{"Win.Dropper.Bifrost-9982192-0": {"bis": [{"bi": "pe-encrypted-section", "hashes": ["4ce9d9c4d2bb24b5e1f2c7429f2fcd04096ee3038cf7bf3f1ec33d040a4e37fc", "78684bb61de2e43084294d8e38974d3e5150174fe5f0282c40ef701d5d621ab7", "288990debffcd3adb7af4e84c86f83e49f1c3726b95f61bf84fded46fbd74a77", "3c39945e576bdfe9a878b8543c925bbd48f03a778c4f4aabb50362aff6340bfa", "efc1da346ba66ebd0defb0be5cda235c16116b24778ad2ec386de715bec0bcdb", "16d1317d954506fb689c594e0dbea407c5d224882d02ee9c97944ecaf2aa815e", "e9bf3013a7a3985eb4c658e8973147c70770e96edb70b12faa77ea469312d0bd", "2e3cbe941ab655a6d3ea57382028a75794ebd7895dfaba49ac3aad78921f172f", "6b11b23dbbc86681e47b0aa7e8406d7782e790ee187020e46762312c4cc8b9a8", "48e01c9d590f702876d78f5c7eb7c6d1473174c062e34aafd496fbccfff530ba", "bf95dc1c0b1b6c234eb8eac2a967c38adbf28bf9aa22558aff970fc92def0813", "b780a6616b56776be514c74c969be3c2b51acd03b81f3ace8d666d5d4b0d1feb", "5d3988d3e1f179c521916b9cab44bf663dacf9a4eb54065475f7619a89a85160", "c4736cc96c32c48fb86a39d47b5732dc3171f71c0d48033cb1d4c9e62f0b08ea", "43931b0b9523f9f80e6846838495bfcdfac29b4ad4f47e24032ac02c1d0158f2", "7deb18fe91d5c043b06f0d7cb3894176b8eaf26b76f3cec14aae17bd91facb8a", "69780d868e9beee05b3070af2dfc55e953ecde1d826aef0ec27cbbe8ca32ef14", "2580b7e5ab9ca31e8dd146f1e5e3bde58287794e4c876ae6e74ab2b93f38fc90"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "memory-execute-readwrite", "hashes": ["4ce9d9c4d2bb24b5e1f2c7429f2fcd04096ee3038cf7bf3f1ec33d040a4e37fc", "78684bb61de2e43084294d8e38974d3e5150174fe5f0282c40ef701d5d621ab7", "288990debffcd3adb7af4e84c86f83e49f1c3726b95f61bf84fded46fbd74a77", "3c39945e576bdfe9a878b8543c925bbd48f03a778c4f4aabb50362aff6340bfa", "efc1da346ba66ebd0defb0be5cda235c16116b24778ad2ec386de715bec0bcdb", "16d1317d954506fb689c594e0dbea407c5d224882d02ee9c97944ecaf2aa815e", "e9bf3013a7a3985eb4c658e8973147c70770e96edb70b12faa77ea469312d0bd", "2e3cbe941ab655a6d3ea57382028a75794ebd7895dfaba49ac3aad78921f172f", "6b11b23dbbc86681e47b0aa7e8406d7782e790ee187020e46762312c4cc8b9a8", "48e01c9d590f702876d78f5c7eb7c6d1473174c062e34aafd496fbccfff530ba", "bf95dc1c0b1b6c234eb8eac2a967c38adbf28bf9aa22558aff970fc92def0813", "b780a6616b56776be514c74c969be3c2b51acd03b81f3ace8d666d5d4b0d1feb", "5d3988d3e1f179c521916b9cab44bf663dacf9a4eb54065475f7619a89a85160", "c4736cc96c32c48fb86a39d47b5732dc3171f71c0d48033cb1d4c9e62f0b08ea", "43931b0b9523f9f80e6846838495bfcdfac29b4ad4f47e24032ac02c1d0158f2", "7deb18fe91d5c043b06f0d7cb3894176b8eaf26b76f3cec14aae17bd91facb8a", "69780d868e9beee05b3070af2dfc55e953ecde1d826aef0ec27cbbe8ca32ef14", "2580b7e5ab9ca31e8dd146f1e5e3bde58287794e4c876ae6e74ab2b93f38fc90"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "pe-resource-lang-spanish", "hashes": ["4ce9d9c4d2bb24b5e1f2c7429f2fcd04096ee3038cf7bf3f1ec33d040a4e37fc", "78684bb61de2e43084294d8e38974d3e5150174fe5f0282c40ef701d5d621ab7", "288990debffcd3adb7af4e84c86f83e49f1c3726b95f61bf84fded46fbd74a77", "3c39945e576bdfe9a878b8543c925bbd48f03a778c4f4aabb50362aff6340bfa", "efc1da346ba66ebd0defb0be5cda235c16116b24778ad2ec386de715bec0bcdb", "16d1317d954506fb689c594e0dbea407c5d224882d02ee9c97944ecaf2aa815e", "e9bf3013a7a3985eb4c658e8973147c70770e96edb70b12faa77ea469312d0bd", "2e3cbe941ab655a6d3ea57382028a75794ebd7895dfaba49ac3aad78921f172f", "6b11b23dbbc86681e47b0aa7e8406d7782e790ee187020e46762312c4cc8b9a8", "48e01c9d590f702876d78f5c7eb7c6d1473174c062e34aafd496fbccfff530ba", "bf95dc1c0b1b6c234eb8eac2a967c38adbf28bf9aa22558aff970fc92def0813", "b780a6616b56776be514c74c969be3c2b51acd03b81f3ace8d666d5d4b0d1feb", "5d3988d3e1f179c521916b9cab44bf663dacf9a4eb54065475f7619a89a85160", "c4736cc96c32c48fb86a39d47b5732dc3171f71c0d48033cb1d4c9e62f0b08ea", "43931b0b9523f9f80e6846838495bfcdfac29b4ad4f47e24032ac02c1d0158f2", "7deb18fe91d5c043b06f0d7cb3894176b8eaf26b76f3cec14aae17bd91facb8a", "69780d868e9beee05b3070af2dfc55e953ecde1d826aef0ec27cbbe8ca32ef14", "2580b7e5ab9ca31e8dd146f1e5e3bde58287794e4c876ae6e74ab2b93f38fc90"], "mitre_attack_tags": []}, {"bi": "pe-section-name-contains-whitespace", "hashes": ["4ce9d9c4d2bb24b5e1f2c7429f2fcd04096ee3038cf7bf3f1ec33d040a4e37fc", "78684bb61de2e43084294d8e38974d3e5150174fe5f0282c40ef701d5d621ab7", "288990debffcd3adb7af4e84c86f83e49f1c3726b95f61bf84fded46fbd74a77", "3c39945e576bdfe9a878b8543c925bbd48f03a778c4f4aabb50362aff6340bfa", "efc1da346ba66ebd0defb0be5cda235c16116b24778ad2ec386de715bec0bcdb", "16d1317d954506fb689c594e0dbea407c5d224882d02ee9c97944ecaf2aa815e", "e9bf3013a7a3985eb4c658e8973147c70770e96edb70b12faa77ea469312d0bd", "2e3cbe941ab655a6d3ea57382028a75794ebd7895dfaba49ac3aad78921f172f", "6b11b23dbbc86681e47b0aa7e8406d7782e790ee187020e46762312c4cc8b9a8", "48e01c9d590f702876d78f5c7eb7c6d1473174c062e34aafd496fbccfff530ba", "bf95dc1c0b1b6c234eb8eac2a967c38adbf28bf9aa22558aff970fc92def0813", "b780a6616b56776be514c74c969be3c2b51acd03b81f3ace8d666d5d4b0d1feb", "5d3988d3e1f179c521916b9cab44bf663dacf9a4eb54065475f7619a89a85160", "c4736cc96c32c48fb86a39d47b5732dc3171f71c0d48033cb1d4c9e62f0b08ea", "43931b0b9523f9f80e6846838495bfcdfac29b4ad4f47e24032ac02c1d0158f2", "7deb18fe91d5c043b06f0d7cb3894176b8eaf26b76f3cec14aae17bd91facb8a", "69780d868e9beee05b3070af2dfc55e953ecde1d826aef0ec27cbbe8ca32ef14", "2580b7e5ab9ca31e8dd146f1e5e3bde58287794e4c876ae6e74ab2b93f38fc90"], "mitre_attack_tags": []}, {"bi": "modified-executable", "hashes": ["4ce9d9c4d2bb24b5e1f2c7429f2fcd04096ee3038cf7bf3f1ec33d040a4e37fc", "78684bb61de2e43084294d8e38974d3e5150174fe5f0282c40ef701d5d621ab7", "288990debffcd3adb7af4e84c86f83e49f1c3726b95f61bf84fded46fbd74a77", "3c39945e576bdfe9a878b8543c925bbd48f03a778c4f4aabb50362aff6340bfa", "efc1da346ba66ebd0defb0be5cda235c16116b24778ad2ec386de715bec0bcdb", "16d1317d954506fb689c594e0dbea407c5d224882d02ee9c97944ecaf2aa815e", "e9bf3013a7a3985eb4c658e8973147c70770e96edb70b12faa77ea469312d0bd", "2e3cbe941ab655a6d3ea57382028a75794ebd7895dfaba49ac3aad78921f172f", "6b11b23dbbc86681e47b0aa7e8406d7782e790ee187020e46762312c4cc8b9a8", "48e01c9d590f702876d78f5c7eb7c6d1473174c062e34aafd496fbccfff530ba", "bf95dc1c0b1b6c234eb8eac2a967c38adbf28bf9aa22558aff970fc92def0813", "b780a6616b56776be514c74c969be3c2b51acd03b81f3ace8d666d5d4b0d1feb", "c4736cc96c32c48fb86a39d47b5732dc3171f71c0d48033cb1d4c9e62f0b08ea", "43931b0b9523f9f80e6846838495bfcdfac29b4ad4f47e24032ac02c1d0158f2", "7deb18fe91d5c043b06f0d7cb3894176b8eaf26b76f3cec14aae17bd91facb8a", "69780d868e9beee05b3070af2dfc55e953ecde1d826aef0ec27cbbe8ca32ef14", "2580b7e5ab9ca31e8dd146f1e5e3bde58287794e4c876ae6e74ab2b93f38fc90"], "mitre_attack_tags": []}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["4ce9d9c4d2bb24b5e1f2c7429f2fcd04096ee3038cf7bf3f1ec33d040a4e37fc", "78684bb61de2e43084294d8e38974d3e5150174fe5f0282c40ef701d5d621ab7", "288990debffcd3adb7af4e84c86f83e49f1c3726b95f61bf84fded46fbd74a77", "3c39945e576bdfe9a878b8543c925bbd48f03a778c4f4aabb50362aff6340bfa", "efc1da346ba66ebd0defb0be5cda235c16116b24778ad2ec386de715bec0bcdb", "16d1317d954506fb689c594e0dbea407c5d224882d02ee9c97944ecaf2aa815e", "e9bf3013a7a3985eb4c658e8973147c70770e96edb70b12faa77ea469312d0bd", "2e3cbe941ab655a6d3ea57382028a75794ebd7895dfaba49ac3aad78921f172f", "6b11b23dbbc86681e47b0aa7e8406d7782e790ee187020e46762312c4cc8b9a8", "48e01c9d590f702876d78f5c7eb7c6d1473174c062e34aafd496fbccfff530ba", "bf95dc1c0b1b6c234eb8eac2a967c38adbf28bf9aa22558aff970fc92def0813", "b780a6616b56776be514c74c969be3c2b51acd03b81f3ace8d666d5d4b0d1feb", "c4736cc96c32c48fb86a39d47b5732dc3171f71c0d48033cb1d4c9e62f0b08ea", "43931b0b9523f9f80e6846838495bfcdfac29b4ad4f47e24032ac02c1d0158f2", "7deb18fe91d5c043b06f0d7cb3894176b8eaf26b76f3cec14aae17bd91facb8a", "69780d868e9beee05b3070af2dfc55e953ecde1d826aef0ec27cbbe8ca32ef14", "2580b7e5ab9ca31e8dd146f1e5e3bde58287794e4c876ae6e74ab2b93f38fc90"], "mitre_attack_tags": []}, {"bi": "modified-file-in-user-dir", "hashes": ["4ce9d9c4d2bb24b5e1f2c7429f2fcd04096ee3038cf7bf3f1ec33d040a4e37fc", "78684bb61de2e43084294d8e38974d3e5150174fe5f0282c40ef701d5d621ab7", "288990debffcd3adb7af4e84c86f83e49f1c3726b95f61bf84fded46fbd74a77", "3c39945e576bdfe9a878b8543c925bbd48f03a778c4f4aabb50362aff6340bfa", "efc1da346ba66ebd0defb0be5cda235c16116b24778ad2ec386de715bec0bcdb", "16d1317d954506fb689c594e0dbea407c5d224882d02ee9c97944ecaf2aa815e", "e9bf3013a7a3985eb4c658e8973147c70770e96edb70b12faa77ea469312d0bd", "2e3cbe941ab655a6d3ea57382028a75794ebd7895dfaba49ac3aad78921f172f", "6b11b23dbbc86681e47b0aa7e8406d7782e790ee187020e46762312c4cc8b9a8", "48e01c9d590f702876d78f5c7eb7c6d1473174c062e34aafd496fbccfff530ba", "bf95dc1c0b1b6c234eb8eac2a967c38adbf28bf9aa22558aff970fc92def0813", "b780a6616b56776be514c74c969be3c2b51acd03b81f3ace8d666d5d4b0d1feb", "5d3988d3e1f179c521916b9cab44bf663dacf9a4eb54065475f7619a89a85160", "c4736cc96c32c48fb86a39d47b5732dc3171f71c0d48033cb1d4c9e62f0b08ea", "43931b0b9523f9f80e6846838495bfcdfac29b4ad4f47e24032ac02c1d0158f2", "69780d868e9beee05b3070af2dfc55e953ecde1d826aef0ec27cbbe8ca32ef14", "2580b7e5ab9ca31e8dd146f1e5e3bde58287794e4c876ae6e74ab2b93f38fc90"], "mitre_attack_tags": []}, {"bi": "created-executable-in-user-dir", "hashes": ["4ce9d9c4d2bb24b5e1f2c7429f2fcd04096ee3038cf7bf3f1ec33d040a4e37fc", "78684bb61de2e43084294d8e38974d3e5150174fe5f0282c40ef701d5d621ab7", "288990debffcd3adb7af4e84c86f83e49f1c3726b95f61bf84fded46fbd74a77", "3c39945e576bdfe9a878b8543c925bbd48f03a778c4f4aabb50362aff6340bfa", "efc1da346ba66ebd0defb0be5cda235c16116b24778ad2ec386de715bec0bcdb", "16d1317d954506fb689c594e0dbea407c5d224882d02ee9c97944ecaf2aa815e", "e9bf3013a7a3985eb4c658e8973147c70770e96edb70b12faa77ea469312d0bd", "2e3cbe941ab655a6d3ea57382028a75794ebd7895dfaba49ac3aad78921f172f", "6b11b23dbbc86681e47b0aa7e8406d7782e790ee187020e46762312c4cc8b9a8", "48e01c9d590f702876d78f5c7eb7c6d1473174c062e34aafd496fbccfff530ba", "bf95dc1c0b1b6c234eb8eac2a967c38adbf28bf9aa22558aff970fc92def0813", "b780a6616b56776be514c74c969be3c2b51acd03b81f3ace8d666d5d4b0d1feb", "c4736cc96c32c48fb86a39d47b5732dc3171f71c0d48033cb1d4c9e62f0b08ea", "43931b0b9523f9f80e6846838495bfcdfac29b4ad4f47e24032ac02c1d0158f2", "69780d868e9beee05b3070af2dfc55e953ecde1d826aef0ec27cbbe8ca32ef14", "2580b7e5ab9ca31e8dd146f1e5e3bde58287794e4c876ae6e74ab2b93f38fc90"], "mitre_attack_tags": []}, {"bi": "antivirus-flagged-artifact", "hashes": ["4ce9d9c4d2bb24b5e1f2c7429f2fcd04096ee3038cf7bf3f1ec33d040a4e37fc", "78684bb61de2e43084294d8e38974d3e5150174fe5f0282c40ef701d5d621ab7", "3c39945e576bdfe9a878b8543c925bbd48f03a778c4f4aabb50362aff6340bfa", "efc1da346ba66ebd0defb0be5cda235c16116b24778ad2ec386de715bec0bcdb", "16d1317d954506fb689c594e0dbea407c5d224882d02ee9c97944ecaf2aa815e", "e9bf3013a7a3985eb4c658e8973147c70770e96edb70b12faa77ea469312d0bd", "2e3cbe941ab655a6d3ea57382028a75794ebd7895dfaba49ac3aad78921f172f", "48e01c9d590f702876d78f5c7eb7c6d1473174c062e34aafd496fbccfff530ba", "bf95dc1c0b1b6c234eb8eac2a967c38adbf28bf9aa22558aff970fc92def0813", "b780a6616b56776be514c74c969be3c2b51acd03b81f3ace8d666d5d4b0d1feb", "c4736cc96c32c48fb86a39d47b5732dc3171f71c0d48033cb1d4c9e62f0b08ea", "43931b0b9523f9f80e6846838495bfcdfac29b4ad4f47e24032ac02c1d0158f2", "7deb18fe91d5c043b06f0d7cb3894176b8eaf26b76f3cec14aae17bd91facb8a", "69780d868e9beee05b3070af2dfc55e953ecde1d826aef0ec27cbbe8ca32ef14", "2580b7e5ab9ca31e8dd146f1e5e3bde58287794e4c876ae6e74ab2b93f38fc90"], "mitre_attack_tags": []}, {"bi": "malware-known-trojan-av", "hashes": ["4ce9d9c4d2bb24b5e1f2c7429f2fcd04096ee3038cf7bf3f1ec33d040a4e37fc", "78684bb61de2e43084294d8e38974d3e5150174fe5f0282c40ef701d5d621ab7", "3c39945e576bdfe9a878b8543c925bbd48f03a778c4f4aabb50362aff6340bfa", "efc1da346ba66ebd0defb0be5cda235c16116b24778ad2ec386de715bec0bcdb", "16d1317d954506fb689c594e0dbea407c5d224882d02ee9c97944ecaf2aa815e", "e9bf3013a7a3985eb4c658e8973147c70770e96edb70b12faa77ea469312d0bd", "2e3cbe941ab655a6d3ea57382028a75794ebd7895dfaba49ac3aad78921f172f", "48e01c9d590f702876d78f5c7eb7c6d1473174c062e34aafd496fbccfff530ba", "bf95dc1c0b1b6c234eb8eac2a967c38adbf28bf9aa22558aff970fc92def0813", "b780a6616b56776be514c74c969be3c2b51acd03b81f3ace8d666d5d4b0d1feb", "c4736cc96c32c48fb86a39d47b5732dc3171f71c0d48033cb1d4c9e62f0b08ea", "43931b0b9523f9f80e6846838495bfcdfac29b4ad4f47e24032ac02c1d0158f2", "7deb18fe91d5c043b06f0d7cb3894176b8eaf26b76f3cec14aae17bd91facb8a", "69780d868e9beee05b3070af2dfc55e953ecde1d826aef0ec27cbbe8ca32ef14", "2580b7e5ab9ca31e8dd146f1e5e3bde58287794e4c876ae6e74ab2b93f38fc90"], "mitre_attack_tags": []}, {"bi": "artifact-flagged-anomaly", "hashes": ["4ce9d9c4d2bb24b5e1f2c7429f2fcd04096ee3038cf7bf3f1ec33d040a4e37fc", "78684bb61de2e43084294d8e38974d3e5150174fe5f0282c40ef701d5d621ab7", "288990debffcd3adb7af4e84c86f83e49f1c3726b95f61bf84fded46fbd74a77", "efc1da346ba66ebd0defb0be5cda235c16116b24778ad2ec386de715bec0bcdb", "2e3cbe941ab655a6d3ea57382028a75794ebd7895dfaba49ac3aad78921f172f", "6b11b23dbbc86681e47b0aa7e8406d7782e790ee187020e46762312c4cc8b9a8", "48e01c9d590f702876d78f5c7eb7c6d1473174c062e34aafd496fbccfff530ba", "bf95dc1c0b1b6c234eb8eac2a967c38adbf28bf9aa22558aff970fc92def0813", "b780a6616b56776be514c74c969be3c2b51acd03b81f3ace8d666d5d4b0d1feb", "c4736cc96c32c48fb86a39d47b5732dc3171f71c0d48033cb1d4c9e62f0b08ea", "43931b0b9523f9f80e6846838495bfcdfac29b4ad4f47e24032ac02c1d0158f2", "69780d868e9beee05b3070af2dfc55e953ecde1d826aef0ec27cbbe8ca32ef14", "2580b7e5ab9ca31e8dd146f1e5e3bde58287794e4c876ae6e74ab2b93f38fc90"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "registry-autorun-key-modified", "hashes": ["4ce9d9c4d2bb24b5e1f2c7429f2fcd04096ee3038cf7bf3f1ec33d040a4e37fc", "78684bb61de2e43084294d8e38974d3e5150174fe5f0282c40ef701d5d621ab7", "3c39945e576bdfe9a878b8543c925bbd48f03a778c4f4aabb50362aff6340bfa", "efc1da346ba66ebd0defb0be5cda235c16116b24778ad2ec386de715bec0bcdb", "16d1317d954506fb689c594e0dbea407c5d224882d02ee9c97944ecaf2aa815e", "e9bf3013a7a3985eb4c658e8973147c70770e96edb70b12faa77ea469312d0bd", "48e01c9d590f702876d78f5c7eb7c6d1473174c062e34aafd496fbccfff530ba", "bf95dc1c0b1b6c234eb8eac2a967c38adbf28bf9aa22558aff970fc92def0813", "b780a6616b56776be514c74c969be3c2b51acd03b81f3ace8d666d5d4b0d1feb", "43931b0b9523f9f80e6846838495bfcdfac29b4ad4f47e24032ac02c1d0158f2", "7deb18fe91d5c043b06f0d7cb3894176b8eaf26b76f3cec14aae17bd91facb8a", "69780d868e9beee05b3070af2dfc55e953ecde1d826aef0ec27cbbe8ca32ef14", "2580b7e5ab9ca31e8dd146f1e5e3bde58287794e4c876ae6e74ab2b93f38fc90"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "artifact-flagged-vm", "hashes": ["4ce9d9c4d2bb24b5e1f2c7429f2fcd04096ee3038cf7bf3f1ec33d040a4e37fc", "efc1da346ba66ebd0defb0be5cda235c16116b24778ad2ec386de715bec0bcdb", "16d1317d954506fb689c594e0dbea407c5d224882d02ee9c97944ecaf2aa815e", "e9bf3013a7a3985eb4c658e8973147c70770e96edb70b12faa77ea469312d0bd", "2e3cbe941ab655a6d3ea57382028a75794ebd7895dfaba49ac3aad78921f172f", "6b11b23dbbc86681e47b0aa7e8406d7782e790ee187020e46762312c4cc8b9a8", "48e01c9d590f702876d78f5c7eb7c6d1473174c062e34aafd496fbccfff530ba", "bf95dc1c0b1b6c234eb8eac2a967c38adbf28bf9aa22558aff970fc92def0813", "b780a6616b56776be514c74c969be3c2b51acd03b81f3ace8d666d5d4b0d1feb", "c4736cc96c32c48fb86a39d47b5732dc3171f71c0d48033cb1d4c9e62f0b08ea", "43931b0b9523f9f80e6846838495bfcdfac29b4ad4f47e24032ac02c1d0158f2", "69780d868e9beee05b3070af2dfc55e953ecde1d826aef0ec27cbbe8ca32ef14", "2580b7e5ab9ca31e8dd146f1e5e3bde58287794e4c876ae6e74ab2b93f38fc90"], "mitre_attack_tags": ["TA0005", "TA0007", "T1497"]}, {"bi": "pe-tls-callback", "hashes": ["4ce9d9c4d2bb24b5e1f2c7429f2fcd04096ee3038cf7bf3f1ec33d040a4e37fc", "78684bb61de2e43084294d8e38974d3e5150174fe5f0282c40ef701d5d621ab7", "efc1da346ba66ebd0defb0be5cda235c16116b24778ad2ec386de715bec0bcdb", "16d1317d954506fb689c594e0dbea407c5d224882d02ee9c97944ecaf2aa815e", "e9bf3013a7a3985eb4c658e8973147c70770e96edb70b12faa77ea469312d0bd", "2e3cbe941ab655a6d3ea57382028a75794ebd7895dfaba49ac3aad78921f172f", "48e01c9d590f702876d78f5c7eb7c6d1473174c062e34aafd496fbccfff530ba", "b780a6616b56776be514c74c969be3c2b51acd03b81f3ace8d666d5d4b0d1feb", "c4736cc96c32c48fb86a39d47b5732dc3171f71c0d48033cb1d4c9e62f0b08ea", "43931b0b9523f9f80e6846838495bfcdfac29b4ad4f47e24032ac02c1d0158f2", "7deb18fe91d5c043b06f0d7cb3894176b8eaf26b76f3cec14aae17bd91facb8a", "69780d868e9beee05b3070af2dfc55e953ecde1d826aef0ec27cbbe8ca32ef14", "2580b7e5ab9ca31e8dd146f1e5e3bde58287794e4c876ae6e74ab2b93f38fc90"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-section-shared", "hashes": ["4ce9d9c4d2bb24b5e1f2c7429f2fcd04096ee3038cf7bf3f1ec33d040a4e37fc", "78684bb61de2e43084294d8e38974d3e5150174fe5f0282c40ef701d5d621ab7", "efc1da346ba66ebd0defb0be5cda235c16116b24778ad2ec386de715bec0bcdb", "16d1317d954506fb689c594e0dbea407c5d224882d02ee9c97944ecaf2aa815e", "2e3cbe941ab655a6d3ea57382028a75794ebd7895dfaba49ac3aad78921f172f", "48e01c9d590f702876d78f5c7eb7c6d1473174c062e34aafd496fbccfff530ba", "bf95dc1c0b1b6c234eb8eac2a967c38adbf28bf9aa22558aff970fc92def0813", "b780a6616b56776be514c74c969be3c2b51acd03b81f3ace8d666d5d4b0d1feb", "c4736cc96c32c48fb86a39d47b5732dc3171f71c0d48033cb1d4c9e62f0b08ea", "43931b0b9523f9f80e6846838495bfcdfac29b4ad4f47e24032ac02c1d0158f2", "7deb18fe91d5c043b06f0d7cb3894176b8eaf26b76f3cec14aae17bd91facb8a", "69780d868e9beee05b3070af2dfc55e953ecde1d826aef0ec27cbbe8ca32ef14", "2580b7e5ab9ca31e8dd146f1e5e3bde58287794e4c876ae6e74ab2b93f38fc90"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "decoy-wpfv", "hashes": ["4ce9d9c4d2bb24b5e1f2c7429f2fcd04096ee3038cf7bf3f1ec33d040a4e37fc", "78684bb61de2e43084294d8e38974d3e5150174fe5f0282c40ef701d5d621ab7", "3c39945e576bdfe9a878b8543c925bbd48f03a778c4f4aabb50362aff6340bfa", "efc1da346ba66ebd0defb0be5cda235c16116b24778ad2ec386de715bec0bcdb", "16d1317d954506fb689c594e0dbea407c5d224882d02ee9c97944ecaf2aa815e", "2e3cbe941ab655a6d3ea57382028a75794ebd7895dfaba49ac3aad78921f172f", "48e01c9d590f702876d78f5c7eb7c6d1473174c062e34aafd496fbccfff530ba", "bf95dc1c0b1b6c234eb8eac2a967c38adbf28bf9aa22558aff970fc92def0813", "c4736cc96c32c48fb86a39d47b5732dc3171f71c0d48033cb1d4c9e62f0b08ea", "43931b0b9523f9f80e6846838495bfcdfac29b4ad4f47e24032ac02c1d0158f2", "7deb18fe91d5c043b06f0d7cb3894176b8eaf26b76f3cec14aae17bd91facb8a", "69780d868e9beee05b3070af2dfc55e953ecde1d826aef0ec27cbbe8ca32ef14", "2580b7e5ab9ca31e8dd146f1e5e3bde58287794e4c876ae6e74ab2b93f38fc90"], "mitre_attack_tags": ["TA0001", "T1566"]}, {"bi": "hook-installed", "hashes": ["4ce9d9c4d2bb24b5e1f2c7429f2fcd04096ee3038cf7bf3f1ec33d040a4e37fc", "78684bb61de2e43084294d8e38974d3e5150174fe5f0282c40ef701d5d621ab7", "16d1317d954506fb689c594e0dbea407c5d224882d02ee9c97944ecaf2aa815e", "2e3cbe941ab655a6d3ea57382028a75794ebd7895dfaba49ac3aad78921f172f", "48e01c9d590f702876d78f5c7eb7c6d1473174c062e34aafd496fbccfff530ba", "bf95dc1c0b1b6c234eb8eac2a967c38adbf28bf9aa22558aff970fc92def0813", "b780a6616b56776be514c74c969be3c2b51acd03b81f3ace8d666d5d4b0d1feb", "c4736cc96c32c48fb86a39d47b5732dc3171f71c0d48033cb1d4c9e62f0b08ea", "43931b0b9523f9f80e6846838495bfcdfac29b4ad4f47e24032ac02c1d0158f2", "7deb18fe91d5c043b06f0d7cb3894176b8eaf26b76f3cec14aae17bd91facb8a", "69780d868e9beee05b3070af2dfc55e953ecde1d826aef0ec27cbbe8ca32ef14", "2580b7e5ab9ca31e8dd146f1e5e3bde58287794e4c876ae6e74ab2b93f38fc90"], "mitre_attack_tags": ["TA0009", "TA0006", "T1056"]}, {"bi": "pe-section-execute-writable", "hashes": ["4ce9d9c4d2bb24b5e1f2c7429f2fcd04096ee3038cf7bf3f1ec33d040a4e37fc", "78684bb61de2e43084294d8e38974d3e5150174fe5f0282c40ef701d5d621ab7", "3c39945e576bdfe9a878b8543c925bbd48f03a778c4f4aabb50362aff6340bfa", "16d1317d954506fb689c594e0dbea407c5d224882d02ee9c97944ecaf2aa815e", "e9bf3013a7a3985eb4c658e8973147c70770e96edb70b12faa77ea469312d0bd", "6b11b23dbbc86681e47b0aa7e8406d7782e790ee187020e46762312c4cc8b9a8", "bf95dc1c0b1b6c234eb8eac2a967c38adbf28bf9aa22558aff970fc92def0813", "b780a6616b56776be514c74c969be3c2b51acd03b81f3ace8d666d5d4b0d1feb", "5d3988d3e1f179c521916b9cab44bf663dacf9a4eb54065475f7619a89a85160", "7deb18fe91d5c043b06f0d7cb3894176b8eaf26b76f3cec14aae17bd91facb8a", "2580b7e5ab9ca31e8dd146f1e5e3bde58287794e4c876ae6e74ab2b93f38fc90"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "modified-file-in-system-dir", "hashes": ["4ce9d9c4d2bb24b5e1f2c7429f2fcd04096ee3038cf7bf3f1ec33d040a4e37fc", "78684bb61de2e43084294d8e38974d3e5150174fe5f0282c40ef701d5d621ab7", "16d1317d954506fb689c594e0dbea407c5d224882d02ee9c97944ecaf2aa815e", "48e01c9d590f702876d78f5c7eb7c6d1473174c062e34aafd496fbccfff530ba", "bf95dc1c0b1b6c234eb8eac2a967c38adbf28bf9aa22558aff970fc92def0813", "b780a6616b56776be514c74c969be3c2b51acd03b81f3ace8d666d5d4b0d1feb", "43931b0b9523f9f80e6846838495bfcdfac29b4ad4f47e24032ac02c1d0158f2", "7deb18fe91d5c043b06f0d7cb3894176b8eaf26b76f3cec14aae17bd91facb8a", "69780d868e9beee05b3070af2dfc55e953ecde1d826aef0ec27cbbe8ca32ef14", "2580b7e5ab9ca31e8dd146f1e5e3bde58287794e4c876ae6e74ab2b93f38fc90"], "mitre_attack_tags": []}, {"bi": "registry-autorun-key-system-dir", "hashes": ["4ce9d9c4d2bb24b5e1f2c7429f2fcd04096ee3038cf7bf3f1ec33d040a4e37fc", "78684bb61de2e43084294d8e38974d3e5150174fe5f0282c40ef701d5d621ab7", "16d1317d954506fb689c594e0dbea407c5d224882d02ee9c97944ecaf2aa815e", "48e01c9d590f702876d78f5c7eb7c6d1473174c062e34aafd496fbccfff530ba", "bf95dc1c0b1b6c234eb8eac2a967c38adbf28bf9aa22558aff970fc92def0813", "b780a6616b56776be514c74c969be3c2b51acd03b81f3ace8d666d5d4b0d1feb", "43931b0b9523f9f80e6846838495bfcdfac29b4ad4f47e24032ac02c1d0158f2", "7deb18fe91d5c043b06f0d7cb3894176b8eaf26b76f3cec14aae17bd91facb8a", "69780d868e9beee05b3070af2dfc55e953ecde1d826aef0ec27cbbe8ca32ef14", "2580b7e5ab9ca31e8dd146f1e5e3bde58287794e4c876ae6e74ab2b93f38fc90"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "process-requested-softice", "hashes": ["4ce9d9c4d2bb24b5e1f2c7429f2fcd04096ee3038cf7bf3f1ec33d040a4e37fc", "78684bb61de2e43084294d8e38974d3e5150174fe5f0282c40ef701d5d621ab7", "efc1da346ba66ebd0defb0be5cda235c16116b24778ad2ec386de715bec0bcdb", "e9bf3013a7a3985eb4c658e8973147c70770e96edb70b12faa77ea469312d0bd", "2e3cbe941ab655a6d3ea57382028a75794ebd7895dfaba49ac3aad78921f172f", "6b11b23dbbc86681e47b0aa7e8406d7782e790ee187020e46762312c4cc8b9a8", "bf95dc1c0b1b6c234eb8eac2a967c38adbf28bf9aa22558aff970fc92def0813", "b780a6616b56776be514c74c969be3c2b51acd03b81f3ace8d666d5d4b0d1feb", "c4736cc96c32c48fb86a39d47b5732dc3171f71c0d48033cb1d4c9e62f0b08ea", "7deb18fe91d5c043b06f0d7cb3894176b8eaf26b76f3cec14aae17bd91facb8a"], "mitre_attack_tags": ["TA0005", "TA0007", "T1497"]}, {"bi": "pe-header-timestamp-prior", "hashes": ["78684bb61de2e43084294d8e38974d3e5150174fe5f0282c40ef701d5d621ab7", "efc1da346ba66ebd0defb0be5cda235c16116b24778ad2ec386de715bec0bcdb", "e9bf3013a7a3985eb4c658e8973147c70770e96edb70b12faa77ea469312d0bd", "2e3cbe941ab655a6d3ea57382028a75794ebd7895dfaba49ac3aad78921f172f", "b780a6616b56776be514c74c969be3c2b51acd03b81f3ace8d666d5d4b0d1feb", "c4736cc96c32c48fb86a39d47b5732dc3171f71c0d48033cb1d4c9e62f0b08ea", "43931b0b9523f9f80e6846838495bfcdfac29b4ad4f47e24032ac02c1d0158f2", "7deb18fe91d5c043b06f0d7cb3894176b8eaf26b76f3cec14aae17bd91facb8a", "69780d868e9beee05b3070af2dfc55e953ecde1d826aef0ec27cbbe8ca32ef14"], "mitre_attack_tags": []}, {"bi": "pe-invalid-checksum", "hashes": ["4ce9d9c4d2bb24b5e1f2c7429f2fcd04096ee3038cf7bf3f1ec33d040a4e37fc", "78684bb61de2e43084294d8e38974d3e5150174fe5f0282c40ef701d5d621ab7", "3c39945e576bdfe9a878b8543c925bbd48f03a778c4f4aabb50362aff6340bfa", "2e3cbe941ab655a6d3ea57382028a75794ebd7895dfaba49ac3aad78921f172f", "bf95dc1c0b1b6c234eb8eac2a967c38adbf28bf9aa22558aff970fc92def0813", "b780a6616b56776be514c74c969be3c2b51acd03b81f3ace8d666d5d4b0d1feb", "c4736cc96c32c48fb86a39d47b5732dc3171f71c0d48033cb1d4c9e62f0b08ea"], "mitre_attack_tags": []}, {"bi": "pe-packed-upx", "hashes": ["4ce9d9c4d2bb24b5e1f2c7429f2fcd04096ee3038cf7bf3f1ec33d040a4e37fc", "78684bb61de2e43084294d8e38974d3e5150174fe5f0282c40ef701d5d621ab7", "16d1317d954506fb689c594e0dbea407c5d224882d02ee9c97944ecaf2aa815e", "e9bf3013a7a3985eb4c658e8973147c70770e96edb70b12faa77ea469312d0bd", "b780a6616b56776be514c74c969be3c2b51acd03b81f3ace8d666d5d4b0d1feb", "7deb18fe91d5c043b06f0d7cb3894176b8eaf26b76f3cec14aae17bd91facb8a", "2580b7e5ab9ca31e8dd146f1e5e3bde58287794e4c876ae6e74ab2b93f38fc90"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "network-fast-flux-nameserver", "hashes": ["4ce9d9c4d2bb24b5e1f2c7429f2fcd04096ee3038cf7bf3f1ec33d040a4e37fc", "6b11b23dbbc86681e47b0aa7e8406d7782e790ee187020e46762312c4cc8b9a8", "48e01c9d590f702876d78f5c7eb7c6d1473174c062e34aafd496fbccfff530ba", "43931b0b9523f9f80e6846838495bfcdfac29b4ad4f47e24032ac02c1d0158f2", "7deb18fe91d5c043b06f0d7cb3894176b8eaf26b76f3cec14aae17bd91facb8a", "69780d868e9beee05b3070af2dfc55e953ecde1d826aef0ec27cbbe8ca32ef14", "2580b7e5ab9ca31e8dd146f1e5e3bde58287794e4c876ae6e74ab2b93f38fc90"], "mitre_attack_tags": []}, {"bi": "deleted-executable-in-system-dir", "hashes": ["4ce9d9c4d2bb24b5e1f2c7429f2fcd04096ee3038cf7bf3f1ec33d040a4e37fc", "16d1317d954506fb689c594e0dbea407c5d224882d02ee9c97944ecaf2aa815e", "48e01c9d590f702876d78f5c7eb7c6d1473174c062e34aafd496fbccfff530ba", "b780a6616b56776be514c74c969be3c2b51acd03b81f3ace8d666d5d4b0d1feb", "7deb18fe91d5c043b06f0d7cb3894176b8eaf26b76f3cec14aae17bd91facb8a", "2580b7e5ab9ca31e8dd146f1e5e3bde58287794e4c876ae6e74ab2b93f38fc90"], "mitre_attack_tags": []}, {"bi": "network-dns-safe-categories", "hashes": ["4ce9d9c4d2bb24b5e1f2c7429f2fcd04096ee3038cf7bf3f1ec33d040a4e37fc", "48e01c9d590f702876d78f5c7eb7c6d1473174c062e34aafd496fbccfff530ba", "43931b0b9523f9f80e6846838495bfcdfac29b4ad4f47e24032ac02c1d0158f2", "7deb18fe91d5c043b06f0d7cb3894176b8eaf26b76f3cec14aae17bd91facb8a", "69780d868e9beee05b3070af2dfc55e953ecde1d826aef0ec27cbbe8ca32ef14", "2580b7e5ab9ca31e8dd146f1e5e3bde58287794e4c876ae6e74ab2b93f38fc90"], "mitre_attack_tags": []}, {"bi": "registry-activesetup-key-modified", "hashes": ["4ce9d9c4d2bb24b5e1f2c7429f2fcd04096ee3038cf7bf3f1ec33d040a4e37fc", "16d1317d954506fb689c594e0dbea407c5d224882d02ee9c97944ecaf2aa815e", "e9bf3013a7a3985eb4c658e8973147c70770e96edb70b12faa77ea469312d0bd", "48e01c9d590f702876d78f5c7eb7c6d1473174c062e34aafd496fbccfff530ba", "b780a6616b56776be514c74c969be3c2b51acd03b81f3ace8d666d5d4b0d1feb", "2580b7e5ab9ca31e8dd146f1e5e3bde58287794e4c876ae6e74ab2b93f38fc90"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "pe-uses-armadillo", "hashes": ["4ce9d9c4d2bb24b5e1f2c7429f2fcd04096ee3038cf7bf3f1ec33d040a4e37fc", "16d1317d954506fb689c594e0dbea407c5d224882d02ee9c97944ecaf2aa815e", "48e01c9d590f702876d78f5c7eb7c6d1473174c062e34aafd496fbccfff530ba", "b780a6616b56776be514c74c969be3c2b51acd03b81f3ace8d666d5d4b0d1feb", "2580b7e5ab9ca31e8dd146f1e5e3bde58287794e4c876ae6e74ab2b93f38fc90"], "mitre_attack_tags": ["TA0005", "TA0007", "T1027"]}, {"bi": "listening-port-opened", "hashes": ["4ce9d9c4d2bb24b5e1f2c7429f2fcd04096ee3038cf7bf3f1ec33d040a4e37fc", "16d1317d954506fb689c594e0dbea407c5d224882d02ee9c97944ecaf2aa815e", "48e01c9d590f702876d78f5c7eb7c6d1473174c062e34aafd496fbccfff530ba", "b780a6616b56776be514c74c969be3c2b51acd03b81f3ace8d666d5d4b0d1feb", "2580b7e5ab9ca31e8dd146f1e5e3bde58287794e4c876ae6e74ab2b93f38fc90"], "mitre_attack_tags": ["TA0011", "T1219"]}, {"bi": "registry-winlogon-key-modified-nt", "hashes": ["4ce9d9c4d2bb24b5e1f2c7429f2fcd04096ee3038cf7bf3f1ec33d040a4e37fc", "16d1317d954506fb689c594e0dbea407c5d224882d02ee9c97944ecaf2aa815e", "48e01c9d590f702876d78f5c7eb7c6d1473174c062e34aafd496fbccfff530ba", "b780a6616b56776be514c74c969be3c2b51acd03b81f3ace8d666d5d4b0d1feb", "2580b7e5ab9ca31e8dd146f1e5e3bde58287794e4c876ae6e74ab2b93f38fc90"], "mitre_attack_tags": ["TA0005", "TA0003", "TA0004", "T1112", "T1547"]}, {"bi": "dns-dynamic-domain", "hashes": ["4ce9d9c4d2bb24b5e1f2c7429f2fcd04096ee3038cf7bf3f1ec33d040a4e37fc", "48e01c9d590f702876d78f5c7eb7c6d1473174c062e34aafd496fbccfff530ba", "7deb18fe91d5c043b06f0d7cb3894176b8eaf26b76f3cec14aae17bd91facb8a", "2580b7e5ab9ca31e8dd146f1e5e3bde58287794e4c876ae6e74ab2b93f38fc90"], "mitre_attack_tags": ["TA0011", "T1568"]}, {"bi": "files-deleted-used-batch", "hashes": ["4ce9d9c4d2bb24b5e1f2c7429f2fcd04096ee3038cf7bf3f1ec33d040a4e37fc", "16d1317d954506fb689c594e0dbea407c5d224882d02ee9c97944ecaf2aa815e", "48e01c9d590f702876d78f5c7eb7c6d1473174c062e34aafd496fbccfff530ba", "2580b7e5ab9ca31e8dd146f1e5e3bde58287794e4c876ae6e74ab2b93f38fc90"], "mitre_attack_tags": ["TA0005"]}, {"bi": "cmd-exe-file-execution", "hashes": ["4ce9d9c4d2bb24b5e1f2c7429f2fcd04096ee3038cf7bf3f1ec33d040a4e37fc", "16d1317d954506fb689c594e0dbea407c5d224882d02ee9c97944ecaf2aa815e", "48e01c9d590f702876d78f5c7eb7c6d1473174c062e34aafd496fbccfff530ba", "2580b7e5ab9ca31e8dd146f1e5e3bde58287794e4c876ae6e74ab2b93f38fc90"], "mitre_attack_tags": ["TA0002", "T1059"]}, {"bi": "artifact-flagged-antianalysis", "hashes": ["4ce9d9c4d2bb24b5e1f2c7429f2fcd04096ee3038cf7bf3f1ec33d040a4e37fc", "efc1da346ba66ebd0defb0be5cda235c16116b24778ad2ec386de715bec0bcdb", "2e3cbe941ab655a6d3ea57382028a75794ebd7895dfaba49ac3aad78921f172f", "c4736cc96c32c48fb86a39d47b5732dc3171f71c0d48033cb1d4c9e62f0b08ea"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "cmd-misleading-extension-execution", "hashes": ["4ce9d9c4d2bb24b5e1f2c7429f2fcd04096ee3038cf7bf3f1ec33d040a4e37fc", "16d1317d954506fb689c594e0dbea407c5d224882d02ee9c97944ecaf2aa815e", "48e01c9d590f702876d78f5c7eb7c6d1473174c062e34aafd496fbccfff530ba", "2580b7e5ab9ca31e8dd146f1e5e3bde58287794e4c876ae6e74ab2b93f38fc90"], "mitre_attack_tags": ["TA0005"]}, {"bi": "registry-disablesuac", "hashes": ["78684bb61de2e43084294d8e38974d3e5150174fe5f0282c40ef701d5d621ab7", "43931b0b9523f9f80e6846838495bfcdfac29b4ad4f47e24032ac02c1d0158f2", "7deb18fe91d5c043b06f0d7cb3894176b8eaf26b76f3cec14aae17bd91facb8a", "69780d868e9beee05b3070af2dfc55e953ecde1d826aef0ec27cbbe8ca32ef14"], "mitre_attack_tags": ["TA0005", "TA0004", "T1548", "T1562"]}, {"bi": "malware-turkojan-mutex-detected", "hashes": ["78684bb61de2e43084294d8e38974d3e5150174fe5f0282c40ef701d5d621ab7", "43931b0b9523f9f80e6846838495bfcdfac29b4ad4f47e24032ac02c1d0158f2", "7deb18fe91d5c043b06f0d7cb3894176b8eaf26b76f3cec14aae17bd91facb8a", "69780d868e9beee05b3070af2dfc55e953ecde1d826aef0ec27cbbe8ca32ef14"], "mitre_attack_tags": []}, {"bi": "registry-service-autostart-disabled", "hashes": ["16d1317d954506fb689c594e0dbea407c5d224882d02ee9c97944ecaf2aa815e", "48e01c9d590f702876d78f5c7eb7c6d1473174c062e34aafd496fbccfff530ba", "b780a6616b56776be514c74c969be3c2b51acd03b81f3ace8d666d5d4b0d1feb", "2580b7e5ab9ca31e8dd146f1e5e3bde58287794e4c876ae6e74ab2b93f38fc90"], "mitre_attack_tags": ["TA0005", "TA0040", "TA0003", "TA0004", "T1112", "T1574", "T1489"]}, {"bi": "net-service-stop", "hashes": ["16d1317d954506fb689c594e0dbea407c5d224882d02ee9c97944ecaf2aa815e", "48e01c9d590f702876d78f5c7eb7c6d1473174c062e34aafd496fbccfff530ba", "b780a6616b56776be514c74c969be3c2b51acd03b81f3ace8d666d5d4b0d1feb", "2580b7e5ab9ca31e8dd146f1e5e3bde58287794e4c876ae6e74ab2b93f38fc90"], "mitre_attack_tags": ["TA0002", "T1569"]}, {"bi": "registry-service-type-modified", "hashes": ["16d1317d954506fb689c594e0dbea407c5d224882d02ee9c97944ecaf2aa815e", "48e01c9d590f702876d78f5c7eb7c6d1473174c062e34aafd496fbccfff530ba", "b780a6616b56776be514c74c969be3c2b51acd03b81f3ace8d666d5d4b0d1feb", "2580b7e5ab9ca31e8dd146f1e5e3bde58287794e4c876ae6e74ab2b93f38fc90"], "mitre_attack_tags": ["TA0005", "TA0003", "TA0004", "T1112", "T1574"]}, {"bi": "registry-disable-windefender", "hashes": ["16d1317d954506fb689c594e0dbea407c5d224882d02ee9c97944ecaf2aa815e", "48e01c9d590f702876d78f5c7eb7c6d1473174c062e34aafd496fbccfff530ba", "b780a6616b56776be514c74c969be3c2b51acd03b81f3ace8d666d5d4b0d1feb", "2580b7e5ab9ca31e8dd146f1e5e3bde58287794e4c876ae6e74ab2b93f38fc90"], "mitre_attack_tags": ["TA0005", "T1562"]}, {"bi": "windows-crash-tool-execution-detected", "hashes": ["48e01c9d590f702876d78f5c7eb7c6d1473174c062e34aafd496fbccfff530ba", "b780a6616b56776be514c74c969be3c2b51acd03b81f3ace8d666d5d4b0d1feb", "5d3988d3e1f179c521916b9cab44bf663dacf9a4eb54065475f7619a89a85160", "2580b7e5ab9ca31e8dd146f1e5e3bde58287794e4c876ae6e74ab2b93f38fc90"], "mitre_attack_tags": []}, {"bi": "crash-dump-file-created", "hashes": ["48e01c9d590f702876d78f5c7eb7c6d1473174c062e34aafd496fbccfff530ba", "b780a6616b56776be514c74c969be3c2b51acd03b81f3ace8d666d5d4b0d1feb", "5d3988d3e1f179c521916b9cab44bf663dacf9a4eb54065475f7619a89a85160", "2580b7e5ab9ca31e8dd146f1e5e3bde58287794e4c876ae6e74ab2b93f38fc90"], "mitre_attack_tags": []}, {"bi": "fault-report-file-created", "hashes": ["48e01c9d590f702876d78f5c7eb7c6d1473174c062e34aafd496fbccfff530ba", "b780a6616b56776be514c74c969be3c2b51acd03b81f3ace8d666d5d4b0d1feb", "5d3988d3e1f179c521916b9cab44bf663dacf9a4eb54065475f7619a89a85160", "2580b7e5ab9ca31e8dd146f1e5e3bde58287794e4c876ae6e74ab2b93f38fc90"], "mitre_attack_tags": []}, {"bi": "dns-query-nxdomain", "hashes": ["4ce9d9c4d2bb24b5e1f2c7429f2fcd04096ee3038cf7bf3f1ec33d040a4e37fc", "48e01c9d590f702876d78f5c7eb7c6d1473174c062e34aafd496fbccfff530ba", "2580b7e5ab9ca31e8dd146f1e5e3bde58287794e4c876ae6e74ab2b93f38fc90"], "mitre_attack_tags": []}, {"bi": "excessive-foreign-memory-modification", "hashes": ["288990debffcd3adb7af4e84c86f83e49f1c3726b95f61bf84fded46fbd74a77", "3c39945e576bdfe9a878b8543c925bbd48f03a778c4f4aabb50362aff6340bfa", "e9bf3013a7a3985eb4c658e8973147c70770e96edb70b12faa77ea469312d0bd"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "artifact-flagged-sandbox", "hashes": ["efc1da346ba66ebd0defb0be5cda235c16116b24778ad2ec386de715bec0bcdb", "2e3cbe941ab655a6d3ea57382028a75794ebd7895dfaba49ac3aad78921f172f", "c4736cc96c32c48fb86a39d47b5732dc3171f71c0d48033cb1d4c9e62f0b08ea"], "mitre_attack_tags": ["TA0005", "TA0007", "T1497"]}, {"bi": "artifact-vm-detect", "hashes": ["efc1da346ba66ebd0defb0be5cda235c16116b24778ad2ec386de715bec0bcdb", "2e3cbe941ab655a6d3ea57382028a75794ebd7895dfaba49ac3aad78921f172f", "c4736cc96c32c48fb86a39d47b5732dc3171f71c0d48033cb1d4c9e62f0b08ea"], "mitre_attack_tags": ["TA0005", "TA0007", "T1497"]}, {"bi": "malware-darkcomet-mutex-detected", "hashes": ["efc1da346ba66ebd0defb0be5cda235c16116b24778ad2ec386de715bec0bcdb", "2e3cbe941ab655a6d3ea57382028a75794ebd7895dfaba49ac3aad78921f172f", "c4736cc96c32c48fb86a39d47b5732dc3171f71c0d48033cb1d4c9e62f0b08ea"], "mitre_attack_tags": []}, {"bi": "artifact-exec-extension-obfuscation", "hashes": ["e9bf3013a7a3985eb4c658e8973147c70770e96edb70b12faa77ea469312d0bd", "bf95dc1c0b1b6c234eb8eac2a967c38adbf28bf9aa22558aff970fc92def0813", "2580b7e5ab9ca31e8dd146f1e5e3bde58287794e4c876ae6e74ab2b93f38fc90"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-filename-mismatch", "hashes": ["4ce9d9c4d2bb24b5e1f2c7429f2fcd04096ee3038cf7bf3f1ec33d040a4e37fc", "e9bf3013a7a3985eb4c658e8973147c70770e96edb70b12faa77ea469312d0bd"], "mitre_attack_tags": []}, {"bi": "pe-uses-visual-basic", "hashes": ["4ce9d9c4d2bb24b5e1f2c7429f2fcd04096ee3038cf7bf3f1ec33d040a4e37fc", "78684bb61de2e43084294d8e38974d3e5150174fe5f0282c40ef701d5d621ab7"], "mitre_attack_tags": []}, {"bi": "embedded-pe-resource2", "hashes": ["78684bb61de2e43084294d8e38974d3e5150174fe5f0282c40ef701d5d621ab7", "7deb18fe91d5c043b06f0d7cb3894176b8eaf26b76f3cec14aae17bd91facb8a"], "mitre_attack_tags": []}, {"bi": "network-communications-http-get", "hashes": ["16d1317d954506fb689c594e0dbea407c5d224882d02ee9c97944ecaf2aa815e", "6b11b23dbbc86681e47b0aa7e8406d7782e790ee187020e46762312c4cc8b9a8"], "mitre_attack_tags": ["TA0011", "T1105"]}, {"bi": "network-only-safe-domains-contacted", "hashes": ["16d1317d954506fb689c594e0dbea407c5d224882d02ee9c97944ecaf2aa815e", "6b11b23dbbc86681e47b0aa7e8406d7782e790ee187020e46762312c4cc8b9a8"], "mitre_attack_tags": []}, {"bi": "feed-domain-antivirus-service", "hashes": ["16d1317d954506fb689c594e0dbea407c5d224882d02ee9c97944ecaf2aa815e", "6b11b23dbbc86681e47b0aa7e8406d7782e790ee187020e46762312c4cc8b9a8"], "mitre_attack_tags": []}, {"bi": "http-response-redirect", "hashes": ["16d1317d954506fb689c594e0dbea407c5d224882d02ee9c97944ecaf2aa815e", "6b11b23dbbc86681e47b0aa7e8406d7782e790ee187020e46762312c4cc8b9a8"], "mitre_attack_tags": []}, {"bi": "pe-imports-psapi-dll", "hashes": ["e9bf3013a7a3985eb4c658e8973147c70770e96edb70b12faa77ea469312d0bd", "bf95dc1c0b1b6c234eb8eac2a967c38adbf28bf9aa22558aff970fc92def0813"], "mitre_attack_tags": ["TA0007", "T1057"]}, {"bi": "pe-imports-empty", "hashes": ["48e01c9d590f702876d78f5c7eb7c6d1473174c062e34aafd496fbccfff530ba", "b780a6616b56776be514c74c969be3c2b51acd03b81f3ace8d666d5d4b0d1feb"], "mitre_attack_tags": []}, {"bi": "network-dns-category-dynamic", "hashes": ["43931b0b9523f9f80e6846838495bfcdfac29b4ad4f47e24032ac02c1d0158f2", "69780d868e9beee05b3070af2dfc55e953ecde1d826aef0ec27cbbe8ca32ef14"], "mitre_attack_tags": []}, {"bi": "pe-vb-imports-toolhelp", "hashes": ["4ce9d9c4d2bb24b5e1f2c7429f2fcd04096ee3038cf7bf3f1ec33d040a4e37fc"], "mitre_attack_tags": ["TA0007", "T1057"]}, {"bi": "artifact-av-detect", "hashes": ["4ce9d9c4d2bb24b5e1f2c7429f2fcd04096ee3038cf7bf3f1ec33d040a4e37fc"], "mitre_attack_tags": ["TA0007", "T1518"]}, {"bi": "pe-packed-asprotect", "hashes": ["4ce9d9c4d2bb24b5e1f2c7429f2fcd04096ee3038cf7bf3f1ec33d040a4e37fc"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "process-with-multiple-children", "hashes": ["78684bb61de2e43084294d8e38974d3e5150174fe5f0282c40ef701d5d621ab7"], "mitre_attack_tags": ["TA0005"]}, {"bi": "malware-bifrost-default-mutex-detected", "hashes": ["3c39945e576bdfe9a878b8543c925bbd48f03a778c4f4aabb50362aff6340bfa"], "mitre_attack_tags": []}, {"bi": "nginx-webserver-detected", "hashes": ["16d1317d954506fb689c594e0dbea407c5d224882d02ee9c97944ecaf2aa815e"], "mitre_attack_tags": []}, {"bi": "network-fast-flux-domain", "hashes": ["16d1317d954506fb689c594e0dbea407c5d224882d02ee9c97944ecaf2aa815e"], "mitre_attack_tags": []}, {"bi": "feed-domain-rat", "hashes": ["16d1317d954506fb689c594e0dbea407c5d224882d02ee9c97944ecaf2aa815e"], "mitre_attack_tags": []}, {"bi": "malware-svchost-misspell", "hashes": ["e9bf3013a7a3985eb4c658e8973147c70770e96edb70b12faa77ea469312d0bd"], "mitre_attack_tags": ["TA0005", "T1036"]}, {"bi": "malware-misspell-binary", "hashes": ["e9bf3013a7a3985eb4c658e8973147c70770e96edb70b12faa77ea469312d0bd"], "mitre_attack_tags": ["TA0005", "T1036"]}, {"bi": "pe-uses-autoit", "hashes": ["e9bf3013a7a3985eb4c658e8973147c70770e96edb70b12faa77ea469312d0bd"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "unsigned-roaming-execution", "hashes": ["2e3cbe941ab655a6d3ea57382028a75794ebd7895dfaba49ac3aad78921f172f"], "mitre_attack_tags": ["TA0005"]}, {"bi": "url-not-found", "hashes": ["6b11b23dbbc86681e47b0aa7e8406d7782e790ee187020e46762312c4cc8b9a8"], "mitre_attack_tags": []}, {"bi": "pe-imports-toolhelp", "hashes": ["48e01c9d590f702876d78f5c7eb7c6d1473174c062e34aafd496fbccfff530ba"], "mitre_attack_tags": ["TA0007", "T1057"]}, {"bi": "imports-IsDebuggerPresent", "hashes": ["bf95dc1c0b1b6c234eb8eac2a967c38adbf28bf9aa22558aff970fc92def0813"], "mitre_attack_tags": ["TA0005", "TA0007"]}, {"bi": "pe-resource-lang-arabic", "hashes": ["bf95dc1c0b1b6c234eb8eac2a967c38adbf28bf9aa22558aff970fc92def0813"], "mitre_attack_tags": []}, {"bi": "pe-resource-lang-romanian", "hashes": ["bf95dc1c0b1b6c234eb8eac2a967c38adbf28bf9aa22558aff970fc92def0813"], "mitre_attack_tags": []}, {"bi": "keylogger-ardamax-mutex", "hashes": ["bf95dc1c0b1b6c234eb8eac2a967c38adbf28bf9aa22558aff970fc92def0813"], "mitre_attack_tags": []}, {"bi": "network-private-ip-address", "hashes": ["b780a6616b56776be514c74c969be3c2b51acd03b81f3ace8d666d5d4b0d1feb"], "mitre_attack_tags": ["TA0007", "T1016"]}], "category": "Dropper", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": false, "Threat Grid": true, "Umbrella": false, "WSA": false}, "description": "Bifrost is a backdoor with more than 10 variants. Bifrost uses the typical server, server builder, and client backdoor program configuration to allow a remote attacker, who uses the client, to execute arbitrary code on the compromised machine. Bifrost contains standard RAT features including a file manager, screen capture utility, keylogging, video recording, microphone and camera monitoring, and a process manager. In order to mark its presence in the system, Bifrost uses a mutex that may be named \"Bif1234,\" or \"Tr0gBot.\"", "hashes": ["16d1317d954506fb689c594e0dbea407c5d224882d02ee9c97944ecaf2aa815e", "2580b7e5ab9ca31e8dd146f1e5e3bde58287794e4c876ae6e74ab2b93f38fc90", "288990debffcd3adb7af4e84c86f83e49f1c3726b95f61bf84fded46fbd74a77", "2e3cbe941ab655a6d3ea57382028a75794ebd7895dfaba49ac3aad78921f172f", "3c39945e576bdfe9a878b8543c925bbd48f03a778c4f4aabb50362aff6340bfa", "43931b0b9523f9f80e6846838495bfcdfac29b4ad4f47e24032ac02c1d0158f2", "48e01c9d590f702876d78f5c7eb7c6d1473174c062e34aafd496fbccfff530ba", "4ce9d9c4d2bb24b5e1f2c7429f2fcd04096ee3038cf7bf3f1ec33d040a4e37fc", "5d3988d3e1f179c521916b9cab44bf663dacf9a4eb54065475f7619a89a85160", "69780d868e9beee05b3070af2dfc55e953ecde1d826aef0ec27cbbe8ca32ef14", "6b11b23dbbc86681e47b0aa7e8406d7782e790ee187020e46762312c4cc8b9a8", "78684bb61de2e43084294d8e38974d3e5150174fe5f0282c40ef701d5d621ab7", "7deb18fe91d5c043b06f0d7cb3894176b8eaf26b76f3cec14aae17bd91facb8a", "b780a6616b56776be514c74c969be3c2b51acd03b81f3ace8d666d5d4b0d1feb", "bf95dc1c0b1b6c234eb8eac2a967c38adbf28bf9aa22558aff970fc92def0813", "c4736cc96c32c48fb86a39d47b5732dc3171f71c0d48033cb1d4c9e62f0b08ea", "e9bf3013a7a3985eb4c658e8973147c70770e96edb70b12faa77ea469312d0bd", "efc1da346ba66ebd0defb0be5cda235c16116b24778ad2ec386de715bec0bcdb"], "iocs": {"domain": [{"hashes": ["43931b0b9523f9f80e6846838495bfcdfac29b4ad4f47e24032ac02c1d0158f2", "69780d868e9beee05b3070af2dfc55e953ecde1d826aef0ec27cbbe8ca32ef14"], "host": "jrpg30[.]no-ip[.]biz"}, {"hashes": ["7deb18fe91d5c043b06f0d7cb3894176b8eaf26b76f3cec14aae17bd91facb8a"], "host": "vasadosvandalo[.]no-ip[.]org"}, {"hashes": ["16d1317d954506fb689c594e0dbea407c5d224882d02ee9c97944ecaf2aa815e"], "host": "www[.]icq[.]com"}, {"hashes": ["4ce9d9c4d2bb24b5e1f2c7429f2fcd04096ee3038cf7bf3f1ec33d040a4e37fc"], "host": "racker[.]no-ip[.]org"}, {"hashes": ["2580b7e5ab9ca31e8dd146f1e5e3bde58287794e4c876ae6e74ab2b93f38fc90"], "host": "jrpg30[.]no-ip[.]org"}, {"hashes": ["4ce9d9c4d2bb24b5e1f2c7429f2fcd04096ee3038cf7bf3f1ec33d040a4e37fc"], "host": "racker[.]no-ip[.]org2"}, {"hashes": ["2580b7e5ab9ca31e8dd146f1e5e3bde58287794e4c876ae6e74ab2b93f38fc90"], "host": "jrpg30[.]no-ip[.]org2"}, {"hashes": ["48e01c9d590f702876d78f5c7eb7c6d1473174c062e34aafd496fbccfff530ba"], "host": "tallmaster[.]no-ip[.]org"}, {"hashes": ["48e01c9d590f702876d78f5c7eb7c6d1473174c062e34aafd496fbccfff530ba"], "host": "tallmaster[.]no-ip[.]org2"}], "file": [{"hashes": ["16d1317d954506fb689c594e0dbea407c5d224882d02ee9c97944ecaf2aa815e", "2580b7e5ab9ca31e8dd146f1e5e3bde58287794e4c876ae6e74ab2b93f38fc90", "48e01c9d590f702876d78f5c7eb7c6d1473174c062e34aafd496fbccfff530ba", "4ce9d9c4d2bb24b5e1f2c7429f2fcd04096ee3038cf7bf3f1ec33d040a4e37fc", "b780a6616b56776be514c74c969be3c2b51acd03b81f3ace8d666d5d4b0d1feb"], "path": "%SystemRoot%\\services.exe"}, {"hashes": ["16d1317d954506fb689c594e0dbea407c5d224882d02ee9c97944ecaf2aa815e", "2580b7e5ab9ca31e8dd146f1e5e3bde58287794e4c876ae6e74ab2b93f38fc90", "48e01c9d590f702876d78f5c7eb7c6d1473174c062e34aafd496fbccfff530ba", "4ce9d9c4d2bb24b5e1f2c7429f2fcd04096ee3038cf7bf3f1ec33d040a4e37fc", "b780a6616b56776be514c74c969be3c2b51acd03b81f3ace8d666d5d4b0d1feb"], "path": "%System16%\\sservice.exe"}, {"hashes": ["16d1317d954506fb689c594e0dbea407c5d224882d02ee9c97944ecaf2aa815e", "2580b7e5ab9ca31e8dd146f1e5e3bde58287794e4c876ae6e74ab2b93f38fc90", "48e01c9d590f702876d78f5c7eb7c6d1473174c062e34aafd496fbccfff530ba", "4ce9d9c4d2bb24b5e1f2c7429f2fcd04096ee3038cf7bf3f1ec33d040a4e37fc", "b780a6616b56776be514c74c969be3c2b51acd03b81f3ace8d666d5d4b0d1feb"], "path": "%SystemRoot%\\SysWOW64\\fservice.exe"}, {"hashes": ["16d1317d954506fb689c594e0dbea407c5d224882d02ee9c97944ecaf2aa815e", "2580b7e5ab9ca31e8dd146f1e5e3bde58287794e4c876ae6e74ab2b93f38fc90", "48e01c9d590f702876d78f5c7eb7c6d1473174c062e34aafd496fbccfff530ba", "4ce9d9c4d2bb24b5e1f2c7429f2fcd04096ee3038cf7bf3f1ec33d040a4e37fc", "b780a6616b56776be514c74c969be3c2b51acd03b81f3ace8d666d5d4b0d1feb"], "path": "%SystemRoot%\\SysWOW64\\winkey.dll"}, {"hashes": ["16d1317d954506fb689c594e0dbea407c5d224882d02ee9c97944ecaf2aa815e", "2580b7e5ab9ca31e8dd146f1e5e3bde58287794e4c876ae6e74ab2b93f38fc90", "48e01c9d590f702876d78f5c7eb7c6d1473174c062e34aafd496fbccfff530ba", "4ce9d9c4d2bb24b5e1f2c7429f2fcd04096ee3038cf7bf3f1ec33d040a4e37fc", "b780a6616b56776be514c74c969be3c2b51acd03b81f3ace8d666d5d4b0d1feb"], "path": "%SystemRoot%\\SysWOW64\\reginv.dll"}, {"hashes": ["43931b0b9523f9f80e6846838495bfcdfac29b4ad4f47e24032ac02c1d0158f2", "69780d868e9beee05b3070af2dfc55e953ecde1d826aef0ec27cbbe8ca32ef14", "78684bb61de2e43084294d8e38974d3e5150174fe5f0282c40ef701d5d621ab7", "7deb18fe91d5c043b06f0d7cb3894176b8eaf26b76f3cec14aae17bd91facb8a"], "path": "%SystemRoot%\\cmsetac.dll"}, {"hashes": ["43931b0b9523f9f80e6846838495bfcdfac29b4ad4f47e24032ac02c1d0158f2", "69780d868e9beee05b3070af2dfc55e953ecde1d826aef0ec27cbbe8ca32ef14", "78684bb61de2e43084294d8e38974d3e5150174fe5f0282c40ef701d5d621ab7", "7deb18fe91d5c043b06f0d7cb3894176b8eaf26b76f3cec14aae17bd91facb8a"], "path": "%SystemRoot%\\ntdtcstp.dll"}, {"hashes": ["288990debffcd3adb7af4e84c86f83e49f1c3726b95f61bf84fded46fbd74a77", "3c39945e576bdfe9a878b8543c925bbd48f03a778c4f4aabb50362aff6340bfa"], "path": "%APPDATA%\\addon.dat"}, {"hashes": ["78684bb61de2e43084294d8e38974d3e5150174fe5f0282c40ef701d5d621ab7", "7deb18fe91d5c043b06f0d7cb3894176b8eaf26b76f3cec14aae17bd91facb8a"], "path": "%SystemRoot%\\mstwain32.exe"}, {"hashes": ["43931b0b9523f9f80e6846838495bfcdfac29b4ad4f47e24032ac02c1d0158f2", "69780d868e9beee05b3070af2dfc55e953ecde1d826aef0ec27cbbe8ca32ef14"], "path": "%SystemRoot%\\tkjn.exe"}, {"hashes": ["2e3cbe941ab655a6d3ea57382028a75794ebd7895dfaba49ac3aad78921f172f"], "path": "%APPDATA%\\8570673.exe"}, {"hashes": ["2580b7e5ab9ca31e8dd146f1e5e3bde58287794e4c876ae6e74ab2b93f38fc90"], "path": "%TEMP%\\njq6086.tmp"}, {"hashes": ["4ce9d9c4d2bb24b5e1f2c7429f2fcd04096ee3038cf7bf3f1ec33d040a4e37fc"], "path": "%TEMP%\\Kill1.exe"}, {"hashes": ["4ce9d9c4d2bb24b5e1f2c7429f2fcd04096ee3038cf7bf3f1ec33d040a4e37fc"], "path": "%TEMP%\\Kill2.exe"}, {"hashes": ["4ce9d9c4d2bb24b5e1f2c7429f2fcd04096ee3038cf7bf3f1ec33d040a4e37fc"], "path": "%SystemRoot%\\3790487.exe.bat"}, {"hashes": ["16d1317d954506fb689c594e0dbea407c5d224882d02ee9c97944ecaf2aa815e"], "path": "%TEMP%\\1878931.exe"}, {"hashes": ["16d1317d954506fb689c594e0dbea407c5d224882d02ee9c97944ecaf2aa815e"], "path": "%TEMP%\\7582623.jpg"}, {"hashes": ["2580b7e5ab9ca31e8dd146f1e5e3bde58287794e4c876ae6e74ab2b93f38fc90"], "path": "%TEMP%\\gjq6344.tmp"}, {"hashes": ["78684bb61de2e43084294d8e38974d3e5150174fe5f0282c40ef701d5d621ab7"], "path": "%TEMP%\\PROGRAMA iTouch.exe"}, {"hashes": ["4ce9d9c4d2bb24b5e1f2c7429f2fcd04096ee3038cf7bf3f1ec33d040a4e37fc"], "path": "%SystemRoot%\\1068842.jpg"}, {"hashes": ["4ce9d9c4d2bb24b5e1f2c7429f2fcd04096ee3038cf7bf3f1ec33d040a4e37fc"], "path": "%SystemRoot%\\3790487.exe"}, {"hashes": ["4ce9d9c4d2bb24b5e1f2c7429f2fcd04096ee3038cf7bf3f1ec33d040a4e37fc"], "path": "%SystemRoot%\\7981640.exe"}, {"hashes": ["2580b7e5ab9ca31e8dd146f1e5e3bde58287794e4c876ae6e74ab2b93f38fc90"], "path": "%TEMP%\\6118084.jpg"}, {"hashes": ["2580b7e5ab9ca31e8dd146f1e5e3bde58287794e4c876ae6e74ab2b93f38fc90"], "path": "%TEMP%\\6221277.exe"}, {"hashes": ["bf95dc1c0b1b6c234eb8eac2a967c38adbf28bf9aa22558aff970fc92def0813"], "path": "%SystemRoot%\\SysWOW64\\FGOIKG\\AKV.exe"}, {"hashes": ["bf95dc1c0b1b6c234eb8eac2a967c38adbf28bf9aa22558aff970fc92def0813"], "path": "%SystemRoot%\\SysWOW64\\FGOIKG\\ELN.001"}, {"hashes": ["bf95dc1c0b1b6c234eb8eac2a967c38adbf28bf9aa22558aff970fc92def0813"], "path": "%SystemRoot%\\SysWOW64\\FGOIKG\\ELN.002"}, {"hashes": ["bf95dc1c0b1b6c234eb8eac2a967c38adbf28bf9aa22558aff970fc92def0813"], "path": "%SystemRoot%\\SysWOW64\\FGOIKG\\ELN.004"}, {"hashes": ["bf95dc1c0b1b6c234eb8eac2a967c38adbf28bf9aa22558aff970fc92def0813"], "path": "%SystemRoot%\\SysWOW64\\FGOIKG\\ELN.exe"}, {"hashes": ["69780d868e9beee05b3070af2dfc55e953ecde1d826aef0ec27cbbe8ca32ef14"], "path": "%TEMP%\\2852137.exe"}, {"hashes": ["69780d868e9beee05b3070af2dfc55e953ecde1d826aef0ec27cbbe8ca32ef14"], "path": "%TEMP%\\6225506.jpg"}, {"hashes": ["bf95dc1c0b1b6c234eb8eac2a967c38adbf28bf9aa22558aff970fc92def0813"], "path": "%TEMP%\\2940027.jpg"}, {"hashes": ["bf95dc1c0b1b6c234eb8eac2a967c38adbf28bf9aa22558aff970fc92def0813"], "path": "%TEMP%\\5961834.exe"}, {"hashes": ["78684bb61de2e43084294d8e38974d3e5150174fe5f0282c40ef701d5d621ab7"], "path": "%TEMP%\\iTouch.exe"}, {"hashes": ["78684bb61de2e43084294d8e38974d3e5150174fe5f0282c40ef701d5d621ab7"], "path": "%TEMP%\\jpgxp.ico"}, {"hashes": ["6b11b23dbbc86681e47b0aa7e8406d7782e790ee187020e46762312c4cc8b9a8"], "path": "%TEMP%\\1415674.mp3"}, {"hashes": ["6b11b23dbbc86681e47b0aa7e8406d7782e790ee187020e46762312c4cc8b9a8"], "path": "%TEMP%\\4597393.exe"}, {"hashes": ["b780a6616b56776be514c74c969be3c2b51acd03b81f3ace8d666d5d4b0d1feb"], "path": "%SystemRoot%\\winservices.exe"}, {"hashes": ["b780a6616b56776be514c74c969be3c2b51acd03b81f3ace8d666d5d4b0d1feb"], "path": "%TEMP%\\3343318.exe"}, {"hashes": ["b780a6616b56776be514c74c969be3c2b51acd03b81f3ace8d666d5d4b0d1feb"], "path": "%TEMP%\\5113901.exe"}, {"hashes": ["b780a6616b56776be514c74c969be3c2b51acd03b81f3ace8d666d5d4b0d1feb"], "path": "%TEMP%\\6008984.exe"}, {"hashes": ["b780a6616b56776be514c74c969be3c2b51acd03b81f3ace8d666d5d4b0d1feb"], "path": "%TEMP%\\8393060.exe"}, {"hashes": ["b780a6616b56776be514c74c969be3c2b51acd03b81f3ace8d666d5d4b0d1feb"], "path": "%TEMP%\\9708455.exe"}, {"hashes": ["48e01c9d590f702876d78f5c7eb7c6d1473174c062e34aafd496fbccfff530ba"], "path": "%TEMP%\\2379267.exe.bat"}, {"hashes": ["48e01c9d590f702876d78f5c7eb7c6d1473174c062e34aafd496fbccfff530ba"], "path": "%TEMP%\\2379267.exe"}, {"hashes": ["48e01c9d590f702876d78f5c7eb7c6d1473174c062e34aafd496fbccfff530ba"], "path": "%TEMP%\\5925366.jpg"}, {"hashes": ["43931b0b9523f9f80e6846838495bfcdfac29b4ad4f47e24032ac02c1d0158f2"], "path": "%TEMP%\\4749218.jpg"}, {"hashes": ["43931b0b9523f9f80e6846838495bfcdfac29b4ad4f47e24032ac02c1d0158f2"], "path": "%TEMP%\\8812982.exe"}, {"hashes": ["78684bb61de2e43084294d8e38974d3e5150174fe5f0282c40ef701d5d621ab7"], "path": "%TEMP%\\1299402.exe"}, {"hashes": ["78684bb61de2e43084294d8e38974d3e5150174fe5f0282c40ef701d5d621ab7"], "path": "%TEMP%\\883710.exe"}], "ip": [{"hashes": ["16d1317d954506fb689c594e0dbea407c5d224882d02ee9c97944ecaf2aa815e"], "ip": "178[.]237[.]20[.]14"}, {"hashes": ["6b11b23dbbc86681e47b0aa7e8406d7782e790ee187020e46762312c4cc8b9a8"], "ip": "23[.]222[.]236[.]33"}, {"hashes": ["16d1317d954506fb689c594e0dbea407c5d224882d02ee9c97944ecaf2aa815e"], "ip": "24[.]201[.]72[.]161"}], "mutex": [{"hashes": ["43931b0b9523f9f80e6846838495bfcdfac29b4ad4f47e24032ac02c1d0158f2", "69780d868e9beee05b3070af2dfc55e953ecde1d826aef0ec27cbbe8ca32ef14", "78684bb61de2e43084294d8e38974d3e5150174fe5f0282c40ef701d5d621ab7", "7deb18fe91d5c043b06f0d7cb3894176b8eaf26b76f3cec14aae17bd91facb8a"], "name": "ASPLOG"}, {"hashes": ["43931b0b9523f9f80e6846838495bfcdfac29b4ad4f47e24032ac02c1d0158f2", "69780d868e9beee05b3070af2dfc55e953ecde1d826aef0ec27cbbe8ca32ef14", "78684bb61de2e43084294d8e38974d3e5150174fe5f0282c40ef701d5d621ab7", "7deb18fe91d5c043b06f0d7cb3894176b8eaf26b76f3cec14aae17bd91facb8a"], "name": "DENEK"}, {"hashes": ["2e3cbe941ab655a6d3ea57382028a75794ebd7895dfaba49ac3aad78921f172f", "c4736cc96c32c48fb86a39d47b5732dc3171f71c0d48033cb1d4c9e62f0b08ea"], "name": "_x_X_BLOCKMOUSE_X_x_"}, {"hashes": ["2e3cbe941ab655a6d3ea57382028a75794ebd7895dfaba49ac3aad78921f172f", "c4736cc96c32c48fb86a39d47b5732dc3171f71c0d48033cb1d4c9e62f0b08ea"], "name": "_x_X_PASSWORDLIST_X_x_"}, {"hashes": ["2e3cbe941ab655a6d3ea57382028a75794ebd7895dfaba49ac3aad78921f172f", "c4736cc96c32c48fb86a39d47b5732dc3171f71c0d48033cb1d4c9e62f0b08ea"], "name": "_x_X_UPDATE_X_x_"}, {"hashes": ["efc1da346ba66ebd0defb0be5cda235c16116b24778ad2ec386de715bec0bcdb"], "name": "Administrator5"}, {"hashes": ["3c39945e576bdfe9a878b8543c925bbd48f03a778c4f4aabb50362aff6340bfa"], "name": "Bif123"}, {"hashes": ["bf95dc1c0b1b6c234eb8eac2a967c38adbf28bf9aa22558aff970fc92def0813"], "name": "Local\\{D45184B2-D44D-4D99-931B-B84626BC5EF2}"}, {"hashes": ["5d3988d3e1f179c521916b9cab44bf663dacf9a4eb54065475f7619a89a85160"], "name": "Global\\71448401-8e57-11ed-9660-001517baa3de"}, {"hashes": ["e9bf3013a7a3985eb4c658e8973147c70770e96edb70b12faa77ea469312d0bd"], "name": "2AC1A572DB6944B0A65C38C4140AF2F45c072227468"}, {"hashes": ["e9bf3013a7a3985eb4c658e8973147c70770e96edb70b12faa77ea469312d0bd"], "name": "2AC1A572DB6944B0A65C38C4140AF2F45c072227490"}, {"hashes": ["e9bf3013a7a3985eb4c658e8973147c70770e96edb70b12faa77ea469312d0bd"], "name": "2AC1A572DB6944B0A65C38C4140AF2F45c0722274A4"}, {"hashes": ["e9bf3013a7a3985eb4c658e8973147c70770e96edb70b12faa77ea469312d0bd"], "name": "2AC1A572DB6944B0A65C38C4140AF2F45c0722274CC"}, {"hashes": ["e9bf3013a7a3985eb4c658e8973147c70770e96edb70b12faa77ea469312d0bd"], "name": "2AC1A572DB6944B0A65C38C4140AF2F45c07222758C"}, {"hashes": ["e9bf3013a7a3985eb4c658e8973147c70770e96edb70b12faa77ea469312d0bd"], "name": "2AC1A572DB6944B0A65C38C4140AF2F45c0722276DC"}, {"hashes": ["e9bf3013a7a3985eb4c658e8973147c70770e96edb70b12faa77ea469312d0bd"], "name": "2AC1A572DB6944B0A65C38C4140AF2F45c072227710"}, {"hashes": ["e9bf3013a7a3985eb4c658e8973147c70770e96edb70b12faa77ea469312d0bd"], "name": "2AC1A572DB6944B0A65C38C4140AF2F45c072227750"}, {"hashes": ["e9bf3013a7a3985eb4c658e8973147c70770e96edb70b12faa77ea469312d0bd"], "name": "2AC1A572DB6944B0A65C38C4140AF2F45c072227828"}, {"hashes": ["e9bf3013a7a3985eb4c658e8973147c70770e96edb70b12faa77ea469312d0bd"], "name": "2AC1A572DB6944B0A65C38C4140AF2F45c0722278B0"}, {"hashes": ["e9bf3013a7a3985eb4c658e8973147c70770e96edb70b12faa77ea469312d0bd"], "name": "2AC1A572DB6944B0A65C38C4140AF2F45c073D96134"}, {"hashes": ["2580b7e5ab9ca31e8dd146f1e5e3bde58287794e4c876ae6e74ab2b93f38fc90"], "name": "Global\\7970dca1-8e57-11ed-9660-001517f0cb6e"}, {"hashes": ["b780a6616b56776be514c74c969be3c2b51acd03b81f3ace8d666d5d4b0d1feb"], "name": "Global\\8aa08521-8e57-11ed-9660-001517ec5612"}, {"hashes": ["48e01c9d590f702876d78f5c7eb7c6d1473174c062e34aafd496fbccfff530ba"], "name": "Global\\82b4eea1-8e57-11ed-9660-001517d6ab3f"}], "registry": [{"hashes": ["16d1317d954506fb689c594e0dbea407c5d224882d02ee9c97944ecaf2aa815e", "2580b7e5ab9ca31e8dd146f1e5e3bde58287794e4c876ae6e74ab2b93f38fc90", "48e01c9d590f702876d78f5c7eb7c6d1473174c062e34aafd496fbccfff530ba", "4ce9d9c4d2bb24b5e1f2c7429f2fcd04096ee3038cf7bf3f1ec33d040a4e37fc", "b780a6616b56776be514c74c969be3c2b51acd03b81f3ace8d666d5d4b0d1feb"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS NT SCRIPT HOST\\MICROSOFT DXDIAG\\WINSETTINGS", "value_name": "Bulas"}, {"hashes": ["16d1317d954506fb689c594e0dbea407c5d224882d02ee9c97944ecaf2aa815e", "2580b7e5ab9ca31e8dd146f1e5e3bde58287794e4c876ae6e74ab2b93f38fc90", "48e01c9d590f702876d78f5c7eb7c6d1473174c062e34aafd496fbccfff530ba", "4ce9d9c4d2bb24b5e1f2c7429f2fcd04096ee3038cf7bf3f1ec33d040a4e37fc", "b780a6616b56776be514c74c969be3c2b51acd03b81f3ace8d666d5d4b0d1feb"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS NT SCRIPT HOST\\MICROSOFT DXDIAG\\WINSETTINGS", "value_name": "FW_KILL"}, {"hashes": ["16d1317d954506fb689c594e0dbea407c5d224882d02ee9c97944ecaf2aa815e", "2580b7e5ab9ca31e8dd146f1e5e3bde58287794e4c876ae6e74ab2b93f38fc90", "48e01c9d590f702876d78f5c7eb7c6d1473174c062e34aafd496fbccfff530ba", "4ce9d9c4d2bb24b5e1f2c7429f2fcd04096ee3038cf7bf3f1ec33d040a4e37fc", "b780a6616b56776be514c74c969be3c2b51acd03b81f3ace8d666d5d4b0d1feb"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS NT SCRIPT HOST\\MICROSOFT DXDIAG\\WINSETTINGS", "value_name": "XP_FW_Disable"}, {"hashes": ["16d1317d954506fb689c594e0dbea407c5d224882d02ee9c97944ecaf2aa815e", "2580b7e5ab9ca31e8dd146f1e5e3bde58287794e4c876ae6e74ab2b93f38fc90", "48e01c9d590f702876d78f5c7eb7c6d1473174c062e34aafd496fbccfff530ba", "4ce9d9c4d2bb24b5e1f2c7429f2fcd04096ee3038cf7bf3f1ec33d040a4e37fc", "b780a6616b56776be514c74c969be3c2b51acd03b81f3ace8d666d5d4b0d1feb"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS NT SCRIPT HOST\\MICROSOFT DXDIAG\\WINSETTINGS", "value_name": "XP_SYS_Recovery"}, {"hashes": ["16d1317d954506fb689c594e0dbea407c5d224882d02ee9c97944ecaf2aa815e", "2580b7e5ab9ca31e8dd146f1e5e3bde58287794e4c876ae6e74ab2b93f38fc90", "48e01c9d590f702876d78f5c7eb7c6d1473174c062e34aafd496fbccfff530ba", "4ce9d9c4d2bb24b5e1f2c7429f2fcd04096ee3038cf7bf3f1ec33d040a4e37fc", "b780a6616b56776be514c74c969be3c2b51acd03b81f3ace8d666d5d4b0d1feb"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS NT SCRIPT HOST\\MICROSOFT DXDIAG\\WINSETTINGS", "value_name": "Online_List"}, {"hashes": ["16d1317d954506fb689c594e0dbea407c5d224882d02ee9c97944ecaf2aa815e", "2580b7e5ab9ca31e8dd146f1e5e3bde58287794e4c876ae6e74ab2b93f38fc90", "48e01c9d590f702876d78f5c7eb7c6d1473174c062e34aafd496fbccfff530ba", "4ce9d9c4d2bb24b5e1f2c7429f2fcd04096ee3038cf7bf3f1ec33d040a4e37fc", "b780a6616b56776be514c74c969be3c2b51acd03b81f3ace8d666d5d4b0d1feb"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS NT SCRIPT HOST\\MICROSOFT DXDIAG\\WINSETTINGS", "value_name": "Port"}, {"hashes": ["16d1317d954506fb689c594e0dbea407c5d224882d02ee9c97944ecaf2aa815e", "2580b7e5ab9ca31e8dd146f1e5e3bde58287794e4c876ae6e74ab2b93f38fc90", "48e01c9d590f702876d78f5c7eb7c6d1473174c062e34aafd496fbccfff530ba", "4ce9d9c4d2bb24b5e1f2c7429f2fcd04096ee3038cf7bf3f1ec33d040a4e37fc", "b780a6616b56776be514c74c969be3c2b51acd03b81f3ace8d666d5d4b0d1feb"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS NT SCRIPT HOST\\MICROSOFT DXDIAG\\WINSETTINGS", "value_name": "LanNotifie"}, {"hashes": ["16d1317d954506fb689c594e0dbea407c5d224882d02ee9c97944ecaf2aa815e", "2580b7e5ab9ca31e8dd146f1e5e3bde58287794e4c876ae6e74ab2b93f38fc90", "48e01c9d590f702876d78f5c7eb7c6d1473174c062e34aafd496fbccfff530ba", "4ce9d9c4d2bb24b5e1f2c7429f2fcd04096ee3038cf7bf3f1ec33d040a4e37fc", "b780a6616b56776be514c74c969be3c2b51acd03b81f3ace8d666d5d4b0d1feb"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\EXPLORER\\RUN", "value_name": "DirectX For Microsoft\u00ae Windows"}, {"hashes": ["16d1317d954506fb689c594e0dbea407c5d224882d02ee9c97944ecaf2aa815e", "2580b7e5ab9ca31e8dd146f1e5e3bde58287794e4c876ae6e74ab2b93f38fc90", "48e01c9d590f702876d78f5c7eb7c6d1473174c062e34aafd496fbccfff530ba", "4ce9d9c4d2bb24b5e1f2c7429f2fcd04096ee3038cf7bf3f1ec33d040a4e37fc", "b780a6616b56776be514c74c969be3c2b51acd03b81f3ace8d666d5d4b0d1feb"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\ACTIVE SETUP\\INSTALLED COMPONENTS\\{5Y99AE78-58TT-11DW-BE53-Y67078979Y}", "value_name": "StubPath"}, {"hashes": ["16d1317d954506fb689c594e0dbea407c5d224882d02ee9c97944ecaf2aa815e", "2580b7e5ab9ca31e8dd146f1e5e3bde58287794e4c876ae6e74ab2b93f38fc90", "48e01c9d590f702876d78f5c7eb7c6d1473174c062e34aafd496fbccfff530ba", "4ce9d9c4d2bb24b5e1f2c7429f2fcd04096ee3038cf7bf3f1ec33d040a4e37fc", "b780a6616b56776be514c74c969be3c2b51acd03b81f3ace8d666d5d4b0d1feb"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINLOGON", "value_name": "Shell"}, {"hashes": ["16d1317d954506fb689c594e0dbea407c5d224882d02ee9c97944ecaf2aa815e", "2580b7e5ab9ca31e8dd146f1e5e3bde58287794e4c876ae6e74ab2b93f38fc90", "48e01c9d590f702876d78f5c7eb7c6d1473174c062e34aafd496fbccfff530ba", "4ce9d9c4d2bb24b5e1f2c7429f2fcd04096ee3038cf7bf3f1ec33d040a4e37fc", "b780a6616b56776be514c74c969be3c2b51acd03b81f3ace8d666d5d4b0d1feb"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS NT SCRIPT HOST\\MICROSOFT DXDIAG\\WINSETTINGS", "value_name": "Tport"}, {"hashes": ["16d1317d954506fb689c594e0dbea407c5d224882d02ee9c97944ecaf2aa815e", "2580b7e5ab9ca31e8dd146f1e5e3bde58287794e4c876ae6e74ab2b93f38fc90", "48e01c9d590f702876d78f5c7eb7c6d1473174c062e34aafd496fbccfff530ba", "4ce9d9c4d2bb24b5e1f2c7429f2fcd04096ee3038cf7bf3f1ec33d040a4e37fc", "b780a6616b56776be514c74c969be3c2b51acd03b81f3ace8d666d5d4b0d1feb"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS NT SCRIPT HOST\\MICROSOFT DXDIAG\\WINSETTINGS", "value_name": "ServerVersionInt"}, {"hashes": ["16d1317d954506fb689c594e0dbea407c5d224882d02ee9c97944ecaf2aa815e", "2580b7e5ab9ca31e8dd146f1e5e3bde58287794e4c876ae6e74ab2b93f38fc90", "48e01c9d590f702876d78f5c7eb7c6d1473174c062e34aafd496fbccfff530ba", "4ce9d9c4d2bb24b5e1f2c7429f2fcd04096ee3038cf7bf3f1ec33d040a4e37fc", "b780a6616b56776be514c74c969be3c2b51acd03b81f3ace8d666d5d4b0d1feb"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS NT SCRIPT HOST\\MICROSOFT DXDIAG\\WINSETTINGS", "value_name": "Mail"}, {"hashes": ["16d1317d954506fb689c594e0dbea407c5d224882d02ee9c97944ecaf2aa815e", "2580b7e5ab9ca31e8dd146f1e5e3bde58287794e4c876ae6e74ab2b93f38fc90", "48e01c9d590f702876d78f5c7eb7c6d1473174c062e34aafd496fbccfff530ba", "4ce9d9c4d2bb24b5e1f2c7429f2fcd04096ee3038cf7bf3f1ec33d040a4e37fc", "b780a6616b56776be514c74c969be3c2b51acd03b81f3ace8d666d5d4b0d1feb"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS NT SCRIPT HOST\\MICROSOFT DXDIAG\\WINSETTINGS", "value_name": "KSil"}, {"hashes": ["16d1317d954506fb689c594e0dbea407c5d224882d02ee9c97944ecaf2aa815e", "2580b7e5ab9ca31e8dd146f1e5e3bde58287794e4c876ae6e74ab2b93f38fc90", "48e01c9d590f702876d78f5c7eb7c6d1473174c062e34aafd496fbccfff530ba", "4ce9d9c4d2bb24b5e1f2c7429f2fcd04096ee3038cf7bf3f1ec33d040a4e37fc", "b780a6616b56776be514c74c969be3c2b51acd03b81f3ace8d666d5d4b0d1feb"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS NT SCRIPT HOST\\MICROSOFT DXDIAG\\WINSETTINGS", "value_name": "ICQ_UIN2"}, {"hashes": ["16d1317d954506fb689c594e0dbea407c5d224882d02ee9c97944ecaf2aa815e", "2580b7e5ab9ca31e8dd146f1e5e3bde58287794e4c876ae6e74ab2b93f38fc90", "48e01c9d590f702876d78f5c7eb7c6d1473174c062e34aafd496fbccfff530ba", "4ce9d9c4d2bb24b5e1f2c7429f2fcd04096ee3038cf7bf3f1ec33d040a4e37fc", "b780a6616b56776be514c74c969be3c2b51acd03b81f3ace8d666d5d4b0d1feb"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\EXPLORER\\RUN", "value_name": null}, {"hashes": ["16d1317d954506fb689c594e0dbea407c5d224882d02ee9c97944ecaf2aa815e", "2580b7e5ab9ca31e8dd146f1e5e3bde58287794e4c876ae6e74ab2b93f38fc90", "48e01c9d590f702876d78f5c7eb7c6d1473174c062e34aafd496fbccfff530ba", "4ce9d9c4d2bb24b5e1f2c7429f2fcd04096ee3038cf7bf3f1ec33d040a4e37fc", "b780a6616b56776be514c74c969be3c2b51acd03b81f3ace8d666d5d4b0d1feb"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS NT SCRIPT HOST", "value_name": null}, {"hashes": ["16d1317d954506fb689c594e0dbea407c5d224882d02ee9c97944ecaf2aa815e", "2580b7e5ab9ca31e8dd146f1e5e3bde58287794e4c876ae6e74ab2b93f38fc90", "48e01c9d590f702876d78f5c7eb7c6d1473174c062e34aafd496fbccfff530ba", "4ce9d9c4d2bb24b5e1f2c7429f2fcd04096ee3038cf7bf3f1ec33d040a4e37fc", "b780a6616b56776be514c74c969be3c2b51acd03b81f3ace8d666d5d4b0d1feb"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS NT SCRIPT HOST\\MICROSOFT DXDIAG", "value_name": null}, {"hashes": ["16d1317d954506fb689c594e0dbea407c5d224882d02ee9c97944ecaf2aa815e", "2580b7e5ab9ca31e8dd146f1e5e3bde58287794e4c876ae6e74ab2b93f38fc90", "48e01c9d590f702876d78f5c7eb7c6d1473174c062e34aafd496fbccfff530ba", "4ce9d9c4d2bb24b5e1f2c7429f2fcd04096ee3038cf7bf3f1ec33d040a4e37fc", "b780a6616b56776be514c74c969be3c2b51acd03b81f3ace8d666d5d4b0d1feb"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS NT SCRIPT HOST\\MICROSOFT DXDIAG\\WINSETTINGS", "value_name": null}, {"hashes": ["16d1317d954506fb689c594e0dbea407c5d224882d02ee9c97944ecaf2aa815e", "2580b7e5ab9ca31e8dd146f1e5e3bde58287794e4c876ae6e74ab2b93f38fc90", "48e01c9d590f702876d78f5c7eb7c6d1473174c062e34aafd496fbccfff530ba", "4ce9d9c4d2bb24b5e1f2c7429f2fcd04096ee3038cf7bf3f1ec33d040a4e37fc", "b780a6616b56776be514c74c969be3c2b51acd03b81f3ace8d666d5d4b0d1feb"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\ACTIVE SETUP\\INSTALLED COMPONENTS\\{5Y99AE78-58TT-11DW-BE53-Y67078979Y}", "value_name": null}, {"hashes": ["16d1317d954506fb689c594e0dbea407c5d224882d02ee9c97944ecaf2aa815e", "2580b7e5ab9ca31e8dd146f1e5e3bde58287794e4c876ae6e74ab2b93f38fc90", "48e01c9d590f702876d78f5c7eb7c6d1473174c062e34aafd496fbccfff530ba", "4ce9d9c4d2bb24b5e1f2c7429f2fcd04096ee3038cf7bf3f1ec33d040a4e37fc", "b780a6616b56776be514c74c969be3c2b51acd03b81f3ace8d666d5d4b0d1feb"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS NT SCRIPT HOST\\MICROSOFT DXDIAG\\WINSETTINGS", "value_name": "Hata"}, {"hashes": ["43931b0b9523f9f80e6846838495bfcdfac29b4ad4f47e24032ac02c1d0158f2", "69780d868e9beee05b3070af2dfc55e953ecde1d826aef0ec27cbbe8ca32ef14", "78684bb61de2e43084294d8e38974d3e5150174fe5f0282c40ef701d5d621ab7", "7deb18fe91d5c043b06f0d7cb3894176b8eaf26b76f3cec14aae17bd91facb8a"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\SYSTEM", "value_name": "EnableLUA"}, {"hashes": ["16d1317d954506fb689c594e0dbea407c5d224882d02ee9c97944ecaf2aa815e", "2580b7e5ab9ca31e8dd146f1e5e3bde58287794e4c876ae6e74ab2b93f38fc90", "48e01c9d590f702876d78f5c7eb7c6d1473174c062e34aafd496fbccfff530ba", "b780a6616b56776be514c74c969be3c2b51acd03b81f3ace8d666d5d4b0d1feb"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WSCSVC", "value_name": "Start"}, {"hashes": ["16d1317d954506fb689c594e0dbea407c5d224882d02ee9c97944ecaf2aa815e", "2580b7e5ab9ca31e8dd146f1e5e3bde58287794e4c876ae6e74ab2b93f38fc90", "48e01c9d590f702876d78f5c7eb7c6d1473174c062e34aafd496fbccfff530ba", "b780a6616b56776be514c74c969be3c2b51acd03b81f3ace8d666d5d4b0d1feb"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\SHAREDACCESS", "value_name": "Start"}, {"hashes": ["16d1317d954506fb689c594e0dbea407c5d224882d02ee9c97944ecaf2aa815e", "2580b7e5ab9ca31e8dd146f1e5e3bde58287794e4c876ae6e74ab2b93f38fc90", "48e01c9d590f702876d78f5c7eb7c6d1473174c062e34aafd496fbccfff530ba", "b780a6616b56776be514c74c969be3c2b51acd03b81f3ace8d666d5d4b0d1feb"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\SHAREDACCESS", "value_name": "Type"}, {"hashes": ["16d1317d954506fb689c594e0dbea407c5d224882d02ee9c97944ecaf2aa815e", "2580b7e5ab9ca31e8dd146f1e5e3bde58287794e4c876ae6e74ab2b93f38fc90", "48e01c9d590f702876d78f5c7eb7c6d1473174c062e34aafd496fbccfff530ba", "b780a6616b56776be514c74c969be3c2b51acd03b81f3ace8d666d5d4b0d1feb"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WSCSVC", "value_name": "Type"}, {"hashes": ["16d1317d954506fb689c594e0dbea407c5d224882d02ee9c97944ecaf2aa815e", "2580b7e5ab9ca31e8dd146f1e5e3bde58287794e4c876ae6e74ab2b93f38fc90", "48e01c9d590f702876d78f5c7eb7c6d1473174c062e34aafd496fbccfff530ba", "b780a6616b56776be514c74c969be3c2b51acd03b81f3ace8d666d5d4b0d1feb"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WSCSVC", "value_name": "ErrorControl"}, {"hashes": ["16d1317d954506fb689c594e0dbea407c5d224882d02ee9c97944ecaf2aa815e", "2580b7e5ab9ca31e8dd146f1e5e3bde58287794e4c876ae6e74ab2b93f38fc90", "48e01c9d590f702876d78f5c7eb7c6d1473174c062e34aafd496fbccfff530ba", "b780a6616b56776be514c74c969be3c2b51acd03b81f3ace8d666d5d4b0d1feb"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WSCSVC", "value_name": "DisplayName"}, {"hashes": ["16d1317d954506fb689c594e0dbea407c5d224882d02ee9c97944ecaf2aa815e", "2580b7e5ab9ca31e8dd146f1e5e3bde58287794e4c876ae6e74ab2b93f38fc90", "48e01c9d590f702876d78f5c7eb7c6d1473174c062e34aafd496fbccfff530ba", "b780a6616b56776be514c74c969be3c2b51acd03b81f3ace8d666d5d4b0d1feb"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WSCSVC", "value_name": "DependOnService"}, {"hashes": ["16d1317d954506fb689c594e0dbea407c5d224882d02ee9c97944ecaf2aa815e", "2580b7e5ab9ca31e8dd146f1e5e3bde58287794e4c876ae6e74ab2b93f38fc90", "48e01c9d590f702876d78f5c7eb7c6d1473174c062e34aafd496fbccfff530ba", "b780a6616b56776be514c74c969be3c2b51acd03b81f3ace8d666d5d4b0d1feb"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WSCSVC", "value_name": "DependOnGroup"}, {"hashes": ["16d1317d954506fb689c594e0dbea407c5d224882d02ee9c97944ecaf2aa815e", "2580b7e5ab9ca31e8dd146f1e5e3bde58287794e4c876ae6e74ab2b93f38fc90", "48e01c9d590f702876d78f5c7eb7c6d1473174c062e34aafd496fbccfff530ba", "b780a6616b56776be514c74c969be3c2b51acd03b81f3ace8d666d5d4b0d1feb"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WSCSVC", "value_name": "Group"}, {"hashes": ["16d1317d954506fb689c594e0dbea407c5d224882d02ee9c97944ecaf2aa815e", "2580b7e5ab9ca31e8dd146f1e5e3bde58287794e4c876ae6e74ab2b93f38fc90", "48e01c9d590f702876d78f5c7eb7c6d1473174c062e34aafd496fbccfff530ba", "b780a6616b56776be514c74c969be3c2b51acd03b81f3ace8d666d5d4b0d1feb"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WSCSVC", "value_name": "Tag"}, {"hashes": ["16d1317d954506fb689c594e0dbea407c5d224882d02ee9c97944ecaf2aa815e", "2580b7e5ab9ca31e8dd146f1e5e3bde58287794e4c876ae6e74ab2b93f38fc90", "48e01c9d590f702876d78f5c7eb7c6d1473174c062e34aafd496fbccfff530ba", "b780a6616b56776be514c74c969be3c2b51acd03b81f3ace8d666d5d4b0d1feb"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\SHAREDACCESS", "value_name": "ErrorControl"}, {"hashes": ["16d1317d954506fb689c594e0dbea407c5d224882d02ee9c97944ecaf2aa815e", "2580b7e5ab9ca31e8dd146f1e5e3bde58287794e4c876ae6e74ab2b93f38fc90", "48e01c9d590f702876d78f5c7eb7c6d1473174c062e34aafd496fbccfff530ba", "b780a6616b56776be514c74c969be3c2b51acd03b81f3ace8d666d5d4b0d1feb"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\SHAREDACCESS", "value_name": "DisplayName"}, {"hashes": ["16d1317d954506fb689c594e0dbea407c5d224882d02ee9c97944ecaf2aa815e", "2580b7e5ab9ca31e8dd146f1e5e3bde58287794e4c876ae6e74ab2b93f38fc90", "48e01c9d590f702876d78f5c7eb7c6d1473174c062e34aafd496fbccfff530ba", "b780a6616b56776be514c74c969be3c2b51acd03b81f3ace8d666d5d4b0d1feb"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\SHAREDACCESS", "value_name": "DependOnService"}, {"hashes": ["16d1317d954506fb689c594e0dbea407c5d224882d02ee9c97944ecaf2aa815e", "2580b7e5ab9ca31e8dd146f1e5e3bde58287794e4c876ae6e74ab2b93f38fc90", "48e01c9d590f702876d78f5c7eb7c6d1473174c062e34aafd496fbccfff530ba", "b780a6616b56776be514c74c969be3c2b51acd03b81f3ace8d666d5d4b0d1feb"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\SHAREDACCESS", "value_name": "DependOnGroup"}, {"hashes": ["16d1317d954506fb689c594e0dbea407c5d224882d02ee9c97944ecaf2aa815e", "2580b7e5ab9ca31e8dd146f1e5e3bde58287794e4c876ae6e74ab2b93f38fc90", "48e01c9d590f702876d78f5c7eb7c6d1473174c062e34aafd496fbccfff530ba", "b780a6616b56776be514c74c969be3c2b51acd03b81f3ace8d666d5d4b0d1feb"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\SHAREDACCESS", "value_name": "Group"}, {"hashes": ["16d1317d954506fb689c594e0dbea407c5d224882d02ee9c97944ecaf2aa815e", "2580b7e5ab9ca31e8dd146f1e5e3bde58287794e4c876ae6e74ab2b93f38fc90", "48e01c9d590f702876d78f5c7eb7c6d1473174c062e34aafd496fbccfff530ba", "b780a6616b56776be514c74c969be3c2b51acd03b81f3ace8d666d5d4b0d1feb"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\SHAREDACCESS", "value_name": "Tag"}, {"hashes": ["16d1317d954506fb689c594e0dbea407c5d224882d02ee9c97944ecaf2aa815e", "48e01c9d590f702876d78f5c7eb7c6d1473174c062e34aafd496fbccfff530ba", "b780a6616b56776be514c74c969be3c2b51acd03b81f3ace8d666d5d4b0d1feb"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\SRSERVICE", "value_name": "Start"}, {"hashes": ["16d1317d954506fb689c594e0dbea407c5d224882d02ee9c97944ecaf2aa815e", "48e01c9d590f702876d78f5c7eb7c6d1473174c062e34aafd496fbccfff530ba", "b780a6616b56776be514c74c969be3c2b51acd03b81f3ace8d666d5d4b0d1feb"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\SRSERVICE", "value_name": null}, {"hashes": ["78684bb61de2e43084294d8e38974d3e5150174fe5f0282c40ef701d5d621ab7", "7deb18fe91d5c043b06f0d7cb3894176b8eaf26b76f3cec14aae17bd91facb8a"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "mstwain32"}, {"hashes": ["43931b0b9523f9f80e6846838495bfcdfac29b4ad4f47e24032ac02c1d0158f2", "78684bb61de2e43084294d8e38974d3e5150174fe5f0282c40ef701d5d621ab7"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\VSS\\DIAG\\VSSAPIPUBLISHER", "value_name": null}, {"hashes": ["43931b0b9523f9f80e6846838495bfcdfac29b4ad4f47e24032ac02c1d0158f2", "78684bb61de2e43084294d8e38974d3e5150174fe5f0282c40ef701d5d621ab7"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\VSS\\DIAG\\SPP", "value_name": "SppGetSnapshots (Enter)"}, {"hashes": ["43931b0b9523f9f80e6846838495bfcdfac29b4ad4f47e24032ac02c1d0158f2", "78684bb61de2e43084294d8e38974d3e5150174fe5f0282c40ef701d5d621ab7"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\VSS\\DIAG\\SPP", "value_name": "SppGetSnapshots (Leave)"}, {"hashes": ["43931b0b9523f9f80e6846838495bfcdfac29b4ad4f47e24032ac02c1d0158f2", "78684bb61de2e43084294d8e38974d3e5150174fe5f0282c40ef701d5d621ab7"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\VSS\\DIAG\\SPP", "value_name": "SppEnumGroups (Enter)"}, {"hashes": ["43931b0b9523f9f80e6846838495bfcdfac29b4ad4f47e24032ac02c1d0158f2", "78684bb61de2e43084294d8e38974d3e5150174fe5f0282c40ef701d5d621ab7"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\VSS\\DIAG\\SPP", "value_name": "SppEnumGroups (Leave)"}, {"hashes": ["78684bb61de2e43084294d8e38974d3e5150174fe5f0282c40ef701d5d621ab7"], "key": "<HKCU>\\SOFTWARE\\TRINGI\\LIQUID CLICK DELIGHT", "value_name": "setup::speed"}, {"hashes": ["78684bb61de2e43084294d8e38974d3e5150174fe5f0282c40ef701d5d621ab7"], "key": "<HKCU>\\SOFTWARE\\TRINGI\\LIQUID CLICK DELIGHT", "value_name": "setup::circles"}, {"hashes": ["78684bb61de2e43084294d8e38974d3e5150174fe5f0282c40ef701d5d621ab7"], "key": "<HKCU>\\SOFTWARE\\TRINGI\\LIQUID CLICK DELIGHT", "value_name": "setup::peek"}, {"hashes": ["43931b0b9523f9f80e6846838495bfcdfac29b4ad4f47e24032ac02c1d0158f2"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "tkjn32"}]}, "reports_count": 18}, "Win.Dropper.Lokibot-9982061-1": {"bis": [{"bi": "pe-encrypted-section", "hashes": ["64577faad43b9e75499813d472e67e7bd397abee0eb98d1c1c1799de5bba5c14", "1e89d325c93e38db0a565868ab614d7cd834336b1385456c646be0e9082eba51", "2b9fe265fe13c3f83371491ed5f17d80f9ff56ea693aaa8bffd0c494b2194a87", "3471c7ad3727186cabbc29315177bdec9cfebd0f5874a86c94794d192562d075", "586e4e5052d9a3c243f0b73cd116cbe61ff25569e453bd34ebf8c4c7b3851370", "9eb070abc0b299340d3005a2d2ed06c1da77868df0aaa665729dc5038d066c19", "bc5d9e9a011c1dfec940cc15e7b8675955c84859d91849a71f75e47a48ffd5e9", "c7afef75dd4a83591cdfe132485a77b1a92e03175bf3dcac321957dd7dfc933f", "5cb7c2337aac3d6ba40b178a0fd12755ac352eeef55932e4abd4d359024dcf81", "997d88ee6e82e2f2361080b0e2c2f33772041202775f39f25ad12ba9076f6bc8", "6fe381048c428320914ba87e73dcb6616c791175418cbcd3750c40aa26f575a7", "9df9f730ddf3ecc6268409cacf8c681f228c627ff3d2a0aa88ae28baae14ba4d", "b6372ea27cd357aefd5b8a59b5c68004c98420d4abfbce1887dae155f388fa48", "3400c14435d905a3053958cfa6329fc846c0345d6f623f9bca68afd2aa9dfa16", "686a5b923eddca1c0de89c38e4fdf7919ff109e20b151a2fca5211b3e28950aa", "37d3eb83bc8face3956940c9a614dc9cd09cdbd6137537b7fe285609d9dba5ab"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "memory-execute-readwrite", "hashes": ["64577faad43b9e75499813d472e67e7bd397abee0eb98d1c1c1799de5bba5c14", "1e89d325c93e38db0a565868ab614d7cd834336b1385456c646be0e9082eba51", "2b9fe265fe13c3f83371491ed5f17d80f9ff56ea693aaa8bffd0c494b2194a87", "3471c7ad3727186cabbc29315177bdec9cfebd0f5874a86c94794d192562d075", "586e4e5052d9a3c243f0b73cd116cbe61ff25569e453bd34ebf8c4c7b3851370", "9eb070abc0b299340d3005a2d2ed06c1da77868df0aaa665729dc5038d066c19", "bc5d9e9a011c1dfec940cc15e7b8675955c84859d91849a71f75e47a48ffd5e9", "c7afef75dd4a83591cdfe132485a77b1a92e03175bf3dcac321957dd7dfc933f", "5cb7c2337aac3d6ba40b178a0fd12755ac352eeef55932e4abd4d359024dcf81", "997d88ee6e82e2f2361080b0e2c2f33772041202775f39f25ad12ba9076f6bc8", "6fe381048c428320914ba87e73dcb6616c791175418cbcd3750c40aa26f575a7", "9df9f730ddf3ecc6268409cacf8c681f228c627ff3d2a0aa88ae28baae14ba4d", "b6372ea27cd357aefd5b8a59b5c68004c98420d4abfbce1887dae155f388fa48", "3400c14435d905a3053958cfa6329fc846c0345d6f623f9bca68afd2aa9dfa16", "686a5b923eddca1c0de89c38e4fdf7919ff109e20b151a2fca5211b3e28950aa", "37d3eb83bc8face3956940c9a614dc9cd09cdbd6137537b7fe285609d9dba5ab"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "modified-executable", "hashes": ["64577faad43b9e75499813d472e67e7bd397abee0eb98d1c1c1799de5bba5c14", "1e89d325c93e38db0a565868ab614d7cd834336b1385456c646be0e9082eba51", "2b9fe265fe13c3f83371491ed5f17d80f9ff56ea693aaa8bffd0c494b2194a87", "3471c7ad3727186cabbc29315177bdec9cfebd0f5874a86c94794d192562d075", "586e4e5052d9a3c243f0b73cd116cbe61ff25569e453bd34ebf8c4c7b3851370", "9eb070abc0b299340d3005a2d2ed06c1da77868df0aaa665729dc5038d066c19", "bc5d9e9a011c1dfec940cc15e7b8675955c84859d91849a71f75e47a48ffd5e9", "c7afef75dd4a83591cdfe132485a77b1a92e03175bf3dcac321957dd7dfc933f", "5cb7c2337aac3d6ba40b178a0fd12755ac352eeef55932e4abd4d359024dcf81", "997d88ee6e82e2f2361080b0e2c2f33772041202775f39f25ad12ba9076f6bc8", "6fe381048c428320914ba87e73dcb6616c791175418cbcd3750c40aa26f575a7", "9df9f730ddf3ecc6268409cacf8c681f228c627ff3d2a0aa88ae28baae14ba4d", "b6372ea27cd357aefd5b8a59b5c68004c98420d4abfbce1887dae155f388fa48", "3400c14435d905a3053958cfa6329fc846c0345d6f623f9bca68afd2aa9dfa16", "686a5b923eddca1c0de89c38e4fdf7919ff109e20b151a2fca5211b3e28950aa", "37d3eb83bc8face3956940c9a614dc9cd09cdbd6137537b7fe285609d9dba5ab"], "mitre_attack_tags": []}, {"bi": "created-executable-in-user-dir", "hashes": ["64577faad43b9e75499813d472e67e7bd397abee0eb98d1c1c1799de5bba5c14", "1e89d325c93e38db0a565868ab614d7cd834336b1385456c646be0e9082eba51", "2b9fe265fe13c3f83371491ed5f17d80f9ff56ea693aaa8bffd0c494b2194a87", "3471c7ad3727186cabbc29315177bdec9cfebd0f5874a86c94794d192562d075", "586e4e5052d9a3c243f0b73cd116cbe61ff25569e453bd34ebf8c4c7b3851370", "9eb070abc0b299340d3005a2d2ed06c1da77868df0aaa665729dc5038d066c19", "bc5d9e9a011c1dfec940cc15e7b8675955c84859d91849a71f75e47a48ffd5e9", "c7afef75dd4a83591cdfe132485a77b1a92e03175bf3dcac321957dd7dfc933f", "5cb7c2337aac3d6ba40b178a0fd12755ac352eeef55932e4abd4d359024dcf81", "997d88ee6e82e2f2361080b0e2c2f33772041202775f39f25ad12ba9076f6bc8", "6fe381048c428320914ba87e73dcb6616c791175418cbcd3750c40aa26f575a7", "9df9f730ddf3ecc6268409cacf8c681f228c627ff3d2a0aa88ae28baae14ba4d", "b6372ea27cd357aefd5b8a59b5c68004c98420d4abfbce1887dae155f388fa48", "3400c14435d905a3053958cfa6329fc846c0345d6f623f9bca68afd2aa9dfa16", "686a5b923eddca1c0de89c38e4fdf7919ff109e20b151a2fca5211b3e28950aa", "37d3eb83bc8face3956940c9a614dc9cd09cdbd6137537b7fe285609d9dba5ab"], "mitre_attack_tags": []}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["64577faad43b9e75499813d472e67e7bd397abee0eb98d1c1c1799de5bba5c14", "1e89d325c93e38db0a565868ab614d7cd834336b1385456c646be0e9082eba51", "2b9fe265fe13c3f83371491ed5f17d80f9ff56ea693aaa8bffd0c494b2194a87", "3471c7ad3727186cabbc29315177bdec9cfebd0f5874a86c94794d192562d075", "586e4e5052d9a3c243f0b73cd116cbe61ff25569e453bd34ebf8c4c7b3851370", "9eb070abc0b299340d3005a2d2ed06c1da77868df0aaa665729dc5038d066c19", "bc5d9e9a011c1dfec940cc15e7b8675955c84859d91849a71f75e47a48ffd5e9", "c7afef75dd4a83591cdfe132485a77b1a92e03175bf3dcac321957dd7dfc933f", "5cb7c2337aac3d6ba40b178a0fd12755ac352eeef55932e4abd4d359024dcf81", "997d88ee6e82e2f2361080b0e2c2f33772041202775f39f25ad12ba9076f6bc8", "6fe381048c428320914ba87e73dcb6616c791175418cbcd3750c40aa26f575a7", "9df9f730ddf3ecc6268409cacf8c681f228c627ff3d2a0aa88ae28baae14ba4d", "b6372ea27cd357aefd5b8a59b5c68004c98420d4abfbce1887dae155f388fa48", "3400c14435d905a3053958cfa6329fc846c0345d6f623f9bca68afd2aa9dfa16", "686a5b923eddca1c0de89c38e4fdf7919ff109e20b151a2fca5211b3e28950aa", "37d3eb83bc8face3956940c9a614dc9cd09cdbd6137537b7fe285609d9dba5ab"], "mitre_attack_tags": []}, {"bi": "modified-file-in-user-dir", "hashes": ["64577faad43b9e75499813d472e67e7bd397abee0eb98d1c1c1799de5bba5c14", "1e89d325c93e38db0a565868ab614d7cd834336b1385456c646be0e9082eba51", "2b9fe265fe13c3f83371491ed5f17d80f9ff56ea693aaa8bffd0c494b2194a87", "3471c7ad3727186cabbc29315177bdec9cfebd0f5874a86c94794d192562d075", "586e4e5052d9a3c243f0b73cd116cbe61ff25569e453bd34ebf8c4c7b3851370", "9eb070abc0b299340d3005a2d2ed06c1da77868df0aaa665729dc5038d066c19", "bc5d9e9a011c1dfec940cc15e7b8675955c84859d91849a71f75e47a48ffd5e9", "c7afef75dd4a83591cdfe132485a77b1a92e03175bf3dcac321957dd7dfc933f", "5cb7c2337aac3d6ba40b178a0fd12755ac352eeef55932e4abd4d359024dcf81", "997d88ee6e82e2f2361080b0e2c2f33772041202775f39f25ad12ba9076f6bc8", "6fe381048c428320914ba87e73dcb6616c791175418cbcd3750c40aa26f575a7", "9df9f730ddf3ecc6268409cacf8c681f228c627ff3d2a0aa88ae28baae14ba4d", "b6372ea27cd357aefd5b8a59b5c68004c98420d4abfbce1887dae155f388fa48", "3400c14435d905a3053958cfa6329fc846c0345d6f623f9bca68afd2aa9dfa16", "686a5b923eddca1c0de89c38e4fdf7919ff109e20b151a2fca5211b3e28950aa", "37d3eb83bc8face3956940c9a614dc9cd09cdbd6137537b7fe285609d9dba5ab"], "mitre_attack_tags": []}, {"bi": "pe-invalid-checksum", "hashes": ["64577faad43b9e75499813d472e67e7bd397abee0eb98d1c1c1799de5bba5c14", "1e89d325c93e38db0a565868ab614d7cd834336b1385456c646be0e9082eba51", "2b9fe265fe13c3f83371491ed5f17d80f9ff56ea693aaa8bffd0c494b2194a87", "3471c7ad3727186cabbc29315177bdec9cfebd0f5874a86c94794d192562d075", "586e4e5052d9a3c243f0b73cd116cbe61ff25569e453bd34ebf8c4c7b3851370", "9eb070abc0b299340d3005a2d2ed06c1da77868df0aaa665729dc5038d066c19", "bc5d9e9a011c1dfec940cc15e7b8675955c84859d91849a71f75e47a48ffd5e9", "c7afef75dd4a83591cdfe132485a77b1a92e03175bf3dcac321957dd7dfc933f", "5cb7c2337aac3d6ba40b178a0fd12755ac352eeef55932e4abd4d359024dcf81", "997d88ee6e82e2f2361080b0e2c2f33772041202775f39f25ad12ba9076f6bc8", "6fe381048c428320914ba87e73dcb6616c791175418cbcd3750c40aa26f575a7", "9df9f730ddf3ecc6268409cacf8c681f228c627ff3d2a0aa88ae28baae14ba4d", "b6372ea27cd357aefd5b8a59b5c68004c98420d4abfbce1887dae155f388fa48", "3400c14435d905a3053958cfa6329fc846c0345d6f623f9bca68afd2aa9dfa16", "686a5b923eddca1c0de89c38e4fdf7919ff109e20b151a2fca5211b3e28950aa", "37d3eb83bc8face3956940c9a614dc9cd09cdbd6137537b7fe285609d9dba5ab"], "mitre_attack_tags": []}, {"bi": "artifact-flagged-anomaly", "hashes": ["64577faad43b9e75499813d472e67e7bd397abee0eb98d1c1c1799de5bba5c14", "1e89d325c93e38db0a565868ab614d7cd834336b1385456c646be0e9082eba51", "2b9fe265fe13c3f83371491ed5f17d80f9ff56ea693aaa8bffd0c494b2194a87", "3471c7ad3727186cabbc29315177bdec9cfebd0f5874a86c94794d192562d075", "586e4e5052d9a3c243f0b73cd116cbe61ff25569e453bd34ebf8c4c7b3851370", "9eb070abc0b299340d3005a2d2ed06c1da77868df0aaa665729dc5038d066c19", "bc5d9e9a011c1dfec940cc15e7b8675955c84859d91849a71f75e47a48ffd5e9", "c7afef75dd4a83591cdfe132485a77b1a92e03175bf3dcac321957dd7dfc933f", "5cb7c2337aac3d6ba40b178a0fd12755ac352eeef55932e4abd4d359024dcf81", "997d88ee6e82e2f2361080b0e2c2f33772041202775f39f25ad12ba9076f6bc8", "6fe381048c428320914ba87e73dcb6616c791175418cbcd3750c40aa26f575a7", "9df9f730ddf3ecc6268409cacf8c681f228c627ff3d2a0aa88ae28baae14ba4d", "b6372ea27cd357aefd5b8a59b5c68004c98420d4abfbce1887dae155f388fa48", "3400c14435d905a3053958cfa6329fc846c0345d6f623f9bca68afd2aa9dfa16", "686a5b923eddca1c0de89c38e4fdf7919ff109e20b151a2fca5211b3e28950aa", "37d3eb83bc8face3956940c9a614dc9cd09cdbd6137537b7fe285609d9dba5ab"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "network-opendns-malicious", "hashes": ["64577faad43b9e75499813d472e67e7bd397abee0eb98d1c1c1799de5bba5c14", "1e89d325c93e38db0a565868ab614d7cd834336b1385456c646be0e9082eba51", "2b9fe265fe13c3f83371491ed5f17d80f9ff56ea693aaa8bffd0c494b2194a87", "3471c7ad3727186cabbc29315177bdec9cfebd0f5874a86c94794d192562d075", "586e4e5052d9a3c243f0b73cd116cbe61ff25569e453bd34ebf8c4c7b3851370", "9eb070abc0b299340d3005a2d2ed06c1da77868df0aaa665729dc5038d066c19", "bc5d9e9a011c1dfec940cc15e7b8675955c84859d91849a71f75e47a48ffd5e9", "c7afef75dd4a83591cdfe132485a77b1a92e03175bf3dcac321957dd7dfc933f", "5cb7c2337aac3d6ba40b178a0fd12755ac352eeef55932e4abd4d359024dcf81", "997d88ee6e82e2f2361080b0e2c2f33772041202775f39f25ad12ba9076f6bc8", "6fe381048c428320914ba87e73dcb6616c791175418cbcd3750c40aa26f575a7", "9df9f730ddf3ecc6268409cacf8c681f228c627ff3d2a0aa88ae28baae14ba4d", "b6372ea27cd357aefd5b8a59b5c68004c98420d4abfbce1887dae155f388fa48", "3400c14435d905a3053958cfa6329fc846c0345d6f623f9bca68afd2aa9dfa16", "686a5b923eddca1c0de89c38e4fdf7919ff109e20b151a2fca5211b3e28950aa", "37d3eb83bc8face3956940c9a614dc9cd09cdbd6137537b7fe285609d9dba5ab"], "mitre_attack_tags": []}, {"bi": "pe-filename-mismatch", "hashes": ["64577faad43b9e75499813d472e67e7bd397abee0eb98d1c1c1799de5bba5c14", "1e89d325c93e38db0a565868ab614d7cd834336b1385456c646be0e9082eba51", "2b9fe265fe13c3f83371491ed5f17d80f9ff56ea693aaa8bffd0c494b2194a87", "3471c7ad3727186cabbc29315177bdec9cfebd0f5874a86c94794d192562d075", "586e4e5052d9a3c243f0b73cd116cbe61ff25569e453bd34ebf8c4c7b3851370", "9eb070abc0b299340d3005a2d2ed06c1da77868df0aaa665729dc5038d066c19", "bc5d9e9a011c1dfec940cc15e7b8675955c84859d91849a71f75e47a48ffd5e9", "c7afef75dd4a83591cdfe132485a77b1a92e03175bf3dcac321957dd7dfc933f", "5cb7c2337aac3d6ba40b178a0fd12755ac352eeef55932e4abd4d359024dcf81", "997d88ee6e82e2f2361080b0e2c2f33772041202775f39f25ad12ba9076f6bc8", "6fe381048c428320914ba87e73dcb6616c791175418cbcd3750c40aa26f575a7", "9df9f730ddf3ecc6268409cacf8c681f228c627ff3d2a0aa88ae28baae14ba4d", "b6372ea27cd357aefd5b8a59b5c68004c98420d4abfbce1887dae155f388fa48", "3400c14435d905a3053958cfa6329fc846c0345d6f623f9bca68afd2aa9dfa16", "686a5b923eddca1c0de89c38e4fdf7919ff109e20b151a2fca5211b3e28950aa", "37d3eb83bc8face3956940c9a614dc9cd09cdbd6137537b7fe285609d9dba5ab"], "mitre_attack_tags": []}, {"bi": "dns-query-nxdomain", "hashes": ["64577faad43b9e75499813d472e67e7bd397abee0eb98d1c1c1799de5bba5c14", "1e89d325c93e38db0a565868ab614d7cd834336b1385456c646be0e9082eba51", "2b9fe265fe13c3f83371491ed5f17d80f9ff56ea693aaa8bffd0c494b2194a87", "3471c7ad3727186cabbc29315177bdec9cfebd0f5874a86c94794d192562d075", "586e4e5052d9a3c243f0b73cd116cbe61ff25569e453bd34ebf8c4c7b3851370", "9eb070abc0b299340d3005a2d2ed06c1da77868df0aaa665729dc5038d066c19", "bc5d9e9a011c1dfec940cc15e7b8675955c84859d91849a71f75e47a48ffd5e9", "c7afef75dd4a83591cdfe132485a77b1a92e03175bf3dcac321957dd7dfc933f", "5cb7c2337aac3d6ba40b178a0fd12755ac352eeef55932e4abd4d359024dcf81", "997d88ee6e82e2f2361080b0e2c2f33772041202775f39f25ad12ba9076f6bc8", "6fe381048c428320914ba87e73dcb6616c791175418cbcd3750c40aa26f575a7", "9df9f730ddf3ecc6268409cacf8c681f228c627ff3d2a0aa88ae28baae14ba4d", "b6372ea27cd357aefd5b8a59b5c68004c98420d4abfbce1887dae155f388fa48", "3400c14435d905a3053958cfa6329fc846c0345d6f623f9bca68afd2aa9dfa16", "686a5b923eddca1c0de89c38e4fdf7919ff109e20b151a2fca5211b3e28950aa", "37d3eb83bc8face3956940c9a614dc9cd09cdbd6137537b7fe285609d9dba5ab"], "mitre_attack_tags": []}, {"bi": "feed-domain-antivirus-service", "hashes": ["64577faad43b9e75499813d472e67e7bd397abee0eb98d1c1c1799de5bba5c14", "1e89d325c93e38db0a565868ab614d7cd834336b1385456c646be0e9082eba51", "2b9fe265fe13c3f83371491ed5f17d80f9ff56ea693aaa8bffd0c494b2194a87", "3471c7ad3727186cabbc29315177bdec9cfebd0f5874a86c94794d192562d075", "586e4e5052d9a3c243f0b73cd116cbe61ff25569e453bd34ebf8c4c7b3851370", "9eb070abc0b299340d3005a2d2ed06c1da77868df0aaa665729dc5038d066c19", "bc5d9e9a011c1dfec940cc15e7b8675955c84859d91849a71f75e47a48ffd5e9", "c7afef75dd4a83591cdfe132485a77b1a92e03175bf3dcac321957dd7dfc933f", "5cb7c2337aac3d6ba40b178a0fd12755ac352eeef55932e4abd4d359024dcf81", "997d88ee6e82e2f2361080b0e2c2f33772041202775f39f25ad12ba9076f6bc8", "6fe381048c428320914ba87e73dcb6616c791175418cbcd3750c40aa26f575a7", "9df9f730ddf3ecc6268409cacf8c681f228c627ff3d2a0aa88ae28baae14ba4d", "b6372ea27cd357aefd5b8a59b5c68004c98420d4abfbce1887dae155f388fa48", "3400c14435d905a3053958cfa6329fc846c0345d6f623f9bca68afd2aa9dfa16", "686a5b923eddca1c0de89c38e4fdf7919ff109e20b151a2fca5211b3e28950aa", "37d3eb83bc8face3956940c9a614dc9cd09cdbd6137537b7fe285609d9dba5ab"], "mitre_attack_tags": []}, {"bi": "file-ini-read", "hashes": ["64577faad43b9e75499813d472e67e7bd397abee0eb98d1c1c1799de5bba5c14", "1e89d325c93e38db0a565868ab614d7cd834336b1385456c646be0e9082eba51", "2b9fe265fe13c3f83371491ed5f17d80f9ff56ea693aaa8bffd0c494b2194a87", "3471c7ad3727186cabbc29315177bdec9cfebd0f5874a86c94794d192562d075", "586e4e5052d9a3c243f0b73cd116cbe61ff25569e453bd34ebf8c4c7b3851370", "9eb070abc0b299340d3005a2d2ed06c1da77868df0aaa665729dc5038d066c19", "bc5d9e9a011c1dfec940cc15e7b8675955c84859d91849a71f75e47a48ffd5e9", "c7afef75dd4a83591cdfe132485a77b1a92e03175bf3dcac321957dd7dfc933f", "5cb7c2337aac3d6ba40b178a0fd12755ac352eeef55932e4abd4d359024dcf81", "997d88ee6e82e2f2361080b0e2c2f33772041202775f39f25ad12ba9076f6bc8", "6fe381048c428320914ba87e73dcb6616c791175418cbcd3750c40aa26f575a7", "9df9f730ddf3ecc6268409cacf8c681f228c627ff3d2a0aa88ae28baae14ba4d", "b6372ea27cd357aefd5b8a59b5c68004c98420d4abfbce1887dae155f388fa48", "3400c14435d905a3053958cfa6329fc846c0345d6f623f9bca68afd2aa9dfa16", "686a5b923eddca1c0de89c38e4fdf7919ff109e20b151a2fca5211b3e28950aa", "37d3eb83bc8face3956940c9a614dc9cd09cdbd6137537b7fe285609d9dba5ab"], "mitre_attack_tags": []}, {"bi": "excessive-foreign-memory-modification", "hashes": ["64577faad43b9e75499813d472e67e7bd397abee0eb98d1c1c1799de5bba5c14", "1e89d325c93e38db0a565868ab614d7cd834336b1385456c646be0e9082eba51", "2b9fe265fe13c3f83371491ed5f17d80f9ff56ea693aaa8bffd0c494b2194a87", "3471c7ad3727186cabbc29315177bdec9cfebd0f5874a86c94794d192562d075", "586e4e5052d9a3c243f0b73cd116cbe61ff25569e453bd34ebf8c4c7b3851370", "9eb070abc0b299340d3005a2d2ed06c1da77868df0aaa665729dc5038d066c19", "bc5d9e9a011c1dfec940cc15e7b8675955c84859d91849a71f75e47a48ffd5e9", "c7afef75dd4a83591cdfe132485a77b1a92e03175bf3dcac321957dd7dfc933f", "5cb7c2337aac3d6ba40b178a0fd12755ac352eeef55932e4abd4d359024dcf81", "997d88ee6e82e2f2361080b0e2c2f33772041202775f39f25ad12ba9076f6bc8", "6fe381048c428320914ba87e73dcb6616c791175418cbcd3750c40aa26f575a7", "9df9f730ddf3ecc6268409cacf8c681f228c627ff3d2a0aa88ae28baae14ba4d", "b6372ea27cd357aefd5b8a59b5c68004c98420d4abfbce1887dae155f388fa48", "3400c14435d905a3053958cfa6329fc846c0345d6f623f9bca68afd2aa9dfa16", "686a5b923eddca1c0de89c38e4fdf7919ff109e20b151a2fca5211b3e28950aa", "37d3eb83bc8face3956940c9a614dc9cd09cdbd6137537b7fe285609d9dba5ab"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "malware-lokibot-mutex-detected", "hashes": ["64577faad43b9e75499813d472e67e7bd397abee0eb98d1c1c1799de5bba5c14", "1e89d325c93e38db0a565868ab614d7cd834336b1385456c646be0e9082eba51", "2b9fe265fe13c3f83371491ed5f17d80f9ff56ea693aaa8bffd0c494b2194a87", "3471c7ad3727186cabbc29315177bdec9cfebd0f5874a86c94794d192562d075", "586e4e5052d9a3c243f0b73cd116cbe61ff25569e453bd34ebf8c4c7b3851370", "9eb070abc0b299340d3005a2d2ed06c1da77868df0aaa665729dc5038d066c19", "bc5d9e9a011c1dfec940cc15e7b8675955c84859d91849a71f75e47a48ffd5e9", "c7afef75dd4a83591cdfe132485a77b1a92e03175bf3dcac321957dd7dfc933f", "5cb7c2337aac3d6ba40b178a0fd12755ac352eeef55932e4abd4d359024dcf81", "997d88ee6e82e2f2361080b0e2c2f33772041202775f39f25ad12ba9076f6bc8", "6fe381048c428320914ba87e73dcb6616c791175418cbcd3750c40aa26f575a7", "9df9f730ddf3ecc6268409cacf8c681f228c627ff3d2a0aa88ae28baae14ba4d", "b6372ea27cd357aefd5b8a59b5c68004c98420d4abfbce1887dae155f388fa48", "3400c14435d905a3053958cfa6329fc846c0345d6f623f9bca68afd2aa9dfa16", "686a5b923eddca1c0de89c38e4fdf7919ff109e20b151a2fca5211b3e28950aa", "37d3eb83bc8face3956940c9a614dc9cd09cdbd6137537b7fe285609d9dba5ab"], "mitre_attack_tags": []}, {"bi": "windows-vault-api", "hashes": ["64577faad43b9e75499813d472e67e7bd397abee0eb98d1c1c1799de5bba5c14", "1e89d325c93e38db0a565868ab614d7cd834336b1385456c646be0e9082eba51", "2b9fe265fe13c3f83371491ed5f17d80f9ff56ea693aaa8bffd0c494b2194a87", "3471c7ad3727186cabbc29315177bdec9cfebd0f5874a86c94794d192562d075", "586e4e5052d9a3c243f0b73cd116cbe61ff25569e453bd34ebf8c4c7b3851370", "9eb070abc0b299340d3005a2d2ed06c1da77868df0aaa665729dc5038d066c19", "bc5d9e9a011c1dfec940cc15e7b8675955c84859d91849a71f75e47a48ffd5e9", "c7afef75dd4a83591cdfe132485a77b1a92e03175bf3dcac321957dd7dfc933f", "5cb7c2337aac3d6ba40b178a0fd12755ac352eeef55932e4abd4d359024dcf81", "997d88ee6e82e2f2361080b0e2c2f33772041202775f39f25ad12ba9076f6bc8", "6fe381048c428320914ba87e73dcb6616c791175418cbcd3750c40aa26f575a7", "9df9f730ddf3ecc6268409cacf8c681f228c627ff3d2a0aa88ae28baae14ba4d", "b6372ea27cd357aefd5b8a59b5c68004c98420d4abfbce1887dae155f388fa48", "3400c14435