{"Win.Dropper.Bifrost-9985293-0": {"bis": [{"bi": "pe-encrypted-section", "hashes": ["73d73c1a9f1e4494f550597a9d2438a79ebd900914c8b0851164aea5f1cb688e", "6946be08c392001c142ad89213ff0860f3f3eac188b30c877e10783d435334ba", "4c1986ea7e1ecea980fad59a62ddbf472bc2d7344c923332fd48f41dc6fbbe48", "49704324bbf8ffde957586c01cc85d45a970458d2697fe34f381d7cb82d7f88d", "26dfd674facde0f957bb4ed81e7cea4dae37114ced4d59c491d86bfc667d5dc4", "52fe24425eb3e6248e59fd959ce1956e09d1cbb65809f63706f0f9170ea0eb48", "eaf65d454e9ba165ada208f4482a760f0cdf23b15aa94022aa9617bf03609f2f", "c1504e3f1b761540498a0fde42e462c0b20676502981ce84aa41049550159aab", "32ac27ab6cd0654430449b0624a744169e2d0cc6769192fd79599e1ab6717632", "c2014131fcee489c7e1c4a943237bd89dfeb5ba2ab1216ff89cfb202b00e2671", "ca566fce1a39c24dd34479446524eac96d5e43634134e9e7616d2a18d5fba5ca", "0309e6c7cd2a73721e6956af2ec340c948bc5009450f76c9337ded167e60cfbd", "b1da9aaa33886f2d103540ffd831f46d5f97280eca05f8013e277579cfd0051a", "975d3f301392e173335b801f6a12e3a7556ba00c2984a968ca033a44e69610c3", "a6ab70d56a50d8446028ec0fef89bbde4e4a5784fd8a471b50392c0230d88fb0", "df05799c88e4cb5cbc2661b83e286d3247fa682dae330e6932c52a1d661935cb", "7d2f5afc77e09d02b604cbdbfb5b33941914296966306761478609a23cd3a14e", "f5e2cf6885a62fad9a6488a8487e0490e5892bfac0dddeff515ba97b2b86d2cd", "5c86c8c3bad2edd4174675a5dbab131d9b84ca5e5325431d2fa91d1c22292afa", "3596f41561adf0d6eeb205b7414e17993f20da0590a28d2a4c94d984fd327fa8"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "memory-execute-readwrite", "hashes": ["73d73c1a9f1e4494f550597a9d2438a79ebd900914c8b0851164aea5f1cb688e", "6946be08c392001c142ad89213ff0860f3f3eac188b30c877e10783d435334ba", "4c1986ea7e1ecea980fad59a62ddbf472bc2d7344c923332fd48f41dc6fbbe48", "49704324bbf8ffde957586c01cc85d45a970458d2697fe34f381d7cb82d7f88d", "26dfd674facde0f957bb4ed81e7cea4dae37114ced4d59c491d86bfc667d5dc4", "52fe24425eb3e6248e59fd959ce1956e09d1cbb65809f63706f0f9170ea0eb48", "eaf65d454e9ba165ada208f4482a760f0cdf23b15aa94022aa9617bf03609f2f", "c1504e3f1b761540498a0fde42e462c0b20676502981ce84aa41049550159aab", "32ac27ab6cd0654430449b0624a744169e2d0cc6769192fd79599e1ab6717632", "c2014131fcee489c7e1c4a943237bd89dfeb5ba2ab1216ff89cfb202b00e2671", "ca566fce1a39c24dd34479446524eac96d5e43634134e9e7616d2a18d5fba5ca", "0309e6c7cd2a73721e6956af2ec340c948bc5009450f76c9337ded167e60cfbd", "b1da9aaa33886f2d103540ffd831f46d5f97280eca05f8013e277579cfd0051a", "975d3f301392e173335b801f6a12e3a7556ba00c2984a968ca033a44e69610c3", "a6ab70d56a50d8446028ec0fef89bbde4e4a5784fd8a471b50392c0230d88fb0", "df05799c88e4cb5cbc2661b83e286d3247fa682dae330e6932c52a1d661935cb", "7d2f5afc77e09d02b604cbdbfb5b33941914296966306761478609a23cd3a14e", "f5e2cf6885a62fad9a6488a8487e0490e5892bfac0dddeff515ba97b2b86d2cd", "5c86c8c3bad2edd4174675a5dbab131d9b84ca5e5325431d2fa91d1c22292afa", "3596f41561adf0d6eeb205b7414e17993f20da0590a28d2a4c94d984fd327fa8"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["73d73c1a9f1e4494f550597a9d2438a79ebd900914c8b0851164aea5f1cb688e", "6946be08c392001c142ad89213ff0860f3f3eac188b30c877e10783d435334ba", "4c1986ea7e1ecea980fad59a62ddbf472bc2d7344c923332fd48f41dc6fbbe48", "49704324bbf8ffde957586c01cc85d45a970458d2697fe34f381d7cb82d7f88d", "26dfd674facde0f957bb4ed81e7cea4dae37114ced4d59c491d86bfc667d5dc4", "52fe24425eb3e6248e59fd959ce1956e09d1cbb65809f63706f0f9170ea0eb48", "eaf65d454e9ba165ada208f4482a760f0cdf23b15aa94022aa9617bf03609f2f", "c1504e3f1b761540498a0fde42e462c0b20676502981ce84aa41049550159aab", "32ac27ab6cd0654430449b0624a744169e2d0cc6769192fd79599e1ab6717632", "c2014131fcee489c7e1c4a943237bd89dfeb5ba2ab1216ff89cfb202b00e2671", "ca566fce1a39c24dd34479446524eac96d5e43634134e9e7616d2a18d5fba5ca", "0309e6c7cd2a73721e6956af2ec340c948bc5009450f76c9337ded167e60cfbd", "b1da9aaa33886f2d103540ffd831f46d5f97280eca05f8013e277579cfd0051a", "975d3f301392e173335b801f6a12e3a7556ba00c2984a968ca033a44e69610c3", "a6ab70d56a50d8446028ec0fef89bbde4e4a5784fd8a471b50392c0230d88fb0", "df05799c88e4cb5cbc2661b83e286d3247fa682dae330e6932c52a1d661935cb", "7d2f5afc77e09d02b604cbdbfb5b33941914296966306761478609a23cd3a14e", "f5e2cf6885a62fad9a6488a8487e0490e5892bfac0dddeff515ba97b2b86d2cd", "5c86c8c3bad2edd4174675a5dbab131d9b84ca5e5325431d2fa91d1c22292afa", "3596f41561adf0d6eeb205b7414e17993f20da0590a28d2a4c94d984fd327fa8"], "mitre_attack_tags": []}, {"bi": "artifact-flagged-anomaly", "hashes": ["73d73c1a9f1e4494f550597a9d2438a79ebd900914c8b0851164aea5f1cb688e", "6946be08c392001c142ad89213ff0860f3f3eac188b30c877e10783d435334ba", "4c1986ea7e1ecea980fad59a62ddbf472bc2d7344c923332fd48f41dc6fbbe48", "49704324bbf8ffde957586c01cc85d45a970458d2697fe34f381d7cb82d7f88d", "26dfd674facde0f957bb4ed81e7cea4dae37114ced4d59c491d86bfc667d5dc4", "52fe24425eb3e6248e59fd959ce1956e09d1cbb65809f63706f0f9170ea0eb48", "eaf65d454e9ba165ada208f4482a760f0cdf23b15aa94022aa9617bf03609f2f", "c1504e3f1b761540498a0fde42e462c0b20676502981ce84aa41049550159aab", "32ac27ab6cd0654430449b0624a744169e2d0cc6769192fd79599e1ab6717632", "c2014131fcee489c7e1c4a943237bd89dfeb5ba2ab1216ff89cfb202b00e2671", "ca566fce1a39c24dd34479446524eac96d5e43634134e9e7616d2a18d5fba5ca", "0309e6c7cd2a73721e6956af2ec340c948bc5009450f76c9337ded167e60cfbd", "b1da9aaa33886f2d103540ffd831f46d5f97280eca05f8013e277579cfd0051a", "975d3f301392e173335b801f6a12e3a7556ba00c2984a968ca033a44e69610c3", "a6ab70d56a50d8446028ec0fef89bbde4e4a5784fd8a471b50392c0230d88fb0", "df05799c88e4cb5cbc2661b83e286d3247fa682dae330e6932c52a1d661935cb", "7d2f5afc77e09d02b604cbdbfb5b33941914296966306761478609a23cd3a14e", "f5e2cf6885a62fad9a6488a8487e0490e5892bfac0dddeff515ba97b2b86d2cd", "5c86c8c3bad2edd4174675a5dbab131d9b84ca5e5325431d2fa91d1c22292afa", "3596f41561adf0d6eeb205b7414e17993f20da0590a28d2a4c94d984fd327fa8"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-imports-empty", "hashes": ["73d73c1a9f1e4494f550597a9d2438a79ebd900914c8b0851164aea5f1cb688e", "6946be08c392001c142ad89213ff0860f3f3eac188b30c877e10783d435334ba", "4c1986ea7e1ecea980fad59a62ddbf472bc2d7344c923332fd48f41dc6fbbe48", "49704324bbf8ffde957586c01cc85d45a970458d2697fe34f381d7cb82d7f88d", "26dfd674facde0f957bb4ed81e7cea4dae37114ced4d59c491d86bfc667d5dc4", "52fe24425eb3e6248e59fd959ce1956e09d1cbb65809f63706f0f9170ea0eb48", "eaf65d454e9ba165ada208f4482a760f0cdf23b15aa94022aa9617bf03609f2f", "c1504e3f1b761540498a0fde42e462c0b20676502981ce84aa41049550159aab", "32ac27ab6cd0654430449b0624a744169e2d0cc6769192fd79599e1ab6717632", "c2014131fcee489c7e1c4a943237bd89dfeb5ba2ab1216ff89cfb202b00e2671", "ca566fce1a39c24dd34479446524eac96d5e43634134e9e7616d2a18d5fba5ca", "0309e6c7cd2a73721e6956af2ec340c948bc5009450f76c9337ded167e60cfbd", "b1da9aaa33886f2d103540ffd831f46d5f97280eca05f8013e277579cfd0051a", "975d3f301392e173335b801f6a12e3a7556ba00c2984a968ca033a44e69610c3", "a6ab70d56a50d8446028ec0fef89bbde4e4a5784fd8a471b50392c0230d88fb0", "df05799c88e4cb5cbc2661b83e286d3247fa682dae330e6932c52a1d661935cb", "7d2f5afc77e09d02b604cbdbfb5b33941914296966306761478609a23cd3a14e", "f5e2cf6885a62fad9a6488a8487e0490e5892bfac0dddeff515ba97b2b86d2cd", "5c86c8c3bad2edd4174675a5dbab131d9b84ca5e5325431d2fa91d1c22292afa", "3596f41561adf0d6eeb205b7414e17993f20da0590a28d2a4c94d984fd327fa8"], "mitre_attack_tags": []}, {"bi": "pe-dos-header-paragraphs", "hashes": ["73d73c1a9f1e4494f550597a9d2438a79ebd900914c8b0851164aea5f1cb688e", "6946be08c392001c142ad89213ff0860f3f3eac188b30c877e10783d435334ba", "4c1986ea7e1ecea980fad59a62ddbf472bc2d7344c923332fd48f41dc6fbbe48", "49704324bbf8ffde957586c01cc85d45a970458d2697fe34f381d7cb82d7f88d", "26dfd674facde0f957bb4ed81e7cea4dae37114ced4d59c491d86bfc667d5dc4", "52fe24425eb3e6248e59fd959ce1956e09d1cbb65809f63706f0f9170ea0eb48", "eaf65d454e9ba165ada208f4482a760f0cdf23b15aa94022aa9617bf03609f2f", "c1504e3f1b761540498a0fde42e462c0b20676502981ce84aa41049550159aab", "32ac27ab6cd0654430449b0624a744169e2d0cc6769192fd79599e1ab6717632", "c2014131fcee489c7e1c4a943237bd89dfeb5ba2ab1216ff89cfb202b00e2671", "ca566fce1a39c24dd34479446524eac96d5e43634134e9e7616d2a18d5fba5ca", "0309e6c7cd2a73721e6956af2ec340c948bc5009450f76c9337ded167e60cfbd", "b1da9aaa33886f2d103540ffd831f46d5f97280eca05f8013e277579cfd0051a", "975d3f301392e173335b801f6a12e3a7556ba00c2984a968ca033a44e69610c3", "a6ab70d56a50d8446028ec0fef89bbde4e4a5784fd8a471b50392c0230d88fb0", "df05799c88e4cb5cbc2661b83e286d3247fa682dae330e6932c52a1d661935cb", "7d2f5afc77e09d02b604cbdbfb5b33941914296966306761478609a23cd3a14e", "f5e2cf6885a62fad9a6488a8487e0490e5892bfac0dddeff515ba97b2b86d2cd", "5c86c8c3bad2edd4174675a5dbab131d9b84ca5e5325431d2fa91d1c22292afa", "3596f41561adf0d6eeb205b7414e17993f20da0590a28d2a4c94d984fd327fa8"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-dos-header-initialsp", "hashes": ["73d73c1a9f1e4494f550597a9d2438a79ebd900914c8b0851164aea5f1cb688e", "6946be08c392001c142ad89213ff0860f3f3eac188b30c877e10783d435334ba", "4c1986ea7e1ecea980fad59a62ddbf472bc2d7344c923332fd48f41dc6fbbe48", "49704324bbf8ffde957586c01cc85d45a970458d2697fe34f381d7cb82d7f88d", "26dfd674facde0f957bb4ed81e7cea4dae37114ced4d59c491d86bfc667d5dc4", "52fe24425eb3e6248e59fd959ce1956e09d1cbb65809f63706f0f9170ea0eb48", "eaf65d454e9ba165ada208f4482a760f0cdf23b15aa94022aa9617bf03609f2f", "c1504e3f1b761540498a0fde42e462c0b20676502981ce84aa41049550159aab", "32ac27ab6cd0654430449b0624a744169e2d0cc6769192fd79599e1ab6717632", "c2014131fcee489c7e1c4a943237bd89dfeb5ba2ab1216ff89cfb202b00e2671", "ca566fce1a39c24dd34479446524eac96d5e43634134e9e7616d2a18d5fba5ca", "0309e6c7cd2a73721e6956af2ec340c948bc5009450f76c9337ded167e60cfbd", "b1da9aaa33886f2d103540ffd831f46d5f97280eca05f8013e277579cfd0051a", "975d3f301392e173335b801f6a12e3a7556ba00c2984a968ca033a44e69610c3", "a6ab70d56a50d8446028ec0fef89bbde4e4a5784fd8a471b50392c0230d88fb0", "df05799c88e4cb5cbc2661b83e286d3247fa682dae330e6932c52a1d661935cb", "7d2f5afc77e09d02b604cbdbfb5b33941914296966306761478609a23cd3a14e", "f5e2cf6885a62fad9a6488a8487e0490e5892bfac0dddeff515ba97b2b86d2cd", "5c86c8c3bad2edd4174675a5dbab131d9b84ca5e5325431d2fa91d1c22292afa", "3596f41561adf0d6eeb205b7414e17993f20da0590a28d2a4c94d984fd327fa8"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-dos-header-initialip", "hashes": ["73d73c1a9f1e4494f550597a9d2438a79ebd900914c8b0851164aea5f1cb688e", "6946be08c392001c142ad89213ff0860f3f3eac188b30c877e10783d435334ba", "4c1986ea7e1ecea980fad59a62ddbf472bc2d7344c923332fd48f41dc6fbbe48", "49704324bbf8ffde957586c01cc85d45a970458d2697fe34f381d7cb82d7f88d", "26dfd674facde0f957bb4ed81e7cea4dae37114ced4d59c491d86bfc667d5dc4", "52fe24425eb3e6248e59fd959ce1956e09d1cbb65809f63706f0f9170ea0eb48", "eaf65d454e9ba165ada208f4482a760f0cdf23b15aa94022aa9617bf03609f2f", "c1504e3f1b761540498a0fde42e462c0b20676502981ce84aa41049550159aab", "32ac27ab6cd0654430449b0624a744169e2d0cc6769192fd79599e1ab6717632", "c2014131fcee489c7e1c4a943237bd89dfeb5ba2ab1216ff89cfb202b00e2671", "ca566fce1a39c24dd34479446524eac96d5e43634134e9e7616d2a18d5fba5ca", "0309e6c7cd2a73721e6956af2ec340c948bc5009450f76c9337ded167e60cfbd", "b1da9aaa33886f2d103540ffd831f46d5f97280eca05f8013e277579cfd0051a", "975d3f301392e173335b801f6a12e3a7556ba00c2984a968ca033a44e69610c3", "a6ab70d56a50d8446028ec0fef89bbde4e4a5784fd8a471b50392c0230d88fb0", "df05799c88e4cb5cbc2661b83e286d3247fa682dae330e6932c52a1d661935cb", "7d2f5afc77e09d02b604cbdbfb5b33941914296966306761478609a23cd3a14e", "f5e2cf6885a62fad9a6488a8487e0490e5892bfac0dddeff515ba97b2b86d2cd", "5c86c8c3bad2edd4174675a5dbab131d9b84ca5e5325431d2fa91d1c22292afa", "3596f41561adf0d6eeb205b7414e17993f20da0590a28d2a4c94d984fd327fa8"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "artifact-pe-no-dos", "hashes": ["73d73c1a9f1e4494f550597a9d2438a79ebd900914c8b0851164aea5f1cb688e", "6946be08c392001c142ad89213ff0860f3f3eac188b30c877e10783d435334ba", "4c1986ea7e1ecea980fad59a62ddbf472bc2d7344c923332fd48f41dc6fbbe48", "49704324bbf8ffde957586c01cc85d45a970458d2697fe34f381d7cb82d7f88d", "26dfd674facde0f957bb4ed81e7cea4dae37114ced4d59c491d86bfc667d5dc4", "52fe24425eb3e6248e59fd959ce1956e09d1cbb65809f63706f0f9170ea0eb48", "eaf65d454e9ba165ada208f4482a760f0cdf23b15aa94022aa9617bf03609f2f", "c1504e3f1b761540498a0fde42e462c0b20676502981ce84aa41049550159aab", "32ac27ab6cd0654430449b0624a744169e2d0cc6769192fd79599e1ab6717632", "c2014131fcee489c7e1c4a943237bd89dfeb5ba2ab1216ff89cfb202b00e2671", "ca566fce1a39c24dd34479446524eac96d5e43634134e9e7616d2a18d5fba5ca", "0309e6c7cd2a73721e6956af2ec340c948bc5009450f76c9337ded167e60cfbd", "b1da9aaa33886f2d103540ffd831f46d5f97280eca05f8013e277579cfd0051a", "975d3f301392e173335b801f6a12e3a7556ba00c2984a968ca033a44e69610c3", "a6ab70d56a50d8446028ec0fef89bbde4e4a5784fd8a471b50392c0230d88fb0", "df05799c88e4cb5cbc2661b83e286d3247fa682dae330e6932c52a1d661935cb", "7d2f5afc77e09d02b604cbdbfb5b33941914296966306761478609a23cd3a14e", "f5e2cf6885a62fad9a6488a8487e0490e5892bfac0dddeff515ba97b2b86d2cd", "5c86c8c3bad2edd4174675a5dbab131d9b84ca5e5325431d2fa91d1c22292afa", "3596f41561adf0d6eeb205b7414e17993f20da0590a28d2a4c94d984fd327fa8"], "mitre_attack_tags": []}, {"bi": "pe-header-numofsymbols", "hashes": ["73d73c1a9f1e4494f550597a9d2438a79ebd900914c8b0851164aea5f1cb688e", "6946be08c392001c142ad89213ff0860f3f3eac188b30c877e10783d435334ba", "4c1986ea7e1ecea980fad59a62ddbf472bc2d7344c923332fd48f41dc6fbbe48", "49704324bbf8ffde957586c01cc85d45a970458d2697fe34f381d7cb82d7f88d", "26dfd674facde0f957bb4ed81e7cea4dae37114ced4d59c491d86bfc667d5dc4", "52fe24425eb3e6248e59fd959ce1956e09d1cbb65809f63706f0f9170ea0eb48", "eaf65d454e9ba165ada208f4482a760f0cdf23b15aa94022aa9617bf03609f2f", "c1504e3f1b761540498a0fde42e462c0b20676502981ce84aa41049550159aab", "32ac27ab6cd0654430449b0624a744169e2d0cc6769192fd79599e1ab6717632", "c2014131fcee489c7e1c4a943237bd89dfeb5ba2ab1216ff89cfb202b00e2671", "ca566fce1a39c24dd34479446524eac96d5e43634134e9e7616d2a18d5fba5ca", "0309e6c7cd2a73721e6956af2ec340c948bc5009450f76c9337ded167e60cfbd", "b1da9aaa33886f2d103540ffd831f46d5f97280eca05f8013e277579cfd0051a", "975d3f301392e173335b801f6a12e3a7556ba00c2984a968ca033a44e69610c3", "a6ab70d56a50d8446028ec0fef89bbde4e4a5784fd8a471b50392c0230d88fb0", "df05799c88e4cb5cbc2661b83e286d3247fa682dae330e6932c52a1d661935cb", "7d2f5afc77e09d02b604cbdbfb5b33941914296966306761478609a23cd3a14e", "f5e2cf6885a62fad9a6488a8487e0490e5892bfac0dddeff515ba97b2b86d2cd", "5c86c8c3bad2edd4174675a5dbab131d9b84ca5e5325431d2fa91d1c22292afa", "3596f41561adf0d6eeb205b7414e17993f20da0590a28d2a4c94d984fd327fa8"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-header-sizeofoptionalheader", "hashes": ["73d73c1a9f1e4494f550597a9d2438a79ebd900914c8b0851164aea5f1cb688e", "6946be08c392001c142ad89213ff0860f3f3eac188b30c877e10783d435334ba", "4c1986ea7e1ecea980fad59a62ddbf472bc2d7344c923332fd48f41dc6fbbe48", "49704324bbf8ffde957586c01cc85d45a970458d2697fe34f381d7cb82d7f88d", "26dfd674facde0f957bb4ed81e7cea4dae37114ced4d59c491d86bfc667d5dc4", "52fe24425eb3e6248e59fd959ce1956e09d1cbb65809f63706f0f9170ea0eb48", "eaf65d454e9ba165ada208f4482a760f0cdf23b15aa94022aa9617bf03609f2f", "c1504e3f1b761540498a0fde42e462c0b20676502981ce84aa41049550159aab", "32ac27ab6cd0654430449b0624a744169e2d0cc6769192fd79599e1ab6717632", "c2014131fcee489c7e1c4a943237bd89dfeb5ba2ab1216ff89cfb202b00e2671", "ca566fce1a39c24dd34479446524eac96d5e43634134e9e7616d2a18d5fba5ca", "0309e6c7cd2a73721e6956af2ec340c948bc5009450f76c9337ded167e60cfbd", "b1da9aaa33886f2d103540ffd831f46d5f97280eca05f8013e277579cfd0051a", "975d3f301392e173335b801f6a12e3a7556ba00c2984a968ca033a44e69610c3", "a6ab70d56a50d8446028ec0fef89bbde4e4a5784fd8a471b50392c0230d88fb0", "df05799c88e4cb5cbc2661b83e286d3247fa682dae330e6932c52a1d661935cb", "7d2f5afc77e09d02b604cbdbfb5b33941914296966306761478609a23cd3a14e", "f5e2cf6885a62fad9a6488a8487e0490e5892bfac0dddeff515ba97b2b86d2cd", "5c86c8c3bad2edd4174675a5dbab131d9b84ca5e5325431d2fa91d1c22292afa", "3596f41561adf0d6eeb205b7414e17993f20da0590a28d2a4c94d984fd327fa8"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-invalid-checksum", "hashes": ["73d73c1a9f1e4494f550597a9d2438a79ebd900914c8b0851164aea5f1cb688e", "6946be08c392001c142ad89213ff0860f3f3eac188b30c877e10783d435334ba", "49704324bbf8ffde957586c01cc85d45a970458d2697fe34f381d7cb82d7f88d", "26dfd674facde0f957bb4ed81e7cea4dae37114ced4d59c491d86bfc667d5dc4", "52fe24425eb3e6248e59fd959ce1956e09d1cbb65809f63706f0f9170ea0eb48", "eaf65d454e9ba165ada208f4482a760f0cdf23b15aa94022aa9617bf03609f2f", "c1504e3f1b761540498a0fde42e462c0b20676502981ce84aa41049550159aab", "32ac27ab6cd0654430449b0624a744169e2d0cc6769192fd79599e1ab6717632", "c2014131fcee489c7e1c4a943237bd89dfeb5ba2ab1216ff89cfb202b00e2671", "ca566fce1a39c24dd34479446524eac96d5e43634134e9e7616d2a18d5fba5ca", "0309e6c7cd2a73721e6956af2ec340c948bc5009450f76c9337ded167e60cfbd", "b1da9aaa33886f2d103540ffd831f46d5f97280eca05f8013e277579cfd0051a", "975d3f301392e173335b801f6a12e3a7556ba00c2984a968ca033a44e69610c3", "a6ab70d56a50d8446028ec0fef89bbde4e4a5784fd8a471b50392c0230d88fb0", "df05799c88e4cb5cbc2661b83e286d3247fa682dae330e6932c52a1d661935cb", "7d2f5afc77e09d02b604cbdbfb5b33941914296966306761478609a23cd3a14e", "f5e2cf6885a62fad9a6488a8487e0490e5892bfac0dddeff515ba97b2b86d2cd", "5c86c8c3bad2edd4174675a5dbab131d9b84ca5e5325431d2fa91d1c22292afa", "3596f41561adf0d6eeb205b7414e17993f20da0590a28d2a4c94d984fd327fa8"], "mitre_attack_tags": []}, {"bi": "excessive-foreign-memory-modification", "hashes": ["73d73c1a9f1e4494f550597a9d2438a79ebd900914c8b0851164aea5f1cb688e", "6946be08c392001c142ad89213ff0860f3f3eac188b30c877e10783d435334ba", "49704324bbf8ffde957586c01cc85d45a970458d2697fe34f381d7cb82d7f88d", "26dfd674facde0f957bb4ed81e7cea4dae37114ced4d59c491d86bfc667d5dc4", "52fe24425eb3e6248e59fd959ce1956e09d1cbb65809f63706f0f9170ea0eb48", "eaf65d454e9ba165ada208f4482a760f0cdf23b15aa94022aa9617bf03609f2f", "c1504e3f1b761540498a0fde42e462c0b20676502981ce84aa41049550159aab", "32ac27ab6cd0654430449b0624a744169e2d0cc6769192fd79599e1ab6717632", "c2014131fcee489c7e1c4a943237bd89dfeb5ba2ab1216ff89cfb202b00e2671", "ca566fce1a39c24dd34479446524eac96d5e43634134e9e7616d2a18d5fba5ca", "0309e6c7cd2a73721e6956af2ec340c948bc5009450f76c9337ded167e60cfbd", "b1da9aaa33886f2d103540ffd831f46d5f97280eca05f8013e277579cfd0051a", "975d3f301392e173335b801f6a12e3a7556ba00c2984a968ca033a44e69610c3", "a6ab70d56a50d8446028ec0fef89bbde4e4a5784fd8a471b50392c0230d88fb0", "df05799c88e4cb5cbc2661b83e286d3247fa682dae330e6932c52a1d661935cb", "7d2f5afc77e09d02b604cbdbfb5b33941914296966306761478609a23cd3a14e", "f5e2cf6885a62fad9a6488a8487e0490e5892bfac0dddeff515ba97b2b86d2cd", "5c86c8c3bad2edd4174675a5dbab131d9b84ca5e5325431d2fa91d1c22292afa", "3596f41561adf0d6eeb205b7414e17993f20da0590a28d2a4c94d984fd327fa8"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "pe-suspicious-corrupt", "hashes": ["73d73c1a9f1e4494f550597a9d2438a79ebd900914c8b0851164aea5f1cb688e", "6946be08c392001c142ad89213ff0860f3f3eac188b30c877e10783d435334ba", "49704324bbf8ffde957586c01cc85d45a970458d2697fe34f381d7cb82d7f88d", "26dfd674facde0f957bb4ed81e7cea4dae37114ced4d59c491d86bfc667d5dc4", "52fe24425eb3e6248e59fd959ce1956e09d1cbb65809f63706f0f9170ea0eb48", "eaf65d454e9ba165ada208f4482a760f0cdf23b15aa94022aa9617bf03609f2f", "c1504e3f1b761540498a0fde42e462c0b20676502981ce84aa41049550159aab", "32ac27ab6cd0654430449b0624a744169e2d0cc6769192fd79599e1ab6717632", "c2014131fcee489c7e1c4a943237bd89dfeb5ba2ab1216ff89cfb202b00e2671", "ca566fce1a39c24dd34479446524eac96d5e43634134e9e7616d2a18d5fba5ca", "0309e6c7cd2a73721e6956af2ec340c948bc5009450f76c9337ded167e60cfbd", "b1da9aaa33886f2d103540ffd831f46d5f97280eca05f8013e277579cfd0051a", "975d3f301392e173335b801f6a12e3a7556ba00c2984a968ca033a44e69610c3", "a6ab70d56a50d8446028ec0fef89bbde4e4a5784fd8a471b50392c0230d88fb0", "df05799c88e4cb5cbc2661b83e286d3247fa682dae330e6932c52a1d661935cb", "7d2f5afc77e09d02b604cbdbfb5b33941914296966306761478609a23cd3a14e", "f5e2cf6885a62fad9a6488a8487e0490e5892bfac0dddeff515ba97b2b86d2cd", "5c86c8c3bad2edd4174675a5dbab131d9b84ca5e5325431d2fa91d1c22292afa", "3596f41561adf0d6eeb205b7414e17993f20da0590a28d2a4c94d984fd327fa8"], "mitre_attack_tags": []}, {"bi": "process-hollowing-detected", "hashes": ["73d73c1a9f1e4494f550597a9d2438a79ebd900914c8b0851164aea5f1cb688e", "6946be08c392001c142ad89213ff0860f3f3eac188b30c877e10783d435334ba", "49704324bbf8ffde957586c01cc85d45a970458d2697fe34f381d7cb82d7f88d", "26dfd674facde0f957bb4ed81e7cea4dae37114ced4d59c491d86bfc667d5dc4", "52fe24425eb3e6248e59fd959ce1956e09d1cbb65809f63706f0f9170ea0eb48", "eaf65d454e9ba165ada208f4482a760f0cdf23b15aa94022aa9617bf03609f2f", "c1504e3f1b761540498a0fde42e462c0b20676502981ce84aa41049550159aab", "32ac27ab6cd0654430449b0624a744169e2d0cc6769192fd79599e1ab6717632", "c2014131fcee489c7e1c4a943237bd89dfeb5ba2ab1216ff89cfb202b00e2671", "ca566fce1a39c24dd34479446524eac96d5e43634134e9e7616d2a18d5fba5ca", "0309e6c7cd2a73721e6956af2ec340c948bc5009450f76c9337ded167e60cfbd", "b1da9aaa33886f2d103540ffd831f46d5f97280eca05f8013e277579cfd0051a", "975d3f301392e173335b801f6a12e3a7556ba00c2984a968ca033a44e69610c3", "a6ab70d56a50d8446028ec0fef89bbde4e4a5784fd8a471b50392c0230d88fb0", "df05799c88e4cb5cbc2661b83e286d3247fa682dae330e6932c52a1d661935cb", "f5e2cf6885a62fad9a6488a8487e0490e5892bfac0dddeff515ba97b2b86d2cd"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "sample-launched-copy-of-self", "hashes": ["73d73c1a9f1e4494f550597a9d2438a79ebd900914c8b0851164aea5f1cb688e", "6946be08c392001c142ad89213ff0860f3f3eac188b30c877e10783d435334ba", "49704324bbf8ffde957586c01cc85d45a970458d2697fe34f381d7cb82d7f88d", "26dfd674facde0f957bb4ed81e7cea4dae37114ced4d59c491d86bfc667d5dc4", "52fe24425eb3e6248e59fd959ce1956e09d1cbb65809f63706f0f9170ea0eb48", "eaf65d454e9ba165ada208f4482a760f0cdf23b15aa94022aa9617bf03609f2f", "32ac27ab6cd0654430449b0624a744169e2d0cc6769192fd79599e1ab6717632", "ca566fce1a39c24dd34479446524eac96d5e43634134e9e7616d2a18d5fba5ca", "0309e6c7cd2a73721e6956af2ec340c948bc5009450f76c9337ded167e60cfbd", "b1da9aaa33886f2d103540ffd831f46d5f97280eca05f8013e277579cfd0051a", "975d3f301392e173335b801f6a12e3a7556ba00c2984a968ca033a44e69610c3", "df05799c88e4cb5cbc2661b83e286d3247fa682dae330e6932c52a1d661935cb", "f5e2cf6885a62fad9a6488a8487e0490e5892bfac0dddeff515ba97b2b86d2cd", "5c86c8c3bad2edd4174675a5dbab131d9b84ca5e5325431d2fa91d1c22292afa", "3596f41561adf0d6eeb205b7414e17993f20da0590a28d2a4c94d984fd327fa8"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "modified-file-in-user-dir", "hashes": ["73d73c1a9f1e4494f550597a9d2438a79ebd900914c8b0851164aea5f1cb688e", "49704324bbf8ffde957586c01cc85d45a970458d2697fe34f381d7cb82d7f88d", "26dfd674facde0f957bb4ed81e7cea4dae37114ced4d59c491d86bfc667d5dc4", "52fe24425eb3e6248e59fd959ce1956e09d1cbb65809f63706f0f9170ea0eb48", "eaf65d454e9ba165ada208f4482a760f0cdf23b15aa94022aa9617bf03609f2f", "c1504e3f1b761540498a0fde42e462c0b20676502981ce84aa41049550159aab", "32ac27ab6cd0654430449b0624a744169e2d0cc6769192fd79599e1ab6717632", "c2014131fcee489c7e1c4a943237bd89dfeb5ba2ab1216ff89cfb202b00e2671", "ca566fce1a39c24dd34479446524eac96d5e43634134e9e7616d2a18d5fba5ca", "0309e6c7cd2a73721e6956af2ec340c948bc5009450f76c9337ded167e60cfbd", "a6ab70d56a50d8446028ec0fef89bbde4e4a5784fd8a471b50392c0230d88fb0", "7d2f5afc77e09d02b604cbdbfb5b33941914296966306761478609a23cd3a14e", "5c86c8c3bad2edd4174675a5dbab131d9b84ca5e5325431d2fa91d1c22292afa", "3596f41561adf0d6eeb205b7414e17993f20da0590a28d2a4c94d984fd327fa8"], "mitre_attack_tags": []}, {"bi": "modified-executable", "hashes": ["49704324bbf8ffde957586c01cc85d45a970458d2697fe34f381d7cb82d7f88d", "26dfd674facde0f957bb4ed81e7cea4dae37114ced4d59c491d86bfc667d5dc4", "0309e6c7cd2a73721e6956af2ec340c948bc5009450f76c9337ded167e60cfbd", "a6ab70d56a50d8446028ec0fef89bbde4e4a5784fd8a471b50392c0230d88fb0", "7d2f5afc77e09d02b604cbdbfb5b33941914296966306761478609a23cd3a14e", "5c86c8c3bad2edd4174675a5dbab131d9b84ca5e5325431d2fa91d1c22292afa", "3596f41561adf0d6eeb205b7414e17993f20da0590a28d2a4c94d984fd327fa8"], "mitre_attack_tags": []}, {"bi": "registry-autorun-key-modified", "hashes": ["49704324bbf8ffde957586c01cc85d45a970458d2697fe34f381d7cb82d7f88d", "26dfd674facde0f957bb4ed81e7cea4dae37114ced4d59c491d86bfc667d5dc4", "c1504e3f1b761540498a0fde42e462c0b20676502981ce84aa41049550159aab", "a6ab70d56a50d8446028ec0fef89bbde4e4a5784fd8a471b50392c0230d88fb0", "7d2f5afc77e09d02b604cbdbfb5b33941914296966306761478609a23cd3a14e", "5c86c8c3bad2edd4174675a5dbab131d9b84ca5e5325431d2fa91d1c22292afa", "3596f41561adf0d6eeb205b7414e17993f20da0590a28d2a4c94d984fd327fa8"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "firefox-password-manager-local-database-access", "hashes": ["73d73c1a9f1e4494f550597a9d2438a79ebd900914c8b0851164aea5f1cb688e", "52fe24425eb3e6248e59fd959ce1956e09d1cbb65809f63706f0f9170ea0eb48", "32ac27ab6cd0654430449b0624a744169e2d0cc6769192fd79599e1ab6717632", "c2014131fcee489c7e1c4a943237bd89dfeb5ba2ab1216ff89cfb202b00e2671", "ca566fce1a39c24dd34479446524eac96d5e43634134e9e7616d2a18d5fba5ca", "0309e6c7cd2a73721e6956af2ec340c948bc5009450f76c9337ded167e60cfbd"], "mitre_attack_tags": ["TA0006", "T1003"]}, {"bi": "enumeration-browser-information", "hashes": ["73d73c1a9f1e4494f550597a9d2438a79ebd900914c8b0851164aea5f1cb688e", "52fe24425eb3e6248e59fd959ce1956e09d1cbb65809f63706f0f9170ea0eb48", "32ac27ab6cd0654430449b0624a744169e2d0cc6769192fd79599e1ab6717632", "c2014131fcee489c7e1c4a943237bd89dfeb5ba2ab1216ff89cfb202b00e2671", "ca566fce1a39c24dd34479446524eac96d5e43634134e9e7616d2a18d5fba5ca", "0309e6c7cd2a73721e6956af2ec340c948bc5009450f76c9337ded167e60cfbd"], "mitre_attack_tags": ["TA0007", "TA0009", "TA0006", "T1083", "T1217", "T1005", "T1119", "T1552", "T1539", "T1555"]}, {"bi": "network-fast-flux-nameserver", "hashes": ["6946be08c392001c142ad89213ff0860f3f3eac188b30c877e10783d435334ba", "26dfd674facde0f957bb4ed81e7cea4dae37114ced4d59c491d86bfc667d5dc4", "b1da9aaa33886f2d103540ffd831f46d5f97280eca05f8013e277579cfd0051a", "7d2f5afc77e09d02b604cbdbfb5b33941914296966306761478609a23cd3a14e", "5c86c8c3bad2edd4174675a5dbab131d9b84ca5e5325431d2fa91d1c22292afa", "3596f41561adf0d6eeb205b7414e17993f20da0590a28d2a4c94d984fd327fa8"], "mitre_attack_tags": []}, {"bi": "malware-ufr-mutex-detected", "hashes": ["52fe24425eb3e6248e59fd959ce1956e09d1cbb65809f63706f0f9170ea0eb48", "c2014131fcee489c7e1c4a943237bd89dfeb5ba2ab1216ff89cfb202b00e2671", "0309e6c7cd2a73721e6956af2ec340c948bc5009450f76c9337ded167e60cfbd", "975d3f301392e173335b801f6a12e3a7556ba00c2984a968ca033a44e69610c3", "df05799c88e4cb5cbc2661b83e286d3247fa682dae330e6932c52a1d661935cb", "f5e2cf6885a62fad9a6488a8487e0490e5892bfac0dddeff515ba97b2b86d2cd"], "mitre_attack_tags": []}, {"bi": "antivirus-flagged-artifact", "hashes": ["73d73c1a9f1e4494f550597a9d2438a79ebd900914c8b0851164aea5f1cb688e", "26dfd674facde0f957bb4ed81e7cea4dae37114ced4d59c491d86bfc667d5dc4", "32ac27ab6cd0654430449b0624a744169e2d0cc6769192fd79599e1ab6717632", "ca566fce1a39c24dd34479446524eac96d5e43634134e9e7616d2a18d5fba5ca", "5c86c8c3bad2edd4174675a5dbab131d9b84ca5e5325431d2fa91d1c22292afa"], "mitre_attack_tags": []}, {"bi": "malware-known-trojan-av", "hashes": ["73d73c1a9f1e4494f550597a9d2438a79ebd900914c8b0851164aea5f1cb688e", "26dfd674facde0f957bb4ed81e7cea4dae37114ced4d59c491d86bfc667d5dc4", "32ac27ab6cd0654430449b0624a744169e2d0cc6769192fd79599e1ab6717632", "ca566fce1a39c24dd34479446524eac96d5e43634134e9e7616d2a18d5fba5ca", "5c86c8c3bad2edd4174675a5dbab131d9b84ca5e5325431d2fa91d1c22292afa"], "mitre_attack_tags": []}, {"bi": "feed-domain-antivirus-service", "hashes": ["c1504e3f1b761540498a0fde42e462c0b20676502981ce84aa41049550159aab", "c2014131fcee489c7e1c4a943237bd89dfeb5ba2ab1216ff89cfb202b00e2671", "a6ab70d56a50d8446028ec0fef89bbde4e4a5784fd8a471b50392c0230d88fb0", "df05799c88e4cb5cbc2661b83e286d3247fa682dae330e6932c52a1d661935cb", "f5e2cf6885a62fad9a6488a8487e0490e5892bfac0dddeff515ba97b2b86d2cd"], "mitre_attack_tags": []}, {"bi": "network-only-safe-domains-contacted", "hashes": ["49704324bbf8ffde957586c01cc85d45a970458d2697fe34f381d7cb82d7f88d", "c1504e3f1b761540498a0fde42e462c0b20676502981ce84aa41049550159aab", "c2014131fcee489c7e1c4a943237bd89dfeb5ba2ab1216ff89cfb202b00e2671", "a6ab70d56a50d8446028ec0fef89bbde4e4a5784fd8a471b50392c0230d88fb0"], "mitre_attack_tags": []}, {"bi": "registry-activesetup-key-modified", "hashes": ["49704324bbf8ffde957586c01cc85d45a970458d2697fe34f381d7cb82d7f88d", "7d2f5afc77e09d02b604cbdbfb5b33941914296966306761478609a23cd3a14e", "5c86c8c3bad2edd4174675a5dbab131d9b84ca5e5325431d2fa91d1c22292afa", "3596f41561adf0d6eeb205b7414e17993f20da0590a28d2a4c94d984fd327fa8"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "dns-dynamic-domain", "hashes": ["26dfd674facde0f957bb4ed81e7cea4dae37114ced4d59c491d86bfc667d5dc4", "7d2f5afc77e09d02b604cbdbfb5b33941914296966306761478609a23cd3a14e", "5c86c8c3bad2edd4174675a5dbab131d9b84ca5e5325431d2fa91d1c22292afa", "3596f41561adf0d6eeb205b7414e17993f20da0590a28d2a4c94d984fd327fa8"], "mitre_attack_tags": ["TA0011", "T1568"]}, {"bi": "process-svchost-suspicious-launch", "hashes": ["c1504e3f1b761540498a0fde42e462c0b20676502981ce84aa41049550159aab", "a6ab70d56a50d8446028ec0fef89bbde4e4a5784fd8a471b50392c0230d88fb0", "7d2f5afc77e09d02b604cbdbfb5b33941914296966306761478609a23cd3a14e", "5c86c8c3bad2edd4174675a5dbab131d9b84ca5e5325431d2fa91d1c22292afa"], "mitre_attack_tags": ["TA0005", "T1036"]}, {"bi": "file-ini-modified", "hashes": ["73d73c1a9f1e4494f550597a9d2438a79ebd900914c8b0851164aea5f1cb688e", "32ac27ab6cd0654430449b0624a744169e2d0cc6769192fd79599e1ab6717632", "ca566fce1a39c24dd34479446524eac96d5e43634134e9e7616d2a18d5fba5ca"], "mitre_attack_tags": ["TA0003"]}, {"bi": "pe-vb-imports-toolhelp", "hashes": ["73d73c1a9f1e4494f550597a9d2438a79ebd900914c8b0851164aea5f1cb688e", "32ac27ab6cd0654430449b0624a744169e2d0cc6769192fd79599e1ab6717632", "ca566fce1a39c24dd34479446524eac96d5e43634134e9e7616d2a18d5fba5ca"], "mitre_attack_tags": ["TA0007", "T1057"]}, {"bi": "pe-resource-lang-romanian", "hashes": ["73d73c1a9f1e4494f550597a9d2438a79ebd900914c8b0851164aea5f1cb688e", "32ac27ab6cd0654430449b0624a744169e2d0cc6769192fd79599e1ab6717632", "ca566fce1a39c24dd34479446524eac96d5e43634134e9e7616d2a18d5fba5ca"], "mitre_attack_tags": []}, {"bi": "pe-packed-upx", "hashes": ["6946be08c392001c142ad89213ff0860f3f3eac188b30c877e10783d435334ba", "26dfd674facde0f957bb4ed81e7cea4dae37114ced4d59c491d86bfc667d5dc4", "b1da9aaa33886f2d103540ffd831f46d5f97280eca05f8013e277579cfd0051a"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "network-fast-flux-domain", "hashes": ["49704324bbf8ffde957586c01cc85d45a970458d2697fe34f381d7cb82d7f88d", "c2014131fcee489c7e1c4a943237bd89dfeb5ba2ab1216ff89cfb202b00e2671", "3596f41561adf0d6eeb205b7414e17993f20da0590a28d2a4c94d984fd327fa8"], "mitre_attack_tags": []}, {"bi": "process-explorer-suspicious-launch", "hashes": ["49704324bbf8ffde957586c01cc85d45a970458d2697fe34f381d7cb82d7f88d", "7d2f5afc77e09d02b604cbdbfb5b33941914296966306761478609a23cd3a14e", "3596f41561adf0d6eeb205b7414e17993f20da0590a28d2a4c94d984fd327fa8"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "network-dns-safe-categories", "hashes": ["49704324bbf8ffde957586c01cc85d45a970458d2697fe34f381d7cb82d7f88d", "26dfd674facde0f957bb4ed81e7cea4dae37114ced4d59c491d86bfc667d5dc4", "5c86c8c3bad2edd4174675a5dbab131d9b84ca5e5325431d2fa91d1c22292afa"], "mitre_attack_tags": []}, {"bi": "created-executable-in-user-dir", "hashes": ["26dfd674facde0f957bb4ed81e7cea4dae37114ced4d59c491d86bfc667d5dc4", "0309e6c7cd2a73721e6956af2ec340c948bc5009450f76c9337ded167e60cfbd", "a6ab70d56a50d8446028ec0fef89bbde4e4a5784fd8a471b50392c0230d88fb0"], "mitre_attack_tags": []}, {"bi": "malware-generic-infostealer", "hashes": ["52fe24425eb3e6248e59fd959ce1956e09d1cbb65809f63706f0f9170ea0eb48", "c2014131fcee489c7e1c4a943237bd89dfeb5ba2ab1216ff89cfb202b00e2671", "0309e6c7cd2a73721e6956af2ec340c948bc5009450f76c9337ded167e60cfbd"], "mitre_attack_tags": ["TA0007", "TA0009", "TA0006", "T1083", "T1005", "T1119", "T1552"]}, {"bi": "enumeration-chat-program-information", "hashes": ["52fe24425eb3e6248e59fd959ce1956e09d1cbb65809f63706f0f9170ea0eb48", "c2014131fcee489c7e1c4a943237bd89dfeb5ba2ab1216ff89cfb202b00e2671", "0309e6c7cd2a73721e6956af2ec340c948bc5009450f76c9337ded167e60cfbd"], "mitre_attack_tags": ["TA0007", "TA0009", "TA0006", "T1083", "T1005", "T1119", "T1552"]}, {"bi": "enumeration-email-program-information", "hashes": ["52fe24425eb3e6248e59fd959ce1956e09d1cbb65809f63706f0f9170ea0eb48", "c2014131fcee489c7e1c4a943237bd89dfeb5ba2ab1216ff89cfb202b00e2671", "0309e6c7cd2a73721e6956af2ec340c948bc5009450f76c9337ded167e60cfbd"], "mitre_attack_tags": ["TA0007", "TA0009", "TA0006", "T1083", "T1087", "T1005", "T1119", "T1114", "T1552"]}, {"bi": "enumeration-vpn-program-information", "hashes": ["52fe24425eb3e6248e59fd959ce1956e09d1cbb65809f63706f0f9170ea0eb48", "c2014131fcee489c7e1c4a943237bd89dfeb5ba2ab1216ff89cfb202b00e2671", "0309e6c7cd2a73721e6956af2ec340c948bc5009450f76c9337ded167e60cfbd"], "mitre_attack_tags": ["TA0007", "TA0009", "TA0006", "T1083", "T1005", "T1119", "T1552", "T1555"]}, {"bi": "http-response-redirect", "hashes": ["c1504e3f1b761540498a0fde42e462c0b20676502981ce84aa41049550159aab", "a6ab70d56a50d8446028ec0fef89bbde4e4a5784fd8a471b50392c0230d88fb0", "3596f41561adf0d6eeb205b7414e17993f20da0590a28d2a4c94d984fd327fa8"], "mitre_attack_tags": []}, {"bi": "url-not-found", "hashes": ["c1504e3f1b761540498a0fde42e462c0b20676502981ce84aa41049550159aab", "a6ab70d56a50d8446028ec0fef89bbde4e4a5784fd8a471b50392c0230d88fb0", "3596f41561adf0d6eeb205b7414e17993f20da0590a28d2a4c94d984fd327fa8"], "mitre_attack_tags": []}, {"bi": "potential-registry-persistence", "hashes": ["7d2f5afc77e09d02b604cbdbfb5b33941914296966306761478609a23cd3a14e", "5c86c8c3bad2edd4174675a5dbab131d9b84ca5e5325431d2fa91d1c22292afa", "3596f41561adf0d6eeb205b7414e17993f20da0590a28d2a4c94d984fd327fa8"], "mitre_attack_tags": ["TA0003"]}, {"bi": "malware-xtreme-rat-default-mutex-detected", "hashes": ["7d2f5afc77e09d02b604cbdbfb5b33941914296966306761478609a23cd3a14e", "5c86c8c3bad2edd4174675a5dbab131d9b84ca5e5325431d2fa91d1c22292afa", "3596f41561adf0d6eeb205b7414e17993f20da0590a28d2a4c94d984fd327fa8"], "mitre_attack_tags": []}, {"bi": "network-opendns-malicious", "hashes": ["6946be08c392001c142ad89213ff0860f3f3eac188b30c877e10783d435334ba", "b1da9aaa33886f2d103540ffd831f46d5f97280eca05f8013e277579cfd0051a"], "mitre_attack_tags": []}, {"bi": "network-dns-category-dynamic", "hashes": ["6946be08c392001c142ad89213ff0860f3f3eac188b30c877e10783d435334ba", "b1da9aaa33886f2d103540ffd831f46d5f97280eca05f8013e277579cfd0051a"], "mitre_attack_tags": []}, {"bi": "sample-launched-copy-domain-flagged", "hashes": ["6946be08c392001c142ad89213ff0860f3f3eac188b30c877e10783d435334ba", "b1da9aaa33886f2d103540ffd831f46d5f97280eca05f8013e277579cfd0051a"], "mitre_attack_tags": ["TA0011", "T1102"]}, {"bi": "malware-darkcomet-mutex-detected", "hashes": ["49704324bbf8ffde957586c01cc85d45a970458d2697fe34f381d7cb82d7f88d", "26dfd674facde0f957bb4ed81e7cea4dae37114ced4d59c491d86bfc667d5dc4"], "mitre_