{"Win.Dropper.DarkKomet-9984290-0": {"bis": [{"bi": "antivirus-service-flagged-artifact", "hashes": ["4d09f136f145dbd40513abfda1bc92e7588143ee318a11c5e498995847fb6c12", "14de0def7ff5d9c43ecbcb207ab56a858fdc083229b30ef816e62e19dbf6b2d0", "a1296eade8e9e99c60155900604c318e6a5dd270495d9fd42ef5144f388ff033", "140e5bec9612622eb47912cf88cc82fc74e3ef2f0433dbc8a597cc2970b2cc02", "ecbd53c73ab4c3b0efe1f2e6aaceae13e19006584f615ead12d134d2fe52f282", "30daa7fe12aa0818aa8739ef8dac3cea625a175a27cba68998545ce25fc17c29", "d1b45a3651bfa2af1186894fc579784a5b92997d8124a1bbde8725fe259f19bf", "40511c3a0402ec8b6d90b294ea13f5d83b5f77a2a47c333c01dd231b3588da76", "f211174d53657e1edf965e99c5fdee9f15f91bff3c41c4ceca1bd9b0abc38f82", "bfe82fd70f36efa6164bbd42d196381584d661d12c5de6312806100c37042558", "21df035a886ce850512c47bfe7eb83cf1c1ab521187894483e9220e06c2fd773", "97440f7334388258e72995338186e89a40aff17ba1f6fffffdb088d04141f0be", "7bfb7f8f369004364519394d630587619447f397b1ce95f28984db7aede13982", "e4a1a2cb2e4d98adeb6eb38678de696425c437a42da49d0586028a32e7076bc8", "7d1b8b1631a84926b840cd5b857c8fb4c21af7ed394ac85c4146d464eb413f5d", "de2673264d41fe0ef2391733223e9b092483f95a34fc0a5fa1acb69a9d29f920", "ea04019c2556bd95a4d5de9f1688a39af9a09bc83353026223e0d29a2cec81b0", "06589ce72d7765cf161dd7efee2daecfe8a85899489a46d207c936af5a025528"], "mitre_attack_tags": []}, {"bi": "artifact-flagged-anomaly", "hashes": ["4d09f136f145dbd40513abfda1bc92e7588143ee318a11c5e498995847fb6c12", "14de0def7ff5d9c43ecbcb207ab56a858fdc083229b30ef816e62e19dbf6b2d0", "a1296eade8e9e99c60155900604c318e6a5dd270495d9fd42ef5144f388ff033", "140e5bec9612622eb47912cf88cc82fc74e3ef2f0433dbc8a597cc2970b2cc02", "ecbd53c73ab4c3b0efe1f2e6aaceae13e19006584f615ead12d134d2fe52f282", "30daa7fe12aa0818aa8739ef8dac3cea625a175a27cba68998545ce25fc17c29", "d1b45a3651bfa2af1186894fc579784a5b92997d8124a1bbde8725fe259f19bf", "40511c3a0402ec8b6d90b294ea13f5d83b5f77a2a47c333c01dd231b3588da76", "f211174d53657e1edf965e99c5fdee9f15f91bff3c41c4ceca1bd9b0abc38f82", "bfe82fd70f36efa6164bbd42d196381584d661d12c5de6312806100c37042558", "21df035a886ce850512c47bfe7eb83cf1c1ab521187894483e9220e06c2fd773", "97440f7334388258e72995338186e89a40aff17ba1f6fffffdb088d04141f0be", "7bfb7f8f369004364519394d630587619447f397b1ce95f28984db7aede13982", "e4a1a2cb2e4d98adeb6eb38678de696425c437a42da49d0586028a32e7076bc8", "7d1b8b1631a84926b840cd5b857c8fb4c21af7ed394ac85c4146d464eb413f5d", "de2673264d41fe0ef2391733223e9b092483f95a34fc0a5fa1acb69a9d29f920", "ea04019c2556bd95a4d5de9f1688a39af9a09bc83353026223e0d29a2cec81b0", "06589ce72d7765cf161dd7efee2daecfe8a85899489a46d207c936af5a025528"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "artifact-flagged-vm", "hashes": ["4d09f136f145dbd40513abfda1bc92e7588143ee318a11c5e498995847fb6c12", "14de0def7ff5d9c43ecbcb207ab56a858fdc083229b30ef816e62e19dbf6b2d0", "a1296eade8e9e99c60155900604c318e6a5dd270495d9fd42ef5144f388ff033", "140e5bec9612622eb47912cf88cc82fc74e3ef2f0433dbc8a597cc2970b2cc02", "ecbd53c73ab4c3b0efe1f2e6aaceae13e19006584f615ead12d134d2fe52f282", "30daa7fe12aa0818aa8739ef8dac3cea625a175a27cba68998545ce25fc17c29", "d1b45a3651bfa2af1186894fc579784a5b92997d8124a1bbde8725fe259f19bf", "40511c3a0402ec8b6d90b294ea13f5d83b5f77a2a47c333c01dd231b3588da76", "f211174d53657e1edf965e99c5fdee9f15f91bff3c41c4ceca1bd9b0abc38f82", "bfe82fd70f36efa6164bbd42d196381584d661d12c5de6312806100c37042558", "21df035a886ce850512c47bfe7eb83cf1c1ab521187894483e9220e06c2fd773", "97440f7334388258e72995338186e89a40aff17ba1f6fffffdb088d04141f0be", "7bfb7f8f369004364519394d630587619447f397b1ce95f28984db7aede13982", "e4a1a2cb2e4d98adeb6eb38678de696425c437a42da49d0586028a32e7076bc8", "7d1b8b1631a84926b840cd5b857c8fb4c21af7ed394ac85c4146d464eb413f5d", "de2673264d41fe0ef2391733223e9b092483f95a34fc0a5fa1acb69a9d29f920", "ea04019c2556bd95a4d5de9f1688a39af9a09bc83353026223e0d29a2cec81b0", "06589ce72d7765cf161dd7efee2daecfe8a85899489a46d207c936af5a025528"], "mitre_attack_tags": ["TA0005", "TA0007", "T1497"]}, {"bi": "memory-execute-readwrite", "hashes": ["4d09f136f145dbd40513abfda1bc92e7588143ee318a11c5e498995847fb6c12", "14de0def7ff5d9c43ecbcb207ab56a858fdc083229b30ef816e62e19dbf6b2d0", "a1296eade8e9e99c60155900604c318e6a5dd270495d9fd42ef5144f388ff033", "140e5bec9612622eb47912cf88cc82fc74e3ef2f0433dbc8a597cc2970b2cc02", "ecbd53c73ab4c3b0efe1f2e6aaceae13e19006584f615ead12d134d2fe52f282", "30daa7fe12aa0818aa8739ef8dac3cea625a175a27cba68998545ce25fc17c29", "d1b45a3651bfa2af1186894fc579784a5b92997d8124a1bbde8725fe259f19bf", "40511c3a0402ec8b6d90b294ea13f5d83b5f77a2a47c333c01dd231b3588da76", "f211174d53657e1edf965e99c5fdee9f15f91bff3c41c4ceca1bd9b0abc38f82", "bfe82fd70f36efa6164bbd42d196381584d661d12c5de6312806100c37042558", "21df035a886ce850512c47bfe7eb83cf1c1ab521187894483e9220e06c2fd773", "97440f7334388258e72995338186e89a40aff17ba1f6fffffdb088d04141f0be", "7d1b8b1631a84926b840cd5b857c8fb4c21af7ed394ac85c4146d464eb413f5d", "de2673264d41fe0ef2391733223e9b092483f95a34fc0a5fa1acb69a9d29f920", "ea04019c2556bd95a4d5de9f1688a39af9a09bc83353026223e0d29a2cec81b0", "06589ce72d7765cf161dd7efee2daecfe8a85899489a46d207c936af5a025528"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "excessive-foreign-memory-modification", "hashes": ["4d09f136f145dbd40513abfda1bc92e7588143ee318a11c5e498995847fb6c12", "14de0def7ff5d9c43ecbcb207ab56a858fdc083229b30ef816e62e19dbf6b2d0", "a1296eade8e9e99c60155900604c318e6a5dd270495d9fd42ef5144f388ff033", "140e5bec9612622eb47912cf88cc82fc74e3ef2f0433dbc8a597cc2970b2cc02", "ecbd53c73ab4c3b0efe1f2e6aaceae13e19006584f615ead12d134d2fe52f282", "30daa7fe12aa0818aa8739ef8dac3cea625a175a27cba68998545ce25fc17c29", "d1b45a3651bfa2af1186894fc579784a5b92997d8124a1bbde8725fe259f19bf", "40511c3a0402ec8b6d90b294ea13f5d83b5f77a2a47c333c01dd231b3588da76", "f211174d53657e1edf965e99c5fdee9f15f91bff3c41c4ceca1bd9b0abc38f82", "bfe82fd70f36efa6164bbd42d196381584d661d12c5de6312806100c37042558", "21df035a886ce850512c47bfe7eb83cf1c1ab521187894483e9220e06c2fd773", "97440f7334388258e72995338186e89a40aff17ba1f6fffffdb088d04141f0be", "7d1b8b1631a84926b840cd5b857c8fb4c21af7ed394ac85c4146d464eb413f5d", "de2673264d41fe0ef2391733223e9b092483f95a34fc0a5fa1acb69a9d29f920", "ea04019c2556bd95a4d5de9f1688a39af9a09bc83353026223e0d29a2cec81b0", "06589ce72d7765cf161dd7efee2daecfe8a85899489a46d207c936af5a025528"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "sample-launched-copy-of-self", "hashes": ["4d09f136f145dbd40513abfda1bc92e7588143ee318a11c5e498995847fb6c12", "14de0def7ff5d9c43ecbcb207ab56a858fdc083229b30ef816e62e19dbf6b2d0", "a1296eade8e9e99c60155900604c318e6a5dd270495d9fd42ef5144f388ff033", "140e5bec9612622eb47912cf88cc82fc74e3ef2f0433dbc8a597cc2970b2cc02", "ecbd53c73ab4c3b0efe1f2e6aaceae13e19006584f615ead12d134d2fe52f282", "30daa7fe12aa0818aa8739ef8dac3cea625a175a27cba68998545ce25fc17c29", "d1b45a3651bfa2af1186894fc579784a5b92997d8124a1bbde8725fe259f19bf", "40511c3a0402ec8b6d90b294ea13f5d83b5f77a2a47c333c01dd231b3588da76", "f211174d53657e1edf965e99c5fdee9f15f91bff3c41c4ceca1bd9b0abc38f82", "bfe82fd70f36efa6164bbd42d196381584d661d12c5de6312806100c37042558", "21df035a886ce850512c47bfe7eb83cf1c1ab521187894483e9220e06c2fd773", "97440f7334388258e72995338186e89a40aff17ba1f6fffffdb088d04141f0be", "7d1b8b1631a84926b840cd5b857c8fb4c21af7ed394ac85c4146d464eb413f5d", "de2673264d41fe0ef2391733223e9b092483f95a34fc0a5fa1acb69a9d29f920", "ea04019c2556bd95a4d5de9f1688a39af9a09bc83353026223e0d29a2cec81b0", "06589ce72d7765cf161dd7efee2daecfe8a85899489a46d207c936af5a025528"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "registry-autorun-key-modified", "hashes": ["4d09f136f145dbd40513abfda1bc92e7588143ee318a11c5e498995847fb6c12", "14de0def7ff5d9c43ecbcb207ab56a858fdc083229b30ef816e62e19dbf6b2d0", "a1296eade8e9e99c60155900604c318e6a5dd270495d9fd42ef5144f388ff033", "140e5bec9612622eb47912cf88cc82fc74e3ef2f0433dbc8a597cc2970b2cc02", "ecbd53c73ab4c3b0efe1f2e6aaceae13e19006584f615ead12d134d2fe52f282", "30daa7fe12aa0818aa8739ef8dac3cea625a175a27cba68998545ce25fc17c29", "d1b45a3651bfa2af1186894fc579784a5b92997d8124a1bbde8725fe259f19bf", "40511c3a0402ec8b6d90b294ea13f5d83b5f77a2a47c333c01dd231b3588da76", "f211174d53657e1edf965e99c5fdee9f15f91bff3c41c4ceca1bd9b0abc38f82", "bfe82fd70f36efa6164bbd42d196381584d661d12c5de6312806100c37042558", "21df035a886ce850512c47bfe7eb83cf1c1ab521187894483e9220e06c2fd773", "97440f7334388258e72995338186e89a40aff17ba1f6fffffdb088d04141f0be", "7d1b8b1631a84926b840cd5b857c8fb4c21af7ed394ac85c4146d464eb413f5d", "de2673264d41fe0ef2391733223e9b092483f95a34fc0a5fa1acb69a9d29f920", "ea04019c2556bd95a4d5de9f1688a39af9a09bc83353026223e0d29a2cec81b0", "06589ce72d7765cf161dd7efee2daecfe8a85899489a46d207c936af5a025528"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "process-hollowing-detected", "hashes": ["4d09f136f145dbd40513abfda1bc92e7588143ee318a11c5e498995847fb6c12", "14de0def7ff5d9c43ecbcb207ab56a858fdc083229b30ef816e62e19dbf6b2d0", "a1296eade8e9e99c60155900604c318e6a5dd270495d9fd42ef5144f388ff033", "140e5bec9612622eb47912cf88cc82fc74e3ef2f0433dbc8a597cc2970b2cc02", "ecbd53c73ab4c3b0efe1f2e6aaceae13e19006584f615ead12d134d2fe52f282", "30daa7fe12aa0818aa8739ef8dac3cea625a175a27cba68998545ce25fc17c29", "d1b45a3651bfa2af1186894fc579784a5b92997d8124a1bbde8725fe259f19bf", "40511c3a0402ec8b6d90b294ea13f5d83b5f77a2a47c333c01dd231b3588da76", "f211174d53657e1edf965e99c5fdee9f15f91bff3c41c4ceca1bd9b0abc38f82", "bfe82fd70f36efa6164bbd42d196381584d661d12c5de6312806100c37042558", "21df035a886ce850512c47bfe7eb83cf1c1ab521187894483e9220e06c2fd773", "97440f7334388258e72995338186e89a40aff17ba1f6fffffdb088d04141f0be", "7d1b8b1631a84926b840cd5b857c8fb4c21af7ed394ac85c4146d464eb413f5d", "de2673264d41fe0ef2391733223e9b092483f95a34fc0a5fa1acb69a9d29f920", "ea04019c2556bd95a4d5de9f1688a39af9a09bc83353026223e0d29a2cec81b0", "06589ce72d7765cf161dd7efee2daecfe8a85899489a46d207c936af5a025528"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "registry-autorun-key-points-to-temp", "hashes": ["4d09f136f145dbd40513abfda1bc92e7588143ee318a11c5e498995847fb6c12", "14de0def7ff5d9c43ecbcb207ab56a858fdc083229b30ef816e62e19dbf6b2d0", "a1296eade8e9e99c60155900604c318e6a5dd270495d9fd42ef5144f388ff033", "140e5bec9612622eb47912cf88cc82fc74e3ef2f0433dbc8a597cc2970b2cc02", "ecbd53c73ab4c3b0efe1f2e6aaceae13e19006584f615ead12d134d2fe52f282", "30daa7fe12aa0818aa8739ef8dac3cea625a175a27cba68998545ce25fc17c29", "d1b45a3651bfa2af1186894fc579784a5b92997d8124a1bbde8725fe259f19bf", "40511c3a0402ec8b6d90b294ea13f5d83b5f77a2a47c333c01dd231b3588da76", "f211174d53657e1edf965e99c5fdee9f15f91bff3c41c4ceca1bd9b0abc38f82", "bfe82fd70f36efa6164bbd42d196381584d661d12c5de6312806100c37042558", "21df035a886ce850512c47bfe7eb83cf1c1ab521187894483e9220e06c2fd773", "97440f7334388258e72995338186e89a40aff17ba1f6fffffdb088d04141f0be", "7d1b8b1631a84926b840cd5b857c8fb4c21af7ed394ac85c4146d464eb413f5d", "de2673264d41fe0ef2391733223e9b092483f95a34fc0a5fa1acb69a9d29f920", "ea04019c2556bd95a4d5de9f1688a39af9a09bc83353026223e0d29a2cec81b0", "06589ce72d7765cf161dd7efee2daecfe8a85899489a46d207c936af5a025528"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "feed-domain-rat", "hashes": ["4d09f136f145dbd40513abfda1bc92e7588143ee318a11c5e498995847fb6c12", "14de0def7ff5d9c43ecbcb207ab56a858fdc083229b30ef816e62e19dbf6b2d0", "a1296eade8e9e99c60155900604c318e6a5dd270495d9fd42ef5144f388ff033", "140e5bec9612622eb47912cf88cc82fc74e3ef2f0433dbc8a597cc2970b2cc02", "ecbd53c73ab4c3b0efe1f2e6aaceae13e19006584f615ead12d134d2fe52f282", "30daa7fe12aa0818aa8739ef8dac3cea625a175a27cba68998545ce25fc17c29", "40511c3a0402ec8b6d90b294ea13f5d83b5f77a2a47c333c01dd231b3588da76", "f211174d53657e1edf965e99c5fdee9f15f91bff3c41c4ceca1bd9b0abc38f82", "bfe82fd70f36efa6164bbd42d196381584d661d12c5de6312806100c37042558", "21df035a886ce850512c47bfe7eb83cf1c1ab521187894483e9220e06c2fd773", "97440f7334388258e72995338186e89a40aff17ba1f6fffffdb088d04141f0be", "7d1b8b1631a84926b840cd5b857c8fb4c21af7ed394ac85c4146d464eb413f5d", "de2673264d41fe0ef2391733223e9b092483f95a34fc0a5fa1acb69a9d29f920"], "mitre_attack_tags": []}, {"bi": "feed-domain-antivirus-service", "hashes": ["4d09f136f145dbd40513abfda1bc92e7588143ee318a11c5e498995847fb6c12", "14de0def7ff5d9c43ecbcb207ab56a858fdc083229b30ef816e62e19dbf6b2d0", "a1296eade8e9e99c60155900604c318e6a5dd270495d9fd42ef5144f388ff033", "140e5bec9612622eb47912cf88cc82fc74e3ef2f0433dbc8a597cc2970b2cc02", "ecbd53c73ab4c3b0efe1f2e6aaceae13e19006584f615ead12d134d2fe52f282", "30daa7fe12aa0818aa8739ef8dac3cea625a175a27cba68998545ce25fc17c29", "40511c3a0402ec8b6d90b294ea13f5d83b5f77a2a47c333c01dd231b3588da76", "f211174d53657e1edf965e99c5fdee9f15f91bff3c41c4ceca1bd9b0abc38f82", "bfe82fd70f36efa6164bbd42d196381584d661d12c5de6312806100c37042558", "21df035a886ce850512c47bfe7eb83cf1c1ab521187894483e9220e06c2fd773", "97440f7334388258e72995338186e89a40aff17ba1f6fffffdb088d04141f0be", "7d1b8b1631a84926b840cd5b857c8fb4c21af7ed394ac85c4146d464eb413f5d", "de2673264d41fe0ef2391733223e9b092483f95a34fc0a5fa1acb69a9d29f920"], "mitre_attack_tags": []}, {"bi": "modified-executable", "hashes": ["4d09f136f145dbd40513abfda1bc92e7588143ee318a11c5e498995847fb6c12", "14de0def7ff5d9c43ecbcb207ab56a858fdc083229b30ef816e62e19dbf6b2d0", "a1296eade8e9e99c60155900604c318e6a5dd270495d9fd42ef5144f388ff033", "140e5bec9612622eb47912cf88cc82fc74e3ef2f0433dbc8a597cc2970b2cc02", "ecbd53c73ab4c3b0efe1f2e6aaceae13e19006584f615ead12d134d2fe52f282", "30daa7fe12aa0818aa8739ef8dac3cea625a175a27cba68998545ce25fc17c29", "d1b45a3651bfa2af1186894fc579784a5b92997d8124a1bbde8725fe259f19bf", "ea04019c2556bd95a4d5de9f1688a39af9a09bc83353026223e0d29a2cec81b0", "06589ce72d7765cf161dd7efee2daecfe8a85899489a46d207c936af5a025528"], "mitre_attack_tags": []}, {"bi": "pe-packed-upx", "hashes": ["4d09f136f145dbd40513abfda1bc92e7588143ee318a11c5e498995847fb6c12", "14de0def7ff5d9c43ecbcb207ab56a858fdc083229b30ef816e62e19dbf6b2d0", "a1296eade8e9e99c60155900604c318e6a5dd270495d9fd42ef5144f388ff033", "140e5bec9612622eb47912cf88cc82fc74e3ef2f0433dbc8a597cc2970b2cc02", "ecbd53c73ab4c3b0efe1f2e6aaceae13e19006584f615ead12d134d2fe52f282", "30daa7fe12aa0818aa8739ef8dac3cea625a175a27cba68998545ce25fc17c29", "d1b45a3651bfa2af1186894fc579784a5b92997d8124a1bbde8725fe259f19bf", "ea04019c2556bd95a4d5de9f1688a39af9a09bc83353026223e0d29a2cec81b0", "06589ce72d7765cf161dd7efee2daecfe8a85899489a46d207c936af5a025528"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "antivirus-flagged-artifact", "hashes": ["4d09f136f145dbd40513abfda1bc92e7588143ee318a11c5e498995847fb6c12", "14de0def7ff5d9c43ecbcb207ab56a858fdc083229b30ef816e62e19dbf6b2d0", "a1296eade8e9e99c60155900604c318e6a5dd270495d9fd42ef5144f388ff033", "140e5bec9612622eb47912cf88cc82fc74e3ef2f0433dbc8a597cc2970b2cc02", "ecbd53c73ab4c3b0efe1f2e6aaceae13e19006584f615ead12d134d2fe52f282", "30daa7fe12aa0818aa8739ef8dac3cea625a175a27cba68998545ce25fc17c29", "ea04019c2556bd95a4d5de9f1688a39af9a09bc83353026223e0d29a2cec81b0"], "mitre_attack_tags": []}, {"bi": "dns-query-nxdomain", "hashes": ["40511c3a0402ec8b6d90b294ea13f5d83b5f77a2a47c333c01dd231b3588da76", "f211174d53657e1edf965e99c5fdee9f15f91bff3c41c4ceca1bd9b0abc38f82", "bfe82fd70f36efa6164bbd42d196381584d661d12c5de6312806100c37042558", "21df035a886ce850512c47bfe7eb83cf1c1ab521187894483e9220e06c2fd773", "97440f7334388258e72995338186e89a40aff17ba1f6fffffdb088d04141f0be", "7d1b8b1631a84926b840cd5b857c8fb4c21af7ed394ac85c4146d464eb413f5d", "de2673264d41fe0ef2391733223e9b092483f95a34fc0a5fa1acb69a9d29f920"], "mitre_attack_tags": []}, {"bi": "file-ini-read", "hashes": ["40511c3a0402ec8b6d90b294ea13f5d83b5f77a2a47c333c01dd231b3588da76", "f211174d53657e1edf965e99c5fdee9f15f91bff3c41c4ceca1bd9b0abc38f82", "bfe82fd70f36efa6164bbd42d196381584d661d12c5de6312806100c37042558", "21df035a886ce850512c47bfe7eb83cf1c1ab521187894483e9220e06c2fd773", "97440f7334388258e72995338186e89a40aff17ba1f6fffffdb088d04141f0be", "7d1b8b1631a84926b840cd5b857c8fb4c21af7ed394ac85c4146d464eb413f5d", "de2673264d41fe0ef2391733223e9b092483f95a34fc0a5fa1acb69a9d29f920"], "mitre_attack_tags": []}, {"bi": "firefox-password-manager-local-database-access", "hashes": ["40511c3a0402ec8b6d90b294ea13f5d83b5f77a2a47c333c01dd231b3588da76", "f211174d53657e1edf965e99c5fdee9f15f91bff3c41c4ceca1bd9b0abc38f82", "bfe82fd70f36efa6164bbd42d196381584d661d12c5de6312806100c37042558", "21df035a886ce850512c47bfe7eb83cf1c1ab521187894483e9220e06c2fd773", "97440f7334388258e72995338186e89a40aff17ba1f6fffffdb088d04141f0be", "7d1b8b1631a84926b840cd5b857c8fb4c21af7ed394ac85c4146d464eb413f5d", "de2673264d41fe0ef2391733223e9b092483f95a34fc0a5fa1acb69a9d29f920"], "mitre_attack_tags": ["TA0006", "T1003"]}, {"bi": "enumeration-browser-information", "hashes": ["40511c3a0402ec8b6d90b294ea13f5d83b5f77a2a47c333c01dd231b3588da76", "f211174d53657e1edf965e99c5fdee9f15f91bff3c41c4ceca1bd9b0abc38f82", "bfe82fd70f36efa6164bbd42d196381584d661d12c5de6312806100c37042558", "21df035a886ce850512c47bfe7eb83cf1c1ab521187894483e9220e06c2fd773", "97440f7334388258e72995338186e89a40aff17ba1f6fffffdb088d04141f0be", "7d1b8b1631a84926b840cd5b857c8fb4c21af7ed394ac85c4146d464eb413f5d", "de2673264d41fe0ef2391733223e9b092483f95a34fc0a5fa1acb69a9d29f920"], "mitre_attack_tags": ["TA0007", "TA0009", "TA0006", "T1083", "T1217", "T1005", "T1119", "T1552", "T1539", "T1555"]}, {"bi": "registry-login-info-guest-modified", "hashes": ["40511c3a0402ec8b6d90b294ea13f5d83b5f77a2a47c333c01dd231b3588da76", "f211174d53657e1edf965e99c5fdee9f15f91bff3c41c4ceca1bd9b0abc38f82", "bfe82fd70f36efa6164bbd42d196381584d661d12c5de6312806100c37042558", "21df035a886ce850512c47bfe7eb83cf1c1ab521187894483e9220e06c2fd773", "97440f7334388258e72995338186e89a40aff17ba1f6fffffdb088d04141f0be", "7d1b8b1631a84926b840cd5b857c8fb4c21af7ed394ac85c4146d464eb413f5d", "de2673264d41fe0ef2391733223e9b092483f95a34fc0a5fa1acb69a9d29f920"], "mitre_attack_tags": ["TA0005", "TA0003", "T1112", "T1098"]}, {"bi": "malware-fareit-file-activity", "hashes": ["40511c3a0402ec8b6d90b294ea13f5d83b5f77a2a47c333c01dd231b3588da76", "f211174d53657e1edf965e99c5fdee9f15f91bff3c41c4ceca1bd9b0abc38f82", "bfe82fd70f36efa6164bbd42d196381584d661d12c5de6312806100c37042558", "21df035a886ce850512c47bfe7eb83cf1c1ab521187894483e9220e06c2fd773", "97440f7334388258e72995338186e89a40aff17ba1f6fffffdb088d04141f0be", "7d1b8b1631a84926b840cd5b857c8fb4c21af7ed394ac85c4146d464eb413f5d", "de2673264d41fe0ef2391733223e9b092483f95a34fc0a5fa1acb69a9d29f920"], "mitre_attack_tags": []}, {"bi": "registry-login-info-modified", "hashes": ["40511c3a0402ec8b6d90b294ea13f5d83b5f77a2a47c333c01dd231b3588da76", "f211174d53657e1edf965e99c5fdee9f15f91bff3c41c4ceca1bd9b0abc38f82", "bfe82fd70f36efa6164bbd42d196381584d661d12c5de6312806100c37042558", "21df035a886ce850512c47bfe7eb83cf1c1ab521187894483e9220e06c2fd773", "97440f7334388258e72995338186e89a40aff17ba1f6fffffdb088d04141f0be", "7d1b8b1631a84926b840cd5b857c8fb4c21af7ed394ac85c4146d464eb413f5d", "de2673264d41fe0ef2391733223e9b092483f95a34fc0a5fa1acb69a9d29f920"], "mitre_attack_tags": ["TA0005", "TA0003", "T1112", "T1098"]}, {"bi": "registry-created-user", "hashes": ["40511c3a0402ec8b6d90b294ea13f5d83b5f77a2a47c333c01dd231b3588da76", "f211174d53657e1edf965e99c5fdee9f15f91bff3c41c4ceca1bd9b0abc38f82", "bfe82fd70f36efa6164bbd42d196381584d661d12c5de6312806100c37042558", "21df035a886ce850512c47bfe7eb83cf1c1ab521187894483e9220e06c2fd773", "97440f7334388258e72995338186e89a40aff17ba1f6fffffdb088d04141f0be", "7d1b8b1631a84926b840cd5b857c8fb4c21af7ed394ac85c4146d464eb413f5d", "de2673264d41fe0ef2391733223e9b092483f95a34fc0a5fa1acb69a9d29f920"], "mitre_attack_tags": ["TA0005", "TA0003", "T1112", "T1098"]}, {"bi": "malware-generic-infostealer", "hashes": ["40511c3a0402ec8b6d90b294ea13f5d83b5f77a2a47c333c01dd231b3588da76", "f211174d53657e1edf965e99c5fdee9f15f91bff3c41c4ceca1bd9b0abc38f82", "bfe82fd70f36efa6164bbd42d196381584d661d12c5de6312806100c37042558", "21df035a886ce850512c47bfe7eb83cf1c1ab521187894483e9220e06c2fd773", "97440f7334388258e72995338186e89a40aff17ba1f6fffffdb088d04141f0be", "7d1b8b1631a84926b840cd5b857c8fb4c21af7ed394ac85c4146d464eb413f5d", "de2673264d41fe0ef2391733223e9b092483f95a34fc0a5fa1acb69a9d29f920"], "mitre_attack_tags": ["TA0007", "TA0009", "TA0006", "T1083", "T1005", "T1119", "T1552"]}, {"bi": "enumeration-cryptocurrency-information", "hashes": ["40511c3a0402ec8b6d90b294ea13f5d83b5f77a2a47c333c01dd231b3588da76", "f211174d53657e1edf965e99c5fdee9f15f91bff3c41c4ceca1bd9b0abc38f82", "bfe82fd70f36efa6164bbd42d196381584d661d12c5de6312806100c37042558", "21df035a886ce850512c47bfe7eb83cf1c1ab521187894483e9220e06c2fd773", "97440f7334388258e72995338186e89a40aff17ba1f6fffffdb088d04141f0be", "7d1b8b1631a84926b840cd5b857c8fb4c21af7ed394ac85c4146d464eb413f5d", "de2673264d41fe0ef2391733223e9b092483f95a34fc0a5fa1acb69a9d29f920"], "mitre_attack_tags": ["TA0007", "TA0009", "TA0006", "T1083", "T1005", "T1119", "T1552"]}, {"bi": "enumeration-email-program-information", "hashes": ["40511c3a0402ec8b6d90b294ea13f5d83b5f77a2a47c333c01dd231b3588da76", "f211174d53657e1edf965e99c5fdee9f15f91bff3c41c4ceca1bd9b0abc38f82", "bfe82fd70f36efa6164bbd42d196381584d661d12c5de6312806100c37042558", "21df035a886ce850512c47bfe7eb83cf1c1ab521187894483e9220e06c2fd773", "97440f7334388258e72995338186e89a40aff17ba1f6fffffdb088d04141f0be", "7d1b8b1631a84926b840cd5b857c8fb4c21af7ed394ac85c4146d464eb413f5d", "de2673264d41fe0ef2391733223e9b092483f95a34fc0a5fa1acb69a9d29f920"], "mitre_attack_tags": ["TA0007", "TA0009", "TA0006", "T1083", "T1087", "T1005", "T1119", "T1114", "T1552"]}, {"bi": "enumeration-ftp-program-information", "hashes": ["40511c3a0402ec8b6d90b294ea13f5d83b5f77a2a47c333c01dd231b3588da76", "f211174d53657e1edf965e99c5fdee9f15f91bff3c41c4ceca1bd9b0abc38f82", "bfe82fd70f36efa6164bbd42d196381584d661d12c5de6312806100c37042558", "21df035a886ce850512c47bfe7eb83cf1c1ab521187894483e9220e06c2fd773", "97440f7334388258e72995338186e89a40aff17ba1f6fffffdb088d04141f0be", "7d1b8b1631a84926b840cd5b857c8fb4c21af7ed394ac85c4146d464eb413f5d", "de2673264d41fe0ef2391733223e9b092483f95a34fc0a5fa1acb69a9d29f920"], "mitre_attack_tags": ["TA0007", "TA0009", "TA0006", "T1083", "T1005", "T1119", "T1552", "T1555"]}, {"bi": "created-executable-in-user-dir", "hashes": ["4d09f136f145dbd40513abfda1bc92e7588143ee318a11c5e498995847fb6c12", "14de0def7ff5d9c43ecbcb207ab56a858fdc083229b30ef816e62e19dbf6b2d0", "a1296eade8e9e99c60155900604c318e6a5dd270495d9fd42ef5144f388ff033", "140e5bec9612622eb47912cf88cc82fc74e3ef2f0433dbc8a597cc2970b2cc02", "ecbd53c73ab4c3b0efe1f2e6aaceae13e19006584f615ead12d134d2fe52f282", "30daa7fe12aa0818aa8739ef8dac3cea625a175a27cba68998545ce25fc17c29"], "mitre_attack_tags": []}, {"bi": "modified-file-in-user-dir", "hashes": ["4d09f136f145dbd40513abfda1bc92e7588143ee318a11c5e498995847fb6c12", "14de0def7ff5d9c43ecbcb207ab56a858fdc083229b30ef816e62e19dbf6b2d0", "a1296eade8e9e99c60155900604c318e6a5dd270495d9fd42ef5144f388ff033", "140e5bec9612622eb47912cf88cc82fc74e3ef2f0433dbc8a597cc2970b2cc02", "ecbd53c73ab4c3b0efe1f2e6aaceae13e19006584f615ead12d134d2fe52f282", "30daa7fe12aa0818aa8739ef8dac3cea625a175a27cba68998545ce25fc17c29"], "mitre_attack_tags": []}, {"bi": "network-opendns-malicious", "hashes": ["4d09f136f145dbd40513abfda1bc92e7588143ee318a11c5e498995847fb6c12", "14de0def7ff5d9c43ecbcb207ab56a858fdc083229b30ef816e62e19dbf6b2d0", "a1296eade8e9e99c60155900604c318e6a5dd270495d9fd42ef5144f388ff033", "140e5bec9612622eb47912cf88cc82fc74e3ef2f0433dbc8a597cc2970b2cc02", "ecbd53c73ab4c3b0efe1f2e6aaceae13e19006584f615ead12d134d2fe52f282", "30daa7fe12aa0818aa8739ef8dac3cea625a175a27cba68998545ce25fc17c29"], "mitre_attack_tags": []}, {"bi": "network-fast-flux-domain", "hashes": ["4d09f136f145dbd40513abfda1bc92e7588143ee318a11c5e498995847fb6c12", "14de0def7ff5d9c43ecbcb207ab56a858fdc083229b30ef816e62e19dbf6b2d0", "a1296eade8e9e99c60155900604c318e6a5dd270495d9fd42ef5144f388ff033", "140e5bec9612622eb47912cf88cc82fc74e3ef2f0433dbc8a597cc2970b2cc02", "ecbd53c73ab4c3b0efe1f2e6aaceae13e19006584f615ead12d134d2fe52f282", "30daa7fe12aa0818aa8739ef8dac3cea625a175a27cba68998545ce25fc17c29"], "mitre_attack_tags": []}, {"bi": "network-dns-category-dynamic", "hashes": ["4d09f136f145dbd40513abfda1bc92e7588143ee318a11c5e498995847fb6c12", "14de0def7ff5d9c43ecbcb207ab56a858fdc083229b30ef816e62e19dbf6b2d0", "a1296eade8e9e99c60155900604c318e6a5dd270495d9fd42ef5144f388ff033", "140e5bec9612622eb47912cf88cc82fc74e3ef2f0433dbc8a597cc2970b2cc02", "ecbd53c73ab4c3b0efe1f2e6aaceae13e19006584f615ead12d134d2fe52f282", "30daa7fe12aa0818aa8739ef8dac3cea625a175a27cba68998545ce25fc17c29"], "mitre_attack_tags": []}, {"bi": "malware-known-trojan-av", "hashes": ["4d09f136f145dbd40513abfda1bc92e7588143ee318a11c5e498995847fb6c12", "14de0def7ff5d9c43ecbcb207ab56a858fdc083229b30ef816e62e19dbf6b2d0", "a1296eade8e9e99c60155900604c318e6a5dd270495d9fd42ef5144f388ff033", "140e5bec9612622eb47912cf88cc82fc74e3ef2f0433dbc8a597cc2970b2cc02", "ecbd53c73ab4c3b0efe1f2e6aaceae13e19006584f615ead12d134d2fe52f282", "30daa7fe12aa0818aa8739ef8dac3cea625a175a27cba68998545ce25fc17c29"], "mitre_attack_tags": []}, {"bi": "sample-launched-copy-domain-flagged", "hashes": ["4d09f136f145dbd40513abfda1bc92e7588143ee318a11c5e498995847fb6c12", "14de0def7ff5d9c43ecbcb207ab56a858fdc083229b30ef816e62e19dbf6b2d0", "a1296eade8e9e99c60155900604c318e6a5dd270495d9fd42ef5144f388ff033", "140e5bec9612622eb47912cf88cc82fc74e3ef2f0433dbc8a597cc2970b2cc02", "ecbd53c73ab4c3b0efe1f2e6aaceae13e19006584f615ead12d134d2fe52f282", "30daa7fe12aa0818aa8739ef8dac3cea625a175a27cba68998545ce25fc17c29"], "mitre_attack_tags": ["TA0011", "T1102"]}, {"bi": "registry-winlogon-key-modified-nt", "hashes": ["4d09f136f145dbd40513abfda1bc92e7588143ee318a11c5e498995847fb6c12", "14de0def7ff5d9c43ecbcb207ab56a858fdc083229b30ef816e62e19dbf6b2d0", "a1296eade8e9e99c60155900604c318e6a5dd270495d9fd42ef5144f388ff033", "140e5bec9612622eb47912cf88cc82fc74e3ef2f0433dbc8a597cc2970b2cc02", "ecbd53c73ab4c3b0efe1f2e6aaceae13e19006584f615ead12d134d2fe52f282", "30daa7fe12aa0818aa8739ef8dac3cea625a175a27cba68998545ce25fc17c29"], "mitre_attack_tags": ["TA0005", "TA0003", "TA0004", "T1112", "T1547"]}, {"bi": "malware-darkcomet-detected", "hashes": ["4d09f136f145dbd40513abfda1bc92e7588143ee318a11c5e498995847fb6c12", "14de0def7ff5d9c43ecbcb207ab56a858fdc083229b30ef816e62e19dbf6b2d0", "a1296eade8e9e99c60155900604c318e6a5dd270495d9fd42ef5144f388ff033", "140e5bec9612622eb47912cf88cc82fc74e3ef2f0433dbc8a597cc2970b2cc02", "ecbd53c73ab4c3b0efe1f2e6aaceae13e19006584f615ead12d134d2fe52f282", "30daa7fe12aa0818aa8739ef8dac3cea625a175a27cba68998545ce25fc17c29"], "mitre_attack_tags": []}, {"bi": "malware-darkcomet-registry-detected", "hashes": ["4d09f136f145dbd40513abfda1bc92e7588143ee318a11c5e498995847fb6c12", "14de0def7ff5d9c43ecbcb207ab56a858fdc083229b30ef816e62e19dbf6b2d0", "a1296eade8e9e99c60155900604c318e6a5dd270495d9fd42ef5144f388ff033", "140e5bec9612622eb47912cf88cc82fc74e3ef2f0433dbc8a597cc2970b2cc02", "ecbd53c73ab4c3b0efe1f2e6aaceae13e19006584f615ead12d134d2fe52f282", "30daa7fe12aa0818aa8739ef8dac3cea625a175a27cba68998545ce25fc17c29"], "mitre_attack_tags": []}, {"bi": "malware-darkcomet-mutex-detected", "hashes": ["4d09f136f145dbd40513abfda1bc92e7588143ee318a11c5e498995847fb6c12", "14de0def7ff5d9c43ecbcb207ab56a858fdc083229b30ef816e62e19dbf6b2d0", "a1296eade8e9e99c60155900604c318e6a5dd270495d9fd42ef5144f388ff033", "140e5bec9612622eb47912cf88cc82fc74e3ef2f0433dbc8a597cc2970b2cc02", "ecbd53c73ab4c3b0efe1f2e6aaceae13e19006584f615ead12d134d2fe52f282", "30daa7fe12aa0818aa8739ef8dac3cea625a175a27cba68998545ce25fc17c29"], "mitre_attack_tags": []}, {"bi": "registry-winlogon-key-value-modified-to-userinit", "hashes": ["4d09f136f145dbd40513abfda1bc92e7588143ee318a11c5e498995847fb6c12", "14de0def7ff5d9c43ecbcb207ab56a858fdc083229b30ef816e62e19dbf6b2d0", "a1296eade8e9e99c60155900604c318e6a5dd270495d9fd42ef5144f388ff033", "140e5bec9612622eb47912cf88cc82fc74e3ef2f0433dbc8a597cc2970b2cc02", "ecbd53c73ab4c3b0efe1f2e6aaceae13e19006584f615ead12d134d2fe52f282", "30daa7fe12aa0818aa8739ef8dac3cea625a175a27cba68998545ce25fc17c29"], "mitre_attack_tags": ["TA0005", "TA0003", "TA0004", "T1112", "T1547"]}, {"bi": "network-fast-flux-nameserver", "hashes": ["f211174d53657e1edf965e99c5fdee9f15f91bff3c41c4ceca1bd9b0abc38f82", "21df035a886ce850512c47bfe7eb83cf1c1ab521187894483e9220e06c2fd773", "97440f7334388258e72995338186e89a40aff17ba1f6fffffdb088d04141f0be", "7d1b8b1631a84926b840cd5b857c8fb4c21af7ed394ac85c4146d464eb413f5d", "de2673264d41fe0ef2391733223e9b092483f95a34fc0a5fa1acb69a9d29f920"], "mitre_attack_tags": []}, {"bi": "potential-registry-persistence", "hashes": ["d1b45a3651bfa2af1186894fc579784a5b92997d8124a1bbde8725fe259f19bf", "ea04019c2556bd95a4d5de9f1688a39af9a09bc83353026223e0d29a2cec81b0", "06589ce72d7765cf161dd7efee2daecfe8a85899489a46d207c936af5a025528"], "mitre_attack_tags": ["TA0003"]}, {"bi": "process-check-zone-identifier", "hashes": ["d1b45a3651bfa2af1186894fc579784a5b92997d8124a1bbde8725fe259f19bf", "ea04019c2556bd95a4d5de9f1688a39af9a09bc83353026223e0d29a2cec81b0", "06589ce72d7765cf161dd7efee2daecfe8a85899489a46d207c936af5a025528"], "mitre_attack_tags": ["TA0007", "TA0005", "T1518", "T1553"]}, {"bi": "pe-certificate", "hashes": ["ea04019c2556bd95a4d5de9f1688a39af9a09bc83353026223e0d29a2cec81b0", "06589ce72d7765cf161dd7efee2daecfe8a85899489a46d207c936af5a025528"], "mitre_attack_tags": []}, {"bi": "pe-invalid-certificate-signature", "hashes": ["ea04019c2556bd95a4d5de9f1688a39af9a09bc83353026223e0d29a2cec81b0", "06589ce72d7765cf161dd7efee2daecfe8a85899489a46d207c936af5a025528"], "mitre_attack_tags": ["TA0005", "T1553"]}, {"bi": "pe-certificate-invalid-signing-date", "hashes": ["ea04019c2556bd95a4d5de9f1688a39af9a09bc83353026223e0d29a2cec81b0", "06589ce72d7765cf161dd7efee2daecfe8a85899489a46d207c936af5a025528"], "mitre_attack_tags": []}, {"bi": "artifact-flagged-antianalysis", "hashes": ["06589ce72d7765cf161dd7efee2daecfe8a85899489a46d207c936af5a025528"], "mitre_attack_tags": ["TA0005", "T1027"]}], "category": "Dropper", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": true, "Threat Grid": true, "Umbrella": true, "WSA": true}, "description": "DarkKomet is a freeware remote access trojan that was released by an independent software developer. It provides the same functionality you would expect from a remote access tool: keylogging, webcam access, microphone access, remote desktop, URL download, program execution, etc. ", "hashes": ["06589ce72d7765cf161dd7efee2daecfe8a85899489a46d207c936af5a025528", "140e5bec9612622eb47912cf88cc82fc74e3ef2f0433dbc8a597cc2970b2cc02", "14de0def7ff5d9c43ecbcb207ab56a858fdc083229b30ef816e62e19dbf6b2d0", "21df035a886ce850512c47bfe7eb83cf1c1ab521187894483e9220e06c2fd773", "30daa7fe12aa0818aa8739ef8dac3cea625a175a27cba68998545ce25fc17c29", "40511c3a0402ec8b6d90b294ea13f5d83b5f77a2a47c333c01dd231b3588da76", "4d09f136f145dbd40513abfda1bc92e7588143ee318a11c5e498995847fb6c12", "7bfb7f8f369004364519394d630587619447f397b1ce95f28984db7aede13982", "7d1b8b1631a84926b840cd5b857c8fb4c21af7ed394ac85c4146d464eb413f5d", "97440f7334388258e72995338186e89a40aff17ba1f6fffffdb088d04141f0be", "a1296eade8e9e99c60155900604c318e6a5dd270495d9fd42ef5144f388ff033", "bfe82fd70f36efa6164bbd42d196381584d661d12c5de6312806100c37042558", "d1b45a3651bfa2af1186894fc579784a5b92997d8124a1bbde8725fe259f19bf", "de2673264d41fe0ef2391733223e9b092483f95a34fc0a5fa1acb69a9d29f920", "e4a1a2cb2e4d98adeb6eb38678de696425c437a42da49d0586028a32e7076bc8", "ea04019c2556bd95a4d5de9f1688a39af9a09bc83353026223e0d29a2cec81b0", "ecbd53c73ab4c3b0efe1f2e6aaceae13e19006584f615ead12d134d2fe52f282", "f211174d53657e1edf965e99c5fdee9f15f91bff3c41c4ceca1bd9b0abc38f82"], "iocs": {"domain": [{"hashes": ["21df035a886ce850512c47bfe7eb83cf1c1ab521187894483e9220e06c2fd773", "40511c3a0402ec8b6d90b294ea13f5d83b5f77a2a47c333c01dd231b3588da76", "7d1b8b1631a84926b840cd5b857c8fb4c21af7ed394ac85c4146d464eb413f5d", "97440f7334388258e72995338186e89a40aff17ba1f6fffffdb088d04141f0be", "bfe82fd70f36efa6164bbd42d196381584d661d12c5de6312806100c37042558", "de2673264d41fe0ef2391733223e9b092483f95a34fc0a5fa1acb69a9d29f920", "f211174d53657e1edf965e99c5fdee9f15f91bff3c41c4ceca1bd9b0abc38f82"], "host": "1ntershipping[.]co"}, {"hashes": ["140e5bec9612622eb47912cf88cc82fc74e3ef2f0433dbc8a597cc2970b2cc02", "14de0def7ff5d9c43ecbcb207ab56a858fdc083229b30ef816e62e19dbf6b2d0", "30daa7fe12aa0818aa8739ef8dac3cea625a175a27cba68998545ce25fc17c29", "4d09f136f145dbd40513abfda1bc92e7588143ee318a11c5e498995847fb6c12", "a1296eade8e9e99c60155900604c318e6a5dd270495d9fd42ef5144f388ff033", "ecbd53c73ab4c3b0efe1f2e6aaceae13e19006584f615ead12d134d2fe52f282"], "host": "randomlovezs[.]duckdns[.]org"}], "file": [{"hashes": ["140e5bec9612622eb47912cf88cc82fc74e3ef2f0433dbc8a597cc2970b2cc02", "14de0def7ff5d9c43ecbcb207ab56a858fdc083229b30ef816e62e19dbf6b2d0", "30daa7fe12aa0818aa8739ef8dac3cea625a175a27cba68998545ce25fc17c29", "4d09f136f145dbd40513abfda1bc92e7588143ee318a11c5e498995847fb6c12", "a1296eade8e9e99c60155900604c318e6a5dd270495d9fd42ef5144f388ff033", "ecbd53c73ab4c3b0efe1f2e6aaceae13e19006584f615ead12d134d2fe52f282"], "path": "%APPDATA%\\dclogs"}, {"hashes": ["140e5bec9612622eb47912cf88cc82fc74e3ef2f0433dbc8a597cc2970b2cc02", "14de0def7ff5d9c43ecbcb207ab56a858fdc083229b30ef816e62e19dbf6b2d0", "30daa7fe12aa0818aa8739ef8dac3cea625a175a27cba68998545ce25fc17c29", "4d09f136f145dbd40513abfda1bc92e7588143ee318a11c5e498995847fb6c12", "a1296eade8e9e99c60155900604c318e6a5dd270495d9fd42ef5144f388ff033", "ecbd53c73ab4c3b0efe1f2e6aaceae13e19006584f615ead12d134d2fe52f282"], "path": "%HOMEPATH%\\Documents\\MSDCSC"}, {"hashes": ["140e5bec9612622eb47912cf88cc82fc74e3ef2f0433dbc8a597cc2970b2cc02", "14de0def7ff5d9c43ecbcb207ab56a858fdc083229b30ef816e62e19dbf6b2d0", "30daa7fe12aa0818aa8739ef8dac3cea625a175a27cba68998545ce25fc17c29", "4d09f136f145dbd40513abfda1bc92e7588143ee318a11c5e498995847fb6c12", "a1296eade8e9e99c60155900604c318e6a5dd270495d9fd42ef5144f388ff033", "ecbd53c73ab4c3b0efe1f2e6aaceae13e19006584f615ead12d134d2fe52f282"], "path": "%HOMEPATH%\\Documents\\MSDCSC\\msdcsc.exe"}, {"hashes": ["06589ce72d7765cf161dd7efee2daecfe8a85899489a46d207c936af5a025528", "d1b45a3651bfa2af1186894fc579784a5b92997d8124a1bbde8725fe259f19bf", "ea04019c2556bd95a4d5de9f1688a39af9a09bc83353026223e0d29a2cec81b0"], "path": "%APPDATA%\\ConfigsEx"}, {"hashes": ["06589ce72d7765cf161dd7efee2daecfe8a85899489a46d207c936af5a025528", "d1b45a3651bfa2af1186894fc579784a5b92997d8124a1bbde8725fe259f19bf", "ea04019c2556bd95a4d5de9f1688a39af9a09bc83353026223e0d29a2cec81b0"], "path": "%ProgramData%\\LiveSafe"}, {"hashes": ["06589ce72d7765cf161dd7efee2daecfe8a85899489a46d207c936af5a025528", "d1b45a3651bfa2af1186894fc579784a5b92997d8124a1bbde8725fe259f19bf", "ea04019c2556bd95a4d5de9f1688a39af9a09bc83353026223e0d29a2cec81b0"], "path": "%ProgramData%\\LiveSafe\\livesafe.exe"}], "ip": [{"hashes": ["140e5bec9612622eb47912cf88cc82fc74e3ef2f0433dbc8a597cc2970b2cc02", "14de0def7ff5d9c43ecbcb207ab56a858fdc083229b30ef816e62e19dbf6b2d0", "30daa7fe12aa0818aa8739ef8dac3cea625a175a27cba68998545ce25fc17c29", "4d09f136f145dbd40513abfda1bc92e7588143ee318a11c5e498995847fb6c12", "a1296eade8e9e99c60155900604c318e6a5dd270495d9fd42ef5144f388ff033", "ecbd53c73ab4c3b0efe1f2e6aaceae13e19006584f615ead12d134d2fe52f282"], "ip": "192[.]169[.]69[.]25"}, {"hashes": ["06589ce72d7765cf161dd7efee2daecfe8a85899489a46d207c936af5a025528", "d1b45a3651bfa2af1186894fc579784a5b92997d8124a1bbde8725fe259f19bf", "ea04019c2556bd95a4d5de9f1688a39af9a09bc83353026223e0d29a2cec81b0"], "ip": "5[.]189[.]137[.]8"}], "mutex": [{"hashes": ["140e5bec9612622eb47912cf88cc82fc74e3ef2f0433dbc8a597cc2970b2cc02", "14de0def7ff5d9c43ecbcb207ab56a858fdc083229b30ef816e62e19dbf6b2d0", "30daa7fe12aa0818aa8739ef8dac3cea625a175a27cba68998545ce25fc17c29", "4d09f136f145dbd40513abfda1bc92e7588143ee318a11c5e498995847fb6c12", "a1296eade8e9e99c60155900604c318e6a5dd270495d9fd42ef5144f388ff033", "ecbd53c73ab4c3b0efe1f2e6aaceae13e19006584f615ead12d134d2fe52f282"], "name": "DC_MUTEX-U4R2ZE3"}, {"hashes": ["06589ce72d7765cf161dd7efee2daecfe8a85899489a46d207c936af5a025528", "d1b45a3651bfa2af1186894fc579784a5b92997d8124a1bbde8725fe259f19bf", "ea04019c2556bd95a4d5de9f1688a39af9a09bc83353026223e0d29a2cec81b0"], "name": "1daec281-87cf-4d12-bf14-b425e26bf9ca"}], "registry": [{"hashes": ["06589ce72d7765cf161dd7efee2daecfe8a85899489a46d207c936af5a025528", "140e5bec9612622eb47912cf88cc82fc74e3ef2f0433dbc8a597cc2970b2cc02", "14de0def7ff5d9c43ecbcb207ab56a858fdc083229b30ef816e62e19dbf6b2d0", "21df035a886ce850512c47bfe7eb83cf1c1ab521187894483e9220e06c2fd773", "30daa7fe12aa0818aa8739ef8dac3cea625a175a27cba68998545ce25fc17c29", "40511c3a0402ec8b6d90b294ea13f5d83b5f77a2a47c333c01dd231b3588da76", "4d09f136f145dbd40513abfda1bc92e7588143ee318a11c5e498995847fb6c12", "7d1b8b1631a84926b840cd5b857c8fb4c21af7ed394ac85c4146d464eb413f5d", "97440f7334388258e72995338186e89a40aff17ba1f6fffffdb088d04141f0be", "a1296eade8e9e99c60155900604c318e6a5dd270495d9fd42ef5144f388ff033", "bfe82fd70f36efa6164bbd42d196381584d661d12c5de6312806100c37042558", "d1b45a3651bfa2af1186894fc579784a5b92997d8124a1bbde8725fe259f19bf", "de2673264d41fe0ef2391733223e9b092483f95a34fc0a5fa1acb69a9d29f920", "ea04019c2556bd95a4d5de9f1688a39af9a09bc83353026223e0d29a2cec81b0", "ecbd53c73ab4c3b0efe1f2e6aaceae13e19006584f615ead12d134d2fe52f282", "f211174d53657e1edf965e99c5fdee9f15f91bff3c41c4ceca1bd9b0abc38f82"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": ""}, {"hashes": ["21df035a886ce850512c47bfe7eb83cf1c1ab521187894483e9220e06c2fd773", "40511c3a0402ec8b6d90b294ea13f5d83b5f77a2a47c333c01dd231b3588da76", "7d1b8b1631a84926b840cd5b857c8fb4c21af7ed394ac85c4146d464eb413f5d", "97440f7334388258e72995338186e89a40aff17ba1f6fffffdb088d04141f0be", "bfe82fd70f36efa6164bbd42d196381584d661d12c5de6312806100c37042558", "de2673264d41fe0ef2391733223e9b092483f95a34fc0a5fa1acb69a9d29f920", "f211174d53657e1edf965e99c5fdee9f15f91bff3c41c4ceca1bd9b0abc38f82"], "key": "<HKCU>\\SOFTWARE\\WINRAR", "value_name": null}, {"hashes": ["21df035a886ce850512c47bfe7eb83cf1c1ab521187894483e9220e06c2fd773", "40511c3a0402ec8b6d90b294ea13f5d83b5f77a2a47c333c01dd231b3588da76", "7d1b8b1631a84926b840cd5b857c8fb4c21af7ed394ac85c4146d464eb413f5d", "97440f7334388258e72995338186e89a40aff17ba1f6fffffdb088d04141f0be", "bfe82fd70f36efa6164bbd42d196381584d661d12c5de6312806100c37042558", "de2673264d41fe0ef2391733223e9b092483f95a34fc0a5fa1acb69a9d29f920", "f211174d53657e1edf965e99c5fdee9f15f91bff3c41c4ceca1bd9b0abc38f82"], "key": "<HKLM>\\SAM\\SAM\\DOMAINS\\ACCOUNT\\USERS\\000003E9", "value_name": "F"}, {"hashes": ["21df035a886ce850512c47bfe7eb83cf1c1ab521187894483e9220e06c2fd773", "40511c3a0402ec8b6d90b294ea13f5d83b5f77a2a47c333c01dd231b3588da76", "7d1b8b1631a84926b840cd5b857c8fb4c21af7ed394ac85c4146d464eb413f5d", "97440f7334388258e72995338186e89a40aff17ba1f6fffffdb088d04141f0be", "bfe82fd70f36efa6164bbd42d196381584d661d12c5de6312806100c37042558", "de2673264d41fe0ef2391733223e9b092483f95a34fc0a5fa1acb69a9d29f920", "f211174d53657e1edf965e99c5fdee9f15f91bff3c41c4ceca1bd9b0abc38f82"], "key": "<HKLM>\\SAM\\SAM\\DOMAINS\\ACCOUNT\\USERS\\000001F5", "value_name": "F"}, {"hashes": ["21df035a886ce850512c47bfe7eb83cf1c1ab521187894483e9220e06c2fd773", "40511c3a0402ec8b6d90b294ea13f5d83b5f77a2a47c333c01dd231b3588da76", "7d1b8b1631a84926b840cd5b857c8fb4c21af7ed394ac85c4146d464eb413f5d", "97440f7334388258e72995338186e89a40aff17ba1f6fffffdb088d04141f0be", "bfe82fd70f36efa6164bbd42d196381584d661d12c5de6312806100c37042558", "de2673264d41fe0ef2391733223e9b092483f95a34fc0a5fa1acb69a9d29f920", "f211174d53657e1edf965e99c5fdee9f15f91bff3c41c4ceca1bd9b0abc38f82"], "key": "<HKCU>\\SOFTWARE\\WINRAR", "value_name": "HWID"}, {"hashes": ["21df035a886ce850512c47bfe7eb83cf1c1ab521187894483e9220e06c2fd773", "40511c3a0402ec8b6d90b294ea13f5d83b5f77a2a47c333c01dd231b3588da76", "7d1b8b1631a84926b840cd5b857c8fb4c21af7ed394ac85c4146d464eb413f5d", "97440f7334388258e72995338186e89a40aff17ba1f6fffffdb088d04141f0be", "bfe82fd70f36efa6164bbd42d196381584d661d12c5de6312806100c37042558", "de2673264d41fe0ef2391733223e9b092483f95a34fc0a5fa1acb69a9d29f920", "f211174d53657e1edf965e99c5fdee9f15f91bff3c41c4ceca1bd9b0abc38f82"], "key": "<HKLM>\\SAM\\SAM\\DOMAINS\\ACCOUNT\\USERS\\000003EC", "value_name": "F"}, {"hashes": ["140e5bec9612622eb47912cf88cc82fc74e3ef2f0433dbc8a597cc2970b2cc02", "14de0def7ff5d9c43ecbcb207ab56a858fdc083229b30ef816e62e19dbf6b2d0", "30daa7fe12aa0818aa8739ef8dac3cea625a175a27cba68998545ce25fc17c29", "4d09f136f145dbd40513abfda1bc92e7588143ee318a11c5e498995847fb6c12", "a1296eade8e9e99c60155900604c318e6a5dd270495d9fd42ef5144f388ff033", "ecbd53c73ab4c3b0efe1f2e6aaceae13e19006584f615ead12d134d2fe52f282"], "key": "<HKCU>\\SOFTWARE\\DC3_FEXEC", "value_name": null}, {"hashes": ["140e5bec9612622eb47912cf88cc82fc74e3ef2f0433dbc8a597cc2970b2cc02", "14de0def7ff5d9c43ecbcb207ab56a858fdc083229b30ef816e62e19dbf6b2d0", "30daa7fe12aa0818aa8739ef8dac3cea625a175a27cba68998545ce25fc17c29", "4d09f136f145dbd40513abfda1bc92e7588143ee318a11c5e498995847fb6c12", "a1296eade8e9e99c60155900604c318e6a5dd270495d9fd42ef5144f388ff033", "ecbd53c73ab4c3b0efe1f2e6aaceae13e19006584f615ead12d134d2fe52f282"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "MicroUpdate"}, {"hashes": ["140e5bec9612622eb47912cf88cc82fc74e3ef2f0433dbc8a597cc2970b2cc02", "14de0def7ff5d9c43ecbcb207ab56a858fdc083229b30ef816e62e19dbf6b2d0", "30daa7fe12aa0818aa8739ef8dac3cea625a175a27cba68998545ce25fc17c29", "4d09f136f145dbd40513abfda1bc92e7588143ee318a11c5e498995847fb6c12", "a1296eade8e9e99c60155900604c318e6a5dd270495d9fd42ef5144f388ff033", "ecbd53c73ab4c3b0efe1f2e6aaceae13e19006584f615ead12d134d2fe52f282"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINLOGON", "value_name": "UserInit"}, {"hashes": ["06589ce72d7765cf161dd7efee2daecfe8a85899489a46d207c936af5a025528", "d1b45a3651bfa2af1186894fc579784a5b92997d8124a1bbde8725fe259f19bf", "ea04019c2556bd95a4d5de9f1688a39af9a09bc83353026223e0d29a2cec81b0"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUNONCE", "value_name": "LiveSafe"}]}, "reports_count": 18}, "Win.Dropper.Fareit-9983571-1": {"bis": [{"bi": "pe-encrypted-section", "hashes": ["70fb6ede7c66ae618cf6a2414d6e954926a9a83097607de52101f89e6606587e", "698540018cbc00b2136dcb4951190309375b01498265db094549593e9f335aed", "37a85828e7c787657ec66752d73db2ebcb85040b0fe9df689bb18067a304f954", "143bee6fde9b3dee4f91e16e6925b6254848d9958f0c34ae1b8a5e7b444e8d63", "276fc674e4f232e25a17a67e53a98050265ec64a7698ad9bf56d3cc31ae0a732", "50b7ce25bf5591612540b416e12022f3284ea2de470eec1aa7759e9c0aa3469f", "44bda2acfe872846b11d129916e66a5c158308266bbb2c5b4b659ae040bc6726", "0864a6c576429f1d5cb4a9529b016903bd8e368ae3c11527ef421e566b6b37ec", "695aba9d911967937babbe5dbcf038ea43d67290959fbcc199cd1cac0f437ba0", "14eea17e15d2dd0092935ec71c98269ff4fe492eb6534b3c6baca1f48ea7376d", "2acfbc4bb180b60e8b257795e5b66e51e3ceae0550a2187703d15dd929471673", "07ace7fc4681b7d16fd6a76364cbb679b4447128b77123424c788058659e07e2", "32a1ae5db46aeae9898d6c83a752d028b08e59b86f17c19e0d12287a5d42c857", "6e02c443b09119b78fce3ca1340f8bbf25380ba485f7fab41f3bd7d3bddc3fe6", "2c23d82a3f45947ef677c2a2a73d1900b27dc7a5b11c0e2464ad6270671c864c", "5dd087571c55d345f926cbaee71f752052881f44f99e7712e491fa2ad349933c", "78f0cb383a71dd77a716fbe97052969ef11fc0fb4420dfad541d5e36a356f39f", "4b837e51f59054694d52f242ebc18a12a4ecf5080a5d7858032f7f968377ccca", "15b459fd340458d8eaa5269296f9cfcccc3a3540942ef17f47637a73d59acc0a", "17704079963b83eb8a4aa50af808aa3f2facc1eaba7708b6715504806db95a64", "02c648162f41e0ec54b1787c99bb274b484adeeaecbc99554fcd4428a276406e", "0aaad800dbe8242fdc236b0d12cc3f0fade9c7d9ac02d2fc872f60075ec4dfa0", "721968ba560a6e1d4def705be4279c5520a90015de5a08c1022448255d3d398e"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "memory-execute-readwrite", "hashes": ["70fb6ede7c66ae618cf6a2414d6e954926a9a83097607de52101f89e6606587e", "698540018cbc00b2136dcb4951190309375b01498265db094549593e9f335aed", "37a85828e7c787657ec66752d73db2ebcb85040b0fe9df689bb18067a304f954", "143bee6fde9b3dee4f91e16e6925b6254848d9958f0c34ae1b8a5e7b444e8d63", "276fc674e4f232e25a17a67e53a98050265ec64a7698ad9bf56d3cc31ae0a732", "50b7ce25bf5591612540b416e12022f3284ea2de470eec1aa7759e9c0aa3469f", "44bda2acfe872846b11d129916e66a5c158308266bbb2c5b4b659ae040bc6726", "0864a6c576429f1d5cb4a9529b016903bd8e368ae3c11527ef421e566b6b37ec", "695aba9d911967937babbe5dbcf038ea43d67290959fbcc199cd1cac0f437ba0", "14eea17e15d2dd0092935ec71c98269ff4fe492eb6534b3c6baca1f48ea7376d", "2acfbc4bb180b60e8b257795e5b66e51e3ceae0550a2187703d15dd929471673", "07ace7fc4681b7d16fd6a76364cbb679b4447128b77123424c788058659e07e2", "32a1ae5db46aeae9898d6c83a752d028b08e59b86f17c19e0d12287a5d42c857", "6e02c443b09119b78fce3ca1340f8bbf25380ba485f7fab41f3bd7d3bddc3fe6", "2c23d82a3f45947ef677c2a2a73d1900b27dc7a5b11c0e2464ad6270671c864c", "5dd087571c55d345f926cbaee71f752052881f44f99e7712e491fa2ad349933c", "78f0cb383a71dd77a716fbe97052969ef11fc0fb4420dfad541d5e36a356f39f", "4b837e51f59054694d52f242ebc18a12a4ecf5080a5d7858032f7f968377ccca", "15b459fd340458d8eaa5269296f9cfcccc3a3540942ef17f47637a73d59acc0a", "17704079963b83eb8a4aa50af808aa3f2facc1eaba7708b6715504806db95a64", "02c648162f41e0ec54b1787c99bb274b484adeeaecbc99554fcd4428a276406e", "0aaad800dbe8242fdc236b0d12cc3f0fade9c7d9ac02d2fc872f60075ec4dfa0", "721968ba560a6e1d4def705be4279c5520a90015de5a08c1022448255d3d398e"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["70fb6ede7c66ae618cf6a2414d6e954926a9a83097607de52101f89e6606587e", "698540018cbc00b2136dcb4951190309375b01498265db094549593e9f335aed", "37a85828e7c787657ec66752d73db2ebcb85040b0fe9df689bb18067a304f954", "143bee6fde9b3dee4f91e16e6925b6254848d9958f0c34ae1b8a5e7b444e8d63", "276fc674e4f232e25a17a67e53a98050265ec64a7698ad9bf56d3cc31ae0a732", "50b7ce25bf5591612540b416e12022f3284ea2de470eec1aa7759e9c0aa3469f", "44bda2acfe872846b11d129916e66a5c158308266bbb2c5b4b659ae040bc6726", "0864a6c576429f1d5cb4a9529b016903bd8e368ae3c11527ef421e566b6b37ec", "695aba9d911967937babbe5dbcf038ea43d67290959fbcc199cd1cac0f437ba0", "14eea17e15d2dd0092935ec71c98269ff4fe492eb6534b3c6baca1f48ea7376d", "2acfbc4bb180b60e8b257795e5b66e51e3ceae0550a2187703d15dd929471673", "07ace7fc4681b7d16fd6a76364cbb679b4447128b77123424c788058659e07e2", "32a1ae5db46aeae9898d6c83a752d028b08e59b86f17c19e0d12287a5d42c857", "6e02c443b09119b78fce3ca1340f8bbf25380ba485f7fab41f3bd7d3bddc3fe6", "2c23d82a3f45947ef677c2a2a73d1900b27dc7a5b11c0e2464ad6270671c864c", "5dd087571c55d345f926cbaee71f752052881f44f99e7712e491fa2ad349933c", "78f0cb383a71dd77a716fbe97052969ef11fc0fb4420dfad541d5e36a356f39f", "4b837e51f59054694d52f242ebc18a12a4ecf5080a5d7858032f7f968377ccca", "15b459fd340458d8eaa5269296f9cfcccc3a3540942ef17f47637a73d59acc0a", "17704079963b83eb8a4aa50af808aa3f2facc1eaba7708b6715504806db95a64", "02c648162f41e0ec54b1787c99bb274b484adeeaecbc99554fcd4428a276406e", "0aaad800dbe8242fdc236b0d12cc3f0fade9c7d9ac02d2fc872f60075ec4dfa0", "721968ba560a6e1d4def705be4279c5520a90015de5a08c1022448255d3d398e"], "mitre_attack_tags": []}, {"bi": "modified-file-in-user-dir", "hashes": ["70fb6ede7c66ae618cf6a2414d6e954926a9a83097607de52101f89e6606587e", "698540018cbc00b2136dcb4951190309375b01498265db094549593e9f335aed", "37a85828e7c787657ec66752d73db2ebcb85040b0fe9df689bb18067a304f954", "143bee6fde9b3dee4f91e16e6925b6254848d9958f0c34ae1b8a5e7b444e8d63", "276fc674e4f232e25a17a67e53a98050265ec64a7698ad9bf56d3cc31ae0a732", "50b7ce25bf5591612540b416e12022f3284ea2de470eec1aa7759e9c0aa3469f", "44bda2acfe872846b11d129916e66a5c158308266bbb2c5b4b659ae040bc6726", "0864a6c576429f1d5cb4a9529b016903bd8e368ae3c11527ef421e566b6b37ec", "695aba9d911967937babbe5dbcf038ea43d67290959fbcc199cd1cac0f437ba0", "14eea17e15d2dd0092935ec71c98269ff4fe492eb6534b3c6baca1f48ea7376d", "2acfbc4bb180b60e8b257795e5b66e51e3ceae0550a2187703d15dd929471673", "07ace7fc4681b7d16fd6a76364cbb679b4447128b77123424c788058659e07e2", "32a1ae5db46aeae9898d6c83a752d028b08e59b86f17c19e0d12287a5d42c857", "6e02c443b09119b78fce3ca1340f8bbf25380ba485f7fab41f3bd7d3bddc3fe6", "2c23d82a3f45947ef677c2a2a73d1900b27dc7a5b11c0e2464ad6270671c864c", "5dd087571c55d345f926cbaee71f752052881f44f99e7712e491fa2ad349933c", "78f0cb383a71dd77a716fbe97052969ef11fc0fb4420dfad541d5e36a356f39f", "4b837e51f59054694d52f242ebc18a12a4ecf5080a5d7858032f7f968377ccca", "15b459fd340458d8eaa5269296f9cfcccc3a3540942ef17f47637a73d59acc0a", "17704079963b83eb8a4aa50af808aa3f2facc1eaba7708b6715504806db95a64", "02c648162f41e0ec54b1787c99bb274b484adeeaecbc99554fcd4428a276406e", "0aaad800dbe8242fdc236b0d12cc3f0fade9c7d9ac02d2fc872f60075ec4dfa0", "721968ba560a6e1d4def705be4279c5520a90015de5a08c1022448255d3d398e"], "mitre_attack_tags": []}, {"bi": "pe-filename-mismatch", "hashes": ["70fb6ede7c66ae618cf6a2414d6e954926a9a83097607de52101f89e6606587e", "698540018cbc00b2136dcb4951190309375b01498265db094549593e9f335aed", "37a85828e7c787657ec66752d73db2ebcb85040b0fe9df689bb18067a304f954", "143bee6fde9b3dee4f91e16e6925b6254848d9958f0c34ae1b8a5e7b444e8d63", "276fc674e4f232e25a17a67e53a98050265ec64a7698ad9bf56d3cc31ae0a732", "50b7ce25bf5591612540b416e12022f3284ea2de470eec1aa7759e9c0aa3469f", "44bda2acfe872846b11d129916e66a5c158308266bbb2c5b4b659ae040bc6726", "0864a6c576429f1d5cb4a9529b016903bd8e368ae3c11527ef421e566b6b37ec", "695aba9d911967937babbe5dbcf038ea43d67290959fbcc199cd1cac0f437ba0", "14eea17e15d2dd0092935ec71c98269ff4fe492eb6534b3c6baca1f48ea7376d", "2acfbc4bb180b60e8b257795e5b66e51e3ceae0550a2187703d15dd929471673", "07ace7fc4681b7d16fd6a76364cbb679b4447128b77123424c788058659e07e2", "32a1ae5db46aeae9898d6c83a752d028b08e59b86f17c19e0d12287a5d42c857", "6e02c443b09119b78fce3ca1340f8bbf25380ba485f7fab41f3bd7d3bddc3fe6", "2c23d82a3f45947ef677c2a2a73d1900b27dc7a5b11c0e2464ad6270671c864c", "5dd087571c55d345f926cbaee71f752052881f44f99e7712e491fa2ad349933c", "78f0cb383a71dd77a716fbe97052969ef11fc0fb4420dfad541d5e36a356f39f", "4b837e51f59054694d52f242ebc18a12a4ecf5080a5d7858032f7f968377ccca", "15b459fd340458d8eaa5269296f9cfcccc3a3540942ef17f47637a73d59acc0a", "17704079963b83eb8a4aa50af808aa3f2facc1eaba7708b6715504806db95a64", "02c648162f41e0ec54b1787c99bb274b484adeeaecbc99554fcd4428a276406e", "0aaad800dbe8242fdc236b0d12cc3f0fade9c7d9ac02d2fc872f60075ec4dfa0", "721968ba560a6e1d4def705be4279c5520a90015de5a08c1022448255d3d398e"], "mitre_attack_tags": []}, {"bi": "pe-section-execute-writable", "hashes": ["70fb6ede7c66ae618cf6a2414d6e954926a9a83097607de52101f89e6606587e", "698540018cbc00b2136dcb4951190309375b01498265db094549593e9f335aed", "37a85828e7c787657ec66752d73db2ebcb85040b0fe9df689bb18067a304f954", "143bee6fde9b3dee4f91e16e6925b6254848d9958f0c34ae1b8a5e7b444e8d63", "276fc674e4f232e25a17a67e53a98050265ec64a7698ad9bf56d3cc31ae0a732", "50b7ce25bf5591612540b416e12022f3284ea2de470eec1aa7759e9c0aa3469f", "44bda2acfe872846b11d129916e66a5c158308266bbb2c5b4b659ae040bc6726", "0864a6c576429f1d5cb4a9529b016903bd8e368ae3c11527ef421e566b6b37ec", "695aba9d911967937babbe5dbcf038ea43d67290959fbcc199cd1cac0f437ba0", "14eea17e15d2dd0092935ec71c98269ff4fe492eb6534b3c6baca1f48ea7376d", "2acfbc4bb180b60e8b257795e5b66e51e3ceae0550a2187703d15dd929471673", "07ace7fc4681b7d16fd6a76364cbb679b4447128b77123424c788058659e07e2", "32a1ae5db46aeae9898d6c83a752d028b08e59b86f17c19e0d12287a5d42c857", "6e02c443b09119b78fce3ca1340f8bbf25380ba485f7fab41f3bd7d3bddc3fe6", "2c23d82a3f45947ef677c2a2a73d1900b27dc7a5b11c0e2464ad6270671c864c", "5dd087571c55d345f926cbaee71f752052881f44f99e7712e491fa2ad349933c", "78f0cb383a71dd77a716fbe97052969ef11fc0fb4420dfad541d5e36a356f39f", "4b837e51f59054694d52f242ebc18a12a4ecf5080a5d7858032f7f968377ccca", "15b459fd340458d8eaa5269296f9cfcccc3a3540942ef17f47637a73d59acc0a", "17704079963b83eb8a4aa50af808aa3f2facc1eaba7708b6715504806db95a64", "02c648162f41e0ec54b1787c99bb274b484adeeaecbc99554fcd4428a276406e", "0aaad800dbe8242fdc236b0d12cc3f0fade9c7d9ac02d2fc872f60075ec4dfa0", "721968ba560a6e1d4def705be4279c5520a90015de5a08c1022448255d3d398e"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-packed-upx", "hashes": ["70fb6ede7c66ae618cf6a2414d6e954926a9a83097607de52101f89e6606587e", "698540018cbc00b2136dcb4951190309375b01498265db094549593e9f335aed", "37a85828e7c787657ec66752d73db2ebcb85040b0fe9df689bb18067a304f954", "143bee6fde9b3dee4f91e16e6925b6254848d9958f0c34ae1b8a5e7b444e8d63", "276fc674e4f232e25a17a67e53a98050265ec64a7698ad9bf56d3cc31ae0a732", "50b7ce25bf5591612540b416e12022f3284ea2de470eec1aa7759e9c0aa3469f", "44bda2acfe872846b11d129916e66a5c158308266bbb2c5b4b659ae040bc6726", "0864a6c576429f1d5cb4a9529b016903bd8e368ae3c11527ef421e566b6b37ec", "695aba9d911967937babbe5dbcf038ea43d67290959fbcc199cd1cac0f437ba0", "14eea17e15d2dd0092935ec71c98269ff4fe492eb6534b3c6baca1f48ea7376d", "2acfbc4bb180b60e8b257795e5b66e51e3ceae0550a2187703d15dd929471673", "07ace7fc4681b7d16fd6a76364cbb679b4447128b77123424c788058659e07e2", "32a1ae5db46aeae9898d6c83a752d028b08e59b86f17c19e0d12287a5d42c857", "6e02c443b09119b78fce3ca1340f8bbf25380ba485f7fab41f3bd7d3bddc3fe6", "2c23d82a3f45947ef677c2a2a73d1900b27dc7a5b11c0e2464ad6270671c864c", "5dd087571c55d345f926cbaee71f752052881f44f99e7712e491fa2ad349933c", "78f0cb383a71dd77a716fbe97052969ef11fc0fb4420dfad541d5e36a356f39f", "4b837e51f59054694d52f242ebc18a12a4ecf5080a5d7858032f7f968377ccca", "15b459fd340458d8eaa5269296f9cfcccc3a3540942ef17f47637a73d59acc0a", "17704079963b83eb8a4aa50af808aa3f2facc1eaba7708b6715504806db95a64", "02c648162f41e0ec54b1787c99bb274b484adeeaecbc99554fcd4428a276406e", "0aaad800dbe8242fdc236b0d12cc3f0fade9c7d9ac02d2fc872f60075ec4dfa0", "721968ba560a6e1d4def705be4279c5520a90015de5a08c1022448255d3d398e"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "file-ini-read", "hashes": ["70fb6ede7c66ae618cf6a2414d6e954926a9a83097607de52101f89e6606587e", "698540018cbc00b2136dcb4951190309375b01498265db094549593e9f335aed", "37a85828e7c787657ec66752d73db2ebcb85040b0fe9df689bb18067a304f954", "143bee6fde9b3dee4f91e16e6925b6254848d9958f0c34ae1b8a5e7b444e8d63", "276fc674e4f232e25a17a67e53a98050265ec64a7698ad9bf56d3cc31ae0a732", "50b7ce25bf5591612540b416e12022f3284ea2de470eec1aa7759e9c0aa3469f", "44bda2acfe872846b11d129916e66a5c158308266bbb2c5b4b659ae040bc6726", "0864a6c576429f1d5cb4a9529b016903bd8e368ae3c11527ef421e566b6b37ec", "695aba9d911967937babbe5dbcf038ea43d67290959fbcc199cd1cac0f437ba0", "14eea17e15d2dd0092935ec71c98269ff4fe492eb6534b3c6baca1f48ea7376d", "2acfbc4bb180b60e8b257795e5b66e51e3ceae0550a2187703d15dd929471673", "07ace7fc4681b7d16fd6a76364cbb679b4447128b77123424c788058659e07e2", "32a1ae5db46aeae9898d6c83a752d028b08e59b86f17c19e0d12287a5d42c857", "6e02c443b09119b78fce3ca1340f8bbf25380ba485f7fab41f3bd7d3bddc3fe6", "2c23d82a3f45947ef677c2a2a73d1900b27dc7a5b11c0e2464ad6270671c864c", "5dd087571c55d345f926cbaee71f752052881f44f99e7712e491fa2ad349933c", "78f0cb383a71dd77a716fbe97052969ef11fc0fb4420dfad541d5e36a356f39f", "4b837e51f59054694d52f242ebc18a12a4ecf5080a5d7858032f7f968377ccca", "15b459fd340458d8eaa5269296f9cfcccc3a3540942ef17f47637a73d59acc0a", "17704079963b83eb8a4aa50af808aa3f2facc1eaba7708b6715504806db95a64", "02c648162f41e0ec54b1787c99bb274b484adeeaecbc99554fcd4428a276406e", "0aaad800dbe8242fdc236b0d12cc3f0fade9c7d9ac02d2fc872f60075ec4dfa0", "721968ba560a6e1d4def705be4279c5520a90015de5a08c1022448255d3d398e"], "mitre_attack_tags": []}, {"bi": "excessive-foreign-memory-modification", "hashes": ["70fb6ede7c66ae618cf6a2414d6e954926a9a83097607de52101f89e6606587e", "698540018cbc00b2136dcb4951190309375b01498265db094549593e9f335aed", "37a85828e7c787657ec66752d73db2ebcb85040b0fe9df689bb18067a304f954", "143bee6fde9b3dee4f91e16e6925b6254848d9958f0c34ae1b8a5e7b444e8d63", "276fc674e4f232e25a17a67e53a98050265ec64a7698ad9bf56d3cc31ae0a732", "50b7ce25bf5591612540b416e12022f3284ea2de470eec1aa7759e9c0aa3469f", "44bda2acfe872846b11d129916e66a5c158308266bbb2c5b4b659ae040bc6726", "0864a6c576429f1d5cb4a9529b016903bd8e368ae3c11527ef421e566b6b37ec", "695aba9d911967937babbe5dbcf038ea43d67290959fbcc199cd1cac0f437ba0", "14eea17e15d2dd0092935ec71c98269ff4fe492eb6534b3c6baca1f48ea7376d", "2acfbc4bb180b60e8b257795e5b66e51e3ceae0550a2187703d15dd929471673", "07ace7fc4681b7d16fd6a76364cbb679b4447128b77123424c788058659e07e2", "32a1ae5db46aeae9898d6c83a752d028b08e59b86f17c19e0d12287a5d42c857", "6e02c443b09119b78fce3ca1340f8bbf25380ba485f7fab41f3bd7d3bddc3fe6", "2c23d82a3f45947ef677c2a2a73d1900b27dc7a5b11c0e2464ad6270671c864c", "5dd087571c55d345f926cbaee71f752052881f44f99e7712e491fa2ad349933c", "78f0cb383a71dd77a716fbe97052969ef11fc0fb4420dfad541d5e36a356f39f", "4b837e51f59054694d52f242ebc18a12a4ecf5080a5d7858032f7f968377ccca", "15b459fd340458d8eaa5269296f9cfcccc3a3540942ef17f47637a73d59acc0a", "17704079963b83eb8a4aa50af808aa3f2facc1eaba7708b6715504806db95a64", "02c648162f41e0ec54b1787c99bb274b484adeeaecbc99554fcd4428a276406e", "0aaad800dbe8242fdc236b0d12cc3f0fade9c7d9ac02d2fc872f60075ec4dfa0", "721968ba560a6e1d4def705be4279c5520a90015de5a08c1022448255d3d398e"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "firefox-password-manager-local-database-access", "hashes": ["70fb6ede7c66ae618cf6a2414d6e954926a9a83097607de52101f89e6606587e", "698540018cbc00b2136dcb4951190309375b01498265db094549593e9f335aed", "37a85828e7c787657ec66752d73db2ebcb85040b0fe9df689bb18067a304f954", "143bee6fde9b3dee4f91e16e6925b6254848d9958f0c34ae1b8a5e7b444e8d63", "276fc674e4f232e25a17a67e53a98050265ec64a7698ad9bf56d3cc31ae0a732", "50b7ce25bf5591612540b416e12022f3284ea2de470eec1aa7759e9c0aa3469f", "44bda2acfe872846b11d129916e66a5c158308266bbb2c5b4b659ae040bc6726", "0864a6c576429f1d5cb4a9529b016903bd8e368ae3c11527ef421e566b6b37ec", "695aba9d911967937babbe5dbcf038ea43d67290959fbcc199cd1cac0f437ba0", "14eea17e15d2dd0092935ec71c98269ff4fe492eb6534b3c6baca1f48ea7376d", "2acfbc4bb180b60e8b257795e5b66e51e3ceae0550a2187703d15dd929471673", "07ace7fc4681b7d16fd6a76364cbb679b4447128b77123424c788058659e07e2", "32a1ae5db46aeae9898d6c83a752d028b08e59b86f17c19e0d12287a5d42c857", "6e02c443b09119b78fce3ca1340f8bbf25380ba485f7fab41f3bd7d3bddc3fe6", "2c23d82a3f45947ef677c2a2a73d1900b27dc7a5b11c0e2464ad6270671c864c", "5dd087571c55d345f926cbaee71f752052881f44f99e7712e491fa2ad349933c", "78f0cb383a71dd77a716fbe97052969ef11fc0fb4420dfad541d5e36a356f39f", "4b837e51f59054694d52f242ebc18a12a4ecf5080a5d7858032f7f968377ccca", "15b459fd340458d8eaa5269296f9cfcccc3a3540942ef17f47637a73d59acc0a", "17704079963b83eb8a4aa50af808aa3f2facc1eaba7708b6715504806db95a64", "02c648162f41e0ec54b1787c99bb274b484adeeaecbc99554fcd4428a276406e", "0aaad800dbe8242fdc236b0d12cc3f0fade9c7d9ac02d2fc872f60075ec4dfa0", "721968ba560a6e1d4def705be4279c5520a90015de5a08c1022448255d3d398e"], "mitre_attack_tags": ["TA0006", "T1003"]}, {"bi": "enumeration-browser-information", "hashes": ["70fb6ede7c66ae618cf6a2414d6e954926a9a83097607de52101f89e6606587e", "698540018cbc00b2136dcb4951190309375b01498265db094549593e9f335aed", "37a85828e7c787657ec66752d73db2ebcb85040b0fe9df689bb18067a304f954", "143bee6fde9b3dee4f91e16e6925b6254848d9958f0c34ae1b8a5e7b444e8d63", "276fc674e4f232e25a17a67e53a98050265ec64a7698ad9bf56d3cc31ae0a732", "50b7ce25bf5591612540b416e12022f3284ea2de470eec1aa7759e9c0aa3469f", "44bda2acfe872846b11d129916e66a5c158308266bbb2c5b4b659ae040bc6726", "0864a6c576429f1d5cb4a9529b016903bd8e368ae3c11527ef421e566b6b37ec", "695aba9d911967937babbe5dbcf038ea43d67290959fbcc199cd1cac0f437ba0", "14eea17e15d2dd0092935ec71c98269ff4fe492eb6534b3c6baca1f48ea7376d", "2acfbc4bb180b60e8b257795e5b66e51e3ceae0550a2187703d15dd929471673", "07ace7fc4681b7d16fd6a76364cbb679b4447128b77123424c788058659e07e2", "32a1ae5db46aeae9898d6c83a752d028b08e59b86f17c19e0d12287a5d42c857", "6e02c443b09119b78fce3ca1340f8bbf25380ba485f7fab41f3bd7d3bddc3fe6", "2c23d82a3f45947ef677c2a2a73d1900b27dc7a5b11c0e2464ad6270671c864c", "5dd087571c55d345f926cbaee71f752052881f44f99e7712e491fa2ad349933c", "78f0cb383a71dd77a716fbe97052969ef11fc0fb4420dfad541d5e36a356f39f", "4b837e51f59054694d52f242ebc18a12a4ecf5080a5d7858032f7f968377ccca", "15b459fd340458d8eaa5269296f9cfcccc3a3540942ef17f47637a73d59acc0a", "17704079963b83eb8a4aa50af808aa3f2facc1eaba7708b6715504806db95a64", "02c648162f41e0ec54b1787c99bb274b484adeeaecbc99554fcd4428a276406e", "0aaad800dbe8242fdc236b0d12cc3f0fade9c7d9ac02d2fc872f60075ec4dfa0", "721968ba560a6e1d4def705be4279c5520a90015de5a08c1022448255d3d398e"], "mitre_attack_tags": ["TA0007", "TA0009", "TA0006", "T1083", "T1217", "T1005", "T1119", "T1552", "T1539", "T1555"]}, {"bi": "sample-launched-copy-of-self", "hashes": ["70fb6ede7c66ae618cf6a2414d6e954926a9a83097607de52101f89e6606587e", "698540018cbc00b2136dcb4951190309375b01498265db094549593e9f335aed", "37a85828e7c787657ec66752d73db2ebcb85040b0fe9df689bb18067a304f954", "143bee6fde9b3dee4f91e16e6925b6254848d9958f0c34ae1b8a5e7b444e8d63", "276fc674e4f232e25a17a67e53a98050265ec64a7698ad9bf56d3cc31ae0a732", "50b7ce25bf5591612540b416e12022f3284ea2de470eec1aa7759e9c0aa3469f", "44bda2acfe872846b11d129916e66a5c158308266bbb2c5b4b659ae040bc6726", "0864a6c576429f1d5cb4a9529b016903bd8e368ae3c11527ef421e566b6b37ec", "695aba9d911967937babbe5dbcf038ea43d67290959fbcc199cd1cac0f437ba0", "14eea17e15d2dd0092935ec71c98269ff4fe492eb6534b3c6baca1f48ea7376d", "2acfbc4bb180b60e8b257795e5b66e51e3ceae0550a2187703d15dd929471673", "07ace7fc4681b7d16fd6a76364cbb679b4447128b77123424c788058659e07e2", "32a1ae5db46aeae9898d6c83a752d028b08e59b86f17c19e0d12287a5d42c857", "6e02c443b09119b78fce3ca1340f8bbf25380ba485f7fab41f3bd7d3bddc3fe6", "2c23d82a3f45947ef677c2a2a73d1900b27dc7a5b11c0e2464ad6270671c864c", "5dd087571c55d345f926cbaee71f752052881f44f99e7712e491fa2ad349933c", "78f0cb383a71dd77a716fbe97052969ef11fc0fb4420dfad541d5e36a356f39f", "4b837e51f59054694d52f242ebc18a12a4ecf5080a5d7858032f7f968377ccca", "15b459fd340458d8eaa5269296f9cfcccc3a3540942ef17f47637a73d59acc0a", "17704079963b83eb8a4aa50af808aa3f2facc1eaba7708b6715504806db95a64", "02c648162f41e0ec54b1787c99bb274b484adeeaecbc99554fcd4428a276406e", "0aaad800dbe8242fdc236b0d12cc3f0fade9c7d9ac02d2fc872f60075ec4dfa0", "721968ba560a6e1d4def705be4279c5520a90015de5a08c1022448255d3d398e"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "registry-login-info-guest-modified", "hashes": ["70fb6ede7c66ae618cf6a2414d6e954926a9a83097607de52101f89e6606587e", "698540018cbc00b2136dcb4951190309375b01498265db094549593e9f335aed", "37a85828e7c787657ec66752d73db2ebcb85040b0fe9df689bb18067a304f954", "143bee6fde9b3dee4f91e16e6925b6254848d9958f0c34ae1b8a5e7b444e8d63", "276fc674e4f232e25a17a67e53a98050265ec64a7698ad9bf56d3cc31ae0a732", "50b7ce25bf5591612540b416e12022f3284ea2de470eec1aa7759e9c0aa3469f", "44bda2acfe872846b11d129916e66a5c158308266bbb2c5b4b659ae040bc6726", "0864a6c576429f1d5cb4a9529b016903bd8e368ae3c11527ef421e566b6b37ec", "695aba9d911967937babbe5dbcf038ea43d67290959fbcc199cd1cac0f437ba0", "14eea17e15d2dd0092935ec71c98269ff4fe492eb6534b3c6baca1f48ea7376d", "2acfbc4bb180b60e8b257795e5b66e51e3ceae0550a2187703d15dd929471673", "07ace7fc4681b7d16fd6a76364cbb679b4447128b77123424c788058659e07e2", "32a1ae5db46aeae9898d6c83a752d028b08e59b86f17c19e0d12287a5d42c857", "6e02c443b09119b78fce3ca1340f8bbf25380ba485f7fab41f3bd7d3bddc3fe6", "2c23d82a3f45947ef677c2a2a73d1900b27dc7a5b11c0e2464ad6270671c864c", "5dd087571c55d345f926cbaee71f752052881f44f99e7712e491fa2ad349933c", "78f0cb383a71dd77a716fbe97052969ef11fc0fb4420dfad541d5e36a356f39f", "4b837e51f59054694d52f242ebc18a12a4ecf5080a5d7858032f7f968377ccca", "15b459fd340458d8eaa5269296f9cfcccc3a3540942ef17f47637a73d59acc0a", "17704079963b83eb8a4aa50af808aa3f2facc1eaba7708b6715504806db95a64", "02c648162f41e0ec54b1787c99bb274b484adeeaecbc99554fcd4428a276406e", "0aaad800dbe8242fdc236b0d12cc3f0fade9c7d9ac02d2fc872f60075ec4dfa0", "721968ba560a6e1d4def705be4279c5520a90015de5a08c1022448255d3d398e"], "mitre_attack_tags": ["TA0005", "TA0003", "T1112", "T1098"]}, {"bi": "malware-fareit-file-activity", "hashes": ["70fb6ede7c66ae618cf6a2414d6e954926a9a83097607de52101f89e6606587e", "698540018cbc00b2136dcb4951190309375b01498265db094549593e9f335aed", "37a85828e7c787657ec66752d73db2ebcb85040b0fe9df689bb18067a304f954", "143bee6fde9b3dee4f91e16e6925b6254848d9958f0c34ae1b8a5e7b444e8d63", "276fc674e4f232e25a17a67e53a98050265ec64a7698ad9bf56d3cc31ae0a732", "50b7ce25bf5591612540b416e12022f3284ea2de470eec1aa7759e9c0aa3469f", "44bda2acfe872846b11d129916e66a5c158308266bbb2c5b4b659ae040bc6726", "0864a6c576429f1d5cb4a9529b016903bd8e368ae3c11527ef421e566b6b37ec", "695aba9d911967937babbe5dbcf038ea43d67290959fbcc199cd1cac0f437ba0", "14eea17e15d2dd0092935ec71c98269ff4fe492eb6534b3c6baca1f48ea7376d", "2acfbc4bb180b60e8b257795e5b66e51e3ceae0550a2187703d15dd929471673", "07ace7fc4681b7d16fd6a76364cbb679b4447128b77123424c788058659e07e2", "32a1ae5db46aeae9898d6c83a752d028b08e59b86f17c19e0d12287a5d42c857", "6e02c443b09119b78fce3ca1340f8bbf25380ba485f7fab41f3bd7d3bddc3fe6", "2c23d82a3f45947ef677c2a2a73d1900b27dc7a5b11c0e2464ad6270671c864c", "5dd087571c55d345f926cbaee71f752052881f44f99e7712e491fa2ad349933c", "78f0cb383a71dd77a716fbe97052969ef11fc0fb4420dfad541d5e36a356f39f", "4b837e51f59054694d52f242ebc18a12a4ecf5080a5d7858032f7f968377ccca", "15b459fd340458d8eaa5269296f9cfcccc3a3540942ef17f47637a73d59acc0a", "17704079963b83eb8a4aa50af808aa3f2facc1eaba7708b6715504806db95a64", "02c648162f41e0ec54b1787c99bb274b484adeeaecbc99554fcd4428a276406e", "0aaad800dbe8242fdc236b0d12cc3f0fade9c7d9ac02d2fc872f60075ec4dfa0", "721968ba560a6e1d4def705be4279c5520a90015de5a08c1022448255d3d398e"], "mitre_attack_tags": []}, {"bi": "registry-login-info-modified", "hashes": ["70fb6ede7c66ae618cf6a2414d6e954926a9a83097607de52101f89e6606587e", "698540018cbc00b2136dcb4951190309375b01498265db094549593e9f335aed", "37a85828e7c787657ec66752d73db2ebcb85040b0fe9df689bb18067a304f954", "143bee6fde9b3dee4f91e16e6925b6254848d9958f0c34ae1b8a5e7b444e8d63", "276fc674e4f232e25a17a67e53a98050265ec64a7698ad9bf56d3cc31ae0a732", "50b7ce25bf5591612540b416e12022f3284ea2de470eec1aa7759e9c0aa3469f", "44bda2acfe872846b11d129916e66a5c158308266bbb2c5b4b659ae040bc6726", "0864a6c576429f1d5cb4a9529b016903bd8e368ae3c11527ef421e566b6b37ec", "695aba9d911967937babbe5dbcf038ea43d67290959fbcc199cd1cac0f437ba0", "14eea17e15d2dd0092935ec71c98269ff4fe492eb6534b3c6baca1f48ea7376d", "2acfbc4bb180b60e8b257795e5b66e51e3ceae0550a2187703d15dd929471673", "07ace7fc4681b7d16fd6a76364cbb679b4447128b77123424c788058659e07e2", "32a1ae5db46aeae9898d6c83a752d028b08e59b86f17c19e0d12287a5d42c857", "6e02c443b09119b78fce3ca1340f8bbf25380ba485f7fab41f3bd7d3bddc3fe6", "2c23d82a3f45947ef677c2a2a73d1900b27dc7a5b11c0e2464ad6270671c864c", "5dd087571c55d345f926cbaee71f752052881f44f99e7712e491fa2ad349933c", "78f0cb383a71dd77a716fbe97052969ef11fc0fb4420dfad541d5e36a356f39f", "4b837e51f59054694d52f242ebc18a12a4ecf5080a5d7858032f7f968377ccca", "15b459fd340458d8eaa5269296f9cfcccc3a3540942ef17f47637a73d59acc0a", "17704079963b83eb8a4aa50af808aa3f2facc1eaba7708b6715504806db95a64", "02c648162f41e0ec54b1787c99bb274b484adeeaecbc99554fcd4428a276406e", "0aaad800dbe8242fdc236b0d12cc3f0fade9c7d9ac02d2fc872f60075ec4dfa0", "721968ba560a6e1d4def705be4279c5520a90015de5a08c1022448255d3d398e"], "mitre_attack_tags": ["TA0005", "TA0003", "T1112", "T1098"]}, {"bi": "sample-pe-modified-on-disk", "hashes": ["70fb6ede7c66ae618cf6a2414d6e954926a9a83097607de52101f89e6606587e", "698540018cbc00b2136dcb4951190309375b01498265db094549593e9f335aed", "37a85828e7c787657ec66752d73db2ebcb85040b0fe9df689bb18067a304f954", "143bee6fde9b3dee4f91e16e6925b6254848d9958f0c34ae1b8a5e7b444e8d63", "276fc674e4f232e25a17a67e53a98050265ec64a7698ad9bf56d3cc31ae0a732", "50b7ce25bf5591612540b416e12022f3284ea2de470eec1aa7759e9c0aa3469f", "44bda2acfe872846b11d129916e66a5c158308266bbb2c5b4b659ae040bc6726", "0864a6c576429f1d5cb4a9529b016903bd8e368ae3c11527ef421e566b6b37ec", "695aba9d911967937babbe5dbcf038ea43d67290959fbcc199cd1cac0f437ba0", "14eea17e15d2dd0092935ec71c98269ff4fe492eb6534b3c6baca1f48ea7376d", "2acfbc4bb180b60e8b257795e5b66e51e3ceae0550a2187703d15dd929471673", "07ace7fc4681b7d16fd6a76364cbb679b4447128b77123424c788058659e07e2", "32a1ae5db46aeae9898d6c83a752d028b08e59b86f17c19e0d12287a5d42c857", "6e02c443b09119b78fce3ca1340f8bbf25380ba485f7fab41f3bd7d3bddc3fe6", "2c23d82a3f45947ef677c2a2a73d1900b27dc7a5b11c0e2464ad6270671c864c", "5dd087571c55d345f926cbaee71f752052881f44f99e7712e491fa2ad349933c", "78f0cb383a71dd77a716fbe97052969ef11fc0fb4420dfad541d5e36a356f39f", "4b837e51f59054694d52f242ebc18a12a4ecf5080a5d7858032f7f968377ccca", "15b459fd340458d8eaa5269296f9cfcccc3a3540942ef17f47637a73d59acc0a", "17704079963b83eb8a4aa50af808aa3f2facc1eaba7708b6715504806db95a64", "02c648162f41e0ec54b1787c99bb274b484adeeaecbc99554fcd4428a276406e", "0aaad800dbe8242fdc236b0d12cc3f0fade9c7d9ac02d2fc872f60075ec4dfa0", "721968ba560a6e1d4def705be4279c5520a90015de5a08c1022448255d3d398e"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "startup-folder-modification", "hashes": ["70fb6ede7c66ae618cf6a2414d6e954926a9a83097607de52101f89e6606587e", "698540018cbc00b2136dcb4951190309375b01498265db094549593e9f335aed", "37a85828e7c787657ec66752d73db2ebcb85040b0fe9df689bb18067a304f954", "143bee6fde9b3dee4f91e16e6925b6254848d9958f0c34ae1b8a5e7b444e8d63", "276fc674e4f232e25a17a67e53a98050265ec64a7698ad9bf56d3cc31ae0a732", "50b7ce25bf5591612540b416e12022f3284ea2de470eec1aa7759e9c0aa3469f", "44bda2acfe872846b11d129916e66a5c158308266bbb2c5b4b659ae040bc6726", "0864a6c576429f1d5cb4a9529b016903bd8e368ae3c11527ef421e566b6b37ec", "695aba9d911967937babbe5dbcf038ea43d67290959fbcc199cd1cac0f437ba0", "14eea17e15d2dd0092935ec71c98269ff4fe492eb6534b3c6baca1f48ea7376d", "2acfbc4bb180b60e8b257795e5b66e51e3ceae0550a2187703d15dd929471673", "07ace7fc4681b7d16fd6a76364cbb679b4447128b77123424c788058659e07e2", "32a1ae5db46aeae9898d6c83a752d028b08e59b86f17c19e0d12287a5d42c857", "6e02c443b09119b78fce3ca1340f8bbf25380ba485f7fab41f3bd7d3bddc3fe6", "2c23d82a3f45947ef677c2a2a73d1900b27dc7a5b11c0e2464ad6270671c864c", "5dd087571c55d345f926cbaee71f752052881f44f99e7712e491fa2ad349933c", "78f0cb383a71dd77a716fbe97052969ef11fc0fb4420dfad541d5e36a356f39f", "4b837e51f59054694d52f242ebc18a12a4ecf5080a5d7858032f7f968377ccca", "15b459fd340458d8eaa5269296f9cfcccc3a3540942ef17f47637a73d59acc0a", "17704079963b83eb8a4aa50af808aa3f2facc1eaba7708b6715504806db95a64", "02c648162f41e0ec54b1787c99bb274b484adeeaecbc99554fcd4428a276406e", "0aaad800dbe8242fdc236b0d12cc3f0fade9c7d9ac02d2fc872f60075ec4dfa0", "721968ba560a6e1d4def705be4279c5520a90015de5a08c1022448255d3d398e"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "registry-created-user", "hashes": ["70fb6ede7c66ae618cf6a2414d6e954926a9a83097607de52101f89e6606587e", "698540018cbc00b2136dcb4951190309375b01498265db094549593e9f335aed", "37a85828e7c787657ec66752d73db2ebcb85040b0fe9df689bb18067a304f954", "143bee6fde9b3dee4f91e16e6925b6254848d9958f0c34ae1b8a5e7b444e8d63", "276fc674e4f232e25a17a67e53a98050265ec64a7698ad9bf56d3cc31ae0a732", "50b7ce25bf5591612540b416e12022f3284ea2de470eec1aa7759e9c0aa3469f", "44bda2acfe872846b11d129916e66a5c158308266bbb2c5b4b659ae040bc6726", "0864a6c576429f1d5cb4a9529b016903bd8e368ae3c11527ef421e566b6b37ec", "695aba9d911967937babbe5dbcf038ea43d67290959fbcc199cd1cac0f437ba0", "14eea17e15d2dd0092935ec71c98269ff4fe492eb6534b3c6baca1f48ea7376d", "2acfbc4bb180b60e8b257795e5b66e51e3ceae0550a2187703d15dd929471673", "07ace7fc4681b7d16fd6a76364cbb679b4447128b77123424c788058659e07e2", "32a1ae5db46aeae9898d6c83a752d028b08e59b86f17c19e0d12287a5d42c857", "6e02c443b09119b78fce3ca1340f8bbf25380ba485f7fab41f3bd7d3bddc3fe6", "2c23d82a3f45947ef677c2a2a73d1900b27dc7a5b11c0e2464ad6270671c864c", "5dd087571c55d345f926cbaee71f752052881f44f99e7712e491fa2ad349933c", "78f0cb383a71dd77a716fbe97052969ef11fc0fb4420dfad541d5e36a356f39f", "4b837e51f59054694d52f242ebc18a12a4ecf5080a5d7858032f7f968377ccca", "15b459fd340458d8eaa5269296f9cfcccc3a3540942ef17f47637a73d59acc0a", "17704079963b83eb8a4aa50af808aa3f2facc1eaba7708b6715504806db95a64", "02c648162f41e0ec54b1787c99bb274b484adeeaecbc99554fcd4428a276406e", "0aaad800dbe8242fdc236b0d12cc3f0fade9c7d9ac02d2fc872f60075ec4dfa0", "721968ba560a6e1d4def705be4279c5520a90015de5a08c1022448255d3d398e"], "mitre_attack_tags": ["TA0005", "TA0003", "T1112", "T1098"]}, {"bi": "malware-generic-infostealer", "hashes": ["70fb6ede7c66ae618cf6a2414d6e954926a9a83097607de52101f89e6606587e", "698540018cbc00b2136dcb4951190309375b01498265db094549593e9f335aed", "37a85828e7c787657ec66752d73db2ebcb85040b0fe9df689bb18067a304f954", "143bee6fde9b3dee4f91e16e6925b6254848d9958f0c34ae1b8a5e7b444e8d63", "276fc674e4f232e25a17a67e53a98050265ec64a7698ad9bf56d3cc31ae0a732", "50b7ce25bf5591612540b416e12022f3284ea2de470eec1aa7759e9c0aa3469f", "44bda2acfe872846b11d129916e66a5c158308266bbb2c5b4b659ae040bc6726", "0864a6c576429f1d5cb4a9529b016903bd8e368ae3c11527ef421e566b6b37ec", "695aba9d911967937babbe5dbcf038ea43d67290959fbcc199cd1cac0f437ba0", "14eea17e15d2dd0092935ec71c98269ff4fe492eb6534b3c6baca1f48ea7376d", "2acfbc4bb180b60e8b257795e5b66e51e3ceae0550a2187703d15dd929471673", "07ace7fc4681b7d16fd6a76364cbb679b4447128b77123424c788058659e07e2", "32a1ae5db46aeae9898d6c83a752d028b08e59b86f17c19e0d12287a5d42c857", "6e02c443b09119b78fce3ca1340f8bbf25380ba485f7fab41f3bd7d3bddc3fe6", "2c23d82a3f45947ef677c2a2a73d1900b27dc7a5b11c0e2464ad6270671c864c", "5dd087571c55d345f926cbaee71f752052881f44f99e7712e491fa2ad349933c", "78f0cb383a71dd77a716fbe97052969ef11fc0fb4420dfad541d5e36a356f39f", "4b837e51f59054694d52f242ebc18a12a4ecf5080a5d7858032f7f968377ccca", "15b459fd340458d8eaa5269296f9cfcccc3a3540942ef17f47637a73d59acc0a", "17704079963b83eb8a4aa50af808aa3f2facc1eaba7708b6715504806db95a64", "02c648162f41e0ec54b1787c99bb274b484adeeaecbc99554fcd4428a276406e", "0aaad800dbe8242fdc236b0d12cc3f0fade9c7d9ac02d2fc872f60075ec4dfa0", "721968ba560a6e1d4def705be4279c5520a90015de5a08c1022448255d3d398e"], "mitre_attack_tags": ["TA0007", "TA0009", "TA0006", "T1083", "T1005", "T1119", "T1552"]}, {"bi": "enumeration-cryptocurrency-information", "hashes": ["70fb6ede7c66ae618cf6a2414d6e954926a9a83097607de52101f89e6606587e", "698540018cbc00b2136dcb4951190309375b01498265db094549593e9f335aed", "37a85828e7c787657ec66752d73db2ebcb85040b0fe9df689bb18067a304f954", "143bee6fde9b3dee4f91e16e6925b6254848d9958f0c34ae1b8a5e7b444e8d63", "276fc674e4f232e25a17a67e53a98050265ec64a7698ad9bf56d3cc31ae0a732", "50b7ce25bf5591612540b416e12022f3284ea2de470eec1aa7759e9c0aa3469f", "44bda2acfe872846b11d129916e66a5c158308266bbb2c5b4b659ae040bc6726", "0864a6c576429f1d5cb4a9529b016903bd8e368ae3c11527ef421e566b6b37ec", "695aba9d911967937babbe5dbcf038ea43d67290959fbcc199cd1cac0f437ba0", "14eea17e15d2dd0092935ec71c98269ff4fe492eb6534b3c6baca1f48ea7376d", "2acfbc4bb180b60e8b257795e5b66e51e3ceae0550a2187703d15dd929471673", "07ace7fc4681b7d16fd6a76364cbb679b4447128b77123424c788058659e07e2", "32a1ae5db46aeae9898d6c83a752d028b08e59b86f17c19e0d12287a5d42c857", "6e02c443b09119b78fce3ca1340f8bbf25380ba485f7fab41f3bd7d3bddc3fe6", "2c23d82a3f45947ef677c2a2a73d1900b27dc7a5b11c0e2464ad6270671c864c", "5dd087571c55d345f926cbaee71f752052881f44f99e7712e491fa2ad349933c", "78f0cb383a71dd77a716fbe97052969ef11fc0fb4420dfad541d5e36a356f39f", "4b837e51f59054694d52f242ebc18a12a4ecf5080a5d7858032f7f968377ccca", "15b459fd340458d8eaa5269296f9cfcccc3a3540942ef17f47637a73d59acc0a", "17704079963b83eb8a4aa50af808aa3f2facc1eaba7708b6715504806db95a64", "02c648162f41e0ec54b1787c99bb274b484adeeaecbc99554fcd4428a276406e", "0aaad800dbe8242fdc236b0d12cc3f0fade9c7d9ac02d2fc872f60075ec4dfa0", "721968ba560a6e1d4def705be4279c5520a90015de5a08c1022448255d3d398e"], "mitre_attack_tags": ["TA0007", "TA0009", "TA0006", "T1083", "T1005", "T1119", "T1552"]}, {"bi": "enumeration-email-program-information", "hashes": ["70fb6ede7c66ae618cf6a2414d6e954926a9a83097607de52101f89e6606587e", "698540018cbc00b2136dcb4951190309375b01498265db094549593e9f335aed", "37a85828e7c787657ec66752d73db2ebcb85040b0fe9df689bb18067a304f954", "143bee6fde9b3dee4f91e16e6925b6254848d9958f0c34ae1b8a5e7b444e8d63", "276fc674e4f232e25a17a67e53a98050265ec64a7698ad9bf56d3cc31ae0a732", "50b7ce25bf5591612540b416e12022f3284ea2de470eec1aa7759e9c0aa3469f", "44bda2acfe872846b11d129916e66a5c158308266bbb2c5b4b659ae040bc6726", "0864a6c576429f1d5cb4a9529b016903bd8e368ae3c11527ef421e566b6b37ec", "695aba9d911967937babbe5dbcf038ea43d67290959fbcc199cd1cac0f437ba0", "14eea17e15d2dd0092935ec71c98269ff4fe492eb6534b3c6baca1f48ea7376d", "2acfbc4bb180b60e8b257795e5b66e51e3ceae0550a2187703d15dd929471673", "07ace7fc4681b7d16fd6a76364cbb679b4447128b77123424c788058659e07e2", "32a1ae5db46aeae9898d6c83a752d028b08e59b86f17c19e0d12287a5d42c857", "6e02c443b09119b78fce3ca1340f8bbf25380ba485f7fab41f3bd7d3bddc3fe6", "2c23d82a3f45947ef677c2a2a73d1900b27dc7a5b11c0e2464ad6270671c864c", "5dd087571c55d345f926cbaee71f752052881f44f99e7712e491fa2ad349933c", "78f0cb383a71dd77a716fbe97052969ef11fc0fb4420dfad541d5e36a356f39f", "4b837e51f59054694d52f242ebc18a12a4ecf5080a5d7858032f7f968377ccca", "15b459fd340458d8eaa5269296f9cfcccc3a3540942ef17f47637a73d59acc0a", "17704079963b83eb8a4aa50af808aa3f2facc1eaba7708b6715504806db95a64", "02c648162f41e0ec54b1787c99bb274b484adeeaecbc99554fcd4428a276406e", "0aaad800dbe8242fdc236b0d12cc3f0fade9c7d9ac02d2fc872f60075ec4dfa0", "721968ba560a6e1d4def705be4279c5520a90015de5a08c1022448255d3d398e"], "mitre_attack_tags": ["TA0007", "TA0009", "TA0006", "T1083", "T1087", "T1005", "T1119", "T1114", "T1552"]}, {"bi": "enumeration-ftp-program-information", "hashes": ["70fb6ede7c66ae618cf6a2414d6e954926a9a83097607de52101f89e6606587e", "698540018cbc00b2136dcb4951190309375b01498265db094549593e9f335aed", "37a85828e7c787657ec66752d73db2ebcb85040b0fe9df689bb18067a304f954", "143bee6fde9b3dee4f91e16e6925b6254848d9958f0c34ae1b8a5e7b444e8d63", "276fc674e4f232e25a17a67e53a98050265ec64a7698ad9bf56d3cc31ae0a732", "50b7ce25bf5591612540b416e12022f3284ea2de470eec1aa7759e9c0aa3469f", "44bda2acfe872846b11d129916e66a5c158308266bbb2c5b4b659ae040bc6726", "0864a6c576429f1d5cb4a9529b016903bd8e368ae3c11527ef421e566b6b37ec", "695aba9d911967937babbe5dbcf038ea43d67290959fbcc199cd1cac0f437ba0", "14eea17e15d2dd0092935ec71c98269ff4fe492eb6534b3c6baca1f48ea7376d", "2acfbc4bb180b60e8b257795e5b66e51e3ceae0550a2187703d15dd929471673", "07ace7fc4681b7d16fd6a76364cbb679b4447128b77123424c788058659e07e2", "32a1ae5db46aeae9898d6c83a752d028b08e59b86f17c19e0d12287a5d42c857", "6e02c443b09119b78fce3ca1340f8bbf25380ba485f7fab41f3bd7d3bddc3fe6", "2c23d82a3f45947ef677c2a2a73d1900b27dc7a5b11c0e2464ad6270671c864c", "5dd087571c55d345f926cbaee71f752052881f44f99e7712e491fa2ad349933c", "78f0cb383a71dd77a716fbe97052969ef11fc0fb4420dfad541d5e36a356f39f", "4b837e51f59054694d52f242ebc18a12a4ecf5080a5d7858032f7f968377ccca", "15b459fd340458d8eaa5269296f9cfcccc3a3540942ef17f47637a73d59acc0a", "17704079963b83eb8a4aa50af808aa3f2facc1eaba7708b6715504806db95a64", "02c648162f41e0ec54b1787c99bb274b484adeeaecbc99554fcd4428a276406e", "0aaad800dbe8242fdc236b0d12cc3f0fade9c7d9ac02d2fc872f60075ec4dfa0", "721968ba560a6e1d4def705be4279c5520a90015de5a08c1022448255d3d398e"], "mitre_attack_tags": ["TA0007", "TA0009", "TA0006", "T1083", "T1005", "T1119", "T1552", "T1555"]}, {"bi": "process-hollowing-detected", "hashes": ["37a85828e7c787657ec66752d73db2ebcb85040b0fe9df689bb18067a304f954", "50b7ce25bf5591612540b416e12022f3284ea2de470eec1aa7759e9c0aa3469f", "695aba9d911967937babbe5dbcf038ea43d67290959fbcc199cd1cac0f437ba0", "14eea17e15d2dd0092935ec71c98269ff4fe492eb6534b3c6baca1f48ea7376d", "2acfbc4bb180b60e8b257795e5b66e51e3ceae0550a2187703d15dd929471673", "07ace7fc4681b7d16fd6a76364cbb679b4447128b77123424c788058659e07e2", "32a1ae5db46aeae9898d6c83a752d028b08e59b86f17c19e0d12287a5d42c857", "6e02c443b09119b78fce3ca1340f8bbf25380ba485f7fab41f3bd7d3bddc3fe6", "2c23d82a3f45947ef677c2a2a73d1900b27dc7a5b11c0e2464ad6270671c864c", "78f0cb383a71dd77a716fbe97052969ef11fc0fb4420dfad541d5e36a356f39f", "4b837e51f59054694d52f242ebc18a12a4ecf5080a5d7858032f7f968377ccca", "721968ba560a6e1d4def705be4279c5520a90015de5a08c1022448255d3d398e"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}], "category": "Dropper", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": false, "Threat Grid": true, "Umbrella": false, "WSA": false}, "description": "The Fareit trojan is primarily an information stealer with functionality to download and install other