d905a3053958cfa6329fc846c0345d6f623f9bca68afd2aa9dfa16", "686a5b923eddca1c0de89c38e4fdf7919ff109e20b151a2fca5211b3e28950aa", "37d3eb83bc8face3956940c9a614dc9cd09cdbd6137537b7fe285609d9dba5ab"], "mitre_attack_tags": ["TA0006", "T1003", "T1555"]}, {"bi": "firefox-password-manager-local-database-access", "hashes": ["64577faad43b9e75499813d472e67e7bd397abee0eb98d1c1c1799de5bba5c14", "1e89d325c93e38db0a565868ab614d7cd834336b1385456c646be0e9082eba51", "2b9fe265fe13c3f83371491ed5f17d80f9ff56ea693aaa8bffd0c494b2194a87", "3471c7ad3727186cabbc29315177bdec9cfebd0f5874a86c94794d192562d075", "586e4e5052d9a3c243f0b73cd116cbe61ff25569e453bd34ebf8c4c7b3851370", "9eb070abc0b299340d3005a2d2ed06c1da77868df0aaa665729dc5038d066c19", "bc5d9e9a011c1dfec940cc15e7b8675955c84859d91849a71f75e47a48ffd5e9", "c7afef75dd4a83591cdfe132485a77b1a92e03175bf3dcac321957dd7dfc933f", "5cb7c2337aac3d6ba40b178a0fd12755ac352eeef55932e4abd4d359024dcf81", "997d88ee6e82e2f2361080b0e2c2f33772041202775f39f25ad12ba9076f6bc8", "6fe381048c428320914ba87e73dcb6616c791175418cbcd3750c40aa26f575a7", "9df9f730ddf3ecc6268409cacf8c681f228c627ff3d2a0aa88ae28baae14ba4d", "b6372ea27cd357aefd5b8a59b5c68004c98420d4abfbce1887dae155f388fa48", "3400c14435d905a3053958cfa6329fc846c0345d6f623f9bca68afd2aa9dfa16", "686a5b923eddca1c0de89c38e4fdf7919ff109e20b151a2fca5211b3e28950aa", "37d3eb83bc8face3956940c9a614dc9cd09cdbd6137537b7fe285609d9dba5ab"], "mitre_attack_tags": ["TA0006", "T1003"]}, {"bi": "enumeration-browser-information", "hashes": ["64577faad43b9e75499813d472e67e7bd397abee0eb98d1c1c1799de5bba5c14", "1e89d325c93e38db0a565868ab614d7cd834336b1385456c646be0e9082eba51", "2b9fe265fe13c3f83371491ed5f17d80f9ff56ea693aaa8bffd0c494b2194a87", "3471c7ad3727186cabbc29315177bdec9cfebd0f5874a86c94794d192562d075", "586e4e5052d9a3c243f0b73cd116cbe61ff25569e453bd34ebf8c4c7b3851370", "9eb070abc0b299340d3005a2d2ed06c1da77868df0aaa665729dc5038d066c19", "bc5d9e9a011c1dfec940cc15e7b8675955c84859d91849a71f75e47a48ffd5e9", "c7afef75dd4a83591cdfe132485a77b1a92e03175bf3dcac321957dd7dfc933f", "5cb7c2337aac3d6ba40b178a0fd12755ac352eeef55932e4abd4d359024dcf81", "997d88ee6e82e2f2361080b0e2c2f33772041202775f39f25ad12ba9076f6bc8", "6fe381048c428320914ba87e73dcb6616c791175418cbcd3750c40aa26f575a7", "9df9f730ddf3ecc6268409cacf8c681f228c627ff3d2a0aa88ae28baae14ba4d", "b6372ea27cd357aefd5b8a59b5c68004c98420d4abfbce1887dae155f388fa48", "3400c14435d905a3053958cfa6329fc846c0345d6f623f9bca68afd2aa9dfa16", "686a5b923eddca1c0de89c38e4fdf7919ff109e20b151a2fca5211b3e28950aa", "37d3eb83bc8face3956940c9a614dc9cd09cdbd6137537b7fe285609d9dba5ab"], "mitre_attack_tags": ["TA0007", "TA0009", "TA0006", "T1083", "T1217", "T1005", "T1119", "T1552", "T1539", "T1555"]}, {"bi": "deleted-executable-in-system-dir", "hashes": ["64577faad43b9e75499813d472e67e7bd397abee0eb98d1c1c1799de5bba5c14", "1e89d325c93e38db0a565868ab614d7cd834336b1385456c646be0e9082eba51", "2b9fe265fe13c3f83371491ed5f17d80f9ff56ea693aaa8bffd0c494b2194a87", "3471c7ad3727186cabbc29315177bdec9cfebd0f5874a86c94794d192562d075", "586e4e5052d9a3c243f0b73cd116cbe61ff25569e453bd34ebf8c4c7b3851370", "9eb070abc0b299340d3005a2d2ed06c1da77868df0aaa665729dc5038d066c19", "bc5d9e9a011c1dfec940cc15e7b8675955c84859d91849a71f75e47a48ffd5e9", "c7afef75dd4a83591cdfe132485a77b1a92e03175bf3dcac321957dd7dfc933f", "5cb7c2337aac3d6ba40b178a0fd12755ac352eeef55932e4abd4d359024dcf81", "997d88ee6e82e2f2361080b0e2c2f33772041202775f39f25ad12ba9076f6bc8", "6fe381048c428320914ba87e73dcb6616c791175418cbcd3750c40aa26f575a7", "9df9f730ddf3ecc6268409cacf8c681f228c627ff3d2a0aa88ae28baae14ba4d", "b6372ea27cd357aefd5b8a59b5c68004c98420d4abfbce1887dae155f388fa48", "3400c14435d905a3053958cfa6329fc846c0345d6f623f9bca68afd2aa9dfa16", "686a5b923eddca1c0de89c38e4fdf7919ff109e20b151a2fca5211b3e28950aa", "37d3eb83bc8face3956940c9a614dc9cd09cdbd6137537b7fe285609d9dba5ab"], "mitre_attack_tags": []}, {"bi": "files-created-vbs", "hashes": ["64577faad43b9e75499813d472e67e7bd397abee0eb98d1c1c1799de5bba5c14", "1e89d325c93e38db0a565868ab614d7cd834336b1385456c646be0e9082eba51", "2b9fe265fe13c3f83371491ed5f17d80f9ff56ea693aaa8bffd0c494b2194a87", "3471c7ad3727186cabbc29315177bdec9cfebd0f5874a86c94794d192562d075", "586e4e5052d9a3c243f0b73cd116cbe61ff25569e453bd34ebf8c4c7b3851370", "9eb070abc0b299340d3005a2d2ed06c1da77868df0aaa665729dc5038d066c19", "bc5d9e9a011c1dfec940cc15e7b8675955c84859d91849a71f75e47a48ffd5e9", "c7afef75dd4a83591cdfe132485a77b1a92e03175bf3dcac321957dd7dfc933f", "5cb7c2337aac3d6ba40b178a0fd12755ac352eeef55932e4abd4d359024dcf81", "997d88ee6e82e2f2361080b0e2c2f33772041202775f39f25ad12ba9076f6bc8", "6fe381048c428320914ba87e73dcb6616c791175418cbcd3750c40aa26f575a7", "9df9f730ddf3ecc6268409cacf8c681f228c627ff3d2a0aa88ae28baae14ba4d", "b6372ea27cd357aefd5b8a59b5c68004c98420d4abfbce1887dae155f388fa48", "3400c14435d905a3053958cfa6329fc846c0345d6f623f9bca68afd2aa9dfa16", "686a5b923eddca1c0de89c38e4fdf7919ff109e20b151a2fca5211b3e28950aa", "37d3eb83bc8face3956940c9a614dc9cd09cdbd6137537b7fe285609d9dba5ab"], "mitre_attack_tags": ["TA0002", "T1059"]}, {"bi": "vbs-calls-shell", "hashes": ["64577faad43b9e75499813d472e67e7bd397abee0eb98d1c1c1799de5bba5c14", "1e89d325c93e38db0a565868ab614d7cd834336b1385456c646be0e9082eba51", "2b9fe265fe13c3f83371491ed5f17d80f9ff56ea693aaa8bffd0c494b2194a87", "3471c7ad3727186cabbc29315177bdec9cfebd0f5874a86c94794d192562d075", "586e4e5052d9a3c243f0b73cd116cbe61ff25569e453bd34ebf8c4c7b3851370", "9eb070abc0b299340d3005a2d2ed06c1da77868df0aaa665729dc5038d066c19", "bc5d9e9a011c1dfec940cc15e7b8675955c84859d91849a71f75e47a48ffd5e9", "c7afef75dd4a83591cdfe132485a77b1a92e03175bf3dcac321957dd7dfc933f", "5cb7c2337aac3d6ba40b178a0fd12755ac352eeef55932e4abd4d359024dcf81", "997d88ee6e82e2f2361080b0e2c2f33772041202775f39f25ad12ba9076f6bc8", "6fe381048c428320914ba87e73dcb6616c791175418cbcd3750c40aa26f575a7", "9df9f730ddf3ecc6268409cacf8c681f228c627ff3d2a0aa88ae28baae14ba4d", "b6372ea27cd357aefd5b8a59b5c68004c98420d4abfbce1887dae155f388fa48", "3400c14435d905a3053958cfa6329fc846c0345d6f623f9bca68afd2aa9dfa16", "686a5b923eddca1c0de89c38e4fdf7919ff109e20b151a2fca5211b3e28950aa", "37d3eb83bc8face3956940c9a614dc9cd09cdbd6137537b7fe285609d9dba5ab"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "imports-IsDebuggerPresent", "hashes": ["64577faad43b9e75499813d472e67e7bd397abee0eb98d1c1c1799de5bba5c14", "1e89d325c93e38db0a565868ab614d7cd834336b1385456c646be0e9082eba51", "2b9fe265fe13c3f83371491ed5f17d80f9ff56ea693aaa8bffd0c494b2194a87", "3471c7ad3727186cabbc29315177bdec9cfebd0f5874a86c94794d192562d075", "586e4e5052d9a3c243f0b73cd116cbe61ff25569e453bd34ebf8c4c7b3851370", "9eb070abc0b299340d3005a2d2ed06c1da77868df0aaa665729dc5038d066c19", "bc5d9e9a011c1dfec940cc15e7b8675955c84859d91849a71f75e47a48ffd5e9", "c7afef75dd4a83591cdfe132485a77b1a92e03175bf3dcac321957dd7dfc933f", "5cb7c2337aac3d6ba40b178a0fd12755ac352eeef55932e4abd4d359024dcf81", "997d88ee6e82e2f2361080b0e2c2f33772041202775f39f25ad12ba9076f6bc8", "6fe381048c428320914ba87e73dcb6616c791175418cbcd3750c40aa26f575a7", "9df9f730ddf3ecc6268409cacf8c681f228c627ff3d2a0aa88ae28baae14ba4d", "b6372ea27cd357aefd5b8a59b5c68004c98420d4abfbce1887dae155f388fa48", "3400c14435d905a3053958cfa6329fc846c0345d6f623f9bca68afd2aa9dfa16", "686a5b923eddca1c0de89c38e4fdf7919ff109e20b151a2fca5211b3e28950aa", "37d3eb83bc8face3956940c9a614dc9cd09cdbd6137537b7fe285609d9dba5ab"], "mitre_attack_tags": ["TA0005", "TA0007"]}, {"bi": "pe-imports-psapi-dll", "hashes": ["64577faad43b9e75499813d472e67e7bd397abee0eb98d1c1c1799de5bba5c14", "1e89d325c93e38db0a565868ab614d7cd834336b1385456c646be0e9082eba51", "2b9fe265fe13c3f83371491ed5f17d80f9ff56ea693aaa8bffd0c494b2194a87", "3471c7ad3727186cabbc29315177bdec9cfebd0f5874a86c94794d192562d075", "586e4e5052d9a3c243f0b73cd116cbe61ff25569e453bd34ebf8c4c7b3851370", "9eb070abc0b299340d3005a2d2ed06c1da77868df0aaa665729dc5038d066c19", "bc5d9e9a011c1dfec940cc15e7b8675955c84859d91849a71f75e47a48ffd5e9", "c7afef75dd4a83591cdfe132485a77b1a92e03175bf3dcac321957dd7dfc933f", "5cb7c2337aac3d6ba40b178a0fd12755ac352eeef55932e4abd4d359024dcf81", "997d88ee6e82e2f2361080b0e2c2f33772041202775f39f25ad12ba9076f6bc8", "6fe381048c428320914ba87e73dcb6616c791175418cbcd3750c40aa26f575a7", "9df9f730ddf3ecc6268409cacf8c681f228c627ff3d2a0aa88ae28baae14ba4d", "b6372ea27cd357aefd5b8a59b5c68004c98420d4abfbce1887dae155f388fa48", "3400c14435d905a3053958cfa6329fc846c0345d6f623f9bca68afd2aa9dfa16", "686a5b923eddca1c0de89c38e4fdf7919ff109e20b151a2fca5211b3e28950aa", "37d3eb83bc8face3956940c9a614dc9cd09cdbd6137537b7fe285609d9dba5ab"], "mitre_attack_tags": ["TA0007", "T1057"]}, {"bi": "pe-imports-toolhelp", "hashes": ["64577faad43b9e75499813d472e67e7bd397abee0eb98d1c1c1799de5bba5c14", "1e89d325c93e38db0a565868ab614d7cd834336b1385456c646be0e9082eba51", "2b9fe265fe13c3f83371491ed5f17d80f9ff56ea693aaa8bffd0c494b2194a87", "3471c7ad3727186cabbc29315177bdec9cfebd0f5874a86c94794d192562d075", "586e4e5052d9a3c243f0b73cd116cbe61ff25569e453bd34ebf8c4c7b3851370", "9eb070abc0b299340d3005a2d2ed06c1da77868df0aaa665729dc5038d066c19", "bc5d9e9a011c1dfec940cc15e7b8675955c84859d91849a71f75e47a48ffd5e9", "c7afef75dd4a83591cdfe132485a77b1a92e03175bf3dcac321957dd7dfc933f", "5cb7c2337aac3d6ba40b178a0fd12755ac352eeef55932e4abd4d359024dcf81", "997d88ee6e82e2f2361080b0e2c2f33772041202775f39f25ad12ba9076f6bc8", "6fe381048c428320914ba87e73dcb6616c791175418cbcd3750c40aa26f575a7", "9df9f730ddf3ecc6268409cacf8c681f228c627ff3d2a0aa88ae28baae14ba4d", "b6372ea27cd357aefd5b8a59b5c68004c98420d4abfbce1887dae155f388fa48", "3400c14435d905a3053958cfa6329fc846c0345d6f623f9bca68afd2aa9dfa16", "686a5b923eddca1c0de89c38e4fdf7919ff109e20b151a2fca5211b3e28950aa", "37d3eb83bc8face3956940c9a614dc9cd09cdbd6137537b7fe285609d9dba5ab"], "mitre_attack_tags": ["TA0007", "T1057"]}, {"bi": "startup-folder-modification", "hashes": ["64577faad43b9e75499813d472e67e7bd397abee0eb98d1c1c1799de5bba5c14", "1e89d325c93e38db0a565868ab614d7cd834336b1385456c646be0e9082eba51", "2b9fe265fe13c3f83371491ed5f17d80f9ff56ea693aaa8bffd0c494b2194a87", "3471c7ad3727186cabbc29315177bdec9cfebd0f5874a86c94794d192562d075", "586e4e5052d9a3c243f0b73cd116cbe61ff25569e453bd34ebf8c4c7b3851370", "9eb070abc0b299340d3005a2d2ed06c1da77868df0aaa665729dc5038d066c19", "bc5d9e9a011c1dfec940cc15e7b8675955c84859d91849a71f75e47a48ffd5e9", "c7afef75dd4a83591cdfe132485a77b1a92e03175bf3dcac321957dd7dfc933f", "5cb7c2337aac3d6ba40b178a0fd12755ac352eeef55932e4abd4d359024dcf81", "997d88ee6e82e2f2361080b0e2c2f33772041202775f39f25ad12ba9076f6bc8", "6fe381048c428320914ba87e73dcb6616c791175418cbcd3750c40aa26f575a7", "9df9f730ddf3ecc6268409cacf8c681f228c627ff3d2a0aa88ae28baae14ba4d", "b6372ea27cd357aefd5b8a59b5c68004c98420d4abfbce1887dae155f388fa48", "3400c14435d905a3053958cfa6329fc846c0345d6f623f9bca68afd2aa9dfa16", "686a5b923eddca1c0de89c38e4fdf7919ff109e20b151a2fca5211b3e28950aa", "37d3eb83bc8face3956940c9a614dc9cd09cdbd6137537b7fe285609d9dba5ab"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "windows-executable-copied-renamed", "hashes": ["64577faad43b9e75499813d472e67e7bd397abee0eb98d1c1c1799de5bba5c14", "1e89d325c93e38db0a565868ab614d7cd834336b1385456c646be0e9082eba51", "2b9fe265fe13c3f83371491ed5f17d80f9ff56ea693aaa8bffd0c494b2194a87", "3471c7ad3727186cabbc29315177bdec9cfebd0f5874a86c94794d192562d075", "586e4e5052d9a3c243f0b73cd116cbe61ff25569e453bd34ebf8c4c7b3851370", "9eb070abc0b299340d3005a2d2ed06c1da77868df0aaa665729dc5038d066c19", "bc5d9e9a011c1dfec940cc15e7b8675955c84859d91849a71f75e47a48ffd5e9", "c7afef75dd4a83591cdfe132485a77b1a92e03175bf3dcac321957dd7dfc933f", "5cb7c2337aac3d6ba40b178a0fd12755ac352eeef55932e4abd4d359024dcf81", "997d88ee6e82e2f2361080b0e2c2f33772041202775f39f25ad12ba9076f6bc8", "6fe381048c428320914ba87e73dcb6616c791175418cbcd3750c40aa26f575a7", "9df9f730ddf3ecc6268409cacf8c681f228c627ff3d2a0aa88ae28baae14ba4d", "b6372ea27cd357aefd5b8a59b5c68004c98420d4abfbce1887dae155f388fa48", "3400c14435d905a3053958cfa6329fc846c0345d6f623f9bca68afd2aa9dfa16", "686a5b923eddca1c0de89c38e4fdf7919ff109e20b151a2fca5211b3e28950aa", "37d3eb83bc8face3956940c9a614dc9cd09cdbd6137537b7fe285609d9dba5ab"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "startup-folder-vbs-file", "hashes": ["64577faad43b9e75499813d472e67e7bd397abee0eb98d1c1c1799de5bba5c14", "1e89d325c93e38db0a565868ab614d7cd834336b1385456c646be0e9082eba51", "2b9fe265fe13c3f83371491ed5f17d80f9ff56ea693aaa8bffd0c494b2194a87", "3471c7ad3727186cabbc29315177bdec9cfebd0f5874a86c94794d192562d075", "586e4e5052d9a3c243f0b73cd116cbe61ff25569e453bd34ebf8c4c7b3851370", "9eb070abc0b299340d3005a2d2ed06c1da77868df0aaa665729dc5038d066c19", "bc5d9e9a011c1dfec940cc15e7b8675955c84859d91849a71f75e47a48ffd5e9", "c7afef75dd4a83591cdfe132485a77b1a92e03175bf3dcac321957dd7dfc933f", "5cb7c2337aac3d6ba40b178a0fd12755ac352eeef55932e4abd4d359024dcf81", "997d88ee6e82e2f2361080b0e2c2f33772041202775f39f25ad12ba9076f6bc8", "6fe381048c428320914ba87e73dcb6616c791175418cbcd3750c40aa26f575a7", "9df9f730ddf3ecc6268409cacf8c681f228c627ff3d2a0aa88ae28baae14ba4d", "b6372ea27cd357aefd5b8a59b5c68004c98420d4abfbce1887dae155f388fa48", "3400c14435d905a3053958cfa6329fc846c0345d6f623f9bca68afd2aa9dfa16", "686a5b923eddca1c0de89c38e4fdf7919ff109e20b151a2fca5211b3e28950aa", "37d3eb83bc8face3956940c9a614dc9cd09cdbd6137537b7fe285609d9dba5ab"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "pe-uses-autoit", "hashes": ["64577faad43b9e75499813d472e67e7bd397abee0eb98d1c1c1799de5bba5c14", "1e89d325c93e38db0a565868ab614d7cd834336b1385456c646be0e9082eba51", "2b9fe265fe13c3f83371491ed5f17d80f9ff56ea693aaa8bffd0c494b2194a87", "3471c7ad3727186cabbc29315177bdec9cfebd0f5874a86c94794d192562d075", "586e4e5052d9a3c243f0b73cd116cbe61ff25569e453bd34ebf8c4c7b3851370", "9eb070abc0b299340d3005a2d2ed06c1da77868df0aaa665729dc5038d066c19", "bc5d9e9a011c1dfec940cc15e7b8675955c84859d91849a71f75e47a48ffd5e9", "c7afef75dd4a83591cdfe132485a77b1a92e03175bf3dcac321957dd7dfc933f", "5cb7c2337aac3d6ba40b178a0fd12755ac352eeef55932e4abd4d359024dcf81", "997d88ee6e82e2f2361080b0e2c2f33772041202775f39f25ad12ba9076f6bc8", "6fe381048c428320914ba87e73dcb6616c791175418cbcd3750c40aa26f575a7", "9df9f730ddf3ecc6268409cacf8c681f228c627ff3d2a0aa88ae28baae14ba4d", "b6372ea27cd357aefd5b8a59b5c68004c98420d4abfbce1887dae155f388fa48", "3400c14435d905a3053958cfa6329fc846c0345d6f623f9bca68afd2aa9dfa16", "686a5b923eddca1c0de89c38e4fdf7919ff109e20b151a2fca5211b3e28950aa", "37d3eb83bc8face3956940c9a614dc9cd09cdbd6137537b7fe285609d9dba5ab"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "artifact-flagged-suspicious-au3", "hashes": ["64577faad43b9e75499813d472e67e7bd397abee0eb98d1c1c1799de5bba5c14", "1e89d325c93e38db0a565868ab614d7cd834336b1385456c646be0e9082eba51", "2b9fe265fe13c3f83371491ed5f17d80f9ff56ea693aaa8bffd0c494b2194a87", "3471c7ad3727186cabbc29315177bdec9cfebd0f5874a86c94794d192562d075", "586e4e5052d9a3c243f0b73cd116cbe61ff25569e453bd34ebf8c4c7b3851370", "9eb070abc0b299340d3005a2d2ed06c1da77868df0aaa665729dc5038d066c19", "bc5d9e9a011c1dfec940cc15e7b8675955c84859d91849a71f75e47a48ffd5e9", "c7afef75dd4a83591cdfe132485a77b1a92e03175bf3dcac321957dd7dfc933f", "5cb7c2337aac3d6ba40b178a0fd12755ac352eeef55932e4abd4d359024dcf81", "997d88ee6e82e2f2361080b0e2c2f33772041202775f39f25ad12ba9076f6bc8", "6fe381048c428320914ba87e73dcb6616c791175418cbcd3750c40aa26f575a7", "9df9f730ddf3ecc6268409cacf8c681f228c627ff3d2a0aa88ae28baae14ba4d", "b6372ea27cd357aefd5b8a59b5c68004c98420d4abfbce1887dae155f388fa48", "3400c14435d905a3053958cfa6329fc846c0345d6f623f9bca68afd2aa9dfa16", "686a5b923eddca1c0de89c38e4fdf7919ff109e20b151a2fca5211b3e28950aa", "37d3eb83bc8face3956940c9a614dc9cd09cdbd6137537b7fe285609d9dba5ab"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "process-hollowing-detected", "hashes": ["1e89d325c93e38db0a565868ab614d7cd834336b1385456c646be0e9082eba51", "2b9fe265fe13c3f83371491ed5f17d80f9ff56ea693aaa8bffd0c494b2194a87", "3471c7ad3727186cabbc29315177bdec9cfebd0f5874a86c94794d192562d075", "586e4e5052d9a3c243f0b73cd116cbe61ff25569e453bd34ebf8c4c7b3851370", "9eb070abc0b299340d3005a2d2ed06c1da77868df0aaa665729dc5038d066c19", "bc5d9e9a011c1dfec940cc15e7b8675955c84859d91849a71f75e47a48ffd5e9", "c7afef75dd4a83591cdfe132485a77b1a92e03175bf3dcac321957dd7dfc933f", "5cb7c2337aac3d6ba40b178a0fd12755ac352eeef55932e4abd4d359024dcf81", "997d88ee6e82e2f2361080b0e2c2f33772041202775f39f25ad12ba9076f6bc8", "6fe381048c428320914ba87e73dcb6616c791175418cbcd3750c40aa26f575a7", "b6372ea27cd357aefd5b8a59b5c68004c98420d4abfbce1887dae155f388fa48", "3400c14435d905a3053958cfa6329fc846c0345d6f623f9bca68afd2aa9dfa16", "686a5b923eddca1c0de89c38e4fdf7919ff109e20b151a2fca5211b3e28950aa", "37d3eb83bc8face3956940c9a614dc9cd09cdbd6137537b7fe285609d9dba5ab"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}], "category": "Dropper", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": false, "Threat Grid": true, "Umbrella": true, "WSA": true}, "description": "Lokibot is an information-stealing malware designed to siphon off sensitive information stored on an infected device. It is modular in nature, supporting the ability to steal sensitive information from a number of popular applications. It is commonly pushed via malicious documents delivered via spam emails.", "hashes": ["1e89d325c93e38db0a565868ab614d7cd834336b1385456c646be0e9082eba51", "2b9fe265fe13c3f83371491ed5f17d80f9ff56ea693aaa8bffd0c494b2194a87", "3400c14435d905a3053958cfa6329fc846c0345d6f623f9bca68afd2aa9dfa16", "3471c7ad3727186cabbc29315177bdec9cfebd0f5874a86c94794d192562d075", "37d3eb83bc8face3956940c9a614dc9cd09cdbd6137537b7fe285609d9dba5ab", "586e4e5052d9a3c243f0b73cd116cbe61ff25569e453bd34ebf8c4c7b3851370", "5cb7c2337aac3d6ba40b178a0fd12755ac352eeef55932e4abd4d359024dcf81", "64577faad43b9e75499813d472e67e7bd397abee0eb98d1c1c1799de5bba5c14", "686a5b923eddca1c0de89c38e4fdf7919ff109e20b151a2fca5211b3e28950aa", "6fe381048c428320914ba87e73dcb6616c791175418cbcd3750c40aa26f575a7", "997d88ee6e82e2f2361080b0e2c2f33772041202775f39f25ad12ba9076f6bc8", "9df9f730ddf3ecc6268409cacf8c681f228c627ff3d2a0aa88ae28baae14ba4d", "9eb070abc0b299340d3005a2d2ed06c1da77868df0aaa665729dc5038d066c19", "b6372ea27cd357aefd5b8a59b5c68004c98420d4abfbce1887dae155f388fa48", "bc5d9e9a011c1dfec940cc15e7b8675955c84859d91849a71f75e47a48ffd5e9", "c7afef75dd4a83591cdfe132485a77b1a92e03175bf3dcac321957dd7dfc933f"], "iocs": {"domain": [{"hashes": ["1e89d325c93e38db0a565868ab614d7cd834336b1385456c646be0e9082eba51", "2b9fe265fe13c3f83371491ed5f17d80f9ff56ea693aaa8bffd0c494b2194a87", "3400c14435d905a3053958cfa6329fc846c0345d6f623f9bca68afd2aa9dfa16", "3471c7ad3727186cabbc29315177bdec9cfebd0f5874a86c94794d192562d075", "37d3eb83bc8face3956940c9a614dc9cd09cdbd6137537b7fe285609d9dba5ab", "586e4e5052d9a3c243f0b73cd116cbe61ff25569e453bd34ebf8c4c7b3851370", "5cb7c2337aac3d6ba40b178a0fd12755ac352eeef55932e4abd4d359024dcf81", "64577faad43b9e75499813d472e67e7bd397abee0eb98d1c1c1799de5bba5c14", "686a5b923eddca1c0de89c38e4fdf7919ff109e20b151a2fca5211b3e28950aa", "6fe381048c428320914ba87e73dcb6616c791175418cbcd3750c40aa26f575a7", "997d88ee6e82e2f2361080b0e2c2f33772041202775f39f25ad12ba9076f6bc8", "9df9f730ddf3ecc6268409cacf8c681f228c627ff3d2a0aa88ae28baae14ba4d", "9eb070abc0b299340d3005a2d2ed06c1da77868df0aaa665729dc5038d066c19", "b6372ea27cd357aefd5b8a59b5c68004c98420d4abfbce1887dae155f388fa48", "bc5d9e9a011c1dfec940cc15e7b8675955c84859d91849a71f75e47a48ffd5e9", "c7afef75dd4a83591cdfe132485a77b1a92e03175bf3dcac321957dd7dfc933f"], "host": "shopper[.]bulutlogistic[.]com"}], "file": [{"hashes": ["1e89d325c93e38db0a565868ab614d7cd834336b1385456c646be0e9082eba51", "2b9fe265fe13c3f83371491ed5f17d80f9ff56ea693aaa8bffd0c494b2194a87", "3400c14435d905a3053958cfa6329fc846c0345d6f623f9bca68afd2aa9dfa16", "3471c7ad3727186cabbc29315177bdec9cfebd0f5874a86c94794d192562d075", "37d3eb83bc8face3956940c9a614dc9cd09cdbd6137537b7fe285609d9dba5ab", "586e4e5052d9a3c243f0b73cd116cbe61ff25569e453bd34ebf8c4c7b3851370", "5cb7c2337aac3d6ba40b178a0fd12755ac352eeef55932e4abd4d359024dcf81", "64577faad43b9e75499813d472e67e7bd397abee0eb98d1c1c1799de5bba5c14", "686a5b923eddca1c0de89c38e4fdf7919ff109e20b151a2fca5211b3e28950aa", "6fe381048c428320914ba87e73dcb6616c791175418cbcd3750c40aa26f575a7", "997d88ee6e82e2f2361080b0e2c2f33772041202775f39f25ad12ba9076f6bc8", "9df9f730ddf3ecc6268409cacf8c681f228c627ff3d2a0aa88ae28baae14ba4d", "9eb070abc0b299340d3005a2d2ed06c1da77868df0aaa665729dc5038d066c19", "b6372ea27cd357aefd5b8a59b5c68004c98420d4abfbce1887dae155f388fa48", "bc5d9e9a011c1dfec940cc15e7b8675955c84859d91849a71f75e47a48ffd5e9", "c7afef75dd4a83591cdfe132485a77b1a92e03175bf3dcac321957dd7dfc933f"], "path": "%APPDATA%\\D282E1"}, {"hashes": ["1e89d325c93e38db0a565868ab614d7cd834336b1385456c646be0e9082eba51", "2b9fe265fe13c3f83371491ed5f17d80f9ff56ea693aaa8bffd0c494b2194a87", "3400c14435d905a3053958cfa6329fc846c0345d6f623f9bca68afd2aa9dfa16", "3471c7ad3727186cabbc29315177bdec9cfebd0f5874a86c94794d192562d075", "37d3eb83bc8face3956940c9a614dc9cd09cdbd6137537b7fe285609d9dba5ab", "586e4e5052d9a3c243f0b73cd116cbe61ff25569e453bd34ebf8c4c7b3851370", "5cb7c2337aac3d6ba40b178a0fd12755ac352eeef55932e4abd4d359024dcf81", "64577faad43b9e75499813d472e67e7bd397abee0eb98d1c1c1799de5bba5c14", "686a5b923eddca1c0de89c38e4fdf7919ff109e20b151a2fca5211b3e28950aa", "6fe381048c428320914ba87e73dcb6616c791175418cbcd3750c40aa26f575a7", "997d88ee6e82e2f2361080b0e2c2f33772041202775f39f25ad12ba9076f6bc8", "9df9f730ddf3ecc6268409cacf8c681f228c627ff3d2a0aa88ae28baae14ba4d", "9eb070abc0b299340d3005a2d2ed06c1da77868df0aaa665729dc5038d066c19", "b6372ea27cd357aefd5b8a59b5c68004c98420d4abfbce1887dae155f388fa48", "bc5d9e9a011c1dfec940cc15e7b8675955c84859d91849a71f75e47a48ffd5e9", "c7afef75dd4a83591cdfe132485a77b1a92e03175bf3dcac321957dd7dfc933f"], "path": "%APPDATA%\\D282E1\\1E80C5.lck"}, {"hashes": ["1e89d325c93e38db0a565868ab614d7cd834336b1385456c646be0e9082eba51", "2b9fe265fe13c3f83371491ed5f17d80f9ff56ea693aaa8bffd0c494b2194a87", "3400c14435d905a3053958cfa6329fc846c0345d6f623f9bca68afd2aa9dfa16", "3471c7ad3727186cabbc29315177bdec9cfebd0f5874a86c94794d192562d075", "37d3eb83bc8face3956940c9a614dc9cd09cdbd6137537b7fe285609d9dba5ab", "586e4e5052d9a3c243f0b73cd116cbe61ff25569e453bd34ebf8c4c7b3851370", "5cb7c2337aac3d6ba40b178a0fd12755ac352eeef55932e4abd4d359024dcf81", "64577faad43b9e75499813d472e67e7bd397abee0eb98d1c1c1799de5bba5c14", "686a5b923eddca1c0de89c38e4fdf7919ff109e20b151a2fca5211b3e28950aa", "6fe381048c428320914ba87e73dcb6616c791175418cbcd3750c40aa26f575a7", "997d88ee6e82e2f2361080b0e2c2f33772041202775f39f25ad12ba9076f6bc8", "9df9f730ddf3ecc6268409cacf8c681f228c627ff3d2a0aa88ae28baae14ba4d", "9eb070abc0b299340d3005a2d2ed06c1da77868df0aaa665729dc5038d066c19", "b6372ea27cd357aefd5b8a59b5c68004c98420d4abfbce1887dae155f388fa48", "bc5d9e9a011c1dfec940cc15e7b8675955c84859d91849a71f75e47a48ffd5e9", "c7afef75dd4a83591cdfe132485a77b1a92e03175bf3dcac321957dd7dfc933f"], "path": "%APPDATA%\\Microsoft\\Crypto\\RSA\\S-1-5-21-2580483871-590521980-3826313501-500\\a18ca4003deb042bbee7a40f15e1970b_d19ab989-a35f-4710-83df-7b2db7efe7c5"}, {"hashes": ["1e89d325c93e38db0a565868ab614d7cd834336b1385456c646be0e9082eba51", "2b9fe265fe13c3f83371491ed5f17d80f9ff56ea693aaa8bffd0c494b2194a87", "3400c14435d905a3053958cfa6329fc846c0345d6f623f9bca68afd2aa9dfa16", "3471c7ad3727186cabbc29315177bdec9cfebd0f5874a86c94794d192562d075", "37d3eb83bc8face3956940c9a614dc9cd09cdbd6137537b7fe285609d9dba5ab", "586e4e5052d9a3c243f0b73cd116cbe61ff25569e453bd34ebf8c4c7b3851370", "5cb7c2337aac3d6ba40b178a0fd12755ac352eeef55932e4abd4d359024dcf81", "64577faad43b9e75499813d472e67e7bd397abee0eb98d1c1c1799de5bba5c14", "686a5b923eddca1c0de89c38e4fdf7919ff109e20b151a2fca5211b3e28950aa", "6fe381048c428320914ba87e73dcb6616c791175418cbcd3750c40aa26f575a7", "997d88ee6e82e2f2361080b0e2c2f33772041202775f39f25ad12ba9076f6bc8", "9df9f730ddf3ecc6268409cacf8c681f228c627ff3d2a0aa88ae28baae14ba4d", "9eb070abc0b299340d3005a2d2ed06c1da77868df0aaa665729dc5038d066c19", "b6372ea27cd357aefd5b8a59b5c68004c98420d4abfbce1887dae155f388fa48", "bc5d9e9a011c1dfec940cc15e7b8675955c84859d91849a71f75e47a48ffd5e9", "c7afef75dd4a83591cdfe132485a77b1a92e03175bf3dcac321957dd7dfc933f"], "path": "%APPDATA%\\D282E1\\1E80C5.exe"}, {"hashes": ["1e89d325c93e38db0a565868ab614d7cd834336b1385456c646be0e9082eba51", "2b9fe265fe13c3f83371491ed5f17d80f9ff56ea693aaa8bffd0c494b2194a87", "3400c14435d905a3053958cfa6329fc846c0345d6f623f9bca68afd2aa9dfa16", "3471c7ad3727186cabbc29315177bdec9cfebd0f5874a86c94794d192562d075", "37d3eb83bc8face3956940c9a614dc9cd09cdbd6137537b7fe285609d9dba5ab", "586e4e5052d9a3c243f0b73cd116cbe61ff25569e453bd34ebf8c4c7b3851370", "5cb7c2337aac3d6ba40b178a0fd12755ac352eeef55932e4abd4d359024dcf81", "64577faad43b9e75499813d472e67e7bd397abee0eb98d1c1c1799de5bba5c14", "686a5b923eddca1c0de89c38e4fdf7919ff109e20b151a2fca5211b3e28950aa", "6fe381048c428320914ba87e73dcb6616c791175418cbcd3750c40aa26f575a7", "997d88ee6e82e2f2361080b0e2c2f33772041202775f39f25ad12ba9076f6bc8", "9df9f730ddf3ecc6268409cacf8c681f228c627ff3d2a0aa88ae28baae14ba4d", "9eb070abc0b299340d3005a2d2ed06c1da77868df0aaa665729dc5038d066c19", "b6372ea27cd357aefd5b8a59b5c68004c98420d4abfbce1887dae155f388fa48", "bc5d9e9a011c1dfec940cc15e7b8675955c84859d91849a71f75e47a48ffd5e9", "c7afef75dd4a83591cdfe132485a77b1a92e03175bf3dcac321957dd7dfc933f"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\DeviceProperties.vbs"}, {"hashes": ["1e89d325c93e38db0a565868ab614d7cd834336b1385456c646be0e9082eba51", "2b9fe265fe13c3f83371491ed5f17d80f9ff56ea693aaa8bffd0c494b2194a87", "3400c14435d905a3053958cfa6329fc846c0345d6f623f9bca68afd2aa9dfa16", "3471c7ad3727186cabbc29315177bdec9cfebd0f5874a86c94794d192562d075", "37d3eb83bc8face3956940c9a614dc9cd09cdbd6137537b7fe285609d9dba5ab", "586e4e5052d9a3c243f0b73cd116cbe61ff25569e453bd34ebf8c4c7b3851370", "5cb7c2337aac3d6ba40b178a0fd12755ac352eeef55932e4abd4d359024dcf81", "64577faad43b9e75499813d472e67e7bd397abee0eb98d1c1c1799de5bba5c14", "686a5b923eddca1c0de89c38e4fdf7919ff109e20b151a2fca5211b3e28950aa", "6fe381048c428320914ba87e73dcb6616c791175418cbcd3750c40aa26f575a7", "997d88ee6e82e2f2361080b0e2c2f33772041202775f39f25ad12ba9076f6bc8", "9df9f730ddf3ecc6268409cacf8c681f228c627ff3d2a0aa88ae28baae14ba4d", "9eb070abc0b299340d3005a2d2ed06c1da77868df0aaa665729dc5038d066c19", "b6372ea27cd357aefd5b8a59b5c68004c98420d4abfbce1887dae155f388fa48", "bc5d9e9a011c1dfec940cc15e7b8675955c84859d91849a71f75e47a48ffd5e9", "c7afef75dd4a83591cdfe132485a77b1a92e03175bf3dcac321957dd7dfc933f"], "path": "%HOMEPATH%\\AppVClient"}, {"hashes": ["1e89d325c93e38db0a565868ab614d7cd834336b1385456c646be0e9082eba51", "2b9fe265fe13c3f83371491ed5f17d80f9ff56ea693aaa8bffd0c494b2194a87", "3400c14435d905a3053958cfa6329fc846c0345d6f623f9bca68afd2aa9dfa16", "3471c7ad3727186cabbc29315177bdec9cfebd0f5874a86c94794d192562d075", "37d3eb83bc8face3956940c9a614dc9cd09cdbd6137537b7fe285609d9dba5ab", "586e4e5052d9a3c243f0b73cd116cbe61ff25569e453bd34ebf8c4c7b3851370", "5cb7c2337aac3d6ba40b178a0fd12755ac352eeef55932e4abd4d359024dcf81", "64577faad43b9e75499813d472e67e7bd397abee0eb98d1c1c1799de5bba5c14", "686a5b923eddca1c0de89c38e4fdf7919ff109e20b151a2fca5211b3e28950aa", "6fe381048c428320914ba87e73dcb6616c791175418cbcd3750c40aa26f575a7", "997d88ee6e82e2f2361080b0e2c2f33772041202775f39f25ad12ba9076f6bc8", "9df9f730ddf3ecc6268409cacf8c681f228c627ff3d2a0aa88ae28baae14ba4d", "9eb070abc0b299340d3005a2d2ed06c1da77868df0aaa665729dc5038d066c19", "b6372ea27cd357aefd5b8a59b5c68004c98420d4abfbce1887dae155f388fa48", "bc5d9e9a011c1dfec940cc15e7b8675955c84859d91849a71f75e47a48ffd5e9", "c7afef75dd4a83591cdfe132485a77b1a92e03175bf3dcac321957dd7dfc933f"], "path": "%HOMEPATH%\\AppVClient\\MuiUnattend.exe"}], "ip": [], "mutex": [{"hashes": ["1e89d325c93e38db0a565868ab614d7cd834336b1385456c646be0e9082eba51", "2b9fe265fe13c3f83371491ed5f17d80f9ff56ea693aaa8bffd0c494b2194a87", "3400c14435d905a3053958cfa6329fc846c0345d6f623f9bca68afd2aa9dfa16", "3471c7ad3727186cabbc29315177bdec9cfebd0f5874a86c94794d192562d075", "37d3eb83bc8face3956940c9a614dc9cd09cdbd6137537b7fe285609d9dba5ab", "586e4e5052d9a3c243f0b73cd116cbe61ff25569e453bd34ebf8c4c7b3851370", "5cb7c2337aac3d6ba40b178a0fd12755ac352eeef55932e4abd4d359024dcf81", "64577faad43b9e75499813d472e67e7bd397abee0eb98d1c1c1799de5bba5c14", "686a5b923eddca1c0de89c38e4fdf7919ff109e20b151a2fca5211b3e28950aa", "6fe381048c428320914ba87e73dcb6616c791175418cbcd3750c40aa26f575a7", "997d88ee6e82e2f2361080b0e2c2f33772041202775f39f25ad12ba9076f6bc8", "9df9f730ddf3ecc6268409cacf8c681f228c627ff3d2a0aa88ae28baae14ba4d", "9eb070abc0b299340d3005a2d2ed06c1da77868df0aaa665729dc5038d066c19", "b6372ea27cd357aefd5b8a59b5c68004c98420d4abfbce1887dae155f388fa48", "bc5d9e9a011c1dfec940cc15e7b8675955c84859d91849a71f75e47a48ffd5e9", "c7afef75dd4a83591cdfe132485a77b1a92e03175bf3dcac321957dd7dfc933f"], "name": "3749282D282E1E80C56CAE5A"}], "registry": []}, "reports_count": 16}, "Win.Dropper.Remcos-9982549-0": {"bis": [{"bi": "pe-encrypted-section", "hashes": ["4cc637037c1f83181100f96402f254ce2bda39883588abf568a8d5bad2f4314e", "3ee249d38bcd7508c2312dcee9bf12168acfb0cb28065d51b4de0a5cd7699b57", "106f1d501242121b596cc520a89f0523397ced37435e8d4d81a5d57cc1f03714", "b267b1e0b3c64b88c9aa3b76b0ae2554612cc825490c7c34548be40ad77cb45a", "6b41117c6e33165b8ec66a7d30160c7f064f30bbf6bd21f117c7f016d5a0bad3", "8ea21f50c905a9dc0d76f2548961deb079607ee8af7bf8d1c54bc3bf2e794cc8", "e08b7135304c934b96d5fa6ec1a73f94bbb45e77558caee1b937c3b7d048baae", "b748ff3fcf567b0d53fe1feeede4f88168427e38b8473bcc03264ac8e0c86721", "4002487bcf5cc47ef93f8c28d48317df97a3ace3d956e4eb7eab11e5b732b194", "da0bd85734cdbcd85debc29e899728fe67995b62b10c3d433246cbf85006cd82", "df05fa9eb29122af6c45f533a41fbd33d22500c1107d2d3a8b368fa8f68a11e4", "0350cbfc4ff5a579a459d6ceff060d5d157d30f20fb451a94d82166631f18066", "2c1d66b0c4fab913bdbf03ddd3531a42963ac9ab30786ba67b25bca9bf703e95", "32a994ef75ffd4d823dbc85c190ed550194069ae7bce1e27828787979163ebef", "570532881997d16da4d18b37254530c7b501d4d91569d378234e636b1bfa3cf5", "2dbedfaf6e8b284906dc6545d481179baecde8b6e9e45dde980a0f2867288978", "1e8ae5b358c8fcddc3e25758e2f49cb2b04ad661376022d9aaaa1aaecfb663c0", "a1d387233338d48539c3e00ac93eb7c527078ff14c3d14d5010a4c54a1a7e33a", "73cdc18ea1c2aa331faa0ba95fa505b4cd5e53f8229cff6aa9811f19099b84ef", "2a32b8c6cbdb61fd362baeab2cb9aa210dc51c6880656c14b9b36c50766582d2", "801b7cf336dc0f2d9dc8230f512482953f8286675a996416087edeb5cf005883"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "memory-execute-readwrite", "hashes": ["4cc637037c1f83181100f96402f254ce2bda39883588abf568a8d5bad2f4314e", "3ee249d38bcd7508c2312dcee9bf12168acfb0cb28065d51b4de0a5cd7699b57", "106f1d501242121b596cc520a89f0523397ced37435e8d4d81a5d57cc1f03714", "b267b1e0b3c64b88c9aa3b76b0ae2554612cc825490c7c34548be40ad77cb45a", "6b41117c6e33165b8ec66a7d30160c7f064f30bbf6bd21f117c7f016d5a0bad3", "8ea21f50c905a9dc0d76f2548961deb079607ee8af7bf8d1c54bc3bf2e794cc8", "e08b7135304c934b96d5fa6ec1a73f94bbb45e77558caee1b937c3b7d048baae", "b748ff3fcf567b0d53fe1feeede4f88168427e38b8473bcc03264ac8e0c86721", "4002487bcf5cc47ef93f8c28d48317df97a3ace3d956e4eb7eab11e5b732b194", "da0bd85734cdbcd85debc29e899728fe67995b62b10c3d433246cbf85006cd82", "df05fa9eb29122af6c45f533a41fbd33d22500c1107d2d3a8b368fa8f68a11e4", "0350cbfc4ff5a579a459d6ceff060d5d157d30f20fb451a94d82166631f18066", "2c1d66b0c4fab913bdbf03ddd3531a42963ac9ab30786ba67b25bca9bf703e95", "32a994ef75ffd4d823dbc85c190ed550194069ae7bce1e27828787979163ebef", "570532881997d16da4d18b37254530c7b501d4d91569d378234e636b1bfa3cf5", "2dbedfaf6e8b284906dc6545d481179baecde8b6e9e45dde980a0f2867288978", "1e8ae5b358c8fcddc3e25758e2f49cb2b04ad661376022d9aaaa1aaecfb663c0", "a1d387233338d48539c3e00ac93eb7c527078ff14c3d14d5010a4c54a1a7e33a", "73cdc18ea1c2aa331faa0ba95fa505b4cd5e53f8229cff6aa9811f19099b84ef", "2a32b8c6cbdb61fd362baeab2cb9aa210dc51c6880656c14b9b36c50766582d2", "801b7cf336dc0f2d9dc8230f512482953f8286675a996416087edeb5cf005883"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["4cc637037c1f83181100f96402f254ce2bda39883588abf568a8d5bad2f4314e", "3ee249d38bcd7508c2312dcee9bf12168acfb0cb28065d51b4de0a5cd7699b57", "106f1d501242121b596cc520a89f0523397ced37435e8d4d81a5d57cc1f03714", "b267b1e0b3c64b88c9aa3b76b0ae2554612cc825490c7c34548be40ad77cb45a", "6b41117c6e33165b8ec66a7d30160c7f064f30bbf6bd21f117c7f016d5a0bad3", "8ea21f50c905a9dc0d76f2548961deb079607ee8af7bf8d1c54bc3bf2e794cc8", "e08b7135304c934b96d5fa6ec1a73f94bbb45e77558caee1b937c3b7d048baae", "b748ff3fcf567b0d53fe1feeede4f88168427e38b8473bcc03264ac8e0c86721", "4002487bcf5cc47ef93f8c28d48317df97a3ace3d956e4eb7eab11e5b732b194", "da0bd85734cdbcd85debc29e899728fe67995b62b10c3d433246cbf85006cd82", "df05fa9eb29122af6c45f533a41fbd33d22500c1107d2d3a8b368fa8f68a11e4", "0350cbfc4ff5a579a459d6ceff060d5d157d30f20fb451a94d82166631f18066", "2c1d66b0c4fab913bdbf03ddd3531a42963ac9ab30786ba67b25bca9bf703e95", "32a994ef75ffd4d823dbc85c190ed550194069ae7bce1e27828787979163ebef", "570532881997d16da4d18b37254530c7b501d4d91569d378234e636b1bfa3cf5", "2dbedfaf6e8b284906dc6545d481179baecde8b6e9e45dde980a0f2867288978", "1e8ae5b358c8fcddc3e25758e2f49cb2b04ad661376022d9aaaa1aaecfb663c0", "a1d387233338d48539c3e00ac93eb7c527078ff14c3d14d5010a4c54a1a7e33a", "73cdc18ea1c2aa331faa0ba95fa505b4cd5e53f8229cff6aa9811f19099b84ef", "2a32b8c6cbdb61fd362baeab2cb9aa210dc51c6880656c14b9b36c50766582d2", "801b7cf336dc0f2d9dc8230f512482953f8286675a996416087edeb5cf005883"], "mitre_attack_tags": []}, {"bi": "pe-uses-visual-basic", "hashes": ["4cc637037c1f83181100f96402f254ce2bda39883588abf568a8d5bad2f4314e", "3ee249d38bcd7508c2312dcee9bf12168acfb0cb28065d51b4de0a5cd7699b57", "106f1d501242121b596cc520a89f0523397ced37435e8d4d81a5d57cc1f03714", "b267b1e0b3c64b88c9aa3b76b0ae2554612cc825490c7c34548be40ad77cb45a", "6b41117c6e33165b8ec66a7d30160c7f064f30bbf6bd21f117c7f016d5a0bad3", "8ea21f50c905a9dc0d76f2548961deb079607ee8af7bf8d1c54bc3bf2e794cc8", "e08b7135304c934b96d5fa6ec1a73f94bbb45e77558caee1b937c3b7d048baae", "b748ff3fcf567b0d53fe1feeede4f88168427e38b8473bcc03264ac8e0c86721", "4002487bcf5cc47ef93f8c28d48317df97a3ace3d956e4eb7eab11e5b732b194", "da0bd85734cdbcd85debc29e899728fe67995b62b10c3d433246cbf85006cd82", "df05fa9eb29122af6c45f533a41fbd33d22500c1107d2d3a8b368fa8f68a11e4", "0350cbfc4ff5a579a459d6ceff060d5d157d30f20fb451a94d82166631f18066", "2c1d66b0c4fab913bdbf03ddd3531a42963ac9ab30786ba67b25bca9bf703e95", "32a994ef75ffd4d823dbc85c190ed550194069ae7bce1e27828787979163ebef", "570532881997d16da4d18b37254530c7b501d4d91569d378234e636b1bfa3cf5", "2dbedfaf6e8b284906dc6545d481179baecde8b6e9e45dde980a0f2867288978", "1e8ae5b358c8fcddc3e25758e2f49cb2b04ad661376022d9aaaa1aaecfb663c0", "a1d387233338d48539c3e00ac93eb7c527078ff14c3d14d5010a4c54a1a7e33a", "73cdc18ea1c2aa331faa0ba95fa505b4cd5e53f8229cff6aa9811f19099b84ef", "2a32b8c6cbdb61fd362baeab2cb9aa210dc51c6880656c14b9b36c50766582d2", "801b7cf336dc0f2d9dc8230f512482953f8286675a996416087edeb5cf005883"], "mitre_attack_tags": []}, {"bi": "sample-launched-copy-of-self", "hashes": ["3ee249d38bcd7508c2312dcee9bf12168acfb0cb28065d51b4de0a5cd7699b57", "106f1d501242121b596cc520a89f0523397ced37435e8d4d81a5d57cc1f03714", "6b41117c6e33165b8ec66a7d30160c7f064f30bbf6bd21f117c7f016d5a0bad3", "8ea21f50c905a9dc0d76f2548961deb079607ee8af7bf8d1c54bc3bf2e794cc8", "4002487bcf5cc47ef93f8c28d48317df97a3ace3d956e4eb7eab11e5b732b194", "df05fa9eb29122af6c45f533a41fbd33d22500c1107d2d3a8b368fa8f68a11e4", "0350cbfc4ff5a579a459d6ceff060d5d157d30f20fb451a94d82166631f18066", "2c1d66b0c4fab913bdbf03ddd3531a42963ac9ab30786ba67b25bca9bf703e95", "32a994ef75ffd4d823dbc85c190ed550194069ae7bce1e27828787979163ebef", "570532881997d16da4d18b37254530c7b501d4d91569d378234e636b1bfa3cf5", "2dbedfaf6e8b284906dc6545d481179baecde8b6e9e45dde980a0f2867288978", "1e8ae5b358c8fcddc3e25758e2f49cb2b04ad661376022d9aaaa1aaecfb663c0", "a1d387233338d48539c3e00ac93eb7c527078ff14c3d14d5010a4c54a1a7e33a", "73cdc18ea1c2aa331faa0ba95fa505b4cd5e53f8229cff6aa9811f19099b84ef", "2a32b8c6cbdb61fd362baeab2cb9aa210dc51c6880656c14b9b36c50766582d2", "801b7cf336dc0f2d9dc8230f512482953f8286675a996416087edeb5cf005883"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "modified-file-in-user-dir", "hashes": ["4cc637037c1f83181100f96402f254ce2bda39883588abf568a8d5bad2f4314e", "3ee249d38bcd7508c2312dcee9bf12168acfb0cb28065d51b4de0a5cd7699b57", "106f1d501242121b596cc520a89f0523397ced37435e8d4d81a5d57cc1f03714", "b267b1e0b3c64b88c9aa3b76b0ae2554612cc825490c7c34548be40ad77cb45a", "6b41117c6e33165b8ec66a7d30160c7f064f30bbf6bd21f117c7f016d5a0bad3", "e08b7135304c934b96d5fa6ec1a73f94bbb45e77558caee1b937c3b7d048baae", "b748ff3fcf567b0d53fe1feeede4f88168427e38b8473bcc03264ac8e0c86721", "da0bd85734cdbcd85debc29e899728fe67995b62b10c3d433246cbf85006cd82", "0350cbfc4ff5a579a459d6ceff060d5d157d30f20fb451a94d82166631f18066", "1e8ae5b358c8fcddc3e25758e2f49cb2b04ad661376022d9aaaa1aaecfb663c0"], "mitre_attack_tags": []}, {"bi": "cmd-exe-file-execution", "hashes": ["4cc637037c1f83181100f96402f254ce2bda39883588abf568a8d5bad2f4314e", "b267b1e0b3c64b88c9aa3b76b0ae2554612cc825490c7c34548be40ad77cb45a", "e08b7135304c934b96d5fa6ec1a73f94bbb45e77558caee1b937c3b7d048baae", "b748ff3fcf567b0d53fe1feeede4f88168427e38b8473bcc03264ac8e0c86721", "da0bd85734cdbcd85debc29e899728fe67995b62b10c3d433246cbf85006cd82", "0350cbfc4ff5a579a459d6ceff060d5d157d30f20fb451a94d82166631f18066"], "mitre_attack_tags": ["TA0002", "T1059"]}, {"bi": "pe-imports-toolhelp", "hashes": ["3ee249d38bcd7508c2312dcee9bf12168acfb0cb28065d51b4de0a5cd7699b57", "106f1d501242121b596cc520a89f0523397ced37435e8d4d81a5d57cc1f03714", "6b41117c6e33165b8ec66a7d30160c7f064f30bbf6bd21f117c7f016d5a0bad3", "0350cbfc4ff5a579a459d6ceff060d5d157d30f20fb451a94d82166631f18066", "32a994ef75ffd4d823dbc85c190ed550194069ae7bce1e27828787979163ebef", "1e8ae5b358c8fcddc3e25758e2f49cb2b04ad661376022d9aaaa1aaecfb663c0"], "mitre_attack_tags": ["TA0007", "T1057"]}, {"bi": "network-opendns-malicious", "hashes": ["4cc637037c1f83181100f96402f254ce2bda39883588abf568a8d5bad2f4314e", "b267b1e0b3c64b88c9aa3b76b0ae2554612cc825490c7c34548be40ad77cb45a", "e08b7135304c934b96d5fa6ec1a73f94bbb45e77558caee1b937c3b7d048baae", "b748ff3fcf567b0d53fe1feeede4f88168427e38b8473bcc03264ac8e0c86721", "da0bd85734cdbcd85debc29e899728fe67995b62b10c3d433246cbf85006cd82"], "mitre_attack_tags": []}, {"bi": "file-ini-read", "hashes": ["4cc637037c1f83181100f96402f254ce2bda39883588abf568a8d5bad2f4314e", "b267b1e0b3c64b88c9aa3b76b0ae2554612cc825490c7c34548be40ad77cb45a", "e08b7135304c934b96d5fa6ec1a73f94bbb45e77558caee1b937c3b7d048baae", "b748ff3fcf567b0d53fe1feeede4f88168427e38b8473bcc03264ac8e0c86721", "da0bd85734cdbcd85debc29e899728fe67995b62b10c3d433246cbf85006cd82"], "mitre_attack_tags": []}, {"bi": "deleted-submitted-file", "hashes": ["4cc637037c1f83181100f96402f254ce2bda39883588abf568a8d5bad2f4314e", "e08b7135304c934b96d5fa6ec1a73f94bbb45e77558caee1b937c3b7d048baae", "b748ff3fcf567b0d53fe1feeede4f88168427e38b8473bcc03264ac8e0c86721", "da0bd85734cdbcd85debc29e899728fe67995b62b10c3d433246cbf85006cd82", "0350cbfc4ff5a579a459d6ceff060d5d157d30f20fb451a94d82166631f18066"], "mitre_attack_tags": ["TA0005"]}, {"bi": "firefox-password-manager-local-database-access", "hashes": ["4cc637037c1f83181100f96402f254ce2bda39883588abf568a8d5bad2f4314e", "b267b1e0b3c64b88c9aa3b76b0ae2554612cc825490c7c34548be40ad77cb45a", "e08b7135304c934b96d5fa6ec1a73f94bbb45e77558caee1b937c3b7d048baae", "b748ff3fcf567b0d53fe1feeede4f88168427e38b8473bcc03264ac8e0c86721", "da0bd85734cdbcd85debc29e899728fe67995b62b10c3d433246cbf85006cd82"], "mitre_attack_tags": ["TA0006", "T1003"]}, {"bi": "enumeration-browser-information", "hashes": ["4cc637037c1f83181100f96402f254ce2bda39883588abf568a8d5bad2f4314e", "b267b1e0b3c64b88c9aa3b76b0ae2554612cc825490c7c34548be40ad77cb45a", "e08b7135304c934b96d5fa6ec1a73f94bbb45e77558caee1b937c3b7d048baae", "b748ff3fcf567b0d53fe1feeede4f88168427e38b8473bcc03264ac8e0c86721", "da0bd85734cdbcd85debc29e899728fe67995b62b10c3d433246cbf85006cd82"], "mitre_attack_tags": ["TA0007", "TA0009", "TA0006", "T1083", "T1217", "T1005", "T1119", "T1552", "T1539", "T1555"]}, {"bi": "compound-vb-self-delete", "hashes": ["4cc637037c1f83181100f96402f254ce2bda39883588abf568a8d5bad2f4314e", "e08b7135304c934b96d5fa6ec1a73f94bbb45e77558caee1b937c3b7d048baae", "b748ff3fcf567b0d53fe1feeede4f88168427e38b8473bcc03264ac8e0c86721", "da0bd85734cdbcd85debc29e899728fe67995b62b10c3d433246cbf85006cd82", "0350cbfc4ff5a579a459d6ceff060d5d157d30f20fb451a94d82166631f18066"], "mitre_attack_tags": []}, {"bi": "files-deleted-used-batch", "hashes": ["4cc637037c1f83181100f96402f254ce2bda39883588abf568a8d5bad2f4314e", "b267b1e0b3c64b88c9aa3b76b0ae2554612cc825490c7c34548be40ad77cb45a", "e08b7135304c934b96d5fa6ec1a73f94bbb45e77558caee1b937c3b7d048baae", "b748ff3fcf567b0d53fe1feeede4f88168427e38b8473bcc03264ac8e0c86721", "da0bd85734cdbcd85debc29e899728fe67995b62b10c3d433246cbf85006cd82"], "mitre_attack_tags": ["TA0005"]}, {"bi": "registry-login-info-guest-modified", "hashes": ["4cc637037c1f83181100f96402f254ce2bda39883588abf568a8d5bad2f4314e", "b267b1e0b3c64b88c9aa3b76b0ae2554612cc825490c7c34548be40ad77cb45a", "e08b7135304c934b96d5fa6ec1a73f94bbb45e77558caee1b937c3b7d048baae", "b748ff3fcf567b0d53fe1feeede4f88168427e38b8473bcc03264ac8e0c86721", "da0bd85734cdbcd85debc29e899728fe67995b62b10c3d433246cbf85006cd82"], "mitre_attack_tags": ["TA0005", "TA0003", "T1112", "T1098"]}, {"bi": "malware-fareit-file-activity", "hashes": ["4cc637037c1f83181100f96402f254ce2bda39883588abf568a8d5bad2f4314e", "b267b1e0b3c64b88c9aa3b76b0ae2554612cc825490c7c34548be40ad77cb45a", "e08b7135304c934b96d5fa6ec1a73f94bbb45e77558caee1b937c3b7d048baae", "b748ff3fcf567b0d53fe1feeede4f88168427e38b8473bcc03264ac8e0c86721", "da0bd85734cdbcd85debc29e899728fe67995b62b10c3d433246cbf85006cd82"], "mitre_attack_tags": []}, {"bi": "registry-login-info-modified", "hashes": ["4cc637037c1f83181100f96402f254ce2bda39883588abf568a8d5bad2f4314e", "b267b1e0b3c64b88c9aa3b76b0ae2554612cc825490c7c34548be40ad77cb45a", "e08b7135304c934b96d5fa6ec1a73f94bbb45e77558caee1b937c3b7d048baae", "b748ff3fcf567b0d53fe1feeede4f88168427e38b8473bcc03264ac8e0c86721", "da0bd85734cdbcd85debc29e899728fe67995b62b10c3d433246cbf85006cd82"], "mitre_attack_tags": ["TA0005", "TA0003", "T1112", "T1098"]}, {"bi": "registry-created-user", "hashes": ["4cc637037c1f83181100f96402f254ce2bda39883588abf568a8d5bad2f4314e", "b267b1e0b3c64b88c9aa3b76b0ae2554612cc825490c7c34548be40ad77cb45a", "e08b7135304c934b96d5fa6ec1a73f94bbb45e77558caee1b937c3b7d048baae", "b748ff3fcf567b0d53fe1feeede4f88168427e38b8473bcc03264ac8e0c86721", "da0bd85734cdbcd85debc29e899728fe67995b62b10c3d433246cbf85006cd82"], "mitre_attack_tags": ["TA0005", "TA0003", "T1112", "T1098"]}, {"bi": "malware-generic-infostealer", "hashes": ["4cc637037c1f83181100f96402f254ce2bda39883588abf568a8d5bad2f4314e", "b267b1e0b3c64b88c9aa3b76b0ae2554612cc825490c7c34548be40ad77cb45a", "e08b7135304c934b96d5fa6ec1a73f94bbb45e77558caee1b937c3b7d048baae", "b748ff3fcf567b0d53fe1feeede4f88168427e38b8473bcc03264ac8e0c86721", "da0bd85734cdbcd85debc29e899728fe67995b62b10c3d433246cbf85006cd82"], "mitre_attack_tags": ["TA0007", "TA0009", "TA0006", "T1083", "T1005", "T1119", "T1552"]}, {"bi": "enumeration-email-program-information", "hashes": ["4cc637037c1f83181100f96402f254ce2bda39883588abf568a8d5bad2f4314e", "b267b1e0b3c64b88c9aa3b76b0ae2554612cc825490c7c34548be40ad77cb45a", "e08b7135304c934b96d5fa6ec1a73f94bbb45e77558caee1b937c3b7d048baae", "b748ff3fcf567b0d53fe1feeede4f88168427e38b8473bcc03264ac8e0c86721", "da0bd85734cdbcd85debc29e899728fe67995b62b10c3d433246cbf85006cd82"], "mitre_attack_tags": ["TA0007", "TA0009", "TA0006", "T1083", "T1087", "T1005", "T1119", "T1114", "T1552"]}, {"bi": "enumeration-ftp-program-information", "hashes": ["4cc637037c1f83181100f96402f254ce2bda39883588abf568a8d5bad2f4314e", "b267b1e0b3c64b88c9aa3b76b0ae2554612cc825490c7c34548be40ad77cb45a", "e08b7135304c934b96d5fa6ec1a73f94bbb45e77558caee1b937c3b7d048baae", "b748ff3fcf567b0d53fe1feeede4f88168427e38b8473bcc03264ac8e0c86721", "da0bd85734cdbcd85debc29e899728fe67995b62b10c3d433246cbf85006cd82"], "mitre_attack_tags": ["TA0007", "TA0009", "TA0006", "T1083", "T1005", "T1119", "T1552", "T1555"]}, {"bi": "antivirus-flagged-artifact", "hashes": ["3ee249d38bcd7508c2312dcee9bf12168acfb0cb28065d51b4de0a5cd7699b57", "106f1d501242121b596cc520a89f0523397ced37435e8d4d81a5d57cc1f03714", "6b41117c6e33165b8ec66a7d30160c7f064f30bbf6bd21f117c7f016d5a0bad3", "0350cbfc4ff5a579a459d6ceff060d5d157d30f20fb451a94d82166631f18066", "1e8ae5b358c8fcddc3e25758e2f49cb2b04ad661376022d9aaaa1aaecfb663c0"], "mitre_attack_tags": []}, {"bi": "modified-executable", "hashes": ["3ee249d38bcd7508c2312dcee9bf12168acfb0cb28065d51b4de0a5cd7699b57", "106f1d501242121b596cc520a89f0523397ced37435e8d4d81a5d57cc1f03714", "b267b1e0b3c64b88c9aa3b76b0ae2554612cc825490c7c34548be40ad77cb45a", "0350cbfc4ff5a579a459d6ceff060d5d157d30f20fb451a94d82166631f18066", "1e8ae5b358c8fcddc3e25758e2f49cb2b04ad661376022d9aaaa1aaecfb663c0"], "mitre_attack_tags": []}, {"bi": "created-executable-in-user-dir", "hashes": ["3ee249d38bcd7508c2312dcee9bf12168acfb0cb28065d51b4de0a5cd7699b57", "106f1d501242121b596cc520a89f0523397ced37435e8d4d81a5d57cc1f03714", "b267b1e0b3c64b88c9aa3b76b0ae2554612cc825490c7c34548be40ad77cb45a", "0350cbfc4ff5a579a459d6ceff060d5d157d30f20fb451a94d82166631f18066", "1e8ae5b358c8fcddc3e25758e2f49cb2b04ad661376022d9aaaa1aaecfb663c0"], "mitre_attack_tags": []}, {"bi": "registry-autorun-key-modified", "hashes": ["3ee249d38bcd7508c2312dcee9bf12168acfb0cb28065d51b4de0a5cd7699b57", "106f1d501242121b596cc520a89f0523397ced37435e8d4d81a5d57cc1f03714", "b267b1e0b3c64b88c9aa3b76b0ae2554612cc825490c7c34548be40ad77cb45a", "0350cbfc4ff5a579a459d6ceff060d5d157d30f20fb451a94d82166631f18066", "1e8ae5b358c8fcddc3e25758e2f49cb2b04ad661376022d9aaaa1aaecfb663c0"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "process-long-cmdline", "hashes": ["4cc637037c1f83181100f96402f254ce2bda39883588abf568a8d5bad2f4314e", "e08b7135304c934b96d5fa6ec1a73f94bbb45e77558caee1b937c3b7d048baae", "b748ff3fcf567b0d53fe1feeede4f88168427e38b8473bcc03264ac8e0c86721", "da0bd85734cdbcd85debc29e899728fe67995b62b10c3d433246cbf85006cd82"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "altered-sample-dns-flagged", "hashes": ["4cc637037c1f83181100f96402f254ce2bda39883588abf568a8d5bad2f4314e", "e08b7135304c934b96d5fa6ec1a73f94bbb45e77558caee1b937c3b7d048baae", "b748ff3fcf567b0d53fe1feeede4f88168427e38b8473bcc03264ac8e0c86721", "da0bd85734cdbcd85debc29e899728fe67995b62b10c3d433246cbf85006cd82"], "mitre_attack_tags": ["TA0011", "T1102"]}, {"bi": "registry-autorun-key-data-dir", "hashes": ["3ee249d38bcd7508c2312dcee9bf12168acfb0cb28065d51b4de0a5cd7699b57", "106f1d501242121b596cc520a89f0523397ced37435e8d4d81a5d57cc1f03714", "0350cbfc4ff5a579a459d6ceff060d5d157d30f20fb451a94d82166631f18066", "1e8ae5b358c8fcddc3e25758e2f49cb2b04ad661376022d9aaaa1aaecfb663c0"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "created-executable-sample-appdata", "hashes": ["3ee249d38bcd7508c2312dcee9bf12168acfb0cb28065d51b4de0a5cd7699b57", "106f1d501242121b596cc520a89f0523397ced37435e8d4d81a5d57cc1f03714", "0350cbfc4ff5a579a459d6ceff060d5d157d30f20fb451a94d82166631f18066", "1e8ae5b358c8fcddc3e25758e2f49cb2b04ad661376022d9aaaa1aaecfb663c0"], "mitre_attack_tags": ["TA0005", "T1564"]}, {"bi": "unsigned-roaming-execution", "hashes": ["3ee249d38bcd7508c2312dcee9bf12168acfb0cb28065d51b4de0a5cd7699b57", "0350cbfc4ff5a579a459d6ceff060d5d157d30f20fb451a94d82166631f18066", "1e8ae5b358c8fcddc3e25758e2f49cb2b04ad661376022d9aaaa1aaecfb663c0"], "mitre_attack_tags": ["TA0005"]}, {"bi": "feed-domain-antivirus-service", "hashes": ["6b41117c6e33165b8ec66a7d30160c7f064f30bbf6bd21f117c7f016d5a0bad3", "4002487bcf5cc47ef93f8c28d48317df97a3ace3d956e4eb7eab11e5b732b194", "a1d387233338d48539c3e00ac93eb7c527078ff14c3d14d5010a4c54a1a7e33a"], "mitre_attack_tags": []}, {"bi": "registry-activesetup-key-modified", "hashes": ["3ee249d38bcd7508c2312dcee9bf12168acfb0cb28065d51b4de0a5cd7699b57", "1e8ae5b358c8fcddc3e25758e2f49cb2b04ad661376022d9aaaa1aaecfb663c0"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "network-fast-flux-domain", "hashes": ["b267b1e0b3c64b88c9aa3b76b0ae2554612cc825490c7c34548be40ad77cb45a", "6b41117c6e33165b8ec66a7d30160c7f064f30bbf6bd21f117c7f016d5a0bad3"], "mitre_attack_tags": []}, {"bi": "process-windows-script-launched", "hashes": ["b267b1e0b3c64b88c9aa3b76b0ae2554612cc825490c7c34548be40ad77cb45a", "0350cbfc4ff5a579a459d6ceff060d5d157d30f20fb451a94d82166631f18066"], "mitre_attack_tags": ["TA0002", "T1059"]}, {"bi": "hook-installed", "hashes": ["6b41117c6e33165b8ec66a7d30160c7f064f30bbf6bd21f117c7f016d5a0bad3", "0350cbfc4ff5a579a459d6ceff060d5d157d30f20fb451a94d82166631f18066"], "mitre_attack_tags": ["TA0009", "TA0006", "T1056"]}, {"bi": "pe-uses-armadillo", "hashes": ["6b41117c6e33165b8ec66a7d30160c7f064f30bbf6bd21f117c7f016d5a0bad3", "0350cbfc4ff5a579a459d6ceff060d5d157d30f20fb451a94d82166631f18066"], "mitre_attack_tags": ["TA0005", "TA0007", "T1027"]}, {"bi": "network-dns-category-dynamic", "hashes": ["6b41117c6e33165b8ec66a7d30160c7f064f30bbf6bd21f117c7f016d5a0bad3", "0350cbfc4ff5a579a459d6ceff060d5d157d30f20fb451a94d82166631f18066"], "mitre_attack_tags": []}, {"bi": "malware-known-trojan-av", "hashes": ["6b41117c6e33165b8ec66a7d30160c7f064f30bbf6bd21f117c7f016d5a0bad3", "0350cbfc4ff5a579a459d6ceff060d5d157d30f20fb451a94d82166631f18066"], "mitre_attack_tags": []}, {"bi": "malware-remcos-mutex", "hashes": ["6b41117c6e33165b8ec66a7d30160c7f064f30bbf6bd21f117c7f016d5a0bad3", "0350cbfc4ff5a579a459d6ceff060d5d157d30f20fb451a94d82166631f18066"], "mitre_attack_tags": []}, {"bi": "malware-remcos-path", "hashes": ["6b41117c6e33165b8ec66a7d30160c7f064f30bbf6bd21f117c7f016d5a0bad3", "0350cbfc4ff5a579a459d6ceff060d5d157d30f20fb451a94d82166631f18066"], "mitre_attack_tags": []}, {"bi": "malware-remcos-registry", "hashes": ["6b41117c6e33165b8ec66a7d30160c7f064f30bbf6bd21f117c7f016d5a0bad3", "0350cbfc4ff5a579a459d6ceff060d5d157d30f20fb451a94d82166631f18066"], "mitre_attack_tags": ["TA0009", "TA0006", "TA0011", "T1056", "T1113", "T1125", "T1123", "T1105"]}, {"bi": "dns-query-nxdomain", "hashes": ["4002487bcf5cc47ef93f8c28d48317df97a3ace3d956e4eb7eab11e5b732b194", "a1d387233338d48539c3e00ac93eb7c527078ff14c3d14d5010a4c54a1a7e33a"], "mitre_attack_tags": []}, {"bi": "netbios-query", "hashes": ["4002487bcf5cc47ef93f8c28d48317df97a3ace3d956e4eb7eab11e5b732b194", "a1d387233338d48539c3e00ac93eb7c527078ff14c3d14d5010a4c54a1a7e33a"], "mitre_attack_tags": ["TA0007", "T1016"]}, {"bi": "malware-azorult-mutex-detected", "hashes": ["4002487bcf5cc47ef93f8c28d48317df97a3ace3d956e4eb7eab11e5b732b194", "a1d387233338d48539c3e00ac93eb7c527078ff14c3d14d5010a4c54a1a7e33a"], "mitre_attack_tags": []}, {"bi": "process-requested-named-pipe", "hashes": ["106f1d501242121b596cc520a89f0523397ced37435e8d4d81a5d57cc1f03714"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "excessive-sample-duplication", "hashes": ["106f1d501242121b596cc520a89f0523397ced37435e8d4d81a5d57cc1f03714"], "mitre_attack_tags": ["TA0005", "TA0003"]}, {"bi": "modified-file-on-usb", "hashes": ["106f1d501242121b596cc520a89f0523397ced37435e8d4d81a5d57cc1f03714"], "mitre_attack_tags": ["TA0011", "T1092"]}, {"bi": "startup-folder-modification", "hashes": ["106f1d501242121b596cc520a89f0523397ced37435e8d4d81a5d57cc1f03714"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "file-ini-modified", "hashes": ["106f1d501242121b596cc520a89f0523397ced37435e8d4d81a5d57cc1f03714"], "mitre_attack_tags": ["TA0003"]}, {"bi": "malware-generic-ransomware-entropy", "hashes": ["106f1d501242121b596cc520a89f0523397ced37435e8d4d81a5d57cc1f03714"], "mitre_attack_tags": []}, {"bi": "recycler-file-creation", "hashes": ["106f1d501242121b596cc520a89f0523397ced37435e8d4d81a5d57cc1f03714"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "malware-generic-ransomware", "hashes": ["106f1d501242121b596cc520a89f0523397ced37435e8d4d81a5d57cc1f03714"], "mitre_attack_tags": []}, {"bi": "recycler-exe-artifact", "hashes": ["106f1d501242121b596cc520a89f0523397ced37435e8d4d81a5d57cc1f03714"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "malware-ransomware-phobos-mutex", "hashes": ["106f1d501242121b596cc520a89f0523397ced37435e8d4d81a5d57cc1f03714"], "mitre_attack_tags": []}, {"bi": "recycler-exe-creation", "hashes": ["106f1d501242121b596cc520a89f0523397ced37435e8d4d81a5d57cc1f03714"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "process-deletes-many-files", "hashes": ["106f1d501242121b596cc520a89f0523397ced37435e8d4d81a5d57cc1f03714"], "mitre_attack_tags": []}, {"bi": "artifact-flagged-obfuscation", "hashes": ["b267b1e0b3c64b88c9aa3b76b0ae2554612cc825490c7c34548be40ad77cb45a"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "nginx-webserver-detected", "hashes": ["b267b1e0b3c64b88c9aa3b76b0ae2554612cc825490c7c34548be40ad77cb45a"], "mitre_attack_tags": []}, {"bi": "network-communications-http-get", "hashes": ["b267b1e0b3c64b88c9aa3b76b0ae2554612cc825490c7c34548be40ad77cb45a"], "mitre_attack_tags": ["TA0011", "T1105"]}, {"bi": "network-dns-malicious-snort", "hashes": ["b267b1e0b3c64b88c9aa3b76b0ae2554612cc825490c7c34548be40ad77cb45a"], "mitre_attack_tags": ["TA0011", "T1102"]}, {"bi": "network-snort-malware", "hashes": ["b267b1e0b3c64b88c9aa3b76b0ae2554612cc825490c7c34548be40ad77cb45a"], "mitre_attack_tags": []}, {"bi": "suspicious-user-agent", "hashes": ["b267b1e0b3c64b88c9aa3b76b0ae2554612cc825490c7c34548be40ad77cb45a"], "mitre_attack_tags": ["TA0011", "T1071"]}, {"bi": "files-created-vbs", "hashes": ["b267b1e0b3c64b88c9aa3b76b0ae2554612cc825490c7c34548be40ad77cb45a"], "mitre_attack_tags": ["TA0002", "T1059"]}, {"bi": "vbs-calls-shell", "hashes": ["b267b1e0b3c64b88c9aa3b76b0ae2554612cc825490c7c34548be40ad77cb45a"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "http-response-redirect", "hashes": ["b267b1e0b3c64b88c9aa3b76b0ae2554612cc825490c7c34548be40ad77cb45a"], "mitre_attack_tags": []}, {"bi": "feed-domain-rat", "hashes": ["6b41117c6e33165b8ec66a7d30160c7f064f30bbf6bd21f117c7f016d5a0bad3"], "mitre_attack_tags": []}, {"bi": "excessive-foreign-memory-modification", "hashes": ["6b41117c6e33165b8ec66a7d30160c7f064f30bbf6bd21f117c7f016d5a0bad3"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "process-hollowing-detected", "hashes": ["6b41117c6e33165b8ec66a7d30160c7f064f30bbf6bd21f117c7f016d5a0bad3"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "files-deleted-used-vbs", "hashes": ["0350cbfc4ff5a579a459d6ceff060d5d157d30f20fb451a94d82166631f18066"], "mitre_attack_tags": ["TA0005"]}, {"bi": "imports-IsDebuggerPresent", "hashes": ["32a994ef75ffd4d823dbc85c190ed550194069ae7bce1e27828787979163ebef"], "mitre_attack_tags": ["TA0005", "TA0007"]}, {"bi": "malware-trojan-revengerat-mutex-detected", "hashes": ["32a994ef75ffd4d823dbc85c190ed550194069ae7bce1e27828787979163ebef"], "mitre_attack_tags": []}], "category": "Dropper", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": true, "Threat Grid": true, "Umbrella": true, "WSA": true}, "description": "Remcos is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes, interact with a webcam, and capture screenshots. This malware is commonly delivered through Microsoft Office documents with macros, sent as attachments on malicious emails.", "hashes": ["0350cbfc4ff5a579a459d6ceff060d5d157d30f20fb451a94d82166631f18066", "106f1d501242121b596cc520a89f0523397ced37435e8d4d81a5d57cc1f03714", "1e8ae5b358c8fcddc3e25758e2f49cb2b04ad661376022d9aaaa1aaecfb663c0", "2a32b8c6cbdb61fd362baeab2cb9aa210dc51c6880656c14b9b36c50766582d2", "2c1d66b0c4fab913bdbf03ddd3531a42963ac9ab30786ba67b25bca9bf703e95", "2dbedfaf6e8b284906dc6545d481179baecde8b6e9e45dde980a0f2867288978", "32a994ef75ffd4d823dbc85c190ed550194069ae7bce1e27828787979163ebef", "3ee249d38bcd7508c2312dcee9bf12168acfb0cb28065d51b4de0a5cd7699b57", "4002487bcf5cc47ef93f8c28d48317df97a3ace3d956e4eb7eab11e5b732b194", "4cc637037c1f83181100f96402f254ce2bda39883588abf568a8d5bad2f4314e", "570532881997d16da4d18b37254530c7b501d4d91569d378234e636b1bfa3cf5", "6b41117c6e33165b8ec66a7d30160c7f064f30bbf6bd21f117c7f016d5a0bad3", "73cdc18ea1c2aa331faa0ba95fa505b4cd5e53f8229cff6aa9811f19099b84ef", "801b7cf336dc0f2d9dc8230f512482953f8286675a996416087edeb5cf005883", "8ea21f50c905a9dc0d76f2548961deb079607ee8af7bf8d1c54bc3bf2e794cc8", "a1d387233338d48539c3e00ac93eb7c527078ff14c3d14d5010a4c54a1a7e33a", "b267b1e0b3c64b88c9aa3b76b0ae2554612cc825490c7c34548be40ad77cb45a", "b748ff3fcf567b0d53fe1feeede4f88168427e38b8473bcc03264ac8e0c86721", "da0bd85734cdbcd85debc29e899728fe67995b62b10c3d433246cbf85006cd82", "df05fa9eb29122af6c45f533a41fbd33d22500c1107d2d3a8b368fa8f68a11e4", "e08b7135304c934b96d5fa6ec1a73f94bbb45e77558caee1b937c3b7d048baae"], "iocs": {"domain": [{"hashes": ["4cc637037c1f83181100f96402f254ce2bda39883588abf568a8d5bad2f4314e", "b748ff3fcf567b0d53fe1feeede4f88168427e38b8473bcc03264ac8e0c86721", "da0bd85734cdbcd85debc29e899728fe67995b62b10c3d433246cbf85006cd82", "e08b7135304c934b96d5fa6ec1a73f94bbb45e77558caee1b937c3b7d048baae"], "host": "onlygoodam[.]com"}, {"hashes": ["0350cbfc4ff5a579a459d6ceff060d5d157d30f20fb451a94d82166631f18066"], "host": "adiill0053[.]ddns[.]net"}, {"hashes": ["b267b1e0b3c64b88c9aa3b76b0ae2554612cc825490c7c34548be40ad77cb45a"], "host": "manerck[.]com"}, {"hashes": ["4002487bcf5cc47ef93f8c28d48317df97a3ace3d956e4eb7eab11e5b732b194"], "host": "fuckusa[.]info"}, {"hashes": ["a1d387233338d48539c3e00ac93eb7c527078ff14c3d14d5010a4c54a1a7e33a"], "host": "werfcdxv[.]ru"}, {"hashes": ["6b41117c6e33165b8ec66a7d30160c7f064f30bbf6bd21f117c7f016d5a0bad3"], "host": "maccfund[.]duckdns[.]org"}], "file": [{"hashes": ["4cc637037c1f83181100f96402f254ce2bda39883588abf568a8d5bad2f4314e", "b267b1e0b3c64b88c9aa3b76b0ae2554612cc825490c7c34548be40ad77cb45a", "b748ff3fcf567b0d53fe1feeede4f88168427e38b8473bcc03264ac8e0c86721", "da0bd85734cdbcd85debc29e899728fe67995b62b10c3d433246cbf85006cd82", "e08b7135304c934b96d5fa6ec1a73f94bbb45e77558caee1b937c3b7d048baae"], "path": "%TEMP%\\-<random, matching '[0-9]{9}'>.bat"}, {"hashes": ["1e8ae5b358c8fcddc3e25758e2f49cb2b04ad661376022d9aaaa1aaecfb663c0", "3ee249d38bcd7508c2312dcee9bf12168acfb0cb28065d51b4de0a5cd7699b57"], "path": "%APPDATA%\\Install\\Host.exe"}, {"hashes": ["106f1d501242121b596cc520a89f0523397ced37435e8d4d81a5d57cc1f03714"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\desktop.ini.id[98B68E3C-2275].[checkcheck07@qq.com].Adame"}, {"hashes": ["106f1d501242121b596cc520a89f0523397ced37435e8d4d81a5d57cc1f03714"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$I62TWBD.ppt.id[98B68E3C-2275].[checkcheck07@qq.com].Adame"}, {"hashes": ["106f1d501242121b596cc520a89f0523397ced37435e8d4d81a5d57cc1f03714"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$I6FGW9N.exe.id[98B68E3C-2275].[checkcheck07@qq.com].Adame"}, {"hashes": ["106f1d501242121b596cc520a89f0523397ced37435e8d4d81a5d57cc1f03714"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$I6FZORX.doc.id[98B68E3C-2275].[checkcheck07@qq.com].Adame"}, {"hashes": ["106f1d501242121b596cc520a89f0523397ced37435e8d4d81a5d57cc1f03714"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$IABMX83.pdf.id[98B68E3C-2275].[checkcheck07@qq.com].Adame"}, {"hashes": ["106f1d501242121b596cc520a89f0523397ced37435e8d4d81a5d57cc1f03714"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$IAJ2Y6R.pdf.id[98B68E3C-2275].[checkcheck07@qq.com].Adame"}, {"hashes": ["106f1d501242121b596cc520a89f0523397ced37435e8d4d81a5d57cc1f03714"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$IALGTCS.xlsx.id[98B68E3C-2275].[checkcheck07@qq.com].Adame"}, {"hashes": ["106f1d501242121b596cc520a89f0523397ced37435e8d4d81a5d57cc1f03714"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$IAPSNOM.tsv.id[98B68E3C-2275].[checkcheck07@qq.com].Adame"}, {"hashes": ["106f1d501242121b596cc520a89f0523397ced37435e8d4d81a5d57cc1f03714"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$IGORSF7.xsn.id[98B68E3C-2275].[checkcheck07@qq.com].Adame"}, {"hashes": ["106f1d501242121b596cc520a89f0523397ced37435e8d4d81a5d57cc1f03714"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$IGTBBSA.accdb.id[98B68E3C-2275].[checkcheck07@qq.com].Adame"}, {"hashes": ["106f1d501242121b596cc520a89f0523397ced37435e8d4d81a5d57cc1f03714"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$IH49RPF.ppt.id[98B68E3C-2275].[checkcheck07@qq.com].Adame"}, {"hashes": ["106f1d501242121b596cc520a89f0523397ced37435e8d4d81a5d57cc1f03714"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$IH71GGR.ppt.id[98B68E3C-2275].[checkcheck07@qq.com].Adame"}, {"hashes": ["106f1d501242121b596cc520a89f0523397ced37435e8d4d81a5d57cc1f03714"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$IJKODPH.pdf.id[98B68E3C-2275].[checkcheck07@qq.com].Adame"}, {"hashes": ["106f1d501242121b596cc520a89f0523397ced37435e8d4d81a5d57cc1f03714"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$IJP965K.accdb.id[98B68E3C-2275].[checkcheck07@qq.com].Adame"}, {"hashes": ["106f1d501242121b596cc520a89f0523397ced37435e8d4d81a5d57cc1f03714"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$IKY5R3M.pdf.id[98B68E3C-2275].[checkcheck07@qq.com].Adame"}, {"hashes": ["106f1d501242121b596cc520a89f0523397ced37435e8d4d81a5d57cc1f03714"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$IMYCSIT.pdf.id[98B68E3C-2275].[checkcheck07@qq.com].Adame"}, {"hashes": ["106f1d501242121b596cc520a89f0523397ced37435e8d4d81a5d57cc1f03714"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$ISLP722.doc.id[98B68E3C-2275].[checkcheck07@qq.com].Adame"}, {"hashes": ["106f1d501242121b596cc520a89f0523397ced37435e8d4d81a5d57cc1f03714"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$IXLC77A.pdf.id[98B68E3C-2275].[checkcheck07@qq.com].Adame"}, {"hashes": ["106f1d501242121b596cc520a89f0523397ced37435e8d4d81a5d57cc1f03714"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$IXUL2U1.doc.id[98B68E3C-2275].[checkcheck07@qq.com].Adame"}, {"hashes": ["106f1d501242121b596cc520a89f0523397ced37435e8d4d81a5d57cc1f03714"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$IYSR1FU.ppt.id[98B68E3C-2275].[checkcheck07@qq.com].Adame"}, {"hashes": ["106f1d501242121b596cc520a89f0523397ced37435e8d4d81a5d57cc1f03714"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$IZ2GMJW.XLSX.id[98B68E3C-2275].[checkcheck07@qq.com].Adame"}, {"hashes": ["106f1d501242121b596cc520a89f0523397ced37435e8d4d81a5d57cc1f03714"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$R08BO8F.xlsx.id[98B68E3C-2275].[checkcheck07@qq.com].Adame"}, {"hashes": ["106f1d501242121b596cc520a89f0523397ced37435e8d4d81a5d57cc1f03714"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$R11KHR4.doc.id[98B68E3C-2275].[checkcheck07@qq.com].Adame"}, {"hashes": ["106f1d501242121b596cc520a89f0523397ced37435e8d4d81a5d57cc1f03714"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$R5QKHLN.doc.id[98B68E3C-2275].[checkcheck07@qq.com].Adame"}, {"hashes": ["106f1d501242121b596cc520a89f0523397ced37435e8d4d81a5d57cc1f03714"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$R62TWBD.ppt.id[98B68E3C-2275].[checkcheck07@qq.com].Adame"}, {"hashes": ["106f1d501242121b596cc520a89f0523397ced37435e8d4d81a5d57cc1f03714"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$R6FGW9N.exe.id[98B68E3C-2275].[checkcheck07@qq.com].Adame"}, {"hashes": ["106f1d501242121b596cc520a89f0523397ced37435e8d4d81a5d57cc1f03714"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$R6FZORX.doc.id[98B68E3C-2275].[checkcheck07@qq.com].Adame"}, {"hashes": ["106f1d501242121b596cc520a89f0523397ced37435e8d4d81a5d57cc1f03714"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$RABMX83.pdf.id[98B68E3C-2275].[checkcheck07@qq.com].Adame"}, {"hashes": ["106f1d501242121b596cc520a89f0523397ced37435e8d4d81a5d57cc1f03714"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$RAJ2Y6R.pdf.id[98B68E3C-2275].[checkcheck07@qq.com].Adame"}, {"hashes": ["106f1d501242121b596cc520a89f0523397ced37435e8d4d81a5d57cc1f03714"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$RALGTCS.xlsx.id[98B68E3C-2275].[checkcheck07@qq.com].Adame"}, {"hashes": ["106f1d501242121b596cc520a89f0523397ced37435e8d4d81a5d57cc1f03714"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$RAPSNOM.tsv.id[98B68E3C-2275].[checkcheck07@qq.com].Adame"}, {"hashes": ["106f1d501242121b596cc520a89f0523397ced37435e8d4d81a5d57cc1f03714"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$RGORSF7.xsn.id[98B68E3C-2275].[checkcheck07@qq.com].Adame"}, {"hashes": ["106f1d501242121b596cc520a89f0523397ced37435e8d4d81a5d57cc1f03714"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$RGTBBSA.accdb.id[98B68E3C-2275].[checkcheck07@qq.com].Adame"}, {"hashes": ["106f1d501242121b596cc520a89f0523397ced37435e8d4d81a5d57cc1f03714"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$RH49RPF.ppt.id[98B68E3C-2275].[checkcheck07@qq.com].Adame"}, {"hashes": ["106f1d501242121b596cc520a89f0523397ced37435e8d4d81a5d57cc1f03714"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$RJKODPH.pdf.id[98B68E3C-2275].[checkcheck07@qq.com].Adame"}, {"hashes": ["106f1d501242121b596cc520a89f0523397ced37435e8d4d81a5d57cc1f03714"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$RJP965K.accdb.id[98B68E3C-2275].[checkcheck07@qq.com].Adame"}, {"hashes": ["106f1d501242121b596cc520a89f0523397ced37435e8d4d81a5d57cc1f03714"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$RKY5R3M.pdf.id[98B68E3C-2275].[checkcheck07@qq.com].Adame"}, {"hashes": ["106f1d501242121b596cc520a89f0523397ced37435e8d4d81a5d57cc1f03714"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$RMYCSIT.pdf.id[98B68E3C-2275].[checkcheck07@qq.com].Adame"}, {"hashes": ["106f1d501242121b596cc520a89f0523397ced37435e8d4d81a5d57cc1f03714"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$RSLP722.doc.id[98B68E3C-2275].[checkcheck07@qq.com].Adame"}, {"hashes": ["106f1d501242121b596cc520a89f0523397ced37435e8d4d81a5d57cc1f03714"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$RXLC77A.pdf.id[98B68E3C-2275].[checkcheck07@qq.com].Adame"}, {"hashes": ["106f1d501242121b596cc520a89f0523397ced37435e8d4d81a5d57cc1f03714"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$RXUL2U1.doc.id[98B68E3C-2275].[checkcheck07@qq.com].Adame"}, {"hashes": ["106f1d501242121b596cc520a89f0523397ced37435e8d4d81a5d57cc1f03714"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$RYSR1FU.ppt.id[98B68E3C-2275].[checkcheck07@qq.com].Adame"}, {"hashes": ["106f1d501242121b596cc520a89f0523397ced37435e8d4d81a5d57cc1f03714"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$RZ2GMJW.XLSX.id[98B68E3C-2275].[checkcheck07@qq.com].Adame"}, {"hashes": ["106f1d501242121b596cc520a89f0523397ced37435e8d4d81a5d57cc1f03714"], "path": "%LOCALAPPDATA%\\106f1d501242121b596cc520a89f0523397ced37435e8d4d81a5d57cc1f03714.exe"}, {"hashes": ["106f1d501242121b596cc520a89f0523397ced37435e8d4d81a5d57cc1f03714"], "path": "%ProgramData%\\microsoft\\windows\\start menu\\programs\\startup\\106f1d501242121b596cc520a89f0523397ced37435e8d4d81a5d57cc1f03714.exe"}, {"hashes": ["106f1d501242121b596cc520a89f0523397ced37435e8d4d81a5d57cc1f03714"], "path": "%APPDATA%\\microsoft\\windows\\start menu\\programs\\startup\\106f1d501242121b596cc520a89f0523397ced37435e8d4d81a5d57cc1f03714.exe"}, {"hashes": ["b267b1e0b3c64b88c9aa3b76b0ae2554612cc825490c7c34548be40ad77cb45a"], "path": "%HOMEPATH%\\subfolder\\asdfg.exe"}, {"hashes": ["b267b1e0b3c64b88c9aa3b76b0ae2554612cc825490c7c34548be40ad77cb45a"], "path": "%HOMEPATH%\\subfolder\\asdfg.vbs"}], "ip": [{"hashes": ["4cc637037c1f83181100f96402f254ce2bda39883588abf568a8d5bad2f4314e", "b748ff3fcf567b0d53fe1feeede4f88168427e38b8473bcc03264ac8e0c86721", "da0bd85734cdbcd85debc29e899728fe67995b62b10c3d433246cbf85006cd82", "e08b7135304c934b96d5fa6ec1a73f94bbb45e77558caee1b937c3b7d048baae"], "ip": "38[.]26[.]191[.]78"}, {"hashes": ["1e8ae5b358c8fcddc3e25758e2f49cb2b04ad661376022d9aaaa1aaecfb663c0"], "ip": "79[.]134[.]225[.]120"}, {"hashes": ["3ee249d38bcd7508c2312dcee9bf12168acfb0cb28065d51b4de0a5cd7699b57"], "ip": "185[.]165[.]153[.]221"}, {"hashes": ["b267b1e0b3c64b88c9aa3b76b0ae2554612cc825490c7c34548be40ad77cb45a"], "ip": "35[.]205[.]61[.]67"}, {"hashes": ["32a994ef75ffd4d823dbc85c190ed550194069ae7bce1e27828787979163ebef"], "ip": "185[.]165[.]153[.]29"}, {"hashes": ["6b41117c6e33165b8ec66a7d30160c7f064f30bbf6bd21f117c7f016d5a0bad3"], "ip": "172[.]82[.]128[.]240"}], "mutex": [{"hashes": ["1e8ae5b358c8fcddc3e25758e2f49cb2b04ad661376022d9aaaa1aaecfb663c0", "3ee249d38bcd7508c2312dcee9bf12168acfb0cb28065d51b4de0a5cd7699b57"], "name": "-"}, {"hashes": ["4002487bcf5cc47ef93f8c28d48317df97a3ace3d956e4eb7eab11e5b732b194", "a1d387233338d48539c3e00ac93eb7c527078ff14c3d14d5010a4c54a1a7e33a"], "name": "A16467FA7-343A2EC6-F2351354-B9A74ACF-1DC8406A"}, {"hashes": ["6b41117c6e33165b8ec66a7d30160c7f064f30bbf6bd21f117c7f016d5a0bad3"], "name": "Remcos_Mutex_Inj"}, {"hashes": ["32a994ef75ffd4d823dbc85c190ed550194069ae7bce1e27828787979163ebef"], "name": "RV_MUTEX"}, {"hashes": ["106f1d501242121b596cc520a89f0523397ced37435e8d4d81a5d57cc1f03714"], "name": "Global\\<<BID>>98B68E3C00000000"}, {"hashes": ["106f1d501242121b596cc520a89f0523397ced37435e8d4d81a5d57cc1f03714"], "name": "Global\\<<BID>>98B68E3C00000001"}, {"hashes": ["0350cbfc4ff5a579a459d6ceff060d5d157d30f20fb451a94d82166631f18066"], "name": "hpsupporta-PTVD52"}, {"hashes": ["6b41117c6e33165b8ec66a7d30160c7f064f30bbf6bd21f117c7f016d5a0bad3"], "name": "Remcos-7AHD4U"}], "registry": [{"hashes": ["4cc637037c1f83181100f96402f254ce2bda39883588abf568a8d5bad2f4314e", "b267b1e0b3c64b88c9aa3b76b0ae2554612cc825490c7c34548be40ad77cb45a", "b748ff3fcf567b0d53fe1feeede4f88168427e38b8473bcc03264ac8e0c86721", "da0bd85734cdbcd85debc29e899728fe67995b62b10c3d433246cbf85006cd82", "e08b7135304c934b96d5fa6ec1a73f94bbb45e77558caee1b937c3b7d048baae"], "key": "<HKCU>\\SOFTWARE\\WINRAR", "value_name": null}, {"hashes": ["4cc637037c1f83181100f96402f254ce2bda39883588abf568a8d5bad2f4314e", "b267b1e0b3c64b88c9aa3b76b0ae2554612cc825490c7c34548be40ad77cb45a", "b748ff3fcf567b0d53fe1feeede4f88168427e38b8473bcc03264ac8e0c86721", "da0bd85734cdbcd85debc29e899728fe67995b62b10c3d433246cbf85006cd82", "e08b7135304c934b96d5fa6ec1a73f94bbb45e77558caee1b937c3b7d048baae"], "key": "<HKLM>\\SAM\\SAM\\DOMAINS\\ACCOUNT\\USERS\\000003E9", "value_name": "F"}, {"hashes": ["4cc637037c1f83181100f96402f254ce2bda39883588abf568a8d5bad2f4314e", "b267b1e0b3c64b88c9aa3b76b0ae2554612cc825490c7c34548be40ad77cb45a", "b748ff3fcf567b0d53fe1feeede4f88168427e38b8473bcc03264ac8e0c86721", "da0bd85734cdbcd85debc29e899728fe67995b62b10c3d433246cbf85006cd82", "e08b7135304c934b96d5fa6ec1a73f94bbb45e77558caee1b937c3b7d048baae"], "key": "<HKLM>\\SAM\\SAM\\DOMAINS\\ACCOUNT\\USERS\\000001F5", "value_name": "F"}, {"hashes": ["4cc637037c1f83181100f96402f254ce2bda39883588abf568a8d5bad2f4314e", "b267b1e0b3c64b88c9aa3b76b0ae2554612cc825490c7c34548be40ad77cb45a", "b748ff3fcf567b0d53fe1feeede4f88168427e38b8473bcc03264ac8e0c86721", "da0bd85734cdbcd85debc29e899728fe67995b62b10c3d433246cbf85006cd82", "e08b7135304c934b96d5fa6ec1a73f94bbb45e77558caee1b937c3b7d048baae"], "key": "<HKLM>\\SAM\\SAM\\DOMAINS\\ACCOUNT\\USERS\\000003EC", "value_name": "F"}, {"hashes": ["4cc637037c1f83181100f96402f254ce2bda39883588abf568a8d5bad2f4314e", "b267b1e0b3c64b88c9aa3b76b0ae2554612cc825490c7c34548be40ad77cb45a", "b748ff3fcf567b0d53fe1feeede4f88168427e38b8473bcc03264ac8e0c86721", "da0bd85734cdbcd85debc29e899728fe67995b62b10c3d433246cbf85006cd82", "e08b7135304c934b96d5fa6ec1a73f94bbb45e77558caee1b937c3b7d048baae"], "key": "<HKCU>\\SOFTWARE\\WINRAR", "value_name": "HWID"}, {"hashes": ["1e8ae5b358c8fcddc3e25758e2f49cb2b04ad661376022d9aaaa1aaecfb663c0"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "windows"}, {"hashes": ["1e8ae5b358c8fcddc3e25758e2f49cb2b04ad661376022d9aaaa1aaecfb663c0"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\ACTIVE SETUP\\INSTALLED COMPONENTS\\{L501JP3X-C6PC-RH36-475X-RS2C2OQHHGS0}", "value_name": "StubPath"}, {"hashes": ["0350cbfc4ff5a579a459d6ceff060d5d157d30f20fb451a94d82166631f18066"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "hpsupportdf"}, {"hashes": ["3ee249d38bcd7508c2312dcee9bf12168acfb0cb28065d51b4de0a5cd7699b57"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "windows1"}, {"hashes": ["3ee249d38bcd7508c2312dcee9bf12168acfb0cb28065d51b4de0a5cd7699b57"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\ACTIVE SETUP\\INSTALLED COMPONENTS\\{256C14W2-4307-17L5-O833-2WK3KRN38HN2}", "value_name": "StubPath"}, {"hashes": ["3ee249d38bcd7508c2312dcee9bf12168acfb0cb28065d51b4de0a5cd7699b57"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\ACTIVE SETUP\\INSTALLED COMPONENTS\\{256C14W2-4307-17L5-O833-2WK3KRN38HN2}", "value_name": null}, {"hashes": ["0350cbfc4ff5a579a459d6ceff060d5d157d30f20fb451a94d82166631f18066"], "key": "<HKCU>\\SOFTWARE\\HPSUPPORTA-PTVD52", "value_name": null}, {"hashes": ["0350cbfc4ff5a579a459d6ceff060d5d157d30f20fb451a94d82166631f18066"], "key": "<HKCU>\\SOFTWARE\\HPSUPPORTA-PTVD52", "value_name": "exepath"}, {"hashes": ["0350cbfc4ff5a579a459d6ceff060d5d157d30f20fb451a94d82166631f18066"], "key": "<HKCU>\\SOFTWARE\\HPSUPPORTA-PTVD52", "value_name": "licence"}, {"hashes": ["1e8ae5b358c8fcddc3e25758e2f49cb2b04ad661376022d9aaaa1aaecfb663c0"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\ACTIVE SETUP\\INSTALLED COMPONENTS\\{L501JP3X-C6PC-RH36-475X-RS2C2OQHHGS0}", "value_name": null}, {"hashes": ["6b41117c6e33165b8ec66a7d30160c7f064f30bbf6bd21f117c7f016d5a0bad3"], "key": "<HKCU>\\SOFTWARE\\REMCOS-7AHD4U", "value_name": null}, {"hashes": ["6b41117c6e33165b8ec66a7d30160c7f064f30bbf6bd21f117c7f016d5a0bad3"], "key": "<HKCU>\\SOFTWARE\\REMCOS-7AHD4U", "value_name": "exepath"}, {"hashes": ["6b41117c6e33165b8ec66a7d30160c7f064f30bbf6bd21f117c7f016d5a0bad3"], "key": "<HKCU>\\SOFTWARE\\REMCOS-7AHD4U", "value_name": "licence"}, {"hashes": ["106f1d501242121b596cc520a89f0523397ced37435e8d4d81a5d57cc1f03714"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "106f1d501242121b596cc520a89f0523397ced37435e8d4d81a5d57cc1f03714"}, {"hashes": ["106f1d501242121b596cc520a89f0523397ced37435e8d4d81a5d57cc1f03714"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "106f1d501242121b596cc520a89f0523397ced37435e8d4d81a5d57cc1f03714"}, {"hashes": ["b267b1e0b3c64b88c9aa3b76b0ae2554612cc825490c7c34548be40ad77cb45a"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "Registry Key Name"}]}, "reports_count": 21}, "Win.Dropper.Shiz-9982208-0": {"bis": [{"bi": "pe-encrypted-section", "hashes": ["20fbca4e9d517b65d9ad39542de43f4ecf80d3f653f8d4748307dac7f4236fa2", "336a303772ffa2db341afaa7b40557f9d8c7a32736cb13b9fc13ae1b9d13bdee", "7bfd263a852f1ab102a73d13d291322ca36dc183093a713b07444fa93505439c", "550c821409c3bc9b07552887050f73bdc2c4ee233caddd02966d6253acba38bc", "29fcea73b54b4a26583411eafc5ce2903b75111f530d9fb7abfac6ce01f69791", "9ffccfa726c8f8dc8d5a907489613330c3835b8f72b526880edfe45c39701c32", "8f3a4f0679fb402e18f36fbf1ca9af09c3ba1065867aa3d66c833e71e5096a68", "e03728e63ab6fcdf97ce09d26804de5dd939463d73659dcd9fa882dd2e940df0", "7eef302158941c1bb82f0c4e04c2fd0e00c2c4cb3a726ddcfb44dbf928184a60", "bdc1cccd3799eef17fa58cabdee058b21633c275e78e79cf3ceddd744df9186f", "800b61f1ab3fb1ec621d010899c02dc385ff7aaeae1917156177d4b62542a80a", "8c1b70702257d0bb944164fb0d1dd632052f97b372158eb8345886ebfee25e2f", "783104d529b570eb73f9bc076c34c5ce762350481b1d402a70682a2e5a5a8289", "c295e1b17806f7c4fa05969f3d35774e47b728be43efb9d88a6fcfb0d5738adc", "00a9f6bb07a133aff93fa5dfd009477e886e2da2fd0a6d41b19deb29e737c950", "cc1aa7098b94c80c1cbed4629cfaa0ae0f782521d090bc294a2710b92db322a7", "7bc6edc2bbefcda6773e9971aca8737157b052155ca1b2fa3fb2f77e0c66da78", "220c7b4e4ef91905ceab6f77684a404e73721eb23f32ffd650718ca9ddbfd219", "150cd980f70b0ac30026ddc11726030e437e8d99f30526190d4647680ccdd8fa", "a3bf9835a71f576caecdee29e6a88eda042df5329f14eeb9bf1ab0efe4e384c6", "06557ec3ed23a8540bbdf30feac70d64fdf50197ed543655bc86d9dc4ae40ca3", "cef4bbf70da8f02d496dcd38a64e5a08aaa92561c7df6319efb1e86701257369", "4b0bd0dde73c84997a8421ebf0dd74ce9dafd6d7d366570bf7a516c5bc3cb4fa", "61ca67775b8fc5cdc5c29c93a58f7512c968a0d86dcd39bd5fcd90721f7ba28c", "bbf195d48481ce62a1d2365dc61f7659dfe954fcd2632c4fee8e62658955e847"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "imports-IsDebuggerPresent", "hashes": ["20fbca4e9d517b65d9ad39542de43f4ecf80d3f653f8d4748307dac7f4236fa2", "336a303772ffa2db341afaa7b40557f9d8c7a32736cb13b9fc13ae1b9d13bdee", "7bfd263a852f1ab102a73d13d291322ca36dc183093a713b07444fa93505439c", "550c821409c3bc9b07552887050f73bdc2c4ee233caddd02966d6253acba38bc", "29fcea73b54b4a26583411eafc5ce2903b75111f530d9fb7abfac6ce01f69791", "9ffccfa726c8f8dc8d5a907489613330c3835b8f72b526880edfe45c39701c32", "8f3a4f0679fb402e18f36fbf1ca9af09c3ba1065867aa3d66c833e71e5096a68", "e03728e63ab6fcdf97ce09d26804de5dd939463d73659dcd9fa882dd2e940df0", "7eef302158941c1bb82f0c4e04c2fd0e00c2c4cb3a726ddcfb44dbf928184a60", "bdc1cccd3799eef17fa58cabdee058b21633c275e78e79cf3ceddd744df9186f", "800b61f1ab3fb1ec621d010899c02dc385ff7aaeae1917156177d4b62542a80a", "8c1b70702257d0bb944164fb0d1dd632052f97b372158eb8345886ebfee25e2f", "783104d529b570eb73f9bc076c34c5ce762350481b1d402a70682a2e5a5a8289", "c295e1b17806f7c4fa05969f3d35774e47b728be43efb9d88a6fcfb0d5738adc", "00a9f6bb07a133aff93fa5dfd009477e886e2da2fd0a6d41b19deb29e737c950", "cc1aa7098b94c80c1cbed4629cfaa0ae0f782521d090bc294a2710b92db322a7", "7bc6edc2bbefcda6773e9971aca8737157b052155ca1b2fa3fb2f77e0c66da78", "220c7b4e4ef91905ceab6f77684a404e73721eb23f32ffd650718ca9ddbfd219", "150cd980f70b0ac30026ddc11726030e437e8d99f30526190d4647680ccdd8fa", "a3bf9835a71f576caecdee29e6a88eda042df5329f14eeb9bf1ab0efe4e384c6", "06557ec3ed23a8540bbdf30feac70d64fdf50197ed543655bc86d9dc4ae40ca3", "cef4bbf70da8f02d496dcd38a64e5a08aaa92561c7df6319efb1e86701257369", "4b0bd0dde73c84997a8421ebf0dd74ce9dafd6d7d366570bf7a516c5bc3cb4fa", "61ca67775b8fc5cdc5c29c93a58f7512c968a0d86dcd39bd5fcd90721f7ba28c", "bbf195d48481ce62a1d2365dc61f7659dfe954fcd2632c4fee8e62658955e847"], "mitre_attack_tags": ["TA0005", "TA0007"]}, {"bi": "pe-header-timestamp-prior", "hashes": ["20fbca4e9d517b65d9ad39542de43f4ecf80d3f653f8d4748307dac7f4236fa2", "336a303772ffa2db341afaa7b40557f9d8c7a32736cb13b9fc13ae1b9d13bdee", "7bfd263a852f1ab102a73d13d291322ca36dc183093a713b07444fa93505439c", "550c821409c3bc9b07552887050f73bdc2c4ee233caddd02966d6253acba38bc", "29fcea73b54b4a26583411eafc5ce2903b75111f530d9fb7abfac6ce01f69791", "9ffccfa726c8f8dc8d5a907489613330c3835b8f72b526880edfe45c39701c32", "8f3a4f0679fb402e18f36fbf1ca9af09c3ba1065867aa3d66c833e71e5096a68", "e03728e63ab6fcdf97ce09d26804de5dd939463d73659dcd9fa882dd2e940df0", "7eef302158941c1bb82f0c4e04c2fd0e00c2c4cb3a726ddcfb44dbf928184a60", "bdc1cccd3799eef17fa58cabdee058b21633c275e78e79cf3ceddd744df9186f", "800b61f1ab3fb1ec621d010899c02dc385ff7aaeae1917156177d4b62542a80a", "8c1b70702257d0bb944164fb0d1dd632052f97b372158eb8345886ebfee25e2f", "783104d529b570eb73f9bc076c34c5ce762350481b1d402a70682a2e5a5a8289", "c295e1b17806f7c4fa05969f3d35774e47b728be43efb9d88a6fcfb0d5738adc", "00a9f6bb07a133aff93fa5dfd009477e886e2da2fd0a6d41b19deb29e737c950", "cc1aa7098b94c80c1cbed4629cfaa0ae0f782521d090bc294a2710b92db322a7", "7bc6edc2bbefcda6773e9971aca8737157b052155ca1b2fa3fb2f77e0c66da78", "220c7b4e4ef91905ceab6f77684a404e73721eb23f32ffd650718ca9ddbfd219", "150cd980f70b0ac30026ddc11726030e437e8d99f30526190d4647680ccdd8fa", "a3bf9835a71f576caecdee29e6a88eda042df5329f14eeb9bf1ab0efe4e384c6", "06557ec3ed23a8540bbdf30feac70d64fdf50197ed543655bc86d9dc4ae40ca3", "cef4bbf70da8f02d496dcd38a64e5a08aaa92561c7df6319efb1e86701257369", "4b0bd0dde73c84997a8421ebf0dd74ce9dafd6d7d366570bf7a516c5bc3cb4fa", "61ca67775b8fc5cdc5c29c93a58f7512c968a0d86dcd39bd5fcd90721f7ba28c", "bbf195d48481ce62a1d2365dc61f7659dfe954fcd2632c4fee8e62658955e847"], "mitre_attack_tags": []}, {"bi": "pe-uses-fasm", "hashes": ["20fbca4e9d517b65d9ad39542de43f4ecf80d3f653f8d4748307dac7f4236fa2", "336a303772ffa2db341afaa7b40557f9d8c7a32736cb13b9fc13ae1b9d13bdee", "7bfd263a852f1ab102a73d13d291322ca36dc183093a713b07444fa93505439c", "550c821409c3bc9b07552887050f73bdc2c4ee233caddd02966d6253acba38bc", "29fcea73b54b4a26583411eafc5ce2903b75111f530d9fb7abfac6ce01f69791", "9ffccfa726c8f8dc8d5a907489613330c3835b8f72b526880edfe45c39701c32", "8f3a4f0679fb402e18f36fbf1ca9af09c3ba1065867aa3d66c833e71e5096a68", "e03728e63ab6fcdf97ce09d26804de5dd939463d73659dcd9fa882dd2e940df0", "7eef302158941c1bb82f0c4e04c2fd0e00c2c4cb3a726ddcfb44dbf928184a60", "bdc1cccd3799eef17fa58cabdee058b21633c275e78e79cf3ceddd744df9186f", "800b61f1ab3fb1ec621d010899c02dc385ff7aaeae1917156177d4b62542a80a", "8c1b70702257d0bb944164fb0d1dd632052f97b372158eb8345886ebfee25e2f", "783104d529b570eb73f9bc076c34c5ce762350481b1d402a70682a2e5a5a8289", "c295e1b17806f7c4fa05969f3d35774e47b728be43efb9d88a6fcfb0d5738adc", "00a9f6bb07a133aff93fa5dfd009477e886e2da2fd0a6d41b19deb29e737c950", "cc1aa7098b94c80c1cbed4629cfaa0ae0f782521d090bc294a2710b92db322a7", "7bc6edc2bbefcda6773e9971aca8737157b052155ca1b2fa3fb2f77e0c66da78", "220c7b4e4ef91905ceab6f77684a404e73721eb23f32ffd650718ca9ddbfd219", "150cd980f70b0ac30026ddc11726030e437e8d99f30526190d4647680ccdd8fa", "a3bf9835a71f576caecdee29e6a88eda042df5329f14eeb9bf1ab0efe4e384c6", "06557ec3ed23a8540bbdf30feac70d64fdf50197ed543655bc86d9dc4ae40ca3", "cef4bbf70da8f02d496dcd38a64e5a08aaa92561c7df6319efb1e86701257369", "4b0bd0dde73c84997a8421ebf0dd74ce9dafd6d7d366570bf7a516c5bc3cb4fa", "61ca67775b8fc5cdc5c29c93a58f7512c968a0d86dcd39bd5fcd90721f7ba28c", "bbf195d48481ce62a1d2365dc61f7659dfe954fcd2632c4fee8e62658955e847"], "mitre_attack_tags": []}, {"bi": "pe-invalid-checksum", "hashes": ["20fbca4e9d517b65d9ad39542de43f4ecf80d3f653f8d4748307dac7f4236fa2", "336a303772ffa2db341afaa7b40557f9d8c7a32736cb13b9fc13ae1b9d13bdee", "7bfd263a852f1ab102a73d13d291322ca36dc183093a713b07444fa93505439c", "550c821409c3bc9b07552887050f73bdc2c4ee233caddd02966d6253acba38bc", "29fcea73b54b4a26583411eafc5ce2903b75111f530d9fb7abfac6ce01f69791", "9ffccfa726c8f8dc8d5a907489613330c3835b8f72b526880edfe45c39701c32", "8f3a4f0679fb402e18f36fbf1ca9af09c3ba1065867aa3d66c833e71e5096a68", "e03728e63ab6fcdf97ce09d26804de5dd939463d73659dcd9fa882dd2e940df0", "7eef302158941c1bb82f0c4e04c2fd0e00c2c4cb3a726ddcfb44dbf928184a60", "bdc1cccd3799eef17fa58cabdee058b21633c275e78e79cf3ceddd744df9186f", "800b61f1ab3fb1ec621d010899c02dc385ff7aaeae1917156177d4b62542a80a", "8c1b70702257d0bb944164fb0d1dd632052f97b372158eb8345886ebfee25e2f", "783104d529b570eb73f9bc076c34c5ce762350481b1d402a70682a2e5a5a8289", "c295e1b17806f7c4fa05969f3d35774e47b728be43efb9d88a6fcfb0d5738adc", "00a9f6bb07a133aff93fa5dfd009477e886e2da2fd0a6d41b19deb29e737c950", "cc1aa7098b94c80c1cbed4629cfaa0ae0f782521d090bc294a2710b92db322a7", "7bc6edc2bbefcda6773e9971aca8737157b052155ca1b2fa3fb2f77e0c66da78", "220c7b4e4ef91905ceab6f77684a404e73721eb23f32ffd650718ca9ddbfd219", "150cd980f70b0ac30026ddc11726030e437e8d99f30526190d4647680ccdd8fa", "a3bf9835a71f576caecdee29e6a88eda042df5329f14eeb9bf1ab0efe4e384c6", "cef4bbf70da8f02d496dcd38a64e5a08aaa92561c7df6319efb1e86701257369", "4b0bd0dde73c84997a8421ebf0dd74ce9dafd6d7d366570bf7a516c5bc3cb4fa", "61ca67775b8fc5cdc5c29c93a58f7512c968a0d86dcd39bd5fcd90721f7ba28c", "bbf195d48481ce62a1d2365dc61f7659dfe954fcd2632c4fee8e62658955e847"], "mitre_attack_tags": []}, {"bi": "antivirus-flagged-artifact", "hashes": ["336a303772ffa2db341afaa7b40557f9d8c7a32736cb13b9fc13ae1b9d13bdee", "7bfd263a852f1ab102a73d13d291322ca36dc183093a713b07444fa93505439c", "550c821409c3bc9b07552887050f73bdc2c4ee233caddd02966d6253acba38bc", "29fcea73b54b4a26583411eafc5ce2903b75111f530d9fb7abfac6ce01f69791", "9ffccfa726c8f8dc8d5a907489613330c3835b8f72b526880edfe45c39701c32", "8f3a4f0679fb402e18f36fbf1ca9af09c3ba1065867aa3d66c833e71e5096a68", "e03728e63ab6fcdf97ce09d26804de5dd939463d73659dcd9fa882dd2e940df0", "7eef302158941c1bb82f0c4e04c2fd0e00c2c4cb3a726ddcfb44dbf928184a60", "bdc1cccd3799eef17fa58cabdee058b21633c275e78e79cf3ceddd744df9186f", "800b61f1ab3fb1ec621d010899c02dc385ff7aaeae1917156177d4b62542a80a", "8c1b70702257d0bb944164fb0d1dd632052f97b372158eb8345886ebfee25e2f", "783104d529b570eb73f9bc076c34c5ce762350481b1d402a70682a2e5a5a8289", "c295e1b17806f7c4fa05969f3d35774e47b728be43efb9d88a6fcfb0d5738adc", "00a9f6bb07a133aff93fa5dfd009477e886e2da2fd0a6d41b19deb29e737c950", "cc1aa7098b94c80c1cbed4629cfaa0ae0f782521d090bc294a2710b92db322a7", "7bc6edc2bbefcda6773e9971aca8737157b052155ca1b2fa3fb2f77e0c66da78", "220c7b4e4ef91905ceab6f77684a404e73721eb23f32ffd650718ca9ddbfd219", "150cd980f70b0ac30026ddc11726030e437e8d99f30526190d4647680ccdd8fa", "a3bf9835a71f576caecdee29e6a88eda042df5329f14eeb9bf1ab0efe4e384c6", "06557ec3ed23a8540bbdf30feac70d64fdf50197ed543655bc86d9dc4ae40ca3", "cef4bbf70da8f02d496dcd38a64e5a08aaa92561c7df6319efb1e86701257369", "4b0bd0dde73c84997a8421ebf0dd74ce9dafd6d7d366570bf7a516c5bc3cb4fa", "61ca67775b8fc5cdc5c29c93a58f7512c968a0d86dcd39bd5fcd90721f7ba28c", "bbf195d48481ce62a1d2365dc61f7659dfe954fcd2632c4fee8e62658955e847"], "mitre_attack_tags": []}, {"bi": "memory-execute-readwrite", "hashes": ["336a303772ffa2db341afaa7b40557f9d8c7a32736cb13b9fc13ae1b9d13bdee", "7bfd263a852f1ab102a73d13d291322ca36dc183093a713b07444fa93505439c", "550c821409c3bc9b07552887050f73bdc2c4ee233caddd02966d6253acba38bc", "29fcea73b54b4a26583411eafc5ce2903b75111f530d9fb7abfac6ce01f69791", "9ffccfa726c8f8dc8d5a907489613330c3835b8f72b526880edfe45c39701c32", "8f3a4f0679fb402e18f36fbf1ca9af09c3ba1065867aa3d66c833e71e5096a68", "e03728e63ab6fcdf97ce09d26804de5dd939463d73659dcd9fa882dd2e940df0", "7eef302158941c1bb82f0c4e04c2fd0e00c2c4cb3a726ddcfb44dbf928184a60", "bdc1cccd3799eef17fa58cabdee058b21633c275e78e79cf3ceddd744df9186f", "800b61f1ab3fb1ec621d010899c02dc385ff7aaeae1917156177d4b62542a80a", "8c1b70702257d0bb944164fb0d1dd632052f97b372158eb8345886ebfee25e2f", "783104d529b570eb73f9bc076c34c5ce762350481b1d402a70682a2e5a5a8289", "c295e1b17806f7c4fa05969f3d35774e47b728be43efb9d88a6fcfb0d5738adc", "00a9f6bb07a133aff93fa5dfd009477e886e2da2fd0a6d41b19deb29e737c950", "cc1aa7098b94c80c1cbed4629cfaa0ae0f782521d090bc294a2710b92db322a7", "7bc6edc2bbefcda6773e9971aca8737157b052155ca1b2fa3fb2f77e0c66da78", "220c7b4e4ef91905ceab6f77684a404e73721eb23f32ffd650718ca9ddbfd219", "150cd980f70b0ac30026ddc11726030e437e8d99f30526190d4647680ccdd8fa", "a3bf9835a71f576caecdee29e6a88eda042df5329f14eeb9bf1ab0efe4e384c6", "06557ec3ed23a8540bbdf30feac70d64fdf50197ed543655bc86d9dc4ae40ca3", "cef4bbf70da8f02d496dcd38a64e5a08aaa92561c7df6319efb1e86701257369", "4b0bd0dde73c84997a8421ebf0dd74ce9dafd6d7d366570bf7a516c5bc3cb4fa", "61ca67775b8fc5cdc5c29c93a58f7512c968a0d86dcd39bd5fcd90721f7ba28c", "bbf195d48481ce62a1d2365dc61f7659dfe954fcd2632c4fee8e62658955e847"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["336a303772ffa2db341afaa7b40557f9d8c7a32736cb13b9fc13ae1b9d13bdee", "7bfd263a852f1ab102a73d13d291322ca36dc183093a713b07444fa93505439c", "550c821409c3bc9b07552887050f73bdc2c4ee233caddd02966d6253acba38bc", "29fcea73b54b4a26583411eafc5ce2903b75111f530d9fb7abfac6ce01f69791", "9ffccfa726c8f8dc8d5a907489613330c3835b8f72b526880edfe45c39701c32", "8f3a4f0679fb402e18f36fbf1ca9af09c3ba1065867aa3d66c833e71e5096a68", "e03728e63ab6fcdf97ce09d26804de5dd939463d73659dcd9fa882dd2e940df0", "7eef302158941c1bb82f0c4e04c2fd0e00c2c4cb3a726ddcfb44dbf928184a60", "bdc1cccd3799eef17fa58cabdee058b21633c275e78e79cf3ceddd744df9186f", "800b61f1ab3fb1ec621d010899c02dc385ff7aaeae1917156177d4b62542a80a", "8c1b70702257d0bb944164fb0d1dd632052f97b372158eb8345886ebfee25e2f", "783104d529b570eb73f9bc076c34c5ce762350481b1d402a70682a2e5a5a8289", "c295e1b17806f7c4fa05969f3d35774e47b728be43efb9d88a6fcfb0d5738adc", "00a9f6bb07a133aff93fa5dfd009477e886e2da2fd0a6d41b19deb29e737c950", "cc1aa7098b94c80c1cbed4629cfaa0ae0f782521d090bc294a2710b92db322a7", "7bc6edc2bbefcda6773e9971aca8737157b052155ca1b2fa3fb2f77e0c66da78", "220c7b4e4ef91905ceab6f77684a404e73721eb23f32ffd650718ca9ddbfd219", "150cd980f70b0ac30026ddc11726030e437e8d99f30526190d4647680ccdd8fa", "a3bf9835a71f576caecdee29e6a88eda042df5329f14eeb9bf1ab0efe4e384c6", "06557ec3ed23a8540bbdf30feac70d64fdf50197ed543655bc86d9dc4ae40ca3", "cef4bbf70da8f02d496dcd38a64e5a08aaa92561c7df6319efb1e86701257369", "4b0bd0dde73c84997a8421ebf0dd74ce9dafd6d7d366570bf7a516c5bc3cb4fa", "61ca67775b8fc5cdc5c29c93a58f7512c968a0d86dcd39bd5fcd90721f7ba28c", "bbf195d48481ce62a1d2365dc61f7659dfe954fcd2632c4fee8e62658955e847"], "mitre_attack_tags": []}, {"bi": "modified-file-in-user-dir", "hashes": ["336a303772ffa2db341afaa7b40557f9d8c7a32736cb13b9fc13ae1b9d13bdee", "7bfd263a852f1ab102a73d13d291322ca36dc183093a713b07444fa93505439c", "550c821409c3bc9b07552887050f73bdc2c4ee233caddd02966d6253acba38bc", "29fcea73b54b4a26583411eafc5ce2903b75111f530d9fb7abfac6ce01f69791", "9ffccfa726c8f8dc8d5a907489613330c3835b8f72b526880edfe45c39701c32", "8f3a4f0679fb402e18f36fbf1ca9af09c3ba1065867aa3d66c833e71e5096a68", "e03728e63ab6fcdf97ce09d26804de5dd939463d73659dcd9fa882dd2e940df0", "7eef302158941c1bb82f0c4e04c2fd0e00c2c4cb3a726ddcfb44dbf928184a60", "bdc1cccd3799eef17fa58cabdee058b21633c275e78e79cf3ceddd744df9186f", "800b61f1ab3fb1ec621d010899c02dc385ff7aaeae1917156177d4b62542a80a", "8c1b70702257d0bb944164fb0d1dd632052f97b372158eb8345886ebfee25e2f", "783104d529b570eb73f9bc076c34c5ce762350481b1d402a70682a2e5a5a8289", "c295e1b17806f7c4fa05969f3d35774e47b728be43efb9d88a6fcfb0d5738adc", "00a9f6bb07a133aff93fa5dfd009477e886e2da2fd0a6d41b19deb29e737c950", "cc1aa7098b94c80c1cbed4629cfaa0ae0f782521d090bc294a2710b92db322a7", "7bc6edc2bbefcda6773e9971aca8737157b052155ca1b2fa3fb2f77e0c66da78", "220c7b4e4ef91905ceab6f77684a404e73721eb23f32ffd650718ca9ddbfd219", "150cd980f70b0ac30026ddc11726030e437e8d99f30526190d4647680ccdd8fa", "a3bf9835a71f576caecdee29e6a88eda042df5329f14eeb9bf1ab0efe4e384c6", "06557ec3ed23a8540bbdf30feac70d64fdf50197ed543655bc86d9dc4ae40ca3", "cef4bbf70da8f02d496dcd38a64e5a08aaa92561c7df6319efb1e86701257369", "4b0bd0dde73c84997a8421ebf0dd74ce9dafd6d7d366570bf7a516c5bc3cb4fa", "61ca67775b8fc5cdc5c29c93a58f7512c968a0d86dcd39bd5fcd90721f7ba28c", "bbf195d48481ce62a1d2365dc61f7659dfe954fcd2632c4fee8e62658955e847"], "mitre_attack_tags": []}, {"bi": "artifact-flagged-obfuscation", "hashes": ["336a303772ffa2db341afaa7b40557f9d8c7a32736cb13b9fc13ae1b9d13bdee", "7bfd263a852f1ab102a73d13d291322ca36dc183093a713b07444fa93505439c", "550c821409c3bc9b07552887050f73bdc2c4ee233caddd02966d6253acba38bc", "29fcea73b54b4a26583411eafc5ce2903b75111f530d9fb7abfac6ce01f69791", "9ffccfa726c8f8dc8d5a907489613330c3835b8f72b526880edfe45c39701c32", "8f3a4f0679fb402e18f36fbf1ca9af09c3ba1065867aa3d66c833e71e5096a68", "e03728e63ab6fcdf97ce09d26804de5dd939463d73659dcd9fa882dd2e940df0", "7eef302158941c1bb82f0c4e04c2fd0e00c2c4cb3a726ddcfb44dbf928184a60", "bdc1cccd3799eef17fa58cabdee058b21633c275e78e79cf3ceddd744df9186f", "800b61f1ab3fb1ec621d010899c02dc385ff7aaeae1917156177d4b62542a80a", "8c1b70702257d0bb944164fb0d1dd632052f97b372158eb8345886ebfee25e2f", "783104d529b570eb73f9bc076c34c5ce762350481b1d402a70682a2e5a5a8289", "c295e1b17806f7c4fa05969f3d35774e47b728be43efb9d88a6fcfb0d5738adc", "00a9f6bb07a133aff93fa5dfd009477e886e2da2fd0a6d41b19deb29e737c950", "cc1aa7098b94c80c1cbed4629cfaa0ae0f782521d090bc294a2710b92db322a7", "7bc6edc2bbefcda6773e9971aca8737157b052155ca1b2fa3fb2f77e0c66da78", "220c7b4e4ef91905ceab6f77684a404e73721eb23f32ffd650718ca9ddbfd219", "150cd980f70b0ac30026ddc11726030e437e8d99f30526190d4647680ccdd8fa", "a3bf9835a71f576caecdee29e6a88eda042df5329f14eeb9bf1ab0efe4e384c6", "06557ec3ed23a8540bbdf30feac70d64fdf50197ed543655bc86d9dc4ae40ca3", "cef4bbf70da8f02d496dcd38a64e5a08aaa92561c7df6319efb1e86701257369", "4b0bd0dde73c84997a8421ebf0dd74ce9dafd6d7d366570bf7a516c5bc3cb4fa", "61ca67775b8fc5cdc5c29c93a58f7512c968a0d86dcd39bd5fcd90721f7ba28c", "bbf195d48481ce62a1d2365dc61f7659dfe954fcd2632c4fee8e62658955e847"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "network-file-uploaded", "hashes": ["