attack_tags": []}, {"bi": "network-file-uploaded", "hashes": ["c1504e3f1b761540498a0fde42e462c0b20676502981ce84aa41049550159aab", "a6ab70d56a50d8446028ec0fef89bbde4e4a5784fd8a471b50392c0230d88fb0"], "mitre_attack_tags": ["TA0010", "T1011"]}, {"bi": "network-communications-http-post", "hashes": ["c1504e3f1b761540498a0fde42e462c0b20676502981ce84aa41049550159aab", "a6ab70d56a50d8446028ec0fef89bbde4e4a5784fd8a471b50392c0230d88fb0"], "mitre_attack_tags": ["TA0010", "T1048"]}, {"bi": "feed-domain-rat", "hashes": ["c1504e3f1b761540498a0fde42e462c0b20676502981ce84aa41049550159aab", "a6ab70d56a50d8446028ec0fef89bbde4e4a5784fd8a471b50392c0230d88fb0"], "mitre_attack_tags": []}, {"bi": "dns-public-server-contacted", "hashes": ["c1504e3f1b761540498a0fde42e462c0b20676502981ce84aa41049550159aab", "a6ab70d56a50d8446028ec0fef89bbde4e4a5784fd8a471b50392c0230d88fb0"], "mitre_attack_tags": ["TA0011", "T1071"]}, {"bi": "malware-dropper-andromeda-gamarue", "hashes": ["c1504e3f1b761540498a0fde42e462c0b20676502981ce84aa41049550159aab", "a6ab70d56a50d8446028ec0fef89bbde4e4a5784fd8a471b50392c0230d88fb0"], "mitre_attack_tags": []}, {"bi": "deleted-submitted-file", "hashes": ["c2014131fcee489c7e1c4a943237bd89dfeb5ba2ab1216ff89cfb202b00e2671", "7d2f5afc77e09d02b604cbdbfb5b33941914296966306761478609a23cd3a14e"], "mitre_attack_tags": ["TA0005"]}, {"bi": "dns-query-nxdomain", "hashes": ["df05799c88e4cb5cbc2661b83e286d3247fa682dae330e6932c52a1d661935cb", "f5e2cf6885a62fad9a6488a8487e0490e5892bfac0dddeff515ba97b2b86d2cd"], "mitre_attack_tags": []}, {"bi": "modified-file-in-system-dir", "hashes": ["7d2f5afc77e09d02b604cbdbfb5b33941914296966306761478609a23cd3a14e", "3596f41561adf0d6eeb205b7414e17993f20da0590a28d2a4c94d984fd327fa8"], "mitre_attack_tags": []}, {"bi": "process-with-multiple-children", "hashes": ["7d2f5afc77e09d02b604cbdbfb5b33941914296966306761478609a23cd3a14e", "5c86c8c3bad2edd4174675a5dbab131d9b84ca5e5325431d2fa91d1c22292afa"], "mitre_attack_tags": ["TA0005"]}, {"bi": "malware-svchost-misspell", "hashes": ["49704324bbf8ffde957586c01cc85d45a970458d2697fe34f381d7cb82d7f88d"], "mitre_attack_tags": ["TA0005", "T1036"]}, {"bi": "malware-misspell-binary", "hashes": ["49704324bbf8ffde957586c01cc85d45a970458d2697fe34f381d7cb82d7f88d"], "mitre_attack_tags": ["TA0005", "T1036"]}, {"bi": "malware-cybergate-rat", "hashes": ["49704324bbf8ffde957586c01cc85d45a970458d2697fe34f381d7cb82d7f88d"], "mitre_attack_tags": []}, {"bi": "netbios-query", "hashes": ["26dfd674facde0f957bb4ed81e7cea4dae37114ced4d59c491d86bfc667d5dc4"], "mitre_attack_tags": ["TA0007", "T1016"]}, {"bi": "registry-winlogon-key-modified-nt", "hashes": ["26dfd674facde0f957bb4ed81e7cea4dae37114ced4d59c491d86bfc667d5dc4"], "mitre_attack_tags": ["TA0005", "TA0003", "TA0004", "T1112", "T1547"]}, {"bi": "windows-util-attrib-hide", "hashes": ["26dfd674facde0f957bb4ed81e7cea4dae37114ced4d59c491d86bfc667d5dc4"], "mitre_attack_tags": ["TA0005", "T1564"]}, {"bi": "malware-darkcomet-detected", "hashes": ["26dfd674facde0f957bb4ed81e7cea4dae37114ced4d59c491d86bfc667d5dc4"], "mitre_attack_tags": []}, {"bi": "malware-darkcomet-registry-detected", "hashes": ["26dfd674facde0f957bb4ed81e7cea4dae37114ced4d59c491d86bfc667d5dc4"], "mitre_attack_tags": []}, {"bi": "file-attribute-modification", "hashes": ["26dfd674facde0f957bb4ed81e7cea4dae37114ced4d59c491d86bfc667d5dc4"], "mitre_attack_tags": ["TA0005", "T1564"]}, {"bi": "disables-windows-firewall", "hashes": ["26dfd674facde0f957bb4ed81e7cea4dae37114ced4d59c491d86bfc667d5dc4"], "mitre_attack_tags": ["TA0005", "T1562"]}, {"bi": "registry-winlogon-key-value-modified-to-userinit", "hashes": ["26dfd674facde0f957bb4ed81e7cea4dae37114ced4d59c491d86bfc667d5dc4"], "mitre_attack_tags": ["TA0005", "TA0003", "TA0004", "T1112", "T1547"]}, {"bi": "malware-bifrost-default-mutex-detected", "hashes": ["eaf65d454e9ba165ada208f4482a760f0cdf23b15aa94022aa9617bf03609f2f"], "mitre_attack_tags": []}, {"bi": "registry-autorun-key-bat-file", "hashes": ["c1504e3f1b761540498a0fde42e462c0b20676502981ce84aa41049550159aab"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "network-communications-smtp", "hashes": ["c2014131fcee489c7e1c4a943237bd89dfeb5ba2ab1216ff89cfb202b00e2671"], "mitre_attack_tags": ["TA0011", "T1071"]}, {"bi": "network-smtp-spambot", "hashes": ["c2014131fcee489c7e1c4a943237bd89dfeb5ba2ab1216ff89cfb202b00e2671"], "mitre_attack_tags": []}, {"bi": "cmd-exe-file-execution", "hashes": ["c2014131fcee489c7e1c4a943237bd89dfeb5ba2ab1216ff89cfb202b00e2671"], "mitre_attack_tags": ["TA0002", "T1059"]}, {"bi": "cmd-exe-file-deletion", "hashes": ["c2014131fcee489c7e1c4a943237bd89dfeb5ba2ab1216ff89cfb202b00e2671"], "mitre_attack_tags": ["TA0005"]}, {"bi": "pe-filename-mismatch", "hashes": ["0309e6c7cd2a73721e6956af2ec340c948bc5009450f76c9337ded167e60cfbd"], "mitre_attack_tags": []}, {"bi": "hook-installed", "hashes": ["0309e6c7cd2a73721e6956af2ec340c948bc5009450f76c9337ded167e60cfbd"], "mitre_attack_tags": ["TA0009", "TA0006", "T1056"]}, {"bi": "pe-resource-lang-russian", "hashes": ["0309e6c7cd2a73721e6956af2ec340c948bc5009450f76c9337ded167e60cfbd"], "mitre_attack_tags": []}, {"bi": "pe-tls-callback", "hashes": ["0309e6c7cd2a73721e6956af2ec340c948bc5009450f76c9337ded167e60cfbd"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "artifact-exec-extension-obfuscation", "hashes": ["0309e6c7cd2a73721e6956af2ec340c948bc5009450f76c9337ded167e60cfbd"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-header-timestamp-prior", "hashes": ["0309e6c7cd2a73721e6956af2ec340c948bc5009450f76c9337ded167e60cfbd"], "mitre_attack_tags": []}, {"bi": "pe-section-shared", "hashes": ["0309e6c7cd2a73721e6956af2ec340c948bc5009450f76c9337ded167e60cfbd"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-resource-lang-spanish", "hashes": ["0309e6c7cd2a73721e6956af2ec340c948bc5009450f76c9337ded167e60cfbd"], "mitre_attack_tags": []}, {"bi": "embedded-pe-resource2", "hashes": ["0309e6c7cd2a73721e6956af2ec340c948bc5009450f76c9337ded167e60cfbd"], "mitre_attack_tags": []}, {"bi": "pe-resource-lang-korean", "hashes": ["0309e6c7cd2a73721e6956af2ec340c948bc5009450f76c9337ded167e60cfbd"], "mitre_attack_tags": []}, {"bi": "process-inno-path-detected", "hashes": ["0309e6c7cd2a73721e6956af2ec340c948bc5009450f76c9337ded167e60cfbd"], "mitre_attack_tags": ["TA0002", "TA0008"]}, {"bi": "artifact-flagged-inno-setup", "hashes": ["0309e6c7cd2a73721e6956af2ec340c948bc5009450f76c9337ded167e60cfbd"], "mitre_attack_tags": ["TA0002", "TA0008"]}, {"bi": "imports-IsDebuggerPresent", "hashes": ["5c86c8c3bad2edd4174675a5dbab131d9b84ca5e5325431d2fa91d1c22292afa"], "mitre_attack_tags": ["TA0005", "TA0007"]}, {"bi": "pe-imports-psapi-dll", "hashes": ["5c86c8c3bad2edd4174675a5dbab131d9b84ca5e5325431d2fa91d1c22292afa"], "mitre_attack_tags": ["TA0007", "T1057"]}, {"bi": "pe-imports-toolhelp", "hashes": ["5c86c8c3bad2edd4174675a5dbab131d9b84ca5e5325431d2fa91d1c22292afa"], "mitre_attack_tags": ["TA0007", "T1057"]}, {"bi": "pe-uses-autoit", "hashes": ["5c86c8c3bad2edd4174675a5dbab131d9b84ca5e5325431d2fa91d1c22292afa"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "nginx-webserver-detected", "hashes": ["3596f41561adf0d6eeb205b7414e17993f20da0590a28d2a4c94d984fd327fa8"], "mitre_attack_tags": []}, {"bi": "network-communications-http-get", "hashes": ["3596f41561adf0d6eeb205b7414e17993f20da0590a28d2a4c94d984fd327fa8"], "mitre_attack_tags": ["TA0011", "T1105"]}, {"bi": "url-forced-download-prompt", "hashes": ["3596f41561adf0d6eeb205b7414e17993f20da0590a28d2a4c94d984fd327fa8"], "mitre_attack_tags": ["TA0011", "T1105"]}, {"bi": "network-file-downloaded-to-disk", "hashes": ["3596f41561adf0d6eeb205b7414e17993f20da0590a28d2a4c94d984fd327fa8"], "mitre_attack_tags": []}, {"bi": "network-snort-malware", "hashes": ["3596f41561adf0d6eeb205b7414e17993f20da0590a28d2a4c94d984fd327fa8"], "mitre_attack_tags": []}, {"bi": "registry-autorun-key-system-dir", "hashes": ["3596f41561adf0d6eeb205b7414e17993f20da0590a28d2a4c94d984fd327fa8"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "network-explorer-process", "hashes": ["3596f41561adf0d6eeb205b7414e17993f20da0590a28d2a4c94d984fd327fa8"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}], "category": "Dropper", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": true, "Threat Grid": true, "Umbrella": true, "WSA": true}, "description": "Bifrost is a backdoor with more than 10 variants. Bifrost uses the typical server, server builder, and client backdoor program configuration to allow a remote attacker to execute arbitrary code on the compromised machine. Bifrost contains standard RAT features including a file manager, screen capture utility, keylogging, video recording, microphone and camera monitoring, and a process manager. Bifrost uses a mutex that may be named \"Bif1234\" or \"Tr0gBot\" to mark its presence on the system.", "hashes": ["0309e6c7cd2a73721e6956af2ec340c948bc5009450f76c9337ded167e60cfbd", "26dfd674facde0f957bb4ed81e7cea4dae37114ced4d59c491d86bfc667d5dc4", "32ac27ab6cd0654430449b0624a744169e2d0cc6769192fd79599e1ab6717632", "3596f41561adf0d6eeb205b7414e17993f20da0590a28d2a4c94d984fd327fa8", "49704324bbf8ffde957586c01cc85d45a970458d2697fe34f381d7cb82d7f88d", "4c1986ea7e1ecea980fad59a62ddbf472bc2d7344c923332fd48f41dc6fbbe48", "52fe24425eb3e6248e59fd959ce1956e09d1cbb65809f63706f0f9170ea0eb48", "5c86c8c3bad2edd4174675a5dbab131d9b84ca5e5325431d2fa91d1c22292afa", "6946be08c392001c142ad89213ff0860f3f3eac188b30c877e10783d435334ba", "73d73c1a9f1e4494f550597a9d2438a79ebd900914c8b0851164aea5f1cb688e", "7d2f5afc77e09d02b604cbdbfb5b33941914296966306761478609a23cd3a14e", "975d3f301392e173335b801f6a12e3a7556ba00c2984a968ca033a44e69610c3", "a6ab70d56a50d8446028ec0fef89bbde4e4a5784fd8a471b50392c0230d88fb0", "b1da9aaa33886f2d103540ffd831f46d5f97280eca05f8013e277579cfd0051a", "c1504e3f1b761540498a0fde42e462c0b20676502981ce84aa41049550159aab", "c2014131fcee489c7e1c4a943237bd89dfeb5ba2ab1216ff89cfb202b00e2671", "ca566fce1a39c24dd34479446524eac96d5e43634134e9e7616d2a18d5fba5ca", "df05799c88e4cb5cbc2661b83e286d3247fa682dae330e6932c52a1d661935cb", "eaf65d454e9ba165ada208f4482a760f0cdf23b15aa94022aa9617bf03609f2f", "f5e2cf6885a62fad9a6488a8487e0490e5892bfac0dddeff515ba97b2b86d2cd"], "iocs": {"domain": [{"hashes": ["6946be08c392001c142ad89213ff0860f3f3eac188b30c877e10783d435334ba", "b1da9aaa33886f2d103540ffd831f46d5f97280eca05f8013e277579cfd0051a"], "host": "5noseqwa[.]no-ip[.]info"}, {"hashes": ["df05799c88e4cb5cbc2661b83e286d3247fa682dae330e6932c52a1d661935cb", "f5e2cf6885a62fad9a6488a8487e0490e5892bfac0dddeff515ba97b2b86d2cd"], "host": "ftp[.]vlakkeeetert[.]hol[.]es"}, {"hashes": ["a6ab70d56a50d8446028ec0fef89bbde4e4a5784fd8a471b50392c0230d88fb0", "c1504e3f1b761540498a0fde42e462c0b20676502981ce84aa41049550159aab"], "host": "f4n6[.]hut4[.]ru"}, {"hashes": ["c2014131fcee489c7e1c4a943237bd89dfeb5ba2ab1216ff89cfb202b00e2671"], "host": "smtp[.]mail[.]ru"}, {"hashes": ["49704324bbf8ffde957586c01cc85d45a970458d2697fe34f381d7cb82d7f88d"], "host": "www[.]server[.]com"}, {"hashes": ["7d2f5afc77e09d02b604cbdbfb5b33941914296966306761478609a23cd3a14e"], "host": "ati2evxx[.]sytes[.]net"}, {"hashes": ["3596f41561adf0d6eeb205b7414e17993f20da0590a28d2a4c94d984fd327fa8"], "host": "x1[.]i[.]lencr[.]org"}, {"hashes": ["26dfd674facde0f957bb4ed81e7cea4dae37114ced4d59c491d86bfc667d5dc4"], "host": "kiwa[.]no-ip[.]org"}, {"hashes": ["3596f41561adf0d6eeb205b7414e17993f20da0590a28d2a4c94d984fd327fa8"], "host": "lolzor2h[.]zapto[.]org"}, {"hashes": ["5c86c8c3bad2edd4174675a5dbab131d9b84ca5e5325431d2fa91d1c22292afa"], "host": "jalagui[.]no-ip[.]org"}, {"hashes": ["3596f41561adf0d6eeb205b7414e17993f20da0590a28d2a4c94d984fd327fa8"], "host": "www[.]webserver[.]com"}, {"hashes": ["3596f41561adf0d6eeb205b7414e17993f20da0590a28d2a4c94d984fd327fa8"], "host": "exploreinquiry[.]com"}], "file": [{"hashes": ["0309e6c7cd2a73721e6956af2ec340c948bc5009450f76c9337ded167e60cfbd", "52fe24425eb3e6248e59fd959ce1956e09d1cbb65809f63706f0f9170ea0eb48", "975d3f301392e173335b801f6a12e3a7556ba00c2984a968ca033a44e69610c3", "df05799c88e4cb5cbc2661b83e286d3247fa682dae330e6932c52a1d661935cb", "f5e2cf6885a62fad9a6488a8487e0490e5892bfac0dddeff515ba97b2b86d2cd"], "path": "\\TEMP\\ufr_reports"}, {"hashes": ["32ac27ab6cd0654430449b0624a744169e2d0cc6769192fd79599e1ab6717632", "73d73c1a9f1e4494f550597a9d2438a79ebd900914c8b0851164aea5f1cb688e", "ca566fce1a39c24dd34479446524eac96d5e43634134e9e7616d2a18d5fba5ca"], "path": "%TEMP%\\tmp.ini"}, {"hashes": ["5c86c8c3bad2edd4174675a5dbab131d9b84ca5e5325431d2fa91d1c22292afa", "7d2f5afc77e09d02b604cbdbfb5b33941914296966306761478609a23cd3a14e"], "path": "%APPDATA%\\Microsoft\\Windows\\((Mutex)).cfg"}, {"hashes": ["5c86c8c3bad2edd4174675a5dbab131d9b84ca5e5325431d2fa91d1c22292afa", "7d2f5afc77e09d02b604cbdbfb5b33941914296966306761478609a23cd3a14e"], "path": "%APPDATA%\\Microsoft\\Windows\\((Mutex)).dat"}, {"hashes": ["a6ab70d56a50d8446028ec0fef89bbde4e4a5784fd8a471b50392c0230d88fb0", "c1504e3f1b761540498a0fde42e462c0b20676502981ce84aa41049550159aab"], "path": "%ProgramData%\\Local Settings"}, {"hashes": ["a6ab70d56a50d8446028ec0fef89bbde4e4a5784fd8a471b50392c0230d88fb0", "c1504e3f1b761540498a0fde42e462c0b20676502981ce84aa41049550159aab"], "path": "%ProgramData%\\Local Settings\\Temp"}, {"hashes": ["26dfd674facde0f957bb4ed81e7cea4dae37114ced4d59c491d86bfc667d5dc4"], "path": "%APPDATA%\\dclogs"}, {"hashes": ["3596f41561adf0d6eeb205b7414e17993f20da0590a28d2a4c94d984fd327fa8"], "path": "%SystemRoot%\\InstallDir"}, {"hashes": ["3596f41561adf0d6eeb205b7414e17993f20da0590a28d2a4c94d984fd327fa8"], "path": "%SystemRoot%\\InstallDir\\Server.exe"}, {"hashes": ["49704324bbf8ffde957586c01cc85d45a970458d2697fe34f381d7cb82d7f88d"], "path": "%TEMP%\\Administrator7"}, {"hashes": ["49704324bbf8ffde957586c01cc85d45a970458d2697fe34f381d7cb82d7f88d"], "path": "%TEMP%\\Administrator8"}, {"hashes": ["49704324bbf8ffde957586c01cc85d45a970458d2697fe34f381d7cb82d7f88d"], "path": "%TEMP%\\Administrator2.txt"}, {"hashes": ["5c86c8c3bad2edd4174675a5dbab131d9b84ca5e5325431d2fa91d1c22292afa"], "path": "%TEMP%\\x.html"}, {"hashes": ["49704324bbf8ffde957586c01cc85d45a970458d2697fe34f381d7cb82d7f88d"], "path": "\\directory"}, {"hashes": ["49704324bbf8ffde957586c01cc85d45a970458d2697fe34f381d7cb82d7f88d"], "path": "\\directory\\CyberGate"}, {"hashes": ["eaf65d454e9ba165ada208f4482a760f0cdf23b15aa94022aa9617bf03609f2f"], "path": "%APPDATA%\\addon.dat"}, {"hashes": ["49704324bbf8ffde957586c01cc85d45a970458d2697fe34f381d7cb82d7f88d"], "path": "%APPDATA%\\Administratorlog.dat"}, {"hashes": ["26dfd674facde0f957bb4ed81e7cea4dae37114ced4d59c491d86bfc667d5dc4"], "path": "%HOMEPATH%\\Documents\\MSDCSC"}, {"hashes": ["26dfd674facde0f957bb4ed81e7cea4dae37114ced4d59c491d86bfc667d5dc4"], "path": "%HOMEPATH%\\Documents\\MSDCSC\\msdcsc.exe"}, {"hashes": ["0309e6c7cd2a73721e6956af2ec340c948bc5009450f76c9337ded167e60cfbd"], "path": "\\TEMP\\ufr_reports\\NO_PWDS_report_25-01-2023_02-45-25-726A6BBD-JDGK.bin"}, {"hashes": ["52fe24425eb3e6248e59fd959ce1956e09d1cbb65809f63706f0f9170ea0eb48"], "path": "\\TEMP\\ufr_reports\\NO_PWDS_report_25-01-2023_02-43-24-726A6BBD-AIAB.bin"}, {"hashes": ["c1504e3f1b761540498a0fde42e462c0b20676502981ce84aa41049550159aab"], "path": "%ProgramData%\\Local Settings\\Temp\\mswxle.bat"}, {"hashes": ["a6ab70d56a50d8446028ec0fef89bbde4e4a5784fd8a471b50392c0230d88fb0"], "path": "%ProgramData%\\Local Settings\\Temp\\mswqmnvv.exe"}, {"hashes": ["c2014131fcee489c7e1c4a943237bd89dfeb5ba2ab1216ff89cfb202b00e2671"], "path": "%TEMP%\\report_25-01-2023_02-44-14-726A6BBD-FDGN.bin"}, {"hashes": ["0309e6c7cd2a73721e6956af2ec340c948bc5009450f76c9337ded167e60cfbd"], "path": "%TEMP%\\isendsms_setup.exe"}, {"hashes": ["0309e6c7cd2a73721e6956af2ec340c948bc5009450f76c9337ded167e60cfbd"], "path": "%TEMP%\\report_25-01-2023_02-45-25-726A6BBD-JDGK.bin"}, {"hashes": ["0309e6c7cd2a73721e6956af2ec340c948bc5009450f76c9337ded167e60cfbd"], "path": "%TEMP%\\NO_PWDS_report_25-01-2023_02-45-25-726A6BBD-JDGK.bin"}, {"hashes": ["52fe24425eb3e6248e59fd959ce1956e09d1cbb65809f63706f0f9170ea0eb48"], "path": "%TEMP%\\report_25-01-2023_02-43-24-726A6BBD-AIAB.bin"}, {"hashes": ["52fe24425eb3e6248e59fd959ce1956e09d1cbb65809f63706f0f9170ea0eb48"], "path": "%TEMP%\\NO_PWDS_report_25-01-2023_02-43-24-726A6BBD-AIAB.bin"}, {"hashes": ["0309e6c7cd2a73721e6956af2ec340c948bc5009450f76c9337ded167e60cfbd"], "path": "%TEMP%\\is-QIVN2.tmp"}, {"hashes": ["0309e6c7cd2a73721e6956af2ec340c948bc5009450f76c9337ded167e60cfbd"], "path": "%TEMP%\\is-QIVN2.tmp\\isendsms_setup.tmp"}, {"hashes": ["5c86c8c3bad2edd4174675a5dbab131d9b84ca5e5325431d2fa91d1c22292afa"], "path": "\\crack1.exe"}, {"hashes": ["0309e6c7cd2a73721e6956af2ec340c948bc5009450f76c9337ded167e60cfbd"], "path": "%TEMP%\\is-5NTA1.tmp"}, {"hashes": ["0309e6c7cd2a73721e6956af2ec340c948bc5009450f76c9337ded167e60cfbd"], "path": "%TEMP%\\is-5NTA1.tmp\\_isetup"}, {"hashes": ["0309e6c7cd2a73721e6956af2ec340c948bc5009450f76c9337ded167e60cfbd"], "path": "%TEMP%\\is-5NTA1.tmp\\_isetup\\_RegDLL.tmp"}, {"hashes": ["0309e6c7cd2a73721e6956af2ec340c948bc5009450f76c9337ded167e60cfbd"], "path": "%TEMP%\\is-5NTA1.tmp\\_isetup\\_setup64.tmp"}, {"hashes": ["0309e6c7cd2a73721e6956af2ec340c948bc5009450f76c9337ded167e60cfbd"], "path": "%TEMP%\\is-5NTA1.tmp\\_isetup\\_shfoldr.dll"}, {"hashes": ["c2014131fcee489c7e1c4a943237bd89dfeb5ba2ab1216ff89cfb202b00e2671"], "path": "%TEMP%\\NO_PWDS_report_25-01-2023_02-44-14-726A6BBD-FDGN.bin"}, {"hashes": ["3596f41561adf0d6eeb205b7414e17993f20da0590a28d2a4c94d984fd327fa8"], "path": "%APPDATA%\\Microsoft\\Windows\\CJSXz.cfg"}, {"hashes": ["3596f41561adf0d6eeb205b7414e17993f20da0590a28d2a4c94d984fd327fa8"], "path": "%APPDATA%\\Microsoft\\Windows\\CJSXz.dat"}, {"hashes": ["7d2f5afc77e09d02b604cbdbfb5b33941914296966306761478609a23cd3a14e"], "path": "%SystemRoot%\\SysWOW64\\igfxtr.exe"}, {"hashes": ["49704324bbf8ffde957586c01cc85d45a970458d2697fe34f381d7cb82d7f88d"], "path": "\\directory\\CyberGate\\WinDir"}, {"hashes": ["49704324bbf8ffde957586c01cc85d45a970458d2697fe34f381d7cb82d7f88d"], "path": "\\directory\\CyberGate\\WinDir\\Svchost.exe"}, {"hashes": ["5c86c8c3bad2edd4174675a5dbab131d9b84ca5e5325431d2fa91d1c22292afa"], "path": "%TEMP%\\<random, matching '[a-z]{3}[A-F0-9]{3,4}'>.tmp"}], "ip": [{"hashes": ["a6ab70d56a50d8446028ec0fef89bbde4e4a5784fd8a471b50392c0230d88fb0", "c1504e3f1b761540498a0fde42e462c0b20676502981ce84aa41049550159aab"], "ip": "20[.]72[.]235[.]82"}, {"hashes": ["a6ab70d56a50d8446028ec0fef89bbde4e4a5784fd8a471b50392c0230d88fb0", "c1504e3f1b761540498a0fde42e462c0b20676502981ce84aa41049550159aab"], "ip": "146[.]185[.]235[.]245"}, {"hashes": ["49704324bbf8ffde957586c01cc85d45a970458d2697fe34f381d7cb82d7f88d"], "ip": "52[.]8[.]126[.]80"}, {"hashes": ["c2014131fcee489c7e1c4a943237bd89dfeb5ba2ab1216ff89cfb202b00e2671"], "ip": "217[.]69[.]139[.]160"}, {"hashes": ["3596f41561adf0d6eeb205b7414e17993f20da0590a28d2a4c94d984fd327fa8"], "ip": "208[.]91[.]196[.]46"}, {"hashes": ["3596f41561adf0d6eeb205b7414e17993f20da0590a28d2a4c94d984fd327fa8"], "ip": "104[.]96[.]229[.]149"}, {"hashes": ["3596f41561adf0d6eeb205b7414e17993f20da0590a28d2a4c94d984fd327fa8"], "ip": "199[.]191[.]50[.]166"}, {"hashes": ["975d3f301392e173335b801f6a12e3a7556ba00c2984a968ca033a44e69610c3"], "ip": "31[.]170[.]164[.]19"}], "mutex": [{"hashes": ["0309e6c7cd2a73721e6956af2ec340c948bc5009450f76c9337ded167e60cfbd", "52fe24425eb3e6248e59fd959ce1956e09d1cbb65809f63706f0f9170ea0eb48", "975d3f301392e173335b801f6a12e3a7556ba00c2984a968ca033a44e69610c3", "c2014131fcee489c7e1c4a943237bd89dfeb5ba2ab1216ff89cfb202b00e2671", "df05799c88e4cb5cbc2661b83e286d3247fa682dae330e6932c52a1d661935cb", "f5e2cf6885a62fad9a6488a8487e0490e5892bfac0dddeff515ba97b2b86d2cd"], "name": "UFR3"}, {"hashes": ["3596f41561adf0d6eeb205b7414e17993f20da0590a28d2a4c94d984fd327fa8", "5c86c8c3bad2edd4174675a5dbab131d9b84ca5e5325431d2fa91d1c22292afa", "7d2f5afc77e09d02b604cbdbfb5b33941914296966306761478609a23cd3a14e"], "name": "XTREMEUPDATE"}, {"hashes": ["5c86c8c3bad2edd4174675a5dbab131d9b84ca5e5325431d2fa91d1c22292afa", "7d2f5afc77e09d02b604cbdbfb5b33941914296966306761478609a23cd3a14e"], "name": "((Mutex))"}, {"hashes": ["5c86c8c3bad2edd4174675a5dbab131d9b84ca5e5325431d2fa91d1c22292afa", "7d2f5afc77e09d02b604cbdbfb5b33941914296966306761478609a23cd3a14e"], "name": "((Mutex))PERSIST"}, {"hashes": ["5c86c8c3bad2edd4174675a5dbab131d9b84ca5e5325431d2fa91d1c22292afa", "7d2f5afc77e09d02b604cbdbfb5b33941914296966306761478609a23cd3a14e"], "name": "((Mutex))EXIT"}, {"hashes": ["a6ab70d56a50d8446028ec0fef89bbde4e4a5784fd8a471b50392c0230d88fb0", "c1504e3f1b761540498a0fde42e462c0b20676502981ce84aa41049550159aab"], "name": "2562100796"}, {"hashes": ["a6ab70d56a50d8446028ec0fef89bbde4e4a5784fd8a471b50392c0230d88fb0", "c1504e3f1b761540498a0fde42e462c0b20676502981ce84aa41049550159aab"], "name": "lol"}, {"hashes": ["6946be08c392001c142ad89213ff0860f3f3eac188b30c877e10783d435334ba", "b1da9aaa33886f2d103540ffd831f46d5f97280eca05f8013e277579cfd0051a"], "name": "CWSPROT20S"}, {"hashes": ["49704324bbf8ffde957586c01cc85d45a970458d2697fe34f381d7cb82d7f88d"], "name": "Administrator1"}, {"hashes": ["49704324bbf8ffde957586c01cc85d45a970458d2697fe34f381d7cb82d7f88d"], "name": "Administrator4"}, {"hashes": ["49704324bbf8ffde957586c01cc85d45a970458d2697fe34f381d7cb82d7f88d"], "name": "Administrator5"}, {"hashes": ["26dfd674facde0f957bb4ed81e7cea4dae37114ced4d59c491d86bfc667d5dc4"], "name": "DCPERSFWBP"}, {"hashes": ["eaf65d454e9ba165ada208f4482a760f0cdf23b15aa94022aa9617bf03609f2f"], "name": "Bif123"}, {"hashes": ["3596f41561adf0d6eeb205b7414e17993f20da0590a28d2a4c94d984fd327fa8"], "name": "CJSXz"}, {"hashes": ["26dfd674facde0f957bb4ed81e7cea4dae37114ced4d59c491d86bfc667d5dc4"], "name": "DC_MUTEX-3MWQJGB"}, {"hashes": ["49704324bbf8ffde957586c01cc85d45a970458d2697fe34f381d7cb82d7f88d"], "name": "FR725I0U8LRK05"}, {"hashes": ["49704324bbf8ffde957586c01cc85d45a970458d2697fe34f381d7cb82d7f88d"], "name": "FR725I0U8LRK05_PERSIST"}, {"hashes": ["49704324bbf8ffde957586c01cc85d45a970458d2697fe34f381d7cb82d7f88d"], "name": "FR725I0U8LRK05_SAIR"}], "registry": [{"hashes": ["3596f41561adf0d6eeb205b7414e17993f20da0590a28d2a4c94d984fd327fa8", "49704324bbf8ffde957586c01cc85d45a970458d2697fe34f381d7cb82d7f88d", "4c1986ea7e1ecea980fad59a62ddbf472bc2d7344c923332fd48f41dc6fbbe48", "5c86c8c3bad2edd4174675a5dbab131d9b84ca5e5325431d2fa91d1c22292afa"], "key": "<HKCR>\\LOCAL SETTINGS\\MUICACHE\\82\\52C64B7E", "value_name": "LanguageList"}, {"hashes": ["3596f41561adf0d6eeb205b7414e17993f20da0590a28d2a4c94d984fd327fa8", "49704324bbf8ffde957586c01cc85d45a970458d2697fe34f381d7cb82d7f88d", "5c86c8c3bad2edd4174675a5dbab131d9b84ca5e5325431d2fa91d1c22292afa"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "HKLM"}, {"hashes": ["3596f41561adf0d6eeb205b7414e17993f20da0590a28d2a4c94d984fd327fa8", "49704324bbf8ffde957586c01cc85d45a970458d2697fe34f381d7cb82d7f88d", "5c86c8c3bad2edd4174675a5dbab131d9b84ca5e5325431d2fa91d1c22292afa"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "HKCU"}, {"hashes": ["49704324bbf8ffde957586c01cc85d45a970458d2697fe34f381d7cb82d7f88d", "a6ab70d56a50d8446028ec0fef89bbde4e4a5784fd8a471b50392c0230d88fb0", "c1504e3f1b761540498a0fde42e462c0b20676502981ce84aa41049550159aab"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\EXPLORER\\RUN", "value_name": null}, {"hashes": ["5c86c8c3bad2edd4174675a5dbab131d9b84ca5e5325431d2fa91d1c22292afa", "7d2f5afc77e09d02b604cbdbfb5b33941914296966306761478609a23cd3a14e"], "key": "<HKCU>\\SOFTWARE\\((MUTEX))", "value_name": null}, {"hashes": ["5c86c8c3bad2edd4174675a5dbab131d9b84ca5e5325431d2fa91d1c22292afa", "7d2f5afc77e09d02b604cbdbfb5b33941914296966306761478609a23cd3a14e"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\ACTIVE SETUP\\INSTALLED COMPONENTS\\{5460C4DF-B266-909E-CB58-E32B79832EB2}", "value_name": null}, {"hashes": ["4c1986ea7e1ecea980fad59a62ddbf472bc2d7344c923332fd48f41dc6fbbe48", "5c86c8c3bad2edd4174675a5dbab131d9b84ca5e5325431d2fa91d1c22292afa"], "key": "<HKCR>\\LOCAL SETTINGS\\MUICACHE\\82\\52C64B7E", "value_name": "@C:\\Windows\\system32\\DeviceCenter.dll,-2000"}, {"hashes": ["a6ab70d56a50d8446028ec0fef89bbde4e4a5784fd8a471b50392c0230d88fb0", "c1504e3f1b761540498a0fde42e462c0b20676502981ce84aa41049550159aab"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\EXPLORER\\RUN", "value_name": "36412"}, {"hashes": ["5c86c8c3bad2edd4174675a5dbab131d9b84ca5e5325431d2fa91d1c22292afa", "7d2f5afc77e09d02b604cbdbfb5b33941914296966306761478609a23cd3a14e"], "key": "<HKCU>\\SOFTWARE\\((MUTEX))", "value_name": "ServerStarted"}, {"hashes": ["5c86c8c3bad2edd4174675a5dbab131d9b84ca5e5325431d2fa91d1c22292afa", "7d2f5afc77e09d02b604cbdbfb5b33941914296966306761478609a23cd3a14e"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\ACTIVE SETUP\\INSTALLED COMPONENTS\\{5460C4DF-B266-909E-CB58-E32B79832EB2}", "value_name": "StubPath"}, {"hashes": ["5c86c8c3bad2edd4174675a5dbab131d9b84ca5e5325431d2fa91d1c22292afa", "7d2f5afc77e09d02b604cbdbfb5b33941914296966306761478609a23cd3a14e"], "key": "<HKCU>\\SOFTWARE\\((MUTEX))", "value_name": "InstalledServer"}, {"hashes": ["26dfd674facde0f957bb4ed81e7cea4dae37114ced4d59c491d86bfc667d5dc4"], "key": "<HKCU>\\SOFTWARE\\DC3_FEXEC", "value_name": null}, {"hashes": ["49704324bbf8ffde957586c01cc85d45a970458d2697fe34f381d7cb82d7f88d"], "key": "<HKCU>\\SOFTWARE\\CYBER", "value_name": "NewIdentification"}, {"hashes": ["49704324bbf8ffde957586c01cc85d45a970458d2697fe34f381d7cb82d7f88d"], "key": "<HKCU>\\SOFTWARE\\CYBER", "value_name": "NewGroup"}, {"hashes": ["26dfd674facde0f957bb4ed81e7cea4dae37114ced4d59c491d86bfc667d5dc4"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\SHAREDACCESS\\PARAMETERS\\FIREWALLPOLICY\\STANDARDPROFILE", "value_name": "EnableFirewall"}, {"hashes": ["26dfd674facde0f957bb4ed81e7cea4dae37114ced4d59c491d86bfc667d5dc4"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\SHAREDACCESS\\PARAMETERS\\FIREWALLPOLICY\\STANDARDPROFILE", "value_name": "DisableNotifications"}, {"hashes": ["26dfd674facde0f957bb4ed81e7cea4dae37114ced4d59c491d86bfc667d5dc4"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "MicroUpdate"}, {"hashes": ["26dfd674facde0f957bb4ed81e7cea4dae37114ced4d59c491d86bfc667d5dc4"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINLOGON", "value_name": "UserInit"}, {"hashes": ["49704324bbf8ffde957586c01cc85d45a970458d2697fe34f381d7cb82d7f88d"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\EXPLORER\\RUN", "value_name": null}, {"hashes": ["49704324bbf8ffde957586c01cc85d45a970458d2697fe34f381d7cb82d7f88d"], "key": "<HKCU>\\SOFTWARE\\CYBER", "value_name": null}, {"hashes": ["3596f41561adf0d6eeb205b7414e17993f20da0590a28d2a4c94d984fd327fa8"], "key": "<HKCU>\\SOFTWARE\\CJSXZ", "value_name": null}, {"hashes": ["3596f41561adf0d6eeb205b7414e17993f20da0590a28d2a4c94d984fd327fa8"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\ACTIVE SETUP\\INSTALLED COMPONENTS\\{05ACO487-3Q28-LSLC-XN56-108QEJS54A88}", "value_name": null}, {"hashes": ["3596f41561adf0d6eeb205b7414e17993f20da0590a28d2a4c94d984fd327fa8"], "key": "<HKCU>\\SOFTWARE\\CJSXZ", "value_name": "ServerStarted"}, {"hashes": ["3596f41561adf0d6eeb205b7414e17993f20da0590a28d2a4c94d984fd327fa8"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\ACTIVE SETUP\\INSTALLED COMPONENTS\\{05ACO487-3Q28-LSLC-XN56-108QEJS54A88}", "value_name": "StubPath"}, {"hashes": ["3596f41561adf0d6eeb205b7414e17993f20da0590a28d2a4c94d984fd327fa8"], "key": "<HKCU>\\SOFTWARE\\CJSXZ", "value_name": "InstalledServer"}, {"hashes": ["7d2f5afc77e09d02b604cbdbfb5b33941914296966306761478609a23cd3a14e"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "igfxtray"}, {"hashes": ["49704324bbf8ffde957586c01cc85d45a970458d2697fe34f381d7cb82d7f88d"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\ACTIVE SETUP\\INSTALLED COMPONENTS\\{4LBN0RF5-70X3-A25H-S60L-53512VDGJ3UW}", "value_name": null}, {"hashes": ["49704324bbf8ffde957586c01cc85d45a970458d2697fe34f381d7cb82d7f88d"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\EXPLORER\\RUN", "value_name": "Policies"}, {"hashes": ["49704324bbf8ffde957586c01cc85d45a970458d2697fe34f381d7cb82d7f88d"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\EXPLORER\\RUN", "value_name": "Policies"}, {"hashes": ["49704324bbf8ffde957586c01cc85d45a970458d2697fe34f381d7cb82d7f88d"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\ACTIVE SETUP\\INSTALLED COMPONENTS\\{4LBN0RF5-70X3-A25H-S60L-53512VDGJ3UW}", "value_name": "StubPath"}, {"hashes": ["49704324bbf8ffde957586c01cc85d45a970458d2697fe34f381d7cb82d7f88d"], "key": "<HKCU>\\SOFTWARE\\CYBER", "value_name": "FirstExecution"}]}, "reports_count": 20}, "Win.Dropper.HawkEye-9984948-0": {"bis": [{"bi": "memory-execute-readwrite", "hashes": ["234f8d4603971d0c86b5a4ccd06212b785ec6a260f9c692db3cced7d3ae6ce77", "60355c9d953b39905ec1d23237cc8339b2e1ffe0eb29bc8028dde75bddedd8db", "235bdaa330b9305eb30b08c8e63e28d318bcdb640e87e2bac1f77caf643e2494", "4370bb6226f36558266a224de5ebb1582208f82bafdf9f2e2617a5cdace9d377", "d28b60289c250c1a5a2661dd4a57839cfa3e273f5ef5b068624ff99a2ccc2b65", "b66a4c2e0b22011ba409167c9bb663997b180a35f50fbe124bc0439403d65e74", "255a56ac4fda1184eabc21cca66983c70bd795c99851802595441c5151e4a152", "a6f20cc5f0a34adf5ac4582936e5407e48397db18847afa6ea3068c707cc40dd", "a3f5688c1f1d5473722fd4a6ae84be5c4f8235db2789fd1e77929cfbb026078a", "7628f72251de0d74df47361bb228fc34abdc121212d6da40936052a5215054e6", "b30e4856fd0b7adacf553023314db78e88638cd6ee9a14f2f0b8e3dad8fff98c", "549887b9e8e1ffe1e95a31a287c61ca265dd864b886034c22e4bf12bedb5ac91", "9143f2fe92b76f3a42dbeddccb738a397e2d07e5060046a367ed6c1a2c543dd4", "178319c41b50d3b78e36d6ac9105b81cbbe74375ce13b271e3ede79222f83854", "e21e57541123a49fdfde9912b959fda0bdf5c5fb951094a44bda3fed61ee0c06", "a41cf4f43bdf0ca8bd515799702f62a1ff811d898f823d1c0225422a54376607", "e0ee8c2858064cf3eb1bb7a467aa07e9804255570d7b6e25ddfe927cef2d83f8", "a1d8085822a839d8e4f5078584dadc2221738309dbb6e386deb60c4cb8685d90", "06572f2182ef9dfaf3b8c7d2e025a18a2f4529fb989ad41fd54e17c3532aac0b", "3af54f2049dbc175ef4c589aa376141586711dd724617ed87e0a5bc7f1e431c0", "71b210336d2277a498c150e99ddfb99750b8e481fb6dd0d647b7be571c2629f1", "2ba523bc65c1f954e3f45324986840c5a910b4cd6d992d4bc228cbb86def8e98", "d49278e577526a1839a13cb7066aabf02ea2d59cc7bb1c922404270cab602c1b", "508708e5f5ab169299334434b17fc926d7972b9cc601e0f588ec979a6fb67f4a", "de4afe7e3fe9fc07edbf818ef66a0534844a9daf92d843b3402d67946222637e"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["234f8d4603971d0c86b5a4ccd06212b785ec6a260f9c692db3cced7d3ae6ce77", "60355c9d953b39905ec1d23237cc8339b2e1ffe0eb29bc8028dde75bddedd8db", "235bdaa330b9305eb30b08c8e63e28d318bcdb640e87e2bac1f77caf643e2494", "4370bb6226f36558266a224de5ebb1582208f82bafdf9f2e2617a5cdace9d377", "d28b60289c250c1a5a2661dd4a57839cfa3e273f5ef5b068624ff99a2ccc2b65", "b66a4c2e0b22011ba409167c9bb663997b180a35f50fbe124bc0439403d65e74", "255a56ac4fda1184eabc21cca66983c70bd795c99851802595441c5151e4a152", "a6f20cc5f0a34adf5ac4582936e5407e48397db18847afa6ea3068c707cc40dd", "a3f5688c1f1d5473722fd4a6ae84be5c4f8235db2789fd1e77929cfbb026078a", "7628f72251de0d74df47361bb228fc34abdc121212d6da40936052a5215054e6", "b30e4856fd0b7adacf553023314db78e88638cd6ee9a14f2f0b8e3dad8fff98c", "549887b9e8e1ffe1e95a31a287c61ca265dd864b886034c22e4bf12bedb5ac91", "9143f2fe92b76f3a42dbeddccb738a397e2d07e5060046a367ed6c1a2c543dd4", "178319c41b50d3b78e36d6ac9105b81cbbe74375ce13b271e3ede79222f83854", "e21e57541123a49fdfde9912b959fda0bdf5c5fb951094a44bda3fed61ee0c06", "a41cf4f43bdf0ca8bd515799702f62a1ff811d898f823d1c0225422a54376607", "e0ee8c2858064cf3eb1bb7a467aa07e9804255570d7b6e25ddfe927cef2d83f8", "a1d8085822a839d8e4f5078584dadc2221738309dbb6e386deb60c4cb8685d90", "06572f2182ef9dfaf3b8c7d2e025a18a2f4529fb989ad41fd54e17c3532aac0b", "3af54f2049dbc175ef4c589aa376141586711dd724617ed87e0a5bc7f1e431c0", "71b210336d2277a498c150e99ddfb99750b8e481fb6dd0d647b7be571c2629f1", "2ba523bc65c1f954e3f45324986840c5a910b4cd6d992d4bc228cbb86def8e98", "d49278e577526a1839a13cb7066aabf02ea2d59cc7bb1c922404270cab602c1b", "508708e5f5ab169299334434b17fc926d7972b9cc601e0f588ec979a6fb67f4a", "de4afe7e3fe9fc07edbf818ef66a0534844a9daf92d843b3402d67946222637e"], "mitre_attack_tags": []}, {"bi": "hook-installed", "hashes": ["234f8d4603971d0c86b5a4ccd06212b785ec6a260f9c692db3cced7d3ae6ce77", "60355c9d953b39905ec1d23237cc8339b2e1ffe0eb29bc8028dde75bddedd8db", "235bdaa330b9305eb30b08c8e63e28d318bcdb640e87e2bac1f77caf643e2494", "4370bb6226f36558266a224de5ebb1582208f82bafdf9f2e2617a5cdace9d377", "d28b60289c250c1a5a2661dd4a57839cfa3e273f5ef5b068624ff99a2ccc2b65", "b66a4c2e0b22011ba409167c9bb663997b180a35f50fbe124bc0439403d65e74", "255a56ac4fda1184eabc21cca66983c70bd795c99851802595441c5151e4a152", "a6f20cc5f0a34adf5ac4582936e5407e48397db18847afa6ea3068c707cc40dd", "a3f5688c1f1d5473722fd4a6ae84be5c4f8235db2789fd1e77929cfbb026078a", "7628f72251de0d74df47361bb228fc34abdc121212d6da40936052a5215054e6", "b30e4856fd0b7adacf553023314db78e88638cd6ee9a14f2f0b8e3dad8fff98c", "549887b9e8e1ffe1e95a31a287c61ca265dd864b886034c22e4bf12bedb5ac91", "9143f2fe92b76f3a42dbeddccb738a397e2d07e5060046a367ed6c1a2c543dd4", "178319c41b50d3b78e36d6ac9105b81cbbe74375ce13b271e3ede79222f83854", "e21e57541123a49fdfde9912b959fda0bdf5c5fb951094a44bda3fed61ee0c06", "a41cf4f43bdf0ca8bd515799702f62a1ff811d898f823d1c0225422a54376607", "e0ee8c2858064cf3eb1bb7a467aa07e9804255570d7b6e25ddfe927cef2d83f8", "a1d8085822a839d8e4f5078584dadc2221738309dbb6e386deb60c4cb8685d90", "06572f2182ef9dfaf3b8c7d2e025a18a2f4529fb989ad41fd54e17c3532aac0b", "3af54f2049dbc175ef4c589aa376141586711dd724617ed87e0a5bc7f1e431c0", "71b210336d2277a498c150e99ddfb99750b8e481fb6dd0d647b7be571c2629f1", "2ba523bc65c1f954e3f45324986840c5a910b4cd6d992d4bc228cbb86def8e98", "d49278e577526a1839a13cb7066aabf02ea2d59cc7bb1c922404270cab602c1b", "508708e5f5ab169299334434b17fc926d7972b9cc601e0f588ec979a6fb67f4a", "de4afe7e3fe9fc07edbf818ef66a0534844a9daf92d843b3402d67946222637e"], "mitre_attack_tags": ["TA0009", "TA0006", "T1056"]}, {"bi": "pe-tls-callback", "hashes": ["234f8d4603971d0c86b5a4ccd06212b785ec6a260f9c692db3cced7d3ae6ce77", "60355c9d953b39905ec1d23237cc8339b2e1ffe0eb29bc8028dde75bddedd8db", "235bdaa330b9305eb30b08c8e63e28d318bcdb640e87e2bac1f77caf643e2494", "4370bb6226f36558266a224de5ebb1582208f82bafdf9f2e2617a5cdace9d377", "d28b60289c250c1a5a2661dd4a57839cfa3e273f5ef5b068624ff99a2ccc2b65", "b66a4c2e0b22011ba409167c9bb663997b180a35f50fbe124bc0439403d65e74", "255a56ac4fda1184eabc21cca66983c70bd795c99851802595441c5151e4a152", "a6f20cc5f0a34adf5ac4582936e5407e48397db18847afa6ea3068c707cc40dd", "a3f5688c1f1d5473722fd4a6ae84be5c4f8235db2789fd1e77929cfbb026078a", "7628f72251de0d74df47361bb228fc34abdc121212d6da40936052a5215054e6", "b30e4856fd0b7adacf553023314db78e88638cd6ee9a14f2f0b8e3dad8fff98c", "549887b9e8e1ffe1e95a31a287c61ca265dd864b886034c22e4bf12bedb5ac91", "9143f2fe92b76f3a42dbeddccb738a397e2d07e5060046a367ed6c1a2c543dd4", "178319c41b50d3b78e36d