malware.", "hashes": ["02c648162f41e0ec54b1787c99bb274b484adeeaecbc99554fcd4428a276406e", "07ace7fc4681b7d16fd6a76364cbb679b4447128b77123424c788058659e07e2", "0864a6c576429f1d5cb4a9529b016903bd8e368ae3c11527ef421e566b6b37ec", "0aaad800dbe8242fdc236b0d12cc3f0fade9c7d9ac02d2fc872f60075ec4dfa0", "143bee6fde9b3dee4f91e16e6925b6254848d9958f0c34ae1b8a5e7b444e8d63", "14eea17e15d2dd0092935ec71c98269ff4fe492eb6534b3c6baca1f48ea7376d", "15b459fd340458d8eaa5269296f9cfcccc3a3540942ef17f47637a73d59acc0a", "17704079963b83eb8a4aa50af808aa3f2facc1eaba7708b6715504806db95a64", "276fc674e4f232e25a17a67e53a98050265ec64a7698ad9bf56d3cc31ae0a732", "2acfbc4bb180b60e8b257795e5b66e51e3ceae0550a2187703d15dd929471673", "2c23d82a3f45947ef677c2a2a73d1900b27dc7a5b11c0e2464ad6270671c864c", "32a1ae5db46aeae9898d6c83a752d028b08e59b86f17c19e0d12287a5d42c857", "37a85828e7c787657ec66752d73db2ebcb85040b0fe9df689bb18067a304f954", "44bda2acfe872846b11d129916e66a5c158308266bbb2c5b4b659ae040bc6726", "46802ef2d4c318d394572f84218f8bf385edd63699c5fb762aef10fdac0a4878", "4a1371381fe29c6bf17b802e1671c3081687156df7c819fbe7bbe547dc3309a7", "4b837e51f59054694d52f242ebc18a12a4ecf5080a5d7858032f7f968377ccca", "50b7ce25bf5591612540b416e12022f3284ea2de470eec1aa7759e9c0aa3469f", "5dd087571c55d345f926cbaee71f752052881f44f99e7712e491fa2ad349933c", "695aba9d911967937babbe5dbcf038ea43d67290959fbcc199cd1cac0f437ba0", "698540018cbc00b2136dcb4951190309375b01498265db094549593e9f335aed", "6e02c443b09119b78fce3ca1340f8bbf25380ba485f7fab41f3bd7d3bddc3fe6", "70fb6ede7c66ae618cf6a2414d6e954926a9a83097607de52101f89e6606587e", "721968ba560a6e1d4def705be4279c5520a90015de5a08c1022448255d3d398e", "78f0cb383a71dd77a716fbe97052969ef11fc0fb4420dfad541d5e36a356f39f", "7b4e47a0fd6644dd709535a3fc834dd67ff7b15725310097fdc6185c52d3263d", "85c99a378706ee668d0cd1ce689540c47bfdb4d20ef05e0cff6db8224f351d06", "86aeab31d08fe304cf453e5284719df2bb93c4bbe953f30a340f95f0c1565ffd", "86b604054deed819b415cf0b9205aec58d7d6869b2d6ece99c90c4511dee90c8", "8940fb42531ac085c8eb5f396db6905750e9a158c267ad4545325173d5597640", "8b4299c33c412381cf5958f963131be1bdb376bd3a2e543569f80217a1adbff6", "8ccfac6dec7f459e9e3081d94bcb6136eca1125e07a18dbacf857e3a59294208", "9be08b699bfc84acebcaebef3ea7dff00da015f90d7c72740d5e808b1cc60607", "9c87b5506a11013b5fd3ea7e687d4bfc5629444ed66d49eb94a61a3066f01fa0", "a22633a9d66c44c15cd808f99f1c09a010a23d3681e7217ef6a8364675e266ab", "b3a650d9285aa1b2cde0965d83b5c5547958ec562cfe6021af61fc84f147c6a7", "bc03c2981b8044cd6fa2a528ef3975b7dd34753ff145d73ff86d312e19cae4f1", "bfbb44298cd3ed830cb38381f31bed5eca8c6fa6de90227625d22aaa7267ded0", "c03990a9d79700eddbca270c27a5e7a063eaef56da915e13bb7fa2cd385867ea", "c132475f9dbfa83b805f14d01c4b73101949879bcee6166a26981179dc260b8a", "c843bda9b571667c149e7fcfc6d4cc90c2b53695c0e17d74dbe12a9098a85cde", "c9e553877c56a0d3c4b2b8042397e3893bc22155baf12fab9c5ac9d25c3a7fc0", "cbff6d5d9dd39952900e89fe4c08ecdbd530ea64e63152a278c2c19d8439193d", "cf60b27c286f31065a0e935cbd96c18aa3131784de6ea767f977cc13e634634c", "cfc40238bcd21b2338047bbd04e6eeb0f78e6d543a10062c3b8ddcf0ccaa8792", "d5516322b517d505130449c12728e9998d86b81b1edc7b8bcea7d92283979e76", "d74e6d6fa3d6fc3379b0ba4b94bd8006dd1cf52d4f6e82d6939fc783b0352d53", "da29c4f5cd3e70aecc0de1931f2142d8486b2af54fb944dbbc6d6654de42d2e2", "ddd5734f8a6247a4f31a4893d1a993bcfd30a31b4318c9c0e77555e990c9c211", "e1146397f94c1b75b4a86f9a8534fa8ead69b8381704488ac118c4a07d5bb60f", "e561dacf1fe36f570475628528052abe9d08d3f000e09bb0107e0de9c84ca767", "e6aaf7d9cc71aab2758bc3a6b5b4f369994527b5a72c26fb2a572de119945f4d", "e836ee1411c8bc331ffb8cf6b46a686b86ac23f0615fea1427463eb82929a394", "fb4adb9b89055b9911281864ad51348f7bf718b472c2f65fd5dffbd8cd9aa3ac", "fe752eae5463835356519ec47d0df124338871b2c27b8deca631ade8839ef94d"], "iocs": {"domain": [], "file": [{"hashes": ["02c648162f41e0ec54b1787c99bb274b484adeeaecbc99554fcd4428a276406e", "07ace7fc4681b7d16fd6a76364cbb679b4447128b77123424c788058659e07e2", "0864a6c576429f1d5cb4a9529b016903bd8e368ae3c11527ef421e566b6b37ec", "0aaad800dbe8242fdc236b0d12cc3f0fade9c7d9ac02d2fc872f60075ec4dfa0", "143bee6fde9b3dee4f91e16e6925b6254848d9958f0c34ae1b8a5e7b444e8d63", "14eea17e15d2dd0092935ec71c98269ff4fe492eb6534b3c6baca1f48ea7376d", "15b459fd340458d8eaa5269296f9cfcccc3a3540942ef17f47637a73d59acc0a", "17704079963b83eb8a4aa50af808aa3f2facc1eaba7708b6715504806db95a64", "276fc674e4f232e25a17a67e53a98050265ec64a7698ad9bf56d3cc31ae0a732", "2acfbc4bb180b60e8b257795e5b66e51e3ceae0550a2187703d15dd929471673", "2c23d82a3f45947ef677c2a2a73d1900b27dc7a5b11c0e2464ad6270671c864c", "32a1ae5db46aeae9898d6c83a752d028b08e59b86f17c19e0d12287a5d42c857", "37a85828e7c787657ec66752d73db2ebcb85040b0fe9df689bb18067a304f954", "44bda2acfe872846b11d129916e66a5c158308266bbb2c5b4b659ae040bc6726", "4b837e51f59054694d52f242ebc18a12a4ecf5080a5d7858032f7f968377ccca", "50b7ce25bf5591612540b416e12022f3284ea2de470eec1aa7759e9c0aa3469f", "5dd087571c55d345f926cbaee71f752052881f44f99e7712e491fa2ad349933c", "695aba9d911967937babbe5dbcf038ea43d67290959fbcc199cd1cac0f437ba0", "698540018cbc00b2136dcb4951190309375b01498265db094549593e9f335aed", "6e02c443b09119b78fce3ca1340f8bbf25380ba485f7fab41f3bd7d3bddc3fe6", "70fb6ede7c66ae618cf6a2414d6e954926a9a83097607de52101f89e6606587e", "721968ba560a6e1d4def705be4279c5520a90015de5a08c1022448255d3d398e", "78f0cb383a71dd77a716fbe97052969ef11fc0fb4420dfad541d5e36a356f39f"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\filename.vbe"}, {"hashes": ["02c648162f41e0ec54b1787c99bb274b484adeeaecbc99554fcd4428a276406e", "07ace7fc4681b7d16fd6a76364cbb679b4447128b77123424c788058659e07e2", "0864a6c576429f1d5cb4a9529b016903bd8e368ae3c11527ef421e566b6b37ec", "0aaad800dbe8242fdc236b0d12cc3f0fade9c7d9ac02d2fc872f60075ec4dfa0", "143bee6fde9b3dee4f91e16e6925b6254848d9958f0c34ae1b8a5e7b444e8d63", "14eea17e15d2dd0092935ec71c98269ff4fe492eb6534b3c6baca1f48ea7376d", "15b459fd340458d8eaa5269296f9cfcccc3a3540942ef17f47637a73d59acc0a", "17704079963b83eb8a4aa50af808aa3f2facc1eaba7708b6715504806db95a64", "276fc674e4f232e25a17a67e53a98050265ec64a7698ad9bf56d3cc31ae0a732", "2acfbc4bb180b60e8b257795e5b66e51e3ceae0550a2187703d15dd929471673", "2c23d82a3f45947ef677c2a2a73d1900b27dc7a5b11c0e2464ad6270671c864c", "32a1ae5db46aeae9898d6c83a752d028b08e59b86f17c19e0d12287a5d42c857", "37a85828e7c787657ec66752d73db2ebcb85040b0fe9df689bb18067a304f954", "44bda2acfe872846b11d129916e66a5c158308266bbb2c5b4b659ae040bc6726", "4b837e51f59054694d52f242ebc18a12a4ecf5080a5d7858032f7f968377ccca", "50b7ce25bf5591612540b416e12022f3284ea2de470eec1aa7759e9c0aa3469f", "5dd087571c55d345f926cbaee71f752052881f44f99e7712e491fa2ad349933c", "695aba9d911967937babbe5dbcf038ea43d67290959fbcc199cd1cac0f437ba0", "698540018cbc00b2136dcb4951190309375b01498265db094549593e9f335aed", "6e02c443b09119b78fce3ca1340f8bbf25380ba485f7fab41f3bd7d3bddc3fe6", "70fb6ede7c66ae618cf6a2414d6e954926a9a83097607de52101f89e6606587e", "721968ba560a6e1d4def705be4279c5520a90015de5a08c1022448255d3d398e", "78f0cb383a71dd77a716fbe97052969ef11fc0fb4420dfad541d5e36a356f39f"], "path": "%APPDATA%\\subfolder"}, {"hashes": ["02c648162f41e0ec54b1787c99bb274b484adeeaecbc99554fcd4428a276406e", "07ace7fc4681b7d16fd6a76364cbb679b4447128b77123424c788058659e07e2", "0864a6c576429f1d5cb4a9529b016903bd8e368ae3c11527ef421e566b6b37ec", "0aaad800dbe8242fdc236b0d12cc3f0fade9c7d9ac02d2fc872f60075ec4dfa0", "143bee6fde9b3dee4f91e16e6925b6254848d9958f0c34ae1b8a5e7b444e8d63", "14eea17e15d2dd0092935ec71c98269ff4fe492eb6534b3c6baca1f48ea7376d", "15b459fd340458d8eaa5269296f9cfcccc3a3540942ef17f47637a73d59acc0a", "17704079963b83eb8a4aa50af808aa3f2facc1eaba7708b6715504806db95a64", "276fc674e4f232e25a17a67e53a98050265ec64a7698ad9bf56d3cc31ae0a732", "2acfbc4bb180b60e8b257795e5b66e51e3ceae0550a2187703d15dd929471673", "2c23d82a3f45947ef677c2a2a73d1900b27dc7a5b11c0e2464ad6270671c864c", "32a1ae5db46aeae9898d6c83a752d028b08e59b86f17c19e0d12287a5d42c857", "37a85828e7c787657ec66752d73db2ebcb85040b0fe9df689bb18067a304f954", "44bda2acfe872846b11d129916e66a5c158308266bbb2c5b4b659ae040bc6726", "4b837e51f59054694d52f242ebc18a12a4ecf5080a5d7858032f7f968377ccca", "50b7ce25bf5591612540b416e12022f3284ea2de470eec1aa7759e9c0aa3469f", "5dd087571c55d345f926cbaee71f752052881f44f99e7712e491fa2ad349933c", "695aba9d911967937babbe5dbcf038ea43d67290959fbcc199cd1cac0f437ba0", "698540018cbc00b2136dcb4951190309375b01498265db094549593e9f335aed", "6e02c443b09119b78fce3ca1340f8bbf25380ba485f7fab41f3bd7d3bddc3fe6", "70fb6ede7c66ae618cf6a2414d6e954926a9a83097607de52101f89e6606587e", "721968ba560a6e1d4def705be4279c5520a90015de5a08c1022448255d3d398e", "78f0cb383a71dd77a716fbe97052969ef11fc0fb4420dfad541d5e36a356f39f"], "path": "%APPDATA%\\subfolder\\filename.scr"}], "ip": [], "mutex": [], "registry": [{"hashes": ["02c648162f41e0ec54b1787c99bb274b484adeeaecbc99554fcd4428a276406e", "07ace7fc4681b7d16fd6a76364cbb679b4447128b77123424c788058659e07e2", "0864a6c576429f1d5cb4a9529b016903bd8e368ae3c11527ef421e566b6b37ec", "0aaad800dbe8242fdc236b0d12cc3f0fade9c7d9ac02d2fc872f60075ec4dfa0", "143bee6fde9b3dee4f91e16e6925b6254848d9958f0c34ae1b8a5e7b444e8d63", "14eea17e15d2dd0092935ec71c98269ff4fe492eb6534b3c6baca1f48ea7376d", "15b459fd340458d8eaa5269296f9cfcccc3a3540942ef17f47637a73d59acc0a", "17704079963b83eb8a4aa50af808aa3f2facc1eaba7708b6715504806db95a64", "276fc674e4f232e25a17a67e53a98050265ec64a7698ad9bf56d3cc31ae0a732", "2acfbc4bb180b60e8b257795e5b66e51e3ceae0550a2187703d15dd929471673", "2c23d82a3f45947ef677c2a2a73d1900b27dc7a5b11c0e2464ad6270671c864c", "32a1ae5db46aeae9898d6c83a752d028b08e59b86f17c19e0d12287a5d42c857", "37a85828e7c787657ec66752d73db2ebcb85040b0fe9df689bb18067a304f954", "44bda2acfe872846b11d129916e66a5c158308266bbb2c5b4b659ae040bc6726", "4b837e51f59054694d52f242ebc18a12a4ecf5080a5d7858032f7f968377ccca", "50b7ce25bf5591612540b416e12022f3284ea2de470eec1aa7759e9c0aa3469f", "5dd087571c55d345f926cbaee71f752052881f44f99e7712e491fa2ad349933c", "695aba9d911967937babbe5dbcf038ea43d67290959fbcc199cd1cac0f437ba0", "698540018cbc00b2136dcb4951190309375b01498265db094549593e9f335aed", "6e02c443b09119b78fce3ca1340f8bbf25380ba485f7fab41f3bd7d3bddc3fe6", "70fb6ede7c66ae618cf6a2414d6e954926a9a83097607de52101f89e6606587e", "721968ba560a6e1d4def705be4279c5520a90015de5a08c1022448255d3d398e", "78f0cb383a71dd77a716fbe97052969ef11fc0fb4420dfad541d5e36a356f39f"], "key": "<HKCU>\\SOFTWARE\\WINRAR", "value_name": null}, {"hashes": ["02c648162f41e0ec54b1787c99bb274b484adeeaecbc99554fcd4428a276406e", "07ace7fc4681b7d16fd6a76364cbb679b4447128b77123424c788058659e07e2", "0864a6c576429f1d5cb4a9529b016903bd8e368ae3c11527ef421e566b6b37ec", "0aaad800dbe8242fdc236b0d12cc3f0fade9c7d9ac02d2fc872f60075ec4dfa0", "143bee6fde9b3dee4f91e16e6925b6254848d9958f0c34ae1b8a5e7b444e8d63", "14eea17e15d2dd0092935ec71c98269ff4fe492eb6534b3c6baca1f48ea7376d", "15b459fd340458d8eaa5269296f9cfcccc3a3540942ef17f47637a73d59acc0a", "17704079963b83eb8a4aa50af808aa3f2facc1eaba7708b6715504806db95a64", "276fc674e4f232e25a17a67e53a98050265ec64a7698ad9bf56d3cc31ae0a732", "2acfbc4bb180b60e8b257795e5b66e51e3ceae0550a2187703d15dd929471673", "2c23d82a3f45947ef677c2a2a73d1900b27dc7a5b11c0e2464ad6270671c864c", "32a1ae5db46aeae9898d6c83a752d028b08e59b86f17c19e0d12287a5d42c857", "37a85828e7c787657ec66752d73db2ebcb85040b0fe9df689bb18067a304f954", "44bda2acfe872846b11d129916e66a5c158308266bbb2c5b4b659ae040bc6726", "4b837e51f59054694d52f242ebc18a12a4ecf5080a5d7858032f7f968377ccca", "50b7ce25bf5591612540b416e12022f3284ea2de470eec1aa7759e9c0aa3469f", "5dd087571c55d345f926cbaee71f752052881f44f99e7712e491fa2ad349933c", "695aba9d911967937babbe5dbcf038ea43d67290959fbcc199cd1cac0f437ba0", "698540018cbc00b2136dcb4951190309375b01498265db094549593e9f335aed", "6e02c443b09119b78fce3ca1340f8bbf25380ba485f7fab41f3bd7d3bddc3fe6", "70fb6ede7c66ae618cf6a2414d6e954926a9a83097607de52101f89e6606587e", "721968ba560a6e1d4def705be4279c5520a90015de5a08c1022448255d3d398e", "78f0cb383a71dd77a716fbe97052969ef11fc0fb4420dfad541d5e36a356f39f"], "key": "<HKCU>\\SOFTWARE\\WINRAR", "value_name": "HWID"}, {"hashes": ["02c648162f41e0ec54b1787c99bb274b484adeeaecbc99554fcd4428a276406e", "07ace7fc4681b7d16fd6a76364cbb679b4447128b77123424c788058659e07e2", "0864a6c576429f1d5cb4a9529b016903bd8e368ae3c11527ef421e566b6b37ec", "0aaad800dbe8242fdc236b0d12cc3f0fade9c7d9ac02d2fc872f60075ec4dfa0", "143bee6fde9b3dee4f91e16e6925b6254848d9958f0c34ae1b8a5e7b444e8d63", "14eea17e15d2dd0092935ec71c98269ff4fe492eb6534b3c6baca1f48ea7376d", "15b459fd340458d8eaa5269296f9cfcccc3a3540942ef17f47637a73d59acc0a", "17704079963b83eb8a4aa50af808aa3f2facc1eaba7708b6715504806db95a64", "276fc674e4f232e25a17a67e53a98050265ec64a7698ad9bf56d3cc31ae0a732", "2acfbc4bb180b60e8b257795e5b66e51e3ceae0550a2187703d15dd929471673", "2c23d82a3f45947ef677c2a2a73d1900b27dc7a5b11c0e2464ad6270671c864c", "32a1ae5db46aeae9898d6c83a752d028b08e59b86f17c19e0d12287a5d42c857", "37a85828e7c787657ec66752d73db2ebcb85040b0fe9df689bb18067a304f954", "44bda2acfe872846b11d129916e66a5c158308266bbb2c5b4b659ae040bc6726", "4b837e51f59054694d52f242ebc18a12a4ecf5080a5d7858032f7f968377ccca", "50b7ce25bf5591612540b416e12022f3284ea2de470eec1aa7759e9c0aa3469f", "5dd087571c55d345f926cbaee71f752052881f44f99e7712e491fa2ad349933c", "695aba9d911967937babbe5dbcf038ea43d67290959fbcc199cd1cac0f437ba0", "698540018cbc00b2136dcb4951190309375b01498265db094549593e9f335aed", "6e02c443b09119b78fce3ca1340f8bbf25380ba485f7fab41f3bd7d3bddc3fe6", "70fb6ede7c66ae618cf6a2414d6e954926a9a83097607de52101f89e6606587e", "721968ba560a6e1d4def705be4279c5520a90015de5a08c1022448255d3d398e", "78f0cb383a71dd77a716fbe97052969ef11fc0fb4420dfad541d5e36a356f39f"], "key": "<HKLM>\\SAM\\SAM\\DOMAINS\\ACCOUNT\\USERS\\000003E9", "value_name": "F"}, {"hashes": ["02c648162f41e0ec54b1787c99bb274b484adeeaecbc99554fcd4428a276406e", "07ace7fc4681b7d16fd6a76364cbb679b4447128b77123424c788058659e07e2", "0864a6c576429f1d5cb4a9529b016903bd8e368ae3c11527ef421e566b6b37ec", "0aaad800dbe8242fdc236b0d12cc3f0fade9c7d9ac02d2fc872f60075ec4dfa0", "143bee6fde9b3dee4f91e16e6925b6254848d9958f0c34ae1b8a5e7b444e8d63", "14eea17e15d2dd0092935ec71c98269ff4fe492eb6534b3c6baca1f48ea7376d", "15b459fd340458d8eaa5269296f9cfcccc3a3540942ef17f47637a73d59acc0a", "17704079963b83eb8a4aa50af808aa3f2facc1eaba7708b6715504806db95a64", "276fc674e4f232e25a17a67e53a98050265ec64a7698ad9bf56d3cc31ae0a732", "2acfbc4bb180b60e8b257795e5b66e51e3ceae0550a2187703d15dd929471673", "2c23d82a3f45947ef677c2a2a73d1900b27dc7a5b11c0e2464ad6270671c864c", "32a1ae5db46aeae9898d6c83a752d028b08e59b86f17c19e0d12287a5d42c857", "37a85828e7c787657ec66752d73db2ebcb85040b0fe9df689bb18067a304f954", "44bda2acfe872846b11d129916e66a5c158308266bbb2c5b4b659ae040bc6726", "4b837e51f59054694d52f242ebc18a12a4ecf5080a5d7858032f7f968377ccca", "50b7ce25bf5591612540b416e12022f3284ea2de470eec1aa7759e9c0aa3469f", "5dd087571c55d345f926cbaee71f752052881f44f99e7712e491fa2ad349933c", "695aba9d911967937babbe5dbcf038ea43d67290959fbcc199cd1cac0f437ba0", "698540018cbc00b2136dcb4951190309375b01498265db094549593e9f335aed", "6e02c443b09119b78fce3ca1340f8bbf25380ba485f7fab41f3bd7d3bddc3fe6", "70fb6ede7c66ae618cf6a2414d6e954926a9a83097607de52101f89e6606587e", "721968ba560a6e1d4def705be4279c5520a90015de5a08c1022448255d3d398e", "78f0cb383a71dd77a716fbe97052969ef11fc0fb4420dfad541d5e36a356f39f"], "key": "<HKLM>\\SAM\\SAM\\DOMAINS\\ACCOUNT\\USERS\\000001F5", "value_name": "F"}, {"hashes": ["02c648162f41e0ec54b1787c99bb274b484adeeaecbc99554fcd4428a276406e", "07ace7fc4681b7d16fd6a76364cbb679b4447128b77123424c788058659e07e2", "0864a6c576429f1d5cb4a9529b016903bd8e368ae3c11527ef421e566b6b37ec", "0aaad800dbe8242fdc236b0d12cc3f0fade9c7d9ac02d2fc872f60075ec4dfa0", "143bee6fde9b3dee4f91e16e6925b6254848d9958f0c34ae1b8a5e7b444e8d63", "14eea17e15d2dd0092935ec71c98269ff4fe492eb6534b3c6baca1f48ea7376d", "15b459fd340458d8eaa5269296f9cfcccc3a3540942ef17f47637a73d59acc0a", "17704079963b83eb8a4aa50af808aa3f2facc1eaba7708b6715504806db95a64", "276fc674e4f232e25a17a67e53a98050265ec64a7698ad9bf56d3cc31ae0a732", "2acfbc4bb180b60e8b257795e5b66e51e3ceae0550a2187703d15dd929471673", "2c23d82a3f45947ef677c2a2a73d1900b27dc7a5b11c0e2464ad6270671c864c", "32a1ae5db46aeae9898d6c83a752d028b08e59b86f17c19e0d12287a5d42c857", "37a85828e7c787657ec66752d73db2ebcb85040b0fe9df689bb18067a304f954", "44bda2acfe872846b11d129916e66a5c158308266bbb2c5b4b659ae040bc6726", "4b837e51f59054694d52f242ebc18a12a4ecf5080a5d7858032f7f968377ccca", "50b7ce25bf5591612540b416e12022f3284ea2de470eec1aa7759e9c0aa3469f", "5dd087571c55d345f926cbaee71f752052881f44f99e7712e491fa2ad349933c", "695aba9d911967937babbe5dbcf038ea43d67290959fbcc199cd1cac0f437ba0", "698540018cbc00b2136dcb4951190309375b01498265db094549593e9f335aed", "6e02c443b09119b78fce3ca1340f8bbf25380ba485f7fab41f3bd7d3bddc3fe6", "70fb6ede7c66ae618cf6a2414d6e954926a9a83097607de52101f89e6606587e", "721968ba560a6e1d4def705be4279c5520a90015de5a08c1022448255d3d398e", "78f0cb383a71dd77a716fbe97052969ef11fc0fb4420dfad541d5e36a356f39f"], "key": "<HKLM>\\SAM\\SAM\\DOMAINS\\ACCOUNT\\USERS\\000003EC", "value_name": "F"}]}, "reports_count": 25}, "Win.Dropper.HawkEye-9983397-0": {"bis": [{"bi": "antivirus-flagged-artifact", "hashes": ["1ea1014f69c680fcb2e23c10d56941508d7024bf04780b51e1f8d59bc45d2d87", "4aece62cf34ce60c1f16d75140f47bc21bfcaf48da5a6f9eca0e48a43ff5b6d4", "22280734efa0e527d7517fec07479a955d5cc70128558ace13489311f3aae2fa", "202ce3acdc22c7ad0761a03cdf5e15d593a4b0f6490815cc20dfed407b667f86", "00452dc6f78541178d6d024b47d0f4f928b17a9f14e770ebf0da15d87325737b", "fe619680c0acc53af4ea30910cdc3bead472206ebe3c5eb040e11d4cbea07b4e", "3c04cad716a78717ddb48470b954ab6bce9feecdb3adc7a74dee8ecb9b62b3a4", "64b20ed5668241744570462e85987d91671fee3e0a94ca1546b68dd59df95997", "8f10e57f73fc6f805908a3b36244ca92639500b5d08af601defd78498ec02b9c", "c9d2b04de15964130afc80e4a41c7f71da8425302f6aa7297c7b0fad2cf09205", "f50240e0f888e5e17cabc3d088c04f2de75ef5b8acd20e3551fcc0dc26c3407f", "89afbd7a372ee58c23edc29814c6faceeba8f7a9d82c0632a054577a491e748a", "aa264abc70a1d7eaf196bc83155a3764f5408b78e470f7bfa2fc3e81d60ee133", "1b583b41491e0c21eec87a0c150c234b5567906a42bd1b61ab1adb39e5b99efa", "873645150140fc2f57e2e205d6b5e7d5b45fc35099d75eebe4b9a0989b98df0e"], "mitre_attack_tags": []}, {"bi": "memory-execute-readwrite", "hashes": ["1ea1014f69c680fcb2e23c10d56941508d7024bf04780b51e1f8d59bc45d2d87", "4aece62cf34ce60c1f16d75140f47bc21bfcaf48da5a6f9eca0e48a43ff5b6d4", "22280734efa0e527d7517fec07479a955d5cc70128558ace13489311f3aae2fa", "202ce3acdc22c7ad0761a03cdf5e15d593a4b0f6490815cc20dfed407b667f86", "00452dc6f78541178d6d024b47d0f4f928b17a9f14e770ebf0da15d87325737b", "fe619680c0acc53af4ea30910cdc3bead472206ebe3c5eb040e11d4cbea07b4e", "3c04cad716a78717ddb48470b954ab6bce9feecdb3adc7a74dee8ecb9b62b3a4", "64b20ed5668241744570462e85987d91671fee3e0a94ca1546b68dd59df95997", "8f10e57f73fc6f805908a3b36244ca92639500b5d08af601defd78498ec02b9c", "c9d2b04de15964130afc80e4a41c7f71da8425302f6aa7297c7b0fad2cf09205", "f50240e0f888e5e17cabc3d088c04f2de75ef5b8acd20e3551fcc0dc26c3407f", "89afbd7a372ee58c23edc29814c6faceeba8f7a9d82c0632a054577a491e748a", "aa264abc70a1d7eaf196bc83155a3764f5408b78e470f7bfa2fc3e81d60ee133", "1b583b41491e0c21eec87a0c150c234b5567906a42bd1b61ab1adb39e5b99efa", "873645150140fc2f57e2e205d6b5e7d5b45fc35099d75eebe4b9a0989b98df0e"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "modified-executable", "hashes": ["1ea1014f69c680fcb2e23c10d56941508d7024bf04780b51e1f8d59bc45d2d87", "4aece62cf34ce60c1f16d75140f47bc21bfcaf48da5a6f9eca0e48a43ff5b6d4", "22280734efa0e527d7517fec07479a955d5cc70128558ace13489311f3aae2fa", "202ce3acdc22c7ad0761a03cdf5e15d593a4b0f6490815cc20dfed407b667f86", "00452dc6f78541178d6d024b47d0f4f928b17a9f14e770ebf0da15d87325737b", "fe619680c0acc53af4ea30910cdc3bead472206ebe3c5eb040e11d4cbea07b4e", "3c04cad716a78717ddb48470b954ab6bce9feecdb3adc7a74dee8ecb9b62b3a4", "64b20ed5668241744570462e85987d91671fee3e0a94ca1546b68dd59df95997", "8f10e57f73fc6f805908a3b36244ca92639500b5d08af601defd78498ec02b9c", "c9d2b04de15964130afc80e4a41c7f71da8425302f6aa7297c7b0fad2cf09205", "f50240e0f888e5e17cabc3d088c04f2de75ef5b8acd20e3551fcc0dc26c3407f", "89afbd7a372ee58c23edc29814c6faceeba8f7a9d82c0632a054577a491e748a", "aa264abc70a1d7eaf196bc83155a3764f5408b78e470f7bfa2fc3e81d60ee133", "1b583b41491e0c21eec87a0c150c234b5567906a42bd1b61ab1adb39e5b99efa", "873645150140fc2f57e2e205d6b5e7d5b45fc35099d75eebe4b9a0989b98df0e"], "mitre_attack_tags": []}, {"bi": "created-executable-in-user-dir", "hashes": ["1ea1014f69c680fcb2e23c10d56941508d7024bf04780b51e1f8d59bc45d2d87", "4aece62cf34ce60c1f16d75140f47bc21bfcaf48da5a6f9eca0e48a43ff5b6d4", "22280734efa0e527d7517fec07479a955d5cc70128558ace13489311f3aae2fa", "202ce3acdc22c7ad0761a03cdf5e15d593a4b0f6490815cc20dfed407b667f86", "00452dc6f78541178d6d024b47d0f4f928b17a9f14e770ebf0da15d87325737b", "fe619680c0acc53af4ea30910cdc3bead472206ebe3c5eb040e11d4cbea07b4e", "3c04cad716a78717ddb48470b954ab6bce9feecdb3adc7a74dee8ecb9b62b3a4", "64b20ed5668241744570462e85987d91671fee3e0a94ca1546b68dd59df95997", "8f10e57f73fc6f805908a3b36244ca92639500b5d08af601defd78498ec02b9c", "c9d2b04de15964130afc80e4a41c7f71da8425302f6aa7297c7b0fad2cf09205", "f50240e0f888e5e17cabc3d088c04f2de75ef5b8acd20e3551fcc0dc26c3407f", "89afbd7a372ee58c23edc29814c6faceeba8f7a9d82c0632a054577a491e748a", "aa264abc70a1d7eaf196bc83155a3764f5408b78e470f7bfa2fc3e81d60ee133", "1b583b41491e0c21eec87a0c150c234b5567906a42bd1b61ab1adb39e5b99efa", "873645150140fc2f57e2e205d6b5e7d5b45fc35099d75eebe4b9a0989b98df0e"], "mitre_attack_tags": []}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["1ea1014f69c680fcb2e23c10d56941508d7024bf04780b51e1f8d59bc45d2d87", "4aece62cf34ce60c1f16d75140f47bc21bfcaf48da5a6f9eca0e48a43ff5b6d4", "22280734efa0e527d7517fec07479a955d5cc70128558ace13489311f3aae2fa", "202ce3acdc22c7ad0761a03cdf5e15d593a4b0f6490815cc20dfed407b667f86", "00452dc6f78541178d6d024b47d0f4f928b17a9f14e770ebf0da15d87325737b", "fe619680c0acc53af4ea30910cdc3bead472206ebe3c5eb040e11d4cbea07b4e", "3c04cad716a78717ddb48470b954ab6bce9feecdb3adc7a74dee8ecb9b62b3a4", "64b20ed5668241744570462e85987d91671fee3e0a94ca1546b68dd59df95997", "8f10e57f73fc6f805908a3b36244ca92639500b5d08af601defd78498ec02b9c", "c9d2b04de15964130afc80e4a41c7f71da8425302f6aa7297c7b0fad2cf09205", "f50240e0f888e5e17cabc3d088c04f2de75ef5b8acd20e3551fcc0dc26c3407f", "89afbd7a372ee58c23edc29814c6faceeba8f7a9d82c0632a054577a491e748a", "aa264abc70a1d7eaf196bc83155a3764f5408b78e470f7bfa2fc3e81d60ee133", "1b583b41491e0c21eec87a0c150c234b5567906a42bd1b61ab1adb39e5b99efa", "873645150140fc2f57e2e205d6b5e7d5b45fc35099d75eebe4b9a0989b98df0e"], "mitre_attack_tags": []}, {"bi": "modified-file-in-user-dir", "hashes": ["1ea1014f69c680fcb2e23c10d56941508d7024bf04780b51e1f8d59bc45d2d87", "4aece62cf34ce60c1f16d75140f47bc21bfcaf48da5a6f9eca0e48a43ff5b6d4", "22280734efa0e527d7517fec07479a955d5cc70128558ace13489311f3aae2fa", "202ce3acdc22c7ad0761a03cdf5e15d593a4b0f6490815cc20dfed407b667f86", "00452dc6f78541178d6d024b47d0f4f928b17a9f14e770ebf0da15d87325737b", "fe619680c0acc53af4ea30910cdc3bead472206ebe3c5eb040e11d4cbea07b4e", "3c04cad716a78717ddb48470b954ab6bce9feecdb3adc7a74dee8ecb9b62b3a4", "64b20ed5668241744570462e85987d91671fee3e0a94ca1546b68dd59df95997", "8f10e57f73fc6f805908a3b36244ca92639500b5d08af601defd78498ec02b9c", "c9d2b04de15964130afc80e4a41c7f71da8425302f6aa7297c7b0fad2cf09205", "f50240e0f888e5e17cabc3d088c04f2de75ef5b8acd20e3551fcc0dc26c3407f", "89afbd7a372ee58c23edc29814c6faceeba8f7a9d82c0632a054577a491e748a", "aa264abc70a1d7eaf196bc83155a3764f5408b78e470f7bfa2fc3e81d60ee133", "1b583b41491e0c21eec87a0c150c234b5567906a42bd1b61ab1adb39e5b99efa", "873645150140fc2f57e2e205d6b5e7d5b45fc35099d75eebe4b9a0989b98df0e"], "mitre_attack_tags": []}, {"bi": "pe-invalid-checksum", "hashes": ["1ea1014f69c680fcb2e23c10d56941508d7024bf04780b51e1f8d59bc45d2d87", "4aece62cf34ce60c1f16d75140f47bc21bfcaf48da5a6f9eca0e48a43ff5b6d4", "22280734efa0e527d7517fec07479a955d5cc70128558ace13489311f3aae2fa", "202ce3acdc22c7ad0761a03cdf5e15d593a4b0f6490815cc20dfed407b667f86", "00452dc6f78541178d6d024b47d0f4f928b17a9f14e770ebf0da15d87325737b", "fe619680c0acc53af4ea30910cdc3bead472206ebe3c5eb040e11d4cbea07b4e", "3c04cad716a78717ddb48470b954ab6bce9feecdb3adc7a74dee8ecb9b62b3a4", "64b20ed5668241744570462e85987d91671fee3e0a94ca1546b68dd59df95997", "8f10e57f73fc6f805908a3b36244ca92639500b5d08af601defd78498ec02b9c", "c9d2b04de15964130afc80e4a41c7f71da8425302f6aa7297c7b0fad2cf09205", "f50240e0f888e5e17cabc3d088c04f2de75ef5b8acd20e3551fcc0dc26c3407f", "89afbd7a372ee58c23edc29814c6faceeba8f7a9d82c0632a054577a491e748a", "aa264abc70a1d7eaf196bc83155a3764f5408b78e470f7bfa2fc3e81d60ee133", "1b583b41491e0c21eec87a0c150c234b5567906a42bd1b61ab1adb39e5b99efa", "873645150140fc2f57e2e205d6b5e7d5b45fc35099d75eebe4b9a0989b98df0e"], "mitre_attack_tags": []}, {"bi": "pe-filename-mismatch", "hashes": ["1ea1014f69c680fcb2e23c10d56941508d7024bf04780b51e1f8d59bc45d2d87", "4aece62cf34ce60c1f16d75140f47bc21bfcaf48da5a6f9eca0e48a43ff5b6d4", "22280734efa0e527d7517fec07479a955d5cc70128558ace13489311f3aae2fa", "202ce3acdc22c7ad0761a03cdf5e15d593a4b0f6490815cc20dfed407b667f86", "00452dc6f78541178d6d024b47d0f4f928b17a9f14e770ebf0da15d87325737b", "fe619680c0acc53af4ea30910cdc3bead472206ebe3c5eb040e11d4cbea07b4e", "3c04cad716a78717ddb48470b954ab6bce9feecdb3adc7a74dee8ecb9b62b3a4", "64b20ed5668241744570462e85987d91671fee3e0a94ca1546b68dd59df95997", "8f10e57f73fc6f805908a3b36244ca92639500b5d08af601defd78498ec02b9c", "c9d2b04de15964130afc80e4a41c7f71da8425302f6aa7297c7b0fad2cf09205", "f50240e0f888e5e17cabc3d088c04f2de75ef5b8acd20e3551fcc0dc26c3407f", "89afbd7a372ee58c23edc29814c6faceeba8f7a9d82c0632a054577a491e748a", "aa264abc70a1d7eaf196bc83155a3764f5408b78e470f7bfa2fc3e81d60ee133", "1b583b41491e0c21eec87a0c150c234b5567906a42bd1b61ab1adb39e5b99efa", "873645150140fc2f57e2e205d6b5e7d5b45fc35099d75eebe4b9a0989b98df0e"], "mitre_attack_tags": []}, {"bi": "network-fast-flux-domain", "hashes": ["1ea1014f69c680fcb2e23c10d56941508d7024bf04780b51e1f8d59bc45d2d87", "4aece62cf34ce60c1f16d75140f47bc21bfcaf48da5a6f9eca0e48a43ff5b6d4", "22280734efa0e527d7517fec07479a955d5cc70128558ace13489311f3aae2fa", "202ce3acdc22c7ad0761a03cdf5e15d593a4b0f6490815cc20dfed407b667f86", "00452dc6f78541178d6d024b47d0f4f928b17a9f14e770ebf0da15d87325737b", "fe619680c0acc53af4ea30910cdc3bead472206ebe3c5eb040e11d4cbea07b4e", "3c04cad716a78717ddb48470b954ab6bce9feecdb3adc7a74dee8ecb9b62b3a4", "64b20ed5668241744570462e85987d91671fee3e0a94ca1546b68dd59df95997", "8f10e57f73fc6f805908a3b36244ca92639500b5d08af601defd78498ec02b9c", "c9d2b04de15964130afc80e4a41c7f71da8425302f6aa7297c7b0fad2cf09205", "f50240e0f888e5e17cabc3d088c04f2de75ef5b8acd20e3551fcc0dc26c3407f", "89afbd7a372ee58c23edc29814c6faceeba8f7a9d82c0632a054577a491e748a", "aa264abc70a1d7eaf196bc83155a3764f5408b78e470f7bfa2fc3e81d60ee133", "1b583b41491e0c21eec87a0c150c234b5567906a42bd1b61ab1adb39e5b99efa", "873645150140fc2f57e2e205d6b5e7d5b45fc35099d75eebe4b9a0989b98df0e"], "mitre_attack_tags": []}, {"bi": "network-communications-http-get", "hashes": ["1ea1014f69c680fcb2e23c10d56941508d7024bf04780b51e1f8d59bc45d2d87", "4aece62cf34ce60c1f16d75140f47bc21bfcaf48da5a6f9eca0e48a43ff5b6d4", "22280734efa0e527d7517fec07479a955d5cc70128558ace13489311f3aae2fa", "202ce3acdc22c7ad0761a03cdf5e15d593a4b0f6490815cc20dfed407b667f86", "00452dc6f78541178d6d024b47d0f4f928b17a9f14e770ebf0da15d87325737b", "fe619680c0acc53af4ea30910cdc3bead472206ebe3c5eb040e11d4cbea07b4e", "3c04cad716a78717ddb48470b954ab6bce9feecdb3adc7a74dee8ecb9b62b3a4", "64b20ed5668241744570462e85987d91671fee3e0a94ca1546b68dd59df95997", "8f10e57f73fc6f805908a3b36244ca92639500b5d08af601defd78498ec02b9c", "c9d2b04de15964130afc80e4a41c7f71da8425302f6aa7297c7b0fad2cf09205", "f50240e0f888e5e17cabc3d088c04f2de75ef5b8acd20e3551fcc0dc26c3407f", "89afbd7a372ee58c23edc29814c6faceeba8f7a9d82c0632a054577a491e748a", "aa264abc70a1d7eaf196bc83155a3764f5408b78e470f7bfa2fc3e81d60ee133", "1b583b41491e0c21eec87a0c150c234b5567906a42bd1b61ab1adb39e5b99efa", "873645150140fc2f57e2e205d6b5e7d5b45fc35099d75eebe4b9a0989b98df0e"], "mitre_attack_tags": ["TA0011", "T1105"]}, {"bi": "network-communications-smtp", "hashes": ["1ea1014f69c680fcb2e23c10d56941508d7024bf04780b51e1f8d59bc45d2d87", "4aece62cf34ce60c1f16d75140f47bc21bfcaf48da5a6f9eca0e48a43ff5b6d4", "22280734efa0e527d7517fec07479a955d5cc70128558ace13489311f3aae2fa", "202ce3acdc22c7ad0761a03cdf5e15d593a4b0f6490815cc20dfed407b667f86", "00452dc6f78541178d6d024b47d0f4f928b17a9f14e770ebf0da15d87325737b", "fe619680c0acc53af4ea30910cdc3bead472206ebe3c5eb040e11d4cbea07b4e", "3c04cad716a78717ddb48470b954ab6bce9feecdb3adc7a74dee8ecb9b62b3a4", "64b20ed5668241744570462e85987d91671fee3e0a94ca1546b68dd59df95997", "8f10e57f73fc6f805908a3b36244ca92639500b5d08af601defd78498ec02b9c", "c9d2b04de15964130afc80e4a41c7f71da8425302f6aa7297c7b0fad2cf09205", "f50240e0f888e5e17cabc3d088c04f2de75ef5b8acd20e3551fcc0dc26c3407f", "89afbd7a372ee58c23edc29814c6faceeba8f7a9d82c0632a054577a491e748a", "aa264abc70a1d7eaf196bc83155a3764f5408b78e470f7bfa2fc3e81d60ee133", "1b583b41491e0c21eec87a0c150c234b5567906a42bd1b61ab1adb39e5b99efa", "873645150140fc2f57e2e205d6b5e7d5b45fc35099d75eebe4b9a0989b98df0e"], "mitre_attack_tags": ["TA0011", "T1071"]}, {"bi": "network-smtp-spambot", "hashes": ["1ea1014f69c680fcb2e23c10d56941508d7024bf04780b51e1f8d59bc45d2d87", "4aece62cf34ce60c1f16d75140f47bc21bfcaf48da5a6f9eca0e48a43ff5b6d4", "22280734efa0e527d7517fec07479a955d5cc70128558ace13489311f3aae2fa", "202ce3acdc22c7ad0761a03cdf5e15d593a4b0f6490815cc20dfed407b667f86", "00452dc6f78541178d6d024b47d0f4f928b17a9f14e770ebf0da15d87325737b", "fe619680c0acc53af4ea30910cdc3bead472206ebe3c5eb040e11d4cbea07b4e", "3c04cad716a78717ddb48470b954ab6bce9feecdb3adc7a74dee8ecb9b62b3a4", "64b20ed5668241744570462e85987d91671fee3e0a94ca1546b68dd59df95997", "8f10e57f73fc6f805908a3b36244ca92639500b5d08af601defd78498ec02b9c", "c9d2b04de15964130afc80e4a41c7f71da8425302f6aa7297c7b0fad2cf09205", "f50240e0f888e5e17cabc3d088c04f2de75ef5b8acd20e3551fcc0dc26c3407f", "89afbd7a372ee58c23edc29814c6faceeba8f7a9d82c0632a054577a491e748a", "aa264abc70a1d7eaf196bc83155a3764f5408b78e470f7bfa2fc3e81d60ee133", "1b583b41491e0c21eec87a0c150c234b5567906a42bd1b61ab1adb39e5b99efa", "873645150140fc2f57e2e205d6b5e7d5b45fc35099d75eebe4b9a0989b98df0e"], "mitre_attack_tags": []}, {"bi": "network-only-safe-domains-contacted", "hashes": ["1ea1014f69c680fcb2e23c10d56941508d7024bf04780b51e1f8d59bc45d2d87", "4aece62cf34ce60c1f16d75140f47bc21bfcaf48da5a6f9eca0e48a43ff5b6d4", "22280734efa0e527d7517fec07479a955d5cc70128558ace13489311f3aae2fa", "202ce3acdc22c7ad0761a03cdf5e15d593a4b0f6490815cc20dfed407b667f86", "00452dc6f78541178d6d024b47d0f4f928b17a9f14e770ebf0da15d87325737b", "fe619680c0acc53af4ea30910cdc3bead472206ebe3c5eb040e11d4cbea07b4e", "3c04cad716a78717ddb48470b954ab6bce9feecdb3adc7a74dee8ecb9b62b3a4", "64b20ed5668241744570462e85987d91671fee3e0a94ca1546b68dd59df95997", "8f10e57f73fc6f805908a3b36244ca92639500b5d08af601defd78498ec02b9c", "c9d2b04de15964130afc80e4a41c7f71da8425302f6aa7297c7b0fad2cf09205", "f50240e0f888e5e17cabc3d088c04f2de75ef5b8acd20e3551fcc0dc26c3407f", "89afbd7a372ee58c23edc29814c6faceeba8f7a9d82c0632a054577a491e748a", "aa264abc70a1d7eaf196bc83155a3764f5408b78e470f7bfa2fc3e81d60ee133", "1b583b41491e0c21eec87a0c150c234b5567906a42bd1b61ab1adb39e5b99efa", "873645150140fc2f57e2e205d6b5e7d5b45fc35099d75eebe4b9a0989b98df0e"], "mitre_attack_tags": []}, {"bi": "feed-domain-rat", "hashes": ["1ea1014f69c680fcb2e23c10d56941508d7024bf04780b51e1f8d59bc45d2d87", "4aece62cf34ce60c1f16d75140f47bc21bfcaf48da5a6f9eca0e48a43ff5b6d4", "22280734efa0e527d7517fec07479a955d5cc70128558ace13489311f3aae2fa", "202ce3acdc22c7ad0761a03cdf5e15d593a4b0f6490815cc20dfed407b667f86", "00452dc6f78541178d6d024b47d0f4f928b17a9f14e770ebf0da15d87325737b", "fe619680c0acc53af4ea30910cdc3bead472206ebe3c5eb040e11d4cbea07b4e", "3c04cad716a78717ddb48470b954ab6bce9feecdb3adc7a74dee8ecb9b62b3a4", "64b20ed5668241744570462e85987d91671fee3e0a94ca1546b68dd59df95997", "8f10e57f73fc6f805908a3b36244ca92639500b5d08af601defd78498ec02b9c", "c9d2b04de15964130afc80e4a41c7f71da8425302f6aa7297c7b0fad2cf09205", "f50240e0f888e5e17cabc3d088c04f2de75ef5b8acd20e3551fcc0dc26c3407f", "89afbd7a372ee58c23edc29814c6faceeba8f7a9d82c0632a054577a491e748a", "aa264abc70a1d7eaf196bc83155a3764f5408b78e470f7bfa2fc3e81d60ee133", "1b583b41491e0c21eec87a0c150c234b5567906a42bd1b61ab1adb39e5b99efa", "873645150140fc2f57e2e205d6b5e7d5b45fc35099d75eebe4b9a0989b98df0e"], "mitre_attack_tags": []}, {"bi": "network-smtp-spambot-v2", "hashes": ["1ea1014f69c680fcb2e23c10d56941508d7024bf04780b51e1f8d59bc45d2d87", "4aece62cf34ce60c1f16d75140f47bc21bfcaf48da5a6f9eca0e48a43ff5b6d4", "22280734efa0e527d7517fec07479a955d5cc70128558ace13489311f3aae2fa", "202ce3acdc22c7ad0761a03cdf5e15d593a4b0f6490815cc20dfed407b667f86", "00452dc6f78541178d6d024b47d0f4f928b17a9f14e770ebf0da15d87325737b", "fe619680c0acc53af4ea30910cdc3bead472206ebe3c5eb040e11d4cbea07b4e", "3c04cad716a78717ddb48470b954ab6bce9feecdb3adc7a74dee8ecb9b62b3a4", "64b20ed5668241744570462e85987d91671fee3e0a94ca1546b68dd59df95997", "8f10e57f73fc6f805908a3b36244ca92639500b5d08af601defd78498ec02b9c", "c9d2b04de15964130afc80e4a41c7f71da8425302f6aa7297c7b0fad2cf09205", "f50240e0f888e5e17cabc3d088c04f2de75ef5b8acd20e3551fcc0dc26c3407f", "89afbd7a372ee58c23edc29814c6faceeba8f7a9d82c0632a054577a491e748a", "aa264abc70a1d7eaf196bc83155a3764f5408b78e470f7bfa2fc3e81d60ee133", "1b583b41491e0c21eec87a0c150c234b5567906a42bd1b61ab1adb39e5b99efa", "873645150140fc2f57e2e205d6b5e7d5b45fc35099d75eebe4b9a0989b98df0e"], "mitre_attack_tags": []}, {"bi": "feed-domain-antivirus-service", "hashes": ["1ea1014f69c680fcb2e23c10d56941508d7024bf04780b51e1f8d59bc45d2d87", "4aece62cf34ce60c1f16d75140f47bc21bfcaf48da5a6f9eca0e48a43ff5b6d4", "22280734efa0e527d7517fec07479a955d5cc70128558ace13489311f3aae2fa", "202ce3acdc22c7ad0761a03cdf5e15d593a4b0f6490815cc20dfed407b667f86", "00452dc6f78541178d6d024b47d0f4f928b17a9f14e770ebf0da15d87325737b", "fe619680c0acc53af4ea30910cdc3bead472206ebe3c5eb040e11d4cbea07b4e", "3c04cad716a78717ddb48470b954ab6bce9feecdb3adc7a74dee8ecb9b62b3a4", "64b20ed5668241744570462e85987d91671fee3e0a94ca1546b68dd59df95997", "8f10e57f73fc6f805908a3b36244ca92639500b5d08af601defd78498ec02b9c", "c9d2b04de15964130afc80e4a41c7f71da8425302f6aa7297c7b0fad2cf09205", "f50240e0f888e5e17cabc3d088c04f2de75ef5b8acd20e3551fcc0dc26c3407f", "89afbd7a372ee58c23edc29814c6faceeba8f7a9d82c0632a054577a491e748a", "aa264abc70a1d7eaf196bc83155a3764f5408b78e470f7bfa2fc3e81d60ee133", "1b583b41491e0c21eec87a0c150c234b5567906a42bd1b61ab1adb39e5b99efa", "873645150140fc2f57e2e205d6b5e7d5b45fc35099d75eebe4b9a0989b98df0e"], "mitre_attack_tags": []}, {"bi": "file-ini-read", "hashes": ["1ea1014f69c680fcb2e23c10d56941508d7024bf04780b51e1f8d59bc45d2d87", "4aece62cf34ce60c1f16d75140f47bc21bfcaf48da5a6f9eca0e48a43ff5b6d4", "22280734efa0e527d7517fec07479a955d5cc70128558ace13489311f3aae2fa", "202ce3acdc22c7ad0761a03cdf5e15d593a4b0f6490815cc20dfed407b667f86", "00452dc6f78541178d6d024b47d0f4f928b17a9f14e770ebf0da15d87325737b", "fe619680c0acc53af4ea30910cdc3bead472206ebe3c5eb040e11d4cbea07b4e", "3c04cad716a78717ddb48470b954ab6bce9feecdb3adc7a74dee8ecb9b62b3a4", "64b20ed5668241744570462e85987d91671fee3e0a94ca1546b68dd59df95997", "8f10e57f73fc6f805908a3b36244ca92639500b5d08af601defd78498ec02b9c", "c9d2b04de15964130afc80e4a41c7f71da8425302f6aa7297c7b0fad2cf09205", "f50240e0f888e5e17cabc3d088c04f2de75ef5b8acd20e3551fcc0dc26c3407f", "89afbd7a372ee58c23edc29814c6faceeba8f7a9d82c0632a054577a491e748a", "aa264abc70a1d7eaf196bc83155a3764f5408b78e470f7bfa2fc3e81d60ee133", "1b583b41491e0c21eec87a0c150c234b5567906a42bd1b61ab1adb39e5b99efa", "873645150140fc2f57e2e205d6b5e7d5b45fc35099d75eebe4b9a0989b98df0e"], "mitre_attack_tags": []}, {"bi": "excessive-foreign-memory-modification", "hashes": ["1ea1014f69c680fcb2e23c10d56941508d7024bf04780b51e1f8d59bc45d2d87", "4aece62cf34ce60c1f16d75140f47bc21bfcaf48da5a6f9eca0e48a43ff5b6d4", "22280734efa0e527d7517fec07479a955d5cc70128558ace13489311f3aae2fa", "202ce3acdc22c7ad0761a03cdf5e15d593a4b0f6490815cc20dfed407b667f86", "00452dc6f78541178d6d024b47d0f4f928b17a9f14e770ebf0da15d87325737b", "fe619680c0acc53af4ea30910cdc3bead472206ebe3c5eb040e11d4cbea07b4e", "3c04cad716a78717ddb48470b954ab6bce9feecdb3adc7a74dee8ecb9b62b3a4", "64b20ed5668241744570462e85987d91671fee3e0a94ca1546b68dd59df95997", "8f10e57f73fc6f805908a3b36244ca92639500b5d08af601defd78498ec02b9c", "c9d2b04de15964130afc80e4a41c7f71da8425302f6aa7297c7b0fad2cf09205", "f50240e0f888e5e17cabc3d088c04f2de75ef5b8acd20e3551fcc0dc26c3407f", "89afbd7a372ee58c23edc29814c6faceeba8f7a9d82c0632a054577a491e748a", "aa264abc70a1d7eaf196bc83155a3764f5408b78e470f7bfa2fc3e81d60ee133", "1b583b41491e0c21eec87a0c150c234b5567906a42bd1b61ab1adb39e5b99efa", "873645150140fc2f57e2e205d6b5e7d5b45fc35099d75eebe4b9a0989b98df0e"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "windows-vault-api", "hashes": ["1ea1014f69c680fcb2e23c10d56941508d7024bf04780b51e1f8d59bc45d2d87", "4aece62cf34ce60c1f16d75140f47bc21bfcaf48da5a6f9eca0e48a43ff5b6d4", "22280734efa0e527d7517fec07479a955d5cc70128558ace13489311f3aae2fa", "202ce3acdc22c7ad0761a03cdf5e15d593a4b0f6490815cc20dfed407b667f86", "00452dc6f78541178d6d024b47d0f4f928b17a9f14e770ebf0da15d87325737b", "fe619680c0acc53af4ea30910cdc3bead472206ebe3c5eb040e11d4cbea07b4e", "3c04cad716a78717ddb48470b954ab6bce9feecdb3adc7a74dee8ecb9b62b3a4", "64b20ed5668241744570462e85987d91671fee3e0a94ca1546b68dd59df95997", "8f10e57f73fc6f805908a3b36244ca92639500b5d08af601defd78498ec02b9c", "c9d2b04de15964130afc80e4a41c7f71da8425302f6aa7297c7b0fad2cf09205", "f50240e0f888e5e17cabc3d088c04f2de75ef5b8acd20e3551fcc0dc26c3407f", "89afbd7a372ee58c23edc29814c6faceeba8f7a9d82c0632a054577a491e748a", "aa264abc70a1d7eaf196bc83155a3764f5408b78e470f7bfa2fc3e81d60ee133", "1b583b41491e0c21eec87a0c150c234b5567906a42bd1b61ab1adb39e5b99efa", "873645150140fc2f57e2e205d6b5e7d5b45fc35099d75eebe4b9a0989b98df0e"], "mitre_attack_tags": ["TA0006", "T1003", "T1555"]}, {"bi": "pe-uses-visual-basic", "hashes": ["1ea1014f69c680fcb2e23c10d56941508d7024bf04780b51e1f8d59bc45d2d87", "4aece62cf34ce60c1f16d75140f47bc21bfcaf48da5a6f9eca0e48a43ff5b6d4", "22280734efa0e527d7517fec07479a955d5cc70128558ace13489311f3aae2fa", "202ce3acdc22c7ad0761a03cdf5e15d593a4b0f6490815cc20dfed407b667f86", "00452dc6f78541178d6d024b47d0f4f928b17a9f14e770ebf0da15d87325737b", "fe619680c0acc53af4ea30910cdc3bead472206ebe3c5eb040e11d4cbea07b4e", "3c04cad716a78717ddb48470b954ab6bce9feecdb3adc7a74dee8ecb9b62b3a4", "64b20ed5668241744570462e85987d91671fee3e0a94ca1546b68dd59df95997", "8f10e57f73fc6f805908a3b36244ca92639500b5d08af601defd78498ec02b9c", "c9d2b04de15964130afc80e4a41c7f71da8425302f6aa7297c7b0fad2cf09205", "f50240e0f888e5e17cabc3d088c04f2de75ef5b8acd20e3551fcc0dc26c3407f", "89afbd7a372ee58c23edc29814c6faceeba8f7a9d82c0632a054577a491e748a", "aa264abc70a1d7eaf196bc83155a3764f5408b78e470f7bfa2fc3e81d60ee133", "1b583b41491e0c21eec87a0c150c234b5567906a42bd1b61ab1adb39e5b99efa", "873645150140fc2f57e2e205d6b5e7d5b45fc35099d75eebe4b9a0989b98df0e"], "mitre_attack_tags": []}, {"bi": "firefox-password-manager-local-database-access", "hashes": ["1ea1014f69c680fcb2e23c10d56941508d7024bf04780b51e1f8d59bc45d2d87", "4aece62cf34ce60c1f16d75140f47bc21bfcaf48da5a6f9eca0e48a43ff5b6d4", "22280734efa0e527d7517fec07479a955d5cc70128558ace13489311f3aae2fa", "202ce3acdc22c7ad0761a03cdf5e15d593a4b0f6490815cc20dfed407b667f86", "00452dc6f78541178d6d024b47d0f4f928b17a9f14e770ebf0da15d87325737b", "fe619680c0acc53af4ea30910cdc3bead472206ebe3c5eb040e11d4cbea07b4e", "3c04cad716a78717ddb48470b954ab6bce9feecdb3adc7a74dee8ecb9b62b3a4", "64b20ed5668241744570462e85987d91671fee3e0a94ca1546b68dd59df95997", "8f10e57f73fc6f805908a3b36244ca92639500b5d08af601defd78498ec02b9c", "c9d2b04de15964130afc80e4a41c7f71da8425302f6aa7297c7b0fad2cf09205", "f50240e0f888e5e17cabc3d088c04f2de75ef5b8acd20e3551fcc0dc26c3407f", "89afbd7a372ee58c23edc29814c6faceeba8f7a9d82c0632a054577a491e748a", "aa264abc70a1d7eaf196bc83155a3764f5408b78e470f7bfa2fc3e81d60ee133", "1b583b41491e0c21eec87a0c150c234b5567906a42bd1b61ab1adb39e5b99efa", "873645150140fc2f57e2e205d6b5e7d5b45fc35099d75eebe4b9a0989b98df0e"], "mitre_attack_tags": ["TA0006", "T1003"]}, {"bi": "malware-known-trojan-av", "hashes": ["1ea1014f69c680fcb2e23c10d56941508d7024bf04780b51e1f8d59bc45d2d87", "4aece62cf34ce60c1f16d75140f47bc21bfcaf48da5a6f9eca0e48a43ff5b6d4", "22280734efa0e527d7517fec07479a955d5cc70128558ace13489311f3aae2fa", "202ce3acdc22c7ad0761a03cdf5e15d593a4b0f6490815cc20dfed407b667f86", "00452dc6f78541178d6d024b47d0f4f928b17a9f14e770ebf0da15d87325737b", "fe619680c0acc53af4ea30910cdc3bead472206ebe3c5eb040e11d4cbea07b4e", "3c04cad716a78717ddb48470b954ab6bce9feecdb3adc7a74dee8ecb9b62b3a4", "64b20ed5668241744570462e85987d91671fee3e0a94ca1546b68dd59df95997", "8f10e57f73fc6f805908a3b36244ca92639500b5d08af601defd78498ec02b9c", "c9d2b04de15964130afc80e4a41c7f71da8425302f6aa7297c7b0fad2cf09205", "f50240e0f888e5e17cabc3d088c04f2de75ef5b8acd20e3551fcc0dc26c3407f", "89afbd7a372ee58c23edc29814c6faceeba8f7a9d82c0632a054577a491e748a", "aa264abc70a1d7eaf196bc83155a3764f5408b78e470f7bfa2fc3e81d60ee133", "1b583b41491e0c21eec87a0c150c234b5567906a42bd1b61ab1adb39e5b99efa", "873645150140fc2f57e2e205d6b5e7d5b45fc35099d75eebe4b9a0989b98df0e"], "mitre_attack_tags": []}, {"bi": "enumeration-browser-information", "hashes": ["1ea1014f69c680fcb2e23c10d56941508d7024bf04780b51e1f8d59bc45d2d87", "4aece62cf34ce60c1f16d75140f47bc21bfcaf48da5a6f9eca0e48a43ff5b6d4", "22280734efa0e527d7517fec07479a955d5cc70128558ace13489311f3aae2fa", "202ce3acdc22c7ad0761a03cdf5e15d593a4b0f6490815cc20dfed407b667f86", "00452dc6f78541178d6d024b47d0f4f928b17a9f14e770ebf0da15d87325737b", "fe619680c0acc53af4ea30910cdc3bead472206ebe3c5eb040e11d4cbea07b4e", "3c04cad716a78717ddb48470b954ab6bce9feecdb3adc7a74dee8ecb9b62b3a4", "64b20ed5668241744570462e85987d91671fee3e0a94ca1546b68dd59df95997", "8f10e57f73fc6f805908a3b36244ca92639500b5d08af601defd78498ec02b9c", "c9d2b04de15964130afc80e4a41c7f71da8425302f6aa7297c7b0fad2cf09205", "f50240e0f888e5e17cabc3d088c04f2de75ef5b8acd20e3551fcc0dc26c3407f", "89afbd7a372ee58c23edc29814c6faceeba8f7a9d82c0632a054577a491e748a", "aa264abc70a1d7eaf196bc83155a3764f5408b78e470f7bfa2fc3e81d60ee133", "1b583b41491e0c21eec87a0c150c234b5567906a42bd1b61ab1adb39e5b99efa", "873645150140fc2f57e2e205d6b5e7d5b45fc35099d75eebe4b9a0989b98df0e"], "mitre_attack_tags": ["TA0007", "TA0009", "TA0006", "T1083", "T1217", "T1005", "T1119", "T1552", "T1539", "T1555"]}, {"bi": "sample-launched-copy-of-self", "hashes": ["1ea1014f69c680fcb2e23c10d56941508d7024bf04780b51e1f8d59bc45d2d87", "4aece62cf34ce60c1f16d75140f47bc21bfcaf48da5a6f9eca0e48a43ff5b6d4", "22280734efa0e527d7517fec07479a955d5cc70128558ace13489311f3aae2fa", "202ce3acdc22c7ad0761a03cdf5e15d593a4b0f6490815cc20dfed407b667f86", "00452dc6f78541178d6d024b47d0f4f928b17a9f14e770ebf0da15d87325737b", "fe619680c0acc53af4ea30910cdc3bead472206ebe3c5eb040e11d4cbea07b4e", "3c04cad716a78717ddb48470b954ab6bce9feecdb3adc7a74dee8ecb9b62b3a4", "64b20ed5668241744570462e85987d91671fee3e0a94ca1546b68dd59df95997", "8f10e57f73fc6f805908a3b36244ca92639500b5d08af601defd78498ec02b9c", "c9d2b04de15964130afc80e4a41c7f71da8425302f6aa7297c7b0fad2cf09205", "f50240e0f888e5e17cabc3d088c04f2de75ef5b8acd20e3551fcc0dc26c3407f", "89afbd7a372ee58c23edc29814c6faceeba8f7a9d82c0632a054577a491e748a", "aa264abc70a1d7eaf196bc83155a3764f5408b78e470f7bfa2fc3e81d60ee133", "1b583b41491e0c21eec87a0c150c234b5567906a42bd1b61ab1adb39e5b99efa", "873645150140fc2f57e2e205d6b5e7d5b45fc35099d75eebe4b9a0989b98df0e"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "listening-port-opened", "hashes": ["1ea1014f69c680fcb2e23c10d56941508d7024bf04780b51e1f8d59bc45d2d87", "4aece62cf34ce60c1f16d75140f47bc21bfcaf48da5a6f9eca0e48a43ff5b6d4", "22280734efa0e527d7517fec07479a955d5cc70128558ace13489311f3aae2fa", "202ce3acdc22c7ad0761a03cdf5e15d593a4b0f6490815cc20dfed407b667f86", "00452dc6f78541178d6d024b47d0f4f928b17a9f14e770ebf0da15d87325737b", "fe619680c0acc53af4ea30910cdc3bead472206ebe3c5eb040e11d4cbea07b4e", "3c04cad716a78717ddb48470b954ab6bce9feecdb3adc7a74dee8ecb9b62b3a4", "64b20ed5668241744570462e85987d91671fee3e0a94ca1546b68dd59df95997", "8f10e57f73fc6f805908a3b36244ca92639500b5d08af601defd78498ec02b9c", "c9d2b04de15964130afc80e4a41c7f71da8425302f6aa7297c7b0fad2cf09205", "f50240e0f888e5e17cabc3d088c04f2de75ef5b8acd20e3551fcc0dc26c3407f", "89afbd7a372ee58c23edc29814c6faceeba8f7a9d82c0632a054577a491e748a", "aa264abc70a1d7eaf196bc83155a3764f5408b78e470f7bfa2fc3e81d60ee133", "1b583b41491e0c21eec87a0c150c234b5567906a42bd1b61ab1adb39e5b99efa", "873645150140fc2f57e2e205d6b5e7d5b45fc35099d75eebe4b9a0989b98df0e"], "mitre_attack_tags": ["TA0011", "T1219"]}, {"bi": "network-http-blank-user-agent", "hashes": ["1ea1014f69c680fcb2e23c10d56941508d7024bf04780b51e1f8d59bc45d2d87", "4aece62cf34ce60c1f16d75140f47bc21bfcaf48da5a6f9eca0e48a43ff5b6d4", "22280734efa0e527d7517fec07479a955d5cc70128558ace13489311f3aae2fa", "202ce3acdc22c7ad0761a03cdf5e15d593a4b0f6490815cc20dfed407b667f86", "00452dc6f78541178d6d024b47d0f4f928b17a9f14e770ebf0da15d87325737b", "fe619680c0acc53af4ea30910cdc3bead472206ebe3c5eb040e11d4cbea07b4e", "3c04cad716a78717ddb48470b954ab6bce9feecdb3adc7a74dee8ecb9b62b3a4", "64b20ed5668241744570462e85987d91671fee3e0a94ca1546b68dd59df95997", "8f10e57f73fc6f805908a3b36244ca92639500b5d08af601defd78498ec02b9c", "c9d2b04de15964130afc80e4a41c7f71da8425302f6aa7297c7b0fad2cf09205", "f50240e0f888e5e17cabc3d088c04f2de75ef5b8acd20e3551fcc0dc26c3407f", "89afbd7a372ee58c23edc29814c6faceeba8f7a9d82c0632a054577a491e748a", "aa264abc70a1d7eaf196bc83155a3764f5408b78e470f7bfa2fc3e81d60ee133", "1b583b41491e0c21eec87a0c150c234b5567906a42bd1b61ab1adb39e5b99efa", "873645150140fc2f57e2e205d6b5e7d5b45fc35099d75eebe4b9a0989b98df0e"], "mitre_attack_tags": ["TA0011", "T1071"]}, {"bi": "public-ip-address-identification-attempt", "hashes": ["1ea1014f69c680fcb2e23c10d56941508d7024bf04780b51e1f8d59bc45d2d87", "4aece62cf34ce60c1f16d75140f47bc21bfcaf48da5a6f9eca0e48a43ff5b6d4", "22280734efa0e527d7517fec07479a955d5cc70128558ace13489311f3aae2fa", "202ce3acdc22c7ad0761a03cdf5e15d593a4b0f6490815cc20dfed407b667f86", "00452dc6f78541178d6d024b47d0f4f928b17a9f14e770ebf0da15d87325737b", "fe619680c0acc53af4ea30910cdc3bead472206ebe3c5eb040e11d4cbea07b4e", "3c04cad716a78717ddb48470b954ab6bce9feecdb3adc7a74dee8ecb9b62b3a4", "64b20ed5668241744570462e85987d91671fee3e0a94ca1546b68dd59df95997", "8f10e57f73fc6f805908a3b36244ca92639500b5d08af601defd78498ec02b9c", "c9d2b04de15964130afc80e4a41c7f71da8425302f6aa7297c7b0fad2cf09205", "f50240e0f888e5e17cabc3d088c04f2de75ef5b8acd20e3551fcc0dc26c3407f", "89afbd7a372ee58c23edc29814c6faceeba8f7a9d82c0632a054577a491e748a", "aa264abc70a1d7eaf196bc83155a3764f5408b78e470f7bfa2fc3e81d60ee133", "1b583b41491e0c21eec87a0c150c234b5567906a42bd1b61ab1adb39e5b99efa", "873645150140fc2f57e2e205d6b5e7d5b45fc35099d75eebe4b9a0989b98df0e"], "mitre_attack_tags": ["TA0007", "T1082", "T1016"]}, {"bi": "feed-public-ip-check-dns", "hashes": ["1ea1014f69c680fcb2e23c10d56941508d7024bf04780b51e1f8d59bc45d2d87", "4aece62cf34ce60c1f16d75140f47bc21bfcaf48da5a6f9eca0e48a43ff5b6d4", "22280734efa0e527d7517fec07479a955d5cc70128558ace13489311f3aae2fa", "202ce3acdc22c7ad0761a03cdf5e15d593a4b0f6490815cc20dfed407b667f86", "00452dc6f78541178d6d024b47d0f4f928b17a9f14e770ebf0da15d87325737b", "fe619680c0acc53af4ea30910cdc3bead472206ebe3c5eb040e11d4cbea07b4e", "3c04cad716a78717ddb48470b954ab6bce9feecdb3adc7a74dee8ecb9b62b3a4", "64b20ed5668241744570462e85987d91671fee3e0a94ca1546b68dd59df95997", "8f10e57f73fc6f805908a3b36244ca92639500b5d08af601defd78498ec02b9c", "c9d2b04de15964130afc80e4a41c7f71da8425302f6aa7297c7b0fad2cf09205", "f50240e0f888e5e17cabc3d088c04f2de75ef5b8acd20e3551fcc0dc26c3407f", "89afbd7a372ee58c23edc29814c6faceeba8f7a9d82c0632a054577a491e748a", "aa264abc70a1d7eaf196bc83155a3764f5408b78e470f7bfa2fc3e81d60ee133", "1b583b41491e0c21eec87a0c150c234b5567906a42bd1b61ab1adb39e5b99efa", "873645150140fc2f57e2e205d6b5e7d5b45fc35099d75eebe4b9a0989b98df0e"], "mitre_attack_tags": []}, {"bi": "files-created-vbs", "hashes": ["1ea1014f69c680fcb2e23c10d56941508d7024bf04780b51e1f8d59bc45d2d87", "4aece62cf34ce60c1f16d75140f47bc21bfcaf48da5a6f9eca0e48a43ff5b6d4", "22280734efa0e527d7517fec07479a955d5cc70128558ace13489311f3aae2fa", "202ce3acdc22c7ad0761a03cdf5e15d593a4b0f6490815cc20dfed407b667f86", "00452dc6f78541178d6d024b47d0f4f928b17a9f14e770ebf0da15d87325737b", "fe619680c0acc53af4ea30910cdc3bead472206ebe3c5eb040e11d4cbea07b4e", "3c04cad716a78717ddb48470b954ab6bce9feecdb3adc7a74dee8ecb9b62b3a4", "64b20ed5668241744570462e85987d91671fee3e0a94ca1546b68dd59df95997", "8f10e57f73fc6f805908a3b36244ca92639500b5d08af601defd78498ec02b9c", "c9d2b04de15964130afc80e4a41c7f71da8425302f6aa7297c7b0fad2cf09205", "f50240e0f888e5e17cabc3d088c04f2de75ef5b8acd20e3551fcc0dc26c3407f", "89afbd7a372ee58c23edc29814c6faceeba8f7a9d82c0632a054577a491e748a", "aa264abc70a1d7eaf196bc83155a3764f5408b78e470f7bfa2fc3e81d60ee133", "1b583b41491e0c21eec87a0c150c234b5567906a42bd1b61ab1adb39e5b99efa", "873645150140fc2f57e2e205d6b5e7d5b45fc35099d75eebe4b9a0989b98df0e"], "mitre_attack_tags": ["TA0002", "T1059"]}, {"bi": "http-response-redirect", "hashes": ["1ea1014f69c680fcb2e23c10d56941508d7024bf04780b51e1f8d59bc45d2d87", "4aece62cf34ce60c1f16d75140f47bc21bfcaf48da5a6f9eca0e48a43ff5b6d4", "22280734efa0e527d7517fec07479a955d5cc70128558ace13489311f3aae2fa", "202ce3acdc22c7ad0761a03cdf5e15d593a4b0f6490815cc20dfed407b667f86", "00452dc6f78541178d6d024b47d0f4f928b17a9f14e770ebf0da15d87325737b", "fe619680c0acc53af4ea30910cdc3bead472206ebe3c5eb040e11d4cbea07b4e", "3c04cad716a78717ddb48470b954ab6bce9feecdb3adc7a74dee8ecb9b62b3a4", "64b20ed5668241744570462e85987d91671fee3e0a94ca1546b68dd59df95997", "8f10e57f73fc6f805908a3b36244ca92639500b5d08af601defd78498ec02b9c", "c9d2b04de15964130afc80e4a41c7f71da8425302f6aa7297c7b0fad2cf09205", "f50240e0f888e5e17cabc3d088c04f2de75ef5b8acd20e3551fcc0dc26c3407f", "89afbd7a372ee58c23edc29814c6faceeba8f7a9d82c0632a054577a491e748a", "aa264abc70a1d7eaf196bc83155a3764f5408b78e470f7bfa2fc3e81d60ee133", "1b583b41491e0c21eec87a0c150c234b5567906a42bd1b61ab1adb39e5b99efa", "873645150140fc2f57e2e205d6b5e7d5b45fc35099d75eebe4b9a0989b98df0e"], "mitre_attack_tags": []}, {"bi": "artifact-memory-vm-detect", "hashes": ["1ea1014f69c680fcb2e23c10d56941508d7024bf04780b51e1f8d59bc45d2d87", "4aece62cf34ce60c1f16d75140f47bc21bfcaf48da5a6f9eca0e48a43ff5b6d4", "22280734efa0e527d7517fec07479a955d5cc70128558ace13489311f3aae2fa", "202ce3acdc22c7ad0761a03cdf5e15d593a4b0f6490815cc20dfed407b667f86", "00452dc6f78541178d6d024b47d0f4f928b17a9f14e770ebf0da15d87325737b", "fe619680c0acc53af4ea30910cdc3bead472206ebe3c5eb040e11d4cbea07b4e", "3c04cad716a78717ddb48470b954ab6bce9feecdb3adc7a74dee8ecb9b62b3a4", "64b20ed5668241744570462e85987d91671fee3e0a94ca1546b68dd59df95997", "8f10e57f73fc6f805908a3b36244ca92639500b5d08af601defd78498ec02b9c", "c9d2b04de15964130afc80e4a41c7f71da8425302f6aa7297c7b0fad2cf09205", "f50240e0f888e5e17cabc3d088c04f2de75ef5b8acd20e3551fcc0dc26c3407f", "89afbd7a372ee58c23edc29814c6faceeba8f7a9d82c0632a054577a491e748a", "aa264abc70a1d7eaf196bc83155a3764f5408b78e470f7bfa2fc3e81d60ee133", "1b583b41491e0c21eec87a0c150c234b5567906a42bd1b61ab1adb39e5b99efa", "873645150140fc2f57e2e205d6b5e7d5b45fc35099d75eebe4b9a0989b98df0e"], "mitre_attack_tags": ["TA0005", "TA0007", "T1497"]}, {"bi": "sample-pe-modified-on-disk", "hashes": ["1ea1014f69c680fcb2e23c10d56941508d7024bf04780b51e1f8d59bc45d2d87", "4aece62cf34ce60c1f16d75140f47bc21bfcaf48da5a6f9eca0e48a43ff5b6d4", "22280734efa0e527d7517fec07479a955d5cc70128558ace13489311f3aae2fa", "202ce3acdc22c7ad0761a03cdf5e15d593a4b0f6490815cc20dfed407b667f86", "00452dc6f78541178d6d024b47d0f4f928b17a9f14e770ebf0da15d87325737b", "fe619680c0acc53af4ea30910cdc3bead472206ebe3c5eb040e11d4cbea07b4e", "3c04cad716a78717ddb48470b954ab6bce9feecdb3adc7a74dee8ecb9b62b3a4", "64b20ed5668241744570462e85987d91671fee3e0a94ca1546b68dd59df95997", "8f10e57f73fc6f805908a3b36244ca92639500b5d08af601defd78498ec02b9c", "c9d2b04de15964130afc80e4a41c7f71da8425302f6aa7297c7b0fad2cf09205", "f50240e0f888e5e17cabc3d088c04f2de75ef5b8acd20e3551fcc0dc26c3407f", "89afbd7a372ee58c23edc29814c6faceeba8f7a9d82c0632a054577a491e748a", "aa264abc70a1d7eaf196bc83155a3764f5408b78e470f7bfa2fc3e81d60ee133", "1b583b41491e0c21eec87a0c150c234b5567906a42bd1b61ab1adb39e5b99efa", "873645150140fc2f57e2e205d6b5e7d5b45fc35099d75eebe4b9a0989b98df0e"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "startup-folder-modification", "hashes": ["1ea1014f69c680fcb2e23c10d56941508d7024bf04780b51e1f8d59bc45d2d87", "4aece62cf34ce60c1f16d75140f47bc21bfcaf48da5a6f9eca0e48a43ff5b6d4", "22280734efa0e527d7517fec07479a955d5cc70128558ace13489311f3aae2fa", "202ce3acdc22c7ad0761a03cdf5e15d593a4b0f6490815cc20dfed407b667f86", "00452dc6f78541178d6d024b47d0f4f928b17a9f14e770ebf0da15d87325737b", "fe619680c0acc53af4ea30910cdc3bead472206ebe3c5eb040e11d4cbea07b4e", "3c04cad716a78717ddb48470b954ab6bce9feecdb3adc7a74dee8ecb9b62b3a4", "64b20ed5668241744570462e85987d91671fee3e0a94ca1546b68dd59df95997", "8f10e57f73fc6f805908a3b36244ca92639500b5d08af601defd78498ec02b9c", "c9d2b04de15964130afc80e4a41c7f71da8425302f6aa7297c7b0fad2cf09205", "f50240e0f888e5e17cabc3d088c04f2de75ef5b8acd20e3551fcc0dc26c3407f", "89afbd7a372ee58c23edc29814c6faceeba8f7a9d82c0632a054577a491e748a", "aa264abc70a1d7eaf196bc83155a3764f5408b78e470f7bfa2fc3e81d60ee133", "1b583b41491e0c21eec87a0c150c234b5567906a42bd1b61ab1adb39e5b99efa", "873645150140fc2f57e2e205d6b5e7d5b45fc35099d75eebe4b9a0989b98df0e"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "compiler-vbc-run", "hashes": ["1ea1014f69c680fcb2e23c10d56941508d7024bf04780b51e1f8d59bc45d2d87", "4aece62cf34ce60c1f16d75140f47bc21bfcaf48da5a6f9eca0e48a43ff5b6d4", "22280734efa0e527d7517fec07479a955d5cc70128558ace13489311f3aae2fa", "202ce3acdc22c7ad0761a03cdf5e15d593a4b0f6490815cc20dfed407b667f86", "00452dc6f78541178d6d024b47d0f4f928b17a9f14e770ebf0da15d87325737b", "fe619680c0acc53af4ea30910cdc3bead472206ebe3c5eb040e11d4cbea07b4e", "3c04cad716a78717ddb48470b954ab6bce9feecdb3adc7a74dee8ecb9b62b3a4", "64b20ed5668241744570462e85987d91671fee3e0a94ca1546b68dd59df95997", "8f10e57f73fc6f805908a3b36244ca92639500b5d08af601defd78498ec02b9c", "c9d2b04de15964130afc80e4a41c7f71da8425302f6aa7297c7b0fad2cf09205", "f50240e0f888e5e17cabc3d088c04f2de75ef5b8acd20e3551fcc0dc26c3407f", "89afbd7a372ee58c23edc29814c6faceeba8f7a9d82c0632a054577a491e748a", "aa264abc70a1d7eaf196bc83155a3764f5408b78e470f7bfa2fc3e81d60ee133", "1b583b41491e0c21eec87a0c150c234b5567906a42bd1b61ab1adb39e5b99efa", "873645150140fc2f57e2e205d6b5e7d5b45fc35099d75eebe4b9a0989b98df0e"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "process-check-browser-mail-client-files", "hashes": ["1ea1014f69c680fcb2e23c10d56941508d7024bf04780b51e1f8d59bc45d2d87", "4aece62cf34ce60c1f16d75140f47bc21bfcaf48da5a6f9eca0e48a43ff5b6d4", "22280734efa0e527d7517fec07479a955d5cc70128558ace13489311f3aae2fa", "202ce3acdc22c7ad0761a03cdf5e15d593a4b0f6490815cc20dfed407b667f86", "00452dc6f78541178d6d024b47d0f4f928b17a9f14e770ebf0da15d87325737b", "fe619680c0acc53af4ea30910cdc3bead472206ebe3c5eb040e11d4cbea07b4e", "3c04cad716a78717ddb48470b954ab6bce9feecdb3adc7a74dee8ecb9b62b3a4", "64b20ed5668241744570462e85987d91671fee3e0a94ca1546b68dd59df95997", "8f10e57f73fc6f805908a3b36244ca92639500b5d08af601defd78498ec02b9c", "c9d2b04de15964130afc80e4a41c7f71da8425302f6aa7297c7b0fad2cf09205", "f50240e0f888e5e17cabc3d088c04f2de75ef5b8acd20e3551fcc0dc26c3407f", "89afbd7a372ee58c23edc29814c6faceeba8f7a9d82c0632a054577a491e748a", "aa264abc70a1d7eaf196bc83155a3764f5408b78e470f7bfa2fc3e81d60ee133", "1b583b41491e0c21eec87a0c150c234b5567906a42bd1b61ab1adb39e5b99efa", "873645150140fc2f57e2e205d6b5e7d5b45fc35099d75eebe4b9a0989b98df0e"], "mitre_attack_tags": ["TA0007", "T1518"]}, {"bi": "malware-hawkeye-detected", "hashes": ["1ea1014f69c680fcb2e23c10d56941508d7024bf04780b51e1f8d59bc45d2d87", "4aece62cf34ce60c1f16d75140f47bc21bfcaf48da5a6f9eca0e48a43ff5b6d4", "22280734efa0e527d7517fec07479a955d5cc70128558ace13489311f3aae2fa", "202ce3acdc22c7ad0761a03cdf5e15d593a4b0f6490815cc20dfed407b667f86", "00452dc6f78541178d6d024b47d0f4f928b17a9f14e770ebf0da15d87325737b", "fe619680c0acc53af4ea30910cdc3bead472206ebe3c5eb040e11d4cbea07b4e", "3c04cad716a78717ddb48470b954ab6bce9feecdb3adc7a74dee8ecb9b62b3a4", "64b20ed5668241744570462e85987d91671fee3e0a94ca1546b68dd59df95997", "8f10e57f73fc6f805908a3b36244ca92639500b5d08af601defd78498ec02b9c", "c9d2b04de15964130afc80e4a41c7f71da8425302f6aa7297c7b0fad2cf09205", "f50240e0f888e5e17cabc3d088c04f2de75ef5b8acd20e3551fcc0dc26c3407f", "89afbd7a372ee58c23edc29814c6faceeba8f7a9d82c0632a054577a491e748a", "aa264abc70a1d7eaf196bc83155a3764f5408b78e470f7bfa2fc3e81d60ee133", "1b583b41491e0c21eec87a0c150c234b5567906a42bd1b61ab1adb39e5b99efa", "873645150140fc2f57e2e205d6b5e7d5b45fc35099d75eebe4b9a0989b98df0e"], "mitre_attack_tags": []}, {"bi": "dot-net-process-hollowing-detected", "hashes": ["1ea1014f69c680fcb2e23c10d56941508d7024bf04780b51e1f8d59bc45d2d87", "4aece62cf34ce60c1f16d75140f47bc21bfcaf48da5a6f9eca0e48a43ff5b6d4", "22280734efa0e527d7517fec07479a955d5cc70128558ace13489311f3aae2fa", "202ce3acdc22c7ad0761a03cdf5e15d593a4b0f6490815cc20dfed407b667f86", "00452dc6f78541178d6d024b47d0f4f928b17a9f14e770ebf0da15d87325737b", "fe619680c0acc53af4ea30910cdc3bead472206ebe3c5eb040e11d4cbea07b4e", "3c04cad716a78717ddb48470b954ab6bce9feecdb3adc7a74dee8ecb9b62b3a4", "64b20ed5668241744570462e85987d91671fee3e0a94ca1546b68dd59df95997", "8f10e57f73fc6f805908a3b36244ca92639500b5d08af601defd78498ec02b9c", "c9d2b04de15964130afc80e4a41c7f71da8425302f6aa7297c7b0fad2cf09205", "f50240e0f888e5e17cabc3d088c04f2de75ef5b8acd20e3551fcc0dc26c3407f", "89afbd7a372ee58c23edc29814c6faceeba8f7a9d82c0632a054577a491e748a", "aa264abc70a1d7eaf196bc83155a3764f5408b78e470f7bfa2fc3e81d60ee133", "1b583b41491e0c21eec87a0c150c234b5567906a42bd1b61ab1adb39e5b99efa", "873645150140fc2f57e2e205d6b5e7d5b45fc35099d75eebe4b9a0989b98df0e"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "startup-folder-vbs-file", "hashes": ["1ea1014f69c680fcb2e23c10d56941508d7024bf04780b51e1f8d59bc45d2d87", "4aece62cf34ce60c1f16d75140f47bc21bfcaf48da5a6f9eca0e48a43ff5b6d4", "22280734efa0e527d7517fec07479a955d5cc70128558ace13489311f3aae2fa", "202ce3acdc22c7ad0761a03cdf5e15d593a4b0f6490815cc20dfed407b667f86", "00452dc6f78541178d6d024b47d0f4f928b17a9f14e770ebf0da15d87325737b", "fe619680c0acc53af4ea30910cdc3bead472206ebe3c5eb040e11d4cbea07b4e", "3c04cad716a78717ddb48470b954ab6bce9feecdb3adc7a74dee8ecb9b62b3a4", "64b20ed5668241744570462e85987d91671fee3e0a94ca1546b68dd59df95997", "8f10e57f73fc6f805908a3b36244ca92639500b5d08af601defd78498ec02b9c", "c9d2b04de15964130afc80e4a41c7f71da8425302f6aa7297c7b0fad2cf09205", "f50240e0f888e5e17cabc3d088c04f2de75ef5b8acd20e3551fcc0dc26c3407f", "89afbd7a372ee58c23edc29814c6faceeba8f7a9d82c0632a054577a491e748a", "aa264abc70a1d7eaf196bc83155a3764f5408b78e470f7bfa2fc3e81d60ee133", "1b583b41491e0c21eec87a0c150c234b5567906a42bd1b61ab1adb39e5b99efa", "873645150140fc2f57e2e205d6b5e7d5b45fc35099d75eebe4b9a0989b98df0e"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "malware-generic-infostealer", "hashes": ["1ea1014f69c680fcb2e23c10d56941508d7024bf04780b51e1f8d59bc45d2d87", "4aece62cf34ce60c1f16d75140f47bc21bfcaf48da5a6f9eca0e48a43ff5b6d4", "22280734efa0e527d7517fec07479a955d5cc70128558ace13489311f3aae2fa", "202ce3acdc22c7ad0761a03cdf5e15d593a4b0f6490815cc20dfed407b667f86", "00452dc6f78541178d6d024b47d0f4f928b17a9f14e770ebf0da15d87325737b", "fe619680c0acc53af4ea30910cdc3bead472206ebe3c5eb040e11d4cbea07b4e", "3c04cad716a78717ddb48470b954ab6bce9feecdb3adc7a74dee8ecb9b62b3a4", "64b20ed5668241744570462e85987d91671fee3e0a94ca1546b68dd59df95997", "8f10e57f73fc6f805908a3b36244ca92639500b5d08af601defd78498ec02b9c", "c9d2b04de15964130afc80e4a41c7f71da8425302f6aa7297c7b0fad2cf09205", "f50240e0f888e5e17cabc3d088c04f2de75ef5b8acd20e3551fcc0dc26c3407f", "89afbd7a372ee58c23edc29814c6faceeba8f7a9d82c0632a054577a491e748a", "aa264abc70a1d7eaf196bc83155a3764f5408b78e470f7bfa2fc3e81d60ee133", "1b583b41491e0c21eec87a0c150c234b5567906a42bd1b61ab1adb39e5b99efa", "873645150140fc2f57e2e205d6b5e7d5b45fc35099d75eebe4b9a0989b98df0e"], "mitre_attack_tags": ["TA0007", "TA0009", "TA0006", "T1083", "T1005", "T1119", "T1552"]}, {"bi": "enumeration-email-program-information", "hashes": ["1ea1014f69c680fcb2e23c10d56941508d7024bf04780b51e1f8d59bc45d2d87", "4aece62cf34ce60c1f16d75140f47bc21bfcaf48da5a6f9eca0e48a43ff5b6d4", "22280734efa0e527d7517fec07479a955d5cc70128558ace13489311f3aae2fa", "202ce3acdc22c7ad0761a03cdf5e15d593a4b0f6490815cc20dfed407b667f86", "00452dc6f78541178d6d024b47d0f4f928b17a9f14e770ebf0da15d87325737b", "fe619680c0acc53af4ea30910cdc3bead472206ebe3c5eb040e11d4cbea07b4e", "3c04cad716a78717ddb48470b954ab6bce9feecdb3adc7a74dee8ecb9b62b3a4", "64b20ed5668241744570462e85987d91671fee3e0a94ca1546b68dd59df95997", "8f10e57f73fc6f805908a3b36244ca92639500b5d08af601defd78498ec02b9c", "c9d2b04de15964130afc80e4a41c7f71da8425302f6aa7297c7b0fad2cf09205", "f50240e0f888e5e17cabc3d088c04f2de75ef5b8acd20e3551fcc0dc26c3407f", "89afbd7a372ee58c23edc29814c6faceeba8f7a9d82c0632a054577a491e748a", "aa264abc70a1d7eaf196bc83155a3764f5408b78e470f7bfa2fc3e81d60ee133", "1b583b41491e0c21eec87a0c150c234b5567906a42bd1b61ab1adb39e5b99efa", "873645150140fc2f57e2e205d6b5e7d5b45fc35099d75eebe4b9a0989b98df0e"], "mitre_attack_tags": ["TA0007", "TA0009", "TA0006", "T1083", "T1087", "T1005", "T1119", "T1114", "T1552"]}, {"bi": "network-opendns-malicious", "hashes": ["4aece62cf34ce60c1f16d75140f47bc21bfcaf48da5a6f9eca0e48a43ff5b6d4", "22280734efa0e527d7517fec07479a955d5cc70128558ace13489311f3aae2fa", "202ce3acdc22c7ad0761a03cdf5e15d593a4b0f6490815cc20dfed407b667f86", "00452dc6f78541178d6d024b47d0f4f928b17a9f14e770ebf0da15d87325737b", "fe619680c0acc53af4ea30910cdc3bead472206ebe3c5eb040e11d4cbea07b4e", "3c04cad716a78717ddb48470b954ab6bce9feecdb3adc7a74dee8ecb9b62b3a4", "64b20ed5668241744570462e85987d91671fee3e0a94ca1546b68dd59df95997", "8f10e57f73fc6f805908a3b36244ca92639500b5d08af601defd78498ec02b9c", "c9d2b04de15964130afc80e4a41c7f71da8425302f6aa7297c7b0fad2cf09205", "f50240e0f888e5e17cabc3d088c04f2de75ef5b8acd20e3551fcc0dc26c3407f", "89afbd7a372ee58c23edc29814c6faceeba8f7a9d82c0632a054577a491e748a", "aa264abc70a1d7eaf196bc83155a3764f5408b78e470f7bfa2fc3e81d60ee133", "1b583b41491e0c21eec87a0c150c234b5567906a42bd1b61ab1adb39e5b99efa", "873645150140fc2f57e2e205d6b5e7d5b45fc35099d75eebe4b9a0989b98df0e"], "mitre_attack_tags": []}, {"bi": "network-dns-category-phishing", "hashes": ["4aece62cf34ce60c1f16d75140f47bc21bfcaf48da5a6f9eca0e48a43ff5b6d4", "22280734efa0e527d7517fec07479a955d5cc70128558ace13489311f3aae2fa", "202ce3acdc22c7ad0761a03cdf5e15d593a4b0f6490815cc20dfed407b667f86", "00452dc6f78541178d6d024b47d0f4f928b17a9f14e770ebf0da15d87325737b", "fe619680c0acc53af4ea30910cdc3bead472206ebe3c5eb040e11d4cbea07b4e", "3c04cad716a78717ddb48470b954ab6bce9feecdb3adc7a74dee8ecb9b62b3a4", "64b20ed5668241744570462e85987d91671fee3e0a94ca1546b68dd59df95997", "8f10e57f73fc6f805908a3b36244ca92639500b5d08af601defd78498ec02b9c", "c9d2b04de15964130afc80e4a41c7f71da8425302f6aa7297c7b0fad2cf09205", "f50240e0f888e5e17cabc3d088c04f2de75ef5b8acd20e3551fcc0dc26c3407f", "89afbd7a372ee58c23edc29814c6faceeba8f7a9d82c0632a054577a491e748a", "aa264abc70a1d7eaf196bc83155a3764f5408b78e470f7bfa2fc3e81d60ee133", "1b583b41491e0c21eec87a0c150c234b5567906a42bd1b61ab1adb39e5b99efa", "873645150140fc2f57e2e205d6b5e7d5b45fc35099d75eebe4b9a0989b98df0e"], "mitre_attack_tags": []}, {"bi": "altered-sample-dns-flagged", "hashes": ["4aece62cf34ce60c1f16d75140f47bc21bfcaf48da5a6f9eca0e48a43ff5b6d4", "22280734efa0e527d7517fec07479a955d5cc70128558ace13489311f3aae2fa", "202ce3acdc22c7ad0761a03cdf5e15d593a4b0f6490815cc20dfed407b667f86", "00452dc6f78541178d6d024b47d0f4f928b17a9f14e770ebf0da15d87325737b", "fe619680c0acc53af4ea30910cdc3bead472206ebe3c5eb040e11d4cbea07b4e", "3c04cad716a78717ddb48470b954ab6bce9feecdb3adc7a74dee8ecb9b62b3a4", "64b20ed5668241744570462e85987d91671fee3e0a94ca1546b68dd59df95997", "8f10e57f73fc6f805908a3b36244ca92639500b5d08af601defd78498ec02b9c", "c9d2b04de15964130afc80e4a41c7f71da8425302f6aa7297c7b0fad2cf09205", "f50240e0f888e5e17cabc3d088c04f2de75ef5b8acd20e3551fcc0dc26c3407f", "89afbd7a372ee58c23edc29814c6faceeba8f7a9d82c0632a054577a491e748a", "aa264abc70a1d7eaf196bc83155a3764f5408b78e470f7bfa2fc3e81d60ee133", "1b583b41491e0c21eec87a0c150c234b5567906a42bd1b61ab1adb39e5b99efa", "873645150140fc2f57e2e205d6b5e7d5b45fc35099d75eebe4b9a0989b98df0e"], "mitre_attack_tags": ["TA0011", "T1102"]}, {"bi": "sample-launched-copy-domain-flagged", "hashes": ["4aece62cf34ce60c1f16d75140f47bc21bfcaf48da5a6f9eca0e48a43ff5b6d4", "22280734efa0e527d7517fec07479a955d5cc70128558ace13489311f3aae2fa", "202ce3acdc22c7ad0761a03cdf5e15d593a4b0f6490815cc20dfed407b667f86", "00452dc6f78541178d6d024b47d0f4f928b17a9f14e770ebf0da15d87325737b", "fe619680c0acc53af4ea30910cdc3bead472206ebe3c5eb040e11d4cbea07b4e", "3c04cad716a78717ddb48470b954ab6bce9feecdb3adc7a74dee8ecb9b62b3a4", "64b20ed5668241744570462e85987d91671fee3e0a94ca1546b68dd59df95997", "8f10e57f73fc6f805908a3b36244ca92639500b5d08af601defd78498ec02b9c", "c9d2b04de15964130afc80e4a41c7f71da8425302f6aa7297c7b0fad2cf09205", "f50240e0f888e5e17cabc3d088c04f2de75ef5b8acd20e3551fcc0dc26c3407f", "89afbd7a372ee58c23edc29814c6faceeba8f7a9d82c0632a054577a491e748a", "aa264abc70a1d7eaf196bc83155a3764f5408b78e470f7bfa2fc3e81d60ee133", "1b583b41491e0c21eec87a0c150c234b5567906a42bd1b61ab1adb39e5b99efa", "873645150140fc2f57e2e205d6b5e7d5b45fc35099d75eebe4b9a0989b98df0e"], "mitre_attack_tags": ["TA0011", "T1102"]}, {"bi": "process-hollowing-detected", "hashes": ["1ea1014f69c680fcb2e23c10d56941508d7024bf04780b51e1f8d59bc45d2d87", "22280734efa0e527d7517fec07479a955d5cc70128558ace13489311f3aae2fa", "202ce3acdc22c7ad0761a03cdf5e15d593a4b0f6490815cc20dfed407b667f86", "00452dc6f78541178d6d024b47d0f4f928b17a9f14e770ebf0da15d87325737b", "fe619680c0acc53af4ea30910cdc3bead472206ebe3c5eb040e11d4cbea07b4e", "64b20ed5668241744570462e85987d91671fee3e0a94ca1546b68dd59df95997", "8f10e57f73fc6f805908a3b36244ca92639500b5d08af601defd78498ec02b9c", "c9d2b04de15964130afc80e4a41c7f71da8425302f6aa7297c7b0fad2cf09205", "f50240e0f888e5e17cabc3d088c04f2de75ef5b8acd20e3551fcc0dc26c3407f", "89afbd7a372ee58c23edc29814c6faceeba8f7a9d82c0632a054577a491e748a", "aa264abc70a1d7eaf196bc83155a3764f5408b78e470f7bfa2fc3e81d60ee133", "1b583b41491e0c21eec87a0c150c234b5567906a42bd1b61ab1adb39e5b99efa"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}], "category": "Dropper", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": true, "Threat Grid": true, "Umbrella": true, "WSA": true}, "description": "HawkEye is an information stealing malware that specifically targets usernames and passwords stored by web browsers and mail clients on an infected machine. It is commonly spread via email and can also propagate through removable media.", "hashes": ["00452dc6f78541178d6d024b47d0f4f928b17a9f14e770ebf0da15d87325737b", "1b583b41491e0c21eec87a0c150c234b5567906a42bd1b61ab1adb39e5b99efa", "1ea1014f69c680fcb2e23c10d56941508d7024bf04780b51e1f8d59bc45d2d87", "202ce3acdc22c7ad0761a03cdf5e15d593a4b0f6490815cc20dfed407b667f86", "22280734efa0e527d7517fec07479a955d5cc70128558ace13489311f3aae2fa", "3c04cad716a78717ddb48470b954ab6bce9feecdb3adc7a74dee8ecb9b62b3a4", "4aece62cf34ce60c1f16d75140f47bc21bfcaf48da5a6f9eca0e48a43ff5b6d4", "64b20ed5668241744570462e85987d91671fee3e0a94ca1546b68dd59df95997", "873645150140fc2f57e2e205d6b5e7d5b45fc35099d75eebe4b9a0989b98df0e", "89afbd7a372ee58c23edc29814c6faceeba8f7a9d82c0632a054577a491e748a", "8f10e57f73fc6f805908a3b36244ca92639500b5d08af601defd78498ec02b9c", "aa264abc70a1d7eaf196bc83155a3764f5408b78e470f7bfa2fc3e81d60ee133", "c9d2b04de15964130afc80e4a41c7f71da8425302f6aa7297c7b0fad2cf09205", "f50240e0f888e5e17cabc3d088c04f2de75ef5b8acd20e3551fcc0dc26c3407f", "fe619680c0acc53af4ea30910cdc3bead472206ebe3c5eb040e11d4cbea07b4e"], "iocs": {"domain": [{"hashes": ["00452dc6f78541178d6d024b47d0f4f928b17a9f14e770ebf0da15d87325737b", "1b583b41491e0c21eec87a0c150c234b5567906a42bd1b61ab1adb39e5b99efa", "1ea1014f69c680fcb2e23c10d56941508d7024bf04780b51e1f8d59bc45d2d87", "202ce3acdc22c7ad0761a03cdf5e15d593a4b0f6490815cc20dfed407b667f86", "22280734efa0e527d7517fec07479a955d5cc70128558ace13489311f3aae2fa", "3c04cad716a78717ddb48470b954ab6bce9feecdb3adc7a74dee8ecb9b62b3a4", "4aece62cf34ce60c1f16d75140f47bc21bfcaf48da5a6f9eca0e48a43ff5b6d4", "64b20ed5668241744570462e85987d91671fee3e0a94ca1546b68dd59df95997", "873645150140fc2f57e2e205d6b5e7d5b45fc35099d75eebe4b9a0989b98df0e", "89afbd7a372ee58c23edc29814c6faceeba8f7a9d82c0632a054577a491e748a", "8f10e57f73fc6f805908a3b36244ca92639500b5d08af601defd78498ec02b9c", "aa264abc70a1d7eaf196bc83155a3764f5408b78e470f7bfa2fc3e81d60ee133", "c9d2b04de15964130afc80e4a41c7f71da8425302f6aa7297c7b0fad2cf09205", "f50240e0f888e5e17cabc3d088c04f2de75ef5b8acd20e3551fcc0dc26c3407f", "fe619680c0acc53af4ea30910cdc3bead472206ebe3c5eb040e11d4cbea07b4e"], "host": "whatismyipaddress[.]com"}, {"hashes": ["00452dc6f78541178d6d024b47d0f4f928b17a9f14e770ebf0da15d87325737b", "1b583b41491e0c21eec87a0c150c234b5567906a42bd1b61ab1adb39e5b99efa", "1ea1014f69c680fcb2e23c10d56941508d7024bf04780b51e1f8d59bc45d2d87", "202ce3acdc22c7ad0761a03cdf5e15d593a4b0f6490815cc20dfed407b667f86", "22280734efa0e527d7517fec07479a955d5cc70128558ace13489311f3aae2fa", "3c04cad716a78717ddb48470b954ab6bce9feecdb3adc7a74dee8ecb9b62b3a4", "4aece62cf34ce60c1f16d75140f47bc21bfcaf48da5a6f9eca0e48a43ff5b6d4", "64b20ed5668241744570462e85987d91671fee3e0a94ca1546b68dd59df95997", "873645150140fc2f57e2e205d6b5e7d5b45fc35099d75eebe4b9a0989b98df0e", "89afbd7a372ee58c23edc29814c6faceeba8f7a9d82c0632a054577a491e748a", "8f10e57f73fc6f805908a3b36244ca92639500b5d08af601defd78498ec02b9c", "aa264abc70a1d7eaf196bc83155a3764f5408b78e470f7bfa2fc3e81d60ee133", "c9d2b04de15964130afc80e4a41c7f71da8425302f6aa7297c7b0fad2cf09205", "f50240e0f888e5e17cabc3d088c04f2de75ef5b8acd20e3551fcc0dc26c3407f", "fe619680c0acc53af4ea30910cdc3bead472206ebe3c5eb040e11d4cbea07b4e"], "host": "mail[.]yourstudyway[.]com"}], "file": [{"hashes": ["00452dc6f78541178d6d024b47d0f4f928b17a9f14e770ebf0da15d87325737b", "1b583b41491e0c21eec87a0c150c234b5567906a42bd1b61ab1adb39e5b99efa", "1ea1014f69c680fcb2e23c10d56941508d7024bf04780b51e1f8d59bc45d2d87", "202ce3acdc22c7ad0761a03cdf5e15d593a4b0f6490815cc20dfed407b667f86", "22280734efa0e527d7517fec07479a955d5cc70128558ace13489311f3aae2fa", "3c04cad716a78717ddb48470b954ab6bce9feecdb3adc7a74dee8ecb9b62b3a4", "4aece62cf34ce60c1f16d75140f47bc21bfcaf48da5a6f9eca0e48a43ff5b6d4", "64b20ed5668241744570462e85987d91671fee3e0a94ca1546b68dd59df95997", "873645150140fc2f57e2e205d6b5e7d5b45fc35099d75eebe4b9a0989b98df0e", "89afbd7a372ee58c23edc29814c6faceeba8f7a9d82c0632a054577a491e748a", "8f10e57f73fc6f805908a3b36244ca92639500b5d08af601defd78498ec02b9c", "aa264abc70a1d7eaf196bc83155a3764f5408b78e470f7bfa2fc3e81d60ee133", "c9d2b04de15964130afc80e4a41c7f71da8425302f6aa7297c7b0fad2cf09205", "f50240e0f888e5e17cabc3d088c04f2de75ef5b8acd20e3551fcc0dc26c3407f", "fe619680c0acc53af4ea30910cdc3bead472206ebe3c5eb040e11d4cbea07b4e"], "path": "%APPDATA%\\pid.txt"}, {"hashes": ["00452dc6f78541178d6d024b47d0f4f928b17a9f14e770ebf0da15d87325737b", "1b583b41491e0c21eec87a0c150c234b5567906a42bd1b61ab1adb39e5b99efa", "1ea1014f69c680fcb2e23c10d56941508d7024bf04780b51e1f8d59bc45d2d87", "202ce3acdc22c7ad0761a03cdf5e15d593a4b0f6490815cc20dfed407b667f86", "22280734efa0e527d7517fec07479a955d5cc70128558ace13489311f3aae2fa", "3c04cad716a78717ddb48470b954ab6bce9feecdb3adc7a74dee8ecb9b62b3a4", "4aece62cf34ce60c1f16d75140f47bc21bfcaf48da5a6f9eca0e48a43ff5b6d4", "64b20ed5668241744570462e85987d91671fee3e0a94ca1546b68dd59df95997", "873645150140fc2f57e2e205d6b5e7d5b45fc35099d75eebe4b9a0989b98df0e", "89afbd7a372ee58c23edc29814c6faceeba8f7a9d82c0632a054577a491e748a", "8f10e57f73fc6f805908a3b36244ca92639500b5d08af601defd78498ec02b9c", "aa264abc70a1d7eaf196bc83155a3764f5408b78e470f7bfa2fc3e81d60ee133", "c9d2b04de15964130afc80e4a41c7f71da8425302f6aa7297c7b0fad2cf09205", "f50240e0f888e5e17cabc3d088c04f2de75ef5b8acd20e3551fcc0dc26c3407f", "fe619680c0acc53af4ea30910cdc3bead472206ebe3c5eb040e11d4cbea07b4e"], "path": "%APPDATA%\\pidloc.txt"}, {"hashes": ["00452dc6f78541178d6d024b47d0f4f928b17a9f14e770ebf0da15d87325737b", "1b583b41491e0c21eec87a0c150c234b5567906a42bd1b61ab1adb39e5b99efa", "1ea1014f69c680fcb2e23c10d56941508d7024bf04780b51e1f8d59bc45d2d87", "202ce3acdc22c7ad0761a03cdf5e15d593a4b0f6490815cc20dfed407b667f86", "22280734efa0e527d7517fec07479a955d5cc70128558ace13489311f3aae2fa", "3c04cad716a78717ddb48470b954ab6bce9feecdb3adc7a74dee8ecb9b62b3a4", "4aece62cf34ce60c1f16d75140f47bc21bfcaf48da5a6f9eca0e48a43ff5b6d4", "64b20ed5668241744570462e85987d91671fee3e0a94ca1546b68dd59df95997", "873645150140fc2f57e2e205d6b5e7d5b45fc35099d75eebe4b9a0989b98df0e", "89afbd7a372ee58c23edc29814c6faceeba8f7a9d82c0632a054577a491e748a", "8f10e57f73fc6f805908a3b36244ca92639500b5d08af601defd78498ec02b9c", "aa264abc70a1d7eaf196bc83155a3764f5408b78e470f7bfa2fc3e81d60ee133", "c9d2b04de15964130afc80e4a41c7f71da8425302f6aa7297c7b0fad2cf09205", "f50240e0f888e5e17cabc3d088c04f2de75ef5b8acd20e3551fcc0dc26c3407f", "fe619680c0acc53af4ea30910cdc3bead472206ebe3c5eb040e11d4cbea07b4e"], "path": "%TEMP%\\holdermail.txt"}, {"hashes": ["00452dc6f78541178d6d024b47d0f4f928b17a9f14e770ebf0da15d87325737b", "1b583b41491e0c21eec87a0c150c234b5567906a42bd1b61ab1adb39e5b99efa", "1ea1014f69c680fcb2e23c10d56941508d7024bf04780b51e1f8d59bc45d2d87", "202ce3acdc22c7ad0761a03cdf5e15d593a4b0f6490815cc20dfed407b667f86", "22280734efa0e527d7517fec07479a955d5cc70128558ace13489311f3aae2fa", "3c04cad716a78717ddb48470b954ab6bce9feecdb3adc7a74dee8ecb9b62b3a4", "4aece62cf34ce60c1f16d75140f47bc21bfcaf48da5a6f9eca0e48a43ff5b6d4", "64b20ed5668241744570462e85987d91671fee3e0a94ca1546b68dd59df95997", "873645150140fc2f57e2e205d6b5e7d5b45fc35099d75eebe4b9a0989b98df0e", "89afbd7a372ee58c23edc29814c6faceeba8f7a9d82c0632a054577a491e748a", "8f10e57f73fc6f805908a3b36244ca92639500b5d08af601defd78498ec02b9c", "aa264abc70a1d7eaf196bc83155a3764f5408b78e470f7bfa2fc3e81d60ee133", "c9d2b04de15964130afc80e4a41c7f71da8425302f6aa7297c7b0fad2cf09205", "f50240e0f888e5e17cabc3d088c04f2de75ef5b8acd20e3551fcc0dc26c3407f", "fe619680c0acc53af4ea30910cdc3bead472206ebe3c5eb040e11d4cbea07b4e"], "path": "%TEMP%\\holderwb.txt"}, {"hashes": ["00452dc6f78541178d6d024b47d0f4f928b17a9f14e770ebf0da15d87325737b", "1b583b41491e0c21eec87a0c150c234b5567906a42bd1b61ab1adb39e5b99efa", "1ea1014f69c680fcb2e23c10d56941508d7024bf04780b51e1f8d59bc45d2d87", "202ce3acdc22c7ad0761a03cdf5e15d593a4b0f6490815cc20dfed407b667f86", "22280734efa0e527d7517fec07479a955d5cc70128558ace13489311f3aae2fa", "3c04cad716a78717ddb48470b954ab6bce9feecdb3adc7a74dee8ecb9b62b3a4", "4aece62cf34ce60c1f16d75140f47bc21bfcaf48da5a6f9eca0e48a43ff5b6d4", "64b20ed5668241744570462e85987d91671fee3e0a94ca1546b68dd59df95997", "873645150140fc2f57e2e205d6b5e7d5b45fc35099d75eebe4b9a0989b98df0e", "89afbd7a372ee58c23edc29814c6faceeba8f7a9d82c0632a054577a491e748a", "8f10e57f73fc6f805908a3b36244ca92639500b5d08af601defd78498ec02b9c", "aa264abc70a1d7eaf196bc83155a3764f5408b78e470f7bfa2fc3e81d60ee133", "c9d2b04de15964130afc80e4a41c7f71da8425302f6aa7297c7b0fad2cf09205", "f50240e0f888e5e17cabc3d088c04f2de75ef5b8acd20e3551fcc0dc26c3407f", "fe619680c0acc53af4ea30910cdc3bead472206ebe3c5eb040e11d4cbea07b4e"], "path": "%APPDATA%\\subfolder"}, {"hashes": ["00452dc6f78541178d6d024b47d0f4f928b17a9f14e770ebf0da15d87325737b", "1b583b41491e0c21eec87a0c150c234b5567906a42bd1b61ab1adb39e5b99efa", "1ea1014f69c680fcb2e23c10d56941508d7024bf04780b51e1f8d59bc45d2d87", "202ce3acdc22c7ad0761a03cdf5e15d593a4b0f6490815cc20dfed407b667f86", "22280734efa0e527d7517fec07479a955d5cc70128558ace13489311f3aae2fa", "3c04cad716a78717ddb48470b954ab6bce9feecdb3adc7a74dee8ecb9b62b3a4", "4aece62cf34ce60c1f16d75140f47bc21bfcaf48da5a6f9eca0e48a43ff5b6d4", "64b20ed5668241744570462e85987d91671fee3e0a94ca1546b68dd59df95997", "873645150140fc2f57e2e205d6b5e7d5b45fc35099d75eebe4b9a0989b98df0e", "89afbd7a372ee58c23edc29814c6faceeba8f7a9d82c0632a054577a491e748a", "8f10e57f73fc6f805908a3b36244ca92639500b5d08af601defd78498ec02b9c", "aa264abc70a1d7eaf196bc83155a3764f5408b78e470f7bfa2fc3e81d60ee133", "c9d2b04de15964130afc80e4a41c7f71da8425302f6aa7297c7b0fad2cf09205", "f50240e0f888e5e17cabc3d088c04f2de75ef5b8acd20e3551fcc0dc26c3407f", "fe619680c0acc53af4ea30910cdc3bead472206ebe3c5eb040e11d4cbea07b4e"], "path": "%APPDATA%\\subfolder\\filename.exe"}, {"hashes": ["00452dc6f78541178d6d024b47d0f4f928b17a9f14e770ebf0da15d87325737b", "1b583b41491e0c21eec87a0c150c234b5567906a42bd1b61ab1adb39e5b99efa", "1ea1014f69c680fcb2e23c10d56941508d7024bf04780b51e1f8d59bc45d2d87", "202ce3acdc22c7ad0761a03cdf5e15d593a4b0f6490815cc20dfed407b667f86", "22280734efa0e527d7517fec07479a955d5cc70128558ace13489311f3aae2fa", "3c04cad716a78717ddb48470b954ab6bce9feecdb3adc7a74dee8ecb9b62b3a4", "4aece62cf34ce60c1f16d75140f47bc21bfcaf48da5a6f9eca0e48a43ff5b6d4", "64b20ed5668241744570462e85987d91671fee3e0a94ca1546b68dd59df95997", "873645150140fc2f57e2e205d6b5e7d5b45fc35099d75eebe4b9a0989b98df0e", "89afbd7a372ee58c23edc29814c6faceeba8f7a9d82c0632a054577a491e748a", "8f10e57f73fc6f805908a3b36244ca92639500b5d08af601defd78498ec02b9c", "aa264abc70a1d7eaf196bc83155a3764f5408b78e470f7bfa2fc3e81d60ee133", "c9d2b04de15964130afc80e4a41c7f71da8425302f6aa7297c7b0fad2cf09205", "f50240e0f888e5e17cabc3d088c04f2de75ef5b8acd20e3551fcc0dc26c3407f", "fe619680c0acc53af4ea30910cdc3bead472206ebe3c5eb040e11d4cbea07b4e"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\filename.vbs"}], "ip": [{"hashes": ["00452dc6f78541178d6d024b47d0f4f928b17a9f14e770ebf0da15d87325737b", "1b583b41491e0c21eec87a0c150c234b5567906a42bd1b61ab1adb39e5b99efa", "1ea1014f69c680fcb2e23c10d56941508d7024bf04780b51e1f8d59bc45d2d87", "202ce3acdc22c7ad0761a03cdf5e15d593a4b0f6490815cc20dfed407b667f86", "22280734efa0e527d7517fec07479a955d5cc70128558ace13489311f3aae2fa", "3c04cad716a78717ddb48470b954ab6bce9feecdb3adc7a74dee8ecb9b62b3a4", "4aece62cf34ce60c1f16d75140f47bc21bfcaf48da5a6f9eca0e48a43ff5b6d4", "64b20ed5668241744570462e85987d91671fee3e0a94ca1546b68dd59df95997", "873645150140fc2f57e2e205d6b5e7d5b45fc35099d75eebe4b9a0989b98df0e", "89afbd7a372ee58c23edc29814c6faceeba8f7a9d82c0632a054577a491e748a", "8f10e57f73fc6f805908a3b36244ca92639500b5d08af601defd78498ec02b9c", "aa264abc70a1d7eaf196bc83155a3764f5408b78e470f7bfa2fc3e81d60ee133", "c9d2b04de15964130afc80e4a41c7f71da8425302f6aa7297c7b0fad2cf09205", "f50240e0f888e5e17cabc3d088c04f2de75ef5b8acd20e3551fcc0dc26c3407f", "fe619680c0acc53af4ea30910cdc3bead472206ebe3c5eb040e11d4cbea07b4e"], "ip": "27[.]121[.]68[.]109"}, {"hashes": ["00452dc6f78541178d6d024b47d0f4f928b17a9f14e770ebf0da15d87325737b", "1ea1014f69c680fcb2e23c10d56941508d7024bf04780b51e1f8d59bc45d2d87", "22280734efa0e527d7517fec07479a955d5cc70128558ace13489311f3aae2fa", "3c04cad716a78717ddb48470b954ab6bce9feecdb3adc7a74dee8ecb9b62b3a4", "4aece62cf34ce60c1f16d75140f47bc21bfcaf48da5a6f9eca0e48a43ff5b6d4", "64b20ed5668241744570462e85987d91671fee3e0a94ca1546b68dd59df95997", "873645150140fc2f57e2e205d6b5e7d5b45fc35099d75eebe4b9a0989b98df0e", "89afbd7a372ee58c23edc29814c6faceeba8f7a9d82c0632a054577a491e748a", "aa264abc70a1d7eaf196bc83155a3764f5408b78e470f7bfa2fc3e81d60ee133", "c9d2b04de15964130afc80e4a41c7f71da8425302f6aa7297c7b0fad2cf09205", "f50240e0f888e5e17cabc3d088c04f2de75ef5b8acd20e3551fcc0dc26c3407f"], "ip": "104[.]16[.]154[.]36"}, {"hashes": ["1b583b41491e0c21eec87a0c150c234b5567906a42bd1b61ab1adb39e5b99efa", "202ce3acdc22c7ad0761a03cdf5e15d593a4b0f6490815cc20dfed407b667f86", "8f10e57f73fc6f805908a3b36244ca92639500b5d08af601defd78498ec02b9c", "fe619680c0acc53af4ea30910cdc3bead472206ebe3c5eb040e11d4cbea07b4e"], "ip": "104[.]16[.]155[.]36"}], "mutex": [], "registry": [{"hashes": ["00452dc6f78541178d6d024b47d0f4f928b17a9f14e770ebf0da15d87325737b", "1b583b41491e0c21eec87a0c150c234b5567906a42bd1b61ab1adb39e5b99efa", "1ea1014f69c680fcb2e23c10d56941508d7024bf04780b51e1f8d59bc45d2d87", "202ce3acdc22c7ad0761a03cdf5e15d593a4b0f6490815cc20dfed407b667f86", "22280734efa0e527d7517fec07479a955d5cc70128558ace13489311f3aae2fa", "3c04cad716a78717ddb48470b954ab6bce9feecdb3adc7a74dee8ecb9b62b3a4", "4aece62cf34ce60c1f16d75140f47bc21bfcaf48da5a6f9eca0e48a43ff5b6d4", "64b20ed5668241744570462e85987d91671fee3e0a94ca1546b68dd59df95997", "873645150140fc2f57e2e205d6b5e7d5b45fc35099d75eebe4b9a0989b98df0e", "89afbd7a372ee58c23edc29814c6faceeba8f7a9d82c0632a054577a491e748a", "8f10e57f73fc6f805908a3b36244ca92639500b5d08af601defd78498ec02b9c", "aa264abc70a1d7eaf196bc83155a3764f5408b78e470f7bfa2fc3e81d60ee133", "c9d2b04de15964130afc80e4a41c7f71da8425302f6aa7297c7b0fad2cf09205", "f50240e0f888e5e17cabc3d088c04f2de75ef5b8acd20e3551fcc0dc26c3407f", "fe619680c0acc53af4ea30910cdc3bead472206ebe3c5eb040e11d4cbea07b4e"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\EXPLORER\\ADVANCED", "value_name": "Hidden"}]}, "reports_count": 