336a303772ffa2db341afaa7b40557f9d8c7a32736cb13b9fc13ae1b9d13bdee", "7bfd263a852f1ab102a73d13d291322ca36dc183093a713b07444fa93505439c", "550c821409c3bc9b07552887050f73bdc2c4ee233caddd02966d6253acba38bc", "29fcea73b54b4a26583411eafc5ce2903b75111f530d9fb7abfac6ce01f69791", "9ffccfa726c8f8dc8d5a907489613330c3835b8f72b526880edfe45c39701c32", "8f3a4f0679fb402e18f36fbf1ca9af09c3ba1065867aa3d66c833e71e5096a68", "e03728e63ab6fcdf97ce09d26804de5dd939463d73659dcd9fa882dd2e940df0", "7eef302158941c1bb82f0c4e04c2fd0e00c2c4cb3a726ddcfb44dbf928184a60", "bdc1cccd3799eef17fa58cabdee058b21633c275e78e79cf3ceddd744df9186f", "800b61f1ab3fb1ec621d010899c02dc385ff7aaeae1917156177d4b62542a80a", "8c1b70702257d0bb944164fb0d1dd632052f97b372158eb8345886ebfee25e2f", "783104d529b570eb73f9bc076c34c5ce762350481b1d402a70682a2e5a5a8289", "c295e1b17806f7c4fa05969f3d35774e47b728be43efb9d88a6fcfb0d5738adc", "00a9f6bb07a133aff93fa5dfd009477e886e2da2fd0a6d41b19deb29e737c950", "cc1aa7098b94c80c1cbed4629cfaa0ae0f782521d090bc294a2710b92db322a7", "7bc6edc2bbefcda6773e9971aca8737157b052155ca1b2fa3fb2f77e0c66da78", "220c7b4e4ef91905ceab6f77684a404e73721eb23f32ffd650718ca9ddbfd219", "150cd980f70b0ac30026ddc11726030e437e8d99f30526190d4647680ccdd8fa", "a3bf9835a71f576caecdee29e6a88eda042df5329f14eeb9bf1ab0efe4e384c6", "06557ec3ed23a8540bbdf30feac70d64fdf50197ed543655bc86d9dc4ae40ca3", "cef4bbf70da8f02d496dcd38a64e5a08aaa92561c7df6319efb1e86701257369", "4b0bd0dde73c84997a8421ebf0dd74ce9dafd6d7d366570bf7a516c5bc3cb4fa", "61ca67775b8fc5cdc5c29c93a58f7512c968a0d86dcd39bd5fcd90721f7ba28c", "bbf195d48481ce62a1d2365dc61f7659dfe954fcd2632c4fee8e62658955e847"], "mitre_attack_tags": ["TA0010", "T1011"]}, {"bi": "nginx-webserver-detected", "hashes": ["336a303772ffa2db341afaa7b40557f9d8c7a32736cb13b9fc13ae1b9d13bdee", "7bfd263a852f1ab102a73d13d291322ca36dc183093a713b07444fa93505439c", "550c821409c3bc9b07552887050f73bdc2c4ee233caddd02966d6253acba38bc", "29fcea73b54b4a26583411eafc5ce2903b75111f530d9fb7abfac6ce01f69791", "9ffccfa726c8f8dc8d5a907489613330c3835b8f72b526880edfe45c39701c32", "8f3a4f0679fb402e18f36fbf1ca9af09c3ba1065867aa3d66c833e71e5096a68", "e03728e63ab6fcdf97ce09d26804de5dd939463d73659dcd9fa882dd2e940df0", "7eef302158941c1bb82f0c4e04c2fd0e00c2c4cb3a726ddcfb44dbf928184a60", "bdc1cccd3799eef17fa58cabdee058b21633c275e78e79cf3ceddd744df9186f", "800b61f1ab3fb1ec621d010899c02dc385ff7aaeae1917156177d4b62542a80a", "8c1b70702257d0bb944164fb0d1dd632052f97b372158eb8345886ebfee25e2f", "783104d529b570eb73f9bc076c34c5ce762350481b1d402a70682a2e5a5a8289", "c295e1b17806f7c4fa05969f3d35774e47b728be43efb9d88a6fcfb0d5738adc", "00a9f6bb07a133aff93fa5dfd009477e886e2da2fd0a6d41b19deb29e737c950", "cc1aa7098b94c80c1cbed4629cfaa0ae0f782521d090bc294a2710b92db322a7", "7bc6edc2bbefcda6773e9971aca8737157b052155ca1b2fa3fb2f77e0c66da78", "220c7b4e4ef91905ceab6f77684a404e73721eb23f32ffd650718ca9ddbfd219", "150cd980f70b0ac30026ddc11726030e437e8d99f30526190d4647680ccdd8fa", "a3bf9835a71f576caecdee29e6a88eda042df5329f14eeb9bf1ab0efe4e384c6", "06557ec3ed23a8540bbdf30feac70d64fdf50197ed543655bc86d9dc4ae40ca3", "cef4bbf70da8f02d496dcd38a64e5a08aaa92561c7df6319efb1e86701257369", "4b0bd0dde73c84997a8421ebf0dd74ce9dafd6d7d366570bf7a516c5bc3cb4fa", "61ca67775b8fc5cdc5c29c93a58f7512c968a0d86dcd39bd5fcd90721f7ba28c", "bbf195d48481ce62a1d2365dc61f7659dfe954fcd2632c4fee8e62658955e847"], "mitre_attack_tags": []}, {"bi": "network-communications-http-post", "hashes": ["336a303772ffa2db341afaa7b40557f9d8c7a32736cb13b9fc13ae1b9d13bdee", "7bfd263a852f1ab102a73d13d291322ca36dc183093a713b07444fa93505439c", "550c821409c3bc9b07552887050f73bdc2c4ee233caddd02966d6253acba38bc", "29fcea73b54b4a26583411eafc5ce2903b75111f530d9fb7abfac6ce01f69791", "9ffccfa726c8f8dc8d5a907489613330c3835b8f72b526880edfe45c39701c32", "8f3a4f0679fb402e18f36fbf1ca9af09c3ba1065867aa3d66c833e71e5096a68", "e03728e63ab6fcdf97ce09d26804de5dd939463d73659dcd9fa882dd2e940df0", "7eef302158941c1bb82f0c4e04c2fd0e00c2c4cb3a726ddcfb44dbf928184a60", "bdc1cccd3799eef17fa58cabdee058b21633c275e78e79cf3ceddd744df9186f", "800b61f1ab3fb1ec621d010899c02dc385ff7aaeae1917156177d4b62542a80a", "8c1b70702257d0bb944164fb0d1dd632052f97b372158eb8345886ebfee25e2f", "783104d529b570eb73f9bc076c34c5ce762350481b1d402a70682a2e5a5a8289", "c295e1b17806f7c4fa05969f3d35774e47b728be43efb9d88a6fcfb0d5738adc", "00a9f6bb07a133aff93fa5dfd009477e886e2da2fd0a6d41b19deb29e737c950", "cc1aa7098b94c80c1cbed4629cfaa0ae0f782521d090bc294a2710b92db322a7", "7bc6edc2bbefcda6773e9971aca8737157b052155ca1b2fa3fb2f77e0c66da78", "220c7b4e4ef91905ceab6f77684a404e73721eb23f32ffd650718ca9ddbfd219", "150cd980f70b0ac30026ddc11726030e437e8d99f30526190d4647680ccdd8fa", "a3bf9835a71f576caecdee29e6a88eda042df5329f14eeb9bf1ab0efe4e384c6", "06557ec3ed23a8540bbdf30feac70d64fdf50197ed543655bc86d9dc4ae40ca3", "cef4bbf70da8f02d496dcd38a64e5a08aaa92561c7df6319efb1e86701257369", "4b0bd0dde73c84997a8421ebf0dd74ce9dafd6d7d366570bf7a516c5bc3cb4fa", "61ca67775b8fc5cdc5c29c93a58f7512c968a0d86dcd39bd5fcd90721f7ba28c", "bbf195d48481ce62a1d2365dc61f7659dfe954fcd2632c4fee8e62658955e847"], "mitre_attack_tags": ["TA0010", "T1048"]}, {"bi": "network-fast-flux-nameserver", "hashes": ["336a303772ffa2db341afaa7b40557f9d8c7a32736cb13b9fc13ae1b9d13bdee", "7bfd263a852f1ab102a73d13d291322ca36dc183093a713b07444fa93505439c", "550c821409c3bc9b07552887050f73bdc2c4ee233caddd02966d6253acba38bc", "29fcea73b54b4a26583411eafc5ce2903b75111f530d9fb7abfac6ce01f69791", "9ffccfa726c8f8dc8d5a907489613330c3835b8f72b526880edfe45c39701c32", "8f3a4f0679fb402e18f36fbf1ca9af09c3ba1065867aa3d66c833e71e5096a68", "e03728e63ab6fcdf97ce09d26804de5dd939463d73659dcd9fa882dd2e940df0", "7eef302158941c1bb82f0c4e04c2fd0e00c2c4cb3a726ddcfb44dbf928184a60", "bdc1cccd3799eef17fa58cabdee058b21633c275e78e79cf3ceddd744df9186f", "800b61f1ab3fb1ec621d010899c02dc385ff7aaeae1917156177d4b62542a80a", "8c1b70702257d0bb944164fb0d1dd632052f97b372158eb8345886ebfee25e2f", "783104d529b570eb73f9bc076c34c5ce762350481b1d402a70682a2e5a5a8289", "c295e1b17806f7c4fa05969f3d35774e47b728be43efb9d88a6fcfb0d5738adc", "00a9f6bb07a133aff93fa5dfd009477e886e2da2fd0a6d41b19deb29e737c950", "cc1aa7098b94c80c1cbed4629cfaa0ae0f782521d090bc294a2710b92db322a7", "7bc6edc2bbefcda6773e9971aca8737157b052155ca1b2fa3fb2f77e0c66da78", "220c7b4e4ef91905ceab6f77684a404e73721eb23f32ffd650718ca9ddbfd219", "150cd980f70b0ac30026ddc11726030e437e8d99f30526190d4647680ccdd8fa", "a3bf9835a71f576caecdee29e6a88eda042df5329f14eeb9bf1ab0efe4e384c6", "06557ec3ed23a8540bbdf30feac70d64fdf50197ed543655bc86d9dc4ae40ca3", "cef4bbf70da8f02d496dcd38a64e5a08aaa92561c7df6319efb1e86701257369", "4b0bd0dde73c84997a8421ebf0dd74ce9dafd6d7d366570bf7a516c5bc3cb4fa", "61ca67775b8fc5cdc5c29c93a58f7512c968a0d86dcd39bd5fcd90721f7ba28c", "bbf195d48481ce62a1d2365dc61f7659dfe954fcd2632c4fee8e62658955e847"], "mitre_attack_tags": []}, {"bi": "dns-query-nxdomain", "hashes": ["336a303772ffa2db341afaa7b40557f9d8c7a32736cb13b9fc13ae1b9d13bdee", "7bfd263a852f1ab102a73d13d291322ca36dc183093a713b07444fa93505439c", "550c821409c3bc9b07552887050f73bdc2c4ee233caddd02966d6253acba38bc", "29fcea73b54b4a26583411eafc5ce2903b75111f530d9fb7abfac6ce01f69791", "9ffccfa726c8f8dc8d5a907489613330c3835b8f72b526880edfe45c39701c32", "8f3a4f0679fb402e18f36fbf1ca9af09c3ba1065867aa3d66c833e71e5096a68", "e03728e63ab6fcdf97ce09d26804de5dd939463d73659dcd9fa882dd2e940df0", "7eef302158941c1bb82f0c4e04c2fd0e00c2c4cb3a726ddcfb44dbf928184a60", "bdc1cccd3799eef17fa58cabdee058b21633c275e78e79cf3ceddd744df9186f", "800b61f1ab3fb1ec621d010899c02dc385ff7aaeae1917156177d4b62542a80a", "8c1b70702257d0bb944164fb0d1dd632052f97b372158eb8345886ebfee25e2f", "783104d529b570eb73f9bc076c34c5ce762350481b1d402a70682a2e5a5a8289", "c295e1b17806f7c4fa05969f3d35774e47b728be43efb9d88a6fcfb0d5738adc", "00a9f6bb07a133aff93fa5dfd009477e886e2da2fd0a6d41b19deb29e737c950", "cc1aa7098b94c80c1cbed4629cfaa0ae0f782521d090bc294a2710b92db322a7", "7bc6edc2bbefcda6773e9971aca8737157b052155ca1b2fa3fb2f77e0c66da78", "220c7b4e4ef91905ceab6f77684a404e73721eb23f32ffd650718ca9ddbfd219", "150cd980f70b0ac30026ddc11726030e437e8d99f30526190d4647680ccdd8fa", "a3bf9835a71f576caecdee29e6a88eda042df5329f14eeb9bf1ab0efe4e384c6", "06557ec3ed23a8540bbdf30feac70d64fdf50197ed543655bc86d9dc4ae40ca3", "cef4bbf70da8f02d496dcd38a64e5a08aaa92561c7df6319efb1e86701257369", "4b0bd0dde73c84997a8421ebf0dd74ce9dafd6d7d366570bf7a516c5bc3cb4fa", "61ca67775b8fc5cdc5c29c93a58f7512c968a0d86dcd39bd5fcd90721f7ba28c", "bbf195d48481ce62a1d2365dc61f7659dfe954fcd2632c4fee8e62658955e847"], "mitre_attack_tags": []}, {"bi": "network-snort-protocol", "hashes": ["336a303772ffa2db341afaa7b40557f9d8c7a32736cb13b9fc13ae1b9d13bdee", "7bfd263a852f1ab102a73d13d291322ca36dc183093a713b07444fa93505439c", "550c821409c3bc9b07552887050f73bdc2c4ee233caddd02966d6253acba38bc", "29fcea73b54b4a26583411eafc5ce2903b75111f530d9fb7abfac6ce01f69791", "9ffccfa726c8f8dc8d5a907489613330c3835b8f72b526880edfe45c39701c32", "8f3a4f0679fb402e18f36fbf1ca9af09c3ba1065867aa3d66c833e71e5096a68", "e03728e63ab6fcdf97ce09d26804de5dd939463d73659dcd9fa882dd2e940df0", "7eef302158941c1bb82f0c4e04c2fd0e00c2c4cb3a726ddcfb44dbf928184a60", "bdc1cccd3799eef17fa58cabdee058b21633c275e78e79cf3ceddd744df9186f", "800b61f1ab3fb1ec621d010899c02dc385ff7aaeae1917156177d4b62542a80a", "8c1b70702257d0bb944164fb0d1dd632052f97b372158eb8345886ebfee25e2f", "783104d529b570eb73f9bc076c34c5ce762350481b1d402a70682a2e5a5a8289", "c295e1b17806f7c4fa05969f3d35774e47b728be43efb9d88a6fcfb0d5738adc", "00a9f6bb07a133aff93fa5dfd009477e886e2da2fd0a6d41b19deb29e737c950", "cc1aa7098b94c80c1cbed4629cfaa0ae0f782521d090bc294a2710b92db322a7", "7bc6edc2bbefcda6773e9971aca8737157b052155ca1b2fa3fb2f77e0c66da78", "220c7b4e4ef91905ceab6f77684a404e73721eb23f32ffd650718ca9ddbfd219", "150cd980f70b0ac30026ddc11726030e437e8d99f30526190d4647680ccdd8fa", "a3bf9835a71f576caecdee29e6a88eda042df5329f14eeb9bf1ab0efe4e384c6", "06557ec3ed23a8540bbdf30feac70d64fdf50197ed543655bc86d9dc4ae40ca3", "cef4bbf70da8f02d496dcd38a64e5a08aaa92561c7df6319efb1e86701257369", "4b0bd0dde73c84997a8421ebf0dd74ce9dafd6d7d366570bf7a516c5bc3cb4fa", "61ca67775b8fc5cdc5c29c93a58f7512c968a0d86dcd39bd5fcd90721f7ba28c", "bbf195d48481ce62a1d2365dc61f7659dfe954fcd2632c4fee8e62658955e847"], "mitre_attack_tags": []}, {"bi": "netbios-query", "hashes": ["336a303772ffa2db341afaa7b40557f9d8c7a32736cb13b9fc13ae1b9d13bdee", "7bfd263a852f1ab102a73d13d291322ca36dc183093a713b07444fa93505439c", "550c821409c3bc9b07552887050f73bdc2c4ee233caddd02966d6253acba38bc", "29fcea73b54b4a26583411eafc5ce2903b75111f530d9fb7abfac6ce01f69791", "9ffccfa726c8f8dc8d5a907489613330c3835b8f72b526880edfe45c39701c32", "8f3a4f0679fb402e18f36fbf1ca9af09c3ba1065867aa3d66c833e71e5096a68", "e03728e63ab6fcdf97ce09d26804de5dd939463d73659dcd9fa882dd2e940df0", "7eef302158941c1bb82f0c4e04c2fd0e00c2c4cb3a726ddcfb44dbf928184a60", "bdc1cccd3799eef17fa58cabdee058b21633c275e78e79cf3ceddd744df9186f", "800b61f1ab3fb1ec621d010899c02dc385ff7aaeae1917156177d4b62542a80a", "8c1b70702257d0bb944164fb0d1dd632052f97b372158eb8345886ebfee25e2f", "783104d529b570eb73f9bc076c34c5ce762350481b1d402a70682a2e5a5a8289", "c295e1b17806f7c4fa05969f3d35774e47b728be43efb9d88a6fcfb0d5738adc", "00a9f6bb07a133aff93fa5dfd009477e886e2da2fd0a6d41b19deb29e737c950", "cc1aa7098b94c80c1cbed4629cfaa0ae0f782521d090bc294a2710b92db322a7", "7bc6edc2bbefcda6773e9971aca8737157b052155ca1b2fa3fb2f77e0c66da78", "220c7b4e4ef91905ceab6f77684a404e73721eb23f32ffd650718ca9ddbfd219", "150cd980f70b0ac30026ddc11726030e437e8d99f30526190d4647680ccdd8fa", "a3bf9835a71f576caecdee29e6a88eda042df5329f14eeb9bf1ab0efe4e384c6", "06557ec3ed23a8540bbdf30feac70d64fdf50197ed543655bc86d9dc4ae40ca3", "cef4bbf70da8f02d496dcd38a64e5a08aaa92561c7df6319efb1e86701257369", "4b0bd0dde73c84997a8421ebf0dd74ce9dafd6d7d366570bf7a516c5bc3cb4fa", "61ca67775b8fc5cdc5c29c93a58f7512c968a0d86dcd39bd5fcd90721f7ba28c", "bbf195d48481ce62a1d2365dc61f7659dfe954fcd2632c4fee8e62658955e847"], "mitre_attack_tags": ["TA0007", "T1016"]}, {"bi": "dns-excessive-domain-queries", "hashes": ["336a303772ffa2db341afaa7b40557f9d8c7a32736cb13b9fc13ae1b9d13bdee", "7bfd263a852f1ab102a73d13d291322ca36dc183093a713b07444fa93505439c", "550c821409c3bc9b07552887050f73bdc2c4ee233caddd02966d6253acba38bc", "29fcea73b54b4a26583411eafc5ce2903b75111f530d9fb7abfac6ce01f69791", "9ffccfa726c8f8dc8d5a907489613330c3835b8f72b526880edfe45c39701c32", "8f3a4f0679fb402e18f36fbf1ca9af09c3ba1065867aa3d66c833e71e5096a68", "e03728e63ab6fcdf97ce09d26804de5dd939463d73659dcd9fa882dd2e940df0", "7eef302158941c1bb82f0c4e04c2fd0e00c2c4cb3a726ddcfb44dbf928184a60", "bdc1cccd3799eef17fa58cabdee058b21633c275e78e79cf3ceddd744df9186f", "800b61f1ab3fb1ec621d010899c02dc385ff7aaeae1917156177d4b62542a80a", "8c1b70702257d0bb944164fb0d1dd632052f97b372158eb8345886ebfee25e2f", "783104d529b570eb73f9bc076c34c5ce762350481b1d402a70682a2e5a5a8289", "c295e1b17806f7c4fa05969f3d35774e47b728be43efb9d88a6fcfb0d5738adc", "00a9f6bb07a133aff93fa5dfd009477e886e2da2fd0a6d41b19deb29e737c950", "cc1aa7098b94c80c1cbed4629cfaa0ae0f782521d090bc294a2710b92db322a7", "7bc6edc2bbefcda6773e9971aca8737157b052155ca1b2fa3fb2f77e0c66da78", "220c7b4e4ef91905ceab6f77684a404e73721eb23f32ffd650718ca9ddbfd219", "150cd980f70b0ac30026ddc11726030e437e8d99f30526190d4647680ccdd8fa", "a3bf9835a71f576caecdee29e6a88eda042df5329f14eeb9bf1ab0efe4e384c6", "06557ec3ed23a8540bbdf30feac70d64fdf50197ed543655bc86d9dc4ae40ca3", "cef4bbf70da8f02d496dcd38a64e5a08aaa92561c7df6319efb1e86701257369", "4b0bd0dde73c84997a8421ebf0dd74ce9dafd6d7d366570bf7a516c5bc3cb4fa", "61ca67775b8fc5cdc5c29c93a58f7512c968a0d86dcd39bd5fcd90721f7ba28c", "bbf195d48481ce62a1d2365dc61f7659dfe954fcd2632c4fee8e62658955e847"], "mitre_attack_tags": ["TA0011", "T1008"]}, {"bi": "excessive-dns-query-nxdomain", "hashes": ["336a303772ffa2db341afaa7b40557f9d8c7a32736cb13b9fc13ae1b9d13bdee", "7bfd263a852f1ab102a73d13d291322ca36dc183093a713b07444fa93505439c", "550c821409c3bc9b07552887050f73bdc2c4ee233caddd02966d6253acba38bc", "29fcea73b54b4a26583411eafc5ce2903b75111f530d9fb7abfac6ce01f69791", "9ffccfa726c8f8dc8d5a907489613330c3835b8f72b526880edfe45c39701c32", "8f3a4f0679fb402e18f36fbf1ca9af09c3ba1065867aa3d66c833e71e5096a68", "e03728e63ab6fcdf97ce09d26804de5dd939463d73659dcd9fa882dd2e940df0", "7eef302158941c1bb82f0c4e04c2fd0e00c2c4cb3a726ddcfb44dbf928184a60", "bdc1cccd3799eef17fa58cabdee058b21633c275e78e79cf3ceddd744df9186f", "800b61f1ab3fb1ec621d010899c02dc385ff7aaeae1917156177d4b62542a80a", "8c1b70702257d0bb944164fb0d1dd632052f97b372158eb8345886ebfee25e2f", "783104d529b570eb73f9bc076c34c5ce762350481b1d402a70682a2e5a5a8289", "c295e1b17806f7c4fa05969f3d35774e47b728be43efb9d88a6fcfb0d5738adc", "00a9f6bb07a133aff93fa5dfd009477e886e2da2fd0a6d41b19deb29e737c950", "cc1aa7098b94c80c1cbed4629cfaa0ae0f782521d090bc294a2710b92db322a7", "7bc6edc2bbefcda6773e9971aca8737157b052155ca1b2fa3fb2f77e0c66da78", "220c7b4e4ef91905ceab6f77684a404e73721eb23f32ffd650718ca9ddbfd219", "150cd980f70b0ac30026ddc11726030e437e8d99f30526190d4647680ccdd8fa", "a3bf9835a71f576caecdee29e6a88eda042df5329f14eeb9bf1ab0efe4e384c6", "06557ec3ed23a8540bbdf30feac70d64fdf50197ed543655bc86d9dc4ae40ca3", "cef4bbf70da8f02d496dcd38a64e5a08aaa92561c7df6319efb1e86701257369", "4b0bd0dde73c84997a8421ebf0dd74ce9dafd6d7d366570bf7a516c5bc3cb4fa", "61ca67775b8fc5cdc5c29c93a58f7512c968a0d86dcd39bd5fcd90721f7ba28c", "bbf195d48481ce62a1d2365dc61f7659dfe954fcd2632c4fee8e62658955e847"], "mitre_attack_tags": ["TA0011", "T1008"]}, {"bi": "feed-domain-antivirus-service", "hashes": ["336a303772ffa2db341afaa7b40557f9d8c7a32736cb13b9fc13ae1b9d13bdee", "7bfd263a852f1ab102a73d13d291322ca36dc183093a713b07444fa93505439c", "550c821409c3bc9b07552887050f73bdc2c4ee233caddd02966d6253acba38bc", "29fcea73b54b4a26583411eafc5ce2903b75111f530d9fb7abfac6ce01f69791", "9ffccfa726c8f8dc8d5a907489613330c3835b8f72b526880edfe45c39701c32", "8f3a4f0679fb402e18f36fbf1ca9af09c3ba1065867aa3d66c833e71e5096a68", "e03728e63ab6fcdf97ce09d26804de5dd939463d73659dcd9fa882dd2e940df0", "7eef302158941c1bb82f0c4e04c2fd0e00c2c4cb3a726ddcfb44dbf928184a60", "bdc1cccd3799eef17fa58cabdee058b21633c275e78e79cf3ceddd744df9186f", "800b61f1ab3fb1ec621d010899c02dc385ff7aaeae1917156177d4b62542a80a", "8c1b70702257d0bb944164fb0d1dd632052f97b372158eb8345886ebfee25e2f", "783104d529b570eb73f9bc076c34c5ce762350481b1d402a70682a2e5a5a8289", "c295e1b17806f7c4fa05969f3d35774e47b728be43efb9d88a6fcfb0d5738adc", "00a9f6bb07a133aff93fa5dfd009477e886e2da2fd0a6d41b19deb29e737c950", "cc1aa7098b94c80c1cbed4629cfaa0ae0f782521d090bc294a2710b92db322a7", "7bc6edc2bbefcda6773e9971aca8737157b052155ca1b2fa3fb2f77e0c66da78", "220c7b4e4ef91905ceab6f77684a404e73721eb23f32ffd650718ca9ddbfd219", "150cd980f70b0ac30026ddc11726030e437e8d99f30526190d4647680ccdd8fa", "a3bf9835a71f576caecdee29e6a88eda042df5329f14eeb9bf1ab0efe4e384c6", "06557ec3ed23a8540bbdf30feac70d64fdf50197ed543655bc86d9dc4ae40ca3", "cef4bbf70da8f02d496dcd38a64e5a08aaa92561c7df6319efb1e86701257369", "4b0bd0dde73c84997a8421ebf0dd74ce9dafd6d7d366570bf7a516c5bc3cb4fa", "61ca67775b8fc5cdc5c29c93a58f7512c968a0d86dcd39bd5fcd90721f7ba28c", "bbf195d48481ce62a1d2365dc61f7659dfe954fcd2632c4fee8e62658955e847"], "mitre_attack_tags": []}, {"bi": "registry-autorun-key-modified", "hashes": ["336a303772ffa2db341afaa7b40557f9d8c7a32736cb13b9fc13ae1b9d13bdee", "7bfd263a852f1ab102a73d13d291322ca36dc183093a713b07444fa93505439c", "550c821409c3bc9b07552887050f73bdc2c4ee233caddd02966d6253acba38bc", "29fcea73b54b4a26583411eafc5ce2903b75111f530d9fb7abfac6ce01f69791", "9ffccfa726c8f8dc8d5a907489613330c3835b8f72b526880edfe45c39701c32", "8f3a4f0679fb402e18f36fbf1ca9af09c3ba1065867aa3d66c833e71e5096a68", "e03728e63ab6fcdf97ce09d26804de5dd939463d73659dcd9fa882dd2e940df0", "7eef302158941c1bb82f0c4e04c2fd0e00c2c4cb3a726ddcfb44dbf928184a60", "bdc1cccd3799eef17fa58cabdee058b21633c275e78e79cf3ceddd744df9186f", "800b61f1ab3fb1ec621d010899c02dc385ff7aaeae1917156177d4b62542a80a", "8c1b70702257d0bb944164fb0d1dd632052f97b372158eb8345886ebfee25e2f", "783104d529b570eb73f9bc076c34c5ce762350481b1d402a70682a2e5a5a8289", "c295e1b17806f7c4fa05969f3d35774e47b728be43efb9d88a6fcfb0d5738adc", "00a9f6bb07a133aff93fa5dfd009477e886e2da2fd0a6d41b19deb29e737c950", "cc1aa7098b94c80c1cbed4629cfaa0ae0f782521d090bc294a2710b92db322a7", "7bc6edc2bbefcda6773e9971aca8737157b052155ca1b2fa3fb2f77e0c66da78", "220c7b4e4ef91905ceab6f77684a404e73721eb23f32ffd650718ca9ddbfd219", "150cd980f70b0ac30026ddc11726030e437e8d99f30526190d4647680ccdd8fa", "a3bf9835a71f576caecdee29e6a88eda042df5329f14eeb9bf1ab0efe4e384c6", "06557ec3ed23a8540bbdf30feac70d64fdf50197ed543655bc86d9dc4ae40ca3", "cef4bbf70da8f02d496dcd38a64e5a08aaa92561c7df6319efb1e86701257369", "4b0bd0dde73c84997a8421ebf0dd74ce9dafd6d7d366570bf7a516c5bc3cb4fa", "61ca67775b8fc5cdc5c29c93a58f7512c968a0d86dcd39bd5fcd90721f7ba28c", "bbf195d48481ce62a1d2365dc61f7659dfe954fcd2632c4fee8e62658955e847"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "registry-autorun-key-modified-nt", "hashes": ["336a303772ffa2db341afaa7b40557f9d8c7a32736cb13b9fc13ae1b9d13bdee", "7bfd263a852f1ab102a73d13d291322ca36dc183093a713b07444fa93505439c", "550c821409c3bc9b07552887050f73bdc2c4ee233caddd02966d6253acba38bc", "29fcea73b54b4a26583411eafc5ce2903b75111f530d9fb7abfac6ce01f69791", "9ffccfa726c8f8dc8d5a907489613330c3835b8f72b526880edfe45c39701c32", "8f3a4f0679fb402e18f36fbf1ca9af09c3ba1065867aa3d66c833e71e5096a68", "e03728e63ab6fcdf97ce09d26804de5dd939463d73659dcd9fa882dd2e940df0", "7eef302158941c1bb82f0c4e04c2fd0e00c2c4cb3a726ddcfb44dbf928184a60", "bdc1cccd3799eef17fa58cabdee058b21633c275e78e79cf3ceddd744df9186f", "800b61f1ab3fb1ec621d010899c02dc385ff7aaeae1917156177d4b62542a80a", "8c1b70702257d0bb944164fb0d1dd632052f97b372158eb8345886ebfee25e2f", "783104d529b570eb73f9bc076c34c5ce762350481b1d402a70682a2e5a5a8289", "c295e1b17806f7c4fa05969f3d35774e47b728be43efb9d88a6fcfb0d5738adc", "00a9f6bb07a133aff93fa5dfd009477e886e2da2fd0a6d41b19deb29e737c950", "cc1aa7098b94c80c1cbed4629cfaa0ae0f782521d090bc294a2710b92db322a7", "7bc6edc2bbefcda6773e9971aca8737157b052155ca1b2fa3fb2f77e0c66da78", "220c7b4e4ef91905ceab6f77684a404e73721eb23f32ffd650718ca9ddbfd219", "150cd980f70b0ac30026ddc11726030e437e8d99f30526190d4647680ccdd8fa", "a3bf9835a71f576caecdee29e6a88eda042df5329f14eeb9bf1ab0efe4e384c6", "06557ec3ed23a8540bbdf30feac70d64fdf50197ed543655bc86d9dc4ae40ca3", "cef4bbf70da8f02d496dcd38a64e5a08aaa92561c7df6319efb1e86701257369", "4b0bd0dde73c84997a8421ebf0dd74ce9dafd6d7d366570bf7a516c5bc3cb4fa", "61ca67775b8fc5cdc5c29c93a58f7512c968a0d86dcd39bd5fcd90721f7ba28c", "bbf195d48481ce62a1d2365dc61f7659dfe954fcd2632c4fee8e62658955e847"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "registry-winlogon-key-modified-nt", "hashes": ["336a303772ffa2db341afaa7b40557f9d8c7a32736cb13b9fc13ae1b9d13bdee", "7bfd263a852f1ab102a73d13d291322ca36dc183093a713b07444fa93505439c", "550c821409c3bc9b07552887050f73bdc2c4ee233caddd02966d6253acba38bc", "29fcea73b54b4a26583411eafc5ce2903b75111f530d9fb7abfac6ce01f69791", "9ffccfa726c8f8dc8d5a907489613330c3835b8f72b526880edfe45c39701c32", "8f3a4f0679fb402e18f36fbf1ca9af09c3ba1065867aa3d66c833e71e5096a68", "e03728e63ab6fcdf97ce09d26804de5dd939463d73659dcd9fa882dd2e940df0", "7eef302158941c1bb82f0c4e04c2fd0e00c2c4cb3a726ddcfb44dbf928184a60", "bdc1cccd3799eef17fa58cabdee058b21633c275e78e79cf3ceddd744df9186f", "800b61f1ab3fb1ec621d010899c02dc385ff7aaeae1917156177d4b62542a80a", "8c1b70702257d0bb944164fb0d1dd632052f97b372158eb8345886ebfee25e2f", "783104d529b570eb73f9bc076c34c5ce762350481b1d402a70682a2e5a5a8289", "c295e1b17806f7c4fa05969f3d35774e47b728be43efb9d88a6fcfb0d5738adc", "00a9f6bb07a133aff93fa5dfd009477e886e2da2fd0a6d41b19deb29e737c950", "cc1aa7098b94c80c1cbed4629cfaa0ae0f782521d090bc294a2710b92db322a7", "7bc6edc2bbefcda6773e9971aca8737157b052155ca1b2fa3fb2f77e0c66da78", "220c7b4e4ef91905ceab6f77684a404e73721eb23f32ffd650718ca9ddbfd219", "150cd980f70b0ac30026ddc11726030e437e8d99f30526190d4647680ccdd8fa", "a3bf9835a71f576caecdee29e6a88eda042df5329f14eeb9bf1ab0efe4e384c6", "06557ec3ed23a8540bbdf30feac70d64fdf50197ed543655bc86d9dc4ae40ca3", "cef4bbf70da8f02d496dcd38a64e5a08aaa92561c7df6319efb1e86701257369", "4b0bd0dde73c84997a8421ebf0dd74ce9dafd6d7d366570bf7a516c5bc3cb4fa", "61ca67775b8fc5cdc5c29c93a58f7512c968a0d86dcd39bd5fcd90721f7ba28c", "bbf195d48481ce62a1d2365dc61f7659dfe954fcd2632c4fee8e62658955e847"], "mitre_attack_tags": ["TA0005", "TA0003", "TA0004", "T1112", "T1547"]}, {"bi": "pe-imports-toolhelp", "hashes": ["336a303772ffa2db341afaa7b40557f9d8c7a32736cb13b9fc13ae1b9d13bdee", "7bfd263a852f1ab102a73d13d291322ca36dc183093a713b07444fa93505439c", "550c821409c3bc9b07552887050f73bdc2c4ee233caddd02966d6253acba38bc", "29fcea73b54b4a26583411eafc5ce2903b75111f530d9fb7abfac6ce01f69791", "9ffccfa726c8f8dc8d5a907489613330c3835b8f72b526880edfe45c39701c32", "8f3a4f0679fb402e18f36fbf1ca9af09c3ba1065867aa3d66c833e71e5096a68", "e03728e63ab6fcdf97ce09d26804de5dd939463d73659dcd9fa882dd2e940df0", "7eef302158941c1bb82f0c4e04c2fd0e00c2c4cb3a726ddcfb44dbf928184a60", "bdc1cccd3799eef17fa58cabdee058b21633c275e78e79cf3ceddd744df9186f", "800b61f1ab3fb1ec621d010899c02dc385ff7aaeae1917156177d4b62542a80a", "8c1b70702257d0bb944164fb0d1dd632052f97b372158eb8345886ebfee25e2f", "783104d529b570eb73f9bc076c34c5ce762350481b1d402a70682a2e5a5a8289", "c295e1b17806f7c4fa05969f3d35774e47b728be43efb9d88a6fcfb0d5738adc", "00a9f6bb07a133aff93fa5dfd009477e886e2da2fd0a6d41b19deb29e737c950", "cc1aa7098b94c80c1cbed4629cfaa0ae0f782521d090bc294a2710b92db322a7", "7bc6edc2bbefcda6773e9971aca8737157b052155ca1b2fa3fb2f77e0c66da78", "220c7b4e4ef91905ceab6f77684a404e73721eb23f32ffd650718ca9ddbfd219", "150cd980f70b0ac30026ddc11726030e437e8d99f30526190d4647680ccdd8fa", "a3bf9835a71f576caecdee29e6a88eda042df5329f14eeb9bf1ab0efe4e384c6", "06557ec3ed23a8540bbdf30feac70d64fdf50197ed543655bc86d9dc4ae40ca3", "cef4bbf70da8f02d496dcd38a64e5a08aaa92561c7df6319efb1e86701257369", "4b0bd0dde73c84997a8421ebf0dd74ce9dafd6d7d366570bf7a516c5bc3cb4fa", "61ca67775b8fc5cdc5c29c93a58f7512c968a0d86dcd39bd5fcd90721f7ba28c", "bbf195d48481ce62a1d2365dc61f7659dfe954fcd2632c4fee8e62658955e847"], "mitre_attack_tags": ["TA0007", "T1057"]}, {"bi": "html-redirect", "hashes": ["336a303772ffa2db341afaa7b40557f9d8c7a32736cb13b9fc13ae1b9d13bdee", "7bfd263a852f1ab102a73d13d291322ca36dc183093a713b07444fa93505439c", "550c821409c3bc9b07552887050f73bdc2c4ee233caddd02966d6253acba38bc", "29fcea73b54b4a26583411eafc5ce2903b75111f530d9fb7abfac6ce01f69791", "9ffccfa726c8f8dc8d5a907489613330c3835b8f72b526880edfe45c39701c32", "8f3a4f0679fb402e18f36fbf1ca9af09c3ba1065867aa3d66c833e71e5096a68", "e03728e63ab6fcdf97ce09d26804de5dd939463d73659dcd9fa882dd2e940df0", "7eef302158941c1bb82f0c4e04c2fd0e00c2c4cb3a726ddcfb44dbf928184a60", "bdc1cccd3799eef17fa58cabdee058b21633c275e78e79cf3ceddd744df9186f", "800b61f1ab3fb1ec621d010899c02dc385ff7aaeae1917156177d4b62542a80a", "8c1b70702257d0bb944164fb0d1dd632052f97b372158eb8345886ebfee25e2f", "783104d529b570eb73f9bc076c34c5ce762350481b1d402a70682a2e5a5a8289", "c295e1b17806f7c4fa05969f3d35774e47b728be43efb9d88a6fcfb0d5738adc", "00a9f6bb07a133aff93fa5dfd009477e886e2da2fd0a6d41b19deb29e737c950", "cc1aa7098b94c80c1cbed4629cfaa0ae0f782521d090bc294a2710b92db322a7", "7bc6edc2bbefcda6773e9971aca8737157b052155ca1b2fa3fb2f77e0c66da78", "220c7b4e4ef91905ceab6f77684a404e73721eb23f32ffd650718ca9ddbfd219", "150cd980f70b0ac30026ddc11726030e437e8d99f30526190d4647680ccdd8fa", "a3bf9835a71f576caecdee29e6a88eda042df5329f14eeb9bf1ab0efe4e384c6", "06557ec3ed23a8540bbdf30feac70d64fdf50197ed543655bc86d9dc4ae40ca3", "cef4bbf70da8f02d496dcd38a64e5a08aaa92561c7df6319efb1e86701257369", "4b0bd0dde73c84997a8421ebf0dd74ce9dafd6d7d366570bf7a516c5bc3cb4fa", "61ca67775b8fc5cdc5c29c93a58f7512c968a0d86dcd39bd5fcd90721f7ba28c", "bbf195d48481ce62a1d2365dc61f7659dfe954fcd2632c4fee8e62658955e847"], "mitre_attack_tags": ["TA0001", "T1189"]}, {"bi": "registry-winlogon-key-value-modified-to-userinit", "hashes": ["336a303772ffa2db341afaa7b40557f9d8c7a32736cb13b9fc13ae1b9d13bdee", "7bfd263a852f1ab102a73d13d291322ca36dc183093a713b07444fa93505439c", "550c821409c3bc9b07552887050f73bdc2c4ee233caddd02966d6253acba38bc", "29fcea73b54b4a26583411eafc5ce2903b75111f530d9fb7abfac6ce01f69791", "9ffccfa726c8f8dc8d5a907489613330c3835b8f72b526880edfe45c39701c32", "8f3a4f0679fb402e18f36fbf1ca9af09c3ba1065867aa3d66c833e71e5096a68", "e03728e63ab6fcdf97ce09d26804de5dd939463d73659dcd9fa882dd2e940df0", "7eef302158941c1bb82f0c4e04c2fd0e00c2c4cb3a726ddcfb44dbf928184a60", "bdc1cccd3799eef17fa58cabdee058b21633c275e78e79cf3ceddd744df9186f", "800b61f1ab3fb1ec621d010899c02dc385ff7aaeae1917156177d4b62542a80a", "8c1b70702257d0bb944164fb0d1dd632052f97b372158eb8345886ebfee25e2f", "783104d529b570eb73f9bc076c34c5ce762350481b1d402a70682a2e5a5a8289", "c295e1b17806f7c4fa05969f3d35774e47b728be43efb9d88a6fcfb0d5738adc", "00a9f6bb07a133aff93fa5dfd009477e886e2da2fd0a6d41b19deb29e737c950", "cc1aa7098b94c80c1cbed4629cfaa0ae0f782521d090bc294a2710b92db322a7", "7bc6edc2bbefcda6773e9971aca8737157b052155ca1b2fa3fb2f77e0c66da78", "220c7b4e4ef91905ceab6f77684a404e73721eb23f32ffd650718ca9ddbfd219", "150cd980f70b0ac30026ddc11726030e437e8d99f30526190d4647680ccdd8fa", "a3bf9835a71f576caecdee29e6a88eda042df5329f14eeb9bf1ab0efe4e384c6", "06557ec3ed23a8540bbdf30feac70d64fdf50197ed543655bc86d9dc4ae40ca3", "cef4bbf70da8f02d496dcd38a64e5a08aaa92561c7df6319efb1e86701257369", "4b0bd0dde73c84997a8421ebf0dd74ce9dafd6d7d366570bf7a516c5bc3cb4fa", "61ca67775b8fc5cdc5c29c93a58f7512c968a0d86dcd39bd5fcd90721f7ba28c", "bbf195d48481ce62a1d2365dc61f7659dfe954fcd2632c4fee8e62658955e847"], "mitre_attack_tags": ["TA0005", "TA0003", "TA0004", "T1112", "T1547"]}, {"bi": "malware-shiz-mutex-detected", "hashes": ["336a303772ffa2db341afaa7b40557f9d8c7a32736cb13b9fc13ae1b9d13bdee", "7bfd263a852f1ab102a73d13d291322ca36dc183093a713b07444fa93505439c", "550c821409c3bc9b07552887050f73bdc2c4ee233caddd02966d6253acba38bc", "29fcea73b54b4a26583411eafc5ce2903b75111f530d9fb7abfac6ce01f69791", "9ffccfa726c8f8dc8d5a907489613330c3835b8f72b526880edfe45c39701c32", "8f3a4f0679fb402e18f36fbf1ca9af09c3ba1065867aa3d66c833e71e5096a68", "e03728e63ab6fcdf97ce09d26804de5dd939463d73659dcd9fa882dd2e940df0", "7eef302158941c1bb82f0c4e04c2fd0e00c2c4cb3a726ddcfb44dbf928184a60", "bdc1cccd3799eef17fa58cabdee058b21633c275e78e79cf3ceddd744df9186f", "800b61f1ab3fb1ec621d010899c02dc385ff7aaeae1917156177d4b62542a80a", "8c1b70702257d0bb944164fb0d1dd632052f97b372158eb8345886ebfee25e2f", "783104d529b570eb73f9bc076c34c5ce762350481b1d402a70682a2e5a5a8289", "c295e1b17806f7c4fa05969f3d35774e47b728be43efb9d88a6fcfb0d5738adc", "00a9f6bb07a133aff93fa5dfd009477e886e2da2fd0a6d41b19deb29e737c950", "cc1aa7098b94c80c1cbed4629cfaa0ae0f782521d090bc294a2710b92db322a7", "7bc6edc2bbefcda6773e9971aca8737157b052155ca1b2fa3fb2f77e0c66da78", "220c7b4e4ef91905ceab6f77684a404e73721eb23f32ffd650718ca9ddbfd219", "150cd980f70b0ac30026ddc11726030e437e8d99f30526190d4647680ccdd8fa", "a3bf9835a71f576caecdee29e6a88eda042df5329f14eeb9bf1ab0efe4e384c6", "06557ec3ed23a8540bbdf30feac70d64fdf50197ed543655bc86d9dc4ae40ca3", "cef4bbf70da8f02d496dcd38a64e5a08aaa92561c7df6319efb1e86701257369", "4b0bd0dde73c84997a8421ebf0dd74ce9dafd6d7d366570bf7a516c5bc3cb4fa", "61ca67775b8fc5cdc5c29c93a58f7512c968a0d86dcd39bd5fcd90721f7ba28c", "bbf195d48481ce62a1d2365dc61f7659dfe954fcd2632c4fee8e62658955e847"], "mitre_attack_tags": []}, {"bi": "registry-autorun-key-points-to-temp", "hashes": ["336a303772ffa2db341afaa7b40557f9d8c7a32736cb13b9fc13ae1b9d13bdee", "7bfd263a852f1ab102a73d13d291322ca36dc183093a713b07444fa93505439c", "550c821409c3bc9b07552887050f73bdc2c4ee233caddd02966d6253acba38bc", "29fcea73b54b4a26583411eafc5ce2903b75111f530d9fb7abfac6ce01f69791", "9ffccfa726c8f8dc8d5a907489613330c3835b8f72b526880edfe45c39701c32", "8f3a4f0679fb402e18f36fbf1ca9af09c3ba1065867aa3d66c833e71e5096a68", "e03728e63ab6fcdf97ce09d26804de5dd939463d73659dcd9fa882dd2e940df0", "7eef302158941c1bb82f0c4e04c2fd0e00c2c4cb3a726ddcfb44dbf928184a60", "bdc1cccd3799eef17fa58cabdee058b21633c275e78e79cf3ceddd744df9186f", "800b61f1ab3fb1ec621d010899c02dc385ff7aaeae1917156177d4b62542a80a", "8c1b70702257d0bb944164fb0d1dd632052f97b372158eb8345886ebfee25e2f", "783104d529b570eb73f9bc076c34c5ce762350481b1d402a70682a2e5a5a8289", "c295e1b17806f7c4fa05969f3d35774e47b728be43efb9d88a6fcfb0d5738adc", "00a9f6bb07a133aff93fa5dfd009477e886e2da2fd0a6d41b19deb29e737c950", "cc1aa7098b94c80c1cbed4629cfaa0ae0f782521d090bc294a2710b92db322a7", "7bc6edc2bbefcda6773e9971aca8737157b052155ca1b2fa3fb2f77e0c66da78", "220c7b4e4ef91905ceab6f77684a404e73721eb23f32ffd650718ca9ddbfd219", "150cd980f70b0ac30026ddc11726030e437e8d99f30526190d4647680ccdd8fa", "a3bf9835a71f576caecdee29e6a88eda042df5329f14eeb9bf1ab0efe4e384c6", "06557ec3ed23a8540bbdf30feac70d64fdf50197ed543655bc86d9dc4ae40ca3", "cef4bbf70da8f02d496dcd38a64e5a08aaa92561c7df6319efb1e86701257369", "4b0bd0dde73c84997a8421ebf0dd74ce9dafd6d7d366570bf7a516c5bc3cb4fa", "61ca67775b8fc5cdc5c29c93a58f7512c968a0d86dcd39bd5fcd90721f7ba28c", "bbf195d48481ce62a1d2365dc61f7659dfe954fcd2632c4fee8e62658955e847"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "artifact-flagged-anomaly", "hashes": ["336a303772ffa2db341afaa7b40557f9d8c7a32736cb13b9fc13ae1b9d13bdee", "29fcea73b54b4a26583411eafc5ce2903b75111f530d9fb7abfac6ce01f69791", "8f3a4f0679fb402e18f36fbf1ca9af09c3ba1065867aa3d66c833e71e5096a68", "bdc1cccd3799eef17fa58cabdee058b21633c275e78e79cf3ceddd744df9186f", "00a9f6bb07a133aff93fa5dfd009477e886e2da2fd0a6d41b19deb29e737c950", "150cd980f70b0ac30026ddc11726030e437e8d99f30526190d4647680ccdd8fa", "cef4bbf70da8f02d496dcd38a64e5a08aaa92561c7df6319efb1e86701257369", "61ca67775b8fc5cdc5c29c93a58f7512c968a0d86dcd39bd5fcd90721f7ba28c"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "html-excessive-javascript-function-declaration", "hashes": ["336a303772ffa2db341afaa7b40557f9d8c7a32736cb13b9fc13ae1b9d13bdee", "29fcea73b54b4a26583411eafc5ce2903b75111f530d9fb7abfac6ce01f69791", "8f3a4f0679fb402e18f36fbf1ca9af09c3ba1065867aa3d66c833e71e5096a68", "bdc1cccd3799eef17fa58cabdee058b21633c275e78e79cf3ceddd744df9186f", "00a9f6bb07a133aff93fa5dfd009477e886e2da2fd0a6d41b19deb29e737c950", "150cd980f70b0ac30026ddc11726030e437e8d99f30526190d4647680ccdd8fa", "cef4bbf70da8f02d496dcd38a64e5a08aaa92561c7df6319efb1e86701257369", "61ca67775b8fc5cdc5c29c93a58f7512c968a0d86dcd39bd5fcd90721f7ba28c"], "mitre_attack_tags": ["TA0001", "T1566"]}, {"bi": "http-response-server-error", "hashes": ["336a303772ffa2db341afaa7b40557f9d8c7a32736cb13b9fc13ae1b9d13bdee", "7bfd263a852f1ab102a73d13d291322ca36dc183093a713b07444fa93505439c", "550c821409c3bc9b07552887050f73bdc2c4ee233caddd02966d6253acba38bc", "8f3a4f0679fb402e18f36fbf1ca9af09c3ba1065867aa3d66c833e71e5096a68", "8c1b70702257d0bb944164fb0d1dd632052f97b372158eb8345886ebfee25e2f", "220c7b4e4ef91905ceab6f77684a404e73721eb23f32ffd650718ca9ddbfd219", "61ca67775b8fc5cdc5c29c93a58f7512c968a0d86dcd39bd5fcd90721f7ba28c"], "mitre_attack_tags": []}, {"bi": "pe-header-subsystem", "hashes": ["20fbca4e9d517b65d9ad39542de43f4ecf80d3f653f8d4748307dac7f4236fa2"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "network-opendns-malicious", "hashes": ["220c7b4e4ef91905ceab6f77684a404e73721eb23f32ffd650718ca9ddbfd219"], "mitre_attack_tags": []}, {"bi": "network-dns-category-parked-domain", "hashes": ["220c7b4e4ef91905ceab6f77684a404e73721eb23f32ffd650718ca9ddbfd219"], "mitre_attack_tags": []}, {"bi": "network-dns-upload-file", "hashes": ["220c7b4e4ef91905ceab6f77684a404e73721eb23f32ffd650718ca9ddbfd219"], "mitre_attack_tags": []}, {"bi": "network-dns-category-cnc", "hashes": ["220c7b4e4ef91905ceab6f77684a404e73721eb23f32ffd650718ca9ddbfd219"], "mitre_attack_tags": ["TA0011"]}], "category": "Dropper", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": true, "Threat Grid": true, "Umbrella": true, "WSA": true}, "description": "Shiz is a remote access trojan that allows an attacker to access an infected machine in order to harvest sensitive information. It is commonly spread via droppers or by visiting a malicious site.", "hashes": ["00a9f6bb07a133aff93fa5dfd009477e886e2da2fd0a6d41b19deb29e737c950", "06557ec3ed23a8540bbdf30feac70d64fdf50197ed543655bc86d9dc4ae40ca3", "150cd980f70b0ac30026ddc11726030e437e8d99f30526190d4647680ccdd8fa", "20fbca4e9d517b65d9ad39542de43f4ecf80d3f653f8d4748307dac7f4236fa2", "220c7b4e4ef91905ceab6f77684a404e73721eb23f32ffd650718ca9ddbfd219", "29fcea73b54b4a26583411eafc5ce2903b75111f530d9fb7abfac6ce01f69791", "336a303772ffa2db341afaa7b40557f9d8c7a32736cb13b9fc13ae1b9d13bdee", "4b0bd0dde73c84997a8421ebf0dd74ce9dafd6d7d366570bf7a516c5bc3cb4fa", "550c821409c3bc9b07552887050f73bdc2c4ee233caddd02966d6253acba38bc", "61ca67775b8fc5cdc5c29c93a58f7512c968a0d86dcd39bd5fcd90721f7ba28c", "783104d529b570eb73f9bc076c34c5ce762350481b1d402a70682a2e5a5a8289", "7bc6edc2bbefcda6773e9971aca8737157b052155ca1b2fa3fb2f77e0c66da78", "7bfd263a852f1ab102a73d13d291322ca36dc183093a713b07444fa93505439c", "7eef302158941c1bb82f0c4e04c2fd0e00c2c4cb3a726ddcfb44dbf928184a60", "800b61f1ab3fb1ec621d010899c02dc385ff7aaeae1917156177d4b62542a80a", "8c1b70702257d0bb944164fb0d1dd632052f97b372158eb8345886ebfee25e2f", "8f3a4f0679fb402e18f36fbf1ca9af09c3ba1065867aa3d66c833e71e5096a68", "9ffccfa726c8f8dc8d5a907489613330c3835b8f72b526880edfe45c39701c32", "a3bf9835a71f576caecdee29e6a88eda042df5329f14eeb9bf1ab0efe4e384c6", "bbf195d48481ce62a1d2365dc61f7659dfe954fcd2632c4fee8e62658955e847", "bdc1cccd3799eef17fa58cabdee058b21633c275e78e79cf3ceddd744df9186f", "c295e1b17806f7c4fa05969f3d35774e47b728be43efb9d88a6fcfb0d5738adc", "cc1aa7098b94c80c1cbed4629cfaa0ae0f782521d090bc294a2710b92db322a7", "cef4bbf70da8f02d496dcd38a64e5a08aaa92561c7df6319efb1e86701257369", "e03728e63ab6fcdf97ce09d26804de5dd939463d73659dcd9fa882dd2e940df0", "e4e09525da07d3c5a39952ec4e50f13f63010105e227d54861001e2b5e3bb8bd", "f84a3b99de964f17803cf9eb7e76d2979a6c47a61cb8b2b9de584cd7e8b95b1c", "fef1db542533eee656b19379a86934b9ddbb215e3fc5db620ae8bf39c7d250e9"], "iocs": {"domain": [{"hashes": ["00a9f6bb07a133aff93fa5dfd009477e886e2da2fd0a6d41b19deb29e737c950", "06557ec3ed23a8540bbdf30feac70d64fdf50197ed543655bc86d9dc4ae40ca3", "150cd980f70b0ac30026ddc11726030e437e8d99f30526190d4647680ccdd8fa", "220c7b4e4ef91905ceab6f77684a404e73721eb23f32ffd650718ca9ddbfd219", "29fcea73b54b4a26583411eafc5ce2903b75111f530d9fb7abfac6ce01f69791", "336a303772ffa2db341afaa7b40557f9d8c7a32736cb13b9fc13ae1b9d13bdee", "4b0bd0dde73c84997a8421ebf0dd74ce9dafd6d7d366570bf7a516c5bc3cb4fa", "550c821409c3bc9b07552887050f73bdc2c4ee233caddd02966d6253acba38bc", "61ca67775b8fc5cdc5c29c93a58f7512c968a0d86dcd39bd5fcd90721f7ba28c", "783104d529b570eb73f9bc076c34c5ce762350481b1d402a70682a2e5a5a8289", "7bc6edc2bbefcda6773e9971aca8737157b052155ca1b2fa3fb2f77e0c66da78", "7bfd263a852f1ab102a73d13d291322ca36dc183093a713b07444fa93505439c", "7eef302158941c1bb82f0c4e04c2fd0e00c2c4cb3a726ddcfb44dbf928184a60", "800b61f1ab3fb1ec621d010899c02dc385ff7aaeae1917156177d4b62542a80a", "8c1b70702257d0bb944164fb0d1dd632052f97b372158eb8345886ebfee25e2f", "8f3a4f0679fb402e18f36fbf1ca9af09c3ba1065867aa3d66c833e71e5096a68", "9ffccfa726c8f8dc8d5a907489613330c3835b8f72b526880edfe45c39701c32", "a3bf9835a71f576caecdee29e6a88eda042df5329f14eeb9bf1ab0efe4e384c6", "bbf195d48481ce62a1d2365dc61f7659dfe954fcd2632c4fee8e62658955e847", "bdc1cccd3799eef17fa58cabdee058b21633c275e78e79cf3ceddd744df9186f", "c295e1b17806f7c4fa05969f3d35774e47b728be43efb9d88a6fcfb0d5738adc", "cc1aa7098b94c80c1cbed4629cfaa0ae0f782521d090bc294a2710b92db322a7", "cef4bbf70da8f02d496dcd38a64e5a08aaa92561c7df6319efb1e86701257369", "e03728e63ab6fcdf97ce09d26804de5dd939463d73659dcd9fa882dd2e940df0"], "host": "purijygirem[.]eu"}, {"hashes": ["00a9f6bb07a133aff93fa5dfd009477e886e2da2fd0a6d41b19deb29e737c950", "06557ec3ed23a8540bbdf30feac70d64fdf50197ed543655bc86d9dc4ae40ca3", "150cd980f70b0ac30026ddc11726030e437e8d99f30526190d4647680ccdd8fa", "220c7b4e4ef91905ceab6f77684a404e73721eb23f32ffd650718ca9ddbfd219", "29fcea73b54b4a26583411eafc5ce2903b75111f530d9fb7abfac6ce01f69791", "336a303772ffa2db341afaa7b40557f9d8c7a32736cb13b9fc13ae1b9d13bdee", "4b0bd0dde73c84997a8421ebf0dd74ce9dafd6d7d366570bf7a516c5bc3cb4fa", "550c821409c3bc9b07552887050f73bdc2c4ee233caddd02966d6253acba38bc", "61ca67775b8fc5cdc5c29c93a58f7512c968a0d86dcd39bd5fcd90721f7ba28c", "783104d529b570eb73f9bc076c34c5ce762350481b1d402a70682a2e5a5a8289", "7bc6edc2bbefcda6773e9971aca8737157b052155ca1b2fa3fb2f77e0c66da78", "7bfd263a852f1ab102a73d13d291322ca36dc183093a713b07444fa93505439c", "7eef302158941c1bb82f0c4e04c2fd0e00c2c4cb3a726ddcfb44dbf928184a60", "800b61f1ab3fb1ec621d010899c02dc385ff7aaeae1917156177d4b62542a80a", "8c1b70702257d0bb944164fb0d1dd632052f97b372158eb8345886ebfee25e2f", "8f3a4f0679fb402e18f36fbf1ca9af09c3ba1065867aa3d66c833e71e5096a68", "9ffccfa726c8f8dc8d5a907489613330c3835b8f72b526880edfe45c39701c32", "a3bf9835a71f576caecdee29e6a88eda042df5329f14eeb9bf1ab0efe4e384c6", "bbf195d48481ce62a1d2365dc61f7659dfe954fcd2632c4fee8e62658955e847", "bdc1cccd3799eef17fa58cabdee058b21633c275e78e79cf3ceddd744df9186f", "c295e1b17806f7c4fa05969f3d35774e47b728be43efb9d88a6fcfb0d5738adc", "cc1aa7098b94c80c1cbed4629cfaa0ae0f782521d090bc294a2710b92db322a7", "cef4bbf70da8f02d496dcd38a64e5a08aaa92561c7df6319efb1e86701257369", "e03728e63ab6fcdf97ce09d26804de5dd939463d73659dcd9fa882dd2e940df0"], "host": "dimasyhageh[.]eu"}, {"hashes": ["00a9f6bb07a133aff93fa5dfd009477e886e2da2fd0a6d41b19deb29e737c950", "06557ec3ed23a8540bbdf30feac70d64fdf50197ed543655bc86d9dc4ae40ca3", "150cd980f70b0ac30026ddc11726030e437e8d99f30526190d4647680ccdd8fa", "220c7b4e4ef91905ceab6f77684a404e73721eb23f32ffd650718ca9ddbfd219", "29fcea73b54b4a26583411eafc5ce2903b75111f530d9fb7abfac6ce01f69791", "336a303772ffa2db341afaa7b40557f9d8c7a32736cb13b9fc13ae1b9d13bdee", "4b0bd0dde73c84997a8421ebf0dd74ce9dafd6d7d366570bf7a516c5bc3cb4fa", "550c821409c3bc9b07552887050f73bdc2c4ee233caddd02966d6253acba38bc", "61ca67775b8fc5cdc5c29c93a58f7512c968a0d86dcd39bd5fcd90721f7ba28c", "783104d529b570eb73f9bc076c34c5ce762350481b1d402a70682a2e5a5a8289", "7bc6edc2bbefcda6773e9971aca8737157b052155ca1b2fa3fb2f77e0c66da78", "7bfd263a852f1ab102a73d13d291322ca36dc183093a713b07444fa93505439c", "7eef302158941c1bb82f0c4e04c2fd0e00c2c4cb3a726ddcfb44dbf928184a60", "800b61f1ab3fb1ec621d010899c02dc385ff7aaeae1917156177d4b62542a80a", "8c1b70702257d0bb944164fb0d1dd632052f97b372158eb8345886ebfee25e2f", "8f3a4f0679fb402e18f36fbf1ca9af09c3ba1065867aa3d66c833e71e5096a68", "9ffccfa726c8f8dc8d5a907489613330c3835b8f72b526880edfe45c39701c32", "a3bf9835a71f576caecdee29e6a88eda042df5329f14eeb9bf1ab0efe4e384c6", "bbf195d48481ce62a1d2365dc61f7659dfe954fcd2632c4fee8e62658955e847", "bdc1cccd3799eef17fa58cabdee058b21633c275e78e79cf3ceddd744df9186f", "c295e1b17806f7c4fa05969f3d35774e47b728be43efb9d88a6fcfb0d5738adc", "cc1aa7098b94c80c1cbed4629cfaa0ae0f782521d090bc294a2710b92db322a7", "cef4bbf70da8f02d496dcd38a64e5a08aaa92561c7df6319efb1e86701257369", "e03728e63ab6fcdf97ce09d26804de5dd939463d73659dcd9fa882dd2e940df0"], "host": "ciqofymosip[.]eu"}, {"hashes": ["00a9f6bb07a133aff93fa5dfd009477e886e2da2fd0a6d41b19deb29e737c950", "06557ec3ed23a8540bbdf30feac70d64fdf50197ed543655bc86d9dc4ae40ca3", "150cd980f70b0ac30026ddc11726030e437e8d99f30526190d4647680ccdd8fa", "220c7b4e4ef91905ceab6f77684a404e73721eb23f32ffd650718ca9ddbfd219", "29fcea73b54b4a26583411eafc5ce2903b75111f530d9fb7abfac6ce01f69791", "336a303772ffa2db341afaa7b40557f9d8c7a32736cb13b9fc13ae1b9d13bdee", "4b0bd0dde73c84997a8421ebf0dd74ce9dafd6d7d366570bf7a516c5bc3cb4fa", "550c821409c3bc9b07552887050f73bdc2c4ee233caddd02966d6253acba38bc", "61ca67775b8fc5cdc5c29c93a58f7512c968a0d86dcd39bd5fcd90721f7ba28c", "783104d529b570eb73f9bc076c34c5ce762350481b1d402a70682a2e5a5a8289", "7bc6edc2bbefcda6773e9971aca8737157b052155ca1b2fa3fb2f77e0c66da78", "7bfd263a852f1ab102a73d13d291322ca36dc183093a713b07444fa93505439c", "7eef302158941c1bb82f0c4e04c2fd0e00c2c4cb3a726ddcfb44dbf928184a60", "800b61f1ab3fb1ec621d010899c02dc385ff7aaeae1917156177d4b62542a80a", "8c1b70702257d0bb944164fb0d1dd632052f97b372158eb8345886ebfee25e2f", "8f3a4f0679fb402e18f36fbf1ca9af09c3ba1065867aa3d66c833e71e5096a68", "9ffccfa726c8f8dc8d5a907489613330c3835b8f72b526880edfe45c39701c32", "a3bf9835a71f576caecdee29e6a88eda042df5329f14eeb9bf1ab0efe4e384c6", "bbf195d48481ce62a1d2365dc61f7659dfe954fcd2632c4fee8e62658955e847", "bdc1cccd3799eef17fa58cabdee058b21633c275e78e79cf3ceddd744df9186f", "c295e1b17806f7c4fa05969f3d35774e47b728be43efb9d88a6fcfb0d5738adc", "cc1aa7098b94c80c1cbed4629cfaa0ae0f782521d090bc294a2710b92db322a7", "cef4bbf70da8f02d496dcd38a64e5a08aaa92561c7df6319efb1e86701257369", "e03728e63ab6fcdf97ce09d26804de5dd939463d73659dcd9fa882dd2e940df0"], "host": "vonerymekix[.]eu"}, {"hashes": ["00a9f6bb07a133aff93fa5dfd009477e886e2da2fd0a6d41b19deb29e737c950", "06557ec3ed23a8540bbdf30feac70d64fdf50197ed543655bc86d9dc4ae40ca3", "150cd980f70b0ac30026ddc11726030e437e8d99f30526190d4647680ccdd8fa", "220c7b4e4ef91905ceab6f77684a404e73721eb23f32ffd650718ca9ddbfd219", "29fcea73b54b4a26583411eafc5ce2903b75111f530d9fb7abfac6ce01f69791", "336a303772ffa2db341afaa7b40557f9d8c7a32736cb13b9fc13ae1b9d13bdee", "4b0bd0dde73c84997a8421ebf0dd74ce9dafd6d7d366570bf7a516c5bc3cb4fa", "550c821409c3bc9b07552887050f73bdc2c4ee233caddd02966d6253acba38bc", "61ca67775b8fc5cdc5c29c93a58f7512c968a0d86dcd39bd5fcd90721f7ba28c", "783104d529b570eb73f9bc076c34c5ce762350481b1d402a70682a2e5a5a8289", "7bc6edc2bbefcda6773e9971aca8737157b052155ca1b2fa3fb2f77e0c66da78", "7bfd263a852f1ab102a73d13d291322ca36dc183093a713b07444fa93505439c", "7eef302158941c1bb82f0c4e04c2fd0e00c2c4cb3a726ddcfb44dbf928184a60", "800b61f1ab3fb1ec621d010899c02dc385ff7aaeae1917156177d4b62542a80a", "8c1b70702257d0bb944164fb0d1dd632052f97b372158eb8345886ebfee25e2f", "8f3a4f0679fb402e18f36fbf1ca9af09c3ba1065867aa3d66c833e71e5096a68", "9ffccfa726c8f8dc8d5a907489613330c3835b8f72b526880edfe45c39701c32", "a3bf9835a71f576caecdee29e6a88eda042df5329f14eeb9bf1ab0efe4e384c6", "bbf195d48481ce62a1d2365dc61f7659dfe954fcd2632c4fee8e62658955e847", "bdc1cccd3799eef17fa58cabdee058b21633c275e78e79cf3ceddd744df9186f", "c295e1b17806f7c4fa05969f3d35774e47b728be43efb9d88a6fcfb0d5738adc", "cc1aa7098b94c80c1cbed4629cfaa0ae0f782521d090bc294a2710b92db322a7", "cef4bbf70da8f02d496dcd38a64e5a08aaa92561c7df6319efb1e86701257369", "e03728e63ab6fcdf97ce09d26804de5dd939463d73659dcd9fa882dd2e940df0"], "host": "novubymyvip[.]eu"}, {"hashes": ["00a9f6bb07a133aff93fa5dfd009477e886e2da2fd0a6d41b19deb29e737c950", "06557ec3ed23a8540bbdf30feac70d64fdf50197ed543655bc86d9dc4ae40ca3", "150cd980f70b0ac30026ddc11726030e437e8d99f30526190d4647680ccdd8fa", "220c7b4e4ef91905ceab6f77684a404e73721eb23f32ffd650718ca9ddbfd219", "29fcea73b54b4a26583411eafc5ce2903b75111f530d9fb7abfac6ce01f69791", "336a303772ffa2db341afaa7b40557f9d8c7a32736cb13b9fc13ae1b9d13bdee", "4b0bd0dde73c84997a8421ebf0dd74ce9dafd6d7d366570bf7a516c5bc3cb4fa", "550c821409c3bc9b07552887050f73bdc2c4ee233caddd02966d6253acba38bc", "61ca67775b8fc5cdc5c29c93a58f7512c968a0d86dcd39bd5fcd90721f7ba28c", "783104d529b570eb73f9bc076c34c5ce762350481b1d402a70682a2e5a5a8289", "7bc6edc2bbefcda6773e9971aca8737157b052155ca1b2fa3fb2f77e0c66da78", "7bfd263a852f1ab102a73d13d291322ca36dc183093a713b07444fa93505439c", "7eef302158941c1bb82f0c4e04c2fd0e00c2c4cb3a726ddcfb44dbf928184a60", "800b61f1ab3fb1ec621d010899c02dc385ff7aaeae1917156177d4b62542a80a", "8c1b70702257d0bb944164fb0d1dd632052f97b372158eb8345886ebfee25e2f", "8f3a4f0679fb402e18f36fbf1ca9af09c3ba1065867aa3d66c833e71e5096a68", "9ffccfa726c8f8dc8d5a907489613330c3835b8f72b526880edfe45c39701c32", "a3bf9835a71f576caecdee29e6a88eda042df5329f14eeb9bf1ab0efe4e384c6", "bbf195d48481ce62a1d2365dc61f7659dfe954fcd2632c4fee8e62658955e847", "bdc1cccd3799eef17fa58cabdee058b21633c275e78e79cf3ceddd744df9186f", "c295e1b17806f7c4fa05969f3d35774e47b728be43efb9d88a6fcfb0d5738adc", "cc1aa7098b94c80c1cbed4629cfaa0ae0f782521d090bc294a2710b92db322a7", "cef4bbf70da8f02d496dcd38a64e5a08aaa92561c7df6319efb1e86701257369", "e03728e63ab6fcdf97ce09d26804de5dd939463d73659dcd9fa882dd2e940df0"], "host": "fobyqyhezem[.]eu"}, {"hashes": ["00a9f6bb07a133aff93fa5dfd009477e886e2da2fd0a6d41b19deb29e737c950", "06557ec3ed23a8540bbdf30feac70d64fdf50197ed543655bc86d9dc4ae40ca3", "150cd980f70b0ac30026ddc11726030e437e8d99f30526190d4647680ccdd8fa", "220c7b4e4ef91905ceab6f77684a404e73721eb23f32ffd650718ca9ddbfd219", "29fcea73b54b4a26583411eafc5ce2903b75111f530d9fb7abfac6ce01f69791", "336a303772ffa2db341afaa7b40557f9d8c7a32736cb13b9fc13ae1b9d13bdee", "4b0bd0dde73c84997a8421ebf0dd74ce9dafd6d7d366570bf7a516c5bc3cb4fa", "550c821409c3bc9b07552887050f73bdc2c4ee233caddd02966d6253acba38bc", "61ca67775b8fc5cdc5c29c93a58f7512c968a0d86dcd39bd5fcd90721f7ba28c", "783104d529b570eb73f9bc076c34c5ce762350481b1d402a70682a2e5a5a8289", "7bc6edc2bbefcda6773e9971aca8737157b052155ca1b2fa3fb2f77e0c66da78", "7bfd263a852f1ab102a73d13d291322ca36dc183093a713b07444fa93505439c", "7eef302158941c1bb82f0c4e04c2fd0e00c2c4cb3a726ddcfb44dbf928184a60", "800b61f1ab3fb1ec621d010899c02dc385ff7aaeae1917156177d4b62542a80a", "8c1b70702257d0bb944164fb0d1dd632052f97b372158eb8345886ebfee25e2f", "8f3a4f0679fb402e18f36fbf1ca9af09c3ba1065867aa3d66c833e71e5096a68", "9ffccfa726c8f8dc8d5a907489613330c3835b8f72b526880edfe45c39701c32", "a3bf9835a71f576caecdee29e6a88eda042df5329f14eeb9bf1ab0efe4e384c6", "bbf195d48481ce62a1d2365dc61f7659dfe954fcd2632c4fee8e62658955e847", "bdc1cccd3799eef17fa58cabdee058b21633c275e78e79cf3ceddd744df9186f", "c295e1b17806f7c4fa05969f3d35774e47b728be43efb9d88a6fcfb0d5738adc", "cc1aa7098b94c80c1cbed4629cfaa0ae0f782521d090bc294a2710b92db322a7", "cef4bbf70da8f02d496dcd38a64e5a08aaa92561c7df6319efb1e86701257369", "e03728e63ab6fcdf97ce09d26804de5dd939463d73659dcd9fa882dd2e940df0"], "host": "gacucuhumeg[.]eu"}, {"hashes": ["00a9f6bb07a133aff93fa5dfd009477e886e2da2fd0a6d41b19deb29e737c950", "06557ec3ed23a8540bbdf30feac70d64fdf50197ed543655bc86d9dc4ae40ca3", "150cd980f70b0ac30026ddc11726030e437e8d99f30526190d4647680ccdd8fa", "220c7b4e4ef91905ceab6f77684a404e73721eb23f32ffd650718ca9ddbfd219", "29fcea73b54b4a26583411eafc5ce2903b75111f530d9fb7abfac6ce01f69791", "336a303772ffa2db341afaa7b40557f9d8c7a32736cb13b9fc13ae1b9d13bdee", "4b0bd0dde73c84997a8421ebf0dd74ce9dafd6d7d366570bf7a516c5bc3cb4fa", "550c821409c3bc9b07552887050f73bdc2c4ee233caddd02966d6253acba38bc", "61ca67775b8fc5cdc5c29c93a58f7512c968a0d86dcd39bd5fcd90721f7ba28c", "783104d529b570eb73f9bc076c34c5ce762350481b1d402a70682a2e5a5a8289", "7bc6edc2bbefcda6773e9971aca8737157b052155ca1b2fa3fb2f77e0c66da78", "7bfd263a852f1ab102a73d13d291322ca36dc183093a713b07444fa93505439c", "7eef302158941c1bb82f0c4e04c2fd0e00c2c4cb3a726ddcfb44dbf928184a60", "800b61f1ab3fb1ec621d010899c02dc385ff7aaeae1917156177d4b62542a80a", "8c1b70702257d0bb944164fb0d1dd632052f97b372158eb8345886ebfee25e2f", "8f3a4f0679fb402e18f36fbf1ca9af09c3ba1065867aa3d66c833e71e5096a68", "9ffccfa726c8f8dc8d5a907489613330c3835b8f72b526880edfe45c39701c32", "a3bf9835a71f576caecdee29e6a88eda042df5329f14eeb9bf1ab0efe4e384c6", "bbf195d48481ce62a1d2365dc61f7659dfe954fcd2632c4fee8e62658955e847", "bdc1cccd3799eef17fa58cabdee058b21633c275e78e79cf3ceddd744df9186f", "c295e1b17806f7c4fa05969f3d35774e47b728be43efb9d88a6fcfb0d5738adc", "cc1aa7098b94c80c1cbed4629cfaa0ae0f782521d090bc294a2710b92db322a7", "cef4bbf70da8f02d496dcd38a64e5a08aaa92561c7df6319efb1e86701257369", "e03728e63ab6fcdf97ce09d26804de5dd939463d73659dcd9fa882dd2e940df0"], "host": "maxilumiriz[.]eu"}, {"hashes": ["00a9f6bb07a133aff93fa5dfd009477e886e2da2fd0a6d41b19deb29e737c950", "06557ec3ed23a8540bbdf30feac70d64fdf50197ed543655bc86d9dc4ae40ca3", "150cd980f70b0ac30026ddc11726030e437e8d99f30526190d4647680ccdd8fa", "220c7b4e4ef91905ceab6f77684a404e73721eb23f32ffd650718ca9ddbfd219", "29fcea73b54b4a26583411eafc5ce2903b75111f530d9fb7abfac6ce01f69791", "336a303772ffa2db341afaa7b40557f9d8c7a32736cb13b9fc13ae1b9d13bdee", "4b0bd0dde73c84997a8421ebf0dd74ce9dafd6d7d366570bf7a516c5bc3cb4fa", "550c821409c3bc9b07552887050f73bdc2c4ee233caddd02966d6253acba38bc", "61ca67775b8fc5cdc5c29c93a58f7512c968a0d86dcd39bd5fcd90721f7ba28c", "783104d529b570eb73f9bc076c34c5ce762350481b1d402a70682a2e5a5a8289", "7bc6edc2bbefcda6773e9971aca8737157b052155ca1b2fa3fb2f77e0c66da78", "7bfd263a852f1ab102a73d13d291322ca36dc183093a713b07444fa93505439c", "7eef302158941c1bb82f0c4e04c2fd0e00c2c4cb3a726ddcfb44dbf928184a60", "800b61f1ab3fb1ec621d010899c02dc385ff7aaeae1917156177d4b62542a80a", "8c1b70702257d0bb944164fb0d1dd632052f97b372158eb8345886ebfee25e2f", "8f3a4f0679fb402e18f36fbf1ca9af09c3ba1065867aa3d66c833e71e5096a68", "9ffccfa726c8f8dc8d5a907489613330c3835b8f72b526880edfe45c39701c32", "a3bf9835a71f576caecdee29e6a88eda042df5329f14eeb9bf1ab0efe4e384c6", "bbf195d48481ce62a1d2365dc61f7659dfe954fcd2632c4fee8e62658955e847", "bdc1cccd3799eef17fa58cabdee058b21633c275e78e79cf3ceddd744df9186f", "c295e1b17806f7c4fa05969f3d35774e47b728be43efb9d88a6fcfb0d5738adc", "cc1aa7098b94c80c1cbed4629cfaa0ae0f782521d090bc294a2710b92db322a7", "cef4bbf70da8f02d496dcd38a64e5a08aaa92561c7df6319efb1e86701257369", "e03728e63ab6fcdf97ce09d26804de5dd939463d73659dcd9fa882dd2e940df0"], "host": "jelojujopen[.]eu"}, {"hashes": ["00a9f6bb07a133aff93fa5dfd009477e886e2da2fd0a6d41b19deb29e737c950", "06557ec3ed23a8540bbdf30feac70d64fdf50197ed543655bc86d9dc4ae40ca3", "150cd980f70b0ac30026ddc11726030e437e8d99f30526190d4647680ccdd8fa", "220c7b4e4ef91905ceab6f77684a404e73721eb23f32ffd650718ca9ddbfd219", "29fcea73b54b4a26583411eafc5ce2903b75111f530d9fb7abfac6ce01f69791", "336a303772ffa2db341afaa7b40557f9d8c7a32736cb13b9fc13ae1b9d13bdee", "4b0bd0dde73c84997a8421ebf0dd74ce9dafd6d7d366570bf7a516c5bc3cb4fa", "550c821409c3bc9b07552887050f73bdc2c4ee233caddd02966d6253acba38bc", "61ca67775b8fc5cdc5c29c93a58f7512c968a0d86dcd39bd5fcd90721f7ba28c", "783104d529b570eb73f9bc076c34c5ce762350481b1d402a70682a2e5a5a8289", "7bc6edc2bbefcda6773e9971aca8737157b052155ca1b2fa3fb2f77e0c66da78", "7bfd263a852f1ab102a73d13d291322ca36dc183093a713b07444fa93505439c", "7eef302158941c1bb82f0c4e04c2fd0e00c2c4cb3a726ddcfb44dbf928184a60", "800b61f1ab3fb1ec621d010899c02dc385ff7aaeae1917156177d4b62542a80a", "8c1b70702257d0bb944164fb0d1dd632052f97b372158eb8345886ebfee25e2f", "8f3a4f0679fb402e18f36fbf1ca9af09c3ba1065867aa3d66c833e71e5096a68", "9ffccfa726c8f8dc8d5a907489613330c3835b8f72b526880edfe45c39701c32", "a3bf9835a71f576caecdee29e6a88eda042df5329f14eeb9bf1ab0efe4e384c6", "bbf195d48481ce62a1d2365dc61f7659dfe954fcd2632c4fee8e62658955e847", "bdc1cccd3799eef17fa58cabdee058b21633c275e78e79cf3ceddd744df9186f", "c295e1b17806f7c4fa05969f3d35774e47b728be43efb9d88a6fcfb0d5738adc", "cc1aa7098b94c80c1cbed4629cfaa0ae0f782521d090bc294a2710b92db322a7", "cef4bbf70da8f02d496dcd38a64e5a08aaa92561c7df6319efb1e86701257369", "e03728e63ab6fcdf97ce09d26804de5dd939463d73659dcd9fa882dd2e940df0"], "host": "qekafuqafit[.]eu"}, {"hashes": ["00a9f6bb07a133aff93fa5dfd009477e886e2da2fd0a6d41b19deb29e737c950", "06557ec3ed23a8540bbdf30feac70d64fdf50197ed543655bc86d9dc4ae40ca3", "150cd980f70b0ac30026ddc11726030e437e8d99f30526190d4647680ccdd8fa", "220c7b4e4ef91905ceab6f77684a404e73721eb23f32ffd650718ca9ddbfd219", "29fcea73b54b4a26583411eafc5ce2903b75111f530d9fb7abfac6ce01f69791", "336a303772ffa2db341afaa7b40557f9d8c7a32736cb13b9fc13ae1b9d13bdee", "4b0bd0dde73c84997a8421ebf0dd74ce9dafd6d7d366570bf7a516c5bc3cb4fa", "550c821409c3bc9b07552887050f73bdc2c4ee233caddd02966d6253acba38bc", "61ca67775b8fc5cdc5c29c93a58f7512c968a0d86dcd39bd5fcd90721f7ba28c", "783104d529b570eb73f9bc076c34c5ce762350481b1d402a70682a2e5a5a8289", "7bc6edc2bbefcda6773e9971aca8737157b052155ca1b2fa3fb2f77e0c66da78", "7bfd263a852f1ab102a73d13d291322ca36dc183093a713b07444fa93505439c", "7eef302158941c1bb82f0c4e04c2fd0e00c2c4cb3a726ddcfb44dbf928184a60", "800b61f1ab3fb1ec621d010899c02dc385ff7aaeae1917156177d4b62542a80a", "8c1b70702257d0bb944164fb0d1dd632052f97b372158eb8345886ebfee25e2f", "8f3a4f0679fb402e18f36fbf1ca9af09c3ba1065867aa3d66c833e71e5096a68", "9ffccfa726c8f8dc8d5a907489613330c3835b8f72b526880edfe45c39701c32", "a3bf9835a71f576caecdee29e6a88eda042df5329f14eeb9bf1ab0efe4e384c6", "bbf195d48481ce62a1d2365dc61f7659dfe954fcd2632c4fee8e62658955e847", "bdc1cccd3799eef17fa58cabdee058b21633c275e78e79cf3ceddd744df9186f", "c295e1b17806f7c4fa05969f3d35774e47b728be43efb9d88a6fcfb0d5738adc", "cc1aa7098b94c80c1cbed4629cfaa0ae0f782521d090bc294a2710b92db322a7", "cef4bbf70da8f02d496dcd38a64e5a08aaa92561c7df6319efb1e86701257369", "e03728e63ab6fcdf97ce09d26804de5dd939463d73659dcd9fa882dd2e940df0"], "host": "ryhyruqeliz[.]eu"}, {"hashes": ["00a9f6bb07a133aff93fa5dfd009477e886e2da2fd0a6d41b19deb29e737c950", "06557ec3ed23a8540bbdf30feac70d64fdf50197ed543655bc86d9dc4ae40ca3", "150cd980f70b0ac30026ddc11726030e437e8d99f30526190d4647680ccdd8fa", "220c7b4e4ef91905ceab6f77684a404e73721eb23f32ffd650718ca9ddbfd219", "29fcea73b54b4a26583411eafc5ce2903b75111f530d9fb7abfac6ce01f69791", "336a303772ffa2db341afaa7b40557f9d8c7a32736cb13b9fc13ae1b9d13bdee", "4b0bd0dde73c84997a8421ebf0dd74ce9dafd6d7d366570bf7a516c5bc3cb4fa", "550c821409c3bc9b07552887050f73bdc2c4ee233caddd02966d6253acba38bc", "61ca67775b8fc5cdc5c29c93a58f7512c968a0d86dcd39bd5fcd90721f7ba28c", "783104d529b570eb73f9bc076c34c5ce762350481b1d402a70682a2e5a5a8289", "7bc6edc2bbefcda6773e9971aca8737157b052155ca1b2fa3fb2f77e0c66da78", "7bfd263a852f1ab102a73d13d291322ca36dc183093a713b07444fa93505439c", "7eef302158941c1bb82f0c4e04c2fd0e00c2c4cb3a726ddcfb44dbf928184a60", "800b61f1ab3fb1ec621d010899c02dc385ff7aaeae1917156177d4b62542a80a", "8c1b70702257d0bb944164fb0d1dd632052f97b372158eb8345886ebfee25e2f", "8f3a4f0679fb402e18f36fbf1ca9af09c3ba1065867aa3d66c833e71e5096a68", "9ffccfa726c8f8dc8d5a907489613330c3835b8f72b526880edfe45c39701c32", "a3bf9835a71f576caecdee29e6a88eda042df5329f14eeb9bf1ab0efe4e384c6", "bbf195d48481ce62a1d2365dc61f7659dfe954fcd2632c4fee8e62658955e847", "bdc1cccd3799eef17fa58cabdee058b21633c275e78e79cf3ceddd744df9186f", "c295e1b17806f7c4fa05969f3d35774e47b728be43efb9d88a6fcfb0d5738adc", "cc1aa7098b94c80c1cbed4629cfaa0ae0f782521d090bc294a2710b92db322a7", "cef4bbf70da8f02d496dcd38a64e5a08aaa92561c7df6319efb1e86701257369", "e03728e63ab6fcdf97ce09d26804de5dd939463d73659dcd9fa882dd2e940df0"], "host": "kejepujajeg[.]eu"}, {"hashes": ["00a9f6bb07a133aff93fa5dfd009477e886e2da2fd0a6d41b19deb29e737c950", "06557ec3ed23a8540bbdf30feac70d64fdf50197ed543655bc86d9dc4ae40ca3", "150cd980f70b0ac30026ddc11726030e437e8d99f30526190d4647680ccdd8fa", "220c7b4e4ef91905ceab6f77684a404e73721eb23f32ffd650718ca9ddbfd219", "29fcea73b54b4a26583411eafc5ce2903b75111f530d9fb7abfac6ce01f69791", "336a303772ffa2db341afaa7b40557f9d8c7a32736cb13b9fc13ae1b9d13bdee", "4b0bd0dde73c84997a8421ebf0dd74ce9dafd6d7d366570bf7a516c5bc3cb4fa", "550c821409c3bc9b07552887050f73bdc2c4ee233caddd02966d6253acba38bc", "61ca67775b8fc5cdc5c29c93a58f7512c968a0d86dcd39bd5fcd90721f7ba28c", "783104d529b570eb73f9bc076c34c5ce762350481b1d402a70682a2e5a5a8289", "7bc6edc2bbefcda6773e9971aca8737157b052155ca1b2fa3fb2f77e0c66da78", "7bfd263a852f1ab102a73d13d291322ca36dc183093a713b07444fa93505439c", "7eef302158941c1bb82f0c4e04c2fd0e00c2c4cb3a726ddcfb44dbf928184a60", "800b61f1ab3fb1ec621d010899c02dc385ff7aaeae1917156177d4b62542a80a", "8c1b70702257d0bb944164fb0d1dd632052f97b372158eb8345886ebfee25e2f", "8f3a4f0679fb402e18f36fbf1ca9af09c3ba1065867aa3d66c833e71e5096a68", "9ffccfa726c8f8dc8d5a907489613330c3835b8f72b526880edfe45c39701c32", "a3bf9835a71f576caecdee29e6a88eda042df5329f14eeb9bf1ab0efe4e384c6", "bbf195d48481ce62a1d2365dc61f7659dfe954fcd2632c4fee8e62658955e847", "bdc1cccd3799eef17fa58cabdee058b21633c275e78e79cf3ceddd744df9186f", "c295e1b17806f7c4fa05969f3d35774e47b728be43efb9d88a6fcfb0d5738adc", "cc1aa7098b94c80c1cbed4629cfaa0ae0f782521d090bc294a2710b92db322a7", "cef4bbf70da8f02d496dcd38a64e5a08aaa92561c7df6319efb1e86701257369", "e03728e63ab6fcdf97ce09d26804de5dd939463d73659dcd9fa882dd2e940df0"], "host": "tufibiqunit[.]eu"}, {"hashes": ["00a9f6bb07a133aff93fa5dfd009477e886e2da2fd0a6d41b19deb29e737c950", "06557ec3ed23a8540bbdf30feac70d64fdf50197ed543655bc86d9dc4ae40ca3", "150cd980f70b0ac30026ddc11726030e437e8d99f30526190d4647680ccdd8fa", "220c7b4e4ef91905ceab6f77684a404e73721eb23f32ffd650718ca9ddbfd219", "29fcea73b54b4a26583411eafc5ce2903b75111f530d9fb7abfac6ce01f69791", "336a303772ffa2db341afaa7b40557f9d8c7a32736cb13b9fc13ae1b9d13bdee", "4b0bd0dde73c84997a8421ebf0dd74ce9dafd6d7d366570bf7a516c5bc3cb4fa", "550c821409c3bc9b07552887050f73bdc2c4ee233caddd02966d6253acba38bc", "61ca67775b8fc5cdc5c29c93a58f7512c968a0d86dcd39bd5fcd90721f7ba28c", "783104d529b570eb73f9bc076c34c5ce762350481b1d402a70682a2e5a5a8289", "7bc6edc2bbefcda6773e9971aca8737157b052155ca1b2fa3fb2f77e0c66da78", "7bfd263a852f1ab102a73d13d291322ca36dc183093a713b07444fa93505439c", "7eef302158941c1bb82f0c4e04c2fd0e00c2c4cb3a726ddcfb44dbf928184a60", "800b61f1ab3fb1ec621d010899c02dc385ff7aaeae1917156177d4b62542a80a", "8c1b70702257d0bb944164fb0d1dd632052f97b372158eb8345886ebfee25e2f", "8f3a4f0679fb402e18f36fbf1ca9af09c3ba1065867aa3d66c833e71e5096a68", "9ffccfa726c8f8dc8d5a907489613330c3835b8f72b526880edfe45c39701c32", "a3bf9835a71f576caecdee29e6a88eda042df5329f14eeb9bf1ab0efe4e384c6", "bbf195d48481ce62a1d2365dc61f7659dfe954fcd2632c4fee8e62658955e847", "bdc1cccd3799eef17fa58cabdee058b21633c275e78e79cf3ceddd744df9186f", "c295e1b17806f7c4fa05969f3d35774e47b728be43efb9d88a6fcfb0d5738adc", "cc1aa7098b94c80c1cbed4629cfaa0ae0f782521d090bc294a2710b92db322a7", "cef4bbf70da8f02d496dcd38a64e5a08aaa92561c7df6319efb1e86701257369", "e03728e63ab6fcdf97ce09d26804de5dd939463d73659dcd9fa882dd2e940df0"], "host": "lygumujycen[.]eu"}, {"hashes": ["00a9f6bb07a133aff93fa5dfd009477e886e2da2fd0a6d41b19deb29e737c950", "06557ec3ed23a8540bbdf30feac70d64fdf50197ed543655bc86d9dc4ae40ca3", "150cd980f70b0ac30026ddc11726030e437e8d99f30526190d4647680ccdd8fa", "220c7b4e4ef91905ceab6f77684a404e73721eb23f32ffd650718ca9ddbfd219", "29fcea73b54b4a26583411eafc5ce2903b75111f530d9fb7abfac6ce01f69791", "336a303772ffa2db341afaa7b40557f9d8c7a32736cb13b9fc13ae1b9d13bdee", "4b0bd0dde73c84997a8421ebf0dd74ce9dafd6d7d366570bf7a516c5bc3cb4fa", "550c821409c3bc9b07552887050f73bdc2c4ee233caddd02966d6253acba38bc", "61ca67775b8fc5cdc5c29c93a58f7512c968a0d86dcd39bd5fcd90721f7ba28c", "783104d529b570eb73f9bc076c34c5ce762350481b1d402a70682a2e5a5a8289", "7bc6edc2bbefcda6773e9971aca8737157b052155ca1b2fa3fb2f77e0c66da78", "7bfd263a852f1ab102a73d13d291322ca36dc183093a713b07444fa93505439c", "7eef302158941c1bb82f0c4e04c2fd0e00c2c4cb3a726ddcfb44dbf928184a60", "800b61f1ab3fb1ec621d010899c02dc385ff7aaeae1917156177d4b62542a80a", "8c1b70702257d0bb944164fb0d1dd632052f97b372158eb8345886ebfee25e2f", "8f3a4f0679fb402e18f36fbf1ca9af09c3ba1065867aa3d66c833e71e5096a68", "9ffccfa726c8f8dc8d5a907489613330c3835b8f72b526880edfe45c39701c32", "a3bf9835a71f576caecdee29e6a88eda042df5329f14eeb9bf1ab0efe4e384c6", "bbf195d48481ce62a1d2365dc61f7659dfe954fcd2632c4fee8e62658955e847", "bdc1cccd3799eef17fa58cabdee058b21633c275e78e79cf3ceddd744df9186f", "c295e1b17806f7c4fa05969f3d35774e47b728be43efb9d88a6fcfb0d5738adc", "cc1aa7098b94c80c1cbed4629cfaa0ae0f782521d090bc294a2710b92db322a7", "cef4bbf70da8f02d496dcd38a64e5a08aaa92561c7df6319efb1e86701257369", "e03728e63ab6fcdf97ce09d26804de5dd939463d73659dcd9fa882dd2e940df0"], "host": "xudoxijiwef[.]eu"}, {"hashes": ["00a9f6bb07a133aff93fa5dfd009477e886e2da2fd0a6d41b19deb29e737c950", "06557ec3ed23a8540bbdf30feac70d64fdf50197ed543655bc86d9dc4ae40ca3", "150cd980f70b0ac30026ddc11726030e437e8d99f30526190d4647680ccdd8fa", "220c7b4e4ef91905ceab6f77684a404e73721eb23f32ffd650718ca9ddbfd219", "29fcea73b54b4a26583411eafc5ce2903b75111f530d9fb7abfac6ce01f69791", "336a303772ffa2db341afaa7b40557f9d8c7a32736cb13b9fc13ae1b9d13bdee", "4b0bd0dde73c84997a8421ebf0dd74ce9dafd6d7d366570bf7a516c5bc3cb4fa", "550c821409c3bc9b07552887050f73bdc2c4ee233caddd02966d6253acba38bc", "61ca67775b8fc5cdc5c29c93a58f7512c968a0d86dcd39bd5fcd90721f7ba28c", "783104d529b570eb73f9bc076c34c5ce762350481b1d402a70682a2e5a5a8289", "7bc6edc2bbefcda6773e9971aca8737157b052155ca1b2fa3fb2f77e0c66da78", "7bfd263a852f1ab102a73d13d291322ca36dc183093a713b07444fa93505439c", "7eef302158941c1bb82f0c4e04c2fd0e00c2c4cb3a726ddcfb44dbf928184a60", "800b61f1ab3fb1ec621d010899c02dc385ff7aaeae1917156177d4b62542a80a", "8c1b70702257d0bb944164fb0d1dd632052f97b372158eb8345886ebfee25e2f", "8f3a4f0679fb402e18f36fbf1ca9af09c3ba1065867aa3d66c833e71e5096a68", "9ffccfa726c8f8dc8d5a907489613330c3835b8f72b526880edfe45c39701c32", "a3bf9835a71f576caecdee29e6a88eda042df5329f14eeb9bf1ab0efe4e384c6", "bbf195d48481ce62a1d2365dc61f7659dfe954fcd2632c4fee8e62658955e847", "bdc1cccd3799eef17fa58cabdee058b21633c275e78e79cf3ceddd744df9186f", "c295e1b17806f7c4fa05969f3d35774e47b728be43efb9d88a6fcfb0d5738adc", "cc1aa7098b94c80c1cbed4629cfaa0ae0f782521d090bc294a2710b92db322a7", "cef4bbf70da8f02d496dcd38a64e5a08aaa92561c7df6319efb1e86701257369", "e03728e63ab6fcdf97ce09d26804de5dd939463d73659dcd9fa882dd2e940df0"], "host": "pupoliqotul[.]eu"}, {"hashes": ["00a9f6bb07a133aff93fa5dfd009477e886e2da2fd0a6d41b19deb29e737c950", "06557ec3ed23a8540bbdf30feac70d64fdf50197ed543655bc86d9dc4ae40ca3", "150cd980f70b0ac30026ddc11726030e437e8d99f30526190d4647680ccdd8fa", "220c7b4e4ef91905ceab6f77684a404e73721eb23f32ffd650718ca9ddbfd219", "29fcea73b54b4a26583411eafc5ce2903b75111f530d9fb7abfac6ce01f69791", "336a303772ffa2db341afaa7b40557f9d8c7a32736cb13b9fc13ae1b9d13bdee", "4b0bd0dde73c84997a8421ebf0dd74ce9dafd6d7d366570bf7a516c5bc3cb4fa", "550c821409c3bc9b07552887050f73bdc2c4ee233caddd02966d6253acba38bc", "61ca67775b8fc5cdc5c29c93a58f7512c968a0d86dcd39bd5fcd90721f7ba28c", "783104d529b570eb73f9bc076c34c5ce762350481b1d402a70682a2e5a5a8289", "7bc6edc2bbefcda6773e9971aca8737157b052155ca1b2fa3fb2f77e0c66da78", "7bfd263a852f1ab102a73d13d291322ca36dc183093a713b07444fa93505439c", "7eef302158941c1bb82f0c4e04c2fd0e00c2c4cb3a726ddcfb44dbf928184a60", "800b61f1ab3fb1ec621d010899c02dc385ff7aaeae1917156177d4b62542a80a", "8c1b70702257d0bb944164fb0d1dd632052f97b372158eb8345886ebfee25e2f", "8f3a4f0679fb402e18f36fbf1ca9af09c3ba1065867aa3d66c833e71e5096a68", "9ffccfa726c8f8dc8d5a907489613330c3835b8f72b526880edfe45c39701c32", "a3bf9835a71f576caecdee29e6a88eda042df5329f14eeb9bf1ab0efe4e384c6", "bbf195d48481ce62a1d2365dc61f7659dfe954fcd2632c4fee8e62658955e847", "bdc1cccd3799eef17fa58cabdee058b21633c275e78e79cf3ceddd744df9186f", "c295e1b17806f7c4fa05969f3d35774e47b728be43efb9d88a6fcfb0d5738adc", "cc1aa7098b94c80c1cbed4629cfaa0ae0f782521d090bc294a2710b92db322a7", "cef4bbf70da8f02d496dcd38a64e5a08aaa92561c7df6319efb1e86701257369", "e03728e63ab6fcdf97ce09d26804de5dd939463d73659dcd9fa882dd2e940df0"], "host": "citahikodab[.]eu"}, {"hashes": ["00a9f6bb07a133aff93fa5dfd009477e886e2da2fd0a6d41b19deb29e737c950", "06557ec3ed23a8540bbdf30feac70d64fdf50197ed543655bc86d9dc4ae40ca3", "150cd980f70b0ac30026ddc11726030e437e8d99f30526190d4647680ccdd8fa", "220c7b4e4ef91905ceab6f77684a404e73721eb23f32ffd650718ca9ddbfd219", "29fcea73b54b4a26583411eafc5ce2903b75111f530d9fb7abfac6ce01f69791", "336a303772ffa2db341afaa7b40557f9d8c7a32736cb13b9fc13ae1b9d13bdee", "4b0bd0dde73c84997a8421ebf0dd74ce9dafd6d7d366570bf7a516c5bc3cb4fa", "550c821409c3bc9b07552887050f73bdc2c4ee233caddd02966d6253acba38bc", "61ca67775b8fc5cdc5c29c93a58f7512c968a0d86dcd39bd5fcd90721f7ba28c", "783104d529b570eb73f9bc076c34c5ce762350481b1d402a70682a2e5a5a8289", "7bc6edc2bbefcda6773e9971aca8737157b052155ca1b2fa3fb2f77e0c66da78", "7bfd263a852f1ab102a73d13d291322ca36dc183093a713b07444fa93505439c", "7eef302158941c1bb82f0c4e04c2fd0e00c2c4cb3a726ddcfb44dbf928184a60", "800b61f1ab3fb1ec621d010899c02dc385ff7aaeae1917156177d4b62542a80a", "8c1b70702257d0bb944164fb0d1dd632052f97b372158eb8345886ebfee25e2f", "8f3a4f0679fb402e18f36fbf1ca9af09c3ba1065867aa3d66c833e71e5096a68", "9ffccfa726c8f8dc8d5a907489613330c3835b8f72b526880edfe45c39701c32", "a3bf9835a71f576caecdee29e6a88eda042df5329f14eeb9bf1ab0efe4e384c6", "bbf195d48481ce62a1d2365dc61f7659dfe954fcd2632c4fee8e62658955e847", "bdc1cccd3799eef17fa58cabdee058b21633c275e78e79cf3ceddd744df9186f", "c295e1b17806f7c4fa05969f3d35774e47b728be43efb9d88a6fcfb0d5738adc", "cc1aa7098b94c80c1cbed4629cfaa0ae0f782521d090bc294a2710b92db322a7", "cef4bbf70da8f02d496dcd38a64e5a08aaa92561c7df6319efb1e86701257369", "e03728e63ab6fcdf97ce09d26804de5dd939463d73659dcd9fa882dd2e940df0"], "host": "direfiwahur[.]eu"}, {"hashes": ["00a9f6bb07a133aff93fa5dfd009477e886e2da2fd0a6d41b19deb29e737c950", "06557ec3ed23a8540bbdf30feac70d64fdf50197ed543655bc86d9dc4ae40ca3", "150cd980f70b0ac30026ddc11726030e437e8d99f30526190d4647680ccdd8fa", "220c7b4e4ef91905ceab6f77684a404e73721eb23f32ffd650718ca9ddbfd219", "29fcea73b54b4a26583411eafc5ce2903b75111f530d9fb7abfac6ce01f69791", "336a303772ffa2db341afaa7b40557f9d8c7a32736cb13b9fc13ae1b9d13bdee", "4b0bd0dde73c84997a8421ebf0dd74ce9dafd6d7d366570bf7a516c5bc3cb4fa", "550c821409c3bc9b07552887050f73bdc2c4ee233caddd02966d6253acba38bc", "61ca67775b8fc5cdc5c29c93a58f7512c968a0d86dcd39bd5fcd90721f7ba28c", "783104d529b570eb73f9bc076c34c5ce762350481b1d402a70682a2e5a5a8289", "7bc6edc2bbefcda6773e9971aca8737157b052155ca1b2fa3fb2f77e0c66da78", "7bfd263a852f1ab102a73d13d291322ca36dc183093a713b07444fa93505439c", "7eef302158941c1bb82f0c4e04c2fd0e00c2c4cb3a726ddcfb44dbf928184a60", "800b61f1ab3fb1ec621d010899c02dc385ff7aaeae1917156177d4b62542a80a", "8c1b70702257d0bb944164fb0d1dd632052f97b372158eb8345886ebfee25e2f", "8f3a4f0679fb402e18f36fbf1ca9af09c3ba1065867aa3d66c833e71e5096a68", "9ffccfa726c8f8dc8d5a907489613330c3835b8f72b526880edfe45c39701c32", "a3bf9835a71f576caecdee29e6a88eda042df5329f14eeb9bf1ab0efe4e384c6", "bbf195d48481ce62a1d2365dc61f7659dfe954fcd2632c4fee8e62658955e847", "bdc1cccd3799eef17fa58cabdee058b21633c275e78e79cf3ceddd744df9186f", "c295e1b17806f7c4fa05969f3d35774e47b728be43efb9d88a6fcfb0d5738adc", "cc1aa7098b94c80c1cbed4629cfaa0ae0f782521d090bc294a2710b92db322a7", "cef4bbf70da8f02d496dcd38a64e5a08aaa92561c7df6319efb1e86701257369", "e03728e63ab6fcdf97ce09d26804de5dd939463d73659dcd9fa882dd2e940df0"], "host": "vowypikelaf[.]eu"}, {"hashes": ["00a9f6bb07a133aff93fa5dfd009477e886e2da2fd0a6d41b19deb29e737c950", "06557ec3ed23a8540bbdf30feac70d64fdf50197ed543655bc86d9dc4ae40ca3", "150cd980f70b0ac30026ddc11726030e437e8d99f30526190d4647680ccdd8fa", "220c7b4e4ef91905ceab6f77684a404e73721eb23f32ffd650718ca9ddbfd219", "29fcea73b54b4a26583411eafc5ce2903b75111f530d9fb7abfac6ce01f69791", "336a303772ffa2db341afaa7b40557f9d8c7a32736cb13b9fc13ae1b9d13bdee", "4b0bd0dde73c84997a8421ebf0dd74ce9dafd6d7d366570bf7a516c5bc3cb4fa", "550c821409c3bc9b07552887050f73bdc2c4ee233caddd02966d6253acba38bc", "61ca67775b8fc5cdc5c29c93a58f7512c968a0d86dcd39bd5fcd90721f7ba28c", "783104d529b570eb73f9bc076c34c5ce762350481b1d402a70682a2e5a5a8289", "7bc6edc2bbefcda6773e9971aca8737157b052155ca1b2fa3fb2f77e0c66da78", "7bfd263a852f1ab102a73d13d291322ca36dc183093a713b07444fa93505439c", "7eef302158941c1bb82f0c4e04c2fd0e00c2c4cb3a726ddcfb44dbf928184a60", "800b61f1ab3fb1ec621d010899c02dc385ff7aaeae1917156177d4b62542a80a", "8c1b70702257d0bb944164fb0d1dd632052f97b372158eb8345886ebfee25e2f", "8f3a4f0679fb402e18f36fbf1ca9af09c3ba1065867aa3d66c833e71e5096a68", "9ffccfa726c8f8dc8d5a907489613330c3835b8f72b526880edfe45c39701c32", "a3bf9835a71f576caecdee29e6a88eda042df5329f14eeb9bf1ab0efe4e384c6", "bbf195d48481ce62a1d2365dc61f7659dfe954fcd2632c4fee8e62658955e847", "bdc1cccd3799eef17fa58cabdee058b21633c275e78e79cf3ceddd744df9186f", "c295e1b17806f7c4fa05969f3d35774e47b728be43efb9d88a6fcfb0d5738adc", "cc1aa7098b94c80c1cbed4629cfaa0ae0f782521d090bc294a2710b92db322a7", "cef4bbf70da8f02d496dcd38a64e5a08aaa92561c7df6319efb1e86701257369", "e03728e63ab6fcdf97ce09d26804de5dd939463d73659dcd9fa882dd2e940df0"], "host": "foqurowyxul[.]eu"}, {"hashes": ["00a9f6bb07a133aff93fa5dfd009477e886e2da2fd0a6d41b19deb29e737c950", "06557ec3ed23a8540bbdf30feac70d64fdf50197ed543655bc86d9dc4ae40ca3", "150cd980f70b0ac30026ddc11726030e437e8d99f30526190d4647680ccdd8fa", "220c7b4e4ef91905ceab6f77684a404e73721eb23f32ffd650718ca9ddbfd219", "29fcea73b54b4a26583411eafc5ce2903b75111f530d9fb7abfac6ce01f69791", "336a303772ffa2db341afaa7b40557f9d8c7a32736cb13b9fc13ae1b9d13bdee", "4b0bd0dde73c84997a8421ebf0dd74ce9dafd6d7d366570bf7a516c5bc3cb4fa", "550c821409c3bc9b07552887050f73bdc2c4ee233caddd02966d6253acba38bc", "61ca67775b8fc5cdc5c29c93a58f7512c968a0d86dcd39bd5fcd90721f7ba28c", "783104d529b570eb73f9bc076c34c5ce762350481b1d402a70682a2e5a5a8289", "7bc6edc2bbefcda6773e9971aca8737157b052155ca1b2fa3fb2f77e0c66da78", "7bfd263a852f1ab102a73d13d291322ca36dc183093a713b07444fa93505439c", "7eef302158941c1bb82f0c4e04c2fd0e00c2c4cb3a726ddcfb44dbf928184a60", "800b61f1ab3fb1ec621d010899c02dc385ff7aaeae1917156177d4b62542a80a", "8c1b70702257d0bb944164fb0d1dd632052f97b372158eb8345886ebfee25e2f", "8f3a4f0679fb402e18f36fbf1ca9af09c3ba1065867aa3d66c833e71e5096a68", "9ffccfa726c8f8dc8d5a907489613330c3835b8f72b526880edfe45c39701c32", "a3bf9835a71f576caecdee29e6a88eda042df5329f14eeb9bf1ab0efe4e384c6", "bbf195d48481ce62a1d2365dc61f7659dfe954fcd2632c4fee8e62658955e847", "bdc1cccd3799eef17fa58cabdee058b21633c275e78e79cf3ceddd744df9186f", "c295e1b17806f7c4fa05969f3d35774e47b728be43efb9d88a6fcfb0d5738adc", "cc1aa7098b94c80c1cbed4629cfaa0ae0f782521d090bc294a2710b92db322a7", "cef4bbf70da8f02d496dcd38a64e5a08aaa92561c7df6319efb1e86701257369", "e03728e63ab6fcdf97ce09d26804de5dd939463d73659dcd9fa882dd2e940df0"], "host": "nomimokubab[.]eu"}, {"hashes": ["00a9f6bb07a133aff93fa5dfd009477e886e2da2fd0a6d41b19deb29e737c950", "06557ec3ed23a8540bbdf30feac70d64fdf50197ed543655bc86d9dc4ae40ca3", "150cd980f70b0ac30026ddc11726030e437e8d99f30526190d4647680ccdd8fa", "220c7b4e4ef91905ceab6f77684a404e73721eb23f32ffd650718ca9ddbfd219", "29fcea73b54b4a26583411eafc5ce2903b75111f530d9fb7abfac6ce01f69791", "336a303772ffa2db341afaa7b40557f9d8c7a32736cb13b9fc13ae1b9d13bdee", "4b0bd0dde73c84997a8421ebf0dd74ce9dafd6d7d366570bf7a516c5bc3cb4fa", "550c821409c3bc9b07552887050f73bdc2c4ee233caddd02966d6253acba38bc", "61ca67775b8fc5cdc5c29c93a58f7512c968a0d86dcd39bd5fcd90721f7ba28c", "783104d529b570eb73f9bc076c34c5ce762350481b1d402a70682a2e5a5a8289", "7bc6edc2bbefcda6773e9971aca8737157b052155ca1b2fa3fb2f77e0c66da78", "7bfd263a852f1ab102a73d13d291322ca36dc183093a713b07444fa93505439c", "7eef302158941c1bb82f0c4e04c2fd0e00c2c4cb3a726ddcfb44dbf928184a60", "800b61f1ab3fb1ec621d010899c02dc385ff7aaeae1917156177d4b62542a80a", "8c1b70702257d0bb944164fb0d1dd632052f97b372158eb8345886ebfee25e2f", "8f3a4f0679fb402e18f36fbf1ca9af09c3ba1065867aa3d66c833e71e5096a68", "9ffccfa726c8f8dc8d5a907489613330c3835b8f72b526880edfe45c39701c32", "a3bf9835a71f576caecdee29e6a88eda042df5329f14eeb9bf1ab0efe4e384c6", "bbf195d48481ce62a1d2365dc61f7659dfe954fcd2632c4fee8e62658955e847", "bdc1cccd3799eef17fa58cabdee058b21633c275e78e79cf3ceddd744df9186f", "c295e1b17806f7c4fa05969f3d35774e47b728be43efb9d88a6fcfb0d5738adc", "cc1aa7098b94c80c1cbed4629cfaa0ae0f782521d090bc294a2710b92db322a7", "cef4bbf70da8f02d496dcd38a64e5a08aaa92561c7df6319efb1e86701257369", "e03728e63ab6fcdf97ce09d26804de5dd939463d73659dcd9fa882dd2e940df0"], "host": "mavaxokitad[.]eu"}, {"hashes": ["00a9f6bb07a133aff93fa5dfd009477e886e2da2fd0a6d41b19deb29e737c950", "06557ec3ed23a8540bbdf30feac70d64fdf50197ed543655bc86d9dc4ae40ca3", "150cd980f70b0ac30026ddc11726030e437e8d99f30526190d4647680ccdd8fa", "220c7b4e4ef91905ceab6f77684a404e73721eb23f32ffd650718ca9ddbfd219", "29fcea73b54b4a26583411eafc5ce2903b75111f530d9fb7abfac6ce01f69791", "336a303772ffa2db341afaa7b40557f9d8c7a32736cb13b9fc13ae1b9d13bdee", "4b0bd0dde73c84997a8421ebf0dd74ce9dafd6d7d366570bf7a516c5bc3cb4fa", "550c821409c3bc9b07552887050f73bdc2c4ee233caddd02966d6253acba38bc", "61ca67775b8fc5cdc5c29c93a58f7512c968a0d86dcd39bd5fcd90721f7ba28c", "783104d529b570eb73f9bc076c34c5ce762350481b1d402a70682a2e5a5a8289", "7bc6edc2bbefcda6773e9971aca8737157b052155ca1b2fa3fb2f77e0c66da78", "7bfd263a852f1ab102a73d13d291322ca36dc183093a713b07444fa93505439c", "7eef302158941c1bb82f0c4e04c2fd0e00c2c4cb3a726ddcfb44dbf928184a60", "800b61f1ab3fb1ec621d010899c02dc385ff7aaeae1917156177d4b62542a80a", "8c1b70702257d0bb944164fb0d1dd632052f97b372158eb8345886ebfee25e2f", "8f3a4f0679fb402e18f36fbf1ca9af09c3ba1065867aa3d66c833e71e5096a68", "9ffccfa726c8f8dc8d5a907489613330c3835b8f72b526880edfe45c39701c32", "a3bf9835a71f576caecdee29e6a88eda042df5329f14eeb9bf1ab0efe4e384c6", "bbf195d48481ce62a1d2365dc61f7659dfe954fcd2632c4fee8e62658955e847", "bdc1cccd3799eef17fa58cabdee058b21633c275e78e79cf3ceddd744df9186f", "c295e1b17806f7c4fa05969f3d35774e47b728be43efb9d88a6fcfb0d5738adc", "cc1aa7098b94c80c1cbed4629cfaa0ae0f782521d090bc294a2710b92db322a7", "cef4bbf70da8f02d496dcd38a64e5a08aaa92561c7df6319efb1e86701257369", "e03728e63ab6fcdf97ce09d26804de5dd939463d73659dcd9fa882dd2e940df0"], "host": "rylupalyxad[.]eu"}, {"hashes": ["00a9f6bb07a133aff93fa5dfd009477e886e2da2fd0a6d41b19deb29e737c950", "06557ec3ed23a8540bbdf30feac70d64fdf50197ed543655bc86d9dc4ae40ca3", "150cd980f70b0ac30026ddc11726030e437e8d99f30526190d4647680ccdd8fa", "220c7b4e4ef91905ceab6f77684a404e73721eb23f32ffd650718ca9ddbfd219", "29fcea73b54b4a26583411eafc5ce2903b75111f530d9fb7abfac6ce01f69791", "336a303772ffa2db341afaa7b40557f9d8c7a32736cb13b9fc13ae1b9d13bdee", "4b0bd0dde73c84997a8421ebf0dd74ce9dafd6d7d366570bf7a516c5bc3cb4fa", "550c821409c3bc9b07552887050f73bdc2c4ee233caddd02966d6253acba38bc", "61ca67775b8fc5cdc5c29c93a58f7512c968a0d86dcd39bd5fcd90721f7ba28c", "783104d529b570eb73f9bc076c34c5ce762350481b1d402a70682a2e5a5a8289", "7bc6edc2bbefcda6773e9971aca8737157b052155ca1b2fa3fb2f77e0c66da78", "7bfd263a852f1ab102a73d13d291322ca36dc183093a713b07444fa93505439c", "7eef302158941c1bb82f0c4e04c2fd0e00c2c4cb3a726ddcfb44dbf928184a60", "800b61f1ab3fb1ec621d010899c02dc385ff7aaeae1917156177d4b62542a80a", "8c1b70702257d0bb944164fb0d1dd632052f97b372158eb8345886ebfee25e2f", "8f3a4f0679fb402e18f36fbf1ca9af09c3ba1065867aa3d66c833e71e5096a68", "9ffccfa726c8f8dc8d5a907489613330c3835b8f72b526880edfe45c39701c32", "a3bf9835a71f576caecdee29e6a88eda042df5329f14eeb9bf1ab0efe4e384c6", "bbf195d48481ce62a1d2365dc61f7659dfe954fcd2632c4fee8e62658955e847", "bdc1cccd3799eef17fa58cabdee058b21633c275e78e79cf3ceddd744df9186f", "c295e1b17806f7c4fa05969f3d35774e47b728be43efb9d88a6fcfb0d5738adc", "cc1aa7098b94c80c1cbed4629cfaa0ae0f782521d090bc294a2710b92db322a7", "cef4bbf70da8f02d496dcd38a64e5a08aaa92561c7df6319efb1e86701257369", "e03728e63ab6fcdf97ce09d26804de5dd939463d73659dcd9fa882dd2e940df0"], "host": "jecekorosuk[.]eu"}, {"hashes": ["00a9f6bb07a133aff93fa5dfd009477e886e2da2fd0a6d41b19deb29e737c950", "06557ec3ed23a8540bbdf30feac70d64fdf50197ed543655bc86d9dc4ae40ca3", "150cd980f70b0ac30026ddc11726030e437e8d99f30526190d4647680ccdd8fa", "220c7b4e4ef91905ceab6f77684a404e73721eb23f32ffd650718ca9ddbfd219", "29fcea73b54b4a26583411eafc5ce2903b75111f530d9fb7abfac6ce01f69791", "336a303772ffa2db341afaa7b40557f9d8c7a32736cb13b9fc13ae1b9d13bdee", "4b0bd0dde73c84997a8421ebf0dd74ce9dafd6d7d366570bf7a516c5bc3cb4fa", "550c821409c3bc9b07552887050f73bdc2c4ee233caddd02966d6253acba38bc", "61ca67775b8fc5cdc5c29c93a58f7512c968a0d86dcd39bd5fcd90721f7ba28c", "783104d529b570eb73f9bc076c34c5ce762350481b1d402a70682a2e5a5a8289", "7bc6edc2bbefcda6773e9971aca8737157b052155ca1b2fa3fb2f77e0c66da78", "7bfd263a852f1ab102a73d13d291322ca36dc183093a713b07444fa93505439c", "7eef302158941c1bb82f0c4e04c2fd0e00c2c4cb3a726ddcfb44dbf928184a60", "800b61f1ab3fb1ec621d010899c02dc385ff7aaeae1917156177d4b62542a80a", "8c1b70702257d0bb944164fb0d1dd632052f97b372158eb8345886ebfee25e2f", "8f3a4f0679fb402e18f36fbf1ca9af09c3ba1065867aa3d66c833e71e5096a68", "9ffccfa726c8f8dc8d5a907489613330c3835b8f72b526880edfe45c39701c32", "a3bf9835a71f576caecdee29e6a88eda042df5329f14eeb9bf1ab0efe4e384c6", "bbf195d48481ce62a1d2365dc61f7659dfe954fcd2632c4fee8e62658955e847", "bdc1cccd3799eef17fa58cabdee058b21633c275e78e79cf3ceddd744df9186f", "c295e1b17806f7c4fa05969f3d35774e47b728be43efb9d88a6fcfb0d5738adc", "cc1aa7098b94c80c1cbed4629cfaa0ae0f782521d090bc294a2710b92db322a7", "cef4bbf70da8f02d496dcd38a64e5a08aaa92561c7df6319efb1e86701257369", "e03728e63ab6fcdf97ce09d26804de5dd939463d73659dcd9fa882dd2e940df0"], "host": "qexeholagav[.]eu"}, {"hashes": ["00a9f6bb07a133aff93fa5dfd009477e886e2da2fd0a6d41b19deb29e737c950", "06557ec3ed23a8540bbdf30feac70d64fdf50197ed543655bc86d9dc4ae40ca3", "150cd980f70b0ac30026ddc11726030e437e8d99f30526190d4647680ccdd8fa", "220c7b4e4ef91905ceab6f77684a404e73721eb23f32ffd650718ca9ddbfd219", "29fcea73b54b4a26583411eafc5ce2903b75111f530d9fb7abfac6ce01f69791", "336a303772ffa2db341afaa7b40557f9d8c7a32736cb13b9fc13ae1b9d13bdee", "4b0bd0dde73c84997a8421ebf0dd74ce9dafd6d7d366570bf7a516c5bc3cb4fa", "550c821409c3bc9b07552887050f73bdc2c4ee233caddd02966d6253acba38bc", "61ca67775b8fc5cdc5c29c93a58f7512c968a0d86dcd39bd5fcd90721f7ba28c", "783104d529b570eb73f9bc076c34c5ce762350481b1d402a70682a2e5a5a8289", "7bc6edc2bbefcda6773e9971aca8737157b052155ca1b2fa3fb2f77e0c66da78", "7bfd263a852f1ab102a73d13d291322ca36dc183093a713b07444fa93505439c", "7eef302158941c1bb82f0c4e04c2fd0e00c2c4cb3a726ddcfb44dbf928184a60", "800b61f1ab3fb1ec621d010899c02dc385ff7aaeae1917156177d4b62542a80a", "8c1b70702257d0bb944164fb0d1dd632052f97b372158eb8345886ebfee25e2f", "8f3a4f0679fb402e18f36fbf1ca9af09c3ba1065867aa3d66c833e71e5096a68", "9ffccfa726c8f8dc8d5a907489613330c3835b8f72b526880edfe45c39701c32", "a3bf9835a71f576caecdee29e6a88eda042df5329f14eeb9bf1ab0efe4e384c6", "bbf195d48481ce62a1d2365dc61f7659dfe954fcd2632c4fee8e62658955e847", "bdc1cccd3799eef17fa58cabdee058b21633c275e78e79cf3ceddd744df9186f", "c295e1b17806f7c4fa05969f3d35774e47b728be43efb9d88a6fcfb0d5738adc", "cc1aa7098b94c80c1cbed4629cfaa0ae0f782521d090bc294a2710b92db322a7", "cef4bbf70da8f02d496dcd38a64e5a08aaa92561c7df6319efb1e86701257369", "e03728e63ab6fcdf97ce09d26804de5dd939463d73659dcd9fa882dd2e940df0"], "host": "cilicofahev[.]eu"}, {"hashes": ["00a9f6bb07a133aff93fa5dfd009477e886e2da2fd0a6d41b19deb29e737c950", "06557ec3ed23a8540bbdf30feac70d64fdf50197ed543655bc86d9dc4ae40ca3", "150cd980f70b0ac30026ddc11726030e437e8d99f30526190d4647680ccdd8fa", "220c7b4e4ef91905ceab6f77684a404e73721eb23f32ffd650718ca9ddbfd219", "29fcea73b54b4a26583411eafc5ce2903b75111f530d9fb7abfac6ce01f69791", "336a303772ffa2db341afaa7b40557f9d8c7a32736cb13b9fc13ae1b9d13bdee", "4b0bd0dde73c84997a8421ebf0dd74ce9dafd6d7d366570bf7a516c5bc3cb4fa", "550c821409c3bc9b07552887050f73bdc2c4ee233caddd02966d6253acba38bc", "61ca67775b8fc5cdc5c29c93a58f7512c968a0d86dcd39bd5fcd90721f7ba28c", "783104d529b570eb73f9bc076c34c5ce762350481b1d402a70682a2e5a5a8289", "7bc6edc2bbefcda6773e9971aca8737157b052155ca1b2fa3fb2f77e0c66da78", "7bfd263a852f1ab102a73d13d291322ca36dc183093a713b07444fa93505439c", "7eef302158941c1bb82f0c4e04c2fd0e00c2c4cb3a726ddcfb44dbf928184a60", "800b61f1ab3fb1ec621d010899c02dc385ff7aaeae1917156177d4b62542a80a", "8c1b70702257d0bb944164fb0d1dd632052f97b372158eb8345886ebfee25e2f", "8f3a4f0679fb402e18f36fbf1ca9af09c3ba1065867aa3d66c833e71e5096a68", "9ffccfa726c8f8dc8d5a907489613330c3835b8f72b526880edfe45c39701c32", "a3bf9835a71f576caecdee29e6a88eda042df5329f14eeb9bf1ab0efe4e384c6", "bbf195d48481ce62a1d2365dc61f7659dfe954fcd2632c4fee8e62658955e847", "bdc1cccd3799eef17fa58cabdee058b21633c275e78e79cf3ceddd744df9186f", "c295e1b17806f7c4fa05969f3d35774e47b728be43efb9d88a6fcfb0d5738adc", "cc1aa7098b94c80c1cbed4629cfaa0ae0f782521d090bc294a2710b92db322a7", "cef4bbf70da8f02d496dcd38a64e5a08aaa92561c7df6319efb1e86701257369", "e03728e63ab6fcdf97ce09d26804de5dd939463d73659dcd9fa882dd2e940df0"], "host": "vojajofyced[.]eu"}, {"hashes": ["00a9f6bb07a133aff93fa5dfd009477e886e2da2fd0a6d41b19deb29e737c950", "06557ec3ed23a8540bbdf30feac70d64fdf50197ed543655bc86d9dc4ae40ca3", "150cd980f70b0ac30026ddc11726030e437e8d99f30526190d4647680ccdd8fa", "220c7b4e4ef91905ceab6f77684a404e73721eb23f32ffd650718ca9ddbfd219", "29fcea73b54b4a26583411eafc5ce2903b75111f530d9fb7abfac6ce01f69791", "336a303772ffa2db341afaa7b40557f9d8c7a32736cb13b9fc13ae1b9d13bdee", "4b0bd0dde73c84997a8421ebf0dd74ce9dafd6d7d366570bf7a516c5bc3cb4fa", "550c821409c3bc9b07552887050f73bdc2c4ee233caddd02966d6253acba38bc", "61ca67775b8fc5cdc5c29c93a58f7512c968a0d86dcd39bd5fcd90721f7ba28c", "783104d529b570eb73f9bc076c34c5ce762350481b1d402a70682a2e5a5a8289", "7bc6edc2bbefcda6773e9971aca8737157b052155ca1b2fa3fb2f77e0c66da78", "7bfd263a852f1ab102a73d13d291322ca36dc183093a713b07444fa93505439c", "7eef302158941c1bb82f0c4e04c2fd0e00c2c4cb3a726ddcfb44dbf928184a60", "800b61f1ab3fb1ec621d010899c02dc385ff7aaeae1917156177d4b62542a80a", "8c1b70702257d0bb944164fb0d1dd632052f97b372158eb8345886ebfee25e2f", "8f3a4f0679fb402e18f36fbf1ca9af09c3ba1065867aa3d66c833e71e5096a68", "9ffccfa726c8f8dc8d5a907489613330c3835b8f72b526880edfe45c39701c32", "a3bf9835a71f576caecdee29e6a88eda042df5329f14eeb9bf1ab0efe4e384c6", "bbf195d48481ce62a1d2365dc61f7659dfe954fcd2632c4fee8e62658955e847", "bdc1cccd3799eef17fa58cabdee058b21633c275e78e79cf3ceddd744df9186f", "c295e1b17806f7c4fa05969f3d35774e47b728be43efb9d88a6fcfb0d5738adc", "cc1aa7098b94c80c1cbed4629cfaa0ae0f782521d090bc294a2710b92db322a7", "cef4bbf70da8f02d496dcd38a64e5a08aaa92561c7df6319efb1e86701257369", "e03728e63ab6fcdf97ce09d26804de5dd939463d73659dcd9fa882dd2e940df0"], "host": "dikolobeliw[.]eu"}, {"hashes": ["00a9f6bb07a133aff93fa5dfd009477e886e2da2fd0a6d41b19deb29e737c950", "06557ec3ed23a8540bbdf30feac70d64fdf50197ed543655bc86d9dc4ae40ca3", "150cd980f70b0ac30026ddc11726030e437e8d99f30526190d4647680ccdd8fa", "220c7b4e4ef91905ceab6f77684a404e73721eb23f32ffd650718ca9ddbfd219", "29fcea73b54b4a26583411eafc5ce2903b75111f530d9fb7abfac6ce01f69791", "336a303772ffa2db341afaa7b40557f9d8c7a32736cb13b9fc13ae1b9d13bdee", "4b0bd0dde73c84997a8421ebf0dd74ce9dafd6d7d366570bf7a516c5bc3cb4fa", "550c821409c3bc9b07552887050f73bdc2c4ee233caddd02966d6253acba38bc", "61ca67775b8fc5cdc5c29c93a58f7512c968a0d86dcd39bd5fcd90721f7ba28c", "783104d529b570eb73f9bc076c34c5ce762350481b1d402a70682a2e5a5a8289", "7bc6edc2bbefcda6773e9971aca8737157b052155ca1b2fa3fb2f77e0c66da78", "7bfd263a852f1ab102a73d13d291322ca36dc183093a713b07444fa93505439c", "7eef302158941c1bb82f0c4e04c2fd0e00c2c4cb3a726ddcfb44dbf928184a60", "800b61f1ab3fb1ec621d010899c02dc385ff7aaeae1917156177d4b62542a80a", "8c1b70702257d0bb944164fb0d1dd632052f97b372158eb8345886ebfee25e2f", "8f3a4f0679fb402e18f36fbf1ca9af09c3ba1065867aa3d66c833e71e5096a68", "9ffccfa726c8f8dc8d5a907489613330c3835b8f72b526880edfe45c39701c32", "a3bf9835a71f576caecdee29e6a88eda042df5329f14eeb9bf1ab0efe4e384c6", "bbf195d48481ce62a1d2365dc61f7659dfe954fcd2632c4fee8e62658955e847", "bdc1cccd3799eef17fa58cabdee058b21633c275e78e79cf3ceddd744df9186f", "c295e1b17806f7c4fa05969f3d35774e47b728be43efb9d88a6fcfb0d5738adc", "cc1aa7098b94c80c1cbed4629cfaa0ae0f782521d090bc294a2710b92db322a7", "cef4bbf70da8f02d496dcd38a64e5a08aaa92561c7df6319efb1e86701257369", "e03728e63ab6fcdf97ce09d26804de5dd939463d73659dcd9fa882dd2e940df0"], "host": "fogefobunik[.]eu"}, {"hashes": ["00a9f6bb07a133aff93fa5dfd009477e886e2da2fd0a6d41b19deb29e737c950", "06557ec3ed23a8540bbdf30feac70d64fdf50197ed543655bc86d9dc4ae40ca3", "150cd980f70b0ac30026ddc11726030e437e8d99f30526190d4647680ccdd8fa", "220c7b4e4ef91905ceab6f77684a404e73721eb23f32ffd650718ca9ddbfd219", "29fcea73b54b4a26583411eafc5ce2903b75111f530d9fb7abfac6ce01f69791", "336a303772ffa2db341afaa7b40557f9d8c7a32736cb13b9fc13ae1b9d13bdee", "4b0bd0dde73c84997a8421ebf0dd74ce9dafd6d7d366570bf7a516c5bc3cb4fa", "550c821409c3bc9b07552887050f73bdc2c4ee233caddd02966d6253acba38bc", "61ca67775b8fc5cdc5c29c93a58f7512c968a0d86dcd39bd5fcd90721f7ba28c", "783104d529b570eb73f9bc076c34c5ce762350481b1d402a70682a2e5a5a8289", "7bc6edc2bbefcda6773e9971aca8737157b052155ca1b2fa3fb2f77e0c66da78", "7bfd263a852f1ab102a73d13d291322ca36dc183093a713b07444fa93505439c", "7eef302158941c1bb82f0c4e04c2fd0e00c2c4cb3a726ddcfb44dbf928184a60", "800b61f1ab3fb1ec621d010899c02dc385ff7aaeae1917156177d4b62542a80a", "8c1b70702257d0bb944164fb0d1dd632052f97b372158eb8345886ebfee25e2f", "8f3a4f0679fb402e18f36fbf1ca9af09c3ba1065867aa3d66c833e71e5096a68", "9ffccfa726c8f8dc8d5a907489613330c3835b8f72b526880edfe45c39701c32", "a3bf9835a71f576caecdee29e6a88eda042df5329f14eeb9bf1ab0efe4e384c6", "bbf195d48481ce62a1d2365dc61f7659dfe954fcd2632c4fee8e62658955e847", "bdc1cccd3799eef17fa58cabdee058b21633c275e78e79cf3ceddd744df9186f", "c295e1b17806f7c4fa05969f3d35774e47b728be43efb9d88a6fcfb0d5738adc", "cc1aa7098b94c80c1cbed4629cfaa0ae0f782521d090bc294a2710b92db322a7", "cef4bbf70da8f02d496dcd38a64e5a08aaa92561c7df6319efb1e86701257369", "e03728e63ab6fcdf97ce09d26804de5dd939463d73659dcd9fa882dd2e940df0"], "host": "gadurabotiw[.]eu"}, {"hashes": ["00a9f6bb07a133aff93fa5dfd009477e886e2da2fd0a6d41b19deb29e737c950", "06557ec3ed23a8540bbdf30feac70d64fdf50197ed543655bc86d9dc4ae40ca3", "150cd980f70b0ac30026ddc11726030e437e8d99f30526190d4647680ccdd8fa", "220c7b4e4ef91905ceab6f77684a404e73721eb23f32ffd650718ca9ddbfd219", "29fcea73b54b4a26583411eafc5ce2903b75111f530d9fb7abfac6ce01f69791", "336a303772ffa2db341afaa7b40557f9d8c7a32736cb13b9fc13ae1b9d13bdee", "4b0bd0dde73c84997a8421ebf0dd74ce9dafd6d7d366570bf7a516c5bc3cb4fa", "550c821409c3bc9b07552887050f73bdc2c4ee233caddd02966d6253acba38bc", "61ca67775b8fc5cdc5c29c93a58f7512c968a0d86dcd39bd5fcd90721f7ba28c", "783104d529b570eb73f9bc076c34c5ce762350481b1d402a70682a2e5a5a8289", "7bc6edc2bbefcda6773e9971aca8737157b052155ca1b2fa3fb2f77e0c66da78", "7bfd263a852f1ab102a73d13d291322ca36dc183093a713b07444fa93505439c", "7eef302158941c1bb82f0c4e04c2fd0e00c2c4cb3a726ddcfb44dbf928184a60", "800b61f1ab3fb1ec621d010899c02dc385ff7aaeae1917156177d4b62542a80a", "8c1b70702257d0bb944164fb0d1dd632052f97b372158eb8345886ebfee25e2f", "8f3a4f0679fb402e18f36fbf1ca9af09c3ba1065867aa3d66c833e71e5096a68", "9ffccfa726c8f8dc8d5a907489613330c3835b8f72b526880edfe45c39701c32", "a3bf9835a71f576caecdee29e6a88eda042df5329f14eeb9bf1ab0efe4e384c6", "bbf195d48481ce62a1d2365dc61f7659dfe954fcd2632c4fee8e62658955e847", "bdc1cccd3799eef17fa58cabdee058b21633c275e78e79cf3ceddd744df9186f", "c295e1b17806f7c4fa05969f3d35774e47b728be43efb9d88a6fcfb0d5738adc", "cc1aa7098b94c80c1cbed4629cfaa0ae0f782521d090bc294a2710b92db322a7", "cef4bbf70da8f02d496dcd38a64e5a08aaa92561c7df6319efb1e86701257369", "e03728e63ab6fcdf97ce09d26804de5dd939463d73659dcd9fa882dd2e940df0"], "host": "nofypafiqev[.]eu"}, {"hashes": ["00a9f6bb07a133aff93fa5dfd009477e886e2da2fd0a6d41b19deb29e737c950", "06557ec3ed23a8540bbdf30feac70d64fdf50197ed543655bc86d9dc4ae40ca3", "150cd980f70b0ac30026ddc11726030e437e8d99f30526190d4647680ccdd8fa", "220c7b4e4ef91905ceab6f77684a404e73721eb23f32ffd650718ca9ddbfd219", "29fcea73b54b4a26583411eafc5ce2903b75111f530d9fb7abfac6ce01f69791", "336a303772ffa2db341afaa7b40557f9d8c7a32736cb13b9fc13ae1b9d13bdee", "4b0bd0dde73c84997a8421ebf0dd74ce9dafd6d7d366570bf7a516c5bc3cb4fa", "550c821409c3bc9b07552887050f73bdc2c4ee233caddd02966d6253acba38bc", "61ca67775b8fc5cdc5c29c93a58f7512c968a0d86dcd39bd5fcd90721f7ba28c", "783104d529b570eb73f9bc076c34c5ce762350481b1d402a70682a2e5a5a8289", "7bc6edc2bbefcda6773e9971aca8737157b052155ca1b2fa3fb2f77e0c66da78", "7bfd263a852f1ab102a73d13d291322ca36dc183093a713b07444fa93505439c", "7eef302158941c1bb82f0c4e04c2fd0e00c2c4cb3a726ddcfb44dbf928184a60", "800b61f1ab3fb1ec621d010899c02dc385ff7aaeae1917156177d4b62542a80a", "8c1b70702257d0bb944164fb0d1dd632052f97b372158eb8345886ebfee25e2f", "8f3a4f0679fb402e18f36fbf1ca9af09c3ba1065867aa3d66c833e71e5096a68", "9ffccfa726c8f8dc8d5a907489613330c3835b8f72b526880edfe45c39701c32", "a3bf9835a71f576caecdee29e6a88eda042df5329f14eeb9bf1ab0efe4e384c6", "bbf195d48481ce62a1d2365dc61f7659dfe954fcd2632c4fee8e62658955e847", "bdc1cccd3799eef17fa58cabdee058b21633c275e78e79cf3ceddd744df9186f", "c295e1b17806f7c4fa05969f3d35774e47b728be43efb9d88a6fcfb0d5738adc", "cc1aa7098b94c80c1cbed4629cfaa0ae0f782521d090bc294a2710b92db322a7", "cef4bbf70da8f02d496dcd38a64e5a08aaa92561c7df6319efb1e86701257369", "e03728e63ab6fcdf97ce09d26804de5dd939463d73659dcd9fa882dd2e940df0"], "host": "jepobanagij[.]eu"}, {"hashes": ["00a9f6bb07a133aff93fa5dfd009477e886e2da2fd0a6d41b19deb29e737c950", "06557ec3ed23a8540bbdf30feac70d64fdf50197ed543655bc86d9dc4ae40ca3", "150cd980f70b0ac30026ddc11726030e437e8d99f30526190d4647680ccdd8fa", "220c7b4e4ef91905ceab6f77684a404e73721eb23f32ffd650718ca9ddbfd219", "29fcea73b54b4a26583411eafc5ce2903b75111f530d9fb7abfac6ce01f69791", "336a303772ffa2db341afaa7b40557f9d8c7a32736cb13b9fc13ae1b9d13bdee", "4b0bd0dde73c84997a8421ebf0dd74ce9dafd6d7d366570bf7a516c5bc3cb4fa", "550c821409c3bc9b07552887050f73bdc2c4ee233caddd02966d6253acba38bc", "61ca67775b8fc5cdc5c29c93a58f7512c968a0d86dcd39bd5fcd90721f7ba28c", "783104d529b570eb73f9bc076c34c5ce762350481b1d402a70682a2e5a5a8289", "7bc6edc2bbefcda6773e9971aca8737157b052155ca1b2fa3fb2f77e0c66da78", "7bfd263a852f1ab102a73d13d291322ca36dc183093a713b07444fa93505439c", "7eef302158941c1bb82f0c4e04c2fd0e00c2c4cb3a726ddcfb44dbf928184a60", "800b61f1ab3fb1ec621d010899c02dc385ff7aaeae1917156177d4b62542a80a", "8c1b70702257d0bb944164fb0d1dd632052f97b372158eb8345886ebfee25e2f", "8f3a4f0679fb402e18f36fbf1ca9af09c3ba1065867aa3d66c833e71e5096a68", "9ffccfa726c8f8dc8d5a907489613330c3835b8f72b526880edfe45c39701c32", "a3bf9835a71f576caecdee29e6a88eda042df5329f14eeb9bf1ab0efe4e384c6", "bbf195d48481ce62a1d2365dc61f7659dfe954fcd2632c4fee8e62658955e847", "bdc1cccd3799eef17fa58cabdee058b21633c275e78e79cf3ceddd744df9186f", "c295e1b17806f7c4fa05969f3d35774e47b728be43efb9d88a6fcfb0d5738adc", "cc1aa7098b94c80c1cbed4629cfaa0ae0f782521d090bc294a2710b92db322a7", "cef4bbf70da8f02d496dcd38a64e5a08aaa92561c7df6319efb1e86701257369", "e03728e63ab6fcdf97ce09d26804de5dd939463d73659dcd9fa882dd2e940df0"], "host": "masimafoded[.]eu"}, {"hashes": ["00a9f6bb07a133aff93fa5dfd009477e886e2da2fd0a6d41b19deb29e737c950", "06557ec3ed23a8540bbdf30feac70d64fdf50197ed543655bc86d9dc4ae40ca3", "150cd980f70b0ac30026ddc11726030e437e8d99f30526190d4647680ccdd8fa", "220c7b4e4ef91905ceab6f77684a404e73721eb23f32ffd650718ca9ddbfd219", "29fcea73b54b4a26583411eafc5ce2903b75111f530d9fb7abfac6ce01f69791", "336a303772ffa2db341afaa7b40557f9d8c7a32736cb13b9fc13ae1b9d13bdee", "4b0bd0dde73c84997a8421ebf0dd74ce9dafd6d7d366570bf7a516c5bc3cb4fa", "550c821409c3bc9b07552887050f73bdc2c4ee233caddd02966