6ac9105b81cbbe74375ce13b271e3ede79222f83854", "e21e57541123a49fdfde9912b959fda0bdf5c5fb951094a44bda3fed61ee0c06", "a41cf4f43bdf0ca8bd515799702f62a1ff811d898f823d1c0225422a54376607", "e0ee8c2858064cf3eb1bb7a467aa07e9804255570d7b6e25ddfe927cef2d83f8", "a1d8085822a839d8e4f5078584dadc2221738309dbb6e386deb60c4cb8685d90", "06572f2182ef9dfaf3b8c7d2e025a18a2f4529fb989ad41fd54e17c3532aac0b", "3af54f2049dbc175ef4c589aa376141586711dd724617ed87e0a5bc7f1e431c0", "71b210336d2277a498c150e99ddfb99750b8e481fb6dd0d647b7be571c2629f1", "2ba523bc65c1f954e3f45324986840c5a910b4cd6d992d4bc228cbb86def8e98", "d49278e577526a1839a13cb7066aabf02ea2d59cc7bb1c922404270cab602c1b", "508708e5f5ab169299334434b17fc926d7972b9cc601e0f588ec979a6fb67f4a", "de4afe7e3fe9fc07edbf818ef66a0534844a9daf92d843b3402d67946222637e"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-header-timestamp-prior", "hashes": ["234f8d4603971d0c86b5a4ccd06212b785ec6a260f9c692db3cced7d3ae6ce77", "60355c9d953b39905ec1d23237cc8339b2e1ffe0eb29bc8028dde75bddedd8db", "235bdaa330b9305eb30b08c8e63e28d318bcdb640e87e2bac1f77caf643e2494", "4370bb6226f36558266a224de5ebb1582208f82bafdf9f2e2617a5cdace9d377", "d28b60289c250c1a5a2661dd4a57839cfa3e273f5ef5b068624ff99a2ccc2b65", "b66a4c2e0b22011ba409167c9bb663997b180a35f50fbe124bc0439403d65e74", "255a56ac4fda1184eabc21cca66983c70bd795c99851802595441c5151e4a152", "a6f20cc5f0a34adf5ac4582936e5407e48397db18847afa6ea3068c707cc40dd", "a3f5688c1f1d5473722fd4a6ae84be5c4f8235db2789fd1e77929cfbb026078a", "7628f72251de0d74df47361bb228fc34abdc121212d6da40936052a5215054e6", "b30e4856fd0b7adacf553023314db78e88638cd6ee9a14f2f0b8e3dad8fff98c", "549887b9e8e1ffe1e95a31a287c61ca265dd864b886034c22e4bf12bedb5ac91", "9143f2fe92b76f3a42dbeddccb738a397e2d07e5060046a367ed6c1a2c543dd4", "178319c41b50d3b78e36d6ac9105b81cbbe74375ce13b271e3ede79222f83854", "e21e57541123a49fdfde9912b959fda0bdf5c5fb951094a44bda3fed61ee0c06", "a41cf4f43bdf0ca8bd515799702f62a1ff811d898f823d1c0225422a54376607", "e0ee8c2858064cf3eb1bb7a467aa07e9804255570d7b6e25ddfe927cef2d83f8", "a1d8085822a839d8e4f5078584dadc2221738309dbb6e386deb60c4cb8685d90", "06572f2182ef9dfaf3b8c7d2e025a18a2f4529fb989ad41fd54e17c3532aac0b", "3af54f2049dbc175ef4c589aa376141586711dd724617ed87e0a5bc7f1e431c0", "71b210336d2277a498c150e99ddfb99750b8e481fb6dd0d647b7be571c2629f1", "2ba523bc65c1f954e3f45324986840c5a910b4cd6d992d4bc228cbb86def8e98", "d49278e577526a1839a13cb7066aabf02ea2d59cc7bb1c922404270cab602c1b", "508708e5f5ab169299334434b17fc926d7972b9cc601e0f588ec979a6fb67f4a", "de4afe7e3fe9fc07edbf818ef66a0534844a9daf92d843b3402d67946222637e"], "mitre_attack_tags": []}, {"bi": "pe-section-shared", "hashes": ["234f8d4603971d0c86b5a4ccd06212b785ec6a260f9c692db3cced7d3ae6ce77", "60355c9d953b39905ec1d23237cc8339b2e1ffe0eb29bc8028dde75bddedd8db", "235bdaa330b9305eb30b08c8e63e28d318bcdb640e87e2bac1f77caf643e2494", "4370bb6226f36558266a224de5ebb1582208f82bafdf9f2e2617a5cdace9d377", "d28b60289c250c1a5a2661dd4a57839cfa3e273f5ef5b068624ff99a2ccc2b65", "b66a4c2e0b22011ba409167c9bb663997b180a35f50fbe124bc0439403d65e74", "255a56ac4fda1184eabc21cca66983c70bd795c99851802595441c5151e4a152", "a6f20cc5f0a34adf5ac4582936e5407e48397db18847afa6ea3068c707cc40dd", "a3f5688c1f1d5473722fd4a6ae84be5c4f8235db2789fd1e77929cfbb026078a", "7628f72251de0d74df47361bb228fc34abdc121212d6da40936052a5215054e6", "b30e4856fd0b7adacf553023314db78e88638cd6ee9a14f2f0b8e3dad8fff98c", "549887b9e8e1ffe1e95a31a287c61ca265dd864b886034c22e4bf12bedb5ac91", "9143f2fe92b76f3a42dbeddccb738a397e2d07e5060046a367ed6c1a2c543dd4", "178319c41b50d3b78e36d6ac9105b81cbbe74375ce13b271e3ede79222f83854", "e21e57541123a49fdfde9912b959fda0bdf5c5fb951094a44bda3fed61ee0c06", "a41cf4f43bdf0ca8bd515799702f62a1ff811d898f823d1c0225422a54376607", "e0ee8c2858064cf3eb1bb7a467aa07e9804255570d7b6e25ddfe927cef2d83f8", "a1d8085822a839d8e4f5078584dadc2221738309dbb6e386deb60c4cb8685d90", "06572f2182ef9dfaf3b8c7d2e025a18a2f4529fb989ad41fd54e17c3532aac0b", "3af54f2049dbc175ef4c589aa376141586711dd724617ed87e0a5bc7f1e431c0", "71b210336d2277a498c150e99ddfb99750b8e481fb6dd0d647b7be571c2629f1", "2ba523bc65c1f954e3f45324986840c5a910b4cd6d992d4bc228cbb86def8e98", "d49278e577526a1839a13cb7066aabf02ea2d59cc7bb1c922404270cab602c1b", "508708e5f5ab169299334434b17fc926d7972b9cc601e0f588ec979a6fb67f4a", "de4afe7e3fe9fc07edbf818ef66a0534844a9daf92d843b3402d67946222637e"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-encrypted-section", "hashes": ["234f8d4603971d0c86b5a4ccd06212b785ec6a260f9c692db3cced7d3ae6ce77", "60355c9d953b39905ec1d23237cc8339b2e1ffe0eb29bc8028dde75bddedd8db", "235bdaa330b9305eb30b08c8e63e28d318bcdb640e87e2bac1f77caf643e2494", "4370bb6226f36558266a224de5ebb1582208f82bafdf9f2e2617a5cdace9d377", "d28b60289c250c1a5a2661dd4a57839cfa3e273f5ef5b068624ff99a2ccc2b65", "b66a4c2e0b22011ba409167c9bb663997b180a35f50fbe124bc0439403d65e74", "255a56ac4fda1184eabc21cca66983c70bd795c99851802595441c5151e4a152", "a6f20cc5f0a34adf5ac4582936e5407e48397db18847afa6ea3068c707cc40dd", "a3f5688c1f1d5473722fd4a6ae84be5c4f8235db2789fd1e77929cfbb026078a", "e21e57541123a49fdfde9912b959fda0bdf5c5fb951094a44bda3fed61ee0c06", "a41cf4f43bdf0ca8bd515799702f62a1ff811d898f823d1c0225422a54376607", "3af54f2049dbc175ef4c589aa376141586711dd724617ed87e0a5bc7f1e431c0", "d49278e577526a1839a13cb7066aabf02ea2d59cc7bb1c922404270cab602c1b"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "antivirus-flagged-artifact", "hashes": ["234f8d4603971d0c86b5a4ccd06212b785ec6a260f9c692db3cced7d3ae6ce77"], "mitre_attack_tags": []}, {"bi": "modified-executable", "hashes": ["234f8d4603971d0c86b5a4ccd06212b785ec6a260f9c692db3cced7d3ae6ce77"], "mitre_attack_tags": []}, {"bi": "created-executable-in-user-dir", "hashes": ["234f8d4603971d0c86b5a4ccd06212b785ec6a260f9c692db3cced7d3ae6ce77"], "mitre_attack_tags": []}, {"bi": "modified-file-in-user-dir", "hashes": ["234f8d4603971d0c86b5a4ccd06212b785ec6a260f9c692db3cced7d3ae6ce77"], "mitre_attack_tags": []}, {"bi": "network-fast-flux-domain", "hashes": ["234f8d4603971d0c86b5a4ccd06212b785ec6a260f9c692db3cced7d3ae6ce77"], "mitre_attack_tags": []}, {"bi": "network-communications-http-get", "hashes": ["234f8d4603971d0c86b5a4ccd06212b785ec6a260f9c692db3cced7d3ae6ce77"], "mitre_attack_tags": ["TA0011", "T1105"]}, {"bi": "network-communications-smtp", "hashes": ["234f8d4603971d0c86b5a4ccd06212b785ec6a260f9c692db3cced7d3ae6ce77"], "mitre_attack_tags": ["TA0011", "T1071"]}, {"bi": "network-only-safe-domains-contacted", "hashes": ["234f8d4603971d0c86b5a4ccd06212b785ec6a260f9c692db3cced7d3ae6ce77"], "mitre_attack_tags": []}, {"bi": "feed-domain-rat", "hashes": ["234f8d4603971d0c86b5a4ccd06212b785ec6a260f9c692db3cced7d3ae6ce77"], "mitre_attack_tags": []}, {"bi": "feed-domain-antivirus-service", "hashes": ["234f8d4603971d0c86b5a4ccd06212b785ec6a260f9c692db3cced7d3ae6ce77"], "mitre_attack_tags": []}, {"bi": "file-ini-read", "hashes": ["234f8d4603971d0c86b5a4ccd06212b785ec6a260f9c692db3cced7d3ae6ce77"], "mitre_attack_tags": []}, {"bi": "excessive-foreign-memory-modification", "hashes": ["234f8d4603971d0c86b5a4ccd06212b785ec6a260f9c692db3cced7d3ae6ce77"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "windows-vault-api", "hashes": ["234f8d4603971d0c86b5a4ccd06212b785ec6a260f9c692db3cced7d3ae6ce77"], "mitre_attack_tags": ["TA0006", "T1003", "T1555"]}, {"bi": "firefox-password-manager-local-database-access", "hashes": ["234f8d4603971d0c86b5a4ccd06212b785ec6a260f9c692db3cced7d3ae6ce77"], "mitre_attack_tags": ["TA0006", "T1003"]}, {"bi": "malware-known-trojan-av", "hashes": ["234f8d4603971d0c86b5a4ccd06212b785ec6a260f9c692db3cced7d3ae6ce77"], "mitre_attack_tags": []}, {"bi": "enumeration-browser-information", "hashes": ["234f8d4603971d0c86b5a4ccd06212b785ec6a260f9c692db3cced7d3ae6ce77"], "mitre_attack_tags": ["TA0007", "TA0009", "TA0006", "T1083", "T1217", "T1005", "T1119", "T1552", "T1539", "T1555"]}, {"bi": "sample-launched-copy-of-self", "hashes": ["234f8d4603971d0c86b5a4ccd06212b785ec6a260f9c692db3cced7d3ae6ce77"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "listening-port-opened", "hashes": ["234f8d4603971d0c86b5a4ccd06212b785ec6a260f9c692db3cced7d3ae6ce77"], "mitre_attack_tags": ["TA0011", "T1219"]}, {"bi": "network-http-blank-user-agent", "hashes": ["234f8d4603971d0c86b5a4ccd06212b785ec6a260f9c692db3cced7d3ae6ce77"], "mitre_attack_tags": ["TA0011", "T1071"]}, {"bi": "registry-autorun-key-data-dir", "hashes": ["234f8d4603971d0c86b5a4ccd06212b785ec6a260f9c692db3cced7d3ae6ce77"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "public-ip-address-identification-attempt", "hashes": ["234f8d4603971d0c86b5a4ccd06212b785ec6a260f9c692db3cced7d3ae6ce77"], "mitre_attack_tags": ["TA0007", "T1082", "T1016"]}, {"bi": "registry-autorun-key-modified", "hashes": ["234f8d4603971d0c86b5a4ccd06212b785ec6a260f9c692db3cced7d3ae6ce77"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "feed-public-ip-check-dns", "hashes": ["234f8d4603971d0c86b5a4ccd06212b785ec6a260f9c692db3cced7d3ae6ce77"], "mitre_attack_tags": []}, {"bi": "registry-autorun-suspicious-public-ip", "hashes": ["234f8d4603971d0c86b5a4ccd06212b785ec6a260f9c692db3cced7d3ae6ce77"], "mitre_attack_tags": []}, {"bi": "http-response-redirect", "hashes": ["234f8d4603971d0c86b5a4ccd06212b785ec6a260f9c692db3cced7d3ae6ce77"], "mitre_attack_tags": []}, {"bi": "artifact-memory-vm-detect", "hashes": ["234f8d4603971d0c86b5a4ccd06212b785ec6a260f9c692db3cced7d3ae6ce77"], "mitre_attack_tags": ["TA0005", "TA0007", "T1497"]}, {"bi": "compiler-vbc-run", "hashes": ["234f8d4603971d0c86b5a4ccd06212b785ec6a260f9c692db3cced7d3ae6ce77"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "process-check-browser-mail-client-files", "hashes": ["234f8d4603971d0c86b5a4ccd06212b785ec6a260f9c692db3cced7d3ae6ce77"], "mitre_attack_tags": ["TA0007", "T1518"]}, {"bi": "malware-hawkeye-detected", "hashes": ["234f8d4603971d0c86b5a4ccd06212b785ec6a260f9c692db3cced7d3ae6ce77"], "mitre_attack_tags": []}, {"bi": "dot-net-process-hollowing-detected", "hashes": ["234f8d4603971d0c86b5a4ccd06212b785ec6a260f9c692db3cced7d3ae6ce77"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "malware-generic-infostealer", "hashes": ["234f8d4603971d0c86b5a4ccd06212b785ec6a260f9c692db3cced7d3ae6ce77"], "mitre_attack_tags": ["TA0007", "TA0009", "TA0006", "T1083", "T1005", "T1119", "T1552"]}, {"bi": "enumeration-email-program-information", "hashes": ["234f8d4603971d0c86b5a4ccd06212b785ec6a260f9c692db3cced7d3ae6ce77"], "mitre_attack_tags": ["TA0007", "TA0009", "TA0006", "T1083", "T1087", "T1005", "T1119", "T1114", "T1552"]}, {"bi": "created-executable-sample-appdata", "hashes": ["234f8d4603971d0c86b5a4ccd06212b785ec6a260f9c692db3cced7d3ae6ce77"], "mitre_attack_tags": ["TA0005", "T1564"]}], "category": "Dropper", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": true, "Threat Grid": true, "Umbrella": false, "WSA": false}, "description": "HawkEye is an information stealing malware that specifically targets usernames and passwords stored by web browsers and mail clients on an infected machine. It is commonly spread via email and can also propagate through removable media.", "hashes": ["06572f2182ef9dfaf3b8c7d2e025a18a2f4529fb989ad41fd54e17c3532aac0b", "178319c41b50d3b78e36d6ac9105b81cbbe74375ce13b271e3ede79222f83854", "234f8d4603971d0c86b5a4ccd06212b785ec6a260f9c692db3cced7d3ae6ce77", "235bdaa330b9305eb30b08c8e63e28d318bcdb640e87e2bac1f77caf643e2494", "255a56ac4fda1184eabc21cca66983c70bd795c99851802595441c5151e4a152", "2ba523bc65c1f954e3f45324986840c5a910b4cd6d992d4bc228cbb86def8e98", "3af54f2049dbc175ef4c589aa376141586711dd724617ed87e0a5bc7f1e431c0", "4370bb6226f36558266a224de5ebb1582208f82bafdf9f2e2617a5cdace9d377", "508708e5f5ab169299334434b17fc926d7972b9cc601e0f588ec979a6fb67f4a", "549887b9e8e1ffe1e95a31a287c61ca265dd864b886034c22e4bf12bedb5ac91", "60355c9d953b39905ec1d23237cc8339b2e1ffe0eb29bc8028dde75bddedd8db", "71b210336d2277a498c150e99ddfb99750b8e481fb6dd0d647b7be571c2629f1", "7628f72251de0d74df47361bb228fc34abdc121212d6da40936052a5215054e6", "9143f2fe92b76f3a42dbeddccb738a397e2d07e5060046a367ed6c1a2c543dd4", "a1d8085822a839d8e4f5078584dadc2221738309dbb6e386deb60c4cb8685d90", "a3f5688c1f1d5473722fd4a6ae84be5c4f8235db2789fd1e77929cfbb026078a", "a41cf4f43bdf0ca8bd515799702f62a1ff811d898f823d1c0225422a54376607", "a6f20cc5f0a34adf5ac4582936e5407e48397db18847afa6ea3068c707cc40dd", "b30e4856fd0b7adacf553023314db78e88638cd6ee9a14f2f0b8e3dad8fff98c", "b66a4c2e0b22011ba409167c9bb663997b180a35f50fbe124bc0439403d65e74", "d28b60289c250c1a5a2661dd4a57839cfa3e273f5ef5b068624ff99a2ccc2b65", "d49278e577526a1839a13cb7066aabf02ea2d59cc7bb1c922404270cab602c1b", "de4afe7e3fe9fc07edbf818ef66a0534844a9daf92d843b3402d67946222637e", "e0ee8c2858064cf3eb1bb7a467aa07e9804255570d7b6e25ddfe927cef2d83f8", "e21e57541123a49fdfde9912b959fda0bdf5c5fb951094a44bda3fed61ee0c06", "e3c8561c7afc7f37af8859da66cff1a572bd76a012d7f8aaf2cbfa67c44db3f4", "e43f009b13a0363690da7c8cd2a0e9edf1abca69a40e55fb3c23d05b6e574ecd", "ecdcc0bf946a08ca950cab87e2e9fbabd244a37c89283a7ddb44f55bc84d7c78", "eec457e5f530a1312b1d61bf04fa45f07f5a941872eb2b0e072dc78cd886d191"], "iocs": {"domain": [{"hashes": ["234f8d4603971d0c86b5a4ccd06212b785ec6a260f9c692db3cced7d3ae6ce77"], "host": "whatismyipaddress[.]com"}, {"hashes": ["234f8d4603971d0c86b5a4ccd06212b785ec6a260f9c692db3cced7d3ae6ce77"], "host": "s3[.]dedicatedpanel[.]net"}], "file": [{"hashes": ["234f8d4603971d0c86b5a4ccd06212b785ec6a260f9c692db3cced7d3ae6ce77"], "path": "%APPDATA%\\pid.txt"}, {"hashes": ["234f8d4603971d0c86b5a4ccd06212b785ec6a260f9c692db3cced7d3ae6ce77"], "path": "%APPDATA%\\pidloc.txt"}, {"hashes": ["234f8d4603971d0c86b5a4ccd06212b785ec6a260f9c692db3cced7d3ae6ce77"], "path": "%TEMP%\\holdermail.txt"}, {"hashes": ["234f8d4603971d0c86b5a4ccd06212b785ec6a260f9c692db3cced7d3ae6ce77"], "path": "%TEMP%\\holderwb.txt"}, {"hashes": ["234f8d4603971d0c86b5a4ccd06212b785ec6a260f9c692db3cced7d3ae6ce77"], "path": "%APPDATA%\\WindowsUpdate.exe"}], "ip": [{"hashes": ["234f8d4603971d0c86b5a4ccd06212b785ec6a260f9c692db3cced7d3ae6ce77"], "ip": "104[.]16[.]154[.]36"}, {"hashes": ["234f8d4603971d0c86b5a4ccd06212b785ec6a260f9c692db3cced7d3ae6ce77"], "ip": "208[.]123[.]117[.]2"}], "mutex": [], "registry": [{"hashes": ["234f8d4603971d0c86b5a4ccd06212b785ec6a260f9c692db3cced7d3ae6ce77"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\EXPLORER\\ADVANCED", "value_name": "Hidden"}, {"hashes": ["234f8d4603971d0c86b5a4ccd06212b785ec6a260f9c692db3cced7d3ae6ce77"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "Windows Update"}]}, "reports_count": 25}, "Win.Dropper.LokiBot-9985173-0": {"bis": [{"bi": "antivirus-service-flagged-artifact", "hashes": ["dbadd8ebf537bb963eab01f6a4a6b333dcc565113e94a072ae7eabd310490c6a", "42b634f4a218d5093a94881b1548667722f87fa38d915a97fe126996ddf3c4ca", "3ea57948ea5e4758ef408714b2ae55c1d214f605f8f2b776f0518a681cf7529e", "20da9b41f6f1c34732f193eb011f1b9bd25c29289fb687bfcfd14f74d14d6689", "0b8922eb675b84835d295358355ed825b98ba56f6ad2fb5a246a39dc2422a74a", "04cebc586fb7609a622cb97edc1648efe1dd5109d8bfa8e6a5c65fd06e8a8c4a", "1c5e0c66477b508177bd9da97721bb97607f65374dedfddc711057aecc15aed5", "0042a5fcd4c4e430c71d076dc5c95eac93069d77dfe821f412285bac7fa4597b", "289a9718bf44f945cd95db839964ab225e347ac7490a5c89c8aa0a93f6474895", "02f2e2f38004334f9c00f100f8eb03c80b85e25bf3fae085c1f2b1289d4cdce3", "05f2cbf468cbc1f49fa11344598a33343463c6a1b98e41a61e715b5a8e046d4a", "38e9b92df247ef59650d723e0b04edeec9e7bc6983176edaa8c87cec9facbed5", "09023da9a9c788b0b4f8fe97555f3f4487b37f29e64431c6dcfb269bfcdaeef3", "46760a3057ab75e01adda1a49b4a156282a4ab596db0053bb59b5f1be57650f5", "42a65e0d026b317b0ebe217180e5391e77c7d10f4938ac14a5884ff684816679", "3f32dd4bdc512625ffbd05bb51c49bbb5500d63bb68a89826c1f2744601bc38c", "1f93e1ad55e298fdade05c00dd0220ca9d3b26ab8044310388357ab0b900cefa", "2b271dd0350ebce6ddd239803988c3f9a64aeee314cd032eb1d9d1ebfe26a8d2", "3fb4c8d385d957154279efc406c309134ec41bfe1e0a6c536be9c20ffd2850b6", "2b2c302f12a0cf798e3621efe73064f0e938643956c07668fd8b54451b9acaec", "031c093a692f78038810f3249aacaf17b29b579432cabebe0344136c5812d1d4", "367b0bcfe9894c93d7c2f9993a8ecbea7b0c16d6992752afd97e8a749a3f80af", "19291bfe2f477f9a462f7bfec2a1a29ba596b8693b0f3130eb1fd2c532312b54", "0a34c917f81a02e080f92d9c5a4fe2c134da87861ea9e8cf54a99e027aa02583", "772d9f798c5e823b84daa0928beb65722bdddf42e8bb18256a50dbaea959c321", "396d98aeca3665a187a2b31fb0b7e026181a4f4c11876fa62a5723caa2016af5", "1e1fb567710358f2f81e72642528581e08807786da92014303979f5fdd7149bc"], "mitre_attack_tags": []}, {"bi": "hook-installed", "hashes": ["dbadd8ebf537bb963eab01f6a4a6b333dcc565113e94a072ae7eabd310490c6a", "42b634f4a218d5093a94881b1548667722f87fa38d915a97fe126996ddf3c4ca", "3ea57948ea5e4758ef408714b2ae55c1d214f605f8f2b776f0518a681cf7529e", "20da9b41f6f1c34732f193eb011f1b9bd25c29289fb687bfcfd14f74d14d6689", "0b8922eb675b84835d295358355ed825b98ba56f6ad2fb5a246a39dc2422a74a", "04cebc586fb7609a622cb97edc1648efe1dd5109d8bfa8e6a5c65fd06e8a8c4a", "1c5e0c66477b508177bd9da97721bb97607f65374dedfddc711057aecc15aed5", "0042a5fcd4c4e430c71d076dc5c95eac93069d77dfe821f412285bac7fa4597b", "289a9718bf44f945cd95db839964ab225e347ac7490a5c89c8aa0a93f6474895", "02f2e2f38004334f9c00f100f8eb03c80b85e25bf3fae085c1f2b1289d4cdce3", "05f2cbf468cbc1f49fa11344598a33343463c6a1b98e41a61e715b5a8e046d4a", "38e9b92df247ef59650d723e0b04edeec9e7bc6983176edaa8c87cec9facbed5", "09023da9a9c788b0b4f8fe97555f3f4487b37f29e64431c6dcfb269bfcdaeef3", "46760a3057ab75e01adda1a49b4a156282a4ab596db0053bb59b5f1be57650f5", "42a65e0d026b317b0ebe217180e5391e77c7d10f4938ac14a5884ff684816679", "3f32dd4bdc512625ffbd05bb51c49bbb5500d63bb68a89826c1f2744601bc38c", "1f93e1ad55e298fdade05c00dd0220ca9d3b26ab8044310388357ab0b900cefa", "2b271dd0350ebce6ddd239803988c3f9a64aeee314cd032eb1d9d1ebfe26a8d2", "3fb4c8d385d957154279efc406c309134ec41bfe1e0a6c536be9c20ffd2850b6", "2b2c302f12a0cf798e3621efe73064f0e938643956c07668fd8b54451b9acaec", "031c093a692f78038810f3249aacaf17b29b579432cabebe0344136c5812d1d4", "367b0bcfe9894c93d7c2f9993a8ecbea7b0c16d6992752afd97e8a749a3f80af", "19291bfe2f477f9a462f7bfec2a1a29ba596b8693b0f3130eb1fd2c532312b54", "0a34c917f81a02e080f92d9c5a4fe2c134da87861ea9e8cf54a99e027aa02583", "772d9f798c5e823b84daa0928beb65722bdddf42e8bb18256a50dbaea959c321", "396d98aeca3665a187a2b31fb0b7e026181a4f4c11876fa62a5723caa2016af5", "1e1fb567710358f2f81e72642528581e08807786da92014303979f5fdd7149bc"], "mitre_attack_tags": ["TA0009", "TA0006", "T1056"]}, {"bi": "pe-tls-callback", "hashes": ["dbadd8ebf537bb963eab01f6a4a6b333dcc565113e94a072ae7eabd310490c6a", "42b634f4a218d5093a94881b1548667722f87fa38d915a97fe126996ddf3c4ca", "3ea57948ea5e4758ef408714b2ae55c1d214f605f8f2b776f0518a681cf7529e", "20da9b41f6f1c34732f193eb011f1b9bd25c29289fb687bfcfd14f74d14d6689", "0b8922eb675b84835d295358355ed825b98ba56f6ad2fb5a246a39dc2422a74a", "04cebc586fb7609a622cb97edc1648efe1dd5109d8bfa8e6a5c65fd06e8a8c4a", "1c5e0c66477b508177bd9da97721bb97607f65374dedfddc711057aecc15aed5", "0042a5fcd4c4e430c71d076dc5c95eac93069d77dfe821f412285bac7fa4597b", "289a9718bf44f945cd95db839964ab225e347ac7490a5c89c8aa0a93f6474895", "02f2e2f38004334f9c00f100f8eb03c80b85e25bf3fae085c1f2b1289d4cdce3", "05f2cbf468cbc1f49fa11344598a33343463c6a1b98e41a61e715b5a8e046d4a", "38e9b92df247ef59650d723e0b04edeec9e7bc6983176edaa8c87cec9facbed5", "09023da9a9c788b0b4f8fe97555f3f4487b37f29e64431c6dcfb269bfcdaeef3", "46760a3057ab75e01adda1a49b4a156282a4ab596db0053bb59b5f1be57650f5", "42a65e0d026b317b0ebe217180e5391e77c7d10f4938ac14a5884ff684816679", "3f32dd4bdc512625ffbd05bb51c49bbb5500d63bb68a89826c1f2744601bc38c", "1f93e1ad55e298fdade05c00dd0220ca9d3b26ab8044310388357ab0b900cefa", "2b271dd0350ebce6ddd239803988c3f9a64aeee314cd032eb1d9d1ebfe26a8d2", "3fb4c8d385d957154279efc406c309134ec41bfe1e0a6c536be9c20ffd2850b6", "2b2c302f12a0cf798e3621efe73064f0e938643956c07668fd8b54451b9acaec", "031c093a692f78038810f3249aacaf17b29b579432cabebe0344136c5812d1d4", "367b0bcfe9894c93d7c2f9993a8ecbea7b0c16d6992752afd97e8a749a3f80af", "19291bfe2f477f9a462f7bfec2a1a29ba596b8693b0f3130eb1fd2c532312b54", "0a34c917f81a02e080f92d9c5a4fe2c134da87861ea9e8cf54a99e027aa02583", "772d9f798c5e823b84daa0928beb65722bdddf42e8bb18256a50dbaea959c321", "396d98aeca3665a187a2b31fb0b7e026181a4f4c11876fa62a5723caa2016af5", "1e1fb567710358f2f81e72642528581e08807786da92014303979f5fdd7149bc"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-header-timestamp-prior", "hashes": ["dbadd8ebf537bb963eab01f6a4a6b333dcc565113e94a072ae7eabd310490c6a", "42b634f4a218d5093a94881b1548667722f87fa38d915a97fe126996ddf3c4ca", "3ea57948ea5e4758ef408714b2ae55c1d214f605f8f2b776f0518a681cf7529e", "20da9b41f6f1c34732f193eb011f1b9bd25c29289fb687bfcfd14f74d14d6689", "0b8922eb675b84835d295358355ed825b98ba56f6ad2fb5a246a39dc2422a74a", "04cebc586fb7609a622cb97edc1648efe1dd5109d8bfa8e6a5c65fd06e8a8c4a", "1c5e0c66477b508177bd9da97721bb97607f65374dedfddc711057aecc15aed5", "0042a5fcd4c4e430c71d076dc5c95eac93069d77dfe821f412285bac7fa4597b", "289a9718bf44f945cd95db839964ab225e347ac7490a5c89c8aa0a93f6474895", "02f2e2f38004334f9c00f100f8eb03c80b85e25bf3fae085c1f2b1289d4cdce3", "05f2cbf468cbc1f49fa11344598a33343463c6a1b98e41a61e715b5a8e046d4a", "38e9b92df247ef59650d723e0b04edeec9e7bc6983176edaa8c87cec9facbed5", "09023da9a9c788b0b4f8fe97555f3f4487b37f29e64431c6dcfb269bfcdaeef3", "46760a3057ab75e01adda1a49b4a156282a4ab596db0053bb59b5f1be57650f5", "42a65e0d026b317b0ebe217180e5391e77c7d10f4938ac14a5884ff684816679", "3f32dd4bdc512625ffbd05bb51c49bbb5500d63bb68a89826c1f2744601bc38c", "1f93e1ad55e298fdade05c00dd0220ca9d3b26ab8044310388357ab0b900cefa", "2b271dd0350ebce6ddd239803988c3f9a64aeee314cd032eb1d9d1ebfe26a8d2", "3fb4c8d385d957154279efc406c309134ec41bfe1e0a6c536be9c20ffd2850b6", "2b2c302f12a0cf798e3621efe73064f0e938643956c07668fd8b54451b9acaec", "031c093a692f78038810f3249aacaf17b29b579432cabebe0344136c5812d1d4", "367b0bcfe9894c93d7c2f9993a8ecbea7b0c16d6992752afd97e8a749a3f80af", "19291bfe2f477f9a462f7bfec2a1a29ba596b8693b0f3130eb1fd2c532312b54", "0a34c917f81a02e080f92d9c5a4fe2c134da87861ea9e8cf54a99e027aa02583", "772d9f798c5e823b84daa0928beb65722bdddf42e8bb18256a50dbaea959c321", "396d98aeca3665a187a2b31fb0b7e026181a4f4c11876fa62a5723caa2016af5", "1e1fb567710358f2f81e72642528581e08807786da92014303979f5fdd7149bc"], "mitre_attack_tags": []}, {"bi": "pe-section-shared", "hashes": ["dbadd8ebf537bb963eab01f6a4a6b333dcc565113e94a072ae7eabd310490c6a", "42b634f4a218d5093a94881b1548667722f87fa38d915a97fe126996ddf3c4ca", "3ea57948ea5e4758ef408714b2ae55c1d214f605f8f2b776f0518a681cf7529e", "20da9b41f6f1c34732f193eb011f1b9bd25c29289fb687bfcfd14f74d14d6689", "0b8922eb675b84835d295358355ed825b98ba56f6ad2fb5a246a39dc2422a74a", "04cebc586fb7609a622cb97edc1648efe1dd5109d8bfa8e6a5c65fd06e8a8c4a", "1c5e0c66477b508177bd9da97721bb97607f65374dedfddc711057aecc15aed5", "0042a5fcd4c4e430c71d076dc5c95eac93069d77dfe821f412285bac7fa4597b", "289a9718bf44f945cd95db839964ab225e347ac7490a5c89c8aa0a93f6474895", "02f2e2f38004334f9c00f100f8eb03c80b85e25bf3fae085c1f2b1289d4cdce3", "05f2cbf468cbc1f49fa11344598a33343463c6a1b98e41a61e715b5a8e046d4a", "38e9b92df247ef59650d723e0b04edeec9e7bc6983176edaa8c87cec9facbed5", "09023da9a9c788b0b4f8fe97555f3f4487b37f29e64431c6dcfb269bfcdaeef3", "46760a3057ab75e01adda1a49b4a156282a4ab596db0053bb59b5f1be57650f5", "42a65e0d026b317b0ebe217180e5391e77c7d10f4938ac14a5884ff684816679", "3f32dd4bdc512625ffbd05bb51c49bbb5500d63bb68a89826c1f2744601bc38c", "1f93e1ad55e298fdade05c00dd0220ca9d3b26ab8044310388357ab0b900cefa", "2b271dd0350ebce6ddd239803988c3f9a64aeee314cd032eb1d9d1ebfe26a8d2", "3fb4c8d385d957154279efc406c309134ec41bfe1e0a6c536be9c20ffd2850b6", "2b2c302f12a0cf798e3621efe73064f0e938643956c07668fd8b54451b9acaec", "031c093a692f78038810f3249aacaf17b29b579432cabebe0344136c5812d1d4", "367b0bcfe9894c93d7c2f9993a8ecbea7b0c16d6992752afd97e8a749a3f80af", "19291bfe2f477f9a462f7bfec2a1a29ba596b8693b0f3130eb1fd2c532312b54", "0a34c917f81a02e080f92d9c5a4fe2c134da87861ea9e8cf54a99e027aa02583", "772d9f798c5e823b84daa0928beb65722bdddf42e8bb18256a50dbaea959c321", "396d98aeca3665a187a2b31fb0b7e026181a4f4c11876fa62a5723caa2016af5", "1e1fb567710358f2f81e72642528581e08807786da92014303979f5fdd7149bc"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "memory-execute-readwrite", "hashes": ["dbadd8ebf537bb963eab01f6a4a6b333dcc565113e94a072ae7eabd310490c6a", "42b634f4a218d5093a94881b1548667722f87fa38d915a97fe126996ddf3c4ca", "3ea57948ea5e4758ef408714b2ae55c1d214f605f8f2b776f0518a681cf7529e", "20da9b41f6f1c34732f193eb011f1b9bd25c29289fb687bfcfd14f74d14d6689", "0b8922eb675b84835d295358355ed825b98ba56f6ad2fb5a246a39dc2422a74a", "04cebc586fb7609a622cb97edc1648efe1dd5109d8bfa8e6a5c65fd06e8a8c4a", "1c5e0c66477b508177bd9da97721bb97607f65374dedfddc711057aecc15aed5", "0042a5fcd4c4e430c71d076dc5c95eac93069d77dfe821f412285bac7fa4597b", "289a9718bf44f945cd95db839964ab225e347ac7490a5c89c8aa0a93f6474895", "02f2e2f38004334f9c00f100f8eb03c80b85e25bf3fae085c1f2b1289d4cdce3", "05f2cbf468cbc1f49fa11344598a33343463c6a1b98e41a61e715b5a8e046d4a", "38e9b92df247ef59650d723e0b04edeec9e7bc6983176edaa8c87cec9facbed5", "09023da9a9c788b0b4f8fe97555f3f4487b37f29e64431c6dcfb269bfcdaeef3", "42a65e0d026b317b0ebe217180e5391e77c7d10f4938ac14a5884ff684816679", "3f32dd4bdc512625ffbd05bb51c49bbb5500d63bb68a89826c1f2744601bc38c", "1f93e1ad55e298fdade05c00dd0220ca9d3b26ab8044310388357ab0b900cefa", "2b271dd0350ebce6ddd239803988c3f9a64aeee314cd032eb1d9d1ebfe26a8d2", "3fb4c8d385d957154279efc406c309134ec41bfe1e0a6c536be9c20ffd2850b6", "2b2c302f12a0cf798e3621efe73064f0e938643956c07668fd8b54451b9acaec", "031c093a692f78038810f3249aacaf17b29b579432cabebe0344136c5812d1d4", "367b0bcfe9894c93d7c2f9993a8ecbea7b0c16d6992752afd97e8a749a3f80af", "19291bfe2f477f9a462f7bfec2a1a29ba596b8693b0f3130eb1fd2c532312b54", "0a34c917f81a02e080f92d9c5a4fe2c134da87861ea9e8cf54a99e027aa02583", "772d9f798c5e823b84daa0928beb65722bdddf42e8bb18256a50dbaea959c321", "396d98aeca3665a187a2b31fb0b7e026181a4f4c11876fa62a5723caa2016af5", "1e1fb567710358f2f81e72642528581e08807786da92014303979f5fdd7149bc"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "pe-encrypted-section", "hashes": ["3ea57948ea5e4758ef408714b2ae55c1d214f605f8f2b776f0518a681cf7529e", "0b8922eb675b84835d295358355ed825b98ba56f6ad2fb5a246a39dc2422a74a", "04cebc586fb7609a622cb97edc1648efe1dd5109d8bfa8e6a5c65fd06e8a8c4a", "1c5e0c66477b508177bd9da97721bb97607f65374dedfddc711057aecc15aed5", "0042a5fcd4c4e430c71d076dc5c95eac93069d77dfe821f412285bac7fa4597b", "289a9718bf44f945cd95db839964ab225e347ac7490a5c89c8aa0a93f6474895", "02f2e2f38004334f9c00f100f8eb03c80b85e25bf3fae085c1f2b1289d4cdce3", "05f2cbf468cbc1f49fa11344598a33343463c6a1b98e41a61e715b5a8e046d4a", "38e9b92df247ef59650d723e0b04edeec9e7bc6983176edaa8c87cec9facbed5", "09023da9a9c788b0b4f8fe97555f3f4487b37f29e64431c6dcfb269bfcdaeef3", "3f32dd4bdc512625ffbd05bb51c49bbb5500d63bb68a89826c1f2744601bc38c", "3fb4c8d385d957154279efc406c309134ec41bfe1e0a6c536be9c20ffd2850b6", "2b2c302f12a0cf798e3621efe73064f0e938643956c07668fd8b54451b9acaec", "031c093a692f78038810f3249aacaf17b29b579432cabebe0344136c5812d1d4", "367b0bcfe9894c93d7c2f9993a8ecbea7b0c16d6992752afd97e8a749a3f80af", "19291bfe2f477f9a462f7bfec2a1a29ba596b8693b0f3130eb1fd2c532312b54", "0a34c917f81a02e080f92d9c5a4fe2c134da87861ea9e8cf54a99e027aa02583", "1e1fb567710358f2f81e72642528581e08807786da92014303979f5fdd7149bc"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "antivirus-flagged-artifact", "hashes": ["dbadd8ebf537bb963eab01f6a4a6b333dcc565113e94a072ae7eabd310490c6a", "2b2c302f12a0cf798e3621efe73064f0e938643956c07668fd8b54451b9acaec", "772d9f798c5e823b84daa0928beb65722bdddf42e8bb18256a50dbaea959c321"], "mitre_attack_tags": []}, {"bi": "modified-file-in-user-dir", "hashes": ["dbadd8ebf537bb963eab01f6a4a6b333dcc565113e94a072ae7eabd310490c6a", "0042a5fcd4c4e430c71d076dc5c95eac93069d77dfe821f412285bac7fa4597b"], "mitre_attack_tags": []}, {"bi": "malware-known-trojan-av", "hashes": ["dbadd8ebf537bb963eab01f6a4a6b333dcc565113e94a072ae7eabd310490c6a", "2b2c302f12a0cf798e3621efe73064f0e938643956c07668fd8b54451b9acaec"], "mitre_attack_tags": []}, {"bi": "artifact-flagged-anomaly", "hashes": ["42a65e0d026b317b0ebe217180e5391e77c7d10f4938ac14a5884ff684816679", "3f32dd4bdc512625ffbd05bb51c49bbb5500d63bb68a89826c1f2744601bc38c"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "dns-query-nxdomain", "hashes": ["dbadd8ebf537bb963eab01f6a4a6b333dcc565113e94a072ae7eabd310490c6a"], "mitre_attack_tags": []}, {"bi": "netbios-query", "hashes": ["dbadd8ebf537bb963eab01f6a4a6b333dcc565113e94a072ae7eabd310490c6a"], "mitre_attack_tags": ["TA0007", "T1016"]}, {"bi": "feed-domain-rat", "hashes": ["dbadd8ebf537bb963eab01f6a4a6b333dcc565113e94a072ae7eabd310490c6a"], "mitre_attack_tags": []}, {"bi": "feed-domain-antivirus-service", "hashes": ["dbadd8ebf537bb963eab01f6a4a6b333dcc565113e94a072ae7eabd310490c6a"], "mitre_attack_tags": []}, {"bi": "file-ini-read", "hashes": ["dbadd8ebf537bb963eab01f6a4a6b333dcc565113e94a072ae7eabd310490c6a"], "mitre_attack_tags": []}, {"bi": "malware-lokibot-mutex-detected", "hashes": ["dbadd8ebf537bb963eab01f6a4a6b333dcc565113e94a072ae7eabd310490c6a"], "mitre_attack_tags": []}, {"bi": "windows-vault-api", "hashes": ["dbadd8ebf537bb963eab01f6a4a6b333dcc565113e94a072ae7eabd310490c6a"], "mitre_attack_tags": ["TA0006", "T1003", "T1555"]}, {"bi": "deleted-submitted-file", "hashes": ["dbadd8ebf537bb963eab01f6a4a6b333dcc565113e94a072ae7eabd310490c6a"], "mitre_attack_tags": ["TA0005"]}, {"bi": "firefox-password-manager-local-database-access", "hashes": ["dbadd8ebf537bb963eab01f6a4a6b333dcc565113e94a072ae7eabd310490c6a"], "mitre_attack_tags": ["TA0006", "T1003"]}, {"bi": "enumeration-browser-information", "hashes": ["dbadd8ebf537bb963eab01f6a4a6b333dcc565113e94a072ae7eabd310490c6a"], "mitre_attack_tags": ["TA0007", "TA0009", "TA0006", "T1083", "T1217", "T1005", "T1119", "T1552", "T1539", "T1555"]}, {"bi": "pe-uses-heavens-gate", "hashes": ["dbadd8ebf537bb963eab01f6a4a6b333dcc565113e94a072ae7eabd310490c6a"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "windows-crash-tool-execution-detected", "hashes": ["0042a5fcd4c4e430c71d076dc5c95eac93069d77dfe821f412285bac7fa4597b"], "mitre_attack_tags": []}, {"bi": "crash-dump-file-created", "hashes": ["0042a5fcd4c4e430c71d076dc5c95eac93069d77dfe821f412285bac7fa4597b"], "mitre_attack_tags": []}, {"bi": "fault-report-file-created", "hashes": ["0042a5fcd4c4e430c71d076dc5c95eac93069d77dfe821f412285bac7fa4597b"], "mitre_attack_tags": []}, {"bi": "pe-resource-lang-russian", "hashes": ["3f32dd4bdc512625ffbd05bb51c49bbb5500d63bb68a89826c1f2744601bc38c"], "mitre_attack_tags": []}], "category": "Dropper", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": false, "Threat Grid": true, "Umbrella": false, "WSA": false}, "description": "Lokibot is an information-stealing malware designed to siphon off sensitive information stored on an infected device.  It is modular in nature, supporting the ability to steal sensitive information from a number of popular applications.  