe5567aadd6b229d17393fc8c719cf48dab", "05b6a0c3ab87724b04839a99ed6e25b3325df807106ebc7ce9066a4c77fe326f", "1182fc97b4bbff5c4e196604c56c432dbfd21333a298456429abf24c96c2b584", "353dbb46d2a041ec26b1b56c51166bf733de21550ef8dcba55d03705713d5791", "61bdf6a8fda9449af2d057b6f6c11487c5ca41389f19ecc1dfa809f4cb4bdc33", "7a91d1ce466d52a1d498fad63e47f24771356bbb79cca25bd585026d78ead807", "a29a76409e778370383c89c0b69ce5291664268e9a65c3a7d3274a5a49398179", "a86c38bebebc72b6749ad50c370c738a83fe3799a1c0357c14099d0e1275750c", "b82e08212cee722bc2d004a001523a97572823e1be786e0dc596bed10d52a8fd", "c0b402a4f08b7d9a40d478350300d15c71de3da80c65d21e046a30ce37a459e3", "d4b206b6dff3baf8ead3fb174e80025d8f84edb4787813d0e704147097596c1b", "f9a5b6cf55cfdf80c976902388c26e62bbf622cd3434baa49dff92ffca8f6a58"], "path": "%APPDATA%\\Microsoft\\Crypto\\RSA\\S-1-5-21-2580483871-590521980-3826313501-500\\a18ca4003deb042bbee7a40f15e1970b_d19ab989-a35f-4710-83df-7b2db7efe7c5"}, {"hashes": ["00eb04840db63230036691b00cacffe5567aadd6b229d17393fc8c719cf48dab", "1182fc97b4bbff5c4e196604c56c432dbfd21333a298456429abf24c96c2b584", "61bdf6a8fda9449af2d057b6f6c11487c5ca41389f19ecc1dfa809f4cb4bdc33", "7a91d1ce466d52a1d498fad63e47f24771356bbb79cca25bd585026d78ead807", "a29a76409e778370383c89c0b69ce5291664268e9a65c3a7d3274a5a49398179", "a86c38bebebc72b6749ad50c370c738a83fe3799a1c0357c14099d0e1275750c", "b82e08212cee722bc2d004a001523a97572823e1be786e0dc596bed10d52a8fd", "c0b402a4f08b7d9a40d478350300d15c71de3da80c65d21e046a30ce37a459e3", "d4b206b6dff3baf8ead3fb174e80025d8f84edb4787813d0e704147097596c1b", "f9a5b6cf55cfdf80c976902388c26e62bbf622cd3434baa49dff92ffca8f6a58"], "path": "%APPDATA%\\D282E1"}, {"hashes": ["00eb04840db63230036691b00cacffe5567aadd6b229d17393fc8c719cf48dab", "1182fc97b4bbff5c4e196604c56c432dbfd21333a298456429abf24c96c2b584", "61bdf6a8fda9449af2d057b6f6c11487c5ca41389f19ecc1dfa809f4cb4bdc33", "7a91d1ce466d52a1d498fad63e47f24771356bbb79cca25bd585026d78ead807", "a29a76409e778370383c89c0b69ce5291664268e9a65c3a7d3274a5a49398179", "a86c38bebebc72b6749ad50c370c738a83fe3799a1c0357c14099d0e1275750c", "b82e08212cee722bc2d004a001523a97572823e1be786e0dc596bed10d52a8fd", "c0b402a4f08b7d9a40d478350300d15c71de3da80c65d21e046a30ce37a459e3", "d4b206b6dff3baf8ead3fb174e80025d8f84edb4787813d0e704147097596c1b", "f9a5b6cf55cfdf80c976902388c26e62bbf622cd3434baa49dff92ffca8f6a58"], "path": "%APPDATA%\\D282E1\\1E80C5.lck"}, {"hashes": ["47f5e1a9b0b645de6a2c17f817e3563c2aa2b2a2d1c2eb7fa266503d1871ccf4", "53e152a481cd7982ebe8e8e75a9c075f220262dfced375704e2ca22dfb3e7c87", "6c30fa3b8b0ab3bc9c9311d3af030214806b1e5acb04cebdb3a559e4e7bf11b3", "7ce3ee2f73f5a31415b558e28a46c05817ae82fb6e58b381d7d0d3a5eec2f293", "8e9a4886218312983692cd92e8fc24cea285604b1ad4e933dbd572f8feb4a8d8", "aa7079829cb7eaa96ef06d420f44ff2a834233ff9534c5dc8d4d04671b873a59"], "path": "%APPDATA%\\pid.txt"}, {"hashes": ["47f5e1a9b0b645de6a2c17f817e3563c2aa2b2a2d1c2eb7fa266503d1871ccf4", "53e152a481cd7982ebe8e8e75a9c075f220262dfced375704e2ca22dfb3e7c87", "6c30fa3b8b0ab3bc9c9311d3af030214806b1e5acb04cebdb3a559e4e7bf11b3", "7ce3ee2f73f5a31415b558e28a46c05817ae82fb6e58b381d7d0d3a5eec2f293", "8e9a4886218312983692cd92e8fc24cea285604b1ad4e933dbd572f8feb4a8d8", "aa7079829cb7eaa96ef06d420f44ff2a834233ff9534c5dc8d4d04671b873a59"], "path": "%APPDATA%\\pidloc.txt"}, {"hashes": ["47f5e1a9b0b645de6a2c17f817e3563c2aa2b2a2d1c2eb7fa266503d1871ccf4", "53e152a481cd7982ebe8e8e75a9c075f220262dfced375704e2ca22dfb3e7c87", "6c30fa3b8b0ab3bc9c9311d3af030214806b1e5acb04cebdb3a559e4e7bf11b3", "7ce3ee2f73f5a31415b558e28a46c05817ae82fb6e58b381d7d0d3a5eec2f293", "8e9a4886218312983692cd92e8fc24cea285604b1ad4e933dbd572f8feb4a8d8", "aa7079829cb7eaa96ef06d420f44ff2a834233ff9534c5dc8d4d04671b873a59"], "path": "%APPDATA%\\WindowsUpdate.exe"}, {"hashes": ["53e152a481cd7982ebe8e8e75a9c075f220262dfced375704e2ca22dfb3e7c87", "8e9a4886218312983692cd92e8fc24cea285604b1ad4e933dbd572f8feb4a8d8"], "path": "%TEMP%\\holdermail.txt"}, {"hashes": ["aa1e0983c213de92652f85e8ba2f5f0d8a8cd7ceb395981495ba1762917dfa33"], "path": "%System32%\\drivers\\etc\\hosts"}, {"hashes": ["7ce3ee2f73f5a31415b558e28a46c05817ae82fb6e58b381d7d0d3a5eec2f293"], "path": "%TEMP%\\subfolder"}, {"hashes": ["8009a2d6798bde4245567a8472beb123edfb5631c13f1d8e6ec62ef0ff20c617"], "path": "%ProgramData%"}, {"hashes": ["8e9a4886218312983692cd92e8fc24cea285604b1ad4e933dbd572f8feb4a8d8"], "path": "%TEMP%\\holderwb.txt"}, {"hashes": ["7ce3ee2f73f5a31415b558e28a46c05817ae82fb6e58b381d7d0d3a5eec2f293"], "path": "%TEMP%\\subfolder\\chop.exe"}, {"hashes": ["7ce3ee2f73f5a31415b558e28a46c05817ae82fb6e58b381d7d0d3a5eec2f293"], "path": "%TEMP%\\subfolder\\chop.vbs"}, {"hashes": ["8009a2d6798bde4245567a8472beb123edfb5631c13f1d8e6ec62ef0ff20c617"], "path": "%ProgramData%\\B21QM0NIFTICFK3T1SLF"}, {"hashes": ["8009a2d6798bde4245567a8472beb123edfb5631c13f1d8e6ec62ef0ff20c617"], "path": "%ProgramData%\\B21QM0NIFTICFK3T1SLF\\US_d19ab989-a35f-4710-83df-7b2db7efe7c58659815602.zip"}, {"hashes": ["8009a2d6798bde4245567a8472beb123edfb5631c13f1d8e6ec62ef0ff20c617"], "path": "%ProgramData%\\B21QM0NIFTICFK3T1SLF\\files"}, {"hashes": ["8009a2d6798bde4245567a8472beb123edfb5631c13f1d8e6ec62ef0ff20c617"], "path": "%ProgramData%\\B21QM0NIFTICFK3T1SLF\\files\\Soft"}, {"hashes": ["8009a2d6798bde4245567a8472beb123edfb5631c13f1d8e6ec62ef0ff20c617"], "path": "%ProgramData%\\B21QM0NIFTICFK3T1SLF\\files\\Soft\\Authy"}, {"hashes": ["8009a2d6798bde4245567a8472beb123edfb5631c13f1d8e6ec62ef0ff20c617"], "path": "%ProgramData%\\B21QM0NIFTICFK3T1SLF\\files\\information.txt"}, {"hashes": ["8009a2d6798bde4245567a8472beb123edfb5631c13f1d8e6ec62ef0ff20c617"], "path": "%ProgramData%\\B21QM0NIFTICFK3T1SLF\\files\\outlook.txt"}, {"hashes": ["8009a2d6798bde4245567a8472beb123edfb5631c13f1d8e6ec62ef0ff20c617"], "path": "%ProgramData%\\B21QM0NIFTICFK3T1SLF\\files\\passwords.txt"}, {"hashes": ["aa1e0983c213de92652f85e8ba2f5f0d8a8cd7ceb395981495ba1762917dfa33"], "path": "%TEMP%\\OFFICE"}, {"hashes": ["aa1e0983c213de92652f85e8ba2f5f0d8a8cd7ceb395981495ba1762917dfa33"], "path": "%TEMP%\\OFFICE\\WORD.exe"}, {"hashes": ["aa1e0983c213de92652f85e8ba2f5f0d8a8cd7ceb395981495ba1762917dfa33"], "path": "%TEMP%\\OFFICE\\WORD.vbs"}], "ip": [{"hashes": ["53e152a481cd7982ebe8e8e75a9c075f220262dfced375704e2ca22dfb3e7c87", "7ce3ee2f73f5a31415b558e28a46c05817ae82fb6e58b381d7d0d3a5eec2f293", "8e9a4886218312983692cd92e8fc24cea285604b1ad4e933dbd572f8feb4a8d8", "aa7079829cb7eaa96ef06d420f44ff2a834233ff9534c5dc8d4d04671b873a59"], "ip": "104[.]16[.]154[.]36"}, {"hashes": ["47f5e1a9b0b645de6a2c17f817e3563c2aa2b2a2d1c2eb7fa266503d1871ccf4", "6c30fa3b8b0ab3bc9c9311d3af030214806b1e5acb04cebdb3a559e4e7bf11b3"], "ip": "104[.]16[.]155[.]36"}, {"hashes": ["05b6a0c3ab87724b04839a99ed6e25b3325df807106ebc7ce9066a4c77fe326f", "353dbb46d2a041ec26b1b56c51166bf733de21550ef8dcba55d03705713d5791"], "ip": "172[.]105[.]103[.]207"}, {"hashes": ["00eb04840db63230036691b00cacffe5567aadd6b229d17393fc8c719cf48dab"], "ip": "81[.]92[.]202[.]136"}, {"hashes": ["7a91d1ce466d52a1d498fad63e47f24771356bbb79cca25bd585026d78ead807"], "ip": "81[.]17[.]18[.]198"}, {"hashes": ["8009a2d6798bde4245567a8472beb123edfb5631c13f1d8e6ec62ef0ff20c617"], "ip": "208[.]95[.]112[.]1"}, {"hashes": ["f9a5b6cf55cfdf80c976902388c26e62bbf622cd3434baa49dff92ffca8f6a58"], "ip": "89[.]249[.]66[.]53"}, {"hashes": ["c0b402a4f08b7d9a40d478350300d15c71de3da80c65d21e046a30ce37a459e3"], "ip": "81[.]17[.]29[.]147"}, {"hashes": ["aa1e0983c213de92652f85e8ba2f5f0d8a8cd7ceb395981495ba1762917dfa33"], "ip": "3[.]232[.]63[.]71"}], "mutex": [{"hashes": ["00eb04840db63230036691b00cacffe5567aadd6b229d17393fc8c719cf48dab", "05b6a0c3ab87724b04839a99ed6e25b3325df807106ebc7ce9066a4c77fe326f", "1182fc97b4bbff5c4e196604c56c432dbfd21333a298456429abf24c96c2b584", "353dbb46d2a041ec26b1b56c51166bf733de21550ef8dcba55d03705713d5791", "61bdf6a8fda9449af2d057b6f6c11487c5ca41389f19ecc1dfa809f4cb4bdc33", "7a91d1ce466d52a1d498fad63e47f24771356bbb79cca25bd585026d78ead807", "a29a76409e778370383c89c0b69ce5291664268e9a65c3a7d3274a5a49398179", "a86c38bebebc72b6749ad50c370c738a83fe3799a1c0357c14099d0e1275750c", "b82e08212cee722bc2d004a001523a97572823e1be786e0dc596bed10d52a8fd", "c0b402a4f08b7d9a40d478350300d15c71de3da80c65d21e046a30ce37a459e3", "d4b206b6dff3baf8ead3fb174e80025d8f84edb4787813d0e704147097596c1b", "f9a5b6cf55cfdf80c976902388c26e62bbf622cd3434baa49dff92ffca8f6a58"], "name": "3749282D282E1E80C56CAE5A"}, {"hashes": ["47f5e1a9b0b645de6a2c17f817e3563c2aa2b2a2d1c2eb7fa266503d1871ccf4", "53e152a481cd7982ebe8e8e75a9c075f220262dfced375704e2ca22dfb3e7c87", "6c30fa3b8b0ab3bc9c9311d3af030214806b1e5acb04cebdb3a559e4e7bf11b3", "7ce3ee2f73f5a31415b558e28a46c05817ae82fb6e58b381d7d0d3a5eec2f293", "aa7079829cb7eaa96ef06d420f44ff2a834233ff9534c5dc8d4d04671b873a59"], "name": "Global\\<random guid>"}, {"hashes": ["8009a2d6798bde4245567a8472beb123edfb5631c13f1d8e6ec62ef0ff20c617"], "name": "d19ab989-a35f-4710-83df-7b2db7efe7c5{846ee340-7039-11de-9d20-806e6f6e6963}"}], "registry": [{"hashes": ["47f5e1a9b0b645de6a2c17f817e3563c2aa2b2a2d1c2eb7fa266503d1871ccf4", "53e152a481cd7982ebe8e8e75a9c075f220262dfced375704e2ca22dfb3e7c87", "6c30fa3b8b0ab3bc9c9311d3af030214806b1e5acb04cebdb3a559e4e7bf11b3", "7ce3ee2f73f5a31415b558e28a46c05817ae82fb6e58b381d7d0d3a5eec2f293", "8e9a4886218312983692cd92e8fc24cea285604b1ad4e933dbd572f8feb4a8d8", "aa7079829cb7eaa96ef06d420f44ff2a834233ff9534c5dc8d4d04671b873a59"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\EXPLORER\\ADVANCED", "value_name": "Hidden"}, {"hashes": ["47f5e1a9b0b645de6a2c17f817e3563c2aa2b2a2d1c2eb7fa266503d1871ccf4", "53e152a481cd7982ebe8e8e75a9c075f220262dfced375704e2ca22dfb3e7c87", "6c30fa3b8b0ab3bc9c9311d3af030214806b1e5acb04cebdb3a559e4e7bf11b3", "7ce3ee2f73f5a31415b558e28a46c05817ae82fb6e58b381d7d0d3a5eec2f293", "8e9a4886218312983692cd92e8fc24cea285604b1ad4e933dbd572f8feb4a8d8", "aa7079829cb7eaa96ef06d420f44ff2a834233ff9534c5dc8d4d04671b873a59"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "Windows Update"}, {"hashes": ["d4b206b6dff3baf8ead3fb174e80025d8f84edb4787813d0e704147097596c1b"], "key": "<HKCR>\\LOCAL SETTINGS\\MUICACHE\\82\\52C64B7E", "value_name": "LanguageList"}, {"hashes": ["7ce3ee2f73f5a31415b558e28a46c05817ae82fb6e58b381d7d0d3a5eec2f293"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "Registry Key Name"}, {"hashes": ["aa1e0983c213de92652f85e8ba2f5f0d8a8cd7ceb395981495ba1762917dfa33"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "WORD"}]}, "reports_count": 21}, "Win.Dropper.Nanocore-9980555-0": {"bis": [{"bi": "memory-execute-readwrite", "hashes": ["d70b1ecb9b8a30952cadfd45ef31c680197e475d0f7c6faa167c084869213e4a", "664eb04ce9a07761a925f6cf8d2b4895b04fe5a85593ca0208d995b438c8b5f7", "f9206dc47c6495e1c8cf148a60ba045c6834da3d7d8d10fa92818dbdfbc5839d", "6763500aabf5bb650acee7e50fb2b28559c25e46e43a67e84e849cfb6748968b", "f422a65d68c31a7c6c24f8242c60d02cb95f42400eec1e87dec1d89102eae9a4", "690e2244879b7cdddc4b6208c8bcfae41548c1f651dae8fd576e281ddb30381b", "ebb76e46e178491fd48787e80ce952910124d6f1a00c92744a5f84278192030c", "6aa8a7e9eaaad38773e294e1334edd60fa25564999efdbb2e27beddc705cbe3d", "3daa2ea1bfd5b57eabe55cc156a072ea901ff7c809648dd4d7aa6897c7a9bf3c", "6427b1234b3182b21cfe73e027a9943505033e0ca9c557504051581d77191158", "d8d32922ddd6305ce4acc9c970e0a6d1c5866d344496be1620498ea035e9baf7", "356b30df4bbe9a2f99a450769fee9a947f5879868d6b60b183fb3faba39f6470", "3a4ef6610b647f545e862e03d03df7a89b171831fa685a978b9d76dd09224406", "c77050299926e15030f302bcc4dd9a048fb00f1ccb48bf8cc932ca8bdbbec508", "65202bb1c6bc23e5e4297b0b00b1317a375f08134175e5b7e015a6d829dec596", "edb8de32efef24d86889242877a9ecb627135831156129e92dab871a47cd4de2", "069e629347920fa169623bf55556bf50da6d73b6d8129da71ed7832e76ec0774", "90754e5965c3e28865827ce18a4352508dc55795177876362237be8ba888ab26", "649ba0fa2b0d5b7835a732f9f52b2cc8536e730e224817b02218daebd4b08848", "a7fac532eed09b4d7d9fe4d5c1a4b6f6302589dc482732bddbeee8dff6029f77", "5e3eb3b01f08a5860eb53b7ef54c51378fbfc21584687d82ce8a0c7bfdf0bf74", "7c749b55555779c476f8e206751528e729bed0069f7a9b91f7766a78b8c22792", "237f4691c8e3937129080c8d1a39e9a33df965f63c90977aab5348606f03ad48", "e563fd5ef48ec0e2e97547b44085a144ae090081a7c469a5f0650bb515f7e76b", "c8a1d9ba4399594220918f99a38fa4821c18d3e4fbfcf06c5872766b776661f0", "f1c6992f98b3216ef793520292737d46f9d11bb31c3a8732fb3dba9500a00790", "bc6b7838aed0283638884fca8cc4fc3f1495b2b39bf1a2c9eb0a4868f9c38c79", "9605c028605214cb8519b9f76d937bb4e2ca165edff7ba224dac8c7d11172ad1", "acc27fd8b12704ade67132f172d5c6830a4f4547a8fd67496657bc4996a98e1f", "f236b39e286105d68ab5b7cb5e54f93379bc7a0d84166407f41984172bcf183e", "73f9758f83bfe78bbd7c137f3c2d92f6813e8f97e09a05da42e8897715313ae3", "08f06965c39cb6f46e18f1df24e72e06fea964197174ac839476d3957e4de495", "d8ef3315df144b64906f7d8f358733d3da504f963dd6d841b660fd397ed1f8b2", "8ee53e8fc978e48a16dbe5765ca9062b55e76966543d434633c6aef2f172d24b", "a25158f378f026cda042e93ba5020f6d5882d8821075085901f84cf73c600baa", "989541f6dffe26e108122d44a008c37dad295b94fd25cd8d242ccc5023214882", "a7bb4c998acc8a21e32314741e0eaa2bee3bbefa6db3381c8cdd776e7994e3be", "a4e944eb3a2e447f8fdf5679a9ec4c2627f26794293954b993d84d153bcb57c6", "6a7d82c112ed34aecaf4b3aa622d946ccd5fdfd8141437c8410b7c36e4d4d4b5", "7b16e2c7b49690e83bb4140b3e0f29418c64a6aae02dc0c324b607ae048b7ebd", "8034fed4db2081f34b8048bab000a23044d35061868f53cb37a0f9de4951bdaf", "275adb18333faf91f3124dc54af4c201c11c8d25ecde94aed6ea5f373517c000", "88c35140b891ab68d50c39cba262f80e48038a90e92f46b685240b07494714a6", "171777fc7d1801670cdc576c7cb7460fd4f4ad4eac5d00bc14b3a2f799a56ca2", "5ab5b8f885449933f394fc287c5d224e7cb1c1e3f6f89d9d0abb812bb7d3d805", "02d6acf24555c866c6fa3c37b06c8ff3b546a5b8f97e1e8cab2110c29e51c897", "5c9f6daab90ddba678686ebb3562b200be25bdbc5b8bf997aae9888372df3001"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "modified-file-in-user-dir", "hashes": ["d70b1ecb9b8a30952cadfd45ef31c680197e475d0f7c6faa167c084869213e4a", "664eb04ce9a07761a925f6cf8d2b4895b04fe5a85593ca0208d995b438c8b5f7", "f9206dc47c6495e1c8cf148a60ba045c6834da3d7d8d10fa92818dbdfbc5839d", "6763500aabf5bb650acee7e50fb2b28559c25e46e43a67e84e849cfb6748968b", "f422a65d68c31a7c6c24f8242c60d02cb95f42400eec1e87dec1d89102eae9a4", "690e2244879b7cdddc4b6208c8bcfae41548c1f651dae8fd576e281ddb30381b", "ebb76e46e178491fd48787e80ce952910124d6f1a00c92744a5f84278192030c", "6aa8a7e9eaaad38773e294e1334edd60fa25564999efdbb2e27beddc705cbe3d", "3daa2ea1bfd5b57eabe55cc156a072ea901ff7c809648dd4d7aa6897c7a9bf3c", "6427b1234b3182b21cfe73e027a9943505033e0ca9c557504051581d77191158", "d8d32922ddd6305ce4acc9c970e0a6d1c5866d344496be1620498ea035e9baf7", "356b30df4bbe9a2f99a450769fee9a947f5879868d6b60b183fb3faba39f6470", "3a4ef6610b647f545e862e03d03df7a89b171831fa685a978b9d76dd09224406", "c77050299926e15030f302bcc4dd9a048fb00f1ccb48bf8cc932ca8bdbbec508", "65202bb1c6bc23e5e4297b0b00b1317a375f08134175e5b7e015a6d829dec596", "edb8de32efef24d86889242877a9ecb627135831156129e92dab871a47cd4de2", "069e629347920fa169623bf55556bf50da6d73b6d8129da71ed7832e76ec0774", "90754e5965c3e28865827ce18a4352508dc55795177876362237be8ba888ab26", "649ba0fa2b0d5b7835a732f9f52b2cc8536e730e224817b02218daebd4b08848", "a7fac532eed09b4d7d9fe4d5c1a4b6f6302589dc482732bddbeee8dff6029f77", "5e3eb3b01f08a5860eb53b7ef54c51378fbfc21584687d82ce8a0c7bfdf0bf74", "7c749b55555779c476f8e206751528e729bed0069f7a9b91f7766a78b8c22792", "237f4691c8e3937129080c8d1a39e9a33df965f63c90977aab5348606f03ad48", "e563fd5ef48ec0e2e97547b44085a144ae090081a7c469a5f0650bb515f7e76b", "c8a1d9ba4399594220918f99a38fa4821c18d3e4fbfcf06c5872766b776661f0", "f1c6992f98b3216ef793520292737d46f9d11bb31c3a8732fb3dba9500a00790", "bc6b7838aed0283638884fca8cc4fc3f1495b2b39bf1a2c9eb0a4868f9c38c79", "9605c028605214cb8519b9f76d937bb4e2ca165edff7ba224dac8c7d11172ad1", "acc27fd8b12704ade67132f172d5c6830a4f4547a8fd67496657bc4996a98e1f", "f236b39e286105d68ab5b7cb5e54f93379bc7a0d84166407f41984172bcf183e", "73f9758f83bfe78bbd7c137f3c2d92f6813e8f97e09a05da42e8897715313ae3", "08f06965c39cb6f46e18f1df24e72e06fea964197174ac839476d3957e4de495", "d8ef3315df144b64906f7d8f358733d3da504f963dd6d841b660fd397ed1f8b2", "8ee53e8fc978e48a16dbe5765ca9062b55e76966543d434633c6aef2f172d24b", "a25158f378f026cda042e93ba5020f6d5882d8821075085901f84cf73c600baa", "989541f6dffe26e108122d44a008c37dad295b94fd25cd8d242ccc5023214882", "a7bb4c998acc8a21e32314741e0eaa2bee3bbefa6db3381c8cdd776e7994e3be", "a4e944eb3a2e447f8fdf5679a9ec4c2627f26794293954b993d84d153bcb57c6", "6a7d82c112ed34aecaf4b3aa622d946ccd5fdfd8141437c8410b7c36e4d4d4b5", "7b16e2c7b49690e83bb4140b3e0f29418c64a6aae02dc0c324b607ae048b7ebd", "8034fed4db2081f34b8048bab000a23044d35061868f53cb37a0f9de4951bdaf", "275adb18333faf91f3124dc54af4c201c11c8d25ecde94aed6ea5f373517c000", "88c35140b891ab68d50c39cba262f80e48038a90e92f46b685240b07494714a6", "171777fc7d1801670cdc576c7cb7460fd4f4ad4eac5d00bc14b3a2f799a56ca2", "5ab5b8f885449933f394fc287c5d224e7cb1c1e3f6f89d9d0abb812bb7d3d805", "02d6acf24555c866c6fa3c37b06c8ff3b546a5b8f97e1e8cab2110c29e51c897", "5c9f6daab90ddba678686ebb3562b200be25bdbc5b8bf997aae9888372df3001"], "mitre_attack_tags": []}, {"bi": "artifact-flagged-anomaly", "hashes": ["d70b1ecb9b8a30952cadfd45ef31c680197e475d0f7c6faa167c084869213e4a", "664eb04ce9a07761a925f6cf8d2b4895b04fe5a85593ca0208d995b438c8b5f7", "f9206dc47c6495e1c8cf148a60ba045c6834da3d7d8d10fa92818dbdfbc5839d", "6763500aabf5bb650acee7e50fb2b28559c25e46e43a67e84e849cfb6748968b", "f422a65d68c31a7c6c24f8242c60d02cb95f42400eec1e87dec1d89102eae9a4", "690e2244879b7cdddc4b6208c8bcfae41548c1f651dae8fd576e281ddb30381b", "ebb76e46e178491fd48787e80ce952910124d6f1a00c92744a5f84278192030c", "6aa8a7e9eaaad38773e294e1334edd60fa25564999efdbb2e27beddc705cbe3d", "3daa2ea1bfd5b57eabe55cc156a072ea901ff7c809648dd4d7aa6897c7a9bf3c", "6427b1234b3182b21cfe73e027a9943505033e0ca9c557504051581d77191158", "d8d32922ddd6305ce4acc9c970e0a6d1c5866d344496be1620498ea035e9baf7", "356b30df4bbe9a2f99a450769fee9a947f5879868d6b60b183fb3faba39f6470", "3a4ef6610b647f545e862e03d03df7a89b171831fa685a978b9d76dd09224406", "c77050299926e15030f302bcc4dd9a048fb00f1ccb48bf8cc932ca8bdbbec508", "65202bb1c6bc23e5e4297b0b00b1317a375f08134175e5b7e015a6d829dec596", "edb8de32efef24d86889242877a9ecb627135831156129e92dab871a47cd4de2", "069e629347920fa169623bf55556bf50da6d73b6d8129da71ed7832e76ec0774", "90754e5965c3e28865827ce18a4352508dc55795177876362237be8ba888ab26", "649ba0fa2b0d5b7835a732f9f52b2cc8536e730e224817b02218daebd4b08848", "a7fac532eed09b4d7d9fe4d5c1a4b6f6302589dc482732bddbeee8dff6029f77", "5e3eb3b01f08a5860eb53b7ef54c51378fbfc21584687d82ce8a0c7bfdf0bf74", "7c749b55555779c476f8e206751528e729bed0069f7a9b91f7766a78b8c22792", "237f4691c8e3937129080c8d1a39e9a33df965f63c90977aab5348606f03ad48", "e563fd5ef48ec0e2e97547b44085a144ae090081a7c469a5f0650bb515f7e76b", "c8a1d9ba4399594220918f99a38fa4821c18d3e4fbfcf06c5872766b776661f0", "f1c6992f98b3216ef793520292737d46f9d11bb31c3a8732fb3dba9500a00790", "bc6b7838aed0283638884fca8cc4fc3f1495b2b39bf1a2c9eb0a4868f9c38c79", "9605c028605214cb8519b9f76d937bb4e2ca165edff7ba224dac8c7d11172ad1", "acc27fd8b12704ade67132f172d5c6830a4f4547a8fd67496657bc4996a98e1f", "f236b39e286105d68ab5b7cb5e54f93379bc7a0d84166407f41984172bcf183e", "73f9758f83bfe78bbd7c137f3c2d92f6813e8f97e09a05da42e8897715313ae3", "08f06965c39cb6f46e18f1df24e72e06fea964197174ac839476d3957e4de495", "d8ef3315df144b64906f7d8f358733d3da504f963dd6d841b660fd397ed1f8b2", "8ee53e8fc978e48a16dbe5765ca9062b55e76966543d434633c6aef2f172d24b", "a25158f378f026cda042e93ba5020f6d5882d8821075085901f84cf73c600baa", "989541f6dffe26e108122d44a008c37dad295b94fd25cd8d242ccc5023214882", "a7bb4c998acc8a21e32314741e0eaa2bee3bbefa6db3381c8cdd776e7994e3be", "a4e944eb3a2e447f8fdf5679a9ec4c2627f26794293954b993d84d153bcb57c6", "6a7d82c112ed34aecaf4b3aa622d946ccd5fdfd8141437c8410b7c36e4d4d4b5", "7b16e2c7b49690e83bb4140b3e0f29418c64a6aae02dc0c324b607ae048b7ebd", "8034fed4db2081f34b8048bab000a23044d35061868f53cb37a0f9de4951bdaf", "275adb18333faf91f3124dc54af4c201c11c8d25ecde94aed6ea5f373517c000", "88c35140b891ab68d50c39cba262f80e48038a90e92f46b685240b07494714a6", "171777fc7d1801670cdc576c7cb7460fd4f4ad4eac5d00bc14b3a2f799a56ca2", "5ab5b8f885449933f394fc287c5d224e7cb1c1e3f6f89d9d0abb812bb7d3d805", "02d6acf24555c866c6fa3c37b06c8ff3b546a5b8f97e1e8cab2110c29e51c897", "5c9f6daab90ddba678686ebb3562b200be25bdbc5b8bf997aae9888372df3001"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "imports-IsDebuggerPresent", "hashes": ["d70b1ecb9b8a30952cadfd45ef31c680197e475d0f7c6faa167c084869213e4a", "664eb04ce9a07761a925f6cf8d2b4895b04fe5a85593ca0208d995b438c8b5f7", "f9206dc47c6495e1c8cf148a60ba045c6834da3d7d8d10fa92818dbdfbc5839d", "6763500aabf5bb650acee7e50fb2b28559c25e46e43a67e84e849cfb6748968b", "f422a65d68c31a7c6c24f8242c60d02cb95f42400eec1e87dec1d89102eae9a4", "690e2244879b7cdddc4b6208c8bcfae41548c1f651dae8fd576e281ddb30381b", "ebb76e46e178491fd48787e80ce952910124d6f1a00c92744a5f84278192030c", "6aa8a7e9eaaad38773e294e1334edd60fa25564999efdbb2e27beddc705cbe3d", "3daa2ea1bfd5b57eabe55cc156a072ea901ff7c809648dd4d7aa6897c7a9bf3c", "6427b1234b3182b21cfe73e027a9943505033e0ca9c557504051581d77191158", "d8d32922ddd6305ce4acc9c970e0a6d1c5866d344496be1620498ea035e9baf7", "356b30df4bbe9a2f99a450769fee9a947f5879868d6b60b183fb3faba39f6470", "3a4ef6610b647f545e862e03d03df7a89b171831fa685a978b9d76dd09224406", "c77050299926e15030f302bcc4dd9a048fb00f1ccb48bf8cc932ca8bdbbec508", "65202bb1c6bc23e5e4297b0b00b1317a375f08134175e5b7e015a6d829dec596", "edb8de32efef24d86889242877a9ecb627135831156129e92dab871a47cd4de2", "069e629347920fa169623bf55556bf50da6d73b6d8129da71ed7832e76ec0774", "90754e5965c3e28865827ce18a4352508dc55795177876362237be8ba888ab26", "649ba0fa2b0d5b7835a732f9f52b2cc8536e730e224817b02218daebd4b08848", "a7fac532eed09b4d7d9fe4d5c1a4b6f6302589dc482732bddbeee8dff6029f77", "5e3eb3b01f08a5860eb53b7ef54c51378fbfc21584687d82ce8a0c7bfdf0bf74", "7c749b55555779c476f8e206751528e729bed0069f7a9b91f7766a78b8c22792", "237f4691c8e3937129080c8d1a39e9a33df965f63c90977aab5348606f03ad48", "e563fd5ef48ec0e2e97547b44085a144ae090081a7c469a5f0650bb515f7e76b", "c8a1d9ba4399594220918f99a38fa4821c18d3e4fbfcf06c5872766b776661f0", "f1c6992f98b3216ef793520292737d46f9d11bb31c3a8732fb3dba9500a00790", "bc6b7838aed0283638884fca8cc4fc3f1495b2b39bf1a2c9eb0a4868f9c38c79", "9605c028605214cb8519b9f76d937bb4e2ca165edff7ba224dac8c7d11172ad1", "acc27fd8b12704ade67132f172d5c6830a4f4547a8fd67496657bc4996a98e1f", "f236b39e286105d68ab5b7cb5e54f93379bc7a0d84166407f41984172bcf183e", "73f9758f83bfe78bbd7c137f3c2d92f6813e8f97e09a05da42e8897715313ae3", "08f06965c39cb6f46e18f1df24e72e06fea964197174ac839476d3957e4de495", "d8ef3315df144b64906f7d8f358733d3da504f963dd6d841b660fd397ed1f8b2", "8ee53e8fc978e48a16dbe5765ca9062b55e76966543d434633c6aef2f172d24b", "a25158f378f026cda042e93ba5020f6d5882d8821075085901f84cf73c600baa", "989541f6dffe26e108122d44a008c37dad295b94fd25cd8d242ccc5023214882", "a7bb4c998acc8a21e32314741e0eaa2bee3bbefa6db3381c8cdd776e7994e3be", "a4e944eb3a2e447f8fdf5679a9ec4c2627f26794293954b993d84d153bcb57c6", "6a7d82c112ed34aecaf4b3aa622d946ccd5fdfd8141437c8410b7c36e4d4d4b5", "7b16e2c7b49690e83bb4140b3e0f29418c64a6aae02dc0c324b607ae048b7ebd", "8034fed4db2081f34b8048bab000a23044d35061868f53cb37a0f9de4951bdaf", "275adb18333faf91f3124dc54af4c201c11c8d25ecde94aed6ea5f373517c000", "88c35140b891ab68d50c39cba262f80e48038a90e92f46b685240b07494714a6", "171777fc7d1801670cdc576c7cb7460fd4f4ad4eac5d00bc14b3a2f799a56ca2", "5ab5b8f885449933f394fc287c5d224e7cb1c1e3f6f89d9d0abb812bb7d3d805", "02d6acf24555c866c6fa3c37b06c8ff3b546a5b8f97e1e8cab2110c29e51c897", "5c9f6daab90ddba678686ebb3562b200be25bdbc5b8bf997aae9888372df3001"], "mitre_attack_tags": ["TA0005", "TA0007"]}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["d70b1ecb9b8a30952cadfd45ef31c680197e475d0f7c6faa167c084869213e4a", "664eb04ce9a07761a925f6cf8d2b4895b04fe5a85593ca0208d995b438c8b5f7", "f9206dc47c6495e1c8cf148a60ba045c6834da3d7d8d10fa92818dbdfbc5839d", "6763500aabf5bb650acee7e50fb2b28559c25e46e43a67e84e849cfb6748968b", "f422a65d68c31a7c6c24f8242c60d02cb95f42400eec1e87dec1d89102eae9a4", "690e2244879b7cdddc4b6208c8bcfae41548c1f651dae8fd576e281ddb30381b", "ebb76e46e178491fd48787e80ce952910124d6f1a00c92744a5f84278192030c", "6aa8a7e9eaaad38773e294e1334edd60fa25564999efdbb2e27beddc705cbe3d", "3daa2ea1bfd5b57eabe55cc156a072ea901ff7c809648dd4d7aa6897c7a9bf3c", "6427b1234b3182b21cfe73e027a9943505033e0ca9c557504051581d77191158", "d8d32922ddd6305ce4acc9c970e0a6d1c5866d344496be1620498ea035e9baf7", "356b30df4bbe9a2f99a450769fee9a947f5879868d6b60b183fb3faba39f6470", "3a4ef6610b647f545e862e03d03df7a89b171831fa685a978b9d76dd09224406", "c77050299926e15030f302bcc4dd9a048fb00f1ccb48bf8cc932ca8bdbbec508", "65202bb1c6bc23e5e4297b0b00b1317a375f08134175e5b7e015a6d829dec596", "edb8de32efef24d86889242877a9ecb627135831156129e92dab871a47cd4de2", "069e629347920fa169623bf55556bf50da6d73b6d8129da71ed7832e76ec0774", "90754e5965c3e28865827ce18a4352508dc55795177876362237be8ba888ab26", "649ba0fa2b0d5b7835a732f9f52b2cc8536e730e224817b02218daebd4b08848", "a7fac532eed09b4d7d9fe4d5c1a4b6f6302589dc482732bddbeee8dff6029f77", "5e3eb3b01f08a5860eb53b7ef54c51378fbfc21584687d82ce8a0c7bfdf0bf74", "7c749b55555779c476f8e206751528e729bed0069f7a9b91f7766a78b8c22792", "237f4691c8e3937129080c8d1a39e9a33df965f63c90977aab5348606f03ad48", "e563fd5ef48ec0e2e97547b44085a144ae090081a7c469a5f0650bb515f7e76b", "c8a1d9ba4399594220918f99a38fa4821c18d3e4fbfcf06c5872766b776661f0", "f1c6992f98b3216ef793520292737d46f9d11bb31c3a8732fb3dba9500a00790", "bc6b7838aed0283638884fca8cc4fc3f1495b2b39bf1a2c9eb0a4868f9c38c79", "9605c028605214cb8519b9f76d937bb4e2ca165edff7ba224dac8c7d11172ad1", "acc27fd8b12704ade67132f172d5c6830a4f4547a8fd67496657bc4996a98e1f", "f236b39e286105d68ab5b7cb5e54f93379bc7a0d84166407f41984172bcf183e", "73f9758f83bfe78bbd7c137f3c2d92f6813e8f97e09a05da42e8897715313ae3", "08f06965c39cb6f46e18f1df24e72e06fea964197174ac839476d3957e4de495", "d8ef3315df144b64906f7d8f358733d3da504f963dd6d841b660fd397ed1f8b2", "8ee53e8fc978e48a16dbe5765ca9062b55e76966543d434633c6aef2f172d24b", "a25158f378f026cda042e93ba5020f6d5882d8821075085901f84cf73c600baa", "989541f6dffe26e108122d44a008c37dad295b94fd25cd8d242ccc5023214882", "a7bb4c998acc8a21e32314741e0eaa2bee3bbefa6db3381c8cdd776e7994e3be", "a4e944eb3a2e447f8fdf5679a9ec4c2627f26794293954b993d84d153bcb57c6", "6a7d82c112ed34aecaf4b3aa622d946ccd5fdfd8141437c8410b7c36e4d4d4b5", "7b16e2c7b49690e83bb4140b3e0f29418c64a6aae02dc0c324b607ae048b7ebd", "8034fed4db2081f34b8048bab000a23044d35061868f53cb37a0f9de4951bdaf", "275adb18333faf91f3124dc54af4c201c11c8d25ecde94aed6ea5f373517c000", "88c35140b891ab68d50c39cba262f80e48038a90e92f46b685240b07494714a6", "171777fc7d1801670cdc576c7cb7460fd4f4ad4eac5d00bc14b3a2f799a56ca2", "5ab5b8f885449933f394fc287c5d224e7cb1c1e3f6f89d9d0abb812bb7d3d805", "02d6acf24555c866c6fa3c37b06c8ff3b546a5b8f97e1e8cab2110c29e51c897"], "mitre_attack_tags": []}, {"bi": "modified-executable", "hashes": ["d70b1ecb9b8a30952cadfd45ef31c680197e475d0f7c6faa167c084869213e4a", "664eb04ce9a07761a925f6cf8d2b4895b04fe5a85593ca0208d995b438c8b5f7", "f9206dc47c6495e1c8cf148a60ba045c6834da3d7d8d10fa92818dbdfbc5839d", "6763500aabf5bb650acee7e50fb2b28559c25e46e43a67e84e849cfb6748968b", "f422a65d68c31a7c6c24f8242c60d02cb95f42400eec1e87dec1d89102eae9a4", "690e2244879b7cdddc4b6208c8bcfae41548c1f651dae8fd576e281ddb30381b", "ebb76e46e178491fd48787e80ce952910124d6f1a00c92744a5f84278192030c", "6aa8a7e9eaaad38773e294e1334edd60fa25564999efdbb2e27beddc705cbe3d", "6427b1234b3182b21cfe73e027a9943505033e0ca9c557504051581d77191158", "d8d32922ddd6305ce4acc9c970e0a6d1c5866d344496be1620498ea035e9baf7", "356b30df4bbe9a2f99a450769fee9a947f5879868d6b60b183fb3faba39f6470", "3a4ef6610b647f545e862e03d03df7a89b171831fa685a978b9d76dd09224406", "c77050299926e15030f302bcc4dd9a048fb00f1ccb48bf8cc932ca8bdbbec508", "65202bb1c6bc23e5e4297b0b00b1317a375f08134175e5b7e015a6d829dec596", "edb8de32efef24d86889242877a9ecb627135831156129e92dab871a47cd4de2", "069e629347920fa169623bf55556bf50da6d73b6d8129da71ed7832e76ec0774", "90754e5965c3e28865827ce18a4352508dc55795177876362237be8ba888ab26", "649ba0fa2b0d5b7835a732f9f52b2cc8536e730e224817b02218daebd4b08848", "a7fac532eed09b4d7d9fe4d5c1a4b6f6302589dc482732bddbeee8dff6029f77", "5e3eb3b01f08a5860eb53b7ef54c51378fbfc21584687d82ce8a0c7bfdf0bf74", "7c749b55555779c476f8e206751528e729bed0069f7a9b91f7766a78b8c22792", "237f4691c8e3937129080c8d1a39e9a33df965f63c90977aab5348606f03ad48", "e563fd5ef48ec0e2e97547b44085a144ae090081a7c469a5f0650bb515f7e76b", "c8a1d9ba4399594220918f99a38fa4821c18d3e4fbfcf06c5872766b776661f0", "f1c6992f98b3216ef793520292737d46f9d11bb31c3a8732fb3dba9500a00790", "bc6b7838aed0283638884fca8cc4fc3f1495b2b39bf1a2c9eb0a4868f9c38c79", "9605c028605214cb8519b9f76d937bb4e2ca165edff7ba224dac8c7d11172ad1", "acc27fd8b12704ade67132f172d5c6830a4f4547a8fd67496657bc4996a98e1f", "f236b39e286105d68ab5b7cb5e54f93379bc7a0d84166407f41984172bcf183e", "73f9758f83bfe78bbd7c137f3c2d92f6813e8f97e09a05da42e8897715313ae3", "08f06965c39cb6f46e18f1df24e72e06fea964197174ac839476d3957e4de495", "d8ef3315df144b64906f7d8f358733d3da504f963dd6d841b660fd397ed1f8b2", "8ee53e8fc978e48a16dbe5765ca9062b55e76966543d434633c6aef2f172d24b", "a25158f378f026cda042e93ba5020f6d5882d8821075085901f84cf73c600baa", "989541f6dffe26e108122d44a008c37dad295b94fd25cd8d242ccc5023214882", "a7bb4c998acc8a21e32314741e0eaa2bee3bbefa6db3381c8cdd776e7994e3be", "a4e944eb3a2e447f8fdf5679a9ec4c2627f26794293954b993d84d153bcb57c6", "6a7d82c112ed34aecaf4b3aa622d946ccd5fdfd8141437c8410b7c36e4d4d4b5", "7b16e2c7b49690e83bb4140b3e0f29418c64a6aae02dc0c324b607ae048b7ebd", "8034fed4db2081f34b8048bab000a23044d35061868f53cb37a0f9de4951bdaf", "275adb18333faf91f3124dc54af4c201c11c8d25ecde94aed6ea5f373517c000", "88c35140b891ab68d50c39cba262f80e48038a90e92f46b685240b07494714a6", "5ab5b8f885449933f394fc287c5d224e7cb1c1e3f6f89d9d0abb812bb7d3d805", "02d6acf24555c866c6fa3c37b06c8ff3b546a5b8f97e1e8cab2110c29e51c897", "5c9f6daab90ddba678686ebb3562b200be25bdbc5b8bf997aae9888372df3001"], "mitre_attack_tags": []}, {"bi": "created-executable-in-user-dir", "hashes": ["d70b1ecb9b8a30952cadfd45ef31c680197e475d0f7c6faa167c084869213e4a", "664eb04ce9a07761a925f6cf8d2b4895b04fe5a85593ca0208d995b438c8b5f7", "f9206dc47c6495e1c8cf148a60ba045c6834da3d7d8d10fa92818dbdfbc5839d", "6763500aabf5bb650acee7e50fb2b28559c25e46e43a67e84e849cfb6748968b", "f422a65d68c31a7c6c24f8242c60d02cb95f42400eec1e87dec1d89102eae9a4", "690e2244879b7cdddc4b6208c8bcfae41548c1f651dae8fd576e281ddb30381b", "ebb76e46e178491fd48787e80ce952910124d6f1a00c92744a5f84278192030c", "6aa8a7e9eaaad38773e294e1334edd60fa25564999efdbb2e27beddc705cbe3d", "6427b1234b3182b21cfe73e027a9943505033e0ca9c557504051581d77191158", "d8d32922ddd6305ce4acc9c970e0a6d1c5866d344496be1620498ea035e9baf7", "356b30df4bbe9a2f99a450769fee9a947f5879868d6b60b183fb3faba39f6470", "3a4ef6610b647f545e862e03d03df7a89b171831fa685a978b9d76dd09224406", "c77050299926e15030f302bcc4dd9a048fb00f1ccb48bf8cc932ca8bdbbec508", "65202bb1c6bc23e5e4297b0b00b1317a375f08134175e5b7e015a6d829dec596", "edb8de32efef24d86889242877a9ecb627135831156129e92dab871a47cd4de2", "069e629347920fa169623bf55556bf50da6d73b6d8129da71ed7832e76ec0774", "90754e5965c3e28865827ce18a4352508dc55795177876362237be8ba888ab26", "649ba0fa2b0d5b7835a732f9f52b2cc8536e730e224817b02218daebd4b08848", "a7fac532eed09b4d7d9fe4d5c1a4b6f6302589dc482732bddbeee8dff6029f77", "5e3eb3b01f08a5860eb53b7ef54c51378fbfc21584687d82ce8a0c7bfdf0bf74", "7c749b55555779c476f8e206751528e729bed0069f7a9b91f7766a78b8c22792", "237f4691c8e3937129080c8d1a39e9a33df965f63c90977aab5348606f03ad48", "e563fd5ef48ec0e2e97547b44085a144ae090081a7c469a5f0650bb515f7e76b", "c8a1d9ba4399594220918f99a38fa4821c18d3e4fbfcf06c5872766b776661f0", "f1c6992f98b3216ef793520292737d46f9d11bb31c3a8732fb3dba9500a00790", "bc6b7838aed0283638884fca8cc4fc3f1495b2b39bf1a2c9eb0a4868f9c38c79", "9605c028605214cb8519b9f76d937bb4e2ca165edff7ba224dac8c7d11172ad1", "acc27fd8b12704ade67132f172d5c6830a4f4547a8fd67496657bc4996a98e1f", "f236b39e286105d68ab5b7cb5e54f93379bc7a0d84166407f41984172bcf183e", "73f9758f83bfe78bbd7c137f3c2d92f6813e8f97e09a05da42e8897715313ae3", "08f06965c39cb6f46e18f1df24e72e06fea964197174ac839476d3957e4de495", "d8ef3315df144b64906f7d8f358733d3da504f963dd6d841b660fd397ed1f8b2", "8ee53e8fc978e48a16dbe5765ca9062b55e76966543d434633c6aef2f172d24b", "a25158f378f026cda042e93ba5020f6d5882d8821075085901f84cf73c600baa", "989541f6dffe26e108122d44a008c37dad295b94fd25cd8d242ccc5023214882", "a7bb4c998acc8a21e32314741e0eaa2bee3bbefa6db3381c8cdd776e7994e3be", "a4e944eb3a2e447f8fdf5679a9ec4c2627f26794293954b993d84d153bcb57c6", "6a7d82c112ed34aecaf4b3aa622d946ccd5fdfd8141437c8410b7c36e4d4d4b5", "7b16e2c7b49690e83bb4140b3e0f29418c64a6aae02dc0c324b607ae048b7ebd", "8034fed4db2081f34b8048bab000a23044d35061868f53cb37a0f9de4951bdaf", "275adb18333faf91f3124dc54af4c201c11c8d25ecde94aed6ea5f373517c000", "88c35140b891ab68d50c39cba262f80e48038a90e92f46b685240b07494714a6", "5ab5b8f885449933f394fc287c5d224e7cb1c1e3f6f89d9d0abb812bb7d3d805", "02d6acf24555c866c6fa3c37b06c8ff3b546a5b8f97e1e8cab2110c29e51c897", "5c9f6daab90ddba678686ebb3562b200be25bdbc5b8bf997aae9888372df3001"], "mitre_attack_tags": []}, {"bi": "pe-invalid-checksum", "hashes": ["d70b1ecb9b8a30952cadfd45ef31c680197e475d0f7c6faa167c084869213e4a", "664eb04ce9a07761a925f6cf8d2b4895b04fe5a85593ca0208d995b438c8b5f7", "f9206dc47c6495e1c8cf148a60ba045c6834da3d7d8d10fa92818dbdfbc5839d", "6763500aabf5bb650acee7e50fb2b28559c25e46e43a67e84e849cfb6748968b", "f422a65d68c31a7c6c24f8242c60d02cb95f42400eec1e87dec1d89102eae9a4", "690e2244879b7cdddc4b6208c8bcfae41548c1f651dae8fd576e281ddb30381b", "ebb76e46e178491fd48787e80ce952910124d6f1a00c92744a5f84278192030c", "6aa8a7e9eaaad38773e294e1334edd60fa25564999efdbb2e27beddc705cbe3d", "6427b1234b3182b21cfe73e027a9943505033e0ca9c557504051581d77191158", "d8d32922ddd6305ce4acc9c970e0a6d1c5866d344496be1620498ea035e9baf7", "356b30df4bbe9a2f99a450769fee9a947f5879868d6b60b183fb3faba39f6470", "3a4ef6610b647f545e862e03d03df7a89b171831fa685a978b9d76dd09224406", "c77050299926e15030f302bcc4dd9a048fb00f1ccb48bf8cc932ca8bdbbec508", "65202bb1c6bc23e5e4297b0b00b1317a375f08134175e5b7e015a6d829dec596", "edb8de32efef24d86889242877a9ecb627135831156129e92dab871a47cd4de2", "069e629347920fa169623bf55556bf50da6d73b6d8129da71ed7832e76ec0774", "90754e5965c3e28865827ce18a4352508dc55795177876362237be8ba888ab26", "649ba0fa2b0d5b7835a732f9f52b2cc8536e730e224817b02218daebd4b08848", "a7fac532eed09b4d7d9fe4d5c1a4b6f6302589dc482732bddbeee8dff6029f77", "5e3eb3b01f08a5860eb53b7ef54c51378fbfc21584687d82ce8a0c7bfdf0bf74", "7c749b55555779c476f8e206751528e729bed0069f7a9b91f7766a78b8c22792", "237f4691c8e3937129080c8d1a39e9a33df965f63c90977aab5348606f03ad48", "e563fd5ef48ec0e2e97547b44085a144ae090081a7c469a5f0650bb515f7e76b", "c8a1d9ba4399594220918f99a38fa4821c18d3e4fbfcf06c5872766b776661f0", "f1c6992f98b3216ef793520292737d46f9d11bb31c3a8732fb3dba9500a00790", "bc6b7838aed0283638884fca8cc4fc3f1495b2b39bf1a2c9eb0a4868f9c38c79", "9605c028605214cb8519b9f76d937bb4e2ca165edff7ba224dac8c7d11172ad1", "acc27fd8b12704ade67132f172d5c6830a4f4547a8fd67496657bc4996a98e1f", "f236b39e286105d68ab5b7cb5e54f93379bc7a0d84166407f41984172bcf183e", "73f9758f83bfe78bbd7c137f3c2d92f6813e8f97e09a05da42e8897715313ae3", "08f06965c39cb6f46e18f1df24e72e06fea964197174ac839476d3957e4de495", "d8ef3315df144b64906f7d8f358733d3da504f963dd6d841b660fd397ed1f8b2", "8ee53e8fc978e48a16dbe5765ca9062b55e76966543d434633c6aef2f172d24b", "a25158f378f026cda042e93ba5020f6d5882d8821075085901f84cf73c600baa", "989541f6dffe26e108122d44a008c37dad295b94fd25cd8d242ccc5023214882", "a7bb4c998acc8a21e32314741e0eaa2bee3bbefa6db3381c8cdd776e7994e3be", "a4e944eb3a2e447f8fdf5679a9ec4c2627f26794293954b993d84d153bcb57c6", "6a7d82c112ed34aecaf4b3aa622d946ccd5fdfd8141437c8410b7c36e4d4d4b5", "7b16e2c7b49690e83bb4140b3e0f29418c64a6aae02dc0c324b607ae048b7ebd", "8034fed4db2081f34b8048bab000a23044d35061868f53cb37a0f9de4951bdaf", "275adb18333faf91f3124dc54af4c201c11c8d25ecde94aed6ea5f373517c000", "88c35140b891ab68d50c39cba262f80e48038a90e92f46b685240b07494714a6", "5ab5b8f885449933f394fc287c5d224e7cb1c1e3f6f89d9d0abb812bb7d3d805", "02d6acf24555c866c6fa3c37b06c8ff3b546a5b8f97e1e8cab2110c29e51c897", "5c9f6daab90ddba678686ebb3562b200be25bdbc5b8bf997aae9888372df3001"], "mitre_attack_tags": []}, {"bi": "pe-filename-mismatch", "hashes": ["d70b1ecb9b8a30952cadfd45ef31c680197e475d0f7c6faa167c084869213e4a", "664eb04ce9a07761a925f6cf8d2b4895b04fe5a85593ca0208d995b438c8b5f7", "f9206dc47c6495e1c8cf148a60ba045c6834da3d7d8d10fa92818dbdfbc5839d", "6763500aabf5bb650acee7e50fb2b28559c25e46e43a67e84e849cfb6748968b", "f422a65d68c31a7c6c24f8242c60d02cb95f42400eec1e87dec1d89102eae9a4", "690e2244879b7cdddc4b6208c8bcfae41548c1f651dae8fd576e281ddb30381b", "ebb76e46e178491fd48787e80ce952910124d6f1a00c92744a5f84278192030c", "6aa8a7e9eaaad38773e294e1334edd60fa25564999efdbb2e27beddc705cbe3d", "6427b1234b3182b21cfe73e027a9943505033e0ca9c557504051581d77191158", "d8d32922ddd6305ce4acc9c970e0a6d1c5866d344496be1620498ea035e9baf7", "356b30df4bbe9a2f99a450769fee9a947f5879868d6b60b183fb3faba39f6470", "3a4ef6610b647f545e862e03d03df7a89b171831fa685a978b9d76dd09224406", "c77050299926e15030f302bcc4dd9a048fb00f1ccb48bf8cc932ca8bdbbec508", "65202bb1c6bc23e5e4297b0b00b1317a375f08134175e5b7e015a6d829dec596", "edb8de32efef24d86889242877a9ecb627135831156129e92dab871a47cd4de2", "069e629347920fa169623bf55556bf50da6d73b6d8129da71ed7832e76ec0774", "90754e5965c3e28865827ce18a4352508dc55795177876362237be8ba888ab26", "649ba0fa2b0d5b7835a732f9f52b2cc8536e730e224817b02218daebd4b08848", "a7fac532eed09b4d7d9fe4d5c1a4b6f6302589dc482732bddbeee8dff6029f77", "5e3eb3b01f08a5860eb53b7ef54c51378fbfc21584687d82ce8a0c7bfdf0bf74", "7c749b55555779c476f8e206751528e729bed0069f7a9b91f7766a78b8c22792", "237f4691c8e3937129080c8d1a39e9a33df965f63c90977aab5348606f03ad48", "e563fd5ef48ec0e2e97547b44085a144ae090081a7c469a5f0650bb515f7e76b", "c8a1d9ba4399594220918f99a38fa4821c18d3e4fbfcf06c5872766b776661f0", "f1c6992f98b3216ef793520292737d46f9d11bb31c3a8732fb3dba9500a00790", "bc6b7838aed0283638884fca8cc4fc3f1495b2b39bf1a2c9eb0a4868f9c38c79", "9605c028605214cb8519b9f76d937bb4e2ca165edff7ba224dac8c7d11172ad1", "acc27fd8b12704ade67132f172d5c6830a4f4547a8fd67496657bc4996a98e1f", "f236b39e286105d68ab5b7cb5e54f93379bc7a0d84166407f41984172bcf183e", "73f9758f83bfe78bbd7c137f3c2d92f6813e8f97e09a05da42e8897715313ae3", "08f06965c39cb6f46e18f1df24e72e06fea964197174ac839476d3957e4de495", "d8ef3315df144b64906f7d8f358733d3da504f963dd6d841b660fd397ed1f8b2", "8ee53e8fc978e48a16dbe5765ca9062b55e76966543d434633c6aef2f172d24b", "a25158f378f026cda042e93ba5020f6d5882d8821075085901f84cf73c600baa", "989541f6dffe26e108122d44a008c37dad295b94fd25cd8d242ccc5023214882", "a7bb4c998acc8a21e32314741e0eaa2bee3bbefa6db3381c8cdd776e7994e3be", "a4e944eb3a2e447f8fdf5679a9ec4c2627f26794293954b993d84d153bcb57c6", "6a7d82c112ed34aecaf4b3aa622d946ccd5fdfd8141437c8410b7c36e4d4d4b5", "7b16e2c7b49690e83bb4140b3e0f29418c64a6aae02dc0c324b607ae048b7ebd", "8034fed4db2081f34b8048bab000a23044d35061868f53cb37a0f9de4951bdaf", "275adb18333faf91f3124dc54af4c201c11c8d25ecde94aed6ea5f373517c000", "88c35140b891ab68d50c39cba262f80e48038a90e92f46b685240b07494714a6", "5ab5b8f885449933f394fc287c5d224e7cb1c1e3f6f89d9d0abb812bb7d3d805", "02d6acf24555c866c6fa3c37b06c8ff3b546a5b8f97e1e8cab2110c29e51c897", "5c9f6daab90ddba678686ebb3562b200be25bdbc5b8bf997aae9888372df3001"], "mitre_attack_tags": []}, {"bi": "pe-imports-psapi-dll", "hashes": ["d70b1ecb9b8a30952cadfd45ef31c680197e475d0f7c6faa167c084869213e4a", "664eb04ce9a07761a925f6cf8d2b4895b04fe5a85593ca0208d995b438c8b5f7", "f9206dc47c6495e1c8cf148a60ba045c6834da3d7d8d10fa92818dbdfbc5839d", "6763500aabf5bb650acee7e50fb2b28559c25e46e43a67e84e849cfb6748968b", "f422a65d68c31a7c6c24f8242c60d02cb95f42400eec1e87dec1d89102eae9a4", "690e2244879b7cdddc4b6208c8bcfae41548c1f651dae8fd576e281ddb30381b", "ebb76e46e178491fd48787e80ce952910124d6f1a00c92744a5f84278192030c", "6aa8a7e9eaaad38773e294e1334edd60fa25564999efdbb2e27beddc705cbe3d", "6427b1234b3182b21cfe73e027a9943505033e0ca9c557504051581d77191158", "d8d32922ddd6305ce4acc9c970e0a6d1c5866d344496be1620498ea035e9baf7", "356b30df4bbe9a2f99a450769fee9a947f5879868d6b60b183fb3faba39f6470", "3a4ef6610b647f545e862e03d03df7a89b171831fa685a978b9d76dd09224406", "c77050299926e15030f302bcc4dd9a048fb00f1ccb48bf8cc932ca8bdbbec508", "65202bb1c6bc23e5e4297b0b00b1317a375f08134175e5b7e015a6d829dec596", "edb8de32efef24d86889242877a9ecb627135831156129e92dab871a47cd4de2", "069e629347920fa169623bf55556bf50da6d73b6d8129da71ed7832e76ec0774", "90754e5965c3e28865827ce18a4352508dc55795177876362237be8ba888ab26", "649ba0fa2b0d5b7835a732f9f52b2cc8536e730e224817b02218daebd4b08848", "a7fac532eed09b4d7d9fe4d5c1a4b6f6302589dc482732bddbeee8dff6029f77", "5e3eb3b01f08a5860eb53b7ef54c51378fbfc21584687d82ce8a0c7bfdf0bf74", "7c749b55555779c476f8e206751528e729bed0069f7a9b91f7766a78b8c22792", "237f4691c8e3937129080c8d1a39e9a33df965f63c90977aab5348606f03ad48", "e563fd5ef48ec0e2e97547b44085a144ae090081a7c469a5f0650bb515f7e76b", "c8a1d9ba4399594220918f99a38fa4821c18d3e4fbfcf06c5872766b776661f0", "f1c6992f98b3216ef793520292737d46f9d11bb31c3a8732fb3dba9500a00790", "bc6b7838aed0283638884fca8cc4fc3f1495b2b39bf1a2c9eb0a4868f9c38c79", "9605c028605214cb8519b9f76d937bb4e2ca165edff7ba224dac8c7d11172ad1", "acc27fd8b12704ade67132f172d5c6830a4f4547a8fd67496657bc4996a98e1f", "f236b39e286105d68ab5b7cb5e54f93379bc7a0d84166407f41984172bcf183e", "73f9758f83bfe78bbd7c137f3c2d92f6813e8f97e09a05da42e8897715313ae3", "08f06965c39cb6f46e18f1df24e72e06fea964197174ac839476d3957e4de495", "d8ef3315df144b64906f7d8f358733d3da504f963dd6d841b660fd397ed1f8b2", "8ee53e8fc978e48a16dbe5765ca9062b55e76966543d434633c6aef2f172d24b", "a25158f378f026cda042e93ba5020f6d5882d8821075085901f84cf73c600baa", "989541f6dffe26e108122d44a008c37dad295b94fd25cd8d242ccc5023214882", "a7bb4c998acc8a21e32314741e0eaa2bee3bbefa6db3381c8cdd776e7994e3be", "a4e944eb3a2e447f8fdf5679a9ec4c2627f26794293954b993d84d153bcb57c6", "6a7d82c112ed34aecaf4b3aa622d946ccd5fdfd8141437c8410b7c36e4d4d4b5", "7b16e2c7b49690e83bb4140b3e0f29418c64a6aae02dc0c324b607ae048b7ebd", "8034fed4db2081f34b8048bab000a23044d35061868f53cb37a0f9de4951bdaf", "275adb18333faf91f3124dc54af4c201c11c8d25ecde94aed6ea5f373517c000", "88c35140b891ab68d50c39cba262f80e48038a90e92f46b685240b07494714a6", "5ab5b8f885449933f394fc287c5d224e7cb1c1e3f6f89d9d0abb812bb7d3d805", "02d6acf24555c866c6fa3c37b06c8ff3b546a5b8f97e1e8cab2110c29e51c897", "5c9f6daab90ddba678686ebb3562b200be25bdbc5b8bf997aae9888372df3001"], "mitre_attack_tags": ["TA0007", "T1057"]}, {"bi": "pe-tls-callback", "hashes": ["d70b1ecb9b8a30952cadfd45ef31c680197e475d0f7c6faa167c084869213e4a", "664eb04ce9a07761a925f6cf8d2b4895b04fe5a85593ca0208d995b438c8b5f7", "f9206dc47c6495e1c8cf148a60ba045c6834da3d7d8d10fa92818dbdfbc5839d", "6763500aabf5bb650acee7e50fb2b28559c25e46e43a67e84e849cfb6748968b", "f422a65d68c31a7c6c24f8242c60d02cb95f42400eec1e87dec1d89102eae9a4", "690e2244879b7cdddc4b6208c8bcfae41548c1f651dae8fd576e281ddb30381b", "ebb76e46e178491fd48787e80ce952910124d6f1a00c92744a5f84278192030c", "6aa8a7e9eaaad38773e294e1334edd60fa25564999efdbb2e27beddc705cbe3d", "6427b1234b3182b21cfe73e027a9943505033e0ca9c557504051581d77191158", "d8d32922ddd6305ce4acc9c970e0a6d1c5866d344496be1620498ea035e9baf7", "356b30df4bbe9a2f99a450769fee9a947f5879868d6b60b183fb3faba39f6470", "3a4ef6610b647f545e862e03d03df7a89b171831fa685a978b9d76dd09224406", "c77050299926e15030f302bcc4dd9a048fb00f1ccb48bf8cc932ca8bdbbec508", "65202bb1c6bc23e5e4297b0b00b1317a375f08134175e5b7e015a6d829dec596", "edb8de32efef24d86889242877a9ecb627135831156129e92dab871a47cd4de2", "069e629347920fa169623bf55556bf50da6d73b6d8129da71ed7832e76ec0774", "90754e5965c3e28865827ce18a4352508dc55795177876362237be8ba888ab26", "649ba0fa2b0d5b7835a732f9f52b2cc8536e730e224817b02218daebd4b08848", "a7fac532eed09b4d7d9fe4d5c1a4b6f6302589dc482732bddbeee8dff6029f77", "5e3eb3b01f08a5860eb53b7ef54c51378fbfc21584687d82ce8a0c7bfdf0bf74", "7c749b55555779c476f8e206751528e729bed0069f7a9b91f7766a78b8c22792", "237f4691c8e3937129080c8d1a39e9a33df965f63c90977aab5348606f03ad48", "e563fd5ef48ec0e2e97547b44085a144ae090081a7c469a5f0650bb515f7e76b", "c8a1d9ba4399594220918f99a38fa4821c18d3e4fbfcf06c5872766b776661f0", "f1c6992f98b3216ef793520292737d46f9d11bb31c3a8732fb3dba9500a00790", "bc6b7838aed0283638884fca8cc4fc3f1495b2b39bf1a2c9eb0a4868f9c38c79", "9605c028605214cb8519b9f76d937bb4e2ca165edff7ba224dac8c7d11172ad1", "acc27fd8b12704ade67132f172d5c6830a4f4547a8fd67496657bc4996a98e1f", "f236b39e286105d68ab5b7cb5e54f93379bc7a0d84166407f41984172bcf183e", "73f9758f83bfe78bbd7c137f3c2d92f6813e8f97e09a05da42e8897715313ae3", "08f06965c39cb6f46e18f1df24e72e06fea964197174ac839476d3957e4de495", "d8ef3315df144b64906f7d8f358733d3da504f963dd6d841b660fd397ed1f8b2", "8ee53e8fc978e48a16dbe5765ca9062b55e76966543d434633c6aef2f172d24b", "a25158f378f026cda042e93ba5020f6d5882d8821075085901f84cf73c600baa", "989541f6dffe26e108122d44a008c37dad295b94fd25cd8d242ccc5023214882", "a7bb4c998acc8a21e32314741e0eaa2bee3bbefa6db3381c8cdd776e7994e3be", "a4e944eb3a2e447f8fdf5679a9ec4c2627f26794293954b993d84d153bcb57c6", "6a7d82c112ed34aecaf4b3aa622d946ccd5fdfd8141437c8410b7c36e4d4d4b5", "7b16e2c7b49690e83bb4140b3e0f29418c64a6aae02dc0c324b607ae048b7ebd", "8034fed4db2081f34b8048bab000a23044d35061868f53cb37a0f9de4951bdaf", "275adb18333faf91f3124dc54af4c201c11c8d25ecde94aed6ea5f373517c000", "88c35140b891ab68d50c39cba262f80e48038a90e92f46b685240b07494714a6", "5ab5b8f885449933f394fc287c5d224e7cb1c1e3f6f89d9d0abb812bb7d3d805", "02d6acf24555c866c6fa3c37b06c8ff3b546a5b8f97e1e8cab2110c29e51c897", "5c9f6daab90ddba678686ebb3562b200be25bdbc5b8bf997aae9888372df3001"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "process-windows-script-launched", "hashes": ["d70b1ecb9b8a30952cadfd45ef31c680197e475d0f7c6faa167c084869213e4a", "664eb04ce9a07761a925f6cf8d2b4895b04fe5a85593ca0208d995b438c8b5f7", "f9206dc47c6495e1c8cf148a60ba045c6834da3d7d8d10fa92818dbdfbc5839d", "6763500aabf5bb650acee7e50fb2b28559c25e46e43a67e84e849cfb6748968b", "f422a65d68c31a7c6c24f8242c60d02cb95f42400eec1e87dec1d89102eae9a4", "690e2244879b7cdddc4b6208c8bcfae41548c1f651dae8fd576e281ddb30381b", "ebb76e46e178491fd48787e80ce952910124d6f1a00c92744a5f84278192030c", "6aa8a7e9eaaad38773e294e1334edd60fa25564999efdbb2e27beddc705cbe3d", "6427b1234b3182b21cfe73e027a9943505033e0ca9c557504051581d77191158", "d8d32922ddd6305ce4acc9c970e0a6d1c5866d344496be1620498ea035e9baf7", "356b30df4bbe9a2f99a450769fee9a947f5879868d6b60b183fb3faba39f6470", "3a4ef6610b647f545e862e03d03df7a89b171831fa685a978b9d76dd09224406", "c77050299926e15030f302bcc4dd9a048fb00f1ccb48bf8cc932ca8bdbbec508", "65202bb1c6bc23e5e4297b0b00b1317a375f08134175e5b7e015a6d829dec596", "edb8de32efef24d86889242877a9ecb627135831156129e92dab871a47cd4de2", "069e629347920fa169623bf55556bf50da6d73b6d8129da71ed7832e76ec0774", "90754e5965c3e28865827ce18a4352508dc55795177876362237be8ba888ab26", "649ba0fa2b0d5b7835a732f9f52b2cc8536e730e224817b02218daebd4b08848", "a7fac532eed09b4d7d9fe4d5c1a4b6f6302589dc482732bddbeee8dff6029f77", "5e3eb3b01f08a5860eb53b7ef54c51378fbfc21584687d82ce8a0c7bfdf0bf74", "7c749b55555779c476f8e206751528e729bed0069f7a9b91f7766a78b8c22792", "237f4691c8e3937129080c8d1a39e9a33df965f63c90977aab5348606f03ad48", "e563fd5ef48ec0e2e97547b44085a144ae090081a7c469a5f0650bb515f7e76b", "c8a1d9ba4399594220918f99a38fa4821c18d3e4fbfcf06c5872766b776661f0", "f1c6992f98b3216ef793520292737d46f9d11bb31c3a8732fb3dba9500a00790", "bc6b7838aed0283638884fca8cc4fc3f1495b2b39bf1a2c9eb0a4868f9c38c79", "9605c028605214cb8519b9f76d937bb4e2ca165edff7ba224dac8c7d11172ad1", "acc27fd8b12704ade67132f172d5c6830a4f4547a8fd67496657bc4996a98e1f", "f236b39e286105d68ab5b7cb5e54f93379bc7a0d84166407f41984172bcf183e", "73f9758f83bfe78bbd7c137f3c2d92f6813e8f97e09a05da42e8897715313ae3", "08f06965c39cb6f46e18f1df24e72e06fea964197174ac839476d3957e4de495", "d8ef3315df144b64906f7d8f358733d3da504f963dd6d841b660fd397ed1f8b2", "8ee53e8fc978e48a16dbe5765ca9062b55e76966543d434633c6aef2f172d24b", "a25158f378f026cda042e93ba5020f6d5882d8821075085901f84cf73c600baa", "989541f6dffe26e108122d44a008c37dad295b94fd25cd8d242ccc5023214882", "a7bb4c998acc8a21e32314741e0eaa2bee3bbefa6db3381c8cdd776e7994e3be", "a4e944eb3a2e447f8fdf5679a9ec4c2627f26794293954b993d84d153bcb57c6", "6a7d82c112ed34aecaf4b3aa622d946ccd5fdfd8141437c8410b7c36e4d4d4b5", "7b16e2c7b49690e83bb4140b3e0f29418c64a6aae02dc0c324b607ae048b7ebd", "8034fed4db2081f34b8048bab000a23044d35061868f53cb37a0f9de4951bdaf", "275adb18333faf91f3124dc54af4c201c11c8d25ecde94aed6ea5f373517c000", "88c35140b891ab68d50c39cba262f80e48038a90e92f46b685240b07494714a6", "5ab5b8f885449933f394fc287c5d224e7cb1c1e3f6f89d9d0abb812bb7d3d805", "02d6acf24555c866c6fa3c37b06c8ff3b546a5b8f97e1e8cab2110c29e51c897", "5c9f6daab90ddba678686ebb3562b200be25bdbc5b8bf997aae9888372df3001"], "mitre_attack_tags": ["TA0002", "T1059"]}, {"bi": "pe-imports-toolhelp", "hashes": ["d70b1ecb9b8a30952cadfd45ef31c680197e475d0f7c6faa167c084869213e4a", "664eb04ce9a07761a925f6cf8d2b4895b04fe5a85593ca0208d995b438c8b5f7", "f9206dc47c6495e1c8cf148a60ba045c6834da3d7d8d10fa92818dbdfbc5839d", "6763500aabf5bb650acee7e50fb2b28559c25e46e43a67e84e849cfb6748968b", "f422a65d68c31a7c6c24f8242c60d02cb95f42400eec1e87dec1d89102eae9a4", "690e2244879b7cdddc4b6208c8bcfae41548c1f651dae8fd576e281ddb30381b", "ebb76e46e178491fd48787e80ce952910124d6f1a00c92744a5f84278192030c", "6aa8a7e9eaaad38773e294e1334edd60fa25564999efdbb2e27beddc705cbe3d", "6427b1234b3182b21cfe73e027a9943505033e0ca9c557504051581d77191158", "d8d32922ddd6305ce4acc9c970e0a6d1c5866d344496be1620498ea035e9baf7", "356b30df4bbe9a2f99a450769fee9a947f5879868d6b60b183fb3faba39f6470", "3a4ef6610b647f545e862e03d03df7a89b171831fa685a978b9d76dd09224406", "c77050299926e15030f302bcc4dd9a048fb00f1ccb48bf8cc932ca8bdbbec508", "65202bb1c6bc23e5e4297b0b00b1317a375f08134175e5b7e015a6d829dec596", "edb8de32efef24d86889242877a9ecb627135831156129e92dab871a47cd4de2", "069e629347920fa169623bf55556bf50da6d73b6d8129da71ed7832e76ec0774", "90754e5965c3e28865827ce18a4352508dc55795177876362237be8ba888ab26", "649ba0fa2b0d5b7835a732f9f52b2cc8536e730e224817b02218daebd4b08848", "a7fac532eed09b4d7d9fe4d5c1a4b6f6302589dc482732bddbeee8dff6029f77", "5e3eb3b01f08a5860eb53b7ef54c51378fbfc21584687d82ce8a0c7bfdf0bf74", "7c749b55555779c476f8e206751528e729bed0069f7a9b91f7766a78b8c22792", "237f4691c8e3937129080c8d1a39e9a33df965f63c90977aab5348606f03ad48", "e563fd5ef48ec0e2e97547b44085a144ae090081a7c469a5f0650bb515f7e76b", "c8a1d9ba4399594220918f99a38fa4821c18d3e4fbfcf06c5872766b776661f0", "f1c6992f98b3216ef793520292737d46f9d11bb31c3a8732fb3dba9500a00790", "bc6b7838aed0283638884fca8cc4fc3f1495b2b39bf1a2c9eb0a4868f9c38c79", "9605c028605214cb8519b9f76d937bb4e2ca165edff7ba224dac8c7d11172ad1", "acc27fd8b12704ade67132f172d5c6830a4f4547a8fd67496657bc4996a98e1f", "f236b39e286105d68ab5b7cb5e54f93379bc7a0d84166407f41984172bcf183e", "73f9758f83bfe78bbd7c137f3c2d92f6813e8f97e09a05da42e8897715313ae3", "08f06965c39cb6f46e18f1df24e72e06fea964197174ac839476d3957e4de495", "d8ef3315df144b64906f7d8f358733d3da504f963dd6d841b660fd397ed1f8b2", "8ee53e8fc978e48a16dbe5765ca9062b55e76966543d434633c6aef2f172d24b", "a25158f378f026cda042e93ba5020f6d5882d8821075085901f84cf73c600baa", "989541f6dffe26e108122d44a008c37dad295b94fd25cd8d242ccc5023214882", "a7bb4c998acc8a21e32314741e0eaa2bee3bbefa6db3381c8cdd776e7994e3be", "a4e944eb3a2e447f8fdf5679a9ec4c2627f26794293954b993d84d153bcb57c6", "6a7d82c112ed34aecaf4b3aa622d946ccd5fdfd8141437c8410b7c36e4d4d4b5", "7b16e2c7b49690e83bb4140b3e0f29418c64a6aae02dc0c324b607ae048b7ebd", "8034fed4db2081f34b8048bab000a23044d35061868f53cb37a0f9de4951bdaf", "275adb18333faf91f3124dc54af4c201c11c8d25ecde94aed6ea5f373517c000", "88c35140b891ab68d50c39cba262f80e48038a90e92f46b685240b07494714a6", "5ab5b8f885449933f394fc287c5d224e7cb1c1e3f6f89d9d0abb812bb7d3d805", "02d6acf24555c866c6fa3c37b06c8ff3b546a5b8f97e1e8cab2110c29e51c897", "5c9f6daab90ddba678686ebb3562b200be25bdbc5b8bf997aae9888372df3001"], "mitre_attack_tags": ["TA0007", "T1057"]}, {"bi": "pe-uses-autoit", "hashes": ["d70b1ecb9b8a30952cadfd45ef31c680197e475d0f7c6faa167c084869213e4a", "664eb04ce9a07761a925f6cf8d2b4895b04fe5a85593ca0208d995b438c8b5f7", "f9206dc47c6495e1c8cf148a60ba045c6834da3d7d8d10fa92818dbdfbc5839d", "6763500aabf5bb650acee7e50fb2b28559c25e46e43a67e84e849cfb6748968b", "f422a65d68c31a7c6c24f8242c60d02cb95f42400eec1e87dec1d89102eae9a4", "690e2244879b7cdddc4b6208c8bcfae41548c1f651dae8fd576e281ddb30381b", "ebb76e46e178491fd48787e80ce952910124d6f1a00c92744a5f84278192030c", "6aa8a7e9eaaad38773e294e1334edd60fa25564999efdbb2e27beddc705cbe3d", "6427b1234b3182b21cfe73e027a9943505033e0ca9c557504051581d77191158", "d8d32922ddd6305ce4acc9c970e0a6d1c5866d344496be1620498ea035e9baf7", "356b30df4bbe9a2f99a450769fee9a947f5879868d6b60b183fb3faba39f6470", "3a4ef6610b647f545e862e03d03df7a89b171831fa685a978b9d76dd09224406", "c77050299926e15030f302bcc4dd9a048fb00f1ccb48bf8cc932ca8bdbbec508", "65202bb1c6bc23e5e4297b0b00b1317a375f08134175e5b7e015a6d829dec596", "edb8de32efef24d86889242877a9ecb627135831156129e92dab871a47cd4de2", "069e629347920fa169623bf55556bf50da6d73b6d8129da71ed7832e76ec0774", "90754e5965c3e28865827ce18a4352508dc55795177876362237be8ba888ab26", "649ba0fa2b0d5b7835a732f9f52b2cc8536e730e224817b02218daebd4b08848", "a7fac532eed09b4d7d9fe4d5c1a4b6f6302589dc482732bddbeee8dff6029f77", "5e3eb3b01f08a5860eb53b7ef54c51378fbfc21584687d82ce8a0c7bfdf0bf74", "7c749b55555779c476f8e206751528e729bed0069f7a9b91f7766a78b8c22792", "237f4691c8e3937129080c8d1a39e9a33df965f63c90977aab5348606f03ad48", "e563fd5ef48ec0e2e97547b44085a144ae090081a7c469a5f0650bb515f7e76b", "c8a1d9ba4399594220918f99a38fa4821c18d3e4fbfcf06c5872766b776661f0", "f1c6992f98b3216ef793520292737d46f9d11bb31c3a8732fb3dba9500a00790", "bc6b7838aed0283638884fca8cc4fc3f1495b2b39bf1a2c9eb0a4868f9c38c79", "9605c028605214cb8519b9f76d937bb4e2ca165edff7ba224dac8c7d11172ad1", "acc27fd8b12704ade67132f172d5c6830a4f4547a8fd67496657bc4996a98e1f", "f236b39e286105d68ab5b7cb5e54f93379bc7a0d84166407f41984172bcf183e", "73f9758f83bfe78bbd7c137f3c2d92f6813e8f97e09a05da42e8897715313ae3", "08f06965c39cb6f46e18f1df24e72e06fea964197174ac839476d3957e4de495", "d8ef3315df144b64906f7d8f358733d3da504f963dd6d841b660fd397ed1f8b2", "8ee53e8fc978e48a16dbe5765ca9062b55e76966543d434633c6aef2f172d24b", "a25158f378f026cda042e93ba5020f6d5882d8821075085901f84cf73c600baa", "989541f6dffe26e108122d44a008c37dad295b94fd25cd8d242ccc5023214882", "a7bb4c998acc8a21e32314741e0eaa2bee3bbefa6db3381c8cdd776e7994e3be", "a4e944eb3a2e447f8fdf5679a9ec4c2627f26794293954b993d84d153bcb57c6", "6a7d82c112ed34aecaf4b3aa622d946ccd5fdfd8141437c8410b7c36e4d4d4b5", "7b16e2c7b49690e83bb4140b3e0f29418c64a6aae02dc0c324b607ae048b7ebd", "8034fed4db2081f34b8048bab000a23044d35061868f53cb37a0f9de4951bdaf", "275adb18333faf91f3124dc54af4c201c11c8d25ecde94aed6ea5f373517c000", "88c35140b891ab68d50c39cba262f80e48038a90e92f46b685240b07494714a6", "5ab5b8f885449933f394fc287c5d224e7cb1c1e3f6f89d9d0abb812bb7d3d805", "02d6acf24555c866c6fa3c37b06c8ff3b546a5b8f97e1e8cab2110c29e51c897", "5c9f6daab90ddba678686ebb3562b200be25bdbc5b8bf997aae9888372df3001"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "artifact-sfx-rar", "hashes": ["d70b1ecb9b8a30952cadfd45ef31c680197e475d0f7c6faa167c084869213e4a", "664eb04ce9a07761a925f6cf8d2b4895b04fe5a85593ca0208d995b438c8b5f7", "f9206dc47c6495e1c8cf148a60ba045c6834da3d7d8d10fa92818dbdfbc5839d", "6763500aabf5bb650acee7e50fb2b28559c25e46e43a67e84e849cfb6748968b", "f422a65d68c31a7c6c24f8242c60d02cb95f42400eec1e87dec1d89102eae9a4", "690e2244879b7cdddc4b6208c8bcfae41548c1f651dae8fd576e281ddb30381b", "ebb76e46e178491fd48787e80ce952910124d6f1a00c92744a5f84278192030c", "6aa8a7e9eaaad38773e294e1334edd60fa25564999efdbb2e27beddc705cbe3d", "6427b1234b3182b21cfe73e027a9943505033e0ca9c557504051581d77191158", "d8d32922ddd6305ce4acc9c970e0a6d1c5866d344496be1620498ea035e9baf7", "356b30df4bbe9a2f99a450769fee9a947f5879868d6b60b183fb3faba39f6470", "3a4ef6610b647f545e862e03d03df7a89b171831fa685a978b9d76dd09224406", "c77050299926e15030f302bcc4dd9a048fb00f1ccb48bf8cc932ca8bdbbec508", "65202bb1c6bc23e5e4297b0b00b1317a375f08134175e5b7e015a6d829dec596", "edb8de32efef24d86889242877a9ecb627135831156129e92dab871a47cd4de2", "069e629347920fa169623bf55556bf50da6d73b6d8129da71ed7832e76ec0774", "90754e5965c3e28865827ce18a4352508dc55795177876362237be8ba888ab26", "649ba0fa2b0d5b7835a732f9f52b2cc8536e730e224817b02218daebd4b08848", "a7fac532eed09b4d7d9fe4d5c1a4b6f6302589dc482732bddbeee8dff6029f77", "5e3eb3b01f08a5860eb53b7ef54c51378fbfc21584687d82ce8a0c7bfdf0bf74", "7c749b55555779c476f8e206751528e729bed0069f7a9b91f7766a78b8c22792", "237f4691c8e3937129080c8d1a39e9a33df965f63c90977aab5348606f03ad48", "e563fd5ef48ec0e2e97547b44085a144ae090081a7c469a5f0650bb515f7e76b", "c8a1d9ba4399594220918f99a38fa4821c18d3e4fbfcf06c5872766b776661f0", "f1c6992f98b3216ef793520292737d46f9d11bb31c3a8732fb3dba9500a00790", "bc6b7838aed0283638884fca8cc4fc3f1495b2b39bf1a2c9eb0a4868f9c38c79", "9605c028605214cb8519b9f76d937bb4e2ca165edff7ba224dac8c7d11172ad1", "acc27fd8b12704ade67132f172d5c6830a4f4547a8fd67496657bc4996a98e1f", "f236b39e286105d68ab5b7cb5e54f93379bc7a0d84166407f41984172bcf183e", "73f9758f83bfe78bbd7c137f3c2d92f6813e8f97e09a05da42e8897715313ae3", "08f06965c39cb6f46e18f1df24e72e06fea964197174ac839476d3957e4de495", "d8ef3315df144b64906f7d8f358733d3da504f963dd6d841b660fd397ed1f8b2", "8ee53e8fc978e48a16dbe5765ca9062b55e76966543d434633c6aef2f172d24b", "a25158f378f026cda042e93ba5020f6d5882d8821075085901f84cf73c600baa", "989541f6dffe26e108122d44a008c37dad295b94fd25cd8d242ccc5023214882", "a7bb4c998acc8a21e32314741e0eaa2bee3bbefa6db3381c8cdd776e7994e3be", "a4e944eb3a2e447f8fdf5679a9ec4c2627f26794293954b993d84d153bcb57c6", "6a7d82c112ed34aecaf4b3aa622d946ccd5fdfd8141437c8410b7c36e4d4d4b5", "7b16e2c7b49690e83bb4140b3e0f29418c64a6aae02dc0c324b607ae048b7ebd", "8034fed4db2081f34b8048bab000a23044d35061868f53cb37a0f9de4951bdaf", "275adb18333faf91f3124dc54af4c201c11c8d25ecde94aed6ea5f373517c000", "88c35140b891ab68d50c39cba262f80e48038a90e92f46b685240b07494714a6", "5ab5b8f885449933f394fc287c5d224e7cb1c1e3f6f89d9d0abb812bb7d3d805", "02d6acf24555c866c6fa3c37b06c8ff3b546a5b8f97e1e8cab2110c29e51c897", "5c9f6daab90ddba678686ebb3562b200be25bdbc5b8bf997aae9888372df3001"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "dot-net-process-hollowing-detected", "hashes": ["d70b1ecb9b8a30952cadfd45ef31c680197e475d0f7c6faa167c084869213e4a", "664eb04ce9a07761a925f6cf8d2b4895b04fe5a85593ca0208d995b438c8b5f7", "f9206dc47c6495e1c8cf148a60ba045c6834da3d7d8d10fa92818dbdfbc5839d", "6763500aabf5bb650acee7e50fb2b28559c25e46e43a67e84e849cfb6748968b", "f422a65d68c31a7c6c24f8242c60d02cb95f42400eec1e87dec1d89102eae9a4", "690e2244879b7cdddc4b6208c8bcfae41548c1f651dae8fd576e281ddb30381b", "ebb76e46e178491fd48787e80ce952910124d6f1a00c92744a5f84278192030c", "6aa8a7e9eaaad38773e294e1334edd60fa25564999efdbb2e27beddc705cbe3d", "6427b1234b3182b21cfe73e027a9943505033e0ca9c557504051581d77191158", "d8d32922ddd6305ce4acc9c970e0a6d1c5866d344496be1620498ea035e9baf7", "356b30df4bbe9a2f99a450769fee9a947f5879868d6b60b183fb3faba39f6470", "3a4ef6610b647f545e862e03d03df7a89b171831fa685a978b9d76dd09224406", "c77050299926e15030f302bcc4dd9a048fb00f1ccb48bf8cc932ca8bdbbec508", "65202bb1c6bc23e5e4297b0b00b1317a375f08134175e5b7e015a6d829dec596", "edb8de32efef24d86889242877a9ecb627135831156129e92dab871a47cd4de2", "069e629347920fa169623bf55556bf50da6d73b6d8129da71ed7832e76ec0774", "90754e5965c3e28865827ce18a4352508dc55795177876362237be8ba888ab26", "649ba0fa2b0d5b7835a732f9f52b2cc8536e730e224817b02218daebd4b08848", "a7fac532eed09b4d7d9fe4d5c1a4b6f6302589dc482732bddbeee8dff6029f77", "5e3eb3b01f08a5860eb53b7ef54c51378fbfc21584687d82ce8a0c7bfdf0bf74", "7c749b55555779c476f8e206751528e729bed0069f7a9b91f7766a78b8c22792", "237f4691c8e3937129080c8d1a39e9a33df965f63c90977aab5348606f03ad48", "e563fd5ef48ec0e2e97547b44085a144ae090081a7c469a5f0650bb515f7e76b", "c8a1d9ba4399594220918f99a38fa4821c18d3e4fbfcf06c5872766b776661f0", "f1c6992f98b3216ef793520292737d46f9d11bb31c3a8732fb3dba9500a00790", "bc6b7838aed0283638884fca8cc4fc3f1495b2b39bf1a2c9eb0a4868f9c38c79", "9605c028605214cb8519b9f76d937bb4e2ca165edff7ba224dac8c7d11172ad1", "acc27fd8b12704ade67132f172d5c6830a4f4547a8fd67496657bc4996a98e1f", "f236b39e286105d68ab5b7cb5e54f93379bc7a0d84166407f41984172bcf183e", "73f9758f83bfe78bbd7c137f3c2d92f6813e8f97e09a05da42e8897715313ae3", "08f06965c39cb6f46e18f1