d6253acba38bc", "61ca67775b8fc5cdc5c29c93a58f7512c968a0d86dcd39bd5fcd90721f7ba28c", "783104d529b570eb73f9bc076c34c5ce762350481b1d402a70682a2e5a5a8289", "7bc6edc2bbefcda6773e9971aca8737157b052155ca1b2fa3fb2f77e0c66da78", "7bfd263a852f1ab102a73d13d291322ca36dc183093a713b07444fa93505439c", "7eef302158941c1bb82f0c4e04c2fd0e00c2c4cb3a726ddcfb44dbf928184a60", "800b61f1ab3fb1ec621d010899c02dc385ff7aaeae1917156177d4b62542a80a", "8c1b70702257d0bb944164fb0d1dd632052f97b372158eb8345886ebfee25e2f", "8f3a4f0679fb402e18f36fbf1ca9af09c3ba1065867aa3d66c833e71e5096a68", "9ffccfa726c8f8dc8d5a907489613330c3835b8f72b526880edfe45c39701c32", "a3bf9835a71f576caecdee29e6a88eda042df5329f14eeb9bf1ab0efe4e384c6", "bbf195d48481ce62a1d2365dc61f7659dfe954fcd2632c4fee8e62658955e847", "bdc1cccd3799eef17fa58cabdee058b21633c275e78e79cf3ceddd744df9186f", "c295e1b17806f7c4fa05969f3d35774e47b728be43efb9d88a6fcfb0d5738adc", "cc1aa7098b94c80c1cbed4629cfaa0ae0f782521d090bc294a2710b92db322a7", "cef4bbf70da8f02d496dcd38a64e5a08aaa92561c7df6319efb1e86701257369", "e03728e63ab6fcdf97ce09d26804de5dd939463d73659dcd9fa882dd2e940df0"], "host": "ryqehegubes[.]eu"}, {"hashes": ["00a9f6bb07a133aff93fa5dfd009477e886e2da2fd0a6d41b19deb29e737c950", "06557ec3ed23a8540bbdf30feac70d64fdf50197ed543655bc86d9dc4ae40ca3", "150cd980f70b0ac30026ddc11726030e437e8d99f30526190d4647680ccdd8fa", "220c7b4e4ef91905ceab6f77684a404e73721eb23f32ffd650718ca9ddbfd219", "29fcea73b54b4a26583411eafc5ce2903b75111f530d9fb7abfac6ce01f69791", "336a303772ffa2db341afaa7b40557f9d8c7a32736cb13b9fc13ae1b9d13bdee", "4b0bd0dde73c84997a8421ebf0dd74ce9dafd6d7d366570bf7a516c5bc3cb4fa", "550c821409c3bc9b07552887050f73bdc2c4ee233caddd02966d6253acba38bc", "61ca67775b8fc5cdc5c29c93a58f7512c968a0d86dcd39bd5fcd90721f7ba28c", "783104d529b570eb73f9bc076c34c5ce762350481b1d402a70682a2e5a5a8289", "7bc6edc2bbefcda6773e9971aca8737157b052155ca1b2fa3fb2f77e0c66da78", "7bfd263a852f1ab102a73d13d291322ca36dc183093a713b07444fa93505439c", "7eef302158941c1bb82f0c4e04c2fd0e00c2c4cb3a726ddcfb44dbf928184a60", "800b61f1ab3fb1ec621d010899c02dc385ff7aaeae1917156177d4b62542a80a", "8c1b70702257d0bb944164fb0d1dd632052f97b372158eb8345886ebfee25e2f", "8f3a4f0679fb402e18f36fbf1ca9af09c3ba1065867aa3d66c833e71e5096a68", "9ffccfa726c8f8dc8d5a907489613330c3835b8f72b526880edfe45c39701c32", "a3bf9835a71f576caecdee29e6a88eda042df5329f14eeb9bf1ab0efe4e384c6", "bbf195d48481ce62a1d2365dc61f7659dfe954fcd2632c4fee8e62658955e847", "bdc1cccd3799eef17fa58cabdee058b21633c275e78e79cf3ceddd744df9186f", "c295e1b17806f7c4fa05969f3d35774e47b728be43efb9d88a6fcfb0d5738adc", "cc1aa7098b94c80c1cbed4629cfaa0ae0f782521d090bc294a2710b92db322a7", "cef4bbf70da8f02d496dcd38a64e5a08aaa92561c7df6319efb1e86701257369", "e03728e63ab6fcdf97ce09d26804de5dd939463d73659dcd9fa882dd2e940df0"], "host": "qetoxagekec[.]eu"}, {"hashes": ["00a9f6bb07a133aff93fa5dfd009477e886e2da2fd0a6d41b19deb29e737c950", "06557ec3ed23a8540bbdf30feac70d64fdf50197ed543655bc86d9dc4ae40ca3", "150cd980f70b0ac30026ddc11726030e437e8d99f30526190d4647680ccdd8fa", "220c7b4e4ef91905ceab6f77684a404e73721eb23f32ffd650718ca9ddbfd219", "29fcea73b54b4a26583411eafc5ce2903b75111f530d9fb7abfac6ce01f69791", "336a303772ffa2db341afaa7b40557f9d8c7a32736cb13b9fc13ae1b9d13bdee", "4b0bd0dde73c84997a8421ebf0dd74ce9dafd6d7d366570bf7a516c5bc3cb4fa", "550c821409c3bc9b07552887050f73bdc2c4ee233caddd02966d6253acba38bc", "61ca67775b8fc5cdc5c29c93a58f7512c968a0d86dcd39bd5fcd90721f7ba28c", "783104d529b570eb73f9bc076c34c5ce762350481b1d402a70682a2e5a5a8289", "7bc6edc2bbefcda6773e9971aca8737157b052155ca1b2fa3fb2f77e0c66da78", "7bfd263a852f1ab102a73d13d291322ca36dc183093a713b07444fa93505439c", "7eef302158941c1bb82f0c4e04c2fd0e00c2c4cb3a726ddcfb44dbf928184a60", "800b61f1ab3fb1ec621d010899c02dc385ff7aaeae1917156177d4b62542a80a", "8c1b70702257d0bb944164fb0d1dd632052f97b372158eb8345886ebfee25e2f", "8f3a4f0679fb402e18f36fbf1ca9af09c3ba1065867aa3d66c833e71e5096a68", "9ffccfa726c8f8dc8d5a907489613330c3835b8f72b526880edfe45c39701c32", "a3bf9835a71f576caecdee29e6a88eda042df5329f14eeb9bf1ab0efe4e384c6", "bbf195d48481ce62a1d2365dc61f7659dfe954fcd2632c4fee8e62658955e847", "bdc1cccd3799eef17fa58cabdee058b21633c275e78e79cf3ceddd744df9186f", "c295e1b17806f7c4fa05969f3d35774e47b728be43efb9d88a6fcfb0d5738adc", "cc1aa7098b94c80c1cbed4629cfaa0ae0f782521d090bc294a2710b92db322a7", "cef4bbf70da8f02d496dcd38a64e5a08aaa92561c7df6319efb1e86701257369", "e03728e63ab6fcdf97ce09d26804de5dd939463d73659dcd9fa882dd2e940df0"], "host": "keralanyxiq[.]eu"}, {"hashes": ["00a9f6bb07a133aff93fa5dfd009477e886e2da2fd0a6d41b19deb29e737c950", "06557ec3ed23a8540bbdf30feac70d64fdf50197ed543655bc86d9dc4ae40ca3", "150cd980f70b0ac30026ddc11726030e437e8d99f30526190d4647680ccdd8fa", "220c7b4e4ef91905ceab6f77684a404e73721eb23f32ffd650718ca9ddbfd219", "29fcea73b54b4a26583411eafc5ce2903b75111f530d9fb7abfac6ce01f69791", "336a303772ffa2db341afaa7b40557f9d8c7a32736cb13b9fc13ae1b9d13bdee", "4b0bd0dde73c84997a8421ebf0dd74ce9dafd6d7d366570bf7a516c5bc3cb4fa", "550c821409c3bc9b07552887050f73bdc2c4ee233caddd02966d6253acba38bc", "61ca67775b8fc5cdc5c29c93a58f7512c968a0d86dcd39bd5fcd90721f7ba28c", "783104d529b570eb73f9bc076c34c5ce762350481b1d402a70682a2e5a5a8289", "7bc6edc2bbefcda6773e9971aca8737157b052155ca1b2fa3fb2f77e0c66da78", "7bfd263a852f1ab102a73d13d291322ca36dc183093a713b07444fa93505439c", "7eef302158941c1bb82f0c4e04c2fd0e00c2c4cb3a726ddcfb44dbf928184a60", "800b61f1ab3fb1ec621d010899c02dc385ff7aaeae1917156177d4b62542a80a", "8c1b70702257d0bb944164fb0d1dd632052f97b372158eb8345886ebfee25e2f", "8f3a4f0679fb402e18f36fbf1ca9af09c3ba1065867aa3d66c833e71e5096a68", "9ffccfa726c8f8dc8d5a907489613330c3835b8f72b526880edfe45c39701c32", "a3bf9835a71f576caecdee29e6a88eda042df5329f14eeb9bf1ab0efe4e384c6", "bbf195d48481ce62a1d2365dc61f7659dfe954fcd2632c4fee8e62658955e847", "bdc1cccd3799eef17fa58cabdee058b21633c275e78e79cf3ceddd744df9186f", "c295e1b17806f7c4fa05969f3d35774e47b728be43efb9d88a6fcfb0d5738adc", "cc1aa7098b94c80c1cbed4629cfaa0ae0f782521d090bc294a2710b92db322a7", "cef4bbf70da8f02d496dcd38a64e5a08aaa92561c7df6319efb1e86701257369", "e03728e63ab6fcdf97ce09d26804de5dd939463d73659dcd9fa882dd2e940df0"], "host": "lymyfenumij[.]eu"}, {"hashes": ["00a9f6bb07a133aff93fa5dfd009477e886e2da2fd0a6d41b19deb29e737c950", "06557ec3ed23a8540bbdf30feac70d64fdf50197ed543655bc86d9dc4ae40ca3", "150cd980f70b0ac30026ddc11726030e437e8d99f30526190d4647680ccdd8fa", "220c7b4e4ef91905ceab6f77684a404e73721eb23f32ffd650718ca9ddbfd219", "29fcea73b54b4a26583411eafc5ce2903b75111f530d9fb7abfac6ce01f69791", "336a303772ffa2db341afaa7b40557f9d8c7a32736cb13b9fc13ae1b9d13bdee", "4b0bd0dde73c84997a8421ebf0dd74ce9dafd6d7d366570bf7a516c5bc3cb4fa", "550c821409c3bc9b07552887050f73bdc2c4ee233caddd02966d6253acba38bc", "61ca67775b8fc5cdc5c29c93a58f7512c968a0d86dcd39bd5fcd90721f7ba28c", "783104d529b570eb73f9bc076c34c5ce762350481b1d402a70682a2e5a5a8289", "7bc6edc2bbefcda6773e9971aca8737157b052155ca1b2fa3fb2f77e0c66da78", "7bfd263a852f1ab102a73d13d291322ca36dc183093a713b07444fa93505439c", "7eef302158941c1bb82f0c4e04c2fd0e00c2c4cb3a726ddcfb44dbf928184a60", "800b61f1ab3fb1ec621d010899c02dc385ff7aaeae1917156177d4b62542a80a", "8c1b70702257d0bb944164fb0d1dd632052f97b372158eb8345886ebfee25e2f", "8f3a4f0679fb402e18f36fbf1ca9af09c3ba1065867aa3d66c833e71e5096a68", "9ffccfa726c8f8dc8d5a907489613330c3835b8f72b526880edfe45c39701c32", "a3bf9835a71f576caecdee29e6a88eda042df5329f14eeb9bf1ab0efe4e384c6", "bbf195d48481ce62a1d2365dc61f7659dfe954fcd2632c4fee8e62658955e847", "bdc1cccd3799eef17fa58cabdee058b21633c275e78e79cf3ceddd744df9186f", "c295e1b17806f7c4fa05969f3d35774e47b728be43efb9d88a6fcfb0d5738adc", "cc1aa7098b94c80c1cbed4629cfaa0ae0f782521d090bc294a2710b92db322a7", "cef4bbf70da8f02d496dcd38a64e5a08aaa92561c7df6319efb1e86701257369", "e03728e63ab6fcdf97ce09d26804de5dd939463d73659dcd9fa882dd2e940df0"], "host": "xubirenosiq[.]eu"}, {"hashes": ["00a9f6bb07a133aff93fa5dfd009477e886e2da2fd0a6d41b19deb29e737c950", "06557ec3ed23a8540bbdf30feac70d64fdf50197ed543655bc86d9dc4ae40ca3", "150cd980f70b0ac30026ddc11726030e437e8d99f30526190d4647680ccdd8fa", "220c7b4e4ef91905ceab6f77684a404e73721eb23f32ffd650718ca9ddbfd219", "29fcea73b54b4a26583411eafc5ce2903b75111f530d9fb7abfac6ce01f69791", "336a303772ffa2db341afaa7b40557f9d8c7a32736cb13b9fc13ae1b9d13bdee", "4b0bd0dde73c84997a8421ebf0dd74ce9dafd6d7d366570bf7a516c5bc3cb4fa", "550c821409c3bc9b07552887050f73bdc2c4ee233caddd02966d6253acba38bc", "61ca67775b8fc5cdc5c29c93a58f7512c968a0d86dcd39bd5fcd90721f7ba28c", "783104d529b570eb73f9bc076c34c5ce762350481b1d402a70682a2e5a5a8289", "7bc6edc2bbefcda6773e9971aca8737157b052155ca1b2fa3fb2f77e0c66da78", "7bfd263a852f1ab102a73d13d291322ca36dc183093a713b07444fa93505439c", "7eef302158941c1bb82f0c4e04c2fd0e00c2c4cb3a726ddcfb44dbf928184a60", "800b61f1ab3fb1ec621d010899c02dc385ff7aaeae1917156177d4b62542a80a", "8c1b70702257d0bb944164fb0d1dd632052f97b372158eb8345886ebfee25e2f", "8f3a4f0679fb402e18f36fbf1ca9af09c3ba1065867aa3d66c833e71e5096a68", "9ffccfa726c8f8dc8d5a907489613330c3835b8f72b526880edfe45c39701c32", "a3bf9835a71f576caecdee29e6a88eda042df5329f14eeb9bf1ab0efe4e384c6", "bbf195d48481ce62a1d2365dc61f7659dfe954fcd2632c4fee8e62658955e847", "bdc1cccd3799eef17fa58cabdee058b21633c275e78e79cf3ceddd744df9186f", "c295e1b17806f7c4fa05969f3d35774e47b728be43efb9d88a6fcfb0d5738adc", "cc1aa7098b94c80c1cbed4629cfaa0ae0f782521d090bc294a2710b92db322a7", "cef4bbf70da8f02d496dcd38a64e5a08aaa92561c7df6319efb1e86701257369", "e03728e63ab6fcdf97ce09d26804de5dd939463d73659dcd9fa882dd2e940df0"], "host": "tunupegirec[.]eu"}, {"hashes": ["00a9f6bb07a133aff93fa5dfd009477e886e2da2fd0a6d41b19deb29e737c950", "06557ec3ed23a8540bbdf30feac70d64fdf50197ed543655bc86d9dc4ae40ca3", "150cd980f70b0ac30026ddc11726030e437e8d99f30526190d4647680ccdd8fa", "220c7b4e4ef91905ceab6f77684a404e73721eb23f32ffd650718ca9ddbfd219", "29fcea73b54b4a26583411eafc5ce2903b75111f530d9fb7abfac6ce01f69791", "336a303772ffa2db341afaa7b40557f9d8c7a32736cb13b9fc13ae1b9d13bdee", "4b0bd0dde73c84997a8421ebf0dd74ce9dafd6d7d366570bf7a516c5bc3cb4fa", "550c821409c3bc9b07552887050f73bdc2c4ee233caddd02966d6253acba38bc", "61ca67775b8fc5cdc5c29c93a58f7512c968a0d86dcd39bd5fcd90721f7ba28c", "783104d529b570eb73f9bc076c34c5ce762350481b1d402a70682a2e5a5a8289", "7bc6edc2bbefcda6773e9971aca8737157b052155ca1b2fa3fb2f77e0c66da78", "7bfd263a852f1ab102a73d13d291322ca36dc183093a713b07444fa93505439c", "7eef302158941c1bb82f0c4e04c2fd0e00c2c4cb3a726ddcfb44dbf928184a60", "800b61f1ab3fb1ec621d010899c02dc385ff7aaeae1917156177d4b62542a80a", "8c1b70702257d0bb944164fb0d1dd632052f97b372158eb8345886ebfee25e2f", "8f3a4f0679fb402e18f36fbf1ca9af09c3ba1065867aa3d66c833e71e5096a68", "9ffccfa726c8f8dc8d5a907489613330c3835b8f72b526880edfe45c39701c32", "a3bf9835a71f576caecdee29e6a88eda042df5329f14eeb9bf1ab0efe4e384c6", "bbf195d48481ce62a1d2365dc61f7659dfe954fcd2632c4fee8e62658955e847", "bdc1cccd3799eef17fa58cabdee058b21633c275e78e79cf3ceddd744df9186f", "c295e1b17806f7c4fa05969f3d35774e47b728be43efb9d88a6fcfb0d5738adc", "cc1aa7098b94c80c1cbed4629cfaa0ae0f782521d090bc294a2710b92db322a7", "cef4bbf70da8f02d496dcd38a64e5a08aaa92561c7df6319efb1e86701257369", "e03728e63ab6fcdf97ce09d26804de5dd939463d73659dcd9fa882dd2e940df0"], "host": "puvomegagep[.]eu"}, {"hashes": ["00a9f6bb07a133aff93fa5dfd009477e886e2da2fd0a6d41b19deb29e737c950", "06557ec3ed23a8540bbdf30feac70d64fdf50197ed543655bc86d9dc4ae40ca3", "150cd980f70b0ac30026ddc11726030e437e8d99f30526190d4647680ccdd8fa", "220c7b4e4ef91905ceab6f77684a404e73721eb23f32ffd650718ca9ddbfd219", "29fcea73b54b4a26583411eafc5ce2903b75111f530d9fb7abfac6ce01f69791", "336a303772ffa2db341afaa7b40557f9d8c7a32736cb13b9fc13ae1b9d13bdee", "4b0bd0dde73c84997a8421ebf0dd74ce9dafd6d7d366570bf7a516c5bc3cb4fa", "550c821409c3bc9b07552887050f73bdc2c4ee233caddd02966d6253acba38bc", "61ca67775b8fc5cdc5c29c93a58f7512c968a0d86dcd39bd5fcd90721f7ba28c", "783104d529b570eb73f9bc076c34c5ce762350481b1d402a70682a2e5a5a8289", "7bc6edc2bbefcda6773e9971aca8737157b052155ca1b2fa3fb2f77e0c66da78", "7bfd263a852f1ab102a73d13d291322ca36dc183093a713b07444fa93505439c", "7eef302158941c1bb82f0c4e04c2fd0e00c2c4cb3a726ddcfb44dbf928184a60", "800b61f1ab3fb1ec621d010899c02dc385ff7aaeae1917156177d4b62542a80a", "8c1b70702257d0bb944164fb0d1dd632052f97b372158eb8345886ebfee25e2f", "8f3a4f0679fb402e18f36fbf1ca9af09c3ba1065867aa3d66c833e71e5096a68", "9ffccfa726c8f8dc8d5a907489613330c3835b8f72b526880edfe45c39701c32", "a3bf9835a71f576caecdee29e6a88eda042df5329f14eeb9bf1ab0efe4e384c6", "bbf195d48481ce62a1d2365dc61f7659dfe954fcd2632c4fee8e62658955e847", "bdc1cccd3799eef17fa58cabdee058b21633c275e78e79cf3ceddd744df9186f", "c295e1b17806f7c4fa05969f3d35774e47b728be43efb9d88a6fcfb0d5738adc", "cc1aa7098b94c80c1cbed4629cfaa0ae0f782521d090bc294a2710b92db322a7", "cef4bbf70da8f02d496dcd38a64e5a08aaa92561c7df6319efb1e86701257369", "e03728e63ab6fcdf97ce09d26804de5dd939463d73659dcd9fa882dd2e940df0"], "host": "cicavemejih[.]eu"}, {"hashes": ["00a9f6bb07a133aff93fa5dfd009477e886e2da2fd0a6d41b19deb29e737c950", "06557ec3ed23a8540bbdf30feac70d64fdf50197ed543655bc86d9dc4ae40ca3", "150cd980f70b0ac30026ddc11726030e437e8d99f30526190d4647680ccdd8fa", "220c7b4e4ef91905ceab6f77684a404e73721eb23f32ffd650718ca9ddbfd219", "29fcea73b54b4a26583411eafc5ce2903b75111f530d9fb7abfac6ce01f69791", "336a303772ffa2db341afaa7b40557f9d8c7a32736cb13b9fc13ae1b9d13bdee", "4b0bd0dde73c84997a8421ebf0dd74ce9dafd6d7d366570bf7a516c5bc3cb4fa", "550c821409c3bc9b07552887050f73bdc2c4ee233caddd02966d6253acba38bc", "61ca67775b8fc5cdc5c29c93a58f7512c968a0d86dcd39bd5fcd90721f7ba28c", "783104d529b570eb73f9bc076c34c5ce762350481b1d402a70682a2e5a5a8289", "7bc6edc2bbefcda6773e9971aca8737157b052155ca1b2fa3fb2f77e0c66da78", "7bfd263a852f1ab102a73d13d291322ca36dc183093a713b07444fa93505439c", "7eef302158941c1bb82f0c4e04c2fd0e00c2c4cb3a726ddcfb44dbf928184a60", "800b61f1ab3fb1ec621d010899c02dc385ff7aaeae1917156177d4b62542a80a", "8c1b70702257d0bb944164fb0d1dd632052f97b372158eb8345886ebfee25e2f", "8f3a4f0679fb402e18f36fbf1ca9af09c3ba1065867aa3d66c833e71e5096a68", "9ffccfa726c8f8dc8d5a907489613330c3835b8f72b526880edfe45c39701c32", "a3bf9835a71f576caecdee29e6a88eda042df5329f14eeb9bf1ab0efe4e384c6", "bbf195d48481ce62a1d2365dc61f7659dfe954fcd2632c4fee8e62658955e847", "bdc1cccd3799eef17fa58cabdee058b21633c275e78e79cf3ceddd744df9186f", "c295e1b17806f7c4fa05969f3d35774e47b728be43efb9d88a6fcfb0d5738adc", "cc1aa7098b94c80c1cbed4629cfaa0ae0f782521d090bc294a2710b92db322a7", "cef4bbf70da8f02d496dcd38a64e5a08aaa92561c7df6319efb1e86701257369", "e03728e63ab6fcdf97ce09d26804de5dd939463d73659dcd9fa882dd2e940df0"], "host": "dixexehyzex[.]eu"}, {"hashes": ["00a9f6bb07a133aff93fa5dfd009477e886e2da2fd0a6d41b19deb29e737c950", "06557ec3ed23a8540bbdf30feac70d64fdf50197ed543655bc86d9dc4ae40ca3", "150cd980f70b0ac30026ddc11726030e437e8d99f30526190d4647680ccdd8fa", "220c7b4e4ef91905ceab6f77684a404e73721eb23f32ffd650718ca9ddbfd219", "29fcea73b54b4a26583411eafc5ce2903b75111f530d9fb7abfac6ce01f69791", "336a303772ffa2db341afaa7b40557f9d8c7a32736cb13b9fc13ae1b9d13bdee", "4b0bd0dde73c84997a8421ebf0dd74ce9dafd6d7d366570bf7a516c5bc3cb4fa", "550c821409c3bc9b07552887050f73bdc2c4ee233caddd02966d6253acba38bc", "61ca67775b8fc5cdc5c29c93a58f7512c968a0d86dcd39bd5fcd90721f7ba28c", "783104d529b570eb73f9bc076c34c5ce762350481b1d402a70682a2e5a5a8289", "7bc6edc2bbefcda6773e9971aca8737157b052155ca1b2fa3fb2f77e0c66da78", "7bfd263a852f1ab102a73d13d291322ca36dc183093a713b07444fa93505439c", "7eef302158941c1bb82f0c4e04c2fd0e00c2c4cb3a726ddcfb44dbf928184a60", "800b61f1ab3fb1ec621d010899c02dc385ff7aaeae1917156177d4b62542a80a", "8c1b70702257d0bb944164fb0d1dd632052f97b372158eb8345886ebfee25e2f", "8f3a4f0679fb402e18f36fbf1ca9af09c3ba1065867aa3d66c833e71e5096a68", "9ffccfa726c8f8dc8d5a907489613330c3835b8f72b526880edfe45c39701c32", "a3bf9835a71f576caecdee29e6a88eda042df5329f14eeb9bf1ab0efe4e384c6", "bbf195d48481ce62a1d2365dc61f7659dfe954fcd2632c4fee8e62658955e847", "bdc1cccd3799eef17fa58cabdee058b21633c275e78e79cf3ceddd744df9186f", "c295e1b17806f7c4fa05969f3d35774e47b728be43efb9d88a6fcfb0d5738adc", "cc1aa7098b94c80c1cbed4629cfaa0ae0f782521d090bc294a2710b92db322a7", "cef4bbf70da8f02d496dcd38a64e5a08aaa92561c7df6319efb1e86701257369", "e03728e63ab6fcdf97ce09d26804de5dd939463d73659dcd9fa882dd2e940df0"], "host": "fokyhyhumap[.]eu"}, {"hashes": ["00a9f6bb07a133aff93fa5dfd009477e886e2da2fd0a6d41b19deb29e737c950", "06557ec3ed23a8540bbdf30feac70d64fdf50197ed543655bc86d9dc4ae40ca3", "150cd980f70b0ac30026ddc11726030e437e8d99f30526190d4647680ccdd8fa", "220c7b4e4ef91905ceab6f77684a404e73721eb23f32ffd650718ca9ddbfd219", "29fcea73b54b4a26583411eafc5ce2903b75111f530d9fb7abfac6ce01f69791", "336a303772ffa2db341afaa7b40557f9d8c7a32736cb13b9fc13ae1b9d13bdee", "4b0bd0dde73c84997a8421ebf0dd74ce9dafd6d7d366570bf7a516c5bc3cb4fa", "550c821409c3bc9b07552887050f73bdc2c4ee233caddd02966d6253acba38bc", "61ca67775b8fc5cdc5c29c93a58f7512c968a0d86dcd39bd5fcd90721f7ba28c", "783104d529b570eb73f9bc076c34c5ce762350481b1d402a70682a2e5a5a8289", "7bc6edc2bbefcda6773e9971aca8737157b052155ca1b2fa3fb2f77e0c66da78", "7bfd263a852f1ab102a73d13d291322ca36dc183093a713b07444fa93505439c", "7eef302158941c1bb82f0c4e04c2fd0e00c2c4cb3a726ddcfb44dbf928184a60", "800b61f1ab3fb1ec621d010899c02dc385ff7aaeae1917156177d4b62542a80a", "8c1b70702257d0bb944164fb0d1dd632052f97b372158eb8345886ebfee25e2f", "8f3a4f0679fb402e18f36fbf1ca9af09c3ba1065867aa3d66c833e71e5096a68", "9ffccfa726c8f8dc8d5a907489613330c3835b8f72b526880edfe45c39701c32", "a3bf9835a71f576caecdee29e6a88eda042df5329f14eeb9bf1ab0efe4e384c6", "bbf195d48481ce62a1d2365dc61f7659dfe954fcd2632c4fee8e62658955e847", "bdc1cccd3799eef17fa58cabdee058b21633c275e78e79cf3ceddd744df9186f", "c295e1b17806f7c4fa05969f3d35774e47b728be43efb9d88a6fcfb0d5738adc", "cc1aa7098b94c80c1cbed4629cfaa0ae0f782521d090bc294a2710b92db322a7", "cef4bbf70da8f02d496dcd38a64e5a08aaa92561c7df6319efb1e86701257369", "e03728e63ab6fcdf97ce09d26804de5dd939463d73659dcd9fa882dd2e940df0"], "host": "volekymyvum[.]eu"}, {"hashes": ["00a9f6bb07a133aff93fa5dfd009477e886e2da2fd0a6d41b19deb29e737c950", "06557ec3ed23a8540bbdf30feac70d64fdf50197ed543655bc86d9dc4ae40ca3", "150cd980f70b0ac30026ddc11726030e437e8d99f30526190d4647680ccdd8fa", "220c7b4e4ef91905ceab6f77684a404e73721eb23f32ffd650718ca9ddbfd219", "29fcea73b54b4a26583411eafc5ce2903b75111f530d9fb7abfac6ce01f69791", "336a303772ffa2db341afaa7b40557f9d8c7a32736cb13b9fc13ae1b9d13bdee", "4b0bd0dde73c84997a8421ebf0dd74ce9dafd6d7d366570bf7a516c5bc3cb4fa", "550c821409c3bc9b07552887050f73bdc2c4ee233caddd02966d6253acba38bc", "61ca67775b8fc5cdc5c29c93a58f7512c968a0d86dcd39bd5fcd90721f7ba28c", "783104d529b570eb73f9bc076c34c5ce762350481b1d402a70682a2e5a5a8289", "7bc6edc2bbefcda6773e9971aca8737157b052155ca1b2fa3fb2f77e0c66da78", "7bfd263a852f1ab102a73d13d291322ca36dc183093a713b07444fa93505439c", "7eef302158941c1bb82f0c4e04c2fd0e00c2c4cb3a726ddcfb44dbf928184a60", "800b61f1ab3fb1ec621d010899c02dc385ff7aaeae1917156177d4b62542a80a", "8c1b70702257d0bb944164fb0d1dd632052f97b372158eb8345886ebfee25e2f", "8f3a4f0679fb402e18f36fbf1ca9af09c3ba1065867aa3d66c833e71e5096a68", "9ffccfa726c8f8dc8d5a907489613330c3835b8f72b526880edfe45c39701c32", "a3bf9835a71f576caecdee29e6a88eda042df5329f14eeb9bf1ab0efe4e384c6", "bbf195d48481ce62a1d2365dc61f7659dfe954fcd2632c4fee8e62658955e847", "bdc1cccd3799eef17fa58cabdee058b21633c275e78e79cf3ceddd744df9186f", "c295e1b17806f7c4fa05969f3d35774e47b728be43efb9d88a6fcfb0d5738adc", "cc1aa7098b94c80c1cbed4629cfaa0ae0f782521d090bc294a2710b92db322a7", "cef4bbf70da8f02d496dcd38a64e5a08aaa92561c7df6319efb1e86701257369", "e03728e63ab6fcdf97ce09d26804de5dd939463d73659dcd9fa882dd2e940df0"], "host": "nojudymiwuh[.]eu"}, {"hashes": ["00a9f6bb07a133aff93fa5dfd009477e886e2da2fd0a6d41b19deb29e737c950", "06557ec3ed23a8540bbdf30feac70d64fdf50197ed543655bc86d9dc4ae40ca3", "150cd980f70b0ac30026ddc11726030e437e8d99f30526190d4647680ccdd8fa", "220c7b4e4ef91905ceab6f77684a404e73721eb23f32ffd650718ca9ddbfd219", "29fcea73b54b4a26583411eafc5ce2903b75111f530d9fb7abfac6ce01f69791", "336a303772ffa2db341afaa7b40557f9d8c7a32736cb13b9fc13ae1b9d13bdee", "4b0bd0dde73c84997a8421ebf0dd74ce9dafd6d7d366570bf7a516c5bc3cb4fa", "550c821409c3bc9b07552887050f73bdc2c4ee233caddd02966d6253acba38bc", "61ca67775b8fc5cdc5c29c93a58f7512c968a0d86dcd39bd5fcd90721f7ba28c", "783104d529b570eb73f9bc076c34c5ce762350481b1d402a70682a2e5a5a8289", "7bc6edc2bbefcda6773e9971aca8737157b052155ca1b2fa3fb2f77e0c66da78", "7bfd263a852f1ab102a73d13d291322ca36dc183093a713b07444fa93505439c", "7eef302158941c1bb82f0c4e04c2fd0e00c2c4cb3a726ddcfb44dbf928184a60", "800b61f1ab3fb1ec621d010899c02dc385ff7aaeae1917156177d4b62542a80a", "8c1b70702257d0bb944164fb0d1dd632052f97b372158eb8345886ebfee25e2f", "8f3a4f0679fb402e18f36fbf1ca9af09c3ba1065867aa3d66c833e71e5096a68", "9ffccfa726c8f8dc8d5a907489613330c3835b8f72b526880edfe45c39701c32", "a3bf9835a71f576caecdee29e6a88eda042df5329f14eeb9bf1ab0efe4e384c6", "bbf195d48481ce62a1d2365dc61f7659dfe954fcd2632c4fee8e62658955e847", "bdc1cccd3799eef17fa58cabdee058b21633c275e78e79cf3ceddd744df9186f", "c295e1b17806f7c4fa05969f3d35774e47b728be43efb9d88a6fcfb0d5738adc", "cc1aa7098b94c80c1cbed4629cfaa0ae0f782521d090bc294a2710b92db322a7", "cef4bbf70da8f02d496dcd38a64e5a08aaa92561c7df6319efb1e86701257369", "e03728e63ab6fcdf97ce09d26804de5dd939463d73659dcd9fa882dd2e940df0"], "host": "gahipyhopax[.]eu"}, {"hashes": ["00a9f6bb07a133aff93fa5dfd009477e886e2da2fd0a6d41b19deb29e737c950", "06557ec3ed23a8540bbdf30feac70d64fdf50197ed543655bc86d9dc4ae40ca3", "150cd980f70b0ac30026ddc11726030e437e8d99f30526190d4647680ccdd8fa", "220c7b4e4ef91905ceab6f77684a404e73721eb23f32ffd650718ca9ddbfd219", "29fcea73b54b4a26583411eafc5ce2903b75111f530d9fb7abfac6ce01f69791", "336a303772ffa2db341afaa7b40557f9d8c7a32736cb13b9fc13ae1b9d13bdee", "4b0bd0dde73c84997a8421ebf0dd74ce9dafd6d7d366570bf7a516c5bc3cb4fa", "550c821409c3bc9b07552887050f73bdc2c4ee233caddd02966d6253acba38bc", "61ca67775b8fc5cdc5c29c93a58f7512c968a0d86dcd39bd5fcd90721f7ba28c", "783104d529b570eb73f9bc076c34c5ce762350481b1d402a70682a2e5a5a8289", "7bc6edc2bbefcda6773e9971aca8737157b052155ca1b2fa3fb2f77e0c66da78", "7bfd263a852f1ab102a73d13d291322ca36dc183093a713b07444fa93505439c", "7eef302158941c1bb82f0c4e04c2fd0e00c2c4cb3a726ddcfb44dbf928184a60", "800b61f1ab3fb1ec621d010899c02dc385ff7aaeae1917156177d4b62542a80a", "8c1b70702257d0bb944164fb0d1dd632052f97b372158eb8345886ebfee25e2f", "8f3a4f0679fb402e18f36fbf1ca9af09c3ba1065867aa3d66c833e71e5096a68", "9ffccfa726c8f8dc8d5a907489613330c3835b8f72b526880edfe45c39701c32", "a3bf9835a71f576caecdee29e6a88eda042df5329f14eeb9bf1ab0efe4e384c6", "bbf195d48481ce62a1d2365dc61f7659dfe954fcd2632c4fee8e62658955e847", "bdc1cccd3799eef17fa58cabdee058b21633c275e78e79cf3ceddd744df9186f", "c295e1b17806f7c4fa05969f3d35774e47b728be43efb9d88a6fcfb0d5738adc", "cc1aa7098b94c80c1cbed4629cfaa0ae0f782521d090bc294a2710b92db322a7", "cef4bbf70da8f02d496dcd38a64e5a08aaa92561c7df6319efb1e86701257369", "e03728e63ab6fcdf97ce09d26804de5dd939463d73659dcd9fa882dd2e940df0"], "host": "magowymafum[.]eu"}, {"hashes": ["00a9f6bb07a133aff93fa5dfd009477e886e2da2fd0a6d41b19deb29e737c950", "06557ec3ed23a8540bbdf30feac70d64fdf50197ed543655bc86d9dc4ae40ca3", "150cd980f70b0ac30026ddc11726030e437e8d99f30526190d4647680ccdd8fa", "220c7b4e4ef91905ceab6f77684a404e73721eb23f32ffd650718ca9ddbfd219", "29fcea73b54b4a26583411eafc5ce2903b75111f530d9fb7abfac6ce01f69791", "336a303772ffa2db341afaa7b40557f9d8c7a32736cb13b9fc13ae1b9d13bdee", "4b0bd0dde73c84997a8421ebf0dd74ce9dafd6d7d366570bf7a516c5bc3cb4fa", "550c821409c3bc9b07552887050f73bdc2c4ee233caddd02966d6253acba38bc", "61ca67775b8fc5cdc5c29c93a58f7512c968a0d86dcd39bd5fcd90721f7ba28c", "783104d529b570eb73f9bc076c34c5ce762350481b1d402a70682a2e5a5a8289", "7bc6edc2bbefcda6773e9971aca8737157b052155ca1b2fa3fb2f77e0c66da78", "7bfd263a852f1ab102a73d13d291322ca36dc183093a713b07444fa93505439c", "7eef302158941c1bb82f0c4e04c2fd0e00c2c4cb3a726ddcfb44dbf928184a60", "800b61f1ab3fb1ec621d010899c02dc385ff7aaeae1917156177d4b62542a80a", "8c1b70702257d0bb944164fb0d1dd632052f97b372158eb8345886ebfee25e2f", "8f3a4f0679fb402e18f36fbf1ca9af09c3ba1065867aa3d66c833e71e5096a68", "9ffccfa726c8f8dc8d5a907489613330c3835b8f72b526880edfe45c39701c32", "a3bf9835a71f576caecdee29e6a88eda042df5329f14eeb9bf1ab0efe4e384c6", "bbf195d48481ce62a1d2365dc61f7659dfe954fcd2632c4fee8e62658955e847", "bdc1cccd3799eef17fa58cabdee058b21633c275e78e79cf3ceddd744df9186f", "c295e1b17806f7c4fa05969f3d35774e47b728be43efb9d88a6fcfb0d5738adc", "cc1aa7098b94c80c1cbed4629cfaa0ae0f782521d090bc294a2710b92db322a7", "cef4bbf70da8f02d496dcd38a64e5a08aaa92561c7df6319efb1e86701257369", "e03728e63ab6fcdf97ce09d26804de5dd939463d73659dcd9fa882dd2e940df0"], "host": "jefamyjejat[.]eu"}, {"hashes": ["00a9f6bb07a133aff93fa5dfd009477e886e2da2fd0a6d41b19deb29e737c950", "06557ec3ed23a8540bbdf30feac70d64fdf50197ed543655bc86d9dc4ae40ca3", "150cd980f70b0ac30026ddc11726030e437e8d99f30526190d4647680ccdd8fa", "220c7b4e4ef91905ceab6f77684a404e73721eb23f32ffd650718ca9ddbfd219", "29fcea73b54b4a26583411eafc5ce2903b75111f530d9fb7abfac6ce01f69791", "336a303772ffa2db341afaa7b40557f9d8c7a32736cb13b9fc13ae1b9d13bdee", "4b0bd0dde73c84997a8421ebf0dd74ce9dafd6d7d366570bf7a516c5bc3cb4fa", "550c821409c3bc9b07552887050f73bdc2c4ee233caddd02966d6253acba38bc", "61ca67775b8fc5cdc5c29c93a58f7512c968a0d86dcd39bd5fcd90721f7ba28c", "783104d529b570eb73f9bc076c34c5ce762350481b1d402a70682a2e5a5a8289", "7bc6edc2bbefcda6773e9971aca8737157b052155ca1b2fa3fb2f77e0c66da78", "7bfd263a852f1ab102a73d13d291322ca36dc183093a713b07444fa93505439c", "7eef302158941c1bb82f0c4e04c2fd0e00c2c4cb3a726ddcfb44dbf928184a60", "800b61f1ab3fb1ec621d010899c02dc385ff7aaeae1917156177d4b62542a80a", "8c1b70702257d0bb944164fb0d1dd632052f97b372158eb8345886ebfee25e2f", "8f3a4f0679fb402e18f36fbf1ca9af09c3ba1065867aa3d66c833e71e5096a68", "9ffccfa726c8f8dc8d5a907489613330c3835b8f72b526880edfe45c39701c32", "a3bf9835a71f576caecdee29e6a88eda042df5329f14eeb9bf1ab0efe4e384c6", "bbf195d48481ce62a1d2365dc61f7659dfe954fcd2632c4fee8e62658955e847", "bdc1cccd3799eef17fa58cabdee058b21633c275e78e79cf3ceddd744df9186f", "c295e1b17806f7c4fa05969f3d35774e47b728be43efb9d88a6fcfb0d5738adc", "cc1aa7098b94c80c1cbed4629cfaa0ae0f782521d090bc294a2710b92db322a7", "cef4bbf70da8f02d496dcd38a64e5a08aaa92561c7df6319efb1e86701257369", "e03728e63ab6fcdf97ce09d26804de5dd939463d73659dcd9fa882dd2e940df0"], "host": "qedevuqelug[.]eu"}, {"hashes": ["00a9f6bb07a133aff93fa5dfd009477e886e2da2fd0a6d41b19deb29e737c950", "06557ec3ed23a8540bbdf30feac70d64fdf50197ed543655bc86d9dc4ae40ca3", "150cd980f70b0ac30026ddc11726030e437e8d99f30526190d4647680ccdd8fa", "220c7b4e4ef91905ceab6f77684a404e73721eb23f32ffd650718ca9ddbfd219", "29fcea73b54b4a26583411eafc5ce2903b75111f530d9fb7abfac6ce01f69791", "336a303772ffa2db341afaa7b40557f9d8c7a32736cb13b9fc13ae1b9d13bdee", "4b0bd0dde73c84997a8421ebf0dd74ce9dafd6d7d366570bf7a516c5bc3cb4fa", "550c821409c3bc9b07552887050f73bdc2c4ee233caddd02966d6253acba38bc", "61ca67775b8fc5cdc5c29c93a58f7512c968a0d86dcd39bd5fcd90721f7ba28c", "783104d529b570eb73f9bc076c34c5ce762350481b1d402a70682a2e5a5a8289", "7bc6edc2bbefcda6773e9971aca8737157b052155ca1b2fa3fb2f77e0c66da78", "7bfd263a852f1ab102a73d13d291322ca36dc183093a713b07444fa93505439c", "7eef302158941c1bb82f0c4e04c2fd0e00c2c4cb3a726ddcfb44dbf928184a60", "800b61f1ab3fb1ec621d010899c02dc385ff7aaeae1917156177d4b62542a80a", "8c1b70702257d0bb944164fb0d1dd632052f97b372158eb8345886ebfee25e2f", "8f3a4f0679fb402e18f36fbf1ca9af09c3ba1065867aa3d66c833e71e5096a68", "9ffccfa726c8f8dc8d5a907489613330c3835b8f72b526880edfe45c39701c32", "a3bf9835a71f576caecdee29e6a88eda042df5329f14eeb9bf1ab0efe4e384c6", "bbf195d48481ce62a1d2365dc61f7659dfe954fcd2632c4fee8e62658955e847", "bdc1cccd3799eef17fa58cabdee058b21633c275e78e79cf3ceddd744df9186f", "c295e1b17806f7c4fa05969f3d35774e47b728be43efb9d88a6fcfb0d5738adc", "cc1aa7098b94c80c1cbed4629cfaa0ae0f782521d090bc294a2710b92db322a7", "cef4bbf70da8f02d496dcd38a64e5a08aaa92561c7df6319efb1e86701257369", "e03728e63ab6fcdf97ce09d26804de5dd939463d73659dcd9fa882dd2e940df0"], "host": "rytukuqunun[.]eu"}], "file": [{"hashes": ["00a9f6bb07a133aff93fa5dfd009477e886e2da2fd0a6d41b19deb29e737c950", "06557ec3ed23a8540bbdf30feac70d64fdf50197ed543655bc86d9dc4ae40ca3", "150cd980f70b0ac30026ddc11726030e437e8d99f30526190d4647680ccdd8fa", "220c7b4e4ef91905ceab6f77684a404e73721eb23f32ffd650718ca9ddbfd219", "29fcea73b54b4a26583411eafc5ce2903b75111f530d9fb7abfac6ce01f69791", "336a303772ffa2db341afaa7b40557f9d8c7a32736cb13b9fc13ae1b9d13bdee", "4b0bd0dde73c84997a8421ebf0dd74ce9dafd6d7d366570bf7a516c5bc3cb4fa", "550c821409c3bc9b07552887050f73bdc2c4ee233caddd02966d6253acba38bc", "61ca67775b8fc5cdc5c29c93a58f7512c968a0d86dcd39bd5fcd90721f7ba28c", "783104d529b570eb73f9bc076c34c5ce762350481b1d402a70682a2e5a5a8289", "7bc6edc2bbefcda6773e9971aca8737157b052155ca1b2fa3fb2f77e0c66da78", "7bfd263a852f1ab102a73d13d291322ca36dc183093a713b07444fa93505439c", "7eef302158941c1bb82f0c4e04c2fd0e00c2c4cb3a726ddcfb44dbf928184a60", "800b61f1ab3fb1ec621d010899c02dc385ff7aaeae1917156177d4b62542a80a", "8c1b70702257d0bb944164fb0d1dd632052f97b372158eb8345886ebfee25e2f", "8f3a4f0679fb402e18f36fbf1ca9af09c3ba1065867aa3d66c833e71e5096a68", "9ffccfa726c8f8dc8d5a907489613330c3835b8f72b526880edfe45c39701c32", "a3bf9835a71f576caecdee29e6a88eda042df5329f14eeb9bf1ab0efe4e384c6", "bbf195d48481ce62a1d2365dc61f7659dfe954fcd2632c4fee8e62658955e847", "bdc1cccd3799eef17fa58cabdee058b21633c275e78e79cf3ceddd744df9186f", "c295e1b17806f7c4fa05969f3d35774e47b728be43efb9d88a6fcfb0d5738adc", "cc1aa7098b94c80c1cbed4629cfaa0ae0f782521d090bc294a2710b92db322a7", "cef4bbf70da8f02d496dcd38a64e5a08aaa92561c7df6319efb1e86701257369", "e03728e63ab6fcdf97ce09d26804de5dd939463d73659dcd9fa882dd2e940df0"], "path": "%TEMP%\\<random, matching [A-F0-9]{1,4}>.tmp"}], "ip": [{"hashes": ["00a9f6bb07a133aff93fa5dfd009477e886e2da2fd0a6d41b19deb29e737c950", "06557ec3ed23a8540bbdf30feac70d64fdf50197ed543655bc86d9dc4ae40ca3", "150cd980f70b0ac30026ddc11726030e437e8d99f30526190d4647680ccdd8fa", "220c7b4e4ef91905ceab6f77684a404e73721eb23f32ffd650718ca9ddbfd219", "29fcea73b54b4a26583411eafc5ce2903b75111f530d9fb7abfac6ce01f69791", "336a303772ffa2db341afaa7b40557f9d8c7a32736cb13b9fc13ae1b9d13bdee", "4b0bd0dde73c84997a8421ebf0dd74ce9dafd6d7d366570bf7a516c5bc3cb4fa", "550c821409c3bc9b07552887050f73bdc2c4ee233caddd02966d6253acba38bc", "61ca67775b8fc5cdc5c29c93a58f7512c968a0d86dcd39bd5fcd90721f7ba28c", "783104d529b570eb73f9bc076c34c5ce762350481b1d402a70682a2e5a5a8289", "7bc6edc2bbefcda6773e9971aca8737157b052155ca1b2fa3fb2f77e0c66da78", "7bfd263a852f1ab102a73d13d291322ca36dc183093a713b07444fa93505439c", "7eef302158941c1bb82f0c4e04c2fd0e00c2c4cb3a726ddcfb44dbf928184a60", "800b61f1ab3fb1ec621d010899c02dc385ff7aaeae1917156177d4b62542a80a", "8c1b70702257d0bb944164fb0d1dd632052f97b372158eb8345886ebfee25e2f", "8f3a4f0679fb402e18f36fbf1ca9af09c3ba1065867aa3d66c833e71e5096a68", "9ffccfa726c8f8dc8d5a907489613330c3835b8f72b526880edfe45c39701c32", "a3bf9835a71f576caecdee29e6a88eda042df5329f14eeb9bf1ab0efe4e384c6", "bbf195d48481ce62a1d2365dc61f7659dfe954fcd2632c4fee8e62658955e847", "bdc1cccd3799eef17fa58cabdee058b21633c275e78e79cf3ceddd744df9186f", "c295e1b17806f7c4fa05969f3d35774e47b728be43efb9d88a6fcfb0d5738adc", "cc1aa7098b94c80c1cbed4629cfaa0ae0f782521d090bc294a2710b92db322a7", "cef4bbf70da8f02d496dcd38a64e5a08aaa92561c7df6319efb1e86701257369", "e03728e63ab6fcdf97ce09d26804de5dd939463d73659dcd9fa882dd2e940df0"], "ip": "85[.]94[.]194[.]169"}, {"hashes": ["06557ec3ed23a8540bbdf30feac70d64fdf50197ed543655bc86d9dc4ae40ca3", "220c7b4e4ef91905ceab6f77684a404e73721eb23f32ffd650718ca9ddbfd219", "336a303772ffa2db341afaa7b40557f9d8c7a32736cb13b9fc13ae1b9d13bdee", "4b0bd0dde73c84997a8421ebf0dd74ce9dafd6d7d366570bf7a516c5bc3cb4fa", "550c821409c3bc9b07552887050f73bdc2c4ee233caddd02966d6253acba38bc", "61ca67775b8fc5cdc5c29c93a58f7512c968a0d86dcd39bd5fcd90721f7ba28c", "7eef302158941c1bb82f0c4e04c2fd0e00c2c4cb3a726ddcfb44dbf928184a60", "800b61f1ab3fb1ec621d010899c02dc385ff7aaeae1917156177d4b62542a80a", "8f3a4f0679fb402e18f36fbf1ca9af09c3ba1065867aa3d66c833e71e5096a68", "9ffccfa726c8f8dc8d5a907489613330c3835b8f72b526880edfe45c39701c32", "bbf195d48481ce62a1d2365dc61f7659dfe954fcd2632c4fee8e62658955e847", "bdc1cccd3799eef17fa58cabdee058b21633c275e78e79cf3ceddd744df9186f", "c295e1b17806f7c4fa05969f3d35774e47b728be43efb9d88a6fcfb0d5738adc", "cc1aa7098b94c80c1cbed4629cfaa0ae0f782521d090bc294a2710b92db322a7", "cef4bbf70da8f02d496dcd38a64e5a08aaa92561c7df6319efb1e86701257369"], "ip": "13[.]107[.]21[.]200"}, {"hashes": ["220c7b4e4ef91905ceab6f77684a404e73721eb23f32ffd650718ca9ddbfd219", "336a303772ffa2db341afaa7b40557f9d8c7a32736cb13b9fc13ae1b9d13bdee", "7bc6edc2bbefcda6773e9971aca8737157b052155ca1b2fa3fb2f77e0c66da78", "8c1b70702257d0bb944164fb0d1dd632052f97b372158eb8345886ebfee25e2f", "a3bf9835a71f576caecdee29e6a88eda042df5329f14eeb9bf1ab0efe4e384c6", "c295e1b17806f7c4fa05969f3d35774e47b728be43efb9d88a6fcfb0d5738adc", "cc1aa7098b94c80c1cbed4629cfaa0ae0f782521d090bc294a2710b92db322a7"], "ip": "45[.]33[.]18[.]44"}, {"hashes": ["150cd980f70b0ac30026ddc11726030e437e8d99f30526190d4647680ccdd8fa", "29fcea73b54b4a26583411eafc5ce2903b75111f530d9fb7abfac6ce01f69791", "61ca67775b8fc5cdc5c29c93a58f7512c968a0d86dcd39bd5fcd90721f7ba28c", "8f3a4f0679fb402e18f36fbf1ca9af09c3ba1065867aa3d66c833e71e5096a68", "bbf195d48481ce62a1d2365dc61f7659dfe954fcd2632c4fee8e62658955e847", "e03728e63ab6fcdf97ce09d26804de5dd939463d73659dcd9fa882dd2e940df0"], "ip": "198[.]58[.]118[.]167"}, {"hashes": ["00a9f6bb07a133aff93fa5dfd009477e886e2da2fd0a6d41b19deb29e737c950", "06557ec3ed23a8540bbdf30feac70d64fdf50197ed543655bc86d9dc4ae40ca3", "61ca67775b8fc5cdc5c29c93a58f7512c968a0d86dcd39bd5fcd90721f7ba28c", "7eef302158941c1bb82f0c4e04c2fd0e00c2c4cb3a726ddcfb44dbf928184a60", "800b61f1ab3fb1ec621d010899c02dc385ff7aaeae1917156177d4b62542a80a", "bbf195d48481ce62a1d2365dc61f7659dfe954fcd2632c4fee8e62658955e847"], "ip": "45[.]33[.]20[.]235"}, {"hashes": ["4b0bd0dde73c84997a8421ebf0dd74ce9dafd6d7d366570bf7a516c5bc3cb4fa", "7bc6edc2bbefcda6773e9971aca8737157b052155ca1b2fa3fb2f77e0c66da78", "7eef302158941c1bb82f0c4e04c2fd0e00c2c4cb3a726ddcfb44dbf928184a60", "bdc1cccd3799eef17fa58cabdee058b21633c275e78e79cf3ceddd744df9186f", "e03728e63ab6fcdf97ce09d26804de5dd939463d73659dcd9fa882dd2e940df0"], "ip": "45[.]79[.]19[.]196"}, {"hashes": ["00a9f6bb07a133aff93fa5dfd009477e886e2da2fd0a6d41b19deb29e737c950", "150cd980f70b0ac30026ddc11726030e437e8d99f30526190d4647680ccdd8fa", "29fcea73b54b4a26583411eafc5ce2903b75111f530d9fb7abfac6ce01f69791", "7bfd263a852f1ab102a73d13d291322ca36dc183093a713b07444fa93505439c", "cc1aa7098b94c80c1cbed4629cfaa0ae0f782521d090bc294a2710b92db322a7"], "ip": "45[.]33[.]2[.]79"}, {"hashes": ["06557ec3ed23a8540bbdf30feac70d64fdf50197ed543655bc86d9dc4ae40ca3", "336a303772ffa2db341afaa7b40557f9d8c7a32736cb13b9fc13ae1b9d13bdee", "783104d529b570eb73f9bc076c34c5ce762350481b1d402a70682a2e5a5a8289", "8c1b70702257d0bb944164fb0d1dd632052f97b372158eb8345886ebfee25e2f"], "ip": "45[.]56[.]79[.]23"}, {"hashes": ["220c7b4e4ef91905ceab6f77684a404e73721eb23f32ffd650718ca9ddbfd219", "4b0bd0dde73c84997a8421ebf0dd74ce9dafd6d7d366570bf7a516c5bc3cb4fa", "800b61f1ab3fb1ec621d010899c02dc385ff7aaeae1917156177d4b62542a80a", "cef4bbf70da8f02d496dcd38a64e5a08aaa92561c7df6319efb1e86701257369"], "ip": "72[.]14[.]185[.]43"}, {"hashes": ["9ffccfa726c8f8dc8d5a907489613330c3835b8f72b526880edfe45c39701c32", "a3bf9835a71f576caecdee29e6a88eda042df5329f14eeb9bf1ab0efe4e384c6"], "ip": "96[.]126[.]123[.]244"}, {"hashes": ["783104d529b570eb73f9bc076c34c5ce762350481b1d402a70682a2e5a5a8289", "bdc1cccd3799eef17fa58cabdee058b21633c275e78e79cf3ceddd744df9186f"], "ip": "45[.]33[.]23[.]183"}, {"hashes": ["c295e1b17806f7c4fa05969f3d35774e47b728be43efb9d88a6fcfb0d5738adc", "cef4bbf70da8f02d496dcd38a64e5a08aaa92561c7df6319efb1e86701257369"], "ip": "173[.]255[.]194[.]134"}, {"hashes": ["550c821409c3bc9b07552887050f73bdc2c4ee233caddd02966d6253acba38bc", "8f3a4f0679fb402e18f36fbf1ca9af09c3ba1065867aa3d66c833e71e5096a68"], "ip": "72[.]14[.]178[.]174"}, {"hashes": ["550c821409c3bc9b07552887050f73bdc2c4ee233caddd02966d6253acba38bc"], "ip": "45[.]33[.]30[.]197"}], "mutex": [{"hashes": ["00a9f6bb07a133aff93fa5dfd009477e886e2da2fd0a6d41b19deb29e737c950", "06557ec3ed23a8540bbdf30feac70d64fdf50197ed543655bc86d9dc4ae40ca3", "150cd980f70b0ac30026ddc11726030e437e8d99f30526190d4647680ccdd8fa", "220c7b4e4ef91905ceab6f77684a404e73721eb23f32ffd650718ca9ddbfd219", "29fcea73b54b4a26583411eafc5ce2903b75111f530d9fb7abfac6ce01f69791", "336a303772ffa2db341afaa7b40557f9d8c7a32736cb13b9fc13ae1b9d13bdee", "4b0bd0dde73c84997a8421ebf0dd74ce9dafd6d7d366570bf7a516c5bc3cb4fa", "550c821409c3bc9b07552887050f73bdc2c4ee233caddd02966d6253acba38bc", "61ca67775b8fc5cdc5c29c93a58f7512c968a0d86dcd39bd5fcd90721f7ba28c", "783104d529b570eb73f9bc076c34c5ce762350481b1d402a70682a2e5a5a8289", "7bc6edc2bbefcda6773e9971aca8737157b052155ca1b2fa3fb2f77e0c66da78", "7bfd263a852f1ab102a73d13d291322ca36dc183093a713b07444fa93505439c", "7eef302158941c1bb82f0c4e04c2fd0e00c2c4cb3a726ddcfb44dbf928184a60", "800b61f1ab3fb1ec621d010899c02dc385ff7aaeae1917156177d4b62542a80a", "8c1b70702257d0bb944164fb0d1dd632052f97b372158eb8345886ebfee25e2f", "8f3a4f0679fb402e18f36fbf1ca9af09c3ba1065867aa3d66c833e71e5096a68", "9ffccfa726c8f8dc8d5a907489613330c3835b8f72b526880edfe45c39701c32", "a3bf9835a71f576caecdee29e6a88eda042df5329f14eeb9bf1ab0efe4e384c6", "bbf195d48481ce62a1d2365dc61f7659dfe954fcd2632c4fee8e62658955e847", "bdc1cccd3799eef17fa58cabdee058b21633c275e78e79cf3ceddd744df9186f", "c295e1b17806f7c4fa05969f3d35774e47b728be43efb9d88a6fcfb0d5738adc", "cc1aa7098b94c80c1cbed4629cfaa0ae0f782521d090bc294a2710b92db322a7", "cef4bbf70da8f02d496dcd38a64e5a08aaa92561c7df6319efb1e86701257369", "e03728e63ab6fcdf97ce09d26804de5dd939463d73659dcd9fa882dd2e940df0"], "name": "Global\\674972E3a"}, {"hashes": ["00a9f6bb07a133aff93fa5dfd009477e886e2da2fd0a6d41b19deb29e737c950", "06557ec3ed23a8540bbdf30feac70d64fdf50197ed543655bc86d9dc4ae40ca3", "150cd980f70b0ac30026ddc11726030e437e8d99f30526190d4647680ccdd8fa", "220c7b4e4ef91905ceab6f77684a404e73721eb23f32ffd650718ca9ddbfd219", "29fcea73b54b4a26583411eafc5ce2903b75111f530d9fb7abfac6ce01f69791", "336a303772ffa2db341afaa7b40557f9d8c7a32736cb13b9fc13ae1b9d13bdee", "4b0bd0dde73c84997a8421ebf0dd74ce9dafd6d7d366570bf7a516c5bc3cb4fa", "550c821409c3bc9b07552887050f73bdc2c4ee233caddd02966d6253acba38bc", "61ca67775b8fc5cdc5c29c93a58f7512c968a0d86dcd39bd5fcd90721f7ba28c", "783104d529b570eb73f9bc076c34c5ce762350481b1d402a70682a2e5a5a8289", "7bc6edc2bbefcda6773e9971aca8737157b052155ca1b2fa3fb2f77e0c66da78", "7bfd263a852f1ab102a73d13d291322ca36dc183093a713b07444fa93505439c", "7eef302158941c1bb82f0c4e04c2fd0e00c2c4cb3a726ddcfb44dbf928184a60", "800b61f1ab3fb1ec621d010899c02dc385ff7aaeae1917156177d4b62542a80a", "8c1b70702257d0bb944164fb0d1dd632052f97b372158eb8345886ebfee25e2f", "8f3a4f0679fb402e18f36fbf1ca9af09c3ba1065867aa3d66c833e71e5096a68", "9ffccfa726c8f8dc8d5a907489613330c3835b8f72b526880edfe45c39701c32", "a3bf9835a71f576caecdee29e6a88eda042df5329f14eeb9bf1ab0efe4e384c6", "bbf195d48481ce62a1d2365dc61f7659dfe954fcd2632c4fee8e62658955e847", "bdc1cccd3799eef17fa58cabdee058b21633c275e78e79cf3ceddd744df9186f", "c295e1b17806f7c4fa05969f3d35774e47b728be43efb9d88a6fcfb0d5738adc", "cc1aa7098b94c80c1cbed4629cfaa0ae0f782521d090bc294a2710b92db322a7", "cef4bbf70da8f02d496dcd38a64e5a08aaa92561c7df6319efb1e86701257369", "e03728e63ab6fcdf97ce09d26804de5dd939463d73659dcd9fa882dd2e940df0"], "name": "Global\\MicrosoftSysenterGate7"}, {"hashes": ["00a9f6bb07a133aff93fa5dfd009477e886e2da2fd0a6d41b19deb29e737c950", "06557ec3ed23a8540bbdf30feac70d64fdf50197ed543655bc86d9dc4ae40ca3", "150cd980f70b0ac30026ddc11726030e437e8d99f30526190d4647680ccdd8fa", "220c7b4e4ef91905ceab6f77684a404e73721eb23f32ffd650718ca9ddbfd219", "29fcea73b54b4a26583411eafc5ce2903b75111f530d9fb7abfac6ce01f69791", "336a303772ffa2db341afaa7b40557f9d8c7a32736cb13b9fc13ae1b9d13bdee", "4b0bd0dde73c84997a8421ebf0dd74ce9dafd6d7d366570bf7a516c5bc3cb4fa", "550c821409c3bc9b07552887050f73bdc2c4ee233caddd02966d6253acba38bc", "61ca67775b8fc5cdc5c29c93a58f7512c968a0d86dcd39bd5fcd90721f7ba28c", "783104d529b570eb73f9bc076c34c5ce762350481b1d402a70682a2e5a5a8289", "7bc6edc2bbefcda6773e9971aca8737157b052155ca1b2fa3fb2f77e0c66da78", "7bfd263a852f1ab102a73d13d291322ca36dc183093a713b07444fa93505439c", "7eef302158941c1bb82f0c4e04c2fd0e00c2c4cb3a726ddcfb44dbf928184a60", "800b61f1ab3fb1ec621d010899c02dc385ff7aaeae1917156177d4b62542a80a", "8c1b70702257d0bb944164fb0d1dd632052f97b372158eb8345886ebfee25e2f", "8f3a4f0679fb402e18f36fbf1ca9af09c3ba1065867aa3d66c833e71e5096a68", "9ffccfa726c8f8dc8d5a907489613330c3835b8f72b526880edfe45c39701c32", "a3bf9835a71f576caecdee29e6a88eda042df5329f14eeb9bf1ab0efe4e384c6", "bbf195d48481ce62a1d2365dc61f7659dfe954fcd2632c4fee8e62658955e847", "bdc1cccd3799eef17fa58cabdee058b21633c275e78e79cf3ceddd744df9186f", "c295e1b17806f7c4fa05969f3d35774e47b728be43efb9d88a6fcfb0d5738adc", "cc1aa7098b94c80c1cbed4629cfaa0ae0f782521d090bc294a2710b92db322a7", "cef4bbf70da8f02d496dcd38a64e5a08aaa92561c7df6319efb1e86701257369", "e03728e63ab6fcdf97ce09d26804de5dd939463d73659dcd9fa882dd2e940df0"], "name": "internal_wutex_0x000004b4"}, {"hashes": ["00a9f6bb07a133aff93fa5dfd009477e886e2da2fd0a6d41b19deb29e737c950", "06557ec3ed23a8540bbdf30feac70d64fdf50197ed543655bc86d9dc4ae40ca3", "150cd980f70b0ac30026ddc11726030e437e8d99f30526190d4647680ccdd8fa", "220c7b4e4ef91905ceab6f77684a404e73721eb23f32ffd650718ca9ddbfd219", "29fcea73b54b4a26583411eafc5ce2903b75111f530d9fb7abfac6ce01f69791", "336a303772ffa2db341afaa7b40557f9d8c7a32736cb13b9fc13ae1b9d13bdee", "4b0bd0dde73c84997a8421ebf0dd74ce9dafd6d7d366570bf7a516c5bc3cb4fa", "550c821409c3bc9b07552887050f73bdc2c4ee233caddd02966d6253acba38bc", "61ca67775b8fc5cdc5c29c93a58f7512c968a0d86dcd39bd5fcd90721f7ba28c", "783104d529b570eb73f9bc076c34c5ce762350481b1d402a70682a2e5a5a8289", "7bc6edc2bbefcda6773e9971aca8737157b052155ca1b2fa3fb2f77e0c66da78", "7bfd263a852f1ab102a73d13d291322ca36dc183093a713b07444fa93505439c", "7eef302158941c1bb82f0c4e04c2fd0e00c2c4cb3a726ddcfb44dbf928184a60", "800b61f1ab3fb1ec621d010899c02dc385ff7aaeae1917156177d4b62542a80a", "8c1b70702257d0bb944164fb0d1dd632052f97b372158eb8345886ebfee25e2f", "8f3a4f0679fb402e18f36fbf1ca9af09c3ba1065867aa3d66c833e71e5096a68", "9ffccfa726c8f8dc8d5a907489613330c3835b8f72b526880edfe45c39701c32", "a3bf9835a71f576caecdee29e6a88eda042df5329f14eeb9bf1ab0efe4e384c6", "bbf195d48481ce62a1d2365dc61f7659dfe954fcd2632c4fee8e62658955e847", "bdc1cccd3799eef17fa58cabdee058b21633c275e78e79cf3ceddd744df9186f", "c295e1b17806f7c4fa05969f3d35774e47b728be43efb9d88a6fcfb0d5738adc", "cc1aa7098b94c80c1cbed4629cfaa0ae0f782521d090bc294a2710b92db322a7", "cef4bbf70da8f02d496dcd38a64e5a08aaa92561c7df6319efb1e86701257369", "e03728e63ab6fcdf97ce09d26804de5dd939463d73659dcd9fa882dd2e940df0"], "name": "internal_wutex_0x0000043c"}, {"hashes": ["00a9f6bb07a133aff93fa5dfd009477e886e2da2fd0a6d41b19deb29e737c950", "06557ec3ed23a8540bbdf30feac70d64fdf50197ed543655bc86d9dc4ae40ca3", "150cd980f70b0ac30026ddc11726030e437e8d99f30526190d4647680ccdd8fa", "220c7b4e4ef91905ceab6f77684a404e73721eb23f32ffd650718ca9ddbfd219", "29fcea73b54b4a26583411eafc5ce2903b75111f530d9fb7abfac6ce01f69791", "336a303772ffa2db341afaa7b40557f9d8c7a32736cb13b9fc13ae1b9d13bdee", "4b0bd0dde73c84997a8421ebf0dd74ce9dafd6d7d366570bf7a516c5bc3cb4fa", "550c821409c3bc9b07552887050f73bdc2c4ee233caddd02966d6253acba38bc", "61ca67775b8fc5cdc5c29c93a58f7512c968a0d86dcd39bd5fcd90721f7ba28c", "783104d529b570eb73f9bc076c34c5ce762350481b1d402a70682a2e5a5a8289", "7bc6edc2bbefcda6773e9971aca8737157b052155ca1b2fa3fb2f77e0c66da78", "7bfd263a852f1ab102a73d13d291322ca36dc183093a713b07444fa93505439c", "7eef302158941c1bb82f0c4e04c2fd0e00c2c4cb3a726ddcfb44dbf928184a60", "800b61f1ab3fb1ec621d010899c02dc385ff7aaeae1917156177d4b62542a80a", "8c1b70702257d0bb944164fb0d1dd632052f97b372158eb8345886ebfee25e2f", "8f3a4f0679fb402e18f36fbf1ca9af09c3ba1065867aa3d66c833e71e5096a68", "9ffccfa726c8f8dc8d5a907489613330c3835b8f72b526880edfe45c39701c32", "a3bf9835a71f576caecdee29e6a88eda042df5329f14eeb9bf1ab0efe4e384c6", "bbf195d48481ce62a1d2365dc61f7659dfe954fcd2632c4fee8e62658955e847", "bdc1cccd3799eef17fa58cabdee058b21633c275e78e79cf3ceddd744df9186f", "c295e1b17806f7c4fa05969f3d35774e47b728be43efb9d88a6fcfb0d5738adc", "cc1aa7098b94c80c1cbed4629cfaa0ae0f782521d090bc294a2710b92db322a7", "cef4bbf70da8f02d496dcd38a64e5a08aaa92561c7df6319efb1e86701257369", "e03728e63ab6fcdf97ce09d26804de5dd939463d73659dcd9fa882dd2e940df0"], "name": "internal_wutex_0x000004dc"}, {"hashes": ["00a9f6bb07a133aff93fa5dfd009477e886e2da2fd0a6d41b19deb29e737c950", "06557ec3ed23a8540bbdf30feac70d64fdf50197ed543655bc86d9dc4ae40ca3", "150cd980f70b0ac30026ddc11726030e437e8d99f30526190d4647680ccdd8fa", "220c7b4e4ef91905ceab6f77684a404e73721eb23f32ffd650718ca9ddbfd219", "29fcea73b54b4a26583411eafc5ce2903b75111f530d9fb7abfac6ce01f69791", "336a303772ffa2db341afaa7b40557f9d8c7a32736cb13b9fc13ae1b9d13bdee", "4b0bd0dde73c84997a8421ebf0dd74ce9dafd6d7d366570bf7a516c5bc3cb4fa", "550c821409c3bc9b07552887050f73bdc2c4ee233caddd02966d6253acba38bc", "61ca67775b8fc5cdc5c29c93a58f7512c968a0d86dcd39bd5fcd90721f7ba28c", "783104d529b570eb73f9bc076c34c5ce762350481b1d402a70682a2e5a5a8289", "7bc6edc2bbefcda6773e9971aca8737157b052155ca1b2fa3fb2f77e0c66da78", "7bfd263a852f1ab102a73d13d291322ca36dc183093a713b07444fa93505439c", "7eef302158941c1bb82f0c4e04c2fd0e00c2c4cb3a726ddcfb44dbf928184a60", "800b61f1ab3fb1ec621d010899c02dc385ff7aaeae1917156177d4b62542a80a", "8c1b70702257d0bb944164fb0d1dd632052f97b372158eb8345886ebfee25e2f", "8f3a4f0679fb402e18f36fbf1ca9af09c3ba1065867aa3d66c833e71e5096a68", "9ffccfa726c8f8dc8d5a907489613330c3835b8f72b526880edfe45c39701c32", "a3bf9835a71f576caecdee29e6a88eda042df5329f14eeb9bf1ab0efe4e384c6", "bbf195d48481ce62a1d2365dc61f7659dfe954fcd2632c4fee8e62658955e847", "bdc1cccd3799eef17fa58cabdee058b21633c275e78e79cf3ceddd744df9186f", "c295e1b17806f7c4fa05969f3d35774e47b728be43efb9d88a6fcfb0d5738adc", "cc1aa7098b94c80c1cbed4629cfaa0ae0f782521d090bc294a2710b92db322a7", "cef4bbf70da8f02d496dcd38a64e5a08aaa92561c7df6319efb1e86701257369", "e03728e63ab6fcdf97ce09d26804de5dd939463d73659dcd9fa882dd2e940df0"], "name": "internal_wutex_0x<random, matching [0-9a-f]{8}>"}], "registry": [{"hashes": ["00a9f6bb07a133aff93fa5dfd009477e886e2da2fd0a6d41b19deb29e737c950", "06557ec3ed23a8540bbdf30feac70d64fdf50197ed543655bc86d9dc4ae40ca3", "150cd980f70b0ac30026ddc11726030e437e8d99f30526190d4647680ccdd8fa", "220c7b4e4ef91905ceab6f77684a404e73721eb23f32ffd650718ca9ddbfd219", "29fcea73b54b4a26583411eafc5ce2903b75111f530d9fb7abfac6ce01f69791", "336a303772ffa2db341afaa7b40557f9d8c7a32736cb13b9fc13ae1b9d13bdee", "4b0bd0dde73c84997a8421ebf0dd74ce9dafd6d7d366570bf7a516c5bc3cb4fa", "550c821409c3bc9b07552887050f73bdc2c4ee233caddd02966d6253acba38bc", "61ca67775b8fc5cdc5c29c93a58f7512c968a0d86dcd39bd5fcd90721f7ba28c", "783104d529b570eb73f9bc076c34c5ce762350481b1d402a70682a2e5a5a8289", "7bc6edc2bbefcda6773e9971aca8737157b052155ca1b2fa3fb2f77e0c66da78", "7bfd263a852f1ab102a73d13d291322ca36dc183093a713b07444fa93505439c", "7eef302158941c1bb82f0c4e04c2fd0e00c2c4cb3a726ddcfb44dbf928184a60", "800b61f1ab3fb1ec621d010899c02dc385ff7aaeae1917156177d4b62542a80a", "8c1b70702257d0bb944164fb0d1dd632052f97b372158eb8345886ebfee25e2f", "8f3a4f0679fb402e18f36fbf1ca9af09c3ba1065867aa3d66c833e71e5096a68", "9ffccfa726c8f8dc8d5a907489613330c3835b8f72b526880edfe45c39701c32", "a3bf9835a71f576caecdee29e6a88eda042df5329f14eeb9bf1ab0efe4e384c6", "bbf195d48481ce62a1d2365dc61f7659dfe954fcd2632c4fee8e62658955e847", "bdc1cccd3799eef17fa58cabdee058b21633c275e78e79cf3ceddd744df9186f", "c295e1b17806f7c4fa05969f3d35774e47b728be43efb9d88a6fcfb0d5738adc", "cc1aa7098b94c80c1cbed4629cfaa0ae0f782521d090bc294a2710b92db322a7", "cef4bbf70da8f02d496dcd38a64e5a08aaa92561c7df6319efb1e86701257369", "e03728e63ab6fcdf97ce09d26804de5dd939463d73659dcd9fa882dd2e940df0"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT", "value_name": "67497551a"}, {"hashes": ["00a9f6bb07a133aff93fa5dfd009477e886e2da2fd0a6d41b19deb29e737c950", "06557ec3ed23a8540bbdf30feac70d64fdf50197ed543655bc86d9dc4ae40ca3", "150cd980f70b0ac30026ddc11726030e437e8d99f30526190d4647680ccdd8fa", "220c7b4e4ef91905ceab6f77684a404e73721eb23f32ffd650718ca9ddbfd219", "29fcea73b54b4a26583411eafc5ce2903b75111f530d9fb7abfac6ce01f69791", "336a303772ffa2db341afaa7b40557f9d8c7a32736cb13b9fc13ae1b9d13bdee", "4b0bd0dde73c84997a8421ebf0dd74ce9dafd6d7d366570bf7a516c5bc3cb4fa", "550c821409c3bc9b07552887050f73bdc2c4ee233caddd02966d6253acba38bc", "61ca67775b8fc5cdc5c29c93a58f7512c968a0d86dcd39bd5fcd90721f7ba28c", "783104d529b570eb73f9bc076c34c5ce762350481b1d402a70682a2e5a5a8289", "7bc6edc2bbefcda6773e9971aca8737157b052155ca1b2fa3fb2f77e0c66da78", "7bfd263a852f1ab102a73d13d291322ca36dc183093a713b07444fa93505439c", "7eef302158941c1bb82f0c4e04c2fd0e00c2c4cb3a726ddcfb44dbf928184a60", "800b61f1ab3fb1ec621d010899c02dc385ff7aaeae1917156177d4b62542a80a", "8c1b70702257d0bb944164fb0d1dd632052f97b372158eb8345886ebfee25e2f", "8f3a4f0679fb402e18f36fbf1ca9af09c3ba1065867aa3d66c833e71e5096a68", "9ffccfa726c8f8dc8d5a907489613330c3835b8f72b526880edfe45c39701c32", "a3bf9835a71f576caecdee29e6a88eda042df5329f14eeb9bf1ab0efe4e384c6", "bbf195d48481ce62a1d2365dc61f7659dfe954fcd2632c4fee8e62658955e847", "bdc1cccd3799eef17fa58cabdee058b21633c275e78e79cf3ceddd744df9186f", "c295e1b17806f7c4fa05969f3d35774e47b728be43efb9d88a6fcfb0d5738adc", "cc1aa7098b94c80c1cbed4629cfaa0ae0f782521d090bc294a2710b92db322a7", "cef4bbf70da8f02d496dcd38a64e5a08aaa92561c7df6319efb1e86701257369", "e03728e63ab6fcdf97ce09d26804de5dd939463d73659dcd9fa882dd2e940df0"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINLOGON", "value_name": "98b68e3c"}, {"hashes": ["00a9f6bb07a133aff93fa5dfd009477e886e2da2fd0a6d41b19deb29e737c950", "06557ec3ed23a8540bbdf30feac70d64fdf50197ed543655bc86d9dc4ae40ca3", "150cd980f70b0ac30026ddc11726030e437e8d99f30526190d4647680ccdd8fa", "220c7b4e4ef91905ceab6f77684a404e73721eb23f32ffd650718ca9ddbfd219", "29fcea73b54b4a26583411eafc5ce2903b75111f530d9fb7abfac6ce01f69791", "336a303772ffa2db341afaa7b40557f9d8c7a32736cb13b9fc13ae1b9d13bdee", "4b0bd0dde73c84997a8421ebf0dd74ce9dafd6d7d366570bf7a516c5bc3cb4fa", "550c821409c3bc9b07552887050f73bdc2c4ee233caddd02966d6253acba38bc", "61ca67775b8fc5cdc5c29c93a58f7512c968a0d86dcd39bd5fcd90721f7ba28c", "783104d529b570eb73f9bc076c34c5ce762350481b1d402a70682a2e5a5a8289", "7bc6edc2bbefcda6773e9971aca8737157b052155ca1b2fa3fb2f77e0c66da78", "7bfd263a852f1ab102a73d13d291322ca36dc183093a713b07444fa93505439c", "7eef302158941c1bb82f0c4e04c2fd0e00c2c4cb3a726ddcfb44dbf928184a60", "800b61f1ab3fb1ec621d010899c02dc385ff7aaeae1917156177d4b62542a80a", "8c1b70702257d0bb944164fb0d1dd632052f97b372158eb8345886ebfee25e2f", "8f3a4f0679fb402e18f36fbf1ca9af09c3ba1065867aa3d66c833e71e5096a68", "9ffccfa726c8f8dc8d5a907489613330c3835b8f72b526880edfe45c39701c32", "a3bf9835a71f576caecdee29e6a88eda042df5329f14eeb9bf1ab0efe4e384c6", "bbf195d48481ce62a1d2365dc61f7659dfe954fcd2632c4fee8e62658955e847", "bdc1cccd3799eef17fa58cabdee058b21633c275e78e79cf3ceddd744df9186f", "c295e1b17806f7c4fa05969f3d35774e47b728be43efb9d88a6fcfb0d5738adc", "cc1aa7098b94c80c1cbed4629cfaa0ae0f782521d090bc294a2710b92db322a7", "cef4bbf70da8f02d496dcd38a64e5a08aaa92561c7df6319efb1e86701257369", "e03728e63ab6fcdf97ce09d26804de5dd939463d73659dcd9fa882dd2e940df0"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINLOGON", "value_name": "userinit"}, {"hashes": ["00a9f6bb07a133aff93fa5dfd009477e886e2da2fd0a6d41b19deb29e737c950", "06557ec3ed23a8540bbdf30feac70d64fdf50197ed543655bc86d9dc4ae40ca3", "150cd980f70b0ac30026ddc11726030e437e8d99f30526190d4647680ccdd8fa", "220c7b4e4ef91905ceab6f77684a404e73721eb23f32ffd650718ca9ddbfd219", "29fcea73b54b4a26583411eafc5ce2903b75111f530d9fb7abfac6ce01f69791", "336a303772ffa2db341afaa7b40557f9d8c7a32736cb13b9fc13ae1b9d13bdee", "4b0bd0dde73c84997a8421ebf0dd74ce9dafd6d7d366570bf7a516c5bc3cb4fa", "550c821409c3bc9b07552887050f73bdc2c4ee233caddd02966d6253acba38bc", "61ca67775b8fc5cdc5c29c93a58f7512c968a0d86dcd39bd5fcd90721f7ba28c", "783104d529b570eb73f9bc076c34c5ce762350481b1d402a70682a2e5a5a8289", "7bc6edc2bbefcda6773e9971aca8737157b052155ca1b2fa3fb2f77e0c66da78", "7bfd263a852f1ab102a73d13d291322ca36dc183093a713b07444fa93505439c", "7eef302158941c1bb82f0c4e04c2fd0e00c2c4cb3a726ddcfb44dbf928184a60", "800b61f1ab3fb1ec621d010899c02dc385ff7aaeae1917156177d4b62542a80a", "8c1b70702257d0bb944164fb0d1dd632052f97b372158eb8345886ebfee25e2f", "8f3a4f0679fb402e18f36fbf1ca9af09c3ba1065867aa3d66c833e71e5096a68", "9ffccfa726c8f8dc8d5a907489613330c3835b8f72b526880edfe45c39701c32", "a3bf9835a71f576caecdee29e6a88eda042df5329f14eeb9bf1ab0efe4e384c6", "bbf195d48481ce62a1d2365dc61f7659dfe954fcd2632c4fee8e62658955e847", "bdc1cccd3799eef17fa58cabdee058b21633c275e78e79cf3ceddd744df9186f", "c295e1b17806f7c4fa05969f3d35774e47b728be43efb9d88a6fcfb0d5738adc", "cc1aa7098b94c80c1cbed4629cfaa0ae0f782521d090bc294a2710b92db322a7", "cef4bbf70da8f02d496dcd38a64e5a08aaa92561c7df6319efb1e86701257369", "e03728e63ab6fcdf97ce09d26804de5dd939463d73659dcd9fa882dd2e940df0"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINLOGON", "value_name": "System"}, {"hashes": ["00a9f6bb07a133aff93fa5dfd009477e886e2da2fd0a6d41b19deb29e737c950", "06557ec3ed23a8540bbdf30feac70d64fdf50197ed543655bc86d9dc4ae40ca3", "150cd980f70b0ac30026ddc11726030e437e8d99f30526190d4647680ccdd8fa", "220c7b4e4ef91905ceab6f77684a404e73721eb23f32ffd650718ca9ddbfd219", "29fcea73b54b4a26583411eafc5ce2903b75111f530d9fb7abfac6ce01f69791", "336a303772ffa2db341afaa7b40557f9d8c7a32736cb13b9fc13ae1b9d13bdee", "4b0bd0dde73c84997a8421ebf0dd74ce9dafd6d7d366570bf7a516c5bc3cb4fa", "550c821409c3bc9b07552887050f73bdc2c4ee233caddd02966d6253acba38bc", "61ca67775b8fc5cdc5c29c93a58f7512c968a0d86dcd39bd5fcd90721f7ba28c", "783104d529b570eb73f9bc076c34c5ce762350481b1d402a70682a2e5a5a8289", "7bc6edc2bbefcda6773e9971aca8737157b052155ca1b2fa3fb2f77e0c66da78", "7bfd263a852f1ab102a73d13d291322ca36dc183093a713b07444fa93505439c", "7eef302158941c1bb82f0c4e04c2fd0e00c2c4cb3a726ddcfb44dbf928184a60", "800b61f1ab3fb1ec621d010899c02dc385ff7aaeae1917156177d4b62542a80a", "8c1b70702257d0bb944164fb0d1dd632052f97b372158eb8345886ebfee25e2f", "8f3a4f0679fb402e18f36fbf1ca9af09c3ba1065867aa3d66c833e71e5096a68", "9ffccfa726c8f8dc8d5a907489613330c3835b8f72b526880edfe45c39701c32", "a3bf9835a71f576caecdee29e6a88eda042df5329f14eeb9bf1ab0efe4e384c6", "bbf195d48481ce62a1d2365dc61f7659dfe954fcd2632c4fee8e62658955e847", "bdc1cccd3799eef17fa58cabdee058b21633c275e78e79cf3ceddd744df9186f", "c295e1b17806f7c4fa05969f3d35774e47b728be43efb9d88a6fcfb0d5738adc", "cc1aa7098b94c80c1cbed4629cfaa0ae0f782521d090bc294a2710b92db322a7", "cef4bbf70da8f02d496dcd38a64e5a08aaa92561c7df6319efb1e86701257369", "e03728e63ab6fcdf97ce09d26804de5dd939463d73659dcd9fa882dd2e940df0"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS", "value_name": "load"}, {"hashes": ["00a9f6bb07a133aff93fa5dfd009477e886e2da2fd0a6d41b19deb29e737c950", "06557ec3ed23a8540bbdf30feac70d64fdf50197ed543655bc86d9dc4ae40ca3", "150cd980f70b0ac30026ddc11726030e437e8d99f30526190d4647680ccdd8fa", "220c7b4e4ef91905ceab6f77684a404e73721eb23f32ffd650718ca9ddbfd219", "29fcea73b54b4a26583411eafc5ce2903b75111f530d9fb7abfac6ce01f69791", "336a303772ffa2db341afaa7b40557f9d8c7a32736cb13b9fc13ae1b9d13bdee", "4b0bd0dde73c84997a8421ebf0dd74ce9dafd6d7d366570bf7a516c5bc3cb4fa", "550c821409c3bc9b07552887050f73bdc2c4ee233caddd02966d6253acba38bc", "61ca67775b8fc5cdc5c29c93a58f7512c968a0d86dcd39bd5fcd90721f7ba28c", "783104d529b570eb73f9bc076c34c5ce762350481b1d402a70682a2e5a5a8289", "7bc6edc2bbefcda6773e9971aca8737157b052155ca1b2fa3fb2f77e0c66da78", "7bfd263a852f1ab102a73d13d291322ca36dc183093a713b07444fa93505439c", "7eef302158941c1bb82f0c4e04c2fd0e00c2c4cb3a726ddcfb44dbf928184a60", "800b61f1ab3fb1ec621d010899c02dc385ff7aaeae1917156177d4b62542a80a", "8c1b70702257d0bb944164fb0d1dd632052f97b372158eb8345886ebfee25e2f", "8f3a4f0679fb402e18f36fbf1ca9af09c3ba1065867aa3d66c833e71e5096a68", "9ffccfa726c8f8dc8d5a907489613330c3835b8f72b526880edfe45c39701c32", "a3bf9835a71f576caecdee29e6a88eda042df5329f14eeb9bf1ab0efe4e384c6", "bbf195d48481ce62a1d2365dc61f7659dfe954fcd2632c4fee8e62658955e847", "bdc1cccd3799eef17fa58cabdee058b21633c275e78e79cf3ceddd744df9186f", "c295e1b17806f7c4fa05969f3d35774e47b728be43efb9d88a6fcfb0d5738adc", "cc1aa7098b94c80c1cbed4629cfaa0ae0f782521d090bc294a2710b92db322a7", "cef4bbf70da8f02d496dcd38a64e5a08aaa92561c7df6319efb1e86701257369", "e03728e63ab6fcdf97ce09d26804de5dd939463d73659dcd9fa882dd2e940df0"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS", "value_name": "run"}, {"hashes": ["00a9f6bb07a133aff93fa5dfd009477e886e2da2fd0a6d41b19deb29e737c950", "06557ec3ed23a8540bbdf30feac70d64fdf50197ed543655bc86d9dc4ae40ca3", "150cd980f70b0ac30026ddc11726030e437e8d99f30526190d4647680ccdd8fa", "220c7b4e4ef91905ceab6f77684a404e73721eb23f32ffd650718ca9ddbfd219", "29fcea73b54b4a26583411eafc5ce2903b75111f530d9fb7abfac6ce01f69791", "336a303772ffa2db341afaa7b40557f9d8c7a32736cb13b9fc13ae1b9d13bdee", "4b0bd0dde73c84997a8421ebf0dd74ce9dafd6d7d366570bf7a516c5bc3cb4fa", "550c821409c3bc9b07552887050f73bdc2c4ee233caddd02966d6253acba38bc", "61ca67775b8fc5cdc5c29c93a58f7512c968a0d86dcd39bd5fcd90721f7ba28c", "783104d529b570eb73f9bc076c34c5ce762350481b1d402a70682a2e5a5a8289", "7bc6edc2bbefcda6773e9971aca8737157b052155ca1b2fa3fb2f77e0c66da78", "7bfd263a852f1ab102a73d13d291322ca36dc183093a713b07444fa93505439c", "7eef302158941c1bb82f0c4e04c2fd0e00c2c4cb3a726ddcfb44dbf928184a60", "800b61f1ab3fb1ec621d010899c02dc385ff7aaeae1917156177d4b62542a80a", "8c1b70702257d0bb944164fb0d1dd632052f97b372158eb8345886ebfee25e2f", "8f3a4f0679fb402e18f36fbf1ca9af09c3ba1065867aa3d66c833e71e5096a68", "9ffccfa726c8f8dc8d5a907489613330c3835b8f72b526880edfe45c39701c32", "a3bf9835a71f576caecdee29e6a88eda042df5329f14eeb9bf1ab0efe4e384c6", "bbf195d48481ce62a1d2365dc61f7659dfe954fcd2632c4fee8e62658955e847", "bdc1cccd3799eef17fa58cabdee058b21633c275e78e79cf3ceddd744df9186f", "c295e1b17806f7c4fa05969f3d35774e47b728be43efb9d88a6fcfb0d5738adc", "cc1aa7098b94c80c1cbed4629cfaa0ae0f782521d090bc294a2710b92db322a7", "cef4bbf70da8f02d496dcd38a64e5a08aaa92561c7df6319efb1e86701257369", "e03728e63ab6fcdf97ce09d26804de5dd939463d73659dcd9fa882dd2e940df0"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "userinit"}]}, "reports_count": 25}, "Win.Dropper.TrickBot-9982207-0": {"bis": [{"bi": "pe-encrypted-section", "hashes": ["3fd4e4bc06b0c735ecb690e317fd0954b0b9011e6e32980e04af7611b938ec2c", "2ea0fc4ce00afe714122a10fb44e4f8115724e56c88654b2c0bd0dd952db6b1a", "25e7e21526add1508c644c31cbbffd221068779ed6fb1bae751a9a70c6133fd3", "723bc475c228b18acec71d248f9b79b189fa8a84d6685ea5b4b42cba55a7c9ab", "0b6a83489612fbac0c8031c717c2ef806d1ab504ee882a4e83700bd277684eca", "010f84deb5e78bad41895e882203db172819778c5dfd28c26eb079e8be50d77f", "5685ddcb62cd05ed44dd16b1e9004f1c63a5cd8965ccd19089a4fda044a48e81", "b29afa8695161d81edf54df2f6c36c02bb81fdd109f0000b106cbafe4bcd27a5", "a3c04866cc1b9024efa30842042f2e50337a6cdb7a77776784ad25e322cf93d7", "4038edea39f0d2c4155b1917759beca2f9fc8150a48d7e06a1b3e7b9b72652ae", "5945310e811930231bf36f6d6d34af46bef97aa4d23e6adc1911772f7b0f8299", "41892f3328b48749726630a3e75ee0addd7e41060beefcfc9d81d3bfc3ab55fd", "06dd24c4205cce7274c8b332e34abdc1cf6064d21bca8fc4407cd6cf075cfd09", "6f5394ad933af9c28c7eefc6c62eead20d8e3ecf5ebe40b10d81f74d96d1dfe1", "25473161969a5ce442ced0c778e677792b07fa68fe500734f7fccab735dfc6ac", "6f48cb7449083ebf82b8507d3d32f30fe8d76f329babe728d8bc94628a878981", "25f2be22535798e48ea2b92c08da3e62f15569f1f67bc45889d7dc403a2c5bf8", "87ff71bee735095c209afefc60cda504cc77acc50fc4ba31d756c9ea4c853a89", "a55543ec1b6966095c16d18874123733518b24859d943412b346bb1c1bc2aa45", "2d3ae3b2189a6ad6436f046c4dc4e30509132e0a0ae08175a2299105f26277ca", "380b798da49861cb0cb551a7b945f8db7e3893402c2423b6f9ebac784c79abf6", "aceca08c357c2da59b3a311c8b3199ac1d7d903c03c14b6f35f84d77b76c4764", "63ca73da5b67e40b82967d71e3b07aed7a17de020d0a009ff5838cdef5955c0d", "3a65beafd1115dd9343e3204fe9b53dde7e76d269804ddfcc95d6b379c9a081b", "529883d5b3a9935f3863fcf277ed10086645b2c94e0363276358cd2af9dc5dc1"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "memory-execute-readwrite", "hashes": ["3fd4e4bc06b0c735ecb690e317fd0954b0b9011e6e32980e04af7611b938ec2c", "2ea0fc4ce00afe714122a10fb44e4f8115724e56c88654b2c0bd0dd952db6b1a", "25e7e21526add1508c644c31cbbffd221068779ed6fb1bae751a9a70c6133fd3", "723bc475c228b18acec71d248f9b79b189fa8a84d6685ea5b4b42cba55a7c9ab", "0b6a83489612fbac0c8031c717c2ef806d1ab504ee882a4e83700bd277684eca", "010f84deb5e78bad41895e882203db172819778c5dfd28c26eb079e8be50d77f", "5685ddcb62cd05ed44dd16b1e9004f1c63a5cd8965ccd19089a4fda044a48e81", "b29afa8695161d81edf54df2f6c36c02bb81fdd109f0000b106cbafe4bcd27a5", "a3c04866cc1b9024efa30842042f2e50337a6cdb7a77776784ad25e322cf93d7", "4038edea39f0d2c4155b1917759beca2f9fc8150a48d7e06a1b3e7b9b72652ae", "5945310e811930231bf36f6d6d34af46bef97aa4d23e6adc1911772f7b0f8299", "41892f3328b48749726630a3e75ee0addd7e41060beefcfc9d81d3bfc3ab55fd", "06dd24c4205cce7274c8b332e34abdc1cf6064d21bca8fc4407cd6cf075cfd09", "6f5394ad933af9c28c7eefc6c62eead20d8e3ecf5ebe40b10d81f74d96d1dfe1", "25473161969a5ce442ced0c778e677792b07fa68fe500734f7fccab735dfc6ac", "6f48cb7449083ebf82b8507d3d32f30fe8d76f329babe728d8bc94628a878981", "25f2be22535798e48ea2b92c08da3e62f15569f1f67bc45889d7dc403a2c5bf8", "87ff71bee735095c209afefc60cda504cc77acc50fc4ba31d756c9ea4c853a89", "a55543ec1b6966095c16d18874123733518b24859d943412b346bb1c1bc2aa45", "2d3ae3b2189a6ad6436f046c4dc4e30509132e0a0ae08175a2299105f26277ca", "380b798da49861cb0cb551a7b945f8db7e3893402c2423b6f9ebac784c79abf6", "aceca08c357c2da59b3a311c8b3199ac1d7d903c03c14b6f35f84d77b76c4764", "63ca73da5b67e40b82967d71e3b07aed7a17de020d0a009ff5838cdef5955c0d", "3a65beafd1115dd9343e3204fe9b53dde7e76d269804ddfcc95d6b379c9a081b", "529883d5b3a9935f3863fcf277ed10086645b2c94e0363276358cd2af9dc5dc1"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "modified-executable", "hashes": ["3fd4e4bc06b0c735ecb690e317fd0954b0b9011e6e32980e04af7611b938ec2c", "2ea0fc4ce00afe714122a10fb44e4f8115724e56c88654b2c0bd0dd952db6b1a", "25e7e21526add1508c644c31cbbffd221068779ed6fb1bae751a9a70c6133fd3", "723bc475c228b18acec71d248f9b79b189fa8a84d6685ea5b4b42cba55a7c9ab", "0b6a83489612fbac0c8031c717c2ef806d1ab504ee882a4e83700bd277684eca", "010f84deb5e78bad41895e882203db172819778c5dfd28c26eb079e8be50d77f", "5685ddcb62cd05ed44dd16b1e9004f1c63a5cd8965ccd19089a4fda044a48e81", "b29afa8695161d81edf54df2f6c36c02bb81fdd109f0000b106cbafe4bcd27a5", "a3c04866cc1b9024efa30842042f2e50337a6cdb7a77776784ad25e322cf93d7", "4038edea39f0d2c4155b1917759beca2f9fc8150a48d7e06a1b3e7b9b72652ae", "5945310e811930231bf36f6d6d34af46bef97aa4d23e6adc1911772f7b0f8299", "41892f3328b48749726630a3e75ee0addd7e41060beefcfc9d81d3bfc3ab55fd", "06dd24c4205cce7274c8b332e34abdc1cf6064d21bca8fc4407cd6cf075cfd09", "6f5394ad933af9c28c7eefc6c62eead20d8e3ecf5ebe40b10d81f74d96d1dfe1", "25473161969a5ce442ced0c778e677792b07fa68fe500734f7fccab735dfc6ac", "6f48cb7449083ebf82b8507d3d32f30fe8d76f329babe728d8bc94628a878981", "25f2be22535798e48ea2b92c08da3e62f15569f1f67bc45889d7dc403a2c5bf8", "87ff71bee735095c209afefc60cda504cc77acc50fc4ba31d756c9ea4c853a89", "a55543ec1b6966095c16d18874123733518b24859d943412b346bb1c1bc2aa45", "2d3ae3b2189a6ad6436f046c4dc4e30509132e0a0ae08175a2299105f26277ca", "380b798da49861cb0cb551a7b945f8db7e3893402c2423b6f9ebac784c79abf6", "aceca08c357c2da59b3a311c8b3199ac1d7d903c03c14b6f35f84d77b76c4764", "63ca73da5b67e40b82967d71e3b07aed7a17de020d0a009ff5838cdef5955c0d", "3a65beafd1115dd9343e3204fe9b53dde7e76d269804ddfcc95d6b379c9a081b", "529883d5b3a9935f3863fcf277ed10086645b2c94e0363276358cd2af9dc5dc1"], "mitre_attack_tags": []}, {"bi": "created-executable-in-user-dir", "hashes": ["3fd4e4bc06b0c735ecb690e317fd0954b0b9011e6e32980e04af7611b938ec2c", "2ea0fc4ce00afe714122a10fb44e4f8115724e56c88654b2c0bd0dd952db6b1a", "25e7e21526add1508c644c31cbbffd221068779ed6fb1bae751a9a70c6133fd3", "723bc475c228b18acec71d248f9b79b189fa8a84d6685ea5b4b42cba55a7c9ab", "0b6a83489612fbac0c8031c717c2ef806d1ab504ee882a4e83700bd277684eca", "010f84deb5e78bad41895e882203db172819778c5dfd28c26eb079e8be50d77f", "5685ddcb62cd05ed44dd16b1e9004f1c63a5cd8965ccd19089a4fda044a48e81", "b29afa8695161d81edf54df2f6c36c02bb81fdd109f0000b106cbafe4bcd27a5", "a3c04866cc1b9024efa30842042f2e50337a6cdb7a77776784ad25e322cf93d7", "4038edea39f0d2c4155b1917759beca2f9fc8150a48d7e06a1b3e7b9b72652ae", "5945310e811930231bf36f6d6d34af46bef97aa4d23e6adc1911772f7b0f8299", "41892f3328b48749726630a3e75ee0addd7e41060beefcfc9d81d3bfc3ab55fd", "06dd24c4205cce7274c8b332e34abdc1cf6064d21bca8fc4407cd6cf075cfd09", "6f5394ad933af9c28c7eefc6c62eead20d8e3ecf5ebe40b10d81f74d96d1dfe1", "25473161969a5ce442ced0c778e677792b07fa68fe500734f7fccab735dfc6ac", "6f48cb7449083ebf82b8507d3d32f30fe8d76f329babe728d8bc94628a878981", "25f2be22535798e48ea2b92c08da3e62f15569f1f67bc45889d7dc403a2c5bf8", "87ff71bee735095c209afefc60cda504cc77acc50fc4ba31d756c9ea4c853a89", "a55543ec1b6966095c16d18874123733518b24859d943412b346bb1c1bc2aa45", "2d3ae3b2189a6ad6436f046c4dc4e30509132e0a0ae08175a2299105f26277ca", "380b798da49861cb0cb551a7b945f8db7e3893402c2423b6f9ebac784c79abf6", "aceca08c357c2da59b3a311c8b3199ac1d7d903c03c14b6f35f84d77b76c4764", "63ca73da5b67e40b82967d71e3b07aed7a17de020d0a009ff5838cdef5955c0d", "3a65beafd1115dd9343e3204fe9b53dde7e76d269804ddfcc95d6b379c9a081b", "529883d5b3a9935f3863fcf277ed10086645b2c94e0363276358cd2af9dc5dc1"], "mitre_attack_tags": []}, {"bi": "modified-file-in-user-dir", "hashes": ["3fd4e4bc06b0c735ecb690e317fd0954b0b9011e6e32980e04af7611b938ec2c", "2ea0fc4ce00afe714122a10fb44e4f8115724e56c88654b2c0bd0dd952db6b1a", "25e7e21526add1508c644c31cbbffd221068779ed6fb1bae751a9a70c6133fd3", "723bc475c228b18acec71d248f9b79b189fa8a84d6685ea5b4b42cba55a7c9ab", "0b6a83489612fbac0c8031c717c2ef806d1ab504ee882a4e83700bd277684eca", "010f84deb5e78bad41895e882203db172819778c5dfd28c26eb079e8be50d77f", "5685ddcb62cd05ed44dd16b1e9004f1c63a5cd8965ccd19089a4fda044a48e81", "b29afa8695161d81edf54df2f6c36c02bb81fdd109f0000b106cbafe4bcd27a5", "a3c04866cc1b9024efa30842042f2e50337a6cdb7a77776784ad25e322cf93d7", "4038edea39f0d2c4155b1917759beca2f9fc8150a48d7e06a1b3e7b9b72652ae", "5945310e811930231bf36f6d6d34af46bef97aa4d23e6adc1911772f7b0f8299", "41892f3328b48749726630a3e75ee0addd7e41060beefcfc9d81d3bfc3ab55fd", "06dd24c4205cce7274c8b332e34abdc1cf6064d21bca8fc4407cd6cf075cfd09", "6f5394ad933af9c28c7eefc6c62eead20d8e3ecf5ebe40b10d81f74d96d1dfe1", "25473161969a5ce442ced0c778e677792b07fa68fe500734f7fccab735dfc6ac", "6f48cb7449083ebf82b8507d3d32f30fe8d76f329babe728d8bc94628a878981", "25f2be22535798e48ea2b92c08da3e62f15569f1f67bc45889d7dc403a2c5bf8", "87ff71bee735095c209afefc60cda504cc77acc50fc4ba31d756c9ea4c853a89", "a55543ec1b6966095c16d18874123733518b24859d943412b346bb1c1bc2aa45", "2d3ae3b2189a6ad6436f046c4dc4e30509132e0a0ae08175a2299105f26277ca", "380b798da49861cb0cb551a7b945f8db7e3893402c2423b6f9ebac784c79abf6", "aceca08c357c2da59b3a311c8b3199ac1d7d903c03c14b6f35f84d77b76c4764", "63ca73da5b67e40b82967d71e3b07aed7a17de020d0a009ff5838cdef5955c0d", "3a65beafd1115dd9343e3204fe9b53dde7e76d269804ddfcc95d6b379c9a081b", "529883d5b3a9935f3863fcf277ed10086645b2c94e0363276358cd2af9dc5dc1"], "mitre_attack_tags": []}, {"bi": "deleted-submitted-file", "hashes": ["3fd4e4bc06b0c735ecb690e317fd0954b0b9011e6e32980e04af7611b938ec2c", "2ea0fc4ce00afe714122a10fb44e4f8115724e56c88654b2c0bd0dd952db6b1a", "25e7e21526add1508c644c31cbbffd221068779ed6fb1bae751a9a70c6133fd3", "723bc475c228b18acec71d248f9b79b189fa8a84d6685ea5b4b42cba55a7c9ab", "0b6a83489612fbac0c8031c717c2ef806d1ab504ee882a4e83700bd277684eca", "010f84deb5e78bad41895e882203db172819778c5dfd28c26eb079e8be50d77f", "5685ddcb62cd05ed44dd16b1e9004f1c63a5cd8965ccd19089a4fda044a48e81", "b29afa8695161d81edf54df2f6c36c02bb81fdd109f0000b106cbafe4bcd27a5", "a3c04866cc1b9024efa30842042f2e50337a6cdb7a77776784ad25e322cf93d7", "4038edea39f0d2c4155b1917759beca2f9fc8150a48d7e06a1b3e7b9b72652ae", "5945310e811930231bf36f6d6d34af46bef97aa4d23e6adc1911772f7b0f8299", "41892f3328b48749726630a3e75ee0addd7e41060beefcfc9d81d3bfc3ab55fd", "06dd24c4205cce7274c8b332e34abdc1cf6064d21bca8fc4407cd6cf075cfd09", "6f5394ad933af9c28c7eefc6c62eead20d8e3ecf5ebe40b10d81f74d96d1dfe1", "25473161969a5ce442ced0c778e677792b07fa68fe500734f7fccab735dfc6ac", "6f48cb7449083ebf82b8507d3d32f30fe8d76f329babe728d8bc94628a878981", "25f2be22535798e48ea2b92c08da3e62f15569f1f67bc45889d7dc403a2c5bf8", "87ff71bee735095c209afefc60cda504cc77acc50fc4ba31d756c9ea4c853a89", "a55543ec1b6966095c16d18874123733518b24859d943412b346bb1c1bc2aa45", "2d3ae3b2189a6ad6436f046c4dc4e30509132e0a0ae08175a2299105f26277ca", "380b798da49861cb0cb551a7b945f8db7e3893402c2423b6f9ebac784c79abf6", "aceca08c357c2da59b3a311c8b3199ac1d7d903c03c14b6f35f84d77b76c4764", "63ca73da5b67e40b82967d71e3b07aed7a17de020d0a009ff5838cdef5955c0d", "3a65beafd1115dd9343e3204fe9b53dde7e76d269804ddfcc95d6b379c9a081b", "529883d5b3a9935f3863fcf277ed10086645b2c94e0363276358cd2af9dc5dc1"], "mitre_attack_tags": ["TA0005"]}, {"bi": "registry-autorun-key-data-dir", "hashes": ["3fd4e4bc06b0c735ecb690e317fd0954b0b9011e6e32980e04af7611b938ec2c", "2ea0fc4ce00afe714122a10fb44e4f8115724e56c88654b2c0bd0dd952db6b1a", "25e7e21526add1508c644c31cbbffd221068779ed6fb1bae751a9a70c6133fd3", "723bc475c228b18acec71d248f9b79b189fa8a84d6685ea5b4b42cba55a7c9ab", "0b6a83489612fbac0c8031c717c2ef806d1ab504ee882a4e83700bd277684eca", "010f84deb5e78bad41895e882203db172819778c5dfd28c26eb079e8be50d77f", "5685ddcb62cd05ed44dd16b1e9004f1c63a5cd8965ccd19089a4fda044a48e81", "b29afa8695161d81edf54df2f6c36c02bb81fdd109f0000b106cbafe4bcd27a5", "a3c04866cc1b9024efa30842042f2e50337a6cdb7a77776784ad25e322cf93d7", "4038edea39f0d2c4155b1917759beca2f9fc8150a48d7e06a1b3e7b9b72652ae", "5945310e811930231bf36f6d6d34af46bef97aa4d23e6adc1911772f7b0f8299", "41892f3328b48749726630a3e75ee0addd7e41060beefcfc9d81d3bfc3ab55fd", "06dd24c4205cce7274c8b332e34abdc1cf6064d21bca8fc4407cd6cf075cfd09", "6f5394ad933af9c28c7eefc6c62eead20d8e3ecf5ebe40b10d81f74d96d1dfe1", "25473161969a5ce442ced0c778e677792b07fa68fe500734f7fccab735dfc6ac", "6f48cb7449083ebf82b8507d3d32f30fe8d76f329babe728d8bc94628a878981", "25f2be22535798e48ea2b92c08da3e62f15569f1f67bc45889d7dc403a2c5bf8", "87ff71bee735095c209afefc60cda504cc77acc50fc4ba31d756c9ea4c853a89", "a55543ec1b6966095c16d18874123733518b24859d943412b346bb1c1bc2aa45", "2d3ae3b2189a6ad6436f046c4dc4e30509132e0a0ae08175a2299105f26277ca", "380b798da49861cb0cb551a7b945f8db7e3893402c2423b6f9ebac784c79abf6", "aceca08c357c2da59b3a311c8b3199ac1d7d903c03c14b6f35f84d77b76c4764", "63ca73da5b67e40b82967d71e3b07aed7a17de020d0a009ff5838cdef5955c0d", "3a65beafd1115dd9343e3204fe9b53dde7e76d269804ddfcc95d6b379c9a081b", "529883d5b3a9935f3863fcf277ed10086645b2c94e0363276358cd2af9dc5dc1"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "registry-autorun-key-modified", "hashes": ["3fd4e4bc06b0c735ecb690e317fd0954b0b9011e6e32980e04af7611b938ec2c", "2ea0fc4ce00afe714122a10fb44e4f8115724e56c88654b2c0bd0dd952db6b1a", "25e7e21526add1508c644c31cbbffd221068779ed6fb1bae751a9a70c6133fd3", "723bc475c228b18acec71d248f9b79b189fa8a84d6685ea5b4b42cba55a7c9ab", "0b6a83489612fbac0c8031c717c2ef806d1ab504ee882a4e83700bd277684eca", "010f84deb5e78bad41895e882203db172819778c5dfd28c26eb079e8be50d77f", "5685ddcb62cd05ed44dd16b1e9004f1c63a5cd8965ccd19089a4fda044a48e81", "b29afa8695161d81edf54df2f6c36c02bb81fdd109f0000b106cbafe4bcd27a5", "a3c04866cc1b9024efa30842042f2e50337a6cdb7a77776784ad25e322cf93d7", "4038edea39f0d2c4155b1917759beca2f9fc8150a48d7e06a1b3e7b9b72652ae", "5945310e811930231bf36f6d6d34af46bef97aa4d23e6adc1911772f7b0f8299", "41892f3328b48749726630a3e75ee0addd7e41060beefcfc9d81d3bfc3ab55fd", "06dd24c4205cce7274c8b332e34abdc1cf6064d21bca8fc4407cd6cf075cfd09", "6f5394ad933af9c28c7eefc6c62eead20d8e3ecf5ebe40b10d81f74d96d1dfe1", "25473161969a5ce442ced0c778e677792b07fa68fe500734f7fccab735dfc6ac", "6f48cb7449083ebf82b8507d3d32f30fe8d76f329babe728d8bc94628a878981", "25f2be22535798e48ea2b92c08da3e62f15569f1f67bc45889d7dc403a2c5bf8", "87ff71bee735095c209afefc60cda504cc77acc50fc4ba31d756c9ea4c853a89", "a55543ec1b6966095c16d18874123733518b24859d943412b346bb1c1bc2aa45", "2d3ae3b2189a6ad6436f046c4dc4e30509132e0a0ae08175a2299105f26277ca", "380b798da49861cb0cb551a7b945f8db7e3893402c2423b6f9ebac784c79abf6", "aceca08c357c2da59b3a311c8b3199ac1d7d903c03c14b6f35f84d77b76c4764", "63ca73da5b67e40b82967d71e3b07aed7a17de020d0a009ff5838cdef5955c0d", "3a65beafd1115dd9343e3204fe9b53dde7e76d269804ddfcc95d6b379c9a081b", "529883d5b3a9935f3863fcf277ed10086645b2c94e0363276358cd2af9dc5dc1"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "imports-IsDebuggerPresent", "hashes": ["3fd4e4bc06b0c735ecb690e317fd0954b0b9011e6e32980e04af7611b938ec2c", "2ea0fc4ce00afe714122a10fb44e4f8115724e56c88654b2c0bd0dd952db6b1a", "25e7e21526add1508c644c31cbbffd221068779ed6fb1bae751a9a70c6133fd3", "723bc475c228b18acec71d248f9b79b189fa8a84d6685ea5b4b42cba55a7c9ab", "0b6a83489612fbac0c8031c717c2ef806d1ab504ee882a4e83700bd277684eca", "010f84deb5e78bad41895e882203db172819778c5dfd28c26eb079e8be50d77f", "5685ddcb62cd05ed44dd16b1e9004f1c63a5cd8965ccd19089a4fda044a48e81", "b29afa8695161d81edf54df2f6c36c02bb81fdd109f0000b106cbafe4bcd27a5", "a3c04866cc1b9024efa30842042f2e50337a6cdb7a77776784ad25e322cf93d7", "4038edea39f0d2c4155b1917759beca2f9fc8150a48d7e06a1b3e7b9b72652ae", "5945310e811930231bf36f6d6d34af46bef97aa4d23e6adc1911772f7b0f8299", "41892f3328b48749726630a3e75ee0addd7e41060beefcfc9d81d3bfc3ab55fd", "06dd24c4205cce7274c8b332e34abdc1cf6064d21bca8fc4407cd6cf075cfd09", "6f5394ad933af9c28c7eefc6c62eead20d8e3ecf5ebe40b10d81f74d96d1dfe1", "25473161969a5ce442ced0c778e677792b07fa68fe500734f7fccab735dfc6ac", "6f48cb7449083ebf82b8507d3d32f30fe8d76f329babe728d8bc94628a878981", "25f2be22535798e48ea2b92c08da3e62f15569f1f67bc45889d7dc403a2c5bf8", "87ff71bee735095c209afefc60cda504cc77acc50fc4ba31d756c9ea4c853a89", "a55543ec1b6966095c16d18874123733518b24859d943412b346bb1c1bc2aa45", "2d3ae3b2189a6ad6436f046c4dc4e30509132e0a0ae08175a2299105f26277ca", "380b798da49861cb0cb551a7b945f8db7e3893402c2423b6f9ebac784c79abf6", "aceca08c357c2da59b3a311c8b3199ac1d7d903c03c14b6f35f84d77b76c4764", "63ca73da5b67e40b82967d71e3b07aed7a17de020d0a009ff5838cdef5955c0d", "3a65beafd1115dd9343e3204fe9b53dde7e76d269804ddfcc95d6b379c9a081b", "529883d5b3a9935f3863fcf277ed10086645b2c94e0363276358cd2af9dc5dc1"], "mitre_attack_tags": ["TA0005", "TA0007"]}, {"bi": "startup-folder-modification", "hashes": ["3fd4e4bc06b0c735ecb690e317fd0954b0b9011e6e32980e04af7611b938ec2c", "2ea0fc4ce00afe714122a10fb44e4f8115724e56c88654b2c0bd0dd952db6b1a", "25e7e21526add1508c644c31cbbffd221068779ed6fb1bae751a9a70c6133fd3", "723bc475c228b18acec71d248f9b79b189fa8a84d6685ea5b4b42cba55a7c9ab", "0b6a83489612fbac0c8031c717c2ef806d1ab504ee882a4e83700bd277684eca", "010f84deb5e78bad41895e882203db172819778c5dfd28c26eb079e8be50d77f", "5685ddcb62cd05ed44dd16b1e9004f1c63a5cd8965ccd19089a4fda044a48e81", "b29afa8695161d81edf54df2f6c36c02bb81fdd109f0000b106cbafe4bcd27a5", "a3c04866cc1b9024efa30842042f2e50337a6cdb7a77776784ad25e322cf93d7", "4038edea39f0d2c4155b1917759beca2f9fc8150a48d7e06a1b3e7b9b72652ae", "5945310e811930231bf36f6d6d34af46bef97aa4d23e6adc1911772f7b0f8299", "41892f3328b48749726630a3e75ee0addd7e41060beefcfc9d81d3bfc3ab55fd", "06dd24c4205cce7274c8b332e34abdc1cf6064d21bca8fc4407cd6cf075cfd09", "6f5394ad933af9c28c7eefc6c62eead20d8e3ecf5ebe40b10d81f74d96d1dfe1", "25473161969a5ce442ced0c778e677792b07fa68fe500734f7fccab735dfc6ac", "6f48cb7449083ebf82b8507d3d32f30fe8d76f329babe728d8bc94628a878981", "25f2be22535798e48ea2b92c08da3e62f15569f1f67bc45889d7dc403a2c5bf8", "87ff71bee735095c209afefc60cda504cc77acc50fc4ba31d756c9ea4c853a89", "a55543ec1b6966095c16d18874123733518b24859d943412b346bb1c1bc2aa45", "2d3ae3b2189a6ad6436f046c4dc4e30509132e0a0ae08175a2299105f26277ca", "380b798da49861cb0cb551a7b945f8db7e3893402c2423b6f9ebac784c79abf6", "aceca08c357c2da59b3a311c8b3199ac1d7d903c03c14b6f35f84d77b76c4764", "63ca73da5b67e40b82967d71e3b07aed7a17de020d0a009ff5838cdef5955c0d", "3a65beafd1115dd9343e3204fe9b53dde7e76d269804ddfcc95d6b379c9a081b", "529883d5b3a9935f3863fcf277ed10086645b2c94e0363276358cd2af9dc5dc1"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "startup-folder-lnk-file", "hashes": ["3fd4e4bc06b0c735ecb690e317fd0954b0b9011e6e32980e04af7611b938ec2c", "2ea0fc4ce00afe714122a10fb44e4f8115724e56c88654b2c0bd0dd952db6b1a", "25e7e21526add1508c644c31cbbffd221068779ed6fb1bae751a9a70c6133fd3", "723bc475c228b18acec71d248f9b79b189fa8a84d6685ea5b4b42cba55a7c9ab", "0b6a83489612fbac0c8031c717c2ef806d1ab504ee882a4e83700bd277684eca", "010f84deb5e78bad41895e882203db172819778c5dfd28c26eb079e8be50d77f", "5685ddcb62cd05ed44dd16b1e9004f1c63a5cd8965ccd19089a4fda044a48e81", "b29afa8695161d81edf54df2f6c36c02bb81fdd109f0000b106cbafe4bcd27a5", "a3c04866cc1b9024efa30842042f2e50337a6cdb7a77776784ad25e322cf93d7", "4038edea39f0d2c4155b1917759beca2f9fc8150a48d7e06a1b3e7b9b72652ae", "5945310e811930231bf36f6d6d34af46bef97aa4d23e6adc1911772f7b0f8299", "41892f3328b48749726630a3e75ee0addd7e41060beefcfc9d81d3bfc3ab55fd", "06dd24c4205cce7274c8b332e34abdc1cf6064d21bca8fc4407cd6cf075cfd09", "6f5394ad933af9c28c7eefc6c62eead20d8e3ecf5ebe40b10d81f74d96d1dfe1", "25473161969a5ce442ced0c778e677792b07fa68fe500734f7fccab735dfc6ac", "6f48cb7449083ebf82b8507d3d32f30fe8d76f329babe728d8bc94628a878981", "25f2be22535798e48ea2b92c08da3e62f15569f1f67bc45889d7dc403a2c5bf8", "87ff71bee735095c209afefc60cda504cc77acc50fc4ba31d756c9ea4c853a89", "a55543ec1b6966095c16d18874123733518b24859d943412b346bb1c1bc2aa45", "2d3ae3b2189a6ad6436f046c4dc4e30509132e0a0ae08175a2299105f26277ca", "380b798da49861cb0cb551a7b945f8db7e3893402c2423b6f9ebac784c79abf6", "aceca08c357c2da59b3a311c8b3199ac1d7d903c03c14b6f35f84d77b76c4764", "63ca73da5b67e40b82967d71e3b07aed7a17de020d0a009ff5838cdef5955c0d", "3a65beafd1115dd9343e3204fe9b53dde7e76d269804ddfcc95d6b379c9a081b", "529883d5b3a9935f3863fcf277ed10086645b2c94e0363276358cd2af9dc5dc1"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "registry-autorun-commandprocessor", "hashes": ["3fd4e4bc06b0c735ecb690e317fd0954b0b9011e6e32980e04af7611b938ec2c", "2ea0fc4ce00afe714122a10fb44e4f8115724e56c88654b2c0bd0dd952db6b1a", "25e7e21526add1508c644c31cbbffd221068779ed6fb1bae751a9a70c6133fd3", "723bc475c228b18acec71d248f9b79b189fa8a84d6685ea5b4b42cba55a7c9ab", "0b6a83489612fbac0c8031c717c2ef806d1ab504ee882a4e83700bd277684eca", "010f84deb5e78bad41895e882203db172819778c5dfd28c26eb079e8be50d77f", "5685ddcb62cd05ed44dd16b1e9004f1c63a5cd8965ccd19089a4fda044a48e81", "b29afa8695161d81edf54df2f6c36c02bb81fdd109f0000b106cbafe4bcd27a5", "a3c04866cc1b9024efa30842042f2e50337a6cdb7a77776784ad25e322cf93d7", "4038edea39f0d2c4155b1917759beca2f9fc8150a48d7e06a1b3e7b9b72652ae", "5945310e811930231bf36f6d6d34af46bef97aa4d23e6adc1911772f7b0f8299", "41892f3328b48749726630a3e75ee0addd7e41060beefcfc9d81d3bfc3ab55fd", "06dd24c4205cce7274c8b332e34abdc1cf6064d21bca8fc4407cd6cf075cfd09", "6f5394ad933af9c28c7eefc6c62eead20d8e3ecf5ebe40b10d81f74d96d1dfe1", "25473161969a5ce442ced0c778e677792b07fa68fe500734f7fccab735dfc6ac", "6f48cb7449083ebf82b8507d3d32f30fe8d76f329babe728d8bc94628a878981", "25f2be22535798e48ea2b92c08da3e62f15569f1f67bc45889d7dc403a2c5bf8", "87ff71bee735095c209afefc60cda504cc77acc50fc4ba31d756c9ea4c853a89", "a55543ec1b6966095c16d18874123733518b24859d943412b346bb1c1bc2aa45", "2d3ae3b2189a6ad6436f046c4dc4e30509132e0a0ae08175a2299105f26277ca", "380b798da49861cb0cb551a7b945f8db7e3893402c2423b6f9ebac784c79abf6", "aceca08c357c2da59b3a311c8b3199ac1d7d903c03c14b6f35f84d77b76c4764", "63ca73da5b67e40b82967d71e3b07aed7a17de020d0a009ff5838cdef5955c0d", "3a65beafd1115dd9343e3204fe9b53dde7e76d269804ddfcc95d6b379c9a081b", "529883d5b3a9935f3863fcf277ed10086645b2c94e0363276358cd2af9dc5dc1"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "screen-saver-modified", "hashes": ["3fd4e4bc06b0c735ecb690e317fd0954b0b9011e6e32980e04af7611b938ec2c", "2ea0fc4ce00afe714122a10fb44e4f8115724e56c88654b2c0bd0dd952db6b1a", "25e7e21526add1508c644c31cbbffd221068779ed6fb1bae751a9a70c6133fd3", "723bc475c228b18acec71d248f9b79b189fa8a84d6685ea5b4b42cba55a7c9ab", "0b6a83489612fbac0c8031c717c2ef806d1ab504ee882a4e83700bd277684eca", "010f84deb5e78bad41895e882203db172819778c5dfd28c26eb079e8be50d77f", "5685ddcb62cd05ed44dd16b1e9004f1c63a5cd8965ccd19089a4fda044a48e81", "b29afa8695161d81edf54df2f6c36c02bb81fdd109f0000b106cbafe4bcd27a5", "a3c04866cc1b9024efa30842042f2e50337a6cdb7a77776784ad25e322cf93d7", "4038edea39f0d2c4155b1917759beca2f9fc8150a48d7e06a1b3e7b9b72652ae", "5945310e811930231bf36f6d6d34af46bef97aa4d23e6adc1911772f7b0f8299", "41892f3328b48749726630a3e75ee0addd7e41060beefcfc9d81d3bfc3ab55fd", "06dd24c4205cce7274c8b332e34abdc1cf6064d21bca8fc4407cd6cf075cfd09", "6f5394ad933af9c28c7eefc6c62eead20d8e3ecf5ebe40b10d81f74d96d1dfe1", "25473161969a5ce442ced0c778e677792b07fa68fe500734f7fccab735dfc6ac", "6f48cb7449083ebf82b8507d3d32f30fe8d76f329babe728d8bc94628a878981", "25f2be22535798e48ea2b92c08da3e62f15569f1f67bc45889d7dc403a2c5bf8", "87ff71bee735095c209afefc60cda504cc77acc50fc4ba31d756c9ea4c853a89", "a55543ec1b6966095c16d18874123733518b24859d943412b346bb1c1bc2aa45", "2d3ae3b2189a6ad6436f046c4dc4e30509132e0a0ae08175a2299105f26277ca", "380b798da49861cb0cb551a7b945f8db7e3893402c2423b6f9ebac784c79abf6", "aceca08c357c2da59b3a311c8b3199ac1d7d903c03c14b6f35f84d77b76c4764", "63ca73da5b67e40b82967d71e3b07aed7a17de020d0a009ff5838cdef5955c0d", "3a65beafd1115dd9343e3204fe9b53dde7e76d269804ddfcc95d6b379c9a081b", "529883d5b3a9935f3863fcf277ed10086645b2c94e0363276358cd2af9dc5dc1"], "mitre_attack_tags": ["TA0003", "TA0004", "T1546"]}, {"bi": "process-check-zone-identifier", "hashes": ["3fd4e4bc06b0c735ecb690e317fd0954b0b9011e6e32980e04af7611b938ec2c", "2ea0fc4ce00afe714122a10fb44e4f8115724e56c88654b2c0bd0dd952db6b1a", "25e7e21526add1508c644c31cbbffd221068779ed6fb1bae751a9a70c6133fd3", "723bc475c228b18acec71d248f9b79b189fa8a84d6685ea5b4b42cba55a7c9ab", "0b6a83489612fbac0c8031c717c2ef806d1ab504ee882a4e83700bd277684eca", "010f84deb5e78bad41895e882203db172819778c5dfd28c26eb079e8be50d77f", "5685ddcb62cd05ed44dd16b1e9004f1c63a5cd8965ccd19089a4fda044a48e81", "b29afa8695161d81edf54df2f6c36c02bb81fdd109f0000b106cbafe4bcd27a5", "a3c04866cc1b9024efa30842042f2e50337a6cdb7a77776784ad25e322cf93d7", "4038edea39f0d2c4155b1917759beca2f9fc8150a48d7e06a1b3e7b9b72652ae", "5945310e811930231bf36f6d6d34af46bef97aa4d23e6adc1911772f7b0f8299", "41892f3328b48749726630a3e75ee0addd7e41060beefcfc9d81d3bfc3ab55fd", "06dd24c4205cce7274c8b332e34abdc1cf6064d21bca8fc4407cd6cf075cfd09", "6f5394ad933af9c28c7eefc6c62eead20d8e3ecf5ebe40b10d81f74d96d1dfe1", "25473161969a5ce442ced0c778e677792b07fa68fe500734f7fccab735dfc6ac", "6f48cb7449083ebf82b8507d3d32f30fe8d76f329babe728d8bc94628a878981", "25f2be22535798e48ea2b92c08da3e62f15569f1f67bc45889d7dc403a2c5bf8", "87ff71bee735095c209afefc60cda504cc77acc50fc4ba31d756c9ea4c853a89", "a55543ec1b6966095c16d18874123733518b24859d943412b346bb1c1bc2aa45", "2d3ae3b2189a6ad6436f046c4dc4e30509132e0a0ae08175a2299105f26277ca", "380b798da49861cb0cb551a7b945f8db7e3893402c2423b6f9ebac784c79abf6", "aceca08c357c2da59b3a311c8b3199ac1d7d903c03c14b6f35f84d77b76c4764", "63ca73da5b67e40b82967d71e3b07aed7a17de020d0a009ff5838cdef5955c0d", "3a65beafd1115dd9343e3204fe9b53dde7e76d269804ddfcc95d6b379c9a081b", "529883d5b3a9935f3863fcf277ed10086645b2c94e0363276358cd2af9dc5dc1"], "mitre_attack_tags": ["TA0007", "TA0005", "T1518", "T1553"]}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["3fd4e4bc06b0c735ecb690e317fd0954b0b9011e6e32980e04af7611b938ec2c", "2ea0fc4ce00afe714122a10fb44e4f8115724e56c88654b2c0bd0dd952db6b1a", "25e7e21526add1508c644c31cbbffd221068779ed6fb1bae751a9a70c6133fd3", "723bc475c228b18acec71d248f9b79b189fa8a84d6685ea5b4b42cba55a7c9ab", "0b6a83489612fbac0c8031c717c2ef806d1ab504ee882a4e83700bd277684eca", "010f84deb5e78bad41895e882203db172819778c5dfd28c26eb079e8be50d77f", "5685ddcb62cd05ed44dd16b1e9004f1c63a5cd8965ccd19089a4fda044a48e81", "b29afa8695161d81edf54df2f6c36c02bb81fdd109f0000b106cbafe4bcd27a5", "a3c04866cc1b9024efa30842042f2e50337a6cdb7a77776784ad25e322cf93d7", "4038edea39f0d2c4155b1917759beca2f9fc8150a48d7e06a1b3e7b9b72652ae", "5945310e811930231bf36f6d6d34af46bef97aa4d23e6adc1911772f7b0f8299", "41892f3328b48749726630a3e75ee0addd7e41060beefcfc9d81d3bfc3ab55fd", "06dd24c4205cce7274c8b332e34abdc1cf6064d21bca8fc4407cd6cf075cfd09", "6f5394ad933af9c28c7eefc6c62eead20d8e3ecf5ebe40b10d81f74d96d1dfe1", "25473161969a5ce442ced0c778e677792b07fa68fe500734f7fccab735dfc6ac", "6f48cb7449083ebf82b8507d3d32f30fe8d76f329babe728d8bc94628a878981", "25f2be22535798e48ea2b92c08da3e62f15569f1f67bc45889d7dc403a2c5bf8", "a55543ec1b6966095c16d18874123733518b24859d943412b346bb1c1bc2aa45", "2d3ae3b2189a6ad6436f046c4dc4e30509132e0a0ae08175a2299105f26277ca", "aceca08c357c2da59b3a311c8b3199ac1d7d903c03c14b6f35f84d77b76c4764", "63ca73da5b67e40b82967d71e3b07aed7a17de020d0a009ff5838cdef5955c0d", "3a65beafd1115dd9343e3204fe9b53dde7e76d269804ddfcc95d6b379c9a081b", "529883d5b3a9935f3863fcf277ed10086645b2c94e0363276358cd2af9dc5dc1"], "mitre_attack_tags": []}, {"bi": "audio-video-mutex-detected", "hashes": ["3fd4e4bc06b0c735ecb690e317fd0954b0b9011e6e32980e04af7611b938ec2c", "2ea0fc4ce00afe714122a10fb44e4f8115724e56c88654b2c0bd0dd952db6b1a", "25e7e21526add1508c644c31cbbffd221068779ed6fb1bae751a9a70c6133fd3", "0b6a83489612fbac0c8031c717c2ef806d1ab504ee882a4e83700bd277684eca", "5685ddcb62cd05ed44dd16b1e9004f1c63a5cd8965ccd19089a4fda044a48e81", "b29afa8695161d81edf54df2f6c36c02bb81fdd109f0000b106cbafe4bcd27a5", "a3c04866cc1b9024efa30842042f2e50337a6cdb7a77776784ad25e322cf93d7", "4038edea39f0d2c4155b1917759beca2f9fc8150a48d7e06a1b3e7b9b72652ae", "5945310e811930231bf36f6d6d34af46bef97aa4d23e6adc1911772f7b0f8299", "41892f3328b48749726630a3e75ee0addd7e41060beefcfc9d81d3bfc3ab55fd", "06dd24c4205cce7274c8b332e34abdc1cf6064d21bca8fc4407cd6cf075cfd09", "6f5394ad933af9c28c7eefc6c62eead20d8e3ecf5ebe40b10d81f74d96d1dfe1", "25473161969a5ce442ced0c778e677792b07fa68fe500734f7fccab735dfc6ac", "6f48cb7449083ebf82b8507d3d32f30fe8d76f329babe728d8bc94628a878981", "25f2be22535798e48ea2b92c08da3e62f15569f1f67bc45889d7dc403a2c5bf8", "87ff71bee735095c209afefc60cda504cc77acc50fc4ba31d756c9ea4c853a89", "a55543ec1b6966095c16d18874123733518b24859d943412b346bb1c1bc2aa45", "2d3ae3b2189a6ad6436f046c4dc4e30509132e0a0ae08175a2299105f26277ca", "380b798da49861cb0cb551a7b945f8db7e3893402c2423b6f9ebac784c79abf6", "aceca08c357c2da59b3a311c8b3199ac1d7d903c03c14b6f35f84d77b76c4764", "63ca73da5b67e40b82967d71e3b07aed7a17de020d0a009ff5838cdef5955c0d", "3a65beafd1115dd9343e3204fe9b53dde7e76d269804ddfcc95d6b379c9a081b", "529883d5b3a9935f3863fcf277ed10086645b2c94e0363276358cd2af9dc5dc1"], "mitre_attack_tags": ["TA0009", "T1123", "T1125"]}, {"bi": "pe-invalid-checksum", "hashes": ["3fd4e4bc06b0c735ecb690e317fd0954b0b9011e6e32980e04af7611b938ec2c", "2ea0fc4ce00afe714122a10fb44e4f8115724e56c88654b2c0bd0dd952db6b1a", "010f84deb5e78bad41895e882203db172819778c5dfd28c26eb079e8be50d77f", "5685ddcb62cd05ed44dd16b1e9004f1c63a5cd8965ccd19089a4fda044a48e81", "a3c04866cc1b9024efa30842042f2e50337a6cdb7a77776784ad25e322cf93d7", "4038edea39f0d2c4155b1917759beca2f9fc8150a48d7e06a1b3e7b9b72652ae", "5945310e811930231bf36f6d6d34af46bef97aa4d23e6adc1911772f7b0f8299", "41892f3328b48749726630a3e75ee0addd7e41060beefcfc9d81d3bfc3ab55fd", "06dd24c4205cce7274c8b332e34abdc1cf6064d21bca8fc4407cd6cf075cfd09", "6f5394ad933af9c28c7eefc6c62eead20d8e3ecf5ebe40b10d81f74d96d1dfe1", "25473161969a5ce442ced0c778e677792b07fa68fe500734f7fccab735dfc6ac", "25f2be22535798e48ea2b92c08da3e62f15569f1f67bc45889d7dc403a2c5bf8", "87ff71bee735095c209afefc60cda504cc77acc50fc4ba31d756c9ea4c853a89", "a55543ec1b6966095c16d18874123733518b24859d943412b346bb1c1bc2aa45", "2d3ae3b2189a6ad6436f046c4dc4e30509132e0a0ae08175a2299105f26277ca", "380b798da49861cb0cb551a7b945f8db7e3893402c2423b6f9ebac784c79abf6", "aceca08c357c2da59b3a311c8b3199ac1d7d903c03c14b6f35f84d77b76c4764", "529883d5b3a9935f3863fcf277ed10086645b2c94e0363276358cd2af9dc5dc1"], "mitre_attack_tags": []}, {"bi": "malware-trickbot-mutex", "hashes": ["2ea0fc4ce00afe714122a10fb44e4f8115724e56c88654b2c0bd0dd952db6b1a", "25e7e21526add1508c644c31cbbffd221068779ed6fb1bae751a9a70c6133fd3", "0b6a83489612fbac0c8031c717c2ef806d1ab504ee882a4e83700bd277684eca", "a3c04866cc1b9024efa30842042f2e50337a6cdb7a77776784ad25e322cf93d7", "25473161969a5ce442ced0c778e677792b07fa68fe500734f7fccab735dfc6ac", "25f2be22535798e48ea2b92c08da3e62f15569f1f67bc45889d7dc403a2c5bf8", "87ff71bee735095c209afefc60cda504cc77acc50fc4ba31d756c9ea4c853a89", "aceca08c357c2da59b3a311c8b3199ac1d7d903c03c14b6f35f84d77b76c4764", "63ca73da5b67e40b82967d71e3b07aed7a17de020d0a009ff5838cdef5955c0d", "3a65beafd1115dd9343e3204fe9b53dde7e76d269804ddfcc95d6b379c9a081b"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "artifact-flagged-anomaly", "hashes": ["3fd4e4bc06b0c735ecb690e317fd0954b0b9011e6e32980e04af7611b938ec2c", "010f84deb5e78bad41895e882203db172819778c5dfd28c26eb079e8be50d77f", "5685ddcb62cd05ed44dd16b1e9004f1c63a5cd8965ccd19089a4fda044a48e81", "41892f3328b48749726630a3e75ee0addd7e41060beefcfc9d81d3bfc3ab55fd", "06dd24c4205cce7274c8b332e34abdc1cf6064d21bca8fc4407cd6cf075cfd09", "6f5394ad933af9c28c7eefc6c62eead20d8e3ecf5ebe40b10d81f74d96d1dfe1", "a55543ec1b6966095c16d18874123733518b24859d943412b346bb1c1bc2aa45", "aceca08c357c2da59b3a311c8b3199ac1d7d903c03c14b6f35f84d77b76c4764"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "shadow-copy-creation-or-modification", "hashes": ["25e7e21526add1508c644c31cbbffd221068779ed6fb1bae751a9a70c6133fd3", "4038edea39f0d2c4155b1917759beca2f9fc8150a48d7e06a1b3e7b9b72652ae", "2d3ae3b2189a6ad6436f046c4dc4e30509132e0a0ae08175a2299105f26277ca", "380b798da49861cb0cb551a7b945f8db7e3893402c2423b6f9ebac784c79abf6", "63ca73da5b67e40b82967d71e3b07aed7a17de020d0a009ff5838cdef5955c0d"], "mitre_attack_tags": ["TA0040", "T1490"]}, {"bi": "antivirus-flagged-artifact", "hashes": ["723bc475c228b18acec71d248f9b79b189fa8a84d6685ea5b4b42cba55a7c9ab", "010f84deb5e78bad41895e882203db172819778c5dfd28c26eb079e8be50d77f"], "mitre_attack_tags": []}, {"bi": "pe-imports-psapi-dll", "hashes": ["723bc475c228b18acec71d248f9b79b189fa8a84d6685ea5b4b42cba55a7c9ab", "010f84deb5e78bad41895e882203db172819778c5dfd28c26eb079e8be50d77f"], "mitre_attack_tags": ["TA0007", "T1057"]}, {"bi": "pe-imports-toolhelp", "hashes": ["723bc475c228b18acec71d248f9b79b189fa8a84d6685ea5b4b42cba55a7c9ab", "010f84deb5e78bad41895e882203db172819778c5dfd28c26eb079e8be50d77f"], "mitre_attack_tags": ["TA0007", "T1057"]}, {"bi": "pe-uses-heavens-gate", "hashes": ["723bc475c228b18acec71d248f9b79b189fa8a84d6685ea5b4b42cba55a7c9ab", "010f84deb5e78bad41895e882203db172819778c5dfd28c26eb079e8be50d77f"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "benign-process-has-child", "hashes": ["0b6a83489612fbac0c8031c717c2ef806d1ab504ee882a4e83700bd277684eca"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "high-heuristic-score", "hashes": ["380b798da49861cb0cb551a7b945f8db7e3893402c2423b6f9ebac784c79abf6"], "mitre_attack_tags": []}], "category": "Dropper", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": false, "Threat Grid": true, "Umbrella": false, "WSA": false}, "description": "TrickBot is a banking trojan targeting sensitive information for certain financial institutions. This malware is frequently distributed through malicious spam campaigns. Many of these campaigns rely on downloaders for distribution, such as VB