It is commonly pushed via malicious documents delivered via spam emails.", "hashes": ["0042a5fcd4c4e430c71d076dc5c95eac93069d77dfe821f412285bac7fa4597b", "02f2e2f38004334f9c00f100f8eb03c80b85e25bf3fae085c1f2b1289d4cdce3", "031c093a692f78038810f3249aacaf17b29b579432cabebe0344136c5812d1d4", "04cebc586fb7609a622cb97edc1648efe1dd5109d8bfa8e6a5c65fd06e8a8c4a", "05f2cbf468cbc1f49fa11344598a33343463c6a1b98e41a61e715b5a8e046d4a", "09023da9a9c788b0b4f8fe97555f3f4487b37f29e64431c6dcfb269bfcdaeef3", "0a34c917f81a02e080f92d9c5a4fe2c134da87861ea9e8cf54a99e027aa02583", "0b8922eb675b84835d295358355ed825b98ba56f6ad2fb5a246a39dc2422a74a", "19291bfe2f477f9a462f7bfec2a1a29ba596b8693b0f3130eb1fd2c532312b54", "1c5e0c66477b508177bd9da97721bb97607f65374dedfddc711057aecc15aed5", "1e1fb567710358f2f81e72642528581e08807786da92014303979f5fdd7149bc", "1f93e1ad55e298fdade05c00dd0220ca9d3b26ab8044310388357ab0b900cefa", "20da9b41f6f1c34732f193eb011f1b9bd25c29289fb687bfcfd14f74d14d6689", "289a9718bf44f945cd95db839964ab225e347ac7490a5c89c8aa0a93f6474895", "2b271dd0350ebce6ddd239803988c3f9a64aeee314cd032eb1d9d1ebfe26a8d2", "2b2c302f12a0cf798e3621efe73064f0e938643956c07668fd8b54451b9acaec", "367b0bcfe9894c93d7c2f9993a8ecbea7b0c16d6992752afd97e8a749a3f80af", "38e9b92df247ef59650d723e0b04edeec9e7bc6983176edaa8c87cec9facbed5", "396d98aeca3665a187a2b31fb0b7e026181a4f4c11876fa62a5723caa2016af5", "3ea57948ea5e4758ef408714b2ae55c1d214f605f8f2b776f0518a681cf7529e", "3f32dd4bdc512625ffbd05bb51c49bbb5500d63bb68a89826c1f2744601bc38c", "3fb4c8d385d957154279efc406c309134ec41bfe1e0a6c536be9c20ffd2850b6", "42a65e0d026b317b0ebe217180e5391e77c7d10f4938ac14a5884ff684816679", "42b634f4a218d5093a94881b1548667722f87fa38d915a97fe126996ddf3c4ca", "46760a3057ab75e01adda1a49b4a156282a4ab596db0053bb59b5f1be57650f5", "4ac0362fb79f964eff663a09925203056b10528a2240d10f9724144c2e854308", "4dfd634128bf5d8f421ac3fea7855fe8c22afb764f7d58debd083922daaeea67", "5173f73d798ab2b1313eaf242a17199db948fa8ca5198759938b93b74c1c1d39", "5a9f7e86641f69c1fb4e6e8b5b49e853933eed19d77c1d0bf721c21d90aca78e", "5aa585dad11e41a55590594198a9b2352f550ab6908010d67587dc35f017333c", "5e7e30cf823144895e4a14c480482eef1995e3edeb059dcd17f3d42376abffc3", "631ad62f11b092e92b58abfc094c45558a6af922ca870d939e0eaf946842d187", "63e54ad6d22c5669ff7f1d1a873f61944d54be413ca25159e145a15a19d7ad29", "695c2d70c8199e96454708c5900f8c266b3a8f6c5649524a78825cb4a5f6a654", "6da4424ab7525d8da6f1009f732ef0b475262271ef83c07d859103dc34a7ed61", "6f0ecca8f8afbc833633245be93dccc6c8178d9f1f7275c46177e41683c43f96", "74fdbac3c3aa8457540ef36a6774f0ffc64ee85df0361cc412add295f75fdbc2", "7664f08b84052c17242d227d750ff013c6aed7e5f9bc710c2fc7dcd988bf2b2c", "772d9f798c5e823b84daa0928beb65722bdddf42e8bb18256a50dbaea959c321", "7ca53e95fb208e13f835f06faae57350037f7323ad2a171c8c99634063839976", "8642b04ee84b2326ae81644e6f4041fe9fc590a87150e41c611550ab471fbe98", "8f28fc7afd6c15c614344b86af3b2dd848f02c209f345ee89a512616d38b5984", "8f34ead58ebf3514c68738a993e2a3df36866b4953ece9df95068a2f4fc89fdf", "93bc3fdf0a7efba8911f03e40500d074716befebc14a7db2882882c5d103032d", "9435d259fa9a14162d7843f8e2fa5236dd6950a5c73fbfbc4c8495ea0b23ef77", "94d41ff042422f0620d1ecbc89a78ed1402c534be36edd3890b2bb21aed78dac", "963478f8711ceb6f27212a382b924d0b3156e4d3e681fecdc0e7cf42a5be6a81", "9a5e7ae4461270f694b63a1ed674e688b47182eea37ca64e1a4d010b235012ea", "9abf39be9a4b489437cc859b574a69f44c059e367cbed84b6fc21c63fc659285", "9b194c6994ddbfafdc13e0c05aae7a5adc7176d4e8b7b14fe4710b44c9bea8c5", "9dd7258f19a5fdfa34c8021dc401ebffd0af173da26dea0c31cb697a1c0c986c", "9f546ac6e7a72757bf1547f502e521cd1b84ca7844512df25224741e1b0b8921", "a35cc644fa108faf3d586622599a5bc14c24266650e3420b5632209615d57ed9", "a5602784ad648dc3f22f2b398642f489bbe924e6493b864e3a4cc5addf6d5fa0", "a56d6983b80989603c1141958a32fa3dd1d02d91c6c43a14b774e0507c5f8fa8", "a8e6da6815b08c172e5db10b94baa88f98dc2c8fe21cdcf1b9711e29e6dd204c", "ac561cfd59c861639ee640b292f91f5fa4ce0e1be908b624d58c9979aad83088", "bf0ed26e59b6caec7070d37c65d4f6bfbbf1b514669ebd042e0d8fc76f250d99", "c03108df0fb558489399d836e7a2e86d867623ee9e57efd75719d96fec008392", "c28b30dc72573d2ee416517d9eb0a0892df336f9e6b86f1c85204ee7696f6ccb", "c97121828a912bd0012d4c0919ba254ccfd86d11bf66a2ebfd49ee4a9a26188d", "cdac24d8d42df2be66ffb635b9b4c1a616007f80aa2bbeb57bd00dad91b4ea8b", "d9ecd34cebac3d9c86961c51dd3105aaf33ea64c3b27deb332856708def66905", "db93d4899912ccffab927db5fb87ef64e0c666d01f099afa45466a47d6f49dd1", "dbadd8ebf537bb963eab01f6a4a6b333dcc565113e94a072ae7eabd310490c6a", "dbd36cb21f35fb9f108ccbdb40487e00a2dafe3da7175703b12c709f2e76ebaa", "dce1a677637e0db1d6059c80bc87cff4b4bdc26f476f0a61d8d40efe19b9d432", "e10f7aca8eae7582e33a67e63beec5aae0ecf1a337a8884a30a1ca8bfc6b7ba7", "e2eb08fdc51ea67d1e0842efc48e94084d9a4d3a96e84e711694082103c0d69e", "ec3a6e0a12f0475cee436ed78e0bcfd36c3a45d8b753573719ff4a03bc575877", "f03f2b05146e9e6d8ea77b8c0eed52a69c86695c883a2b6d84a40691fc40f9f7", "f2b86db10b4c181e373e09079f3d4ffc25f91b3782715f6ba0d918bdc73d7234", "f38c6f94d97d909b18c64e81c2025be5b00fd111e3ab682f97a785b585d6c626", "f970f425317094a02f933b3a0134861044f665ab0841b6d48261309a107a41bb", "fe40f499aa3c7c674ce1b6914e49cf2129f921c43b5b8891d122e4972e423bfc"], "iocs": {"domain": [{"hashes": ["dbadd8ebf537bb963eab01f6a4a6b333dcc565113e94a072ae7eabd310490c6a"], "host": "sibiusmart[.]ro"}], "file": [{"hashes": ["dbadd8ebf537bb963eab01f6a4a6b333dcc565113e94a072ae7eabd310490c6a"], "path": "%APPDATA%\\D282E1"}, {"hashes": ["dbadd8ebf537bb963eab01f6a4a6b333dcc565113e94a072ae7eabd310490c6a"], "path": "%APPDATA%\\D282E1\\1E80C5.lck"}, {"hashes": ["dbadd8ebf537bb963eab01f6a4a6b333dcc565113e94a072ae7eabd310490c6a"], "path": "%APPDATA%\\Microsoft\\Crypto\\RSA\\S-1-5-21-2580483871-590521980-3826313501-500\\a18ca4003deb042bbee7a40f15e1970b_d19ab989-a35f-4710-83df-7b2db7efe7c5"}], "ip": [], "mutex": [{"hashes": ["dbadd8ebf537bb963eab01f6a4a6b333dcc565113e94a072ae7eabd310490c6a"], "name": "3749282D282E1E80C56CAE5A"}, {"hashes": ["0042a5fcd4c4e430c71d076dc5c95eac93069d77dfe821f412285bac7fa4597b"], "name": "Global\\f5549e21-9b80-11ed-9660-00151711fe83"}], "registry": []}, "reports_count": 27}, "Win.Dropper.Nanocore-9985222-0": {"bis": [{"bi": "pe-encrypted-section", "hashes": ["90ab59d30c731411c996564775e58c6769535fd39e7ff51c48b690767c10f9e9", "371f8375dde28de80b098d9e808df9de07a5d8f0ab13d086325984d73a9cd5ed", "70d209addc0fea8ad36babd76a4b11f247dc11c9d8c1b48fffaf4b0e38efe886", "53d55a9c88eb76405269ee02a4c4818214be23b6793b348d817ebc764506e5af", "cf0f97b4319ac18159cf02f905f91d07d4fe70722aefef70e32abe1b1fab9e7e", "5fc15dd06f8ba66498c9865d6e82e6ff79c1f75284c5416ecb67baa8a604fa97", "0829ed65c94d0ad265f99961d35fe56915c7b506671ae27a4ff6cae75e49cc66", "2563e0db2599ab4c5d01fa046bc0706572b17a532ce52754f2977a735d8fbf01", "fe8dfa5a692cbfdcc238b360d8e7e2f07b673d7d7645d9d2a2eabd245213457c", "1273b8a3054090fdf04f696dd22f284639ccb57afe9aa0a657d6fdb8fbdd3bd1", "7b9a9c4a56b756b499574a593ce6c5632f8a513abc4fd9a61844f211ffc672c8", "b388b8fefb3086f17b010cb86fd23957822e9d913b8d99d5ed786c7969fbaf78", "cbf8d74421e9309ac79fd0556ef85c3b16e2bcf03fa196a5947eb3d0815cb1e6", "f7775262c09407cd3a8012620dd858aee083d645346d5419a4e16cff96eac373", "c8d7e38a611b60fe03397645b2ae0b3bc2aaa9604c68c81f0baf6565b813fb35", "ba846910ae2ae36a36f62eeaac3d693228dbe07d32484d23795414d5ac5908ff", "148a552de9c74376c409b18f2731c4dba0131c520c04a0cccb0af3364469bb73", "3b704635a48f9ff94d44f0019e874ed71ddbc220bc3ce9f3cd7df38df120642a"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "memory-execute-readwrite", "hashes": ["90ab59d30c731411c996564775e58c6769535fd39e7ff51c48b690767c10f9e9", "371f8375dde28de80b098d9e808df9de07a5d8f0ab13d086325984d73a9cd5ed", "70d209addc0fea8ad36babd76a4b11f247dc11c9d8c1b48fffaf4b0e38efe886", "53d55a9c88eb76405269ee02a4c4818214be23b6793b348d817ebc764506e5af", "cf0f97b4319ac18159cf02f905f91d07d4fe70722aefef70e32abe1b1fab9e7e", "5fc15dd06f8ba66498c9865d6e82e6ff79c1f75284c5416ecb67baa8a604fa97", "0829ed65c94d0ad265f99961d35fe56915c7b506671ae27a4ff6cae75e49cc66", "2563e0db2599ab4c5d01fa046bc0706572b17a532ce52754f2977a735d8fbf01", "fe8dfa5a692cbfdcc238b360d8e7e2f07b673d7d7645d9d2a2eabd245213457c", "1273b8a3054090fdf04f696dd22f284639ccb57afe9aa0a657d6fdb8fbdd3bd1", "7b9a9c4a56b756b499574a593ce6c5632f8a513abc4fd9a61844f211ffc672c8", "b388b8fefb3086f17b010cb86fd23957822e9d913b8d99d5ed786c7969fbaf78", "cbf8d74421e9309ac79fd0556ef85c3b16e2bcf03fa196a5947eb3d0815cb1e6", "f7775262c09407cd3a8012620dd858aee083d645346d5419a4e16cff96eac373", "c8d7e38a611b60fe03397645b2ae0b3bc2aaa9604c68c81f0baf6565b813fb35", "ba846910ae2ae36a36f62eeaac3d693228dbe07d32484d23795414d5ac5908ff", "148a552de9c74376c409b18f2731c4dba0131c520c04a0cccb0af3364469bb73", "3b704635a48f9ff94d44f0019e874ed71ddbc220bc3ce9f3cd7df38df120642a"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["90ab59d30c731411c996564775e58c6769535fd39e7ff51c48b690767c10f9e9", "371f8375dde28de80b098d9e808df9de07a5d8f0ab13d086325984d73a9cd5ed", "70d209addc0fea8ad36babd76a4b11f247dc11c9d8c1b48fffaf4b0e38efe886", "53d55a9c88eb76405269ee02a4c4818214be23b6793b348d817ebc764506e5af", "cf0f97b4319ac18159cf02f905f91d07d4fe70722aefef70e32abe1b1fab9e7e", "5fc15dd06f8ba66498c9865d6e82e6ff79c1f75284c5416ecb67baa8a604fa97", "0829ed65c94d0ad265f99961d35fe56915c7b506671ae27a4ff6cae75e49cc66", "2563e0db2599ab4c5d01fa046bc0706572b17a532ce52754f2977a735d8fbf01", "fe8dfa5a692cbfdcc238b360d8e7e2f07b673d7d7645d9d2a2eabd245213457c", "1273b8a3054090fdf04f696dd22f284639ccb57afe9aa0a657d6fdb8fbdd3bd1", "7b9a9c4a56b756b499574a593ce6c5632f8a513abc4fd9a61844f211ffc672c8", "b388b8fefb3086f17b010cb86fd23957822e9d913b8d99d5ed786c7969fbaf78", "cbf8d74421e9309ac79fd0556ef85c3b16e2bcf03fa196a5947eb3d0815cb1e6", "f7775262c09407cd3a8012620dd858aee083d645346d5419a4e16cff96eac373", "c8d7e38a611b60fe03397645b2ae0b3bc2aaa9604c68c81f0baf6565b813fb35", "ba846910ae2ae36a36f62eeaac3d693228dbe07d32484d23795414d5ac5908ff", "148a552de9c74376c409b18f2731c4dba0131c520c04a0cccb0af3364469bb73", "3b704635a48f9ff94d44f0019e874ed71ddbc220bc3ce9f3cd7df38df120642a"], "mitre_attack_tags": []}, {"bi": "excessive-foreign-memory-modification", "hashes": ["90ab59d30c731411c996564775e58c6769535fd39e7ff51c48b690767c10f9e9", "371f8375dde28de80b098d9e808df9de07a5d8f0ab13d086325984d73a9cd5ed", "70d209addc0fea8ad36babd76a4b11f247dc11c9d8c1b48fffaf4b0e38efe886", "53d55a9c88eb76405269ee02a4c4818214be23b6793b348d817ebc764506e5af", "cf0f97b4319ac18159cf02f905f91d07d4fe70722aefef70e32abe1b1fab9e7e", "5fc15dd06f8ba66498c9865d6e82e6ff79c1f75284c5416ecb67baa8a604fa97", "0829ed65c94d0ad265f99961d35fe56915c7b506671ae27a4ff6cae75e49cc66", "2563e0db2599ab4c5d01fa046bc0706572b17a532ce52754f2977a735d8fbf01", "fe8dfa5a692cbfdcc238b360d8e7e2f07b673d7d7645d9d2a2eabd245213457c", "1273b8a3054090fdf04f696dd22f284639ccb57afe9aa0a657d6fdb8fbdd3bd1", "7b9a9c4a56b756b499574a593ce6c5632f8a513abc4fd9a61844f211ffc672c8", "b388b8fefb3086f17b010cb86fd23957822e9d913b8d99d5ed786c7969fbaf78", "cbf8d74421e9309ac79fd0556ef85c3b16e2bcf03fa196a5947eb3d0815cb1e6", "f7775262c09407cd3a8012620dd858aee083d645346d5419a4e16cff96eac373", "c8d7e38a611b60fe03397645b2ae0b3bc2aaa9604c68c81f0baf6565b813fb35", "ba846910ae2ae36a36f62eeaac3d693228dbe07d32484d23795414d5ac5908ff", "148a552de9c74376c409b18f2731c4dba0131c520c04a0cccb0af3364469bb73", "3b704635a48f9ff94d44f0019e874ed71ddbc220bc3ce9f3cd7df38df120642a"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "pe-uses-dot-net", "hashes": ["90ab59d30c731411c996564775e58c6769535fd39e7ff51c48b690767c10f9e9", "371f8375dde28de80b098d9e808df9de07a5d8f0ab13d086325984d73a9cd5ed", "70d209addc0fea8ad36babd76a4b11f247dc11c9d8c1b48fffaf4b0e38efe886", "53d55a9c88eb76405269ee02a4c4818214be23b6793b348d817ebc764506e5af", "cf0f97b4319ac18159cf02f905f91d07d4fe70722aefef70e32abe1b1fab9e7e", "5fc15dd06f8ba66498c9865d6e82e6ff79c1f75284c5416ecb67baa8a604fa97", "0829ed65c94d0ad265f99961d35fe56915c7b506671ae27a4ff6cae75e49cc66", "2563e0db2599ab4c5d01fa046bc0706572b17a532ce52754f2977a735d8fbf01", "fe8dfa5a692cbfdcc238b360d8e7e2f07b673d7d7645d9d2a2eabd245213457c", "1273b8a3054090fdf04f696dd22f284639ccb57afe9aa0a657d6fdb8fbdd3bd1", "7b9a9c4a56b756b499574a593ce6c5632f8a513abc4fd9a61844f211ffc672c8", "b388b8fefb3086f17b010cb86fd23957822e9d913b8d99d5ed786c7969fbaf78", "cbf8d74421e9309ac79fd0556ef85c3b16e2bcf03fa196a5947eb3d0815cb1e6", "f7775262c09407cd3a8012620dd858aee083d645346d5419a4e16cff96eac373", "c8d7e38a611b60fe03397645b2ae0b3bc2aaa9604c68c81f0baf6565b813fb35", "ba846910ae2ae36a36f62eeaac3d693228dbe07d32484d23795414d5ac5908ff", "148a552de9c74376c409b18f2731c4dba0131c520c04a0cccb0af3364469bb73", "3b704635a48f9ff94d44f0019e874ed71ddbc220bc3ce9f3cd7df38df120642a"], "mitre_attack_tags": []}, {"bi": "pe-header-linker-major", "hashes": ["90ab59d30c731411c996564775e58c6769535fd39e7ff51c48b690767c10f9e9", "371f8375dde28de80b098d9e808df9de07a5d8f0ab13d086325984d73a9cd5ed", "70d209addc0fea8ad36babd76a4b11f247dc11c9d8c1b48fffaf4b0e38efe886", "53d55a9c88eb76405269ee02a4c4818214be23b6793b348d817ebc764506e5af", "cf0f97b4319ac18159cf02f905f91d07d4fe70722aefef70e32abe1b1fab9e7e", "5fc15dd06f8ba66498c9865d6e82e6ff79c1f75284c5416ecb67baa8a604fa97", "0829ed65c94d0ad265f99961d35fe56915c7b506671ae27a4ff6cae75e49cc66", "2563e0db2599ab4c5d01fa046bc0706572b17a532ce52754f2977a735d8fbf01", "fe8dfa5a692cbfdcc238b360d8e7e2f07b673d7d7645d9d2a2eabd245213457c", "1273b8a3054090fdf04f696dd22f284639ccb57afe9aa0a657d6fdb8fbdd3bd1", "7b9a9c4a56b756b499574a593ce6c5632f8a513abc4fd9a61844f211ffc672c8", "b388b8fefb3086f17b010cb86fd23957822e9d913b8d99d5ed786c7969fbaf78", "cbf8d74421e9309ac79fd0556ef85c3b16e2bcf03fa196a5947eb3d0815cb1e6", "f7775262c09407cd3a8012620dd858aee083d645346d5419a4e16cff96eac373", "c8d7e38a611b60fe03397645b2ae0b3bc2aaa9604c68c81f0baf6565b813fb35", "ba846910ae2ae36a36f62eeaac3d693228dbe07d32484d23795414d5ac5908ff", "148a552de9c74376c409b18f2731c4dba0131c520c04a0cccb0af3364469bb73", "3b704635a48f9ff94d44f0019e874ed71ddbc220bc3ce9f3cd7df38df120642a"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "sample-launched-copy-of-self", "hashes": ["90ab59d30c731411c996564775e58c6769535fd39e7ff51c48b690767c10f9e9", "371f8375dde28de80b098d9e808df9de07a5d8f0ab13d086325984d73a9cd5ed", "70d209addc0fea8ad36babd76a4b11f247dc11c9d8c1b48fffaf4b0e38efe886", "cf0f97b4319ac18159cf02f905f91d07d4fe70722aefef70e32abe1b1fab9e7e", "5fc15dd06f8ba66498c9865d6e82e6ff79c1f75284c5416ecb67baa8a604fa97", "0829ed65c94d0ad265f99961d35fe56915c7b506671ae27a4ff6cae75e49cc66", "2563e0db2599ab4c5d01fa046bc0706572b17a532ce52754f2977a735d8fbf01", "fe8dfa5a692cbfdcc238b360d8e7e2f07b673d7d7645d9d2a2eabd245213457c", "1273b8a3054090fdf04f696dd22f284639ccb57afe9aa0a657d6fdb8fbdd3bd1", "7b9a9c4a56b756b499574a593ce6c5632f8a513abc4fd9a61844f211ffc672c8", "b388b8fefb3086f17b010cb86fd23957822e9d913b8d99d5ed786c7969fbaf78", "cbf8d74421e9309ac79fd0556ef85c3b16e2bcf03fa196a5947eb3d0815cb1e6", "c8d7e38a611b60fe03397645b2ae0b3bc2aaa9604c68c81f0baf6565b813fb35", "ba846910ae2ae36a36f62eeaac3d693228dbe07d32484d23795414d5ac5908ff", "3b704635a48f9ff94d44f0019e874ed71ddbc220bc3ce9f3cd7df38df120642a"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "file-ini-read", "hashes": ["90ab59d30c731411c996564775e58c6769535fd39e7ff51c48b690767c10f9e9", "70d209addc0fea8ad36babd76a4b11f247dc11c9d8c1b48fffaf4b0e38efe886", "53d55a9c88eb76405269ee02a4c4818214be23b6793b348d817ebc764506e5af", "cf0f97b4319ac18159cf02f905f91d07d4fe70722aefef70e32abe1b1fab9e7e", "5fc15dd06f8ba66498c9865d6e82e6ff79c1f75284c5416ecb67baa8a604fa97", "0829ed65c94d0ad265f99961d35fe56915c7b506671ae27a4ff6cae75e49cc66", "2563e0db2599ab4c5d01fa046bc0706572b17a532ce52754f2977a735d8fbf01", "1273b8a3054090fdf04f696dd22f284639ccb57afe9aa0a657d6fdb8fbdd3bd1", "7b9a9c4a56b756b499574a593ce6c5632f8a513abc4fd9a61844f211ffc672c8", "f7775262c09407cd3a8012620dd858aee083d645346d5419a4e16cff96eac373", "c8d7e38a611b60fe03397645b2ae0b3bc2aaa9604c68c81f0baf6565b813fb35", "ba846910ae2ae36a36f62eeaac3d693228dbe07d32484d23795414d5ac5908ff", "3b704635a48f9ff94d44f0019e874ed71ddbc220bc3ce9f3cd7df38df120642a"], "mitre_attack_tags": []}, {"bi": "windows-vault-api", "hashes": ["90ab59d30c731411c996564775e58c6769535fd39e7ff51c48b690767c10f9e9", "70d209addc0fea8ad36babd76a4b11f247dc11c9d8c1b48fffaf4b0e38efe886", "53d55a9c88eb76405269ee02a4c4818214be23b6793b348d817ebc764506e5af", "cf0f97b4319ac18159cf02f905f91d07d4fe70722aefef70e32abe1b1fab9e7e", "5fc15dd06f8ba66498c9865d6e82e6ff79c1f75284c5416ecb67baa8a604fa97", "0829ed65c94d0ad265f99961d35fe56915c7b506671ae27a4ff6cae75e49cc66", "2563e0db2599ab4c5d01fa046bc0706572b17a532ce52754f2977a735d8fbf01", "1273b8a3054090fdf04f696dd22f284639ccb57afe9aa0a657d6fdb8fbdd3bd1", "7b9a9c4a56b756b499574a593ce6c5632f8a513abc4fd9a61844f211ffc672c8", "f7775262c09407cd3a8012620dd858aee083d645346d5419a4e16cff96eac373", "c8d7e38a611b60fe03397645b2ae0b3bc2aaa9604c68c81f0baf6565b813fb35", "ba846910ae2ae36a36f62eeaac3d693228dbe07d32484d23795414d5ac5908ff", "3b704635a48f9ff94d44f0019e874ed71ddbc220bc3ce9f3cd7df38df120642a"], "mitre_attack_tags": ["TA0006", "T1003", "T1555"]}, {"bi": "firefox-password-manager-local-database-access", "hashes": ["90ab59d30c731411c996564775e58c6769535fd39e7ff51c48b690767c10f9e9", "70d209addc0fea8ad36babd76a4b11f247dc11c9d8c1b48fffaf4b0e38efe886", "53d55a9c88eb76405269ee02a4c4818214be23b6793b348d817ebc764506e5af", "cf0f97b4319ac18159cf02f905f91d07d4fe70722aefef70e32abe1b1fab9e7e", "5fc15dd06f8ba66498c9865d6e82e6ff79c1f75284c5416ecb67baa8a604fa97", "0829ed65c94d0ad265f99961d35fe56915c7b506671ae27a4ff6cae75e49cc66", "2563e0db2599ab4c5d01fa046bc0706572b17a532ce52754f2977a735d8fbf01", "1273b8a3054090fdf04f696dd22f284639ccb57afe9aa0a657d6fdb8fbdd3bd1", "7b9a9c4a56b756b499574a593ce6c5632f8a513abc4fd9a61844f211ffc672c8", "f7775262c09407cd3a8012620dd858aee083d645346d5419a4e16cff96eac373", "c8d7e38a611b60fe03397645b2ae0b3bc2aaa9604c68c81f0baf6565b813fb35", "ba846910ae2ae36a36f62eeaac3d693228dbe07d32484d23795414d5ac5908ff", "3b704635a48f9ff94d44f0019e874ed71ddbc220bc3ce9f3cd7df38df120642a"], "mitre_attack_tags": ["TA0006", "T1003"]}, {"bi": "enumeration-browser-information", "hashes": ["90ab59d30c731411c996564775e58c6769535fd39e7ff51c48b690767c10f9e9", "70d209addc0fea8ad36babd76a4b11f247dc11c9d8c1b48fffaf4b0e38efe886", "53d55a9c88eb76405269ee02a4c4818214be23b6793b348d817ebc764506e5af", "cf0f97b4319ac18159cf02f905f91d07d4fe70722aefef70e32abe1b1fab9e7e", "5fc15dd06f8ba66498c9865d6e82e6ff79c1f75284c5416ecb67baa8a604fa97", "0829ed65c94d0ad265f99961d35fe56915c7b506671ae27a4ff6cae75e49cc66", "2563e0db2599ab4c5d01fa046bc0706572b17a532ce52754f2977a735d8fbf01", "1273b8a3054090fdf04f696dd22f284639ccb57afe9aa0a657d6fdb8fbdd3bd1", "7b9a9c4a56b756b499574a593ce6c5632f8a513abc4fd9a61844f211ffc672c8", "f7775262c09407cd3a8012620dd858aee083d645346d5419a4e16cff96eac373", "c8d7e38a611b60fe03397645b2ae0b3bc2aaa9604c68c81f0baf6565b813fb35", "ba846910ae2ae36a36f62eeaac3d693228dbe07d32484d23795414d5ac5908ff", "3b704635a48f9ff94d44f0019e874ed71ddbc220bc3ce9f3cd7df38df120642a"], "mitre_attack_tags": ["TA0007", "TA0009", "TA0006", "T1083", "T1217", "T1005", "T1119", "T1552", "T1539", "T1555"]}, {"bi": "malware-generic-infostealer", "hashes": ["90ab59d30c731411c996564775e58c6769535fd39e7ff51c48b690767c10f9e9", "70d209addc0fea8ad36babd76a4b11f247dc11c9d8c1b48fffaf4b0e38efe886", "53d55a9c88eb76405269ee02a4c4818214be23b6793b348d817ebc764506e5af", "cf0f97b4319ac18159cf02f905f91d07d4fe70722aefef70e32abe1b1fab9e7e", "5fc15dd06f8ba66498c9865d6e82e6ff79c1f75284c5416ecb67baa8a604fa97", "0829ed65c94d0ad265f99961d35fe56915c7b506671ae27a4ff6cae75e49cc66", "2563e0db2599ab4c5d01fa046bc0706572b17a532ce52754f2977a735d8fbf01", "1273b8a3054090fdf04f696dd22f284639ccb57afe9aa0a657d6fdb8fbdd3bd1", "7b9a9c4a56b756b499574a593ce6c5632f8a513abc4fd9a61844f211ffc672c8", "f7775262c09407cd3a8012620dd858aee083d645346d5419a4e16cff96eac373", "c8d7e38a611b60fe03397645b2ae0b3bc2aaa9604c68c81f0baf6565b813fb35", "ba846910ae2ae36a36f62eeaac3d693228dbe07d32484d23795414d5ac5908ff", "3b704635a48f9ff94d44f0019e874ed71ddbc220bc3ce9f3cd7df38df120642a"], "mitre_attack_tags": ["TA0007", "TA0009", "TA0006", "T1083", "T1005", "T1119", "T1552"]}, {"bi": "modified-file-in-user-dir", "hashes": ["371f8375dde28de80b098d9e808df9de07a5d8f0ab13d086325984d73a9cd5ed", "70d209addc0fea8ad36babd76a4b11f247dc11c9d8c1b48fffaf4b0e38efe886", "53d55a9c88eb76405269ee02a4c4818214be23b6793b348d817ebc764506e5af", "5fc15dd06f8ba66498c9865d6e82e6ff79c1f75284c5416ecb67baa8a604fa97", "0829ed65c94d0ad265f99961d35fe56915c7b506671ae27a4ff6cae75e49cc66", "fe8dfa5a692cbfdcc238b360d8e7e2f07b673d7d7645d9d2a2eabd245213457c", "7b9a9c4a56b756b499574a593ce6c5632f8a513abc4fd9a61844f211ffc672c8", "148a552de9c74376c409b18f2731c4dba0131c520c04a0cccb0af3364469bb73", "3b704635a48f9ff94d44f0019e874ed71ddbc220bc3ce9f3cd7df38df120642a"], "mitre_attack_tags": []}, {"bi": "modified-executable", "hashes": ["371f8375dde28de80b098d9e808df9de07a5d8f0ab13d086325984d73a9cd5ed", "70d209addc0fea8ad36babd76a4b11f247dc11c9d8c1b48fffaf4b0e38efe886", "53d55a9c88eb76405269ee02a4c4818214be23b6793b348d817ebc764506e5af", "5fc15dd06f8ba66498c9865d6e82e6ff79c1f75284c5416ecb67baa8a604fa97", "fe8dfa5a692cbfdcc238b360d8e7e2f07b673d7d7645d9d2a2eabd245213457c", "7b9a9c4a56b756b499574a593ce6c5632f8a513abc4fd9a61844f211ffc672c8", "148a552de9c74376c409b18f2731c4dba0131c520c04a0cccb0af3364469bb73", "3b704635a48f9ff94d44f0019e874ed71ddbc220bc3ce9f3cd7df38df120642a"], "mitre_attack_tags": []}, {"bi": "created-executable-in-user-dir", "hashes": ["371f8375dde28de80b098d9e808df9de07a5d8f0ab13d086325984d73a9cd5ed", "70d209addc0fea8ad36babd76a4b11f247dc11c9d8c1b48fffaf4b0e38efe886", "53d55a9c88eb76405269ee02a4c4818214be23b6793b348d817ebc764506e5af", "5fc15dd06f8ba66498c9865d6e82e6ff79c1f75284c5416ecb67baa8a604fa97", "fe8dfa5a692cbfdcc238b360d8e7e2f07b673d7d7645d9d2a2eabd245213457c", "7b9a9c4a56b756b499574a593ce6c5632f8a513abc4fd9a61844f211ffc672c8", "148a552de9c74376c409b18f2731c4dba0131c520c04a0cccb0af3364469bb73", "3b704635a48f9ff94d44f0019e874ed71ddbc220bc3ce9f3cd7df38df120642a"], "mitre_attack_tags": []}, {"bi": "created-executable-sample-appdata", "hashes": ["371f8375dde28de80b098d9e808df9de07a5d8f0ab13d086325984d73a9cd5ed", "70d209addc0fea8ad36babd76a4b11f247dc11c9d8c1b48fffaf4b0e38efe886", "53d55a9c88eb76405269ee02a4c4818214be23b6793b348d817ebc764506e5af", "5fc15dd06f8ba66498c9865d6e82e6ff79c1f75284c5416ecb67baa8a604fa97", "fe8dfa5a692cbfdcc238b360d8e7e2f07b673d7d7645d9d2a2eabd245213457c", "7b9a9c4a56b756b499574a593ce6c5632f8a513abc4fd9a61844f211ffc672c8", "148a552de9c74376c409b18f2731c4dba0131c520c04a0cccb0af3364469bb73", "3b704635a48f9ff94d44f0019e874ed71ddbc220bc3ce9f3cd7df38df120642a"], "mitre_attack_tags": ["TA0005", "T1564"]}, {"bi": "network-fast-flux-domain", "hashes": ["90ab59d30c731411c996564775e58c6769535fd39e7ff51c48b690767c10f9e9", "371f8375dde28de80b098d9e808df9de07a5d8f0ab13d086325984d73a9cd5ed", "70d209addc0fea8ad36babd76a4b11f247dc11c9d8c1b48fffaf4b0e38efe886", "53d55a9c88eb76405269ee02a4c4818214be23b6793b348d817ebc764506e5af", "5fc15dd06f8ba66498c9865d6e82e6ff79c1f75284c5416ecb67baa8a604fa97", "0829ed65c94d0ad265f99961d35fe56915c7b506671ae27a4ff6cae75e49cc66", "3b704635a48f9ff94d44f0019e874ed71ddbc220bc3ce9f3cd7df38df120642a"], "mitre_attack_tags": []}, {"bi": "process-hollowing-detected", "hashes": ["53d55a9c88eb76405269ee02a4c4818214be23b6793b348d817ebc764506e5af", "5fc15dd06f8ba66498c9865d6e82e6ff79c1f75284c5416ecb67baa8a604fa97", "0829ed65c94d0ad265f99961d35fe56915c7b506671ae27a4ff6cae75e49cc66", "1273b8a3054090fdf04f696dd22f284639ccb57afe9aa0a657d6fdb8fbdd3bd1", "f7775262c09407cd3a8012620dd858aee083d645346d5419a4e16cff96eac373", "c8d7e38a611b60fe03397645b2ae0b3bc2aaa9604c68c81f0baf6565b813fb35", "ba846910ae2ae36a36f62eeaac3d693228dbe07d32484d23795414d5ac5908ff"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "network-only-safe-domains-contacted", "hashes": ["90ab59d30c731411c996564775e58c6769535fd39e7ff51c48b690767c10f9e9", "70d209addc0fea8ad36babd76a4b11f247dc11c9d8c1b48fffaf4b0e38efe886", "53d55a9c88eb76405269ee02a4c4818214be23b6793b348d817ebc764506e5af", "5fc15dd06f8ba66498c9865d6e82e6ff79c1f75284c5416ecb67baa8a604fa97", "f7775262c09407cd3a8012620dd858aee083d645346d5419a4e16cff96eac373", "3b704635a48f9ff94d44f0019e874ed71ddbc220bc3ce9f3cd7df38df120642a"], "mitre_attack_tags": []}, {"bi": "registry-autorun-key-modified", "hashes": ["371f8375dde28de80b098d9e808df9de07a5d8f0ab13d086325984d73a9cd5ed", "70d209addc0fea8ad36babd76a4b11f247dc11c9d8c1b48fffaf4b0e38efe886", "53d55a9c88eb76405269ee02a4c4818214be23b6793b348d817ebc764506e5af", "5fc15dd06f8ba66498c9865d6e82e6ff79c1f75284c5416ecb67baa8a604fa97", "7b9a9c4a56b756b499574a593ce6c5632f8a513abc4fd9a61844f211ffc672c8", "3b704635a48f9ff94d44f0019e874ed71ddbc220bc3ce9f3cd7df38df120642a"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "sc-service-stop-windefend", "hashes": ["371f8375dde28de80b098d9e808df9de07a5d8f0ab13d086325984d73a9cd5ed", "53d55a9c88eb76405269ee02a4c4818214be23b6793b348d817ebc764506e5af", "0829ed65c94d0ad265f99961d35fe56915c7b506671ae27a4ff6cae75e49cc66", "fe8dfa5a692cbfdcc238b360d8e7e2f07b673d7d7645d9d2a2eabd245213457c", "7b9a9c4a56b756b499574a593ce6c5632f8a513abc4fd9a61844f211ffc672c8", "148a552de9c74376c409b18f2731c4dba0131c520c04a0cccb0af3364469bb73"], "mitre_attack_tags": ["TA0005", "T1562"]}, {"bi": "process-check-zone-identifier", "hashes": ["371f8375dde28de80b098d9e808df9de07a5d8f0ab13d086325984d73a9cd5ed", "70d209addc0fea8ad36babd76a4b11f247dc11c9d8c1b48fffaf4b0e38efe886", "53d55a9c88eb76405269ee02a4c4818214be23b6793b348d817ebc764506e5af", "5fc15dd06f8ba66498c9865d6e82e6ff79c1f75284c5416ecb67baa8a604fa97", "7b9a9c4a56b756b499574a593ce6c5632f8a513abc4fd9a61844f211ffc672c8", "3b704635a48f9ff94d44f0019e874ed71ddbc220bc3ce9f3cd7df38df120642a"], "mitre_attack_tags": ["TA0007", "TA0005", "T1518", "T1553"]}, {"bi": "artifact-windows-task", "hashes": ["371f8375dde28de80b098d9e808df9de07a5d8f0ab13d086325984d73a9cd5ed", "53d55a9c88eb76405269ee02a4c4818214be23b6793b348d817ebc764506e5af", "fe8dfa5a692cbfdcc238b360d8e7e2f07b673d7d7645d9d2a2eabd245213457c", "7b9a9c4a56b756b499574a593ce6c5632f8a513abc4fd9a61844f211ffc672c8", "148a552de9c74376c409b18f2731c4dba0131c520c04a0cccb0af3364469bb73"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1053"]}, {"bi": "windows-util-schtask", "hashes": ["371f8375dde28de80b098d9e808df9de07a5d8f0ab13d086325984d73a9cd5ed", "53d55a9c88eb76405269ee02a4c4818214be23b6793b348d817ebc764506e5af", "fe8dfa5a692cbfdcc238b360d8e7e2f07b673d7d7645d9d2a2eabd245213457c", "7b9a9c4a56b756b499574a593ce6c5632f8a513abc4fd9a61844f211ffc672c8", "148a552de9c74376c409b18f2731c4dba0131c520c04a0cccb0af3364469bb73"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1053"]}, {"bi": "windows-util-schtask-generic", "hashes": ["371f8375dde28de80b098d9e808df9de07a5d8f0ab13d086325984d73a9cd5ed", "53d55a9c88eb76405269ee02a4c4818214be23b6793b348d817ebc764506e5af", "fe8dfa5a692cbfdcc238b360d8e7e2f07b673d7d7645d9d2a2eabd245213457c", "7b9a9c4a56b756b499574a593ce6c5632f8a513abc4fd9a61844f211ffc672c8", "148a552de9c74376c409b18f2731c4dba0131c520c04a0cccb0af3364469bb73"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1053"]}, {"bi": "task-pointed-to-appdata-directory", "hashes": ["371f8375dde28de80b098d9e808df9de07a5d8f0ab13d086325984d73a9cd5ed", "53d55a9c88eb76405269ee02a4c4818214be23b6793b348d817ebc764506e5af", "fe8dfa5a692cbfdcc238b360d8e7e2f07b673d7d7645d9d2a2eabd245213457c", "7b9a9c4a56b756b499574a593ce6c5632f8a513abc4fd9a61844f211ffc672c8", "148a552de9c74376c409b18f2731c4dba0131c520c04a0cccb0af3364469bb73"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1053"]}, {"bi": "artifact-flagged-obfuscation", "hashes": ["53d55a9c88eb76405269ee02a4c4818214be23b6793b348d817ebc764506e5af", "0829ed65c94d0ad265f99961d35fe56915c7b506671ae27a4ff6cae75e49cc66", "fe8dfa5a692cbfdcc238b360d8e7e2f07b673d7d7645d9d2a2eabd245213457c", "7b9a9c4a56b756b499574a593ce6c5632f8a513abc4fd9a61844f211ffc672c8", "148a552de9c74376c409b18f2731c4dba0131c520c04a0cccb0af3364469bb73"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "public-ip-address-identification-attempt", "hashes": ["90ab59d30c731411c996564775e58c6769535fd39e7ff51c48b690767c10f9e9", "53d55a9c88eb76405269ee02a4c4818214be23b6793b348d817ebc764506e5af", "f7775262c09407cd3a8012620dd858aee083d645346d5419a4e16cff96eac373"], "mitre_attack_tags": ["TA0007", "T1082", "T1016"]}, {"bi": "registry-autorun-key-temp-dir", "hashes": ["70d209addc0fea8ad36babd76a4b11f247dc11c9d8c1b48fffaf4b0e38efe886", "5fc15dd06f8ba66498c9865d6e82e6ff79c1f75284c5416ecb67baa8a604fa97", "3b704635a48f9ff94d44f0019e874ed71ddbc220bc3ce9f3cd7df38df120642a"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "network-telegram-domain-detected", "hashes": ["70d209addc0fea8ad36babd76a4b11f247dc11c9d8c1b48fffaf4b0e38efe886", "5fc15dd06f8ba66498c9865d6e82e6ff79c1f75284c5416ecb67baa8a604fa97", "3b704635a48f9ff94d44f0019e874ed71ddbc220bc3ce9f3cd7df38df120642a"], "mitre_attack_tags": ["TA0011", "T1102"]}, {"bi": "feed-domain-antivirus-service", "hashes": ["371f8375dde28de80b098d9e808df9de07a5d8f0ab13d086325984d73a9cd5ed", "0829ed65c94d0ad265f99961d35fe56915c7b506671ae27a4ff6cae75e49cc66"], "mitre_attack_tags": []}, {"bi": "registry-autorun-key-data-dir", "hashes": ["53d55a9c88eb76405269ee02a4c4818214be23b6793b348d817ebc764506e5af", "7b9a9c4a56b756b499574a593ce6c5632f8a513abc4fd9a61844f211ffc672c8"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "dot-net-process-hollowing-detected", "hashes": ["53d55a9c88eb76405269ee02a4c4818214be23b6793b348d817ebc764506e5af", "f7775262c09407cd3a8012620dd858aee083d645346d5419a4e16cff96eac373"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "process-created-executable-autorun", "hashes": ["53d55a9c88eb76405269ee02a4c4818214be23b6793b348d817ebc764506e5af", "7b9a9c4a56b756b499574a593ce6c5632f8a513abc4fd9a61844f211ffc672c8"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "network-fast-flux-nameserver", "hashes": ["371f8375dde28de80b098d9e808df9de07a5d8f0ab13d086325984d73a9cd5ed"], "mitre_attack_tags": []}, {"bi": "feed-domain-rat", "hashes": ["371f8375dde28de80b098d9e808df9de07a5d8f0ab13d086325984d73a9cd5ed"], "mitre_attack_tags": []}, {"bi": "network-dns-category-dynamic", "hashes": ["371f8375dde28de80b098d9e808df9de07a5d8f0ab13d086325984d73a9cd5ed"], "mitre_attack_tags": []}, {"bi": "malware-nanocore-artifact-detected", "hashes": ["371f8375dde28de80b098d9e808df9de07a5d8f0ab13d086325984d73a9cd5ed"], "mitre_attack_tags": []}, {"bi": "schtask-forcefully-created", "hashes": ["371f8375dde28de80b098d9e808df9de07a5d8f0ab13d086325984d73a9cd5ed"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1053"]}, {"bi": "modified-file-in-program-dir", "hashes": ["371f8375dde28de80b098d9e808df9de07a5d8f0ab13d086325984d73a9cd5ed"], "mitre_attack_tags": []}, {"bi": "dns-bypassed-assigned-server", "hashes": ["371f8375dde28de80b098d9e808df9de07a5d8f0ab13d086325984d73a9cd5ed"], "mitre_attack_tags": ["TA0011", "TA0005"]}, {"bi": "dotnet-malicious-assembly-name", "hashes": ["371f8375dde28de80b098d9e808df9de07a5d8f0ab13d086325984d73a9cd5ed"], "mitre_attack_tags": []}, {"bi": "pe-filename-mismatch", "hashes": ["53d55a9c88eb76405269ee02a4c4818214be23b6793b348d817ebc764506e5af"], "mitre_attack_tags": []}, {"bi": "registry-autorun-suspicious-public-ip", "hashes": ["53d55a9c88eb76405269ee02a4c4818214be23b6793b348d817ebc764506e5af"], "mitre_attack_tags": []}, {"bi": "pe-certificate", "hashes": ["53d55a9c88eb76405269ee02a4c4818214be23b6793b348d817ebc764506e5af"], "mitre_attack_tags": []}, {"bi": "network-opendns-malicious", "hashes": ["0829ed65c94d0ad265f99961d35fe56915c7b506671ae27a4ff6cae75e49cc66"], "mitre_attack_tags": []}, {"bi": "network-communications-smtp", "hashes": ["0829ed65c94d0ad265f99961d35fe56915c7b506671ae27a4ff6cae75e49cc66"], "mitre_attack_tags": ["TA0011", "T1071"]}, {"bi": "sample-launched-copy-domain-flagged", "hashes": ["0829ed65c94d0ad265f99961d35fe56915c7b506671ae27a4ff6cae75e49cc66"], "mitre_attack_tags": ["TA0011", "T1102"]}, {"bi": "firefox-cookie-read", "hashes": ["0829ed65c94d0ad265f99961d35fe56915c7b506671ae27a4ff6cae75e49cc66"], "mitre_attack_tags": ["TA0009", "T1005", "T1119"]}, {"bi": "hosts-file-modification", "hashes": ["7b9a9c4a56b756b499574a593ce6c5632f8a513abc4fd9a61844f211ffc672c8"], "mitre_attack_tags": ["TA0011", "TA0005"]}], "category": "Dropper", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": true, "Threat Grid": true, "Umbrella": true, "WSA": true}, "description": "Nanocore is a .NET remote access trojan. Its source code has been leaked several times, making it widely available. Like other RATs, it allows full control of the system, including recording video and audio, stealing passwords, downloading files and recording keystrokes.", "hashes": ["0829ed65c94d0ad265f99961d35fe56915c7b506671ae27a4ff6cae75e49cc66", "1273b8a3054090fdf04f696dd22f284639ccb57afe9aa0a657d6fdb8fbdd3bd1", "148a552de9c74376c409b18f2731c4dba0131c520c04a0cccb0af3364469bb73", "2563e0db2599ab4c5d01fa046bc0706572b17a532ce52754f2977a735d8fbf01", "371f8375dde28de80b098d9e808df9de07a5d8f0ab13d086325984d73a9cd5ed", "3b704635a48f9ff94d44f0019e874ed71ddbc220bc3ce9f3cd7df38df120642a", "53d55a9c88eb76405269ee02a4c4818214be23b6793b348d817ebc764506e5af", "5fc15dd06f8ba66498c9865d6e82e6ff79c1f75284c5416ecb67baa8a604fa97", "70d209addc0fea8ad36babd76a4b11f247dc11c9d8c1b48fffaf4b0e38efe886", "7b9a9c4a56b756b499574a593ce6c5632f8a513abc4fd9a61844f211ffc672c8", "90ab59d30c731411c996564775e58c6769535fd39e7ff51c48b690767c10f9e9", "b388b8fefb3086f17b010cb86fd23957822e9d913b8d99d5ed786c7969fbaf78", "ba846910ae2ae36a36f62eeaac3d693228dbe07d32484d23795414d5ac5908ff", "c8d7e38a611b60fe03397645b2ae0b3bc2aaa9604c68c81f0baf6565b813fb35", "cbf8d74421e9309ac79fd0556ef85c3b16e2bcf03fa196a5947eb3d0815cb1e6", "cf0f97b4319ac18159cf02f905f91d07d4fe70722aefef70e32abe1b1fab9e7e", "f7775262c09407cd3a8012620dd858aee083d645346d5419a4e16cff96eac373", "fe8dfa5a692cbfdcc238b360d8e7e2f07b673d7d7645d9d2a2eabd245213457c"], "iocs": {"domain": [{"hashes": ["53d55a9c88eb76405269ee02a4c4818214be23b6793b348d817ebc764506e5af", "90ab59d30c731411c996564775e58c6769535fd39e7ff51c48b690767c10f9e9", "f7775262c09407cd3a8012620dd858aee083d645346d5419a4e16cff96eac373"], "host": "api[.]ipify[.]org"}, {"hashes": ["3b704635a48f9ff94d44f0019e874ed71ddbc220bc3ce9f3cd7df38df120642a", "5fc15dd06f8ba66498c9865d6e82e6ff79c1f75284c5416ecb67baa8a604fa97", "70d209addc0fea8ad36babd76a4b11f247dc11c9d8c1b48fffaf4b0e38efe886"], "host": "api[.]telegram[.]org"}, {"hashes": ["0829ed65c94d0ad265f99961d35fe56915c7b506671ae27a4ff6cae75e49cc66"], "host": "cp5ua[.]hyperhost[.]ua"}, {"hashes": ["371f8375dde28de80b098d9e808df9de07a5d8f0ab13d086325984d73a9cd5ed"], "host": "nonoise[.]duckdns[.]org"}], "file": [{"hashes": ["148a552de9c74376c409b18f2731c4dba0131c520c04a0cccb0af3364469bb73", "371f8375dde28de80b098d9e808df9de07a5d8f0ab13d086325984d73a9cd5ed", "53d55a9c88eb76405269ee02a4c4818214be23b6793b348d817ebc764506e5af", "7b9a9c4a56b756b499574a593ce6c5632f8a513abc4fd9a61844f211ffc672c8", "fe8dfa5a692cbfdcc238b360d8e7e2f07b673d7d7645d9d2a2eabd245213457c"], "path": "%System32%\\Tasks\\Updates"}, {"hashes": ["148a552de9c74376c409b18f2731c4dba0131c520c04a0cccb0af3364469bb73", "371f8375dde28de80b098d9e808df9de07a5d8f0ab13d086325984d73a9cd5ed", "53d55a9c88eb76405269ee02a4c4818214be23b6793b348d817ebc764506e5af", "7b9a9c4a56b756b499574a593ce6c5632f8a513abc4fd9a61844f211ffc672c8", "fe8dfa5a692cbfdcc238b360d8e7e2f07b673d7d7645d9d2a2eabd245213457c"], "path": "%TEMP%\\tmp<random, matching [A-F0-9]{1,4}>.tmp"}, {"hashes": ["3b704635a48f9ff94d44f0019e874ed71ddbc220bc3ce9f3cd7df38df120642a", "5fc15dd06f8ba66498c9865d6e82e6ff79c1f75284c5416ecb67baa8a604fa97", "70d209addc0fea8ad36babd76a4b11f247dc11c9d8c1b48fffaf4b0e38efe886"], "path": "%TEMP%\\UpDaTe"}, {"hashes": ["3b704635a48f9ff94d44f0019e874ed71ddbc220bc3ce9f3cd7df38df120642a", "5fc15dd06f8ba66498c9865d6e82e6ff79c1f75284c5416ecb67baa8a604fa97", "70d209addc0fea8ad36babd76a4b11f247dc11c9d8c1b48fffaf4b0e38efe886"], "path": "%TEMP%\\UpDaTe\\UpDaTe.exe"}, {"hashes": ["7b9a9c4a56b756b499574a593ce6c5632f8a513abc4fd9a61844f211ffc672c8"], "path": "%System32%\\drivers\\etc\\hosts"}, {"hashes": ["371f8375dde28de80b098d9e808df9de07a5d8f0ab13d086325984d73a9cd5ed"], "path": "%ProgramFiles(x86)%\\AGP Manager"}, {"hashes": ["371f8375dde28de80b098d9e808df9de07a5d8f0ab13d086325984d73a9cd5ed"], "path": "%ProgramFiles(x86)%\\AGP Manager\\agpmgr.exe"}, {"hashes": ["371f8375dde28de80b098d9e808df9de07a5d8f0ab13d086325984d73a9cd5ed"], "path": "%APPDATA%\\D19AB989-A35F-4710-83DF-7B2DB7EFE7C5"}, {"hashes": ["371f8375dde28de80b098d9e808df9de07a5d8f0ab13d086325984d73a9cd5ed"], "path": "%APPDATA%\\D19AB989-A35F-4710-83DF-7B2DB7EFE7C5\\Logs"}, {"hashes": ["371f8375dde28de80b098d9e808df9de07a5d8f0ab13d086325984d73a9cd5ed"], "path": "%APPDATA%\\D19AB989-A35F-4710-83DF-7B2DB7EFE7C5\\Logs\\Administrator"}, {"hashes": ["371f8375dde28de80b098d9e808df9de07a5d8f0ab13d086325984d73a9cd5ed"], "path": "%APPDATA%\\D19AB989-A35F-4710-83DF-7B2DB7EFE7C5\\run.dat"}, {"hashes": ["371f8375dde28de80b098d9e808df9de07a5d8f0ab13d086325984d73a9cd5ed"], "path": "%APPDATA%\\D19AB989-A35F-4710-83DF-7B2DB7EFE7C5\\task.dat"}, {"hashes": ["371f8375dde28de80b098d9e808df9de07a5d8f0ab13d086325984d73a9cd5ed"], "path": "%System32%\\Tasks\\AGP Manager"}, {"hashes": ["371f8375dde28de80b098d9e808df9de07a5d8f0ab13d086325984d73a9cd5ed"], "path": "%System32%\\Tasks\\AGP Manager