df24e72e06fea964197174ac839476d3957e4de495", "d8ef3315df144b64906f7d8f358733d3da504f963dd6d841b660fd397ed1f8b2", "8ee53e8fc978e48a16dbe5765ca9062b55e76966543d434633c6aef2f172d24b", "a25158f378f026cda042e93ba5020f6d5882d8821075085901f84cf73c600baa", "989541f6dffe26e108122d44a008c37dad295b94fd25cd8d242ccc5023214882", "a7bb4c998acc8a21e32314741e0eaa2bee3bbefa6db3381c8cdd776e7994e3be", "a4e944eb3a2e447f8fdf5679a9ec4c2627f26794293954b993d84d153bcb57c6", "6a7d82c112ed34aecaf4b3aa622d946ccd5fdfd8141437c8410b7c36e4d4d4b5", "7b16e2c7b49690e83bb4140b3e0f29418c64a6aae02dc0c324b607ae048b7ebd", "8034fed4db2081f34b8048bab000a23044d35061868f53cb37a0f9de4951bdaf", "88c35140b891ab68d50c39cba262f80e48038a90e92f46b685240b07494714a6", "5ab5b8f885449933f394fc287c5d224e7cb1c1e3f6f89d9d0abb812bb7d3d805", "02d6acf24555c866c6fa3c37b06c8ff3b546a5b8f97e1e8cab2110c29e51c897", "5c9f6daab90ddba678686ebb3562b200be25bdbc5b8bf997aae9888372df3001"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "excessive-foreign-memory-modification", "hashes": ["d70b1ecb9b8a30952cadfd45ef31c680197e475d0f7c6faa167c084869213e4a", "664eb04ce9a07761a925f6cf8d2b4895b04fe5a85593ca0208d995b438c8b5f7", "f9206dc47c6495e1c8cf148a60ba045c6834da3d7d8d10fa92818dbdfbc5839d", "6763500aabf5bb650acee7e50fb2b28559c25e46e43a67e84e849cfb6748968b", "f422a65d68c31a7c6c24f8242c60d02cb95f42400eec1e87dec1d89102eae9a4", "690e2244879b7cdddc4b6208c8bcfae41548c1f651dae8fd576e281ddb30381b", "ebb76e46e178491fd48787e80ce952910124d6f1a00c92744a5f84278192030c", "6aa8a7e9eaaad38773e294e1334edd60fa25564999efdbb2e27beddc705cbe3d", "6427b1234b3182b21cfe73e027a9943505033e0ca9c557504051581d77191158", "d8d32922ddd6305ce4acc9c970e0a6d1c5866d344496be1620498ea035e9baf7", "356b30df4bbe9a2f99a450769fee9a947f5879868d6b60b183fb3faba39f6470", "3a4ef6610b647f545e862e03d03df7a89b171831fa685a978b9d76dd09224406", "c77050299926e15030f302bcc4dd9a048fb00f1ccb48bf8cc932ca8bdbbec508", "65202bb1c6bc23e5e4297b0b00b1317a375f08134175e5b7e015a6d829dec596", "edb8de32efef24d86889242877a9ecb627135831156129e92dab871a47cd4de2", "069e629347920fa169623bf55556bf50da6d73b6d8129da71ed7832e76ec0774", "90754e5965c3e28865827ce18a4352508dc55795177876362237be8ba888ab26", "649ba0fa2b0d5b7835a732f9f52b2cc8536e730e224817b02218daebd4b08848", "a7fac532eed09b4d7d9fe4d5c1a4b6f6302589dc482732bddbeee8dff6029f77", "5e3eb3b01f08a5860eb53b7ef54c51378fbfc21584687d82ce8a0c7bfdf0bf74", "7c749b55555779c476f8e206751528e729bed0069f7a9b91f7766a78b8c22792", "237f4691c8e3937129080c8d1a39e9a33df965f63c90977aab5348606f03ad48", "e563fd5ef48ec0e2e97547b44085a144ae090081a7c469a5f0650bb515f7e76b", "c8a1d9ba4399594220918f99a38fa4821c18d3e4fbfcf06c5872766b776661f0", "f1c6992f98b3216ef793520292737d46f9d11bb31c3a8732fb3dba9500a00790", "9605c028605214cb8519b9f76d937bb4e2ca165edff7ba224dac8c7d11172ad1", "acc27fd8b12704ade67132f172d5c6830a4f4547a8fd67496657bc4996a98e1f", "f236b39e286105d68ab5b7cb5e54f93379bc7a0d84166407f41984172bcf183e", "73f9758f83bfe78bbd7c137f3c2d92f6813e8f97e09a05da42e8897715313ae3", "08f06965c39cb6f46e18f1df24e72e06fea964197174ac839476d3957e4de495", "d8ef3315df144b64906f7d8f358733d3da504f963dd6d841b660fd397ed1f8b2", "8ee53e8fc978e48a16dbe5765ca9062b55e76966543d434633c6aef2f172d24b", "a25158f378f026cda042e93ba5020f6d5882d8821075085901f84cf73c600baa", "989541f6dffe26e108122d44a008c37dad295b94fd25cd8d242ccc5023214882", "a7bb4c998acc8a21e32314741e0eaa2bee3bbefa6db3381c8cdd776e7994e3be", "a4e944eb3a2e447f8fdf5679a9ec4c2627f26794293954b993d84d153bcb57c6", "6a7d82c112ed34aecaf4b3aa622d946ccd5fdfd8141437c8410b7c36e4d4d4b5", "7b16e2c7b49690e83bb4140b3e0f29418c64a6aae02dc0c324b607ae048b7ebd", "8034fed4db2081f34b8048bab000a23044d35061868f53cb37a0f9de4951bdaf", "88c35140b891ab68d50c39cba262f80e48038a90e92f46b685240b07494714a6", "5ab5b8f885449933f394fc287c5d224e7cb1c1e3f6f89d9d0abb812bb7d3d805", "02d6acf24555c866c6fa3c37b06c8ff3b546a5b8f97e1e8cab2110c29e51c897", "5c9f6daab90ddba678686ebb3562b200be25bdbc5b8bf997aae9888372df3001"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "network-fast-flux-domain", "hashes": ["d70b1ecb9b8a30952cadfd45ef31c680197e475d0f7c6faa167c084869213e4a", "664eb04ce9a07761a925f6cf8d2b4895b04fe5a85593ca0208d995b438c8b5f7", "690e2244879b7cdddc4b6208c8bcfae41548c1f651dae8fd576e281ddb30381b", "ebb76e46e178491fd48787e80ce952910124d6f1a00c92744a5f84278192030c", "6aa8a7e9eaaad38773e294e1334edd60fa25564999efdbb2e27beddc705cbe3d", "6427b1234b3182b21cfe73e027a9943505033e0ca9c557504051581d77191158", "3a4ef6610b647f545e862e03d03df7a89b171831fa685a978b9d76dd09224406", "c77050299926e15030f302bcc4dd9a048fb00f1ccb48bf8cc932ca8bdbbec508", "65202bb1c6bc23e5e4297b0b00b1317a375f08134175e5b7e015a6d829dec596", "edb8de32efef24d86889242877a9ecb627135831156129e92dab871a47cd4de2", "069e629347920fa169623bf55556bf50da6d73b6d8129da71ed7832e76ec0774", "90754e5965c3e28865827ce18a4352508dc55795177876362237be8ba888ab26", "649ba0fa2b0d5b7835a732f9f52b2cc8536e730e224817b02218daebd4b08848", "5e3eb3b01f08a5860eb53b7ef54c51378fbfc21584687d82ce8a0c7bfdf0bf74", "237f4691c8e3937129080c8d1a39e9a33df965f63c90977aab5348606f03ad48", "e563fd5ef48ec0e2e97547b44085a144ae090081a7c469a5f0650bb515f7e76b", "c8a1d9ba4399594220918f99a38fa4821c18d3e4fbfcf06c5872766b776661f0", "f1c6992f98b3216ef793520292737d46f9d11bb31c3a8732fb3dba9500a00790", "bc6b7838aed0283638884fca8cc4fc3f1495b2b39bf1a2c9eb0a4868f9c38c79", "9605c028605214cb8519b9f76d937bb4e2ca165edff7ba224dac8c7d11172ad1", "acc27fd8b12704ade67132f172d5c6830a4f4547a8fd67496657bc4996a98e1f", "73f9758f83bfe78bbd7c137f3c2d92f6813e8f97e09a05da42e8897715313ae3", "08f06965c39cb6f46e18f1df24e72e06fea964197174ac839476d3957e4de495", "d8ef3315df144b64906f7d8f358733d3da504f963dd6d841b660fd397ed1f8b2", "8ee53e8fc978e48a16dbe5765ca9062b55e76966543d434633c6aef2f172d24b", "a25158f378f026cda042e93ba5020f6d5882d8821075085901f84cf73c600baa", "989541f6dffe26e108122d44a008c37dad295b94fd25cd8d242ccc5023214882", "a7bb4c998acc8a21e32314741e0eaa2bee3bbefa6db3381c8cdd776e7994e3be", "a4e944eb3a2e447f8fdf5679a9ec4c2627f26794293954b993d84d153bcb57c6", "6a7d82c112ed34aecaf4b3aa622d946ccd5fdfd8141437c8410b7c36e4d4d4b5", "8034fed4db2081f34b8048bab000a23044d35061868f53cb37a0f9de4951bdaf", "88c35140b891ab68d50c39cba262f80e48038a90e92f46b685240b07494714a6", "02d6acf24555c866c6fa3c37b06c8ff3b546a5b8f97e1e8cab2110c29e51c897", "5c9f6daab90ddba678686ebb3562b200be25bdbc5b8bf997aae9888372df3001"], "mitre_attack_tags": []}, {"bi": "file-ini-modified", "hashes": ["6763500aabf5bb650acee7e50fb2b28559c25e46e43a67e84e849cfb6748968b", "f422a65d68c31a7c6c24f8242c60d02cb95f42400eec1e87dec1d89102eae9a4", "6aa8a7e9eaaad38773e294e1334edd60fa25564999efdbb2e27beddc705cbe3d", "6427b1234b3182b21cfe73e027a9943505033e0ca9c557504051581d77191158", "d8d32922ddd6305ce4acc9c970e0a6d1c5866d344496be1620498ea035e9baf7", "65202bb1c6bc23e5e4297b0b00b1317a375f08134175e5b7e015a6d829dec596", "edb8de32efef24d86889242877a9ecb627135831156129e92dab871a47cd4de2", "069e629347920fa169623bf55556bf50da6d73b6d8129da71ed7832e76ec0774", "90754e5965c3e28865827ce18a4352508dc55795177876362237be8ba888ab26", "a7fac532eed09b4d7d9fe4d5c1a4b6f6302589dc482732bddbeee8dff6029f77", "5e3eb3b01f08a5860eb53b7ef54c51378fbfc21584687d82ce8a0c7bfdf0bf74", "7c749b55555779c476f8e206751528e729bed0069f7a9b91f7766a78b8c22792", "237f4691c8e3937129080c8d1a39e9a33df965f63c90977aab5348606f03ad48", "e563fd5ef48ec0e2e97547b44085a144ae090081a7c469a5f0650bb515f7e76b", "f1c6992f98b3216ef793520292737d46f9d11bb31c3a8732fb3dba9500a00790", "bc6b7838aed0283638884fca8cc4fc3f1495b2b39bf1a2c9eb0a4868f9c38c79", "9605c028605214cb8519b9f76d937bb4e2ca165edff7ba224dac8c7d11172ad1", "acc27fd8b12704ade67132f172d5c6830a4f4547a8fd67496657bc4996a98e1f", "f236b39e286105d68ab5b7cb5e54f93379bc7a0d84166407f41984172bcf183e", "73f9758f83bfe78bbd7c137f3c2d92f6813e8f97e09a05da42e8897715313ae3", "08f06965c39cb6f46e18f1df24e72e06fea964197174ac839476d3957e4de495", "8ee53e8fc978e48a16dbe5765ca9062b55e76966543d434633c6aef2f172d24b", "a25158f378f026cda042e93ba5020f6d5882d8821075085901f84cf73c600baa", "989541f6dffe26e108122d44a008c37dad295b94fd25cd8d242ccc5023214882", "a7bb4c998acc8a21e32314741e0eaa2bee3bbefa6db3381c8cdd776e7994e3be", "a4e944eb3a2e447f8fdf5679a9ec4c2627f26794293954b993d84d153bcb57c6", "6a7d82c112ed34aecaf4b3aa622d946ccd5fdfd8141437c8410b7c36e4d4d4b5", "275adb18333faf91f3124dc54af4c201c11c8d25ecde94aed6ea5f373517c000", "02d6acf24555c866c6fa3c37b06c8ff3b546a5b8f97e1e8cab2110c29e51c897"], "mitre_attack_tags": ["TA0003"]}, {"bi": "pe-uses-dot-net", "hashes": ["d70b1ecb9b8a30952cadfd45ef31c680197e475d0f7c6faa167c084869213e4a", "664eb04ce9a07761a925f6cf8d2b4895b04fe5a85593ca0208d995b438c8b5f7", "690e2244879b7cdddc4b6208c8bcfae41548c1f651dae8fd576e281ddb30381b", "ebb76e46e178491fd48787e80ce952910124d6f1a00c92744a5f84278192030c", "6aa8a7e9eaaad38773e294e1334edd60fa25564999efdbb2e27beddc705cbe3d", "d8d32922ddd6305ce4acc9c970e0a6d1c5866d344496be1620498ea035e9baf7", "c77050299926e15030f302bcc4dd9a048fb00f1ccb48bf8cc932ca8bdbbec508", "edb8de32efef24d86889242877a9ecb627135831156129e92dab871a47cd4de2", "069e629347920fa169623bf55556bf50da6d73b6d8129da71ed7832e76ec0774", "90754e5965c3e28865827ce18a4352508dc55795177876362237be8ba888ab26", "649ba0fa2b0d5b7835a732f9f52b2cc8536e730e224817b02218daebd4b08848", "5e3eb3b01f08a5860eb53b7ef54c51378fbfc21584687d82ce8a0c7bfdf0bf74", "7c749b55555779c476f8e206751528e729bed0069f7a9b91f7766a78b8c22792", "f1c6992f98b3216ef793520292737d46f9d11bb31c3a8732fb3dba9500a00790", "bc6b7838aed0283638884fca8cc4fc3f1495b2b39bf1a2c9eb0a4868f9c38c79", "9605c028605214cb8519b9f76d937bb4e2ca165edff7ba224dac8c7d11172ad1", "08f06965c39cb6f46e18f1df24e72e06fea964197174ac839476d3957e4de495", "8ee53e8fc978e48a16dbe5765ca9062b55e76966543d434633c6aef2f172d24b", "a25158f378f026cda042e93ba5020f6d5882d8821075085901f84cf73c600baa", "989541f6dffe26e108122d44a008c37dad295b94fd25cd8d242ccc5023214882", "a4e944eb3a2e447f8fdf5679a9ec4c2627f26794293954b993d84d153bcb57c6", "6a7d82c112ed34aecaf4b3aa622d946ccd5fdfd8141437c8410b7c36e4d4d4b5", "8034fed4db2081f34b8048bab000a23044d35061868f53cb37a0f9de4951bdaf", "02d6acf24555c866c6fa3c37b06c8ff3b546a5b8f97e1e8cab2110c29e51c897"], "mitre_attack_tags": []}, {"bi": "registry-autorun-key-modified", "hashes": ["d70b1ecb9b8a30952cadfd45ef31c680197e475d0f7c6faa167c084869213e4a", "664eb04ce9a07761a925f6cf8d2b4895b04fe5a85593ca0208d995b438c8b5f7", "6763500aabf5bb650acee7e50fb2b28559c25e46e43a67e84e849cfb6748968b", "690e2244879b7cdddc4b6208c8bcfae41548c1f651dae8fd576e281ddb30381b", "6aa8a7e9eaaad38773e294e1334edd60fa25564999efdbb2e27beddc705cbe3d", "c77050299926e15030f302bcc4dd9a048fb00f1ccb48bf8cc932ca8bdbbec508", "edb8de32efef24d86889242877a9ecb627135831156129e92dab871a47cd4de2", "069e629347920fa169623bf55556bf50da6d73b6d8129da71ed7832e76ec0774", "90754e5965c3e28865827ce18a4352508dc55795177876362237be8ba888ab26", "649ba0fa2b0d5b7835a732f9f52b2cc8536e730e224817b02218daebd4b08848", "5e3eb3b01f08a5860eb53b7ef54c51378fbfc21584687d82ce8a0c7bfdf0bf74", "f1c6992f98b3216ef793520292737d46f9d11bb31c3a8732fb3dba9500a00790", "9605c028605214cb8519b9f76d937bb4e2ca165edff7ba224dac8c7d11172ad1", "f236b39e286105d68ab5b7cb5e54f93379bc7a0d84166407f41984172bcf183e", "08f06965c39cb6f46e18f1df24e72e06fea964197174ac839476d3957e4de495", "8ee53e8fc978e48a16dbe5765ca9062b55e76966543d434633c6aef2f172d24b", "a25158f378f026cda042e93ba5020f6d5882d8821075085901f84cf73c600baa", "989541f6dffe26e108122d44a008c37dad295b94fd25cd8d242ccc5023214882", "a4e944eb3a2e447f8fdf5679a9ec4c2627f26794293954b993d84d153bcb57c6", "6a7d82c112ed34aecaf4b3aa622d946ccd5fdfd8141437c8410b7c36e4d4d4b5", "8034fed4db2081f34b8048bab000a23044d35061868f53cb37a0f9de4951bdaf", "88c35140b891ab68d50c39cba262f80e48038a90e92f46b685240b07494714a6", "02d6acf24555c866c6fa3c37b06c8ff3b546a5b8f97e1e8cab2110c29e51c897"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "registry-autorun-key-temp-dir", "hashes": ["d70b1ecb9b8a30952cadfd45ef31c680197e475d0f7c6faa167c084869213e4a", "664eb04ce9a07761a925f6cf8d2b4895b04fe5a85593ca0208d995b438c8b5f7", "6763500aabf5bb650acee7e50fb2b28559c25e46e43a67e84e849cfb6748968b", "690e2244879b7cdddc4b6208c8bcfae41548c1f651dae8fd576e281ddb30381b", "6aa8a7e9eaaad38773e294e1334edd60fa25564999efdbb2e27beddc705cbe3d", "c77050299926e15030f302bcc4dd9a048fb00f1ccb48bf8cc932ca8bdbbec508", "edb8de32efef24d86889242877a9ecb627135831156129e92dab871a47cd4de2", "069e629347920fa169623bf55556bf50da6d73b6d8129da71ed7832e76ec0774", "90754e5965c3e28865827ce18a4352508dc55795177876362237be8ba888ab26", "649ba0fa2b0d5b7835a732f9f52b2cc8536e730e224817b02218daebd4b08848", "5e3eb3b01f08a5860eb53b7ef54c51378fbfc21584687d82ce8a0c7bfdf0bf74", "f1c6992f98b3216ef793520292737d46f9d11bb31c3a8732fb3dba9500a00790", "9605c028605214cb8519b9f76d937bb4e2ca165edff7ba224dac8c7d11172ad1", "f236b39e286105d68ab5b7cb5e54f93379bc7a0d84166407f41984172bcf183e", "08f06965c39cb6f46e18f1df24e72e06fea964197174ac839476d3957e4de495", "8ee53e8fc978e48a16dbe5765ca9062b55e76966543d434633c6aef2f172d24b", "a25158f378f026cda042e93ba5020f6d5882d8821075085901f84cf73c600baa", "989541f6dffe26e108122d44a008c37dad295b94fd25cd8d242ccc5023214882", "a4e944eb3a2e447f8fdf5679a9ec4c2627f26794293954b993d84d153bcb57c6", "6a7d82c112ed34aecaf4b3aa622d946ccd5fdfd8141437c8410b7c36e4d4d4b5", "8034fed4db2081f34b8048bab000a23044d35061868f53cb37a0f9de4951bdaf", "88c35140b891ab68d50c39cba262f80e48038a90e92f46b685240b07494714a6", "02d6acf24555c866c6fa3c37b06c8ff3b546a5b8f97e1e8cab2110c29e51c897"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "pe-certificate", "hashes": ["d70b1ecb9b8a30952cadfd45ef31c680197e475d0f7c6faa167c084869213e4a", "664eb04ce9a07761a925f6cf8d2b4895b04fe5a85593ca0208d995b438c8b5f7", "690e2244879b7cdddc4b6208c8bcfae41548c1f651dae8fd576e281ddb30381b", "6aa8a7e9eaaad38773e294e1334edd60fa25564999efdbb2e27beddc705cbe3d", "c77050299926e15030f302bcc4dd9a048fb00f1ccb48bf8cc932ca8bdbbec508", "edb8de32efef24d86889242877a9ecb627135831156129e92dab871a47cd4de2", "069e629347920fa169623bf55556bf50da6d73b6d8129da71ed7832e76ec0774", "90754e5965c3e28865827ce18a4352508dc55795177876362237be8ba888ab26", "649ba0fa2b0d5b7835a732f9f52b2cc8536e730e224817b02218daebd4b08848", "5e3eb3b01f08a5860eb53b7ef54c51378fbfc21584687d82ce8a0c7bfdf0bf74", "7c749b55555779c476f8e206751528e729bed0069f7a9b91f7766a78b8c22792", "f1c6992f98b3216ef793520292737d46f9d11bb31c3a8732fb3dba9500a00790", "bc6b7838aed0283638884fca8cc4fc3f1495b2b39bf1a2c9eb0a4868f9c38c79", "9605c028605214cb8519b9f76d937bb4e2ca165edff7ba224dac8c7d11172ad1", "08f06965c39cb6f46e18f1df24e72e06fea964197174ac839476d3957e4de495", "8ee53e8fc978e48a16dbe5765ca9062b55e76966543d434633c6aef2f172d24b", "a25158f378f026cda042e93ba5020f6d5882d8821075085901f84cf73c600baa", "989541f6dffe26e108122d44a008c37dad295b94fd25cd8d242ccc5023214882", "a4e944eb3a2e447f8fdf5679a9ec4c2627f26794293954b993d84d153bcb57c6", "6a7d82c112ed34aecaf4b3aa622d946ccd5fdfd8141437c8410b7c36e4d4d4b5", "8034fed4db2081f34b8048bab000a23044d35061868f53cb37a0f9de4951bdaf", "02d6acf24555c866c6fa3c37b06c8ff3b546a5b8f97e1e8cab2110c29e51c897"], "mitre_attack_tags": []}, {"bi": "files-created-vbs", "hashes": ["664eb04ce9a07761a925f6cf8d2b4895b04fe5a85593ca0208d995b438c8b5f7", "6763500aabf5bb650acee7e50fb2b28559c25e46e43a67e84e849cfb6748968b", "6aa8a7e9eaaad38773e294e1334edd60fa25564999efdbb2e27beddc705cbe3d", "c77050299926e15030f302bcc4dd9a048fb00f1ccb48bf8cc932ca8bdbbec508", "edb8de32efef24d86889242877a9ecb627135831156129e92dab871a47cd4de2", "069e629347920fa169623bf55556bf50da6d73b6d8129da71ed7832e76ec0774", "90754e5965c3e28865827ce18a4352508dc55795177876362237be8ba888ab26", "649ba0fa2b0d5b7835a732f9f52b2cc8536e730e224817b02218daebd4b08848", "5e3eb3b01f08a5860eb53b7ef54c51378fbfc21584687d82ce8a0c7bfdf0bf74", "f1c6992f98b3216ef793520292737d46f9d11bb31c3a8732fb3dba9500a00790", "bc6b7838aed0283638884fca8cc4fc3f1495b2b39bf1a2c9eb0a4868f9c38c79", "9605c028605214cb8519b9f76d937bb4e2ca165edff7ba224dac8c7d11172ad1", "f236b39e286105d68ab5b7cb5e54f93379bc7a0d84166407f41984172bcf183e", "08f06965c39cb6f46e18f1df24e72e06fea964197174ac839476d3957e4de495", "8ee53e8fc978e48a16dbe5765ca9062b55e76966543d434633c6aef2f172d24b", "a25158f378f026cda042e93ba5020f6d5882d8821075085901f84cf73c600baa", "989541f6dffe26e108122d44a008c37dad295b94fd25cd8d242ccc5023214882", "a7bb4c998acc8a21e32314741e0eaa2bee3bbefa6db3381c8cdd776e7994e3be", "a4e944eb3a2e447f8fdf5679a9ec4c2627f26794293954b993d84d153bcb57c6", "6a7d82c112ed34aecaf4b3aa622d946ccd5fdfd8141437c8410b7c36e4d4d4b5", "8034fed4db2081f34b8048bab000a23044d35061868f53cb37a0f9de4951bdaf", "02d6acf24555c866c6fa3c37b06c8ff3b546a5b8f97e1e8cab2110c29e51c897"], "mitre_attack_tags": ["TA0002", "T1059"]}, {"bi": "vbs-calls-shell", "hashes": ["664eb04ce9a07761a925f6cf8d2b4895b04fe5a85593ca0208d995b438c8b5f7", "6763500aabf5bb650acee7e50fb2b28559c25e46e43a67e84e849cfb6748968b", "6aa8a7e9eaaad38773e294e1334edd60fa25564999efdbb2e27beddc705cbe3d", "c77050299926e15030f302bcc4dd9a048fb00f1ccb48bf8cc932ca8bdbbec508", "edb8de32efef24d86889242877a9ecb627135831156129e92dab871a47cd4de2", "069e629347920fa169623bf55556bf50da6d73b6d8129da71ed7832e76ec0774", "90754e5965c3e28865827ce18a4352508dc55795177876362237be8ba888ab26", "649ba0fa2b0d5b7835a732f9f52b2cc8536e730e224817b02218daebd4b08848", "5e3eb3b01f08a5860eb53b7ef54c51378fbfc21584687d82ce8a0c7bfdf0bf74", "f1c6992f98b3216ef793520292737d46f9d11bb31c3a8732fb3dba9500a00790", "bc6b7838aed0283638884fca8cc4fc3f1495b2b39bf1a2c9eb0a4868f9c38c79", "9605c028605214cb8519b9f76d937bb4e2ca165edff7ba224dac8c7d11172ad1", "f236b39e286105d68ab5b7cb5e54f93379bc7a0d84166407f41984172bcf183e", "08f06965c39cb6f46e18f1df24e72e06fea964197174ac839476d3957e4de495", "8ee53e8fc978e48a16dbe5765ca9062b55e76966543d434633c6aef2f172d24b", "a25158f378f026cda042e93ba5020f6d5882d8821075085901f84cf73c600baa", "989541f6dffe26e108122d44a008c37dad295b94fd25cd8d242ccc5023214882", "a7bb4c998acc8a21e32314741e0eaa2bee3bbefa6db3381c8cdd776e7994e3be", "a4e944eb3a2e447f8fdf5679a9ec4c2627f26794293954b993d84d153bcb57c6", "6a7d82c112ed34aecaf4b3aa622d946ccd5fdfd8141437c8410b7c36e4d4d4b5", "8034fed4db2081f34b8048bab000a23044d35061868f53cb37a0f9de4951bdaf", "02d6acf24555c866c6fa3c37b06c8ff3b546a5b8f97e1e8cab2110c29e51c897"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "network-only-safe-domains-contacted", "hashes": ["d70b1ecb9b8a30952cadfd45ef31c680197e475d0f7c6faa167c084869213e4a", "6427b1234b3182b21cfe73e027a9943505033e0ca9c557504051581d77191158", "3a4ef6610b647f545e862e03d03df7a89b171831fa685a978b9d76dd09224406", "65202bb1c6bc23e5e4297b0b00b1317a375f08134175e5b7e015a6d829dec596", "edb8de32efef24d86889242877a9ecb627135831156129e92dab871a47cd4de2", "069e629347920fa169623bf55556bf50da6d73b6d8129da71ed7832e76ec0774", "5e3eb3b01f08a5860eb53b7ef54c51378fbfc21584687d82ce8a0c7bfdf0bf74", "237f4691c8e3937129080c8d1a39e9a33df965f63c90977aab5348606f03ad48", "e563fd5ef48ec0e2e97547b44085a144ae090081a7c469a5f0650bb515f7e76b", "c8a1d9ba4399594220918f99a38fa4821c18d3e4fbfcf06c5872766b776661f0", "f1c6992f98b3216ef793520292737d46f9d11bb31c3a8732fb3dba9500a00790", "bc6b7838aed0283638884fca8cc4fc3f1495b2b39bf1a2c9eb0a4868f9c38c79", "9605c028605214cb8519b9f76d937bb4e2ca165edff7ba224dac8c7d11172ad1", "acc27fd8b12704ade67132f172d5c6830a4f4547a8fd67496657bc4996a98e1f", "73f9758f83bfe78bbd7c137f3c2d92f6813e8f97e09a05da42e8897715313ae3", "d8ef3315df144b64906f7d8f358733d3da504f963dd6d841b660fd397ed1f8b2", "a7bb4c998acc8a21e32314741e0eaa2bee3bbefa6db3381c8cdd776e7994e3be", "a4e944eb3a2e447f8fdf5679a9ec4c2627f26794293954b993d84d153bcb57c6", "7b16e2c7b49690e83bb4140b3e0f29418c64a6aae02dc0c324b607ae048b7ebd", "88c35140b891ab68d50c39cba262f80e48038a90e92f46b685240b07494714a6", "5c9f6daab90ddba678686ebb3562b200be25bdbc5b8bf997aae9888372df3001"], "mitre_attack_tags": []}, {"bi": "feed-domain-antivirus-service", "hashes": ["d70b1ecb9b8a30952cadfd45ef31c680197e475d0f7c6faa167c084869213e4a", "664eb04ce9a07761a925f6cf8d2b4895b04fe5a85593ca0208d995b438c8b5f7", "690e2244879b7cdddc4b6208c8bcfae41548c1f651dae8fd576e281ddb30381b", "ebb76e46e178491fd48787e80ce952910124d6f1a00c92744a5f84278192030c", "6aa8a7e9eaaad38773e294e1334edd60fa25564999efdbb2e27beddc705cbe3d", "c77050299926e15030f302bcc4dd9a048fb00f1ccb48bf8cc932ca8bdbbec508", "90754e5965c3e28865827ce18a4352508dc55795177876362237be8ba888ab26", "649ba0fa2b0d5b7835a732f9f52b2cc8536e730e224817b02218daebd4b08848", "e563fd5ef48ec0e2e97547b44085a144ae090081a7c469a5f0650bb515f7e76b", "73f9758f83bfe78bbd7c137f3c2d92f6813e8f97e09a05da42e8897715313ae3", "08f06965c39cb6f46e18f1df24e72e06fea964197174ac839476d3957e4de495", "8ee53e8fc978e48a16dbe5765ca9062b55e76966543d434633c6aef2f172d24b", "a25158f378f026cda042e93ba5020f6d5882d8821075085901f84cf73c600baa", "989541f6dffe26e108122d44a008c37dad295b94fd25cd8d242ccc5023214882", "a7bb4c998acc8a21e32314741e0eaa2bee3bbefa6db3381c8cdd776e7994e3be", "6a7d82c112ed34aecaf4b3aa622d946ccd5fdfd8141437c8410b7c36e4d4d4b5", "8034fed4db2081f34b8048bab000a23044d35061868f53cb37a0f9de4951bdaf", "5ab5b8f885449933f394fc287c5d224e7cb1c1e3f6f89d9d0abb812bb7d3d805", "02d6acf24555c866c6fa3c37b06c8ff3b546a5b8f97e1e8cab2110c29e51c897"], "mitre_attack_tags": []}, {"bi": "public-ip-address-identification-attempt", "hashes": ["6427b1234b3182b21cfe73e027a9943505033e0ca9c557504051581d77191158", "3a4ef6610b647f545e862e03d03df7a89b171831fa685a978b9d76dd09224406", "65202bb1c6bc23e5e4297b0b00b1317a375f08134175e5b7e015a6d829dec596", "edb8de32efef24d86889242877a9ecb627135831156129e92dab871a47cd4de2", "069e629347920fa169623bf55556bf50da6d73b6d8129da71ed7832e76ec0774", "5e3eb3b01f08a5860eb53b7ef54c51378fbfc21584687d82ce8a0c7bfdf0bf74", "237f4691c8e3937129080c8d1a39e9a33df965f63c90977aab5348606f03ad48", "e563fd5ef48ec0e2e97547b44085a144ae090081a7c469a5f0650bb515f7e76b", "c8a1d9ba4399594220918f99a38fa4821c18d3e4fbfcf06c5872766b776661f0", "f1c6992f98b3216ef793520292737d46f9d11bb31c3a8732fb3dba9500a00790", "bc6b7838aed0283638884fca8cc4fc3f1495b2b39bf1a2c9eb0a4868f9c38c79", "9605c028605214cb8519b9f76d937bb4e2ca165edff7ba224dac8c7d11172ad1", "acc27fd8b12704ade67132f172d5c6830a4f4547a8fd67496657bc4996a98e1f", "73f9758f83bfe78bbd7c137f3c2d92f6813e8f97e09a05da42e8897715313ae3", "d8ef3315df144b64906f7d8f358733d3da504f963dd6d841b660fd397ed1f8b2", "a4e944eb3a2e447f8fdf5679a9ec4c2627f26794293954b993d84d153bcb57c6", "7b16e2c7b49690e83bb4140b3e0f29418c64a6aae02dc0c324b607ae048b7ebd", "88c35140b891ab68d50c39cba262f80e48038a90e92f46b685240b07494714a6", "5c9f6daab90ddba678686ebb3562b200be25bdbc5b8bf997aae9888372df3001"], "mitre_attack_tags": ["TA0007", "T1082", "T1016"]}, {"bi": "file-ini-read", "hashes": ["f9206dc47c6495e1c8cf148a60ba045c6834da3d7d8d10fa92818dbdfbc5839d", "f422a65d68c31a7c6c24f8242c60d02cb95f42400eec1e87dec1d89102eae9a4", "690e2244879b7cdddc4b6208c8bcfae41548c1f651dae8fd576e281ddb30381b", "6427b1234b3182b21cfe73e027a9943505033e0ca9c557504051581d77191158", "65202bb1c6bc23e5e4297b0b00b1317a375f08134175e5b7e015a6d829dec596", "237f4691c8e3937129080c8d1a39e9a33df965f63c90977aab5348606f03ad48", "e563fd5ef48ec0e2e97547b44085a144ae090081a7c469a5f0650bb515f7e76b", "c8a1d9ba4399594220918f99a38fa4821c18d3e4fbfcf06c5872766b776661f0", "acc27fd8b12704ade67132f172d5c6830a4f4547a8fd67496657bc4996a98e1f", "73f9758f83bfe78bbd7c137f3c2d92f6813e8f97e09a05da42e8897715313ae3", "d8ef3315df144b64906f7d8f358733d3da504f963dd6d841b660fd397ed1f8b2", "7b16e2c7b49690e83bb4140b3e0f29418c64a6aae02dc0c324b607ae048b7ebd", "88c35140b891ab68d50c39cba262f80e48038a90e92f46b685240b07494714a6", "5ab5b8f885449933f394fc287c5d224e7cb1c1e3f6f89d9d0abb812bb7d3d805", "02d6acf24555c866c6fa3c37b06c8ff3b546a5b8f97e1e8cab2110c29e51c897", "5c9f6daab90ddba678686ebb3562b200be25bdbc5b8bf997aae9888372df3001"], "mitre_attack_tags": []}, {"bi": "windows-vault-api", "hashes": ["f9206dc47c6495e1c8cf148a60ba045c6834da3d7d8d10fa92818dbdfbc5839d", "f422a65d68c31a7c6c24f8242c60d02cb95f42400eec1e87dec1d89102eae9a4", "690e2244879b7cdddc4b6208c8bcfae41548c1f651dae8fd576e281ddb30381b", "6427b1234b3182b21cfe73e027a9943505033e0ca9c557504051581d77191158", "65202bb1c6bc23e5e4297b0b00b1317a375f08134175e5b7e015a6d829dec596", "237f4691c8e3937129080c8d1a39e9a33df965f63c90977aab5348606f03ad48", "e563fd5ef48ec0e2e97547b44085a144ae090081a7c469a5f0650bb515f7e76b", "c8a1d9ba4399594220918f99a38fa4821c18d3e4fbfcf06c5872766b776661f0", "acc27fd8b12704ade67132f172d5c6830a4f4547a8fd67496657bc4996a98e1f", "73f9758f83bfe78bbd7c137f3c2d92f6813e8f97e09a05da42e8897715313ae3", "d8ef3315df144b64906f7d8f358733d3da504f963dd6d841b660fd397ed1f8b2", "a7bb4c998acc8a21e32314741e0eaa2bee3bbefa6db3381c8cdd776e7994e3be", "7b16e2c7b49690e83bb4140b3e0f29418c64a6aae02dc0c324b607ae048b7ebd", "88c35140b891ab68d50c39cba262f80e48038a90e92f46b685240b07494714a6", "5ab5b8f885449933f394fc287c5d224e7cb1c1e3f6f89d9d0abb812bb7d3d805", "5c9f6daab90ddba678686ebb3562b200be25bdbc5b8bf997aae9888372df3001"], "mitre_attack_tags": ["TA0006", "T1003", "T1555"]}, {"bi": "artifact-windows-task", "hashes": ["664eb04ce9a07761a925f6cf8d2b4895b04fe5a85593ca0208d995b438c8b5f7", "ebb76e46e178491fd48787e80ce952910124d6f1a00c92744a5f84278192030c", "6aa8a7e9eaaad38773e294e1334edd60fa25564999efdbb2e27beddc705cbe3d", "d8d32922ddd6305ce4acc9c970e0a6d1c5866d344496be1620498ea035e9baf7", "c77050299926e15030f302bcc4dd9a048fb00f1ccb48bf8cc932ca8bdbbec508", "90754e5965c3e28865827ce18a4352508dc55795177876362237be8ba888ab26", "649ba0fa2b0d5b7835a732f9f52b2cc8536e730e224817b02218daebd4b08848", "7c749b55555779c476f8e206751528e729bed0069f7a9b91f7766a78b8c22792", "08f06965c39cb6f46e18f1df24e72e06fea964197174ac839476d3957e4de495", "8ee53e8fc978e48a16dbe5765ca9062b55e76966543d434633c6aef2f172d24b", "a25158f378f026cda042e93ba5020f6d5882d8821075085901f84cf73c600baa", "989541f6dffe26e108122d44a008c37dad295b94fd25cd8d242ccc5023214882", "6a7d82c112ed34aecaf4b3aa622d946ccd5fdfd8141437c8410b7c36e4d4d4b5", "8034fed4db2081f34b8048bab000a23044d35061868f53cb37a0f9de4951bdaf", "02d6acf24555c866c6fa3c37b06c8ff3b546a5b8f97e1e8cab2110c29e51c897"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1053"]}, {"bi": "windows-util-schtask", "hashes": ["664eb04ce9a07761a925f6cf8d2b4895b04fe5a85593ca0208d995b438c8b5f7", "ebb76e46e178491fd48787e80ce952910124d6f1a00c92744a5f84278192030c", "6aa8a7e9eaaad38773e294e1334edd60fa25564999efdbb2e27beddc705cbe3d", "d8d32922ddd6305ce4acc9c970e0a6d1c5866d344496be1620498ea035e9baf7", "c77050299926e15030f302bcc4dd9a048fb00f1ccb48bf8cc932ca8bdbbec508", "90754e5965c3e28865827ce18a4352508dc55795177876362237be8ba888ab26", "649ba0fa2b0d5b7835a732f9f52b2cc8536e730e224817b02218daebd4b08848", "7c749b55555779c476f8e206751528e729bed0069f7a9b91f7766a78b8c22792", "08f06965c39cb6f46e18f1df24e72e06fea964197174ac839476d3957e4de495", "8ee53e8fc978e48a16dbe5765ca9062b55e76966543d434633c6aef2f172d24b", "a25158f378f026cda042e93ba5020f6d5882d8821075085901f84cf73c600baa", "989541f6dffe26e108122d44a008c37dad295b94fd25cd8d242ccc5023214882", "6a7d82c112ed34aecaf4b3aa622d946ccd5fdfd8141437c8410b7c36e4d4d4b5", "8034fed4db2081f34b8048bab000a23044d35061868f53cb37a0f9de4951bdaf", "02d6acf24555c866c6fa3c37b06c8ff3b546a5b8f97e1e8cab2110c29e51c897"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1053"]}, {"bi": "windows-util-schtask-generic", "hashes": ["664eb04ce9a07761a925f6cf8d2b4895b04fe5a85593ca0208d995b438c8b5f7", "ebb76e46e178491fd48787e80ce952910124d6f1a00c92744a5f84278192030c", "6aa8a7e9eaaad38773e294e1334edd60fa25564999efdbb2e27beddc705cbe3d", "d8d32922ddd6305ce4acc9c970e0a6d1c5866d344496be1620498ea035e9baf7", "c77050299926e15030f302bcc4dd9a048fb00f1ccb48bf8cc932ca8bdbbec508", "90754e5965c3e28865827ce18a4352508dc55795177876362237be8ba888ab26", "649ba0fa2b0d5b7835a732f9f52b2cc8536e730e224817b02218daebd4b08848", "7c749b55555779c476f8e206751528e729bed0069f7a9b91f7766a78b8c22792", "08f06965c39cb6f46e18f1df24e72e06fea964197174ac839476d3957e4de495", "8ee53e8fc978e48a16dbe5765ca9062b55e76966543d434633c6aef2f172d24b", "a25158f378f026cda042e93ba5020f6d5882d8821075085901f84cf73c600baa", "989541f6dffe26e108122d44a008c37dad295b94fd25cd8d242ccc5023214882", "6a7d82c112ed34aecaf4b3aa622d946ccd5fdfd8141437c8410b7c36e4d4d4b5", "8034fed4db2081f34b8048bab000a23044d35061868f53cb37a0f9de4951bdaf", "02d6acf24555c866c6fa3c37b06c8ff3b546a5b8f97e1e8cab2110c29e51c897"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1053"]}, {"bi": "task-pointed-to-appdata-directory", "hashes": ["664eb04ce9a07761a925f6cf8d2b4895b04fe5a85593ca0208d995b438c8b5f7", "ebb76e46e178491fd48787e80ce952910124d6f1a00c92744a5f84278192030c", "6aa8a7e9eaaad38773e294e1334edd60fa25564999efdbb2e27beddc705cbe3d", "d8d32922ddd6305ce4acc9c970e0a6d1c5866d344496be1620498ea035e9baf7", "c77050299926e15030f302bcc4dd9a048fb00f1ccb48bf8cc932ca8bdbbec508", "90754e5965c3e28865827ce18a4352508dc55795177876362237be8ba888ab26", "649ba0fa2b0d5b7835a732f9f52b2cc8536e730e224817b02218daebd4b08848", "7c749b55555779c476f8e206751528e729bed0069f7a9b91f7766a78b8c22792", "08f06965c39cb6f46e18f1df24e72e06fea964197174ac839476d3957e4de495", "8ee53e8fc978e48a16dbe5765ca9062b55e76966543d434633c6aef2f172d24b", "a25158f378f026cda042e93ba5020f6d5882d8821075085901f84cf73c600baa", "989541f6dffe26e108122d44a008c37dad295b94fd25cd8d242ccc5023214882", "6a7d82c112ed34aecaf4b3aa622d946ccd5fdfd8141437c8410b7c36e4d4d4b5", "8034fed4db2081f34b8048bab000a23044d35061868f53cb37a0f9de4951bdaf", "02d6acf24555c866c6fa3c37b06c8ff3b546a5b8f97e1e8cab2110c29e51c897"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1053"]}, {"bi": "firefox-password-manager-local-database-access", "hashes": ["f9206dc47c6495e1c8cf148a60ba045c6834da3d7d8d10fa92818dbdfbc5839d", "f422a65d68c31a7c6c24f8242c60d02cb95f42400eec1e87dec1d89102eae9a4", "690e2244879b7cdddc4b6208c8bcfae41548c1f651dae8fd576e281ddb30381b", "6427b1234b3182b21cfe73e027a9943505033e0ca9c557504051581d77191158", "65202bb1c6bc23e5e4297b0b00b1317a375f08134175e5b7e015a6d829dec596", "237f4691c8e3937129080c8d1a39e9a33df965f63c90977aab5348606f03ad48", "e563fd5ef48ec0e2e97547b44085a144ae090081a7c469a5f0650bb515f7e76b", "c8a1d9ba4399594220918f99a38fa4821c18d3e4fbfcf06c5872766b776661f0", "acc27fd8b12704ade67132f172d5c6830a4f4547a8fd67496657bc4996a98e1f", "73f9758f83bfe78bbd7c137f3c2d92f6813e8f97e09a05da42e8897715313ae3", "d8ef3315df144b64906f7d8f358733d3da504f963dd6d841b660fd397ed1f8b2", "7b16e2c7b49690e83bb4140b3e0f29418c64a6aae02dc0c324b607ae048b7ebd", "88c35140b891ab68d50c39cba262f80e48038a90e92f46b685240b07494714a6", "5ab5b8f885449933f394fc287c5d224e7cb1c1e3f6f89d9d0abb812bb7d3d805", "5c9f6daab90ddba678686ebb3562b200be25bdbc5b8bf997aae9888372df3001"], "mitre_attack_tags": ["TA0006", "T1003"]}, {"bi": "enumeration-browser-information", "hashes": ["f9206dc47c6495e1c8cf148a60ba045c6834da3d7d8d10fa92818dbdfbc5839d", "f422a65d68c31a7c6c24f8242c60d02cb95f42400eec1e87dec1d89102eae9a4", "690e2244879b7cdddc4b6208c8bcfae41548c1f651dae8fd576e281ddb30381b", "6427b1234b3182b21cfe73e027a9943505033e0ca9c557504051581d77191158", "65202bb1c6bc23e5e4297b0b00b1317a375f08134175e5b7e015a6d829dec596", "237f4691c8e3937129080c8d1a39e9a33df965f63c90977aab5348606f03ad48", "e563fd5ef48ec0e2e97547b44085a144ae090081a7c469a5f0650bb515f7e76b", "c8a1d9ba4399594220918f99a38fa4821c18d3e4fbfcf06c5872766b776661f0", "acc27fd8b12704ade67132f172d5c6830a4f4547a8fd67496657bc4996a98e1f", "73f9758f83bfe78bbd7c137f3c2d92f6813e8f97e09a05da42e8897715313ae3", "d8ef3315df144b64906f7d8f358733d3da504f963dd6d841b660fd397ed1f8b2", "7b16e2c7b49690e83bb4140b3e0f29418c64a6aae02dc0c324b607ae048b7ebd", "88c35140b891ab68d50c39cba262f80e48038a90e92f46b685240b07494714a6", "5ab5b8f885449933f394fc287c5d224e7cb1c1e3f6f89d9d0abb812bb7d3d805", "5c9f6daab90ddba678686ebb3562b200be25bdbc5b8bf997aae9888372df3001"], "mitre_attack_tags": ["TA0007", "TA0009", "TA0006", "T1083", "T1217", "T1005", "T1119", "T1552", "T1539", "T1555"]}, {"bi": "malware-generic-infostealer", "hashes": ["f9206dc47c6495e1c8cf148a60ba045c6834da3d7d8d10fa92818dbdfbc5839d", "f422a65d68c31a7c6c24f8242c60d02cb95f42400eec1e87dec1d89102eae9a4", "690e2244879b7cdddc4b6208c8bcfae41548c1f651dae8fd576e281ddb30381b", "6427b1234b3182b21cfe73e027a9943505033e0ca9c557504051581d77191158", "65202bb1c6bc23e5e4297b0b00b1317a375f08134175e5b7e015a6d829dec596", "237f4691c8e3937129080c8d1a39e9a33df965f63c90977aab5348606f03ad48", "e563fd5ef48ec0e2e97547b44085a144ae090081a7c469a5f0650bb515f7e76b", "c8a1d9ba4399594220918f99a38fa4821c18d3e4fbfcf06c5872766b776661f0", "acc27fd8b12704ade67132f172d5c6830a4f4547a8fd67496657bc4996a98e1f", "73f9758f83bfe78bbd7c137f3c2d92f6813e8f97e09a05da42e8897715313ae3", "d8ef3315df144b64906f7d8f358733d3da504f963dd6d841b660fd397ed1f8b2", "7b16e2c7b49690e83bb4140b3e0f29418c64a6aae02dc0c324b607ae048b7ebd", "88c35140b891ab68d50c39cba262f80e48038a90e92f46b685240b07494714a6", "5ab5b8f885449933f394fc287c5d224e7cb1c1e3f6f89d9d0abb812bb7d3d805", "5c9f6daab90ddba678686ebb3562b200be25bdbc5b8bf997aae9888372df3001"], "mitre_attack_tags": ["TA0007", "TA0009", "TA0006", "T1083", "T1005", "T1119", "T1552"]}, {"bi": "feed-domain-rat", "hashes": ["d70b1ecb9b8a30952cadfd45ef31c680197e475d0f7c6faa167c084869213e4a", "664eb04ce9a07761a925f6cf8d2b4895b04fe5a85593ca0208d995b438c8b5f7", "6aa8a7e9eaaad38773e294e1334edd60fa25564999efdbb2e27beddc705cbe3d", "c77050299926e15030f302bcc4dd9a048fb00f1ccb48bf8cc932ca8bdbbec508", "90754e5965c3e28865827ce18a4352508dc55795177876362237be8ba888ab26", "649ba0fa2b0d5b7835a732f9f52b2cc8536e730e224817b02218daebd4b08848", "08f06965c39cb6f46e18f1df24e72e06fea964197174ac839476d3957e4de495", "8ee53e8fc978e48a16dbe5765ca9062b55e76966543d434633c6aef2f172d24b", "a25158f378f026cda042e93ba5020f6d5882d8821075085901f84cf73c600baa", "989541f6dffe26e108122d44a008c37dad295b94fd25cd8d242ccc5023214882", "6a7d82c112ed34aecaf4b3aa622d946ccd5fdfd8141437c8410b7c36e4d4d4b5", "8034fed4db2081f34b8048bab000a23044d35061868f53cb37a0f9de4951bdaf", "02d6acf24555c866c6fa3c37b06c8ff3b546a5b8f97e1e8cab2110c29e51c897"], "mitre_attack_tags": []}, {"bi": "network-dns-category-dynamic", "hashes": ["d70b1ecb9b8a30952cadfd45ef31c680197e475d0f7c6faa167c084869213e4a", "664eb04ce9a07761a925f6cf8d2b4895b04fe5a85593ca0208d995b438c8b5f7", "6aa8a7e9eaaad38773e294e1334edd60fa25564999efdbb2e27beddc705cbe3d", "c77050299926e15030f302bcc4dd9a048fb00f1ccb48bf8cc932ca8bdbbec508", "90754e5965c3e28865827ce18a4352508dc55795177876362237be8ba888ab26", "649ba0fa2b0d5b7835a732f9f52b2cc8536e730e224817b02218daebd4b08848", "08f06965c39cb6f46e18f1df24e72e06fea964197174ac839476d3957e4de495", "8ee53e8fc978e48a16dbe5765ca9062b55e76966543d434633c6aef2f172d24b", "a25158f378f026cda042e93ba5020f6d5882d8821075085901f84cf73c600baa", "989541f6dffe26e108122d44a008c37dad295b94fd25cd8d242ccc5023214882", "6a7d82c112ed34aecaf4b3aa622d946ccd5fdfd8141437c8410b7c36e4d4d4b5", "8034fed4db2081f34b8048bab000a23044d35061868f53cb37a0f9de4951bdaf", "02d6acf24555c866c6fa3c37b06c8ff3b546a5b8f97e1e8cab2110c29e51c897"], "mitre_attack_tags": []}, {"bi": "process-check-zone-identifier", "hashes": ["664eb04ce9a07761a925f6cf8d2b4895b04fe5a85593ca0208d995b438c8b5f7", "690e2244879b7cdddc4b6208c8bcfae41548c1f651dae8fd576e281ddb30381b", "6aa8a7e9eaaad38773e294e1334edd60fa25564999efdbb2e27beddc705cbe3d", "c77050299926e15030f302bcc4dd9a048fb00f1ccb48bf8cc932ca8bdbbec508", "90754e5965c3e28865827ce18a4352508dc55795177876362237be8ba888ab26", "649ba0fa2b0d5b7835a732f9f52b2cc8536e730e224817b02218daebd4b08848", "08f06965c39cb6f46e18f1df24e72e06fea964197174ac839476d3957e4de495", "8ee53e8fc978e48a16dbe5765ca9062b55e76966543d434633c6aef2f172d24b", "a25158f378f026cda042e93ba5020f6d5882d8821075085901f84cf73c600baa", "989541f6dffe26e108122d44a008c37dad295b94fd25cd8d242ccc5023214882", "6a7d82c112ed34aecaf4b3aa622d946ccd5fdfd8141437c8410b7c36e4d4d4b5", "8034fed4db2081f34b8048bab000a23044d35061868f53cb37a0f9de4951bdaf", "02d6acf24555c866c6fa3c37b06c8ff3b546a5b8f97e1e8cab2110c29e51c897"], "mitre_attack_tags": ["TA0007", "TA0005", "T1518", "T1553"]}, {"bi": "antivirus-flagged-artifact", "hashes": ["d70b1ecb9b8a30952cadfd45ef31c680197e475d0f7c6faa167c084869213e4a", "690e2244879b7cdddc4b6208c8bcfae41548c1f651dae8fd576e281ddb30381b", "a4e944eb3a2e447f8fdf5679a9ec4c2627f26794293954b993d84d153bcb57c6", "6a7d82c112ed34aecaf4b3aa622d946ccd5fdfd8141437c8410b7c36e4d4d4b5", "7b16e2c7b49690e83bb4140b3e0f29418c64a6aae02dc0c324b607ae048b7ebd", "8034fed4db2081f34b8048bab000a23044d35061868f53cb37a0f9de4951bdaf", "275adb18333faf91f3124dc54af4c201c11c8d25ecde94aed6ea5f373517c000", "88c35140b891ab68d50c39cba262f80e48038a90e92f46b685240b07494714a6", "171777fc7d1801670cdc576c7cb7460fd4f4ad4eac5d00bc14b3a2f799a56ca2", "5ab5b8f885449933f394fc287c5d224e7cb1c1e3f6f89d9d0abb812bb7d3d805", "02d6acf24555c866c6fa3c37b06c8ff3b546a5b8f97e1e8cab2110c29e51c897", "5c9f6daab90ddba678686ebb3562b200be25bdbc5b8bf997aae9888372df3001"], "mitre_attack_tags": []}, {"bi": "network-snort-malware", "hashes": ["664eb04ce9a07761a925f6cf8d2b4895b04fe5a85593ca0208d995b438c8b5f7", "6aa8a7e9eaaad38773e294e1334edd60fa25564999efdbb2e27beddc705cbe3d", "c77050299926e15030f302bcc4dd9a048fb00f1ccb48bf8cc932ca8bdbbec508", "90754e5965c3e28865827ce18a4352508dc55795177876362237be8ba888ab26", "649ba0fa2b0d5b7835a732f9f52b2cc8536e730e224817b02218daebd4b08848", "08f06965c39cb6f46e18f1df24e72e06fea964197174ac839476d3957e4de495", "8ee53e8fc978e48a16dbe5765ca9062b55e76966543d434633c6aef2f172d24b", "a25158f378f026cda042e93ba5020f6d5882d8821075085901f84cf73c600baa", "989541f6dffe26e108122d44a008c37dad295b94fd25cd8d242ccc5023214882", "6a7d82c112ed34aecaf4b3aa622d946ccd5fdfd8141437c8410b7c36e4d4d4b5", "8034fed4db2081f34b8048bab000a23044d35061868f53cb37a0f9de4951bdaf", "02d6acf24555c866c6fa3c37b06c8ff3b546a5b8f97e1e8cab2110c29e51c897"], "mitre_attack_tags": []}, {"bi": "malware-nanocore-artifact-detected", "hashes": ["664eb04ce9a07761a925f6cf8d2b4895b04fe5a85593ca0208d995b438c8b5f7", "6aa8a7e9eaaad38773e294e1334edd60fa25564999efdbb2e27beddc705cbe3d", "c77050299926e15030f302bcc4dd9a048fb00f1ccb48bf8cc932ca8bdbbec508", "90754e5965c3e28865827ce18a4352508dc55795177876362237be8ba888ab26", "649ba0fa2b0d5b7835a732f9f52b2cc8536e730e224817b02218daebd4b08848", "08f06965c39cb6f46e18f1df24e72e06fea964197174ac839476d3957e4de495", "8ee53e8fc978e48a16dbe5765ca9062b55e76966543d434633c6aef2f172d24b", "a25158f378f026cda042e93ba5020f6d5882d8821075085901f84cf73c600baa", "989541f6dffe26e108122d44a008c37dad295b94fd25cd8d242ccc5023214882", "6a7d82c112ed34aecaf4b3aa622d946ccd5fdfd8141437c8410b7c36e4d4d4b5", "8034fed4db2081f34b8048bab000a23044d35061868f53cb37a0f9de4951bdaf", "02d6acf24555c866c6fa3c37b06c8ff3b546a5b8f97e1e8cab2110c29e51c897"], "mitre_attack_tags": []}, {"bi": "schtask-forcefully-created", "hashes": ["664eb04ce9a07761a925f6cf8d2b4895b04fe5a85593ca0208d995b438c8b5f7", "6aa8a7e9eaaad38773e294e1334edd60fa25564999efdbb2e27beddc705cbe3d", "c77050299926e15030f302bcc4dd9a048fb00f1ccb48bf8cc932ca8bdbbec508", "90754e5965c3e28865827ce18a4352508dc55795177876362237be8ba888ab26", "649ba0fa2b0d5b7835a732f9f52b2cc8536e730e224817b02218daebd4b08848", "08f06965c39cb6f46e18f1df24e72e06fea964197174ac839476d3957e4de495", "8ee53e8fc978e48a16dbe5765ca9062b55e76966543d434633c6aef2f172d24b", "a25158f378f026cda042e93ba5020f6d5882d8821075085901f84cf73c600baa", "989541f6dffe26e108122d44a008c37dad295b94fd25cd8d242ccc5023214882", "6a7d82c112ed34aecaf4b3aa622d946ccd5fdfd8141437c8410b7c36e4d4d4b5", "8034fed4db2081f34b8048bab000a23044d35061868f53cb37a0f9de4951bdaf", "02d6acf24555c866c6fa3c37b06c8ff3b546a5b8f97e1e8cab2110c29e51c897"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1053"]}, {"bi": "modified-file-in-program-dir", "hashes": ["664eb04ce9a07761a925f6cf8d2b4895b04fe5a85593ca0208d995b438c8b5f7", "6aa8a7e9eaaad38773e294e1334edd60fa25564999efdbb2e27beddc705cbe3d", "c77050299926e15030f302bcc4dd9a048fb00f1ccb48bf8cc932ca8bdbbec508", "90754e5965c3e28865827ce18a4352508dc55795177876362237be8ba888ab26", "649ba0fa2b0d5b7835a732f9f52b2cc8536e730e224817b02218daebd4b08848", "08f06965c39cb6f46e18f1df24e72e06fea964197174ac839476d3957e4de495", "8ee53e8fc978e48a16dbe5765ca9062b55e76966543d434633c6aef2f172d24b", "a25158f378f026cda042e93ba5020f6d5882d8821075085901f84cf73c600baa", "989541f6dffe26e108122d44a008c37dad295b94fd25cd8d242ccc5023214882", "6a7d82c112ed34aecaf4b3aa622d946ccd5fdfd8141437c8410b7c36e4d4d4b5", "8034fed4db2081f34b8048bab000a23044d35061868f53cb37a0f9de4951bdaf", "02d6acf24555c866c6fa3c37b06c8ff3b546a5b8f97e1e8cab2110c29e51c897"], "mitre_attack_tags": []}, {"bi": "dotnet-malicious-assembly-name", "hashes": ["664eb04ce9a07761a925f6cf8d2b4895b04fe5a85593ca0208d995b438c8b5f7", "6aa8a7e9eaaad38773e294e1334edd60fa25564999efdbb2e27beddc705cbe3d", "c77050299926e15030f302bcc4dd9a048fb00f1ccb48bf8cc932ca8bdbbec508", "90754e5965c3e28865827ce18a4352508dc55795177876362237be8ba888ab26", "649ba0fa2b0d5b7835a732f9f52b2cc8536e730e224817b02218daebd4b08848", "08f06965c39cb6f46e18f1df24e72e06fea964197174ac839476d3957e4de495", "8ee53e8fc978e48a16dbe5765ca9062b55e76966543d434633c6aef2f172d24b", "a25158f378f026cda042e93ba5020f6d5882d8821075085901f84cf73c600baa", "989541f6dffe26e108122d44a008c37dad295b94fd25cd8d242ccc5023214882", "6a7d82c112ed34aecaf4b3aa622d946ccd5fdfd8141437c8410b7c36e4d4d4b5", "8034fed4db2081f34b8048bab000a23044d35061868f53cb37a0f9de4951bdaf", "02d6acf24555c866c6fa3c37b06c8ff3b546a5b8f97e1e8cab2110c29e51c897"], "mitre_attack_tags": []}, {"bi": "network-communications-http-get", "hashes": ["ebb76e46e178491fd48787e80ce952910124d6f1a00c92744a5f84278192030c", "d8d32922ddd6305ce4acc9c970e0a6d1c5866d344496be1620498ea035e9baf7", "3a4ef6610b647f545e862e03d03df7a89b171831fa685a978b9d76dd09224406", "edb8de32efef24d86889242877a9ecb627135831156129e92dab871a47cd4de2", "069e629347920fa169623bf55556bf50da6d73b6d8129da71ed7832e76ec0774", "5e3eb3b01f08a5860eb53b7ef54c51378fbfc21584687d82ce8a0c7bfdf0bf74", "f1c6992f98b3216ef793520292737d46f9d11bb31c3a8732fb3dba9500a00790", "bc6b7838aed0283638884fca8cc4fc3f1495b2b39bf1a2c9eb0a4868f9c38c79", "9605c028605214cb8519b9f76d937bb4e2ca165edff7ba224dac8c7d11172ad1", "a7bb4c998acc8a21e32314741e0eaa2bee3bbefa6db3381c8cdd776e7994e3be", "a4e944eb3a2e447f8fdf5679a9ec4c2627f26794293954b993d84d153bcb57c6"], "mitre_attack_tags": ["TA0011", "T1105"]}, {"bi": "process-hollowing-detected", "hashes": ["d8d32922ddd6305ce4acc9c970e0a6d1c5866d344496be1620498ea035e9baf7", "356b30df4bbe9a2f99a450769fee9a947f5879868d6b60b183fb3faba39f6470", "3a4ef6610b647f545e862e03d03df7a89b171831fa685a978b9d76dd09224406", "edb8de32efef24d86889242877a9ecb627135831156129e92dab871a47cd4de2", "069e629347920fa169623bf55556bf50da6d73b6d8129da71ed7832e76ec0774", "a7fac532eed09b4d7d9fe4d5c1a4b6f6302589dc482732bddbeee8dff6029f77", "5e3eb3b01f08a5860eb53b7ef54c51378fbfc21584687d82ce8a0c7bfdf0bf74", "f1c6992f98b3216ef793520292737d46f9d11bb31c3a8732fb3dba9500a00790", "9605c028605214cb8519b9f76d937bb4e2ca165edff7ba224dac8c7d11172ad1", "a7bb4c998acc8a21e32314741e0eaa2bee3bbefa6db3381c8cdd776e7994e3be", "a4e944eb3a2e447f8fdf5679a9ec4c2627f26794293954b993d84d153bcb57c6"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "network-opendns-malicious", "hashes": ["664eb04ce9a07761a925f6cf8d2b4895b04fe5a85593ca0208d995b438c8b5f7", "6aa8a7e9eaaad38773e294e1334edd60fa25564999efdbb2e27beddc705cbe3d", "c77050299926e15030f302bcc4dd9a048fb00f1ccb48bf8cc932ca8bdbbec508", "90754e5965c3e28865827ce18a4352508dc55795177876362237be8ba888ab26", "649ba0fa2b0d5b7835a732f9f52b2cc8536e730e224817b02218daebd4b08848", "08f06965c39cb6f46e18f1df24e72e06fea964197174ac839476d3957e4de495", "8ee53e8fc978e48a16dbe5765ca9062b55e76966543d434633c6aef2f172d24b", "a25158f378f026cda042e93ba5020f6d5882d8821075085901f84cf73c600baa", "989541f6dffe26e108122d44a008c37dad295b94fd25cd8d242ccc5023214882"], "mitre_attack_tags": []}, {"bi": "network-dns-malicious-snort", "hashes": ["664eb04ce9a07761a925f6cf8d2b4895b04fe5a85593ca0208d995b438c8b5f7", "6aa8a7e9eaaad38773e294e1334edd60fa25564999efdbb2e27beddc705cbe3d", "c77050299926e15030f302bcc4dd9a048fb00f1ccb48bf8cc932ca8bdbbec508", "90754e5965c3e28865827ce18a4352508dc55795177876362237be8ba888ab26", "649ba0fa2b0d5b7835a732f9f52b2cc8536e730e224817b02218daebd4b08848", "08f06965c39cb6f46e18f1df24e72e06fea964197174ac839476d3957e4de495", "8ee53e8fc978e48a16dbe5765ca9062b55e76966543d434633c6aef2f172d24b", "a25158f378f026cda042e93ba5020f6d5882d8821075085901f84cf73c600baa", "989541f6dffe26e108122d44a008c37dad295b94fd25cd8d242ccc5023214882"], "mitre_attack_tags": ["TA0011", "T1102"]}, {"bi": "microsoft-block-rule-list-app-executed", "hashes": ["6763500aabf5bb650acee7e50fb2b28559c25e46e43a67e84e849cfb6748968b", "edb8de32efef24d86889242877a9ecb627135831156129e92dab871a47cd4de2", "069e629347920fa169623bf55556bf50da6d73b6d8129da71ed7832e76ec0774", "5e3eb3b01f08a5860eb53b7ef54c51378fbfc21584687d82ce8a0c7bfdf0bf74", "f1c6992f98b3216ef793520292737d46f9d11bb31c3a8732fb3dba9500a00790", "bc6b7838aed0283638884fca8cc4fc3f1495b2b39bf1a2c9eb0a4868f9c38c79", "9605c028605214cb8519b9f76d937bb4e2ca165edff7ba224dac8c7d11172ad1", "f236b39e286105d68ab5b7cb5e54f93379bc7a0d84166407f41984172bcf183e", "a4e944eb3a2e447f8fdf5679a9ec4c2627f26794293954b993d84d153bcb57c6"], "mitre_attack_tags": ["TA0005", "T1562"]}, {"bi": "process-with-multiple-children", "hashes": ["6763500aabf5bb650acee7e50fb2b28559c25e46e43a67e84e849cfb6748968b", "edb8de32efef24d86889242877a9ecb627135831156129e92dab871a47cd4de2", "069e629347920fa169623bf55556bf50da6d73b6d8129da71ed7832e76ec0774", "5e3eb3b01f08a5860eb53b7ef54c51378fbfc21584687d82ce8a0c7bfdf0bf74", "f1c6992f98b3216ef793520292737d46f9d11bb31c3a8732fb3dba9500a00790", "9605c028605214cb8519b9f76d937bb4e2ca165edff7ba224dac8c7d11172ad1", "f236b39e286105d68ab5b7cb5e54f93379bc7a0d84166407f41984172bcf183e", "a4e944eb3a2e447f8fdf5679a9ec4c2627f26794293954b993d84d153bcb57c6"], "mitre_attack_tags": ["TA0005"]}, {"bi": "vbs-creates-and-runs", "hashes": ["6763500aabf5bb650acee7e50fb2b28559c25e46e43a67e84e849cfb6748968b", "edb8de32efef24d86889242877a9ecb627135831156129e92dab871a47cd4de2", "069e629347920fa169623bf55556bf50da6d73b6d8129da71ed7832e76ec0774", "5e3eb3b01f08a5860eb53b7ef54c51378fbfc21584687d82ce8a0c7bfdf0bf74", "f1c6992f98b3216ef793520292737d46f9d11bb31c3a8732fb3dba9500a00790", "bc6b7838aed0283638884fca8cc4fc3f1495b2b39bf1a2c9eb0a4868f9c38c79", "9605c028605214cb8519b9f76d937bb4e2ca165edff7ba224dac8c7d11172ad1", "f236b39e286105d68ab5b7cb5e54f93379bc7a0d84166407f41984172bcf183e"], "mitre_attack_tags": ["TA0002", "T1059"]}, {"bi": "registry-autorun-suspicious-public-ip", "hashes": ["edb8de32efef24d86889242877a9ecb627135831156129e92dab871a47cd4de2", "069e629347920fa169623bf55556bf50da6d73b6d8129da71ed7832e76ec0774", "5e3eb3b01f08a5860eb53b7ef54c51378fbfc21584687d82ce8a0c7bfdf0bf74", "f1c6992f98b3216ef793520292737d46f9d11bb31c3a8732fb3dba9500a00790", "9605c028605214cb8519b9f76d937bb4e2ca165edff7ba224dac8c7d11172ad1", "a4e944eb3a2e447f8fdf5679a9ec4c2627f26794293954b993d84d153bcb57c6", "88c35140b891ab68d50c39cba262f80e48038a90e92f46b685240b07494714a6"], "mitre_attack_tags": []}, {"bi": "pe-encrypted-section", "hashes": ["3a4ef6610b647f545e862e03d03df7a89b171831fa685a978b9d76dd09224406", "edb8de32efef24d86889242877a9ecb627135831156129e92dab871a47cd4de2", "069e629347920fa169623bf55556bf50da6d73b6d8129da71ed7832e76ec0774", "5e3eb3b01f08a5860eb53b7ef54c51378fbfc21584687d82ce8a0c7bfdf0bf74", "f1c6992f98b3216ef793520292737d46f9d11bb31c3a8732fb3dba9500a00790", "9605c028605214cb8519b9f76d937bb4e2ca165edff7ba224dac8c7d11172ad1"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-section-execute-writable", "hashes": ["3a4ef6610b647f545e862e03d03df7a89b171831fa685a978b9d76dd09224406", "edb8de32efef24d86889242877a9ecb627135831156129e92dab871a47cd4de2", "069e629347920fa169623bf55556bf50da6d73b6d8129da71ed7832e76ec0774", "5e3eb3b01f08a5860eb53b7ef54c51378fbfc21584687d82ce8a0c7bfdf0bf74", "f1c6992f98b3216ef793520292737d46f9d11bb31c3a8732fb3dba9500a00790", "9605c028605214cb8519b9f76d937bb4e2ca165edff7ba224dac8c7d11172ad1"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-packed-upx", "hashes": ["3a4ef6610b647f545e862e03d03df7a89b171831fa685a978b9d76dd09224406", "edb8de32efef24d86889242877a9ecb627135831156129e92dab871a47cd4de2", "069e629347920fa169623bf55556bf50da6d73b6d8129da71ed7832e76ec0774", "5e3eb3b01f08a5860eb53b7ef54c51378fbfc21584687d82ce8a0c7bfdf0bf74", "f1c6992f98b3216ef793520292737d46f9d11bb31c3a8732fb3dba9500a00790", "9605c028605214cb8519b9f76d937bb4e2ca165edff7ba224dac8c7d11172ad1"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "task-manager-disabled", "hashes": ["edb8de32efef24d86889242877a9ecb627135831156129e92dab871a47cd4de2", "069e629347920fa169623bf55556bf50da6d73b6d8129da71ed7832e76ec0774", "5e3eb3b01f08a5860eb53b7ef54c51378fbfc21584687d82ce8a0c7bfdf0bf74", "f1c6992f98b3216ef793520292737d46f9d11bb31c3a8732fb3dba9500a00790", "9605c028605214cb8519b9f76d937bb4e2ca165edff7ba224dac8c7d11172ad1", "a4e944eb3a2e447f8fdf5679a9ec4c2627f26794293954b993d84d153bcb57c6"], "mitre_attack_tags": ["TA0040", "T1499"]}, {"bi": "startup-folder-lnk-file", "hashes": ["edb8de32efef24d86889242877a9ecb627135831156129e92dab871a47cd4de2", "069e629347920fa169623bf55556bf50da6d73b6d8129da71ed7832e76ec0774", "5e3eb3b01f08a5860eb53b7ef54c51378fbfc21584687d82ce8a0c7bfdf0bf74", "f1c6992f98b3216ef793520292737d46f9d11bb31c3a8732fb3dba9500a00790", "bc6b7838aed0283638884fca8cc4fc3f1495b2b39bf1a2c9eb0a4868f9c38c79", "9605c028605214cb8519b9f76d937bb4e2ca165edff7ba224dac8c7d11172ad1"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "firefox-cookie-read", "hashes": ["690e2244879b7cdddc4b6208c8bcfae41548c1f651dae8fd576e281ddb30381b", "65202bb1c6bc23e5e4297b0b00b1317a375f08134175e5b7e015a6d829dec596", "e563fd5ef48ec0e2e97547b44085a144ae090081a7c469a5f0650bb515f7e76b", "73f9758f83bfe78bbd7c137f3c2d92f6813e8f97e09a05da42e8897715313ae3", "5ab5b8f885449933f394fc287c5d224e7cb1c1e3f6f89d9d0abb812bb7d3d805"], "mitre_attack_tags": ["TA0009", "T1005", "T1119"]}, {"bi": "windows-crash-tool-execution-detected", "hashes": ["ebb76e46e178491fd48787e80ce952910124d6f1a00c92744a5f84278192030c", "3daa2ea1bfd5b57eabe55cc156a072ea901ff7c809648dd4d7aa6897c7a9bf3c", "356b30df4bbe9a2f99a450769fee9a947f5879868d6b60b183fb3faba39f6470", "a4e944eb3a2e447f8fdf5679a9ec4c2627f26794293954b993d84d153bcb57c6", "171777fc7d1801670cdc576c7cb7460fd4f4ad4eac5d00bc14b3a2f799a56ca2"], "mitre_attack_tags": []}, {"bi": "network-communications-smtp", "hashes": ["690e2244879b7cdddc4b6208c8bcfae41548c1f651dae8fd576e281ddb30381b", "e563fd5ef48ec0e2e97547b44085a144ae090081a7c469a5f0650bb515f7e76b", "73f9758f83bfe78bbd7c137f3c2d92f6813e8f97e09a05da42e8897715313ae3", "5ab5b8f885449933f394fc287c5d224e7cb1c1e3f6f89d9d0abb812bb7d3d805"], "mitre_attack_tags": ["TA0011", "T1071"]}, {"bi": "network-smtp-spambot", "hashes": ["690e2244879b7cdddc4b6208c8bcfae41548c1f651dae8fd576e281ddb30381b", "e563fd5ef48ec0e2e97547b44085a144ae090081a7c469a5f0650bb515f7e76b", "73f9758f83bfe78bbd7c137f3c2d92f6813e8f97e09a05da42e8897715313ae3", "5ab5b8f885449933f394fc287c5d224e7cb1c1e3f6f89d9d0abb812bb7d3d805"], "mitre_attack_tags": []}, {"bi": "process-long-cmdline", "hashes": ["ebb76e46e178491fd48787e80ce952910124d6f1a00c92744a5f84278192030c", "d8d32922ddd6305ce4acc9c970e0a6d1c5866d344496be1620498ea035e9baf7", "7c749b55555779c476f8e206751528e729bed0069f7a9b91f7766a78b8c22792", "a7bb4c998acc8a21e32314741e0eaa2bee3bbefa6db3381c8cdd776e7994e3be"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "startup-folder-modification", "hashes": ["6763500aabf5bb650acee7e50fb2b28559c25e46e43a67e84e849cfb6748968b", "9605c028605214cb8519b9f76d937bb4e2ca165edff7ba224dac8c7d11172ad1", "f236b39e286105d68ab5b7cb5e54f93379bc7a0d84166407f41984172bcf183e"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "nginx-webserver-detected", "hashes": ["ebb76e46e178491fd48787e80ce952910124d6f1a00c92744a5f84278192030c", "d8d32922ddd6305ce4acc9c970e0a6d1c5866d344496be1620498ea035e9baf7", "a7bb4c998acc8a21e32314741e0eaa2bee3bbefa6db3381c8cdd776e7994e3be"], "mitre_attack_tags": []}, {"bi": "network-http-numeric-ip", "hashes": ["ebb76e46e178491fd48787e80ce952910124d6f1a00c92744a5f84278192030c", "d8d32922ddd6305ce4acc9c970e0a6d1c5866d344496be1620498ea035e9baf7", "65202bb1c6bc23e5e4297b0b00b1317a375f08134175e5b7e015a6d829dec596"], "mitre_attack_tags": ["TA0011", "T1071"]}, {"bi": "cmd-exe-file-execution", "hashes": ["ebb76e46e178491fd48787e80ce952910124d6f1a00c92744a5f84278192030c", "d8d32922ddd6305ce4acc9c970e0a6d1c5866d344496be1620498ea035e9baf7", "7c749b55555779c476f8e206751528e729bed0069f7a9b91f7766a78b8c22792"], "mitre_attack_tags": ["TA0002", "T1059"]}, {"bi": "artifact-flagged-vm", "hashes": ["ebb76e46e178491fd48787e80ce952910124d6f1a00c92744a5f84278192030c", "d8d32922ddd6305ce4acc9c970e0a6d1c5866d344496be1620498ea035e9baf7", "7c749b55555779c476f8e206751528e729bed0069f7a9b91f7766a78b8c22792"], "mitre_attack_tags": ["TA0005", "TA0007", "T1497"]}, {"bi": "url-not-found", "hashes": ["ebb76e46e178491fd48787e80ce952910124d6f1a00c92744a5f84278192030c", "65202bb1c6bc23e5e4297b0b00b1317a375f08134175e5b7e015a6d829dec596", "a7bb4c998acc8a21e32314741e0eaa2bee3bbefa6db3381c8cdd776e7994e3be"], "mitre_attack_tags": []}, {"bi": "unsigned-roaming-execution", "hashes": ["ebb76e46e178491fd48787e80ce952910124d6f1a00c92744a5f84278192030c", "d8d32922ddd6305ce4acc9c970e0a6d1c5866d344496be1620498ea035e9baf7", "7c749b55555779c476f8e206751528e729bed0069f7a9b91f7766a78b8c22792"], "mitre_attack_tags": ["TA0005"]}, {"bi": "fault-report-file-created", "hashes": ["3daa2ea1bfd5b57eabe55cc156a072ea901ff7c809648dd4d7aa6897c7a9bf3c", "d8d32922ddd6305ce4acc9c970e0a6d1c5866d344496be1620498ea035e9baf7", "171777fc7d1801670cdc576c7cb7460fd4f4ad4eac5d00bc14b3a2f799a56ca2"], "mitre_attack_tags": []}, {"bi": "artifact-flagged-obfuscation", "hashes": ["6427b1234b3182b21cfe73e027a9943505033e0ca9c557504051581d77191158", "d8d32922ddd6305ce4acc9c970e0a6d1c5866d344496be1620498ea035e9baf7", "a7bb4c998acc8a21e32314741e0eaa2bee3bbefa6db3381c8cdd776e7994e3be"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "http-response-client-error", "hashes": ["ebb76e46e178491fd48787e80ce952910124d6f1a00c92744a5f84278192030c", "a7bb4c998acc8a21e32314741e0eaa2bee3bbefa6db3381c8cdd776e7994e3be"], "mitre_attack_tags": []}, {"bi": "network-http-blank-user-agent", "hashes": ["ebb76e46e178491fd48787e80ce952910124d6f1a00c92744a5f84278192030c", "d8d32922ddd6305ce4acc9c970e0a6d1c5866d344496be1620498ea035e9baf7"], "mitre_attack_tags": ["TA0011", "T1071"]}, {"bi": "http-response-redirect", "hashes": ["ebb76e46e178491fd48787e80ce952910124d6f1a00c92744a5f84278192030c", "a7bb4c998acc8a21e32314741e0eaa2bee3bbefa6db3381c8cdd776e7994e3be"], "mitre_attack_tags": []}, {"bi": "pe-header-timestamp-prior", "hashes": ["ebb76e46e178491fd48787e80ce952910124d6f1a00c92744a5f84278192030c", "d8d32922ddd6305ce4acc9c970e0a6d1c5866d344496be1620498ea035e9baf7"], "mitre_attack_tags": []}, {"bi": "network-explorer-process", "hashes": ["ebb76e46e178491fd48787e80ce952910124d6f1a00c92744a5f84278192030c", "a7bb4c998acc8a21e32314741e0eaa2bee3bbefa6db3381c8cdd776e7994e3be"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "file-pending-delete", "hashes": ["ebb76e46e178491fd48787e80ce952910124d6f1a00c92744a5f84278192030c", "d8d32922ddd6305ce4acc9c970e0a6d1c5866d344496be1620498ea035e9baf7"], "mitre_attack_tags": ["TA0005"]}, {"bi": "pe-header-timestamp-null", "hashes": ["ebb76e46e178491fd48787e80ce952910124d6f1a00c92744a5f84278192030c", "d8d32922ddd6305ce4acc9c970e0a6d1c5866d344496be1620498ea035e9baf7"], "mitre_attack_tags": []}, {"bi": "crash-dump-file-created", "hashes": ["3daa2ea1bfd5b57eabe55cc156a072ea901ff7c809648dd4d7aa6897c7a9bf3c", "171777fc7d1801670cdc576c7cb7460fd4f4ad4eac5d00bc14b3a2f799a56ca2"], "mitre_attack_tags": []}, {"bi": "artifact-flagged-sandbox", "hashes": ["d8d32922ddd6305ce4acc9c970e0a6d1c5866d344496be1620498ea035e9baf7", "7c749b55555779c476f8e206751528e729bed0069f7a9b91f7766a78b8c22792"], "mitre_attack_tags": ["TA0005", "TA0007", "T1497"]}, {"bi": "artifact-vm-detect", "hashes": ["d8d32922ddd6305ce4acc9c970e0a6d1c5866d344496be1620498ea035e9baf7", "7c749b55555779c476f8e206751528e729bed0069f7a9b91f7766a78b8c22792"], "mitre_attack_tags": ["TA0005", "TA0007", "T1497"]}, {"bi": "network-file-uploaded", "hashes": ["65202bb1c6bc23e5e4297b0b00b1317a375f08134175e5b7e015a6d829dec596", "a7bb4c998acc8a21e32314741e0eaa2bee3bbefa6db3381c8cdd776e7994e3be"], "mitre_attack_tags": ["TA0010", "T1011"]}, {"bi": "network-communications-http-post", "hashes": ["65202bb1c6bc23e5e4297b0b00b1317a375f08134175e5b7e015a6d829dec596", "a7bb4c998acc8a21e32314741e0eaa2bee3bbefa6db3381c8cdd776e7994e3be"], "mitre_attack_tags": ["TA0010", "T1048"]}, {"bi": "feed-public-ip-check-dns", "hashes": ["e563fd5ef48ec0e2e97547b44085a144ae090081a7c469a5f0650bb515f7e76b", "73f9758f83bfe78bbd7c137f3c2d92f6813e8f97e09a05da42e8897715313ae3"], "mitre_attack_tags": []}, {"bi": "malware-netwire-rat-registry", "hashes": ["d70b1ecb9b8a30952cadfd45ef31c680197e475d0f7c6faa167c084869213e4a"], "mitre_attack_tags": []}, {"bi": "network-smtp-attachment", "hashes": ["690e2244879b7cdddc4b6208c8bcfae41548c1f651dae8fd576e281ddb30381b"], "mitre_attack_tags": ["TA0010", "T1011"]}, {"bi": "registry-autorun-key-data-dir", "hashes": ["690e2244879b7cdddc4b6208c8bcfae41548c1f651dae8fd576e281ddb30381b"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "eml-same-sender-recipient", "hashes": ["690e2244879b7cdddc4b6208c8bcfae41548c1f651dae8fd576e281ddb30381b"], "mitre_attack_tags": ["TA0001", "T1566"]}, {"bi": "email-same-sender-receiver-domain", "hashes": ["690e2244879b7cdddc4b6208c8bcfae41548c1f651dae8fd576e281ddb30381b"], "mitre_attack_tags": []}, {"bi": "process-created-executable-autorun", "hashes": ["690e2244879b7cdddc4b6208c8bcfae41548c1f651dae8fd576e281ddb30381b"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "network-fast-flux-nameserver", "hashes": ["ebb76e46e178491fd48787e80ce952910124d6f1a00c92744a5f84278192030c"], "mitre_attack_tags": []}, {"bi": "dns-query-nxdomain", "hashes": ["ebb76e46e178491fd48787e80ce952910124d6f1a00c92744a5f84278192030c"], "mitre_attack_tags": []}, {"bi": "netbios-query", "hashes": ["ebb76e46e178491fd48787e80ce952910124d6f1a00c92744a5f84278192030c"], "mitre_attack_tags": ["TA0007", "T1016"]}, {"bi": "malware-formbook-mutex-detected", "hashes": ["ebb76e46e178491fd48787e80ce952910124d6f1a00c92744a5f84278192030c"], "mitre_attack_tags": []}, {"bi": "windows-util-ipconfig", "hashes": ["ebb76e46e178491fd48787e80ce952910124d6f1a00c92744a5f84278192030c"], "mitre_attack_tags": ["TA0007", "T1016"]}, {"bi": "html-small-file-redirect", "hashes": ["ebb76e46e178491fd48787e80ce952910124d6f1a00c92744a5f84278192030c"], "mitre_attack_tags": []}, {"bi": "dot-net-crash-tool-execution-detected", "hashes": ["d8d32922ddd6305ce4acc9c970e0a6d1c5866d344496be1620498ea035e9baf7"], "mitre_attack_tags": []}, {"bi": "sample-launched-copy-of-self", "hashes": ["edb8de32efef24d86889242877a9ecb627135831156129e92dab871a47cd4de2"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "pe-artifact-invalid-certificate-signature", "hashes": ["7c749b55555779c476f8e206751528e729bed0069f7a9b91f7766a78b8c22792"], "mitre_attack_tags": ["TA0005", "T1036"]}, {"bi": "excessive-tcp-connections", "hashes": ["f236b39e286105d68ab5b7cb5e54f93379bc7a0d84166407f41984172bcf183e"], "mitre_attack_tags": ["TA0011", "T1095", "T1008"]}, {"bi": "malware-remcos-registry", "hashes": ["f236b39e286105d68ab5b7cb5e54f93379bc7a0d84166407f41984172bcf183e"], "mitre_attack_tags": ["TA0009", "TA0006", "TA0011", "T1056", "T1113", "T1125", "T1123", "T1105"]}, {"bi": "windows-utility-downloaded-artifact", "hashes": ["a7bb4c998acc8a21e32314741e0eaa2bee3bbefa6db3381c8cdd776e7994e3be"], "mitre_attack_tags": ["TA0011", "T1105"]}, {"bi": "network-file-downloaded-to-disk", "hashes": ["a7bb4c998acc8a21e32314741e0eaa2bee3bbefa6db3381c8cdd776e7994e3be"], "mitre_attack_tags": []}, {"bi": "process-explorer-suspicious-launch", "hashes": ["a7bb4c998acc8a21e32314741e0eaa2bee3bbefa6db3381c8cdd776e7994e3be"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "js-contains-massive-strings", "hashes": ["a7bb4c998acc8a21e32314741e0eaa2bee3bbefa6db3381c8cdd776e7994e3be"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "process-requested-file-external-drive", "hashes": ["a7bb4c998acc8a21e32314741e0eaa2bee3bbefa6db3381c8cdd776e7994e3be"], "mitre_attack_tags": ["TA0009", "T1025"]}, {"bi": "html-js-contains-random-vars", "hashes": ["a7bb4c998acc8a21e32314741e0eaa2bee3bbefa6db3381c8cdd776e7994e3be"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "html-page-not-found", "hashes": ["a7bb4c998acc8a21e32314741e0eaa2bee3bbefa6db3381c8cdd776e7994e3be"], "mitre_attack_tags": []}], "category": "Dropper", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": true, "Threat