scripts.", "hashes": ["010f84deb5e78bad41895e882203db172819778c5dfd28c26eb079e8be50d77f", "06dd24c4205cce7274c8b332e34abdc1cf6064d21bca8fc4407cd6cf075cfd09", "0b6a83489612fbac0c8031c717c2ef806d1ab504ee882a4e83700bd277684eca", "25473161969a5ce442ced0c778e677792b07fa68fe500734f7fccab735dfc6ac", "25e7e21526add1508c644c31cbbffd221068779ed6fb1bae751a9a70c6133fd3", "25f2be22535798e48ea2b92c08da3e62f15569f1f67bc45889d7dc403a2c5bf8", "2d3ae3b2189a6ad6436f046c4dc4e30509132e0a0ae08175a2299105f26277ca", "2ea0fc4ce00afe714122a10fb44e4f8115724e56c88654b2c0bd0dd952db6b1a", "380b798da49861cb0cb551a7b945f8db7e3893402c2423b6f9ebac784c79abf6", "3a65beafd1115dd9343e3204fe9b53dde7e76d269804ddfcc95d6b379c9a081b", "3fd4e4bc06b0c735ecb690e317fd0954b0b9011e6e32980e04af7611b938ec2c", "4038edea39f0d2c4155b1917759beca2f9fc8150a48d7e06a1b3e7b9b72652ae", "41892f3328b48749726630a3e75ee0addd7e41060beefcfc9d81d3bfc3ab55fd", "529883d5b3a9935f3863fcf277ed10086645b2c94e0363276358cd2af9dc5dc1", "5685ddcb62cd05ed44dd16b1e9004f1c63a5cd8965ccd19089a4fda044a48e81", "5945310e811930231bf36f6d6d34af46bef97aa4d23e6adc1911772f7b0f8299", "63ca73da5b67e40b82967d71e3b07aed7a17de020d0a009ff5838cdef5955c0d", "6f48cb7449083ebf82b8507d3d32f30fe8d76f329babe728d8bc94628a878981", "6f5394ad933af9c28c7eefc6c62eead20d8e3ecf5ebe40b10d81f74d96d1dfe1", "723bc475c228b18acec71d248f9b79b189fa8a84d6685ea5b4b42cba55a7c9ab", "87ff71bee735095c209afefc60cda504cc77acc50fc4ba31d756c9ea4c853a89", "a3c04866cc1b9024efa30842042f2e50337a6cdb7a77776784ad25e322cf93d7", "a55543ec1b6966095c16d18874123733518b24859d943412b346bb1c1bc2aa45", "aceca08c357c2da59b3a311c8b3199ac1d7d903c03c14b6f35f84d77b76c4764", "b29afa8695161d81edf54df2f6c36c02bb81fdd109f0000b106cbafe4bcd27a5", "c0630cd78c6cad4c41b0ae7885096e38d3f12060030bc1a62f5efcdd27ea1b37", "c0e46dec0c4720f4b224013f3a02ed6d83218db22c19b2defef1f4bb2cbd1b6d", "cd34da2c4a17b9092226623d70854f5fc0892f15907002a7934a09293f5c6289", "d9887e9f5a6d74667d09b708c468f744d034062a65b3ef32a9d975e7717da370", "e0b0bd330713caccfec1835a3795e6b4faa43fda98cdcc9c10d4497317152338"], "iocs": {"domain": [], "file": [{"hashes": ["010f84deb5e78bad41895e882203db172819778c5dfd28c26eb079e8be50d77f", "06dd24c4205cce7274c8b332e34abdc1cf6064d21bca8fc4407cd6cf075cfd09", "0b6a83489612fbac0c8031c717c2ef806d1ab504ee882a4e83700bd277684eca", "25473161969a5ce442ced0c778e677792b07fa68fe500734f7fccab735dfc6ac", "25e7e21526add1508c644c31cbbffd221068779ed6fb1bae751a9a70c6133fd3", "25f2be22535798e48ea2b92c08da3e62f15569f1f67bc45889d7dc403a2c5bf8", "2d3ae3b2189a6ad6436f046c4dc4e30509132e0a0ae08175a2299105f26277ca", "2ea0fc4ce00afe714122a10fb44e4f8115724e56c88654b2c0bd0dd952db6b1a", "380b798da49861cb0cb551a7b945f8db7e3893402c2423b6f9ebac784c79abf6", "3a65beafd1115dd9343e3204fe9b53dde7e76d269804ddfcc95d6b379c9a081b", "3fd4e4bc06b0c735ecb690e317fd0954b0b9011e6e32980e04af7611b938ec2c", "4038edea39f0d2c4155b1917759beca2f9fc8150a48d7e06a1b3e7b9b72652ae", "41892f3328b48749726630a3e75ee0addd7e41060beefcfc9d81d3bfc3ab55fd", "529883d5b3a9935f3863fcf277ed10086645b2c94e0363276358cd2af9dc5dc1", "5685ddcb62cd05ed44dd16b1e9004f1c63a5cd8965ccd19089a4fda044a48e81", "5945310e811930231bf36f6d6d34af46bef97aa4d23e6adc1911772f7b0f8299", "63ca73da5b67e40b82967d71e3b07aed7a17de020d0a009ff5838cdef5955c0d", "6f48cb7449083ebf82b8507d3d32f30fe8d76f329babe728d8bc94628a878981", "6f5394ad933af9c28c7eefc6c62eead20d8e3ecf5ebe40b10d81f74d96d1dfe1", "723bc475c228b18acec71d248f9b79b189fa8a84d6685ea5b4b42cba55a7c9ab", "87ff71bee735095c209afefc60cda504cc77acc50fc4ba31d756c9ea4c853a89", "a3c04866cc1b9024efa30842042f2e50337a6cdb7a77776784ad25e322cf93d7", "a55543ec1b6966095c16d18874123733518b24859d943412b346bb1c1bc2aa45", "aceca08c357c2da59b3a311c8b3199ac1d7d903c03c14b6f35f84d77b76c4764", "b29afa8695161d81edf54df2f6c36c02bb81fdd109f0000b106cbafe4bcd27a5"], "path": "\\System Volume Information\\EFS0.LOG"}, {"hashes": ["010f84deb5e78bad41895e882203db172819778c5dfd28c26eb079e8be50d77f", "06dd24c4205cce7274c8b332e34abdc1cf6064d21bca8fc4407cd6cf075cfd09", "0b6a83489612fbac0c8031c717c2ef806d1ab504ee882a4e83700bd277684eca", "25473161969a5ce442ced0c778e677792b07fa68fe500734f7fccab735dfc6ac", "25e7e21526add1508c644c31cbbffd221068779ed6fb1bae751a9a70c6133fd3", "25f2be22535798e48ea2b92c08da3e62f15569f1f67bc45889d7dc403a2c5bf8", "2d3ae3b2189a6ad6436f046c4dc4e30509132e0a0ae08175a2299105f26277ca", "2ea0fc4ce00afe714122a10fb44e4f8115724e56c88654b2c0bd0dd952db6b1a", "380b798da49861cb0cb551a7b945f8db7e3893402c2423b6f9ebac784c79abf6", "3a65beafd1115dd9343e3204fe9b53dde7e76d269804ddfcc95d6b379c9a081b", "3fd4e4bc06b0c735ecb690e317fd0954b0b9011e6e32980e04af7611b938ec2c", "4038edea39f0d2c4155b1917759beca2f9fc8150a48d7e06a1b3e7b9b72652ae", "41892f3328b48749726630a3e75ee0addd7e41060beefcfc9d81d3bfc3ab55fd", "529883d5b3a9935f3863fcf277ed10086645b2c94e0363276358cd2af9dc5dc1", "5685ddcb62cd05ed44dd16b1e9004f1c63a5cd8965ccd19089a4fda044a48e81", "5945310e811930231bf36f6d6d34af46bef97aa4d23e6adc1911772f7b0f8299", "63ca73da5b67e40b82967d71e3b07aed7a17de020d0a009ff5838cdef5955c0d", "6f48cb7449083ebf82b8507d3d32f30fe8d76f329babe728d8bc94628a878981", "6f5394ad933af9c28c7eefc6c62eead20d8e3ecf5ebe40b10d81f74d96d1dfe1", "723bc475c228b18acec71d248f9b79b189fa8a84d6685ea5b4b42cba55a7c9ab", "87ff71bee735095c209afefc60cda504cc77acc50fc4ba31d756c9ea4c853a89", "a3c04866cc1b9024efa30842042f2e50337a6cdb7a77776784ad25e322cf93d7", "a55543ec1b6966095c16d18874123733518b24859d943412b346bb1c1bc2aa45", "aceca08c357c2da59b3a311c8b3199ac1d7d903c03c14b6f35f84d77b76c4764", "b29afa8695161d81edf54df2f6c36c02bb81fdd109f0000b106cbafe4bcd27a5"], "path": "%APPDATA%\\Microsoft\\Windows\\dllcache"}, {"hashes": ["010f84deb5e78bad41895e882203db172819778c5dfd28c26eb079e8be50d77f", "06dd24c4205cce7274c8b332e34abdc1cf6064d21bca8fc4407cd6cf075cfd09", "0b6a83489612fbac0c8031c717c2ef806d1ab504ee882a4e83700bd277684eca", "25473161969a5ce442ced0c778e677792b07fa68fe500734f7fccab735dfc6ac", "25e7e21526add1508c644c31cbbffd221068779ed6fb1bae751a9a70c6133fd3", "25f2be22535798e48ea2b92c08da3e62f15569f1f67bc45889d7dc403a2c5bf8", "2d3ae3b2189a6ad6436f046c4dc4e30509132e0a0ae08175a2299105f26277ca", "2ea0fc4ce00afe714122a10fb44e4f8115724e56c88654b2c0bd0dd952db6b1a", "380b798da49861cb0cb551a7b945f8db7e3893402c2423b6f9ebac784c79abf6", "3a65beafd1115dd9343e3204fe9b53dde7e76d269804ddfcc95d6b379c9a081b", "3fd4e4bc06b0c735ecb690e317fd0954b0b9011e6e32980e04af7611b938ec2c", "4038edea39f0d2c4155b1917759beca2f9fc8150a48d7e06a1b3e7b9b72652ae", "41892f3328b48749726630a3e75ee0addd7e41060beefcfc9d81d3bfc3ab55fd", "529883d5b3a9935f3863fcf277ed10086645b2c94e0363276358cd2af9dc5dc1", "5685ddcb62cd05ed44dd16b1e9004f1c63a5cd8965ccd19089a4fda044a48e81", "5945310e811930231bf36f6d6d34af46bef97aa4d23e6adc1911772f7b0f8299", "63ca73da5b67e40b82967d71e3b07aed7a17de020d0a009ff5838cdef5955c0d", "6f48cb7449083ebf82b8507d3d32f30fe8d76f329babe728d8bc94628a878981", "6f5394ad933af9c28c7eefc6c62eead20d8e3ecf5ebe40b10d81f74d96d1dfe1", "723bc475c228b18acec71d248f9b79b189fa8a84d6685ea5b4b42cba55a7c9ab", "87ff71bee735095c209afefc60cda504cc77acc50fc4ba31d756c9ea4c853a89", "a3c04866cc1b9024efa30842042f2e50337a6cdb7a77776784ad25e322cf93d7", "a55543ec1b6966095c16d18874123733518b24859d943412b346bb1c1bc2aa45", "aceca08c357c2da59b3a311c8b3199ac1d7d903c03c14b6f35f84d77b76c4764", "b29afa8695161d81edf54df2f6c36c02bb81fdd109f0000b106cbafe4bcd27a5"], "path": "%APPDATA%\\Microsoft\\Windows\\dllcache\\drivers"}, {"hashes": ["010f84deb5e78bad41895e882203db172819778c5dfd28c26eb079e8be50d77f", "06dd24c4205cce7274c8b332e34abdc1cf6064d21bca8fc4407cd6cf075cfd09", "0b6a83489612fbac0c8031c717c2ef806d1ab504ee882a4e83700bd277684eca", "25473161969a5ce442ced0c778e677792b07fa68fe500734f7fccab735dfc6ac", "25e7e21526add1508c644c31cbbffd221068779ed6fb1bae751a9a70c6133fd3", "25f2be22535798e48ea2b92c08da3e62f15569f1f67bc45889d7dc403a2c5bf8", "2d3ae3b2189a6ad6436f046c4dc4e30509132e0a0ae08175a2299105f26277ca", "2ea0fc4ce00afe714122a10fb44e4f8115724e56c88654b2c0bd0dd952db6b1a", "380b798da49861cb0cb551a7b945f8db7e3893402c2423b6f9ebac784c79abf6", "3a65beafd1115dd9343e3204fe9b53dde7e76d269804ddfcc95d6b379c9a081b", "3fd4e4bc06b0c735ecb690e317fd0954b0b9011e6e32980e04af7611b938ec2c", "4038edea39f0d2c4155b1917759beca2f9fc8150a48d7e06a1b3e7b9b72652ae", "41892f3328b48749726630a3e75ee0addd7e41060beefcfc9d81d3bfc3ab55fd", "529883d5b3a9935f3863fcf277ed10086645b2c94e0363276358cd2af9dc5dc1", "5685ddcb62cd05ed44dd16b1e9004f1c63a5cd8965ccd19089a4fda044a48e81", "5945310e811930231bf36f6d6d34af46bef97aa4d23e6adc1911772f7b0f8299", "63ca73da5b67e40b82967d71e3b07aed7a17de020d0a009ff5838cdef5955c0d", "6f48cb7449083ebf82b8507d3d32f30fe8d76f329babe728d8bc94628a878981", "6f5394ad933af9c28c7eefc6c62eead20d8e3ecf5ebe40b10d81f74d96d1dfe1", "723bc475c228b18acec71d248f9b79b189fa8a84d6685ea5b4b42cba55a7c9ab", "87ff71bee735095c209afefc60cda504cc77acc50fc4ba31d756c9ea4c853a89", "a3c04866cc1b9024efa30842042f2e50337a6cdb7a77776784ad25e322cf93d7", "a55543ec1b6966095c16d18874123733518b24859d943412b346bb1c1bc2aa45", "aceca08c357c2da59b3a311c8b3199ac1d7d903c03c14b6f35f84d77b76c4764", "b29afa8695161d81edf54df2f6c36c02bb81fdd109f0000b106cbafe4bcd27a5"], "path": "\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\StartUp"}, {"hashes": ["010f84deb5e78bad41895e882203db172819778c5dfd28c26eb079e8be50d77f", "06dd24c4205cce7274c8b332e34abdc1cf6064d21bca8fc4407cd6cf075cfd09", "0b6a83489612fbac0c8031c717c2ef806d1ab504ee882a4e83700bd277684eca", "25473161969a5ce442ced0c778e677792b07fa68fe500734f7fccab735dfc6ac", "25e7e21526add1508c644c31cbbffd221068779ed6fb1bae751a9a70c6133fd3", "25f2be22535798e48ea2b92c08da3e62f15569f1f67bc45889d7dc403a2c5bf8", "2d3ae3b2189a6ad6436f046c4dc4e30509132e0a0ae08175a2299105f26277ca", "2ea0fc4ce00afe714122a10fb44e4f8115724e56c88654b2c0bd0dd952db6b1a", "380b798da49861cb0cb551a7b945f8db7e3893402c2423b6f9ebac784c79abf6", "3a65beafd1115dd9343e3204fe9b53dde7e76d269804ddfcc95d6b379c9a081b", "3fd4e4bc06b0c735ecb690e317fd0954b0b9011e6e32980e04af7611b938ec2c", "4038edea39f0d2c4155b1917759beca2f9fc8150a48d7e06a1b3e7b9b72652ae", "41892f3328b48749726630a3e75ee0addd7e41060beefcfc9d81d3bfc3ab55fd", "529883d5b3a9935f3863fcf277ed10086645b2c94e0363276358cd2af9dc5dc1", "5685ddcb62cd05ed44dd16b1e9004f1c63a5cd8965ccd19089a4fda044a48e81", "5945310e811930231bf36f6d6d34af46bef97aa4d23e6adc1911772f7b0f8299", "63ca73da5b67e40b82967d71e3b07aed7a17de020d0a009ff5838cdef5955c0d", "6f48cb7449083ebf82b8507d3d32f30fe8d76f329babe728d8bc94628a878981", "6f5394ad933af9c28c7eefc6c62eead20d8e3ecf5ebe40b10d81f74d96d1dfe1", "723bc475c228b18acec71d248f9b79b189fa8a84d6685ea5b4b42cba55a7c9ab", "87ff71bee735095c209afefc60cda504cc77acc50fc4ba31d756c9ea4c853a89", "a3c04866cc1b9024efa30842042f2e50337a6cdb7a77776784ad25e322cf93d7", "a55543ec1b6966095c16d18874123733518b24859d943412b346bb1c1bc2aa45", "aceca08c357c2da59b3a311c8b3199ac1d7d903c03c14b6f35f84d77b76c4764", "b29afa8695161d81edf54df2f6c36c02bb81fdd109f0000b106cbafe4bcd27a5"], "path": "%TEMP%\\tmp<random, matching [A-F0-9]{1,4}>.tmp"}, {"hashes": ["010f84deb5e78bad41895e882203db172819778c5dfd28c26eb079e8be50d77f", "06dd24c4205cce7274c8b332e34abdc1cf6064d21bca8fc4407cd6cf075cfd09", "0b6a83489612fbac0c8031c717c2ef806d1ab504ee882a4e83700bd277684eca", "25473161969a5ce442ced0c778e677792b07fa68fe500734f7fccab735dfc6ac", "25e7e21526add1508c644c31cbbffd221068779ed6fb1bae751a9a70c6133fd3", "25f2be22535798e48ea2b92c08da3e62f15569f1f67bc45889d7dc403a2c5bf8", "2d3ae3b2189a6ad6436f046c4dc4e30509132e0a0ae08175a2299105f26277ca", "380b798da49861cb0cb551a7b945f8db7e3893402c2423b6f9ebac784c79abf6", "3a65beafd1115dd9343e3204fe9b53dde7e76d269804ddfcc95d6b379c9a081b", "3fd4e4bc06b0c735ecb690e317fd0954b0b9011e6e32980e04af7611b938ec2c", "4038edea39f0d2c4155b1917759beca2f9fc8150a48d7e06a1b3e7b9b72652ae", "41892f3328b48749726630a3e75ee0addd7e41060beefcfc9d81d3bfc3ab55fd", "529883d5b3a9935f3863fcf277ed10086645b2c94e0363276358cd2af9dc5dc1", "5685ddcb62cd05ed44dd16b1e9004f1c63a5cd8965ccd19089a4fda044a48e81", "5945310e811930231bf36f6d6d34af46bef97aa4d23e6adc1911772f7b0f8299", "63ca73da5b67e40b82967d71e3b07aed7a17de020d0a009ff5838cdef5955c0d", "6f48cb7449083ebf82b8507d3d32f30fe8d76f329babe728d8bc94628a878981", "6f5394ad933af9c28c7eefc6c62eead20d8e3ecf5ebe40b10d81f74d96d1dfe1", "723bc475c228b18acec71d248f9b79b189fa8a84d6685ea5b4b42cba55a7c9ab", "87ff71bee735095c209afefc60cda504cc77acc50fc4ba31d756c9ea4c853a89", "a3c04866cc1b9024efa30842042f2e50337a6cdb7a77776784ad25e322cf93d7", "a55543ec1b6966095c16d18874123733518b24859d943412b346bb1c1bc2aa45", "aceca08c357c2da59b3a311c8b3199ac1d7d903c03c14b6f35f84d77b76c4764", "b29afa8695161d81edf54df2f6c36c02bb81fdd109f0000b106cbafe4bcd27a5"], "path": "\\{40873C05-0BAB-1575-53E7-E3B7E9D4CC75}"}, {"hashes": ["06dd24c4205cce7274c8b332e34abdc1cf6064d21bca8fc4407cd6cf075cfd09", "0b6a83489612fbac0c8031c717c2ef806d1ab504ee882a4e83700bd277684eca", "25473161969a5ce442ced0c778e677792b07fa68fe500734f7fccab735dfc6ac", "25e7e21526add1508c644c31cbbffd221068779ed6fb1bae751a9a70c6133fd3", "25f2be22535798e48ea2b92c08da3e62f15569f1f67bc45889d7dc403a2c5bf8", "2d3ae3b2189a6ad6436f046c4dc4e30509132e0a0ae08175a2299105f26277ca", "2ea0fc4ce00afe714122a10fb44e4f8115724e56c88654b2c0bd0dd952db6b1a", "380b798da49861cb0cb551a7b945f8db7e3893402c2423b6f9ebac784c79abf6", "3a65beafd1115dd9343e3204fe9b53dde7e76d269804ddfcc95d6b379c9a081b", "3fd4e4bc06b0c735ecb690e317fd0954b0b9011e6e32980e04af7611b938ec2c", "4038edea39f0d2c4155b1917759beca2f9fc8150a48d7e06a1b3e7b9b72652ae", "41892f3328b48749726630a3e75ee0addd7e41060beefcfc9d81d3bfc3ab55fd", "529883d5b3a9935f3863fcf277ed10086645b2c94e0363276358cd2af9dc5dc1", "5685ddcb62cd05ed44dd16b1e9004f1c63a5cd8965ccd19089a4fda044a48e81", "5945310e811930231bf36f6d6d34af46bef97aa4d23e6adc1911772f7b0f8299", "63ca73da5b67e40b82967d71e3b07aed7a17de020d0a009ff5838cdef5955c0d", "6f48cb7449083ebf82b8507d3d32f30fe8d76f329babe728d8bc94628a878981", "6f5394ad933af9c28c7eefc6c62eead20d8e3ecf5ebe40b10d81f74d96d1dfe1", "87ff71bee735095c209afefc60cda504cc77acc50fc4ba31d756c9ea4c853a89", "a3c04866cc1b9024efa30842042f2e50337a6cdb7a77776784ad25e322cf93d7", "a55543ec1b6966095c16d18874123733518b24859d943412b346bb1c1bc2aa45", "aceca08c357c2da59b3a311c8b3199ac1d7d903c03c14b6f35f84d77b76c4764", "b29afa8695161d81edf54df2f6c36c02bb81fdd109f0000b106cbafe4bcd27a5"], "path": "\\temp\\localsystem.txt"}, {"hashes": ["06dd24c4205cce7274c8b332e34abdc1cf6064d21bca8fc4407cd6cf075cfd09", "25e7e21526add1508c644c31cbbffd221068779ed6fb1bae751a9a70c6133fd3", "25f2be22535798e48ea2b92c08da3e62f15569f1f67bc45889d7dc403a2c5bf8", "2d3ae3b2189a6ad6436f046c4dc4e30509132e0a0ae08175a2299105f26277ca", "2ea0fc4ce00afe714122a10fb44e4f8115724e56c88654b2c0bd0dd952db6b1a", "380b798da49861cb0cb551a7b945f8db7e3893402c2423b6f9ebac784c79abf6", "3a65beafd1115dd9343e3204fe9b53dde7e76d269804ddfcc95d6b379c9a081b", "41892f3328b48749726630a3e75ee0addd7e41060beefcfc9d81d3bfc3ab55fd", "529883d5b3a9935f3863fcf277ed10086645b2c94e0363276358cd2af9dc5dc1", "5685ddcb62cd05ed44dd16b1e9004f1c63a5cd8965ccd19089a4fda044a48e81", "5945310e811930231bf36f6d6d34af46bef97aa4d23e6adc1911772f7b0f8299", "6f48cb7449083ebf82b8507d3d32f30fe8d76f329babe728d8bc94628a878981", "6f5394ad933af9c28c7eefc6c62eead20d8e3ecf5ebe40b10d81f74d96d1dfe1", "a3c04866cc1b9024efa30842042f2e50337a6cdb7a77776784ad25e322cf93d7", "aceca08c357c2da59b3a311c8b3199ac1d7d903c03c14b6f35f84d77b76c4764"], "path": "%APPDATA%\\Microsoft\\Windows\\dllcache\\Magnify.exe"}, {"hashes": ["06dd24c4205cce7274c8b332e34abdc1cf6064d21bca8fc4407cd6cf075cfd09", "25473161969a5ce442ced0c778e677792b07fa68fe500734f7fccab735dfc6ac", "25e7e21526add1508c644c31cbbffd221068779ed6fb1bae751a9a70c6133fd3", "2d3ae3b2189a6ad6436f046c4dc4e30509132e0a0ae08175a2299105f26277ca", "380b798da49861cb0cb551a7b945f8db7e3893402c2423b6f9ebac784c79abf6", "4038edea39f0d2c4155b1917759beca2f9fc8150a48d7e06a1b3e7b9b72652ae", "41892f3328b48749726630a3e75ee0addd7e41060beefcfc9d81d3bfc3ab55fd", "529883d5b3a9935f3863fcf277ed10086645b2c94e0363276358cd2af9dc5dc1", "5685ddcb62cd05ed44dd16b1e9004f1c63a5cd8965ccd19089a4fda044a48e81", "5945310e811930231bf36f6d6d34af46bef97aa4d23e6adc1911772f7b0f8299", "63ca73da5b67e40b82967d71e3b07aed7a17de020d0a009ff5838cdef5955c0d", "6f48cb7449083ebf82b8507d3d32f30fe8d76f329babe728d8bc94628a878981", "a3c04866cc1b9024efa30842042f2e50337a6cdb7a77776784ad25e322cf93d7", "a55543ec1b6966095c16d18874123733518b24859d943412b346bb1c1bc2aa45", "b29afa8695161d81edf54df2f6c36c02bb81fdd109f0000b106cbafe4bcd27a5"], "path": "%APPDATA%\\Microsoft\\Windows\\dllcache\\NAPCRYPT.DLL"}, {"hashes": ["06dd24c4205cce7274c8b332e34abdc1cf6064d21bca8fc4407cd6cf075cfd09", "25473161969a5ce442ced0c778e677792b07fa68fe500734f7fccab735dfc6ac", "25f2be22535798e48ea2b92c08da3e62f15569f1f67bc45889d7dc403a2c5bf8", "2d3ae3b2189a6ad6436f046c4dc4e30509132e0a0ae08175a2299105f26277ca", "2ea0fc4ce00afe714122a10fb44e4f8115724e56c88654b2c0bd0dd952db6b1a", "3fd4e4bc06b0c735ecb690e317fd0954b0b9011e6e32980e04af7611b938ec2c", "4038edea39f0d2c4155b1917759beca2f9fc8150a48d7e06a1b3e7b9b72652ae", "41892f3328b48749726630a3e75ee0addd7e41060beefcfc9d81d3bfc3ab55fd", "5945310e811930231bf36f6d6d34af46bef97aa4d23e6adc1911772f7b0f8299", "63ca73da5b67e40b82967d71e3b07aed7a17de020d0a009ff5838cdef5955c0d", "6f48cb7449083ebf82b8507d3d32f30fe8d76f329babe728d8bc94628a878981", "87ff71bee735095c209afefc60cda504cc77acc50fc4ba31d756c9ea4c853a89", "a3c04866cc1b9024efa30842042f2e50337a6cdb7a77776784ad25e322cf93d7", "a55543ec1b6966095c16d18874123733518b24859d943412b346bb1c1bc2aa45"], "path": "%APPDATA%\\Microsoft\\Windows\\dllcache\\fc.exe"}, {"hashes": ["06dd24c4205cce7274c8b332e34abdc1cf6064d21bca8fc4407cd6cf075cfd09", "0b6a83489612fbac0c8031c717c2ef806d1ab504ee882a4e83700bd277684eca", "25473161969a5ce442ced0c778e677792b07fa68fe500734f7fccab735dfc6ac", "25f2be22535798e48ea2b92c08da3e62f15569f1f67bc45889d7dc403a2c5bf8", "380b798da49861cb0cb551a7b945f8db7e3893402c2423b6f9ebac784c79abf6", "3fd4e4bc06b0c735ecb690e317fd0954b0b9011e6e32980e04af7611b938ec2c", "4038edea39f0d2c4155b1917759beca2f9fc8150a48d7e06a1b3e7b9b72652ae", "63ca73da5b67e40b82967d71e3b07aed7a17de020d0a009ff5838cdef5955c0d", "6f48cb7449083ebf82b8507d3d32f30fe8d76f329babe728d8bc94628a878981", "6f5394ad933af9c28c7eefc6c62eead20d8e3ecf5ebe40b10d81f74d96d1dfe1", "a3c04866cc1b9024efa30842042f2e50337a6cdb7a77776784ad25e322cf93d7", "a55543ec1b6966095c16d18874123733518b24859d943412b346bb1c1bc2aa45", "aceca08c357c2da59b3a311c8b3199ac1d7d903c03c14b6f35f84d77b76c4764", "b29afa8695161d81edf54df2f6c36c02bb81fdd109f0000b106cbafe4bcd27a5"], "path": "%APPDATA%\\Microsoft\\Windows\\dllcache\\ubpm.dll"}, {"hashes": ["06dd24c4205cce7274c8b332e34abdc1cf6064d21bca8fc4407cd6cf075cfd09", "0b6a83489612fbac0c8031c717c2ef806d1ab504ee882a4e83700bd277684eca", "25f2be22535798e48ea2b92c08da3e62f15569f1f67bc45889d7dc403a2c5bf8", "380b798da49861cb0cb551a7b945f8db7e3893402c2423b6f9ebac784c79abf6", "3a65beafd1115dd9343e3204fe9b53dde7e76d269804ddfcc95d6b379c9a081b", "3fd4e4bc06b0c735ecb690e317fd0954b0b9011e6e32980e04af7611b938ec2c", "41892f3328b48749726630a3e75ee0addd7e41060beefcfc9d81d3bfc3ab55fd", "529883d5b3a9935f3863fcf277ed10086645b2c94e0363276358cd2af9dc5dc1", "5685ddcb62cd05ed44dd16b1e9004f1c63a5cd8965ccd19089a4fda044a48e81", "63ca73da5b67e40b82967d71e3b07aed7a17de020d0a009ff5838cdef5955c0d", "6f5394ad933af9c28c7eefc6c62eead20d8e3ecf5ebe40b10d81f74d96d1dfe1", "a55543ec1b6966095c16d18874123733518b24859d943412b346bb1c1bc2aa45", "aceca08c357c2da59b3a311c8b3199ac1d7d903c03c14b6f35f84d77b76c4764", "b29afa8695161d81edf54df2f6c36c02bb81fdd109f0000b106cbafe4bcd27a5"], "path": "%APPDATA%\\Microsoft\\Windows\\dllcache\\takeown.exe"}, {"hashes": ["06dd24c4205cce7274c8b332e34abdc1cf6064d21bca8fc4407cd6cf075cfd09", "0b6a83489612fbac0c8031c717c2ef806d1ab504ee882a4e83700bd277684eca", "25473161969a5ce442ced0c778e677792b07fa68fe500734f7fccab735dfc6ac", "25f2be22535798e48ea2b92c08da3e62f15569f1f67bc45889d7dc403a2c5bf8", "2ea0fc4ce00afe714122a10fb44e4f8115724e56c88654b2c0bd0dd952db6b1a", "3a65beafd1115dd9343e3204fe9b53dde7e76d269804ddfcc95d6b379c9a081b", "3fd4e4bc06b0c735ecb690e317fd0954b0b9011e6e32980e04af7611b938ec2c", "41892f3328b48749726630a3e75ee0addd7e41060beefcfc9d81d3bfc3ab55fd", "529883d5b3a9935f3863fcf277ed10086645b2c94e0363276358cd2af9dc5dc1", "6f48cb7449083ebf82b8507d3d32f30fe8d76f329babe728d8bc94628a878981", "6f5394ad933af9c28c7eefc6c62eead20d8e3ecf5ebe40b10d81f74d96d1dfe1", "a3c04866cc1b9024efa30842042f2e50337a6cdb7a77776784ad25e322cf93d7", "a55543ec1b6966095c16d18874123733518b24859d943412b346bb1c1bc2aa45"], "path": "%APPDATA%\\Microsoft\\Windows\\dllcache\\WEB.rs"}, {"hashes": ["25473161969a5ce442ced0c778e677792b07fa68fe500734f7fccab735dfc6ac", "25e7e21526add1508c644c31cbbffd221068779ed6fb1bae751a9a70c6133fd3", "25f2be22535798e48ea2b92c08da3e62f15569f1f67bc45889d7dc403a2c5bf8", "2ea0fc4ce00afe714122a10fb44e4f8115724e56c88654b2c0bd0dd952db6b1a", "380b798da49861cb0cb551a7b945f8db7e3893402c2423b6f9ebac784c79abf6", "3a65beafd1115dd9343e3204fe9b53dde7e76d269804ddfcc95d6b379c9a081b", "3fd4e4bc06b0c735ecb690e317fd0954b0b9011e6e32980e04af7611b938ec2c", "529883d5b3a9935f3863fcf277ed10086645b2c94e0363276358cd2af9dc5dc1", "5685ddcb62cd05ed44dd16b1e9004f1c63a5cd8965ccd19089a4fda044a48e81", "63ca73da5b67e40b82967d71e3b07aed7a17de020d0a009ff5838cdef5955c0d", "6f48cb7449083ebf82b8507d3d32f30fe8d76f329babe728d8bc94628a878981", "6f5394ad933af9c28c7eefc6c62eead20d8e3ecf5ebe40b10d81f74d96d1dfe1", "b29afa8695161d81edf54df2f6c36c02bb81fdd109f0000b106cbafe4bcd27a5"], "path": "%APPDATA%\\Microsoft\\Windows\\dllcache\\w32tm.exe"}, {"hashes": ["06dd24c4205cce7274c8b332e34abdc1cf6064d21bca8fc4407cd6cf075cfd09", "0b6a83489612fbac0c8031c717c2ef806d1ab504ee882a4e83700bd277684eca", "380b798da49861cb0cb551a7b945f8db7e3893402c2423b6f9ebac784c79abf6", "3a65beafd1115dd9343e3204fe9b53dde7e76d269804ddfcc95d6b379c9a081b", "3fd4e4bc06b0c735ecb690e317fd0954b0b9011e6e32980e04af7611b938ec2c", "4038edea39f0d2c4155b1917759beca2f9fc8150a48d7e06a1b3e7b9b72652ae", "41892f3328b48749726630a3e75ee0addd7e41060beefcfc9d81d3bfc3ab55fd", "529883d5b3a9935f3863fcf277ed10086645b2c94e0363276358cd2af9dc5dc1", "63ca73da5b67e40b82967d71e3b07aed7a17de020d0a009ff5838cdef5955c0d", "6f5394ad933af9c28c7eefc6c62eead20d8e3ecf5ebe40b10d81f74d96d1dfe1", "a55543ec1b6966095c16d18874123733518b24859d943412b346bb1c1bc2aa45", "aceca08c357c2da59b3a311c8b3199ac1d7d903c03c14b6f35f84d77b76c4764", "b29afa8695161d81edf54df2f6c36c02bb81fdd109f0000b106cbafe4bcd27a5"], "path": "%APPDATA%\\Microsoft\\Windows\\dllcache\\eapp3hst.dll"}, {"hashes": ["06dd24c4205cce7274c8b332e34abdc1cf6064d21bca8fc4407cd6cf075cfd09", "25473161969a5ce442ced0c778e677792b07fa68fe500734f7fccab735dfc6ac", "25f2be22535798e48ea2b92c08da3e62f15569f1f67bc45889d7dc403a2c5bf8", "2ea0fc4ce00afe714122a10fb44e4f8115724e56c88654b2c0bd0dd952db6b1a", "3fd4e4bc06b0c735ecb690e317fd0954b0b9011e6e32980e04af7611b938ec2c", "4038edea39f0d2c4155b1917759beca2f9fc8150a48d7e06a1b3e7b9b72652ae", "41892f3328b48749726630a3e75ee0addd7e41060beefcfc9d81d3bfc3ab55fd", "529883d5b3a9935f3863fcf277ed10086645b2c94e0363276358cd2af9dc5dc1", "5685ddcb62cd05ed44dd16b1e9004f1c63a5cd8965ccd19089a4fda044a48e81", "87ff71bee735095c209afefc60cda504cc77acc50fc4ba31d756c9ea4c853a89", "a3c04866cc1b9024efa30842042f2e50337a6cdb7a77776784ad25e322cf93d7", "a55543ec1b6966095c16d18874123733518b24859d943412b346bb1c1bc2aa45", "b29afa8695161d81edf54df2f6c36c02bb81fdd109f0000b106cbafe4bcd27a5"], "path": "%APPDATA%\\Microsoft\\Windows\\dllcache\\rasctrnm.h"}, {"hashes": ["06dd24c4205cce7274c8b332e34abdc1cf6064d21bca8fc4407cd6cf075cfd09", "0b6a83489612fbac0c8031c717c2ef806d1ab504ee882a4e83700bd277684eca", "25e7e21526add1508c644c31cbbffd221068779ed6fb1bae751a9a70c6133fd3", "2ea0fc4ce00afe714122a10fb44e4f8115724e56c88654b2c0bd0dd952db6b1a", "380b798da49861cb0cb551a7b945f8db7e3893402c2423b6f9ebac784c79abf6", "3fd4e4bc06b0c735ecb690e317fd0954b0b9011e6e32980e04af7611b938ec2c", "41892f3328b48749726630a3e75ee0addd7e41060beefcfc9d81d3bfc3ab55fd", "5945310e811930231bf36f6d6d34af46bef97aa4d23e6adc1911772f7b0f8299", "63ca73da5b67e40b82967d71e3b07aed7a17de020d0a009ff5838cdef5955c0d", "6f48cb7449083ebf82b8507d3d32f30fe8d76f329babe728d8bc94628a878981", "87ff71bee735095c209afefc60cda504cc77acc50fc4ba31d756c9ea4c853a89", "a3c04866cc1b9024efa30842042f2e50337a6cdb7a77776784ad25e322cf93d7", "aceca08c357c2da59b3a311c8b3199ac1d7d903c03c14b6f35f84d77b76c4764"], "path": "%APPDATA%\\Microsoft\\Windows\\dllcache\\t2embed.dll"}, {"hashes": ["25473161969a5ce442ced0c778e677792b07fa68fe500734f7fccab735dfc6ac", "25f2be22535798e48ea2b92c08da3e62f15569f1f67bc45889d7dc403a2c5bf8", "380b798da49861cb0cb551a7b945f8db7e3893402c2423b6f9ebac784c79abf6", "3a65beafd1115dd9343e3204fe9b53dde7e76d269804ddfcc95d6b379c9a081b", "4038edea39f0d2c4155b1917759beca2f9fc8150a48d7e06a1b3e7b9b72652ae", "41892f3328b48749726630a3e75ee0addd7e41060beefcfc9d81d3bfc3ab55fd", "5685ddcb62cd05ed44dd16b1e9004f1c63a5cd8965ccd19089a4fda044a48e81", "63ca73da5b67e40b82967d71e3b07aed7a17de020d0a009ff5838cdef5955c0d", "6f48cb7449083ebf82b8507d3d32f30fe8d76f329babe728d8bc94628a878981", "87ff71bee735095c209afefc60cda504cc77acc50fc4ba31d756c9ea4c853a89", "a55543ec1b6966095c16d18874123733518b24859d943412b346bb1c1bc2aa45", "b29afa8695161d81edf54df2f6c36c02bb81fdd109f0000b106cbafe4bcd27a5"], "path": "%APPDATA%\\Microsoft\\Windows\\dllcache\\VAN.dll"}, {"hashes": ["06dd24c4205cce7274c8b332e34abdc1cf6064d21bca8fc4407cd6cf075cfd09", "25473161969a5ce442ced0c778e677792b07fa68fe500734f7fccab735dfc6ac", "2d3ae3b2189a6ad6436f046c4dc4e30509132e0a0ae08175a2299105f26277ca", "380b798da49861cb0cb551a7b945f8db7e3893402c2423b6f9ebac784c79abf6", "3a65beafd1115dd9343e3204fe9b53dde7e76d269804ddfcc95d6b379c9a081b", "3fd4e4bc06b0c735ecb690e317fd0954b0b9011e6e32980e04af7611b938ec2c", "529883d5b3a9935f3863fcf277ed10086645b2c94e0363276358cd2af9dc5dc1", "63ca73da5b67e40b82967d71e3b07aed7a17de020d0a009ff5838cdef5955c0d", "6f5394ad933af9c28c7eefc6c62eead20d8e3ecf5ebe40b10d81f74d96d1dfe1", "a3c04866cc1b9024efa30842042f2e50337a6cdb7a77776784ad25e322cf93d7", "a55543ec1b6966095c16d18874123733518b24859d943412b346bb1c1bc2aa45", "b29afa8695161d81edf54df2f6c36c02bb81fdd109f0000b106cbafe4bcd27a5"], "path": "%APPDATA%\\Microsoft\\Windows\\dllcache\\cacls.exe"}, {"hashes": ["25473161969a5ce442ced0c778e677792b07fa68fe500734f7fccab735dfc6ac", "25e7e21526add1508c644c31cbbffd221068779ed6fb1bae751a9a70c6133fd3", "25f2be22535798e48ea2b92c08da3e62f15569f1f67bc45889d7dc403a2c5bf8", "2d3ae3b2189a6ad6436f046c4dc4e30509132e0a0ae08175a2299105f26277ca", "2ea0fc4ce00afe714122a10fb44e4f8115724e56c88654b2c0bd0dd952db6b1a", "380b798da49861cb0cb551a7b945f8db7e3893402c2423b6f9ebac784c79abf6", "4038edea39f0d2c4155b1917759beca2f9fc8150a48d7e06a1b3e7b9b72652ae", "529883d5b3a9935f3863fcf277ed10086645b2c94e0363276358cd2af9dc5dc1", "5685ddcb62cd05ed44dd16b1e9004f1c63a5cd8965ccd19089a4fda044a48e81", "6f48cb7449083ebf82b8507d3d32f30fe8d76f329babe728d8bc94628a878981", "a55543ec1b6966095c16d18874123733518b24859d943412b346bb1c1bc2aa45", "b29afa8695161d81edf54df2f6c36c02bb81fdd109f0000b106cbafe4bcd27a5"], "path": "%APPDATA%\\Microsoft\\Windows\\dllcache\\QAGENT.DLL"}, {"hashes": ["0b6a83489612fbac0c8031c717c2ef806d1ab504ee882a4e83700bd277684eca", "25e7e21526add1508c644c31cbbffd221068779ed6fb1bae751a9a70c6133fd3", "25f2be22535798e48ea2b92c08da3e62f15569f1f67bc45889d7dc403a2c5bf8", "3a65beafd1115dd9343e3204fe9b53dde7e76d269804ddfcc95d6b379c9a081b", "3fd4e4bc06b0c735ecb690e317fd0954b0b9011e6e32980e04af7611b938ec2c", "41892f3328b48749726630a3e75ee0addd7e41060beefcfc9d81d3bfc3ab55fd", "5685ddcb62cd05ed44dd16b1e9004f1c63a5cd8965ccd19089a4fda044a48e81", "63ca73da5b67e40b82967d71e3b07aed7a17de020d0a009ff5838cdef5955c0d", "6f5394ad933af9c28c7eefc6c62eead20d8e3ecf5ebe40b10d81f74d96d1dfe1", "87ff71bee735095c209afefc60cda504cc77acc50fc4ba31d756c9ea4c853a89", "b29afa8695161d81edf54df2f6c36c02bb81fdd109f0000b106cbafe4bcd27a5"], "path": "%APPDATA%\\Microsoft\\Windows\\dllcache\\KBDBLR.DLL"}, {"hashes": ["06dd24c4205cce7274c8b332e34abdc1cf6064d21bca8fc4407cd6cf075cfd09", "25473161969a5ce442ced0c778e677792b07fa68fe500734f7fccab735dfc6ac", "25e7e21526add1508c644c31cbbffd221068779ed6fb1bae751a9a70c6133fd3", "380b798da49861cb0cb551a7b945f8db7e3893402c2423b6f9ebac784c79abf6", "4038edea39f0d2c4155b1917759beca2f9fc8150a48d7e06a1b3e7b9b72652ae", "41892f3328b48749726630a3e75ee0addd7e41060beefcfc9d81d3bfc3ab55fd", "5945310e811930231bf36f6d6d34af46bef97aa4d23e6adc1911772f7b0f8299", "6f48cb7449083ebf82b8507d3d32f30fe8d76f329babe728d8bc94628a878981", "6f5394ad933af9c28c7eefc6c62eead20d8e3ecf5ebe40b10d81f74d96d1dfe1", "aceca08c357c2da59b3a311c8b3199ac1d7d903c03c14b6f35f84d77b76c4764", "b29afa8695161d81edf54df2f6c36c02bb81fdd109f0000b106cbafe4bcd27a5"], "path": "%APPDATA%\\Microsoft\\Windows\\dllcache\\JavaScriptCollectionAgent.dll"}, {"hashes": ["0b6a83489612fbac0c8031c717c2ef806d1ab504ee882a4e83700bd277684eca", "25f2be22535798e48ea2b92c08da3e62f15569f1f67bc45889d7dc403a2c5bf8", "380b798da49861cb0cb551a7b945f8db7e3893402c2423b6f9ebac784c79abf6", "4038edea39f0d2c4155b1917759beca2f9fc8150a48d7e06a1b3e7b9b72652ae", "41892f3328b48749726630a3e75ee0addd7e41060beefcfc9d81d3bfc3ab55fd", "5945310e811930231bf36f6d6d34af46bef97aa4d23e6adc1911772f7b0f8299", "63ca73da5b67e40b82967d71e3b07aed7a17de020d0a009ff5838cdef5955c0d", "6f48cb7449083ebf82b8507d3d32f30fe8d76f329babe728d8bc94628a878981", "6f5394ad933af9c28c7eefc6c62eead20d8e3ecf5ebe40b10d81f74d96d1dfe1", "a3c04866cc1b9024efa30842042f2e50337a6cdb7a77776784ad25e322cf93d7", "b29afa8695161d81edf54df2f6c36c02bb81fdd109f0000b106cbafe4bcd27a5"], "path": "%APPDATA%\\Microsoft\\Windows\\dllcache\\rasautou.exe"}, {"hashes": ["0b6a83489612fbac0c8031c717c2ef806d1ab504ee882a4e83700bd277684eca", "25473161969a5ce442ced0c778e677792b07fa68fe500734f7fccab735dfc6ac", "2ea0fc4ce00afe714122a10fb44e4f8115724e56c88654b2c0bd0dd952db6b1a", "380b798da49861cb0cb551a7b945f8db7e3893402c2423b6f9ebac784c79abf6", "4038edea39f0d2c4155b1917759beca2f9fc8150a48d7e06a1b3e7b9b72652ae", "41892f3328b48749726630a3e75ee0addd7e41060beefcfc9d81d3bfc3ab55fd", "5945310e811930231bf36f6d6d34af46bef97aa4d23e6adc1911772f7b0f8299", "63ca73da5b67e40b82967d71e3b07aed7a17de020d0a009ff5838cdef5955c0d", "a3c04866cc1b9024efa30842042f2e50337a6cdb7a77776784ad25e322cf93d7", "a55543ec1b6966095c16d18874123733518b24859d943412b346bb1c1bc2aa45", "aceca08c357c2da59b3a311c8b3199ac1d7d903c03c14b6f35f84d77b76c4764"], "path": "%APPDATA%\\Microsoft\\Windows\\dllcache\\l2gpstore.dll"}, {"hashes": ["25e7e21526add1508c644c31cbbffd221068779ed6fb1bae751a9a70c6133fd3", "2d3ae3b2189a6ad6436f046c4dc4e30509132e0a0ae08175a2299105f26277ca", "3a65beafd1115dd9343e3204fe9b53dde7e76d269804ddfcc95d6b379c9a081b", "3fd4e4bc06b0c735ecb690e317fd0954b0b9011e6e32980e04af7611b938ec2c", "4038edea39f0d2c4155b1917759beca2f9fc8150a48d7e06a1b3e7b9b72652ae", "41892f3328b48749726630a3e75ee0addd7e41060beefcfc9d81d3bfc3ab55fd", "5945310e811930231bf36f6d6d34af46bef97aa4d23e6adc1911772f7b0f8299", "6f5394ad933af9c28c7eefc6c62eead20d8e3ecf5ebe40b10d81f74d96d1dfe1", "87ff71bee735095c209afefc60cda504cc77acc50fc4ba31d756c9ea4c853a89", "a55543ec1b6966095c16d18874123733518b24859d943412b346bb1c1bc2aa45", "aceca08c357c2da59b3a311c8b3199ac1d7d903c03c14b6f35f84d77b76c4764"], "path": "%APPDATA%\\Microsoft\\Windows\\dllcache\\ucrtbase.dll"}, {"hashes": ["0b6a83489612fbac0c8031c717c2ef806d1ab504ee882a4e83700bd277684eca", "25e7e21526add1508c644c31cbbffd221068779ed6fb1bae751a9a70c6133fd3", "25f2be22535798e48ea2b92c08da3e62f15569f1f67bc45889d7dc403a2c5bf8", "2ea0fc4ce00afe714122a10fb44e4f8115724e56c88654b2c0bd0dd952db6b1a", "380b798da49861cb0cb551a7b945f8db7e3893402c2423b6f9ebac784c79abf6", "3fd4e4bc06b0c735ecb690e317fd0954b0b9011e6e32980e04af7611b938ec2c", "4038edea39f0d2c4155b1917759beca2f9fc8150a48d7e06a1b3e7b9b72652ae", "5945310e811930231bf36f6d6d34af46bef97aa4d23e6adc1911772f7b0f8299", "6f5394ad933af9c28c7eefc6c62eead20d8e3ecf5ebe40b10d81f74d96d1dfe1", "a3c04866cc1b9024efa30842042f2e50337a6cdb7a77776784ad25e322cf93d7"], "path": "%APPDATA%\\Microsoft\\Windows\\dllcache\\BOOTVID.DLL"}, {"hashes": ["06dd24c4205cce7274c8b332e34abdc1cf6064d21bca8fc4407cd6cf075cfd09", "25473161969a5ce442ced0c778e677792b07fa68fe500734f7fccab735dfc6ac", "25e7e21526add1508c644c31cbbffd221068779ed6fb1bae751a9a70c6133fd3", "25f2be22535798e48ea2b92c08da3e62f15569f1f67bc45889d7dc403a2c5bf8", "2d3ae3b2189a6ad6436f046c4dc4e30509132e0a0ae08175a2299105f26277ca", "2ea0fc4ce00afe714122a10fb44e4f8115724e56c88654b2c0bd0dd952db6b1a", "380b798da49861cb0cb551a7b945f8db7e3893402c2423b6f9ebac784c79abf6", "4038edea39f0d2c4155b1917759beca2f9fc8150a48d7e06a1b3e7b9b72652ae", "6f5394ad933af9c28c7eefc6c62eead20d8e3ecf5ebe40b10d81f74d96d1dfe1", "a3c04866cc1b9024efa30842042f2e50337a6cdb7a77776784ad25e322cf93d7"], "path": "%APPDATA%\\Microsoft\\Windows\\dllcache\\KBDBULG.DLL"}, {"hashes": ["06dd24c4205cce7274c8b332e34abdc1cf6064d21bca8fc4407cd6cf075cfd09", "25f2be22535798e48ea2b92c08da3e62f15569f1f67bc45889d7dc403a2c5bf8", "2ea0fc4ce00afe714122a10fb44e4f8115724e56c88654b2c0bd0dd952db6b1a", "3a65beafd1115dd9343e3204fe9b53dde7e76d269804ddfcc95d6b379c9a081b", "3fd4e4bc06b0c735ecb690e317fd0954b0b9011e6e32980e04af7611b938ec2c", "5945310e811930231bf36f6d6d34af46bef97aa4d23e6adc1911772f7b0f8299", "6f48cb7449083ebf82b8507d3d32f30fe8d76f329babe728d8bc94628a878981", "6f5394ad933af9c28c7eefc6c62eead20d8e3ecf5ebe40b10d81f74d96d1dfe1", "a3c04866cc1b9024efa30842042f2e50337a6cdb7a77776784ad25e322cf93d7", "a55543ec1b6966095c16d18874123733518b24859d943412b346bb1c1bc2aa45"], "path": "%APPDATA%\\Microsoft\\Windows\\dllcache\\P2P.dll"}, {"hashes": ["06dd24c4205cce7274c8b332e34abdc1cf6064d21bca8fc4407cd6cf075cfd09", "2ea0fc4ce00afe714122a10fb44e4f8115724e56c88654b2c0bd0dd952db6b1a", "3a65beafd1115dd9343e3204fe9b53dde7e76d269804ddfcc95d6b379c9a081b", "3fd4e4bc06b0c735ecb690e317fd0954b0b9011e6e32980e04af7611b938ec2c", "41892f3328b48749726630a3e75ee0addd7e41060beefcfc9d81d3bfc3ab55fd", "5685ddcb62cd05ed44dd16b1e9004f1c63a5cd8965ccd19089a4fda044a48e81", "5945310e811930231bf36f6d6d34af46bef97aa4d23e6adc1911772f7b0f8299", "6f48cb7449083ebf82b8507d3d32f30fe8d76f329babe728d8bc94628a878981", "6f5394ad933af9c28c7eefc6c62eead20d8e3ecf5ebe40b10d81f74d96d1dfe1", "aceca08c357c2da59b3a311c8b3199ac1d7d903c03c14b6f35f84d77b76c4764"], "path": "%APPDATA%\\Microsoft\\Windows\\dllcache\\PATHPING.EXE"}, {"hashes": ["25473161969a5ce442ced0c778e677792b07fa68fe500734f7fccab735dfc6ac", "2d3ae3b2189a6ad6436f046c4dc4e30509132e0a0ae08175a2299105f26277ca", "2ea0fc4ce00afe714122a10fb44e4f8115724e56c88654b2c0bd0dd952db6b1a", "3fd4e4bc06b0c735ecb690e317fd0954b0b9011e6e32980e04af7611b938ec2c", "4038edea39f0d2c4155b1917759beca2f9fc8150a48d7e06a1b3e7b9b72652ae", "41892f3328b48749726630a3e75ee0addd7e41060beefcfc9d81d3bfc3ab55fd", "529883d5b3a9935f3863fcf277ed10086645b2c94e0363276358cd2af9dc5dc1", "6f5394ad933af9c28c7eefc6c62eead20d8e3ecf5ebe40b10d81f74d96d1dfe1", "87ff71bee735095c209afefc60cda504cc77acc50fc4ba31d756c9ea4c853a89", "a55543ec1b6966095c16d18874123733518b24859d943412b346bb1c1bc2aa45"], "path": "%APPDATA%\\Microsoft\\Windows\\dllcache\\grpconv.exe"}, {"hashes": ["0b6a83489612fbac0c8031c717c2ef806d1ab504ee882a4e83700bd277684eca", "25473161969a5ce442ced0c778e677792b07fa68fe500734f7fccab735dfc6ac", "25e7e21526add1508c644c31cbbffd221068779ed6fb1bae751a9a70c6133fd3", "380b798da49861cb0cb551a7b945f8db7e3893402c2423b6f9ebac784c79abf6", "529883d5b3a9935f3863fcf277ed10086645b2c94e0363276358cd2af9dc5dc1", "5945310e811930231bf36f6d6d34af46bef97aa4d23e6adc1911772f7b0f8299", "6f48cb7449083ebf82b8507d3d32f30fe8d76f329babe728d8bc94628a878981", "a3c04866cc1b9024efa30842042f2e50337a6cdb7a77776784ad25e322cf93d7", "a55543ec1b6966095c16d18874123733518b24859d943412b346bb1c1bc2aa45", "aceca08c357c2da59b3a311c8b3199ac1d7d903c03c14b6f35f84d77b76c4764"], "path": "%APPDATA%\\Microsoft\\Windows\\dllcache\\xwizard.dtd"}, {"hashes": ["0b6a83489612fbac0c8031c717c2ef806d1ab504ee882a4e83700bd277684eca", "25f2be22535798e48ea2b92c08da3e62f15569f1f67bc45889d7dc403a2c5bf8", "2d3ae3b2189a6ad6436f046c4dc4e30509132e0a0ae08175a2299105f26277ca", "380b798da49861cb0cb551a7b945f8db7e3893402c2423b6f9ebac784c79abf6", "3fd4e4bc06b0c735ecb690e317fd0954b0b9011e6e32980e04af7611b938ec2c", "5685ddcb62cd05ed44dd16b1e9004f1c63a5cd8965ccd19089a4fda044a48e81", "6f48cb7449083ebf82b8507d3d32f30fe8d76f329babe728d8bc94628a878981", "6f5394ad933af9c28c7eefc6c62eead20d8e3ecf5ebe40b10d81f74d96d1dfe1", "a3c04866cc1b9024efa30842042f2e50337a6cdb7a77776784ad25e322cf93d7", "b29afa8695161d81edf54df2f6c36c02bb81fdd109f0000b106cbafe4bcd27a5"], "path": "%APPDATA%\\Microsoft\\Windows\\dllcache\\cca.dll"}, {"hashes": ["0b6a83489612fbac0c8031c717c2ef806d1ab504ee882a4e83700bd277684eca", "2ea0fc4ce00afe714122a10fb44e4f8115724e56c88654b2c0bd0dd952db6b1a", "380b798da49861cb0cb551a7b945f8db7e3893402c2423b6f9ebac784c79abf6", "3a65beafd1115dd9343e3204fe9b53dde7e76d269804ddfcc95d6b379c9a081b", "3fd4e4bc06b0c735ecb690e317fd0954b0b9011e6e32980e04af7611b938ec2c", "41892f3328b48749726630a3e75ee0addd7e41060beefcfc9d81d3bfc3ab55fd", "5685ddcb62cd05ed44dd16b1e9004f1c63a5cd8965ccd19089a4fda044a48e81", "5945310e811930231bf36f6d6d34af46bef97aa4d23e6adc1911772f7b0f8299", "6f48cb7449083ebf82b8507d3d32f30fe8d76f329babe728d8bc94628a878981", "b29afa8695161d81edf54df2f6c36c02bb81fdd109f0000b106cbafe4bcd27a5"], "path": "%APPDATA%\\Microsoft\\Windows\\dllcache\\RacEngn.dll"}, {"hashes": ["2ea0fc4ce00afe714122a10fb44e4f8115724e56c88654b2c0bd0dd952db6b1a", "4038edea39f0d2c4155b1917759beca2f9fc8150a48d7e06a1b3e7b9b72652ae", "41892f3328b48749726630a3e75ee0addd7e41060beefcfc9d81d3bfc3ab55fd", "5945310e811930231bf36f6d6d34af46bef97aa4d23e6adc1911772f7b0f8299", "6f48cb7449083ebf82b8507d3d32f30fe8d76f329babe728d8bc94628a878981", "6f5394ad933af9c28c7eefc6c62eead20d8e3ecf5ebe40b10d81f74d96d1dfe1", "87ff71bee735095c209afefc60cda504cc77acc50fc4ba31d756c9ea4c853a89", "a3c04866cc1b9024efa30842042f2e50337a6cdb7a77776784ad25e322cf93d7", "a55543ec1b6966095c16d18874123733518b24859d943412b346bb1c1bc2aa45", "aceca08c357c2da59b3a311c8b3199ac1d7d903c03c14b6f35f84d77b76c4764"], "path": "%APPDATA%\\Microsoft\\Windows\\dllcache\\VBICodec.ax"}, {"hashes": ["06dd24c4205cce7274c8b332e34abdc1cf6064d21bca8fc4407cd6cf075cfd09", "0b6a83489612fbac0c8031c717c2ef806d1ab504ee882a4e83700bd277684eca", "25473161969a5ce442ced0c778e677792b07fa68fe500734f7fccab735dfc6ac", "25f2be22535798e48ea2b92c08da3e62f15569f1f67bc45889d7dc403a2c5bf8", "2d3ae3b2189a6ad6436f046c4dc4e30509132e0a0ae08175a2299105f26277ca", "380b798da49861cb0cb551a7b945f8db7e3893402c2423b6f9ebac784c79abf6", "3fd4e4bc06b0c735ecb690e317fd0954b0b9011e6e32980e04af7611b938ec2c", "4038edea39f0d2c4155b1917759beca2f9fc8150a48d7e06a1b3e7b9b72652ae", "6f48cb7449083ebf82b8507d3d32f30fe8d76f329babe728d8bc94628a878981", "b29afa8695161d81edf54df2f6c36c02bb81fdd109f0000b106cbafe4bcd27a5"], "path": "%APPDATA%\\Microsoft\\Windows\\dllcache\\lcptr.tbl"}, {"hashes": ["25e7e21526add1508c644c31cbbffd221068779ed6fb1bae751a9a70c6133fd3", "25f2be22535798e48ea2b92c08da3e62f15569f1f67bc45889d7dc403a2c5bf8", "3fd4e4bc06b0c735ecb690e317fd0954b0b9011e6e32980e04af7611b938ec2c", "41892f3328b48749726630a3e75ee0addd7e41060beefcfc9d81d3bfc3ab55fd", "5685ddcb62cd05ed44dd16b1e9004f1c63a5cd8965ccd19089a4fda044a48e81", "5945310e811930231bf36f6d6d34af46bef97aa4d23e6adc1911772f7b0f8299", "63ca73da5b67e40b82967d71e3b07aed7a17de020d0a009ff5838cdef5955c0d", "6f5394ad933af9c28c7eefc6c62eead20d8e3ecf5ebe40b10d81f74d96d1dfe1", "a3c04866cc1b9024efa30842042f2e50337a6cdb7a77776784ad25e322cf93d7", "a55543ec1b6966095c16d18874123733518b24859d943412b346bb1c1bc2aa45"], "path": "%APPDATA%\\Microsoft\\Windows\\dllcache\\dskquota.dll"}, {"hashes": ["06dd24c4205cce7274c8b332e34abdc1cf6064d21bca8fc4407cd6cf075cfd09", "0b6a83489612fbac0c8031c717c2ef806d1ab504ee882a4e83700bd277684eca", "25e7e21526add1508c644c31cbbffd221068779ed6fb1bae751a9a70c6133fd3", "2d3ae3b2189a6ad6436f046c4dc4e30509132e0a0ae08175a2299105f26277ca", "380b798da49861cb0cb551a7b945f8db7e3893402c2423b6f9ebac784c79abf6", "41892f3328b48749726630a3e75ee0addd7e41060beefcfc9d81d3bfc3ab55fd", "5945310e811930231bf36f6d6d34af46bef97aa4d23e6adc1911772f7b0f8299", "6f5394ad933af9c28c7eefc6c62eead20d8e3ecf5ebe40b10d81f74d96d1dfe1", "a55543ec1b6966095c16d18874123733518b24859d943412b346bb1c1bc2aa45", "aceca08c357c2da59b3a311c8b3199ac1d7d903c03c14b6f35f84d77b76c4764"], "path": "%APPDATA%\\Microsoft\\Windows\\dllcache\\odbc32gt.dll"}, {"hashes": ["06dd24c4205cce7274c8b332e34abdc1cf6064d21bca8fc4407cd6cf075cfd09", "0b6a83489612fbac0c8031c717c2ef806d1ab504ee882a4e83700bd277684eca", "25f2be22535798e48ea2b92c08da3e62f15569f1f67bc45889d7dc403a2c5bf8", "2d3ae3b2189a6ad6436f046c4dc4e30509132e0a0ae08175a2299105f26277ca", "2ea0fc4ce00afe714122a10fb44e4f8115724e56c88654b2c0bd0dd952db6b1a", "3fd4e4bc06b0c735ecb690e317fd0954b0b9011e6e32980e04af7611b938ec2c", "4038edea39f0d2c4155b1917759beca2f9fc8150a48d7e06a1b3e7b9b72652ae", "5685ddcb62cd05ed44dd16b1e9004f1c63a5cd8965ccd19089a4fda044a48e81", "63ca73da5b67e40b82967d71e3b07aed7a17de020d0a009ff5838cdef5955c0d", "aceca08c357c2da59b3a311c8b3199ac1d7d903c03c14b6f35f84d77b76c4764"], "path": "%APPDATA%\\Microsoft\\Windows\\dllcache\\d3d8thk.dll"}, {"hashes": ["0b6a83489612fbac0c8031c717c2ef806d1ab504ee882a4e83700bd277684eca", "25473161969a5ce442ced0c778e677792b07fa68fe500734f7fccab735dfc6ac", "25f2be22535798e48ea2b92c08da3e62f15569f1f67bc45889d7dc403a2c5bf8", "2d3ae3b2189a6ad6436f046c4dc4e30509132e0a0ae08175a2299105f26277ca", "2ea0fc4ce00afe714122a10fb44e4f8115724e56c88654b2c0bd0dd952db6b1a", "380b798da49861cb0cb551a7b945f8db7e3893402c2423b6f9ebac784c79abf6", "41892f3328b48749726630a3e75ee0addd7e41060beefcfc9d81d3bfc3ab55fd", "529883d5b3a9935f3863fcf277ed10086645b2c94e0363276358cd2af9dc5dc1", "5685ddcb62cd05ed44dd16b1e9004f1c63a5cd8965ccd19089a4fda044a48e81", "87ff71bee735095c209afefc60cda504cc77acc50fc4ba31d756c9ea4c853a89"], "path": "%APPDATA%\\Microsoft\\Windows\\dllcache\\nci.dll"}, {"hashes": ["25473161969a5ce442ced0c778e677792b07fa68fe500734f7fccab735dfc6ac", "3a65beafd1115dd9343e3204fe9b53dde7e76d269804ddfcc95d6b379c9a081b", "3fd4e4bc06b0c735ecb690e317fd0954b0b9011e6e32980e04af7611b938ec2c", "4038edea39f0d2c4155b1917759beca2f9fc8150a48d7e06a1b3e7b9b72652ae", "41892f3328b48749726630a3e75ee0addd7e41060beefcfc9d81d3bfc3ab55fd", "529883d5b3a9935f3863fcf277ed10086645b2c94e0363276358cd2af9dc5dc1", "5685ddcb62cd05ed44dd16b1e9004f1c63a5cd8965ccd19089a4fda044a48e81", "6f48cb7449083ebf82b8507d3d32f30fe8d76f329babe728d8bc94628a878981", "6f5394ad933af9c28c7eefc6c62eead20d8e3ecf5ebe40b10d81f74d96d1dfe1", "a55543ec1b6966095c16d18874123733518b24859d943412b346bb1c1bc2aa45"], "path": "%APPDATA%\\Microsoft\\Windows\\dllcache\\pid.dll"}, {"hashes": ["06dd24c4205cce7274c8b332e34abdc1cf6064d21bca8fc4407cd6cf075cfd09", "0b6a83489612fbac0c8031c717c2ef806d1ab504ee882a4e83700bd277684eca", "25473161969a5ce442ced0c778e677792b07fa68fe500734f7fccab735dfc6ac", "2ea0fc4ce00afe714122a10fb44e4f8115724e56c88654b2c0bd0dd952db6b1a", "4038edea39f0d2c4155b1917759beca2f9fc8150a48d7e06a1b3e7b9b72652ae", "41892f3328b48749726630a3e75ee0addd7e41060beefcfc9d81d3bfc3ab55fd", "529883d5b3a9935f3863fcf277ed10086645b2c94e0363276358cd2af9dc5dc1", "5945310e811930231bf36f6d6d34af46bef97aa4d23e6adc1911772f7b0f8299", "aceca08c357c2da59b3a311c8b3199ac1d7d903c03c14b6f35f84d77b76c4764"], "path": "%APPDATA%\\Microsoft\\Windows\\dllcache\\bthudtask.exe"}, {"hashes": ["25473161969a5ce442ced0c778e677792b07fa68fe500734f7fccab735dfc6ac", "25e7e21526add1508c644c31cbbffd221068779ed6fb1bae751a9a70c6133fd3", "380b798da49861cb0cb551a7b945f8db7e3893402c2423b6f9ebac784c79abf6", "41892f3328b48749726630a3e75ee0addd7e41060beefcfc9d81d3bfc3ab55fd", "5685ddcb62cd05ed44dd16b1e9004f1c63a5cd8965ccd19089a4fda044a48e81", "63ca73da5b67e40b82967d71e3b07aed7a17de020d0a009ff5838cdef5955c0d", "6f48cb7449083ebf82b8507d3d32f30fe8d76f329babe728d8bc94628a878981", "87ff71bee735095c209afefc60cda504cc77acc50fc4ba31d756c9ea4c853a89", "b29afa8695161d81edf54df2f6c36c02bb81fdd109f0000b106cbafe4bcd27a5"], "path": "%APPDATA%\\Microsoft\\Windows\\dllcache\\hlink.dll"}, {"hashes": ["0b6a83489612fbac0c8031c717c2ef806d1ab504ee882a4e83700bd277684eca", "25e7e21526add1508c644c31cbbffd221068779ed6fb1bae751a9a70c6133fd3", "3fd4e4bc06b0c735ecb690e317fd0954b0b9011e6e32980e04af7611b938ec2c", "41892f3328b48749726630a3e75ee0addd7e41060beefcfc9d81d3bfc3ab55fd", "6f48cb7449083ebf82b8507d3d32f30fe8d76f329babe728d8bc94628a878981", "87ff71bee735095c209afefc60cda504cc77acc50fc4ba31d756c9ea4c853a89", "a3c04866cc1b9024efa30842042f2e50337a6cdb7a77776784ad25e322cf93d7", "a55543ec1b6966095c16d18874123733518b24859d943412b346bb1c1bc2aa45", "b29afa8695161d81edf54df2f6c36c02bb81fdd109f0000b106cbafe4bcd27a5"], "path": "%APPDATA%\\Microsoft\\Windows\\dllcache\\kbd101b.DLL"}, {"hashes": ["25f2be22535798e48ea2b92c08da3e62f15569f1f67bc45889d7dc403a2c5bf8", "2d3ae3b2189a6ad6436f046c4dc4e30509132e0a0ae08175a2299105f26277ca", "2ea0fc4ce00afe714122a10fb44e4f8115724e56c88654b2c0bd0dd952db6b1a", "380b798da49861cb0cb551a7b945f8db7e3893402c2423b6f9ebac784c79abf6", "41892f3328b48749726630a3e75ee0addd7e41060beefcfc9d81d3bfc3ab55fd", "5945310e811930231bf36f6d6d34af46bef97aa4d23e6adc1911772f7b0f8299", "6f48cb7449083ebf82b8507d3d32f30fe8d76f329babe728d8bc94628a878981", "6f5394ad933af9c28c7eefc6c62eead20d8e3ecf5ebe40b10d81f74d96d1dfe1", "a55543ec1b6966095c16d18874123733518b24859d943412b346bb1c1bc2aa45"], "path": "%APPDATA%\\Microsoft\\Windows\\dllcache\\tapiui.dll"}, {"hashes": ["0b6a83489612fbac0c8031c717c2ef806d1ab504ee882a4e83700bd277684eca", "25f2be22535798e48ea2b92c08da3e62f15569f1f67bc45889d7dc403a2c5bf8", "3a65beafd1115dd9343e3204fe9b53dde7e76d269804ddfcc95d6b379c9a081b", "529883d5b3a9935f3863fcf277ed10086645b2c94e0363276358cd2af9dc5dc1", "5945310e811930231bf36f6d6d34af46bef97aa4d23e6adc1911772f7b0f8299", "63ca73da5b67e40b82967d71e3b07aed7a17de020d0a009ff5838cdef5955c0d", "6f48cb7449083ebf82b8507d3d32f30fe8d76f329babe728d8bc94628a878981", "6f5394ad933af9c28c7eefc6c62eead20d8e3ecf5ebe40b10d81f74d96d1dfe1", "87ff71bee735095c209afefc60cda504cc77acc50fc4ba31d756c9ea4c853a89"], "path": "%APPDATA%\\Microsoft\\Windows\\dllcache\\iaspolcy.dll"}, {"hashes": ["0b6a83489612fbac0c8031c717c2ef806d1ab504ee882a4e83700bd277684eca", "25e7e21526add1508c644c31cbbffd221068779ed6fb1bae751a9a70c6133fd3", "25f2be22535798e48ea2b92c08da3e62f15569f1f67bc45889d7dc403a2c5bf8", "3fd4e4bc06b0c735ecb690e317fd0954b0b9011e6e32980e04af7611b938ec2c", "41892f3328b48749726630a3e75ee0addd7e41060beefcfc9d81d3bfc3ab55fd", "63ca73da5b67e40b82967d71e3b07aed7a17de020d0a009ff5838cdef5955c0d", "6f5394ad933af9c28c7eefc6c62eead20d8e3ecf5ebe40b10d81f74d96d1dfe1", "a3c04866cc1b9024efa30842042f2e50337a6cdb7a77776784ad25e322cf93d7", "aceca08c357c2da59b3a311c8b3199ac1d7d903c03c14b6f35f84d77b76c4764"], "path": "%APPDATA%\\Microsoft\\Windows\\dllcache\\vidcap.ax"}, {"hashes": ["06dd24c4205cce7274c8b332e34abdc1cf6064d21bca8fc4407cd6cf075cfd09", "25f2be22535798e48ea2b92c08da3e62f15569f1f67bc45889d7dc403a2c5bf8", "380b798da49861cb0cb551a7b945f8db7e3893402c2423b6f9ebac784c79abf6", "3a65beafd1115dd9343e3204fe9b53dde7e76d269804ddfcc95d6b379c9a081b", "3fd4e4bc06b0c735ecb690e317fd0954b0b9011e6e32980e04af7611b938ec2c", "63ca73da5b67e40b82967d71e3b07aed7a17de020d0a009ff5838cdef5955c0d", "6f48cb7449083ebf82b8507d3d32f30fe8d76f329babe728d8bc94628a878981", "6f5394ad933af9c28c7eefc6c62eead20d8e3ecf5ebe40b10d81f74d96d1dfe1", "aceca08c357c2da59b3a311c8b3199ac1d7d903c03c14b6f35f84d77b76c4764"], "path": "%APPDATA%\\Microsoft\\Windows\\dllcache\\xcopy.exe"}, {"hashes": ["2ea0fc4ce00afe714122a10fb44e4f8115724e56c88654b2c0bd0dd952db6b1a", "4038edea39f0d2c4155b1917759beca2f9fc8150a48d7e06a1b3e7b9b72652ae", "41892f3328b48749726630a3e75ee0addd7e41060beefcfc9d81d3bfc3ab55fd", "529883d5b3a9935f3863fcf277ed10086645b2c94e0363276358cd2af9dc5dc1", "5945310e811930231bf36f6d6d34af46bef97aa4d23e6adc1911772f7b0f8299", "63ca73da5b67e40b82967d71e3b07aed7a17de020d0a009ff5838cdef5955c0d", "6f5394ad933af9c28c7eefc6c62eead20d8e3ecf5ebe40b10d81f74d96d1dfe1", "87ff71bee735095c209afefc60cda504cc77acc50fc4ba31d756c9ea4c853a89", "a55543ec1b6966095c16d18874123733518b24859d943412b346bb1c1bc2aa45"], "path": "%APPDATA%\\Microsoft\\Windows\\dllcache\\pla.dll"}, {"hashes": ["25473161969a5ce442ced0c778e677792b07fa68fe500734f7fccab735dfc6ac", "25e7e21526add1508c644c31cbbffd221068779ed6fb1bae751a9a70c6133fd3", "25f2be22535798e48ea2b92c08da3e62f15569f1f67bc45889d7dc403a2c5bf8", "3fd4e4bc06b0c735ecb690e317fd0954b0b9011e6e32980e04af7611b938ec2c", "529883d5b3a9935f3863fcf277ed10086645b2c94e0363276358cd2af9dc5dc1", "87ff71bee735095c209afefc60cda504cc77acc50fc4ba31d756c9ea4c853a89", "a55543ec1b6966095c16d18874123733518b24859d943412b346bb1c1bc2aa45", "aceca08c357c2da59b3a311c8b3199ac1d7d903c03c14b6f35f84d77b76c4764", "b29afa8695161d81edf54df2f6c36c02bb81fdd109f0000b106cbafe4bcd27a5"], "path": "%APPDATA%\\Microsoft\\Windows\\dllcache\\efscore.dll"}, {"hashes": ["25e7e21526add1508c644c31cbbffd221068779ed6fb1bae751a9a70c6133fd3", "3fd4e4bc06b0c735ecb690e317fd0954b0b9011e6e32980e04af7611b938ec2c", "4038edea39f0d2c4155b1917759beca2f9fc8150a48d7e06a1b3e7b9b72652ae", "41892f3328b48749726630a3e75ee0addd7e41060beefcfc9d81d3bfc3ab55fd", "529883d5b3a9935f3863fcf277ed10086645b2c94e0363276358cd2af9dc5dc1", "5685ddcb62cd05ed44dd16b1e9004f1c63a5cd8965ccd19089a4fda044a48e81", "63ca73da5b67e40b82967d71e3b07aed7a17de020d0a009ff5838cdef5955c0d", "6f48cb7449083ebf82b8507d3d32f30fe8d76f329babe728d8bc94628a878981", "b29afa8695161d81edf54df2f6c36c02bb81fdd109f0000b106cbafe4bcd27a5"], "path": "%APPDATA%\\Microsoft\\Windows\\dllcache\\inseng.dll"}], "ip": [{"hashes": ["010f84deb5e78bad41895e882203db172819778c5dfd28c26eb079e8be50d77f", "06dd24c4205cce7274c8b332e34abdc1cf6064d21bca8fc4407cd6cf075cfd09", "0b6a83489612fbac0c8031c717c2ef806d1ab504ee882a4e83700bd277684eca", "25473161969a5ce442ced0c778e677792b07fa68fe500734f7fccab735dfc6ac", "25e7e21526add1508c644c31cbbffd221068779ed6fb1bae751a9a70c6133fd3", "25f2be22535798e48ea2b92c08da3e62f15569f1f67bc45889d7dc403a2c5bf8", "2d3ae3b2189a6ad6436f046c4dc4e30509132e0a0ae08175a2299105f26277ca", "2ea0fc4ce00afe714122a10fb44e4f8115724e56c88654b2c0bd0dd952db6b1a", "380b798da49861cb0cb551a7b945f8db7e3893402c2423b6f9ebac784c79abf6", "3a65beafd1115dd9343e3204fe9b53dde7e76d269804ddfcc95d6b379c9a081b", "3fd4e4bc06b0c735ecb690e317fd0954b0b9011e6e32980e04af7611b938ec2c", "4038edea39f0d2c4155b1917759beca2f9fc8150a48d7e06a1b3e7b9b72652ae", "41892f3328b48749726630a3e75ee0addd7e41060beefcfc9d81d3bfc3ab55fd", "529883d5b3a9935f3863fcf277ed10086645b2c94e0363276358cd2af9dc5dc1", "5685ddcb62cd05ed44dd16b1e9004f1c63a5cd8965ccd19089a4fda044a48e81", "5945310e811930231bf36f6d6d34af46bef97aa4d23e6adc1911772f7b0f8299", "63ca73da5b67e40b82967d71e3b07aed7a17de020d0a009ff5838cdef5955c0d", "6f48cb7449083ebf82b8507d3d32f30fe8d76f329babe728d8bc94628a878981", "6f5394ad933af9c28c7eefc6c62eead20d8e3ecf5ebe40b10d81f74d96d1dfe1", "723bc475c228b18acec71d248f9b79b189fa8a84d6685ea5b4b42cba55a7c9ab", "87ff71bee735095c209afefc60cda504cc77acc50fc4ba31d756c9ea4c853a89", "a3c04866cc1b9024efa30842042f2e50337a6cdb7a77776784ad25e322cf93d7", "a55543ec1b6966095c16d18874123733518b24859d943412b346bb1c1bc2aa45", "aceca08c357c2da59b3a311c8b3199ac1d7d903c03c14b6f35f84d77b76c4764", "b29afa8695161d81edf54df2f6c36c02bb81fdd109f0000b106cbafe4bcd27a5"], "ip": "217[.]23[.]9[.]206"}], "mutex": [{"hashes": ["010f84deb5e78bad41895e882203db172819778c5dfd28c26eb079e8be50d77f", "06dd24c4205cce7274c8b332e34abdc1cf6064d21bca8fc4407cd6cf075cfd09", "0b6a83489612fbac0c8031c717c2ef806d1ab504ee882a4e83700bd277684eca", "25473161969a5ce442ced0c778e677792b07fa68fe500734f7fccab735dfc6ac", "25e7e21526add1508c644c31cbbffd221068779ed6fb1bae751a9a70c6133fd3", "25f2be22535798e48ea2b92c08da3e62f15569f1f67bc45889d7dc403a2c5bf8", "2d3ae3b2189a6ad6436f046c4dc4e30509132e0a0ae08175a2299105f26277ca", "2ea0fc4ce00afe714122a10fb44e4f8115724e56c88654b2c0bd0dd952db6b1a", "380b798da49861cb0cb551a7b945f8db7e3893402c2423b6f9ebac784c79abf6", "3a65beafd1115dd9343e3204fe9b53dde7e76d269804ddfcc95d6b379c9a081b", "3fd4e4bc06b0c735ecb690e317fd0954b0b9011e6e32980e04af7611b938ec2c", "4038edea39f0d2c4155b1917759beca2f9fc8150a48d7e06a1b3e7b9b72652ae", "41892f3328b48749726630a3e75ee0addd7e41060beefcfc9d81d3bfc3ab55fd", "529883d5b3a9935f3863fcf277ed10086645b2c94e0363276358cd2af9dc5dc1", "5685ddcb62cd05ed44dd16b1e9004f1c63a5cd8965ccd19089a4fda044a48e81", "5945310e811930231bf36f6d6d34af46bef97aa4d23e6adc1911772f7b0f8299", "63ca73da5b67e40b82967d71e3b07aed7a17de020d0a009ff5838cdef5955c0d", "6f48cb7449083ebf82b8507d3d32f30fe8d76f329babe728d8bc94628a878981", "6f5394ad933af9c28c7eefc6c62eead20d8e3ecf5ebe40b10d81f74d96d1dfe1", "723bc475c228b18acec71d248f9b79b189fa8a84d6685ea5b4b42cba55a7c9ab", "87ff71bee735095c209afefc60cda504cc77acc50fc4ba31d756c9ea4c853a89", "a3c04866cc1b9024efa30842042f2e50337a6cdb7a77776784ad25e322cf93d7", "a55543ec1b6966095c16d18874123733518b24859d943412b346bb1c1bc2aa45", "aceca08c357c2da59b3a311c8b3199ac1d7d903c03c14b6f35f84d77b76c4764", "b29afa8695161d81edf54df2f6c36c02bb81fdd109f0000b106cbafe4bcd27a5"], "name": "CTF.Compart.Mutex.{40873C05-0BAB-1575-53E7-E3B7E9D4CC75}"}, {"hashes": ["010f84deb5e78bad41895e882203db172819778c5dfd28c26eb079e8be50d77f", "06dd24c4205cce7274c8b332e34abdc1cf6064d21bca8fc4407cd6cf075cfd09", "0b6a83489612fbac0c8031c717c2ef806d1ab504ee882a4e83700bd277684eca", "25473161969a5ce442ced0c778e677792b07fa68fe500734f7fccab735dfc6ac", "25e7e21526add1508c644c31cbbffd221068779ed6fb1bae751a9a70c6133fd3", "25f2be22535798e48ea2b92c08da3e62f15569f1f67bc45889d7dc403a2c5bf8", "2d3ae3b2189a6ad6436f046c4dc4e30509132e0a0ae08175a2299105f26277ca", "2ea0fc4ce00afe714122a10fb44e4f8115724e56c88654b2c0bd0dd952db6b1a", "380b798da49861cb0cb551a7b945f8db7e3893402c2423b6f9ebac784c79abf6", "3a65beafd1115dd9343e3204fe9b53dde7e76d269804ddfcc95d6b379c9a081b", "3fd4e4bc06b0c735ecb690e317fd0954b0b9011e6e32980e04af7611b938ec2c", "4038edea39f0d2c4155b1917759beca2f9fc8150a48d7e06a1b3e7b9b72652ae", "41892f3328b48749726630a3e75ee0addd7e41060beefcfc9d81d3bfc3ab55fd", "529883d5b3a9935f3863fcf277ed10086645b2c94e0363276358cd2af9dc5dc1", "5685ddcb62cd05ed44dd16b1e9004f1c63a5cd8965ccd19089a4fda044a48e81", "5945310e811930231bf36f6d6d34af46bef97aa4d23e6adc1911772f7b0f8299", "63ca73da5b67e40b82967d71e3b07aed7a17de020d0a009ff5838cdef5955c0d", "6f48cb7449083ebf82b8507d3d32f30fe8d76f329babe728d8bc94628a878981", "6f5394ad933af9c28c7eefc6c62eead20d8e3ecf5ebe40b10d81f74d96d1dfe1", "723bc475c228b18acec71d248f9b79b189fa8a84d6685ea5b4b42cba55a7c9ab", "87ff71bee735095c209afefc60cda504cc77acc50fc4ba31d756c9ea4c853a89", "a3c04866cc1b9024efa30842042f2e50337a6cdb7a77776784ad25e322cf93d7", "a55543ec1b6966095c16d18874123733518b24859d943412b346bb1c1bc2aa45", "aceca08c357c2da59b3a311c8b3199ac1d7d903c03c14b6f35f84d77b76c4764", "b29afa8695161d81edf54df2f6c36c02bb81fdd109f0000b106cbafe4bcd27a5"], "name": "MSCTF.SHARED.MUTEX.{7F088249-2BED-DE54-803E-53B1C3A674AF}"}, {"hashes": ["010f84deb5e78bad41895e882203db172819778c5dfd28c26eb079e8be50d77f", "06dd24c4205cce7274c8b332e34abdc1cf6064d21bca8fc4407cd6cf075cfd09", "0b6a83489612fbac0c8031c717c2ef806d1ab504ee882a4e83700bd277684eca", "25473161969a5ce442ced0c778e677792b07fa68fe500734f7fccab735dfc6ac", "25e7e21526add1508c644c31cbbffd221068779ed6fb1bae751a9a70c6133fd3", "25f2be22535798e48ea2b92c08da3e62f15569f1f67bc45889d7dc403a2c5bf8", "2d3ae3b2189a6ad6436f046c4dc4e30509132e0a0ae08175a2299105f26277ca", "2ea0fc4ce00afe714122a10fb44e4f8115724e56c88654b2c0bd0dd952db6b1a", "380b798da49861cb0cb551a7b945f8db7e3893402c2423b6f9ebac784c79abf6", "3a65beafd1115dd9343e3204fe9b53dde7e76d269804ddfcc95d6b379c9a081b", "3fd4e4bc06b0c735ecb690e317fd0954b0b9011e6e32980e04af7611b938ec2c", "4038edea39f0d2c4155b1917759beca2f9fc8150a48d7e06a1b3e7b9b72652ae", "41892f3328b48749726630a3e75ee0addd7e41060beefcfc9d81d3bfc3ab55fd", "529883d5b3a9935f3863fcf277ed10086645b2c94e0363276358cd2af9dc5dc1", "5685ddcb62cd05ed44dd16b1e9004f1c63a5cd8965ccd19089a4fda044a48e81", "5945310e811930231bf36f6d6d34af46bef97aa4d23e6adc1911772f7b0f8299", "63ca73da5b67e40b82967d71e3b07aed7a17de020d0a009ff5838cdef5955c0d", "6f48cb7449083ebf82b8507d3d32f30fe8d76f329babe728d8bc94628a878981", "6f5394ad933af9c28c7eefc6c62eead20d8e3ecf5ebe40b10d81f74d96d1dfe1", "723bc475c228b18acec71d248f9b79b189fa8a84d6685ea5b4b42cba55a7c9ab", "87ff71bee735095c209afefc60cda504cc77acc50fc4ba31d756c9ea4c853a89", "a3c04866cc1b9024efa30842042f2e50337a6cdb7a77776784ad25e322cf93d7", "a55543ec1b6966095c16d18874123733518b24859d943412b346bb1c1bc2aa45", "aceca08c357c2da59b3a311c8b3199ac1d7d903c03c14b6f35f84d77b76c4764", "b29afa8695161d81edf54df2f6c36c02bb81fdd109f0000b106cbafe4bcd27a5"], "name": "Local\\{6F884C5F-38C5-4662-BC91-53BD684CCB0D}S-1-5-21-2580483871-590521980-3826313501-500"}, {"hashes": ["010f84deb5e78bad41895e882203db172819778c5dfd28c26eb079e8be50d77f", "06dd24c4205cce7274c8b332e34abdc1cf6064d21bca8fc4407cd6cf075cfd09", "0b6a83489612fbac0c8031c717c2ef806d1ab504ee882a4e83700bd277684eca", "25473161969a5ce442ced0c778e677792b07fa68fe500734f7fccab735dfc6ac", "25e7e21526add1508c644c31cbbffd221068779ed6fb1bae751a9a70c6133fd3", "25f2be22535798e48ea2b92c08da3e62f15569f1f67bc45889d7dc403a2c5bf8", "2d3ae3b2189a6ad6436f046c4dc4e30509132e0a0ae08175a2299105f26277ca", "2ea0fc4ce00afe714122a10fb44e4f8115724e56c88654b2c0bd0dd952db6b1a", "380b798da49861cb0cb551a7b945f8db7e3893402c2423b6f9ebac784c79abf6", "3a65beafd1115dd9343e3204fe9b53dde7e76d269804ddfcc95d6b379c9a081b", "3fd4e4bc06b0c735ecb690e317fd0954b0b9011e6e32980e04af7611b938ec2c", "4038edea39f0d2c4155b1917759beca2f9fc8150a48d7e06a1b3e7b9b72652ae", "41892f3328b48749726630a3e75ee0addd7e41060beefcfc9d81d3bfc3ab55fd", "529883d5b3a9935f3863fcf277ed10086645b2c94e0363276358cd2af9dc5dc1", "5685ddcb62cd05ed44dd16b1e9004f1c63a5cd8965ccd19089a4fda044a48e81", "5945310e811930231bf36f6d6d34af46bef97aa4d23e6adc1911772f7b0f8299", "63ca73da5b67e40b82967d71e3b07aed7a17de020d0a009ff5838cdef5955c0d", "6f48cb7449083ebf82b8507d3d32f30fe8d76f329babe728d8bc94628a878981", "6f5394ad933af9c28c7eefc6c62eead20d8e3ecf5ebe40b10d81f74d96d1dfe1", "723bc475c228b18acec71d248f9b79b189fa8a84d6685ea5b4b42cba55a7c9ab", "87ff71bee735095c209afefc60cda504cc77acc50fc4ba31d756c9ea4c853a89", "a3c04866cc1b9024efa30842042f2e50337a6cdb7a77776784ad25e322cf93d7", "a55543ec1b6966095c16d18874123733518b24859d943412b346bb1c1bc2aa45", "aceca08c357c2da59b3a311c8b3199ac1d7d903c03c14b6f35f84d77b76c4764", "b29afa8695161d81edf54df2f6c36c02bb81fdd109f0000b106cbafe4bcd27a5"], "name": "Local\\{A55C3BEE-5BFF-4c61-8833-39CD46D49BC7}-1-S-1-5-21-2580483871-590521980-3826313501-500"}, {"hashes": ["010f84deb5e78bad41895e882203db172819778c5dfd28c26eb079e8be50d77f", "06dd24c4205cce7274c8b332e34abdc1cf6064d21bca8fc4407cd6cf075cfd09", "0b6a83489612fbac0c8031c717c2ef806d1ab504ee882a4e83700bd277684eca", "25473161969a5ce442ced0c778e677792b07fa68fe500734f7fccab735dfc6ac", "25e7e21526add1508c644c31cbbffd221068779ed6fb1bae751a9a70c6133fd3", "25f2be22535798e48ea2b92c08da3e62f15569f1f67bc45889d7dc403a2c5bf8", "2d3ae3b2189a6ad6436f046c4dc4e30509132e0a0ae08175a2299105f26277ca", "2ea0fc4ce00afe714122a10fb44e4f8115724e56c88654b2c0bd0dd952db6b1a", "380b798da49861cb0cb551a7b945f8db7e3893402c2423b6f9ebac784c79abf6", "3a65beafd1115dd9343e3204fe9b53dde7e76d269804ddfcc95d6b379c9a081b", "3fd4e4bc06b0c735ecb690e317fd0954b0b9011e6e32980e04af7611b938ec2c", "4038edea39f0d2c4155b1917759beca2f9fc8150a48d7e06a1b3e7b9b72652ae", "41892f3328b48749726630a3e75ee0addd7e41060beefcfc9d81d3bfc3ab55fd", "529883d5b3a9935f3863fcf277ed10086645b2c94e0363276358cd2af9dc5dc1", "5685ddcb62cd05ed44dd16b1e9004f1c63a5cd8965ccd19089a4fda044a48e81", "5945310e811930231bf36f6d6d34af46bef97aa4d23e6adc1911772f7b0f8299", "63ca73da5b67e40b82967d71e3b07aed7a17de020d0a009ff5838cdef5955c0d", "6f48cb7449083ebf82b8507d3d32f30fe8d76f329babe728d8bc94628a878981", "6f5394ad933af9c28c7eefc6c62eead20d8e3ecf5ebe40b10d81f74d96d1dfe1", "723bc475c228b18acec71d248f9b79b189fa8a84d6685ea5b4b42cba55a7c9ab", "87ff71bee735095c209afefc60cda504cc77acc50fc4ba31d756c9ea4c853a89", "a3c04866cc1b9024efa30842042f2e50337a6cdb7a77776784ad25e322cf93d7", "a55543ec1b6966095c16d18874123733518b24859d943412b346bb1c1bc2aa45", "aceca08c357c2da59b3a311c8b3199ac1d7d903c03c14b6f35f84d77b76c4764", "b29afa8695161d81edf54df2f6c36c02bb81fdd109f0000b106cbafe4bcd27a5"], "name": "MSCTF.Shared.MUTEX.9cb030d9"}, {"hashes": ["010f84deb5e78bad41895e882203db172819778c5dfd28c26eb079e8be50d77f", "06dd24c4205cce7274c8b332e34abdc1cf6064d21bca8fc4407cd6cf075cfd09", "0b6a83489612fbac0c8031c717c2ef806d1ab504ee882a4e83700bd277684eca", "25473161969a5ce442ced0c778e677792b07fa68fe500734f7fccab735dfc6ac", "25e7e21526add1508c644c31cbbffd221068779ed6fb1bae751a9a70c6133fd3", "25f2be22535798e48ea2b92c08da3e62f15569f1f67bc45889d7dc403a2c5bf8", "2d3ae3b2189a6ad6436f046c4dc4e30509132e0a0ae08175a2299105f26277ca", "2ea0fc4ce00afe714122a10fb44e4f8115724e56c88654b2c0bd0dd952db6b1a", "380b798da49861cb0cb551a7b945f8db7e3893402c2423b6f9ebac784c79abf6", "3a65beafd1115dd9343e3204fe9b53dde7e76d269804ddfcc95d6b379c9a081b", "3fd4e4bc06b0c735ecb690e317fd0954b0b9011e6e32980e04af7611b938ec2c", "4038edea39f0d2c4155b1917759beca2f9fc8150a48d7e06a1b3e7b9b72652ae", "41892f3328b48749726630a3e75ee0addd7e41060beefcfc9d81d3bfc3ab55fd", "529883d5b3a9935f3863fcf277ed10086645b2c94e0363276358cd2af9dc5dc1", "5685ddcb62cd05ed44dd16b1e9004f1c63a5cd8965ccd19089a4fda044a48e81", "5945310e811930231bf36f6d6d34af46bef97aa4d23e6adc1911772f7b0f8299", "63ca73da5b67e40b82967d71e3b07aed7a17de020d0a009ff5838cdef5955c0d", "6f48cb7449083ebf82b8507d3d32f30fe8d76f329babe728d8bc94628a878981", "6f5394ad933af9c28c7eefc6c62eead20d8e3ecf5ebe40b10d81f74d96d1dfe1", "723bc475c228b18acec71d248f9b79b189fa8a84d6685ea5b4b42cba55a7c9ab", "87ff71bee735095c209afefc60cda504cc77acc50fc4ba31d756c9ea4c853a89", "a3c04866cc1b9024efa30842042f2e50337a6cdb7a77776784ad25e322cf93d7", "a55543ec1b6966095c16d18874123733518b24859d943412b346bb1c1bc2aa45", "aceca08c357c2da59b3a311c8b3199ac1d7d903c03c14b6f35f84d77b76c4764", "b29afa8695161d81edf54df2f6c36c02bb81fdd109f0000b106cbafe4bcd27a5"], "name": "MSCTF.Shared.EVENT.3e261e83"}, {"hashes": ["010f84deb5e78bad41895e882203db172819778c5dfd28c26eb079e8be50d77f", "06dd24c4205cce7274c8b332e34abdc1cf6064d21bca8fc4407cd6cf075cfd09", "0b6a83489612fbac0c8031c717c2ef806d1ab504ee882a4e83700bd277684eca", "25473161969a5ce442ced0c778e677792b07fa68fe500734f7fccab735dfc6ac", "25e7e21526add1508c644c31cbbffd221068779ed6fb1bae751a9a70c6133fd3", "25f2be22535798e48ea2b92c08da3e62f15569f1f67bc45889d7dc403a2c5bf8", "2d3ae3b2189a6ad6436f046c4dc4e30509132e0a0ae08175a2299105f26277ca", "2ea0fc4ce00afe714122a10fb44e4f8115724e56c88654b2c0bd0dd952db6b1a", "380b798da49861cb0cb551a7b945f8db7e3893402c2423b6f9ebac784c79abf6", "3a65beafd1115dd9343e3204fe9b53dde7e76d269804ddfcc95d6b379c9a081b", "3fd4e4bc06b0c735ecb690e317fd0954b0b9011e6e32980e04af7611b938ec2c", "4038edea39f0d2c4155b1917759beca2f9fc8150a48d7e06a1b3e7b9b72652ae", "41892f3328b48749726630a3e75ee0addd7e41060beefcfc9d81d3bfc3ab55fd", "529883d5b3a9935f3863fcf277ed10086645b2c94e0363276358cd2af9dc5dc1", "5685ddcb62cd05ed44dd16b1e9004f1c63a5cd8965ccd19089a4fda044a48e81", "5945310e811930231bf36f6d6d34af46bef97aa4d23e6adc1911772f7b0f8299", "63ca73da5b67e40b82967d71e3b07aed7a17de020d0a009ff5838cdef5955c0d", "6f48cb7449083ebf82b8507d3d32f30fe8d76f329babe728d8bc94628a878981", "6f5394ad933af9c28c7eefc6c62eead20d8e3ecf5ebe40b10d81f74d96d1dfe1", "723bc475c228b18acec71d248f9b79b189fa8a84d6685ea5b4b42cba55a7c9ab", "87ff71bee735095c209afefc60cda504cc77acc50fc4ba31d756c9ea4c853a89", "a3c04866cc1b9024efa30842042f2e50337a6cdb7a77776784ad25e322cf93d7", "a55543ec1b6966095c16d18874123733518b24859d943412b346bb1c1bc2aa45", "aceca08c357c2da59b3a311c8b3199ac1d7d903c03c14b6f35f84d77b76c4764", "b29afa8695161d81edf54df2f6c36c02bb81fdd109f0000b106cbafe4bcd27a5"], "name": "shell.{C41FA798-DCC4-AA56-599A-737C5A6CFFA8}"}, {"hashes": ["010f84deb5e78bad41895e882203db172819778c5dfd28c26eb079e8be50d77f", "06dd24c4205cce7274c8b332e34abdc1cf6064d21bca8fc4407cd6cf075cfd09", "0b6a83489612fbac0c8031c717c2ef806d1ab504ee882a4e83700bd277684eca", "25473161969a5ce442ced0c778e677792b07fa68fe500734f7fccab735dfc6ac", "25e7e21526add1508c644c31cbbffd221068779ed6fb1bae751a9a70c6133fd3", "25f2be22535798e48ea2b92c08da3e62f15569f1f67bc45889d7dc403a2c5bf8", "2d3ae3b2189a6ad6436f046c4dc4e30509132e0a0ae08175a2299105f26277ca", "2ea0fc4ce00afe714122a10fb44e4f8115724e56c88654b2c0bd0dd952db6b1a", "380b798da49861cb0cb551a7b945f8db7e3893402c2423b6f9ebac784c79abf6", "3a65beafd1115dd9343e3204fe9b53dde7e76d269804ddfcc95d6b379c9a081b", "3fd4e4bc06b0c735ecb690e317fd0954b0b9011e6e32980e04af7611b938ec2c", "4038edea39f0d2c4155b1917759beca2f9fc8150a48d7e06a1b3e7b9b72652ae", "41892f3328b48749726630a3e75ee0addd7e41060beefcfc9d81d3bfc3ab55fd", "529883d5b3a9935f3863fcf277ed10086645b2c94e0363276358cd2af9dc5dc1", "5685ddcb62cd05ed44dd16b1e9004f1c63a5cd8965ccd19089a4fda044a48e81", "5945310e811930231bf36f6d6d34af46bef97aa4d23e6adc1911772f7b0f8299", "63ca73da5b67e40b82967d71e3b07aed7a17de020d0a009ff5838cdef5955c0d", "6f48cb7449083ebf82b8507d3d32f30fe8d76f329babe728d8bc94628a878981", "6f5394ad933af9c28c7eefc6c62eead20d8e3ecf5ebe40b10d81f74d96d1dfe1", "723bc475c228b18acec71d248f9b79b189fa8a84d6685ea5b4b42cba55a7c9ab", "87ff71bee735095c209afefc60cda504cc77acc50fc4ba31d756c9ea4c853a89", "a3c04866cc1b9024efa30842042f2e50337a6cdb7a77776784ad25e322cf93d7", "a55543ec1b6966095c16d18874123733518b24859d943412b346bb1c1bc2aa45", "aceca08c357c2da59b3a311c8b3199ac1d7d903c03c14b6f35f84d77b76c4764", "b29afa8695161d81edf54df2f6c36c02bb81fdd109f0000b106cbafe4bcd27a5"], "name": "MSCTF.Shared.MUTEX.4acf71e1"}, {"hashes": ["010f84deb5e78bad41895e882203db172819778c5dfd28c26eb079e8be50d77f", "06dd24c4205cce7274c8b332e34abdc1cf6064d21bca8fc4407cd6cf075cfd09", "0b6a83489612fbac0c8031c717c2ef806d1ab504ee882a4e83700bd277684eca", "25473161969a5ce442ced0c778e677792b07fa68fe500734f7fccab735dfc6ac", "25e7e21526add1508c644c31cbbffd221068779ed6fb1bae751a9a70c6133fd3", "25f2be22535798e48ea2b92c08da3e62f15569f1f67bc45889d7dc403a2c5bf8", "2d3ae3b2189a6ad6436f046c4dc4e30509132e0a0ae08175a2299105f26277ca", "2ea0fc4ce00afe714122a10fb44e4f8115724e56c88654b2c0bd0dd952db6b1a", "380b798da49861cb0cb551a7b945f8db7e3893402c2423b6f9ebac784c79abf6", "3a65beafd1115dd9343e3204fe9b53dde7e76d269804ddfcc95d6b379c9a081b", "3fd4e4bc06b0c735ecb690e317fd0954b0b9011e6e32980e04af7611b938ec2c", "4038edea39f0d2c4155b1917759beca2f9fc8150a48d7e06a1b3e7b9b72652ae", "41892f3328b48749726630a3e75ee0addd7e41060beefcfc9d81d3bfc3ab55fd", "529883d5b3a9935f3863fcf277ed10086645b2c94e0363276358cd2af9dc5dc1", "5685ddcb62cd05ed44dd16b1e9004f1c63a5cd8965ccd19089a4fda044a48e81", "5945310e811930231bf36f6d6d34af46bef97aa4d23e6adc1911772f7b0f8299", "63ca73da5b67e40b82967d71e3b07aed7a17de020d0a009ff5838cdef5955c0d", "6f48cb7449083ebf82b8507d3d32f30fe8d76f329babe728d8bc94628a878981", "6f5394ad933af9c28c7eefc6c62eead20d8e3ecf5ebe40b10d81f74d96d1dfe1", "723bc475c228b18acec71d248f9b79b189fa8a84d6685ea5b4b42cba55a7c9ab", "87ff71bee735095c209afefc60cda504cc77acc50fc4ba31d756c9ea4c853a89", "a3c04866cc1b9024efa30842042f2e50337a6cdb7a77776784ad25e322cf93d7", "a55543ec1b6966095c16d18874123733518b24859d943412b346bb1c1bc2aa45", "aceca08c357c2da59b3a311c8b3199ac1d7d903c03c14b6f35f84d77b76c4764", "b29afa8695161d81edf54df2f6c36c02bb81fdd109f0000b106cbafe4bcd27a5"], "name": "MSCTF.Shared.MUTEX.c4db82e0"}, {"hashes": ["010f84deb5e78bad41895e882203db172819778c5dfd28c26eb079e8be50d77f", "06dd24c4205cce7274c8b332e34abdc1cf6064d21bca8fc4407cd6cf075cfd09", "0b6a83489612fbac0c8031c717c2ef806d1ab504ee882a4e83700bd277684eca", "25473161969a5ce442ced0c778e677792b07fa68fe500734f7fccab735dfc6ac", "25e7e21526add1508c644c31cbbffd221068779ed6fb1bae751a9a70c6133fd3", "25f2be22535798e48ea2b92c08da3e62f15569f1f67bc45889d7dc403a2c5bf8", "2d3ae3b2189a6ad6436f046c4dc4e30509132e0a0ae08175a2299105f26277ca", "2ea0fc4ce00afe714122a10fb44e4f8115724e56c88654b2c0bd0dd952db6b1a", "380b798da49861cb0cb551a7b945f8db7e3893402c2423b6f9ebac784c79abf6", "3a65beafd1115dd9343e3204fe9b53dde7e76d269804ddfcc95d6b379c9a081b", "3fd4e4bc06b0c735ecb690e317fd0954b0b9011e6e32980e04af7611b938ec2c", "4038edea39f0d2c4155b1917759beca2f9fc8150a48d7e06a1b3e7b9b72652ae", "41892f3328b48749726630a3e75ee0addd7e41060beefcfc9d81d3bfc3ab55fd", "529883d5b3a9935f3863fcf277ed10086645b2c94e0363276358cd2af9dc5dc1", "5685ddcb62cd05ed44dd16b1e9004f1c63a5cd8965ccd19089a4fda044a48e81", "5945310e811930231bf36f6d6d34af46bef97aa4d23e6adc1911772f7b0f8299", "63ca73da5b67e40b82967d71e3b07aed7a17de020d0a009ff5838cdef5955c0d", "6f48cb7449083ebf82b8507d3d32f30fe8d76f329babe728d8bc94628a878981", "6f5394ad933af9c28c7eefc6c62eead20d8e3ecf5ebe40b10d81f74d96d1dfe1", "723bc475c228b18acec71d248f9b79b189fa8a84d6685ea5b4b42cba55a7c9ab", "87ff71bee735095c209afefc60cda504cc77acc50fc4ba31d756c9ea4c853a89", "a3c04866cc1b9024efa30842042f2e50337a6cdb7a77776784ad25e322cf93d7", "a55543ec1b6966095c16d18874123733518b24859d943412b346bb1c1bc2aa45", "aceca08c357c2da59b3a311c8b3199ac1d7d903c03c14b6f35f84d77b76c4764", "b29afa8695161d81edf54df2f6c36c02bb81fdd109f0000b106cbafe4bcd27a5"], "name": "MSCTF.Shared.MUTEX.b45dae0d"}, {"hashes": ["06dd24c4205cce7274c8b332e34abdc1cf6064d21bca8fc4407cd6cf075cfd09", "0b6a83489612fbac0c8031c717c2ef806d1ab504ee882a4e83700bd277684eca", "25473161969a5ce442ced0c778e677792b07fa68fe500734f7fccab735dfc6ac", "25e7e21526add1508c644c31cbbffd221068779ed6fb1bae751a9a70c6133fd3", "25f2be22535798e48ea2b92c08da3e62f15569f1f67bc45889d7dc403a2c5bf8", "2d3ae3b2189a6ad6436f046c4dc4e30509132e0a0ae08175a2299105f26277ca", "2ea0fc4ce00afe714122a10fb44e4f8115724e56c88654b2c0bd0dd952db6b1a", "380b798da49861cb0cb551a7b945f8db7e3893402c2423b6f9ebac784c79abf6", "3a65beafd1115dd9343e3204fe9b53dde7e76d269804ddfcc95d6b379c9a081b", "3fd4e4bc06b0c735ecb690e317fd0954b0b9011e6e32980e04af7611b938ec2c", "4038edea39f0d2c4155b1917759beca2f9fc8150a48d7e06a1b3e7b9b72652ae", "41892f3328b48749726630a3e75ee0addd7e41060beefcfc9d81d3bfc3ab55fd", "529883d5b3a9935f3863fcf277ed10086645b2c94e0363276358cd2af9dc5dc1", "5685ddcb62cd05ed44dd16b1e9004f1c63a5cd8965ccd19089a4fda044a48e81", "5945310e811930231bf36f6d6d34af46bef97aa4d23e6adc1911772f7b0f8299", "63ca73da5b67e40b82967d71e3b07aed7a17de020d0a009ff5838cdef5955c0d", "6f48cb7449083ebf82b8507d3d32f30fe8d76f329babe728d8bc94628a878981", "6f5394ad933af9c28c7eefc6c62eead20d8e3ecf5ebe40b10d81f74d96d1dfe1", "87ff71bee735095c209afefc60cda504cc77acc50fc4ba31d756c9ea4c853a89", "a3c04866cc1b9024efa30842042f2e50337a6cdb7a77776784ad25e322cf93d7", "a55543ec1b6966095c16d18874123733518b24859d943412b346bb1c1bc2aa45", "aceca08c357c2da59b3a311c8b3199ac1d7d903c03c14b6f35f84d77b76c4764", "b29afa8695161d81edf54df2f6c36c02bb81fdd109f0000b106cbafe4bcd27a5"], "name": "MSCTF.Shared.EVENT.4d29acca"}, {"hashes": ["06dd24c4205cce7274c8b332e34abdc1cf6064d21bca8fc4407cd6cf075cfd09", "0b6a83489612fbac0c8031c717c2ef806d1ab504ee882a4e83700bd277684eca", "25473161969a5ce442ced0c778e677792b07fa68fe500734f7fccab735dfc6ac", "25e7e21526add1508c644c31cbbffd221068779ed6fb1bae751a9a70c6133fd3", "25f2be22535798e48ea2b92c08da3e62f15569f1f67bc45889d7dc403a2c5bf8", "2d3ae3b2189a6ad6436f046c4dc4e30509132e0a0ae08175a2299105f26277ca", "2ea0fc4ce00afe714122a10fb44e4f8115724e56c88654b2c0bd0dd952db6b1a", "380b798da49861cb0cb551a7b945f8db7e3893402c2423b6f9ebac784c79abf6", "3a65beafd1115dd9343e3204fe9b53dde7e76d269804ddfcc95d6b379c9a081b", "3fd4e4bc06b0c735ecb690e317fd0954b0b9011e6e32980e04af7611b938ec2c", "4038edea39f0d2c4155b1917759beca2f9fc8150a48d7e06a1b3e7b9b72652ae", "41892f3328b48749726630a3e75ee0addd7e41060beefcfc9d81d3bfc3ab55fd", "529883d5b3a9935f3863fcf277ed10086645b2c94e0363276358cd2af9dc5dc1", "5685ddcb62cd05ed44dd16b1e9004f1c63a5cd8965ccd19089a4fda044a48e81", "5945310e811930231bf36f6d6d34af46bef97aa4d23e6adc1911772f7b0f8299", "63ca73da5b67e40b82967d71e3b07aed7a17de020d0a009ff5838cdef5955c0d", "6f48cb7449083ebf82b8507d3d32f30fe8d76f329babe728d8bc94628a878981", "6f5394ad933af9c28c7eefc6c62eead20d8e3ecf5ebe40b10d81f74d96d1dfe1", "87ff71bee735095c209afefc60cda504cc77acc50fc4ba31d756c9ea4c853a89", "a3c04866cc1b9024efa30842042f2e50337a6cdb7a77776784ad25e322cf93d7", "a55543ec1b6966095c16d18874123733518b24859d943412b346bb1c1bc2aa45", "aceca08c357c2da59b3a311c8b3199ac1d7d903c03c14b6f35f84d77b76c4764", "b29afa8695161d81edf54df2f6c36c02bb81fdd109f0000b106cbafe4bcd27a5"], "name": "MSCTF.Shared.EVENT.c6bc01be"}, {"hashes": ["06dd24c4205cce7274c8b332e34abdc1cf6064d21bca8fc4407cd6cf075cfd09", "0b6a83489612fbac0c8031c717c2ef806d1ab504ee882a4e83700bd277684eca", "25473161969a5ce442ced0c778e677792b07fa68fe500734f7fccab735dfc6ac", "25e7e21526add1508c644c31cbbffd221068779ed6fb1bae751a9a70c6133fd3", "25f2be22535798e48ea2b92c08da3e62f15569f1f67bc45889d7dc403a2c5bf8", "2d3ae3b2189a6ad6436f046c4dc4e30509132e0a0ae08175a2299105f26277ca", "2ea0fc4ce00afe714122a10fb44e4f8115724e56c88654b2c0bd0dd952db6b1a", "380b798da49861cb0cb551a7b945f8db7e3893402c2423b6f9ebac784c79abf6", "3a65beafd1115dd9343e3204fe9b53dde7e76d269804ddfcc95d6b379c9a081b", "3fd4e4bc06b0c735ecb690e317fd0954b0b9011e6e32980e04af7611b938ec2c", "4038edea39f0d2c4155b1917759beca2f9fc8150a48d7e06a1b3e7b9b72652ae", "41892f3328b48749726630a3e75ee0addd7e41060beefcfc9d81d3bfc3ab55fd", "529883d5b3a9935f3863fcf277ed10086645b2c94e0363276358cd2af9dc5dc1", "5685ddcb62cd05ed44dd16b1e9004f1c63a5cd8965ccd19089a4fda044a48e81", "5945310e811930231bf36f6d6d34af46bef97aa4d23e6adc1911772f7b0f8299", "63ca73da5b67e40b82967d71e3b07aed7a17de020d0a009ff5838cdef5955c0d", "6f48cb7449083ebf82b8507d3d32f30fe8d76f329babe728d8bc94628a878981", "6f5394ad933af9c28c7eefc6c62eead20d8e3ecf5ebe40b10d81f74d96d1dfe1", "87ff71bee735095c209afefc60cda504cc77acc50fc4ba31d756c9ea4c853a89", "a3c04866cc1b9024efa30842042f2e50337a6cdb7a77776784ad25e322cf93d7", "a55543ec1b6966095c16d18874123733518b24859d943412b346bb1c1bc2aa45", "aceca08c357c2da59b3a311c8b3199ac1d7d903c03c14b6f35f84d77b76c4764", "b29afa8695161d81edf54df2f6c36c02bb81fdd109f0000b106cbafe4bcd27a5"], "name": "MSCTF.Shared.MUTEX.4d29acca"}, {"hashes": ["06dd24c4205cce7274c8b332e34abdc1cf6064d21bca8fc4407cd6cf075cfd09", "0b6a83489612fbac0c8031c717c2ef806d1ab504ee882a4e83700bd277684eca", "25473161969a5ce442ced0c778e677792b07fa68fe500734f7fccab735dfc6ac", "25e7e21526add1508c644c31cbbffd221068779ed6fb1bae751a9a70c6133fd3", "25f2be22535798e48ea2b92c08da3e62f15569f1f67bc45889d7dc403a2c5bf8", "2d3ae3b2189a6ad6436f046c4dc4e30509132e0a0ae08175a2299105f26277ca", "2ea0fc4ce00afe714122a10fb44e4f8115724e56c88654b2c0bd0dd952db6b1a", "380b798da49861cb0cb551a7b945f8db7e3893402c2423b6f9ebac784c79abf6", "3a65beafd1115dd9343e3204fe9b53dde7e76d269804ddfcc95d6b379c9a081b", "3fd4e4bc06b0c735ecb690e317fd0954b0b9011e6e32980e04af7611b938ec2c", "4038edea39f0d2c4155b1917759beca2f9fc8150a48d7e06a1b3e7b9b72652ae", "41892f3328b48749726630a3e75ee0addd7e41060beefcfc9d81d3bfc3ab55fd", "529883d5b3a9935f3863fcf277ed10086645b2c94e0363276358cd2af9dc5dc1", "5685ddcb62cd05ed44dd16b1e9004f1c63a5cd8965ccd19089a4fda044a48e81", "5945310e811930231bf36f6d6d34af46bef97aa4d23e6adc1911772f7b0f8299", "63ca73da5b67e40b82967d71e3b07aed7a17de020d0a009ff5838cdef5955c0d", "6f48cb7449083ebf82b8507d3d32f30fe8d76f329babe728d8bc94628a878981", "6f5394ad933af9c28c7eefc6c62eead20d8e3ecf5ebe40b10d81f74d96d1dfe1", "87ff71bee735095c209afefc60cda504cc77acc50fc4ba31d756c9ea4c853a89", "a3c04866cc1b9024efa30842042f2e50337a6cdb7a77776784ad25e322cf93d7", "a55543ec1b6966095c16d18874123733518b24859d943412b346bb1c1bc2aa45", "aceca08c357c2da59b3a311c8b3199ac1d7d903c03c14b6f35f84d77b76c4764", "b29afa8695161d81edf54df2f6c36c02bb81fdd109f0000b106cbafe4bcd27a5"], "name": "MSCTF.Shared.MUTEX.a694d665"}, {"hashes": ["06dd24c4205cce7274c8b332e34abdc1cf6064d21bca8fc4407cd6cf075cfd09", "0b6a83489612fbac0c8031c717c2ef806d1ab504ee882a4e83700bd277684eca", "25473161969a5ce442ced0c778e677792b07fa68fe500734f7fccab735dfc6ac", "25e7e21526add1508c644c31cbbffd221068779ed6fb1bae751a9a70c6133fd3", "25f2be22535798e48ea2b92c08da3e62f15569f1f67bc45889d7dc403a2c5bf8", "2d3ae3b2189a6ad6436f046c4dc4e30509132e0a0ae08175a2299105f26277ca", "2ea0fc4ce00afe714122a10fb44e4f8115724e56c88654b2c0bd0dd952db6b1a", "380b798da49861cb0cb551a7b945f8db7e3893402c2423b6f9ebac784c79abf6", "3a65beafd1115dd9343e3204fe9b53dde7e76d269804ddfcc95d6b379c9a081b", "3fd4e4bc06b0c735ecb690e317fd0954b0b9011e6e32980e04af7611b938ec2c", "4038edea39f0d2c4155b1917759beca2f9fc8150a48d7e06a1b3e7b9b72652ae", "41892f3328b48749726630a3e75ee0addd7e41060beefcfc9d81d3bfc3ab55fd", "529883d5b3a9935f3863fcf277ed10086645b2c94e0363276358cd2af9dc5dc1", "5685ddcb62cd05ed44dd16b1e9004f1c63a5cd8965ccd19089a4fda044a48e81", "5945310e811930231bf36f6d6d34af46bef97aa4d23e6adc1911772f7b0f8299", "63ca73da5b67e40b82967d71e3b07aed7a17de020d0a009ff5838cdef5955c0d", "6f48cb7449083ebf82b8507d3d32f30fe8d76f329babe728d8bc94628a878981", "6f5394ad933af9c28c7eefc6c62eead20d8e3ecf5ebe40b10d81f74d96d1dfe1", "87ff71bee735095c209afefc60cda504cc77acc50fc4ba31d756c9ea4c853a89", "a3c04866cc1b9024efa30842042f2e50337a6cdb7a77776784ad25e322cf93d7", "a55543ec1b6966095c16d18874123733518b24859d943412b346bb1c1bc2aa45", "aceca08c357c2da59b3a311c8b3199ac1d7d903c03c14b6f35f84d77b76c4764", "b29afa8695161d81edf54df2f6c36c02bb81fdd109f0000b106cbafe4bcd27a5"], "name": "MSCTF.Shared.MUTEX.c6bc01be"}, {"hashes": ["06dd24c4205cce7274c8b332e34abdc1cf6064d21bca8fc4407cd6cf075cfd09", "0b6a83489612fbac0c8031c717c2ef806d1ab504ee882a4e83700bd277684eca", "25473161969a5ce442ced0c778e677792b07fa68fe500734f7fccab735dfc6ac", "25e7e21526add1508c644c31cbbffd221068779ed6fb1bae751a9a70c6133fd3", "25f2be22535798e48ea2b92c08da3e62f15569f1f67bc45889d7dc403a2c5bf8", "2d3ae3b2189a6ad6436f046c4dc4e30509132e0a0ae08175a2299105f26277ca", "2ea0fc4ce00afe714122a10fb44e4f8115724e56c88654b2c0bd0dd952db6b1a", "380b798da49861cb0cb551a7b945f8db7e3893402c2423b6f9ebac784c79abf6", "3a65beafd1115dd9343e3204fe9b53dde7e76d269804ddfcc95d6b379c9a081b", "3fd4e4bc06b0c735ecb690e317fd0954b0b9011e6e32980e04af7611b938ec2c", "4038edea39f0d2c4155b1917759beca2f9fc8150a48d7e06a1b3e7b9b72652ae", "41892f3328b48749726630a3e75ee0addd7e41060beefcfc9d81d3bfc3ab55fd", "529883d5b3a9935f3863fcf277ed10086645b2c94e0363276358cd2af9dc5dc1", "5685ddcb62cd05ed44dd16b1e9004f1c63a5cd8965ccd19089a4fda044a48e81", "5945310e811930231bf36f6d6d34af46bef97aa4d23e6adc1911772f7b0f8299", "63ca73da5b67e40b82967d71e3b07aed7a17de020d0a009ff5838cdef5955c0d", "6f48cb7449083ebf82b8507d3d32f30fe8d76f329babe728d8bc94628a878981", "6f5394ad933af9c28c7eefc6c62eead20d8e3ecf5ebe40b10d81f74d96d1dfe1", "87ff71bee735095c209afefc60cda504cc77acc50fc4ba31d756c9ea4c853a89", "a3c04866cc1b9024efa30842042f2e50337a6cdb7a77776784ad25e322cf93d7", "a55543ec1b6966095c16d18874123733518b24859d943412b346bb1c1bc2aa45", "aceca08c357c2da59b3a311c8b3199ac1d7d903c03c14b6f35f84d77b76c4764", "b29afa8695161d81edf54df2f6c36c02bb81fdd109f0000b106cbafe4bcd27a5"], "name": "MSCTF.Shared.MUTEX.e35e00df"}, {"hashes": ["06dd24c4205cce7274c8b332e34abdc1cf6064d21bca8fc4407cd6cf075cfd09", "0b6a83489612fbac0c8031c717c2ef806d1ab504ee882a4e83700bd277684eca", "25473161969a5ce442ced0c778e677792b07fa68fe500734f7fccab735dfc6ac", "25e7e21526add1508c644c31cbbffd221068779ed6fb1bae751a9a70c6133fd3", "25f2be22535798e48ea2b92c08da3e62f15569f1f67bc45889d7dc403a2c5bf8", "2d3ae3b2189a6ad6436f046c4dc4e30509132e0a0ae08175a2299105f26277ca", "2ea0fc4ce00afe714122a10fb44e4f8115724e56c88654b2c0bd0dd952db6b1a", "380b798da49861cb0cb551a7b945f8db7e3893402c2423b6f9ebac784c79abf6", "3a65beafd1115dd9343e3204fe9b53dde7e76d269804ddfcc95d6b379c9a081b", "3fd4e4bc06b0c735ecb690e317fd0954b0b9011e6e32980e04af7611b938ec2c", "4038edea39f0d2c4155b1917759beca2f9fc8150a48d7e06a1b3e7b9b72652ae", "41892f3328b48749726630a3e75ee0addd7e41060beefcfc9d81d3bfc3ab55fd", "529883d5b3a9935f3863fcf277ed10086645b2c94e0363276358cd2af9dc5dc1", "5685ddcb62cd05ed44dd16b1e9004f1c63a5cd8965ccd19089a4fda044a48e81", "5945310e811930231bf36f6d6d34af46bef97aa4d23e6adc1911772f7b0f8299", "63ca73da5b67e40b82967d71e3b07aed7a17de020d0a009ff5838cdef5955c0d", "6f48cb7449083ebf82b8507d3d32f30fe8d76f329babe728d8bc94628a878981", "6f5394ad933af9c28c7eefc6c62eead20d8e3ecf5ebe40b10d81f74d96d1dfe1", "87ff71bee735095c209afefc60cda504cc77acc50fc4ba31d756c9ea4c853a89", "a3c04866cc1b9024efa30842042f2e50337a6cdb7a77776784ad25e322cf93d7", "a55543ec1b6966095c16d18874123733518b24859d943412b346bb1c1bc2aa45", "aceca08c357c2da59b3a311c8b3199ac1d7d903c03c14b6f35f84d77b76c4764", "b29afa8695161d81edf54df2f6c36c02bb81fdd109f0000b106cbafe4bcd27a5"], "name": "MSCTF.Shared.MUTEX.10e27d81"}, {"hashes": ["06dd24c4205cce7274c8b332e34abdc1cf6064d21bca8fc4407cd6cf075cfd09", "0b6a83489612fbac0c8031c717c2ef806d1ab504ee882a4e83700bd277684eca", "25473161969a5ce442ced0c778e677792b07fa68fe500734f7fccab735dfc6ac", "25e7e21526add1508c644c31cbbffd221068779ed6fb1bae751a9a70c6133fd3", "25f2be22535798e48ea2b92c08da3e62f15569f1f67bc45889d7dc403a2c5bf8", "2d3ae3b2189a6ad6436f046c4dc4e30509132e0a0ae08175a2299105f26277ca", "2ea0fc4ce00afe714122a10fb44e4f8115724e56c88654b2c0bd0dd952db6b1a", "380b798da49861cb0cb551a7b945f8db7e3893402c2423b6f9ebac784c79abf6", "3a65beafd1115dd9343e3204fe9b53dde7e76d269804ddfcc95d6b379c9a081b", "3fd4e4bc06b0c735ecb690e317fd0954b0b9011e6e32980e04af7611b938ec2c", "4038edea39f0d2c4155b1917759beca2f9fc8150a48d7e06a1b3e7b9b72652ae", "41892f3328b48749726630a3e75ee0addd7e41060beefcfc9d81d3bfc3ab55fd", "529883d5b3a9935f3863fcf277ed10086645b2c94e0363276358cd2af9dc5dc1", "5685ddcb62cd05ed44dd16b1e9004f1c63a5cd8965ccd19089a4fda044a48e81", "5945310e811930231bf36f6d6d34af46bef97aa4d23e6adc1911772f7b0f8299", "63ca73da5b67e40b82967d71e3b07aed7a17de020d0a009ff5838cdef5955c0d", "6f48cb7449083ebf82b8507d3d32f30fe8d76f329babe728d8bc94628a878981", "6f5394ad933af9c28c7eefc6c62eead20d8e3ecf5ebe40b10d81f74d96d1dfe1", "87ff71bee735095c209afefc60cda504cc77acc50fc4ba31d756c9ea4c853a89", "a3c04866cc1b9024efa30842042f2e50337a6cdb7a77776784ad25e322cf93d7", "a55543ec1b6966095c16d18874123733518b24859d943412b346bb1c1bc2aa45", "aceca08c357c2da59b3a311c8b3199ac1d7d903c03c14b6f35f84d77b76c4764", "b29afa8695161d81edf54df2f6c36c02bb81fdd109f0000b106cbafe4bcd27a5"], "name": "MSCTF.Shared.MUTEX.1ddf8ea2"}, {"hashes": ["06dd24c4205cce7274c8b332e34abdc1cf6064d21bca8fc4407cd6cf075cfd09", "0b6a83489612fbac0c8031c717c2ef806d1ab504ee882a4e83700bd277684eca", "25473161969a5ce442ced0c778e677792b07fa68fe500734f7fccab735dfc6ac", "25e7e21526add1508c644c31cbbffd221068779ed6fb1bae751a9a70c6133fd3", "25f2be22535798e48ea2b92c08da3e62f15569f1f67bc45889d7dc403a2c5bf8", "2d3ae3b2189a6ad6436f046c4dc4e30509132e0a0ae08175a2299105f26277ca", "2ea0fc4ce00afe714122a10fb44e4f8115724e56c88654b2c0bd0dd952db6b1a", "380b798da49861cb0cb551a7b945f8db7e3893402c2423b6f9ebac784c79abf6", "3a65beafd1115dd9343e3204fe9b53dde7e76d269804ddfcc95d6b379c9a081b", "3fd4e4bc06b0c735ecb690e317fd0954b0b9011e6e32980e04af7611b938ec2c", "4038edea39f0d2c4155b1917759beca2f9fc8150a48d7e06a1b3e7b9b72652ae", "41892f3328b48749726630a3e75ee0addd7e41060beefcfc9d81d3bfc3ab55fd", "529883d5b3a9935f3863fcf277ed10086645b2c94e0363276358cd2af9dc5dc1", "5685ddcb62cd05ed44dd16b1e9004f1c63a5cd8965ccd19089a4fda044a48e81", "5945310e811930231bf36f6d6d34af46bef97aa4d23e6adc1911772f7b0f8299", "63ca73da5b67e40b82967d71e3b07aed7a17de020d0a009ff5838cdef5955c0d", "6f48cb7449083ebf82b8507d3d32f30fe8d76f329babe728d8bc94628a878981", "6f5394ad933af9c28c7eefc6c62eead20d8e3ecf5ebe40b10d81f74d96d1dfe1", "87ff71bee735095c209afefc60cda504cc77acc50fc4ba31d756c9ea4c853a89", "a3c04866cc1b9024efa30842042f2e50337a6cdb7a77776784ad25e322cf93d7", "a55543ec1b6966095c16d18874123733518b24859d943412b346bb1c1bc2aa45", "aceca08c357c2da59b3a311c8b3199ac1d7d903c03c14b6f35f84d77b76c4764", "b29afa8695161d81edf54df2f6c36c02bb81fdd109f0000b106cbafe4bcd27a5"], "name": "MSCTF.Shared.MUTEX.2144df1c"}, {"hashes": ["06dd24c4205cce7274c8b332e34abdc1cf6064d21bca8fc4407cd6cf075cfd09", "0b6a83489612fbac0c8031c717c2ef806d1ab504ee882a4e83700bd277684eca", "25473161969a5ce442ced0c778e677792b07fa68fe500734f7fccab735dfc6ac", "25e7e21526add1508c644c31cbbffd221068779ed6fb1bae751a9a70c6133fd3", "25f2be22535798e48ea2b92c08da3e62f15569f1f67bc45889d7dc403a2c5bf8", "2d3ae3b2189a6ad6436f046c4dc4e30509132e0a0ae08175a2299105f26277ca", "2ea0fc4ce00afe714122a10fb44e4f8115724e56c88654b2c0bd0dd952db6b1a", "380b798da49861cb0cb551a7b945f8db7e3893402c2423b6f9ebac784c79abf6", "3a65beafd1115dd9343e3204fe9b53dde7e76d269804ddfcc95d6b379c9a081b", "3fd4e4bc06b0c735ecb690e317fd0954b0b9011e6e32980e04af7611b938ec2c", "4038edea39f0d2c4155b1917759beca2f9fc8150a48d7e06a1b3e7b9b72652ae", "41892f3328b48749726630a3e75ee0addd7e41060beefcfc9d81d3bfc3ab55fd", "529883d5b3a9935f3863fcf277ed10086645b2c94e0363276358cd2af9dc5dc1", "5685ddcb62cd05ed44dd16b1e9004f1c63a5cd8965ccd19089a4fda044a48e81", "5945310e811930231bf36f6d6d34af46bef97aa4d23e6adc1911772f7b0f8299", "63ca73da5b67e40b82967d71e3b07aed7a17de020d0a009ff5838cdef5955c0d", "6f48cb7449083ebf82b8507d3d32f30fe8d76f329babe728d8bc94628a878981", "6f5394ad933af9c28c7eefc6c62eead20d8e3ecf5ebe40b10d81f74d96d1dfe1", "87ff71bee735095c209afefc60cda504cc77acc50fc4ba31d756c9ea4c853a89", "a3c04866cc1b9024efa30842042f2e50337a6cdb7a77776784ad25e322cf93d7", "a55543ec1b6966095c16d18874123733518b24859d943412b346bb1c1bc2aa45", "aceca08c357c2da59b3a311c8b3199ac1d7d903c03c14b6f35f84d77b76c4764", "b29afa8695161d81edf54df2f6c36c02bb81fdd109f0000b106cbafe4bcd27a5"], "name": "MSCTF.Shared.MUTEX.273b1396"}, {"hashes": ["06dd24c4205cce7274c8b332e34abdc1cf6064d21bca8fc4407cd6cf075cfd09", "0b6a83489612fbac0c8031c717c2ef806d1ab504ee882a4e83700bd277684eca", "25473161969a5ce442ced0c778e677792b07fa68fe500734f7fccab735dfc6ac", "25e7e21526add1508c644c31cbbffd221068779ed6fb1bae751a9a70c6133fd3", "25f2be22535798e48ea2b92c08da3e62f15569f1f67bc45889d7dc403a2c5bf8", "2d3ae3b2189a6ad6436f046c4dc4e30509132e0a0ae08175a2299105f26277ca", "2ea0fc4ce00afe714122a10fb44e4f8115724e56c88654b2c0bd0dd952db6b1a", "380b798da49861cb0cb551a7b945f8db7e3893402c2423b6f9ebac784c79abf6", "3a65beafd1115dd9343e3204fe9b53dde7e76d269804ddfcc95d6b379c9a081b", "3fd4e4bc06b0c735ecb690e317fd0954b0b9011e6e32980e04af7611b938ec2c", "4038edea39f0d2c4155b1917759beca2f9fc8150a48d7e06a1b3e7b9b72652ae", "41892f3328b48749726630a3e75ee0addd7e41060beefcfc9d81d3bfc3ab55fd", "529883d5b3a9935f3863fcf277ed10086645b2c94e0363276358cd2af9dc5dc1", "5685ddcb62cd05ed44dd16b1e9004f1c63a5cd8965ccd19089a4fda044a48e81", "5945310e811930231bf36f6d6d34af46bef97aa4d23e6adc1911772f7b0f8299", "63ca73da5b67e40b82967d71e3b07aed7a17de020d0a009ff5838cdef5955c0d", "6f48cb7449083ebf82b8507d3d32f30fe8d76f329babe728d8bc94628a878981", "6f5394ad933af9c28c7eefc6c62eead20d8e3ecf5ebe40b10d81f74d96d1dfe1", "87ff71bee735095c209afefc60cda504cc77acc50fc4ba31d756c9ea4c853a89", "a3c04866cc1b9024efa30842042f2e50337a6cdb7a77776784ad25e322cf93d7", "a55543ec1b6966095c16d18874123733518b24859d943412b346bb1c1bc2aa45", "aceca08c357c2da59b3a311c8b3199ac1d7d903c03c14b6f35f84d77b76c4764", "b29afa8695161d81edf54df2f6c36c02bb81fdd109f0000b106cbafe4bcd27a5"], "name": "MSCTF.Shared.MUTEX.2e3f9266"}, {"hashes": ["06dd24c4205cce7274c8b332e34abdc1cf6064d21bca8fc4407cd6cf075cfd09", "0b6a83489612fbac0c8031c717c2ef806d1ab504ee882a4e83700bd277684eca", "25473161969a5ce442ced0c778e677792b07fa68fe500734f7fccab735dfc6ac", "25e7e21526add1508c644c31cbbffd221068779ed6fb1bae751a9a70c6133fd3", "25f2be22535798e48ea2b92c08da3e62f15569f1f67bc45889d7dc403a2c5bf8", "2d3ae3b2189a6ad6436f046c4dc4e30509132e0a0ae08175a2299105f26277ca", "2ea0fc4ce00afe714122a10fb44e4f8115724e56c88654b2c0bd0dd952db6b1a", "380b798da49861cb0cb551a7b945f8db7e3893402c2423b6f9ebac784c79abf6", "3a65beafd1115dd9343e3204fe9b53dde7e76d269804ddfcc95d6b379c9a081b", "3fd4e4bc06b0c735ecb690e317fd0954b0b9011e6e32980e04af7611b938ec2c", "4038edea39f0d2c4155b1917759beca2f9fc8150a48d7e06a1b3e7b9b72652ae", "41892f3328b48749726630a3e75ee0addd7e41060beefcfc9d81d3bfc3ab55fd", "529883d5b3a9935f3863fcf277ed10086645b2c94e0363276358cd2af9dc5dc1", "5685ddcb62cd05ed44dd16b1e9004f1c63a5cd8965ccd19089a4fda044a48e81", "5945310e811930231bf36f6d6d34af46bef97aa4d23e6adc1911772f7b0f8299", "63ca73da5b67e40b82967d71e3b07aed7a17de020d0a009ff5838cdef5955c0d", "6f48cb7449083ebf82b8507d3d32f30fe8d76f329babe728d8bc94628a878981", "6f5394ad933af9c28c7eefc6c62eead20d8e3ecf5ebe40b10d81f74d96d1dfe1", "87ff71bee735095c209afefc60cda504cc77acc50fc4ba31d756c9ea4c853a89", "a3c04866cc1b9024efa30842042f2e50337a6cdb7a77776784ad25e322cf93d7", "a55543ec1b6966095c16d18874123733518b24859d943412b346bb1c1bc2aa45", "aceca08c357c2da59b3a311c8b3199ac1d7d903c03c14b6f35f84d77b76c4764", "b29afa8695161d81edf54df2f6c36c02bb81fdd109f0000b106cbafe4bcd27a5"], "name": "MSCTF.Shared.MUTEX.380fe355"}, {"hashes": ["06dd24c4205cce7274c8b332e34abdc1cf6064d21bca8fc4407cd6cf075cfd09", "0b6a83489612fbac0c8031c717c2ef806d1ab504ee882a4e83700bd277684eca", "25473161969a5ce442ced0c778e677792b07fa68fe500734f7fccab735dfc6ac", "25e7e21526add1508c644c31cbbffd221068779ed6fb1bae751a9a70c6133fd3", "25f2be22535798e48ea2b92c08da3e62f15569f1f67bc45889d7dc403a2c5bf8", "2d3ae3b2189a6ad6436f046c4dc4e30509132e0a0ae08175a2299105f26277ca", "2ea0fc4ce00afe714122a10fb44e4f8115724e56c88654b2c0bd0dd952db6b1a", "380b798da49861cb0cb551a7b945f8db7e3893402c2423b6f9ebac784c79abf6", "3a65beafd1115dd9343e3204fe9b53dde7e76d269804ddfcc95d6b379c9a081b", "3fd4e4bc06b0c735ecb690e317fd0954b0b9011e6e32980e04af7611b938ec2c", "4038edea39f0d2c4155b1917759beca2f9fc8150a48d7e06a1b3e7b9b72652ae", "41892f3328b48749726630a3e75ee0addd7e41060beefcfc9d81d3bfc3ab55fd", "529883d5b3a9935f3863fcf277ed10086645b2c94e0363276358cd2af9dc5dc1", "5685ddcb62cd05ed44dd16b1e9004f1c63a5cd8965ccd19089a4fda044a48e81", "5945310e811930231bf36f6d6d34af46bef97aa4d23e6adc1911772f7b0f8299", "63ca73da5b67e40b82967d71e3b07aed7a17de020d0a009ff5838cdef5955c0d", "6f48cb7449083ebf82b8507d3d32f30fe8d76f329babe728d8bc94628a878981", "6f5394ad933af9c28c7eefc6c62eead20d8e3ecf5ebe40b10d81f74d96d1dfe1", "87ff71bee735095c209afefc60cda504cc77acc50fc4ba31d756c9ea4c853a89", "a3c04866cc1b9024efa30842042f2e50337a6cdb7a77776784ad25e322cf93d7", "a55543ec1b6966095c16d18874123733518b24859d943412b346bb1c1bc2aa45", "aceca08c357c2da59b3a311c8b3199ac1d7d903c03c14b6f35f84d77b76c4764", "b29afa8695161d81edf54df2f6c36c02bb81fdd109f0000b106cbafe4bcd27a5"], "name": "MSCTF.Shared.MUTEX.60d05f0d"}, {"hashes": ["06dd24c4205cce7274c8b332e34abdc1cf6064d21bca8fc4407cd6cf075cfd09", "0b6a83489612fbac0c8031c717c2ef806d1ab504ee882a4e83700bd277684eca", "25473161969a5ce442ced0c778e677792b07fa68fe500734f7fccab735dfc6ac", "25e7e21526add1508c644c31cbbffd221068779ed6fb1bae751a9a70c6133fd3", "25f2be22535798e48ea2b92c08da3e62f15569f1f67bc45889d7dc403a2c5bf8", "2d3ae3b2189a6ad6436f046c4dc4e30509132e0a0ae08175a2299105f26277ca", "2ea0fc4ce00afe714122a10fb44e4f8115724e56c88654b2c0bd0dd952db6b1a", "380b798da49861cb0cb551a7b945f8db7e3893402c2423b6f9ebac784c79abf6", "3a65beafd1115dd9343e3204fe9b53dde7e76d269804ddfcc95d6b379c9a081b", "3fd4e4bc06b0c735ecb690e317fd0954b0b9011e6e32980e04af7611b938ec2c", "4038edea39f0d2c4155b1917759beca2f9fc8150a48d7e06a1b3e7b9b72652ae", "41892f3328b48749726630a3e75ee0addd7e41060beefcfc9d81d3bfc3ab55fd", "529883d5b3a9935f3863fcf277ed10086645b2c94e0363276358cd2af9dc5dc1", "5685ddcb62cd05ed44dd16b1e9004f1c63a5cd8965ccd19089a4fda044a48e81", "5945310e811930231bf36f6d6d34af46bef97aa4d23e6adc1911772f7b0f8299", "63ca73da5b67e40b82967d71e3b07aed7a17de020d0a009ff5838cdef5955c0d", "6f48cb7449083ebf82b8507d3d32f30fe8d76f329babe728d8bc94628a878981", "6f5394ad933af9c28c7eefc6c62eead20d8e3ecf5ebe40b10d81f74d96d1dfe1", "87ff71bee735095c209afefc60cda504cc77acc50fc4ba31d756c9ea4c853a89", "a3c04866cc1b9024efa30842042f2e50337a6cdb7a77776784ad25e322cf93d7", "a55543ec1b6966095c16d18874123733518b24859d943412b346bb1c1bc2aa45", "aceca08c357c2da59b3a311c8b3199ac1d7d903c03c14b6f35f84d77b76c4764", "b29afa8695161d81edf54df2f6c36c02bb81fdd109f0000b106cbafe4bcd27a5"], "name": "MSCTF.Shared.MUTEX.77224409"}, {"hashes": ["06dd24c4205cce7274c8b332e34abdc1cf6064d21bca8fc4407cd6cf075cfd09", "0b6a83489612fbac0c8031c717c2ef806d1ab504ee882a4e83700bd277684eca", "25473161969a5ce442ced0c778e677792b07fa68fe500734f7fccab735dfc6ac", "25e7e21526add1508c644c31cbbffd221068779ed6fb1bae751a9a70c6133fd3", "25