Task"}, {"hashes": ["7b9a9c4a56b756b499574a593ce6c5632f8a513abc4fd9a61844f211ffc672c8"], "path": "%APPDATA%\\NXLun"}, {"hashes": ["7b9a9c4a56b756b499574a593ce6c5632f8a513abc4fd9a61844f211ffc672c8"], "path": "%APPDATA%\\NXLun\\NXLun.exe"}, {"hashes": ["53d55a9c88eb76405269ee02a4c4818214be23b6793b348d817ebc764506e5af"], "path": "%APPDATA%\\DnDcR"}, {"hashes": ["53d55a9c88eb76405269ee02a4c4818214be23b6793b348d817ebc764506e5af"], "path": "%APPDATA%\\DnDcR\\DnDcR.exe"}, {"hashes": ["fe8dfa5a692cbfdcc238b360d8e7e2f07b673d7d7645d9d2a2eabd245213457c"], "path": "%APPDATA%\\THGNjTonqYzAQ.exe"}, {"hashes": ["fe8dfa5a692cbfdcc238b360d8e7e2f07b673d7d7645d9d2a2eabd245213457c"], "path": "%System32%\\Tasks\\Updates\\THGNjTonqYzAQ"}, {"hashes": ["0829ed65c94d0ad265f99961d35fe56915c7b506671ae27a4ff6cae75e49cc66"], "path": "%APPDATA%\\lisuoa2h.jv3"}, {"hashes": ["0829ed65c94d0ad265f99961d35fe56915c7b506671ae27a4ff6cae75e49cc66"], "path": "%APPDATA%\\lisuoa2h.jv3\\Firefox"}, {"hashes": ["0829ed65c94d0ad265f99961d35fe56915c7b506671ae27a4ff6cae75e49cc66"], "path": "%APPDATA%\\lisuoa2h.jv3\\Firefox\\Profiles"}, {"hashes": ["0829ed65c94d0ad265f99961d35fe56915c7b506671ae27a4ff6cae75e49cc66"], "path": "%APPDATA%\\lisuoa2h.jv3\\Firefox\\Profiles\\1lcuq8ab.default"}, {"hashes": ["0829ed65c94d0ad265f99961d35fe56915c7b506671ae27a4ff6cae75e49cc66"], "path": "%APPDATA%\\lisuoa2h.jv3\\Firefox\\Profiles\\1lcuq8ab.default\\cookies.sqlite"}, {"hashes": ["7b9a9c4a56b756b499574a593ce6c5632f8a513abc4fd9a61844f211ffc672c8"], "path": "%APPDATA%\\qUDxchheEVEaK.exe"}, {"hashes": ["7b9a9c4a56b756b499574a593ce6c5632f8a513abc4fd9a61844f211ffc672c8"], "path": "%System32%\\Tasks\\Updates\\qUDxchheEVEaK"}, {"hashes": ["371f8375dde28de80b098d9e808df9de07a5d8f0ab13d086325984d73a9cd5ed"], "path": "%APPDATA%\\rgBbvrmtvD.exe"}, {"hashes": ["371f8375dde28de80b098d9e808df9de07a5d8f0ab13d086325984d73a9cd5ed"], "path": "%System32%\\Tasks\\Updates\\rgBbvrmtvD"}, {"hashes": ["53d55a9c88eb76405269ee02a4c4818214be23b6793b348d817ebc764506e5af"], "path": "%APPDATA%\\oKAAgZiRZIVT.exe"}, {"hashes": ["53d55a9c88eb76405269ee02a4c4818214be23b6793b348d817ebc764506e5af"], "path": "%System32%\\Tasks\\Updates\\oKAAgZiRZIVT"}, {"hashes": ["148a552de9c74376c409b18f2731c4dba0131c520c04a0cccb0af3364469bb73"], "path": "%APPDATA%\\KPHJZqVNSYNJ.exe"}, {"hashes": ["148a552de9c74376c409b18f2731c4dba0131c520c04a0cccb0af3364469bb73"], "path": "%System32%\\Tasks\\Updates\\KPHJZqVNSYNJ"}], "ip": [{"hashes": ["3b704635a48f9ff94d44f0019e874ed71ddbc220bc3ce9f3cd7df38df120642a", "5fc15dd06f8ba66498c9865d6e82e6ff79c1f75284c5416ecb67baa8a604fa97", "70d209addc0fea8ad36babd76a4b11f247dc11c9d8c1b48fffaf4b0e38efe886"], "ip": "149[.]154[.]167[.]220"}, {"hashes": ["53d55a9c88eb76405269ee02a4c4818214be23b6793b348d817ebc764506e5af", "f7775262c09407cd3a8012620dd858aee083d645346d5419a4e16cff96eac373"], "ip": "173[.]231[.]16[.]76"}, {"hashes": ["371f8375dde28de80b098d9e808df9de07a5d8f0ab13d086325984d73a9cd5ed"], "ip": "84[.]200[.]69[.]80"}, {"hashes": ["0829ed65c94d0ad265f99961d35fe56915c7b506671ae27a4ff6cae75e49cc66"], "ip": "91[.]235[.]128[.]141"}, {"hashes": ["90ab59d30c731411c996564775e58c6769535fd39e7ff51c48b690767c10f9e9"], "ip": "104[.]237[.]62[.]211"}, {"hashes": ["371f8375dde28de80b098d9e808df9de07a5d8f0ab13d086325984d73a9cd5ed"], "ip": "129[.]205[.]113[.]151"}], "mutex": [{"hashes": ["5fc15dd06f8ba66498c9865d6e82e6ff79c1f75284c5416ecb67baa8a604fa97"], "name": "aBdraOSHWQtfP"}, {"hashes": ["70d209addc0fea8ad36babd76a4b11f247dc11c9d8c1b48fffaf4b0e38efe886"], "name": "ImvdLkQNiWmhZ"}, {"hashes": ["7b9a9c4a56b756b499574a593ce6c5632f8a513abc4fd9a61844f211ffc672c8"], "name": "FOdhZrTOEIj"}, {"hashes": ["371f8375dde28de80b098d9e808df9de07a5d8f0ab13d086325984d73a9cd5ed"], "name": "Global\\{cb7cb109-a06b-4fd7-8d0e-5290e77da5a5}"}, {"hashes": ["371f8375dde28de80b098d9e808df9de07a5d8f0ab13d086325984d73a9cd5ed"], "name": "RxDIBEIVVrpgGcjw"}, {"hashes": ["53d55a9c88eb76405269ee02a4c4818214be23b6793b348d817ebc764506e5af"], "name": "obbAitLYlcWHDjd"}, {"hashes": ["f7775262c09407cd3a8012620dd858aee083d645346d5419a4e16cff96eac373"], "name": "ZhStsilCCDoWCSTjZzsnSDITc"}, {"hashes": ["3b704635a48f9ff94d44f0019e874ed71ddbc220bc3ce9f3cd7df38df120642a"], "name": "LCEGTrpYB"}], "registry": [{"hashes": ["0829ed65c94d0ad265f99961d35fe56915c7b506671ae27a4ff6cae75e49cc66", "148a552de9c74376c409b18f2731c4dba0131c520c04a0cccb0af3364469bb73", "371f8375dde28de80b098d9e808df9de07a5d8f0ab13d086325984d73a9cd5ed", "3b704635a48f9ff94d44f0019e874ed71ddbc220bc3ce9f3cd7df38df120642a", "53d55a9c88eb76405269ee02a4c4818214be23b6793b348d817ebc764506e5af", "5fc15dd06f8ba66498c9865d6e82e6ff79c1f75284c5416ecb67baa8a604fa97", "70d209addc0fea8ad36babd76a4b11f247dc11c9d8c1b48fffaf4b0e38efe886", "7b9a9c4a56b756b499574a593ce6c5632f8a513abc4fd9a61844f211ffc672c8", "90ab59d30c731411c996564775e58c6769535fd39e7ff51c48b690767c10f9e9", "cf0f97b4319ac18159cf02f905f91d07d4fe70722aefef70e32abe1b1fab9e7e", "f7775262c09407cd3a8012620dd858aee083d645346d5419a4e16cff96eac373", "fe8dfa5a692cbfdcc238b360d8e7e2f07b673d7d7645d9d2a2eabd245213457c"], "key": "<HKCR>\\LOCAL SETTINGS\\MUICACHE\\82\\52C64B7E", "value_name": "LanguageList"}, {"hashes": ["148a552de9c74376c409b18f2731c4dba0131c520c04a0cccb0af3364469bb73", "3b704635a48f9ff94d44f0019e874ed71ddbc220bc3ce9f3cd7df38df120642a", "90ab59d30c731411c996564775e58c6769535fd39e7ff51c48b690767c10f9e9", "cf0f97b4319ac18159cf02f905f91d07d4fe70722aefef70e32abe1b1fab9e7e"], "key": "<HKCR>\\LOCAL SETTINGS\\MUICACHE\\82\\52C64B7E", "value_name": "@explorer.exe,-7001"}, {"hashes": ["3b704635a48f9ff94d44f0019e874ed71ddbc220bc3ce9f3cd7df38df120642a", "5fc15dd06f8ba66498c9865d6e82e6ff79c1f75284c5416ecb67baa8a604fa97", "70d209addc0fea8ad36babd76a4b11f247dc11c9d8c1b48fffaf4b0e38efe886"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "UpDaTe"}, {"hashes": ["371f8375dde28de80b098d9e808df9de07a5d8f0ab13d086325984d73a9cd5ed"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "AGP Manager"}, {"hashes": ["7b9a9c4a56b756b499574a593ce6c5632f8a513abc4fd9a61844f211ffc672c8"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "NXLun"}, {"hashes": ["53d55a9c88eb76405269ee02a4c4818214be23b6793b348d817ebc764506e5af"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "DnDcR"}, {"hashes": ["0829ed65c94d0ad265f99961d35fe56915c7b506671ae27a4ff6cae75e49cc66"], "key": "<HKCR>\\LOCAL SETTINGS\\MUICACHE\\82\\52C64B7E", "value_name": "@C:\\Windows\\system32\\DeviceCenter.dll,-2000"}]}, "reports_count": 18}, "Win.Dropper.Zegost-9984959-1": {"bis": [{"bi": "memory-execute-readwrite", "hashes": ["1e31145e87fcaf55e61e38d4aa7f4dc71be19d35ff3f747a684e488805b07594", "7b61780a7a04cc483f25f790fbe210086748626a1de1988340cb35895f7df70e", "d6457c55dd9eba5fd8078e7bacf965c65232d713a1e037064f3617ad4d45844f", "7f399111c9b70c0de1b51525fec281e6eb6a39af6802a0abe626678af0d1ced3", "3ddcaa1008f22e9abddf2252d69ee1724a21a1d07005584ac42505539e5379a6", "6d448045dbe5f11cca8ac423edb230c38279b201fbb512d5dc5f1207a93cbb17", "87233e65e7b07831749fb294687632b8ef51b2f155d412024a561243288e08b6", "a607a60d0d952d7d73649ce327646fe2de7f7cdaa2ca7785faa7851b9b8d100c", "f6647a78d8bf05b80830dfd013a7876b4f9619c16433478a4fd2b69fbac9d0d9", "fc7a21b32715e94357d9e7659b18d93b5401e63187e9952b50b45a23673abc99"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["1e31145e87fcaf55e61e38d4aa7f4dc71be19d35ff3f747a684e488805b07594", "7b61780a7a04cc483f25f790fbe210086748626a1de1988340cb35895f7df70e", "d6457c55dd9eba5fd8078e7bacf965c65232d713a1e037064f3617ad4d45844f", "7f399111c9b70c0de1b51525fec281e6eb6a39af6802a0abe626678af0d1ced3", "3ddcaa1008f22e9abddf2252d69ee1724a21a1d07005584ac42505539e5379a6", "6d448045dbe5f11cca8ac423edb230c38279b201fbb512d5dc5f1207a93cbb17", "87233e65e7b07831749fb294687632b8ef51b2f155d412024a561243288e08b6", "a607a60d0d952d7d73649ce327646fe2de7f7cdaa2ca7785faa7851b9b8d100c", "f6647a78d8bf05b80830dfd013a7876b4f9619c16433478a4fd2b69fbac9d0d9", "fc7a21b32715e94357d9e7659b18d93b5401e63187e9952b50b45a23673abc99"], "mitre_attack_tags": []}, {"bi": "pe-uses-armadillo", "hashes": ["1e31145e87fcaf55e61e38d4aa7f4dc71be19d35ff3f747a684e488805b07594", "7b61780a7a04cc483f25f790fbe210086748626a1de1988340cb35895f7df70e", "d6457c55dd9eba5fd8078e7bacf965c65232d713a1e037064f3617ad4d45844f", "7f399111c9b70c0de1b51525fec281e6eb6a39af6802a0abe626678af0d1ced3", "3ddcaa1008f22e9abddf2252d69ee1724a21a1d07005584ac42505539e5379a6", "6d448045dbe5f11cca8ac423edb230c38279b201fbb512d5dc5f1207a93cbb17", "87233e65e7b07831749fb294687632b8ef51b2f155d412024a561243288e08b6", "a607a60d0d952d7d73649ce327646fe2de7f7cdaa2ca7785faa7851b9b8d100c", "f6647a78d8bf05b80830dfd013a7876b4f9619c16433478a4fd2b69fbac9d0d9", "fc7a21b32715e94357d9e7659b18d93b5401e63187e9952b50b45a23673abc99"], "mitre_attack_tags": ["TA0005", "TA0007", "T1027"]}, {"bi": "antivirus-flagged-artifact", "hashes": ["1e31145e87fcaf55e61e38d4aa7f4dc71be19d35ff3f747a684e488805b07594", "7b61780a7a04cc483f25f790fbe210086748626a1de1988340cb35895f7df70e", "d6457c55dd9eba5fd8078e7bacf965c65232d713a1e037064f3617ad4d45844f", "3ddcaa1008f22e9abddf2252d69ee1724a21a1d07005584ac42505539e5379a6", "6d448045dbe5f11cca8ac423edb230c38279b201fbb512d5dc5f1207a93cbb17", "87233e65e7b07831749fb294687632b8ef51b2f155d412024a561243288e08b6", "a607a60d0d952d7d73649ce327646fe2de7f7cdaa2ca7785faa7851b9b8d100c", "f6647a78d8bf05b80830dfd013a7876b4f9619c16433478a4fd2b69fbac9d0d9", "fc7a21b32715e94357d9e7659b18d93b5401e63187e9952b50b45a23673abc99"], "mitre_attack_tags": []}, {"bi": "malware-gh0st-rat-mutex-detected", "hashes": ["1e31145e87fcaf55e61e38d4aa7f4dc71be19d35ff3f747a684e488805b07594", "7b61780a7a04cc483f25f790fbe210086748626a1de1988340cb35895f7df70e", "d6457c55dd9eba5fd8078e7bacf965c65232d713a1e037064f3617ad4d45844f", "3ddcaa1008f22e9abddf2252d69ee1724a21a1d07005584ac42505539e5379a6", "6d448045dbe5f11cca8ac423edb230c38279b201fbb512d5dc5f1207a93cbb17", "87233e65e7b07831749fb294687632b8ef51b2f155d412024a561243288e08b6", "a607a60d0d952d7d73649ce327646fe2de7f7cdaa2ca7785faa7851b9b8d100c", "f6647a78d8bf05b80830dfd013a7876b4f9619c16433478a4fd2b69fbac9d0d9", "fc7a21b32715e94357d9e7659b18d93b5401e63187e9952b50b45a23673abc99"], "mitre_attack_tags": []}, {"bi": "malware-zegost-registry-key-detected", "hashes": ["1e31145e87fcaf55e61e38d4aa7f4dc71be19d35ff3f747a684e488805b07594", "7b61780a7a04cc483f25f790fbe210086748626a1de1988340cb35895f7df70e", "d6457c55dd9eba5fd8078e7bacf965c65232d713a1e037064f3617ad4d45844f", "3ddcaa1008f22e9abddf2252d69ee1724a21a1d07005584ac42505539e5379a6", "6d448045dbe5f11cca8ac423edb230c38279b201fbb512d5dc5f1207a93cbb17", "87233e65e7b07831749fb294687632b8ef51b2f155d412024a561243288e08b6", "a607a60d0d952d7d73649ce327646fe2de7f7cdaa2ca7785faa7851b9b8d100c", "f6647a78d8bf05b80830dfd013a7876b4f9619c16433478a4fd2b69fbac9d0d9"], "mitre_attack_tags": []}, {"bi": "modified-executable", "hashes": ["1e31145e87fcaf55e61e38d4aa7f4dc71be19d35ff3f747a684e488805b07594", "d6457c55dd9eba5fd8078e7bacf965c65232d713a1e037064f3617ad4d45844f", "3ddcaa1008f22e9abddf2252d69ee1724a21a1d07005584ac42505539e5379a6", "87233e65e7b07831749fb294687632b8ef51b2f155d412024a561243288e08b6", "a607a60d0d952d7d73649ce327646fe2de7f7cdaa2ca7785faa7851b9b8d100c", "f6647a78d8bf05b80830dfd013a7876b4f9619c16433478a4fd2b69fbac9d0d9"], "mitre_attack_tags": []}, {"bi": "registry-service-with-autostart-created", "hashes": ["1e31145e87fcaf55e61e38d4aa7f4dc71be19d35ff3f747a684e488805b07594", "d6457c55dd9eba5fd8078e7bacf965c65232d713a1e037064f3617ad4d45844f", "3ddcaa1008f22e9abddf2252d69ee1724a21a1d07005584ac42505539e5379a6", "87233e65e7b07831749fb294687632b8ef51b2f155d412024a561243288e08b6", "a607a60d0d952d7d73649ce327646fe2de7f7cdaa2ca7785faa7851b9b8d100c", "f6647a78d8bf05b80830dfd013a7876b4f9619c16433478a4fd2b69fbac9d0d9"], "mitre_attack_tags": ["TA0005", "TA0003", "TA0004", "T1112", "T1574"]}, {"bi": "currentcontrolset-service-added", "hashes": ["1e31145e87fcaf55e61e38d4aa7f4dc71be19d35ff3f747a684e488805b07594", "d6457c55dd9eba5fd8078e7bacf965c65232d713a1e037064f3617ad4d45844f", "3ddcaa1008f22e9abddf2252d69ee1724a21a1d07005584ac42505539e5379a6", "87233e65e7b07831749fb294687632b8ef51b2f155d412024a561243288e08b6", "a607a60d0d952d7d73649ce327646fe2de7f7cdaa2ca7785faa7851b9b8d100c", "f6647a78d8bf05b80830dfd013a7876b4f9619c16433478a4fd2b69fbac9d0d9"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1569", "T1547"]}, {"bi": "sample-launched-copy-of-self", "hashes": ["1e31145e87fcaf55e61e38d4aa7f4dc71be19d35ff3f747a684e488805b07594", "d6457c55dd9eba5fd8078e7bacf965c65232d713a1e037064f3617ad4d45844f", "3ddcaa1008f22e9abddf2252d69ee1724a21a1d07005584ac42505539e5379a6", "87233e65e7b07831749fb294687632b8ef51b2f155d412024a561243288e08b6", "a607a60d0d952d7d73649ce327646fe2de7f7cdaa2ca7785faa7851b9b8d100c", "f6647a78d8bf05b80830dfd013a7876b4f9619c16433478a4fd2b69fbac9d0d9"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "new-service-launched", "hashes": ["1e31145e87fcaf55e61e38d4aa7f4dc71be19d35ff3f747a684e488805b07594", "d6457c55dd9eba5fd8078e7bacf965c65232d713a1e037064f3617ad4d45844f", "3ddcaa1008f22e9abddf2252d69ee1724a21a1d07005584ac42505539e5379a6", "87233e65e7b07831749fb294687632b8ef51b2f155d412024a561243288e08b6", "a607a60d0d952d7d73649ce327646fe2de7f7cdaa2ca7785faa7851b9b8d100c", "f6647a78d8bf05b80830dfd013a7876b4f9619c16433478a4fd2b69fbac9d0d9"], "mitre_attack_tags": ["TA0002", "T1569"]}, {"bi": "modified-file-in-program-dir", "hashes": ["1e31145e87fcaf55e61e38d4aa7f4dc71be19d35ff3f747a684e488805b07594", "d6457c55dd9eba5fd8078e7bacf965c65232d713a1e037064f3617ad4d45844f", "87233e65e7b07831749fb294687632b8ef51b2f155d412024a561243288e08b6", "a607a60d0d952d7d73649ce327646fe2de7f7cdaa2ca7785faa7851b9b8d100c", "f6647a78d8bf05b80830dfd013a7876b4f9619c16433478a4fd2b69fbac9d0d9"], "mitre_attack_tags": []}, {"bi": "malware-gh0st-rat-autorun-registry-detected", "hashes": ["1e31145e87fcaf55e61e38d4aa7f4dc71be19d35ff3f747a684e488805b07594", "d6457c55dd9eba5fd8078e7bacf965c65232d713a1e037064f3617ad4d45844f", "3ddcaa1008f22e9abddf2252d69ee1724a21a1d07005584ac42505539e5379a6", "87233e65e7b07831749fb294687632b8ef51b2f155d412024a561243288e08b6", "f6647a78d8bf05b80830dfd013a7876b4f9619c16433478a4fd2b69fbac9d0d9"], "mitre_attack_tags": []}, {"bi": "network-opendns-malicious", "hashes": ["1e31145e87fcaf55e61e38d4aa7f4dc71be19d35ff3f747a684e488805b07594", "87233e65e7b07831749fb294687632b8ef51b2f155d412024a561243288e08b6", "fc7a21b32715e94357d9e7659b18d93b5401e63187e9952b50b45a23673abc99"], "mitre_attack_tags": []}, {"bi": "feed-domain-rat", "hashes": ["1e31145e87fcaf55e61e38d4aa7f4dc71be19d35ff3f747a684e488805b07594", "87233e65e7b07831749fb294687632b8ef51b2f155d412024a561243288e08b6", "fc7a21b32715e94357d9e7659b18d93b5401e63187e9952b50b45a23673abc99"], "mitre_attack_tags": []}, {"bi": "feed-domain-antivirus-service", "hashes": ["1e31145e87fcaf55e61e38d4aa7f4dc71be19d35ff3f747a684e488805b07594", "87233e65e7b07831749fb294687632b8ef51b2f155d412024a561243288e08b6", "fc7a21b32715e94357d9e7659b18d93b5401e63187e9952b50b45a23673abc99"], "mitre_attack_tags": []}, {"bi": "network-dns-category-cnc", "hashes": ["1e31145e87fcaf55e61e38d4aa7f4dc71be19d35ff3f747a684e488805b07594", "87233e65e7b07831749fb294687632b8ef51b2f155d412024a561243288e08b6", "fc7a21b32715e94357d9e7659b18d93b5401e63187e9952b50b45a23673abc99"], "mitre_attack_tags": ["TA0011"]}, {"bi": "sample-launched-copy-domain-flagged", "hashes": ["1e31145e87fcaf55e61e38d4aa7f4dc71be19d35ff3f747a684e488805b07594", "87233e65e7b07831749fb294687632b8ef51b2f155d412024a561243288e08b6"], "mitre_attack_tags": ["TA0011", "T1102"]}, {"bi": "deleted-submitted-file", "hashes": ["3ddcaa1008f22e9abddf2252d69ee1724a21a1d07005584ac42505539e5379a6", "6d448045dbe5f11cca8ac423edb230c38279b201fbb512d5dc5f1207a93cbb17"], "mitre_attack_tags": ["TA0005"]}, {"bi": "excessive-tcp-connections", "hashes": ["3ddcaa1008f22e9abddf2252d69ee1724a21a1d07005584ac42505539e5379a6", "a607a60d0d952d7d73649ce327646fe2de7f7cdaa2ca7785faa7851b9b8d100c"], "mitre_attack_tags": ["TA0011", "T1095", "T1008"]}, {"bi": "audio-video-mutex-detected", "hashes": ["87233e65e7b07831749fb294687632b8ef51b2f155d412024a561243288e08b6", "f6647a78d8bf05b80830dfd013a7876b4f9619c16433478a4fd2b69fbac9d0d9"], "mitre_attack_tags": ["TA0009", "T1123", "T1125"]}, {"bi": "excessive-logical-drive-enumeration", "hashes": ["87233e65e7b07831749fb294687632b8ef51b2f155d412024a561243288e08b6", "f6647a78d8bf05b80830dfd013a7876b4f9619c16433478a4fd2b69fbac9d0d9"], "mitre_attack_tags": ["TA0007", "TA0009", "T1120", "T1025"]}, {"bi": "modified-file-in-user-dir", "hashes": ["7f399111c9b70c0de1b51525fec281e6eb6a39af6802a0abe626678af0d1ced3"], "mitre_attack_tags": []}, {"bi": "windows-crash-tool-execution-detected", "hashes": ["7f399111c9b70c0de1b51525fec281e6eb6a39af6802a0abe626678af0d1ced3"], "mitre_attack_tags": []}, {"bi": "crash-dump-file-created", "hashes": ["7f399111c9b70c0de1b51525fec281e6eb6a39af6802a0abe626678af0d1ced3"], "mitre_attack_tags": []}, {"bi": "fault-report-file-created", "hashes": ["7f399111c9b70c0de1b51525fec281e6eb6a39af6802a0abe626678af0d1ced3"], "mitre_attack_tags": []}, {"bi": "modified-file-in-system-dir", "hashes": ["3ddcaa1008f22e9abddf2252d69ee1724a21a1d07005584ac42505539e5379a6"], "mitre_attack_tags": []}, {"bi": "artifact-exec-extension-obfuscation", "hashes": ["3ddcaa1008f22e9abddf2252d69ee1724a21a1d07005584ac42505539e5379a6"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "file-pending-delete", "hashes": ["3ddcaa1008f22e9abddf2252d69ee1724a21a1d07005584ac42505539e5379a6"], "mitre_attack_tags": ["TA0005"]}, {"bi": "network-private-ip-address", "hashes": ["87233e65e7b07831749fb294687632b8ef51b2f155d412024a561243288e08b6"], "mitre_attack_tags": ["TA0007", "T1016"]}, {"bi": "network-http-non-standard-port", "hashes": ["f6647a78d8bf05b80830dfd013a7876b4f9619c16433478a4fd2b69fbac9d0d9"], "mitre_attack_tags": ["TA0011", "T1571"]}, {"bi": "network-http-numeric-ip", "hashes": ["f6647a78d8bf05b80830dfd013a7876b4f9619c16433478a4fd2b69fbac9d0d9"], "mitre_attack_tags": ["TA0011", "T1071"]}, {"bi": "network-communications-http-get", "hashes": ["f6647a78d8bf05b80830dfd013a7876b4f9619c16433478a4fd2b69fbac9d0d9"], "mitre_attack_tags": ["TA0011", "T1105"]}, {"bi": "http-response-client-error", "hashes": ["f6647a78d8bf05b80830dfd013a7876b4f9619c16433478a4fd2b69fbac9d0d9"], "mitre_attack_tags": []}, {"bi": "network-fast-flux-nameserver", "hashes": ["fc7a21b32715e94357d9e7659b18d93b5401e63187e9952b50b45a23673abc99"], "mitre_attack_tags": []}, {"bi": "dns-query-nxdomain", "hashes": ["fc7a21b32715e94357d9e7659b18d93b5401e63187e9952b50b45a23673abc99"], "mitre_attack_tags": []}, {"bi": "netbios-query", "hashes": ["fc7a21b32715e94357d9e7659b18d93b5401e63187e9952b50b45a23673abc99"], "mitre_attack_tags": ["TA0007", "T1016"]}, {"bi": "network-snort-indicator-compromise", "hashes": ["fc7a21b32715e94357d9e7659b18d93b5401e63187e9952b50b45a23673abc99"], "mitre_attack_tags": []}, {"bi": "registry-autorun-key-modified", "hashes": ["fc7a21b32715e94357d9e7659b18d93b5401e63187e9952b50b45a23673abc99"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "registry-autorun-key-points-to-temp", "hashes": ["fc7a21b32715e94357d9e7659b18d93b5401e63187e9952b50b45a23673abc99"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}], "category": "Dropper", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": true, "Threat Grid": true, "Umbrella": true, "WSA": true}, "description": "Zegost is a remote access trojan designed to provide an attacker with complete control over an infected system. Capabilities include monitoring keystrokes, collecting video footage from the webcam, and uploading/executing follow-on malware. Zegost appears to be derived from Gh0stRAT, which is a well-known remote access trojan that had its source code leaked, thus significantly lowering the barrier to entry for actors looking to modify and reuse the code in new attacks.", "hashes": ["1e31145e87fcaf55e61e38d4aa7f4dc71be19d35ff3f747a684e488805b07594", "3ddcaa1008f22e9abddf2252d69ee1724a21a1d07005584ac42505539e5379a6", "6d448045dbe5f11cca8ac423edb230c38279b201fbb512d5dc5f1207a93cbb17", "7b61780a7a04cc483f25f790fbe210086748626a1de1988340cb35895f7df70e", "7f399111c9b70c0de1b51525fec281e6eb6a39af6802a0abe626678af0d1ced3", "87233e65e7b07831749fb294687632b8ef51b2f155d412024a561243288e08b6", "a607a60d0d952d7d73649ce327646fe2de7f7cdaa2ca7785faa7851b9b8d100c", "d6457c55dd9eba5fd8078e7bacf965c65232d713a1e037064f3617ad4d45844f", "f6647a78d8bf05b80830dfd013a7876b4f9619c16433478a4fd2b69fbac9d0d9", "fc7a21b32715e94357d9e7659b18d93b5401e63187e9952b50b45a23673abc99"], "iocs": {"domain": [{"hashes": ["fc7a21b32715e94357d9e7659b18d93b5401e63187e9952b50b45a23673abc99"], "host": "lqwljs[.]cn"}, {"hashes": ["fc7a21b32715e94357d9e7659b18d93b5401e63187e9952b50b45a23673abc99"], "host": "sjlwql[.]top"}, {"hashes": ["1e31145e87fcaf55e61e38d4aa7f4dc71be19d35ff3f747a684e488805b07594"], "host": "dlos1245[.]e2[.]luyouxia[.]net"}, {"hashes": ["87233e65e7b07831749fb294687632b8ef51b2f155d412024a561243288e08b6"], "host": "w794754387[.]e2[.]luyouxia[.]net"}, {"hashes": ["fc7a21b32715e94357d9e7659b18d93b5401e63187e9952b50b45a23673abc99"], "host": "csq1[.]e2[.]luyouxia[.]net"}], "file": [{"hashes": ["1e31145e87fcaf55e61e38d4aa7f4dc71be19d35ff3f747a684e488805b07594"], "path": "%ProgramFiles(x86)%\\Terms.exe"}, {"hashes": ["d6457c55dd9eba5fd8078e7bacf965c65232d713a1e037064f3617ad4d45844f"], "path": "%ProgramFiles(x86)%\\Microsoft Qbeuxn"}, {"hashes": ["d6457c55dd9eba5fd8078e7bacf965c65232d713a1e037064f3617ad4d45844f"], "path": "%ProgramFiles(x86)%\\Microsoft Qbeuxn\\Wywssvd.exe"}, {"hashes": ["3ddcaa1008f22e9abddf2252d69ee1724a21a1d07005584ac42505539e5379a6"], "path": "%SystemRoot%\\SysWOW64\\Mawyace.exe"}, {"hashes": ["f6647a78d8bf05b80830dfd013a7876b4f9619c16433478a4fd2b69fbac9d0d9"], "path": "%ProgramFiles(x86)%\\Ezsszfx.exe"}, {"hashes": ["87233e65e7b07831749fb294687632b8ef51b2f155d412024a561243288e08b6"], "path": "%ProgramFiles(x86)%\\Bjrvlbx.exe"}, {"hashes": ["a607a60d0d952d7d73649ce327646fe2de7f7cdaa2ca7785faa7851b9b8d100c"], "path": "%ProgramFiles(x86)%\\RuntimeBroker.exe"}], "ip": [{"hashes": ["1e31145e87fcaf55e61e38d4aa7f4dc71be19d35ff3f747a684e488805b07594", "fc7a21b32715e94357d9e7659b18d93b5401e63187e9952b50b45a23673abc99"], "ip": "180[.]97[.]221[.]120"}, {"hashes": ["6d448045dbe5f11cca8ac423edb230c38279b201fbb512d5dc5f1207a93cbb17", "7f399111c9b70c0de1b51525fec281e6eb6a39af6802a0abe626678af0d1ced3"], "ip": "43[.]230[.]169[.]58"}, {"hashes": ["87233e65e7b07831749fb294687632b8ef51b2f155d412024a561243288e08b6"], "ip": "123[.]99[.]198[.]201"}, {"hashes": ["3ddcaa1008f22e9abddf2252d69ee1724a21a1d07005584ac42505539e5379a6"], "ip": "121[.]4[.]85[.]235"}, {"hashes": ["f6647a78d8bf05b80830dfd013a7876b4f9619c16433478a4fd2b69fbac9d0d9"], "ip": "182[.]61[.]134[.]76"}, {"hashes": ["f6647a78d8bf05b80830dfd013a7876b4f9619c16433478a4fd2b69fbac9d0d9"], "ip": "124[.]248[.]66[.]214"}, {"hashes": ["a607a60d0d952d7d73649ce327646fe2de7f7cdaa2ca7785faa7851b9b8d100c"], "ip": "112[.]18[.]159[.]112"}], "mutex": [{"hashes": ["7f399111c9b70c0de1b51525fec281e6eb6a39af6802a0abe626678af0d1ced3"], "name": "Global\\58026681-1745-11ed-9660-001517439349"}, {"hashes": ["fc7a21b32715e94357d9e7659b18d93b5401e63187e9952b50b45a23673abc99"], "name": "csq1.e2.luyouxia.net:24705:Rsetsr bqmysgmf"}, {"hashes": ["7b61780a7a04cc483f25f790fbe210086748626a1de1988340cb35895f7df70e"], "name": "127.0.0.1:8000:Rscsso omyumyeq"}, {"hashes": ["d6457c55dd9eba5fd8078e7bacf965c65232d713a1e037064f3617ad4d45844f"], "name": "127.0.0.1:8000:Rsgewq wsqscuqa"}, {"hashes": ["1e31145e87fcaf55e61e38d4aa7f4dc71be19d35ff3f747a684e488805b07594"], "name": "dlos1245.e2.luyouxia.net:21516:Rszhzn ppzrdglm"}, {"hashes": ["f6647a78d8bf05b80830dfd013a7876b4f9619c16433478a4fd2b69fbac9d0d9"], "name": "182.61.134.76:8000:Rsidcj jyuwqkyj"}, {"hashes": ["3ddcaa1008f22e9abddf2252d69ee1724a21a1d07005584ac42505539e5379a6"], "name": "121.4.85.235:1499:Rsgkcs icmwmkam"}, {"hashes": ["87233e65e7b07831749fb294687632b8ef51b2f155d412024a561243288e08b6"], "name": "w794754387.e2.luyouxia.net:29523:Rswsue csscaksq"}, {"hashes": ["6d448045dbe5f11cca8ac423edb230c38279b201fbb512d5dc5f1207a93cbb17"], "name": "43.230.169.58:8000:Rsvurb jfjqyucm"}, {"hashes": ["a607a60d0d952d7d73649ce327646fe2de7f7cdaa2ca7785faa7851b9b8d100c"], "name": "112.18.159.112:34567:Runtime Broker"}], "registry": [{"hashes": ["1e31145e87fcaf55e61e38d4aa7f4dc71be19d35ff3f747a684e488805b07594", "3ddcaa1008f22e9abddf2252d69ee1724a21a1d07005584ac42505539e5379a6", "6d448045dbe5f11cca8ac423edb230c38279b201fbb512d5dc5f1207a93cbb17", "7b61780a7a04cc483f25f790fbe210086748626a1de1988340cb35895f7df70e", "87233e65e7b07831749fb294687632b8ef51b2f155d412024a561243288e08b6", "d6457c55dd9eba5fd8078e7bacf965c65232d713a1e037064f3617ad4d45844f", "f6647a78d8bf05b80830dfd013a7876b4f9619c16433478a4fd2b69fbac9d0d9"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\RS<random, matching '[A-Z]{4} [A-Z]{8}'>", "value_name": null}, {"hashes": ["1e31145e87fcaf55e61e38d4aa7f4dc71be19d35ff3f747a684e488805b07594", "3ddcaa1008f22e9abddf2252d69ee1724a21a1d07005584ac42505539e5379a6", "6d448045dbe5f11cca8ac423edb230c38279b201fbb512d5dc5f1207a93cbb17", "7b61780a7a04cc483f25f790fbe210086748626a1de1988340cb35895f7df70e", "87233e65e7b07831749fb294687632b8ef51b2f155d412024a561243288e08b6", "d6457c55dd9eba5fd8078e7bacf965c65232d713a1e037064f3617ad4d45844f", "f6647a78d8bf05b80830dfd013a7876b4f9619c16433478a4fd2b69fbac9d0d9"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\RS<random, matching '[A-Z]{4} [A-Z]{8}'>", "value_name": "ConnectGroup"}, {"hashes": ["1e31145e87fcaf55e61e38d4aa7f4dc71be19d35ff3f747a684e488805b07594", "3ddcaa1008f22e9abddf2252d69ee1724a21a1d07005584ac42505539e5379a6", "6d448045dbe5f11cca8ac423edb230c38279b201fbb512d5dc5f1207a93cbb17", "7b61780a7a04cc483f25f790fbe210086748626a1de1988340cb35895f7df70e", "87233e65e7b07831749fb294687632b8ef51b2f155d412024a561243288e08b6", "d6457c55dd9eba5fd8078e7bacf965c65232d713a1e037064f3617ad4d45844f", "f6647a78d8bf05b80830dfd013a7876b4f9619c16433478a4fd2b69fbac9d0d9"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\RS<random, matching '[A-Z]{4} [A-Z]{8}'>", "value_name": "MarkTime"}, {"hashes": ["1e31145e87fcaf55e61e38d4aa7f4dc71be19d35ff3f747a684e488805b07594", "3ddcaa1008f22e9abddf2252d69ee1724a21a1d07005584ac42505539e5379a6", "87233e65e7b07831749fb294687632b8ef51b2f155d412024a561243288e08b6", "d6457c55dd9eba5fd8078e7bacf965c65232d713a1e037064f3617ad4d45844f", "f6647a78d8bf05b80830dfd013a7876b4f9619c16433478a4fd2b69fbac9d0d9"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\RS<random, matching '[A-Z]{4} [A-Z]{8}'>", "value_name": "Type"}, {"hashes": ["1e31145e87fcaf55e61e38d4aa7f4dc71be19d35ff3f747a684e488805b07594", "3ddcaa1008f22e9abddf2252d69ee1724a21a1d07005584ac42505539e5379a6", "87233e65e7b07831749fb294687632b8ef51b2f155d412024a561243288e08b6", "d6457c55dd9eba5fd8078e7bacf965c65232d713a1e037064f3617ad4d45844f", "f6647a78d8bf05b80830dfd013a7876b4f9619c16433478a4fd2b69fbac9d0d9"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\RS<random, matching '[A-Z]{4} [A-Z]{8}'>", "value_name": "Start"}, {"hashes": ["1e31145e87fcaf55e61e38d4aa7f4dc71be19d35ff3f747a684e488805b07594", "3ddcaa1008f22e9abddf2252d69ee1724a21a1d07005584ac42505539e5379a6", "87233e65e7b07831749fb294687632b8ef51b2f155d412024a561243288e08b6", "d6457c55dd9eba5fd8078e7bacf965c65232d713a1e037064f3617ad4d45844f", "f6647a78d8bf05b80830dfd013a7876b4f9619c16433478a4fd2b69fbac9d0d9"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\RS<random, matching '[A-Z]{4} [A-Z]{8}'>", "value_name": "ErrorControl"}, {"hashes": ["1e31145e87fcaf55e61e38d4aa7f4dc71be19d35ff3f747a684e488805b07594", "3ddcaa1008f22e9abddf2252d69ee1724a21a1d07005584ac42505539e5379a6", "87233e65e7b07831749fb294687632b8ef51b2f155d412024a561243288e08b6", "d6457c55dd9eba5fd8078e7bacf965c65232d713a1e037064f3617ad4d45844f", "f6647a78d8bf05b80830dfd013a7876b4f9619c16433478a4fd2b69fbac9d0d9"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\RS<random, matching '[A-Z]{4} [A-Z]{8}'>", "value_name": "ImagePath"}, {"hashes": ["1e31145e87fcaf55e61e38d4aa7f4dc71be19d35ff3f747a684e488805b07594", "3ddcaa1008f22e9abddf2252d69ee1724a21a1d07005584ac42505539e5379a6", "87233e65e7b07831749fb294687632b8ef51b2f155d412024a561243288e08b6", "d6457c55dd9eba5fd8078e7bacf965c65232d713a1e037064f3617ad4d45844f", "f6647a78d8bf05b80830dfd013a7876b4f9619c16433478a4fd2b69fbac9d0d9"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\RS<random, matching '[A-Z]{4} [A-Z]{8}'>", "value_name": "DisplayName"}, {"hashes": ["1e31145e87fcaf55e61e38d4aa7f4dc71be19d35ff3f747a684e488805b07594", "3ddcaa1008f22e9abddf2252d69ee1724a21a1d07005584ac42505539e5379a6", "87233e65e7b07831749fb294687632b8ef51b2f155d412024a561243288e08b6", "d6457c55dd9eba5fd8078e7bacf965c65232d713a1e037064f3617ad4d45844f", "f6647a78d8bf05b80830dfd013a7876b4f9619c16433478a4fd2b69fbac9d0d9"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\RS<random, matching '[A-Z]{4} [A-Z]{8}'>", "value_name": "WOW64"}, {"hashes": ["1e31145e87fcaf55e61e38d4aa7f4dc71be19d35ff3f747a684e488805b07594", "3ddcaa1008f22e9abddf2252d69ee1724a21a1d07005584ac42505539e5379a6", "87233e65e7b07831749fb294687632b8ef51b2f155d412024a561243288e08b6", "d6457c55dd9eba5fd8078e7bacf965c65232d713a1e037064f3617ad4d45844f", "f6647a78d8bf05b80830dfd013a7876b4f9619c16433478a4fd2b69fbac9d0d9"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\RS<random, matching '[A-Z]{4} [A-Z]{8}'>", "value_name": "ObjectName"}, {"hashes": ["1e31145e87fcaf55e61e38d4aa7f4dc71be19d35ff3f747a684e488805b07594", "3ddcaa1008f22e9abddf2252d69ee1724a21a1d07005584ac42505539e5379a6", "87233e65e7b07831749fb294687632b8ef51b2f155d412024a561243288e08b6", "d6457c55dd9eba5fd8078e7bacf965c65232d713a1e037064f3617ad4d45844f", "f6647a78d8bf05b80830dfd013a7876b4f9619c16433478a4fd2b69fbac9d0d9"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\RS<random, matching '[A-Z]{4} [A-Z]{8}'>", "value_name": "Description"}, {"hashes": ["1e31145e87fcaf55e61e38d4aa7f4dc71be19d35ff3f747a684e488805b07594", "3ddcaa1008f22e9abddf2252d69ee1724a21a1d07005584ac42505539e5379a6", "87233e65e7b07831749fb294687632b8ef51b2f155d412024a561243288e08b6", "d6457c55dd9eba5fd8078e7bacf965c65232d713a1e037064f3617ad4d45844f", "f6647a78d8bf05b80830dfd013a7876b4f9619c16433478a4fd2b69fbac9d0d9"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\RS<random, matching '[A-Z]{4} [A-Z]{8}'>", "value_name": "FailureActions"}, {"hashes": ["fc7a21b32715e94357d9e7659b18d93b5401e63187e9952b50b45a23673abc99"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\CONTROL\\RSETSR BQMYSGMF", "value_name": null}, {"hashes": ["fc7a21b32715e94357d9e7659b18d93b5401e63187e9952b50b45a23673abc99"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\CONTROL\\RSETSR BQMYSGMF", "value_name": "ConnectGroup"}, {"hashes": ["fc7a21b32715e94357d9e7659b18d93b5401e63187e9952b50b45a23673abc99"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\CONTROL\\RSETSR BQMYSGMF", "value_name": "MarkTime"}, {"hashes": ["fc7a21b32715e94357d9e7659b18d93b5401e63187e9952b50b45a23673abc99"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": ""}, {"hashes": ["a607a60d0d952d7d73649ce327646fe2de7f7cdaa2ca7785faa7851b9b8d100c"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\RUNTIME BROKER", "value_name": null}, {"hashes": ["a607a60d0d952d7d73649ce327646fe2de7f7cdaa2ca7785faa7851b9b8d100c"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\RUNTIME BROKER", "value_name": "Type"}, {"hashes": ["a607a60d0d952d7d73649ce327646fe2de7f7cdaa2ca7785faa7851b9b8d100c"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\RUNTIME BROKER", "value_name": "Start"}, {"hashes": ["a607a60d0d952d7d73649ce327646fe2de7f7cdaa2ca7785faa7851b9b8d100c"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\RUNTIME BROKER", "value_name": "ErrorControl"}, {"hashes": ["a607a60d0d952d7d73649ce327646fe2de7f7cdaa2ca7785faa7851b9b8d100c"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\RUNTIME BROKER", "value_name": "ImagePath"}, {"hashes": ["a607a60d0d952d7d73649ce327646fe2de7f7cdaa2ca7785faa7851b9b8d100c"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\RUNTIME BROKER", "value_name": "DisplayName"}, {"hashes": ["a607a60d0d952d7d73649ce327646fe2de7f7cdaa2ca7785faa7851b9b8d100c"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\RUNTIME BROKER", "value_name": "WOW64"}, {"hashes": ["a607a60d0d952d7d73649ce327646fe2de7f7cdaa2ca7785faa7851b9b8d100c"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\RUNTIME BROKER", "value_name": "ObjectName"}, {"hashes": ["a607a60d0d952d7d73649ce327646fe2de7f7cdaa2ca7785faa7851b9b8d100c"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\RUNTIME BROKER", "value_name": "Description"}, {"hashes": ["a607a60d0d952d7d73649ce327646fe2de7f7cdaa2ca7785faa7851b9b8d100c"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\RUNTIME BROKER", "value_name": "FailureActions"}, {"hashes": ["a607a60d0d952d7d73649ce327646fe2de7f7cdaa2ca7785faa7851b9b8d100c"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\RUNTIME BROKER", "value_name": "ConnectGroup"}, {"hashes": ["a607a60d0d952d7d73649ce327646fe2de7f7cdaa2ca7785faa7851b9b8d100c"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\RUNTIME BROKER", "value_name": "MarkTime"}]}, "reports_count": 