Grid": true, "Umbrella": true, "WSA": true}, "description": "Nanocore is a .NET remote access trojan. Its source code has been leaked several times, making it widely available. Like other RATs, it allows full control of the system, including recording video and audio, stealing passwords, downloading files and recording keystrokes.", "hashes": ["02d6acf24555c866c6fa3c37b06c8ff3b546a5b8f97e1e8cab2110c29e51c897", "069e629347920fa169623bf55556bf50da6d73b6d8129da71ed7832e76ec0774", "08f06965c39cb6f46e18f1df24e72e06fea964197174ac839476d3957e4de495", "171777fc7d1801670cdc576c7cb7460fd4f4ad4eac5d00bc14b3a2f799a56ca2", "237f4691c8e3937129080c8d1a39e9a33df965f63c90977aab5348606f03ad48", "275adb18333faf91f3124dc54af4c201c11c8d25ecde94aed6ea5f373517c000", "356b30df4bbe9a2f99a450769fee9a947f5879868d6b60b183fb3faba39f6470", "3a4ef6610b647f545e862e03d03df7a89b171831fa685a978b9d76dd09224406", "3daa2ea1bfd5b57eabe55cc156a072ea901ff7c809648dd4d7aa6897c7a9bf3c", "5ab5b8f885449933f394fc287c5d224e7cb1c1e3f6f89d9d0abb812bb7d3d805", "5c9f6daab90ddba678686ebb3562b200be25bdbc5b8bf997aae9888372df3001", "5e3eb3b01f08a5860eb53b7ef54c51378fbfc21584687d82ce8a0c7bfdf0bf74", "6427b1234b3182b21cfe73e027a9943505033e0ca9c557504051581d77191158", "649ba0fa2b0d5b7835a732f9f52b2cc8536e730e224817b02218daebd4b08848", "65202bb1c6bc23e5e4297b0b00b1317a375f08134175e5b7e015a6d829dec596", "664eb04ce9a07761a925f6cf8d2b4895b04fe5a85593ca0208d995b438c8b5f7", "6763500aabf5bb650acee7e50fb2b28559c25e46e43a67e84e849cfb6748968b", "690e2244879b7cdddc4b6208c8bcfae41548c1f651dae8fd576e281ddb30381b", "6a7d82c112ed34aecaf4b3aa622d946ccd5fdfd8141437c8410b7c36e4d4d4b5", "6aa8a7e9eaaad38773e294e1334edd60fa25564999efdbb2e27beddc705cbe3d", "73f9758f83bfe78bbd7c137f3c2d92f6813e8f97e09a05da42e8897715313ae3", "7b16e2c7b49690e83bb4140b3e0f29418c64a6aae02dc0c324b607ae048b7ebd", "7c749b55555779c476f8e206751528e729bed0069f7a9b91f7766a78b8c22792", "8034fed4db2081f34b8048bab000a23044d35061868f53cb37a0f9de4951bdaf", "88c35140b891ab68d50c39cba262f80e48038a90e92f46b685240b07494714a6", "8ee53e8fc978e48a16dbe5765ca9062b55e76966543d434633c6aef2f172d24b", "90754e5965c3e28865827ce18a4352508dc55795177876362237be8ba888ab26", "958d1f0fbac83baebfe3d1969582ff5ad61d22bdf4856dfccc172c4b2fe3ca80", "9605c028605214cb8519b9f76d937bb4e2ca165edff7ba224dac8c7d11172ad1", "989541f6dffe26e108122d44a008c37dad295b94fd25cd8d242ccc5023214882", "992bd524f1d4f791f3129f6d9a464d47399fdf1e94a4be3bce242f93f7cfd6c4", "9fdab5a28047f842d0a6b04e612c85359ca9fe88036450d8a5293aded093a805", "a25158f378f026cda042e93ba5020f6d5882d8821075085901f84cf73c600baa", "a4e944eb3a2e447f8fdf5679a9ec4c2627f26794293954b993d84d153bcb57c6", "a7bb4c998acc8a21e32314741e0eaa2bee3bbefa6db3381c8cdd776e7994e3be", "a7fac532eed09b4d7d9fe4d5c1a4b6f6302589dc482732bddbeee8dff6029f77", "acc27fd8b12704ade67132f172d5c6830a4f4547a8fd67496657bc4996a98e1f", "ba4d7b93b01f1c69f6f1502f5652b6b21116b396e74184f4a367327871a5f7f2", "bc6b7838aed0283638884fca8cc4fc3f1495b2b39bf1a2c9eb0a4868f9c38c79", "c77050299926e15030f302bcc4dd9a048fb00f1ccb48bf8cc932ca8bdbbec508", "c8a1d9ba4399594220918f99a38fa4821c18d3e4fbfcf06c5872766b776661f0", "d70b1ecb9b8a30952cadfd45ef31c680197e475d0f7c6faa167c084869213e4a", "d8d32922ddd6305ce4acc9c970e0a6d1c5866d344496be1620498ea035e9baf7", "d8ef3315df144b64906f7d8f358733d3da504f963dd6d841b660fd397ed1f8b2", "e3f1a0b9518ea565cabf3be6ca527c073887f2805aba6a32b4cd289c435f8578", "e563fd5ef48ec0e2e97547b44085a144ae090081a7c469a5f0650bb515f7e76b", "ebb76e46e178491fd48787e80ce952910124d6f1a00c92744a5f84278192030c", "edb8de32efef24d86889242877a9ecb627135831156129e92dab871a47cd4de2", "f1c6992f98b3216ef793520292737d46f9d11bb31c3a8732fb3dba9500a00790", "f236b39e286105d68ab5b7cb5e54f93379bc7a0d84166407f41984172bcf183e", "f422a65d68c31a7c6c24f8242c60d02cb95f42400eec1e87dec1d89102eae9a4", "f9206dc47c6495e1c8cf148a60ba045c6834da3d7d8d10fa92818dbdfbc5839d"], "iocs": {"domain": [{"hashes": ["02d6acf24555c866c6fa3c37b06c8ff3b546a5b8f97e1e8cab2110c29e51c897", "08f06965c39cb6f46e18f1df24e72e06fea964197174ac839476d3957e4de495", "649ba0fa2b0d5b7835a732f9f52b2cc8536e730e224817b02218daebd4b08848", "664eb04ce9a07761a925f6cf8d2b4895b04fe5a85593ca0208d995b438c8b5f7", "6a7d82c112ed34aecaf4b3aa622d946ccd5fdfd8141437c8410b7c36e4d4d4b5", "6aa8a7e9eaaad38773e294e1334edd60fa25564999efdbb2e27beddc705cbe3d", "8034fed4db2081f34b8048bab000a23044d35061868f53cb37a0f9de4951bdaf", "8ee53e8fc978e48a16dbe5765ca9062b55e76966543d434633c6aef2f172d24b", "90754e5965c3e28865827ce18a4352508dc55795177876362237be8ba888ab26", "989541f6dffe26e108122d44a008c37dad295b94fd25cd8d242ccc5023214882", "a25158f378f026cda042e93ba5020f6d5882d8821075085901f84cf73c600baa", "c77050299926e15030f302bcc4dd9a048fb00f1ccb48bf8cc932ca8bdbbec508"], "host": "411speed[.]duckdns[.]org"}, {"hashes": ["02d6acf24555c866c6fa3c37b06c8ff3b546a5b8f97e1e8cab2110c29e51c897", "08f06965c39cb6f46e18f1df24e72e06fea964197174ac839476d3957e4de495", "649ba0fa2b0d5b7835a732f9f52b2cc8536e730e224817b02218daebd4b08848", "664eb04ce9a07761a925f6cf8d2b4895b04fe5a85593ca0208d995b438c8b5f7", "6a7d82c112ed34aecaf4b3aa622d946ccd5fdfd8141437c8410b7c36e4d4d4b5", "6aa8a7e9eaaad38773e294e1334edd60fa25564999efdbb2e27beddc705cbe3d", "8034fed4db2081f34b8048bab000a23044d35061868f53cb37a0f9de4951bdaf", "8ee53e8fc978e48a16dbe5765ca9062b55e76966543d434633c6aef2f172d24b", "90754e5965c3e28865827ce18a4352508dc55795177876362237be8ba888ab26", "989541f6dffe26e108122d44a008c37dad295b94fd25cd8d242ccc5023214882", "a25158f378f026cda042e93ba5020f6d5882d8821075085901f84cf73c600baa", "c77050299926e15030f302bcc4dd9a048fb00f1ccb48bf8cc932ca8bdbbec508"], "host": "lowaspeed[.]ddnsfree[.]com"}, {"hashes": ["237f4691c8e3937129080c8d1a39e9a33df965f63c90977aab5348606f03ad48", "5c9f6daab90ddba678686ebb3562b200be25bdbc5b8bf997aae9888372df3001", "6427b1234b3182b21cfe73e027a9943505033e0ca9c557504051581d77191158", "65202bb1c6bc23e5e4297b0b00b1317a375f08134175e5b7e015a6d829dec596", "73f9758f83bfe78bbd7c137f3c2d92f6813e8f97e09a05da42e8897715313ae3", "7b16e2c7b49690e83bb4140b3e0f29418c64a6aae02dc0c324b607ae048b7ebd", "88c35140b891ab68d50c39cba262f80e48038a90e92f46b685240b07494714a6", "acc27fd8b12704ade67132f172d5c6830a4f4547a8fd67496657bc4996a98e1f", "c8a1d9ba4399594220918f99a38fa4821c18d3e4fbfcf06c5872766b776661f0", "d8ef3315df144b64906f7d8f358733d3da504f963dd6d841b660fd397ed1f8b2", "e563fd5ef48ec0e2e97547b44085a144ae090081a7c469a5f0650bb515f7e76b"], "host": "api[.]ipify[.]org"}, {"hashes": ["069e629347920fa169623bf55556bf50da6d73b6d8129da71ed7832e76ec0774", "3a4ef6610b647f545e862e03d03df7a89b171831fa685a978b9d76dd09224406", "5e3eb3b01f08a5860eb53b7ef54c51378fbfc21584687d82ce8a0c7bfdf0bf74", "9605c028605214cb8519b9f76d937bb4e2ca165edff7ba224dac8c7d11172ad1", "a4e944eb3a2e447f8fdf5679a9ec4c2627f26794293954b993d84d153bcb57c6", "bc6b7838aed0283638884fca8cc4fc3f1495b2b39bf1a2c9eb0a4868f9c38c79", "edb8de32efef24d86889242877a9ecb627135831156129e92dab871a47cd4de2", "f1c6992f98b3216ef793520292737d46f9d11bb31c3a8732fb3dba9500a00790"], "host": "showip[.]net"}, {"hashes": ["73f9758f83bfe78bbd7c137f3c2d92f6813e8f97e09a05da42e8897715313ae3", "e563fd5ef48ec0e2e97547b44085a144ae090081a7c469a5f0650bb515f7e76b"], "host": "smtp[.]yandex[.]com"}, {"hashes": ["d70b1ecb9b8a30952cadfd45ef31c680197e475d0f7c6faa167c084869213e4a"], "host": "alice2019[.]myftp[.]biz"}, {"hashes": ["a7bb4c998acc8a21e32314741e0eaa2bee3bbefa6db3381c8cdd776e7994e3be"], "host": "www[.]sqlite[.]org"}, {"hashes": ["a7bb4c998acc8a21e32314741e0eaa2bee3bbefa6db3381c8cdd776e7994e3be"], "host": "www[.]aaronmachado[.]com"}, {"hashes": ["a7bb4c998acc8a21e32314741e0eaa2bee3bbefa6db3381c8cdd776e7994e3be"], "host": "www[.]ashakendra[.]org"}, {"hashes": ["a7bb4c998acc8a21e32314741e0eaa2bee3bbefa6db3381c8cdd776e7994e3be"], "host": "www[.]665zzz[.]com"}, {"hashes": ["a7bb4c998acc8a21e32314741e0eaa2bee3bbefa6db3381c8cdd776e7994e3be"], "host": "www[.]njdshl[.]com"}, {"hashes": ["a7bb4c998acc8a21e32314741e0eaa2bee3bbefa6db3381c8cdd776e7994e3be"], "host": "www[.]manciniballroom[.]com"}, {"hashes": ["a7bb4c998acc8a21e32314741e0eaa2bee3bbefa6db3381c8cdd776e7994e3be"], "host": "www[.]cure-finder[.]org"}, {"hashes": ["ebb76e46e178491fd48787e80ce952910124d6f1a00c92744a5f84278192030c"], "host": "www[.]cryptopers[.]com"}, {"hashes": ["ebb76e46e178491fd48787e80ce952910124d6f1a00c92744a5f84278192030c"], "host": "www[.]teoshotthis[.]com"}, {"hashes": ["ebb76e46e178491fd48787e80ce952910124d6f1a00c92744a5f84278192030c"], "host": "www[.]denmarktennessee[.]com"}, {"hashes": ["ebb76e46e178491fd48787e80ce952910124d6f1a00c92744a5f84278192030c"], "host": "www[.]positiveenergyart[.]com"}, {"hashes": ["ebb76e46e178491fd48787e80ce952910124d6f1a00c92744a5f84278192030c"], "host": "www[.]nicodemusandcrow[.]com"}, {"hashes": ["ebb76e46e178491fd48787e80ce952910124d6f1a00c92744a5f84278192030c"], "host": "www[.]pluik[.]com"}, {"hashes": ["5ab5b8f885449933f394fc287c5d224e7cb1c1e3f6f89d9d0abb812bb7d3d805"], "host": "mail[.]chabiant[.]az"}, {"hashes": ["690e2244879b7cdddc4b6208c8bcfae41548c1f651dae8fd576e281ddb30381b"], "host": "mail[.]springhotelhn[.]com"}], "file": [{"hashes": ["02d6acf24555c866c6fa3c37b06c8ff3b546a5b8f97e1e8cab2110c29e51c897", "069e629347920fa169623bf55556bf50da6d73b6d8129da71ed7832e76ec0774", "08f06965c39cb6f46e18f1df24e72e06fea964197174ac839476d3957e4de495", "237f4691c8e3937129080c8d1a39e9a33df965f63c90977aab5348606f03ad48", "275adb18333faf91f3124dc54af4c201c11c8d25ecde94aed6ea5f373517c000", "356b30df4bbe9a2f99a450769fee9a947f5879868d6b60b183fb3faba39f6470", "3a4ef6610b647f545e862e03d03df7a89b171831fa685a978b9d76dd09224406", "5ab5b8f885449933f394fc287c5d224e7cb1c1e3f6f89d9d0abb812bb7d3d805", "5c9f6daab90ddba678686ebb3562b200be25bdbc5b8bf997aae9888372df3001", "5e3eb3b01f08a5860eb53b7ef54c51378fbfc21584687d82ce8a0c7bfdf0bf74", "6427b1234b3182b21cfe73e027a9943505033e0ca9c557504051581d77191158", "649ba0fa2b0d5b7835a732f9f52b2cc8536e730e224817b02218daebd4b08848", "65202bb1c6bc23e5e4297b0b00b1317a375f08134175e5b7e015a6d829dec596", "664eb04ce9a07761a925f6cf8d2b4895b04fe5a85593ca0208d995b438c8b5f7", "6763500aabf5bb650acee7e50fb2b28559c25e46e43a67e84e849cfb6748968b", "690e2244879b7cdddc4b6208c8bcfae41548c1f651dae8fd576e281ddb30381b", "6a7d82c112ed34aecaf4b3aa622d946ccd5fdfd8141437c8410b7c36e4d4d4b5", "6aa8a7e9eaaad38773e294e1334edd60fa25564999efdbb2e27beddc705cbe3d", "73f9758f83bfe78bbd7c137f3c2d92f6813e8f97e09a05da42e8897715313ae3", "7b16e2c7b49690e83bb4140b3e0f29418c64a6aae02dc0c324b607ae048b7ebd", "7c749b55555779c476f8e206751528e729bed0069f7a9b91f7766a78b8c22792", "8034fed4db2081f34b8048bab000a23044d35061868f53cb37a0f9de4951bdaf", "88c35140b891ab68d50c39cba262f80e48038a90e92f46b685240b07494714a6", "8ee53e8fc978e48a16dbe5765ca9062b55e76966543d434633c6aef2f172d24b", "90754e5965c3e28865827ce18a4352508dc55795177876362237be8ba888ab26", "9605c028605214cb8519b9f76d937bb4e2ca165edff7ba224dac8c7d11172ad1", "989541f6dffe26e108122d44a008c37dad295b94fd25cd8d242ccc5023214882", "a25158f378f026cda042e93ba5020f6d5882d8821075085901f84cf73c600baa", "a4e944eb3a2e447f8fdf5679a9ec4c2627f26794293954b993d84d153bcb57c6", "a7bb4c998acc8a21e32314741e0eaa2bee3bbefa6db3381c8cdd776e7994e3be", "a7fac532eed09b4d7d9fe4d5c1a4b6f6302589dc482732bddbeee8dff6029f77", "acc27fd8b12704ade67132f172d5c6830a4f4547a8fd67496657bc4996a98e1f", "bc6b7838aed0283638884fca8cc4fc3f1495b2b39bf1a2c9eb0a4868f9c38c79", "c77050299926e15030f302bcc4dd9a048fb00f1ccb48bf8cc932ca8bdbbec508", "c8a1d9ba4399594220918f99a38fa4821c18d3e4fbfcf06c5872766b776661f0", "d70b1ecb9b8a30952cadfd45ef31c680197e475d0f7c6faa167c084869213e4a", "d8d32922ddd6305ce4acc9c970e0a6d1c5866d344496be1620498ea035e9baf7", "d8ef3315df144b64906f7d8f358733d3da504f963dd6d841b660fd397ed1f8b2", "e563fd5ef48ec0e2e97547b44085a144ae090081a7c469a5f0650bb515f7e76b", "ebb76e46e178491fd48787e80ce952910124d6f1a00c92744a5f84278192030c", "edb8de32efef24d86889242877a9ecb627135831156129e92dab871a47cd4de2", "f1c6992f98b3216ef793520292737d46f9d11bb31c3a8732fb3dba9500a00790", "f236b39e286105d68ab5b7cb5e54f93379bc7a0d84166407f41984172bcf183e", "f422a65d68c31a7c6c24f8242c60d02cb95f42400eec1e87dec1d89102eae9a4", "f9206dc47c6495e1c8cf148a60ba045c6834da3d7d8d10fa92818dbdfbc5839d"], "path": "%HOMEPATH%\\temp"}, {"hashes": ["02d6acf24555c866c6fa3c37b06c8ff3b546a5b8f97e1e8cab2110c29e51c897", "08f06965c39cb6f46e18f1df24e72e06fea964197174ac839476d3957e4de495", "237f4691c8e3937129080c8d1a39e9a33df965f63c90977aab5348606f03ad48", "5c9f6daab90ddba678686ebb3562b200be25bdbc5b8bf997aae9888372df3001", "6427b1234b3182b21cfe73e027a9943505033e0ca9c557504051581d77191158", "649ba0fa2b0d5b7835a732f9f52b2cc8536e730e224817b02218daebd4b08848", "65202bb1c6bc23e5e4297b0b00b1317a375f08134175e5b7e015a6d829dec596", "664eb04ce9a07761a925f6cf8d2b4895b04fe5a85593ca0208d995b438c8b5f7", "690e2244879b7cdddc4b6208c8bcfae41548c1f651dae8fd576e281ddb30381b", "6a7d82c112ed34aecaf4b3aa622d946ccd5fdfd8141437c8410b7c36e4d4d4b5", "6aa8a7e9eaaad38773e294e1334edd60fa25564999efdbb2e27beddc705cbe3d", "73f9758f83bfe78bbd7c137f3c2d92f6813e8f97e09a05da42e8897715313ae3", "7b16e2c7b49690e83bb4140b3e0f29418c64a6aae02dc0c324b607ae048b7ebd", "8034fed4db2081f34b8048bab000a23044d35061868f53cb37a0f9de4951bdaf", "88c35140b891ab68d50c39cba262f80e48038a90e92f46b685240b07494714a6", "8ee53e8fc978e48a16dbe5765ca9062b55e76966543d434633c6aef2f172d24b", "90754e5965c3e28865827ce18a4352508dc55795177876362237be8ba888ab26", "989541f6dffe26e108122d44a008c37dad295b94fd25cd8d242ccc5023214882", "a25158f378f026cda042e93ba5020f6d5882d8821075085901f84cf73c600baa", "acc27fd8b12704ade67132f172d5c6830a4f4547a8fd67496657bc4996a98e1f", "c77050299926e15030f302bcc4dd9a048fb00f1ccb48bf8cc932ca8bdbbec508", "c8a1d9ba4399594220918f99a38fa4821c18d3e4fbfcf06c5872766b776661f0", "d8ef3315df144b64906f7d8f358733d3da504f963dd6d841b660fd397ed1f8b2", "e563fd5ef48ec0e2e97547b44085a144ae090081a7c469a5f0650bb515f7e76b"], "path": "%TEMP%\\tmp<random, matching [A-F0-9]{1,4}>.tmp"}, {"hashes": ["02d6acf24555c866c6fa3c37b06c8ff3b546a5b8f97e1e8cab2110c29e51c897", "069e629347920fa169623bf55556bf50da6d73b6d8129da71ed7832e76ec0774", "08f06965c39cb6f46e18f1df24e72e06fea964197174ac839476d3957e4de495", "5e3eb3b01f08a5860eb53b7ef54c51378fbfc21584687d82ce8a0c7bfdf0bf74", "649ba0fa2b0d5b7835a732f9f52b2cc8536e730e224817b02218daebd4b08848", "690e2244879b7cdddc4b6208c8bcfae41548c1f651dae8fd576e281ddb30381b", "6a7d82c112ed34aecaf4b3aa622d946ccd5fdfd8141437c8410b7c36e4d4d4b5", "6aa8a7e9eaaad38773e294e1334edd60fa25564999efdbb2e27beddc705cbe3d", "8034fed4db2081f34b8048bab000a23044d35061868f53cb37a0f9de4951bdaf", "8ee53e8fc978e48a16dbe5765ca9062b55e76966543d434633c6aef2f172d24b", "90754e5965c3e28865827ce18a4352508dc55795177876362237be8ba888ab26", "9605c028605214cb8519b9f76d937bb4e2ca165edff7ba224dac8c7d11172ad1", "989541f6dffe26e108122d44a008c37dad295b94fd25cd8d242ccc5023214882", "a25158f378f026cda042e93ba5020f6d5882d8821075085901f84cf73c600baa", "a4e944eb3a2e447f8fdf5679a9ec4c2627f26794293954b993d84d153bcb57c6", "c77050299926e15030f302bcc4dd9a048fb00f1ccb48bf8cc932ca8bdbbec508", "d70b1ecb9b8a30952cadfd45ef31c680197e475d0f7c6faa167c084869213e4a", "edb8de32efef24d86889242877a9ecb627135831156129e92dab871a47cd4de2", "f1c6992f98b3216ef793520292737d46f9d11bb31c3a8732fb3dba9500a00790"], "path": "%TEMP%\\RegSvcs.exe"}, {"hashes": ["02d6acf24555c866c6fa3c37b06c8ff3b546a5b8f97e1e8cab2110c29e51c897", "08f06965c39cb6f46e18f1df24e72e06fea964197174ac839476d3957e4de495", "649ba0fa2b0d5b7835a732f9f52b2cc8536e730e224817b02218daebd4b08848", "664eb04ce9a07761a925f6cf8d2b4895b04fe5a85593ca0208d995b438c8b5f7", "6a7d82c112ed34aecaf4b3aa622d946ccd5fdfd8141437c8410b7c36e4d4d4b5", "6aa8a7e9eaaad38773e294e1334edd60fa25564999efdbb2e27beddc705cbe3d", "8034fed4db2081f34b8048bab000a23044d35061868f53cb37a0f9de4951bdaf", "8ee53e8fc978e48a16dbe5765ca9062b55e76966543d434633c6aef2f172d24b", "90754e5965c3e28865827ce18a4352508dc55795177876362237be8ba888ab26", "989541f6dffe26e108122d44a008c37dad295b94fd25cd8d242ccc5023214882", "a25158f378f026cda042e93ba5020f6d5882d8821075085901f84cf73c600baa", "c77050299926e15030f302bcc4dd9a048fb00f1ccb48bf8cc932ca8bdbbec508"], "path": "%ProgramFiles(x86)%\\AGP Manager"}, {"hashes": ["02d6acf24555c866c6fa3c37b06c8ff3b546a5b8f97e1e8cab2110c29e51c897", "08f06965c39cb6f46e18f1df24e72e06fea964197174ac839476d3957e4de495", "649ba0fa2b0d5b7835a732f9f52b2cc8536e730e224817b02218daebd4b08848", "664eb04ce9a07761a925f6cf8d2b4895b04fe5a85593ca0208d995b438c8b5f7", "6a7d82c112ed34aecaf4b3aa622d946ccd5fdfd8141437c8410b7c36e4d4d4b5", "6aa8a7e9eaaad38773e294e1334edd60fa25564999efdbb2e27beddc705cbe3d", "8034fed4db2081f34b8048bab000a23044d35061868f53cb37a0f9de4951bdaf", "8ee53e8fc978e48a16dbe5765ca9062b55e76966543d434633c6aef2f172d24b", "90754e5965c3e28865827ce18a4352508dc55795177876362237be8ba888ab26", "989541f6dffe26e108122d44a008c37dad295b94fd25cd8d242ccc5023214882", "a25158f378f026cda042e93ba5020f6d5882d8821075085901f84cf73c600baa", "c77050299926e15030f302bcc4dd9a048fb00f1ccb48bf8cc932ca8bdbbec508"], "path": "%ProgramFiles(x86)%\\AGP Manager\\agpmgr.exe"}, {"hashes": ["02d6acf24555c866c6fa3c37b06c8ff3b546a5b8f97e1e8cab2110c29e51c897", "08f06965c39cb6f46e18f1df24e72e06fea964197174ac839476d3957e4de495", "649ba0fa2b0d5b7835a732f9f52b2cc8536e730e224817b02218daebd4b08848", "664eb04ce9a07761a925f6cf8d2b4895b04fe5a85593ca0208d995b438c8b5f7", "6a7d82c112ed34aecaf4b3aa622d946ccd5fdfd8141437c8410b7c36e4d4d4b5", "6aa8a7e9eaaad38773e294e1334edd60fa25564999efdbb2e27beddc705cbe3d", "8034fed4db2081f34b8048bab000a23044d35061868f53cb37a0f9de4951bdaf", "8ee53e8fc978e48a16dbe5765ca9062b55e76966543d434633c6aef2f172d24b", "90754e5965c3e28865827ce18a4352508dc55795177876362237be8ba888ab26", "989541f6dffe26e108122d44a008c37dad295b94fd25cd8d242ccc5023214882", "a25158f378f026cda042e93ba5020f6d5882d8821075085901f84cf73c600baa", "c77050299926e15030f302bcc4dd9a048fb00f1ccb48bf8cc932ca8bdbbec508"], "path": "%APPDATA%\\D19AB989-A35F-4710-83DF-7B2DB7EFE7C5"}, {"hashes": ["02d6acf24555c866c6fa3c37b06c8ff3b546a5b8f97e1e8cab2110c29e51c897", "08f06965c39cb6f46e18f1df24e72e06fea964197174ac839476d3957e4de495", "649ba0fa2b0d5b7835a732f9f52b2cc8536e730e224817b02218daebd4b08848", "664eb04ce9a07761a925f6cf8d2b4895b04fe5a85593ca0208d995b438c8b5f7", "6a7d82c112ed34aecaf4b3aa622d946ccd5fdfd8141437c8410b7c36e4d4d4b5", "6aa8a7e9eaaad38773e294e1334edd60fa25564999efdbb2e27beddc705cbe3d", "8034fed4db2081f34b8048bab000a23044d35061868f53cb37a0f9de4951bdaf", "8ee53e8fc978e48a16dbe5765ca9062b55e76966543d434633c6aef2f172d24b", "90754e5965c3e28865827ce18a4352508dc55795177876362237be8ba888ab26", "989541f6dffe26e108122d44a008c37dad295b94fd25cd8d242ccc5023214882", "a25158f378f026cda042e93ba5020f6d5882d8821075085901f84cf73c600baa", "c77050299926e15030f302bcc4dd9a048fb00f1ccb48bf8cc932ca8bdbbec508"], "path": "%APPDATA%\\D19AB989-A35F-4710-83DF-7B2DB7EFE7C5\\Logs"}, {"hashes": ["02d6acf24555c866c6fa3c37b06c8ff3b546a5b8f97e1e8cab2110c29e51c897", "08f06965c39cb6f46e18f1df24e72e06fea964197174ac839476d3957e4de495", "649ba0fa2b0d5b7835a732f9f52b2cc8536e730e224817b02218daebd4b08848", "664eb04ce9a07761a925f6cf8d2b4895b04fe5a85593ca0208d995b438c8b5f7", "6a7d82c112ed34aecaf4b3aa622d946ccd5fdfd8141437c8410b7c36e4d4d4b5", "6aa8a7e9eaaad38773e294e1334edd60fa25564999efdbb2e27beddc705cbe3d", "8034fed4db2081f34b8048bab000a23044d35061868f53cb37a0f9de4951bdaf", "8ee53e8fc978e48a16dbe5765ca9062b55e76966543d434633c6aef2f172d24b", "90754e5965c3e28865827ce18a4352508dc55795177876362237be8ba888ab26", "989541f6dffe26e108122d44a008c37dad295b94fd25cd8d242ccc5023214882", "a25158f378f026cda042e93ba5020f6d5882d8821075085901f84cf73c600baa", "c77050299926e15030f302bcc4dd9a048fb00f1ccb48bf8cc932ca8bdbbec508"], "path": "%APPDATA%\\D19AB989-A35F-4710-83DF-7B2DB7EFE7C5\\Logs\\Administrator"}, {"hashes": ["02d6acf24555c866c6fa3c37b06c8ff3b546a5b8f97e1e8cab2110c29e51c897", "08f06965c39cb6f46e18f1df24e72e06fea964197174ac839476d3957e4de495", "649ba0fa2b0d5b7835a732f9f52b2cc8536e730e224817b02218daebd4b08848", "664eb04ce9a07761a925f6cf8d2b4895b04fe5a85593ca0208d995b438c8b5f7", "6a7d82c112ed34aecaf4b3aa622d946ccd5fdfd8141437c8410b7c36e4d4d4b5", "6aa8a7e9eaaad38773e294e1334edd60fa25564999efdbb2e27beddc705cbe3d", "8034fed4db2081f34b8048bab000a23044d35061868f53cb37a0f9de4951bdaf", "8ee53e8fc978e48a16dbe5765ca9062b55e76966543d434633c6aef2f172d24b", "90754e5965c3e28865827ce18a4352508dc55795177876362237be8ba888ab26", "989541f6dffe26e108122d44a008c37dad295b94fd25cd8d242ccc5023214882", "a25158f378f026cda042e93ba5020f6d5882d8821075085901f84cf73c600baa", "c77050299926e15030f302bcc4dd9a048fb00f1ccb48bf8cc932ca8bdbbec508"], "path": "%APPDATA%\\D19AB989-A35F-4710-83DF-7B2DB7EFE7C5\\run.dat"}, {"hashes": ["02d6acf24555c866c6fa3c37b06c8ff3b546a5b8f97e1e8cab2110c29e51c897", "08f06965c39cb6f46e18f1df24e72e06fea964197174ac839476d3957e4de495", "649ba0fa2b0d5b7835a732f9f52b2cc8536e730e224817b02218daebd4b08848", "664eb04ce9a07761a925f6cf8d2b4895b04fe5a85593ca0208d995b438c8b5f7", "6a7d82c112ed34aecaf4b3aa622d946ccd5fdfd8141437c8410b7c36e4d4d4b5", "6aa8a7e9eaaad38773e294e1334edd60fa25564999efdbb2e27beddc705cbe3d", "8034fed4db2081f34b8048bab000a23044d35061868f53cb37a0f9de4951bdaf", "8ee53e8fc978e48a16dbe5765ca9062b55e76966543d434633c6aef2f172d24b", "90754e5965c3e28865827ce18a4352508dc55795177876362237be8ba888ab26", "989541f6dffe26e108122d44a008c37dad295b94fd25cd8d242ccc5023214882", "a25158f378f026cda042e93ba5020f6d5882d8821075085901f84cf73c600baa", "c77050299926e15030f302bcc4dd9a048fb00f1ccb48bf8cc932ca8bdbbec508"], "path": "%APPDATA%\\D19AB989-A35F-4710-83DF-7B2DB7EFE7C5\\task.dat"}, {"hashes": ["02d6acf24555c866c6fa3c37b06c8ff3b546a5b8f97e1e8cab2110c29e51c897", "08f06965c39cb6f46e18f1df24e72e06fea964197174ac839476d3957e4de495", "649ba0fa2b0d5b7835a732f9f52b2cc8536e730e224817b02218daebd4b08848", "664eb04ce9a07761a925f6cf8d2b4895b04fe5a85593ca0208d995b438c8b5f7", "6a7d82c112ed34aecaf4b3aa622d946ccd5fdfd8141437c8410b7c36e4d4d4b5", "6aa8a7e9eaaad38773e294e1334edd60fa25564999efdbb2e27beddc705cbe3d", "8034fed4db2081f34b8048bab000a23044d35061868f53cb37a0f9de4951bdaf", "8ee53e8fc978e48a16dbe5765ca9062b55e76966543d434633c6aef2f172d24b", "90754e5965c3e28865827ce18a4352508dc55795177876362237be8ba888ab26", "989541f6dffe26e108122d44a008c37dad295b94fd25cd8d242ccc5023214882", "a25158f378f026cda042e93ba5020f6d5882d8821075085901f84cf73c600baa", "c77050299926e15030f302bcc4dd9a048fb00f1ccb48bf8cc932ca8bdbbec508"], "path": "%System32%\\Tasks\\AGP Manager"}, {"hashes": ["02d6acf24555c866c6fa3c37b06c8ff3b546a5b8f97e1e8cab2110c29e51c897", "08f06965c39cb6f46e18f1df24e72e06fea964197174ac839476d3957e4de495", "649ba0fa2b0d5b7835a732f9f52b2cc8536e730e224817b02218daebd4b08848", "664eb04ce9a07761a925f6cf8d2b4895b04fe5a85593ca0208d995b438c8b5f7", "6a7d82c112ed34aecaf4b3aa622d946ccd5fdfd8141437c8410b7c36e4d4d4b5", "6aa8a7e9eaaad38773e294e1334edd60fa25564999efdbb2e27beddc705cbe3d", "8034fed4db2081f34b8048bab000a23044d35061868f53cb37a0f9de4951bdaf", "8ee53e8fc978e48a16dbe5765ca9062b55e76966543d434633c6aef2f172d24b", "90754e5965c3e28865827ce18a4352508dc55795177876362237be8ba888ab26", "989541f6dffe26e108122d44a008c37dad295b94fd25cd8d242ccc5023214882", "a25158f378f026cda042e93ba5020f6d5882d8821075085901f84cf73c600baa", "c77050299926e15030f302bcc4dd9a048fb00f1ccb48bf8cc932ca8bdbbec508"], "path": "%System32%\\Tasks\\AGP Manager Task"}, {"hashes": ["069e629347920fa169623bf55556bf50da6d73b6d8129da71ed7832e76ec0774", "3a4ef6610b647f545e862e03d03df7a89b171831fa685a978b9d76dd09224406", "5e3eb3b01f08a5860eb53b7ef54c51378fbfc21584687d82ce8a0c7bfdf0bf74", "9605c028605214cb8519b9f76d937bb4e2ca165edff7ba224dac8c7d11172ad1", "a4e944eb3a2e447f8fdf5679a9ec4c2627f26794293954b993d84d153bcb57c6", "bc6b7838aed0283638884fca8cc4fc3f1495b2b39bf1a2c9eb0a4868f9c38c79", "edb8de32efef24d86889242877a9ecb627135831156129e92dab871a47cd4de2", "f1c6992f98b3216ef793520292737d46f9d11bb31c3a8732fb3dba9500a00790"], "path": "%APPDATA%\\A1EB383543D3F00657D7"}, {"hashes": ["069e629347920fa169623bf55556bf50da6d73b6d8129da71ed7832e76ec0774", "3a4ef6610b647f545e862e03d03df7a89b171831fa685a978b9d76dd09224406", "5e3eb3b01f08a5860eb53b7ef54c51378fbfc21584687d82ce8a0c7bfdf0bf74", "9605c028605214cb8519b9f76d937bb4e2ca165edff7ba224dac8c7d11172ad1", "a4e944eb3a2e447f8fdf5679a9ec4c2627f26794293954b993d84d153bcb57c6", "bc6b7838aed0283638884fca8cc4fc3f1495b2b39bf1a2c9eb0a4868f9c38c79", "edb8de32efef24d86889242877a9ecb627135831156129e92dab871a47cd4de2", "f1c6992f98b3216ef793520292737d46f9d11bb31c3a8732fb3dba9500a00790"], "path": "%PUBLIC%\\Libraries\\vbsqlite3.dll"}, {"hashes": ["069e629347920fa169623bf55556bf50da6d73b6d8129da71ed7832e76ec0774", "3a4ef6610b647f545e862e03d03df7a89b171831fa685a978b9d76dd09224406", "5e3eb3b01f08a5860eb53b7ef54c51378fbfc21584687d82ce8a0c7bfdf0bf74", "9605c028605214cb8519b9f76d937bb4e2ca165edff7ba224dac8c7d11172ad1", "a4e944eb3a2e447f8fdf5679a9ec4c2627f26794293954b993d84d153bcb57c6", "edb8de32efef24d86889242877a9ecb627135831156129e92dab871a47cd4de2", "f1c6992f98b3216ef793520292737d46f9d11bb31c3a8732fb3dba9500a00790"], "path": "%APPDATA%\\A1EB383543D3F00657D7\\Files"}, {"hashes": ["069e629347920fa169623bf55556bf50da6d73b6d8129da71ed7832e76ec0774", "3a4ef6610b647f545e862e03d03df7a89b171831fa685a978b9d76dd09224406", "5e3eb3b01f08a5860eb53b7ef54c51378fbfc21584687d82ce8a0c7bfdf0bf74", "9605c028605214cb8519b9f76d937bb4e2ca165edff7ba224dac8c7d11172ad1", "a4e944eb3a2e447f8fdf5679a9ec4c2627f26794293954b993d84d153bcb57c6", "edb8de32efef24d86889242877a9ecb627135831156129e92dab871a47cd4de2", "f1c6992f98b3216ef793520292737d46f9d11bb31c3a8732fb3dba9500a00790"], "path": "%APPDATA%\\A1EB383543D3F00657D7\\Files.zip"}, {"hashes": ["069e629347920fa169623bf55556bf50da6d73b6d8129da71ed7832e76ec0774", "3a4ef6610b647f545e862e03d03df7a89b171831fa685a978b9d76dd09224406", "5e3eb3b01f08a5860eb53b7ef54c51378fbfc21584687d82ce8a0c7bfdf0bf74", "9605c028605214cb8519b9f76d937bb4e2ca165edff7ba224dac8c7d11172ad1", "a4e944eb3a2e447f8fdf5679a9ec4c2627f26794293954b993d84d153bcb57c6", "edb8de32efef24d86889242877a9ecb627135831156129e92dab871a47cd4de2", "f1c6992f98b3216ef793520292737d46f9d11bb31c3a8732fb3dba9500a00790"], "path": "%APPDATA%\\A1EB383543D3F00657D7\\Files\\10_147_20121129071628.RTF"}, {"hashes": ["069e629347920fa169623bf55556bf50da6d73b6d8129da71ed7832e76ec0774", "3a4ef6610b647f545e862e03d03df7a89b171831fa685a978b9d76dd09224406", "5e3eb3b01f08a5860eb53b7ef54c51378fbfc21584687d82ce8a0c7bfdf0bf74", "9605c028605214cb8519b9f76d937bb4e2ca165edff7ba224dac8c7d11172ad1", "a4e944eb3a2e447f8fdf5679a9ec4c2627f26794293954b993d84d153bcb57c6", "edb8de32efef24d86889242877a9ecb627135831156129e92dab871a47cd4de2", "f1c6992f98b3216ef793520292737d46f9d11bb31c3a8732fb3dba9500a00790"], "path": "%APPDATA%\\A1EB383543D3F00657D7\\Files\\127SYLLABUSFA07.PDF"}, {"hashes": ["069e629347920fa169623bf55556bf50da6d73b6d8129da71ed7832e76ec0774", "3a4ef6610b647f545e862e03d03df7a89b171831fa685a978b9d76dd09224406", "5e3eb3b01f08a5860eb53b7ef54c51378fbfc21584687d82ce8a0c7bfdf0bf74", "9605c028605214cb8519b9f76d937bb4e2ca165edff7ba224dac8c7d11172ad1", "a4e944eb3a2e447f8fdf5679a9ec4c2627f26794293954b993d84d153bcb57c6", "edb8de32efef24d86889242877a9ecb627135831156129e92dab871a47cd4de2", "f1c6992f98b3216ef793520292737d46f9d11bb31c3a8732fb3dba9500a00790"], "path": "%APPDATA%\\A1EB383543D3F00657D7\\Files\\13ACX.PDF"}, {"hashes": ["069e629347920fa169623bf55556bf50da6d73b6d8129da71ed7832e76ec0774", "3a4ef6610b647f545e862e03d03df7a89b171831fa685a978b9d76dd09224406", "5e3eb3b01f08a5860eb53b7ef54c51378fbfc21584687d82ce8a0c7bfdf0bf74", "9605c028605214cb8519b9f76d937bb4e2ca165edff7ba224dac8c7d11172ad1", "a4e944eb3a2e447f8fdf5679a9ec4c2627f26794293954b993d84d153bcb57c6", "edb8de32efef24d86889242877a9ecb627135831156129e92dab871a47cd4de2", "f1c6992f98b3216ef793520292737d46f9d11bb31c3a8732fb3dba9500a00790"], "path": "%APPDATA%\\A1EB383543D3F00657D7\\Files\\143.PDF"}, {"hashes": ["069e629347920fa169623bf55556bf50da6d73b6d8129da71ed7832e76ec0774", "3a4ef6610b647f545e862e03d03df7a89b171831fa685a978b9d76dd09224406", "5e3eb3b01f08a5860eb53b7ef54c51378fbfc21584687d82ce8a0c7bfdf0bf74", "9605c028605214cb8519b9f76d937bb4e2ca165edff7ba224dac8c7d11172ad1", "a4e944eb3a2e447f8fdf5679a9ec4c2627f26794293954b993d84d153bcb57c6", "edb8de32efef24d86889242877a9ecb627135831156129e92dab871a47cd4de2", "f1c6992f98b3216ef793520292737d46f9d11bb31c3a8732fb3dba9500a00790"], "path": "%APPDATA%\\A1EB383543D3F00657D7\\Files\\15_DIPLOMSKI2006.RTF"}, {"hashes": ["069e629347920fa169623bf55556bf50da6d73b6d8129da71ed7832e76ec0774", "3a4ef6610b647f545e862e03d03df7a89b171831fa685a978b9d76dd09224406", "5e3eb3b01f08a5860eb53b7ef54c51378fbfc21584687d82ce8a0c7bfdf0bf74", "9605c028605214cb8519b9f76d937bb4e2ca165edff7ba224dac8c7d11172ad1", "a4e944eb3a2e447f8fdf5679a9ec4c2627f26794293954b993d84d153bcb57c6", "edb8de32efef24d86889242877a9ecb627135831156129e92dab871a47cd4de2", "f1c6992f98b3216ef793520292737d46f9d11bb31c3a8732fb3dba9500a00790"], "path": "%APPDATA%\\A1EB383543D3F00657D7\\Files\\167_VAN_OORD_V_THE_PORT_OF_.PDF"}, {"hashes": ["069e629347920fa169623bf55556bf50da6d73b6d8129da71ed7832e76ec0774", "3a4ef6610b647f545e862e03d03df7a89b171831fa685a978b9d76dd09224406", "5e3eb3b01f08a5860eb53b7ef54c51378fbfc21584687d82ce8a0c7bfdf0bf74", "9605c028605214cb8519b9f76d937bb4e2ca165edff7ba224dac8c7d11172ad1", "a4e944eb3a2e447f8fdf5679a9ec4c2627f26794293954b993d84d153bcb57c6", "edb8de32efef24d86889242877a9ecb627135831156129e92dab871a47cd4de2", "f1c6992f98b3216ef793520292737d46f9d11bb31c3a8732fb3dba9500a00790"], "path": "%APPDATA%\\A1EB383543D3F00657D7\\Files\\1_ANKITAMISHRA_ESSAY.DOC"}, {"hashes": ["069e629347920fa169623bf55556bf50da6d73b6d8129da71ed7832e76ec0774", "3a4ef6610b647f545e862e03d03df7a89b171831fa685a978b9d76dd09224406", "5e3eb3b01f08a5860eb53b7ef54c51378fbfc21584687d82ce8a0c7bfdf0bf74", "9605c028605214cb8519b9f76d937bb4e2ca165edff7ba224dac8c7d11172ad1", "a4e944eb3a2e447f8fdf5679a9ec4c2627f26794293954b993d84d153bcb57c6", "edb8de32efef24d86889242877a9ecb627135831156129e92dab871a47cd4de2", "f1c6992f98b3216ef793520292737d46f9d11bb31c3a8732fb3dba9500a00790"], "path": "%APPDATA%\\A1EB383543D3F00657D7\\Files\\2329444014.DOC"}, {"hashes": ["069e629347920fa169623bf55556bf50da6d73b6d8129da71ed7832e76ec0774", "3a4ef6610b647f545e862e03d03df7a89b171831fa685a978b9d76dd09224406", "5e3eb3b01f08a5860eb53b7ef54c51378fbfc21584687d82ce8a0c7bfdf0bf74", "9605c028605214cb8519b9f76d937bb4e2ca165edff7ba224dac8c7d11172ad1", "a4e944eb3a2e447f8fdf5679a9ec4c2627f26794293954b993d84d153bcb57c6", "edb8de32efef24d86889242877a9ecb627135831156129e92dab871a47cd4de2", "f1c6992f98b3216ef793520292737d46f9d11bb31c3a8732fb3dba9500a00790"], "path": "%APPDATA%\\A1EB383543D3F00657D7\\Files\\2590OTHERSUPPORT.DOC"}, {"hashes": ["069e629347920fa169623bf55556bf50da6d73b6d8129da71ed7832e76ec0774", "3a4ef6610b647f545e862e03d03df7a89b171831fa685a978b9d76dd09224406", "5e3eb3b01f08a5860eb53b7ef54c51378fbfc21584687d82ce8a0c7bfdf0bf74", "9605c028605214cb8519b9f76d937bb4e2ca165edff7ba224dac8c7d11172ad1", "a4e944eb3a2e447f8fdf5679a9ec4c2627f26794293954b993d84d153bcb57c6", "edb8de32efef24d86889242877a9ecb627135831156129e92dab871a47cd4de2", "f1c6992f98b3216ef793520292737d46f9d11bb31c3a8732fb3dba9500a00790"], "path": "%APPDATA%\\A1EB383543D3F00657D7\\Files\\2Q37_DELETIONS_FTNW.PDF"}, {"hashes": ["069e629347920fa169623bf55556bf50da6d73b6d8129da71ed7832e76ec0774", "3a4ef6610b647f545e862e03d03df7a89b171831fa685a978b9d76dd09224406", "5e3eb3b01f08a5860eb53b7ef54c51378fbfc21584687d82ce8a0c7bfdf0bf74", "9605c028605214cb8519b9f76d937bb4e2ca165edff7ba224dac8c7d11172ad1", "a4e944eb3a2e447f8fdf5679a9ec4c2627f26794293954b993d84d153bcb57c6", "edb8de32efef24d86889242877a9ecb627135831156129e92dab871a47cd4de2", "f1c6992f98b3216ef793520292737d46f9d11bb31c3a8732fb3dba9500a00790"], "path": "%APPDATA%\\A1EB383543D3F00657D7\\Files\\46_DSENV.DOC"}, {"hashes": ["069e629347920fa169623bf55556bf50da6d73b6d8129da71ed7832e76ec0774", "3a4ef6610b647f545e862e03d03df7a89b171831fa685a978b9d76dd09224406", "5e3eb3b01f08a5860eb53b7ef54c51378fbfc21584687d82ce8a0c7bfdf0bf74", "9605c028605214cb8519b9f76d937bb4e2ca165edff7ba224dac8c7d11172ad1", "a4e944eb3a2e447f8fdf5679a9ec4c2627f26794293954b993d84d153bcb57c6", "edb8de32efef24d86889242877a9ecb627135831156129e92dab871a47cd4de2", "f1c6992f98b3216ef793520292737d46f9d11bb31c3a8732fb3dba9500a00790"], "path": "%APPDATA%\\A1EB383543D3F00657D7\\Files\\5PROTE_SL45_S.DOC"}, {"hashes": ["069e629347920fa169623bf55556bf50da6d73b6d8129da71ed7832e76ec0774", "3a4ef6610b647f545e862e03d03df7a89b171831fa685a978b9d76dd09224406", "5e3eb3b01f08a5860eb53b7ef54c51378fbfc21584687d82ce8a0c7bfdf0bf74", "9605c028605214cb8519b9f76d937bb4e2ca165edff7ba224dac8c7d11172ad1", "a4e944eb3a2e447f8fdf5679a9ec4c2627f26794293954b993d84d153bcb57c6", "edb8de32efef24d86889242877a9ecb627135831156129e92dab871a47cd4de2", "f1c6992f98b3216ef793520292737d46f9d11bb31c3a8732fb3dba9500a00790"], "path": "%APPDATA%\\A1EB383543D3F00657D7\\Files\\AT_DOM_E.DOC"}, {"hashes": ["069e629347920fa169623bf55556bf50da6d73b6d8129da71ed7832e76ec0774", "3a4ef6610b647f545e862e03d03df7a89b171831fa685a978b9d76dd09224406", "5e3eb3b01f08a5860eb53b7ef54c51378fbfc21584687d82ce8a0c7bfdf0bf74", "9605c028605214cb8519b9f76d937bb4e2ca165edff7ba224dac8c7d11172ad1", "a4e944eb3a2e447f8fdf5679a9ec4c2627f26794293954b993d84d153bcb57c6", "edb8de32efef24d86889242877a9ecb627135831156129e92dab871a47cd4de2", "f1c6992f98b3216ef793520292737d46f9d11bb31c3a8732fb3dba9500a00790"], "path": "%APPDATA%\\A1EB383543D3F00657D7\\Files\\B813B53525710DA882C4D06A52.XLSX"}, {"hashes": ["069e629347920fa169623bf55556bf50da6d73b6d8129da71ed7832e76ec0774", "3a4ef6610b647f545e862e03d03df7a89b171831fa685a978b9d76dd09224406", "5e3eb3b01f08a5860eb53b7ef54c51378fbfc21584687d82ce8a0c7bfdf0bf74", "9605c028605214cb8519b9f76d937bb4e2ca165edff7ba224dac8c7d11172ad1", "a4e944eb3a2e447f8fdf5679a9ec4c2627f26794293954b993d84d153bcb57c6", "edb8de32efef24d86889242877a9ecb627135831156129e92dab871a47cd4de2", "f1c6992f98b3216ef793520292737d46f9d11bb31c3a8732fb3dba9500a00790"], "path": "%APPDATA%\\A1EB383543D3F00657D7\\Files\\CONTRACTAPPENDIXB.DOC"}, {"hashes": ["069e629347920fa169623bf55556bf50da6d73b6d8129da71ed7832e76ec0774", "3a4ef6610b647f545e862e03d03df7a89b171831fa685a978b9d76dd09224406", "5e3eb3b01f08a5860eb53b7ef54c51378fbfc21584687d82ce8a0c7bfdf0bf74", "9605c028605214cb8519b9f76d937bb4e2ca165edff7ba224dac8c7d11172ad1", "a4e944eb3a2e447f8fdf5679a9ec4c2627f26794293954b993d84d153bcb57c6", "edb8de32efef24d86889242877a9ecb627135831156129e92dab871a47cd4de2", "f1c6992f98b3216ef793520292737d46f9d11bb31c3a8732fb3dba9500a00790"], "path": "%APPDATA%\\A1EB383543D3F00657D7\\Files\\DC546113F9030F161A90B734F3.XLSX"}, {"hashes": ["069e629347920fa169623bf55556bf50da6d73b6d8129da71ed7832e76ec0774", "3a4ef6610b647f545e862e03d03df7a89b171831fa685a978b9d76dd09224406", "5e3eb3b01f08a5860eb53b7ef54c51378fbfc21584687d82ce8a0c7bfdf0bf74", "9605c028605214cb8519b9f76d937bb4e2ca165edff7ba224dac8c7d11172ad1", "a4e944eb3a2e447f8fdf5679a9ec4c2627f26794293954b993d84d153bcb57c6", "edb8de32efef24d86889242877a9ecb627135831156129e92dab871a47cd4de2", "f1c6992f98b3216ef793520292737d46f9d11bb31c3a8732fb3dba9500a00790"], "path": "%APPDATA%\\A1EB383543D3F00657D7\\Files\\ERSD200502_E.DOC"}, {"hashes": ["069e629347920fa169623bf55556bf50da6d73b6d8129da71ed7832e76ec0774", "3a4ef6610b647f545e862e03d03df7a89b171831fa685a978b9d76dd09224406", "5e3eb3b01f08a5860eb53b7ef54c51378fbfc21584687d82ce8a0c7bfdf0bf74", "9605c028605214cb8519b9f76d937bb4e2ca165edff7ba224dac8c7d11172ad1", "a4e944eb3a2e447f8fdf5679a9ec4c2627f26794293954b993d84d153bcb57c6", "edb8de32efef24d86889242877a9ecb627135831156129e92dab871a47cd4de2", "f1c6992f98b3216ef793520292737d46f9d11bb31c3a8732fb3dba9500a00790"], "path": "%APPDATA%\\A1EB383543D3F00657D7\\Files\\F490F81ED03E44A1E7B5C86E19.XLSX"}, {"hashes": ["069e629347920fa169623bf55556bf50da6d73b6d8129da71ed7832e76ec0774", "3a4ef6610b647f545e862e03d03df7a89b171831fa685a978b9d76dd09224406", "5e3eb3b01f08a5860eb53b7ef54c51378fbfc21584687d82ce8a0c7bfdf0bf74", "9605c028605214cb8519b9f76d937bb4e2ca165edff7ba224dac8c7d11172ad1", "a4e944eb3a2e447f8fdf5679a9ec4c2627f26794293954b993d84d153bcb57c6", "edb8de32efef24d86889242877a9ecb627135831156129e92dab871a47cd4de2", "f1c6992f98b3216ef793520292737d46f9d11bb31c3a8732fb3dba9500a00790"], "path": "%APPDATA%\\A1EB383543D3F00657D7\\Files\\GOOGLE_CORPORATION_KHOTSO_.DOCX"}, {"hashes": ["069e629347920fa169623bf55556bf50da6d73b6d8129da71ed7832e76ec0774", "3a4ef6610b647f545e862e03d03df7a89b171831fa685a978b9d76dd09224406", "5e3eb3b01f08a5860eb53b7ef54c51378fbfc21584687d82ce8a0c7bfdf0bf74", "9605c028605214cb8519b9f76d937bb4e2ca165edff7ba224dac8c7d11172ad1", "a4e944eb3a2e447f8fdf5679a9ec4c2627f26794293954b993d84d153bcb57c6", "edb8de32efef24d86889242877a9ecb627135831156129e92dab871a47cd4de2", "f1c6992f98b3216ef793520292737d46f9d11bb31c3a8732fb3dba9500a00790"], "path": "%APPDATA%\\A1EB383543D3F00657D7\\Files\\HUNJA2B3_E.DOC"}, {"hashes": ["069e629347920fa169623bf55556bf50da6d73b6d8129da71ed7832e76ec0774", "3a4ef6610b647f545e862e03d03df7a89b171831fa685a978b9d76dd09224406", "5e3eb3b01f08a5860eb53b7ef54c51378fbfc21584687d82ce8a0c7bfdf0bf74", "9605c028605214cb8519b9f76d937bb4e2ca165edff7ba224dac8c7d11172ad1", "a4e944eb3a2e447f8fdf5679a9ec4c2627f26794293954b993d84d153bcb57c6", "edb8de32efef24d86889242877a9ecb627135831156129e92dab871a47cd4de2", "f1c6992f98b3216ef793520292737d46f9d11bb31c3a8732fb3dba9500a00790"], "path": "%APPDATA%\\A1EB383543D3F00657D7\\Files\\IATA_OMC_TOURISM.DOC"}, {"hashes": ["069e629347920fa169623bf55556bf50da6d73b6d8129da71ed7832e76ec0774", "3a4ef6610b647f545e862e03d03df7a89b171831fa685a978b9d76dd09224406", "5e3eb3b01f08a5860eb53b7ef54c51378fbfc21584687d82ce8a0c7bfdf0bf74", "9605c028605214cb8519b9f76d937bb4e2ca165edff7ba224dac8c7d11172ad1", "a4e944eb3a2e447f8fdf5679a9ec4c2627f26794293954b993d84d153bcb57c6", "edb8de32efef24d86889242877a9ecb627135831156129e92dab871a47cd4de2", "f1c6992f98b3216ef793520292737d46f9d11bb31c3a8732fb3dba9500a00790"], "path": "%APPDATA%\\A1EB383543D3F00657D7\\Files\\ZA___NR_8_ANALIZA_DOKUMENT.DOCX"}, {"hashes": ["6763500aabf5bb650acee7e50fb2b28559c25e46e43a67e84e849cfb6748968b", "9605c028605214cb8519b9f76d937bb4e2ca165edff7ba224dac8c7d11172ad1", "f236b39e286105d68ab5b7cb5e54f93379bc7a0d84166407f41984172bcf183e"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\start.lnk"}, {"hashes": ["5c9f6daab90ddba678686ebb3562b200be25bdbc5b8bf997aae9888372df3001", "d8ef3315df144b64906f7d8f358733d3da504f963dd6d841b660fd397ed1f8b2"], "path": "%TEMP%\\3_47\\qvffoldw.dat"}, {"hashes": ["5c9f6daab90ddba678686ebb3562b200be25bdbc5b8bf997aae9888372df3001", "d8ef3315df144b64906f7d8f358733d3da504f963dd6d841b660fd397ed1f8b2"], "path": "%TEMP%\\3_47\\rbuagwxt.xls"}, {"hashes": ["5c9f6daab90ddba678686ebb3562b200be25bdbc5b8bf997aae9888372df3001", "d8ef3315df144b64906f7d8f358733d3da504f963dd6d841b660fd397ed1f8b2"], "path": "%TEMP%\\3_47\\rokethk.xls"}, {"hashes": ["5c9f6daab90ddba678686ebb3562b200be25bdbc5b8bf997aae9888372df3001", "d8ef3315df144b64906f7d8f358733d3da504f963dd6d841b660fd397ed1f8b2"], "path": "%TEMP%\\3_47\\sltbglkj.docx"}, {"hashes": ["5c9f6daab90ddba678686ebb3562b200be25bdbc5b8bf997aae9888372df3001", "d8ef3315df144b64906f7d8f358733d3da504f963dd6d841b660fd397ed1f8b2"], "path": "%TEMP%\\3_47\\sqtv.icm"}, {"hashes": ["5c9f6daab90ddba678686ebb3562b200be25bdbc5b8bf997aae9888372df3001", "d8ef3315df144b64906f7d8f358733d3da504f963dd6d841b660fd397ed1f8b2"], "path": "%TEMP%\\3_47\\uccwli.msc"}, {"hashes": ["5c9f6daab90ddba678686ebb3562b200be25bdbc5b8bf997aae9888372df3001", "d8ef3315df144b64906f7d8f358733d3da504f963dd6d841b660fd397ed1f8b2"], "path": "%TEMP%\\3_47\\uqephmnig.bin"}, {"hashes": ["5c9f6daab90ddba678686ebb3562b200be25bdbc5b8bf997aae9888372df3001", "d8ef3315df144b64906f7d8f358733d3da504f963dd6d841b660fd397ed1f8b2"], "path": "%TEMP%\\3_47\\vcrctw.docx"}, {"hashes": ["5c9f6daab90ddba678686ebb3562b200be25bdbc5b8bf997aae9888372df3001", "d8ef3315df144b64906f7d8f358733d3da504f963dd6d841b660fd397ed1f8b2"], "path": "%TEMP%\\3_47\\whfhawtlk.bin"}, {"hashes": ["5c9f6daab90ddba678686ebb3562b200be25bdbc5b8bf997aae9888372df3001", "d8ef3315df144b64906f7d8f358733d3da504f963dd6d841b660fd397ed1f8b2"], "path": "%TEMP%\\3_47\\woslpb.xls"}, {"hashes": ["d8d32922ddd6305ce4acc9c970e0a6d1c5866d344496be1620498ea035e9baf7", "ebb76e46e178491fd48787e80ce952910124d6f1a00c92744a5f84278192030c"], "path": "%System32%\\Tasks\\oflgwXquKB"}], "ip": [{"hashes": ["02d6acf24555c866c6fa3c37b06c8ff3b546a5b8f97e1e8cab2110c29e51c897", "08f06965c39cb6f46e18f1df24e72e06fea964197174ac839476d3957e4de495", "649ba0fa2b0d5b7835a732f9f52b2cc8536e730e224817b02218daebd4b08848", "664eb04ce9a07761a925f6cf8d2b4895b04fe5a85593ca0208d995b438c8b5f7", "6a7d82c112ed34aecaf4b3aa622d946ccd5fdfd8141437c8410b7c36e4d4d4b5", "6aa8a7e9eaaad38773e294e1334edd60fa25564999efdbb2e27beddc705cbe3d", "8034fed4db2081f34b8048bab000a23044d35061868f53cb37a0f9de4951bdaf", "8ee53e8fc978e48a16dbe5765ca9062b55e76966543d434633c6aef2f172d24b", "90754e5965c3e28865827ce18a4352508dc55795177876362237be8ba888ab26", "989541f6dffe26e108122d44a008c37dad295b94fd25cd8d242ccc5023214882", "a25158f378f026cda042e93ba5020f6d5882d8821075085901f84cf73c600baa", "c77050299926e15030f302bcc4dd9a048fb00f1ccb48bf8cc932ca8bdbbec508"], "ip": "192[.]169[.]69[.]26"}, {"hashes": ["02d6acf24555c866c6fa3c37b06c8ff3b546a5b8f97e1e8cab2110c29e51c897", "08f06965c39cb6f46e18f1df24e72e06fea964197174ac839476d3957e4de495", "649ba0fa2b0d5b7835a732f9f52b2cc8536e730e224817b02218daebd4b08848", "664eb04ce9a07761a925f6cf8d2b4895b04fe5a85593ca0208d995b438c8b5f7", "6a7d82c112ed34aecaf4b3aa622d946ccd5fdfd8141437c8410b7c36e4d4d4b5", "6aa8a7e9eaaad38773e294e1334edd60fa25564999efdbb2e27beddc705cbe3d", "8034fed4db2081f34b8048bab000a23044d35061868f53cb37a0f9de4951bdaf", "8ee53e8fc978e48a16dbe5765ca9062b55e76966543d434633c6aef2f172d24b", "90754e5965c3e28865827ce18a4352508dc55795177876362237be8ba888ab26", "989541f6dffe26e108122d44a008c37dad295b94fd25cd8d242ccc5023214882", "a25158f378f026cda042e93ba5020f6d5882d8821075085901f84cf73c600baa", "c77050299926e15030f302bcc4dd9a048fb00f1ccb48bf8cc932ca8bdbbec508"], "ip": "194[.]5[.]98[.]219"}, {"hashes": ["069e629347920fa169623bf55556bf50da6d73b6d8129da71ed7832e76ec0774", "3a4ef6610b647f545e862e03d03df7a89b171831fa685a978b9d76dd09224406", "5e3eb3b01f08a5860eb53b7ef54c51378fbfc21584687d82ce8a0c7bfdf0bf74", "9605c028605214cb8519b9f76d937bb4e2ca165edff7ba224dac8c7d11172ad1", "a4e944eb3a2e447f8fdf5679a9ec4c2627f26794293954b993d84d153bcb57c6", "bc6b7838aed0283638884fca8cc4fc3f1495b2b39bf1a2c9eb0a4868f9c38c79", "edb8de32efef24d86889242877a9ecb627135831156129e92dab871a47cd4de2", "f1c6992f98b3216ef793520292737d46f9d11bb31c3a8732fb3dba9500a00790"], "ip": "162[.]55[.]60[.]2"}, {"hashes": ["237f4691c8e3937129080c8d1a39e9a33df965f63c90977aab5348606f03ad48", "65202bb1c6bc23e5e4297b0b00b1317a375f08134175e5b7e015a6d829dec596", "e563fd5ef48ec0e2e97547b44085a144ae090081a7c469a5f0650bb515f7e76b"], "ip": "52[.]20[.]78[.]240"}, {"hashes": ["73f9758f83bfe78bbd7c137f3c2d92f6813e8f97e09a05da42e8897715313ae3", "88c35140b891ab68d50c39cba262f80e48038a90e92f46b685240b07494714a6", "c8a1d9ba4399594220918f99a38fa4821c18d3e4fbfcf06c5872766b776661f0"], "ip": "3[.]232[.]242[.]170"}, {"hashes": ["73f9758f83bfe78bbd7c137f3c2d92f6813e8f97e09a05da42e8897715313ae3", "e563fd5ef48ec0e2e97547b44085a144ae090081a7c469a5f0650bb515f7e76b"], "ip": "77[.]88[.]21[.]158"}, {"hashes": ["6427b1234b3182b21cfe73e027a9943505033e0ca9c557504051581d77191158", "d8ef3315df144b64906f7d8f358733d3da504f963dd6d841b660fd397ed1f8b2"], "ip": "54[.]91[.]59[.]199"}, {"hashes": ["5c9f6daab90ddba678686ebb3562b200be25bdbc5b8bf997aae9888372df3001", "acc27fd8b12704ade67132f172d5c6830a4f4547a8fd67496657bc4996a98e1f"], "ip": "3[.]220[.]57[.]224"}, {"hashes": ["d8d32922ddd6305ce4acc9c970e0a6d1c5866d344496be1620498ea035e9baf7", "ebb76e46e178491fd48787e80ce952910124d6f1a00c92744a5f84278192030c"], "ip": "185[.]209[.]160[.]47"}, {"hashes": ["690e2244879b7cdddc4b6208c8bcfae41548c1f651dae8fd576e281ddb30381b"], "ip": "103[.]15[.]48[.]110"}, {"hashes": ["5ab5b8f885449933f394fc287c5d224e7cb1c1e3f6f89d9d0abb812bb7d3d805"], "ip": "50[.]87[.]253[.]125"}, {"hashes": ["a7bb4c998acc8a21e32314741e0eaa2bee3bbefa6db3381c8cdd776e7994e3be"], "ip": "2[.]57[.]90[.]16"}, {"hashes": ["ebb76e46e178491fd48787e80ce952910124d6f1a00c92744a5f84278192030c"], "ip": "34[.]102[.]136[.]180"}, {"hashes": ["f236b39e286105d68ab5b7cb5e54f93379bc7a0d84166407f41984172bcf183e"], "ip": "79[.]134[.]225[.]16"}, {"hashes": ["ebb76e46e178491fd48787e80ce952910124d6f1a00c92744a5f84278192030c"], "ip": "3[.]18[.]7[.]81"}, {"hashes": ["a7bb4c998acc8a21e32314741e0eaa2bee3bbefa6db3381c8cdd776e7994e3be"], "ip": "45[.]33[.]6[.]223"}, {"hashes": ["65202bb1c6bc23e5e4297b0b00b1317a375f08134175e5b7e015a6d829dec596"], "ip": "107[.]189[.]4[.]253"}, {"hashes": ["a7bb4c998acc8a21e32314741e0eaa2bee3bbefa6db3381c8cdd776e7994e3be"], "ip": "35[.]208[.]225[.]54"}, {"hashes": ["a7bb4c998acc8a21e32314741e0eaa2bee3bbefa6db3381c8cdd776e7994e3be"], "ip": "156[.]254[.]174[.]120"}, {"hashes": ["a7bb4c998acc8a21e32314741e0eaa2bee3bbefa6db3381c8cdd776e7994e3be"], "ip": "85[.]10[.]159[.]4"}, {"hashes": ["ebb76e46e178491fd48787e80ce952910124d6f1a00c92744a5f84278192030c"], "ip": "217[.]21[.]72[.]110"}, {"hashes": ["a7bb4c998acc8a21e32314741e0eaa2bee3bbefa6db3381c8cdd776e7994e3be"], "ip": "103[.]79[.]76[.]152"}, {"hashes": ["a7bb4c998acc8a21e32314741e0eaa2bee3bbefa6db3381c8cdd776e7994e3be"], "ip": "38[.]48[.]189[.]90"}, {"hashes": ["7b16e2c7b49690e83bb4140b3e0f29418c64a6aae02dc0c324b607ae048b7ebd"], "ip": "64[.]185[.]227[.]156"}, {"hashes": ["d70b1ecb9b8a30952cadfd45ef31c680197e475d0f7c6faa167c084869213e4a"], "ip": "198[.]12[.]91[.]245"}], "mutex": [{"hashes": ["02d6acf24555c866c6fa3c37b06c8ff3b546a5b8f97e1e8cab2110c29e51c897", "08f06965c39cb6f46e18f1df24e72e06fea964197174ac839476d3957e4de495", "649ba0fa2b0d5b7835a732f9f52b2cc8536e730e224817b02218daebd4b08848", "664eb04ce9a07761a925f6cf8d2b4895b04fe5a85593ca0208d995b438c8b5f7", "6a7d82c112ed34aecaf4b3aa622d946ccd5fdfd8141437c8410b7c36e4d4d4b5", "6aa8a7e9eaaad38773e294e1334edd60fa25564999efdbb2e27beddc705cbe3d", "8034fed4db2081f34b8048bab000a23044d35061868f53cb37a0f9de4951bdaf", "8ee53e8fc978e48a16dbe5765ca9062b55e76966543d434633c6aef2f172d24b", "90754e5965c3e28865827ce18a4352508dc55795177876362237be8ba888ab26", "989541f6dffe26e108122d44a008c37dad295b94fd25cd8d242ccc5023214882", "a25158f378f026cda042e93ba5020f6d5882d8821075085901f84cf73c600baa", "c77050299926e15030f302bcc4dd9a048fb00f1ccb48bf8cc932ca8bdbbec508"], "name": "Global\\{042723c4-0804-4212-bf56-4b1b2669ca7c}"}, {"hashes": ["ebb76e46e178491fd48787e80ce952910124d6f1a00c92744a5f84278192030c"], "name": "8-3503835SZBFHHZ"}, {"hashes": ["d70b1ecb9b8a30952cadfd45ef31c680197e475d0f7c6faa167c084869213e4a"], "name": "-"}, {"hashes": ["a7bb4c998acc8a21e32314741e0eaa2bee3bbefa6db3381c8cdd776e7994e3be"], "name": "1L2N233BRY01J7GZ"}, {"hashes": ["a7bb4c998acc8a21e32314741e0eaa2bee3bbefa6db3381c8cdd776e7994e3be"], "name": "J1P86SR380H1-G0M"}, {"hashes": ["3daa2ea1bfd5b57eabe55cc156a072ea901ff7c809648dd4d7aa6897c7a9bf3c"], "name": "Global\\96f3acc1-6da6-11ed-9660-001517dcb4c8"}, {"hashes": ["ebb76e46e178491fd48787e80ce952910124d6f1a00c92744a5f84278192030c"], "name": "S-1-5-21-2580483-12442445629344"}, {"hashes": ["d8d32922ddd6305ce4acc9c970e0a6d1c5866d344496be1620498ea035e9baf7"], "name": "Global\\d6071d80-6d05-11ed-9660-001517fac4b0"}, {"hashes": ["ebb76e46e178491fd48787e80ce952910124d6f1a00c92744a5f84278192030c"], "name": "KL8ATO734X14Z-LY"}, {"hashes": ["6763500aabf5bb650acee7e50fb2b28559c25e46e43a67e84e849cfb6748968b"], "name": "134bd404e63d2b071716d1ceddb58485"}, {"hashes": ["f236b39e286105d68ab5b7cb5e54f93379bc7a0d84166407f41984172bcf183e"], "name": "Rmcw-KMC20U"}, {"hashes": ["171777fc7d1801670cdc576c7cb7460fd4f4ad4eac5d00bc14b3a2f799a56ca2"], "name": "Global\\d4f7b8e1-7b75-11ed-9660-001517a920c4"}], "registry": [{"hashes": ["02d6acf24555c866c6fa3c37b06c8ff3b546a5b8f97e1e8cab2110c29e51c897", "069e629347920fa169623bf55556bf50da6d73b6d8129da71ed7832e76ec0774", "08f06965c39cb6f46e18f1df24e72e06fea964197174ac839476d3957e4de495", "237f4691c8e3937129080c8d1a39e9a33df965f63c90977aab5348606f03ad48", "275adb18333faf91f3124dc54af4c201c11c8d25ecde94aed6ea5f373517c000", "356b30df4bbe9a2f99a450769fee9a947f5879868d6b60b183fb3faba39f6470", "3a4ef6610b647f545e862e03d03df7a89b171831fa685a978b9d76dd09224406", "5ab5b8f885449933f394fc287c5d224e7cb1c1e3f6f89d9d0abb812bb7d3d805", "5c9f6daab90ddba678686ebb3562b200be25bdbc5b8bf997aae9888372df3001", "5e3eb3b01f08a5860eb53b7ef54c51378fbfc21584687d82ce8a0c7bfdf0bf74", "6427b1234b3182b21cfe73e027a9943505033e0ca9c557504051581d77191158", "649ba0fa2b0d5b7835a732f9f52b2cc8536e730e224817b02218daebd4b08848", "65202bb1c6bc23e5e4297b0b00b1317a375f08134175e5b7e015a6d829dec596", "664eb04ce9a07761a925f6cf8d2b4895b04fe5a85593ca0208d995b438c8b5f7", "6763500aabf5bb650acee7e50fb2b28559c25e46e43a67e84e849cfb6748968b", "690e2244879b7cdddc4b6208c8bcfae41548c1f651dae8fd576e281ddb30381b", "6a7d82c112ed34aecaf4b3aa622d946ccd5fdfd8141437c8410b7c36e4d4d4b5", "6aa8a7e9eaaad38773e294e1334edd60fa25564999efdbb2e27beddc705cbe3d", "73f9758f83bfe78bbd7c137f3c2d92f6813e8f97e09a05da42e8897715313ae3", "7b16e2c7b49690e83bb4140b3e0f29418c64a6aae02dc0c324b607ae048b7ebd", "7c749b55555779c476f8e206751528e729bed0069f7a9b91f7766a78b8c22792", "8034fed4db2081f34b8048bab000a23044d35061868f53cb37a0f9de4951bdaf", "88c35140b891ab68d50c39cba262f80e48038a90e92f46b685240b07494714a6", "8ee53e8fc978e48a16dbe5765ca9062b55e76966543d434633c6aef2f172d24b", "90754e5965c3e28865827ce18a4352508dc55795177876362237be8ba888ab26", "9605c028605214cb8519b9f76d937bb4e2ca165edff7ba224dac8c7d11172ad1", "989541f6dffe26e108122d44a008c37dad295b94fd25cd8d242ccc5023214882", "a25158f378f026cda042e93ba5020f6d5882d8821075085901f84cf73c600baa", "a4e944eb3a2e447f8fdf5679a9ec4c2627f26794293954b993d84d153bcb57c6", "a7bb4c998acc8a21e32314741e0eaa2bee3bbefa6db3381c8cdd776e7994e3be", "a7fac532eed09b4d7d9fe4d5c1a4b6f6302589dc482732bddbeee8dff6029f77", "acc27fd8b12704ade67132f172d5c6830a4f4547a8fd67496657bc4996a98e1f", "bc6b7838aed0283638884fca8cc4fc3f1495b2b39bf1a2c9eb0a4868f9c38c79", "c77050299926e15030f302bcc4dd9a048fb00f1ccb48bf8cc932ca8bdbbec508", "c8a1d9ba4399594220918f99a38fa4821c18d3e4fbfcf06c5872766b776661f0", "d70b1ecb9b8a30952cadfd45ef31c680197e475d0f7c6faa167c084869213e4a", "d8d32922ddd6305ce4acc9c970e0a6d1c5866d344496be1620498ea035e9baf7", "d8ef3315df144b64906f7d8f358733d3da504f963dd6d841b660fd397ed1f8b2", "e563fd5ef48ec0e2e97547b44085a144ae090081a7c469a5f0650bb515f7e76b", "ebb76e46e178491fd48787e80ce952910124d6f1a00c92744a5f84278192030c", "edb8de32efef24d86889242877a9ecb627135831156129e92dab871a47cd4de2", "f1c6992f98b3216ef793520292737d46f9d11bb31c3a8732fb3dba9500a00790", "f236b39e286105d68ab5b7cb5e54f93379bc7a0d84166407f41984172bcf183e", "f422a65d68c31a7c6c24f8242c60d02cb95f42400eec1e87dec1d89102eae9a4", "f9206dc47c6495e1c8cf148a60ba045c6834da3d7d8d10fa92818dbdfbc5839d"], "key": "<HKCR>\\LOCAL SETTINGS\\MUICACHE\\82\\52C64B7E", "value_name": "LanguageList"}, {"hashes": ["02d6acf24555c866c6fa3c37b06c8ff3b546a5b8f97e1e8cab2110c29e51c897", "069e629347920fa169623bf55556bf50da6d73b6d8129da71ed7832e76ec0774", "08f06965c39cb6f46e18f1df24e72e06fea964197174ac839476d3957e4de495", "5e3eb3b01f08a5860eb53b7ef54c51378fbfc21584687d82ce8a0c7bfdf0bf74", "649ba0fa2b0d5b7835a732f9f52b2cc8536e730e224817b02218daebd4b08848", "664eb04ce9a07761a925f6cf8d2b4895b04fe5a85593ca0208d995b438c8b5f7", "6763500aabf5bb650acee7e50fb2b28559c25e46e43a67e84e849cfb6748968b", "6a7d82c112ed34aecaf4b3aa622d946ccd5fdfd8141437c8410b7c36e4d4d4b5", "6aa8a7e9eaaad38773e294e1334edd60fa25564999efdbb2e27beddc705cbe3d", "8034fed4db2081f34b8048bab000a23044d35061868f53cb37a0f9de4951bdaf", "8ee53e8fc978e48a16dbe5765ca9062b55e76966543d434633c6aef2f172d24b", "90754e5965c3e28865827ce18a4352508dc55795177876362237be8ba888ab26", "9605c028605214cb8519b9f76d937bb4e2ca165edff7ba224dac8c7d11172ad1", "989541f6dffe26e108122d44a008c37dad295b94fd25cd8d242ccc5023214882", "a25158f378f026cda042e93ba5020f6d5882d8821075085901f84cf73c600baa", "a4e944eb3a2e447f8fdf5679a9ec4c2627f26794293954b993d84d153bcb57c6", "c77050299926e15030f302bcc4dd9a048fb00f1ccb48bf8cc932ca8bdbbec508", "edb8de32efef24d86889242877a9ecb627135831156129e92dab871a47cd4de2", "f1c6992f98b3216ef793520292737d46f9d11bb31c3a8732fb3dba9500a00790"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "AutoUpdate"}, {"hashes": ["02d6acf24555c866c6fa3c37b06c8ff3b546a5b8f97e1e8cab2110c29e51c897", "08f06965c39cb6f46e18f1df24e72e06fea964197174ac839476d3957e4de495", "649ba0fa2b0d5b7835a732f9f52b2cc8536e730e224817b02218daebd4b08848", "664eb04ce9a07761a925f6cf8d2b4895b04fe5a85593ca0208d995b438c8b5f7", "6a7d82c112ed34aecaf4b3aa622d946ccd5fdfd8141437c8410b7c36e4d4d4b5", "6aa8a7e9eaaad38773e294e1334edd60fa25564999efdbb2e27beddc705cbe3d", "8034fed4db2081f34b8048bab000a23044d35061868f53cb37a0f9de4951bdaf", "8ee53e8fc978e48a16dbe5765ca9062b55e76966543d434633c6aef2f172d24b", "90754e5965c3e28865827ce18a4352508dc55795177876362237be8ba888ab26", "989541f6dffe26e108122d44a008c37dad295b94fd25cd8d242ccc5023214882", "a25158f378f026cda042e93ba5020f6d5882d8821075085901f84cf73c600baa", "c77050299926e15030f302bcc4dd9a048fb00f1ccb48bf8cc932ca8bdbbec508"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "AGP Manager"}, {"hashes": ["02d6acf24555c866c6fa3c37b06c8ff3b546a5b8f97e1e8cab2110c29e51c897", "08f06965c39cb6f46e18f1df24e72e06fea964197174ac839476d3957e4de495", "649ba0fa2b0d5b7835a732f9f52b2cc8536e730e224817b02218daebd4b08848", "664eb04ce9a07761a925f6cf8d2b4895b04fe5a85593ca0208d995b438c8b5f7", "6a7d82c112ed34aecaf4b3aa622d946ccd5fdfd8141437c8410b7c36e4d4d4b5", "6aa8a7e9eaaad38773e294e1334edd60fa25564999efdbb2e27beddc705cbe3d", "8034fed4db2081f34b8048bab000a23044d35061868f53cb37a0f9de4951bdaf", "8ee53e8fc978e48a16dbe5765ca9062b55e76966543d434633c6aef2f172d24b", "90754e5965c3e28865827ce18a4352508dc55795177876362237be8ba888ab26", "989541f6dffe26e108122d44a008c37dad295b94fd25cd8d242ccc5023214882", "a25158f378f026cda042e93ba5020f6d5882d8821075085901f84cf73c600baa", "c77050299926e15030f302bcc4dd9a048fb00f1ccb48bf8cc932ca8bdbbec508"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "Chrome"}, {"hashes": ["069e629347920fa169623bf55556bf50da6d73b6d8129da71ed7832e76ec0774", "5e3eb3b01f08a5860eb53b7ef54c51378fbfc21584687d82ce8a0c7bfdf0bf74", "6763500aabf5bb650acee7e50fb2b28559c25e46e43a67e84e849cfb6748968b", "690e2244879b7cdddc4b6208c8bcfae41548c1f651dae8fd576e281ddb30381b", "9605c028605214cb8519b9f76d937bb4e2ca165edff7ba224dac8c7d11172ad1", "a4e944eb3a2e447f8fdf5679a9ec4c2627f26794293954b993d84d153bcb57c6", "d70b1ecb9b8a30952cadfd45ef31c680197e475d0f7c6faa167c084869213e4a", "edb8de32efef24d86889242877a9ecb627135831156129e92dab871a47cd4de2", "f1c6992f98b3216ef793520292737d46f9d11bb31c3a8732fb3dba9500a00790", "f236b39e286105d68ab5b7cb5e54f93379bc7a0d84166407f41984172bcf183e"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "WindowsUpdate"}, {"hashes": ["069e629347920fa169623bf55556bf50da6d73b6d8129da71ed7832e76ec0774", "5e3eb3b01f08a5860eb53b7ef54c51378fbfc21584687d82ce8a0c7bfdf0bf74", "9605c028605214cb8519b9f76d937bb4e2ca165edff7ba224dac8c7d11172ad1", "a4e944eb3a2e447f8fdf5679a9ec4c2627f26794293954b993d84d153bcb57c6", "edb8de32efef24d86889242877a9ecb627135831156129e92dab871a47cd4de2", "f1c6992f98b3216ef793520292737d46f9d11bb31c3a8732fb3dba9500a00790"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\SYSTEM", "value_name": "DisableTaskMgr"}, {"hashes": ["069e629347920fa169623bf55556bf50da6d73b6d8129da71ed7832e76ec0774", "5e3eb3b01f08a5860eb53b7ef54c51378fbfc21584687d82ce8a0c7bfdf0bf74", "9605c028605214cb8519b9f76d937bb4e2ca165edff7ba224dac8c7d11172ad1", "a4e944eb3a2e447f8fdf5679a9ec4c2627f26794293954b993d84d153bcb57c6", "edb8de32efef24d86889242877a9ecb627135831156129e92dab871a47cd4de2", "f1c6992f98b3216ef793520292737d46f9d11bb31c3a8732fb3dba9500a00790"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\SYSTEM", "value_name": null}, {"hashes": ["690e2244879b7cdddc4b6208c8bcfae41548c1f651dae8fd576e281ddb30381b"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "newapp"}, {"hashes": ["a7bb4c998acc8a21e32314741e0eaa2bee3bbefa6db3381c8cdd776e7994e3be"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\INTERNET EXPLORER\\INTELLIFORMS\\STORAGE2", "value_name": null}, {"hashes": ["a7bb4c998acc8a21e32314741e0eaa2bee3bbefa6db3381c8cdd776e7994e3be"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MOZILLA\\MOZILLA FIREFOX", "value_name": null}, {"hashes": ["a7bb4c998acc8a21e32314741e0eaa2bee3bbefa6db3381c8cdd776e7994e3be"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MOZILLA\\MOZILLA FIREFOX\\20.0.1 (EN-US)\\MAIN", "value_name": null}, {"hashes": ["a7bb4c998acc8a21e32314741e0eaa2bee3bbefa6db3381c8cdd776e7994e3be"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MOZILLA\\MOZILLA THUNDERBIRD", "value_name": null}, {"hashes": ["d70b1ecb9b8a30952cadfd45ef31c680197e475d0f7c6faa167c084869213e4a"], "key": "<HKCU>\\SOFTWARE\\NETWIRE", "value_name": null}, {"hashes": ["a7bb4c998acc8a21e32314741e0eaa2bee3bbefa6db3381c8cdd776e7994e3be"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\EXPLORER\\DISCARDABLE\\POSTSETUP\\COMPONENT CATEGORIES\\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}", "value_name": null}, {"hashes": ["a7bb4c998acc8a21e32314741e0eaa2bee3bbefa6db3381c8cdd776e7994e3be"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\EXPLORER\\DISCARDABLE\\POSTSETUP\\COMPONENT CATEGORIES\\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}\\ENUM", "value_name": null}, {"hashes": ["6763500aabf5bb650acee7e50fb2b28559c25e46e43a67e84e849cfb6748968b"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUNONCE", "value_name": "7_64"}, {"hashes": ["9605c028605214cb8519b9f76d937bb4e2ca165edff7ba224dac8c7d11172ad1"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUNONCE", "value_name": "10_61"}, {"hashes": ["a7bb4c998acc8a21e32314741e0eaa2bee3bbefa6db3381c8cdd776e7994e3be"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\EXPLORER\\DISCARDABLE\\POSTSETUP\\COMPONENT CATEGORIES\\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}\\ENUM", "value_name": "Implementing"}, {"hashes": ["f236b39e286105d68ab5b7cb5e54f93379bc7a0d84166407f41984172bcf183e"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUNONCE", "value_name": "6_74"}, {"hashes": ["f236b39e286105d68ab5b7cb5e54f93379bc7a0d84166407f41984172bcf183e"], "key": "<HKCU>\\SOFTWARE\\RMCW-KMC20U", "value_name": null}, {"hashes": ["f236b39e286105d68ab5b7cb5e54f93379bc7a0d84166407f41984172bcf183e"], "key": "<HKCU>\\SOFTWARE\\RMCW-KMC20U", "value_name": "exepath"}, {"hashes": ["f236b39e286105d68ab5b7cb5e54f93379bc7a0d84166407f41984172bcf183e"], "key": "<HKCU>\\SOFTWARE\\RMCW-KMC20U", "value_name": "licence"}, {"hashes": ["88c35140b891ab68d50c39cba262f80e48038a90e92f46b685240b07494714a6"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "ddate"}, {"hashes": ["d70b1ecb9b8a30952cadfd45ef31c680197e475d0f7c6faa167c084869213e4a"], "key": "<HKCU>\\SOFTWARE\\NETWIRE", "value_name": "HostId"}, {"hashes": ["d70b1ecb9b8a30952cadfd45ef31c680197e475d0f7c6faa167c084869213e4a"], "key": "<HKCU>\\SOFTWARE\\NETWIRE", "value_name": "Install Date"}]}, "reports_count": 