f2be22535798e48ea2b92c08da3e62f15569f1f67bc45889d7dc403a2c5bf8", "2d3ae3b2189a6ad6436f046c4dc4e30509132e0a0ae08175a2299105f26277ca", "2ea0fc4ce00afe714122a10fb44e4f8115724e56c88654b2c0bd0dd952db6b1a", "380b798da49861cb0cb551a7b945f8db7e3893402c2423b6f9ebac784c79abf6", "3a65beafd1115dd9343e3204fe9b53dde7e76d269804ddfcc95d6b379c9a081b", "3fd4e4bc06b0c735ecb690e317fd0954b0b9011e6e32980e04af7611b938ec2c", "4038edea39f0d2c4155b1917759beca2f9fc8150a48d7e06a1b3e7b9b72652ae", "41892f3328b48749726630a3e75ee0addd7e41060beefcfc9d81d3bfc3ab55fd", "529883d5b3a9935f3863fcf277ed10086645b2c94e0363276358cd2af9dc5dc1", "5685ddcb62cd05ed44dd16b1e9004f1c63a5cd8965ccd19089a4fda044a48e81", "5945310e811930231bf36f6d6d34af46bef97aa4d23e6adc1911772f7b0f8299", "63ca73da5b67e40b82967d71e3b07aed7a17de020d0a009ff5838cdef5955c0d", "6f48cb7449083ebf82b8507d3d32f30fe8d76f329babe728d8bc94628a878981", "6f5394ad933af9c28c7eefc6c62eead20d8e3ecf5ebe40b10d81f74d96d1dfe1", "87ff71bee735095c209afefc60cda504cc77acc50fc4ba31d756c9ea4c853a89", "a3c04866cc1b9024efa30842042f2e50337a6cdb7a77776784ad25e322cf93d7", "a55543ec1b6966095c16d18874123733518b24859d943412b346bb1c1bc2aa45", "aceca08c357c2da59b3a311c8b3199ac1d7d903c03c14b6f35f84d77b76c4764", "b29afa8695161d81edf54df2f6c36c02bb81fdd109f0000b106cbafe4bcd27a5"], "name": "MSCTF.Shared.MUTEX.80b41a15"}, {"hashes": ["06dd24c4205cce7274c8b332e34abdc1cf6064d21bca8fc4407cd6cf075cfd09", "0b6a83489612fbac0c8031c717c2ef806d1ab504ee882a4e83700bd277684eca", "25473161969a5ce442ced0c778e677792b07fa68fe500734f7fccab735dfc6ac", "25e7e21526add1508c644c31cbbffd221068779ed6fb1bae751a9a70c6133fd3", "25f2be22535798e48ea2b92c08da3e62f15569f1f67bc45889d7dc403a2c5bf8", "2d3ae3b2189a6ad6436f046c4dc4e30509132e0a0ae08175a2299105f26277ca", "2ea0fc4ce00afe714122a10fb44e4f8115724e56c88654b2c0bd0dd952db6b1a", "380b798da49861cb0cb551a7b945f8db7e3893402c2423b6f9ebac784c79abf6", "3a65beafd1115dd9343e3204fe9b53dde7e76d269804ddfcc95d6b379c9a081b", "3fd4e4bc06b0c735ecb690e317fd0954b0b9011e6e32980e04af7611b938ec2c", "4038edea39f0d2c4155b1917759beca2f9fc8150a48d7e06a1b3e7b9b72652ae", "41892f3328b48749726630a3e75ee0addd7e41060beefcfc9d81d3bfc3ab55fd", "529883d5b3a9935f3863fcf277ed10086645b2c94e0363276358cd2af9dc5dc1", "5685ddcb62cd05ed44dd16b1e9004f1c63a5cd8965ccd19089a4fda044a48e81", "5945310e811930231bf36f6d6d34af46bef97aa4d23e6adc1911772f7b0f8299", "63ca73da5b67e40b82967d71e3b07aed7a17de020d0a009ff5838cdef5955c0d", "6f48cb7449083ebf82b8507d3d32f30fe8d76f329babe728d8bc94628a878981", "6f5394ad933af9c28c7eefc6c62eead20d8e3ecf5ebe40b10d81f74d96d1dfe1", "87ff71bee735095c209afefc60cda504cc77acc50fc4ba31d756c9ea4c853a89", "a3c04866cc1b9024efa30842042f2e50337a6cdb7a77776784ad25e322cf93d7", "a55543ec1b6966095c16d18874123733518b24859d943412b346bb1c1bc2aa45", "aceca08c357c2da59b3a311c8b3199ac1d7d903c03c14b6f35f84d77b76c4764", "b29afa8695161d81edf54df2f6c36c02bb81fdd109f0000b106cbafe4bcd27a5"], "name": "MSCTF.Shared.MUTEX.8330ce7b"}, {"hashes": ["06dd24c4205cce7274c8b332e34abdc1cf6064d21bca8fc4407cd6cf075cfd09", "0b6a83489612fbac0c8031c717c2ef806d1ab504ee882a4e83700bd277684eca", "25473161969a5ce442ced0c778e677792b07fa68fe500734f7fccab735dfc6ac", "25e7e21526add1508c644c31cbbffd221068779ed6fb1bae751a9a70c6133fd3", "25f2be22535798e48ea2b92c08da3e62f15569f1f67bc45889d7dc403a2c5bf8", "2d3ae3b2189a6ad6436f046c4dc4e30509132e0a0ae08175a2299105f26277ca", "2ea0fc4ce00afe714122a10fb44e4f8115724e56c88654b2c0bd0dd952db6b1a", "380b798da49861cb0cb551a7b945f8db7e3893402c2423b6f9ebac784c79abf6", "3a65beafd1115dd9343e3204fe9b53dde7e76d269804ddfcc95d6b379c9a081b", "3fd4e4bc06b0c735ecb690e317fd0954b0b9011e6e32980e04af7611b938ec2c", "4038edea39f0d2c4155b1917759beca2f9fc8150a48d7e06a1b3e7b9b72652ae", "41892f3328b48749726630a3e75ee0addd7e41060beefcfc9d81d3bfc3ab55fd", "529883d5b3a9935f3863fcf277ed10086645b2c94e0363276358cd2af9dc5dc1", "5685ddcb62cd05ed44dd16b1e9004f1c63a5cd8965ccd19089a4fda044a48e81", "5945310e811930231bf36f6d6d34af46bef97aa4d23e6adc1911772f7b0f8299", "63ca73da5b67e40b82967d71e3b07aed7a17de020d0a009ff5838cdef5955c0d", "6f48cb7449083ebf82b8507d3d32f30fe8d76f329babe728d8bc94628a878981", "6f5394ad933af9c28c7eefc6c62eead20d8e3ecf5ebe40b10d81f74d96d1dfe1", "87ff71bee735095c209afefc60cda504cc77acc50fc4ba31d756c9ea4c853a89", "a3c04866cc1b9024efa30842042f2e50337a6cdb7a77776784ad25e322cf93d7", "a55543ec1b6966095c16d18874123733518b24859d943412b346bb1c1bc2aa45", "aceca08c357c2da59b3a311c8b3199ac1d7d903c03c14b6f35f84d77b76c4764", "b29afa8695161d81edf54df2f6c36c02bb81fdd109f0000b106cbafe4bcd27a5"], "name": "MSCTF.Shared.MUTEX.8a344f8b"}, {"hashes": ["06dd24c4205cce7274c8b332e34abdc1cf6064d21bca8fc4407cd6cf075cfd09", "0b6a83489612fbac0c8031c717c2ef806d1ab504ee882a4e83700bd277684eca", "25473161969a5ce442ced0c778e677792b07fa68fe500734f7fccab735dfc6ac", "25e7e21526add1508c644c31cbbffd221068779ed6fb1bae751a9a70c6133fd3", "25f2be22535798e48ea2b92c08da3e62f15569f1f67bc45889d7dc403a2c5bf8", "2d3ae3b2189a6ad6436f046c4dc4e30509132e0a0ae08175a2299105f26277ca", "2ea0fc4ce00afe714122a10fb44e4f8115724e56c88654b2c0bd0dd952db6b1a", "380b798da49861cb0cb551a7b945f8db7e3893402c2423b6f9ebac784c79abf6", "3a65beafd1115dd9343e3204fe9b53dde7e76d269804ddfcc95d6b379c9a081b", "3fd4e4bc06b0c735ecb690e317fd0954b0b9011e6e32980e04af7611b938ec2c", "4038edea39f0d2c4155b1917759beca2f9fc8150a48d7e06a1b3e7b9b72652ae", "41892f3328b48749726630a3e75ee0addd7e41060beefcfc9d81d3bfc3ab55fd", "529883d5b3a9935f3863fcf277ed10086645b2c94e0363276358cd2af9dc5dc1", "5685ddcb62cd05ed44dd16b1e9004f1c63a5cd8965ccd19089a4fda044a48e81", "5945310e811930231bf36f6d6d34af46bef97aa4d23e6adc1911772f7b0f8299", "63ca73da5b67e40b82967d71e3b07aed7a17de020d0a009ff5838cdef5955c0d", "6f48cb7449083ebf82b8507d3d32f30fe8d76f329babe728d8bc94628a878981", "6f5394ad933af9c28c7eefc6c62eead20d8e3ecf5ebe40b10d81f74d96d1dfe1", "87ff71bee735095c209afefc60cda504cc77acc50fc4ba31d756c9ea4c853a89", "a3c04866cc1b9024efa30842042f2e50337a6cdb7a77776784ad25e322cf93d7", "a55543ec1b6966095c16d18874123733518b24859d943412b346bb1c1bc2aa45", "aceca08c357c2da59b3a311c8b3199ac1d7d903c03c14b6f35f84d77b76c4764", "b29afa8695161d81edf54df2f6c36c02bb81fdd109f0000b106cbafe4bcd27a5"], "name": "MSCTF.Shared.MUTEX.a31bbb68"}, {"hashes": ["06dd24c4205cce7274c8b332e34abdc1cf6064d21bca8fc4407cd6cf075cfd09", "0b6a83489612fbac0c8031c717c2ef806d1ab504ee882a4e83700bd277684eca", "25473161969a5ce442ced0c778e677792b07fa68fe500734f7fccab735dfc6ac", "25e7e21526add1508c644c31cbbffd221068779ed6fb1bae751a9a70c6133fd3", "25f2be22535798e48ea2b92c08da3e62f15569f1f67bc45889d7dc403a2c5bf8", "2d3ae3b2189a6ad6436f046c4dc4e30509132e0a0ae08175a2299105f26277ca", "2ea0fc4ce00afe714122a10fb44e4f8115724e56c88654b2c0bd0dd952db6b1a", "380b798da49861cb0cb551a7b945f8db7e3893402c2423b6f9ebac784c79abf6", "3a65beafd1115dd9343e3204fe9b53dde7e76d269804ddfcc95d6b379c9a081b", "3fd4e4bc06b0c735ecb690e317fd0954b0b9011e6e32980e04af7611b938ec2c", "4038edea39f0d2c4155b1917759beca2f9fc8150a48d7e06a1b3e7b9b72652ae", "41892f3328b48749726630a3e75ee0addd7e41060beefcfc9d81d3bfc3ab55fd", "529883d5b3a9935f3863fcf277ed10086645b2c94e0363276358cd2af9dc5dc1", "5685ddcb62cd05ed44dd16b1e9004f1c63a5cd8965ccd19089a4fda044a48e81", "5945310e811930231bf36f6d6d34af46bef97aa4d23e6adc1911772f7b0f8299", "63ca73da5b67e40b82967d71e3b07aed7a17de020d0a009ff5838cdef5955c0d", "6f48cb7449083ebf82b8507d3d32f30fe8d76f329babe728d8bc94628a878981", "6f5394ad933af9c28c7eefc6c62eead20d8e3ecf5ebe40b10d81f74d96d1dfe1", "87ff71bee735095c209afefc60cda504cc77acc50fc4ba31d756c9ea4c853a89", "a3c04866cc1b9024efa30842042f2e50337a6cdb7a77776784ad25e322cf93d7", "a55543ec1b6966095c16d18874123733518b24859d943412b346bb1c1bc2aa45", "aceca08c357c2da59b3a311c8b3199ac1d7d903c03c14b6f35f84d77b76c4764", "b29afa8695161d81edf54df2f6c36c02bb81fdd109f0000b106cbafe4bcd27a5"], "name": "MSCTF.Shared.MUTEX.a6e0a38c"}, {"hashes": ["06dd24c4205cce7274c8b332e34abdc1cf6064d21bca8fc4407cd6cf075cfd09", "0b6a83489612fbac0c8031c717c2ef806d1ab504ee882a4e83700bd277684eca", "25473161969a5ce442ced0c778e677792b07fa68fe500734f7fccab735dfc6ac", "25e7e21526add1508c644c31cbbffd221068779ed6fb1bae751a9a70c6133fd3", "25f2be22535798e48ea2b92c08da3e62f15569f1f67bc45889d7dc403a2c5bf8", "2d3ae3b2189a6ad6436f046c4dc4e30509132e0a0ae08175a2299105f26277ca", "2ea0fc4ce00afe714122a10fb44e4f8115724e56c88654b2c0bd0dd952db6b1a", "380b798da49861cb0cb551a7b945f8db7e3893402c2423b6f9ebac784c79abf6", "3a65beafd1115dd9343e3204fe9b53dde7e76d269804ddfcc95d6b379c9a081b", "3fd4e4bc06b0c735ecb690e317fd0954b0b9011e6e32980e04af7611b938ec2c", "4038edea39f0d2c4155b1917759beca2f9fc8150a48d7e06a1b3e7b9b72652ae", "41892f3328b48749726630a3e75ee0addd7e41060beefcfc9d81d3bfc3ab55fd", "529883d5b3a9935f3863fcf277ed10086645b2c94e0363276358cd2af9dc5dc1", "5685ddcb62cd05ed44dd16b1e9004f1c63a5cd8965ccd19089a4fda044a48e81", "5945310e811930231bf36f6d6d34af46bef97aa4d23e6adc1911772f7b0f8299", "63ca73da5b67e40b82967d71e3b07aed7a17de020d0a009ff5838cdef5955c0d", "6f48cb7449083ebf82b8507d3d32f30fe8d76f329babe728d8bc94628a878981", "6f5394ad933af9c28c7eefc6c62eead20d8e3ecf5ebe40b10d81f74d96d1dfe1", "87ff71bee735095c209afefc60cda504cc77acc50fc4ba31d756c9ea4c853a89", "a3c04866cc1b9024efa30842042f2e50337a6cdb7a77776784ad25e322cf93d7", "a55543ec1b6966095c16d18874123733518b24859d943412b346bb1c1bc2aa45", "aceca08c357c2da59b3a311c8b3199ac1d7d903c03c14b6f35f84d77b76c4764", "b29afa8695161d81edf54df2f6c36c02bb81fdd109f0000b106cbafe4bcd27a5"], "name": "MSCTF.Shared.MUTEX.ae26484b"}, {"hashes": ["06dd24c4205cce7274c8b332e34abdc1cf6064d21bca8fc4407cd6cf075cfd09", "0b6a83489612fbac0c8031c717c2ef806d1ab504ee882a4e83700bd277684eca", "25473161969a5ce442ced0c778e677792b07fa68fe500734f7fccab735dfc6ac", "25e7e21526add1508c644c31cbbffd221068779ed6fb1bae751a9a70c6133fd3", "25f2be22535798e48ea2b92c08da3e62f15569f1f67bc45889d7dc403a2c5bf8", "2d3ae3b2189a6ad6436f046c4dc4e30509132e0a0ae08175a2299105f26277ca", "2ea0fc4ce00afe714122a10fb44e4f8115724e56c88654b2c0bd0dd952db6b1a", "380b798da49861cb0cb551a7b945f8db7e3893402c2423b6f9ebac784c79abf6", "3a65beafd1115dd9343e3204fe9b53dde7e76d269804ddfcc95d6b379c9a081b", "3fd4e4bc06b0c735ecb690e317fd0954b0b9011e6e32980e04af7611b938ec2c", "4038edea39f0d2c4155b1917759beca2f9fc8150a48d7e06a1b3e7b9b72652ae", "41892f3328b48749726630a3e75ee0addd7e41060beefcfc9d81d3bfc3ab55fd", "529883d5b3a9935f3863fcf277ed10086645b2c94e0363276358cd2af9dc5dc1", "5685ddcb62cd05ed44dd16b1e9004f1c63a5cd8965ccd19089a4fda044a48e81", "5945310e811930231bf36f6d6d34af46bef97aa4d23e6adc1911772f7b0f8299", "63ca73da5b67e40b82967d71e3b07aed7a17de020d0a009ff5838cdef5955c0d", "6f48cb7449083ebf82b8507d3d32f30fe8d76f329babe728d8bc94628a878981", "6f5394ad933af9c28c7eefc6c62eead20d8e3ecf5ebe40b10d81f74d96d1dfe1", "87ff71bee735095c209afefc60cda504cc77acc50fc4ba31d756c9ea4c853a89", "a3c04866cc1b9024efa30842042f2e50337a6cdb7a77776784ad25e322cf93d7", "a55543ec1b6966095c16d18874123733518b24859d943412b346bb1c1bc2aa45", "aceca08c357c2da59b3a311c8b3199ac1d7d903c03c14b6f35f84d77b76c4764", "b29afa8695161d81edf54df2f6c36c02bb81fdd109f0000b106cbafe4bcd27a5"], "name": "MSCTF.Shared.MUTEX.be69f5f2"}, {"hashes": ["06dd24c4205cce7274c8b332e34abdc1cf6064d21bca8fc4407cd6cf075cfd09", "0b6a83489612fbac0c8031c717c2ef806d1ab504ee882a4e83700bd277684eca", "25473161969a5ce442ced0c778e677792b07fa68fe500734f7fccab735dfc6ac", "25e7e21526add1508c644c31cbbffd221068779ed6fb1bae751a9a70c6133fd3", "25f2be22535798e48ea2b92c08da3e62f15569f1f67bc45889d7dc403a2c5bf8", "2d3ae3b2189a6ad6436f046c4dc4e30509132e0a0ae08175a2299105f26277ca", "2ea0fc4ce00afe714122a10fb44e4f8115724e56c88654b2c0bd0dd952db6b1a", "380b798da49861cb0cb551a7b945f8db7e3893402c2423b6f9ebac784c79abf6", "3a65beafd1115dd9343e3204fe9b53dde7e76d269804ddfcc95d6b379c9a081b", "3fd4e4bc06b0c735ecb690e317fd0954b0b9011e6e32980e04af7611b938ec2c", "4038edea39f0d2c4155b1917759beca2f9fc8150a48d7e06a1b3e7b9b72652ae", "41892f3328b48749726630a3e75ee0addd7e41060beefcfc9d81d3bfc3ab55fd", "529883d5b3a9935f3863fcf277ed10086645b2c94e0363276358cd2af9dc5dc1", "5685ddcb62cd05ed44dd16b1e9004f1c63a5cd8965ccd19089a4fda044a48e81", "5945310e811930231bf36f6d6d34af46bef97aa4d23e6adc1911772f7b0f8299", "63ca73da5b67e40b82967d71e3b07aed7a17de020d0a009ff5838cdef5955c0d", "6f48cb7449083ebf82b8507d3d32f30fe8d76f329babe728d8bc94628a878981", "6f5394ad933af9c28c7eefc6c62eead20d8e3ecf5ebe40b10d81f74d96d1dfe1", "87ff71bee735095c209afefc60cda504cc77acc50fc4ba31d756c9ea4c853a89", "a3c04866cc1b9024efa30842042f2e50337a6cdb7a77776784ad25e322cf93d7", "a55543ec1b6966095c16d18874123733518b24859d943412b346bb1c1bc2aa45", "aceca08c357c2da59b3a311c8b3199ac1d7d903c03c14b6f35f84d77b76c4764", "b29afa8695161d81edf54df2f6c36c02bb81fdd109f0000b106cbafe4bcd27a5"], "name": "MSCTF.Shared.MUTEX.d9a9cc7a"}, {"hashes": ["06dd24c4205cce7274c8b332e34abdc1cf6064d21bca8fc4407cd6cf075cfd09", "0b6a83489612fbac0c8031c717c2ef806d1ab504ee882a4e83700bd277684eca", "25473161969a5ce442ced0c778e677792b07fa68fe500734f7fccab735dfc6ac", "25e7e21526add1508c644c31cbbffd221068779ed6fb1bae751a9a70c6133fd3", "25f2be22535798e48ea2b92c08da3e62f15569f1f67bc45889d7dc403a2c5bf8", "2d3ae3b2189a6ad6436f046c4dc4e30509132e0a0ae08175a2299105f26277ca", "2ea0fc4ce00afe714122a10fb44e4f8115724e56c88654b2c0bd0dd952db6b1a", "380b798da49861cb0cb551a7b945f8db7e3893402c2423b6f9ebac784c79abf6", "3a65beafd1115dd9343e3204fe9b53dde7e76d269804ddfcc95d6b379c9a081b", "3fd4e4bc06b0c735ecb690e317fd0954b0b9011e6e32980e04af7611b938ec2c", "4038edea39f0d2c4155b1917759beca2f9fc8150a48d7e06a1b3e7b9b72652ae", "41892f3328b48749726630a3e75ee0addd7e41060beefcfc9d81d3bfc3ab55fd", "529883d5b3a9935f3863fcf277ed10086645b2c94e0363276358cd2af9dc5dc1", "5685ddcb62cd05ed44dd16b1e9004f1c63a5cd8965ccd19089a4fda044a48e81", "5945310e811930231bf36f6d6d34af46bef97aa4d23e6adc1911772f7b0f8299", "63ca73da5b67e40b82967d71e3b07aed7a17de020d0a009ff5838cdef5955c0d", "6f48cb7449083ebf82b8507d3d32f30fe8d76f329babe728d8bc94628a878981", "6f5394ad933af9c28c7eefc6c62eead20d8e3ecf5ebe40b10d81f74d96d1dfe1", "87ff71bee735095c209afefc60cda504cc77acc50fc4ba31d756c9ea4c853a89", "a3c04866cc1b9024efa30842042f2e50337a6cdb7a77776784ad25e322cf93d7", "a55543ec1b6966095c16d18874123733518b24859d943412b346bb1c1bc2aa45", "aceca08c357c2da59b3a311c8b3199ac1d7d903c03c14b6f35f84d77b76c4764", "b29afa8695161d81edf54df2f6c36c02bb81fdd109f0000b106cbafe4bcd27a5"], "name": "MSCTF.Shared.MUTEX.e6b649aa"}, {"hashes": ["06dd24c4205cce7274c8b332e34abdc1cf6064d21bca8fc4407cd6cf075cfd09", "0b6a83489612fbac0c8031c717c2ef806d1ab504ee882a4e83700bd277684eca", "25473161969a5ce442ced0c778e677792b07fa68fe500734f7fccab735dfc6ac", "25e7e21526add1508c644c31cbbffd221068779ed6fb1bae751a9a70c6133fd3", "25f2be22535798e48ea2b92c08da3e62f15569f1f67bc45889d7dc403a2c5bf8", "2d3ae3b2189a6ad6436f046c4dc4e30509132e0a0ae08175a2299105f26277ca", "2ea0fc4ce00afe714122a10fb44e4f8115724e56c88654b2c0bd0dd952db6b1a", "380b798da49861cb0cb551a7b945f8db7e3893402c2423b6f9ebac784c79abf6", "3a65beafd1115dd9343e3204fe9b53dde7e76d269804ddfcc95d6b379c9a081b", "3fd4e4bc06b0c735ecb690e317fd0954b0b9011e6e32980e04af7611b938ec2c", "4038edea39f0d2c4155b1917759beca2f9fc8150a48d7e06a1b3e7b9b72652ae", "41892f3328b48749726630a3e75ee0addd7e41060beefcfc9d81d3bfc3ab55fd", "529883d5b3a9935f3863fcf277ed10086645b2c94e0363276358cd2af9dc5dc1", "5685ddcb62cd05ed44dd16b1e9004f1c63a5cd8965ccd19089a4fda044a48e81", "5945310e811930231bf36f6d6d34af46bef97aa4d23e6adc1911772f7b0f8299", "63ca73da5b67e40b82967d71e3b07aed7a17de020d0a009ff5838cdef5955c0d", "6f48cb7449083ebf82b8507d3d32f30fe8d76f329babe728d8bc94628a878981", "6f5394ad933af9c28c7eefc6c62eead20d8e3ecf5ebe40b10d81f74d96d1dfe1", "87ff71bee735095c209afefc60cda504cc77acc50fc4ba31d756c9ea4c853a89", "a3c04866cc1b9024efa30842042f2e50337a6cdb7a77776784ad25e322cf93d7", "a55543ec1b6966095c16d18874123733518b24859d943412b346bb1c1bc2aa45", "aceca08c357c2da59b3a311c8b3199ac1d7d903c03c14b6f35f84d77b76c4764", "b29afa8695161d81edf54df2f6c36c02bb81fdd109f0000b106cbafe4bcd27a5"], "name": "MSCTF.Shared.MUTEX.eb8bba89"}, {"hashes": ["0b6a83489612fbac0c8031c717c2ef806d1ab504ee882a4e83700bd277684eca", "2ea0fc4ce00afe714122a10fb44e4f8115724e56c88654b2c0bd0dd952db6b1a", "380b798da49861cb0cb551a7b945f8db7e3893402c2423b6f9ebac784c79abf6", "3a65beafd1115dd9343e3204fe9b53dde7e76d269804ddfcc95d6b379c9a081b", "4038edea39f0d2c4155b1917759beca2f9fc8150a48d7e06a1b3e7b9b72652ae", "529883d5b3a9935f3863fcf277ed10086645b2c94e0363276358cd2af9dc5dc1", "87ff71bee735095c209afefc60cda504cc77acc50fc4ba31d756c9ea4c853a89", "a55543ec1b6966095c16d18874123733518b24859d943412b346bb1c1bc2aa45"], "name": "MSCTF.Shared.MUTEX.2032bb4a"}, {"hashes": ["06dd24c4205cce7274c8b332e34abdc1cf6064d21bca8fc4407cd6cf075cfd09", "2ea0fc4ce00afe714122a10fb44e4f8115724e56c88654b2c0bd0dd952db6b1a", "3fd4e4bc06b0c735ecb690e317fd0954b0b9011e6e32980e04af7611b938ec2c", "41892f3328b48749726630a3e75ee0addd7e41060beefcfc9d81d3bfc3ab55fd", "5685ddcb62cd05ed44dd16b1e9004f1c63a5cd8965ccd19089a4fda044a48e81", "6f5394ad933af9c28c7eefc6c62eead20d8e3ecf5ebe40b10d81f74d96d1dfe1", "a3c04866cc1b9024efa30842042f2e50337a6cdb7a77776784ad25e322cf93d7"], "name": "MSCTF.Shared.MUTEX.ac60f612"}, {"hashes": ["2ea0fc4ce00afe714122a10fb44e4f8115724e56c88654b2c0bd0dd952db6b1a", "3a65beafd1115dd9343e3204fe9b53dde7e76d269804ddfcc95d6b379c9a081b", "4038edea39f0d2c4155b1917759beca2f9fc8150a48d7e06a1b3e7b9b72652ae", "6f48cb7449083ebf82b8507d3d32f30fe8d76f329babe728d8bc94628a878981", "87ff71bee735095c209afefc60cda504cc77acc50fc4ba31d756c9ea4c853a89", "a55543ec1b6966095c16d18874123733518b24859d943412b346bb1c1bc2aa45"], "name": "MSCTF.Shared.MUTEX.1b144c49"}, {"hashes": ["06dd24c4205cce7274c8b332e34abdc1cf6064d21bca8fc4407cd6cf075cfd09", "25473161969a5ce442ced0c778e677792b07fa68fe500734f7fccab735dfc6ac", "41892f3328b48749726630a3e75ee0addd7e41060beefcfc9d81d3bfc3ab55fd", "723bc475c228b18acec71d248f9b79b189fa8a84d6685ea5b4b42cba55a7c9ab", "b29afa8695161d81edf54df2f6c36c02bb81fdd109f0000b106cbafe4bcd27a5"], "name": "MSCTF.Shared.MUTEX.6e697840"}, {"hashes": ["3fd4e4bc06b0c735ecb690e317fd0954b0b9011e6e32980e04af7611b938ec2c", "5945310e811930231bf36f6d6d34af46bef97aa4d23e6adc1911772f7b0f8299", "63ca73da5b67e40b82967d71e3b07aed7a17de020d0a009ff5838cdef5955c0d", "6f5394ad933af9c28c7eefc6c62eead20d8e3ecf5ebe40b10d81f74d96d1dfe1", "a3c04866cc1b9024efa30842042f2e50337a6cdb7a77776784ad25e322cf93d7"], "name": "MSCTF.Shared.MUTEX.73af38bb"}, {"hashes": ["0b6a83489612fbac0c8031c717c2ef806d1ab504ee882a4e83700bd277684eca", "2ea0fc4ce00afe714122a10fb44e4f8115724e56c88654b2c0bd0dd952db6b1a", "3a65beafd1115dd9343e3204fe9b53dde7e76d269804ddfcc95d6b379c9a081b", "4038edea39f0d2c4155b1917759beca2f9fc8150a48d7e06a1b3e7b9b72652ae", "a55543ec1b6966095c16d18874123733518b24859d943412b346bb1c1bc2aa45"], "name": "MSCTF.Shared.MUTEX.df620e91"}, {"hashes": ["25473161969a5ce442ced0c778e677792b07fa68fe500734f7fccab735dfc6ac", "41892f3328b48749726630a3e75ee0addd7e41060beefcfc9d81d3bfc3ab55fd", "5945310e811930231bf36f6d6d34af46bef97aa4d23e6adc1911772f7b0f8299", "a3c04866cc1b9024efa30842042f2e50337a6cdb7a77776784ad25e322cf93d7"], "name": "MSCTF.Shared.MUTEX.7564fa50"}, {"hashes": ["25e7e21526add1508c644c31cbbffd221068779ed6fb1bae751a9a70c6133fd3", "2ea0fc4ce00afe714122a10fb44e4f8115724e56c88654b2c0bd0dd952db6b1a", "6f48cb7449083ebf82b8507d3d32f30fe8d76f329babe728d8bc94628a878981", "aceca08c357c2da59b3a311c8b3199ac1d7d903c03c14b6f35f84d77b76c4764"], "name": "MSCTF.Shared.MUTEX.ae92462a"}, {"hashes": ["2d3ae3b2189a6ad6436f046c4dc4e30509132e0a0ae08175a2299105f26277ca", "3a65beafd1115dd9343e3204fe9b53dde7e76d269804ddfcc95d6b379c9a081b", "529883d5b3a9935f3863fcf277ed10086645b2c94e0363276358cd2af9dc5dc1", "a55543ec1b6966095c16d18874123733518b24859d943412b346bb1c1bc2aa45"], "name": "MSCTF.Shared.MUTEX.61a63b5b"}, {"hashes": ["41892f3328b48749726630a3e75ee0addd7e41060beefcfc9d81d3bfc3ab55fd", "5945310e811930231bf36f6d6d34af46bef97aa4d23e6adc1911772f7b0f8299", "63ca73da5b67e40b82967d71e3b07aed7a17de020d0a009ff5838cdef5955c0d", "aceca08c357c2da59b3a311c8b3199ac1d7d903c03c14b6f35f84d77b76c4764"], "name": "MSCTF.Shared.MUTEX.dce6daff"}, {"hashes": ["0b6a83489612fbac0c8031c717c2ef806d1ab504ee882a4e83700bd277684eca", "380b798da49861cb0cb551a7b945f8db7e3893402c2423b6f9ebac784c79abf6", "63ca73da5b67e40b82967d71e3b07aed7a17de020d0a009ff5838cdef5955c0d", "aceca08c357c2da59b3a311c8b3199ac1d7d903c03c14b6f35f84d77b76c4764"], "name": "MSCTF.Shared.MUTEX.6c9bc878"}, {"hashes": ["25e7e21526add1508c644c31cbbffd221068779ed6fb1bae751a9a70c6133fd3", "380b798da49861cb0cb551a7b945f8db7e3893402c2423b6f9ebac784c79abf6", "4038edea39f0d2c4155b1917759beca2f9fc8150a48d7e06a1b3e7b9b72652ae", "aceca08c357c2da59b3a311c8b3199ac1d7d903c03c14b6f35f84d77b76c4764"], "name": "MSCTF.Shared.MUTEX.112017b6"}, {"hashes": ["2ea0fc4ce00afe714122a10fb44e4f8115724e56c88654b2c0bd0dd952db6b1a", "3a65beafd1115dd9343e3204fe9b53dde7e76d269804ddfcc95d6b379c9a081b", "6f48cb7449083ebf82b8507d3d32f30fe8d76f329babe728d8bc94628a878981", "a55543ec1b6966095c16d18874123733518b24859d943412b346bb1c1bc2aa45"], "name": "MSCTF.Shared.MUTEX.ab695ece"}, {"hashes": ["25f2be22535798e48ea2b92c08da3e62f15569f1f67bc45889d7dc403a2c5bf8", "6f5394ad933af9c28c7eefc6c62eead20d8e3ecf5ebe40b10d81f74d96d1dfe1", "723bc475c228b18acec71d248f9b79b189fa8a84d6685ea5b4b42cba55a7c9ab"], "name": "MSCTF.Shared.MUTEX.c9527fa2"}, {"hashes": ["010f84deb5e78bad41895e882203db172819778c5dfd28c26eb079e8be50d77f", "0b6a83489612fbac0c8031c717c2ef806d1ab504ee882a4e83700bd277684eca", "5945310e811930231bf36f6d6d34af46bef97aa4d23e6adc1911772f7b0f8299"], "name": "MSCTF.Shared.MUTEX.994b283d"}, {"hashes": ["25e7e21526add1508c644c31cbbffd221068779ed6fb1bae751a9a70c6133fd3", "529883d5b3a9935f3863fcf277ed10086645b2c94e0363276358cd2af9dc5dc1", "aceca08c357c2da59b3a311c8b3199ac1d7d903c03c14b6f35f84d77b76c4764"], "name": "MSCTF.Shared.MUTEX.ceefd91f"}], "registry": [{"hashes": ["010f84deb5e78bad41895e882203db172819778c5dfd28c26eb079e8be50d77f", "06dd24c4205cce7274c8b332e34abdc1cf6064d21bca8fc4407cd6cf075cfd09", "0b6a83489612fbac0c8031c717c2ef806d1ab504ee882a4e83700bd277684eca", "25473161969a5ce442ced0c778e677792b07fa68fe500734f7fccab735dfc6ac", "25e7e21526add1508c644c31cbbffd221068779ed6fb1bae751a9a70c6133fd3", "25f2be22535798e48ea2b92c08da3e62f15569f1f67bc45889d7dc403a2c5bf8", "2d3ae3b2189a6ad6436f046c4dc4e30509132e0a0ae08175a2299105f26277ca", "2ea0fc4ce00afe714122a10fb44e4f8115724e56c88654b2c0bd0dd952db6b1a", "380b798da49861cb0cb551a7b945f8db7e3893402c2423b6f9ebac784c79abf6", "3a65beafd1115dd9343e3204fe9b53dde7e76d269804ddfcc95d6b379c9a081b", "3fd4e4bc06b0c735ecb690e317fd0954b0b9011e6e32980e04af7611b938ec2c", "4038edea39f0d2c4155b1917759beca2f9fc8150a48d7e06a1b3e7b9b72652ae", "41892f3328b48749726630a3e75ee0addd7e41060beefcfc9d81d3bfc3ab55fd", "529883d5b3a9935f3863fcf277ed10086645b2c94e0363276358cd2af9dc5dc1", "5685ddcb62cd05ed44dd16b1e9004f1c63a5cd8965ccd19089a4fda044a48e81", "5945310e811930231bf36f6d6d34af46bef97aa4d23e6adc1911772f7b0f8299", "63ca73da5b67e40b82967d71e3b07aed7a17de020d0a009ff5838cdef5955c0d", "6f48cb7449083ebf82b8507d3d32f30fe8d76f329babe728d8bc94628a878981", "6f5394ad933af9c28c7eefc6c62eead20d8e3ecf5ebe40b10d81f74d96d1dfe1", "723bc475c228b18acec71d248f9b79b189fa8a84d6685ea5b4b42cba55a7c9ab", "87ff71bee735095c209afefc60cda504cc77acc50fc4ba31d756c9ea4c853a89", "a3c04866cc1b9024efa30842042f2e50337a6cdb7a77776784ad25e322cf93d7", "a55543ec1b6966095c16d18874123733518b24859d943412b346bb1c1bc2aa45", "aceca08c357c2da59b3a311c8b3199ac1d7d903c03c14b6f35f84d77b76c4764", "b29afa8695161d81edf54df2f6c36c02bb81fdd109f0000b106cbafe4bcd27a5"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\EFS", "value_name": "Start"}, {"hashes": ["010f84deb5e78bad41895e882203db172819778c5dfd28c26eb079e8be50d77f", "06dd24c4205cce7274c8b332e34abdc1cf6064d21bca8fc4407cd6cf075cfd09", "0b6a83489612fbac0c8031c717c2ef806d1ab504ee882a4e83700bd277684eca", "25473161969a5ce442ced0c778e677792b07fa68fe500734f7fccab735dfc6ac", "25e7e21526add1508c644c31cbbffd221068779ed6fb1bae751a9a70c6133fd3", "25f2be22535798e48ea2b92c08da3e62f15569f1f67bc45889d7dc403a2c5bf8", "2d3ae3b2189a6ad6436f046c4dc4e30509132e0a0ae08175a2299105f26277ca", "2ea0fc4ce00afe714122a10fb44e4f8115724e56c88654b2c0bd0dd952db6b1a", "380b798da49861cb0cb551a7b945f8db7e3893402c2423b6f9ebac784c79abf6", "3a65beafd1115dd9343e3204fe9b53dde7e76d269804ddfcc95d6b379c9a081b", "3fd4e4bc06b0c735ecb690e317fd0954b0b9011e6e32980e04af7611b938ec2c", "4038edea39f0d2c4155b1917759beca2f9fc8150a48d7e06a1b3e7b9b72652ae", "41892f3328b48749726630a3e75ee0addd7e41060beefcfc9d81d3bfc3ab55fd", "529883d5b3a9935f3863fcf277ed10086645b2c94e0363276358cd2af9dc5dc1", "5685ddcb62cd05ed44dd16b1e9004f1c63a5cd8965ccd19089a4fda044a48e81", "5945310e811930231bf36f6d6d34af46bef97aa4d23e6adc1911772f7b0f8299", "63ca73da5b67e40b82967d71e3b07aed7a17de020d0a009ff5838cdef5955c0d", "6f48cb7449083ebf82b8507d3d32f30fe8d76f329babe728d8bc94628a878981", "6f5394ad933af9c28c7eefc6c62eead20d8e3ecf5ebe40b10d81f74d96d1dfe1", "723bc475c228b18acec71d248f9b79b189fa8a84d6685ea5b4b42cba55a7c9ab", "87ff71bee735095c209afefc60cda504cc77acc50fc4ba31d756c9ea4c853a89", "a3c04866cc1b9024efa30842042f2e50337a6cdb7a77776784ad25e322cf93d7", "a55543ec1b6966095c16d18874123733518b24859d943412b346bb1c1bc2aa45", "aceca08c357c2da59b3a311c8b3199ac1d7d903c03c14b6f35f84d77b76c4764", "b29afa8695161d81edf54df2f6c36c02bb81fdd109f0000b106cbafe4bcd27a5"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\EXPLORER\\ADVANCED", "value_name": "ShowCompColor"}, {"hashes": ["010f84deb5e78bad41895e882203db172819778c5dfd28c26eb079e8be50d77f", "06dd24c4205cce7274c8b332e34abdc1cf6064d21bca8fc4407cd6cf075cfd09", "0b6a83489612fbac0c8031c717c2ef806d1ab504ee882a4e83700bd277684eca", "25473161969a5ce442ced0c778e677792b07fa68fe500734f7fccab735dfc6ac", "25e7e21526add1508c644c31cbbffd221068779ed6fb1bae751a9a70c6133fd3", "25f2be22535798e48ea2b92c08da3e62f15569f1f67bc45889d7dc403a2c5bf8", "2d3ae3b2189a6ad6436f046c4dc4e30509132e0a0ae08175a2299105f26277ca", "2ea0fc4ce00afe714122a10fb44e4f8115724e56c88654b2c0bd0dd952db6b1a", "380b798da49861cb0cb551a7b945f8db7e3893402c2423b6f9ebac784c79abf6", "3a65beafd1115dd9343e3204fe9b53dde7e76d269804ddfcc95d6b379c9a081b", "3fd4e4bc06b0c735ecb690e317fd0954b0b9011e6e32980e04af7611b938ec2c", "4038edea39f0d2c4155b1917759beca2f9fc8150a48d7e06a1b3e7b9b72652ae", "41892f3328b48749726630a3e75ee0addd7e41060beefcfc9d81d3bfc3ab55fd", "529883d5b3a9935f3863fcf277ed10086645b2c94e0363276358cd2af9dc5dc1", "5685ddcb62cd05ed44dd16b1e9004f1c63a5cd8965ccd19089a4fda044a48e81", "5945310e811930231bf36f6d6d34af46bef97aa4d23e6adc1911772f7b0f8299", "63ca73da5b67e40b82967d71e3b07aed7a17de020d0a009ff5838cdef5955c0d", "6f48cb7449083ebf82b8507d3d32f30fe8d76f329babe728d8bc94628a878981", "6f5394ad933af9c28c7eefc6c62eead20d8e3ecf5ebe40b10d81f74d96d1dfe1", "723bc475c228b18acec71d248f9b79b189fa8a84d6685ea5b4b42cba55a7c9ab", "87ff71bee735095c209afefc60cda504cc77acc50fc4ba31d756c9ea4c853a89", "a3c04866cc1b9024efa30842042f2e50337a6cdb7a77776784ad25e322cf93d7", "a55543ec1b6966095c16d18874123733518b24859d943412b346bb1c1bc2aa45", "aceca08c357c2da59b3a311c8b3199ac1d7d903c03c14b6f35f84d77b76c4764", "b29afa8695161d81edf54df2f6c36c02bb81fdd109f0000b106cbafe4bcd27a5"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\EFS\\CURRENTKEYS", "value_name": "Capabilities"}, {"hashes": ["010f84deb5e78bad41895e882203db172819778c5dfd28c26eb079e8be50d77f", "06dd24c4205cce7274c8b332e34abdc1cf6064d21bca8fc4407cd6cf075cfd09", "0b6a83489612fbac0c8031c717c2ef806d1ab504ee882a4e83700bd277684eca", "25473161969a5ce442ced0c778e677792b07fa68fe500734f7fccab735dfc6ac", "25e7e21526add1508c644c31cbbffd221068779ed6fb1bae751a9a70c6133fd3", "25f2be22535798e48ea2b92c08da3e62f15569f1f67bc45889d7dc403a2c5bf8", "2d3ae3b2189a6ad6436f046c4dc4e30509132e0a0ae08175a2299105f26277ca", "2ea0fc4ce00afe714122a10fb44e4f8115724e56c88654b2c0bd0dd952db6b1a", "380b798da49861cb0cb551a7b945f8db7e3893402c2423b6f9ebac784c79abf6", "3a65beafd1115dd9343e3204fe9b53dde7e76d269804ddfcc95d6b379c9a081b", "3fd4e4bc06b0c735ecb690e317fd0954b0b9011e6e32980e04af7611b938ec2c", "4038edea39f0d2c4155b1917759beca2f9fc8150a48d7e06a1b3e7b9b72652ae", "41892f3328b48749726630a3e75ee0addd7e41060beefcfc9d81d3bfc3ab55fd", "529883d5b3a9935f3863fcf277ed10086645b2c94e0363276358cd2af9dc5dc1", "5685ddcb62cd05ed44dd16b1e9004f1c63a5cd8965ccd19089a4fda044a48e81", "5945310e811930231bf36f6d6d34af46bef97aa4d23e6adc1911772f7b0f8299", "63ca73da5b67e40b82967d71e3b07aed7a17de020d0a009ff5838cdef5955c0d", "6f48cb7449083ebf82b8507d3d32f30fe8d76f329babe728d8bc94628a878981", "6f5394ad933af9c28c7eefc6c62eead20d8e3ecf5ebe40b10d81f74d96d1dfe1", "723bc475c228b18acec71d248f9b79b189fa8a84d6685ea5b4b42cba55a7c9ab", "87ff71bee735095c209afefc60cda504cc77acc50fc4ba31d756c9ea4c853a89", "a3c04866cc1b9024efa30842042f2e50337a6cdb7a77776784ad25e322cf93d7", "a55543ec1b6966095c16d18874123733518b24859d943412b346bb1c1bc2aa45", "aceca08c357c2da59b3a311c8b3199ac1d7d903c03c14b6f35f84d77b76c4764", "b29afa8695161d81edf54df2f6c36c02bb81fdd109f0000b106cbafe4bcd27a5"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\EFS\\CURRENTKEYS", "value_name": "NumBackupAttempts"}, {"hashes": ["010f84deb5e78bad41895e882203db172819778c5dfd28c26eb079e8be50d77f", "06dd24c4205cce7274c8b332e34abdc1cf6064d21bca8fc4407cd6cf075cfd09", "0b6a83489612fbac0c8031c717c2ef806d1ab504ee882a4e83700bd277684eca", "25473161969a5ce442ced0c778e677792b07fa68fe500734f7fccab735dfc6ac", "25e7e21526add1508c644c31cbbffd221068779ed6fb1bae751a9a70c6133fd3", "25f2be22535798e48ea2b92c08da3e62f15569f1f67bc45889d7dc403a2c5bf8", "2d3ae3b2189a6ad6436f046c4dc4e30509132e0a0ae08175a2299105f26277ca", "2ea0fc4ce00afe714122a10fb44e4f8115724e56c88654b2c0bd0dd952db6b1a", "380b798da49861cb0cb551a7b945f8db7e3893402c2423b6f9ebac784c79abf6", "3a65beafd1115dd9343e3204fe9b53dde7e76d269804ddfcc95d6b379c9a081b", "3fd4e4bc06b0c735ecb690e317fd0954b0b9011e6e32980e04af7611b938ec2c", "4038edea39f0d2c4155b1917759beca2f9fc8150a48d7e06a1b3e7b9b72652ae", "41892f3328b48749726630a3e75ee0addd7e41060beefcfc9d81d3bfc3ab55fd", "529883d5b3a9935f3863fcf277ed10086645b2c94e0363276358cd2af9dc5dc1", "5685ddcb62cd05ed44dd16b1e9004f1c63a5cd8965ccd19089a4fda044a48e81", "5945310e811930231bf36f6d6d34af46bef97aa4d23e6adc1911772f7b0f8299", "63ca73da5b67e40b82967d71e3b07aed7a17de020d0a009ff5838cdef5955c0d", "6f48cb7449083ebf82b8507d3d32f30fe8d76f329babe728d8bc94628a878981", "6f5394ad933af9c28c7eefc6c62eead20d8e3ecf5ebe40b10d81f74d96d1dfe1", "723bc475c228b18acec71d248f9b79b189fa8a84d6685ea5b4b42cba55a7c9ab", "87ff71bee735095c209afefc60cda504cc77acc50fc4ba31d756c9ea4c853a89", "a3c04866cc1b9024efa30842042f2e50337a6cdb7a77776784ad25e322cf93d7", "a55543ec1b6966095c16d18874123733518b24859d943412b346bb1c1bc2aa45", "aceca08c357c2da59b3a311c8b3199ac1d7d903c03c14b6f35f84d77b76c4764", "b29afa8695161d81edf54df2f6c36c02bb81fdd109f0000b106cbafe4bcd27a5"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\EFS\\CURRENTKEYS", "value_name": null}, {"hashes": ["010f84deb5e78bad41895e882203db172819778c5dfd28c26eb079e8be50d77f", "06dd24c4205cce7274c8b332e34abdc1cf6064d21bca8fc4407cd6cf075cfd09", "0b6a83489612fbac0c8031c717c2ef806d1ab504ee882a4e83700bd277684eca", "25473161969a5ce442ced0c778e677792b07fa68fe500734f7fccab735dfc6ac", "25e7e21526add1508c644c31cbbffd221068779ed6fb1bae751a9a70c6133fd3", "25f2be22535798e48ea2b92c08da3e62f15569f1f67bc45889d7dc403a2c5bf8", "2d3ae3b2189a6ad6436f046c4dc4e30509132e0a0ae08175a2299105f26277ca", "2ea0fc4ce00afe714122a10fb44e4f8115724e56c88654b2c0bd0dd952db6b1a", "380b798da49861cb0cb551a7b945f8db7e3893402c2423b6f9ebac784c79abf6", "3a65beafd1115dd9343e3204fe9b53dde7e76d269804ddfcc95d6b379c9a081b", "3fd4e4bc06b0c735ecb690e317fd0954b0b9011e6e32980e04af7611b938ec2c", "4038edea39f0d2c4155b1917759beca2f9fc8150a48d7e06a1b3e7b9b72652ae", "41892f3328b48749726630a3e75ee0addd7e41060beefcfc9d81d3bfc3ab55fd", "529883d5b3a9935f3863fcf277ed10086645b2c94e0363276358cd2af9dc5dc1", "5685ddcb62cd05ed44dd16b1e9004f1c63a5cd8965ccd19089a4fda044a48e81", "5945310e811930231bf36f6d6d34af46bef97aa4d23e6adc1911772f7b0f8299", "63ca73da5b67e40b82967d71e3b07aed7a17de020d0a009ff5838cdef5955c0d", "6f48cb7449083ebf82b8507d3d32f30fe8d76f329babe728d8bc94628a878981", "6f5394ad933af9c28c7eefc6c62eead20d8e3ecf5ebe40b10d81f74d96d1dfe1", "723bc475c228b18acec71d248f9b79b189fa8a84d6685ea5b4b42cba55a7c9ab", "87ff71bee735095c209afefc60cda504cc77acc50fc4ba31d756c9ea4c853a89", "a3c04866cc1b9024efa30842042f2e50337a6cdb7a77776784ad25e322cf93d7", "a55543ec1b6966095c16d18874123733518b24859d943412b346bb1c1bc2aa45", "aceca08c357c2da59b3a311c8b3199ac1d7d903c03c14b6f35f84d77b76c4764", "b29afa8695161d81edf54df2f6c36c02bb81fdd109f0000b106cbafe4bcd27a5"], "key": "<HKU>\\.DEFAULT\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES", "value_name": null}, {"hashes": ["010f84deb5e78bad41895e882203db172819778c5dfd28c26eb079e8be50d77f", "06dd24c4205cce7274c8b332e34abdc1cf6064d21bca8fc4407cd6cf075cfd09", "0b6a83489612fbac0c8031c717c2ef806d1ab504ee882a4e83700bd277684eca", "25473161969a5ce442ced0c778e677792b07fa68fe500734f7fccab735dfc6ac", "25e7e21526add1508c644c31cbbffd221068779ed6fb1bae751a9a70c6133fd3", "25f2be22535798e48ea2b92c08da3e62f15569f1f67bc45889d7dc403a2c5bf8", "2d3ae3b2189a6ad6436f046c4dc4e30509132e0a0ae08175a2299105f26277ca", "2ea0fc4ce00afe714122a10fb44e4f8115724e56c88654b2c0bd0dd952db6b1a", "380b798da49861cb0cb551a7b945f8db7e3893402c2423b6f9ebac784c79abf6", "3a65beafd1115dd9343e3204fe9b53dde7e76d269804ddfcc95d6b379c9a081b", "3fd4e4bc06b0c735ecb690e317fd0954b0b9011e6e32980e04af7611b938ec2c", "4038edea39f0d2c4155b1917759beca2f9fc8150a48d7e06a1b3e7b9b72652ae", "41892f3328b48749726630a3e75ee0addd7e41060beefcfc9d81d3bfc3ab55fd", "529883d5b3a9935f3863fcf277ed10086645b2c94e0363276358cd2af9dc5dc1", "5685ddcb62cd05ed44dd16b1e9004f1c63a5cd8965ccd19089a4fda044a48e81", "5945310e811930231bf36f6d6d34af46bef97aa4d23e6adc1911772f7b0f8299", "63ca73da5b67e40b82967d71e3b07aed7a17de020d0a009ff5838cdef5955c0d", "6f48cb7449083ebf82b8507d3d32f30fe8d76f329babe728d8bc94628a878981", "6f5394ad933af9c28c7eefc6c62eead20d8e3ecf5ebe40b10d81f74d96d1dfe1", "723bc475c228b18acec71d248f9b79b189fa8a84d6685ea5b4b42cba55a7c9ab", "87ff71bee735095c209afefc60cda504cc77acc50fc4ba31d756c9ea4c853a89", "a3c04866cc1b9024efa30842042f2e50337a6cdb7a77776784ad25e322cf93d7", "a55543ec1b6966095c16d18874123733518b24859d943412b346bb1c1bc2aa45", "aceca08c357c2da59b3a311c8b3199ac1d7d903c03c14b6f35f84d77b76c4764", "b29afa8695161d81edf54df2f6c36c02bb81fdd109f0000b106cbafe4bcd27a5"], "key": "<HKU>\\.DEFAULT\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\EXPLORER", "value_name": null}, {"hashes": ["010f84deb5e78bad41895e882203db172819778c5dfd28c26eb079e8be50d77f", "06dd24c4205cce7274c8b332e34abdc1cf6064d21bca8fc4407cd6cf075cfd09", "0b6a83489612fbac0c8031c717c2ef806d1ab504ee882a4e83700bd277684eca", "25473161969a5ce442ced0c778e677792b07fa68fe500734f7fccab735dfc6ac", "25e7e21526add1508c644c31cbbffd221068779ed6fb1bae751a9a70c6133fd3", "25f2be22535798e48ea2b92c08da3e62f15569f1f67bc45889d7dc403a2c5bf8", "2d3ae3b2189a6ad6436f046c4dc4e30509132e0a0ae08175a2299105f26277ca", "2ea0fc4ce00afe714122a10fb44e4f8115724e56c88654b2c0bd0dd952db6b1a", "380b798da49861cb0cb551a7b945f8db7e3893402c2423b6f9ebac784c79abf6", "3a65beafd1115dd9343e3204fe9b53dde7e76d269804ddfcc95d6b379c9a081b", "3fd4e4bc06b0c735ecb690e317fd0954b0b9011e6e32980e04af7611b938ec2c", "4038edea39f0d2c4155b1917759beca2f9fc8150a48d7e06a1b3e7b9b72652ae", "41892f3328b48749726630a3e75ee0addd7e41060beefcfc9d81d3bfc3ab55fd", "529883d5b3a9935f3863fcf277ed10086645b2c94e0363276358cd2af9dc5dc1", "5685ddcb62cd05ed44dd16b1e9004f1c63a5cd8965ccd19089a4fda044a48e81", "5945310e811930231bf36f6d6d34af46bef97aa4d23e6adc1911772f7b0f8299", "63ca73da5b67e40b82967d71e3b07aed7a17de020d0a009ff5838cdef5955c0d", "6f48cb7449083ebf82b8507d3d32f30fe8d76f329babe728d8bc94628a878981", "6f5394ad933af9c28c7eefc6c62eead20d8e3ecf5ebe40b10d81f74d96d1dfe1", "723bc475c228b18acec71d248f9b79b189fa8a84d6685ea5b4b42cba55a7c9ab", "87ff71bee735095c209afefc60cda504cc77acc50fc4ba31d756c9ea4c853a89", "a3c04866cc1b9024efa30842042f2e50337a6cdb7a77776784ad25e322cf93d7", "a55543ec1b6966095c16d18874123733518b24859d943412b346bb1c1bc2aa45", "aceca08c357c2da59b3a311c8b3199ac1d7d903c03c14b6f35f84d77b76c4764", "b29afa8695161d81edf54df2f6c36c02bb81fdd109f0000b106cbafe4bcd27a5"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\WINDOWS", "value_name": null}, {"hashes": ["010f84deb5e78bad41895e882203db172819778c5dfd28c26eb079e8be50d77f", "06dd24c4205cce7274c8b332e34abdc1cf6064d21bca8fc4407cd6cf075cfd09", "0b6a83489612fbac0c8031c717c2ef806d1ab504ee882a4e83700bd277684eca", "25473161969a5ce442ced0c778e677792b07fa68fe500734f7fccab735dfc6ac", "25e7e21526add1508c644c31cbbffd221068779ed6fb1bae751a9a70c6133fd3", "25f2be22535798e48ea2b92c08da3e62f15569f1f67bc45889d7dc403a2c5bf8", "2d3ae3b2189a6ad6436f046c4dc4e30509132e0a0ae08175a2299105f26277ca", "2ea0fc4ce00afe714122a10fb44e4f8115724e56c88654b2c0bd0dd952db6b1a", "380b798da49861cb0cb551a7b945f8db7e3893402c2423b6f9ebac784c79abf6", "3a65beafd1115dd9343e3204fe9b53dde7e76d269804ddfcc95d6b379c9a081b", "3fd4e4bc06b0c735ecb690e317fd0954b0b9011e6e32980e04af7611b938ec2c", "4038edea39f0d2c4155b1917759beca2f9fc8150a48d7e06a1b3e7b9b72652ae", "41892f3328b48749726630a3e75ee0addd7e41060beefcfc9d81d3bfc3ab55fd", "529883d5b3a9935f3863fcf277ed10086645b2c94e0363276358cd2af9dc5dc1", "5685ddcb62cd05ed44dd16b1e9004f1c63a5cd8965ccd19089a4fda044a48e81", "5945310e811930231bf36f6d6d34af46bef97aa4d23e6adc1911772f7b0f8299", "63ca73da5b67e40b82967d71e3b07aed7a17de020d0a009ff5838cdef5955c0d", "6f48cb7449083ebf82b8507d3d32f30fe8d76f329babe728d8bc94628a878981", "6f5394ad933af9c28c7eefc6c62eead20d8e3ecf5ebe40b10d81f74d96d1dfe1", "723bc475c228b18acec71d248f9b79b189fa8a84d6685ea5b4b42cba55a7c9ab", "87ff71bee735095c209afefc60cda504cc77acc50fc4ba31d756c9ea4c853a89", "a3c04866cc1b9024efa30842042f2e50337a6cdb7a77776784ad25e322cf93d7", "a55543ec1b6966095c16d18874123733518b24859d943412b346bb1c1bc2aa45", "aceca08c357c2da59b3a311c8b3199ac1d7d903c03c14b6f35f84d77b76c4764", "b29afa8695161d81edf54df2f6c36c02bb81fdd109f0000b106cbafe4bcd27a5"], "key": "<HKU>\\.DEFAULT\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUNONCE", "value_name": null}, {"hashes": ["010f84deb5e78bad41895e882203db172819778c5dfd28c26eb079e8be50d77f", "06dd24c4205cce7274c8b332e34abdc1cf6064d21bca8fc4407cd6cf075cfd09", "0b6a83489612fbac0c8031c717c2ef806d1ab504ee882a4e83700bd277684eca", "25473161969a5ce442ced0c778e677792b07fa68fe500734f7fccab735dfc6ac", "25e7e21526add1508c644c31cbbffd221068779ed6fb1bae751a9a70c6133fd3", "25f2be22535798e48ea2b92c08da3e62f15569f1f67bc45889d7dc403a2c5bf8", "2d3ae3b2189a6ad6436f046c4dc4e30509132e0a0ae08175a2299105f26277ca", "2ea0fc4ce00afe714122a10fb44e4f8115724e56c88654b2c0bd0dd952db6b1a", "380b798da49861cb0cb551a7b945f8db7e3893402c2423b6f9ebac784c79abf6", "3a65beafd1115dd9343e3204fe9b53dde7e76d269804ddfcc95d6b379c9a081b", "3fd4e4bc06b0c735ecb690e317fd0954b0b9011e6e32980e04af7611b938ec2c", "4038edea39f0d2c4155b1917759beca2f9fc8150a48d7e06a1b3e7b9b72652ae", "41892f3328b48749726630a3e75ee0addd7e41060beefcfc9d81d3bfc3ab55fd", "529883d5b3a9935f3863fcf277ed10086645b2c94e0363276358cd2af9dc5dc1", "5685ddcb62cd05ed44dd16b1e9004f1c63a5cd8965ccd19089a4fda044a48e81", "5945310e811930231bf36f6d6d34af46bef97aa4d23e6adc1911772f7b0f8299", "63ca73da5b67e40b82967d71e3b07aed7a17de020d0a009ff5838cdef5955c0d", "6f48cb7449083ebf82b8507d3d32f30fe8d76f329babe728d8bc94628a878981", "6f5394ad933af9c28c7eefc6c62eead20d8e3ecf5ebe40b10d81f74d96d1dfe1", "723bc475c228b18acec71d248f9b79b189fa8a84d6685ea5b4b42cba55a7c9ab", "87ff71bee735095c209afefc60cda504cc77acc50fc4ba31d756c9ea4c853a89", "a3c04866cc1b9024efa30842042f2e50337a6cdb7a77776784ad25e322cf93d7", "a55543ec1b6966095c16d18874123733518b24859d943412b346bb1c1bc2aa45", "aceca08c357c2da59b3a311c8b3199ac1d7d903c03c14b6f35f84d77b76c4764", "b29afa8695161d81edf54df2f6c36c02bb81fdd109f0000b106cbafe4bcd27a5"], "key": "<HKCR>\\LOCAL SETTINGS\\MUICACHE\\82\\52C64B7E", "value_name": "LanguageList"}, {"hashes": ["010f84deb5e78bad41895e882203db172819778c5dfd28c26eb079e8be50d77f", "06dd24c4205cce7274c8b332e34abdc1cf6064d21bca8fc4407cd6cf075cfd09", "0b6a83489612fbac0c8031c717c2ef806d1ab504ee882a4e83700bd277684eca", "25473161969a5ce442ced0c778e677792b07fa68fe500734f7fccab735dfc6ac", "25e7e21526add1508c644c31cbbffd221068779ed6fb1bae751a9a70c6133fd3", "25f2be22535798e48ea2b92c08da3e62f15569f1f67bc45889d7dc403a2c5bf8", "2d3ae3b2189a6ad6436f046c4dc4e30509132e0a0ae08175a2299105f26277ca", "2ea0fc4ce00afe714122a10fb44e4f8115724e56c88654b2c0bd0dd952db6b1a", "380b798da49861cb0cb551a7b945f8db7e3893402c2423b6f9ebac784c79abf6", "3a65beafd1115dd9343e3204fe9b53dde7e76d269804ddfcc95d6b379c9a081b", "3fd4e4bc06b0c735ecb690e317fd0954b0b9011e6e32980e04af7611b938ec2c", "4038edea39f0d2c4155b1917759beca2f9fc8150a48d7e06a1b3e7b9b72652ae", "41892f3328b48749726630a3e75ee0addd7e41060beefcfc9d81d3bfc3ab55fd", "529883d5b3a9935f3863fcf277ed10086645b2c94e0363276358cd2af9dc5dc1", "5685ddcb62cd05ed44dd16b1e9004f1c63a5cd8965ccd19089a4fda044a48e81", "5945310e811930231bf36f6d6d34af46bef97aa4d23e6adc1911772f7b0f8299", "63ca73da5b67e40b82967d71e3b07aed7a17de020d0a009ff5838cdef5955c0d", "6f48cb7449083ebf82b8507d3d32f30fe8d76f329babe728d8bc94628a878981", "6f5394ad933af9c28c7eefc6c62eead20d8e3ecf5ebe40b10d81f74d96d1dfe1", "723bc475c228b18acec71d248f9b79b189fa8a84d6685ea5b4b42cba55a7c9ab", "87ff71bee735095c209afefc60cda504cc77acc50fc4ba31d756c9ea4c853a89", "a3c04866cc1b9024efa30842042f2e50337a6cdb7a77776784ad25e322cf93d7", "a55543ec1b6966095c16d18874123733518b24859d943412b346bb1c1bc2aa45", "aceca08c357c2da59b3a311c8b3199ac1d7d903c03c14b6f35f84d77b76c4764", "b29afa8695161d81edf54df2f6c36c02bb81fdd109f0000b106cbafe4bcd27a5"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\WINDOWS", "value_name": "UniqueUserHash"}, {"hashes": ["63ca73da5b67e40b82967d71e3b07aed7a17de020d0a009ff5838cdef5955c0d", "723bc475c228b18acec71d248f9b79b189fa8a84d6685ea5b4b42cba55a7c9ab"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\SYSTEMCERTIFICATES\\TRUSTEDPEOPLE\\CERTIFICATES\\36CA11DE9886E4D13A82049E967E9A354BA64866", "value_name": null}, {"hashes": ["63ca73da5b67e40b82967d71e3b07aed7a17de020d0a009ff5838cdef5955c0d", "723bc475c228b18acec71d248f9b79b189fa8a84d6685ea5b4b42cba55a7c9ab"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\SYSTEMCERTIFICATES\\TRUSTEDPEOPLE\\CERTIFICATES\\36CA11DE9886E4D13A82049E967E9A354BA64866", "value_name": null}, {"hashes": ["63ca73da5b67e40b82967d71e3b07aed7a17de020d0a009ff5838cdef5955c0d", "723bc475c228b18acec71d248f9b79b189fa8a84d6685ea5b4b42cba55a7c9ab"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\SYSTEMCERTIFICATES\\TRUSTEDPEOPLE\\CERTIFICATES\\36CA11DE9886E4D13A82049E967E9A354BA64866", "value_name": "Blob"}, {"hashes": ["63ca73da5b67e40b82967d71e3b07aed7a17de020d0a009ff5838cdef5955c0d", "723bc475c228b18acec71d248f9b79b189fa8a84d6685ea5b4b42cba55a7c9ab"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\SYSTEMCERTIFICATES\\TRUSTEDPEOPLE\\CERTIFICATES\\36CA11DE9886E4D13A82049E967E9A354BA64866", "value_name": "Blob"}, {"hashes": ["41892f3328b48749726630a3e75ee0addd7e41060beefcfc9d81d3bfc3ab55fd", "5685ddcb62cd05ed44dd16b1e9004f1c63a5cd8965ccd19089a4fda044a48e81"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "PATHPING"}, {"hashes": ["41892f3328b48749726630a3e75ee0addd7e41060beefcfc9d81d3bfc3ab55fd", "5685ddcb62cd05ed44dd16b1e9004f1c63a5cd8965ccd19089a4fda044a48e81"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUNONCE", "value_name": "PATHPING"}, {"hashes": ["41892f3328b48749726630a3e75ee0addd7e41060beefcfc9d81d3bfc3ab55fd", "5685ddcb62cd05ed44dd16b1e9004f1c63a5cd8965ccd19089a4fda044a48e81"], "key": "<HKU>\\.DEFAULT\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "PATHPING"}, {"hashes": ["41892f3328b48749726630a3e75ee0addd7e41060beefcfc9d81d3bfc3ab55fd", "5685ddcb62cd05ed44dd16b1e9004f1c63a5cd8965ccd19089a4fda044a48e81"], "key": "<HKU>\\.DEFAULT\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUNONCE", "value_name": "PATHPING"}, {"hashes": ["3fd4e4bc06b0c735ecb690e317fd0954b0b9011e6e32980e04af7611b938ec2c"], "key": "<HKU>\\.DEFAULT\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUNONCE", "value_name": "certreq"}, {"hashes": ["06dd24c4205cce7274c8b332e34abdc1cf6064d21bca8fc4407cd6cf075cfd09"], "key": "<HKU>\\.DEFAULT\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "ARP"}, {"hashes": ["06dd24c4205cce7274c8b332e34abdc1cf6064d21bca8fc4407cd6cf075cfd09"], "key": "<HKU>\\.DEFAULT\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUNONCE", "value_name": "ARP"}, {"hashes": ["a55543ec1b6966095c16d18874123733518b24859d943412b346bb1c1bc2aa45"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "cacls"}, {"hashes": ["a55543ec1b6966095c16d18874123733518b24859d943412b346bb1c1bc2aa45"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUNONCE", "value_name": "cacls"}, {"hashes": ["a55543ec1b6966095c16d18874123733518b24859d943412b346bb1c1bc2aa45"], "key": "<HKU>\\.DEFAULT\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "cacls"}, {"hashes": ["a55543ec1b6966095c16d18874123733518b24859d943412b346bb1c1bc2aa45"], "key": "<HKU>\\.DEFAULT\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUNONCE", "value_name": "cacls"}, {"hashes": ["5685ddcb62cd05ed44dd16b1e9004f1c63a5cd8965ccd19089a4fda044a48e81"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\SYSTEMCERTIFICATES\\TRUSTEDPEOPLE\\CERTIFICATES\\6A93C986617CA09ED174F4C429FD6A2D9612D502", "value_name": null}, {"hashes": ["5685ddcb62cd05ed44dd16b1e9004f1c63a5cd8965ccd19089a4fda044a48e81"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\SYSTEMCERTIFICATES\\TRUSTEDPEOPLE\\CERTIFICATES\\6A93C986617CA09ED174F4C429FD6A2D9612D502", "value_name": null}, {"hashes": ["5685ddcb62cd05ed44dd16b1e9004f1c63a5cd8965ccd19089a4fda044a48e81"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\SYSTEMCERTIFICATES\\TRUSTEDPEOPLE\\CERTIFICATES\\6A93C986617CA09ED174F4C429FD6A2D9612D502", "value_name": "Blob"}, {"hashes": ["5685ddcb62cd05ed44dd16b1e9004f1c63a5cd8965ccd19089a4fda044a48e81"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\SYSTEMCERTIFICATES\\TRUSTEDPEOPLE\\CERTIFICATES\\6A93C986617CA09ED174F4C429FD6A2D9612D502", "value_name": "Blob"}, {"hashes": ["6f5394ad933af9c28c7eefc6c62eead20d8e3ecf5ebe40b10d81f74d96d1dfe1"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\SYSTEMCERTIFICATES\\TRUSTEDPEOPLE\\CERTIFICATES\\B08C3D8030A1BB2CEDCCC5498F50CAE1AF16CBB0", "value_name": null}, {"hashes": ["6f5394ad933af9c28c7eefc6c62eead20d8e3ecf5ebe40b10d81f74d96d1dfe1"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\SYSTEMCERTIFICATES\\TRUSTEDPEOPLE\\CERTIFICATES\\B08C3D8030A1BB2CEDCCC5498F50CAE1AF16CBB0", "value_name": null}, {"hashes": ["41892f3328b48749726630a3e75ee0addd7e41060beefcfc9d81d3bfc3ab55fd"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\SYSTEMCERTIFICATES\\TRUSTEDPEOPLE\\CERTIFICATES\\2DC23DEC110BE2C4EA6EEBD958FEC8027E38EEB7", "value_name": null}, {"hashes": ["41892f3328b48749726630a3e75ee0addd7e41060beefcfc9d81d3bfc3ab55fd"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\SYSTEMCERTIFICATES\\TRUSTEDPEOPLE\\CERTIFICATES\\2DC23DEC110BE2C4EA6EEBD958FEC8027E38EEB7", "value_name": null}, {"hashes": ["6f5394ad933af9c28c7eefc6c62eead20d8e3ecf5ebe40b10d81f74d96d1dfe1"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\SYSTEMCERTIFICATES\\TRUSTEDPEOPLE\\CERTIFICATES\\B08C3D8030A1BB2CEDCCC5498F50CAE1AF16CBB0", "value_name": "Blob"}, {"hashes": ["41892f3328b48749726630a3e75ee0addd7e41060beefcfc9d81d3bfc3ab55fd"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\SYSTEMCERTIFICATES\\TRUSTEDPEOPLE\\CERTIFICATES\\2DC23DEC110BE2C4EA6EEBD958FEC8027E38EEB7", "value_name": "Blob"}, {"hashes": ["6f5394ad933af9c28c7eefc6c62eead20d8e3ecf5ebe40b10d81f74d96d1dfe1"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\SYSTEMCERTIFICATES\\TRUSTEDPEOPLE\\CERTIFICATES\\B08C3D8030A1BB2CEDCCC5498F50CAE1AF16CBB0", "value_name": "Blob"}, {"hashes": ["010f84deb5e78bad41895e882203db172819778c5dfd28c26eb079e8be50d77f"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\SYSTEMCERTIFICATES\\TRUSTEDPEOPLE\\CERTIFICATES\\E7E571152BF620FEAC7B01BF384F15347525B901", "value_name": null}, {"hashes": ["41892f3328b48749726630a3e75ee0addd7e41060beefcfc9d81d3bfc3ab55fd"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\SYSTEMCERTIFICATES\\TRUSTEDPEOPLE\\CERTIFICATES\\2DC23DEC110BE2C4EA6EEBD958FEC8027E38EEB7", "value_name": "Blob"}, {"hashes": ["010f84deb5e78bad41895e882203db172819778c5dfd28c26eb079e8be50d77f"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\SYSTEMCERTIFICATES\\TRUSTEDPEOPLE\\CERTIFICATES\\E7E571152BF620FEAC7B01BF384F15347525B901", "value_name": null}, {"hashes": ["010f84deb5e78bad41895e882203db172819778c5dfd28c26eb079e8be50d77f"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\SYSTEMCERTIFICATES\\TRUSTEDPEOPLE\\CERTIFICATES\\E7E571152BF620FEAC7B01BF384F15347525B901", "value_name": "Blob"}, {"hashes": ["010f84deb5e78bad41895e882203db172819778c5dfd28c26eb079e8be50d77f"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\SYSTEMCERTIFICATES\\TRUSTEDPEOPLE\\CERTIFICATES\\E7E571152BF620FEAC7B01BF384F15347525B901", "value_name": "Blob"}, {"hashes": ["010f84deb5e78bad41895e882203db172819778c5dfd28c26eb079e8be50d77f"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "WSManHTTPConfig"}, {"hashes": ["010f84deb5e78bad41895e882203db172819778c5dfd28c26eb079e8be50d77f"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUNONCE", "value_name": "WSManHTTPConfig"}, {"hashes": ["010f84deb5e78bad41895e882203db172819778c5dfd28c26eb079e8be50d77f"], "key": "<HKU>\\.DEFAULT\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "WSManHTTPConfig"}, {"hashes": ["010f84deb5e78bad41895e882203db172819778c5dfd28c26eb079e8be50d77f"], "key": "<HKU>\\.DEFAULT\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUNONCE", "value_name": "WSManHTTPConfig"}, {"hashes": ["aceca08c357c2da59b3a311c8b3199ac1d7d903c03c14b6f35f84d77b76c4764"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\SYSTEMCERTIFICATES\\TRUSTEDPEOPLE\\CERTIFICATES\\08B9E319F6E5B6C2F61748169F116B6D7E98C0CF", "value_name": null}, {"hashes": ["aceca08c357c2da59b3a311c8b3199ac1d7d903c03c14b6f35f84d77b76c4764"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\SYSTEMCERTIFICATES\\TRUSTEDPEOPLE\\CERTIFICATES\\08B9E319F6E5B6C2F61748169F116B6D7E98C0CF", "value_name": null}, {"hashes": ["aceca08c357c2da59b3a311c8b3199ac1d7d903c03c14b6f35f84d77b76c4764"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\SYSTEMCERTIFICATES\\TRUSTEDPEOPLE\\CERTIFICATES\\08B9E319F6E5B6C2F61748169F116B6D7E98C0CF", "value_name": "Blob"}, {"hashes": ["aceca08c357c2da59b3a311c8b3199ac1d7d903c03c14b6f35f84d77b76c4764"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\SYSTEMCERTIFICATES\\TRUSTEDPEOPLE\\CERTIFICATES\\08B9E319F6E5B6C2F61748169F116B6D7E98C0CF", "value_name": "Blob"}]}, "reports_count": 25}, "Win.Packed.DarkComet-9982401-1": {"bis": [{"bi": "memory-execute-readwrite", "hashes": ["3ade4b5dacf560174f328d37199a1587b815648c677ff60905a1749ae2709bdf", "3c69bc8c19135271b0a5351654fa3905409f966a3190c660944a3071b73d6f67", "5d3a530dc4e2239faff995c18198c52c43c5611e97c85d9f6d8153ad17c95ac8", "cae04ea9a81ce99fe9852967df998f3fda7c9f6df4fb028fc5a56827966e4a12", "764a0fbece5bfbd92ad83afcdb96beeeacd9175fedfdd5bb2a177bf0ec1ab2ba", "f76a9981c1aaf80aa7697887a25b0af110080b1871eba5a4123ed98c4636c183", "1ee3ae7119ccc045cefe6de4f99f2da69f05d244bfef964795a9e9b08163ad97", "769bfa392f99e29441cdbfb9a47024806f2574afde5822bddb8e25b712293500", "49b6c061933b71658c922c59a0875de71f39658f8eb6fee4493edc7ee16025a8", "e03cd6c401eaea3f3979c3a968c8d86f95971102280c3c9c07555f183983368b", "f02897fc5ec543ee341e92ef6e33466e6903204695d5422edf762df3f8c863eb", "ff3f26a70e9dd751e0916718d8fa35d37011829501eeedbff292f779fc5093f5", "2d197747e2c5dc2d172bc08b1e7f3c1adf070c342acf4d524bfdbd8b1b5597fc", "b2eb151175905dbe1798d4052078de1ae3685e874b790175faf427c8e7981b11", "ddb3d1524e2951e0c194dade6c8aaf4af115e049454011951e754c6bfeffa7e7", "8deac01f364bdd60a29d2385f3553ae181a2b37f9f8793ca163de7e50a5d0603", "ce191b65e2561192f86e3cc1203eac5905716ea931d9643207bece43d7bb927c", "3ddf068df01a2a27689c0386d1628dd73e78e662da9c578c2e0de46e3384c7d7", "52f80fa0b078474e2c96e6127c4d14ea37c6045fbba9c26b36d2f4176408f020", "8a59869489013c041b79d313315d2030adb6cfcbb78ddf78c731bb29c9b7e74f", "69fb8a4b0dcf843b488925a12a664f506866b4def4306a5b95d02f0ac57c5bb0", "565c7f5cbaa6186e1f354dccf3b282876e5b0d3e4a16c47775928eec17bd031b", "39394d1402d67eeaa0e5dbe61c39ddb887d967580ce519f0d894e6925dd15da2"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["3ade4b5dacf560174f328d37199a1587b815648c677ff60905a1749ae2709bdf", "3c69bc8c19135271b0a5351654fa3905409f966a3190c660944a3071b73d6f67", "5d3a530dc4e2239faff995c18198c52c43c5611e97c85d9f6d8153ad17c95ac8", "cae04ea9a81ce99fe9852967df998f3fda7c9f6df4fb028fc5a56827966e4a12", "764a0fbece5bfbd92ad83afcdb96beeeacd9175fedfdd5bb2a177bf0ec1ab2ba", "f76a9981c1aaf80aa7697887a25b0af110080b1871eba5a4123ed98c4636c183", "1ee3ae7119ccc045cefe6de4f99f2da69f05d244bfef964795a9e9b08163ad97", "769bfa392f99e29441cdbfb9a47024806f2574afde5822bddb8e25b712293500", "49b6c061933b71658c922c59a0875de71f39658f8eb6fee4493edc7ee16025a8", "e03cd6c401eaea3f3979c3a968c8d86f95971102280c3c9c07555f183983368b", "f02897fc5ec543ee341e92ef6e33466e6903204695d5422edf762df3f8c863eb", "ff3f26a70e9dd751e0916718d8fa35d37011829501eeedbff292f779fc5093f5", "2d197747e2c5dc2d172bc08b1e7f3c1adf070c342acf4d524bfdbd8b1b5597fc", "b2eb151175905dbe1798d4052078de1ae3685e874b790175faf427c8e7981b11", "ddb3d1524e2951e0c194dade6c8aaf4af115e049454011951e754c6bfeffa7e7", "8deac01f364bdd60a29d2385f3553ae181a2b37f9f8793ca163de7e50a5d0603", "ce191b65e2561192f86e3cc1203eac5905716ea931d9643207bece43d7bb927c", "3ddf068df01a2a27689c0386d1628dd73e78e662da9c578c2e0de46e3384c7d7", "52f80fa0b078474e2c96e6127c4d14ea37c6045fbba9c26b36d2f4176408f020", "8a59869489013c041b79d313315d2030adb6cfcbb78ddf78c731bb29c9b7e74f", "69fb8a4b0dcf843b488925a12a664f506866b4def4306a5b95d02f0ac57c5bb0", "565c7f5cbaa6186e1f354dccf3b282876e5b0d3e4a16c47775928eec17bd031b", "39394d1402d67eeaa0e5dbe61c39ddb887d967580ce519f0d894e6925dd15da2"], "mitre_attack_tags": []}, {"bi": "pe-uses-dot-net", "hashes": ["3ade4b5dacf560174f328d37199a1587b815648c677ff60905a1749ae2709bdf", "3c69bc8c19135271b0a5351654fa3905409f966a3190c660944a3071b73d6f67", "5d3a530dc4e2239faff995c18198c52c43c5611e97c85d9f6d8153ad17c95ac8", "cae04ea9a81ce99fe9852967df998f3fda7c9f6df4fb028fc5a56827966e4a12", "764a0fbece5bfbd92ad83afcdb96beeeacd9175fedfdd5bb2a177bf0ec1ab2ba", "f76a9981c1aaf80aa7697887a25b0af110080b1871eba5a4123ed98c4636c183", "1ee3ae7119ccc045cefe6de4f99f2da69f05d244bfef964795a9e9b08163ad97", "769bfa392f99e29441cdbfb9a47024806f2574afde5822bddb8e25b712293500", "49b6c061933b71658c922c59a0875de71f39658f8eb6fee4493edc7ee16025a8", "e03cd6c401eaea3f3979c3a968c8d86f95971102280c3c9c07555f183983368b", "f02897fc5ec543ee341e92ef6e33466e6903204695d5422edf762df3f8c863eb", "ff3f26a70e9dd751e0916718d8fa35d37011829501eeedbff292f779fc5093f5", "2d197747e2c5dc2d172bc08b1e7f3c1adf070c342acf4d524bfdbd8b1b5597fc", "b2eb151175905dbe1798d4052078de1ae3685e874b790175faf427c8e7981b11", "ddb3d1524e2951e0c194dade6c8aaf4af115e049454011951e754c6bfeffa7e7", "8deac01f364bdd60a29d2385f3553ae181a2b37f9f8793ca163de7e50a5d0603", "ce191b65e2561192f86e3cc1203eac5905716ea931d9643207bece43d7bb927c", "3ddf068df01a2a27689c0386d1628dd73e78e662da9c578c2e0de46e3384c7d7", "52f80fa0b078474e2c96e6127c4d14ea37c6045fbba9c26b36d2f4176408f020", "8a59869489013c041b79d313315d2030adb6cfcbb78ddf78c731bb29c9b7e74f", "69fb8a4b0dcf843b488925a12a664f506866b4def4306a5b95d02f0ac57c5bb0", "565c7f5cbaa6186e1f354dccf3b282876e5b0d3e4a16c47775928eec17bd031b", "39394d1402d67eeaa0e5dbe61c39ddb887d967580ce519f0d894e6925dd15da2"], "mitre_attack_tags": []}, {"bi": "excessive-foreign-memory-modification", "hashes": ["3ade4b5dacf560174f328d37199a1587b815648c677ff60905a1749ae2709bdf", "5d3a530dc4e2239faff995c18198c52c43c5611e97c85d9f6d8153ad17c95ac8", "cae04ea9a81ce99fe9852967df998f3fda7c9f6df4fb028fc5a56827966e4a12", "764a0fbece5bfbd92ad83afcdb96beeeacd9175fedfdd5bb2a177bf0ec1ab2ba", "f76a9981c1aaf80aa7697887a25b0af110080b1871eba5a4123ed98c4636c183", "1ee3ae7119ccc045cefe6de4f99f2da69f05d244bfef964795a9e9b08163ad97", "769bfa392f99e29441cdbfb9a47024806f2574afde5822bddb8e25b712293500", "49b6c061933b71658c922c59a0875de71f39658f8eb6fee4493edc7ee16025a8", "e03cd6c401eaea3f3979c3a968c8d86f95971102280c3c9c07555f183983368b", "f02897fc5ec543ee341e92ef6e33466e6903204695d5422edf762df3f8c863eb", "ff3f26a70e9dd751e0916718d8fa35d37011829501eeedbff292f779fc5093f5", "2d197747e2c5dc2d172bc08b1e7f3c1adf070c342acf4d524bfdbd8b1b5597fc", "b2eb151175905dbe1798d4052078de1ae3685e874b790175faf427c8e7981b11", "ddb3d1524e2951e0c194dade6c8aaf4af115e049454011951e754c6bfeffa7e7", "8deac01f364bdd60a29d2385f3553ae181a2b37f9f8793ca163de7e50a5d0603", "ce191b65e2561192f86e3cc1203eac5905716ea931d9643207bece43d7bb927c", "3ddf068df01a2a27689c0386d1628dd73e78e662da9c578c2e0de46e3384c7d7", "52f80fa0b078474e2c96e6127c4d14ea37c6045fbba9c26b36d2f4176408f020", "8a59869489013c041b79d313315d2030adb6cfcbb78ddf78c731bb29c9b7e74f", "69fb8a4b0dcf843b488925a12a664f506866b4def4306a5b95d02f0ac57c5bb0", "565c7f5cbaa6186e1f354dccf3b282876e5b0d3e4a16c47775928eec17bd031b", "39394d1402d67eeaa0e5dbe61c39ddb887d967580ce519f0d894e6925dd15da2"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "process-hollowing-detected", "hashes": ["3ade4b5dacf560174f328d37199a1587b815648c677ff60905a1749ae2709bdf", "5d3a530dc4e2239faff995c18198c52c43c5611e97c85d9f6d8153ad17c95ac8", "cae04ea9a81ce99fe9852967df998f3fda7c9f6df4fb028fc5a56827966e4a12", "764a0fbece5bfbd92ad83afcdb96beeeacd9175fedfdd5bb2a177bf0ec1ab2ba", "f76a9981c1aaf80aa7697887a25b0af110080b1871eba5a4123ed98c4636c183", "1ee3ae7119ccc045cefe6de4f99f2da69f05d244bfef964795a9e9b08163ad97", "769bfa392f99e29441cdbfb9a47024806f2574afde5822bddb8e25b712293500", "49b6c061933b71658c922c59a0875de71f39658f8eb6fee4493edc7ee16025a8", "e03cd6c401eaea3f3979c3a968c8d86f95971102280c3c9c07555f183983368b", "f02897fc5ec543ee341e92ef6e33466e6903204695d5422edf762df3f8c863eb", "ff3f26a70e9dd751e0916718d8fa35d37011829501eeedbff292f779fc5093f5", "2d197747e2c5dc2d172bc08b1e7f3c1adf070c342acf4d524bfdbd8b1b5597fc", "b2eb151175905dbe1798d4052078de1ae3685e874b790175faf427c8e7981b11", "ddb3d1524e2951e0c194dade6c8aaf4af115e049454011951e754c6bfeffa7e7", "8deac01f364bdd60a29d2385f3553ae181a2b37f9f8793ca163de7e50a5d0603", "ce191b65e2561192f86e3cc1203eac5905716ea931d9643207bece43d7bb927c", "3ddf068df01a2a27689c0386d1628dd73e78e662da9c578c2e0de46e3384c7d7", "52f80fa0b078474e2c96e6127c4d14ea37c6045fbba9c26b36d2f4176408f020", "8a59869489013c041b79d313315d2030adb6cfcbb78ddf78c731bb29c9b7e74f", "69fb8a4b0dcf843b488925a12a664f506866b4def4306a5b95d02f0ac57c5bb0", "565c7f5cbaa6186e1f354dccf3b282876e5b0d3e4a16c47775928eec17bd031b", "39394d1402d67eeaa0e5dbe61c39ddb887d967580ce519f0d894e6925dd15da2"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "compiler-vbc-run", "hashes": ["3ade4b5dacf560174f328d37199a1587b815648c677ff60905a1749ae2709bdf", "5d3a530dc4e2239faff995c18198c52c43c5611e97c85d9f6d8153ad17c95ac8", "cae04ea9a81ce99fe9852967df998f3fda7c9f6df4fb028fc5a56827966e4a12", "764a0fbece5bfbd92ad83afcdb96beeeacd9175fedfdd5bb2a177bf0ec1ab2ba", "f76a9981c1aaf80aa7697887a25b0af110080b1871eba5a4123ed98c4636c183", "1ee3ae7119ccc045cefe6de4f99f2da69f05d244bfef964795a9e9b08163ad97", "769bfa392f99e29441cdbfb9a47024806f2574afde5822bddb8e25b712293500", "49b6c061933b71658c922c59a0875de71f39658f8eb6fee4493edc7ee16025a8", "e03cd6c401eaea3f3979c3a968c8d86f95971102280c3c9c07555f183983368b", "f02897fc5ec543ee341e92ef6e33466e6903204695d5422edf762df3f8c863eb", "ff3f26a70e9dd751e0916718d8fa35d37011829501eeedbff292f779fc5093f5", "2d197747e2c5dc2d172bc08b1e7f3c1adf070c342acf4d524bfdbd8b1b5597fc", "b2eb151175905dbe1798d4052078de1ae3685e874b790175faf427c8e7981b11", "ddb3d1524e2951e0c194dade6c8aaf4af115e049454011951e754c6bfeffa7e7", "8deac01f364bdd60a29d2385f3553ae181a2b37f9f8793ca163de7e50a5d0603", "ce191b65e2561192f86e3cc1203eac5905716ea931d9643207bece43d7bb927c", "3ddf068df01a2a27689c0386d1628dd73e78e662da9c578c2e0de46e3384c7d7", "52f80fa0b078474e2c96e6127c4d14ea37c6045fbba9c26b36d2f4176408f020", "8a59869489013c041b79d313315d2030adb6cfcbb78ddf78c731bb29c9b7e74f", "69fb8a4b0dcf843b488925a12a664f506866b4def4306a5b95d02f0ac57c5bb0", "565c7f5cbaa6186e1f354dccf3b282876e5b0d3e4a16c47775928eec17bd031b", "39394d1402d67eeaa0e5dbe61c39ddb887d967580ce519f0d894e6925dd15da2"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "dot-net-process-hollowing-detected", "hashes": ["3ade4b5dacf560174f328d37199a1587b815648c677ff60905a1749ae2709bdf", "5d3a530dc4e2239faff995c18198c52c43c5611e97c85d9f6d8153ad17c95ac8", "cae04ea9a81ce99fe9852967df998f3fda7c9f6df4fb028fc5a56827966e4a12", "764a0fbece5bfbd92ad83afcdb96beeeacd9175fedfdd5bb2a177bf0ec1ab2ba", "f76a9981c1aaf80aa7697887a25b0af110080b1871eba5a4123ed98c4636c183", "1ee3ae7119ccc045cefe6de4f99f2da69f05d244bfef964795a9e9b08163ad97", "769bfa392f99e29441cdbfb9a47024806f2574afde5822bddb8e25b712293500", "49b6c061933b71658c922c59a0875de71f39658f8eb6fee4493edc7ee16025a8", "e03cd6c401eaea3f3979c3a968c8d86f95971102280c3c9c07555f183983368b", "f02897fc5ec543ee341e92ef6e33466e6903204695d5422edf762df3f8c863eb", "ff3f26a70e9dd751e0916718d8fa35d37011829501eeedbff292f779fc5093f5", "2d197747e2c5dc2d172bc08b1e7f3c1adf070c342acf4d524bfdbd8b1b5597fc", "b2eb151175905dbe1798d4052078de1ae3685e874b790175faf427c8e7981b11", "ddb3d1524e2951e0c194dade6c8aaf4af115e049454011951e754c6bfeffa7e7", "8deac01f364bdd60a29d2385f3553ae181a2b37f9f8793ca163de7e50a5d0603", "ce191b65e2561192f86e3cc1203eac5905716ea931d9643207bece43d7bb927c", "3ddf068df01a2a27689c0386d1628dd73e78e662da9c578c2e0de46e3384c7d7", "52f80fa0b078474e2c96e6127c4d14ea37c6045fbba9c26b36d2f4176408f020", "8a59869489013c041b79d313315d2030adb6cfcbb78ddf78c731bb29c9b7e74f", "69fb8a4b0dcf843b488925a12a664f506866b4def4306a5b95d02f0ac57c5bb0", "565c7f5cbaa6186e1f354dccf3b282876e5b0d3e4a16c47775928eec17bd031b", "39394d1402d67eeaa0e5dbe61c39ddb887d967580ce519f0d894e6925dd15da2"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "malware-darkcomet-registry-detected", "hashes": ["3ade4b5dacf560174f328d37199a1587b815648c677ff60905a1749ae2709bdf", "5d3a530dc4e2239faff995c18198c52c43c5611e97c85d9f6d8153ad17c95ac8", "cae04ea9a81ce99fe9852967df998f3fda7c9f6df4fb028fc5a56827966e4a12", "764a0fbece5bfbd92ad83afcdb96beeeacd9175fedfdd5bb2a177bf0ec1ab2ba", "f76a9981c1aaf80aa7697887a25b0af110080b1871eba5a4123ed98c4636c183", "1ee3ae7119ccc045cefe6de4f99f2da69f05d244bfef964795a9e9b08163ad97", "769bfa392f99e29441cdbfb9a47024806f2574afde5822bddb8e25b712293500", "49b6c061933b71658c922c59a0875de71f39658f8eb6fee4493edc7ee16025a8", "e03cd6c401eaea3f3979c3a968c8d86f95971102280c3c9c07555f183983368b", "f02897fc5ec543ee341e92ef6e33466e6903204695d5422edf762df3f8c863eb", "ff3f26a70e9dd751e0916718d8fa35d37011829501eeedbff292f779fc5093f5", "2d197747e2c5dc2d172bc08b1e7f3c1adf070c342acf4d524bfdbd8b1b5597fc", "b2eb151175905dbe1798d4052078de1ae3685e874b790175faf427c8e7981b11", "ddb3d1524e2951e0c194dade6c8aaf4af115e049454011951e754c6bfeffa7e7", "8deac01f364bdd60a29d2385f3553ae181a2b37f9f8793ca163de7e50a5d0603", "ce191b65e2561192f86e3cc1203eac5905716ea931d9643207bece43d7bb927c", "3ddf068df01a2a27689c0386d1628dd73e78e662da9c578c2e0de46e3384c7d7", "52f80fa0b078474e2c96e6127c4d14ea37c6045fbba9c26b36d2f4176408f020", "8a59869489013c041b79d313315d2030adb6cfcbb78ddf78c731bb29c9b7e74f", "69fb8a4b0dcf843b488925a12a664f506866b4def4306a5b95d02f0ac57c5bb0", "565c7f5cbaa6186e1f354dccf3b282876e5b0d3e4a16c47775928eec17bd031b", "39394d1402d67eeaa0e5dbe61c39ddb887d967580ce519f0d894e6925dd15da2"], "mitre_attack_tags": []}, {"bi": "modified-file-in-user-dir", "hashes": ["3ade4b5dacf560174f328d37199a1587b815648c677ff60905a1749ae2709bdf", "3c69bc8c19135271b0a5351654fa3905409f966a3190c660944a3071b73d6f67", "5d3a530dc4e2239faff995c18198c52c43c5611e97c85d9f6d8153ad17c95ac8", "cae04ea9a81ce99fe9852967df998f3fda7c9f6df4fb028fc5a56827966e4a12", "764a0fbece5bfbd92ad83afcdb96beeeacd9175fedfdd5bb2a177bf0ec1ab2ba", "f76a9981c1aaf80aa7697887a25b0af110080b1871eba5a4123ed98c4636c183", "1ee3ae7119ccc045cefe6de4f99f2da69f05d244bfef964795a9e9b08163ad97", "769bfa392f99e29441cdbfb9a47024806f2574afde5822bddb8e25b712293500", "f02897fc5ec543ee341e92ef6e33466e6903204695d5422edf762df3f8c863eb", "ff3f26a70e9dd751e0916718d8fa35d37011829501eeedbff292f779fc5093f5", "2d197747e2c5dc2d172bc08b1e7f3c1adf070c342acf4d524bfdbd8b1b5597fc", "b2eb151175905dbe1798d4052078de1ae3685e874b790175faf427c8e7981b11", "ddb3d1524e2951e0c194dade6c8aaf4af115e049454011951e754c6bfeffa7e7", "8deac01f364bdd60a29d2385f3553ae181a2b37f9f8793ca163de7e50a5d0603", "ce191b65e2561192f86e3cc1203eac5905716ea931d9643207bece43d7bb927c", "3ddf068df01a2a27689c0386d1628dd73e78e662da9c578c2e0de46e3384c7d7", "52f80fa0b078474e2c96e6127c4d14ea37c6045fbba9c26b36d2f4176408f020", "8a59869489013c041b79d313315d2030adb6cfcbb78ddf78c731bb29c9b7e74f", "69fb8a4b0dcf843b488925a12a664f506866b4def4306a5b95d02f0ac57c5bb0", "565c7f5cbaa6186e1f354dccf3b282876e5b0d3e4a16c47775928eec17bd031b", "39394d1402d67eeaa0e5dbe61c39ddb887d967580ce519f0d894e6925dd15da2"], "mitre_attack_tags": []}, {"bi": "modified-executable", "hashes": ["3ade4b5dacf560174f328d37199a1587b815648c677ff60905a1749ae2709bdf", "5d3a530dc4e2239faff995c18198c52c43c5611e97c85d9f6d8153ad17c95ac8", "cae04ea9a81ce99fe9852967df998f3fda7c9f6df4fb028fc5a56827966e4a12", "764a0fbece5bfbd92ad83afcdb96beeeacd9175fedfdd5bb2a177bf0ec1ab2ba", "f76a9981c1aaf80aa7697887a25b0af110080b1871eba5a4123ed98c4636c183", "1ee3ae7119ccc045cefe6de4f99f2da69f05d244bfef964795a9e9b08163ad97", "769bfa392f99e29441cdbfb9a47024806f2574afde5822bddb8e25b712293500", "f02897fc5ec543ee341e92ef6e33466e6903204695d5422edf762df3f8c863eb", "ff3f26a70e9dd751e0916718d8fa35d37011829501eeedbff292f779fc5093f5", "2d197747e2c5dc2d172bc08b1e7f3c1adf070c342acf4d524bfdbd8b1b5597fc", "b2eb151175905dbe1798d4052078de1ae3685e874b790175faf427c8e7981b11", "ddb3d1524e2951e0c194dade6c8aaf4af115e049454011951e754c6bfeffa7e7", "8deac01f364bdd60a29d2385f3553ae181a2b37f9f8793ca163de7e50a5d0603", "ce191b65e2561192f86e3cc1203eac5905716ea931d9643207bece43d7bb927c", "3ddf068df01a2a27689c0386d1628dd73e78e662da9c578c2e0de46e3384c7d7", "52f80fa0b078474e2c96e6127c4d14ea37c6045fbba9c26b36d2f4176408f020", "8a59869489013c041b79d313315d2030adb6cfcbb78ddf78c731bb29c9b7e74f", "69fb8a4b0dcf843b488925a12a664f506866b4def4306a5b95d02f0ac57c5bb0", "565c7f5cbaa6186e1f354dccf3b282876e5b0d3e4a16c47775928eec17bd031b", "39394d1402d67eeaa0e5dbe61c39ddb887d967580ce519f0d894e6925dd15da2"], "mitre_attack_tags": []}, {"bi": "created-executable-in-user-dir", "hashes": ["3ade4b5dacf560174f328d37199a1587b815648c677ff60905a1749ae2709bdf", "5d3a530dc4e2239faff995c18198c52c43c5611e97c85d9f6d8153ad17c95ac8", "cae04ea9a81ce99fe9852967df998f3fda7c9f6df4fb028fc5a56827966e4a12", "764a0fbece5bfbd92ad83afcdb96beeeacd9175fedfdd5bb2a177bf0ec1ab2ba", "f76a9981c1aaf80aa7697887a25b0af110080b1871eba5a4123ed98c4636c183", "1ee3ae7119ccc045cefe6de4f99f2da69f05d244bfef964795a9e9b08163ad97", "769bfa392f99e29441cdbfb9a47024806f2574afde5822bddb8e25b712293500", "f02897fc5ec543ee341e92ef6e33466e6903204695d5422edf762df3f8c863eb", "ff3f26a70e9dd751e0916718d8fa35d37011829501eeedbff292f779fc5093f5", "2d197747e2c5dc2d172bc08b1e7f3c1adf070c342acf4d524bfdbd8b1b5597fc", "b2eb151175905dbe1798d4052078de1ae3685e874b790175faf427c8e7981b11", "ddb3d1524e2951e0c194dade6c8aaf4af115e049454011951e754c6bfeffa7e7", "8deac01f364bdd60a29d2385f3553ae181a2b37f9f8793ca163de7e50a5d0603", "ce191b65e2561192f86e3cc1203eac5905716ea931d9643207bece43d7bb927c", "3ddf068df01a2a27689c0386d1628dd73e78e662da9c578c2e0de46e3384c7d7", "52f80fa0b078474e2c96e6127c4d14ea37c6045fbba9c26b36d2f4176408f020", "8a59869489013c041b79d313315d2030adb6cfcbb78ddf78c731bb29c9b7e74f", "69fb8a4b0dcf843b488925a12a664f506866b4def4306a5b95d02f0ac57c5bb0", "565c7f5cbaa6186e1f354dccf3b282876e5b0d3e4a16c47775928eec17bd031b", "39394d1402d67eeaa0e5dbe61c39ddb887d967580ce519f0d894e6925dd15da2"], "mitre_attack_tags": []}, {"bi": "startup-folder-modification", "hashes": ["3ade4b5dacf560174f328d37199a1587b815648c677ff60905a1749ae2709bdf", "5d3a530dc4e2239faff995c18198c52c43c5611e97c85d9f6d8153ad17c95ac8", "cae04ea9a81ce99fe9852967df998f3fda7c9f6df4fb028fc5a56827966e4a12", "764a0fbece5bfbd92ad83afcdb96beeeacd9175fedfdd5bb2a177bf0ec1ab2ba", "f76a9981c1aaf80aa7697887a25b0af110080b1871eba5a4123ed98c4636c183", "1ee3ae7119ccc045cefe6de4f99f2da69f05d244bfef964795a9e9b08163ad97", "f02897fc5ec543ee341e92ef6e33466e6903204695d5422edf762df3f8c863eb", "2d197747e2c5dc2d172bc08b1e7f3c1adf070c342acf4d524bfdbd8b1b5597fc", "b2eb151175905dbe1798d4052078de1ae3685e874b790175faf427c8e7981b11", "ddb3d1524e2951e0c194dade6c8aaf4af115e049454011951e754c6bfeffa7e7", "8deac01f364bdd60a29d2385f3553ae181a2b37f9f8793ca163de7e50a5d0603", "ce191b65e2561192f86e3cc1203eac5905716ea931d9643207bece43d7bb927c", "3ddf068df01a2a27689c0386d1628dd73e78e662da9c578c2e0de46e3384c7d7", "8a59869489013c041b79d313315d2030adb6cfcbb78ddf78c731bb29c9b7e74f", "39394d1402d67eeaa0e5dbe61c39ddb887d967580ce519f0d894e6925dd15da2"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "created-executable-sample-appdata", "hashes": ["3ade4b5dacf560174f328d37199a1587b815648c677ff60905a1749ae2709bdf", "5d3a530dc4e2239faff995c18198c52c43c5611e97c85d9f6d8153ad17c95ac8", "cae04ea9a81ce99fe9852967df998f3fda7c9f6df4fb028fc5a56827966e4a12", "764a0fbece5bfbd92ad83afcdb96beeeacd9175fedfdd5bb2a177bf0ec1ab2ba", "f76a9981c1aaf80aa7697887a25b0af110080b1871eba5a4123ed98c4636c183", "1ee3ae7119ccc045cefe6de4f99f2da69f05d244bfef964795a9e9b08163ad97", "f02897fc5ec543ee341e92ef6e33466e6903204695d5422edf762df3f8c863eb", "2d197747e2c5dc2d172bc08b1e7f3c1adf070c342acf4d524bfdbd8b1b5597fc", "b2eb151175905dbe1798d4052078de1ae3685e874b790175faf427c8e7981b11", "ddb3d1524e2951e0c194dade6c8aaf4af115e049454011951e754c6bfeffa7e7", "8deac01f364bdd60a29d2385f3553ae181a2b37f9f8793ca163de7e50a5d0603", "ce191b65e2561192f86e3cc1203eac5905716ea931d9643207bece43d7bb927c", "3ddf068df01a2a27689c0386d1628dd73e78e662da9c578c2e0de46e3384c7d7", "8a59869489013c041b79d313315d2030adb6cfcbb78ddf78c731bb29c9b7e74f", "39394d1402d67eeaa0e5dbe61c39ddb887d967580ce519f0d894e6925dd15da2"], "mitre_attack_tags": ["TA0005", "T1564"]}, {"bi": "antivirus-flagged-artifact", "hashes": ["5d3a530dc4e2239faff995c18198c52c43c5611e97c85d9f6d8153ad17c95ac8", "cae04ea9a81ce99fe9852967df998f3fda7c9f6df4fb028fc5a56827966e4a12", "f76a9981c1aaf80aa7697887a25b0af110080b1871eba5a4123ed98c4636c183", "1ee3ae7119ccc045cefe6de4f99f2da69f05d244bfef964795a9e9b08163ad97", "49b6c061933b71658c922c59a0875de71f39658f8eb6fee4493edc7ee16025a8", "e03cd6c401eaea3f3979c3a968c8d86f95971102280c3c9c07555f183983368b", "2d197747e2c5dc2d172bc08b1e7f3c1adf070c342acf4d524bfdbd8b1b5597fc", "b2eb151175905dbe1798d4052078de1ae3685e874b790175faf427c8e7981b11", "ddb3d1524e2951e0c194dade6c8aaf4af115e049454011951e754c6bfeffa7e7", "8deac01f364bdd60a29d2385f3553ae181a2b37f9f8793ca163de7e50a5d0603", "ce191b65e2561192f86e3cc1203eac5905716ea931d9643207bece43d7bb927c", "8a59869489013c041b79d313315d2030adb6cfcbb78ddf78c731bb29c9b7e74f"], "mitre_attack_tags": []}, {"bi": "malware-known-trojan-av", "hashes": ["5d3a530dc4e2239faff995c18198c52c43c5611e97c85d9f6d8153ad17c95ac8", "cae04ea9a81ce99fe9852967df998f3fda7c9f6df4fb028fc5a56827966e4a12", "f76a9981c1aaf80aa7697887a25b0af110080b1871eba5a4123ed98c4636c183", "1ee3ae7119ccc045cefe6de4f99f2da69f05d244bfef964795a9e9b08163ad97", "49b6c061933b71658c922c59a0875de71f39658f8eb6fee4493edc7ee16025a8", "e03cd6c401eaea3f3979c3a968c8d86f95971102280c3c9c07555f183983368b", "2d197747e2c5dc2d172bc08b1e7f3c1adf070c342acf4d524bfdbd8b1b5597fc", "b2eb151175905dbe1798d4052078de1ae3685e874b790175faf427c8e7981b11", "ddb3d1524e2951e0c194dade6c8aaf4af115e049454011951e754c6bfeffa7e7", "8deac01f364bdd60a29d2385f3553ae181a2b37f9f8793ca163de7e50a5d0603", "ce191b65e2561192f86e3cc1203eac5905716ea931d9643207bece43d7bb927c", "8a59869489013c041b79d313315d2030adb6cfcbb78ddf78c731bb29c9b7e74f"], "mitre_attack_tags": []}, {"bi": "artifact-memory-vm-detect", "hashes": ["5d3a530dc4e2239faff995c18198c52c43c5611e97c85d9f6d8153ad17c95ac8", "cae04ea9a81ce99fe9852967df998f3fda7c9f6df4fb028fc5a56827966e4a12", "f76a9981c1aaf80aa7697887a25b0af110080b1871eba5a4123ed98c4636c183", "1ee3ae7119ccc045cefe6de4f99f2da69f05d244bfef964795a9e9b08163ad97", "49b6c061933b71658c922c59a0875de71f39658f8eb6fee4493edc7ee16025a8", "e03cd6c401eaea3f3979c3a968c8d86f95971102280c3c9c07555f183983368b", "2d197747e2c5dc2d172bc08b1e7f3c1adf070c342acf4d524bfdbd8b1b5597fc", "b2eb151175905dbe1798d4052078de1ae3685e874b790175faf427c8e7981b11", "ddb3d1524e2951e0c194dade6c8aaf4af115e049454011951e754c6bfeffa7e7", "8deac01f364bdd60a29d2385f3553ae181a2b37f9f8793ca163de7e50a5d0603", "ce191b65e2561192f86e3cc1203eac5905716ea931d9643207bece43d7bb927c", "8a59869489013c041b79d313315d2030adb6cfcbb78ddf78c731bb29c9b7e74f"], "mitre_attack_tags": ["TA0005", "TA0007", "T1497"]}, {"bi": "malware-darkcomet-detected", "hashes": ["5d3a530dc4e2239faff995c18198c52c43c5611e97c85d9f6d8153ad17c95ac8", "cae04ea9a81ce99fe9852967df998f3fda7c9f6df4fb028fc5a56827966e4a12", "f76a9981c1aaf80aa7697887a25b0af110080b1871eba5a4123ed98c4636c183", "1ee3ae7119ccc045cefe6de4f99f2da69f05d244bfef964795a9e9b08163ad97", "49b6c061933b71658c922c59a0875de71f39658f8eb6fee4493edc7ee16025a8", "e03cd6c401eaea3f3979c3a968c8d86f95971102280c3c9c07555f183983368b", "2d197747e2c5dc2d172bc08b1e7f3c1adf070c342acf4d524bfdbd8b1b5597fc", "b2eb151175905dbe1798d4052078de1ae3685e874b790175faf427c8e7981b11", "ddb3d1524e2951e0c194dade6c8aaf4af115e049454011951e754c6bfeffa7e7", "8deac01f364bdd60a29d2385f3553ae181a2b37f9f8793ca163de7e50a5d0603", "ce191b65e2561192f86e3cc1203eac5905716ea931d9643207bece43d7bb927c", "8a59869489013c041b79d313315d2030adb6cfcbb78ddf78c731bb29c9b7e74f"], "mitre_attack_tags": []}, {"bi": "malware-darkcomet-mutex-detected", "hashes": ["5d3a530dc4e2239faff995c18198c52c43c5611e97c85d9f6d8153ad17c95ac8", "cae04ea9a81ce99fe9852967df998f3fda7c9f6df4fb028fc5a56827966e4a12", "f76a9981c1aaf80aa7697887a25b0af110080b1871eba5a4123ed98c4636c183", "1ee3ae7119ccc045cefe6de4f99f2da69f05d244bfef964795a9e9b08163ad97", "49b6c061933b71658c922c59a0875de71f39658f8eb6fee4493edc7ee16025a8", "e03cd6c401eaea3f3979c3a968c8d86f95971102280c3c9c07555f183983368b", "2d197747e2c5dc2d172bc08b1e7f3c1adf070c342acf4d524bfdbd8b1b5597fc", "b2eb151175905dbe1798d4052078de1ae3685e874b790175faf427c8e7981b11", "ddb3d1524e2951e0c194dade6c8aaf4af115e049454011951e754c6bfeffa7e7", "8deac01f364bdd60a29d2385f3553ae181a2b37f9f8793ca163de7e50a5d0603", "ce191b65e2561192f86e3cc1203eac5905716ea931d9643207bece43d7bb927c", "8a59869489013c041b79d313315d2030adb6cfcbb78ddf78c731bb29c9b7e74f"], "mitre_attack_tags": []}, {"bi": "hook-installed", "hashes": ["5d3a530dc4e2239faff995c18198c52c43c5611e97c85d9f6d8153ad17c95ac8", "cae04ea9a81ce99fe9852967df998f3fda7c9f6df4fb028fc5a56827966e4a12", "f76a9981c1aaf80aa7697887a25b0af110080b1871eba5a4123ed98c4636c183", "1ee3ae7119ccc045cefe6de4f99f2da69f05d244bfef964795a9e9b08163ad97", "49b6c061933b71658c922c59a0875de71f39658f8eb6fee4493edc7ee16025a8", "e03cd6c401eaea3f3979c3a968c8d86f95971102280c3c9c07555f183983368b", "b2eb151175905dbe1798d4052078de1ae3685e874b790175faf427c8e7981b11", "ddb3d1524e2951e0c194dade6c8aaf4af115e049454011951e754c6bfeffa7e7", "8deac01f364bdd60a29d2385f3553ae181a2b37f9f8793ca163de7e50a5d0603", "ce191b65e2561192f86e3cc1203eac5905716ea931d9643207bece43d7bb927c", "8a59869489013c041b79d313315d2030adb6cfcbb78ddf78c731bb29c9b7e74f"], "mitre_attack_tags": ["TA0009", "TA0006", "T1056"]}, {"bi": "pe-filename-mismatch", "hashes": ["3ade4b5dacf560174f328d37199a1587b815648c677ff60905a1749ae2709bdf", "764a0fbece5bfbd92ad83afcdb96beeeacd9175fedfdd5bb2a177bf0ec1ab2ba", "769bfa392f99e29441cdbfb9a47024806f2574afde5822bddb8e25b712293500", "f02897fc5ec543ee341e92ef6e33466e6903204695d5422edf762df3f8c863eb", "ff3f26a70e9dd751e0916718d8fa35d37011829501eeedbff292f779fc5093f5", "3ddf068df01a2a27689c0386d1628dd73e78e662da9c578c2e0de46e3384c7d7", "52f80fa0b078474e2c96e6127c4d14ea37c6045fbba9c26b36d2f4176408f020", "69fb8a4b0dcf843b488925a12a664f506866b4def4306a5b95d02f0ac57c5bb0", "565c7f5cbaa6186e1f354dccf3b282876e5b0d3e4a16c47775928eec17bd031b", "39394d1402d67eeaa0e5dbe61c39ddb887d967580ce519f0d894e6925dd15da2"], "mitre_attack_tags": []}, {"bi": "registry-autorun-key-modified", "hashes": ["3ade4b5dacf560174f328d37199a1587b815648c677ff60905a1749ae2709bdf", "764a0fbece5bfbd92ad83afcdb96beeeacd9175fedfdd5bb2a177bf0ec1ab2ba", "769bfa392f99e29441cdbfb9a47024806f2574afde5822bddb8e25b712293500", "f02897fc5ec543ee341e92ef6e33466e6903204695d5422edf762df3f8c863eb", "ff3f26a70e9dd751e0916718d8fa35d37011829501eeedbff292f779fc5093f5", "3ddf068df01a2a27689c0386d1628dd73e78e662da9c578c2e0de46e3384c7d7", "52f80fa0b078474e2c96e6127c4d14ea37c6045fbba9c26b36d2f4176408f020", "69fb8a4b0dcf843b488925a12a664f506866b4def4306a5b95d02f0ac57c5bb0", "565c7f5cbaa6186e1f354dccf3b282876e5b0d3e4a16c47775928eec17bd031b", "39394d1402d67eeaa0e5dbe61c39ddb887d967580ce519f0d894e6925dd15da2"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "imports-IsDebuggerPresent", "hashes": ["3ade4b5dacf560174f328d37199a1587b815648c677ff60905a1749ae2709bdf", "764a0fbece5bfbd92ad83afcdb96beeeacd9175fedfdd5bb2a177bf0ec1ab2ba", "769bfa392f99e29441cdbfb9a47024806f2574afde5822bddb8e25b712293500", "f02897fc5ec543ee341e92ef6e33466e6903204695d5422edf762df3f8c863eb", "ff3f26a70e9dd751e0916718d8fa35d37011829501eeedbff292f779fc5093f5", "3ddf068df01a2a27689c0386d1628dd73e78e662da9c578c2e0de46e3384c7d7", "52f80fa0b078474e2c96e6127c4d14ea37c6045fbba9c26b36d2f4176408f020", "69fb8a4b0dcf843b488925a12a664f506866b4def4306a5b95d02f0ac57c5bb0", "565c7f5cbaa6186e1f354dccf3b282876e5b0d3e4a16c47775928eec17bd031b", "39394d1402d67eeaa0e5dbe61c39ddb887d967580ce519f0d894e6925dd15da2"], "mitre_attack_tags": ["TA0005", "TA0007"]}, {"bi": "pe-imports-psapi-dll", "hashes": ["3ade4b5dacf560174f328d37199a1587b815648c677ff60905a1749ae2709bdf", "764a0fbece5bfbd92ad83afcdb96beeeacd9175fedfdd5bb2a177bf0ec1ab2ba", "769bfa392f99e29441cdbfb9a47024806f2574afde5822bddb8e25b712293500", "f02897fc5ec543ee341e92ef6e33466e6903204695d5422edf762df3f8c863eb", "ff3f26a70e9dd751e0916718d8fa35d37011829501eeedbff292f779fc5093f5", "3ddf068df01a2a27689c0386d1628dd73e78e662da9c578c2e0de46e3384c7d7", "52f80fa0b078474e2c96e6127c4d14ea37c6045fbba9c26b36d2f4176408f020", "69fb8a4b0dcf843b488925a12a664f506866b4def4306a5b95d02f0ac57c5bb0", "565c7f5cbaa6186e1f354dccf3b282876e5b0d3e4a16c47775928eec17bd031b", "39394d1402d67eeaa0e5dbe61c39ddb887d967580ce519f0d894e6925dd15da2"], "mitre_attack_tags": ["TA0007", "T1057"]}, {"bi": "registry-winlogon-key-modified-nt", "hashes": ["3ade4b5dacf560174f328d37199a1587b815648c677ff60905a1749ae2709bdf", "764a0fbece5bfbd92ad83afcdb96beeeacd9175fedfdd5bb2a177bf0ec1ab2ba", "769bfa392f99e29441cdbfb9a47024806f2574afde5822bddb8e25b712293500", "f02897fc5ec543ee341e92ef6e33466e6903204695d5422edf762df3f8c863eb", "ff3f26a70e9dd751e0916718d8fa35d37011829501eeedbff292f779fc5093f5", "3ddf068df01a2a27689c0386d1628dd73e78e662da9c578c2e0de46e3384c7d7", "52f80fa0b078474e2c96e6127c4d14ea37c6045fbba9c26b36d2f4176408f020", "69fb8a4b0dcf843b488925a12a664f506866b4def4306a5b95d02f0ac57c5bb0", "565c7f5cbaa6186e1f354dccf3b282876e5b0d3e4a16c47775928eec17bd031b", "39394d1402d67eeaa0e5dbe61c39ddb887d967580ce519f0d894e6925dd15da2"], "mitre_attack_tags": ["TA0005", "TA0003", "TA0004", "T1112", "T1547"]}, {"bi": "pe-certificate", "hashes": ["3ade4b5dacf560174f328d37199a1587b815648c677ff60905a1749ae2709bdf", "764a0fbece5bfbd92ad83afcdb96beeeacd9175fedfdd5bb2a177bf0ec1ab2ba", "769bfa392f99e29441cdbfb9a47024806f2574afde5822bddb8e25b712293500", "f02897fc5ec543ee341e92ef6e33466e6903204695d5422edf762df3f8c863eb", "ff3f26a70e9dd751e0916718d8fa35d37011829501eeedbff292f779fc5093f5", "3ddf068df01a2a27689c0386d1628dd73e78e662da9c578c2e0de46e3384c7d7", "52f80fa0b078474e2c96e6127c4d14ea37c6045fbba9c26b36d2f4176408f020", "69fb8a4b0dcf843b488925a12a664f506866b4def4306a5b95d02f0ac57c5bb0", "565c7f5cbaa6186e1f354dccf3b282876e5b0d3e4a16c47775928eec17bd031b", "39394d1402d67eeaa0e5dbe61c39ddb887d967580ce519f0d894e6925dd15da2"], "mitre_attack_tags": []}, {"bi": "pe-imports-toolhelp", "hashes": ["3ade4b5dacf560174f328d37199a1587b815648c677ff60905a1749ae2709bdf", "764a0fbece5bfbd92ad83afcdb96beeeacd9175fedfdd5bb2a177bf0ec1ab2ba", "769bfa392f99e29441cdbfb9a47024806f2574afde5822bddb8e25b712293500", "f02897fc5ec543ee341e92ef6e33466e6903204695d5422edf762df3f8c863eb", "ff3f26a70e9dd751e0916718d8fa35d37011829501eeedbff292f779fc5093f5", "3ddf068df01a2a27689c0386d1628dd73e78e662da9c578c2e0de46e3384c7d7", "52f80fa0b078474e2c96e6127c4d14ea37c6045fbba9c26b36d2f4176408f020", "69fb8a4b0dcf843b488925a12a664f506866b4def4306a5b95d02f0ac57c5bb0", "565c7f5cbaa6186e1f354dccf3b282876e5b0d3e4a16c47775928eec17bd031b", "39394d1402d67eeaa0e5dbe61c39ddb887d967580ce519f0d894e6925dd15da2"], "mitre_attack_tags": ["TA0007", "T1057"]}, {"bi": "registry-winlogon-key-value-modified-to-userinit", "hashes": ["3ade4b5dacf560174f328d37199a1587b815648c677ff60905a1749ae2709bdf", "764a0fbece5bfbd92ad83afcdb96beeeacd9175fedfdd5bb2a177bf0ec1ab2ba", "769bfa392f99e29441cdbfb9a47024806f2574afde5822bddb8e25b712293500", "f02897fc5ec543ee341e92ef6e33466e6903204695d5422edf762df3f8c863eb", "ff3f26a70e9dd751e0916718d8fa35d37011829501eeedbff292f779fc5093f5", "3ddf068df01a2a27689c0386d1628dd73e78e662da9c578c2e0de46e3384c7d7", "52f80fa0b078474e2c96e6127c4d14ea37c6045fbba9c26b36d2f4176408f020", "69fb8a4b0dcf843b488925a12a664f506866b4def4306a5b95d02f0ac57c5bb0", "565c7f5cbaa6186e1f354dccf3b282876e5b0d3e4a16c47775928eec17bd031b", "39394d1402d67eeaa0e5dbe61c39ddb887d967580ce519f0d894e6925dd15da2"], "mitre_attack_tags": ["TA0005", "TA0003", "TA0004", "T1112", "T1547"]}, {"bi": "network-dns-safe-categories", "hashes": ["5d3a530dc4e2239faff995c18198c52c43c5611e97c85d9f6d8153ad17c95ac8", "cae04ea9a81ce99fe9852967df998f3fda7c9f6df4fb028fc5a56827966e4a12", "f76a9981c1aaf80aa7697887a25b0af110080b1871eba5a4123ed98c4636c183", "1ee3ae7119ccc045cefe6de4f99f2da69f05d244bfef964795a9e9b08163ad97", "49b6c061933b71658c922c59a0875de71f39658f8eb6fee4493edc7ee16025a8", "b2eb151175905dbe1798d4052078de1ae3685e874b790175faf427c8e7981b11", "ddb3d1524e2951e0c194dade6c8aaf4af115e049454011951e754c6bfeffa7e7", "8deac01f364bdd60a29d2385f3553ae181a2b37f9f8793ca163de7e50a5d0603", "ce191b65e2561192f86e3cc1203eac5905716ea931d9643207bece43d7bb927c", "8a59869489013c041b79d313315d2030adb6cfcbb78ddf78c731bb29c9b7e74f"], "mitre_attack_tags": []}, {"bi": "network-fast-flux-nameserver", "hashes": ["cae04ea9a81ce99fe9852967df998f3fda7c9f6df4fb028fc5a56827966e4a12", "f76a9981c1aaf80aa7697887a25b0af110080b1871eba5a4123ed98c4636c183", "1ee3ae7119ccc045cefe6de4f99f2da69f05d244bfef964795a9e9b08163ad97", "49b6c061933b71658c922c59a0875de71f39658f8eb6fee4493edc7ee16025a8", "b2eb151175905dbe1798d4052078de1ae3685e874b790175faf427c8e7981b11", "ddb3d1524e2951e0c194dade6c8aaf4af115e049454011951e754c6bfeffa7e7", "8deac01f364bdd60a29d2385f3553ae181a2b37f9f8793ca163de7e50a5d0603", "8a59869489013c041b79d313315d2030adb6cfcbb78ddf78c731bb29c9b7e74f"], "mitre_attack_tags": []}, {"bi": "dns-dynamic-domain", "hashes": ["cae04ea9a81ce99fe9852967df998f3fda7c9f6df4fb028fc5a56827966e4a12", "f76a9981c1aaf80aa7697887a25b0af110080b1871eba5a4123ed98c4636c183", "1ee3ae7119ccc045cefe6de4f99f2da69f05d244bfef964795a9e9b08163ad97", "b2eb151175905dbe1798d4052078de1ae3685e874b790175faf427c8e7981b11", "ddb3d1524e2951e0c194dade6c8aaf4af115e049454011951e754c6bfeffa7e7", "8deac01f364bdd60a29d2385f3553ae181a2b37f9f8793ca163de7e50a5d0603"], "mitre_attack_tags": ["TA0011", "T1568"]}, {"bi": "windows-util-attrib-hide", "hashes": ["5d3a530dc4e2239faff995c18198c52c43c5611e97c85d9f6d8153ad17c95ac8", "ce191b65e2561192f86e3cc1203eac5905716ea931d9643207bece43d7bb927c", "3ddf068df01a2a27689c0386d1628dd73e78e662da9c578c2e0de46e3384c7d7", "8a59869489013c041b79d313315d2030adb6cfcbb78ddf78c731bb29c9b7e74f", "39394d1402d67eeaa0e5dbe61c39ddb887d967580ce519f0d894e6925dd15da2"], "mitre_attack_tags": ["TA0005", "T1564"]}, {"bi": "file-attribute-modification", "hashes": ["5d3a530dc4e2239faff995c18198c52c43c5611e97c85d9f6d8153ad17c95ac8", "ce191b65e2561192f86e3cc1203eac5905716ea931d9643207bece43d7bb927c", "3ddf068df01a2a27689c0386d1628dd73e78e662da9c578c2e0de46e3384c7d7", "8a59869489013c041b79d313315d2030adb6cfcbb78ddf78c731bb29c9b7e74f", "39394d1402d67eeaa0e5dbe61c39ddb887d967580ce519f0d894e6925dd15da2"], "mitre_attack_tags": ["TA0005", "T1564"]}, {"bi": "network-dns-category-dynamic", "hashes": ["5d3a530dc4e2239faff995c18198c52c43c5611e97c85d9f6d8153ad17c95ac8", "49b6c061933b71658c922c59a0875de71f39658f8eb6fee4493edc7ee16025a8", "ce191b65e2561192f86e3cc1203eac5905716ea931d9643207bece43d7bb927c", "8a59869489013c041b79d313315d2030adb6cfcbb78ddf78c731bb29c9b7e74f"], "mitre_attack_tags": []}, {"bi": "disables-security-center-notifications", "hashes": ["5d3a530dc4e2239faff995c18198c52c43c5611e97c85d9f6d8153ad17c95ac8", "ce191b65e2561192f86e3cc1203eac5905716ea931d9643207bece43d7bb927c", "8a59869489013c041b79d313315d2030adb6cfcbb78ddf78c731bb29c9b7e74f"], "mitre_attack_tags": ["TA0005", "T1562"]}, {"bi": "registry-service-autostart-disabled", "hashes": ["5d3a530dc4e2239faff995c18198c52c43c5611e97c85d9f6d8153ad17c95ac8", "ce191b65e2561192f86e3cc1203eac5905716ea931d9643207bece43d7bb927c"], "mitre_attack_tags": ["TA0005", "TA0040", "TA0003", "TA0004", "T1112", "T1574", "T1489"]}, {"bi": "registry-disable-windefender", "hashes": ["5d3a530dc4e2239faff995c18198c52c43c5611e97c85d9f6d8153ad17c95ac8", "ce191b65e2561192f86e3cc1203eac5905716ea931d9643207bece43d7bb927c"], "mitre_attack_tags": ["TA0005", "T1562"]}, {"bi": "disables-windows-firewall", "hashes": ["5d3a530dc4e2239faff995c18198c52c43c5611e97c85d9f6d8153ad17c95ac8", "ce191b65e2561192f86e3cc1203eac5905716ea931d9643207bece43d7bb927c"], "mitre_attack_tags": ["TA0005", "T1562"]}, {"bi": "registry-autorun-key-temp-dir", "hashes": ["764a0fbece5bfbd92ad83afcdb96beeeacd9175fedfdd5bb2a177bf0ec1ab2ba", "f02897fc5ec543ee341e92ef6e33466e6903204695d5422edf762df3f8c863eb"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "registry-editor-disabled", "hashes": ["ce191b65e2561192f86e3cc1203eac5905716ea931d9643207bece43d7bb927c", "8a59869489013c041b79d313315d2030adb6cfcbb78ddf78c731bb29c9b7e74f"], "mitre_attack_tags": ["TA0040", "T1490"]}, {"bi": "fault-report-file-created", "hashes": ["3c69bc8c19135271b0a5351654fa3905409f966a3190c660944a3071b73d6f67"], "mitre_attack_tags": []}, {"bi": "dot-net-crash-tool-execution-detected", "hashes": ["3c69bc8c19135271b0a5351654fa3905409f966a3190c660944a3071b73d6f67"], "mitre_attack_tags": []}, {"bi": "deleted-executable-in-system-dir", "hashes": ["ff3f26a70e9dd751e0916718d8fa35d37011829501eeedbff292f779fc5093f5"], "mitre_attack_tags": []}, {"bi": "pe-packed-upx", "hashes": ["2d197747e2c5dc2d172bc08b1e7f3c1adf070c342acf4d524bfdbd8b1b5597fc"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "decoy-wpfv", "hashes": ["2d197747e2c5dc2d172bc08b1e7f3c1adf070c342acf4d524bfdbd8b1b5597fc"], "mitre_attack_tags": ["TA0001", "T1566"]}, {"bi": "netbios-query", "hashes": ["ddb3d1524e2951e0c194dade6c8aaf4af115e049454011951e754c6bfeffa7e7"], "mitre_attack_tags": ["TA0007", "T1016"]}, {"bi": "task-manager-disabled", "hashes": ["ce191b65e2561192f86e3cc1203eac5905716ea931d9643207bece43d7bb927c"], "mitre_attack_tags": ["TA0040", "T1499"]}], "category": "Packed", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": false, "Threat Grid": true, "Umbrella": false, "WSA": false}, "description": "DarkComet and related variants are a family of remote access trojans designed to provide an attacker with control over an infected system. Capabilities of this malware include the ability to download files from a user's machine, mechanisms for persistence and hiding, and the ability to send back usernames and passwords from the infected system.", "hashes": ["1ee3ae7119ccc045cefe6de4f99f2da69f05d244bfef964795a9e9b08163ad97", "2d197747e2c5dc2d172bc08b1e7f3c1adf070c342acf4d524bfdbd8b1b5597fc", "39394d1402d67eeaa0e5dbe61c39ddb887d967580ce519f0d894e6925dd15da2", "3ade4b5dacf560174f328d37199a1587b815648c677ff60905a1749ae2709bdf", "3c69bc8c19135271b0a5351654fa3905409f966a3190c660944a3071b73d6f67", "3ddf068df01a2a27689c0386d1628dd73e78e662da9c578c2e0de46e3384c7d7", "49b6c061933b71658c922c59a0875de71f39658f8eb6fee4493edc7ee16025a8", "52f80fa0b078474e2c96e6127c4d14ea37c6045fbba9c26b36d2f4176408f020", "565c7f5cbaa6186e1f354dccf3b282876e5b0d3e4a16c47775928eec17bd031b", "5d3a530dc4e2239faff995c18198c52c43c5611e97c85d9f6d8153ad17c95ac8", "69fb8a4b0dcf843b488925a12a664f506866b4def4306a5b95d02f0ac57c5bb0", "764a0fbece5bfbd92ad83afcdb96beeeacd9175fedfdd5bb2a177bf0ec1ab2ba", "769bfa392f99e29441cdbfb9a47024806f2574afde5822bddb8e25b712293500", "8a59869489013c041b79d313315d2030adb6cfcbb78ddf78c731bb29c9b7e74f", "8deac01f364bdd60a29d2385f3553ae181a2b37f9f8793ca163de7e50a5d0603", "b2eb151175905dbe1798d4052078de1ae3685e874b790175faf427c8e7981b11", "cae04ea9a81ce99fe9852967df998f3fda7c9f6df4fb028fc5a56827966e4a12", "ce191b65e2561192f86e3cc1203eac5905716ea931d9643207bece43d7bb927c", "ddb3d1524e2951e0c194dade6c8aaf4af115e049454011951e754c6bfeffa7e7", "e03cd6c401eaea3f3979c3a968c8d86f95971102280c3c9c07555f183983368b", "f02897fc5ec543ee341e92ef6e33466e6903204695d5422edf762df3f8c863eb", "f76a9981c1aaf80aa7697887a25b0af110080b1871eba5a4123ed98c4636c183", "ff3f26a70e9dd751e0916718d8fa35d37011829501eeedbff292f779fc5093f5"], "iocs": {"domain": [{"hashes": ["1ee3ae7119ccc045cefe6de4f99f2da69f05d244bfef964795a9e9b08163ad97", "b2eb151175905dbe1798d4052078de1ae3685e874b790175faf427c8e7981b11", "cae04ea9a81ce99fe9852967df998f3fda7c9f6df4fb028fc5a56827966e4a12", "f76a9981c1aaf80aa7697887a25b0af110080b1871eba5a4123ed98c4636c183"], "host": "nitoh95240[.]no-ip[.]org"}, {"hashes": ["5d3a530dc4e2239faff995c18198c52c43c5611e97c85d9f6d8153ad17c95ac8", "ce191b65e2561192f86e3cc1203eac5905716ea931d9643207bece43d7bb927c"], "host": "epiclegit[.]no-ip[.]biz"}, {"hashes": ["8a59869489013c041b79d313315d2030adb6cfcbb78ddf78c731bb29c9b7e74f"], "host": "nzarkatar[.]no-ip[.]biz"}, {"hashes": ["ddb3d1524e2951e0c194dade6c8aaf4af115e049454011951e754c6bfeffa7e7"], "host": "faffa[.]no-ip[.]org"}, {"hashes": ["8deac01f364bdd60a29d2385f3553ae181a2b37f9f8793ca163de7e50a5d0603"], "host": "c0san0stra[.]zapto[.]org"}, {"hashes": ["49b6c061933b71658c922c59a0875de71f39658f8eb6fee4493edc7ee16025a8"], "host": "jonshouse[.]no-ip[.]biz"}], "file": [{"hashes": ["1ee3ae7119ccc045cefe6de4f99f2da69f05d244bfef964795a9e9b08163ad97", "2d197747e2c5dc2d172bc08b1e7f3c1adf070c342acf4d524bfdbd8b1b5597fc", "39394d1402d67eeaa0e5dbe61c39ddb887d967580ce519f0d894e6925dd15da2", "3ade4b5dacf560174f328d37199a1587b815648c677ff60905a1749ae2709bdf", "3ddf068df01a2a27689c0386d1628dd73e78e662da9c578c2e0de46e3384c7d7", "5d3a530dc4e2239faff995c18198c52c43c5611e97c85d9f6d8153ad17c95ac8", "764a0fbece5bfbd92ad83afcdb96beeeacd9175fedfdd5bb2a177bf0ec1ab2ba", "8a59869489013c041b79d313315d2030adb6cfcbb78ddf78c731bb29c9b7e74f", "8deac01f364bdd60a29d2385f3553ae181a2b37f9f8793ca163de7e50a5d0603", "b2eb151175905dbe1798d4052078de1ae3685e874b790175faf427c8e7981b11", "cae04ea9a81ce99fe9852967df998f3fda7c9f6df4fb028fc5a56827966e4a12", "ce191b65e2561192f86e3cc1203eac5905716ea931d9643207bece43d7bb927c", "ddb3d1524e2951e0c194dade6c8aaf4af115e049454011951e754c6bfeffa7e7", "f02897fc5ec543ee341e92ef6e33466e6903204695d5422edf762df3f8c863eb", "f76a9981c1aaf80aa7697887a25b0af110080b1871eba5a4123ed98c4636c183"], "path": "%APPDATA%\\MICROSOFT\\WINDOWS\\START MENU\\PROGRAMS\\STARTUP\\<original file