10}, "Win.Dropper.Zeus-9985129-0": {"bis": [{"bi": "memory-execute-readwrite", "hashes": ["f1b5cc531ba8fd8f4efccaf56ea7b8690fe74b03d59959b9411e26f7866c3fd2", "2426d26e4924f9514d674304627480a7cfb43e5e5ff1d1876321c188502374dc", "4190f82a028deb2d0f399520e034a6f1ab5a78d14c4d1433be8ba4a6d2f70b41", "4272e583ff2c4b9ce0e507cf339d14d750c05288b897557d0fd672c6f23fc8bf", "298f72fc3b9de5eb91ae3d6102526b832ae3365647d569877242d51e566f4029", "17877bc57bf371e332f3f59d46102319728261a80090791293be290056020b0e", "1f4457b541ac0ad19951d39a1e260b1733210c68c7bc16932d0f3467f2e7c8b6", "427d2cfa6470def7183affabff2d26e582ee71dbb824e265261f01d86be2ac26", "403122fe822bb9bc87aff93a2c93471a9360413d519781950d6871a8daeaf94d", "4a6538cbea79e455429465ced98f32a8736abe8a5a919d9f4f1446060a3f6c54", "0483f996d51c910d04083acc2057c6889473e9dde561dc1f9b9535f738e594a1", "5170ccdc6131e2f4341274bac186dddde935f77c0f3d3d6dc429171714f856ff", "6a5c370e1a6326d988f483defdae1214d6c3dae5126e0b2129f90eee59e21e4b", "1c6cd22f8fdfc8219861db803349bce1cdeaa5cd880dae609e1a1667b5d022ad", "16d63848bec52a9eaf184bdaa704674657c1a6b31cf50696b95cac7244fdc358", "0f6486fdaf98bb93a0557a3c44bb906d41b4c0e00c007bcad189914fae85be7c", "024e7d89552b263467f912568ccd95181ac718f4a8e5012e5c6ec1aacf2f77e4", "274192458297e01466260a43ded24165efa899fe4448c73198f0de81766e2527", "6a432b1e261b3d366681b52fdec626a5673fd0fe8f3265898aabefc7be370581", "3654aaff7c3064cb607cac6d1211e7e64cafd5ceacfb0a416dbba719bdffc2cd", "507cdd0ac8cfffd9815c86431289eac78ee92f1aa19825ee82d29e6650858dd5", "2460deaefede5b79219cffdc473e5a9fc371d15b7797fa70d8449b4c4f9abe8d", "347ccb8f6bb23038c9cd690cd5a4ce3ad79824ee65a1ce7477987fd106b5fd32", "5308632516b9ae13e416fc7450750a8239a0d8a5aaa99e80af00ca5fb97d2386", "1ac1fcff08cf6b2df798710c364bec4113d44c3447806dfc566191c0c5db7bb5", "216e23b13eebcede1492f9414ef926bf49e825a42470bc265458debb103330ba"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["f1b5cc531ba8fd8f4efccaf56ea7b8690fe74b03d59959b9411e26f7866c3fd2", "2426d26e4924f9514d674304627480a7cfb43e5e5ff1d1876321c188502374dc", "4190f82a028deb2d0f399520e034a6f1ab5a78d14c4d1433be8ba4a6d2f70b41", "4272e583ff2c4b9ce0e507cf339d14d750c05288b897557d0fd672c6f23fc8bf", "298f72fc3b9de5eb91ae3d6102526b832ae3365647d569877242d51e566f4029", "17877bc57bf371e332f3f59d46102319728261a80090791293be290056020b0e", "1f4457b541ac0ad19951d39a1e260b1733210c68c7bc16932d0f3467f2e7c8b6", "427d2cfa6470def7183affabff2d26e582ee71dbb824e265261f01d86be2ac26", "403122fe822bb9bc87aff93a2c93471a9360413d519781950d6871a8daeaf94d", "4a6538cbea79e455429465ced98f32a8736abe8a5a919d9f4f1446060a3f6c54", "0483f996d51c910d04083acc2057c6889473e9dde561dc1f9b9535f738e594a1", "5170ccdc6131e2f4341274bac186dddde935f77c0f3d3d6dc429171714f856ff", "6a5c370e1a6326d988f483defdae1214d6c3dae5126e0b2129f90eee59e21e4b", "1c6cd22f8fdfc8219861db803349bce1cdeaa5cd880dae609e1a1667b5d022ad", "16d63848bec52a9eaf184bdaa704674657c1a6b31cf50696b95cac7244fdc358", "0f6486fdaf98bb93a0557a3c44bb906d41b4c0e00c007bcad189914fae85be7c", "024e7d89552b263467f912568ccd95181ac718f4a8e5012e5c6ec1aacf2f77e4", "274192458297e01466260a43ded24165efa899fe4448c73198f0de81766e2527", "6a432b1e261b3d366681b52fdec626a5673fd0fe8f3265898aabefc7be370581", "3654aaff7c3064cb607cac6d1211e7e64cafd5ceacfb0a416dbba719bdffc2cd", "507cdd0ac8cfffd9815c86431289eac78ee92f1aa19825ee82d29e6650858dd5", "2460deaefede5b79219cffdc473e5a9fc371d15b7797fa70d8449b4c4f9abe8d", "347ccb8f6bb23038c9cd690cd5a4ce3ad79824ee65a1ce7477987fd106b5fd32", "5308632516b9ae13e416fc7450750a8239a0d8a5aaa99e80af00ca5fb97d2386", "1ac1fcff08cf6b2df798710c364bec4113d44c3447806dfc566191c0c5db7bb5", "216e23b13eebcede1492f9414ef926bf49e825a42470bc265458debb103330ba"], "mitre_attack_tags": []}, {"bi": "pe-uses-armadillo", "hashes": ["f1b5cc531ba8fd8f4efccaf56ea7b8690fe74b03d59959b9411e26f7866c3fd2", "2426d26e4924f9514d674304627480a7cfb43e5e5ff1d1876321c188502374dc", "4190f82a028deb2d0f399520e034a6f1ab5a78d14c4d1433be8ba4a6d2f70b41", "4272e583ff2c4b9ce0e507cf339d14d750c05288b897557d0fd672c6f23fc8bf", "298f72fc3b9de5eb91ae3d6102526b832ae3365647d569877242d51e566f4029", "17877bc57bf371e332f3f59d46102319728261a80090791293be290056020b0e", "1f4457b541ac0ad19951d39a1e260b1733210c68c7bc16932d0f3467f2e7c8b6", "427d2cfa6470def7183affabff2d26e582ee71dbb824e265261f01d86be2ac26", "403122fe822bb9bc87aff93a2c93471a9360413d519781950d6871a8daeaf94d", "4a6538cbea79e455429465ced98f32a8736abe8a5a919d9f4f1446060a3f6c54", "0483f996d51c910d04083acc2057c6889473e9dde561dc1f9b9535f738e594a1", "5170ccdc6131e2f4341274bac186dddde935f77c0f3d3d6dc429171714f856ff", "6a5c370e1a6326d988f483defdae1214d6c3dae5126e0b2129f90eee59e21e4b", "1c6cd22f8fdfc8219861db803349bce1cdeaa5cd880dae609e1a1667b5d022ad", "16d63848bec52a9eaf184bdaa704674657c1a6b31cf50696b95cac7244fdc358", "0f6486fdaf98bb93a0557a3c44bb906d41b4c0e00c007bcad189914fae85be7c", "024e7d89552b263467f912568ccd95181ac718f4a8e5012e5c6ec1aacf2f77e4", "274192458297e01466260a43ded24165efa899fe4448c73198f0de81766e2527", "6a432b1e261b3d366681b52fdec626a5673fd0fe8f3265898aabefc7be370581", "3654aaff7c3064cb607cac6d1211e7e64cafd5ceacfb0a416dbba719bdffc2cd", "507cdd0ac8cfffd9815c86431289eac78ee92f1aa19825ee82d29e6650858dd5", "2460deaefede5b79219cffdc473e5a9fc371d15b7797fa70d8449b4c4f9abe8d", "347ccb8f6bb23038c9cd690cd5a4ce3ad79824ee65a1ce7477987fd106b5fd32", "5308632516b9ae13e416fc7450750a8239a0d8a5aaa99e80af00ca5fb97d2386", "1ac1fcff08cf6b2df798710c364bec4113d44c3447806dfc566191c0c5db7bb5", "216e23b13eebcede1492f9414ef926bf49e825a42470bc265458debb103330ba"], "mitre_attack_tags": ["TA0005", "TA0007", "T1027"]}, {"bi": "antivirus-flagged-artifact", "hashes": ["f1b5cc531ba8fd8f4efccaf56ea7b8690fe74b03d59959b9411e26f7866c3fd2"], "mitre_attack_tags": []}, {"bi": "modified-executable", "hashes": ["f1b5cc531ba8fd8f4efccaf56ea7b8690fe74b03d59959b9411e26f7866c3fd2"], "mitre_attack_tags": []}, {"bi": "created-executable-in-user-dir", "hashes": ["f1b5cc531ba8fd8f4efccaf56ea7b8690fe74b03d59959b9411e26f7866c3fd2"], "mitre_attack_tags": []}, {"bi": "modified-file-in-user-dir", "hashes": ["f1b5cc531ba8fd8f4efccaf56ea7b8690fe74b03d59959b9411e26f7866c3fd2"], "mitre_attack_tags": []}, {"bi": "process-long-cmdline", "hashes": ["f1b5cc531ba8fd8f4efccaf56ea7b8690fe74b03d59959b9411e26f7866c3fd2"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "hook-installed", "hashes": ["f1b5cc531ba8fd8f4efccaf56ea7b8690fe74b03d59959b9411e26f7866c3fd2"], "mitre_attack_tags": ["TA0009", "TA0006", "T1056"]}, {"bi": "dns-query-nxdomain", "hashes": ["f1b5cc531ba8fd8f4efccaf56ea7b8690fe74b03d59959b9411e26f7866c3fd2"], "mitre_attack_tags": []}, {"bi": "netbios-query", "hashes": ["f1b5cc531ba8fd8f4efccaf56ea7b8690fe74b03d59959b9411e26f7866c3fd2"], "mitre_attack_tags": ["TA0007", "T1016"]}, {"bi": "feed-domain-rat", "hashes": ["f1b5cc531ba8fd8f4efccaf56ea7b8690fe74b03d59959b9411e26f7866c3fd2"], "mitre_attack_tags": []}, {"bi": "feed-domain-banking", "hashes": ["f1b5cc531ba8fd8f4efccaf56ea7b8690fe74b03d59959b9411e26f7866c3fd2"], "mitre_attack_tags": []}, {"bi": "feed-domain-antivirus-service", "hashes": ["f1b5cc531ba8fd8f4efccaf56ea7b8690fe74b03d59959b9411e26f7866c3fd2"], "mitre_attack_tags": []}, {"bi": "excessive-foreign-memory-modification", "hashes": ["f1b5cc531ba8fd8f4efccaf56ea7b8690fe74b03d59959b9411e26f7866c3fd2"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "deleted-submitted-file", "hashes": ["f1b5cc531ba8fd8f4efccaf56ea7b8690fe74b03d59959b9411e26f7866c3fd2"], "mitre_attack_tags": ["TA0005"]}, {"bi": "malware-known-trojan-av", "hashes": ["f1b5cc531ba8fd8f4efccaf56ea7b8690fe74b03d59959b9411e26f7866c3fd2"], "mitre_attack_tags": []}, {"bi": "registry-autorun-key-data-dir", "hashes": ["f1b5cc531ba8fd8f4efccaf56ea7b8690fe74b03d59959b9411e26f7866c3fd2"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "registry-autorun-key-modified", "hashes": ["f1b5cc531ba8fd8f4efccaf56ea7b8690fe74b03d59959b9411e26f7866c3fd2"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "files-deleted-used-batch", "hashes": ["f1b5cc531ba8fd8f4efccaf56ea7b8690fe74b03d59959b9411e26f7866c3fd2"], "mitre_attack_tags": ["TA0005"]}, {"bi": "cmd-exe-file-execution", "hashes": ["f1b5cc531ba8fd8f4efccaf56ea7b8690fe74b03d59959b9411e26f7866c3fd2"], "mitre_attack_tags": ["TA0002", "T1059"]}, {"bi": "pe-resource-lang-russian", "hashes": ["f1b5cc531ba8fd8f4efccaf56ea7b8690fe74b03d59959b9411e26f7866c3fd2"], "mitre_attack_tags": []}, {"bi": "unsigned-roaming-execution", "hashes": ["f1b5cc531ba8fd8f4efccaf56ea7b8690fe74b03d59959b9411e26f7866c3fd2"], "mitre_attack_tags": ["TA0005"]}, {"bi": "pe-certificate", "hashes": ["f1b5cc531ba8fd8f4efccaf56ea7b8690fe74b03d59959b9411e26f7866c3fd2"], "mitre_attack_tags": []}, {"bi": "pe-imports-toolhelp", "hashes": ["f1b5cc531ba8fd8f4efccaf56ea7b8690fe74b03d59959b9411e26f7866c3fd2"], "mitre_attack_tags": ["TA0007", "T1057"]}, {"bi": "sample-pe-modified-on-disk", "hashes": ["f1b5cc531ba8fd8f4efccaf56ea7b8690fe74b03d59959b9411e26f7866c3fd2"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "files-created-batch", "hashes": ["f1b5cc531ba8fd8f4efccaf56ea7b8690fe74b03d59959b9411e26f7866c3fd2"], "mitre_attack_tags": ["TA0002", "T1059"]}, {"bi": "artifact-exec-extension-obfuscation", "hashes": ["f1b5cc531ba8fd8f4efccaf56ea7b8690fe74b03d59959b9411e26f7866c3fd2"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "file-alternate-data-stream-modification", "hashes": ["f1b5cc531ba8fd8f4efccaf56ea7b8690fe74b03d59959b9411e26f7866c3fd2"], "mitre_attack_tags": ["TA0005", "T1564"]}, {"bi": "netsh-firewall-generic", "hashes": ["f1b5cc531ba8fd8f4efccaf56ea7b8690fe74b03d59959b9411e26f7866c3fd2"], "mitre_attack_tags": ["TA0007", "TA0005", "T1016", "T1562"]}, {"bi": "file-alternate-data-stream-creation", "hashes": ["f1b5cc531ba8fd8f4efccaf56ea7b8690fe74b03d59959b9411e26f7866c3fd2"], "mitre_attack_tags": ["TA0005", "T1564"]}, {"bi": "netsh-firewall-add", "hashes": ["f1b5cc531ba8fd8f4efccaf56ea7b8690fe74b03d59959b9411e26f7866c3fd2"], "mitre_attack_tags": ["TA0005", "T1562"]}, {"bi": "pe-resource-lang-spanish", "hashes": ["f1b5cc531ba8fd8f4efccaf56ea7b8690fe74b03d59959b9411e26f7866c3fd2"], "mitre_attack_tags": []}, {"bi": "registry-ie-zone-settings-modified", "hashes": ["f1b5cc531ba8fd8f4efccaf56ea7b8690fe74b03d59959b9411e26f7866c3fd2"], "mitre_attack_tags": ["TA0005", "T1562"]}, {"bi": "malware-zeus-mutex-detected", "hashes": ["f1b5cc531ba8fd8f4efccaf56ea7b8690fe74b03d59959b9411e26f7866c3fd2"], "mitre_attack_tags": []}, {"bi": "pe-resource-lang-korean", "hashes": ["f1b5cc531ba8fd8f4efccaf56ea7b8690fe74b03d59959b9411e26f7866c3fd2"], "mitre_attack_tags": []}, {"bi": "pe-resource-lang-arabic", "hashes": ["f1b5cc531ba8fd8f4efccaf56ea7b8690fe74b03d59959b9411e26f7866c3fd2"], "mitre_attack_tags": []}, {"bi": "sample-modified-deleted", "hashes": ["f1b5cc531ba8fd8f4efccaf56ea7b8690fe74b03d59959b9411e26f7866c3fd2"], "mitre_attack_tags": ["TA0005"]}, {"bi": "malware-zeus-variant-detected", "hashes": ["f1b5cc531ba8fd8f4efccaf56ea7b8690fe74b03d59959b9411e26f7866c3fd2"], "mitre_attack_tags": []}, {"bi": "eml-same-sender-recipient", "hashes": ["f1b5cc531ba8fd8f4efccaf56ea7b8690fe74b03d59959b9411e26f7866c3fd2"], "mitre_attack_tags": ["TA0001", "T1566"]}, {"bi": "enumeration-email-program-information", "hashes": ["f1b5cc531ba8fd8f4efccaf56ea7b8690fe74b03d59959b9411e26f7866c3fd2"], "mitre_attack_tags": ["TA0007", "TA0009", "TA0006", "T1083", "T1087", "T1005", "T1119", "T1114", "T1552"]}, {"bi": "outlook-express-com-server", "hashes": ["f1b5cc531ba8fd8f4efccaf56ea7b8690fe74b03d59959b9411e26f7866c3fd2"], "mitre_attack_tags": ["TA0009", "TA0003", "TA0004", "T1114", "T1546"]}, {"bi": "eml-link", "hashes": ["f1b5cc531ba8fd8f4efccaf56ea7b8690fe74b03d59959b9411e26f7866c3fd2"], "mitre_attack_tags": ["TA0001", "T1566"]}, {"bi": "eml-mismatched-name-to-header", "hashes": ["f1b5cc531ba8fd8f4efccaf56ea7b8690fe74b03d59959b9411e26f7866c3fd2"], "mitre_attack_tags": ["TA0001", "T1566"]}, {"bi": "email-same-sender-receiver-domain", "hashes": ["f1b5cc531ba8fd8f4efccaf56ea7b8690fe74b03d59959b9411e26f7866c3fd2"], "mitre_attack_tags": []}], "category": "Dropper", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": false, "Threat Grid": true, "Umbrella": false, "WSA": false}, "description": "Zeus is a trojan that steals information such as banking credentials using methods such as key-logging and form-grabbing.", "hashes": ["024e7d89552b263467f912568ccd95181ac718f4a8e5012e5c6ec1aacf2f77e4", "0483f996d51c910d04083acc2057c6889473e9dde561dc1f9b9535f738e594a1", "0f6486fdaf98bb93a0557a3c44bb906d41b4c0e00c007bcad189914fae85be7c", "16d63848bec52a9eaf184bdaa704674657c1a6b31cf50696b95cac7244fdc358", "17877bc57bf371e332f3f59d46102319728261a80090791293be290056020b0e", "1ac1fcff08cf6b2df798710c364bec4113d44c3447806dfc566191c0c5db7bb5", "1c6cd22f8fdfc8219861db803349bce1cdeaa5cd880dae609e1a1667b5d022ad", "1f4457b541ac0ad19951d39a1e260b1733210c68c7bc16932d0f3467f2e7c8b6", "216e23b13eebcede1492f9414ef926bf49e825a42470bc265458debb103330ba", "2426d26e4924f9514d674304627480a7cfb43e5e5ff1d1876321c188502374dc", "2460deaefede5b79219cffdc473e5a9fc371d15b7797fa70d8449b4c4f9abe8d", "274192458297e01466260a43ded24165efa899fe4448c73198f0de81766e2527", "298f72fc3b9de5eb91ae3d6102526b832ae3365647d569877242d51e566f4029", "347ccb8f6bb23038c9cd690cd5a4ce3ad79824ee65a1ce7477987fd106b5fd32", "3654aaff7c3064cb607cac6d1211e7e64cafd5ceacfb0a416dbba719bdffc2cd", "403122fe822bb9bc87aff93a2c93471a9360413d519781950d6871a8daeaf94d", "4190f82a028deb2d0f399520e034a6f1ab5a78d14c4d1433be8ba4a6d2f70b41", "4272e583ff2c4b9ce0e507cf339d14d750c05288b897557d0fd672c6f23fc8bf", "427d2cfa6470def7183affabff2d26e582ee71dbb824e265261f01d86be2ac26", "4a6538cbea79e455429465ced98f32a8736abe8a5a919d9f4f1446060a3f6c54", "507cdd0ac8cfffd9815c86431289eac78ee92f1aa19825ee82d29e6650858dd5", "5170ccdc6131e2f4341274bac186dddde935f77c0f3d3d6dc429171714f856ff", "5308632516b9ae13e416fc7450750a8239a0d8a5aaa99e80af00ca5fb97d2386", "6a432b1e261b3d366681b52fdec626a5673fd0fe8f3265898aabefc7be370581", "6a5c370e1a6326d988f483defdae1214d6c3dae5126e0b2129f90eee59e21e4b", "6d9f1efea8805376530328f8555f8ea165aba3f9634493b85b3ff4fa01734204", "6e7683a7f90ab7fad01f74cdf56eb3c6431f966280cf9ac04c6b700f70a6df55", "701cb334983d60ab70efb5ce709b02a4ef39ca4163ffe71bc3f3411e9e102423", "7994ffabcf2b7cd2533cff69573b271581238ab17286c92d4330954640b57093", "7cbfe0d0a3d1573f193ed9051c6d3798c9194cc52fa5a00163b24129571e5583", "856c50c175fbf743c0b240e47842d04cf8046014955fdfb4b0470ee393bc047c", "866fff4d6d6041adcefd143060024d0da6e0a93ec45a74421c2835db0dbb9007", "8b204d95f8926b8cb57f8d031c617eddc26da8c55c319987fd87c333046ccd6b", "8d25bf64b2e3bcdfad27db6df01f2826adf484234816169ebf025827437297b1", "8d936d19bb729847a070a4b1cff0c0e8e255f0eeb96c46b5b571226a99b8236f", "8ff66314722c8e762cff943c0c919c3bbe1867ed5b9a8b395226df36b91ba411", "9d92cec48e96f9c6b42bbc91a023aa543d4913c596f56543b5c42379b9f5a5de", "9efdaf4fbde4b31228ce7dd9cb8dd6673bc53661628d3486660d4d027126bd1f", "a5805f34541dbade5230f5a9de4bac61e921a93d3084a43b66f0521c9382c9e2", "a5e36af945a82771a1c922a2351f19bcfc0b8b83ce9bbb72e88bbf10ac412388", "a7576e897b71abb4213c65d31f2669195a992ab4e0435a405f5d789a4aa9f546", "ad0c0dc0de142720d37fc3ce903074169667a3a11c70736db5199b413bce5c88", "afb3e7b7ec5eef21d8f1cf0d81aa2a23bc28863563683db0430bf6074e0e7b63", "b1c8653a32f16784fd551272e3dd319aaecb27af791c4f72d86565e038fe3d5b", "b729376a66c9f15695f65eaf961c69e35e39a10fc27b4f1652c539bc4ea59782", "ba443ba1a74c04cf2cc43b4e12ee1f8fa558f7da7f72d5c29940c72be152cbc6", "beda05cc0e313411322022ec91f03176971e3ff7c6bc927e6cf219d6e186cf42", "ccdcce8920a0e6809aa873b45d9dfca8ca8fcc4f3d02b8aeda24a0b518218438", "cd9e473acd83ae77e2e9f3cb430cc840ad7e59961e318509ca7bb2c573043087", "ce2e77603568cbe991ad693a2bd4918e6b39c3555ee22ccdcb3ff8a7ae908539", "cefe2cf5cf9805d49d9443ce9f7042e551d46975fbe614f4665bb32658660a14", "d5f1960d7c7a3276b6d510a861ad9d078e804433c2c9fb28460a5a80042795ef", "da2943a9acb3ce17ff32ef76c6e427782a1bea6722c0be424dd9770578c08a8a", "dbbbb6746af356ddfdf5445ac4b537b2235ff16b501f66f4050b43965a35a064", "dc90e1440a2ce4f06e3a1d742f0ae69fe88a001f34f7767518cae89e09be11bf", "dff6d4156750165dbff5dac4a808b5c20ad54d5371a2b59c449086799e5db8eb", "dffd4995b5299de212e16566e93ea0f3bcd033b32a167c521fb5813965962682", "e4cecb09f3935d8fd743acad46579c1eb42a18582702ff90dc61a3b41f2768ca", "e8caa5e49514f181db20c6507ed51a93ec7ae7a1fe55bfd4fa18464c8b854b58", "eac7e7d6aab610795044785ce1a5b6dd75653f4125d6bfec2e5adfa96cf1d51b", "ec1bd5fc3a4b22acc8c6ad0e606d353b3d112ccd2870a55e4e929a9f8ebfe805", "f0ceea3a5406af25e3fa2319aedb07cfba44f28ec623e7e48cd01da3eae4d4ad", "f1b5cc531ba8fd8f4efccaf56ea7b8690fe74b03d59959b9411e26f7866c3fd2", "f25a275e36b9138d53b314c2f8007adb597dd1766ee64ce8d6119bb8d8b8997a", "f48f795f823201a0d7cb514387070b06f2b708e2285ed10161b968ec0ffb368f", "f62f09d555a08e920976d4e488ca3e1174676ad29a2cb305bf01dc71186fc6d2", "fa3efab7dd4cd9e443445891dd9f888f28f25100372f85dbf840f6bdbfee27de", "fce4855dcc6459abbf702bcc83e9075f2521c6525423573a1d6f3caf148cbca7", "fe4abdb5e7fc627105194ba5083ba86c4116ac82df84ca8224e24c2f11a7d6b3"], "iocs": {"domain": [{"hashes": ["f1b5cc531ba8fd8f4efccaf56ea7b8690fe74b03d59959b9411e26f7866c3fd2"], "host": "muzze[.]biz"}], "file": [{"hashes": ["f1b5cc531ba8fd8f4efccaf56ea7b8690fe74b03d59959b9411e26f7866c3fd2"], "path": "%APPDATA%\\Moe\\fylavai.hig"}, {"hashes": ["f1b5cc531ba8fd8f4efccaf56ea7b8690fe74b03d59959b9411e26f7866c3fd2"], "path": "%TEMP%\\tmp264ba9dd.bat"}, {"hashes": ["f1b5cc531ba8fd8f4efccaf56ea7b8690fe74b03d59959b9411e26f7866c3fd2"], "path": "%TEMP%\\tmp4e248681.bat"}, {"hashes": ["f1b5cc531ba8fd8f4efccaf56ea7b8690fe74b03d59959b9411e26f7866c3fd2"], "path": "%APPDATA%\\Moe"}, {"hashes": ["f1b5cc531ba8fd8f4efccaf56ea7b8690fe74b03d59959b9411e26f7866c3fd2"], "path": "%APPDATA%\\Xeit"}, {"hashes": ["f1b5cc531ba8fd8f4efccaf56ea7b8690fe74b03d59959b9411e26f7866c3fd2"], "path": "%APPDATA%\\Xeit\\ottyga.exe"}], "ip": [], "mutex": [{"hashes": ["f1b5cc531ba8fd8f4efccaf56ea7b8690fe74b03d59959b9411e26f7866c3fd2"], "name": "Local\\{8D47BEAD-2721-FF09-7B46-E026C6F642DC}"}, {"hashes": ["f1b5cc531ba8fd8f4efccaf56ea7b8690fe74b03d59959b9411e26f7866c3fd2"], "name": "Local\\{A847581D-C191-DA09-7B46-E026C6F642DC}"}, {"hashes": ["f1b5cc531ba8fd8f4efccaf56ea7b8690fe74b03d59959b9411e26f7866c3fd2"], "name": "Local\\{DF676CEF-F563-AD29-7B46-E026C6F642DC}"}, {"hashes": ["f1b5cc531ba8fd8f4efccaf56ea7b8690fe74b03d59959b9411e26f7866c3fd2"], "name": "GLOBAL\\{<random GUID>}"}], "registry": [{"hashes": ["f1b5cc531ba8fd8f4efccaf56ea7b8690fe74b03d59959b9411e26f7866c3fd2"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\INTERNET EXPLORER\\PRIVACY", "value_name": "CleanCookies"}, {"hashes": ["f1b5cc531ba8fd8f4efccaf56ea7b8690fe74b03d59959b9411e26f7866c3fd2"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\ACTION CENTER\\CHECKS\\{E8433B72-5842-4D43-8645-BC2C35960837}.CHECK.104", "value_name": "CheckSetting"}, {"hashes": ["f1b5cc531ba8fd8f4efccaf56ea7b8690fe74b03d59959b9411e26f7866c3fd2"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\ACTION CENTER\\CHECKS\\{E8433B72-5842-4D43-8645-BC2C35960837}.CHECK.101", "value_name": "CheckSetting"}, {"hashes": ["f1b5cc531ba8fd8f4efccaf56ea7b8690fe74b03d59959b9411e26f7866c3fd2"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\ACTION CENTER\\CHECKS\\{E8433B72-5842-4D43-8645-BC2C35960837}.CHECK.103", "value_name": "CheckSetting"}, {"hashes": ["f1b5cc531ba8fd8f4efccaf56ea7b8690fe74b03d59959b9411e26f7866c3fd2"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\ACTION CENTER\\CHECKS\\{E8433B72-5842-4D43-8645-BC2C35960837}.CHECK.100", "value_name": "CheckSetting"}, {"hashes": ["f1b5cc531ba8fd8f4efccaf56ea7b8690fe74b03d59959b9411e26f7866c3fd2"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\ACTION CENTER\\CHECKS\\{E8433B72-5842-4D43-8645-BC2C35960837}.CHECK.102", "value_name": "CheckSetting"}, {"hashes": ["f1b5cc531ba8fd8f4efccaf56ea7b8690fe74b03d59959b9411e26f7866c3fd2"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "{AA56720F-EB83-D818-7B46-E026C6F642DC}"}, {"hashes": ["f1b5cc531ba8fd8f4efccaf56ea7b8690fe74b03d59959b9411e26f7866c3fd2"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\ZOOZIN", "value_name": "Yqameb"}, {"hashes": ["f1b5cc531ba8fd8f4efccaf56ea7b8690fe74b03d59959b9411e26f7866c3fd2"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\ZOOZIN", "value_name": null}]}, "reports_count": 26}, "Win.Ransomware.Cerber-9985289-0": {"bis": [{"bi": "pe-encrypted-section", "hashes": ["202e5716d57ea7202f2231153c600fcf7f96017f82b70a11d6f15cb637a28779", "2e8e2e885a25bb09aa90943880e7d81b9addfc0013d76c205cc5f615028f1839", "dab394cde1e5511f04e7ec2916cc473950358aa3cf37e0f393d1f739526eafad", "a381580451ceb6fdc34f6efbb4597352d1b8b41abc8a78ecb90057f8d68384b4", "4f6e0e822cfb6ffa0cca7c80bd33a8184912e6621aa28459e06f70929d9d36d9", "cf239b6dae275f53efa5723c0d9763c0bc5ec4052b93de80a170f6463116ee1e", "8444fb5e16ca451dad9a315610b43a604ded969009404bf88110f9a840cbd96b", "31dc34001eb08664526ad2389b4b0cdf28214c595eba05bf0f84bf16fa6b119b", "4e38a707a26fda9ba556cc17b79cb01121a51e6692809c18afe36e491b39174d", "1e0b0bfbc83d700f9583f730244b02b26b12ba1db5c50edbe3489418acc837de", "5a21751f48b27dff8488521a6113a4e102164ad68f1d6ac43f90b8ad7a0ebc8d", "693969c204a6b9714af4128612abeb08e36fbfc03bbef71accd253b0895b45b5", "80654347845e9392f5039a94342f7b28c345c1ae6766939d7bda21360bf605bd", "258d29d87887f9e9303c0c23f466c6807c89f41ba19bc29d99d688971eb59c22", "4843ee4070f7d7a3c6e06e2e1ba26014c1d1b54ba1ca6eed552ddbb7ffa76d7b", "377df2eb0bffe8d47667a343f80f0dff71a47227369f8a63a5336736fca1718d", "11dd9314fe25aa3eb43b042abf8b81b9e50fcfd79528b81288e3f98961789db6", "341d486619e7e2f91de5be87f1bca56ab58c3edebcdc35a949ea306cc4f2c91b", "7f73061dda346d0528d01f811e508b5fc47076df69503576032053166340d2af", "588c4714537fe5243b82572b8b98d2cc83cb99a18d188eaf883791e5125786da", "3d3382e61f289dd249b6817a694dc2c5ddfcdce7dafad7d1f3074e04bfa9442d", "168ef2a56df0859de10120b164c6696d5affbf606fa9d6e79d78f6065d3edc03", "2f2f6a0ef0de62b9c305b24260b9208064130ea88d47a955f922a20f2be02ac0", "562f05f30ffb78866d0077785cfb36d11200f44dbf4abd68b4c43b016a136f8d", "04eb026fd69ee85a204deb1ab3d894fc95d543ff94667bc1f9baf05b77e1aa0c", "7e319635b05f872bcde07b37a87c45ac59a19cc403062b0a7a18125f6aa07d02", "793c06d0016e679f27a26643ff229dc942588838874fa4605961c74d10c34a49", "57631559806e8a977e616b9c00fbe3ff2a957d5c65bbd4bbd5fcd53a63489949"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "memory-execute-readwrite", "hashes": ["202e5716d57ea7202f2231153c600fcf7f96017f82b70a11d6f15cb637a28779", "2e8e2e885a25bb09aa90943880e7d81b9addfc0013d76c205cc5f615028f1839", "dab394cde1e5511f04e7ec2916cc473950358aa3cf37e0f393d1f739526eafad", "a381580451ceb6fdc34f6efbb4597352d1b8b41abc8a78ecb90057f8d68384b4", "4f6e0e822cfb6ffa0cca7c80bd33a8184912e6621aa28459e06f70929d9d36d9", "cf239b6dae275f53efa5723c0d9763c0bc5ec4052b93de80a170f6463116ee1e", "8444fb5e16ca451dad9a315610b43a604ded969009404bf88110f9a840cbd96b", "31dc34001eb08664526ad2389b4b0cdf28214c595eba05bf0f84bf16fa6b119b", "4e38a707a26fda9ba556cc17b79cb01121a51e6692809c18afe36e491b39174d", "1e0b0bfbc83d700f9583f730244b02b26b12ba1db5c50edbe3489418acc837de", "5a21751f48b27dff8488521a6113a4e102164ad68f1d6ac43f90b8ad7a0ebc8d", "693969c204a6b9714af4128612abeb08e36fbfc03bbef71accd253b0895b45b5", "80654347845e9392f5039a94342f7b28c345c1ae6766939d7bda21360bf605bd", "258d29d87887f9e9303c0c23f466c6807c89f41ba19bc29d99d688971eb59c22", "4843ee4070f7d7a3c6e06e2e1ba26014c1d1b54ba1ca6eed552ddbb7ffa76d7b", "377df2eb0bffe8d47667a343f80f0dff71a47227369f8a63a5336736fca1718d", "11dd9314fe25aa3eb43b042abf8b81b9e50fcfd79528b81288e3f98961789db6", "341d486619e7e2f91de5be87f1bca56ab58c3edebcdc35a949ea306cc4f2c91b", "7f73061dda346d0528d01f811e508b5fc47076df69503576032053166340d2af", "588c4714537fe5243b82572b8b98d2cc83cb99a18d188eaf883791e5125786da", "3d3382e61f289dd249b6817a694dc2c5ddfcdce7dafad7d1f3074e04bfa9442d", "168ef2a56df0859de10120b164c6696d5affbf606fa9d6e79d78f6065d3edc03", "2f2f6a0ef0de62b9c305b24260b9208064130ea88d47a955f922a20f2be02ac0", "562f05f30ffb78866d0077785cfb36d11200f44dbf4abd68b4c43b016a136f8d", "04eb026fd69ee85a204deb1ab3d894fc95d543ff94667bc1f9baf05b77e1aa0c", "7e319635b05f872bcde07b37a87c45ac59a19cc403062b0a7a18125f6aa07d02", "793c06d0016e679f27a26643ff229dc942588838874fa4605961c74d10c34a49", "57631559806e8a977e616b9c00fbe3ff2a957d5c65bbd4bbd5fcd53a63489949"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["202e5716d57ea7202f2231153c600fcf7f96017f82b70a11d6f15cb637a28779", "2e8e2e885a25bb09aa90943880e7d81b9addfc0013d76c205cc5f615028f1839", "dab394cde1e5511f04e7ec2916cc473950358aa3cf37e0f393d1f739526eafad", "a381580451ceb6fdc34f6efbb4597352d1b8b41abc8a78ecb90057f8d68384b4", "4f6e0e822cfb6ffa0cca7c80bd33a8184912e6621aa28459e06f70929d9d36d9", "cf239b6dae275f53efa5723c0d9763c0bc5ec4052b93de80a170f6463116ee1e", "8444fb5e16ca451dad9a315610b43a604ded969009404bf88110f9a840cbd96b", "31dc34001eb08664526ad2389b4b0cdf28214c595eba05bf0f84bf16fa6b119b", "4e38a707a26fda9ba556cc17b79cb01121a51e6692809c18afe36e491b39174d", "1e0b0bfbc83d700f9583f730244b02b26b12ba1db5c50edbe3489418acc837de", "5a21751f48b27dff8488521a6113a4e102164ad68f1d6ac43f90b8ad7a0ebc8d", "693969c204a6b9714af4128612abeb08e36fbfc03bbef71accd253b0895b45b5", "80654347845e9392f5039a94342f7b28c345c1ae6766939d7bda21360bf605bd", "258d29d87887f9e9303c0c23f466c6807c89f41ba19bc29d99d688971eb59c22", "4843ee4070f7d7a3c6e06e2e1ba26014c1d1b54ba1ca6eed552ddbb7ffa76d7b", "377df2eb0bffe8d47667a343f80f0dff71a47227369f8a63a5336736fca1718d", "11dd9314fe25aa3eb43b042abf8b81b9e50fcfd79528b81288e3f98961789db6", "341d486619e7e2f91de5be87f1bca56ab58c3edebcdc35a949ea306cc4f2c91b", "7f73061dda346d0528d01f811e508b5fc47076df69503576032053166340d2af", "588c4714537fe5243b82572b8b98d2cc83cb99a18d188eaf883791e5125786da", "3d3382e61f289dd249b6817a694dc2c5ddfcdce7dafad7d1f3074e04bfa9442d", "168ef2a56df0859de10120b164c6696d5affbf606fa9d6e79d78f6065d3edc03", "2f2f6a0ef0de62b9c305b24260b9208064130ea88d47a955f922a20f2be02ac0", "562f05f30ffb78866d0077785cfb36d11200f44dbf4abd68b4c43b016a136f8d", "04eb026fd69ee85a204deb1ab3d894fc95d543ff94667bc1f9baf05b77e1aa0c", "7e319635b05f872bcde07b37a87c45ac59a19cc403062b0a7a18125f6aa07d02", "793c06d0016e679f27a26643ff229dc942588838874fa4605961c74d10c34a49", "57631559806e8a977e616b9c00fbe3ff2a957d5c65bbd4bbd5fcd53a63489949"], "mitre_attack_tags": []}, {"bi": "modified-file-in-user-dir", "hashes": ["202e5716d57ea7202f2231153c600fcf7f96017f82b70a11d6f15cb637a28779", "2e8e2e885a25bb09aa90943880e7d81b9addfc0013d76c205cc5f615028f1839", "dab394cde1e5511f04e7ec2916cc473950358aa3cf37e0f393d1f739526eafad", "a381580451ceb6fdc34f6efbb4597352d1b8b41abc8a78ecb90057f8d68384b4", "4f6e0e822cfb6ffa0cca7c80bd33a8184912e6621aa28459e06f70929d9d36d9", "cf239b6dae275f53efa5723c0d9763c0bc5ec4052b93de80a170f6463116ee1e", "8444fb5e16ca451dad9a315610b43a604ded969009404bf88110f9a840cbd96b", "31dc34001eb08664526ad2389b4b0cdf28214c595eba05bf0f84bf16fa6b119b", "4e38a707a26fda9ba556cc17b79cb01121a51e6692809c18afe36e491b39174d", "1e0b0bfbc83d700f9583f730244b02b26b12ba1db5c50edbe3489418acc837de", "5a21751f48b27dff8488521a6113a4e102164ad68f1d6ac43f90b8ad7a0ebc8d", "693969c204a6b9714af4128612abeb08e36fbfc03bbef71accd253b0895b45b5", "80654347845e9392f5039a94342f7b28c345c1ae6766939d7bda21360bf605bd", "258d29d87887f9e9303c0c23f466c6807c89f41ba19bc29d99d688971eb59c22", "4843ee4070f7d7a3c6e06e2e1ba26014c1d1b54ba1ca6eed552ddbb7ffa76d7b", "377df2eb0bffe8d47667a343f80f0dff71a47227369f8a63a5336736fca1718d", "11dd9314fe25aa3eb43b042abf8b81b9e50fcfd79528b81288e3f98961789db6", "341d486619e7e2f91de5be87f1bca56ab58c3edebcdc35a949ea306cc4f2c91b", "7f73061dda346d0528d01f811e508b5fc47076df69503576032053166340d2af", "588c4714537fe5243b82572b8b98d2cc83cb99a18d188eaf883791e5125786da", "3d3382e61f289dd249b6817a694dc2c5ddfcdce7dafad7d1f3074e04bfa9442d", "168ef2a56df0859de10120b164c6696d5affbf606fa9d6e79d78f6065d3edc03", "2f2f6a0ef0de62b9c305b24260b9208064130ea88d47a955f922a20f2be02ac0", "562f05f30ffb78866d0077785cfb36d11200f44dbf4abd68b4c43b016a136f8d", "04eb026fd69ee85a204deb1ab3d894fc95d543ff94667bc1f9baf05b77e1aa0c", "7e319635b05f872bcde07b37a87c45ac59a19cc403062b0a7a18125f6aa07d02", "793c06d0016e679f27a26643ff229dc942588838874fa4605961c74d10c34a49", "57631559806e8a977e616b9c00fbe3ff2a957d5c65bbd4bbd5fcd53a63489949"], "mitre_attack_tags": []}, {"bi": "artifact-flagged-anomaly", "hashes": ["202e5716d57ea7202f2231153c600fcf7f96017f82b70a11d6f15cb637a28779", "2e8e2e885a25bb09aa90943880e7d81b9addfc0013d76c205cc5f615028f1839", "dab394cde1e5511f04e7ec2916cc473950358aa3cf37e0f393d1f739526eafad", "a381580451ceb6fdc34f6efbb4597352d1b8b41abc8a78ecb90057f8d68384b4", "4f6e0e822cfb6ffa0cca7c80bd33a8184912e6621aa28459e06f70929d9d36d9", "cf239b6dae275f53efa5723c0d9763c0bc5ec4052b93de80a170f6463116ee1e", "8444fb5e16ca451dad9a315610b43a604ded969009404bf88110f9a840cbd96b", "31dc34001eb08664526ad2389b4b0cdf28214c595eba05bf0f84bf16fa6b119b", "4e38a707a26fda9ba556cc17b79cb01121a51e6692809c18afe36e491b39174d", "1e0b0bfbc83d700f9583f730244b02b26b12ba1db5c50edbe3489418acc837de", "5a21751f48b27dff8488521a6113a4e102164ad68f1d6ac43f90b8ad7a0ebc8d", "693969c204a6b9714af4128612abeb08e36fbfc03bbef71accd253b0895b45b5", "80654347845e9392f5039a94342f7b28c345c1ae6766939d7bda21360bf605bd", "258d29d87887f9e9303c0c23f466c6807c89f41ba19bc29d99d688971eb59c22", "4843ee4070f7d7a3c6e06e2e1ba26014c1d1b54ba1ca6eed552ddbb7ffa76d7b", "377df2eb0bffe8d47667a343f80f0dff71a47227369f8a63a5336736fca1718d", "11dd9314fe25aa3eb43b042abf8b81b9e50fcfd79528b81288e3f98961789db6", "341d486619e7e2f91de5be87f1bca56ab58c3edebcdc35a949ea306cc4f2c91b", "7f73061dda346d0528d01f811e508b5fc47076df69503576032053166340d2af", "588c4714537fe5243b82572b8b98d2cc83cb99a18d188eaf883791e5125786da", "3d3382e61f289dd249b6817a694dc2c5ddfcdce7dafad7d1f3074e04bfa9442d", "168ef2a56df0859de10120b164c6696d5affbf606fa9d6e79d78f6065d3edc03", "2f2f6a0ef0de62b9c305b24260b9208064130ea88d47a955f922a20f2be02ac0", "562f05f30ffb78866d0077785cfb36d11200f44dbf4abd68b4c43b016a136f8d", "04eb026fd69ee85a204deb1ab3d894fc95d543ff94667bc1f9baf05b77e1aa0c", "7e319635b05f872bcde07b37a87c45ac59a19cc403062b0a7a18125f6aa07d02", "793c06d0016e679f27a26643ff229dc942588838874fa4605961c74d10c34a49", "57631559806e8a977e616b9c00fbe3ff2a957d5c65bbd4bbd5fcd53a63489949"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-section-execute-writable", "hashes": ["202e5716d57ea7202f2231153c600fcf7f96017f82b70a11d6f15cb637a28779", "2e8e2e885a25bb09aa90943880e7d81b9addfc0013d76c205cc5f615028f1839", "dab394cde1e5511f04e7ec2916cc473950358aa3cf37e0f393d1f739526eafad", "a381580451ceb6fdc34f6efbb4597352d1b8b41abc8a78ecb90057f8d68384b4", "4f6e0e822cfb6ffa0cca7c80bd33a8184912e6621aa28459e06f70929d9d36d9", "cf239b6dae275f53efa5723c0d9763c0bc5ec4052b93de80a170f6463116ee1e", "8444fb5e16ca451dad9a315610b43a604ded969009404bf88110f9a840cbd96b", "31dc34001eb08664526ad2389b4b0cdf28214c595eba05bf0f84bf16fa6b119b", "4e38a707a26fda9ba556cc17b79cb01121a51e6692809c18afe36e491b39174d", "1e0b0bfbc83d700f9583f730244b02b26b12ba1db5c50edbe3489418acc837de", "5a21751f48b27dff8488521a6113a4e102164ad68f1d6ac43f90b8ad7a0ebc8d", "693969c204a6b9714af4128612abeb08e36fbfc03bbef71accd253b0895b45b5", "80654347845e9392f5039a94342f7b28c345c1ae6766939d7bda21360bf605bd", "258d29d87887f9e9303c0c23f466c6807c89f41ba19bc29d99d688971eb59c22", "4843ee4070f7d7a3c6e06e2e1ba26014c1d1b54ba1ca6eed552ddbb7ffa76d7b", "377df2eb0bffe8d47667a343f80f0dff71a47227369f8a63a5336736fca1718d", "11dd9314fe25aa3eb43b042abf8b81b9e50fcfd79528b81288e3f98961789db6", "341d486619e7e2f91de5be87f1bca56ab58c3edebcdc35a949ea306cc4f2c91b", "7f73061dda346d0528d01f811e508b5fc47076df69503576032053166340d2af", "588c4714537fe5243b82572b8b98d2cc83cb99a18d188eaf883791e5125786da", "3d3382e61f289dd249b6817a694dc2c5ddfcdce7dafad7d1f3074e04bfa9442d", "168ef2a56df0859de10120b164c6696d5affbf606fa9d6e79d78f6065d3edc03", "2f2f6a0ef0de62b9c305b24260b9208064130ea88d47a955f922a20f2be02ac0", "562f05f30ffb78866d0077785cfb36d11200f44dbf4abd68b4c43b016a136f8d", "04eb026fd69ee85a204deb1ab3d894fc95d543ff94667bc1f9baf05b77e1aa0c", "7e319635b05f872bcde07b37a87c45ac59a19cc403062b0a7a18125f6aa07d02", "793c06d0016e679f27a26643ff229dc942588838874fa4605961c74d10c34a49", "57631559806e8a977e616b9c00fbe3ff2a957d5c65bbd4bbd5fcd53a63489949"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-packed-upx", "hashes": ["202e5716d57ea7202f2231153c600fcf7f96017f82b70a11d6f15cb637a28779", "2e8e2e885a25bb09aa90943880e7d81b9addfc0013d76c205cc5f615028f1839", "dab394cde1e5511f04e7ec2916cc473950358aa3cf37e0f393d1f739526eafad", "a381580451ceb6fdc34f6efbb4597352d1b8b41abc8a78ecb90057f8d68384b4", "4f6e0e822cfb6ffa0cca7c80bd33a8184912e6621aa28459e06f70929d9d36d9", "cf239b6dae275f53efa5723c0d9763c0bc5ec4052b93de80a170f6463116ee1e", "8444fb5e16ca451dad9a315610b43a604ded969009404bf88110f9a840cbd96b", "31dc34001eb08664526ad2389b4b0cdf28214c595eba05bf0f84bf16fa6b119b", "4e38a707a26fda9ba556cc17b79cb01121a51e6692809c18afe36e491b39174d", "1e0b0bfbc83d700f9583f730244b02b26b12ba1db5c50edbe3489418acc837de", "5a21751f48b27dff8488521a6113a4e102164ad68f1d6ac43f90b8ad7a0ebc8d", "693969c204a6b9714af4128612abeb08e36fbfc03bbef71accd253b0895b45b5", "80654347845e9392f5039a94342f7b28c345c1ae6766939d7bda21360bf605bd", "258d29d87887f9e9303c0c23f466c6807c89f41ba19bc29d99d688971eb59c22", "4843ee4070f7d7a3c6e06e2e1ba26014c1d1b54ba1ca6eed552ddbb7ffa76d7b", "377df2eb0bffe8d47667a343f80f0dff71a47227369f8a63a5336736fca1718d", "11dd9314fe25aa3eb43b042abf8b81b9e50fcfd79528b81288e3f98961789db6", "341d486619e7e2f91de5be87f1bca56ab58c3edebcdc35a949ea306cc4f2c91b", "7f73061dda346d0528d01f811e508b5fc47076df69503576032053166340d2af", "588c4714537fe5243b82572b8b98d2cc83cb99a18d188eaf883791e5125786da", "3d3382e61f289dd249b6817a694dc2c5ddfcdce7dafad7d1f3074e04bfa9442d", "168ef2a56df0859de10120b164c6696d5affbf606fa9d6e79d78f6065d3edc03", "2f2f6a0ef0de62b9c305b24260b9208064130ea88d47a955f922a20f2be02ac0", "562f05f30ffb78866d0077785cfb36d11200f44dbf4abd68b4c43b016a136f8d", "04eb026fd69ee85a204deb1ab3d894fc95d543ff94667bc1f9baf05b77e1aa0c", "7e319635b05f872bcde07b37a87c45ac59a19cc403062b0a7a18125f6aa07d02", "793c06d0016e679f27a26643ff229dc942588838874fa4605961c74d10c34a49", "57631559806e8a977e616b9c00fbe3ff2a957d5c65bbd4bbd5fcd53a63489949"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "network-fast-flux-domain", "hashes": ["202e5716d57ea7202f2231153c600fcf7f96017f82b70a11d6f15cb637a28779", "2e8e2e885a25bb09aa90943880e7d81b9addfc0013d76c205cc5f615028f1839", "dab394cde1e5511f04e7ec2916cc473950358aa3cf37e0f393d1f739526eafad", "a381580451ceb6fdc34f6efbb4597352d1b8b41abc8a78ecb90057f8d68384b4", "4f6e0e822cfb6ffa0cca7c80bd33a8184912e6621aa28459e06f70929d9d36d9", "cf239b6dae275f53efa5723c0d9763c0bc5ec4052b93de80a170f6463116ee1e", "8444fb5e16ca451dad9a315610b43a604ded969009404bf88110f9a840cbd96b", "31dc34001eb08664526ad2389b4b0cdf28214c595eba05bf0f84bf16fa6b119b", "4e38a707a26fda9ba556cc17b79cb01121a51e6692809c18afe36e491b39174d", "1e0b0bfbc83d700f9583f730244b02b26b12ba1db5c50edbe3489418acc837de", "5a21751f48b27dff8488521a6113a4e102164ad68f1d6ac43f90b8ad7a0ebc8d", "693969c204a6b9714af4128612abeb08e36fbfc03bbef71accd253b0895b45b5", "80654347845e9392f5039a94342f7b28c345c1ae6766939d7bda21360bf605bd", "258d29d87887f9e9303c0c23f466c6807c89f41ba19bc29d99d688971eb59c22", "4843ee4070f7d7a3c6e06e2e1ba26014c1d1b54ba1ca6eed552ddbb7ffa76d7b", "377df2eb0bffe8d47667a343f80f0dff71a47227369f8a63a5336736fca1718d", "11dd9314fe25aa3eb43b042abf8b81b9e50fcfd79528b81288e3f98961789db6", "341d486619e7e2f91de5be87f1bca56ab58c3edebcdc35a949ea306cc4f2c91b", "7f73061dda346d0528d01f811e508b5fc47076df69503576032053166340d2af", "588c4714537fe5243b82572b8b98d2cc83cb99a18d188eaf883791e5125786da", "3d3382e61f289dd249b6817a694dc2c5ddfcdce7dafad7d1f3074e04bfa9442d", "168ef2a56df0859de10120b164c6696d5affbf606fa9d6e79d78f6065d3edc03", "2f2f6a0ef0de62b9c305b24260b9208064130ea88d47a955f922a20f2be02ac0", "562f05f30ffb78866d0077785cfb36d11200f44dbf4abd68b4c43b016a136f8d", "04eb026fd69ee85a204deb1ab3d894fc95d543ff94667bc1f9baf05b77e1aa0c", "7e319635b05f872bcde07b37a87c45ac59a19cc403062b0a7a18125f6aa07d02", "793c06d0016e679f27a26643ff229dc942588838874fa4605961c74d10c34a49", "57631559806e8a977e616b9c00fbe3ff2a957d5c65bbd4bbd5fcd53a63489949"], "mitre_attack_tags": []}, {"bi": "network-communications-http-get", "hashes": ["202e5716d57ea7202f2231153c600fcf7f96017f82b70a11d6f15cb637a28779", "2e8e2e885a25bb09aa90943880e7d81b9addfc0013d76c205cc5f615028f1839", "dab394cde1e5511f04e7ec2916cc473950358aa3cf37e0f393d1f739526eafad", "a381580451ceb6fdc34f6efbb4597352d1b8b41abc8a78ecb90057f8d68384b4", "4f6e0e822cfb6ffa0cca7c80bd33a8184912e6621aa28459e06f70929d9d36d9", "cf239b6dae275f53efa5723c0d9763c0bc5ec4052b93de80a170f6463116ee1e", "8444fb5e16ca451dad9a315610b43a604ded969009404bf88110f9a840cbd96b", "31dc34001eb08664526ad2389b4b0cdf28214c595eba05bf0f84bf16fa6b119b", "4e38a707a26fda9ba556cc17b79cb01121a51e6692809c18afe36e491b39174d", "1e0b0bfbc83d700f9583f730244b02b26b12ba1db5c50edbe3489418acc837de", "5a21751f48b27dff8488521a6113a4e102164ad68f1d6ac43f90b8ad7a0ebc8d", "693969c204a6b9714af4128612abeb08e36fbfc03bbef71accd253b0895b45b5", "80654347845e9392f5039a94342f7b28c345c1ae6766939d7bda21360bf605bd", "258d29d87887f9e9303c0c23f466c6807c89f41ba19bc29d99d688971eb59c22", "4843ee4070f7d7a3c6e06e2e1ba26014c1d1b54ba1ca6eed552ddbb7ffa76d7b", "377df2eb0bffe8d47667a343f80f0dff71a47227369f8a63a5336736fca1718d", "11dd9314fe25aa3eb43b042abf8b81b9e50fcfd79528b81288e3f98961789db6", "341d486619e7e2f91de5be87f1bca56ab58c3edebcdc35a949ea306cc4f2c91b", "7f73061dda346d0528d01f811e508b5fc47076df69503576032053166340d2af", "588c4714537fe5243b82572b8b98d2cc83cb99a18d188eaf883791e5125786da", "3d3382e61f289dd249b6817a694dc2c5ddfcdce7dafad7d1f3074e04bfa9442d", "168ef2a56df0859de10120b164c6696d5affbf606fa9d6e79d78f6065d3edc03", "2f2f6a0ef0de62b9c305b24260b9208064130ea88d47a955f922a20f2be02ac0", "562f05f30ffb78866d0077785cfb36d11200f44dbf4abd68b4c43b016a136f8d", "04eb026fd69ee85a204deb1ab3d894fc95d543ff94667bc1f9baf05b77e1aa0c", "7e319635b05f872bcde07b37a87c45ac59a19cc403062b0a7a18125f6aa07d02", "793c06d0016e679f27a26643ff229dc942588838874fa4605961c74d10c34a49", "57631559806e8a977e616b9c00fbe3ff2a957d5c65bbd4bbd5fcd53a63489949"], "mitre_attack_tags": ["TA0011", "T1105"]}, {"bi": "dns-query-nxdomain", "hashes": ["202e5716d57ea7202f2231153c600fcf7f96017f82b70a11d6f15cb637a28779", "2e8e2e885a25bb09aa90943880e7d81b9addfc0013d76c205cc5f615028f1839", "dab394cde1e5511f04e7ec2916cc473950358aa3cf37e0f393d1f739526eafad", "a381580451ceb6fdc34f6efbb4597352d1b8b41abc8a78ecb90057f8d68384b4", "4f6e0e822cfb6ffa0cca7c80bd33a8184912e6621aa28459e06f70929d9d36d9", "cf239b6dae275f53efa5723c0d9763c0bc5ec4052b93de80a170f6463116ee1e", "8444fb5e16ca451dad9a315610b43a604ded969009404bf88110f9a840cbd96b", "31dc34001eb08664526ad2389b4b0cdf28214c595eba05bf0f84bf16fa6b119b", "4e38a707a26fda9ba556cc17b79cb01121a51e6692809c18afe36e491b39174d", "1e0b0bfbc83d700f9583f730244b02b26b12ba1db5c50edbe3489418acc837de", "5a21751f48b27dff8488521a6113a4e102164ad68f1d6ac43f90b8ad7a0ebc8d", "693969c204a6b9714af4128612abeb08e36fbfc03bbef71accd253b0895b45b5", "80654347845e9392f5039a94342f7b28c345c1ae6766939d7bda21360bf605bd", "258d29d87887f9e9303c0c23f466c6807c89f41ba19bc29d99d688971eb59c22", "4843ee4070f7d7a3c6e06e2e1ba26014c1d1b54ba1ca6eed552ddbb7ffa76d7b", "377df2eb0bffe8d47667a343f80f0dff71a47227369f8a63a5336736fca1718d", "11dd9314fe25aa3eb43b042abf8b81b9e50fcfd79528b81288e3f98961789db6", "341d486619e7e2f91de5be87f1bca56ab58c3edebcdc35a949ea306cc4f2c91b", "7f73061dda346d0528d01f811e508b5fc47076df69503576032053166340d2af", "588c4714537fe5243b82572b8b98d2cc83cb99a18d188eaf883791e5125786da", "3d3382e61f289dd249b6817a694dc2c5ddfcdce7dafad7d1f3074e04bfa9442d", "168ef2a56df0859de10120b164c6696d5affbf606fa9d6e79d78f6065d3edc03", "2f2f6a0ef0de62b9c305b24260b9208064130ea88d47a955f922a20f2be02ac0", "562f05f30ffb78866d0077785cfb36d11200f44dbf4abd68b4c43b016a136f8d", "04eb026fd69ee85a204deb1ab3d894fc95d543ff94667bc1f9baf05b77e1aa0c", "7e319635b05f872bcde07b37a87c45ac59a19cc403062b0a7a18125f6aa07d02", "793c06d0016e679f27a26643ff229dc942588838874fa4605961c74d10c34a49", "57631559806e8a977e616b9c00fbe3ff2a957d5c65bbd4bbd5fcd53a63489949"], "mitre_attack_tags": []}, {"bi": "netbios-query", "hashes": ["202e5716d57ea7202f2231153c600fcf7f96017f82b70a11d6f15cb637a28779", "2e8e2e885a25bb09aa90943880e7d81b9addfc0013d76c205cc5f615028f1839", "dab394cde1e5511f04e7ec2916cc473950358aa3cf37e0f393d1f739526eafad", "a381580451ceb6fdc34f6efbb4597352d1b8b41abc8a78ecb90057f8d68384b4", "4f6e0e822cfb6ffa0cca7c80bd33a8184912e6621aa28459e06f70929d9d36d9", "cf239b6dae275f53efa5723c0d9763c0bc5ec4052b93de80a170f6463116ee1e", "8444fb5e16ca451dad9a315610b43a604ded969009404bf88110f9a840cbd96b", "31dc34001eb08664526ad2389b4b0cdf28214c595eba05bf0f84bf16fa6b119b", "4e38a707a26fda9ba556cc17b79cb01121a51e6692809c18afe36e491b39174d", "1e0b0bfbc83d700f9583f730244b02b26b12ba1db5c50edbe3489418acc837de", "5a21751f48b27dff8488521a6113a4e102164ad68f1d6ac43f90b8ad7a0ebc8d", "693969c204a6b9714af4128612abeb08e36fbfc03bbef71accd253b0895b45b5", "80654347845e9392f5039a94342f7b28c345c1ae6766939d7bda21360bf605bd", "258d29d87887f9e9303c0c23f466c6807c89f41ba19bc29d99d688971eb59c22", "4843ee4070f7d7a3c6e06e2e1ba26014c1d1b54ba1ca6eed552ddbb7ffa76d7b", "377df2eb0bffe8d47667a343f80f0dff71a47227369f8a63a5336736fca1718d", "11dd9314fe25aa3eb43b042abf8b81b9e50fcfd79528b81288e3f98961789db6", "341d486619e7e2f91de5be87f1bca56ab58c3edebcdc35a949ea306cc4f2c91b", "7f73061dda346d0528d01f811e508b5fc47076df69503576032053166340d2af", "588c4714537fe5243b82572b8b98d2cc83cb99a18d188eaf883791e5125786da", "3d3382e61f289dd249b6817a694dc2c5ddfcdce7dafad7d1f3074e04bfa9442d", "168ef2a56df0859de10120b164c6696d5affbf606fa9d6e79d78f6065d3edc03", "2f2f6a0ef0de62b9c305b24260b9208064130ea88d47a955f922a20f2be02ac0", "562f05f30ffb78866d0077785cfb36d11200f44dbf4abd68b4c43b016a136f8d", "04eb026fd69ee85a204deb1ab3d894fc95d543ff94667bc1f9baf05b77e1aa0c", "7e319635b05f872bcde07b37a87c45ac59a19cc403062b0a7a18125f6aa07d02", "793c06d0016e679f27a26643ff229dc942588838874fa4605961c74d10c34a49", "57631559806e8a977e616b9c00fbe3ff2a957d5c65bbd4bbd5fcd53a63489949"], "mitre_attack_tags": ["TA0007", "T1016"]}, {"bi": "network-only-safe-domains-contacted", "hashes": ["202e5716d57ea7202f2231153c600fcf7f96017f82b70a11d6f15cb637a28779", "2e8e2e885a25bb09aa90943880e7d81b9addfc0013d76c205cc5f615028f1839", "dab394cde1e5511f04e7ec2916cc473950358aa3cf37e0f393d1f739526eafad", "a381580451ceb6fdc34f6efbb4597352d1b8b41abc8a78ecb90057f8d68384b4", "4f6e0e822cfb6ffa0cca7c80bd33a8184912e6621aa28459e06f70929d9d36d9", "cf239b6dae275f53efa5723c0d9763c0bc5ec4052b93de80a170f6463116ee1e", "8444fb5e16ca451dad9a315610b43a604ded969009404bf88110f9a840cbd96b", "31dc34001eb08664526ad2389b4b0cdf28214c595eba05bf0f84bf16fa6b119b", "4e38a707a26fda9ba556cc17b79cb01121a51e6692809c18afe36e491b39174d", "1e0b0bfbc83d700f9583f730244b02b26b12ba1db5c50edbe3489418acc837de", "5a21751f48b27dff8488521a6113a4e102164ad68f1d6ac43f90b8ad7a0ebc8d", "693969c204a6b9714af4128612abeb08e36fbfc03bbef71accd253b0895b45b5", "80654347845e9392f5039a94342f7b28c345c1ae6766939d7bda21360bf605bd", "258d29d87887f9e9303c0c23f466c6807c89f41ba19bc29d99d688971eb59c22", "4843ee4070f7d7a3c6e06e2e1ba26014c1d1b54ba1ca6eed552ddbb7ffa76d7b", "377df2eb0bffe8d47667a343f80f0dff71a47227369f8a63a5336736fca1718d", "11dd9314fe25aa3eb43b042abf8b81b9e50fcfd79528b81288e3f98961789db6", "341d486619e7e2f91de5be87f1bca56ab58c3edebcdc35a949ea306cc4f2c91b", "7f73061dda346d0528d01f811e508b5fc47076df69503576032053166340d2af", "588c4714537fe5243b82572b8b98d2cc83cb99a18d188eaf883791e5125786da", "3d3382e61f289dd249b6817a694dc2c5ddfcdce7dafad7d1f3074e04bfa9442d", "168ef2a56df0859de10120b164c6696d5affbf606fa9d6e79d78f6065d3edc03", "2f2f6a0ef0de62b9c305b24260b9208064130ea88d47a955f922a20f2be02ac0", "562f05f30ffb78866d0077785cfb36d11200f44dbf4abd68b4c43b016a136f8d", "04eb026fd69ee85a204deb1ab3d894fc95d543ff94667bc1f9baf05b77e1aa0c", "7e319635b05f872bcde07b37a87c45ac59a19cc403062b0a7a18125f6aa07d02", "793c06d0016e679f27a26643ff229dc942588838874fa4605961c74d10c34a49", "57631559806e8a977e616b9c00fbe3ff2a957d5c65bbd4bbd5fcd53a63489949"], "mitre_attack_tags": []}, {"bi": "feed-domain-antivirus-service", "hashes": ["202e5716d57ea7202f2231153c600fcf7f96017f82b70a11d6f15cb637a28779", "2e8e2e885a25bb09aa90943880e7d81b9addfc0013d76c205cc5f615028f1839", "dab394cde1e5511f04e7ec2916cc473950358aa3cf37e0f393d1f739526eafad", "a381580451ceb6fdc34f6efbb4597352d1b8b41abc8a78ecb90057f8d68384b4", "4f6e0e822cfb6ffa0cca7c80bd33a8184912e6621aa28459e06f70929d9d36d9", "cf239b6dae275f53efa5723c0d9763c0bc5ec4052b93de80a170f6463116ee1e", "8444fb5e16ca451dad9a315610b43a604ded969009404bf88110f9a840cbd96b", "31dc34001eb08664526ad2389b4b0cdf28214c595eba05bf0f84bf16fa6b119b", "4e38a707a26fda9ba556cc17b79cb01121a51e6692809c18afe36e491b39174d", "1e0b0bfbc83d700f9583f730244b02b26b12ba1db5c50edbe3489418acc837de", "5a21751f48b27dff8488521a6113a4e102164ad68f1d6ac43f90b8ad7a0ebc8d", "693969c204a6b9714af4128612abeb08e36fbfc03bbef71accd253b0895b45b5", "80654347845e9392f5039a94342f7b28c345c1ae6766939d7bda21360bf605bd", "258d29d87887f9e9303c0c23f466c6807c89f41ba19bc29d99d688971eb59c22", "4843ee4070f7d7a3c6e06e2e1ba26014c1d1b54ba1ca6eed552ddbb7ffa76d7b", "377df2eb0bffe8d47667a343f80f0dff71a47227369f8a63a5336736fca1718d", "11dd9314fe25aa3eb43b042abf8b81b9e50fcfd79528b81288e3f98961789db6", "341d486619e7e2f91de5be87f1bca56ab58c3edebcdc35a949ea306cc4f2c91b", "7f73061dda346d0528d01f811e508b5fc47076df69503576032053166340d2af", "588c4714537fe5243b82572b8b98d2cc83cb99a18d188eaf883791e5125786da", "3d3382e61f289dd249b6817a694dc2c5ddfcdce7dafad7d1f3074e04bfa9442d", "168ef2a56df0859de10120b164c6696d5affbf606fa9d6e79d78f6065d3edc03", "2f2f6a0ef0de62b9c305b24260b9208064130ea88d47a955f922a20f2be02ac0", "562f05f30ffb78866d0077785cfb36d11200f44dbf4abd68b4c43b016a136f8d", "04eb026fd69ee85a204deb1ab3d894fc95d543ff94667bc1f9baf05b77e1aa0c", "7e319635b05f872bcde07b37a87c45ac59a19cc403062b0a7a18125f6aa07d02", "793c06d0016e679f27a26643ff229dc942588838874fa4605961c74d10c34a49", "57631559806e8a977e616b9c00fbe3ff2a957d5c65bbd4bbd5fcd53a63489949"], "mitre_attack_tags": []}, {"bi": "http-response-client-error", "hashes": ["202e5716d57ea7202f2231153c600fcf7f96017f82b70a11d6f15cb637a28779", "2e8e2e885a25bb09aa90943880e7d81b9addfc0013d76c205cc5f615028f1839", "dab394cde1e5511f04e7ec2916cc473950358aa3cf37e0f393d1f739526eafad", "a381580451ceb6fdc34f6efbb4597352d1b8b41abc8a78ecb90057f8d68384b4", "4f6e0e822cfb6ffa0cca7c80bd33a8184912e6621aa28459e06f70929d9d36d9", "cf239b6dae275f53efa5723c0d9763c0bc5ec4052b93de80a170f6463116ee1e", "8444fb5e16ca451dad9a315610b43a604ded969009404bf88110f9a840cbd96b", "31dc34001eb08664526ad2389b4b0cdf28214c595eba05bf0f84bf16fa6b119b", "4e38a707a26fda9ba556cc17b79cb01121a51e6692809c18afe36e491b39174d", "1e0b0bfbc83d700f9583f730244b02b26b12ba1db5c50edbe3489418acc837de", "5a21751f48b27dff8488521a6113a4e102164ad68f1d6ac43f90b8ad7a0ebc8d", "693969c204a6b9714af4128612abeb08e36fbfc03bbef71accd253b0895b45b5", "80654347845e9392f5039a94342f7b28c345c1ae6766939d7bda21360bf605bd", "258d29d87887f9e9303c0c23f466c6807c89f41ba19bc29d99d688971eb59c22", "4843ee4070f7d7a3c6e06e2e1ba26014c1d1b54ba1ca6eed552ddbb7ffa76d7b", "377df2eb0bffe8d47667a343f80f0dff71a47227369f8a63a5336736fca1718d", "11dd9314fe25aa3eb43b042abf8b81b9e50fcfd79528b81288e3f98961789db6", "341d486619e7e2f91de5be87f1bca56ab58c3edebcdc35a949ea306cc4f2c91b", "7f73061dda346d0528d01f811e508b5fc47076df69503576032053166340d2af", "588c4714537fe5243b82572b8b98d2cc83cb99a18d188eaf883791e5125786da", "3d3382e61f289dd249b6817a694dc2c5ddfcdce7dafad7d1f3074e04bfa9442d", "168ef2a56df0859de10120b164c6696d5affbf606fa9d6e79d78f6065d3edc03", "2f2f6a0ef0de62b9c305b24260b9208064130ea88d47a955f922a20f2be02ac0", "562f05f30ffb78866d0077785cfb36d11200f44dbf4abd68b4c43b016a136f8d", "04eb026fd69ee85a204deb1ab3d894fc95d543ff94667bc1f9baf05b77e1aa0c", "7e319635b05f872bcde07b37a87c45ac59a19cc403062b0a7a18125f6aa07d02", "793c06d0016e679f27a26643ff229dc942588838874fa4605961c74d10c34a49", "57631559806e8a977e616b9c00fbe3ff2a957d5c65bbd4bbd5fcd53a63489949"], "mitre_attack_tags": []}, {"bi": "excessive-foreign-memory-modification", "hashes": ["202e5716d57ea7202f2231153c600fcf7f96017f82b70a11d6f15cb637a28779", "2e8e2e885a25bb09aa90943880e7d81b9addfc0013d76c205cc5f615028f1839", "dab394cde1e5511f04e7ec2916cc473950358aa3cf37e0f393d1f739526eafad", "a381580451ceb6fdc34f6efbb4597352d1b8b41abc8a78ecb90057f8d68384b4", "4f6e0e822cfb6ffa0cca7c80bd33a8184912e6621aa28459e06f70929d9d36d9", "cf239b6dae275f53efa5723c0d9763c0bc5ec4052b93de80a170f6463116ee1e", "8444fb5e16ca451dad9a315610b43a604ded969009404bf88110f9a840cbd96b", "31dc34001eb08664526ad2389b4b0cdf28214c595eba05bf0f84bf16fa6b119b", "4e38a707a26fda9ba556cc17b79cb01121a51e6692809c18afe36e491b39174d", "1e0b0bfbc83d700f9583f730244b02b26b12ba1db5c50edbe3489418acc837de", "5a21751f48b27dff8488521a6113a4e102164ad68f1d6ac43f90b8ad7a0ebc8d", "693969c204a6b9714af4128612abeb08e36fbfc03bbef71accd253b0895b45b5", "80654347845e9392f5039a94342f7b28c345c1ae6766939d7bda21360bf605bd", "258d29d87887f9e9303c0c23f466c6807c89f41ba19bc29d99d688971eb59c22", "4843ee4070f7d7a3c6e06e2e1ba26014c1d1b54ba1ca6eed552ddbb7ffa76d7b", "377df2eb0bffe8d47667a343f80f0dff71a47227369f8a63a5336736fca1718d", "11dd9314fe25aa3eb43b042abf8b81b9e50fcfd79528b81288e3f98961789db6", "341d486619e7e2f91de5be87f1bca56ab58c3edebcdc35a949ea306cc4f2c91b", "7f73061dda346d0528d01f811e508b5fc47076df69503576032053166340d2af", "588c4714537fe5243b82572b8b98d2cc83cb99a18d188eaf883791e5125786da", "3d3382e61f289dd249b6817a694dc2c5ddfcdce7dafad7d1f3074e04bfa9442d", "168ef2a56df0859de10120b164c6696d5affbf606fa9d6e79d78f6065d3edc03", "2f2f6a0ef0de62b9c305b24260b9208064130ea88d47a955f922a20f2be02ac0", "562f05f30ffb78866d0077785cfb36d11200f44dbf4abd68b4c43b016a136f8d", "04eb026fd69ee85a204deb1ab3d894fc95d543ff94667bc1f9baf05b77e1aa0c", "7e319635b05f872bcde07b37a87c45ac59a19cc403062b0a7a18125f6aa07d02", "793c06d0016e679f27a26643ff229dc942588838874fa4605961c74d10c34a49", "57631559806e8a977e616b9c00fbe3ff2a957d5c65bbd4bbd5fcd53a63489949"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "sample-launched-copy-of-self", "hashes": ["202e5716d57ea7202f2231153c600fcf7f96017f82b70a11d6f15cb637a28779", "2e8e2e885a25bb09aa90943880e7d81b9addfc0013d76c205cc5f615028f1839", "dab394cde1e5511f04e7ec2916cc473950358aa3cf37e0f393d1f739526eafad", "a381580451ceb6fdc34f6efbb4597352d1b8b41abc8a78ecb90057f8d68384b4", "4f6e0e822cfb6ffa0cca7c80bd33a8184912e6621aa28459e06f70929d9d36d9", "cf239b6dae275f53efa5723c0d9763c0bc5ec4052b93de80a170f6463116ee1e", "8444fb5e16ca451dad9a315610b43a604ded969009404bf88110f9a840cbd96b", "31dc34001eb08664526ad2389b4b0cdf28214c595eba05bf0f84bf16fa6b119b", "4e38a707a26fda9ba556cc17b79cb01121a51e6692809c18afe36e491b39174d", "1e0b0bfbc83d700f9583f730244b02b26b12ba1db5c50edbe3489418acc837de", "5a21751f48b27dff8488521a6113a4e102164ad68f1d6ac43f90b8ad7a0ebc8d", "693969c204a6b9714af4128612abeb08e36fbfc03bbef71accd253b0895b45b5", "80654347845e9392f5039a94342f7b28c345c1ae6766939d7bda21360bf605bd", "258d29d87887f9e9303c0c23f466c6807c89f41ba19bc29d99d688971eb59c22", "4843ee4070f7d7a3c6e06e2e1ba26014c1d1b54ba1ca6eed552ddbb7ffa76d7b", "377df2eb0bffe8d47667a343f80f0dff71a47227369f8a63a5336736fca1718d", "11dd9314fe25aa3eb43b042abf8b81b9e50fcfd79528b81288e3f98961789db6", "341d486619e7e2f91de5be87f1bca56ab58c3edebcdc35a949ea306cc4f2c91b", "7f73061dda346d0528d01f811e508b5fc47076df69503576032053166340d2af", "588c4714537fe5243b82572b8b98d2cc83cb99a18d188eaf883791e5125786da", "3d3382e61f289dd249b6817a694dc2c5ddfcdce7dafad7d1f3074e04bfa9442d", "168ef2a56df0859de10120b164c6696d5affbf606fa9d6e79d78f6065d3edc03", "2f2f6a0ef0de62b9c305b24260b9208064130ea88d47a955f922a20f2be02ac0", "562f05f30ffb78866d0077785cfb36d11200f44dbf4abd68b4c43b016a136f8d", "04eb026fd69ee85a204deb1ab3d894fc95d543ff94667bc1f9baf05b77e1aa0c", "7e319635b05f872bcde07b37a87c45ac59a19cc403062b0a7a18125f6aa07d02", "793c06d0016e679f27a26643ff229dc942588838874fa4605961c74d10c34a49", "57631559806e8a977e616b9c00fbe3ff2a957d5c65bbd4bbd5fcd53a63489949"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "excessive-udp-connections", "hashes": ["202e5716d57ea7202f2231153c600fcf7f96017f82b70a11d6f15cb637a28779", "2e8e2e885a25bb09aa90943880e7d81b9addfc0013d76c205cc5f615028f1839", "dab394cde1e5511f04e7ec2916cc473950358aa3cf37e0f393d1f739526eafad", "a381580451ceb6fdc34f6efbb4597352d1b8b41abc8a78ecb90057f8d68384b4", "4f6e0e822cfb6ffa0cca7c80bd33a8184912e6621aa28459e06f70929d9d36d9", "cf239b6dae275f53efa5723c0d9763c0bc5ec4052b93de80a170f6463116ee1e", "8444fb5e16ca451dad9a315610b43a604ded969009404bf88110f9a840cbd96b", "31dc34001eb08664526ad2389b4b0cdf28214c595eba05bf0f84bf16fa6b119b", "4e38a707a26fda9ba556cc17b79cb01121a51e6692809c18afe36e491b39174d", "1e0b0bfbc83d700f9583f730244b02b26b12ba1db5c50edbe3489418acc837de", "5a21751f48b27dff8488521a6113a4e102164ad68f1d6ac43f90b8ad7a0ebc8d", "693969c204a6b9714af4128612abeb08e36fbfc03bbef71accd253b0895b45b5", "80654347845e9392f5039a94342f7b28c345c1ae6766939d7bda21360bf605bd", "258d29d87887f9e9303c0c23f466c6807c89f41ba19bc29d99d688971eb59c22", "4843ee4070f7d7a3c6e06e2e1ba26014c1d1b54ba1ca6eed552ddbb7ffa76d7b", "377df2eb0bffe8d47667a343f80f0dff71a47227369f8a63a5336736fca1718d", "11dd9314fe25aa3eb43b042abf8b81b9e50fcfd79528b81288e3f98961789db6", "341d486619e7e2f91de5be87f1bca56ab58c3edebcdc35a949ea306cc4f2c91b", "7f73061dda346d0528d01f811e508b5fc47076df69503576032053166340d2af", "588c4714537fe5243b82572b8b98d2cc83cb99a18d188eaf883791e5125786da", "3d3382e61f289dd249b6817a694dc2c5ddfcdce7dafad7d1f3074e04bfa9442d", "168ef2a56df0859de10120b164c6696d5affbf606fa9d6e79d78f6065d3edc03", "2f2f6a0ef0de62b9c305b24260b9208064130ea88d47a955f922a20f2be02ac0", "562f05f30ffb78866d0077785cfb36d11200f44dbf4abd68b4c43b016a136f8d", "04eb026fd69ee85a204deb1ab3d894fc95d543ff94667bc1f9baf05b77e1aa0c", "7e319635b05f872bcde07b37a87c45ac59a19cc403062b0a7a18125f6aa07d02", "793c06d0016e679f27a26643ff229dc942588838874fa4605961c74d10c34a49", "57631559806e8a977e616b9c00fbe3ff2a957d5c65bbd4bbd5fcd53a63489949"], "mitre_attack_tags": ["TA0011", "T1095", "T1008"]}, {"bi": "randomly-named-files", "hashes": ["202e5716d57ea7202f2231153c600fcf7f96017f82b70a11d6f15cb637a28779", "2e8e2e885a25bb09aa90943880e7d81b9addfc0013d76c205cc5f615028f1839", "dab394cde1e5511f04e7ec2916cc473950358aa3cf37e0f393d1f739526eafad", "a381580451ceb6fdc34f6efbb4597352d1b8b41abc8a78ecb90057f8d68384b4", "4f6e0e822cfb6ffa0cca7c80bd33a8184912e6621aa28459e06f70929d9d36d9", "cf239b6dae275f53efa5723c0d9763c0bc5ec4052b93de80a170f6463116ee1e", "8444fb5e16ca451dad9a315610b43a604ded969009404bf88110f9a840cbd96b", "31dc34001eb08664526ad2389b4b0cdf28214c595eba05bf0f84bf16fa6b119b", "4e38a707a26fda9ba556cc17b79cb01121a51e6692809c18afe36e491b39174d", "1e0b0bfbc83d700f9583f730244b02b26b12ba1db5c50edbe3489418acc837de", "5a21751f48b27dff8488521a6113a4e102164ad68f1d6ac43f90b8ad7a0ebc8d", "693969c204a6b9714af4128612abeb08e36fbfc03bbef71accd253b0895b45b5", "80654347845e9392f5039a94342f7b28c345c1ae6766939d7bda21360bf605bd", "258d29d87887f9e9303c0c23f466c6807c89f41ba19bc29d99d688971eb59c22", "4843ee4070f7d7a3c6e06e2e1ba26014c1d1b54ba1ca6eed552ddbb7ffa76d7b", "377df2eb0bffe8d47667a343f80f0dff71a47227369f8a63a5336736fca1718d", "11dd9314fe25aa3eb43b042abf8b81b9e50fcfd79528b81288e3f98961789db6", "341d486619e7e2f91de5be87f1bca56ab58c3edebcdc35a949ea306cc4f2c91b", "7f73061dda346d0528d01f811e508b5fc47076df69503576032053166340d2af", "588c4714537fe5243b82572b8b98d2cc83cb99a18d188eaf883791e5125786da", "3d3382e61f289dd249b6817a694dc2c5ddfcdce7dafad7d1f3074e04bfa9442d", "168ef2a56df0859de10120b164c6696d5affbf606fa9d6e79d78f6065d3edc03", "2f2f6a0ef0de62b9c305b24260b9208064130ea88d47a955f922a20f2be02ac0", "562f05f30ffb78866d0077785cfb36d11200f44dbf4abd68b4c43b016a136f8d", "04eb026fd69ee85a204deb1ab3d894fc95d543ff94667bc1f9baf05b77e1aa0c", "7e319635b05f872bcde07b37a87c45ac59a19cc403062b0a7a18125f6aa07d02", "793c06d0016e679f27a26643ff229dc942588838874fa4605961c74d10c34a49", "57631559806e8a977e616b9c00fbe3ff2a957d5c65bbd4bbd5fcd53a63489949"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "document-decoy-dropped", "hashes": ["202e5716d57ea7202f2231153c600fcf7f96017f82b70a11d6f15cb637a28779", "2e8e2e885a25bb09aa90943880e7d81b9addfc0013d76c205cc5f615028f1839", "dab394cde1e5511f04e7ec2916cc473950358aa3cf37e0f393d1f739526eafad", "a381580451ceb6fdc34f6efbb4597352d1b8b41abc8a78ecb90057f8d68384b4", "4f6e0e822cfb6ffa0cca7c80bd33a8184912e6621aa28459e06f70929d9d36d9", "cf239b6dae275f53efa5723c0d9763c0bc5ec4052b93de80a170f6463116ee1e", "8444fb5e16ca451dad9a315610b43a604ded969009404bf88110f9a840cbd96b", "31dc34001eb08664526ad2389b4b0cdf28214c595eba05bf0f84bf16fa6b119b", "4e38a707a26fda9ba556cc17b79cb01121a51e6692809c18afe36e491b39174d", "1e0b0bfbc83d700f9583f730244b02b26b12ba1db5c50edbe3489418acc837de", "5a21751f48b27dff8488521a6113a4e102164ad68f1d6ac43f90b8ad7a0ebc8d", "693969c204a6b9714af4128612abeb08e36fbfc03bbef71accd253b0895b45b5", "80654347845e9392f5039a94342f7b28c345c1ae6766939d7bda21360bf605bd", "258d29d87887f9e9303c0c23f466c6807c89f41ba19bc29d99d688971eb59c22", "4843ee4070f7d7a3c6e06e2e1ba26014c1d1b54ba1ca6eed552ddbb7ffa76d7b", "377df2eb0bffe8d47667a343f80f0dff71a47227369f8a63a5336736fca1718d", "11dd9314fe25aa3eb43b042abf8b81b9e50fcfd79528b81288e3f98961789db6", "341d486619e7e2f91de5be87f1bca56ab58c3edebcdc35a949ea306cc4f2c91b", "7f73061dda346d0528d01f811e508b5fc47076df69503576032053166340d2af", "588c4714537fe5243b82572b8b98d2cc83cb99a18d188eaf883791e5125786da", "3d3382e61f289dd249b6817a694dc2c5ddfcdce7dafad7d1f3074e04bfa9442d", "168ef2a56df0859de10120b164c6696d5affbf606fa9d6e79d78f6065d3edc03", "2f2f6a0ef0de62b9c305b24260b9208064130ea88d47a955f922a20f2be02ac0", "562f05f30ffb78866d0077785cfb36d11200f44dbf4abd68b4c43b016a136f8d", "04eb026fd69ee85a204deb1ab3d894fc95d543ff94667bc1f9baf05b77e1aa0c", "7e319635b05f872bcde07b37a87c45ac59a19cc403062b0a7a18125f6aa07d02", "793c06d0016e679f27a26643ff229dc942588838874fa4605961c74d10c34a49", "57631559806e8a977e616b9c00fbe3ff2a957d5c65bbd4bbd5fcd53a63489949"], "mitre_attack_tags": []}, {"bi": "malware-ransomware-cerber", "hashes": ["202e5716d57ea7202f2231153c600fcf7f96017f82b70a11d6f15cb637a28779", "2e8e2e885a25bb09aa90943880e7d81b9addfc0013d76c205cc5f615028f1839", "dab394cde1e5511f04e7ec2916cc473950358aa3cf37e0f393d1f739526eafad", "a381580451ceb6fdc34f6efbb4597352d1b8b41abc8a78ecb90057f8d68384b4", "4f6e0e822cfb6ffa0cca7c80bd33a8184912e6621aa28459e06f70929d9d36d9", "cf239b6dae275f53efa5723c0d9763c0bc5ec4052b93de80a170f6463116ee1e", "8444fb5e16ca451dad9a315610b43a604ded969009404bf88110f9a840cbd96b", "31dc34001eb08664526ad2389b4b0cdf28214c595eba05bf0f84bf16fa6b119b", "4e38a707a26fda9ba556cc17b79cb01121a51e6692809c18afe36e491b39174d", "1e0b0bfbc83d700f9583f730244b02b26b12ba1db5c50edbe3489418acc837de", "5a21751f48b27dff8488521a6113a4e102164ad68f1d6ac43f90b8ad7a0ebc8d", "693969c204a6b9714af4128612abeb08e36fbfc03bbef71accd253b0895b45b5", "80654347845e9392f5039a94342f7b28c345c1ae6766939d7bda21360bf605bd", "258d29d87887f9e9303c0c23f466c6807c89f41ba19bc29d99d688971eb59c22", "4843ee4070f7d7a3c6e06e2e1ba26014c1d1b54ba1ca6eed552ddbb7ffa76d7b", "377df2eb0bffe8d47667a343f80f0dff71a47227369f8a63a5336736fca1718d", "11dd9314fe25aa3eb43b042abf8b81b9e50fcfd79528b81288e3f98961789db6", "341d486619e7e2f91de5be87f1bca56ab58c3edebcdc35a949ea306cc4f2c91b", "7f73061dda346d0528d01f811e508b5fc47076df69503576032053166340d2af", "588c4714537fe5243b82572b8b98d2cc83cb99a18d188eaf883791e5125786da", "3d3382e61f289dd249b6817a694dc2c5ddfcdce7dafad7d1f3074e04bfa9442d", "168ef2a56df0859de10120b164c6696d5affbf606fa9d6e79d78f6065d3edc03", "2f2f6a0ef0de62b9c305b24260b9208064130ea88d47a955f922a20f2be02ac0", "562f05f30ffb78866d0077785cfb36d11200f44dbf4abd68b4c43b016a136f8d", "04eb026fd69ee85a204deb1ab3d894fc95d543ff94667bc1f9baf05b77e1aa0c", "7e319635b05f872bcde07b37a87c45ac59a19cc403062b0a7a18125f6aa07d02", "793c06d0016e679f27a26643ff229dc942588838874fa4605961c74d10c34a49", "57631559806e8a977e616b9c00fbe3ff2a957d5c65bbd4bbd5fcd53a63489949"], "mitre_attack_tags": ["TA0040", "T1486"]}, {"bi": "feed-domain-ransomware", "hashes": ["202e5716d57ea7202f2231153c600fcf7f96017f82b70a11d6f15cb637a28779", "2e8e2e885a25bb09aa90943880e7d81b9addfc0013d76c205cc5f615028f1839", "dab394cde1e5511f04e7ec2916cc473950358aa3cf37e0f393d1f739526eafad", "a381580451ceb6fdc34f6efbb4597352d1b8b41abc8a78ecb90057f8d68384b4", "4f6e0e822cfb6ffa0cca7c80bd33a8184912e6621aa28459e06f70929d9d36d9", "cf239b6dae275f53efa5723c0d9763c0bc5ec4052b93de80a170f6463116ee1e", "8444fb5e16ca451dad9a315610b43a604ded969009404bf88110f9a840cbd96b", "31dc34001eb08664526ad2389b4b0cdf28214c595eba05bf0f84bf16fa6b119b", "4e38a707a26fda9ba556cc17b79cb01121a51e6692809c18afe36e491b39174d", "1e0b0bfbc83d700f9583f730244b02b26b12ba1db5c50edbe3489418acc837de", "5a21751f48b27dff8488521a6113a4e102164ad68f1d6ac43f90b8ad7a0ebc8d", "693969c204a6b9714af4128612abeb08e36fbfc03bbef71accd253b0895b45b5", "80654347845e9392f5039a94342f7b28c345c1ae6766939d7bda21360bf605bd", "258d29d87887f9e9303c0c23f466c6807c89f41ba19bc29d99d688971eb59c22", "4843ee4070f7d7a3c6e06e2e1ba26014c1d1b54ba1ca6eed552ddbb7ffa76d7b", "377df2eb0bffe8d47667a343f80f0dff71a47227369f8a63a5336736fca1718d", "11dd9314fe25aa3eb43b042abf8b81b9e50fcfd79528b81288e3f98961789db6", "341d486619e7e2f91de5be87f1bca56ab58c3edebcdc35a949ea306cc4f2c91b", "7f73061dda346d0528d01f811e508b5fc47076df69503576032053166340d2af", "588c4714537fe5243b82572b8b98d2cc83cb99a18d188eaf883791e5125786da", "3d3382e61f289dd249b6817a694dc2c5ddfcdce7dafad7d1f3074e04bfa9442d", "168ef2a56df0859de10120b164c6696d5affbf606fa9d6e79d78f6065d3edc03", "2f2f6a0ef0de62b9c305b24260b9208064130ea88d47a955f922a20f2be02ac0", "562f05f30ffb78866d0077785cfb36d11200f44dbf4abd68b4c43b016a136f8d", "04eb026fd69ee85a204deb1ab3d894fc95d543ff94667bc1f9baf05b77e1aa0c", "7e319635b05f872bcde07b37a87c45ac59a19cc403062b0a7a18125f6aa07d02", "793c06d0016e679f27a26643ff229dc942588838874fa4605961c74d10c34a49", "57631559806e8a977e616b9c00fbe3ff2a957d5c65bbd4bbd5fcd53a63489949"], "mitre_attack_tags": []}, {"bi": "decoy-wpfv", "hashes": ["202e5716d57ea7202f2231153c600fcf7f96017f82b70a11d6f15cb637a28779", "2e8e2e885a25bb09aa90943880e7d81b9addfc0013d76c205cc5f615028f1839", "dab394cde1e5511f04e7ec2916cc473950358aa3cf37e0f393d1f739526eafad", "a381580451ceb6fdc34f6efbb4597352d1b8b41abc8a78ecb90057f8d68384b4", "4f6e0e822cfb6ffa0cca7c80bd33a8184912e6621aa28459e06f70929d9d36d9", "cf239b6dae275f53efa5723c0d9763c0bc5ec4052b93de80a170f6463116ee1e", "8444fb5e16ca451dad9a315610b43a604ded969009404bf88110f9a840cbd96b", "31dc34001eb08664526ad2389b4b0cdf28214c595eba05bf0f84bf16fa6b119b", "4e38a707a26fda9ba556cc17b79cb01121a51e6692809c18afe36e491b39174d", "1e0b0bfbc83d700f9583f730244b02b26b12ba1db5c50edbe3489418acc837de", "5a21751f48b27dff8488521a6113a4e102164ad68f1d6ac43f90b8ad7a0ebc8d", "693969c204a6b9714af4128612abeb08e36fbfc03bbef71accd253b0895b45b5", "80654347845e9392f5039a94342f7b28c345c1ae6766939d7bda21360bf605bd", "258d29d87887f9e9303c0c23f466c6807c89f41ba19bc29d99d688971eb59c22", "4843ee4070f7d7a3c6e06e2e1ba26014c1d1b54ba1ca6eed552ddbb7ffa76d7b", "377df2eb0bffe8d47667a343f80f0dff71a47227369f8a63a5336736fca1718d", "11dd9314fe25aa3eb43b042abf8b81b9e50fcfd79528b81288e3f98961789db6", "341d486619e7e2f91de5be87f1bca56ab58c3edebcdc35a949ea306cc4f2c91b", "7f73061dda346d0528d01f811e508b5fc47076df69503576032053166340d2af", "588c4714537fe5243b82572b8b98d2cc83cb99a18d188eaf883791e5125786da", "3d3382e61f289dd249b6817a694dc2c5ddfcdce7dafad7d1f3074e04bfa9442d", "168ef2a56df0859de10120b164c6696d5affbf606fa9d6e79d78f6065d3edc03", "2f2f6a0ef0de62b9c305b24260b9208064130ea88d47a955f922a20f2be02ac0", "562f05f30ffb78866d0077785cfb36d11200f44dbf4abd68b4c43b016a136f8d", "04eb026fd69ee85a204deb1ab3d894fc95d543ff94667bc1f9baf05b77e1aa0c", "7e319635b05f872bcde07b37a87c45ac59a19cc403062b0a7a18125f6aa07d02", "793c06d0016e679f27a26643ff229dc942588838874fa4605961c74d10c34a49", "57631559806e8a977e616b9c00fbe3ff2a957d5c65bbd4bbd5fcd53a63489949"], "mitre_attack_tags": ["TA0001", "T1566"]}, {"bi": "microsoft-block-rule-list-app-executed", "hashes": ["202e5716d57ea7202f2231153c600fcf7f96017f82b70a11d6f15cb637a28779", "2e8e2e885a25bb09aa90943880e7d81b9addfc0013d76c205cc5f615028f1839", "dab394cde1e5511f04e7ec2916cc473950358aa3cf37e0f393d1f739526eafad", "a381580451ceb6fdc34f6efbb4597352d1b8b41abc8a78ecb90057f8d68384b4", "4f6e0e822cfb6ffa0cca7c80bd33a8184912e6621aa28459e06f70929d9d36d9", "cf239b6dae275f53efa5723c0d9763c0bc5ec4052b93de80a170f6463116ee1e", "8444fb5e16ca451dad9a315610b43a604ded969009404bf88110f9a840cbd96b", "31dc34001eb08664526ad2389b4b0cdf28214c595eba05bf0f84bf16fa6b119b", "4e38a707a26fda9ba556cc17b79cb01121a51e6692809c18afe36e491b39174d", "1e0b0bfbc83d700f9583f730244b02b26b12ba1db5c50edbe3489418acc837de", "5a21751f48b27dff8488521a6113a4e102164ad68f1d6ac43f90b8ad7a0ebc8d", "693969c204a6b9714af4128612abeb08e36fbfc03bbef71accd253b0895b45b5", "80654347845e9392f5039a94342f7b28c345c1ae6766939d7bda21360bf605bd", "258d29d87887f9e9303c0c23f466c6807c89f41ba19bc29d99d688971eb59c22", "4843ee4070f7d7a3c6e06e2e1ba26014c1d1b54ba1ca6eed552ddbb7ffa76d7b", "377df2eb0bffe8d47667a343f80f0dff71a47227369f8a63a5336736fca1718d", "11dd9314fe25aa3eb43b042abf8b81b9e50fcfd79528b81288e3f98961789db6", "341d486619e7e2f91de5be87f1bca56ab58c3edebcdc35a949ea306cc4f2c91b", "7f73061dda346d0528d01f811e508b5fc47076df69503576032053166340d2af", "588c4714537fe5243b82572b8b98d2cc83cb99a18d188eaf883791e5125786da", "3d3382e61f289dd249b6817a694dc2c5ddfcdce7dafad7d1f3074e04bfa9442d", "168ef2a56df0859de10120b164c6696d5affbf606fa9d6e79d78f6065d3edc03", "2f2f6a0ef0de62b9c305b24260b9208064130ea88d47a955f922a20f2be02ac0", "562f05f30ffb78866d0077785cfb36d11200f44dbf4abd68b4c43b016a136f8d", "04eb026fd69ee85a204deb1ab3d894fc95d543ff94667bc1f9baf05b77e1aa0c", "7e319635b05f872bcde07b37a87c45ac59a19cc403062b0a7a18125f6aa07d02", "793c06d0016e679f27a26643ff229dc942588838874fa4605961c74d10c34a49", "57631559806e8a977e616b9c00fbe3ff2a957d5c65bbd4bbd5fcd53a63489949"], "mitre_attack_tags": ["TA0005", "T1562"]}, {"bi": "windows-speech-api", "hashes": ["202e5716d57ea7202f2231153c600fcf7f96017f82b70a11d6f15cb637a28779", "2e8e2e885a25bb09aa90943880e7d81b9addfc0013d76c205cc5f615028f1839", "dab394cde1e5511f04e7ec2916cc473950358aa3cf37e0f393d1f739526eafad", "a381580451ceb6fdc34f6efbb4597352d1b8b41abc8a78ecb90057f8d68384b4", "4f6e0e822cfb6ffa0cca7c80bd33a8184912e6621aa28459e06f70929d9d36d9", "cf239b6dae275f53efa5723c0d9763c0bc5ec4052b93de80a170f6463116ee1e", "8444fb5e16ca451dad9a315610b43a604ded969009404bf88110f9a840cbd96b", "31dc34001eb08664526ad2389b4b0cdf28214c595eba05bf0f84bf16fa6b119b", "4e38a707a26fda9ba556cc17b79cb01121a51e6692809c18afe36e491b39174d", "1e0b0bfbc83d700f9583f730244b02b26b12ba1db5c50edbe3489418acc837de", "5a21751f48b27dff8488521a6113a4e102164ad68f1d6ac43f90b8ad7a0ebc8d", "693969c204a6b9714af4128612abeb08e36fbfc03bbef71accd253b0895b45b5", "80654347845e9392f5039a94342f7b28c345c1ae6766939d7bda21360bf605bd", "258d29d87887f9e9303c0c23f466c6807c89f41ba19bc29d99d688971eb59c22", "4843ee4070f7d7a3c6e06e2e1ba26014c1d1b54ba1ca6eed552ddbb7ffa76d7b", "377df2eb0bffe8d47667a343f80f0dff71a47227369f8a63a5336736fca1718d", "11dd9314fe25aa3eb43b042abf8b81b9e50fcfd79528b81288e3f98961789db6", "341d486619e7e2f91de5be87f1bca56ab58c3edebcdc35a949ea306cc4f2c91b", "7f73061dda346d0528d01f811e508b5fc47076df69503576032053166340d2af", "588c4714537fe5243b82572b8b98d2cc83cb99a18d188eaf883791e5125786da", "3d3382e61f289dd249b6817a694dc2c5ddfcdce7dafad7d1f3074e04bfa9442d", "168ef2a56df0859de10120b164c6696d5affbf606fa9d6e79d78f6065d3edc03", "2f2f6a0ef0de62b9c305b24260b9208064130ea88d47a955f922a20f2be02ac0", "562f05f30ffb78866d0077785cfb36d11200f44dbf4abd68b4c43b016a136f8d", "04eb026fd69ee85a204deb1ab3d894fc95d543ff94667bc1f9baf05b77e1aa0c", "7e319635b05f872bcde07b37a87c45ac59a19cc403062b0a7a18125f6aa07d02", "793c06d0016e679f27a26643ff229dc942588838874fa4605961c74d10c34a49", "57631559806e8a977e616b9c00fbe3ff2a957d5c65bbd4bbd5fcd53a63489949"], "mitre_attack_tags": ["TA0040", "T1491"]}, {"bi": "process-deletes-many-files", "hashes": ["202e5716d57ea7202f2231153c600fcf7f96017f82b70a11d6f15cb637a28779", "2e8e2e885a25bb09aa90943880e7d81b9addfc0013d76c205cc5f615028f1839", "dab394cde1e5511f04e7ec2916cc473950358aa3cf37e0f393d1f739526eafad", "a381580451ceb6fdc34f6efbb4597352d1b8b41abc8a78ecb90057f8d68384b4", "4f6e0e822cfb6ffa0cca7c80bd33a8184912e6621aa28459e06f70929d9d36d9", "cf239b6dae275f53efa5723c0d9763c0bc5ec4052b93de80a170f6463116ee1e", "8444fb5e16ca451dad9a315610b43a604ded969009404bf88110f9a840cbd96b", "31dc34001eb08664526ad2389b4b0cdf28214c595eba05bf0f84bf16fa6b119b", "4e38a707a26fda9ba556cc17b79cb01121a51e6692809c18afe36e491b39174d", "1e0b0bfbc83d700f9583f730244b02b26b12ba1db5c50edbe3489418acc837de", "5a21751f48b27dff8488521a6113a4e102164ad68f1d6ac43f90b8ad7a0ebc8d", "693969c204a6b9714af4128612abeb08e36fbfc03bbef71accd253b0895b45b5", "80654347845e9392f5039a94342f7b28c345c1ae6766939d7bda21360bf605bd", "258d29d87887f9e9303c0c23f466c6807c89f41ba19bc29d99d688971eb59c22", "4843ee4070f7d7a3c6e06e2e1ba26014c1d1b54ba1ca6eed552ddbb7ffa76d7b", "377df2eb0bffe8d47667a343f80f0dff71a47227369f8a63a5336736fca1718d", "11dd9314fe25aa3eb43b042abf8b81b9e50fcfd79528b81288e3f98961789db6", "341d486619e7e2f91de5be87f1bca56ab58c3edebcdc35a949ea306cc4f2c91b", "7f73061dda346d0528d01f811e508b5fc47076df69503576032053166340d2af", "588c4714537fe5243b82572b8b98d2cc83cb99a18d188eaf883791e5125786da", "3d3382e61f289dd249b6817a694dc2c5ddfcdce7dafad7d1f3074e04bfa9442d", "168ef2a56df0859de10120b164c6696d5affbf606fa9d6e79d78f6065d3edc03", "2f2f6a0ef0de62b9c305b24260b9208064130ea88d47a955f922a20f2be02ac0", "562f05f30ffb78866d0077785cfb36d11200f44dbf4abd68b4c43b016a136f8d", "04eb026fd69ee85a204deb1ab3d894fc95d543ff94667bc1f9baf05b77e1aa0c", "7e319635b05f872bcde07b37a87c45ac59a19cc403062b0a7a18125f6aa07d02", "793c06d0016e679f27a26643ff229dc942588838874fa4605961c74d10c34a49", "57631559806e8a977e616b9c00fbe3ff2a957d5c65bbd4bbd5fcd53a63489949"], "mitre_attack_tags": []}, {"bi": "malware-generic-infostealer", "hashes": ["202e5716d57ea7202f2231153c600fcf7f96017f82b70a11d6f15cb637a28779", "2e8e2e885a25bb09aa90943880e7d81b9addfc0013d76c205cc5f615028f1839", "dab394cde1e5511f04e7ec2916cc473950358aa3cf37e0f393d1f739526eafad", "a381580451ceb6fdc34f6efbb4597352d1b8b41abc8a78ecb90057f8d68384b4", "4f6e0e822cfb6ffa0cca7c80bd33a8184912e6621aa28459e06f70929d9d36d9", "cf239b6dae275f53efa5723c0d9763c0bc5ec4052b93de80a170f6463116ee1e", "8444fb5e16ca451dad9a315610b43a604ded969009404bf88110f9a840cbd96b", "31dc34001eb08664526ad2389b4b0cdf28214c595eba05bf0f84bf16fa6b119b", "4e38a707a26fda9ba556cc17b79cb01121a51e6692809c18afe36e491b39174d", "1e0b0bfbc83d700f9583f730244b02b26b12ba1db5c50edbe3489418acc837de", "5a21751f48b27dff8488521a6113a4e102164ad68f1d6ac43f90b8ad7a0ebc8d", "693969c204a6b9714af4128612abeb08e36fbfc03bbef71accd253b0895b45b5", "80654347845e9392f5039a94342f7b28c345c1ae6766939d7bda21360bf605bd", "258d29d87887f9e9303c0c23f466c6807c89f41ba19bc29d99d688971eb59c22", "4843ee4070f7d7a3c6e06e2e1ba26014c1d1b54ba1ca6eed552ddbb7ffa76d7b", "377df2eb0bffe8d47667a343f80f0dff71a47227369f8a63a5336736fca1718d", "11dd9314fe25aa3eb43b042abf8b81b9e50fcfd79528b81288e3f98961789db6", "341d486619e7e2f91de5be87f1bca56ab58c3edebcdc35a949ea306cc4f2c91b", "7f73061dda346d0528d01f811e508b5fc47076df69503576032053166340d2af", "588c4714537fe5243b82572b8b98d2cc83cb99a18d188eaf883791e5125786da", "3d3382e61f289dd249b6817a694dc2c5ddfcdce7dafad7d1f3074e04bfa9442d", "168ef2a56df0859de10120b164c6696d5affbf606fa9d6e79d78f6065d3edc03", "2f2f6a0ef0de62b9c305b24260b9208064130ea88d47a955f922a20f2be02ac0", "562f05f30ffb78866d0077785cfb36d11200f44dbf4abd68b4c43b016a136f8d", "04eb026fd69ee85a204deb1ab3d894fc95d543ff94667bc1f9baf05b77e1aa0c", "7e319635b05f872bcde07b37a87c45ac59a19cc403062b0a7a18125f6aa07d02", "793c06d0016e679f27a26643ff229dc942588838874fa4605961c74d10c34a49", "57631559806e8a977e616b9c00fbe3ff2a957d5c65bbd4bbd5fcd53a63489949"], "mitre_attack_tags": ["TA0007", "TA0009", "TA0006", "T1083", "T1005", "T1119", "T1552"]}, {"bi": "enumeration-cryptocurrency-information", "hashes": ["202e5716d57ea7202f2231153c600fcf7f96017f82b70a11d6f15cb637a28779", "2e8e2e885a25bb09aa90943880e7d81b9addfc0013d76c205cc5f615028f1839", "dab394cde1e5511f04e7ec2916cc473950358aa3cf37e0f393d1f739526eafad", "a381580451ceb6fdc34f6efbb4597352d1b8b41abc8a78ecb90057f8d68384b4", "4f6e0e822cfb6ffa0cca7c80bd33a8184912e6621aa28459e06f70929d9d36d9", "cf239b6dae275f53efa5723c0d9763c0bc5ec4052b93de80a170f6463116ee1e", "8444fb5e16ca451dad9a315610b43a604ded969009404bf88110f9a840cbd96b", "31dc34001eb08664526ad2389b4b0cdf28214c595eba05bf0f84bf16fa6b119b", "4e38a707a26fda9ba556cc17b79cb01121a51e6692809c18afe36e491b39174d", "1e0b0bfbc83d700f9583f730244b02b26b12ba1db5c50edbe3489418acc837de", "5a21751f48b27dff8488521a6113a4e102164ad68f