47}, "Win.Dropper.njRAT-9980427-0": {"bis": [{"bi": "antivirus-flagged-artifact", "hashes": ["8171a5ec2079c8c1807b398b4f14c4d53a992d4d1ccbbbbf1d8ee60c1a51dbed", "88f06b89e9e53160a944ab25a30d2f59a82807303a34767ae6c81714d067640d", "166b08c9b00a86bb21418bd00d3e9c445fb99ca32d14fde2c69a25082c6d7e5a", "8a72076cdb3cd82e07eca1a4282d46eb99515ee08400285a22dabcd88eab2e84", "078cc1681e4c0cb4d0f61091390d81527c9748ec45a9f98118b3fe97051220b7", "3220271f4c7423c530db8a7c1c9714c6f1fad1be0b803c48ca5514c77583f0c7", "e774c8e0fab651c62ee5f0aea84759cc83065afa144ee39013fbee749d209904", "67b37834e66be76fb637be3ce10edbc02dc8067a7fbd7570a27d8d47c1b8c017", "7eccbc3ead189e38be91f2838c4e8954455563a2c63e19d75558e8791619abf1", "027d80d4aef687ad5bcf965536b177137c0fc012b62e29dc247b315163beaef6"], "mitre_attack_tags": []}, {"bi": "memory-execute-readwrite", "hashes": ["8171a5ec2079c8c1807b398b4f14c4d53a992d4d1ccbbbbf1d8ee60c1a51dbed", "88f06b89e9e53160a944ab25a30d2f59a82807303a34767ae6c81714d067640d", "166b08c9b00a86bb21418bd00d3e9c445fb99ca32d14fde2c69a25082c6d7e5a", "8a72076cdb3cd82e07eca1a4282d46eb99515ee08400285a22dabcd88eab2e84", "078cc1681e4c0cb4d0f61091390d81527c9748ec45a9f98118b3fe97051220b7", "3220271f4c7423c530db8a7c1c9714c6f1fad1be0b803c48ca5514c77583f0c7", "e774c8e0fab651c62ee5f0aea84759cc83065afa144ee39013fbee749d209904", "67b37834e66be76fb637be3ce10edbc02dc8067a7fbd7570a27d8d47c1b8c017", "7eccbc3ead189e38be91f2838c4e8954455563a2c63e19d75558e8791619abf1", "027d80d4aef687ad5bcf965536b177137c0fc012b62e29dc247b315163beaef6"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "modified-executable", "hashes": ["8171a5ec2079c8c1807b398b4f14c4d53a992d4d1ccbbbbf1d8ee60c1a51dbed", "88f06b89e9e53160a944ab25a30d2f59a82807303a34767ae6c81714d067640d", "166b08c9b00a86bb21418bd00d3e9c445fb99ca32d14fde2c69a25082c6d7e5a", "8a72076cdb3cd82e07eca1a4282d46eb99515ee08400285a22dabcd88eab2e84", "078cc1681e4c0cb4d0f61091390d81527c9748ec45a9f98118b3fe97051220b7", "3220271f4c7423c530db8a7c1c9714c6f1fad1be0b803c48ca5514c77583f0c7", "e774c8e0fab651c62ee5f0aea84759cc83065afa144ee39013fbee749d209904", "67b37834e66be76fb637be3ce10edbc02dc8067a7fbd7570a27d8d47c1b8c017", "7eccbc3ead189e38be91f2838c4e8954455563a2c63e19d75558e8791619abf1", "027d80d4aef687ad5bcf965536b177137c0fc012b62e29dc247b315163beaef6"], "mitre_attack_tags": []}, {"bi": "created-executable-in-user-dir", "hashes": ["8171a5ec2079c8c1807b398b4f14c4d53a992d4d1ccbbbbf1d8ee60c1a51dbed", "88f06b89e9e53160a944ab25a30d2f59a82807303a34767ae6c81714d067640d", "166b08c9b00a86bb21418bd00d3e9c445fb99ca32d14fde2c69a25082c6d7e5a", "8a72076cdb3cd82e07eca1a4282d46eb99515ee08400285a22dabcd88eab2e84", "078cc1681e4c0cb4d0f61091390d81527c9748ec45a9f98118b3fe97051220b7", "3220271f4c7423c530db8a7c1c9714c6f1fad1be0b803c48ca5514c77583f0c7", "e774c8e0fab651c62ee5f0aea84759cc83065afa144ee39013fbee749d209904", "67b37834e66be76fb637be3ce10edbc02dc8067a7fbd7570a27d8d47c1b8c017", "7eccbc3ead189e38be91f2838c4e8954455563a2c63e19d75558e8791619abf1", "027d80d4aef687ad5bcf965536b177137c0fc012b62e29dc247b315163beaef6"], "mitre_attack_tags": []}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["8171a5ec2079c8c1807b398b4f14c4d53a992d4d1ccbbbbf1d8ee60c1a51dbed", "88f06b89e9e53160a944ab25a30d2f59a82807303a34767ae6c81714d067640d", "166b08c9b00a86bb21418bd00d3e9c445fb99ca32d14fde2c69a25082c6d7e5a", "8a72076cdb3cd82e07eca1a4282d46eb99515ee08400285a22dabcd88eab2e84", "078cc1681e4c0cb4d0f61091390d81527c9748ec45a9f98118b3fe97051220b7", "3220271f4c7423c530db8a7c1c9714c6f1fad1be0b803c48ca5514c77583f0c7", "e774c8e0fab651c62ee5f0aea84759cc83065afa144ee39013fbee749d209904", "67b37834e66be76fb637be3ce10edbc02dc8067a7fbd7570a27d8d47c1b8c017", "7eccbc3ead189e38be91f2838c4e8954455563a2c63e19d75558e8791619abf1", "027d80d4aef687ad5bcf965536b177137c0fc012b62e29dc247b315163beaef6"], "mitre_attack_tags": []}, {"bi": "modified-file-in-user-dir", "hashes": ["8171a5ec2079c8c1807b398b4f14c4d53a992d4d1ccbbbbf1d8ee60c1a51dbed", "88f06b89e9e53160a944ab25a30d2f59a82807303a34767ae6c81714d067640d", "166b08c9b00a86bb21418bd00d3e9c445fb99ca32d14fde2c69a25082c6d7e5a", "8a72076cdb3cd82e07eca1a4282d46eb99515ee08400285a22dabcd88eab2e84", "078cc1681e4c0cb4d0f61091390d81527c9748ec45a9f98118b3fe97051220b7", "3220271f4c7423c530db8a7c1c9714c6f1fad1be0b803c48ca5514c77583f0c7", "e774c8e0fab651c62ee5f0aea84759cc83065afa144ee39013fbee749d209904", "67b37834e66be76fb637be3ce10edbc02dc8067a7fbd7570a27d8d47c1b8c017", "7eccbc3ead189e38be91f2838c4e8954455563a2c63e19d75558e8791619abf1", "027d80d4aef687ad5bcf965536b177137c0fc012b62e29dc247b315163beaef6"], "mitre_attack_tags": []}, {"bi": "artifact-flagged-anomaly", "hashes": ["8171a5ec2079c8c1807b398b4f14c4d53a992d4d1ccbbbbf1d8ee60c1a51dbed", "88f06b89e9e53160a944ab25a30d2f59a82807303a34767ae6c81714d067640d", "166b08c9b00a86bb21418bd00d3e9c445fb99ca32d14fde2c69a25082c6d7e5a", "8a72076cdb3cd82e07eca1a4282d46eb99515ee08400285a22dabcd88eab2e84", "078cc1681e4c0cb4d0f61091390d81527c9748ec45a9f98118b3fe97051220b7", "3220271f4c7423c530db8a7c1c9714c6f1fad1be0b803c48ca5514c77583f0c7", "e774c8e0fab651c62ee5f0aea84759cc83065afa144ee39013fbee749d209904", "67b37834e66be76fb637be3ce10edbc02dc8067a7fbd7570a27d8d47c1b8c017", "7eccbc3ead189e38be91f2838c4e8954455563a2c63e19d75558e8791619abf1", "027d80d4aef687ad5bcf965536b177137c0fc012b62e29dc247b315163beaef6"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "network-private-ip-address", "hashes": ["8171a5ec2079c8c1807b398b4f14c4d53a992d4d1ccbbbbf1d8ee60c1a51dbed", "88f06b89e9e53160a944ab25a30d2f59a82807303a34767ae6c81714d067640d", "166b08c9b00a86bb21418bd00d3e9c445fb99ca32d14fde2c69a25082c6d7e5a", "8a72076cdb3cd82e07eca1a4282d46eb99515ee08400285a22dabcd88eab2e84", "078cc1681e4c0cb4d0f61091390d81527c9748ec45a9f98118b3fe97051220b7", "3220271f4c7423c530db8a7c1c9714c6f1fad1be0b803c48ca5514c77583f0c7", "e774c8e0fab651c62ee5f0aea84759cc83065afa144ee39013fbee749d209904", "67b37834e66be76fb637be3ce10edbc02dc8067a7fbd7570a27d8d47c1b8c017", "7eccbc3ead189e38be91f2838c4e8954455563a2c63e19d75558e8791619abf1", "027d80d4aef687ad5bcf965536b177137c0fc012b62e29dc247b315163beaef6"], "mitre_attack_tags": ["TA0007", "T1016"]}, {"bi": "malware-known-trojan-av", "hashes": ["8171a5ec2079c8c1807b398b4f14c4d53a992d4d1ccbbbbf1d8ee60c1a51dbed", "88f06b89e9e53160a944ab25a30d2f59a82807303a34767ae6c81714d067640d", "166b08c9b00a86bb21418bd00d3e9c445fb99ca32d14fde2c69a25082c6d7e5a", "8a72076cdb3cd82e07eca1a4282d46eb99515ee08400285a22dabcd88eab2e84", "078cc1681e4c0cb4d0f61091390d81527c9748ec45a9f98118b3fe97051220b7", "3220271f4c7423c530db8a7c1c9714c6f1fad1be0b803c48ca5514c77583f0c7", "e774c8e0fab651c62ee5f0aea84759cc83065afa144ee39013fbee749d209904", "67b37834e66be76fb637be3ce10edbc02dc8067a7fbd7570a27d8d47c1b8c017", "7eccbc3ead189e38be91f2838c4e8954455563a2c63e19d75558e8791619abf1", "027d80d4aef687ad5bcf965536b177137c0fc012b62e29dc247b315163beaef6"], "mitre_attack_tags": []}, {"bi": "pe-uses-dot-net", "hashes": ["8171a5ec2079c8c1807b398b4f14c4d53a992d4d1ccbbbbf1d8ee60c1a51dbed", "88f06b89e9e53160a944ab25a30d2f59a82807303a34767ae6c81714d067640d", "166b08c9b00a86bb21418bd00d3e9c445fb99ca32d14fde2c69a25082c6d7e5a", "8a72076cdb3cd82e07eca1a4282d46eb99515ee08400285a22dabcd88eab2e84", "078cc1681e4c0cb4d0f61091390d81527c9748ec45a9f98118b3fe97051220b7", "3220271f4c7423c530db8a7c1c9714c6f1fad1be0b803c48ca5514c77583f0c7", "e774c8e0fab651c62ee5f0aea84759cc83065afa144ee39013fbee749d209904", "67b37834e66be76fb637be3ce10edbc02dc8067a7fbd7570a27d8d47c1b8c017", "7eccbc3ead189e38be91f2838c4e8954455563a2c63e19d75558e8791619abf1", "027d80d4aef687ad5bcf965536b177137c0fc012b62e29dc247b315163beaef6"], "mitre_attack_tags": []}, {"bi": "registry-autorun-key-modified", "hashes": ["8171a5ec2079c8c1807b398b4f14c4d53a992d4d1ccbbbbf1d8ee60c1a51dbed", "88f06b89e9e53160a944ab25a30d2f59a82807303a34767ae6c81714d067640d", "166b08c9b00a86bb21418bd00d3e9c445fb99ca32d14fde2c69a25082c6d7e5a", "8a72076cdb3cd82e07eca1a4282d46eb99515ee08400285a22dabcd88eab2e84", "078cc1681e4c0cb4d0f61091390d81527c9748ec45a9f98118b3fe97051220b7", "3220271f4c7423c530db8a7c1c9714c6f1fad1be0b803c48ca5514c77583f0c7", "e774c8e0fab651c62ee5f0aea84759cc83065afa144ee39013fbee749d209904", "67b37834e66be76fb637be3ce10edbc02dc8067a7fbd7570a27d8d47c1b8c017", "7eccbc3ead189e38be91f2838c4e8954455563a2c63e19d75558e8791619abf1", "027d80d4aef687ad5bcf965536b177137c0fc012b62e29dc247b315163beaef6"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "imports-IsDebuggerPresent", "hashes": ["8171a5ec2079c8c1807b398b4f14c4d53a992d4d1ccbbbbf1d8ee60c1a51dbed", "88f06b89e9e53160a944ab25a30d2f59a82807303a34767ae6c81714d067640d", "166b08c9b00a86bb21418bd00d3e9c445fb99ca32d14fde2c69a25082c6d7e5a", "8a72076cdb3cd82e07eca1a4282d46eb99515ee08400285a22dabcd88eab2e84", "078cc1681e4c0cb4d0f61091390d81527c9748ec45a9f98118b3fe97051220b7", "3220271f4c7423c530db8a7c1c9714c6f1fad1be0b803c48ca5514c77583f0c7", "e774c8e0fab651c62ee5f0aea84759cc83065afa144ee39013fbee749d209904", "67b37834e66be76fb637be3ce10edbc02dc8067a7fbd7570a27d8d47c1b8c017", "7eccbc3ead189e38be91f2838c4e8954455563a2c63e19d75558e8791619abf1", "027d80d4aef687ad5bcf965536b177137c0fc012b62e29dc247b315163beaef6"], "mitre_attack_tags": ["TA0005", "TA0007"]}, {"bi": "registry-disablesuac", "hashes": ["8171a5ec2079c8c1807b398b4f14c4d53a992d4d1ccbbbbf1d8ee60c1a51dbed", "88f06b89e9e53160a944ab25a30d2f59a82807303a34767ae6c81714d067640d", "166b08c9b00a86bb21418bd00d3e9c445fb99ca32d14fde2c69a25082c6d7e5a", "8a72076cdb3cd82e07eca1a4282d46eb99515ee08400285a22dabcd88eab2e84", "078cc1681e4c0cb4d0f61091390d81527c9748ec45a9f98118b3fe97051220b7", "3220271f4c7423c530db8a7c1c9714c6f1fad1be0b803c48ca5514c77583f0c7", "e774c8e0fab651c62ee5f0aea84759cc83065afa144ee39013fbee749d209904", "67b37834e66be76fb637be3ce10edbc02dc8067a7fbd7570a27d8d47c1b8c017", "7eccbc3ead189e38be91f2838c4e8954455563a2c63e19d75558e8791619abf1", "027d80d4aef687ad5bcf965536b177137c0fc012b62e29dc247b315163beaef6"], "mitre_attack_tags": ["TA0005", "TA0004", "T1548", "T1562"]}, {"bi": "pe-imports-psapi-dll", "hashes": ["8171a5ec2079c8c1807b398b4f14c4d53a992d4d1ccbbbbf1d8ee60c1a51dbed", "88f06b89e9e53160a944ab25a30d2f59a82807303a34767ae6c81714d067640d", "166b08c9b00a86bb21418bd00d3e9c445fb99ca32d14fde2c69a25082c6d7e5a", "8a72076cdb3cd82e07eca1a4282d46eb99515ee08400285a22dabcd88eab2e84", "078cc1681e4c0cb4d0f61091390d81527c9748ec45a9f98118b3fe97051220b7", "3220271f4c7423c530db8a7c1c9714c6f1fad1be0b803c48ca5514c77583f0c7", "e774c8e0fab651c62ee5f0aea84759cc83065afa144ee39013fbee749d209904", "67b37834e66be76fb637be3ce10edbc02dc8067a7fbd7570a27d8d47c1b8c017", "7eccbc3ead189e38be91f2838c4e8954455563a2c63e19d75558e8791619abf1", "027d80d4aef687ad5bcf965536b177137c0fc012b62e29dc247b315163beaef6"], "mitre_attack_tags": ["TA0007", "T1057"]}, {"bi": "pe-imports-toolhelp", "hashes": ["8171a5ec2079c8c1807b398b4f14c4d53a992d4d1ccbbbbf1d8ee60c1a51dbed", "88f06b89e9e53160a944ab25a30d2f59a82807303a34767ae6c81714d067640d", "166b08c9b00a86bb21418bd00d3e9c445fb99ca32d14fde2c69a25082c6d7e5a", "8a72076cdb3cd82e07eca1a4282d46eb99515ee08400285a22dabcd88eab2e84", "078cc1681e4c0cb4d0f61091390d81527c9748ec45a9f98118b3fe97051220b7", "3220271f4c7423c530db8a7c1c9714c6f1fad1be0b803c48ca5514c77583f0c7", "e774c8e0fab651c62ee5f0aea84759cc83065afa144ee39013fbee749d209904", "67b37834e66be76fb637be3ce10edbc02dc8067a7fbd7570a27d8d47c1b8c017", "7eccbc3ead189e38be91f2838c4e8954455563a2c63e19d75558e8791619abf1", "027d80d4aef687ad5bcf965536b177137c0fc012b62e29dc247b315163beaef6"], "mitre_attack_tags": ["TA0007", "T1057"]}, {"bi": "netsh-firewall-generic", "hashes": ["8171a5ec2079c8c1807b398b4f14c4d53a992d4d1ccbbbbf1d8ee60c1a51dbed", "88f06b89e9e53160a944ab25a30d2f59a82807303a34767ae6c81714d067640d", "166b08c9b00a86bb21418bd00d3e9c445fb99ca32d14fde2c69a25082c6d7e5a", "8a72076cdb3cd82e07eca1a4282d46eb99515ee08400285a22dabcd88eab2e84", "078cc1681e4c0cb4d0f61091390d81527c9748ec45a9f98118b3fe97051220b7", "3220271f4c7423c530db8a7c1c9714c6f1fad1be0b803c48ca5514c77583f0c7", "e774c8e0fab651c62ee5f0aea84759cc83065afa144ee39013fbee749d209904", "67b37834e66be76fb637be3ce10edbc02dc8067a7fbd7570a27d8d47c1b8c017", "7eccbc3ead189e38be91f2838c4e8954455563a2c63e19d75558e8791619abf1", "027d80d4aef687ad5bcf965536b177137c0fc012b62e29dc247b315163beaef6"], "mitre_attack_tags": ["TA0007", "TA0005", "T1016", "T1562"]}, {"bi": "netsh-firewall-add", "hashes": ["8171a5ec2079c8c1807b398b4f14c4d53a992d4d1ccbbbbf1d8ee60c1a51dbed", "88f06b89e9e53160a944ab25a30d2f59a82807303a34767ae6c81714d067640d", "166b08c9b00a86bb21418bd00d3e9c445fb99ca32d14fde2c69a25082c6d7e5a", "8a72076cdb3cd82e07eca1a4282d46eb99515ee08400285a22dabcd88eab2e84", "078cc1681e4c0cb4d0f61091390d81527c9748ec45a9f98118b3fe97051220b7", "3220271f4c7423c530db8a7c1c9714c6f1fad1be0b803c48ca5514c77583f0c7", "e774c8e0fab651c62ee5f0aea84759cc83065afa144ee39013fbee749d209904", "67b37834e66be76fb637be3ce10edbc02dc8067a7fbd7570a27d8d47c1b8c017", "7eccbc3ead189e38be91f2838c4e8954455563a2c63e19d75558e8791619abf1", "027d80d4aef687ad5bcf965536b177137c0fc012b62e29dc247b315163beaef6"], "mitre_attack_tags": ["TA0005", "T1562"]}, {"bi": "malware-trojan-njrat-detected", "hashes": ["8171a5ec2079c8c1807b398b4f14c4d53a992d4d1ccbbbbf1d8ee60c1a51dbed", "88f06b89e9e53160a944ab25a30d2f59a82807303a34767ae6c81714d067640d", "166b08c9b00a86bb21418bd00d3e9c445fb99ca32d14fde2c69a25082c6d7e5a", "8a72076cdb3cd82e07eca1a4282d46eb99515ee08400285a22dabcd88eab2e84", "078cc1681e4c0cb4d0f61091390d81527c9748ec45a9f98118b3fe97051220b7", "3220271f4c7423c530db8a7c1c9714c6f1fad1be0b803c48ca5514c77583f0c7", "e774c8e0fab651c62ee5f0aea84759cc83065afa144ee39013fbee749d209904", "67b37834e66be76fb637be3ce10edbc02dc8067a7fbd7570a27d8d47c1b8c017", "7eccbc3ead189e38be91f2838c4e8954455563a2c63e19d75558e8791619abf1", "027d80d4aef687ad5bcf965536b177137c0fc012b62e29dc247b315163beaef6"], "mitre_attack_tags": []}, {"bi": "registry-autorun-key-temp-dir", "hashes": ["8171a5ec2079c8c1807b398b4f14c4d53a992d4d1ccbbbbf1d8ee60c1a51dbed", "88f06b89e9e53160a944ab25a30d2f59a82807303a34767ae6c81714d067640d", "166b08c9b00a86bb21418bd00d3e9c445fb99ca32d14fde2c69a25082c6d7e5a", "8a72076cdb3cd82e07eca1a4282d46eb99515ee08400285a22dabcd88eab2e84", "078cc1681e4c0cb4d0f61091390d81527c9748ec45a9f98118b3fe97051220b7", "3220271f4c7423c530db8a7c1c9714c6f1fad1be0b803c48ca5514c77583f0c7", "e774c8e0fab651c62ee5f0aea84759cc83065afa144ee39013fbee749d209904", "67b37834e66be76fb637be3ce10edbc02dc8067a7fbd7570a27d8d47c1b8c017", "7eccbc3ead189e38be91f2838c4e8954455563a2c63e19d75558e8791619abf1", "027d80d4aef687ad5bcf965536b177137c0fc012b62e29dc247b315163beaef6"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "registry-disable-open-file-security-warning", "hashes": ["8171a5ec2079c8c1807b398b4f14c4d53a992d4d1ccbbbbf1d8ee60c1a51dbed", "88f06b89e9e53160a944ab25a30d2f59a82807303a34767ae6c81714d067640d", "166b08c9b00a86bb21418bd00d3e9c445fb99ca32d14fde2c69a25082c6d7e5a", "8a72076cdb3cd82e07eca1a4282d46eb99515ee08400285a22dabcd88eab2e84", "078cc1681e4c0cb4d0f61091390d81527c9748ec45a9f98118b3fe97051220b7", "3220271f4c7423c530db8a7c1c9714c6f1fad1be0b803c48ca5514c77583f0c7", "e774c8e0fab651c62ee5f0aea84759cc83065afa144ee39013fbee749d209904", "67b37834e66be76fb637be3ce10edbc02dc8067a7fbd7570a27d8d47c1b8c017", "7eccbc3ead189e38be91f2838c4e8954455563a2c63e19d75558e8791619abf1", "027d80d4aef687ad5bcf965536b177137c0fc012b62e29dc247b315163beaef6"], "mitre_attack_tags": ["TA0005", "T1112", "T1562"]}, {"bi": "malware-generic-dotnet-trojan-uses-random-guid-mutex", "hashes": ["8171a5ec2079c8c1807b398b4f14c4d53a992d4d1ccbbbbf1d8ee60c1a51dbed", "88f06b89e9e53160a944ab25a30d2f59a82807303a34767ae6c81714d067640d", "166b08c9b00a86bb21418bd00d3e9c445fb99ca32d14fde2c69a25082c6d7e5a", "8a72076cdb3cd82e07eca1a4282d46eb99515ee08400285a22dabcd88eab2e84", "078cc1681e4c0cb4d0f61091390d81527c9748ec45a9f98118b3fe97051220b7", "3220271f4c7423c530db8a7c1c9714c6f1fad1be0b803c48ca5514c77583f0c7", "e774c8e0fab651c62ee5f0aea84759cc83065afa144ee39013fbee749d209904", "67b37834e66be76fb637be3ce10edbc02dc8067a7fbd7570a27d8d47c1b8c017", "7eccbc3ead189e38be91f2838c4e8954455563a2c63e19d75558e8791619abf1", "027d80d4aef687ad5bcf965536b177137c0fc012b62e29dc247b315163beaef6"], "mitre_attack_tags": []}, {"bi": "firewall-exception-user-dir", "hashes": ["8171a5ec2079c8c1807b398b4f14c4d53a992d4d1ccbbbbf1d8ee60c1a51dbed", "88f06b89e9e53160a944ab25a30d2f59a82807303a34767ae6c81714d067640d", "166b08c9b00a86bb21418bd00d3e9c445fb99ca32d14fde2c69a25082c6d7e5a", "8a72076cdb3cd82e07eca1a4282d46eb99515ee08400285a22dabcd88eab2e84", "078cc1681e4c0cb4d0f61091390d81527c9748ec45a9f98118b3fe97051220b7", "3220271f4c7423c530db8a7c1c9714c6f1fad1be0b803c48ca5514c77583f0c7", "e774c8e0fab651c62ee5f0aea84759cc83065afa144ee39013fbee749d209904", "67b37834e66be76fb637be3ce10edbc02dc8067a7fbd7570a27d8d47c1b8c017", "7eccbc3ead189e38be91f2838c4e8954455563a2c63e19d75558e8791619abf1", "027d80d4aef687ad5bcf965536b177137c0fc012b62e29dc247b315163beaef6"], "mitre_attack_tags": ["TA0005", "T1562"]}, {"bi": "pe-uses-autoit", "hashes": ["8171a5ec2079c8c1807b398b4f14c4d53a992d4d1ccbbbbf1d8ee60c1a51dbed", "88f06b89e9e53160a944ab25a30d2f59a82807303a34767ae6c81714d067640d", "166b08c9b00a86bb21418bd00d3e9c445fb99ca32d14fde2c69a25082c6d7e5a", "8a72076cdb3cd82e07eca1a4282d46eb99515ee08400285a22dabcd88eab2e84", "078cc1681e4c0cb4d0f61091390d81527c9748ec45a9f98118b3fe97051220b7", "3220271f4c7423c530db8a7c1c9714c6f1fad1be0b803c48ca5514c77583f0c7", "e774c8e0fab651c62ee5f0aea84759cc83065afa144ee39013fbee749d209904", "67b37834e66be76fb637be3ce10edbc02dc8067a7fbd7570a27d8d47c1b8c017", "7eccbc3ead189e38be91f2838c4e8954455563a2c63e19d75558e8791619abf1", "027d80d4aef687ad5bcf965536b177137c0fc012b62e29dc247b315163beaef6"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "malware-trojan-njrat-registry", "hashes": ["8171a5ec2079c8c1807b398b4f14c4d53a992d4d1ccbbbbf1d8ee60c1a51dbed", "88f06b89e9e53160a944ab25a30d2f59a82807303a34767ae6c81714d067640d", "166b08c9b00a86bb21418bd00d3e9c445fb99ca32d14fde2c69a25082c6d7e5a", "8a72076cdb3cd82e07eca1a4282d46eb99515ee08400285a22dabcd88eab2e84", "078cc1681e4c0cb4d0f61091390d81527c9748ec45a9f98118b3fe97051220b7", "3220271f4c7423c530db8a7c1c9714c6f1fad1be0b803c48ca5514c77583f0c7", "e774c8e0fab651c62ee5f0aea84759cc83065afa144ee39013fbee749d209904", "67b37834e66be76fb637be3ce10edbc02dc8067a7fbd7570a27d8d47c1b8c017", "7eccbc3ead189e38be91f2838c4e8954455563a2c63e19d75558e8791619abf1", "027d80d4aef687ad5bcf965536b177137c0fc012b62e29dc247b315163beaef6"], "mitre_attack_tags": ["TA0005", "T1112"]}], "category": "Dropper", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": false, "Threat Grid": true, "Umbrella": false, "WSA": false}, "description": "njRAT, also known as Bladabindi, is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes and remotely turn on the victim's webcam and microphone. njRAT was developed by the Sparclyheason group. Some of the largest attacks using this malware date back to 2014.", "hashes": ["027d80d4aef687ad5bcf965536b177137c0fc012b62e29dc247b315163beaef6", "078cc1681e4c0cb4d0f61091390d81527c9748ec45a9f98118b3fe97051220b7", "166b08c9b00a86bb21418bd00d3e9c445fb99ca32d14fde2c69a25082c6d7e5a", "3220271f4c7423c530db8a7c1c9714c6f1fad1be0b803c48ca5514c77583f0c7", "67b37834e66be76fb637be3ce10edbc02dc8067a7fbd7570a27d8d47c1b8c017", "7eccbc3ead189e38be91f2838c4e8954455563a2c63e19d75558e8791619abf1", "8171a5ec2079c8c1807b398b4f14c4d53a992d4d1ccbbbbf1d8ee60c1a51dbed", "88f06b89e9e53160a944ab25a30d2f59a82807303a34767ae6c81714d067640d", "8a72076cdb3cd82e07eca1a4282d46eb99515ee08400285a22dabcd88eab2e84", "e774c8e0fab651c62ee5f0aea84759cc83065afa144ee39013fbee749d209904"], "iocs": {"domain": [], "file": [{"hashes": ["027d80d4aef687ad5bcf965536b177137c0fc012b62e29dc247b315163beaef6", "078cc1681e4c0cb4d0f61091390d81527c9748ec45a9f98118b3fe97051220b7", "166b08c9b00a86bb21418bd00d3e9c445fb99ca32d14fde2c69a25082c6d7e5a", "3220271f4c7423c530db8a7c1c9714c6f1fad1be0b803c48ca5514c77583f0c7", "67b37834e66be76fb637be3ce10edbc02dc8067a7fbd7570a27d8d47c1b8c017", "7eccbc3ead189e38be91f2838c4e8954455563a2c63e19d75558e8791619abf1", "8171a5ec2079c8c1807b398b4f14c4d53a992d4d1ccbbbbf1d8ee60c1a51dbed", "88f06b89e9e53160a944ab25a30d2f59a82807303a34767ae6c81714d067640d", "8a72076cdb3cd82e07eca1a4282d46eb99515ee08400285a22dabcd88eab2e84", "e774c8e0fab651c62ee5f0aea84759cc83065afa144ee39013fbee749d209904"], "path": "%TEMP%\\server.exe"}, {"hashes": ["027d80d4aef687ad5bcf965536b177137c0fc012b62e29dc247b315163beaef6", "078cc1681e4c0cb4d0f61091390d81527c9748ec45a9f98118b3fe97051220b7", "166b08c9b00a86bb21418bd00d3e9c445fb99ca32d14fde2c69a25082c6d7e5a", "3220271f4c7423c530db8a7c1c9714c6f1fad1be0b803c48ca5514c77583f0c7", "67b37834e66be76fb637be3ce10edbc02dc8067a7fbd7570a27d8d47c1b8c017", "7eccbc3ead189e38be91f2838c4e8954455563a2c63e19d75558e8791619abf1", "8171a5ec2079c8c1807b398b4f14c4d53a992d4d1ccbbbbf1d8ee60c1a51dbed", "88f06b89e9e53160a944ab25a30d2f59a82807303a34767ae6c81714d067640d", "8a72076cdb3cd82e07eca1a4282d46eb99515ee08400285a22dabcd88eab2e84", "e774c8e0fab651c62ee5f0aea84759cc83065afa144ee39013fbee749d209904"], "path": "%TEMP%\\<random, matching [A-F0-9]{3,4}>"}, {"hashes": ["8a72076cdb3cd82e07eca1a4282d46eb99515ee08400285a22dabcd88eab2e84"], "path": "%TEMP%\\4108\\4108.exe"}, {"hashes": ["8171a5ec2079c8c1807b398b4f14c4d53a992d4d1ccbbbbf1d8ee60c1a51dbed"], "path": "%TEMP%\\3355\\3355.exe"}, {"hashes": ["e774c8e0fab651c62ee5f0aea84759cc83065afa144ee39013fbee749d209904"], "path": "%TEMP%\\5654\\5654.exe"}, {"hashes": ["3220271f4c7423c530db8a7c1c9714c6f1fad1be0b803c48ca5514c77583f0c7"], "path": "%TEMP%\\700\\700.exe"}, {"hashes": ["88f06b89e9e53160a944ab25a30d2f59a82807303a34767ae6c81714d067640d"], "path": "%TEMP%\\5102\\5102.exe"}, {"hashes": ["078cc1681e4c0cb4d0f61091390d81527c9748ec45a9f98118b3fe97051220b7"], "path": "%TEMP%\\3539\\3539.exe"}, {"hashes": ["166b08c9b00a86bb21418bd00d3e9c445fb99ca32d14fde2c69a25082c6d7e5a"], "path": "%TEMP%\\6788\\6788.exe"}, {"hashes": ["7eccbc3ead189e38be91f2838c4e8954455563a2c63e19d75558e8791619abf1"], "path": "%TEMP%\\3217\\3217.exe"}, {"hashes": ["027d80d4aef687ad5bcf965536b177137c0fc012b62e29dc247b315163beaef6"], "path": "%TEMP%\\5426\\5426.exe"}, {"hashes": ["67b37834e66be76fb637be3ce10edbc02dc8067a7fbd7570a27d8d47c1b8c017"], "path": "%TEMP%\\377\\377.exe"}], "ip": [], "mutex": [{"hashes": ["027d80d4aef687ad5bcf965536b177137c0fc012b62e29dc247b315163beaef6", "078cc1681e4c0cb4d0f61091390d81527c9748ec45a9f98118b3fe97051220b7", "166b08c9b00a86bb21418bd00d3e9c445fb99ca32d14fde2c69a25082c6d7e5a", "3220271f4c7423c530db8a7c1c9714c6f1fad1be0b803c48ca5514c77583f0c7", "67b37834e66be76fb637be3ce10edbc02dc8067a7fbd7570a27d8d47c1b8c017", "7eccbc3ead189e38be91f2838c4e8954455563a2c63e19d75558e8791619abf1", "8171a5ec2079c8c1807b398b4f14c4d53a992d4d1ccbbbbf1d8ee60c1a51dbed", "88f06b89e9e53160a944ab25a30d2f59a82807303a34767ae6c81714d067640d", "8a72076cdb3cd82e07eca1a4282d46eb99515ee08400285a22dabcd88eab2e84"], "name": "7657c14284185fbd3fb108b43c7467ba"}, {"hashes": ["e774c8e0fab651c62ee5f0aea84759cc83065afa144ee39013fbee749d209904"], "name": "a12f2b7635caffde3957a7cc18cde5a9"}], "registry": [{"hashes": ["027d80d4aef687ad5bcf965536b177137c0fc012b62e29dc247b315163beaef6", "078cc1681e4c0cb4d0f61091390d81527c9748ec45a9f98118b3fe97051220b7", "166b08c9b00a86bb21418bd00d3e9c445fb99ca32d14fde2c69a25082c6d7e5a", "3220271f4c7423c530db8a7c1c9714c6f1fad1be0b803c48ca5514c77583f0c7", "67b37834e66be76fb637be3ce10edbc02dc8067a7fbd7570a27d8d47c1b8c017", "7eccbc3ead189e38be91f2838c4e8954455563a2c63e19d75558e8791619abf1", "8171a5ec2079c8c1807b398b4f14c4d53a992d4d1ccbbbbf1d8ee60c1a51dbed", "88f06b89e9e53160a944ab25a30d2f59a82807303a34767ae6c81714d067640d", "8a72076cdb3cd82e07eca1a4282d46eb99515ee08400285a22dabcd88eab2e84", "e774c8e0fab651c62ee5f0aea84759cc83065afa144ee39013fbee749d209904"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\SYSTEM", "value_name": "EnableLUA"}, {"hashes": ["027d80d4aef687ad5bcf965536b177137c0fc012b62e29dc247b315163beaef6", "078cc1681e4c0cb4d0f61091390d81527c9748ec45a9f98118b3fe97051220b7", "166b08c9b00a86bb21418bd00d3e9c445fb99ca32d14fde2c69a25082c6d7e5a", "3220271f4c7423c530db8a7c1c9714c6f1fad1be0b803c48ca5514c77583f0c7", "67b37834e66be76fb637be3ce10edbc02dc8067a7fbd7570a27d8d47c1b8c017", "7eccbc3ead189e38be91f2838c4e8954455563a2c63e19d75558e8791619abf1", "8171a5ec2079c8c1807b398b4f14c4d53a992d4d1ccbbbbf1d8ee60c1a51dbed", "88f06b89e9e53160a944ab25a30d2f59a82807303a34767ae6c81714d067640d", "8a72076cdb3cd82e07eca1a4282d46eb99515ee08400285a22dabcd88eab2e84", "e774c8e0fab651c62ee5f0aea84759cc83065afa144ee39013fbee749d209904"], "key": "<HKU>\\S-1-5-21-2580483871-590521980-3826313501-500", "value_name": "di"}, {"hashes": ["027d80d4aef687ad5bcf965536b177137c0fc012b62e29dc247b315163beaef6", "078cc1681e4c0cb4d0f61091390d81527c9748ec45a9f98118b3fe97051220b7", "166b08c9b00a86bb21418bd00d3e9c445fb99ca32d14fde2c69a25082c6d7e5a", "3220271f4c7423c530db8a7c1c9714c6f1fad1be0b803c48ca5514c77583f0c7", "67b37834e66be76fb637be3ce10edbc02dc8067a7fbd7570a27d8d47c1b8c017", "7eccbc3ead189e38be91f2838c4e8954455563a2c63e19d75558e8791619abf1", "8171a5ec2079c8c1807b398b4f14c4d53a992d4d1ccbbbbf1d8ee60c1a51dbed", "88f06b89e9e53160a944ab25a30d2f59a82807303a34767ae6c81714d067640d", "8a72076cdb3cd82e07eca1a4282d46eb99515ee08400285a22dabcd88eab2e84", "e774c8e0fab651c62ee5f0aea84759cc83065afa144ee39013fbee749d209904"], "key": "<HKCU>\\ENVIRONMENT", "value_name": "SEE_MASK_NOZONECHECKS"}, {"hashes": ["027d80d4aef687ad5bcf965536b177137c0fc012b62e29dc247b315163beaef6", "078cc1681e4c0cb4d0f61091390d81527c9748ec45a9f98118b3fe97051220b7", "166b08c9b00a86bb21418bd00d3e9c445fb99ca32d14fde2c69a25082c6d7e5a", "3220271f4c7423c530db8a7c1c9714c6f1fad1be0b803c48ca5514c77583f0c7", "67b37834e66be76fb637be3ce10edbc02dc8067a7fbd7570a27d8d47c1b8c017", "7eccbc3ead189e38be91f2838c4e8954455563a2c63e19d75558e8791619abf1", "8171a5ec2079c8c1807b398b4f14c4d53a992d4d1ccbbbbf1d8ee60c1a51dbed", "88f06b89e9e53160a944ab25a30d2f59a82807303a34767ae6c81714d067640d", "8a72076cdb3cd82e07eca1a4282d46eb99515ee08400285a22dabcd88eab2e84", "e774c8e0fab651c62ee5f0aea84759cc83065afa144ee39013fbee749d209904"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\SYSTEM", "value_name": "ConsentPromptBehaviorAdmin"}, {"hashes": ["027d80d4aef687ad5bcf965536b177137c0fc012b62e29dc247b315163beaef6", "078cc1681e4c0cb4d0f61091390d81527c9748ec45a9f98118b3fe97051220b7", "166b08c9b00a86bb21418bd00d3e9c445fb99ca32d14fde2c69a25082c6d7e5a", "3220271f4c7423c530db8a7c1c9714c6f1fad1be0b803c48ca5514c77583f0c7", "67b37834e66be76fb637be3ce10edbc02dc8067a7fbd7570a27d8d47c1b8c017", "7eccbc3ead189e38be91f2838c4e8954455563a2c63e19d75558e8791619abf1", "8171a5ec2079c8c1807b398b4f14c4d53a992d4d1ccbbbbf1d8ee60c1a51dbed", "88f06b89e9e53160a944ab25a30d2f59a82807303a34767ae6c81714d067640d", "8a72076cdb3cd82e07eca1a4282d46eb99515ee08400285a22dabcd88eab2e84"], "key": "<HKCU>\\SOFTWARE\\7657C14284185FBD3FB108B43C7467BA", "value_name": null}, {"hashes": ["027d80d4aef687ad5bcf965536b177137c0fc012b62e29dc247b315163beaef6", "078cc1681e4c0cb4d0f61091390d81527c9748ec45a9f98118b3fe97051220b7", "166b08c9b00a86bb21418bd00d3e9c445fb99ca32d14fde2c69a25082c6d7e5a", "3220271f4c7423c530db8a7c1c9714c6f1fad1be0b803c48ca5514c77583f0c7", "67b37834e66be76fb637be3ce10edbc02dc8067a7fbd7570a27d8d47c1b8c017", "7eccbc3ead189e38be91f2838c4e8954455563a2c63e19d75558e8791619abf1", "8171a5ec2079c8c1807b398b4f14c4d53a992d4d1ccbbbbf1d8ee60c1a51dbed", "88f06b89e9e53160a944ab25a30d2f59a82807303a34767ae6c81714d067640d", "8a72076cdb3cd82e07eca1a4282d46eb99515ee08400285a22dabcd88eab2e84"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "7657c14284185fbd3fb108b43c7467ba"}, {"hashes": ["027d80d4aef687ad5bcf965536b177137c0fc012b62e29dc247b315163beaef6", "078cc1681e4c0cb4d0f61091390d81527c9748ec45a9f98118b3fe97051220b7", "166b08c9b00a86bb21418bd00d3e9c445fb99ca32d14fde2c69a25082c6d7e5a", "3220271f4c7423c530db8a7c1c9714c6f1fad1be0b803c48ca5514c77583f0c7", "67b37834e66be76fb637be3ce10edbc02dc8067a7fbd7570a27d8d47c1b8c017", "7eccbc3ead189e38be91f2838c4e8954455563a2c63e19d75558e8791619abf1", "8171a5ec2079c8c1807b398b4f14c4d53a992d4d1ccbbbbf1d8ee60c1a51dbed", "88f06b89e9e53160a944ab25a30d2f59a82807303a34767ae6c81714d067640d", "8a72076cdb3cd82e07eca1a4282d46eb99515ee08400285a22dabcd88eab2e84"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "7657c14284185fbd3fb108b43c7467ba"}, {"hashes": ["027d80d4aef687ad5bcf965536b177137c0fc012b62e29dc247b315163beaef6", "078cc1681e4c0cb4d0f61091390d81527c9748ec45a9f98118b3fe97051220b7", "166b08c9b00a86bb21418bd00d3e9c445fb99ca32d14fde2c69a25082c6d7e5a", "3220271f4c7423c530db8a7c1c9714c6f1fad1be0b803c48ca5514c77583f0c7", "67b37834e66be76fb637be3ce10edbc02dc8067a7fbd7570a27d8d47c1b8c017", "7eccbc3ead189e38be91f2838c4e8954455563a2c63e19d75558e8791619abf1", "8171a5ec2079c8c1807b398b4f14c4d53a992d4d1ccbbbbf1d8ee60c1a51dbed", "88f06b89e9e53160a944ab25a30d2f59a82807303a34767ae6c81714d067640d", "8a72076cdb3cd82e07eca1a4282d46eb99515ee08400285a22dabcd88eab2e84"], "key": "<HKCU>\\SOFTWARE\\7657C14284185FBD3FB108B43C7467BA", "value_name": "[kl]"}, {"hashes": ["e774c8e0fab651c62ee5f0aea84759cc83065afa144ee39013fbee749d209904"], "key": "<HKCU>\\SOFTWARE\\A12F2B7635CAFFDE3957A7CC18CDE5A9", "value_name": null}, {"hashes": ["e774c8e0fab651c62ee5f0aea84759cc83065afa144ee39013fbee749d209904"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "a12f2b7635caffde3957a7cc18cde5a9"}, {"hashes": ["e774c8e0fab651c62ee5f0aea84759cc83065afa144ee39013fbee749d209904"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "a12f2b7635caffde3957a7cc18cde5a9"}, {"hashes": ["e774c8e0fab651c62ee5f0aea84759cc83065afa144ee39013fbee749d209904"], "key": "<HKCU>\\SOFTWARE\\A12F2B7635CAFFDE3957A7CC18CDE5A9", "value_name": "[kl]"}]}, "reports_count": 10}, "Win.Packed.Upatre-9980519-1": {"bis": [{"bi": "memory-execute-readwrite", "hashes": ["827590683047f223dad8f70661d8255f02f59c6153fb18d1e1d1e01347e46358", "26456e576a208be3f0b95f5622a7b76c0af35f9544429fe1c358365db49be4e9", "e7edf096e5b0f47505a82e3224c9238305570075a7c1f270abf0762cf8149f47", "486ddd85daaaca6fce26f5be2ae7eb6e4cf84356bfcda16e1be69419a5f1711d", "73ad9dbc8c06b67f3243d07694d080303b866df802240d107901405ae555e83d", "946d53247eb42ce346e399862371d235b997fd565b8823d39f82fa8c7788a85b", "e95635e780e83bdcc9b067d3deac612bcabcc9fdb870730cddeddd3f34c90d68", "86fd57bf637914755e2a5465ebc731bc7592beaf8e9431e0e58242e292ae1bcd", "d0c38e46f3903b1533741dfbb981944f4d10c7e273c6d3df8ba5b873ec7ed821", "1ee828baaa452d0318a1badef9d56f8a8ee05d3599c9f6c8dcb54ae322a392fd", "5bcb2180f9b47d6d47f3a34329abc443f2d3bda89bd473f99d1c9442281abc3a", "5bb31cd6bc300b99aa3ffd75669c0d5db8e72ee5e92fd4da1a142bf6d535ecb8", "25e06d5c6183431c27c5fb676df9299536afb875ed0f1c40b0971fa18dd4e895", "897b7276724d6dcf490700bc2e0c8bcdc6c9d7b81cb129bcb0a964512ffa65f9", "4f897c309f9776ecd32c026fd95730f3d800e75d66e2a2c7316e87b18a0fde00", "80641c380f6576daac3a5ed7365d4f244fdc78f2fbb3a4654b56deffbaf29a3d", "93ed23c90e7861a0d49b1dbf371a621552736c13a3cb9f9290aa19359ed05e63", "431ab948d4c702eb811be5a32453a6a0257ad2721db88e5b1b09c5817e8786fc", "2ff4fa86d4572329e55dcf36c8b652f0eb54a036d78992f6ea989f9815a7ce1a", "dd3c60ded429342847acaa695775b8a12aa0e68a21e7de7405c0921ec19bb9e7"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "modified-executable", "hashes": ["827590683047f223dad8f70661d8255f02f59c6153fb18d1e1d1e01347e46358", "26456e576a208be3f0b95f5622a7b76c0af35f9544429fe1c358365db49be4e9", "e7edf096e5b0f47505a82e3224c9238305570075a7c1f270abf0762cf8149f47", "486ddd85daaaca6fce26f5be2ae7eb6e4cf84356bfcda16e1be69419a5f1711d", "73ad9dbc8c06b67f3243d07694d080303b866df802240d107901405ae555e83d", "946d53247eb42ce346e399862371d235b997fd565b8823d39f82fa8c7788a85b", "e95635e780e83bdcc9b067d3deac612bcabcc9fdb870730cddeddd3f34c90d68", "86fd57bf637914755e2a5465ebc731bc7592beaf8e9431e0e58242e292ae1bcd", "d0c38e46f3903b1533741dfbb981944f4d10c7e273c6d3df8ba5b873ec7ed821", "1ee828baaa452d0318a1badef9d56f8a8ee05d3599c9f6c8dcb54ae322a392fd", "5bcb2180f9b47d6d47f3a34329abc443f2d3bda89bd473f99d1c9442281abc3a", "5bb31cd6bc300b99aa3ffd75669c0d5db8e72ee5e92fd4da1a142bf6d535ecb8", "25e06d5c6183431c27c5fb676df9299536afb875ed0f1c40b0971fa18dd4e895", "897b7276724d6dcf490700bc2e0c8bcdc6c9d7b81cb129bcb0a964512ffa65f9", "4f897c309f9776ecd32c026fd95730f3d800e75d66e2a2c7316e87b18a0fde00", "80641c380f6576daac3a5ed7365d4f244fdc78f2fbb3a4654b56deffbaf29a3d", "93ed23c90e7861a0d49b1dbf371a621552736c13a3cb9f9290aa19359ed05e63", "431ab948d4c702eb811be5a32453a6a0257ad2721db88e5b1b09c5817e8786fc", "2ff4fa86d4572329e55dcf36c8b652f0eb54a036d78992f6ea989f9815a7ce1a", "dd3c60ded429342847acaa695775b8a12aa0e68a21e7de7405c0921ec19bb9e7"], "mitre_attack_tags": []}, {"bi": "created-executable-in-user-dir", "hashes": ["827590683047f223dad8f70661d8255f02f59c6153fb18d1e1d1e01347e46358", "26456e576a208be3f0b95f5622a7b76c0af35f9544429fe1c358365db49be4e9", "e7edf096e5b0f47505a82e3224c9238305570075a7c1f270abf0762cf8149f47", "486ddd85daaaca6fce26f5be2ae7eb6e4cf84356bfcda16e1be69419a5f1711d", "73ad9dbc8c06b67f3243d07694d080303b866df802240d107901405ae555e83d", "946d53247eb42ce346e399862371d235b997fd565b8823d39f82fa8c7788a85b", "e95635e780e83bdcc9b067d3deac612bcabcc9fdb870730cddeddd3f34c90d68", "86fd57bf637914755e2a5465ebc731bc7592beaf8e9431e0e58242e292ae1bcd", "d0c38e46f3903b1533741dfbb981944f4d10c7e273c6d3df8ba5b873ec7ed821", "1ee828baaa452d0318a1badef9d56f8a8ee05d3599c9f6c8dcb54ae322a392fd", "5bcb2180f9b47d6d47f3a34329abc443f2d3bda89bd473f99d1c9442281abc3a", "5bb31cd6bc300b99aa3ffd75669c0d5db8e72ee5e92fd4da1a142bf6d535ecb8", "25e06d5c6183431c27c5fb676df9299536afb875ed0f1c40b0971fa18dd4e895", "897b7276724d6dcf490700bc2e0c8bcdc6c9d7b81cb129bcb0a964512ffa65f9", "4f897c309f9776ecd32c026fd95730f3d800e75d66e2a2c7316e87b18a0fde00", "80641c380f6576daac3a5ed7365d4f244fdc78f2fbb3a4654b56deffbaf29a3d", "93ed23c90e7861a0d49b1dbf371a621552736c13a3cb9f9290aa19359ed05e63", "431ab948d4c702eb811be5a32453a6a0257ad2721db88e5b1b09c5817e8786fc", "2ff4fa86d4572329e55dcf36c8b652f0eb54a036d78992f6ea989f9815a7ce1a", "dd3c60ded429342847acaa695775b8a12aa0e68a21e7de7405c0921ec19bb9e7"], "mitre_attack_tags": []}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["827590683047f223dad8f70661d8255f02f59c6153fb18d1e1d1e01347e46358", "26456e576a208be3f0b95f5622a7b76c0af35f9544429fe1c358365db49be4e9", "e7edf096e5b0f47505a82e3224c9238305570075a7c1f270abf0762cf8149f47", "486ddd85daaaca6fce26f5be2ae7eb6e4cf84356bfcda16e1be69419a5f1711d", "73ad9dbc8c06b67f3243d07694d080303b866df802240d107901405ae555e83d", "946d53247eb42ce346e399862371d235b997fd565b8823d39f82fa8c7788a85b", "e95635e780e83bdcc9b067d3deac612bcabcc9fdb870730cddeddd3f34c90d68", "86fd57bf637914755e2a5465ebc731bc7592beaf8e9431e0e58242e292ae1bcd", "d0c38e46f3903b1533741dfbb981944f4d10c7e273c6d3df8ba5b873ec7ed821", "1ee828baaa452d0318a1badef9d56f8a8ee05d3599c9f6c8dcb54ae322a392fd", "5bcb2180f9b47d6d47f3a34329abc443f2d3bda89bd473f99d1c9442281abc3a", "5bb31cd6bc300b99aa3ffd75669c0d5db8e72ee5e92fd4da1a142bf6d535ecb8", "25e06d5c6183431c27c5fb676df9299536afb875ed0f1c40b0971fa18dd4e895", "897b7276724d6dcf490700bc2e0c8bcdc6c9d7b81cb129bcb0a964512ffa65f9", "4f897c309f9776ecd32c026fd95730f3d800e75d66e2a2c7316e87b18a0fde00", "80641c380f6576daac3a5ed7365d4f244fdc78f2fbb3a4654b56deffbaf29a3d", "93ed23c90e7861a0d49b1dbf371a621552736c13a3cb9f9290aa19359ed05e63", "431ab948d4c702eb811be5a32453a6a0257ad2721db88e5b1b09c5817e8786fc", "2ff4fa86d4572329e55dcf36c8b652f0eb54a036d78992f6ea989f9815a7ce1a", "dd3c60ded429342847acaa695775b8a12aa0e68a21e7de7405c0921ec19bb9e7"], "mitre_attack_tags": []}, {"bi": "modified-file-in-user-dir", "hashes": ["827590683047f223dad8f70661d8255f02f59c6153fb18d1e1d1e01347e46358", "26456e576a208be3f0b95f5622a7b76c0af35f9544429fe1c358365db49be4e9", "e7edf096e5b0f47505a82e3224c9238305570075a7c1f270abf0762cf8149f47", "486ddd85daaaca6fce26f5be2ae7eb6e4cf84356bfcda16e1be69419a5f1711d", "73ad9dbc8c06b67f3243d07694d080303b866df802240d107901405ae555e83d", "946d53247eb42ce346e399862371d235b997fd565b8823d39f82fa8c7788a85b", "e95635e780e83bdcc9b067d3deac612bcabcc9fdb870730cddeddd3f34c90d68", "86fd57bf637914755e2a5465ebc731bc7592beaf8e9431e0e58242e292ae1bcd", "d0c38e46f3903b1533741dfbb981944f4d10c7e273c6d3df8ba5b873ec7ed821", "1ee828baaa452d0318a1badef9d56f8a8ee05d3599c9f6c8dcb54ae322a392fd", "5bcb2180f9b47d6d47f3a34329abc443f2d3bda89bd473f99d1c9442281abc3a", "5bb31cd6bc300b99aa3ffd75669c0d5db8e72ee5e92fd4da1a142bf6d535ecb8", "25e06d5c6183431c27c5fb676df9299536afb875ed0f1c40b0971fa18dd4e895", "897b7276724d6dcf490700bc2e0c8bcdc6c9d7b81cb129bcb0a964512ffa65f9", "4f897c309f9776ecd32c026fd95730f3d800e75d66e2a2c7316e87b18a0fde00", "80641c380f6576daac3a5ed7365d4f244fdc78f2fbb3a4654b56deffbaf29a3d", "93ed23c90e7861a0d49b1dbf371a621552736c13a3cb9f9290aa19359ed05e63", "431ab948d4c702eb811be5a32453a6a0257ad2721db88e5b1b09c5817e8786fc", "2ff4fa86d4572329e55dcf36c8b652f0eb54a036d78992f6ea989f9815a7ce1a", "dd3c60ded429342847acaa695775b8a12aa0e68a21e7de7405c0921ec19bb9e7"], "mitre_attack_tags": []}, {"bi": "pe-invalid-checksum", "hashes": ["827590683047f223dad8f70661d8255f02f59c6153fb18d1e1d1e01347e46358", "26456e576a208be3f0b95f5622a7b76c0af35f9544429fe1c358365db49be4e9", "e7edf096e5b0f47505a82e3224c9238305570075a7c1f270abf0762cf8149f47", "486ddd85daaaca6fce26f5be2ae7eb6e4cf84356bfcda16e1be69419a5f1711d", "73ad9dbc8c06b67f3243d07694d080303b866df802240d107901405ae555e83d", "946d53247eb42ce346e399862371d235b997fd565b8823d39f82fa8c7788a85b", "e95635e780e83bdcc9b067d3deac612bcabcc9fdb870730cddeddd3f34c90d68", "86fd57bf637914755e2a5465ebc731bc7592beaf8e9431e0e58242e292ae1bcd", "d0c38e46f3903b1533741dfbb981944f4d10c7e273c6d3df8ba5b873ec7ed821", "1ee828baaa452d0318a1badef9d56f8a8ee05d3599c9f6c8dcb54ae322a392fd", "5bcb2180f9b47d6d47f3a34329abc443f2d3bda89bd473f99d1c9442281abc3a", "5bb31cd6bc300b99aa3ffd75669c0d5db8e72ee5e92fd4da1a142bf6d535ecb8", "25e06d5c6183431c27c5fb676df9299536afb875ed0f1c40b0971fa18dd4e895", "897b7276724d6dcf490700bc2e0c8bcdc6c9d7b81cb129bcb0a964512ffa65f9", "4f897c309f9776ecd32c026fd95730f3d800e75d66e2a2c7316e87b18a0fde00", "80641c380f6576daac3a5ed7365d4f244fdc78f2fbb3a4654b56deffbaf29a3d", "93ed23c90e7861a0d49b1dbf371a621552736c13a3cb9f9290aa19359ed05e63", "431ab948d4c702eb811be5a32453a6a0257ad2721db88e5b1b09c5817e8786fc", "2ff4fa86d4572329e55dcf36c8b652f0eb54a036d78992f6ea989f9815a7ce1a", "dd3c60ded429342847acaa695775b8a12aa0e68a21e7de7405c0921ec19bb9e7"], "mitre_attack_tags": []}, {"bi": "artifact-flagged-anomaly", "hashes": ["827590683047f223dad8f70661d8255f02f59c6153fb18d1e1d1e01347e46358", "26456e576a208be3f0b95f5622a7b76c0af35f9544429fe1c358365db49be4e9", "e7edf096e5b0f47505a82e3224c9238305570075a7c1f270abf0762cf8149f47", "486ddd85daaaca6fce26f5be2ae7eb6e4cf84356bfcda16e1be69419a5f1711d", "73ad9dbc8c06b67f3243d07694d080303b866df802240d107901405ae555e83d", "946d53247eb42ce346e399862371d235b997fd565b8823d39f82fa8c7788a85b", "e95635e780e83bdcc9b067d3deac612bcabcc9fdb870730cddeddd3f34c90d68", "86fd57bf637914755e2a5465ebc731bc7592beaf8e9431e0e58242e292ae1bcd", "d0c38e46f3903b1533741dfbb981944f4d10c7e273c6d3df8ba5b873ec7ed821", "1ee828baaa452d0318a1badef9d56f8a8ee05d3599c9f6c8dcb54ae322a392fd", "5bcb2180f9b47d6d47f3a34329abc443f2d3bda89bd473f99d1c9442281abc3a", "5bb31cd6bc300b99aa3ffd75669c0d5db8e72ee5e92fd4da1a142bf6d535ecb8", "25e06d5c6183431c27c5fb676df9299536afb875ed0f1c40b0971fa18dd4e895", "897b7276724d6dcf490700bc2e0c8bcdc6c9d7b81cb129bcb0a964512ffa65f9", "4f897c309f9776ecd32c026fd95730f3d800e75d66e2a2c7316e87b18a0fde00", "80641c380f6576daac3a5ed7365d4f244fdc78f2fbb3a4654b56deffbaf29a3d", "93ed23c90e7861a0d49b1dbf371a621552736c13a3cb9f9290aa19359ed05e63", "431ab948d4c702eb811be5a32453a6a0257ad2721db88e5b1b09c5817e8786fc", "2ff4fa86d4572329e55dcf36c8b652f0eb54a036d78992f6ea989f9815a7ce1a", "dd3c60ded429342847acaa695775b8a12aa0e68a21e7de7405c0921ec19bb9e7"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "network-communications-http-get", "hashes": ["827590683047f223dad8f70661d8255f02f59c6153fb18d1e1d1e01347e46358", "26456e576a208be3f0b95f5622a7b76c0af35f9544429fe1c358365db49be4e9", "e7edf096e5b0f47505a82e3224c9238305570075a7c1f270abf0762cf8149f47", "486ddd85daaaca6fce26f5be2ae7eb6e4cf84356bfcda16e1be69419a5f1711d", "73ad9dbc8c06b67f3243d07694d080303b866df802240d107901405ae555e83d", "946d53247eb42ce346e399862371d235b997fd565b8823d39f82fa8c7788a85b", "e95635e780e83bdcc9b067d3deac612bcabcc9fdb870730cddeddd3f34c90d68", "86fd57bf637914755e2a5465ebc731bc7592beaf8e9431e0e58242e292ae1bcd", "d0c38e46f3903b1533741dfbb981944f4d10c7e273c6d3df8ba5b873ec7ed821", "1ee828baaa452d0318a1badef9d56f8a8ee05d3599c9f6c8dcb54ae322a392fd", "5bcb2180f9b47d6d47f3a34329abc443f2d3bda89bd473f99d1c9442281abc3a", "5bb31cd6bc300b99aa3ffd75669c0d5db8e72ee5e92fd4da1a142bf6d535ecb8", "25e06d5c6183431c27c5fb676df9299536afb875ed0f1c40b0971fa18dd4e895", "897b7276724d6dcf490700bc2e0c8bcdc6c9d7b81cb129bcb0a964512ffa65f9", "4f897c309f9776ecd32c026fd95730f3d800e75d66e2a2c7316e87b18a0fde00", "80641c380f6576daac3a5ed7365d4f244fdc78f2fbb3a4654b56deffbaf29a3d", "93ed23c90e7861a0d49b1dbf371a621552736c13a3cb9f9290aa19359ed05e63", "431ab948d4c702eb811be5a32453a6a0257ad2721db88e5b1b09c5817e8786fc", "2ff4fa86d4572329e55dcf36c8b652f0eb54a036d78992f6ea989f9815a7ce1a", "dd3c60ded429342847acaa695775b8a12aa0e68a21e7de7405c0921ec19bb9e7"], "mitre_attack_tags": ["TA0011", "T1105"]}, {"bi": "http-response-client-error", "hashes": ["827590683047f223dad8f70661d8255f02f59c6153fb18d1e1d1e01347e46358", "26456e576a208be3f0b95f5622a7b76c0af35f9544429fe1c358365db49be4e9", "e7edf096e5b0f47505a82e3224c9238305570075a7c1f270abf0762cf8149f47", "486ddd85daaaca6fce26f5be2ae7eb6e4cf84356bfcda16e1be69419a5f1711d", "73ad9dbc8c06b67f3243d07694d080303b866df802240d107901405ae555e83d", "946d53247eb42ce346e399862371d235b997fd565b8823d39f82fa8c7788a85b", "e95635e780e83bdcc9b067d3deac612bcabcc9fdb870730cddeddd3f34c90d68", "86fd57bf637914755e2a5465ebc731bc7592beaf8e9431e0e58242e292ae1bcd", "d0c38e46f3903b1533741dfbb981944f4d10c7e273c6d3df8ba5b873ec7ed821", "1ee828baaa452d0318a1badef9d56f8a8ee05d3599c9f6c8dcb54ae322a392fd", "5bcb2180f9b47d6d47f3a34329abc443f2d3bda89bd473f99d1c9442281abc3a", "5bb31cd6bc300b99aa3ffd75669c0d5db8e72ee5e92fd4da1a142bf6d535ecb8", "25e06d5c6183431c27c5fb676df9299536afb875ed0f1c40b0971fa18dd4e895", "897b7276724d6dcf490700bc2e0c8bcdc6c9d7b81cb129bcb0a964512ffa65f9", "4f897c309f9776ecd32c026fd95730f3d800e75d66e2a2c7316e87b18a0fde00", "80641c380f6576daac3a5ed7365d4f244fdc78f2fbb3a4654b56deffbaf29a3d", "93ed23c90e7861a0d49b1dbf371a621552736c13a3cb9f9290aa19359ed05e63", "431ab948d4c702eb811be5a32453a6a0257ad2721db88e5b1b09c5817e8786fc", "2ff4fa86d4572329e55dcf36c8b652f0eb54a036d78992f6ea989f9815a7ce1a", "dd3c60ded429342847acaa695775b8a12aa0e68a21e7de7405c0921ec19bb9e7"], "mitre_attack_tags": []}, {"bi": "suspicious-user-agent", "hashes": ["827590683047f223dad8f70661d8255f02f59c6153fb18d1e1d1e01347e46358", "26456e576a208be3f0b95f5622a7b76c0af35f9544429fe1c358365db49be4e9", "e7edf096e5b0f47505a82e3224c9238305570075a7c1f270abf0762cf8149f47", "486ddd85daaaca6fce26f5be2ae7eb6e4cf84356bfcda16e1be69419a5f1711d", "73ad9dbc8c06b67f3243d07694d080303b866df802240d107901405ae555e83d", "946d53247eb42ce346e399862371d235b997fd565b8823d39f82fa8c7788a85b", "e95635e780e83bdcc9b067d3deac612bcabcc9fdb870730cddeddd3f34c90d68", "86fd57bf637914755e2a5465ebc731bc7592beaf8e9431e0e58242e292ae1bcd", "d0c38e46f3903b1533741dfbb981944f4d10c7e273c6d3df8ba5b873ec7ed821", "1ee828baaa452d0318a1badef9d56f8a8ee05d3599c9f6c8dcb54ae322a392fd", "5bcb2180f9b47d6d47f3a34329abc443f2d3bda89bd473f99d1c9442281abc3a", "5bb31cd6bc300b99aa3ffd75669c0d5db8e72ee5e92fd4da1a142bf6d535ecb8", "25e06d5c6183431c27c5fb676df9299536afb875ed0f1c40b0971fa18dd4e895", "897b7276724d6dcf490700bc2e0c8bcdc6c9d7b81cb129bcb0a964512ffa65f9", "4f897c309f9776ecd32c026fd95730f3d800e75d66e2a2c7316e87b18a0fde00", "80641c380f6576daac3a5ed7365d4f244fdc78f2fbb3a4654b56deffbaf29a3d", "93ed23c90e7861a0d49b1dbf371a621552736c13a3cb9f9290aa19359ed05e63", "431ab948d4c702eb811be5a32453a6a0257ad2721db88e5b1b09c5817e8786fc", "2ff4fa86d4572329e55dcf36c8b652f0eb54a036d78992f6ea989f9815a7ce1a", "dd3c60ded429342847acaa695775b8a12aa0e68a21e7de7405c0921ec19bb9e7"], "mitre_attack_tags": ["TA0011", "T1071"]}, {"bi": "pe-uses-fasm", "hashes": ["827590683047f223dad8f70661d8255f02f59c6153fb18d1e1d1e01347e46358", "26456e576a208be3f0b95f5622a7b76c0af35f9544429fe1c358365db49be4e9", "e7edf096e5b0f47505a82e3224c9238305570075a7c1f270abf0762cf8149f47", "486ddd85daaaca6fce26f5be2ae7eb6e4cf84356bfcda16e1be69419a5f1711d", "73ad9dbc8c06b67f3243d07694d080303b866df802240d107901405ae555e83d", "946d53247eb42ce346e399862371d235b997fd565b8823d39f82fa8c7788a85b", "e95635e780e83bdcc9b067d3deac612bcabcc9fdb870730cddeddd3f34c90d68", "86fd57bf637914755e2a5465ebc731bc7592beaf8e9431e0e58242e292ae1bcd", "d0c38e46f3903b1533741dfbb981944f4d10c7e273c6d3df8ba5b873ec7ed821", "1ee828baaa452d0318a1badef9d56f8a8ee05d3599c9f6c8dcb54ae322a392fd", "5bcb2180f9b47d6d47f3a34329abc443f2d3bda89bd473f99d1c9442281abc3a", "5bb31cd6bc300b99aa3ffd75669c0d5db8e72ee5e92fd4da1a142bf6d535ecb8", "25e06d5c6183431c27c5fb676df9299536afb875ed0f1c40b0971fa18dd4e895", "897b7276724d6dcf490700bc2e0c8bcdc6c9d7b81cb129bcb0a964512ffa65f9", "4f897c309f9776ecd32c026fd95730f3d800e75d66e2a2c7316e87b18a0fde00", "80641c380f6576daac3a5ed7365d4f244fdc78f2fbb3a4654b56deffbaf29a3d", "93ed23c90e7861a0d49b1dbf371a621552736c13a3cb9f9290aa19359ed05e63", "431ab948d4c702eb811be5a32453a6a0257ad2721db88e5b1b09c5817e8786fc", "2ff4fa86d4572329e55dcf36c8b652f0eb54a036d78992f6ea989f9815a7ce1a", "dd3c60ded429342847acaa695775b8a12aa0e68a21e7de7405c0921ec19bb9e7"], "mitre_attack_tags": []}, {"bi": "malware-zeus-gameover-variant-detected-enc", "hashes": ["827590683047f223dad8f70661d8255f02f59c6153fb18d1e1d1e01347e46358", "26456e576a208be3f0b95f5622a7b76c0af35f9544429fe1c358365db49be4e9", "e7edf096e5b0f47505a82e3224c9238305570075a7c1f270abf0762cf8149f47", "486ddd85daaaca6fce26f5be2ae7eb6e4cf84356bfcda16e1be69419a5f1711d", "73ad9dbc8c06b67f3243d07694d080303b866df802240d107901405ae555e83d", "946d53247eb42ce346e399862371d235b997fd565b8823d39f82fa8c7788a85b", "e95635e780e83bdcc9b067d3deac612bcabcc9fdb870730cddeddd3f34c90d68", "86fd57bf637914755e2a5465ebc731bc7592beaf8e9431e0e58242e292ae1bcd", "d0c38e46f3903b1533741dfbb981944f4d10c7e273c6d3df8ba5b873ec7ed821", "1ee828baaa452d0318a1badef9d56f8a8ee05d3599c9f6c8dcb54ae322a392fd", "5bcb2180f9b47d6d47f3a34329abc443f2d3bda89bd473f99d1c9442281abc3a", "5bb31cd6bc300b99aa3ffd75669c0d5db8e72ee5e92fd4da1a142bf6d535ecb8", "25e06d5c6183431c27c5fb676df9299536afb875ed0f1c40b0971fa18dd4e895", "897b7276724d6dcf490700bc2e0c8bcdc6c9d7b81cb129bcb0a964512ffa65f9", "4f897c309f9776ecd32c026fd95730f3d800e75d66e2a2c7316e87b18a0fde00", "80641c380f6576daac3a5ed7365d4f244fdc78f2fbb3a4654b56deffbaf29a3d", "93ed23c90e7861a0d49b1dbf371a621552736c13a3cb9f9290aa19359ed05e63", "431ab948d4c702eb811be5a32453a6a0257ad2721db88e5b1b09c5817e8786fc", "2ff4fa86d4572329e55dcf36c8b652f0eb54a036d78992f6ea989f9815a7ce1a", "dd3c60ded429342847acaa695775b8a12aa0e68a21e7de7405c0921ec19bb9e7"], "mitre_attack_tags": []}, {"bi": "html-redirect", "hashes": ["827590683047f223dad8f70661d8255f02f59c6153fb18d1e1d1e01347e46358", "26456e576a208be3f0b95f5622a7b76c0af35f9544429fe1c358365db49be4e9", "e7edf096e5b0f47505a82e3224c9238305570075a7c1f270abf0762cf8149f47", "486ddd85daaaca6fce26f5be2ae7eb6e4cf84356bfcda16e1be69419a5f1711d", "73ad9dbc8c06b67f3243d07694d080303b866df802240d107901405ae555e83d", "946d53247eb42ce346e399862371d235b997fd565b8823d39f82fa8c7788a85b", "e95635e780e83bdcc9b067d3deac612bcabcc9fdb870730cddeddd3f34c90d68", "86fd57bf637914755e2a5465ebc731bc7592beaf8e9431e0e58242e292ae1bcd", "d0c38e46f3903b1533741dfbb981944f4d10c7e273c6d3df8ba5b873ec7ed821", "1ee828baaa452d0318a1badef9d56f8a8ee05d3599c9f6c8dcb54ae322a392fd", "5bcb2180f9b47d6d47f3a34329abc443f2d3bda89bd473f99d1c9442281abc3a", "5bb31cd6bc300b99aa3ffd75669c0d5db8e72ee5e92fd4da1a142bf6d535ecb8", "25e06d5c6183431c27c5fb676df9299536afb875ed0f1c40b0971fa18dd4e895", "897b7276724d6dcf490700bc2e0c8bcdc6c9d7b81cb129bcb0a964512ffa65f9", "4f897c309f9776ecd32c026fd95730f3d800e75d66e2a2c7316e87b18a0fde00", "80641c380f6576daac3a5ed7365d4f244fdc78f2fbb3a4654b56deffbaf29a3d", "93ed23c90e7861a0d49b1dbf371a621552736c13a3cb9f9290aa19359ed05e63", "431ab948d4c702eb811be5a32453a6a0257ad2721db88e5b1b09c5817e8786fc", "2ff4fa86d4572329e55dcf36c8b652f0eb54a036d78992f6ea989f9815a7ce1a", "dd3c60ded429342847acaa695775b8a12aa0e68a21e7de7405c0921ec19bb9e7"], "mitre_attack_tags": ["TA0001", "T1189"]}, {"bi": "artifact-flagged-sandbox", "hashes": ["e7edf096e5b0f47505a82e3224c9238305570075a7c1f270abf0762cf8149f47", "431ab948d4c702eb811be5a32453a6a0257ad2721db88e5b1b09c5817e8786fc"], "mitre_attack_tags": ["TA0005", "TA0007", "T1497"]}, {"bi": "deleted-submitted-file", "hashes": ["5bb31cd6bc300b99aa3ffd75669c0d5db8e72ee5e92fd4da1a142bf6d535ecb8"], "mitre_attack_tags": ["TA0005"]}], "category": "Packed", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": true, "Threat Grid": true, "Umbrella": false, "WSA": false}, "description": "Upatre is a malicious downloader often used by exploit kits and phishing campaigns. Upatre downloads and executes malicious executables, such as banking malware.", "hashes": ["1ee828baaa452d0318a1badef9d56f8a8ee05d3599c9f6c8dcb54ae322a392fd", "25e06d5c6183431c27c5fb676df9299536afb875ed0f1c40b0971fa18dd4e895", "26456e576a208be3f0b95f5622a7b76c0af35f9544429fe1c358365db49be4e9", "2ff4fa86d4572329e55dcf36c8b652f0eb54a036d78992f6ea989f9815a7ce1a", "431ab948d4c702eb811be5a32453a6a0257ad2721db88e5b1b09c5817e8786fc", "486ddd85daaaca6fce26f5be2ae7eb6e4cf84356bfcda16e1be69419a5f1711d", "4f897c309f9776ecd32c026fd95730f3d800e75d66e2a2c7316e87b18a0fde00", "5bb31cd6bc300b99aa3ffd75669c0d5db8e72ee5e92fd4da1a142bf6d535ecb8", "5bcb2180f9b47d6d47f3a34329abc443f2d3bda89bd473f99d1c9442281abc3a", "73ad9dbc8c06b67f3243d07694d080303b866df802240d107901405ae555e83d", "80641c380f6576daac3a5ed7365d4f244fdc78f2fbb3a4654b56deffbaf29a3d", "827590683047f223dad8f70661d8255f02f59c6153fb18d1e1d1e01347e46358", "86fd57bf637914755e2a5465ebc731bc7592beaf8e9431e0e58242e292ae1bcd", "897b7276724d6dcf490700bc2e0c8bcdc6c9d7b81cb129bcb0a964512ffa65f9", "93ed23c90e7861a0d49b1dbf371a621552736c13a3cb9f9290aa19359ed05e63", "946d53247eb42ce346e399862371d235b997fd565b8823d39f82fa8c7788a85b", "d0c38e46f3903b1533741dfbb981944f4d10c7e273c6d3df8ba5b873ec7ed821", "dd3c60ded429342847acaa695775b8a12aa0e68a21e7de7405c0921ec19bb9e7", "e7edf096e5b0f47505a82e3224c9238305570075a7c1f270abf0762cf8149f47", "e95635e780e83bdcc9b067d3deac612bcabcc9fdb870730cddeddd3f34c90d68"], "iocs": {"domain": [{"hashes": ["1ee828baaa452d0318a1badef9d56f8a8ee05d3599c9f6c8dcb54ae322a392fd", "25e06d5c6183431c27c5fb676df9299536afb875ed0f1c40b0971fa18dd4e895", "26456e576a208be3f0b95f5622a7b76c0af35f9544429fe1c358365db49be4e9", "2ff4fa86d4572329e55dcf36c8b652f0eb54a036d78992f6ea989f9815a7ce1a", "431ab948d4c702eb811be5a32453a6a0257ad2721db88e5b1b09c5817e8786fc", "486ddd85daaaca6fce26f5be2ae7eb6e4cf84356bfcda16e1be69419a5f1711d", "4f897c309f9776ecd32c026fd95730f3d800e75d66e2a2c7316e87b18a0fde00", "5bb31cd6bc300b99aa3ffd75669c0d5db8e72ee5e92fd4da1a142bf6d535ecb8", "5bcb2180f9b47d6d47f3a34329abc443f2d3bda89bd473f99d1c9442281abc3a", "73ad9dbc8c06b67f3243d07694d080303b866df802240d107901405ae555e83d", "80641c380f6576daac3a5ed7365d4f244fdc78f2fbb3a4654b56deffbaf29a3d", "827590683047f223dad8f70661d8255f02f59c6153fb18d1e1d1e01347e46358", "86fd57bf637914755e2a5465ebc731bc7592beaf8e9431e0e58242e292ae1bcd", "897b7276724d6dcf490700bc2e0c8bcdc6c9d7b81cb129bcb0a964512ffa65f9", "93ed23c90e7861a0d49b1dbf371a621552736c13a3cb9f9290aa19359ed05e63", "946d53247eb42ce346e399862371d235b997fd565b8823d39f82fa8c7788a85b", "d0c38e46f3903b1533741dfbb981944f4d10c7e273c6d3df8ba5b873ec7ed821", "dd3c60ded429342847acaa695775b8a12aa0e68a21e7de7405c0921ec19bb9e7", "e7edf096e5b0f47505a82e3224c9238305570075a7c1f270abf0762cf8149f47", "e95635e780e83bdcc9b067d3deac612bcabcc9fdb870730cddeddd3f34c90d68"], "host": "waytoloans[.]com"}, {"hashes": ["1ee828baaa452d0318a1badef9d56f8a8ee05d3599c9f6c8dcb54ae322a392fd", "25e06d5c6183431c27c5fb676df9299536afb875ed0f1c40b0971fa18dd4e895", "26456e576a208be3f0b95f5622a7b76c0af35f9544429fe1c358365db49be4e9", "2ff4fa86d4572329e55dcf36c8b652f0eb54a036d78992f6ea989f9815a7ce1a", "431ab948d4c702eb811be5a32453a6a0257ad2721db88e5b1b09c5817e8786fc", "486ddd85daaaca6fce26f5be2ae7eb6e4cf84356bfcda16e1be69419a5f1711d", "4f897c309f9776ecd32c026fd95730f3d800e75d66e2a2c7316e87b18a0fde00", "5bb31cd6bc300b99aa3ffd75669c0d5db8e72ee5e92fd4da1a142bf6d535ecb8", "5bcb2180f9b47d6d47f3a34329abc443f2d3bda89bd473f99d1c9442281abc3a", "73ad9dbc8c06b67f3243d07694d080303b866df802240d107901405ae555e83d", "80641c380f6576daac3a5ed7365d4f244fdc78f2fbb3a4654b56deffbaf29a3d", "827590683047f223dad8f70661d8255f02f59c6153fb18d1e1d1e01347e46358", "86fd57bf637914755e2a5465ebc731bc7592beaf8e9431e0e58242e292ae1bcd", "897b7276724d6dcf490700bc2e0c8bcdc6c9d7b81cb129bcb0a964512ffa65f9", "93ed23c90e7861a0d49b1dbf371a621552736c13a3cb9f9290aa19359ed05e63", "946d53247eb42ce346e399862371d235b997fd565b8823d39f82fa8c7788a85b", "d0c38e46f3903b1533741dfbb981944f4d10c7e273c6d3df8ba5b873ec7ed821", "dd3c60ded429342847acaa695775b8a12aa0e68a21e7de7405c0921ec19bb9e7", "e7edf096e5b0f47505a82e3224c9238305570075a7c1f270abf0762cf8149f47", "e95635e780e83bdcc9b067d3deac612bcabcc9fdb870730cddeddd3f34c90d68"], "host": "thevelvetpouch[.]com"}], "file": [{"hashes": ["1ee828baaa452d0318a1badef9d56f8a8ee05d3599c9f6c8dcb54ae322a392fd", "25e06d5c6183431c27c5fb676df9299536afb875ed0f1c40b0971fa18dd4e895", "26456e576a208be3f0b95f5622a7b76c0af35f9544429fe1c358365db49be4e9", "2ff4fa86d4572329e55dcf36c8b652f0eb54a036d78992f6ea989f9815a7ce1a", "431ab948d4c702eb811be5a32453a6a0257ad2721db88e5b1b09c5817e8786fc", "486ddd85daaaca6fce26f5be2ae7eb6e4cf84356bfcda16e1be69419a5f1711d", "4f897c309f9776ecd32c026fd95730f3d800e75d66e2a2c7316e87b18a0fde00", "5bb31cd6bc300b99aa3ffd75669c0d5db8e72ee5e92fd4da1a142bf6d535ecb8", "5bcb2180f9b47d6d47f3a34329abc443f2d3bda89bd473f99d1c9442281abc3a", "73ad9dbc8c06b67f3243d07694d080303b866df802240d107901405ae555e83d", "80641c380f6576daac3a5ed7365d4f244fdc78f2fbb3a4654b56deffbaf29a3d", "827590683047f223dad8f70661d8255f02f59c6153fb18d1e1d1e01347e46358", "86fd57bf637914755e2a5465ebc731bc7592beaf8e9431e0e58242e292ae1bcd", "897b7276724d6dcf490700bc2e0c8bcdc6c9d7b81cb129bcb0a964512ffa65f9", "93ed23c90e7861a0d49b1dbf371a621552736c13a3cb9f9290aa19359ed05e63", "946d53247eb42ce346e399862371d235b997fd565b8823d39f82fa8c7788a85b", "d0c38e46f3903b1533741dfbb981944f4d10c7e273c6d3df8ba5b873ec7ed821", "dd3c60ded429342847acaa695775b8a12aa0e68a21e7de7405c0921ec19bb9e7", "e7edf096e5b0f47505a82e3224c9238305570075a7c1f270abf0762cf8149f47", "e95635e780e83bdcc9b067d3deac612bcabcc9fdb870730cddeddd3f34c90d68"], "path": "%TEMP%\\foxupdater.exe"}], "ip": [{"hashes": ["1ee828baaa452d0318a1badef9d56f8a8ee05d3599c9f6c8dcb54ae322a392fd", "25e06d5c6183431c27c5fb676df9299536afb875ed0f1c40b0971fa18dd4e895", "26456e576a208be3f0b95f5622a7b76c0af35f9544429fe1c358365db49be4e9", "2ff4fa86d4572329e55dcf36c8b652f0eb54a036d78992f6ea989f9815a7ce1a", "431ab948d4c702eb811be5a32453a6a0257ad2721db88e5b1b09c5817e8786fc", "486ddd85daaaca6fce26f5be2ae7eb6e4cf84356bfcda16e1be69419a5f1711d", "4f897c309f9776ecd32c026fd95730f3d800e75d66e2a2c7316e87b18a0fde00", "5bb31cd6bc300b99aa3ffd75669c0d5db8e72ee5e92fd4da1a142bf6d535ecb8", "5bcb2180f9b47d6d47f3a34329abc443f2d3bda89bd473f99d1c9442281abc3a", "73ad9dbc8c06b67f3243d07694d080303b866df802240d107901405ae555e83d", "80641c380f6576daac3a5ed7365d4f244fdc78f2fbb3a4654b56deffbaf29a3d", "827590683047f223dad8f70661d8255f02f59c6153fb18d1e1d1e01347e46358", "86fd57bf637914755e2a5465ebc731bc7592beaf8e9431e0e58242e292ae1bcd", "897b7276724d6dcf490700bc2e0c8bcdc6c9d7b81cb129bcb0a964512ffa65f9", "93ed23c90e7861a0d49b1dbf371a621552736c13a3cb9f9290aa19359ed05e63", "946d53247eb42ce346e399862371d235b997fd565b8823d39f82fa8c7788a85b", "d0c38e46f3903b1533741dfbb981944f4d10c7e273c6d3df8ba5b873ec7ed821", "dd3c60ded429342847acaa695775b8a12aa0e68a21e7de7405c0921ec19bb9e7", "e7edf096e5b0f47505a82e3224c9238305570075a7c1f270abf0762cf8149f47", "e95635e780e83bdcc9b067d3deac612bcabcc9fdb870730cddeddd3f34c90d68"], "ip": "34[.]102[.]136[.]180"}, {"hashes": ["1ee828baaa452d0318a1badef9d56f8a8ee05d3599c9f6c8dcb54ae322a392fd", "25e06d5c6183431c27c5fb676df9299536afb875ed0f1c40b0971fa18dd4e895", "26456e576a208be3f0b95f5622a7b76c0af35f9544429fe1c358365db49be4e9", "2ff4fa86d4572329e55dcf36c8b652f0eb54a036d78992f6ea989f9815a7ce1a", "431ab948d4c702eb811be5a32453a6a0257ad2721db88e5b1b09c5817e8786fc", "486ddd85daaaca6fce26f5be2ae7eb6e4cf84356bfcda16e1be69419a5f1711d", "4f897c309f9776ecd32c026fd95730f3d800e75d66e2a2c7316e87b18a0fde00", "5bb31cd6bc300b99aa3ffd75669c0d5db8e72ee5e92fd4da1a142bf6d535ecb8", "5bcb2180f9b47d6d47f3a34329abc443f2d3bda89bd473f99d1c9442281abc3a", "73ad9dbc8c06b67f3243d07694d080303b866df802240d107901405ae555e83d", "80641c380f6576daac3a5ed7365d4f244fdc78f2fbb3a4654b56deffbaf29a3d", "827590683047f223dad8f70661d8255f02f59c6153fb18d1e1d1e01347e46358", "86fd57bf637914755e2a5465ebc731bc7592beaf8e9431e0e58242e292ae1bcd", "897b7276724d6dcf490700bc2e0c8bcdc6c9d7b81cb129bcb0a964512ffa65f9", "93ed23c90e7861a0d49b1dbf371a621552736c13a3cb9f9290aa19359ed05e63", "946d53247eb42ce346e399862371d235b997fd565b8823d39f82fa8c7788a85b", "d0c38e46f3903b1533741dfbb981944f4d10c7e273c6d3df8ba5b873ec7ed821", "dd3c60ded429342847acaa695775b8a12aa0e68a21e7de7405c0921ec19bb9e7", "e7edf096e5b0f47505a82e3224c9238305570075a7c1f270abf0762cf8149f47", "e95635e780e83bdcc9b067d3deac612bcabcc9fdb870730cddeddd3f34c90d68"], "ip": "3[.]64[.]163[.]50"}], "mutex": [], "registry": []}, "reports_count": 