name>.exe"}, {"hashes": ["1ee3ae7119ccc045cefe6de4f99f2da69f05d244bfef964795a9e9b08163ad97", "2d197747e2c5dc2d172bc08b1e7f3c1adf070c342acf4d524bfdbd8b1b5597fc", "49b6c061933b71658c922c59a0875de71f39658f8eb6fee4493edc7ee16025a8", "5d3a530dc4e2239faff995c18198c52c43c5611e97c85d9f6d8153ad17c95ac8", "8a59869489013c041b79d313315d2030adb6cfcbb78ddf78c731bb29c9b7e74f", "8deac01f364bdd60a29d2385f3553ae181a2b37f9f8793ca163de7e50a5d0603", "b2eb151175905dbe1798d4052078de1ae3685e874b790175faf427c8e7981b11", "cae04ea9a81ce99fe9852967df998f3fda7c9f6df4fb028fc5a56827966e4a12", "ce191b65e2561192f86e3cc1203eac5905716ea931d9643207bece43d7bb927c", "ddb3d1524e2951e0c194dade6c8aaf4af115e049454011951e754c6bfeffa7e7", "e03cd6c401eaea3f3979c3a968c8d86f95971102280c3c9c07555f183983368b", "f76a9981c1aaf80aa7697887a25b0af110080b1871eba5a4123ed98c4636c183"], "path": "%APPDATA%\\dclogs"}, {"hashes": ["3ade4b5dacf560174f328d37199a1587b815648c677ff60905a1749ae2709bdf", "52f80fa0b078474e2c96e6127c4d14ea37c6045fbba9c26b36d2f4176408f020", "565c7f5cbaa6186e1f354dccf3b282876e5b0d3e4a16c47775928eec17bd031b", "69fb8a4b0dcf843b488925a12a664f506866b4def4306a5b95d02f0ac57c5bb0", "769bfa392f99e29441cdbfb9a47024806f2574afde5822bddb8e25b712293500"], "path": "%HOMEPATH%\\Documents\\DCSCMIN"}, {"hashes": ["3ade4b5dacf560174f328d37199a1587b815648c677ff60905a1749ae2709bdf", "52f80fa0b078474e2c96e6127c4d14ea37c6045fbba9c26b36d2f4176408f020", "565c7f5cbaa6186e1f354dccf3b282876e5b0d3e4a16c47775928eec17bd031b", "69fb8a4b0dcf843b488925a12a664f506866b4def4306a5b95d02f0ac57c5bb0", "769bfa392f99e29441cdbfb9a47024806f2574afde5822bddb8e25b712293500"], "path": "%HOMEPATH%\\Documents\\DCSCMIN\\IMDCSC.exe"}, {"hashes": ["39394d1402d67eeaa0e5dbe61c39ddb887d967580ce519f0d894e6925dd15da2", "3ddf068df01a2a27689c0386d1628dd73e78e662da9c578c2e0de46e3384c7d7", "ff3f26a70e9dd751e0916718d8fa35d37011829501eeedbff292f779fc5093f5"], "path": "%HOMEPATH%\\Documents\\MSDCSC"}, {"hashes": ["39394d1402d67eeaa0e5dbe61c39ddb887d967580ce519f0d894e6925dd15da2", "3ddf068df01a2a27689c0386d1628dd73e78e662da9c578c2e0de46e3384c7d7", "ff3f26a70e9dd751e0916718d8fa35d37011829501eeedbff292f779fc5093f5"], "path": "%HOMEPATH%\\Documents\\MSDCSC\\msdcsc.exe"}, {"hashes": ["764a0fbece5bfbd92ad83afcdb96beeeacd9175fedfdd5bb2a177bf0ec1ab2ba", "f02897fc5ec543ee341e92ef6e33466e6903204695d5422edf762df3f8c863eb"], "path": "%TEMP%\\MSDCSC"}, {"hashes": ["764a0fbece5bfbd92ad83afcdb96beeeacd9175fedfdd5bb2a177bf0ec1ab2ba", "f02897fc5ec543ee341e92ef6e33466e6903204695d5422edf762df3f8c863eb"], "path": "%TEMP%\\MSDCSC\\msdcsc.exe"}, {"hashes": ["2d197747e2c5dc2d172bc08b1e7f3c1adf070c342acf4d524bfdbd8b1b5597fc"], "path": "%TEMP%\\W63.JPG"}], "ip": [], "mutex": [{"hashes": ["2d197747e2c5dc2d172bc08b1e7f3c1adf070c342acf4d524bfdbd8b1b5597fc", "49b6c061933b71658c922c59a0875de71f39658f8eb6fee4493edc7ee16025a8", "5d3a530dc4e2239faff995c18198c52c43c5611e97c85d9f6d8153ad17c95ac8", "8a59869489013c041b79d313315d2030adb6cfcbb78ddf78c731bb29c9b7e74f", "8deac01f364bdd60a29d2385f3553ae181a2b37f9f8793ca163de7e50a5d0603", "ce191b65e2561192f86e3cc1203eac5905716ea931d9643207bece43d7bb927c", "ddb3d1524e2951e0c194dade6c8aaf4af115e049454011951e754c6bfeffa7e7", "e03cd6c401eaea3f3979c3a968c8d86f95971102280c3c9c07555f183983368b"], "name": "DC_MUTEX-<random, matching [A-Z0-9]{7}>"}, {"hashes": ["5d3a530dc4e2239faff995c18198c52c43c5611e97c85d9f6d8153ad17c95ac8", "8a59869489013c041b79d313315d2030adb6cfcbb78ddf78c731bb29c9b7e74f", "ce191b65e2561192f86e3cc1203eac5905716ea931d9643207bece43d7bb927c"], "name": "DCPERSFWBP"}, {"hashes": ["b2eb151175905dbe1798d4052078de1ae3685e874b790175faf427c8e7981b11", "cae04ea9a81ce99fe9852967df998f3fda7c9f6df4fb028fc5a56827966e4a12"], "name": "DCMIN_MUTEX-ZDY0P6P"}, {"hashes": ["3c69bc8c19135271b0a5351654fa3905409f966a3190c660944a3071b73d6f67"], "name": "Global\\27d1fa40-3def-11ed-9660-001517b8248a"}, {"hashes": ["f76a9981c1aaf80aa7697887a25b0af110080b1871eba5a4123ed98c4636c183"], "name": "DCMIN_MUTEX-BMAZJU1"}, {"hashes": ["1ee3ae7119ccc045cefe6de4f99f2da69f05d244bfef964795a9e9b08163ad97"], "name": "DCMIN_MUTEX-MG8WJXZ"}], "registry": [{"hashes": ["1ee3ae7119ccc045cefe6de4f99f2da69f05d244bfef964795a9e9b08163ad97", "2d197747e2c5dc2d172bc08b1e7f3c1adf070c342acf4d524bfdbd8b1b5597fc", "39394d1402d67eeaa0e5dbe61c39ddb887d967580ce519f0d894e6925dd15da2", "3ade4b5dacf560174f328d37199a1587b815648c677ff60905a1749ae2709bdf", "3ddf068df01a2a27689c0386d1628dd73e78e662da9c578c2e0de46e3384c7d7", "49b6c061933b71658c922c59a0875de71f39658f8eb6fee4493edc7ee16025a8", "52f80fa0b078474e2c96e6127c4d14ea37c6045fbba9c26b36d2f4176408f020", "565c7f5cbaa6186e1f354dccf3b282876e5b0d3e4a16c47775928eec17bd031b", "5d3a530dc4e2239faff995c18198c52c43c5611e97c85d9f6d8153ad17c95ac8", "69fb8a4b0dcf843b488925a12a664f506866b4def4306a5b95d02f0ac57c5bb0", "764a0fbece5bfbd92ad83afcdb96beeeacd9175fedfdd5bb2a177bf0ec1ab2ba", "769bfa392f99e29441cdbfb9a47024806f2574afde5822bddb8e25b712293500", "8a59869489013c041b79d313315d2030adb6cfcbb78ddf78c731bb29c9b7e74f", "8deac01f364bdd60a29d2385f3553ae181a2b37f9f8793ca163de7e50a5d0603", "b2eb151175905dbe1798d4052078de1ae3685e874b790175faf427c8e7981b11", "cae04ea9a81ce99fe9852967df998f3fda7c9f6df4fb028fc5a56827966e4a12", "ce191b65e2561192f86e3cc1203eac5905716ea931d9643207bece43d7bb927c", "ddb3d1524e2951e0c194dade6c8aaf4af115e049454011951e754c6bfeffa7e7", "e03cd6c401eaea3f3979c3a968c8d86f95971102280c3c9c07555f183983368b", "f02897fc5ec543ee341e92ef6e33466e6903204695d5422edf762df3f8c863eb", "f76a9981c1aaf80aa7697887a25b0af110080b1871eba5a4123ed98c4636c183", "ff3f26a70e9dd751e0916718d8fa35d37011829501eeedbff292f779fc5093f5"], "key": "<HKCU>\\SOFTWARE\\DC3_FEXEC", "value_name": null}, {"hashes": ["39394d1402d67eeaa0e5dbe61c39ddb887d967580ce519f0d894e6925dd15da2", "3ade4b5dacf560174f328d37199a1587b815648c677ff60905a1749ae2709bdf", "3ddf068df01a2a27689c0386d1628dd73e78e662da9c578c2e0de46e3384c7d7", "52f80fa0b078474e2c96e6127c4d14ea37c6045fbba9c26b36d2f4176408f020", "565c7f5cbaa6186e1f354dccf3b282876e5b0d3e4a16c47775928eec17bd031b", "69fb8a4b0dcf843b488925a12a664f506866b4def4306a5b95d02f0ac57c5bb0", "764a0fbece5bfbd92ad83afcdb96beeeacd9175fedfdd5bb2a177bf0ec1ab2ba", "769bfa392f99e29441cdbfb9a47024806f2574afde5822bddb8e25b712293500", "f02897fc5ec543ee341e92ef6e33466e6903204695d5422edf762df3f8c863eb", "ff3f26a70e9dd751e0916718d8fa35d37011829501eeedbff292f779fc5093f5"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINLOGON", "value_name": "UserInit"}, {"hashes": ["39394d1402d67eeaa0e5dbe61c39ddb887d967580ce519f0d894e6925dd15da2", "3ade4b5dacf560174f328d37199a1587b815648c677ff60905a1749ae2709bdf", "3ddf068df01a2a27689c0386d1628dd73e78e662da9c578c2e0de46e3384c7d7", "764a0fbece5bfbd92ad83afcdb96beeeacd9175fedfdd5bb2a177bf0ec1ab2ba", "f02897fc5ec543ee341e92ef6e33466e6903204695d5422edf762df3f8c863eb", "ff3f26a70e9dd751e0916718d8fa35d37011829501eeedbff292f779fc5093f5"], "key": "<HKCR>\\LOCAL SETTINGS\\MUICACHE\\82\\52C64B7E", "value_name": "LanguageList"}, {"hashes": ["3ade4b5dacf560174f328d37199a1587b815648c677ff60905a1749ae2709bdf", "52f80fa0b078474e2c96e6127c4d14ea37c6045fbba9c26b36d2f4176408f020", "565c7f5cbaa6186e1f354dccf3b282876e5b0d3e4a16c47775928eec17bd031b", "69fb8a4b0dcf843b488925a12a664f506866b4def4306a5b95d02f0ac57c5bb0", "769bfa392f99e29441cdbfb9a47024806f2574afde5822bddb8e25b712293500"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "DarkComet RAT"}, {"hashes": ["5d3a530dc4e2239faff995c18198c52c43c5611e97c85d9f6d8153ad17c95ac8", "8a59869489013c041b79d313315d2030adb6cfcbb78ddf78c731bb29c9b7e74f", "ce191b65e2561192f86e3cc1203eac5905716ea931d9643207bece43d7bb927c"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\SYSTEM", "value_name": "EnableLUA"}, {"hashes": ["5d3a530dc4e2239faff995c18198c52c43c5611e97c85d9f6d8153ad17c95ac8", "8a59869489013c041b79d313315d2030adb6cfcbb78ddf78c731bb29c9b7e74f", "ce191b65e2561192f86e3cc1203eac5905716ea931d9643207bece43d7bb927c"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\SECURITY CENTER", "value_name": "AntiVirusDisableNotify"}, {"hashes": ["5d3a530dc4e2239faff995c18198c52c43c5611e97c85d9f6d8153ad17c95ac8", "8a59869489013c041b79d313315d2030adb6cfcbb78ddf78c731bb29c9b7e74f", "ce191b65e2561192f86e3cc1203eac5905716ea931d9643207bece43d7bb927c"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\SECURITY CENTER", "value_name": "UpdatesDisableNotify"}, {"hashes": ["39394d1402d67eeaa0e5dbe61c39ddb887d967580ce519f0d894e6925dd15da2", "3ddf068df01a2a27689c0386d1628dd73e78e662da9c578c2e0de46e3384c7d7", "ff3f26a70e9dd751e0916718d8fa35d37011829501eeedbff292f779fc5093f5"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "MicroUpdate"}, {"hashes": ["5d3a530dc4e2239faff995c18198c52c43c5611e97c85d9f6d8153ad17c95ac8", "8a59869489013c041b79d313315d2030adb6cfcbb78ddf78c731bb29c9b7e74f", "ce191b65e2561192f86e3cc1203eac5905716ea931d9643207bece43d7bb927c"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\SYSTEM", "value_name": null}, {"hashes": ["5d3a530dc4e2239faff995c18198c52c43c5611e97c85d9f6d8153ad17c95ac8", "ce191b65e2561192f86e3cc1203eac5905716ea931d9643207bece43d7bb927c"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\SHAREDACCESS\\PARAMETERS\\FIREWALLPOLICY\\STANDARDPROFILE", "value_name": "EnableFirewall"}, {"hashes": ["5d3a530dc4e2239faff995c18198c52c43c5611e97c85d9f6d8153ad17c95ac8", "ce191b65e2561192f86e3cc1203eac5905716ea931d9643207bece43d7bb927c"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\SHAREDACCESS\\PARAMETERS\\FIREWALLPOLICY\\STANDARDPROFILE", "value_name": "DisableNotifications"}, {"hashes": ["5d3a530dc4e2239faff995c18198c52c43c5611e97c85d9f6d8153ad17c95ac8", "ce191b65e2561192f86e3cc1203eac5905716ea931d9643207bece43d7bb927c"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WSCSVC", "value_name": "Start"}, {"hashes": ["8a59869489013c041b79d313315d2030adb6cfcbb78ddf78c731bb29c9b7e74f", "ce191b65e2561192f86e3cc1203eac5905716ea931d9643207bece43d7bb927c"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\SYSTEM", "value_name": "DisableRegistryTools"}, {"hashes": ["764a0fbece5bfbd92ad83afcdb96beeeacd9175fedfdd5bb2a177bf0ec1ab2ba", "f02897fc5ec543ee341e92ef6e33466e6903204695d5422edf762df3f8c863eb"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "rundll32"}, {"hashes": ["ce191b65e2561192f86e3cc1203eac5905716ea931d9643207bece43d7bb927c"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\SYSTEM", "value_name": "DisableTaskMgr"}]}, "reports_count": 23}, "Win.Packed.Upatre-9982083-0": {"bis": [{"bi": "memory-execute-readwrite", "hashes": ["2319c3f4c8a8d8fd332eb5a5465c8c217d37930a611d7c9aa8971d273fb75d74", "262d2e9044037fae2b213d3c4d85e1a22712a4af3c4ded3fd4866879c890a89d", "2adf5eeec4f05e65a240f3eb24479e665c54feb0053d772a5988531a63bb8425", "254349f4f682c7a562c562577b26c2ce3234cbc34b0412e6cb3865ca25c86cb1", "24a9743e5e7368323e8b0a810a7bb5d3e81dc9e73a986f09f442e39462e671e7", "1be0f73ec48241a860f6551b37c5f732f2f96ff111632837906a143deac311c2", "2878a00aa44232ea17f41e4d8284699bbe8765fdbadc516955ffc8ae93cc7add", "0332d56c48dff801d3c4db04b9b7bc67b3b0c37481c912f8e5efebe25c65379f", "2b447b52389bbd40e5d51244895e6deee21e7da0c507fd99e9d1b8d29993e376", "0b131013bbe7553832b45a6540c4be22c452a244ef432f7b6fddb47d5b1c2cf3", "0ad75143ea7b45a1e39d847d54c5bbde5ceb2b18843b52babe8574ca401e4db7", "14ee75574d7c50b36e0a606d910f393926becb99d0703ea403f207bf6cb06918", "15991e724ad40738bf12809d976053842ce01ed3922e49d501630adebc80e128", "19be03d1da5974890f083a5e2c014939ade91bc034c9eb6a88806a321232f9be", "23d3f205a2dbd4c71638daae0e45c65d52b6729c506ac5ba4bfc7901075c8dae", "0be4b37c4717d53925486df11d9c527be53ea4290c585187bfdafc055aa8f3ff", "00a70ad787f7835979f4a4910c536b65cedcfdf999694baa561238bb1372c211", "18a7a9ada7800ab1df038b7e0957c4aa8deba79dfdec0e390d75e964ee9b1853", "1cba83c1febd55426cca9fa581121acb3b54368642230a0cbfb067d82a133089", "0fa4711a0c9e7dfc2135a0c7e9407691bf5677b1b1640e250abdc5db4a09f629", "0ab323a07848436a04a728c2d676d1315f5402c3d6e21e17a9e6edd648f795de", "819209f2cb6607f1b1a28057ac09fcd3944babf98f819f916c0db01de4440ac0", "1badcfc36cb64a1e931be9768d92cf991edcd2b04d61b22bd36e87e07700f4bd", "1d346fc64f792be85c3b438f75085a4ffe499226d194c14518ba38a9f5322623", "1647d865e07ebfb89fa02898b63b0ea9c2ffa14455364081d3bdc4a56e06cfcc", "cbcc91ad8bea757a5789916fa5e3c9a894302a4902097f61f948771c285a3e6f", "576862593b36670b0abdb10b56f3fe0de91f13a83f7e64a5d9119764a151017c", "06e7cf4d404e6b3c4966658605178b7f27b97fa65b86ed3fe5ed7ba189ff074e", "6e630506ef4171ba5f29af324cc2f6a54679b8abc36e055150b2140160a552ea"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["2319c3f4c8a8d8fd332eb5a5465c8c217d37930a611d7c9aa8971d273fb75d74", "262d2e9044037fae2b213d3c4d85e1a22712a4af3c4ded3fd4866879c890a89d", "2adf5eeec4f05e65a240f3eb24479e665c54feb0053d772a5988531a63bb8425", "254349f4f682c7a562c562577b26c2ce3234cbc34b0412e6cb3865ca25c86cb1", "24a9743e5e7368323e8b0a810a7bb5d3e81dc9e73a986f09f442e39462e671e7", "1be0f73ec48241a860f6551b37c5f732f2f96ff111632837906a143deac311c2", "2878a00aa44232ea17f41e4d8284699bbe8765fdbadc516955ffc8ae93cc7add", "0332d56c48dff801d3c4db04b9b7bc67b3b0c37481c912f8e5efebe25c65379f", "2b447b52389bbd40e5d51244895e6deee21e7da0c507fd99e9d1b8d29993e376", "0b131013bbe7553832b45a6540c4be22c452a244ef432f7b6fddb47d5b1c2cf3", "0ad75143ea7b45a1e39d847d54c5bbde5ceb2b18843b52babe8574ca401e4db7", "14ee75574d7c50b36e0a606d910f393926becb99d0703ea403f207bf6cb06918", "15991e724ad40738bf12809d976053842ce01ed3922e49d501630adebc80e128", "19be03d1da5974890f083a5e2c014939ade91bc034c9eb6a88806a321232f9be", "23d3f205a2dbd4c71638daae0e45c65d52b6729c506ac5ba4bfc7901075c8dae", "0be4b37c4717d53925486df11d9c527be53ea4290c585187bfdafc055aa8f3ff", "00a70ad787f7835979f4a4910c536b65cedcfdf999694baa561238bb1372c211", "18a7a9ada7800ab1df038b7e0957c4aa8deba79dfdec0e390d75e964ee9b1853", "1cba83c1febd55426cca9fa581121acb3b54368642230a0cbfb067d82a133089", "0fa4711a0c9e7dfc2135a0c7e9407691bf5677b1b1640e250abdc5db4a09f629", "0ab323a07848436a04a728c2d676d1315f5402c3d6e21e17a9e6edd648f795de", "819209f2cb6607f1b1a28057ac09fcd3944babf98f819f916c0db01de4440ac0", "1badcfc36cb64a1e931be9768d92cf991edcd2b04d61b22bd36e87e07700f4bd", "1d346fc64f792be85c3b438f75085a4ffe499226d194c14518ba38a9f5322623", "1647d865e07ebfb89fa02898b63b0ea9c2ffa14455364081d3bdc4a56e06cfcc", "cbcc91ad8bea757a5789916fa5e3c9a894302a4902097f61f948771c285a3e6f", "576862593b36670b0abdb10b56f3fe0de91f13a83f7e64a5d9119764a151017c", "06e7cf4d404e6b3c4966658605178b7f27b97fa65b86ed3fe5ed7ba189ff074e", "6e630506ef4171ba5f29af324cc2f6a54679b8abc36e055150b2140160a552ea"], "mitre_attack_tags": []}, {"bi": "pe-invalid-checksum", "hashes": ["2319c3f4c8a8d8fd332eb5a5465c8c217d37930a611d7c9aa8971d273fb75d74", "262d2e9044037fae2b213d3c4d85e1a22712a4af3c4ded3fd4866879c890a89d", "2adf5eeec4f05e65a240f3eb24479e665c54feb0053d772a5988531a63bb8425", "254349f4f682c7a562c562577b26c2ce3234cbc34b0412e6cb3865ca25c86cb1", "24a9743e5e7368323e8b0a810a7bb5d3e81dc9e73a986f09f442e39462e671e7", "1be0f73ec48241a860f6551b37c5f732f2f96ff111632837906a143deac311c2", "2878a00aa44232ea17f41e4d8284699bbe8765fdbadc516955ffc8ae93cc7add", "0332d56c48dff801d3c4db04b9b7bc67b3b0c37481c912f8e5efebe25c65379f", "2b447b52389bbd40e5d51244895e6deee21e7da0c507fd99e9d1b8d29993e376", "0b131013bbe7553832b45a6540c4be22c452a244ef432f7b6fddb47d5b1c2cf3", "0ad75143ea7b45a1e39d847d54c5bbde5ceb2b18843b52babe8574ca401e4db7", "14ee75574d7c50b36e0a606d910f393926becb99d0703ea403f207bf6cb06918", "15991e724ad40738bf12809d976053842ce01ed3922e49d501630adebc80e128", "19be03d1da5974890f083a5e2c014939ade91bc034c9eb6a88806a321232f9be", "23d3f205a2dbd4c71638daae0e45c65d52b6729c506ac5ba4bfc7901075c8dae", "0be4b37c4717d53925486df11d9c527be53ea4290c585187bfdafc055aa8f3ff", "00a70ad787f7835979f4a4910c536b65cedcfdf999694baa561238bb1372c211", "18a7a9ada7800ab1df038b7e0957c4aa8deba79dfdec0e390d75e964ee9b1853", "1cba83c1febd55426cca9fa581121acb3b54368642230a0cbfb067d82a133089", "0fa4711a0c9e7dfc2135a0c7e9407691bf5677b1b1640e250abdc5db4a09f629", "0ab323a07848436a04a728c2d676d1315f5402c3d6e21e17a9e6edd648f795de", "819209f2cb6607f1b1a28057ac09fcd3944babf98f819f916c0db01de4440ac0", "1badcfc36cb64a1e931be9768d92cf991edcd2b04d61b22bd36e87e07700f4bd", "1d346fc64f792be85c3b438f75085a4ffe499226d194c14518ba38a9f5322623", "1647d865e07ebfb89fa02898b63b0ea9c2ffa14455364081d3bdc4a56e06cfcc", "cbcc91ad8bea757a5789916fa5e3c9a894302a4902097f61f948771c285a3e6f", "576862593b36670b0abdb10b56f3fe0de91f13a83f7e64a5d9119764a151017c", "06e7cf4d404e6b3c4966658605178b7f27b97fa65b86ed3fe5ed7ba189ff074e", "6e630506ef4171ba5f29af324cc2f6a54679b8abc36e055150b2140160a552ea"], "mitre_attack_tags": []}, {"bi": "imports-IsDebuggerPresent", "hashes": ["2319c3f4c8a8d8fd332eb5a5465c8c217d37930a611d7c9aa8971d273fb75d74", "262d2e9044037fae2b213d3c4d85e1a22712a4af3c4ded3fd4866879c890a89d", "2adf5eeec4f05e65a240f3eb24479e665c54feb0053d772a5988531a63bb8425", "254349f4f682c7a562c562577b26c2ce3234cbc34b0412e6cb3865ca25c86cb1", "24a9743e5e7368323e8b0a810a7bb5d3e81dc9e73a986f09f442e39462e671e7", "1be0f73ec48241a860f6551b37c5f732f2f96ff111632837906a143deac311c2", "2878a00aa44232ea17f41e4d8284699bbe8765fdbadc516955ffc8ae93cc7add", "0332d56c48dff801d3c4db04b9b7bc67b3b0c37481c912f8e5efebe25c65379f", "2b447b52389bbd40e5d51244895e6deee21e7da0c507fd99e9d1b8d29993e376", "0b131013bbe7553832b45a6540c4be22c452a244ef432f7b6fddb47d5b1c2cf3", "0ad75143ea7b45a1e39d847d54c5bbde5ceb2b18843b52babe8574ca401e4db7", "14ee75574d7c50b36e0a606d910f393926becb99d0703ea403f207bf6cb06918", "15991e724ad40738bf12809d976053842ce01ed3922e49d501630adebc80e128", "19be03d1da5974890f083a5e2c014939ade91bc034c9eb6a88806a321232f9be", "23d3f205a2dbd4c71638daae0e45c65d52b6729c506ac5ba4bfc7901075c8dae", "0be4b37c4717d53925486df11d9c527be53ea4290c585187bfdafc055aa8f3ff", "00a70ad787f7835979f4a4910c536b65cedcfdf999694baa561238bb1372c211", "18a7a9ada7800ab1df038b7e0957c4aa8deba79dfdec0e390d75e964ee9b1853", "1cba83c1febd55426cca9fa581121acb3b54368642230a0cbfb067d82a133089", "0fa4711a0c9e7dfc2135a0c7e9407691bf5677b1b1640e250abdc5db4a09f629", "0ab323a07848436a04a728c2d676d1315f5402c3d6e21e17a9e6edd648f795de", "819209f2cb6607f1b1a28057ac09fcd3944babf98f819f916c0db01de4440ac0", "1badcfc36cb64a1e931be9768d92cf991edcd2b04d61b22bd36e87e07700f4bd", "1d346fc64f792be85c3b438f75085a4ffe499226d194c14518ba38a9f5322623", "1647d865e07ebfb89fa02898b63b0ea9c2ffa14455364081d3bdc4a56e06cfcc", "cbcc91ad8bea757a5789916fa5e3c9a894302a4902097f61f948771c285a3e6f", "576862593b36670b0abdb10b56f3fe0de91f13a83f7e64a5d9119764a151017c", "06e7cf4d404e6b3c4966658605178b7f27b97fa65b86ed3fe5ed7ba189ff074e", "6e630506ef4171ba5f29af324cc2f6a54679b8abc36e055150b2140160a552ea"], "mitre_attack_tags": ["TA0005", "TA0007"]}, {"bi": "pe-uses-fasm", "hashes": ["2319c3f4c8a8d8fd332eb5a5465c8c217d37930a611d7c9aa8971d273fb75d74", "262d2e9044037fae2b213d3c4d85e1a22712a4af3c4ded3fd4866879c890a89d", "2adf5eeec4f05e65a240f3eb24479e665c54feb0053d772a5988531a63bb8425", "254349f4f682c7a562c562577b26c2ce3234cbc34b0412e6cb3865ca25c86cb1", "24a9743e5e7368323e8b0a810a7bb5d3e81dc9e73a986f09f442e39462e671e7", "1be0f73ec48241a860f6551b37c5f732f2f96ff111632837906a143deac311c2", "2878a00aa44232ea17f41e4d8284699bbe8765fdbadc516955ffc8ae93cc7add", "0332d56c48dff801d3c4db04b9b7bc67b3b0c37481c912f8e5efebe25c65379f", "2b447b52389bbd40e5d51244895e6deee21e7da0c507fd99e9d1b8d29993e376", "0b131013bbe7553832b45a6540c4be22c452a244ef432f7b6fddb47d5b1c2cf3", "0ad75143ea7b45a1e39d847d54c5bbde5ceb2b18843b52babe8574ca401e4db7", "14ee75574d7c50b36e0a606d910f393926becb99d0703ea403f207bf6cb06918", "15991e724ad40738bf12809d976053842ce01ed3922e49d501630adebc80e128", "19be03d1da5974890f083a5e2c014939ade91bc034c9eb6a88806a321232f9be", "23d3f205a2dbd4c71638daae0e45c65d52b6729c506ac5ba4bfc7901075c8dae", "0be4b37c4717d53925486df11d9c527be53ea4290c585187bfdafc055aa8f3ff", "00a70ad787f7835979f4a4910c536b65cedcfdf999694baa561238bb1372c211", "18a7a9ada7800ab1df038b7e0957c4aa8deba79dfdec0e390d75e964ee9b1853", "1cba83c1febd55426cca9fa581121acb3b54368642230a0cbfb067d82a133089", "0fa4711a0c9e7dfc2135a0c7e9407691bf5677b1b1640e250abdc5db4a09f629", "0ab323a07848436a04a728c2d676d1315f5402c3d6e21e17a9e6edd648f795de", "819209f2cb6607f1b1a28057ac09fcd3944babf98f819f916c0db01de4440ac0", "1badcfc36cb64a1e931be9768d92cf991edcd2b04d61b22bd36e87e07700f4bd", "1d346fc64f792be85c3b438f75085a4ffe499226d194c14518ba38a9f5322623", "1647d865e07ebfb89fa02898b63b0ea9c2ffa14455364081d3bdc4a56e06cfcc", "cbcc91ad8bea757a5789916fa5e3c9a894302a4902097f61f948771c285a3e6f", "576862593b36670b0abdb10b56f3fe0de91f13a83f7e64a5d9119764a151017c", "06e7cf4d404e6b3c4966658605178b7f27b97fa65b86ed3fe5ed7ba189ff074e", "6e630506ef4171ba5f29af324cc2f6a54679b8abc36e055150b2140160a552ea"], "mitre_attack_tags": []}, {"bi": "modified-executable", "hashes": ["2319c3f4c8a8d8fd332eb5a5465c8c217d37930a611d7c9aa8971d273fb75d74", "262d2e9044037fae2b213d3c4d85e1a22712a4af3c4ded3fd4866879c890a89d", "2adf5eeec4f05e65a240f3eb24479e665c54feb0053d772a5988531a63bb8425", "254349f4f682c7a562c562577b26c2ce3234cbc34b0412e6cb3865ca25c86cb1", "24a9743e5e7368323e8b0a810a7bb5d3e81dc9e73a986f09f442e39462e671e7", "1be0f73ec48241a860f6551b37c5f732f2f96ff111632837906a143deac311c2", "2878a00aa44232ea17f41e4d8284699bbe8765fdbadc516955ffc8ae93cc7add", "0332d56c48dff801d3c4db04b9b7bc67b3b0c37481c912f8e5efebe25c65379f", "2b447b52389bbd40e5d51244895e6deee21e7da0c507fd99e9d1b8d29993e376", "0b131013bbe7553832b45a6540c4be22c452a244ef432f7b6fddb47d5b1c2cf3", "0ad75143ea7b45a1e39d847d54c5bbde5ceb2b18843b52babe8574ca401e4db7", "14ee75574d7c50b36e0a606d910f393926becb99d0703ea403f207bf6cb06918", "15991e724ad40738bf12809d976053842ce01ed3922e49d501630adebc80e128", "19be03d1da5974890f083a5e2c014939ade91bc034c9eb6a88806a321232f9be", "23d3f205a2dbd4c71638daae0e45c65d52b6729c506ac5ba4bfc7901075c8dae", "0be4b37c4717d53925486df11d9c527be53ea4290c585187bfdafc055aa8f3ff", "00a70ad787f7835979f4a4910c536b65cedcfdf999694baa561238bb1372c211", "18a7a9ada7800ab1df038b7e0957c4aa8deba79dfdec0e390d75e964ee9b1853", "1cba83c1febd55426cca9fa581121acb3b54368642230a0cbfb067d82a133089", "0fa4711a0c9e7dfc2135a0c7e9407691bf5677b1b1640e250abdc5db4a09f629", "0ab323a07848436a04a728c2d676d1315f5402c3d6e21e17a9e6edd648f795de", "819209f2cb6607f1b1a28057ac09fcd3944babf98f819f916c0db01de4440ac0", "1badcfc36cb64a1e931be9768d92cf991edcd2b04d61b22bd36e87e07700f4bd", "1d346fc64f792be85c3b438f75085a4ffe499226d194c14518ba38a9f5322623", "1647d865e07ebfb89fa02898b63b0ea9c2ffa14455364081d3bdc4a56e06cfcc", "cbcc91ad8bea757a5789916fa5e3c9a894302a4902097f61f948771c285a3e6f", "576862593b36670b0abdb10b56f3fe0de91f13a83f7e64a5d9119764a151017c", "06e7cf4d404e6b3c4966658605178b7f27b97fa65b86ed3fe5ed7ba189ff074e"], "mitre_attack_tags": []}, {"bi": "created-executable-in-user-dir", "hashes": ["2319c3f4c8a8d8fd332eb5a5465c8c217d37930a611d7c9aa8971d273fb75d74", "262d2e9044037fae2b213d3c4d85e1a22712a4af3c4ded3fd4866879c890a89d", "2adf5eeec4f05e65a240f3eb24479e665c54feb0053d772a5988531a63bb8425", "254349f4f682c7a562c562577b26c2ce3234cbc34b0412e6cb3865ca25c86cb1", "24a9743e5e7368323e8b0a810a7bb5d3e81dc9e73a986f09f442e39462e671e7", "1be0f73ec48241a860f6551b37c5f732f2f96ff111632837906a143deac311c2", "2878a00aa44232ea17f41e4d8284699bbe8765fdbadc516955ffc8ae93cc7add", "0332d56c48dff801d3c4db04b9b7bc67b3b0c37481c912f8e5efebe25c65379f", "2b447b52389bbd40e5d51244895e6deee21e7da0c507fd99e9d1b8d29993e376", "0b131013bbe7553832b45a6540c4be22c452a244ef432f7b6fddb47d5b1c2cf3", "0ad75143ea7b45a1e39d847d54c5bbde5ceb2b18843b52babe8574ca401e4db7", "14ee75574d7c50b36e0a606d910f393926becb99d0703ea403f207bf6cb06918", "15991e724ad40738bf12809d976053842ce01ed3922e49d501630adebc80e128", "19be03d1da5974890f083a5e2c014939ade91bc034c9eb6a88806a321232f9be", "23d3f205a2dbd4c71638daae0e45c65d52b6729c506ac5ba4bfc7901075c8dae", "0be4b37c4717d53925486df11d9c527be53ea4290c585187bfdafc055aa8f3ff", "00a70ad787f7835979f4a4910c536b65cedcfdf999694baa561238bb1372c211", "18a7a9ada7800ab1df038b7e0957c4aa8deba79dfdec0e390d75e964ee9b1853", "1cba83c1febd55426cca9fa581121acb3b54368642230a0cbfb067d82a133089", "0fa4711a0c9e7dfc2135a0c7e9407691bf5677b1b1640e250abdc5db4a09f629", "0ab323a07848436a04a728c2d676d1315f5402c3d6e21e17a9e6edd648f795de", "819209f2cb6607f1b1a28057ac09fcd3944babf98f819f916c0db01de4440ac0", "1badcfc36cb64a1e931be9768d92cf991edcd2b04d61b22bd36e87e07700f4bd", "1d346fc64f792be85c3b438f75085a4ffe499226d194c14518ba38a9f5322623", "1647d865e07ebfb89fa02898b63b0ea9c2ffa14455364081d3bdc4a56e06cfcc", "cbcc91ad8bea757a5789916fa5e3c9a894302a4902097f61f948771c285a3e6f", "576862593b36670b0abdb10b56f3fe0de91f13a83f7e64a5d9119764a151017c", "06e7cf4d404e6b3c4966658605178b7f27b97fa65b86ed3fe5ed7ba189ff074e"], "mitre_attack_tags": []}, {"bi": "modified-file-in-user-dir", "hashes": ["2319c3f4c8a8d8fd332eb5a5465c8c217d37930a611d7c9aa8971d273fb75d74", "262d2e9044037fae2b213d3c4d85e1a22712a4af3c4ded3fd4866879c890a89d", "2adf5eeec4f05e65a240f3eb24479e665c54feb0053d772a5988531a63bb8425", "254349f4f682c7a562c562577b26c2ce3234cbc34b0412e6cb3865ca25c86cb1", "24a9743e5e7368323e8b0a810a7bb5d3e81dc9e73a986f09f442e39462e671e7", "1be0f73ec48241a860f6551b37c5f732f2f96ff111632837906a143deac311c2", "2878a00aa44232ea17f41e4d8284699bbe8765fdbadc516955ffc8ae93cc7add", "0332d56c48dff801d3c4db04b9b7bc67b3b0c37481c912f8e5efebe25c65379f", "2b447b52389bbd40e5d51244895e6deee21e7da0c507fd99e9d1b8d29993e376", "0b131013bbe7553832b45a6540c4be22c452a244ef432f7b6fddb47d5b1c2cf3", "0ad75143ea7b45a1e39d847d54c5bbde5ceb2b18843b52babe8574ca401e4db7", "14ee75574d7c50b36e0a606d910f393926becb99d0703ea403f207bf6cb06918", "15991e724ad40738bf12809d976053842ce01ed3922e49d501630adebc80e128", "19be03d1da5974890f083a5e2c014939ade91bc034c9eb6a88806a321232f9be", "23d3f205a2dbd4c71638daae0e45c65d52b6729c506ac5ba4bfc7901075c8dae", "0be4b37c4717d53925486df11d9c527be53ea4290c585187bfdafc055aa8f3ff", "00a70ad787f7835979f4a4910c536b65cedcfdf999694baa561238bb1372c211", "18a7a9ada7800ab1df038b7e0957c4aa8deba79dfdec0e390d75e964ee9b1853", "1cba83c1febd55426cca9fa581121acb3b54368642230a0cbfb067d82a133089", "0fa4711a0c9e7dfc2135a0c7e9407691bf5677b1b1640e250abdc5db4a09f629", "0ab323a07848436a04a728c2d676d1315f5402c3d6e21e17a9e6edd648f795de", "819209f2cb6607f1b1a28057ac09fcd3944babf98f819f916c0db01de4440ac0", "1badcfc36cb64a1e931be9768d92cf991edcd2b04d61b22bd36e87e07700f4bd", "1d346fc64f792be85c3b438f75085a4ffe499226d194c14518ba38a9f5322623", "1647d865e07ebfb89fa02898b63b0ea9c2ffa14455364081d3bdc4a56e06cfcc", "cbcc91ad8bea757a5789916fa5e3c9a894302a4902097f61f948771c285a3e6f", "576862593b36670b0abdb10b56f3fe0de91f13a83f7e64a5d9119764a151017c", "06e7cf4d404e6b3c4966658605178b7f27b97fa65b86ed3fe5ed7ba189ff074e"], "mitre_attack_tags": []}, {"bi": "network-fast-flux-domain", "hashes": ["2319c3f4c8a8d8fd332eb5a5465c8c217d37930a611d7c9aa8971d273fb75d74", "262d2e9044037fae2b213d3c4d85e1a22712a4af3c4ded3fd4866879c890a89d", "2adf5eeec4f05e65a240f3eb24479e665c54feb0053d772a5988531a63bb8425", "254349f4f682c7a562c562577b26c2ce3234cbc34b0412e6cb3865ca25c86cb1", "24a9743e5e7368323e8b0a810a7bb5d3e81dc9e73a986f09f442e39462e671e7", "1be0f73ec48241a860f6551b37c5f732f2f96ff111632837906a143deac311c2", "2878a00aa44232ea17f41e4d8284699bbe8765fdbadc516955ffc8ae93cc7add", "0332d56c48dff801d3c4db04b9b7bc67b3b0c37481c912f8e5efebe25c65379f", "2b447b52389bbd40e5d51244895e6deee21e7da0c507fd99e9d1b8d29993e376", "0b131013bbe7553832b45a6540c4be22c452a244ef432f7b6fddb47d5b1c2cf3", "0ad75143ea7b45a1e39d847d54c5bbde5ceb2b18843b52babe8574ca401e4db7", "14ee75574d7c50b36e0a606d910f393926becb99d0703ea403f207bf6cb06918", "15991e724ad40738bf12809d976053842ce01ed3922e49d501630adebc80e128", "19be03d1da5974890f083a5e2c014939ade91bc034c9eb6a88806a321232f9be", "23d3f205a2dbd4c71638daae0e45c65d52b6729c506ac5ba4bfc7901075c8dae", "0be4b37c4717d53925486df11d9c527be53ea4290c585187bfdafc055aa8f3ff", "00a70ad787f7835979f4a4910c536b65cedcfdf999694baa561238bb1372c211", "18a7a9ada7800ab1df038b7e0957c4aa8deba79dfdec0e390d75e964ee9b1853", "1cba83c1febd55426cca9fa581121acb3b54368642230a0cbfb067d82a133089", "0fa4711a0c9e7dfc2135a0c7e9407691bf5677b1b1640e250abdc5db4a09f629", "0ab323a07848436a04a728c2d676d1315f5402c3d6e21e17a9e6edd648f795de", "819209f2cb6607f1b1a28057ac09fcd3944babf98f819f916c0db01de4440ac0", "1badcfc36cb64a1e931be9768d92cf991edcd2b04d61b22bd36e87e07700f4bd", "1d346fc64f792be85c3b438f75085a4ffe499226d194c14518ba38a9f5322623", "1647d865e07ebfb89fa02898b63b0ea9c2ffa14455364081d3bdc4a56e06cfcc", "cbcc91ad8bea757a5789916fa5e3c9a894302a4902097f61f948771c285a3e6f", "576862593b36670b0abdb10b56f3fe0de91f13a83f7e64a5d9119764a151017c", "06e7cf4d404e6b3c4966658605178b7f27b97fa65b86ed3fe5ed7ba189ff074e"], "mitre_attack_tags": []}, {"bi": "network-communications-http-get", "hashes": ["2319c3f4c8a8d8fd332eb5a5465c8c217d37930a611d7c9aa8971d273fb75d74", "262d2e9044037fae2b213d3c4d85e1a22712a4af3c4ded3fd4866879c890a89d", "2adf5eeec4f05e65a240f3eb24479e665c54feb0053d772a5988531a63bb8425", "254349f4f682c7a562c562577b26c2ce3234cbc34b0412e6cb3865ca25c86cb1", "24a9743e5e7368323e8b0a810a7bb5d3e81dc9e73a986f09f442e39462e671e7", "1be0f73ec48241a860f6551b37c5f732f2f96ff111632837906a143deac311c2", "2878a00aa44232ea17f41e4d8284699bbe8765fdbadc516955ffc8ae93cc7add", "0332d56c48dff801d3c4db04b9b7bc67b3b0c37481c912f8e5efebe25c65379f", "2b447b52389bbd40e5d51244895e6deee21e7da0c507fd99e9d1b8d29993e376", "0b131013bbe7553832b45a6540c4be22c452a244ef432f7b6fddb47d5b1c2cf3", "0ad75143ea7b45a1e39d847d54c5bbde5ceb2b18843b52babe8574ca401e4db7", "14ee75574d7c50b36e0a606d910f393926becb99d0703ea403f207bf6cb06918", "15991e724ad40738bf12809d976053842ce01ed3922e49d501630adebc80e128", "19be03d1da5974890f083a5e2c014939ade91bc034c9eb6a88806a321232f9be", "23d3f205a2dbd4c71638daae0e45c65d52b6729c506ac5ba4bfc7901075c8dae", "0be4b37c4717d53925486df11d9c527be53ea4290c585187bfdafc055aa8f3ff", "00a70ad787f7835979f4a4910c536b65cedcfdf999694baa561238bb1372c211", "18a7a9ada7800ab1df038b7e0957c4aa8deba79dfdec0e390d75e964ee9b1853", "1cba83c1febd55426cca9fa581121acb3b54368642230a0cbfb067d82a133089", "0fa4711a0c9e7dfc2135a0c7e9407691bf5677b1b1640e250abdc5db4a09f629", "0ab323a07848436a04a728c2d676d1315f5402c3d6e21e17a9e6edd648f795de", "819209f2cb6607f1b1a28057ac09fcd3944babf98f819f916c0db01de4440ac0", "1badcfc36cb64a1e931be9768d92cf991edcd2b04d61b22bd36e87e07700f4bd", "1d346fc64f792be85c3b438f75085a4ffe499226d194c14518ba38a9f5322623", "1647d865e07ebfb89fa02898b63b0ea9c2ffa14455364081d3bdc4a56e06cfcc", "cbcc91ad8bea757a5789916fa5e3c9a894302a4902097f61f948771c285a3e6f", "576862593b36670b0abdb10b56f3fe0de91f13a83f7e64a5d9119764a151017c", "06e7cf4d404e6b3c4966658605178b7f27b97fa65b86ed3fe5ed7ba189ff074e"], "mitre_attack_tags": ["TA0011", "T1105"]}, {"bi": "network-only-safe-domains-contacted", "hashes": ["2319c3f4c8a8d8fd332eb5a5465c8c217d37930a611d7c9aa8971d273fb75d74", "262d2e9044037fae2b213d3c4d85e1a22712a4af3c4ded3fd4866879c890a89d", "2adf5eeec4f05e65a240f3eb24479e665c54feb0053d772a5988531a63bb8425", "254349f4f682c7a562c562577b26c2ce3234cbc34b0412e6cb3865ca25c86cb1", "24a9743e5e7368323e8b0a810a7bb5d3e81dc9e73a986f09f442e39462e671e7", "1be0f73ec48241a860f6551b37c5f732f2f96ff111632837906a143deac311c2", "2878a00aa44232ea17f41e4d8284699bbe8765fdbadc516955ffc8ae93cc7add", "0332d56c48dff801d3c4db04b9b7bc67b3b0c37481c912f8e5efebe25c65379f", "2b447b52389bbd40e5d51244895e6deee21e7da0c507fd99e9d1b8d29993e376", "0b131013bbe7553832b45a6540c4be22c452a244ef432f7b6fddb47d5b1c2cf3", "0ad75143ea7b45a1e39d847d54c5bbde5ceb2b18843b52babe8574ca401e4db7", "14ee75574d7c50b36e0a606d910f393926becb99d0703ea403f207bf6cb06918", "15991e724ad40738bf12809d976053842ce01ed3922e49d501630adebc80e128", "19be03d1da5974890f083a5e2c014939ade91bc034c9eb6a88806a321232f9be", "23d3f205a2dbd4c71638daae0e45c65d52b6729c506ac5ba4bfc7901075c8dae", "0be4b37c4717d53925486df11d9c527be53ea4290c585187bfdafc055aa8f3ff", "00a70ad787f7835979f4a4910c536b65cedcfdf999694baa561238bb1372c211", "18a7a9ada7800ab1df038b7e0957c4aa8deba79dfdec0e390d75e964ee9b1853", "1cba83c1febd55426cca9fa581121acb3b54368642230a0cbfb067d82a133089", "0fa4711a0c9e7dfc2135a0c7e9407691bf5677b1b1640e250abdc5db4a09f629", "0ab323a07848436a04a728c2d676d1315f5402c3d6e21e17a9e6edd648f795de", "819209f2cb6607f1b1a28057ac09fcd3944babf98f819f916c0db01de4440ac0", "1badcfc36cb64a1e931be9768d92cf991edcd2b04d61b22bd36e87e07700f4bd", "1d346fc64f792be85c3b438f75085a4ffe499226d194c14518ba38a9f5322623", "1647d865e07ebfb89fa02898b63b0ea9c2ffa14455364081d3bdc4a56e06cfcc", "cbcc91ad8bea757a5789916fa5e3c9a894302a4902097f61f948771c285a3e6f", "576862593b36670b0abdb10b56f3fe0de91f13a83f7e64a5d9119764a151017c", "06e7cf4d404e6b3c4966658605178b7f27b97fa65b86ed3fe5ed7ba189ff074e"], "mitre_attack_tags": []}, {"bi": "network-file-downloaded-to-disk", "hashes": ["2319c3f4c8a8d8fd332eb5a5465c8c217d37930a611d7c9aa8971d273fb75d74", "262d2e9044037fae2b213d3c4d85e1a22712a4af3c4ded3fd4866879c890a89d", "2adf5eeec4f05e65a240f3eb24479e665c54feb0053d772a5988531a63bb8425", "254349f4f682c7a562c562577b26c2ce3234cbc34b0412e6cb3865ca25c86cb1", "24a9743e5e7368323e8b0a810a7bb5d3e81dc9e73a986f09f442e39462e671e7", "1be0f73ec48241a860f6551b37c5f732f2f96ff111632837906a143deac311c2", "2878a00aa44232ea17f41e4d8284699bbe8765fdbadc516955ffc8ae93cc7add", "0332d56c48dff801d3c4db04b9b7bc67b3b0c37481c912f8e5efebe25c65379f", "2b447b52389bbd40e5d51244895e6deee21e7da0c507fd99e9d1b8d29993e376", "0b131013bbe7553832b45a6540c4be22c452a244ef432f7b6fddb47d5b1c2cf3", "0ad75143ea7b45a1e39d847d54c5bbde5ceb2b18843b52babe8574ca401e4db7", "14ee75574d7c50b36e0a606d910f393926becb99d0703ea403f207bf6cb06918", "15991e724ad40738bf12809d976053842ce01ed3922e49d501630adebc80e128", "19be03d1da5974890f083a5e2c014939ade91bc034c9eb6a88806a321232f9be", "23d3f205a2dbd4c71638daae0e45c65d52b6729c506ac5ba4bfc7901075c8dae", "0be4b37c4717d53925486df11d9c527be53ea4290c585187bfdafc055aa8f3ff", "00a70ad787f7835979f4a4910c536b65cedcfdf999694baa561238bb1372c211", "18a7a9ada7800ab1df038b7e0957c4aa8deba79dfdec0e390d75e964ee9b1853", "1cba83c1febd55426cca9fa581121acb3b54368642230a0cbfb067d82a133089", "0fa4711a0c9e7dfc2135a0c7e9407691bf5677b1b1640e250abdc5db4a09f629", "0ab323a07848436a04a728c2d676d1315f5402c3d6e21e17a9e6edd648f795de", "819209f2cb6607f1b1a28057ac09fcd3944babf98f819f916c0db01de4440ac0", "1badcfc36cb64a1e931be9768d92cf991edcd2b04d61b22bd36e87e07700f4bd", "1d346fc64f792be85c3b438f75085a4ffe499226d194c14518ba38a9f5322623", "1647d865e07ebfb89fa02898b63b0ea9c2ffa14455364081d3bdc4a56e06cfcc", "cbcc91ad8bea757a5789916fa5e3c9a894302a4902097f61f948771c285a3e6f", "576862593b36670b0abdb10b56f3fe0de91f13a83f7e64a5d9119764a151017c", "06e7cf4d404e6b3c4966658605178b7f27b97fa65b86ed3fe5ed7ba189ff074e"], "mitre_attack_tags": []}, {"bi": "suspicious-user-agent", "hashes": ["2319c3f4c8a8d8fd332eb5a5465c8c217d37930a611d7c9aa8971d273fb75d74", "262d2e9044037fae2b213d3c4d85e1a22712a4af3c4ded3fd4866879c890a89d", "2adf5eeec4f05e65a240f3eb24479e665c54feb0053d772a5988531a63bb8425", "254349f4f682c7a562c562577b26c2ce3234cbc34b0412e6cb3865ca25c86cb1", "24a9743e5e7368323e8b0a810a7bb5d3e81dc9e73a986f09f442e39462e671e7", "1be0f73ec48241a860f6551b37c5f732f2f96ff111632837906a143deac311c2", "2878a00aa44232ea17f41e4d8284699bbe8765fdbadc516955ffc8ae93cc7add", "0332d56c48dff801d3c4db04b9b7bc67b3b0c37481c912f8e5efebe25c65379f", "2b447b52389bbd40e5d51244895e6deee21e7da0c507fd99e9d1b8d29993e376", "0b131013bbe7553832b45a6540c4be22c452a244ef432f7b6fddb47d5b1c2cf3", "0ad75143ea7b45a1e39d847d54c5bbde5ceb2b18843b52babe8574ca401e4db7", "14ee75574d7c50b36e0a606d910f393926becb99d0703ea403f207bf6cb06918", "15991e724ad40738bf12809d976053842ce01ed3922e49d501630adebc80e128", "19be03d1da5974890f083a5e2c014939ade91bc034c9eb6a88806a321232f9be", "23d3f205a2dbd4c71638daae0e45c65d52b6729c506ac5ba4bfc7901075c8dae", "0be4b37c4717d53925486df11d9c527be53ea4290c585187bfdafc055aa8f3ff", "00a70ad787f7835979f4a4910c536b65cedcfdf999694baa561238bb1372c211", "18a7a9ada7800ab1df038b7e0957c4aa8deba79dfdec0e390d75e964ee9b1853", "1cba83c1febd55426cca9fa581121acb3b54368642230a0cbfb067d82a133089", "0fa4711a0c9e7dfc2135a0c7e9407691bf5677b1b1640e250abdc5db4a09f629", "0ab323a07848436a04a728c2d676d1315f5402c3d6e21e17a9e6edd648f795de", "819209f2cb6607f1b1a28057ac09fcd3944babf98f819f916c0db01de4440ac0", "1badcfc36cb64a1e931be9768d92cf991edcd2b04d61b22bd36e87e07700f4bd", "1d346fc64f792be85c3b438f75085a4ffe499226d194c14518ba38a9f5322623", "1647d865e07ebfb89fa02898b63b0ea9c2ffa14455364081d3bdc4a56e06cfcc", "cbcc91ad8bea757a5789916fa5e3c9a894302a4902097f61f948771c285a3e6f", "576862593b36670b0abdb10b56f3fe0de91f13a83f7e64a5d9119764a151017c", "06e7cf4d404e6b3c4966658605178b7f27b97fa65b86ed3fe5ed7ba189ff074e"], "mitre_attack_tags": ["TA0011", "T1071"]}, {"bi": "public-ip-address-identification-attempt", "hashes": ["2319c3f4c8a8d8fd332eb5a5465c8c217d37930a611d7c9aa8971d273fb75d74", "262d2e9044037fae2b213d3c4d85e1a22712a4af3c4ded3fd4866879c890a89d", "2adf5eeec4f05e65a240f3eb24479e665c54feb0053d772a5988531a63bb8425", "254349f4f682c7a562c562577b26c2ce3234cbc34b0412e6cb3865ca25c86cb1", "24a9743e5e7368323e8b0a810a7bb5d3e81dc9e73a986f09f442e39462e671e7", "1be0f73ec48241a860f6551b37c5f732f2f96ff111632837906a143deac311c2", "2878a00aa44232ea17f41e4d8284699bbe8765fdbadc516955ffc8ae93cc7add", "0332d56c48dff801d3c4db04b9b7bc67b3b0c37481c912f8e5efebe25c65379f", "2b447b52389bbd40e5d51244895e6deee21e7da0c507fd99e9d1b8d29993e376", "0b131013bbe7553832b45a6540c4be22c452a244ef432f7b6fddb47d5b1c2cf3", "0ad75143ea7b45a1e39d847d54c5bbde5ceb2b18843b52babe8574ca401e4db7", "14ee75574d7c50b36e0a606d910f393926becb99d0703ea403f207bf6cb06918", "15991e724ad40738bf12809d976053842ce01ed3922e49d501630adebc80e128", "19be03d1da5974890f083a5e2c014939ade91bc034c9eb6a88806a321232f9be", "23d3f205a2dbd4c71638daae0e45c65d52b6729c506ac5ba4bfc7901075c8dae", "0be4b37c4717d53925486df11d9c527be53ea4290c585187bfdafc055aa8f3ff", "00a70ad787f7835979f4a4910c536b65cedcfdf999694baa561238bb1372c211", "18a7a9ada7800ab1df038b7e0957c4aa8deba79dfdec0e390d75e964ee9b1853", "1cba83c1febd55426cca9fa581121acb3b54368642230a0cbfb067d82a133089", "0fa4711a0c9e7dfc2135a0c7e9407691bf5677b1b1640e250abdc5db4a09f629", "0ab323a07848436a04a728c2d676d1315f5402c3d6e21e17a9e6edd648f795de", "819209f2cb6607f1b1a28057ac09fcd3944babf98f819f916c0db01de4440ac0", "1badcfc36cb64a1e931be9768d92cf991edcd2b04d61b22bd36e87e07700f4bd", "1d346fc64f792be85c3b438f75085a4ffe499226d194c14518ba38a9f5322623", "1647d865e07ebfb89fa02898b63b0ea9c2ffa14455364081d3bdc4a56e06cfcc", "cbcc91ad8bea757a5789916fa5e3c9a894302a4902097f61f948771c285a3e6f", "576862593b36670b0abdb10b56f3fe0de91f13a83f7e64a5d9119764a151017c", "06e7cf4d404e6b3c4966658605178b7f27b97fa65b86ed3fe5ed7ba189ff074e"], "mitre_attack_tags": ["TA0007", "T1082", "T1016"]}], "category": "Packed", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": true, "Threat Grid": true, "Umbrella": false, "WSA": false}, "description": "Upatre is a malicious downloader often used by exploit kits and phishing campaigns. Upatre downloads and executes malicious executables, such as banking malware.", "hashes": ["00a70ad787f7835979f4a4910c536b65cedcfdf999694baa561238bb1372c211", "0332d56c48dff801d3c4db04b9b7bc67b3b0c37481c912f8e5efebe25c65379f", "06e7cf4d404e6b3c4966658605178b7f27b97fa65b86ed3fe5ed7ba189ff074e", "0ab323a07848436a04a728c2d676d1315f5402c3d6e21e17a9e6edd648f795de", "0ad75143ea7b45a1e39d847d54c5bbde5ceb2b18843b52babe8574ca401e4db7", "0b131013bbe7553832b45a6540c4be22c452a244ef432f7b6fddb47d5b1c2cf3", "0be4b37c4717d53925486df11d9c527be53ea4290c585187bfdafc055aa8f3ff", "0fa4711a0c9e7dfc2135a0c7e9407691bf5677b1b1640e250abdc5db4a09f629", "14ee75574d7c50b36e0a606d910f393926becb99d0703ea403f207bf6cb06918", "15991e724ad40738bf12809d976053842ce01ed3922e49d501630adebc80e128", "1647d865e07ebfb89fa02898b63b0ea9c2ffa14455364081d3bdc4a56e06cfcc", "18a7a9ada7800ab1df038b7e0957c4aa8deba79dfdec0e390d75e964ee9b1853", "19be03d1da5974890f083a5e2c014939ade91bc034c9eb6a88806a321232f9be", "1badcfc36cb64a1e931be9768d92cf991edcd2b04d61b22bd36e87e07700f4bd", "1be0f73ec48241a860f6551b37c5f732f2f96ff111632837906a143deac311c2", "1cba83c1febd55426cca9fa581121acb3b54368642230a0cbfb067d82a133089", "1d346fc64f792be85c3b438f75085a4ffe499226d194c14518ba38a9f5322623", "2319c3f4c8a8d8fd332eb5a5465c8c217d37930a611d7c9aa8971d273fb75d74", "23d3f205a2dbd4c71638daae0e45c65d52b6729c506ac5ba4bfc7901075c8dae", "24a9743e5e7368323e8b0a810a7bb5d3e81dc9e73a986f09f442e39462e671e7", "254349f4f682c7a562c562577b26c2ce3234cbc34b0412e6cb3865ca25c86cb1", "262d2e9044037fae2b213d3c4d85e1a22712a4af3c4ded3fd4866879c890a89d", "2878a00aa44232ea17f41e4d8284699bbe8765fdbadc516955ffc8ae93cc7add", "2adf5eeec4f05e65a240f3eb24479e665c54feb0053d772a5988531a63bb8425", "2b447b52389bbd40e5d51244895e6deee21e7da0c507fd99e9d1b8d29993e376", "2c8ea20938afc505d6ce08e3025f3da3f0ba3730c795a2e626414300817c6b5c", "2d1230f134d3eb1d922ce73bcf170d750b2626d7b390d4553fef0456b4dbc5c7", "2d54963c4d55029583b89920560a14c35428eb43d7dce762c0bd8dffcdbf21d8", "2e342c62e1665c60055859542c68c20f2e061c65c35fe1a8a40843ae79fef21f", "2f47afadee15bb4355427aa0dafa0e973a121edbd66b2fdcb4b1a5ea5580bd89", "3070f48f30cf639ce151bb59ba86eec18e924933b55d290862e5c61fd99cc631", "31bdd802db8367ef12e461b72560790c842efb1be9a23c03df3c6f5f536d8138", "35616df79c24226007cdee9b8aafe81fe7a73121b8c0493c22dd5b49c7a136a8", "36cf6d936f7118de9d2c515e773040e096c1f415e3bec3231d546c5672871eba", "3765928b332b845b64b366094588a3aacb930d1d2019c1a3d4acb2463d2e2289", "37d7dc991eff8e2c9ba9f06390afbe0a70aa407a2c1186a03056d5bdd19d6083", "39839c071825dde9754ae27351f848ae3d26bb3f7e5eff738dc56dcf98842dea", "3cc224d033a1af8b817ac8cd6eb005316fe45871bd08d6e72392ba94d60d1ab5", "3cc71697f857f11a0ab3d53852a8962d3a5a4e0bb8fa86dd7c720a7f74cd2f9e", "4432fdbedb1399dd132c58289c5c970bf2f02d41ba3e2863c95b565cd2297f21", "44b6c8625e1973420d5316828fb4554ad9b1f7c60eb94cea0d89aba179965ab1", "456e9547ed4d73d30895a097dafec4c11e73f00e409c16301080295f0530fc93", "45deccd41e363f013a8557abfe65a75890a55c3b073acbb2c3ceb1383e6c472a", "49314edc00c3afecacec7cde23129654b86b7816ca31422b8036954ed4f06341", "4a248fb7f840fd5d675a495ac1e38b7bcda79ffe29f4936892e62f3777a9a455", "4ef04c7875ae96013bb0ef786fcf22c76135e4ffb9ce9952d832a5f28ea5de0c", "4fbce1eee5cee99b0cf7dfe77b5259c2226cef3651cac5443ff1e05140851356", "5047345007f3587e121027d7a35723eba93202e191ef6e504c8507980e39ead6", "554ead47909a3fe3b81887e0375217c4606bdfc0cd9d97ce9c6a655d9bc6d40b", "55643714ecdbb2874edea47a07f1011e3bd06407f54287b48919234cf374abc1", "576862593b36670b0abdb10b56f3fe0de91f13a83f7e64a5d9119764a151017c", "587ee8c512e8650858492550878a15532f280927b87daec788ba62ce95c84b35", "588dfa57f470efac2331c26ccdf61134e3a88414c78d4c40534a30eddc88e26d", "594fe0b6bcb429dcb0b06ce35bad5d41980f7a9d348d71b065d5b7ff0f581938", "59ca68e5d6b8987b747d8f5c208b6ea7a40f97e8e567fd7a013f0dc56f2a865c", "5c7f7debda72c710d0051838cd31c4cbf2c4a932c36a0dedf9dfe0875afff391", "5c932839ae3dda89ca5bb62c249e6ce5bd8a06ec4e624d2279127f212474d3bd", "5e30402512001dbf550f8a3bf943cb83ef46cf3467a67fd425c2324795b4a79a", "5ea6c1eeed5cba51f9e8d26a3310a5cb54a7ce4ca31baa9eb3eec73b954875ad", "5f30d7a4bca154392a8d9c096412d892e575b59f198aa12eed5e7c98e5e6558c", "615928cc484b55ff52d38db25c3834f698ed6b2a30326454d76a74f78012500a", "632603860172d70bf08b87a2876a95d136f3f0c49f9899421777268a559551b2", "63dfb7f034d0407ff611f2372052e19d1c02fc9f662e4debb94cbc13c0d9593b", "64ef6b1938387aa00de36a162a61f7136cbc14ffe44c44970470dfe0eb86b22e", "658f234ce907a0f6a9e1e5e4b5e2dc1353a00ae6189575fb12e2729563fe4242", "69a3e986829072c87185459f55fa64901eeb3323d615745c6eae5c680ad088a9", "6b0c32894e8b53243e43579310367b6f8e97e41b00448999efe1bb03a2d1ba30", "6daa853576c80e80ada3ddc08a95cb42e9ca9fbf79fd70c7ed625c76742cdd3d", "6e630506ef4171ba5f29af324cc2f6a54679b8abc36e055150b2140160a552ea", "6e90fe700ae13828b700373d88d3fbb0e711c5ac729f9c7e61637753d9327532", "701c8e41e4aba25b63e8d18316267ec54a2d0d13829ca01d41c1cae858554b13", "725be5dd149ea801e9fb7edc1b561c3e5f671d63756bf80293e447bf771a332e", "73775c8fbae4beef24d2cade3635631a4d800828333f649050caaceb025da101", "74434db59f2484b4292f1093341c22d68041daad1c310de8e16f0402735582d6", "7fa0293b0477b8538bf89f646d11499b70f0f04fff4329c098c02cb425f5fca0", "810053edc0c6ce6315b3825c653f507487780db3e0e3e4c3236f13bc6d97ee00", "818c6f599c3fb1e313188f88d17369a2081b7f372203fa4dce8f76992b8f2061", "819209f2cb6607f1b1a28057ac09fcd3944babf98f819f916c0db01de4440ac0", "82907a3281520fa0f4f886a750a97394a71df9754dd32b062d6e06aa326a4923", "82ba52d4bbe1bd871c0addd5f5ea44289deca159b99921648484a809101ffe12", "82f7eb57a21e8bb935555b4fab2a06538b4761c20fdecfeb15df75e1eebb01c7", "83f92bc044d1b1579fcc963c33084719b57fd63e31eb1b7718628fc89a75fa97", "842a035e5110cb79c2d3ea02fc96a1cb08d9f1fc63bc5fce25f3105b9c837c9f", "84751d7bccbcfda33976c18acdc8624a6289d8d377bc47b7d3e9bd31c6ed86d5", "85c18f5c71f0670442ffb38841478cc991185f7ae2dc02ad1f28ba3408f59098", "86cb319af6a9e4939883607a4fd4c993f533d2ead2b81126c8dd21d989f0ebd4", "8c2cdff372ef7b4fa104cace69b9e58e0276f4e3a1b27aa064a26147c99027b0", "8c706b0e2810d9fccba5ee60c76b04bf0d0a7c1ede48c343e856f0178c4fa444", "8dcd9681c2f8b45ba5e03fe2d6efbd6492600ec96253d2c1c38c92fd4dc72dda", "8fdcc397699ed6f81b2d0c1f18891908f3ad53046e412a8a3b5924db1d94b346", "90a1e440ed8aa3566e5dc0ac6916d8b537031475f9c0e9396ecde3a312932351", "9190ba39feaf0ff2339b09d0eab645408e3165bb41fb550ca17a835bc815ef18", "92174e8c8d491bbf9079251f8a367e8c735a30fdd419ca0cbf1e0189668ce655", "92b4dd79f2f392a2658f0e952992b8b0a0c4ca91714c8edeeb28e71aadbb15d5", "942082b3d4c66faf1bc41d98fe14f1288bc2f7a1d15d06bc781a92f8609bfc74", "968ebac7cbc8c3627250155e3c55a63d9dcf77929ab9e334b982b3d822a4b881", "994754d1f4395593b88bdcbb476fbcfd0af7a2cbc26b8f0e93e38c034a617a84", "9df4d910ec3c7790be3213b57f96adbe83fafa6941ec7fb64b5a485a8abfc1e6", "9f3fdb67ed924bbf0b5037e0b4e116114ddebbd03a648f5077f967152c50bc99", "9fdcf83ae50a642a4bb97ccb044aaa7503b09ce8f4df137ef2173477934105de", "a4c8e5e4abdc1ca17e4c318f579952d52d3cc74ed690b90bdff0d0d68534d2c8", "a7d9868e6a0724f0761452faa4d2e777f851569f5061d2b470dc61510ab794be", "a875903c6f9db0cb60acbf18817aa8b12d43a2275a0db7bfe5143ec7f9e1a8ec", "adfc6b4e72f1fa98e288459f18b1d4ff91d01facb9be1a118d0342d6f757656c", "ae8d5f49f9beb65e35f0b9f7449860bac9a43092ec32686c5902cdb4aaf840b9", "af7e0eca755dbfb512013bc3f7836a6a72c313ffff8d252196fec7e0e7be1241", "b01d90880a37cbb7d7f8b520a78831b58b4d32ce62f57a51a001aa23b0f63886", "b094f8be4af2e44f11560db475fc1afe2cc70c74d800d96b4c3ced0cd444d101", "b2390cc467cec18a25444d8a070f2261d4e5a374fce4d7ea20478ab0bc43ed35", "b9273ab5de8eb78e8332eb026c11b3d22d5eeb9b5eae00580cd13432b05946e8", "ba1d1f2c219f54f0ff3e0404b020bb5429d0f1bb8bb33095d670ee6c444ff13f", "bc89ea15c10763f52ed31673597a3bcdff34cd610bdbca43dd2bddd31c46915b", "bcaa6737a5f597888a21ff934b2d7c27658316d5fde0f13ab35449ca601ba370", "c01d3a7cf19d39bba3d49b7859c828747aeb8da2d8af1674173255c1a80feaa0", "c0b665a7a0385b9a4ad732d3a41004f8d6268d73b5c7c60a4f76668ddd1acee8", "c1fc2a2bc33c723a3e0f4f5cf679988eb97a8fdeb844fe7e4448dcce95ab4081", "c3204895e25fbbff6bf5f2b71ea192dff28eff2f889b253a17efff1ac39e3739", "c579ab934586924d39c611d585f4310c14e775f3d8675c5cda92247f50509803", "c5f4609c3aecb78588b1cc40b07b921a02537c8a5019a83093e86132c3415dc4", "c6b8563df7a9c81681e6da2e48875f80a606639746194cc6b0fd11f179b2031a", "c84c7665bb468f5bdb44b0ea8c37abd0a9907ed2eabd54fade73dfbcc3b7bbc4", "cac9e0d18585e116662a28e72f20eed296902186d49cf93fac949723e7661a63", "cb2c87261f8bbe244657489ad51fd1c58fd9d0bce406ecf44781e28100fa5882", "cbbbd32fa5709716e01ae2c1bf1762f2a17a2625ef2419edba99c1669f8b9bdc", "cbcc91ad8bea757a5789916fa5e3c9a894302a4902097f61f948771c285a3e6f", "cdcfe7e519784143e5e2d3e72089113d5fabd714ec59360ce1a07a3a85a07265", "ce9298861d1c82fefcf1c54f3f61a574e19edc704ec42169914dced0ac7cb5d7", "d01bb6dc65c76ad7077cc616b2ae5ba30d5e71236120e013a3ce45a54fdafd28", "d03de5805b31b4b869e1d2b4d10bb5a78b34c69ed0bee6e4142575fbd5754c2a", "d12e0620f62068c122f1b63045d39626b55b2b71468a761b1181fff49997757d", "d17f8f29c61b901edca1b8a9f1fff4ebc054804511199b10dc521da37ce2c986", "d432fa2e9f2608f0e96e3c676ab44e8cc74a356b9f3857819329f931b3fe0175", "d787acc98f8a7c84f8499a28aa0fd0e2b2487f247b6f9f64afb7bf57b94ed6c4", "d8408a1847259ffabd2a385c3c640a51939414787a30f3c3c1a03e7e1dc5829d", "da365337cdb846b59520028671dc9c44e64d67d295e968482ac68aa3d35f3a00", "de5192198f07a7c7dc27ea69c144c160bba31370bf41c44bf12a469b12123aeb", "dffcc6bdf1115c69363076d1e490500a24b4e6d884b7136823d50419725e4024", "e09e0e3b627de4ed85ba72bd06e73414675fecffab84bc7e10b9ecbb1e28db62", "e91ac8a0c0fddff927fd4f50824b0143fe7baf2bee0bfd01daf7eb269fba3ebe", "eae423e239fa12dbb7953cccf43b68c14e07d8593fa2279d92a742570d4d08aa", "edee4d035cf952e7f33a782b8aef2543a368b16fbc461032e8c100fb55e4d90c", "edf96170eb8f95778723c227f25e8d110bd0af2bbfc65e229c6c7da67a410569", "f05a782da2f75e1d2ba2a779a8c6920b7ad4e9c4216385cbbd85dd7f50b9ad4a", "f161c01511629271ef4f8cae3ad10b4040b9d3d2b553c93de5d0e8904fc1d7c5", "f1aa752677e97405377de4acd0e3a6b2c455ef41895fa7cb212a676f5b58fe63", "f3a39c9e4105dd4fb59e308c2dbda084d2086dc92e78854c3132c5baa1367a63", "f8d75b751e57957eb37e2b31e160301752e4130b5e39751f48847beda9cd1581", "f9c4157bef84ce92fcf5d2ec5abb7703b864acd904c607bafe1da38bc17ac2f7", "fab3e3beba2b7765b6695fd55e99808edfa5c0d5f8599a8ec001a4e3f66806ec", "fbd090076fe5a61a31d5efe0dea6f3de2f3dd55c9c03d3bc5f42b42a41a15cba", "fcc71f3f9f8ce69c98f9b3bc7a54b8daafa0b41fddf089de31eb5853e5346ac3", "fda896d135cd828ba7df0270882ff582bdbe191cf612ed07e76330ef812d4583", "fdde2b94e7bfde4c8bf96d06d72893abac5a5e4d7e1db61c3b201ee695b0ccc3", "ff80f7a846fa5312227acd325316886d8cf813961983925e1c506c8914ab87c1", "ffe78fe29e6931548d5a4fb816ade144fbe85ec08474b98bee451b0711f397e3"], "iocs": {"domain": [{"hashes": ["00a70ad787f7835979f4a4910c536b65cedcfdf999694baa561238bb1372c211", "0332d56c48dff801d3c4db04b9b7bc67b3b0c37481c912f8e5efebe25c65379f", "06e7cf4d404e6b3c4966658605178b7f27b97fa65b86ed3fe5ed7ba189ff074e", "0ab323a07848436a04a728c2d676d1315f5402c3d6e21e17a9e6edd648f795de", "0ad75143ea7b45a1e39d847d54c5bbde5ceb2b18843b52babe8574ca401e4db7", "0b131013bbe7553832b45a6540c4be22c452a244ef432f7b6fddb47d5b1c2cf3", "0be4b37c4717d53925486df11d9c527be53ea4290c585187bfdafc055aa8f3ff", "0fa4711a0c9e7dfc2135a0c7e9407691bf5677b1b1640e250abdc5db4a09f629", "14ee75574d7c50b36e0a606d910f393926becb99d0703ea403f207bf6cb06918", "15991e724ad40738bf12809d976053842ce01ed3922e49d501630adebc80e128", "1647d865e07ebfb89fa02898b63b0ea9c2ffa14455364081d3bdc4a56e06cfcc", "18a7a9ada7800ab1df038b7e0957c4aa8deba79dfdec0e390d75e964ee9b1853", "19be03d1da5974890f083a5e2c014939ade91bc034c9eb6a88806a321232f9be", "1badcfc36cb64a1e931be9768d92cf991edcd2b04d61b22bd36e87e07700f4bd", "1be0f73ec48241a860f6551b37c5f732f2f96ff111632837906a143deac311c2", "1cba83c1febd55426cca9fa581121acb3b54368642230a0cbfb067d82a133089", "1d346fc64f792be85c3b438f75085a4ffe499226d194c14518ba38a9f5322623", "2319c3f4c8a8d8fd332eb5a5465c8c217d37930a611d7c9aa8971d273fb75d74", "23d3f205a2dbd4c71638daae0e45c65d52b6729c506ac5ba4bfc7901075c8dae", "24a9743e5e7368323e8b0a810a7bb5d3e81dc9e73a986f09f442e39462e671e7", "254349f4f682c7a562c562577b26c2ce3234cbc34b0412e6cb3865ca25c86cb1", "262d2e9044037fae2b213d3c4d85e1a22712a4af3c4ded3fd4866879c890a89d", "2878a00aa44232ea17f41e4d8284699bbe8765fdbadc516955ffc8ae93cc7add", "2adf5eeec4f05e65a240f3eb24479e665c54feb0053d772a5988531a63bb8425", "2b447b52389bbd40e5d51244895e6deee21e7da0c507fd99e9d1b8d29993e376", "576862593b36670b0abdb10b56f3fe0de91f13a83f7e64a5d9119764a151017c", "819209f2cb6607f1b1a28057ac09fcd3944babf98f819f916c0db01de4440ac0", "cbcc91ad8bea757a5789916fa5e3c9a894302a4902097f61f948771c285a3e6f"], "host": "icanhazip[.]com"}], "file": [{"hashes": ["00a70ad787f7835979f4a4910c536b65cedcfdf999694baa561238bb1372c211", "0332d56c48dff801d3c4db04b9b7bc67b3b0c37481c912f8e5efebe25c65379f", "06e7cf4d404e6b3c4966658605178b7f27b97fa65b86ed3fe5ed7ba189ff074e", "0ab323a07848436a04a728c2d676d1315f5402c3d6e21e17a9e6edd648f795de", "0ad75143ea7b45a1e39d847d54c5bbde5ceb2b18843b52babe8574ca401e4db7", "0b131013bbe7553832b45a6540c4be22c452a244ef432f7b6fddb47d5b1c2cf3", "0be4b37c4717d53925486df11d9c527be53ea4290c585187bfdafc055aa8f3ff", "0fa4711a0c9e7dfc2135a0c7e9407691bf5677b1b1640e250abdc5db4a09f629", "14ee75574d7c50b36e0a606d910f393926becb99d0703ea403f207bf6cb06918", "15991e724ad40738bf12809d976053842ce01ed3922e49d501630adebc80e128", "1647d865e07ebfb89fa02898b63b0ea9c2ffa14455364081d3bdc4a56e06cfcc", "18a7a9ada7800ab1df038b7e0957c4aa8deba79dfdec0e390d75e964ee9b1853", "19be03d1da5974890f083a5e2c014939ade91bc034c9eb6a88806a321232f9be", "1badcfc36cb64a1e931be9768d92cf991edcd2b04d61b22bd36e87e07700f4bd", "1be0f73ec48241a860f6551b37c5f732f2f96ff111632837906a143deac311c2", "1cba83c1febd55426cca9fa581121acb3b54368642230a0cbfb067d82a133089", "1d346fc64f792be85c3b438f75085a4ffe499226d194c14518ba38a9f5322623", "2319c3f4c8a8d8fd332eb5a5465c8c217d37930a611d7c9aa8971d273fb75d74", "23d3f205a2dbd4c71638daae0e45c65d52b6729c506ac5ba4bfc7901075c8dae", "24a9743e5e7368323e8b0a810a7bb5d3e81dc9e73a986f09f442e39462e671e7", "254349f4f682c7a562c562577b26c2ce3234cbc34b0412e6cb3865ca25c86cb1", "262d2e9044037fae2b213d3c4d85e1a22712a4af3c4ded3fd4866879c890a89d", "2878a00aa44232ea17f41e4d8284699bbe8765fdbadc516955ffc8ae93cc7add", "2adf5eeec4f05e65a240f3eb24479e665c54feb0053d772a5988531a63bb8425", "2b447b52389bbd40e5d51244895e6deee21e7da0c507fd99e9d1b8d29993e376", "576862593b36670b0abdb10b56f3fe0de91f13a83f7e64a5d9119764a151017c", "819209f2cb6607f1b1a28057ac09fcd3944babf98f819f916c0db01de4440ac0", "cbcc91ad8bea757a5789916fa5e3c9a894302a4902097f61f948771c285a3e6f"], "path": "%TEMP%\\zoogymal.exe"}], "ip": [{"hashes": ["00a70ad787f7835979f4a4910c536b65cedcfdf999694baa561238bb1372c211", "0332d56c48dff801d3c4db04b9b7bc67b3b0c37481c912f8e5efebe25c65379f", "06e7cf4d404e6b3c4966658605178b7f27b97fa65b86ed3fe5ed7ba189ff074e", "0ab323a07848436a04a728c2d676d1315f5402c3d6e21e17a9e6edd648f795de", "0ad75143ea7b45a1e39d847d54c5bbde5ceb2b18843b52babe8574ca401e4db7", "0b131013bbe7553832b45a6540c4be22c452a244ef432f7b6fddb47d5b1c2cf3", "0be4b37c4717d53925486df11d9c527be53ea4290c585187bfdafc055aa8f3ff", "0fa4711a0c9e7dfc2135a0c7e9407691bf5677b1b1640e250abdc5db4a09f629", "14ee75574d7c50b36e0a606d910f393926becb99d0703ea403f207bf6cb06918", "15991e724ad40738bf12809d976053842ce01ed3922e49d501630adebc80e128", "1647d865e07ebfb89fa02898b63b0ea9c2ffa14455364081d3bdc4a56e06cfcc", "18a7a9ada7800ab1df038b7e0957c4aa8deba79dfdec0e390d75e964ee9b1853", "19be03d1da5974890f083a5e2c014939ade91bc034c9eb6a88806a321232f9be", "1badcfc36cb64a1e931be9768d92cf991edcd2b04d61b22bd36e87e07700f4bd", "1be0f73ec48241a860f6551b37c5f732f2f96ff111632837906a143deac311c2", "1cba83c1febd55426cca9fa581121acb3b54368642230a0cbfb067d82a133089", "1d346fc64f792be85c3b438f75085a4ffe499226d194c14518ba38a9f5322623", "2319c3f4c8a8d8fd332eb5a5465c8c217d37930a611d7c9aa8971d273fb75d74", "23d3f205a2dbd4c71638daae0e45c65d52b6729c506ac5ba4bfc7901075c8dae", "24a9743e5e7368323e8b0a810a7bb5d3e81dc9e73a986f09f442e39462e671e7", "254349f4f682c7a562c562577b26c2ce3234cbc34b0412e6cb3865ca25c86cb1", "262d2e9044037fae2b213d3c4d85e1a22712a4af3c4ded3fd4866879c890a89d", "2878a00aa44232ea17f41e4d8284699bbe8765fdbadc516955ffc8ae93cc7add", "2adf5eeec4f05e65a240f3eb24479e665c54feb0053d772a5988531a63bb8425", "2b447b52389bbd40e5d51244895e6deee21e7da0c507fd99e9d1b8d29993e376", "576862593b36670b0abdb10b56f3fe0de91f13a83f7e64a5d9119764a151017c", "819209f2cb6607f1b1a28057ac09fcd3944babf98f819f916c0db01de4440ac0", "cbcc91ad8bea757a5789916fa5e3c9a894302a4902097f61f948771c285a3e6f"], "ip": "38[.]65[.]142[.]12"}, {"hashes": ["00a70ad787f7835979f4a4910c536b65cedcfdf999694baa561238bb1372c211", "0332d56c48dff801d3c4db04b9b7bc67b3b0c37481c912f8e5efebe25c65379f", "0ab323a07848436a04a728c2d676d1315f5402c3d6e21e17a9e6edd648f795de", "0ad75143ea7b45a1e39d847d54c5bbde5ceb2b18843b52babe8574ca401e4db7", "0b131013bbe7553832b45a6540c4be22c452a244ef432f7b6fddb47d5b1c2cf3", "0fa4711a0c9e7dfc2135a0c7e9407691bf5677b1b1640e250abdc5db4a09f629", "15991e724ad40738bf12809d976053842ce01ed3922e49d501630adebc80e128", "1cba83c1febd55426cca9fa581121acb3b54368642230a0cbfb067d82a133089", "1d346fc64f792be85c3b438f75085a4ffe499226d194c14518ba38a9f5322623", "2319c3f4c8a8d8fd332eb5a5465c8c217d37930a611d7c9aa8971d273fb75d74", "23d3f205a2dbd4c71638daae0e45c65d52b6729c506ac5ba4bfc7901075c8dae", "262d2e9044037fae2b213d3c4d85e1a22712a4af3c4ded3fd4866879c890a89d", "2878a00aa44232ea17f41e4d8284699bbe8765fdbadc516955ffc8ae93cc7add", "576862593b36670b0abdb10b56f3fe0de91f13a83f7e64a5d9119764a151017c", "cbcc91ad8bea757a5789916fa5e3c9a894302a4902097f61f948771c285a3e6f"], "ip": "104[.]18[.]114[.]97"}, {"hashes": ["06e7cf4d404e6b3c4966658605178b7f27b97fa65b86ed3fe5ed7ba189ff074e", "0be4b37c4717d53925486df11d9c527be53ea4290c585187bfdafc055aa8f3ff", "14ee75574d7c50b36e0a606d910f393926becb99d0703ea403f207bf6cb06918", "1647d865e07ebfb89fa02898b63b0ea9c2ffa14455364081d3bdc4a56e06cfcc", "18a7a9ada7800ab1df038b7e0957c4aa8deba79dfdec0e390d75e964ee9b1853", "19be03d1da5974890f083a5e2c014939ade91bc034c9eb6a88806a321232f9be", "1badcfc36cb64a1e931be9768d92cf991edcd2b04d61b22bd36e87e07700f4bd", "1be0f73ec48241a860f6551b37c5f732f2f96ff111632837906a143deac311c2", "24a9743e5e7368323e8b0a810a7bb5d3e81dc9e73a986f09f442e39462e671e7", "254349f4f682c7a562c562577b26c2ce3234cbc34b0412e6cb3865ca25c86cb1", "2adf5eeec4f05e65a240f3eb24479e665c54feb0053d772a5988531a63bb8425", "2b447b52389bbd40e5d51244895e6deee21e7da0c507fd99e9d1b8d29993e376", "819209f2cb6607f1b1a28057ac09fcd3944babf98f819f916c0db01de4440ac0"], "ip": "104[.]18[.]115[.]97"}, {"hashes": ["0332d56c48dff801d3c4db04b9b7bc67b3b0c37481c912f8e5efebe25c65379f", "0b131013bbe7553832b45a6540c4be22c452a244ef432f7b6fddb47d5b1c2cf3", "0be4b37c4717d53925486df11d9c527be53ea4290c585187bfdafc055aa8f3ff", "1d346fc64f792be85c3b438f75085a4ffe499226d194c14518ba38a9f5322623", "2878a00aa44232ea17f41e4d8284699bbe8765fdbadc516955ffc8ae93cc7add", "cbcc91ad8bea757a5789916fa5e3c9a894302a4902097f61f948771c285a3e6f"], "ip": "71[.]99[.]130[.]24"}, {"hashes": ["0332d56c48dff801d3c4db04b9b7bc67b3b0c37481c912f8e5efebe25c65379f", "0be4b37c4717d53925486df11d9c527be53ea4290c585187bfdafc055aa8f3ff", "1badcfc36cb64a1e931be9768d92cf991edcd2b04d61b22bd36e87e07700f4bd", "1d346fc64f792be85c3b438f75085a4ffe499226d194c14518ba38a9f5322623", "2319c3f4c8a8d8fd332eb5a5465c8c217d37930a611d7c9aa8971d273fb75d74"], "ip": "66[.]196[.]61[.]218"}, {"hashes": ["00a70ad787f7835979f4a4910c536b65cedcfdf999694baa561238bb1372c211", "06e7cf4d404e6b3c4966658605178b7f27b97fa65b86ed3fe5ed7ba189ff074e", "0ab323a07848436a04a728c2d676d1315f5402c3d6e21e17a9e6edd648f795de", "19be03d1da5974890f083a5e2c014939ade91bc034c9eb6a88806a321232f9be", "23d3f205a2dbd4c71638daae0e45c65d52b6729c506ac5ba4bfc7901075c8dae"], "ip": "96[.]46[.]103[.]232"}, {"hashes": ["0ad75143ea7b45a1e39d847d54c5bbde5ceb2b18843b52babe8574ca401e4db7", "0fa4711a0c9e7dfc2135a0c7e9407691bf5677b1b1640e250abdc5db4a09f629", "1be0f73ec48241a860f6551b37c5f732f2f96ff111632837906a143deac311c2", "819209f2cb6607f1b1a28057ac09fcd3944babf98f819f916c0db01de4440ac0"], "ip": "87[.]249[.]142[.]189"}, {"hashes": ["0be4b37c4717d53925486df11d9c527be53ea4290c585187bfdafc055aa8f3ff", "1badcfc36cb64a1e931be9768d92cf991edcd2b04d61b22bd36e87e07700f4bd", "1d346fc64f792be85c3b438f75085a4ffe499226d194c14518ba38a9f5322623", "2319c3f4c8a8d8fd332eb5a5465c8c217d37930a611d7c9aa8971d273fb75d74"], "ip": "98[.]214[.]11[.]253"}, {"hashes": ["00a70ad787f7835979f4a4910c536b65cedcfdf999694baa561238bb1372c211", "06e7cf4d404e6b3c4966658605178b7f27b97fa65b86ed3fe5ed7ba189ff074e", "0ab323a07848436a04a728c2d676d1315f5402c3d6e21e17a9e6edd648f795de", "19be03d1da5974890f083a5e2c014939ade91bc034c9eb6a88806a321232f9be"], "ip": "87[.]229[.]109[.]250"}, {"hashes": ["0332d56c48dff801d3c4db04b9b7bc67b3b0c37481c912f8e5efebe25c65379f", "0be4b37c4717d53925486df11d9c527be53ea4290c585187bfdafc055aa8f3ff", "1d346fc64f792be85c3b438f75085a4ffe499226d194c14518ba38a9f5322623", "2319c3f4c8a8d8fd332eb5a5465c8c217d37930a611d7c9aa8971d273fb75d74"], "ip": "216[.]16[.]93[.]250"}, {"hashes": ["18a7a9ada7800ab1df038b7e0957c4aa8deba79dfdec0e390d75e964ee9b1853", "1cba83c1febd55426cca9fa581121acb3b54368642230a0cbfb067d82a133089", "254349f4f682c7a562c562577b26c2ce3234cbc34b0412e6cb3865ca25c86cb1", "2b447b52389bbd40e5d51244895e6deee21e7da0c507fd99e9d1b8d29993e376"], "ip": "173[.]243[.]255[.]79"}, {"hashes": ["0332d56c48dff801d3c4db04b9b7bc67b3b0c37481c912f8e5efebe25c65379f", "0b131013bbe7553832b45a6540c4be22c452a244ef432f7b6fddb47d5b1c2cf3", "2878a00aa44232ea17f41e4d8284699bbe8765fdbadc516955ffc8ae93cc7add", "cbcc91ad8bea757a5789916fa5e3c9a894302a4902097f61f948771c285a3e6f"], "ip": "66[.]196[.]63[.]33"}, {"hashes": ["0ad75143ea7b45a1e39d847d54c5bbde5ceb2b18843b52babe8574ca401e4db7", "0fa4711a0c9e7dfc2135a0c7e9407691bf5677b1b1640e250abdc5db4a09f629", "1be0f73ec48241a860f6551b37c5f732f2f96ff111632837906a143deac311c2"], "ip": "76[.]84[.]81[.]120"}, {"hashes": ["0ad75143ea7b45a1e39d847d54c5bbde5ceb2b18843b52babe8574ca401e4db7", "0fa4711a0c9e7dfc2135a0c7e9407691bf5677b1b1640e250abdc5db4a09f629", "1be0f73ec48241a860f6551b37c5f732f2f96ff111632837906a143deac311c2"], "ip": "85[.]135[.]104[.]170"}, {"hashes": ["0ab323a07848436a04a728c2d676d1315f5402c3d6e21e17a9e6edd648f795de", "15991e724ad40738bf12809d976053842ce01ed3922e49d501630adebc80e128", "23d3f205a2dbd4c71638daae0e45c65d52b6729c506ac5ba4bfc7901075c8dae"], "ip": "66[.]215[.]30[.]118"}, {"hashes": ["14ee75574d7c50b36e0a606d910f393926becb99d0703ea403f207bf6cb06918", "1647d865e07ebfb89fa02898b63b0ea9c2ffa14455364081d3bdc4a56e06cfcc", "24a9743e5e7368323e8b0a810a7bb5d3e81dc9e73a986f09f442e39462e671e7"], "ip": "104[.]174[.]123[.]66"}, {"hashes": ["18a7a9ada7800ab1df038b7e0957c4aa8deba79dfdec0e390d75e964ee9b1853", "1cba83c1febd55426cca9fa581121acb3b54368642230a0cbfb067d82a133089", "2b447b52389bbd40e5d51244895e6deee21e7da0c507fd99e9d1b8d29993e376"], "ip": "188[.]255[.]239[.]34"}, {"hashes": ["18a7a9ada7800ab1df038b7e0957c4aa8deba79dfdec0e390d75e964ee9b1853", "1cba83c1febd55426cca9fa581121acb3b54368642230a0cbfb067d82a133089", "2b447b52389bbd40e5d51244895e6deee21e7da0c507fd99e9d1b8d29993e376"], "ip": "69[.]144[.]171[.]44"}, {"hashes": ["18a7a9ada7800ab1df038b7e0957c4aa8deba79dfdec0e390d75e964ee9b1853", "1cba83c1febd55426cca9fa581121acb3b54368642230a0cbfb067d82a133089", "2b447b52389bbd40e5d51244895e6deee21e7da0c507fd99e9d1b8d29993e376"], "ip": "69[.]9[.]204[.]114"}, {"hashes": ["0b131013bbe7553832b45a6540c4be22c452a244ef432f7b6fddb47d5b1c2cf3", "2878a00aa44232ea17f41e4d8284699bbe8765fdbadc516955ffc8ae93cc7add", "cbcc91ad8bea757a5789916fa5e3c9a894302a4902097f61f948771c285a3e6f"], "ip": "65[.]33[.]236[.]173"}, {"hashes": ["0ab323a07848436a04a728c2d676d1315f5402c3d6e21e17a9e6edd648f795de", "19be03d1da5974890f083a5e2c014939ade91bc034c9eb6a88806a321232f9be", "23d3f205a2dbd4c71638daae0e45c65d52b6729c506ac5ba4bfc7901075c8dae"], "ip": "68[.]70[.]242[.]203"}, {"hashes": ["18a7a9ada7800ab1df038b7e0957c4aa8deba79dfdec0e390d75e964ee9b1853", "1cba83c1febd55426cca9fa581121acb3b54368642230a0cbfb067d82a133089", "2b447b52389bbd40e5d51244895e6deee21e7da0c507fd99e9d1b8d29993e376"], "ip": "98[.]222[.]64[.]184"}, {"hashes": ["1badcfc36cb64a1e931be9768d92cf991edcd2b04d61b22bd36e87e07700f4bd", "2319c3f4c8a8d8fd332eb5a5465c8c217d37930a611d7c9aa8971d273fb75d74"], "ip": "24[.]148[.]217[.]188"}, {"hashes": ["14ee75574d7c50b36e0a606d910f393926becb99d0703ea403f207bf6cb06918", "1647d865e07ebfb89fa02898b63b0ea9c2ffa14455364081d3bdc4a56e06cfcc"], "ip": "72[.]230[.]82[.]80"}, {"hashes": ["14ee75574d7c50b36e0a606d910f393926becb99d0703ea403f207bf6cb06918", "24a9743e5e7368323e8b0a810a7bb5d3e81dc9e73a986f09f442e39462e671e7"], "ip": "24[.]33[.]131[.]116"}, {"hashes": ["262d2e9044037fae2b213d3c4d85e1a22712a4af3c4ded3fd4866879c890a89d", "576862593b36670b0abdb10b56f3fe0de91f13a83f7e64a5d9119764a151017c"], "ip": "24[.]220[.]92[.]193"}, {"hashes": ["262d2e9044037fae2b213d3c4d85e1a22712a4af3c4ded3fd4866879c890a89d", "576862593b36670b0abdb10b56f3fe0de91f13a83f7e64a5d9119764a151017c"], "ip": "176[.]36[.]251[.]208"}, {"hashes": ["262d2e9044037fae2b213d3c4d85e1a22712a4af3c4ded3fd4866879c890a89d", "576862593b36670b0abdb10b56f3fe0de91f13a83f7e64a5d9119764a151017c"], "ip": "109[.]86[.]226[.]85"}, {"hashes": ["00a70ad787f7835979f4a4910c536b65cedcfdf999694baa561238bb1372c211", "06e7cf4d404e6b3c4966658605178b7f27b97fa65b86ed3fe5ed7ba189ff074e"], "ip": "81[.]93[.]205[.]251"}, {"hashes": ["00a70ad787f7835979f4a4910c536b65cedcfdf999694baa561238bb1372c211", "06e7cf4d404e6b3c4966658605178b7f27b97fa65b86ed3fe5ed7ba189ff074e"], "ip": "81[.]93[.]205[.]218"}, {"hashes": ["1647d865e07ebfb89fa02898b63b0ea9c2ffa14455364081d3bdc4a56e06cfcc", "254349f4f682c7a562c562577b26c2ce3234cbc34b0412e6cb3865ca25c86cb1"], "ip": "173[.]248[.]22[.]227"}, {"hashes": ["819209f2cb6607f1b1a28057ac09fcd3944babf98f819f916c0db01de4440ac0"], "ip": "194[.]228[.]203[.]19"}, {"hashes": ["24a9743e5e7368323e8b0a810a7bb5d3e81dc9e73a986f09f442e39462e671e7"], "ip": "216[.]254[.]231[.]11"}, {"hashes": ["819209f2cb6607f1b1a28057ac09fcd3944babf98f819f916c0db01de4440ac0"], "ip": "95[.]143[.]141[.]50"}, {"hashes": ["2adf5eeec4f05e65a240f3eb24479e665c54feb0053d772a5988531a63bb8425"], "ip": "173[.]216[.]247[.]74"}, {"hashes": ["2adf5eeec4f05e65a240f3eb24479e665c54feb0053d772a5988531a63bb8425"], "ip": "77[.]48[.]30[.]156"}, {"hashes": ["254349f4f682c7a562c562577b26c2ce3234cbc34b0412e6cb3865ca25c86cb1"], "ip": "173[.]248[.]31[.]6"}, {"hashes": ["2adf5eeec4f05e65a240f3eb24479e665c54feb0053d772a5988531a63bb8425"], "ip": "76[.]105[.]248[.]137"}, {"hashes": ["15991e724ad40738bf12809d976053842ce01ed3922e49d501630adebc80e128"], "ip": "96[.]46[.]99[.]183"}, {"hashes": ["15991e724ad40738bf12809d976053842ce01ed3922e49d501630adebc80e128"], "ip": "96[.]46[.]100[.]49"}], "mutex": [], "registry": []}, "reports_count": 29}, "Win.Trojan.HawkEye-9982173-1": {"bis": [{"bi": "memory-execute-readwrite", "hashes": ["d1e152fbf3252cc888ae7fa5e5b410153757243400c52f757963eb1da5d20860", "6dbb8e520f4c1e900e5d4f567a307ed846744c65faddf1dcc357411e8940d82a", "76752746dff742dac1f13faf8bf9d240a72b6974bdbc5d601e686718cde47de2", "c9d12b61c5fddd1bd91b6dedd56a41cdd0f0d5d065c34fcc1036de3716db0c88", "5eb97290859f48710c13870e7008b00d27cd4fe5356619686d5377f864899be3", "ef4dd196050818e15e47d2532912cdb6669d0cec9ca8f369aa3fc60eb8b3eda1", "cd8a09b53f5e31666fad4af2ec32f8c48ce597ea4cf52e34a915b918dd148295", "30f98993c65d34b131df1de518b36914a4796d81a2cd97ff11efe20762052da9", "c8a07d72b1c68766407d754905e8b5d062152353d539f2ecfca13405308578f9", "d1adb78134362a121474f955c2670fc4b675531d19c847d74a3d77fb660664a6", "25c4e0e82248fe0f5eeaaa95ad509506e3ccebd87fa0b15fca2ca8e57f3e9355", "d054dac92b28a478c46ccb71e304bac5ec172c2102b354c1e1298b0a5ba10bf5", "96afbc589d7d92a6568fa6a94b504d06be2a2d2b4e550540c3dd6268d50bb823", "66d6b9f856cb4503446868cb31573c59dca8200426313934904c53d9821dc60d", "9788c32ecfef8e2b6da49031079ff4014c626a5e2e28c7766fc12d9586828f5b", "e69bc21e37452867be7742b580edb17e41044c248816fc86155f74b2dce842ea", "bb51ebbb114d1771cf6648ed5eed18101e778cf4e5f9a2df1c4fed4c7998c8a7", "b5e56bfc568d14950603308e17f3a5f2f40ba3575e97fae249a7fdb3f5357417", "e1bca0dbdf1b010b736edfe3fe6e2b6fc95f57c6215ff7c518394da624187b02", "d616790f182767501f232ffea535d2c8c6c064d5b18fb05a9a9f2fa00ad87fd8"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["d1e152fbf3252cc888ae7fa5e5b410153757243400c52f757963eb1da5d20860", "6dbb8e520f4c1e900e5d4f567a307ed846744c65faddf1dcc357411e8940d82a", "76752746dff742dac1f13faf8bf9d240a72b6974bdbc5d601e686718cde47de2", "c9d12b61c5fddd1bd91b6dedd56a41cdd0f0d5d065c34fcc1036de3716db0c88", "5eb97290859f48710c13870e7008b00d27cd4fe5356619686d5377f864899be3", "ef4dd196050818e15e47d2532912cdb6669d0cec9ca8f369aa3fc60eb8b3eda1", "cd8a09b53f5e31666fad4af2ec32f8c48ce597ea4cf52e34a915b918dd148295", "30f98993c65d34b131df1de518b36914a4796d81a2cd97ff11efe20762052da9", "c8a07d72b1c68766407d754905e8b5d062152353d539f2ecfca13405308578f9", "d1adb78134362a121474f955c2670fc4b675531d19c847d74a3d77fb660664a6", "25c4e0e82248fe0f5eeaaa95ad509506e3ccebd87fa0b15fca2ca8e57f3e9355", "d054dac92b28a478c46ccb71e304bac5ec172c2102b354c1e1298b0a5ba10bf5", "96afbc589d7d92a6568fa6a94b504d06be2a2d2b4e550540c3dd6268d50bb823", "66d6b9f856cb4503446868cb31573c59dca8200426313934904c53d9821dc60d", "9788c32ecfef8e2b6da49031079ff4014c626a5e2e28c7766fc12d9586828f5b", "e69bc21e37452867be7742b580edb17e41044c248816fc86155f74b2dce842ea", "bb51ebbb114d1771cf6648ed5eed18101e778cf4e5f9a2df1c4fed4c7998c8a7", "b5e56bfc568d14950603308e17f3a5f2f40ba3575e97fae249a7fdb3f5357417", "e1bca0dbdf1b010b736edfe3fe6e2b6fc95f57c6215ff7c518394da624187b02", "d616790f182767501f232ffea535d2c8c6c064d5b18fb05a9a9f2fa00ad87fd8"], "mitre_attack_tags": []}, {"bi": "modified-file-in-user-dir", "hashes": ["d1e152fbf3252cc888ae7fa5e5b410153757243400c52f757963eb1da5d20860", "6dbb8e520f4c1e900e5d4f567a307ed846744c65faddf1dcc357411e8940d82a", "76752746dff742dac1f13faf8bf9d240a72b6974bdbc5d601e686718cde47de2", "c9d12b61c5fddd1bd91b6dedd56a41cdd0f0d5d065c34fcc1036de3716db0c88", "5eb97290859f48710c13870e7008b00d27cd4fe5356619686d5377f864899be3", "ef4dd196050818e15e47d2532912cdb6669d0cec9ca8f369aa3fc60eb8b3eda1", "cd8a09b53f5e31666fad4af2ec32f8c48ce597ea4cf52e34a915b918dd148295", "30f98993c65d34b131df1de518b36914a4796d81a2cd97ff11efe20762052da9", "c8a07d72b1c68766407d754905e8b5d062152353d539f2ecfca13405308578f9", "d1adb78134362a121474f955c2670fc4b675531d19c847d74a3d77fb660664a6", "25c4e0e82248fe0f5eeaaa95ad509506e3ccebd87fa0b15fca2ca8e57f3e9355", "d054dac92b28a478c46ccb71e304bac5ec172c2102b354c1e1298b0a5ba10bf5", "96afbc589d7d92a6568fa6a94b504d06be2a2d2b4e550540c3dd6268d50bb823", "66d6b9f856cb4503446868cb31573c59dca8200426313934904c53d9821dc60d", "9788c32ecfef8e2b6da49031079ff4014c626a5e2e28c7766fc12d9586828f5b", "e69bc21e37452867be7742b580edb17e41044c248816fc86155f74b2dce842ea", "bb51ebbb114d1771cf6648ed5eed18101e778cf4e5f9a2df1c4fed4c7998c8a7", "b5e56bfc568d14950603308e17f3a5f2f40ba3575e97fae249a7fdb3f5357417", "e1bca0dbdf1b010b736edfe3fe6e2b6fc95f57c6215ff7c518394da624187b02", "d616790f182767501f232ffea535d2c8c6c064d5b18fb05a9a9f2fa00ad87fd8"], "mitre_attack_tags": []}, {"bi": "pe-uses-visual-basic", "hashes": ["d1e152fbf3252cc888ae7fa5e5b410153757243400c52f757963eb1da5d20860", "6dbb8e520f4c1e900e5d4f567a307ed846744c65faddf1dcc357411e8940d82a", "76752746dff742dac1f13faf8bf9d240a72b6974bdbc5d601e686718cde47de2", "c9d12b61c5fddd1bd91b6dedd56a41cdd0f0d5d065c34fcc1036de3716db0c88", "5eb97290859f48710c13870e7008b00d27cd4fe5356619686d5377f864899be3", "ef4dd196050818e15e47d2532912cdb6669d0cec9ca8f369aa3fc60eb8b3eda1", "cd8a09b53f5e31666fad4af2ec32f8c48ce597ea4cf52e34a915b918dd148295", "30f98993c65d34b131df1de518b36914a4796d81a2cd97ff11efe20762052da9", "c8a07d72b1c68766407d754905e8b5d062152353d539f2ecfca13405308578f9", "d1adb78134362a121474f955c2670fc4b675531d19c847d74a3d77fb660664a6", "25c4e0e82248fe0f5eeaaa95ad509506e3ccebd87fa0b15fca2ca8e57f3e9355", "d054dac92b28a478c46ccb71e304bac5ec172c2102b354c1e1298b0a5ba10bf5", "96afbc589d7d92a6568fa6a94b504d06be2a2d2b4e550540c3dd6268d50bb823", "66d6b9f856cb4503446868cb31573c59dca8200426313934904c53d9821dc60d", "9788c32ecfef8e2b6da49031079ff4014c626a5e2e28c7766fc12d9586828f5b", "e69bc21e37452867be7742b580edb17e41044c248816fc86155f74b2dce842ea", "bb51ebbb114d1771cf6648ed5eed18101e778cf4e5f9a2df1c4fed4c7998c8a7", "b5e56bfc568d14950603308e17f3a5f2f40ba3575e97fae249a7fdb3f5357417", "e1bca0dbdf1b010b736edfe3fe6e2b6fc95f57c6215ff7c518394da624187b02", "d616790f182767501f232ffea535d2c8c6c064d5b18fb05a9a9f2fa00ad87fd8"], "mitre_attack_tags": []}, {"bi": "pe-certificate", "hashes": ["d1e152fbf3252cc888ae7fa5e5b410153757243400c52f757963eb1da5d20860", "6dbb8e520f4c1e900e5d4f567a307ed846744c65faddf1dcc357411e8940d82a", "76752746dff742dac1f13faf8bf9d240a72b6974bdbc5d601e686718cde47de2", "c9d12b61c5fddd1bd91b6dedd56a41cdd0f0d5d065c34fcc1036de3716db0c88", "5eb97290859f48710c13870e7008b00d27cd4fe5356619686d5377f864899be3", "ef4dd196050818e15e47d2532912cdb6669d0cec9ca8f369aa3fc60eb8b3eda1", "cd8a09b53f5e31666fad4af2ec32f8c48ce597ea4cf52e34a915b918dd148295", "30f98993c65d34b131df1de518b36914a4796d81a2cd97ff11efe20762052da9", "c8a07d72b1c68766407d754905e8b5d062152353d539f2ecfca13405308578f9", "d1adb78134362a121474f955c2670fc4b675531d19c847d74a3d77fb660664a6", "25c4e0e82248fe0f5eeaaa95ad509506e3ccebd87fa0b15fca2ca8e57f3e9355", "d054dac92b28a478c46ccb71e304bac5ec172c2102b354c1e1298b0a5ba10bf5", "96afbc589d7d92a6568fa6a94b504d06be2a2d2b4e550540c3dd6268d50bb823", "66d6b9f856cb4503446868cb31573c59dca8200426313934904c53d9821dc60d", "9788c32ecfef8e2b6da49031079ff4014c626a5e2e28c7766fc12d9586828f5b", "e69bc21e37452867be7742b580edb17e41044c248816fc86155f74b2dce842ea", "bb51ebbb114d1771cf6648ed5eed18101e778cf4e5f9a2df1c4fed4c7998c8a7", "b5e56bfc568d14950603308e17f3a5f2f40ba3575e97fae249a7fdb3f5357417", "e1bca0dbdf1b010b736edfe3fe6e2b6fc95f57c6215ff7c518394da624187b02", "d616790f182767501f232ffea535d2c8c6c064d5b18fb05a9a9f2fa00ad87fd8"], "mitre_attack_tags": []}, {"bi": "pe-certificate-invalid-signing-date", "hashes": ["d1e152fbf3252cc888ae7fa5e5b410153757243400c52f757963eb1da5d20860", "6dbb8e520f4c1e900e5d4f567a307ed846744c65faddf1dcc357411e8940d82a", "76752746dff742dac1f13faf8bf9d240a72b6974bdbc5d601e686718cde47de2", "c9d12b61c5fddd1bd91b6dedd56a41cdd0f0d5d065c34fcc1036de3716db0c88", "5eb97290859f48710c13870e7008b00d27cd4fe5356619686d5377f864899be3", "ef4dd196050818e15e47d2532912cdb6669d0cec9ca8f369aa3fc60eb8b3eda1", "cd8a09b53f5e31666fad4af2ec32f8c48ce597ea4cf52e34a915b918dd148295", "30f98993c65d34b131df1de518b36914a4796d81a2cd97ff11efe20762052da9", "c8a07d72b1c68766407d754905e8b5d062152353d539f2ecfca13405308578f9", "d1adb78134362a121474f955c2670fc4b675531d19c847d74a3d77fb660664a6", "25c4e0e82248fe0f5eeaaa95ad509506e3ccebd87fa0b15fca2ca8e57f3e9355", "d054dac92b28a478c46ccb71e304bac5ec172c2102b354c1e1298b0a5ba10bf5", "96afbc589d7d92a6568fa6a94b504d06be2a2d2b4e550540c3dd6268d50bb823", "66d6b9f856cb4503446868cb31573c59dca8200426313934904c53d9821dc60d", "9788c32ecfef8e2b6da49031079ff4014c626a5e2e28c7766fc12d9586828f5b", "e69bc21e37452867be7742b580edb17e41044c248816fc86155f74b2dce842ea", "bb51ebbb114d1771cf6648ed5eed18101e778cf4e5f9a2df1c4fed4c7998c8a7", "b5e56bfc568d14950603308e17f3a5f2f40ba3575e97fae249a7fdb3f5357417", "e1bca0dbdf1b010b736edfe3fe6e2b6fc95f57c6215ff7c518394da624187b02", "d616790f182767501f232ffea535d2c8c6c064d5b18fb05a9a9f2fa00ad87fd8"], "mitre_attack_tags": []}, {"bi": "pe-certificate-short-serial", "hashes": ["d1e152fbf3252cc888ae7fa5e5b410153757243400c52f757963eb1da5d20860", "6dbb8e520f4c1e900e5d4f567a307ed846744c65faddf1dcc357411e8940d82a", "76752746dff742dac1f13faf8bf9d240a72b6974bdbc5d601e686718cde47de2", "c9d12b61c5fddd1bd91b6dedd56a41cdd0f0d5d065c34fcc1036de3716db0c88", "5eb97290859f48710c13870e7008b00d27cd4fe5356619686d5377f864899be3", "ef4dd196050818e15e47d2532912cdb6669d0cec9ca8f369aa3fc60eb8b3eda1", "cd8a09b53f5e31666fad4af2ec32f8c48ce597ea4cf52e34a915b918dd148295", "30f98993c65d34b131df1de518b36914a4796d81a2cd97ff11efe20762052da9", "c8a07d72b1c68766407d754905e8b5d062152353d539f2ecfca13405308578f9", "d1adb78134362a121474f955c2670fc4b675531d19c847d74a3d77fb660664a6", "25c4e0e82248fe0f5eeaaa95ad509506e3ccebd87fa0b15fca2ca8e57f3e9355", "d054dac92b28a478c46ccb71e304bac5ec172c2102b354c1e1298b0a5ba10bf5", "96afbc589d7d92a6568fa6a94b504d06be2a2d2b4e550540c3dd6268d50bb823", "66d6b9f856cb4503446868cb31573c59dca8200426313934904c53d9821dc60d", "9788c32ecfef8e2b6da49031079ff4014c626a5e2e28c7766fc12d9586828f5b", "e69bc21e37452867be7742b580edb17e41044c248816fc86155f74b2dce842ea", "bb51ebbb114d1771cf6648ed5eed18101e778cf4e5f9a2df1c4fed4c7998c8a7", "b5e56bfc568d14950603308e17f3a5f2f40ba3575e97fae249a7fdb3f5357417", "e1bca0dbdf1b010b736edfe3fe6e2b6fc95f57c6215ff7c518394da624187b02", "d616790f182767501f232ffea535d2c8c6c064d5b18fb05a9a9f2fa00ad87fd8"], "mitre_attack_tags": []}, {"bi": "file-ini-read", "hashes": ["d1e152fbf3252cc888ae7fa5e5b410153757243400c52f757963eb1da5d20860", "76752746dff742dac1f13faf8bf9d240a72b6974bdbc5d601e686718cde47de2", "c9d12b61c5fddd1bd91b6dedd56a41cdd0f0d5d065c34fcc1036de3716db0c88", "5eb97290859f48710c13870e7008b00d27cd4fe5356619686d5377f864899be3", "ef4dd196050818e15e47d2532912cdb6669d0cec9ca8f369aa3fc60eb8b3eda1", "cd8a09b53f5e31666fad4af2ec32f8c48ce597ea4cf52e34a915b918dd148295", "30f98993c65d34b131df1de518b36914a4796d81a2cd97ff11efe20762052da9", "c8a07d72b1c68766407d754905e8b5d062152353d539f2ecfca13405308578f9", "d1adb78134362a121474f955c2670fc4b675531d19c847d74a3d77fb660664a6", "25c4e0e82248fe0f5eeaaa95ad509506e3ccebd87fa0b15fca2ca8e57f3e9355", "d054dac92b28a478c46ccb71e304bac5ec172c2102b354c1e1298b0a5ba10bf5", "96afbc589d7d92a6568fa6a94b504d06be2a2d2b4e550540c3dd6268d50bb823", "e69bc21e37452867be7742b580edb17e41044c248816fc86155f74b2dce842ea", "bb51ebbb114d1771cf6648ed5eed18101e778cf4e5f9a2df1c4fed4c7998c8a7", "b5e56bfc568d14950603308e17f3a5f2f40ba3575e97fae249a7fdb3f5357417", "e1bca0dbdf1b010b736edfe3fe6e2b6fc95f57c6215ff7c518394da624187b02"], "mitre_attack_tags": []}, {"bi": "windows-vault-api", "hashes": ["d1e152fbf3252cc888ae7fa5e5b410153757243400c52f757963eb1da5d20860", "76752746dff742dac1f13faf8bf9d240a72b6974bdbc5d601e686718cde47de2", "c9d12b61c5fddd1bd91b6dedd56a41cdd0f0d5d065c34fcc1036de3716db0c88", "5eb97290859f48710c13870e7008b00d27cd4fe5356619686d5377f864899be3", "ef4dd196050818e15e47d2532912cdb6669d0cec9ca8f369aa3fc60eb8b3eda1", "cd8a09b53f5e31666fad4af2ec32f8c48ce597ea4cf52e34a915b918dd148295", "30f98993c65d34b131df1de518b36914a4796d81a2cd97ff11efe20762052da9", "c8a07d72b1c68766407d754905e8b5d062152353d539f2ecfca13405308578f9", "d1adb78134362a121474f955c2670fc4b675531d19c847d74a3d77fb660664a6", "25c4e0e82248fe0f5eeaaa95ad509506e3ccebd87fa0b15fca2ca8e57f3e9355", "d054dac92b28a478c46ccb71e304bac5ec172c2102b354c1e1298b0a5ba10bf5", "96afbc589d7d92a6568fa6a94b504d06be2a2d2b4e550540c3dd6268d50bb823", "e69bc21e37452867be7742b580edb17e41044c248816fc86155f74b2dce842ea", "bb51ebbb114d1771cf6648ed5eed18101e778cf4e5f9a2df1c4fed4c7998c8a7", "b5e56bfc568d14950603308e17f3a5f2f40ba3575e97fae249a7fdb3f5357417", "e1bca0dbdf1b010b736edfe3fe6e2b6fc95f57c6215ff7c518394da624187b02"], "mitre_attack_tags": ["TA0006", "T1003", "T1555"]}, {"bi": "firefox-password-manager-local-database-access", "hashes": ["d1e152fbf3252cc888ae7fa5e5b410153757243400c52f757963eb1da5d20860", "76752746dff742dac1f13faf8bf9d240a72b6974bdbc5d601e686718cde47de2", "c9d12b61c5fddd1bd91b6dedd56a41cdd0f0d5d065c34fcc1036de3716db0c88", "5eb97290859f48710c13870e7008b00d27cd4fe5356619686d5377f864899be3", "ef4dd196050818e15e47d2532912cdb6669d0cec9ca8f369aa3fc60eb8b3eda1", "cd8a09b53f5e31666fad4af2ec32f8c48ce597ea4cf52e34a915b918dd148295", "30f98993c65d34b131df1de518b36914a4796d81a2cd97ff11efe20762052da9", "c8a07d72b1c68766407d754905e8b5d062152353d539f2ecfca13405308578f9", "d1adb78134362a121474f955c2670fc4b675531d19c847d74a3d77fb660664a6", "25c4e0e82248fe0f5eeaaa95ad509506e3ccebd87fa0b15fca2ca8e57f3e9355", "d054dac92b28a478c46ccb71e304bac5ec172c2102b354c1e1298b0a5ba10bf5", "96afbc589d7d92a6568fa6a94b504d06be2a2d2b4e550540c3dd6268d50bb823", "e69bc21e37452867be7742b580edb17e41044c248816fc86155f74b2dce842ea", "bb51ebbb114d1771cf6648ed5eed18101e778cf4e5f9a2df1c4fed4c7998c8a7", "b5e56bfc568d14950603308e17f3a5f2f40ba3575e97fae249a7fdb3f5357417", "e1bca0dbdf1b010b736edfe3fe6e2b6fc95f57c6215ff7c518394da624187b02"], "mitre_attack_tags": ["TA0006", "T1003"]}, {"bi": "enumeration-browser-information", "hashes": ["d1e152fbf3252cc888ae7fa5e5b410153757243400c52f757963eb1da5d20860", "76752746dff742dac1f13faf8bf9d240a72b6974bdbc5d601e686718cde47de2", "c9d12b61c5fddd1bd91b6dedd56a41cdd0f0d5d065c34fcc1036de3716db0c88", "5eb97290859f48710c13870e7008b00d27cd4fe5356619686d5377f864899be3", "ef4dd196050818e15e47d2532912cdb6669d0cec9ca8f369aa3fc60eb8b3eda1", "cd8a09b53f5e31666fad4af2ec32f8c48ce597ea4cf52e34a915b918dd148295", "30f98993c65d34b131df1de518b36914a4796d81a2cd97ff11efe20762052da9", "c8a07d72b1c68766407d754905e8b5d062152353d539f2ecfca13405308578f9", "d1adb78134362a121474f955c2670fc4b675531d19c847d74a3d77fb660664a6", "25c4e0e82248fe0f5eeaaa95ad509506e3ccebd87fa0b15fca2ca8e57f3e9355", "d054dac92b28a478c46ccb71e304bac5ec172c2102b354c1e1298b0a5ba10bf5", "96afbc589d7d92a6568fa6a94b504d06be2a2d2b4e550540c3dd6268d50bb823", "e69bc21e37452867be7742b580edb17e41044c248816fc86155f74b2dce842ea", "bb51ebbb114d1771cf6648ed5eed18101e778cf4e5f9a2df1c4fed4c7998c8a7", "b5e56bfc568d14950603308e17f3a5f2f40ba3575e97fae249a7fdb3f5357417", "e1bca0dbdf1b010b736edfe3fe6e2b6fc95f57c6215ff7c518394da624187b02"], "mitre_attack_tags": ["TA0007", "TA0009", "TA0006", "T1083", "T1217", "T1005", "T1119", "T1552", "T1539", "T1555"]}, {"bi": "feed-domain-antivirus-service", "hashes": ["d1e152fbf3252cc888ae7fa5e5b410153757243400c52f757963eb1da5d20860", "76752746dff742dac1f13faf8bf9d240a72b6974bdbc5d601e686718cde47de2", "c9d12b61c5fddd1bd91b6dedd56a41cdd0f0d5d065c34fcc1036de3716db0c88", "5eb97290859f48710c13870e7008b00d27cd4fe5356619686d5377f864899be3", "ef4dd196050818e15e47d2532912cdb6669d0cec9ca8f369aa3fc60eb8b3eda1", "30f98993c65d34b131df1de518b36914a4796d81a2cd97ff11efe20762052da9", "c8a07d72b1c68766407d754905e8b5d062152353d539f2ecfca13405308578f9", "d1adb78134362a121474f955c2670fc4b675531d19c847d74a3d77fb660664a6", "25c4e0e82248fe0f5eeaaa95ad509506e3ccebd87fa0b15fca2ca8e57f3e9355", "d054dac92b28a478c46ccb71e304bac5ec172c2102b354c1e1298b0a5ba10bf5", "96afbc589d7d92a6568fa6a94b504d06be2a2d2b4e550540c3dd6268d50bb823", "e69bc21e37452867be7742b580edb17e41044c248816fc86155f74b2dce842ea", "bb51ebbb114d1771cf6648ed5eed18101e778cf4e5f9a2df1c4fed4c7998c8a7", "b5e56bfc568d14950603308e17f3a5f2f40ba3575e97fae249a7fdb3f5357417", "e1bca0dbdf1b010b736edfe3fe6e2b6fc95f57c6215ff7c518394da624187b02"], "mitre_attack_tags": []}, {"bi": "network-fast-flux-domain", "hashes": ["d1e152fbf3252cc888ae7fa5e5b410153757243400c52f757963eb1da5d20860", "6dbb8e520f4c1e900e5d4f567a307ed846744c65faddf1dcc357411e8940d82a", "c8a07d72b1c68766407d754905e8b5d062152353d539f2ecfca13405308578f9", "d1adb78134362a121474f955c2670fc4b675531d19c847d74a3d77fb660664a6", "25c4e0e82248fe0f5eeaaa95ad509506e3ccebd87fa0b15fca2ca8e57f3e9355", "d054dac92b28a478c46ccb71e304bac5ec172c2102b354c1e1298b0a5ba10bf5", "96afbc589d7d92a6568fa6a94b504d06be2a2d2b4e550540c3dd6268d50bb823", "66d6b9f856cb4503446868cb31573c59dca8200426313934904c53d9821dc60d", "9788c32ecfef8e2b6da49031079ff4014c626a5e2e28c7766fc12d9586828f5b", "e69bc21e37452867be7742b580edb17e41044c248816fc86155f74b2dce842ea", "bb51ebbb114d1771cf6648ed5eed18101e778cf4e5f9a2df1c4fed4c7998c8a7", "e1bca0dbdf1b010b736edfe3fe6e2b6fc95f57c6215ff7c518394da624187b02", "d616790f182767501f232ffea535d2c8c6c064d5b18fb05a9a9f2fa00ad87fd8"], "mitre_attack_tags": []}, {"bi": "network-communications-http-get", "hashes": ["d1e152fbf3252cc888ae7fa5e5b410153757243400c52f757963eb1da5d20860", "6dbb8e520f4c1e900e5d4f567a307ed846744c65faddf1dcc357411e8940d82a", "c8a07d72b1c68766407d754905e8b5d062152353d539f2ecfca13405308578f9", "d1adb78134362a121474f955c2670fc4b675531d19c847d74a3d77fb660664a6", "25c4e0e82248fe0f5eeaaa95ad509506e3ccebd87fa0b15fca2ca8e57f3e9355", "d054dac92b28a478c46ccb71e304bac5ec172c2102b354c1e1298b0a5ba10bf5", "96afbc589d7d92a6568fa6a94b504d06be2a2d2b4e550540c3dd6268d50bb823", "66d6b9f856cb4503446868cb31573c59dca8200426313934904c53d9821dc60d", "9788c32ecfef8e2b6da49031079ff4014c626a5e2e28c7766fc12d9586828f5b", "e69bc21e37452867be7742b580edb17e41044c248816fc86155f74b2dce842ea", "bb51ebbb114d1771cf6648ed5eed18101e778cf4e5f9a2df1c4fed4c7998c8a7", "e1bca0dbdf1b010b736edfe3fe6e2b6fc95f57c6215ff7c518394da624187b02", "d616790f182767501f232ffea535d2c8c6c064d5b18fb05a9a9f2fa00ad87fd8"], "mitre_attack_tags": ["TA0011", "T1105"]}, {"bi": "network-only-safe-domains-contacted", "hashes": ["d1e152fbf3252cc888ae7fa5e5b410153757243400c52f757963eb1da5d20860", "6dbb8e520f4c1e900e5d4f567a307ed846744c65faddf1dcc357411e8940d82a", "c8a07d72b1c68766407d754905e8b5d062152353d539f2ecfca13405308578f9", "d1adb78134362a121474f955c2670fc4b675531d19c847d74a3d77fb660664a6", "25c4e0e82248fe0f5eeaaa95ad509506e3ccebd87fa0b15fca2ca8e57f3e9355", "d054dac92b28a478c46ccb71e304bac5ec172c2102b354c1e1298b0a5ba10bf5", "96afbc589d7d92a6568fa6a94b504d06be2a2d2b4e550540c3dd6268d50bb823", "66d6b9f856cb4503446868cb31573c59dca8200426313934904c53d9821dc60d", "9788c32ecfef8e2b6da49031079ff4014c626a5e2e28c7766fc12d9586828f5b", "e69bc21e37452867be7742b580edb17e41044c248816fc86155f74b2dce842ea", "bb51ebbb114d1771cf6648ed5eed18101e778cf4e5f9a2df1c4fed4c7998c8a7", "e1bca0dbdf1b010b736edfe3fe6e2b6fc95f57c6215ff7c518394da624187b02", "d616790f182767501f232ffea535d2c8c6c064d5b18fb05a9a9f2fa00ad87fd8"], "mitre_attack_tags": []}, {"bi": "excessive-foreign-memory-modification", "hashes": ["d1e152fbf3252cc888ae7fa5e5b410153757243400c52f757963eb1da5d20860", "6dbb8e520f4c1e900e5d4f567a307ed846744c65faddf1dcc357411e8940d82a", "c8a07d72b1c68766407d754905e8b5d062152353d539f2ecfca13405308578f9", "d1adb78134362a121474f955c2670fc4b675531d19c847d74a3d77fb660664a6", "25c4e0e82248fe0f5eeaaa95ad509506e3ccebd87fa0b15fca2ca8e57f3e9355", "d054dac92b28a478c46ccb71e304bac5ec172c2102b354c1e1298b0a5ba10bf5", "96afbc589d7d92a6568fa6a94b504d06be2a2d2b4e550540c3dd6268d50bb823", "66d6b9f856cb4503446868cb31573c59dca8200426313934904c53d9821dc60d", "9788c32ecfef8e2b6da49031079ff4014c626a5e2e28c7766fc12d9586828f5b", "e69bc21e37452867be7742b580edb17e41044c248816fc86155f74b2dce842ea", "bb51ebbb114d1771cf6648ed5eed18101e778cf4e5f9a2df1c4fed4c7998c8a7", "e1bca0dbdf1b010b736edfe3fe6e2b6fc95f57c6215ff7c518394da624187b02", "d616790f182767501f232ffea535d2c8c6c064d5b18fb05a9a9f2fa00ad87fd8"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "sample-launched-copy-of-self", "hashes": ["d1e152fbf3252cc888ae7fa5e5b410153757243400c52f757963eb1da5d20860", "6dbb8e520f4c1e900e5d4f567a307ed846744c65faddf1dcc357411e8940d82a", "c8a07d72b1c68766407d754905e8b5d062152353d539f2ecfca13405308578f9", "d1adb78134362a121474f955c2670fc4b675531d19c847d74a3d77fb660664a6", "25c4e0e82248fe0f5eeaaa95ad509506e3ccebd87fa0b15fca2ca8e57f3e9355", "d054dac92b28a478c46ccb71e304bac5ec172c2102b354c1e1298b0a5ba10bf5", "96afbc589d7d92a6568fa6a94b504d06be2a2d2b4e550540c3dd6268d50bb823", "66d6b9f856cb4503446868cb31573c59dca8200426313934904c53d9821dc60d", "9788c32ecfef8e2b6da49031079ff4014c626a5e2e28c7766fc12d9586828f5b", "e69bc21e37452867be7742b580edb17e41044c248816fc86155f74b2dce842ea", "bb51ebbb114d1771cf6648ed5eed18101e778cf4e5f9a2df1c4fed4c7998c8a7", "e1bca0dbdf1b010b736edfe3fe6e2b6fc95f57c6215ff7c518394da624187b02", "d616790f182767501f232ffea535d2c8c6c064d5b18fb05a9a9f2fa00ad87fd8"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "listening-port-opened", "hashes": ["d1e152fbf3252cc888ae7fa5e5b410153757243400c52f757963eb1da5d20860", "6dbb8e520f4c1e900e5d4f567a307ed846744c65faddf1dcc357411e8940d82a", "c8a07d72b1c68766407d754905e8b5d062152353d539f2ecfca13405308578f9", "d1adb78134362a121474f955c2670fc4b675531d19c847d74a3d77fb660664a6", "25c4e0e82248fe0f5eeaaa95ad509506e3ccebd87fa0b15fca2ca8e57f3e9355", "d054dac92b28a478c46ccb71e304bac5ec172c2102b354c1e1298b0a5ba10bf5", "96afbc589d7d92a6568fa6a94b504d06be2a2d2b4e550540c3dd6268d50bb823", "66d6b9f856cb4503446868cb31573c59dca8200426313934904c53d9821dc60d", "9788c32ecfef8e2b6da49031079ff4014c626a5e2e28c7766fc12d9586828f5b", "e69bc21e37452867be7742b580edb17e41044c248816fc86155f74b2dce842ea", "bb51ebbb114d1771cf6648ed5eed18101e778cf4e5f9a2df1c4fed4c7998c8a7", "e1bca0dbdf1b010b736edfe3fe6e2b6fc95f57c6215ff7c518394da624187b02", "d616790f182767501f232ffea535d2c8c6c064d5b18fb05a9a9f2fa00ad87fd8"], "mitre_attack_tags": ["TA0011", "T1219"]}, {"bi": "network-http-blank-user-agent", "hashes": ["d1e152fbf3252cc888ae7fa5e5b410153757243400c52f757963eb1da5d20860", "6dbb8e520f4c1e900e5d4f567a307ed846744c65faddf1dcc357411e8940d82a", "c8a07d72b1c68766407d754905e8b5d062152353d539f2ecfca13405308578f9", "d1adb78134362a121474f955c2670fc4b675531d19c847d74a3d77fb660664a6", "25c4e0e82248fe0f5eeaaa95ad509506e3ccebd87fa0b15fca2ca8e57f3e9355", "d054dac92b28a478c46ccb71e304bac5ec172c2102b354c1e1298b0a5ba10bf5", "96afbc589d7d92a6568fa6a94b504d06be2a2d2b4e550540c3dd6268d50bb823", "66d6b9f856cb4503446868cb31573c59dca8200426313934904c53d9821dc60d", "9788c32ecfef8e2b6da49031079ff4014c626a5e2e28c7766fc12d9586828f5b", "e69bc21e37452867be7742b580edb17e41044c248816fc86155f74b2dce842ea", "bb51ebbb114d1771cf6648ed5eed18101e778cf4e5f9a2df1c4fed4c7998c8a7", "e1bca0dbdf1b010b736edfe3fe6e2b6fc95f57c6215ff7c518394da624187b02", "d616790f182767501f232ffea535d2c8c6c064d5b18fb05a9a9f2fa00ad87fd8"], "mitre_attack_tags": ["TA0011", "T1071"]}, {"bi": "public-ip-address-identification-attempt", "hashes": ["d1e152fbf3252cc888ae7fa5e5b410153757243400c52f757963eb1da5d20860", "6dbb8e520f4c1e900e5d4f567a307ed846744c65faddf1dcc357411e8940d82a", "c8a07d72b1c68766407d754905e8b5d062152353d539f2ecfca13405308578f9", "d1adb78134362a121474f955c2670fc4b675531d19c847d74a3d77fb660664a6", "25c4e0e82248fe0f5eeaaa95ad509506e3ccebd87fa0b15fca2ca8e57f3e9355", "d054dac92b28a478c46ccb71e304bac5ec172c2102b354c1e1298b0a5ba10bf5", "96afbc589d7d92a6568fa6a94b504d06be2a2d2b4e550540c3dd6268d50bb823", "66d6b9f856cb4503446868cb31573c59dca8200426313934904c53d9821dc60d", "9788c32ecfef8e2b6da49031079ff4014c626a5e2e28c7766fc12d9586828f5b", "e69bc21e37452867be7742b580edb17e41044c248816fc86155f74b2dce842ea", "bb51ebbb114d1771cf6648ed5eed18101e778cf4e5f9a2df1c4fed4c7998c8a7", "e1bca0dbdf1b010b736edfe3fe6e2b6fc95f57c6215ff7c518394da624187b02", "d616790f182767501f232ffea535d2c8c6c064d5b18fb05a9a9f2fa00ad87fd8"], "mitre_attack_tags": ["TA0007", "T1082", "T1016"]}, {"bi": "http-response-redirect", "hashes": ["d1e152fbf3252cc888ae7fa5e5b410153757243400c52f757963eb1da5d20860", "6dbb8e520f4c1e900e5d4f567a307ed846744c65faddf1dcc357411e8940d82a", "c8a07d72b1c68766407d754905e8b5d062152353d539f2ecfca13405308578f9", "d1adb78134362a121474f955c2670fc4b675531d19c847d74a3d77fb660664a6", "25c4e0e82248fe0f5eeaaa95ad509506e3ccebd87fa0b15fca2ca8e57f3e9355", "d054dac92b28a478c46ccb71e304bac5ec172c2102b354c1e1298b0a5ba10bf5", "96afbc589d7d92a6568fa6a94b504d06be2a2d2b4e550540c3dd6268d50bb823", "66d6b9f856cb4503446868cb31573c59dca8200426313934904c53d9821dc60d", "9788c32ecfef8e2b6da49031079ff4014c626a5e2e28c7766fc12d9586828f5b", "e69bc21e37452867be7742b580edb17e41044c248816fc86155f74b2dce842ea", "bb51ebbb114d1771cf6648ed5eed18101e778cf4e5f9a2df1c4fed4c7998c8a7", "e1bca0dbdf1b010b736edfe3fe6e2b6fc95f57c6215ff7c518394da624187b02", "d616790f182767501f232ffea535d2c8c6c064d5b18fb05a9a9f2fa00ad87fd8"], "mitre_attack_tags": []}, {"bi": "compiler-vbc-run", "hashes": ["d1e152fbf3252cc888ae7fa5e5b410153757243400c52f757963eb1da5d20860", "6dbb8e520f4c1e900e5d4f567a307ed846744c65faddf1dcc357411e8940d82a", "c8a07d72b1c68766407d754905e8b5d062152353d539f2ecfca13405308578f9", "d1adb78134362a121474f955c2670fc4b675531d19c847d74a3d77fb660664a6", "25c4e0e82248fe0f5eeaaa95ad509506e3ccebd87fa0b15fca2ca8e57f3e9355", "d054dac92b28a478c46ccb71e304bac5ec172c2102b354c1e1298b0a5ba10bf5", "96afbc589d7d92a6568fa6a94b504d06be2a2d2b4e550540c3dd6268d50bb823", "66d6b9f856cb4503446868cb31573c59dca8200426313934904c53d9821dc60d", "9788c32ecfef8e2b6da49031079ff4014c626a5e2e28c7766fc12d9586828f5b", "e69bc21e37452867be7742b580edb17e41044c248816fc86155f74b2dce842ea", "bb51ebbb114d1771cf6648ed5eed18101e778cf4e5f9a2df1c4fed4c7998c8a7", "e1bca0dbdf1b010b736edfe3fe6e2b6fc95f57c6215ff7c518394da624187b02", "d616790f182767501f232ffea535d2c8c6c064d5b18fb05a9a9f2fa00ad87fd8"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "malware-hawkeye-detected", "hashes": ["d1e152fbf3252cc888ae7fa5e5b410153757243400c52f757963eb1da5d20860", "6dbb8e520f4c1e900e5d4f567a307ed846744c65faddf1dcc357411e8940d82a", "c8a07d72b1c68766407d754905e8b5d062152353d539f2ecfca13405308578f9", "d1adb78134362a121474f955c2670fc4b675531d19c847d74a3d77fb660664a6", "25c4e0e82248fe0f5eeaaa95ad509506e3ccebd87fa0b15fca2ca8e57f3e9355", "d054dac92b28a478c46ccb71e304bac5ec172c2102b354c1e1298b0a5ba10bf5", "96afbc589d7d92a6568fa6a94b504d06be2a2