15}, "Win.Dropper.Nanocore-9984085-0": {"bis": [{"bi": "memory-execute-readwrite", "hashes": ["88fc092603ca33d605af12e8c9722ae65801377dc5703a1fd9041c046c0ef5db", "a28e0e11818bc375921d1d2a07a3128b4db509eb5a1340ebb6d8eeaf7c875707", "769a82395d916954845a5dbcce1783e30b50a35e9249081494dfdd8acb05f67c", "6a0dc109135a2a858cddc2b65387d3ad8d67ffc9325440c70eb1bc83f3ba9ef9", "cd7ba4950c05210f3ce55da9466bd531319998be31ecbdab01df806d254ca64f", "f7a704fbd592324b3a2ea2d316db30463c47fe1c0c2039dbc13901a2ab9519ce", "c8dae9c8a95d171ce5520f7d1d8fc089cb06cb6cc238e63dc7b2ed0214855cd6", "843d2082b0ecfbfc99780647e82e5575e0371a2bef4ae06ca45e1afa559acc1a", "2348735813c9d79c4723a890b64468f68b448594574b9a70db7a6b9afe1bbb10", "c873f96e97877322dab3712e7e32e652a5e7901c1fe41fa65cff80380bd39b52", "ff9a714c790ccd7c31eb5abb568dc79c9553ff3d99ac84050a62b0feebb6cb11", "9ca16e853d60c67a4d6c379ce90d1a0492b28efc15ce89867a696937ddedd125", "0aa0cbcf28aba3c9ea66255d21568dc834aee97f68d1071e7cc49c167e5f4430", "ecb34493e0db3c2cbf6602e183732f43cc1af8b6572244ed8aa2eb18f1de8bf3", "1f73eb2dc88a5a499b95c95463428181c82612361c38490b9a749d5e6dd410a1", "b729dc2de3a09245553725e76a1d5da45456d6be6edf6a6c6b4ce0e922895d88", "c277448c9e5e8699e9d25258fe07632cc150515afc96a4ac160781552b52460b", "ebf129df20c2e7fc5eeb1c67a0d3184e5f0c022a52368be4a9ea06fe3341c57e", "23064f9a8ba30be479e5890ec13b654d539098844e9c4a16409dbd4a015513c5"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["88fc092603ca33d605af12e8c9722ae65801377dc5703a1fd9041c046c0ef5db", "a28e0e11818bc375921d1d2a07a3128b4db509eb5a1340ebb6d8eeaf7c875707", "769a82395d916954845a5dbcce1783e30b50a35e9249081494dfdd8acb05f67c", "6a0dc109135a2a858cddc2b65387d3ad8d67ffc9325440c70eb1bc83f3ba9ef9", "cd7ba4950c05210f3ce55da9466bd531319998be31ecbdab01df806d254ca64f", "f7a704fbd592324b3a2ea2d316db30463c47fe1c0c2039dbc13901a2ab9519ce", "c8dae9c8a95d171ce5520f7d1d8fc089cb06cb6cc238e63dc7b2ed0214855cd6", "843d2082b0ecfbfc99780647e82e5575e0371a2bef4ae06ca45e1afa559acc1a", "2348735813c9d79c4723a890b64468f68b448594574b9a70db7a6b9afe1bbb10", "c873f96e97877322dab3712e7e32e652a5e7901c1fe41fa65cff80380bd39b52", "ff9a714c790ccd7c31eb5abb568dc79c9553ff3d99ac84050a62b0feebb6cb11", "9ca16e853d60c67a4d6c379ce90d1a0492b28efc15ce89867a696937ddedd125", "0aa0cbcf28aba3c9ea66255d21568dc834aee97f68d1071e7cc49c167e5f4430", "ecb34493e0db3c2cbf6602e183732f43cc1af8b6572244ed8aa2eb18f1de8bf3", "1f73eb2dc88a5a499b95c95463428181c82612361c38490b9a749d5e6dd410a1", "b729dc2de3a09245553725e76a1d5da45456d6be6edf6a6c6b4ce0e922895d88", "c277448c9e5e8699e9d25258fe07632cc150515afc96a4ac160781552b52460b", "ebf129df20c2e7fc5eeb1c67a0d3184e5f0c022a52368be4a9ea06fe3341c57e", "23064f9a8ba30be479e5890ec13b654d539098844e9c4a16409dbd4a015513c5"], "mitre_attack_tags": []}, {"bi": "imports-IsDebuggerPresent", "hashes": ["88fc092603ca33d605af12e8c9722ae65801377dc5703a1fd9041c046c0ef5db", "a28e0e11818bc375921d1d2a07a3128b4db509eb5a1340ebb6d8eeaf7c875707", "769a82395d916954845a5dbcce1783e30b50a35e9249081494dfdd8acb05f67c", "6a0dc109135a2a858cddc2b65387d3ad8d67ffc9325440c70eb1bc83f3ba9ef9", "cd7ba4950c05210f3ce55da9466bd531319998be31ecbdab01df806d254ca64f", "f7a704fbd592324b3a2ea2d316db30463c47fe1c0c2039dbc13901a2ab9519ce", "c8dae9c8a95d171ce5520f7d1d8fc089cb06cb6cc238e63dc7b2ed0214855cd6", "843d2082b0ecfbfc99780647e82e5575e0371a2bef4ae06ca45e1afa559acc1a", "2348735813c9d79c4723a890b64468f68b448594574b9a70db7a6b9afe1bbb10", "c873f96e97877322dab3712e7e32e652a5e7901c1fe41fa65cff80380bd39b52", "ff9a714c790ccd7c31eb5abb568dc79c9553ff3d99ac84050a62b0feebb6cb11", "9ca16e853d60c67a4d6c379ce90d1a0492b28efc15ce89867a696937ddedd125", "0aa0cbcf28aba3c9ea66255d21568dc834aee97f68d1071e7cc49c167e5f4430", "ecb34493e0db3c2cbf6602e183732f43cc1af8b6572244ed8aa2eb18f1de8bf3", "1f73eb2dc88a5a499b95c95463428181c82612361c38490b9a749d5e6dd410a1", "b729dc2de3a09245553725e76a1d5da45456d6be6edf6a6c6b4ce0e922895d88", "c277448c9e5e8699e9d25258fe07632cc150515afc96a4ac160781552b52460b", "ebf129df20c2e7fc5eeb1c67a0d3184e5f0c022a52368be4a9ea06fe3341c57e", "23064f9a8ba30be479e5890ec13b654d539098844e9c4a16409dbd4a015513c5"], "mitre_attack_tags": ["TA0005", "TA0007"]}, {"bi": "modified-file-in-user-dir", "hashes": ["88fc092603ca33d605af12e8c9722ae65801377dc5703a1fd9041c046c0ef5db", "769a82395d916954845a5dbcce1783e30b50a35e9249081494dfdd8acb05f67c", "6a0dc109135a2a858cddc2b65387d3ad8d67ffc9325440c70eb1bc83f3ba9ef9", "cd7ba4950c05210f3ce55da9466bd531319998be31ecbdab01df806d254ca64f", "f7a704fbd592324b3a2ea2d316db30463c47fe1c0c2039dbc13901a2ab9519ce", "c8dae9c8a95d171ce5520f7d1d8fc089cb06cb6cc238e63dc7b2ed0214855cd6", "843d2082b0ecfbfc99780647e82e5575e0371a2bef4ae06ca45e1afa559acc1a", "2348735813c9d79c4723a890b64468f68b448594574b9a70db7a6b9afe1bbb10", "c873f96e97877322dab3712e7e32e652a5e7901c1fe41fa65cff80380bd39b52", "ff9a714c790ccd7c31eb5abb568dc79c9553ff3d99ac84050a62b0feebb6cb11", "9ca16e853d60c67a4d6c379ce90d1a0492b28efc15ce89867a696937ddedd125", "0aa0cbcf28aba3c9ea66255d21568dc834aee97f68d1071e7cc49c167e5f4430", "ecb34493e0db3c2cbf6602e183732f43cc1af8b6572244ed8aa2eb18f1de8bf3", "1f73eb2dc88a5a499b95c95463428181c82612361c38490b9a749d5e6dd410a1", "b729dc2de3a09245553725e76a1d5da45456d6be6edf6a6c6b4ce0e922895d88", "c277448c9e5e8699e9d25258fe07632cc150515afc96a4ac160781552b52460b", "ebf129df20c2e7fc5eeb1c67a0d3184e5f0c022a52368be4a9ea06fe3341c57e"], "mitre_attack_tags": []}, {"bi": "modified-executable", "hashes": ["769a82395d916954845a5dbcce1783e30b50a35e9249081494dfdd8acb05f67c", "6a0dc109135a2a858cddc2b65387d3ad8d67ffc9325440c70eb1bc83f3ba9ef9", "cd7ba4950c05210f3ce55da9466bd531319998be31ecbdab01df806d254ca64f", "f7a704fbd592324b3a2ea2d316db30463c47fe1c0c2039dbc13901a2ab9519ce", "c8dae9c8a95d171ce5520f7d1d8fc089cb06cb6cc238e63dc7b2ed0214855cd6", "2348735813c9d79c4723a890b64468f68b448594574b9a70db7a6b9afe1bbb10", "c873f96e97877322dab3712e7e32e652a5e7901c1fe41fa65cff80380bd39b52", "ff9a714c790ccd7c31eb5abb568dc79c9553ff3d99ac84050a62b0feebb6cb11", "9ca16e853d60c67a4d6c379ce90d1a0492b28efc15ce89867a696937ddedd125", "0aa0cbcf28aba3c9ea66255d21568dc834aee97f68d1071e7cc49c167e5f4430", "ecb34493e0db3c2cbf6602e183732f43cc1af8b6572244ed8aa2eb18f1de8bf3", "1f73eb2dc88a5a499b95c95463428181c82612361c38490b9a749d5e6dd410a1", "b729dc2de3a09245553725e76a1d5da45456d6be6edf6a6c6b4ce0e922895d88", "c277448c9e5e8699e9d25258fe07632cc150515afc96a4ac160781552b52460b", "ebf129df20c2e7fc5eeb1c67a0d3184e5f0c022a52368be4a9ea06fe3341c57e"], "mitre_attack_tags": []}, {"bi": "pe-invalid-checksum", "hashes": ["769a82395d916954845a5dbcce1783e30b50a35e9249081494dfdd8acb05f67c", "6a0dc109135a2a858cddc2b65387d3ad8d67ffc9325440c70eb1bc83f3ba9ef9", "cd7ba4950c05210f3ce55da9466bd531319998be31ecbdab01df806d254ca64f", "f7a704fbd592324b3a2ea2d316db30463c47fe1c0c2039dbc13901a2ab9519ce", "c8dae9c8a95d171ce5520f7d1d8fc089cb06cb6cc238e63dc7b2ed0214855cd6", "2348735813c9d79c4723a890b64468f68b448594574b9a70db7a6b9afe1bbb10", "c873f96e97877322dab3712e7e32e652a5e7901c1fe41fa65cff80380bd39b52", "ff9a714c790ccd7c31eb5abb568dc79c9553ff3d99ac84050a62b0feebb6cb11", "9ca16e853d60c67a4d6c379ce90d1a0492b28efc15ce89867a696937ddedd125", "0aa0cbcf28aba3c9ea66255d21568dc834aee97f68d1071e7cc49c167e5f4430", "ecb34493e0db3c2cbf6602e183732f43cc1af8b6572244ed8aa2eb18f1de8bf3", "1f73eb2dc88a5a499b95c95463428181c82612361c38490b9a749d5e6dd410a1", "c277448c9e5e8699e9d25258fe07632cc150515afc96a4ac160781552b52460b", "ebf129df20c2e7fc5eeb1c67a0d3184e5f0c022a52368be4a9ea06fe3341c57e"], "mitre_attack_tags": []}, {"bi": "pe-filename-mismatch", "hashes": ["769a82395d916954845a5dbcce1783e30b50a35e9249081494dfdd8acb05f67c", "6a0dc109135a2a858cddc2b65387d3ad8d67ffc9325440c70eb1bc83f3ba9ef9", "cd7ba4950c05210f3ce55da9466bd531319998be31ecbdab01df806d254ca64f", "f7a704fbd592324b3a2ea2d316db30463c47fe1c0c2039dbc13901a2ab9519ce", "c8dae9c8a95d171ce5520f7d1d8fc089cb06cb6cc238e63dc7b2ed0214855cd6", "2348735813c9d79c4723a890b64468f68b448594574b9a70db7a6b9afe1bbb10", "c873f96e97877322dab3712e7e32e652a5e7901c1fe41fa65cff80380bd39b52", "ff9a714c790ccd7c31eb5abb568dc79c9553ff3d99ac84050a62b0feebb6cb11", "9ca16e853d60c67a4d6c379ce90d1a0492b28efc15ce89867a696937ddedd125", "0aa0cbcf28aba3c9ea66255d21568dc834aee97f68d1071e7cc49c167e5f4430", "ecb34493e0db3c2cbf6602e183732f43cc1af8b6572244ed8aa2eb18f1de8bf3", "1f73eb2dc88a5a499b95c95463428181c82612361c38490b9a749d5e6dd410a1", "c277448c9e5e8699e9d25258fe07632cc150515afc96a4ac160781552b52460b", "ebf129df20c2e7fc5eeb1c67a0d3184e5f0c022a52368be4a9ea06fe3341c57e"], "mitre_attack_tags": []}, {"bi": "created-executable-in-user-dir", "hashes": ["6a0dc109135a2a858cddc2b65387d3ad8d67ffc9325440c70eb1bc83f3ba9ef9", "cd7ba4950c05210f3ce55da9466bd531319998be31ecbdab01df806d254ca64f", "f7a704fbd592324b3a2ea2d316db30463c47fe1c0c2039dbc13901a2ab9519ce", "c8dae9c8a95d171ce5520f7d1d8fc089cb06cb6cc238e63dc7b2ed0214855cd6", "2348735813c9d79c4723a890b64468f68b448594574b9a70db7a6b9afe1bbb10", "c873f96e97877322dab3712e7e32e652a5e7901c1fe41fa65cff80380bd39b52", "ff9a714c790ccd7c31eb5abb568dc79c9553ff3d99ac84050a62b0feebb6cb11", "9ca16e853d60c67a4d6c379ce90d1a0492b28efc15ce89867a696937ddedd125", "0aa0cbcf28aba3c9ea66255d21568dc834aee97f68d1071e7cc49c167e5f4430", "ecb34493e0db3c2cbf6602e183732f43cc1af8b6572244ed8aa2eb18f1de8bf3", "1f73eb2dc88a5a499b95c95463428181c82612361c38490b9a749d5e6dd410a1", "b729dc2de3a09245553725e76a1d5da45456d6be6edf6a6c6b4ce0e922895d88", "c277448c9e5e8699e9d25258fe07632cc150515afc96a4ac160781552b52460b", "ebf129df20c2e7fc5eeb1c67a0d3184e5f0c022a52368be4a9ea06fe3341c57e"], "mitre_attack_tags": []}, {"bi": "startup-folder-modification", "hashes": ["6a0dc109135a2a858cddc2b65387d3ad8d67ffc9325440c70eb1bc83f3ba9ef9", "cd7ba4950c05210f3ce55da9466bd531319998be31ecbdab01df806d254ca64f", "f7a704fbd592324b3a2ea2d316db30463c47fe1c0c2039dbc13901a2ab9519ce", "c8dae9c8a95d171ce5520f7d1d8fc089cb06cb6cc238e63dc7b2ed0214855cd6", "2348735813c9d79c4723a890b64468f68b448594574b9a70db7a6b9afe1bbb10", "c873f96e97877322dab3712e7e32e652a5e7901c1fe41fa65cff80380bd39b52", "ff9a714c790ccd7c31eb5abb568dc79c9553ff3d99ac84050a62b0feebb6cb11", "9ca16e853d60c67a4d6c379ce90d1a0492b28efc15ce89867a696937ddedd125", "0aa0cbcf28aba3c9ea66255d21568dc834aee97f68d1071e7cc49c167e5f4430", "ecb34493e0db3c2cbf6602e183732f43cc1af8b6572244ed8aa2eb18f1de8bf3", "1f73eb2dc88a5a499b95c95463428181c82612361c38490b9a749d5e6dd410a1", "b729dc2de3a09245553725e76a1d5da45456d6be6edf6a6c6b4ce0e922895d88", "c277448c9e5e8699e9d25258fe07632cc150515afc96a4ac160781552b52460b", "ebf129df20c2e7fc5eeb1c67a0d3184e5f0c022a52368be4a9ea06fe3341c57e"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "files-created-vbs", "hashes": ["6a0dc109135a2a858cddc2b65387d3ad8d67ffc9325440c70eb1bc83f3ba9ef9", "cd7ba4950c05210f3ce55da9466bd531319998be31ecbdab01df806d254ca64f", "f7a704fbd592324b3a2ea2d316db30463c47fe1c0c2039dbc13901a2ab9519ce", "c8dae9c8a95d171ce5520f7d1d8fc089cb06cb6cc238e63dc7b2ed0214855cd6", "2348735813c9d79c4723a890b64468f68b448594574b9a70db7a6b9afe1bbb10", "c873f96e97877322dab3712e7e32e652a5e7901c1fe41fa65cff80380bd39b52", "ff9a714c790ccd7c31eb5abb568dc79c9553ff3d99ac84050a62b0feebb6cb11", "9ca16e853d60c67a4d6c379ce90d1a0492b28efc15ce89867a696937ddedd125", "0aa0cbcf28aba3c9ea66255d21568dc834aee97f68d1071e7cc49c167e5f4430", "ecb34493e0db3c2cbf6602e183732f43cc1af8b6572244ed8aa2eb18f1de8bf3", "1f73eb2dc88a5a499b95c95463428181c82612361c38490b9a749d5e6dd410a1", "c277448c9e5e8699e9d25258fe07632cc150515afc96a4ac160781552b52460b", "ebf129df20c2e7fc5eeb1c67a0d3184e5f0c022a52368be4a9ea06fe3341c57e"], "mitre_attack_tags": ["TA0002", "T1059"]}, {"bi": "startup-folder-vbs-file", "hashes": ["6a0dc109135a2a858cddc2b65387d3ad8d67ffc9325440c70eb1bc83f3ba9ef9", "cd7ba4950c05210f3ce55da9466bd531319998be31ecbdab01df806d254ca64f", "f7a704fbd592324b3a2ea2d316db30463c47fe1c0c2039dbc13901a2ab9519ce", "c8dae9c8a95d171ce5520f7d1d8fc089cb06cb6cc238e63dc7b2ed0214855cd6", "2348735813c9d79c4723a890b64468f68b448594574b9a70db7a6b9afe1bbb10", "c873f96e97877322dab3712e7e32e652a5e7901c1fe41fa65cff80380bd39b52", "ff9a714c790ccd7c31eb5abb568dc79c9553ff3d99ac84050a62b0feebb6cb11", "9ca16e853d60c67a4d6c379ce90d1a0492b28efc15ce89867a696937ddedd125", "0aa0cbcf28aba3c9ea66255d21568dc834aee97f68d1071e7cc49c167e5f4430", "ecb34493e0db3c2cbf6602e183732f43cc1af8b6572244ed8aa2eb18f1de8bf3", "1f73eb2dc88a5a499b95c95463428181c82612361c38490b9a749d5e6dd410a1", "c277448c9e5e8699e9d25258fe07632cc150515afc96a4ac160781552b52460b", "ebf129df20c2e7fc5eeb1c67a0d3184e5f0c022a52368be4a9ea06fe3341c57e"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "registry-autorun-key-modified", "hashes": ["769a82395d916954845a5dbcce1783e30b50a35e9249081494dfdd8acb05f67c", "6a0dc109135a2a858cddc2b65387d3ad8d67ffc9325440c70eb1bc83f3ba9ef9", "cd7ba4950c05210f3ce55da9466bd531319998be31ecbdab01df806d254ca64f", "f7a704fbd592324b3a2ea2d316db30463c47fe1c0c2039dbc13901a2ab9519ce", "2348735813c9d79c4723a890b64468f68b448594574b9a70db7a6b9afe1bbb10", "ff9a714c790ccd7c31eb5abb568dc79c9553ff3d99ac84050a62b0feebb6cb11", "0aa0cbcf28aba3c9ea66255d21568dc834aee97f68d1071e7cc49c167e5f4430", "1f73eb2dc88a5a499b95c95463428181c82612361c38490b9a749d5e6dd410a1", "b729dc2de3a09245553725e76a1d5da45456d6be6edf6a6c6b4ce0e922895d88", "c277448c9e5e8699e9d25258fe07632cc150515afc96a4ac160781552b52460b", "ebf129df20c2e7fc5eeb1c67a0d3184e5f0c022a52368be4a9ea06fe3341c57e"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "pe-uses-dot-net", "hashes": ["769a82395d916954845a5dbcce1783e30b50a35e9249081494dfdd8acb05f67c", "6a0dc109135a2a858cddc2b65387d3ad8d67ffc9325440c70eb1bc83f3ba9ef9", "cd7ba4950c05210f3ce55da9466bd531319998be31ecbdab01df806d254ca64f", "f7a704fbd592324b3a2ea2d316db30463c47fe1c0c2039dbc13901a2ab9519ce", "2348735813c9d79c4723a890b64468f68b448594574b9a70db7a6b9afe1bbb10", "ff9a714c790ccd7c31eb5abb568dc79c9553ff3d99ac84050a62b0feebb6cb11", "0aa0cbcf28aba3c9ea66255d21568dc834aee97f68d1071e7cc49c167e5f4430", "1f73eb2dc88a5a499b95c95463428181c82612361c38490b9a749d5e6dd410a1", "c277448c9e5e8699e9d25258fe07632cc150515afc96a4ac160781552b52460b", "ebf129df20c2e7fc5eeb1c67a0d3184e5f0c022a52368be4a9ea06fe3341c57e"], "mitre_attack_tags": []}, {"bi": "process-check-zone-identifier", "hashes": ["6a0dc109135a2a858cddc2b65387d3ad8d67ffc9325440c70eb1bc83f3ba9ef9", "cd7ba4950c05210f3ce55da9466bd531319998be31ecbdab01df806d254ca64f", "f7a704fbd592324b3a2ea2d316db30463c47fe1c0c2039dbc13901a2ab9519ce", "c8dae9c8a95d171ce5520f7d1d8fc089cb06cb6cc238e63dc7b2ed0214855cd6", "2348735813c9d79c4723a890b64468f68b448594574b9a70db7a6b9afe1bbb10", "ff9a714c790ccd7c31eb5abb568dc79c9553ff3d99ac84050a62b0feebb6cb11", "0aa0cbcf28aba3c9ea66255d21568dc834aee97f68d1071e7cc49c167e5f4430", "1f73eb2dc88a5a499b95c95463428181c82612361c38490b9a749d5e6dd410a1", "c277448c9e5e8699e9d25258fe07632cc150515afc96a4ac160781552b52460b", "ebf129df20c2e7fc5eeb1c67a0d3184e5f0c022a52368be4a9ea06fe3341c57e"], "mitre_attack_tags": ["TA0007", "TA0005", "T1518", "T1553"]}, {"bi": "malware-nanocore-artifact-detected", "hashes": ["769a82395d916954845a5dbcce1783e30b50a35e9249081494dfdd8acb05f67c", "6a0dc109135a2a858cddc2b65387d3ad8d67ffc9325440c70eb1bc83f3ba9ef9", "cd7ba4950c05210f3ce55da9466bd531319998be31ecbdab01df806d254ca64f", "f7a704fbd592324b3a2ea2d316db30463c47fe1c0c2039dbc13901a2ab9519ce", "c8dae9c8a95d171ce5520f7d1d8fc089cb06cb6cc238e63dc7b2ed0214855cd6", "2348735813c9d79c4723a890b64468f68b448594574b9a70db7a6b9afe1bbb10", "ff9a714c790ccd7c31eb5abb568dc79c9553ff3d99ac84050a62b0feebb6cb11", "0aa0cbcf28aba3c9ea66255d21568dc834aee97f68d1071e7cc49c167e5f4430", "ebf129df20c2e7fc5eeb1c67a0d3184e5f0c022a52368be4a9ea06fe3341c57e"], "mitre_attack_tags": []}, {"bi": "modified-file-in-program-dir", "hashes": ["769a82395d916954845a5dbcce1783e30b50a35e9249081494dfdd8acb05f67c", "6a0dc109135a2a858cddc2b65387d3ad8d67ffc9325440c70eb1bc83f3ba9ef9", "cd7ba4950c05210f3ce55da9466bd531319998be31ecbdab01df806d254ca64f", "f7a704fbd592324b3a2ea2d316db30463c47fe1c0c2039dbc13901a2ab9519ce", "2348735813c9d79c4723a890b64468f68b448594574b9a70db7a6b9afe1bbb10", "ff9a714c790ccd7c31eb5abb568dc79c9553ff3d99ac84050a62b0feebb6cb11", "0aa0cbcf28aba3c9ea66255d21568dc834aee97f68d1071e7cc49c167e5f4430", "b729dc2de3a09245553725e76a1d5da45456d6be6edf6a6c6b4ce0e922895d88", "ebf129df20c2e7fc5eeb1c67a0d3184e5f0c022a52368be4a9ea06fe3341c57e"], "mitre_attack_tags": []}, {"bi": "feed-domain-antivirus-service", "hashes": ["88fc092603ca33d605af12e8c9722ae65801377dc5703a1fd9041c046c0ef5db", "c8dae9c8a95d171ce5520f7d1d8fc089cb06cb6cc238e63dc7b2ed0214855cd6", "c873f96e97877322dab3712e7e32e652a5e7901c1fe41fa65cff80380bd39b52", "9ca16e853d60c67a4d6c379ce90d1a0492b28efc15ce89867a696937ddedd125", "ecb34493e0db3c2cbf6602e183732f43cc1af8b6572244ed8aa2eb18f1de8bf3", "1f73eb2dc88a5a499b95c95463428181c82612361c38490b9a749d5e6dd410a1", "c277448c9e5e8699e9d25258fe07632cc150515afc96a4ac160781552b52460b"], "mitre_attack_tags": []}, {"bi": "artifact-windows-task", "hashes": ["6a0dc109135a2a858cddc2b65387d3ad8d67ffc9325440c70eb1bc83f3ba9ef9", "cd7ba4950c05210f3ce55da9466bd531319998be31ecbdab01df806d254ca64f", "f7a704fbd592324b3a2ea2d316db30463c47fe1c0c2039dbc13901a2ab9519ce", "2348735813c9d79c4723a890b64468f68b448594574b9a70db7a6b9afe1bbb10", "0aa0cbcf28aba3c9ea66255d21568dc834aee97f68d1071e7cc49c167e5f4430", "ebf129df20c2e7fc5eeb1c67a0d3184e5f0c022a52368be4a9ea06fe3341c57e"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1053"]}, {"bi": "windows-util-schtask", "hashes": ["6a0dc109135a2a858cddc2b65387d3ad8d67ffc9325440c70eb1bc83f3ba9ef9", "cd7ba4950c05210f3ce55da9466bd531319998be31ecbdab01df806d254ca64f", "f7a704fbd592324b3a2ea2d316db30463c47fe1c0c2039dbc13901a2ab9519ce", "2348735813c9d79c4723a890b64468f68b448594574b9a70db7a6b9afe1bbb10", "0aa0cbcf28aba3c9ea66255d21568dc834aee97f68d1071e7cc49c167e5f4430", "ebf129df20c2e7fc5eeb1c67a0d3184e5f0c022a52368be4a9ea06fe3341c57e"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1053"]}, {"bi": "schtask-forcefully-created", "hashes": ["6a0dc109135a2a858cddc2b65387d3ad8d67ffc9325440c70eb1bc83f3ba9ef9", "cd7ba4950c05210f3ce55da9466bd531319998be31ecbdab01df806d254ca64f", "f7a704fbd592324b3a2ea2d316db30463c47fe1c0c2039dbc13901a2ab9519ce", "2348735813c9d79c4723a890b64468f68b448594574b9a70db7a6b9afe1bbb10", "0aa0cbcf28aba3c9ea66255d21568dc834aee97f68d1071e7cc49c167e5f4430", "ebf129df20c2e7fc5eeb1c67a0d3184e5f0c022a52368be4a9ea06fe3341c57e"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1053"]}, {"bi": "windows-util-schtask-generic", "hashes": ["6a0dc109135a2a858cddc2b65387d3ad8d67ffc9325440c70eb1bc83f3ba9ef9", "cd7ba4950c05210f3ce55da9466bd531319998be31ecbdab01df806d254ca64f", "f7a704fbd592324b3a2ea2d316db30463c47fe1c0c2039dbc13901a2ab9519ce", "2348735813c9d79c4723a890b64468f68b448594574b9a70db7a6b9afe1bbb10", "0aa0cbcf28aba3c9ea66255d21568dc834aee97f68d1071e7cc49c167e5f4430", "ebf129df20c2e7fc5eeb1c67a0d3184e5f0c022a52368be4a9ea06fe3341c57e"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1053"]}, {"bi": "task-pointed-to-appdata-directory", "hashes": ["6a0dc109135a2a858cddc2b65387d3ad8d67ffc9325440c70eb1bc83f3ba9ef9", "cd7ba4950c05210f3ce55da9466bd531319998be31ecbdab01df806d254ca64f", "f7a704fbd592324b3a2ea2d316db30463c47fe1c0c2039dbc13901a2ab9519ce", "2348735813c9d79c4723a890b64468f68b448594574b9a70db7a6b9afe1bbb10", "0aa0cbcf28aba3c9ea66255d21568dc834aee97f68d1071e7cc49c167e5f4430", "ebf129df20c2e7fc5eeb1c67a0d3184e5f0c022a52368be4a9ea06fe3341c57e"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1053"]}, {"bi": "sample-launched-copy-of-self", "hashes": ["a28e0e11818bc375921d1d2a07a3128b4db509eb5a1340ebb6d8eeaf7c875707", "c873f96e97877322dab3712e7e32e652a5e7901c1fe41fa65cff80380bd39b52", "9ca16e853d60c67a4d6c379ce90d1a0492b28efc15ce89867a696937ddedd125", "ecb34493e0db3c2cbf6602e183732f43cc1af8b6572244ed8aa2eb18f1de8bf3", "b729dc2de3a09245553725e76a1d5da45456d6be6edf6a6c6b4ce0e922895d88"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "network-fast-flux-domain", "hashes": ["c873f96e97877322dab3712e7e32e652a5e7901c1fe41fa65cff80380bd39b52", "9ca16e853d60c67a4d6c379ce90d1a0492b28efc15ce89867a696937ddedd125", "ecb34493e0db3c2cbf6602e183732f43cc1af8b6572244ed8aa2eb18f1de8bf3", "1f73eb2dc88a5a499b95c95463428181c82612361c38490b9a749d5e6dd410a1", "c277448c9e5e8699e9d25258fe07632cc150515afc96a4ac160781552b52460b"], "mitre_attack_tags": []}, {"bi": "file-ini-read", "hashes": ["88fc092603ca33d605af12e8c9722ae65801377dc5703a1fd9041c046c0ef5db", "843d2082b0ecfbfc99780647e82e5575e0371a2bef4ae06ca45e1afa559acc1a", "1f73eb2dc88a5a499b95c95463428181c82612361c38490b9a749d5e6dd410a1", "c277448c9e5e8699e9d25258fe07632cc150515afc96a4ac160781552b52460b"], "mitre_attack_tags": []}, {"bi": "windows-vault-api", "hashes": ["88fc092603ca33d605af12e8c9722ae65801377dc5703a1fd9041c046c0ef5db", "843d2082b0ecfbfc99780647e82e5575e0371a2bef4ae06ca45e1afa559acc1a", "1f73eb2dc88a5a499b95c95463428181c82612361c38490b9a749d5e6dd410a1", "c277448c9e5e8699e9d25258fe07632cc150515afc96a4ac160781552b52460b"], "mitre_attack_tags": ["TA0006", "T1003", "T1555"]}, {"bi": "firefox-password-manager-local-database-access", "hashes": ["88fc092603ca33d605af12e8c9722ae65801377dc5703a1fd9041c046c0ef5db", "843d2082b0ecfbfc99780647e82e5575e0371a2bef4ae06ca45e1afa559acc1a", "1f73eb2dc88a5a499b95c95463428181c82612361c38490b9a749d5e6dd410a1", "c277448c9e5e8699e9d25258fe07632cc150515afc96a4ac160781552b52460b"], "mitre_attack_tags": ["TA0006", "T1003"]}, {"bi": "enumeration-browser-information", "hashes": ["88fc092603ca33d605af12e8c9722ae65801377dc5703a1fd9041c046c0ef5db", "843d2082b0ecfbfc99780647e82e5575e0371a2bef4ae06ca45e1afa559acc1a", "1f73eb2dc88a5a499b95c95463428181c82612361c38490b9a749d5e6dd410a1", "c277448c9e5e8699e9d25258fe07632cc150515afc96a4ac160781552b52460b"], "mitre_attack_tags": ["TA0007", "TA0009", "TA0006", "T1083", "T1217", "T1005", "T1119", "T1552", "T1539", "T1555"]}, {"bi": "pe-encrypted-section", "hashes": ["2348735813c9d79c4723a890b64468f68b448594574b9a70db7a6b9afe1bbb10", "ff9a714c790ccd7c31eb5abb568dc79c9553ff3d99ac84050a62b0feebb6cb11", "0aa0cbcf28aba3c9ea66255d21568dc834aee97f68d1071e7cc49c167e5f4430", "ebf129df20c2e7fc5eeb1c67a0d3184e5f0c022a52368be4a9ea06fe3341c57e"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "network-opendns-malicious", "hashes": ["88fc092603ca33d605af12e8c9722ae65801377dc5703a1fd9041c046c0ef5db", "769a82395d916954845a5dbcce1783e30b50a35e9249081494dfdd8acb05f67c", "c8dae9c8a95d171ce5520f7d1d8fc089cb06cb6cc238e63dc7b2ed0214855cd6"], "mitre_attack_tags": []}, {"bi": "feed-domain-rat", "hashes": ["c8dae9c8a95d171ce5520f7d1d8fc089cb06cb6cc238e63dc7b2ed0214855cd6", "1f73eb2dc88a5a499b95c95463428181c82612361c38490b9a749d5e6dd410a1", "c277448c9e5e8699e9d25258fe07632cc150515afc96a4ac160781552b52460b"], "mitre_attack_tags": []}, {"bi": "artifact-flagged-anomaly", "hashes": ["843d2082b0ecfbfc99780647e82e5575e0371a2bef4ae06ca45e1afa559acc1a", "1f73eb2dc88a5a499b95c95463428181c82612361c38490b9a749d5e6dd410a1", "c277448c9e5e8699e9d25258fe07632cc150515afc96a4ac160781552b52460b"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "malware-agent-tesla-filepath-detected", "hashes": ["843d2082b0ecfbfc99780647e82e5575e0371a2bef4ae06ca45e1afa559acc1a", "1f73eb2dc88a5a499b95c95463428181c82612361c38490b9a749d5e6dd410a1", "c277448c9e5e8699e9d25258fe07632cc150515afc96a4ac160781552b52460b"], "mitre_attack_tags": ["TA0009", "TA0006", "T1123", "T1125", "T1056"]}, {"bi": "malware-generic-infostealer", "hashes": ["843d2082b0ecfbfc99780647e82e5575e0371a2bef4ae06ca45e1afa559acc1a", "1f73eb2dc88a5a499b95c95463428181c82612361c38490b9a749d5e6dd410a1", "c277448c9e5e8699e9d25258fe07632cc150515afc96a4ac160781552b52460b"], "mitre_attack_tags": ["TA0007", "TA0009", "TA0006", "T1083", "T1005", "T1119", "T1552"]}, {"bi": "registry-autorun-key-data-dir", "hashes": ["1f73eb2dc88a5a499b95c95463428181c82612361c38490b9a749d5e6dd410a1", "b729dc2de3a09245553725e76a1d5da45456d6be6edf6a6c6b4ce0e922895d88", "c277448c9e5e8699e9d25258fe07632cc150515afc96a4ac160781552b52460b"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "regasm-network-connection", "hashes": ["1f73eb2dc88a5a499b95c95463428181c82612361c38490b9a749d5e6dd410a1", "c277448c9e5e8699e9d25258fe07632cc150515afc96a4ac160781552b52460b", "23064f9a8ba30be479e5890ec13b654d539098844e9c4a16409dbd4a015513c5"], "mitre_attack_tags": ["TA0005"]}, {"bi": "network-fast-flux-nameserver", "hashes": ["769a82395d916954845a5dbcce1783e30b50a35e9249081494dfdd8acb05f67c", "c8dae9c8a95d171ce5520f7d1d8fc089cb06cb6cc238e63dc7b2ed0214855cd6"], "mitre_attack_tags": []}, {"bi": "dns-excessive-domain-queries", "hashes": ["769a82395d916954845a5dbcce1783e30b50a35e9249081494dfdd8acb05f67c", "c8dae9c8a95d171ce5520f7d1d8fc089cb06cb6cc238e63dc7b2ed0214855cd6"], "mitre_attack_tags": ["TA0011", "T1008"]}, {"bi": "network-communications-http-get", "hashes": ["1f73eb2dc88a5a499b95c95463428181c82612361c38490b9a749d5e6dd410a1", "c277448c9e5e8699e9d25258fe07632cc150515afc96a4ac160781552b52460b"], "mitre_attack_tags": ["TA0011", "T1105"]}, {"bi": "network-communications-smtp", "hashes": ["1f73eb2dc88a5a499b95c95463428181c82612361c38490b9a749d5e6dd410a1", "c277448c9e5e8699e9d25258fe07632cc150515afc96a4ac160781552b52460b"], "mitre_attack_tags": ["TA0011", "T1071"]}, {"bi": "network-smtp-spambot", "hashes": ["1f73eb2dc88a5a499b95c95463428181c82612361c38490b9a749d5e6dd410a1", "c277448c9e5e8699e9d25258fe07632cc150515afc96a4ac160781552b52460b"], "mitre_attack_tags": []}, {"bi": "network-only-safe-domains-contacted", "hashes": ["1f73eb2dc88a5a499b95c95463428181c82612361c38490b9a749d5e6dd410a1", "c277448c9e5e8699e9d25258fe07632cc150515afc96a4ac160781552b52460b"], "mitre_attack_tags": []}, {"bi": "network-http-blank-user-agent", "hashes": ["1f73eb2dc88a5a499b95c95463428181c82612361c38490b9a749d5e6dd410a1", "c277448c9e5e8699e9d25258fe07632cc150515afc96a4ac160781552b52460b"], "mitre_attack_tags": ["TA0011", "T1071"]}, {"bi": "public-ip-address-identification-attempt", "hashes": ["1f73eb2dc88a5a499b95c95463428181c82612361c38490b9a749d5e6dd410a1", "c277448c9e5e8699e9d25258fe07632cc150515afc96a4ac160781552b52460b"], "mitre_attack_tags": ["TA0007", "T1082", "T1016"]}, {"bi": "feed-public-ip-check-dns", "hashes": ["1f73eb2dc88a5a499b95c95463428181c82612361c38490b9a749d5e6dd410a1", "c277448c9e5e8699e9d25258fe07632cc150515afc96a4ac160781552b52460b"], "mitre_attack_tags": []}, {"bi": "registry-autorun-suspicious-public-ip", "hashes": ["1f73eb2dc88a5a499b95c95463428181c82612361c38490b9a749d5e6dd410a1", "c277448c9e5e8699e9d25258fe07632cc150515afc96a4ac160781552b52460b"], "mitre_attack_tags": []}, {"bi": "firefox-cookie-read", "hashes": ["1f73eb2dc88a5a499b95c95463428181c82612361c38490b9a749d5e6dd410a1", "c277448c9e5e8699e9d25258fe07632cc150515afc96a4ac160781552b52460b"], "mitre_attack_tags": ["TA0009", "T1005", "T1119"]}, {"bi": "process-created-executable-autorun", "hashes": ["1f73eb2dc88a5a499b95c95463428181c82612361c38490b9a749d5e6dd410a1", "c277448c9e5e8699e9d25258fe07632cc150515afc96a4ac160781552b52460b"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "dns-query-nxdomain", "hashes": ["88fc092603ca33d605af12e8c9722ae65801377dc5703a1fd9041c046c0ef5db"], "mitre_attack_tags": []}, {"bi": "netbios-query", "hashes": ["88fc092603ca33d605af12e8c9722ae65801377dc5703a1fd9041c046c0ef5db"], "mitre_attack_tags": ["TA0007", "T1016"]}, {"bi": "malware-lokibot-mutex-detected", "hashes": ["88fc092603ca33d605af12e8c9722ae65801377dc5703a1fd9041c046c0ef5db"], "mitre_attack_tags": []}, {"bi": "deleted-submitted-file", "hashes": ["88fc092603ca33d605af12e8c9722ae65801377dc5703a1fd9041c046c0ef5db"], "mitre_attack_tags": ["TA0005", "T1070"]}, {"bi": "altered-sample-dns-flagged", "hashes": ["88fc092603ca33d605af12e8c9722ae65801377dc5703a1fd9041c046c0ef5db"], "mitre_attack_tags": ["TA0011", "T1102"]}, {"bi": "network-dns-category-dynamic", "hashes": ["769a82395d916954845a5dbcce1783e30b50a35e9249081494dfdd8acb05f67c"], "mitre_attack_tags": []}, {"bi": "pe-certificate", "hashes": ["769a82395d916954845a5dbcce1783e30b50a35e9249081494dfdd8acb05f67c"], "mitre_attack_tags": []}, {"bi": "dns-bypassed-assigned-server", "hashes": ["769a82395d916954845a5dbcce1783e30b50a35e9249081494dfdd8acb05f67c"], "mitre_attack_tags": ["TA0011", "TA0005"]}, {"bi": "pe-invalid-certificate-signature", "hashes": ["769a82395d916954845a5dbcce1783e30b50a35e9249081494dfdd8acb05f67c"], "mitre_attack_tags": ["TA0005", "T1553"]}, {"bi": "dns-public-server-contacted", "hashes": ["c8dae9c8a95d171ce5520f7d1d8fc089cb06cb6cc238e63dc7b2ed0214855cd6"], "mitre_attack_tags": ["TA0011", "T1071"]}, {"bi": "network-snort-policy", "hashes": ["b729dc2de3a09245553725e76a1d5da45456d6be6edf6a6c6b4ce0e922895d88"], "mitre_attack_tags": []}, {"bi": "process-requested-named-pipe", "hashes": ["b729dc2de3a09245553725e76a1d5da45456d6be6edf6a6c6b4ce0e922895d88"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "excessive-sample-duplication", "hashes": ["b729dc2de3a09245553725e76a1d5da45456d6be6edf6a6c6b4ce0e922895d88"], "mitre_attack_tags": ["TA0005", "TA0003"]}, {"bi": "modified-file-on-usb", "hashes": ["b729dc2de3a09245553725e76a1d5da45456d6be6edf6a6c6b4ce0e922895d88"], "mitre_attack_tags": ["TA0011", "T1092"]}, {"bi": "excessive-file-modifications", "hashes": ["b729dc2de3a09245553725e76a1d5da45456d6be6edf6a6c6b4ce0e922895d88"], "mitre_attack_tags": []}, {"bi": "file-ini-modified", "hashes": ["b729dc2de3a09245553725e76a1d5da45456d6be6edf6a6c6b4ce0e922895d88"], "mitre_attack_tags": ["TA0003"]}, {"bi": "malware-generic-ransomware-entropy", "hashes": ["b729dc2de3a09245553725e76a1d5da45456d6be6edf6a6c6b4ce0e922895d88"], "mitre_attack_tags": []}, {"bi": "recycler-file-creation", "hashes": ["b729dc2de3a09245553725e76a1d5da45456d6be6edf6a6c6b4ce0e922895d88"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "malware-generic-ransomware", "hashes": ["b729dc2de3a09245553725e76a1d5da45456d6be6edf6a6c6b4ce0e922895d88"], "mitre_attack_tags": []}, {"bi": "recycler-exe-artifact", "hashes": ["b729dc2de3a09245553725e76a1d5da45456d6be6edf6a6c6b4ce0e922895d88"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "deleted-executable-in-program-dir", "hashes": ["b729dc2de3a09245553725e76a1d5da45456d6be6edf6a6c6b4ce0e922895d88"], "mitre_attack_tags": []}, {"bi": "malware-ransomware-phobos-mutex", "hashes": ["b729dc2de3a09245553725e76a1d5da45456d6be6edf6a6c6b4ce0e922895d88"], "mitre_attack_tags": []}, {"bi": "recycler-exe-creation", "hashes": ["b729dc2de3a09245553725e76a1d5da45456d6be6edf6a6c6b4ce0e922895d88"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "process-deletes-many-files", "hashes": ["b729dc2de3a09245553725e76a1d5da45456d6be6edf6a6c6b4ce0e922895d88"], "mitre_attack_tags": []}, {"bi": "created-executable-sample-appdata", "hashes": ["b729dc2de3a09245553725e76a1d5da45456d6be6edf6a6c6b4ce0e922895d88"], "mitre_attack_tags": ["TA0005", "T1564"]}], "category": "Dropper", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": true, "Threat Grid": true, "Umbrella": true, "WSA": true}, "description": "Nanocore is a .NET remote access trojan. Its source code has been leaked several times, making it widely available. Like other RATs, it allows full control of the system, including recording video and audio, stealing passwords, downloading files and recording keystrokes.", "hashes": ["0aa0cbcf28aba3c9ea66255d21568dc834aee97f68d1071e7cc49c167e5f4430", "1f73eb2dc88a5a499b95c95463428181c82612361c38490b9a749d5e6dd410a1", "23064f9a8ba30be479e5890ec13b654d539098844e9c4a16409dbd4a015513c5", "2348735813c9d79c4723a890b64468f68b448594574b9a70db7a6b9afe1bbb10", "6a0dc109135a2a858cddc2b65387d3ad8d67ffc9325440c70eb1bc83f3ba9ef9", "769a82395d916954845a5dbcce1783e30b50a35e9249081494dfdd8acb05f67c", "843d2082b0ecfbfc99780647e82e5575e0371a2bef4ae06ca45e1afa559acc1a", "88fc092603ca33d605af12e8c9722ae65801377dc5703a1fd9041c046c0ef5db", "9ca16e853d60c67a4d6c379ce90d1a0492b28efc15ce89867a696937ddedd125", "a28e0e11818bc375921d1d2a07a3128b4db509eb5a1340ebb6d8eeaf7c875707", "b729dc2de3a09245553725e76a1d5da45456d6be6edf6a6c6b4ce0e922895d88", "c277448c9e5e8699e9d25258fe07632cc150515afc96a4ac160781552b52460b", "c873f96e97877322dab3712e7e32e652a5e7901c1fe41fa65cff80380bd39b52", "c8dae9c8a95d171ce5520f7d1d8fc089cb06cb6cc238e63dc7b2ed0214855cd6", "cd7ba4950c05210f3ce55da9466bd531319998be31ecbdab01df806d254ca64f", "ebf129df20c2e7fc5eeb1c67a0d3184e5f0c022a52368be4a9ea06fe3341c57e", "ecb34493e0db3c2cbf6602e183732f43cc1af8b6572244ed8aa2eb18f1de8bf3", "f7a704fbd592324b3a2ea2d316db30463c47fe1c0c2039dbc13901a2ab9519ce", "ff9a714c790ccd7c31eb5abb568dc79c9553ff3d99ac84050a62b0feebb6cb11"], "iocs": {"domain": [{"hashes": ["9ca16e853d60c67a4d6c379ce90d1a0492b28efc15ce89867a696937ddedd125", "c873f96e97877322dab3712e7e32e652a5e7901c1fe41fa65cff80380bd39b52", "c8dae9c8a95d171ce5520f7d1d8fc089cb06cb6cc238e63dc7b2ed0214855cd6", "ecb34493e0db3c2cbf6602e183732f43cc1af8b6572244ed8aa2eb18f1de8bf3"], "host": "bright1[.]awsmppl[.]com"}, {"hashes": ["9ca16e853d60c67a4d6c379ce90d1a0492b28efc15ce89867a696937ddedd125", "c873f96e97877322dab3712e7e32e652a5e7901c1fe41fa65cff80380bd39b52", "ecb34493e0db3c2cbf6602e183732f43cc1af8b6572244ed8aa2eb18f1de8bf3"], "host": "brightgee[.]phatbois[.]biz"}, {"hashes": ["1f73eb2dc88a5a499b95c95463428181c82612361c38490b9a749d5e6dd410a1", "c277448c9e5e8699e9d25258fe07632cc150515afc96a4ac160781552b52460b"], "host": "checkip[.]amazonaws[.]com"}, {"hashes": ["1f73eb2dc88a5a499b95c95463428181c82612361c38490b9a749d5e6dd410a1", "c277448c9e5e8699e9d25258fe07632cc150515afc96a4ac160781552b52460b"], "host": "smtp[.]yandex[.]com"}, {"hashes": ["c8dae9c8a95d171ce5520f7d1d8fc089cb06cb6cc238e63dc7b2ed0214855cd6"], "host": "ml[.]warzonedns[.]com"}, {"hashes": ["88fc092603ca33d605af12e8c9722ae65801377dc5703a1fd9041c046c0ef5db"], "host": "epiccard[.]tech"}, {"hashes": ["769a82395d916954845a5dbcce1783e30b50a35e9249081494dfdd8acb05f67c"], "host": "sarlelhassan[.]ddns[.]net"}, {"hashes": ["769a82395d916954845a5dbcce1783e30b50a35e9249081494dfdd8acb05f67c"], "host": "stevesteves001[.]warzonedns[.]com"}], "file": [{"hashes": ["0aa0cbcf28aba3c9ea66255d21568dc834aee97f68d1071e7cc49c167e5f4430", "2348735813c9d79c4723a890b64468f68b448594574b9a70db7a6b9afe1bbb10", "6a0dc109135a2a858cddc2b65387d3ad8d67ffc9325440c70eb1bc83f3ba9ef9", "769a82395d916954845a5dbcce1783e30b50a35e9249081494dfdd8acb05f67c", "c8dae9c8a95d171ce5520f7d1d8fc089cb06cb6cc238e63dc7b2ed0214855cd6", "cd7ba4950c05210f3ce55da9466bd531319998be31ecbdab01df806d254ca64f", "ebf129df20c2e7fc5eeb1c67a0d3184e5f0c022a52368be4a9ea06fe3341c57e", "f7a704fbd592324b3a2ea2d316db30463c47fe1c0c2039dbc13901a2ab9519ce", "ff9a714c790ccd7c31eb5abb568dc79c9553ff3d99ac84050a62b0feebb6cb11"], "path": "%APPDATA%\\D19AB989-A35F-4710-83DF-7B2DB7EFE7C5"}, {"hashes": ["0aa0cbcf28aba3c9ea66255d21568dc834aee97f68d1071e7cc49c167e5f4430", "2348735813c9d79c4723a890b64468f68b448594574b9a70db7a6b9afe1bbb10", "6a0dc109135a2a858cddc2b65387d3ad8d67ffc9325440c70eb1bc83f3ba9ef9", "769a82395d916954845a5dbcce1783e30b50a35e9249081494dfdd8acb05f67c", "c8dae9c8a95d171ce5520f7d1d8fc089cb06cb6cc238e63dc7b2ed0214855cd6", "cd7ba4950c05210f3ce55da9466bd531319998be31ecbdab01df806d254ca64f", "ebf129df20c2e7fc5eeb1c67a0d3184e5f0c022a52368be4a9ea06fe3341c57e", "f7a704fbd592324b3a2ea2d316db30463c47fe1c0c2039dbc13901a2ab9519ce", "ff9a714c790ccd7c31eb5abb568dc79c9553ff3d99ac84050a62b0feebb6cb11"], "path": "%APPDATA%\\D19AB989-A35F-4710-83DF-7B2DB7EFE7C5\\Logs"}, {"hashes": ["0aa0cbcf28aba3c9ea66255d21568dc834aee97f68d1071e7cc49c167e5f4430", "2348735813c9d79c4723a890b64468f68b448594574b9a70db7a6b9afe1bbb10", "6a0dc109135a2a858cddc2b65387d3ad8d67ffc9325440c70eb1bc83f3ba9ef9", "769a82395d916954845a5dbcce1783e30b50a35e9249081494dfdd8acb05f67c", "c8dae9c8a95d171ce5520f7d1d8fc089cb06cb6cc238e63dc7b2ed0214855cd6", "cd7ba4950c05210f3ce55da9466bd531319998be31ecbdab01df806d254ca64f", "ebf129df20c2e7fc5eeb1c67a0d3184e5f0c022a52368be4a9ea06fe3341c57e", "f7a704fbd592324b3a2ea2d316db30463c47fe1c0c2039dbc13901a2ab9519ce", "ff9a714c790ccd7c31eb5abb568dc79c9553ff3d99ac84050a62b0feebb6cb11"], "path": "%APPDATA%\\D19AB989-A35F-4710-83DF-7B2DB7EFE7C5\\Logs\\Administrator"}, {"hashes": ["0aa0cbcf28aba3c9ea66255d21568dc834aee97f68d1071e7cc49c167e5f4430", "2348735813c9d79c4723a890b64468f68b448594574b9a70db7a6b9afe1bbb10", "6a0dc109135a2a858cddc2b65387d3ad8d67ffc9325440c70eb1bc83f3ba9ef9", "769a82395d916954845a5dbcce1783e30b50a35e9249081494dfdd8acb05f67c", "c8dae9c8a95d171ce5520f7d1d8fc089cb06cb6cc238e63dc7b2ed0214855cd6", "cd7ba4950c05210f3ce55da9466bd531319998be31ecbdab01df806d254ca64f", "ebf129df20c2e7fc5eeb1c67a0d3184e5f0c022a52368be4a9ea06fe3341c57e", "f7a704fbd592324b3a2ea2d316db30463c47fe1c0c2039dbc13901a2ab9519ce", "ff9a714c790ccd7c31eb5abb568dc79c9553ff3d99ac84050a62b0feebb6cb11"], "path": "%APPDATA%\\D19AB989-A35F-4710-83DF-7B2DB7EFE7C5\\run.dat"}, {"hashes": ["0aa0cbcf28aba3c9ea66255d21568dc834aee97f68d1071e7cc49c167e5f4430", "2348735813c9d79c4723a890b64468f68b448594574b9a70db7a6b9afe1bbb10", "6a0dc109135a2a858cddc2b65387d3ad8d67ffc9325440c70eb1bc83f3ba9ef9", "769a82395d916954845a5dbcce1783e30b50a35e9249081494dfdd8acb05f67c", "cd7ba4950c05210f3ce55da9466bd531319998be31ecbdab01df806d254ca64f", "ebf129df20c2e7fc5eeb1c67a0d3184e5f0c022a52368be4a9ea06fe3341c57e", "f7a704fbd592324b3a2ea2d316db30463c47fe1c0c2039dbc13901a2ab9519ce", "ff9a714c790ccd7c31eb5abb568dc79c9553ff3d99ac84050a62b0feebb6cb11"], "path": "%ProgramFiles(x86)%\\AGP Manager"}, {"hashes": ["0aa0cbcf28aba3c9ea66255d21568dc834aee97f68d1071e7cc49c167e5f4430", "2348735813c9d79c4723a890b64468f68b448594574b9a70db7a6b9afe1bbb10", "6a0dc109135a2a858cddc2b65387d3ad8d67ffc9325440c70eb1bc83f3ba9ef9", "769a82395d916954845a5dbcce1783e30b50a35e9249081494dfdd8acb05f67c", "cd7ba4950c05210f3ce55da9466bd531319998be31ecbdab01df806d254ca64f", "ebf129df20c2e7fc5eeb1c67a0d3184e5f0c022a52368be4a9ea06fe3341c57e", "f7a704fbd592324b3a2ea2d316db30463c47fe1c0c2039dbc13901a2ab9519ce", "ff9a714c790ccd7c31eb5abb568dc79c9553ff3d99ac84050a62b0feebb6cb11"], "path": "%ProgramFiles(x86)%\\AGP Manager\\agpmgr.exe"}, {"hashes": ["0aa0cbcf28aba3c9ea66255d21568dc834aee97f68d1071e7cc49c167e5f4430", "2348735813c9d79c4723a890b64468f68b448594574b9a70db7a6b9afe1bbb10", "6a0dc109135a2a858cddc2b65387d3ad8d67ffc9325440c70eb1bc83f3ba9ef9", "cd7ba4950c05210f3ce55da9466bd531319998be31ecbdab01df806d254ca64f", "ebf129df20c2e7fc5eeb1c67a0d3184e5f0c022a52368be4a9ea06fe3341c57e", "f7a704fbd592324b3a2ea2d316db30463c47fe1c0c2039dbc13901a2ab9519ce"], "path": "%APPDATA%\\D19AB989-A35F-4710-83DF-7B2DB7EFE7C5\\task.dat"}, {"hashes": ["0aa0cbcf28aba3c9ea66255d21568dc834aee97f68d1071e7cc49c167e5f4430", "2348735813c9d79c4723a890b64468f68b448594574b9a70db7a6b9afe1bbb10", "6a0dc109135a2a858cddc2b65387d3ad8d67ffc9325440c70eb1bc83f3ba9ef9", "cd7ba4950c05210f3ce55da9466bd531319998be31ecbdab01df806d254ca64f", "ebf129df20c2e7fc5eeb1c67a0d3184e5f0c022a52368be4a9ea06fe3341c57e", "f7a704fbd592324b3a2ea2d316db30463c47fe1c0c2039dbc13901a2ab9519ce"], "path": "%System32%\\Tasks\\AGP Manager"}, {"hashes": ["0aa0cbcf28aba3c9ea66255d21568dc834aee97f68d1071e7cc49c167e5f4430", "2348735813c9d79c4723a890b64468f68b448594574b9a70db7a6b9afe1bbb10", "6a0dc109135a2a858cddc2b65387d3ad8d67ffc9325440c70eb1bc83f3ba9ef9", "cd7ba4950c05210f3ce55da9466bd531319998be31ecbdab01df806d254ca64f", "ebf129df20c2e7fc5eeb1c67a0d3184e5f0c022a52368be4a9ea06fe3341c57e", "f7a704fbd592324b3a2ea2d316db30463c47fe1c0c2039dbc13901a2ab9519ce"], "path": "%System32%\\Tasks\\AGP Manager Task"}, {"hashes": ["0aa0cbcf28aba3c9ea66255d21568dc834aee97f68d1071e7cc49c167e5f4430", "2348735813c9d79c4723a890b64468f68b448594574b9a70db7a6b9afe1bbb10", "6a0dc109135a2a858cddc2b65387d3ad8d67ffc9325440c70eb1bc83f3ba9ef9", "cd7ba4950c05210f3ce55da9466bd531319998be31ecbdab01df806d254ca64f", "ebf129df20c2e7fc5eeb1c67a0d3184e5f0c022a52368be4a9ea06fe3341c57e", "f7a704fbd592324b3a2ea2d316db30463c47fe1c0c2039dbc13901a2ab9519ce"], "path": "%TEMP%\\tmp<random, matching [A-F0-9]{1,4}>.tmp"}, {"hashes": ["6a0dc109135a2a858cddc2b65387d3ad8d67ffc9325440c70eb1bc83f3ba9ef9", "cd7ba4950c05210f3ce55da9466bd531319998be31ecbdab01df806d254ca64f", "f7a704fbd592324b3a2ea2d316db30463c47fe1c0c2039dbc13901a2ab9519ce", "ff9a714c790ccd7c31eb5abb568dc79c9553ff3d99ac84050a62b0feebb6cb11"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\ensptrbyxaelazb.vbs"}, {"hashes": ["6a0dc109135a2a858cddc2b65387d3ad8d67ffc9325440c70eb1bc83f3ba9ef9", "cd7ba4950c05210f3ce55da9466bd531319998be31ecbdab01df806d254ca64f", "f7a704fbd592324b3a2ea2d316db30463c47fe1c0c2039dbc13901a2ab9519ce", "ff9a714c790ccd7c31eb5abb568dc79c9553ff3d99ac84050a62b0feebb6cb11"], "path": "%APPDATA%\\hbmwcjzrpp"}, {"hashes": ["6a0dc109135a2a858cddc2b65387d3ad8d67ffc9325440c70eb1bc83f3ba9ef9", "cd7ba4950c05210f3ce55da9466bd531319998be31ecbdab01df806d254ca64f", "f7a704fbd592324b3a2ea2d316db30463c47fe1c0c2039dbc13901a2ab9519ce", "ff9a714c790ccd7c31eb5abb568dc79c9553ff3d99ac84050a62b0feebb6cb11"], "path": "%APPDATA%\\hbmwcjzrpp\\ensptrbyxaelazb.exe"}, {"hashes": ["0aa0cbcf28aba3c9ea66255d21568dc834aee97f68d1071e7cc49c167e5f4430", "2348735813c9d79c4723a890b64468f68b448594574b9a70db7a6b9afe1bbb10", "ebf129df20c2e7fc5eeb1c67a0d3184e5f0c022a52368be4a9ea06fe3341c57e"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\zmpesqpigdgyqtc.vbs"}, {"hashes": ["0aa0cbcf28aba3c9ea66255d21568dc834aee97f68d1071e7cc49c167e5f4430", "2348735813c9d79c4723a890b64468f68b448594574b9a70db7a6b9afe1bbb10", "ebf129df20c2e7fc5eeb1c67a0d3184e5f0c022a52368be4a9ea06fe3341c57e"], "path": "%APPDATA%\\hqwhhfunce"}, {"hashes": ["0aa0cbcf28aba3c9ea66255d21568dc834aee97f68d1071e7cc49c167e5f4430", "2348735813c9d79c4723a890b64468f68b448594574b9a70db7a6b9afe1bbb10", "ebf129df20c2e7fc5eeb1c67a0d3184e5f0c022a52368be4a9ea06fe3341c57e"], "path": "%APPDATA%\\hqwhhfunce\\zmpesqpigdgyqtc.exe"}, {"hashes": ["1f73eb2dc88a5a499b95c95463428181c82612361c38490b9a749d5e6dd410a1", "c277448c9e5e8699e9d25258fe07632cc150515afc96a4ac160781552b52460b"], "path": "%APPDATA%\\MyApp\\MyApp.exe"}, {"hashes": ["9ca16e853d60c67a4d6c379ce90d1a0492b28efc15ce89867a696937ddedd125", "ecb34493e0db3c2cbf6602e183732f43cc1af8b6572244ed8aa2eb18f1de8bf3"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\ncynfkdiseoqyjq.vbs"}, {"hashes": ["9ca16e853d60c67a4d6c379ce90d1a0492b28efc15ce89867a696937ddedd125", "ecb34493e0db3c2cbf6602e183732f43cc1af8b6572244ed8aa2eb18f1de8bf3"], "path": "%APPDATA%\\gjqcrsyeiz\\ncynfkdiseoqyjq.exe"}, {"hashes": ["b729dc2de3a09245553725e76a1d5da45456d6be6edf6a6c6b4ce0e922895d88"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\desktop.ini.id[98B68E3C-2275].[recovermyfiles2019@thesecure.biz].Adame"}, {"hashes": ["c277448c9e5e8699e9d25258fe07632cc150515afc96a4ac160781552b52460b"], "path": "%TEMP%\\638094733462004000_0e17d79b-46a9-4d98-a066-dda3308efeb0.db"}, {"hashes": ["c277448c9e5e8699e9d25258fe07632cc150515afc96a4ac160781552b52460b"], "path": "%APPDATA%\\lpupw5gp.0lp.zip"}, {"hashes": ["c277448c9e5e8699e9d25258fe07632cc150515afc96a4ac160781552b52460b"], "path": "%APPDATA%\\lpupw5gp.0lp\\Firefox\\Profiles\\1lcuq8ab.default\\cookies.sqlite"}, {"hashes": ["c277448c9e5e8699e9d25258fe07632cc150515afc96a4ac160781552b52460b"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\sosikeuywehiylb.vbs"}, {"hashes": ["c277448c9e5e8699e9d25258fe07632cc150515afc96a4ac160781552b52460b"], "path": "%APPDATA%\\ubrwzdoiby\\sosikeuywehiylb.exe"}, {"hashes": ["b729dc2de3a09245553725e76a1d5da45456d6be6edf6a6c6b4ce0e922895d88"], "path": "%ProgramFiles%\\Microsoft Office\\Office14\\1033\\BHOINTL.DLL.id[98B68E3C-2275].[recovermyfiles2019@thesecure.biz].Adame"}, {"hashes": ["b729dc2de3a09245553725e76a1d5da45456d6be6edf6a6c6b4ce0e922895d88"], "path": "%ProgramFiles%\\Microsoft Office\\Office14\\1033\\MAPISHELLR.DLL.id[98B68E3C-2275].[recovermyfiles2019@thesecure.biz].Adame"}, {"hashes": ["b729dc2de3a09245553725e76a1d5da45456d6be6edf6a6c6b4ce0e922895d88"], "path": "%ProgramFiles%\\Microsoft Office\\Office14\\1033\\Mso Example Intl Setup File A.txt.id[98B68E3C-2275].[recovermyfiles2019@thesecure.biz].Adame"}, {"hashes": ["b729dc2de3a09245553725e76a1d5da45456d6be6edf6a6c6b4ce0e922895d88"], "path": "%ProgramFiles%\\Microsoft Office\\Office14\\1033\\Mso Example Intl Setup File B.txt.id[98B68E3C-2275].[recovermyfiles2019@thesecure.biz].Adame"}, {"hashes": ["b729dc2de3a09245553725e76a1d5da45456d6be6edf6a6c6b4ce0e922895d88"], "path": "%ProgramFiles%\\Microsoft Office\\Office14\\AUTHZAX.DLL.id[98B68E3C-2275].[recovermyfiles2019@thesecure.biz].Adame"}, {"hashes": ["b729dc2de3a09245553725e76a1d5da45456d6be6edf6a6c6b4ce0e922895d88"], "path": "%ProgramFiles%\\Microsoft Office\\Office14\\BCSLaunch.dll.id[98B68E3C-2275].[recovermyfiles2019@thesecure.biz].Adame"}, {"hashes": ["b729dc2de3a09245553725e76a1d5da45456d6be6edf6a6c6b4ce0e922895d88"], "path": "%ProgramFiles%\\Microsoft Office\\Office14\\Custom.propdesc.id[98B68E3C-2275].[recovermyfiles2019@thesecure.biz].Adame"}, {"hashes": ["b729dc2de3a09245553725e76a1d5da45456d6be6edf6a6c6b4ce0e922895d88"], "path": "%ProgramFiles%\\Microsoft Office\\Office14\\IEAWSDC.DLL.id[98B68E3C-2275].[recovermyfiles2019@thesecure.biz].Adame"}, {"hashes": ["b729dc2de3a09245553725e76a1d5da45456d6be6edf6a6c6b4ce0e922895d88"], "path": "%ProgramFiles%\\Microsoft Office\\Office14\\MSOHEV.DLL.id[98B68E3C-2275].[recovermyfiles2019@thesecure.biz].Adame"}, {"hashes": ["b729dc2de3a09245553725e76a1d5da45456d6be6edf6a6c6b4ce0e922895d88"], "path": "%ProgramFiles%\\Microsoft Office\\Office14\\MSOHEVI.DLL.id[98B68E3C-2275].[recovermyfiles2019@thesecure.biz].Adame"}, {"hashes": ["b729dc2de3a09245553725e76a1d5da45456d6be6edf6a6c6b4ce0e922895d88"], "path": "%ProgramFiles%\\Microsoft Office\\Office14\\MSOHTMED.EXE.id[98B68E3C-2275].[recovermyfiles2019@thesecure.biz].Adame"}, {"hashes": ["b729dc2de3a09245553725e76a1d5da45456d6be6edf6a6c6b4ce0e922895d88"], "path": "%ProgramFiles%\\Microsoft Office\\Office14\\Mso Example Setup File A.txt.id[98B68E3C-2275].[recovermyfiles2019@thesecure.biz].Adame"}, {"hashes": ["b729dc2de3a09245553725e76a1d5da45456d6be6edf6a6c6b4ce0e922895d88"], "path": "%ProgramFiles%\\Microsoft Office\\Office14\\NAMEEXT.DLL.id[98B68E3C-2275].[recovermyfiles2019@thesecure.biz].Adame"}, {"hashes": ["b729dc2de3a09245553725e76a1d5da45456d6be6edf6a6c6b4ce0e922895d88"], "path": "%ProgramFiles%\\Microsoft Office\\Office14\\NPAUTHZ.DLL.id[98B68E3C-2275].[recovermyfiles2019@thesecure.biz].Adame"}, {"hashes": ["b729dc2de3a09245553725e76a1d5da45456d6be6edf6a6c6b4ce0e922895d88"], "path": "%ProgramFiles%\\Microsoft Office\\Office14\\OLKFSTUB.DLL.id[98B68E3C-2275].[recovermyfiles2019@thesecure.biz].Adame"}, {"hashes": ["b729dc2de3a09245553725e76a1d5da45456d6be6edf6a6c6b4ce0e922895d88"], "path": "%ProgramFiles%\\Microsoft Office\\Office14\\ONBttnIE.dll.id[98B68E3C-2275].[recovermyfiles2019@thesecure.biz].Adame"}, {"hashes": ["b729dc2de3a09245553725e76a1d5da45456d6be6edf6a6c6b4ce0e922895d88"], "path": "%ProgramFiles%\\Microsoft Office\\Office14\\ONBttnIELinkedNotes.dll.id[98B68E3C-2275].[recovermyfiles2019@thesecure.biz].Adame"}, {"hashes": ["b729dc2de3a09245553725e76a1d5da45456d6be6edf6a6c6b4ce0e922895d88"], "path": "%ProgramFiles%\\Microsoft Office\\Office14\\ONLNTCOMLIB.DLL.id[98B68E3C-2275].[recovermyfiles2019@thesecure.biz].Adame"}, {"hashes": ["b729dc2de3a09245553725e76a1d5da45456d6be6edf6a6c6b4ce0e922895d88"], "path": "%ProgramFiles%\\Microsoft Office\\Office14\\URLREDIR.DLL.id[98B68E3C-2275].[recovermyfiles2019@thesecure.biz].Adame"}, {"hashes": ["b729dc2de3a09245553725e76a1d5da45456d6be6edf6a6c6b4ce0e922895d88"], "path": "%ProgramFiles%\\Microsoft Office\\Office14\\VISSHE.DLL.id[98B68E3C-2275].[recovermyfiles2019@thesecure.biz].Adame"}, {"hashes": ["b729dc2de3a09245553725e76a1d5da45456d6be6edf6a6c6b4ce0e922895d88"], "path": "%ProgramFiles%\\Microsoft Office\\Office14\\VisioCustom.propdesc.id[98B68E3C-2275].[recovermyfiles2019@thesecure.biz].Adame"}, {"hashes": ["b729dc2de3a09245553725e76a1d5da45456d6be6edf6a6c6b4ce0e922895d88"], "path": "%ProgramFiles%\\desktop.ini.id[98B68E3C-2275].[recovermyfiles2019@thesecure.biz].Adame"}, {"hashes": ["b729dc2de3a09245553725e76a1d5da45456d6be6edf6a6c6b4ce0e922895d88"], "path": "%LOCALAPPDATA%\\b729dc2de3a09245553725e76a1d5da45456d6be6edf6a6c6b4ce0e922895d88.exe"}, {"hashes": ["b729dc2de3a09245553725e76a1d5da45456d6be6edf6a6c6b4ce0e922895d88"], "path": "%ProgramData%\\microsoft\\windows\\start menu\\programs\\startup\\b729dc2de3a09245553725e76a1d5da45456d6be6edf6a6c6b4ce0e922895d88.exe"}, {"hashes": ["b729dc2de3a09245553725e76a1d5da45456d6be6edf6a6c6b4ce0e922895d88"], "path": "%APPDATA%\\microsoft\\windows\\start menu\\programs\\startup\\b729dc2de3a09245553725e76a1d5da45456d6be6edf6a6c6b4ce0e922895d88.exe"}], "ip": [{"hashes": ["0aa0cbcf28aba3c9ea66255d21568dc834aee97f68d1071e7cc49c167e5f4430", "2348735813c9d79c4723a890b64468f68b448594574b9a70db7a6b9afe1bbb10", "6a0dc109135a2a858cddc2b65387d3ad8d67ffc9325440c70eb1bc83f3ba9ef9", "cd7ba4950c05210f3ce55da9466bd531319998be31ecbdab01df806d254ca64f", "ebf129df20c2e7fc5eeb1c67a0d3184e5f0c022a52368be4a9ea06fe3341c57e", "f7a704fbd592324b3a2ea2d316db30463c47fe1c0c2039dbc13901a2ab9519ce"], "ip": "173[.]254[.]223[.]94"}, {"hashes": ["9ca16e853d60c67a4d6c379ce90d1a0492b28efc15ce89867a696937ddedd125", "c873f96e97877322dab3712e7e32e652a5e7901c1fe41fa65cff80380bd39b52", "c8dae9c8a95d171ce5520f7d1d8fc089cb06cb6cc238e63dc7b2ed0214855cd6"], "ip": "64[.]32[.]8[.]67"}, {"hashes": ["9ca16e853d60c67a4d6c379ce90d1a0492b28efc15ce89867a696937ddedd125", "c873f96e97877322dab3712e7e32e652a5e7901c1fe41fa65cff80380bd39b52", "ecb34493e0db3c2cbf6602e183732f43cc1af8b6572244ed8aa2eb18f1de8bf3"], "ip": "35[.]205[.]61[.]67"}, {"hashes": ["1f73eb2dc88a5a499b95c95463428181c82612361c38490b9a749d5e6dd410a1", "c277448c9e5e8699e9d25258fe07632cc150515afc96a4ac160781552b52460b"], "ip": "77[.]88[.]21[.]158"}, {"hashes": ["c8dae9c8a95d171ce5520f7d1d8fc089cb06cb6cc238e63dc7b2ed0214855cd6", "ecb34493e0db3c2cbf6602e183732f43cc1af8b6572244ed8aa2eb18f1de8bf3"], "ip": "185[.]107[.]56[.]58"}, {"hashes": ["769a82395d916954845a5dbcce1783e30b50a35e9249081494dfdd8acb05f67c"], "ip": "37[.]235[.]1[.]177"}, {"hashes": ["769a82395d916954845a5dbcce1783e30b50a35e9249081494dfdd8acb05f67c"], "ip": "37[.]235[.]1[.]174"}, {"hashes": ["ff9a714c790ccd7c31eb5abb568dc79c9553ff3d99ac84050a62b0feebb6cb11"], "ip": "185[.]19[.]85[.]183"}, {"hashes": ["c8dae9c8a95d171ce5520f7d1d8fc089cb06cb6cc238e63dc7b2ed0214855cd6"], "ip": "64[.]32[.]8[.]68"}, {"hashes": ["c8dae9c8a95d171ce5520f7d1d8fc089cb06cb6cc238e63dc7b2ed0214855cd6"], "ip": "185[.]107[.]56[.]60"}, {"hashes": ["1f73eb2dc88a5a499b95c95463428181c82612361c38490b9a749d5e6dd410a1"], "ip": "52[.]23[.]46[.]39"}, {"hashes": ["23064f9a8ba30be479e5890ec13b654d539098844e9c4a16409dbd4a015513c5"], "ip": "185[.]157[.]161[.]147"}, {"hashes": ["c8dae9c8a95d171ce5520f7d1d8fc089cb06cb6cc238e63dc7b2ed0214855cd6"], "ip": "185[.]107[.]56[.]57"}, {"hashes": ["c277448c9e5e8699e9d25258fe07632cc150515afc96a4ac160781552b52460b"], "ip": "35[.]169[.]217[.]142"}], "mutex": [{"hashes": ["0aa0cbcf28aba3c9ea66255d21568dc834aee97f68d1071e7cc49c167e5f4430", "2348735813c9d79c4723a890b64468f68b448594574b9a70db7a6b9afe1bbb10", "6a0dc109135a2a858cddc2b65387d3ad8d67ffc9325440c70eb1bc83f3ba9ef9", "cd7ba4950c05210f3ce55da9466bd531319998be31ecbdab01df806d254ca64f", "ebf129df20c2e7fc5eeb1c67a0d3184e5f0c022a52368be4a9ea06fe3341c57e", "f7a704fbd592324b3a2ea2d316db30463c47fe1c0c2039dbc13901a2ab9519ce"], "name": "Global\\{6eacccb2-da40-404e-ba3f-9cf2cb842104}"}, {"hashes": ["9ca16e853d60c67a4d6c379ce90d1a0492b28efc15ce89867a696937ddedd125", "c873f96e97877322dab3712e7e32e652a5e7901c1fe41fa65cff80380bd39b52", "ecb34493e0db3c2cbf6602e183732f43cc1af8b6572244ed8aa2eb18f1de8bf3"], "name": "-"}, {"hashes": ["88fc092603ca33d605af12e8c9722ae65801377dc5703a1fd9041c046c0ef5db"], "name": "3749282D282E1E80C56CAE5A"}, {"hashes": ["b729dc2de3a09245553725e76a1d5da45456d6be6edf6a6c6b4ce0e922895d88"], "name": "Global\\<<BID>>98B68E3C00000000"}, {"hashes": ["b729dc2de3a09245553725e76a1d5da45456d6be6edf6a6c6b4ce0e922895d88"], "name": "Global\\<<BID>>98B68E3C00000001"}, {"hashes": ["c8dae9c8a95d171ce5520f7d1d8fc089cb06cb6cc238e63dc7b2ed0214855cd6"], "name": "Global\\{2de2dd5e-5799-4adf-b77b-aaae77ba7236}"}, {"hashes": ["769a82395d916954845a5dbcce1783e30b50a35e9249081494dfdd8acb05f67c"], "name": "Global\\{217c10cb-4875-422a-a6ac-cae34e8afb0c}"}, {"hashes": ["23064f9a8ba30be479e5890ec13b654d539098844e9c4a16409dbd4a015513c5"], "name": "f8a1hk9am3adue2674aue"}, {"hashes": ["ff9a714c790ccd7c31eb5abb568dc79c9553ff3d99ac84050a62b0feebb6cb11"], "name": "Global\\{d26f97e8-1d06-44a6-abc2-219db996fe51}"}], "registry": [{"hashes": ["0aa0cbcf28aba3c9ea66255d21568dc834aee97f68d1071e7cc49c167e5f4430", "2348735813c9d79c4723a890b64468f68b448594574b9a70db7a6b9afe1bbb10", "6a0dc109135a2a858cddc2b65387d3ad8d67ffc9325440c70eb1bc83f3ba9ef9", "769a82395d916954845a5dbcce1783e30b50a35e9249081494dfdd8acb05f67c", "cd7ba4950c05210f3ce55da9466bd531319998be31ecbdab01df806d254ca64f", "ebf129df20c2e7fc5eeb1c67a0d3184e5f0c022a52368be4a9ea06fe3341c57e", "f7a704fbd592324b3a2ea2d316db30463c47fe1c0c2039dbc13901a2ab9519ce", "ff9a714c790ccd7c31eb5abb568dc79c9553ff3d99ac84050a62b0feebb6cb11"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "AGP Manager"}, {"hashes": ["23064f9a8ba30be479e5890ec13b654d539098844e9c4a16409dbd4a015513c5", "88fc092603ca33d605af12e8c9722ae65801377dc5703a1fd9041c046c0ef5db", "cd7ba4950c05210f3ce55da9466bd531319998be31ecbdab01df806d254ca64f"], "key": "<HKCR>\\LOCAL SETTINGS\\MUICACHE\\82\\52C64B7E", "value_name": "LanguageList"}, {"hashes": ["1f73eb2dc88a5a499b95c95463428181c82612361c38490b9a749d5e6dd410a1", "c277448c9e5e8699e9d25258fe07632cc150515afc96a4ac160781552b52460b"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "MyApp"}, {"hashes": ["23064f9a8ba30be479e5890ec13b654d539098844e9c4a16409dbd4a015513c5"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\.NET CLR DATA\\LINKAGE", "value_name": "Export"}, {"hashes": ["23064f9a8ba30be479e5890ec13b654d539098844e9c4a16409dbd4a015513c5"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\.NET CLR NETWORKING\\LINKAGE", "value_name": "Export"}, {"hashes": ["23064f9a8ba30be479e5890ec13b654d539098844e9c4a16409dbd4a015513c5"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\.NET DATA PROVIDER FOR ORACLE\\LINKAGE", "value_name": "Export"}, {"hashes": ["23064f9a8ba30be479e5890ec13b654d539098844e9c4a16409dbd4a015513c5"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\.NET DATA PROVIDER FOR SQLSERVER\\LINKAGE", "value_name": "Export"}, {"hashes": ["23064f9a8ba30be479e5890ec13b654d539098844e9c4a16409dbd4a015513c5"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\CRYPTOGRAPHY\\AUTOENROLLMENT", "value_name": null}, {"hashes": ["cd7ba4950c05210f3ce55da9466bd531319998be31ecbdab01df806d254ca64f"], "key": "<HKCR>\\LOCAL SETTINGS\\MUICACHE\\82\\52C64B7E", "value_name": "@C:\\Windows\\system32\\DeviceCenter.dll,-2000"}, {"hashes": ["88fc092603ca33d605af12e8c9722ae65801377dc5703a1fd9041c046c0ef5db"], "key": "<HKCR>\\LOCAL SETTINGS\\MUICACHE\\82\\52C64B7E", "value_name": "@explorer.exe,-7001"}, {"hashes": ["b729dc2de3a09245553725e76a1d5da45456d6be6edf6a6c6b4ce0e922895d88"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "b729dc2de3a09245553725e76a1d5da45456d6be6edf6a6c6b4ce0e922895d88"}, {"hashes": ["b729dc2de3a09245553725e76a1d5da45456d6be6edf6a6c6b4ce0e922895d88"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "b729dc2de3a09245553725e76a1d5da45456d6be6edf6a6c6b4ce0e922895d88"}]}, "reports_count": 19}, "Win.Dropper.QuasarRAT-9983512-0": {"bis": [{"bi": "pe-encrypted-section", "hashes": ["ceeddc45a3e52e50445abfd568287edf87649fa4e94d75d3a4533a7396ae1604", "99f9e4ecd9882db1a05327c07481941e8a4ce22dfdef90c15e9d200d9c79cbdd", "e237afed733f19fb87d226904faa1f6b13a9279db2970aa9821bd7ba03a61487", "ceecc1833d5bd98f7377e20514c3574e5e7baa11462fb952be29b2d7d2be10af", "ae8220d48eb72043bdfc4fd965fce63a668cdd281553c6a93aaf574af554881a", "f707db5c91e9f1e70effecb99ae6d8101cb2343779df3b06eba56311bde64a41", "53b741a52f88d7e0f01dd4f5bcffac6882668922a45ecb1bc2e7275778afd599", "19efdda9ec1232653d64ad9f6d3d8813904ddd9995df3e697e49ae4f267622b0", "c37ff695876f126cc4f6b627a54f2a0bfd68983243b87d8e078143609c26f6a1", "6a625df2a22684ec5c95df37818afc44ca1d7aca39e8011b7c0287c369588728"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "memory-execute-readwrite", "hashes": ["ceeddc45a3e52e50445abfd568287edf87649fa4e94d75d3a4533a7396ae1604", "99f9e4ecd9882db1a05327c07481941e8a4ce22dfdef90c15e9d200d9c79cbdd", "e237afed733f19fb87d226904faa1f6b13a9279db2970aa9821bd7ba03a61487", "ceecc1833d5bd98f7377e20514c3574e5e7baa11462fb952be29b2d7d2be10af", "ae8220d48eb72043bdfc4fd965fce63a668cdd281553c6a93aaf574af554881a", "f707db5c91e9f1e70effecb99ae6d8101cb2343779df3b06eba56311bde64a41", "53b741a52f88d7e0f01dd4f5bcffac6882668922a45ecb1bc2e7275778afd599", "19efdda9ec1232653d64ad9f6d3d8813904ddd9995df3e697e49ae4f267622b0", "c37ff695876f126cc4f6b627a54f2a0bfd68983243b87d8e078143609c26f6a1", "6a625df2a22684ec5c95df37818afc44ca1d7aca39e8011b7c0287c369588728"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["ceeddc45a3e52e50445abfd568287edf87649fa4e94d75d3a4533a7396ae1604", "99f9e4ecd9882db1a05327c07481941e8a4ce22dfdef90c15e9d200d9c79cbdd", "e237afed733f19fb87d226904faa1f6b13a9279db2970aa9821bd7ba03a61487", "ceecc1833d5bd98f7377e20514c3574e5e7baa11462fb952be29b2d7d2be10af", "ae8220d48eb72043bdfc4fd965fce63a668cdd281553c6a93aaf574af554881a", "f707db5c91e9f1e70effecb99ae6d8101cb2343779df3b06eba56311bde64a41", "53b741a52f88d7e0f01dd4f5bcffac6882668922a45ecb1bc2e7275778afd599", "19efdda9ec1232653d64ad9f6d3d8813904ddd9995df3e697e49ae4f267622b0", "c37ff695876f126cc4f6b627a54f2a0bfd68983243b87d8e078143609c26f6a1", "6a625df2a22684ec5c95df37818afc44ca1d7aca39e8011b7c0287c369588728"], "mitre_attack_tags": []}, {"bi": "artifact-flagged-anomaly", "hashes": ["ceeddc45a3e52e50445abfd568287edf87649fa4e94d75d3a4533a7396ae1604", "99f9e4ecd9882db1a05327c07481941e8a4ce22dfdef90c15e9d200d9c79cbdd", "e237afed733f19fb87d226904faa1f6b13a9279db2970aa9821bd7ba03a61487", "ceecc1833d5bd98f7377e20514c3574e5e7baa11462fb952be29b2d7d2be10af", "ae8220d48eb72043bdfc4fd965fce63a668cdd281553c6a93aaf574af554881a", "f707db5c91e9f1e70effecb99ae6d8101cb2343779df3b06eba56311bde64a41", "53b741a52f88d7e0f01dd4f5bcffac6882668922a45ecb1bc2e7275778afd599", "19efdda9ec1232653d64ad9f6d3d8813904ddd9995df3e697e49ae4f267622b0", "c37ff695876f126cc4f6b627a54f2a0bfd68983243b87d8e078143609c26f6a1", "6a625df2a22684ec5c95df37818afc44ca1d7aca39e8011b7c0287c369588728"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "artifact-flagged-obfuscation", "hashes": ["ceeddc45a3e52e50445abfd568287edf87649fa4e94d75d3a4533a7396ae1604", "99f9e4ecd9882db1a05327c07481941e8a4ce22dfdef90c15e9d200d9c79cbdd", "e237afed733f19fb87d226904faa1f6b13a9279db2970aa9821bd7ba03a61487", "ceecc1833d5bd98f7377e20514c3574e5e7baa11462fb952be29b2d7d2be10af", "ae8220d48eb72043bdfc4fd965fce63a668cdd281553c6a93aaf574af554881a", "f707db5c91e9f1e70effecb99ae6d8101cb2343779df3b06eba56311bde64a41", "53b741a52f88d7e0f01dd4f5bcffac6882668922a45ecb1bc2e7275778afd599", "19efdda9ec1232653d64ad9f6d3d8813904ddd9995df3e697e49ae4f267622b0", "c37ff695876f126cc4f6b627a54f2a0bfd68983243b87d8e078143609c26f6a1", "6a625df2a22684ec5c95df37818afc44ca1d7aca39e8011b7c0287c369588728"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "network-fast-flux-domain", "hashes": ["ceeddc45a3e52e50445abfd568287edf87649fa4e94d75d3a4533a7396ae1604", "99f9e4ecd9882db1a05327c07481941e8a4ce22dfdef90c15e9d200d9c79cbdd", "e237afed733f19fb87d226904faa1f6b13a9279db2970aa9821bd7ba03a61487", "ceecc1833d5bd98f7377e20514c3574e5e7baa11462fb952be29b2d7d2be10af", "ae8220d48eb72043bdfc4fd965fce63a668cdd281553c6a93aaf574af554881a", "f707db5c91e9f1e70effecb99ae6d8101cb2343779df3b06eba56311bde64a41", "53b741a52f88d7e0f01dd4f5bcffac6882668922a45ecb1bc2e7275778afd599", "19efdda9ec1232653d64ad9f6d3d8813904ddd9995df3e697e49ae4f267622b0", "c37ff695876f126cc4f6b627a54f2a0bfd68983243b87d8e078143609c26f6a1", "6a625df2a22684ec5c95df37818afc44ca1d7aca39e8011b7c0287c369588728"], "mitre_attack_tags": []}, {"bi": "dns-query-nxdomain", "hashes": ["ceeddc45a3e52e50445abfd568287edf87649fa4e94d75d3a4533a7396ae1604", "99f9e4ecd9882db1a05327c07481941e8a4ce22dfdef90c15e9d200d9c79cbdd", "e237afed733f19fb87d226904faa1f6b13a9279db2970aa9821bd7ba03a61487", "ceecc1833d5bd98f7377e20514c3574e5e7baa11462fb952be29b2d7d2be10af", "ae8220d48eb72043bdfc4fd965fce63a668cdd281553c6a93aaf574af554881a", "f707db5c91e9f1e70effecb99ae6d8101cb2343779df3b06eba56311bde64a41", "53b741a52f88d7e0f01dd4f5bcffac6882668922a45ecb1bc2e7275778afd599", "19efdda9ec1232653d64ad9f6d3d8813904ddd9995df3e697e49ae4f267622b0", "c37ff695876f126cc4f6b627a54f2a0bfd68983243b87d8e078143609c26f6a1", "6a625df2a22684ec5c95df37818afc44ca1d7aca39e8011b7c0287c369588728"], "mitre_attack_tags": []}, {"bi": "netbios-query", "hashes": ["ceeddc45a3e52e50445abfd568287edf87649fa4e94d75d3a4533a7396ae1604", "99f9e4ecd9882db1a05327c07481941e8a4ce22dfdef90c15e9d200d9c79cbdd", "e237afed733f19fb87d226904faa1f6b13a9279db2970aa9821bd7ba03a61487", "ceecc1833d5bd98f7377e20514c3574e5e7baa11462fb952be29b2d7d2be10af", "ae8220d48eb72043bdfc4fd965fce63a668cdd281553c6a93aaf574af554881a", "f707db5c91e9f1e70effecb99ae6d8101cb2343779df3b06eba56311bde64a41", "53b741a52f88d7e0f01dd4f5bcffac6882668922a45ecb1bc2e7275778afd599", "19efdda9ec1232653d64ad9f6d3d8813904ddd9995df3e697e49ae4f267622b0", "c37ff695876f126cc4f6b627a54f2a0bfd68983243b87d8e078143609c26f6a1", "6a625df2a22684ec5c95df37818afc44ca1d7aca39e8011b7c0287c369588728"], "mitre_attack_tags": ["TA0007", "T1016"]}, {"bi": "network-only-safe-domains-contacted", "hashes": ["ceeddc45a3e52e50445abfd568287edf87649fa4e94d75d3a4533a7396ae1604", "99f9e4ecd9882db1a05327c07481941e8a4ce22dfdef90c15e9d200d9c79cbdd", "e237afed733f19fb87d226904faa1f6b13a9279db2970aa9821bd7ba03a61487", "ceecc1833d5bd98f7377e20514c3574e5e7baa11462fb952be29b2d7d2be10af", "ae8220d48eb72043bdfc4fd965fce63a668cdd281553c6a93aaf574af554881a", "f707db5c91e9f1e70effecb99ae6d8101cb2343779df3b06eba56311bde64a41", "53b741a52f88d7e0f01dd4f5bcffac6882668922a45ecb1bc2e7275778afd599", "19efdda9ec1232653d64ad9f6d3d8813904ddd9995df3e697e49ae4f267622b0", "c37ff695876f126cc4f6b627a54f2a0bfd68983243b87d8e078143609c26f6a1", "6a625df2a22684ec5c95df37818afc44ca1d7aca39e8011b7c0287c369588728"], "mitre_attack_tags": []}, {"bi": "feed-domain-antivirus-service", "hashes": ["ceeddc45a3e52e50445abfd568287edf87649fa4e94d75d3a4533a7396ae1604", "99f9e4ecd9882db1a05327c07481941e8a4ce22dfdef90c15e9d200d9c79cbdd", "e237afed733f19fb87d226904faa1f6b13a9279db2970aa9821bd7ba03a61487", "ceecc1833d5bd98f7377e20514c3574e5e7baa11462fb952be29b2d7d2be10af", "ae8220d48eb72043bdfc4fd965fce63a668cdd281553c6a93aaf574af554881a", "f707db5c91e9f1e70effecb99ae6d8101cb2343779df3b06eba56311bde64a41", "53b741a52f88d7e0f01dd4f5bcffac6882668922a45ecb1bc2e7275778afd599", "19efdda9ec1232653d64ad9f6d3d8813904ddd9995df3e697e49ae4f267622b0", "c37ff695876f126cc4f6b627a54f2a0bfd68983243b87d8e078143609c26f6a1", "6a625df2a22684ec5c95df37818afc44ca1d7aca39e8011b7c0287c369588728"], "mitre_attack_tags": []}, {"bi": "enumeration-browser-information", "hashes": ["ceeddc45a3e52e50445abfd568287edf87649fa4e94d75d3a4533a7396ae1604", "99f9e4ecd9882db1a05327c07481941e8a4ce22dfdef90c15e9d200d9c79cbdd", "e237afed733f19fb87d226904faa1f6b13a9279db2970aa9821bd7ba03a61487", "ceecc1833d5bd98f7377e20514c3574e5e7baa11462fb952be29b2d7d2be10af", "ae8220d48eb72043bdfc4fd965fce63a668cdd281553c6a93aaf574af554881a", "f707db5c91e9f1e70effecb99ae6d8101cb2343779df3b06eba56311bde64a41", "53b741a52f88d7e0f01dd4f5bcffac6882668922a45ecb1bc2e7275778afd599", "19efdda9ec1232653d64ad9f6d3d8813904ddd9995df3e697e49ae4f267622b0", "c37ff695876f126cc4f6b627a54f2a0bfd68983243b87d8e078143609c26f6a1", "6a625df2a22684ec5c95df37818afc44ca1d7aca39e8011b7c0287c369588728"], "mitre_attack_tags": ["TA0007", "TA0009", "TA0006", "T1083", "T1217", "T1005", "T1119", "T1552", "T1539", "T1555"]}, {"bi": "pe-uses-dot-net", "hashes": ["ceeddc45a3e52e50445abfd568287edf87649fa4e94d75d3a4533a7396ae1604", "99f9e4ecd9882db1a05327c07481941e8a4ce22dfdef90c15e9d200d9c79cbdd", "e237afed733f19fb87d226904faa1f6b13a9279db2970aa9821bd7ba03a61487", "ceecc1833d5bd98f7377e20514c3574e5e7baa11462fb952be29b2d7d2be10af", "ae8220d48eb72043bdfc4fd965fce63a668cdd281553c6a93aaf574af554881a", "f707db5c91e9f1e70effecb99ae6d8101cb2343779df3b06eba56311bde64a41", "53b741a52f88d7e0f01dd4f5bcffac6882668922a45ecb1bc2e7275778afd599", "19efdda9ec1232653d64ad9f6d3d8813904ddd9995df3e697e49ae4f267622b0", "c37ff695876f126cc4f6b627a54f2a0bfd68983243b87d8e078143609c26f6a1", "6a625df2a22684ec5c95df37818afc44ca1d7aca39e8011b7c0287c369588728"], "mitre_attack_tags": []}, {"bi": "hosts-file-modification", "hashes": ["ceeddc45a3e52e50445abfd568287edf87649fa4e94d75d3a4533a7396ae1604", "99f9e4ecd9882db1a05327c07481941e8a4ce22dfdef90c15e9d200d9c79cbdd", "e237afed733f19fb87d226904faa1f6b13a9279db2970aa9821bd7ba03a61487", "ceecc1833d5bd98f7377e20514c3574e5e7baa11462fb952be29b2d7d2be10af", "ae8220d48eb72043bdfc4fd965fce63a668cdd281553c6a93aaf574af554881a", "f707db5c91e9f1e70effecb99ae6d8101cb2343779df3b06eba56311bde64a41", "53b741a52f88d7e0f01dd4f5bcffac6882668922a45ecb1bc2e7275778afd599", "19efdda9ec1232653d64ad9f6d3d8813904ddd9995df3e697e49ae4f267622b0", "c37ff695876f126cc4f6b627a54f2a0bfd68983243b87d8e078143609c26f6a1", "6a625df2a22684ec5c95df37818afc44ca1d7aca39e8011b7c0287c369588728"], "mitre_attack_tags": ["TA0011", "TA0005"]}, {"bi": "feed-domain-modified-host-file", "hashes": ["ceeddc45a3e52e50445abfd568287edf87649fa4e94d75d3a4533a7396ae1604", "99f9e4ecd9882db1a05327c07481941e8a4ce22dfdef90c15e9d200d9c79cbdd", "e237afed733f19fb87d226904faa1f6b13a9279db2970aa9821bd7ba03a61487", "ceecc1833d5bd98f7377e20514c3574e5e7baa11462fb952be29b2d7d2be10af", "ae8220d48eb72043bdfc4fd965fce63a668cdd281553c6a93aaf574af554881a", "f707db5c91e9f1e70effecb99ae6d8101cb2343779df3b06eba56311bde64a41", "53b741a52f88d7e0f01dd4f5bcffac6882668922a45ecb1bc2e7275778afd599", "19efdda9ec1232653d64ad9f6d3d8813904ddd9995df3e697e49ae4f267622b0", "c37ff695876f126cc4f6b627a54f2a0bfd68983243b87d8e078143609c26f6a1", "6a625df2a22684ec5c95df37818afc44ca1d7aca39e8011b7c0287c369588728"], "mitre_attack_tags": []}, {"bi": "js-contains-massive-strings", "hashes": ["ceeddc45a3e52e50445abfd568287edf87649fa4e94d75d3a4533a7396ae1604", "99f9e4ecd9882db1a05327c07481941e8a4ce22dfdef90c15e9d200d9c79cbdd", "e237afed733f19fb87d226904faa1f6b13a9279db2970aa9821bd7ba03a61487", "ceecc1833d5bd98f7377e20514c3574e5e7baa11462fb952be29b2d7d2be10af", "ae8220d48eb72043bdfc4fd965fce63a668cdd281553c6a93aaf574af554881a", "f707db5c91e9f1e70effecb99ae6d8101cb2343779df3b06eba56311bde64a41", "53b741a52f88d7e0f01dd4f5bcffac6882668922a45ecb1bc2e7275778afd599", "19efdda9ec1232653d64ad9f6d3d8813904ddd9995df3e697e49ae4f267622b0", "c37ff695876f126cc4f6b627a54f2a0bfd68983243b87d8e078143609c26f6a1", "6a625df2a22684ec5c95df37818afc44ca1d7aca39e8011b7c0287c369588728"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "html-iframe-no-space", "hashes": ["ceeddc45a3e52e50445abfd568287edf87649fa4e94d75d3a4533a7396ae1604", "e237afed733f19fb87d226904faa1f6b13a9279db2970aa9821bd7ba03a61487", "ae8220d48eb72043bdfc4fd965fce63a668cdd281553c6a93aaf574af554881a", "f707db5c91e9f1e70effecb99ae6d8101cb2343779df3b06eba56311bde64a41", "53b741a52f88d7e0f01dd4f5bcffac6882668922a45ecb1bc2e7275778afd599", "c37ff695876f126cc4f6b627a54f2a0bfd68983243b87d8e078143609c26f6a1"], "mitre_attack_tags": ["TA0011", "T1071"]}, {"bi": "modified-file-in-user-dir", "hashes": ["99f9e4ecd9882db1a05327c07481941e8a4ce22dfdef90c15e9d200d9c79cbdd", "ceecc1833d5bd98f7377e20514c3574e5e7baa11462fb952be29b2d7d2be10af", "f707db5c91e9f1e70effecb99ae6d8101cb2343779df3b06eba56311bde64a41", "19efdda9ec1232653d64ad9f6d3d8813904ddd9995df3e697e49ae4f267622b0", "6a625df2a22684ec5c95df37818afc44ca1d7aca39e8011b7c0287c369588728"], "mitre_attack_tags": []}, {"bi": "script-contains-url", "hashes": ["99f9e4ecd9882db1a05327c07481941e8a4ce22dfdef90c15e9d200d9c79cbdd", "ceecc1833d5bd98f7377e20514c3574e5e7baa11462fb952be29b2d7d2be10af", "f707db5c91e9f1e70effecb99ae6d8101cb2343779df3b06eba56311bde64a41", "19efdda9ec1232653d64ad9f6d3d8813904ddd9995df3e697e49ae4f267622b0", "6a625df2a22684ec5c95df37818afc44ca1d7aca39e8011b7c0287c369588728"], "mitre_attack_tags": []}, {"bi": "js-uses-fromcharcode", "hashes": ["99f9e4ecd9882db1a05327c07481941e8a4ce22dfdef90c15e9d200d9c79cbdd", "ceecc1833d5bd98f7377e20514c3574e5e7baa11462fb952be29b2d7d2be10af", "f707db5c91e9f1e70effecb99ae6d8101cb2343779df3b06eba56311bde64a41", "19efdda9ec1232653d64ad9f6d3d8813904ddd9995df3e697e49ae4f267622b0", "6a625df2a22684ec5c95df37818afc44ca1d7aca39e8011b7c0287c369588728"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "html-excessive-javascript-function-declaration", "hashes": ["99f9e4ecd9882db1a05327c07481941e8a4ce22dfdef90c15e9d200d9c79cbdd", "ceecc1833d5bd98f7377e20514c3574e5e7baa11462fb952be29b2d7d2be10af", "f707db5c91e9f1e70effecb99ae6d8101cb2343779df3b06eba56311bde64a41", "19efdda9ec1232653d64ad9f6d3d8813904ddd9995df3e697e49ae4f267622b0", "6a625df2a22684ec5c95df37818afc44ca1d7aca39e8011b7c0287c369588728"], "mitre_attack_tags": ["TA0001", "T1566"]}, {"bi": "html-login-php", "hashes": ["99f9e4ecd9882db1a05327c07481941e8a4ce22dfdef90c15e9d200d9c79cbdd", "ceecc1833d5bd98f7377e20514c3574e5e7baa11462fb952be29b2d7d2be10af", "f707db5c91e9f1e70effecb99ae6d8101cb2343779df3b06eba56311bde64a41", "19efdda9ec1232653d64ad9f6d3d8813904ddd9995df3e697e49ae4f267622b0", "6a625df2a22684ec5c95df37818afc44ca1d7aca39e8011b7c0287c369588728"], "mitre_attack_tags": ["TA0009", "TA0006", "T1056"]}, {"bi": "js-tostring-method-detected", "hashes": ["99f9e4ecd9882db1a05327c07481941e8a4ce22dfdef90c15e9d200d9c79cbdd", "ceecc1833d5bd98f7377e20514c3574e5e7baa11462fb952be29b2d7d2be10af", "f707db5c91e9f1e70effecb99ae6d8101cb2343779df3b06eba56311bde64a41", "19efdda9ec1232653d64ad9f6d3d8813904ddd9995df3e697e49ae4f267622b0", "6a625df2a22684ec5c95df37818afc44ca1d7aca39e8011b7c0287c369588728"], "mitre_attack_tags": []}, {"bi": "html-page-not-found", "hashes": ["99f9e4ecd9882db1a05327c07481941e8a4ce22dfdef90c15e9d200d9c79cbdd", "ceecc1833d5bd98f7377e20514c3574e5e7baa11462fb952be29b2d7d2be10af", "f707db5c91e9f1e70effecb99ae6d8101cb2343779df3b06eba56311bde64a41", "19efdda9ec1232653d64ad9f6d3d8813904ddd9995df3e697e49ae4f267622b0", "6a625df2a22684ec5c95df37818afc44ca1d7aca39e8011b7c0287c369588728"], "mitre_attack_tags": []}, {"bi": "js-uses-encrypt-decrypt", "hashes": ["99f9e4ecd9882db1a05327c07481941e8a4ce22dfdef90c15e9d200d9c79cbdd", "f707db5c91e9f1e70effecb99ae6d8101cb2343779df3b06eba56311bde64a41", "19efdda9ec1232653d64ad9f6d3d8813904ddd9995df3e697e49ae4f267622b0", "6a625df2a22684ec5c95df37818afc44ca1d7aca39e8011b7c0287c369588728"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "network-snort-server", "hashes": ["99f9e4ecd9882db1a05327c07481941e8a4ce22dfdef90c15e9d200d9c79cbdd", "53b741a52f88d7e0f01dd4f5bcffac6882668922a45ecb1bc2e7275778afd599"], "mitre_attack_tags": []}], "category": "Dropper", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": true, "Threat Grid": true, "Umbrella": false, "WSA": false}, "description": "QuasarRAT is a .NET remote access trojan. It is an open source RAT providing threat actors a plethora of functionalities, including the standard features such as remote shell, file management, arbitrary command execution and credential stealing.", "hashes": ["19efdda9ec1232653d64ad9f6d3d8813904ddd9995df3e697e49ae4f267622b0", "53b741a52f88d7e0f01dd4f5bcffac6882668922a45ecb1bc2e7275778afd599", "6a625df2a22684ec5c95df37818afc44ca1d7aca39e8011b7c0287c369588728", "99f9e4ecd9882db1a05327c07481941e8a4ce22dfdef90c15e9d200d9c79cbdd", "ae8220d48eb72043bdfc4fd965fce63a668cdd281553c6a93aaf574af554881a", "c37ff695876f126cc4f6b627a54f2a0bfd68983243b87d8e078143609c26f6a1", "ceecc1833d5bd98f7377e20514c3574e5e7baa11462fb952be29b2d7d2be10af", "ceeddc45a3e52e50445abfd568287edf87649fa4e94d75d3a4533a7396ae1604", "e237afed733f19fb87d226904faa1f6b13a9279db2970aa9821bd7ba03a61487", "f707db5c91e9f1e70effecb99ae6d8101cb2343779df3b06eba56311bde64a41"], "iocs": {"domain": [{"hashes": ["19efdda9ec1232653d64ad9f6d3d8813904ddd9995df3e697e49ae4f267622b0", "53b741a52f88d7e0f01dd4f5bcffac6882668922a45ecb1bc2e7275778afd599", "6a625df2a22684ec5c95df37818afc44ca1d7aca39e8011b7c0287c369588728", "99f9e4ecd9882db1a05327c07481941e8a4ce22dfdef90c15e9d200d9c79cbdd", "ae8220d48eb72043bdfc4fd965fce63a668cdd281553c6a93aaf574af554881a", "c37ff695876f126cc4f6b627a54f2a0bfd68983243b87d8e078143609c26f6a1", "ceecc1833d5bd98f7377e20514c3574e5e7baa11462fb952be29b2d7d2be10af", "ceeddc45a3e52e50445abfd568287edf87649fa4e94d75d3a4533a7396ae1604", "e237afed733f19fb87d226904faa1f6b13a9279db2970aa9821bd7ba03a61487", "f707db5c91e9f1e70effecb99ae6d8101cb2343779df3b06eba56311bde64a41"], "host": "www[.]bing[.]com"}, {"hashes": ["19efdda9ec1232653d64ad9f6d3d8813904ddd9995df3e697e49ae4f267622b0", "53b741a52f88d7e0f01dd4f5bcffac6882668922a45ecb1bc2e7275778afd599", "6a625df2a22684ec5c95df37818afc44ca1d7aca39e8011b7c0287c369588728", "99f9e4ecd9882db1a05327c07481941e8a4ce22dfdef90c15e9d200d9c79cbdd", "ae8220d48eb72043bdfc4fd965fce63a668cdd281553c6a93aaf574af554881a", "c37ff695876f126cc4f6b627a54f2a0bfd68983243b87d8e078143609c26f6a1", "ceecc1833d5bd98f7377e20514c3574e5e7baa11462fb952be29b2d7d2be10af", "ceeddc45a3e52e50445abfd568287edf87649fa4e94d75d3a4533a7396ae1604", "e237afed733f19fb87d226904faa1f6b13a9279db2970aa9821bd7ba03a61487", "f707db5c91e9f1e70effecb99ae6d8101cb2343779df3b06eba56311bde64a41"], "host": "www[.]instagram[.]com"}, {"hashes": ["19efdda9ec1232653d64ad9f6d3d8813904ddd9995df3e697e49ae4f267622b0", "53b741a52f88d7e0f01dd4f5bcffac6882668922a45ecb1bc2e7275778afd599", "6a625df2a22684ec5c95df37818afc44ca1d7aca39e8011b7c0287c369588728", "99f9e4ecd9882db1a05327c07481941e8a4ce22dfdef90c15e9d200d9c79cbdd", "ae8220d48eb72043bdfc4fd965fce63a668cdd281553c6a93aaf574af554881a", "c37ff695876f126cc4f6b627a54f2a0bfd68983243b87d8e078143609c26f6a1", "ceecc1833d5bd98f7377e20514c3574e5e7baa11462fb952be29b2d7d2be10af", "ceeddc45a3e52e50445abfd568287edf87649fa4e94d75d3a4533a7396ae1604", "e237afed733f19fb87d226904faa1f6b13a9279db2970aa9821bd7ba03a61487", "f707db5c91e9f1e70effecb99ae6d8101cb2343779df3b06eba56311bde64a41"], "host": "www[.]youtube[.]com"}, {"hashes": ["19efdda9ec1232653d64ad9f6d3d8813904ddd9995df3e697e49ae4f267622b0", "53b741a52f88d7e0f01dd4f5bcffac6882668922a45ecb1bc2e7275778afd599", "6a625df2a22684ec5c95df37818afc44ca1d7aca39e8011b7c0287c369588728", "99f9e4ecd9882db1a05327c07481941e8a4ce22dfdef90c15e9d200d9c79cbdd", "ae8220d48eb72043bdfc4fd965fce63a668cdd281553c6a93aaf574af554881a", "c37ff695876f126cc4f6b627a54f2a0bfd68983243b87d8e078143609c26f6a1", "ceecc1833d5bd98f7377e20514c3574e5e7baa11462fb952be29b2d7d2be10af", "ceeddc45a3e52e50445abfd568287edf87649fa4e94d75d3a4533a7396ae1604", "e237afed733f19fb87d226904faa1f6b13a9279db2970aa9821bd7ba03a61487", "f707db5c91e9f1e70effecb99ae6d8101cb2343779df3b06eba56311bde64a41"], "host": "www[.]facebook[.]com"}, {"hashes": ["19efdda9ec1232653d64ad9f6d3d8813904ddd9995df3e697e49ae4f267622b0", "53b741a52f88d7e0f01dd4f5bcffac6882668922a45ecb1bc2e7275778afd599", "6a625df2a22684ec5c95df37818afc44ca1d7aca39e8011b7c0287c369588728", "99f9e4ecd9882db1a05327c07481941e8a4ce22dfdef90c15e9d200d9c79cbdd", "ae8220d48eb72043bdfc4fd965fce63a668cdd281553c6a93aaf574af554881a", "c37ff695876f126cc4f6b627a54f2a0bfd68983243b87d8e078143609c26f6a1", "ceecc1833d5bd98f7377e20514c3574e5e7baa11462fb952be29b2d7d2be10af", "ceeddc45a3e52e50445abfd568287edf87649fa4e94d75d3a4533a7396ae1604", "e237afed733f19fb87d226904faa1f6b13a9279db2970aa9821bd7ba03a61487", "f707db5c91e9f1e70effecb99ae6d8101cb2343779df3b06eba56311bde64a41"], "host": "m[.]facebook[.]com"}, {"hashes": ["19efdda9ec1232653d64ad9f6d3d8813904ddd9995df3e697e49ae4f267622b0", "53b741a52f88d7e0f01dd4f5bcffac6882668922a45ecb1bc2e7275778afd599", "6a625df2a22684ec5c95df37818afc44ca1d7aca39e8011b7c0287c369588728", "99f9e4ecd9882db1a05327c07481941e8a4ce22dfdef90c15e9d200d9c79cbdd", "ae8220d48eb72043bdfc4fd965fce63a668cdd281553c6a93aaf574af554881a", "c37ff695876f126cc4f6b627a54f2a0bfd68983243b87d8e078143609c26f6a1", "ceecc1833d5bd98f7377e20514c3574e5e7baa11462fb952be29b2d7d2be10af", "ceeddc45a3e52e50445abfd568287edf87649fa4e94d75d3a4533a7396ae1604", "e237afed733f19fb87d226904faa1f6b13a9279db2970aa9821bd7ba03a61487", "f707db5c91e9f1e70effecb99ae6d8101cb2343779df3b06eba56311bde64a41"], "host": "r20swj13mr[.]microsoft[.]com"}, {"hashes": ["19efdda9ec1232653d64ad9f6d3d8813904ddd9995df3e697e49ae4f267622b0", "53b741a52f88d7e0f01dd4f5bcffac6882668922a45ecb1bc2e7275778afd599", "6a625df2a22684ec5c95df37818afc44ca1d7aca39e8011b7c0287c369588728", "99f9e4ecd9882db1a05327c07481941e8a4ce22dfdef90c15e9d200d9c79cbdd", "ae8220d48eb72043bdfc4fd965fce63a668cdd281553c6a93aaf574af554881a", "c37ff695876f126cc4f6b627a54f2a0bfd68983243b87d8e078143609c26f6a1", "ceecc1833d5bd98f7377e20514c3574e5e7baa11462fb952be29b2d7d2be10af", "ceeddc45a3e52e50445abfd568287edf87649fa4e94d75d3a4533a7396ae1604", "e237afed733f19fb87d226904faa1f6b13a9279db2970aa9821bd7ba03a61487", "f707db5c91e9f1e70effecb99ae6d8101cb2343779df3b06eba56311bde64a41"], "host": "www[.]eklinkk[.]net"}, {"hashes": ["19efdda9ec1232653d64ad9f6d3d8813904ddd9995df3e697e49ae4f267622b0", "53b741a52f88d7e0f01dd4f5bcffac6882668922a45ecb1bc2e7275778afd599", "6a625df2a22684ec5c95df37818afc44ca1d7aca39e8011b7c0287c369588728", "99f9e4ecd9882db1a05327c07481941e8a4ce22dfdef90c15e9d200d9c79cbdd", "ae8220d48eb72043bdfc4fd965fce63a668cdd281553c6a93aaf574af554881a", "c37ff695876f126cc4f6b627a54f2a0bfd68983243b87d8e078143609c26f6a1", "ceecc1833d5bd98f7377e20514c3574e5e7baa11462fb952be29b2d7d2be10af", "ceeddc45a3e52e50445abfd568287edf87649fa4e94d75d3a4533a7396ae1604", "e237afed733f19fb87d226904faa1f6b13a9279db2970aa9821bd7ba03a61487", "f707db5c91e9f1e70effecb99ae6d8101cb2343779df3b06eba56311bde64a41"], "host": "www[.]eneskeles[.]net"}, {"hashes": ["53b741a52f88d7e0f01dd4f5bcffac6882668922a45ecb1bc2e7275778afd599", "6a625df2a22684ec5c95df37818afc44ca1d7aca39e8011b7c0287c369588728", "ae8220d48eb72043bdfc4fd965fce63a668cdd281553c6a93aaf574af554881a", "c37ff695876f126cc4f6b627a54f2a0bfd68983243b87d8e078143609c26f6a1", "ceeddc45a3e52e50445abfd568287edf87649fa4e94d75d3a4533a7396ae1604", "e237afed733f19fb87d226904faa1f6b13a9279db2970aa9821bd7ba03a61487", "f707db5c91e9f1e70effecb99ae6d8101cb2343779df3b06eba56311bde64a41"], "host": "fonts[.]googleapis[.]com"}, {"hashes": ["19efdda9ec1232653d64ad9f6d3d8813904ddd9995df3e697e49ae4f267622b0", "53b741a52f88d7e0f01dd4f5bcffac6882668922a45ecb1bc2e7275778afd599", "6a625df2a22684ec5c95df37818afc44ca1d7aca39e8011b7c0287c369588728", "99f9e4ecd9882db1a05327c07481941e8a4ce22dfdef90c15e9d200d9c79cbdd", "ae8220d48eb72043bdfc4fd965fce63a668cdd281553c6a93aaf574af554881a", "ceecc1833d5bd98f7377e20514c3574e5e7baa11462fb952be29b2d7d2be10af", "f707db5c91e9f1e70effecb99ae6d8101cb2343779df3b06eba56311bde64a41"], "host": "static[.]cdninstagram[.]com"}, {"hashes": ["53b741a52f88d7e0f01dd4f5bcffac6882668922a45ecb1bc2e7275778afd599", "ae8220d48eb72043bdfc4fd965fce63a668cdd281553c6a93aaf574af554881a", "c37ff695876f126cc4f6b627a54f2a0bfd68983243b87d8e078143609c26f6a1", "ceeddc45a3e52e50445abfd568287edf87649fa4e94d75d3a4533a7396ae1604", "e237afed733f19fb87d226904faa1f6b13a9279db2970aa9821bd7ba03a61487", "f707db5c91e9f1e70effecb99ae6d8101cb2343779df3b06eba56311bde64a41"], "host": "i[.]ytimg[.]com"}, {"hashes": ["53b741a52f88d7e0f01dd4f5bcffac6882668922a45ecb1bc2e7275778afd599", "ae8220d48eb72043bdfc4fd965fce63a668cdd281553c6a93aaf574af554881a", "c37ff695876f126cc4f6b627a54f2a0bfd68983243b87d8e078143609c26f6a1", "ceeddc45a3e52e50445abfd568287edf87649fa4e94d75d3a4533a7396ae1604", "e237afed733f19fb87d226904faa1f6b13a9279db2970aa9821bd7ba03a61487"], "host": "accounts[.]google[.]com"}, {"hashes": ["53b741a52f88d7e0f01dd4f5bcffac6882668922a45ecb1bc2e7275778afd599", "ae8220d48eb72043bdfc4fd965fce63a668cdd281553c6a93aaf574af554881a", "c37ff695876f126cc4f6b627a54f2a0bfd68983243b87d8e078143609c26f6a1", "ceeddc45a3e52e50445abfd568287edf87649fa4e94d75d3a4533a7396ae1604", "e237afed733f19fb87d226904faa1f6b13a9279db2970aa9821bd7ba03a61487"], "host": "fonts[.]gstatic[.]com"}], "file": [{"hashes": ["19efdda9ec1232653d64ad9f6d3d8813904ddd9995df3e697e49ae4f267622b0", "53b741a52f88d7e0f01dd4f5bcffac6882668922a45ecb1bc2e7275778afd599", "6a625df2a22684ec5c95df37818afc44ca1d7aca39e8011b7c0287c369588728", "99f9e4ecd9882db1a05327c07481941e8a4ce22dfdef90c15e9d200d9c79cbdd", "ae8220d48eb72043bdfc4fd965fce63a668cdd281553c6a93aaf574af554881a", "c37ff695876f126cc4f6b627a54f2a0bfd68983243b87d8e078143609c26f6a1", "ceecc1833d5bd98f7377e20514c3574e5e7baa11462fb952be29b2d7d2be10af", "ceeddc45a3e52e50445abfd568287edf87649fa4e94d75d3a4533a7396ae1604", "e237afed733f19fb87d226904faa1f6b13a9279db2970aa9821bd7ba03a61487", "f707db5c91e9f1e70effecb99ae6d8101cb2343779df3b06eba56311bde64a41"], "path": "%System32%\\drivers\\etc\\hosts"}], "ip": [{"hashes": ["19efdda9ec1232653d64ad9f6d3d8813904ddd9995df3e697e49ae4f267622b0", "53b741a52f88d7e0f01dd4f5bcffac6882668922a45ecb1bc2e7275778afd599", "6a625df2a22684ec5c95df37818afc44ca1d7aca39e8011b7c0287c369588728", "99f9e4ecd9882db1a05327c07481941e8a4ce22dfdef90c15e9d200d9c79cbdd", "ae8220d48eb72043bdfc4fd965fce63a668cdd281553c6a93aaf574af554881a", "c37ff695876f126cc4f6b627a54f2a0bfd68983243b87d8e078143609c26f6a1", "ceecc1833d5bd98f7377e20514c3574e5e7baa11462fb952be29b2d7d2be10af", "ceeddc45a3e52e50445abfd568287edf87649fa4e94d75d3a4533a7396ae1604", "e237afed733f19fb87d226904faa1f6b13a9279db2970aa9821bd7ba03a61487", "f707db5c91e9f1e70effecb99ae6d8101cb2343779df3b06eba56311bde64a41"], "ip": "31[.]13[.]65[.]36"}, {"hashes": ["19efdda9ec1232653d64ad9f6d3d8813904ddd9995df3e697e49ae4f267622b0", "53b741a52f88d7e0f01dd4f5bcffac6882668922a45ecb1bc2e7275778afd599", "6a625df2a22684ec5c95df37818afc44ca1d7aca39e8011b7c0287c369588728", "99f9e4ecd9882db1a05327c07481941e8a4ce22dfdef90c15e9d200d9c79cbdd", "ae8220d48eb72043bdfc4fd965fce63a668cdd281553c6a93aaf574af554881a", "c37ff695876f126cc4f6b627a54f2a0bfd68983243b87d8e078143609c26f6a1", "ceecc1833d5bd98f7377e20514c3574e5e7baa11462fb952be29b2d7d2be10af", "ceeddc45a3e52e50445abfd568287edf87649fa4e94d75d3a4533a7396ae1604", "e237afed733f19fb87d226904faa1f6b13a9279db2970aa9821bd7ba03a61487", "f707db5c91e9f1e70effecb99ae6d8101cb2343779df3b06eba56311bde64a41"], "ip": "31[.]13[.]65[.]174"}, {"hashes": ["19efdda9ec1232653d64ad9f6d3d8813904ddd9995df3e697e49ae4f267622b0", "53b741a52f88d7e0f01dd4f5bcffac6882668922a45ecb1bc2e7275778afd599", "6a625df2a22684ec5c95df37818afc44ca1d7aca39e8011b7c0287c369588728", "99f9e4ecd9882db1a05327c07481941e8a4ce22dfdef90c15e9d200d9c79cbdd", "ae8220d48eb72043bdfc4fd965fce63a668cdd281553c6a93aaf574af554881a", "c37ff695876f126cc4f6b627a54f2a0bfd68983243b87d8e078143609c26f6a1", "ceecc1833d5bd98f7377e20514c3574e5e7baa11462fb952be29b2d7d2be10af", "e237afed733f19fb87d226904faa1f6b13a9279db2970aa9821bd7ba03a61487"], "ip": "13[.]107[.]21[.]200"}, {"hashes": ["19efdda9ec1232653d64ad9f6d3d8813904ddd9995df3e697e49ae4f267622b0", "53b741a52f88d7e0f01dd4f5bcffac6882668922a45ecb1bc2e7275778afd599", "6a625df2a22684ec5c95df37818afc44ca1d7aca39e8011b7c0287c369588728", "99f9e4ecd9882db1a05327c07481941e8a4ce22dfdef90c15e9d200d9c79cbdd", "ae8220d48eb72043bdfc4fd965fce63a668cdd281553c6a93aaf574af554881a", "ceecc1833d5bd98f7377e20514c3574e5e7baa11462fb952be29b2d7d2be10af", "f707db5c91e9f1e70effecb99ae6d8101cb2343779df3b06eba56311bde64a41"], "ip": "157[.]240[.]241[.]63"}, {"hashes": ["53b741a52f88d7e0f01dd4f5bcffac6882668922a45ecb1bc2e7275778afd599", "6a625df2a22684ec5c95df37818afc44ca1d7aca39e8011b7c0287c369588728", "ae8220d48eb72043bdfc4fd965fce63a668cdd281553c6a93aaf574af554881a", "ceeddc45a3e52e50445abfd568287edf87649fa4e94d75d3a4533a7396ae1604", "e237afed733f19fb87d226904faa1f6b13a9279db2970aa9821bd7ba03a61487", "f707db5c91e9f1e70effecb99ae6d8101cb2343779df3b06eba56311bde64a41"], "ip": "142[.]250[.]65[.]202"}, {"hashes": ["53b741a52f88d7e0f01dd4f5bcffac6882668922a45ecb1bc2e7275778afd599", "ae8220d48eb72043bdfc4fd965fce63a668cdd281553c6a93aaf574af554881a", "c37ff695876f126cc4f6b627a54f2a0bfd68983243b87d8e078143609c26f6a1", "ceeddc45a3e52e50445abfd568287edf87649fa4e94d75d3a4533a7396ae1604", "e237afed733f19fb87d226904faa1f6b13a9279db2970aa9821bd7ba03a61487"], "ip": "142[.]250[.]80[.]99"}, {"hashes": ["53b741a52f88d7e0f01dd4f5bcffac6882668922a45ecb1bc2e7275778afd599", "ae8220d48eb72043bdfc4fd965fce63a668cdd281553c6a93aaf574af554881a", "c37ff695876f126cc4f6b627a54f2a0bfd68983243b87d8e078143609c26f6a1", "ceeddc45a3e52e50445abfd568287edf87649fa4e94d75d3a4533a7396ae1604", "e237afed733f19fb87d226904faa1f6b13a9279db2970aa9821bd7ba03a61487"], "ip": "142[.]251[.]40[.]205"}, {"hashes": ["99f9e4ecd9882db1a05327c07481941e8a4ce22dfdef90c15e9d200d9c79cbdd", "f707db5c91e9f1e70effecb99ae6d8101cb2343779df3b06eba56311bde64a41"], "ip": "142[.]250[.]176[.]206"}, {"hashes": ["ae8220d48eb72043bdfc4fd965fce63a668cdd281553c6a93aaf574af554881a", "e237afed733f19fb87d226904faa1f6b13a9279db2970aa9821bd7ba03a61487"], "ip": "172[.]217[.]165[.]150"}, {"hashes": ["19efdda9ec1232653d64ad9f6d3d8813904ddd9995df3e697e49ae4f267622b0"], "ip": "142[.]250[.]64[.]78"}, {"hashes": ["e237afed733f19fb87d226904faa1f6b13a9279db2970aa9821bd7ba03a61487"], "ip": "142[.]250[.]80[.]14"}, {"hashes": ["ceeddc45a3e52e50445abfd568287edf87649fa4e94d75d3a4533a7396ae1604"], "ip": "142[.]250[.]81[.]238"}, {"hashes": ["ae8220d48eb72043bdfc4fd965fce63a668cdd281553c6a93aaf574af554881a"], "ip": "142[.]251[.]32[.]110"}, {"hashes": ["6a625df2a22684ec5c95df37818afc44ca1d7aca39e8011b7c0287c369588728"], "ip": "142[.]250[.]65[.]238"}, {"hashes": ["c37ff695876f126cc4f6b627a54f2a0bfd68983243b87d8e078143609c26f6a1"], "ip": "142[.]250[.]65[.]234"}, {"hashes": ["53b741a52f88d7e0f01dd4f5bcffac6882668922a45ecb1bc2e7275778afd599"], "ip": "142[.]251[.]35[.]174"}, {"hashes": ["c37ff695876f126cc4f6b627a54f2a0bfd68983243b87d8e078143609c26f6a1"], "ip": "142[.]251[.]40[.]142"}, {"hashes": ["ceecc1833d5bd98f7377e20514c3574e5e7baa11462fb952be29b2d7d2be10af"], "ip": "142[.]251[.]40[.]110"}, {"hashes": ["c37ff695876f126cc4f6b627a54f2a0bfd68983243b87d8e078143609c26f6a1"], "ip": "142[.]251[.]40[.]214"}, {"hashes": ["53b741a52f88d7e0f01dd4f5bcffac6882668922a45ecb1bc2e7275778afd599"], "ip": "142[.]250[.]65[.]246"}, {"hashes": ["ceeddc45a3e52e50445abfd568287edf87649fa4e94d75d3a4533a7396ae1604"], "ip": "142[.]250[.]65[.]182"}], "mutex": [], "registry": [{"hashes": ["19efdda9ec1232653d64ad9f6d3d8813904ddd9995df3e697e49ae4f267622b0", "53b741a52f88d7e0f01dd4f5bcffac6882668922a45ecb1bc2e7275778afd599", "6a625df2a22684ec5c95df37818afc44ca1d7aca39e8011b7c0287c369588728", "99f9e4ecd9882db1a05327c07481941e8a4ce22dfdef90c15e9d200d9c79cbdd", "ae8220d48eb72043bdfc4fd965fce63a668cdd281553c6a93aaf574af554881a", "c37ff695876f126cc4f6b627a54f2a0bfd68983243b87d8e078143609c26f6a1", "ceecc1833d5bd98f7377e20514c3574e5e7baa11462fb952be29b2d7d2be10af", "ceeddc45a3e52e50445abfd568287edf87649fa4e94d75d3a4533a7396ae1604", "e237afed733f19fb87d226904faa1f6b13a9279db2970aa9821bd7ba03a61487", "f707db5c91e9f1e70effecb99ae6d8101cb2343779df3b06eba56311bde64a41"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\INTERNET