20}, "Win.Ransomware.Cerber-9980410-0": {"bis": [{"bi": "pe-encrypted-section", "hashes": ["415fec7c4f2787631477a71a585003391201c8a2f25228fe34f7f14da451607d", "85dfc22a0b450f06b46de29ccef88cab8e4466fa6653bdd3b03f421a0f8ce4da", "bce7d560358ec4421bd73e2d00259c52866b171181f2a4a12844d4174769b725", "df4d3ff367a2f4d89d40586b8d44102bf1c3de97ab7ccef18c7f43b4993c1be3", "9f429762c580897cb4a71271725483d7d75bbb6d0840dbbe323140b31b1d2b0d", "c6e240ea678b1f1b6f3a185fc1407f50de6eb8585579614ca2ce3731bc8070d3", "4b2fbc99af8bee1e7c8d6dfa31c758a464949b072def63379b54698c2bcb0295", "974b226b88a378aee906e397da4c8b8e849845cdf01b7a7ef1bdef73b1cb37a6", "1fb3c24f7e64a802af37174a49e8fb4a93a65458918552c54c93c5794a852fe2", "73a322b14d0adcd35c2b77e6931f58e28edf2d79de499dffe93e411416930c00", "2750f0c9766c949e73a28d9be59ec227e476efc81ccbf9a2180c78491324f8b7", "da3567e0f7c091e1707cbbd7909cfd9fe835fb48dcfb9d1efaaec49ebf5a737d", "7cc6160a71803a5e7fc8b01c0fed45b049081ddb3aeac9b1db7ae360f2f20af6", "7d844d2401d7065a005fe109510e2263f60a0bbd11072f1c2e97434b033a4f0f", "60d04a29b992ed24711d2f240cacc63f34ab48bcf1332ac7b732d3de2edeb26a", "daca60c3f4577bc641c1b25f2bfb220649476db0999e81e3d4d7306069a7d6f6", "817f0e050402f396b770b3ab4346e0c7ac067d478ccbe57f88277cb9fa07afcb", "5a8bfb98f3025a2cd0b432272f7e611914d4bcbaad861afd55e08e5a26c577ba", "16ebbbbd2d978523d5a3aab8bd061eb664758aa22450ad965591b0972c1bd1e5", "57397ad4a1cd1f70971dab52e5efa14cdc370489e5672e18ee54b71da88d25ca", "8f9a1c56809d5c7dbcdfe6697fafe81038bd2162956eb442c8978b04e7e6f4c9", "55375bebf365b8f173a1af478725c273440f5bac83939da9d196a83d564ccf50", "20c1fc5368a95da72dcd4260873d0bc3cc5fe7a0a70ead28de3f3925bc27aa32", "68e66db7f8cb147a6aa5cbc6b3cb7b0ad6a5569f8eabb662bfecddf9b58bdef1", "51720195800c617254987a2cd380dd2917fc286b0e60202798fbf4969012b570"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "memory-execute-readwrite", "hashes": ["415fec7c4f2787631477a71a585003391201c8a2f25228fe34f7f14da451607d", "85dfc22a0b450f06b46de29ccef88cab8e4466fa6653bdd3b03f421a0f8ce4da", "bce7d560358ec4421bd73e2d00259c52866b171181f2a4a12844d4174769b725", "df4d3ff367a2f4d89d40586b8d44102bf1c3de97ab7ccef18c7f43b4993c1be3", "9f429762c580897cb4a71271725483d7d75bbb6d0840dbbe323140b31b1d2b0d", "c6e240ea678b1f1b6f3a185fc1407f50de6eb8585579614ca2ce3731bc8070d3", "4b2fbc99af8bee1e7c8d6dfa31c758a464949b072def63379b54698c2bcb0295", "974b226b88a378aee906e397da4c8b8e849845cdf01b7a7ef1bdef73b1cb37a6", "1fb3c24f7e64a802af37174a49e8fb4a93a65458918552c54c93c5794a852fe2", "73a322b14d0adcd35c2b77e6931f58e28edf2d79de499dffe93e411416930c00", "2750f0c9766c949e73a28d9be59ec227e476efc81ccbf9a2180c78491324f8b7", "da3567e0f7c091e1707cbbd7909cfd9fe835fb48dcfb9d1efaaec49ebf5a737d", "7cc6160a71803a5e7fc8b01c0fed45b049081ddb3aeac9b1db7ae360f2f20af6", "7d844d2401d7065a005fe109510e2263f60a0bbd11072f1c2e97434b033a4f0f", "60d04a29b992ed24711d2f240cacc63f34ab48bcf1332ac7b732d3de2edeb26a", "daca60c3f4577bc641c1b25f2bfb220649476db0999e81e3d4d7306069a7d6f6", "817f0e050402f396b770b3ab4346e0c7ac067d478ccbe57f88277cb9fa07afcb", "5a8bfb98f3025a2cd0b432272f7e611914d4bcbaad861afd55e08e5a26c577ba", "16ebbbbd2d978523d5a3aab8bd061eb664758aa22450ad965591b0972c1bd1e5", "57397ad4a1cd1f70971dab52e5efa14cdc370489e5672e18ee54b71da88d25ca", "8f9a1c56809d5c7dbcdfe6697fafe81038bd2162956eb442c8978b04e7e6f4c9", "55375bebf365b8f173a1af478725c273440f5bac83939da9d196a83d564ccf50", "20c1fc5368a95da72dcd4260873d0bc3cc5fe7a0a70ead28de3f3925bc27aa32", "68e66db7f8cb147a6aa5cbc6b3cb7b0ad6a5569f8eabb662bfecddf9b58bdef1", "51720195800c617254987a2cd380dd2917fc286b0e60202798fbf4969012b570"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["415fec7c4f2787631477a71a585003391201c8a2f25228fe34f7f14da451607d", "85dfc22a0b450f06b46de29ccef88cab8e4466fa6653bdd3b03f421a0f8ce4da", "bce7d560358ec4421bd73e2d00259c52866b171181f2a4a12844d4174769b725", "df4d3ff367a2f4d89d40586b8d44102bf1c3de97ab7ccef18c7f43b4993c1be3", "9f429762c580897cb4a71271725483d7d75bbb6d0840dbbe323140b31b1d2b0d", "c6e240ea678b1f1b6f3a185fc1407f50de6eb8585579614ca2ce3731bc8070d3", "4b2fbc99af8bee1e7c8d6dfa31c758a464949b072def63379b54698c2bcb0295", "974b226b88a378aee906e397da4c8b8e849845cdf01b7a7ef1bdef73b1cb37a6", "1fb3c24f7e64a802af37174a49e8fb4a93a65458918552c54c93c5794a852fe2", "73a322b14d0adcd35c2b77e6931f58e28edf2d79de499dffe93e411416930c00", "2750f0c9766c949e73a28d9be59ec227e476efc81ccbf9a2180c78491324f8b7", "da3567e0f7c091e1707cbbd7909cfd9fe835fb48dcfb9d1efaaec49ebf5a737d", "7cc6160a71803a5e7fc8b01c0fed45b049081ddb3aeac9b1db7ae360f2f20af6", "7d844d2401d7065a005fe109510e2263f60a0bbd11072f1c2e97434b033a4f0f", "60d04a29b992ed24711d2f240cacc63f34ab48bcf1332ac7b732d3de2edeb26a", "daca60c3f4577bc641c1b25f2bfb220649476db0999e81e3d4d7306069a7d6f6", "817f0e050402f396b770b3ab4346e0c7ac067d478ccbe57f88277cb9fa07afcb", "5a8bfb98f3025a2cd0b432272f7e611914d4bcbaad861afd55e08e5a26c577ba", "16ebbbbd2d978523d5a3aab8bd061eb664758aa22450ad965591b0972c1bd1e5", "57397ad4a1cd1f70971dab52e5efa14cdc370489e5672e18ee54b71da88d25ca", "8f9a1c56809d5c7dbcdfe6697fafe81038bd2162956eb442c8978b04e7e6f4c9", "55375bebf365b8f173a1af478725c273440f5bac83939da9d196a83d564ccf50", "20c1fc5368a95da72dcd4260873d0bc3cc5fe7a0a70ead28de3f3925bc27aa32", "68e66db7f8cb147a6aa5cbc6b3cb7b0ad6a5569f8eabb662bfecddf9b58bdef1", "51720195800c617254987a2cd380dd2917fc286b0e60202798fbf4969012b570"], "mitre_attack_tags": []}, {"bi": "modified-file-in-user-dir", "hashes": ["415fec7c4f2787631477a71a585003391201c8a2f25228fe34f7f14da451607d", "85dfc22a0b450f06b46de29ccef88cab8e4466fa6653bdd3b03f421a0f8ce4da", "bce7d560358ec4421bd73e2d00259c52866b171181f2a4a12844d4174769b725", "df4d3ff367a2f4d89d40586b8d44102bf1c3de97ab7ccef18c7f43b4993c1be3", "9f429762c580897cb4a71271725483d7d75bbb6d0840dbbe323140b31b1d2b0d", "c6e240ea678b1f1b6f3a185fc1407f50de6eb8585579614ca2ce3731bc8070d3", "4b2fbc99af8bee1e7c8d6dfa31c758a464949b072def63379b54698c2bcb0295", "974b226b88a378aee906e397da4c8b8e849845cdf01b7a7ef1bdef73b1cb37a6", "1fb3c24f7e64a802af37174a49e8fb4a93a65458918552c54c93c5794a852fe2", "73a322b14d0adcd35c2b77e6931f58e28edf2d79de499dffe93e411416930c00", "2750f0c9766c949e73a28d9be59ec227e476efc81ccbf9a2180c78491324f8b7", "da3567e0f7c091e1707cbbd7909cfd9fe835fb48dcfb9d1efaaec49ebf5a737d", "7cc6160a71803a5e7fc8b01c0fed45b049081ddb3aeac9b1db7ae360f2f20af6", "7d844d2401d7065a005fe109510e2263f60a0bbd11072f1c2e97434b033a4f0f", "60d04a29b992ed24711d2f240cacc63f34ab48bcf1332ac7b732d3de2edeb26a", "daca60c3f4577bc641c1b25f2bfb220649476db0999e81e3d4d7306069a7d6f6", "817f0e050402f396b770b3ab4346e0c7ac067d478ccbe57f88277cb9fa07afcb", "5a8bfb98f3025a2cd0b432272f7e611914d4bcbaad861afd55e08e5a26c577ba", "16ebbbbd2d978523d5a3aab8bd061eb664758aa22450ad965591b0972c1bd1e5", "57397ad4a1cd1f70971dab52e5efa14cdc370489e5672e18ee54b71da88d25ca", "8f9a1c56809d5c7dbcdfe6697fafe81038bd2162956eb442c8978b04e7e6f4c9", "55375bebf365b8f173a1af478725c273440f5bac83939da9d196a83d564ccf50", "20c1fc5368a95da72dcd4260873d0bc3cc5fe7a0a70ead28de3f3925bc27aa32", "68e66db7f8cb147a6aa5cbc6b3cb7b0ad6a5569f8eabb662bfecddf9b58bdef1", "51720195800c617254987a2cd380dd2917fc286b0e60202798fbf4969012b570"], "mitre_attack_tags": []}, {"bi": "pe-invalid-checksum", "hashes": ["415fec7c4f2787631477a71a585003391201c8a2f25228fe34f7f14da451607d", "85dfc22a0b450f06b46de29ccef88cab8e4466fa6653bdd3b03f421a0f8ce4da", "bce7d560358ec4421bd73e2d00259c52866b171181f2a4a12844d4174769b725", "df4d3ff367a2f4d89d40586b8d44102bf1c3de97ab7ccef18c7f43b4993c1be3", "9f429762c580897cb4a71271725483d7d75bbb6d0840dbbe323140b31b1d2b0d", "c6e240ea678b1f1b6f3a185fc1407f50de6eb8585579614ca2ce3731bc8070d3", "4b2fbc99af8bee1e7c8d6dfa31c758a464949b072def63379b54698c2bcb0295", "974b226b88a378aee906e397da4c8b8e849845cdf01b7a7ef1bdef73b1cb37a6", "1fb3c24f7e64a802af37174a49e8fb4a93a65458918552c54c93c5794a852fe2", "73a322b14d0adcd35c2b77e6931f58e28edf2d79de499dffe93e411416930c00", "2750f0c9766c949e73a28d9be59ec227e476efc81ccbf9a2180c78491324f8b7", "da3567e0f7c091e1707cbbd7909cfd9fe835fb48dcfb9d1efaaec49ebf5a737d", "7cc6160a71803a5e7fc8b01c0fed45b049081ddb3aeac9b1db7ae360f2f20af6", "7d844d2401d7065a005fe109510e2263f60a0bbd11072f1c2e97434b033a4f0f", "60d04a29b992ed24711d2f240cacc63f34ab48bcf1332ac7b732d3de2edeb26a", "daca60c3f4577bc641c1b25f2bfb220649476db0999e81e3d4d7306069a7d6f6", "817f0e050402f396b770b3ab4346e0c7ac067d478ccbe57f88277cb9fa07afcb", "5a8bfb98f3025a2cd0b432272f7e611914d4bcbaad861afd55e08e5a26c577ba", "16ebbbbd2d978523d5a3aab8bd061eb664758aa22450ad965591b0972c1bd1e5", "57397ad4a1cd1f70971dab52e5efa14cdc370489e5672e18ee54b71da88d25ca", "8f9a1c56809d5c7dbcdfe6697fafe81038bd2162956eb442c8978b04e7e6f4c9", "55375bebf365b8f173a1af478725c273440f5bac83939da9d196a83d564ccf50", "20c1fc5368a95da72dcd4260873d0bc3cc5fe7a0a70ead28de3f3925bc27aa32", "68e66db7f8cb147a6aa5cbc6b3cb7b0ad6a5569f8eabb662bfecddf9b58bdef1", "51720195800c617254987a2cd380dd2917fc286b0e60202798fbf4969012b570"], "mitre_attack_tags": []}, {"bi": "network-fast-flux-domain", "hashes": ["415fec7c4f2787631477a71a585003391201c8a2f25228fe34f7f14da451607d", "85dfc22a0b450f06b46de29ccef88cab8e4466fa6653bdd3b03f421a0f8ce4da", "bce7d560358ec4421bd73e2d00259c52866b171181f2a4a12844d4174769b725", "df4d3ff367a2f4d89d40586b8d44102bf1c3de97ab7ccef18c7f43b4993c1be3", "9f429762c580897cb4a71271725483d7d75bbb6d0840dbbe323140b31b1d2b0d", "c6e240ea678b1f1b6f3a185fc1407f50de6eb8585579614ca2ce3731bc8070d3", "4b2fbc99af8bee1e7c8d6dfa31c758a464949b072def63379b54698c2bcb0295", "974b226b88a378aee906e397da4c8b8e849845cdf01b7a7ef1bdef73b1cb37a6", "1fb3c24f7e64a802af37174a49e8fb4a93a65458918552c54c93c5794a852fe2", "73a322b14d0adcd35c2b77e6931f58e28edf2d79de499dffe93e411416930c00", "2750f0c9766c949e73a28d9be59ec227e476efc81ccbf9a2180c78491324f8b7", "da3567e0f7c091e1707cbbd7909cfd9fe835fb48dcfb9d1efaaec49ebf5a737d", "7cc6160a71803a5e7fc8b01c0fed45b049081ddb3aeac9b1db7ae360f2f20af6", "7d844d2401d7065a005fe109510e2263f60a0bbd11072f1c2e97434b033a4f0f", "60d04a29b992ed24711d2f240cacc63f34ab48bcf1332ac7b732d3de2edeb26a", "daca60c3f4577bc641c1b25f2bfb220649476db0999e81e3d4d7306069a7d6f6", "817f0e050402f396b770b3ab4346e0c7ac067d478ccbe57f88277cb9fa07afcb", "5a8bfb98f3025a2cd0b432272f7e611914d4bcbaad861afd55e08e5a26c577ba", "16ebbbbd2d978523d5a3aab8bd061eb664758aa22450ad965591b0972c1bd1e5", "57397ad4a1cd1f70971dab52e5efa14cdc370489e5672e18ee54b71da88d25ca", "8f9a1c56809d5c7dbcdfe6697fafe81038bd2162956eb442c8978b04e7e6f4c9", "55375bebf365b8f173a1af478725c273440f5bac83939da9d196a83d564ccf50", "20c1fc5368a95da72dcd4260873d0bc3cc5fe7a0a70ead28de3f3925bc27aa32", "68e66db7f8cb147a6aa5cbc6b3cb7b0ad6a5569f8eabb662bfecddf9b58bdef1", "51720195800c617254987a2cd380dd2917fc286b0e60202798fbf4969012b570"], "mitre_attack_tags": []}, {"bi": "network-communications-http-get", "hashes": ["415fec7c4f2787631477a71a585003391201c8a2f25228fe34f7f14da451607d", "85dfc22a0b450f06b46de29ccef88cab8e4466fa6653bdd3b03f421a0f8ce4da", "bce7d560358ec4421bd73e2d00259c52866b171181f2a4a12844d4174769b725", "df4d3ff367a2f4d89d40586b8d44102bf1c3de97ab7ccef18c7f43b4993c1be3", "9f429762c580897cb4a71271725483d7d75bbb6d0840dbbe323140b31b1d2b0d", "c6e240ea678b1f1b6f3a185fc1407f50de6eb8585579614ca2ce3731bc8070d3", "4b2fbc99af8bee1e7c8d6dfa31c758a464949b072def63379b54698c2bcb0295", "974b226b88a378aee906e397da4c8b8e849845cdf01b7a7ef1bdef73b1cb37a6", "1fb3c24f7e64a802af37174a49e8fb4a93a65458918552c54c93c5794a852fe2", "73a322b14d0adcd35c2b77e6931f58e28edf2d79de499dffe93e411416930c00", "2750f0c9766c949e73a28d9be59ec227e476efc81ccbf9a2180c78491324f8b7", "da3567e0f7c091e1707cbbd7909cfd9fe835fb48dcfb9d1efaaec49ebf5a737d", "7cc6160a71803a5e7fc8b01c0fed45b049081ddb3aeac9b1db7ae360f2f20af6", "7d844d2401d7065a005fe109510e2263f60a0bbd11072f1c2e97434b033a4f0f", "60d04a29b992ed24711d2f240cacc63f34ab48bcf1332ac7b732d3de2edeb26a", "daca60c3f4577bc641c1b25f2bfb220649476db0999e81e3d4d7306069a7d6f6", "817f0e050402f396b770b3ab4346e0c7ac067d478ccbe57f88277cb9fa07afcb", "5a8bfb98f3025a2cd0b432272f7e611914d4bcbaad861afd55e08e5a26c577ba", "16ebbbbd2d978523d5a3aab8bd061eb664758aa22450ad965591b0972c1bd1e5", "57397ad4a1cd1f70971dab52e5efa14cdc370489e5672e18ee54b71da88d25ca", "8f9a1c56809d5c7dbcdfe6697fafe81038bd2162956eb442c8978b04e7e6f4c9", "55375bebf365b8f173a1af478725c273440f5bac83939da9d196a83d564ccf50", "20c1fc5368a95da72dcd4260873d0bc3cc5fe7a0a70ead28de3f3925bc27aa32", "68e66db7f8cb147a6aa5cbc6b3cb7b0ad6a5569f8eabb662bfecddf9b58bdef1", "51720195800c617254987a2cd380dd2917fc286b0e60202798fbf4969012b570"], "mitre_attack_tags": ["TA0011", "T1105"]}, {"bi": "dns-query-nxdomain", "hashes": ["415fec7c4f2787631477a71a585003391201c8a2f25228fe34f7f14da451607d", "85dfc22a0b450f06b46de29ccef88cab8e4466fa6653bdd3b03f421a0f8ce4da", "bce7d560358ec4421bd73e2d00259c52866b171181f2a4a12844d4174769b725", "df4d3ff367a2f4d89d40586b8d44102bf1c3de97ab7ccef18c7f43b4993c1be3", "9f429762c580897cb4a71271725483d7d75bbb6d0840dbbe323140b31b1d2b0d", "c6e240ea678b1f1b6f3a185fc1407f50de6eb8585579614ca2ce3731bc8070d3", "4b2fbc99af8bee1e7c8d6dfa31c758a464949b072def63379b54698c2bcb0295", "974b226b88a378aee906e397da4c8b8e849845cdf01b7a7ef1bdef73b1cb37a6", "1fb3c24f7e64a802af37174a49e8fb4a93a65458918552c54c93c5794a852fe2", "73a322b14d0adcd35c2b77e6931f58e28edf2d79de499dffe93e411416930c00", "2750f0c9766c949e73a28d9be59ec227e476efc81ccbf9a2180c78491324f8b7", "da3567e0f7c091e1707cbbd7909cfd9fe835fb48dcfb9d1efaaec49ebf5a737d", "7cc6160a71803a5e7fc8b01c0fed45b049081ddb3aeac9b1db7ae360f2f20af6", "7d844d2401d7065a005fe109510e2263f60a0bbd11072f1c2e97434b033a4f0f", "60d04a29b992ed24711d2f240cacc63f34ab48bcf1332ac7b732d3de2edeb26a", "daca60c3f4577bc641c1b25f2bfb220649476db0999e81e3d4d7306069a7d6f6", "817f0e050402f396b770b3ab4346e0c7ac067d478ccbe57f88277cb9fa07afcb", "5a8bfb98f3025a2cd0b432272f7e611914d4bcbaad861afd55e08e5a26c577ba", "16ebbbbd2d978523d5a3aab8bd061eb664758aa22450ad965591b0972c1bd1e5", "57397ad4a1cd1f70971dab52e5efa14cdc370489e5672e18ee54b71da88d25ca", "8f9a1c56809d5c7dbcdfe6697fafe81038bd2162956eb442c8978b04e7e6f4c9", "55375bebf365b8f173a1af478725c273440f5bac83939da9d196a83d564ccf50", "20c1fc5368a95da72dcd4260873d0bc3cc5fe7a0a70ead28de3f3925bc27aa32", "68e66db7f8cb147a6aa5cbc6b3cb7b0ad6a5569f8eabb662bfecddf9b58bdef1", "51720195800c617254987a2cd380dd2917fc286b0e60202798fbf4969012b570"], "mitre_attack_tags": []}, {"bi": "network-snort-protocol", "hashes": ["415fec7c4f2787631477a71a585003391201c8a2f25228fe34f7f14da451607d", "85dfc22a0b450f06b46de29ccef88cab8e4466fa6653bdd3b03f421a0f8ce4da", "bce7d560358ec4421bd73e2d00259c52866b171181f2a4a12844d4174769b725", "df4d3ff367a2f4d89d40586b8d44102bf1c3de97ab7ccef18c7f43b4993c1be3", "9f429762c580897cb4a71271725483d7d75bbb6d0840dbbe323140b31b1d2b0d", "c6e240ea678b1f1b6f3a185fc1407f50de6eb8585579614ca2ce3731bc8070d3", "4b2fbc99af8bee1e7c8d6dfa31c758a464949b072def63379b54698c2bcb0295", "974b226b88a378aee906e397da4c8b8e849845cdf01b7a7ef1bdef73b1cb37a6", "1fb3c24f7e64a802af37174a49e8fb4a93a65458918552c54c93c5794a852fe2", "73a322b14d0adcd35c2b77e6931f58e28edf2d79de499dffe93e411416930c00", "2750f0c9766c949e73a28d9be59ec227e476efc81ccbf9a2180c78491324f8b7", "da3567e0f7c091e1707cbbd7909cfd9fe835fb48dcfb9d1efaaec49ebf5a737d", "7cc6160a71803a5e7fc8b01c0fed45b049081ddb3aeac9b1db7ae360f2f20af6", "7d844d2401d7065a005fe109510e2263f60a0bbd11072f1c2e97434b033a4f0f", "60d04a29b992ed24711d2f240cacc63f34ab48bcf1332ac7b732d3de2edeb26a", "daca60c3f4577bc641c1b25f2bfb220649476db0999e81e3d4d7306069a7d6f6", "817f0e050402f396b770b3ab4346e0c7ac067d478ccbe57f88277cb9fa07afcb", "5a8bfb98f3025a2cd0b432272f7e611914d4bcbaad861afd55e08e5a26c577ba", "16ebbbbd2d978523d5a3aab8bd061eb664758aa22450ad965591b0972c1bd1e5", "57397ad4a1cd1f70971dab52e5efa14cdc370489e5672e18ee54b71da88d25ca", "8f9a1c56809d5c7dbcdfe6697fafe81038bd2162956eb442c8978b04e7e6f4c9", "55375bebf365b8f173a1af478725c273440f5bac83939da9d196a83d564ccf50", "20c1fc5368a95da72dcd4260873d0bc3cc5fe7a0a70ead28de3f3925bc27aa32", "68e66db7f8cb147a6aa5cbc6b3cb7b0ad6a5569f8eabb662bfecddf9b58bdef1", "51720195800c617254987a2cd380dd2917fc286b0e60202798fbf4969012b570"], "mitre_attack_tags": []}, {"bi": "network-only-safe-domains-contacted", "hashes": ["415fec7c4f2787631477a71a585003391201c8a2f25228fe34f7f14da451607d", "85dfc22a0b450f06b46de29ccef88cab8e4466fa6653bdd3b03f421a0f8ce4da", "bce7d560358ec4421bd73e2d00259c52866b171181f2a4a12844d4174769b725", "df4d3ff367a2f4d89d40586b8d44102bf1c3de97ab7ccef18c7f43b4993c1be3", "9f429762c580897cb4a71271725483d7d75bbb6d0840dbbe323140b31b1d2b0d", "c6e240ea678b1f1b6f3a185fc1407f50de6eb8585579614ca2ce3731bc8070d3", "4b2fbc99af8bee1e7c8d6dfa31c758a464949b072def63379b54698c2bcb0295", "974b226b88a378aee906e397da4c8b8e849845cdf01b7a7ef1bdef73b1cb37a6", "1fb3c24f7e64a802af37174a49e8fb4a93a65458918552c54c93c5794a852fe2", "73a322b14d0adcd35c2b77e6931f58e28edf2d79de499dffe93e411416930c00", "2750f0c9766c949e73a28d9be59ec227e476efc81ccbf9a2180c78491324f8b7", "da3567e0f7c091e1707cbbd7909cfd9fe835fb48dcfb9d1efaaec49ebf5a737d", "7cc6160a71803a5e7fc8b01c0fed45b049081ddb3aeac9b1db7ae360f2f20af6", "7d844d2401d7065a005fe109510e2263f60a0bbd11072f1c2e97434b033a4f0f", "60d04a29b992ed24711d2f240cacc63f34ab48bcf1332ac7b732d3de2edeb26a", "daca60c3f4577bc641c1b25f2bfb220649476db0999e81e3d4d7306069a7d6f6", "817f0e050402f396b770b3ab4346e0c7ac067d478ccbe57f88277cb9fa07afcb", "5a8bfb98f3025a2cd0b432272f7e611914d4bcbaad861afd55e08e5a26c577ba", "16ebbbbd2d978523d5a3aab8bd061eb664758aa22450ad965591b0972c1bd1e5", "57397ad4a1cd1f70971dab52e5efa14cdc370489e5672e18ee54b71da88d25ca", "8f9a1c56809d5c7dbcdfe6697fafe81038bd2162956eb442c8978b04e7e6f4c9", "55375bebf365b8f173a1af478725c273440f5bac83939da9d196a83d564ccf50", "20c1fc5368a95da72dcd4260873d0bc3cc5fe7a0a70ead28de3f3925bc27aa32", "68e66db7f8cb147a6aa5cbc6b3cb7b0ad6a5569f8eabb662bfecddf9b58bdef1", "51720195800c617254987a2cd380dd2917fc286b0e60202798fbf4969012b570"], "mitre_attack_tags": []}, {"bi": "feed-domain-antivirus-service", "hashes": ["415fec7c4f2787631477a71a585003391201c8a2f25228fe34f7f14da451607d", "85dfc22a0b450f06b46de29ccef88cab8e4466fa6653bdd3b03f421a0f8ce4da", "bce7d560358ec4421bd73e2d00259c52866b171181f2a4a12844d4174769b725", "df4d3ff367a2f4d89d40586b8d44102bf1c3de97ab7ccef18c7f43b4993c1be3", "9f429762c580897cb4a71271725483d7d75bbb6d0840dbbe323140b31b1d2b0d", "c6e240ea678b1f1b6f3a185fc1407f50de6eb8585579614ca2ce3731bc8070d3", "4b2fbc99af8bee1e7c8d6dfa31c758a464949b072def63379b54698c2bcb0295", "974b226b88a378aee906e397da4c8b8e849845cdf01b7a7ef1bdef73b1cb37a6", "1fb3c24f7e64a802af37174a49e8fb4a93a65458918552c54c93c5794a852fe2", "73a322b14d0adcd35c2b77e6931f58e28edf2d79de499dffe93e411416930c00", "2750f0c9766c949e73a28d9be59ec227e476efc81ccbf9a2180c78491324f8b7", "da3567e0f7c091e1707cbbd7909cfd9fe835fb48dcfb9d1efaaec49ebf5a737d", "7cc6160a71803a5e7fc8b01c0fed45b049081ddb3aeac9b1db7ae360f2f20af6", "7d844d2401d7065a005fe109510e2263f60a0bbd11072f1c2e97434b033a4f0f", "60d04a29b992ed24711d2f240cacc63f34ab48bcf1332ac7b732d3de2edeb26a", "daca60c3f4577bc641c1b25f2bfb220649476db0999e81e3d4d7306069a7d6f6", "817f0e050402f396b770b3ab4346e0c7ac067d478ccbe57f88277cb9fa07afcb", "5a8bfb98f3025a2cd0b432272f7e611914d4bcbaad861afd55e08e5a26c577ba", "16ebbbbd2d978523d5a3aab8bd061eb664758aa22450ad965591b0972c1bd1e5", "57397ad4a1cd1f70971dab52e5efa14cdc370489e5672e18ee54b71da88d25ca", "8f9a1c56809d5c7dbcdfe6697fafe81038bd2162956eb442c8978b04e7e6f4c9", "55375bebf365b8f173a1af478725c273440f5bac83939da9d196a83d564ccf50", "20c1fc5368a95da72dcd4260873d0bc3cc5fe7a0a70ead28de3f3925bc27aa32", "68e66db7f8cb147a6aa5cbc6b3cb7b0ad6a5569f8eabb662bfecddf9b58bdef1", "51720195800c617254987a2cd380dd2917fc286b0e60202798fbf4969012b570"], "mitre_attack_tags": []}, {"bi": "network-snort-indicator-compromise", "hashes": ["415fec7c4f2787631477a71a585003391201c8a2f25228fe34f7f14da451607d", "85dfc22a0b450f06b46de29ccef88cab8e4466fa6653bdd3b03f421a0f8ce4da", "bce7d560358ec4421bd73e2d00259c52866b171181f2a4a12844d4174769b725", "df4d3ff367a2f4d89d40586b8d44102bf1c3de97ab7ccef18c7f43b4993c1be3", "9f429762c580897cb4a71271725483d7d75bbb6d0840dbbe323140b31b1d2b0d", "c6e240ea678b1f1b6f3a185fc1407f50de6eb8585579614ca2ce3731bc8070d3", "4b2fbc99af8bee1e7c8d6dfa31c758a464949b072def63379b54698c2bcb0295", "974b226b88a378aee906e397da4c8b8e849845cdf01b7a7ef1bdef73b1cb37a6", "1fb3c24f7e64a802af37174a49e8fb4a93a65458918552c54c93c5794a852fe2", "73a322b14d0adcd35c2b77e6931f58e28edf2d79de499dffe93e411416930c00", "2750f0c9766c949e73a28d9be59ec227e476efc81ccbf9a2180c78491324f8b7", "da3567e0f7c091e1707cbbd7909cfd9fe835fb48dcfb9d1efaaec49ebf5a737d", "7cc6160a71803a5e7fc8b01c0fed45b049081ddb3aeac9b1db7ae360f2f20af6", "7d844d2401d7065a005fe109510e2263f60a0bbd11072f1c2e97434b033a4f0f", "60d04a29b992ed24711d2f240cacc63f34ab48bcf1332ac7b732d3de2edeb26a", "daca60c3f4577bc641c1b25f2bfb220649476db0999e81e3d4d7306069a7d6f6", "817f0e050402f396b770b3ab4346e0c7ac067d478ccbe57f88277cb9fa07afcb", "5a8bfb98f3025a2cd0b432272f7e611914d4bcbaad861afd55e08e5a26c577ba", "16ebbbbd2d978523d5a3aab8bd061eb664758aa22450ad965591b0972c1bd1e5", "57397ad4a1cd1f70971dab52e5efa14cdc370489e5672e18ee54b71da88d25ca", "8f9a1c56809d5c7dbcdfe6697fafe81038bd2162956eb442c8978b04e7e6f4c9", "55375bebf365b8f173a1af478725c273440f5bac83939da9d196a83d564ccf50", "20c1fc5368a95da72dcd4260873d0bc3cc5fe7a0a70ead28de3f3925bc27aa32", "68e66db7f8cb147a6aa5cbc6b3cb7b0ad6a5569f8eabb662bfecddf9b58bdef1", "51720195800c617254987a2cd380dd2917fc286b0e60202798fbf4969012b570"], "mitre_attack_tags": []}, {"bi": "imports-IsDebuggerPresent", "hashes": ["415fec7c4f2787631477a71a585003391201c8a2f25228fe34f7f14da451607d", "85dfc22a0b450f06b46de29ccef88cab8e4466fa6653bdd3b03f421a0f8ce4da", "bce7d560358ec4421bd73e2d00259c52866b171181f2a4a12844d4174769b725", "df4d3ff367a2f4d89d40586b8d44102bf1c3de97ab7ccef18c7f43b4993c1be3", "9f429762c580897cb4a71271725483d7d75bbb6d0840dbbe323140b31b1d2b0d", "c6e240ea678b1f1b6f3a185fc1407f50de6eb8585579614ca2ce3731bc8070d3", "4b2fbc99af8bee1e7c8d6dfa31c758a464949b072def63379b54698c2bcb0295", "974b226b88a378aee906e397da4c8b8e849845cdf01b7a7ef1bdef73b1cb37a6", "1fb3c24f7e64a802af37174a49e8fb4a93a65458918552c54c93c5794a852fe2", "73a322b14d0adcd35c2b77e6931f58e28edf2d79de499dffe93e411416930c00", "2750f0c9766c949e73a28d9be59ec227e476efc81ccbf9a2180c78491324f8b7", "da3567e0f7c091e1707cbbd7909cfd9fe835fb48dcfb9d1efaaec49ebf5a737d", "7cc6160a71803a5e7fc8b01c0fed45b049081ddb3aeac9b1db7ae360f2f20af6", "7d844d2401d7065a005fe109510e2263f60a0bbd11072f1c2e97434b033a4f0f", "60d04a29b992ed24711d2f240cacc63f34ab48bcf1332ac7b732d3de2edeb26a", "daca60c3f4577bc641c1b25f2bfb220649476db0999e81e3d4d7306069a7d6f6", "817f0e050402f396b770b3ab4346e0c7ac067d478ccbe57f88277cb9fa07afcb", "5a8bfb98f3025a2cd0b432272f7e611914d4bcbaad861afd55e08e5a26c577ba", "16ebbbbd2d978523d5a3aab8bd061eb664758aa22450ad965591b0972c1bd1e5", "57397ad4a1cd1f70971dab52e5efa14cdc370489e5672e18ee54b71da88d25ca", "8f9a1c56809d5c7dbcdfe6697fafe81038bd2162956eb442c8978b04e7e6f4c9", "55375bebf365b8f173a1af478725c273440f5bac83939da9d196a83d564ccf50", "20c1fc5368a95da72dcd4260873d0bc3cc5fe7a0a70ead28de3f3925bc27aa32", "68e66db7f8cb147a6aa5cbc6b3cb7b0ad6a5569f8eabb662bfecddf9b58bdef1", "51720195800c617254987a2cd380dd2917fc286b0e60202798fbf4969012b570"], "mitre_attack_tags": ["TA0005", "TA0007"]}, {"bi": "excessive-udp-connections", "hashes": ["415fec7c4f2787631477a71a585003391201c8a2f25228fe34f7f14da451607d", "85dfc22a0b450f06b46de29ccef88cab8e4466fa6653bdd3b03f421a0f8ce4da", "bce7d560358ec4421bd73e2d00259c52866b171181f2a4a12844d4174769b725", "df4d3ff367a2f4d89d40586b8d44102bf1c3de97ab7ccef18c7f43b4993c1be3", "9f429762c580897cb4a71271725483d7d75bbb6d0840dbbe323140b31b1d2b0d", "c6e240ea678b1f1b6f3a185fc1407f50de6eb8585579614ca2ce3731bc8070d3", "4b2fbc99af8bee1e7c8d6dfa31c758a464949b072def63379b54698c2bcb0295", "974b226b88a378aee906e397da4c8b8e849845cdf01b7a7ef1bdef73b1cb37a6", "1fb3c24f7e64a802af37174a49e8fb4a93a65458918552c54c93c5794a852fe2", "73a322b14d0adcd35c2b77e6931f58e28edf2d79de499dffe93e411416930c00", "2750f0c9766c949e73a28d9be59ec227e476efc81ccbf9a2180c78491324f8b7", "da3567e0f7c091e1707cbbd7909cfd9fe835fb48dcfb9d1efaaec49ebf5a737d", "7cc6160a71803a5e7fc8b01c0fed45b049081ddb3aeac9b1db7ae360f2f20af6", "7d844d2401d7065a005fe109510e2263f60a0bbd11072f1c2e97434b033a4f0f", "60d04a29b992ed24711d2f240cacc63f34ab48bcf1332ac7b732d3de2edeb26a", "daca60c3f4577bc641c1b25f2bfb220649476db0999e81e3d4d7306069a7d6f6", "817f0e050402f396b770b3ab4346e0c7ac067d478ccbe57f88277cb9fa07afcb", "5a8bfb98f3025a2cd0b432272f7e611914d4bcbaad861afd55e08e5a26c577ba", "16ebbbbd2d978523d5a3aab8bd061eb664758aa22450ad965591b0972c1bd1e5", "57397ad4a1cd1f70971dab52e5efa14cdc370489e5672e18ee54b71da88d25ca", "8f9a1c56809d5c7dbcdfe6697fafe81038bd2162956eb442c8978b04e7e6f4c9", "55375bebf365b8f173a1af478725c273440f5bac83939da9d196a83d564ccf50", "20c1fc5368a95da72dcd4260873d0bc3cc5fe7a0a70ead28de3f3925bc27aa32", "68e66db7f8cb147a6aa5cbc6b3cb7b0ad6a5569f8eabb662bfecddf9b58bdef1", "51720195800c617254987a2cd380dd2917fc286b0e60202798fbf4969012b570"], "mitre_attack_tags": ["TA0011", "T1095", "T1008"]}, {"bi": "document-decoy-dropped", "hashes": ["415fec7c4f2787631477a71a585003391201c8a2f25228fe34f7f14da451607d", "85dfc22a0b450f06b46de29ccef88cab8e4466fa6653bdd3b03f421a0f8ce4da", "bce7d560358ec4421bd73e2d00259c52866b171181f2a4a12844d4174769b725", "df4d3ff367a2f4d89d40586b8d44102bf1c3de97ab7ccef18c7f43b4993c1be3", "9f429762c580897cb4a71271725483d7d75bbb6d0840dbbe323140b31b1d2b0d", "c6e240ea678b1f1b6f3a185fc1407f50de6eb8585579614ca2ce3731bc8070d3", "4b2fbc99af8bee1e7c8d6dfa31c758a464949b072def63379b54698c2bcb0295", "974b226b88a378aee906e397da4c8b8e849845cdf01b7a7ef1bdef73b1cb37a6", "1fb3c24f7e64a802af37174a49e8fb4a93a65458918552c54c93c5794a852fe2", "73a322b14d0adcd35c2b77e6931f58e28edf2d79de499dffe93e411416930c00", "2750f0c9766c949e73a28d9be59ec227e476efc81ccbf9a2180c78491324f8b7", "da3567e0f7c091e1707cbbd7909cfd9fe835fb48dcfb9d1efaaec49ebf5a737d", "7cc6160a71803a5e7fc8b01c0fed45b049081ddb3aeac9b1db7ae360f2f20af6", "7d844d2401d7065a005fe109510e2263f60a0bbd11072f1c2e97434b033a4f0f", "60d04a29b992ed24711d2f240cacc63f34ab48bcf1332ac7b732d3de2edeb26a", "daca60c3f4577bc641c1b25f2bfb220649476db0999e81e3d4d7306069a7d6f6", "817f0e050402f396b770b3ab4346e0c7ac067d478ccbe57f88277cb9fa07afcb", "5a8bfb98f3025a2cd0b432272f7e611914d4bcbaad861afd55e08e5a26c577ba", "16ebbbbd2d978523d5a3aab8bd061eb664758aa22450ad965591b0972c1bd1e5", "57397ad4a1cd1f70971dab52e5efa14cdc370489e5672e18ee54b71da88d25ca", "8f9a1c56809d5c7dbcdfe6697fafe81038bd2162956eb442c8978b04e7e6f4c9", "55375bebf365b8f173a1af478725c273440f5bac83939da9d196a83d564ccf50", "20c1fc5368a95da72dcd4260873d0bc3cc5fe7a0a70ead28de3f3925bc27aa32", "68e66db7f8cb147a6aa5cbc6b3cb7b0ad6a5569f8eabb662bfecddf9b58bdef1", "51720195800c617254987a2cd380dd2917fc286b0e60202798fbf4969012b570"], "mitre_attack_tags": []}, {"bi": "malware-ransomware-cerber", "hashes": ["415fec7c4f2787631477a71a585003391201c8a2f25228fe34f7f14da451607d", "85dfc22a0b450f06b46de29ccef88cab8e4466fa6653bdd3b03f421a0f8ce4da", "bce7d560358ec4421bd73e2d00259c52866b171181f2a4a12844d4174769b725", "df4d3ff367a2f4d89d40586b8d44102bf1c3de97ab7ccef18c7f43b4993c1be3", "9f429762c580897cb4a71271725483d7d75bbb6d0840dbbe323140b31b1d2b0d", "c6e240ea678b1f1b6f3a185fc1407f50de6eb8585579614ca2ce3731bc8070d3", "4b2fbc99af8bee1e7c8d6dfa31c758a464949b072def63379b54698c2bcb0295", "974b226b88a378aee906e397da4c8b8e849845cdf01b7a7ef1bdef73b1cb37a6", "1fb3c24f7e64a802af37174a49e8fb4a93a65458918552c54c93c5794a852fe2", "73a322b14d0adcd35c2b77e6931f58e28edf2d79de499dffe93e411416930c00", "2750f0c9766c949e73a28d9be59ec227e476efc81ccbf9a2180c78491324f8b7", "da3567e0f7c091e1707cbbd7909cfd9fe835fb48dcfb9d1efaaec49ebf5a737d", "7cc6160a71803a5e7fc8b01c0fed45b049081ddb3aeac9b1db7ae360f2f20af6", "7d844d2401d7065a005fe109510e2263f60a0bbd11072f1c2e97434b033a4f0f", "60d04a29b992ed24711d2f240cacc63f34ab48bcf1332ac7b732d3de2edeb26a", "daca60c3f4577bc641c1b25f2bfb220649476db0999e81e3d4d7306069a7d6f6", "817f0e050402f396b770b3ab4346e0c7ac067d478ccbe57f88277cb9fa07afcb", "5a8bfb98f3025a2cd0b432272f7e611914d4bcbaad861afd55e08e5a26c577ba", "16ebbbbd2d978523d5a3aab8bd061eb664758aa22450ad965591b0972c1bd1e5", "57397ad4a1cd1f70971dab52e5efa14cdc370489e5672e18ee54b71da88d25ca", "8f9a1c56809d5c7dbcdfe6697fafe81038bd2162956eb442c8978b04e7e6f4c9", "55375bebf365b8f173a1af478725c273440f5bac83939da9d196a83d564ccf50", "20c1fc5368a95da72dcd4260873d0bc3cc5fe7a0a70ead28de3f3925bc27aa32", "68e66db7f8cb147a6aa5cbc6b3cb7b0ad6a5569f8eabb662bfecddf9b58bdef1", "51720195800c617254987a2cd380dd2917fc286b0e60202798fbf4969012b570"], "mitre_attack_tags": ["TA0040", "T1486"]}, {"bi": "feed-domain-ransomware", "hashes": ["415fec7c4f2787631477a71a585003391201c8a2f25228fe34f7f14da451607d", "85dfc22a0b450f06b46de29ccef88cab8e4466fa6653bdd3b03f421a0f8ce4da", "bce7d560358ec4421bd73e2d00259c52866b171181f2a4a12844d4174769b725", "df4d3ff367a2f4d89d40586b8d44102bf1c3de97ab7ccef18c7f43b4993c1be3", "9f429762c580897cb4a71271725483d7d75bbb6d0840dbbe323140b31b1d2b0d", "c6e240ea678b1f1b6f3a185fc1407f50de6eb8585579614ca2ce3731bc8070d3", "4b2fbc99af8bee1e7c8d6dfa31c758a464949b072def63379b54698c2bcb0295", "974b226b88a378aee906e397da4c8b8e849845cdf01b7a7ef1bdef73b1cb37a6", "1fb3c24f7e64a802af37174a49e8fb4a93a65458918552c54c93c5794a852fe2", "73a322b14d0adcd35c2b77e6931f58e28edf2d79de499dffe93e411416930c00", "2750f0c9766c949e73a28d9be59ec227e476efc81ccbf9a2180c78491324f8b7", "da3567e0f7c091e1707cbbd7909cfd9fe835fb48dcfb9d1efaaec49ebf5a737d", "7cc6160a71803a5e7fc8b01c0fed45b049081ddb3aeac9b1db7ae360f2f20af6", "7d844d2401d7065a005fe109510e2263f60a0bbd11072f1c2e97434b033a4f0f", "60d04a29b992ed24711d2f240cacc63f34ab48bcf1332ac7b732d3de2edeb26a", "daca60c3f4577bc641c1b25f2bfb220649476db0999e81e3d4d7306069a7d6f6", "817f0e050402f396b770b3ab4346e0c7ac067d478ccbe57f88277cb9fa07afcb", "5a8bfb98f3025a2cd0b432272f7e611914d4bcbaad861afd55e08e5a26c577ba", "16ebbbbd2d978523d5a3aab8bd061eb664758aa22450ad965591b0972c1bd1e5", "57397ad4a1cd1f70971dab52e5efa14cdc370489e5672e18ee54b71da88d25ca", "8f9a1c56809d5c7dbcdfe6697fafe81038bd2162956eb442c8978b04e7e6f4c9", "55375bebf365b8f173a1af478725c273440f5bac83939da9d196a83d564ccf50", "20c1fc5368a95da72dcd4260873d0bc3cc5fe7a0a70ead28de3f3925bc27aa32", "68e66db7f8cb147a6aa5cbc6b3cb7b0ad6a5569f8eabb662bfecddf9b58bdef1", "51720195800c617254987a2cd380dd2917fc286b0e60202798fbf4969012b570"], "mitre_attack_tags": []}, {"bi": "decoy-wpfv", "hashes": ["415fec7c4f2787631477a71a585003391201c8a2f25228fe34f7f14da451607d", "85dfc22a0b450f06b46de29ccef88cab8e4466fa6653bdd3b03f421a0f8ce4da", "bce7d560358ec4421bd73e2d00259c52866b171181f2a4a12844d4174769b725", "df4d3ff367a2f4d89d40586b8d44102bf1c3de97ab7ccef18c7f43b4993c1be3", "9f429762c580897cb4a71271725483d7d75bbb6d0840dbbe323140b31b1d2b0d", "c6e240ea678b1f1b6f3a185fc1407f50de6eb8585579614ca2ce3731bc8070d3", "4b2fbc99af8bee1e7c8d6dfa31c758a464949b072def63379b54698c2bcb0295", "974b226b88a378aee906e397da4c8b8e849845cdf01b7a7ef1bdef73b1cb37a6", "1fb3c24f7e64a802af37174a49e8fb4a93a65458918552c54c93c5794a852fe2", "73a322b14d0adcd35c2b77e6931f58e28edf2d79de499dffe93e411416930c00", "2750f0c9766c949e73a28d9be59ec227e476efc81ccbf9a2180c78491324f8b7", "da3567e0f7c091e1707cbbd7909cfd9fe835fb48dcfb9d1efaaec49ebf5a737d", "7cc6160a71803a5e7fc8b01c0fed45b049081ddb3aeac9b1db7ae360f2f20af6", "7d844d2401d7065a005fe109510e2263f60a0bbd11072f1c2e97434b033a4f0f", "60d04a29b992ed24711d2f240cacc63f34ab48bcf1332ac7b732d3de2edeb26a", "daca60c3f4577bc641c1b25f2bfb220649476db0999e81e3d4d7306069a7d6f6", "817f0e050402f396b770b3ab4346e0c7ac067d478ccbe57f88277cb9fa07afcb", "5a8bfb98f3025a2cd0b432272f7e611914d4bcbaad861afd55e08e5a26c577ba", "16ebbbbd2d978523d5a3aab8bd061eb664758aa22450ad965591b0972c1bd1e5", "57397ad4a1cd1f70971dab52e5efa14cdc370489e5672e18ee54b71da88d25ca", "8f9a1c56809d5c7dbcdfe6697fafe81038bd2162956eb442c8978b04e7e6f4c9", "55375bebf365b8f173a1af478725c273440f5bac83939da9d196a83d564ccf50", "20c1fc5368a95da72dcd4260873d0bc3cc5fe7a0a70ead28de3f3925bc27aa32", "68e66db7f8cb147a6aa5cbc6b3cb7b0ad6a5569f8eabb662bfecddf9b58bdef1", "51720195800c617254987a2cd380dd2917fc286b0e60202798fbf4969012b570"], "mitre_attack_tags": ["TA0001", "T1566"]}, {"bi": "microsoft-block-rule-list-app-executed", "hashes": ["415fec7c4f2787631477a71a585003391201c8a2f25228fe34f7f14da451607d", "85dfc22a0b450f06b46de29ccef88cab8e4466fa6653bdd3b03f421a0f8ce4da", "bce7d560358ec4421bd73e2d00259c52866b171181f2a4a12844d4174769b725", "df4d3ff367a2f4d89d40586b8d44102bf1c3de97ab7ccef18c7f43b4993c1be3", "9f429762c580897cb4a71271725483d7d75bbb6d0840dbbe323140b31b1d2b0d", "c6e240ea678b1f1b6f3a185fc1407f50de6eb8585579614ca2ce3731bc8070d3", "4b2fbc99af8bee1e7c8d6dfa31c758a464949b072def63379b54698c2bcb0295", "974b226b88a378aee906e397da4c8b8e849845cdf01b7a7ef1bdef73b1cb37a6", "1fb3c24f7e64a802af37174a49e8fb4a93a65458918552c54c93c5794a852fe2", "73a322b14d0adcd35c2b77e6931f58e28edf2d79de499dffe93e411416930c00", "2750f0c9766c949e73a28d9be59ec227e476efc81ccbf9a2180c78491324f8b7", "da3567e0f7c091e1707cbbd7909cfd9fe835fb48dcfb9d1efaaec49ebf5a737d", "7cc6160a71803a5e7fc8b01c0fed45b049081ddb3aeac9b1db7ae360f2f20af6", "7d844d2401d7065a005fe109510e2263f60a0bbd11072f1c2e97434b033a4f0f", "60d04a29b992ed24711d2f240cacc63f34ab48bcf1332ac7b732d3de2edeb26a", "daca60c3f4577bc641c1b25f2bfb220649476db0999e81e3d4d7306069a7d6f6", "817f0e050402f396b770b3ab4346e0c7ac067d478ccbe57f88277cb9fa07afcb", "5a8bfb98f3025a2cd0b432272f7e611914d4bcbaad861afd55e08e5a26c577ba", "16ebbbbd2d978523d5a3aab8bd061eb664758aa22450ad965591b0972c1bd1e5", "57397ad4a1cd1f70971dab52e5efa14cdc370489e5672e18ee54b71da88d25ca", "8f9a1c56809d5c7dbcdfe6697fafe81038bd2162956eb442c8978b04e7e6f4c9", "55375bebf365b8f173a1af478725c273440f5bac83939da9d196a83d564ccf50", "20c1fc5368a95da72dcd4260873d0bc3cc5fe7a0a70ead28de3f3925bc27aa32", "68e66db7f8cb147a6aa5cbc6b3cb7b0ad6a5569f8eabb662bfecddf9b58bdef1", "51720195800c617254987a2cd380dd2917fc286b0e60202798fbf4969012b570"], "mitre_attack_tags": ["TA0005", "T1562"]}, {"bi": "windows-speech-api", "hashes": ["415fec7c4f2787631477a71a585003391201c8a2f25228fe34f7f14da451607d", "85dfc22a0b450f06b46de29ccef88cab8e4466fa6653bdd3b03f421a0f8ce4da", "bce7d560358ec4421bd73e2d00259c52866b171181f2a4a12844d4174769b725", "df4d3ff367a2f4d89d40586b8d44102bf1c3de97ab7ccef18c7f43b4993c1be3", "9f429762c580897cb4a71271725483d7d75bbb6d0840dbbe323140b31b1d2b0d", "c6e240ea678b1f1b6f3a185fc1407f50de6eb8585579614ca2ce3731bc8070d3", "4b2fbc99af8bee1e7c8d6dfa31c758a464949b072def63379b54698c2bcb0295", "974b226b88a378aee906e397da4c8b8e849845cdf01b7a7ef1bdef73b1cb37a6", "1fb3c24f7e64a802af37174a49e8fb4a93a65458918552c54c93c5794a852fe2", "73a322b14d0adcd35c2b77e6931f58e28edf2d79de499dffe93e411416930c00", "2750f0c9766c949e73a28d9be59ec227e476efc81ccbf9a2180c78491324f8b7", "da3567e0f7c091e1707cbbd7909cfd9fe835fb48dcfb9d1efaaec49ebf5a737d", "7cc6160a71803a5e7fc8b01c0fed45b049081ddb3aeac9b1db7ae360f2f20af6", "7d844d2401d7065a005fe109510e2263f60a0bbd11072f1c2e97434b033a4f0f", "60d04a29b992ed24711d2f240cacc63f34ab48bcf1332ac7b732d3de2edeb26a", "daca60c3f4577bc641c1b25f2bfb220649476db0999e81e3d4d7306069a7d6f6", "817f0e050402f396b770b3ab4346e0c7ac067d478ccbe57f88277cb9fa07afcb", "5a8bfb98f3025a2cd0b432272f7e611914d4bcbaad861afd55e08e5a26c577ba", "16ebbbbd2d978523d5a3aab8bd061eb664758aa22450ad965591b0972c1bd1e5", "57397ad4a1cd1f70971dab52e5efa14cdc370489e5672e18ee54b71da88d25ca", "8f9a1c56809d5c7dbcdfe6697fafe81038bd2162956eb442c8978b04e7e6f4c9", "55375bebf365b8f173a1af478725c273440f5bac83939da9d196a83d564ccf50", "20c1fc5368a95da72dcd4260873d0bc3cc5fe7a0a70ead28de3f3925bc27aa32", "68e66db7f8cb147a6aa5cbc6b3cb7b0ad6a5569f8eabb662bfecddf9b58bdef1", "51720195800c617254987a2cd380dd2917fc286b0e60202798fbf4969012b570"], "mitre_attack_tags": ["TA0040", "T1491"]}, {"bi": "pdf-password-protected", "hashes": ["415fec7c4f2787631477a71a585003391201c8a2f25228fe34f7f14da451607d", "85dfc22a0b450f06b46de29ccef88cab8e4466fa6653bdd3b03f421a0f8ce4da", "bce7d560358ec4421bd73e2d00259c52866b171181f2a4a12844d4174769b725", "df4d3ff367a2f4d89d40586b8d44102bf1c3de97ab7ccef18c7f43b4993c1be3", "9f429762c580897cb4a71271725483d7d75bbb6d0840dbbe323140b31b1d2b0d", "c6e240ea678b1f1b6f3a185fc1407f50de6eb8585579614ca2ce3731bc8070d3", "4b2fbc99af8bee1e7c8d6dfa31c758a464949b072def63379b54698c2bcb0295", "974b226b88a378aee906e397da4c8b8e849845cdf01b7a7ef1bdef73b1cb37a6", "1fb3c24f7e64a802af37174a49e8fb4a93a65458918552c54c93c5794a852fe2", "73a322b14d0adcd35c2b77e6931f58e28edf2d79de499dffe93e411416930c00", "2750f0c9766c949e73a28d9be59ec227e476efc81ccbf9a2180c78491324f8b7", "da3567e0f7c091e1707cbbd7909cfd9fe835fb48dcfb9d1efaaec49ebf5a737d", "7cc6160a71803a5e7fc8b01c0fed45b049081ddb3aeac9b1db7ae360f2f20af6", "7d844d2401d7065a005fe109510e2263f60a0bbd11072f1c2e97434b033a4f0f", "60d04a29b992ed24711d2f240cacc63f34ab48bcf1332ac7b732d3de2edeb26a", "daca60c3f4577bc641c1b25f2bfb220649476db0999e81e3d4d7306069a7d6f6", "817f0e050402f396b770b3ab4346e0c7ac067d478ccbe57f88277cb9fa07afcb", "5a8bfb98f3025a2cd0b432272f7e611914d4bcbaad861afd55e08e5a26c577ba", "16ebbbbd2d978523d5a3aab8bd061eb664758aa22450ad965591b0972c1bd1e5", "57397ad4a1cd1f70971dab52e5efa14cdc370489e5672e18ee54b71da88d25ca", "8f9a1c56809d5c7dbcdfe6697fafe81038bd2162956eb442c8978b04e7e6f4c9", "55375bebf365b8f173a1af478725c273440f5bac83939da9d196a83d564ccf50", "20c1fc5368a95da72dcd4260873d0bc3cc5fe7a0a70ead28de3f3925bc27aa32", "68e66db7f8cb147a6aa5cbc6b3cb7b0ad6a5569f8eabb662bfecddf9b58bdef1", "51720195800c617254987a2cd380dd2917fc286b0e60202798fbf4969012b570"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "process-deletes-many-files", "hashes": ["415fec7c4f2787631477a71a585003391201c8a2f25228fe34f7f14da451607d", "85dfc22a0b450f06b46de29ccef88cab8e4466fa6653bdd3b03f421a0f8ce4da", "bce7d560358ec4421bd73e2d00259c52866b171181f2a4a12844d4174769b725", "df4d3ff367a2f4d89d40586b8d44102bf1c3de97ab7ccef18c7f43b4993c1be3", "9f429762c580897cb4a71271725483d7d75bbb6d0840dbbe323140b31b1d2b0d", "c6e240ea678b1f1b6f3a185fc1407f50de6eb8585579614ca2ce3731bc8070d3", "4b2fbc99af8bee1e7c8d6dfa31c758a464949b072def63379b54698c2bcb0295", "974b226b88a378aee906e397da4c8b8e849845cdf01b7a7ef1bdef73b1cb37a6", "1fb3c24f7e64a802af37174a49e8fb4a93a65458918552c54c93c5794a852fe2", "73a322b14d0adcd35c2b77e6931f58e28edf2d79de499dffe93e411416930c00", "2750f0c9766c949e73a28d9be59ec227e476efc81ccbf9a2180c78491324f8b7", "da3567e0f7c091e1707cbbd7909cfd9fe835fb48dcfb9d1efaaec49ebf5a737d", "7cc6160a71803a5e7fc8b01c0fed45b049081ddb3aeac9b1db7ae360f2f20af6", "7d844d2401d7065a005fe109510e2263f60a0bbd11072f1c2e97434b033a4f0f", "60d04a29b992ed24711d2f240cacc63f34ab48bcf1332ac7b732d3de2edeb26a", "daca60c3f4577bc641c1b25f2bfb220649476db0999e81e3d4d7306069a7d6f6", "817f0e050402f396b770b3ab4346e0c7ac067d478ccbe57f88277cb9fa07afcb", "5a8bfb98f3025a2cd0b432272f7e611914d4bcbaad861afd55e08e5a26c577ba", "16ebbbbd2d978523d5a3aab8bd061eb664758aa22450ad965591b0972c1bd1e5", "57397ad4a1cd1f70971dab52e5efa14cdc370489e5672e18ee54b71da88d25ca", "8f9a1c56809d5c7dbcdfe6697fafe81038bd2162956eb442c8978b04e7e6f4c9", "55375bebf365b8f173a1af478725c273440f5bac83939da9d196a83d564ccf50", "20c1fc5368a95da72dcd4260873d0bc3cc5fe7a0a70ead28de3f3925bc27aa32", "68e66db7f8cb147a6aa5cbc6b3cb7b0ad6a5569f8eabb662bfecddf9b58bdef1", "51720195800c617254987a2cd380dd2917fc286b0e60202798fbf4969012b570"], "mitre_attack_tags": []}, {"bi": "malware-generic-infostealer", "hashes": ["415fec7c4f2787631477a71a585003391201c8a2f25228fe34f7f14da451607d", "85dfc22a0b450f06b46de29ccef88cab8e4466fa6653bdd3b03f421a0f8ce4da", "bce7d560358ec4421bd73e2d00259c52866b171181f2a4a12844d4174769b725", "df4d3ff367a2f4d89d40586b8d44102bf1c3de97ab7ccef18c7f43b4993c1be3", "9f429762c580897cb4a71271725483d7d75bbb6d0840dbbe323140b31b1d2b0d", "c6e240ea678b1f1b6f3a185fc1407f50de6eb8585579614ca2ce3731bc8070d3", "4b2fbc99af8bee1e7c8d6dfa31c758a464949b072def63379b54698c2bcb0295", "974b226b88a378aee906e397da4c8b8e849845cdf01b7a7ef1bdef73b1cb37a6", "1fb3c24f7e64a802af37174a49e8fb4a93a65458918552c54c93c5794a852fe2", "73a322b14d0adcd35c2b77e6931f58e28edf2d79de499dffe93e411416930c00", "2750f0c9766c949e73a28d9be59ec227e476efc81ccbf9a2180c78491324f8b7", "da3567e0f7c091e1707cbbd7909cfd9fe835fb48dcfb9d1efaaec49ebf5a737d", "7cc6160a71803a5e7fc8b01c0fed45b049081ddb3aeac9b1db7ae360f2f20af6", "7d844d2401d7065a005fe109510e2263f60a0bbd11072f1c2e97434b033a4f0f", "60d04a29b992ed24711d2f240cacc63f34ab48bcf1332ac7b732d3de2edeb26a", "daca60c3f4577bc641c1b25f2bfb220649476db0999e81e3d4d7306069a7d6f6", "817f0e050402f396b770b3ab4346e0c7ac067d478ccbe57f88277cb9fa07afcb", "5a8bfb98f3025a2cd0b432272f7e611914d4bcbaad861afd55e08e5a26c577ba", "16ebbbbd2d978523d5a3aab8bd061eb664758aa22450ad965591b0972c1bd1e5", "57397ad4a1cd1f70971dab52e5efa14cdc370489e5672e18ee54b71da88d25ca", "8f9a1c56809d5c7dbcdfe6697fafe81038bd2162956eb442c8978b04e7e6f4c9", "55375bebf365b8f173a1af478725c273440f5bac83939da9d196a83d564ccf50", "20c1fc5368a95da72dcd4260873d0bc3cc5fe7a0a70ead28de3f3925bc27aa32", "68e66db7f8cb147a6aa5cbc6b3cb7b0ad6a5569f8eabb662bfecddf9b58bdef1", "51720195800c617254987a2cd380dd2917fc286b0e60202798fbf4969012b570"], "mitre_attack_tags": ["TA0007", "TA0009", "TA0006", "T1083", "T1005", "T1119", "T1552"]}, {"bi": "enumeration-cryptocurrency-information", "hashes": ["415fec7c4f2787631477a71a585003391201c8a2f25228fe34f7f14da451607d", "85dfc22a0b450f06b46de29ccef88cab8e4466fa6653bdd3b03f421a0f8ce4da", "bce7d560358ec4421bd73e2d00259c52866b171181f2a4a12844d4174769b725", "df4d3ff367a2f4d89d40586b8d44102bf1c3de97ab7ccef18c7f43b4993c1be3", "9f429762c580897cb4a71271725483d7d75bbb6d0840dbbe323140b31b1d2b0d", "c6e240ea678b1f1b6f3a185fc1407f50de6eb8585579614ca2ce3731bc8070d3", "4b2fbc99af8bee1e7c8d6dfa31c758a464949b072def63379b54698c2bcb0295", "974b226b88a378aee906e397da4c8b8e849845cdf01b7a7ef1bdef73b1cb37a6", "1fb3c24f7e64a802af37174a49e8fb4a93a65458918552c54c93c5794a852fe2", "73a322b14d0adcd35c2b77e6931f58e28edf2d79de499dffe93e411416930c00", "2750f0c9766c949e73a28d9be59ec227e476efc81ccbf9a2180c78491324f8b7", "da3567e0f7c091e1707cbbd7909cfd9fe835fb48dcfb9d1efaaec49ebf5a737d", "7cc6160a71803a5e7fc8b01c0fed45b049081ddb3aeac9b1db7ae360f2f20af6", "7d844d2401d7065a005fe109510e2263f60a0bbd11072f1c2e97434b033a4f0f", "60d04a29b992ed24711d2f240cacc63f34ab48bcf1332ac7b732d3de2edeb26a", "daca60c3f4577bc641c1b25f2bfb220649476db0999e81e3d4d7306069a7d6f6", "817f0e050402f396b770b3ab4346e0c7ac067d478ccbe57f88277cb9fa07afcb", "5a8bfb98f3025a2cd0b432272f7e611914d4bcbaad861afd55e08e5a26c577ba", "16ebbbbd2d978523d5a3aab8bd061eb664758aa22450ad965591b0972c1bd1e5", "57397ad4a1cd1f70971dab52e5efa14cdc370489e5672e18ee54b71da88d25ca", "8f9a1c56809d5c7dbcdfe6697fafe81038bd2162956eb442c8978b04e7e6f4c9", "55375bebf365b8f173a1af478725c273440f5bac83939da9d196a83d564ccf50", "20c1fc5368a95da72dcd4260873d0bc3cc5fe7a0a70ead28de3f3925bc27aa32", "68e66db7f8cb147a6aa5cbc6b3cb7b0ad6a5569f8eabb662bfecddf9b58bdef1", "51720195800c617254987a2cd380dd2917fc286b0e60202798fbf4969012b570"], "mitre_attack_tags": ["TA0007", "TA0009", "TA0006", "T1083", "T1005", "T1119", "T1552"]}, {"bi": "enumeration-email-program-information", "hashes": ["415fec7c4f2787631477a71a585003391201c8a2f25228fe34f7f14da451607d", "85dfc22a0b450f06b46de29ccef88cab8e4466fa6653bdd3b03f421a0f8ce4da", "bce7d560358ec4421bd73e2d00259c52866b171181f2a4a12844d4174769b725", "df4d3ff367a2f4d89d40586b8d44102bf1c3de97ab7ccef18c7f43b4993c1be3", "9f429762c580897cb4a71271725483d7d75bbb6d0840dbbe323140b31b1d2b0d", "c6e240ea678b1f1b6f3a185fc1407f50de6eb8585579614ca2ce3731bc8070d3", "4b2fbc99af8bee1e7c8d6dfa31c758a464949b072def63379b54698c2bcb0295", "974b226b88a378aee906e397da4c8b8e849845cdf01b7a7ef1bdef73b1cb37a6", "1fb3c24f7e64a802af37174a49e8fb4a93a65458918552c54c93c5794a852fe2", "73a322b14d0adcd35c2b77e6931f58e28edf2d79de499dffe93e411416930c00", "2750f0c9766c949e73a28d9be59ec227e476efc81ccbf9a2180c78491324f8b7", "da3567e0f7c091e1707cbbd7909cfd9fe835fb48dcfb9d1efaaec49ebf5a737d", "7cc6160a71803a5e7fc8b01c0fed45b049081ddb3aeac9b1db7ae360f2f20af6", "7d844d2401d7065a005fe109510e2263f60a0bbd11072f1c2e97434b033a4f0f", "60d04a29b992ed24711d2f240cacc63f34ab48bcf1332ac7b732d3de2edeb26a", "daca60c3f4577bc641c1b25f2bfb220649476db0999e81e3d4d7306069a7d6f6", "817f0e050402f396b770b3ab4346e0c7ac067d478ccbe57f88277cb9fa07afcb", "5a8bfb98f3025a2cd0b432272f7e611914d4bcbaad861afd55e08e5a26c577ba", "16ebbbbd2d978523d5a3aab8bd061eb664758aa22450ad965591b0972c1bd1e5", "57397ad4a1cd1f70971dab52e5efa14cdc370489e5672e18ee54b71da88d25ca", "8f9a1c56809d5c7dbcdfe6697fafe81038bd2162956eb442c8978b04e7e6f4c9", "55375bebf365b8f173a1af478725c273440f5bac83939da9d196a83d564ccf50", "20c1fc5368a95da72dcd4260873d0bc3cc5fe7a0a70ead28de3f3925bc27aa32", "68e66db7f8cb147a6aa5cbc6b3cb7b0ad6a5569f8eabb662bfecddf9b58bdef1", "51720195800c617254987a2cd380dd2917fc286b0e60202798fbf4969012b570"], "mitre_attack_tags": ["TA0007", "TA0009", "TA0006", "T1083", "T1087", "T1005", "T1119", "T1114", "T1552"]}, {"bi": "rtf-appended-data", "hashes": ["415fec7c4f2787631477a71a585003391201c8a2f25228fe34f7f14da451607d", "85dfc22a0b450f06b46de29ccef88cab8e4466fa6653bdd3b03f421a0f8ce4da", "bce7d560358ec4421bd73e2d00259c52866b171181f2a4a12844d4174769b725", "df4d3ff367a2f4d89d40586b8d44102bf1c3de97ab7ccef18c7f43b4993c1be3", "9f429762c580897cb4a71271725483d7d75bbb6d0840dbbe323140b31b1d2b0d", "c6e240ea678b1f1b6f3a185fc1407f50de6eb8585579614ca2ce3731bc8070d3", "4b2fbc99af8bee1e7c8d6dfa31c758a464949b072def63379b54698c2bcb0295", "974b226b88a378aee906e397da4c8b8e849845cdf01b7a7ef1bdef73b1cb37a6", "1fb3c24f7e64a802af37174a49e8fb4a93a65458918552c54c93c5794a852fe2", "73a322b14d0adcd35c2b77e6931f58e28edf2d79de499dffe93e411416930c00", "2750f0c9766c949e73a28d9be59ec227e476efc81ccbf9a2180c78491324f8b7", "da3567e0f7c091e1707cbbd7909cfd9fe835fb48dcfb9d1efaaec49ebf5a737d", "7cc6160a71803a5e7fc8b01c0fed45b049081ddb3aeac9b1db7ae360f2f20af6", "7d844d2401d7065a005fe109510e2263f60a0bbd11072f1c2e97434b033a4f0f", "60d04a29b992ed24711d2f240cacc63f34ab48bcf1332ac7b732d3de2edeb26a", "daca60c3f4577bc641c1b25f2bfb220649476db0999e81e3d4d7306069a7d6f6", "817f0e050402f396b770b3ab4346e0c7ac067d478ccbe57f88277cb9fa07afcb", "5a8bfb98f3025a2cd0b432272f7e611914d4bcbaad861afd55e08e5a26c577ba", "16ebbbbd2d978523d5a3aab8bd061eb664758aa22450ad965591b0972c1bd1e5", "57397ad4a1cd1f70971dab52e5efa14cdc370489e5672e18ee54b71da88d25ca", "8f9a1c56809d5c7dbcdfe6697fafe81038bd2162956eb442c8978b04e7e6f4c9", "55375bebf365b8f173a1af478725c273440f5bac83939da9d196a83d564ccf50", "20c1fc5368a95da72dcd4260873d0bc3cc5fe7a0a70ead28de3f3925bc27aa32", "68e66db7f8cb147a6aa5cbc6b3cb7b0ad6a5569f8eabb662bfecddf9b58bdef1", "51720195800c617254987a2cd380dd2917fc286b0e60202798fbf4969012b570"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "rtf-high-entropy", "hashes": ["415fec7c4f2787631477a71a585003391201c8a2f25228fe34f7f14da451607d", "85dfc22a0b450f06b46de29ccef88cab8e4466fa6653bdd3b03f421a0f8ce4da", "bce7d560358ec4421bd73e2d00259c52866b171181f2a4a12844d4174769b725", "df4d3ff367a2f4d89d40586b8d44102bf1c3de97ab7ccef18c7f43b4993c1be3", "9f429762c580897cb4a71271725483d7d75bbb6d0840dbbe323140b31b1d2b0d", "c6e240ea678b1f1b6f3a185fc1407f50de6eb8585579614ca2ce3731bc8070d3", "4b2fbc99af8bee1e7c8d6dfa31c758a464949b072def63379b54698c2bcb0295", "974b226b88a378aee906e397da4c8b8e849845cdf01b7a7ef1bdef73b1cb37a6", "1fb3c24f7e64a802af37174a49e8fb4a93a65458918552c54c93c5794a852fe2", "73a322b14d0adcd35c2b77e6931f58e28edf2d79de499dffe93e411416930c00", "2750f0c9766c949e73a28d9be59ec227e476efc81ccbf9a2180c78491324f8b7", "da3567e0f7c091e1707cbbd7909cfd9fe835fb48dcfb9d1efaaec49ebf5a737d", "7cc6160a71803a5e7fc8b01c0fed45b049081ddb3aeac9b1db7ae360f2f20af6", "7d844d2401d7065a005fe109510e2263f60a0bbd11072f1c2e97434b033a4f0f", "60d04a29b992ed24711d2f240cacc63f34ab48bcf1332ac7b732d3de2edeb26a", "daca60c3f4577bc641c1b25f2bfb220649476db0999e81e3d4d7306069a7d6f6", "817f0e050402f396b770b3ab4346e0c7ac067d478ccbe57f88277cb9fa07afcb", "5a8bfb98f3025a2cd0b432272f7e611914d4bcbaad861afd55e08e5a26c577ba", "16ebbbbd2d978523d5a3aab8bd061eb664758aa22450ad965591b0972c1bd1e5", "57397ad4a1cd1f70971dab52e5efa14cdc370489e5672e18ee54b71da88d25ca", "8f9a1c56809d5c7dbcdfe6697fafe81038bd2162956eb442c8978b04e7e6f4c9", "55375bebf365b8f173a1af478725c273440f5bac83939da9d196a83d564ccf50", "20c1fc5368a95da72dcd4260873d0bc3cc5fe7a0a70ead28de3f3925bc27aa32", "68e66db7f8cb147a6aa5cbc6b3cb7b0ad6a5569f8eabb662bfecddf9b58bdef1", "51720195800c617254987a2cd380dd2917fc286b0e60202798fbf4969012b570"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "enumeration-game-information", "hashes": ["415fec7c4f2787631477a71a585003391201c8a2f25228fe34f7f14da451607d", "85dfc22a0b450f06b46de29ccef88cab8e4466fa6653bdd3b03f421a0f8ce4da", "bce7d560358ec4421bd73e2d00259c52866b171181f2a4a12844d4174769b725", "df4d3ff367a2f4d89d40586b8d44102bf1c3de97ab7ccef18c7f43b4993c1be3", "9f429762c580897cb4a71271725483d7d75bbb6d0840dbbe323140b31b1d2b0d", "c6e240ea678b1f1b6f3a185fc1407f50de6eb8585579614ca2ce3731bc8070d3", "4b2fbc99af8bee1e7c8d6dfa31c758a464949b072def63379b54698c2bcb0295", "974b226b88a378aee906e397da4c8b8e849845cdf01b7a7ef1bdef73b1cb37a6", "1fb3c24f7e64a802af37174a49e8fb4a93a65458918552c54c93c5794a852fe2", "73a322b14d0adcd35c2b77e6931f58e28edf2d79de499dffe93e411416930c00", "2750f0c9766c949e73a28d9be59ec227e476efc81ccbf9a2180c78491324f8b7", "da3567e0f7c091e1707cbbd7909cfd9fe835fb48dcfb9d1efaaec49ebf5a737d", "7cc6160a71803a5e7fc8b01c0fed45b049081ddb3aeac9b1db7ae360f2f20af6", "7d844d2401d7065a005fe109510e2263f60a0bbd11072f1c2e97434b033a4f0f", "60d04a29b992ed24711d2f240cacc63f34ab48bcf1332ac7b732d3de2edeb26a", "daca60c3f4577bc641c1b25f2bfb220649476db0999e81e3d4d7306069a7d6f6", "817f0e050402f396b770b3ab4346e0c7ac067d478ccbe57f88277cb9fa07afcb", "5a8bfb98f3025a2cd0b432272f7e611914d4bcbaad861afd55e08e5a26c577ba", "16ebbbbd2d978523d5a3aab8bd061eb664758aa22450ad965591b0972c1bd1e5", "57397ad4a1cd1f70971dab52e5efa14cdc370489e5672e18ee54b71da88d25ca", "8f9a1c56809d5c7dbcdfe6697fafe81038bd2162956eb442c8978b04e7e6f4c9", "55375bebf365b8f173a1af478725c273440f5bac83939da9d196a83d564ccf50", "20c1fc5368a95da72dcd4260873d0bc3cc5fe7a0a70ead28de3f3925bc27aa32", "68e66db7f8cb147a6aa5cbc6b3cb7b0ad6a5569f8eabb662bfecddf9b58bdef1", "51720195800c617254987a2cd380dd2917fc286b0e60202798fbf4969012b570"], "mitre_attack_tags": ["TA0007", "TA0009", "TA0006", "T1083", "T1005", "T1119", "T1552", "T1555"]}, {"bi": "enumeration-sql-server-information", "hashes": ["415fec7c4f2787631477a71a585003391201c8a2f25228fe34f7f14da451607d", "85dfc22a0b450f06b46de29ccef88cab8e4466fa6653bdd3b03f421a0f8ce4da", "bce7d560358ec4421bd73e2d00259c52866b171181f2a4a12844d4174769b725", "df4d3ff367a2f4d89d40586b8d44102bf1c3de97ab7ccef18c7f43b4993c1be3", "9f429762c580897cb4a71271725483d7d75bbb6d0840dbbe323140b31b1d2b0d", "c6e240ea678b1f1b6f3a185fc1407f50de6eb8585579614ca2ce3731bc8070d3", "4b2fbc99af8bee1e7c8d6dfa31c758a464949b072def63379b54698c2bcb0295", "974b226b88a378aee906e397da4c8b8e849845cdf01b7a7ef1bdef73b1cb37a6", "1fb3c24f7e64a802af37174a49e8fb4a93a65458918552c54c93c5794a852fe2", "73a322b14d0adcd35c2b77e6931f58e28edf2d79de499dffe93e411416930c00", "2750f0c9766c949e73a28d9be59ec227e476efc81ccbf9a2180c78491324f8b7", "da3567e0f7c091e1707cbbd7909cfd9fe835fb48dcfb9d1efaaec49ebf5a737d", "7cc6160a71803a5e7fc8b01c0fed45b049081ddb3aeac9b1db7ae360f2f20af6", "7d844d2401d7065a005fe109510e2263f60a0bbd11072f1c2e97434b033a4f0f", "60d04a29b992ed24711d2f240cacc63f34ab48bcf1332ac7b732d3de2edeb26a", "daca60c3f4577bc641c1b25f2bfb220649476db0999e81e3d4d7306069a7d6f6", "817f0e050402f396b770b3ab4346e0c7ac067d478ccbe57f88277cb9fa07afcb", "5a8bfb98f3025a2cd0b432272f7e611914d4bcbaad861afd55e08e5a26c577ba", "16ebbbbd2d978523d5a3aab8bd061eb664758aa22450ad965591b0972c1bd1e5", "57397ad4a1cd1f70971dab52e5efa14cdc370489e5672e18ee54b71da88d25ca", "8f9a1c56809d5c7dbcdfe6697fafe81038bd2162956eb442c8978b04e7e6f4c9", "55375bebf365b8f173a1af478725c273440f5bac83939da9d196a83d564ccf50", "20c1fc5368a95da72dcd4260873d0bc3cc5fe7a0a70ead28de3f3925bc27aa32", "68e66db7f8cb147a6aa5cbc6b3cb7b0ad6a5569f8eabb662bfecddf9b58bdef1", "51720195800c617254987a2cd380dd2917fc286b0e60202798fbf4969012b570"], "mitre_attack_tags": ["TA0007", "T1082"]}, {"bi": "randomly-named-files", "hashes": ["415fec7c4f2787631477a71a585003391201c8a2f25228fe34f7f14da451607d", "85dfc22a0b450f06b46de29ccef88cab8e4466fa6653bdd3b03f421a0f8ce4da", "bce7d560358ec4421bd73e2d00259c52866b171181f2a4a12844d4174769b725", "df4d3ff367a2f4d89d40586b8d44102bf1c3de97ab7ccef18c7f43b4993c1be3", "9f429762c580897cb4a71271725483d7d75bbb6d0840dbbe323140b31b1d2b0d", "c6e240ea678b1f1b6f3a185fc1407f50de6eb8585579614ca2ce3731bc8070d3", "4b2fbc99af8bee1e7c8d6dfa31c758a464949b072def63379b54698c2bcb0295", "974b226b88a378aee906e397da4c8b8e849845cdf01b7a7ef1bdef73b1cb37a6", "1fb3c24f7e64a802af37174a49e8fb4a93a65458918552c54c93c5794a852fe2", "73a322b14d0adcd35c2b77e6931f58e28edf2d79de499dffe93e411416930c00", "2750f0c9766c949e73a28d9be59ec227e476efc81ccbf9a2180c78491324f8b7", "da3567e0f7c091e1707cbbd7909cfd9fe835fb48dcfb9d1efaaec49ebf5a737d", "7cc6160a71803a5e7fc8b01c0fed45b049081ddb3aeac9b1db7ae360f2f20af6", "7d844d2401d7065a005fe109510e2263f60a0bbd11072f1c2e97434b033a4f0f", "daca60c3f4577bc641c1b25f2bfb220649476db0999e81e3d4d7306069a7d6f6", "817f0e050402f396b770b3ab4346e0c7ac067d478ccbe57f88277cb9fa07afcb", "5a8bfb98f3025a2cd0b432272f7e611914d4bcbaad861afd55e08e5a26c577ba", "16ebbbbd2d978523d5a3aab8bd061eb664758aa22450ad965591b0972c1bd1e5", "57397ad4a1cd1f70971dab52e5efa14cdc370489e5672e18ee54b71da88d25ca", "8f9a1c56809d5c7dbcdfe6697fafe81038bd2162956eb442c8978b04e7e6f4c9", "55375bebf365b8f173a1af478725c273440f5bac83939da9d196a83d564ccf50", "20c1fc5368a95da72dcd4260873d0bc3cc5fe7a0a70ead28de3f3925bc27aa32", "68e66db7f8cb147a6aa5cbc6b3cb7b0ad6a5569f8eabb662bfecddf9b58bdef1", "51720195800c617254987a2cd380dd2917fc286b0e60202798fbf4969012b570"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "netbios-query", "hashes": ["85dfc22a0b450f06b46de29ccef88cab8e4466fa6653bdd3b03f421a0f8ce4da", "9f429762c580897cb4a71271725483d7d75bbb6d0840dbbe323140b31b1d2b0d", "4b2fbc99af8bee1e7c8d6dfa31c758a464949b072def63379b54698c2bcb0295", "974b226b88a378aee906e397da4c8b8e849845cdf01b7a7ef1bdef73b1cb37a6", "da3567e0f7c091e1707cbbd7909cfd9fe835fb48dcfb9d1efaaec49ebf5a737d", "7cc6160a71803a5e7fc8b01c0fed45b049081ddb3aeac9b1db7ae360f2f20af6", "7d844d2401d7065a005fe109510e2263f60a0bbd11072f1c2e97434b033a4f0f", "817f0e050402f396b770b3ab4346e0c7ac067d478ccbe57f88277cb9fa07afcb", "5a8bfb98f3025a2cd0b432272f7e611914d4bcbaad861afd55e08e5a26c577ba", "16ebbbbd2d978523d5a3aab8bd061eb664758aa22450ad965591b0972c1bd1e5", "57397ad4a1cd1f70971dab52e5efa14cdc370489e5672e18ee54b71da88d25ca", "8f9a1c56809d5c7dbcdfe6697fafe81038bd2162956eb442c8978b04e7e6f4c9", "55375bebf365b8f173a1af478725c273440f5bac83939da9d196a83d564ccf50", "20c1fc5368a95da72dcd4260873d0bc3cc5fe7a0a70ead28de3f3925bc27aa32", "68e66db7f8cb147a6aa5cbc6b3cb7b0ad6a5569f8eabb662bfecddf9b58bdef1", "51720195800c617254987a2cd380dd2917fc286b0e60202798fbf4969012b570"], "mitre_attack_tags": ["TA0007", "T1016"]}, {"bi": "http-response-client-error", "hashes": ["85dfc22a0b450f06b46de29ccef88cab8e4466fa6653bdd3b03f421a0f8ce4da", "9f429762c580897cb4a71271725483d7d75bbb6d0840dbbe323140b31b1d2b0d", "4b2fbc99af8bee1e7c8d6dfa31c758a464949b072def63379b54698c2bcb0295", "974b226b88a378aee906e397da4c8b8e849845cdf01b7a7ef1bdef73b1cb37a6", "da3567e0f7c091e1707cbbd7909cfd9fe835fb48dcfb9d1efaaec49ebf5a737d", "7cc6160a71803a5e7fc8b01c0fed45b049081ddb3aeac9b1db7ae360f2f20af6", "7d844d2401d7065a005fe109510e2263f60a0bbd11072f1c2e97434b033a4f0f", "817f0e050402f396b770b3ab4346e0c7ac067d478ccbe57f88277cb9fa07afcb", "5a8bfb98f3025a2cd0b432272f7e611914d4bcbaad861afd55e08e5a26c577ba", "16ebbbbd2d978523d5a3aab8bd061eb664758aa22450ad965591b0972c1bd1e5", "57397ad4a1cd1f70971dab52e5efa14cdc370489e5672e18ee54b71da88d25ca", "8f9a1c56809d5c7dbcdfe6697fafe81038bd2162956eb442c8978b04e7e6f4c9", "55375bebf365b8f173a1af478725c273440f5bac83939da9d196a83d564ccf50", "20c1fc5368a95da72dcd4260873d0bc3cc5fe7a0a70ead28de3f3925bc27aa32", "68e66db7f8cb147a6aa5cbc6b3cb7b0ad6a5569f8eabb662bfecddf9b58bdef1", "51720195800c617254987a2cd380dd2917fc286b0e60202798fbf4969012b570"], "mitre_attack_tags": []}, {"bi": "network-file-downloaded-to-disk", "hashes": ["415fec7c4f2787631477a71a585003391201c8a2f25228fe34f7f14da451607d", "bce7d560358ec4421bd73e2d00259c52866b171181f2a4a12844d4174769b725", "df4d3ff367a2f4d89d40586b8d44102bf1c3de97ab7ccef18c7f43b4993c1be3", "c6e240ea678b1f1b6f3a185fc1407f50de6eb8585579614ca2ce3731bc8070d3", "1fb3c24f7e64a802af37174a49e8fb4a93a65458918552c54c93c5794a852fe2", "73a322b14d0adcd35c2b77e6931f58e28edf2d79de499dffe93e411416930c00", "2750f0c9766c949e73a28d9be59ec227e476efc81ccbf9a2180c78491324f8b7", "60d04a29b992ed24711d2f240cacc63f34ab48bcf1332ac7b732d3de2edeb26a", "daca60c3f4577bc641c1b25f2bfb220649476db0999e81e3d4d7306069a7d6f6"], "mitre_attack_tags": []}, {"bi": "network-fast-flux-nameserver", "hashes": ["85dfc22a0b450f06b46de29ccef88cab8e4466fa6653bdd3b03f421a0f8ce4da", "4b2fbc99af8bee1e7c8d6dfa31c758a464949b072def63379b54698c2bcb0295", "da3567e0f7c091e1707cbbd7909cfd9fe835fb48dcfb9d1efaaec49ebf5a737d", "7cc6160a71803a5e7fc8b01c0fed45b049081ddb3aeac9b1db7ae360f2f20af6", "16ebbbbd2d978523d5a3aab8bd061eb664758aa22450ad965591b0972c1bd1e5", "55375bebf365b8f173a1af478725c273440f5bac83939da9d196a83d564ccf50"], "mitre_attack_tags": []}, {"bi": "antivirus-flagged-artifact", "hashes": ["85dfc22a0b450f06b46de29ccef88cab8e4466fa6653bdd3b03f421a0f8ce4da", "57397ad4a1cd1f70971dab52e5efa14cdc370489e5672e18ee54b71da88d25ca", "55375bebf365b8f173a1af478725c273440f5bac83939da9d196a83d564ccf50", "68e66db7f8cb147a6aa5cbc6b3cb7b0ad6a5569f8eabb662bfecddf9b58bdef1"], "mitre_attack_tags": []}], "category": "Ransomware", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": true, "Threat Grid": true, "Umbrella": false, "WSA": false}, "description": "Cerber is ransomware that encrypts documents, photos, databases and other important files. Historically, this malware would replace files with encrypted versions and add the file extension \".cerber,\" although in more recent campaigns other file extensions are