d2b4e550540c3dd6268d50bb823", "66d6b9f856cb4503446868cb31573c59dca8200426313934904c53d9821dc60d", "9788c32ecfef8e2b6da49031079ff4014c626a5e2e28c7766fc12d9586828f5b", "e69bc21e37452867be7742b580edb17e41044c248816fc86155f74b2dce842ea", "bb51ebbb114d1771cf6648ed5eed18101e778cf4e5f9a2df1c4fed4c7998c8a7", "e1bca0dbdf1b010b736edfe3fe6e2b6fc95f57c6215ff7c518394da624187b02", "d616790f182767501f232ffea535d2c8c6c064d5b18fb05a9a9f2fa00ad87fd8"], "mitre_attack_tags": []}, {"bi": "dot-net-process-hollowing-detected", "hashes": ["d1e152fbf3252cc888ae7fa5e5b410153757243400c52f757963eb1da5d20860", "6dbb8e520f4c1e900e5d4f567a307ed846744c65faddf1dcc357411e8940d82a", "c8a07d72b1c68766407d754905e8b5d062152353d539f2ecfca13405308578f9", "d1adb78134362a121474f955c2670fc4b675531d19c847d74a3d77fb660664a6", "25c4e0e82248fe0f5eeaaa95ad509506e3ccebd87fa0b15fca2ca8e57f3e9355", "d054dac92b28a478c46ccb71e304bac5ec172c2102b354c1e1298b0a5ba10bf5", "96afbc589d7d92a6568fa6a94b504d06be2a2d2b4e550540c3dd6268d50bb823", "66d6b9f856cb4503446868cb31573c59dca8200426313934904c53d9821dc60d", "9788c32ecfef8e2b6da49031079ff4014c626a5e2e28c7766fc12d9586828f5b", "e69bc21e37452867be7742b580edb17e41044c248816fc86155f74b2dce842ea", "bb51ebbb114d1771cf6648ed5eed18101e778cf4e5f9a2df1c4fed4c7998c8a7", "e1bca0dbdf1b010b736edfe3fe6e2b6fc95f57c6215ff7c518394da624187b02", "d616790f182767501f232ffea535d2c8c6c064d5b18fb05a9a9f2fa00ad87fd8"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "dns-query-nxdomain", "hashes": ["d1e152fbf3252cc888ae7fa5e5b410153757243400c52f757963eb1da5d20860", "76752746dff742dac1f13faf8bf9d240a72b6974bdbc5d601e686718cde47de2", "c9d12b61c5fddd1bd91b6dedd56a41cdd0f0d5d065c34fcc1036de3716db0c88", "5eb97290859f48710c13870e7008b00d27cd4fe5356619686d5377f864899be3", "ef4dd196050818e15e47d2532912cdb6669d0cec9ca8f369aa3fc60eb8b3eda1", "30f98993c65d34b131df1de518b36914a4796d81a2cd97ff11efe20762052da9", "c8a07d72b1c68766407d754905e8b5d062152353d539f2ecfca13405308578f9", "d1adb78134362a121474f955c2670fc4b675531d19c847d74a3d77fb660664a6", "25c4e0e82248fe0f5eeaaa95ad509506e3ccebd87fa0b15fca2ca8e57f3e9355", "96afbc589d7d92a6568fa6a94b504d06be2a2d2b4e550540c3dd6268d50bb823", "e69bc21e37452867be7742b580edb17e41044c248816fc86155f74b2dce842ea", "b5e56bfc568d14950603308e17f3a5f2f40ba3575e97fae249a7fdb3f5357417"], "mitre_attack_tags": []}, {"bi": "process-hollowing-detected", "hashes": ["d1e152fbf3252cc888ae7fa5e5b410153757243400c52f757963eb1da5d20860", "6dbb8e520f4c1e900e5d4f567a307ed846744c65faddf1dcc357411e8940d82a", "d1adb78134362a121474f955c2670fc4b675531d19c847d74a3d77fb660664a6", "25c4e0e82248fe0f5eeaaa95ad509506e3ccebd87fa0b15fca2ca8e57f3e9355", "d054dac92b28a478c46ccb71e304bac5ec172c2102b354c1e1298b0a5ba10bf5", "96afbc589d7d92a6568fa6a94b504d06be2a2d2b4e550540c3dd6268d50bb823", "66d6b9f856cb4503446868cb31573c59dca8200426313934904c53d9821dc60d", "9788c32ecfef8e2b6da49031079ff4014c626a5e2e28c7766fc12d9586828f5b", "b5e56bfc568d14950603308e17f3a5f2f40ba3575e97fae249a7fdb3f5357417", "e1bca0dbdf1b010b736edfe3fe6e2b6fc95f57c6215ff7c518394da624187b02", "d616790f182767501f232ffea535d2c8c6c064d5b18fb05a9a9f2fa00ad87fd8"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "enumeration-email-program-information", "hashes": ["d1e152fbf3252cc888ae7fa5e5b410153757243400c52f757963eb1da5d20860", "6dbb8e520f4c1e900e5d4f567a307ed846744c65faddf1dcc357411e8940d82a", "c8a07d72b1c68766407d754905e8b5d062152353d539f2ecfca13405308578f9", "d1adb78134362a121474f955c2670fc4b675531d19c847d74a3d77fb660664a6", "25c4e0e82248fe0f5eeaaa95ad509506e3ccebd87fa0b15fca2ca8e57f3e9355", "d054dac92b28a478c46ccb71e304bac5ec172c2102b354c1e1298b0a5ba10bf5", "96afbc589d7d92a6568fa6a94b504d06be2a2d2b4e550540c3dd6268d50bb823", "e69bc21e37452867be7742b580edb17e41044c248816fc86155f74b2dce842ea", "bb51ebbb114d1771cf6648ed5eed18101e778cf4e5f9a2df1c4fed4c7998c8a7", "e1bca0dbdf1b010b736edfe3fe6e2b6fc95f57c6215ff7c518394da624187b02"], "mitre_attack_tags": ["TA0007", "TA0009", "TA0006", "T1083", "T1087", "T1005", "T1119", "T1114", "T1552"]}, {"bi": "antivirus-flagged-artifact", "hashes": ["d1e152fbf3252cc888ae7fa5e5b410153757243400c52f757963eb1da5d20860", "76752746dff742dac1f13faf8bf9d240a72b6974bdbc5d601e686718cde47de2", "c9d12b61c5fddd1bd91b6dedd56a41cdd0f0d5d065c34fcc1036de3716db0c88", "5eb97290859f48710c13870e7008b00d27cd4fe5356619686d5377f864899be3", "ef4dd196050818e15e47d2532912cdb6669d0cec9ca8f369aa3fc60eb8b3eda1", "cd8a09b53f5e31666fad4af2ec32f8c48ce597ea4cf52e34a915b918dd148295", "30f98993c65d34b131df1de518b36914a4796d81a2cd97ff11efe20762052da9", "9788c32ecfef8e2b6da49031079ff4014c626a5e2e28c7766fc12d9586828f5b", "b5e56bfc568d14950603308e17f3a5f2f40ba3575e97fae249a7fdb3f5357417"], "mitre_attack_tags": []}, {"bi": "feed-public-ip-check-dns", "hashes": ["d1e152fbf3252cc888ae7fa5e5b410153757243400c52f757963eb1da5d20860", "c8a07d72b1c68766407d754905e8b5d062152353d539f2ecfca13405308578f9", "d1adb78134362a121474f955c2670fc4b675531d19c847d74a3d77fb660664a6", "25c4e0e82248fe0f5eeaaa95ad509506e3ccebd87fa0b15fca2ca8e57f3e9355", "d054dac92b28a478c46ccb71e304bac5ec172c2102b354c1e1298b0a5ba10bf5", "96afbc589d7d92a6568fa6a94b504d06be2a2d2b4e550540c3dd6268d50bb823", "e69bc21e37452867be7742b580edb17e41044c248816fc86155f74b2dce842ea", "bb51ebbb114d1771cf6648ed5eed18101e778cf4e5f9a2df1c4fed4c7998c8a7", "e1bca0dbdf1b010b736edfe3fe6e2b6fc95f57c6215ff7c518394da624187b02"], "mitre_attack_tags": []}, {"bi": "process-check-browser-mail-client-files", "hashes": ["d1e152fbf3252cc888ae7fa5e5b410153757243400c52f757963eb1da5d20860", "c8a07d72b1c68766407d754905e8b5d062152353d539f2ecfca13405308578f9", "d1adb78134362a121474f955c2670fc4b675531d19c847d74a3d77fb660664a6", "25c4e0e82248fe0f5eeaaa95ad509506e3ccebd87fa0b15fca2ca8e57f3e9355", "d054dac92b28a478c46ccb71e304bac5ec172c2102b354c1e1298b0a5ba10bf5", "96afbc589d7d92a6568fa6a94b504d06be2a2d2b4e550540c3dd6268d50bb823", "e69bc21e37452867be7742b580edb17e41044c248816fc86155f74b2dce842ea", "bb51ebbb114d1771cf6648ed5eed18101e778cf4e5f9a2df1c4fed4c7998c8a7", "e1bca0dbdf1b010b736edfe3fe6e2b6fc95f57c6215ff7c518394da624187b02"], "mitre_attack_tags": ["TA0007", "T1518"]}, {"bi": "malware-generic-infostealer", "hashes": ["d1e152fbf3252cc888ae7fa5e5b410153757243400c52f757963eb1da5d20860", "c8a07d72b1c68766407d754905e8b5d062152353d539f2ecfca13405308578f9", "d1adb78134362a121474f955c2670fc4b675531d19c847d74a3d77fb660664a6", "25c4e0e82248fe0f5eeaaa95ad509506e3ccebd87fa0b15fca2ca8e57f3e9355", "d054dac92b28a478c46ccb71e304bac5ec172c2102b354c1e1298b0a5ba10bf5", "96afbc589d7d92a6568fa6a94b504d06be2a2d2b4e550540c3dd6268d50bb823", "e69bc21e37452867be7742b580edb17e41044c248816fc86155f74b2dce842ea", "bb51ebbb114d1771cf6648ed5eed18101e778cf4e5f9a2df1c4fed4c7998c8a7", "e1bca0dbdf1b010b736edfe3fe6e2b6fc95f57c6215ff7c518394da624187b02"], "mitre_attack_tags": ["TA0007", "TA0009", "TA0006", "T1083", "T1005", "T1119", "T1552"]}, {"bi": "imports-IsDebuggerPresent", "hashes": ["c8a07d72b1c68766407d754905e8b5d062152353d539f2ecfca13405308578f9", "d1adb78134362a121474f955c2670fc4b675531d19c847d74a3d77fb660664a6", "25c4e0e82248fe0f5eeaaa95ad509506e3ccebd87fa0b15fca2ca8e57f3e9355", "d054dac92b28a478c46ccb71e304bac5ec172c2102b354c1e1298b0a5ba10bf5", "96afbc589d7d92a6568fa6a94b504d06be2a2d2b4e550540c3dd6268d50bb823", "9788c32ecfef8e2b6da49031079ff4014c626a5e2e28c7766fc12d9586828f5b", "e69bc21e37452867be7742b580edb17e41044c248816fc86155f74b2dce842ea", "bb51ebbb114d1771cf6648ed5eed18101e778cf4e5f9a2df1c4fed4c7998c8a7", "e1bca0dbdf1b010b736edfe3fe6e2b6fc95f57c6215ff7c518394da624187b02"], "mitre_attack_tags": ["TA0005", "TA0007"]}, {"bi": "pe-imports-toolhelp", "hashes": ["c8a07d72b1c68766407d754905e8b5d062152353d539f2ecfca13405308578f9", "d1adb78134362a121474f955c2670fc4b675531d19c847d74a3d77fb660664a6", "25c4e0e82248fe0f5eeaaa95ad509506e3ccebd87fa0b15fca2ca8e57f3e9355", "d054dac92b28a478c46ccb71e304bac5ec172c2102b354c1e1298b0a5ba10bf5", "96afbc589d7d92a6568fa6a94b504d06be2a2d2b4e550540c3dd6268d50bb823", "9788c32ecfef8e2b6da49031079ff4014c626a5e2e28c7766fc12d9586828f5b", "e69bc21e37452867be7742b580edb17e41044c248816fc86155f74b2dce842ea", "bb51ebbb114d1771cf6648ed5eed18101e778cf4e5f9a2df1c4fed4c7998c8a7", "e1bca0dbdf1b010b736edfe3fe6e2b6fc95f57c6215ff7c518394da624187b02"], "mitre_attack_tags": ["TA0007", "T1057"]}, {"bi": "malware-known-trojan-av", "hashes": ["d1e152fbf3252cc888ae7fa5e5b410153757243400c52f757963eb1da5d20860", "76752746dff742dac1f13faf8bf9d240a72b6974bdbc5d601e686718cde47de2", "c9d12b61c5fddd1bd91b6dedd56a41cdd0f0d5d065c34fcc1036de3716db0c88", "5eb97290859f48710c13870e7008b00d27cd4fe5356619686d5377f864899be3", "ef4dd196050818e15e47d2532912cdb6669d0cec9ca8f369aa3fc60eb8b3eda1", "cd8a09b53f5e31666fad4af2ec32f8c48ce597ea4cf52e34a915b918dd148295", "30f98993c65d34b131df1de518b36914a4796d81a2cd97ff11efe20762052da9", "b5e56bfc568d14950603308e17f3a5f2f40ba3575e97fae249a7fdb3f5357417"], "mitre_attack_tags": []}, {"bi": "feed-domain-rat", "hashes": ["d1e152fbf3252cc888ae7fa5e5b410153757243400c52f757963eb1da5d20860", "76752746dff742dac1f13faf8bf9d240a72b6974bdbc5d601e686718cde47de2", "c9d12b61c5fddd1bd91b6dedd56a41cdd0f0d5d065c34fcc1036de3716db0c88", "5eb97290859f48710c13870e7008b00d27cd4fe5356619686d5377f864899be3", "ef4dd196050818e15e47d2532912cdb6669d0cec9ca8f369aa3fc60eb8b3eda1", "30f98993c65d34b131df1de518b36914a4796d81a2cd97ff11efe20762052da9", "b5e56bfc568d14950603308e17f3a5f2f40ba3575e97fae249a7fdb3f5357417"], "mitre_attack_tags": []}, {"bi": "malware-lokibot-mutex-detected", "hashes": ["76752746dff742dac1f13faf8bf9d240a72b6974bdbc5d601e686718cde47de2", "c9d12b61c5fddd1bd91b6dedd56a41cdd0f0d5d065c34fcc1036de3716db0c88", "5eb97290859f48710c13870e7008b00d27cd4fe5356619686d5377f864899be3", "ef4dd196050818e15e47d2532912cdb6669d0cec9ca8f369aa3fc60eb8b3eda1", "cd8a09b53f5e31666fad4af2ec32f8c48ce597ea4cf52e34a915b918dd148295", "30f98993c65d34b131df1de518b36914a4796d81a2cd97ff11efe20762052da9", "b5e56bfc568d14950603308e17f3a5f2f40ba3575e97fae249a7fdb3f5357417"], "mitre_attack_tags": []}, {"bi": "pe-uses-heavens-gate", "hashes": ["76752746dff742dac1f13faf8bf9d240a72b6974bdbc5d601e686718cde47de2", "c9d12b61c5fddd1bd91b6dedd56a41cdd0f0d5d065c34fcc1036de3716db0c88", "5eb97290859f48710c13870e7008b00d27cd4fe5356619686d5377f864899be3", "ef4dd196050818e15e47d2532912cdb6669d0cec9ca8f369aa3fc60eb8b3eda1", "cd8a09b53f5e31666fad4af2ec32f8c48ce597ea4cf52e34a915b918dd148295", "30f98993c65d34b131df1de518b36914a4796d81a2cd97ff11efe20762052da9", "b5e56bfc568d14950603308e17f3a5f2f40ba3575e97fae249a7fdb3f5357417"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "modified-executable", "hashes": ["6dbb8e520f4c1e900e5d4f567a307ed846744c65faddf1dcc357411e8940d82a", "d054dac92b28a478c46ccb71e304bac5ec172c2102b354c1e1298b0a5ba10bf5", "66d6b9f856cb4503446868cb31573c59dca8200426313934904c53d9821dc60d", "bb51ebbb114d1771cf6648ed5eed18101e778cf4e5f9a2df1c4fed4c7998c8a7", "e1bca0dbdf1b010b736edfe3fe6e2b6fc95f57c6215ff7c518394da624187b02", "d616790f182767501f232ffea535d2c8c6c064d5b18fb05a9a9f2fa00ad87fd8"], "mitre_attack_tags": []}, {"bi": "created-executable-in-user-dir", "hashes": ["6dbb8e520f4c1e900e5d4f567a307ed846744c65faddf1dcc357411e8940d82a", "d054dac92b28a478c46ccb71e304bac5ec172c2102b354c1e1298b0a5ba10bf5", "66d6b9f856cb4503446868cb31573c59dca8200426313934904c53d9821dc60d", "bb51ebbb114d1771cf6648ed5eed18101e778cf4e5f9a2df1c4fed4c7998c8a7", "e1bca0dbdf1b010b736edfe3fe6e2b6fc95f57c6215ff7c518394da624187b02", "d616790f182767501f232ffea535d2c8c6c064d5b18fb05a9a9f2fa00ad87fd8"], "mitre_attack_tags": []}, {"bi": "registry-autorun-key-data-dir", "hashes": ["6dbb8e520f4c1e900e5d4f567a307ed846744c65faddf1dcc357411e8940d82a", "d054dac92b28a478c46ccb71e304bac5ec172c2102b354c1e1298b0a5ba10bf5", "66d6b9f856cb4503446868cb31573c59dca8200426313934904c53d9821dc60d", "bb51ebbb114d1771cf6648ed5eed18101e778cf4e5f9a2df1c4fed4c7998c8a7", "e1bca0dbdf1b010b736edfe3fe6e2b6fc95f57c6215ff7c518394da624187b02", "d616790f182767501f232ffea535d2c8c6c064d5b18fb05a9a9f2fa00ad87fd8"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "registry-autorun-key-modified", "hashes": ["6dbb8e520f4c1e900e5d4f567a307ed846744c65faddf1dcc357411e8940d82a", "d054dac92b28a478c46ccb71e304bac5ec172c2102b354c1e1298b0a5ba10bf5", "66d6b9f856cb4503446868cb31573c59dca8200426313934904c53d9821dc60d", "bb51ebbb114d1771cf6648ed5eed18101e778cf4e5f9a2df1c4fed4c7998c8a7", "e1bca0dbdf1b010b736edfe3fe6e2b6fc95f57c6215ff7c518394da624187b02", "d616790f182767501f232ffea535d2c8c6c064d5b18fb05a9a9f2fa00ad87fd8"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "registry-autorun-suspicious-public-ip", "hashes": ["6dbb8e520f4c1e900e5d4f567a307ed846744c65faddf1dcc357411e8940d82a", "d054dac92b28a478c46ccb71e304bac5ec172c2102b354c1e1298b0a5ba10bf5", "66d6b9f856cb4503446868cb31573c59dca8200426313934904c53d9821dc60d", "bb51ebbb114d1771cf6648ed5eed18101e778cf4e5f9a2df1c4fed4c7998c8a7", "e1bca0dbdf1b010b736edfe3fe6e2b6fc95f57c6215ff7c518394da624187b02", "d616790f182767501f232ffea535d2c8c6c064d5b18fb05a9a9f2fa00ad87fd8"], "mitre_attack_tags": []}, {"bi": "created-executable-sample-appdata", "hashes": ["6dbb8e520f4c1e900e5d4f567a307ed846744c65faddf1dcc357411e8940d82a", "d054dac92b28a478c46ccb71e304bac5ec172c2102b354c1e1298b0a5ba10bf5", "66d6b9f856cb4503446868cb31573c59dca8200426313934904c53d9821dc60d", "bb51ebbb114d1771cf6648ed5eed18101e778cf4e5f9a2df1c4fed4c7998c8a7", "e1bca0dbdf1b010b736edfe3fe6e2b6fc95f57c6215ff7c518394da624187b02", "d616790f182767501f232ffea535d2c8c6c064d5b18fb05a9a9f2fa00ad87fd8"], "mitre_attack_tags": ["TA0005", "T1564"]}, {"bi": "network-opendns-malicious", "hashes": ["76752746dff742dac1f13faf8bf9d240a72b6974bdbc5d601e686718cde47de2", "c9d12b61c5fddd1bd91b6dedd56a41cdd0f0d5d065c34fcc1036de3716db0c88", "5eb97290859f48710c13870e7008b00d27cd4fe5356619686d5377f864899be3", "ef4dd196050818e15e47d2532912cdb6669d0cec9ca8f369aa3fc60eb8b3eda1", "30f98993c65d34b131df1de518b36914a4796d81a2cd97ff11efe20762052da9", "b5e56bfc568d14950603308e17f3a5f2f40ba3575e97fae249a7fdb3f5357417"], "mitre_attack_tags": []}, {"bi": "windows-crash-tool-execution-detected", "hashes": ["6dbb8e520f4c1e900e5d4f567a307ed846744c65faddf1dcc357411e8940d82a", "66d6b9f856cb4503446868cb31573c59dca8200426313934904c53d9821dc60d", "d616790f182767501f232ffea535d2c8c6c064d5b18fb05a9a9f2fa00ad87fd8"], "mitre_attack_tags": []}, {"bi": "crash-dump-file-created", "hashes": ["6dbb8e520f4c1e900e5d4f567a307ed846744c65faddf1dcc357411e8940d82a", "66d6b9f856cb4503446868cb31573c59dca8200426313934904c53d9821dc60d", "d616790f182767501f232ffea535d2c8c6c064d5b18fb05a9a9f2fa00ad87fd8"], "mitre_attack_tags": []}, {"bi": "fault-report-file-created", "hashes": ["6dbb8e520f4c1e900e5d4f567a307ed846744c65faddf1dcc357411e8940d82a", "66d6b9f856cb4503446868cb31573c59dca8200426313934904c53d9821dc60d", "d616790f182767501f232ffea535d2c8c6c064d5b18fb05a9a9f2fa00ad87fd8"], "mitre_attack_tags": []}, {"bi": "dot-net-crash-tool-execution-detected", "hashes": ["6dbb8e520f4c1e900e5d4f567a307ed846744c65faddf1dcc357411e8940d82a", "66d6b9f856cb4503446868cb31573c59dca8200426313934904c53d9821dc60d", "d616790f182767501f232ffea535d2c8c6c064d5b18fb05a9a9f2fa00ad87fd8"], "mitre_attack_tags": []}, {"bi": "netbios-query", "hashes": ["c9d12b61c5fddd1bd91b6dedd56a41cdd0f0d5d065c34fcc1036de3716db0c88", "5eb97290859f48710c13870e7008b00d27cd4fe5356619686d5377f864899be3", "30f98993c65d34b131df1de518b36914a4796d81a2cd97ff11efe20762052da9"], "mitre_attack_tags": ["TA0007", "T1016"]}, {"bi": "network-communications-smtp", "hashes": ["d054dac92b28a478c46ccb71e304bac5ec172c2102b354c1e1298b0a5ba10bf5", "bb51ebbb114d1771cf6648ed5eed18101e778cf4e5f9a2df1c4fed4c7998c8a7", "e1bca0dbdf1b010b736edfe3fe6e2b6fc95f57c6215ff7c518394da624187b02"], "mitre_attack_tags": ["TA0011", "T1071"]}, {"bi": "network-smtp-spambot", "hashes": ["d054dac92b28a478c46ccb71e304bac5ec172c2102b354c1e1298b0a5ba10bf5", "bb51ebbb114d1771cf6648ed5eed18101e778cf4e5f9a2df1c4fed4c7998c8a7", "e1bca0dbdf1b010b736edfe3fe6e2b6fc95f57c6215ff7c518394da624187b02"], "mitre_attack_tags": []}, {"bi": "artifact-memory-vm-detect", "hashes": ["d1e152fbf3252cc888ae7fa5e5b410153757243400c52f757963eb1da5d20860", "9788c32ecfef8e2b6da49031079ff4014c626a5e2e28c7766fc12d9586828f5b"], "mitre_attack_tags": ["TA0005", "TA0007", "T1497"]}, {"bi": "pe-invalid-checksum", "hashes": ["6dbb8e520f4c1e900e5d4f567a307ed846744c65faddf1dcc357411e8940d82a", "d616790f182767501f232ffea535d2c8c6c064d5b18fb05a9a9f2fa00ad87fd8"], "mitre_attack_tags": []}, {"bi": "pe-invalid-certificate-signature", "hashes": ["6dbb8e520f4c1e900e5d4f567a307ed846744c65faddf1dcc357411e8940d82a", "d616790f182767501f232ffea535d2c8c6c064d5b18fb05a9a9f2fa00ad87fd8"], "mitre_attack_tags": ["TA0005", "T1553"]}], "category": "Trojan", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": true, "Threat Grid": true, "Umbrella": true, "WSA": true}, "description": "HawkEye is an information stealing malware that specifically targets usernames and passwords stored by web browsers and mail clients on an infected machine. It is commonly spread via email and can also propagate through removable media.", "hashes": ["25c4e0e82248fe0f5eeaaa95ad509506e3ccebd87fa0b15fca2ca8e57f3e9355", "30f98993c65d34b131df1de518b36914a4796d81a2cd97ff11efe20762052da9", "5eb97290859f48710c13870e7008b00d27cd4fe5356619686d5377f864899be3", "66d6b9f856cb4503446868cb31573c59dca8200426313934904c53d9821dc60d", "6dbb8e520f4c1e900e5d4f567a307ed846744c65faddf1dcc357411e8940d82a", "76752746dff742dac1f13faf8bf9d240a72b6974bdbc5d601e686718cde47de2", "96afbc589d7d92a6568fa6a94b504d06be2a2d2b4e550540c3dd6268d50bb823", "9788c32ecfef8e2b6da49031079ff4014c626a5e2e28c7766fc12d9586828f5b", "b5e56bfc568d14950603308e17f3a5f2f40ba3575e97fae249a7fdb3f5357417", "bb51ebbb114d1771cf6648ed5eed18101e778cf4e5f9a2df1c4fed4c7998c8a7", "c8a07d72b1c68766407d754905e8b5d062152353d539f2ecfca13405308578f9", "c9d12b61c5fddd1bd91b6dedd56a41cdd0f0d5d065c34fcc1036de3716db0c88", "cd8a09b53f5e31666fad4af2ec32f8c48ce597ea4cf52e34a915b918dd148295", "d054dac92b28a478c46ccb71e304bac5ec172c2102b354c1e1298b0a5ba10bf5", "d1adb78134362a121474f955c2670fc4b675531d19c847d74a3d77fb660664a6", "d1e152fbf3252cc888ae7fa5e5b410153757243400c52f757963eb1da5d20860", "d616790f182767501f232ffea535d2c8c6c064d5b18fb05a9a9f2fa00ad87fd8", "e1bca0dbdf1b010b736edfe3fe6e2b6fc95f57c6215ff7c518394da624187b02", "e69bc21e37452867be7742b580edb17e41044c248816fc86155f74b2dce842ea", "ef4dd196050818e15e47d2532912cdb6669d0cec9ca8f369aa3fc60eb8b3eda1"], "iocs": {"domain": [{"hashes": ["25c4e0e82248fe0f5eeaaa95ad509506e3ccebd87fa0b15fca2ca8e57f3e9355", "66d6b9f856cb4503446868cb31573c59dca8200426313934904c53d9821dc60d", "6dbb8e520f4c1e900e5d4f567a307ed846744c65faddf1dcc357411e8940d82a", "96afbc589d7d92a6568fa6a94b504d06be2a2d2b4e550540c3dd6268d50bb823", "9788c32ecfef8e2b6da49031079ff4014c626a5e2e28c7766fc12d9586828f5b", "bb51ebbb114d1771cf6648ed5eed18101e778cf4e5f9a2df1c4fed4c7998c8a7", "c8a07d72b1c68766407d754905e8b5d062152353d539f2ecfca13405308578f9", "d054dac92b28a478c46ccb71e304bac5ec172c2102b354c1e1298b0a5ba10bf5", "d1adb78134362a121474f955c2670fc4b675531d19c847d74a3d77fb660664a6", "d1e152fbf3252cc888ae7fa5e5b410153757243400c52f757963eb1da5d20860", "d616790f182767501f232ffea535d2c8c6c064d5b18fb05a9a9f2fa00ad87fd8", "e1bca0dbdf1b010b736edfe3fe6e2b6fc95f57c6215ff7c518394da624187b02", "e69bc21e37452867be7742b580edb17e41044c248816fc86155f74b2dce842ea"], "host": "whatismyipaddress[.]com"}, {"hashes": ["25c4e0e82248fe0f5eeaaa95ad509506e3ccebd87fa0b15fca2ca8e57f3e9355", "96afbc589d7d92a6568fa6a94b504d06be2a2d2b4e550540c3dd6268d50bb823"], "host": "smtp[.]decemberdonreach[.]com"}, {"hashes": ["76752746dff742dac1f13faf8bf9d240a72b6974bdbc5d601e686718cde47de2", "ef4dd196050818e15e47d2532912cdb6669d0cec9ca8f369aa3fc60eb8b3eda1"], "host": "www[.]traucotravel[.]com"}, {"hashes": ["30f98993c65d34b131df1de518b36914a4796d81a2cd97ff11efe20762052da9", "c9d12b61c5fddd1bd91b6dedd56a41cdd0f0d5d065c34fcc1036de3716db0c88"], "host": "sahakyanshn[.]com"}, {"hashes": ["d1adb78134362a121474f955c2670fc4b675531d19c847d74a3d77fb660664a6"], "host": "smtp[.]wanjiall-group[.]com"}, {"hashes": ["d054dac92b28a478c46ccb71e304bac5ec172c2102b354c1e1298b0a5ba10bf5"], "host": "us2[.]smtp[.]mailhostbox[.]com"}, {"hashes": ["c8a07d72b1c68766407d754905e8b5d062152353d539f2ecfca13405308578f9"], "host": "smtp[.]millionslogs[.]com"}, {"hashes": ["bb51ebbb114d1771cf6648ed5eed18101e778cf4e5f9a2df1c4fed4c7998c8a7"], "host": "mail[.]mmt-me[.]com"}, {"hashes": ["e69bc21e37452867be7742b580edb17e41044c248816fc86155f74b2dce842ea"], "host": "smtp[.]esrgroup-au[.]com"}, {"hashes": ["d1e152fbf3252cc888ae7fa5e5b410153757243400c52f757963eb1da5d20860"], "host": "mail[.]salesoffice1[.]com"}, {"hashes": ["e1bca0dbdf1b010b736edfe3fe6e2b6fc95f57c6215ff7c518394da624187b02"], "host": "mail[.]hoordesign[.]com"}, {"hashes": ["b5e56bfc568d14950603308e17f3a5f2f40ba3575e97fae249a7fdb3f5357417"], "host": "traucotravel[.]com"}, {"hashes": ["5eb97290859f48710c13870e7008b00d27cd4fe5356619686d5377f864899be3"], "host": "jelimold[.]com"}], "file": [{"hashes": ["25c4e0e82248fe0f5eeaaa95ad509506e3ccebd87fa0b15fca2ca8e57f3e9355", "66d6b9f856cb4503446868cb31573c59dca8200426313934904c53d9821dc60d", "6dbb8e520f4c1e900e5d4f567a307ed846744c65faddf1dcc357411e8940d82a", "96afbc589d7d92a6568fa6a94b504d06be2a2d2b4e550540c3dd6268d50bb823", "9788c32ecfef8e2b6da49031079ff4014c626a5e2e28c7766fc12d9586828f5b", "bb51ebbb114d1771cf6648ed5eed18101e778cf4e5f9a2df1c4fed4c7998c8a7", "c8a07d72b1c68766407d754905e8b5d062152353d539f2ecfca13405308578f9", "d054dac92b28a478c46ccb71e304bac5ec172c2102b354c1e1298b0a5ba10bf5", "d1adb78134362a121474f955c2670fc4b675531d19c847d74a3d77fb660664a6", "d1e152fbf3252cc888ae7fa5e5b410153757243400c52f757963eb1da5d20860", "d616790f182767501f232ffea535d2c8c6c064d5b18fb05a9a9f2fa00ad87fd8", "e1bca0dbdf1b010b736edfe3fe6e2b6fc95f57c6215ff7c518394da624187b02", "e69bc21e37452867be7742b580edb17e41044c248816fc86155f74b2dce842ea"], "path": "%APPDATA%\\pid.txt"}, {"hashes": ["25c4e0e82248fe0f5eeaaa95ad509506e3ccebd87fa0b15fca2ca8e57f3e9355", "66d6b9f856cb4503446868cb31573c59dca8200426313934904c53d9821dc60d", "6dbb8e520f4c1e900e5d4f567a307ed846744c65faddf1dcc357411e8940d82a", "96afbc589d7d92a6568fa6a94b504d06be2a2d2b4e550540c3dd6268d50bb823", "9788c32ecfef8e2b6da49031079ff4014c626a5e2e28c7766fc12d9586828f5b", "bb51ebbb114d1771cf6648ed5eed18101e778cf4e5f9a2df1c4fed4c7998c8a7", "c8a07d72b1c68766407d754905e8b5d062152353d539f2ecfca13405308578f9", "d054dac92b28a478c46ccb71e304bac5ec172c2102b354c1e1298b0a5ba10bf5", "d1adb78134362a121474f955c2670fc4b675531d19c847d74a3d77fb660664a6", "d1e152fbf3252cc888ae7fa5e5b410153757243400c52f757963eb1da5d20860", "d616790f182767501f232ffea535d2c8c6c064d5b18fb05a9a9f2fa00ad87fd8", "e1bca0dbdf1b010b736edfe3fe6e2b6fc95f57c6215ff7c518394da624187b02", "e69bc21e37452867be7742b580edb17e41044c248816fc86155f74b2dce842ea"], "path": "%APPDATA%\\pidloc.txt"}, {"hashes": ["25c4e0e82248fe0f5eeaaa95ad509506e3ccebd87fa0b15fca2ca8e57f3e9355", "6dbb8e520f4c1e900e5d4f567a307ed846744c65faddf1dcc357411e8940d82a", "96afbc589d7d92a6568fa6a94b504d06be2a2d2b4e550540c3dd6268d50bb823", "bb51ebbb114d1771cf6648ed5eed18101e778cf4e5f9a2df1c4fed4c7998c8a7", "c8a07d72b1c68766407d754905e8b5d062152353d539f2ecfca13405308578f9", "d054dac92b28a478c46ccb71e304bac5ec172c2102b354c1e1298b0a5ba10bf5", "d1adb78134362a121474f955c2670fc4b675531d19c847d74a3d77fb660664a6", "d1e152fbf3252cc888ae7fa5e5b410153757243400c52f757963eb1da5d20860", "e1bca0dbdf1b010b736edfe3fe6e2b6fc95f57c6215ff7c518394da624187b02", "e69bc21e37452867be7742b580edb17e41044c248816fc86155f74b2dce842ea"], "path": "%TEMP%\\holdermail.txt"}, {"hashes": ["25c4e0e82248fe0f5eeaaa95ad509506e3ccebd87fa0b15fca2ca8e57f3e9355", "96afbc589d7d92a6568fa6a94b504d06be2a2d2b4e550540c3dd6268d50bb823", "bb51ebbb114d1771cf6648ed5eed18101e778cf4e5f9a2df1c4fed4c7998c8a7", "c8a07d72b1c68766407d754905e8b5d062152353d539f2ecfca13405308578f9", "d054dac92b28a478c46ccb71e304bac5ec172c2102b354c1e1298b0a5ba10bf5", "d1adb78134362a121474f955c2670fc4b675531d19c847d74a3d77fb660664a6", "d1e152fbf3252cc888ae7fa5e5b410153757243400c52f757963eb1da5d20860", "e1bca0dbdf1b010b736edfe3fe6e2b6fc95f57c6215ff7c518394da624187b02", "e69bc21e37452867be7742b580edb17e41044c248816fc86155f74b2dce842ea"], "path": "%TEMP%\\holderwb.txt"}, {"hashes": ["30f98993c65d34b131df1de518b36914a4796d81a2cd97ff11efe20762052da9", "5eb97290859f48710c13870e7008b00d27cd4fe5356619686d5377f864899be3", "76752746dff742dac1f13faf8bf9d240a72b6974bdbc5d601e686718cde47de2", "b5e56bfc568d14950603308e17f3a5f2f40ba3575e97fae249a7fdb3f5357417", "c9d12b61c5fddd1bd91b6dedd56a41cdd0f0d5d065c34fcc1036de3716db0c88", "cd8a09b53f5e31666fad4af2ec32f8c48ce597ea4cf52e34a915b918dd148295", "ef4dd196050818e15e47d2532912cdb6669d0cec9ca8f369aa3fc60eb8b3eda1"], "path": "%APPDATA%\\D282E1"}, {"hashes": ["30f98993c65d34b131df1de518b36914a4796d81a2cd97ff11efe20762052da9", "5eb97290859f48710c13870e7008b00d27cd4fe5356619686d5377f864899be3", "76752746dff742dac1f13faf8bf9d240a72b6974bdbc5d601e686718cde47de2", "b5e56bfc568d14950603308e17f3a5f2f40ba3575e97fae249a7fdb3f5357417", "c9d12b61c5fddd1bd91b6dedd56a41cdd0f0d5d065c34fcc1036de3716db0c88", "cd8a09b53f5e31666fad4af2ec32f8c48ce597ea4cf52e34a915b918dd148295", "ef4dd196050818e15e47d2532912cdb6669d0cec9ca8f369aa3fc60eb8b3eda1"], "path": "%APPDATA%\\D282E1\\1E80C5.lck"}, {"hashes": ["30f98993c65d34b131df1de518b36914a4796d81a2cd97ff11efe20762052da9", "5eb97290859f48710c13870e7008b00d27cd4fe5356619686d5377f864899be3", "76752746dff742dac1f13faf8bf9d240a72b6974bdbc5d601e686718cde47de2", "b5e56bfc568d14950603308e17f3a5f2f40ba3575e97fae249a7fdb3f5357417", "c9d12b61c5fddd1bd91b6dedd56a41cdd0f0d5d065c34fcc1036de3716db0c88", "cd8a09b53f5e31666fad4af2ec32f8c48ce597ea4cf52e34a915b918dd148295", "ef4dd196050818e15e47d2532912cdb6669d0cec9ca8f369aa3fc60eb8b3eda1"], "path": "%APPDATA%\\Microsoft\\Crypto\\RSA\\S-1-5-21-2580483871-590521980-3826313501-500\\a18ca4003deb042bbee7a40f15e1970b_d19ab989-a35f-4710-83df-7b2db7efe7c5"}, {"hashes": ["66d6b9f856cb4503446868cb31573c59dca8200426313934904c53d9821dc60d", "6dbb8e520f4c1e900e5d4f567a307ed846744c65faddf1dcc357411e8940d82a", "bb51ebbb114d1771cf6648ed5eed18101e778cf4e5f9a2df1c4fed4c7998c8a7", "d054dac92b28a478c46ccb71e304bac5ec172c2102b354c1e1298b0a5ba10bf5", "d616790f182767501f232ffea535d2c8c6c064d5b18fb05a9a9f2fa00ad87fd8", "e1bca0dbdf1b010b736edfe3fe6e2b6fc95f57c6215ff7c518394da624187b02"], "path": "%APPDATA%\\WindowsUpdate.exe"}], "ip": [{"hashes": ["66d6b9f856cb4503446868cb31573c59dca8200426313934904c53d9821dc60d", "6dbb8e520f4c1e900e5d4f567a307ed846744c65faddf1dcc357411e8940d82a", "c8a07d72b1c68766407d754905e8b5d062152353d539f2ecfca13405308578f9", "d1adb78134362a121474f955c2670fc4b675531d19c847d74a3d77fb660664a6", "d616790f182767501f232ffea535d2c8c6c064d5b18fb05a9a9f2fa00ad87fd8", "e1bca0dbdf1b010b736edfe3fe6e2b6fc95f57c6215ff7c518394da624187b02", "e69bc21e37452867be7742b580edb17e41044c248816fc86155f74b2dce842ea"], "ip": "104[.]16[.]154[.]36"}, {"hashes": ["25c4e0e82248fe0f5eeaaa95ad509506e3ccebd87fa0b15fca2ca8e57f3e9355", "96afbc589d7d92a6568fa6a94b504d06be2a2d2b4e550540c3dd6268d50bb823", "9788c32ecfef8e2b6da49031079ff4014c626a5e2e28c7766fc12d9586828f5b", "bb51ebbb114d1771cf6648ed5eed18101e778cf4e5f9a2df1c4fed4c7998c8a7", "d054dac92b28a478c46ccb71e304bac5ec172c2102b354c1e1298b0a5ba10bf5", "d1e152fbf3252cc888ae7fa5e5b410153757243400c52f757963eb1da5d20860"], "ip": "104[.]16[.]155[.]36"}, {"hashes": ["d054dac92b28a478c46ccb71e304bac5ec172c2102b354c1e1298b0a5ba10bf5"], "ip": "208[.]91[.]199[.]224"}, {"hashes": ["cd8a09b53f5e31666fad4af2ec32f8c48ce597ea4cf52e34a915b918dd148295"], "ip": "23[.]94[.]43[.]90"}, {"hashes": ["e1bca0dbdf1b010b736edfe3fe6e2b6fc95f57c6215ff7c518394da624187b02"], "ip": "185[.]128[.]81[.]119"}, {"hashes": ["bb51ebbb114d1771cf6648ed5eed18101e778cf4e5f9a2df1c4fed4c7998c8a7"], "ip": "202[.]66[.]174[.]77"}], "mutex": [{"hashes": ["30f98993c65d34b131df1de518b36914a4796d81a2cd97ff11efe20762052da9", "5eb97290859f48710c13870e7008b00d27cd4fe5356619686d5377f864899be3", "76752746dff742dac1f13faf8bf9d240a72b6974bdbc5d601e686718cde47de2", "b5e56bfc568d14950603308e17f3a5f2f40ba3575e97fae249a7fdb3f5357417", "c9d12b61c5fddd1bd91b6dedd56a41cdd0f0d5d065c34fcc1036de3716db0c88", "cd8a09b53f5e31666fad4af2ec32f8c48ce597ea4cf52e34a915b918dd148295", "ef4dd196050818e15e47d2532912cdb6669d0cec9ca8f369aa3fc60eb8b3eda1"], "name": "3749282D282E1E80C56CAE5A"}, {"hashes": ["66d6b9f856cb4503446868cb31573c59dca8200426313934904c53d9821dc60d", "6dbb8e520f4c1e900e5d4f567a307ed846744c65faddf1dcc357411e8940d82a", "d616790f182767501f232ffea535d2c8c6c064d5b18fb05a9a9f2fa00ad87fd8"], "name": "Global\\<random guid>"}], "registry": [{"hashes": ["25c4e0e82248fe0f5eeaaa95ad509506e3ccebd87fa0b15fca2ca8e57f3e9355", "66d6b9f856cb4503446868cb31573c59dca8200426313934904c53d9821dc60d", "6dbb8e520f4c1e900e5d4f567a307ed846744c65faddf1dcc357411e8940d82a", "96afbc589d7d92a6568fa6a94b504d06be2a2d2b4e550540c3dd6268d50bb823", "9788c32ecfef8e2b6da49031079ff4014c626a5e2e28c7766fc12d9586828f5b", "bb51ebbb114d1771cf6648ed5eed18101e778cf4e5f9a2df1c4fed4c7998c8a7", "c8a07d72b1c68766407d754905e8b5d062152353d539f2ecfca13405308578f9", "d054dac92b28a478c46ccb71e304bac5ec172c2102b354c1e1298b0a5ba10bf5", "d1adb78134362a121474f955c2670fc4b675531d19c847d74a3d77fb660664a6", "d1e152fbf3252cc888ae7fa5e5b410153757243400c52f757963eb1da5d20860", "d616790f182767501f232ffea535d2c8c6c064d5b18fb05a9a9f2fa00ad87fd8", "e1bca0dbdf1b010b736edfe3fe6e2b6fc95f57c6215ff7c518394da624187b02", "e69bc21e37452867be7742b580edb17e41044c248816fc86155f74b2dce842ea"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\EXPLORER\\ADVANCED", "value_name": "Hidden"}, {"hashes": ["66d6b9f856cb4503446868cb31573c59dca8200426313934904c53d9821dc60d", "6dbb8e520f4c1e900e5d4f567a307ed846744c65faddf1dcc357411e8940d82a", "bb51ebbb114d1771cf6648ed5eed18101e778cf4e5f9a2df1c4fed4c7998c8a7", "d054dac92b28a478c46ccb71e304bac5ec172c2102b354c1e1298b0a5ba10bf5", "d616790f182767501f232ffea535d2c8c6c064d5b18fb05a9a9f2fa00ad87fd8", "e1bca0dbdf1b010b736edfe3fe6e2b6fc95f57c6215ff7c518394da624187b02"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "Windows Update"}]}, "reports_count": 20}, "Win.Worm.Vobfus-9982088-0": {"bis": [{"bi": "antivirus-service-flagged-artifact", "hashes": ["0cdc5acf471fc39aaea4e1de4b35b97647048a306e19221da5ac479629565051", "0aabbb55d700442b8fc073e529488352830242b18501c1932bb8d01d0ca316e9", "01a927c98d1a6c4a6b4ec9a07772d16aa2e141c0713f28a9142da88dccd4661c", "1291949f551980cd13fd23fe69b5bd5591cc3272345c08c2d1e746eac3f943a9", "0d8f470ce4a58ab6bff8f30531f2e423b7eb9c835aeb105fcf06c9416fb5a96e", "029f0cdafcd1e43c80b328a4149b9351f768a26db83aafcc2e679576302571cd", "0b10a7c650b7a702f86164af756af70372649e9f071e5dc60d3da73479902df8", "0bd49c63bf53de7d8c6efc3a1756a68041fba3c8e15fccf7266a56f972edc1df", "1165b40f6d4dac6d2c478553fcaaa541306b8246684108e001618238c4d3abd5", "1027dd8ba0228dc47765f32f6328f3bfde47585b5870ef5e59791ed6667a7419", "053f3008ebc5891beb7724ef27cf68da91289440de7e59b20f104398fa8288e9", "05da1dffe77ae855f9ce7cb1f3ebc32d9701ba5e28654a04d5700ff4c75d9cb2", "0d23312c0f80a322e11a114a700ebb97814d29deed5c90dcbb76f404052ad0b4", "03c81f2f1bb42eeb694a778e87fd3e5b44cd81f91a2604f45044437490638419", "075f636f08c1f017ab277e97a3ae5cd1bce9072f03a5bdaeac7c5500ad390acc", "053662d3d28f0490b893404303c9eb8279c59774c54c8a119b56e0dd20500140", "0c0a92c633f18385cb8502537836777131f0e9bdbf7a3e13a6eb4369f6b27b01", "0b52d2766c544cc0c0ef432e4e01a02f04e6d31dbe52f416a6ab962a4bb61f07", "052dd08dd67d615ac889ac38f34619e11f1c397471d2eeac5b9d921006aa193d", "07c6f9532ac8e9ac978c8a4d344d2cd92212208f8cad3f88d31f06ed89dd1e9e", "0ece757c57f02ee83048fa87cd7582427f2fca256231182d0fa7dfb4708cab54", "044ca0f0a7948140f562cca6dca7177adeb4a740d195f03a870577f7a772299b", "032fe6ac96f6fb21fd01e2c0c146511f55b7a698f4520b2baa98921bed2192ca", "04149273008ed5b1aef18a5196719295e65ad049481432f5e5628a1de1208082", "01f6f311e250412bbaea712cf20a1bad3d033499d6b9feb1989c09d0d3b52bf5", "10c34e5c3a0aabfee083318141f9452e4cc60cad310a2dfc1a206fc83d5132b6"], "mitre_attack_tags": []}, {"bi": "pe-uses-visual-basic", "hashes": ["0cdc5acf471fc39aaea4e1de4b35b97647048a306e19221da5ac479629565051", "0aabbb55d700442b8fc073e529488352830242b18501c1932bb8d01d0ca316e9", "01a927c98d1a6c4a6b4ec9a07772d16aa2e141c0713f28a9142da88dccd4661c", "1291949f551980cd13fd23fe69b5bd5591cc3272345c08c2d1e746eac3f943a9", "0d8f470ce4a58ab6bff8f30531f2e423b7eb9c835aeb105fcf06c9416fb5a96e", "029f0cdafcd1e43c80b328a4149b9351f768a26db83aafcc2e679576302571cd", "0b10a7c650b7a702f86164af756af70372649e9f071e5dc60d3da73479902df8", "0bd49c63bf53de7d8c6efc3a1756a68041fba3c8e15fccf7266a56f972edc1df", "1165b40f6d4dac6d2c478553fcaaa541306b8246684108e001618238c4d3abd5", "1027dd8ba0228dc47765f32f6328f3bfde47585b5870ef5e59791ed6667a7419", "053f3008ebc5891beb7724ef27cf68da91289440de7e59b20f104398fa8288e9", "05da1dffe77ae855f9ce7cb1f3ebc32d9701ba5e28654a04d5700ff4c75d9cb2", "0d23312c0f80a322e11a114a700ebb97814d29deed5c90dcbb76f404052ad0b4", "03c81f2f1bb42eeb694a778e87fd3e5b44cd81f91a2604f45044437490638419", "075f636f08c1f017ab277e97a3ae5cd1bce9072f03a5bdaeac7c5500ad390acc", "053662d3d28f0490b893404303c9eb8279c59774c54c8a119b56e0dd20500140", "0c0a92c633f18385cb8502537836777131f0e9bdbf7a3e13a6eb4369f6b27b01", "0b52d2766c544cc0c0ef432e4e01a02f04e6d31dbe52f416a6ab962a4bb61f07", "052dd08dd67d615ac889ac38f34619e11f1c397471d2eeac5b9d921006aa193d", "07c6f9532ac8e9ac978c8a4d344d2cd92212208f8cad3f88d31f06ed89dd1e9e", "0ece757c57f02ee83048fa87cd7582427f2fca256231182d0fa7dfb4708cab54", "044ca0f0a7948140f562cca6dca7177adeb4a740d195f03a870577f7a772299b", "032fe6ac96f6fb21fd01e2c0c146511f55b7a698f4520b2baa98921bed2192ca", "04149273008ed5b1aef18a5196719295e65ad049481432f5e5628a1de1208082", "01f6f311e250412bbaea712cf20a1bad3d033499d6b9feb1989c09d0d3b52bf5", "10c34e5c3a0aabfee083318141f9452e4cc60cad310a2dfc1a206fc83d5132b6"], "mitre_attack_tags": []}, {"bi": "memory-execute-readwrite", "hashes": ["0cdc5acf471fc39aaea4e1de4b35b97647048a306e19221da5ac479629565051", "0aabbb55d700442b8fc073e529488352830242b18501c1932bb8d01d0ca316e9", "01a927c98d1a6c4a6b4ec9a07772d16aa2e141c0713f28a9142da88dccd4661c", "1291949f551980cd13fd23fe69b5bd5591cc3272345c08c2d1e746eac3f943a9", "0d8f470ce4a58ab6bff8f30531f2e423b7eb9c835aeb105fcf06c9416fb5a96e", "029f0cdafcd1e43c80b328a4149b9351f768a26db83aafcc2e679576302571cd", "0b10a7c650b7a702f86164af756af70372649e9f071e5dc60d3da73479902df8", "0bd49c63bf53de7d8c6efc3a1756a68041fba3c8e15fccf7266a56f972edc1df", "1165b40f6d4dac6d2c478553fcaaa541306b8246684108e001618238c4d3abd5", "1027dd8ba0228dc47765f32f6328f3bfde47585b5870ef5e59791ed6667a7419", "053f3008ebc5891beb7724ef27cf68da91289440de7e59b20f104398fa8288e9", "05da1dffe77ae855f9ce7cb1f3ebc32d9701ba5e28654a04d5700ff4c75d9cb2", "0d23312c0f80a322e11a114a700ebb97814d29deed5c90dcbb76f404052ad0b4", "03c81f2f1bb42eeb694a778e87fd3e5b44cd81f91a2604f45044437490638419", "075f636f08c1f017ab277e97a3ae5cd1bce9072f03a5bdaeac7c5500ad390acc", "053662d3d28f0490b893404303c9eb8279c59774c54c8a119b56e0dd20500140", "0b52d2766c544cc0c0ef432e4e01a02f04e6d31dbe52f416a6ab962a4bb61f07", "052dd08dd67d615ac889ac38f34619e11f1c397471d2eeac5b9d921006aa193d", "07c6f9532ac8e9ac978c8a4d344d2cd92212208f8cad3f88d31f06ed89dd1e9e", "0ece757c57f02ee83048fa87cd7582427f2fca256231182d0fa7dfb4708cab54", "044ca0f0a7948140f562cca6dca7177adeb4a740d195f03a870577f7a772299b", "032fe6ac96f6fb21fd01e2c0c146511f55b7a698f4520b2baa98921bed2192ca", "04149273008ed5b1aef18a5196719295e65ad049481432f5e5628a1de1208082", "01f6f311e250412bbaea712cf20a1bad3d033499d6b9feb1989c09d0d3b52bf5", "10c34e5c3a0aabfee083318141f9452e4cc60cad310a2dfc1a206fc83d5132b6"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "modified-executable", "hashes": ["0cdc5acf471fc39aaea4e1de4b35b97647048a306e19221da5ac479629565051", "0aabbb55d700442b8fc073e529488352830242b18501c1932bb8d01d0ca316e9", "01a927c98d1a6c4a6b4ec9a07772d16aa2e141c0713f28a9142da88dccd4661c", "1291949f551980cd13fd23fe69b5bd5591cc3272345c08c2d1e746eac3f943a9", "0d8f470ce4a58ab6bff8f30531f2e423b7eb9c835aeb105fcf06c9416fb5a96e", "029f0cdafcd1e43c80b328a4149b9351f768a26db83aafcc2e679576302571cd", "0b10a7c650b7a702f86164af756af70372649e9f071e5dc60d3da73479902df8", "0bd49c63bf53de7d8c6efc3a1756a68041fba3c8e15fccf7266a56f972edc1df", "1165b40f6d4dac6d2c478553fcaaa541306b8246684108e001618238c4d3abd5", "1027dd8ba0228dc47765f32f6328f3bfde47585b5870ef5e59791ed6667a7419", "053f3008ebc5891beb7724ef27cf68da91289440de7e59b20f104398fa8288e9", "05da1dffe77ae855f9ce7cb1f3ebc32d9701ba5e28654a04d5700ff4c75d9cb2", "0d23312c0f80a322e11a114a700ebb97814d29deed5c90dcbb76f404052ad0b4", "03c81f2f1bb42eeb694a778e87fd3e5b44cd81f91a2604f45044437490638419", "075f636f08c1f017ab277e97a3ae5cd1bce9072f03a5bdaeac7c5500ad390acc", "053662d3d28f0490b893404303c9eb8279c59774c54c8a119b56e0dd20500140", "0b52d2766c544cc0c0ef432e4e01a02f04e6d31dbe52f416a6ab962a4bb61f07", "052dd08dd67d615ac889ac38f34619e11f1c397471d2eeac5b9d921006aa193d", "07c6f9532ac8e9ac978c8a4d344d2cd92212208f8cad3f88d31f06ed89dd1e9e", "0ece757c57f02ee83048fa87cd7582427f2fca256231182d0fa7dfb4708cab54", "044ca0f0a7948140f562cca6dca7177adeb4a740d195f03a870577f7a772299b", "032fe6ac96f6fb21fd01e2c0c146511f55b7a698f4520b2baa98921bed2192ca", "04149273008ed5b1aef18a5196719295e65ad049481432f5e5628a1de1208082", "01f6f311e250412bbaea712cf20a1bad3d033499d6b9feb1989c09d0d3b52bf5", "10c34e5c3a0aabfee083318141f9452e4cc60cad310a2dfc1a206fc83d5132b6"], "mitre_attack_tags": []}, {"bi": "created-executable-in-user-dir", "hashes": ["0cdc5acf471fc39aaea4e1de4b35b97647048a306e19221da5ac479629565051", "0aabbb55d700442b8fc073e529488352830242b18501c1932bb8d01d0ca316e9", "01a927c98d1a6c4a6b4ec9a07772d16aa2e141c0713f28a9142da88dccd4661c", "1291949f551980cd13fd23fe69b5bd5591cc3272345c08c2d1e746eac3f943a9", "0d8f470ce4a58ab6bff8f30531f2e423b7eb9c835aeb105fcf06c9416fb5a96e", "029f0cdafcd1e43c80b328a4149b9351f768a26db83aafcc2e679576302571cd", "0b10a7c650b7a702f86164af756af70372649e9f071e5dc60d3da73479902df8", "0bd49c63bf53de7d8c6efc3a1756a68041fba3c8e15fccf7266a56f972edc1df", "1165b40f6d4dac6d2c478553fcaaa541306b8246684108e001618238c4d3abd5", "1027dd8ba0228dc47765f32f6328f3bfde47585b5870ef5e59791ed6667a7419", "053f3008ebc5891beb7724ef27cf68da91289440de7e59b20f104398fa8288e9", "05da1dffe77ae855f9ce7cb1f3ebc32d9701ba5e28654a04d5700ff4c75d9cb2", "0d23312c0f80a322e11a114a700ebb97814d29deed5c90dcbb76f404052ad0b4", "03c81f2f1bb42eeb694a778e87fd3e5b44cd81f91a2604f45044437490638419", "075f636f08c1f017ab277e97a3ae5cd1bce9072f03a5bdaeac7c5500ad390acc", "053662d3d28f0490b893404303c9eb8279c59774c54c8a119b56e0dd20500140", "0b52d2766c544cc0c0ef432e4e01a02f04e6d31dbe52f416a6ab962a4bb61f07", "052dd08dd67d615ac889ac38f34619e11f1c397471d2eeac5b9d921006aa193d", "07c6f9532ac8e9ac978c8a4d344d2cd92212208f8cad3f88d31f06ed89dd1e9e", "0ece757c57f02ee83048fa87cd7582427f2fca256231182d0fa7dfb4708cab54", "044ca0f0a7948140f562cca6dca7177adeb4a740d195f03a870577f7a772299b", "032fe6ac96f6fb21fd01e2c0c146511f55b7a698f4520b2baa98921bed2192ca", "04149273008ed5b1aef18a5196719295e65ad049481432f5e5628a1de1208082", "01f6f311e250412bbaea712cf20a1bad3d033499d6b9feb1989c09d0d3b52bf5", "10c34e5c3a0aabfee083318141f9452e4cc60cad310a2dfc1a206fc83d5132b6"], "mitre_attack_tags": []}, {"bi": "modified-file-in-user-dir", "hashes": ["0cdc5acf471fc39aaea4e1de4b35b97647048a306e19221da5ac479629565051", "0aabbb55d700442b8fc073e529488352830242b18501c1932bb8d01d0ca316e9", "01a927c98d1a6c4a6b4ec9a07772d16aa2e141c0713f28a9142da88dccd4661c", "1291949f551980cd13fd23fe69b5bd5591cc3272345c08c2d1e746eac3f943a9", "0d8f470ce4a58ab6bff8f30531f2e423b7eb9c835aeb105fcf06c9416fb5a96e", "029f0cdafcd1e43c80b328a4149b9351f768a26db83aafcc2e679576302571cd", "0b10a7c650b7a702f86164af756af70372649e9f071e5dc60d3da73479902df8", "0bd49c63bf53de7d8c6efc3a1756a68041fba3c8e15fccf7266a56f972edc1df", "1165b40f6d4dac6d2c478553fcaaa541306b8246684108e001618238c4d3abd5", "1027dd8ba0228dc47765f32f6328f3bfde47585b5870ef5e59791ed6667a7419", "053f3008ebc5891beb7724ef27cf68da91289440de7e59b20f104398fa8288e9", "05da1dffe77ae855f9ce7cb1f3ebc32d9701ba5e28654a04d5700ff4c75d9cb2", "0d23312c0f80a322e11a114a700ebb97814d29deed5c90dcbb76f404052ad0b4", "03c81f2f1bb42eeb694a778e87fd3e5b44cd81f91a2604f45044437490638419", "075f636f08c1f017ab277e97a3ae5cd1bce9072f03a5bdaeac7c5500ad390acc", "053662d3d28f0490b893404303c9eb8279c59774c54c8a119b56e0dd20500140", "0b52d2766c544cc0c0ef432e4e01a02f04e6d31dbe52f416a6ab962a4bb61f07", "052dd08dd67d615ac889ac38f34619e11f1c397471d2eeac5b9d921006aa193d", "07c6f9532ac8e9ac978c8a4d344d2cd92212208f8cad3f88d31f06ed89dd1e9e", "0ece757c57f02ee83048fa87cd7582427f2fca256231182d0fa7dfb4708cab54", "044ca0f0a7948140f562cca6dca7177adeb4a740d195f03a870577f7a772299b", "032fe6ac96f6fb21fd01e2c0c146511f55b7a698f4520b2baa98921bed2192ca", "04149273008ed5b1aef18a5196719295e65ad049481432f5e5628a1de1208082", "01f6f311e250412bbaea712cf20a1bad3d033499d6b9feb1989c09d0d3b52bf5", "10c34e5c3a0aabfee083318141f9452e4cc60cad310a2dfc1a206fc83d5132b6"], "mitre_attack_tags": []}, {"bi": "deleted-submitted-file", "hashes": ["0cdc5acf471fc39aaea4e1de4b35b97647048a306e19221da5ac479629565051", "0aabbb55d700442b8fc073e529488352830242b18501c1932bb8d01d0ca316e9", "01a927c98d1a6c4a6b4ec9a07772d16aa2e141c0713f28a9142da88dccd4661c", "1291949f551980cd13fd23fe69b5bd5591cc3272345c08c2d1e746eac3f943a9", "0d8f470ce4a58ab6bff8f30531f2e423b7eb9c835aeb105fcf06c9416fb5a96e", "029f0cdafcd1e43c80b328a4149b9351f768a26db83aafcc2e679576302571cd", "0b10a7c650b7a702f86164af756af70372649e9f071e5dc60d3da73479902df8", "0bd49c63bf53de7d8c6efc3a1756a68041fba3c8e15fccf7266a56f972edc1df", "1165b40f6d4dac6d2c478553fcaaa541306b8246684108e001618238c4d3abd5", "1027dd8ba0228dc47765f32f6328f3bfde47585b5870ef5e59791ed6667a7419", "053f3008ebc5891beb7724ef27cf68da91289440de7e59b20f104398fa8288e9", "05da1dffe77ae855f9ce7cb1f3ebc32d9701ba5e28654a04d5700ff4c75d9cb2", "0d23312c0f80a322e11a114a700ebb97814d29deed5c90dcbb76f404052ad0b4", "03c81f2f1bb42eeb694a778e87fd3e5b44cd81f91a2604f45044437490638419", "075f636f08c1f017ab277e97a3ae5cd1bce9072f03a5bdaeac7c5500ad390acc", "053662d3d28f0490b893404303c9eb8279c59774c54c8a119b56e0dd20500140", "0b52d2766c544cc0c0ef432e4e01a02f04e6d31dbe52f416a6ab962a4bb61f07", "052dd08dd67d615ac889ac38f34619e11f1c397471d2eeac5b9d921006aa193d", "07c6f9532ac8e9ac978c8a4d344d2cd92212208f8cad3f88d31f06ed89dd1e9e", "0ece757c57f02ee83048fa87cd7582427f2fca256231182d0fa7dfb4708cab54", "044ca0f0a7948140f562cca6dca7177adeb4a740d195f03a870577f7a772299b", "032fe6ac96f6fb21fd01e2c0c146511f55b7a698f4520b2baa98921bed2192ca", "04149273008ed5b1aef18a5196719295e65ad049481432f5e5628a1de1208082", "01f6f311e250412bbaea712cf20a1bad3d033499d6b9feb1989c09d0d3b52bf5", "10c34e5c3a0aabfee083318141f9452e4cc60cad310a2dfc1a206fc83d5132b6"], "mitre_attack_tags": ["TA0005"]}, {"bi": "compound-vb-self-delete", "hashes": ["0cdc5acf471fc39aaea4e1de4b35b97647048a306e19221da5ac479629565051", "0aabbb55d700442b8fc073e529488352830242b18501c1932bb8d01d0ca316e9", "01a927c98d1a6c4a6b4ec9a07772d16aa2e141c0713f28a9142da88dccd4661c", "1291949f551980cd13fd23fe69b5bd5591cc3272345c08c2d1e746eac3f943a9", "0d8f470ce4a58ab6bff8f30531f2e423b7eb9c835aeb105fcf06c9416fb5a96e", "029f0cdafcd1e43c80b328a4149b9351f768a26db83aafcc2e679576302571cd", "0b10a7c650b7a702f86164af756af70372649e9f071e5dc60d3da73479902df8", "0bd49c63bf53de7d8c6efc3a1756a68041fba3c8e15fccf7266a56f972edc1df", "1165b40f6d4dac6d2c478553fcaaa541306b8246684108e001618238c4d3abd5", "1027dd8ba0228dc47765f32f6328f3bfde47585b5870ef5e59791ed6667a7419", "053f3008ebc5891beb7724ef27cf68da91289440de7e59b20f104398fa8288e9", "05da1dffe77ae855f9ce7cb1f3ebc32d9701ba5e28654a04d5700ff4c75d9cb2", "0d23312c0f80a322e11a114a700ebb97814d29deed5c90dcbb76f404052ad0b4", "03c81f2f1bb42eeb694a778e87fd3e5b44cd81f91a2604f45044437490638419", "075f636f08c1f017ab277e97a3ae5cd1bce9072f03a5bdaeac7c5500ad390acc", "053662d3d28f0490b893404303c9eb8279c59774c54c8a119b56e0dd20500140", "0b52d2766c544cc0c0ef432e4e01a02f04e6d31dbe52f416a6ab962a4bb61f07", "052dd08dd67d615ac889ac38f34619e11f1c397471d2eeac5b9d921006aa193d", "07c6f9532ac8e9ac978c8a4d344d2cd92212208f8cad3f88d31f06ed89dd1e9e", "0ece757c57f02ee83048fa87cd7582427f2fca256231182d0fa7dfb4708cab54", "044ca0f0a7948140f562cca6dca7177adeb4a740d195f03a870577f7a772299b", "032fe6ac96f6fb21fd01e2c0c146511f55b7a698f4520b2baa98921bed2192ca", "04149273008ed5b1aef18a5196719295e65ad049481432f5e5628a1de1208082", "01f6f311e250412bbaea712cf20a1bad3d033499d6b9feb1989c09d0d3b52bf5", "10c34e5c3a0aabfee083318141f9452e4cc60cad310a2dfc1a206fc83d5132b6"], "mitre_attack_tags": []}, {"bi": "registry-autorun-key-data-dir", "hashes": ["0cdc5acf471fc39aaea4e1de4b35b97647048a306e19221da5ac479629565051", "0aabbb55d700442b8fc073e529488352830242b18501c1932bb8d01d0ca316e9", "01a927c98d1a6c4a6b4ec9a07772d16aa2e141c0713f28a9142da88dccd4661c", "1291949f551980cd13fd23fe69b5bd5591cc3272345c08c2d1e746eac3f943a9", "0d8f470ce4a58ab6bff8f30531f2e423b7eb9c835aeb105fcf06c9416fb5a96e", "029f0cdafcd1e43c80b328a4149b9351f768a26db83aafcc2e679576302571cd", "0b10a7c650b7a702f86164af756af70372649e9f071e5dc60d3da73479902df8", "0bd49c63bf53de7d8c6efc3a1756a68041fba3c8e15fccf7266a56f972edc1df", "1165b40f6d4dac6d2c478553fcaaa541306b8246684108e001618238c4d3abd5", "1027dd8ba0228dc47765f32f6328f3bfde47585b5870ef5e59791ed6667a7419", "053f3008ebc5891beb7724ef27cf68da91289440de7e59b20f104398fa8288e9", "05da1dffe77ae855f9ce7cb1f3ebc32d9701ba5e28654a04d5700ff4c75d9cb2", "0d23312c0f80a322e11a114a700ebb97814d29deed5c90dcbb76f404052ad0b4", "03c81f2f1bb42eeb694a778e87fd3e5b44cd81f91a2604f45044437490638419", "075f636f08c1f017ab277e97a3ae5cd1bce9072f03a5bdaeac7c5500ad390acc", "053662d3d28f0490b893404303c9eb8279c59774c54c8a119b56e0dd20500140", "0b52d2766c544cc0c0ef432e4e01a02f04e6d31dbe52f416a6ab962a4bb61f07", "052dd08dd67d615ac889ac38f34619e11f1c397471d2eeac5b9d921006aa193d", "07c6f9532ac8e9ac978c8a4d344d2cd92212208f8cad3f88d31f06ed89dd1e9e", "0ece757c57f02ee83048fa87cd7582427f2fca256231182d0fa7dfb4708cab54", "044ca0f0a7948140f562cca6dca7177adeb4a740d195f03a870577f7a772299b", "032fe6ac96f6fb21fd01e2c0c146511f55b7a698f4520b2baa98921bed2192ca", "04149273008ed5b1aef18a5196719295e65ad049481432f5e5628a1de1208082", "01f6f311e250412bbaea712cf20a1bad3d033499d6b9feb1989c09d0d3b52bf5", "10c34e5c3a0aabfee083318141f9452e4cc60cad310a2dfc1a206fc83d5132b6"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "registry-autorun-key-modified", "hashes": ["0cdc5acf471fc39aaea4e1de4b35b97647048a306e19221da5ac479629565051", "0aabbb55d700442b8fc073e529488352830242b18501c1932bb8d01d0ca316e9", "01a927c98d1a6c4a6b4ec9a07772d16aa2e141c0713f28a9142da88dccd4661c", "1291949f551980cd13fd23fe69b5bd5591cc3272345c08c2d1e746eac3f943a9", "0d8f470ce4a58ab6bff8f30531f2e423b7eb9c835aeb105fcf06c9416fb5a96e", "029f0cdafcd1e43c80b328a4149b9351f768a26db83aafcc2e679576302571cd", "0b10a7c650b7a702f86164af756af70372649e9f071e5dc60d3da73479902df8", "0bd49c63bf53de7d8c6efc3a1756a68041fba3c8e15fccf7266a56f972edc1df", "1165b40f6d4dac6d2c478553fcaaa541306b8246684108e001618238c4d3abd5", "1027dd8ba0228dc47765f32f6328f3bfde47585b5870ef5e59791ed6667a7419", "053f3008ebc5891beb7724ef27cf68da91289440de7e59b20f104398fa8288e9", "05da1dffe77ae855f9ce7cb1f3ebc32d9701ba5e28654a04d5700ff4c75d9cb2", "0d23312c0f80a322e11a114a700ebb97814d29deed5c90dcbb76f404052ad0b4", "03c81f2f1bb42eeb694a778e87fd3e5b44cd81f91a2604f45044437490638419", "075f636f08c1f017ab277e97a3ae5cd1bce9072f03a5bdaeac7c5500ad390acc", "053662d3d28f0490b893404303c9eb8279c59774c54c8a119b56e0dd20500140", "0b52d2766c544cc0c0ef432e4e01a02f04e6d31dbe52f416a6ab962a4bb61f07", "052dd08dd67d615ac889ac38f34619e11f1c397471d2eeac5b9d921006aa193d", "07c6f9532ac8e9ac978c8a4d344d2cd92212208f8cad3f88d31f06ed89dd1e9e", "0ece757c57f02ee83048fa87cd7582427f2fca256231182d0fa7dfb4708cab54", "044ca0f0a7948140f562cca6dca7177adeb4a740d195f03a870577f7a772299b", "032fe6ac96f6fb21fd01e2c0c146511f55b7a698f4520b2baa98921bed2192ca", "04149273008ed5b1aef18a5196719295e65ad049481432f5e5628a1de1208082", "01f6f311e250412bbaea712cf20a1bad3d033499d6b9feb1989c09d0d3b52bf5", "10c34e5c3a0aabfee083318141f9452e4cc60cad310a2dfc1a206fc83d5132b6"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "artifact-exec-extension-obfuscation", "hashes": ["0cdc5acf471fc39aaea4e1de4b35b97647048a306e19221da5ac479629565051", "0aabbb55d700442b8fc073e529488352830242b18501c1932bb8d01d0ca316e9", "01a927c98d1a6c4a6b4ec9a07772d16aa2e141c0713f28a9142da88dccd4661c", "1291949f551980cd13fd23fe69b5bd5591cc3272345c08c2d1e746eac3f943a9", "0d8f470ce4a58ab6bff8f30531f2e423b7eb9c835aeb105fcf06c9416fb5a96e", "029f0cdafcd1e43c80b328a4149b9351f768a26db83aafcc2e679576302571cd", "0b10a7c650b7a702f86164af756af70372649e9f071e5dc60d3da73479902df8", "0bd49c63bf53de7d8c6efc3a1756a68041fba3c8e15fccf7266a56f972edc1df", "1165b40f6d4dac6d2c478553fcaaa541306b8246684108e001618238c4d3abd5", "1027dd8ba0228dc47765f32f6328f3bfde47585b5870ef5e59791ed6667a7419", "053f3008ebc5891beb7724ef27cf68da91289440de7e59b20f104398fa8288e9", "05da1dffe77ae855f9ce7cb1f3ebc32d9701ba5e28654a04d5700ff4c75d9cb2", "0d23312c0f80a322e11a114a700ebb97814d29deed5c90dcbb76f404052ad0b4", "03c81f2f1bb42eeb694a778e87fd3e5b44cd81f91a2604f45044437490638419", "075f636f08c1f017ab277e97a3ae5cd1bce9072f03a5bdaeac7c5500ad390acc", "053662d3d28f0490b893404303c9eb8279c59774c54c8a119b56e0dd20500140", "0b52d2766c544cc0c0ef432e4e01a02f04e6d31dbe52f416a6ab962a4bb61f07", "052dd08dd67d615ac889ac38f34619e11f1c397471d2eeac5b9d921006aa193d", "07c6f9532ac8e9ac978c8a4d344d2cd92212208f8cad3f88d31f06ed89dd1e9e", "0ece757c57f02ee83048fa87cd7582427f2fca256231182d0fa7dfb4708cab54", "044ca0f0a7948140f562cca6dca7177adeb4a740d195f03a870577f7a772299b", "032fe6ac96f6fb21fd01e2c0c146511f55b7a698f4520b2baa98921bed2192ca", "04149273008ed5b1aef18a5196719295e65ad049481432f5e5628a1de1208082", "01f6f311e250412bbaea712cf20a1bad3d033499d6b9feb1989c09d0d3b52bf5", "10c34e5c3a0aabfee083318141f9452e4cc60cad310a2dfc1a206fc83d5132b6"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "artifact-multiple-extensions", "hashes": ["0cdc5acf471fc39aaea4e1de4b35b97647048a306e19221da5ac479629565051", "0aabbb55d700442b8fc073e529488352830242b18501c1932bb8d01d0ca316e9", "01a927c98d1a6c4a6b4ec9a07772d16aa2e141c0713f28a9142da88dccd4661c", "1291949f551980cd13fd23fe69b5bd5591cc3272345c08c2d1e746eac3f943a9", "0d8f470ce4a58ab6bff8f30531f2e423b7eb9c835aeb105fcf06c9416fb5a96e", "029f0cdafcd1e43c80b328a4149b9351f768a26db83aafcc2e679576302571cd", "0b10a7c650b7a702f86164af756af70372649e9f071e5dc60d3da73479902df8", "0bd49c63bf53de7d8c6efc3a1756a68041fba3c8e15fccf7266a56f972edc1df", "1165b40f6d4dac6d2c478553fcaaa541306b8246684108e001618238c4d3abd5", "1027dd8ba0228dc47765f32f6328f3bfde47585b5870ef5e59791ed6667a7419", "053f3008ebc5891beb7724ef27cf68da91289440de7e59b20f104398fa8288e9", "05da1dffe77ae855f9ce7cb1f3ebc32d9701ba5e28654a04d5700ff4c75d9cb2", "0d23312c0f80a322e11a114a700ebb97814d29deed5c90dcbb76f404052ad0b4", "03c81f2f1bb42eeb694a778e87fd3e5b44cd81f91a2604f45044437490638419", "075f636f08c1f017ab277e97a3ae5cd1bce9072f03a5bdaeac7c5500ad390acc", "053662d3d28f0490b893404303c9eb8279c59774c54c8a119b56e0dd20500140", "0b52d2766c544cc0c0ef432e4e01a02f04e6d31dbe52f416a6ab962a4bb61f07", "052dd08dd67d615ac889ac38f34619e11f1c397471d2eeac5b9d921006aa193d", "07c6f9532ac8e9ac978c8a4d344d2cd92212208f8cad3f88d31f06ed89dd1e9e", "0ece757c57f02ee83048fa87cd7582427f2fca256231182d0fa7dfb4708cab54", "044ca0f0a7948140f562cca6dca7177adeb4a740d195f03a870577f7a772299b", "032fe6ac96f6fb21fd01e2c0c146511f55b7a698f4520b2baa98921bed2192ca", "04149273008ed5b1aef18a5196719295e65ad049481432f5e5628a1de1208082", "01f6f311e250412bbaea712cf20a1bad3d033499d6b9feb1989c09d0d3b52bf5", "10c34e5c3a0aabfee083318141f9452e4cc60cad310a2dfc1a206fc83d5132b6"], "mitre_attack_tags": ["TA0005", "T1036"]}, {"bi": "pe-header-subsystem", "hashes": ["0c0a92c633f18385cb8502537836777131f0e9bdbf7a3e13a6eb4369f6b27b01"], "mitre_attack_tags": ["TA0005", "T1027"]}], "category": "Worm", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": false, "Threat Grid": true, "Umbrella": false, "WSA": false}, "description": "Vobfus is a worm that copies itself to external drives and attempts to gain automatic code execution via autorun.inf files. It also modifies the registry so that it will launch when the system is booted. Once installed, it attempts to download follow-on malware from its command and control (C2) servers.", "hashes": ["01a927c98d1a6c4a6b4ec9a07772d16aa2e141c0713f28a9142da88dccd4661c", "01f6f311e250412bbaea712cf20a1bad3d033499d6b9feb1989c09d0d3b52bf5", "029f0cdafcd1e43c80b328a4149b9351f768a26db83aafcc2e679576302571cd", "032fe6ac96f6fb21fd01e2c0c146511f55b7a698f4520b2baa98921bed2192ca", "03c81f2f1bb42eeb694a778e87fd3e5b44cd81f91a2604f45044437490638419", "04149273008ed5b1aef18a5196719295e65ad049481432f5e5628a1de1208082", "044ca0f0a7948140f562cca6dca7177adeb4a740d195f03a870577f7a772299b", "052dd08dd67d615ac889ac38f34619e11f1c397471d2eeac5b9d921006aa193d", "053662d3d28f0490b893404303c9eb8279c59774c54c8a119b56e0dd20500140", "053f3008ebc5891beb7724ef27cf68da91289440de7e59b20f104398fa8288e9", "05da1dffe77ae855f9ce7cb1f3ebc32d9701ba5e28654a04d5700ff4c75d9cb2", "075f636f08c1f017ab277e97a3ae5cd1bce9072f03a5bdaeac7c5500ad390acc", "07c6f9532ac8e9ac978c8a4d344d2cd92212208f8cad3f88d31f06ed89dd1e9e", "0aabbb55d700442b8fc073e529488352830242b18501c1932bb8d01d0ca316e9", "0b10a7c650b7a702f86164af756af70372649e9f071e5dc60d3da73479902df8", "0b52d2766c544cc0c0ef432e4e01a02f04e6d31dbe52f416a6ab962a4bb61f07", "0bd49c63bf53de7d8c6efc3a1756a68041fba3c8e15fccf7266a56f972edc1df", "0c0a92c633f18385cb8502537836777131f0e9bdbf7a3e13a6eb4369f6b27b01", "0cdc5acf471fc39aaea4e1de4b35b97647048a306e19221da5ac479629565051", "0d23312c0f80a322e11a114a700ebb97814d29deed5c90dcbb76f404052ad0b4", "0d8f470ce4a58ab6bff8f30531f2e423b7eb9c835aeb105fcf06c9416fb5a96e", "0ece757c57f02ee83048fa87cd7582427f2fca256231182d0fa7dfb4708cab54", "1027dd8ba0228dc47765f32f6328f3bfde47585b5870ef5e59791ed6667a7419", "10c34e5c3a0aabfee083318141f9452e4cc60cad310a2dfc1a206fc83d5132b6", "1165b40f6d4dac6d2c478553fcaaa541306b8246684108e001618238c4d3abd5", "1291949f551980cd13fd23fe69b5bd5591cc3272345c08c2d1e746eac3f943a9", "12caf942f4872fbaf7be5cb471bba23f66d634accd757caa222ef8b1928e5e36", "12dce4f16f7d779099bfe430d72dd6c5f9bb8b14ba444fba459ddfc2333be2b3", "12e190ba5b880ef47c4e552c5541d7bf3949c03d5def7cd68d3878bbf2454fdd", "150cf64db63be92b5ff274a9376da4f005916b4809f6f31933776ffae264449a", "152083f79275fbe08c5fc7707a03cfd25e68e4805db27043ef5a49d7a68b2f92", "15ebd0a5b689ce0bdb96dbe3b8b3da5dbfa8608ce8eb298203620e55189f1eb4", "16b52ab8c043deba9d5a1113ffaef921bdd17c7a91357d7c85c20efa9199fd83", "17e8763a2789d54f476908bf607e57a341d6a480223c3af7d5e34506d0e7e3bb", "1975f8b62813293633d7e022580bfcdaa175c12dbeb1de1529bbba596f7189a9", "1a77bd2bd2d598f693c0fc8f5a96a66cf50ed43746c9a52f4ed5c18c42eddd12", "1aa7ff7160e59d09f86922bb9b023e5f0cc1fb2c82691792d0d2b067fd81c4ca", "1b909c62af9b86c2735c12a85320422195999bc96a0f502b909c19d0c6e0ab4f", "1bc4ed8065ed6c8dfdf4b2f4e956b7e1ace2dc4ce3256604e5d17407f2346012", "1c18460304e0a602ebd020ff16d770a3f205cdb75286b5a61a4e715388976453", "1c45156d53ca594b344034c6d9305121fd1cad3d0a48392800ea7056d054e5cd", "1dd76e7b8111c705d0f2602579dd5cfb93e92ea402a769a7fcb04945c86ed8ba", "1e026cbf8c63beb703ccfeb05b312264dfaa2dc0cdbaeda33bf8900bb29eb54b", "1e79d2bfb304c38da130e3266bf3ab1e7ca4ebe086768d3e39d26fedff18a026", "1e8636c95352914d6d1ec334eb62246c70e0c4dfbd81fdc2b66983154ba72da5", "1f0c4e4f7c1864b6d251744d794dce7347574d452b2aad8f766951bf4afcb764", "1f31ba8d34a5bc339a3f64776b880cf6f1d221a5f73dc134c1ae05994c64ac4b", "209fe6c2af22b1871bddb8ff990a62955d822eff9bb4ca02a4272faecb695e9a", "2292dbc90670c3f53da93aa1a3d0add7579edfb1272dbb4f3aeb4d113db5362e", "24bfaad2544e90e6dec8243803a74b17159c6cca260c6e5e3831e562490d4129", "2504119f7b8e19a9bcd118b7de63ade2f17528562960ecaa4c9968a36a35fa5b", "25a1858749a5f12ebb6ab0e914819df37e82cb044e9863b792cd4c3b721c9dac", "263f7fcf1a042caf0516ea0562d859734b54f3e42292d4ce979284df0c4a1dcc", "29813e9a2e5481b98d6a8639d1f0a75bc0e5e86c9dd475ae3400465f3c8343e3", "2b4fcc829ae96dccff957f7f1e58873142d11d8e11db4b020b90327d2d9dd2f5", "2b91f071c9490fa2b7971a4a2184004c637b6802358c0e0f4380e82e82570151", "2c730ebe2247e7d88d7002c575280febb89635322683e80daebece73bb4f0c20", "2e42f8c3a88ae32679ff13c5b136fe86a205dfac36a1e8ec4cb064967027a068", "2f51621089732fa3cd74e66dba5fcd67b403cc55d9f1596c054d0fa66b0ded66", "320602cd0ed76854e696b4c7efff0b04dfbca052339249adba9969984c807c32", "32202d8e266fa9292e7480cd4f445813b316dbb39a0672334fff43e58f51e5b3", "32fd2898a47a260d97e54d61ef8c5f99c535a465b9f339381b8edd8a81c7a840", "34a2d8c84b85828b6f2e08314811eec3910196c29129eafd60bc21d5dd5cca9b", "35169c45634d7c8a5528d0180a42940d788c7aeee8926cdbd928ba7373e80912", "35619ebdad10cc309e55f4adb66de3dd1b47d29cebfdee48dd15e683c80ef83b", "37210ba10293b9a6972a99639f0055ab8d5f88f0bd7b08ea024998b2cd42caaa", "3741f5b66fbf46900e080dbd6e4add0d2ac65da235a5958cf78df0d27d08af77", "375f9231223807a9efa61768cba945a30a34cf14c630b8e0a97675d6df02f459", "37c84107f5d20a004042b62d531803cf621ec91f9489f290eb38cb62668c82a9", "381d3300f322b1c4c2f7fe0008fafde69d13ae44d8ad363b8a56a90f8dc29b69", "38adcbe7306d9fe5dd6a33ae8e118b3119326e69e2c1797ef1b7678a9f62e1f2", "38bc5b9ad0df041f66d93cfecc79a88f47081f0ade66a0b4c68cbaf12e6814ce", "3b1b6c17a0528614aaba258c348b7c2583fa2e2829bb5138102c54dec20236a0", "3d75772872472dd2508740679147c82b566e9cb2a20b4ff9fc1b4fb24dcb0aad", "3eb9bd592485d998ac1aa40924ffa08493c9aecc4a5a1dc63cc0d9930fa5251c", "3ef96e2e2acb39a67949062d55863ea8e215ce90fd6dd3bac01d234e7a4723e0", "3f9aa26cdea9dc5ad2724b66ef87c3a6157a779d8eff68289a528c3362841717", "4041e9fa1824ff261035498871337619774ff25edc2ede335dcf8c4ed7076f9d", "4074b4acf5e0c498f068ae9acf9dde0b39ae32e392bb584e260772033a916d6c", "41356d522865197ded1256a3f4b6a04b10a9aaeace9e2331e1677f2c32159ed3", "42524ecfe7b529dd8437f3c971ba6103ab1bf065fb13d01d77c7559016c0f2d3", "426dc9d780688ff3460fd38c9f1538f378ce5918fc692677fad9b5a49f5a63c0", "444a8e0d3285b881f60b3d6d53b545ee315600e8a45d3ce3f4b318ceb4ac678b", "44d10ce98b1249df21d0ab3ebd27207507ea217b62d8aec491dee8457e1f8b39", "4592f5268d84b5297804bf3ddd83d43108374d711108dfeeacf94bf7bfe282b1", "4767a1e39ce2b3e5a1312b7235e6742508d913e8ce32d0be21d8156dbb1cc954", "47933610507139897df808232465ff61d8d4636b2891d877ff6664b2bddfcbbe", "4cd2517bebe2e09cf5704e726a2f6df3f288dbd94b254aebc81a74cbbf2b66dc", "4d2437c039ca3f99a839a7fb49bb9bee4052e7afda71a3763a5120215fbc138a", "4d2c516a289d1147fae190146cf098a7a6655b6a9e21aabbca613fee9e11e961", "4e5b81e5f57dda9319d11578aefd2db1c7f6ecb5d92192d6db8ab48c7b290a35", "4f7febfc081e8a6dbca801e4e06f43d22643651cd8fc06aed25124b9c294df5d", "50235e5254340cdb07ea726b9da0a1c542f21160f1205b5cc06d7d323daa6415", "507c79a58e2e69eb9a2ff330c10d2750ef856a05071c5cffaa0e55be750db746", "5108de3f8ed1c60fc8934004b22602de7a1a77af032008c2f26aee3a65ce905c", "511035a724366fb8a7c53d494a735d727a5b33bf5fa7afa000898f78d4975a58", "52a71fd01d60ed342aee9e11ed70a3919aae44b7547b9aacfa47aee25d68707c", "52c179080e2657280d821733300c0a95207096a64d508e2484f32020526df6bb", "52d8d97682ba2206990e25dfcf3cb108dfccf3ef67e42a7fe7427221c73729eb", "545680cd80317adb35f379b2f5f229becd0cfe1b81c1d68de21858621452fec0", "55346aa040e6772592629cf18cfaf8c62809dab200234e35452f49fa0cd597fe", "556ad6f63412900c2a4c3c73874059b8f8ec58e7d260ff80df574cf4bd703940", "55a40f2a8178cb1b49d91d3384c5c7c1e6626ea748b3d3a27fc63a1a7bc2d672", "57d893165994bcc16245c34bb932ed8121b8117566666db353b752a61916d13c", "57dc483a6100142e481d4e7a834a453d6b7d89f96220fcd7236d1eff04e7b61c", "596a6f2e6bd3f2109e0e1eabaa21b5159797085e0a5842b7fa834307c496af04", "59cb4bc44e21cc973d487c34ec6a91eb145192c40f40538ab1fca02517ebefc6", "5a055615285db7ef66da4cf5b1ef2763c1b2f8ff41482723f0329acbfdc6c62c", "5a13c384087a8eceec293d2a43192cd7e9a9fafce77e5bbe3ccf88f2a8617fff", "5a5b02870b55cefdb33258ee5e0fd5512cef610bedfcf7c7984f5ab47ec1d24c", "5b68c55330a2c292150dfad149873eab0eddb2ad2b460fa355cd4b791769142f", "5b6bafd5275f1feaf73767007385b1b478f035295aae14dec570a0c11ab72ef9", "5bc23451671137aaecd5b706d895f2202f030d9e09091b12887af9f2acb5f02c", "5c1a7b119d8b46c8b69c5963de9b231a1055a0947e08de0267b2c1ce2cf662b3", "5c2fcc006ac948edb4da1544c71484043e26db14aa03d7fa055d45acddeabdc5", "5e1d1da7bfc75b8423b28dc14e79a91b87c5a2a888aecffc1d3dff793e56967d", "5e47fd55b8652d923c47cc648e5dccbf6fbf9d6964a0b60a9d23398651fcb71a", "5e4946cd7003980233f491d289ae6984dc5574a09796cdcc2b3a0bbb1d04bbff", "5e64b8fff1c687a96813b7a142ad79acc0633ef93c9ae36bfe6fdb7e34521638", "5e78397b69f494b61262d58f551c8bb9a0dd35e353e9e6ef67d73d4769c5dd25", "61601f924351761ca48686dac305c104109a4856211547f2e7ac49d2c5d9af7a", "620f7f211f2d777414743a0f128e958cbe21b207ab27ee46e562af47a22a43a9", "6238fc8c1deb8664b3affaa76691f757f5a9141b7749a5603eb890f7818d8bf3", "6302392aaee5aa2004c5ad9f74c0e5d06f43ba0d8558861bcc6d8ce469d5561b", "632a18efea2064bcc3dd12251eee063488f9720b6abc4c527f6bc451c019687c", "65fa4f2ea28e76594f51cd7eeb30e08fca72080720fc4af2a59abd8d313c9aee", "66074f3d78ba130355500da9ed069026883c6ff7593c48ce54e9d4470d081882", "660fc0f566c11e5a72656125cd49e5021c6b2cf2919751299eb688e0486cf276", "666d42260b30e2c5167972d96599d5f78efb1f7960e3187fea226b03796d682e", "67548dc0bef46268418faa5ae85ae3e90d6d283f229d550be5433e1c4951736c", "681a4a8a5f9262cc2bf82fa5b6e5411bdc577ce3b397c0bef2d1707f75a47e80", "6878373fc8a823a4faf5ef6666ce04462ce37840626dd3a647d5a9c0a883d6b6", "6b5a0e9dba4a70e87d4cf3f5497d4fb7eec85bf8933e3f1cf03fb7924b4e0102", "6b7d03a4b519441c6217f16af735d815d96c53da0bfa3af89988ee4f4c93c942", "6bab3afc27a0c94d8e5d56cdd5775c19fab1717386a5c709db335f1f1e58c3e5", "6c68731239399a1abdfbd219a2f0168cafd1e064c2488f1185850828750dc78b", "6cc6aee3255bc159da100b6b8eb971c6a157e1575130c0ea8c1badae8ea0617e", "6d37e059b0171ec9677347b12b03ff4002dbe8086dd458988e120f4cb2a6303e", "6dac7c0d2782c34d4d89152bdccdb425cc3a40faaab9f3335899e8d6acc5d399", "6fe1fcaaec036211d6e10b52aa66d486bafdff7efdedd2b129260c0426d4b866", "70319ca52e5700e18877d17f921c85d855f76bc0da3f3795ca08320eeb6f5729", "72720a3b70bb30f601ce901b5935b1c5619f41b568f372211f9aa033d152c91d", "734697fc6b5d5252e182053f940f08ef141bfa9cbca401a43b6bc05479c29cc3", "73b75bdd62c975b9bb2211561e0036a54a27cf48957378e3db980127f67a8ab0", "73cd227ec9a8ba7d404ff0187597af33a66d086d3be28a6afd94ca3dc065cbc0", "740fed8a1cbde2c06a89da6df70f862e2a582f81efa8ec1930c3c6ccff9ca64b", "7584bf40cde1cff71c57cda096b522f3a61bd97af7aca4c5d2112d5e2c958ec8", "75ccd7d0be5900f2ea5a8ce28f806e7b05b04c27e27da67de9d92ea7490c7a4d", "75e61d299d00cd706bb4d9c198f8ee5b508ab7af8d4d35910e708eacad21450d", "76476ae19d08c0e34dac6fddca81f5ba0e6ce3ff25eb5fe03ac7d7e25291d965", "76e048ffaf5a5fac8754835d38f7e8377cc476bea69483b3e054b69fdb79c753", "7716a15cbcfd2d6cf62b108358e89c115971607a717918715d6d7876dbf60d5a", "7757cc599f8d6ef74fe0da84340d97b61c1b37153ab74a6ac5168e257d66137a", "79b6952a324866dd4b7504d552bfd6c90353c165acfe5f1bf71a626747fd9da2", "7af834e60a94f890de6a7559b6d960d6d27d7ab8daffc2c5c3040aec9ca25690", "7b094c5be7795b2e21d51295561db08b96d2aee18391a08ea68f2e0d924630d7", "7b8546a3cb055482f1d55c0a4cde1fdbda30a70ee67cb9804b54eea8bc780137", "7cf37421efe7548424769db334b78067d7b13e545ee218dadbb3f868398b5b59", "7d69de4577408ff79ddf923a66b917751461ffda9e2d8d672c8bc45a3f4994a6", "7f8dba0fe3ed168f1cea016845f266bf1cdc27fd13e2022c65c10859570bff67", "7f916f9774e61403890821335e89b5ddb61d51c0761c4a685648cf8f86513152", "8027256f9505109a43a9305f098db7688aaada35cbc1be8506a6961c7fbf6313", "8112cb4d094975cfc9a3fe3c4a26378b439a558999cbaf8697545e2f6f0ddf61", "82c212728c00ea3110a43894fd5556d4a182e400cdb059ff7b3aae688e172f7b", "838dd95f48976d3a26e3bf2505c2ce7cf4d59adccb71b0fee6475b12d4457726", "86ae362b5d9aab78633adf3b02e627ed1ff57f83e073d17f9343eda76713cd73", "873f4faa11b9a2b34185a5a4e02fa5375b01556b52a4e47a20ed5c34f17c5af5", "87c059cf2380810e48750eab0756eb7b7123773ac7149ae63663fbbac7c7fe6a", "87d9d290892ba7cc8c76e6a58fc9f234d98876ba9624afb6670f27468893fd5d", "881291265f590a8d4fe678ed3b44857ba254029841924111d5ba3b0afb45db32", "8a23de22c89474e0c1f26de12e9bfd9e8ad6231b5fecdb578f8b1f0bcd87b28c", "8ad6f82ac6f9363677cbdc412a796582a6d9e889ce7b8fba8043eb6a77b11a00", "8bd541196d6ae9322cfa67370e452618962ce8759a7d7b4f58f9fd5f2e3815e2", "8cf339967adf9f42bfd4fb5987e0faf98d8e4605e448692b809903ab898aa090", "8db0c0c20455033deb1029301b74a872a3f588b6d0215872baa14562646e0eae", "8fde8e3cab849d2eefacf538e0c7e11eecb1b3af954dcea64d1ef6bda585fcde", "9081274b8b9f9f0c5667d63cd8978ee284387cc7a29b4f35d22b573fc4024e1a", "90b0f283ff82df210c69f6a8a91c41173b6c0b8dc61475c959e65d4bebfec787", "9460d4adba8efa7045236cd2385635df7a2911d3800a5965a67c6ac436a50e38", "953e34f23baa7a2dda329333fc1f49d31cd8690c5c20f051ae95a10e02ab5550", "96a14cd90ef7ac995e68c6267e4b6775766e067ce9ebd74fb4d2067c519774bc", "9979c4683441d55c5b2e309ae5aa7395391d31d813714e5d1eba678ec00d518a", "99ec42eb938723c03bcbe028456eb4eadd926495e17c07cd1f2f0c27201a187f", "9a20d6a3c199c42e01e0a6546943a7ea19c0260d1cab3612d234f8dd44dbf2b2", "9a83e95aa1f4d40fd3cac2bcda2410d9eef94e7c3089252a490d754656063ce3", "9a9ed9730b88dd0e144ef6e7278e1d5435b77cc4bac5bab817468a6a2d58e006", "9ab12e8c5c044b114e593f9fb75e5d9da200bd81d3f856e5ff6a08d597d22bd8", "9b0466ce708c4f253b353278b2bcb862de0e102494d35d813e8e149ead793ef7", "9c00b4fbf6d8fda2c9aafa63e59ab828d831a4e1b83577e19799dc5d882d20d3", "9c6813469f13570491b8cbf68c3cbdf0b5fa8142e87365f593ad4f83231ebda9", "9c9b3628102fbcd28552166b37bc78332738c6718f80d7dbbe4714d9b32c9f5c", "9cdbfc1612e4971459da67c34f54e2c1ed4a310c11082da9a7dd05279fb00e39", "9e18e2f3341d72512cd66dbb74f51f0507a649ac875100eac9c64c7d99480ebc", "9f46fa91af96983841c403ff61808581ad1279a2b9bcf773c8e954bf37f27608", "9ffc841029f76c5f9a1a8660d5627ba43705e2f71aced122e85fc459c60fa3e1", "a019ca7371cf82b821f9975a14a4dfe1b5bf1b66ada8d93995c32d2d0b2712e4", "a0580f11375aa674e89d2138c7471941502c4da405b0e6faac467ec98bd46157", "a104bbcd0bb50f5a81198771483dc75c505af7dd6f1a82b71cd435737f88189d", "a2bdbfd249c92d9f27ac624e61413aced150e847ad81c84a8e899e96434d0672", "a3005142e44921a9724fc32bd53f3f82f54d4ebd18eff10a623a22c9bd37381d", "a37ee49817c755d1012318a29d4d9cc1ebce0f61e916c13965a7907a5d918314", "a4a46f9883afaec8f0281e42c49f03e81b11128540ca85b7d0571aeac48a5de0", "a6988a4ea72ec1403f5f5340eb51f37682ff9c176d0b45b8b7cd59a0b5658076", "a6bb21cc1450319b6da334b52cd57445281612304f72fb055d07e337e26980d2", "aa8be5c5235104bdf7051412839547c0898eb12575f53a384a5a9592952125b3", "ac189d703555c0770cac4a2d62192bf45b298ebbb2f58cfc164b3b06620e1062", "ac78e23bbee20dc72df61ee7ed2809bbe34dd63f85f557295c19bab17846a093", "ac81f047f422e79639a0987de84541eb0b36980a28f91aa17215dcedc963cc5b", "ada553679aaddf00a2076a317ab616d34dea000b9523b4d27da077e743b7d28d", "aeb57638865f66ad94ce02fbe8d22ac032edbe146a1703dd5dd01110b0e8c061", "b03eef34ae1acfb36cd4e5554372a650a81f20fd77726d93644f4064aae5192f", "b0af57dac33b59e52e7c7ecc86dacf5b203150a5d19b641c6ce0ecc802813498", "b111fcfdfb2ef2fdff5f5acc750b42ba72dad27890656a6265cc3ba5492b8345", "b221cceec7908404a9dede579cf4b2ccbf81c4138b4ed1f75ac7648691580a89", "b2a511db6c037a3e09419e31d1fc61383bb9ec1d5f4714f68a3facbd0af0d302", "b2dd868dcd9b700dc4a6d3d497c45ace713eb4f4a4656ecb6c3bb0efbbb1c53b", "b37701d60e610e5f65585f5a1bfa42914dc497076db61a03cfa27d967276d35a", "b3f86b903ab44daab1b0e6b977b972844c60ad44f4364ec0d9cf56ed40b4fa2b", "b420c3c9e67904927abd7463128389c9b867894b04ad0020f89f9706ffc9e8fa", "b534dfa63cc7dfb7bbeb2729ff5ac9eb220f1bda207423d7c15d00430ef8704e", "b57b6df52cbc7c64114f28ba1921ab2ddccaede0b1571517a7c75df664d8134b", "b587a462ee793b938b416716d350ee9f64d861b48c6de7ec04ac8d9531f3bfe1", "b694e08110eedc8b3c773e014b84f35d1b4e00645e72e1a3a94140bf9fbe84f6", "b6b8062c9776fd9683507ede567a0839e3cccd981fcb0d8fe596ae51ffb49251", "b6f886b3e8f653d30de92bbea54d17bb56ac5349545d171af80418b6b313f819", "b7f2f1d8c59a2379ebb4e7eca0c1274085c8a6acc4b60170f582cc815fe9a496", "b8e1be1a2cd01a22a3f38315ac030818f8af6d238a229c7c2b0c9e25bedf9daf", "b8f4a30bc5c55ed1a0695e415e746ae710998815ae73b1cf3fefd86c2c266058", "bae3a4e85b3b0c6f8a3309f1fc9107090cea654fafa0d09d6e3a135b0e75c9e4", "bfba8f2cbdf14a724a485b657d1934eeef6827e693092a2c54e610031ff85541", "c06bf09e5bd84ed55a3209470407f2ff3e118b7570ef8088c4c14057c18ecf90", "c08f9c54fc78d2d1b2be2e58db5523586650c6400ada5dcd345714f99a356ed1", "c17e9afb86dcdf65c06c5431643b2088aa4f1b6ec9c3e29197c7079858c94ca4", "c2cccdb686fa9389803debed6701f97d9f23c6958cd299a6d6069cfc1e8741c1", "c38d26b98a7981e43bb12404e20064b06500e718779d6830c2f5c436b06c6876", "c4661fc238b71dc722958b73e9a84b000ae14e712cb80ad05b0427904bac0ec8", "c4b5623029559aca4558ae223bccd5bb4000c0e30429c3c876eee35a2b30889d", "c515bff9a8f14cc4a0e0a639f8d9350129fb2bbc3108615c99b1c69733713fd4", "c551a97473d361f317f8d363a35d6ca4885737c4c616f6813816b51ed253a1cd", "c5b62bc7cf70ff47e7c0e978995edc7cd8a6de682a347d87ded49211a537df8c", "c5f51ef0232dbc0fec8389879da57b2c0abe586ff30a52126b912c43ab7347fc", "c632f6bb77306a6f3c834b75c9b1693e88ec22fb9819a23352468aa5d2a666d1", "c662d4391aeca782e3a5d5c4f792ead8ad2a1f34727f783f4695d20a7c952c1a", "c73974b7329becbb7ba93b38a623653a6ae6ee76ab6edd41244979fc44b7e74a", "c9b6e21887cf8d2c1143480d211555446b165cd7c201024918debf4a092f377e", "ca343968b154735df0afcb83f6a2ac53879c2153c321f5ee3d77d969b960724c", "cb64f8df5cd66e1bd8e32e687c21879a74cdb5f3a75ece81f18d95d2c8870e79", "cde4b75b1ee3fdff7e6f9a659164c056aa1fe72a1880be813970421cfd2580ad", "cf20e8b5ea9c71ec516a4d2bbcc75708a56db00d46a865cf86e823fdf5207be8", "cf3df74285d85dcafbac03f4a76fa4d509d30c28480734b6b89da1ee7ff4495a", "d0cdd1d47a1d520e1ecfbe812108d927b65b39720d62695d7db4b5a3bcf61d8a", "d26b9ed327aed0d4c2a1199303d9c1379b6739f6ef9297cee6208e906418f245", "d3d84f830384eeb6359d45803d6ab6f5df757a1fa860da3fad0c7c313ea37bfc", "d459657f3f2500f7a7f4f856af16281544c9abe3627ac1cceb677482ea8fdf6d", "d47d0cb3be129ff411ba6c13e09863a3b7bfe9f598b1404bf42a6129162e8240", "d523b253d010e2936a321e2ffcdc9d7017a491af9231f7cc2143b707c5c580a3", "d56645afea91d6e251b4baf83811b04634e3e97f3776a03772d38b7f0f200362", "d819ced817a97f76c9763038fbbded0a7c26431b8c4db9b191e13c233b9a076d", "db25c2ca198f621cf2892f4445dc8c8b03e2fd636bbce0f9ebcef8afab55316e", "ddad56effe5bc26f6bed8a0a9717e90a3feb57353259c65a0bd140117df47a27", "de9de6a1f2d880c365dfcc3f608e222cd1a76ad14ca48db3626cb2da456c16b0", "dec3aebbf55d86fd6af222dbaa3a2226b1e47d1a3ee12081ac215c562e22b178", "df18c2c869e230afb7631152da465b107defcb6d5a68db3fca5c26e4bd59a9af", "dff7c4673c50bef80efeb54f7c7420f367a6760d6ded2d3f9856d91352f68705", "e0a2fababb59deb1e1fb3558a9804d51c8e9d6e7195e04d47d7a3d1bec9dba9b", "e13693c82ff2f106be6dc6596a9c26103f6e0230dffaf69c3e8d7fb5f2dd5072", "e401df7914fb6127bad9f0bc3f26d0ccb1ac34a9a18c119bc1d6c2bc6de43697", "e7080065af17ddba42ada5bcef33b4614c9b089d876f21d4d8639dd4cbc0242c", "e76d7320269c1257894526671c1682581352436a0809ab433f5f51a14e9c9677", "e77e33a18027c349e30ffd9668a019eb621f6036228750b71b851a817cb650d4", "e98600b132a3ef604689b2b285f92eec8097cbc99a35cf54f05abe5992b86cf6", "ea97dccad86b3a0788f406727864d1e23eab4348606f3e8364a227d70f539687", "eaf4017d771ed5ae0b55a5b61eb9f460e320e19369f17b2ba53eae2b625e7047", "eda174e554b8544d9c35aa77f83a1d7a6ab23feeb936d98df2fb6c8a3f865db3", "edc2aa442d9d908e171fa246a8b6fbc220e44d76ae4c8c2cb256f7c93c21247c", "ede4b87a53e4a84dbe226e3a87a621e2ac438ba1238edc4d4a5a9ace3942c9f2", "ef524c76106fe48a6a6a415be7c50ddb5004cf5773ed46cfe6edcee7b8eeba8c", "ef7fa2486be84dae172eb341f86a657493b1b6f395d52d4ae6676c247a81be0f", "efc465db87d520e9405c1e105e1cbd64517e102ff4a6925ea03dc4c52745c0c5", "f148cc41e993213d6107e797970800e8e87f550a9ac57f8e9cc0345457151576", "f1578e965ca25a7e2e2a4218aec58179af287c5755971e22c50dbaa4e9005c1e", "f2cc2d37d5c0b52f3b37d8a398593224133a92fc8bb01cc8e732e6dd696ff40a", "f3bc6fdafadc78abb66ddf29b98285ac0d242b20ac0126378fbacfba0bc58ea5", "f3d996e2fb22b6e2e4f40e248586a09bdda6d480953dc8b659bf4c4955d6590a", "f44cd95167c93e1c8a9f1ba937f2a239a9f6c0de1b37dc8c8c7ccb7c8378071f", "f5a7732a054a781f2f67eba91ef9951347a1050e5ff1cdc51b62fc64594f45ec", "f6194bfdf8ac62981c5881ba2da461f4b181ccc45838f07a46bb80762a3c3d10", "f647889bf2e517686d83027e90a031198caeb6307617c4c1dbb52e39152dd5c6", "f8a20a93b187f04e30b71b725020bd3e10035508fa39e3010594c0fa07882000", "f8c324961244652f759e5c1c03cd6c3920d51f2a5d87948fdcc63294b5641760", "f8e238894ce5945a04bfa6cf1c5b765234aab612c208b20368350ee5bc7477f9", "fa50513f42a0946709da9ceb34fcf2fd53c08068655e0bd28d62b2d0f564064a", "fa58ef03ca3a1ca894f7ac30ec210c675043de5fa11ddcad306f27a2d76da33e", "fa87bd845cc56471904aac3bf11ed25d4ee1e3a64e8c3266b74af8c9aa543ad4", "fd066104967e98b267b9d984120f5e152eed4aebfc7c9d2f3acdc4821ae7c297", "fd88678a9c621a39959913b74bfbda4152c6620b2a4a01451e58f0ac6a020f74", "fd9c261ce0819e69a8b8785d375ad870167c93ffa1674920bad5fae1e0257640", "ff0bce6c9d01760d13b7ea3fdbd19326e2da775bbdbd9617f9caa3217536f1a1", "ff5a4f5dabf4e47771508f894b2dcd4033748ca4f53b913faf561642b2749560", "ff77b099a37c7012bfb0a5d29f82cac817590f3d1476c6bca28aaab5aea5fa54", "ffb65fe42644823f7081174188119167e9eb1333ac0c4df64e4abc05377c5f22"], "iocs": {"domain": [], "file": [{"hashes": ["01a927c98d1a6c4a6b4ec9a07772d16aa2e141c0713f28a9142da88dccd4661c", "01f6f311e250412bbaea712cf20a1bad3d033499d6b9feb1989c09d0d3b52bf5", "029f0cdafcd1e43c80b328a4149b9351f768a26db83aafcc2e679576302571cd", "032fe6ac96f6fb21fd01e2c0c146511f55b7a698f4520b2baa98921bed2192ca", "03c81f2f1bb42eeb694a778e87fd3e5b44cd81f91a2604f45044437490638419", "04149273008ed5b1aef18a5196719295e65ad049481432f5e5628a1de1208082", "044ca0f0a7948140f562cca6dca7177adeb4a740d195f03a870577f7a772299b", "052dd08dd67d615ac889ac38f34619e11f1c397471d2eeac5b9d921006aa193d", "053662d3d28f0490b893404303c9eb8279c59774c54c8a119b56e0dd20500140", "053f3008ebc5891beb7724ef27cf68da91289440de7e59b20f104398fa8288e9", "05da1dffe77ae855f9ce7cb1f3ebc32d9701ba5e28654a04d5700ff4c75d9cb2", "075f636f08c1f017ab277e97a3ae5cd1bce9072f03a5bdaeac7c5500ad390acc", "07c6f9532ac8e9ac978c8a4d344d2cd92212208f8cad3f88d31f06ed89dd1e9e", "0aabbb55d700442b8fc073e529488352830242b18501c1932bb8d01d0ca316e9", "0b10a7c650b7a702f86164af756af70372649e9f071e5dc60d3da73479902df8", "0b52d2766c544cc0c0ef432e4e01a02f04e6d31dbe52f416a6ab962a4bb61f07", "0bd49c63bf53de7d8c6efc3a1756a68041fba3c8e15fccf7266a56f972edc1df", "0cdc5acf471fc39aaea4e1de4b35b97647048a306e19221da5ac479629565051", "0d23312c0f80a322e11a114a700ebb97814d29deed5c90dcbb76f404052ad0b4", "0d8f470ce4a58ab6bff8f30531f2e423b7eb9c835aeb105fcf06c9416fb5a96e", "0ece757c57f02ee83048fa87cd7582427f2fca256231182d0fa7dfb4708cab54", "1027dd8ba0228dc47765f32f6328f3bfde47585b5870ef5e59791ed6667a7419", "10c34e5c3a0aabfee083318141f9452e4cc60cad310a2dfc1a206fc83d5132b6", "1165b40f6d4dac6d2c478553fcaaa541306b8246684108e001618238c4d3abd5", "1291949f551980cd13fd23fe69b5bd5591cc3272345c08c2d1e746eac3f943a9"], "path": "%TEMP%\\win32hlp.exe.jpg"}, {"hashes": ["01a927c98d1a6c4a6b4ec9a07772d16aa2e141c0713f28a9142da88dccd4661c", "01f6f311e250412bbaea712cf20a1bad3d033499d6b9feb1989c09d0d3b52bf5", "029f0cdafcd1e43c80b328a4149b9351f768a26db83aafcc2e679576302571cd", "032fe6ac96f6fb21fd01e2c0c146511f55b7a698f4520b2baa98921bed2192ca", "03c81f2f1bb42eeb694a778e87fd3e5b44cd81f91a2604f45044437490638419", "04149273008ed5b1aef18a5196719295e65ad049481432f5e5628a1de1208082", "044ca0f0a7948140f562cca6dca7177adeb4a740d195f03a870577f7a772299b", "052dd08dd67d615ac889ac38f34619e11f1c397471d2eeac5b9d921006aa193d", "053662d3d28f0490b893404303c9eb8279c59774c54c8a119b56e0dd20500140", "053f3008ebc5891beb7724ef27cf68da91289440de7e59b20f104398fa8288e9", "05da1dffe77ae855f9ce7cb1f3ebc32d9701ba5e28654a04d5700ff4c75d9cb2", "075f636f08c1f017ab277e97a3ae5cd1bce9072f03a5bdaeac7c5500ad390acc", "07c6f9532ac8e9ac978c8a4d344d2cd92212208f8cad3f88d31f06ed89dd1e9e", "0aabbb55d700442b8fc073e529488352830242b18501c1932bb8d01d0ca316e9", "0b10a7c650b7a702f86164af756af70372649e9f071e5dc60d3da73479902df8", "0b52d2766c544cc0c0ef432e4e01a02f04e6d31dbe52f416a6ab962a4bb61f07", "0bd49c63bf53de7d8c6efc3a1756a68041fba3c8e15fccf7266a56f972edc1df", "0cdc5acf471fc39aaea4e1de4b35b97647048a306e19221da5ac479629565051", "0d23312c0f80a322e11a114a700ebb97814d29deed5c90dcbb76f404052ad0b4", "0d8f470ce4a58ab6bff8f30531f2e423b7eb9c835aeb105fcf06c9416fb5a96e", "0ece757c57f02ee83048fa87cd7582427f2fca256231182d0fa7dfb4708cab54", "1027dd8ba0228dc47765f32f6328f3bfde47585b5870ef5e59791ed6667a7419", "10c34e5c3a0aabfee083318141f9452e4cc60cad310a2dfc1a206fc83d5132b6", "1165b40f6d4dac6d2c478553fcaaa541306b8246684108e001618238c4d3abd5", "1291949f551980cd13fd23fe69b5bd5591cc3272345c08c2d1e746eac3f943a9"], "path": "%APPDATA%\\win32hlp.exe"}], "ip": [{"hashes": ["01a927c98d1a6c4a6b4ec9a07772d16aa2e141c0713f28a9142da88dccd4661c", "01f6f311e250412bbaea712cf20a1bad3d033499d6b9feb1989c09d0d3b52bf5", "029f0cdafcd1e43c80b328a4149b9351f768a26db83aafcc2e679576302571cd", "032fe6ac96f6fb21fd01e2c0c146511f55b7a698f4520b2baa98921bed2192ca", "03c81f2f1bb42eeb694a778e87fd3e5b44cd81f91a2604f45044437490638419", "04149273008ed5b1aef18a5196719295e65ad049481432f5e5628a1de1208082", "044ca0f0a7948140f562cca6dca7177adeb4a740d195f03a870577f7a772299b", "052dd08dd67d615ac889ac38f34619e11f1c397471d2eeac5b9d921006aa193d", "053662d3d28f0490b893404303c9eb8279c59774c54c8a119b56e0dd20500140", "053f3008ebc5891beb7724ef27cf68da91289440de7e59b20f104398fa8288e9", "05da1dffe77ae855f9ce7cb1f3ebc32d9701ba5e28654a04d5700ff4c75d9cb2", "075f636f08c1f017ab277e97a3ae5cd1bce9072f03a5bdaeac7c5500ad390acc", "07c6f9532ac8e9ac978c8a4d344d2cd92212208f8cad3f88d31f06ed89dd1e9e", "0aabbb55d700442b8fc073e529488352830242b18501c1932bb8d01d0ca316e9", "0b10a7c650b7a702f86164af756af70372649e9f071e5dc60d3da73479902df8", "0b52d2766c544cc0c0ef432e4e01a02f04e6d31dbe52f416a6ab962a4bb61f07", "0bd49c63bf53de7d8c6efc3a1756a68041fba3c8e15fccf7266a56f972edc1df", "0cdc5acf471fc39aaea4e1de4b35b97647048a306e19221da5ac479629565051", "0d23312c0f80a322e11a114a700ebb97814d29deed5c90dcbb76f404052ad0b4", "0d8f470ce4a58ab6bff8f30531f2e423b7eb9c835aeb105fcf06c9416fb5a96e", "0ece757c57f02ee83048fa87cd7582427f2fca256231182d0fa7dfb4708cab54", "1027dd8ba0228dc47765f32f6328f3bfde47585b5870ef5e59791ed6667a7419", "10c34e5c3a0aabfee083318141f9452e4cc60cad310a2dfc1a206fc83d5132b6", "1165b40f6d4dac6d2c478553fcaaa541306b8246684108e001618238c4d3abd5", "1291949f551980cd13fd23fe69b5bd5591cc3272345c08c2d1e746eac3f943a9"], "ip": "173[.]192[.]176[.]139"}], "mutex": [{"hashes": ["01a927c98d1a6c4a6b4ec9a07772d16aa2e141c0713f28a9142da88dccd4661c", "01f6f311e250412bbaea712cf20a1bad3d033499d6b9feb1989c09d0d3b52bf5", "029f0cdafcd1e43c80b328a4149b9351f768a26db83aafcc2e679576302571cd", "032fe6ac96f6fb21fd01e2c0c146511f55b7a698f4520b2baa98921bed2192ca", "03c81f2f1bb42eeb694a778e87fd3e5b44cd81f91a2604f45044437490638419", "04149273008ed5b1aef18a5196719295e65ad049481432f5e5628a1de1208082", "044ca0f0a7948140f562cca6dca7177adeb4a740d195f03a870577f7a772299b", "052dd08dd67d615ac889ac38f34619e11f1c397471d2eeac5b9d921006aa193d", "053662d3d28f0490b893404303c9eb8279c59774c54c8a119b56e0dd20500140", "053f3008ebc5891beb7724ef27cf68da91289440de7e59b20f104398fa8288e9", "05da1dffe77ae855f9ce7cb1f3ebc32d9701ba5e28654a04d5700ff4c75d9cb2", "075f636f08c1f017ab277e97a3ae5cd1bce9072f03a5bdaeac7c5500ad390acc", "07c6f9532ac8e9ac978c8a4d344d2cd92212208f8cad3f88d31f06ed89dd1e9e", "0aabbb55d700442b8fc073e529488352830242b18501c1932bb8d01d0ca316e9", "0b10a7c650b7a702f86164af756af70372649e9f071e5dc60d3da73479902df8", "0b52d2766c544cc0c0ef432e4e01a02f04e6d31dbe52f416a6ab962a4bb61f07", "0bd49c63bf53de7d8c6efc3a1756a68041fba3c8e15fccf7266a56f972edc1df", "0cdc5acf471fc39aaea4e1de4b35b97647048a306e19221da5ac479629565051", "0d23312c0f80a322e11a114a700ebb97814d29deed5c90dcbb76f404052ad0b4", "0d8f470ce4a58ab6bff8f30531f2e423b7eb9c835aeb105fcf06c9416fb5a96e", "0ece757c57f02ee83048fa87cd7582427f2fca256231182d0fa7dfb4708cab54", "1027dd8ba0228dc47765f32f6328f3bfde47585b5870ef5e59791ed6667a7419", "10c34e5c3a0aabfee083318141f9452e4cc60cad310a2dfc1a206fc83d5132b6", "1165b40f6d4dac6d2c478553fcaaa541306b8246684108e001618238c4d3abd5", "1291949f551980cd13fd23fe69b5bd5591cc3272345c08c2d1e746eac3f943a9"], "name": "bs_pxy"}], "registry": [{"hashes": ["01a927c98d1a6c4a6b4ec9a07772d16aa2e141c0713f28a9142da88dccd4661c", "01f6f311e250412bbaea712cf20a1bad3d033499d6b9feb1989c09d0d3b52bf5", "029f0cdafcd1e43c80b328a4149b9351f768a26db83aafcc2e679576302571cd", "032fe6ac96f6fb21fd01e2c0c146511f55b7a698f4520b2baa98921bed2192ca", "03c81f2f1bb42eeb694a778e87fd3e5b44cd81f91a2604f45044437490638419", "04149273008ed5b1aef18a5196719295e65ad049481432f5e5628a1de1208082", "044ca0f0a7948140f562cca6dca7177adeb4a740d195f03a870577f7a772299b", "052dd08dd67d615ac889ac38f34619e11f1c397471d2eeac5b9d921006aa193d", "053662d3d28f0490b893404303c9eb8279c59774c54c8a119b56e0dd20500140", "053f3008ebc5891beb7724ef27cf68da91289440de7e59b20f104398fa8288e9", "05da1dffe77ae855f9ce7cb1f3ebc32d9701ba5e28654a04d5700ff4c75d9cb2", "075f636f08c1f017ab277e97a3ae5cd1bce9072f03a5bdaeac7c5500ad390acc", "07c6f9532ac8e9ac978c8a4d344d2cd92212208f8cad3f88d31f06ed89dd1e9e", "0aabbb55d700442b8fc073e529488352830242b18501c1932bb8d01d0ca316e9", "0b10a7c650b7a702f86164af756af70372649e9f071e5dc60d3da73479902df8", "0b52d2766c544cc0c0ef432e4e01a02f04e6d31dbe52f416a6ab962a4bb61f07", "0bd49c63bf53de7d8c6efc3a1756a68041fba3c8e15fccf7266a56f972edc1df", "0cdc5acf471fc39aaea4e1de4b35b97647048a306e19221da5ac479629565051", "0d23312c0f80a322e11a114a700ebb97814d29deed5c90dcbb76f404052ad0b4", "0d8f470ce4a58ab6bff8f30531f2e423b7eb9c835aeb105fcf06c9416fb5a96e", "0ece757c57f02ee83048fa87cd7582427f2fca256231182d0fa7dfb4708cab54", "1027dd8ba0228dc47765f32f6328f3bfde47585b5870ef5e59791ed6667a7419", "10c34e5c3a0aabfee083318141f9452e4cc60cad310a2dfc1a206fc83d5132b6", "1165b40f6d4dac6d2c478553fcaaa541306b8246684108e001618238c4d3abd5", "1291949f551980cd13fd23fe69b5bd5591cc3272345c08c2d1e746eac3f943a9"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\EXPLORER\\RUN", "value_name": null}, {"hashes": ["01a927c98d1a6c4a6b4ec9a07772d16aa2e141c0713f28a9142da88dccd4661c", "01f6f311e250412bbaea712cf20a1bad3d033499d6b9feb1989c09d0d3b52bf5", "029f0cdafcd1e43c80b328a4149b9351f768a26db83aafcc2e679576302571cd", "032fe6ac96f6fb21fd01e2c0c146511f55b7a698f4520b2baa98921bed2192ca", "03c81f2f1bb42eeb694a778e87fd3e5b44cd81f91a2604f45044437490638419", "04149273008ed5b1aef18a5196719295e65ad049481432f5e5628a1de1208082", "044ca0f0a7948140f562cca6dca7177adeb4a740d195f03a870577f7a772299b", "052dd08dd67d615ac889ac38f34619e11f1c397471d2eeac5b9d921006aa193d", "053662d3d28f0490b893404303c9eb8279c59774c54c8a119b56e0dd20500140", "053f3008ebc5891beb7724ef27cf68da91289440de7e59b20f104398fa8288e9", "05da1dffe77ae855f9ce7cb1f3ebc32d9701ba5e28654a04d5700ff4c75d9cb2", "075f636f08c1f017ab277e97a3ae5cd1bce9072f03a5bdaeac7c5500ad390acc", "07c6f9532ac8e9ac978c8a4d344d2cd92212208f8cad3f88d31f06ed89dd1e9e", "0aabbb55d700442b8fc073e529488352830242b18501c1932bb8d01d0ca316e9", "0b10a7c650b7a702f86164af756af70372649e9f071e5dc60d3da73479902df8", "0b52d2766c544cc0c0ef432e4e01a02f04e6d31dbe52f416a6ab962a4bb61f07", "0bd49c63bf53de7d8c6efc3a1756a68041fba3c8e15fccf7266a56f972edc1df", "0cdc5acf471fc39aaea4e1de4b35b97647048a306e19221da5ac479629565051", "0d23312c0f80a322e11a114a700ebb97814d29deed5c90dcbb76f404052ad0b4", "0d8f470ce4a58ab6bff8f30531f2e423b7eb9c835aeb105fcf06c9416fb5a96e", "0ece757c57f02ee83048fa87cd7582427f2fca256231182d0fa7dfb4708cab54", "1027dd8ba0228dc47765f32f6328f3bfde47585b5870ef5e59791ed6667a7419", "10c34e5c3a0aabfee083318141f9452e4cc60cad310a2dfc1a206fc83d5132b6", "1165b40f6d4dac6d2c478553fcaaa541306b8246684108e001618238c4d3abd5", "1291949f551980cd13fd23fe69b5bd5591cc3272345c08c2d1e746eac3f943a9"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\EXPLORER\\RUN", "value_name": null}, {"hashes": ["01a927c98d1a6c4a6b4ec9a07772d16aa2e141c0713f28a9142da88dccd4661c", "01f6f311e250412bbaea712cf20a1bad3d033499d6b9feb1989c09d0d3b52bf5", "029f0cdafcd1e43c80b328a4149b9351f768a26db83aafcc2e679576302571cd", "032fe6ac96f6fb21fd01e2c0c146511f55b7a698f4520b2baa98921bed2192ca", "03c81f2f1bb42eeb694a778e87fd3e5b44cd81f91a2604f45044437490638419", "04149273008ed5b1aef18a5196719295e65ad049481432f5e5628a1de1208082", "044ca0f0a7948140f562cca6dca7177adeb4a740d195f03a870577f7a772299b", "052dd08dd67d615ac889ac38f34619e11f1c397471d2eeac5b9d921006aa193d", "053662d3d28f0490b893404303c9eb8279c59774c54c8a119b56e0dd20500140", "053f3008ebc5891beb7724ef27cf68da91289440de7e59b20f104398fa8288e9", "05da1dffe77ae855f9ce7cb1f3ebc32d9701ba5e28654a04d5700ff4c75d9cb2", "075f636f08c1f017ab277e97a3ae5cd1bce9072f03a5bdaeac7c5500ad390acc", "07c6f9532ac8e9ac978c8a4d344d2cd92212208f8cad3f88d31f06ed89dd1e9e", "0aabbb55d700442b8fc073e529488352830242b18501c1932bb8d01d0ca316e9", "0b10a7c650b7a702f86164af756af70372649e9f071e5dc60d3da73479902df8", "0b52d2766c544cc0c0ef432e4e01a02f04e6d31dbe52f416a6ab962a4bb61f07", "0bd49c63bf53de7d8c6efc3a1756a68041fba3c8e15fccf7266a56f972edc1df", "0cdc5acf471fc39aaea4e1de4b35b97647048a306e19221da5ac479629565051", "0d23312c0f80a322e11a114a700ebb97814d29deed5c90dcbb76f404052ad0b4", "0d8f470ce4a58ab6bff8f30531f2e423b7eb9c835aeb105fcf06c9416fb5a96e", "0ece757c57f02ee83048fa87cd7582427f2fca256231182d0fa7dfb4708cab54", "1027dd8ba0228dc47765f32f6328f3bfde47585b5870ef5e59791ed6667a7419", "10c34e5c3a0aabfee083318141f9452e4cc60cad310a2dfc1a206fc83d5132b6", "1165b40f6d4dac6d2c478553fcaaa541306b8246684108e001618238c4d3abd5", "1291949f551980cd13fd23fe69b5bd5591cc3272345c08c2d1e746eac3f943a9"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "services"}, {"hashes": ["01a927c98d1a6c4a6b4ec9a07772d16aa2e141c0713f28a9142da88dccd4661c", "01f6f311e250412bbaea712cf20a1bad3d033499d6b9feb1989c09d0d3b52bf5", "029f0cdafcd1e43c80b328a4149b9351f768a26db83aafcc2e679576302571cd", "032fe6ac96f6fb21fd01e2c0c146511f55b7a698f4520b2baa98921bed2192ca", "03c81f2f1bb42eeb694a778e87fd3e5b44cd81f91a2604f45044437490638419", "04149273008ed5b1aef18a5196719295e65ad049481432f5e5628a1de1208082", "044ca0f0a7948140f562cca6dca7177adeb4a740d195f03a870577f7a772299b", "052dd08dd67d615ac889ac38f34619e11f1c397471d2eeac5b9d921006aa193d", "053662d3d28f0490b893404303c9eb8279c59774c54c8a119b56e0dd20500140", "053f3008ebc5891beb7724ef27cf68da91289440de7e59b20f104398fa8288e9", "05da1dffe77ae855f9ce7cb1f3ebc32d9701ba5e28654a04d5700ff4c75d9cb2", "075f636f08c1f017ab277e97a3ae5cd1bce9072f03a5bdaeac7c5500ad390acc", "07c6f9532ac8e9ac978c8a4d344d2cd92212208f8cad3f88d31f06ed89dd1e9e", "0aabbb55d700442b8fc073e529488352830242b18501c1932bb8d01d0ca316e9", "0b10a7c650b7a702f86164af756af70372649e9f071e5dc60d3da73479902df8", "0b52d2766c544cc0c0ef432e4e01a02f04e6d31dbe52f416a6ab962a4bb61f07", "0bd49c63bf53de7d8c6efc3a1756a68041fba3c8e15fccf7266a56f972edc1df", "0cdc5acf471fc39aaea4e1de4b35b97647048a306e19221da5ac479629565051", "0d23312c0f80a322e11a114a700ebb97814d29deed5c90dcbb76f404052ad0b4", "0d8f470ce4a58ab6bff8f30531f2e423b7eb9c835aeb105fcf06c9416fb5a96e", "0ece757c57f02ee83048fa87cd7582427f2fca256231182d0fa7dfb4708cab54", "1027dd8ba0228dc47765f32f6328f3bfde47585b5870ef5e59791ed6667a7419", "10c34e5c3a0aabfee083318141f9452e4cc60cad310a2dfc1a206fc83d5132b6", "1165b40f6d4dac6d2c478553fcaaa541306b8246684108e001618238c4d3abd5", "1291949f551980cd13fd23fe69b5bd5591cc3272345c08c2d1e746eac3f943a9"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "services"}, {"hashes": ["01a927c98d1a6c4a6b4ec9a07772d16aa2e141c0713f28a9142da88dccd4661c", "01f6f311e250412bbaea712cf20a1bad3d033499d6b9feb1989c09d0d3b52bf5", "029f0cdafcd1e43c80b328a4149b9351f768a26db83aafcc2e679576302571cd", "032fe6ac96f6fb21fd01e2c0c146511f55b7a698f4520b2baa98921bed2192ca", "03c81f2f1bb42eeb694a778e87fd3e5b44cd81f91a2604f45044437490638419", "04149273008ed5b1aef18a5196719295e65ad049481432f5e5628a1de1208082", "044ca0f0a7948140f562cca6dca7177adeb4a740d195f03a870577f7a772299b", "052dd08dd67d615ac889ac38f34619e11f1c397471d2eeac5b9d921006aa193d", "053662d3d28f0490b893404303c9eb8279c59774c54c8a119b56e0dd20500140", "053f3008ebc5891beb7724ef27cf68da91289440de7e59b20f104398fa8288e9", "05da1dffe77ae855f9ce7cb1f3ebc32d9701ba5e28654a04d5700ff4c75d9cb2", "075f636f08c1f017ab277e97a3ae5cd1bce9072f03a5bdaeac7c5500ad390acc", "07c6f9532ac8e9ac978c8a4d344d2cd92212208f8cad3f88d31f06ed89dd1e9e", "0aabbb55d700442b8fc073e529488352830242b18501c1932bb8d01d0ca316e9", "0b10a7c650b7a702f86164af756af70372649e9f071e5dc60d3da73479902df8", "0b52d2766c544cc0c0ef432e4e01a02f04e6d31dbe52f416a6ab962a4bb61f07", "0bd49c63bf53de7d8c6efc3a1756a68041fba3c8e15fccf7266a56f972edc1df", "0cdc5acf471fc39aaea4e1de4b35b97647048a306e19221da5ac479629565051", "0d23312c0f80a322e11a114a700ebb97814d29deed5c90dcbb76f404052ad0b4", "0d8f470ce4a58ab6bff8f30531f2e423b7eb9c835aeb105fcf06c9416fb5a96e", "0ece757c57f02ee83048fa87cd7582427f2fca256231182d0fa7dfb4708cab54", "1027dd8ba0228dc47765f32f6328f3bfde47585b5870ef5e59791ed6667a7419", "10c34e5c3a0aabfee083318141f9452e4cc60cad310a2dfc1a206fc83d5132b6", "1165b40f6d4dac6d2c478553fcaaa541306b8246684108e001618238c4d3abd5", "1291949f551980cd13fd23fe69b5bd5591cc3272345c08c2d1e746eac3f943a9"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\EXPLORER\\RUN", "value_name": "services"}, {"hashes": ["01a927c98d1a6c4a6b4ec9a07772d16aa2e141c0713f28a9142da88dccd4661c", "01f6f311e250412bbaea712cf20a1bad3d033499d6b9feb1989c09d0d3b52bf5", "029f0cdafcd1e43c80b328a4149b9351f768a26db83aafcc2e679576302571cd", "032fe6ac96f6fb21fd01e2c0c146511f55b7a698f4520b2baa98921bed2192ca", "03c81f2f1bb42eeb694a778e87fd3e5b44cd81f91a2604f45044437490638419", "04149273008ed5b1aef18a5196719295e65ad049481432f5e5628a1de1208082", "044ca0f0a7948140f562cca6dca7177adeb4a740d195f03a870577f7a772299b", "052dd08dd67d615ac889ac38f34619e11f1c397471d2eeac5b9d921006aa193d", "053662d3d28f0490b893404303c9eb8279c59774c54c8a119b56e0dd20500140", "053f3008ebc5891beb7724ef27cf68da91289440de7e59b20f104398fa8288e9", "05da1dffe77ae855f9ce7cb1f3ebc32d9701ba5e28654a04d5700ff4c75d9cb2", "075f636f08c1f017ab277e97a3ae5cd1bce9072f03a5bdaeac7c5500ad390acc", "07c6f9532ac8e9ac978c8a4d344d2cd92212208f8cad3f88d31f06ed89dd1e9e", "0aabbb55d700442b8fc073e529488352830242b18501c1932bb8d01d0ca316e9", "0b10a7c650b7a702f86164af756af70372649e9f071e5dc60d3da73479902df8", "0b52d2766c544cc0c0ef432e4e01a02f04e6d31dbe52f416a6ab962a4bb61f07", "0bd49c63bf53de7d8c6efc3a1756a68041fba3c8e15fccf7266a56f972edc1df", "0cdc5acf471fc39aaea4e1de4b35b97647048a306e19221da5ac479629565051", "0d23312c0f80a322e11a114a700ebb97814d29deed5c90dcbb76f404052ad0b4", "0d8f470ce4a58ab6bff8f30531f2e423b7eb9c835aeb105fcf06c9416fb5a96e", "0ece757c57f02ee83048fa87cd7582427f2fca256231182d0fa7dfb4708cab54", "1027dd8ba0228dc47765f32f6328f3bfde47585b5870ef5e59791ed6667a7419", "10c34e5c3a0aabfee083318141f9452e4cc60cad310a2dfc1a206fc83d5132b6", "1165b40f6d4dac6d2c478553fcaaa541306b8246684108e001618238c4d3abd5", "1291949f551980cd13fd23fe69b5bd5591cc3272345c08c2d1e746eac3f943a9"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\EXPLORER\\RUN", "value_name": "services"}]}, "reports_count": 26}, "exprev": [], "info": {"origin": "Cisco Talos Intelligence Group", "publication_date": "2023-01-13T14:23:50+00:00", "version": "2.1", "warning": "As a reminder, the information provided for the following threatsin this post is non-exhaustive and current as of the date ofpublication. Additionally, please keep in mind that IOC searchingis only one part of threat hunting. Spotting a single IOC does notnecessarily indicate maliciousness. Detection and coverage for thefollowing threats is subject to updates, pending additional threator vulnerability analysis. For the most current information, pleaserefer to your Firepower Management Center, Snort.org, or ClamAV.net."}, "signatures": ["Win.Dropper.Lokibot-9982061-1", "Win.Packed.Upatre-9982083-0", "Win.Worm.Vobfus-9982088-0", "Win.Dropper.Remcos-9982549-0", "Win.Dropper.Bifrost-9982192-0", "Win.Trojan.HawkEye-9982173-1", "Win.Dropper.TrickBot-9982207-0", "Win.Packed.DarkComet-9982401-1", "Win.Dropper.Shiz-9982208-0"]}