EXPLORER\\SEARCHSCOPES\\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}", "value_name": "FaviconPath"}, {"hashes": ["19efdda9ec1232653d64ad9f6d3d8813904ddd9995df3e697e49ae4f267622b0", "53b741a52f88d7e0f01dd4f5bcffac6882668922a45ecb1bc2e7275778afd599", "6a625df2a22684ec5c95df37818afc44ca1d7aca39e8011b7c0287c369588728", "99f9e4ecd9882db1a05327c07481941e8a4ce22dfdef90c15e9d200d9c79cbdd", "ae8220d48eb72043bdfc4fd965fce63a668cdd281553c6a93aaf574af554881a", "c37ff695876f126cc4f6b627a54f2a0bfd68983243b87d8e078143609c26f6a1", "ceecc1833d5bd98f7377e20514c3574e5e7baa11462fb952be29b2d7d2be10af", "ceeddc45a3e52e50445abfd568287edf87649fa4e94d75d3a4533a7396ae1604", "e237afed733f19fb87d226904faa1f6b13a9279db2970aa9821bd7ba03a61487", "f707db5c91e9f1e70effecb99ae6d8101cb2343779df3b06eba56311bde64a41"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\INTERNET EXPLORER\\SEARCHSCOPES\\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}", "value_name": "Deleted"}, {"hashes": ["19efdda9ec1232653d64ad9f6d3d8813904ddd9995df3e697e49ae4f267622b0", "53b741a52f88d7e0f01dd4f5bcffac6882668922a45ecb1bc2e7275778afd599", "6a625df2a22684ec5c95df37818afc44ca1d7aca39e8011b7c0287c369588728", "99f9e4ecd9882db1a05327c07481941e8a4ce22dfdef90c15e9d200d9c79cbdd", "ae8220d48eb72043bdfc4fd965fce63a668cdd281553c6a93aaf574af554881a", "c37ff695876f126cc4f6b627a54f2a0bfd68983243b87d8e078143609c26f6a1", "ceecc1833d5bd98f7377e20514c3574e5e7baa11462fb952be29b2d7d2be10af", "ceeddc45a3e52e50445abfd568287edf87649fa4e94d75d3a4533a7396ae1604", "e237afed733f19fb87d226904faa1f6b13a9279db2970aa9821bd7ba03a61487", "f707db5c91e9f1e70effecb99ae6d8101cb2343779df3b06eba56311bde64a41"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\INTERNET EXPLORER\\SEARCHSCOPES", "value_name": "DefaultScope"}, {"hashes": ["19efdda9ec1232653d64ad9f6d3d8813904ddd9995df3e697e49ae4f267622b0", "53b741a52f88d7e0f01dd4f5bcffac6882668922a45ecb1bc2e7275778afd599", "6a625df2a22684ec5c95df37818afc44ca1d7aca39e8011b7c0287c369588728", "99f9e4ecd9882db1a05327c07481941e8a4ce22dfdef90c15e9d200d9c79cbdd", "ae8220d48eb72043bdfc4fd965fce63a668cdd281553c6a93aaf574af554881a", "c37ff695876f126cc4f6b627a54f2a0bfd68983243b87d8e078143609c26f6a1", "ceecc1833d5bd98f7377e20514c3574e5e7baa11462fb952be29b2d7d2be10af", "ceeddc45a3e52e50445abfd568287edf87649fa4e94d75d3a4533a7396ae1604", "e237afed733f19fb87d226904faa1f6b13a9279db2970aa9821bd7ba03a61487", "f707db5c91e9f1e70effecb99ae6d8101cb2343779df3b06eba56311bde64a41"], "key": "<HKCR>\\LOCAL SETTINGS\\MUICACHE\\82\\52C64B7E", "value_name": "LanguageList"}, {"hashes": ["19efdda9ec1232653d64ad9f6d3d8813904ddd9995df3e697e49ae4f267622b0", "53b741a52f88d7e0f01dd4f5bcffac6882668922a45ecb1bc2e7275778afd599", "6a625df2a22684ec5c95df37818afc44ca1d7aca39e8011b7c0287c369588728", "99f9e4ecd9882db1a05327c07481941e8a4ce22dfdef90c15e9d200d9c79cbdd", "ae8220d48eb72043bdfc4fd965fce63a668cdd281553c6a93aaf574af554881a", "c37ff695876f126cc4f6b627a54f2a0bfd68983243b87d8e078143609c26f6a1", "ceecc1833d5bd98f7377e20514c3574e5e7baa11462fb952be29b2d7d2be10af", "ceeddc45a3e52e50445abfd568287edf87649fa4e94d75d3a4533a7396ae1604", "e237afed733f19fb87d226904faa1f6b13a9279db2970aa9821bd7ba03a61487", "f707db5c91e9f1e70effecb99ae6d8101cb2343779df3b06eba56311bde64a41"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\EXT\\STATS\\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}", "value_name": null}]}, "reports_count": 10}, "Win.Dropper.Shiz-9983394-0": {"bis": [{"bi": "antivirus-flagged-artifact", "hashes": ["6da3c0667c67bb53ada30dfc2fa6dac45ee5b56197515d0c083ea155a893730f", "14b6836f41d60a28868dc0fcd758b7a23b86a9d7b5f08fc463de6ed950a737d1", "8b9781057d5595fee84b6c45830ecb83fc0f261d6d9ba73b066f3c4b9c7f2c88", "cadc40ac3e45eafe1977416e6bc4dd159ba74dd4becf5e177cdc6be9906c388e", "54f5f3b8f9310dfee013917c10d88dff4c524aa406e758c067e6ded17840834f", "be38aa13642e482adcf749e2cea5507e7942255e1b31c7c455c356dea793189f", "eda4243c382593841fa5ee68b3ecf0c4d307a1b1cd01f6081bdf93373383a19b", "446ea4991b5630082258be07dc8fc7ac4297f89a4de7b63fcf2e09937f0ed298", "091f71db383670a6815d3f57e5075000fc6fd016bc4823be5e7ae16bb53267a9", "c74083c017fd115c3319f21234010c73650be020a95818b18aaca1b5902d73d8", "0d7c8955acc824a085be5d45102c510212ca6c5f4df5fad897ee2d5923d34a1f", "4d923330bfbba1410ba2e553ac6da20068c2714fc9405a76b64a35e5a5f3db14", "4056a5fa6b1b28126a3ffbeb4d8a2a046ed8017e49ab1941c64bb913dc9a6ace", "55704fcf179904208e18ae3000599ae04869d57530fbb388f8e6aa37353e344c", "eb95741a6ee9008efada291453ae1343a66d0eaa868b5554b6741d3d2a0dbd1a", "e4be229930351810431bc7c946fe36242e6e9f4c753578585c64fa1aebc09179", "856b831b3f7ada0bb31ade63f755c35f7f4f381a956956052fff69e8119815ee", "ebfe801ee7ba2cfaa5b89359dff445569ec7883064d1bfa9f2a6cfb5394fe841", "7781a10e637ee035b26e363c178fbcf9e07d30a32444b50b00c715376388f6e2", "593d96413956b2ac7f3ac3cc7b9d5b106c480f8aa587789c48c77f43e15dccb3", "1cc720425d2994b10536284c18e4a9e255ee5ea7ba21e6e6cafaf00310207a80", "342e45c1360a96d5b87847db6b3c85ef79bfda78c9f53a67a15424df91d78554", "08a7b276706517d28c3885c812f89b57549af4be14fe07059fc6f4651625f091", "f0165180238c73a0fcdb1f9ec4142a3d98054a613373d1e67ce22dcbe53c7b08", "bcb55a2df28a554fa12c514979c2080cb4244ee171686b8f910ce70a7f1f513e"], "mitre_attack_tags": []}, {"bi": "pe-encrypted-section", "hashes": ["6da3c0667c67bb53ada30dfc2fa6dac45ee5b56197515d0c083ea155a893730f", "14b6836f41d60a28868dc0fcd758b7a23b86a9d7b5f08fc463de6ed950a737d1", "8b9781057d5595fee84b6c45830ecb83fc0f261d6d9ba73b066f3c4b9c7f2c88", "cadc40ac3e45eafe1977416e6bc4dd159ba74dd4becf5e177cdc6be9906c388e", "54f5f3b8f9310dfee013917c10d88dff4c524aa406e758c067e6ded17840834f", "be38aa13642e482adcf749e2cea5507e7942255e1b31c7c455c356dea793189f", "eda4243c382593841fa5ee68b3ecf0c4d307a1b1cd01f6081bdf93373383a19b", "446ea4991b5630082258be07dc8fc7ac4297f89a4de7b63fcf2e09937f0ed298", "091f71db383670a6815d3f57e5075000fc6fd016bc4823be5e7ae16bb53267a9", "c74083c017fd115c3319f21234010c73650be020a95818b18aaca1b5902d73d8", "0d7c8955acc824a085be5d45102c510212ca6c5f4df5fad897ee2d5923d34a1f", "4d923330bfbba1410ba2e553ac6da20068c2714fc9405a76b64a35e5a5f3db14", "4056a5fa6b1b28126a3ffbeb4d8a2a046ed8017e49ab1941c64bb913dc9a6ace", "55704fcf179904208e18ae3000599ae04869d57530fbb388f8e6aa37353e344c", "eb95741a6ee9008efada291453ae1343a66d0eaa868b5554b6741d3d2a0dbd1a", "e4be229930351810431bc7c946fe36242e6e9f4c753578585c64fa1aebc09179", "856b831b3f7ada0bb31ade63f755c35f7f4f381a956956052fff69e8119815ee", "ebfe801ee7ba2cfaa5b89359dff445569ec7883064d1bfa9f2a6cfb5394fe841", "7781a10e637ee035b26e363c178fbcf9e07d30a32444b50b00c715376388f6e2", "593d96413956b2ac7f3ac3cc7b9d5b106c480f8aa587789c48c77f43e15dccb3", "1cc720425d2994b10536284c18e4a9e255ee5ea7ba21e6e6cafaf00310207a80", "342e45c1360a96d5b87847db6b3c85ef79bfda78c9f53a67a15424df91d78554", "08a7b276706517d28c3885c812f89b57549af4be14fe07059fc6f4651625f091", "f0165180238c73a0fcdb1f9ec4142a3d98054a613373d1e67ce22dcbe53c7b08", "bcb55a2df28a554fa12c514979c2080cb4244ee171686b8f910ce70a7f1f513e"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "memory-execute-readwrite", "hashes": ["6da3c0667c67bb53ada30dfc2fa6dac45ee5b56197515d0c083ea155a893730f", "14b6836f41d60a28868dc0fcd758b7a23b86a9d7b5f08fc463de6ed950a737d1", "8b9781057d5595fee84b6c45830ecb83fc0f261d6d9ba73b066f3c4b9c7f2c88", "cadc40ac3e45eafe1977416e6bc4dd159ba74dd4becf5e177cdc6be9906c388e", "54f5f3b8f9310dfee013917c10d88dff4c524aa406e758c067e6ded17840834f", "be38aa13642e482adcf749e2cea5507e7942255e1b31c7c455c356dea793189f", "eda4243c382593841fa5ee68b3ecf0c4d307a1b1cd01f6081bdf93373383a19b", "446ea4991b5630082258be07dc8fc7ac4297f89a4de7b63fcf2e09937f0ed298", "091f71db383670a6815d3f57e5075000fc6fd016bc4823be5e7ae16bb53267a9", "c74083c017fd115c3319f21234010c73650be020a95818b18aaca1b5902d73d8", "0d7c8955acc824a085be5d45102c510212ca6c5f4df5fad897ee2d5923d34a1f", "4d923330bfbba1410ba2e553ac6da20068c2714fc9405a76b64a35e5a5f3db14", "4056a5fa6b1b28126a3ffbeb4d8a2a046ed8017e49ab1941c64bb913dc9a6ace", "55704fcf179904208e18ae3000599ae04869d57530fbb388f8e6aa37353e344c", "eb95741a6ee9008efada291453ae1343a66d0eaa868b5554b6741d3d2a0dbd1a", "e4be229930351810431bc7c946fe36242e6e9f4c753578585c64fa1aebc09179", "856b831b3f7ada0bb31ade63f755c35f7f4f381a956956052fff69e8119815ee", "ebfe801ee7ba2cfaa5b89359dff445569ec7883064d1bfa9f2a6cfb5394fe841", "7781a10e637ee035b26e363c178fbcf9e07d30a32444b50b00c715376388f6e2", "593d96413956b2ac7f3ac3cc7b9d5b106c480f8aa587789c48c77f43e15dccb3", "1cc720425d2994b10536284c18e4a9e255ee5ea7ba21e6e6cafaf00310207a80", "342e45c1360a96d5b87847db6b3c85ef79bfda78c9f53a67a15424df91d78554", "08a7b276706517d28c3885c812f89b57549af4be14fe07059fc6f4651625f091", "f0165180238c73a0fcdb1f9ec4142a3d98054a613373d1e67ce22dcbe53c7b08", "bcb55a2df28a554fa12c514979c2080cb4244ee171686b8f910ce70a7f1f513e"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["6da3c0667c67bb53ada30dfc2fa6dac45ee5b56197515d0c083ea155a893730f", "14b6836f41d60a28868dc0fcd758b7a23b86a9d7b5f08fc463de6ed950a737d1", "8b9781057d5595fee84b6c45830ecb83fc0f261d6d9ba73b066f3c4b9c7f2c88", "cadc40ac3e45eafe1977416e6bc4dd159ba74dd4becf5e177cdc6be9906c388e", "54f5f3b8f9310dfee013917c10d88dff4c524aa406e758c067e6ded17840834f", "be38aa13642e482adcf749e2cea5507e7942255e1b31c7c455c356dea793189f", "eda4243c382593841fa5ee68b3ecf0c4d307a1b1cd01f6081bdf93373383a19b", "446ea4991b5630082258be07dc8fc7ac4297f89a4de7b63fcf2e09937f0ed298", "091f71db383670a6815d3f57e5075000fc6fd016bc4823be5e7ae16bb53267a9", "c74083c017fd115c3319f21234010c73650be020a95818b18aaca1b5902d73d8", "0d7c8955acc824a085be5d45102c510212ca6c5f4df5fad897ee2d5923d34a1f", "4d923330bfbba1410ba2e553ac6da20068c2714fc9405a76b64a35e5a5f3db14", "4056a5fa6b1b28126a3ffbeb4d8a2a046ed8017e49ab1941c64bb913dc9a6ace", "55704fcf179904208e18ae3000599ae04869d57530fbb388f8e6aa37353e344c", "eb95741a6ee9008efada291453ae1343a66d0eaa868b5554b6741d3d2a0dbd1a", "e4be229930351810431bc7c946fe36242e6e9f4c753578585c64fa1aebc09179", "856b831b3f7ada0bb31ade63f755c35f7f4f381a956956052fff69e8119815ee", "ebfe801ee7ba2cfaa5b89359dff445569ec7883064d1bfa9f2a6cfb5394fe841", "7781a10e637ee035b26e363c178fbcf9e07d30a32444b50b00c715376388f6e2", "593d96413956b2ac7f3ac3cc7b9d5b106c480f8aa587789c48c77f43e15dccb3", "1cc720425d2994b10536284c18e4a9e255ee5ea7ba21e6e6cafaf00310207a80", "342e45c1360a96d5b87847db6b3c85ef79bfda78c9f53a67a15424df91d78554", "08a7b276706517d28c3885c812f89b57549af4be14fe07059fc6f4651625f091", "f0165180238c73a0fcdb1f9ec4142a3d98054a613373d1e67ce22dcbe53c7b08", "bcb55a2df28a554fa12c514979c2080cb4244ee171686b8f910ce70a7f1f513e"], "mitre_attack_tags": []}, {"bi": "modified-file-in-user-dir", "hashes": ["6da3c0667c67bb53ada30dfc2fa6dac45ee5b56197515d0c083ea155a893730f", "14b6836f41d60a28868dc0fcd758b7a23b86a9d7b5f08fc463de6ed950a737d1", "8b9781057d5595fee84b6c45830ecb83fc0f261d6d9ba73b066f3c4b9c7f2c88", "cadc40ac3e45eafe1977416e6bc4dd159ba74dd4becf5e177cdc6be9906c388e", "54f5f3b8f9310dfee013917c10d88dff4c524aa406e758c067e6ded17840834f", "be38aa13642e482adcf749e2cea5507e7942255e1b31c7c455c356dea793189f", "eda4243c382593841fa5ee68b3ecf0c4d307a1b1cd01f6081bdf93373383a19b", "446ea4991b5630082258be07dc8fc7ac4297f89a4de7b63fcf2e09937f0ed298", "091f71db383670a6815d3f57e5075000fc6fd016bc4823be5e7ae16bb53267a9", "c74083c017fd115c3319f21234010c73650be020a95818b18aaca1b5902d73d8", "0d7c8955acc824a085be5d45102c510212ca6c5f4df5fad897ee2d5923d34a1f", "4d923330bfbba1410ba2e553ac6da20068c2714fc9405a76b64a35e5a5f3db14", "4056a5fa6b1b28126a3ffbeb4d8a2a046ed8017e49ab1941c64bb913dc9a6ace", "55704fcf179904208e18ae3000599ae04869d57530fbb388f8e6aa37353e344c", "eb95741a6ee9008efada291453ae1343a66d0eaa868b5554b6741d3d2a0dbd1a", "e4be229930351810431bc7c946fe36242e6e9f4c753578585c64fa1aebc09179", "856b831b3f7ada0bb31ade63f755c35f7f4f381a956956052fff69e8119815ee", "ebfe801ee7ba2cfaa5b89359dff445569ec7883064d1bfa9f2a6cfb5394fe841", "7781a10e637ee035b26e363c178fbcf9e07d30a32444b50b00c715376388f6e2", "593d96413956b2ac7f3ac3cc7b9d5b106c480f8aa587789c48c77f43e15dccb3", "1cc720425d2994b10536284c18e4a9e255ee5ea7ba21e6e6cafaf00310207a80", "342e45c1360a96d5b87847db6b3c85ef79bfda78c9f53a67a15424df91d78554", "08a7b276706517d28c3885c812f89b57549af4be14fe07059fc6f4651625f091", "f0165180238c73a0fcdb1f9ec4142a3d98054a613373d1e67ce22dcbe53c7b08", "bcb55a2df28a554fa12c514979c2080cb4244ee171686b8f910ce70a7f1f513e"], "mitre_attack_tags": []}, {"bi": "pe-invalid-checksum", "hashes": ["6da3c0667c67bb53ada30dfc2fa6dac45ee5b56197515d0c083ea155a893730f", "14b6836f41d60a28868dc0fcd758b7a23b86a9d7b5f08fc463de6ed950a737d1", "8b9781057d5595fee84b6c45830ecb83fc0f261d6d9ba73b066f3c4b9c7f2c88", "cadc40ac3e45eafe1977416e6bc4dd159ba74dd4becf5e177cdc6be9906c388e", "54f5f3b8f9310dfee013917c10d88dff4c524aa406e758c067e6ded17840834f", "be38aa13642e482adcf749e2cea5507e7942255e1b31c7c455c356dea793189f", "eda4243c382593841fa5ee68b3ecf0c4d307a1b1cd01f6081bdf93373383a19b", "446ea4991b5630082258be07dc8fc7ac4297f89a4de7b63fcf2e09937f0ed298", "091f71db383670a6815d3f57e5075000fc6fd016bc4823be5e7ae16bb53267a9", "c74083c017fd115c3319f21234010c73650be020a95818b18aaca1b5902d73d8", "0d7c8955acc824a085be5d45102c510212ca6c5f4df5fad897ee2d5923d34a1f", "4d923330bfbba1410ba2e553ac6da20068c2714fc9405a76b64a35e5a5f3db14", "4056a5fa6b1b28126a3ffbeb4d8a2a046ed8017e49ab1941c64bb913dc9a6ace", "55704fcf179904208e18ae3000599ae04869d57530fbb388f8e6aa37353e344c", "eb95741a6ee9008efada291453ae1343a66d0eaa868b5554b6741d3d2a0dbd1a", "e4be229930351810431bc7c946fe36242e6e9f4c753578585c64fa1aebc09179", "856b831b3f7ada0bb31ade63f755c35f7f4f381a956956052fff69e8119815ee", "ebfe801ee7ba2cfaa5b89359dff445569ec7883064d1bfa9f2a6cfb5394fe841", "7781a10e637ee035b26e363c178fbcf9e07d30a32444b50b00c715376388f6e2", "593d96413956b2ac7f3ac3cc7b9d5b106c480f8aa587789c48c77f43e15dccb3", "1cc720425d2994b10536284c18e4a9e255ee5ea7ba21e6e6cafaf00310207a80", "342e45c1360a96d5b87847db6b3c85ef79bfda78c9f53a67a15424df91d78554", "08a7b276706517d28c3885c812f89b57549af4be14fe07059fc6f4651625f091", "f0165180238c73a0fcdb1f9ec4142a3d98054a613373d1e67ce22dcbe53c7b08", "bcb55a2df28a554fa12c514979c2080cb4244ee171686b8f910ce70a7f1f513e"], "mitre_attack_tags": []}, {"bi": "artifact-flagged-anomaly", "hashes": ["6da3c0667c67bb53ada30dfc2fa6dac45ee5b56197515d0c083ea155a893730f", "14b6836f41d60a28868dc0fcd758b7a23b86a9d7b5f08fc463de6ed950a737d1", "8b9781057d5595fee84b6c45830ecb83fc0f261d6d9ba73b066f3c4b9c7f2c88", "cadc40ac3e45eafe1977416e6bc4dd159ba74dd4becf5e177cdc6be9906c388e", "54f5f3b8f9310dfee013917c10d88dff4c524aa406e758c067e6ded17840834f", "be38aa13642e482adcf749e2cea5507e7942255e1b31c7c455c356dea793189f", "eda4243c382593841fa5ee68b3ecf0c4d307a1b1cd01f6081bdf93373383a19b", "446ea4991b5630082258be07dc8fc7ac4297f89a4de7b63fcf2e09937f0ed298", "091f71db383670a6815d3f57e5075000fc6fd016bc4823be5e7ae16bb53267a9", "c74083c017fd115c3319f21234010c73650be020a95818b18aaca1b5902d73d8", "0d7c8955acc824a085be5d45102c510212ca6c5f4df5fad897ee2d5923d34a1f", "4d923330bfbba1410ba2e553ac6da20068c2714fc9405a76b64a35e5a5f3db14", "4056a5fa6b1b28126a3ffbeb4d8a2a046ed8017e49ab1941c64bb913dc9a6ace", "55704fcf179904208e18ae3000599ae04869d57530fbb388f8e6aa37353e344c", "eb95741a6ee9008efada291453ae1343a66d0eaa868b5554b6741d3d2a0dbd1a", "e4be229930351810431bc7c946fe36242e6e9f4c753578585c64fa1aebc09179", "856b831b3f7ada0bb31ade63f755c35f7f4f381a956956052fff69e8119815ee", "ebfe801ee7ba2cfaa5b89359dff445569ec7883064d1bfa9f2a6cfb5394fe841", "7781a10e637ee035b26e363c178fbcf9e07d30a32444b50b00c715376388f6e2", "593d96413956b2ac7f3ac3cc7b9d5b106c480f8aa587789c48c77f43e15dccb3", "1cc720425d2994b10536284c18e4a9e255ee5ea7ba21e6e6cafaf00310207a80", "342e45c1360a96d5b87847db6b3c85ef79bfda78c9f53a67a15424df91d78554", "08a7b276706517d28c3885c812f89b57549af4be14fe07059fc6f4651625f091", "f0165180238c73a0fcdb1f9ec4142a3d98054a613373d1e67ce22dcbe53c7b08", "bcb55a2df28a554fa12c514979c2080cb4244ee171686b8f910ce70a7f1f513e"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "artifact-flagged-obfuscation", "hashes": ["6da3c0667c67bb53ada30dfc2fa6dac45ee5b56197515d0c083ea155a893730f", "14b6836f41d60a28868dc0fcd758b7a23b86a9d7b5f08fc463de6ed950a737d1", "8b9781057d5595fee84b6c45830ecb83fc0f261d6d9ba73b066f3c4b9c7f2c88", "cadc40ac3e45eafe1977416e6bc4dd159ba74dd4becf5e177cdc6be9906c388e", "54f5f3b8f9310dfee013917c10d88dff4c524aa406e758c067e6ded17840834f", "be38aa13642e482adcf749e2cea5507e7942255e1b31c7c455c356dea793189f", "eda4243c382593841fa5ee68b3ecf0c4d307a1b1cd01f6081bdf93373383a19b", "446ea4991b5630082258be07dc8fc7ac4297f89a4de7b63fcf2e09937f0ed298", "091f71db383670a6815d3f57e5075000fc6fd016bc4823be5e7ae16bb53267a9", "c74083c017fd115c3319f21234010c73650be020a95818b18aaca1b5902d73d8", "0d7c8955acc824a085be5d45102c510212ca6c5f4df5fad897ee2d5923d34a1f", "4d923330bfbba1410ba2e553ac6da20068c2714fc9405a76b64a35e5a5f3db14", "4056a5fa6b1b28126a3ffbeb4d8a2a046ed8017e49ab1941c64bb913dc9a6ace", "55704fcf179904208e18ae3000599ae04869d57530fbb388f8e6aa37353e344c", "eb95741a6ee9008efada291453ae1343a66d0eaa868b5554b6741d3d2a0dbd1a", "e4be229930351810431bc7c946fe36242e6e9f4c753578585c64fa1aebc09179", "856b831b3f7ada0bb31ade63f755c35f7f4f381a956956052fff69e8119815ee", "ebfe801ee7ba2cfaa5b89359dff445569ec7883064d1bfa9f2a6cfb5394fe841", "7781a10e637ee035b26e363c178fbcf9e07d30a32444b50b00c715376388f6e2", "593d96413956b2ac7f3ac3cc7b9d5b106c480f8aa587789c48c77f43e15dccb3", "1cc720425d2994b10536284c18e4a9e255ee5ea7ba21e6e6cafaf00310207a80", "342e45c1360a96d5b87847db6b3c85ef79bfda78c9f53a67a15424df91d78554", "08a7b276706517d28c3885c812f89b57549af4be14fe07059fc6f4651625f091", "f0165180238c73a0fcdb1f9ec4142a3d98054a613373d1e67ce22dcbe53c7b08", "bcb55a2df28a554fa12c514979c2080cb4244ee171686b8f910ce70a7f1f513e"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "network-opendns-malicious", "hashes": ["6da3c0667c67bb53ada30dfc2fa6dac45ee5b56197515d0c083ea155a893730f", "14b6836f41d60a28868dc0fcd758b7a23b86a9d7b5f08fc463de6ed950a737d1", "8b9781057d5595fee84b6c45830ecb83fc0f261d6d9ba73b066f3c4b9c7f2c88", "cadc40ac3e45eafe1977416e6bc4dd159ba74dd4becf5e177cdc6be9906c388e", "54f5f3b8f9310dfee013917c10d88dff4c524aa406e758c067e6ded17840834f", "be38aa13642e482adcf749e2cea5507e7942255e1b31c7c455c356dea793189f", "eda4243c382593841fa5ee68b3ecf0c4d307a1b1cd01f6081bdf93373383a19b", "446ea4991b5630082258be07dc8fc7ac4297f89a4de7b63fcf2e09937f0ed298", "091f71db383670a6815d3f57e5075000fc6fd016bc4823be5e7ae16bb53267a9", "c74083c017fd115c3319f21234010c73650be020a95818b18aaca1b5902d73d8", "0d7c8955acc824a085be5d45102c510212ca6c5f4df5fad897ee2d5923d34a1f", "4d923330bfbba1410ba2e553ac6da20068c2714fc9405a76b64a35e5a5f3db14", "4056a5fa6b1b28126a3ffbeb4d8a2a046ed8017e49ab1941c64bb913dc9a6ace", "55704fcf179904208e18ae3000599ae04869d57530fbb388f8e6aa37353e344c", "eb95741a6ee9008efada291453ae1343a66d0eaa868b5554b6741d3d2a0dbd1a", "e4be229930351810431bc7c946fe36242e6e9f4c753578585c64fa1aebc09179", "856b831b3f7ada0bb31ade63f755c35f7f4f381a956956052fff69e8119815ee", "ebfe801ee7ba2cfaa5b89359dff445569ec7883064d1bfa9f2a6cfb5394fe841", "7781a10e637ee035b26e363c178fbcf9e07d30a32444b50b00c715376388f6e2", "593d96413956b2ac7f3ac3cc7b9d5b106c480f8aa587789c48c77f43e15dccb3", "1cc720425d2994b10536284c18e4a9e255ee5ea7ba21e6e6cafaf00310207a80", "342e45c1360a96d5b87847db6b3c85ef79bfda78c9f53a67a15424df91d78554", "08a7b276706517d28c3885c812f89b57549af4be14fe07059fc6f4651625f091", "f0165180238c73a0fcdb1f9ec4142a3d98054a613373d1e67ce22dcbe53c7b08", "bcb55a2df28a554fa12c514979c2080cb4244ee171686b8f910ce70a7f1f513e"], "mitre_attack_tags": []}, {"bi": "network-file-uploaded", "hashes": ["6da3c0667c67bb53ada30dfc2fa6dac45ee5b56197515d0c083ea155a893730f", "14b6836f41d60a28868dc0fcd758b7a23b86a9d7b5f08fc463de6ed950a737d1", "8b9781057d5595fee84b6c45830ecb83fc0f261d6d9ba73b066f3c4b9c7f2c88", "cadc40ac3e45eafe1977416e6bc4dd159ba74dd4becf5e177cdc6be9906c388e", "54f5f3b8f9310dfee013917c10d88dff4c524aa406e758c067e6ded17840834f", "be38aa13642e482adcf749e2cea5507e7942255e1b31c7c455c356dea793189f", "eda4243c382593841fa5ee68b3ecf0c4d307a1b1cd01f6081bdf93373383a19b", "446ea4991b5630082258be07dc8fc7ac4297f89a4de7b63fcf2e09937f0ed298", "091f71db383670a6815d3f57e5075000fc6fd016bc4823be5e7ae16bb53267a9", "c74083c017fd115c3319f21234010c73650be020a95818b18aaca1b5902d73d8", "0d7c8955acc824a085be5d45102c510212ca6c5f4df5fad897ee2d5923d34a1f", "4d923330bfbba1410ba2e553ac6da20068c2714fc9405a76b64a35e5a5f3db14", "4056a5fa6b1b28126a3ffbeb4d8a2a046ed8017e49ab1941c64bb913dc9a6ace", "55704fcf179904208e18ae3000599ae04869d57530fbb388f8e6aa37353e344c", "eb95741a6ee9008efada291453ae1343a66d0eaa868b5554b6741d3d2a0dbd1a", "e4be229930351810431bc7c946fe36242e6e9f4c753578585c64fa1aebc09179", "856b831b3f7ada0bb31ade63f755c35f7f4f381a956956052fff69e8119815ee", "ebfe801ee7ba2cfaa5b89359dff445569ec7883064d1bfa9f2a6cfb5394fe841", "7781a10e637ee035b26e363c178fbcf9e07d30a32444b50b00c715376388f6e2", "593d96413956b2ac7f3ac3cc7b9d5b106c480f8aa587789c48c77f43e15dccb3", "1cc720425d2994b10536284c18e4a9e255ee5ea7ba21e6e6cafaf00310207a80", "342e45c1360a96d5b87847db6b3c85ef79bfda78c9f53a67a15424df91d78554", "08a7b276706517d28c3885c812f89b57549af4be14fe07059fc6f4651625f091", "f0165180238c73a0fcdb1f9ec4142a3d98054a613373d1e67ce22dcbe53c7b08", "bcb55a2df28a554fa12c514979c2080cb4244ee171686b8f910ce70a7f1f513e"], "mitre_attack_tags": ["TA0010", "T1011"]}, {"bi": "nginx-webserver-detected", "hashes": ["6da3c0667c67bb53ada30dfc2fa6dac45ee5b56197515d0c083ea155a893730f", "14b6836f41d60a28868dc0fcd758b7a23b86a9d7b5f08fc463de6ed950a737d1", "8b9781057d5595fee84b6c45830ecb83fc0f261d6d9ba73b066f3c4b9c7f2c88", "cadc40ac3e45eafe1977416e6bc4dd159ba74dd4becf5e177cdc6be9906c388e", "54f5f3b8f9310dfee013917c10d88dff4c524aa406e758c067e6ded17840834f", "be38aa13642e482adcf749e2cea5507e7942255e1b31c7c455c356dea793189f", "eda4243c382593841fa5ee68b3ecf0c4d307a1b1cd01f6081bdf93373383a19b", "446ea4991b5630082258be07dc8fc7ac4297f89a4de7b63fcf2e09937f0ed298", "091f71db383670a6815d3f57e5075000fc6fd016bc4823be5e7ae16bb53267a9", "c74083c017fd115c3319f21234010c73650be020a95818b18aaca1b5902d73d8", "0d7c8955acc824a085be5d45102c510212ca6c5f4df5fad897ee2d5923d34a1f", "4d923330bfbba1410ba2e553ac6da20068c2714fc9405a76b64a35e5a5f3db14", "4056a5fa6b1b28126a3ffbeb4d8a2a046ed8017e49ab1941c64bb913dc9a6ace", "55704fcf179904208e18ae3000599ae04869d57530fbb388f8e6aa37353e344c", "eb95741a6ee9008efada291453ae1343a66d0eaa868b5554b6741d3d2a0dbd1a", "e4be229930351810431bc7c946fe36242e6e9f4c753578585c64fa1aebc09179", "856b831b3f7ada0bb31ade63f755c35f7f4f381a956956052fff69e8119815ee", "ebfe801ee7ba2cfaa5b89359dff445569ec7883064d1bfa9f2a6cfb5394fe841", "7781a10e637ee035b26e363c178fbcf9e07d30a32444b50b00c715376388f6e2", "593d96413956b2ac7f3ac3cc7b9d5b106c480f8aa587789c48c77f43e15dccb3", "1cc720425d2994b10536284c18e4a9e255ee5ea7ba21e6e6cafaf00310207a80", "342e45c1360a96d5b87847db6b3c85ef79bfda78c9f53a67a15424df91d78554", "08a7b276706517d28c3885c812f89b57549af4be14fe07059fc6f4651625f091", "f0165180238c73a0fcdb1f9ec4142a3d98054a613373d1e67ce22dcbe53c7b08", "bcb55a2df28a554fa12c514979c2080cb4244ee171686b8f910ce70a7f1f513e"], "mitre_attack_tags": []}, {"bi": "network-communications-http-post", "hashes": ["6da3c0667c67bb53ada30dfc2fa6dac45ee5b56197515d0c083ea155a893730f", "14b6836f41d60a28868dc0fcd758b7a23b86a9d7b5f08fc463de6ed950a737d1", "8b9781057d5595fee84b6c45830ecb83fc0f261d6d9ba73b066f3c4b9c7f2c88", "cadc40ac3e45eafe1977416e6bc4dd159ba74dd4becf5e177cdc6be9906c388e", "54f5f3b8f9310dfee013917c10d88dff4c524aa406e758c067e6ded17840834f", "be38aa13642e482adcf749e2cea5507e7942255e1b31c7c455c356dea793189f", "eda4243c382593841fa5ee68b3ecf0c4d307a1b1cd01f6081bdf93373383a19b", "446ea4991b5630082258be07dc8fc7ac4297f89a4de7b63fcf2e09937f0ed298", "091f71db383670a6815d3f57e5075000fc6fd016bc4823be5e7ae16bb53267a9", "c74083c017fd115c3319f21234010c73650be020a95818b18aaca1b5902d73d8", "0d7c8955acc824a085be5d45102c510212ca6c5f4df5fad897ee2d5923d34a1f", "4d923330bfbba1410ba2e553ac6da20068c2714fc9405a76b64a35e5a5f3db14", "4056a5fa6b1b28126a3ffbeb4d8a2a046ed8017e49ab1941c64bb913dc9a6ace", "55704fcf179904208e18ae3000599ae04869d57530fbb388f8e6aa37353e344c", "eb95741a6ee9008efada291453ae1343a66d0eaa868b5554b6741d3d2a0dbd1a", "e4be229930351810431bc7c946fe36242e6e9f4c753578585c64fa1aebc09179", "856b831b3f7ada0bb31ade63f755c35f7f4f381a956956052fff69e8119815ee", "ebfe801ee7ba2cfaa5b89359dff445569ec7883064d1bfa9f2a6cfb5394fe841", "7781a10e637ee035b26e363c178fbcf9e07d30a32444b50b00c715376388f6e2", "593d96413956b2ac7f3ac3cc7b9d5b106c480f8aa587789c48c77f43e15dccb3", "1cc720425d2994b10536284c18e4a9e255ee5ea7ba21e6e6cafaf00310207a80", "342e45c1360a96d5b87847db6b3c85ef79bfda78c9f53a67a15424df91d78554", "08a7b276706517d28c3885c812f89b57549af4be14fe07059fc6f4651625f091", "f0165180238c73a0fcdb1f9ec4142a3d98054a613373d1e67ce22dcbe53c7b08", "bcb55a2df28a554fa12c514979c2080cb4244ee171686b8f910ce70a7f1f513e"], "mitre_attack_tags": ["TA0010", "T1048"]}, {"bi": "network-fast-flux-nameserver", "hashes": ["6da3c0667c67bb53ada30dfc2fa6dac45ee5b56197515d0c083ea155a893730f", "14b6836f41d60a28868dc0fcd758b7a23b86a9d7b5f08fc463de6ed950a737d1", "8b9781057d5595fee84b6c45830ecb83fc0f261d6d9ba73b066f3c4b9c7f2c88", "cadc40ac3e45eafe1977416e6bc4dd159ba74dd4becf5e177cdc6be9906c388e", "54f5f3b8f9310dfee013917c10d88dff4c524aa406e758c067e6ded17840834f", "be38aa13642e482adcf749e2cea5507e7942255e1b31c7c455c356dea793189f", "eda4243c382593841fa5ee68b3ecf0c4d307a1b1cd01f6081bdf93373383a19b", "446ea4991b5630082258be07dc8fc7ac4297f89a4de7b63fcf2e09937f0ed298", "091f71db383670a6815d3f57e5075000fc6fd016bc4823be5e7ae16bb53267a9", "c74083c017fd115c3319f21234010c73650be020a95818b18aaca1b5902d73d8", "0d7c8955acc824a085be5d45102c510212ca6c5f4df5fad897ee2d5923d34a1f", "4d923330bfbba1410ba2e553ac6da20068c2714fc9405a76b64a35e5a5f3db14", "4056a5fa6b1b28126a3ffbeb4d8a2a046ed8017e49ab1941c64bb913dc9a6ace", "55704fcf179904208e18ae3000599ae04869d57530fbb388f8e6aa37353e344c", "eb95741a6ee9008efada291453ae1343a66d0eaa868b5554b6741d3d2a0dbd1a", "e4be229930351810431bc7c946fe36242e6e9f4c753578585c64fa1aebc09179", "856b831b3f7ada0bb31ade63f755c35f7f4f381a956956052fff69e8119815ee", "ebfe801ee7ba2cfaa5b89359dff445569ec7883064d1bfa9f2a6cfb5394fe841", "7781a10e637ee035b26e363c178fbcf9e07d30a32444b50b00c715376388f6e2", "593d96413956b2ac7f3ac3cc7b9d5b106c480f8aa587789c48c77f43e15dccb3", "1cc720425d2994b10536284c18e4a9e255ee5ea7ba21e6e6cafaf00310207a80", "342e45c1360a96d5b87847db6b3c85ef79bfda78c9f53a67a15424df91d78554", "08a7b276706517d28c3885c812f89b57549af4be14fe07059fc6f4651625f091", "f0165180238c73a0fcdb1f9ec4142a3d98054a613373d1e67ce22dcbe53c7b08", "bcb55a2df28a554fa12c514979c2080cb4244ee171686b8f910ce70a7f1f513e"], "mitre_attack_tags": []}, {"bi": "dns-query-nxdomain", "hashes": ["6da3c0667c67bb53ada30dfc2fa6dac45ee5b56197515d0c083ea155a893730f", "14b6836f41d60a28868dc0fcd758b7a23b86a9d7b5f08fc463de6ed950a737d1", "8b9781057d5595fee84b6c45830ecb83fc0f261d6d9ba73b066f3c4b9c7f2c88", "cadc40ac3e45eafe1977416e6bc4dd159ba74dd4becf5e177cdc6be9906c388e", "54f5f3b8f9310dfee013917c10d88dff4c524aa406e758c067e6ded17840834f", "be38aa13642e482adcf749e2cea5507e7942255e1b31c7c455c356dea793189f", "eda4243c382593841fa5ee68b3ecf0c4d307a1b1cd01f6081bdf93373383a19b", "446ea4991b5630082258be07dc8fc7ac4297f89a4de7b63fcf2e09937f0ed298", "091f71db383670a6815d3f57e5075000fc6fd016bc4823be5e7ae16bb53267a9", "c74083c017fd115c3319f21234010c73650be020a95818b18aaca1b5902d73d8", "0d7c8955acc824a085be5d45102c510212ca6c5f4df5fad897ee2d5923d34a1f", "4d923330bfbba1410ba2e553ac6da20068c2714fc9405a76b64a35e5a5f3db14", "4056a5fa6b1b28126a3ffbeb4d8a2a046ed8017e49ab1941c64bb913dc9a6ace", "55704fcf179904208e18ae3000599ae04869d57530fbb388f8e6aa37353e344c", "eb95741a6ee9008efada291453ae1343a66d0eaa868b5554b6741d3d2a0dbd1a", "e4be229930351810431bc7c946fe36242e6e9f4c753578585c64fa1aebc09179", "856b831b3f7ada0bb31ade63f755c35f7f4f381a956956052fff69e8119815ee", "ebfe801ee7ba2cfaa5b89359dff445569ec7883064d1bfa9f2a6cfb5394fe841", "7781a10e637ee035b26e363c178fbcf9e07d30a32444b50b00c715376388f6e2", "593d96413956b2ac7f3ac3cc7b9d5b106c480f8aa587789c48c77f43e15dccb3", "1cc720425d2994b10536284c18e4a9e255ee5ea7ba21e6e6cafaf00310207a80", "342e45c1360a96d5b87847db6b3c85ef79bfda78c9f53a67a15424df91d78554", "08a7b276706517d28c3885c812f89b57549af4be14fe07059fc6f4651625f091", "f0165180238c73a0fcdb1f9ec4142a3d98054a613373d1e67ce22dcbe53c7b08", "bcb55a2df28a554fa12c514979c2080cb4244ee171686b8f910ce70a7f1f513e"], "mitre_attack_tags": []}, {"bi": "network-snort-protocol", "hashes": ["6da3c0667c67bb53ada30dfc2fa6dac45ee5b56197515d0c083ea155a893730f", "14b6836f41d60a28868dc0fcd758b7a23b86a9d7b5f08fc463de6ed950a737d1", "8b9781057d5595fee84b6c45830ecb83fc0f261d6d9ba73b066f3c4b9c7f2c88", "cadc40ac3e45eafe1977416e6bc4dd159ba74dd4becf5e177cdc6be9906c388e", "54f5f3b8f9310dfee013917c10d88dff4c524aa406e758c067e6ded17840834f", "be38aa13642e482adcf749e2cea5507e7942255e1b31c7c455c356dea793189f", "eda4243c382593841fa5ee68b3ecf0c4d307a1b1cd01f6081bdf93373383a19b", "446ea4991b5630082258be07dc8fc7ac4297f89a4de7b63fcf2e09937f0ed298", "091f71db383670a6815d3f57e5075000fc6fd016bc4823be5e7ae16bb53267a9", "c74083c017fd115c3319f21234010c73650be020a95818b18aaca1b5902d73d8", "0d7c8955acc824a085be5d45102c510212ca6c5f4df5fad897ee2d5923d34a1f", "4d923330bfbba1410ba2e553ac6da20068c2714fc9405a76b64a35e5a5f3db14", "4056a5fa6b1b28126a3ffbeb4d8a2a046ed8017e49ab1941c64bb913dc9a6ace", "55704fcf179904208e18ae3000599ae04869d57530fbb388f8e6aa37353e344c", "eb95741a6ee9008efada291453ae1343a66d0eaa868b5554b6741d3d2a0dbd1a", "e4be229930351810431bc7c946fe36242e6e9f4c753578585c64fa1aebc09179", "856b831b3f7ada0bb31ade63f755c35f7f4f381a956956052fff69e8119815ee", "ebfe801ee7ba2cfaa5b89359dff445569ec7883064d1bfa9f2a6cfb5394fe841", "7781a10e637ee035b26e363c178fbcf9e07d30a32444b50b00c715376388f6e2", "593d96413956b2ac7f3ac3cc7b9d5b106c480f8aa587789c48c77f43e15dccb3", "1cc720425d2994b10536284c18e4a9e255ee5ea7ba21e6e6cafaf00310207a80", "342e45c1360a96d5b87847db6b3c85ef79bfda78c9f53a67a15424df91d78554", "08a7b276706517d28c3885c812f89b57549af4be14fe07059fc6f4651625f091", "f0165180238c73a0fcdb1f9ec4142a3d98054a613373d1e67ce22dcbe53c7b08", "bcb55a2df28a554fa12c514979c2080cb4244ee171686b8f910ce70a7f1f513e"], "mitre_attack_tags": []}, {"bi": "netbios-query", "hashes": ["6da3c0667c67bb53ada30dfc2fa6dac45ee5b56197515d0c083ea155a893730f", "14b6836f41d60a28868dc0fcd758b7a23b86a9d7b5f08fc463de6ed950a737d1", "8b9781057d5595fee84b6c45830ecb83fc0f261d6d9ba73b066f3c4b9c7f2c88", "cadc40ac3e45eafe1977416e6bc4dd159ba74dd4becf5e177cdc6be9906c388e", "54f5f3b8f9310dfee013917c10d88dff4c524aa406e758c067e6ded17840834f", "be38aa13642e482adcf749e2cea5507e7942255e1b31c7c455c356dea793189f", "eda4243c382593841fa5ee68b3ecf0c4d307a1b1cd01f6081bdf93373383a19b", "446ea4991b5630082258be07dc8fc7ac4297f89a4de7b63fcf2e09937f0ed298", "091f71db383670a6815d3f57e5075000fc6fd016bc4823be5e7ae16bb53267a9", "c74083c017fd115c3319f21234010c73650be020a95818b18aaca1b5902d73d8", "0d7c8955acc824a085be5d45102c510212ca6c5f4df5fad897ee2d5923d34a1f", "4d923330bfbba1410ba2e553ac6da20068c2714fc9405a76b64a35e5a5f3db14", "4056a5fa6b1b28126a3ffbeb4d8a2a046ed8017e49ab1941c64bb913dc9a6ace", "55704fcf179904208e18ae3000599ae04869d57530fbb388f8e6aa37353e344c", "eb95741a6ee9008efada291453ae1343a66d0eaa868b5554b6741d3d2a0dbd1a", "e4be229930351810431bc7c946fe36242e6e9f4c753578585c64fa1aebc09179", "856b831b3f7ada0bb31ade63f755c35f7f4f381a956956052fff69e8119815ee", "ebfe801ee7ba2cfaa5b89359dff445569ec7883064d1bfa9f2a6cfb5394fe841", "7781a10e637ee035b26e363c178fbcf9e07d30a32444b50b00c715376388f6e2", "593d96413956b2ac7f3ac3cc7b9d5b106c480f8aa587789c48c77f43e15dccb3", "1cc720425d2994b10536284c18e4a9e255ee5ea7ba21e6e6cafaf00310207a80", "342e45c1360a96d5b87847db6b3c85ef79bfda78c9f53a67a15424df91d78554", "08a7b276706517d28c3885c812f89b57549af4be14fe07059fc6f4651625f091", "f0165180238c73a0fcdb1f9ec4142a3d98054a613373d1e67ce22dcbe53c7b08", "bcb55a2df28a554fa12c514979c2080cb4244ee171686b8f910ce70a7f1f513e"], "mitre_attack_tags": ["TA0007", "T1016"]}, {"bi": "dns-excessive-domain-queries", "hashes": ["6da3c0667c67bb53ada30dfc2fa6dac45ee5b56197515d0c083ea155a893730f", "14b6836f41d60a28868dc0fcd758b7a23b86a9d7b5f08fc463de6ed950a737d1", "8b9781057d5595fee84b6c45830ecb83fc0f261d6d9ba73b066f3c4b9c7f2c88", "cadc40ac3e45eafe1977416e6bc4dd159ba74dd4becf5e177cdc6be9906c388e", "54f5f3b8f9310dfee013917c10d88dff4c524aa406e758c067e6ded17840834f", "be38aa13642e482adcf749e2cea5507e7942255e1b31c7c455c356dea793189f", "eda4243c382593841fa5ee68b3ecf0c4d307a1b1cd01f6081bdf93373383a19b", "446ea4991b5630082258be07dc8fc7ac4297f89a4de7b63fcf2e09937f0ed298", "091f71db383670a6815d3f57e5075000fc6fd016bc4823be5e7ae16bb53267a9", "c74083c017fd115c3319f21234010c73650be020a95818b18aaca1b5902d73d8", "0d7c8955acc824a085be5d45102c510212ca6c5f4df5fad897ee2d5923d34a1f", "4d923330bfbba1410ba2e553ac6da20068c2714fc9405a76b64a35e5a5f3db14", "4056a5fa6b1b28126a3ffbeb4d8a2a046ed8017e49ab1941c64bb913dc9a6ace", "55704fcf179904208e18ae3000599ae04869d57530fbb388f8e6aa37353e344c", "eb95741a6ee9008efada291453ae1343a66d0eaa868b5554b6741d3d2a0dbd1a", "e4be229930351810431bc7c946fe36242e6e9f4c753578585c64fa1aebc09179", "856b831b3f7ada0bb31ade63f755c35f7f4f381a956956052fff69e8119815ee", "ebfe801ee7ba2cfaa5b89359dff445569ec7883064d1bfa9f2a6cfb5394fe841", "7781a10e637ee035b26e363c178fbcf9e07d30a32444b50b00c715376388f6e2", "593d96413956b2ac7f3ac3cc7b9d5b106c480f8aa587789c48c77f43e15dccb3", "1cc720425d2994b10536284c18e4a9e255ee5ea7ba21e6e6cafaf00310207a80", "342e45c1360a96d5b87847db6b3c85ef79bfda78c9f53a67a15424df91d78554", "08a7b276706517d28c3885c812f89b57549af4be14fe07059fc6f4651625f091", "f0165180238c73a0fcdb1f9ec4142a3d98054a613373d1e67ce22dcbe53c7b08", "bcb55a2df28a554fa12c514979c2080cb4244ee171686b8f910ce70a7f1f513e"], "mitre_attack_tags": ["TA0011", "T1008"]}, {"bi": "excessive-dns-query-nxdomain", "hashes": ["6da3c0667c67bb53ada30dfc2fa6dac45ee5b56197515d0c083ea155a893730f", "14b6836f41d60a28868dc0fcd758b7a23b86a9d7b5f08fc463de6ed950a737d1", "8b9781057d5595fee84b6c45830ecb83fc0f261d6d9ba73b066f3c4b9c7f2c88", "cadc40ac3e45eafe1977416e6bc4dd159ba74dd4becf5e177cdc6be9906c388e", "54f5f3b8f9310dfee013917c10d88dff4c524aa406e758c067e6ded17840834f", "be38aa13642e482adcf749e2cea5507e7942255e1b31c7c455c356dea793189f", "eda4243c382593841fa5ee68b3ecf0c4d307a1b1cd01f6081bdf93373383a19b", "446ea4991b5630082258be07dc8fc7ac4297f89a4de7b63fcf2e09937f0ed298", "091f71db383670a6815d3f57e5075000fc6fd016bc4823be5e7ae16bb53267a9", "c74083c017fd115c3319f21234010c73650be020a95818b18aaca1b5902d73d8", "0d7c8955acc824a085be5d45102c510212ca6c5f4df5fad897ee2d5923d34a1f", "4d923330bfbba1410ba2e553ac6da20068c2714fc9405a76b64a35e5a5f3db14", "4056a5fa6b1b28126a3ffbeb4d8a2a046ed8017e49ab1941c64bb913dc9a6ace", "55704fcf179904208e18ae3000599ae04869d57530fbb388f8e6aa37353e344c", "eb95741a6ee9008efada291453ae1343a66d0eaa868b5554b6741d3d2a0dbd1a", "e4be229930351810431bc7c946fe36242e6e9f4c753578585c64fa1aebc09179", "856b831b3f7ada0bb31ade63f755c35f7f4f381a956956052fff69e8119815ee", "ebfe801ee7ba2cfaa5b89359dff445569ec7883064d1bfa9f2a6cfb5394fe841", "7781a10e637ee035b26e363c178fbcf9e07d30a32444b50b00c715376388f6e2", "593d96413956b2ac7f3ac3cc7b9d5b106c480f8aa587789c48c77f43e15dccb3", "1cc720425d2994b10536284c18e4a9e255ee5ea7ba21e6e6cafaf00310207a80", "342e45c1360a96d5b87847db6b3c85ef79bfda78c9f53a67a15424df91d78554", "08a7b276706517d28c3885c812f89b57549af4be14fe07059fc6f4651625f091", "f0165180238c73a0fcdb1f9ec4142a3d98054a613373d1e67ce22dcbe53c7b08", "bcb55a2df28a554fa12c514979c2080cb4244ee171686b8f910ce70a7f1f513e"], "mitre_attack_tags": ["TA0011", "T1008"]}, {"bi": "network-dns-category-parked-domain", "hashes": ["6da3c0667c67bb53ada30dfc2fa6dac45ee5b56197515d0c083ea155a893730f", "14b6836f41d60a28868dc0fcd758b7a23b86a9d7b5f08fc463de6ed950a737d1", "8b9781057d5595fee84b6c45830ecb83fc0f261d6d9ba73b066f3c4b9c7f2c88", "cadc40ac3e45eafe1977416e6bc4dd159ba74dd4becf5e177cdc6be9906c388e", "54f5f3b8f9310dfee013917c10d88dff4c524aa406e758c067e6ded17840834f", "be38aa13642e482adcf749e2cea5507e7942255e1b31c7c455c356dea793189f", "eda4243c382593841fa5ee68b3ecf0c4d307a1b1cd01f6081bdf93373383a19b", "446ea4991b5630082258be07dc8fc7ac4297f89a4de7b63fcf2e09937f0ed298", "091f71db383670a6815d3f57e5075000fc6fd016bc4823be5e7ae16bb53267a9", "c74083c017fd115c3319f21234010c73650be020a95818b18aaca1b5902d73d8", "0d7c8955acc824a085be5d45102c510212ca6c5f4df5fad897ee2d5923d34a1f", "4d923330bfbba1410ba2e553ac6da20068c2714fc9405a76b64a35e5a5f3db14", "4056a5fa6b1b28126a3ffbeb4d8a2a046ed8017e49ab1941c64bb913dc9a6ace", "55704fcf179904208e18ae3000599ae04869d57530fbb388f8e6aa37353e344c", "eb95741a6ee9008efada291453ae1343a66d0eaa868b5554b6741d3d2a0dbd1a", "e4be229930351810431bc7c946fe36242e6e9f4c753578585c64fa1aebc09179", "856b831b3f7ada0bb31ade63f755c35f7f4f381a956956052fff69e8119815ee", "ebfe801ee7ba2cfaa5b89359dff445569ec7883064d1bfa9f2a6cfb5394fe841", "7781a10e637ee035b26e363c178fbcf9e07d30a32444b50b00c715376388f6e2", "593d96413956b2ac7f3ac3cc7b9d5b106c480f8aa587789c48c77f43e15dccb3", "1cc720425d2994b10536284c18e4a9e255ee5ea7ba21e6e6cafaf00310207a80", "342e45c1360a96d5b87847db6b3c85ef79bfda78c9f53a67a15424df91d78554", "08a7b276706517d28c3885c812f89b57549af4be14fe07059fc6f4651625f091", "f0165180238c73a0fcdb1f9ec4142a3d98054a613373d1e67ce22dcbe53c7b08", "bcb55a2df28a554fa12c514979c2080cb4244ee171686b8f910ce70a7f1f513e"], "mitre_attack_tags": []}, {"bi": "feed-domain-antivirus-service", "hashes": ["6da3c0667c67bb53ada30dfc2fa6dac45ee5b56197515d0c083ea155a893730f", "14b6836f41d60a28868dc0fcd758b7a23b86a9d7b5f08fc463de6ed950a737d1", "8b9781057d5595fee84b6c45830ecb83fc0f261d6d9ba73b066f3c4b9c7f2c88", "cadc40ac3e45eafe1977416e6bc4dd159ba74dd4becf5e177cdc6be9906c388e", "54f5f3b8f9310dfee013917c10d88dff4c524aa406e758c067e6ded17840834f", "be38aa13642e482adcf749e2cea5507e7942255e1b31c7c455c356dea793189f", "eda4243c382593841fa5ee68b3ecf0c4d307a1b1cd01f6081bdf93373383a19b", "446ea4991b5630082258be07dc8fc7ac4297f89a4de7b63fcf2e09937f0ed298", "091f71db383670a6815d3f57e5075000fc6fd016bc4823be5e7ae16bb53267a9", "c74083c017fd115c3319f21234010c73650be020a95818b18aaca1b5902d73d8", "0d7c8955acc824a085be5d45102c510212ca6c5f4df5fad897ee2d5923d34a1f", "4d923330bfbba1410ba2e553ac6da20068c2714fc9405a76b64a35e5a5f3db14", "4056a5fa6b1b28126a3ffbeb4d8a2a046ed8017e49ab1941c64bb913dc9a6ace", "55704fcf179904208e18ae3000599ae04869d57530fbb388f8e6aa37353e344c", "eb95741a6ee9008efada291453ae1343a66d0eaa868b5554b6741d3d2a0dbd1a", "e4be229930351810431bc7c946fe36242e6e9f4c753578585c64fa1aebc09179", "856b831b3f7ada0bb31ade63f755c35f7f4f381a956956052fff69e8119815ee", "ebfe801ee7ba2cfaa5b89359dff445569ec7883064d1bfa9f2a6cfb5394fe841", "7781a10e637ee035b26e363c178fbcf9e07d30a32444b50b00c715376388f6e2", "593d96413956b2ac7f3ac3cc7b9d5b106c480f8aa587789c48c77f43e15dccb3", "1cc720425d2994b10536284c18e4a9e255ee5ea7ba21e6e6cafaf00310207a80", "342e45c1360a96d5b87847db6b3c85ef79bfda78c9f53a67a15424df91d78554", "08a7b276706517d28c3885c812f89b57549af4be14fe07059fc6f4651625f091", "f0165180238c73a0fcdb1f9ec4142a3d98054a613373d1e67ce22dcbe53c7b08", "bcb55a2df28a554fa12c514979c2080cb4244ee171686b8f910ce70a7f1f513e"], "mitre_attack_tags": []}, {"bi": "registry-autorun-key-modified", "hashes": ["6da3c0667c67bb53ada30dfc2fa6dac45ee5b56197515d0c083ea155a893730f", "14b6836f41d60a28868dc0fcd758b7a23b86a9d7b5f08fc463de6ed950a737d1", "8b9781057d5595fee84b6c45830ecb83fc0f261d6d9ba73b066f3c4b9c7f2c88", "cadc40ac3e45eafe1977416e6bc4dd159ba74dd4becf5e177cdc6be9906c388e", "54f5f3b8f9310dfee013917c10d88dff4c524aa406e758c067e6ded17840834f", "be38aa13642e482adcf749e2cea5507e7942255e1b31c7c455c356dea793189f", "eda4243c382593841fa5ee68b3ecf0c4d307a1b1cd01f6081bdf93373383a19b", "446ea4991b5630082258be07dc8fc7ac4297f89a4de7b63fcf2e09937f0ed298", "091f71db383670a6815d3f57e5075000fc6fd016bc4823be5e7ae16bb53267a9", "c74083c017fd115c3319f21234010c73650be020a95818b18aaca1b5902d73d8", "0d7c8955acc824a085be5d45102c510212ca6c5f4df5fad897ee2d5923d34a1f", "4d923330bfbba1410ba2e553ac6da20068c2714fc9405a76b64a35e5a5f3db14", "4056a5fa6b1b28126a3ffbeb4d8a2a046ed8017e49ab1941c64bb913dc9a6ace", "55704fcf179904208e18ae3000599ae04869d57530fbb388f8e6aa37353e344c", "eb95741a6ee9008efada291453ae1343a66d0eaa868b5554b6741d3d2a0dbd1a", "e4be229930351810431bc7c946fe36242e6e9f4c753578585c64fa1aebc09179", "856b831b3f7ada0bb31ade63f755c35f7f4f381a956956052fff69e8119815ee", "ebfe801ee7ba2cfaa5b89359dff445569ec7883064d1bfa9f2a6cfb5394fe841", "7781a10e637ee035b26e363c178fbcf9e07d30a32444b50b00c715376388f6e2", "593d96413956b2ac7f3ac3cc7b9d5b106c480f8aa587789c48c77f43e15dccb3", "1cc720425d2994b10536284c18e4a9e255ee5ea7ba21e6e6cafaf00310207a80", "342e45c1360a96d5b87847db6b3c85ef79bfda78c9f53a67a15424df91d78554", "08a7b276706517d28c3885c812f89b57549af4be14fe07059fc6f4651625f091", "f0165180238c73a0fcdb1f9ec4142a3d98054a613373d1e67ce22dcbe53c7b08", "bcb55a2df28a554fa12c514979c2080cb4244ee171686b8f910ce70a7f1f513e"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "network-dns-upload-file", "hashes": ["6da3c0667c67bb53ada30dfc2fa6dac45ee5b56197515d0c083ea155a893730f", "14b6836f41d60a28868dc0fcd758b7a23b86a9d7b5f08fc463de6ed950a737d1", "8b9781057d5595fee84b6c45830ecb83fc0f261d6d9ba73b066f3c4b9c7f2c88", "cadc40ac3e45eafe1977416e6bc4dd159ba74dd4becf5e177cdc6be9906c388e", "54f5f3b8f9310dfee013917c10d88dff4c524aa406e758c067e6ded17840834f", "be38aa13642e482adcf749e2cea5507e7942255e1b31c7c455c356dea793189f", "eda4243c382593841fa5ee68b3ecf0c4d307a1b1cd01f6081bdf93373383a19b", "446ea4991b5630082258be07dc8fc7ac4297f89a4de7b63fcf2e09937f0ed298", "091f71db383670a6815d3f57e5075000fc6fd016bc4823be5e7ae16bb53267a9", "c74083c017fd115c3319f21234010c73650be020a95818b18aaca1b5902d73d8", "0d7c8955acc824a085be5d45102c510212ca6c5f4df5fad897ee2d5923d34a1f", "4d923330bfbba1410ba2e553ac6da20068c2714fc9405a76b64a35e5a5f3db14", "4056a5fa6b1b28126a3ffbeb4d8a2a046ed8017e49ab1941c64bb913dc9a6ace", "55704fcf179904208e18ae3000599ae04869d57530fbb388f8e6aa37353e344c", "eb95741a6ee9008efada291453ae1343a66d0eaa868b5554b6741d3d2a0dbd1a", "e4be229930351810431bc7c946fe36242e6e9f4c753578585c64fa1aebc09179", "856b831b3f7ada0bb31ade63f755c35f7f4f381a956956052fff69e8119815ee", "ebfe801ee7ba2cfaa5b89359dff445569ec7883064d1bfa9f2a6cfb5394fe841", "7781a10e637ee035b26e363c178fbcf9e07d30a32444b50b00c715376388f6e2", "593d96413956b2ac7f3ac3cc7b9d5b106c480f8aa587789c48c77f43e15dccb3", "1cc720425d2994b10536284c18e4a9e255ee5ea7ba21e6e6cafaf00310207a80", "342e45c1360a96d5b87847db6b3c85ef79bfda78c9f53a67a15424df91d78554", "08a7b276706517d28c3885c812f89b57549af4be14fe07059fc6f4651625f091", "f0165180238c73a0fcdb1f9ec4142a3d98054a613373d1e67ce22dcbe53c7b08", "bcb55a2df28a554fa12c514979c2080cb4244ee171686b8f910ce70a7f1f513e"], "mitre_attack_tags": []}, {"bi": "imports-IsDebuggerPresent", "hashes": ["6da3c0667c67bb53ada30dfc2fa6dac45ee5b56197515d0c083ea155a893730f", "14b6836f41d60a28868dc0fcd758b7a23b86a9d7b5f08fc463de6ed950a737d1", "8b9781057d5595fee84b6c45830ecb83fc0f261d6d9ba73b066f3c4b9c7f2c88", "cadc40ac3e45eafe1977416e6bc4dd159ba74dd4becf5e177cdc6be9906c388e", "54f5f3b8f9310dfee013917c10d88dff4c524aa406e758c067e6ded17840834f", "be38aa13642e482adcf749e2cea5507e7942255e1b31c7c455c356dea793189f", "eda4243c382593841fa5ee68b3ecf0c4d307a1b1cd01f6081bdf93373383a19b", "446ea4991b5630082258be07dc8fc7ac4297f89a4de7b63fcf2e09937f0ed298", "091f71db383670a6815d3f57e5075000fc6fd016bc4823be5e7ae16bb53267a9", "c74083c017fd115c3319f21234010c73650be020a95818b18aaca1b5902d73d8", "0d7c8955acc824a085be5d45102c510212ca6c5f4df5fad897ee2d5923d34a1f", "4d923330bfbba1410ba2e553ac6da20068c2714fc9405a76b64a35e5a5f3db14", "4056a5fa6b1b28126a3ffbeb4d8a2a046ed8017e49ab1941c64bb913dc9a6ace", "55704fcf179904208e18ae3000599ae04869d57530fbb388f8e6aa37353e344c", "eb95741a6ee9008efada291453ae1343a66d0eaa868b5554b6741d3d2a0dbd1a", "e4be229930351810431bc7c946fe36242e6e9f4c753578585c64fa1aebc09179", "856b831b3f7ada0bb31ade63f755c35f7f4f381a956956052fff69e8119815ee", "ebfe801ee7ba2cfaa5b89359dff445569ec7883064d1bfa9f2a6cfb5394fe841", "7781a10e637ee035b26e363c178fbcf9e07d30a32444b50b00c715376388f6e2", "593d96413956b2ac7f3ac3cc7b9d5b106c480f8aa587789c48c77f43e15dccb3", "1cc720425d2994b10536284c18e4a9e255ee5ea7ba21e6e6cafaf00310207a80", "342e45c1360a96d5b87847db6b3c85ef79bfda78c9f53a67a15424df91d78554", "08a7b276706517d28c3885c812f89b57549af4be14fe07059fc6f4651625f091", "f0165180238c73a0fcdb1f9ec4142a3d98054a613373d1e67ce22dcbe53c7b08", "bcb55a2df28a554fa12c514979c2080cb4244ee171686b8f910ce70a7f1f513e"], "mitre_attack_tags": ["TA0005", "TA0007"]}, {"bi": "registry-autorun-key-modified-nt", "hashes": ["6da3c0667c67bb53ada30dfc2fa6dac45ee5b56197515d0c083ea155a893730f", "14b6836f41d60a28868dc0fcd758b7a23b86a9d7b5f08fc463de6ed950a737d1", "8b9781057d5595fee84b6c45830ecb83fc0f261d6d9ba73b066f3c4b9c7f2c88", "cadc40ac3e45eafe1977416e6bc4dd159ba74dd4becf5e177cdc6be9906c388e", "54f5f3b8f9310dfee013917c10d88dff4c524aa406e758c067e6ded17840834f", "be38aa13642e482adcf749e2cea5507e7942255e1b31c7c455c356dea793189f", "eda4243c382593841fa5ee68b3ecf0c4d307a1b1cd01f6081bdf93373383a19b", "446ea4991b5630082258be07dc8fc7ac4297f89a4de7b63fcf2e09937f0ed298", "091f71db383670a6815d3f57e5075000fc6fd016bc4823be5e7ae16bb53267a9", "c74083c017fd115c3319f21234010c73650be020a95818b18aaca1b5902d73d8", "0d7c8955acc824a085be5d45102c510212ca6c5f4df5fad897ee2d5923d34a1f", "4d923330bfbba1410ba2e553ac6da20068c2714fc9405a76b64a35e5a5f3db14", "4056a5fa6b1b28126a3ffbeb4d8a2a046ed8017e49ab1941c64bb913dc9a6ace", "55704fcf179904208e18ae3000599ae04869d57530fbb388f8e6aa37353e344c", "eb95741a6ee9008efada291453ae1343a66d0eaa868b5554b6741d3d2a0dbd1a", "e4be229930351810431bc7c946fe36242e6e9f4c753578585c64fa1aebc09179", "856b831b3f7ada0bb31ade63f755c35f7f4f381a956956052fff69e8119815ee", "ebfe801ee7ba2cfaa5b89359dff445569ec7883064d1bfa9f2a6cfb5394fe841", "7781a10e637ee035b26e363c178fbcf9e07d30a32444b50b00c715376388f6e2", "593d96413956b2ac7f3ac3cc7b9d5b106c480f8aa587789c48c77f43e15dccb3", "1cc720425d2994b10536284c18e4a9e255ee5ea7ba21e6e6cafaf00310207a80", "342e45c1360a96d5b87847db6b3c85ef79bfda78c9f53a67a15424df91d78554", "08a7b276706517d28c3885c812f89b57549af4be14fe07059fc6f4651625f091", "f0165180238c73a0fcdb1f9ec4142a3d98054a613373d1e67ce22dcbe53c7b08", "bcb55a2df28a554fa12c514979c2080cb4244ee171686b8f910ce70a7f1f513e"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "pe-imports-psapi-dll", "hashes": ["6da3c0667c67bb53ada30dfc2fa6dac45ee5b56197515d0c083ea155a893730f", "14b6836f41d60a28868dc0fcd758b7a23b86a9d7b5f08fc463de6ed950a737d1", "8b9781057d5595fee84b6c45830ecb83fc0f261d6d9ba73b066f3c4b9c7f2c88", "cadc40ac3e45eafe1977416e6bc4dd159ba74dd4becf5e177cdc6be9906c388e", "54f5f3b8f9310dfee013917c10d88dff4c524aa406e758c067e6ded17840834f", "be38aa13642e482adcf749e2cea5507e7942255e1b31c7c455c356dea793189f", "eda4243c382593841fa5ee68b3ecf0c4d307a1b1cd01f6081bdf93373383a19b", "446ea4991b5630082258be07dc8fc7ac4297f89a4de7b63fcf2e09937f0ed298", "091f71db383670a6815d3f57e5075000fc6fd016bc4823be5e7ae16bb53267a9", "c74083c017fd115c3319f21234010c73650be020a95818b18aaca1b5902d73d8", "0d7c8955acc824a085be5d45102c510212ca6c5f4df5fad897ee2d5923d34a1f", "4d923330bfbba1410ba2e553ac6da20068c2714fc9405a76b64a35e5a5f3db14", "4056a5fa6b1b28126a3ffbeb4d8a2a046ed8017e49ab1941c64bb913dc9a6ace", "55704fcf179904208e18ae3000599ae04869d57530fbb388f8e6aa37353e344c", "eb95741a6ee9008efada291453ae1343a66d0eaa868b5554b6741d3d2a0dbd1a", "e4be229930351810431bc7c946fe36242e6e9f4c753578585c64fa1aebc09179", "856b831b3f7ada0bb31ade63f755c35f7f4f381a956956052fff69e8119815ee", "ebfe801ee7ba2cfaa5b89359dff445569ec7883064d1bfa9f2a6cfb5394fe841", "7781a10e637ee035b26e363c178fbcf9e07d30a32444b50b00c715376388f6e2", "593d96413956b2ac7f3ac3cc7b9d5b106c480f8aa587789c48c77f43e15dccb3", "1cc720425d2994b10536284c18e4a9e255ee5ea7ba21e6e6cafaf00310207a80", "342e45c1360a96d5b87847db6b3c85ef79bfda78c9f53a67a15424df91d78554", "08a7b276706517d28c3885c812f89b57549af4be14fe07059fc6f4651625f091", "f0165180238c73a0fcdb1f9ec4142a3d98054a613373d1e67ce22dcbe53c7b08", "bcb55a2df28a554fa12c514979c2080cb4244ee171686b8f910ce70a7f1f513e"], "mitre_attack_tags": ["TA0007", "T1057"]}, {"bi": "network-dns-category-cnc", "hashes": ["6da3c0667c67bb53ada30dfc2fa6dac45ee5b56197515d0c083ea155a893730f", "14b6836f41d60a28868dc0fcd758b7a23b86a9d7b5f08fc463de6ed950a737d1", "8b9781057d5595fee84b6c45830ecb83fc0f261d6d9ba73b066f3c4b9c7f2c88", "cadc40ac3e45eafe1977416e6bc4dd159ba74dd4becf5e177cdc6be9906c388e", "54f5f3b8f9310dfee013917c10d88dff4c524aa406e758c067e6ded17840834f", "be38aa13642e482adcf749e2cea5507e7942255e1b31c7c455c356dea793189f", "eda4243c382593841fa5ee68b3ecf0c4d307a1b1cd01f6081bdf93373383a19b", "446ea4991b5630082258be07dc8fc7ac4297f89a4de7b63fcf2e09937f0ed298", "091f71db383670a6815d3f57e5075000fc6fd016bc4823be5e7ae16bb53267a9", "c74083c017fd115c3319f21234010c73650be020a95818b18aaca1b5902d73d8", "0d7c8955acc824a085be5d45102c510212ca6c5f4df5fad897ee2d5923d34a1f", "4d923330bfbba1410ba2e553ac6da20068c2714fc9405a76b64a35e5a5f3db14", "4056a5fa6b1b28126a3ffbeb4d8a2a046ed8017e49ab1941c64bb913dc9a6ace", "55704fcf179904208e18ae3000599ae04869d57530fbb388f8e6aa37353e344c", "eb95741a6ee9008efada291453ae1343a66d0eaa868b5554b6741d3d2a0dbd1a", "e4be229930351810431bc7c946fe36242e6e9f4c753578585c64fa1aebc09179", "856b831b3f7ada0bb31ade63f755c35f7f4f381a956956052fff69e8119815ee", "ebfe801ee7ba2cfaa5b89359dff445569ec7883064d1bfa9f2a6cfb5394fe841", "7781a10e637ee035b26e363c178fbcf9e07d30a32444b50b00c715376388f6e2", "593d96413956b2ac7f3ac3cc7b9d5b106c480f8aa587789c48c77f43e15dccb3", "1cc720425d2994b10536284c18e4a9e255ee5ea7ba21e6e6cafaf00310207a80", "342e45c1360a96d5b87847db6b3c85ef79bfda78c9f53a67a15424df91d78554", "08a7b276706517d28c3885c812f89b57549af4be14fe07059fc6f4651625f091", "f0165180238c73a0fcdb1f9ec4142a3d98054a613373d1e67ce22dcbe53c7b08", "bcb55a2df28a554fa12c514979c2080cb4244ee171686b8f910ce70a7f1f513e"], "mitre_attack_tags": ["TA0011"]}, {"bi": "registry-winlogon-key-modified-nt", "hashes": ["6da3c0667c67bb53ada30dfc2fa6dac45ee5b56197515d0c083ea155a893730f", "14b6836f41d60a28868dc0fcd758b7a23b86a9d7b5f08fc463de6ed950a737d1", "8b9781057d5595fee84b6c45830ecb83fc0f261d6d9ba73b066f3c4b9c7f2c88", "cadc40ac3e45eafe1977416e6bc4dd159ba74dd4becf5e177cdc6be9906c388e", "54f5f3b8f9310dfee013917c10d88dff4c524aa406e758c067e6ded17840834f", "be38aa13642e482adcf749e2cea5507e7942255e1b31c7c455c356dea793189f", "eda4243c382593841fa5ee68b3ecf0c4d307a1b1cd01f6081bdf93373383a19b", "446ea4991b5630082258be07dc8fc7ac4297f89a4de7b63fcf2e09937f0ed298", "091f71db383670a6815d3f57e5075000fc6fd016bc4823be5e7ae16bb53267a9", "c74083c017fd115c3319f21234010c73650be020a95818b18aaca1b5902d73d8", "0d7c8955acc824a085be5d45102c510212ca6c5f4df5fad897ee2d5923d34a1f", "4d923330bfbba1410ba2e553ac6da20068c2714fc9405a76b64a35e5a5f3db14", "4056a5fa6b1b28126a3ffbeb4d8a2a046ed8017e49ab1941c64bb913dc9a6ace", "55704fcf179904208e18ae3000599ae04869d57530fbb388f8e6aa37353e344c", "eb95741a6ee9008efada291453ae1343a66d0eaa868b5554b6741d3d2a0dbd1a", "e4be229930351810431bc7c946fe36242e6e9f4c753578585c64fa1aebc09179", "856b831b3f7ada0bb31ade63f755c35f7f4f381a956956052fff69e8119815ee", "ebfe801ee7ba2cfaa5b89359dff445569ec7883064d1bfa9f2a6cfb5394fe841", "7781a10e637ee035b26e363c178fbcf9e07d30a32444b50b00c715376388f6e2", "593d96413956b2ac7f3ac3cc7b9d5b106c480f8aa587789c48c77f43e15dccb3", "1cc720425d2994b10536284c18e4a9e255ee5ea7ba21e6e6cafaf00310207a80", "342e45c1360a96d5b87847db6b3c85ef79bfda78c9f53a67a15424df91d78554", "08a7b276706517d28c3885c812f89b57549af4be14fe07059fc6f4651625f091", "f0165180238c73a0fcdb1f9ec4142a3d98054a613373d1e67ce22dcbe53c7b08", "bcb55a2df28a554fa12c514979c2080cb4244ee171686b8f910ce70a7f1f513e"], "mitre_attack_tags": ["TA0005", "TA0003", "TA0004", "T1112", "T1547"]}, {"bi": "pe-imports-toolhelp", "hashes": ["6da3c0667c67bb53ada30dfc2fa6dac45ee5b56197515d0c083ea155a893730f", "14b6836f41d60a28868dc0fcd758b7a23b86a9d7b5f08fc463de6ed950a737d1", "8b9781057d5595fee84b6c45830ecb83fc0f261d6d9ba73b066f3c4b9c7f2c88", "cadc40ac3e45eafe1977416e6bc4dd159ba74dd4becf5e177cdc6be9906c388e", "54f5f3b8f9310dfee013917c10d88dff4c524aa406e758c067e6ded17840834f", "be38aa13642e482adcf749e2cea5507e7942255e1b31c7c455c356dea793189f", "eda4243c382593841fa5ee68b3ecf0c4d307a1b1cd01f6081bdf93373383a19b", "446ea4991b5630082258be07dc8fc7ac4297f89a4de7b63fcf2e09937f0ed298", "091f71db383670a6815d3f57e5075000fc6fd016bc4823be5e7ae16bb53267a9", "c74083c017fd115c3319f21234010c73650be020a95818b18aaca1b5902d73d8", "0d7c8955acc824a085be5d45102c510212ca6c5f4df5fad897ee2d5923d34a1f", "4d923330bfbba1410ba2e553ac6da20068c2714fc9405a76b64a35e5a5f3db14", "4056a5fa6b1b28126a3ffbeb4d8a2a046ed8017e49ab1941c64bb913dc9a6ace", "55704fcf179904208e18ae3000599ae04869d57530fbb388f8e6aa37353e344c", "eb95741a6ee9008efada291453ae1343a66d0eaa868b5554b6741d3d2a0dbd1a", "e4be229930351810431bc7c946fe36242e6e9f4c753578585c64fa1aebc09179", "856b831b3f7ada0bb31ade63f755c35f7f4f381a956956052fff69e8119815ee", "ebfe801ee7ba2cfaa5b89359dff445569ec7883064d1bfa9f2a6cfb5394fe841", "7781a10e637ee035b26e363c178fbcf9e07d30a32444b50b00c715376388f6e2", "593d96413956b2ac7f3ac3cc7b9d5b106c480f8aa587789c48c77f43e15dccb3", "1cc720425d2994b10536284c18e4a9e255ee5ea7ba21e6e6cafaf00310207a80", "342e45c1360a96d5b87847db6b3c85ef79bfda78c9f53a67a15424df91d78554", "08a7b276706517d28c3885c812f89b57549af4be14fe07059fc6f4651625f091", "f0165180238c73a0fcdb1f9ec4142a3d98054a613373d1e67ce22dcbe53c7b08", "bcb55a2df28a554fa12c514979c2080cb4244ee171686b8f910ce70a7f1f513e"], "mitre_attack_tags": ["TA0007", "T1057"]}, {"bi": "pe-dos-header-paragraphs", "hashes": ["6da3c0667c67bb53ada30dfc2fa6dac45ee5b56197515d0c083ea155a893730f", "14b6836f41d60a28868dc0fcd758b7a23b86a9d7b5f08fc463de6ed950a737d1", "8b9781057d5595fee84b6c45830ecb83fc0f261d6d9ba73b066f3c4b9c7f2c88", "cadc40ac3e45eafe1977416e6bc4dd159ba74dd4becf5e177cdc6be9906c388e", "54f5f3b8f9310dfee013917c10d88dff4c524aa406e758c067e6ded17840834f", "be38aa13642e482adcf749e2cea5507e7942255e1b31c7c455c356dea793189f", "eda4243c382593841fa5ee68b3ecf0c4d307a1b1cd01f6081bdf93373383a19b", "446ea4991b5630082258be07dc8fc7ac4297f89a4de7b63fcf2e09937f0ed298", "091f71db383670a6815d3f57e5075000fc6fd016bc4823be5e7ae16bb53267a9", "c74083c017fd115c3319f21234010c73650be020a95818b18aaca1b5902d73d8", "0d7c8955acc824a085be5d45102c510212ca6c5f4df5fad897ee2d5923d34a1f", "4d923330bfbba1410ba2e553ac6da20068c2714fc9405a76b64a35e5a5f3db14", "4056a5fa6b1b28126a3ffbeb4d8a2a046ed8017e49ab1941c64bb913dc9a6ace", "55704fcf179904208e18ae3000599ae04869d57530fbb388f8e6aa37353e344c", "eb95741a6ee9008efada291453ae1343a66d0eaa868b5554b6741d3d2a0dbd1a", "e4be229930351810431bc7c946fe36242e6e9f4c753578585c64fa1aebc09179", "856b831b3f7ada0bb31ade63f755c35f7f4f381a956956052fff69e8119815ee", "ebfe801ee7ba2cfaa5b89359dff445569ec7883064d1bfa9f2a6cfb5394fe841", "7781a10e637ee035b26e363c178fbcf9e07d30a32444b50b00c715376388f6e2", "593d96413956b2ac7f3ac3cc7b9d5b106c480f8aa587789c48c77f43e15dccb3", "1cc720425d2994b10536284c18e4a9e255ee5ea7ba21e6e6cafaf00310207a80", "342e45c1360a96d5b87847db6b3c85ef79bfda78c9f53a67a15424df91d78554", "08a7b276706517d28c3885c812f89b57549af4be14fe07059fc6f4651625f091", "f0165180238c73a0fcdb1f9ec4142a3d98054a613373d1e67ce22dcbe53c7b08", "bcb55a2df28a554fa12c514979c2080cb4244ee171686b8f910ce70a7f1f513e"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "html-redirect", "hashes": ["6da3c0667c67bb53ada30dfc2fa6dac45ee5b56197515d0c083ea155a893730f", "14b6836f41d60a28868dc0fcd758b7a23b86a9d7b5f08fc463de6ed950a737d1", "8b9781057d5595fee84b6c45830ecb83fc0f261d6d9ba73b066f3c4b9c7f2c88", "cadc40ac3e45eafe1977416e6bc4dd159ba74dd4becf5e177cdc6be9906c388e", "54f5f3b8f9310dfee013917c10d88dff4c524aa406e758c067e6ded17840834f", "be38aa13642e482adcf749e2cea5507e7942255e1b31c7c455c356dea793189f", "eda4243c382593841fa5ee68b3ecf0c4d307a1b1cd01f6081bdf93373383a19b", "446ea4991b5630082258be07dc8fc7ac4297f89a4de7b63fcf2e09937f0ed298", "091f71db383670a6815d3f57e5075000fc6fd016bc4823be5e7ae16bb53267a9", "c74083c017fd115c3319f21234010c73650be020a95818b18aaca1b5902d73d8", "0d7c8955acc824a085be5d45102c510212ca6c5f4df5fad897ee2d5923d34a1f", "4d923330bfbba1410ba2e553ac6da20068c2714fc9405a76b64a35e5a5f3db14", "4056a5fa6b1b28126a3ffbeb4d8a2a046ed8017e49ab1941c64bb913dc9a6ace", "55704fcf179904208e18ae3000599ae04869d57530fbb388f8e6aa37353e344c", "eb95741a6ee9008efada291453ae1343a66d0eaa868b5554b6741d3d2a0dbd1a", "e4be229930351810431bc7c946fe36242e6e9f4c753578585c64fa1aebc09179", "856b831b3f7ada0bb31ade63f755c35f7f4f381a956956052fff69e8119815ee", "ebfe801ee7ba2cfaa5b89359dff445569ec7883064d1bfa9f2a6cfb5394fe841", "7781a10e637ee035b26e363c178fbcf9e07d30a32444b50b00c715376388f6e2", "593d96413956b2ac7f3ac3cc7b9d5b106c480f8aa587789c48c77f43e15dccb3", "1cc720425d2994b10536284c18e4a9e255ee5ea7ba21e6e6cafaf00310207a80", "342e45c1360a96d5b87847db6b3c85ef79bfda78c9f53a67a15424df91d78554", "08a7b276706517d28c3885c812f89b57549af4be14fe07059fc6f4651625f091", "f0165180238c73a0fcdb1f9ec4142a3d98054a613373d1e67ce22dcbe53c7b08", "bcb55a2df28a554fa12c514979c2080cb4244ee171686b8f910ce70a7f1f513e"], "mitre_attack_tags": ["TA0001", "T1189"]}, {"bi": "html-js-uses-eval", "hashes": ["6da3c0667c67bb53ada30dfc2fa6dac45ee5b56197515d0c083ea155a893730f", "14b6836f41d60a28868dc0fcd758b7a23b86a9d7b5f08fc463de6ed950a737d1", "8b9781057d5595fee84b6c45830ecb83fc0f261d6d9ba73b066f3c4b9c7f2c88", "cadc40ac3e45eafe1977416e6bc4dd159ba74dd4becf5e177cdc6be9906c388e", "54f5f3b8f9310dfee013917c10d88dff4c524aa406e758c067e6ded17840834f", "be38aa13642e482adcf749e2cea5507e7942255e1b31c7c455c356dea793189f", "eda4243c382593841fa5ee68b3ecf0c4d307a1b1cd01f6081bdf93373383a19b", "446ea4991b5630082258be07dc8fc7ac4297f89a4de7b63fcf2e09937f0ed298", "091f71db383670a6815d3f57e5075000fc6fd016bc4823be5e7ae16bb53267a9", "c74083c017fd115c3319f21234010c73650be020a95818b18aaca1b5902d73d8", "0d7c8955acc824a085be5d45102c510212ca6c5f4df5fad897ee2d5923d34a1f", "4d923330bfbba1410ba2e553ac6da20068c2714fc9405a76b64a35e5a5f3db14", "4056a5fa6b1b28126a3ffbeb4d8a2a046ed8017e49ab1941c64bb913dc9a6ace", "55704fcf179904208e18ae3000599ae04869d57530fbb388f8e6aa37353e344c", "eb95741a6ee9008efada291453ae1343a66d0eaa868b5554b6741d3d2a0dbd1a", "e4be229930351810431bc7c946fe36242e6e9f4c753578585c64fa1aebc09179", "856b831b3f7ada0bb31ade63f755c35f7f4f381a956956052fff69e8119815ee", "ebfe801ee7ba2cfaa5b89359dff445569ec7883064d1bfa9f2a6cfb5394fe841", "7781a10e637ee035b26e363c178fbcf9e07d30a32444b50b00c715376388f6e2", "593d96413956b2ac7f3ac3cc7b9d5b106c480f8aa587789c48c77f43e15dccb3", "1cc720425d2994b10536284c18e4a9e255ee5ea7ba21e6e6cafaf00310207a80", "342e45c1360a96d5b87847db6b3c85ef79bfda78c9f53a67a15424df91d78554", "08a7b276706517d28c3885c812f89b57549af4be14fe07059fc6f4651625f091", "f0165180238c73a0fcdb1f9ec4142a3d98054a613373d1e67ce22dcbe53c7b08", "bcb55a2df28a554fa12c514979c2080cb4244ee171686b8f910ce70a7f1f513e"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "registry-winlogon-key-value-modified-to-userinit", "hashes": ["6da3c0667c67bb53ada30dfc2fa6dac45ee5b56197515d0c083ea155a893730f", "14b6836f41d60a28868dc0fcd758b7a23b86a9d7b5f08fc463de6ed950a737d1", "8b9781057d5595fee84b6c45830ecb83fc0f261d6d9ba73b066f3c4b9c7f2c88", "cadc40ac3e45eafe1977416e6bc4dd159ba74dd4becf5e177cdc6be9906c388e", "54f5f3b8f9310dfee013917c10d88dff4c524aa406e758c067e6ded17840834f", "be38aa13642e482adcf749e2cea5507e7942255e1b31c7c455c356dea793189f", "eda4243c382593841fa5ee68b3ecf0c4d307a1b1cd01f6081bdf93373383a19b", "446ea4991b5630082258be07dc8fc7ac4297f89a4de7b63fcf2e09937f0ed298", "091f71db383670a6815d3f57e5075000fc6fd016bc4823be5e7ae16bb53267a9", "c74083c017fd115c3319f21234010c73650be020a95818b18aaca1b5902d73d8", "0d7c8955acc824a085be5d45102c510212ca6c5f4df5fad897ee2d5923d34a1f", "4d923330bfbba1410ba2e553ac6da20068c2714fc9405a76b64a35e5a5f3db14", "4056a5fa6b1b28126a3ffbeb4d8a2a046ed8017e49ab1941c64bb913dc9a6ace", "55704fcf179904208e18ae3000599ae04869d57530fbb388f8e6aa37353e344c", "eb95741a6ee9008efada291453ae1343a66d0eaa868b5554b6741d3d2a0dbd1a", "e4be229930351810431bc7c946fe36242e6e9f4c753578585c64fa1aebc09179", "856b831b3f7ada0bb31ade63f755c35f7f4f381a956956052fff69e8119815ee", "ebfe801ee7ba2cfaa5b89359dff445569ec7883064d1bfa9f2a6cfb5394fe841", "7781a10e637ee035b26e363c178fbcf9e07d30a32444b50b00c715376388f6e2", "593d96413956b2ac7f3ac3cc7b9d5b106c480f8aa587789c48c77f43e15dccb3", "1cc720425d2994b10536284c18e4a9e255ee5ea7ba21e6e6cafaf00310207a80", "342e45c1360a96d5b87847db6b3c85ef79bfda78c9f53a67a15424df91d78554", "08a7b276706517d28c3885c812f89b57549af4be14fe07059fc6f4651625f091", "f0165180238c73a0fcdb1f9ec4142a3d98054a613373d1e67ce22dcbe53c7b08", "bcb55a2df28a554fa12c514979c2080cb4244ee171686b8f910ce70a7f1f513e"], "mitre_attack_tags": ["TA0005", "TA0003", "TA0004", "T1112", "T1547"]}, {"bi": "malware-shiz-mutex-detected", "hashes": ["6da3c0667c67bb53ada30dfc2fa6dac45ee5b56197515d0c083ea155a893730f", "14b6836f41d60a28868dc0fcd758b7a23b86a9d7b5f08fc463de6ed950a737d1", "8b9781057d5595fee84b6c45830ecb83fc0f261d6d9ba73b066f3c4b9c7f2c88", "cadc40ac3e45eafe1977416e6bc4dd159ba74dd4becf5e177cdc6be9906c388e", "54f5f3b8f9310dfee013917c10d88dff4c524aa406e758c067e6ded17840834f", "be38aa13642e482adcf749e2cea5507e7942255e1b31c7c455c356dea793189f", "eda4243c382593841fa5ee68b3ecf0c4d307a1b1cd01f6081bdf93373383a19b", "446ea4991b5630082258be07dc8fc7ac4297f89a4de7b63fcf2e09937f0ed298", "091f71db383670a6815d3f57e5075000fc6fd016bc4823be5e7ae16bb53267a9", "c74083c017fd115c3319f21234010c73650be020a95818b18aaca1b5902d73d8", "0d7c8955acc824a085be5d45102c510212ca6c5f4df5fad897ee2d5923d34a1f", "4d923330bfbba1410ba2e553ac6da20068c2714fc9405a76b64a35e5a5f3db14", "4056a5fa6b1b28126a3ffbeb4d8a2a046ed8017e49ab1941c64bb913dc9a6ace", "55704fcf179904208e18ae3000599ae04869d57530fbb388f8e6aa37353e344c", "eb95741a6ee9008efada291453ae1343a66d0eaa868b5554b6741d3d2a0dbd1a", "e4be229930351810431bc7c946fe36242e6e9f4c753578585c64fa1aebc09179", "856b831b3f7ada0bb31ade63f755c35f7f4f381a956956052fff69e8119815ee", "ebfe801ee7ba2cfaa5b89359dff445569ec7883064d1bfa9f2a6cfb5394fe841", "7781a10e637ee035b26e363c178fbcf9e07d30a32444b50b00c715376388f6e2", "593d96413956b2ac7f3ac3cc7b9d5b106c480f8aa587789c48c77f43e15dccb3", "1cc720425d2994b10536284c18e4a9e255ee5ea7ba21e6e6cafaf00310207a80", "342e45c1360a96d5b87847db6b3c85ef79bfda78c9f53a67a15424df91d78554", "08a7b276706517d28c3885c812f89b57549af4be14fe07059fc6f4651625f091", "f0165180238c73a0fcdb1f9ec4142a3d98054a613373d1e67ce22dcbe53c7b08", "bcb55a2df28a554fa12c514979c2080cb4244ee171686b8f910ce70a7f1f513e"], "mitre_attack_tags": []}, {"bi": "html-excessive-javascript-function-declaration", "hashes": ["6da3c0667c67bb53ada30dfc2fa6dac45ee5b56197515d0c083ea155a893730f", "14b6836f41d60a28868dc0fcd758b7a23b86a9d7b5f08fc463de6ed950a737d1", "8b9781057d5595fee84b6c45830ecb83fc0f261d6d9ba73b066f3c4b9c7f2c88", "cadc40ac3e45eafe1977416e6bc4dd159ba74dd4becf5e177cdc6be9906c388e", "54f5f3b8f9310dfee013917c10d88dff4c524aa406e758c067e6ded17840834f", "be38aa13642e482adcf749e2cea5507e7942255e1b31c7c455c356dea793189f", "eda4243c382593841fa5ee68b3ecf0c4d307a1b1cd01f6081bdf93373383a19b", "446ea4991b5630082258be07dc8fc7ac4297f89a4de7b63fcf2e09937f0ed298", "091f71db383670a6815d3f57e5075000fc6fd016bc4823be5e7ae16bb53267a9", "c74083c017fd115c3319f21234010c73650be020a95818b18aaca1b5902d73d8", "0d7c8955acc824a085be5d45102c510212ca6c5f4df5fad897ee2d5923d34a1f", "4d923330bfbba1410ba2e553ac6da20068c2714fc9405a76b64a35e5a5f3db14", "4056a5fa6b1b28126a3ffbeb4d8a2a046ed8017e49ab1941c64bb913dc9a6ace", "55704fcf179904208e18ae3000599ae04869d57530fbb388f8e6aa37353e344c", "eb95741a6ee9008efada291453ae1343a66d0eaa868b5554b6741d3d2a0dbd1a", "e4be229930351810431bc7c946fe36242e6e9f4c753578585c64fa1aebc09179", "856b831b3f7ada0bb31ade63f755c35f7f4f381a956956052fff69e8119815ee", "ebfe801ee7ba2cfaa5b89359dff445569ec7883064d1bfa9f2a6cfb5394fe841", "7781a10e637ee035b26e363c178fbcf9e07d30a32444b50b00c715376388f6e2", "593d96413956b2ac7f3ac3cc7b9d5b106c480f8aa587789c48c77f43e15dccb3", "1cc720425d2994b10536284c18e4a9e255ee5ea7ba21e6e6cafaf00310207a80", "342e45c1360a96d5b87847db6b3c85ef79bfda78c9f53a67a15424df91d78554", "08a7b276706517d28c3885c812f89b57549af4be14fe07059fc6f4651625f091", "f0165180238c73a0fcdb1f9ec4142a3d98054a613373d1e67ce22dcbe53c7b08", "bcb55a2df28a554fa12c514979c2080cb4244ee171686b8f910ce70a7f1f513e"], "mitre_attack_tags": ["TA0001", "T1566"]}, {"bi": "registry-autorun-key-points-to-temp", "hashes": ["6da3c0667c67bb53ada30dfc2fa6dac45ee5b56197515d0c083ea155a893730f", "14b6836f41d60a28868dc0fcd758b7a23b86a9d7b5f08fc463de6ed950a737d1", "8b9781057d5595fee84b6c45830ecb83fc0f261d6d9ba73b066f3c4b9c7f2c88", "cadc40ac3e45eafe1977416e6bc4dd159ba74dd4becf5e177cdc6be9906c388e", "54f5f3b8f9310dfee013917c10d88dff4c524aa406e758c067e6ded17840834f", "be38aa13642e482adcf749e2cea5507e7942255e1b31c7c455c356dea793189f", "eda4243c382593841fa5ee68b3ecf0c4d307a1b1cd01f6081bdf93373383a19b", "446ea4991b5630082258be07dc8fc7ac4297f89a4de7b63fcf2e09937f0ed298", "091f71db383670a6815d3f57e5075000fc6fd016bc4823be5e7ae16bb53267a9", "c74083c017fd115c3319f21234010c73650be020a95818b18aaca1b5902d73d8", "0d7c8955acc824a085be5d45102c510212ca6c5f4df5fad897ee2d5923d34a1f", "4d923330bfbba1410ba2e553ac6da20068c2714fc9405a76b64a35e5a5f3db14", "4056a5fa6b1b28126a3ffbeb4d8a2a046ed8017e49ab1941c64bb913dc9a6ace", "55704fcf179904208e18ae3000599ae04869d57530fbb388f8e6aa37353e344c", "eb95741a6ee9008efada291453ae1343a66d0eaa868b5554b6741d3d2a0dbd1a", "e4be229930351810431bc7c946fe36242e6e9f4c753578585c64fa1aebc09179", "856b831b3f7ada0bb31ade63f755c35f7f4f381a956956052fff69e8119815ee", "ebfe801ee7ba2cfaa5b89359dff445569ec7883064d1bfa9f2a6cfb5394fe841", "7781a10e637ee035b26e363c178fbcf9e07d30a32444b50b00c715376388f6e2", "593d96413956b2ac7f3ac3cc7b9d5b106c480f8aa587789c48c77f43e15dccb3", "1cc720425d2994b10536284c18e4a9e255ee5ea7ba21e6e6cafaf00310207a80", "342e45c1360a96d5b87847db6b3c85ef79bfda78c9f53a67a15424df91d78554", "08a7b276706517d28c3885c812f89b57549af4be14fe07059fc6f4651625f091", "f0165180238c73a0fcdb1f9ec4142a3d98054a613373d1e67ce22dcbe53c7b08", "bcb55a2df28a554fa12c514979c2080cb4244ee171686b8f910ce70a7f1f513e"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "html-login-php", "hashes": ["6da3c0667c67bb53ada30dfc2fa6dac45ee5b56197515d0c083ea155a893730f", "14b6836f41d60a28868dc0fcd758b7a23b86a9d7b5f08fc463de6ed950a737d1", "8b9781057d5595fee84b6c45830ecb83fc0f261d6d9ba73b066f3c4b9c7f2c88", "cadc40ac3e45eafe1977416e6bc4dd159ba74dd4becf5e177cdc6be9906c388e", "54f5f3b8f9310dfee013917c10d88dff4c524aa406e758c067e6ded17840834f", "be38aa13642e482adcf749e2cea5507e7942255e1b31c7c455c356dea793189f", "eda4243c382593841fa5ee68b3ecf0c4d307a1b1cd01f6081bdf93373383a19b", "446ea4991b5630082258be07dc8fc7ac4297f89a4de7b63fcf2e09937f0ed298", "091f71db383670a6815d3f57e5075000fc6fd016bc4823be5e7ae16bb53267a9", "c74083c017fd115c3319f21234010c73650be020a95818b18aaca1b5902d73d8", "0d7c8955acc824a085be5d45102c510212ca6c5f4df5fad897ee2d5923d34a1f", "4d923330bfbba1410ba2e553ac6da20068c2714fc9405a76b64a35e5a5f3db14", "4056a5fa6b1b28126a3ffbeb4d8a2a046ed8017e49ab1941c64bb913dc9a6ace", "55704fcf179904208e18ae3000599ae04869d57530fbb388f8e6aa37353e344c", "eb95741a6ee9008efada291453ae1343a66d0eaa868b5554b6741d3d2a0dbd1a", "e4be229930351810431bc7c946fe36242e6e9f4c753578585c64fa1aebc09179", "856b831b3f7ada0bb31ade63f755c35f7f4f381a956956052fff69e8119815ee", "ebfe801ee7ba2cfaa5b89359dff445569ec7883064d1bfa9f2a6cfb5394fe841", "7781a10e637ee035b26e363c178fbcf9e07d30a32444b50b00c715376388f6e2", "593d96413956b2ac7f3ac3cc7b9d5b106c480f8aa587789c48c77f43e15dccb3", "1cc720425d2994b10536284c18e4a9e255ee5ea7ba21e6e6cafaf00310207a80", "342e45c1360a96d5b87847db6b3c85ef79bfda78c9f53a67a15424df91d78554", "08a7b276706517d28c3885c812f89b57549af4be14fe07059fc6f4651625f091", "f0165180238c73a0fcdb1f9ec4142a3d98054a613373d1e67ce22dcbe53c7b08", "bcb55a2df28a554fa12c514979c2080cb4244ee171686b8f910ce70a7f1f513e"], "mitre_attack_tags": ["TA0009", "TA0006", "T1056"]}], "category": "Dropper", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": true, "Threat Grid": true, "Umbrella": true, "WSA": true}, "description": "Shiz is a remote access trojan that allows an attacker to access an infected machine in order to harvest sensitive information. It is commonly spread via droppers or by visiting a malicious