used.", "hashes": ["16ebbbbd2d978523d5a3aab8bd061eb664758aa22450ad965591b0972c1bd1e5", "1fb3c24f7e64a802af37174a49e8fb4a93a65458918552c54c93c5794a852fe2", "20c1fc5368a95da72dcd4260873d0bc3cc5fe7a0a70ead28de3f3925bc27aa32", "2750f0c9766c949e73a28d9be59ec227e476efc81ccbf9a2180c78491324f8b7", "415fec7c4f2787631477a71a585003391201c8a2f25228fe34f7f14da451607d", "4b2fbc99af8bee1e7c8d6dfa31c758a464949b072def63379b54698c2bcb0295", "51720195800c617254987a2cd380dd2917fc286b0e60202798fbf4969012b570", "55375bebf365b8f173a1af478725c273440f5bac83939da9d196a83d564ccf50", "57397ad4a1cd1f70971dab52e5efa14cdc370489e5672e18ee54b71da88d25ca", "5a8bfb98f3025a2cd0b432272f7e611914d4bcbaad861afd55e08e5a26c577ba", "60d04a29b992ed24711d2f240cacc63f34ab48bcf1332ac7b732d3de2edeb26a", "68e66db7f8cb147a6aa5cbc6b3cb7b0ad6a5569f8eabb662bfecddf9b58bdef1", "73a322b14d0adcd35c2b77e6931f58e28edf2d79de499dffe93e411416930c00", "7cc6160a71803a5e7fc8b01c0fed45b049081ddb3aeac9b1db7ae360f2f20af6", "7d844d2401d7065a005fe109510e2263f60a0bbd11072f1c2e97434b033a4f0f", "817f0e050402f396b770b3ab4346e0c7ac067d478ccbe57f88277cb9fa07afcb", "85dfc22a0b450f06b46de29ccef88cab8e4466fa6653bdd3b03f421a0f8ce4da", "8f9a1c56809d5c7dbcdfe6697fafe81038bd2162956eb442c8978b04e7e6f4c9", "974b226b88a378aee906e397da4c8b8e849845cdf01b7a7ef1bdef73b1cb37a6", "9f429762c580897cb4a71271725483d7d75bbb6d0840dbbe323140b31b1d2b0d", "bce7d560358ec4421bd73e2d00259c52866b171181f2a4a12844d4174769b725", "c6e240ea678b1f1b6f3a185fc1407f50de6eb8585579614ca2ce3731bc8070d3", "da3567e0f7c091e1707cbbd7909cfd9fe835fb48dcfb9d1efaaec49ebf5a737d", "daca60c3f4577bc641c1b25f2bfb220649476db0999e81e3d4d7306069a7d6f6", "df4d3ff367a2f4d89d40586b8d44102bf1c3de97ab7ccef18c7f43b4993c1be3", "e2f5f44c357a40d8d6e317a27e65bec5d2f986bf674373a0533363a419858de6"], "iocs": {"domain": [{"hashes": ["16ebbbbd2d978523d5a3aab8bd061eb664758aa22450ad965591b0972c1bd1e5", "1fb3c24f7e64a802af37174a49e8fb4a93a65458918552c54c93c5794a852fe2", "20c1fc5368a95da72dcd4260873d0bc3cc5fe7a0a70ead28de3f3925bc27aa32", "2750f0c9766c949e73a28d9be59ec227e476efc81ccbf9a2180c78491324f8b7", "415fec7c4f2787631477a71a585003391201c8a2f25228fe34f7f14da451607d", "4b2fbc99af8bee1e7c8d6dfa31c758a464949b072def63379b54698c2bcb0295", "51720195800c617254987a2cd380dd2917fc286b0e60202798fbf4969012b570", "55375bebf365b8f173a1af478725c273440f5bac83939da9d196a83d564ccf50", "57397ad4a1cd1f70971dab52e5efa14cdc370489e5672e18ee54b71da88d25ca", "5a8bfb98f3025a2cd0b432272f7e611914d4bcbaad861afd55e08e5a26c577ba", "60d04a29b992ed24711d2f240cacc63f34ab48bcf1332ac7b732d3de2edeb26a", "68e66db7f8cb147a6aa5cbc6b3cb7b0ad6a5569f8eabb662bfecddf9b58bdef1", "73a322b14d0adcd35c2b77e6931f58e28edf2d79de499dffe93e411416930c00", "7cc6160a71803a5e7fc8b01c0fed45b049081ddb3aeac9b1db7ae360f2f20af6", "7d844d2401d7065a005fe109510e2263f60a0bbd11072f1c2e97434b033a4f0f", "817f0e050402f396b770b3ab4346e0c7ac067d478ccbe57f88277cb9fa07afcb", "85dfc22a0b450f06b46de29ccef88cab8e4466fa6653bdd3b03f421a0f8ce4da", "8f9a1c56809d5c7dbcdfe6697fafe81038bd2162956eb442c8978b04e7e6f4c9", "974b226b88a378aee906e397da4c8b8e849845cdf01b7a7ef1bdef73b1cb37a6", "9f429762c580897cb4a71271725483d7d75bbb6d0840dbbe323140b31b1d2b0d", "bce7d560358ec4421bd73e2d00259c52866b171181f2a4a12844d4174769b725", "c6e240ea678b1f1b6f3a185fc1407f50de6eb8585579614ca2ce3731bc8070d3", "da3567e0f7c091e1707cbbd7909cfd9fe835fb48dcfb9d1efaaec49ebf5a737d", "daca60c3f4577bc641c1b25f2bfb220649476db0999e81e3d4d7306069a7d6f6", "df4d3ff367a2f4d89d40586b8d44102bf1c3de97ab7ccef18c7f43b4993c1be3"], "host": "api[.]blockcypher[.]com"}, {"hashes": ["16ebbbbd2d978523d5a3aab8bd061eb664758aa22450ad965591b0972c1bd1e5", "20c1fc5368a95da72dcd4260873d0bc3cc5fe7a0a70ead28de3f3925bc27aa32", "4b2fbc99af8bee1e7c8d6dfa31c758a464949b072def63379b54698c2bcb0295", "51720195800c617254987a2cd380dd2917fc286b0e60202798fbf4969012b570", "55375bebf365b8f173a1af478725c273440f5bac83939da9d196a83d564ccf50", "57397ad4a1cd1f70971dab52e5efa14cdc370489e5672e18ee54b71da88d25ca", "5a8bfb98f3025a2cd0b432272f7e611914d4bcbaad861afd55e08e5a26c577ba", "68e66db7f8cb147a6aa5cbc6b3cb7b0ad6a5569f8eabb662bfecddf9b58bdef1", "7cc6160a71803a5e7fc8b01c0fed45b049081ddb3aeac9b1db7ae360f2f20af6", "7d844d2401d7065a005fe109510e2263f60a0bbd11072f1c2e97434b033a4f0f", "817f0e050402f396b770b3ab4346e0c7ac067d478ccbe57f88277cb9fa07afcb", "85dfc22a0b450f06b46de29ccef88cab8e4466fa6653bdd3b03f421a0f8ce4da", "8f9a1c56809d5c7dbcdfe6697fafe81038bd2162956eb442c8978b04e7e6f4c9", "974b226b88a378aee906e397da4c8b8e849845cdf01b7a7ef1bdef73b1cb37a6", "9f429762c580897cb4a71271725483d7d75bbb6d0840dbbe323140b31b1d2b0d", "da3567e0f7c091e1707cbbd7909cfd9fe835fb48dcfb9d1efaaec49ebf5a737d"], "host": "bitaps[.]com"}, {"hashes": ["16ebbbbd2d978523d5a3aab8bd061eb664758aa22450ad965591b0972c1bd1e5", "20c1fc5368a95da72dcd4260873d0bc3cc5fe7a0a70ead28de3f3925bc27aa32", "4b2fbc99af8bee1e7c8d6dfa31c758a464949b072def63379b54698c2bcb0295", "51720195800c617254987a2cd380dd2917fc286b0e60202798fbf4969012b570", "55375bebf365b8f173a1af478725c273440f5bac83939da9d196a83d564ccf50", "57397ad4a1cd1f70971dab52e5efa14cdc370489e5672e18ee54b71da88d25ca", "5a8bfb98f3025a2cd0b432272f7e611914d4bcbaad861afd55e08e5a26c577ba", "68e66db7f8cb147a6aa5cbc6b3cb7b0ad6a5569f8eabb662bfecddf9b58bdef1", "7cc6160a71803a5e7fc8b01c0fed45b049081ddb3aeac9b1db7ae360f2f20af6", "7d844d2401d7065a005fe109510e2263f60a0bbd11072f1c2e97434b033a4f0f", "817f0e050402f396b770b3ab4346e0c7ac067d478ccbe57f88277cb9fa07afcb", "85dfc22a0b450f06b46de29ccef88cab8e4466fa6653bdd3b03f421a0f8ce4da", "8f9a1c56809d5c7dbcdfe6697fafe81038bd2162956eb442c8978b04e7e6f4c9", "974b226b88a378aee906e397da4c8b8e849845cdf01b7a7ef1bdef73b1cb37a6", "9f429762c580897cb4a71271725483d7d75bbb6d0840dbbe323140b31b1d2b0d", "da3567e0f7c091e1707cbbd7909cfd9fe835fb48dcfb9d1efaaec49ebf5a737d"], "host": "chain[.]so"}, {"hashes": ["16ebbbbd2d978523d5a3aab8bd061eb664758aa22450ad965591b0972c1bd1e5", "20c1fc5368a95da72dcd4260873d0bc3cc5fe7a0a70ead28de3f3925bc27aa32", "4b2fbc99af8bee1e7c8d6dfa31c758a464949b072def63379b54698c2bcb0295", "51720195800c617254987a2cd380dd2917fc286b0e60202798fbf4969012b570", "55375bebf365b8f173a1af478725c273440f5bac83939da9d196a83d564ccf50", "57397ad4a1cd1f70971dab52e5efa14cdc370489e5672e18ee54b71da88d25ca", "5a8bfb98f3025a2cd0b432272f7e611914d4bcbaad861afd55e08e5a26c577ba", "68e66db7f8cb147a6aa5cbc6b3cb7b0ad6a5569f8eabb662bfecddf9b58bdef1", "7cc6160a71803a5e7fc8b01c0fed45b049081ddb3aeac9b1db7ae360f2f20af6", "7d844d2401d7065a005fe109510e2263f60a0bbd11072f1c2e97434b033a4f0f", "817f0e050402f396b770b3ab4346e0c7ac067d478ccbe57f88277cb9fa07afcb", "85dfc22a0b450f06b46de29ccef88cab8e4466fa6653bdd3b03f421a0f8ce4da", "8f9a1c56809d5c7dbcdfe6697fafe81038bd2162956eb442c8978b04e7e6f4c9", "974b226b88a378aee906e397da4c8b8e849845cdf01b7a7ef1bdef73b1cb37a6", "9f429762c580897cb4a71271725483d7d75bbb6d0840dbbe323140b31b1d2b0d", "da3567e0f7c091e1707cbbd7909cfd9fe835fb48dcfb9d1efaaec49ebf5a737d"], "host": "btc[.]blockr[.]io"}, {"hashes": ["16ebbbbd2d978523d5a3aab8bd061eb664758aa22450ad965591b0972c1bd1e5", "20c1fc5368a95da72dcd4260873d0bc3cc5fe7a0a70ead28de3f3925bc27aa32", "4b2fbc99af8bee1e7c8d6dfa31c758a464949b072def63379b54698c2bcb0295", "51720195800c617254987a2cd380dd2917fc286b0e60202798fbf4969012b570", "55375bebf365b8f173a1af478725c273440f5bac83939da9d196a83d564ccf50", "57397ad4a1cd1f70971dab52e5efa14cdc370489e5672e18ee54b71da88d25ca", "5a8bfb98f3025a2cd0b432272f7e611914d4bcbaad861afd55e08e5a26c577ba", "68e66db7f8cb147a6aa5cbc6b3cb7b0ad6a5569f8eabb662bfecddf9b58bdef1", "7cc6160a71803a5e7fc8b01c0fed45b049081ddb3aeac9b1db7ae360f2f20af6", "7d844d2401d7065a005fe109510e2263f60a0bbd11072f1c2e97434b033a4f0f", "817f0e050402f396b770b3ab4346e0c7ac067d478ccbe57f88277cb9fa07afcb", "85dfc22a0b450f06b46de29ccef88cab8e4466fa6653bdd3b03f421a0f8ce4da", "8f9a1c56809d5c7dbcdfe6697fafe81038bd2162956eb442c8978b04e7e6f4c9", "974b226b88a378aee906e397da4c8b8e849845cdf01b7a7ef1bdef73b1cb37a6", "9f429762c580897cb4a71271725483d7d75bbb6d0840dbbe323140b31b1d2b0d", "da3567e0f7c091e1707cbbd7909cfd9fe835fb48dcfb9d1efaaec49ebf5a737d"], "host": "p27dokhpz2n7nvgr[.]1lseoi[.]top"}, {"hashes": ["1fb3c24f7e64a802af37174a49e8fb4a93a65458918552c54c93c5794a852fe2", "2750f0c9766c949e73a28d9be59ec227e476efc81ccbf9a2180c78491324f8b7", "415fec7c4f2787631477a71a585003391201c8a2f25228fe34f7f14da451607d", "60d04a29b992ed24711d2f240cacc63f34ab48bcf1332ac7b732d3de2edeb26a", "73a322b14d0adcd35c2b77e6931f58e28edf2d79de499dffe93e411416930c00", "bce7d560358ec4421bd73e2d00259c52866b171181f2a4a12844d4174769b725", "c6e240ea678b1f1b6f3a185fc1407f50de6eb8585579614ca2ce3731bc8070d3", "daca60c3f4577bc641c1b25f2bfb220649476db0999e81e3d4d7306069a7d6f6", "df4d3ff367a2f4d89d40586b8d44102bf1c3de97ab7ccef18c7f43b4993c1be3"], "host": "hjhqmbxyinislkkt[.]1j9r76[.]top"}], "file": [{"hashes": ["16ebbbbd2d978523d5a3aab8bd061eb664758aa22450ad965591b0972c1bd1e5", "1fb3c24f7e64a802af37174a49e8fb4a93a65458918552c54c93c5794a852fe2", "20c1fc5368a95da72dcd4260873d0bc3cc5fe7a0a70ead28de3f3925bc27aa32", "2750f0c9766c949e73a28d9be59ec227e476efc81ccbf9a2180c78491324f8b7", "415fec7c4f2787631477a71a585003391201c8a2f25228fe34f7f14da451607d", "4b2fbc99af8bee1e7c8d6dfa31c758a464949b072def63379b54698c2bcb0295", "51720195800c617254987a2cd380dd2917fc286b0e60202798fbf4969012b570", "55375bebf365b8f173a1af478725c273440f5bac83939da9d196a83d564ccf50", "57397ad4a1cd1f70971dab52e5efa14cdc370489e5672e18ee54b71da88d25ca", "5a8bfb98f3025a2cd0b432272f7e611914d4bcbaad861afd55e08e5a26c577ba", "60d04a29b992ed24711d2f240cacc63f34ab48bcf1332ac7b732d3de2edeb26a", "68e66db7f8cb147a6aa5cbc6b3cb7b0ad6a5569f8eabb662bfecddf9b58bdef1", "73a322b14d0adcd35c2b77e6931f58e28edf2d79de499dffe93e411416930c00", "7cc6160a71803a5e7fc8b01c0fed45b049081ddb3aeac9b1db7ae360f2f20af6", "7d844d2401d7065a005fe109510e2263f60a0bbd11072f1c2e97434b033a4f0f", "817f0e050402f396b770b3ab4346e0c7ac067d478ccbe57f88277cb9fa07afcb", "85dfc22a0b450f06b46de29ccef88cab8e4466fa6653bdd3b03f421a0f8ce4da", "8f9a1c56809d5c7dbcdfe6697fafe81038bd2162956eb442c8978b04e7e6f4c9", "974b226b88a378aee906e397da4c8b8e849845cdf01b7a7ef1bdef73b1cb37a6", "9f429762c580897cb4a71271725483d7d75bbb6d0840dbbe323140b31b1d2b0d", "bce7d560358ec4421bd73e2d00259c52866b171181f2a4a12844d4174769b725", "c6e240ea678b1f1b6f3a185fc1407f50de6eb8585579614ca2ce3731bc8070d3", "da3567e0f7c091e1707cbbd7909cfd9fe835fb48dcfb9d1efaaec49ebf5a737d", "daca60c3f4577bc641c1b25f2bfb220649476db0999e81e3d4d7306069a7d6f6", "df4d3ff367a2f4d89d40586b8d44102bf1c3de97ab7ccef18c7f43b4993c1be3"], "path": "%APPDATA%\\Microsoft\\Crypto\\RSA\\S-1-5-21-2580483871-590521980-3826313501-500\\a18ca4003deb042bbee7a40f15e1970b_d19ab989-a35f-4710-83df-7b2db7efe7c5"}, {"hashes": ["16ebbbbd2d978523d5a3aab8bd061eb664758aa22450ad965591b0972c1bd1e5", "1fb3c24f7e64a802af37174a49e8fb4a93a65458918552c54c93c5794a852fe2", "20c1fc5368a95da72dcd4260873d0bc3cc5fe7a0a70ead28de3f3925bc27aa32", "2750f0c9766c949e73a28d9be59ec227e476efc81ccbf9a2180c78491324f8b7", "415fec7c4f2787631477a71a585003391201c8a2f25228fe34f7f14da451607d", "4b2fbc99af8bee1e7c8d6dfa31c758a464949b072def63379b54698c2bcb0295", "51720195800c617254987a2cd380dd2917fc286b0e60202798fbf4969012b570", "55375bebf365b8f173a1af478725c273440f5bac83939da9d196a83d564ccf50", "57397ad4a1cd1f70971dab52e5efa14cdc370489e5672e18ee54b71da88d25ca", "5a8bfb98f3025a2cd0b432272f7e611914d4bcbaad861afd55e08e5a26c577ba", "60d04a29b992ed24711d2f240cacc63f34ab48bcf1332ac7b732d3de2edeb26a", "68e66db7f8cb147a6aa5cbc6b3cb7b0ad6a5569f8eabb662bfecddf9b58bdef1", "73a322b14d0adcd35c2b77e6931f58e28edf2d79de499dffe93e411416930c00", "7cc6160a71803a5e7fc8b01c0fed45b049081ddb3aeac9b1db7ae360f2f20af6", "7d844d2401d7065a005fe109510e2263f60a0bbd11072f1c2e97434b033a4f0f", "817f0e050402f396b770b3ab4346e0c7ac067d478ccbe57f88277cb9fa07afcb", "85dfc22a0b450f06b46de29ccef88cab8e4466fa6653bdd3b03f421a0f8ce4da", "8f9a1c56809d5c7dbcdfe6697fafe81038bd2162956eb442c8978b04e7e6f4c9", "974b226b88a378aee906e397da4c8b8e849845cdf01b7a7ef1bdef73b1cb37a6", "9f429762c580897cb4a71271725483d7d75bbb6d0840dbbe323140b31b1d2b0d", "bce7d560358ec4421bd73e2d00259c52866b171181f2a4a12844d4174769b725", "c6e240ea678b1f1b6f3a185fc1407f50de6eb8585579614ca2ce3731bc8070d3", "da3567e0f7c091e1707cbbd7909cfd9fe835fb48dcfb9d1efaaec49ebf5a737d", "daca60c3f4577bc641c1b25f2bfb220649476db0999e81e3d4d7306069a7d6f6", "df4d3ff367a2f4d89d40586b8d44102bf1c3de97ab7ccef18c7f43b4993c1be3"], "path": "%TEMP%\\d19ab989"}, {"hashes": ["16ebbbbd2d978523d5a3aab8bd061eb664758aa22450ad965591b0972c1bd1e5", "1fb3c24f7e64a802af37174a49e8fb4a93a65458918552c54c93c5794a852fe2", "20c1fc5368a95da72dcd4260873d0bc3cc5fe7a0a70ead28de3f3925bc27aa32", "2750f0c9766c949e73a28d9be59ec227e476efc81ccbf9a2180c78491324f8b7", "415fec7c4f2787631477a71a585003391201c8a2f25228fe34f7f14da451607d", "4b2fbc99af8bee1e7c8d6dfa31c758a464949b072def63379b54698c2bcb0295", "51720195800c617254987a2cd380dd2917fc286b0e60202798fbf4969012b570", "55375bebf365b8f173a1af478725c273440f5bac83939da9d196a83d564ccf50", "57397ad4a1cd1f70971dab52e5efa14cdc370489e5672e18ee54b71da88d25ca", "5a8bfb98f3025a2cd0b432272f7e611914d4bcbaad861afd55e08e5a26c577ba", "60d04a29b992ed24711d2f240cacc63f34ab48bcf1332ac7b732d3de2edeb26a", "68e66db7f8cb147a6aa5cbc6b3cb7b0ad6a5569f8eabb662bfecddf9b58bdef1", "73a322b14d0adcd35c2b77e6931f58e28edf2d79de499dffe93e411416930c00", "7cc6160a71803a5e7fc8b01c0fed45b049081ddb3aeac9b1db7ae360f2f20af6", "7d844d2401d7065a005fe109510e2263f60a0bbd11072f1c2e97434b033a4f0f", "817f0e050402f396b770b3ab4346e0c7ac067d478ccbe57f88277cb9fa07afcb", "85dfc22a0b450f06b46de29ccef88cab8e4466fa6653bdd3b03f421a0f8ce4da", "8f9a1c56809d5c7dbcdfe6697fafe81038bd2162956eb442c8978b04e7e6f4c9", "974b226b88a378aee906e397da4c8b8e849845cdf01b7a7ef1bdef73b1cb37a6", "9f429762c580897cb4a71271725483d7d75bbb6d0840dbbe323140b31b1d2b0d", "bce7d560358ec4421bd73e2d00259c52866b171181f2a4a12844d4174769b725", "c6e240ea678b1f1b6f3a185fc1407f50de6eb8585579614ca2ce3731bc8070d3", "da3567e0f7c091e1707cbbd7909cfd9fe835fb48dcfb9d1efaaec49ebf5a737d", "daca60c3f4577bc641c1b25f2bfb220649476db0999e81e3d4d7306069a7d6f6", "df4d3ff367a2f4d89d40586b8d44102bf1c3de97ab7ccef18c7f43b4993c1be3"], "path": "%TEMP%\\d19ab989\\4710.tmp"}, {"hashes": ["16ebbbbd2d978523d5a3aab8bd061eb664758aa22450ad965591b0972c1bd1e5", "1fb3c24f7e64a802af37174a49e8fb4a93a65458918552c54c93c5794a852fe2", "20c1fc5368a95da72dcd4260873d0bc3cc5fe7a0a70ead28de3f3925bc27aa32", "2750f0c9766c949e73a28d9be59ec227e476efc81ccbf9a2180c78491324f8b7", "415fec7c4f2787631477a71a585003391201c8a2f25228fe34f7f14da451607d", "4b2fbc99af8bee1e7c8d6dfa31c758a464949b072def63379b54698c2bcb0295", "51720195800c617254987a2cd380dd2917fc286b0e60202798fbf4969012b570", "55375bebf365b8f173a1af478725c273440f5bac83939da9d196a83d564ccf50", "57397ad4a1cd1f70971dab52e5efa14cdc370489e5672e18ee54b71da88d25ca", "5a8bfb98f3025a2cd0b432272f7e611914d4bcbaad861afd55e08e5a26c577ba", "60d04a29b992ed24711d2f240cacc63f34ab48bcf1332ac7b732d3de2edeb26a", "68e66db7f8cb147a6aa5cbc6b3cb7b0ad6a5569f8eabb662bfecddf9b58bdef1", "73a322b14d0adcd35c2b77e6931f58e28edf2d79de499dffe93e411416930c00", "7cc6160a71803a5e7fc8b01c0fed45b049081ddb3aeac9b1db7ae360f2f20af6", "7d844d2401d7065a005fe109510e2263f60a0bbd11072f1c2e97434b033a4f0f", "817f0e050402f396b770b3ab4346e0c7ac067d478ccbe57f88277cb9fa07afcb", "85dfc22a0b450f06b46de29ccef88cab8e4466fa6653bdd3b03f421a0f8ce4da", "8f9a1c56809d5c7dbcdfe6697fafe81038bd2162956eb442c8978b04e7e6f4c9", "974b226b88a378aee906e397da4c8b8e849845cdf01b7a7ef1bdef73b1cb37a6", "9f429762c580897cb4a71271725483d7d75bbb6d0840dbbe323140b31b1d2b0d", "bce7d560358ec4421bd73e2d00259c52866b171181f2a4a12844d4174769b725", "c6e240ea678b1f1b6f3a185fc1407f50de6eb8585579614ca2ce3731bc8070d3", "da3567e0f7c091e1707cbbd7909cfd9fe835fb48dcfb9d1efaaec49ebf5a737d", "daca60c3f4577bc641c1b25f2bfb220649476db0999e81e3d4d7306069a7d6f6", "df4d3ff367a2f4d89d40586b8d44102bf1c3de97ab7ccef18c7f43b4993c1be3"], "path": "%TEMP%\\d19ab989\\a35f.tmp"}, {"hashes": ["16ebbbbd2d978523d5a3aab8bd061eb664758aa22450ad965591b0972c1bd1e5", "1fb3c24f7e64a802af37174a49e8fb4a93a65458918552c54c93c5794a852fe2", "20c1fc5368a95da72dcd4260873d0bc3cc5fe7a0a70ead28de3f3925bc27aa32", "2750f0c9766c949e73a28d9be59ec227e476efc81ccbf9a2180c78491324f8b7", "415fec7c4f2787631477a71a585003391201c8a2f25228fe34f7f14da451607d", "4b2fbc99af8bee1e7c8d6dfa31c758a464949b072def63379b54698c2bcb0295", "51720195800c617254987a2cd380dd2917fc286b0e60202798fbf4969012b570", "55375bebf365b8f173a1af478725c273440f5bac83939da9d196a83d564ccf50", "57397ad4a1cd1f70971dab52e5efa14cdc370489e5672e18ee54b71da88d25ca", "5a8bfb98f3025a2cd0b432272f7e611914d4bcbaad861afd55e08e5a26c577ba", "60d04a29b992ed24711d2f240cacc63f34ab48bcf1332ac7b732d3de2edeb26a", "68e66db7f8cb147a6aa5cbc6b3cb7b0ad6a5569f8eabb662bfecddf9b58bdef1", "73a322b14d0adcd35c2b77e6931f58e28edf2d79de499dffe93e411416930c00", "7cc6160a71803a5e7fc8b01c0fed45b049081ddb3aeac9b1db7ae360f2f20af6", "7d844d2401d7065a005fe109510e2263f60a0bbd11072f1c2e97434b033a4f0f", "817f0e050402f396b770b3ab4346e0c7ac067d478ccbe57f88277cb9fa07afcb", "85dfc22a0b450f06b46de29ccef88cab8e4466fa6653bdd3b03f421a0f8ce4da", "8f9a1c56809d5c7dbcdfe6697fafe81038bd2162956eb442c8978b04e7e6f4c9", "974b226b88a378aee906e397da4c8b8e849845cdf01b7a7ef1bdef73b1cb37a6", "9f429762c580897cb4a71271725483d7d75bbb6d0840dbbe323140b31b1d2b0d", "bce7d560358ec4421bd73e2d00259c52866b171181f2a4a12844d4174769b725", "c6e240ea678b1f1b6f3a185fc1407f50de6eb8585579614ca2ce3731bc8070d3", "da3567e0f7c091e1707cbbd7909cfd9fe835fb48dcfb9d1efaaec49ebf5a737d", "daca60c3f4577bc641c1b25f2bfb220649476db0999e81e3d4d7306069a7d6f6", "df4d3ff367a2f4d89d40586b8d44102bf1c3de97ab7ccef18c7f43b4993c1be3"], "path": "%LOCALAPPDATA%\\Microsoft\\Office\\Groove1\\System\\CSMIPC.dat"}, {"hashes": ["16ebbbbd2d978523d5a3aab8bd061eb664758aa22450ad965591b0972c1bd1e5", "1fb3c24f7e64a802af37174a49e8fb4a93a65458918552c54c93c5794a852fe2", "20c1fc5368a95da72dcd4260873d0bc3cc5fe7a0a70ead28de3f3925bc27aa32", "2750f0c9766c949e73a28d9be59ec227e476efc81ccbf9a2180c78491324f8b7", "415fec7c4f2787631477a71a585003391201c8a2f25228fe34f7f14da451607d", "4b2fbc99af8bee1e7c8d6dfa31c758a464949b072def63379b54698c2bcb0295", "51720195800c617254987a2cd380dd2917fc286b0e60202798fbf4969012b570", "55375bebf365b8f173a1af478725c273440f5bac83939da9d196a83d564ccf50", "57397ad4a1cd1f70971dab52e5efa14cdc370489e5672e18ee54b71da88d25ca", "5a8bfb98f3025a2cd0b432272f7e611914d4bcbaad861afd55e08e5a26c577ba", "60d04a29b992ed24711d2f240cacc63f34ab48bcf1332ac7b732d3de2edeb26a", "68e66db7f8cb147a6aa5cbc6b3cb7b0ad6a5569f8eabb662bfecddf9b58bdef1", "73a322b14d0adcd35c2b77e6931f58e28edf2d79de499dffe93e411416930c00", "7cc6160a71803a5e7fc8b01c0fed45b049081ddb3aeac9b1db7ae360f2f20af6", "7d844d2401d7065a005fe109510e2263f60a0bbd11072f1c2e97434b033a4f0f", "817f0e050402f396b770b3ab4346e0c7ac067d478ccbe57f88277cb9fa07afcb", "85dfc22a0b450f06b46de29ccef88cab8e4466fa6653bdd3b03f421a0f8ce4da", "8f9a1c56809d5c7dbcdfe6697fafe81038bd2162956eb442c8978b04e7e6f4c9", "974b226b88a378aee906e397da4c8b8e849845cdf01b7a7ef1bdef73b1cb37a6", "9f429762c580897cb4a71271725483d7d75bbb6d0840dbbe323140b31b1d2b0d", "bce7d560358ec4421bd73e2d00259c52866b171181f2a4a12844d4174769b725", "c6e240ea678b1f1b6f3a185fc1407f50de6eb8585579614ca2ce3731bc8070d3", "da3567e0f7c091e1707cbbd7909cfd9fe835fb48dcfb9d1efaaec49ebf5a737d", "daca60c3f4577bc641c1b25f2bfb220649476db0999e81e3d4d7306069a7d6f6", "df4d3ff367a2f4d89d40586b8d44102bf1c3de97ab7ccef18c7f43b4993c1be3"], "path": "%TEMP%\\tmp<random, matching [A-F0-9]{1,4}>.tmp"}, {"hashes": ["16ebbbbd2d978523d5a3aab8bd061eb664758aa22450ad965591b0972c1bd1e5", "1fb3c24f7e64a802af37174a49e8fb4a93a65458918552c54c93c5794a852fe2", "20c1fc5368a95da72dcd4260873d0bc3cc5fe7a0a70ead28de3f3925bc27aa32", "2750f0c9766c949e73a28d9be59ec227e476efc81ccbf9a2180c78491324f8b7", "415fec7c4f2787631477a71a585003391201c8a2f25228fe34f7f14da451607d", "4b2fbc99af8bee1e7c8d6dfa31c758a464949b072def63379b54698c2bcb0295", "51720195800c617254987a2cd380dd2917fc286b0e60202798fbf4969012b570", "55375bebf365b8f173a1af478725c273440f5bac83939da9d196a83d564ccf50", "57397ad4a1cd1f70971dab52e5efa14cdc370489e5672e18ee54b71da88d25ca", "5a8bfb98f3025a2cd0b432272f7e611914d4bcbaad861afd55e08e5a26c577ba", "60d04a29b992ed24711d2f240cacc63f34ab48bcf1332ac7b732d3de2edeb26a", "68e66db7f8cb147a6aa5cbc6b3cb7b0ad6a5569f8eabb662bfecddf9b58bdef1", "73a322b14d0adcd35c2b77e6931f58e28edf2d79de499dffe93e411416930c00", "7cc6160a71803a5e7fc8b01c0fed45b049081ddb3aeac9b1db7ae360f2f20af6", "7d844d2401d7065a005fe109510e2263f60a0bbd11072f1c2e97434b033a4f0f", "817f0e050402f396b770b3ab4346e0c7ac067d478ccbe57f88277cb9fa07afcb", "85dfc22a0b450f06b46de29ccef88cab8e4466fa6653bdd3b03f421a0f8ce4da", "8f9a1c56809d5c7dbcdfe6697fafe81038bd2162956eb442c8978b04e7e6f4c9", "974b226b88a378aee906e397da4c8b8e849845cdf01b7a7ef1bdef73b1cb37a6", "9f429762c580897cb4a71271725483d7d75bbb6d0840dbbe323140b31b1d2b0d", "bce7d560358ec4421bd73e2d00259c52866b171181f2a4a12844d4174769b725", "c6e240ea678b1f1b6f3a185fc1407f50de6eb8585579614ca2ce3731bc8070d3", "da3567e0f7c091e1707cbbd7909cfd9fe835fb48dcfb9d1efaaec49ebf5a737d", "daca60c3f4577bc641c1b25f2bfb220649476db0999e81e3d4d7306069a7d6f6", "df4d3ff367a2f4d89d40586b8d44102bf1c3de97ab7ccef18c7f43b4993c1be3"], "path": "%TEMP%\\tmp<random, matching [A-F0-9]{1,4}>.bmp"}, {"hashes": ["16ebbbbd2d978523d5a3aab8bd061eb664758aa22450ad965591b0972c1bd1e5", "1fb3c24f7e64a802af37174a49e8fb4a93a65458918552c54c93c5794a852fe2", "20c1fc5368a95da72dcd4260873d0bc3cc5fe7a0a70ead28de3f3925bc27aa32", "2750f0c9766c949e73a28d9be59ec227e476efc81ccbf9a2180c78491324f8b7", "415fec7c4f2787631477a71a585003391201c8a2f25228fe34f7f14da451607d", "4b2fbc99af8bee1e7c8d6dfa31c758a464949b072def63379b54698c2bcb0295", "51720195800c617254987a2cd380dd2917fc286b0e60202798fbf4969012b570", "55375bebf365b8f173a1af478725c273440f5bac83939da9d196a83d564ccf50", "57397ad4a1cd1f70971dab52e5efa14cdc370489e5672e18ee54b71da88d25ca", "5a8bfb98f3025a2cd0b432272f7e611914d4bcbaad861afd55e08e5a26c577ba", "60d04a29b992ed24711d2f240cacc63f34ab48bcf1332ac7b732d3de2edeb26a", "68e66db7f8cb147a6aa5cbc6b3cb7b0ad6a5569f8eabb662bfecddf9b58bdef1", "73a322b14d0adcd35c2b77e6931f58e28edf2d79de499dffe93e411416930c00", "7cc6160a71803a5e7fc8b01c0fed45b049081ddb3aeac9b1db7ae360f2f20af6", "7d844d2401d7065a005fe109510e2263f60a0bbd11072f1c2e97434b033a4f0f", "817f0e050402f396b770b3ab4346e0c7ac067d478ccbe57f88277cb9fa07afcb", "85dfc22a0b450f06b46de29ccef88cab8e4466fa6653bdd3b03f421a0f8ce4da", "8f9a1c56809d5c7dbcdfe6697fafe81038bd2162956eb442c8978b04e7e6f4c9", "974b226b88a378aee906e397da4c8b8e849845cdf01b7a7ef1bdef73b1cb37a6", "9f429762c580897cb4a71271725483d7d75bbb6d0840dbbe323140b31b1d2b0d", "bce7d560358ec4421bd73e2d00259c52866b171181f2a4a12844d4174769b725", "c6e240ea678b1f1b6f3a185fc1407f50de6eb8585579614ca2ce3731bc8070d3", "da3567e0f7c091e1707cbbd7909cfd9fe835fb48dcfb9d1efaaec49ebf5a737d", "daca60c3f4577bc641c1b25f2bfb220649476db0999e81e3d4d7306069a7d6f6", "df4d3ff367a2f4d89d40586b8d44102bf1c3de97ab7ccef18c7f43b4993c1be3"], "path": "<dir>\\_HELP_HELP_HELP_<random, matching '[A-F0-9]{4,8}'>_.hta"}, {"hashes": ["16ebbbbd2d978523d5a3aab8bd061eb664758aa22450ad965591b0972c1bd1e5", "1fb3c24f7e64a802af37174a49e8fb4a93a65458918552c54c93c5794a852fe2", "20c1fc5368a95da72dcd4260873d0bc3cc5fe7a0a70ead28de3f3925bc27aa32", "2750f0c9766c949e73a28d9be59ec227e476efc81ccbf9a2180c78491324f8b7", "415fec7c4f2787631477a71a585003391201c8a2f25228fe34f7f14da451607d", "4b2fbc99af8bee1e7c8d6dfa31c758a464949b072def63379b54698c2bcb0295", "51720195800c617254987a2cd380dd2917fc286b0e60202798fbf4969012b570", "55375bebf365b8f173a1af478725c273440f5bac83939da9d196a83d564ccf50", "57397ad4a1cd1f70971dab52e5efa14cdc370489e5672e18ee54b71da88d25ca", "5a8bfb98f3025a2cd0b432272f7e611914d4bcbaad861afd55e08e5a26c577ba", "60d04a29b992ed24711d2f240cacc63f34ab48bcf1332ac7b732d3de2edeb26a", "68e66db7f8cb147a6aa5cbc6b3cb7b0ad6a5569f8eabb662bfecddf9b58bdef1", "73a322b14d0adcd35c2b77e6931f58e28edf2d79de499dffe93e411416930c00", "7cc6160a71803a5e7fc8b01c0fed45b049081ddb3aeac9b1db7ae360f2f20af6", "7d844d2401d7065a005fe109510e2263f60a0bbd11072f1c2e97434b033a4f0f", "817f0e050402f396b770b3ab4346e0c7ac067d478ccbe57f88277cb9fa07afcb", "85dfc22a0b450f06b46de29ccef88cab8e4466fa6653bdd3b03f421a0f8ce4da", "8f9a1c56809d5c7dbcdfe6697fafe81038bd2162956eb442c8978b04e7e6f4c9", "974b226b88a378aee906e397da4c8b8e849845cdf01b7a7ef1bdef73b1cb37a6", "9f429762c580897cb4a71271725483d7d75bbb6d0840dbbe323140b31b1d2b0d", "bce7d560358ec4421bd73e2d00259c52866b171181f2a4a12844d4174769b725", "c6e240ea678b1f1b6f3a185fc1407f50de6eb8585579614ca2ce3731bc8070d3", "da3567e0f7c091e1707cbbd7909cfd9fe835fb48dcfb9d1efaaec49ebf5a737d", "daca60c3f4577bc641c1b25f2bfb220649476db0999e81e3d4d7306069a7d6f6", "df4d3ff367a2f4d89d40586b8d44102bf1c3de97ab7ccef18c7f43b4993c1be3"], "path": "<dir>\\_HELP_HELP_HELP_<random, matching '[A-F0-9]{4,8}'>_.png"}], "ip": [{"hashes": ["16ebbbbd2d978523d5a3aab8bd061eb664758aa22450ad965591b0972c1bd1e5", "1fb3c24f7e64a802af37174a49e8fb4a93a65458918552c54c93c5794a852fe2", "20c1fc5368a95da72dcd4260873d0bc3cc5fe7a0a70ead28de3f3925bc27aa32", "2750f0c9766c949e73a28d9be59ec227e476efc81ccbf9a2180c78491324f8b7", "415fec7c4f2787631477a71a585003391201c8a2f25228fe34f7f14da451607d", "4b2fbc99af8bee1e7c8d6dfa31c758a464949b072def63379b54698c2bcb0295", "51720195800c617254987a2cd380dd2917fc286b0e60202798fbf4969012b570", "55375bebf365b8f173a1af478725c273440f5bac83939da9d196a83d564ccf50", "57397ad4a1cd1f70971dab52e5efa14cdc370489e5672e18ee54b71da88d25ca", "5a8bfb98f3025a2cd0b432272f7e611914d4bcbaad861afd55e08e5a26c577ba", "60d04a29b992ed24711d2f240cacc63f34ab48bcf1332ac7b732d3de2edeb26a", "68e66db7f8cb147a6aa5cbc6b3cb7b0ad6a5569f8eabb662bfecddf9b58bdef1", "73a322b14d0adcd35c2b77e6931f58e28edf2d79de499dffe93e411416930c00", "7cc6160a71803a5e7fc8b01c0fed45b049081ddb3aeac9b1db7ae360f2f20af6", "7d844d2401d7065a005fe109510e2263f60a0bbd11072f1c2e97434b033a4f0f", "817f0e050402f396b770b3ab4346e0c7ac067d478ccbe57f88277cb9fa07afcb", "85dfc22a0b450f06b46de29ccef88cab8e4466fa6653bdd3b03f421a0f8ce4da", "8f9a1c56809d5c7dbcdfe6697fafe81038bd2162956eb442c8978b04e7e6f4c9", "974b226b88a378aee906e397da4c8b8e849845cdf01b7a7ef1bdef73b1cb37a6", "9f429762c580897cb4a71271725483d7d75bbb6d0840dbbe323140b31b1d2b0d", "bce7d560358ec4421bd73e2d00259c52866b171181f2a4a12844d4174769b725", "c6e240ea678b1f1b6f3a185fc1407f50de6eb8585579614ca2ce3731bc8070d3", "da3567e0f7c091e1707cbbd7909cfd9fe835fb48dcfb9d1efaaec49ebf5a737d", "daca60c3f4577bc641c1b25f2bfb220649476db0999e81e3d4d7306069a7d6f6", "df4d3ff367a2f4d89d40586b8d44102bf1c3de97ab7ccef18c7f43b4993c1be3"], "ip": "91[.]119[.]216[.]0/27"}, {"hashes": ["16ebbbbd2d978523d5a3aab8bd061eb664758aa22450ad965591b0972c1bd1e5", "1fb3c24f7e64a802af37174a49e8fb4a93a65458918552c54c93c5794a852fe2", "20c1fc5368a95da72dcd4260873d0bc3cc5fe7a0a70ead28de3f3925bc27aa32", "2750f0c9766c949e73a28d9be59ec227e476efc81ccbf9a2180c78491324f8b7", "415fec7c4f2787631477a71a585003391201c8a2f25228fe34f7f14da451607d", "4b2fbc99af8bee1e7c8d6dfa31c758a464949b072def63379b54698c2bcb0295", "51720195800c617254987a2cd380dd2917fc286b0e60202798fbf4969012b570", "55375bebf365b8f173a1af478725c273440f5bac83939da9d196a83d564ccf50", "57397ad4a1cd1f70971dab52e5efa14cdc370489e5672e18ee54b71da88d25ca", "5a8bfb98f3025a2cd0b432272f7e611914d4bcbaad861afd55e08e5a26c577ba", "60d04a29b992ed24711d2f240cacc63f34ab48bcf1332ac7b732d3de2edeb26a", "68e66db7f8cb147a6aa5cbc6b3cb7b0ad6a5569f8eabb662bfecddf9b58bdef1", "73a322b14d0adcd35c2b77e6931f58e28edf2d79de499dffe93e411416930c00", "7cc6160a71803a5e7fc8b01c0fed45b049081ddb3aeac9b1db7ae360f2f20af6", "7d844d2401d7065a005fe109510e2263f60a0bbd11072f1c2e97434b033a4f0f", "817f0e050402f396b770b3ab4346e0c7ac067d478ccbe57f88277cb9fa07afcb", "85dfc22a0b450f06b46de29ccef88cab8e4466fa6653bdd3b03f421a0f8ce4da", "8f9a1c56809d5c7dbcdfe6697fafe81038bd2162956eb442c8978b04e7e6f4c9", "974b226b88a378aee906e397da4c8b8e849845cdf01b7a7ef1bdef73b1cb37a6", "9f429762c580897cb4a71271725483d7d75bbb6d0840dbbe323140b31b1d2b0d", "bce7d560358ec4421bd73e2d00259c52866b171181f2a4a12844d4174769b725", "c6e240ea678b1f1b6f3a185fc1407f50de6eb8585579614ca2ce3731bc8070d3", "da3567e0f7c091e1707cbbd7909cfd9fe835fb48dcfb9d1efaaec49ebf5a737d", "daca60c3f4577bc641c1b25f2bfb220649476db0999e81e3d4d7306069a7d6f6", "df4d3ff367a2f4d89d40586b8d44102bf1c3de97ab7ccef18c7f43b4993c1be3"], "ip": "91[.]120[.]216[.]0/27"}, {"hashes": ["16ebbbbd2d978523d5a3aab8bd061eb664758aa22450ad965591b0972c1bd1e5", "1fb3c24f7e64a802af37174a49e8fb4a93a65458918552c54c93c5794a852fe2", "20c1fc5368a95da72dcd4260873d0bc3cc5fe7a0a70ead28de3f3925bc27aa32", "2750f0c9766c949e73a28d9be59ec227e476efc81ccbf9a2180c78491324f8b7", "415fec7c4f2787631477a71a585003391201c8a2f25228fe34f7f14da451607d", "4b2fbc99af8bee1e7c8d6dfa31c758a464949b072def63379b54698c2bcb0295", "51720195800c617254987a2cd380dd2917fc286b0e60202798fbf4969012b570", "55375bebf365b8f173a1af478725c273440f5bac83939da9d196a83d564ccf50", "57397ad4a1cd1f70971dab52e5efa14cdc370489e5672e18ee54b71da88d25ca", "5a8bfb98f3025a2cd0b432272f7e611914d4bcbaad861afd55e08e5a26c577ba", "60d04a29b992ed24711d2f240cacc63f34ab48bcf1332ac7b732d3de2edeb26a", "68e66db7f8cb147a6aa5cbc6b3cb7b0ad6a5569f8eabb662bfecddf9b58bdef1", "73a322b14d0adcd35c2b77e6931f58e28edf2d79de499dffe93e411416930c00", "7cc6160a71803a5e7fc8b01c0fed45b049081ddb3aeac9b1db7ae360f2f20af6", "7d844d2401d7065a005fe109510e2263f60a0bbd11072f1c2e97434b033a4f0f", "817f0e050402f396b770b3ab4346e0c7ac067d478ccbe57f88277cb9fa07afcb", "85dfc22a0b450f06b46de29ccef88cab8e4466fa6653bdd3b03f421a0f8ce4da", "8f9a1c56809d5c7dbcdfe6697fafe81038bd2162956eb442c8978b04e7e6f4c9", "974b226b88a378aee906e397da4c8b8e849845cdf01b7a7ef1bdef73b1cb37a6", "9f429762c580897cb4a71271725483d7d75bbb6d0840dbbe323140b31b1d2b0d", "bce7d560358ec4421bd73e2d00259c52866b171181f2a4a12844d4174769b725", "c6e240ea678b1f1b6f3a185fc1407f50de6eb8585579614ca2ce3731bc8070d3", "da3567e0f7c091e1707cbbd7909cfd9fe835fb48dcfb9d1efaaec49ebf5a737d", "daca60c3f4577bc641c1b25f2bfb220649476db0999e81e3d4d7306069a7d6f6", "df4d3ff367a2f4d89d40586b8d44102bf1c3de97ab7ccef18c7f43b4993c1be3"], "ip": "91[.]121[.]216[.]0/22"}, {"hashes": ["16ebbbbd2d978523d5a3aab8bd061eb664758aa22450ad965591b0972c1bd1e5", "20c1fc5368a95da72dcd4260873d0bc3cc5fe7a0a70ead28de3f3925bc27aa32", "4b2fbc99af8bee1e7c8d6dfa31c758a464949b072def63379b54698c2bcb0295", "51720195800c617254987a2cd380dd2917fc286b0e60202798fbf4969012b570", "55375bebf365b8f173a1af478725c273440f5bac83939da9d196a83d564ccf50", "57397ad4a1cd1f70971dab52e5efa14cdc370489e5672e18ee54b71da88d25ca", "5a8bfb98f3025a2cd0b432272f7e611914d4bcbaad861afd55e08e5a26c577ba", "68e66db7f8cb147a6aa5cbc6b3cb7b0ad6a5569f8eabb662bfecddf9b58bdef1", "7cc6160a71803a5e7fc8b01c0fed45b049081ddb3aeac9b1db7ae360f2f20af6", "7d844d2401d7065a005fe109510e2263f60a0bbd11072f1c2e97434b033a4f0f", "817f0e050402f396b770b3ab4346e0c7ac067d478ccbe57f88277cb9fa07afcb", "85dfc22a0b450f06b46de29ccef88cab8e4466fa6653bdd3b03f421a0f8ce4da", "8f9a1c56809d5c7dbcdfe6697fafe81038bd2162956eb442c8978b04e7e6f4c9", "974b226b88a378aee906e397da4c8b8e849845cdf01b7a7ef1bdef73b1cb37a6", "9f429762c580897cb4a71271725483d7d75bbb6d0840dbbe323140b31b1d2b0d", "da3567e0f7c091e1707cbbd7909cfd9fe835fb48dcfb9d1efaaec49ebf5a737d"], "ip": "178[.]128[.]255[.]179"}, {"hashes": ["20c1fc5368a95da72dcd4260873d0bc3cc5fe7a0a70ead28de3f3925bc27aa32", "4b2fbc99af8bee1e7c8d6dfa31c758a464949b072def63379b54698c2bcb0295", "51720195800c617254987a2cd380dd2917fc286b0e60202798fbf4969012b570", "57397ad4a1cd1f70971dab52e5efa14cdc370489e5672e18ee54b71da88d25ca", "68e66db7f8cb147a6aa5cbc6b3cb7b0ad6a5569f8eabb662bfecddf9b58bdef1", "7cc6160a71803a5e7fc8b01c0fed45b049081ddb3aeac9b1db7ae360f2f20af6", "7d844d2401d7065a005fe109510e2263f60a0bbd11072f1c2e97434b033a4f0f", "817f0e050402f396b770b3ab4346e0c7ac067d478ccbe57f88277cb9fa07afcb", "85dfc22a0b450f06b46de29ccef88cab8e4466fa6653bdd3b03f421a0f8ce4da", "8f9a1c56809d5c7dbcdfe6697fafe81038bd2162956eb442c8978b04e7e6f4c9", "974b226b88a378aee906e397da4c8b8e849845cdf01b7a7ef1bdef73b1cb37a6", "9f429762c580897cb4a71271725483d7d75bbb6d0840dbbe323140b31b1d2b0d", "da3567e0f7c091e1707cbbd7909cfd9fe835fb48dcfb9d1efaaec49ebf5a737d"], "ip": "172[.]66[.]42[.]238"}, {"hashes": ["415fec7c4f2787631477a71a585003391201c8a2f25228fe34f7f14da451607d", "51720195800c617254987a2cd380dd2917fc286b0e60202798fbf4969012b570", "55375bebf365b8f173a1af478725c273440f5bac83939da9d196a83d564ccf50", "5a8bfb98f3025a2cd0b432272f7e611914d4bcbaad861afd55e08e5a26c577ba", "68e66db7f8cb147a6aa5cbc6b3cb7b0ad6a5569f8eabb662bfecddf9b58bdef1", "7cc6160a71803a5e7fc8b01c0fed45b049081ddb3aeac9b1db7ae360f2f20af6", "7d844d2401d7065a005fe109510e2263f60a0bbd11072f1c2e97434b033a4f0f", "9f429762c580897cb4a71271725483d7d75bbb6d0840dbbe323140b31b1d2b0d", "c6e240ea678b1f1b6f3a185fc1407f50de6eb8585579614ca2ce3731bc8070d3", "da3567e0f7c091e1707cbbd7909cfd9fe835fb48dcfb9d1efaaec49ebf5a737d"], "ip": "104[.]20[.]20[.]251"}, {"hashes": ["1fb3c24f7e64a802af37174a49e8fb4a93a65458918552c54c93c5794a852fe2", "2750f0c9766c949e73a28d9be59ec227e476efc81ccbf9a2180c78491324f8b7", "4b2fbc99af8bee1e7c8d6dfa31c758a464949b072def63379b54698c2bcb0295", "57397ad4a1cd1f70971dab52e5efa14cdc370489e5672e18ee54b71da88d25ca", "60d04a29b992ed24711d2f240cacc63f34ab48bcf1332ac7b732d3de2edeb26a", "73a322b14d0adcd35c2b77e6931f58e28edf2d79de499dffe93e411416930c00", "85dfc22a0b450f06b46de29ccef88cab8e4466fa6653bdd3b03f421a0f8ce4da", "8f9a1c56809d5c7dbcdfe6697fafe81038bd2162956eb442c8978b04e7e6f4c9", "974b226b88a378aee906e397da4c8b8e849845cdf01b7a7ef1bdef73b1cb37a6", "df4d3ff367a2f4d89d40586b8d44102bf1c3de97ab7ccef18c7f43b4993c1be3"], "ip": "104[.]20[.]21[.]251"}, {"hashes": ["16ebbbbd2d978523d5a3aab8bd061eb664758aa22450ad965591b0972c1bd1e5", "20c1fc5368a95da72dcd4260873d0bc3cc5fe7a0a70ead28de3f3925bc27aa32", "817f0e050402f396b770b3ab4346e0c7ac067d478ccbe57f88277cb9fa07afcb", "bce7d560358ec4421bd73e2d00259c52866b171181f2a4a12844d4174769b725", "daca60c3f4577bc641c1b25f2bfb220649476db0999e81e3d4d7306069a7d6f6"], "ip": "172[.]67[.]2[.]88"}, {"hashes": ["16ebbbbd2d978523d5a3aab8bd061eb664758aa22450ad965591b0972c1bd1e5", "55375bebf365b8f173a1af478725c273440f5bac83939da9d196a83d564ccf50", "5a8bfb98f3025a2cd0b432272f7e611914d4bcbaad861afd55e08e5a26c577ba"], "ip": "172[.]66[.]41[.]18"}], "mutex": [{"hashes": ["16ebbbbd2d978523d5a3aab8bd061eb664758aa22450ad965591b0972c1bd1e5", "1fb3c24f7e64a802af37174a49e8fb4a93a65458918552c54c93c5794a852fe2", "20c1fc5368a95da72dcd4260873d0bc3cc5fe7a0a70ead28de3f3925bc27aa32", "2750f0c9766c949e73a28d9be59ec227e476efc81ccbf9a2180c78491324f8b7", "415fec7c4f2787631477a71a585003391201c8a2f25228fe34f7f14da451607d", "4b2fbc99af8bee1e7c8d6dfa31c758a464949b072def63379b54698c2bcb0295", "51720195800c617254987a2cd380dd2917fc286b0e60202798fbf4969012b570", "55375bebf365b8f173a1af478725c273440f5bac83939da9d196a83d564ccf50", "57397ad4a1cd1f70971dab52e5efa14cdc370489e5672e18ee54b71da88d25ca", "5a8bfb98f3025a2cd0b432272f7e611914d4bcbaad861afd55e08e5a26c577ba", "60d04a29b992ed24711d2f240cacc63f34ab48bcf1332ac7b732d3de2edeb26a", "68e66db7f8cb147a6aa5cbc6b3cb7b0ad6a5569f8eabb662bfecddf9b58bdef1", "73a322b14d0adcd35c2b77e6931f58e28edf2d79de499dffe93e411416930c00", "7cc6160a71803a5e7fc8b01c0fed45b049081ddb3aeac9b1db7ae360f2f20af6", "7d844d2401d7065a005fe109510e2263f60a0bbd11072f1c2e97434b033a4f0f", "817f0e050402f396b770b3ab4346e0c7ac067d478ccbe57f88277cb9fa07afcb", "85dfc22a0b450f06b46de29ccef88cab8e4466fa6653bdd3b03f421a0f8ce4da", "8f9a1c56809d5c7dbcdfe6697fafe81038bd2162956eb442c8978b04e7e6f4c9", "974b226b88a378aee906e397da4c8b8e849845cdf01b7a7ef1bdef73b1cb37a6", "9f429762c580897cb4a71271725483d7d75bbb6d0840dbbe323140b31b1d2b0d", "bce7d560358ec4421bd73e2d00259c52866b171181f2a4a12844d4174769b725", "c6e240ea678b1f1b6f3a185fc1407f50de6eb8585579614ca2ce3731bc8070d3", "da3567e0f7c091e1707cbbd7909cfd9fe835fb48dcfb9d1efaaec49ebf5a737d", "daca60c3f4577bc641c1b25f2bfb220649476db0999e81e3d4d7306069a7d6f6", "df4d3ff367a2f4d89d40586b8d44102bf1c3de97ab7ccef18c7f43b4993c1be3"], "name": "shell.{381828AA-8B28-3374-1B67-35680555C5EF}"}, {"hashes": ["16ebbbbd2d978523d5a3aab8bd061eb664758aa22450ad965591b0972c1bd1e5", "1fb3c24f7e64a802af37174a49e8fb4a93a65458918552c54c93c5794a852fe2", "20c1fc5368a95da72dcd4260873d0bc3cc5fe7a0a70ead28de3f3925bc27aa32", "2750f0c9766c949e73a28d9be59ec227e476efc81ccbf9a2180c78491324f8b7", "415fec7c4f2787631477a71a585003391201c8a2f25228fe34f7f14da451607d", "4b2fbc99af8bee1e7c8d6dfa31c758a464949b072def63379b54698c2bcb0295", "51720195800c617254987a2cd380dd2917fc286b0e60202798fbf4969012b570", "55375bebf365b8f173a1af478725c273440f5bac83939da9d196a83d564ccf50", "57397ad4a1cd1f70971dab52e5efa14cdc370489e5672e18ee54b71da88d25ca", "5a8bfb98f3025a2cd0b432272f7e611914d4bcbaad861afd55e08e5a26c577ba", "60d04a29b992ed24711d2f240cacc63f34ab48bcf1332ac7b732d3de2edeb26a", "68e66db7f8cb147a6aa5cbc6b3cb7b0ad6a5569f8eabb662bfecddf9b58bdef1", "73a322b14d0adcd35c2b77e6931f58e28edf2d79de499dffe93e411416930c00", "7cc6160a71803a5e7fc8b01c0fed45b049081ddb3aeac9b1db7ae360f2f20af6", "7d844d2401d7065a005fe109510e2263f60a0bbd11072f1c2e97434b033a4f0f", "817f0e050402f396b770b3ab4346e0c7ac067d478ccbe57f88277cb9fa07afcb", "85dfc22a0b450f06b46de29ccef88cab8e4466fa6653bdd3b03f421a0f8ce4da", "8f9a1c56809d5c7dbcdfe6697fafe81038bd2162956eb442c8978b04e7e6f4c9", "974b226b88a378aee906e397da4c8b8e849845cdf01b7a7ef1bdef73b1cb37a6", "9f429762c580897cb4a71271725483d7d75bbb6d0840dbbe323140b31b1d2b0d", "bce7d560358ec4421bd73e2d00259c52866b171181f2a4a12844d4174769b725", "c6e240ea678b1f1b6f3a185fc1407f50de6eb8585579614ca2ce3731bc8070d3", "da3567e0f7c091e1707cbbd7909cfd9fe835fb48dcfb9d1efaaec49ebf5a737d", "daca60c3f4577bc641c1b25f2bfb220649476db0999e81e3d4d7306069a7d6f6", "df4d3ff367a2f4d89d40586b8d44102bf1c3de97ab7ccef18c7f43b4993c1be3"], "name": "Global\\C::Users:Administrator:AppData:Local:Microsoft:Windows:Explorer:thumbcache_idx.db!16613a8"}], "registry": [{"hashes": ["16ebbbbd2d978523d5a3aab8bd061eb664758aa22450ad965591b0972c1bd1e5", "1fb3c24f7e64a802af37174a49e8fb4a93a65458918552c54c93c5794a852fe2", "20c1fc5368a95da72dcd4260873d0bc3cc5fe7a0a70ead28de3f3925bc27aa32", "2750f0c9766c949e73a28d9be59ec227e476efc81ccbf9a2180c78491324f8b7", "415fec7c4f2787631477a71a585003391201c8a2f25228fe34f7f14da451607d", "4b2fbc99af8bee1e7c8d6dfa31c758a464949b072def63379b54698c2bcb0295", "51720195800c617254987a2cd380dd2917fc286b0e60202798fbf4969012b570", "55375bebf365b8f173a1af478725c273440f5bac83939da9d196a83d564ccf50", "57397ad4a1cd1f70971dab52e5efa14cdc370489e5672e18ee54b71da88d25ca", "5a8bfb98f3025a2cd0b432272f7e611914d4bcbaad861afd55e08e5a26c577ba", "60d04a29b992ed24711d2f240cacc63f34ab48bcf1332ac7b732d3de2edeb26a", "68e66db7f8cb147a6aa5cbc6b3cb7b0ad6a5569f8eabb662bfecddf9b58bdef1", "73a322b14d0adcd35c2b77e6931f58e28edf2d79de499dffe93e411416930c00", "7cc6160a71803a5e7fc8b01c0fed45b049081ddb3aeac9b1db7ae360f2f20af6", "7d844d2401d7065a005fe109510e2263f60a0bbd11072f1c2e97434b033a4f0f", "817f0e050402f396b770b3ab4346e0c7ac067d478ccbe57f88277cb9fa07afcb", "85dfc22a0b450f06b46de29ccef88cab8e4466fa6653bdd3b03f421a0f8ce4da", "8f9a1c56809d5c7dbcdfe6697fafe81038bd2162956eb442c8978b04e7e6f4c9", "974b226b88a378aee906e397da4c8b8e849845cdf01b7a7ef1bdef73b1cb37a6", "9f429762c580897cb4a71271725483d7d75bbb6d0840dbbe323140b31b1d2b0d", "bce7d560358ec4421bd73e2d00259c52866b171181f2a4a12844d4174769b725", "c6e240ea678b1f1b6f3a185fc1407f50de6eb8585579614ca2ce3731bc8070d3", "da3567e0f7c091e1707cbbd7909cfd9fe835fb48dcfb9d1efaaec49ebf5a737d", "daca60c3f4577bc641c1b25f2bfb220649476db0999e81e3d4d7306069a7d6f6", "df4d3ff367a2f4d89d40586b8d44102bf1c3de97ab7ccef18c7f43b4993c1be3"], "key": "<HKCR>\\LOCAL SETTINGS\\MUICACHE\\82\\52C64B7E", "value_name": "LanguageList"}]}, "reports_count": 25}, "Win.Ransomware.TeslaCrypt-9980413-0": {"bis": [{"bi": "antivirus-flagged-artifact", "hashes": ["1b25c660f2dbb2be0ba596bb2697f486b92a961bba24226aeb82d8f0ac2f8d47", "9c4498d0ed0c9941d61fed83e91942b40ac298b12acfccaeb9d84526103ff4c8", "5063d5e6f90dbb6e360259ac24c11c62b1439f90966bdc72dedf60e243b9e87a", "cd07e3707ed997f08cea9f73113be57561dd3d6286310fd096904deb8fc465c7", "521294a88093ea2b7a2b89ec3005b6398f20780874d410663b63429e58b1555a", "ea3d4eae7eea6f718c8d6999c847f81d046d5a2800f90db40a12c1b2788d630f", "d27df86a574f9e5e3f6b0a6ffd180da3c8d46e3ee94ea65eff4d1e782be9a915", "324b40debcda6f4b9795a3880ff35b56a92d865abb7c3525f6b40e28c52d9594", "fa22998a51ea7dbbd88a0e1d1c11e88e1c0a801125d2e330348323987d00ccaa", "ad3a9d7402d494048c934b5af612bdf8da822fa7b22e57b8fe48e98a92f772b8", "a4cecd9cad126bbb98545d8bdb471fd1971187945eb71e5ccb873e90a84ee7ae", "e302839fbcbdc6da9e8235013a8abce6425eba48eaf4dac3390360334ebe756e", "66e3b4babf44c3168e1524e84dafd4f19bbfd25feff600422f18553c0dc9c75d", "152d8dfacdec0ebe7008b0ec41f110111209a69bda12c7e011ea824544479e10", "7dc78a81de59dc3f666c25c6d10ae730b50d6d2ee341088371f92f137a938530", "ee10b9a36e59990b0a49cf0044f2f23f4fc0e9f7b56057d74c96d99b0736a584"], "mitre_attack_tags": []}, {"bi": "memory-execute-readwrite", "hashes": ["1b25c660f2dbb2be0ba596bb2697f486b92a961bba24226aeb82d8f0ac2f8d47", "9c4498d0ed0c9941d61fed83e91942b40ac298b12acfccaeb9d84526103ff4c8", "5063d5e6f90dbb6e360259ac24c11c62b1439f90966bdc72dedf60e243b9e87a", "cd07e3707ed997f08cea9f73113be57561dd3d6286310fd096904deb8fc465c7", "521294a88093ea2b7a2b89ec3005b6398f20780874d410663b63429e58b1555a", "ea3d4eae7eea6f718c8d6999c847f81d046d5a2800f90db40a12c1b2788d630f", "d27df86a574f9e5e3f6b0a6ffd180da3c8d46e3ee94ea65eff4d1e782be9a915", "324b40debcda6f4b9795a3880ff35b56a92d865abb7c3525f6b40e28c52d9594", "fa22998a51ea7dbbd88a0e1d1c11e88e1c0a801125d2e330348323987d00ccaa", "ad3a9d7402d494048c934b5af612bdf8da822fa7b22e57b8fe48e98a92f772b8", "a4cecd9cad126bbb98545d8bdb471fd1971187945eb71e5ccb873e90a84ee7ae", "e302839fbcbdc6da9e8235013a8abce6425eba48eaf4dac3390360334ebe756e", "66e3b4babf44c3168e1524e84dafd4f19bbfd25feff600422f18553c0dc9c75d", "152d8dfacdec0ebe7008b0ec41f110111209a69bda12c7e011ea824544479e10", "7dc78a81de59dc3f666c25c6d10ae730b50d6d2ee341088371f92f137a938530", "ee10b9a36e59990b0a49cf0044f2f23f4fc0e9f7b56057d74c96d99b0736a584"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "modified-executable", "hashes": ["1b25c660f2dbb2be0ba596bb2697f486b92a961bba24226aeb82d8f0ac2f8d47", "9c4498d0ed0c9941d61fed83e91942b40ac298b12acfccaeb9d84526103ff4c8", "5063d5e6f90dbb6e360259ac24c11c62b1439f90966bdc72dedf60e243b9e87a", "cd07e3707ed997f08cea9f73113be57561dd3d6286310fd096904deb8fc465c7", "521294a88093ea2b7a2b89ec3005b6398f20780874d410663b63429e58b1555a", "ea3d4eae7eea6f718c8d6999c847f81d046d5a2800f90db40a12c1b2788d630f", "d27df86a574f9e5e3f6b0a6ffd180da3c8d46e3ee94ea65eff4d1e782be9a915", "324b40debcda6f4b9795a3880ff35b56a92d865abb7c3525f6b40e28c52d9594", "fa22998a51ea7dbbd88a0e1d1c11e88e1c0a801125d2e330348323987d00ccaa", "ad3a9d7402d494048c934b5af612bdf8da822fa7b22e57b8fe48e98a92f772b8", "a4cecd9cad126bbb98545d8bdb471fd1971187945eb71e5ccb873e90a84ee7ae", "e302839fbcbdc6da9e8235013a8abce6425eba48eaf4dac3390360334ebe756e", "66e3b4babf44c3168e1524e84dafd4f19bbfd25feff600422f18553c0dc9c75d", "152d8dfacdec0ebe7008b0ec41f110111209a69bda12c7e011ea824544479e10", "7dc78a81de59dc3f666c25c6d10ae730b50d6d2ee341088371f92f137a938530", "ee10b9a36e59990b0a49cf0044f2f23f4fc0e9f7b56057d74c96d99b0736a584"], "mitre_attack_tags": []}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["1b25c660f2dbb2be0ba596bb2697f486b92a961bba24226aeb82d8f0ac2f8d47", "9c4498d0ed0c9941d61fed83e91942b40ac298b12acfccaeb9d84526103ff4c8", "5063d5e6f90dbb6e360259ac24c11c62b1439f90966bdc72dedf60e243b9e87a", "cd07e3707ed997f08cea9f73113be57561dd3d6286310fd096904deb8fc465c7", "521294a88093ea2b7a2b89ec3005b6398f20780874d410663b63429e58b1555a", "ea3d4eae7eea6f718c8d6999c847f81d046d5a2800f90db40a12c1b2788d630f", "d27df86a574f9e5e3f6b0a6ffd180da3c8d46e3ee94ea65eff4d1e782be9a915", "324b40debcda6f4b9795a3880ff35b56a92d865abb7c3525f6b40e28c52d9594", "fa22998a51ea7dbbd88a0e1d1c11e88e1c0a801125d2e330348323987d00ccaa", "ad3a9d7402d494048c934b5af612bdf8da822fa7b22e57b8fe48e98a92f772b8", "a4cecd9cad126bbb98545d8bdb471fd1971187945eb71e5ccb873e90a84ee7ae", "e302839fbcbdc6da9e8235013a8abce6425eba48eaf4dac3390360334ebe756e", "66e3b4babf44c3168e1524e84dafd4f19bbfd25feff600422f18553c0dc9c75d", "152d8dfacdec0ebe7008b0ec41f110111209a69bda12c7e011ea824544479e10", "7dc78a81de59dc3f666c25c6d10ae730b50d6d2ee341088371f92f137a938530", "ee10b9a36e59990b0a49cf0044f2f23f4fc0e9f7b56057d74c96d99b0736a584"], "mitre_attack_tags": []}, {"bi": "modified-file-in-user-dir", "hashes": ["1b25c660f2dbb2be0ba596bb2697f486b92a961bba24226aeb82d8f0ac2f8d47", "9c4498d0ed0c9941d61fed83e91942b40ac298b12acfccaeb9d84526103ff4c8", "5063d5e6f90dbb6e360259ac24c11c62b1439f90966bdc72dedf60e243b9e87a", "cd07e3707ed997f08cea9f73113be57561dd3d6286310fd096904deb8fc465c7", "521294a88093ea2b7a2b89ec3005b6398f20780874d410663b63429e58b1555a", "ea3d4eae7eea6f718c8d6999c847f81d046d5a2800f90db40a12c1b2788d630f", "d27df86a574f9e5e3f6b0a6ffd180da3c8d46e3ee94ea65eff4d1e782be9a915", "324b40debcda6f4b9795a3880ff35b56a92d865abb7c3525f6b40e28c52d9594", "fa22998a51ea7dbbd88a0e1d1c11e88e1c0a801125d2e330348323987d00ccaa", "ad3a9d7402d494048c934b5af612bdf8da822fa7b22e57b8fe48e98a92f772b8", "a4cecd9cad126bbb98545d8bdb471fd1971187945eb71e5ccb873e90a84ee7ae", "e302839fbcbdc6da9e8235013a8abce6425eba48eaf4dac3390360334ebe756e", "66e3b4babf44c3168e1524e84dafd4f19bbfd25feff600422f18553c0dc9c75d", "152d8dfacdec0ebe7008b0ec41f110111209a69bda12c7e011ea824544479e10", "7dc78a81de59dc3f666c25c6d10ae730b50d6d2ee341088371f92f137a938530", "ee10b9a36e59990b0a49cf0044f2f23f4fc0e9f7b56057d74c96d99b0736a584"], "mitre_attack_tags": []}, {"bi": "pe-invalid-checksum", "hashes": ["1b25c660f2dbb2be0ba596bb2697f486b92a961bba24226aeb82d8f0ac2f8d47", "9c4498d0ed0c9941d61fed83e91942b40ac298b12acfccaeb9d84526103ff4c8", "5063d5e6f90dbb6e360259ac24c11c62b1439f90966bdc72dedf60e243b9e87a", "cd07e3707ed997f08cea9f73113be57561dd3d6286310fd096904deb8fc465c7", "521294a88093ea2b7a2b89ec3005b6398f20780874d410663b63429e58b1555a", "ea3d4eae7eea6f718c8d6999c847f81d046d5a2800f90db40a12c1b2788d630f", "d27df86a574f9e5e3f6b0a6ffd180da3c8d46e3ee94ea65eff4d1e782be9a915", "324b40debcda6f4b9795a3880ff35b56a92d865abb7c3525f6b40e28c52d9594", "fa22998a51ea7dbbd88a0e1d1c11e88e1c0a801125d2e330348323987d00ccaa", "ad3a9d7402d494048c934b5af612bdf8da822fa7b22e57b8fe48e98a92f772b8", "a4cecd9cad126bbb98545d8bdb471fd1971187945eb71e5ccb873e90a84ee7ae", "e302839fbcbdc6da9e8235013a8abce6425eba48eaf4dac3390360334ebe756e", "66e3b4babf44c3168e1524e84dafd4f19bbfd25feff600422f18553c0dc9c75d", "152d8dfacdec0ebe7008b0ec41f110111209a69bda12c7e011ea824544479e10", "7dc78a81de59dc3f666c25c6d10ae730b50d6d2ee341088371f92f137a938530", "ee10b9a36e59990b0a49cf0044f2f23f4fc0e9f7b56057d74c96d99b0736a584"], "mitre_attack_tags": []}, {"bi": "network-opendns-malicious", "hashes": ["1b25c660f2dbb2be0ba596bb2697f486b92a961bba24226aeb82d8f0ac2f8d47", "9c4498d0ed0c9941d61fed83e91942b40ac298b12acfccaeb9d84526103ff4c8", "5063d5e6f90dbb6e360259ac24c11c62b1439f90966bdc72dedf60e243b9e87a", "cd07e3707ed997f08cea9f73113be57561dd3d6286310fd096904deb8fc465c7", "521294a88093ea2b7a2b89ec3005b6398f20780874d410663b63429e58b1555a", "ea3d4eae7eea6f718c8d6999c847f81d046d5a2800f90db40a12c1b2788d630f", "d27df86a574f9e5e3f6b0a6ffd180da3c8d46e3ee94ea65eff4d1e782be9a915", "324b40debcda6f4b9795a3880ff35b56a92d865abb7c3525f6b40e28c52d9594", "fa22998a51ea7dbbd88a0e1d1c11e88e1c0a801125d2e330348323987d00ccaa", "ad3a9d7402d494048c934b5af612bdf8da822fa7b22e57b8fe48e98a92f772b8", "a4cecd9cad126bbb98545d8bdb471fd1971187945eb71e5ccb873e90a84ee7ae", "e302839fbcbdc6da9e8235013a8abce6425eba48eaf4dac3390360334ebe756e", "66e3b4babf44c3168e1524e84dafd4f19bbfd25feff600422f18553c0dc9c75d", "152d8dfacdec0ebe7008b0ec41f110111209a69bda12c7e011ea824544479e10", "7dc78a81de59dc3f666c25c6d10ae730b50d6d2ee341088371f92f137a938530", "ee10b9a36e59990b0a49cf0044f2f23f4fc0e9f7b56057d74c96d99b0736a584"], "mitre_attack_tags": []}, {"bi": "network-file-uploaded", "hashes": ["1b25c660f2dbb2be0ba596bb2697f486b92a961bba24226aeb82d8f0ac2f8d47", "9c4498d0ed0c9941d61fed83e91942b40ac298b12acfccaeb9d84526103ff4c8", "5063d5e6f90dbb6e360259ac24c11c62b1439f90966bdc72dedf60e243b9e87a", "cd07e3707ed997f08cea9f73113be57561dd3d6286310fd096904deb8fc465c7", "521294a88093ea2b7a2b89ec3005b6398f20780874d410663b63429e58b1555a", "ea3d4eae7eea6f718c8d6999c847f81d046d5a2800f90db40a12c1b2788d630f", "d27df86a574f9e5e3f6b0a6ffd180da3c8d46e3ee94ea65eff4d1e782be9a915", "324b40debcda6f4b9795a3880ff35b56a92d865abb7c3525f6b40e28c52d9594", "fa22998a51ea7dbbd88a0e1d1c11e88e1c0a801125d2e330348323987d00ccaa", "ad3a9d7402d494048c934b5af612bdf8da822fa7b22e57b8fe48e98a92f772b8", "a4cecd9cad126bbb98545d8bdb471fd1971187945eb71e5ccb873e90a84ee7ae", "e302839fbcbdc6da9e8235013a8abce6425eba48eaf4dac3390360334ebe756e", "66e3b4babf44c3168e1524e84dafd4f19bbfd25feff600422f18553c0dc9c75d", "152d8dfacdec0ebe7008b0ec41f110111209a69bda12c7e011ea824544479e10", "7dc78a81de59dc3f666c25c6d10ae730b50d6d2ee341088371f92f137a938530", "ee10b9a36e59990b0a49cf0044f2f23f4fc0e9f7b56057d74c96d99b0736a584"], "mitre_attack_tags": ["TA0010", "T1011"]}, {"bi": "network-fast-flux-domain", "hashes": ["1b25c660f2dbb2be0ba596bb2697f486b92a961bba24226aeb82d8f0ac2f8d47", "9c4498d0ed0c9941d61fed83e91942b40ac298b12acfccaeb9d84526103ff4c8", "5063d5e6f90dbb6e360259ac24c11c62b1439f90966bdc72dedf60e243b9e87a", "cd07e3707ed997f08cea9f73113be57561dd3d6286310fd096904deb8fc465c7", "521294a88093ea2b7a2b89ec3005b6398f20780874d410663b63429e58b1555a", "ea3d4eae7eea6f718c8d6999c847f81d046d5a2800f90db40a12c1b2788d630f", "d27df86a574f9e5e3f6b0a6ffd180da3c8d46e3ee94ea65eff4d1e782be9a915", "324b40debcda6f4b9795a3880ff35b56a92d865abb7c3525f6b40e28c52d9594", "fa22998a51ea7dbbd88a0e1d1c11e88e1c0a801125d2e330348323987d00ccaa", "ad3a9d7402d494048c934b5af612bdf8da822fa7b22e57b8fe48e98a92f772b8", "a4cecd9cad126bbb98545d8bdb471fd1971187945eb71e5ccb873e90a84ee7ae", "e302839fbcbdc6da9e8235013a8abce6425eba48eaf4dac3390360334ebe756e", "66e3b4babf44c3168e1524e84dafd4f19bbfd25feff600422f18553c0dc9c75d", "152d8dfacdec0ebe7008b0ec41f110111209a69bda12c7e011ea824544479e10", "7dc78a81de59dc3f666c25c6d10ae730b50d6d2ee341088371f92f137a938530", "ee10b9a36e59990b0a49cf0044f2f23f4fc0e9f7b56057d74c96d99b0736a584"], "mitre_attack_tags": []}, {"bi": "network-communications-http-post", "hashes": ["1b25c660f2dbb2be0ba596bb2697f486b92a961bba24226aeb82d8f0ac2f8d47", "9c4498d0ed0c9941d61fed83e91942b40ac298b12acfccaeb9d84526103ff4c8", "5063d5e6f90dbb6e360259ac24c11c62b1439f90966bdc72dedf60e243b9e87a", "cd07e3707ed997f08cea9f73113be57561dd3d6286310fd096904deb8fc465c7", "521294a88093ea2b7a2b89ec3005b6398f20780874d410663b63429e58b1555a", "ea3d4eae7eea6f718c8d6999c847f81d046d5a2800f90db40a12c1b2788d630f", "d27df86a574f9e5e3f6b0a6ffd180da3c8d46e3ee94ea65eff4d1e782be9a915", "324b40debcda6f4b9795a3880ff35b56a92d865abb7c3525f6b40e28c52d9594", "fa22998a51ea7dbbd88a0e1d1c11e88e1c0a801125d2e330348323987d00ccaa", "ad3a9d7402d494048c934b5af612bdf8da822fa7b22e57b8fe48e98a92f772b8", "a4cecd9cad126bbb98545d8bdb471fd1971187945eb71e5ccb873e90a84ee7ae", "e302839fbcbdc6da9e8235013a8abce6425eba48eaf4dac3390360334ebe756e", "66e3b4babf44c3168e1524e84dafd4f19bbfd25feff600422f18553c0dc9c75d", "152d8dfacdec0ebe7008b0ec41f110111209a69bda12c7e011ea824544479e10", "7dc78a81de59dc3f666c25c6d10ae730b50d6d2ee341088371f92f137a938530", "ee10b9a36e59990b0a49cf0044f2f23f4fc0e9f7b56057d74c96d99b0736a584"], "mitre_attack_tags": ["TA0010", "T1048"]}, {"bi": "pe-uses-armadillo", "hashes": ["1b25c660f2dbb2be0ba596bb2697f486b92a961bba24226aeb82d8f0ac2f8d47", "9c4498d0ed0c9941d61fed83e91942b40ac298b12acfccaeb9d84526103ff4c8", "5063d5e6f90dbb6e360259ac24c11c62b1439f90966bdc72dedf60e243b9e87a", "cd07e3707ed997f08cea9f73113be57561dd3d6286310fd096904deb8fc465c7", "521294a88093ea2b7a2b89ec3005b6398f20780874d410663b63429e58b1555a", "ea3d4eae7eea6f718c8d6999c847f81d046d5a2800f90db40a12c1b2788d630f", "d27df86a574f9e5e3f6b0a6ffd180da3c8d46e3ee94ea65eff4d1e782be9a915", "324b40debcda6f4b9795a3880ff35b56a92d865abb7c3525f6b40e28c52d9594", "fa22998a51ea7dbbd88a0e1d1c11e88e1c0a801125d2e330348323987d00ccaa", "ad3a9d7402d494048c934b5af612bdf8da822fa7b22e57b8fe48e98a92f772b8", "a4cecd9cad126bbb98545d8bdb471fd1971187945eb71e5ccb873e90a84ee7ae", "e302839fbcbdc6da9e8235013a8abce6425eba48eaf4dac3390360334ebe756e", "66e3b4babf44c3168e1524e84dafd4f19bbfd25feff600422f18553c0dc9c75d", "152d8dfacdec0ebe7008b0ec41f110111209a69bda12c7e011ea824544479e10", "7dc78a81de59dc3f666c25c6d10ae730b50d6d2ee341088371f92f137a938530", "ee10b9a36e59990b0a49cf0044f2f23f4fc0e9f7b56057d74c96d99b0736a584"], "mitre_attack_tags": ["TA0005", "TA0007", "T1027"]}, {"bi": "network-only-safe-domains-contacted", "hashes": ["1b25c660f2dbb2be0ba596bb2697f486b92a961bba24226aeb82d8f0ac2f8d47", "9c4498d0ed0c9941d61fed83e91942b40ac298b12acfccaeb9d84526103ff4c8", "5063d5e6f90dbb6e360259ac24c11c62b1439f90966bdc72dedf60e243b9e87a", "cd07e3707ed997f08cea9f73113be57561dd3d6286310fd096904deb8fc465c7", "521294a88093ea2b7a2b89ec3005b6398f20780874d410663b63429e58b1555a", "ea3d4eae7eea6f718c8d6999c847f81d046d5a2800f90db40a12c1b2788d630f", "d27df86a574f9e5e3f6b0a6ffd180da3c8d46e3ee94ea65eff4d1e782be9a915", "324b40debcda6f4b9795a3880ff35b56a92d865abb7c3525f6b40e28c52d9594", "fa22998a51ea7dbbd88a0e1d1c11e88e1c0a801125d2e330348323987d00ccaa", "ad3a9d7402d494048c934b5af612bdf8da822fa7b22e57b8fe48e98a92f772b8", "a4cecd9cad126bbb98545d8bdb471fd1971187945eb71e5ccb873e90a84ee7ae", "e302839fbcbdc6da9e8235013a8abce6425eba48eaf4dac3390360334ebe756e", "66e3b4babf44c3168e1524e84dafd4f19bbfd25feff600422f18553c0dc9c75d", "152d8dfacdec0ebe7008b0ec41f110111209a69bda12c7e011ea824544479e10", "7dc78a81de59dc3f666c25c6d10ae730b50d6d2ee341088371f92f137a938530", "ee10b9a36e59990b0a49cf0044f2f23f4fc0e9f7b56057d74c96d99b0736a584"], "mitre_attack_tags": []}, {"bi": "feed-domain-antivirus-service", "hashes": ["1b25c660f2dbb2be0ba596bb2697f486b92a961bba24226aeb82d8f0ac2f8d47", "9c4498d0ed0c9941d61fed83e91942b40ac298b12acfccaeb9d84526103ff4c8", "5063d5e6f90dbb6e360259ac24c11c62b1439f90966bdc72dedf60e243b9e87a", "cd07e3707ed997f08cea9f73113be57561dd3d6286310fd096904deb8fc465c7", "521294a88093ea2b7a2b89ec3005b6398f20780874d410663b63429e58b1555a", "ea3d4eae7eea6f718c8d6999c847f81d046d5a2800f90db40a12c1b2788d630f", "d27df86a574f9e5e3f6b0a6ffd180da3c8d46e3ee94ea65eff4d1e782be9a915", "324b40debcda6f4b9795a3880ff35b56a92d865abb7c3525f6b40e28c52d9594", "fa22998a51ea7dbbd88a0e1d1c11e88e1c0a801125d2e330348323987d00ccaa", "ad3a9d7402d494048c934b5af612bdf8da822fa7b22e57b8fe48e98a92f772b8", "a4cecd9cad126bbb98545d8bdb471fd1971187945eb71e5ccb873e90a84ee7ae", "e302839fbcbdc6da9e8235013a8abce6425eba48eaf4dac3390360334ebe756e", "66e3b4babf44c3168e1524e84dafd4f19bbfd25feff600422f18553c0dc9c75d", "152d8dfacdec0ebe7008b0ec41f110111209a69bda12c7e011ea824544479e10", "7dc78a81de59dc3f666c25c6d10ae730b50d6d2ee341088371f92f137a938530", "ee10b9a36e59990b0a49cf0044f2f23f4fc0e9f7b56057d74c96d99b0736a584"], "mitre_attack_tags": []}, {"bi": "http-response-client-error", "hashes": ["1b25c660f2dbb2be0ba596bb2697f486b92a961bba24226aeb82d8f0ac2f8d47", "9c4498d0ed0c9941d61fed83e91942b40ac298b12acfccaeb9d84526103ff4c8", "5063d5e6f90dbb6e360259ac24c11c62b1439f90966bdc72dedf60e243b9e87a", "cd07e3707ed997f08cea9f73113be57561dd3d6286310fd096904deb8fc465c7", "521294a88093ea2b7a2b89ec3005b6398f20780874d410663b63429e58b1555a", "ea3d4eae7eea6f718c8d6999c847f81d046d5a2800f90db40a12c1b2788d630f", "d27df86a574f9e5e3f6b0a6ffd180da3c8d46e3ee94ea65eff4d1e782be9a915", "324b40debcda6f4b9795a3880ff35b56a92d865abb7c3525f6b40e28c52d9594", "fa22998a51ea7dbbd88a0e1d1c11e88e1c0a801125d2e330348323987d00ccaa", "ad3a9d7402d494048c934b5af612bdf8da822fa7b22e57b8fe48e98a92f772b8", "a4cecd9cad126bbb98545d8bdb471fd1971187945eb71e5ccb873e90a84ee7ae", "e302839fbcbdc6da9e8235013a8abce6425eba48eaf4dac3390360334ebe756e", "66e3b4babf44c3168e1524e84dafd4f19bbfd25feff600422f18553c0dc9c75d", "152d8dfacdec0ebe7008b0ec41f110111209a69bda12c7e011ea824544479e10", "7dc78a81de59dc3f666c25c6d10ae730b50d6d2ee341088371f92f137a938530", "ee10b9a36e59990b0a49cf0044f2f23f4fc0e9f7b56057d74c96d99b0736a584"], "mitre_attack_tags": []}, {"bi": "excessive-foreign-memory-modification", "hashes": ["1b25c660f2dbb2be0ba596bb2697f486b92a961bba24226aeb82d8f0ac2f8d47", "9c4498d0ed0c9941d61fed83e91942b40ac298b12acfccaeb9d84526103ff4c8", "5063d5e6f90dbb6e360259ac24c11c62b1439f90966bdc72dedf60e243b9e87a", "cd07e3707ed997f08cea9f73113be57561dd3d6286310fd096904deb8fc465c7", "521294a88093ea2b7a2b89ec3005b6398f20780874d410663b63429e58b1555a", "ea3d4eae7eea6f718c8d6999c847f81d046d5a2800f90db40a12c1b2788d630f", "d27df86a574f9e5e3f6b0a6ffd180da3c8d46e3ee94ea65eff4d1e782be9a915", "324b40debcda6f4b9795a3880ff35b56a92d865abb7c3525f6b40e28c52d9594", "fa22998a51ea7dbbd88a0e1d1c11e88e1c0a801125d2e330348323987d00ccaa", "ad3a9d7402d494048c934b5af612bdf8da822fa7b22e57b8fe48e98a92f772b8", "a4cecd9cad126bbb98545d8bdb471fd1971187945eb71e5ccb873e90a84ee7ae", "e302839fbcbdc6da9e8235013a8abce6425eba48eaf4dac3390360334ebe756e", "66e3b4babf44c3168e1524e84dafd4f19bbfd25feff600422f18553c0dc9c75d", "152d8dfacdec0ebe7008b0ec41f110111209a69bda12c7e011ea824544479e10", "7dc78a81de59dc3f666c25c6d10ae730b50d6d2ee341088371f92f137a938530", "ee10b9a36e59990b0a49cf0044f2f23f4fc0e9f7b56057d74c96d99b0736a584"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "deleted-submitted-file", "hashes": ["1b25c660f2dbb2be0ba596bb2697f486b92a961bba24226aeb82d8f0ac2f8d47", "9c4498d0ed0c9941d61fed83e91942b40ac298b12acfccaeb9d84526103ff4c8", "5063d5e6f90dbb6e360259ac24c11c62b1439f90966bdc72dedf60e243b9e87a", "cd07e3707ed997f08cea9f73113be57561dd3d6286310fd096904deb8fc465c7", "521294a88093ea2b7a2b89ec3005b6398f20780874d410663b63429e58b1555a", "ea3d4eae7eea6f718c8d6999c847f81d046d5a2800f90db40a12c1b2788d630f", "d27df86a574f9e5e3f6b0a6ffd180da3c8d46e3ee94ea65eff4d1e782be9a915", "324b40debcda6f4b9795a3880ff35b56a92d865abb7c3525f6b40e28c52d9594", "fa22998a51ea7dbbd88a0e1d1c11e88e1c0a801125d2e330348323987d00ccaa", "ad3a9d7402d494048c934b5af612bdf8da822fa7b22e57b8fe48e98a92f772b8", "a4cecd9cad126bbb98545d8bdb471fd1971187945eb71e5ccb873e90a84ee7ae", "e302839fbcbdc6da9e8235013a8abce6425eba48eaf4dac3390360334ebe756e", "66e3b4babf44c3168e1524e84dafd4f19bbfd25feff600422f18553c0dc9c75d", "152d8dfacdec0ebe7008b0ec41f110111209a69bda12c7e011ea824544479e10", "7dc78a81de59dc3f666c25c6d10ae730b50d6d2ee341088371f92f137a938530", "ee10b9a36e59990b0a49cf0044f2f23f4fc0e9f7b56057d74c96d99b0736a584"], "mitre_attack_tags": ["TA0005"]}, {"bi": "enumeration-browser-information", "hashes": ["1b25c660f2dbb2be0ba596bb2697f486b92a961bba24226aeb82d8f0ac2f8d47", "9c4498d0ed0c9941d61fed83e91942b40ac298b12acfccaeb9d84526103ff4c8", "5063d5e6f90dbb6e360259ac24c11c62b1439f90966bdc72dedf60e243b9e87a", "cd07e3707ed997f08cea9f73113be57561dd3d6286310fd096904deb8fc465c7", "521294a88093ea2b7a2b89ec3005b6398f20780874d410663b63429e58b1555a", "ea3d4eae7eea6f718c8d6999c847f81d046d5a2800f90db40a12c1b2788d630f", "d27df86a574f9e5e3f6b0a6ffd180da3c8d46e3ee94ea65eff4d1e782be9a915", "324b40debcda6f4b9795a3880ff35b56a92d865abb7c3525f6b40e28c52d9594", "fa22998a51ea7dbbd88a0e1d1c11e88e1c0a801125d2e330348323987d00ccaa", "ad3a9d7402d494048c934b5af612bdf8da822fa7b22e57b8fe48e98a92f772b8", "a4cecd9cad126bbb98545d8bdb471fd1971187945eb71e5ccb873e90a84ee7ae", "e302839fbcbdc6da9e8235013a8abce6425eba48eaf4dac3390360334ebe756e", "66e3b4babf44c3168e1524e84dafd4f19bbfd25feff600422f18553c0dc9c75d", "152d8dfacdec0ebe7008b0ec41f110111209a69bda12c7e011ea824544479e10", "7dc78a81de59dc3f666c25c6d10ae730b50d6d2ee341088371f92f137a938530", "ee10b9a36e59990b0a49cf0044f2f23f4fc0e9f7b56057d74c96d99b0736a584"], "mitre_attack_tags": ["TA0007", "TA0009", "TA0006", "T1083", "T1217", "T1005", "T1119", "T1552", "T1539", "T1555"]}, {"bi": "sample-launched-copy-of-self", "hashes": ["1b25c660f2dbb2be0ba596bb2697f486b92a961bba24226aeb82d8f0ac2f8d47", "9c4498d0ed0c9941d61fed83e91942b40ac298b12acfccaeb9d84526103ff4c8", "5063d5e6f90dbb6e360259ac24c11c62b1439f90966bdc72dedf60e243b9e87a", "cd07e3707ed997f08cea9f73113be57561dd3d6286310fd096904deb8fc465c7", "521294a88093ea2b7a2b89ec3005b6398f20780874d410663b63429e58b1555a", "ea3d4eae7eea6f718c8d6999c847f81d046d5a2800f90db40a12c1b2788d630f", "d27df86a574f9e5e3f6b0a6ffd180da3c8d46e3ee94ea65eff4d1e782be9a915", "324b40debcda6f4b9795a3880ff35b56a92d865abb7c3525f6b40e28c52d9594", "fa22998a51ea7dbbd88a0e1d1c11e88e1c0a801125d2e330348323987d00ccaa", "ad3a9d7402d494048c934b5af612bdf8da822fa7b22e57b8fe48e98a92f772b8", "a4cecd9cad126bbb98545d8bdb471fd1971187945eb71e5ccb873e90a84ee7ae", "e302839fbcbdc6da9e8235013a8abce6425eba48eaf4dac3390360334ebe756e", "66e3b4babf44c3168e1524e84dafd4f19bbfd25feff600422f18553c0dc9c75d", "152d8dfacdec0ebe7008b0ec41f110111209a69bda12c7e011ea824544479e10", "7dc78a81de59dc3f666c25c6d10ae730b50d6d2ee341088371f92f137a938530", "ee10b9a36e59990b0a49cf0044f2f23f4fc0e9f7b56057d74c96d99b0736a584"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "network-dns-category-proxy", "hashes": ["1b25c660f2dbb2be0ba596bb2697f486b92a961bba24226aeb82d8f0ac2f8d47", "9c4498d0ed0c9941d61fed83e91942b40ac298b12acfccaeb9d84526103ff4c8", "5063d5e6f90dbb6e360259ac24c11c62b1439f90966bdc72dedf60e243b9e87a", "cd07e3707ed997f08cea9f73113be57561dd3d6286310fd096904deb8fc465c7", "521294a88093ea2b7a2b89ec3005b6398f20780874d410663b63429e58b1555a", "ea3d4eae7eea6f718c8d6999c847f81d046d5a2800f90db40a12c1b2788d630f", "d27df86a574f9e5e3f6b0a6ffd180da3c8d46e3ee94ea65eff4d1e782be9a915", "324b40debcda6f4b9795a3880ff35b56a92d865abb7c3525f6b40e28c52d9594", "fa22998a51ea7dbbd88a0e1d1c11e88e1c0a801125d2e330348323987d00ccaa", "ad3a9d7402d494048c934b5af612bdf8da822fa7b22e57b8fe48e98a92f772b8", "a4cecd9cad126bbb98545d8bdb471fd1971187945eb71e5ccb873e90a84ee7ae", "e302839fbcbdc6da9e8235013a8abce6425eba48eaf4dac3390360334ebe756e", "66e3b4babf44c3168e1524e84dafd4f19bbfd25feff600422f18553c0dc9c75d", "152d8dfacdec0ebe7008b0ec41f110111209a69bda12c7e011ea824544479e10", "7dc78a81de59dc3f666c25c6d10ae730b50d6d2ee341088371f92f137a938530", "ee10b9a36e59990b0a49cf0044f2f23f4fc0e9f7b56057d74c96d99b0736a584"], "mitre_attack_tags": []}, {"bi": "altered-sample-dns-flagged", "hashes": ["1b25c660f2dbb2be0ba596bb2697f486b92a961bba24226aeb82d8f0ac2f8d47", "9c4498d0ed0c9941d61fed83e91942b40ac298b12acfccaeb9d84526103ff4c8", "5063d5e6f90dbb6e360259ac24c11c62b1439f90966bdc72dedf60e243b9e87a", "cd07e3707ed997f08cea9f73113be57561dd3d6286310fd096904deb8fc465c7", "521294a88093ea2b7a2b89ec3005b6398f20780874d410663b63429e58b1555a", "ea3d4eae7eea6f718c8d6999c847f81d046d5a2800f90db40a12c1b2788d630f", "d27df86a574f9e5e3f6b0a6ffd180da3c8d46e3ee94ea65eff4d1e782be9a915", "324b40debcda6f4b9795a3880ff35b56a92d865abb7c3525f6b40e28c52d9594", "fa22998a51ea7dbbd88a0e1d1c11e88e1c0a801125d2e330348323987d00ccaa", "ad3a9d7402d494048c934b5af612bdf8da822fa7b22e57b8fe48e98a92f772b8", "a4cecd9cad126bbb98545d8bdb471fd1971187945eb71e5ccb873e90a84ee7ae", "e302839fbcbdc6da9e8235013a8abce6425eba48eaf4dac3390360334ebe756e", "66e3b4babf44c3168e1524e84dafd4f19bbfd25feff600422f18553c0dc9c75d", "152d8dfacdec0ebe7008b0ec41f110111209a69bda12c7e011ea824544479e10", "7dc78a81de59dc3f666c25c6d10ae730b50d6d2ee341088371f92f137a938530", "ee10b9a36e59990b0a49cf0044f2f23f4fc0e9f7b56057d74c96d99b0736a584"], "mitre_attack_tags": ["TA0011", "T1102"]}, {"bi": "sample-launched-copy-domain-flagged", "hashes": ["1b25c660f2dbb2be0ba596bb2697f486b92a961bba24226aeb82d8f0ac2f8d47", "9c4498d0ed0c9941d61fed83e91942b40ac298b12acfccaeb9d84526103ff4c8", "5063d5e6f90dbb6e360259ac24c11c62b1439f90966bdc72dedf60e243b9e87a", "cd07e3707ed997f08cea9f73113be57561dd3d6286310fd096904deb8fc465c7", "521294a88093ea2b7a2b89ec3005b6398f20780874d410663b63429e58b1555a", "ea3d4eae7eea6f718c8d6999c847f81d046d5a2800f90db40a12c1b2788d630f", "d27df86a574f9e5e3f6b0a6ffd180da3c8d46e3ee94ea65eff4d1e782be9a915", "324b40debcda6f4b9795a3880ff35b56a92d865abb7c3525f6b40e28c52d9594", "fa22998a51ea7dbbd88a0e1d1c11e88e1c0a801125d2e330348323987d00ccaa", "ad3a9d7402d494048c934b5af612bdf8da822fa7b22e57b8fe48e98a92f772b8", "a4cecd9cad126bbb98545d8bdb471fd1971187945eb71e5ccb873e90a84ee7ae", "e302839fbcbdc6da9e8235013a8abce6425eba48eaf4dac3390360334ebe756e", "66e3b4babf44c3168e1524e84dafd4f19bbfd25feff600422f18553c0dc9c75d", "152d8dfacdec0ebe7008b0ec41f110111209a69bda12c7e011ea824544479e10", "7dc78a81de59dc3f666c25c6d10ae730b50d6d2ee341088371f92f137a938530", "ee10b9a36e59990b0a49cf0044f2f23f4fc0e9f7b56057d74c96d99b0736a584"], "mitre_attack_tags": ["TA0011", "T1102"]}, {"bi": "registry-autorun-key-modified", "hashes": ["1b25c660f2dbb2be0ba596bb2697f486b92a961bba24226aeb82d8f0ac2f8d47", "9c4498d0ed0c9941d61fed83e91942b40ac298b12acfccaeb9d84526103ff4c8", "5063d5e6f90dbb6e360259ac24c11c62b1439f90966bdc72dedf60e243b9e87a", "cd07e3707ed997f08cea9f73113be57561dd3d6286310fd096904deb8fc465c7", "521294a88093ea2b7a2b89ec3005b6398f20780874d410663b63429e58b1555a", "ea3d4eae7eea6f718c8d6999c847f81d046d5a2800f90db40a12c1b2788d630f", "d27df86a574f9e5e3f6b0a6ffd180da3c8d46e3ee94ea65eff4d1e782be9a915", "324b40debcda6f4b9795a3880ff35b56a92d865abb7c3525f6b40e28c52d9594", "fa22998a51ea7dbbd88a0e1d1c11e88e1c0a801125d2e330348323987d00ccaa", "ad3a9d7402d494048c934b5af612bdf8da822fa7b22e57b8fe48e98a92f772b8", "a4cecd9cad126bbb98545d8bdb471fd1971187945eb71e5ccb873e90a84ee7ae", "e302839fbcbdc6da9e8235013a8abce6425eba48eaf4dac3390360334ebe756e", "66e3b4babf44c3168e1524e84dafd4f19bbfd25feff600422f18553c0dc9c75d", "152d8dfacdec0ebe7008b0ec41f110111209a69bda12c7e011ea824544479e10", "7dc78a81de59dc3f666c25c6d10ae730b50d6d2ee341088371f92f137a938530", "ee10b9a36e59990b0a49cf0044f2f23f4fc0e9f7b56057d74c96d99b0736a584"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "modified-file-in-program-dir", "hashes": ["1b25c660f2dbb2be0ba596bb2697f486b92a961bba24226aeb82d8f0ac2f8d47", "9c4498d0ed0c9941d61fed83e91942b40ac298b12acfccaeb9d84526103ff4c8", "5063d5e6f90dbb6e360259ac24c11c62b1439f90966bdc72dedf60e243b9e87a", "cd07e3707ed997f08cea9f73113be57561dd3d6286310fd096904deb8fc465c7", "521294a88093ea2b7a2b89ec3005b6398f20780874d410663b63429e58b1555a", "ea3d4eae7eea6f718c8d6999c847f81d046d5a2800f90db40a12c1b2788d630f", "d27df86a574f9e5e3f6b0a6ffd180da3c8d46e3ee94ea65eff4d1e782be9a915", "324b40debcda6f4b9795a3880ff35b56a92d865abb7c3525f6b40e28c52d9594", "fa22998a51ea7dbbd88a0e1d1c11e88e1c0a801125d2e330348323987d00ccaa", "ad3a9d7402d494048c934b5af612bdf8da822fa7b22e57b8fe48e98a92f772b8", "a4cecd9cad126bbb98545d8bdb471fd1971187945eb71e5ccb873e90a84ee7ae", "e302839fbcbdc6da9e8235013a8abce6425eba48eaf4dac3390360334ebe756e", "66e3b4babf44c3168e1524e84dafd4f19bbfd25feff600422f18553c0dc9c75d", "152d8dfacdec0ebe7008b0ec41f110111209a69bda12c7e011ea824544479e10", "7dc78a81de59dc3f666c25c6d10ae730b50d6d2ee341088371f92f137a938530", "ee10b9a36e59990b0a49cf0044f2f23f4fc0e9f7b56057d74c96d99b0736a584"], "mitre_attack_tags": []}, {"bi": "cmd-exe-file-execution", "hashes": ["1b25c660f2dbb2be0ba596bb2697f486b92a961bba24