site.", "hashes": ["08a7b276706517d28c3885c812f89b57549af4be14fe07059fc6f4651625f091", "091f71db383670a6815d3f57e5075000fc6fd016bc4823be5e7ae16bb53267a9", "0d7c8955acc824a085be5d45102c510212ca6c5f4df5fad897ee2d5923d34a1f", "14b6836f41d60a28868dc0fcd758b7a23b86a9d7b5f08fc463de6ed950a737d1", "1cc720425d2994b10536284c18e4a9e255ee5ea7ba21e6e6cafaf00310207a80", "342e45c1360a96d5b87847db6b3c85ef79bfda78c9f53a67a15424df91d78554", "4056a5fa6b1b28126a3ffbeb4d8a2a046ed8017e49ab1941c64bb913dc9a6ace", "446ea4991b5630082258be07dc8fc7ac4297f89a4de7b63fcf2e09937f0ed298", "4d923330bfbba1410ba2e553ac6da20068c2714fc9405a76b64a35e5a5f3db14", "54f5f3b8f9310dfee013917c10d88dff4c524aa406e758c067e6ded17840834f", "55704fcf179904208e18ae3000599ae04869d57530fbb388f8e6aa37353e344c", "593d96413956b2ac7f3ac3cc7b9d5b106c480f8aa587789c48c77f43e15dccb3", "6da3c0667c67bb53ada30dfc2fa6dac45ee5b56197515d0c083ea155a893730f", "7781a10e637ee035b26e363c178fbcf9e07d30a32444b50b00c715376388f6e2", "856b831b3f7ada0bb31ade63f755c35f7f4f381a956956052fff69e8119815ee", "8b9781057d5595fee84b6c45830ecb83fc0f261d6d9ba73b066f3c4b9c7f2c88", "bcb55a2df28a554fa12c514979c2080cb4244ee171686b8f910ce70a7f1f513e", "be38aa13642e482adcf749e2cea5507e7942255e1b31c7c455c356dea793189f", "c74083c017fd115c3319f21234010c73650be020a95818b18aaca1b5902d73d8", "cadc40ac3e45eafe1977416e6bc4dd159ba74dd4becf5e177cdc6be9906c388e", "e4be229930351810431bc7c946fe36242e6e9f4c753578585c64fa1aebc09179", "eb95741a6ee9008efada291453ae1343a66d0eaa868b5554b6741d3d2a0dbd1a", "ebfe801ee7ba2cfaa5b89359dff445569ec7883064d1bfa9f2a6cfb5394fe841", "eda4243c382593841fa5ee68b3ecf0c4d307a1b1cd01f6081bdf93373383a19b", "f0165180238c73a0fcdb1f9ec4142a3d98054a613373d1e67ce22dcbe53c7b08", "fb5653559e83a8b84202c215ac22fac731d2a80e0f6d8f9c6b474c02dc2556ec"], "iocs": {"domain": [{"hashes": ["08a7b276706517d28c3885c812f89b57549af4be14fe07059fc6f4651625f091", "091f71db383670a6815d3f57e5075000fc6fd016bc4823be5e7ae16bb53267a9", "0d7c8955acc824a085be5d45102c510212ca6c5f4df5fad897ee2d5923d34a1f", "14b6836f41d60a28868dc0fcd758b7a23b86a9d7b5f08fc463de6ed950a737d1", "1cc720425d2994b10536284c18e4a9e255ee5ea7ba21e6e6cafaf00310207a80", "342e45c1360a96d5b87847db6b3c85ef79bfda78c9f53a67a15424df91d78554", "4056a5fa6b1b28126a3ffbeb4d8a2a046ed8017e49ab1941c64bb913dc9a6ace", "446ea4991b5630082258be07dc8fc7ac4297f89a4de7b63fcf2e09937f0ed298", "4d923330bfbba1410ba2e553ac6da20068c2714fc9405a76b64a35e5a5f3db14", "54f5f3b8f9310dfee013917c10d88dff4c524aa406e758c067e6ded17840834f", "55704fcf179904208e18ae3000599ae04869d57530fbb388f8e6aa37353e344c", "593d96413956b2ac7f3ac3cc7b9d5b106c480f8aa587789c48c77f43e15dccb3", "6da3c0667c67bb53ada30dfc2fa6dac45ee5b56197515d0c083ea155a893730f", "7781a10e637ee035b26e363c178fbcf9e07d30a32444b50b00c715376388f6e2", "856b831b3f7ada0bb31ade63f755c35f7f4f381a956956052fff69e8119815ee", "8b9781057d5595fee84b6c45830ecb83fc0f261d6d9ba73b066f3c4b9c7f2c88", "bcb55a2df28a554fa12c514979c2080cb4244ee171686b8f910ce70a7f1f513e", "be38aa13642e482adcf749e2cea5507e7942255e1b31c7c455c356dea793189f", "c74083c017fd115c3319f21234010c73650be020a95818b18aaca1b5902d73d8", "cadc40ac3e45eafe1977416e6bc4dd159ba74dd4becf5e177cdc6be9906c388e", "e4be229930351810431bc7c946fe36242e6e9f4c753578585c64fa1aebc09179", "eb95741a6ee9008efada291453ae1343a66d0eaa868b5554b6741d3d2a0dbd1a", "ebfe801ee7ba2cfaa5b89359dff445569ec7883064d1bfa9f2a6cfb5394fe841", "eda4243c382593841fa5ee68b3ecf0c4d307a1b1cd01f6081bdf93373383a19b", "f0165180238c73a0fcdb1f9ec4142a3d98054a613373d1e67ce22dcbe53c7b08"], "host": "dikymezosaj[.]eu"}, {"hashes": ["08a7b276706517d28c3885c812f89b57549af4be14fe07059fc6f4651625f091", "091f71db383670a6815d3f57e5075000fc6fd016bc4823be5e7ae16bb53267a9", "0d7c8955acc824a085be5d45102c510212ca6c5f4df5fad897ee2d5923d34a1f", "14b6836f41d60a28868dc0fcd758b7a23b86a9d7b5f08fc463de6ed950a737d1", "1cc720425d2994b10536284c18e4a9e255ee5ea7ba21e6e6cafaf00310207a80", "342e45c1360a96d5b87847db6b3c85ef79bfda78c9f53a67a15424df91d78554", "4056a5fa6b1b28126a3ffbeb4d8a2a046ed8017e49ab1941c64bb913dc9a6ace", "446ea4991b5630082258be07dc8fc7ac4297f89a4de7b63fcf2e09937f0ed298", "4d923330bfbba1410ba2e553ac6da20068c2714fc9405a76b64a35e5a5f3db14", "54f5f3b8f9310dfee013917c10d88dff4c524aa406e758c067e6ded17840834f", "55704fcf179904208e18ae3000599ae04869d57530fbb388f8e6aa37353e344c", "593d96413956b2ac7f3ac3cc7b9d5b106c480f8aa587789c48c77f43e15dccb3", "6da3c0667c67bb53ada30dfc2fa6dac45ee5b56197515d0c083ea155a893730f", "7781a10e637ee035b26e363c178fbcf9e07d30a32444b50b00c715376388f6e2", "856b831b3f7ada0bb31ade63f755c35f7f4f381a956956052fff69e8119815ee", "8b9781057d5595fee84b6c45830ecb83fc0f261d6d9ba73b066f3c4b9c7f2c88", "bcb55a2df28a554fa12c514979c2080cb4244ee171686b8f910ce70a7f1f513e", "be38aa13642e482adcf749e2cea5507e7942255e1b31c7c455c356dea793189f", "c74083c017fd115c3319f21234010c73650be020a95818b18aaca1b5902d73d8", "cadc40ac3e45eafe1977416e6bc4dd159ba74dd4becf5e177cdc6be9906c388e", "e4be229930351810431bc7c946fe36242e6e9f4c753578585c64fa1aebc09179", "eb95741a6ee9008efada291453ae1343a66d0eaa868b5554b6741d3d2a0dbd1a", "ebfe801ee7ba2cfaa5b89359dff445569ec7883064d1bfa9f2a6cfb5394fe841", "eda4243c382593841fa5ee68b3ecf0c4d307a1b1cd01f6081bdf93373383a19b", "f0165180238c73a0fcdb1f9ec4142a3d98054a613373d1e67ce22dcbe53c7b08"], "host": "cileretirus[.]eu"}, {"hashes": ["08a7b276706517d28c3885c812f89b57549af4be14fe07059fc6f4651625f091", "091f71db383670a6815d3f57e5075000fc6fd016bc4823be5e7ae16bb53267a9", "0d7c8955acc824a085be5d45102c510212ca6c5f4df5fad897ee2d5923d34a1f", "14b6836f41d60a28868dc0fcd758b7a23b86a9d7b5f08fc463de6ed950a737d1", "1cc720425d2994b10536284c18e4a9e255ee5ea7ba21e6e6cafaf00310207a80", "342e45c1360a96d5b87847db6b3c85ef79bfda78c9f53a67a15424df91d78554", "4056a5fa6b1b28126a3ffbeb4d8a2a046ed8017e49ab1941c64bb913dc9a6ace", "446ea4991b5630082258be07dc8fc7ac4297f89a4de7b63fcf2e09937f0ed298", "4d923330bfbba1410ba2e553ac6da20068c2714fc9405a76b64a35e5a5f3db14", "54f5f3b8f9310dfee013917c10d88dff4c524aa406e758c067e6ded17840834f", "55704fcf179904208e18ae3000599ae04869d57530fbb388f8e6aa37353e344c", "593d96413956b2ac7f3ac3cc7b9d5b106c480f8aa587789c48c77f43e15dccb3", "6da3c0667c67bb53ada30dfc2fa6dac45ee5b56197515d0c083ea155a893730f", "7781a10e637ee035b26e363c178fbcf9e07d30a32444b50b00c715376388f6e2", "856b831b3f7ada0bb31ade63f755c35f7f4f381a956956052fff69e8119815ee", "8b9781057d5595fee84b6c45830ecb83fc0f261d6d9ba73b066f3c4b9c7f2c88", "bcb55a2df28a554fa12c514979c2080cb4244ee171686b8f910ce70a7f1f513e", "be38aa13642e482adcf749e2cea5507e7942255e1b31c7c455c356dea793189f", "c74083c017fd115c3319f21234010c73650be020a95818b18aaca1b5902d73d8", "cadc40ac3e45eafe1977416e6bc4dd159ba74dd4becf5e177cdc6be9906c388e", "e4be229930351810431bc7c946fe36242e6e9f4c753578585c64fa1aebc09179", "eb95741a6ee9008efada291453ae1343a66d0eaa868b5554b6741d3d2a0dbd1a", "ebfe801ee7ba2cfaa5b89359dff445569ec7883064d1bfa9f2a6cfb5394fe841", "eda4243c382593841fa5ee68b3ecf0c4d307a1b1cd01f6081bdf93373383a19b", "f0165180238c73a0fcdb1f9ec4142a3d98054a613373d1e67ce22dcbe53c7b08"], "host": "fogixezajaq[.]eu"}, {"hashes": ["08a7b276706517d28c3885c812f89b57549af4be14fe07059fc6f4651625f091", "091f71db383670a6815d3f57e5075000fc6fd016bc4823be5e7ae16bb53267a9", "0d7c8955acc824a085be5d45102c510212ca6c5f4df5fad897ee2d5923d34a1f", "14b6836f41d60a28868dc0fcd758b7a23b86a9d7b5f08fc463de6ed950a737d1", "1cc720425d2994b10536284c18e4a9e255ee5ea7ba21e6e6cafaf00310207a80", "342e45c1360a96d5b87847db6b3c85ef79bfda78c9f53a67a15424df91d78554", "4056a5fa6b1b28126a3ffbeb4d8a2a046ed8017e49ab1941c64bb913dc9a6ace", "446ea4991b5630082258be07dc8fc7ac4297f89a4de7b63fcf2e09937f0ed298", "4d923330bfbba1410ba2e553ac6da20068c2714fc9405a76b64a35e5a5f3db14", "54f5f3b8f9310dfee013917c10d88dff4c524aa406e758c067e6ded17840834f", "55704fcf179904208e18ae3000599ae04869d57530fbb388f8e6aa37353e344c", "593d96413956b2ac7f3ac3cc7b9d5b106c480f8aa587789c48c77f43e15dccb3", "6da3c0667c67bb53ada30dfc2fa6dac45ee5b56197515d0c083ea155a893730f", "7781a10e637ee035b26e363c178fbcf9e07d30a32444b50b00c715376388f6e2", "856b831b3f7ada0bb31ade63f755c35f7f4f381a956956052fff69e8119815ee", "8b9781057d5595fee84b6c45830ecb83fc0f261d6d9ba73b066f3c4b9c7f2c88", "bcb55a2df28a554fa12c514979c2080cb4244ee171686b8f910ce70a7f1f513e", "be38aa13642e482adcf749e2cea5507e7942255e1b31c7c455c356dea793189f", "c74083c017fd115c3319f21234010c73650be020a95818b18aaca1b5902d73d8", "cadc40ac3e45eafe1977416e6bc4dd159ba74dd4becf5e177cdc6be9906c388e", "e4be229930351810431bc7c946fe36242e6e9f4c753578585c64fa1aebc09179", "eb95741a6ee9008efada291453ae1343a66d0eaa868b5554b6741d3d2a0dbd1a", "ebfe801ee7ba2cfaa5b89359dff445569ec7883064d1bfa9f2a6cfb5394fe841", "eda4243c382593841fa5ee68b3ecf0c4d307a1b1cd01f6081bdf93373383a19b", "f0165180238c73a0fcdb1f9ec4142a3d98054a613373d1e67ce22dcbe53c7b08"], "host": "gadohyzyvah[.]eu"}, {"hashes": ["08a7b276706517d28c3885c812f89b57549af4be14fe07059fc6f4651625f091", "091f71db383670a6815d3f57e5075000fc6fd016bc4823be5e7ae16bb53267a9", "0d7c8955acc824a085be5d45102c510212ca6c5f4df5fad897ee2d5923d34a1f", "14b6836f41d60a28868dc0fcd758b7a23b86a9d7b5f08fc463de6ed950a737d1", "1cc720425d2994b10536284c18e4a9e255ee5ea7ba21e6e6cafaf00310207a80", "342e45c1360a96d5b87847db6b3c85ef79bfda78c9f53a67a15424df91d78554", "4056a5fa6b1b28126a3ffbeb4d8a2a046ed8017e49ab1941c64bb913dc9a6ace", "446ea4991b5630082258be07dc8fc7ac4297f89a4de7b63fcf2e09937f0ed298", "4d923330bfbba1410ba2e553ac6da20068c2714fc9405a76b64a35e5a5f3db14", "54f5f3b8f9310dfee013917c10d88dff4c524aa406e758c067e6ded17840834f", "55704fcf179904208e18ae3000599ae04869d57530fbb388f8e6aa37353e344c", "593d96413956b2ac7f3ac3cc7b9d5b106c480f8aa587789c48c77f43e15dccb3", "6da3c0667c67bb53ada30dfc2fa6dac45ee5b56197515d0c083ea155a893730f", "7781a10e637ee035b26e363c178fbcf9e07d30a32444b50b00c715376388f6e2", "856b831b3f7ada0bb31ade63f755c35f7f4f381a956956052fff69e8119815ee", "8b9781057d5595fee84b6c45830ecb83fc0f261d6d9ba73b066f3c4b9c7f2c88", "bcb55a2df28a554fa12c514979c2080cb4244ee171686b8f910ce70a7f1f513e", "be38aa13642e482adcf749e2cea5507e7942255e1b31c7c455c356dea793189f", "c74083c017fd115c3319f21234010c73650be020a95818b18aaca1b5902d73d8", "cadc40ac3e45eafe1977416e6bc4dd159ba74dd4becf5e177cdc6be9906c388e", "e4be229930351810431bc7c946fe36242e6e9f4c753578585c64fa1aebc09179", "eb95741a6ee9008efada291453ae1343a66d0eaa868b5554b6741d3d2a0dbd1a", "ebfe801ee7ba2cfaa5b89359dff445569ec7883064d1bfa9f2a6cfb5394fe841", "eda4243c382593841fa5ee68b3ecf0c4d307a1b1cd01f6081bdf93373383a19b", "f0165180238c73a0fcdb1f9ec4142a3d98054a613373d1e67ce22dcbe53c7b08"], "host": "nofoletezup[.]eu"}, {"hashes": ["08a7b276706517d28c3885c812f89b57549af4be14fe07059fc6f4651625f091", "091f71db383670a6815d3f57e5075000fc6fd016bc4823be5e7ae16bb53267a9", "0d7c8955acc824a085be5d45102c510212ca6c5f4df5fad897ee2d5923d34a1f", "14b6836f41d60a28868dc0fcd758b7a23b86a9d7b5f08fc463de6ed950a737d1", "1cc720425d2994b10536284c18e4a9e255ee5ea7ba21e6e6cafaf00310207a80", "342e45c1360a96d5b87847db6b3c85ef79bfda78c9f53a67a15424df91d78554", "4056a5fa6b1b28126a3ffbeb4d8a2a046ed8017e49ab1941c64bb913dc9a6ace", "446ea4991b5630082258be07dc8fc7ac4297f89a4de7b63fcf2e09937f0ed298", "4d923330bfbba1410ba2e553ac6da20068c2714fc9405a76b64a35e5a5f3db14", "54f5f3b8f9310dfee013917c10d88dff4c524aa406e758c067e6ded17840834f", "55704fcf179904208e18ae3000599ae04869d57530fbb388f8e6aa37353e344c", "593d96413956b2ac7f3ac3cc7b9d5b106c480f8aa587789c48c77f43e15dccb3", "6da3c0667c67bb53ada30dfc2fa6dac45ee5b56197515d0c083ea155a893730f", "7781a10e637ee035b26e363c178fbcf9e07d30a32444b50b00c715376388f6e2", "856b831b3f7ada0bb31ade63f755c35f7f4f381a956956052fff69e8119815ee", "8b9781057d5595fee84b6c45830ecb83fc0f261d6d9ba73b066f3c4b9c7f2c88", "bcb55a2df28a554fa12c514979c2080cb4244ee171686b8f910ce70a7f1f513e", "be38aa13642e482adcf749e2cea5507e7942255e1b31c7c455c356dea793189f", "c74083c017fd115c3319f21234010c73650be020a95818b18aaca1b5902d73d8", "cadc40ac3e45eafe1977416e6bc4dd159ba74dd4becf5e177cdc6be9906c388e", "e4be229930351810431bc7c946fe36242e6e9f4c753578585c64fa1aebc09179", "eb95741a6ee9008efada291453ae1343a66d0eaa868b5554b6741d3d2a0dbd1a", "ebfe801ee7ba2cfaa5b89359dff445569ec7883064d1bfa9f2a6cfb5394fe841", "eda4243c382593841fa5ee68b3ecf0c4d307a1b1cd01f6081bdf93373383a19b", "f0165180238c73a0fcdb1f9ec4142a3d98054a613373d1e67ce22dcbe53c7b08"], "host": "masafytunux[.]eu"}, {"hashes": ["08a7b276706517d28c3885c812f89b57549af4be14fe07059fc6f4651625f091", "091f71db383670a6815d3f57e5075000fc6fd016bc4823be5e7ae16bb53267a9", "0d7c8955acc824a085be5d45102c510212ca6c5f4df5fad897ee2d5923d34a1f", "14b6836f41d60a28868dc0fcd758b7a23b86a9d7b5f08fc463de6ed950a737d1", "1cc720425d2994b10536284c18e4a9e255ee5ea7ba21e6e6cafaf00310207a80", "342e45c1360a96d5b87847db6b3c85ef79bfda78c9f53a67a15424df91d78554", "4056a5fa6b1b28126a3ffbeb4d8a2a046ed8017e49ab1941c64bb913dc9a6ace", "446ea4991b5630082258be07dc8fc7ac4297f89a4de7b63fcf2e09937f0ed298", "4d923330bfbba1410ba2e553ac6da20068c2714fc9405a76b64a35e5a5f3db14", "54f5f3b8f9310dfee013917c10d88dff4c524aa406e758c067e6ded17840834f", "55704fcf179904208e18ae3000599ae04869d57530fbb388f8e6aa37353e344c", "593d96413956b2ac7f3ac3cc7b9d5b106c480f8aa587789c48c77f43e15dccb3", "6da3c0667c67bb53ada30dfc2fa6dac45ee5b56197515d0c083ea155a893730f", "7781a10e637ee035b26e363c178fbcf9e07d30a32444b50b00c715376388f6e2", "856b831b3f7ada0bb31ade63f755c35f7f4f381a956956052fff69e8119815ee", "8b9781057d5595fee84b6c45830ecb83fc0f261d6d9ba73b066f3c4b9c7f2c88", "bcb55a2df28a554fa12c514979c2080cb4244ee171686b8f910ce70a7f1f513e", "be38aa13642e482adcf749e2cea5507e7942255e1b31c7c455c356dea793189f", "c74083c017fd115c3319f21234010c73650be020a95818b18aaca1b5902d73d8", "cadc40ac3e45eafe1977416e6bc4dd159ba74dd4becf5e177cdc6be9906c388e", "e4be229930351810431bc7c946fe36242e6e9f4c753578585c64fa1aebc09179", "eb95741a6ee9008efada291453ae1343a66d0eaa868b5554b6741d3d2a0dbd1a", "ebfe801ee7ba2cfaa5b89359dff445569ec7883064d1bfa9f2a6cfb5394fe841", "eda4243c382593841fa5ee68b3ecf0c4d307a1b1cd01f6081bdf93373383a19b", "f0165180238c73a0fcdb1f9ec4142a3d98054a613373d1e67ce22dcbe53c7b08"], "host": "jepepyxiwam[.]eu"}, {"hashes": ["08a7b276706517d28c3885c812f89b57549af4be14fe07059fc6f4651625f091", "091f71db383670a6815d3f57e5075000fc6fd016bc4823be5e7ae16bb53267a9", "0d7c8955acc824a085be5d45102c510212ca6c5f4df5fad897ee2d5923d34a1f", "14b6836f41d60a28868dc0fcd758b7a23b86a9d7b5f08fc463de6ed950a737d1", "1cc720425d2994b10536284c18e4a9e255ee5ea7ba21e6e6cafaf00310207a80", "342e45c1360a96d5b87847db6b3c85ef79bfda78c9f53a67a15424df91d78554", "4056a5fa6b1b28126a3ffbeb4d8a2a046ed8017e49ab1941c64bb913dc9a6ace", "446ea4991b5630082258be07dc8fc7ac4297f89a4de7b63fcf2e09937f0ed298", "4d923330bfbba1410ba2e553ac6da20068c2714fc9405a76b64a35e5a5f3db14", "54f5f3b8f9310dfee013917c10d88dff4c524aa406e758c067e6ded17840834f", "55704fcf179904208e18ae3000599ae04869d57530fbb388f8e6aa37353e344c", "593d96413956b2ac7f3ac3cc7b9d5b106c480f8aa587789c48c77f43e15dccb3", "6da3c0667c67bb53ada30dfc2fa6dac45ee5b56197515d0c083ea155a893730f", "7781a10e637ee035b26e363c178fbcf9e07d30a32444b50b00c715376388f6e2", "856b831b3f7ada0bb31ade63f755c35f7f4f381a956956052fff69e8119815ee", "8b9781057d5595fee84b6c45830ecb83fc0f261d6d9ba73b066f3c4b9c7f2c88", "bcb55a2df28a554fa12c514979c2080cb4244ee171686b8f910ce70a7f1f513e", "be38aa13642e482adcf749e2cea5507e7942255e1b31c7c455c356dea793189f", "c74083c017fd115c3319f21234010c73650be020a95818b18aaca1b5902d73d8", "cadc40ac3e45eafe1977416e6bc4dd159ba74dd4becf5e177cdc6be9906c388e", "e4be229930351810431bc7c946fe36242e6e9f4c753578585c64fa1aebc09179", "eb95741a6ee9008efada291453ae1343a66d0eaa868b5554b6741d3d2a0dbd1a", "ebfe801ee7ba2cfaa5b89359dff445569ec7883064d1bfa9f2a6cfb5394fe841", "eda4243c382593841fa5ee68b3ecf0c4d307a1b1cd01f6081bdf93373383a19b", "f0165180238c73a0fcdb1f9ec4142a3d98054a613373d1e67ce22dcbe53c7b08"], "host": "qetyrypopup[.]eu"}, {"hashes": ["08a7b276706517d28c3885c812f89b57549af4be14fe07059fc6f4651625f091", "091f71db383670a6815d3f57e5075000fc6fd016bc4823be5e7ae16bb53267a9", "0d7c8955acc824a085be5d45102c510212ca6c5f4df5fad897ee2d5923d34a1f", "14b6836f41d60a28868dc0fcd758b7a23b86a9d7b5f08fc463de6ed950a737d1", "1cc720425d2994b10536284c18e4a9e255ee5ea7ba21e6e6cafaf00310207a80", "342e45c1360a96d5b87847db6b3c85ef79bfda78c9f53a67a15424df91d78554", "4056a5fa6b1b28126a3ffbeb4d8a2a046ed8017e49ab1941c64bb913dc9a6ace", "446ea4991b5630082258be07dc8fc7ac4297f89a4de7b63fcf2e09937f0ed298", "4d923330bfbba1410ba2e553ac6da20068c2714fc9405a76b64a35e5a5f3db14", "54f5f3b8f9310dfee013917c10d88dff4c524aa406e758c067e6ded17840834f", "55704fcf179904208e18ae3000599ae04869d57530fbb388f8e6aa37353e344c", "593d96413956b2ac7f3ac3cc7b9d5b106c480f8aa587789c48c77f43e15dccb3", "6da3c0667c67bb53ada30dfc2fa6dac45ee5b56197515d0c083ea155a893730f", "7781a10e637ee035b26e363c178fbcf9e07d30a32444b50b00c715376388f6e2", "856b831b3f7ada0bb31ade63f755c35f7f4f381a956956052fff69e8119815ee", "8b9781057d5595fee84b6c45830ecb83fc0f261d6d9ba73b066f3c4b9c7f2c88", "bcb55a2df28a554fa12c514979c2080cb4244ee171686b8f910ce70a7f1f513e", "be38aa13642e482adcf749e2cea5507e7942255e1b31c7c455c356dea793189f", "c74083c017fd115c3319f21234010c73650be020a95818b18aaca1b5902d73d8", "cadc40ac3e45eafe1977416e6bc4dd159ba74dd4becf5e177cdc6be9906c388e", "e4be229930351810431bc7c946fe36242e6e9f4c753578585c64fa1aebc09179", "eb95741a6ee9008efada291453ae1343a66d0eaa868b5554b6741d3d2a0dbd1a", "ebfe801ee7ba2cfaa5b89359dff445569ec7883064d1bfa9f2a6cfb5394fe841", "eda4243c382593841fa5ee68b3ecf0c4d307a1b1cd01f6081bdf93373383a19b", "f0165180238c73a0fcdb1f9ec4142a3d98054a613373d1e67ce22dcbe53c7b08"], "host": "lymoxuxelam[.]eu"}, {"hashes": ["08a7b276706517d28c3885c812f89b57549af4be14fe07059fc6f4651625f091", "091f71db383670a6815d3f57e5075000fc6fd016bc4823be5e7ae16bb53267a9", "0d7c8955acc824a085be5d45102c510212ca6c5f4df5fad897ee2d5923d34a1f", "14b6836f41d60a28868dc0fcd758b7a23b86a9d7b5f08fc463de6ed950a737d1", "1cc720425d2994b10536284c18e4a9e255ee5ea7ba21e6e6cafaf00310207a80", "342e45c1360a96d5b87847db6b3c85ef79bfda78c9f53a67a15424df91d78554", "4056a5fa6b1b28126a3ffbeb4d8a2a046ed8017e49ab1941c64bb913dc9a6ace", "446ea4991b5630082258be07dc8fc7ac4297f89a4de7b63fcf2e09937f0ed298", "4d923330bfbba1410ba2e553ac6da20068c2714fc9405a76b64a35e5a5f3db14", "54f5f3b8f9310dfee013917c10d88dff4c524aa406e758c067e6ded17840834f", "55704fcf179904208e18ae3000599ae04869d57530fbb388f8e6aa37353e344c", "593d96413956b2ac7f3ac3cc7b9d5b106c480f8aa587789c48c77f43e15dccb3", "6da3c0667c67bb53ada30dfc2fa6dac45ee5b56197515d0c083ea155a893730f", "7781a10e637ee035b26e363c178fbcf9e07d30a32444b50b00c715376388f6e2", "856b831b3f7ada0bb31ade63f755c35f7f4f381a956956052fff69e8119815ee", "8b9781057d5595fee84b6c45830ecb83fc0f261d6d9ba73b066f3c4b9c7f2c88", "bcb55a2df28a554fa12c514979c2080cb4244ee171686b8f910ce70a7f1f513e", "be38aa13642e482adcf749e2cea5507e7942255e1b31c7c455c356dea793189f", "c74083c017fd115c3319f21234010c73650be020a95818b18aaca1b5902d73d8", "cadc40ac3e45eafe1977416e6bc4dd159ba74dd4becf5e177cdc6be9906c388e", "e4be229930351810431bc7c946fe36242e6e9f4c753578585c64fa1aebc09179", "eb95741a6ee9008efada291453ae1343a66d0eaa868b5554b6741d3d2a0dbd1a", "ebfe801ee7ba2cfaa5b89359dff445569ec7883064d1bfa9f2a6cfb5394fe841", "eda4243c382593841fa5ee68b3ecf0c4d307a1b1cd01f6081bdf93373383a19b", "f0165180238c73a0fcdb1f9ec4142a3d98054a613373d1e67ce22dcbe53c7b08"], "host": "lysenenyxis[.]eu"}, {"hashes": ["08a7b276706517d28c3885c812f89b57549af4be14fe07059fc6f4651625f091", "091f71db383670a6815d3f57e5075000fc6fd016bc4823be5e7ae16bb53267a9", "0d7c8955acc824a085be5d45102c510212ca6c5f4df5fad897ee2d5923d34a1f", "14b6836f41d60a28868dc0fcd758b7a23b86a9d7b5f08fc463de6ed950a737d1", "1cc720425d2994b10536284c18e4a9e255ee5ea7ba21e6e6cafaf00310207a80", "342e45c1360a96d5b87847db6b3c85ef79bfda78c9f53a67a15424df91d78554", "4056a5fa6b1b28126a3ffbeb4d8a2a046ed8017e49ab1941c64bb913dc9a6ace", "446ea4991b5630082258be07dc8fc7ac4297f89a4de7b63fcf2e09937f0ed298", "4d923330bfbba1410ba2e553ac6da20068c2714fc9405a76b64a35e5a5f3db14", "54f5f3b8f9310dfee013917c10d88dff4c524aa406e758c067e6ded17840834f", "55704fcf179904208e18ae3000599ae04869d57530fbb388f8e6aa37353e344c", "593d96413956b2ac7f3ac3cc7b9d5b106c480f8aa587789c48c77f43e15dccb3", "6da3c0667c67bb53ada30dfc2fa6dac45ee5b56197515d0c083ea155a893730f", "7781a10e637ee035b26e363c178fbcf9e07d30a32444b50b00c715376388f6e2", "856b831b3f7ada0bb31ade63f755c35f7f4f381a956956052fff69e8119815ee", "8b9781057d5595fee84b6c45830ecb83fc0f261d6d9ba73b066f3c4b9c7f2c88", "bcb55a2df28a554fa12c514979c2080cb4244ee171686b8f910ce70a7f1f513e", "be38aa13642e482adcf749e2cea5507e7942255e1b31c7c455c356dea793189f", "c74083c017fd115c3319f21234010c73650be020a95818b18aaca1b5902d73d8", "cadc40ac3e45eafe1977416e6bc4dd159ba74dd4becf5e177cdc6be9906c388e", "e4be229930351810431bc7c946fe36242e6e9f4c753578585c64fa1aebc09179", "eb95741a6ee9008efada291453ae1343a66d0eaa868b5554b6741d3d2a0dbd1a", "ebfe801ee7ba2cfaa5b89359dff445569ec7883064d1bfa9f2a6cfb5394fe841", "eda4243c382593841fa5ee68b3ecf0c4d307a1b1cd01f6081bdf93373383a19b", "f0165180238c73a0fcdb1f9ec4142a3d98054a613373d1e67ce22dcbe53c7b08"], "host": "tupycegubej[.]eu"}, {"hashes": ["08a7b276706517d28c3885c812f89b57549af4be14fe07059fc6f4651625f091", "091f71db383670a6815d3f57e5075000fc6fd016bc4823be5e7ae16bb53267a9", "0d7c8955acc824a085be5d45102c510212ca6c5f4df5fad897ee2d5923d34a1f", "14b6836f41d60a28868dc0fcd758b7a23b86a9d7b5f08fc463de6ed950a737d1", "1cc720425d2994b10536284c18e4a9e255ee5ea7ba21e6e6cafaf00310207a80", "342e45c1360a96d5b87847db6b3c85ef79bfda78c9f53a67a15424df91d78554", "4056a5fa6b1b28126a3ffbeb4d8a2a046ed8017e49ab1941c64bb913dc9a6ace", "446ea4991b5630082258be07dc8fc7ac4297f89a4de7b63fcf2e09937f0ed298", "4d923330bfbba1410ba2e553ac6da20068c2714fc9405a76b64a35e5a5f3db14", "54f5f3b8f9310dfee013917c10d88dff4c524aa406e758c067e6ded17840834f", "55704fcf179904208e18ae3000599ae04869d57530fbb388f8e6aa37353e344c", "593d96413956b2ac7f3ac3cc7b9d5b106c480f8aa587789c48c77f43e15dccb3", "6da3c0667c67bb53ada30dfc2fa6dac45ee5b56197515d0c083ea155a893730f", "7781a10e637ee035b26e363c178fbcf9e07d30a32444b50b00c715376388f6e2", "856b831b3f7ada0bb31ade63f755c35f7f4f381a956956052fff69e8119815ee", "8b9781057d5595fee84b6c45830ecb83fc0f261d6d9ba73b066f3c4b9c7f2c88", "bcb55a2df28a554fa12c514979c2080cb4244ee171686b8f910ce70a7f1f513e", "be38aa13642e482adcf749e2cea5507e7942255e1b31c7c455c356dea793189f", "c74083c017fd115c3319f21234010c73650be020a95818b18aaca1b5902d73d8", "cadc40ac3e45eafe1977416e6bc4dd159ba74dd4becf5e177cdc6be9906c388e", "e4be229930351810431bc7c946fe36242e6e9f4c753578585c64fa1aebc09179", "eb95741a6ee9008efada291453ae1343a66d0eaa868b5554b6741d3d2a0dbd1a", "ebfe801ee7ba2cfaa5b89359dff445569ec7883064d1bfa9f2a6cfb5394fe841", "eda4243c382593841fa5ee68b3ecf0c4d307a1b1cd01f6081bdf93373383a19b", "f0165180238c73a0fcdb1f9ec4142a3d98054a613373d1e67ce22dcbe53c7b08"], "host": "xutulenuqix[.]eu"}, {"hashes": ["08a7b276706517d28c3885c812f89b57549af4be14fe07059fc6f4651625f091", "091f71db383670a6815d3f57e5075000fc6fd016bc4823be5e7ae16bb53267a9", "0d7c8955acc824a085be5d45102c510212ca6c5f4df5fad897ee2d5923d34a1f", "14b6836f41d60a28868dc0fcd758b7a23b86a9d7b5f08fc463de6ed950a737d1", "1cc720425d2994b10536284c18e4a9e255ee5ea7ba21e6e6cafaf00310207a80", "342e45c1360a96d5b87847db6b3c85ef79bfda78c9f53a67a15424df91d78554", "4056a5fa6b1b28126a3ffbeb4d8a2a046ed8017e49ab1941c64bb913dc9a6ace", "446ea4991b5630082258be07dc8fc7ac4297f89a4de7b63fcf2e09937f0ed298", "4d923330bfbba1410ba2e553ac6da20068c2714fc9405a76b64a35e5a5f3db14", "54f5f3b8f9310dfee013917c10d88dff4c524aa406e758c067e6ded17840834f", "55704fcf179904208e18ae3000599ae04869d57530fbb388f8e6aa37353e344c", "593d96413956b2ac7f3ac3cc7b9d5b106c480f8aa587789c48c77f43e15dccb3", "6da3c0667c67bb53ada30dfc2fa6dac45ee5b56197515d0c083ea155a893730f", "7781a10e637ee035b26e363c178fbcf9e07d30a32444b50b00c715376388f6e2", "856b831b3f7ada0bb31ade63f755c35f7f4f381a956956052fff69e8119815ee", "8b9781057d5595fee84b6c45830ecb83fc0f261d6d9ba73b066f3c4b9c7f2c88", "bcb55a2df28a554fa12c514979c2080cb4244ee171686b8f910ce70a7f1f513e", "be38aa13642e482adcf749e2cea5507e7942255e1b31c7c455c356dea793189f", "c74083c017fd115c3319f21234010c73650be020a95818b18aaca1b5902d73d8", "cadc40ac3e45eafe1977416e6bc4dd159ba74dd4becf5e177cdc6be9906c388e", "e4be229930351810431bc7c946fe36242e6e9f4c753578585c64fa1aebc09179", "eb95741a6ee9008efada291453ae1343a66d0eaa868b5554b6741d3d2a0dbd1a", "ebfe801ee7ba2cfaa5b89359dff445569ec7883064d1bfa9f2a6cfb5394fe841", "eda4243c382593841fa5ee68b3ecf0c4d307a1b1cd01f6081bdf93373383a19b", "f0165180238c73a0fcdb1f9ec4142a3d98054a613373d1e67ce22dcbe53c7b08"], "host": "purijygirem[.]eu"}, {"hashes": ["08a7b276706517d28c3885c812f89b57549af4be14fe07059fc6f4651625f091", "091f71db383670a6815d3f57e5075000fc6fd016bc4823be5e7ae16bb53267a9", "0d7c8955acc824a085be5d45102c510212ca6c5f4df5fad897ee2d5923d34a1f", "14b6836f41d60a28868dc0fcd758b7a23b86a9d7b5f08fc463de6ed950a737d1", "1cc720425d2994b10536284c18e4a9e255ee5ea7ba21e6e6cafaf00310207a80", "342e45c1360a96d5b87847db6b3c85ef79bfda78c9f53a67a15424df91d78554", "4056a5fa6b1b28126a3ffbeb4d8a2a046ed8017e49ab1941c64bb913dc9a6ace", "446ea4991b5630082258be07dc8fc7ac4297f89a4de7b63fcf2e09937f0ed298", "4d923330bfbba1410ba2e553ac6da20068c2714fc9405a76b64a35e5a5f3db14", "54f5f3b8f9310dfee013917c10d88dff4c524aa406e758c067e6ded17840834f", "55704fcf179904208e18ae3000599ae04869d57530fbb388f8e6aa37353e344c", "593d96413956b2ac7f3ac3cc7b9d5b106c480f8aa587789c48c77f43e15dccb3", "6da3c0667c67bb53ada30dfc2fa6dac45ee5b56197515d0c083ea155a893730f", "7781a10e637ee035b26e363c178fbcf9e07d30a32444b50b00c715376388f6e2", "856b831b3f7ada0bb31ade63f755c35f7f4f381a956956052fff69e8119815ee", "8b9781057d5595fee84b6c45830ecb83fc0f261d6d9ba73b066f3c4b9c7f2c88", "bcb55a2df28a554fa12c514979c2080cb4244ee171686b8f910ce70a7f1f513e", "be38aa13642e482adcf749e2cea5507e7942255e1b31c7c455c356dea793189f", "c74083c017fd115c3319f21234010c73650be020a95818b18aaca1b5902d73d8", "cadc40ac3e45eafe1977416e6bc4dd159ba74dd4becf5e177cdc6be9906c388e", "e4be229930351810431bc7c946fe36242e6e9f4c753578585c64fa1aebc09179", "eb95741a6ee9008efada291453ae1343a66d0eaa868b5554b6741d3d2a0dbd1a", "ebfe801ee7ba2cfaa5b89359dff445569ec7883064d1bfa9f2a6cfb5394fe841", "eda4243c382593841fa5ee68b3ecf0c4d307a1b1cd01f6081bdf93373383a19b", "f0165180238c73a0fcdb1f9ec4142a3d98054a613373d1e67ce22dcbe53c7b08"], "host": "dimasyhageh[.]eu"}, {"hashes": ["08a7b276706517d28c3885c812f89b57549af4be14fe07059fc6f4651625f091", "091f71db383670a6815d3f57e5075000fc6fd016bc4823be5e7ae16bb53267a9", "0d7c8955acc824a085be5d45102c510212ca6c5f4df5fad897ee2d5923d34a1f", "14b6836f41d60a28868dc0fcd758b7a23b86a9d7b5f08fc463de6ed950a737d1", "1cc720425d2994b10536284c18e4a9e255ee5ea7ba21e6e6cafaf00310207a80", "342e45c1360a96d5b87847db6b3c85ef79bfda78c9f53a67a15424df91d78554", "4056a5fa6b1b28126a3ffbeb4d8a2a046ed8017e49ab1941c64bb913dc9a6ace", "446ea4991b5630082258be07dc8fc7ac4297f89a4de7b63fcf2e09937f0ed298", "4d923330bfbba1410ba2e553ac6da20068c2714fc9405a76b64a35e5a5f3db14", "54f5f3b8f9310dfee013917c10d88dff4c524aa406e758c067e6ded17840834f", "55704fcf179904208e18ae3000599ae04869d57530fbb388f8e6aa37353e344c", "593d96413956b2ac7f3ac3cc7b9d5b106c480f8aa587789c48c77f43e15dccb3", "6da3c0667c67bb53ada30dfc2fa6dac45ee5b56197515d0c083ea155a893730f", "7781a10e637ee035b26e363c178fbcf9e07d30a32444b50b00c715376388f6e2", "856b831b3f7ada0bb31ade63f755c35f7f4f381a956956052fff69e8119815ee", "8b9781057d5595fee84b6c45830ecb83fc0f261d6d9ba73b066f3c4b9c7f2c88", "bcb55a2df28a554fa12c514979c2080cb4244ee171686b8f910ce70a7f1f513e", "be38aa13642e482adcf749e2cea5507e7942255e1b31c7c455c356dea793189f", "c74083c017fd115c3319f21234010c73650be020a95818b18aaca1b5902d73d8", "cadc40ac3e45eafe1977416e6bc4dd159ba74dd4becf5e177cdc6be9906c388e", "e4be229930351810431bc7c946fe36242e6e9f4c753578585c64fa1aebc09179", "eb95741a6ee9008efada291453ae1343a66d0eaa868b5554b6741d3d2a0dbd1a", "ebfe801ee7ba2cfaa5b89359dff445569ec7883064d1bfa9f2a6cfb5394fe841", "eda4243c382593841fa5ee68b3ecf0c4d307a1b1cd01f6081bdf93373383a19b", "f0165180238c73a0fcdb1f9ec4142a3d98054a613373d1e67ce22dcbe53c7b08"], "host": "ciqofymosip[.]eu"}, {"hashes": ["08a7b276706517d28c3885c812f89b57549af4be14fe07059fc6f4651625f091", "091f71db383670a6815d3f57e5075000fc6fd016bc4823be5e7ae16bb53267a9", "0d7c8955acc824a085be5d45102c510212ca6c5f4df5fad897ee2d5923d34a1f", "14b6836f41d60a28868dc0fcd758b7a23b86a9d7b5f08fc463de6ed950a737d1", "1cc720425d2994b10536284c18e4a9e255ee5ea7ba21e6e6cafaf00310207a80", "342e45c1360a96d5b87847db6b3c85ef79bfda78c9f53a67a15424df91d78554", "4056a5fa6b1b28126a3ffbeb4d8a2a046ed8017e49ab1941c64bb913dc9a6ace", "446ea4991b5630082258be07dc8fc7ac4297f89a4de7b63fcf2e09937f0ed298", "4d923330bfbba1410ba2e553ac6da20068c2714fc9405a76b64a35e5a5f3db14", "54f5f3b8f9310dfee013917c10d88dff4c524aa406e758c067e6ded17840834f", "55704fcf179904208e18ae3000599ae04869d57530fbb388f8e6aa37353e344c", "593d96413956b2ac7f3ac3cc7b9d5b106c480f8aa587789c48c77f43e15dccb3", "6da3c0667c67bb53ada30dfc2fa6dac45ee5b56197515d0c083ea155a893730f", "7781a10e637ee035b26e363c178fbcf9e07d30a32444b50b00c715376388f6e2", "856b831b3f7ada0bb31ade63f755c35f7f4f381a956956052fff69e8119815ee", "8b9781057d5595fee84b6c45830ecb83fc0f261d6d9ba73b066f3c4b9c7f2c88", "bcb55a2df28a554fa12c514979c2080cb4244ee171686b8f910ce70a7f1f513e", "be38aa13642e482adcf749e2cea5507e7942255e1b31c7c455c356dea793189f", "c74083c017fd115c3319f21234010c73650be020a95818b18aaca1b5902d73d8", "cadc40ac3e45eafe1977416e6bc4dd159ba74dd4becf5e177cdc6be9906c388e", "e4be229930351810431bc7c946fe36242e6e9f4c753578585c64fa1aebc09179", "eb95741a6ee9008efada291453ae1343a66d0eaa868b5554b6741d3d2a0dbd1a", "ebfe801ee7ba2cfaa5b89359dff445569ec7883064d1bfa9f2a6cfb5394fe841", "eda4243c382593841fa5ee68b3ecf0c4d307a1b1cd01f6081bdf93373383a19b", "f0165180238c73a0fcdb1f9ec4142a3d98054a613373d1e67ce22dcbe53c7b08"], "host": "vonerymekix[.]eu"}, {"hashes": ["08a7b276706517d28c3885c812f89b57549af4be14fe07059fc6f4651625f091", "091f71db383670a6815d3f57e5075000fc6fd016bc4823be5e7ae16bb53267a9", "0d7c8955acc824a085be5d45102c510212ca6c5f4df5fad897ee2d5923d34a1f", "14b6836f41d60a28868dc0fcd758b7a23b86a9d7b5f08fc463de6ed950a737d1", "1cc720425d2994b10536284c18e4a9e255ee5ea7ba21e6e6cafaf00310207a80", "342e45c1360a96d5b87847db6b3c85ef79bfda78c9f53a67a15424df91d78554", "4056a5fa6b1b28126a3ffbeb4d8a2a046ed8017e49ab1941c64bb913dc9a6ace", "446ea4991b5630082258be07dc8fc7ac4297f89a4de7b63fcf2e09937f0ed298", "4d923330bfbba1410ba2e553ac6da20068c2714fc9405a76b64a35e5a5f3db14", "54f5f3b8f9310dfee013917c10d88dff4c524aa406e758c067e6ded17840834f", "55704fcf179904208e18ae3000599ae04869d57530fbb388f8e6aa37353e344c", "593d96413956b2ac7f3ac3cc7b9d5b106c480f8aa587789c48c77f43e15dccb3", "6da3c0667c67bb53ada30dfc2fa6dac45ee5b56197515d0c083ea155a893730f", "7781a10e637ee035b26e363c178fbcf9e07d30a32444b50b00c715376388f6e2", "856b831b3f7ada0bb31ade63f755c35f7f4f381a956956052fff69e8119815ee", "8b9781057d5595fee84b6c45830ecb83fc0f261d6d9ba73b066f3c4b9c7f2c88", "bcb55a2df28a554fa12c514979c2080cb4244ee171686b8f910ce70a7f1f513e", "be38aa13642e482adcf749e2cea5507e7942255e1b31c7c455c356dea793189f", "c74083c017fd115c3319f21234010c73650be020a95818b18aaca1b5902d73d8", "cadc40ac3e45eafe1977416e6bc4dd159ba74dd4becf5e177cdc6be9906c388e", "e4be229930351810431bc7c946fe36242e6e9f4c753578585c64fa1aebc09179", "eb95741a6ee9008efada291453ae1343a66d0eaa868b5554b6741d3d2a0dbd1a", "ebfe801ee7ba2cfaa5b89359dff445569ec7883064d1bfa9f2a6cfb5394fe841", "eda4243c382593841fa5ee68b3ecf0c4d307a1b1cd01f6081bdf93373383a19b", "f0165180238c73a0fcdb1f9ec4142a3d98054a613373d1e67ce22dcbe53c7b08"], "host": "novubymyvip[.]eu"}, {"hashes": ["08a7b276706517d28c3885c812f89b57549af4be14fe07059fc6f4651625f091", "091f71db383670a6815d3f57e5075000fc6fd016bc4823be5e7ae16bb53267a9", "0d7c8955acc824a085be5d45102c510212ca6c5f4df5fad897ee2d5923d34a1f", "14b6836f41d60a28868dc0fcd758b7a23b86a9d7b5f08fc463de6ed950a737d1", "1cc720425d2994b10536284c18e4a9e255ee5ea7ba21e6e6cafaf00310207a80", "342e45c1360a96d5b87847db6b3c85ef79bfda78c9f53a67a15424df91d78554", "4056a5fa6b1b28126a3ffbeb4d8a2a046ed8017e49ab1941c64bb913dc9a6ace", "446ea4991b5630082258be07dc8fc7ac4297f89a4de7b63fcf2e09937f0ed298", "4d923330bfbba1410ba2e553ac6da20068c2714fc9405a76b64a35e5a5f3db14", "54f5f3b8f9310dfee013917c10d88dff4c524aa406e758c067e6ded17840834f", "55704fcf179904208e18ae3000599ae04869d57530fbb388f8e6aa37353e344c", "593d96413956b2ac7f3ac3cc7b9d5b106c480f8aa587789c48c77f43e15dccb3", "6da3c0667c67bb53ada30dfc2fa6dac45ee5b56197515d0c083ea155a893730f", "7781a10e637ee035b26e363c178fbcf9e07d30a32444b50b00c715376388f6e2", "856b831b3f7ada0bb31ade63f755c35f7f4f381a956956052fff69e8119815ee", "8b9781057d5595fee84b6c45830ecb83fc0f261d6d9ba73b066f3c4b9c7f2c88", "bcb55a2df28a554fa12c514979c2080cb4244ee171686b8f910ce70a7f1f513e", "be38aa13642e482adcf749e2cea5507e7942255e1b31c7c455c356dea793189f", "c74083c017fd115c3319f21234010c73650be020a95818b18aaca1b5902d73d8", "cadc40ac3e45eafe1977416e6bc4dd159ba74dd4becf5e177cdc6be9906c388e", "e4be229930351810431bc7c946fe36242e6e9f4c753578585c64fa1aebc09179", "eb95741a6ee9008efada291453ae1343a66d0eaa868b5554b6741d3d2a0dbd1a", "ebfe801ee7ba2cfaa5b89359dff445569ec7883064d1bfa9f2a6cfb5394fe841", "eda4243c382593841fa5ee68b3ecf0c4d307a1b1cd01f6081bdf93373383a19b", "f0165180238c73a0fcdb1f9ec4142a3d98054a613373d1e67ce22dcbe53c7b08"], "host": "fobyqyhezem[.]eu"}, {"hashes": ["08a7b276706517d28c3885c812f89b57549af4be14fe07059fc6f4651625f091", "091f71db383670a6815d3f57e5075000fc6fd016bc4823be5e7ae16bb53267a9", "0d7c8955acc824a085be5d45102c510212ca6c5f4df5fad897ee2d5923d34a1f", "14b6836f41d60a28868dc0fcd758b7a23b86a9d7b5f08fc463de6ed950a737d1", "1cc720425d2994b10536284c18e4a9e255ee5ea7ba21e6e6cafaf00310207a80", "342e45c1360a96d5b87847db6b3c85ef79bfda78c9f53a67a15424df91d78554", "4056a5fa6b1b28126a3ffbeb4d8a2a046ed8017e49ab1941c64bb913dc9a6ace", "446ea4991b5630082258be07dc8fc7ac4297f89a4de7b63fcf2e09937f0ed298", "4d923330bfbba1410ba2e553ac6da20068c2714fc9405a76b64a35e5a5f3db14", "54f5f3b8f9310dfee013917c10d88dff4c524aa406e758c067e6ded17840834f", "55704fcf179904208e18ae3000599ae04869d57530fbb388f8e6aa37353e344c", "593d96413956b2ac7f3ac3cc7b9d5b106c480f8aa587789c48c77f43e15dccb3", "6da3c0667c67bb53ada30dfc2fa6dac45ee5b56197515d0c083ea155a893730f", "7781a10e637ee035b26e363c178fbcf9e07d30a32444b50b00c715376388f6e2", "856b831b3f7ada0bb31ade63f755c35f7f4f381a956956052fff69e8119815ee", "8b9781057d5595fee84b6c45830ecb83fc0f261d6d9ba73b066f3c4b9c7f2c88", "bcb55a2df28a554fa12c514979c2080cb4244ee171686b8f910ce70a7f1f513e", "be38aa13642e482adcf749e2cea5507e7942255e1b31c7c455c356dea793189f", "c74083c017fd115c3319f21234010c73650be020a95818b18aaca1b5902d73d8", "cadc40ac3e45eafe1977416e6bc4dd159ba74dd4becf5e177cdc6be9906c388e", "e4be229930351810431bc7c946fe36242e6e9f4c753578585c64fa1aebc09179", "eb95741a6ee9008efada291453ae1343a66d0eaa868b5554b6741d3d2a0dbd1a", "ebfe801ee7ba2cfaa5b89359dff445569ec7883064d1bfa9f2a6cfb5394fe841", "eda4243c382593841fa5ee68b3ecf0c4d307a1b1cd01f6081bdf93373383a19b", "f0165180238c73a0fcdb1f9ec4142a3d98054a613373d1e67ce22dcbe53c7b08"], "host": "gacucuhumeg[.]eu"}, {"hashes": ["08a7b276706517d28c3885c812f89b57549af4be14fe07059fc6f4651625f091", "091f71db383670a6815d3f57e5075000fc6fd016bc4823be5e7ae16bb53267a9", "0d7c8955acc824a085be5d45102c510212ca6c5f4df5fad897ee2d5923d34a1f", "14b6836f41d60a28868dc0fcd758b7a23b86a9d7b5f08fc463de6ed950a737d1", "1cc720425d2994b10536284c18e4a9e255ee5ea7ba21e6e6cafaf00310207a80", "342e45c1360a96d5b87847db6b3c85ef79bfda78c9f53a67a15424df91d78554", "4056a5fa6b1b28126a3ffbeb4d8a2a046ed8017e49ab1941c64bb913dc9a6ace", "446ea4991b5630082258be07dc8fc7ac4297f89a4de7b63fcf2e09937f0ed298", "4d923330bfbba1410ba2e553ac6da20068c2714fc9405a76b64a35e5a5f3db14", "54f5f3b8f9310dfee013917c10d88dff4c524aa406e758c067e6ded17840834f", "55704fcf179904208e18ae3000599ae04869d57530fbb388f8e6aa37353e344c", "593d96413956b2ac7f3ac3cc7b9d5b106c480f8aa587789c48c77f43e15dccb3", "6da3c0667c67bb53ada30dfc2fa6dac45ee5b56197515d0c083ea155a893730f", "7781a10e637ee035b26e363c178fbcf9e07d30a32444b50b00c715376388f6e2", "856b831b3f7ada0bb31ade63f755c35f7f4f381a956956052fff69e8119815ee", "8b9781057d5595fee84b6c45830ecb83fc0f261d6d9ba73b066f3c4b9c7f2c88", "bcb55a2df28a554fa12c514979c2080cb4244ee171686b8f910ce70a7f1f513e", "be38aa13642e482adcf749e2cea5507e7942255e1b31c7c455c356dea793189f", "c74083c017fd115c3319f21234010c73650be020a95818b18aaca1b5902d73d8", "cadc40ac3e45eafe1977416e6bc4dd159ba74dd4becf5e177cdc6be9906c388e", "e4be229930351810431bc7c946fe36242e6e9f4c753578585c64fa1aebc09179", "eb95741a6ee9008efada291453ae1343a66d0eaa868b5554b6741d3d2a0dbd1a", "ebfe801ee7ba2cfaa5b89359dff445569ec7883064d1bfa9f2a6cfb5394fe841", "eda4243c382593841fa5ee68b3ecf0c4d307a1b1cd01f6081bdf93373383a19b", "f0165180238c73a0fcdb1f9ec4142a3d98054a613373d1e67ce22dcbe53c7b08"], "host": "maxilumiriz[.]eu"}, {"hashes": ["08a7b276706517d28c3885c812f89b57549af4be14fe07059fc6f4651625f091", "091f71db383670a6815d3f57e5075000fc6fd016bc4823be5e7ae16bb53267a9", "0d7c8955acc824a085be5d45102c510212ca6c5f4df5fad897ee2d5923d34a1f", "14b6836f41d60a28868dc0fcd758b7a23b86a9d7b5f08fc463de6ed950a737d1", "1cc720425d2994b10536284c18e4a9e255ee5ea7ba21e6e6cafaf00310207a80", "342e45c1360a96d5b87847db6b3c85ef79bfda78c9f53a67a15424df91d78554", "4056a5fa6b1b28126a3ffbeb4d8a2a046ed8017e49ab1941c64bb913dc9a6ace", "446ea4991b5630082258be07dc8fc7ac4297f89a4de7b63fcf2e09937f0ed298", "4d923330bfbba1410ba2e553ac6da20068c2714fc9405a76b64a35e5a5f3db14", "54f5f3b8f9310dfee013917c10d88dff4c524aa406e758c067e6ded17840834f", "55704fcf179904208e18ae3000599ae04869d57530fbb388f8e6aa37353e344c", "593d96413956b2ac7f3ac3cc7b9d5b106c480f8aa587789c48c77f43e15dccb3", "6da3c0667c67bb53ada30dfc2fa6dac45ee5b56197515d0c083ea155a893730f", "7781a10e637ee035b26e363c178fbcf9e07d30a32444b50b00c715376388f6e2", "856b831b3f7ada0bb31ade63f755c35f7f4f381a956956052fff69e8119815ee", "8b9781057d5595fee84b6c45830ecb83fc0f261d6d9ba73b066f3c4b9c7f2c88", "bcb55a2df28a554fa12c514979c2080cb4244ee171686b8f910ce70a7f1f513e", "be38aa13642e482adcf749e2cea5507e7942255e1b31c7c455c356dea793189f", "c74083c017fd115c3319f21234010c73650be020a95818b18aaca1b5902d73d8", "cadc40ac3e45eafe1977416e6bc4dd159ba74dd4becf5e177cdc6be9906c388e", "e4be229930351810431bc7c946fe36242e6e9f4c753578585c64fa1aebc09179", "eb95741a6ee9008efada291453ae1343a66d0eaa868b5554b6741d3d2a0dbd1a", "ebfe801ee7ba2cfaa5b89359dff445569ec7883064d1bfa9f2a6cfb5394fe841", "eda4243c382593841fa5ee68b3ecf0c4d307a1b1cd01f6081bdf93373383a19b", "f0165180238c73a0fcdb1f9ec4142a3d98054a613373d1e67ce22dcbe53c7b08"], "host": "jelojujopen[.]eu"}, {"hashes": ["08a7b276706517d28c3885c812f89b57549af4be14fe07059fc6f4651625f091", "091f71db383670a6815d3f57e5075000fc6fd016bc4823be5e7ae16bb53267a9", "0d7c8955acc824a085be5d45102c510212ca6c5f4df5fad897ee2d5923d34a1f", "14b6836f41d60a28868dc0fcd758b7a23b86a9d7b5f08fc463de6ed950a737d1", "1cc720425d2994b10536284c18e4a9e255ee5ea7ba21e6e6cafaf00310207a80", "342e45c1360a96d5b87847db6b3c85ef79bfda78c9f53a67a15424df91d78554", "4056a5fa6b1b28126a3ffbeb4d8a2a046ed8017e49ab1941c64bb913dc9a6ace", "446ea4991b5630082258be07dc8fc7ac4297f89a4de7b63fcf2e09937f0ed298", "4d923330bfbba1410ba2e553ac6da20068c2714fc9405a76b64a35e5a5f3db14", "54f5f3b8f9310dfee013917c10d88dff4c524aa406e758c067e6ded17840834f", "55704fcf179904208e18ae3000599ae04869d57530fbb388f8e6aa37353e344c", "593d96413956b2ac7f3ac3cc7b9d5b106c480f8aa587789c48c77f43e15dccb3", "6da3c0667c67bb53ada30dfc2fa6dac45ee5b56197515d0c083ea155a893730f", "7781a10e637ee035b26e363c178fbcf9e07d30a32444b50b00c715376388f6e2", "856b831b3f7ada0bb31ade63f755c35f7f4f381a956956052fff69e8119815ee", "8b9781057d5595fee84b6c45830ecb83fc0f261d6d9ba73b066f3c4b9c7f2c88", "bcb55a2df28a554fa12c514979c2080cb4244ee171686b8f910ce70a7f1f513e", "be38aa13642e482adcf749e2cea5507e7942255e1b31c7c455c356dea793189f", "c74083c017fd115c3319f21234010c73650be020a95818b18aaca1b5902d73d8", "cadc40ac3e45eafe1977416e6bc4dd159ba74dd4becf5e177cdc6be9906c388e", "e4be229930351810431bc7c946fe36242e6e9f4c753578585c64fa1aebc09179", "eb95741a6ee9008efada291453ae1343a66d0eaa868b5554b6741d3d2a0dbd1a", "ebfe801ee7ba2cfaa5b89359dff445569ec7883064d1bfa9f2a6cfb5394fe841", "eda4243c382593841fa5ee68b3ecf0c4d307a1b1cd01f6081bdf93373383a19b", "f0165180238c73a0fcdb1f9ec4142a3d98054a613373d1e67ce22dcbe53c7b08"], "host": "qekafuqafit[.]eu"}, {"hashes": ["08a7b276706517d28c3885c812f89b57549af4be14fe07059fc6f4651625f091", "091f71db383670a6815d3f57e5075000fc6fd016bc4823be5e7ae16bb53267a9", "0d7c8955acc824a085be5d45102c510212ca6c5f4df5fad897ee2d5923d34a1f", "14b6836f41d60a28868dc0fcd758b7a23b86a9d7b5f08fc463de6ed950a737d1", "1cc720425d2994b10536284c18e4a9e255ee5ea7ba21e6e6cafaf00310207a80", "342e45c1360a96d5b87847db6b3c85ef79bfda78c9f53a67a15424df91d78554", "4056a5fa6b1b28126a3ffbeb4d8a2a046ed8017e49ab1941c64bb913dc9a6ace", "446ea4991b5630082258be07dc8fc7ac4297f89a4de7b63fcf2e09937f0ed298", "4d923330bfbba1410ba2e553ac6da20068c2714fc9405a76b64a35e5a5f3db14", "54f5f3b8f9310dfee013917c10d88dff4c524aa406e758c067e6ded17840834f", "55704fcf179904208e18ae3000599ae04869d57530fbb388f8e6aa37353e344c", "593d96413956b2ac7f3ac3cc7b9d5b106c480f8aa587789c48c77f43e15dccb3", "6da3c0667c67bb53ada30dfc2fa6dac45ee5b56197515d0c083ea155a893730f", "7781a10e637ee035b26e363c178fbcf9e07d30a32444b50b00c715376388f6e2", "856b831b3f7ada0bb31ade63f755c35f7f4f381a956956052fff69e8119815ee", "8b9781057d5595fee84b6c45830ecb83fc0f261d6d9ba73b066f3c4b9c7f2c88", "bcb55a2df28a554fa12c514979c2080cb4244ee171686b8f910ce70a7f1f513e", "be38aa13642e482adcf749e2cea5507e7942255e1b31c7c455c356dea793189f", "c74083c017fd115c3319f21234010c73650be020a95818b18aaca1b5902d73d8", "cadc40ac3e45eafe1977416e6bc4dd159ba74dd4becf5e177cdc6be9906c388e", "e4be229930351810431bc7c946fe36242e6e9f4c753578585c64fa1aebc09179", "eb95741a6ee9008efada291453ae1343a66d0eaa868b5554b6741d3d2a0dbd1a", "ebfe801ee7ba2cfaa5b89359dff445569ec7883064d1bfa9f2a6cfb5394fe841", "eda4243c382593841fa5ee68b3ecf0c4d307a1b1cd01f6081bdf93373383a19b", "f0165180238c73a0fcdb1f9ec4142a3d98054a613373d1e67ce22dcbe53c7b08"], "host": "ryhyruqeliz[.]eu"}, {"hashes": ["08a7b276706517d28c3885c812f89b57549af4be14fe07059fc6f4651625f091", "091f71db383670a6815d3f57e5075000fc6fd016bc4823be5e7ae16bb53267a9", "0d7c8955acc824a085be5d45102c510212ca6c5f4df5fad897ee2d5923d34a1f", "14b6836f41d60a28868dc0fcd758b7a23b86a9d7b5f08fc463de6ed950a737d1", "1cc720425d2994b10536284c18e4a9e255ee5ea7ba21e6e6cafaf00310207a80", "342e45c1360a96d5b87847db6b3c85ef79bfda78c9f53a67a15424df91d78554", "4056a5fa6b1b28126a3ffbeb4d8a2a046ed8017e49ab1941c64bb913dc9a6ace", "446ea4991b5630082258be07dc8fc7ac4297f89a4de7b63fcf2e09937f0ed298", "4d923330bfbba1410ba2e553ac6da20068c2714fc9405a76b64a35e5a5f3db14", "54f5f3b8f9310dfee013917c10d88dff4c524aa406e758c067e6ded17840834f", "55704fcf179904208e18ae3000599ae04869d57530fbb388f8e6aa37353e344c", "593d96413956b2ac7f3ac3cc7b9d5b106c480f8aa587789c48c77f43e15dccb3", "6da3c0667c67bb53ada30dfc2fa6dac45ee5b56197515d0c083ea155a893730f", "7781a10e637ee035b26e363c178fbcf9e07d30a32444b50b00c715376388f6e2", "856b831b3f7ada0bb31ade63f755c35f7f4f381a956956052fff69e8119815ee", "8b9781057d5595fee84b6c45830ecb83fc0f261d6d9ba73b066f3c4b9c7f2c88", "bcb55a2df28a554fa12c514979c2080cb4244ee171686b8f910ce70a7f1f513e", "be38aa13642e482adcf749e2cea5507e7942255e1b31c7c455c356dea793189f", "c74083c017fd115c3319f21234010c73650be020a95818b18aaca1b5902d73d8", "cadc40ac3e45eafe1977416e6bc4dd159ba74dd4becf5e177cdc6be9906c388e", "e4be229930351810431bc7c946fe36242e6e9f4c753578585c64fa1aebc09179", "eb95741a6ee9008efada291453ae1343a66d0eaa868b5554b6741d3d2a0dbd1a", "ebfe801ee7ba2cfaa5b89359dff445569ec7883064d1bfa9f2a6cfb5394fe841", "eda4243c382593841fa5ee68b3ecf0c4d307a1b1cd01f6081bdf93373383a19b", "f0165180238c73a0fcdb1f9ec4142a3d98054a613373d1e67ce22dcbe53c7b08"], "host": "kejepujajeg[.]eu"}, {"hashes": ["08a7b276706517d28c3885c812f89b57549af4be14fe07059fc6f4651625f091", "091f71db383670a6815d3f57e5075000fc6fd016bc4823be5e7ae16bb53267a9", "0d7c8955acc824a085be5d45102c510212ca6c5f4df5fad897ee2d5923d34a1f", "14b6836f41d60a28868dc0fcd758b7a23b86a9d7b5f08fc463de6ed950a737d1", "1cc720425d2994b10536284c18e4a9e255ee5ea7ba21e6e6cafaf00310207a80", "342e45c1360a96d5b87847db6b3c85ef79bfda78c9f53a67a15424df91d78554", "4056a5fa6b1b28126a3ffbeb4d8a2a046ed8017e49ab1941c64bb913dc9a6ace", "446ea4991b5630082258be07dc8fc7ac4297f89a4de7b63fcf2e09937f0ed298", "4d923330bfbba1410ba2e553ac6da20068c2714fc9405a76b64a35e5a5f3db14", "54f5f3b8f9310dfee013917c10d88dff4c524aa406e758c067e6ded17840834f", "55704fcf179904208e18ae3000599ae04869d57530fbb388f8e6aa37353e344c", "593d96413956b2ac7f3ac3cc7b9d5b106c480f8aa587789c48c77f43e15dccb3", "6da3c0667c67bb53ada30dfc2fa6dac45ee5b56197515d0c083ea155a893730f", "7781a10e637ee035b26e363c178fbcf9e07d30a32444b50b00c715376388f6e2", "856b831b3f7ada0bb31ade63f755c35f7f4f381a956956052fff69e8119815ee", "8b9781057d5595fee84b6c45830ecb83fc0f261d6d9ba73b066f3c4b9c7f2c88", "bcb55a2df28a554fa12c514979c2080cb4244ee171686b8f910ce70a7f1f513e", "be38aa13642e482adcf749e2cea5507e7942255e1b31c7c455c356dea793189f", "c74083c017fd115c3319f21234010c73650be020a95818b18aaca1b5902d73d8", "cadc40ac3e45eafe1977416e6bc4dd159ba74dd4becf5e177cdc6be9906c388e", "e4be229930351810431bc7c946fe36242e6e9f4c753578585c64fa1aebc09179", "eb95741a6ee9008efada291453ae1343a66d0eaa868b5554b6741d3d2a0dbd1a", "ebfe801ee7ba2cfaa5b89359dff445569ec7883064d1bfa9f2a6cfb5394fe841", "eda4243c382593841fa5ee68b3ecf0c4d307a1b1cd01f6081bdf93373383a19b", "f0165180238c73a0fcdb1f9ec4142a3d98054a613373d1e67ce22dcbe53c7b08"], "host": "tufibiqunit[.]eu"}, {"hashes": ["08a7b276706517d28c3885c812f89b57549af4be14fe07059fc6f4651625f091", "091f71db383670a6815d3f57e5075000fc6fd016bc4823be5e7ae16bb53267a9", "0d7c8955acc824a085be5d45102c510212ca6c5f4df5fad897ee2d5923d34a1f", "14b6836f41d60a28868dc0fcd758b7a23b86a9d7b5f08fc463de6ed950a737d1", "1cc720425d2994b10536284c18e4a9e255ee5ea7ba21e6e6cafaf00310207a80", "342e45c1360a96d5b87847db6b3c85ef79bfda78c9f53a67a15424df91d78554", "4056a5fa6b1b28126a3ffbeb4d8a2a046ed8017e49ab1941c64bb913dc9a6ace", "446ea4991b5630082258be07dc8fc7ac4297f89a4de7b63fcf2e09937f0ed298", "4d923330bfbba1410ba2e553ac6da20068c2714fc9405a76b64a35e5a5f3db14", "54f5f3b8f9310dfee013917c10d88dff4c524aa406e758c067e6ded17840834f", "55704fcf179904208e18ae3000599ae04869d57530fbb388f8e6aa37353e344c", "593d96413956b2ac7f3ac3cc7b9d5b106c480f8aa587789c48c77f43e15dccb3", "6da3c0667c67bb53ada30dfc2fa6dac45ee5b56197515d0c083ea155a893730f", "7781a10e637ee035b26e363c178fbcf9e07d30a32444b50b00c715376388f6e2", "856b831b3f7ada0bb31ade63f755c35f7f4f381a956956052fff69e8119815ee", "8b9781057d5595fee84b6c45830ecb83fc0f261d6d9ba73b066f3c4b9c7f2c88", "bcb55a2df28a554fa12c514979c2080cb4244ee171686b8f910ce70a7f1f513e", "be38aa13642e482adcf749e2cea5507e7942255e1b31c7c455c356dea793189f", "c74083c017fd115c3319f21234010c73650be020a95818b18aaca1b5902d73d8", "cadc40ac3e45eafe1977416e6bc4dd159ba74dd4becf5e177cdc6be9906c388e", "e4be229930351810431bc7c946fe36242e6e9f4c753578585c64fa1aebc09179", "eb95741a6ee9008efada291453ae1343a66d0eaa868b5554b6741d3d2a0dbd1a", "ebfe801ee7ba2cfaa5b89359dff445569ec7883064d1bfa9f2a6cfb5394fe841", "eda4243c382593841fa5ee68b3ecf0c4d307a1b1cd01f6081bdf93373383a19b", "f0165180238c73a0fcdb1f9ec4142a3d98054a613373d1e67ce22dcbe53c7b08"], "host": "lygumujycen[.]eu"}, {"hashes": ["08a7b276706517d28c3885c812f89b57549af4be14fe07059fc6f4651625f091", "091f71db383670a6815d3f57e5075000fc6fd016bc4823be5e7ae16bb53267a9", "0d7c8955acc824a085be5d45102c510212ca6c5f4df5fad897ee2d5923d34a1f", "14b6836f41d60a28868dc0fcd758b7a23b86a9d7b5f08fc463de6ed950a737d1", "1cc720425d2994b10536284c18e4a9e255ee5ea7ba21e6e6cafaf00310207a80", "342e45c1360a96d5b87847db6b3c85ef79bfda78c9f53a67a15424df91d78554", "4056a5fa6b1b28126a3ffbeb4d8a2a046ed8017e49ab1941c64bb913dc9a6ace", "446ea4991b5630082258be07dc8fc7ac4297f89a4de7b63fcf2e09937f0ed298", "4d923330bfbba1410ba2e553ac6da20068c2714fc9405a76b64a35e5a5f3db14", "54f5f3b8f9310dfee013917c10d88dff4c524aa406e758c067e6ded17840834f", "55704fcf179904208e18ae3000599ae04869d57530fbb388f8e6aa37353e344c", "593d96413956b2ac7f3ac3cc7b9d5b106c480f8aa587789c48c77f43e15dccb3", "6da3c0667c67bb53ada30dfc2fa6dac45ee5b56197515d0c083ea155a893730f", "7781a10e637ee035b26e363c178fbcf9e07d30a32444b50b00c715376388f6e2", "856b831b3f7ada0bb31ade63f755c35f7f4f381a956956052fff69e8119815ee", "8b9781057d5595fee84b6c45830ecb83fc0f261d6d9ba73b066f3c4b9c7f2c88", "bcb55a2df28a554fa12c514979c2080cb4244ee171686b8f910ce70a7f1f513e", "be38aa13642e482adcf749e2cea5507e7942255e1b31c7c455c356dea793189f", "c74083c017fd115c3319f21234010c73650be020a95818b18aaca1b5902d73d8", "cadc40ac3e45eafe1977416e6bc4dd159ba74dd4becf5e177cdc6be9906c388e", "e4be229930351810431bc7c946fe36242e6e9f4c753578585c64fa1aebc09179", "eb95741a6ee9008efada291453ae1343a66d0eaa868b5554b6741d3d2a0dbd1a", "ebfe801ee7ba2cfaa5b89359dff445569ec7883064d1bfa9f2a6cfb5394fe841", "eda4243c382593841fa5ee68b3ecf0c4d307a1b1cd01f6081bdf93373383a19b", "f0165180238c73a0fcdb1f9ec4142a3d98054a613373d1e67ce22dcbe53c7b08"], "host": "xudoxijiwef[.]eu"}, {"hashes": ["08a7b276706517d28c3885c812f89b57549af4be14fe07059fc6f4651625f091", "091f71db383670a6815d3f57e5075000fc6fd016bc4823be5e7ae16bb53267a9", "0d7c8955acc824a085be5d45102c510212ca6c5f4df5fad897ee2d5923d34a1f", "14b6836f41d60a28868dc0fcd758b7a23b86a9d7b5f08fc463de6ed950a737d1", "1cc720425d2994b10536284c18e4a9e255ee5ea7ba21e6e6cafaf00310207a80", "342e45c1360a96d5b87847db6b3c85ef79bfda78c9f53a67a15424df91d78554", "4056a5fa6b1b28126a3ffbeb4d8a2a046ed8017e49ab1941c64bb913dc9a6ace", "446ea4991b5630082258be07dc8fc7ac4297f89a4de7b63fcf2e09937f0ed298", "4d923330bfbba1410ba2e553ac6da20068c2714fc9405a76b64a35e5a5f3db14", "54f5f3b8f9310dfee013917c10d88dff4c524aa406e758c067e6ded17840834f", "55704fcf179904208e18ae3000599ae04869d57530fbb388f8e6aa37353e344c", "593d96413956b2ac7f3ac3cc7b9d5b106c480f8aa587789c48c77f43e15dccb3", "6da3c0667c67bb53ada30dfc2fa6dac45ee5b56197515d0c083ea155a893730f", "7781a10e637ee035b26e363c178fbcf9e07d30a32444b50b00c715376388f6e2", "856b831b3f7ada0bb31ade63f755c35f7f4f381a956956052fff69e8119815ee", "8b9781057d5595fee84b6c45830ecb83fc0f261d6d9ba73b066f3c4b9c7f2c88", "bcb55a2df28a554fa12c514979c2080cb4244ee171686b8f910ce70a7f1f513e", "be38aa13642e482adcf749e2cea5507e7942255e1b31c7c455c356dea793189f", "c74083c017fd115c3319f21234010c73650be020a95818b18aaca1b5902d73d8", "cadc40ac3e45eafe1977416e6bc4dd159ba74dd4becf5e177cdc6be9906c388e", "e4be229930351810431bc7c946fe36242e6e9f4c753578585c64fa1aebc09179", "eb95741a6ee9008efada291453ae1343a66d0eaa868b5554b6741d3d2a0dbd1a", "ebfe801ee7ba2cfaa5b89359dff445569ec7883064d1bfa9f2a6cfb5394fe841", "eda4243c382593841fa5ee68b3ecf0c4d307a1b1cd01f6081bdf93373383a19b", "f0165180238c73a0fcdb1f9ec4142a3d98054a613373d1e67ce22dcbe53c7b08"], "host": "pupoliqotul[.]eu"}, {"hashes": ["08a7b276706517d28c3885c812f89b57549af4be14fe07059fc6f4651625f091", "091f71db383670a6815d3f57e5075000fc6fd016bc4823be5e7ae16bb53267a9", "0d7c8955acc824a085be5d45102c510212ca6c5f4df5fad897ee2d5923d34a1f", "14b6836f41d60a28868dc0fcd758b7a23b86a9d7b5f08fc463de6ed950a737d1", "1cc720425d2994b10536284c18e4a9e255ee5ea7ba21e6e6cafaf00310207a80", "342e45c1360a96d5b87847db6b3c85ef79bfda78c9f53a67a15424df91d78554", "4056a5fa6b1b28126a3ffbeb4d8a2a046ed8017e49ab1941c64bb913dc9a6ace", "446ea4991b5630082258be07dc8fc7ac4297f89a4de7b63fcf2e09937f0ed298", "4d923330bfbba1410ba2e553ac6da20068c2714fc9405a76b64a35e5a5f3db14", "54f5f3b8f9310dfee013917c10d88dff4c524aa406e758c067e6ded17840834f", "55704fcf179904208e18ae3000599ae04869d57530fbb388f8e6aa37353e344c", "593d96413956b2ac7f3ac3cc7b9d5b106c480f8aa587789c48c77f43e15dccb3", "6da3c0667c67bb53ada30dfc2fa6dac45ee5b56197515d0c083ea155a893730f", "7781a10e637ee035b26e363c178fbcf9e07d30a32444b50b00c715376388f6e2", "856b831b3f7ada0bb31ade63f755c35f7f4f381a956956052fff69e8119815ee", "8b9781057d5595fee84b6c45830ecb83fc0f261d6d9ba73b066f3c4b9c7f2c88", "bcb55a2df28a554fa12c514979c2080cb4244ee171686b8f910ce70a7f1f513e", "be38aa13642e482adcf749e2cea5507e7942255e1b31c7c455c356dea793189f", "c74083c017fd115c3319f21234010c73650be020a95818b18aaca1b5902d73d8", "cadc40ac3e45eafe1977416e6bc4dd159ba74dd4becf5e177cdc6be9906c388e", "e4be229930351810431bc7c946fe36242e6e9f4c753578585c64fa1aebc09179", "eb95741a6ee9008efada291453ae1343a66d0eaa868b5554b6741d3d2a0dbd1a", "ebfe801ee7ba2cfaa5b89359dff445569ec7883064d1bfa9f2a6cfb5394fe841", "eda4243c382593841fa5ee68b3ecf0c4d307a1b1cd01f6081bdf93373383a19b", "f0165180238c73a0fcdb1f9ec4142a3d98054a613373d1e67ce22dcbe53c7b08"], "host": "citahikodab[.]eu"}, {"hashes": ["08a7b276706517d28c3885c812f89b57549af4be14fe07059fc6f4651625f091", "091f71db383670a6815d3f57e5075000fc6fd016bc4823be5e7ae16bb53267a9", "0d7c8955acc824a085be5d45102c510212ca6c5f4df5fad897ee2d5923d34a1f", "14b6836f41d60a28868dc0fcd758b7a23b86a9d7b5f08fc463de6ed950a737d1", "1cc720425d2994b10536284c18e4a9e255ee5ea7ba21e6e6cafaf00310207a80", "342e45c1360a96d5b87847db6b3c85ef79bfda78c9f53a67a15424df91d78554", "4056a5fa6b1b28126a3ffbeb4d8a2a046ed8017e49ab1941c64bb913dc9a6ace", "446ea4991b5630082258be07dc8fc7ac4297f89a4de7b63fcf2e09937f0ed298", "4d923330bfbba1410ba2e553ac6da20068c2714fc9405a76b64a35e5a5f3db14", "54f5f3b8f9310dfee013917c10d88dff4c524aa406e758c067e6ded17840834f", "55704fcf179904208e18ae3000599ae04869d57530fbb388f8e6aa37353e344c", "593d96413956b2ac7f3ac3cc7b9d5b106c480f8aa587789c48c77f43e15dccb3", "6da3c0667c67bb53ada30dfc2fa6dac45ee5b56197515d0c083ea155a893730f", "7781a10e637ee035b26e363c178fbcf9e07d30a32444b50b00c715376388f6e2", "856b831b3f7ada0bb31ade63f755c35f7f4f381a956956052fff69e8119815ee", "8b9781057d5595fee84b6c45830ecb83fc0f261d6d9ba73b066f3c4b9c7f2c88", "bcb55a2df28a554fa12c514979c2080cb4244ee171686b8f910ce70a7f1f513e", "be38aa13642e482adcf749e2cea5507e7942255e1b31c7c455c356dea793189f", "c74083c017fd115c3319f21234010c73650be020a95818b18aaca1b5902d73d8", "cadc40ac3e45eafe1977416e6bc4dd159ba74dd4becf5e177cdc6be9906c388e", "e4be229930351810431bc7c946fe36242e6e9f4c753578585c64fa1aebc09179", "eb95741a6ee9008efada291453ae1343a66d0eaa868b5554b6741d3d2a0dbd1a", "ebfe801ee7ba2cfaa5b89359dff445569ec7883064d1bfa9f2a6cfb5394fe841", "eda4243c382593841fa5ee68b3ecf0c4d307a1b1cd01f6081bdf93373383a19b", "f0165180238c73a0fcdb1f9ec4142a3d98054a613373d1e67ce22dcbe53c7b08"], "host": "direfiwahur[.]eu"}, {"hashes": ["08a7b276706517d28c3885c812f89b57549af4be14fe07059fc6f4651625f091", "091f71db383670a6815d3f57e5075000fc6fd016bc4823be5e7ae16bb53267a9", "0d7c8955acc824a085be5d45102c510212ca6c5f4df5fad897ee2d5923d34a1f", "14b6836f41d60a28868dc0fcd758b7a23b86a9d7b5f08fc463de6ed950a737d1", "1cc720425d2994b10536284c18e4a9e255ee5ea7ba21e6e6cafaf00310207a80", "342e45c1360a96d5b87847db6b3c85ef79bfda78c9f53a67a15424df91d78554", "4056a5fa6b1b28126a3ffbeb4d8a2a046ed8017e49ab1941c64bb913dc9a6ace", "446ea4991b5630082258be07dc8fc7ac4297f89a4de7b63fcf2e09937f0ed298", "4d923330bfbba1410ba2e553ac6da20068c2714fc9405a76b64a35e5a5f3db14", "54f5f3b8f9310dfee013917c10d88dff4c524aa406e758c067e6ded17840834f", "55704fcf179904208e18ae3000599ae04869d57530fbb388f8e6aa37353e344c", "593d96413956b2ac7f3ac3cc7b9d5b106c480f8aa587789c48c77f43e15dccb3", "6da3c0667c67bb53ada30dfc2fa6dac45ee5b56197515d0c083ea155a893730f", "7781a10e637ee035b26e363c178fbcf9e07d30a32444b50b00c715376388f6e2", "856b831b3f7ada0bb31ade63f755c35f7f4f381a956956052fff69e8119815ee", "8b9781057d5595fee84b6c45830ecb83fc0f261d6d9ba73b066f3c4b9c7f2c88", "bcb55a2df28a554fa12c514979c2080cb4244ee171686b8f910ce70a7f1f513e", "be38aa13642e482adcf749e2cea5507e7942255e1b31c7c455c356dea793189f", "c74083c017fd115c3319f21234010c73650be020a95818b18aaca1b5902d73d8", "cadc40ac3e45eafe1977416e6bc4dd159ba74dd4becf5e177cdc6be9906c388e", "e4be229930351810431bc7c946fe36242e6e9f4c753578585c64fa1aebc09179", "eb95741a6ee9008efada291453ae1343a66d0eaa868b5554b6741d3d2a0dbd1a", "ebfe801ee7ba2cfaa5b89359dff445569ec7883064d1bfa9f2a6cfb5394fe841", "eda4243c382593841fa5ee68b3ecf0c4d307a1b1cd01f6081bdf93373383a19b", "f0165180238c73a0fcdb1f9ec4142a3d98054a613373d1e67ce22dcbe53c7b08"], "host": "vowypikelaf[.]eu"}, {"hashes": ["08a7b276706517d28c3885c812f89b57549af4be14fe07059fc6f4651625f091", "091f71db383670a6815d3f57e5075000fc6fd016bc4823be5e7ae16bb53267a9", "0d7c8955acc824a085be5d45102c510212ca6c5f4df5fad897ee2d5923d34a1f", "14b6836f41d60a28868dc0fcd758b7a23b86a9d7b5f08fc463de6ed950a737d1", "1cc720425d2994b10536284c18e4a9e255ee5ea7ba21e6e6cafaf00310207a80", "342e45c1360a96d5b87847db6b3c85ef79bfda78c9f53a67a15424df91d78554", "4056a5fa6b1b28126a3ffbeb4d8a2a046ed8017e49ab1941c64bb913dc9a6ace", "446ea4991b5630082258be07dc8fc7ac4297f89a4de7b63fcf2e09937f0ed298", "4d923330bfbba1410ba2e553ac6da20068c2714fc9405a76b64a35e5a5f3db14", "54f5f3b8f9310dfee013917c10d88dff4c524aa406e758c067e6ded17840834f", "55704fcf179904208e18ae3000599ae04869d57530fbb388f8e6aa37353e344c", "593d96413956b2ac7f3ac3cc7b9d5b106c480f8aa587789c48c77f43e15dccb3", "6da3c0667c67bb53ada30dfc2fa6dac45ee5b56197515d0c083ea155a893730f", "7781a10e637ee035b26e363c178fbcf9e07d30a32444b50b00c715376388f6e2", "856b831b3f7ada0bb31ade63f755c35f7f4f381a956956052fff69e8119815ee", "8b9781057d5595fee84b6c45830ecb83fc0f261d6d9ba73b066f3c4b9c7f2c88", "bcb55a2df28a554fa12c514979c2080cb4244ee171686b8f910ce70a7f1f513e", "be38aa13642e482adcf749e2cea5507e7942255e1b31c7c455c356dea793189f", "c74083c017fd115c3319f21234010c73650be020a95818b18aaca1b5902d73d8", "cadc40ac3e45eafe1977416e6bc4dd159ba74dd4becf5e177cdc6be9906c388e", "e4be229930351810431bc7c946fe36242e6e9f4c753578585c64fa1aebc09179", "eb95741a6ee9008efada291453ae1343a66d0eaa868b5554b6741d3d2a0dbd1a", "ebfe801ee7ba2cfaa5b89359dff445569ec7883064d1bfa9f2a6cfb5394fe841", "eda4243c382593841fa5ee68b3ecf0c4d307a1b1cd01f6081bdf93373383a19b", "f0165180238c73a0fcdb1f9ec4142a3d98054a613373d1e67ce22dcbe53c7b08"], "host": "foqurowyxul[.]eu"}, {"hashes": ["08a7b276706517d28c3885c812f89b57549af4be14fe07059fc6f4651625f091", "091f71db383670a6815d3f57e5075000fc6fd016bc4823be5e7ae16bb53267a9", "0d7c8955acc824a085be5d45102c510212ca6c5f4df5fad897ee2d5923d34a1f", "14b6836f41d60a28868dc0fcd758b7a23b86a9d7b5f08fc463de6ed950a737d1", "1cc720425d2994b10536284c18e4a9e255ee5ea7ba21e6e6cafaf00310207a80", "342e45c1360a96d5b87847db6b3c85ef79bfda78c9f53a67a15424df91d78554", "4056a5fa6b1b28126a3ffbeb4d8a2a046ed8017e49ab1941c64bb913dc9a6ace", "446ea4991b5630082258be07dc8fc7ac4297f89a4de7b63fcf2e09937f0ed298", "4d923330bfbba1410ba2e553ac6da20068c2714fc9405a76b64a35e5a5f3db14", "54f5f3b8f9310dfee013917c10d88dff4c524aa406e758c067e6ded17840834f", "55704fcf179904208e18ae3000599ae04869d57530fbb388f8e6aa37353e344c", "593d96413956b2ac7f3ac3cc7b9d5b106c480f8aa587789c48c77f43e15dccb3", "6da3c0667c67bb53ada30dfc2fa6dac45ee5b56197515d0c083ea155a893730f", "7781a10e637ee035b26e363c178fbcf9e07d30a32444b50b00c715376388f6e2", "856b831b3f7ada0bb31ade63f755c35f7f4f381a956956052fff69e8119815ee", "8b9781057d5595fee84b6c45830ecb83fc0f261d6d9ba73b066f3c4b9c7f2c88", "bcb55a2df28a554fa12c514979c2080cb4244ee171686b8f910ce70a7f1f513e", "be38aa13642e482adcf749e2cea5507e7942255e1b31c7c455c356dea793189f", "c74083c017fd115c3319f21234010c73650be020a95818b18aaca1b5902d73d8", "cadc40ac3e45eafe1977416e6bc4dd159ba74dd4becf5e177cdc6be9906c388e", "e4be229930351810431bc7c946fe36242e6e9f4c753578585c64fa1aebc09179", "eb95741a6ee9008efada291453ae1343a66d0eaa868b5554b6741d3d2a0dbd1a", "ebfe801ee7ba2cfaa5b89359dff445569ec7883064d1bfa9f2a6cfb5394fe841", "eda4243c382593841fa5ee68b3ecf0c4d307a1b1cd01f6081bdf93373383a19b", "f0165180238c73a0fcdb1f9ec4142a3d98054a613373d1e67ce22dcbe53c7b08"], "host": "nomimokubab[.]eu"}, {"hashes": ["08a7b276706517d28c3885c812f89b57549af4be14fe07059fc6f4651625f091", "091f71db383670a6815d3f57e5075000fc6fd016bc4823be5e7ae16bb53267a9", "0d7c8955acc824a085be5d45102c510212ca6c5f4df5fad897ee2d5923d34a1f", "14b6836f41d60a28868dc0fcd758b7a23b86a9d7b5f08fc463de6ed950a737d1", "1cc720425d2994b10536284c18e4a9e255ee5ea7ba21e6e6cafaf00310207a80", "342e45c1360a96d5b87847db6b3c85ef79bfda78c9f53a67a15424df91d78554", "4056a5fa6b1b28126a3ffbeb4d8a2a046ed8017e49ab1941c64bb913dc9a6ace", "446ea4991b5630082258be07dc8fc7ac4297f89a4de7b63fcf2e09937f0ed298", "4d923330bfbba1410ba2e553ac6da20068c2714fc9405a76b64a35e5a5f3db14", "54f5f3b8f9310dfee013917c10d88dff4c524aa406e758c067e6ded17840834f", "55704fcf179904208e18ae3000599ae04869d57530fbb388f8e6aa37353e344c", "593d96413956b2ac7f3ac3cc7b9d5b106c480f8aa587789c48c77f43e15dccb3", "6da3c0667c67bb53ada30dfc2fa6dac45ee5b56197515d0c083ea155a893730f", "7781a10e637ee035b26e363c178fbcf9e07d30a32444b50b00c715376388f6e2", "856b831b3f7ada0bb31ade63f755c35f7f4f381a956956052fff69e8119815ee", "8b9781057d5595fee84b6c45830ecb83fc0f261d6d9ba73b066f3c4b9c7f2c88", "bcb55a2df28a554fa12c514979c2080cb4244ee171686b8f910ce70a7f1f513e", "be38aa13642e482adcf749e2cea5507e7942255e1b31c7c455c356dea793189f", "c74083c017fd115c3319f21234010c73650be020a95818b18aaca1b5902d73d8", "cadc40ac3e45eafe1977416e6bc4dd159ba74dd4becf5e177cdc6be9906c388e", "e4be229930351810431bc7c946fe36242e6e9f4c753578585c64fa1aebc09179", "eb95741a6ee9008efada291453ae1343a66d0eaa868b5554b6741d3d2a0dbd1a", "ebfe801ee7ba2cfaa5b89359dff445569ec7883064d1bfa9f2a6cfb5394fe841", "eda4243c382593841fa5ee68b3ecf0c4d307a1b1cd01f6081bdf93373383a19b", "f0165180238c73a0fcdb1f9ec4142a3d98054a613373d1e67ce22dcbe53c7b08"], "host": "ganovowuqur[.]eu"}, {"hashes": ["08a7b276706517d28c3885c812f89b57549af4be14fe07059fc6f4651625f091", "091f71db383670a6815d3f57e5075000fc6fd016bc4823be5e7ae16bb53267a9", "0d7c8955acc824a085be5d45102c510212ca6c5f4df5fad897ee2d5923d34a1f", "14b6836f41d60a28868dc0fcd758b7a23b86a9d7b5f08fc463de6ed950a737d1", "1cc720425d2994b10536284c18e4a9e255ee5ea7ba21e6e6cafaf00310207a80", "342e45c1360a96d5b87847db6b3c85ef79bfda78c9f53a67a15424df91d78554", "4056a5fa6b1b28126a3ffbeb4d8a2a046ed8017e49ab1941c64bb913dc9a6ace", "446ea4991b5630082258be07dc8fc7ac4297f89a4de7b63fcf2e09937f0ed298", "4d923330bfbba1410ba2e553ac6da20068c2714fc9405a76b64a35e5a5f3db14", "54f5f3b8f9310dfee013917c10d88dff4c524aa406e758c067e6ded17840834f", "55704fcf179904208e18ae3000599ae04869d57530fbb388f8e6aa37353e344c", "593d96413956b2ac7f3ac3cc7b9d5b106c480f8aa587789c48c77f43e15dccb3", "6da3c0667c67bb53ada30dfc2fa6dac45ee5b56197515d0c083ea155a893730f", "7781a10e637ee035b26e363c178fbcf9e07d30a32444b50b00c715376388f6e2", "856b831b3f7ada0bb31ade63f755c35f7f4f381a956956052fff69e8119815ee", "8b9781057d5595fee84b6c45830ecb83fc0f261d6d9ba73b066f3c4b9c7f2c88", "bcb55a2df28a554fa12c514979c2080cb4244ee171686b8f910ce70a7f1f513e", "be38aa13642e482adcf749e2cea5507e7942255e1b31c7c455c356dea793189f", "c74083c017fd115c3319f21234010c73650be020a95818b18aaca1b5902d73d8", "cadc40ac3e45eafe1977416e6bc4dd159ba74dd4becf5e177cdc6be9906c388e", "e4be229930351810431bc7c946fe36242e6e9f4c753578585c64fa1aebc09179", "eb95741a6ee9008efada291453ae1343a66d0eaa868b5554b6741d3d2a0dbd1a", "ebfe801ee7ba2cfaa5b89359dff445569ec7883064d1bfa9f2a6cfb5394fe841", "eda4243c382593841fa5ee68b3ecf0c4d307a1b1cd01f6081bdf93373383a19b", "f0165180238c73a0fcdb1f9ec4142a3d98054a613373d1e67ce22dcbe53c7b08"], "host": "mavaxokitad[.]eu"}, {"hashes": ["08a7b276706517d28c3885c812f89b57549af4be14fe07059fc6f4651625f091", "091f71db383670a6815d3f57e5075000fc6fd016bc4823be5e7ae16bb53267a9", "0d7c8955acc824a085be5d45102c510212ca6c5f4df5fad897ee2d5923d34a1f", "14b6836f41d60a28868dc0fcd758b7a23b86a9d7b5f08fc463de6ed950a737d1", "1cc720425d2994b10536284c18e4a9e255ee5ea7ba21e6e6cafaf00310207a80", "342e45c1360a96d5b87847db6b3c85ef79bfda78c9f53a67a15424df91d78554", "4056a5fa6b1b28126a3ffbeb4d8a2a046ed8017e49ab1941c64bb913dc9a6ace", "446ea4991b5630082258be07dc8fc7ac4297f89a4de7b63fcf2e09937f0ed298", "4d923330bfbba1410ba2e553ac6da20068c2714fc9405a76b64a35e5a5f3db14", "54f5f3b8f9310dfee013917c10d88dff4c524aa406e758c067e6ded17840834f", "55704fcf179904208e18ae3000599ae04869d57530fbb388f8e6aa37353e344c", "593d96413956b2ac7f3ac3cc7b9d5b106c480f8aa587789c48c77f43e15dccb3", "6da3c0667c67bb53ada30dfc2fa6dac45ee5b56197515d0c083ea155a893730f", "7781a10e637ee035b26e363c178fbcf9e07d30a32444b50b00c715376388f6e2", "856b831b3f7ada0bb31ade63f755c35f7f4f381a956956052fff69e8119815ee", "8b9781057d5595fee84b6c45830ecb83fc0f261d6d9ba73b066f3c4b9c7f2c88", "bcb55a2df28a554fa12c514979c2080cb4244ee171686b8f910ce70a7f1f513e", "be38aa13642e482adcf749e2cea5507e7942255e1b31c7c455c356dea793189f", "c74083c017fd115c3319f21234010c73650be020a95818b18aaca1b5902d73d8", "cadc40ac3e45eafe1977416e6bc4dd159ba74dd4becf5e177cdc6be9906c388e", "e4be229930351810431bc7c946fe36242e6e9f4c753578585c64fa1aebc09179", "eb95741a6ee9008efada291453ae1343a66d0eaa868b5554b6741d3d2a0dbd1a", "ebfe801ee7ba2cfaa5b89359dff445569ec7883064d1bfa9f2a6cfb5394fe841", "eda4243c382593841fa5ee68b3ecf0c4d307a1b1cd01f6081bdf93373383a19b", "f0165180238c73a0fcdb1f9ec4142a3d98054a613373d1e67ce22dcbe53c7b08"], "host": "rylupalyxad[.]eu"}, {"hashes": ["08a7b276706517d28c3885c812f89b57549af4be14fe07059fc6f4651625f091", "091f71db383670a6815d3f57e5075000fc6fd016bc4823be5e7ae16bb53267a9", "0d7c8955acc824a085be5d45102c510212ca6c5f4df5fad897ee2d5923d34a1f", "14b6836f41d60a28868dc0fcd758b7a23b86a9d7b5f08fc463de6ed950a737d1", "1cc720425d2994b10536284c18e4a9e255ee5ea7ba21e6e6cafaf00310207a80", "342e45c1360a96d5b87847db6b3c85ef79bfda78c9f53a67a15424df91d78554", "4056a5fa6b1b28126a3ffbeb4d8a2a046ed8017e49ab1941c64bb913dc9a6ace", "446ea4991b5630082258be07dc8fc7ac4297f89a4de7b63fcf2e09937f0ed298", "4d923330bfbba1410ba2e553ac6da20068c2714fc9405a76b64a35e5a5f3db14", "54f5f3b8f9310dfee013917c10d88dff4c524aa406e758c067e6ded17840834f", "55704fcf179904208e18ae3000599ae04869d57530fbb388f8e6aa37353e344c", "593d96413956b2ac7f3ac3cc7b9d5b106c480f8aa587789c48c77f43e15dccb3", "6da3c0667c67bb53ada30dfc2fa6dac45ee5b56197515d0c083ea155a893730f", "7781a10e637ee035b26e363c178fbcf9e07d30a32444b50b00c715376388f6e2", "856b831b3f7ada0bb31ade63f755c35f7f4f381a956956052fff69e8119815ee", "8b9781057d5595fee84b6c45830ecb83fc0f261d6d9ba73b066f3c4b9c7f2c88", "bcb55a2df28a554fa12c514979c2080cb4244ee171686b8f910ce70a7f1f513e", "be38aa13642e482adcf749e2cea5507e7942255e1b31c7c455c356dea793189f", "c74083c017fd115c3319f21234010c73650be020a95818b18aaca1b5902d73d8", "cadc40ac3e45eafe1977416e6bc4dd159ba74dd4becf5e177cdc6be9906c388e", "e4be229930351810431bc7c946fe36242e6e9f4c753578585c64fa1aebc09179", "eb95741a6ee9008efada291453ae1343a66d0eaa868b5554b6741d3d2a0dbd1a", "ebfe801ee7ba2cfaa5b89359dff445569ec7883064d1bfa9f2a6cfb5394fe841", "eda4243c382593841fa5ee68b3ecf0c4d307a1b1cd01f6081bdf93373383a19b", "f0165180238c73a0fcdb1f9ec4142a3d98054a613373d1e67ce22dcbe53c7b08"], "host": "jecekorosuk[.]eu"}, {"hashes": ["08a7b276706517d28c3885c812f89b57549af4be14fe07059fc6f4651625f091", "091f71db383670a6815d3f57e5075000fc6fd016bc4823be5e7ae16bb53267a9", "0d7c8955acc824a085be5d45102c510212ca6c5f4df5fad897ee2d5923d34a1f", "14b6836f41d60a28868dc0fcd758b7a23b86a9d7b5f08fc463de6ed950a737d1", "1cc720425d2994b10536284c18e4a9e255ee5ea7ba21e6e6cafaf00310207a80", "342e45c1360a96d5b87847db6b3c85ef79bfda78c9f53a67a15424df91d78554", "4056a5fa6b1b28126a3ffbeb4d8a2a046ed8017e49ab1941c64bb913dc9a6ace", "446ea4991b5630082258be07dc8fc7ac4297f89a4de7b63fcf2e09937f0ed298", "4d923330bfbba1410ba2e553ac6da20068c2714fc9405a76b64a35e5a5f3db14", "54f5f3b8f9310dfee013917c10d88dff4c524aa406e758c067e6ded17840834f", "55704fcf179904208e18ae3000599ae04869d57530fbb388f8e6aa37353e344c", "593d96413956b2ac7f3ac3cc7b9d5b106c480f8aa587789c48c77f43e15dccb3", "6da3c0667c67bb53ada30dfc2fa6dac45ee5b56197515d0c083ea155a893730f", "7781a10e637ee035b26e363c178fbcf9e07d30a32444b50b00c715376388f6e2", "856b831b3f7ada0bb31ade63f755c35f7f4f381a956956052fff69e8119815ee", "8b9781057d5595fee84b6c45830ecb83fc0f261d6d9ba73b066f3c4b9c7f2c88", "bcb55a2df28a554fa12c514979c2080cb4244ee171686b8f910ce70a7f1f513e", "be38aa13642e482adcf749e2cea5507e7942255e1b31c7c455c356dea793189f", "c74083c017fd115c3319f21234010c73650be020a95818b18aaca1b5902d73d8", "cadc40ac3e45eafe1977416e6bc4dd159ba74dd4becf5e177cdc6be9906c388e", "e4be229930351810431bc7c946fe36242e6e9f4c753578585c64fa1aebc09179", "eb95741a6ee9008efada291453ae1343a66d0eaa868b5554b6741d3d2a0dbd1a", "ebfe801ee7ba2cfaa5b89359dff445569ec7883064d1bfa9f2a6cfb5394fe841", "eda4243c382593841fa5ee68b3ecf0c4d307a1b1cd01f6081bdf93373383a19b", "f0165180238c73a0fcdb1f9ec4142a3d98054a613373d1e67ce22dcbe53c7b08"], "host": "lykiwaryvuk[.]eu"}, {"hashes": ["08a7b276706517d28c3885c812f89b57549af4be14fe07059fc6f4651625f091", "091f71db383670a6815d3f57e5075000fc6fd016bc4823be5e7ae16bb53267a9", "0d7c8955acc824a085be5d45102c510212ca6c5f4df5fad897ee2d5923d34a1f", "14b6836f41d60a28868dc0fcd758b7a23b86a9d7b5f08fc463de6ed950a737d1", "1cc720425d2994b10536284c18e4a9e255ee5ea7ba21e6e6cafaf00310207a80", "342e45c1360a96d5b87847db6b3c85ef79bfda78c9f53a67a15424df91d78554", "4056a5fa6b1b28126a3ffbeb4d8a2a046ed8017e49ab1941c64bb913dc9a6ace", "446ea4991b5630082258be07dc8fc7ac4297f89a4de7b63fcf2e09937f0ed298", "4d923330bfbba1410ba2e553ac6da20068c2714fc9405a76b64a35e5a5f3db14", "54f5f3b8f9310dfee013917c10d88dff4c524aa406e758c067e6ded17840834f", "55704fcf179904208e18ae3000599ae04869d57530fbb388f8e6aa37353e344c", "593d96413956b2ac7f3ac3cc7b9d5b106c480f8aa587789c48c77f43e15dccb3", "6da3c0667c67bb53ada30dfc2fa6dac45ee5b56197515d0c083ea155a893730f", "7781a10e637ee035b26e363c178fbcf9e07d30a32444b50b00c715376388f6e2", "856b831b3f7ada0bb31ade63f755c35f7f4f381a956956052fff69e8119815ee", "8b9781057d5595fee84b6c45830ecb83fc0f261d6d9ba73b066f3c4b9c7f2c88", "bcb55a2df28a554fa12c514979c2080cb4244ee171686b8f910ce70a7f1f513e", "be38aa13642e482adcf749e2cea5507e7942255e1b31c7c455c356dea793189f", "c74083c017fd115c3319f21234010c73650be020a95818b18aaca1b5902d73d8", "cadc40ac3e45eafe1977416e6bc4dd159ba74dd4becf5e177cdc6be9906c388e", "e4be229930351810431bc7c946fe36242e6e9f4c753578585c64fa1aebc09179", "eb95741a6ee9008efada291453ae1343a66d0eaa868b5554b6741d3d2a0dbd1a", "ebfe801ee7ba2cfaa5b89359dff445569ec7883064d1bfa9f2a6cfb5394fe841", "eda4243c382593841fa5ee68b3ecf0c4d307a1b1cd01f6081bdf93373383a19b", "f0165180238c73a0fcdb1f9ec4142a3d98054a613373d1e67ce22dcbe53c7b08"], "host": "kezydorekuw[.]eu"}, {"hashes": ["08a7b276706517d28c3885c812f89b57549af4be14fe07059fc6f4651625f091", "091f71db383670a6815d3f57e5075000fc6fd016bc4823be5e7ae16bb53267a9", "0d7c8955acc824a085be5d45102c510212ca6c5f4df5fad897ee2d5923d34a1f", "14b6836f41d60a28868dc0fcd758b7a23b86a9d7b5f08fc463de6ed950a737d1", "1cc720425d2994b10536284c18e4a9e255ee5ea7ba21e6e6cafaf00310207a80", "342e45c1360a96d5b87847db6b3c85ef79bfda78c9f53a67a15424df91d78554", "4056a5fa6b1b28126a3ffbeb4d8a2a046ed8017e49ab1941c64bb913dc9a6ace", "446ea4991b5630082258be07dc8fc7ac4297f89a4de7b63fcf2e09937f0ed298", "4d923330bfbba1410ba2e553ac6da20068c2714fc9405a76b64a35e5a5f3db14", "54f5f3b8f9310dfee013917c10d88dff4c524aa406e758c067e6ded17840834f", "55704fcf179904208e18ae3000599ae04869d57530fbb388f8e6aa37353e344c", "593d96413956b2ac7f3ac3cc7b9d5b106c480f8aa587789c48c77f43e15dccb3", "6da3c0667c67bb53ada30dfc2fa6dac45ee5b56197515d0c083ea155a893730f", "7781a10e637ee035b26e363c178fbcf9e07d30a32444b50b00c715376388f6e2", "856b831b3f7ada0bb31ade63f755c35f7f4f381a956956052fff69e8119815ee", "8b9781057d5595fee84b6c45830ecb83fc0f261d6d9ba73b066f3c4b9c7f2c88", "bcb55a2df28a554fa12c514979c2080cb4244ee171686b8f910ce70a7f1f513e", "be38aa13642e482adcf749e2cea5507e7942255e1b31c7c455c356dea793189f", "c74083c017fd115c3319f21234010c73650be020a95818b18aaca1b5902d73d8", "cadc40ac3e45eafe1977416e6bc4dd159ba74dd4becf5e177cdc6be9906c388e", "e4be229930351810431bc7c946fe36242e6e9f4c753578585c64fa1aebc09179", "eb95741a6ee9008efada291453ae1343a66d0eaa868b5554b6741d3d2a0dbd1a", "ebfe801ee7ba2cfaa5b89359dff445569ec7883064d1bfa9f2a6cfb5394fe841", "eda4243c382593841fa5ee68b3ecf0c4d307a1b1cd01f6081bdf93373383a19b", "f0165180238c73a0fcdb1f9ec4142a3d98054a613373d1e67ce22dcbe53c7b08"], "host": "pufexalopas[.]eu"}, {"hashes": ["08a7b276706517d28c3885c812f89b57549af4be14fe07059fc6f4651625f091", "091f71db383670a6815d3f57e5075000fc6fd016bc4823be5e7ae16bb53267a9", "0d7c8955acc824a085be5d45102c510212ca6c5f4df5fad897ee2d5923d34a1f", "14b6836f41d60a28868dc0fcd758b7a23b86a9d7b5f08fc463de6ed950a737d1", "1cc720425d2994b10536284c18e4a9e255ee5ea7ba21e6e6cafaf00310207a80", "342e45c1360a96d5b87847db6b3c85ef79bfda78c9f53a67a15424df91d78554", "4056a5fa6b1b28126a3ffbeb4d8a2a046ed8017e49ab1941c64bb913dc9a6ace", "446ea4991b5630082258be07dc8fc7ac4297f89a4de7b63fcf2e09937f0ed298", "4d923330bfbba1410ba2e553ac6da20068c2714fc9405a76b64a35e5a5f3db14", "54f5f3b8f9310dfee013917c10d88dff4c524aa406e758c067e6ded17840834f", "55704fcf179904208e18ae3000599ae04869d57530fbb388f8e6aa37353e344c", "593d96413956b2ac7f3ac3cc7b9d5b106c480f8aa587789c48c77f43e15dccb3", "6da3c0667c67bb53ada30dfc2fa6dac45ee5b56197515d0c083ea155a893730f", "7781a10e637ee035b26e363c178fbcf9e07d30a32444b50b00c715376388f6e2", "856b831b3f7ada0bb31ade63f755c35f7f4f381a956956052fff69e8119815ee", "8b9781057d5595fee84b6c45830ecb83fc0f261d6d9ba73b066f3c4b9c7f2c88", "bcb55a2df28a554fa12c514979c2080cb4244ee171686b8f910ce70a7f1f513e", "be38aa13642e482adcf749e2cea5507e7942255e1b31c7c455c356dea793189f", "c74083c017fd115c3319f21234010c73650be020a95818b18aaca1b5902d73d8", "cadc40ac3e45eafe1977416e6bc4dd159ba74dd4becf5e177cdc6be9906c388e", "e4be229930351810431bc7c946fe36242e6e9f4c753578585c64fa1aebc09179", "eb95741a6ee9008efada291453ae1343a66d0eaa868b5554b6741d3d2a0dbd1a", "ebfe801ee7ba2cfaa5b89359dff445569ec7883064d1bfa9f2a6cfb5394fe841", "eda4243c382593841fa5ee68b3ecf0c4d307a1b1cd01f6081bdf93373383a19b", "f0165180238c73a0fcdb1f9ec4142a3d98054a613373d1e67ce22dcbe53c7b08"], "host": "qexeholagav[.]eu"}, {"hashes": ["08a7b276706517d28c3885c812f89b57549af4be14fe07059fc6f4651625f091", "091f71db383670a6815d3f57e5075000fc6fd016bc4823be5e7ae16bb53267a9", "0d7c8955acc824a085be5d45102c510212ca6c5f4df5fad897ee2d5923d34a1f", "14b6836f41d60a28868dc0fcd758b7a23b86a9d7b5f08fc463de6ed950a737d1", "1cc720425d2994b10536284c18e4a9e255ee5ea7ba21e6e6cafaf00310207a80", "342e45c1360a96d5b87847db6b3c85ef79bfda78c9f53a67a15424df91d78554", "4056a5fa6b1b28126a3ffbeb4d8a2a046ed8017e49ab1941c64bb913dc9a6ace", "446ea4991b5630082258be07dc8fc7ac4297f89a4de7b63fcf2e09937f0ed298", "4d923330bfbba1410ba2e553ac6da20068c2714fc9405a76b64a35e5a5f3db14", "54f5f3b8f9310dfee013917c10d88dff4c524aa406e758c067e6ded17840834f", "55704fcf179904208e18ae3000599ae04869d57530fbb388f8e6aa37353e344c", "593d96413956b2ac7f3ac3cc7b9d5b106c480f8aa587789c48c77f43e15dccb3", "6da3c0667c67bb53ada30dfc2fa6dac45ee5b56197515d0c083ea155a893730f", "7781a10e637ee035b26e363c178fbcf9e07d30a32444b50b00c715376388f6e2", "856b831b3f7ada0bb31ade63f755c35f7f4f381a956956052fff69e8119815ee", "8b9781057d5595fee84b6c45830ecb83fc0f261d6d9ba73b066f3c4b9c7f2c88", "bcb55a2df28a554fa12c514979c2080cb4244ee171686b8f910ce70a7f1f513e", "be38aa13642e482adcf749e2cea5507e7942255e1b31c7c455c356dea793189f", "c74083c017fd115c3319f21234010c73650be020a95818b18aaca1b5902d73d8", "cadc40ac3e45eafe1977416e6bc4dd159ba74dd4becf5e177cdc6be9906c388e", "e4be229930351810431bc7c946fe36242e6e9f4c753578585c64fa1aebc09179", "eb95741a6ee9008efada291453ae1343a66d0eaa868b5554b6741d3d2a0dbd1a", "ebfe801ee7ba2cfaa5b89359dff445569ec7883064d1bfa9f2a6cfb5394fe841", "eda4243c382593841fa5ee68b3ecf0c4d307a1b1cd01f6081bdf93373383a19b", "f0165180238c73a0fcdb1f9ec4142a3d98054a613373d1e67ce22dcbe53c7b08"], "host": "xugavariruq[.]eu"}, {"hashes": ["08a7b276706517d28c3885c812f89b57549af4be14fe07059fc6f4651625f091", "091f71db383670a6815d3f57e5075000fc6fd016bc4823be5e7ae16bb53267a9", "0d7c8955acc824a085be5d45102c510212ca6c5f4df5fad897ee2d5923d34a1f", "14b6836f41d60a28868dc0fcd758b7a23b86a9d7b5f08fc463de6ed950a737d1", "1cc720425d2994b10536284c18e4a9e255ee5ea7ba21e6e6cafaf00310207a80", "342e45c1360a96d5b87847db6b3c85ef79bfda78c9f53a67a15424df91d78554", "4056a5fa6b1b28126a3ffbeb4d8a2a046ed8017e49ab1941c64bb913dc9a6ace", "446ea4991b5630082258be07dc8fc7ac4297f89a4de7b63fcf2e09937f0ed298", "4d923330bfbba1410ba2e553ac6da20068c2714fc9405a76b64a35e5a5f3db14", "54f5f3b8f9310dfee013917c10d88dff4c524aa406e758c067e6ded17840834f", "55704fcf179904208e18ae3000599ae04869d57530fbb388f8e6aa37353e344c", "593d96413956b2ac7f3ac3cc7b9d5b106c480f8aa587789c48c77f43e15dccb3", "6da3c0667c67bb53ada30dfc2fa6dac45ee5b56197515d0c083ea155a893730f", "7781a10e637ee035b26e363c178fbcf9e07d30a32444b50b00c715376388f6e2", "856b831b3f7ada0bb31ade63f755c35f7f4f381a956956052fff69e8119815ee", "8b9781057d5595fee84b6c45830ecb83fc0f261d6d9ba73b066f3c4b9c7f2c88", "bcb55a2df28a554fa12c514979c2080cb4244ee171686b8f910ce70a7f1f513e", "be38aa13642e482adcf749e2cea5507e7942255e1b31c7c455c356dea793189f", "c74083c017fd115c3319f21234010c73650be020a95818b18aaca1b5902d73d8", "cadc40ac3e45eafe1977416e6bc4dd159ba74dd4becf5e177cdc6be9906c388e", "e4be229930351810431bc7c946fe36242e6e9f4c753578585c64fa1aebc09179", "eb95741a6ee9008efada291453ae1343a66d0eaa868b5554b6741d3d2a0dbd1a", "ebfe801ee7ba2cfaa5b89359dff445569ec7883064d1bfa9f2a6cfb5394fe841", "eda4243c382593841fa5ee68b3ecf0c4d307a1b1cd01f6081bdf93373383a19b", "f0165180238c73a0fcdb1f9ec4142a3d98054a613373d1e67ce22dcbe53c7b08"], "host": "disugezejac[.]eu"}, {"hashes": ["08a7b276706517d28c3885c812f89b57549af4be14fe07059fc6f4651625f091", "091f71db383670a6815d3f57e5075000fc6fd016bc4823be5e7ae16bb53267a9", "0d7c8955acc824a085be5d45102c510212ca6c5f4df5fad897ee2d5923d34a1f", "14b6836f41d60a28868dc0fcd758b7a23b86a9d7b5f08fc463de6ed950a737d1", "1cc720425d2994b10536284c18e4a9e255ee5ea7ba21e6e6cafaf00310207a80", "342e45c1360a96d5b87847db6b3c85ef79bfda78c9f53a67a15424df91d78554", "4056a5fa6b1b28126a3ffbeb4d8a2a046ed8017e49ab1941c64bb913dc9a6ace", "446ea4991b5630082258be07dc8fc7ac4297f89a4de7b63fcf2e09937f0ed298", "4d923330bfbba1410ba2e553ac6da20068c2714fc9405a76b64a35e5a5f3db14", "54f5f3b8f9310dfee013917c10d88dff4c524aa406e758c067e6ded17840834f", "55704fcf179904208e18ae3000599ae04869d57530fbb388f8e6aa37353e344c", "593d96413956b2ac7f3ac3cc7b9d5b106c480f8aa587789c48c77f43e15dccb3", "6da3c0667c67bb53ada30dfc2fa6dac45ee5b56197515d0c083ea155a893730f", "7781a10e637ee035b26e363c178fbcf9e07d30a32444b50b00c715376388f6e2", "856b831b3f7ada0bb31ade63f755c35f7f4f381a956956052fff69e8119815ee", "8b9781057d5595fee84b6c45830ecb83fc0f261d6d9ba73b066f3c4b9c7f2c88", "bcb55a2df28a554fa12c514979c2080cb4244ee171686b8f910ce70a7f1f513e", "be38aa13642e482adcf749e2cea5507e7942255e1b31c7c455c356dea793189f", "c74083c017fd115c3319f21234010c73650be020a95818b18aaca1b5902d73d8", "cadc40ac3e45eafe1977416e6bc4dd159ba74dd4becf5e177cdc6be9906c388e", "e4be229930351810431bc7c946fe36242e6e9f4c753578585c64fa1aebc09179", "eb95741a6ee9008efada291453ae1343a66d0eaa868b5554b6741d3d2a0dbd1a", "ebfe801ee7ba2cfaa5b89359dff445569ec7883064d1bfa9f2a6cfb5394fe841", "eda4243c382593841fa5ee68b3ecf0c4d307a1b1cd01f6081bdf93373383a19b", "f0165180238c73a0fcdb1f9ec4142a3d98054a613373d1e67ce22dcbe53c7b08"], "host": "norowetunuj[.]eu"}, {"hashes": ["08a7b276706517d28c3885c812f89b57549af4be14fe07059fc6f4651625f091", "091f71db383670a6815d3f57e5075000fc6fd016bc4823be5e7ae16bb53267a9", "0d7c8955acc824a085be5d45102c510212ca6c5f4df5fad897ee2d5923d34a1f", "14b6836f41d60a28868dc0fcd758b7a23b86a9d7b5f08fc463de6ed950a737d1", "1cc720425d2994b10536284c18e4a9e255ee5ea7ba21e6e6cafaf00310207a80", "342e45c1360a96d5b87847db6b3c85ef79bfda78c9f53a67a15424df91d78554", "4056a5fa6b1b28126a3ffbeb4d8a2a046ed8017e49ab1941c64bb913dc9a6ace", "446ea4991b5630082258be07dc8fc7ac4297f89a4de7b63fcf2e09937f0ed298", "4d923330bfbba1410ba2e553ac6da20068c2714fc9405a76b64a35e5a5f3db14", "54f5f3b8f9310dfee013917c10d88dff4c524aa406e758c067e6ded17840834f", "55704fcf179904208e18ae3000599ae04869d57530fbb388f8e6aa37353e344c", "593d96413956b2ac7f3ac3cc7b9d5b106c480f8aa587789c48c77f43e15dccb3", "6da3c0667c67bb53ada30dfc2fa6dac45ee5b56197515d0c083ea155a893730f", "7781a10e637ee035b26e363c178fbcf9e07d30a32444b50b00c715376388f6e2", "856b831b3f7ada0bb31ade63f755c35f7f4f381a956956052fff69e8119815ee", "8b9781057d5595fee84b6c45830ecb83fc0f261d6d9ba73b066f3c4b9c7f2c88", "bcb55a2df28a554fa12c514979c2080cb4244ee171686b8f910ce70a7f1f513e", "be38aa13642e482adcf749e2cea5507e7942255e1b31c7c455c356dea793189f", "c74083c017fd115c3319f21234010c73650be020a95818b18aaca1b5902d73d8", "cadc40ac3e45eafe1977416e6bc4dd159ba74dd4becf5e177cdc6be9906c388e", "e4be229930351810431bc7c946fe36242e6e9f4c753578585c64fa1aebc09179", "eb95741a6ee9008efada291453ae1343a66d0eaa868b5554b6741d3d2a0dbd1a", "ebfe801ee7ba2cfaa5b89359dff445569ec7883064d1bfa9f2a6cfb5394fe841", "eda4243c382593841fa5ee68b3ecf0c4d307a1b1cd01f6081bdf93373383a19b", "f0165180238c73a0fcdb1f9ec4142a3d98054a613373d1e67ce22dcbe53c7b08"], "host": "cidykatafuj[.]eu"}, {"hashes": ["08a7b276706517d28c3885c812f89b57549af4be14fe07059fc6f4651625f091", "091f71db383670a6815d3f57e5075000fc6fd016bc4823be5e7ae16bb53267a9", "0d7c8955acc824a085be5d45102c510212ca6c5f4df5fad897ee2d5923d34a1f", "14b6836f41d60a28868dc0fcd758b7a23b86a9d7b5f08fc463de6ed950a737d1", "1cc720425d2994b10536284c18e4a9e255ee5ea7ba21e6e6cafaf00310207a80", "342e45c1360a96d5b87847db6b3c85ef79bfda78c9f53a67a15424df91d78554", "4056a5fa6b1b28126a3ffbeb4d8a2a046ed8017e49ab1941c64bb913dc9a6ace", "446ea4991b5630082258be07dc8fc7ac4297f89a4de7b63fcf2e09937f0ed298", "4d923330bfbba1410ba2e553ac6da20068c2714fc9405a76b64a35e5a5f3db14", "54f5f3b8f9310dfee013917c10d88dff4c524aa406e758c067e6ded17840834f", "55704fcf179904208e18ae3000599ae04869d57530fbb388f8e6aa37353e344c", "593d96413956b2ac7f3ac3cc7b9d5b106c480f8aa587789c48c77f43e15dccb3", "6da3c0667c67bb53ada30dfc2fa6dac45ee5b56197515d0c083ea155a893730f", "7781a10e637ee035b26e363c178fbcf9e07d30a32444b50b00c715376388f6e2", "856b831b3f7ada0bb31ade63f755c35f7f4f381a956956052fff69e8119815ee", "8b9781057d5595fee84b6c45830ecb83fc0f261d6d9ba73b066f3c4b9c7f2c88", "bcb55a2df28a554fa12c514979c2080cb4244ee171686b8f910ce70a7f1f513e", "be38aa13642e482adcf749e2cea5507e7942255e1b31c7c455c356dea793189f", "c74083c017fd115c3319f21234010c73650be020a95818b18aaca1b5902d73d8", "cadc40ac3e45eafe1977416e6bc4dd159ba74dd4becf5e177cdc6be9906c388e", "e4be229930351810431bc7c946fe36242e6e9f4c753578585c64fa1aebc09179", "eb95741a6ee9008efada291453ae1343a66d0eaa868b5554b6741d3d2a0dbd1a", "ebfe801ee7ba2cfaa5b89359dff445569ec7883064d1bfa9f2a6cfb5394fe841", "eda4243c382593841fa5ee68b3ecf0c4d307a1b1cd01f6081bdf93373383a19b", "f0165180238c73a0fcdb1f9ec4142a3d98054a613373d1e67ce22dcbe53c7b08"], "host": "fotitezycas[.]eu"}, {"hashes": ["08a7b276706517d28c3885c812f89b57549af4be14fe07059fc6f4651625f091", "091f71db383670a6815d3f57e5075000fc6fd016bc4823be5e7ae16bb53267a9", "0d7c8955acc824a085be5d45102c510212ca6c5f4df5fad897ee2d5923d34a1f", "14b6836f41d60a28868dc0fcd758b7a23b86a9d7b5f08fc463de6ed950a737d1", "1cc720425d2994b10536284c18e4a9e255ee5ea7ba21e6e6cafaf00310207a80", "342e45c1360a96d5b87847db6b3c85ef79bfda78c9f53a67a15424df91d78554", "4056a5fa6b1b28126a3ffbeb4d8a2a046ed8017e49ab1941c64bb913dc9a6ace", "446ea4991b5630082258be07dc8fc7ac4297f89a4de7b63fcf2e09937f0ed298", "4d923330bfbba1410ba2e553ac6da20068c2714fc9405a76b64a35e5a5f3db14", "54f5f3b8f9310dfee013917c10d88dff4c524aa406e758c067e6ded17840834f", "55704fcf179904208e18ae3000599ae04869d57530fbb388f8e6aa37353e344c", "593d96413956b2ac7f3ac3cc7b9d5b106c480f8aa587789c48c77f43e15dccb3", "6da3c0667c67bb53ada30dfc2fa6dac45ee5b56197515d0c083ea155a893730f", "7781a10e637ee035b26e363c178fbcf9e07d30a32444b50b00c715376388f6e2", "856b831b3f7ada0bb31ade63f755c35f7f4f381a956956052fff69e8119815ee", "8b9781057d5595fee84b6c45830ecb83fc0f261d6d9ba73b066f3c4b9c7f2c88", "bcb55a2df28a554fa12c514979c2080cb4244ee171686b8f910ce70a7f1f513e", "be38aa13642e482adcf749e2cea5507e7942255e1b31c7c455c356dea793189f", "c74083c017fd115c3319f21234010c73650be020a95818b18aaca1b5902d73d8", "cadc40ac3e45eafe1977416e6bc4dd159ba74dd4becf5e177cdc6be9906c388e", "e4be229930351810431bc7c946fe36242e6e9f4c753578585c64fa1aebc09179", "eb95741a6ee9008efada291453ae1343a66d0eaa868b5554b6741d3d2a0dbd1a", "ebfe801ee7ba2cfaa5b89359dff445569ec7883064d1bfa9f2a6cfb5394fe841", "eda4243c382593841fa5ee68b3ecf0c4d307a1b1cd01f6081bdf93373383a19b", "f0165180238c73a0fcdb1f9ec4142a3d98054a613373d1e67ce22dcbe53c7b08"], "host": "vopudetezuq[.]eu"}, {"hashes": ["08a7b276706517d28c3885c812f89b57549af4be14fe07059fc6f4651625f091", "091f71db383670a6815d3f57e5075000fc6fd016bc4823be5e7ae16bb53267a9", "0d7c8955acc824a085be5d45102c510212ca6c5f4df5fad897ee2d5923d34a1f", "14b6836f41d60a28868dc0fcd758b7a23b86a9d7b5f08fc463de6ed950a737d1", "1cc720425d2994b10536284c18e4a9e255ee5ea7ba21e6e6cafaf00310207a80", "342e45c1360a96d5b87847db6b3c85ef79bfda78c9f53a67a15424df91d78554", "4056a5fa6b1b28126a3ffbeb4d8a2a046ed8017e49ab1941c64bb913dc9a6ace", "446ea4991b5630082258be07dc8fc7ac4297f89a4de7b63fcf2e09937f0ed298", "4d923330bfbba1410ba2e553ac6da20068c2714fc9405a76b64a35e5a5f3db14", "54f5f3b8f9310dfee013917c10d88dff4c524aa406e758c067e6ded17840834f", "55704fcf179904208e18ae3000599ae04869d57530fbb388f8e6aa37353e344c", "593d96413956b2ac7f3ac3cc7b9d5b106c480f8aa587789c48c77f43e15dccb3", "6da3c0667c67bb53ada30dfc2fa6dac45ee5b56197515d0c083ea155a893730f", "7781a10e637ee035b26e363c178fbcf9e07d30a32444b50b00c715376388f6e2", "856b831b3f7ada0bb31ade63f755c35f7f4f381a956956052fff69e8119815ee", "8b9781057d5595fee84b6c45830ecb83fc0f261d6d9ba73b066f3c4b9c7f2c88", "bcb55a2df28a554fa12c514979c2080cb4244ee171686b8f910ce70a7f1f513e", "be38aa13642e482adcf749e2cea5507e7942255e1b31c7c455c356dea793189f", "c74083c017fd115c3319f21234010c73650be020a95818b18aaca1b5902d73d8", "cadc40ac3e45eafe1977416e6bc4dd159ba74dd4becf5e177cdc6be9906c388e", "e4be229930351810431bc7c946fe36242e6e9f4c753578585c64fa1aebc09179", "eb95741a6ee9008efada291453ae1343a66d0eaa868b5554b6741d3d2a0dbd1a", "ebfe801ee7ba2cfaa5b89359dff445569ec7883064d1bfa9f2a6cfb5394fe841", "eda4243c382593841fa5ee68b3ecf0c4d307a1b1cd01f6081bdf93373383a19b", "f0165180238c73a0fcdb1f9ec4142a3d98054a613373d1e67ce22dcbe53c7b08"], "host": "gaqaneziwoc[.]eu"}, {"hashes": ["08a7b276706517d28c3885c812f89b57549af4be14fe07059fc6f4651625f091", "091f71db383670a6815d3f57e5075000fc6fd016bc4823be5e7ae16bb53267a9", "0d7c8955acc824a085be5d45102c510212ca6c5f4df5fad897ee2d5923d34a1f", "14b6836f41d60a28868dc0fcd758b7a23b86a9d7b5f08fc463de6ed950a737d1", "1cc720425d2994b10536284c18e4a9e255ee5ea7ba21e6e6cafaf00310207a80", "342e45c1360a96d5b87847db6b3c85ef79bfda78c9f53a67a15424df91d78554", "4056a5fa6b1b28126a3ffbeb4d8a2a046ed8017e49ab1941c64bb913dc9a6ace", "446ea4991b5630082258be07dc8fc7ac4297f89a4de7b63fcf2e09937f0ed298", "4d923330bfbba1410ba2e553ac6da20068c2714fc9405a76b64a35e5a5f3db14", "54f5f3b8f9310dfee013917c10d88dff4c524aa406e758c067e6ded17840834f", "55704fcf179904208e18ae3000599ae04869d57530fbb388f8e6aa37353e344c", "593d96413956b2ac7f3ac3cc7b9d5b106c480f8aa587789c48c77f43e15dccb3", "6da3c0667c67bb53ada30dfc2fa6dac45ee5b56197515d0c083ea155a893730f", "7781a10e637ee035b26e363c178fbcf9e07d30a32444b50b00c715376388f6e2", "856b831b3f7ada0bb31ade63f755c35f7f4f381a956956052fff69e8119815ee", "8b9781057d5595fee84b6c45830ecb83fc0f261d6d9ba73b066f3c4b9c7f2c88", "bcb55a2df28a554fa12c514979c2080cb4244ee171686b8f910ce70a7f1f513e", "be38aa13642e482adcf749e2cea5507e7942255e1b31c7c455c356dea793189f", "c74083c017fd115c3319f21234010c73650be020a95818b18aaca1b5902d73d8", "cadc40ac3e45eafe1977416e6bc4dd159ba74dd4becf5e177cdc6be9906c388e", "e4be229930351810431bc7c946fe36242e6e9f4c753578585c64fa1aebc09179", "eb95741a6ee9008efada291453ae1343a66d0eaa868b5554b6741d3d2a0dbd1a", "ebfe801ee7ba2cfaa5b89359dff445569ec7883064d1bfa9f2a6cfb5394fe841", "eda4243c382593841fa5ee68b3ecf0c4d307a1b1cd01f6081bdf93373383a19b", "f0165180238c73a0fcdb1f9ec4142a3d98054a613373d1e67ce22dcbe53c7b08"], "host": "jenyzexodop[.]eu"}, {"hashes": ["08a7b276706517d28c3885c812f89b57549af4be14fe07059fc6f4651625f091", "091f71db383670a6815d3f57e5075000fc6fd016bc4823be5e7ae16bb53267a9", "0d7c8955acc824a085be5d45102c510212ca6c5f4df5fad897ee2d5923d34a1f", "14b6836f41d60a28868dc0fcd758b7a23b86a9d7b5f08fc463de6ed950a737d1", "1cc720425d2994b10536284c18e4a9e255ee5ea7ba21e6e6cafaf00310207a80", "342e45c1360a96d5b87847db6b3c85ef79bfda78c9f53a67a15424df91d78554", "4056a5fa6b1b28126a3ffbeb4d8a2a046ed8017e49ab1941c64bb913dc9a6ace", "446ea4991b5630082258be07dc8fc7ac4297f89a4de7b63fcf2e09937f0ed298", "4d923330bfbba1410ba2e553ac6da20068c2714fc9405a76b64a35e5a5f3db14", "54f5f3b8f9310dfee013917c10d88dff4c524aa406e758c067e6ded17840834f", "55704fcf179904208e18ae3000599ae04869d57530fbb388f8e6aa37353e344c", "593d96413956b2ac7f3ac3cc7b9d5b106c480f8aa587789c48c77f43e15dccb3", "6da3c0667c67bb53ada30dfc2fa6dac45ee5b56197515d0c083ea155a893730f", "7781a10e637ee035b26e363c178fbcf9e07d30a32444b50b00c715376388f6e2", "856b831b3f7ada0bb31ade63f755c35f7f4f381a956956052fff69e8119815ee", "8b9781057d5595fee84b6c45830ecb83fc0f261d6d9ba73b066f3c4b9c7f2c88", "bcb55a2df28a554fa12c514979c2080cb4244ee171686b8f910ce70a7f1f513e", "be38aa13642e482adcf749e2cea5507e7942255e1b31c7c455c356dea793189f", "c74083c017fd115c3319f21234010c73650be020a95818b18aaca1b5902d73d8", "cadc40ac3e45eafe1977416e6bc4dd159ba74dd4becf5e177cdc6be9906c388e", "e4be229930351810431bc7c946fe36242e6e9f4c753578585c64fa1aebc09179", "eb95741a6ee9008efada291453ae1343a66d0eaa868b5554b6741d3d2a0dbd1a", "ebfe801ee7ba2cfaa5b89359dff445569ec7883064d1bfa9f2a6cfb5394fe841", "eda4243c382593841fa5ee68b3ecf0c4d307a1b1cd01f6081bdf93373383a19b", "f0165180238c73a0fcdb1f9ec4142a3d98054a613373d1e67ce22dcbe53c7b08"], "host": "kevigyxelox[.]eu"}], "file": [{"hashes": ["08a7b276706517d28c3885c812f89b57549af4be14fe07059fc6f4651625f091", "091f71db383670a6815d3f57e5075000fc6fd016bc4823be5e7ae16bb53267a9", "0d7c8955acc824a085be5d45102c510212ca6c5f4df5fad897ee2d5923d34a1f", "14b6836f41d60a28868dc0fcd758b7a23b86a9d7b5f08fc463de6ed950a737d1", "1cc720425d2994b10536284c18e4a9e255ee5ea7ba21e6e6cafaf00310207a80", "342e45c1360a96d5b87847db6b3c85ef79bfda78c9f53a67a15424df91d78554", "4056a5fa6b1b28126a3ffbeb4d8a2a046ed8017e49ab1941c64bb913dc9a6ace", "446ea4991b5630082258be07dc8fc7ac4297f89a4de7b63fcf2e09937f0ed298", "4d923330bfbba1410ba2e553ac6da20068c2714fc9405a76b64a35e5a5f3db14", "54f5f3b8f9310dfee013917c10d88dff4c524aa406e758c067e6ded17840834f", "55704fcf179904208e18ae3000599ae04869d57530fbb388f8e6aa37353e344c", "593d96413956b2ac7f3ac3cc7b9d5b106c480f8aa587789c48c77f43e15dccb3", "6da3c0667c67bb53ada30dfc2fa6dac45ee5b56197515d0c083ea155a893730f", "7781a10e637ee035b26e363c178fbcf9e07d30a32444b50b00c715376388f6e2", "856b831b3f7ada0bb31ade63f755c35f7f4f381a956956052fff69e8119815ee", "8b9781057d5595fee84b6c45830ecb83fc0f261d6d9ba73b066f3c4b9c7f2c88", "bcb55a2df28a554fa12c514979c2080cb4244ee171686b8f910ce70a7f1f513e", "be38aa13642e482adcf749e2cea5507e7942255e1b31c7c455c356dea793189f", "c74083c017fd115c3319f21234010c73650be020a95818b18aaca1b5902d73d8", "cadc40ac3e45eafe1977416e6bc4dd159ba74dd4becf5e177cdc6be9906c388e", "e4be229930351810431bc7c946fe36242e6e9f4c753578585c64fa1aebc09179", "eb95741a6ee9008efada291453ae1343a66d0eaa868b5554b6741d3d2a0dbd1a", "ebfe801ee7ba2cfaa5b89359dff445569ec7883064d1bfa9f2a6cfb5394fe841", "eda4243c382593841fa5ee68b3ecf0c4d307a1b1cd01f6081bdf93373383a19b", "f0165180238c73a0fcdb1f9ec4142a3d98054a613373d1e67ce22dcbe53c7b08"], "path": "%TEMP%\\<random, matching [A-F0-9]{1,4}>.tmp"}], "ip": [{"hashes": ["08a7b276706517d28c3885c812f89b57549af4be14fe07059fc6f4651625f091", "091f71db383670a6815d3f57e5075000fc6fd016bc4823be5e7ae16bb53267a9", "0d7c8955acc824a085be5d45102c510212ca6c5f4df5fad897ee2d5923d34a1f", "14b6836f41d60a28868dc0fcd758b7a23b86a9d7b5f08fc463de6ed950a737d1", "1cc720425d2994b10536284c18e4a9e255ee5ea7ba21e6e6cafaf00310207a80", "342e45c1360a96d5b87847db6b3c85ef79bfda78c9f53a67a15424df91d78554", "4056a5fa6b1b28126a3ffbeb4d8a2a046ed8017e49ab1941c64bb913dc9a6ace", "446ea4991b5630082258be07dc8fc7ac4297f89a4de7b63fcf2e09937f0ed298", "4d923330bfbba1410ba2e553ac6da20068c2714fc9405a76b64a35e5a5f3db14", "54f5f3b8f9310dfee013917c10d88dff4c524aa406e758c067e6ded17840834f", "55704fcf179904208e18ae3000599ae04869d57530fbb388f8e6aa37353e344c", "593d96413956b2ac7f3ac3cc7b9d5b106c480f8aa587789c48c77f43e15dccb3", "6da3c0667c67bb53ada30dfc2fa6dac45ee5b56197515d0c083ea155a893730f", "7781a10e637ee035b26e363c178fbcf9e07d30a32444b50b00c715376388f6e2", "856b831b3f7ada0bb31ade63f755c35f7f4f381a956956052fff69e8119815ee", "8b9781057d5595fee84b6c45830ecb83fc0f261d6d9ba73b066f3c4b9c7f2c88", "bcb55a2df28a554fa12c514979c2080cb4244ee171686b8f910ce70a7f1f513e", "be38aa13642e482adcf749e2cea5507e7942255e1b31c7c455c356dea793189f", "c74083c017fd115c3319f21234010c73650be020a95818b18aaca1b5902d73d8", "cadc40ac3e45eafe1977416e6bc4dd159ba74dd4becf5e177cdc6be9906c388e", "e4be229930351810431bc7c946fe36242e6e9f4c753578585c64fa1aebc09179", "eb95741a6ee9008efada291453ae1343a66d0eaa868b5554b6741d3d2a0dbd1a", "ebfe801ee7ba2cfaa5b89359dff445569ec7883064d1bfa9f2a6cfb5394fe841", "eda4243c382593841fa5ee68b3ecf0c4d307a1b1cd01f6081bdf93373383a19b", "f0165180238c73a0fcdb1f9ec4142a3d98054a613373d1e67ce22dcbe53c7b08"], "ip": "85[.]94[.]194[.]169"}, {"hashes": ["08a7b276706517d28c3885c812f89b57549af4be14fe07059fc6f4651625f091", "14b6836f41d60a28868dc0fcd758b7a23b86a9d7b5f08fc463de6ed950a737d1", "1cc720425d2994b10536284c18e4a9e255ee5ea7ba21e6e6cafaf00310207a80", "342e45c1360a96d5b87847db6b3c85ef79bfda78c9f53a67a15424df91d78554", "4056a5fa6b1b28126a3ffbeb4d8a2a046ed8017e49ab1941c64bb913dc9a6ace", "4d923330bfbba1410ba2e553ac6da20068c2714fc9405a76b64a35e5a5f3db14", "54f5f3b8f9310dfee013917c10d88dff4c524aa406e758c067e6ded17840834f", "55704fcf179904208e18ae3000599ae04869d57530fbb388f8e6aa37353e344c", "6da3c0667c67bb53ada30dfc2fa6dac45ee5b56197515d0c083ea155a893730f", "7781a10e637ee035b26e363c178fbcf9e07d30a32444b50b00c715376388f6e2", "856b831b3f7ada0bb31ade63f755c35f7f4f381a956956052fff69e8119815ee", "bcb55a2df28a554fa12c514979c2080cb4244ee171686b8f910ce70a7f1f513e", "be38aa13642e482adcf749e2cea5507e7942255e1b31c7c455c356dea793189f", "c74083c017fd115c3319f21234010c73650be020a95818b18aaca1b5902d73d8", "e4be229930351810431bc7c946fe36242e6e9f4c753578585c64fa1aebc09179", "eb95741a6ee9008efada291453ae1343a66d0eaa868b5554b6741d3d2a0dbd1a", "f0165180238c73a0fcdb1f9ec4142a3d98054a613373d1e67ce22dcbe53c7b08"], "ip": "13[.]107[.]21[.]200"}, {"hashes": ["14b6836f41d60a28868dc0fcd758b7a23b86a9d7b5f08fc463de6ed950a737d1", "446ea4991b5630082258be07dc8fc7ac4297f89a4de7b63fcf2e09937f0ed298", "4d923330bfbba1410ba2e553ac6da20068c2714fc9405a76b64a35e5a5f3db14", "55704fcf179904208e18ae3000599ae04869d57530fbb388f8e6aa37353e344c", "593d96413956b2ac7f3ac3cc7b9d5b106c480f8aa587789c48c77f43e15dccb3", "6da3c0667c67bb53ada30dfc2fa6dac45ee5b56197515d0c083ea155a893730f", "bcb55a2df28a554fa12c514979c2080cb4244ee171686b8f910ce70a7f1f513e"], "ip": "45[.]56[.]79[.]23"}, {"hashes": ["091f71db383670a6815d3f57e5075000fc6fd016bc4823be5e7ae16bb53267a9", "1cc720425d2994b10536284c18e4a9e255ee5ea7ba21e6e6cafaf00310207a80", "4d923330bfbba1410ba2e553ac6da20068c2714fc9405a76b64a35e5a5f3db14", "856b831b3f7ada0bb31ade63f755c35f7f4f381a956956052fff69e8119815ee", "c74083c017fd115c3319f21234010c73650be020a95818b18aaca1b5902d73d8"], "ip": "198[.]58[.]118[.]167"}, {"hashes": ["08a7b276706517d28c3885c812f89b57549af4be14fe07059fc6f4651625f091", "54f5f3b8f9310dfee013917c10d88dff4c524aa406e758c067e6ded17840834f", "7781a10e637ee035b26e363c178fbcf9e07d30a32444b50b00c715376388f6e2", "ebfe801ee7ba2cfaa5b89359dff445569ec7883064d1bfa9f2a6cfb5394fe841", "f0165180238c73a0fcdb1f9ec4142a3d98054a613373d1e67ce22dcbe53c7b08"], "ip": "45[.]33[.]2[.]79"}, {"hashes": ["0d7c8955acc824a085be5d45102c510212ca6c5f4df5fad897ee2d5923d34a1f", "4056a5fa6b1b28126a3ffbeb4d8a2a046ed8017e49ab1941c64bb913dc9a6ace", "54f5f3b8f9310dfee013917c10d88dff4c524aa406e758c067e6ded17840834f", "8b9781057d5595fee84b6c45830ecb83fc0f261d6d9ba73b066f3c4b9c7f2c88", "cadc40ac3e45eafe1977416e6bc4dd159ba74dd4becf5e177cdc6be9906c388e"], "ip": "173[.]255[.]194[.]134"}, {"hashes": ["091f71db383670a6815d3f57e5075000fc6fd016bc4823be5e7ae16bb53267a9", "bcb55a2df28a554fa12c514979c2080cb4244ee171686b8f910ce70a7f1f513e", "c74083c017fd115c3319f21234010c73650be020a95818b18aaca1b5902d73d8", "cadc40ac3e45eafe1977416e6bc4dd159ba74dd4becf5e177cdc6be9906c388e"], "ip": "45[.]79[.]19[.]196"}, {"hashes": ["08a7b276706517d28c3885c812f89b57549af4be14fe07059fc6f4651625f091", "14b6836f41d60a28868dc0fcd758b7a23b86a9d7b5f08fc463de6ed950a737d1", "8b9781057d5595fee84b6c45830ecb83fc0f261d6d9ba73b066f3c4b9c7f2c88", "eb95741a6ee9008efada291453ae1343a66d0eaa868b5554b6741d3d2a0dbd1a"], "ip": "45[.]33[.]18[.]44"}, {"hashes": ["4056a5fa6b1b28126a3ffbeb4d8a2a046ed8017e49ab1941c64bb913dc9a6ace", "55704fcf179904208e18ae3000599ae04869d57530fbb388f8e6aa37353e344c", "e4be229930351810431bc7c946fe36242e6e9f4c753578585c64fa1aebc09179", "ebfe801ee7ba2cfaa5b89359dff445569ec7883064d1bfa9f2a6cfb5394fe841"], "ip": "45[.]33[.]20[.]235"}, {"hashes": ["0d7c8955acc824a085be5d45102c510212ca6c5f4df5fad897ee2d5923d34a1f", "593d96413956b2ac7f3ac3cc7b9d5b106c480f8aa587789c48c77f43e15dccb3", "be38aa13642e482adcf749e2cea5507e7942255e1b31c7c455c356dea793189f", "e4be229930351810431bc7c946fe36242e6e9f4c753578585c64fa1aebc09179"], "ip": "45[.]33[.]30[.]197"}, {"hashes": ["446ea4991b5630082258be07dc8fc7ac4297f89a4de7b63fcf2e09937f0ed298", "856b831b3f7ada0bb31ade63f755c35f7f4f381a956956052fff69e8119815ee", "be38aa13642e482adcf749e2cea5507e7942255e1b31c7c455c356dea793189f", "eb95741a6ee9008efada291453ae1343a66d0eaa868b5554b6741d3d2a0dbd1a"], "ip": "72[.]14[.]178[.]174"}, {"hashes": ["1cc720425d2994b10536284c18e4a9e255ee5ea7ba21e6e6cafaf00310207a80", "6da3c0667c67bb53ada30dfc2fa6dac45ee5b56197515d0c083ea155a893730f", "eda4243c382593841fa5ee68b3ecf0c4d307a1b1cd01f6081bdf93373383a19b"], "ip": "96[.]126[.]123[.]244"}, {"hashes": ["342e45c1360a96d5b87847db6b3c85ef79bfda78c9f53a67a15424df91d78554", "eda4243c382593841fa5ee68b3ecf0c4d307a1b1cd01f6081bdf93373383a19b", "f0165180238c73a0fcdb1f9ec4142a3d98054a613373d1e67ce22dcbe53c7b08"], "ip": "72[.]14[.]185[.]43"}, {"hashes": ["7781a10e637ee035b26e363c178fbcf9e07d30a32444b50b00c715376388f6e2"], "ip": "45[.]33[.]23[.]183"}], "mutex": [{"hashes": ["08a7b276706517d28c3885c812f89b57549af4be14fe07059fc6f4651625f091", "091f71db383670a6815d3f57e5075000fc6fd016bc4823be5e7ae16bb53267a9", "0d7c8955acc824a085be5d45102c510212ca6c5f4df5fad897ee2d5923d34a1f", "14b6836f41d60a28868dc0fcd758b7a23b86a9d7b5f08fc463de6ed950a737d1", "1cc720425d2994b10536284c18e4a9e255ee5ea7ba21e6e6cafaf00310207a80", "342e45c1360a96d5b87847db6b3c85ef79bfda78c9f53a67a15424df91d78554", "4056a5fa6b1b28126a3ffbeb4d8a2a046ed8017e49ab1941c64bb913dc9a6ace", "446ea4991b5630082258be07dc8fc7ac4297f89a4de7b63fcf2e09937f0ed298", "4d923330bfbba1410ba2e553ac6da20068c2714fc9405a76b64a35e5a5f3db14", "54f5f3b8f9310dfee013917c10d88dff4c524aa406e758c067e6ded17840834f", "55704fcf179904208e18ae3000599ae04869d57530fbb388f8e6aa37353e344c", "593d96413956b2ac7f3ac3cc7b9d5b106c480f8aa587789c48c77f43e15dccb3", "6da3c0667c67bb53ada30dfc2fa6dac45ee5b56197515d0c083ea155a893730f", "7781a10e637ee035b26e363c178fbcf9e07d30a32444b50b00c715376388f6e2", "856b831b3f7ada0bb31ade63f755c35f7f4f381a956956052fff69e8119815ee", "8b9781057d5595fee84b6c45830ecb83fc0f261d6d9ba73b066f3c4b9c7f2c88", "bcb55a2df28a554fa12c514979c2080cb4244ee171686b8f910ce70a7f1f513e", "be38aa13642e482adcf749e2cea5507e7942255e1b31c7c455c356dea793189f", "c74083c017fd115c3319f21234010c73650be020a95818b18aaca1b5902d73d8", "cadc40ac3e45eafe1977416e6bc4dd159ba74dd4becf5e177cdc6be9906c388e", "e4be229930351810431bc7c946fe36242e6e9f4c753578585c64fa1aebc09179", "eb95741a6ee9008efada291453ae1343a66d0eaa868b5554b6741d3d2a0dbd1a", "ebfe801ee7ba2cfaa5b89359dff445569ec7883064d1bfa9f2a6cfb5394fe841", "eda4243c382593841fa5ee68b3ecf0c4d307a1b1cd01f6081bdf93373383a19b", "f0165180238c73a0fcdb1f9ec4142a3d98054a613373d1e67ce22dcbe53c7b08"], "name": "Global\\674972E3a"}, {"hashes": ["08a7b276706517d28c3885c812f89b57549af4be14fe07059fc6f4651625f091", "091f71db383670a6815d3f57e5075000fc6fd016bc4823be5e7ae16bb53267a9", "0d7c8955acc824a085be5d45102c510212ca6c5f4df5fad897ee2d5923d34a1f", "14b6836f41d60a28868dc0fcd758b7a23b86a9d7b5f08fc463de6ed950a737d1", "1cc720425d2994b10536284c18e4a9e255ee5ea7ba21e6e6cafaf00310207a80", "342e45c1360a96d5b87847db6b3c85ef79bfda78c9f53a67a15424df91d78554", "4056a5fa6b1b28126a3ffbeb4d8a2a046ed8017e49ab1941c64bb913dc9a6ace", "446ea4991b5630082258be07dc8fc7ac4297f89a4de7b63fcf2e09937f0ed298", "4d923330bfbba1410ba2e553ac6da20068c2714fc9405a76b64a35e5a5f3db14", "54f5f3b8f9310dfee013917c10d88dff4c524aa406e758c067e6ded17840834f", "55704fcf179904208e18ae3000599ae04869d57530fbb388f8e6aa37353e344c", "593d96413956b2ac7f3ac3cc7b9d5b106c480f8aa587789c48c77f43e15dccb3", "6da3c0667c67bb53ada30dfc2fa6dac45ee5b56197515d0c083ea155a893730f", "7781a10e637ee035b26e363c178fbcf9e07d30a32444b50b00c715376388f6e2", "856b831b3f7ada0bb31ade63f755c35f7f4f381a956956052fff69e8119815ee", "8b9781057d5595fee84b6c45830ecb83fc0f261d6d9ba73b066f3c4b9c7f2c88", "bcb55a2df28a554fa12c514979c2080cb4244ee171686b8f910ce70a7f1f513e", "be38aa13642e482adcf749e2cea5507e7942255e1b31c7c455c356dea793189f", "c74083c017fd115c3319f21234010c73650be020a95818b18aaca1b5902d73d8", "cadc40ac3e45eafe1977416e6bc4dd159ba74dd4becf5e177cdc6be9906c388e", "e4be229930351810431bc7c946fe36242e6e9f4c753578585c64fa1aebc09179", "eb95741a6ee9008efada291453ae1343a66d0eaa868b5554b6741d3d2a0dbd1a", "ebfe801ee7ba2cfaa5b89359dff445569ec7883064d1bfa9f2a6cfb5394fe841", "eda4243c382593841fa5ee68b3ecf0c4d307a1b1cd01f6081bdf93373383a19b", "f0165180238c73a0fcdb1f9ec4142a3d98054a613373d1e67ce22dcbe53c7b08"], "name": "Global\\MicrosoftSysenterGate7"}, {"hashes": ["08a7b276706517d28c3885c812f89b57549af4be14fe07059fc6f4651625f091", "091f71db383670a6815d3f57e5075000fc6fd016bc4823be5e7ae16bb53267a9", "0d7c8955acc824a085be5d45102c510212ca6c5f4df5fad897ee2d5923d34a1f", "14b6836f41d60a28868dc0fcd758b7a23b86a9d7b5f08fc463de6ed950a737d1", "1cc720425d2994b10536284c18e4a9e255ee5ea7ba21e6e6cafaf00310207a80", "342e45c1360a96d5b87847db6b3c85ef79bfda78c9f53a67a15424df91d78554", "4056a5fa6b1b28126a3ffbeb4d8a2a046ed8017e49ab1941c64bb913dc9a6ace", "446ea4991b5630082258be07dc8fc7ac4297f89a4de7b63fcf2e09937f0ed298", "4d923330bfbba1410ba2e553ac6da20068c2714fc9405a76b64a35e5a5f3db14", "54f5f3b8f9310dfee013917c10d88dff4c524aa406e758c067e6ded17840834f", "55704fcf179904208e18ae3000599ae04869d57530fbb388f8e6aa37353e344c", "593d96413956b2ac7f3ac3cc7b9d5b106c480f8aa587789c48c77f43e15dccb3", "6da3c0667c67bb53ada30dfc2fa6dac45ee5b56197515d0c083ea155a893730f", "7781a10e637ee035b26e363c178fbcf9e07d30a32444b50b00c715376388f6e2", "856b831b3f7ada0bb31ade63f755c35f7f4f381a956956052fff69e8119815ee", "8b9781057d5595fee84b6c45830ecb83fc0f261d6d9ba73b066f3c4b9c7f2c88", "bcb55a2df28a554fa12c514979c2080cb4244ee171686b8f910ce70a7f1f513e", "be38aa13642e482adcf749e2cea5507e7942255e1b31c7c455c356dea793189f", "c74083c017fd115c3319f21234010c73650be020a95818b18aaca1b5902d73d8", "cadc40ac3e45eafe1977416e6bc4dd159ba74dd4becf5e177cdc6be9906c388e", "e4be229930351810431bc7c946fe36242e6e9f4c753578585c64fa1aebc09179", "eb95741a6ee9008efada291453ae1343a66d0eaa868b5554b6741d3d2a0dbd1a", "ebfe801ee7ba2cfaa5b89359dff445569ec7883064d1bfa9f2a6cfb5394fe841", "eda4243c382593841fa5ee68b3ecf0c4d307a1b1cd01f6081bdf93373383a19b", "f0165180238c73a0fcdb1f9ec4142a3d98054a613373d1e67ce22dcbe53c7b08"], "name": "internal_wutex_0x000004b4"}, {"hashes": ["08a7b276706517d28c3885c812f89b57549af4be14fe07059fc6f4651625f091", "091f71db383670a6815d3f57e5075000fc6fd016bc4823be5e7ae16bb53267a9", "0d7c8955acc824a085be5d45102c510212ca6c5f4df5fad897ee2d5923d34a1f", "14b6836f41d60a28868dc0fcd758b7a23b86a9d7b5f08fc463de6ed950a737d1", "1cc720425d2994b10536284c18e4a9e255ee5ea7ba21e6e6cafaf00310207a80", "342e45c1360a96d5b87847db6b3c85ef79bfda78c9f53a67a15424df91d78554", "4056a5fa6b1b28126a3ffbeb4d8a2a046ed8017e49ab1941c64bb913dc9a6ace", "446ea4991b5630082258be07dc8fc7ac4297f89a4de7b63fcf2e09937f0ed298", "4d923330bfbba1410ba2e553ac6da20068c2714fc9405a76b64a35e5a5f3db14", "54f5f3b8f9310dfee013917c10d88dff4c524aa406e758c067e6ded17840834f", "55704fcf179904208e18ae3000599ae04869d57530fbb388f8e6aa37353e344c", "593d96413956b2ac7f3ac3cc7b9d5b106c480f8aa587789c48c77f43e15dccb3", "6da3c0667c67bb53ada30dfc2fa6dac45ee5b56197515d0c083ea155a893730f", "7781a10e637ee035b26e363c178fbcf9e07d30a32444b50b00c715376388f6e2", "856b831b3f7ada0bb31ade63f755c35f7f4f381a956956052fff69e8119815ee", "8b9781057d5595fee84b6c45830ecb83fc0f261d6d9ba73b066f3c4b9c7f2c88", "bcb55a2df28a554fa12c514979c2080cb4244ee171686b8f910ce70a7f1f513e", "be38aa13642e482adcf749e2cea5507e7942255e1b31c7c455c356dea793189f", "c74083c017fd115c3319f21234010c73650be020a95818b18aaca1b5902d73d8", "cadc40ac3e45eafe1977416e6bc4dd159ba74dd4becf5e177cdc6be9906c388e", "e4be229930351810431bc7c946fe36242e6e9f4c753578585c64fa1aebc09179", "eb95741a6ee9008efada291453ae1343a66d0eaa868b5554b6741d3d2a0dbd1a", "ebfe801ee7ba2cfaa5b89359dff445569ec7883064d1bfa9f2a6cfb5394fe841", "eda4243c382593841fa5ee68b3ecf0c4d307a1b1cd01f6081bdf93373383a19b", "f0165180238c73a0fcdb1f9ec4142a3d98054a613373d1e67ce22dcbe53c7b08"], "name": "internal_wutex_0x0000043c"}, {"hashes": ["08a7b276706517d28c3885c812f89b57549af4be14fe07059fc6f4651625f091", "091f71db383670a6815d3f57e5075000fc6fd016bc4823be5e7ae16bb53267a9", "0d7c8955acc824a085be5d45102c510212ca6c5f4df5fad897ee2d5923d34a1f", "14b6836f41d60a28868dc0fcd758b7a23b86a9d7b5f08fc463de6ed950a737d1", "1cc720425d2994b10536284c18e4a9e255ee5ea7ba21e6e6cafaf00310207a80", "342e45c1360a96d5b87847db6b3c85ef79bfda78c9f53a67a15424df91d78554", "4056a5fa6b1b28126a3ffbeb4d8a2a046ed8017e49ab1941c64bb913dc9a6ace", "446ea4991b5630082258be07dc8fc7ac4297f89a4de7b63fcf2e09937f0ed298", "4d923330bfbba1410ba2e553ac6da20068c2714fc9405a76b64a35e5a5f3db14", "54f5f3b8f9310dfee013917c10d88dff4c524aa406e758c067e6ded17840834f", "55704fcf179904208e18ae3000599ae04869d57530fbb388f8e6aa37353e344c", "593d96413956b2ac7f3ac3cc7b9d5b106c480f8aa587789c48c77f43e15dccb3", "6da3c0667c67bb53ada30dfc2fa6dac45ee5b56197515d0c083ea155a893730f", "7781a10e637ee035b26e363c178fbcf9e07d30a32444b50b00c715376388f6e2", "856b831b3f7ada0bb31ade63f755c35f7f4f381a956956052fff69e8119815ee", "8b9781057d5595fee84b6c45830ecb83fc0f261d6d9ba73b066f3c4b9c7f2c88", "bcb55a2df28a554fa12c514979c2080cb4244ee171686b8f910ce70a7f1f513e", "be38aa13642e482adcf749e2cea5507e7942255e1b31c7c455c356dea793189f", "c74083c017fd115c3319f21234010c73650be020a95818b18aaca1b5902d73d8", "cadc40ac3e45eafe1977416e6bc4dd159ba74dd4becf5e177cdc6be9906c388e", "e4be229930351810431bc7c946fe36242e6e9f4c753578585c64fa1aebc09179", "eb95741a6ee9008efada291453ae1343a66d0eaa868b5554b6741d3d2a0dbd1a", "ebfe801ee7ba2cfaa5b89359dff445569ec7883064d1bfa9f2a6cfb5394fe841", "eda4243c382593841fa5ee68b3ecf0c4d307a1b1cd01f6081bdf93373383a19b", "f0165180238c73a0fcdb1f9ec4142a3d98054a613373d1e67ce22dcbe53c7b08"], "name": "internal_wutex_0x000004dc"}, {"hashes": ["08a7b276706517d28c3885c812f89b57549af4be14fe07059fc6f4651625f091", "091f71db383670a6815d3f57e5075000fc6fd016bc4823be5e7ae16bb53267a9", "0d7c8955acc824a085be5d45102c510212ca6c5f4df5fad897ee2d5923d34a1f", "14b6836f41d60a28868dc0fcd758b7a23b86a9d7b5f08fc463de6ed950a737d1", "1cc720425d2994b10536284c18e4a9e255ee5ea7ba21e6e6cafaf00310207a80", "342e45c1360a96d5b87847db6b3c85ef79bfda78c9f53a67a15424df91d78554", "4056a5fa6b1b28126a3ffbeb4d8a2a046ed8017e49ab1941c64bb913dc9a6ace", "446ea4991b5630082258be07dc8fc7ac4297f89a4de7b63fcf2e09937f0ed298", "4d923330bfbba1410ba2e553ac6da20068c2714fc9405a76b64a35e5a5f3db14", "54f5f3b8f9310dfee013917c10d88dff4c524aa406e758c067e6ded17840834f", "55704fcf179904208e18ae3000599ae04869d57530fbb388f8e6aa37353e344c", "593d96413956b2ac7f3ac3cc7b9d5b106c480f8aa587789c48c77f43e15dccb3", "6da3c0667c67bb53ada30dfc2fa6dac45ee5b56197515d0c083ea155a893730f", "7781a10e637ee035b26e363c178fbcf9e07d30a32444b50b00c715376388f6e2", "856b831b3f7ada0bb31ade63f755c35f7f4f381a956956052fff69e8119815ee", "8b9781057d5595fee84b6c45830ecb83fc0f261d6d9ba73b066f3c4b9c7f2c88", "bcb55a2df28a554fa12c514979c2080cb4244ee171686b8f910ce70a7f1f513e", "be38aa13642e482adcf749e2cea5507e7942255e1b31c7c455c356dea793189f", "c74083c017fd115c3319f21234010c73650be020a95818b18aaca1b5902d73d8", "cadc40ac3e45eafe1977416e6bc4dd159ba74dd4becf5e177cdc6be9906c388e", "e4be229930351810431bc7c946fe36242e6e9f4c753578585c64fa1aebc09179", "eb95741a6ee9008efada291453ae1343a66d0eaa868b5554b6741d3d2a0dbd1a", "ebfe801ee7ba2cfaa5b89359dff445569ec7883064d1bfa9f2a6cfb5394fe841", "eda4243c382593841fa5ee68b3ecf0c4d307a1b1cd01f6081bdf93373383a19b", "f0165180238c73a0fcdb1f9ec4142a3d98054a613373d1e67ce22dcbe53c7b08"], "name": "internal_wutex_0x<random, matching [0-9a-f]{8}>"}], "registry": [{"hashes": ["08a7b276706517d28c3885c812f89b57549af4be14fe07059fc6f4651625f091", "091f71db383670a6815d3f57e5075000fc6fd016bc4823be5e7ae16bb53267a9", "0d7c8955acc824a085be5d45102c510212ca6c5f4df5fad897ee2d5923d34a1f", "14b6836f41d60a28868dc0fcd758b7a23b86a9d7b5f08fc463de6ed950a737d1", "1cc720425d2994b10536284c18e4a9e255ee5ea7ba21e6e6cafaf00310207a80", "342e45c1360a96d5b87847db6b3c85ef79bfda78c9f53a67a15424df91d78554", "4056a5fa6b1b28126a3ffbeb4d8a2a046ed8017e49ab1941c64bb913dc9a6ace", "446ea4991b5630082258be07dc8fc7ac4297f89a4de7b63fcf2e09937f0ed298", "4d923330bfbba1410ba2e553ac6da20068c2714fc9405a76b64a35e5a5f3db14", "54f5f3b8f9310dfee013917c10d88dff4c524aa406e758c067e6ded17840834f", "55704fcf179904208e18ae3000599ae04869d57530fbb388f8e6aa37353e344c", "593d96413956b2ac7f3ac3cc7b9d5b106c480f8aa587789c48c77f43e15dccb3", "6da3c0667c67bb53ada30dfc2fa6dac45ee5b56197515d0c083ea155a893730f", "7781a10e637ee035b26e363c178fbcf9e07d30a32444b50b00c715376388f6e2", "856b831b3f7ada0bb31ade63f755c35f7f4f381a956956052fff69e8119815ee", "8b9781057d5595fee84b6c45830ecb83fc0f261d6d9ba73b066f3c4b9c7f2c88", "bcb55a2df28a554fa12c514979c2080cb4244ee171686b8f910ce70a7f1f513e", "be38aa13642e482adcf749e2cea5507e7942255e1b31c7c455c356dea793189f", "c74083c017fd115c3319f21234010c73650be020a95818b18aaca1b5902d73d8", "cadc40ac3e45eafe1977416e6bc4dd159ba74dd4becf5e177cdc6be9906c388e", "e4be229930351810431bc7c946fe36242e6e9f4c753578585c64fa1aebc09179", "eb95741a6ee9008efada291453ae1343a66d0eaa868b5554b6741d3d2a0dbd1a", "ebfe801ee7ba2cfaa5b89359dff445569ec7883064d1bfa9f2a6cfb5394fe841", "eda4243c382593841fa5ee68b3ecf0c4d307a1b1cd01f6081bdf93373383a19b", "f0165180238c73a0fcdb1f9ec4142a3d98054a613373d1e67ce22dcbe53c7b08"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT", "value_name": "67497551a"}, {"hashes": ["08a7b276706517d28c3885c812f89b57549af4be14fe07059fc6f4651625f091", "091f71db383670a6815d3f57e5075000fc6fd016bc4823be5e7ae16bb53267a9", "0d7c8955acc824a085be5d45102c510212ca6c5f4df5fad897ee2d5923d34a1f", "14b6836f41d60a28868dc0fcd758b7a23b86a9d7b5f08fc463de6ed950a737d1", "1cc720425d2994b10536284c18e4a9e255ee5ea7ba21e6e6cafaf00310207a80", "342e45c1360a96d5b87847db6b3c85ef79bfda78c9f53a67a15424df91d78554", "4056a5fa6b1b28126a3ffbeb4d8a2a046ed8017e49ab1941c64bb913dc9a6ace", "446ea4991b5630082258be07dc8fc7ac4297f89a4de7b63fcf2e09937f0ed298", "4d923330bfbba1410ba2e553ac6da20068c2714fc9405a76b64a35e5a5f3db14", "54f5f3b8f9310dfee013917c10d88dff4c524aa406e758c067e6ded17840834f", "55704fcf179904208e18ae3000599ae04869d57530fbb388f8e6aa37353e344c", "593d96413956b2ac7f3ac3cc7b9d5b106c480f8aa587789c48c77f43e15dccb3", "6da3c0667c67bb53ada30dfc2fa6dac45ee5b56197515d0c083ea155a893730f", "7781a10e637ee035b26e363c178fbcf9e07d30a32444b50b00c715376388f6e2", "856b831b3f7ada0bb31ade63f755c35f7f4f381a956956052fff69e8119815ee", "8b9781057d5595fee84b6c45830ecb83fc0f261d6d9ba73b066f3c4b9c7f2c88", "bcb55a2df28a554fa12c514979c2080cb4244ee171686b8f910ce70a7f1f513e", "be38aa13642e482adcf749e2cea5507e7942255e1b31c7c455c356dea793189f", "c74083c017fd115c3319f21234010c73650be020a95818b18aaca1b5902d73d8", "cadc40ac3e45eafe1977416e6bc4dd159ba74dd4becf5e177cdc6be9906c388e", "e4be229930351810431bc7c946fe36242e6e9f4c753578585c64fa1aebc09179", "eb95741a6ee9008efada291453ae1343a66d0eaa868b5554b6741d3d2a0dbd1a", "ebfe801ee7ba2cfaa5b89359dff445569ec7883064d1bfa9f2a6cfb5394fe841", "eda4243c382593841fa5ee68b3ecf0c4d307a1b1cd01f6081bdf93373383a19b", "f0165180238c73a0fcdb1f9ec4142a3d98054a613373d1e67ce22dcbe53c7b08"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINLOGON", "value_name": "98b68e3c"}, {"hashes": ["08a7b276706517d28c3885c812f89b57549af4be14fe07059fc6f4651625f091", "091f71db383670a6815d3f57e5075000fc6fd016bc4823be5e7ae16bb53267a9", "0d7c8955acc824a085be5d45102c510212ca6c5f4df5fad897ee2d5923d34a1f", "14b6836f41d60a28868dc0fcd758b7a23b86a9d7b5f08fc463de6ed950a737d1", "1cc720425d2994b10536284c18e4a9e255ee5ea7ba21e6e6cafaf00310207a80", "342e45c1360a96d5b87847db6b3c85ef79bfda78c9f53a67a15424df91d78554", "4056a5fa6b1b28126a3ffbeb4d8a2a046ed8017e49ab1941c64bb913dc9a6ace", "446ea4991b5630082258be07dc8fc7ac4297f89a4de7b63fcf2e09937f0ed298", "4d923330bfbba1410ba2e553ac6da20068c2714fc9405a76b64a35e5a5f3db14", "54f5f3b8f9310dfee013917c10d88dff4c524aa406e758c067e6ded17840834f", "55704fcf179904208e18ae3000599ae04869d57530fbb388f8e6aa37353e344c", "593d96413956b2ac7f3ac3cc7b9d5b106c480f8aa587789c48c77f43e15dccb3", "6da3c0667c67bb53ada30dfc2fa6dac45ee5b56197515d0c083ea155a893730f", "7781a10e637ee035b26e363c178fbcf9e07d30a32444b50b00c715376388f6e2", "856b831b3f7ada0bb31ade63f755c35f7f4f381a956956052fff69e8119815ee", "8b9781057d5595fee84b6c45830ecb83fc0f261d6d9ba73b066f3c4b9c7f2c88", "bcb55a2df28a554fa12c514979c2080cb4244ee171686b8f910ce70a7f1f513e", "be38aa13642e482adcf749e2cea5507e7942255e1b31c7c455c356dea793189f", "c74083c017fd115c3319f21234010c73650be020a95818b18aaca1b5902d73d8", "cadc40ac3e45eafe1977416e6bc4dd159ba74dd4becf5e177cdc6be9906c388e", "e4be229930351810431bc7c946fe36242e6e9f4c753578585c64fa1aebc09179", "eb95741a6ee9008efada291453ae1343a66d0eaa868b5554b6741d3d2a0dbd1a", "ebfe801ee7ba2cfaa5b89359dff445569ec7883064d1bfa9f2a6cfb5394fe841", "eda4243c382593841fa5ee68b3ecf0c4d307a1b1cd01f6081bdf93373383a19b", "f0165180238c73a0fcdb1f9ec4142a3d98054a613373d1e67ce22dcbe53c7b08"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINLOGON", "value_name": "userinit"}, {"hashes": ["08a7b276706517d28c3885c812f89b57549af4be14fe07059fc6f4651625f091", "091f71db383670a6815d3f57e5075000fc6fd016bc4823be5e7ae16bb53267a9", "0d7c8955acc824a085be5d45102c510212ca6c5f4df5fad897ee2d5923d34a1f", "14b6836f41d60a28868dc0fcd758b7a23b86a9d7b5f08fc463de6ed950a737d1", "1cc720425d2994b10536284c18e4a9e255ee5ea7ba21e6e6cafaf00310207a80", "342e45c1360a96d5b87847db6b3c85ef79bfda78c9f53a67a15424df91d78554", "4056a5fa6b1b28126a3ffbeb4d8a2a046ed8017e49ab1941c64bb913dc9a6ace", "446ea4991b5630082258be07dc8fc7ac4297f89a4de7b63fcf2e09937f0ed298", "4d923330bfbba1410ba2e553ac6da20068c2714fc9405a76b64a35e5a5f3db14", "54f5f3b8f9310dfee013917c10d88dff4c524aa406e758c067e6ded17840834f", "55704fcf179904208e18ae3000599ae04869d57530fbb388f8e6aa37353e344c", "593d96413956b2ac7f3ac3cc7b9d5b106c480f8aa587789c48c77f43e15dccb3", "6da3c0667c67bb53ada30dfc2fa6dac45ee5b56197515d0c083ea155a893730f", "7781a10e637ee035b26e363c178fbcf9e07d30a32444b50b00c715376388f6e2", "856b831b3f7ada0bb31ade63f755c35f7f4f381a956956052fff69e8119815ee", "8b9781057d5595fee84b6c45830ecb83fc0f261d6d9ba73b066f3c4b9c7f2c88", "bcb55a2df28a554fa12c514979c2080cb4244ee171686b8f910ce70a7f1f513e", "be38aa13642e482adcf749e2cea5507e7942255e1b31c7c455c356dea793189f", "c74083c017fd115c3319f21234010c73650be020a95818b18aaca1b5902d73d8", "cadc40ac3e45eafe1977416e6bc4dd159ba74dd4becf5e177cdc6be9906c388e", "e4be229930351810431bc7c946fe36242e6e9f4c753578585c64fa1aebc09179", "eb95741a6ee9008efada291453ae1343a66d0eaa868b5554b6741d3d2a0dbd1a", "ebfe801ee7ba2cfaa5b89359dff445569ec7883064d1bfa9f2a6cfb5394fe841", "eda4243c382593841fa5ee68b3ecf0c4d307a1b1cd01f6081bdf93373383a19b", "f0165180238c73a0fcdb1f9ec4142a3d98054a613373d1e67ce22dcbe53c7b08"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINLOGON", "value_name": "System"}, {"hashes": ["08a7b276706517d28c3885c812f89b57549af4be14fe07059fc6f4651625f091", "091f71db383670a6815d3f57e5075000fc6fd016bc4823be5e7ae16bb53267a9", "0d7c8955acc824a085be5d45102c510212ca6c5f4df5fad897ee2d5923d34a1f", "14b6836f41d60a28868dc0fcd758b7a23b86a9d7b5f08fc463de6ed950a737d1", "1cc720425d2994b10536284c18e4a9e255ee5ea7ba21e6e6cafaf00310207a80", "342e45c1360a96d5b87847db6b3c85ef79bfda78c9f53a67a15424df91d78554", "4056a5fa6b1b28126a3ffbeb4d8a2a046ed8017e49ab1941c64bb913dc9a6ace", "446ea4991b5630082258be07dc8fc7ac4297f89a4de7b63fcf2e09937f0ed298", "4d923330bfbba1410ba2e553ac6da20068c2714fc9405a76b64a35e5a5f3db14", "54f5f3b8f9310dfee013917c10d88dff4c524aa406e758c067e6ded17840834f", "55704fcf179904208e18ae3000599ae04869d57530fbb388f8e6aa37353e344c", "593d96413956b2ac7f3ac3cc7b9d5b106c480f8aa587789c48c77f43e15dccb3", "6da3c0667c67bb53ada30dfc2fa6dac45ee5b56197515d0c083ea155a893730f", "7781a10e637ee035b26e363c178fbcf9e07d30a32444b50b00c715376388f6e2", "856b831b3f7ada0bb31ade63f755c35f7f4f381a956956052fff69e8119815ee", "8b9781057d5595fee84b6c45830ecb83fc0f261d6d9ba73b066f3c4b9c7f2c88", "bcb55a2df28a554fa12c514979c2080cb4244ee171686b8f910ce70a7f1f513e", "be38aa13642e482adcf749e2cea5507e7942255e1b31c7c455c356dea793189f", "c74083c017fd115c3319f21234010c73650be020a95818b18aaca1b5902d73d8", "cadc40ac3e45eafe1977416e6bc4dd159ba74dd4becf5e177cdc6be9906c388e", "e4be229930351810431bc7c946fe36242e6e9f4c753578585c64fa1aebc09179", "eb95741a6ee9008efada291453ae1343a66d0eaa868b5554b6741d3d2a0dbd1a", "ebfe801ee7ba2cfaa5b89359dff445569ec7883064d1bfa9f2a6cfb5394fe841", "eda4243c382593841fa5ee68b3ecf0c4d307a1b1cd01f6081bdf93373383a19b", "f0165180238c73a0fcdb1f9ec4142a3d98054a613373d1e67ce22dcbe53c7b08"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS", "value_name": "load"}, {"hashes": ["08a7b276706517d28c3885c812f89b57549af4be14fe07059fc6f4651625f091", "091f71db383670a6815d3f57e5075000fc6fd016bc4823be5e7ae16bb53267a9", "0d7c8955acc824a085be5d45102c510212ca6c5f4df5fad897ee2d5923d34a1f", "14b6836f41d60a28868dc0fcd758b7a23b86a9d7b5f08fc463de6ed950a737d1", "1cc720425d2994b10536284c18e4a9e255ee5ea7ba21e6e6cafaf00310207a80", "342e45c1360a96d5b87847db6b3c85ef79bfda78c9f53a67a15424df91d78554", "4056a5fa6b1b28126a3ffbeb4d8a2a046ed8017e49ab1941c64bb913dc9a6ace", "446ea4991b5630082258be07dc8fc7ac4297f89a4de7b63fcf2e09937f0ed298", "4d923330bfbba1410ba2e553ac6da20068c2714fc9405a76b64a35e5a5f3db14", "54f5f3b8f9310dfee013917c10d88dff4c524aa406e758c067e6ded17840834f", "55704fcf179904208e18ae3000599ae04869d57530fbb388f8e6aa37353e344c", "593d96413956b2ac7f3ac3cc7b9d5b106c480f8aa587789c48c77f43e15dccb3", "6da3c0667c67bb53ada30dfc2fa6dac45ee5b56197515d0c083ea155a893730f", "7781a10e637ee035b26e363c178fbcf9e07d30a32444b50b00c715376388f6e2", "856b831b3f7ada0bb31ade63f755c35f7f4f381a956956052fff69e8119815ee", "8b9781057d5595fee84b6c45830ecb83fc0f261d6d9ba73b066f3c4b9c7f2c88", "bcb55a2df28a554fa12c514979c2080cb4244ee171686b8f910ce70a7f1f513e", "be38aa13642e482adcf749e2cea5507e7942255e1b31c7c455c356dea793189f", "c74083c017fd115c3319f21234010c73650be020a95818b18aaca1b5902d73d8", "cadc40ac3e45eafe1977416e6bc4dd159ba74dd4becf5e177cdc6be9906c388e", "e4be229930351810431bc7c946fe36242e6e9f4c753578585c64fa1aebc09179", "eb95741a6ee9008efada291453ae1343a66d0eaa868b5554b6741d3d2a0dbd1a", "ebfe801ee7ba2cfaa5b89359dff445569ec7883064d1bfa9f2a6cfb5394fe841", "eda4243c382593841fa5ee68b3ecf0c4d307a1b1cd01f6081bdf93373383a19b", "f0165180238c73a0fcdb1f9ec4142a3d98054a613373d1e67ce22dcbe53c7b08"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS", "value_name": "run"}, {"hashes": ["08a7b276706517d28c3885c812f89b57549af4be14fe07059fc6f4651625f091", "091f71db383670a6815d3f57e5075000fc6fd016bc4823be5e7ae16bb53267a9", "0d7c8955acc824a085be5d45102c510212ca6c5f4df5fad897ee2d5923d34a1f", "14b6836f41d60a28868dc0fcd758b7a23b86a9d7b5f08fc463de6ed950a737d1", "1cc720425d2994b10536284c18e4a9e255ee5ea7ba21e6e6cafaf00310207a80", "342e45c1360a96d5b87847db6b3c85ef79bfda78c9f53a67a15424df91d78554", "4056a5fa6b1b28126a3ffbeb4d8a2a046ed8017e49ab1941c64bb913dc9a6ace", "446ea4991b5630082258be07dc8fc7ac4297f89a4de7b63fcf2e09937f0ed298", "4d923330bfbba1410ba2e553ac6da20068c2714fc9405a76b64a35e5a5f3db14", "54f5f3b8f9310dfee013917c10d88dff4c524aa406e758c067e6ded17840834f", "55704fcf179904208e18ae3000599ae04869d57530fbb388f8e6aa37353e344c", "593d96413956b2ac7f3ac3cc7b9d5b106c480f8aa587789c48c77f43e15dccb3", "6da3c0667c67bb53ada30dfc2fa6dac45ee5b56197515d0c083ea155a893730f", "7781a10e637ee035b26e363c178fbcf9e07d30a32444b50b00c715376388f6e2", "856b831b3f7ada0bb31ade63f755c35f7f4f381a956956052fff69e8119815ee", "8b9781057d5595fee84b6c45830ecb83fc0f261d6d9ba73b066f3c4b9c7f2c88", "bcb55a2df28a554fa12c514979c2080cb4244ee171686b8f910ce70a7f1f513e", "be38aa13642e482adcf749e2cea5507e7942255e1b31c7c455c356dea793189f", "c74083c017fd115c3319f21234010c73650be020a95818b18aaca1b5902d73d8", "cadc40ac3e45eafe1977416e6bc4dd159ba74dd4becf5e177cdc6be9906c388e", "e4be229930351810431bc7c946fe36242e6e9f4c753578585c64fa1aebc09179", "eb95741a6ee9008efada291453ae1343a66d0eaa868b5554b6741d3d2a0dbd1a", "ebfe801ee7ba2cfaa5b89359dff445569ec7883064d1bfa9f2a6cfb5394fe841", "eda4243c382593841fa5ee68b3ecf0c4d307a1b1cd01f6081bdf93373383a19b", "f0165180238c73a0fcdb1f9ec4142a3d98054a613373d1e67ce22dcbe53c7b08"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "userinit"}]}, "reports_count": 25}, "Win.Virus.Xpiro-9983832-1": {"bis": [{"bi": "pe-encrypted-section", "hashes": ["58e289ed1bec0909bd490687c84bc81a754050028894cad20e045ea684106f87", "9b8f4ffb5c45eab8a4b1d2ddf7dca2d0e3c3a11cb9ff989ad78b18891ba4267b", "b15b22c579087019a0bca33bd562bda64716b53854d1068024ecc2fd7db6a215", "14a816eca397542177be1b013a8550463aaada0e544428d833d79d247b918a04", "9e32c538f726a4dd30284cbe9427fbc3bd8daef548fddd35b9a0c1947028cba1", "c7fc0618631d7a46cd16ed17a0edf1ea25dd9d3766536ffb35aa74c0b2cae931", "6ac332b34addca8a68fc3808e412bd094202cdae8b1f7f381931541030d1aca0", "b22d2e2f2850a578b83ab80b99f3c712395bd53b4d605f14396bbdb910089b3f", "63ef0e482f77540abbadc761522c8175d7e6f4b50a9932b0a98763f05916d913", "4d4b1301cdc29373b5fdaa0b961117b4ea230f3182ff1033a50b75cb33cb6737", "b752731598528ea613850e0ad96c81ae76c9be21e6ab5b44928ce384910d0579"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "memory-execute-readwrite", "hashes": ["58e289ed1bec0909bd490687c84bc81a754050028894cad20e045ea684106f87", "9b8f4ffb5c45eab8a4b1d2ddf7dca2d0e3c3a11cb9ff989ad78b18891ba4267b", "b15b22c579087019a0bca33bd562bda64716b53854d1068024ecc2fd7db6a215", "14a816eca397542177be1b013a8550463aaada0e544428d833d79d247b918a04", "9e32c538f726a4dd30284cbe9427fbc3bd8daef548fddd35b9a0c1947028cba1", "c7fc0618631d7a46cd16ed17a0edf1ea25dd9d3766536ffb35aa74c0b2cae931", "6ac332b34addca8a68fc3808e412bd094202cdae8b1f7f381931541030d1aca0", "b22d2e2f2850a578b83ab80b99f3c712395bd53b4d605f14396bbdb910089b3f", "63ef0e482f77540abbadc761522c8175d7e6f4b50a9932b0a98763f05916d913", "4d4b1301cdc29373b5fdaa0b961117b4ea230f3182ff1033a50b75cb33cb6737", "b752731598528ea613850e0ad96c81ae76c9be21e6ab5b44928ce384910d0579"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "modified-executable", "hashes": ["58e289ed1bec0909bd490687c84bc81a754050028894cad20e045ea684106f87", "9b8f4ffb5c45eab8a4b1d2ddf7dca2d0e3c3a11cb9ff989ad78b18891ba4267b", "b15b22c579087019a0bca33bd562bda64716b53854d1068024ecc2fd7db6a215", "14a816eca397542177be1b013a8550463aaada0e544428d833d79d247b918a04", "9e32c538f726a4dd30284cbe9427fbc3bd8daef548fddd35b9a0c1947028cba1", "c7fc0618631d7a46cd16ed17a0edf1ea25dd9d3766536ffb35aa74c0b2cae931", "6ac332b34addca8a68fc3808e412bd094202cdae8b1f7f381931541030d1aca0", "b22d2e2f2850a578b83ab80b99f3c712395bd53b4d605f14396bbdb910089b3f", "63ef0e482f77540abbadc761522c8175d7e6f4b50a9932b0a98763f05916d913", "4d4b1301cdc29373b5fdaa0b961117b4ea230f3182ff1033a50b75cb33cb6737", "b752731598528ea613850e0ad96c81ae76c9be21e6ab5b44928ce384910d0579"], "mitre_attack_tags": []}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["58e289ed1bec0909bd490687c84bc81a754050028894cad20e045ea684106f87", "9b8f4ffb5c45eab8a4b1d2ddf7dca2d0e3c3a11cb9ff989ad78b18891ba4267b", "b15b22c579087019a0bca33bd562bda64716b53854d1068024ecc2fd7db6a215", "14a816eca397542177be1b013a8550463aaada0e544428d833d79d247b918a04", "9e32c538f726a4dd30284cbe9427fbc3bd8daef548fddd35b9a0c1947028cba1", "c7fc0618631d7a46cd16ed17a0edf1ea25dd9d3766536ffb35aa74c0b2cae931", "6ac332b34addca8a68fc3808e412bd094202cdae8b1f7f381931541030d1aca0", "b22d2e2f2850a578b83ab80b99f3c712395bd53b4d605f14396bbdb910089b3f", "63ef0e482f77540abbadc761522c8175d7e6f4b50a9932b0a98763f05916d913", "4d4b1301cdc29373b5fdaa0b961117b4ea230f3182ff1033a50b75cb33cb6737", "b752731598528ea613850e0ad96c81ae76c9be21e6ab5b44928ce384910d0579"], "mitre_attack_tags": []}, {"bi": "modified-file-in-user-dir", "hashes": ["58e289ed1bec0909bd490687c84bc81a754050028894cad20e045ea684106f87", "9b8f4ffb5c45eab8a4b1d2ddf7dca2d0e3c3a11cb9ff989ad78b18891ba4267b", "b15b22c579087019a0bca33bd562bda64716b53854d1068024ecc2fd7db6a215", "14a816eca397542177be1b013a8550463aaada0e544428d833d79d247b918a04", "9e32c538f726a4dd30284cbe9427fbc3bd8daef548fddd35b9a0c1947028cba1", "c7fc0618631d7a46cd16ed17a0edf1ea25dd9d3766536ffb35aa74c0b2cae931", "6ac332b34addca8a68fc3808e412bd094202cdae8b1f7f381931541030d1aca0", "b22d2e2f2850a578b83ab80b99f3c712395bd53b4d605f14396bbdb910089b3f", "63ef0e482f77540abbadc761522c8175d7e6f4b50a9932b0a98763f05916d913", "4d4b1301cdc29373b5fdaa0b961117b4ea230f3182ff1033a50b75cb33cb6737", "b752731598528ea613850e0ad96c81ae76c9be21e6ab5b44928ce384910d0579"], "mitre_attack_tags": []}, {"bi": "pe-invalid-checksum", "hashes": ["58e289ed1bec0909bd490687c84bc81a754050028894cad20e045ea684106f87", "9b8f4ffb5c45eab8a4b1d2ddf7dca2d0e3c3a11cb9ff989ad78b18891ba4267b", "b15b22c579087019a0bca33bd562bda64716b53854d1068024ecc2fd7db6a215", "14a816eca397542177be1b013a8550463aaada0e544428d833d79d247b918a04", "9e32c538f726a4dd30284cbe9427fbc3bd8daef548fddd35b9a0c1947028cba1", "c7fc0618631d7a46cd16ed17a0edf1ea25dd9d3766536ffb35aa74c0b2cae931", "6ac332b34addca8a68fc3808e412bd094202cdae8b1f7f381931541030d1aca0", "b22d2e2f2850a578b83ab80b99f3c712395bd53b4d605f14396bbdb910089b3f", "63ef0e482f77540abbadc761522c8175d7e6f4b50a9932b0a98763f05916d913", "4d4b1301cdc29373b5fdaa0b961117b4ea230f3182ff1033a50b75cb33cb6737", "b752731598528ea613850e0ad96c81ae76c9be21e6ab5b44928ce384910d0579"], "mitre_attack_tags": []}, {"bi": "artifact-flagged-anomaly", "hashes": ["58e289ed1bec0909bd490687c84bc81a754050028894cad20e045ea684106f87", "9b8f4ffb5c45eab8a4b1d2ddf7dca2d0e3c3a11cb9ff989ad78b18891ba4267b", "b15b22c579087019a0bca33bd562bda64716b53854d1068024ecc2fd7db6a215", "14a816eca397542177be1b013a8550463aaada0e544428d833d79d247b918a04", "9e32c538f726a4dd30284cbe9427fbc3bd8daef548fddd35b9a0c1947028cba1", "c7fc0618631d7a46cd16ed17a0edf1ea25dd9d3766536ffb35aa74c0b2cae931", "6ac332b34addca8a68fc3808e412bd094202cdae8b1f7f381931541030d1aca0", "b22d2e2f2850a578b83ab80b99f3c712395bd53b4d605f14396bbdb910089b3f", "63ef0e482f77540abbadc761522c8175d7e6f4b50a9932b0a98763f05916d913", "4d4b1301cdc29373b5fdaa0b961117b4ea230f3182ff1033a50b75cb33cb6737", "b752731598528ea613850e0ad96c81ae76c9be21e6ab5b44928ce384910d0579"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-section-execute-writable", "hashes": ["58e289ed1bec0909bd490687c84bc81a754050028894cad20e045ea684106f87", "9b8f4ffb5c45eab8a4b1d2ddf7dca2d0e3c3a11cb9ff989ad78b18891ba4267b", "b15b22c579087019a0bca33bd562bda64716b53854d1068024ecc2fd7db6a215", "14a816eca397542177be1b013a8550463aaada0e544428d833d79d247b918a04", "9e32c538f726a4dd30284cbe9427fbc3bd8daef548fddd35b9a0c1947028cba1", "c7fc0618631d7a46cd16ed17a0edf1ea25dd9d3766536ffb35aa74c0b2cae931", "6ac332b34addca8a68fc3808e412bd094202cdae8b1f7f381931541030d1aca0", "b22d2e2f2850a578b83ab80b99f3c712395bd53b4d605f14396bbdb910089b3f", "63ef0e482f77540abbadc761522c8175d7e6f4b50a9932b0a98763f05916d913", "4d4b1301cdc29373b5fdaa0b961117b4ea230f3182ff1033a50b75cb33cb6737", "b752731598528ea613850e0ad96c81ae76c9be21e6ab5b44928ce384910d0579"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "hook-installed", "hashes": ["58e289ed1bec0909bd490687c84bc81a754050028894cad20e045ea684106f87", "9b8f4ffb5c45eab8a4b1d2ddf7dca2d0e3c3a11cb9ff989ad78b18891ba4267b", "b15b22c579087019a0bca33bd562bda64716b53854d1068024ecc2fd7db6a215", "14a816eca397542177be1b013a8550463aaada0e544428d833d79d247b918a04", "9e32c538f726a4dd30284cbe9427fbc3bd8daef548fddd35b9a0c1947028cba1", "c7fc0618631d7a46cd16ed17a0edf1ea25dd9d3766536ffb35aa74c0b2cae931", "6ac332b34addca8a68fc3808e412bd094202cdae8b1f7f381931541030d1aca0", "b22d2e2f2850a578b83ab80b99f3c712395bd53b4d605f14396bbdb910089b3f", "63ef0e482f77540abbadc761522c8175d7e6f4b50a9932b0a98763f05916d913", "4d4b1301cdc29373b5fdaa0b961117b4ea230f3182ff1033a50b75cb33cb6737", "b752731598528ea613850e0ad96c81ae76c9be21e6ab5b44928ce384910d0579"], "mitre_attack_tags": ["TA0009", "TA0006", "T1056"]}, {"bi": "pe-uses-dot-net", "hashes": ["58e289ed1bec0909bd490687c84bc81a754050028894cad20e045ea684106f87", "9b8f4ffb5c45eab8a4b1d2ddf7dca2d0e3c3a11cb9ff989ad78b18891ba4267b", "b15b22c579087019a0bca33bd562bda64716b53854d1068024ecc2fd7db6a215", "14a816eca397542177be1b013a8550463aaada0e544428d833d79d247b918a04", "9e32c538f726a4dd30284cbe9427fbc3bd8daef548fddd35b9a0c1947028cba1", "c7fc0618631d7a46cd16ed17a0edf1ea25dd9d3766536ffb35aa74c0b2cae931", "6ac332b34addca8a68fc3808e412bd094202cdae8b1f7f381931541030d1aca0", "b22d2e2f2850a578b83ab80b99f3c712395bd53b4d605f14396bbdb910089b3f", "63ef0e482f77540abbadc761522c8175d7e6f4b50a9932b0a98763f05916d913", "4d4b1301cdc29373b5fdaa0b961117b4ea230f3182ff1033a50b75cb33cb6737", "b752731598528ea613850e0ad96c81ae76c9be21e6ab5b44928ce384910d0579"], "mitre_attack_tags": []}, {"bi": "modified-file-in-program-dir", "hashes": ["58e289ed1bec0909bd490687c84bc81a754050028894cad20e045ea684106f87", "9b8f4ffb5c45eab8a4b1d2ddf7dca2d0e3c3a11cb9ff989ad78b18891ba4267b", "b15b22c579087019a0bca33bd562bda64716b53854d1068024ecc2fd7db6a215", "14a816eca397542177be1b013a8550463aaada0e544428d833d79d247b918a04", "9e32c538f726a4dd30284cbe9427fbc3bd8daef548fddd35b9a0c1947028cba1", "c7fc0618631d7a46cd16ed17a0edf1ea25dd9d3766536ffb35aa74c0b2cae931", "6ac332b34addca8a68fc3808e412bd094202cdae8b1f7f381931541030d1aca0", "b22d2e2f2850a578b83ab80b99f3c712395bd53b4d605f14396bbdb910089b3f", "63ef0e482f77540abbadc761522c8175d7e6f4b50a9932b0a98763f05916d913", "4d4b1301cdc29373b5fdaa0b961117b4ea230f3182ff1033a50b75cb33cb6737", "b752731598528ea613850e0ad96c81ae76c9be21e6ab5b44928ce384910d0579"], "mitre_attack_tags": []}, {"bi": "modified-file-in-system-dir", "hashes": ["58e289ed1bec0909bd490687c84bc81a754050028894cad20e045ea684106f87", "9b8f4ffb5c45eab8a4b1d2ddf7dca2d0e3c3a11cb9ff989ad78b18891ba4267b", "b15b22c579087019a0bca33bd562bda64716b53854d1068024ecc2fd7db6a215", "14a816eca397542177be1b013a8550463aaada0e544428d833d79d247b918a04", "9e32c538f726a4dd30284cbe9427fbc3bd8daef548fddd35b9a0c1947028cba1", "c7fc0618631d7a46cd16ed17a0edf1ea25dd9d3766536ffb35aa74c0b2cae931", "6ac332b34addca8a68fc3808e412bd094202cdae8b1f7f381931541030d1aca0", "b22d2e2f2850a578b83ab80b99f3c712395bd53b4d605f14396bbdb910089b3f", "63ef0e482f77540abbadc761522c8175d7e6f4b50a9932b0a98763f05916d913", "4d4b1301cdc29373b5fdaa0b961117b4ea230f3182ff1033a50b75cb33cb6737", "b752731598528ea613850e0ad96c81ae76c9be21e6ab5b44928ce384910d0579"], "mitre_attack_tags": []}, {"bi": "imports-IsDebuggerPresent", "hashes": ["58e289ed1bec0909bd490687c84bc81a754050028894cad20e045ea684106f87", "9b8f4ffb5c45eab8a4b1d2ddf7dca2d0e3c3a11cb9ff989ad78b18891ba4267b", "b15b22c579087019a0bca33bd562bda64716b53854d1068024ecc2fd7db6a215", "14a816eca397542177be1b013a8550463aaada0e544428d833d79d247b918a04", "9e32c538f726a4dd30284cbe9427fbc3bd8daef548fddd35b9a0c1947028cba1", "c7fc0618631d7a46cd16ed17a0edf1ea25dd9d3766536ffb35aa74c0b2cae931", "6ac332b34addca8a68fc3808e412bd094202cdae8b1f7f381931541030d1aca0", "b22d2e2f2850a578b83ab80b99f3c712395bd53b4d605f14396bbdb910089b3f", "63ef0e482f77540abbadc761522c8175d7e6f4b50a9932b0a98763f05916d913", "4d4b1301cdc29373b5fdaa0b961117b4ea230f3182ff1033a50b75cb33cb6737", "b752731598528ea613850e0ad96c81ae76c9be21e6ab5b44928ce384910d0579"], "mitre_attack_tags": ["TA0005", "TA0007"]}, {"bi": "registry-service-autostart-disabled", "hashes": ["58e289ed1bec0909bd490687c84bc81a754050028894cad20e045ea684106f87", "9b8f4ffb5c45eab8a4b1d2ddf7dca2d0e3c3a11cb9ff989ad78b18891ba4267b", "b15b22c579087019a0bca33bd562bda64716b53854d1068024ecc2fd7db6a215", "14a816eca397542177be1b013a8550463aaada0e544428d833d79d247b918a04", "9e32c538f726a4dd30284cbe9427fbc3bd8daef548fddd35b9a0c1947028cba1", "c7fc0618631d7a46cd16ed17a0edf1ea25dd9d3766536ffb35aa74c0b2cae931", "6ac332b34addca8a68fc3808e412bd094202cdae8b1f7f381931541030d1aca0", "b22d2e2f2850a578b83ab80b99f3c712395bd53b4d605f14396bbdb910089b3f", "63ef0e482f77540abbadc761522c8175d7e6f4b50a9932b0a98763f05916d913", "4d4b1301cdc29373b5fdaa0b961117b4ea230f3182ff1033a50b75cb33cb6737", "b752731598528ea613850e0ad96c81ae76c9be21e6ab5b44928ce384910d0579"], "mitre_attack_tags": ["TA0005", "TA0040", "TA0003", "TA0004", "T1112", "T1574", "T1489"]}, {"bi": "pe-imports-toolhelp", "hashes": ["58e289ed1bec0909bd490687c84bc81a754050028894cad20e045ea684106f87", "9b8f4ffb5c45eab8a4b1d2ddf7dca2d0e3c3a11cb9ff989ad78b18891ba4267b", "b15b22c579087019a0bca33bd562bda64716b53854d1068024ecc2fd7db6a215", "14a816eca397542177be1b013a8550463aaada0e544428d833d79d247b918a04", "9e32c538f726a4dd30284cbe9427fbc3bd8daef548fddd35b9a0c1947028cba1", "c7fc0618631d7a46cd16ed17a0edf1ea25dd9d3766536ffb35aa74c0b2cae931", "6ac332b34addca8a68fc3808e412bd094202cdae8b1f7f381931541030d1aca0", "b22d2e2f2850a578b83ab80b99f3c712395bd53b4d605f14396bbdb910089b3f", "63ef0e482f77540abbadc761522c8175d7e6f4b50a9932b0a98763f05916d913", "4d4b1301cdc29373b5fdaa0b961117b4ea230f3182ff1033a50b75cb33cb6737", "b752731598528ea613850e0ad96c81ae76c9be21e6ab5b44928ce384910d0579"], "mitre_attack_tags": ["TA0007", "T1057"]}, {"bi": "registry-ie-zone-settings-modified", "hashes": ["58e289ed1bec0909bd490687c84bc81a754050028894cad20e045ea684106f87", "9b8f4ffb5c45eab8a4b1d2ddf7dca2d0e3c3a11cb9ff989ad78b18891ba4267b", "b15b22c579087019a0bca33bd562bda64716b53854d1068024ecc2fd7db6a215", "14a816eca397542177be1b013a8550463aaada0e544428d833d79d247b918a04", "9e32c538f726a4dd30284cbe9427fbc3bd8daef548fddd35b9a0c1947028cba1", "c7fc0618631d7a46cd16ed17a0edf1ea25dd9d3766536ffb35aa74c0b2cae931", "6ac332b34addca8a68fc3808e412bd094202cdae8b1f7f381931541030d1aca0", "b22d2e2f2850a578b83ab80b99f3c712395bd53b4d605f14396bbdb910089b3f", "63ef0e482f77540abbadc761522c8175d7e6f4b50a9932b0a98763f05916d913", "4d4b1301cdc29373b5fdaa0b961117b4ea230f3182ff1033a50b75cb33cb6737", "b752731598528ea613850e0ad96c81ae76c9be21e6ab5b44928ce384910d0579"], "mitre_attack_tags": ["TA0005", "T1562"]}, {"bi": "registry-service-type-modified", "hashes": ["58e289ed1bec0909bd490687c84bc81a754050028894cad20e045ea684106f87", "9b8f4ffb5c45eab8a4b1d2ddf7dca2d0e3c3a11cb9ff989ad78b18891ba4267b", "b15b22c579087019a0bca33bd562bda64716b53854d1068024ecc2fd7db6a215", "14a816eca397542177be1b013a8550463aaada0e544428d833d79d247b918a04", "9e32c538f726a4dd30284cbe9427fbc3bd8daef548fddd35b9a0c1947028cba1", "c7fc0618631d7a46cd16ed17a0edf1ea25dd9d3766536ffb35aa74c0b2cae931", "6ac332b34addca8a68fc3808e412bd094202cdae8b1f7f381931541030d1aca0", "b22d2e2f2850a578b83ab80b99f3c712395bd53b4d605f14396bbdb910089b3f", "63ef0e482f77540abbadc761522c8175d7e6f4b50a9932b0a98763f05916d913", "4d4b1301cdc29373b5fdaa0b961117b4ea230f3182ff1033a50b75cb33cb6737", "b752731598528ea613850e0ad96c81ae76c9be21e6ab5b44928ce384910d0579"], "mitre_attack_tags": ["TA0005", "TA0003", "TA0004", "T1112", "T1574"]}, {"bi": "registry-disable-windefender", "hashes": ["58e289ed1bec0909bd490687c84bc81a754050028894cad20e045ea684106f87", "9b8f4ffb5c45eab8a4b1d2ddf7dca2d0e3c3a11cb9ff989ad78b18891ba4267b", "b15b22c579087019a0bca33bd562bda64716b53854d1068024ecc2fd7db6a215", "14a816eca397542177be1b013a8550463aaada0e544428d833d79d247b918a04", "9e32c538f726a4dd30284cbe9427fbc3bd8daef548fddd35b9a0c1947028cba1", "c7fc0618631d7a46cd16ed17a0edf1ea25dd9d3766536ffb35aa74c0b2cae931", "6ac332b34addca8a68fc3808e412bd094202cdae8b1f7f381931541030d1aca0", "b22d2e2f2850a578b83ab80b99f3c712395bd53b4d605f14396bbdb910089b3f", "63ef0e482f77540abbadc761522c8175d7e6f4b50a9932b0a98763f05916d913", "4d4b1301cdc29373b5fdaa0b961117b4ea230f3182ff1033a50b75cb33cb6737", "b752731598528ea613850e0ad96c81ae76c9be21e6ab5b44928ce384910d0579"], "mitre_attack_tags": ["TA0005", "T1562"]}, {"bi": "malware-xpiro-mutex", "hashes": ["58e289ed1bec0909bd490687c84bc81a754050028894cad20e045ea684106f87", "9b8f4ffb5c45eab8a4b1d2ddf7dca2d0e3c3a11cb9ff989ad78b18891ba4267b", "b15b22c579087019a0bca33bd562bda64716b53854d1068024ecc2fd7db6a215", "14a816eca397542177be1b013a8550463aaada0e544428d833d79d247b918a04", "9e32c538f726a4dd30284cbe9427fbc3bd8daef548fddd35b9a0c1947028cba1", "c7fc0618631d7a46cd16ed17a0edf1ea25dd9d3766536ffb35aa74c0b2cae931", "6ac332b34addca8a68fc3808e412bd094202cdae8b1f7f381931541030d1aca0", "b22d2e2f2850a578b83ab80b99f3c712395bd53b4d605f14396bbdb910089b3f", "63ef0e482f77540abbadc761522c8175d7e6f4b50a9932b0a98763f05916d913", "4d4b1301cdc29373b5fdaa0b961117b4ea230f3182ff1033a50b75cb33cb6737", "b752731598528ea613850e0ad96c81ae76c9be21e6ab5b44928ce384910d0579"], "mitre_attack_tags": []}, {"bi": "antivirus-flagged-artifact", "hashes": ["58e289ed1bec0909bd490687c84bc81a754050028894cad20e045ea684106f87", "9b8f4ffb5c45eab8a4b1d2ddf7dca2d0e3c3a11cb9ff989ad78b18891ba4267b", "b15b22c579087019a0bca33bd562bda64716b53854d1068024ecc2fd7db6a215", "9e32c538f726a4dd30284cbe9427fbc3bd8daef548fddd35b9a0c1947028cba1", "c7fc0618631d7a46cd16ed17a0edf1ea25dd9d3766536ffb35aa74c0b2cae931", "6ac332b34addca8a68fc3808e412bd094202cdae8b1f7f381931541030d1aca0", "b22d2e2f2850a578b83ab80b99f3c712395bd53b4d605f14396bbdb910089b3f", "63ef0e482f77540abbadc761522c8175d7e6f4b50a9932b0a98763f05916d913", "4d4b1301cdc29373b5fdaa0b961117b4ea230f3182ff1033a50b75cb33cb6737", "b752731598528ea613850e0ad96c81ae76c9be21e6ab5b44928ce384910d0579"], "mitre_attack_tags": []}, {"bi": "artifact-flagged-obfuscation", "hashes": ["58e289ed1bec0909bd490687c84bc81a754050028894cad20e045ea684106f87", "9b8f4ffb5c45eab8a4b1d2ddf7dca2d0e3c3a11cb9ff989ad78b18891ba4267b", "b15b22c579087019a0bca33bd562bda64716b53854d1068024ecc2fd7db6a215", "9e32c538f726a4dd30284cbe9427fbc3bd8daef548fddd35b9a0c1947028cba1", "c7fc0618631d7a46cd16ed17a0edf1ea25dd9d3766536ffb35aa74c0b2cae931", "6ac332b34addca8a68fc3808e412bd094202cdae8b1f7f381931541030d1aca0", "b22d2e2f2850a578b83ab80b99f3c712395bd53b4d605f14396bbdb910089b3f", "63ef0e482f77540abbadc761522c8175d7e6f4b50a9932b0a98763f05916d913", "4d4b1301cdc29373b5fdaa0b961117b4ea230f3182ff1033a50b75cb33cb6737", "b752731598528ea613850e0ad96c81ae76c9be21e6ab5b44928ce384910d0579"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "script-contains-url", "hashes": ["58e289ed1bec0909bd490687c84bc81a754050028894cad20e045ea684106f87", "9b8f4ffb5c45eab8a4b1d2ddf7dca2d0e3c3a11cb9ff989ad78b18891ba4267b", "b15b22c579087019a0bca33bd562bda64716b53854d1068024ecc2fd7db6a215", "9e32c538f726a4dd30284cbe9427fbc3bd8daef548fddd35b9a0c1947028cba1", "c7fc0618631d7a46cd16ed17a0edf1ea25dd9d3766536ffb35aa74c0b2cae931", "6ac332b34addca8a68fc3808e412bd094202cdae8b1f7f381931541030d1aca0", "b22d2e2f2850a578b83ab80b99f3c712395bd53b4d605f14396bbdb910089b3f", "63ef0e482f77540abbadc761522c8175d7e6f4b50a9932b0a98763f05916d913", "4d4b1301cdc29373b5fdaa0b961117b4ea230f3182ff1033a50b75cb33cb6737", "b752731598528ea613850e0ad96c81ae76c9be21e6ab5b44928ce384910d0579"], "mitre_attack_tags": []}, {"bi": "js-uses-fromcharcode", "hashes": ["58e289ed1bec0909bd490687c84bc81a754050028894cad20e045ea684106f87", "9b8f4ffb5c45eab8a4b1d2ddf7dca2d0e3c3a11cb9ff989ad78b18891ba4267b", "b15b22c579087019a0bca33bd562bda64716b53854d1068024ecc2fd7db6a215", "9e32c538f726a4dd30284cbe9427fbc3bd8daef548fddd35b9a0c1947028cba1", "c7fc0618631d7a46cd16ed17a0edf1ea25dd9d3766536ffb35aa74c0b2cae931", "6ac332b34addca8a68fc3808e412bd094202cdae8b1f7f381931541030d1aca0", "b22d2e2f2850a578b83ab80b99f3c712395bd53b4d605f14396bbdb910089b3f", "63ef0e482f77540abbadc761522c8175d7e6f4b50a9932b0a98763f05916d913", "4d4b1301cdc29373b5fdaa0b961117b4ea230f3182ff1033a50b75cb33cb6737", "b752731598528ea613850e0ad96c81ae76c9be21e6ab5b44928ce384910d0579"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "js-uses-eval", "hashes": ["58e289ed1bec0909bd490687c84bc81a754050028894cad20e045ea684106f87", "9b8f4ffb5c45eab8a4b1d2ddf7dca2d0e3c3a11cb9ff989ad78b18891ba4267b", "b15b22c579087019a0bca33bd562bda64716b53854d1068024ecc2fd7db6a215", "9e32c538f726a4dd30284cbe9427fbc3bd8daef548fddd35b9a0c1947028cba1", "c7fc0618631d7a46cd16ed17a0edf1ea25dd9d3766536ffb35aa74c0b2cae931", "6ac332b34addca8a68fc3808e412bd094202cdae8b1f7f381931541030d1aca0", "b22d2e2f2850a578b83ab80b99f3c712395bd53b4d605f14396bbdb910089b3f", "63ef0e482f77540abbadc761522c8175d7e6f4b50a9932b0a98763f05916d913", "4d4b1301cdc29373b5fdaa0b961117b4ea230f3182ff1033a50b75cb33cb6737", "b752731598528ea613850e0ad96c81ae76c9be21e6ab5b44928ce384910d0579"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "js-contains-massive-strings", "hashes": ["58e289ed1bec0909bd490687c84bc81a754050028894cad20e045ea684106f87", "9b8f4ffb5c45eab8a4b1d2ddf7dca2d0e3c3a11cb9ff989ad78b18891ba4267b", "b15b22c579087019a0bca33bd562bda64716b53854d1068024ecc2fd7db6a215", "9e32c538f726a4dd30284cbe9427fbc3bd8daef548fddd35b9a0c1947028cba1", "c7fc0618631d7a46cd16ed17a0edf1ea25dd9d3766536ffb35aa74c0b2cae931", "6ac332b34addca8a68fc3808e412bd094202cdae8b1f7f381931541030d1aca0", "b22d2e2f2850a578b83ab80b99f3c712395bd53b4d605f14396bbdb910089b3f", "63ef0e482f77540abbadc761522c8175d7e6f4b50a9932b0a98763f05916d913", "4d4b1301cdc29373b5fdaa0b961117b4ea230f3182ff1033a50b75cb33cb6737", "b752731598528ea613850e0ad96c81ae76c9be21e6ab5b44928ce384910d0579"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "browser-firefox-extension", "hashes": ["58e289ed1bec0909bd490687c84bc81a754050028894cad20e045ea684106f87", "9b8f4ffb5c45eab8a4b1d2ddf7dca2d0e3c3a11cb9ff989ad78b18891ba4267b", "b15b22c579087019a0bca33bd562bda64716b53854d1068024ecc2fd7db6a215", "9e32c538f726a4dd30284cbe9427fbc3bd8daef548fddd35b9a0c1947028cba1", "c7fc0618631d7a46cd16ed17a0edf1ea25dd9d3766536ffb35aa74c0b2cae931", "6ac332b34addca8a68fc3808e412bd094202cdae8b1f7f381931541030d1aca0", "b22d2e2f2850a578b83ab80b99f3c712395bd53b4d605f14396bbdb910089b3f", "63ef0e482f77540abbadc761522c8175d7e6f4b50a9932b0a98763f05916d913", "4d4b1301cdc29373b5fdaa0b961117b4ea230f3182ff1033a50b75cb33cb6737", "b752731598528ea613850e0ad96c81ae76c9be21e6ab5b44928ce384910d0579"], "mitre_attack_tags": ["TA0003", "T1176"]}, {"bi": "js-tostring-method-detected", "hashes": ["58e289ed1bec0909bd490687c84bc81a754050028894cad20e045ea684106f87", "9b8f4ffb5c45eab8a4b1d2ddf7dca2d0e3c3a11cb9ff989ad78b18891ba4267b", "b15b22c579087019a0bca33bd562bda64716b53854d1068024ecc2fd7db6a215", "9e32c538f726a4dd30284cbe9427fbc3bd8daef548fddd35b9a0c1947028cba1", "c7fc0618631d7a46cd16ed17a0edf1ea25dd9d3766536ffb35aa74c0b2cae931", "6ac332b34addca8a68fc3808e412bd094202cdae8b1f7f381931541030d1aca0", "b22d2e2f2850a578b83ab80b99f3c712395bd53b4d605f14396bbdb910089b3f", "63ef0e482f77540abbadc761522c8175d7e6f4b50a9932b0a98763f05916d913", "4d4b1301cdc29373b5fdaa0b961117b4ea230f3182ff1033a50b75cb33cb6737", "b752731598528ea613850e0ad96c81ae76c9be21e6ab5b44928ce384910d0579"], "mitre_attack_tags": []}, {"bi": "excessive-logical-drive-enumeration", "hashes": ["b15b22c579087019a0bca33bd562bda64716b53854d1068024ecc2fd7db6a215", "14a816eca397542177be1b013a8550463aaada0e544428d833d79d247b918a04", "c7fc0618631d7a46cd16ed17a0edf1ea25dd9d3766536ffb35aa74c0b2cae931", "6ac332b34addca8a68fc3808e412bd094202cdae8b1f7f381931541030d1aca0", "b22d2e2f2850a578b83ab80b99f3c712395bd53b4d605f14396bbdb910089b3f", "63ef0e482f77540abbadc761522c8175d7e6f4b50a9932b0a98763f05916d913", "b752731598528ea613850e0ad96c81ae76c9be21e6ab5b44928ce384910d0579"], "mitre_attack_tags": ["TA0007", "TA0009", "T1120", "T1025"]}, {"bi": "process-with-multiple-children", "hashes": ["6ac332b34addca8a68fc3808e412bd094202cdae8b1f7f381931541030d1aca0", "b22d2e2f2850a578b83ab80b99f3c712395bd53b4d605f14396bbdb910089b3f"], "mitre_attack_tags": ["TA0005"]}], "category": "Virus", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": false, "Threat Grid": true, "Umbrella": false, "WSA": false}, "description": "Expiro is a known file infector and information-stealer that hinders analysis with anti-debugging and anti-analysis tricks.", "hashes": ["14a816eca397542177be1b013a8550463aaada0e544428d833d79d247b918a04", "4d4b1301cdc29373b5fdaa0b961117b4ea230f3182ff1033a50b75cb33cb6737", "58e289ed1bec0909bd490687c84bc81a754050028894cad20e045ea684106f87", "63ef0e482f77540abbadc761522c8175d7e6f4b50a9932b0a98763f05916d913", "6ac332b34addca8a68fc3808e412bd094202cdae8b1f7f381931541030d1aca0", "9b8f4ffb5c45eab8a4b1d2ddf7dca2d0e3c3a11cb9ff989ad78b18891ba4267b", "9e32c538f726a4dd30284cbe9427fbc3bd8daef548fddd35b9a0c1947028cba1", "b15b22c579087019a0bca33bd562bda64716b53854d1068024ecc2fd7db6a215", "b22d2e2f2850a578b83ab80b99f3c712395bd53b4d605f14396bbdb910089b3f", "b752731598528ea613850e0ad96c81ae76c9be21e6ab5b44928ce384910d0579", "c7fc0618631d7a46cd16ed17a0edf1ea25dd9d3766536ffb35aa74c0b2cae931"], "iocs": {"domain": [], "file": [{"hashes": ["14a816eca397542177be1b013a8550463aaada0e544428d833d79d247b918a04", "4d4b1301cdc29373b5fdaa0b961117b4ea230f3182ff1033a50b75cb33cb6737", "58e289ed1bec0909bd490687c84bc81a754050028894cad20e045ea684106f87", "63ef0e482f77540abbadc761522c8175d7e6f4b50a9932b0a98763f05916d913", "6ac332b34addca8a68fc3808e412bd094202cdae8b1f7f381931541030d1aca0", "9b8f4ffb5c45eab8a4b1d2ddf7dca2d0e3c3a11cb9ff989ad78b18891ba4267b", "9e32c538f726a4dd30284cbe9427fbc3bd8daef548fddd35b9a0c1947028cba1", "b15b22c579087019a0bca33bd562bda64716b53854d1068024ecc2fd7db6a215", "b22d2e2f2850a578b83ab80b99f3c712395bd53b4d605f14396bbdb910089b3f", "b752731598528ea613850e0ad96c81ae76c9be21e6ab5b44928ce384910d0579", "c7fc0618631d7a46cd16ed17a0edf1ea25dd9d3766536ffb35aa74c0b2cae931"], "path": "\\MSOCache\\All Users\\{90140000-0115-0409-0000-0000000FF1CE}-C\\DW20.EXE"}, {"hashes": ["14a816eca397542177be1b013a8550463aaada0e544428d833d79d247b918a04", "4d4b1301cdc29373b5fdaa0b961117b4ea230f3182ff1033a50b75cb33cb6737", "58e289ed1bec0909bd490687c84bc81a754050028894cad20e045ea684106f87", "63ef0e482f77540abbadc761522c8175d7e6f4b50a9932b0a98763f05916d913", "6ac332b34addca8a68fc3808e412bd094202cdae8b1f7f381931541030d1aca0", "9b8f4ffb5c45eab8a4b1d2ddf7dca2d0e3c3a11cb9ff989ad78b18891ba4267b", "9e32c538f726a4dd30284cbe9427fbc3bd8daef548fddd35b9a0c1947028cba1", "b15b22c579087019a0bca33bd562bda64716b53854d1068024ecc2fd7db6a215", "b22d2e2f2850a578b83ab80b99f3c712395bd53b4d605f14396bbdb910089b3f", "b752731598528ea613850e0ad96c81ae76c9be21e6ab5b44928ce384910d0579", "c7fc0618631d7a46cd16ed17a0edf1ea25dd9d3766536ffb35aa74c0b2cae931"], "path": "\\MSOCache\\All Users\\{90140000-0115-0409-0000-0000000FF1CE}-C\\dwtrig20.exe"}, {"hashes": ["14a816eca397542177be1b013a8550463aaada0e544428d833d79d247b918a04", "4d4b1301cdc29373b5fdaa0b961117b4ea230f3182ff1033a50b75cb33cb6737", "58e289ed1bec0909bd490687c84bc81a754050028894cad20e045ea684106f87", "63ef0e482f77540abbadc761522c8175d7e6f4b50a9932b0a98763f05916d913", "6ac332b34addca8a68fc3808e412bd094202cdae8b1f7f381931541030d1aca0", "9b8f4ffb5c45eab8a4b1d2ddf7dca2d0e3c3a11cb9ff989ad78b18891ba4267b", "9e32c538f726a4dd30284cbe9427fbc3bd8daef548fddd35b9a0c1947028cba1", "b15b22c579087019a0bca33bd562bda64716b53854d1068024ecc2fd7db6a215", "b22d2e2f2850a578b83ab80b99f3c712395bd53b4d605f14396bbdb910089b3f", "b752731598528ea613850e0ad96c81ae76c9be21e6ab5b44928ce384910d0579", "c7fc0618631d7a46cd16ed17a0edf1ea25dd9d3766536ffb35aa74c0b2cae931"], "path": "\\MSOCache\\All Users\\{91140000-0011-0000-0000-0000000FF1CE}-C\\ose.exe"}, {"hashes": ["14a816eca397542177be1b013a8550463aaada0e544428d833d79d247b918a04", "4d4b1301cdc29373b5fdaa0b961117b4ea230f3182ff1033a50b75cb33cb6737", "58e289ed1bec0909bd490687c84bc81a754050028894cad20e045ea684106f87", "63ef0e482f77540abbadc761522c8175d7e6f4b50a9932b0a98763f05916d913", "6ac332b34addca8a68fc3808e412bd094202cdae8b1f7f381931541030d1aca0", "9b8f4ffb5c45eab8a4b1d2ddf7dca2d0e3c3a11cb9ff989ad78b18891ba4267b", "9e32c538f726a4dd30284cbe9427fbc3bd8daef548fddd35b9a0c1947028cba1", "b15b22c579087019a0bca33bd562bda64716b53854d1068024ecc2fd7db6a215", "b22d2e2f2850a578b83ab80b99f3c712395bd53b4d605f14396bbdb910089b3f", "b752731598528ea613850e0ad96c81ae76c9be21e6ab5b44928ce384910d0579", "c7fc0618631d7a46cd16ed17a0edf1ea25dd9d3766536ffb35aa74c0b2cae931"], "path": "\\MSOCache\\All Users\\{91140000-0011-0000-0000-0000000FF1CE}-C\\setup.exe"}, {"hashes": ["14a816eca397542177be1b013a8550463aaada0e544428d833d79d247b918a04", "4d4b1301cdc29373b5fdaa0b961117b4ea230f3182ff1033a50b75cb33cb6737", "58e289ed1bec0909bd490687c84bc81a754050028894cad20e045ea684106f87", "63ef0e482f77540abbadc761522c8175d7e6f4b50a9932b0a98763f05916d913", "6ac332b34addca8a68fc3808e412bd094202cdae8b1f7f381931541030d1aca0", "9b8f4ffb5c45eab8a4b1d2ddf7dca2d0e3c3a11cb9ff989ad78b18891ba4267b", "9e32c538f726a4dd30284cbe9427fbc3bd8daef548fddd35b9a0c1947028cba1", "b15b22c579087019a0bca33bd562bda64716b53854d1068024ecc2fd7db6a215", "b22d2e2f2850a578b83ab80b99f3c712395bd53b4d605f14396bbdb910089b3f", "b752731598528ea613850e0ad96c81ae76c9be21e6ab5b44928ce384910d0579", "c7fc0618631d7a46cd16ed17a0edf1ea25dd9d3766536ffb35aa74c0b2cae931"], "path": "%CommonProgramFiles(x86)%\\microsoft shared\\Source Engine\\OSE.EXE"}, {"hashes": ["14a816eca397542177be1b013a8550463aaada0e544428d833d79d247b918a04", "4d4b1301cdc29373b5fdaa0b961117b4ea230f3182ff1033a50b75cb33cb6737", "58e289ed1bec0909bd490687c84bc81a754050028894cad20e045ea684106f87", "63ef0e482f77540abbadc761522c8175d7e6f4b50a9932b0a98763f05916d913", "6ac332b34addca8a68fc3808e412bd094202cdae8b1f7f381931541030d1aca0", "9b8f4ffb5c45eab8a4b1d2ddf7dca2d0e3c3a11cb9ff989ad78b18891ba4267b", "9e32c538f726a4dd30284cbe9427fbc3bd8daef548fddd35b9a0c1947028cba1", "b15b22c579087019a0bca33bd562bda64716b53854d1068024ecc2fd7db6a215", "b22d2e2f2850a578b83ab80b99f3c712395bd53b4d605f14396bbdb910089b3f", "b752731598528ea613850e0ad96c81ae76c9be21e6ab5b44928ce384910d0579", "c7fc0618631d7a46cd16ed17a0edf1ea25dd9d3766536ffb35aa74c0b2cae931"], "path": "%ProgramFiles(x86)%\\Microsoft Office\\Office14\\GROOVE.EXE"}, {"hashes": ["14a816eca397542177be1b013a8550463aaada0e544428d833d79d247b918a04", "4d4b1301cdc29373b5fdaa0b961117b4ea230f3182ff1033a50b75cb33cb6737", "58e289ed1bec0909bd490687c84bc81a754050028894cad20e045ea684106f87", "63ef0e482f77540abbadc761522c8175d7e6f4b50a9932b0a98763f05916d913", "6ac332b34addca8a68fc3808e412bd094202cdae8b1f7f381931541030d1aca0", "9b8f4ffb5c45eab8a4b1d2ddf7dca2d0e3c3a11cb9ff989ad78b18891ba4267b", "9e32c538f726a4dd30284cbe9427fbc3bd8daef548fddd35b9a0c1947028cba1", "b15b22c579087019a0bca33bd562bda64716b53854d1068024ecc2fd7db6a215", "b22d2e2f2850a578b83ab80b99f3c712395bd53b4d605f14396bbdb910089b3f", "b752731598528ea613850e0ad96c81ae76c9be21e6ab5b44928ce384910d0579", "c7fc0618631d7a46cd16ed17a0edf1ea25dd9d3766536ffb35aa74c0b2cae931"], "path": "%ProgramFiles(x86)%\\Mozilla Maintenance Service\\maintenanceservice.exe"}, {"hashes": ["14a816eca397542177be1b013a8550463aaada0e544428d833d79d247b918a04", "4d4b1301cdc29373b5fdaa0b961117b4ea230f3182ff1033a50b75cb33cb6737", "58e289ed1bec0909bd490687c84bc81a754050028894cad20e045ea684106f87", "63ef0e482f77540abbadc761522c8175d7e6f4b50a9932b0a98763f05916d913", "6ac332b34addca8a68fc3808e412bd094202cdae8b1f7f381931541030d1aca0", "9b8f4ffb5c45eab8a4b1d2ddf7dca2d0e3c3a11cb9ff989ad78b18891ba4267b", "9e32c538f726a4dd30284cbe9427fbc3bd8daef548fddd35b9a0c1947028cba1", "b15b22c579087019a0bca33bd562bda64716b53854d1068024ecc2fd7db6a215", "b22d2e2f2850a578b83ab80b99f3c712395bd53b4d605f14396bbdb910089b3f", "b752731598528ea613850e0ad96c81ae76c9be21e6ab5b44928ce384910d0579", "c7fc0618631d7a46cd16ed17a0edf1ea25dd9d3766536ffb35aa74c0b2cae931"], "path": "%SystemRoot%\\Microsoft.NET\\Framework\\v2.0.50727\\mscorsvw.exe"}, {"hashes": ["14a816eca397542177be1b013a8550463aaada0e544428d833d79d247b918a04", "4d4b1301cdc29373b5fdaa0b961117b4ea230f3182ff1033a50b75cb33cb6737", "58e289ed1bec0909bd490687c84bc81a754050028894cad20e045ea684106f87", "63ef0e482f77540abbadc761522c8175d7e6f4b50a9932b0a98763f05916d913", "6ac332b34addca8a68fc3808e412bd094202cdae8b1f7f381931541030d1aca0", "9b8f4ffb5c45eab8a4b1d2ddf7dca2d0e3c3a11cb9ff989ad78b18891ba4267b", "9e32c538f726a4dd30284cbe9427fbc3bd8daef548fddd35b9a0c1947028cba1", "b15b22c579087019a0bca33bd562bda64716b53854d1068024ecc2fd7db6a215", "b22d2e2f2850a578b83ab80b99f3c712395bd53b4d605f14396bbdb910089b3f", "b752731598528ea613850e0ad96c81ae76c9be21e6ab5b44928ce384910d0579", "c7fc0618631d7a46cd16ed17a0edf1ea25dd9d3766536ffb35aa74c0b2cae931"], "path": "%SystemRoot%\\Microsoft.NET\\Framework\\v4.0.30319\\mscorsvw.exe"}, {"hashes": ["14a816eca397542177be1b013a8550463aaada0e544428d833d79d247b918a04", "4d4b1301cdc29373b5fdaa0b961117b4ea230f3182ff1033a50b75cb33cb6737", "58e289ed1bec0909bd490687c84bc81a754050028894cad20e045ea684106f87", "63ef0e482f77540abbadc761522c8175d7e6f4b50a9932b0a98763f05916d913", "6ac332b34addca8a68fc3808e412bd094202cdae8b1f7f381931541030d1aca0", "9b8f4ffb5c45eab8a4b1d2ddf7dca2d0e3c3a11cb9ff989ad78b18891ba4267b", "9e32c538f726a4dd30284cbe9427fbc3bd8daef548fddd35b9a0c1947028cba1", "b15b22c579087019a0bca33bd562bda64716b53854d1068024ecc2fd7db6a215", "b22d2e2f2850a578b83ab80b99f3c712395bd53b4d605f14396bbdb910089b3f", "b752731598528ea613850e0ad96c81ae76c9be21e6ab5b44928ce384910d0579", "c7fc0618631d7a46cd16ed17a0edf1ea25dd9d3766536ffb35aa74c0b2cae931"], "path": "%SystemRoot%\\Microsoft.NET\\Framework\\v2.0.50727\\ngen_service.log"}, {"hashes": ["14a816eca397542177be1b013a8550463aaada0e544428d833d79d247b918a04", "4d4b1301cdc29373b5fdaa0b961117b4ea230f3182ff1033a50b75cb33cb6737", "58e289ed1bec0909bd490687c84bc81a754050028894cad20e045ea684106f87", "63ef0e482f77540abbadc761522c8175d7e6f4b50a9932b0a98763f05916d913", "6ac332b34addca8a68fc3808e412bd094202cdae8b1f7f381931541030d1aca0", "9b8f4ffb5c45eab8a4b1d2ddf7dca2d0e3c3a11cb9ff989ad78b18891ba4267b", "9e32c538f726a4dd30284cbe9427fbc3bd8daef548fddd35b9a0c1947028cba1", "b15b22c579087019a0bca33bd562bda64716b53854d1068024ecc2fd7db6a215", "b22d2e2f2850a578b83ab80b99f3c712395bd53b4d605f14396bbdb910089b3f", "b752731598528ea613850e0ad96c81ae76c9be21e6ab5b44928ce384910d0579", "c7fc0618631d7a46cd16ed17a0edf1ea25dd9d3766536ffb35aa74c0b2cae931"], "path": "%SystemRoot%\\Registration\\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{33EC2C09-9668-4DE7-BCC0-EFC69D7355D7}.crmlog"}, {"hashes": ["14a816eca397542177be1b013a8550463aaada0e544428d833d79d247b918a04", "4d4b1301cdc29373b5fdaa0b961117b4ea230f3182ff1033a50b75cb33cb6737", "58e289ed1bec0909bd490687c84bc81a754050028894cad20e045ea684106f87", "63ef0e482f77540abbadc761522c8175d7e6f4b50a9932b0a98763f05916d913", "6ac332b34addca8a68fc3808e412bd094202cdae8b1f7f381931541030d1aca0", "9b8f4ffb5c45eab8a4b1d2ddf7dca2d0e3c3a11cb9ff989ad78b18891ba4267b", "9e32c538f726a4dd30284cbe9427fbc3bd8daef548fddd35b9a0c1947028cba1", "b15b22c579087019a0bca33bd562bda64716b53854d1068024ecc2fd7db6a215", "b22d2e2f2850a578b83ab80b99f3c712395bd53b4d605f14396bbdb910089b3f", "b752731598528ea613850e0ad96c81ae76c9be21e6ab5b44928ce384910d0579", "c7fc0618631d7a46cd16ed17a0edf1ea25dd9d3766536ffb35aa74c0b2cae931"], "path": "%SystemRoot%\\SysWOW64\\dllhost.exe"}, {"hashes": ["14a816eca397542177be1b013a8550463aaada0e544428d833d79d247b918a04", "4d4b1301cdc29373b5fdaa0b961117b4ea230f3182ff1033a50b75cb33cb6737", "58e289ed1bec0909bd490687c84bc81a754050028894cad20e045ea684106f87", "63ef0e482f77540abbadc761522c8175d7e6f4b50a9932b0a98763f05916d913", "6ac332b34addca8a68fc3808e412bd094202cdae8b1f7f381931541030d1aca0", "9b8f4ffb5c45eab8a4b1d2ddf7dca2d0e3c3a11cb9ff989ad78b18891ba4267b", "9e32c538f726a4dd30284cbe9427fbc3bd8daef548fddd35b9a0c1947028cba1", "b15b22c579087019a0bca33bd562bda64716b53854d1068024ecc2fd7db6a215", "b22d2e2f2850a578b83ab80b99f3c712395bd53b4d605f14396bbdb910089b3f", "b752731598528ea613850e0ad96c81ae76c9be21e6ab5b44928ce384910d0579", "c7fc0618631d7a46cd16ed17a0edf1ea25dd9d3766536ffb35aa74c0b2cae931"], "path": "%SystemRoot%\\SysWOW64\\msiexec.exe"}, {"hashes": ["14a816eca397542177be1b013a8550463aaada0e544428d833d79d247b918a04", "4d4b1301cdc29373b5fdaa0b961117b4ea230f3182ff1033a50b75cb33cb6737", "58e289ed1bec0909bd490687c84bc81a754050028894cad20e045ea684106f87", "63ef0e482f77540abbadc761522c8175d7e6f4b50a9932b0a98763f05916d913", "6ac332b34addca8a68fc3808e412bd094202cdae8b1f7f381931541030d1aca0", "9b8f4ffb5c45eab8a4b1d2ddf7dca2d0e3c3a11cb9ff989ad78b18891ba4267b", "9e32c538f726a4dd30284cbe9427fbc3bd8daef548fddd35b9a0c1947028cba1", "b15b22c579087019a0bca33bd562bda64716b53854d1068024ecc2fd7db6a215", "b22d2e2f2850a578b83ab80b99f3c712395bd53b4d605f14396bbdb910089b3f", "b752731598528ea613850e0ad96c81ae76c9be21e6ab5b44928ce384910d0579", "c7fc0618631d7a46cd16ed17a0edf1ea25dd9d3766536ffb35aa74c0b2cae931"], "path": "%SystemRoot%\\SysWOW64\\svchost.exe"}, {"hashes": ["14a816eca397542177be1b013a8550463aaada0e544428d833d79d247b918a04", "4d4b1301cdc29373b5fdaa0b961117b4ea230f3182ff1033a50b75cb33cb6737", "58e289ed1bec0909bd490687c84bc81a754050028894cad20e045ea684106f87", "63ef0e482f77540abbadc761522c8175d7e6f4b50a9932b0a98763f05916d913", "6ac332b34addca8a68fc3808e412bd094202cdae8b1f7f381931541030d1aca0", "9b8f4ffb5c45eab8a4b1d2ddf7dca2d0e3c3a11cb9ff989ad78b18891ba4267b", "9e32c538f726a4dd30284cbe9427fbc3bd8daef548fddd35b9a0c1947028cba1", "b15b22c579087019a0bca33bd562bda64716b53854d1068024ecc2fd7db6a215", "b22d2e2f2850a578b83ab80b99f3c712395bd53b4d605f14396bbdb910089b3f", "b752731598528ea613850e0ad96c81ae76c9be21e6ab5b44928ce384910d0579", "c7fc0618631d7a46cd16ed17a0edf1ea25dd9d3766536ffb35aa74c0b2cae931"], "path": "%SystemRoot%\\Microsoft.NET\\Framework\\v4.0.30319\\ngen_service.log"}, {"hashes": ["14a816eca397542177be1b013a8550463aaada0e544428d833d79d247b918a04", "4d4b1301cdc29373b5fdaa0b961117b4ea230f3182ff1033a50b75cb33cb6737", "58e289ed1bec0909bd490687c84bc81a754050028894cad20e045ea684106f87", "63ef0e482f77540abbadc761522c8175d7e6f4b50a9932b0a98763f05916d913", "6ac332b34addca8a68fc3808e412bd094202cdae8b1f7f381931541030d1aca0", "9b8f4ffb5c45eab8a4b1d2ddf7dca2d0e3c3a11cb9ff989ad78b18891ba4267b", "9e32c538f726a4dd30284cbe9427fbc3bd8daef548fddd35b9a0c1947028cba1", "b15b22c579087019a0bca33bd562bda64716b53854d1068024ecc2fd7db6a215", "b22d2e2f2850a578b83ab80b99f3c712395bd53b4d605f14396bbdb910089b3f", "b752731598528ea613850e0ad96c81ae76c9be21e6ab5b44928ce384910d0579", "c7fc0618631d7a46cd16ed17a0edf1ea25dd9d3766536ffb35aa74c0b2cae931"], "path": "%SystemRoot%\\SysWOW64\\dllhost.vir"}, {"hashes": ["14a816eca397542177be1b013a8550463aaada0e544428d833d79d247b918a04", "4d4b1301cdc29373b5fdaa0b961117b4ea230f3182ff1033a50b75cb33cb6737", "58e289ed1bec0909bd490687c84bc81a754050028894cad20e045ea684106f87", "63ef0e482f77540abbadc761522c8175d7e6f4b50a9932b0a98763f05916d913", "6ac332b34addca8a68fc3808e412bd094202cdae8b1f7f381931541030d1aca0", "9b8f4ffb5c45eab8a4b1d2ddf7dca2d0e3c3a11cb9ff989ad78b18891ba4267b", "9e32c538f726a4dd30284cbe9427fbc3bd8daef548fddd35b9a0c1947028cba1", "b15b22c579087019a0bca33bd562bda64716b53854d1068024ecc2fd7db6a215", "b22d2e2f2850a578b83ab80b99f3c712395bd53b4d605f14396bbdb910089b3f", "b752731598528ea613850e0ad96c81ae76c9be21e6ab5b44928ce384910d0579", "c7fc0618631d7a46cd16ed17a0edf1ea25dd9d3766536ffb35aa74c0b2cae931"], "path": "%SystemRoot%\\SysWOW64\\msiexec.vir"}, {"hashes": ["14a816eca397542177be1b013a8550463aaada0e544428d833d79d247b918a04", "4d4b1301cdc29373b5fdaa0b961117b4ea230f3182ff1033a50b75cb33cb6737", "58e289ed1bec0909bd490687c84bc81a754050028894cad20e045ea684106f87", "63ef0e482f77540abbadc761522c8175d7e6f4b50a9932b0a98763f05916d913", "6ac332b34addca8a68fc3808e412bd094202cdae8b1f7f381931541030d1aca0", "9b8f4ffb5c45eab8a4b1d2ddf7dca2d0e3c3a11cb9ff989ad78b18891ba4267b", "9e32c538f726a4dd30284cbe9427fbc3bd8daef548fddd35b9a0c1947028cba1", "b15b22c579087019a0bca33bd562bda64716b53854d1068024ecc2fd7db6a215", "b22d2e2f2850a578b83ab80b99f3c712395bd53b4d605f14396bbdb910089b3f", "b752731598528ea613850e0ad96c81ae76c9be21e6ab5b44928ce384910d0579", "c7fc0618631d7a46cd16ed17a0edf1ea25dd9d3766536ffb35aa74c0b2cae931"], "path": "%SystemRoot%\\SysWOW64\\svchost.vir"}, {"hashes": ["14a816eca397542177be1b013a8550463aaada0e544428d833d79d247b918a04", "4d4b1301cdc29373b5fdaa0b961117b4ea230f3182ff1033a50b75cb33cb6737", "58e289ed1bec0909bd490687c84bc81a754050028894cad20e045ea684106f87", "63ef0e482f77540abbadc761522c8175d7e6f4b50a9932b0a98763f05916d913", "6ac332b34addca8a68fc3808e412bd094202cdae8b1f7f381931541030d1aca0", "9b8f4ffb5c45eab8a4b1d2ddf7dca2d0e3c3a11cb9ff989ad78b18891ba4267b", "9e32c538f726a4dd30284cbe9427fbc3bd8daef548fddd35b9a0c1947028cba1", "b15b22c579087019a0bca33bd562bda64716b53854d1068024ecc2fd7db6a215", "b22d2e2f2850a578b83ab80b99f3c712395bd53b4d605f14396bbdb910089b3f", "b752731598528ea613850e0ad96c81ae76c9be21e6ab5b44928ce384910d0579", "c7fc0618631d7a46cd16ed17a0edf1ea25dd9d3766536ffb35aa74c0b2cae931"], "path": "%APPDATA%\\Mozilla\\Firefox\\Profiles\\<profile ID>.default\\extensions"}, {"hashes": ["14a816eca397542177be1b013a8550463aaada0e544428d833d79d247b918a04", "4d4b1301cdc29373b5fdaa0b961117b4ea230f3182ff1033a50b75cb33cb6737", "58e289ed1bec0909bd490687c84bc81a754050028894cad20e045ea684106f87", "63ef0e482f77540abbadc761522c8175d7e6f4b50a9932b0a98763f05916d913", "6ac332b34addca8a68fc3808e412bd094202cdae8b1f7f381931541030d1aca0", "9b8f4ffb5c45eab8a4b1d2ddf7dca2d0e3c3a11cb9ff989ad78b18891ba4267b", "9e32c538f726a4dd30284cbe9427fbc3bd8daef548fddd35b9a0c1947028cba1", "b15b22c579087019a0bca33bd562bda64716b53854d1068024ecc2fd7db6a215", "b22d2e2f2850a578b83ab80b99f3c712395bd53b4d605f14396bbdb910089b3f", "b752731598528ea613850e0ad96c81ae76c9be21e6ab5b44928ce384910d0579", "c7fc0618631d7a46cd16ed17a0edf1ea25dd9d3766536ffb35aa74c0b2cae931"], "path": "%SystemRoot%\\Microsoft.NET\\Framework\\v4.0.30319\\ngenservicelock.dat"}, {"hashes": ["14a816eca397542177be1b013a8550463aaada0e544428d833d79d247b918a04", "4d4b1301cdc29373b5fdaa0b961117b4ea230f3182ff1033a50b75cb33cb6737", "58e289ed1bec0909bd490687c84bc81a754050028894cad20e045ea684106f87", "63ef0e482f77540abbadc761522c8175d7e6f4b50a9932b0a98763f05916d913", "6ac332b34addca8a68fc3808e412bd094202cdae8b1f7f381931541030d1aca0", "9b8f4ffb5c45eab8a4b1d2ddf7dca2d0e3c3a11cb9ff989ad78b18891ba4267b", "9e32c538f726a4dd30284cbe9427fbc3bd8daef548fddd35b9a0c1947028cba1", "b15b22c579087019a0bca33bd562bda64716b53854d1068024ecc2fd7db6a215", "b22d2e2f2850a578b83ab80b99f3c712395bd53b4d605f14396bbdb910089b3f", "b752731598528ea613850e0ad96c81ae76c9be21e6ab5b44928ce384910d0579", "c7fc0618631d7a46cd16ed17a0edf1ea25dd9d3766536ffb35aa74c0b2cae931"], "path": "%SystemRoot%\\Microsoft.NET\\Framework\\v2.0.50727\\ngen_service.lock"}, {"hashes": ["14a816eca397542177be1b013a8550463aaada0e544428d833d79d247b918a04", "4d4b1301cdc29373b5fdaa0b961117b4ea230f3182ff1033a50b75cb33cb6737", "58e289ed1bec0909bd490687c84bc81a754050028894cad20e045ea684106f87", "63ef0e482f77540abbadc761522c8175d7e6f4b50a9932b0a98763f05916d913", "6ac332b34addca8a68fc3808e412bd094202cdae8b1f7f381931541030d1aca0", "9b8f4ffb5c45eab8a4b1d2ddf7dca2d0e3c3a11cb9ff989ad78b18891ba4267b", "9e32c538f726a4dd30284cbe9427fbc3bd8daef548fddd35b9a0c1947028cba1", "b15b22c579087019a0bca33bd562bda64716b53854d1068024ecc2fd7db6a215", "b22d2e2f2850a578b83ab80b99f3c712395bd53b4d605f14396bbdb910089b3f", "b752731598528ea613850e0ad96c81ae76c9be21e6ab5b44928ce384910d0579", "c7fc0618631d7a46cd16ed17a0edf1ea25dd9d3766536ffb35aa74c0b2cae931"], "path": "%SystemRoot%\\Microsoft.NET\\Framework\\v2.0.50727\\ngenservicelock.dat"}, {"hashes": ["14a816eca397542177be1b013a8550463aaada0e544428d833d79d247b918a04", "4d4b1301cdc29373b5fdaa0b961117b4ea230f3182ff1033a50b75cb33cb6737", "58e289ed1bec0909bd490687c84bc81a754050028894cad20e045ea684106f87", "63ef0e482f77540abbadc761522c8175d7e6f4b50a9932b0a98763f05916d913", "6ac332b34addca8a68fc3808e412bd094202cdae8b1f7f381931541030d1aca0", "9b8f4ffb5c45eab8a4b1d2ddf7dca2d0e3c3a11cb9ff989ad78b18891ba4267b", "9e32c538f726a4dd30284cbe9427fbc3bd8daef548fddd35b9a0c1947028cba1", "b15b22c579087019a0bca33bd562bda64716b53854d1068024ecc2fd7db6a215", "b22d2e2f2850a578b83ab80b99f3c712395bd53b4d605f14396bbdb910089b3f", "b752731598528ea613850e0ad96c81ae76c9be21e6ab5b44928ce384910d0579", "c7fc0618631d7a46cd16ed17a0edf1ea25dd9d3766536ffb35aa74c0b2cae931"], "path": "\\MSOCache\\All Users\\{90140000-0115-0409-0000-0000000FF1CE}-C\\DW20.vir"}, {"hashes": ["14a816eca397542177be1b013a8550463aaada0e544428d833d79d247b918a04", "4d4b1301cdc29373b5fdaa0b961117b4ea230f3182ff1033a50b75cb33cb6737", "58e289ed1bec0909bd490687c84bc81a754050028894cad20e045ea684106f87", "63ef0e482f77540abbadc761522c8175d7e6f4b50a9932b0a98763f05916d913", "6ac332b34addca8a68fc3808e412bd094202cdae8b1f7f381931541030d1aca0", "9b8f4ffb5c45eab8a4b1d2ddf7dca2d0e3c3a11cb9ff989ad78b18891ba4267b", "9e32c538f726a4dd30284cbe9427fbc3bd8daef548fddd35b9a0c1947028cba1", "b15b22c579087019a0bca33bd562bda64716b53854d1068024ecc2fd7db6a215", "b22d2e2f2850a578b83ab80b99f3c712395bd53b4d605f14396bbdb910089b3f", "b752731598528ea613850e0ad96c81ae76c9be21e6ab5b44928ce384910d0579", "c7fc0618631d7a46cd16ed17a0edf1ea25dd9d3766536ffb35aa74c0b2cae931"], "path": "\\MSOCache\\All Users\\{90140000-0115-0409-0000-0000000FF1CE}-C\\dwtrig20.vir"}, {"hashes": ["14a816eca397542177be1b013a8550463aaada0e544428d833d79d247b918a04", "4d4b1301cdc29373b5fdaa0b961117b4ea230f3182ff1033a50b75cb33cb6737", "58e289ed1bec0909bd490687c84bc81a754050028894cad20e045ea684106f87", "63ef0e482f77540abbadc761522c8175d7e6f4b50a9932b0a98763f05916d913", "6ac332b34addca8a68fc3808e412bd094202cdae8b1f7f381931541030d1aca0", "9b8f4ffb5c45eab8a4b1d2ddf7dca2d0e3c3a11cb9ff989ad78b18891ba4267b", "9e32c538f726a4dd30284cbe9427fbc3bd8daef548fddd35b9a0c1947028cba1", "b15b22c579087019a0bca33bd562bda64716b53854d1068024ecc2fd7db6a215", "b22d2e2f2850a578b83ab80b99f3c712395bd53b4d605f14396bbdb910089b3f", "b752731598528ea613850e0ad96c81ae76c9be21e6ab5b44928ce384910d0579", "c7fc0618631d7a46cd16ed17a0edf1ea25dd9d3766536ffb35aa74c0b2cae931"], "path": "\\MSOCache\\All Users\\{91140000-0011-0000-0000-0000000FF1CE}-C\\ose.vir"}, {"hashes": ["14a816eca397542177be1b013a8550463aaada0e544428d833d79d247b918a04", "4d4b1301cdc29373b5fdaa0b961117b4ea230f3182ff1033a50b75cb33cb6737", "58e289ed1bec0909bd490687c84bc81a754050028894cad20e045ea684106f87", "63ef0e482f77540abbadc761522c8175d7e6f4b50a9932b0a98763f05916d913", "6ac332b34addca8a68fc3808e412bd094202cdae8b1f7f381931541030d1aca0", "9b8f4ffb5c45eab8a4b1d2ddf7dca2d0e3c3a11cb9ff989ad78b18891ba4267b", "9e32c538f726a4dd30284cbe9427fbc3bd8daef548fddd35b9a0c1947028cba1", "b15b22c579087019a0bca33bd562bda64716b53854d1068024ecc2fd7db6a215", "b22d2e2f2850a578b83ab80b99f3c712395bd53b4d605f14396bbdb910089b3f", "b752731598528ea613850e0ad96c81ae76c9be21e6ab5b44928ce384910d0579", "c7fc0618631d7a46cd16ed17a0edf1ea25dd9d3766536ffb35aa74c0b2cae931"], "path": "\\MSOCache\\All Users\\{91140000-0011-0000-0000-0000000FF1CE}-C\\setup.vir"}, {"hashes": ["14a816eca397542177be1b013a8550463aaada0e544428d833d79d247b918a04", "4d4b1301cdc29373b5fdaa0b961117b4ea230f3182ff1033a50b75cb33cb6737", "58e289ed1bec0909bd490687c84bc81a754050028894cad20e045ea684106f87", "63ef0e482f77540abbadc761522c8175d7e6f4b50a9932b0a98763f05916d913", "6ac332b34addca8a68fc3808e412bd094202cdae8b1f7f381931541030d1aca0", "9b8f4ffb5c45eab8a4b1d2ddf7dca2d0e3c3a11cb9ff989ad78b18891ba4267b", "9e32c538f726a4dd30284cbe9427fbc3bd8daef548fddd35b9a0c1947028cba1", "b15b22c579087019a0bca33bd562bda64716b53854d1068024ecc2fd7db6a215", "b22d2e2f2850a578b83ab80b99f3c712395bd53b4d605f14396bbdb910089b3f", "b752731598528ea613850e0ad96c81ae76c9be21e6ab5b44928ce384910d0579", "c7fc0618631d7a46cd16ed17a0edf1ea25dd9d3766536ffb35aa74c0b2cae931"], "path": "%APPDATA%\\Mozilla\\Firefox\\Profiles\\<profile ID>.default\\extensions\\{ec9032c7-c20a-464f-7b0e-13a3a9e97385}"}, {"hashes": ["14a816eca397542177be1b013a8550463aaada0e544428d833d79d247b918a04", "4d4b1301cdc29373b5fdaa0b961117b4ea230f3182ff1033a50b75cb33cb6737", "58e289ed1bec0909bd490687c84bc81a754050028894cad20e045ea684106f87", "63ef0e482f77540abbadc761522c8175d7e6f4b50a9932b0a98763f05916d913", "6ac332b34addca8a68fc3808e412bd094202cdae8b1f7f381931541030d1aca0", "9b8f4ffb5c45eab8a4b1d2ddf7dca2d0e3c3a11cb9ff989ad78b18891ba4267b", "9e32c538f726a4dd30284cbe9427fbc3bd8daef548fddd35b9a0c1947028cba1", "b15b22c579087019a0bca33bd562bda64716b53854d1068024ecc2fd7db6a215", "b22d2e2f2850a578b83ab80b99f3c712395bd53b4d605f14396bbdb910089b3f", "b752731598528ea613850e0ad96c81ae76c9be21e6ab5b44928ce384910d0579", "c7fc0618631d7a46cd16ed17a0edf1ea25dd9d3766536ffb35aa74c0b2cae931"], "path": "%APPDATA%\\Mozilla\\Firefox\\Profiles\\<profile ID>.default\\extensions\\{ec9032c7-c20a-464f-7b0e-13a3a9e97385}\\chrome"}, {"hashes": ["14a816eca397542177be1b013a8550463aaada0e544428d833d79d247b918a04", "4d4b1301cdc29373b5fdaa0b961117b4ea230f3182ff1033a50b75cb33cb6737", "58e289ed1bec0909bd490687c84bc81a754050028894cad20e045ea684106f87", "63ef0e482f77540abbadc761522c8175d7e6f4b50a9932b0a98763f05916d913", "6ac332b34addca8a68fc3808e412bd094202cdae8b1f7f381931541030d1aca0", "9b8f4ffb5c45eab8a4b1d2ddf7dca2d0e3c3a11cb9ff989ad78b18891ba4267b", "9e32c538f726a4dd30284cbe9427fbc3bd8daef548fddd35b9a0c1947028cba1", "b15b22c579087019a0bca33bd562bda64716b53854d1068024ecc2fd7db6a215", "b22d2e2f2850a578b83ab80b99f3c712395bd53b4d605f14396bbdb910089b3f", "b752731598528ea613850e0ad96c81ae76c9be21e6ab5b44928ce384910d0579", "c7fc0618631d7a46cd16ed17a0edf1ea25dd9d3766536ffb35aa74c0b2cae931"], "path": "%APPDATA%\\Mozilla\\Firefox\\Profiles\\<profile ID>.default\\extensions\\{ec9032c7-c20a-464f-7b0e-13a3a9e97385}\\chrome.manifest"}, {"hashes": ["14a816eca397542177be1b013a8550463aaada0e544428d833d79d247b918a04", "4d4b1301cdc29373b5fdaa0b961117b4ea230f3182ff1033a50b75cb33cb6737", "58e289ed1bec0909bd490687c84bc81a754050028894cad20e045ea684106f87", "63ef0e482f77540abbadc761522c8175d7e6f4b50a9932b0a98763f05916d913", "6ac332b34addca8a68fc3808e412bd094202cdae8b1f7f381931541030d1aca0", "9b8f4ffb5c45eab8a4b1d2ddf7dca2d0e3c3a11cb9ff989ad78b18891ba4267b", "9e32c538f726a4dd30284cbe9427fbc3bd8daef548fddd35b9a0c1947028cba1", "b15b22c579087019a0bca33bd562bda64716b53854d1068024ecc2fd7db6a215", "b22d2e2f2850a578b83ab80b99f3c712395bd53b4d605f14396bbdb910089b3f", "b752731598528ea613850e0ad96c81ae76c9be21e6ab5b44928ce384910d0579", "c7fc0618631d7a46cd16ed17a0edf1ea25dd9d3766536ffb35aa74c0b2cae931"], "path": "%APPDATA%\\Mozilla\\Firefox\\Profiles\\<profile ID>.default\\extensions\\{ec9032c7-c20a-464f-7b0e-13a3a9e97385}\\chrome\\content"}, {"hashes": ["14a816eca397542177be1b013a8550463aaada0e544428d833d79d247b918a04", "4d4b1301cdc29373b5fdaa0b961117b4ea230f3182ff1033a50b75cb33cb6737", "58e289ed1bec0909bd490687c84bc81a754050028894cad20e045ea684106f87", "63ef0e482f77540abbadc761522c8175d7e6f4b50a9932b0a98763f05916d913", "6ac332b34addca8a68fc3808e412bd094202cdae8b1f7f381931541030d1aca0", "9b8f4ffb5c45eab8a4b1d2ddf7dca2d0e3c3a11cb9ff989ad78b18891ba4267b", "9e32c538f726a4dd30284cbe9427fbc3bd8daef548fddd35b9a0c1947028cba1", "b15b22c579087019a0bca33bd562bda64716b53854d1068024ecc2fd7db6a215", "b22d2e2f2850a578b83ab80b99f3c712395bd53b4d605f14396bbdb910089b3f", "b752731598528ea613850e0ad96c81ae76c9be21e6ab5b44928ce384910d0579", "c7fc0618631d7a46cd16ed17a0edf1ea25dd9d3766536ffb35aa74c0b2cae931"], "path": "%APPDATA%\\Mozilla\\Firefox\\Profiles\\<profile ID>.default\\extensions\\{ec9032c7-c20a-464f-7b0e-13a3a9e97385}\\chrome\\content.jar"}, {"hashes": ["14a816eca397542177be1b013a8550463aaada0e544428d833d79d247b918a04", "4d4b1301cdc29373b5fdaa0b961117b4ea230f3182ff1033a50b75cb33cb6737", "58e289ed1bec0909bd490687c84bc81a754050028894cad20e045ea684106f87", "63ef0e482f77540abbadc761522c8175d7e6f4b50a9932b0a98763f05916d913", "6ac332b34addca8a68fc3808e412bd094202cdae8b1f7f381931541030d1aca0", "9b8f4ffb5c45eab8a4b1d2ddf7dca2d0e3c3a11cb9ff989ad78b18891ba4267b", "9e32c538f726a4dd30284cbe9427fbc3bd8daef548fddd35b9a0c1947028cba1", "b15b22c579087019a0bca33bd562bda64716b53854d1068024ecc2fd7db6a215", "b22d2e2f2850a578b83ab80b99f3c712395bd53b4d605f14396bbdb910089b3f", "b752731598528ea613850e0ad96c81ae76c9be21e6ab5b44928ce384910d0579", "c7fc0618631d7a46cd16ed17a0edf1ea25dd9d3766536ffb35aa74c0b2cae931"], "path": "%APPDATA%\\Mozilla\\Firefox\\Profiles\\<profile ID>.default\\extensions\\{ec9032c7-c20a-464f-7b0e-13a3a9e97385}\\components"}, {"hashes": ["14a816eca397542177be1b013a8550463aaada0e544428d833d79d247b918a04", "4d4b1301cdc29373b5fdaa0b961117b4ea230f3182ff1033a50b75cb33cb6737", "58e289ed1bec0909bd490687c84bc81a754050028894cad20e045ea684106f87", "63ef0e482f77540abbadc761522c8175d7e6f4b50a9932b0a98763f05916d913", "6ac332b34addca8a68fc3808e412bd094202cdae8b1f7f381931541030d1aca0", "9b8f4ffb5c45eab8a4b1d2ddf7dca2d0e3c3a11cb9ff989ad78b18891ba4267b", "9e32c538f726a4dd30284cbe9427fbc3bd8daef548fddd35b9a0c1947028cba1", "b15b22c579087019a0bca33bd562bda64716b53854d1068024ecc2fd7db6a215", "b22d2e2f2850a578b83ab80b99f3c712395bd53b4d605f14396bbdb910089b3f", "b752731598528ea613850e0ad96c81ae76c9be21e6ab5b44928ce384910d0579", "c7fc0618631d7a46cd16ed17a0edf1ea25dd9d3766536ffb35aa74c0b2cae931"], "path": "%APPDATA%\\Mozilla\\Firefox\\Profiles\\<profile ID>.default\\extensions\\{ec9032c7-c20a-464f-7b0e-13a3a9e97385}\\components\\red.js"}, {"hashes": ["14a816eca397542177be1b013a8550463aaada0e544428d833d79d247b918a04", "4d4b1301cdc29373b5fdaa0b961117b4ea230f3182ff1033a50b75cb33cb6737", "58e289ed1bec0909bd490687c84bc81a754050028894cad20e045ea684106f87", "63ef0e482f77540abbadc761522c8175d7e6f4b50a9932b0a98763f05916d913", "6ac332b34addca8a68fc3808e412bd094202cdae8b1f7f381931541030d1aca0", "9b8f4ffb5c45eab8a4b1d2ddf7dca2d0e3c3a11cb9ff989ad78b18891ba4267b", "9e32c538f726a4dd30284cbe9427fbc3bd8daef548fddd35b9a0c1947028cba1", "b15b22c579087019a0bca33bd562bda64716b53854d1068024ecc2fd7db6a215", "b22d2e2f2850a578b83ab80b99f3c712395bd53b4d605f14396bbdb910089b3f", "b752731598528ea613850e0ad96c81ae76c9be21e6ab5b44928ce384910d0579", "c7fc0618631d7a46cd16ed17a0edf1ea25dd9d3766536ffb35aa74c0b2cae931"], "path": "%APPDATA%\\Mozilla\\Firefox\\Profiles\\<profile ID>.default\\extensions\\{ec9032c7-c20a-464f-7b0e-13a3a9e97385}\\install.rdf"}, {"hashes": ["14a816eca397542177be1b013a8550463aaada0e544428d833d79d247b918a04", "4d4b1301cdc29373b5fdaa0b961117b4ea230f3182ff1033a50b75cb33cb6737", "58e289ed1bec0909bd490687c84bc81a754050028894cad20e045ea684106f87", "63ef0e482f77540abbadc761522c8175d7e6f4b50a9932b0a98763f05916d913", "6ac332b34addca8a68fc3808e412bd094202cdae8b1f7f381931541030d1aca0", "9b8f4ffb5c45eab8a4b1d2ddf7dca2d0e3c3a11cb9ff989ad78b18891ba4267b", "9e32c538f726a4dd30284cbe9427fbc3bd8daef548fddd35b9a0c1947028cba1", "b15b22c579087019a0bca33bd562bda64716b53854d1068024ecc2fd7db6a215", "b22d2e2f2850a578b83ab80b99f3c712395bd53b4d605f14396bbdb910089b3f", "b752731598528ea613850e0ad96c81ae76c9be21e6ab5b44928ce384910d0579", "c7fc0618631d7a46cd16ed17a0edf1ea25dd9d3766536ffb35aa74c0b2cae931"], "path": "%CommonProgramFiles(x86)%\\microsoft shared\\source engine\\ose.vir"}, {"hashes": ["14a816eca397542177be1b013a8550463aaada0e544428d833d79d247b918a04", "4d4b1301cdc29373b5fdaa0b961117b4ea230f3182ff1033a50b75cb33cb6737", "58e289ed1bec0909bd490687c84bc81a754050028894cad20e045ea684106f87", "63ef0e482f77540abbadc761522c8175d7e6f4b50a9932b0a98763f05916d913", "6ac332b34addca8a68fc3808e412bd094202cdae8b1f7f381931541030d1aca0", "9b8f4ffb5c45eab8a4b1d2ddf7dca2d0e3c3a11cb9ff989ad78b18891ba4267b", "9e32c538f726a4dd30284cbe9427fbc3bd8daef548fddd35b9a0c1947028cba1", "b15b22c579087019a0bca33bd562bda64716b53854d1068024ecc2fd7db6a215", "b22d2e2f2850a578b83ab80b99f3c712395bd53b4d605f14396bbdb910089b3f", "b752731598528ea613850e0ad96c81ae76c9be21e6ab5b44928ce384910d0579", "c7fc0618631d7a46cd16ed17a0edf1ea25dd9d3766536ffb35aa74c0b2cae931"], "path": "%ProgramFiles(x86)%\\microsoft office\\office14\\groove.vir"}, {"hashes": ["14a816eca397542177be1b013a8550463aaada0e544428d833d79d247b918a04", "4d4b1301cdc29373b5fdaa0b961117b4ea230f3182ff1033a50b75cb33cb6737", "58e289ed1bec0909bd490687c84bc81a754050028894cad20e045ea684106f87", "63ef0e482f77540abbadc761522c8175d7e6f4b50a9932b0a98763f05916d913", "6ac332b34addca8a68fc3808e412bd094202cdae8b1f7f381931541030d1aca0", "9b8f4ffb5c45eab8a4b1d2ddf7dca2d0e3c3a11cb9ff989ad78b18891ba4267b", "9e32c538f726a4dd30284cbe9427fbc3bd8daef548fddd35b9a0c1947028cba1", "b15b22c579087019a0bca33bd562bda64716b53854d1068024ecc2fd7db6a215", "b22d2e2f2850a578b83ab80b99f3c712395bd53b4d605f14396bbdb910089b3f", "b752731598528ea613850e0ad96c81ae76c9be21e6ab5b44928ce384910d0579", "c7fc0618631d7a46cd16ed17a0edf1ea25dd9d3766536ffb35aa74c0b2cae931"], "path": "%ProgramFiles(x86)%\\mozilla maintenance service\\maintenanceservice.vir"}, {"hashes": ["14a816eca397542177be1b013a8550463aaada0e544428d833d79d247b918a04", "4d4b1301cdc29373b5fdaa0b961117b4ea230f3182ff1033a50b75cb33cb6737", "58e289ed1bec0909bd490687c84bc81a754050028894cad20e045ea684106f87", "63ef0e482f77540abbadc761522c8175d7e6f4b50a9932b0a98763f05916d913", "6ac332b34addca8a68fc3808e412bd094202cdae8b1f7f381931541030d1aca0", "9b8f4ffb5c45eab8a4b1d2ddf7dca2d0e3c3a11cb9ff989ad78b18891ba4267b", "9e32c538f726a4dd30284cbe9427fbc3bd8daef548fddd35b9a0c1947028cba1", "b15b22c579087019a0bca33bd562bda64716b53854d1068024ecc2fd7db6a215", "b22d2e2f2850a578b83ab80b99f3c712395bd53b4d605f14396bbdb910089b3f", "b752731598528ea613850e0ad96c81ae76c9be21e6ab5b44928ce384910d0579", "c7fc0618631d7a46cd16ed17a0edf1ea25dd9d3766536ffb35aa74c0b2cae931"], "path": "%SystemRoot%\\microsoft.net\\framework\\v2.0.50727\\mscorsvw.vir"}, {"hashes": ["14a816eca397542177be1b013a8550463aaada0e544428d833d79d247b918a04", "4d4b1301cdc29373b5fdaa0b961117b4ea230f3182ff1033a50b75cb33cb6737", "58e289ed1bec0909bd490687c84bc81a754050028894cad20e045ea684106f87", "63ef0e482f77540abbadc761522c8175d7e6f4b50a9932b0a98763f05916d913", "6ac332b34addca8a68fc3808e412bd094202cdae8b1f7f381931541030d1aca0", "9b8f4ffb5c45eab8a4b1d2ddf7dca2d0e3c3a11cb9ff989ad78b18891ba4267b", "9e32c538f726a4dd30284cbe9427fbc3bd8daef548fddd35b9a0c1947028cba1", "b15b22c579087019a0bca33bd562bda64716b53854d1068024ecc2fd7db6a215", "b22d2e2f2850a578b83ab80b99f3c712395bd53b4d605f14396bbdb910089b3f", "b752731598528ea613850e0ad96c81ae76c9be21e6ab5b44928ce384910d0579", "c7fc0618631d7a46cd16ed17a0edf1ea25dd9d3766536ffb35aa74c0b2cae931"], "path": "%SystemRoot%\\microsoft.net\\framework\\v4.0.30319\\mscorsvw.vir"}, {"hashes": ["14a816eca397542177be1b013a8550463aaada0e544428d833d79d247b918a04", "4d4b1301cdc29373b5fdaa0b961117b4ea230f3182ff1033a50b75cb33cb6737", "58e289ed1bec0909bd490687c84bc81a754050028894cad20e045ea684106f87", "63ef0e482f77540abbadc761522c8175d7e6f4b50a9932b0a98763f05916d913", "6ac332b34addca8a68fc3808e412bd094202cdae8b1f7f381931541030d1aca0", "9b8f4ffb5c45eab8a4b1d2ddf7dca2d0e3c3a11cb9ff989ad78b18891ba4267b", "9e32c538f726a4dd30284cbe9427fbc3bd8daef548fddd35b9a0c1947028cba1", "b15b22c579087019a0bca33bd562bda64716b53854d1068024ecc2fd7db6a215", "b22d2e2f2850a578b83ab80b99f3c712395bd53b4d605f14396bbdb910089b3f", "b752731598528ea613850e0ad96c81ae76c9be21e6ab5b44928ce384910d0579", "c7fc0618631d7a46cd16ed17a0edf1ea25dd9d3766536ffb35aa74c0b2cae931"], "path": "%ProgramFiles%\\7-Zip\\Uninstall.exe"}, {"hashes": ["14a816eca397542177be1b013a8550463aaada0e544428d833d79d247b918a04", "4d4b1301cdc29373b5fdaa0b961117b4ea230f3182ff1033a50b75cb33cb6737", "58e289ed1bec0909bd490687c84bc81a754050028894cad20e045ea684106f87", "63ef0e482f77540abbadc761522c8175d7e6f4b50a9932b0a98763f05916d913", "6ac332b34addca8a68fc3808e412bd094202cdae8b1f7f381931541030d1aca0", "9b8f4ffb5c45eab8a4b1d2ddf7dca2d0e3c3a11cb9ff989ad78b18891ba4267b", "9e32c538f726a4dd30284cbe9427fbc3bd8daef548fddd35b9a0c1947028cba1", "b15b22c579087019a0bca33bd562bda64716b53854d1068024ecc2fd7db6a215", "b22d2e2f2850a578b83ab80b99f3c712395bd53b4d605f14396bbdb910089b3f", "b752731598528ea613850e0ad96c81ae76c9be21e6ab5b44928ce384910d0579", "c7fc0618631d7a46cd16ed17a0edf1ea25dd9d3766536ffb35aa74c0b2cae931"], "path": "%ProgramFiles%\\7-Zip\\Uninstall.vir"}, {"hashes": ["14a816eca397542177be1b013a8550463aaada0e544428d833d79d247b918a04", "4d4b1301cdc29373b5fdaa0b961117b4ea230f3182ff1033a50b75cb33cb6737", "58e289ed1bec0909bd490687c84bc81a754050028894cad20e045ea684106f87", "63ef0e482f77540abbadc761522c8175d7e6f4b50a9932b0a98763f05916d913", "6ac332b34addca8a68fc3808e412bd094202cdae8b1f7f381931541030d1aca0", "9b8f4ffb5c45eab8a4b1d2ddf7dca2d0e3c3a11cb9ff989ad78b18891ba4267b", "9e32c538f726a4dd30284cbe9427fbc3bd8daef548fddd35b9a0c1947028cba1", "b15b22c579087019a0bca33bd562bda64716b53854d1068024ecc2fd7db6a215", "b22d2e2f2850a578b83ab80b99f3c712395bd53b4d605f14396bbdb910089b3f", "b752731598528ea613850e0ad96c81ae76c9be21e6ab5b44928ce384910d0579", "c7fc0618631d7a46cd16ed17a0edf1ea25dd9d3766536ffb35aa74c0b2cae931"], "path": "%SystemRoot%\\Microsoft.NET\\Framework\\v4.0.30319\\ngenofflinequeuelock.dat"}, {"hashes": ["14a816eca397542177be1b013a8550463aaada0e544428d833d79d247b918a04", "4d4b1301cdc29373b5fdaa0b961117b4ea230f3182ff1033a50b75cb33cb6737", "58e289ed1bec0909bd490687c84bc81a754050028894cad20e045ea684106f87", "63ef0e482f77540abbadc761522c8175d7e6f4b50a9932b0a98763f05916d913", "6ac332b34addca8a68fc3808e412bd094202cdae8b1f7f381931541030d1aca0", "9b8f4ffb5c45eab8a4b1d2ddf7dca2d0e3c3a11cb9ff989ad78b18891ba4267b", "9e32c538f726a4dd30284cbe9427fbc3bd8daef548fddd35b9a0c1947028cba1", "b15b22c579087019a0bca33bd562bda64716b53854d1068024ecc2fd7db6a215", "b22d2e2f2850a578b83ab80b99f3c712395bd53b4d605f14396bbdb910089b3f", "b752731598528ea613850e0ad96c81ae76c9be21e6ab5b44928ce384910d0579", "c7fc0618631d7a46cd16ed17a0edf1ea25dd9d3766536ffb35aa74c0b2cae931"], "path": "%SystemRoot%\\Microsoft.NET\\ngenservice_pri1_lock.dat"}, {"hashes": ["14a816eca397542177be1b013a8550463aaada0e544428d833d79d247b918a04", "4d4b1301cdc29373b5fdaa0b961117b4ea230f3182ff1033a50b75cb33cb6737", "58e289ed1bec0909bd490687c84bc81a754050028894cad20e045ea684106f87", "63ef0e482f77540abbadc761522c8175d7e6f4b50a9932b0a98763f05916d913", "6ac332b34addca8a68fc3808e412bd094202cdae8b1f7f381931541030d1aca0", "9b8f4ffb5c45eab8a4b1d2ddf7dca2d0e3c3a11cb9ff989ad78b18891ba4267b", "9e32c538f726a4dd30284cbe9427fbc3bd8daef548fddd35b9a0c1947028cba1", "b15b22c579087019a0bca33bd562bda64716b53854d1068024ecc2fd7db6a215", "b22d2e2f2850a578b83ab80b99f3c712395bd53b4d605f14396bbdb910089b3f", "b752731598528ea613850e0ad96c81ae76c9be21e6ab5b44928ce384910d0579", "c7fc0618631d7a46cd16ed17a0edf1ea25dd9d3766536ffb35aa74c0b2cae931"], "path": "%SystemRoot%\\Registration\\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{1E2868C5-19BC-4956-A61F-7A8769A242F1}.crmlog"}, {"hashes": ["14a816eca397542177be1b013a8550463aaada0e544428d833d79d247b918a04", "4d4b1301cdc29373b5fdaa0b961117b4ea230f3182ff1033a50b75cb33cb6737", "58e289ed1bec0909bd490687c84bc81a754050028894cad20e045ea684106f87", "63ef0e482f77540abbadc761522c8175d7e6f4b50a9932b0a98763f05916d913", "6ac332b34addca8a68fc3808e412bd094202cdae8b1f7f381931541030d1aca0", "9b8f4ffb5c45eab8a4b1d2ddf7dca2d0e3c3a11cb9ff989ad78b18891ba4267b", "9e32c538f726a4dd30284cbe9427fbc3bd8daef548fddd35b9a0c1947028cba1", "b15b22c579087019a0bca33bd562bda64716b53854d1068024ecc2fd7db6a215", "b22d2e2f2850a578b83ab80b99f3c712395bd53b4d605f14396bbdb910089b3f", "b752731598528ea613850e0ad96c81ae76c9be21e6ab5b44928ce384910d0579", "c7fc0618631d7a46cd16ed17a0edf1ea25dd9d3766536ffb35aa74c0b2cae931"], "path": "%SystemRoot%\\SysWOW64\\cmd.vir"}, {"hashes": ["14a816eca397542177be1b013a8550463aaada0e544428d833d79d247b918a04", "4d4b1301cdc29373b5fdaa0b961117b4ea230f3182ff1033a50b75cb33cb6737", "58e289ed1bec0909bd490687c84bc81a754050028894cad20e045ea684106f87", "63ef0e482f77540abbadc761522c8175d7e6f4b50a9932b0a98763f05916d913", "6ac332b34addca8a68fc3808e412bd094202cdae8b1f7f381931541030d1aca0", "9b8f4ffb5c45eab8a4b1d2ddf7dca2d0e3c3a11cb9ff989ad78b18891ba4267b", "9e32c538f726a4dd30284cbe9427fbc3bd8daef548fddd35b9a0c1947028cba1", "b15b22c579087019a0bca33bd562bda64716b53854d1068024ecc2fd7db6a215", "b22d2e2f2850a578b83ab80b99f3c712395bd53b4d605f14396bbdb910089b3f", "b752731598528ea613850e0ad96c81ae76c9be21e6ab5b44928ce384910d0579", "c7fc0618631d7a46cd16ed17a0edf1ea25dd9d3766536ffb35aa74c0b2cae931"], "path": "%SystemRoot%\\SysWOW64\\cmd.exe"}, {"hashes": ["14a816eca397542177be1b013a8550463aaada0e544428d833d79d247b918a04", "58e289ed1bec0909bd490687c84bc81a754050028894cad20e045ea684106f87", "63ef0e482f77540abbadc761522c8175d7e6f4b50a9932b0a98763f05916d913", "6ac332b34addca8a68fc3808e412bd094202cdae8b1f7f381931541030d1aca0", "9b8f4ffb5c45eab8a4b1d2ddf7dca2d0e3c3a11cb9ff989ad78b18891ba4267b", "b15b22c579087019a0bca33bd562bda64716b53854d1068024ecc2fd7db6a215", "b22d2e2f2850a578b83ab80b99f3c712395bd53b4d605f14396bbdb910089b3f", "b752731598528ea613850e0ad96c81ae76c9be21e6ab5b44928ce384910d0579", "c7fc0618631d7a46cd16ed17a0edf1ea25dd9d3766536ffb35aa74c0b2cae931"], "path": "%ProgramData%\\Mozilla\\logs\\maintenanceservice.log"}], "ip": [], "mutex": [{"hashes": ["14a816eca397542177be1b013a8550463aaada0e544428d833d79d247b918a04", "4d4b1301cdc29373b5fdaa0b961117b4ea230f3182ff1033a50b75cb33cb6737", "58e289ed1bec0909bd490687c84bc81a754050028894cad20e045ea684106f87", "63ef0e482f77540abbadc761522c8175d7e6f4b50a9932b0a98763f05916d913", "6ac332b34addca8a68fc3808e412bd094202cdae8b1f7f381931541030d1aca0", "9b8f4ffb5c45eab8a4b1d2ddf7dca2d0e3c3a11cb9ff989ad78b18891ba4267b", "9e32c538f726a4dd30284cbe9427fbc3bd8daef548fddd35b9a0c1947028cba1", "b15b22c579087019a0bca33bd562bda64716b53854d1068024ecc2fd7db6a215", "b22d2e2f2850a578b83ab80b99f3c712395bd53b4d605f14396bbdb910089b3f", "b752731598528ea613850e0ad96c81ae76c9be21e6ab5b44928ce384910d0579", "c7fc0618631d7a46cd16ed17a0edf1ea25dd9d3766536ffb35aa74c0b2cae931"], "name": "kkq-vx_mtx67"}, {"hashes": ["14a816eca397542177be1b013a8550463aaada0e544428d833d79d247b918a04", "4d4b1301cdc29373b5fdaa0b961117b4ea230f3182ff1033a50b75cb33cb6737", "58e289ed1bec0909bd490687c84bc81a754050028894cad20e045ea684106f87", "63ef0e482f77540abbadc761522c8175d7e6f4b50a9932b0a98763f05916d913", "6ac332b34addca8a68fc3808e412bd094202cdae8b1f7f381931541030d1aca0", "9b8f4ffb5c45eab8a4b1d2ddf7dca2d0e3c3a11cb9ff989ad78b18891ba4267b", "9e32c538f726a4dd30284cbe9427fbc3bd8daef548fddd35b9a0c1947028cba1", "b15b22c579087019a0bca33bd562bda64716b53854d1068024ecc2fd7db6a215", "b22d2e2f2850a578b83ab80b99f3c712395bd53b4d605f14396bbdb910089b3f", "b752731598528ea613850e0ad96c81ae76c9be21e6ab5b44928ce384910d0579", "c7fc0618631d7a46cd16ed17a0edf1ea25dd9d3766536ffb35aa74c0b2cae931"], "name": "kkq-vx_mtx68"}, {"hashes": ["14a816eca397542177be1b013a8550463aaada0e544428d833d79d247b918a04", "4d4b1301cdc29373b5fdaa0b961117b4ea230f3182ff1033a50b75cb33cb6737", "58e289ed1bec0909bd490687c84bc81a754050028894cad20e045ea684106f87", "63ef0e482f77540abbadc761522c8175d7e6f4b50a9932b0a98763f05916d913", "6ac332b34addca8a68fc3808e412bd094202cdae8b1f7f381931541030d1aca0", "9b8f4ffb5c45eab8a4b1d2ddf7dca2d0e3c3a11cb9ff989ad78b18891ba4267b", "9e32c538f726a4dd30284cbe9427fbc3bd8daef548fddd35b9a0c1947028cba1", "b15b22c579087019a0bca33bd562bda64716b53854d1068024ecc2fd7db6a215", "b22d2e2f2850a578b83ab80b99f3c712395bd53b4d605f14396bbdb910089b3f", "b752731598528ea613850e0ad96c81ae76c9be21e6ab5b44928ce384910d0579", "c7fc0618631d7a46cd16ed17a0edf1ea25dd9d3766536ffb35aa74c0b2cae931"], "name": "kkq-vx_mtx69"}, {"hashes": ["14a816eca397542177be1b013a8550463aaada0e544428d833d79d247b918a04", "4d4b1301cdc29373b5fdaa0b961117b4ea230f3182ff1033a50b75cb33cb6737", "58e289ed1bec0909bd490687c84bc81a754050028894cad20e045ea684106f87", "63ef0e482f77540abbadc761522c8175d7e6f4b50a9932b0a98763f05916d913", "6ac332b34addca8a68fc3808e412bd094202cdae8b1f7f381931541030d1aca0", "9b8f4ffb5c45eab8a4b1d2ddf7dca2d0e3c3a11cb9ff989ad78b18891ba4267b", "9e32c538f726a4dd30284cbe9427fbc3bd8daef548fddd35b9a0c1947028cba1", "b15b22c579087019a0bca33bd562bda64716b53854d1068024ecc2fd7db6a215", "b22d2e2f2850a578b83ab80b99f3c712395bd53b4d605f14396bbdb910089b3f", "b752731598528ea613850e0ad96c81ae76c9be21e6ab5b44928ce384910d0579", "c7fc0618631d7a46cd16ed17a0edf1ea25dd9d3766536ffb35aa74c0b2cae931"], "name": "kkq-vx_mtx70"}, {"hashes": ["14a816eca397542177be1b013a8550463aaada0e544428d833d79d247b918a04", "4d4b1301cdc29373b5fdaa0b961117b4ea230f3182ff1033a50b75cb33cb6737", "58e289ed1bec0909bd490687c84bc81a754050028894cad20e045ea684106f87", "63ef0e482f77540abbadc761522c8175d7e6f4b50a9932b0a98763f05916d913", "6ac332b34addca8a68fc3808e412bd094202cdae8b1f7f381931541030d1aca0", "9b8f4ffb5c45eab8a4b1d2ddf7dca2d0e3c3a11cb9ff989ad78b18891ba4267b", "9e32c538f726a4dd30284cbe9427fbc3bd8daef548fddd35b9a0c1947028cba1", "b15b22c579087019a0bca33bd562bda64716b53854d1068024ecc2fd7db6a215", "b22d2e2f2850a578b83ab80b99f3c712395bd53b4d605f14396bbdb910089b3f", "b752731598528ea613850e0ad96c81ae76c9be21e6ab5b44928ce384910d0579", "c7fc0618631d7a46cd16ed17a0edf1ea25dd9d3766536ffb35aa74c0b2cae931"], "name": "kkq-vx_mtx71"}, {"hashes": ["14a816eca397542177be1b013a8550463aaada0e544428d833d79d247b918a04", "4d4b1301cdc29373b5fdaa0b961117b4ea230f3182ff1033a50b75cb33cb6737", "58e289ed1bec0909bd490687c84bc81a754050028894cad20e045ea684106f87", "63ef0e482f77540abbadc761522c8175d7e6f4b50a9932b0a98763f05916d913", "6ac332b34addca8a68fc3808e412bd094202cdae8b1f7f381931541030d1aca0", "9b8f4ffb5c45eab8a4b1d2ddf7dca2d0e3c3a11cb9ff989ad78b18891ba4267b", "9e32c538f726a4dd30284cbe9427fbc3bd8daef548fddd35b9a0c1947028cba1", "b15b22c579087019a0bca33bd562bda64716b53854d1068024ecc2fd7db6a215", "b22d2e2f2850a578b83ab80b99f3c712395bd53b4d605f14396bbdb910089b3f", "b752731598528ea613850e0ad96c81ae76c9be21e6ab5b44928ce384910d0579", "c7fc0618631d7a46cd16ed17a0edf1ea25dd9d3766536ffb35aa74c0b2cae931"], "name": "kkq-vx_mtx72"}, {"hashes": ["14a816eca397542177be1b013a8550463aaada0e544428d833d79d247b918a04", "4d4b1301cdc29373b5fdaa0b961117b4ea230f3182ff1033a50b75cb33cb6737", "58e289ed1bec0909bd490687c84bc81a754050028894cad20e045ea684106f87", "63ef0e482f77540abbadc761522c8175d7e6f4b50a9932b0a98763f05916d913", "6ac332b34addca8a68fc3808e412bd094202cdae8b1f7f381931541030d1aca0", "9b8f4ffb5c45eab8a4b1d2ddf7dca2d0e3c3a11cb9ff989ad78b18891ba4267b", "9e32c538f726a4dd30284cbe9427fbc3bd8daef548fddd35b9a0c1947028cba1", "b15b22c579087019a0bca33bd562bda64716b53854d1068024ecc2fd7db6a215", "b22d2e2f2850a578b83ab80b99f3c712395bd53b4d605f14396bbdb910089b3f", "b752731598528ea613850e0ad96c81ae76c9be21e6ab5b44928ce384910d0579", "c7fc0618631d7a46cd16ed17a0edf1ea25dd9d3766536ffb35aa74c0b2cae931"], "name": "kkq-vx_mtx73"}, {"hashes": ["14a816eca397542177be1b013a8550463aaada0e544428d833d79d247b918a04", "4d4b1301cdc29373b5fdaa0b961117b4ea230f3182ff1033a50b75cb33cb6737", "58e289ed1bec0909bd490687c84bc81a754050028894cad20e045ea684106f87", "63ef0e482f77540abbadc761522c8175d7e6f4b50a9932b0a98763f05916d913", "6ac332b34addca8a68fc3808e412bd094202cdae8b1f7f381931541030d1aca0", "9b8f4ffb5c45eab8a4b1d2ddf7dca2d0e3c3a11cb9ff989ad78b18891ba4267b", "9e32c538f726a4dd30284cbe9427fbc3bd8daef548fddd35b9a0c1947028cba1", "b15b22c579087019a0bca33bd562bda64716b53854d1068024ecc2fd7db6a215", "b22d2e2f2850a578b83ab80b99f3c712395bd53b4d605f14396bbdb910089b3f", "b752731598528ea613850e0ad96c81ae76c9be21e6ab5b44928ce384910d0579", "c7fc0618631d7a46cd16ed17a0edf1ea25dd9d3766536ffb35aa74c0b2cae931"], "name": "kkq-vx_mtx74"}, {"hashes": ["14a816eca397542177be1b013a8550463aaada0e544428d833d79d247b918a04", "4d4b1301cdc29373b5fdaa0b961117b4ea230f3182ff1033a50b75cb33cb6737", "58e289ed1bec0909bd490687c84bc81a754050028894cad20e045ea684106f87", "63ef0e482f77540abbadc761522c8175d7e6f4b50a9932b0a98763f05916d913", "6ac332b34addca8a68fc3808e412bd094202cdae8b1f7f381931541030d1aca0", "9b8f4ffb5c45eab8a4b1d2ddf7dca2d0e3c3a11cb9ff989ad78b18891ba4267b", "9e32c538f726a4dd30284cbe9427fbc3bd8daef548fddd35b9a0c1947028cba1", "b15b22c579087019a0bca33bd562bda64716b53854d1068024ecc2fd7db6a215", "b22d2e2f2850a578b83ab80b99f3c712395bd53b4d605f14396bbdb910089b3f", "b752731598528ea613850e0ad96c81ae76c9be21e6ab5b44928ce384910d0579", "c7fc0618631d7a46cd16ed17a0edf1ea25dd9d3766536ffb35aa74c0b2cae931"], "name": "kkq-vx_mtx75"}, {"hashes": ["14a816eca397542177be1b013a8550463aaada0e544428d833d79d247b918a04", "4d4b1301cdc29373b5fdaa0b961117b4ea230f3182ff1033a50b75cb33cb6737", "58e289ed1bec0909bd490687c84bc81a754050028894cad20e045ea684106f87", "63ef0e482f77540abbadc761522c8175d7e6f4b50a9932b0a98763f05916d913", "6ac332b34addca8a68fc3808e412bd094202cdae8b1f7f381931541030d1aca0", "9b8f4ffb5c45eab8a4b1d2ddf7dca2d0e3c3a11cb9ff989ad78b18891ba4267b", "9e32c538f726a4dd30284cbe9427fbc3bd8daef548fddd35b9a0c1947028cba1", "b15b22c579087019a0bca33bd562bda64716b53854d1068024ecc2fd7db6a215", "b22d2e2f2850a578b83ab80b99f3c712395bd53b4d605f14396bbdb910089b3f", "b752731598528ea613850e0ad96c81ae76c9be21e6ab5b44928ce384910d0579", "c7fc0618631d7a46cd16ed17a0edf1ea25dd9d3766536ffb35aa74c0b2cae931"], "name": "kkq-vx_mtx76"}, {"hashes": ["14a816eca397542177be1b013a8550463aaada0e544428d833d79d247b918a04", "4d4b1301cdc29373b5fdaa0b961117b4ea230f3182ff1033a50b75cb33cb6737", "58e289ed1bec0909bd490687c84bc81a754050028894cad20e045ea684106f87", "63ef0e482f77540abbadc761522c8175d7e6f4b50a9932b0a98763f05916d913", "6ac332b34addca8a68fc3808e412bd094202cdae8b1f7f381931541030d1aca0", "9b8f4ffb5c45eab8a4b1d2ddf7dca2d0e3c3a11cb9ff989ad78b18891ba4267b", "9e32c538f726a4dd30284cbe9427fbc3bd8daef548fddd35b9a0c1947028cba1", "b15b22c579087019a0bca33bd562bda64716b53854d1068024ecc2fd7db6a215", "b22d2e2f2850a578b83ab80b99f3c712395bd53b4d605f14396bbdb910089b3f", "b752731598528ea613850e0ad96c81ae76c9be21e6ab5b44928ce384910d0579", "c7fc0618631d7a46cd16ed17a0edf1ea25dd9d3766536ffb35aa74c0b2cae931"], "name": "kkq-vx_mtx77"}, {"hashes": ["14a816eca397542177be1b013a8550463aaada0e544428d833d79d247b918a04", "4d4b1301cdc29373b5fdaa0b961117b4ea230f3182ff1033a50b75cb33cb6737", "58e289ed1bec0909bd490687c84bc81a754050028894cad20e045ea684106f87", "63ef0e482f77540abbadc761522c8175d7e6f4b50a9932b0a98763f05916d913", "6ac332b34addca8a68fc3808e412bd094202cdae8b1f7f381931541030d1aca0", "9b8f4ffb5c45eab8a4b1d2ddf7dca2d0e3c3a11cb9ff989ad78b18891ba4267b", "9e32c538f726a4dd30284cbe9427fbc3bd8daef548fddd35b9a0c1947028cba1", "b15b22c579087019a0bca33bd562bda64716b53854d1068024ecc2fd7db6a215", "b22d2e2f2850a578b83ab80b99f3c712395bd53b4d605f14396bbdb910089b3f", "b752731598528ea613850e0ad96c81ae76c9be21e6ab5b44928ce384910d0579", "c7fc0618631d7a46cd16ed17a0edf1ea25dd9d3766536ffb35aa74c0b2cae931"], "name": "kkq-vx_mtx78"}, {"hashes": ["14a816eca397542177be1b013a8550463aaada0e544428d833d79d247b918a04", "4d4b1301cdc29373b5fdaa0b961117b4ea230f3182ff1033a50b75cb33cb6737", "58e289ed1bec0909bd490687c84bc81a754050028894cad20e045ea684106f87", "63ef0e482f77540abbadc761522c8175d7e6f4b50a9932b0a98763f05916d913", "6ac332b34addca8a68fc3808e412bd094202cdae8b1f7f381931541030d1aca0", "9b8f4ffb5c45eab8a4b1d2ddf7dca2d0e3c3a11cb9ff989ad78b18891ba4267b", "9e32c538f726a4dd30284cbe9427fbc3bd8daef548fddd35b9a0c1947028cba1", "b15b22c579087019a0bca33bd562bda64716b53854d1068024ecc2fd7db6a215", "b22d2e2f2850a578b83ab80b99f3c712395bd53b4d605f14396bbdb910089b3f", "b752731598528ea613850e0ad96c81ae76c9be21e6ab5b44928ce384910d0579", "c7fc0618631d7a46cd16ed17a0edf1ea25dd9d3766536ffb35aa74c0b2cae931"], "name": "kkq-vx_mtx79"}, {"hashes": ["14a816eca397542177be1b013a8550463aaada0e544428d833d79d247b918a04", "4d4b1301cdc29373b5fdaa0b961117b4ea230f3182ff1033a50b75cb33cb6737", "58e289ed1bec0909bd490687c84bc81a754050028894cad20e045ea684106f87", "63ef0e482f77540abbadc761522c8175d7e6f4b50a9932b0a98763f05916d913", "6ac332b34addca8a68fc3808e412bd094202cdae8b1f7f381931541030d1aca0", "9b8f4ffb5c45eab8a4b1d2ddf7dca2d0e3c3a11cb9ff989ad78b18891ba4267b", "9e32c538f726a4dd30284cbe9427fbc3bd8daef548fddd35b9a0c1947028cba1", "b15b22c579087019a0bca33bd562bda64716b53854d1068024ecc2fd7db6a215", "b22d2e2f2850a578b83ab80b99f3c712395bd53b4d605f14396bbdb910089b3f", "b752731598528ea613850e0ad96c81ae76c9be21e6ab5b44928ce384910d0579", "c7fc0618631d7a46cd16ed17a0edf1ea25dd9d3766536ffb35aa74c0b2cae931"], "name": "kkq-vx_mtx80"}, {"hashes": ["14a816eca397542177be1b013a8550463aaada0e544428d833d79d247b918a04", "4d4b1301cdc29373b5fdaa0b961117b4ea230f3182ff1033a50b75cb33cb6737", "58e289ed1bec0909bd490687c84bc81a754050028894cad20e045ea684106f87", "63ef0e482f77540abbadc761522c8175d7e6f4b50a9932b0a98763f05916d913", "6ac332b34addca8a68fc3808e412bd094202cdae8b1f7f381931541030d1aca0", "9b8f4ffb5c45eab8a4b1d2ddf7dca2d0e3c3a11cb9ff989ad78b18891ba4267b", "9e32c538f726a4dd30284cbe9427fbc3bd8daef548fddd35b9a0c1947028cba1", "b15b22c579087019a0bca33bd562bda64716b53854d1068024ecc2fd7db6a215", "b22d2e2f2850a578b83ab80b99f3c712395bd53b4d605f14396bbdb910089b3f", "b752731598528ea613850e0ad96c81ae76c9be21e6ab5b44928ce384910d0579", "c7fc0618631d7a46cd16ed17a0edf1ea25dd9d3766536ffb35aa74c0b2cae931"], "name": "kkq-vx_mtx81"}, {"hashes": ["14a816eca397542177be1b013a8550463aaada0e544428d833d79d247b918a04", "4d4b1301cdc29373b5fdaa0b961117b4ea230f3182ff1033a50b75cb33cb6737", "58e289ed1bec0909bd490687c84bc81a754050028894cad20e045ea684106f87", "63ef0e482f77540abbadc761522c8175d7e6f4b50a9932b0a98763f05916d913", "6ac332b34addca8a68fc3808e412bd094202cdae8b1f7f381931541030d1aca0", "9b8f4ffb5c45eab8a4b1d2ddf7dca2d0e3c3a11cb9ff989ad78b18891ba4267b", "9e32c538f726a4dd30284cbe9427fbc3bd8daef548fddd35b9a0c1947028cba1", "b15b22c579087019a0bca33bd562bda64716b53854d1068024ecc2fd7db6a215", "b22d2e2f2850a578b83ab80b99f3c712395bd53b4d605f14396bbdb910089b3f", "b752731598528ea613850e0ad96c81ae76c9be21e6ab5b44928ce384910d0579", "c7fc0618631d7a46cd16ed17a0edf1ea25dd9d3766536ffb35aa74c0b2cae931"], "name": "kkq-vx_mtx82"}, {"hashes": ["14a816eca397542177be1b013a8550463aaada0e544428d833d79d247b918a04", "4d4b1301cdc29373b5fdaa0b961117b4ea230f3182ff1033a50b75cb33cb6737", "58e289ed1bec0909bd490687c84bc81a754050028894cad20e045ea684106f87", "63ef0e482f77540abbadc761522c8175d7e6f4b50a9932b0a98763f05916d913", "6ac332b34addca8a68fc3808e412bd094202cdae8b1f7f381931541030d1aca0", "9b8f4ffb5c45eab8a4b1d2ddf7dca2d0e3c3a11cb9ff989ad78b18891ba4267b", "9e32c538f726a4dd30284cbe9427fbc3bd8daef548fddd35b9a0c1947028cba1", "b15b22c579087019a0bca33bd562bda64716b53854d1068024ecc2fd7db6a215", "b22d2e2f2850a578b83ab80b99f3c712395bd53b4d605f14396bbdb910089b3f", "b752731598528ea613850e0ad96c81ae76c9be21e6ab5b44928ce384910d0579", "c7fc0618631d7a46cd16ed17a0edf1ea25dd9d3766536ffb35aa74c0b2cae931"], "name": "kkq-vx_mtx83"}, {"hashes": ["14a816eca397542177be1b013a8550463aaada0e544428d833d79d247b918a04", "4d4b1301cdc29373b5fdaa0b961117b4ea230f3182ff1033a50b75cb33cb6737", "58e289ed1bec0909bd490687c84bc81a754050028894cad20e045ea684106f87", "63ef0e482f77540abbadc761522c8175d7e6f4b50a9932b0a98763f05916d913", "6ac332b34addca8a68fc3808e412bd094202cdae8b1f7f381931541030d1aca0", "9b8f4ffb5c45eab8a4b1d2ddf7dca2d0e3c3a11cb9ff989ad78b18891ba4267b", "9e32c538f726a4dd30284cbe9427fbc3bd8daef548fddd35b9a0c1947028cba1", "b15b22c579087019a0bca33bd562bda64716b53854d1068024ecc2fd7db6a215", "b22d2e2f2850a578b83ab80b99f3c712395bd53b4d605f14396bbdb910089b3f", "b752731598528ea613850e0ad96c81ae76c9be21e6ab5b44928ce384910d0579", "c7fc0618631d7a46cd16ed17a0edf1ea25dd9d3766536ffb35aa74c0b2cae931"], "name": "kkq-vx_mtx84"}, {"hashes": ["14a816eca397542177be1b013a8550463aaada0e544428d833d79d247b918a04", "4d4b1301cdc29373b5fdaa0b961117b4ea230f3182ff1033a50b75cb33cb6737", "58e289ed1bec0909bd490687c84bc81a754050028894cad20e045ea684106f87", "63ef0e482f77540abbadc761522c8175d7e6f4b50a9932b0a98763f05916d913", "6ac332b34addca8a68fc3808e412bd094202cdae8b1f7f381931541030d1aca0", "9b8f4ffb5c45eab8a4b1d2ddf7dca2d0e3c3a11cb9ff989ad78b18891ba4267b", "9e32c538f726a4dd30284cbe9427fbc3bd8daef548fddd35b9a0c1947028cba1", "b15b22c579087019a0bca33bd562bda64716b53854d1068024ecc2fd7db6a215", "b22d2e2f2850a578b83ab80b99f3c712395bd53b4d605f14396bbdb910089b3f", "b752731598528ea613850e0ad96c81ae76c9be21e6ab5b44928ce384910d0579", "c7fc0618631d7a46cd16ed17a0edf1ea25dd9d3766536ffb35aa74c0b2cae931"], "name": "kkq-vx_mtx85"}, {"hashes": ["14a816eca397542177be1b013a8550463aaada0e544428d833d79d247b918a04", "4d4b1301cdc29373b5fdaa0b961117b4ea230f3182ff1033a50b75cb33cb6737", "58e289ed1bec0909bd490687c84bc81a754050028894cad20e045ea684106f87", "63ef0e482f77540abbadc761522c8175d7e6f4b50a9932b0a98763f05916d913", "6ac332b34addca8a68fc3808e412bd094202cdae8b1f7f381931541030d1aca0", "9b8f4ffb5c45eab8a4b1d2ddf7dca2d0e3c3a11cb9ff989ad78b18891ba4267b", "9e32c538f726a4dd30284cbe9427fbc3bd8daef548fddd35b9a0c1947028cba1", "b15b22c579087019a0bca33bd562bda64716b53854d1068024ecc2fd7db6a215", "b22d2e2f2850a578b83ab80b99f3c712395bd53b4d605f14396bbdb910089b3f", "b752731598528ea613850e0ad96c81ae76c9be21e6ab5b44928ce384910d0579", "c7fc0618631d7a46cd16ed17a0edf1ea25dd9d3766536ffb35aa74c0b2cae931"], "name": "kkq-vx_mtx86"}, {"hashes": ["14a816eca397542177be1b013a8550463aaada0e544428d833d79d247b918a04", "4d4b1301cdc29373b5fdaa0b961117b4ea230f3182ff1033a50b75cb33cb6737", "58e289ed1bec0909bd490687c84bc81a754050028894cad20e045ea684106f87", "63ef0e482f77540abbadc761522c8175d7e6f4b50a9932b0a98763f05916d913", "6ac332b34addca8a68fc3808e412bd094202cdae8b1f7f381931541030d1aca0", "9b8f4ffb5c45eab8a4b1d2ddf7dca2d0e3c3a11cb9ff989ad78b18891ba4267b", "9e32c538f726a4dd30284cbe9427fbc3bd8daef548fddd35b9a0c1947028cba1", "b15b22c579087019a0bca33bd562bda64716b53854d1068024ecc2fd7db6a215", "b22d2e2f2850a578b83ab80b99f3c712395bd53b4d605f14396bbdb910089b3f", "b752731598528ea613850e0ad96c81ae76c9be21e6ab5b44928ce384910d0579", "c7fc0618631d7a46cd16ed17a0edf1ea25dd9d3766536ffb35aa74c0b2cae931"], "name": "kkq-vx_mtx87"}, {"hashes": ["14a816eca397542177be1b013a8550463aaada0e544428d833d79d247b918a04", "4d4b1301cdc29373b5fdaa0b961117b4ea230f3182ff1033a50b75cb33cb6737", "58e289ed1bec0909bd490687c84bc81a754050028894cad20e045ea684106f87", "63ef0e482f77540abbadc761522c8175d7e6f4b50a9932b0a98763f05916d913", "6ac332b34addca8a68fc3808e412bd094202cdae8b1f7f381931541030d1aca0", "9b8f4ffb5c45eab8a4b1d2ddf7dca2d0e3c3a11cb9ff989ad78b18891ba4267b", "9e32c538f726a4dd30284cbe9427fbc3bd8daef548fddd35b9a0c1947028cba1", "b15b22c579087019a0bca33bd562bda64716b53854d1068024ecc2fd7db6a215", "b22d2e2f2850a578b83ab80b99f3c712395bd53b4d605f14396bbdb910089b3f", "b752731598528ea613850e0ad96c81ae76c9be21e6ab5b44928ce384910d0579", "c7fc0618631d7a46cd16ed17a0edf1ea25dd9d3766536ffb35aa74c0b2cae931"], "name": "kkq-vx_mtx88"}, {"hashes": ["14a816eca397542177be1b013a8550463aaada0e544428d833d79d247b918a04", "4d4b1301cdc29373b5fdaa0b961117b4ea230f3182ff1033a50b75cb33cb6737", "58e289ed1bec0909bd490687c84bc81a754050028894cad20e045ea684106f87", "63ef0e482f77540abbadc761522c8175d7e6f4b50a9932b0a98763f05916d913", "6ac332b34addca8a68fc3808e412bd094202cdae8b1f7f381931541030d1aca0", "9b8f4ffb5c45eab8a4b1d2ddf7dca2d0e3c3a11cb9ff989ad78b18891ba4267b", "9e32c538f726a4dd30284cbe9427fbc3bd8daef548fddd35b9a0c1947028cba1", "b15b22c579087019a0bca33bd562bda64716b53854d1068024ecc2fd7db6a215", "b22d2e2f2850a578b83ab80b99f3c712395bd53b4d605f14396bbdb910089b3f", "b752731598528ea613850e0ad96c81ae76c9be21e6ab5b44928ce384910d0579", "c7fc0618631d7a46cd16ed17a0edf1ea25dd9d3766536ffb35aa74c0b2cae931"], "name": "kkq-vx_mtx89"}, {"hashes": ["14a816eca397542177be1b013a8550463aaada0e544428d833d79d247b918a04", "4d4b1301cdc29373b5fdaa0b961117b4ea230f3182ff1033a50b75cb33cb6737", "58e289ed1bec0909bd490687c84bc81a754050028894cad20e045ea684106f87", "63ef0e482f77540abbadc761522c8175d7e6f4b50a9932b0a98763f05916d913", "6ac332b34addca8a68fc3808e412bd094202cdae8b1f7f381931541030d1aca0", "9b8f4ffb5c45eab8a4b1d2ddf7dca2d0e3c3a11cb9ff989ad78b18891ba4267b", "9e32c538f726a4dd30284cbe9427fbc3bd8daef548fddd35b9a0c1947028cba1", "b15b22c579087019a0bca33bd562bda64716b53854d1068024ecc2fd7db6a215", "b22d2e2f2850a578b83ab80b99f3c712395bd53b4d605f14396bbdb910089b3f", "b752731598528ea613850e0ad96c81ae76c9be21e6ab5b44928ce384910d0579", "c7fc0618631d7a46cd16ed17a0edf1ea25dd9d3766536ffb35aa74c0b2cae931"], "name": "kkq-vx_mtx90"}, {"hashes": ["14a816eca397542177be1b013a8550463aaada0e544428d833d79d247b918a04", "4d4b1301cdc29373b5fdaa0b961117b4ea230f3182ff1033a50b75cb33cb6737", "58e289ed1bec0909bd490687c84bc81a754050028894cad20e045ea684106f87", "63ef0e482f77540abbadc761522c8175d7e6f4b50a9932b0a98763f05916d913", "6ac332b34addca8a68fc3808e412bd094202cdae8b1f7f381931541030d1aca0", "9b8f4ffb5c45eab8a4b1d2ddf7dca2d0e3c3a11cb9ff989ad78b18891ba4267b", "9e32c538f726a4dd30284cbe9427fbc3bd8daef548fddd35b9a0c1947028cba1", "b15b22c579087019a0bca33bd562bda64716b53854d1068024ecc2fd7db6a215", "b22d2e2f2850a578b83ab80b99f3c712395bd53b4d605f14396bbdb910089b3f", "b752731598528ea613850e0ad96c81ae76c9be21e6ab5b44928ce384910d0579", "c7fc0618631d7a46cd16ed17a0edf1ea25dd9d3766536ffb35aa74c0b2cae931"], "name": "kkq-vx_mtx91"}, {"hashes": ["14a816eca397542177be1b013a8550463aaada0e544428d833d79d247b918a04", "4d4b1301cdc29373b5fdaa0b961117b4ea230f3182ff1033a50b75cb33cb6737", "58e289ed1bec0909bd490687c84bc81a754050028894cad20e045ea684106f87", "63ef0e482f77540abbadc761522c8175d7e6f4b50a9932b0a98763f05916d913", "6ac332b34addca8a68fc3808e412bd094202cdae8b1f7f381931541030d1aca0", "9b8f4ffb5c45eab8a4b1d2ddf7dca2d0e3c3a11cb9ff989ad78b18891ba4267b", "9e32c538f726a4dd30284cbe9427fbc3bd8daef548fddd35b9a0c1947028cba1", "b15b22c579087019a0bca33bd562bda64716b53854d1068024ecc2fd7db6a215", "b22d2e2f2850a578b83ab80b99f3c712395bd53b4d605f14396bbdb910089b3f", "b752731598528ea613850e0ad96c81ae76c9be21e6ab5b44928ce384910d0579", "c7fc0618631d7a46cd16ed17a0edf1ea25dd9d3766536ffb35aa74c0b2cae931"], "name": "kkq-vx_mtx92"}, {"hashes": ["14a816eca397542177be1b013a8550463aaada0e544428d833d79d247b918a04", "4d4b1301cdc29373b5fdaa0b961117b4ea230f3182ff1033a50b75cb33cb6737", "58e289ed1bec0909bd490687c84bc81a754050028894cad20e045ea684106f87", "63ef0e482f77540abbadc761522c8175d7e6f4b50a9932b0a98763f05916d913", "6ac332b34addca8a68fc3808e412bd094202cdae8b1f7f381931541030d1aca0", "9b8f4ffb5c45eab8a4b1d2ddf7dca2d0e3c3a11cb9ff989ad78b18891ba4267b", "9e32c538f726a4dd30284cbe9427fbc3bd8daef548fddd35b9a0c1947028cba1", "b15b22c579087019a0bca33bd562bda64716b53854d1068024ecc2fd7db6a215", "b22d2e2f2850a578b83ab80b99f3c712395bd53b4d605f14396bbdb910089b3f", "b752731598528ea613850e0ad96c81ae76c9be21e6ab5b44928ce384910d0579", "c7fc0618631d7a46cd16ed17a0edf1ea25dd9d3766536ffb35aa74c0b2cae931"], "name": "kkq-vx_mtx93"}, {"hashes": ["14a816eca397542177be1b013a8550463aaada0e544428d833d79d247b918a04", "4d4b1301cdc29373b5fdaa0b961117b4ea230f3182ff1033a50b75cb33cb6737", "58e289ed1bec0909bd490687c84bc81a754050028894cad20e045ea684106f87", "63ef0e482f77540abbadc761522c8175d7e6f4b50a9932b0a98763f05916d913", "6ac332b34addca8a68fc3808e412bd094202cdae8b1f7f381931541030d1aca0", "9b8f4ffb5c45eab8a4b1d2ddf7dca2d0e3c3a11cb9ff989ad78b18891ba4267b", "9e32c538f726a4dd30284cbe9427fbc3bd8daef548fddd35b9a0c1947028cba1", "b15b22c579087019a0bca33bd562bda64716b53854d1068024ecc2fd7db6a215", "b22d2e2f2850a578b83ab80b99f3c712395bd53b4d605f14396bbdb910089b3f", "b752731598528ea613850e0ad96c81ae76c9be21e6ab5b44928ce384910d0579", "c7fc0618631d7a46cd16ed17a0edf1ea25dd9d3766536ffb35aa74c0b2cae931"], "name": "kkq-vx_mtx94"}, {"hashes": ["14a816eca397542177be1b013a8550463aaada0e544428d833d79d247b918a04", "4d4b1301cdc29373b5fdaa0b961117b4ea230f3182ff1033a50b75cb33cb6737", "58e289ed1bec0909bd490687c84bc81a754050028894cad20e045ea684106f87", "63ef0e482f77540abbadc761522c8175d7e6f4b50a9932b0a98763f05916d913", "6ac332b34addca8a68fc3808e412bd094202cdae8b1f7f381931541030d1aca0", "9b8f4ffb5c45eab8a4b1d2ddf7dca2d0e3c3a11cb9ff989ad78b18891ba4267b", "9e32c538f726a4dd30284cbe9427fbc3bd8daef548fddd35b9a0c1947028cba1", "b15b22c579087019a0bca33bd562bda64716b53854d1068024ecc2fd7db6a215", "b22d2e2f2850a578b83ab80b99f3c712395bd53b4d605f14396bbdb910089b3f", "b752731598528ea613850e0ad96c81ae76c9be21e6ab5b44928ce384910d0579", "c7fc0618631d7a46cd16ed17a0edf1ea25dd9d3766536ffb35aa74c0b2cae931"], "name": "kkq-vx_mtx95"}, {"hashes": ["14a816eca397542177be1b013a8550463aaada0e544428d833d79d247b918a04", "4d4b1301cdc29373b5fdaa0b961117b4ea230f3182ff1033a50b75cb33cb6737", "58e289ed1bec0909bd490687c84bc81a754050028894cad20e045ea684106f87", "63ef0e482f77540abbadc761522c8175d7e6f4b50a9932b0a98763f05916d913", "6ac332b34addca8a68fc3808e412bd094202cdae8b1f7f381931541030d1aca0", "9b8f4ffb5c45eab8a4b1d2ddf7dca2d0e3c3a11cb9ff989ad78b18891ba4267b", "9e32c538f726a4dd30284cbe9427fbc3bd8daef548fddd35b9a0c1947028cba1", "b15b22c579087019a0bca33bd562bda64716b53854d1068024ecc2fd7db6a215", "b22d2e2f2850a578b83ab80b99f3c712395bd53b4d605f14396bbdb910089b3f", "b752731598528ea613850e0ad96c81ae76c9be21e6ab5b44928ce384910d0579", "c7fc0618631d7a46cd16ed17a0edf1ea25dd9d3766536ffb35aa74c0b2cae931"], "name": "kkq-vx_mtx96"}, {"hashes": ["14a816eca397542177be1b013a8550463aaada0e544428d833d79d247b918a04", "4d4b1301cdc29373b5fdaa0b961117b4ea230f3182ff1033a50b75cb33cb6737", "58e289ed1bec0909bd490687c84bc81a754050028894cad20e045ea684106f87", "63ef0e482f77540abbadc761522c8175d7e6f4b50a9932b0a98763f05916d913", "6ac332b34addca8a68fc3808e412bd094202cdae8b1f7f381931541030d1aca0", "9b8f4ffb5c45eab8a4b1d2ddf7dca2d0e3c3a11cb9ff989ad78b18891ba4267b", "9e32c538f726a4dd30284cbe9427fbc3bd8daef548fddd35b9a0c1947028cba1", "b15b22c579087019a0bca33bd562bda64716b53854d1068024ecc2fd7db6a215", "b22d2e2f2850a578b83ab80b99f3c712395bd53b4d605f14396bbdb910089b3f", "b752731598528ea613850e0ad96c81ae76c9be21e6ab5b44928ce384910d0579", "c7fc0618631d7a46cd16ed17a0edf1ea25dd9d3766536ffb35aa74c0b2cae931"], "name": "kkq-vx_mtx97"}, {"hashes": ["14a816eca397542177be1b013a8550463aaada0e544428d833d79d247b918a04", "4d4b1301cdc29373b5fdaa0b961117b4ea230f3182ff1033a50b75cb33cb6737", "58e289ed1bec0909bd490687c84bc81a754050028894cad20e045ea684106f87", "63ef0e482f77540abbadc761522c8175d7e6f4b50a9932b0a98763f05916d913", "6ac332b34addca8a68fc3808e412bd094202cdae8b1f7f381931541030d1aca0", "9b8f4ffb5c45eab8a4b1d2ddf7dca2d0e3c3a11cb9ff989ad78b18891ba4267b", "9e32c538f726a4dd30284cbe9427fbc3bd8daef548fddd35b9a0c1947028cba1", "b15b22c579087019a0bca33bd562bda64716b53854d1068024ecc2fd7db6a215", "b22d2e2f2850a578b83ab80b99f3c712395bd53b4d605f14396bbdb910089b3f", "b752731598528ea613850e0ad96c81ae76c9be21e6ab5b44928ce384910d0579", "c7fc0618631d7a46cd16ed17a0edf1ea25dd9d3766536ffb35aa74c0b2cae931"], "name": "kkq-vx_mtx98"}, {"hashes": ["14a816eca397542177be1b013a8550463aaada0e544428d833d79d247b918a04", "4d4b1301cdc29373b5fdaa0b961117b4ea230f3182ff1033a50b75cb33cb6737", "58e289ed1bec0909bd490687c84bc81a754050028894cad20e045ea684106f87", "63ef0e482f77540abbadc761522c8175d7e6f4b50a9932b0a98763f05916d913", "6ac332b34addca8a68fc3808e412bd094202cdae8b1f7f381931541030d1aca0", "9b8f4ffb5c45eab8a4b1d2ddf7dca2d0e3c3a11cb9ff989ad78b18891ba4267b", "9e32c538f726a4dd30284cbe9427fbc3bd8daef548fddd35b9a0c1947028cba1", "b15b22c579087019a0bca33bd562bda64716b53854d1068024ecc2fd7db6a215", "b22d2e2f2850a578b83ab80b99f3c712395bd53b4d605f14396bbdb910089b3f", "b752731598528ea613850e0ad96c81ae76c9be21e6ab5b44928ce384910d0579", "c7fc0618631d7a46cd16ed17a0edf1ea25dd9d3766536ffb35aa74c0b2cae931"], "name": "kkq-vx_mtx99"}, {"hashes": ["14a816eca397542177be1b013a8550463aaada0e544428d833d79d247b918a04", "4d4b1301cdc29373b5fdaa0b961117b4ea230f3182ff1033a50b75cb33cb6737", "58e289ed1bec0909bd490687c84bc81a754050028894cad20e045ea684106f87", "63ef0e482f77540abbadc761522c8175d7e6f4b50a9932b0a98763f05916d913", "6ac332b34addca8a68fc3808e412bd094202cdae8b1f7f381931541030d1aca0", "9b8f4ffb5c45eab8a4b1d2ddf7dca2d0e3c3a11cb9ff989ad78b18891ba4267b", "9e32c538f726a4dd30284cbe9427fbc3bd8daef548fddd35b9a0c1947028cba1", "b15b22c579087019a0bca33bd562bda64716b53854d1068024ecc2fd7db6a215", "b22d2e2f2850a578b83ab80b99f3c712395bd53b4d605f14396bbdb910089b3f", "b752731598528ea613850e0ad96c81ae76c9be21e6ab5b44928ce384910d0579", "c7fc0618631d7a46cd16ed17a0edf1ea25dd9d3766536ffb35aa74c0b2cae931"], "name": "gazavat-svc"}, {"hashes": ["14a816eca397542177be1b013a8550463aaada0e544428d833d79d247b918a04", "4d4b1301cdc29373b5fdaa0b961117b4ea230f3182ff1033a50b75cb33cb6737", "58e289ed1bec0909bd490687c84bc81a754050028894cad20e045ea684106f87", "63ef0e482f77540abbadc761522c8175d7e6f4b50a9932b0a98763f05916d913", "6ac332b34addca8a68fc3808e412bd094202cdae8b1f7f381931541030d1aca0", "9b8f4ffb5c45eab8a4b1d2ddf7dca2d0e3c3a11cb9ff989ad78b18891ba4267b", "9e32c538f726a4dd30284cbe9427fbc3bd8daef548fddd35b9a0c1947028cba1", "b15b22c579087019a0bca33bd562bda64716b53854d1068024ecc2fd7db6a215", "b22d2e2f2850a578b83ab80b99f3c712395bd53b4d605f14396bbdb910089b3f", "b752731598528ea613850e0ad96c81ae76c9be21e6ab5b44928ce384910d0579", "c7fc0618631d7a46cd16ed17a0edf1ea25dd9d3766536ffb35aa74c0b2cae931"], "name": "kkq-vx_mtx31"}, {"hashes": ["14a816eca397542177be1b013a8550463aaada0e544428d833d79d247b918a04", "4d4b1301cdc29373b5fdaa0b961117b4ea230f3182ff1033a50b75cb33cb6737", "58e289ed1bec0909bd490687c84bc81a754050028894cad20e045ea684106f87", "63ef0e482f77540abbadc761522c8175d7e6f4b50a9932b0a98763f05916d913", "6ac332b34addca8a68fc3808e412bd094202cdae8b1f7f381931541030d1aca0", "9b8f4ffb5c45eab8a4b1d2ddf7dca2d0e3c3a11cb9ff989ad78b18891ba4267b", "9e32c538f726a4dd30284cbe9427fbc3bd8daef548fddd35b9a0c1947028cba1", "b15b22c579087019a0bca33bd562bda64716b53854d1068024ecc2fd7db6a215", "b22d2e2f2850a578b83ab80b99f3c712395bd53b4d605f14396bbdb910089b3f", "b752731598528ea613850e0ad96c81ae76c9be21e6ab5b44928ce384910d0579", "c7fc0618631d7a46cd16ed17a0edf1ea25dd9d3766536ffb35aa74c0b2cae931"], "name": "kkq-vx_mtx32"}, {"hashes": ["14a816eca397542177be1b013a8550463aaada0e544428d833d79d247b918a04", "4d4b1301cdc29373b5fdaa0b961117b4ea230f3182ff1033a50b75cb33cb6737", "58e289ed1bec0909bd490687c84bc81a754050028894cad20e045ea684106f87", "63ef0e482f77540abbadc761522c8175d7e6f4b50a9932b0a98763f05916d913", "6ac332b34addca8a68fc3808e412bd094202cdae8b1f7f381931541030d1aca0", "9b8f4ffb5c45eab8a4b1d2ddf7dca2d0e3c3a11cb9ff989ad78b18891ba4267b", "9e32c538f726a4dd30284cbe9427fbc3bd8daef548fddd35b9a0c1947028cba1", "b15b22c579087019a0bca33bd562bda64716b53854d1068024ecc2fd7db6a215", "b22d2e2f2850a578b83ab80b99f3c712395bd53b4d605f14396bbdb910089b3f", "b752731598528ea613850e0ad96c81ae76c9be21e6ab5b44928ce384910d0579", "c7fc0618631d7a46cd16ed17a0edf1ea25dd9d3766536ffb35aa74c0b2cae931"], "name": "kkq-vx_mtx33"}, {"hashes": ["14a816eca397542177be1b013a8550463aaada0e544428d833d79d247b918a04", "4d4b1301cdc29373b5fdaa0b961117b4ea230f3182ff1033a50b75cb33cb6737", "58e289ed1bec0909bd490687c84bc81a754050028894cad20e045ea684106f87", "63ef0e482f77540abbadc761522c8175d7e6f4b50a9932b0a98763f05916d913", "6ac332b34addca8a68fc3808e412bd094202cdae8b1f7f381931541030d1aca0", "9b8f4ffb5c45eab8a4b1d2ddf7dca2d0e3c3a11cb9ff989ad78b18891ba4267b", "9e32c538f726a4dd30284cbe9427fbc3bd8daef548fddd35b9a0c1947028cba1", "b15b22c579087019a0bca33bd562bda64716b53854d1068024ecc2fd7db6a215", "b22d2e2f2850a578b83ab80b99f3c712395bd53b4d605f14396bbdb910089b3f", "b752731598528ea613850e0ad96c81ae76c9be21e6ab5b44928ce384910d0579", "c7fc0618631d7a46cd16ed17a0edf1ea25dd9d3766536ffb35aa74c0b2cae931"], "name": "kkq-vx_mtx34"}, {"hashes": ["14a816eca397542177be1b013a8550463aaada0e544428d833d79d247b918a04", "4d4b1301cdc29373b5fdaa0b961117b4ea230f3182ff1033a50b75cb33cb6737", "58e289ed1bec0909bd490687c84bc81a754050028894cad20e045ea684106f87", "63ef0e482f77540abbadc761522c8175d7e6f4b50a9932b0a98763f05916d913", "6ac332b34addca8a68fc3808e412bd094202cdae8b1f7f381931541030d1aca0", "9b8f4ffb5c45eab8a4b1d2ddf7dca2d0e3c3a11cb9ff989ad78b18891ba4267b", "9e32c538f726a4dd30284cbe9427fbc3bd8daef548fddd35b9a0c1947028cba1", "b15b22c579087019a0bca33bd562bda64716b53854d1068024ecc2fd7db6a215", "b22d2e2f2850a578b83ab80b99f3c712395bd53b4d605f14396bbdb910089b3f", "b752731598528ea613850e0ad96c81ae76c9be21e6ab5b44928ce384910d0579", "c7fc0618631d7a46cd16ed17a0edf1ea25dd9d3766536ffb35aa74c0b2cae931"], "name": "kkq-vx_mtx35"}, {"hashes": ["14a816eca397542177be1b013a8550463aaada0e544428d833d79d247b918a04", "4d4b1301cdc29373b5fdaa0b961117b4ea230f3182ff1033a50b75cb33cb6737", "58e289ed1bec0909bd490687c84bc81a754050028894cad20e045ea684106f87", "63ef0e482f77540abbadc761522c8175d7e6f4b50a9932b0a98763f05916d913", "6ac332b34addca8a68fc3808e412bd094202cdae8b1f7f381931541030d1aca0", "9b8f4ffb5c45eab8a4b1d2ddf7dca2d0e3c3a11cb9ff989ad78b18891ba4267b", "9e32c538f726a4dd30284cbe9427fbc3bd8daef548fddd35b9a0c1947028cba1", "b15b22c579087019a0bca33bd562bda64716b53854d1068024ecc2fd7db6a215", "b22d2e2f2850a578b83ab80b99f3c712395bd53b4d605f14396bbdb910089b3f", "b752731598528ea613850e0ad96c81ae76c9be21e6ab5b44928ce384910d0579", "c7fc0618631d7a46cd16ed17a0edf1ea25dd9d3766536ffb35aa74c0b2cae931"], "name": "kkq-vx_mtx36"}, {"hashes": ["14a816eca397542177be1b013a8550463aaada0e544428d833d79d247b918a04", "4d4b1301cdc29373b5fdaa0b961117b4ea230f3182ff1033a50b75cb33cb6737", "58e289ed1bec0909bd490687c84bc81a754050028894cad20e045ea684106f87", "63ef0e482f77540abbadc761522c8175d7e6f4b50a9932b0a98763f05916d913", "6ac332b34addca8a68fc3808e412bd094202cdae8b1f7f381931541030d1aca0", "9b8f4ffb5c45eab8a4b1d2ddf7dca2d0e3c3a11cb9ff989ad78b18891ba4267b", "9e32c538f726a4dd30284cbe9427fbc3bd8daef548fddd35b9a0c1947028cba1", "b15b22c579087019a0bca33bd562bda64716b53854d1068024ecc2fd7db6a215", "b22d2e2f2850a578b83ab80b99f3c712395bd53b4d605f14396bbdb910089b3f", "b752731598528ea613850e0ad96c81ae76c9be21e6ab5b44928ce384910d0579", "c7fc0618631d7a46cd16ed17a0edf1ea25dd9d3766536ffb35aa74c0b2cae931"], "name": "kkq-vx_mtx37"}, {"hashes": ["14a816eca397542177be1b013a8550463aaada0e544428d833d79d247b918a04", "4d4b1301cdc29373b5fdaa0b961117b4ea230f3182ff1033a50b75cb33cb6737", "58e289ed1bec0909bd490687c84bc81a754050028894cad20e045ea684106f87", "63ef0e482f77540abbadc761522c8175d7e6f4b50a9932b0a98763f05916d913", "6ac332b34addca8a68fc3808e412bd094202cdae8b1f7f381931541030d1aca0", "9b8f4ffb5c45eab8a4b1d2ddf7dca2d0e3c3a11cb9ff989ad78b18891ba4267b", "9e32c538f726a4dd30284cbe9427fbc3bd8daef548fddd35b9a0c1947028cba1", "b15b22c579087019a0bca33bd562bda64716b53854d1068024ecc2fd7db6a215", "b22d2e2f2850a578b83ab80b99f3c712395bd53b4d605f14396bbdb910089b3f", "b752731598528ea613850e0ad96c81ae76c9be21e6ab5b44928ce384910d0579", "c7fc0618631d7a46cd16ed17a0edf1ea25dd9d3766536ffb35aa74c0b2cae931"], "name": "kkq-vx_mtx38"}, {"hashes": ["14a816eca397542177be1b013a8550463aaada0e544428d833d79d247b918a04", "4d4b1301cdc29373b5fdaa0b961117b4ea230f3182ff1033a50b75cb33cb6737", "58e289ed1bec0909bd490687c84bc81a754050028894cad20e045ea684106f87", "63ef0e482f77540abbadc761522c8175d7e6f4b50a9932b0a98763f05916d913", "6ac332b34addca8a68fc3808e412bd094202cdae8b1f7f381931541030d1aca0", "9b8f4ffb5c45eab8a4b1d2ddf7dca2d0e3c3a11cb9ff989ad78b18891ba4267b", "9e32c538f726a4dd30284cbe9427fbc3bd8daef548fddd35b9a0c1947028cba1", "b15b22c579087019a0bca33bd562bda64716b53854d1068024ecc2fd7db6a215", "b22d2e2f2850a578b83ab80b99f3c712395bd53b4d605f14396bbdb910089b3f", "b752731598528ea613850e0ad96c81ae76c9be21e6ab5b44928ce384910d0579", "c7fc0618631d7a46cd16ed17a0edf1ea25dd9d3766536ffb35aa74c0b2cae931"], "name": "kkq-vx_mtx39"}, {"hashes": ["14a816eca397542177be1b013a8550463aaada0e544428d833d79d247b918a04", "4d4b1301cdc29373b5fdaa0b961117b4ea230f3182ff1033a50b75cb33cb6737", "58e289ed1bec0909bd490687c84bc81a754050028894cad20e045ea684106f87", "63ef0e482f77540abbadc761522c8175d7e6f4b50a9932b0a98763f05916d913", "6ac332b34addca8a68fc3808e412bd094202cdae8b1f7f381931541030d1aca0", "9b8f4ffb5c45eab8a4b1d2ddf7dca2d0e3c3a11cb9ff989ad78b18891ba4267b", "9e32c538f726a4dd30284cbe9427fbc3bd8daef548fddd35b9a0c1947028cba1", "b15b22c579087019a0bca33bd562bda64716b53854d1068024ecc2fd7db6a215", "b22d2e2f2850a578b83ab80b99f3c712395bd53b4d605f14396bbdb910089b3f", "b752731598528ea613850e0ad96c81ae76c9be21e6ab5b44928ce384910d0579", "c7fc0618631d7a46cd16ed17a0edf1ea25dd9d3766536ffb35aa74c0b2cae931"], "name": "kkq-vx_mtx30"}, {"hashes": ["14a816eca397542177be1b013a8550463aaada0e544428d833d79d247b918a04", "4d4b1301cdc29373b5fdaa0b961117b4ea230f3182ff1033a50b75cb33cb6737", "58e289ed1bec0909bd490687c84bc81a754050028894cad20e045ea684106f87", "63ef0e482f77540abbadc761522c8175d7e6f4b50a9932b0a98763f05916d913", "6ac332b34addca8a68fc3808e412bd094202cdae8b1f7f381931541030d1aca0", "9b8f4ffb5c45eab8a4b1d2ddf7dca2d0e3c3a11cb9ff989ad78b18891ba4267b", "9e32c538f726a4dd30284cbe9427fbc3bd8daef548fddd35b9a0c1947028cba1", "b15b22c579087019a0bca33bd562bda64716b53854d1068024ecc2fd7db6a215", "b22d2e2f2850a578b83ab80b99f3c712395bd53b4d605f14396bbdb910089b3f", "b752731598528ea613850e0ad96c81ae76c9be21e6ab5b44928ce384910d0579", "c7fc0618631d7a46cd16ed17a0edf1ea25dd9d3766536ffb35aa74c0b2cae931"], "name": "kkq-vx_mtx28"}, {"hashes": ["14a816eca397542177be1b013a8550463aaada0e544428d833d79d247b918a04", "4d4b1301cdc29373b5fdaa0b961117b4ea230f3182ff1033a50b75cb33cb6737", "58e289ed1bec0909bd490687c84bc81a754050028894cad20e045ea684106f87", "63ef0e482f77540abbadc761522c8175d7e6f4b50a9932b0a98763f05916d913", "6ac332b34addca8a68fc3808e412bd094202cdae8b1f7f381931541030d1aca0", "9b8f4ffb5c45eab8a4b1d2ddf7dca2d0e3c3a11cb9ff989ad78b18891ba4267b", "9e32c538f726a4dd30284cbe9427fbc3bd8daef548fddd35b9a0c1947028cba1", "b15b22c579087019a0bca33bd562bda64716b53854d1068024ecc2fd7db6a215", "b22d2e2f2850a578b83ab80b99f3c712395bd53b4d605f14396bbdb910089b3f", "b752731598528ea613850e0ad96c81ae76c9be21e6ab5b44928ce384910d0579", "c7fc0618631d7a46cd16ed17a0edf1ea25dd9d3766536ffb35aa74c0b2cae931"], "name": "kkq-vx_mtx29"}, {"hashes": ["14a816eca397542177be1b013a8550463aaada0e544428d833d79d247b918a04", "4d4b1301cdc29373b5fdaa0b961117b4ea230f3182ff1033a50b75cb33cb6737", "58e289ed1bec0909bd490687c84bc81a754050028894cad20e045ea684106f87", "63ef0e482f77540abbadc761522c8175d7e6f4b50a9932b0a98763f05916d913", "6ac332b34addca8a68fc3808e412bd094202cdae8b1f7f381931541030d1aca0", "9b8f4ffb5c45eab8a4b1d2ddf7dca2d0e3c3a11cb9ff989ad78b18891ba4267b", "9e32c538f726a4dd30284cbe9427fbc3bd8daef548fddd35b9a0c1947028cba1", "b15b22c579087019a0bca33bd562bda64716b53854d1068024ecc2fd7db6a215", "b22d2e2f2850a578b83ab80b99f3c712395bd53b4d605f14396bbdb910089b3f", "b752731598528ea613850e0ad96c81ae76c9be21e6ab5b44928ce384910d0579", "c7fc0618631d7a46cd16ed17a0edf1ea25dd9d3766536ffb35aa74c0b2cae931"], "name": "kkq-vx_mtx26"}, {"hashes": ["14a816eca397542177be1b013a8550463aaada0e544428d833d79d247b918a04", "4d4b1301cdc29373b5fdaa0b961117b4ea230f3182ff1033a50b75cb33cb6737", "58e289ed1bec0909bd490687c84bc81a754050028894cad20e045ea684106f87", "63ef0e482f77540abbadc761522c8175d7e6f4b50a9932b0a98763f05916d913", "6ac332b34addca8a68fc3808e412bd094202cdae8b1f7f381931541030d1aca0", "9b8f4ffb5c45eab8a4b1d2ddf7dca2d0e3c3a11cb9ff989ad78b18891ba4267b", "9e32c538f726a4dd30284cbe9427fbc3bd8daef548fddd35b9a0c1947028cba1", "b15b22c579087019a0bca33bd562bda64716b53854d1068024ecc2fd7db6a215", "b22d2e2f2850a578b83ab80b99f3c712395bd53b4d605f14396bbdb910089b3f", "b752731598528ea613850e0ad96c81ae76c9be21e6ab5b44928ce384910d0579", "c7fc0618631d7a46cd16ed17a0edf1ea25dd9d3766536ffb35aa74c0b2cae931"], "name": "kkq-vx_mtx27"}, {"hashes": ["14a816eca397542177be1b013a8550463aaada0e544428d833d79d247b918a04", "4d4b1301cdc29373b5fdaa0b961117b4ea230f3182ff1033a50b75cb33cb6737", "58e289ed1bec0909bd490687c84bc81a754050028894cad20e045ea684106f87", "63ef0e482f77540abbadc761522c8175d7e6f4b50a9932b0a98763f05916d913", "6ac332b34addca8a68fc3808e412bd094202cdae8b1f7f381931541030d1aca0", "9b8f4ffb5c45eab8a4b1d2ddf7dca2d0e3c3a11cb9ff989ad78b18891ba4267b", "9e32c538f726a4dd30284cbe9427fbc3bd8daef548fddd35b9a0c1947028cba1", "b15b22c579087019a0bca33bd562bda64716b53854d1068024ecc2fd7db6a215", "b22d2e2f2850a578b83ab80b99f3c712395bd53b4d605f14396bbdb910089b3f", "b752731598528ea613850e0ad96c81ae76c9be21e6ab5b44928ce384910d0579", "c7fc0618631d7a46cd16ed17a0edf1ea25dd9d3766536ffb35aa74c0b2cae931"], "name": "kkq-vx_mtx25"}, {"hashes": ["14a816eca397542177be1b013a8550463aaada0e544428d833d79d247b918a04", "4d4b1301cdc29373b5fdaa0b961117b4ea230f3182ff1033a50b75cb33cb6737", "58e289ed1bec0909bd490687c84bc81a754050028894cad20e045ea684106f87", "63ef0e482f77540abbadc761522c8175d7e6f4b50a9932b0a98763f05916d913", "6ac332b34addca8a68fc3808e412bd094202cdae8b1f7f381931541030d1aca0", "9b8f4ffb5c45eab8a4b1d2ddf7dca2d0e3c3a11cb9ff989ad78b18891ba4267b", "9e32c538f726a4dd30284cbe9427fbc3bd8daef548fddd35b9a0c1947028cba1", "b15b22c579087019a0bca33bd562bda64716b53854d1068024ecc2fd7db6a215", "b22d2e2f2850a578b83ab80b99f3c712395bd53b4d605f14396bbdb910089b3f", "b752731598528ea613850e0ad96c81ae76c9be21e6ab5b44928ce384910d0579", "c7fc0618631d7a46cd16ed17a0edf1ea25dd9d3766536ffb35aa74c0b2cae931"], "name": "gazavat-svc_25"}], "registry": [{"hashes": ["14a816eca397542177be1b013a8550463aaada0e544428d833d79d247b918a04", "4d4b1301cdc29373b5fdaa0b961117b4ea230f3182ff1033a50b75cb33cb6737", "58e289ed1bec0909bd490687c84bc81a754050028894cad20e045ea684106f87", "63ef0e482f77540abbadc761522c8175d7e6f4b50a9932b0a98763f05916d913", "6ac332b34addca8a68fc3808e412bd094202cdae8b1f7f381931541030d1aca0", "9b8f4ffb5c45eab8a4b1d2ddf7dca2d0e3c3a11cb9ff989ad78b18891ba4267b", "9e32c538f726a4dd30284cbe9427fbc3bd8daef548fddd35b9a0c1947028cba1", "b15b22c579087019a0bca33bd562bda64716b53854d1068024ecc2fd7db6a215", "b22d2e2f2850a578b83ab80b99f3c712395bd53b4d605f14396bbdb910089b3f", "b752731598528ea613850e0ad96c81ae76c9be21e6ab5b44928ce384910d0579", "c7fc0618631d7a46cd16ed17a0edf1ea25dd9d3766536ffb35aa74c0b2cae931"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WSCSVC", "value_name": "Start"}, {"hashes": ["14a816eca397542177be1b013a8550463aaada0e544428d833d79d247b918a04", "4d4b1301cdc29373b5fdaa0b961117b4ea230f3182ff1033a50b75cb33cb6737", "58e289ed1bec0909bd490687c84bc81a754050028894cad20e045ea684106f87", "63ef0e482f77540abbadc761522c8175d7e6f4b50a9932b0a98763f05916d913", "6ac332b34addca8a68fc3808e412bd094202cdae8b1f7f381931541030d1aca0", "9b8f4ffb5c45eab8a4b1d2ddf7dca2d0e3c3a11cb9ff989ad78b18891ba4267b", "9e32c538f726a4dd30284cbe9427fbc3bd8daef548fddd35b9a0c1947028cba1", "b15b22c579087019a0bca33bd562bda64716b53854d1068024ecc2fd7db6a215", "b22d2e2f2850a578b83ab80b99f3c712395bd53b4d605f14396bbdb910089b3f", "b752731598528ea613850e0ad96c81ae76c9be21e6ab5b44928ce384910d0579", "c7fc0618631d7a46cd16ed17a0edf1ea25dd9d3766536ffb35aa74c0b2cae931"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WINDEFEND", "value_name": "Start"}, {"hashes": ["14a816eca397542177be1b013a8550463aaada0e544428d833d79d247b918a04", "4d4b1301cdc29373b5fdaa0b961117b4ea230f3182ff1033a50b75cb33cb6737", "58e289ed1bec0909bd490687c84bc81a754050028894cad20e045ea684106f87", "63ef0e482f77540abbadc761522c8175d7e6f4b50a9932b0a98763f05916d913", "6ac332b34addca8a68fc3808e412bd094202cdae8b1f7f381931541030d1aca0", "9b8f4ffb5c45eab8a4b1d2ddf7dca2d0e3c3a11cb9ff989ad78b18891ba4267b", "9e32c538f726a4dd30284cbe9427fbc3bd8daef548fddd35b9a0c1947028cba1", "b15b22c579087019a0bca33bd562bda64716b53854d1068024ecc2fd7db6a215", "b22d2e2f2850a578b83ab80b99f3c712395bd53b4d605f14396bbdb910089b3f", "b752731598528ea613850e0ad96c81ae76c9be21e6ab5b44928ce384910d0579", "c7fc0618631d7a46cd16ed17a0edf1ea25dd9d3766536ffb35aa74c0b2cae931"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\CLR_OPTIMIZATION_V2.0.50727_32", "value_name": "Type"}, {"hashes": ["14a816eca397542177be1b013a8550463aaada0e544428d833d79d247b918a04", "4d4b1301cdc29373b5fdaa0b961117b4ea230f3182ff1033a50b75cb33cb6737", "58e289ed1bec0909bd490687c84bc81a754050028894cad20e045ea684106f87", "63ef0e482f77540abbadc761522c8175d7e6f4b50a9932b0a98763f05916d913", "6ac332b34addca8a68fc3808e412bd094202cdae8b1f7f381931541030d1aca0", "9b8f4ffb5c45eab8a4b1d2ddf7dca2d0e3c3a11cb9ff989ad78b18891ba4267b", "9e32c538f726a4dd30284cbe9427fbc3bd8daef548fddd35b9a0c1947028cba1", "b15b22c579087019a0bca33bd562bda64716b53854d1068024ecc2fd7db6a215", "b22d2e2f2850a578b83ab80b99f3c712395bd53b4d605f14396bbdb910089b3f", "b752731598528ea613850e0ad96c81ae76c9be21e6ab5b44928ce384910d0579", "c7fc0618631d7a46cd16ed17a0edf1ea25dd9d3766536ffb35aa74c0b2cae931"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\CLR_OPTIMIZATION_V4.0.30319_32", "value_name": "Type"}, {"hashes": ["14a816eca397542177be1b013a8550463aaada0e544428d833d79d247b918a04", "4d4b1301cdc29373b5fdaa0b961117b4ea230f3182ff1033a50b75cb33cb6737", "58e289ed1bec0909bd490687c84bc81a754050028894cad20e045ea684106f87", "63ef0e482f77540abbadc761522c8175d7e6f4b50a9932b0a98763f05916d913", "6ac332b34addca8a68fc3808e412bd094202cdae8b1f7f381931541030d1aca0", "9b8f4ffb5c45eab8a4b1d2ddf7dca2d0e3c3a11cb9ff989ad78b18891ba4267b", "9e32c538f726a4dd30284cbe9427fbc3bd8daef548fddd35b9a0c1947028cba1", "b15b22c579087019a0bca33bd562bda64716b53854d1068024ecc2fd7db6a215", "b22d2e2f2850a578b83ab80b99f3c712395bd53b4d605f14396bbdb910089b3f", "b752731598528ea613850e0ad96c81ae76c9be21e6ab5b44928ce384910d0579", "c7fc0618631d7a46cd16ed17a0edf1ea25dd9d3766536ffb35aa74c0b2cae931"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\CLR_OPTIMIZATION_V4.0.30319_32", "value_name": "Start"}, {"hashes": ["14a816eca397542177be1b013a8550463aaada0e544428d833d79d247b918a04", "4d4b1301cdc29373b5fdaa0b961117b4ea230f3182ff1033a50b75cb33cb6737", "58e289ed1bec0909bd490687c84bc81a754050028894cad20e045ea684106f87", "63ef0e482f77540abbadc761522c8175d7e6f4b50a9932b0a98763f05916d913", "6ac332b34addca8a68fc3808e412bd094202cdae8b1f7f381931541030d1aca0", "9b8f4ffb5c45eab8a4b1d2ddf7dca2d0e3c3a11cb9ff989ad78b18891ba4267b", "9e32c538f726a4dd30284cbe9427fbc3bd8daef548fddd35b9a0c1947028cba1", "b15b22c579087019a0bca33bd562bda64716b53854d1068024ecc2fd7db6a215", "b22d2e2f2850a578b83ab80b99f3c712395bd53b4d605f14396bbdb910089b3f", "b752731598528ea613850e0ad96c81ae76c9be21e6ab5b44928ce384910d0579", "c7fc0618631d7a46cd16ed17a0edf1ea25dd9d3766536ffb35aa74c0b2cae931"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\COMSYSAPP", "value_name": "Type"}, {"hashes": ["14a816eca397542177be1b013a8550463aaada0e544428d833d79d247b918a04", "4d4b1301cdc29373b5fdaa0b961117b4ea230f3182ff1033a50b75cb33cb6737", "58e289ed1bec0909bd490687c84bc81a754050028894cad20e045ea684106f87", "63ef0e482f77540abbadc761522c8175d7e6f4b50a9932b0a98763f05916d913", "6ac332b34addca8a68fc3808e412bd094202cdae8b1f7f381931541030d1aca0", "9b8f4ffb5c45eab8a4b1d2ddf7dca2d0e3c3a11cb9ff989ad78b18891ba4267b", "9e32c538f726a4dd30284cbe9427fbc3bd8daef548fddd35b9a0c1947028cba1", "b15b22c579087019a0bca33bd562bda64716b53854d1068024ecc2fd7db6a215", "b22d2e2f2850a578b83ab80b99f3c712395bd53b4d605f14396bbdb910089b3f", "b752731598528ea613850e0ad96c81ae76c9be21e6ab5b44928ce384910d0579", "c7fc0618631d7a46cd16ed17a0edf1ea25dd9d3766536ffb35aa74c0b2cae931"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\COMSYSAPP", "value_name": "Start"}, {"hashes": ["14a816eca397542177be1b013a8550463aaada0e544428d833d79d247b918a04", "4d4b1301cdc29373b5fdaa0b961117b4ea230f3182ff1033a50b75cb33cb6737", "58e289ed1bec0909bd490687c84bc81a754050028894cad20e045ea684106f87", "63ef0e482f77540abbadc761522c8175d7e6f4b50a9932b0a98763f05916d913", "6ac332b34addca8a68fc3808e412bd094202cdae8b1f7f381931541030d1aca0", "9b8f4ffb5c45eab8a4b1d2ddf7dca2d0e3c3a11cb9ff989ad78b18891ba4267b", "9e32c538f726a4dd30284cbe9427fbc3bd8daef548fddd35b9a0c1947028cba1", "b15b22c579087019a0bca33bd562bda64716b53854d1068024ecc2fd7db6a215", "b22d2e2f2850a578b83ab80b99f3c712395bd53b4d605f14396bbdb910089b3f", "b752731598528ea613850e0ad96c81ae76c9be21e6ab5b44928ce384910d0579", "c7fc0618631d7a46cd16ed17a0edf1ea25dd9d3766536ffb35aa74c0b2cae931"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\MOZILLAMAINTENANCE", "value_name": "Type"}, {"hashes": ["14a816eca397542177be1b013a8550463aaada0e544428d833d79d247b918a04", "4d4b1301cdc29373b5fdaa0b961117b4ea230f3182ff1033a50b75cb33cb6737", "58e289ed1bec0909bd490687c84bc81a754050028894cad20e045ea684106f87", "63ef0e482f77540abbadc761522c8175d7e6f4b50a9932b0a98763f05916d913", "6ac332b34addca8a68fc3808e412bd094202cdae8b1f7f381931541030d1aca0", "9b8f4ffb5c45eab8a4b1d2ddf7dca2d0e3c3a11cb9ff989ad78b18891ba4267b", "9e32c538f726a4dd30284cbe9427fbc3bd8daef548fddd35b9a0c1947028cba1", "b15b22c579087019a0bca33bd562bda64716b53854d1068024ecc2fd7db6a215", "b22d2e2f2850a578b83ab80b99f3c712395bd53b4d605f14396bbdb910089b3f", "b752731598528ea613850e0ad96c81ae76c9be21e6ab5b44928ce384910d0579", "c7fc0618631d7a46cd16ed17a0edf1ea25dd9d3766536ffb35aa74c0b2cae931"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\MOZILLAMAINTENANCE", "value_name": "Start"}, {"hashes": ["14a816eca397542177be1b013a8550463aaada0e544428d833d79d247b918a04", "4d4b1301cdc29373b5fdaa0b961117b4ea230f3182ff1033a50b75cb33cb6737", "58e289ed1bec0909bd490687c84bc81a754050028894cad20e045ea684106f87", "63ef0e482f77540abbadc761522c8175d7e6f4b50a9932b0a98763f05916d913", "6ac332b34addca8a68fc3808e412bd094202cdae8b1f7f381931541030d1aca0", "9b8f4ffb5c45eab8a4b1d2ddf7dca2d0e3c3a11cb9ff989ad78b18891ba4267b", "9e32c538f726a4dd30284cbe9427fbc3bd8daef548fddd35b9a0c1947028cba1", "b15b22c579087019a0bca33bd562bda64716b53854d1068024ecc2fd7db6a215", "b22d2e2f2850a578b83ab80b99f3c712395bd53b4d605f14396bbdb910089b3f", "b752731598528ea613850e0ad96c81ae76c9be21e6ab5b44928ce384910d0579", "c7fc0618631d7a46cd16ed17a0edf1ea25dd9d3766536ffb35aa74c0b2cae931"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\MSISERVER", "value_name": "Type"}, {"hashes": ["14a816eca397542177be1b013a8550463aaada0e544428d833d79d247b918a04", "4d4b1301cdc29373b5fdaa0b961117b4ea230f3182ff1033a50b75cb33cb6737", "58e289ed1bec0909bd490687c84bc81a754050028894cad20e045ea684106f87", "63ef0e482f77540abbadc761522c8175d7e6f4b50a9932b0a98763f05916d913", "6ac332b34addca8a68fc3808e412bd094202cdae8b1f7f381931541030d1aca0", "9b8f4ffb5c45eab8a4b1d2ddf7dca2d0e3c3a11cb9ff989ad78b18891ba4267b", "9e32c538f726a4dd30284cbe9427fbc3bd8daef548fddd35b9a0c1947028cba1", "b15b22c579087019a0bca33bd562bda64716b53854d1068024ecc2fd7db6a215", "b22d2e2f2850a578b83ab80b99f3c712395bd53b4d605f14396bbdb910089b3f", "b752731598528ea613850e0ad96c81ae76c9be21e6ab5b44928ce384910d0579", "c7fc0618631d7a46cd16ed17a0edf1ea25dd9d3766536ffb35aa74c0b2cae931"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\MSISERVER", "value_name": "Start"}, {"hashes": ["14a816eca397542177be1b013a8550463aaada0e544428d833d79d247b918a04", "4d4b1301cdc29373b5fdaa0b961117b4ea230f3182ff1033a50b75cb33cb6737", "58e289ed1bec0909bd490687c84bc81a754050028894cad20e045ea684106f87", "63ef0e482f77540abbadc761522c8175d7e6f4b50a9932b0a98763f05916d913", "6ac332b34addca8a68fc3808e412bd094202cdae8b1f7f381931541030d1aca0", "9b8f4ffb5c45eab8a4b1d2ddf7dca2d0e3c3a11cb9ff989ad78b18891ba4267b", "9e32c538f726a4dd30284cbe9427fbc3bd8daef548fddd35b9a0c1947028cba1", "b15b22c579087019a0bca33bd562bda64716b53854d1068024ecc2fd7db6a215", "b22d2e2f2850a578b83ab80b99f3c712395bd53b4d605f14396bbdb910089b3f", "b752731598528ea613850e0ad96c81ae76c9be21e6ab5b44928ce384910d0579", "c7fc0618631d7a46cd16ed17a0edf1ea25dd9d3766536ffb35aa74c0b2cae931"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\OSE", "value_name": "Type"}, {"hashes": ["14a816eca397542177be1b013a8550463aaada0e544428d833d79d247b918a04", "4d4b1301cdc29373b5fdaa0b961117b4ea230f3182ff1033a50b75cb33cb6737", "58e289ed1bec0909bd490687c84bc81a754050028894cad20e045ea684106f87", "63ef0e482f77540abbadc761522c8175d7e6f4b50a9932b0a98763f05916d913", "6ac332b34addca8a68fc3808e412bd094202cdae8b1f7f381931541030d1aca0", "9b8f4ffb5c45eab8a4b1d2ddf7dca2d0e3c3a11cb9ff989ad78b18891ba4267b", "9e32c538f726a4dd30284cbe9427fbc3bd8daef548fddd35b9a0c1947028cba1", "b15b22c579087019a0bca33bd562bda64716b53854d1068024ecc2fd7db6a215", "b22d2e2f2850a578b83ab80b99f3c712395bd53b4d605f14396bbdb910089b3f", "b752731598528ea613850e0ad96c81ae76c9be21e6ab5b44928ce384910d0579", "c7fc0618631d7a46cd16ed17a0edf1ea25dd9d3766536ffb35aa74c0b2cae931"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\OSE", "value_name": "Start"}, {"hashes": ["14a816eca397542177be1b013a8550463aaada0e544428d833d79d247b918a04", "4d4b1301cdc29373b5fdaa0b961117b4ea230f3182ff1033a50b75cb33cb6737", "58e289ed1bec0909bd490687c84bc81a754050028894cad20e045ea684106f87", "63ef0e482f77540abbadc761522c8175d7e6f4b50a9932b0a98763f05916d913", "6ac332b34addca8a68fc3808e412bd094202cdae8b1f7f381931541030d1aca0", "9b8f4ffb5c45eab8a4b1d2ddf7dca2d0e3c3a11cb9ff989ad78b18891ba4267b", "9e32c538f726a4dd30284cbe9427fbc3bd8daef548fddd35b9a0c1947028cba1", "b15b22c579087019a0bca33bd562bda64716b53854d1068024ecc2fd7db6a215", "b22d2e2f2850a578b83ab80b99f3c712395bd53b4d605f14396bbdb910089b3f", "b752731598528ea613850e0ad96c81ae76c9be21e6ab5b44928ce384910d0579", "c7fc0618631d7a46cd16ed17a0edf1ea25dd9d3766536ffb35aa74c0b2cae931"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\SECURITY CENTER\\SVC\\S-1-5-21-2580483871-590521980-3826313501-500", "value_name": null}, {"hashes": ["14a816eca397542177be1b013a8550463aaada0e544428d833d79d247b918a04", "4d4b1301cdc29373b5fdaa0b961117b4ea230f3182ff1033a50b75cb33cb6737", "58e289ed1bec0909bd490687c84bc81a754050028894cad20e045ea684106f87", "63ef0e482f77540abbadc761522c8175d7e6f4b50a9932b0a98763f05916d913", "6ac332b34addca8a68fc3808e412bd094202cdae8b1f7f381931541030d1aca0", "9b8f4ffb5c45eab8a4b1d2ddf7dca2d0e3c3a11cb9ff989ad78b18891ba4267b", "9e32c538f726a4dd30284cbe9427fbc3bd8daef548fddd35b9a0c1947028cba1", "b15b22c579087019a0bca33bd562bda64716b53854d1068024ecc2fd7db6a215", "b22d2e2f2850a578b83ab80b99f3c712395bd53b4d605f14396bbdb910089b3f", "b752731598528ea613850e0ad96c81ae76c9be21e6ab5b44928ce384910d0579", "c7fc0618631d7a46cd16ed17a0edf1ea25dd9d3766536ffb35aa74c0b2cae931"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\SECURITY CENTER\\SVC\\S-1-5-21-2580483871-590521980-3826313501-500", "value_name": "EnableNotifications"}, {"hashes": ["14a816eca397542177be1b013a8550463aaada0e544428d833d79d247b918a04", "4d4b1301cdc29373b5fdaa0b961117b4ea230f3182ff1033a50b75cb33cb6737", "58e289ed1bec0909bd490687c84bc81a754050028894cad20e045ea684106f87", "63ef0e482f77540abbadc761522c8175d7e6f4b50a9932b0a98763f05916d913", "6ac332b34addca8a68fc3808e412bd094202cdae8b1f7f381931541030d1aca0", "9b8f4ffb5c45eab8a4b1d2ddf7dca2d0e3c3a11cb9ff989ad78b18891ba4267b", "9e32c538f726a4dd30284cbe9427fbc3bd8daef548fddd35b9a0c1947028cba1", "b15b22c579087019a0bca33bd562bda64716b53854d1068024ecc2fd7db6a215", "b22d2e2f2850a578b83ab80b99f3c712395bd53b4d605f14396bbdb910089b3f", "b752731598528ea613850e0ad96c81ae76c9be21e6ab5b44928ce384910d0579", "c7fc0618631d7a46cd16ed17a0edf1ea25dd9d3766536ffb35aa74c0b2cae931"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\CLR_OPTIMIZATION_V2.0.50727_32", "value_name": "Start"}, {"hashes": ["14a816eca397542177be1b013a8550463aaada0e544428d833d79d247b918a04", "4d4b1301cdc29373b5fdaa0b961117b4ea230f3182ff1033a50b75cb33cb6737", "58e289ed1bec0909bd490687c84bc81a754050028894cad20e045ea684106f87", "63ef0e482f77540abbadc761522c8175d7e6f4b50a9932b0a98763f05916d913", "6ac332b34addca8a68fc3808e412bd094202cdae8b1f7f381931541030d1aca0", "9b8f4ffb5c45eab8a4b1d2ddf7dca2d0e3c3a11cb9ff989ad78b18891ba4267b", "9e32c538f726a4dd30284cbe9427fbc3bd8daef548fddd35b9a0c1947028cba1", "b15b22c579087019a0bca33bd562bda64716b53854d1068024ecc2fd7db6a215", "b22d2e2f2850a578b83ab80b99f3c712395bd53b4d605f14396bbdb910089b3f", "b752731598528ea613850e0ad96c81ae76c9be21e6ab5b44928ce384910d0579", "c7fc0618631d7a46cd16ed17a0edf1ea25dd9d3766536ffb35aa74c0b2cae931"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\AELOOKUPSVC", "value_name": "Type"}, {"hashes": ["14a816eca397542177be1b013a8550463aaada0e544428d833d79d247b918a04", "4d4b1301cdc29373b5fdaa0b961117b4ea230f3182ff1033a50b75cb33cb6737", "58e289ed1bec0909bd490687c84bc81a754050028894cad20e045ea684106f87", "63ef0e482f77540abbadc761522c8175d7e6f4b50a9932b0a98763f05916d913", "6ac332b34addca8a68fc3808e412bd094202cdae8b1f7f381931541030d1aca0", "9b8f4ffb5c45eab8a4b1d2ddf7dca2d0e3c3a11cb9ff989ad78b18891ba4267b", "9e32c538f726a4dd30284cbe9427fbc3bd8daef548fddd35b9a0c1947028cba1", "b15b22c579087019a0bca33bd562bda64716b53854d1068024ecc2fd7db6a215", "b22d2e2f2850a578b83ab80b99f3c712395bd53b4d605f14396bbdb910089b3f", "b752731598528ea613850e0ad96c81ae76c9be21e6ab5b44928ce384910d0579", "c7fc0618631d7a46cd16ed17a0edf1ea25dd9d3766536ffb35aa74c0b2cae931"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\AELOOKUPSVC", "value_name": "Start"}, {"hashes": ["14a816eca397542177be1b013a8550463aaada0e544428d833d79d247b918a04", "4d4b1301cdc29373b5fdaa0b961117b4ea230f3182ff1033a50b75cb33cb6737", "58e289ed1bec0909bd490687c84bc81a754050028894cad20e045ea684106f87", "63ef0e482f77540abbadc761522c8175d7e6f4b50a9932b0a98763f05916d913", "6ac332b34addca8a68fc3808e412bd094202cdae8b1f7f381931541030d1aca0", "9b8f4ffb5c45eab8a4b1d2ddf7dca2d0e3c3a11cb9ff989ad78b18891ba4267b", "9e32c538f726a4dd30284cbe9427fbc3bd8daef548fddd35b9a0c1947028cba1", "b15b22c579087019a0bca33bd562bda64716b53854d1068024ecc2fd7db6a215", "b22d2e2f2850a578b83ab80b99f3c712395bd53b4d605f14396bbdb910089b3f", "b752731598528ea613850e0ad96c81ae76c9be21e6ab5b44928ce384910d0579", "c7fc0618631d7a46cd16ed17a0edf1ea25dd9d3766536ffb35aa74c0b2cae931"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\.NETFRAMEWORK\\V2.0.50727\\NGENSERVICE\\STATE", "value_name": "AccumulatedWaitIdleTime"}, {"hashes": ["14a816eca397542177be1b013a8550463aaada0e544428d833d79d247b918a04", "4d4b1301cdc29373b5fdaa0b961117b4ea230f3182ff1033a50b75cb33cb6737", "58e289ed1bec0909bd490687c84bc81a754050028894cad20e045ea684106f87", "63ef0e482f77540abbadc761522c8175d7e6f4b50a9932b0a98763f05916d913", "6ac332b34addca8a68fc3808e412bd094202cdae8b1f7f381931541030d1aca0", "9b8f4ffb5c45eab8a4b1d2ddf7dca2d0e3c3a11cb9ff989ad78b18891ba4267b", "9e32c538f726a4dd30284cbe9427fbc3bd8daef548fddd35b9a0c1947028cba1", "b15b22c579087019a0bca33bd562bda64716b53854d1068024ecc2fd7db6a215", "b22d2e2f2850a578b83ab80b99f3c712395bd53b4d605f14396bbdb910089b3f", "b752731598528ea613850e0ad96c81ae76c9be21e6ab5b44928ce384910d0579", "c7fc0618631d7a46cd16ed17a0edf1ea25dd9d3766536ffb35aa74c0b2cae931"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\.NETFRAMEWORK\\V2.0.50727\\NGENSERVICE\\LISTENEDSTATE", "value_name": "RootstoreDirty"}, {"hashes": ["14a816eca397542177be1b013a8550463aaada0e544428d833d79d247b918a04", "4d4b1301cdc29373b5fdaa0b961117b4ea230f3182ff1033a50b75cb33cb6737", "58e289ed1bec0909bd490687c84bc81a754050028894cad20e045ea684106f87", "63ef0e482f77540abbadc761522c8175d7e6f4b50a9932b0a98763f05916d913", "6ac332b34addca8a68fc3808e412bd094202cdae8b1f7f381931541030d1aca0", "9b8f4ffb5c45eab8a4b1d2ddf7dca2d0e3c3a11cb9ff989ad78b18891ba4267b", "9e32c538f726a4dd30284cbe9427fbc3bd8daef548fddd35b9a0c1947028cba1", "b15b22c579087019a0bca33bd562bda64716b53854d1068024ecc2fd7db6a215", "b22d2e2f2850a578b83ab80b99f3c712395bd53b4d605f14396bbdb910089b3f", "b752731598528ea613850e0ad96c81ae76c9be21e6ab5b44928ce384910d0579", "c7fc0618631d7a46cd16ed17a0edf1ea25dd9d3766536ffb35aa74c0b2cae931"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\ACTION CENTER\\CHECKS\\{E8433B72-5842-4D43-8645-BC2C35960837}.CHECK.101", "value_name": "CheckSetting"}, {"hashes": ["14a816eca397542177be1b013a8550463aaada0e544428d833d79d247b918a04", "4d4b1301cdc29373b5fdaa0b961117b4ea230f3182ff1033a50b75cb33cb6737", "58e289ed1bec0909bd490687c84bc81a754050028894cad20e045ea684106f87", "63ef0e482f77540abbadc761522c8175d7e6f4b50a9932b0a98763f05916d913", "6ac332b34addca8a68fc3808e412bd094202cdae8b1f7f381931541030d1aca0", "9b8f4ffb5c45eab8a4b1d2ddf7dca2d0e3c3a11cb9ff989ad78b18891ba4267b", "9e32c538f726a4dd30284cbe9427fbc3bd8daef548fddd35b9a0c1947028cba1", "b15b22c579087019a0bca33bd562bda64716b53854d1068024ecc2fd7db6a215", "b22d2e2f2850a578b83ab80b99f3c712395bd53b4d605f14396bbdb910089b3f", "b752731598528ea613850e0ad96c81ae76c9be21e6ab5b44928ce384910d0579", "c7fc0618631d7a46cd16ed17a0edf1ea25dd9d3766536ffb35aa74c0b2cae931"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\ACTION CENTER\\CHECKS\\{E8433B72-5842-4D43-8645-BC2C35960837}.CHECK.103", "value_name": "CheckSetting"}, {"hashes": ["14a816eca397542177be1b013a8550463aaada0e544428d833d79d247b918a04", "4d4b1301cdc29373b5fdaa0b961117b4ea230f3182ff1033a50b75cb33cb6737", "58e289ed1bec0909bd490687c84bc81a754050028894cad20e045ea684106f87", "63ef0e482f77540abbadc761522c8175d7e6f4b50a9932b0a98763f05916d913", "6ac332b34addca8a68fc3808e412bd094202cdae8b1f7f381931541030d1aca0", "9b8f4ffb5c45eab8a4b1d2ddf7dca2d0e3c3a11cb9ff989ad78b18891ba4267b", "9e32c538f726a4dd30284cbe9427fbc3bd8daef548fddd35b9a0c1947028cba1", "b15b22c579087019a0bca33bd562bda64716b53854d1068024ecc2fd7db6a215", "b22d2e2f2850a578b83ab80b99f3c712395bd53b4d605f14396bbdb910089b3f", "b752731598528ea613850e0ad96c81ae76c9be21e6ab5b44928ce384910d0579", "c7fc0618631d7a46cd16ed17a0edf1ea25dd9d3766536ffb35aa74c0b2cae931"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\ACTION CENTER\\CHECKS\\{E8433B72-5842-4D43-8645-BC2C35960837}.CHECK.100", "value_name": "CheckSetting"}, {"hashes": ["14a816eca397542177be1b013a8550463aaada0e544428d833d79d247b918a04", "4d4b1301cdc29373b5fdaa0b961117b4ea230f3182ff1033a50b75cb33cb6737", "58e289ed1bec0909bd490687c84bc81a754050028894cad20e045ea684106f87", "63ef0e482f77540abbadc761522c8175d7e6f4b50a9932b0a98763f05916d913", "6ac332b34addca8a68fc3808e412bd094202cdae8b1f7f381931541030d1aca0", "9b8f4ffb5c45eab8a4b1d2ddf7dca2d0e3c3a11cb9ff989ad78b18891ba4267b", "9e32c538f726a4dd30284cbe9427fbc3bd8daef548fddd35b9a0c1947028cba1", "b15b22c579087019a0bca33bd562bda64716b53854d1068024ecc2fd7db6a215", "b22d2e2f2850a578b83ab80b99f3c712395bd53b4d605f14396bbdb910089b3f", "b752731598528ea613850e0ad96c81ae76c9be21e6ab5b44928ce384910d0579", "c7fc0618631d7a46cd16ed17a0edf1ea25dd9d3766536ffb35aa74c0b2cae931"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\ACTION CENTER\\CHECKS\\{E8433B72-5842-4D43-8645-BC2C35960837}.CHECK.102", "value_name": "CheckSetting"}, {"hashes": ["14a816eca397542177be1b013a8550463aaada0e544428d833d79d247b918a04", "4d4b1301cdc29373b5fdaa0b961117b4ea230f3182ff1033a50b75cb33cb6737", "58e289ed1bec0909bd490687c84bc81a754050028894cad20e045ea684106f87", "63ef0e482f77540abbadc761522c8175d7e6f4b50a9932b0a98763f05916d913", "6ac332b34addca8a68fc3808e412bd094202cdae8b1f7f381931541030d1aca0", "9b8f4ffb5c45eab8a4b1d2ddf7dca2d0e3c3a11cb9ff989ad78b18891ba4267b", "9e32c538f726a4dd30284cbe9427fbc3bd8daef548fddd35b9a0c1947028cba1", "b15b22c579087019a0bca33bd562bda64716b53854d1068024ecc2fd7db6a215", "b22d2e2f2850a578b83ab80b99f3c712395bd53b4d605f14396bbdb910089b3f", "b752731598528ea613850e0ad96c81ae76c9be21e6ab5b44928ce384910d0579", "c7fc0618631d7a46cd16ed17a0edf1ea25dd9d3766536ffb35aa74c0b2cae931"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\ACTION CENTER\\CHECKS\\{E8433B72-5842-4D43-8645-BC2C35960837}.CHECK.104", "value_name": "CheckSetting"}]}, "reports_count": 