226aeb82d8f0ac2f8d47", "9c4498d0ed0c9941d61fed83e91942b40ac298b12acfccaeb9d84526103ff4c8", "5063d5e6f90dbb6e360259ac24c11c62b1439f90966bdc72dedf60e243b9e87a", "cd07e3707ed997f08cea9f73113be57561dd3d6286310fd096904deb8fc465c7", "521294a88093ea2b7a2b89ec3005b6398f20780874d410663b63429e58b1555a", "ea3d4eae7eea6f718c8d6999c847f81d046d5a2800f90db40a12c1b2788d630f", "d27df86a574f9e5e3f6b0a6ffd180da3c8d46e3ee94ea65eff4d1e782be9a915", "324b40debcda6f4b9795a3880ff35b56a92d865abb7c3525f6b40e28c52d9594", "fa22998a51ea7dbbd88a0e1d1c11e88e1c0a801125d2e330348323987d00ccaa", "ad3a9d7402d494048c934b5af612bdf8da822fa7b22e57b8fe48e98a92f772b8", "a4cecd9cad126bbb98545d8bdb471fd1971187945eb71e5ccb873e90a84ee7ae", "e302839fbcbdc6da9e8235013a8abce6425eba48eaf4dac3390360334ebe756e", "66e3b4babf44c3168e1524e84dafd4f19bbfd25feff600422f18553c0dc9c75d", "152d8dfacdec0ebe7008b0ec41f110111209a69bda12c7e011ea824544479e10", "7dc78a81de59dc3f666c25c6d10ae730b50d6d2ee341088371f92f137a938530", "ee10b9a36e59990b0a49cf0044f2f23f4fc0e9f7b56057d74c96d99b0736a584"], "mitre_attack_tags": ["TA0002", "T1059"]}, {"bi": "modified-file-in-system-dir", "hashes": ["1b25c660f2dbb2be0ba596bb2697f486b92a961bba24226aeb82d8f0ac2f8d47", "9c4498d0ed0c9941d61fed83e91942b40ac298b12acfccaeb9d84526103ff4c8", "5063d5e6f90dbb6e360259ac24c11c62b1439f90966bdc72dedf60e243b9e87a", "cd07e3707ed997f08cea9f73113be57561dd3d6286310fd096904deb8fc465c7", "521294a88093ea2b7a2b89ec3005b6398f20780874d410663b63429e58b1555a", "ea3d4eae7eea6f718c8d6999c847f81d046d5a2800f90db40a12c1b2788d630f", "d27df86a574f9e5e3f6b0a6ffd180da3c8d46e3ee94ea65eff4d1e782be9a915", "324b40debcda6f4b9795a3880ff35b56a92d865abb7c3525f6b40e28c52d9594", "fa22998a51ea7dbbd88a0e1d1c11e88e1c0a801125d2e330348323987d00ccaa", "ad3a9d7402d494048c934b5af612bdf8da822fa7b22e57b8fe48e98a92f772b8", "a4cecd9cad126bbb98545d8bdb471fd1971187945eb71e5ccb873e90a84ee7ae", "e302839fbcbdc6da9e8235013a8abce6425eba48eaf4dac3390360334ebe756e", "66e3b4babf44c3168e1524e84dafd4f19bbfd25feff600422f18553c0dc9c75d", "152d8dfacdec0ebe7008b0ec41f110111209a69bda12c7e011ea824544479e10", "7dc78a81de59dc3f666c25c6d10ae730b50d6d2ee341088371f92f137a938530", "ee10b9a36e59990b0a49cf0044f2f23f4fc0e9f7b56057d74c96d99b0736a584"], "mitre_attack_tags": []}, {"bi": "url-not-found", "hashes": ["1b25c660f2dbb2be0ba596bb2697f486b92a961bba24226aeb82d8f0ac2f8d47", "9c4498d0ed0c9941d61fed83e91942b40ac298b12acfccaeb9d84526103ff4c8", "5063d5e6f90dbb6e360259ac24c11c62b1439f90966bdc72dedf60e243b9e87a", "cd07e3707ed997f08cea9f73113be57561dd3d6286310fd096904deb8fc465c7", "521294a88093ea2b7a2b89ec3005b6398f20780874d410663b63429e58b1555a", "ea3d4eae7eea6f718c8d6999c847f81d046d5a2800f90db40a12c1b2788d630f", "d27df86a574f9e5e3f6b0a6ffd180da3c8d46e3ee94ea65eff4d1e782be9a915", "324b40debcda6f4b9795a3880ff35b56a92d865abb7c3525f6b40e28c52d9594", "fa22998a51ea7dbbd88a0e1d1c11e88e1c0a801125d2e330348323987d00ccaa", "ad3a9d7402d494048c934b5af612bdf8da822fa7b22e57b8fe48e98a92f772b8", "a4cecd9cad126bbb98545d8bdb471fd1971187945eb71e5ccb873e90a84ee7ae", "e302839fbcbdc6da9e8235013a8abce6425eba48eaf4dac3390360334ebe756e", "66e3b4babf44c3168e1524e84dafd4f19bbfd25feff600422f18553c0dc9c75d", "152d8dfacdec0ebe7008b0ec41f110111209a69bda12c7e011ea824544479e10", "7dc78a81de59dc3f666c25c6d10ae730b50d6d2ee341088371f92f137a938530", "ee10b9a36e59990b0a49cf0044f2f23f4fc0e9f7b56057d74c96d99b0736a584"], "mitre_attack_tags": []}, {"bi": "imports-IsDebuggerPresent", "hashes": ["1b25c660f2dbb2be0ba596bb2697f486b92a961bba24226aeb82d8f0ac2f8d47", "9c4498d0ed0c9941d61fed83e91942b40ac298b12acfccaeb9d84526103ff4c8", "5063d5e6f90dbb6e360259ac24c11c62b1439f90966bdc72dedf60e243b9e87a", "cd07e3707ed997f08cea9f73113be57561dd3d6286310fd096904deb8fc465c7", "521294a88093ea2b7a2b89ec3005b6398f20780874d410663b63429e58b1555a", "ea3d4eae7eea6f718c8d6999c847f81d046d5a2800f90db40a12c1b2788d630f", "d27df86a574f9e5e3f6b0a6ffd180da3c8d46e3ee94ea65eff4d1e782be9a915", "324b40debcda6f4b9795a3880ff35b56a92d865abb7c3525f6b40e28c52d9594", "fa22998a51ea7dbbd88a0e1d1c11e88e1c0a801125d2e330348323987d00ccaa", "ad3a9d7402d494048c934b5af612bdf8da822fa7b22e57b8fe48e98a92f772b8", "a4cecd9cad126bbb98545d8bdb471fd1971187945eb71e5ccb873e90a84ee7ae", "e302839fbcbdc6da9e8235013a8abce6425eba48eaf4dac3390360334ebe756e", "66e3b4babf44c3168e1524e84dafd4f19bbfd25feff600422f18553c0dc9c75d", "152d8dfacdec0ebe7008b0ec41f110111209a69bda12c7e011ea824544479e10", "7dc78a81de59dc3f666c25c6d10ae730b50d6d2ee341088371f92f137a938530", "ee10b9a36e59990b0a49cf0044f2f23f4fc0e9f7b56057d74c96d99b0736a584"], "mitre_attack_tags": ["TA0005", "TA0007"]}, {"bi": "pe-imports-psapi-dll", "hashes": ["1b25c660f2dbb2be0ba596bb2697f486b92a961bba24226aeb82d8f0ac2f8d47", "9c4498d0ed0c9941d61fed83e91942b40ac298b12acfccaeb9d84526103ff4c8", "5063d5e6f90dbb6e360259ac24c11c62b1439f90966bdc72dedf60e243b9e87a", "cd07e3707ed997f08cea9f73113be57561dd3d6286310fd096904deb8fc465c7", "521294a88093ea2b7a2b89ec3005b6398f20780874d410663b63429e58b1555a", "ea3d4eae7eea6f718c8d6999c847f81d046d5a2800f90db40a12c1b2788d630f", "d27df86a574f9e5e3f6b0a6ffd180da3c8d46e3ee94ea65eff4d1e782be9a915", "324b40debcda6f4b9795a3880ff35b56a92d865abb7c3525f6b40e28c52d9594", "fa22998a51ea7dbbd88a0e1d1c11e88e1c0a801125d2e330348323987d00ccaa", "ad3a9d7402d494048c934b5af612bdf8da822fa7b22e57b8fe48e98a92f772b8", "a4cecd9cad126bbb98545d8bdb471fd1971187945eb71e5ccb873e90a84ee7ae", "e302839fbcbdc6da9e8235013a8abce6425eba48eaf4dac3390360334ebe756e", "66e3b4babf44c3168e1524e84dafd4f19bbfd25feff600422f18553c0dc9c75d", "152d8dfacdec0ebe7008b0ec41f110111209a69bda12c7e011ea824544479e10", "7dc78a81de59dc3f666c25c6d10ae730b50d6d2ee341088371f92f137a938530", "ee10b9a36e59990b0a49cf0044f2f23f4fc0e9f7b56057d74c96d99b0736a584"], "mitre_attack_tags": ["TA0007", "T1057"]}, {"bi": "process-hollowing-detected", "hashes": ["1b25c660f2dbb2be0ba596bb2697f486b92a961bba24226aeb82d8f0ac2f8d47", "9c4498d0ed0c9941d61fed83e91942b40ac298b12acfccaeb9d84526103ff4c8", "5063d5e6f90dbb6e360259ac24c11c62b1439f90966bdc72dedf60e243b9e87a", "cd07e3707ed997f08cea9f73113be57561dd3d6286310fd096904deb8fc465c7", "521294a88093ea2b7a2b89ec3005b6398f20780874d410663b63429e58b1555a", "ea3d4eae7eea6f718c8d6999c847f81d046d5a2800f90db40a12c1b2788d630f", "d27df86a574f9e5e3f6b0a6ffd180da3c8d46e3ee94ea65eff4d1e782be9a915", "324b40debcda6f4b9795a3880ff35b56a92d865abb7c3525f6b40e28c52d9594", "fa22998a51ea7dbbd88a0e1d1c11e88e1c0a801125d2e330348323987d00ccaa", "ad3a9d7402d494048c934b5af612bdf8da822fa7b22e57b8fe48e98a92f772b8", "a4cecd9cad126bbb98545d8bdb471fd1971187945eb71e5ccb873e90a84ee7ae", "e302839fbcbdc6da9e8235013a8abce6425eba48eaf4dac3390360334ebe756e", "66e3b4babf44c3168e1524e84dafd4f19bbfd25feff600422f18553c0dc9c75d", "152d8dfacdec0ebe7008b0ec41f110111209a69bda12c7e011ea824544479e10", "7dc78a81de59dc3f666c25c6d10ae730b50d6d2ee341088371f92f137a938530", "ee10b9a36e59990b0a49cf0044f2f23f4fc0e9f7b56057d74c96d99b0736a584"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "startup-folder-modification", "hashes": ["1b25c660f2dbb2be0ba596bb2697f486b92a961bba24226aeb82d8f0ac2f8d47", "9c4498d0ed0c9941d61fed83e91942b40ac298b12acfccaeb9d84526103ff4c8", "5063d5e6f90dbb6e360259ac24c11c62b1439f90966bdc72dedf60e243b9e87a", "cd07e3707ed997f08cea9f73113be57561dd3d6286310fd096904deb8fc465c7", "521294a88093ea2b7a2b89ec3005b6398f20780874d410663b63429e58b1555a", "ea3d4eae7eea6f718c8d6999c847f81d046d5a2800f90db40a12c1b2788d630f", "d27df86a574f9e5e3f6b0a6ffd180da3c8d46e3ee94ea65eff4d1e782be9a915", "324b40debcda6f4b9795a3880ff35b56a92d865abb7c3525f6b40e28c52d9594", "fa22998a51ea7dbbd88a0e1d1c11e88e1c0a801125d2e330348323987d00ccaa", "ad3a9d7402d494048c934b5af612bdf8da822fa7b22e57b8fe48e98a92f772b8", "a4cecd9cad126bbb98545d8bdb471fd1971187945eb71e5ccb873e90a84ee7ae", "e302839fbcbdc6da9e8235013a8abce6425eba48eaf4dac3390360334ebe756e", "66e3b4babf44c3168e1524e84dafd4f19bbfd25feff600422f18553c0dc9c75d", "152d8dfacdec0ebe7008b0ec41f110111209a69bda12c7e011ea824544479e10", "7dc78a81de59dc3f666c25c6d10ae730b50d6d2ee341088371f92f137a938530", "ee10b9a36e59990b0a49cf0044f2f23f4fc0e9f7b56057d74c96d99b0736a584"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "excessive-file-modifications", "hashes": ["1b25c660f2dbb2be0ba596bb2697f486b92a961bba24226aeb82d8f0ac2f8d47", "9c4498d0ed0c9941d61fed83e91942b40ac298b12acfccaeb9d84526103ff4c8", "5063d5e6f90dbb6e360259ac24c11c62b1439f90966bdc72dedf60e243b9e87a", "cd07e3707ed997f08cea9f73113be57561dd3d6286310fd096904deb8fc465c7", "521294a88093ea2b7a2b89ec3005b6398f20780874d410663b63429e58b1555a", "ea3d4eae7eea6f718c8d6999c847f81d046d5a2800f90db40a12c1b2788d630f", "d27df86a574f9e5e3f6b0a6ffd180da3c8d46e3ee94ea65eff4d1e782be9a915", "324b40debcda6f4b9795a3880ff35b56a92d865abb7c3525f6b40e28c52d9594", "fa22998a51ea7dbbd88a0e1d1c11e88e1c0a801125d2e330348323987d00ccaa", "ad3a9d7402d494048c934b5af612bdf8da822fa7b22e57b8fe48e98a92f772b8", "a4cecd9cad126bbb98545d8bdb471fd1971187945eb71e5ccb873e90a84ee7ae", "e302839fbcbdc6da9e8235013a8abce6425eba48eaf4dac3390360334ebe756e", "66e3b4babf44c3168e1524e84dafd4f19bbfd25feff600422f18553c0dc9c75d", "152d8dfacdec0ebe7008b0ec41f110111209a69bda12c7e011ea824544479e10", "7dc78a81de59dc3f666c25c6d10ae730b50d6d2ee341088371f92f137a938530", "ee10b9a36e59990b0a49cf0044f2f23f4fc0e9f7b56057d74c96d99b0736a584"], "mitre_attack_tags": []}, {"bi": "process-check-browser-mail-client-files", "hashes": ["1b25c660f2dbb2be0ba596bb2697f486b92a961bba24226aeb82d8f0ac2f8d47", "9c4498d0ed0c9941d61fed83e91942b40ac298b12acfccaeb9d84526103ff4c8", "5063d5e6f90dbb6e360259ac24c11c62b1439f90966bdc72dedf60e243b9e87a", "cd07e3707ed997f08cea9f73113be57561dd3d6286310fd096904deb8fc465c7", "521294a88093ea2b7a2b89ec3005b6398f20780874d410663b63429e58b1555a", "ea3d4eae7eea6f718c8d6999c847f81d046d5a2800f90db40a12c1b2788d630f", "d27df86a574f9e5e3f6b0a6ffd180da3c8d46e3ee94ea65eff4d1e782be9a915", "324b40debcda6f4b9795a3880ff35b56a92d865abb7c3525f6b40e28c52d9594", "fa22998a51ea7dbbd88a0e1d1c11e88e1c0a801125d2e330348323987d00ccaa", "ad3a9d7402d494048c934b5af612bdf8da822fa7b22e57b8fe48e98a92f772b8", "a4cecd9cad126bbb98545d8bdb471fd1971187945eb71e5ccb873e90a84ee7ae", "e302839fbcbdc6da9e8235013a8abce6425eba48eaf4dac3390360334ebe756e", "66e3b4babf44c3168e1524e84dafd4f19bbfd25feff600422f18553c0dc9c75d", "152d8dfacdec0ebe7008b0ec41f110111209a69bda12c7e011ea824544479e10", "7dc78a81de59dc3f666c25c6d10ae730b50d6d2ee341088371f92f137a938530", "ee10b9a36e59990b0a49cf0044f2f23f4fc0e9f7b56057d74c96d99b0736a584"], "mitre_attack_tags": ["TA0007", "T1518"]}, {"bi": "malware-generic-ransomware-entropy", "hashes": ["1b25c660f2dbb2be0ba596bb2697f486b92a961bba24226aeb82d8f0ac2f8d47", "9c4498d0ed0c9941d61fed83e91942b40ac298b12acfccaeb9d84526103ff4c8", "5063d5e6f90dbb6e360259ac24c11c62b1439f90966bdc72dedf60e243b9e87a", "cd07e3707ed997f08cea9f73113be57561dd3d6286310fd096904deb8fc465c7", "521294a88093ea2b7a2b89ec3005b6398f20780874d410663b63429e58b1555a", "ea3d4eae7eea6f718c8d6999c847f81d046d5a2800f90db40a12c1b2788d630f", "d27df86a574f9e5e3f6b0a6ffd180da3c8d46e3ee94ea65eff4d1e782be9a915", "324b40debcda6f4b9795a3880ff35b56a92d865abb7c3525f6b40e28c52d9594", "fa22998a51ea7dbbd88a0e1d1c11e88e1c0a801125d2e330348323987d00ccaa", "ad3a9d7402d494048c934b5af612bdf8da822fa7b22e57b8fe48e98a92f772b8", "a4cecd9cad126bbb98545d8bdb471fd1971187945eb71e5ccb873e90a84ee7ae", "e302839fbcbdc6da9e8235013a8abce6425eba48eaf4dac3390360334ebe756e", "66e3b4babf44c3168e1524e84dafd4f19bbfd25feff600422f18553c0dc9c75d", "152d8dfacdec0ebe7008b0ec41f110111209a69bda12c7e011ea824544479e10", "7dc78a81de59dc3f666c25c6d10ae730b50d6d2ee341088371f92f137a938530", "ee10b9a36e59990b0a49cf0044f2f23f4fc0e9f7b56057d74c96d99b0736a584"], "mitre_attack_tags": []}, {"bi": "malware-generic-ransomware-backup-del", "hashes": ["1b25c660f2dbb2be0ba596bb2697f486b92a961bba24226aeb82d8f0ac2f8d47", "9c4498d0ed0c9941d61fed83e91942b40ac298b12acfccaeb9d84526103ff4c8", "5063d5e6f90dbb6e360259ac24c11c62b1439f90966bdc72dedf60e243b9e87a", "cd07e3707ed997f08cea9f73113be57561dd3d6286310fd096904deb8fc465c7", "521294a88093ea2b7a2b89ec3005b6398f20780874d410663b63429e58b1555a", "ea3d4eae7eea6f718c8d6999c847f81d046d5a2800f90db40a12c1b2788d630f", "d27df86a574f9e5e3f6b0a6ffd180da3c8d46e3ee94ea65eff4d1e782be9a915", "324b40debcda6f4b9795a3880ff35b56a92d865abb7c3525f6b40e28c52d9594", "fa22998a51ea7dbbd88a0e1d1c11e88e1c0a801125d2e330348323987d00ccaa", "ad3a9d7402d494048c934b5af612bdf8da822fa7b22e57b8fe48e98a92f772b8", "a4cecd9cad126bbb98545d8bdb471fd1971187945eb71e5ccb873e90a84ee7ae", "e302839fbcbdc6da9e8235013a8abce6425eba48eaf4dac3390360334ebe756e", "66e3b4babf44c3168e1524e84dafd4f19bbfd25feff600422f18553c0dc9c75d", "152d8dfacdec0ebe7008b0ec41f110111209a69bda12c7e011ea824544479e10", "7dc78a81de59dc3f666c25c6d10ae730b50d6d2ee341088371f92f137a938530", "ee10b9a36e59990b0a49cf0044f2f23f4fc0e9f7b56057d74c96d99b0736a584"], "mitre_attack_tags": []}, {"bi": "feed-domain-ransomware", "hashes": ["1b25c660f2dbb2be0ba596bb2697f486b92a961bba24226aeb82d8f0ac2f8d47", "9c4498d0ed0c9941d61fed83e91942b40ac298b12acfccaeb9d84526103ff4c8", "5063d5e6f90dbb6e360259ac24c11c62b1439f90966bdc72dedf60e243b9e87a", "cd07e3707ed997f08cea9f73113be57561dd3d6286310fd096904deb8fc465c7", "521294a88093ea2b7a2b89ec3005b6398f20780874d410663b63429e58b1555a", "ea3d4eae7eea6f718c8d6999c847f81d046d5a2800f90db40a12c1b2788d630f", "d27df86a574f9e5e3f6b0a6ffd180da3c8d46e3ee94ea65eff4d1e782be9a915", "324b40debcda6f4b9795a3880ff35b56a92d865abb7c3525f6b40e28c52d9594", "fa22998a51ea7dbbd88a0e1d1c11e88e1c0a801125d2e330348323987d00ccaa", "ad3a9d7402d494048c934b5af612bdf8da822fa7b22e57b8fe48e98a92f772b8", "a4cecd9cad126bbb98545d8bdb471fd1971187945eb71e5ccb873e90a84ee7ae", "e302839fbcbdc6da9e8235013a8abce6425eba48eaf4dac3390360334ebe756e", "66e3b4babf44c3168e1524e84dafd4f19bbfd25feff600422f18553c0dc9c75d", "152d8dfacdec0ebe7008b0ec41f110111209a69bda12c7e011ea824544479e10", "7dc78a81de59dc3f666c25c6d10ae730b50d6d2ee341088371f92f137a938530", "ee10b9a36e59990b0a49cf0044f2f23f4fc0e9f7b56057d74c96d99b0736a584"], "mitre_attack_tags": []}, {"bi": "cmd-exe-file-deletion", "hashes": ["1b25c660f2dbb2be0ba596bb2697f486b92a961bba24226aeb82d8f0ac2f8d47", "9c4498d0ed0c9941d61fed83e91942b40ac298b12acfccaeb9d84526103ff4c8", "5063d5e6f90dbb6e360259ac24c11c62b1439f90966bdc72dedf60e243b9e87a", "cd07e3707ed997f08cea9f73113be57561dd3d6286310fd096904deb8fc465c7", "521294a88093ea2b7a2b89ec3005b6398f20780874d410663b63429e58b1555a", "ea3d4eae7eea6f718c8d6999c847f81d046d5a2800f90db40a12c1b2788d630f", "d27df86a574f9e5e3f6b0a6ffd180da3c8d46e3ee94ea65eff4d1e782be9a915", "324b40debcda6f4b9795a3880ff35b56a92d865abb7c3525f6b40e28c52d9594", "fa22998a51ea7dbbd88a0e1d1c11e88e1c0a801125d2e330348323987d00ccaa", "ad3a9d7402d494048c934b5af612bdf8da822fa7b22e57b8fe48e98a92f772b8", "a4cecd9cad126bbb98545d8bdb471fd1971187945eb71e5ccb873e90a84ee7ae", "e302839fbcbdc6da9e8235013a8abce6425eba48eaf4dac3390360334ebe756e", "66e3b4babf44c3168e1524e84dafd4f19bbfd25feff600422f18553c0dc9c75d", "152d8dfacdec0ebe7008b0ec41f110111209a69bda12c7e011ea824544479e10", "7dc78a81de59dc3f666c25c6d10ae730b50d6d2ee341088371f92f137a938530", "ee10b9a36e59990b0a49cf0044f2f23f4fc0e9f7b56057d74c96d99b0736a584"], "mitre_attack_tags": ["TA0005"]}, {"bi": "wmic-shadowcopy-delete", "hashes": ["1b25c660f2dbb2be0ba596bb2697f486b92a961bba24226aeb82d8f0ac2f8d47", "9c4498d0ed0c9941d61fed83e91942b40ac298b12acfccaeb9d84526103ff4c8", "5063d5e6f90dbb6e360259ac24c11c62b1439f90966bdc72dedf60e243b9e87a", "cd07e3707ed997f08cea9f73113be57561dd3d6286310fd096904deb8fc465c7", "521294a88093ea2b7a2b89ec3005b6398f20780874d410663b63429e58b1555a", "ea3d4eae7eea6f718c8d6999c847f81d046d5a2800f90db40a12c1b2788d630f", "d27df86a574f9e5e3f6b0a6ffd180da3c8d46e3ee94ea65eff4d1e782be9a915", "324b40debcda6f4b9795a3880ff35b56a92d865abb7c3525f6b40e28c52d9594", "fa22998a51ea7dbbd88a0e1d1c11e88e1c0a801125d2e330348323987d00ccaa", "ad3a9d7402d494048c934b5af612bdf8da822fa7b22e57b8fe48e98a92f772b8", "a4cecd9cad126bbb98545d8bdb471fd1971187945eb71e5ccb873e90a84ee7ae", "e302839fbcbdc6da9e8235013a8abce6425eba48eaf4dac3390360334ebe756e", "66e3b4babf44c3168e1524e84dafd4f19bbfd25feff600422f18553c0dc9c75d", "152d8dfacdec0ebe7008b0ec41f110111209a69bda12c7e011ea824544479e10", "7dc78a81de59dc3f666c25c6d10ae730b50d6d2ee341088371f92f137a938530", "ee10b9a36e59990b0a49cf0044f2f23f4fc0e9f7b56057d74c96d99b0736a584"], "mitre_attack_tags": ["TA0002", "TA0040", "T1047", "T1490"]}, {"bi": "microsoft-block-rule-list-app-executed", "hashes": ["1b25c660f2dbb2be0ba596bb2697f486b92a961bba24226aeb82d8f0ac2f8d47", "9c4498d0ed0c9941d61fed83e91942b40ac298b12acfccaeb9d84526103ff4c8", "5063d5e6f90dbb6e360259ac24c11c62b1439f90966bdc72dedf60e243b9e87a", "cd07e3707ed997f08cea9f73113be57561dd3d6286310fd096904deb8fc465c7", "521294a88093ea2b7a2b89ec3005b6398f20780874d410663b63429e58b1555a", "ea3d4eae7eea6f718c8d6999c847f81d046d5a2800f90db40a12c1b2788d630f", "d27df86a574f9e5e3f6b0a6ffd180da3c8d46e3ee94ea65eff4d1e782be9a915", "324b40debcda6f4b9795a3880ff35b56a92d865abb7c3525f6b40e28c52d9594", "fa22998a51ea7dbbd88a0e1d1c11e88e1c0a801125d2e330348323987d00ccaa", "ad3a9d7402d494048c934b5af612bdf8da822fa7b22e57b8fe48e98a92f772b8", "a4cecd9cad126bbb98545d8bdb471fd1971187945eb71e5ccb873e90a84ee7ae", "e302839fbcbdc6da9e8235013a8abce6425eba48eaf4dac3390360334ebe756e", "66e3b4babf44c3168e1524e84dafd4f19bbfd25feff600422f18553c0dc9c75d", "152d8dfacdec0ebe7008b0ec41f110111209a69bda12c7e011ea824544479e10", "7dc78a81de59dc3f666c25c6d10ae730b50d6d2ee341088371f92f137a938530", "ee10b9a36e59990b0a49cf0044f2f23f4fc0e9f7b56057d74c96d99b0736a584"], "mitre_attack_tags": ["TA0005", "T1562"]}, {"bi": "malware-generic-ransomware-notes", "hashes": ["1b25c660f2dbb2be0ba596bb2697f486b92a961bba24226aeb82d8f0ac2f8d47", "9c4498d0ed0c9941d61fed83e91942b40ac298b12acfccaeb9d84526103ff4c8", "5063d5e6f90dbb6e360259ac24c11c62b1439f90966bdc72dedf60e243b9e87a", "cd07e3707ed997f08cea9f73113be57561dd3d6286310fd096904deb8fc465c7", "521294a88093ea2b7a2b89ec3005b6398f20780874d410663b63429e58b1555a", "ea3d4eae7eea6f718c8d6999c847f81d046d5a2800f90db40a12c1b2788d630f", "d27df86a574f9e5e3f6b0a6ffd180da3c8d46e3ee94ea65eff4d1e782be9a915", "324b40debcda6f4b9795a3880ff35b56a92d865abb7c3525f6b40e28c52d9594", "fa22998a51ea7dbbd88a0e1d1c11e88e1c0a801125d2e330348323987d00ccaa", "ad3a9d7402d494048c934b5af612bdf8da822fa7b22e57b8fe48e98a92f772b8", "a4cecd9cad126bbb98545d8bdb471fd1971187945eb71e5ccb873e90a84ee7ae", "e302839fbcbdc6da9e8235013a8abce6425eba48eaf4dac3390360334ebe756e", "66e3b4babf44c3168e1524e84dafd4f19bbfd25feff600422f18553c0dc9c75d", "152d8dfacdec0ebe7008b0ec41f110111209a69bda12c7e011ea824544479e10", "7dc78a81de59dc3f666c25c6d10ae730b50d6d2ee341088371f92f137a938530", "ee10b9a36e59990b0a49cf0044f2f23f4fc0e9f7b56057d74c96d99b0736a584"], "mitre_attack_tags": []}, {"bi": "firefox-prefs-modified", "hashes": ["1b25c660f2dbb2be0ba596bb2697f486b92a961bba24226aeb82d8f0ac2f8d47", "9c4498d0ed0c9941d61fed83e91942b40ac298b12acfccaeb9d84526103ff4c8", "5063d5e6f90dbb6e360259ac24c11c62b1439f90966bdc72dedf60e243b9e87a", "cd07e3707ed997f08cea9f73113be57561dd3d6286310fd096904deb8fc465c7", "521294a88093ea2b7a2b89ec3005b6398f20780874d410663b63429e58b1555a", "ea3d4eae7eea6f718c8d6999c847f81d046d5a2800f90db40a12c1b2788d630f", "d27df86a574f9e5e3f6b0a6ffd180da3c8d46e3ee94ea65eff4d1e782be9a915", "324b40debcda6f4b9795a3880ff35b56a92d865abb7c3525f6b40e28c52d9594", "fa22998a51ea7dbbd88a0e1d1c11e88e1c0a801125d2e330348323987d00ccaa", "ad3a9d7402d494048c934b5af612bdf8da822fa7b22e57b8fe48e98a92f772b8", "a4cecd9cad126bbb98545d8bdb471fd1971187945eb71e5ccb873e90a84ee7ae", "e302839fbcbdc6da9e8235013a8abce6425eba48eaf4dac3390360334ebe756e", "66e3b4babf44c3168e1524e84dafd4f19bbfd25feff600422f18553c0dc9c75d", "152d8dfacdec0ebe7008b0ec41f110111209a69bda12c7e011ea824544479e10", "7dc78a81de59dc3f666c25c6d10ae730b50d6d2ee341088371f92f137a938530", "ee10b9a36e59990b0a49cf0044f2f23f4fc0e9f7b56057d74c96d99b0736a584"], "mitre_attack_tags": ["TA0009"]}, {"bi": "recycler-file-creation", "hashes": ["1b25c660f2dbb2be0ba596bb2697f486b92a961bba24226aeb82d8f0ac2f8d47", "9c4498d0ed0c9941d61fed83e91942b40ac298b12acfccaeb9d84526103ff4c8", "5063d5e6f90dbb6e360259ac24c11c62b1439f90966bdc72dedf60e243b9e87a", "cd07e3707ed997f08cea9f73113be57561dd3d6286310fd096904deb8fc465c7", "521294a88093ea2b7a2b89ec3005b6398f20780874d410663b63429e58b1555a", "ea3d4eae7eea6f718c8d6999c847f81d046d5a2800f90db40a12c1b2788d630f", "d27df86a574f9e5e3f6b0a6ffd180da3c8d46e3ee94ea65eff4d1e782be9a915", "324b40debcda6f4b9795a3880ff35b56a92d865abb7c3525f6b40e28c52d9594", "fa22998a51ea7dbbd88a0e1d1c11e88e1c0a801125d2e330348323987d00ccaa", "ad3a9d7402d494048c934b5af612bdf8da822fa7b22e57b8fe48e98a92f772b8", "a4cecd9cad126bbb98545d8bdb471fd1971187945eb71e5ccb873e90a84ee7ae", "e302839fbcbdc6da9e8235013a8abce6425eba48eaf4dac3390360334ebe756e", "66e3b4babf44c3168e1524e84dafd4f19bbfd25feff600422f18553c0dc9c75d", "152d8dfacdec0ebe7008b0ec41f110111209a69bda12c7e011ea824544479e10", "7dc78a81de59dc3f666c25c6d10ae730b50d6d2ee341088371f92f137a938530", "ee10b9a36e59990b0a49cf0044f2f23f4fc0e9f7b56057d74c96d99b0736a584"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "malware-generic-ransomware", "hashes": ["1b25c660f2dbb2be0ba596bb2697f486b92a961bba24226aeb82d8f0ac2f8d47", "9c4498d0ed0c9941d61fed83e91942b40ac298b12acfccaeb9d84526103ff4c8", "5063d5e6f90dbb6e360259ac24c11c62b1439f90966bdc72dedf60e243b9e87a", "cd07e3707ed997f08cea9f73113be57561dd3d6286310fd096904deb8fc465c7", "521294a88093ea2b7a2b89ec3005b6398f20780874d410663b63429e58b1555a", "ea3d4eae7eea6f718c8d6999c847f81d046d5a2800f90db40a12c1b2788d630f", "d27df86a574f9e5e3f6b0a6ffd180da3c8d46e3ee94ea65eff4d1e782be9a915", "324b40debcda6f4b9795a3880ff35b56a92d865abb7c3525f6b40e28c52d9594", "fa22998a51ea7dbbd88a0e1d1c11e88e1c0a801125d2e330348323987d00ccaa", "ad3a9d7402d494048c934b5af612bdf8da822fa7b22e57b8fe48e98a92f772b8", "a4cecd9cad126bbb98545d8bdb471fd1971187945eb71e5ccb873e90a84ee7ae", "e302839fbcbdc6da9e8235013a8abce6425eba48eaf4dac3390360334ebe756e", "66e3b4babf44c3168e1524e84dafd4f19bbfd25feff600422f18553c0dc9c75d", "152d8dfacdec0ebe7008b0ec41f110111209a69bda12c7e011ea824544479e10", "7dc78a81de59dc3f666c25c6d10ae730b50d6d2ee341088371f92f137a938530", "ee10b9a36e59990b0a49cf0044f2f23f4fc0e9f7b56057d74c96d99b0736a584"], "mitre_attack_tags": []}, {"bi": "process-read-ie-cookies", "hashes": ["1b25c660f2dbb2be0ba596bb2697f486b92a961bba24226aeb82d8f0ac2f8d47", "9c4498d0ed0c9941d61fed83e91942b40ac298b12acfccaeb9d84526103ff4c8", "5063d5e6f90dbb6e360259ac24c11c62b1439f90966bdc72dedf60e243b9e87a", "cd07e3707ed997f08cea9f73113be57561dd3d6286310fd096904deb8fc465c7", "521294a88093ea2b7a2b89ec3005b6398f20780874d410663b63429e58b1555a", "ea3d4eae7eea6f718c8d6999c847f81d046d5a2800f90db40a12c1b2788d630f", "d27df86a574f9e5e3f6b0a6ffd180da3c8d46e3ee94ea65eff4d1e782be9a915", "324b40debcda6f4b9795a3880ff35b56a92d865abb7c3525f6b40e28c52d9594", "fa22998a51ea7dbbd88a0e1d1c11e88e1c0a801125d2e330348323987d00ccaa", "ad3a9d7402d494048c934b5af612bdf8da822fa7b22e57b8fe48e98a92f772b8", "a4cecd9cad126bbb98545d8bdb471fd1971187945eb71e5ccb873e90a84ee7ae", "e302839fbcbdc6da9e8235013a8abce6425eba48eaf4dac3390360334ebe756e", "66e3b4babf44c3168e1524e84dafd4f19bbfd25feff600422f18553c0dc9c75d", "152d8dfacdec0ebe7008b0ec41f110111209a69bda12c7e011ea824544479e10", "7dc78a81de59dc3f666c25c6d10ae730b50d6d2ee341088371f92f137a938530", "ee10b9a36e59990b0a49cf0044f2f23f4fc0e9f7b56057d74c96d99b0736a584"], "mitre_attack_tags": ["TA0009", "T1005", "T1119"]}, {"bi": "pe-resource-lang-chinese", "hashes": ["1b25c660f2dbb2be0ba596bb2697f486b92a961bba24226aeb82d8f0ac2f8d47", "9c4498d0ed0c9941d61fed83e91942b40ac298b12acfccaeb9d84526103ff4c8", "5063d5e6f90dbb6e360259ac24c11c62b1439f90966bdc72dedf60e243b9e87a", "cd07e3707ed997f08cea9f73113be57561dd3d6286310fd096904deb8fc465c7", "521294a88093ea2b7a2b89ec3005b6398f20780874d410663b63429e58b1555a", "ea3d4eae7eea6f718c8d6999c847f81d046d5a2800f90db40a12c1b2788d630f", "d27df86a574f9e5e3f6b0a6ffd180da3c8d46e3ee94ea65eff4d1e782be9a915", "324b40debcda6f4b9795a3880ff35b56a92d865abb7c3525f6b40e28c52d9594", "fa22998a51ea7dbbd88a0e1d1c11e88e1c0a801125d2e330348323987d00ccaa", "ad3a9d7402d494048c934b5af612bdf8da822fa7b22e57b8fe48e98a92f772b8", "a4cecd9cad126bbb98545d8bdb471fd1971187945eb71e5ccb873e90a84ee7ae", "e302839fbcbdc6da9e8235013a8abce6425eba48eaf4dac3390360334ebe756e", "66e3b4babf44c3168e1524e84dafd4f19bbfd25feff600422f18553c0dc9c75d", "152d8dfacdec0ebe7008b0ec41f110111209a69bda12c7e011ea824544479e10", "7dc78a81de59dc3f666c25c6d10ae730b50d6d2ee341088371f92f137a938530", "ee10b9a36e59990b0a49cf0044f2f23f4fc0e9f7b56057d74c96d99b0736a584"], "mitre_attack_tags": []}, {"bi": "process-deletes-many-files", "hashes": ["1b25c660f2dbb2be0ba596bb2697f486b92a961bba24226aeb82d8f0ac2f8d47", "9c4498d0ed0c9941d61fed83e91942b40ac298b12acfccaeb9d84526103ff4c8", "5063d5e6f90dbb6e360259ac24c11c62b1439f90966bdc72dedf60e243b9e87a", "cd07e3707ed997f08cea9f73113be57561dd3d6286310fd096904deb8fc465c7", "521294a88093ea2b7a2b89ec3005b6398f20780874d410663b63429e58b1555a", "ea3d4eae7eea6f718c8d6999c847f81d046d5a2800f90db40a12c1b2788d630f", "d27df86a574f9e5e3f6b0a6ffd180da3c8d46e3ee94ea65eff4d1e782be9a915", "324b40debcda6f4b9795a3880ff35b56a92d865abb7c3525f6b40e28c52d9594", "fa22998a51ea7dbbd88a0e1d1c11e88e1c0a801125d2e330348323987d00ccaa", "ad3a9d7402d494048c934b5af612bdf8da822fa7b22e57b8fe48e98a92f772b8", "a4cecd9cad126bbb98545d8bdb471fd1971187945eb71e5ccb873e90a84ee7ae", "e302839fbcbdc6da9e8235013a8abce6425eba48eaf4dac3390360334ebe756e", "66e3b4babf44c3168e1524e84dafd4f19bbfd25feff600422f18553c0dc9c75d", "152d8dfacdec0ebe7008b0ec41f110111209a69bda12c7e011ea824544479e10", "7dc78a81de59dc3f666c25c6d10ae730b50d6d2ee341088371f92f137a938530", "ee10b9a36e59990b0a49cf0044f2f23f4fc0e9f7b56057d74c96d99b0736a584"], "mitre_attack_tags": []}, {"bi": "malware-ransomware-teslacrypt-31", "hashes": ["1b25c660f2dbb2be0ba596bb2697f486b92a961bba24226aeb82d8f0ac2f8d47", "9c4498d0ed0c9941d61fed83e91942b40ac298b12acfccaeb9d84526103ff4c8", "5063d5e6f90dbb6e360259ac24c11c62b1439f90966bdc72dedf60e243b9e87a", "cd07e3707ed997f08cea9f73113be57561dd3d6286310fd096904deb8fc465c7", "521294a88093ea2b7a2b89ec3005b6398f20780874d410663b63429e58b1555a", "ea3d4eae7eea6f718c8d6999c847f81d046d5a2800f90db40a12c1b2788d630f", "d27df86a574f9e5e3f6b0a6ffd180da3c8d46e3ee94ea65eff4d1e782be9a915", "324b40debcda6f4b9795a3880ff35b56a92d865abb7c3525f6b40e28c52d9594", "fa22998a51ea7dbbd88a0e1d1c11e88e1c0a801125d2e330348323987d00ccaa", "ad3a9d7402d494048c934b5af612bdf8da822fa7b22e57b8fe48e98a92f772b8", "a4cecd9cad126bbb98545d8bdb471fd1971187945eb71e5ccb873e90a84ee7ae", "e302839fbcbdc6da9e8235013a8abce6425eba48eaf4dac3390360334ebe756e", "66e3b4babf44c3168e1524e84dafd4f19bbfd25feff600422f18553c0dc9c75d", "152d8dfacdec0ebe7008b0ec41f110111209a69bda12c7e011ea824544479e10", "7dc78a81de59dc3f666c25c6d10ae730b50d6d2ee341088371f92f137a938530", "ee10b9a36e59990b0a49cf0044f2f23f4fc0e9f7b56057d74c96d99b0736a584"], "mitre_attack_tags": ["TA0040", "T1486"]}, {"bi": "artifact-multiple-extensions", "hashes": ["1b25c660f2dbb2be0ba596bb2697f486b92a961bba24226aeb82d8f0ac2f8d47", "9c4498d0ed0c9941d61fed83e91942b40ac298b12acfccaeb9d84526103ff4c8", "5063d5e6f90dbb6e360259ac24c11c62b1439f90966bdc72dedf60e243b9e87a", "cd07e3707ed997f08cea9f73113be57561dd3d6286310fd096904deb8fc465c7", "521294a88093ea2b7a2b89ec3005b6398f20780874d410663b63429e58b1555a", "ea3d4eae7eea6f718c8d6999c847f81d046d5a2800f90db40a12c1b2788d630f", "d27df86a574f9e5e3f6b0a6ffd180da3c8d46e3ee94ea65eff4d1e782be9a915", "324b40debcda6f4b9795a3880ff35b56a92d865abb7c3525f6b40e28c52d9594", "fa22998a51ea7dbbd88a0e1d1c11e88e1c0a801125d2e330348323987d00ccaa", "ad3a9d7402d494048c934b5af612bdf8da822fa7b22e57b8fe48e98a92f772b8", "a4cecd9cad126bbb98545d8bdb471fd1971187945eb71e5ccb873e90a84ee7ae", "e302839fbcbdc6da9e8235013a8abce6425eba48eaf4dac3390360334ebe756e", "66e3b4babf44c3168e1524e84dafd4f19bbfd25feff600422f18553c0dc9c75d", "152d8dfacdec0ebe7008b0ec41f110111209a69bda12c7e011ea824544479e10", "7dc78a81de59dc3f666c25c6d10ae730b50d6d2ee341088371f92f137a938530", "ee10b9a36e59990b0a49cf0044f2f23f4fc0e9f7b56057d74c96d99b0736a584"], "mitre_attack_tags": ["TA0005", "T1036"]}, {"bi": "process-check-zone-identifier", "hashes": ["1b25c660f2dbb2be0ba596bb2697f486b92a961bba24226aeb82d8f0ac2f8d47", "9c4498d0ed0c9941d61fed83e91942b40ac298b12acfccaeb9d84526103ff4c8", "5063d5e6f90dbb6e360259ac24c11c62b1439f90966bdc72dedf60e243b9e87a", "cd07e3707ed997f08cea9f73113be57561dd3d6286310fd096904deb8fc465c7", "521294a88093ea2b7a2b89ec3005b6398f20780874d410663b63429e58b1555a", "ea3d4eae7eea6f718c8d6999c847f81d046d5a2800f90db40a12c1b2788d630f", "d27df86a574f9e5e3f6b0a6ffd180da3c8d46e3ee94ea65eff4d1e782be9a915", "324b40debcda6f4b9795a3880ff35b56a92d865abb7c3525f6b40e28c52d9594", "fa22998a51ea7dbbd88a0e1d1c11e88e1c0a801125d2e330348323987d00ccaa", "ad3a9d7402d494048c934b5af612bdf8da822fa7b22e57b8fe48e98a92f772b8", "a4cecd9cad126bbb98545d8bdb471fd1971187945eb71e5ccb873e90a84ee7ae", "e302839fbcbdc6da9e8235013a8abce6425eba48eaf4dac3390360334ebe756e", "66e3b4babf44c3168e1524e84dafd4f19bbfd25feff600422f18553c0dc9c75d", "152d8dfacdec0ebe7008b0ec41f110111209a69bda12c7e011ea824544479e10", "7dc78a81de59dc3f666c25c6d10ae730b50d6d2ee341088371f92f137a938530", "ee10b9a36e59990b0a49cf0044f2f23f4fc0e9f7b56057d74c96d99b0736a584"], "mitre_attack_tags": ["TA0007", "TA0005", "T1518", "T1553"]}, {"bi": "artifact-rss-feeds", "hashes": ["1b25c660f2dbb2be0ba596bb2697f486b92a961bba24226aeb82d8f0ac2f8d47", "9c4498d0ed0c9941d61fed83e91942b40ac298b12acfccaeb9d84526103ff4c8", "5063d5e6f90dbb6e360259ac24c11c62b1439f90966bdc72dedf60e243b9e87a", "cd07e3707ed997f08cea9f73113be57561dd3d6286310fd096904deb8fc465c7", "521294a88093ea2b7a2b89ec3005b6398f20780874d410663b63429e58b1555a", "ea3d4eae7eea6f718c8d6999c847f81d046d5a2800f90db40a12c1b2788d630f", "d27df86a574f9e5e3f6b0a6ffd180da3c8d46e3ee94ea65eff4d1e782be9a915", "324b40debcda6f4b9795a3880ff35b56a92d865abb7c3525f6b40e28c52d9594", "fa22998a51ea7dbbd88a0e1d1c11e88e1c0a801125d2e330348323987d00ccaa", "ad3a9d7402d494048c934b5af612bdf8da822fa7b22e57b8fe48e98a92f772b8", "a4cecd9cad126bbb98545d8bdb471fd1971187945eb71e5ccb873e90a84ee7ae", "e302839fbcbdc6da9e8235013a8abce6425eba48eaf4dac3390360334ebe756e", "66e3b4babf44c3168e1524e84dafd4f19bbfd25feff600422f18553c0dc9c75d", "152d8dfacdec0ebe7008b0ec41f110111209a69bda12c7e011ea824544479e10", "7dc78a81de59dc3f666c25c6d10ae730b50d6d2ee341088371f92f137a938530", "ee10b9a36e59990b0a49cf0044f2f23f4fc0e9f7b56057d74c96d99b0736a584"], "mitre_attack_tags": ["TA0005", "T1564"]}, {"bi": "html-page-not-found", "hashes": ["1b25c660f2dbb2be0ba596bb2697f486b92a961bba24226aeb82d8f0ac2f8d47", "9c4498d0ed0c9941d61fed83e91942b40ac298b12acfccaeb9d84526103ff4c8", "5063d5e6f90dbb6e360259ac24c11c62b1439f90966bdc72dedf60e243b9e87a", "cd07e3707ed997f08cea9f73113be57561dd3d6286310fd096904deb8fc465c7", "521294a88093ea2b7a2b89ec3005b6398f20780874d410663b63429e58b1555a", "ea3d4eae7eea6f718c8d6999c847f81d046d5a2800f90db40a12c1b2788d630f", "d27df86a574f9e5e3f6b0a6ffd180da3c8d46e3ee94ea65eff4d1e782be9a915", "324b40debcda6f4b9795a3880ff35b56a92d865abb7c3525f6b40e28c52d9594", "fa22998a51ea7dbbd88a0e1d1c11e88e1c0a801125d2e330348323987d00ccaa", "ad3a9d7402d494048c934b5af612bdf8da822fa7b22e57b8fe48e98a92f772b8", "a4cecd9cad126bbb98545d8bdb471fd1971187945eb71e5ccb873e90a84ee7ae", "e302839fbcbdc6da9e8235013a8abce6425eba48eaf4dac3390360334ebe756e", "66e3b4babf44c3168e1524e84dafd4f19bbfd25feff600422f18553c0dc9c75d", "152d8dfacdec0ebe7008b0ec41f110111209a69bda12c7e011ea824544479e10", "7dc78a81de59dc3f666c25c6d10ae730b50d6d2ee341088371f92f137a938530", "ee10b9a36e59990b0a49cf0044f2f23f4fc0e9f7b56057d74c96d99b0736a584"], "mitre_attack_tags": []}, {"bi": "html-malicious-page-not-found", "hashes": ["1b25c660f2dbb2be0ba596bb2697f486b92a961bba24226aeb82d8f0ac2f8d47", "9c4498d0ed0c9941d61fed83e91942b40ac298b12acfccaeb9d84526103ff4c8", "5063d5e6f90dbb6e360259ac24c11c62b1439f90966bdc72dedf60e243b9e87a", "cd07e3707ed997f08cea9f73113be57561dd3d6286310fd096904deb8fc465c7", "521294a88093ea2b7a2b89ec3005b6398f20780874d410663b63429e58b1555a", "ea3d4eae7eea6f718c8d6999c847f81d046d5a2800f90db40a12c1b2788d630f", "d27df86a574f9e5e3f6b0a6ffd180da3c8d46e3ee94ea65eff4d1e782be9a915", "324b40debcda6f4b9795a3880ff35b56a92d865abb7c3525f6b40e28c52d9594", "fa22998a51ea7dbbd88a0e1d1c11e88e1c0a801125d2e330348323987d00ccaa", "ad3a9d7402d494048c934b5af612bdf8da822fa7b22e57b8fe48e98a92f772b8", "a4cecd9cad126bbb98545d8bdb471fd1971187945eb71e5ccb873e90a84ee7ae", "e302839fbcbdc6da9e8235013a8abce6425eba48eaf4dac3390360334ebe756e", "66e3b4babf44c3168e1524e84dafd4f19bbfd25feff600422f18553c0dc9c75d", "152d8dfacdec0ebe7008b0ec41f110111209a69bda12c7e011ea824544479e10", "7dc78a81de59dc3f666c25c6d10ae730b50d6d2ee341088371f92f137a938530", "ee10b9a36e59990b0a49cf0044f2f23f4fc0e9f7b56057d74c96d99b0736a584"], "mitre_attack_tags": []}, {"bi": "dns-query-nxdomain", "hashes": ["1b25c660f2dbb2be0ba596bb2697f486b92a961bba24226aeb82d8f0ac2f8d47", "9c4498d0ed0c9941d61fed83e91942b40ac298b12acfccaeb9d84526103ff4c8", "5063d5e6f90dbb6e360259ac24c11c62b1439f90966bdc72dedf60e243b9e87a", "cd07e3707ed997f08cea9f73113be57561dd3d6286310fd096904deb8fc465c7", "521294a88093ea2b7a2b89ec3005b6398f20780874d410663b63429e58b1555a", "ea3d4eae7eea6f718c8d6999c847f81d046d5a2800f90db40a12c1b2788d630f", "d27df86a574f9e5e3f6b0a6ffd180da3c8d46e3ee94ea65eff4d1e782be9a915", "324b40debcda6f4b9795a3880ff35b56a92d865abb7c3525f6b40e28c52d9594", "fa22998a51ea7dbbd88a0e1d1c11e88e1c0a801125d2e330348323987d00ccaa", "ad3a9d7402d494048c934b5af612bdf8da822fa7b22e57b8fe48e98a92f772b8", "a4cecd9cad126bbb98545d8bdb471fd1971187945eb71e5ccb873e90a84ee7ae", "e302839fbcbdc6da9e8235013a8abce6425eba48eaf4dac3390360334ebe756e", "66e3b4babf44c3168e1524e84dafd4f19bbfd25feff600422f18553c0dc9c75d", "152d8dfacdec0ebe7008b0ec41f110111209a69bda12c7e011ea824544479e10", "7dc78a81de59dc3f666c25c6d10ae730b50d6d2ee341088371f92f137a938530"], "mitre_attack_tags": []}, {"bi": "malware-generic-infostealer", "hashes": ["9c4498d0ed0c9941d61fed83e91942b40ac298b12acfccaeb9d84526103ff4c8", "5063d5e6f90dbb6e360259ac24c11c62b1439f90966bdc72dedf60e243b9e87a", "cd07e3707ed997f08cea9f73113be57561dd3d6286310fd096904deb8fc465c7", "521294a88093ea2b7a2b89ec3005b6398f20780874d410663b63429e58b1555a", "ea3d4eae7eea6f718c8d6999c847f81d046d5a2800f90db40a12c1b2788d630f", "d27df86a574f9e5e3f6b0a6ffd180da3c8d46e3ee94ea65eff4d1e782be9a915", "324b40debcda6f4b9795a3880ff35b56a92d865abb7c3525f6b40e28c52d9594", "fa22998a51ea7dbbd88a0e1d1c11e88e1c0a801125d2e330348323987d00ccaa", "ad3a9d7402d494048c934b5af612bdf8da822fa7b22e57b8fe48e98a92f772b8", "a4cecd9cad126bbb98545d8bdb471fd1971187945eb71e5ccb873e90a84ee7ae", "e302839fbcbdc6da9e8235013a8abce6425eba48eaf4dac3390360334ebe756e", "152d8dfacdec0ebe7008b0ec41f110111209a69bda12c7e011ea824544479e10", "7dc78a81de59dc3f666c25c6d10ae730b50d6d2ee341088371f92f137a938530", "ee10b9a36e59990b0a49cf0044f2f23f4fc0e9f7b56057d74c96d99b0736a584"], "mitre_attack_tags": ["TA0007", "TA0009", "TA0006", "T1083", "T1005", "T1119", "T1552"]}, {"bi": "enumeration-email-program-information", "hashes": ["9c4498d0ed0c9941d61fed83e91942b40ac298b12acfccaeb9d84526103ff4c8", "5063d5e6f90dbb6e360259ac24c11c62b1439f90966bdc72dedf60e243b9e87a", "cd07e3707ed997f08cea9f73113be57561dd3d6286310fd096904deb8fc465c7", "521294a88093ea2b7a2b89ec3005b6398f20780874d410663b63429e58b1555a", "ea3d4eae7eea6f718c8d6999c847f81d046d5a2800f90db40a12c1b2788d630f", "d27df86a574f9e5e3f6b0a6ffd180da3c8d46e3ee94ea65eff4d1e782be9a915", "324b40debcda6f4b9795a3880ff35b56a92d865abb7c3525f6b40e28c52d9594", "fa22998a51ea7dbbd88a0e1d1c11e88e1c0a801125d2e330348323987d00ccaa", "ad3a9d7402d494048c934b5af612bdf8da822fa7b22e57b8fe48e98a92f772b8", "a4cecd9cad126bbb98545d8bdb471fd1971187945eb71e5ccb873e90a84ee7ae", "e302839fbcbdc6da9e8235013a8abce6425eba48eaf4dac3390360334ebe756e", "152d8dfacdec0ebe7008b0ec41f110111209a69bda12c7e011ea824544479e10", "7dc78a81de59dc3f666c25c6d10ae730b50d6d2ee341088371f92f137a938530", "ee10b9a36e59990b0a49cf0044f2f23f4fc0e9f7b56057d74c96d99b0736a584"], "mitre_attack_tags": ["TA0007", "TA0009", "TA0006", "T1083", "T1087", "T1005", "T1119", "T1114", "T1552"]}, {"bi": "possible-privilege-escalation-detected", "hashes": ["9c4498d0ed0c9941d61fed83e91942b40ac298b12acfccaeb9d84526103ff4c8", "521294a88093ea2b7a2b89ec3005b6398f20780874d410663b63429e58b1555a", "ea3d4eae7eea6f718c8d6999c847f81d046d5a2800f90db40a12c1b2788d630f", "d27df86a574f9e5e3f6b0a6ffd180da3c8d46e3ee94ea65eff4d1e782be9a915", "fa22998a51ea7dbbd88a0e1d1c11e88e1c0a801125d2e330348323987d00ccaa", "ad3a9d7402d494048c934b5af612bdf8da822fa7b22e57b8fe48e98a92f772b8", "a4cecd9cad126bbb98545d8bdb471fd1971187945eb71e5ccb873e90a84ee7ae", "e302839fbcbdc6da9e8235013a8abce6425eba48eaf4dac3390360334ebe756e", "152d8dfacdec0ebe7008b0ec41f110111209a69bda12c7e011ea824544479e10", "7dc78a81de59dc3f666c25c6d10ae730b50d6d2ee341088371f92f137a938530"], "mitre_attack_tags": ["TA0004", "T1068"]}, {"bi": "network-snort-sensitive-data", "hashes": ["66e3b4babf44c3168e1524e84dafd4f19bbfd25feff600422f18553c0dc9c75d"], "mitre_attack_tags": []}, {"bi": "nginx-webserver-detected", "hashes": ["ee10b9a36e59990b0a49cf0044f2f23f4fc0e9f7b56057d74c96d99b0736a584"], "mitre_attack_tags": []}, {"bi": "network-communications-http-get", "hashes": ["ee10b9a36e59990b0a49cf0044f2f23f4fc0e9f7b56057d74c96d99b0736a584"], "mitre_attack_tags": ["TA0011", "T1105"]}, {"bi": "http-response-redirect", "hashes": ["ee10b9a36e59990b0a49cf0044f2f23f4fc0e9f7b56057d74c96d99b0736a584"], "mitre_attack_tags": []}], "category": "Ransomware", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": true, "Threat Grid": true, "Umbrella": false, "WSA": false}, "description": "TeslaCrypt is a well-known ransomware family that encrypts a user's files with strong encryption and demands Bitcoin in exchange for a file decryption service. A flaw in the encryption algorithm was discovered that allowed files to be decrypted without paying the ransomware, and eventually, the malware developers released the master key allowing all encrypted files to be recovered easily.", "hashes": ["152d8dfacdec0ebe7008b0ec41f110111209a69bda12c7e011ea824544479e10", "1b25c660f2dbb2be0ba596bb2697f486b92a961bba24226aeb82d8f0ac2f8d47", "324b40debcda6f4b9795a3880ff35b56a92d865abb7c3525f6b40e28c52d9594", "5063d5e6f90dbb6e360259ac24c11c62b1439f90966bdc72dedf60e243b9e87a", "521294a88093ea2b7a2b89ec3005b6398f20780874d410663b63429e58b1555a", "66e3b4babf44c3168e1524e84dafd4f19bbfd25feff600422f18553c0dc9c75d", "7dc78a81de59dc3f666c25c6d10ae730b50d6d2ee341088371f92f137a938530", "9c4498d0ed0c9941d61fed83e91942b40ac298b12acfccaeb9d84526103ff4c8", "a4cecd9cad126bbb98545d8bdb471fd1971187945eb71e5ccb873e90a84ee7ae", "ad3a9d7402d494048c934b5af612bdf8da822fa7b22e57b8fe48e98a92f772b8", "cd07e3707ed997f08cea9f73113be57561dd3d6286310fd096904deb8fc465c7", "d27df86a574f9e5e3f6b0a6ffd180da3c8d46e3ee94ea65eff4d1e782be9a915", "e302839fbcbdc6da9e8235013a8abce6425eba48eaf4dac3390360334ebe756e", "ea3d4eae7eea6f718c8d6999c847f81d046d5a2800f90db40a12c1b2788d630f", "ee10b9a36e59990b0a49cf0044f2f23f4fc0e9f7b56057d74c96d99b0736a584", "fa22998a51ea7dbbd88a0e1d1c11e88e1c0a801125d2e330348323987d00ccaa"], "iocs": {"domain": [{"hashes": ["152d8dfacdec0ebe7008b0ec41f110111209a69bda12c7e011ea824544479e10", "1b25c660f2dbb2be0ba596bb2697f486b92a961bba24226aeb82d8f0ac2f8d47", "324b40debcda6f4b9795a3880ff35b56a92d865abb7c3525f6b40e28c52d9594", "5063d5e6f90dbb6e360259ac24c11c62b1439f90966bdc72dedf60e243b9e87a", "521294a88093ea2b7a2b89ec3005b6398f20780874d410663b63429e58b1555a", "66e3b4babf44c3168e1524e84dafd4f19bbfd25feff600422f18553c0dc9c75d", "7dc78a81de59dc3f666c25c6d10ae730b50d6d2ee341088371f92f137a938530", "9c4498d0ed0c9941d61fed83e91942b40ac298b12acfccaeb9d84526103ff4c8", "a4cecd9cad126bbb98545d8bdb471fd1971187945eb71e5ccb873e90a84ee7ae", "ad3a9d7402d494048c934b5af612bdf8da822fa7b22e57b8fe48e98a92f772b8", "cd07e3707ed997f08cea9f73113be57561dd3d6286310fd096904deb8fc465c7", "d27df86a574f9e5e3f6b0a6ffd180da3c8d46e3ee94ea65eff4d1e782be9a915", "e302839fbcbdc6da9e8235013a8abce6425eba48eaf4dac3390360334ebe756e", "ea3d4eae7eea6f718c8d6999c847f81d046d5a2800f90db40a12c1b2788d630f", "ee10b9a36e59990b0a49cf0044f2f23f4fc0e9f7b56057d74c96d99b0736a584", "fa22998a51ea7dbbd88a0e1d1c11e88e1c0a801125d2e330348323987d00ccaa"], "host": "ikstrade[.]co[.]kr"}, {"hashes": ["152d8dfacdec0ebe7008b0ec41f110111209a69bda12c7e011ea824544479e10", "1b25c660f2dbb2be0ba596bb2697f486b92a961bba24226aeb82d8f0ac2f8d47", "324b40debcda6f4b9795a3880ff35b56a92d865abb7c3525f6b40e28c52d9594", "5063d5e6f90dbb6e360259ac24c11c62b1439f90966bdc72dedf60e243b9e87a", "521294a88093ea2b7a2b89ec3005b6398f20780874d410663b63429e58b1555a", "66e3b4babf44c3168e1524e84dafd4f19bbfd25feff600422f18553c0dc9c75d", "7dc78a81de59dc3f666c25c6d10ae730b50d6d2ee341088371f92f137a938530", "9c4498d0ed0c9941d61fed83e91942b40ac298b12acfccaeb9d84526103ff4c8", "a4cecd9cad126bbb98545d8bdb471fd1971187945eb71e5ccb873e90a84ee7ae", "ad3a9d7402d494048c934b5af612bdf8da822fa7b22e57b8fe48e98a92f772b8", "cd07e3707ed997f08cea9f73113be57561dd3d6286310fd096904deb8fc465c7", "d27df86a574f9e5e3f6b0a6ffd180da3c8d46e3ee94ea65eff4d1e782be9a915", "e302839fbcbdc6da9e8235013a8abce6425eba48eaf4dac3390360334ebe756e", "ea3d4eae7eea6f718c8d6999c847f81d046d5a2800f90db40a12c1b2788d630f", "ee10b9a36e59990b0a49cf0044f2f23f4fc0e9f7b56057d74c96d99b0736a584", "fa22998a51ea7dbbd88a0e1d1c11e88e1c0a801125d2e330348323987d00ccaa"], "host": "lutheranph[.]com"}, {"hashes": ["152d8dfacdec0ebe7008b0ec41f110111209a69bda12c7e011ea824544479e10", "1b25c660f2dbb2be0ba596bb2697f486b92a961bba24226aeb82d8f0ac2f8d47", "324b40debcda6f4b9795a3880ff35b56a92d865abb7c3525f6b40e28c52d9594", "5063d5e6f90dbb6e360259ac24c11c62b1439f90966bdc72dedf60e243b9e87a", "521294a88093ea2b7a2b89ec3005b6398f20780874d410663b63429e58b1555a", "66e3b4babf44c3168e1524e84dafd4f19bbfd25feff600422f18553c0dc9c75d", "7dc78a81de59dc3f666c25c6d10ae730b50d6d2ee341088371f92f137a938530", "9c4498d0ed0c9941d61fed83e91942b40ac298b12acfccaeb9d84526103ff4c8", "a4cecd9cad126bbb98545d8bdb471fd1971187945eb71e5ccb873e90a84ee7ae", "ad3a9d7402d494048c934b5af612bdf8da822fa7b22e57b8fe48e98a92f772b8", "cd07e3707ed997f08cea9f73113be57561dd3d6286310fd096904deb8fc465c7", "d27df86a574f9e5e3f6b0a6ffd180da3c8d46e3ee94ea65eff4d1e782be9a915", "e302839fbcbdc6da9e8235013a8abce6425eba48eaf4dac3390360334ebe756e", "ea3d4eae7eea6f718c8d6999c847f81d046d5a2800f90db40a12c1b2788d630f", "ee10b9a36e59990b0a49cf0044f2f23f4fc0e9f7b56057d74c96d99b0736a584", "fa22998a51ea7dbbd88a0e1d1c11e88e1c0a801125d2e330348323987d00ccaa"], "host": "salesandmarketing101[.]net"}, {"hashes": ["152d8dfacdec0ebe7008b0ec41f110111209a69bda12c7e011ea824544479e10", "1b25c660f2dbb2be0ba596bb2697f486b92a961bba24226aeb82d8f0ac2f8d47", "324b40debcda6f4b9795a3880ff35b56a92d865abb7c3525f6b40e28c52d9594", "5063d5e6f90dbb6e360259ac24c11c62b1439f90966bdc72dedf60e243b9e87a", "521294a88093ea2b7a2b89ec3005b6398f20780874d410663b63429e58b1555a", "66e3b4babf44c3168e1524e84dafd4f19bbfd25feff600422f18553c0dc9c75d", "7dc78a81de59dc3f666c25c6d10ae730b50d6d2ee341088371f92f137a938530", "9c4498d0ed0c9941d61fed83e91942b40ac298b12acfccaeb9d84526103ff4c8", "a4cecd9cad126bbb98545d8bdb471fd1971187945eb71e5ccb873e90a84ee7ae", "ad3a9d7402d494048c934b5af612bdf8da822fa7b22e57b8fe48e98a92f772b8", "cd07e3707ed997f08cea9f73113be57561dd3d6286310fd096904deb8fc465c7", "d27df86a574f9e5e3f6b0a6ffd180da3c8d46e3ee94ea65eff4d1e782be9a915", "e302839fbcbdc6da9e8235013a8abce6425eba48eaf4dac3390360334ebe756e", "ea3d4eae7eea6f718c8d6999c847f81d046d5a2800f90db40a12c1b2788d630f", "ee10b9a36e59990b0a49cf0044f2f23f4fc0e9f7b56057d74c96d99b0736a584", "fa22998a51ea7dbbd88a0e1d1c11e88e1c0a801125d2e330348323987d00ccaa"], "host": "salaeigroup[.]com"}, {"hashes": ["152d8dfacdec0ebe7008b0ec41f110111209a69bda12c7e011ea824544479e10", "1b25c660f2dbb2be0ba596bb2697f486b92a961bba24226aeb82d8f0ac2f8d47", "324b40debcda6f4b9795a3880ff35b56a92d865abb7c3525f6b40e28c52d9594", "5063d5e6f90dbb6e360259ac24c11c62b1439f90966bdc72dedf60e243b9e87a", "521294a88093ea2b7a2b89ec3005b6398f20780874d410663b63429e58b1555a", "66e3b4babf44c3168e1524e84dafd4f19bbfd25feff600422f18553c0dc9c75d", "7dc78a81de59dc3f666c25c6d10ae730b50d6d2ee341088371f92f137a938530", "9c4498d0ed0c9941d61fed83e91942b40ac298b12acfccaeb9d84526103ff4c8", "a4cecd9cad126bbb98545d8bdb471fd1971187945eb71e5ccb873e90a84ee7ae", "ad3a9d7402d494048c934b5af612bdf8da822fa7b22e57b8fe48e98a92f772b8", "cd07e3707ed997f08cea9f73113be57561dd3d6286310fd096904deb8fc465c7", "d27df86a574f9e5e3f6b0a6ffd180da3c8d46e3ee94ea65eff4d1e782be9a915", "e302839fbcbdc6da9e8235013a8abce6425eba48eaf4dac3390360334ebe756e", "ea3d4eae7eea6f718c8d6999c847f81d046d5a2800f90db40a12c1b2788d630f", "fa22998a51ea7dbbd88a0e1d1c11e88e1c0a801125d2e330348323987d00ccaa"], "host": "dustywinslow[.]com"}, {"hashes": ["152d8dfacdec0ebe7008b0ec41f110111209a69bda12c7e011ea824544479e10", "1b25c660f2dbb2be0ba596bb2697f486b92a961bba24226aeb82d8f0ac2f8d47", "324b40debcda6f4b9795a3880ff35b56a92d865abb7c3525f6b40e28c52d9594", "5063d5e6f90dbb6e360259ac24c11c62b1439f90966bdc72dedf60e243b9e87a", "521294a88093ea2b7a2b89ec3005b6398f20780874d410663b63429e58b1555a", "66e3b4babf44c3168e1524e84dafd4f19bbfd25feff600422f18553c0dc9c75d", "7dc78a81de59dc3f666c25c6d10ae730b50d6d2ee341088371f92f137a938530", "9c4498d0ed0c9941d61fed83e91942b40ac298b12acfccaeb9d84526103ff4c8", "a4cecd9cad126bbb98545d8bdb471fd1971187945eb71e5ccb873e90a84ee7ae", "ad3a9d7402d494048c934b5af612bdf8da822fa7b22e57b8fe48e98a92f772b8", "cd07e3707ed997f08cea9f73113be57561dd3d6286310fd096904deb8fc465c7", "d27df86a574f9e5e3f6b0a6ffd180da3c8d46e3ee94ea65eff4d1e782be9a915", "e302839fbcbdc6da9e8235013a8abce6425eba48eaf4dac3390360334ebe756e", "ea3d4eae7eea6f718c8d6999c847f81d046d5a2800f90db40a12c1b2788d630f", "fa22998a51ea7dbbd88a0e1d1c11e88e1c0a801125d2e330348323987d00ccaa"], "host": "lovemydress[.]pl"}], "file": [{"hashes": ["152d8dfacdec0ebe7008b0ec41f110111209a69bda12c7e011ea824544479e10", "1b25c660f2dbb2be0ba596bb2697f486b92a961bba24226aeb82d8f0ac2f8d47", "324b40debcda6f4b9795a3880ff35b56a92d865abb7c3525f6b40e28c52d9594", "5063d5e6f90dbb6e360259ac24c11c62b1439f90966bdc72dedf60e243b9e87a", "521294a88093ea2b7a2b89ec3005b6398f20780874d410663b63429e58b1555a", "66e3b4babf44c3168e1524e84dafd4f19bbfd25feff600422f18553c0dc9c75d", "7dc78a81de59dc3f666c25c6d10ae730b50d6d2ee341088371f92f137a938530", "9c4498d0ed0c9941d61fed83e91942b40ac298b12acfccaeb9d84526103ff4c8", "a4cecd9cad126bbb98545d8bdb471fd1971187945eb71e5ccb873e90a84ee7ae", "ad3a9d7402d494048c934b5af612bdf8da822fa7b22e57b8fe48e98a92f772b8", "cd07e3707ed997f08cea9f73113be57561dd3d6286310fd096904deb8fc465c7", "d27df86a574f9e5e3f6b0a6ffd180da3c8d46e3ee94ea65eff4d1e782be9a915", "e302839fbcbdc6da9e8235013a8abce6425eba48eaf4dac3390360334ebe756e", "ea3d4eae7eea6f718c8d6999c847f81d046d5a2800f90db40a12c1b2788d630f", "ee10b9a36e59990b0a49cf0044f2f23f4fc0e9f7b56057d74c96d99b0736a584", "fa22998a51ea7dbbd88a0e1d1c11e88e1c0a801125d2e330348323987d00ccaa"], "path": "%ProgramFiles%\\7-Zip\\Lang\\lv.txt"}, {"hashes": ["152d8dfacdec0ebe7008b0ec41f110111209a69bda12c7e011ea824544479e10", "1b25c660f2dbb2be0ba596bb2697f486b92a961bba24226aeb82d8f0ac2f8d47", "324b40debcda6f4b9795a3880ff35b56a92d865abb7c3525f6b40e28c52d9594", "5063d5e6f90dbb6e360259ac24c11c62b1439f90966bdc72dedf60e243b9e87a", "521294a88093ea2b7a2b89ec3005b6398f20780874d410663b63429e58b1555a", "66e3b4babf44c3168e1524e84dafd4f19bbfd25feff600422f18553c0dc9c75d", "7dc78a81de59dc3f666c25c6d10ae730b50d6d2ee341088371f92f137a938530", "9c4498d0ed0c9941d61fed83e91942b40ac298b12acfccaeb9d84526103ff4c8", "a4cecd9cad126bbb98545d8bdb471fd1971187945eb71e5ccb873e90a84ee7ae", "ad3a9d7402d494048c934b5af612bdf8da822fa7b22e57b8fe48e98a92f772b8", "cd07e3707ed997f08cea9f73113be57561dd3d6286310fd096904deb8fc465c7", "d27df86a574f9e5e3f6b0a6ffd180da3c8d46e3ee94ea65eff4d1e782be9a915", "e302839fbcbdc6da9e8235013a8abce6425eba48eaf4dac3390360334ebe756e", "ea3d4eae7eea6f718c8d6999c847f81d046d5a2800f90db40a12c1b2788d630f", "ee10b9a36e59990b0a49cf0044f2f23f4fc0e9f7b56057d74c96d99b0736a584", "fa22998a51ea7dbbd88a0e1d1c11e88e1c0a801125d2e330348323987d00ccaa"], "path": "%ProgramFiles%\\7-Zip\\Lang\\mk.txt"}, {"hashes": ["152d8dfacdec0ebe7008b0ec41f110111209a69bda12c7e011ea824544479e10", "1b25c660f2dbb2be0ba596bb2697f486b92a961bba24226aeb82d8f0ac2f8d47", "324b40debcda6f4b9795a3880ff35b56a92d865abb7c3525f6b40e28c52d9594", "5063d5e6f90dbb6e360259ac24c11c62b1439f90966bdc72dedf60e243b9e87a", "521294a88093ea2b7a2b89ec3005b6398f20780874d410663b63429e58b1555a", "66e3b4babf44c3168e1524e84dafd4f19bbfd25feff600422f18553c0dc9c75d", "7dc78a81de59dc3f666c25c6d10ae730b50d6d2ee341088371f92f137a938530", "9c4498d0ed0c9941d61fed83e91942b40ac298b12acfccaeb9d84526103ff4c8", "a4cecd9cad126bbb98545d8bdb471fd1971187945eb71e5ccb873e90a84ee7ae", "ad3a9d7402d494048c934b5af612bdf8da822fa7b22e57b8fe48e98a92f772b8", "cd07e3707ed997f08cea9f73113be57561dd3d6286310fd096904deb8fc465c7", "d27df86a574f9e5e3f6b0a6ffd180da3c8d46e3ee94ea65eff4d1e782be9a915", "e302839fbcbdc6da9e8235013a8abce6425eba48eaf4dac3390360334ebe756e", "ea3d4eae7eea6f718c8d6999c847f81d046d5a2800f90db40a12c1b2788d630f", "ee10b9a36e59990b0a49cf0044f2f23f4fc0e9f7b56057d74c96d99b0736a584", "fa22998a51ea7dbbd88a0e1d1c11e88e1c0a801125d2e330348323987d00ccaa"], "path": "%ProgramFiles%\\7-Zip\\Lang\\mn.txt"}, {"hashes": ["152d8dfacdec0ebe7008b0ec41f110111209a69bda12c7e011ea824544479e10", "1b25c660f2dbb2be0ba596bb2697f486b92a961bba24226aeb82d8f0ac2f8d47", "324b40debcda6f4b9795a3880ff35b56a92d865abb7c3525f6b40e28c52d9594", "5063d5e6f90dbb6e360259ac24c11c62b1439f90966bdc72dedf60e243b9e87a", "521294a88093ea2b7a2b89ec3005b6398f20780874d410663b63429e58b1555a", "66e3b4babf44c3168e1524e84dafd4f19bbfd25feff600422f18553c0dc9c75d", "7dc78a81de59dc3f666c25c6d10ae730b50d6d2ee341088371f92f137a938530", "9c4498d0ed0c9941d61fed83e91942b40ac298b12acfccaeb9d84526103ff4c8", "a4cecd9cad126bbb98545d8bdb471fd1971187945eb71e5ccb873e90a84ee7ae", "ad3a9d7402d494048c934b5af612bdf8da822fa7b22e57b8fe48e98a92f772b8", "cd07e3707ed997f08cea9f73113be57561dd3d6286310fd096904deb8fc465c7", "d27df86a574f9e5e3f6b0a6ffd180da3c8d46e3ee94ea65eff4d1e782be9a915", "e302839fbcbdc6da9e8235013a8abce6425eba48eaf4dac3390360334ebe756e", "ea3d4eae7eea6f718c8d6999c847f81d046d5a2800f90db40a12c1b2788d630f", "ee10b9a36e59990b0a49cf0044f2f23f4fc0e9f7b56057d74c96d99b0736a584", "fa22998a51ea7dbbd88a0e1d1c11e88e1c0a801125d2e330348323987d00ccaa"], "path": "%ProgramFiles%\\7-Zip\\Lang\\mng.txt"}, {"hashes": ["152d8dfacdec0ebe7008b0ec41f110111209a69bda12c7e011ea824544479e10", "1b25c660f2dbb2be0ba596bb2697f486b92a961bba24226aeb82d8f0ac2f8d47", "324b40debcda6f4b9795a3880ff35b56a92d865abb7c3525f6b40e28c52d9594", "5063d5e6f90dbb6e360259ac24c11c62b1439f90966bdc72dedf60e243b9e87a", "521294a88093ea2b7a2b89ec3005b6398f20780874d410663b63429e58b1555a", "66e3b4babf44c3168e1524e84dafd4f19bbfd25feff600422f18553c0dc9c75d", "7dc78a81de59dc3f666c25c6d10ae730b50d6d2ee341088371f92f137a938530", "9c4498d0ed0c9941d61fed83e91942b40ac298b12acfccaeb9d84526103ff4c8", "a4cecd9cad126bbb98545d8bdb471fd1971187945eb71e5ccb873e90a84ee7ae", "ad3a9d7402d494048c934b5af612bdf8da822fa7b22e57b8fe48e98a92f772b8", "cd07e3707ed997f08cea9f73113be57561dd3d6286310fd096904deb8fc465c7", "d27df86a574f9e5e3f6b0a6ffd180da3c8d46e3ee94ea65eff4d1e782be9a915", "e302839fbcbdc6da9e8235013a8abce6425eba48eaf4dac3390360334ebe756e", "ea3d4eae7eea6f718c8d6999c847f81d046d5a2800f90db40a12c1b2788d630f", "ee10b9a36e59990b0a49cf0044f2f23f4fc0e9f7b56057d74c96d99b0736a584", "fa22998a51ea7dbbd88a0e1d1c11e88e1c0a801125d2e330348323987d00ccaa"], "path": "%ProgramFiles%\\7-Zip\\Lang\\mng2.txt"}, {"hashes": ["152d8dfacdec0ebe7008b0ec41f110111209a69bda12c7e011ea824544479e10", "1b25c660f2dbb2be0ba596bb2697f486b92a961bba24226aeb82d8f0ac2f8d47", "324b40debcda6f4b9795a3880ff35b56a92d865abb7c3525f6b40e28c52d9594", "5063d5e6f90dbb6e360259ac24c11c62b1439f90966bdc72dedf60e243b9e87a", "521294a88093ea2b7a2b89ec3005b6398f20780874d410663b63429e58b1555a", "66e3b4babf44c3168e1524e84dafd4f19bbfd25feff600422f18553c0dc9c75d", "7dc78a81de59dc3f666c25c6d10ae730b50d6d2ee341088371f92f137a938530", "9c4498d0ed0c9941d61fed83e91942b40ac298b12acfccaeb9d84526103ff4c8", "a4cecd9cad126bbb98545d8bdb471fd1971187945eb71e5ccb873e90a84ee7ae", "ad3a9d7402d494048c934b5af612bdf8da822fa7b22e57b8fe48e98a92f772b8", "cd07e3707ed997f08cea9f73113be57561dd3d6286310fd096904deb8fc465c7", "d27df86a574f9e5e3f6b0a6ffd180da3c8d46e3ee94ea65eff4d1e782be9a915", "e302839fbcbdc6da9e8235013a8abce6425eba48eaf4dac3390360334ebe756e", "ea3d4eae7eea6f718c8d6999c847f81d046d5a2800f90db40a12c1b2788d630f", "ee10b9a36e59990b0a49cf0044f2f23f4fc0e9f7b56057d74c96d99b0736a584", "fa22998a51ea7dbbd88a0e1d1c11e88e1c0a801125d2e330348323987d00ccaa"], "path": "%ProgramFiles%\\7-Zip\\Lang\\mr.txt"}, {"hashes": ["152d8dfacdec0ebe7008b0ec41f110111209a69bda12c7e011ea824544479e10", "1b25c660f2dbb2be0ba596bb2697f486b92a961bba24226aeb82d8f0ac2f8d47", "324b40debcda6f4b9795a3880ff35b56a92d865abb7c3525f6b40e28c52d9594", "5063d5e6f90dbb6e360259ac24c11c62b1439f90966bdc72dedf60e243b9e87a", "521294a88093ea2b7a2b89ec3005b6398f20780874d410663b63429e58b1555a", "66e3b4babf44c3168e1524e84dafd4f19bbfd25feff600422f18553c0dc9c75d", "7dc78a81de59dc3f666c25c6d10ae730b50d6d2ee341088371f92f137a938530", "9c4498d0ed0c9941d61fed83e91942b40ac298b12acfccaeb9d84526103ff4c8", "a4cecd9cad126bbb98545d8bdb471fd1971187945eb71e5ccb873e90a84ee7ae", "ad3a9d7402d494048c934b5af612bdf8da822fa7b22e57b8fe48e98a92f772b8", "cd07e3707ed997f08cea9f73113be57561dd3d6286310fd096904deb8fc465c7", "d27df86a574f9e5e3f6b0a6ffd180da3c8d46e3ee94ea65eff4d1e782be9a915", "e302839fbcbdc6da9e8235013a8abce6425eba48eaf4dac3390360334ebe756e", "ea3d4eae7eea6f718c8d6999c847f81d046d5a2800f90db40a12c1b2788d630f", "ee10b9a36e59990b0a49cf0044f2f23f4fc0e9f7b56057d74c96d99b0736a584", "fa22998a51ea7dbbd88a0e1d1c11e88e1c0a801125d2e330348323987d00ccaa"], "path": "%ProgramFiles%\\7-Zip\\Lang\\ms.txt"}, {"hashes": ["152d8dfacdec0ebe7008b0ec41f110111209a69bda12c7e011ea824544479e10", "1b25c660f2dbb2be0ba596bb2697f486b92a961bba24226aeb82d8f0ac2f8d47", "324b40debcda6f4b9795a3880ff35b56a92d865abb7c3525f6b40e28c52d9594", "5063d5e6f90dbb6e360259ac24c11c62b1439f90966bdc72dedf60e243b9e87a", "521294a88093ea2b7a2b89ec3005b6398f20780874d410663b63429e58b1555a", "66e3b4babf44c3168e1524e84dafd4f19bbfd25feff600422f18553c0dc9c75d", "7dc78a81de59dc3f666c25c6d10ae730b50d6d2ee341088371f92f137a938530", "9c4498d0ed0c9941d61fed83e91942b40ac298b12acfccaeb9d84526103ff4c8", "a4cecd9cad126bbb98545d8bdb471fd1971187945eb71e5ccb873e90a84ee7ae", "ad3a9d7402d494048c934b5af612bdf8da822fa7b22e57b8fe48e98a92f772b8", "cd07e3707ed997f08cea9f73113be57561dd3d6286310fd096904deb8fc465c7", "d27df86a574f9e5e3f6b0a6ffd180da3c8d46e3ee94ea65eff4d1e782be9a915", "e302839fbcbdc6da9e8235013a8abce6425eba48eaf4dac3390360334ebe756e", "ea3d4eae7eea6f718c8d6999c847f81d046d5a2800f90db40a12c1b2788d630f", "ee10b9a36e59990b0a49cf0044f2f23f4fc0e9f7b56057d74c96d99b0736a584", "fa22998a51ea7dbbd88a0e1d1c11e88e1c0a801125d2e330348323987d00ccaa"], "path": "%ProgramFiles%\\7-Zip\\Lang\\nb.txt"}, {"hashes": ["152d8dfacdec0ebe7008b0ec41f110111209a69bda12c7e011ea824544479e10", "1b25c660f2dbb2be0ba596bb2697f486b92a961bba24226aeb82d8f0ac2f8d47", "324b40debcda6f4b9795a3880ff35b56a92d865abb7c3525f6b40e28c52d9594", "5063d5e6f90dbb6e360259ac24c11c62b1439f90966bdc72dedf60e243b9e87a", "521294a88093ea2b7a2b89ec3005b6398f20780874d410663b63429e58b1555a", "66e3b4babf44c3168e1524e84dafd4f19bbfd25feff600422f18553c0dc9c75d", "7dc78a81de59dc3f666c25c6d10ae730b50d6d2ee341088371f92f137a938530", "9c4498d0ed0c9941d61fed83e91942b40ac298b12acfccaeb9d84526103ff4c8", "a4cecd9cad126bbb98545d8bdb471fd1971187945eb71e5ccb873e90a84ee7ae", "ad3a9d7402d494048c934b5af612bdf8da822fa7b22e57b8fe48e98a92f772b8", "cd07e3707ed997f08cea9f73113be57561dd3d6286310fd096904deb8fc465c7", "d27df86a574f9e5e3f6b0a6ffd180da3c8d46e3ee94ea65eff4d1e782be9a915", "e302839fbcbdc6da9e8235013a8abce6425eba48eaf4dac3390360334ebe756e", "ea3d4eae7eea6f718c8d6999c847f81d046d5a2800f90db40a12c1b2788d630f", "ee10b9a36e59990b0a49cf0044f2f23f4fc0e9f7b56057d74c96d99b0736a584", "fa22998a51ea7dbbd88a0e1d1c11e88e1c0a801125d2e330348323987d00ccaa"], "path": "%ProgramFiles%\\7-Zip\\Lang\\ne.txt"}, {"hashes": ["152d8dfacdec0ebe7008b0ec41f110111209a69bda12c7e011ea824544479e10", "1b25c660f2dbb2be0ba596bb2697f486b92a961bba24226aeb82d8f0ac2f8d47", "324b40debcda6f4b9795a3880ff35b56a92d865abb7c3525f6b40e28c52d9594", "5063d5e6f90dbb6e360259ac24c11c62b1439f90966bdc72dedf60e243b9e87a", "521294a88093ea2b7a2b89ec3005b6398f20780874d410663b63429e58b1555a", "66e3b4babf44c3168e1524e84dafd4f19bbfd25feff600422f18553c0dc9c75d", "7dc78a81de59dc3f666c25c6d10ae730b50d6d2ee341088371f92f137a938530", "9c4498d0ed0c9941d61fed83e91942b40ac298b12acfccaeb9d84526103ff4c8", "a4cecd9cad126bbb98545d8bdb471fd1971187945eb71e5ccb873e90a84ee7ae", "ad3a9d7402d494048c934b5af612bdf8da822fa7b22e57b8fe48e98a92f772b8", "cd07e3707ed997f08cea9f73113be57561dd3d6286310fd096904deb8fc465c7", "d27df86a574f9e5e3f6b0a6ffd180da3c8d46e3ee94ea65eff4d1e782be9a915", "e302839fbcbdc6da9e8235013a8abce6425eba48eaf4dac3390360334ebe756e", "ea3d4eae7eea6f718c8d6999c847f81d046d5a2800f90db40a12c1b2788d630f", "ee10b9a36e59990b0a49cf0044f2f23f4fc0e9f7b56057d74c96d99b0736a584", "fa22998a51ea7dbbd88a0e1d1c11e88e1c0a801125d2e330348323987d00ccaa"], "path": "%ProgramFiles%\\7-Zip\\Lang\\nl.txt"}, {"hashes": ["152d8dfacdec0ebe7008b0ec41f110111209a69bda12c7e011ea824544479e10", "1b25c660f2dbb2be0ba596bb2697f486b92a961bba24226aeb82d8f0ac2f8d47", "324b40debcda6f4b9795a3880ff35b56a92d865abb7c3525f6b40e28c52d9594", "5063d5e6f90dbb6e360259ac24c11c62b1439f90966bdc72dedf60e243b9e87a", "521294a88093ea2b7a2b89ec3005b6398f20780874d410663b63429e58b1555a", "66e3b4babf44c3168e1524e84dafd4f19bbfd25feff600422f18553c0dc9c75d", "7dc78a81de59dc3f666c25c6d10ae730b50d6d2ee341088371f92f137a938530", "9c4498d0ed0c9941d61fed83e91942b40ac298b12acfccaeb9d84526103ff4c8", "a4cecd9cad126bbb98545d8bdb471fd1971187945eb71e5ccb873e90a84ee7ae", "ad3a9d7402d494048c934b5af612bdf8da822fa7b22e57b8fe48e98a92f772b8", "cd07e3707ed997f08cea9f73113be57561dd3d6286310fd096904deb8fc465c7", "d27df86a574f9e5e3f6b0a6ffd180da3c8d46e3ee94ea65eff4d1e782be9a915", "e302839fbcbdc6da9e8235013a8abce6425eba48eaf4dac3390360334ebe756e", "ea3d4eae7eea6f718c8d6999c847f81d046d5a2800f90db40a12c1b2788d630f", "ee10b9a36e59990b0a49cf0044f2f23f4fc0e9f7b56057d74c96d99b0736a584", "fa22998a51ea7dbbd88a0e1d1c11e88e1c0a801125d2e330348323987d00ccaa"], "path": "%ProgramFiles%\\7-Zip\\Lang\\nn.txt"}, {"hashes": ["152d8dfacdec0ebe7008b0ec41f110111209a69bda12c7e011ea824544479e10", "1b25c660f2dbb2be0ba596bb2697f486b92a961bba24226aeb82d8f0ac2f8d47", "324b40debcda6f4b9795a3880ff35b56a92d865abb7c3525f6b40e28c52d9594", "5063d5e6f90dbb6e360259ac24c11c62b1439f90966bdc72dedf60e243b9e87a", "521294a88093ea2b7a2b89ec3005b6398f20780874d410663b63429e58b1555a", "66e3b4babf44c3168e1524e84dafd4f19bbfd25feff600422f18553c0dc9c75d", "7dc78a81de59dc3f666c25c6d10ae730b50d6d2ee341088371f92f137a938530", "9c4498d0ed0c9941d61fed83e91942b40ac298b12acfccaeb9d84526103ff4c8", "a4cecd9cad126bbb98545d8bdb471fd1971187945eb71e5ccb873e90a84ee7ae", "ad3a9d7402d494048c934b5af612bdf8da822fa7b22e57b8fe48e98a92f772b8", "cd07e3707ed997f08cea9f73113be57561dd3d6286310fd096904deb8fc465c7", "d27df86a574f9e5e3f6b0a6ffd180da3c8d46e3ee94ea65eff4d1e782be9a915", "e302839fbcbdc6da9e8235013a8abce6425eba48eaf4dac3390360334ebe756e", "ea3d4eae7eea6f718c8d6999c847f81d046d5a2800f90db40a12c1b2788d630f", "ee10b9a36e59990b0a49cf0044f2f23f4fc0e9f7b56057d74c96d99b0736a584", "fa22998a51ea7dbbd88a0e1d1c11e88e1c0a801125d2e330348323987d00ccaa"], "path": "%ProgramFiles%\\7-Zip\\Lang\\pa-in.txt"}, {"hashes": ["152d8dfacdec0ebe7008b0ec41f110111209a69bda12c7e011ea824544479e10", "1b25c660f2dbb2be0ba596bb2697f486b92a961bba24226aeb82d8f0ac2f8d47", "324b40debcda6f4b9795a3880ff35b56a92d865abb7c3525f6b40e28c52d9594", "5063d5e6f90dbb6e360259ac24c11c62b1439f90966bdc72dedf60e243b9e87a", "521294a88093ea2b7a2b89ec3005b6398f20780874d410663b63429e58b1555a", "66e3b4babf44c3168e1524e84dafd4f19bbfd25feff600422f18553c0dc9c75d", "7dc78a81de59dc3f666c25c6d10ae730b50d6d2ee341088371f92f137a938530", "9c4498d0ed0c9941d61fed83e91942b40ac298b12acfccaeb9d84526103ff4c8", "a4cecd9cad126bbb98545d8bdb471fd1971187945eb71e5ccb873e90a84ee7ae", "ad3a9d7402d494048c934b5af612bdf8da822fa7b22e57b8fe48e98a92f772b8", "cd07e3707ed997f08cea9f73113be57561dd3d6286310fd096904deb8fc465c7", "d27df86a574f9e5e3f6b0a6