11}, "Xls.Exploit.LokiBot-9983602-0": {"bis": [{"bi": "antivirus-service-flagged-artifact", "hashes": ["a7225665972f421022ded04315aa75f15cda747e12dbd82130b1a8e87c9d062d", "400e675021818214d2779c38b2d77b457ef9956518cd812b53bc7f41ca228bca", "067c2a2f4c8344f55cae9cc1c6ba03324a4cc99ae5facd672d100c71f64233e0", "b7062983e7667a1b86c1bd1123bc3aac29b7a8200b079c9bc4b566dd1c7ee44d", "8126aa90f564c1662d9b42b333a7b0fe7489770c8b5069997b8dc5577ded2bc0", "cc77dde534b4aa329ecf543351157ca8c9ee43730de6dbef2673d1f63f225f87", "10cd2aa23f0117fb286aba9f6a6ecbf7c467071881763d18c570574eed5b3dc8", "9d6fcf6155af47fbacddd1f7feb457dc919f1ee29f3d28cc30f3c9c437ee516a", "e7582ee773f6857a3f18e76453beefc46912089372f3b12bdd6e5735a3a3536d", "c9ebabe61d9c25500298ac578ba280ebb1b78fd2da07f32a82c44f1c11c3453e", "7b34fede01164a6602eccc2e71a58535a8e484562fe634c82fcf87256f951bcd", "93a71008a2294209a986d896b26e8bcff214afc6923323687c9281919c033a91", "afa915e7174b5c3da177ea2bc6573248a00d173dfe8f2ff8e7667557a3bf699f", "80bfd5671a9013cc4ba919582612f6d16076e0663990572188093e61ae40e2bd", "86fdff90584064c135a98f05986da5a03bd67abe414f1d8f5fbdbf4249430019", "07417c9975e6ada913ab62a1338ea1df45800d5eca0c73de33d1f53a72973bc6", "b66c265b35372a58775ab68db5392014be36b745f4647df6c3da1c0a7aab82fc", "2c585eb6a6b3d165c75312f0676e312fc0b1c9dbfd63ab4a060356669f605c90", "c2745c75eefa6867cce4cc61d89d306810370e0958a550d039c5935e7012de71", "3e8d8210b9d681c89f5df122c1598d4117b0c1843b706f7525039b5ba37f96af", "0fa75b407da549a4c7e144216a5970b1c3803c74e57ebf433257c0d4381f34db", "f78831910ab0538997847b99a58cc10e0dd87d3223f6c31b15478634d77203d6", "cd0a74e966577953be0ea3d89be7467057d1356f5a8fc0f95a472fe938ca7ff5", "0096e380996a5c8896055aa0543c3f51bbebd5c1ea8178da1d67691a975cdbf7", "e89082a08c246ba8e4bffb9ddb127a2ee24cef652e4b0a8772ad22d376a82eb7", "57e5341a8009432af3aa5b4246eabb8774d292db8a245106fc045c4f36e5cddb"], "mitre_attack_tags": []}, {"bi": "document-contains-vba-macro", "hashes": ["a7225665972f421022ded04315aa75f15cda747e12dbd82130b1a8e87c9d062d", "400e675021818214d2779c38b2d77b457ef9956518cd812b53bc7f41ca228bca", "067c2a2f4c8344f55cae9cc1c6ba03324a4cc99ae5facd672d100c71f64233e0", "b7062983e7667a1b86c1bd1123bc3aac29b7a8200b079c9bc4b566dd1c7ee44d", "8126aa90f564c1662d9b42b333a7b0fe7489770c8b5069997b8dc5577ded2bc0", "cc77dde534b4aa329ecf543351157ca8c9ee43730de6dbef2673d1f63f225f87", "10cd2aa23f0117fb286aba9f6a6ecbf7c467071881763d18c570574eed5b3dc8", "9d6fcf6155af47fbacddd1f7feb457dc919f1ee29f3d28cc30f3c9c437ee516a", "e7582ee773f6857a3f18e76453beefc46912089372f3b12bdd6e5735a3a3536d", "c9ebabe61d9c25500298ac578ba280ebb1b78fd2da07f32a82c44f1c11c3453e", "7b34fede01164a6602eccc2e71a58535a8e484562fe634c82fcf87256f951bcd", "93a71008a2294209a986d896b26e8bcff214afc6923323687c9281919c033a91", "afa915e7174b5c3da177ea2bc6573248a00d173dfe8f2ff8e7667557a3bf699f", "80bfd5671a9013cc4ba919582612f6d16076e0663990572188093e61ae40e2bd", "86fdff90584064c135a98f05986da5a03bd67abe414f1d8f5fbdbf4249430019", "07417c9975e6ada913ab62a1338ea1df45800d5eca0c73de33d1f53a72973bc6", "b66c265b35372a58775ab68db5392014be36b745f4647df6c3da1c0a7aab82fc", "2c585eb6a6b3d165c75312f0676e312fc0b1c9dbfd63ab4a060356669f605c90", "c2745c75eefa6867cce4cc61d89d306810370e0958a550d039c5935e7012de71", "3e8d8210b9d681c89f5df122c1598d4117b0c1843b706f7525039b5ba37f96af", "0fa75b407da549a4c7e144216a5970b1c3803c74e57ebf433257c0d4381f34db", "f78831910ab0538997847b99a58cc10e0dd87d3223f6c31b15478634d77203d6", "cd0a74e966577953be0ea3d89be7467057d1356f5a8fc0f95a472fe938ca7ff5", "0096e380996a5c8896055aa0543c3f51bbebd5c1ea8178da1d67691a975cdbf7", "e89082a08c246ba8e4bffb9ddb127a2ee24cef652e4b0a8772ad22d376a82eb7", "57e5341a8009432af3aa5b4246eabb8774d292db8a245106fc045c4f36e5cddb"], "mitre_attack_tags": ["TA0002", "TA0001", "T1559", "T1566"]}, {"bi": "memory-execute-readwrite", "hashes": ["a7225665972f421022ded04315aa75f15cda747e12dbd82130b1a8e87c9d062d", "400e675021818214d2779c38b2d77b457ef9956518cd812b53bc7f41ca228bca", "067c2a2f4c8344f55cae9cc1c6ba03324a4cc99ae5facd672d100c71f64233e0", "b7062983e7667a1b86c1bd1123bc3aac29b7a8200b079c9bc4b566dd1c7ee44d", "8126aa90f564c1662d9b42b333a7b0fe7489770c8b5069997b8dc5577ded2bc0", "cc77dde534b4aa329ecf543351157ca8c9ee43730de6dbef2673d1f63f225f87", "10cd2aa23f0117fb286aba9f6a6ecbf7c467071881763d18c570574eed5b3dc8", "9d6fcf6155af47fbacddd1f7feb457dc919f1ee29f3d28cc30f3c9c437ee516a", "e7582ee773f6857a3f18e76453beefc46912089372f3b12bdd6e5735a3a3536d", "c9ebabe61d9c25500298ac578ba280ebb1b78fd2da07f32a82c44f1c11c3453e", "7b34fede01164a6602eccc2e71a58535a8e484562fe634c82fcf87256f951bcd", "93a71008a2294209a986d896b26e8bcff214afc6923323687c9281919c033a91", "afa915e7174b5c3da177ea2bc6573248a00d173dfe8f2ff8e7667557a3bf699f", "80bfd5671a9013cc4ba919582612f6d16076e0663990572188093e61ae40e2bd", "86fdff90584064c135a98f05986da5a03bd67abe414f1d8f5fbdbf4249430019", "07417c9975e6ada913ab62a1338ea1df45800d5eca0c73de33d1f53a72973bc6", "b66c265b35372a58775ab68db5392014be36b745f4647df6c3da1c0a7aab82fc", "2c585eb6a6b3d165c75312f0676e312fc0b1c9dbfd63ab4a060356669f605c90", "c2745c75eefa6867cce4cc61d89d306810370e0958a550d039c5935e7012de71", "3e8d8210b9d681c89f5df122c1598d4117b0c1843b706f7525039b5ba37f96af", "0fa75b407da549a4c7e144216a5970b1c3803c74e57ebf433257c0d4381f34db", "f78831910ab0538997847b99a58cc10e0dd87d3223f6c31b15478634d77203d6", "0096e380996a5c8896055aa0543c3f51bbebd5c1ea8178da1d67691a975cdbf7", "e89082a08c246ba8e4bffb9ddb127a2ee24cef652e4b0a8772ad22d376a82eb7", "57e5341a8009432af3aa5b4246eabb8774d292db8a245106fc045c4f36e5cddb"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "document-direct-ip-traffic", "hashes": ["a7225665972f421022ded04315aa75f15cda747e12dbd82130b1a8e87c9d062d", "400e675021818214d2779c38b2d77b457ef9956518cd812b53bc7f41ca228bca", "067c2a2f4c8344f55cae9cc1c6ba03324a4cc99ae5facd672d100c71f64233e0", "b7062983e7667a1b86c1bd1123bc3aac29b7a8200b079c9bc4b566dd1c7ee44d", "8126aa90f564c1662d9b42b333a7b0fe7489770c8b5069997b8dc5577ded2bc0", "cc77dde534b4aa329ecf543351157ca8c9ee43730de6dbef2673d1f63f225f87", "10cd2aa23f0117fb286aba9f6a6ecbf7c467071881763d18c570574eed5b3dc8", "9d6fcf6155af47fbacddd1f7feb457dc919f1ee29f3d28cc30f3c9c437ee516a", "e7582ee773f6857a3f18e76453beefc46912089372f3b12bdd6e5735a3a3536d", "c9ebabe61d9c25500298ac578ba280ebb1b78fd2da07f32a82c44f1c11c3453e", "7b34fede01164a6602eccc2e71a58535a8e484562fe634c82fcf87256f951bcd", "93a71008a2294209a986d896b26e8bcff214afc6923323687c9281919c033a91", "afa915e7174b5c3da177ea2bc6573248a00d173dfe8f2ff8e7667557a3bf699f", "80bfd5671a9013cc4ba919582612f6d16076e0663990572188093e61ae40e2bd", "86fdff90584064c135a98f05986da5a03bd67abe414f1d8f5fbdbf4249430019", "07417c9975e6ada913ab62a1338ea1df45800d5eca0c73de33d1f53a72973bc6", "b66c265b35372a58775ab68db5392014be36b745f4647df6c3da1c0a7aab82fc", "2c585eb6a6b3d165c75312f0676e312fc0b1c9dbfd63ab4a060356669f605c90", "c2745c75eefa6867cce4cc61d89d306810370e0958a550d039c5935e7012de71", "3e8d8210b9d681c89f5df122c1598d4117b0c1843b706f7525039b5ba37f96af", "0fa75b407da549a4c7e144216a5970b1c3803c74e57ebf433257c0d4381f34db", "f78831910ab0538997847b99a58cc10e0dd87d3223f6c31b15478634d77203d6", "0096e380996a5c8896055aa0543c3f51bbebd5c1ea8178da1d67691a975cdbf7", "e89082a08c246ba8e4bffb9ddb127a2ee24cef652e4b0a8772ad22d376a82eb7", "57e5341a8009432af3aa5b4246eabb8774d292db8a245106fc045c4f36e5cddb"], "mitre_attack_tags": ["TA0011", "T1105"]}, {"bi": "document-uses-content-obfuscation", "hashes": ["a7225665972f421022ded04315aa75f15cda747e12dbd82130b1a8e87c9d062d", "400e675021818214d2779c38b2d77b457ef9956518cd812b53bc7f41ca228bca", "067c2a2f4c8344f55cae9cc1c6ba03324a4cc99ae5facd672d100c71f64233e0", "b7062983e7667a1b86c1bd1123bc3aac29b7a8200b079c9bc4b566dd1c7ee44d", "8126aa90f564c1662d9b42b333a7b0fe7489770c8b5069997b8dc5577ded2bc0", "cc77dde534b4aa329ecf543351157ca8c9ee43730de6dbef2673d1f63f225f87", "10cd2aa23f0117fb286aba9f6a6ecbf7c467071881763d18c570574eed5b3dc8", "9d6fcf6155af47fbacddd1f7feb457dc919f1ee29f3d28cc30f3c9c437ee516a", "e7582ee773f6857a3f18e76453beefc46912089372f3b12bdd6e5735a3a3536d", "c9ebabe61d9c25500298ac578ba280ebb1b78fd2da07f32a82c44f1c11c3453e", "7b34fede01164a6602eccc2e71a58535a8e484562fe634c82fcf87256f951bcd", "93a71008a2294209a986d896b26e8bcff214afc6923323687c9281919c033a91", "afa915e7174b5c3da177ea2bc6573248a00d173dfe8f2ff8e7667557a3bf699f", "80bfd5671a9013cc4ba919582612f6d16076e0663990572188093e61ae40e2bd", "86fdff90584064c135a98f05986da5a03bd67abe414f1d8f5fbdbf4249430019", "07417c9975e6ada913ab62a1338ea1df45800d5eca0c73de33d1f53a72973bc6", "2c585eb6a6b3d165c75312f0676e312fc0b1c9dbfd63ab4a060356669f605c90", "c2745c75eefa6867cce4cc61d89d306810370e0958a550d039c5935e7012de71", "3e8d8210b9d681c89f5df122c1598d4117b0c1843b706f7525039b5ba37f96af", "0fa75b407da549a4c7e144216a5970b1c3803c74e57ebf433257c0d4381f34db", "f78831910ab0538997847b99a58cc10e0dd87d3223f6c31b15478634d77203d6", "0096e380996a5c8896055aa0543c3f51bbebd5c1ea8178da1d67691a975cdbf7"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "document-password-protected-internal", "hashes": ["a7225665972f421022ded04315aa75f15cda747e12dbd82130b1a8e87c9d062d", "400e675021818214d2779c38b2d77b457ef9956518cd812b53bc7f41ca228bca", "067c2a2f4c8344f55cae9cc1c6ba03324a4cc99ae5facd672d100c71f64233e0", "b7062983e7667a1b86c1bd1123bc3aac29b7a8200b079c9bc4b566dd1c7ee44d", "8126aa90f564c1662d9b42b333a7b0fe7489770c8b5069997b8dc5577ded2bc0", "cc77dde534b4aa329ecf543351157ca8c9ee43730de6dbef2673d1f63f225f87", "10cd2aa23f0117fb286aba9f6a6ecbf7c467071881763d18c570574eed5b3dc8", "9d6fcf6155af47fbacddd1f7feb457dc919f1ee29f3d28cc30f3c9c437ee516a", "e7582ee773f6857a3f18e76453beefc46912089372f3b12bdd6e5735a3a3536d", "c9ebabe61d9c25500298ac578ba280ebb1b78fd2da07f32a82c44f1c11c3453e", "7b34fede01164a6602eccc2e71a58535a8e484562fe634c82fcf87256f951bcd", "93a71008a2294209a986d896b26e8bcff214afc6923323687c9281919c033a91", "afa915e7174b5c3da177ea2bc6573248a00d173dfe8f2ff8e7667557a3bf699f", "80bfd5671a9013cc4ba919582612f6d16076e0663990572188093e61ae40e2bd", "86fdff90584064c135a98f05986da5a03bd67abe414f1d8f5fbdbf4249430019", "07417c9975e6ada913ab62a1338ea1df45800d5eca0c73de33d1f53a72973bc6", "2c585eb6a6b3d165c75312f0676e312fc0b1c9dbfd63ab4a060356669f605c90", "c2745c75eefa6867cce4cc61d89d306810370e0958a550d039c5935e7012de71", "3e8d8210b9d681c89f5df122c1598d4117b0c1843b706f7525039b5ba37f96af", "0fa75b407da549a4c7e144216a5970b1c3803c74e57ebf433257c0d4381f34db", "f78831910ab0538997847b99a58cc10e0dd87d3223f6c31b15478634d77203d6", "0096e380996a5c8896055aa0543c3f51bbebd5c1ea8178da1d67691a975cdbf7"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "artifact-flagged-malware", "hashes": ["a7225665972f421022ded04315aa75f15cda747e12dbd82130b1a8e87c9d062d", "cc77dde534b4aa329ecf543351157ca8c9ee43730de6dbef2673d1f63f225f87", "10cd2aa23f0117fb286aba9f6a6ecbf7c467071881763d18c570574eed5b3dc8", "9d6fcf6155af47fbacddd1f7feb457dc919f1ee29f3d28cc30f3c9c437ee516a", "e7582ee773f6857a3f18e76453beefc46912089372f3b12bdd6e5735a3a3536d", "c9ebabe61d9c25500298ac578ba280ebb1b78fd2da07f32a82c44f1c11c3453e", "7b34fede01164a6602eccc2e71a58535a8e484562fe634c82fcf87256f951bcd", "93a71008a2294209a986d896b26e8bcff214afc6923323687c9281919c033a91", "afa915e7174b5c3da177ea2bc6573248a00d173dfe8f2ff8e7667557a3bf699f", "80bfd5671a9013cc4ba919582612f6d16076e0663990572188093e61ae40e2bd", "86fdff90584064c135a98f05986da5a03bd67abe414f1d8f5fbdbf4249430019", "07417c9975e6ada913ab62a1338ea1df45800d5eca0c73de33d1f53a72973bc6", "b66c265b35372a58775ab68db5392014be36b745f4647df6c3da1c0a7aab82fc", "2c585eb6a6b3d165c75312f0676e312fc0b1c9dbfd63ab4a060356669f605c90", "c2745c75eefa6867cce4cc61d89d306810370e0958a550d039c5935e7012de71", "3e8d8210b9d681c89f5df122c1598d4117b0c1843b706f7525039b5ba37f96af", "0fa75b407da549a4c7e144216a5970b1c3803c74e57ebf433257c0d4381f34db", "0096e380996a5c8896055aa0543c3f51bbebd5c1ea8178da1d67691a975cdbf7", "e89082a08c246ba8e4bffb9ddb127a2ee24cef652e4b0a8772ad22d376a82eb7", "57e5341a8009432af3aa5b4246eabb8774d292db8a245106fc045c4f36e5cddb"], "mitre_attack_tags": []}, {"bi": "malware-cve-2017-11882", "hashes": ["a7225665972f421022ded04315aa75f15cda747e12dbd82130b1a8e87c9d062d", "cc77dde534b4aa329ecf543351157ca8c9ee43730de6dbef2673d1f63f225f87", "10cd2aa23f0117fb286aba9f6a6ecbf7c467071881763d18c570574eed5b3dc8", "9d6fcf6155af47fbacddd1f7feb457dc919f1ee29f3d28cc30f3c9c437ee516a", "e7582ee773f6857a3f18e76453beefc46912089372f3b12bdd6e5735a3a3536d", "c9ebabe61d9c25500298ac578ba280ebb1b78fd2da07f32a82c44f1c11c3453e", "7b34fede01164a6602eccc2e71a58535a8e484562fe634c82fcf87256f951bcd", "93a71008a2294209a986d896b26e8bcff214afc6923323687c9281919c033a91", "afa915e7174b5c3da177ea2bc6573248a00d173dfe8f2ff8e7667557a3bf699f", "80bfd5671a9013cc4ba919582612f6d16076e0663990572188093e61ae40e2bd", "86fdff90584064c135a98f05986da5a03bd67abe414f1d8f5fbdbf4249430019", "07417c9975e6ada913ab62a1338ea1df45800d5eca0c73de33d1f53a72973bc6", "b66c265b35372a58775ab68db5392014be36b745f4647df6c3da1c0a7aab82fc", "2c585eb6a6b3d165c75312f0676e312fc0b1c9dbfd63ab4a060356669f605c90", "c2745c75eefa6867cce4cc61d89d306810370e0958a550d039c5935e7012de71", "3e8d8210b9d681c89f5df122c1598d4117b0c1843b706f7525039b5ba37f96af", "0fa75b407da549a4c7e144216a5970b1c3803c74e57ebf433257c0d4381f34db", "0096e380996a5c8896055aa0543c3f51bbebd5c1ea8178da1d67691a975cdbf7", "e89082a08c246ba8e4bffb9ddb127a2ee24cef652e4b0a8772ad22d376a82eb7", "57e5341a8009432af3aa5b4246eabb8774d292db8a245106fc045c4f36e5cddb"], "mitre_attack_tags": ["TA0002", "T1203"]}, {"bi": "network-http-numeric-ip", "hashes": ["a7225665972f421022ded04315aa75f15cda747e12dbd82130b1a8e87c9d062d", "067c2a2f4c8344f55cae9cc1c6ba03324a4cc99ae5facd672d100c71f64233e0", "b7062983e7667a1b86c1bd1123bc3aac29b7a8200b079c9bc4b566dd1c7ee44d", "cc77dde534b4aa329ecf543351157ca8c9ee43730de6dbef2673d1f63f225f87", "9d6fcf6155af47fbacddd1f7feb457dc919f1ee29f3d28cc30f3c9c437ee516a", "e7582ee773f6857a3f18e76453beefc46912089372f3b12bdd6e5735a3a3536d", "c9ebabe61d9c25500298ac578ba280ebb1b78fd2da07f32a82c44f1c11c3453e", "93a71008a2294209a986d896b26e8bcff214afc6923323687c9281919c033a91", "afa915e7174b5c3da177ea2bc6573248a00d173dfe8f2ff8e7667557a3bf699f", "86fdff90584064c135a98f05986da5a03bd67abe414f1d8f5fbdbf4249430019", "07417c9975e6ada913ab62a1338ea1df45800d5eca0c73de33d1f53a72973bc6", "b66c265b35372a58775ab68db5392014be36b745f4647df6c3da1c0a7aab82fc", "2c585eb6a6b3d165c75312f0676e312fc0b1c9dbfd63ab4a060356669f605c90", "3e8d8210b9d681c89f5df122c1598d4117b0c1843b706f7525039b5ba37f96af", "e89082a08c246ba8e4bffb9ddb127a2ee24cef652e4b0a8772ad22d376a82eb7", "57e5341a8009432af3aa5b4246eabb8774d292db8a245106fc045c4f36e5cddb"], "mitre_attack_tags": ["TA0011", "T1071"]}, {"bi": "network-communications-http-get", "hashes": ["a7225665972f421022ded04315aa75f15cda747e12dbd82130b1a8e87c9d062d", "067c2a2f4c8344f55cae9cc1c6ba03324a4cc99ae5facd672d100c71f64233e0", "b7062983e7667a1b86c1bd1123bc3aac29b7a8200b079c9bc4b566dd1c7ee44d", "cc77dde534b4aa329ecf543351157ca8c9ee43730de6dbef2673d1f63f225f87", "9d6fcf6155af47fbacddd1f7feb457dc919f1ee29f3d28cc30f3c9c437ee516a", "e7582ee773f6857a3f18e76453beefc46912089372f3b12bdd6e5735a3a3536d", "c9ebabe61d9c25500298ac578ba280ebb1b78fd2da07f32a82c44f1c11c3453e", "93a71008a2294209a986d896b26e8bcff214afc6923323687c9281919c033a91", "afa915e7174b5c3da177ea2bc6573248a00d173dfe8f2ff8e7667557a3bf699f", "86fdff90584064c135a98f05986da5a03bd67abe414f1d8f5fbdbf4249430019", "07417c9975e6ada913ab62a1338ea1df45800d5eca0c73de33d1f53a72973bc6", "b66c265b35372a58775ab68db5392014be36b745f4647df6c3da1c0a7aab82fc", "2c585eb6a6b3d165c75312f0676e312fc0b1c9dbfd63ab4a060356669f605c90", "3e8d8210b9d681c89f5df122c1598d4117b0c1843b706f7525039b5ba37f96af", "e89082a08c246ba8e4bffb9ddb127a2ee24cef652e4b0a8772ad22d376a82eb7", "57e5341a8009432af3aa5b4246eabb8774d292db8a245106fc045c4f36e5cddb"], "mitre_attack_tags": ["TA0011", "T1105"]}, {"bi": "document-network-get-exe", "hashes": ["a7225665972f421022ded04315aa75f15cda747e12dbd82130b1a8e87c9d062d", "067c2a2f4c8344f55cae9cc1c6ba03324a4cc99ae5facd672d100c71f64233e0", "b7062983e7667a1b86c1bd1123bc3aac29b7a8200b079c9bc4b566dd1c7ee44d", "cc77dde534b4aa329ecf543351157ca8c9ee43730de6dbef2673d1f63f225f87", "9d6fcf6155af47fbacddd1f7feb457dc919f1ee29f3d28cc30f3c9c437ee516a", "e7582ee773f6857a3f18e76453beefc46912089372f3b12bdd6e5735a3a3536d", "c9ebabe61d9c25500298ac578ba280ebb1b78fd2da07f32a82c44f1c11c3453e", "93a71008a2294209a986d896b26e8bcff214afc6923323687c9281919c033a91", "afa915e7174b5c3da177ea2bc6573248a00d173dfe8f2ff8e7667557a3bf699f", "86fdff90584064c135a98f05986da5a03bd67abe414f1d8f5fbdbf4249430019", "07417c9975e6ada913ab62a1338ea1df45800d5eca0c73de33d1f53a72973bc6", "b66c265b35372a58775ab68db5392014be36b745f4647df6c3da1c0a7aab82fc", "2c585eb6a6b3d165c75312f0676e312fc0b1c9dbfd63ab4a060356669f605c90", "3e8d8210b9d681c89f5df122c1598d4117b0c1843b706f7525039b5ba37f96af", "e89082a08c246ba8e4bffb9ddb127a2ee24cef652e4b0a8772ad22d376a82eb7", "57e5341a8009432af3aa5b4246eabb8774d292db8a245106fc045c4f36e5cddb"], "mitre_attack_tags": ["TA0011", "T1105"]}, {"bi": "eqnedt32-network-connection", "hashes": ["a7225665972f421022ded04315aa75f15cda747e12dbd82130b1a8e87c9d062d", "067c2a2f4c8344f55cae9cc1c6ba03324a4cc99ae5facd672d100c71f64233e0", "b7062983e7667a1b86c1bd1123bc3aac29b7a8200b079c9bc4b566dd1c7ee44d", "cc77dde534b4aa329ecf543351157ca8c9ee43730de6dbef2673d1f63f225f87", "9d6fcf6155af47fbacddd1f7feb457dc919f1ee29f3d28cc30f3c9c437ee516a", "e7582ee773f6857a3f18e76453beefc46912089372f3b12bdd6e5735a3a3536d", "c9ebabe61d9c25500298ac578ba280ebb1b78fd2da07f32a82c44f1c11c3453e", "93a71008a2294209a986d896b26e8bcff214afc6923323687c9281919c033a91", "afa915e7174b5c3da177ea2bc6573248a00d173dfe8f2ff8e7667557a3bf699f", "86fdff90584064c135a98f05986da5a03bd67abe414f1d8f5fbdbf4249430019", "07417c9975e6ada913ab62a1338ea1df45800d5eca0c73de33d1f53a72973bc6", "b66c265b35372a58775ab68db5392014be36b745f4647df6c3da1c0a7aab82fc", "2c585eb6a6b3d165c75312f0676e312fc0b1c9dbfd63ab4a060356669f605c90", "3e8d8210b9d681c89f5df122c1598d4117b0c1843b706f7525039b5ba37f96af", "e89082a08c246ba8e4bffb9ddb127a2ee24cef652e4b0a8772ad22d376a82eb7", "57e5341a8009432af3aa5b4246eabb8774d292db8a245106fc045c4f36e5cddb"], "mitre_attack_tags": ["TA0005"]}, {"bi": "modified-executable", "hashes": ["a7225665972f421022ded04315aa75f15cda747e12dbd82130b1a8e87c9d062d", "067c2a2f4c8344f55cae9cc1c6ba03324a4cc99ae5facd672d100c71f64233e0", "b7062983e7667a1b86c1bd1123bc3aac29b7a8200b079c9bc4b566dd1c7ee44d", "9d6fcf6155af47fbacddd1f7feb457dc919f1ee29f3d28cc30f3c9c437ee516a", "e7582ee773f6857a3f18e76453beefc46912089372f3b12bdd6e5735a3a3536d", "c9ebabe61d9c25500298ac578ba280ebb1b78fd2da07f32a82c44f1c11c3453e", "93a71008a2294209a986d896b26e8bcff214afc6923323687c9281919c033a91", "afa915e7174b5c3da177ea2bc6573248a00d173dfe8f2ff8e7667557a3bf699f", "86fdff90584064c135a98f05986da5a03bd67abe414f1d8f5fbdbf4249430019", "07417c9975e6ada913ab62a1338ea1df45800d5eca0c73de33d1f53a72973bc6", "b66c265b35372a58775ab68db5392014be36b745f4647df6c3da1c0a7aab82fc", "2c585eb6a6b3d165c75312f0676e312fc0b1c9dbfd63ab4a060356669f605c90", "3e8d8210b9d681c89f5df122c1598d4117b0c1843b706f7525039b5ba37f96af", "e89082a08c246ba8e4bffb9ddb127a2ee24cef652e4b0a8772ad22d376a82eb7", "57e5341a8009432af3aa5b4246eabb8774d292db8a245106fc045c4f36e5cddb"], "mitre_attack_tags": []}, {"bi": "created-executable-in-user-dir", "hashes": ["a7225665972f421022ded04315aa75f15cda747e12dbd82130b1a8e87c9d062d", "067c2a2f4c8344f55cae9cc1c6ba03324a4cc99ae5facd672d100c71f64233e0", "b7062983e7667a1b86c1bd1123bc3aac29b7a8200b079c9bc4b566dd1c7ee44d", "9d6fcf6155af47fbacddd1f7feb457dc919f1ee29f3d28cc30f3c9c437ee516a", "e7582ee773f6857a3f18e76453beefc46912089372f3b12bdd6e5735a3a3536d", "c9ebabe61d9c25500298ac578ba280ebb1b78fd2da07f32a82c44f1c11c3453e", "93a71008a2294209a986d896b26e8bcff214afc6923323687c9281919c033a91", "afa915e7174b5c3da177ea2bc6573248a00d173dfe8f2ff8e7667557a3bf699f", "86fdff90584064c135a98f05986da5a03bd67abe414f1d8f5fbdbf4249430019", "07417c9975e6ada913ab62a1338ea1df45800d5eca0c73de33d1f53a72973bc6", "b66c265b35372a58775ab68db5392014be36b745f4647df6c3da1c0a7aab82fc", "2c585eb6a6b3d165c75312f0676e312fc0b1c9dbfd63ab4a060356669f605c90", "3e8d8210b9d681c89f5df122c1598d4117b0c1843b706f7525039b5ba37f96af", "e89082a08c246ba8e4bffb9ddb127a2ee24cef652e4b0a8772ad22d376a82eb7", "57e5341a8009432af3aa5b4246eabb8774d292db8a245106fc045c4f36e5cddb"], "mitre_attack_tags": []}, {"bi": "modified-file-in-user-dir", "hashes": ["a7225665972f421022ded04315aa75f15cda747e12dbd82130b1a8e87c9d062d", "067c2a2f4c8344f55cae9cc1c6ba03324a4cc99ae5facd672d100c71f64233e0", "b7062983e7667a1b86c1bd1123bc3aac29b7a8200b079c9bc4b566dd1c7ee44d", "9d6fcf6155af47fbacddd1f7feb457dc919f1ee29f3d28cc30f3c9c437ee516a", "e7582ee773f6857a3f18e76453beefc46912089372f3b12bdd6e5735a3a3536d", "c9ebabe61d9c25500298ac578ba280ebb1b78fd2da07f32a82c44f1c11c3453e", "93a71008a2294209a986d896b26e8bcff214afc6923323687c9281919c033a91", "afa915e7174b5c3da177ea2bc6573248a00d173dfe8f2ff8e7667557a3bf699f", "86fdff90584064c135a98f05986da5a03bd67abe414f1d8f5fbdbf4249430019", "07417c9975e6ada913ab62a1338ea1df45800d5eca0c73de33d1f53a72973bc6", "b66c265b35372a58775ab68db5392014be36b745f4647df6c3da1c0a7aab82fc", "2c585eb6a6b3d165c75312f0676e312fc0b1c9dbfd63ab4a060356669f605c90", "3e8d8210b9d681c89f5df122c1598d4117b0c1843b706f7525039b5ba37f96af", "e89082a08c246ba8e4bffb9ddb127a2ee24cef652e4b0a8772ad22d376a82eb7", "57e5341a8009432af3aa5b4246eabb8774d292db8a245106fc045c4f36e5cddb"], "mitre_attack_tags": []}, {"bi": "document-exe-dropped", "hashes": ["a7225665972f421022ded04315aa75f15cda747e12dbd82130b1a8e87c9d062d", "067c2a2f4c8344f55cae9cc1c6ba03324a4cc99ae5facd672d100c71f64233e0", "b7062983e7667a1b86c1bd1123bc3aac29b7a8200b079c9bc4b566dd1c7ee44d", "9d6fcf6155af47fbacddd1f7feb457dc919f1ee29f3d28cc30f3c9c437ee516a", "e7582ee773f6857a3f18e76453beefc46912089372f3b12bdd6e5735a3a3536d", "c9ebabe61d9c25500298ac578ba280ebb1b78fd2da07f32a82c44f1c11c3453e", "93a71008a2294209a986d896b26e8bcff214afc6923323687c9281919c033a91", "afa915e7174b5c3da177ea2bc6573248a00d173dfe8f2ff8e7667557a3bf699f", "86fdff90584064c135a98f05986da5a03bd67abe414f1d8f5fbdbf4249430019", "07417c9975e6ada913ab62a1338ea1df45800d5eca0c73de33d1f53a72973bc6", "b66c265b35372a58775ab68db5392014be36b745f4647df6c3da1c0a7aab82fc", "2c585eb6a6b3d165c75312f0676e312fc0b1c9dbfd63ab4a060356669f605c90", "3e8d8210b9d681c89f5df122c1598d4117b0c1843b706f7525039b5ba37f96af", "e89082a08c246ba8e4bffb9ddb127a2ee24cef652e4b0a8772ad22d376a82eb7", "57e5341a8009432af3aa5b4246eabb8774d292db8a245106fc045c4f36e5cddb"], "mitre_attack_tags": ["TA0002", "T1559"]}, {"bi": "network-downloaded-executable", "hashes": ["a7225665972f421022ded04315aa75f15cda747e12dbd82130b1a8e87c9d062d", "067c2a2f4c8344f55cae9cc1c6ba03324a4cc99ae5facd672d100c71f64233e0", "b7062983e7667a1b86c1bd1123bc3aac29b7a8200b079c9bc4b566dd1c7ee44d", "9d6fcf6155af47fbacddd1f7feb457dc919f1ee29f3d28cc30f3c9c437ee516a", "e7582ee773f6857a3f18e76453beefc46912089372f3b12bdd6e5735a3a3536d", "c9ebabe61d9c25500298ac578ba280ebb1b78fd2da07f32a82c44f1c11c3453e", "93a71008a2294209a986d896b26e8bcff214afc6923323687c9281919c033a91", "afa915e7174b5c3da177ea2bc6573248a00d173dfe8f2ff8e7667557a3bf699f", "86fdff90584064c135a98f05986da5a03bd67abe414f1d8f5fbdbf4249430019", "07417c9975e6ada913ab62a1338ea1df45800d5eca0c73de33d1f53a72973bc6", "b66c265b35372a58775ab68db5392014be36b745f4647df6c3da1c0a7aab82fc", "2c585eb6a6b3d165c75312f0676e312fc0b1c9dbfd63ab4a060356669f605c90", "3e8d8210b9d681c89f5df122c1598d4117b0c1843b706f7525039b5ba37f96af", "e89082a08c246ba8e4bffb9ddb127a2ee24cef652e4b0a8772ad22d376a82eb7", "57e5341a8009432af3aa5b4246eabb8774d292db8a245106fc045c4f36e5cddb"], "mitre_attack_tags": ["TA0011", "T1105"]}, {"bi": "network-snort-file-exe", "hashes": ["a7225665972f421022ded04315aa75f15cda747e12dbd82130b1a8e87c9d062d", "067c2a2f4c8344f55cae9cc1c6ba03324a4cc99ae5facd672d100c71f64233e0", "b7062983e7667a1b86c1bd1123bc3aac29b7a8200b079c9bc4b566dd1c7ee44d", "9d6fcf6155af47fbacddd1f7feb457dc919f1ee29f3d28cc30f3c9c437ee516a", "e7582ee773f6857a3f18e76453beefc46912089372f3b12bdd6e5735a3a3536d", "c9ebabe61d9c25500298ac578ba280ebb1b78fd2da07f32a82c44f1c11c3453e", "93a71008a2294209a986d896b26e8bcff214afc6923323687c9281919c033a91", "afa915e7174b5c3da177ea2bc6573248a00d173dfe8f2ff8e7667557a3bf699f", "86fdff90584064c135a98f05986da5a03bd67abe414f1d8f5fbdbf4249430019", "07417c9975e6ada913ab62a1338ea1df45800d5eca0c73de33d1f53a72973bc6", "b66c265b35372a58775ab68db5392014be36b745f4647df6c3da1c0a7aab82fc", "2c585eb6a6b3d165c75312f0676e312fc0b1c9dbfd63ab4a060356669f605c90", "3e8d8210b9d681c89f5df122c1598d4117b0c1843b706f7525039b5ba37f96af", "e89082a08c246ba8e4bffb9ddb127a2ee24cef652e4b0a8772ad22d376a82eb7", "57e5341a8009432af3aa5b4246eabb8774d292db8a245106fc045c4f36e5cddb"], "mitre_attack_tags": []}, {"bi": "network-file-downloaded-to-disk", "hashes": ["a7225665972f421022ded04315aa75f15cda747e12dbd82130b1a8e87c9d062d", "067c2a2f4c8344f55cae9cc1c6ba03324a4cc99ae5facd672d100c71f64233e0", "b7062983e7667a1b86c1bd1123bc3aac29b7a8200b079c9bc4b566dd1c7ee44d", "9d6fcf6155af47fbacddd1f7feb457dc919f1ee29f3d28cc30f3c9c437ee516a", "e7582ee773f6857a3f18e76453beefc46912089372f3b12bdd6e5735a3a3536d", "c9ebabe61d9c25500298ac578ba280ebb1b78fd2da07f32a82c44f1c11c3453e", "93a71008a2294209a986d896b26e8bcff214afc6923323687c9281919c033a91", "afa915e7174b5c3da177ea2bc6573248a00d173dfe8f2ff8e7667557a3bf699f", "86fdff90584064c135a98f05986da5a03bd67abe414f1d8f5fbdbf4249430019", "07417c9975e6ada913ab62a1338ea1df45800d5eca0c73de33d1f53a72973bc6", "b66c265b35372a58775ab68db5392014be36b745f4647df6c3da1c0a7aab82fc", "2c585eb6a6b3d165c75312f0676e312fc0b1c9dbfd63ab4a060356669f605c90", "3e8d8210b9d681c89f5df122c1598d4117b0c1843b706f7525039b5ba37f96af", "e89082a08c246ba8e4bffb9ddb127a2ee24cef652e4b0a8772ad22d376a82eb7", "57e5341a8009432af3aa5b4246eabb8774d292db8a245106fc045c4f36e5cddb"], "mitre_attack_tags": []}, {"bi": "eqnedt32-child-process", "hashes": ["a7225665972f421022ded04315aa75f15cda747e12dbd82130b1a8e87c9d062d", "067c2a2f4c8344f55cae9cc1c6ba03324a4cc99ae5facd672d100c71f64233e0", "b7062983e7667a1b86c1bd1123bc3aac29b7a8200b079c9bc4b566dd1c7ee44d", "9d6fcf6155af47fbacddd1f7feb457dc919f1ee29f3d28cc30f3c9c437ee516a", "e7582ee773f6857a3f18e76453beefc46912089372f3b12bdd6e5735a3a3536d", "c9ebabe61d9c25500298ac578ba280ebb1b78fd2da07f32a82c44f1c11c3453e", "93a71008a2294209a986d896b26e8bcff214afc6923323687c9281919c033a91", "afa915e7174b5c3da177ea2bc6573248a00d173dfe8f2ff8e7667557a3bf699f", "86fdff90584064c135a98f05986da5a03bd67abe414f1d8f5fbdbf4249430019", "07417c9975e6ada913ab62a1338ea1df45800d5eca0c73de33d1f53a72973bc6", "b66c265b35372a58775ab68db5392014be36b745f4647df6c3da1c0a7aab82fc", "2c585eb6a6b3d165c75312f0676e312fc0b1c9dbfd63ab4a060356669f605c90", "3e8d8210b9d681c89f5df122c1598d4117b0c1843b706f7525039b5ba37f96af", "e89082a08c246ba8e4bffb9ddb127a2ee24cef652e4b0a8772ad22d376a82eb7", "57e5341a8009432af3aa5b4246eabb8774d292db8a245106fc045c4f36e5cddb"], "mitre_attack_tags": ["TA0005"]}, {"bi": "compiler-vbc-run", "hashes": ["a7225665972f421022ded04315aa75f15cda747e12dbd82130b1a8e87c9d062d", "067c2a2f4c8344f55cae9cc1c6ba03324a4cc99ae5facd672d100c71f64233e0", "b7062983e7667a1b86c1bd1123bc3aac29b7a8200b079c9bc4b566dd1c7ee44d", "9d6fcf6155af47fbacddd1f7feb457dc919f1ee29f3d28cc30f3c9c437ee516a", "e7582ee773f6857a3f18e76453beefc46912089372f3b12bdd6e5735a3a3536d", "c9ebabe61d9c25500298ac578ba280ebb1b78fd2da07f32a82c44f1c11c3453e", "93a71008a2294209a986d896b26e8bcff214afc6923323687c9281919c033a91", "afa915e7174b5c3da177ea2bc6573248a00d173dfe8f2ff8e7667557a3bf699f", "07417c9975e6ada913ab62a1338ea1df45800d5eca0c73de33d1f53a72973bc6", "2c585eb6a6b3d165c75312f0676e312fc0b1c9dbfd63ab4a060356669f605c90", "3e8d8210b9d681c89f5df122c1598d4117b0c1843b706f7525039b5ba37f96af", "e89082a08c246ba8e4bffb9ddb127a2ee24cef652e4b0a8772ad22d376a82eb7", "57e5341a8009432af3aa5b4246eabb8774d292db8a245106fc045c4f36e5cddb"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-encrypted-section", "hashes": ["a7225665972f421022ded04315aa75f15cda747e12dbd82130b1a8e87c9d062d", "067c2a2f4c8344f55cae9cc1c6ba03324a4cc99ae5facd672d100c71f64233e0", "9d6fcf6155af47fbacddd1f7feb457dc919f1ee29f3d28cc30f3c9c437ee516a", "e7582ee773f6857a3f18e76453beefc46912089372f3b12bdd6e5735a3a3536d", "c9ebabe61d9c25500298ac578ba280ebb1b78fd2da07f32a82c44f1c11c3453e", "93a71008a2294209a986d896b26e8bcff214afc6923323687c9281919c033a91", "afa915e7174b5c3da177ea2bc6573248a00d173dfe8f2ff8e7667557a3bf699f", "07417c9975e6ada913ab62a1338ea1df45800d5eca0c73de33d1f53a72973bc6", "b66c265b35372a58775ab68db5392014be36b745f4647df6c3da1c0a7aab82fc", "3e8d8210b9d681c89f5df122c1598d4117b0c1843b706f7525039b5ba37f96af", "e89082a08c246ba8e4bffb9ddb127a2ee24cef652e4b0a8772ad22d376a82eb7", "57e5341a8009432af3aa5b4246eabb8774d292db8a245106fc045c4f36e5cddb"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-filename-mismatch", "hashes": ["a7225665972f421022ded04315aa75f15cda747e12dbd82130b1a8e87c9d062d", "067c2a2f4c8344f55cae9cc1c6ba03324a4cc99ae5facd672d100c71f64233e0", "9d6fcf6155af47fbacddd1f7feb457dc919f1ee29f3d28cc30f3c9c437ee516a", "e7582ee773f6857a3f18e76453beefc46912089372f3b12bdd6e5735a3a3536d", "c9ebabe61d9c25500298ac578ba280ebb1b78fd2da07f32a82c44f1c11c3453e", "93a71008a2294209a986d896b26e8bcff214afc6923323687c9281919c033a91", "afa915e7174b5c3da177ea2bc6573248a00d173dfe8f2ff8e7667557a3bf699f", "07417c9975e6ada913ab62a1338ea1df45800d5eca0c73de33d1f53a72973bc6", "b66c265b35372a58775ab68db5392014be36b745f4647df6c3da1c0a7aab82fc", "3e8d8210b9d681c89f5df122c1598d4117b0c1843b706f7525039b5ba37f96af", "e89082a08c246ba8e4bffb9ddb127a2ee24cef652e4b0a8772ad22d376a82eb7", "57e5341a8009432af3aa5b4246eabb8774d292db8a245106fc045c4f36e5cddb"], "mitre_attack_tags": []}, {"bi": "network-downloaded-executed-from", "hashes": ["a7225665972f421022ded04315aa75f15cda747e12dbd82130b1a8e87c9d062d", "067c2a2f4c8344f55cae9cc1c6ba03324a4cc99ae5facd672d100c71f64233e0", "b7062983e7667a1b86c1bd1123bc3aac29b7a8200b079c9bc4b566dd1c7ee44d", "9d6fcf6155af47fbacddd1f7feb457dc919f1ee29f3d28cc30f3c9c437ee516a", "e7582ee773f6857a3f18e76453beefc46912089372f3b12bdd6e5735a3a3536d", "c9ebabe61d9c25500298ac578ba280ebb1b78fd2da07f32a82c44f1c11c3453e", "93a71008a2294209a986d896b26e8bcff214afc6923323687c9281919c033a91", "afa915e7174b5c3da177ea2bc6573248a00d173dfe8f2ff8e7667557a3bf699f", "86fdff90584064c135a98f05986da5a03bd67abe414f1d8f5fbdbf4249430019", "b66c265b35372a58775ab68db5392014be36b745f4647df6c3da1c0a7aab82fc", "2c585eb6a6b3d165c75312f0676e312fc0b1c9dbfd63ab4a060356669f605c90", "57e5341a8009432af3aa5b4246eabb8774d292db8a245106fc045c4f36e5cddb"], "mitre_attack_tags": ["TA0011", "T1105"]}, {"bi": "windows-vault-api", "hashes": ["a7225665972f421022ded04315aa75f15cda747e12dbd82130b1a8e87c9d062d", "067c2a2f4c8344f55cae9cc1c6ba03324a4cc99ae5facd672d100c71f64233e0", "b7062983e7667a1b86c1bd1123bc3aac29b7a8200b079c9bc4b566dd1c7ee44d", "9d6fcf6155af47fbacddd1f7feb457dc919f1ee29f3d28cc30f3c9c437ee516a", "e7582ee773f6857a3f18e76453beefc46912089372f3b12bdd6e5735a3a3536d", "c9ebabe61d9c25500298ac578ba280ebb1b78fd2da07f32a82c44f1c11c3453e", "93a71008a2294209a986d896b26e8bcff214afc6923323687c9281919c033a91", "afa915e7174b5c3da177ea2bc6573248a00d173dfe8f2ff8e7667557a3bf699f", "07417c9975e6ada913ab62a1338ea1df45800d5eca0c73de33d1f53a72973bc6", "b66c265b35372a58775ab68db5392014be36b745f4647df6c3da1c0a7aab82fc", "3e8d8210b9d681c89f5df122c1598d4117b0c1843b706f7525039b5ba37f96af", "e89082a08c246ba8e4bffb9ddb127a2ee24cef652e4b0a8772ad22d376a82eb7"], "mitre_attack_tags": ["TA0006", "T1003", "T1555"]}, {"bi": "artifact-flagged-anomaly", "hashes": ["a7225665972f421022ded04315aa75f15cda747e12dbd82130b1a8e87c9d062d", "400e675021818214d2779c38b2d77b457ef9956518cd812b53bc7f41ca228bca", "b7062983e7667a1b86c1bd1123bc3aac29b7a8200b079c9bc4b566dd1c7ee44d", "8126aa90f564c1662d9b42b333a7b0fe7489770c8b5069997b8dc5577ded2bc0", "9d6fcf6155af47fbacddd1f7feb457dc919f1ee29f3d28cc30f3c9c437ee516a", "e7582ee773f6857a3f18e76453beefc46912089372f3b12bdd6e5735a3a3536d", "80bfd5671a9013cc4ba919582612f6d16076e0663990572188093e61ae40e2bd", "86fdff90584064c135a98f05986da5a03bd67abe414f1d8f5fbdbf4249430019", "07417c9975e6ada913ab62a1338ea1df45800d5eca0c73de33d1f53a72973bc6", "b66c265b35372a58775ab68db5392014be36b745f4647df6c3da1c0a7aab82fc", "2c585eb6a6b3d165c75312f0676e312fc0b1c9dbfd63ab4a060356669f605c90"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "file-ini-read", "hashes": ["a7225665972f421022ded04315aa75f15cda747e12dbd82130b1a8e87c9d062d", "067c2a2f4c8344f55cae9cc1c6ba03324a4cc99ae5facd672d100c71f64233e0", "b7062983e7667a1b86c1bd1123bc3aac29b7a8200b079c9bc4b566dd1c7ee44d", "9d6fcf6155af47fbacddd1f7feb457dc919f1ee29f3d28cc30f3c9c437ee516a", "e7582ee773f6857a3f18e76453beefc46912089372f3b12bdd6e5735a3a3536d", "c9ebabe61d9c25500298ac578ba280ebb1b78fd2da07f32a82c44f1c11c3453e", "93a71008a2294209a986d896b26e8bcff214afc6923323687c9281919c033a91", "afa915e7174b5c3da177ea2bc6573248a00d173dfe8f2ff8e7667557a3bf699f", "07417c9975e6ada913ab62a1338ea1df45800d5eca0c73de33d1f53a72973bc6", "3e8d8210b9d681c89f5df122c1598d4117b0c1843b706f7525039b5ba37f96af", "e89082a08c246ba8e4bffb9ddb127a2ee24cef652e4b0a8772ad22d376a82eb7"], "mitre_attack_tags": []}, {"bi": "excessive-foreign-memory-modification", "hashes": ["a7225665972f421022ded04315aa75f15cda747e12dbd82130b1a8e87c9d062d", "067c2a2f4c8344f55cae9cc1c6ba03324a4cc99ae5facd672d100c71f64233e0", "9d6fcf6155af47fbacddd1f7feb457dc919f1ee29f3d28cc30f3c9c437ee516a", "e7582ee773f6857a3f18e76453beefc46912089372f3b12bdd6e5735a3a3536d", "c9ebabe61d9c25500298ac578ba280ebb1b78fd2da07f32a82c44f1c11c3453e", "93a71008a2294209a986d896b26e8bcff214afc6923323687c9281919c033a91", "afa915e7174b5c3da177ea2bc6573248a00d173dfe8f2ff8e7667557a3bf699f", "07417c9975e6ada913ab62a1338ea1df45800d5eca0c73de33d1f53a72973bc6", "b66c265b35372a58775ab68db5392014be36b745f4647df6c3da1c0a7aab82fc", "3e8d8210b9d681c89f5df122c1598d4117b0c1843b706f7525039b5ba37f96af", "e89082a08c246ba8e4bffb9ddb127a2ee24cef652e4b0a8772ad22d376a82eb7"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "firefox-password-manager-local-database-access", "hashes": ["a7225665972f421022ded04315aa75f15cda747e12dbd82130b1a8e87c9d062d", "067c2a2f4c8344f55cae9cc1c6ba03324a4cc99ae5facd672d100c71f64233e0", "b7062983e7667a1b86c1bd1123bc3aac29b7a8200b079c9bc4b566dd1c7ee44d", "9d6fcf6155af47fbacddd1f7feb457dc919f1ee29f3d28cc30f3c9c437ee516a", "e7582ee773f6857a3f18e76453beefc46912089372f3b12bdd6e5735a3a3536d", "c9ebabe61d9c25500298ac578ba280ebb1b78fd2da07f32a82c44f1c11c3453e", "93a71008a2294209a986d896b26e8bcff214afc6923323687c9281919c033a91", "afa915e7174b5c3da177ea2bc6573248a00d173dfe8f2ff8e7667557a3bf699f", "07417c9975e6ada913ab62a1338ea1df45800d5eca0c73de33d1f53a72973bc6", "3e8d8210b9d681c89f5df122c1598d4117b0c1843b706f7525039b5ba37f96af", "e89082a08c246ba8e4bffb9ddb127a2ee24cef652e4b0a8772ad22d376a82eb7"], "mitre_attack_tags": ["TA0006", "T1003"]}, {"bi": "enumeration-browser-information", "hashes": ["a7225665972f421022ded04315aa75f15cda747e12dbd82130b1a8e87c9d062d", "067c2a2f4c8344f55cae9cc1c6ba03324a4cc99ae5facd672d100c71f64233e0", "b7062983e7667a1b86c1bd1123bc3aac29b7a8200b079c9bc4b566dd1c7ee44d", "9d6fcf6155af47fbacddd1f7feb457dc919f1ee29f3d28cc30f3c9c437ee516a", "e7582ee773f6857a3f18e76453beefc46912089372f3b12bdd6e5735a3a3536d", "c9ebabe61d9c25500298ac578ba280ebb1b78fd2da07f32a82c44f1c11c3453e", "93a71008a2294209a986d896b26e8bcff214afc6923323687c9281919c033a91", "afa915e7174b5c3da177ea2bc6573248a00d173dfe8f2ff8e7667557a3bf699f", "07417c9975e6ada913ab62a1338ea1df45800d5eca0c73de33d1f53a72973bc6", "3e8d8210b9d681c89f5df122c1598d4117b0c1843b706f7525039b5ba37f96af", "e89082a08c246ba8e4bffb9ddb127a2ee24cef652e4b0a8772ad22d376a82eb7"], "mitre_attack_tags": ["TA0007", "TA0009", "TA0006", "T1083", "T1217", "T1005", "T1119", "T1552", "T1539", "T1555"]}, {"bi": "pe-header-linker-major", "hashes": ["a7225665972f421022ded04315aa75f15cda747e12dbd82130b1a8e87c9d062d", "067c2a2f4c8344f55cae9cc1c6ba03324a4cc99ae5facd672d100c71f64233e0", "9d6fcf6155af47fbacddd1f7feb457dc919f1ee29f3d28cc30f3c9c437ee516a", "e7582ee773f6857a3f18e76453beefc46912089372f3b12bdd6e5735a3a3536d", "c9ebabe61d9c25500298ac578ba280ebb1b78fd2da07f32a82c44f1c11c3453e", "93a71008a2294209a986d896b26e8bcff214afc6923323687c9281919c033a91", "afa915e7174b5c3da177ea2bc6573248a00d173dfe8f2ff8e7667557a3bf699f", "07417c9975e6ada913ab62a1338ea1df45800d5eca0c73de33d1f53a72973bc6", "3e8d8210b9d681c89f5df122c1598d4117b0c1843b706f7525039b5ba37f96af", "e89082a08c246ba8e4bffb9ddb127a2ee24cef652e4b0a8772ad22d376a82eb7", "57e5341a8009432af3aa5b4246eabb8774d292db8a245106fc045c4f36e5cddb"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-uses-dot-net", "hashes": ["a7225665972f421022ded04315aa75f15cda747e12dbd82130b1a8e87c9d062d", "067c2a2f4c8344f55cae9cc1c6ba03324a4cc99ae5facd672d100c71f64233e0", "9d6fcf6155af47fbacddd1f7feb457dc919f1ee29f3d28cc30f3c9c437ee516a", "e7582ee773f6857a3f18e76453beefc46912089372f3b12bdd6e5735a3a3536d", "c9ebabe61d9c25500298ac578ba280ebb1b78fd2da07f32a82c44f1c11c3453e", "93a71008a2294209a986d896b26e8bcff214afc6923323687c9281919c033a91", "afa915e7174b5c3da177ea2bc6573248a00d173dfe8f2ff8e7667557a3bf699f", "07417c9975e6ada913ab62a1338ea1df45800d5eca0c73de33d1f53a72973bc6", "3e8d8210b9d681c89f5df122c1598d4117b0c1843b706f7525039b5ba37f96af", "e89082a08c246ba8e4bffb9ddb127a2ee24cef652e4b0a8772ad22d376a82eb7"], "mitre_attack_tags": []}, {"bi": "process-hollowing-detected", "hashes": ["a7225665972f421022ded04315aa75f15cda747e12dbd82130b1a8e87c9d062d", "067c2a2f4c8344f55cae9cc1c6ba03324a4cc99ae5facd672d100c71f64233e0", "9d6fcf6155af47fbacddd1f7feb457dc919f1ee29f3d28cc30f3c9c437ee516a", "e7582ee773f6857a3f18e76453beefc46912089372f3b12bdd6e5735a3a3536d", "c9ebabe61d9c25500298ac578ba280ebb1b78fd2da07f32a82c44f1c11c3453e", "93a71008a2294209a986d896b26e8bcff214afc6923323687c9281919c033a91", "07417c9975e6ada913ab62a1338ea1df45800d5eca0c73de33d1f53a72973bc6", "b66c265b35372a58775ab68db5392014be36b745f4647df6c3da1c0a7aab82fc", "3e8d8210b9d681c89f5df122c1598d4117b0c1843b706f7525039b5ba37f96af", "e89082a08c246ba8e4bffb9ddb127a2ee24cef652e4b0a8772ad22d376a82eb7"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "document-network-traffic", "hashes": ["a7225665972f421022ded04315aa75f15cda747e12dbd82130b1a8e87c9d062d", "067c2a2f4c8344f55cae9cc1c6ba03324a4cc99ae5facd672d100c71f64233e0", "b7062983e7667a1b86c1bd1123bc3aac29b7a8200b079c9bc4b566dd1c7ee44d", "9d6fcf6155af47fbacddd1f7feb457dc919f1ee29f3d28cc30f3c9c437ee516a", "e7582ee773f6857a3f18e76453beefc46912089372f3b12bdd6e5735a3a3536d", "c9ebabe61d9c25500298ac578ba280ebb1b78fd2da07f32a82c44f1c11c3453e", "93a71008a2294209a986d896b26e8bcff214afc6923323687c9281919c033a91", "afa915e7174b5c3da177ea2bc6573248a00d173dfe8f2ff8e7667557a3bf699f", "b66c265b35372a58775ab68db5392014be36b745f4647df6c3da1c0a7aab82fc"], "mitre_attack_tags": ["TA0011"]}, {"bi": "feed-domain-document-network-traffic", "hashes": ["a7225665972f421022ded04315aa75f15cda747e12dbd82130b1a8e87c9d062d", "067c2a2f4c8344f55cae9cc1c6ba03324a4cc99ae5facd672d100c71f64233e0", "b7062983e7667a1b86c1bd1123bc3aac29b7a8200b079c9bc4b566dd1c7ee44d", "9d6fcf6155af47fbacddd1f7feb457dc919f1ee29f3d28cc30f3c9c437ee516a", "e7582ee773f6857a3f18e76453beefc46912089372f3b12bdd6e5735a3a3536d", "c9ebabe61d9c25500298ac578ba280ebb1b78fd2da07f32a82c44f1c11c3453e", "93a71008a2294209a986d896b26e8bcff214afc6923323687c9281919c033a91", "afa915e7174b5c3da177ea2bc6573248a00d173dfe8f2ff8e7667557a3bf699f", "b66c265b35372a58775ab68db5392014be36b745f4647df6c3da1c0a7aab82fc"], "mitre_attack_tags": []}, {"bi": "network-fast-flux-domain", "hashes": ["a7225665972f421022ded04315aa75f15cda747e12dbd82130b1a8e87c9d062d", "067c2a2f4c8344f55cae9cc1c6ba03324a4cc99ae5facd672d100c71f64233e0", "9d6fcf6155af47fbacddd1f7feb457dc919f1ee29f3d28cc30f3c9c437ee516a", "e7582ee773f6857a3f18e76453beefc46912089372f3b12bdd6e5735a3a3536d", "c9ebabe61d9c25500298ac578ba280ebb1b78fd2da07f32a82c44f1c11c3453e", "93a71008a2294209a986d896b26e8bcff214afc6923323687c9281919c033a91", "afa915e7174b5c3da177ea2bc6573248a00d173dfe8f2ff8e7667557a3bf699f", "b66c265b35372a58775ab68db5392014be36b745f4647df6c3da1c0a7aab82fc"], "mitre_attack_tags": []}, {"bi": "network-only-safe-domains-contacted", "hashes": ["a7225665972f421022ded04315aa75f15cda747e12dbd82130b1a8e87c9d062d", "067c2a2f4c8344f55cae9cc1c6ba03324a4cc99ae5facd672d100c71f64233e0", "9d6fcf6155af47fbacddd1f7feb457dc919f1ee29f3d28cc30f3c9c437ee516a", "e7582ee773f6857a3f18e76453beefc46912089372f3b12bdd6e5735a3a3536d", "c9ebabe61d9c25500298ac578ba280ebb1b78fd2da07f32a82c44f1c11c3453e", "93a71008a2294209a986d896b26e8bcff214afc6923323687c9281919c033a91", "afa915e7174b5c3da177ea2bc6573248a00d173dfe8f2ff8e7667557a3bf699f", "b66c265b35372a58775ab68db5392014be36b745f4647df6c3da1c0a7aab82fc"], "mitre_attack_tags": []}, {"bi": "pe-header-timestamp-future", "hashes": ["a7225665972f421022ded04315aa75f15cda747e12dbd82130b1a8e87c9d062d", "9d6fcf6155af47fbacddd1f7feb457dc919f1ee29f3d28cc30f3c9c437ee516a", "e7582ee773f6857a3f18e76453beefc46912089372f3b12bdd6e5735a3a3536d", "c9ebabe61d9c25500298ac578ba280ebb1b78fd2da07f32a82c44f1c11c3453e", "86fdff90584064c135a98f05986da5a03bd67abe414f1d8f5fbdbf4249430019", "b66c265b35372a58775ab68db5392014be36b745f4647df6c3da1c0a7aab82fc", "e89082a08c246ba8e4bffb9ddb127a2ee24cef652e4b0a8772ad22d376a82eb7", "57e5341a8009432af3aa5b4246eabb8774d292db8a245106fc045c4f36e5cddb"], "mitre_attack_tags": []}, {"bi": "public-ip-address-identification-attempt", "hashes": ["a7225665972f421022ded04315aa75f15cda747e12dbd82130b1a8e87c9d062d", "067c2a2f4c8344f55cae9cc1c6ba03324a4cc99ae5facd672d100c71f64233e0", "9d6fcf6155af47fbacddd1f7feb457dc919f1ee29f3d28cc30f3c9c437ee516a", "e7582ee773f6857a3f18e76453beefc46912089372f3b12bdd6e5735a3a3536d", "c9ebabe61d9c25500298ac578ba280ebb1b78fd2da07f32a82c44f1c11c3453e", "93a71008a2294209a986d896b26e8bcff214afc6923323687c9281919c033a91", "afa915e7174b5c3da177ea2bc6573248a00d173dfe8f2ff8e7667557a3bf699f"], "mitre_attack_tags": ["TA0007", "T1082", "T1016"]}, {"bi": "dot-net-process-hollowing-detected", "hashes": ["a7225665972f421022ded04315aa75f15cda747e12dbd82130b1a8e87c9d062d", "067c2a2f4c8344f55cae9cc1c6ba03324a4cc99ae5facd672d100c71f64233e0", "c9ebabe61d9c25500298ac578ba280ebb1b78fd2da07f32a82c44f1c11c3453e", "07417c9975e6ada913ab62a1338ea1df45800d5eca0c73de33d1f53a72973bc6", "b66c265b35372a58775ab68db5392014be36b745f4647df6c3da1c0a7aab82fc", "3e8d8210b9d681c89f5df122c1598d4117b0c1843b706f7525039b5ba37f96af", "e89082a08c246ba8e4bffb9ddb127a2ee24cef652e4b0a8772ad22d376a82eb7"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "document-public-iplookup", "hashes": ["a7225665972f421022ded04315aa75f15cda747e12dbd82130b1a8e87c9d062d", "067c2a2f4c8344f55cae9cc1c6ba03324a4cc99ae5facd672d100c71f64233e0", "9d6fcf6155af47fbacddd1f7feb457dc919f1ee29f3d28cc30f3c9c437ee516a", "e7582ee773f6857a3f18e76453beefc46912089372f3b12bdd6e5735a3a3536d", "c9ebabe61d9c25500298ac578ba280ebb1b78fd2da07f32a82c44f1c11c3453e", "93a71008a2294209a986d896b26e8bcff214afc6923323687c9281919c033a91", "afa915e7174b5c3da177ea2bc6573248a00d173dfe8f2ff8e7667557a3bf699f"], "mitre_attack_tags": []}, {"bi": "malware-generic-infostealer", "hashes": ["a7225665972f421022ded04315aa75f15cda747e12dbd82130b1a8e87c9d062d", "067c2a2f4c8344f55cae9cc1c6ba03324a4cc99ae5facd672d100c71f64233e0", "9d6fcf6155af47fbacddd1f7feb457dc919f1ee29f3d28cc30f3c9c437ee516a", "e7582ee773f6857a3f18e76453beefc46912089372f3b12bdd6e5735a3a3536d", "c9ebabe61d9c25500298ac578ba280ebb1b78fd2da07f32a82c44f1c11c3453e", "93a71008a2294209a986d896b26e8bcff214afc6923323687c9281919c033a91", "afa915e7174b5c3da177ea2bc6573248a00d173dfe8f2ff8e7667557a3bf699f"], "mitre_attack_tags": ["TA0007", "TA0009", "TA0006", "T1083", "T1005", "T1119", "T1552"]}, {"bi": "document-single-page", "hashes": ["2c585eb6a6b3d165c75312f0676e312fc0b1c9dbfd63ab4a060356669f605c90", "c2745c75eefa6867cce4cc61d89d306810370e0958a550d039c5935e7012de71", "3e8d8210b9d681c89f5df122c1598d4117b0c1843b706f7525039b5ba37f96af", "0fa75b407da549a4c7e144216a5970b1c3803c74e57ebf433257c0d4381f34db", "0096e380996a5c8896055aa0543c3f51bbebd5c1ea8178da1d67691a975cdbf7", "e89082a08c246ba8e4bffb9ddb127a2ee24cef652e4b0a8772ad22d376a82eb7", "57e5341a8009432af3aa5b4246eabb8774d292db8a245106fc045c4f36e5cddb"], "mitre_attack_tags": []}, {"bi": "document-app-whitelist-bypass", "hashes": ["a7225665972f421022ded04315aa75f15cda747e12dbd82130b1a8e87c9d062d", "067c2a2f4c8344f55cae9cc1c6ba03324a4cc99ae5facd672d100c71f64233e0", "e7582ee773f6857a3f18e76453beefc46912089372f3b12bdd6e5735a3a3536d", "c9ebabe61d9c25500298ac578ba280ebb1b78fd2da07f32a82c44f1c11c3453e", "afa915e7174b5c3da177ea2bc6573248a00d173dfe8f2ff8e7667557a3bf699f", "b66c265b35372a58775ab68db5392014be36b745f4647df6c3da1c0a7aab82fc"], "mitre_attack_tags": ["TA0005"]}, {"bi": "http-response-client-error", "hashes": ["b7062983e7667a1b86c1bd1123bc3aac29b7a8200b079c9bc4b566dd1c7ee44d", "cc77dde534b4aa329ecf543351157ca8c9ee43730de6dbef2673d1f63f225f87", "07417c9975e6ada913ab62a1338ea1df45800d5eca0c73de33d1f53a72973bc6", "b66c265b35372a58775ab68db5392014be36b745f4647df6c3da1c0a7aab82fc", "3e8d8210b9d681c89f5df122c1598d4117b0c1843b706f7525039b5ba37f96af", "e89082a08c246ba8e4bffb9ddb127a2ee24cef652e4b0a8772ad22d376a82eb7"], "mitre_attack_tags": []}, {"bi": "network-file-uploaded", "hashes": ["b7062983e7667a1b86c1bd1123bc3aac29b7a8200b079c9bc4b566dd1c7ee44d", "07417c9975e6ada913ab62a1338ea1df45800d5eca0c73de33d1f53a72973bc6", "b66c265b35372a58775ab68db5392014be36b745f4647df6c3da1c0a7aab82fc", "3e8d8210b9d681c89f5df122c1598d4117b0c1843b706f7525039b5ba37f96af", "e89082a08c246ba8e4bffb9ddb127a2ee24cef652e4b0a8772ad22d376a82eb7"], "mitre_attack_tags": ["TA0010", "T1011"]}, {"bi": "network-communications-http-post", "hashes": ["b7062983e7667a1b86c1bd1123bc3aac29b7a8200b079c9bc4b566dd1c7ee44d", "07417c9975e6ada913ab62a1338ea1df45800d5eca0c73de33d1f53a72973bc6", "b66c265b35372a58775ab68db5392014be36b745f4647df6c3da1c0a7aab82fc", "3e8d8210b9d681c89f5df122c1598d4117b0c1843b706f7525039b5ba37f96af", "e89082a08c246ba8e4bffb9ddb127a2ee24cef652e4b0a8772ad22d376a82eb7"], "mitre_attack_tags": ["TA0010", "T1048"]}, {"bi": "malware-lokibot-mutex-detected", "hashes": ["b7062983e7667a1b86c1bd1123bc3aac29b7a8200b079c9bc4b566dd1c7ee44d", "07417c9975e6ada913ab62a1338ea1df45800d5eca0c73de33d1f53a72973bc6", "3e8d8210b9d681c89f5df122c1598d4117b0c1843b706f7525039b5ba37f96af", "e89082a08c246ba8e4bffb9ddb127a2ee24cef652e4b0a8772ad22d376a82eb7"], "mitre_attack_tags": []}, {"bi": "network-snort-malware", "hashes": ["b7062983e7667a1b86c1bd1123bc3aac29b7a8200b079c9bc4b566dd1c7ee44d", "07417c9975e6ada913ab62a1338ea1df45800d5eca0c73de33d1f53a72973bc6", "3e8d8210b9d681c89f5df122c1598d4117b0c1843b706f7525039b5ba37f96af", "e89082a08c246ba8e4bffb9ddb127a2ee24cef652e4b0a8772ad22d376a82eb7"], "mitre_attack_tags": []}, {"bi": "suspicious-user-agent", "hashes": ["b7062983e7667a1b86c1bd1123bc3aac29b7a8200b079c9bc4b566dd1c7ee44d", "07417c9975e6ada913ab62a1338ea1df45800d5eca0c73de33d1f53a72973bc6", "3e8d8210b9d681c89f5df122c1598d4117b0c1843b706f7525039b5ba37f96af", "e89082a08c246ba8e4bffb9ddb127a2ee24cef652e4b0a8772ad22d376a82eb7"], "mitre_attack_tags": ["TA0011", "T1071"]}, {"bi": "malware-lokibot-user-agent-detected", "hashes": ["b7062983e7667a1b86c1bd1123bc3aac29b7a8200b079c9bc4b566dd1c7ee44d", "07417c9975e6ada913ab62a1338ea1df45800d5eca0c73de33d1f53a72973bc6", "3e8d8210b9d681c89f5df122c1598d4117b0c1843b706f7525039b5ba37f96af", "e89082a08c246ba8e4bffb9ddb127a2ee24cef652e4b0a8772ad22d376a82eb7"], "mitre_attack_tags": []}, {"bi": "artifact-nullsoft-installer", "hashes": ["b7062983e7667a1b86c1bd1123bc3aac29b7a8200b079c9bc4b566dd1c7ee44d", "86fdff90584064c135a98f05986da5a03bd67abe414f1d8f5fbdbf4249430019", "2c585eb6a6b3d165c75312f0676e312fc0b1c9dbfd63ab4a060356669f605c90"], "mitre_attack_tags": ["TA0002", "TA0008"]}, {"bi": "document-contains-hidden-sheet", "hashes": ["b66c265b35372a58775ab68db5392014be36b745f4647df6c3da1c0a7aab82fc", "e89082a08c246ba8e4bffb9ddb127a2ee24cef652e4b0a8772ad22d376a82eb7", "57e5341a8009432af3aa5b4246eabb8774d292db8a245106fc045c4f36e5cddb"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "microsoft-block-rule-list-app-executed", "hashes": ["067c2a2f4c8344f55cae9cc1c6ba03324a4cc99ae5facd672d100c71f64233e0", "c9ebabe61d9c25500298ac578ba280ebb1b78fd2da07f32a82c44f1c11c3453e"], "mitre_attack_tags": ["TA0005", "T1562"]}, {"bi": "network-snort-file-generic", "hashes": ["b7062983e7667a1b86c1bd1123bc3aac29b7a8200b079c9bc4b566dd1c7ee44d", "3e8d8210b9d681c89f5df122c1598d4117b0c1843b706f7525039b5ba37f96af"], "mitre_attack_tags": []}, {"bi": "feed-domain-antivirus-service", "hashes": ["b7062983e7667a1b86c1bd1123bc3aac29b7a8200b079c9bc4b566dd1c7ee44d", "b66c265b35372a58775ab68db5392014be36b745f4647df6c3da1c0a7aab82fc"], "mitre_attack_tags": []}, {"bi": "html-page-not-found", "hashes": ["cc77dde534b4aa329ecf543351157ca8c9ee43730de6dbef2673d1f63f225f87", "b66c265b35372a58775ab68db5392014be36b745f4647df6c3da1c0a7aab82fc"], "mitre_attack_tags": []}, {"bi": "pe-certificate", "hashes": ["86fdff90584064c135a98f05986da5a03bd67abe414f1d8f5fbdbf4249430019", "2c585eb6a6b3d165c75312f0676e312fc0b1c9dbfd63ab4a060356669f605c90"], "mitre_attack_tags": []}, {"bi": "pe-imports-empty", "hashes": ["b66c265b35372a58775ab68db5392014be36b745f4647df6c3da1c0a7aab82fc", "57e5341a8009432af3aa5b4246eabb8774d292db8a245106fc045c4f36e5cddb"], "mitre_attack_tags": []}, {"bi": "antivirus-flagged-artifact", "hashes": ["b7062983e7667a1b86c1bd1123bc3aac29b7a8200b079c9bc4b566dd1c7ee44d"], "mitre_attack_tags": []}, {"bi": "network-opendns-malicious", "hashes": ["b7062983e7667a1b86c1bd1123bc3aac29b7a8200b079c9bc4b566dd1c7ee44d"], "mitre_attack_tags": []}, {"bi": "network-dns-doc-network-traffic", "hashes": ["b7062983e7667a1b86c1bd1123bc3aac29b7a8200b079c9bc4b566dd1c7ee44d"], "mitre_attack_tags": []}, {"bi": "network-dns-malicious-snort", "hashes": ["b7062983e7667a1b86c1bd1123bc3aac29b7a8200b079c9bc4b566dd1c7ee44d"], "mitre_attack_tags": ["TA0011", "T1102"]}, {"bi": "feed-domain-rat", "hashes": ["b7062983e7667a1b86c1bd1123bc3aac29b7a8200b079c9bc4b566dd1c7ee44d"], "mitre_attack_tags": []}, {"bi": "network-dns-category-phishing", "hashes": ["b7062983e7667a1b86c1bd1123bc3aac29b7a8200b079c9bc4b566dd1c7ee44d"], "mitre_attack_tags": []}, {"bi": "network-snort-indicator-compromise", "hashes": ["b7062983e7667a1b86c1bd1123bc3aac29b7a8200b079c9bc4b566dd1c7ee44d"], "mitre_attack_tags": []}, {"bi": "malware-known-trojan-av", "hashes": ["b7062983e7667a1b86c1bd1123bc3aac29b7a8200b079c9bc4b566dd1c7ee44d"], "mitre_attack_tags": []}, {"bi": "network-dns-upload-file", "hashes": ["b7062983e7667a1b86c1bd1123bc3aac29b7a8200b079c9bc4b566dd1c7ee44d"], "mitre_attack_tags": []}, {"bi": "imports-IsDebuggerPresent", "hashes": ["b7062983e7667a1b86c1bd1123bc3aac29b7a8200b079c9bc4b566dd1c7ee44d"], "mitre_attack_tags": ["TA0005", "TA0007"]}, {"bi": "network-dns-category-cnc", "hashes": ["b7062983e7667a1b86c1bd1123bc3aac29b7a8200b079c9bc4b566dd1c7ee44d"], "mitre_attack_tags": ["TA0011"]}, {"bi": "pe-uses-heavens-gate", "hashes": ["b7062983e7667a1b86c1bd1123bc3aac29b7a8200b079c9bc4b566dd1c7ee44d"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "artifact-flagged-obfuscation", "hashes": ["b66c265b35372a58775ab68db5392014be36b745f4647df6c3da1c0a7aab82fc"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "nginx-webserver-detected", "hashes": ["b66c265b35372a58775ab68db5392014be36b745f4647df6c3da1c0a7aab82fc"], "mitre_attack_tags": []}, {"bi": "windows-utility-downloaded-artifact", "hashes": ["b66c265b35372a58775ab68db5392014be36b745f4647df6c3da1c0a7aab82fc"], "mitre_attack_tags": ["TA0011", "T1105"]}, {"bi": "dns-query-nxdomain", "hashes": ["b66c265b35372a58775ab68db5392014be36b745f4647df6c3da1c0a7aab82fc"], "mitre_attack_tags": []}, {"bi": "http-response-redirect", "hashes": ["b66c265b35372a58775ab68db5392014be36b745f4647df6c3da1c0a7aab82fc"], "mitre_attack_tags": []}, {"bi": "url-not-found", "hashes": ["b66c265b35372a58775ab68db5392014be36b745f4647df6c3da1c0a7aab82fc"], "mitre_attack_tags": []}, {"bi": "pe-tls-callback", "hashes": ["b66c265b35372a58775ab68db5392014be36b745f4647df6c3da1c0a7aab82fc"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "windows-util-ipconfig", "hashes": ["b66c265b35372a58775ab68db5392014be36b745f4647df6c3da1c0a7aab82fc"], "mitre_attack_tags": ["TA0007", "T1016"]}, {"bi": "network-explorer-process", "hashes": ["b66c265b35372a58775ab68db5392014be36b745f4647df6c3da1c0a7aab82fc"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "process-requested-file-external-drive", "hashes": ["b66c265b35372a58775ab68db5392014be36b745f4647df6c3da1c0a7aab82fc"], "mitre_attack_tags": ["TA0009", "T1025"]}, {"bi": "vba-document-open", "hashes": ["cd0a74e966577953be0ea3d89be7467057d1356f5a8fc0f95a472fe938ca7ff5"], "mitre_attack_tags": ["TA0002", "T1059"]}, {"bi": "wmi-process-create", "hashes": ["cd0a74e966577953be0ea3d89be7467057d1356f5a8fc0f95a472fe938ca7ff5"], "mitre_attack_tags": ["TA0005", "TA0002", "T1047"]}, {"bi": "document-wmi-process-create", "hashes": ["cd0a74e966577953be0ea3d89be7467057d1356f5a8fc0f95a472fe938ca7ff5"], "mitre_attack_tags": ["TA0005"]}, {"bi": "vba-document-com-object", "hashes": ["cd0a74e966577953be0ea3d89be7467057d1356f5a8fc0f95a472fe938ca7ff5"], "mitre_attack_tags": ["TA0003", "TA0004", "T1546"]}, {"bi": "vba-document-calls-shell", "hashes": ["cd0a74e966577953be0ea3d89be7467057d1356f5a8fc0f95a472fe938ca7ff5"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "vba-document-uses-hidden-setting", "hashes": ["cd0a74e966577953be0ea3d89be7467057d1356f5a8fc0f95a472fe938ca7ff5"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "vba-document-create-process-wmi", "hashes": ["cd0a74e966577953be0ea3d89be7467057d1356f5a8fc0f95a472fe938ca7ff5"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "windows-crash-tool-execution-detected", "hashes": ["57e5341a8009432af3aa5b4246eabb8774d292db8a245106fc045c4f36e5cddb"], "mitre_attack_tags": []}, {"bi": "crash-dump-file-created", "hashes": ["57e5341a8009432af3aa5b4246eabb8774d292db8a245106fc045c4f36e5cddb"], "mitre_attack_tags": []}, {"bi": "document-fault-report-file-created", "hashes": ["57e5341a8009432af3aa5b4246eabb8774d292db8a245106fc045c4f36e5cddb"], "mitre_attack_tags": []}, {"bi": "document-crash-dump-file-created", "hashes": ["57e5341a8009432af3aa5b4246eabb8774d292db8a245106fc045c4f36e5cddb"], "mitre_attack_tags": []}, {"bi": "document-crash-detected", "hashes": ["57e5341a8009432af3aa5b4246eabb8774d292db8a245106fc045c4f36e5cddb"], "mitre_attack_tags": []}], "category": "Exploit", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": true, "Threat Grid": true, "Umbrella": true, "WSA": true}, "description": "Lokibot is an information-stealing malware designed to siphon off sensitive information stored on an infected device. It is modular in nature, supporting the ability to steal sensitive information from a number of popular applications. It is commonly pushed via malicious documents delivered via spam emails.", "hashes": ["0096e380996a5c8896055aa0543c3f51bbebd5c1ea8178da1d67691a975cdbf7", "067c2a2f4c8344f55cae9cc1c6ba03324a4cc99ae5facd672d100c71f64233e0", "07417c9975e6ada913ab62a1338ea1df45800d5eca0c73de33d1f53a72973bc6", "0fa75b407da549a4c7e144216a5970b1c3803c74e57ebf433257c0d4381f34db", "10cd2aa23f0117fb286aba9f6a6ecbf7c467071881763d18c570574eed5b3dc8", "2c585eb6a6b3d165c75312f0676e312fc0b1c9dbfd63ab4a060356669f605c90", "3e8d8210b9d681c89f5df122c1598d4117b0c1843b706f7525039b5ba37f96af", "400e675021818214d2779c38b2d77b457ef9956518cd812b53bc7f41ca228bca", "57e5341a8009432af3aa5b4246eabb8774d292db8a245106fc045c4f36e5cddb", "7b34fede01164a6602eccc2e71a58535a8e484562fe634c82fcf87256f951bcd", "80bfd5671a9013cc4ba919582612f6d16076e0663990572188093e61ae40e2bd", "8126aa90f564c1662d9b42b333a7b0fe7489770c8b5069997b8dc5577ded2bc0", "86fdff90584064c135a98f05986da5a03bd67abe414f1d8f5fbdbf4249430019", "93a71008a2294209a986d896b26e8bcff214afc6923323687c9281919c033a91", "9d6fcf6155af47fbacddd1f7feb457dc919f1ee29f3d28cc30f3c9c437ee516a", "a7225665972f421022ded04315aa75f15cda747e12dbd82130b1a8e87c9d062d", "afa915e7174b5c3da177ea2bc6573248a00d173dfe8f2ff8e7667557a3bf699f", "b66c265b35372a58775ab68db5392014be36b745f4647df6c3da1c0a7aab82fc", "b7062983e7667a1b86c1bd1123bc3aac29b7a8200b079c9bc4b566dd1c7ee44d", "c2745c75eefa6867cce4cc61d89d306810370e0958a550d039c5935e7012de71", "c9ebabe61d9c25500298ac578ba280ebb1b78fd2da07f32a82c44f1c11c3453e", "cc77dde534b4aa329ecf543351157ca8c9ee43730de6dbef2673d1f63f225f87", "cd0a74e966577953be0ea3d89be7467057d1356f5a8fc0f95a472fe938ca7ff5", "e7582ee773f6857a3f18e76453beefc46912089372f3b12bdd6e5735a3a3536d", "e89082a08c246ba8e4bffb9ddb127a2ee24cef652e4b0a8772ad22d376a82eb7", "e9cc07ddb10a26b208e51efee6c59ad06a1adb66c955cd0f532cbc82c74a4017", "f40b18fabbc45279e4a7f98721218cbc563c51656add63e43c7a634921d87513", "f78831910ab0538997847b99a58cc10e0dd87d3223f6c31b15478634d77203d6", "fc73ecd3478a064482d3627a82e6296b87e8475d2cdba000ded33ce1025110b6"], "iocs": {"domain": [{"hashes": ["067c2a2f4c8344f55cae9cc1c6ba03324a4cc99ae5facd672d100c71f64233e0", "93a71008a2294209a986d896b26e8bcff214afc6923323687c9281919c033a91", "9d6fcf6155af47fbacddd1f7feb457dc919f1ee29f3d28cc30f3c9c437ee516a", "a7225665972f421022ded04315aa75f15cda747e12dbd82130b1a8e87c9d062d", "afa915e7174b5c3da177ea2bc6573248a00d173dfe8f2ff8e7667557a3bf699f", "c9ebabe61d9c25500298ac578ba280ebb1b78fd2da07f32a82c44f1c11c3453e", "e7582ee773f6857a3f18e76453beefc46912089372f3b12bdd6e5735a3a3536d"], "host": "api[.]ipify[.]org"}, {"hashes": ["b7062983e7667a1b86c1bd1123bc3aac29b7a8200b079c9bc4b566dd1c7ee44d"], "host": "sempersim[.]su"}, {"hashes": ["b66c265b35372a58775ab68db5392014be36b745f4647df6c3da1c0a7aab82fc"], "host": "www[.]sqlite[.]org"}, {"hashes": ["b66c265b35372a58775ab68db5392014be36b745f4647df6c3da1c0a7aab82fc"], "host": "www[.]asiadesign[.]xyz"}, {"hashes": ["b66c265b35372a58775ab68db5392014be36b745f4647df6c3da1c0a7aab82fc"], "host": "www[.]easy005[.]xyz"}, {"hashes": ["b66c265b35372a58775ab68db5392014be36b745f4647df6c3da1c0a7aab82fc"], "host": "www[.]terratechpower[.]com"}, {"hashes": ["b66c265b35372a58775ab68db5392014be36b745f4647df6c3da1c0a7aab82fc"], "host": "www[.]porpubby[.]info"}, {"hashes": ["b66c265b35372a58775ab68db5392014be36b745f4647df6c3da1c0a7aab82fc"], "host": "www[.]glaaforum[.]com"}, {"hashes": ["b66c265b35372a58775ab68db5392014be36b745f4647df6c3da1c0a7aab82fc"], "host": "www[.]barefootcalzado[.]com"}, {"hashes": ["b66c265b35372a58775ab68db5392014be36b745f4647df6c3da1c0a7aab82fc"], "host": "www[.]bullcute[.]com"}, {"hashes": ["b66c265b35372a58775ab68db5392014be36b745f4647df6c3da1c0a7aab82fc"], "host": "www[.]hameaudeguzon[.]com"}, {"hashes": ["b66c265b35372a58775ab68db5392014be36b745f4647df6c3da1c0a7aab82fc"], "host": "www[.]allosteriacarpi[.]com"}, {"hashes": ["b66c265b35372a58775ab68db5392014be36b745f4647df6c3da1c0a7aab82fc"], "host": "www[.]brasil24horas[.]online"}, {"hashes": ["b66c265b35372a58775ab68db5392014be36b745f4647df6c3da1c0a7aab82fc"], "host": "www[.]hf9blwwuwpx7j8k[.]live"}], "file": [{"hashes": ["067c2a2f4c8344f55cae9cc1c6ba03324a4cc99ae5facd672d100c71f64233e0", "07417c9975e6ada913ab62a1338ea1df45800d5eca0c73de33d1f53a72973bc6", "2c585eb6a6b3d165c75312f0676e312fc0b1c9dbfd63ab4a060356669f605c90", "3e8d8210b9d681c89f5df122c1598d4117b0c1843b706f7525039b5ba37f96af", "57e5341a8009432af3aa5b4246eabb8774d292db8a245106fc045c4f36e5cddb", "86fdff90584064c135a98f05986da5a03bd67abe414f1d8f5fbdbf4249430019", "93a71008a2294209a986d896b26e8bcff214afc6923323687c9281919c033a91", "9d6fcf6155af47fbacddd1f7feb457dc919f1ee29f3d28cc30f3c9c437ee516a", "a7225665972f421022ded04315aa75f15cda747e12dbd82130b1a8e87c9d062d", "afa915e7174b5c3da177ea2bc6573248a00d173dfe8f2ff8e7667557a3bf699f", "b66c265b35372a58775ab68db5392014be36b745f4647df6c3da1c0a7aab82fc", "b7062983e7667a1b86c1bd1123bc3aac29b7a8200b079c9bc4b566dd1c7ee44d", "c9ebabe61d9c25500298ac578ba280ebb1b78fd2da07f32a82c44f1c11c3453e", "e7582ee773f6857a3f18e76453beefc46912089372f3b12bdd6e5735a3a3536d", "e89082a08c246ba8e4bffb9ddb127a2ee24cef652e4b0a8772ad22d376a82eb7"], "path": "%PUBLIC%\\vbc.exe"}, {"hashes": ["067c2a2f4c8344f55cae9cc1c6ba03324a4cc99ae5facd672d100c71f64233e0", "93a71008a2294209a986d896b26e8bcff214afc6923323687c9281919c033a91", "9d6fcf6155af47fbacddd1f7feb457dc919f1ee29f3d28cc30f3c9c437ee516a", "a7225665972f421022ded04315aa75f15cda747e12dbd82130b1a8e87c9d062d", "afa915e7174b5c3da177ea2bc6573248a00d173dfe8f2ff8e7667557a3bf699f", "c9ebabe61d9c25500298ac578ba280ebb1b78fd2da07f32a82c44f1c11c3453e", "e7582ee773f6857a3f18e76453beefc46912089372f3b12bdd6e5735a3a3536d"], "path": "%TEMP%\\tmp<random, matching [A-F0-9]{1,4}>.tmp"}, {"hashes": ["07417c9975e6ada913ab62a1338ea1df45800d5eca0c73de33d1f53a72973bc6", "3e8d8210b9d681c89f5df122c1598d4117b0c1843b706f7525039b5ba37f96af", "b7062983e7667a1b86c1bd1123bc3aac29b7a8200b079c9bc4b566dd1c7ee44d", "e89082a08c246ba8e4bffb9ddb127a2ee24cef652e4b0a8772ad22d376a82eb7"], "path": "%APPDATA%\\D282E1"}, {"hashes": ["07417c9975e6ada913ab62a1338ea1df45800d5eca0c73de33d1f53a72973bc6", "3e8d8210b9d681c89f5df122c1598d4117b0c1843b706f7525039b5ba37f96af", "b7062983e7667a1b86c1bd1123bc3aac29b7a8200b079c9bc4b566dd1c7ee44d", "e89082a08c246ba8e4bffb9ddb127a2ee24cef652e4b0a8772ad22d376a82eb7"], "path": "%APPDATA%\\D282E1\\1E80C5.lck"}, {"hashes": ["07417c9975e6ada913ab62a1338ea1df45800d5eca0c73de33d1f53a72973bc6", "3e8d8210b9d681c89f5df122c1598d4117b0c1843b706f7525039b5ba37f96af", "b7062983e7667a1b86c1bd1123bc3aac29b7a8200b079c9bc4b566dd1c7ee44d", "e89082a08c246ba8e4bffb9ddb127a2ee24cef652e4b0a8772ad22d376a82eb7"], "path": "%APPDATA%\\Microsoft\\Crypto\\RSA\\S-1-5-21-2580483871-590521980-3826313501-500\\a18ca4003deb042bbee7a40f15e1970b_d19ab989-a35f-4710-83df-7b2db7efe7c5"}, {"hashes": ["2c585eb6a6b3d165c75312f0676e312fc0b1c9dbfd63ab4a060356669f605c90", "86fdff90584064c135a98f05986da5a03bd67abe414f1d8f5fbdbf4249430019", "b7062983e7667a1b86c1bd1123bc3aac29b7a8200b079c9bc4b566dd1c7ee44d"], "path": "%TEMP%\\ns<random, matching '[a-z][A-F0-9]{1,4}'>.tmp"}, {"hashes": ["b7062983e7667a1b86c1bd1123bc3aac29b7a8200b079c9bc4b566dd1c7ee44d"], "path": "\\Users"}, {"hashes": ["b66c265b35372a58775ab68db5392014be36b745f4647df6c3da1c0a7aab82fc"], "path": "%TEMP%\\sqlite3.dll"}, {"hashes": ["b7062983e7667a1b86c1bd1123bc3aac29b7a8200b079c9bc4b566dd1c7ee44d"], "path": "%TEMP%\\CVRDF9.tmp"}, {"hashes": ["86fdff90584064c135a98f05986da5a03bd67abe414f1d8f5fbdbf4249430019"], "path": "%SystemRoot%\\resources\\0409"}, {"hashes": ["b66c265b35372a58775ab68db5392014be36b745f4647df6c3da1c0a7aab82fc"], "path": "%TEMP%\\sqlite3.def"}, {"hashes": ["2c585eb6a6b3d165c75312f0676e312fc0b1c9dbfd63ab4a060356669f605c90"], "path": "%TEMP%\\nsxF2D0.tmp\\System.dll"}, {"hashes": ["2c585eb6a6b3d165c75312f0676e312fc0b1c9dbfd63ab4a060356669f605c90"], "path": "%APPDATA%\\Spisebordets170"}, {"hashes": ["2c585eb6a6b3d165c75312f0676e312fc0b1c9dbfd63ab4a060356669f605c90"], "path": "%APPDATA%\\Spisebordets170\\Tiltvingende"}, {"hashes": ["2c585eb6a6b3d165c75312f0676e312fc0b1c9dbfd63ab4a060356669f605c90"], "path": "%APPDATA%\\Spisebordets170\\Tiltvingende\\ArtDeco_brown_5.bmp"}, {"hashes": ["2c585eb6a6b3d165c75312f0676e312fc0b1c9dbfd63ab4a060356669f605c90"], "path": "%APPDATA%\\Spisebordets170\\Tiltvingende\\Hemmeligheden.Aqu"}, {"hashes": ["2c585eb6a6b3d165c75312f0676e312fc0b1c9dbfd63ab4a060356669f605c90"], "path": "%APPDATA%\\Spisebordets170\\Tiltvingende\\Unsaluting.Str"}, {"hashes": ["86fdff90584064c135a98f05986da5a03bd67abe414f1d8f5fbdbf4249430019"], "path": "%TEMP%\\nstD558.tmp\\System.dll"}, {"hashes": ["86fdff90584064c135a98f05986da5a03bd67abe414f1d8f5fbdbf4249430019"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Hematachometry"}, {"hashes": ["86fdff90584064c135a98f05986da5a03bd67abe414f1d8f5fbdbf4249430019"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Hematachometry\\Optimumets127"}, {"hashes": ["86fdff90584064c135a98f05986da5a03bd67abe414f1d8f5fbdbf4249430019"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Hematachometry\\Optimumets127\\Thermomultiplier"}, {"hashes": ["86fdff90584064c135a98f05986da5a03bd67abe414f1d8f5fbdbf4249430019"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Hematachometry\\Optimumets127\\Thermomultiplier\\Fejekoste"}, {"hashes": ["86fdff90584064c135a98f05986da5a03bd67abe414f1d8f5fbdbf4249430019"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Hematachometry\\Optimumets127\\Thermomultiplier\\Fejekoste\\Amidoacetic.Int"}, {"hashes": ["86fdff90584064c135a98f05986da5a03bd67abe414f1d8f5fbdbf4249430019"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Hematachometry\\Optimumets127\\Thermomultiplier\\Fejekoste\\System.Text.Encodings.Web.dll"}, {"hashes": ["86fdff90584064c135a98f05986da5a03bd67abe414f1d8f5fbdbf4249430019"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Hematachometry\\Optimumets127\\Thermomultiplier\\Fejekoste\\media-playlist-repeat.png"}, {"hashes": ["b66c265b35372a58775ab68db5392014be36b745f4647df6c3da1c0a7aab82fc"], "path": "%TEMP%\\mv1lgp.zip"}, {"hashes": ["b7062983e7667a1b86c1bd1123bc3aac29b7a8200b079c9bc4b566dd1c7ee44d"], "path": "%TEMP%\\kgrgorzytt.exe"}, {"hashes": ["b7062983e7667a1b86c1bd1123bc3aac29b7a8200b079c9bc4b566dd1c7ee44d"], "path": "%TEMP%\\kzsdrs.m"}, {"hashes": ["b7062983e7667a1b86c1bd1123bc3aac29b7a8200b079c9bc4b566dd1c7ee44d"], "path": "%TEMP%\\ufazibt.pwf"}], "ip": [{"hashes": ["067c2a2f4c8344f55cae9cc1c6ba03324a4cc99ae5facd672d100c71f64233e0", "93a71008a2294209a986d896b26e8bcff214afc6923323687c9281919c033a91", "9d6fcf6155af47fbacddd1f7feb457dc919f1ee29f3d28cc30f3c9c437ee516a", "a7225665972f421022ded04315aa75f15cda747e12dbd82130b1a8e87c9d062d", "c9ebabe61d9c25500298ac578ba280ebb1b78fd2da07f32a82c44f1c11c3453e"], "ip": "192[.]3[.]136[.]186"}, {"hashes": ["067c2a2f4c8344f55cae9cc1c6ba03324a4cc99ae5facd672d100c71f64233e0", "9d6fcf6155af47fbacddd1f7feb457dc919f1ee29f3d28cc30f3c9c437ee516a", "e7582ee773f6857a3f18e76453beefc46912089372f3b12bdd6e5735a3a3536d"], "ip": "3[.]232[.]242[.]170"}, {"hashes": ["a7225665972f421022ded04315aa75f15cda747e12dbd82130b1a8e87c9d062d", "c9ebabe61d9c25500298ac578ba280ebb1b78fd2da07f32a82c44f1c11c3453e"], "ip": "52[.]20[.]78[.]240"}, {"hashes": ["93a71008a2294209a986d896b26e8bcff214afc6923323687c9281919c033a91", "afa915e7174b5c3da177ea2bc6573248a00d173dfe8f2ff8e7667557a3bf699f"], "ip": "3[.]220[.]57[.]224"}, {"hashes": ["3e8d8210b9d681c89f5df122c1598d4117b0c1843b706f7525039b5ba37f96af", "e89082a08c246ba8e4bffb9ddb127a2ee24cef652e4b0a8772ad22d376a82eb7"], "ip": "208[.]67[.]105[.]148"}, {"hashes": ["3e8d8210b9d681c89f5df122c1598d4117b0c1843b706f7525039b5ba37f96af", "e89082a08c246ba8e4bffb9ddb127a2ee24cef652e4b0a8772ad22d376a82eb7"], "ip": "103[.]232[.]54[.]143"}, {"hashes": ["afa915e7174b5c3da177ea2bc6573248a00d173dfe8f2ff8e7667557a3bf699f", "e7582ee773f6857a3f18e76453beefc46912089372f3b12bdd6e5735a3a3536d"], "ip": "104[.]168[.]45[.]102"}, {"hashes": ["10cd2aa23f0117fb286aba9f6a6ecbf7c467071881763d18c570574eed5b3dc8", "b7062983e7667a1b86c1bd1123bc3aac29b7a8200b079c9bc4b566dd1c7ee44d"], "ip": "185[.]216[.]71[.]172"}, {"hashes": ["0fa75b407da549a4c7e144216a5970b1c3803c74e57ebf433257c0d4381f34db", "c2745c75eefa6867cce4cc61d89d306810370e0958a550d039c5935e7012de71"], "ip": "103[.]167[.]85[.]164"}, {"hashes": ["b66c265b35372a58775ab68db5392014be36b745f4647df6c3da1c0a7aab82fc"], "ip": "91[.]195[.]240[.]94"}, {"hashes": ["b66c265b35372a58775ab68db5392014be36b745f4647df6c3da1c0a7aab82fc"], "ip": "85[.]159[.]66[.]93"}, {"hashes": ["b66c265b35372a58775ab68db5392014be36b745f4647df6c3da1c0a7aab82fc"], "ip": "216[.]18[.]208[.]202"}, {"hashes": ["07417c9975e6ada913ab62a1338ea1df45800d5eca0c73de33d1f53a72973bc6"], "ip": "208[.]67[.]105[.]161"}, {"hashes": ["b66c265b35372a58775ab68db5392014be36b745f4647df6c3da1c0a7aab82fc"], "ip": "45[.]33[.]6[.]223"}, {"hashes": ["cc77dde534b4aa329ecf543351157ca8c9ee43730de6dbef2673d1f63f225f87"], "ip": "198[.]23[.]188[.]145"}, {"hashes": ["86fdff90584064c135a98f05986da5a03bd67abe414f1d8f5fbdbf4249430019"], "ip": "198[.]46[.]178[.]174"}, {"hashes": ["07417c9975e6ada913ab62a1338ea1df45800d5eca0c73de33d1f53a72973bc6"], "ip": "103[.]139[.]44[.]52"}, {"hashes": ["b7062983e7667a1b86c1bd1123bc3aac29b7a8200b079c9bc4b566dd1c7ee44d"], "ip": "193[.]222[.]62[.]4"}, {"hashes": ["f78831910ab0538997847b99a58cc10e0dd87d3223f6c31b15478634d77203d6"], "ip": "192[.]3[.]101[.]26"}, {"hashes": ["2c585eb6a6b3d165c75312f0676e312fc0b1c9dbfd63ab4a060356669f605c90"], "ip": "103[.]171[.]0[.]73"}, {"hashes": ["b66c265b35372a58775ab68db5392014be36b745f4647df6c3da1c0a7aab82fc"], "ip": "175[.]41[.]16[.]124"}, {"hashes": ["b66c265b35372a58775ab68db5392014be36b745f4647df6c3da1c0a7aab82fc"], "ip": "154[.]204[.]248[.]137"}, {"hashes": ["b66c265b35372a58775ab68db5392014be36b745f4647df6c3da1c0a7aab82fc"], "ip": "199[.]192[.]23[.]224"}, {"hashes": ["b66c265b35372a58775ab68db5392014be36b745f4647df6c3da1c0a7aab82fc"], "ip": "164[.]155[.]185[.]152"}, {"hashes": ["b66c265b35372a58775ab68db5392014be36b745f4647df6c3da1c0a7aab82fc"], "ip": "145[.]14[.]156[.]167"}, {"hashes": ["b66c265b35372a58775ab68db5392014be36b745f4647df6c3da1c0a7aab82fc"], "ip": "109[.]234[.]161[.]118"}, {"hashes": ["b66c265b35372a58775ab68db5392014be36b745f4647df6c3da1c0a7aab82fc"], "ip": "207[.]60[.]25[.]186"}, {"hashes": ["b66c265b35372a58775ab68db5392014be36b745f4647df6c3da1c0a7aab82fc"], "ip": "103[.]232[.]53[.]228"}, {"hashes": ["400e675021818214d2779c38b2d77b457ef9956518cd812b53bc7f41ca228bca"], "ip": "103[.]147[.]184[.]98"}, {"hashes": ["8126aa90f564c1662d9b42b333a7b0fe7489770c8b5069997b8dc5577ded2bc0"], "ip": "103[.]125[.]190[.]35"}, {"hashes": ["80bfd5671a9013cc4ba919582612f6d16076e0663990572188093e61ae40e2bd"], "ip": "172[.]245[.]142[.]57"}, {"hashes": ["7b34fede01164a6602eccc2e71a58535a8e484562fe634c82fcf87256f951bcd"], "ip": "23[.]95[.]122[.]232"}, {"hashes": ["0096e380996a5c8896055aa0543c3f51bbebd5c1ea8178da1d67691a975cdbf7"], "ip": "103[.]167[.]85[.]122"}, {"hashes": ["57e5341a8009432af3aa5b4246eabb8774d292db8a245106fc045c4f36e5cddb"], "ip": "45[.]88[.]67[.]187"}], "mutex": [{"hashes": ["0096e380996a5c8896055aa0543c3f51bbebd5c1ea8178da1d67691a975cdbf7", "067c2a2f4c8344f55cae9cc1c6ba03324a4cc99ae5facd672d100c71f64233e0", "07417c9975e6ada913ab62a1338ea1df45800d5eca0c73de33d1f53a72973bc6", "0fa75b407da549a4c7e144216a5970b1c3803c74e57ebf433257c0d4381f34db", "10cd2aa23f0117fb286aba9f6a6ecbf7c467071881763d18c570574eed5b3dc8", "2c585eb6a6b3d165c75312f0676e312fc0b1c9dbfd63ab4a060356669f605c90", "3e8d8210b9d681c89f5df122c1598d4117b0c1843b706f7525039b5ba37f96af", "400e675021818214d2779c38b2d77b457ef9956518cd812b53bc7f41ca228bca", "57e5341a8009432af3aa5b4246eabb8774d292db8a245106fc045c4f36e5cddb", "7b34fede01164a6602eccc2e71a58535a8e484562fe634c82fcf87256f951bcd", "80bfd5671a9013cc4ba919582612f6d16076e0663990572188093e61ae40e2bd", "8126aa90f564c1662d9b42b333a7b0fe7489770c8b5069997b8dc5577ded2bc0", "86fdff90584064c135a98f05986da5a03bd67abe414f1d8f5fbdbf4249430019", "93a71008a2294209a986d896b26e8bcff214afc6923323687c9281919c033a91", "9d6fcf6155af47fbacddd1f7feb457dc919f1ee29f3d28cc30f3c9c437ee516a", "a7225665972f421022ded04315aa75f15cda747e12dbd82130b1a8e87c9d062d", "afa915e7174b5c3da177ea2bc6573248a00d173dfe8f2ff8e7667557a3bf699f", "b66c265b35372a58775ab68db5392014be36b745f4647df6c3da1c0a7aab82fc", "b7062983e7667a1b86c1bd1123bc3aac29b7a8200b079c9bc4b566dd1c7ee44d", "c2745c75eefa6867cce4cc61d89d306810370e0958a550d039c5935e7012de71", "c9ebabe61d9c25500298ac578ba280ebb1b78fd2da07f32a82c44f1c11c3453e", "cc77dde534b4aa329ecf543351157ca8c9ee43730de6dbef2673d1f63f225f87", "cd0a74e966577953be0ea3d89be7467057d1356f5a8fc0f95a472fe938ca7ff5", "e7582ee773f6857a3f18e76453beefc46912089372f3b12bdd6e5735a3a3536d", "e89082a08c246ba8e4bffb9ddb127a2ee24cef652e4b0a8772ad22d376a82eb7", "f78831910ab0538997847b99a58cc10e0dd87d3223f6c31b15478634d77203d6"], "name": "Local\\10MU_ACB10_S-1-5-5-0-67863"}, {"hashes": ["0096e380996a5c8896055aa0543c3f51bbebd5c1ea8178da1d67691a975cdbf7", "067c2a2f4c8344f55cae9cc1c6ba03324a4cc99ae5facd672d100c71f64233e0", "07417c9975e6ada913ab62a1338ea1df45800d5eca0c73de33d1f53a72973bc6", "0fa75b407da549a4c7e144216a5970b1c3803c74e57ebf433257c0d4381f34db", "10cd2aa23f0117fb286aba9f6a6ecbf7c467071881763d18c570574eed5b3dc8", "2c585eb6a6b3d165c75312f0676e312fc0b1c9dbfd63ab4a060356669f605c90", "3e8d8210b9d681c89f5df122c1598d4117b0c1843b706f7525039b5ba37f96af", "400e675021818214d2779c38b2d77b457ef9956518cd812b53bc7f41ca228bca", "57e5341a8009432af3aa5b4246eabb8774d292db8a245106fc045c4f36e5cddb", "7b34fede01164a6602eccc2e71a58535a8e484562fe634c82fcf87256f951bcd", "80bfd5671a9013cc4ba919582612f6d16076e0663990572188093e61ae40e2bd", "8126aa90f564c1662d9b42b333a7b0fe7489770c8b5069997b8dc5577ded2bc0", "86fdff90584064c135a98f05986da5a03bd67abe414f1d8f5fbdbf4249430019", "93a71008a2294209a986d896b26e8bcff214afc6923323687c9281919c033a91", "9d6fcf6155af47fbacddd1f7feb457dc919f1ee29f3d28cc30f3c9c437ee516a", "a7225665972f421022ded04315aa75f15cda747e12dbd82130b1a8e87c9d062d", "afa915e7174b5c3da177ea2bc6573248a00d173dfe8f2ff8e7667557a3bf699f", "b66c265b35372a58775ab68db5392014be36b745f4647df6c3da1c0a7aab82fc", "b7062983e7667a1b86c1bd1123bc3aac29b7a8200b079c9bc4b566dd1c7ee44d", "c2745c75eefa6867cce4cc61d89d306810370e0958a550d039c5935e7012de71", "c9ebabe61d9c25500298ac578ba280ebb1b78fd2da07f32a82c44f1c11c3453e", "cc77dde534b4aa329ecf543351157ca8c9ee43730de6dbef2673d1f63f225f87", "cd0a74e966577953be0ea3d89be7467057d1356f5a8fc0f95a472fe938ca7ff5", "e7582ee773f6857a3f18e76453beefc46912089372f3b12bdd6e5735a3a3536d", "e89082a08c246ba8e4bffb9ddb127a2ee24cef652e4b0a8772ad22d376a82eb7", "f78831910ab0538997847b99a58cc10e0dd87d3223f6c31b15478634d77203d6"], "name": "Local\\10MU_ACBPIDS_S-1-5-5-0-67863"}, {"hashes": ["07417c9975e6ada913ab62a1338ea1df45800d5eca0c73de33d1f53a72973bc6", "3e8d8210b9d681c89f5df122c1598d4117b0c1843b706f7525039b5ba37f96af", "b7062983e7667a1b86c1bd1123bc3aac29b7a8200b079c9bc4b566dd1c7ee44d", "e89082a08c246ba8e4bffb9ddb127a2ee24cef652e4b0a8772ad22d376a82eb7"], "name": "3749282D282E1E80C56CAE5A"}, {"hashes": ["57e5341a8009432af3aa5b4246eabb8774d292db8a245106fc045c4f36e5cddb"], "name": ""}, {"hashes": ["067c2a2f4c8344f55cae9cc1c6ba03324a4cc99ae5facd672d100c71f64233e0"], "name": "irLbieSUCc"}, {"hashes": ["b66c265b35372a58775ab68db5392014be36b745f4647df6c3da1c0a7aab82fc"], "name": "8M65-UPTBHT-1F5Z"}, {"hashes": ["b66c265b35372a58775ab68db5392014be36b745f4647df6c3da1c0a7aab82fc"], "name": "8L30N9RRD4TG20Lz"}, {"hashes": ["a7225665972f421022ded04315aa75f15cda747e12dbd82130b1a8e87c9d062d"], "name": "gsVeqYyojcjHvs"}, {"hashes": ["afa915e7174b5c3da177ea2bc6573248a00d173dfe8f2ff8e7667557a3bf699f"], "name": "qtHAQcA"}, {"hashes": ["c9ebabe61d9c25500298ac578ba280ebb1b78fd2da07f32a82c44f1c11c3453e"], "name": "tKywdBwKac"}], "registry": [{"hashes": ["0096e380996a5c8896055aa0543c3f51bbebd5c1ea8178da1d67691a975cdbf7", "067c2a2f4c8344f55cae9cc1c6ba03324a4cc99ae5facd672d100c71f64233e0", "07417c9975e6ada913ab62a1338ea1df45800d5eca0c73de33d1f53a72973bc6", "0fa75b407da549a4c7e144216a5970b1c3803c74e57ebf433257c0d4381f34db", "10cd2aa23f0117fb286aba9f6a6ecbf7c467071881763d18c570574eed5b3dc8", "2c585eb6a6b3d165c75312f0676e312fc0b1c9dbfd63ab4a060356669f605c90", "3e8d8210b9d681c89f5df122c1598d4117b0c1843b706f7525039b5ba37f96af", "400e675021818214d2779c38b2d77b457ef9956518cd812b53bc7f41ca228bca", "57e5341a8009432af3aa5b4246eabb8774d292db8a245106fc045c4f36e5cddb", "7b34fede01164a6602eccc2e71a58535a8e484562fe634c82fcf87256f951bcd", "80bfd5671a9013cc4ba919582612f6d16076e0663990572188093e61ae40e2bd", "8126aa90f564c1662d9b42b333a7b0fe7489770c8b5069997b8dc5577ded2bc0", "86fdff90584064c135a98f05986da5a03bd67abe414f1d8f5fbdbf4249430019", "93a71008a2294209a986d896b26e8bcff214afc6923323687c9281919c033a91", "9d6fcf6155af47fbacddd1f7feb457dc919f1ee29f3d28cc30f3c9c437ee516a", "a7225665972f421022ded04315aa75f15cda747e12dbd82130b1a8e87c9d062d", "afa915e7174b5c3da177ea2bc6573248a00d173dfe8f2ff8e7667557a3bf699f", "b66c265b35372a58775ab68db5392014be36b745f4647df6c3da1c0a7aab82fc", "b7062983e7667a1b86c1bd1123bc3aac29b7a8200b079c9bc4b566dd1c7ee44d", "c2745c75eefa6867cce4cc61d89d306810370e0958a550d039c5935e7012de71", "c9ebabe61d9c25500298ac578ba280ebb1b78fd2da07f32a82c44f1c11c3453e", "cc77dde534b4aa329ecf543351157ca8c9ee43730de6dbef2673d1f63f225f87", "cd0a74e966577953be0ea3d89be7467057d1356f5a8fc0f95a472fe938ca7ff5", "e7582ee773f6857a3f18e76453beefc46912089372f3b12bdd6e5735a3a3536d", "e89082a08c246ba8e4bffb9ddb127a2ee24cef652e4b0a8772ad22d376a82eb7", "f78831910ab0538997847b99a58cc10e0dd87d3223f6c31b15478634d77203d6"], "key": "<HKCR>\\LOCAL SETTINGS\\MUICACHE\\82\\52C64B7E", "value_name": "LanguageList"}, {"hashes": ["0096e380996a5c8896055aa0543c3f51bbebd5c1ea8178da1d67691a975cdbf7", "067c2a2f4c8344f55cae9cc1c6ba03324a4cc99ae5facd672d100c71f64233e0", "07417c9975e6ada913ab62a1338ea1df45800d5eca0c73de33d1f53a72973bc6", "0fa75b407da549a4c7e144216a5970b1c3803c74e57ebf433257c0d4381f34db", "10cd2aa23f0117fb286aba9f6a6ecbf7c467071881763d18c570574eed5b3dc8", "2c585eb6a6b3d165c75312f0676e312fc0b1c9dbfd63ab4a060356669f605c90", "3e8d8210b9d681c89f5df122c1598d4117b0c1843b706f7525039b5ba37f96af", "400e675021818214d2779c38b2d77b457ef9956518cd812b53bc7f41ca228bca", "57e5341a8009432af3aa5b4246eabb8774d292db8a245106fc045c4f36e5cddb", "7b34fede01164a6602eccc2e71a58535a8e484562fe634c82fcf87256f951bcd", "80bfd5671a9013cc4ba919582612f6d16076e0663990572188093e61ae40e2bd", "8126aa90f564c1662d9b42b333a7b0fe7489770c8b5069997b8dc5577ded2bc0", "86fdff90584064c135a98f05986da5a03bd67abe414f1d8f5fbdbf4249430019", "93a71008a2294209a986d896b26e8bcff214afc6923323687c9281919c033a91", "9d6fcf6155af47fbacddd1f7feb457dc919f1ee29f3d28cc30f3c9c437ee516a", "a7225665972f421022ded04315aa75f15cda747e12dbd82130b1a8e87c9d062d", "afa915e7174b5c3da177ea2bc6573248a00d173dfe8f2ff8e7667557a3bf699f", "b66c265b35372a58775ab68db5392014be36b745f4647df6c3da1c0a7aab82fc", "b7062983e7667a1b86c1bd1123bc3aac29b7a8200b079c9bc4b566dd1c7ee44d", "c2745c75eefa6867cce4cc61d89d306810370e0958a550d039c5935e7012de71", "c9ebabe61d9c25500298ac578ba280ebb1b78fd2da07f32a82c44f1c11c3453e", "cc77dde534b4aa329ecf543351157ca8c9ee43730de6dbef2673d1f63f225f87", "e7582ee773f6857a3f18e76453beefc46912089372f3b12bdd6e5735a3a3536d", "e89082a08c246ba8e4bffb9ddb127a2ee24cef652e4b0a8772ad22d376a82eb7", "f78831910ab0538997847b99a58cc10e0dd87d3223f6c31b15478634d77203d6"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\EQUATION EDITOR", "value_name": null}, {"hashes": ["0096e380996a5c8896055aa0543c3f51bbebd5c1ea8178da1d67691a975cdbf7", "067c2a2f4c8344f55cae9cc1c6ba03324a4cc99ae5facd672d100c71f64233e0", "07417c9975e6ada913ab62a1338ea1df45800d5eca0c73de33d1f53a72973bc6", "0fa75b407da549a4c7e144216a5970b1c3803c74e57ebf433257c0d4381f34db", "10cd2aa23f0117fb286aba9f6a6ecbf7c467071881763d18c570574eed5b3dc8", "2c585eb6a6b3d165c75312f0676e312fc0b1c9dbfd63ab4a060356669f605c90", "3e8d8210b9d681c89f5df122c1598d4117b0c1843b706f7525039b5ba37f96af", "400e675021818214d2779c38b2d77b457ef9956518cd812b53bc7f41ca228bca", "57e5341a8009432af3aa5b4246eabb8774d292db8a245106fc045c4f36e5cddb", "7b34fede01164a6602eccc2e71a58535a8e484562fe634c82fcf87256f951bcd", "80bfd5671a9013cc4ba919582612f6d16076e0663990572188093e61ae40e2bd", "8126aa90f564c1662d9b42b333a7b0fe7489770c8b5069997b8dc5577ded2bc0", "86fdff90584064c135a98f05986da5a03bd67abe414f1d8f5fbdbf4249430019", "93a71008a2294209a986d896b26e8bcff214afc6923323687c9281919c033a91", "9d6fcf6155af47fbacddd1f7feb457dc919f1ee29f3d28cc30f3c9c437ee516a", "a7225665972f421022ded04315aa75f15cda747e12dbd82130b1a8e87c9d062d", "afa915e7174b5c3da177ea2bc6573248a00d173dfe8f2ff8e7667557a3bf699f", "b66c265b35372a58775ab68db5392014be36b745f4647df6c3da1c0a7aab82fc", "b7062983e7667a1b86c1bd1123bc3aac29b7a8200b079c9bc4b566dd1c7ee44d", "c2745c75eefa6867cce4cc61d89d306810370e0958a550d039c5935e7012de71", "c9ebabe61d9c25500298ac578ba280ebb1b78fd2da07f32a82c44f1c11c3453e", "cc77dde534b4aa329ecf543351157ca8c9ee43730de6dbef2673d1f63f225f87", "e7582ee773f6857a3f18e76453beefc46912089372f3b12bdd6e5735a3a3536d", "e89082a08c246ba8e4bffb9ddb127a2ee24cef652e4b0a8772ad22d376a82eb7", "f78831910ab0538997847b99a58cc10e0dd87d3223f6c31b15478634d77203d6"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\EQUATION EDITOR\\3.0", "value_name": null}, {"hashes": ["0096e380996a5c8896055aa0543c3f51bbebd5c1ea8178da1d67691a975cdbf7", "067c2a2f4c8344f55cae9cc1c6ba03324a4cc99ae5facd672d100c71f64233e0", "07417c9975e6ada913ab62a1338ea1df45800d5eca0c73de33d1f53a72973bc6", "0fa75b407da549a4c7e144216a5970b1c3803c74e57ebf433257c0d4381f34db", "10cd2aa23f0117fb286aba9f6a6ecbf7c467071881763d18c570574eed5b3dc8", "2c585eb6a6b3d165c75312f0676e312fc0b1c9dbfd63ab4a060356669f605c90", "3e8d8210b9d681c89f5df122c1598d4117b0c1843b706f7525039b5ba37f96af", "400e675021818214d2779c38b2d77b457ef9956518cd812b53bc7f41ca228bca", "57e5341a8009432af3aa5b4246eabb8774d292db8a245106fc045c4f36e5cddb", "7b34fede01164a6602eccc2e71a58535a8e484562fe634c82fcf87256f951bcd", "80bfd5671a9013cc4ba919582612f6d16076e0663990572188093e61ae40e2bd", "8126aa90f564c1662d9b42b333a7b0fe7489770c8b5069997b8dc5577ded2bc0", "86fdff90584064c135a98f05986da5a03bd67abe414f1d8f5fbdbf4249430019", "93a71008a2294209a986d896b26e8bcff214afc6923323687c9281919c033a91", "9d6fcf6155af47fbacddd1f7feb457dc919f1ee29f3d28cc30f3c9c437ee516a", "a7225665972f421022ded04315aa75f15cda747e12dbd82130b1a8e87c9d062d", "afa915e7174b5c3da177ea2bc6573248a00d173dfe8f2ff8e7667557a3bf699f", "b66c265b35372a58775ab68db5392014be36b745f4647df6c3da1c0a7aab82fc", "b7062983e7667a1b86c1bd1123bc3aac29b7a8200b079c9bc4b566dd1c7ee44d", "c2745c75eefa6867cce4cc61d89d306810370e0958a550d039c5935e7012de71", "c9ebabe61d9c25500298ac578ba280ebb1b78fd2da07f32a82c44f1c11c3453e", "cc77dde534b4aa329ecf543351157ca8c9ee43730de6dbef2673d1f63f225f87", "e7582ee773f6857a3f18e76453beefc46912089372f3b12bdd6e5735a3a3536d", "e89082a08c246ba8e4bffb9ddb127a2ee24cef652e4b0a8772ad22d376a82eb7", "f78831910ab0538997847b99a58cc10e0dd87d3223f6c31b15478634d77203d6"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\EQUATION EDITOR\\3.0\\OPTIONS", "value_name": null}, {"hashes": ["b66c265b35372a58775ab68db5392014be36b745f4647df6c3da1c0a7aab82fc"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\INTERNET EXPLORER\\INTELLIFORMS\\STORAGE2", "value_name": null}, {"hashes": ["b66c265b35372a58775ab68db5392014be36b745f4647df6c3da1c0a7aab82fc"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MOZILLA\\MOZILLA FIREFOX", "value_name": null}, {"hashes": ["b66c265b35372a58775ab68db5392014be36b745f4647df6c3da1c0a7aab82fc"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MOZILLA\\MOZILLA FIREFOX\\20.0.1 (EN-US)\\MAIN", "value_name": null}, {"hashes": ["b66c265b35372a58775ab68db5392014be36b745f4647df6c3da1c0a7aab82fc"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MOZILLA\\MOZILLA THUNDERBIRD", "value_name": null}, {"hashes": ["cd0a74e966577953be0ea3d89be7467057d1356f5a8fc0f95a472fe938ca7ff5"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\CALC", "value_name": null}, {"hashes": ["b66c265b35372a58775ab68db5392014be36b745f4647df6c3da1c0a7aab82fc"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\EXPLORER\\DISCARDABLE\\POSTSETUP\\COMPONENT CATEGORIES\\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}", "value_name": null}, {"hashes": ["b66c265b35372a58775ab68db5392014be36b745f4647df6c3da1c0a7aab82fc"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\EXPLORER\\DISCARDABLE\\POSTSETUP\\COMPONENT CATEGORIES\\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}\\ENUM", "value_name": null}, {"hashes": ["cd0a74e966577953be0ea3d89be7467057d1356f5a8fc0f95a472fe938ca7ff5"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\CALC", "value_name": "Window_Placement"}, {"hashes": ["2c585eb6a6b3d165c75312f0676e312fc0b1c9dbfd63ab4a060356669f605c90"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\UNINSTALL\\SADDELTAGENE", "value_name": null}, {"hashes": ["2c585eb6a6b3d165c75312f0676e312fc0b1c9dbfd63ab4a060356669f605c90"], "key": "<HKCU>\\SOFTWARE\\STANLEY", "value_name": null}, {"hashes": ["2c585eb6a6b3d165c75312f0676e312fc0b1c9dbfd63ab4a060356669f605c90"], "key": "<HKCU>\\SOFTWARE\\STANLEY\\MUSTELA", "value_name": null}, {"hashes": ["2c585eb6a6b3d165c75312f0676e312fc0b1c9dbfd63ab4a060356669f605c90"], "key": "<HKCU>\\SOFTWARE\\STANLEY\\MUSTELA\\MEMORANDIZE", "value_name": null}, {"hashes": ["2c585eb6a6b3d165c75312f0676e312fc0b1c9dbfd63ab4a060356669f605c90"], "key": "<HKCU>\\SOFTWARE\\KOMPOSTER", "value_name": null}, {"hashes": ["2c585eb6a6b3d165c75312f0676e312fc0b1c9dbfd63ab4a060356669f605c90"], "key": "<HKCU>\\SOFTWARE\\KOMPOSTER\\MYTHUS", "value_name": null}, {"hashes": ["2c585eb6a6b3d165c75312f0676e312fc0b1c9dbfd63ab4a060356669f605c90"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\UNINSTALL\\SADDELTAGENE", "value_name": "Anabata"}, {"hashes": ["2c585eb6a6b3d165c75312f0676e312fc0b1c9dbfd63ab4a060356669f605c90"], "key": "<HKCU>\\SOFTWARE\\STANLEY\\MUSTELA\\MEMORANDIZE", "value_name": "Hannss"}, {"hashes": ["2c585eb6a6b3d165c75312f0676e312fc0b1c9dbfd63ab4a060356669f605c90"], "key": "<HKCU>\\SOFTWARE\\KOMPOSTER\\MYTHUS", "value_name": "Udlbsdatos"}, {"hashes": ["b66c265b35372a58775ab68db5392014be36b745f4647df6c3da1c0a7aab82fc"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\EXPLORER\\DISCARDABLE\\POSTSETUP\\COMPONENT CATEGORIES\\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}\\ENUM", "value_name": "Implementing"}]}, "reports_count": 26}, "exprev": [], "info": {"origin": "Cisco Talos Intelligence Group", "publication_date": "2023-01-20T14:39:09+00:00", "version": "2.1", "warning": "As a reminder, the information provided for the following threatsin this post is non-exhaustive and current as of the date ofpublication. Additionally, please keep in mind that IOC searchingis only one part of threat hunting. Spotting a single IOC does notnecessarily indicate maliciousness. Detection and coverage for thefollowing threats is subject to updates, pending additional threator vulnerability analysis. For the most current information, pleaserefer to your Firepower Management Center, Snort.org, or ClamAV.net."}, "signatures": ["Win.Virus.Xpiro-9983832-1", "Xls.Exploit.LokiBot-9983602-0", "Win.Dropper.Fareit-9983571-1", "Win.Dropper.HawkEye-9983397-0", "Win.Dropper.Shiz-9983394-0", "Win.Dropper.DarkKomet-9984290-0", "Win.Dropper.Nanocore-9984085-0", "Win.Dropper.QuasarRAT-9983512-0"]}