ffd180da3c8d46e3ee94ea65eff4d1e782be9a915", "e302839fbcbdc6da9e8235013a8abce6425eba48eaf4dac3390360334ebe756e", "ea3d4eae7eea6f718c8d6999c847f81d046d5a2800f90db40a12c1b2788d630f", "ee10b9a36e59990b0a49cf0044f2f23f4fc0e9f7b56057d74c96d99b0736a584", "fa22998a51ea7dbbd88a0e1d1c11e88e1c0a801125d2e330348323987d00ccaa"], "path": "%ProgramFiles%\\7-Zip\\Lang\\pl.txt"}, {"hashes": ["152d8dfacdec0ebe7008b0ec41f110111209a69bda12c7e011ea824544479e10", "1b25c660f2dbb2be0ba596bb2697f486b92a961bba24226aeb82d8f0ac2f8d47", "324b40debcda6f4b9795a3880ff35b56a92d865abb7c3525f6b40e28c52d9594", "5063d5e6f90dbb6e360259ac24c11c62b1439f90966bdc72dedf60e243b9e87a", "521294a88093ea2b7a2b89ec3005b6398f20780874d410663b63429e58b1555a", "66e3b4babf44c3168e1524e84dafd4f19bbfd25feff600422f18553c0dc9c75d", "7dc78a81de59dc3f666c25c6d10ae730b50d6d2ee341088371f92f137a938530", "9c4498d0ed0c9941d61fed83e91942b40ac298b12acfccaeb9d84526103ff4c8", "a4cecd9cad126bbb98545d8bdb471fd1971187945eb71e5ccb873e90a84ee7ae", "ad3a9d7402d494048c934b5af612bdf8da822fa7b22e57b8fe48e98a92f772b8", "cd07e3707ed997f08cea9f73113be57561dd3d6286310fd096904deb8fc465c7", "d27df86a574f9e5e3f6b0a6ffd180da3c8d46e3ee94ea65eff4d1e782be9a915", "e302839fbcbdc6da9e8235013a8abce6425eba48eaf4dac3390360334ebe756e", "ea3d4eae7eea6f718c8d6999c847f81d046d5a2800f90db40a12c1b2788d630f", "ee10b9a36e59990b0a49cf0044f2f23f4fc0e9f7b56057d74c96d99b0736a584", "fa22998a51ea7dbbd88a0e1d1c11e88e1c0a801125d2e330348323987d00ccaa"], "path": "%ProgramFiles%\\7-Zip\\Lang\\ps.txt"}, {"hashes": ["152d8dfacdec0ebe7008b0ec41f110111209a69bda12c7e011ea824544479e10", "1b25c660f2dbb2be0ba596bb2697f486b92a961bba24226aeb82d8f0ac2f8d47", "324b40debcda6f4b9795a3880ff35b56a92d865abb7c3525f6b40e28c52d9594", "5063d5e6f90dbb6e360259ac24c11c62b1439f90966bdc72dedf60e243b9e87a", "521294a88093ea2b7a2b89ec3005b6398f20780874d410663b63429e58b1555a", "66e3b4babf44c3168e1524e84dafd4f19bbfd25feff600422f18553c0dc9c75d", "7dc78a81de59dc3f666c25c6d10ae730b50d6d2ee341088371f92f137a938530", "9c4498d0ed0c9941d61fed83e91942b40ac298b12acfccaeb9d84526103ff4c8", "a4cecd9cad126bbb98545d8bdb471fd1971187945eb71e5ccb873e90a84ee7ae", "ad3a9d7402d494048c934b5af612bdf8da822fa7b22e57b8fe48e98a92f772b8", "cd07e3707ed997f08cea9f73113be57561dd3d6286310fd096904deb8fc465c7", "d27df86a574f9e5e3f6b0a6ffd180da3c8d46e3ee94ea65eff4d1e782be9a915", "e302839fbcbdc6da9e8235013a8abce6425eba48eaf4dac3390360334ebe756e", "ea3d4eae7eea6f718c8d6999c847f81d046d5a2800f90db40a12c1b2788d630f", "ee10b9a36e59990b0a49cf0044f2f23f4fc0e9f7b56057d74c96d99b0736a584", "fa22998a51ea7dbbd88a0e1d1c11e88e1c0a801125d2e330348323987d00ccaa"], "path": "%ProgramFiles%\\7-Zip\\Lang\\pt-br.txt"}, {"hashes": ["152d8dfacdec0ebe7008b0ec41f110111209a69bda12c7e011ea824544479e10", "1b25c660f2dbb2be0ba596bb2697f486b92a961bba24226aeb82d8f0ac2f8d47", "324b40debcda6f4b9795a3880ff35b56a92d865abb7c3525f6b40e28c52d9594", "5063d5e6f90dbb6e360259ac24c11c62b1439f90966bdc72dedf60e243b9e87a", "521294a88093ea2b7a2b89ec3005b6398f20780874d410663b63429e58b1555a", "66e3b4babf44c3168e1524e84dafd4f19bbfd25feff600422f18553c0dc9c75d", "7dc78a81de59dc3f666c25c6d10ae730b50d6d2ee341088371f92f137a938530", "9c4498d0ed0c9941d61fed83e91942b40ac298b12acfccaeb9d84526103ff4c8", "a4cecd9cad126bbb98545d8bdb471fd1971187945eb71e5ccb873e90a84ee7ae", "ad3a9d7402d494048c934b5af612bdf8da822fa7b22e57b8fe48e98a92f772b8", "cd07e3707ed997f08cea9f73113be57561dd3d6286310fd096904deb8fc465c7", "d27df86a574f9e5e3f6b0a6ffd180da3c8d46e3ee94ea65eff4d1e782be9a915", "e302839fbcbdc6da9e8235013a8abce6425eba48eaf4dac3390360334ebe756e", "ea3d4eae7eea6f718c8d6999c847f81d046d5a2800f90db40a12c1b2788d630f", "ee10b9a36e59990b0a49cf0044f2f23f4fc0e9f7b56057d74c96d99b0736a584", "fa22998a51ea7dbbd88a0e1d1c11e88e1c0a801125d2e330348323987d00ccaa"], "path": "%ProgramFiles%\\7-Zip\\Lang\\pt.txt"}, {"hashes": ["152d8dfacdec0ebe7008b0ec41f110111209a69bda12c7e011ea824544479e10", "1b25c660f2dbb2be0ba596bb2697f486b92a961bba24226aeb82d8f0ac2f8d47", "324b40debcda6f4b9795a3880ff35b56a92d865abb7c3525f6b40e28c52d9594", "5063d5e6f90dbb6e360259ac24c11c62b1439f90966bdc72dedf60e243b9e87a", "521294a88093ea2b7a2b89ec3005b6398f20780874d410663b63429e58b1555a", "66e3b4babf44c3168e1524e84dafd4f19bbfd25feff600422f18553c0dc9c75d", "7dc78a81de59dc3f666c25c6d10ae730b50d6d2ee341088371f92f137a938530", "9c4498d0ed0c9941d61fed83e91942b40ac298b12acfccaeb9d84526103ff4c8", "a4cecd9cad126bbb98545d8bdb471fd1971187945eb71e5ccb873e90a84ee7ae", "ad3a9d7402d494048c934b5af612bdf8da822fa7b22e57b8fe48e98a92f772b8", "cd07e3707ed997f08cea9f73113be57561dd3d6286310fd096904deb8fc465c7", "d27df86a574f9e5e3f6b0a6ffd180da3c8d46e3ee94ea65eff4d1e782be9a915", "e302839fbcbdc6da9e8235013a8abce6425eba48eaf4dac3390360334ebe756e", "ea3d4eae7eea6f718c8d6999c847f81d046d5a2800f90db40a12c1b2788d630f", "ee10b9a36e59990b0a49cf0044f2f23f4fc0e9f7b56057d74c96d99b0736a584", "fa22998a51ea7dbbd88a0e1d1c11e88e1c0a801125d2e330348323987d00ccaa"], "path": "%ProgramFiles%\\7-Zip\\Lang\\ro.txt"}, {"hashes": ["152d8dfacdec0ebe7008b0ec41f110111209a69bda12c7e011ea824544479e10", "1b25c660f2dbb2be0ba596bb2697f486b92a961bba24226aeb82d8f0ac2f8d47", "324b40debcda6f4b9795a3880ff35b56a92d865abb7c3525f6b40e28c52d9594", "5063d5e6f90dbb6e360259ac24c11c62b1439f90966bdc72dedf60e243b9e87a", "521294a88093ea2b7a2b89ec3005b6398f20780874d410663b63429e58b1555a", "66e3b4babf44c3168e1524e84dafd4f19bbfd25feff600422f18553c0dc9c75d", "7dc78a81de59dc3f666c25c6d10ae730b50d6d2ee341088371f92f137a938530", "9c4498d0ed0c9941d61fed83e91942b40ac298b12acfccaeb9d84526103ff4c8", "a4cecd9cad126bbb98545d8bdb471fd1971187945eb71e5ccb873e90a84ee7ae", "ad3a9d7402d494048c934b5af612bdf8da822fa7b22e57b8fe48e98a92f772b8", "cd07e3707ed997f08cea9f73113be57561dd3d6286310fd096904deb8fc465c7", "d27df86a574f9e5e3f6b0a6ffd180da3c8d46e3ee94ea65eff4d1e782be9a915", "e302839fbcbdc6da9e8235013a8abce6425eba48eaf4dac3390360334ebe756e", "ea3d4eae7eea6f718c8d6999c847f81d046d5a2800f90db40a12c1b2788d630f", "ee10b9a36e59990b0a49cf0044f2f23f4fc0e9f7b56057d74c96d99b0736a584", "fa22998a51ea7dbbd88a0e1d1c11e88e1c0a801125d2e330348323987d00ccaa"], "path": "%ProgramFiles%\\7-Zip\\Lang\\ru.txt"}, {"hashes": ["152d8dfacdec0ebe7008b0ec41f110111209a69bda12c7e011ea824544479e10", "1b25c660f2dbb2be0ba596bb2697f486b92a961bba24226aeb82d8f0ac2f8d47", "324b40debcda6f4b9795a3880ff35b56a92d865abb7c3525f6b40e28c52d9594", "5063d5e6f90dbb6e360259ac24c11c62b1439f90966bdc72dedf60e243b9e87a", "521294a88093ea2b7a2b89ec3005b6398f20780874d410663b63429e58b1555a", "66e3b4babf44c3168e1524e84dafd4f19bbfd25feff600422f18553c0dc9c75d", "7dc78a81de59dc3f666c25c6d10ae730b50d6d2ee341088371f92f137a938530", "9c4498d0ed0c9941d61fed83e91942b40ac298b12acfccaeb9d84526103ff4c8", "a4cecd9cad126bbb98545d8bdb471fd1971187945eb71e5ccb873e90a84ee7ae", "ad3a9d7402d494048c934b5af612bdf8da822fa7b22e57b8fe48e98a92f772b8", "cd07e3707ed997f08cea9f73113be57561dd3d6286310fd096904deb8fc465c7", "d27df86a574f9e5e3f6b0a6ffd180da3c8d46e3ee94ea65eff4d1e782be9a915", "e302839fbcbdc6da9e8235013a8abce6425eba48eaf4dac3390360334ebe756e", "ea3d4eae7eea6f718c8d6999c847f81d046d5a2800f90db40a12c1b2788d630f", "ee10b9a36e59990b0a49cf0044f2f23f4fc0e9f7b56057d74c96d99b0736a584", "fa22998a51ea7dbbd88a0e1d1c11e88e1c0a801125d2e330348323987d00ccaa"], "path": "%ProgramFiles%\\7-Zip\\Lang\\sa.txt"}, {"hashes": ["152d8dfacdec0ebe7008b0ec41f110111209a69bda12c7e011ea824544479e10", "1b25c660f2dbb2be0ba596bb2697f486b92a961bba24226aeb82d8f0ac2f8d47", "324b40debcda6f4b9795a3880ff35b56a92d865abb7c3525f6b40e28c52d9594", "5063d5e6f90dbb6e360259ac24c11c62b1439f90966bdc72dedf60e243b9e87a", "521294a88093ea2b7a2b89ec3005b6398f20780874d410663b63429e58b1555a", "66e3b4babf44c3168e1524e84dafd4f19bbfd25feff600422f18553c0dc9c75d", "7dc78a81de59dc3f666c25c6d10ae730b50d6d2ee341088371f92f137a938530", "9c4498d0ed0c9941d61fed83e91942b40ac298b12acfccaeb9d84526103ff4c8", "a4cecd9cad126bbb98545d8bdb471fd1971187945eb71e5ccb873e90a84ee7ae", "ad3a9d7402d494048c934b5af612bdf8da822fa7b22e57b8fe48e98a92f772b8", "cd07e3707ed997f08cea9f73113be57561dd3d6286310fd096904deb8fc465c7", "d27df86a574f9e5e3f6b0a6ffd180da3c8d46e3ee94ea65eff4d1e782be9a915", "e302839fbcbdc6da9e8235013a8abce6425eba48eaf4dac3390360334ebe756e", "ea3d4eae7eea6f718c8d6999c847f81d046d5a2800f90db40a12c1b2788d630f", "ee10b9a36e59990b0a49cf0044f2f23f4fc0e9f7b56057d74c96d99b0736a584", "fa22998a51ea7dbbd88a0e1d1c11e88e1c0a801125d2e330348323987d00ccaa"], "path": "%ProgramFiles%\\7-Zip\\Lang\\si.txt"}, {"hashes": ["152d8dfacdec0ebe7008b0ec41f110111209a69bda12c7e011ea824544479e10", "1b25c660f2dbb2be0ba596bb2697f486b92a961bba24226aeb82d8f0ac2f8d47", "324b40debcda6f4b9795a3880ff35b56a92d865abb7c3525f6b40e28c52d9594", "5063d5e6f90dbb6e360259ac24c11c62b1439f90966bdc72dedf60e243b9e87a", "521294a88093ea2b7a2b89ec3005b6398f20780874d410663b63429e58b1555a", "66e3b4babf44c3168e1524e84dafd4f19bbfd25feff600422f18553c0dc9c75d", "7dc78a81de59dc3f666c25c6d10ae730b50d6d2ee341088371f92f137a938530", "9c4498d0ed0c9941d61fed83e91942b40ac298b12acfccaeb9d84526103ff4c8", "a4cecd9cad126bbb98545d8bdb471fd1971187945eb71e5ccb873e90a84ee7ae", "ad3a9d7402d494048c934b5af612bdf8da822fa7b22e57b8fe48e98a92f772b8", "cd07e3707ed997f08cea9f73113be57561dd3d6286310fd096904deb8fc465c7", "d27df86a574f9e5e3f6b0a6ffd180da3c8d46e3ee94ea65eff4d1e782be9a915", "e302839fbcbdc6da9e8235013a8abce6425eba48eaf4dac3390360334ebe756e", "ea3d4eae7eea6f718c8d6999c847f81d046d5a2800f90db40a12c1b2788d630f", "ee10b9a36e59990b0a49cf0044f2f23f4fc0e9f7b56057d74c96d99b0736a584", "fa22998a51ea7dbbd88a0e1d1c11e88e1c0a801125d2e330348323987d00ccaa"], "path": "%ProgramFiles%\\7-Zip\\Lang\\sk.txt"}, {"hashes": ["152d8dfacdec0ebe7008b0ec41f110111209a69bda12c7e011ea824544479e10", "1b25c660f2dbb2be0ba596bb2697f486b92a961bba24226aeb82d8f0ac2f8d47", "324b40debcda6f4b9795a3880ff35b56a92d865abb7c3525f6b40e28c52d9594", "5063d5e6f90dbb6e360259ac24c11c62b1439f90966bdc72dedf60e243b9e87a", "521294a88093ea2b7a2b89ec3005b6398f20780874d410663b63429e58b1555a", "66e3b4babf44c3168e1524e84dafd4f19bbfd25feff600422f18553c0dc9c75d", "7dc78a81de59dc3f666c25c6d10ae730b50d6d2ee341088371f92f137a938530", "9c4498d0ed0c9941d61fed83e91942b40ac298b12acfccaeb9d84526103ff4c8", "a4cecd9cad126bbb98545d8bdb471fd1971187945eb71e5ccb873e90a84ee7ae", "ad3a9d7402d494048c934b5af612bdf8da822fa7b22e57b8fe48e98a92f772b8", "cd07e3707ed997f08cea9f73113be57561dd3d6286310fd096904deb8fc465c7", "d27df86a574f9e5e3f6b0a6ffd180da3c8d46e3ee94ea65eff4d1e782be9a915", "e302839fbcbdc6da9e8235013a8abce6425eba48eaf4dac3390360334ebe756e", "ea3d4eae7eea6f718c8d6999c847f81d046d5a2800f90db40a12c1b2788d630f", "ee10b9a36e59990b0a49cf0044f2f23f4fc0e9f7b56057d74c96d99b0736a584", "fa22998a51ea7dbbd88a0e1d1c11e88e1c0a801125d2e330348323987d00ccaa"], "path": "%ProgramFiles%\\7-Zip\\Lang\\sl.txt"}, {"hashes": ["152d8dfacdec0ebe7008b0ec41f110111209a69bda12c7e011ea824544479e10", "1b25c660f2dbb2be0ba596bb2697f486b92a961bba24226aeb82d8f0ac2f8d47", "324b40debcda6f4b9795a3880ff35b56a92d865abb7c3525f6b40e28c52d9594", "5063d5e6f90dbb6e360259ac24c11c62b1439f90966bdc72dedf60e243b9e87a", "521294a88093ea2b7a2b89ec3005b6398f20780874d410663b63429e58b1555a", "66e3b4babf44c3168e1524e84dafd4f19bbfd25feff600422f18553c0dc9c75d", "7dc78a81de59dc3f666c25c6d10ae730b50d6d2ee341088371f92f137a938530", "9c4498d0ed0c9941d61fed83e91942b40ac298b12acfccaeb9d84526103ff4c8", "a4cecd9cad126bbb98545d8bdb471fd1971187945eb71e5ccb873e90a84ee7ae", "ad3a9d7402d494048c934b5af612bdf8da822fa7b22e57b8fe48e98a92f772b8", "cd07e3707ed997f08cea9f73113be57561dd3d6286310fd096904deb8fc465c7", "d27df86a574f9e5e3f6b0a6ffd180da3c8d46e3ee94ea65eff4d1e782be9a915", "e302839fbcbdc6da9e8235013a8abce6425eba48eaf4dac3390360334ebe756e", "ea3d4eae7eea6f718c8d6999c847f81d046d5a2800f90db40a12c1b2788d630f", "ee10b9a36e59990b0a49cf0044f2f23f4fc0e9f7b56057d74c96d99b0736a584", "fa22998a51ea7dbbd88a0e1d1c11e88e1c0a801125d2e330348323987d00ccaa"], "path": "%ProgramFiles%\\7-Zip\\Lang\\sq.txt"}, {"hashes": ["152d8dfacdec0ebe7008b0ec41f110111209a69bda12c7e011ea824544479e10", "1b25c660f2dbb2be0ba596bb2697f486b92a961bba24226aeb82d8f0ac2f8d47", "324b40debcda6f4b9795a3880ff35b56a92d865abb7c3525f6b40e28c52d9594", "5063d5e6f90dbb6e360259ac24c11c62b1439f90966bdc72dedf60e243b9e87a", "521294a88093ea2b7a2b89ec3005b6398f20780874d410663b63429e58b1555a", "66e3b4babf44c3168e1524e84dafd4f19bbfd25feff600422f18553c0dc9c75d", "7dc78a81de59dc3f666c25c6d10ae730b50d6d2ee341088371f92f137a938530", "9c4498d0ed0c9941d61fed83e91942b40ac298b12acfccaeb9d84526103ff4c8", "a4cecd9cad126bbb98545d8bdb471fd1971187945eb71e5ccb873e90a84ee7ae", "ad3a9d7402d494048c934b5af612bdf8da822fa7b22e57b8fe48e98a92f772b8", "cd07e3707ed997f08cea9f73113be57561dd3d6286310fd096904deb8fc465c7", "d27df86a574f9e5e3f6b0a6ffd180da3c8d46e3ee94ea65eff4d1e782be9a915", "e302839fbcbdc6da9e8235013a8abce6425eba48eaf4dac3390360334ebe756e", "ea3d4eae7eea6f718c8d6999c847f81d046d5a2800f90db40a12c1b2788d630f", "ee10b9a36e59990b0a49cf0044f2f23f4fc0e9f7b56057d74c96d99b0736a584", "fa22998a51ea7dbbd88a0e1d1c11e88e1c0a801125d2e330348323987d00ccaa"], "path": "%ProgramFiles%\\7-Zip\\Lang\\sr-spc.txt"}, {"hashes": ["152d8dfacdec0ebe7008b0ec41f110111209a69bda12c7e011ea824544479e10", "1b25c660f2dbb2be0ba596bb2697f486b92a961bba24226aeb82d8f0ac2f8d47", "324b40debcda6f4b9795a3880ff35b56a92d865abb7c3525f6b40e28c52d9594", "5063d5e6f90dbb6e360259ac24c11c62b1439f90966bdc72dedf60e243b9e87a", "521294a88093ea2b7a2b89ec3005b6398f20780874d410663b63429e58b1555a", "66e3b4babf44c3168e1524e84dafd4f19bbfd25feff600422f18553c0dc9c75d", "7dc78a81de59dc3f666c25c6d10ae730b50d6d2ee341088371f92f137a938530", "9c4498d0ed0c9941d61fed83e91942b40ac298b12acfccaeb9d84526103ff4c8", "a4cecd9cad126bbb98545d8bdb471fd1971187945eb71e5ccb873e90a84ee7ae", "ad3a9d7402d494048c934b5af612bdf8da822fa7b22e57b8fe48e98a92f772b8", "cd07e3707ed997f08cea9f73113be57561dd3d6286310fd096904deb8fc465c7", "d27df86a574f9e5e3f6b0a6ffd180da3c8d46e3ee94ea65eff4d1e782be9a915", "e302839fbcbdc6da9e8235013a8abce6425eba48eaf4dac3390360334ebe756e", "ea3d4eae7eea6f718c8d6999c847f81d046d5a2800f90db40a12c1b2788d630f", "ee10b9a36e59990b0a49cf0044f2f23f4fc0e9f7b56057d74c96d99b0736a584", "fa22998a51ea7dbbd88a0e1d1c11e88e1c0a801125d2e330348323987d00ccaa"], "path": "%ProgramFiles%\\7-Zip\\Lang\\sr-spl.txt"}, {"hashes": ["152d8dfacdec0ebe7008b0ec41f110111209a69bda12c7e011ea824544479e10", "1b25c660f2dbb2be0ba596bb2697f486b92a961bba24226aeb82d8f0ac2f8d47", "324b40debcda6f4b9795a3880ff35b56a92d865abb7c3525f6b40e28c52d9594", "5063d5e6f90dbb6e360259ac24c11c62b1439f90966bdc72dedf60e243b9e87a", "521294a88093ea2b7a2b89ec3005b6398f20780874d410663b63429e58b1555a", "66e3b4babf44c3168e1524e84dafd4f19bbfd25feff600422f18553c0dc9c75d", "7dc78a81de59dc3f666c25c6d10ae730b50d6d2ee341088371f92f137a938530", "9c4498d0ed0c9941d61fed83e91942b40ac298b12acfccaeb9d84526103ff4c8", "a4cecd9cad126bbb98545d8bdb471fd1971187945eb71e5ccb873e90a84ee7ae", "ad3a9d7402d494048c934b5af612bdf8da822fa7b22e57b8fe48e98a92f772b8", "cd07e3707ed997f08cea9f73113be57561dd3d6286310fd096904deb8fc465c7", "d27df86a574f9e5e3f6b0a6ffd180da3c8d46e3ee94ea65eff4d1e782be9a915", "e302839fbcbdc6da9e8235013a8abce6425eba48eaf4dac3390360334ebe756e", "ea3d4eae7eea6f718c8d6999c847f81d046d5a2800f90db40a12c1b2788d630f", "ee10b9a36e59990b0a49cf0044f2f23f4fc0e9f7b56057d74c96d99b0736a584", "fa22998a51ea7dbbd88a0e1d1c11e88e1c0a801125d2e330348323987d00ccaa"], "path": "%ProgramFiles%\\7-Zip\\Lang\\sv.txt"}, {"hashes": ["152d8dfacdec0ebe7008b0ec41f110111209a69bda12c7e011ea824544479e10", "1b25c660f2dbb2be0ba596bb2697f486b92a961bba24226aeb82d8f0ac2f8d47", "324b40debcda6f4b9795a3880ff35b56a92d865abb7c3525f6b40e28c52d9594", "5063d5e6f90dbb6e360259ac24c11c62b1439f90966bdc72dedf60e243b9e87a", "521294a88093ea2b7a2b89ec3005b6398f20780874d410663b63429e58b1555a", "66e3b4babf44c3168e1524e84dafd4f19bbfd25feff600422f18553c0dc9c75d", "7dc78a81de59dc3f666c25c6d10ae730b50d6d2ee341088371f92f137a938530", "9c4498d0ed0c9941d61fed83e91942b40ac298b12acfccaeb9d84526103ff4c8", "a4cecd9cad126bbb98545d8bdb471fd1971187945eb71e5ccb873e90a84ee7ae", "ad3a9d7402d494048c934b5af612bdf8da822fa7b22e57b8fe48e98a92f772b8", "cd07e3707ed997f08cea9f73113be57561dd3d6286310fd096904deb8fc465c7", "d27df86a574f9e5e3f6b0a6ffd180da3c8d46e3ee94ea65eff4d1e782be9a915", "e302839fbcbdc6da9e8235013a8abce6425eba48eaf4dac3390360334ebe756e", "ea3d4eae7eea6f718c8d6999c847f81d046d5a2800f90db40a12c1b2788d630f", "ee10b9a36e59990b0a49cf0044f2f23f4fc0e9f7b56057d74c96d99b0736a584", "fa22998a51ea7dbbd88a0e1d1c11e88e1c0a801125d2e330348323987d00ccaa"], "path": "%ProgramFiles%\\7-Zip\\Lang\\ta.txt"}, {"hashes": ["152d8dfacdec0ebe7008b0ec41f110111209a69bda12c7e011ea824544479e10", "1b25c660f2dbb2be0ba596bb2697f486b92a961bba24226aeb82d8f0ac2f8d47", "324b40debcda6f4b9795a3880ff35b56a92d865abb7c3525f6b40e28c52d9594", "5063d5e6f90dbb6e360259ac24c11c62b1439f90966bdc72dedf60e243b9e87a", "521294a88093ea2b7a2b89ec3005b6398f20780874d410663b63429e58b1555a", "66e3b4babf44c3168e1524e84dafd4f19bbfd25feff600422f18553c0dc9c75d", "7dc78a81de59dc3f666c25c6d10ae730b50d6d2ee341088371f92f137a938530", "9c4498d0ed0c9941d61fed83e91942b40ac298b12acfccaeb9d84526103ff4c8", "a4cecd9cad126bbb98545d8bdb471fd1971187945eb71e5ccb873e90a84ee7ae", "ad3a9d7402d494048c934b5af612bdf8da822fa7b22e57b8fe48e98a92f772b8", "cd07e3707ed997f08cea9f73113be57561dd3d6286310fd096904deb8fc465c7", "d27df86a574f9e5e3f6b0a6ffd180da3c8d46e3ee94ea65eff4d1e782be9a915", "e302839fbcbdc6da9e8235013a8abce6425eba48eaf4dac3390360334ebe756e", "ea3d4eae7eea6f718c8d6999c847f81d046d5a2800f90db40a12c1b2788d630f", "ee10b9a36e59990b0a49cf0044f2f23f4fc0e9f7b56057d74c96d99b0736a584", "fa22998a51ea7dbbd88a0e1d1c11e88e1c0a801125d2e330348323987d00ccaa"], "path": "%ProgramFiles%\\7-Zip\\Lang\\th.txt"}, {"hashes": ["152d8dfacdec0ebe7008b0ec41f110111209a69bda12c7e011ea824544479e10", "1b25c660f2dbb2be0ba596bb2697f486b92a961bba24226aeb82d8f0ac2f8d47", "324b40debcda6f4b9795a3880ff35b56a92d865abb7c3525f6b40e28c52d9594", "5063d5e6f90dbb6e360259ac24c11c62b1439f90966bdc72dedf60e243b9e87a", "521294a88093ea2b7a2b89ec3005b6398f20780874d410663b63429e58b1555a", "66e3b4babf44c3168e1524e84dafd4f19bbfd25feff600422f18553c0dc9c75d", "7dc78a81de59dc3f666c25c6d10ae730b50d6d2ee341088371f92f137a938530", "9c4498d0ed0c9941d61fed83e91942b40ac298b12acfccaeb9d84526103ff4c8", "a4cecd9cad126bbb98545d8bdb471fd1971187945eb71e5ccb873e90a84ee7ae", "ad3a9d7402d494048c934b5af612bdf8da822fa7b22e57b8fe48e98a92f772b8", "cd07e3707ed997f08cea9f73113be57561dd3d6286310fd096904deb8fc465c7", "d27df86a574f9e5e3f6b0a6ffd180da3c8d46e3ee94ea65eff4d1e782be9a915", "e302839fbcbdc6da9e8235013a8abce6425eba48eaf4dac3390360334ebe756e", "ea3d4eae7eea6f718c8d6999c847f81d046d5a2800f90db40a12c1b2788d630f", "ee10b9a36e59990b0a49cf0044f2f23f4fc0e9f7b56057d74c96d99b0736a584", "fa22998a51ea7dbbd88a0e1d1c11e88e1c0a801125d2e330348323987d00ccaa"], "path": "%ProgramFiles%\\7-Zip\\Lang\\tr.txt"}, {"hashes": ["152d8dfacdec0ebe7008b0ec41f110111209a69bda12c7e011ea824544479e10", "1b25c660f2dbb2be0ba596bb2697f486b92a961bba24226aeb82d8f0ac2f8d47", "324b40debcda6f4b9795a3880ff35b56a92d865abb7c3525f6b40e28c52d9594", "5063d5e6f90dbb6e360259ac24c11c62b1439f90966bdc72dedf60e243b9e87a", "521294a88093ea2b7a2b89ec3005b6398f20780874d410663b63429e58b1555a", "66e3b4babf44c3168e1524e84dafd4f19bbfd25feff600422f18553c0dc9c75d", "7dc78a81de59dc3f666c25c6d10ae730b50d6d2ee341088371f92f137a938530", "9c4498d0ed0c9941d61fed83e91942b40ac298b12acfccaeb9d84526103ff4c8", "a4cecd9cad126bbb98545d8bdb471fd1971187945eb71e5ccb873e90a84ee7ae", "ad3a9d7402d494048c934b5af612bdf8da822fa7b22e57b8fe48e98a92f772b8", "cd07e3707ed997f08cea9f73113be57561dd3d6286310fd096904deb8fc465c7", "d27df86a574f9e5e3f6b0a6ffd180da3c8d46e3ee94ea65eff4d1e782be9a915", "e302839fbcbdc6da9e8235013a8abce6425eba48eaf4dac3390360334ebe756e", "ea3d4eae7eea6f718c8d6999c847f81d046d5a2800f90db40a12c1b2788d630f", "ee10b9a36e59990b0a49cf0044f2f23f4fc0e9f7b56057d74c96d99b0736a584", "fa22998a51ea7dbbd88a0e1d1c11e88e1c0a801125d2e330348323987d00ccaa"], "path": "%ProgramFiles%\\7-Zip\\Lang\\tt.txt"}, {"hashes": ["152d8dfacdec0ebe7008b0ec41f110111209a69bda12c7e011ea824544479e10", "1b25c660f2dbb2be0ba596bb2697f486b92a961bba24226aeb82d8f0ac2f8d47", "324b40debcda6f4b9795a3880ff35b56a92d865abb7c3525f6b40e28c52d9594", "5063d5e6f90dbb6e360259ac24c11c62b1439f90966bdc72dedf60e243b9e87a", "521294a88093ea2b7a2b89ec3005b6398f20780874d410663b63429e58b1555a", "66e3b4babf44c3168e1524e84dafd4f19bbfd25feff600422f18553c0dc9c75d", "7dc78a81de59dc3f666c25c6d10ae730b50d6d2ee341088371f92f137a938530", "9c4498d0ed0c9941d61fed83e91942b40ac298b12acfccaeb9d84526103ff4c8", "a4cecd9cad126bbb98545d8bdb471fd1971187945eb71e5ccb873e90a84ee7ae", "ad3a9d7402d494048c934b5af612bdf8da822fa7b22e57b8fe48e98a92f772b8", "cd07e3707ed997f08cea9f73113be57561dd3d6286310fd096904deb8fc465c7", "d27df86a574f9e5e3f6b0a6ffd180da3c8d46e3ee94ea65eff4d1e782be9a915", "e302839fbcbdc6da9e8235013a8abce6425eba48eaf4dac3390360334ebe756e", "ea3d4eae7eea6f718c8d6999c847f81d046d5a2800f90db40a12c1b2788d630f", "ee10b9a36e59990b0a49cf0044f2f23f4fc0e9f7b56057d74c96d99b0736a584", "fa22998a51ea7dbbd88a0e1d1c11e88e1c0a801125d2e330348323987d00ccaa"], "path": "%ProgramFiles%\\7-Zip\\Lang\\ug.txt"}, {"hashes": ["152d8dfacdec0ebe7008b0ec41f110111209a69bda12c7e011ea824544479e10", "1b25c660f2dbb2be0ba596bb2697f486b92a961bba24226aeb82d8f0ac2f8d47", "324b40debcda6f4b9795a3880ff35b56a92d865abb7c3525f6b40e28c52d9594", "5063d5e6f90dbb6e360259ac24c11c62b1439f90966bdc72dedf60e243b9e87a", "521294a88093ea2b7a2b89ec3005b6398f20780874d410663b63429e58b1555a", "66e3b4babf44c3168e1524e84dafd4f19bbfd25feff600422f18553c0dc9c75d", "7dc78a81de59dc3f666c25c6d10ae730b50d6d2ee341088371f92f137a938530", "9c4498d0ed0c9941d61fed83e91942b40ac298b12acfccaeb9d84526103ff4c8", "a4cecd9cad126bbb98545d8bdb471fd1971187945eb71e5ccb873e90a84ee7ae", "ad3a9d7402d494048c934b5af612bdf8da822fa7b22e57b8fe48e98a92f772b8", "cd07e3707ed997f08cea9f73113be57561dd3d6286310fd096904deb8fc465c7", "d27df86a574f9e5e3f6b0a6ffd180da3c8d46e3ee94ea65eff4d1e782be9a915", "e302839fbcbdc6da9e8235013a8abce6425eba48eaf4dac3390360334ebe756e", "ea3d4eae7eea6f718c8d6999c847f81d046d5a2800f90db40a12c1b2788d630f", "ee10b9a36e59990b0a49cf0044f2f23f4fc0e9f7b56057d74c96d99b0736a584", "fa22998a51ea7dbbd88a0e1d1c11e88e1c0a801125d2e330348323987d00ccaa"], "path": "%ProgramFiles%\\7-Zip\\Lang\\uk.txt"}, {"hashes": ["152d8dfacdec0ebe7008b0ec41f110111209a69bda12c7e011ea824544479e10", "1b25c660f2dbb2be0ba596bb2697f486b92a961bba24226aeb82d8f0ac2f8d47", "324b40debcda6f4b9795a3880ff35b56a92d865abb7c3525f6b40e28c52d9594", "5063d5e6f90dbb6e360259ac24c11c62b1439f90966bdc72dedf60e243b9e87a", "521294a88093ea2b7a2b89ec3005b6398f20780874d410663b63429e58b1555a", "66e3b4babf44c3168e1524e84dafd4f19bbfd25feff600422f18553c0dc9c75d", "7dc78a81de59dc3f666c25c6d10ae730b50d6d2ee341088371f92f137a938530", "9c4498d0ed0c9941d61fed83e91942b40ac298b12acfccaeb9d84526103ff4c8", "a4cecd9cad126bbb98545d8bdb471fd1971187945eb71e5ccb873e90a84ee7ae", "ad3a9d7402d494048c934b5af612bdf8da822fa7b22e57b8fe48e98a92f772b8", "cd07e3707ed997f08cea9f73113be57561dd3d6286310fd096904deb8fc465c7", "d27df86a574f9e5e3f6b0a6ffd180da3c8d46e3ee94ea65eff4d1e782be9a915", "e302839fbcbdc6da9e8235013a8abce6425eba48eaf4dac3390360334ebe756e", "ea3d4eae7eea6f718c8d6999c847f81d046d5a2800f90db40a12c1b2788d630f", "ee10b9a36e59990b0a49cf0044f2f23f4fc0e9f7b56057d74c96d99b0736a584", "fa22998a51ea7dbbd88a0e1d1c11e88e1c0a801125d2e330348323987d00ccaa"], "path": "%ProgramFiles%\\7-Zip\\Lang\\uz.txt"}, {"hashes": ["152d8dfacdec0ebe7008b0ec41f110111209a69bda12c7e011ea824544479e10", "1b25c660f2dbb2be0ba596bb2697f486b92a961bba24226aeb82d8f0ac2f8d47", "324b40debcda6f4b9795a3880ff35b56a92d865abb7c3525f6b40e28c52d9594", "5063d5e6f90dbb6e360259ac24c11c62b1439f90966bdc72dedf60e243b9e87a", "521294a88093ea2b7a2b89ec3005b6398f20780874d410663b63429e58b1555a", "66e3b4babf44c3168e1524e84dafd4f19bbfd25feff600422f18553c0dc9c75d", "7dc78a81de59dc3f666c25c6d10ae730b50d6d2ee341088371f92f137a938530", "9c4498d0ed0c9941d61fed83e91942b40ac298b12acfccaeb9d84526103ff4c8", "a4cecd9cad126bbb98545d8bdb471fd1971187945eb71e5ccb873e90a84ee7ae", "ad3a9d7402d494048c934b5af612bdf8da822fa7b22e57b8fe48e98a92f772b8", "cd07e3707ed997f08cea9f73113be57561dd3d6286310fd096904deb8fc465c7", "d27df86a574f9e5e3f6b0a6ffd180da3c8d46e3ee94ea65eff4d1e782be9a915", "e302839fbcbdc6da9e8235013a8abce6425eba48eaf4dac3390360334ebe756e", "ea3d4eae7eea6f718c8d6999c847f81d046d5a2800f90db40a12c1b2788d630f", "ee10b9a36e59990b0a49cf0044f2f23f4fc0e9f7b56057d74c96d99b0736a584", "fa22998a51ea7dbbd88a0e1d1c11e88e1c0a801125d2e330348323987d00ccaa"], "path": "%ProgramFiles%\\7-Zip\\Lang\\va.txt"}, {"hashes": ["152d8dfacdec0ebe7008b0ec41f110111209a69bda12c7e011ea824544479e10", "1b25c660f2dbb2be0ba596bb2697f486b92a961bba24226aeb82d8f0ac2f8d47", "324b40debcda6f4b9795a3880ff35b56a92d865abb7c3525f6b40e28c52d9594", "5063d5e6f90dbb6e360259ac24c11c62b1439f90966bdc72dedf60e243b9e87a", "521294a88093ea2b7a2b89ec3005b6398f20780874d410663b63429e58b1555a", "66e3b4babf44c3168e1524e84dafd4f19bbfd25feff600422f18553c0dc9c75d", "7dc78a81de59dc3f666c25c6d10ae730b50d6d2ee341088371f92f137a938530", "9c4498d0ed0c9941d61fed83e91942b40ac298b12acfccaeb9d84526103ff4c8", "a4cecd9cad126bbb98545d8bdb471fd1971187945eb71e5ccb873e90a84ee7ae", "ad3a9d7402d494048c934b5af612bdf8da822fa7b22e57b8fe48e98a92f772b8", "cd07e3707ed997f08cea9f73113be57561dd3d6286310fd096904deb8fc465c7", "d27df86a574f9e5e3f6b0a6ffd180da3c8d46e3ee94ea65eff4d1e782be9a915", "e302839fbcbdc6da9e8235013a8abce6425eba48eaf4dac3390360334ebe756e", "ea3d4eae7eea6f718c8d6999c847f81d046d5a2800f90db40a12c1b2788d630f", "ee10b9a36e59990b0a49cf0044f2f23f4fc0e9f7b56057d74c96d99b0736a584", "fa22998a51ea7dbbd88a0e1d1c11e88e1c0a801125d2e330348323987d00ccaa"], "path": "%ProgramFiles%\\7-Zip\\Lang\\vi.txt"}, {"hashes": ["152d8dfacdec0ebe7008b0ec41f110111209a69bda12c7e011ea824544479e10", "1b25c660f2dbb2be0ba596bb2697f486b92a961bba24226aeb82d8f0ac2f8d47", "324b40debcda6f4b9795a3880ff35b56a92d865abb7c3525f6b40e28c52d9594", "5063d5e6f90dbb6e360259ac24c11c62b1439f90966bdc72dedf60e243b9e87a", "521294a88093ea2b7a2b89ec3005b6398f20780874d410663b63429e58b1555a", "66e3b4babf44c3168e1524e84dafd4f19bbfd25feff600422f18553c0dc9c75d", "7dc78a81de59dc3f666c25c6d10ae730b50d6d2ee341088371f92f137a938530", "9c4498d0ed0c9941d61fed83e91942b40ac298b12acfccaeb9d84526103ff4c8", "a4cecd9cad126bbb98545d8bdb471fd1971187945eb71e5ccb873e90a84ee7ae", "ad3a9d7402d494048c934b5af612bdf8da822fa7b22e57b8fe48e98a92f772b8", "cd07e3707ed997f08cea9f73113be57561dd3d6286310fd096904deb8fc465c7", "d27df86a574f9e5e3f6b0a6ffd180da3c8d46e3ee94ea65eff4d1e782be9a915", "e302839fbcbdc6da9e8235013a8abce6425eba48eaf4dac3390360334ebe756e", "ea3d4eae7eea6f718c8d6999c847f81d046d5a2800f90db40a12c1b2788d630f", "ee10b9a36e59990b0a49cf0044f2f23f4fc0e9f7b56057d74c96d99b0736a584", "fa22998a51ea7dbbd88a0e1d1c11e88e1c0a801125d2e330348323987d00ccaa"], "path": "%ProgramFiles%\\7-Zip\\Lang\\yo.txt"}, {"hashes": ["152d8dfacdec0ebe7008b0ec41f110111209a69bda12c7e011ea824544479e10", "1b25c660f2dbb2be0ba596bb2697f486b92a961bba24226aeb82d8f0ac2f8d47", "324b40debcda6f4b9795a3880ff35b56a92d865abb7c3525f6b40e28c52d9594", "5063d5e6f90dbb6e360259ac24c11c62b1439f90966bdc72dedf60e243b9e87a", "521294a88093ea2b7a2b89ec3005b6398f20780874d410663b63429e58b1555a", "66e3b4babf44c3168e1524e84dafd4f19bbfd25feff600422f18553c0dc9c75d", "7dc78a81de59dc3f666c25c6d10ae730b50d6d2ee341088371f92f137a938530", "9c4498d0ed0c9941d61fed83e91942b40ac298b12acfccaeb9d84526103ff4c8", "a4cecd9cad126bbb98545d8bdb471fd1971187945eb71e5ccb873e90a84ee7ae", "ad3a9d7402d494048c934b5af612bdf8da822fa7b22e57b8fe48e98a92f772b8", "cd07e3707ed997f08cea9f73113be57561dd3d6286310fd096904deb8fc465c7", "d27df86a574f9e5e3f6b0a6ffd180da3c8d46e3ee94ea65eff4d1e782be9a915", "e302839fbcbdc6da9e8235013a8abce6425eba48eaf4dac3390360334ebe756e", "ea3d4eae7eea6f718c8d6999c847f81d046d5a2800f90db40a12c1b2788d630f", "ee10b9a36e59990b0a49cf0044f2f23f4fc0e9f7b56057d74c96d99b0736a584", "fa22998a51ea7dbbd88a0e1d1c11e88e1c0a801125d2e330348323987d00ccaa"], "path": "%ProgramFiles%\\7-Zip\\Lang\\zh-cn.txt"}, {"hashes": ["152d8dfacdec0ebe7008b0ec41f110111209a69bda12c7e011ea824544479e10", "1b25c660f2dbb2be0ba596bb2697f486b92a961bba24226aeb82d8f0ac2f8d47", "324b40debcda6f4b9795a3880ff35b56a92d865abb7c3525f6b40e28c52d9594", "5063d5e6f90dbb6e360259ac24c11c62b1439f90966bdc72dedf60e243b9e87a", "521294a88093ea2b7a2b89ec3005b6398f20780874d410663b63429e58b1555a", "66e3b4babf44c3168e1524e84dafd4f19bbfd25feff600422f18553c0dc9c75d", "7dc78a81de59dc3f666c25c6d10ae730b50d6d2ee341088371f92f137a938530", "9c4498d0ed0c9941d61fed83e91942b40ac298b12acfccaeb9d84526103ff4c8", "a4cecd9cad126bbb98545d8bdb471fd1971187945eb71e5ccb873e90a84ee7ae", "ad3a9d7402d494048c934b5af612bdf8da822fa7b22e57b8fe48e98a92f772b8", "cd07e3707ed997f08cea9f73113be57561dd3d6286310fd096904deb8fc465c7", "d27df86a574f9e5e3f6b0a6ffd180da3c8d46e3ee94ea65eff4d1e782be9a915", "e302839fbcbdc6da9e8235013a8abce6425eba48eaf4dac3390360334ebe756e", "ea3d4eae7eea6f718c8d6999c847f81d046d5a2800f90db40a12c1b2788d630f", "ee10b9a36e59990b0a49cf0044f2f23f4fc0e9f7b56057d74c96d99b0736a584", "fa22998a51ea7dbbd88a0e1d1c11e88e1c0a801125d2e330348323987d00ccaa"], "path": "%ProgramFiles%\\7-Zip\\Lang\\zh-tw.txt"}, {"hashes": ["152d8dfacdec0ebe7008b0ec41f110111209a69bda12c7e011ea824544479e10", "1b25c660f2dbb2be0ba596bb2697f486b92a961bba24226aeb82d8f0ac2f8d47", "324b40debcda6f4b9795a3880ff35b56a92d865abb7c3525f6b40e28c52d9594", "5063d5e6f90dbb6e360259ac24c11c62b1439f90966bdc72dedf60e243b9e87a", "521294a88093ea2b7a2b89ec3005b6398f20780874d410663b63429e58b1555a", "66e3b4babf44c3168e1524e84dafd4f19bbfd25feff600422f18553c0dc9c75d", "7dc78a81de59dc3f666c25c6d10ae730b50d6d2ee341088371f92f137a938530", "9c4498d0ed0c9941d61fed83e91942b40ac298b12acfccaeb9d84526103ff4c8", "a4cecd9cad126bbb98545d8bdb471fd1971187945eb71e5ccb873e90a84ee7ae", "ad3a9d7402d494048c934b5af612bdf8da822fa7b22e57b8fe48e98a92f772b8", "cd07e3707ed997f08cea9f73113be57561dd3d6286310fd096904deb8fc465c7", "d27df86a574f9e5e3f6b0a6ffd180da3c8d46e3ee94ea65eff4d1e782be9a915", "e302839fbcbdc6da9e8235013a8abce6425eba48eaf4dac3390360334ebe756e", "ea3d4eae7eea6f718c8d6999c847f81d046d5a2800f90db40a12c1b2788d630f", "ee10b9a36e59990b0a49cf0044f2f23f4fc0e9f7b56057d74c96d99b0736a584", "fa22998a51ea7dbbd88a0e1d1c11e88e1c0a801125d2e330348323987d00ccaa"], "path": "%ProgramFiles%\\7-Zip\\License.txt"}, {"hashes": ["152d8dfacdec0ebe7008b0ec41f110111209a69bda12c7e011ea824544479e10", "1b25c660f2dbb2be0ba596bb2697f486b92a961bba24226aeb82d8f0ac2f8d47", "324b40debcda6f4b9795a3880ff35b56a92d865abb7c3525f6b40e28c52d9594", "5063d5e6f90dbb6e360259ac24c11c62b1439f90966bdc72dedf60e243b9e87a", "521294a88093ea2b7a2b89ec3005b6398f20780874d410663b63429e58b1555a", "66e3b4babf44c3168e1524e84dafd4f19bbfd25feff600422f18553c0dc9c75d", "7dc78a81de59dc3f666c25c6d10ae730b50d6d2ee341088371f92f137a938530", "9c4498d0ed0c9941d61fed83e91942b40ac298b12acfccaeb9d84526103ff4c8", "a4cecd9cad126bbb98545d8bdb471fd1971187945eb71e5ccb873e90a84ee7ae", "ad3a9d7402d494048c934b5af612bdf8da822fa7b22e57b8fe48e98a92f772b8", "cd07e3707ed997f08cea9f73113be57561dd3d6286310fd096904deb8fc465c7", "d27df86a574f9e5e3f6b0a6ffd180da3c8d46e3ee94ea65eff4d1e782be9a915", "e302839fbcbdc6da9e8235013a8abce6425eba48eaf4dac3390360334ebe756e", "ea3d4eae7eea6f718c8d6999c847f81d046d5a2800f90db40a12c1b2788d630f", "ee10b9a36e59990b0a49cf0044f2f23f4fc0e9f7b56057d74c96d99b0736a584", "fa22998a51ea7dbbd88a0e1d1c11e88e1c0a801125d2e330348323987d00ccaa"], "path": "%ProgramFiles%\\7-Zip\\readme.txt"}, {"hashes": ["152d8dfacdec0ebe7008b0ec41f110111209a69bda12c7e011ea824544479e10", "1b25c660f2dbb2be0ba596bb2697f486b92a961bba24226aeb82d8f0ac2f8d47", "324b40debcda6f4b9795a3880ff35b56a92d865abb7c3525f6b40e28c52d9594", "5063d5e6f90dbb6e360259ac24c11c62b1439f90966bdc72dedf60e243b9e87a", "521294a88093ea2b7a2b89ec3005b6398f20780874d410663b63429e58b1555a", "66e3b4babf44c3168e1524e84dafd4f19bbfd25feff600422f18553c0dc9c75d", "7dc78a81de59dc3f666c25c6d10ae730b50d6d2ee341088371f92f137a938530", "9c4498d0ed0c9941d61fed83e91942b40ac298b12acfccaeb9d84526103ff4c8", "a4cecd9cad126bbb98545d8bdb471fd1971187945eb71e5ccb873e90a84ee7ae", "ad3a9d7402d494048c934b5af612bdf8da822fa7b22e57b8fe48e98a92f772b8", "cd07e3707ed997f08cea9f73113be57561dd3d6286310fd096904deb8fc465c7", "d27df86a574f9e5e3f6b0a6ffd180da3c8d46e3ee94ea65eff4d1e782be9a915", "e302839fbcbdc6da9e8235013a8abce6425eba48eaf4dac3390360334ebe756e", "ea3d4eae7eea6f718c8d6999c847f81d046d5a2800f90db40a12c1b2788d630f", "ee10b9a36e59990b0a49cf0044f2f23f4fc0e9f7b56057d74c96d99b0736a584", "fa22998a51ea7dbbd88a0e1d1c11e88e1c0a801125d2e330348323987d00ccaa"], "path": "%ProgramFiles%\\Zulu\\zulu-8\\demo\\jfc\\CodePointIM\\src.zip"}, {"hashes": ["152d8dfacdec0ebe7008b0ec41f110111209a69bda12c7e011ea824544479e10", "1b25c660f2dbb2be0ba596bb2697f486b92a961bba24226aeb82d8f0ac2f8d47", "324b40debcda6f4b9795a3880ff35b56a92d865abb7c3525f6b40e28c52d9594", "5063d5e6f90dbb6e360259ac24c11c62b1439f90966bdc72dedf60e243b9e87a", "521294a88093ea2b7a2b89ec3005b6398f20780874d410663b63429e58b1555a", "66e3b4babf44c3168e1524e84dafd4f19bbfd25feff600422f18553c0dc9c75d", "7dc78a81de59dc3f666c25c6d10ae730b50d6d2ee341088371f92f137a938530", "9c4498d0ed0c9941d61fed83e91942b40ac298b12acfccaeb9d84526103ff4c8", "a4cecd9cad126bbb98545d8bdb471fd1971187945eb71e5ccb873e90a84ee7ae", "ad3a9d7402d494048c934b5af612bdf8da822fa7b22e57b8fe48e98a92f772b8", "cd07e3707ed997f08cea9f73113be57561dd3d6286310fd096904deb8fc465c7", "d27df86a574f9e5e3f6b0a6ffd180da3c8d46e3ee94ea65eff4d1e782be9a915", "e302839fbcbdc6da9e8235013a8abce6425eba48eaf4dac3390360334ebe756e", "ea3d4eae7eea6f718c8d6999c847f81d046d5a2800f90db40a12c1b2788d630f", "ee10b9a36e59990b0a49cf0044f2f23f4fc0e9f7b56057d74c96d99b0736a584", "fa22998a51ea7dbbd88a0e1d1c11e88e1c0a801125d2e330348323987d00ccaa"], "path": "%ProgramFiles%\\Zulu\\zulu-8\\demo\\jfc\\FileChooserDemo\\README.txt"}, {"hashes": ["152d8dfacdec0ebe7008b0ec41f110111209a69bda12c7e011ea824544479e10", "1b25c660f2dbb2be0ba596bb2697f486b92a961bba24226aeb82d8f0ac2f8d47", "324b40debcda6f4b9795a3880ff35b56a92d865abb7c3525f6b40e28c52d9594", "5063d5e6f90dbb6e360259ac24c11c62b1439f90966bdc72dedf60e243b9e87a", "521294a88093ea2b7a2b89ec3005b6398f20780874d410663b63429e58b1555a", "66e3b4babf44c3168e1524e84dafd4f19bbfd25feff600422f18553c0dc9c75d", "7dc78a81de59dc3f666c25c6d10ae730b50d6d2ee341088371f92f137a938530", "9c4498d0ed0c9941d61fed83e91942b40ac298b12acfccaeb9d84526103ff4c8", "a4cecd9cad126bbb98545d8bdb471fd1971187945eb71e5ccb873e90a84ee7ae", "ad3a9d7402d494048c934b5af612bdf8da822fa7b22e57b8fe48e98a92f772b8", "cd07e3707ed997f08cea9f73113be57561dd3d6286310fd096904deb8fc465c7", "d27df86a574f9e5e3f6b0a6ffd180da3c8d46e3ee94ea65eff4d1e782be9a915", "e302839fbcbdc6da9e8235013a8abce6425eba48eaf4dac3390360334ebe756e", "ea3d4eae7eea6f718c8d6999c847f81d046d5a2800f90db40a12c1b2788d630f", "ee10b9a36e59990b0a49cf0044f2f23f4fc0e9f7b56057d74c96d99b0736a584", "fa22998a51ea7dbbd88a0e1d1c11e88e1c0a801125d2e330348323987d00ccaa"], "path": "%ProgramFiles%\\Zulu\\zulu-8\\demo\\jfc\\FileChooserDemo\\src.zip"}, {"hashes": ["152d8dfacdec0ebe7008b0ec41f110111209a69bda12c7e011ea824544479e10", "1b25c660f2dbb2be0ba596bb2697f486b92a961bba24226aeb82d8f0ac2f8d47", "324b40debcda6f4b9795a3880ff35b56a92d865abb7c3525f6b40e28c52d9594", "5063d5e6f90dbb6e360259ac24c11c62b1439f90966bdc72dedf60e243b9e87a", "521294a88093ea2b7a2b89ec3005b6398f20780874d410663b63429e58b1555a", "66e3b4babf44c3168e1524e84dafd4f19bbfd25feff600422f18553c0dc9c75d", "7dc78a81de59dc3f666c25c6d10ae730b50d6d2ee341088371f92f137a938530", "9c4498d0ed0c9941d61fed83e91942b40ac298b12acfccaeb9d84526103ff4c8", "a4cecd9cad126bbb98545d8bdb471fd1971187945eb71e5ccb873e90a84ee7ae", "ad3a9d7402d494048c934b5af612bdf8da822fa7b22e57b8fe48e98a92f772b8", "cd07e3707ed997f08cea9f73113be57561dd3d6286310fd096904deb8fc465c7", "d27df86a574f9e5e3f6b0a6ffd180da3c8d46e3ee94ea65eff4d1e782be9a915", "e302839fbcbdc6da9e8235013a8abce6425eba48eaf4dac3390360334ebe756e", "ea3d4eae7eea6f718c8d6999c847f81d046d5a2800f90db40a12c1b2788d630f", "ee10b9a36e59990b0a49cf0044f2f23f4fc0e9f7b56057d74c96d99b0736a584", "fa22998a51ea7dbbd88a0e1d1c11e88e1c0a801125d2e330348323987d00ccaa"], "path": "%ProgramFiles%\\Zulu\\zulu-8\\demo\\jfc\\Metalworks\\README.txt"}, {"hashes": ["152d8dfacdec0ebe7008b0ec41f110111209a69bda12c7e011ea824544479e10", "1b25c660f2dbb2be0ba596bb2697f486b92a961bba24226aeb82d8f0ac2f8d47", "324b40debcda6f4b9795a3880ff35b56a92d865abb7c3525f6b40e28c52d9594", "5063d5e6f90dbb6e360259ac24c11c62b1439f90966bdc72dedf60e243b9e87a", "521294a88093ea2b7a2b89ec3005b6398f20780874d410663b63429e58b1555a", "66e3b4babf44c3168e1524e84dafd4f19bbfd25feff600422f18553c0dc9c75d", "7dc78a81de59dc3f666c25c6d10ae730b50d6d2ee341088371f92f137a938530", "9c4498d0ed0c9941d61fed83e91942b40ac298b12acfccaeb9d84526103ff4c8", "a4cecd9cad126bbb98545d8bdb471fd1971187945eb71e5ccb873e90a84ee7ae", "ad3a9d7402d494048c934b5af612bdf8da822fa7b22e57b8fe48e98a92f772b8", "cd07e3707ed997f08cea9f73113be57561dd3d6286310fd096904deb8fc465c7", "d27df86a574f9e5e3f6b0a6ffd180da3c8d46e3ee94ea65eff4d1e782be9a915", "e302839fbcbdc6da9e8235013a8abce6425eba48eaf4dac3390360334ebe756e", "ea3d4eae7eea6f718c8d6999c847f81d046d5a2800f90db40a12c1b2788d630f", "ee10b9a36e59990b0a49cf0044f2f23f4fc0e9f7b56057d74c96d99b0736a584", "fa22998a51ea7dbbd88a0e1d1c11e88e1c0a801125d2e330348323987d00ccaa"], "path": "%ProgramFiles%\\Zulu\\zulu-8\\demo\\jfc\\Metalworks\\src.zip"}, {"hashes": ["152d8dfacdec0ebe7008b0ec41f110111209a69bda12c7e011ea824544479e10", "1b25c660f2dbb2be0ba596bb2697f486b92a961bba24226aeb82d8f0ac2f8d47", "324b40debcda6f4b9795a3880ff35b56a92d865abb7c3525f6b40e28c52d9594", "5063d5e6f90dbb6e360259ac24c11c62b1439f90966bdc72dedf60e243b9e87a", "521294a88093ea2b7a2b89ec3005b6398f20780874d410663b63429e58b1555a", "66e3b4babf44c3168e1524e84dafd4f19bbfd25feff600422f18553c0dc9c75d", "7dc78a81de59dc3f666c25c6d10ae730b50d6d2ee341088371f92f137a938530", "9c4498d0ed0c9941d61fed83e91942b40ac298b12acfccaeb9d84526103ff4c8", "a4cecd9cad126bbb98545d8bdb471fd1971187945eb71e5ccb873e90a84ee7ae", "ad3a9d7402d494048c934b5af612bdf8da822fa7b22e57b8fe48e98a92f772b8", "cd07e3707ed997f08cea9f73113be57561dd3d6286310fd096904deb8fc465c7", "d27df86a574f9e5e3f6b0a6ffd180da3c8d46e3ee94ea65eff4d1e782be9a915", "e302839fbcbdc6da9e8235013a8abce6425eba48eaf4dac3390360334ebe756e", "ea3d4eae7eea6f718c8d6999c847f81d046d5a2800f90db40a12c1b2788d630f", "ee10b9a36e59990b0a49cf0044f2f23f4fc0e9f7b56057d74c96d99b0736a584", "fa22998a51ea7dbbd88a0e1d1c11e88e1c0a801125d2e330348323987d00ccaa"], "path": "%ProgramFiles%\\Zulu\\zulu-8\\demo\\jfc\\Notepad\\README.txt"}, {"hashes": ["152d8dfacdec0ebe7008b0ec41f110111209a69bda12c7e011ea824544479e10", "1b25c660f2dbb2be0ba596bb2697f486b92a961bba24226aeb82d8f0ac2f8d47", "324b40debcda6f4b9795a3880ff35b56a92d865abb7c3525f6b40e28c52d9594", "5063d5e6f90dbb6e360259ac24c11c62b1439f90966bdc72dedf60e243b9e87a", "521294a88093ea2b7a2b89ec3005b6398f20780874d410663b63429e58b1555a", "66e3b4babf44c3168e1524e84dafd4f19bbfd25feff600422f18553c0dc9c75d", "7dc78a81de59dc3f666c25c6d10ae730b50d6d2ee341088371f92f137a938530", "9c4498d0ed0c9941d61fed83e91942b40ac298b12acfccaeb9d84526103ff4c8", "a4cecd9cad126bbb98545d8bdb471fd1971187945eb71e5ccb873e90a84ee7ae", "ad3a9d7402d494048c934b5af612bdf8da822fa7b22e57b8fe48e98a92f772b8", "cd07e3707ed997f08cea9f73113be57561dd3d6286310fd096904deb8fc465c7", "d27df86a574f9e5e3f6b0a6ffd180da3c8d46e3ee94ea65eff4d1e782be9a915", "e302839fbcbdc6da9e8235013a8abce6425eba48eaf4dac3390360334ebe756e", "ea3d4eae7eea6f718c8d6999c847f81d046d5a2800f90db40a12c1b2788d630f", "ee10b9a36e59990b0a49cf0044f2f23f4fc0e9f7b56057d74c96d99b0736a584", "fa22998a51ea7dbbd88a0e1d1c11e88e1c0a801125d2e330348323987d00ccaa"], "path": "%ProgramFiles%\\Zulu\\zulu-8\\demo\\jfc\\Notepad\\src.zip"}, {"hashes": ["152d8dfacdec0ebe7008b0ec41f110111209a69bda12c7e011ea824544479e10", "1b25c660f2dbb2be0ba596bb2697f486b92a961bba24226aeb82d8f0ac2f8d47", "324b40debcda6f4b9795a3880ff35b56a92d865abb7c3525f6b40e28c52d9594", "5063d5e6f90dbb6e360259ac24c11c62b1439f90966bdc72dedf60e243b9e87a", "521294a88093ea2b7a2b89ec3005b6398f20780874d410663b63429e58b1555a", "66e3b4babf44c3168e1524e84dafd4f19bbfd25feff600422f18553c0dc9c75d", "7dc78a81de59dc3f666c25c6d10ae730b50d6d2ee341088371f92f137a938530", "9c4498d0ed0c9941d61fed83e91942b40ac298b12acfccaeb9d84526103ff4c8", "a4cecd9cad126bbb98545d8bdb471fd1971187945eb71e5ccb873e90a84ee7ae", "ad3a9d7402d494048c934b5af612bdf8da822fa7b22e57b8fe48e98a92f772b8", "cd07e3707ed997f08cea9f73113be57561dd3d6286310fd096904deb8fc465c7", "d27df86a574f9e5e3f6b0a6ffd180da3c8d46e3ee94ea65eff4d1e782be9a915", "e302839fbcbdc6da9e8235013a8abce6425eba48eaf4dac3390360334ebe756e", "ea3d4eae7eea6f718c8d6999c847f81d046d5a2800f90db40a12c1b2788d630f", "ee10b9a36e59990b0a49cf0044f2f23f4fc0e9f7b56057d74c96d99b0736a584", "fa22998a51ea7dbbd88a0e1d1c11e88e1c0a801125d2e330348323987d00ccaa"], "path": "%ProgramFiles%\\Zulu\\zulu-8\\demo\\jfc\\SampleTree\\README.txt"}, {"hashes": ["152d8dfacdec0ebe7008b0ec41f110111209a69bda12c7e011ea824544479e10", "1b25c660f2dbb2be0ba596bb2697f486b92a961bba24226aeb82d8f0ac2f8d47", "324b40debcda6f4b9795a3880ff35b56a92d865abb7c3525f6b40e28c52d9594", "5063d5e6f90dbb6e360259ac24c11c62b1439f90966bdc72dedf60e243b9e87a", "521294a88093ea2b7a2b89ec3005b6398f20780874d410663b63429e58b1555a", "66e3b4babf44c3168e1524e84dafd4f19bbfd25feff600422f18553c0dc9c75d", "7dc78a81de59dc3f666c25c6d10ae730b50d6d2ee341088371f92f137a938530", "9c4498d0ed0c9941d61fed83e91942b40ac298b12acfccaeb9d84526103ff4c8", "a4cecd9cad126bbb98545d8bdb471fd1971187945eb71e5ccb873e90a84ee7ae", "ad3a9d7402d494048c934b5af612bdf8da822fa7b22e57b8fe48e98a92f772b8", "cd07e3707ed997f08cea9f73113be57561dd3d6286310fd096904deb8fc465c7", "d27df86a574f9e5e3f6b0a6ffd180da3c8d46e3ee94ea65eff4d1e782be9a915", "e302839fbcbdc6da9e8235013a8abce6425eba48eaf4dac3390360334ebe756e", "ea3d4eae7eea6f718c8d6999c847f81d046d5a2800f90db40a12c1b2788d630f", "ee10b9a36e59990b0a49cf0044f2f23f4fc0e9f7b56057d74c96d99b0736a584", "fa22998a51ea7dbbd88a0e1d1c11e88e1c0a801125d2e330348323987d00ccaa"], "path": "%ProgramFiles%\\Zulu\\zulu-8\\demo\\jfc\\SampleTree\\src.zip"}, {"hashes": ["152d8dfacdec0ebe7008b0ec41f110111209a69bda12c7e011ea824544479e10", "1b25c660f2dbb2be0ba596bb2697f486b92a961bba24226aeb82d8f0ac2f8d47", "324b40debcda6f4b9795a3880ff35b56a92d865abb7c3525f6b40e28c52d9594", "5063d5e6f90dbb6e360259ac24c11c62b1439f90966bdc72dedf60e243b9e87a", "521294a88093ea2b7a2b89ec3005b6398f20780874d410663b63429e58b1555a", "66e3b4babf44c3168e1524e84dafd4f19bbfd25feff600422f18553c0dc9c75d", "7dc78a81de59dc3f666c25c6d10ae730b50d6d2ee341088371f92f137a938530", "9c4498d0ed0c9941d61fed83e91942b40ac298b12acfccaeb9d84526103ff4c8", "a4cecd9cad126bbb98545d8bdb471fd1971187945eb71e5ccb873e90a84ee7ae", "ad3a9d7402d494048c934b5af612bdf8da822fa7b22e57b8fe48e98a92f772b8", "cd07e3707ed997f08cea9f73113be57561dd3d6286310fd096904deb8fc465c7", "d27df86a574f9e5e3f6b0a6ffd180da3c8d46e3ee94ea65eff4d1e782be9a915", "e302839fbcbdc6da9e8235013a8abce6425eba48eaf4dac3390360334ebe756e", "ea3d4eae7eea6f718c8d6999c847f81d046d5a2800f90db40a12c1b2788d630f", "ee10b9a36e59990b0a49cf0044f2f23f4fc0e9f7b56057d74c96d99b0736a584", "fa22998a51ea7dbbd88a0e1d1c11e88e1c0a801125d2e330348323987d00ccaa"], "path": "%ProgramFiles%\\Zulu\\zulu-8\\demo\\jfc\\TableExample\\README.txt"}], "ip": [{"hashes": ["152d8dfacdec0ebe7008b0ec41f110111209a69bda12c7e011ea824544479e10", "1b25c660f2dbb2be0ba596bb2697f486b92a961bba24226aeb82d8f0ac2f8d47", "324b40debcda6f4b9795a3880ff35b56a92d865abb7c3525f6b40e28c52d9594", "5063d5e6f90dbb6e360259ac24c11c62b1439f90966bdc72dedf60e243b9e87a", "521294a88093ea2b7a2b89ec3005b6398f20780874d410663b63429e58b1555a", "66e3b4babf44c3168e1524e84dafd4f19bbfd25feff600422f18553c0dc9c75d", "7dc78a81de59dc3f666c25c6d10ae730b50d6d2ee341088371f92f137a938530", "9c4498d0ed0c9941d61fed83e91942b40ac298b12acfccaeb9d84526103ff4c8", "a4cecd9cad126bbb98545d8bdb471fd1971187945eb71e5ccb873e90a84ee7ae", "ad3a9d7402d494048c934b5af612bdf8da822fa7b22e57b8fe48e98a92f772b8", "cd07e3707ed997f08cea9f73113be57561dd3d6286310fd096904deb8fc465c7", "d27df86a574f9e5e3f6b0a6ffd180da3c8d46e3ee94ea65eff4d1e782be9a915", "e302839fbcbdc6da9e8235013a8abce6425eba48eaf4dac3390360334ebe756e", "ea3d4eae7eea6f718c8d6999c847f81d046d5a2800f90db40a12c1b2788d630f", "ee10b9a36e59990b0a49cf0044f2f23f4fc0e9f7b56057d74c96d99b0736a584", "fa22998a51ea7dbbd88a0e1d1c11e88e1c0a801125d2e330348323987d00ccaa"], "ip": "110[.]45[.]144[.]173"}, {"hashes": ["152d8dfacdec0ebe7008b0ec41f110111209a69bda12c7e011ea824544479e10", "1b25c660f2dbb2be0ba596bb2697f486b92a961bba24226aeb82d8f0ac2f8d47", "324b40debcda6f4b9795a3880ff35b56a92d865abb7c3525f6b40e28c52d9594", "5063d5e6f90dbb6e360259ac24c11c62b1439f90966bdc72dedf60e243b9e87a", "521294a88093ea2b7a2b89ec3005b6398f20780874d410663b63429e58b1555a", "66e3b4babf44c3168e1524e84dafd4f19bbfd25feff600422f18553c0dc9c75d", "7dc78a81de59dc3f666c25c6d10ae730b50d6d2ee341088371f92f137a938530", "9c4498d0ed0c9941d61fed83e91942b40ac298b12acfccaeb9d84526103ff4c8", "a4cecd9cad126bbb98545d8bdb471fd1971187945eb71e5ccb873e90a84ee7ae", "ad3a9d7402d494048c934b5af612bdf8da822fa7b22e57b8fe48e98a92f772b8", "cd07e3707ed997f08cea9f73113be57561dd3d6286310fd096904deb8fc465c7", "d27df86a574f9e5e3f6b0a6ffd180da3c8d46e3ee94ea65eff4d1e782be9a915", "e302839fbcbdc6da9e8235013a8abce6425eba48eaf4dac3390360334ebe756e", "ea3d4eae7eea6f718c8d6999c847f81d046d5a2800f90db40a12c1b2788d630f", "ee10b9a36e59990b0a49cf0044f2f23f4fc0e9f7b56057d74c96d99b0736a584", "fa22998a51ea7dbbd88a0e1d1c11e88e1c0a801125d2e330348323987d00ccaa"], "ip": "50[.]87[.]147[.]73"}, {"hashes": ["152d8dfacdec0ebe7008b0ec41f110111209a69bda12c7e011ea824544479e10", "1b25c660f2dbb2be0ba596bb2697f486b92a961bba24226aeb82d8f0ac2f8d47", "324b40debcda6f4b9795a3880ff35b56a92d865abb7c3525f6b40e28c52d9594", "5063d5e6f90dbb6e360259ac24c11c62b1439f90966bdc72dedf60e243b9e87a", "521294a88093ea2b7a2b89ec3005b6398f20780874d410663b63429e58b1555a", "66e3b4babf44c3168e1524e84dafd4f19bbfd25feff600422f18553c0dc9c75d", "7dc78a81de59dc3f666c25c6d10ae730b50d6d2ee341088371f92f137a938530", "9c4498d0ed0c9941d61fed83e91942b40ac298b12acfccaeb9d84526103ff4c8", "a4cecd9cad126bbb98545d8bdb471fd1971187945eb71e5ccb873e90a84ee7ae", "ad3a9d7402d494048c934b5af612bdf8da822fa7b22e57b8fe48e98a92f772b8", "cd07e3707ed997f08cea9f73113be57561dd3d6286310fd096904deb8fc465c7", "d27df86a574f9e5e3f6b0a6ffd180da3c8d46e3ee94ea65eff4d1e782be9a915", "e302839fbcbdc6da9e8235013a8abce6425eba48eaf4dac3390360334ebe756e", "ea3d4eae7eea6f718c8d6999c847f81d046d5a2800f90db40a12c1b2788d630f", "ee10b9a36e59990b0a49cf0044f2f23f4fc0e9f7b56057d74c96d99b0736a584", "fa22998a51ea7dbbd88a0e1d1c11e88e1c0a801125d2e330348323987d00ccaa"], "ip": "35[.]205[.]61[.]67"}, {"hashes": ["152d8dfacdec0ebe7008b0ec41f110111209a69bda12c7e011ea824544479e10", "1b25c660f2dbb2be0ba596bb2697f486b92a961bba24226aeb82d8f0ac2f8d47", "324b40debcda6f4b9795a3880ff35b56a92d865abb7c3525f6b40e28c52d9594", "5063d5e6f90dbb6e360259ac24c11c62b1439f90966bdc72dedf60e243b9e87a", "521294a88093ea2b7a2b89ec3005b6398f20780874d410663b63429e58b1555a", "66e3b4babf44c3168e1524e84dafd4f19bbfd25feff600422f18553c0dc9c75d", "7dc78a81de59dc3f666c25c6d10ae730b50d6d2ee341088371f92f137a938530", "9c4498d0ed0c9941d61fed83e91942b40ac298b12acfccaeb9d84526103ff4c8", "a4cecd9cad126bbb98545d8bdb471fd1971187945eb71e5ccb873e90a84ee7ae", "ad3a9d7402d494048c934b5af612bdf8da822fa7b22e57b8fe48e98a92f772b8", "cd07e3707ed997f08cea9f73113be57561dd3d6286310fd096904deb8fc465c7", "d27df86a574f9e5e3f6b0a6ffd180da3c8d46e3ee94ea65eff4d1e782be9a915", "e302839fbcbdc6da9e8235013a8abce6425eba48eaf4dac3390360334ebe756e", "ea3d4eae7eea6f718c8d6999c847f81d046d5a2800f90db40a12c1b2788d630f", "fa22998a51ea7dbbd88a0e1d1c11e88e1c0a801125d2e330348323987d00ccaa"], "ip": "2[.]57[.]138[.]47"}, {"hashes": ["1b25c660f2dbb2be0ba596bb2697f486b92a961bba24226aeb82d8f0ac2f8d47", "5063d5e6f90dbb6e360259ac24c11c62b1439f90966bdc72dedf60e243b9e87a", "66e3b4babf44c3168e1524e84dafd4f19bbfd25feff600422f18553c0dc9c75d", "7dc78a81de59dc3f666c25c6d10ae730b50d6d2ee341088371f92f137a938530", "a4cecd9cad126bbb98545d8bdb471fd1971187945eb71e5ccb873e90a84ee7ae", "ad3a9d7402d494048c934b5af612bdf8da822fa7b22e57b8fe48e98a92f772b8", "cd07e3707ed997f08cea9f73113be57561dd3d6286310fd096904deb8fc465c7", "d27df86a574f9e5e3f6b0a6ffd180da3c8d46e3ee94ea65eff4d1e782be9a915", "e302839fbcbdc6da9e8235013a8abce6425eba48eaf4dac3390360334ebe756e"], "ip": "3[.]33[.]152[.]147"}, {"hashes": ["152d8dfacdec0ebe7008b0ec41f110111209a69bda12c7e011ea824544479e10", "324b40debcda6f4b9795a3880ff35b56a92d865abb7c3525f6b40e28c52d9594", "521294a88093ea2b7a2b89ec3005b6398f20780874d410663b63429e58b1555a", "9c4498d0ed0c9941d61fed83e91942b40ac298b12acfccaeb9d84526103ff4c8", "ea3d4eae7eea6f718c8d6999c847f81d046d5a2800f90db40a12c1b2788d630f", "ee10b9a36e59990b0a49cf0044f2f23f4fc0e9f7b56057d74c96d99b0736a584", "fa22998a51ea7dbbd88a0e1d1c11e88e1c0a801125d2e330348323987d00ccaa"], "ip": "15[.]197[.]142[.]173"}], "mutex": [{"hashes": ["152d8dfacdec0ebe7008b0ec41f110111209a69bda12c7e011ea824544479e10", "1b25c660f2dbb2be0ba596bb2697f486b92a961bba24226aeb82d8f0ac2f8d47", "324b40debcda6f4b9795a3880ff35b56a92d865abb7c3525f6b40e28c52d9594", "5063d5e6f90dbb6e360259ac24c11c62b1439f90966bdc72dedf60e243b9e87a", "521294a88093ea2b7a2b89ec3005b6398f20780874d410663b63429e58b1555a", "66e3b4babf44c3168e1524e84dafd4f19bbfd25feff600422f18553c0dc9c75d", "7dc78a81de59dc3f666c25c6d10ae730b50d6d2ee341088371f92f137a938530", "9c4498d0ed0c9941d61fed83e91942b40ac298b12acfccaeb9d84526103ff4c8", "a4cecd9cad126bbb98545d8bdb471fd1971187945eb71e5ccb873e90a84ee7ae", "ad3a9d7402d494048c934b5af612bdf8da822fa7b22e57b8fe48e98a92f772b8", "cd07e3707ed997f08cea9f73113be57561dd3d6286310fd096904deb8fc465c7", "d27df86a574f9e5e3f6b0a6ffd180da3c8d46e3ee94ea65eff4d1e782be9a915", "e302839fbcbdc6da9e8235013a8abce6425eba48eaf4dac3390360334ebe756e", "ea3d4eae7eea6f718c8d6999c847f81d046d5a2800f90db40a12c1b2788d630f", "ee10b9a36e59990b0a49cf0044f2f23f4fc0e9f7b56057d74c96d99b0736a584", "fa22998a51ea7dbbd88a0e1d1c11e88e1c0a801125d2e330348323987d00ccaa"], "name": "ityeofm9234-23423"}], "registry": [{"hashes": ["152d8dfacdec0ebe7008b0ec41f110111209a69bda12c7e011ea824544479e10", "1b25c660f2dbb2be0ba596bb2697f486b92a961bba24226aeb82d8f0ac2f8d47", "324b40debcda6f4b9795a3880ff35b56a92d865abb7c3525f6b40e28c52d9594", "5063d5e6f90dbb6e360259ac24c11c62b1439f90966bdc72dedf60e243b9e87a", "521294a88093ea2b7a2b89ec3005b6398f20780874d410663b63429e58b1555a", "66e3b4babf44c3168e1524e84dafd4f19bbfd25feff600422f18553c0dc9c75d", "7dc78a81de59dc3f666c25c6d10ae730b50d6d2ee341088371f92f137a938530", "9c4498d0ed0c9941d61fed83e91942b40ac298b12acfccaeb9d84526103ff4c8", "a4cecd9cad126bbb98545d8bdb471fd1971187945eb71e5ccb873e90a84ee7ae", "ad3a9d7402d494048c934b5af612bdf8da822fa7b22e57b8fe48e98a92f772b8", "cd07e3707ed997f08cea9f73113be57561dd3d6286310fd096904deb8fc465c7", "d27df86a574f9e5e3f6b0a6ffd180da3c8d46e3ee94ea65eff4d1e782be9a915", "e302839fbcbdc6da9e8235013a8abce6425eba48eaf4dac3390360334ebe756e", "ea3d4eae7eea6f718c8d6999c847f81d046d5a2800f90db40a12c1b2788d630f", "ee10b9a36e59990b0a49cf0044f2f23f4fc0e9f7b56057d74c96d99b0736a584", "fa22998a51ea7dbbd88a0e1d1c11e88e1c0a801125d2e330348323987d00ccaa"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\SYSTEM", "value_name": "EnableLinkedConnections"}, {"hashes": ["152d8dfacdec0ebe7008b0ec41f110111209a69bda12c7e011ea824544479e10", "1b25c660f2dbb2be0ba596bb2697f486b92a961bba24226aeb82d8f0ac2f8d47", "324b40debcda6f4b9795a3880ff35b56a92d865abb7c3525f6b40e28c52d9594", "5063d5e6f90dbb6e360259ac24c11c62b1439f90966bdc72dedf60e243b9e87a", "521294a88093ea2b7a2b89ec3005b6398f20780874d410663b63429e58b1555a", "66e3b4babf44c3168e1524e84dafd4f19bbfd25feff600422f18553c0dc9c75d", "7dc78a81de59dc3f666c25c6d10ae730b50d6d2ee341088371f92f137a938530", "9c4498d0ed0c9941d61fed83e91942b40ac298b12acfccaeb9d84526103ff4c8", "a4cecd9cad126bbb98545d8bdb471fd1971187945eb71e5ccb873e90a84ee7ae", "ad3a9d7402d494048c934b5af612bdf8da822fa7b22e57b8fe48e98a92f772b8", "cd07e3707ed997f08cea9f73113be57561dd3d6286310fd096904deb8fc465c7", "d27df86a574f9e5e3f6b0a6ffd180da3c8d46e3ee94ea65eff4d1e782be9a915", "e302839fbcbdc6da9e8235013a8abce6425eba48eaf4dac3390360334ebe756e", "ea3d4eae7eea6f718c8d6999c847f81d046d5a2800f90db40a12c1b2788d630f", "ee10b9a36e59990b0a49cf0044f2f23f4fc0e9f7b56057d74c96d99b0736a584", "fa22998a51ea7dbbd88a0e1d1c11e88e1c0a801125d2e330348323987d00ccaa"], "key": "<HKCU>\\SOFTWARE\\XXXSYS", "value_name": null}, {"hashes": ["152d8dfacdec0ebe7008b0ec41f110111209a69bda12c7e011ea824544479e10", "1b25c660f2dbb2be0ba596bb2697f486b92a961bba24226aeb82d8f0ac2f8d47", "324b40debcda6f4b9795a3880ff35b56a92d865abb7c3525f6b40e28c52d9594", "5063d5e6f90dbb6e360259ac24c11c62b1439f90966bdc72dedf60e243b9e87a", "521294a88093ea2b7a2b89ec3005b6398f20780874d410663b63429e58b1555a", "66e3b4babf44c3168e1524e84dafd4f19bbfd25feff600422f18553c0dc9c75d", "7dc78a81de59dc3f666c25c6d10ae730b50d6d2ee341088371f92f137a938530", "9c4498d0ed0c9941d61fed83e91942b40ac298b12acfccaeb9d84526103ff4c8", "a4cecd9cad126bbb98545d8bdb471fd1971187945eb71e5ccb873e90a84ee7ae", "ad3a9d7402d494048c934b5af612bdf8da822fa7b22e57b8fe48e98a92f772b8", "cd07e3707ed997f08cea9f73113be57561dd3d6286310fd096904deb8fc465c7", "d27df86a574f9e5e3f6b0a6ffd180da3c8d46e3ee94ea65eff4d1e782be9a915", "e302839fbcbdc6da9e8235013a8abce6425eba48eaf4dac3390360334ebe756e", "ea3d4eae7eea6f718c8d6999c847f81d046d5a2800f90db40a12c1b2788d630f", "ee10b9a36e59990b0a49cf0044f2f23f4fc0e9f7b56057d74c96d99b0736a584", "fa22998a51ea7dbbd88a0e1d1c11e88e1c0a801125d2e330348323987d00ccaa"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\ACTION CENTER\\CHECKS\\{C8E6F269-B90A-4053-A3BE-499AFCEC98C4}.CHECK.0", "value_name": "CheckSetting"}, {"hashes": ["152d8dfacdec0ebe7008b0ec41f110111209a69bda12c7e011ea824544479e10", "1b25c660f2dbb2be0ba596bb2697f486b92a961bba24226aeb82d8f0ac2f8d47", "324b40debcda6f4b9795a3880ff35b56a92d865abb7c3525f6b40e28c52d9594", "5063d5e6f90dbb6e360259ac24c11c62b1439f90966bdc72dedf60e243b9e87a", "521294a88093ea2b7a2b89ec3005b6398f20780874d410663b63429e58b1555a", "66e3b4babf44c3168e1524e84dafd4f19bbfd25feff600422f18553c0dc9c75d", "7dc78a81de59dc3f666c25c6d10ae730b50d6d2ee341088371f92f137a938530", "9c4498d0ed0c9941d61fed83e91942b40ac298b12acfccaeb9d84526103ff4c8", "a4cecd9cad126bbb98545d8bdb471fd1971187945eb71e5ccb873e90a84ee7ae", "ad3a9d7402d494048c934b5af612bdf8da822fa7b22e57b8fe48e98a92f772b8", "cd07e3707ed997f08cea9f73113be57561dd3d6286310fd096904deb8fc465c7", "d27df86a574f9e5e3f6b0a6ffd180da3c8d46e3ee94ea65eff4d1e782be9a915", "e302839fbcbdc6da9e8235013a8abce6425eba48eaf4dac3390360334ebe756e", "ea3d4eae7eea6f718c8d6999c847f81d046d5a2800f90db40a12c1b2788d630f", "ee10b9a36e59990b0a49cf0044f2f23f4fc0e9f7b56057d74c96d99b0736a584", "fa22998a51ea7dbbd88a0e1d1c11e88e1c0a801125d2e330348323987d00ccaa"], "key": "<HKCU>\\SOFTWARE\\XXXSYS", "value_name": "ID"}, {"hashes": ["152d8dfacdec0ebe7008b0ec41f110111209a69bda12c7e011ea824544479e10", "1b25c660f2dbb2be0ba596bb2697f486b92a961bba24226aeb82d8f0ac2f8d47", "324b40debcda6f4b9795a3880ff35b56a92d865abb7c3525f6b40e28c52d9594", "5063d5e6f90dbb6e360259ac24c11c62b1439f90966bdc72dedf60e243b9e87a", "521294a88093ea2b7a2b89ec3005b6398f20780874d410663b63429e58b1555a", "66e3b4babf44c3168e1524e84dafd4f19bbfd25feff600422f18553c0dc9c75d", "7dc78a81de59dc3f666c25c6d10ae730b50d6d2ee341088371f92f137a938530", "9c4498d0ed0c9941d61fed83e91942b40ac298b12acfccaeb9d84526103ff4c8", "a4cecd9cad126bbb98545d8bdb471fd1971187945eb71e5ccb873e90a84ee7ae", "ad3a9d7402d494048c934b5af612bdf8da822fa7b22e57b8fe48e98a92f772b8", "cd07e3707ed997f08cea9f73113be57561dd3d6286310fd096904deb8fc465c7", "d27df86a574f9e5e3f6b0a6ffd180da3c8d46e3ee94ea65eff4d1e782be9a915", "e302839fbcbdc6da9e8235013a8abce6425eba48eaf4dac3390360334ebe756e", "ea3d4eae7eea6f718c8d6999c847f81d046d5a2800f90db40a12c1b2788d630f", "ee10b9a36e59990b0a49cf0044f2f23f4fc0e9f7b56057d74c96d99b0736a584", "fa22998a51ea7dbbd88a0e1d1c11e88e1c0a801125d2e330348323987d00ccaa"], "key": "<HKCU>\\Software\\<random, matching '[A-Z0-9]{14,16}'>", "value_name": null}, {"hashes": ["152d8dfacdec0ebe7008b0ec41f110111209a69bda12c7e011ea824544479e10", "1b25c660f2dbb2be0ba596bb2697f486b92a961bba24226aeb82d8f0ac2f8d47", "324b40debcda6f4b9795a3880ff35b56a92d865abb7c3525f6b40e28c52d9594", "5063d5e6f90dbb6e360259ac24c11c62b1439f90966bdc72dedf60e243b9e87a", "521294a88093ea2b7a2b89ec3005b6398f20780874d410663b63429e58b1555a", "66e3b4babf44c3168e1524e84dafd4f19bbfd25feff600422f18553c0dc9c75d", "7dc78a81de59dc3f666c25c6d10ae730b50d6d2ee341088371f92f137a938530", "9c4498d0ed0c9941d61fed83e91942b40ac298b12acfccaeb9d84526103ff4c8", "a4cecd9cad126bbb98545d8bdb471fd1971187945eb71e5ccb873e90a84ee7ae", "ad3a9d7402d494048c934b5af612bdf8da822fa7b22e57b8fe48e98a92f772b8", "cd07e3707ed997f08cea9f73113be57561dd3d6286310fd096904deb8fc465c7", "d27df86a574f9e5e3f6b0a6ffd180da3c8d46e3ee94ea65eff4d1e782be9a915", "e302839fbcbdc6da9e8235013a8abce6425eba48eaf4dac3390360334ebe756e", "ea3d4eae7eea6f718c8d6999c847f81d046d5a2800f90db40a12c1b2788d630f", "ee10b9a36e59990b0a49cf0044f2f23f4fc0e9f7b56057d74c96d99b0736a584", "fa22998a51ea7dbbd88a0e1d1c11e88e1c0a801125d2e330348323987d00ccaa"], "key": "<HKCU>\\Software\\<random, matching '[A-Z0-9]{14,16}'>", "value_name": "data"}, {"hashes": ["5063d5e6f90dbb6e360259ac24c11c62b1439f90966bdc72dedf60e243b9e87a", "521294a88093ea2b7a2b89ec3005b6398f20780874d410663b63429e58b1555a"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "nljubyedlnab"}, {"hashes": ["1b25c660f2dbb2be0ba596bb2697f486b92a961bba24226aeb82d8f0ac2f8d47"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "tdwkvyomimyb"}, {"hashes": ["152d8dfacdec0ebe7008b0ec41f110111209a69bda12c7e011ea824544479e10"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "hrajdeafhsjv"}, {"hashes": ["ee10b9a36e59990b0a49cf0044f2f23f4fc0e9f7b56057d74c96d99b0736a584"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "deafhsjvbsfl"}, {"hashes": ["d27df86a574f9e5e3f6b0a6ffd180da3c8d46e3ee94ea65eff4d1e782be9a915"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "lbkguwsbtylb"}, {"hashes": ["ea3d4eae7eea6f718c8d6999c847f81d046d5a2800f90db40a12c1b2788d630f"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "fkrqlfvsauct"}, {"hashes": ["9c4498d0ed0c9941d61fed83e91942b40ac298b12acfccaeb9d84526103ff4c8"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "hexececgsnlj"}, {"hashes": ["cd07e3707ed997f08cea9f73113be57561dd3d6286310fd096904deb8fc465c7"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "rbdybcshwwth"}, {"hashes": ["ad3a9d7402d494048c934b5af612bdf8da822fa7b22e57b8fe48e98a92f772b8"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "fjklmqygvwoa"}, {"hashes": ["fa22998a51ea7dbbd88a0e1d1c11e88e1c0a801125d2e330348323987d00ccaa"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "krqlfvsauctw"}, {"hashes": ["7dc78a81de59dc3f666c25c6d10ae730b50d6d2ee341088371f92f137a938530"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "xvblbkguwsbt"}, {"hashes": ["a4cecd9cad126bbb98545d8bdb471fd1971187945eb71e5ccb873e90a84ee7ae"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "hqijwghjvpgt"}, {"hashes": ["66e3b4babf44c3168e1524e84dafd4f19bbfd25feff600422f18553c0dc9c75d"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "veeqiqypcbef"}, {"hashes": ["e302839fbcbdc6da9e8235013a8abce6425eba48eaf4dac3390360334ebe756e"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "croscewyhlyq"}, {"hashes": ["324b40debcda6f4b9795a3880ff35b56a92d865abb7c3525f6b40e28c52d9594"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "qiqypcbefwpf"}]}, "reports_count": 16}, "exprev": [], "info": {"origin": "Cisco Talos Intelligence Group", "publication_date": "2022-12-16T14:34:06+00:00", "version": "2.1", "warning": "As a reminder, the information provided for the following threatsin this post is non-exhaustive and current as of the date ofpublication. Additionally, please keep in mind that IOC searchingis only one part of threat hunting. Spotting a single IOC does notnecessarily indicate maliciousness. Detection and coverage for thefollowing threats is subject to updates, pending additional threator vulnerability analysis. For the most current information, pleaserefer to your Firepower Management Center, Snort.org, or ClamAV.net."}, "signatures": ["Win.Dropper.Lokibot-9980537-1", "Win.Packed.Upatre-9980519-1", "Win.Dropper.Gh0stRAT-9980455-1", "Win.Dropper.njRAT-9980427-0", "Win.Ransomware.TeslaCrypt-9980413-0", "Win.Ransomware.Cerber-9980410-0", "Win.Dropper.Nanocore-9980555-0", "Win.Dropper.HawkEye-9980407-0"]}