1d6ac43f90b8ad7a0ebc8d", "693969c204a6b9714af4128612abeb08e36fbfc03bbef71accd253b0895b45b5", "80654347845e9392f5039a94342f7b28c345c1ae6766939d7bda21360bf605bd", "258d29d87887f9e9303c0c23f466c6807c89f41ba19bc29d99d688971eb59c22", "4843ee4070f7d7a3c6e06e2e1ba26014c1d1b54ba1ca6eed552ddbb7ffa76d7b", "377df2eb0bffe8d47667a343f80f0dff71a47227369f8a63a5336736fca1718d", "11dd9314fe25aa3eb43b042abf8b81b9e50fcfd79528b81288e3f98961789db6", "341d486619e7e2f91de5be87f1bca56ab58c3edebcdc35a949ea306cc4f2c91b", "7f73061dda346d0528d01f811e508b5fc47076df69503576032053166340d2af", "588c4714537fe5243b82572b8b98d2cc83cb99a18d188eaf883791e5125786da", "3d3382e61f289dd249b6817a694dc2c5ddfcdce7dafad7d1f3074e04bfa9442d", "168ef2a56df0859de10120b164c6696d5affbf606fa9d6e79d78f6065d3edc03", "2f2f6a0ef0de62b9c305b24260b9208064130ea88d47a955f922a20f2be02ac0", "562f05f30ffb78866d0077785cfb36d11200f44dbf4abd68b4c43b016a136f8d", "04eb026fd69ee85a204deb1ab3d894fc95d543ff94667bc1f9baf05b77e1aa0c", "7e319635b05f872bcde07b37a87c45ac59a19cc403062b0a7a18125f6aa07d02", "793c06d0016e679f27a26643ff229dc942588838874fa4605961c74d10c34a49", "57631559806e8a977e616b9c00fbe3ff2a957d5c65bbd4bbd5fcd53a63489949"], "mitre_attack_tags": ["TA0007", "TA0009", "TA0006", "T1083", "T1005", "T1119", "T1552"]}, {"bi": "enumeration-email-program-information", "hashes": ["202e5716d57ea7202f2231153c600fcf7f96017f82b70a11d6f15cb637a28779", "2e8e2e885a25bb09aa90943880e7d81b9addfc0013d76c205cc5f615028f1839", "dab394cde1e5511f04e7ec2916cc473950358aa3cf37e0f393d1f739526eafad", "a381580451ceb6fdc34f6efbb4597352d1b8b41abc8a78ecb90057f8d68384b4", "4f6e0e822cfb6ffa0cca7c80bd33a8184912e6621aa28459e06f70929d9d36d9", "cf239b6dae275f53efa5723c0d9763c0bc5ec4052b93de80a170f6463116ee1e", "8444fb5e16ca451dad9a315610b43a604ded969009404bf88110f9a840cbd96b", "31dc34001eb08664526ad2389b4b0cdf28214c595eba05bf0f84bf16fa6b119b", "4e38a707a26fda9ba556cc17b79cb01121a51e6692809c18afe36e491b39174d", "1e0b0bfbc83d700f9583f730244b02b26b12ba1db5c50edbe3489418acc837de", "5a21751f48b27dff8488521a6113a4e102164ad68f1d6ac43f90b8ad7a0ebc8d", "693969c204a6b9714af4128612abeb08e36fbfc03bbef71accd253b0895b45b5", "80654347845e9392f5039a94342f7b28c345c1ae6766939d7bda21360bf605bd", "258d29d87887f9e9303c0c23f466c6807c89f41ba19bc29d99d688971eb59c22", "4843ee4070f7d7a3c6e06e2e1ba26014c1d1b54ba1ca6eed552ddbb7ffa76d7b", "377df2eb0bffe8d47667a343f80f0dff71a47227369f8a63a5336736fca1718d", "11dd9314fe25aa3eb43b042abf8b81b9e50fcfd79528b81288e3f98961789db6", "341d486619e7e2f91de5be87f1bca56ab58c3edebcdc35a949ea306cc4f2c91b", "7f73061dda346d0528d01f811e508b5fc47076df69503576032053166340d2af", "588c4714537fe5243b82572b8b98d2cc83cb99a18d188eaf883791e5125786da", "3d3382e61f289dd249b6817a694dc2c5ddfcdce7dafad7d1f3074e04bfa9442d", "168ef2a56df0859de10120b164c6696d5affbf606fa9d6e79d78f6065d3edc03", "2f2f6a0ef0de62b9c305b24260b9208064130ea88d47a955f922a20f2be02ac0", "562f05f30ffb78866d0077785cfb36d11200f44dbf4abd68b4c43b016a136f8d", "04eb026fd69ee85a204deb1ab3d894fc95d543ff94667bc1f9baf05b77e1aa0c", "7e319635b05f872bcde07b37a87c45ac59a19cc403062b0a7a18125f6aa07d02", "793c06d0016e679f27a26643ff229dc942588838874fa4605961c74d10c34a49", "57631559806e8a977e616b9c00fbe3ff2a957d5c65bbd4bbd5fcd53a63489949"], "mitre_attack_tags": ["TA0007", "TA0009", "TA0006", "T1083", "T1087", "T1005", "T1119", "T1114", "T1552"]}, {"bi": "rtf-appended-data", "hashes": ["202e5716d57ea7202f2231153c600fcf7f96017f82b70a11d6f15cb637a28779", "2e8e2e885a25bb09aa90943880e7d81b9addfc0013d76c205cc5f615028f1839", "dab394cde1e5511f04e7ec2916cc473950358aa3cf37e0f393d1f739526eafad", "a381580451ceb6fdc34f6efbb4597352d1b8b41abc8a78ecb90057f8d68384b4", "4f6e0e822cfb6ffa0cca7c80bd33a8184912e6621aa28459e06f70929d9d36d9", "cf239b6dae275f53efa5723c0d9763c0bc5ec4052b93de80a170f6463116ee1e", "8444fb5e16ca451dad9a315610b43a604ded969009404bf88110f9a840cbd96b", "31dc34001eb08664526ad2389b4b0cdf28214c595eba05bf0f84bf16fa6b119b", "4e38a707a26fda9ba556cc17b79cb01121a51e6692809c18afe36e491b39174d", "1e0b0bfbc83d700f9583f730244b02b26b12ba1db5c50edbe3489418acc837de", "5a21751f48b27dff8488521a6113a4e102164ad68f1d6ac43f90b8ad7a0ebc8d", "693969c204a6b9714af4128612abeb08e36fbfc03bbef71accd253b0895b45b5", "80654347845e9392f5039a94342f7b28c345c1ae6766939d7bda21360bf605bd", "258d29d87887f9e9303c0c23f466c6807c89f41ba19bc29d99d688971eb59c22", "4843ee4070f7d7a3c6e06e2e1ba26014c1d1b54ba1ca6eed552ddbb7ffa76d7b", "377df2eb0bffe8d47667a343f80f0dff71a47227369f8a63a5336736fca1718d", "11dd9314fe25aa3eb43b042abf8b81b9e50fcfd79528b81288e3f98961789db6", "341d486619e7e2f91de5be87f1bca56ab58c3edebcdc35a949ea306cc4f2c91b", "7f73061dda346d0528d01f811e508b5fc47076df69503576032053166340d2af", "588c4714537fe5243b82572b8b98d2cc83cb99a18d188eaf883791e5125786da", "3d3382e61f289dd249b6817a694dc2c5ddfcdce7dafad7d1f3074e04bfa9442d", "168ef2a56df0859de10120b164c6696d5affbf606fa9d6e79d78f6065d3edc03", "2f2f6a0ef0de62b9c305b24260b9208064130ea88d47a955f922a20f2be02ac0", "562f05f30ffb78866d0077785cfb36d11200f44dbf4abd68b4c43b016a136f8d", "04eb026fd69ee85a204deb1ab3d894fc95d543ff94667bc1f9baf05b77e1aa0c", "7e319635b05f872bcde07b37a87c45ac59a19cc403062b0a7a18125f6aa07d02", "793c06d0016e679f27a26643ff229dc942588838874fa4605961c74d10c34a49", "57631559806e8a977e616b9c00fbe3ff2a957d5c65bbd4bbd5fcd53a63489949"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "rtf-high-entropy", "hashes": ["202e5716d57ea7202f2231153c600fcf7f96017f82b70a11d6f15cb637a28779", "2e8e2e885a25bb09aa90943880e7d81b9addfc0013d76c205cc5f615028f1839", "dab394cde1e5511f04e7ec2916cc473950358aa3cf37e0f393d1f739526eafad", "a381580451ceb6fdc34f6efbb4597352d1b8b41abc8a78ecb90057f8d68384b4", "4f6e0e822cfb6ffa0cca7c80bd33a8184912e6621aa28459e06f70929d9d36d9", "cf239b6dae275f53efa5723c0d9763c0bc5ec4052b93de80a170f6463116ee1e", "8444fb5e16ca451dad9a315610b43a604ded969009404bf88110f9a840cbd96b", "31dc34001eb08664526ad2389b4b0cdf28214c595eba05bf0f84bf16fa6b119b", "4e38a707a26fda9ba556cc17b79cb01121a51e6692809c18afe36e491b39174d", "1e0b0bfbc83d700f9583f730244b02b26b12ba1db5c50edbe3489418acc837de", "5a21751f48b27dff8488521a6113a4e102164ad68f1d6ac43f90b8ad7a0ebc8d", "693969c204a6b9714af4128612abeb08e36fbfc03bbef71accd253b0895b45b5", "80654347845e9392f5039a94342f7b28c345c1ae6766939d7bda21360bf605bd", "258d29d87887f9e9303c0c23f466c6807c89f41ba19bc29d99d688971eb59c22", "4843ee4070f7d7a3c6e06e2e1ba26014c1d1b54ba1ca6eed552ddbb7ffa76d7b", "377df2eb0bffe8d47667a343f80f0dff71a47227369f8a63a5336736fca1718d", "11dd9314fe25aa3eb43b042abf8b81b9e50fcfd79528b81288e3f98961789db6", "341d486619e7e2f91de5be87f1bca56ab58c3edebcdc35a949ea306cc4f2c91b", "7f73061dda346d0528d01f811e508b5fc47076df69503576032053166340d2af", "588c4714537fe5243b82572b8b98d2cc83cb99a18d188eaf883791e5125786da", "3d3382e61f289dd249b6817a694dc2c5ddfcdce7dafad7d1f3074e04bfa9442d", "168ef2a56df0859de10120b164c6696d5affbf606fa9d6e79d78f6065d3edc03", "2f2f6a0ef0de62b9c305b24260b9208064130ea88d47a955f922a20f2be02ac0", "562f05f30ffb78866d0077785cfb36d11200f44dbf4abd68b4c43b016a136f8d", "04eb026fd69ee85a204deb1ab3d894fc95d543ff94667bc1f9baf05b77e1aa0c", "7e319635b05f872bcde07b37a87c45ac59a19cc403062b0a7a18125f6aa07d02", "793c06d0016e679f27a26643ff229dc942588838874fa4605961c74d10c34a49", "57631559806e8a977e616b9c00fbe3ff2a957d5c65bbd4bbd5fcd53a63489949"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "enumeration-game-information", "hashes": ["202e5716d57ea7202f2231153c600fcf7f96017f82b70a11d6f15cb637a28779", "2e8e2e885a25bb09aa90943880e7d81b9addfc0013d76c205cc5f615028f1839", "dab394cde1e5511f04e7ec2916cc473950358aa3cf37e0f393d1f739526eafad", "a381580451ceb6fdc34f6efbb4597352d1b8b41abc8a78ecb90057f8d68384b4", "4f6e0e822cfb6ffa0cca7c80bd33a8184912e6621aa28459e06f70929d9d36d9", "cf239b6dae275f53efa5723c0d9763c0bc5ec4052b93de80a170f6463116ee1e", "8444fb5e16ca451dad9a315610b43a604ded969009404bf88110f9a840cbd96b", "31dc34001eb08664526ad2389b4b0cdf28214c595eba05bf0f84bf16fa6b119b", "4e38a707a26fda9ba556cc17b79cb01121a51e6692809c18afe36e491b39174d", "1e0b0bfbc83d700f9583f730244b02b26b12ba1db5c50edbe3489418acc837de", "5a21751f48b27dff8488521a6113a4e102164ad68f1d6ac43f90b8ad7a0ebc8d", "693969c204a6b9714af4128612abeb08e36fbfc03bbef71accd253b0895b45b5", "80654347845e9392f5039a94342f7b28c345c1ae6766939d7bda21360bf605bd", "258d29d87887f9e9303c0c23f466c6807c89f41ba19bc29d99d688971eb59c22", "4843ee4070f7d7a3c6e06e2e1ba26014c1d1b54ba1ca6eed552ddbb7ffa76d7b", "377df2eb0bffe8d47667a343f80f0dff71a47227369f8a63a5336736fca1718d", "11dd9314fe25aa3eb43b042abf8b81b9e50fcfd79528b81288e3f98961789db6", "341d486619e7e2f91de5be87f1bca56ab58c3edebcdc35a949ea306cc4f2c91b", "7f73061dda346d0528d01f811e508b5fc47076df69503576032053166340d2af", "588c4714537fe5243b82572b8b98d2cc83cb99a18d188eaf883791e5125786da", "3d3382e61f289dd249b6817a694dc2c5ddfcdce7dafad7d1f3074e04bfa9442d", "168ef2a56df0859de10120b164c6696d5affbf606fa9d6e79d78f6065d3edc03", "2f2f6a0ef0de62b9c305b24260b9208064130ea88d47a955f922a20f2be02ac0", "562f05f30ffb78866d0077785cfb36d11200f44dbf4abd68b4c43b016a136f8d", "04eb026fd69ee85a204deb1ab3d894fc95d543ff94667bc1f9baf05b77e1aa0c", "7e319635b05f872bcde07b37a87c45ac59a19cc403062b0a7a18125f6aa07d02", "793c06d0016e679f27a26643ff229dc942588838874fa4605961c74d10c34a49", "57631559806e8a977e616b9c00fbe3ff2a957d5c65bbd4bbd5fcd53a63489949"], "mitre_attack_tags": ["TA0007", "TA0009", "TA0006", "T1083", "T1005", "T1119", "T1552", "T1555"]}, {"bi": "enumeration-sql-server-information", "hashes": ["202e5716d57ea7202f2231153c600fcf7f96017f82b70a11d6f15cb637a28779", "2e8e2e885a25bb09aa90943880e7d81b9addfc0013d76c205cc5f615028f1839", "dab394cde1e5511f04e7ec2916cc473950358aa3cf37e0f393d1f739526eafad", "a381580451ceb6fdc34f6efbb4597352d1b8b41abc8a78ecb90057f8d68384b4", "4f6e0e822cfb6ffa0cca7c80bd33a8184912e6621aa28459e06f70929d9d36d9", "cf239b6dae275f53efa5723c0d9763c0bc5ec4052b93de80a170f6463116ee1e", "8444fb5e16ca451dad9a315610b43a604ded969009404bf88110f9a840cbd96b", "31dc34001eb08664526ad2389b4b0cdf28214c595eba05bf0f84bf16fa6b119b", "4e38a707a26fda9ba556cc17b79cb01121a51e6692809c18afe36e491b39174d", "1e0b0bfbc83d700f9583f730244b02b26b12ba1db5c50edbe3489418acc837de", "5a21751f48b27dff8488521a6113a4e102164ad68f1d6ac43f90b8ad7a0ebc8d", "693969c204a6b9714af4128612abeb08e36fbfc03bbef71accd253b0895b45b5", "80654347845e9392f5039a94342f7b28c345c1ae6766939d7bda21360bf605bd", "258d29d87887f9e9303c0c23f466c6807c89f41ba19bc29d99d688971eb59c22", "4843ee4070f7d7a3c6e06e2e1ba26014c1d1b54ba1ca6eed552ddbb7ffa76d7b", "377df2eb0bffe8d47667a343f80f0dff71a47227369f8a63a5336736fca1718d", "11dd9314fe25aa3eb43b042abf8b81b9e50fcfd79528b81288e3f98961789db6", "341d486619e7e2f91de5be87f1bca56ab58c3edebcdc35a949ea306cc4f2c91b", "7f73061dda346d0528d01f811e508b5fc47076df69503576032053166340d2af", "588c4714537fe5243b82572b8b98d2cc83cb99a18d188eaf883791e5125786da", "3d3382e61f289dd249b6817a694dc2c5ddfcdce7dafad7d1f3074e04bfa9442d", "168ef2a56df0859de10120b164c6696d5affbf606fa9d6e79d78f6065d3edc03", "2f2f6a0ef0de62b9c305b24260b9208064130ea88d47a955f922a20f2be02ac0", "562f05f30ffb78866d0077785cfb36d11200f44dbf4abd68b4c43b016a136f8d", "04eb026fd69ee85a204deb1ab3d894fc95d543ff94667bc1f9baf05b77e1aa0c", "7e319635b05f872bcde07b37a87c45ac59a19cc403062b0a7a18125f6aa07d02", "793c06d0016e679f27a26643ff229dc942588838874fa4605961c74d10c34a49", "57631559806e8a977e616b9c00fbe3ff2a957d5c65bbd4bbd5fcd53a63489949"], "mitre_attack_tags": ["TA0007", "T1082"]}, {"bi": "process-hollowing-detected", "hashes": ["202e5716d57ea7202f2231153c600fcf7f96017f82b70a11d6f15cb637a28779", "dab394cde1e5511f04e7ec2916cc473950358aa3cf37e0f393d1f739526eafad", "4f6e0e822cfb6ffa0cca7c80bd33a8184912e6621aa28459e06f70929d9d36d9", "cf239b6dae275f53efa5723c0d9763c0bc5ec4052b93de80a170f6463116ee1e", "8444fb5e16ca451dad9a315610b43a604ded969009404bf88110f9a840cbd96b", "4e38a707a26fda9ba556cc17b79cb01121a51e6692809c18afe36e491b39174d", "1e0b0bfbc83d700f9583f730244b02b26b12ba1db5c50edbe3489418acc837de", "5a21751f48b27dff8488521a6113a4e102164ad68f1d6ac43f90b8ad7a0ebc8d", "693969c204a6b9714af4128612abeb08e36fbfc03bbef71accd253b0895b45b5", "80654347845e9392f5039a94342f7b28c345c1ae6766939d7bda21360bf605bd", "258d29d87887f9e9303c0c23f466c6807c89f41ba19bc29d99d688971eb59c22", "4843ee4070f7d7a3c6e06e2e1ba26014c1d1b54ba1ca6eed552ddbb7ffa76d7b", "377df2eb0bffe8d47667a343f80f0dff71a47227369f8a63a5336736fca1718d", "11dd9314fe25aa3eb43b042abf8b81b9e50fcfd79528b81288e3f98961789db6", "7f73061dda346d0528d01f811e508b5fc47076df69503576032053166340d2af", "588c4714537fe5243b82572b8b98d2cc83cb99a18d188eaf883791e5125786da", "3d3382e61f289dd249b6817a694dc2c5ddfcdce7dafad7d1f3074e04bfa9442d", "168ef2a56df0859de10120b164c6696d5affbf606fa9d6e79d78f6065d3edc03", "562f05f30ffb78866d0077785cfb36d11200f44dbf4abd68b4c43b016a136f8d", "04eb026fd69ee85a204deb1ab3d894fc95d543ff94667bc1f9baf05b77e1aa0c", "7e319635b05f872bcde07b37a87c45ac59a19cc403062b0a7a18125f6aa07d02", "793c06d0016e679f27a26643ff229dc942588838874fa4605961c74d10c34a49", "57631559806e8a977e616b9c00fbe3ff2a957d5c65bbd4bbd5fcd53a63489949"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}], "category": "Ransomware", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": true, "Threat Grid": true, "Umbrella": false, "WSA": false}, "description": "Cerber is ransomware that encrypts documents, photos, databases and other important files. Historically, this malware would replace files with encrypted versions and add the file extension \".cerber,\" although in more recent campaigns, other file extensions are used.", "hashes": ["04eb026fd69ee85a204deb1ab3d894fc95d543ff94667bc1f9baf05b77e1aa0c", "11dd9314fe25aa3eb43b042abf8b81b9e50fcfd79528b81288e3f98961789db6", "168ef2a56df0859de10120b164c6696d5affbf606fa9d6e79d78f6065d3edc03", "1e0b0bfbc83d700f9583f730244b02b26b12ba1db5c50edbe3489418acc837de", "202e5716d57ea7202f2231153c600fcf7f96017f82b70a11d6f15cb637a28779", "258d29d87887f9e9303c0c23f466c6807c89f41ba19bc29d99d688971eb59c22", "2e8e2e885a25bb09aa90943880e7d81b9addfc0013d76c205cc5f615028f1839", "2f2f6a0ef0de62b9c305b24260b9208064130ea88d47a955f922a20f2be02ac0", "31dc34001eb08664526ad2389b4b0cdf28214c595eba05bf0f84bf16fa6b119b", "341d486619e7e2f91de5be87f1bca56ab58c3edebcdc35a949ea306cc4f2c91b", "377df2eb0bffe8d47667a343f80f0dff71a47227369f8a63a5336736fca1718d", "3d3382e61f289dd249b6817a694dc2c5ddfcdce7dafad7d1f3074e04bfa9442d", "4843ee4070f7d7a3c6e06e2e1ba26014c1d1b54ba1ca6eed552ddbb7ffa76d7b", "4e38a707a26fda9ba556cc17b79cb01121a51e6692809c18afe36e491b39174d", "4f6e0e822cfb6ffa0cca7c80bd33a8184912e6621aa28459e06f70929d9d36d9", "562f05f30ffb78866d0077785cfb36d11200f44dbf4abd68b4c43b016a136f8d", "57631559806e8a977e616b9c00fbe3ff2a957d5c65bbd4bbd5fcd53a63489949", "588c4714537fe5243b82572b8b98d2cc83cb99a18d188eaf883791e5125786da", "5a21751f48b27dff8488521a6113a4e102164ad68f1d6ac43f90b8ad7a0ebc8d", "693969c204a6b9714af4128612abeb08e36fbfc03bbef71accd253b0895b45b5", "793c06d0016e679f27a26643ff229dc942588838874fa4605961c74d10c34a49", "7e319635b05f872bcde07b37a87c45ac59a19cc403062b0a7a18125f6aa07d02", "7f73061dda346d0528d01f811e508b5fc47076df69503576032053166340d2af", "80654347845e9392f5039a94342f7b28c345c1ae6766939d7bda21360bf605bd", "8444fb5e16ca451dad9a315610b43a604ded969009404bf88110f9a840cbd96b", "89330593daf6d6f0f9a1ecdb98d04b1ca9e6281937f5b89d6619a61b18f31c35", "8afc9c77f3312786c61f97df03b0ee378db73ee183ca1913a2e6003c157d1eee", "938b3a2ce355b56f7dc4d21a2ddbc066c8e80e79d82dd211587faf9b770cf6b2", "a381580451ceb6fdc34f6efbb4597352d1b8b41abc8a78ecb90057f8d68384b4", "ac6296100da2d6580743cb3c52b7482ac9294d5fe12df7e3f274cc4de4d6d71c", "b133ac7af3c8dd285f072fde7f0947b35dd28a9c93bdc698eeb3cde1bee517af", "b43d719f909ec03f2ac02f21e49cf4751687279b9854ef7768a94ba38178da4d", "b71efa331535ef1e899f6cc5d75872681ac53b51b12c91aaa233835a31716017", "bde83ebf2609cd75faaff1493d334d76570be8c5d4cd6b6f33869a5ecb2835c1", "cf239b6dae275f53efa5723c0d9763c0bc5ec4052b93de80a170f6463116ee1e", "d02f8dc3df2a77062a0c2c7de47051285da28d3450200c23f383b18437ec115d", "d38711dfaeca96321a659bb8c34fae7ffb3fd3c526bd93624585e026de9fb539", "d821296ad5698aa552cad2daf54c525fabfb488ed094af4aca18e68ed7e1c7bd", "dab394cde1e5511f04e7ec2916cc473950358aa3cf37e0f393d1f739526eafad", "e3b6726ee05737ced1e7ad70c8d9160536cb8879a3ad4fdafa383269af71b8de", "fe3aafe5a568ca58215f5857610b9143dbf088c9425876088d4adf0f18bffa1b"], "iocs": {"domain": [{"hashes": ["04eb026fd69ee85a204deb1ab3d894fc95d543ff94667bc1f9baf05b77e1aa0c", "11dd9314fe25aa3eb43b042abf8b81b9e50fcfd79528b81288e3f98961789db6", "168ef2a56df0859de10120b164c6696d5affbf606fa9d6e79d78f6065d3edc03", "1e0b0bfbc83d700f9583f730244b02b26b12ba1db5c50edbe3489418acc837de", "202e5716d57ea7202f2231153c600fcf7f96017f82b70a11d6f15cb637a28779", "258d29d87887f9e9303c0c23f466c6807c89f41ba19bc29d99d688971eb59c22", "2e8e2e885a25bb09aa90943880e7d81b9addfc0013d76c205cc5f615028f1839", "2f2f6a0ef0de62b9c305b24260b9208064130ea88d47a955f922a20f2be02ac0", "31dc34001eb08664526ad2389b4b0cdf28214c595eba05bf0f84bf16fa6b119b", "341d486619e7e2f91de5be87f1bca56ab58c3edebcdc35a949ea306cc4f2c91b", "377df2eb0bffe8d47667a343f80f0dff71a47227369f8a63a5336736fca1718d", "3d3382e61f289dd249b6817a694dc2c5ddfcdce7dafad7d1f3074e04bfa9442d", "4843ee4070f7d7a3c6e06e2e1ba26014c1d1b54ba1ca6eed552ddbb7ffa76d7b", "4e38a707a26fda9ba556cc17b79cb01121a51e6692809c18afe36e491b39174d", "4f6e0e822cfb6ffa0cca7c80bd33a8184912e6621aa28459e06f70929d9d36d9", "562f05f30ffb78866d0077785cfb36d11200f44dbf4abd68b4c43b016a136f8d", "57631559806e8a977e616b9c00fbe3ff2a957d5c65bbd4bbd5fcd53a63489949", "588c4714537fe5243b82572b8b98d2cc83cb99a18d188eaf883791e5125786da", "5a21751f48b27dff8488521a6113a4e102164ad68f1d6ac43f90b8ad7a0ebc8d", "693969c204a6b9714af4128612abeb08e36fbfc03bbef71accd253b0895b45b5", "793c06d0016e679f27a26643ff229dc942588838874fa4605961c74d10c34a49", "7e319635b05f872bcde07b37a87c45ac59a19cc403062b0a7a18125f6aa07d02", "7f73061dda346d0528d01f811e508b5fc47076df69503576032053166340d2af", "80654347845e9392f5039a94342f7b28c345c1ae6766939d7bda21360bf605bd", "8444fb5e16ca451dad9a315610b43a604ded969009404bf88110f9a840cbd96b", "a381580451ceb6fdc34f6efbb4597352d1b8b41abc8a78ecb90057f8d68384b4", "cf239b6dae275f53efa5723c0d9763c0bc5ec4052b93de80a170f6463116ee1e", "dab394cde1e5511f04e7ec2916cc473950358aa3cf37e0f393d1f739526eafad"], "host": "api[.]blockcypher[.]com"}, {"hashes": ["04eb026fd69ee85a204deb1ab3d894fc95d543ff94667bc1f9baf05b77e1aa0c", "11dd9314fe25aa3eb43b042abf8b81b9e50fcfd79528b81288e3f98961789db6", "168ef2a56df0859de10120b164c6696d5affbf606fa9d6e79d78f6065d3edc03", "1e0b0bfbc83d700f9583f730244b02b26b12ba1db5c50edbe3489418acc837de", "202e5716d57ea7202f2231153c600fcf7f96017f82b70a11d6f15cb637a28779", "258d29d87887f9e9303c0c23f466c6807c89f41ba19bc29d99d688971eb59c22", "2e8e2e885a25bb09aa90943880e7d81b9addfc0013d76c205cc5f615028f1839", "2f2f6a0ef0de62b9c305b24260b9208064130ea88d47a955f922a20f2be02ac0", "31dc34001eb08664526ad2389b4b0cdf28214c595eba05bf0f84bf16fa6b119b", "341d486619e7e2f91de5be87f1bca56ab58c3edebcdc35a949ea306cc4f2c91b", "377df2eb0bffe8d47667a343f80f0dff71a47227369f8a63a5336736fca1718d", "3d3382e61f289dd249b6817a694dc2c5ddfcdce7dafad7d1f3074e04bfa9442d", "4843ee4070f7d7a3c6e06e2e1ba26014c1d1b54ba1ca6eed552ddbb7ffa76d7b", "4e38a707a26fda9ba556cc17b79cb01121a51e6692809c18afe36e491b39174d", "4f6e0e822cfb6ffa0cca7c80bd33a8184912e6621aa28459e06f70929d9d36d9", "562f05f30ffb78866d0077785cfb36d11200f44dbf4abd68b4c43b016a136f8d", "57631559806e8a977e616b9c00fbe3ff2a957d5c65bbd4bbd5fcd53a63489949", "588c4714537fe5243b82572b8b98d2cc83cb99a18d188eaf883791e5125786da", "5a21751f48b27dff8488521a6113a4e102164ad68f1d6ac43f90b8ad7a0ebc8d", "693969c204a6b9714af4128612abeb08e36fbfc03bbef71accd253b0895b45b5", "793c06d0016e679f27a26643ff229dc942588838874fa4605961c74d10c34a49", "7e319635b05f872bcde07b37a87c45ac59a19cc403062b0a7a18125f6aa07d02", "7f73061dda346d0528d01f811e508b5fc47076df69503576032053166340d2af", "80654347845e9392f5039a94342f7b28c345c1ae6766939d7bda21360bf605bd", "8444fb5e16ca451dad9a315610b43a604ded969009404bf88110f9a840cbd96b", "a381580451ceb6fdc34f6efbb4597352d1b8b41abc8a78ecb90057f8d68384b4", "cf239b6dae275f53efa5723c0d9763c0bc5ec4052b93de80a170f6463116ee1e", "dab394cde1e5511f04e7ec2916cc473950358aa3cf37e0f393d1f739526eafad"], "host": "bitaps[.]com"}, {"hashes": ["04eb026fd69ee85a204deb1ab3d894fc95d543ff94667bc1f9baf05b77e1aa0c", "11dd9314fe25aa3eb43b042abf8b81b9e50fcfd79528b81288e3f98961789db6", "168ef2a56df0859de10120b164c6696d5affbf606fa9d6e79d78f6065d3edc03", "1e0b0bfbc83d700f9583f730244b02b26b12ba1db5c50edbe3489418acc837de", "202e5716d57ea7202f2231153c600fcf7f96017f82b70a11d6f15cb637a28779", "258d29d87887f9e9303c0c23f466c6807c89f41ba19bc29d99d688971eb59c22", "2e8e2e885a25bb09aa90943880e7d81b9addfc0013d76c205cc5f615028f1839", "2f2f6a0ef0de62b9c305b24260b9208064130ea88d47a955f922a20f2be02ac0", "31dc34001eb08664526ad2389b4b0cdf28214c595eba05bf0f84bf16fa6b119b", "341d486619e7e2f91de5be87f1bca56ab58c3edebcdc35a949ea306cc4f2c91b", "377df2eb0bffe8d47667a343f80f0dff71a47227369f8a63a5336736fca1718d", "3d3382e61f289dd249b6817a694dc2c5ddfcdce7dafad7d1f3074e04bfa9442d", "4843ee4070f7d7a3c6e06e2e1ba26014c1d1b54ba1ca6eed552ddbb7ffa76d7b", "4e38a707a26fda9ba556cc17b79cb01121a51e6692809c18afe36e491b39174d", "4f6e0e822cfb6ffa0cca7c80bd33a8184912e6621aa28459e06f70929d9d36d9", "562f05f30ffb78866d0077785cfb36d11200f44dbf4abd68b4c43b016a136f8d", "57631559806e8a977e616b9c00fbe3ff2a957d5c65bbd4bbd5fcd53a63489949", "588c4714537fe5243b82572b8b98d2cc83cb99a18d188eaf883791e5125786da", "5a21751f48b27dff8488521a6113a4e102164ad68f1d6ac43f90b8ad7a0ebc8d", "693969c204a6b9714af4128612abeb08e36fbfc03bbef71accd253b0895b45b5", "793c06d0016e679f27a26643ff229dc942588838874fa4605961c74d10c34a49", "7e319635b05f872bcde07b37a87c45ac59a19cc403062b0a7a18125f6aa07d02", "7f73061dda346d0528d01f811e508b5fc47076df69503576032053166340d2af", "80654347845e9392f5039a94342f7b28c345c1ae6766939d7bda21360bf605bd", "8444fb5e16ca451dad9a315610b43a604ded969009404bf88110f9a840cbd96b", "a381580451ceb6fdc34f6efbb4597352d1b8b41abc8a78ecb90057f8d68384b4", "cf239b6dae275f53efa5723c0d9763c0bc5ec4052b93de80a170f6463116ee1e", "dab394cde1e5511f04e7ec2916cc473950358aa3cf37e0f393d1f739526eafad"], "host": "chain[.]so"}, {"hashes": ["04eb026fd69ee85a204deb1ab3d894fc95d543ff94667bc1f9baf05b77e1aa0c", "11dd9314fe25aa3eb43b042abf8b81b9e50fcfd79528b81288e3f98961789db6", "168ef2a56df0859de10120b164c6696d5affbf606fa9d6e79d78f6065d3edc03", "1e0b0bfbc83d700f9583f730244b02b26b12ba1db5c50edbe3489418acc837de", "202e5716d57ea7202f2231153c600fcf7f96017f82b70a11d6f15cb637a28779", "258d29d87887f9e9303c0c23f466c6807c89f41ba19bc29d99d688971eb59c22", "2e8e2e885a25bb09aa90943880e7d81b9addfc0013d76c205cc5f615028f1839", "2f2f6a0ef0de62b9c305b24260b9208064130ea88d47a955f922a20f2be02ac0", "31dc34001eb08664526ad2389b4b0cdf28214c595eba05bf0f84bf16fa6b119b", "341d486619e7e2f91de5be87f1bca56ab58c3edebcdc35a949ea306cc4f2c91b", "377df2eb0bffe8d47667a343f80f0dff71a47227369f8a63a5336736fca1718d", "3d3382e61f289dd249b6817a694dc2c5ddfcdce7dafad7d1f3074e04bfa9442d", "4843ee4070f7d7a3c6e06e2e1ba26014c1d1b54ba1ca6eed552ddbb7ffa76d7b", "4e38a707a26fda9ba556cc17b79cb01121a51e6692809c18afe36e491b39174d", "4f6e0e822cfb6ffa0cca7c80bd33a8184912e6621aa28459e06f70929d9d36d9", "562f05f30ffb78866d0077785cfb36d11200f44dbf4abd68b4c43b016a136f8d", "57631559806e8a977e616b9c00fbe3ff2a957d5c65bbd4bbd5fcd53a63489949", "588c4714537fe5243b82572b8b98d2cc83cb99a18d188eaf883791e5125786da", "5a21751f48b27dff8488521a6113a4e102164ad68f1d6ac43f90b8ad7a0ebc8d", "693969c204a6b9714af4128612abeb08e36fbfc03bbef71accd253b0895b45b5", "793c06d0016e679f27a26643ff229dc942588838874fa4605961c74d10c34a49", "7e319635b05f872bcde07b37a87c45ac59a19cc403062b0a7a18125f6aa07d02", "7f73061dda346d0528d01f811e508b5fc47076df69503576032053166340d2af", "80654347845e9392f5039a94342f7b28c345c1ae6766939d7bda21360bf605bd", "8444fb5e16ca451dad9a315610b43a604ded969009404bf88110f9a840cbd96b", "a381580451ceb6fdc34f6efbb4597352d1b8b41abc8a78ecb90057f8d68384b4", "cf239b6dae275f53efa5723c0d9763c0bc5ec4052b93de80a170f6463116ee1e", "dab394cde1e5511f04e7ec2916cc473950358aa3cf37e0f393d1f739526eafad"], "host": "btc[.]blockr[.]io"}], "file": [{"hashes": ["04eb026fd69ee85a204deb1ab3d894fc95d543ff94667bc1f9baf05b77e1aa0c", "11dd9314fe25aa3eb43b042abf8b81b9e50fcfd79528b81288e3f98961789db6", "168ef2a56df0859de10120b164c6696d5affbf606fa9d6e79d78f6065d3edc03", "1e0b0bfbc83d700f9583f730244b02b26b12ba1db5c50edbe3489418acc837de", "202e5716d57ea7202f2231153c600fcf7f96017f82b70a11d6f15cb637a28779", "258d29d87887f9e9303c0c23f466c6807c89f41ba19bc29d99d688971eb59c22", "2e8e2e885a25bb09aa90943880e7d81b9addfc0013d76c205cc5f615028f1839", "2f2f6a0ef0de62b9c305b24260b9208064130ea88d47a955f922a20f2be02ac0", "31dc34001eb08664526ad2389b4b0cdf28214c595eba05bf0f84bf16fa6b119b", "341d486619e7e2f91de5be87f1bca56ab58c3edebcdc35a949ea306cc4f2c91b", "377df2eb0bffe8d47667a343f80f0dff71a47227369f8a63a5336736fca1718d", "3d3382e61f289dd249b6817a694dc2c5ddfcdce7dafad7d1f3074e04bfa9442d", "4843ee4070f7d7a3c6e06e2e1ba26014c1d1b54ba1ca6eed552ddbb7ffa76d7b", "4e38a707a26fda9ba556cc17b79cb01121a51e6692809c18afe36e491b39174d", "4f6e0e822cfb6ffa0cca7c80bd33a8184912e6621aa28459e06f70929d9d36d9", "562f05f30ffb78866d0077785cfb36d11200f44dbf4abd68b4c43b016a136f8d", "57631559806e8a977e616b9c00fbe3ff2a957d5c65bbd4bbd5fcd53a63489949", "588c4714537fe5243b82572b8b98d2cc83cb99a18d188eaf883791e5125786da", "5a21751f48b27dff8488521a6113a4e102164ad68f1d6ac43f90b8ad7a0ebc8d", "693969c204a6b9714af4128612abeb08e36fbfc03bbef71accd253b0895b45b5", "793c06d0016e679f27a26643ff229dc942588838874fa4605961c74d10c34a49", "7e319635b05f872bcde07b37a87c45ac59a19cc403062b0a7a18125f6aa07d02", "7f73061dda346d0528d01f811e508b5fc47076df69503576032053166340d2af", "80654347845e9392f5039a94342f7b28c345c1ae6766939d7bda21360bf605bd", "8444fb5e16ca451dad9a315610b43a604ded969009404bf88110f9a840cbd96b", "a381580451ceb6fdc34f6efbb4597352d1b8b41abc8a78ecb90057f8d68384b4", "cf239b6dae275f53efa5723c0d9763c0bc5ec4052b93de80a170f6463116ee1e", "dab394cde1e5511f04e7ec2916cc473950358aa3cf37e0f393d1f739526eafad"], "path": "%TEMP%\\d19ab989"}, {"hashes": ["04eb026fd69ee85a204deb1ab3d894fc95d543ff94667bc1f9baf05b77e1aa0c", "11dd9314fe25aa3eb43b042abf8b81b9e50fcfd79528b81288e3f98961789db6", "168ef2a56df0859de10120b164c6696d5affbf606fa9d6e79d78f6065d3edc03", "1e0b0bfbc83d700f9583f730244b02b26b12ba1db5c50edbe3489418acc837de", "202e5716d57ea7202f2231153c600fcf7f96017f82b70a11d6f15cb637a28779", "258d29d87887f9e9303c0c23f466c6807c89f41ba19bc29d99d688971eb59c22", "2e8e2e885a25bb09aa90943880e7d81b9addfc0013d76c205cc5f615028f1839", "2f2f6a0ef0de62b9c305b24260b9208064130ea88d47a955f922a20f2be02ac0", "31dc34001eb08664526ad2389b4b0cdf28214c595eba05bf0f84bf16fa6b119b", "341d486619e7e2f91de5be87f1bca56ab58c3edebcdc35a949ea306cc4f2c91b", "377df2eb0bffe8d47667a343f80f0dff71a47227369f8a63a5336736fca1718d", "3d3382e61f289dd249b6817a694dc2c5ddfcdce7dafad7d1f3074e04bfa9442d", "4843ee4070f7d7a3c6e06e2e1ba26014c1d1b54ba1ca6eed552ddbb7ffa76d7b", "4e38a707a26fda9ba556cc17b79cb01121a51e6692809c18afe36e491b39174d", "4f6e0e822cfb6ffa0cca7c80bd33a8184912e6621aa28459e06f70929d9d36d9", "562f05f30ffb78866d0077785cfb36d11200f44dbf4abd68b4c43b016a136f8d", "57631559806e8a977e616b9c00fbe3ff2a957d5c65bbd4bbd5fcd53a63489949", "588c4714537fe5243b82572b8b98d2cc83cb99a18d188eaf883791e5125786da", "5a21751f48b27dff8488521a6113a4e102164ad68f1d6ac43f90b8ad7a0ebc8d", "693969c204a6b9714af4128612abeb08e36fbfc03bbef71accd253b0895b45b5", "793c06d0016e679f27a26643ff229dc942588838874fa4605961c74d10c34a49", "7e319635b05f872bcde07b37a87c45ac59a19cc403062b0a7a18125f6aa07d02", "7f73061dda346d0528d01f811e508b5fc47076df69503576032053166340d2af", "80654347845e9392f5039a94342f7b28c345c1ae6766939d7bda21360bf605bd", "8444fb5e16ca451dad9a315610b43a604ded969009404bf88110f9a840cbd96b", "a381580451ceb6fdc34f6efbb4597352d1b8b41abc8a78ecb90057f8d68384b4", "cf239b6dae275f53efa5723c0d9763c0bc5ec4052b93de80a170f6463116ee1e", "dab394cde1e5511f04e7ec2916cc473950358aa3cf37e0f393d1f739526eafad"], "path": "%TEMP%\\d19ab989\\4710.tmp"}, {"hashes": ["04eb026fd69ee85a204deb1ab3d894fc95d543ff94667bc1f9baf05b77e1aa0c", "11dd9314fe25aa3eb43b042abf8b81b9e50fcfd79528b81288e3f98961789db6", "168ef2a56df0859de10120b164c6696d5affbf606fa9d6e79d78f6065d3edc03", "1e0b0bfbc83d700f9583f730244b02b26b12ba1db5c50edbe3489418acc837de", "202e5716d57ea7202f2231153c600fcf7f96017f82b70a11d6f15cb637a28779", "258d29d87887f9e9303c0c23f466c6807c89f41ba19bc29d99d688971eb59c22", "2e8e2e885a25bb09aa90943880e7d81b9addfc0013d76c205cc5f615028f1839", "2f2f6a0ef0de62b9c305b24260b9208064130ea88d47a955f922a20f2be02ac0", "31dc34001eb08664526ad2389b4b0cdf28214c595eba05bf0f84bf16fa6b119b", "341d486619e7e2f91de5be87f1bca56ab58c3edebcdc35a949ea306cc4f2c91b", "377df2eb0bffe8d47667a343f80f0dff71a47227369f8a63a5336736fca1718d", "3d3382e61f289dd249b6817a694dc2c5ddfcdce7dafad7d1f3074e04bfa9442d", "4843ee4070f7d7a3c6e06e2e1ba26014c1d1b54ba1ca6eed552ddbb7ffa76d7b", "4e38a707a26fda9ba556cc17b79cb01121a51e6692809c18afe36e491b39174d", "4f6e0e822cfb6ffa0cca7c80bd33a8184912e6621aa28459e06f70929d9d36d9", "562f05f30ffb78866d0077785cfb36d11200f44dbf4abd68b4c43b016a136f8d", "57631559806e8a977e616b9c00fbe3ff2a957d5c65bbd4bbd5fcd53a63489949", "588c4714537fe5243b82572b8b98d2cc83cb99a18d188eaf883791e5125786da", "5a21751f48b27dff8488521a6113a4e102164ad68f1d6ac43f90b8ad7a0ebc8d", "693969c204a6b9714af4128612abeb08e36fbfc03bbef71accd253b0895b45b5", "793c06d0016e679f27a26643ff229dc942588838874fa4605961c74d10c34a49", "7e319635b05f872bcde07b37a87c45ac59a19cc403062b0a7a18125f6aa07d02", "7f73061dda346d0528d01f811e508b5fc47076df69503576032053166340d2af", "80654347845e9392f5039a94342f7b28c345c1ae6766939d7bda21360bf605bd", "8444fb5e16ca451dad9a315610b43a604ded969009404bf88110f9a840cbd96b", "a381580451ceb6fdc34f6efbb4597352d1b8b41abc8a78ecb90057f8d68384b4", "cf239b6dae275f53efa5723c0d9763c0bc5ec4052b93de80a170f6463116ee1e", "dab394cde1e5511f04e7ec2916cc473950358aa3cf37e0f393d1f739526eafad"], "path": "%TEMP%\\d19ab989\\a35f.tmp"}, {"hashes": ["04eb026fd69ee85a204deb1ab3d894fc95d543ff94667bc1f9baf05b77e1aa0c", "11dd9314fe25aa3eb43b042abf8b81b9e50fcfd79528b81288e3f98961789db6", "168ef2a56df0859de10120b164c6696d5affbf606fa9d6e79d78f6065d3edc03", "1e0b0bfbc83d700f9583f730244b02b26b12ba1db5c50edbe3489418acc837de", "202e5716d57ea7202f2231153c600fcf7f96017f82b70a11d6f15cb637a28779", "258d29d87887f9e9303c0c23f466c6807c89f41ba19bc29d99d688971eb59c22", "2e8e2e885a25bb09aa90943880e7d81b9addfc0013d76c205cc5f615028f1839", "2f2f6a0ef0de62b9c305b24260b9208064130ea88d47a955f922a20f2be02ac0", "31dc34001eb08664526ad2389b4b0cdf28214c595eba05bf0f84bf16fa6b119b", "341d486619e7e2f91de5be87f1bca56ab58c3edebcdc35a949ea306cc4f2c91b", "377df2eb0bffe8d47667a343f80f0dff71a47227369f8a63a5336736fca1718d", "3d3382e61f289dd249b6817a694dc2c5ddfcdce7dafad7d1f3074e04bfa9442d", "4843ee4070f7d7a3c6e06e2e1ba26014c1d1b54ba1ca6eed552ddbb7ffa76d7b", "4e38a707a26fda9ba556cc17b79cb01121a51e6692809c18afe36e491b39174d", "4f6e0e822cfb6ffa0cca7c80bd33a8184912e6621aa28459e06f70929d9d36d9", "562f05f30ffb78866d0077785cfb36d11200f44dbf4abd68b4c43b016a136f8d", "57631559806e8a977e616b9c00fbe3ff2a957d5c65bbd4bbd5fcd53a63489949", "588c4714537fe5243b82572b8b98d2cc83cb99a18d188eaf883791e5125786da", "5a21751f48b27dff8488521a6113a4e102164ad68f1d6ac43f90b8ad7a0ebc8d", "693969c204a6b9714af4128612abeb08e36fbfc03bbef71accd253b0895b45b5", "793c06d0016e679f27a26643ff229dc942588838874fa4605961c74d10c34a49", "7e319635b05f872bcde07b37a87c45ac59a19cc403062b0a7a18125f6aa07d02", "7f73061dda346d0528d01f811e508b5fc47076df69503576032053166340d2af", "80654347845e9392f5039a94342f7b28c345c1ae6766939d7bda21360bf605bd", "8444fb5e16ca451dad9a315610b43a604ded969009404bf88110f9a840cbd96b", "a381580451ceb6fdc34f6efbb4597352d1b8b41abc8a78ecb90057f8d68384b4", "cf239b6dae275f53efa5723c0d9763c0bc5ec4052b93de80a170f6463116ee1e", "dab394cde1e5511f04e7ec2916cc473950358aa3cf37e0f393d1f739526eafad"], "path": "%LOCALAPPDATA%\\Microsoft\\Office\\Groove1\\System\\CSMIPC.dat"}, {"hashes": ["04eb026fd69ee85a204deb1ab3d894fc95d543ff94667bc1f9baf05b77e1aa0c", "11dd9314fe25aa3eb43b042abf8b81b9e50fcfd79528b81288e3f98961789db6", "168ef2a56df0859de10120b164c6696d5affbf606fa9d6e79d78f6065d3edc03", "1e0b0bfbc83d700f9583f730244b02b26b12ba1db5c50edbe3489418acc837de", "202e5716d57ea7202f2231153c600fcf7f96017f82b70a11d6f15cb637a28779", "258d29d87887f9e9303c0c23f466c6807c89f41ba19bc29d99d688971eb59c22", "2e8e2e885a25bb09aa90943880e7d81b9addfc0013d76c205cc5f615028f1839", "2f2f6a0ef0de62b9c305b24260b9208064130ea88d47a955f922a20f2be02ac0", "31dc34001eb08664526ad2389b4b0cdf28214c595eba05bf0f84bf16fa6b119b", "341d486619e7e2f91de5be87f1bca56ab58c3edebcdc35a949ea306cc4f2c91b", "377df2eb0bffe8d47667a343f80f0dff71a47227369f8a63a5336736fca1718d", "3d3382e61f289dd249b6817a694dc2c5ddfcdce7dafad7d1f3074e04bfa9442d", "4843ee4070f7d7a3c6e06e2e1ba26014c1d1b54ba1ca6eed552ddbb7ffa76d7b", "4e38a707a26fda9ba556cc17b79cb01121a51e6692809c18afe36e491b39174d", "4f6e0e822cfb6ffa0cca7c80bd33a8184912e6621aa28459e06f70929d9d36d9", "562f05f30ffb78866d0077785cfb36d11200f44dbf4abd68b4c43b016a136f8d", "57631559806e8a977e616b9c00fbe3ff2a957d5c65bbd4bbd5fcd53a63489949", "588c4714537fe5243b82572b8b98d2cc83cb99a18d188eaf883791e5125786da", "5a21751f48b27dff8488521a6113a4e102164ad68f1d6ac43f90b8ad7a0ebc8d", "693969c204a6b9714af4128612abeb08e36fbfc03bbef71accd253b0895b45b5", "793c06d0016e679f27a26643ff229dc942588838874fa4605961c74d10c34a49", "7e319635b05f872bcde07b37a87c45ac59a19cc403062b0a7a18125f6aa07d02", "7f73061dda346d0528d01f811e508b5fc47076df69503576032053166340d2af", "80654347845e9392f5039a94342f7b28c345c1ae6766939d7bda21360bf605bd", "8444fb5e16ca451dad9a315610b43a604ded969009404bf88110f9a840cbd96b", "a381580451ceb6fdc34f6efbb4597352d1b8b41abc8a78ecb90057f8d68384b4", "cf239b6dae275f53efa5723c0d9763c0bc5ec4052b93de80a170f6463116ee1e", "dab394cde1e5511f04e7ec2916cc473950358aa3cf37e0f393d1f739526eafad"], "path": "%TEMP%\\tmp<random, matching [A-F0-9]{1,4}>.tmp"}, {"hashes": ["04eb026fd69ee85a204deb1ab3d894fc95d543ff94667bc1f9baf05b77e1aa0c", "11dd9314fe25aa3eb43b042abf8b81b9e50fcfd79528b81288e3f98961789db6", "168ef2a56df0859de10120b164c6696d5affbf606fa9d6e79d78f6065d3edc03", "1e0b0bfbc83d700f9583f730244b02b26b12ba1db5c50edbe3489418acc837de", "202e5716d57ea7202f2231153c600fcf7f96017f82b70a11d6f15cb637a28779", "258d29d87887f9e9303c0c23f466c6807c89f41ba19bc29d99d688971eb59c22", "2e8e2e885a25bb09aa90943880e7d81b9addfc0013d76c205cc5f615028f1839", "2f2f6a0ef0de62b9c305b24260b9208064130ea88d47a955f922a20f2be02ac0", "31dc34001eb08664526ad2389b4b0cdf28214c595eba05bf0f84bf16fa6b119b", "341d486619e7e2f91de5be87f1bca56ab58c3edebcdc35a949ea306cc4f2c91b", "377df2eb0bffe8d47667a343f80f0dff71a47227369f8a63a5336736fca1718d", "3d3382e61f289dd249b6817a694dc2c5ddfcdce7dafad7d1f3074e04bfa9442d", "4843ee4070f7d7a3c6e06e2e1ba26014c1d1b54ba1ca6eed552ddbb7ffa76d7b", "4e38a707a26fda9ba556cc17b79cb01121a51e6692809c18afe36e491b39174d", "4f6e0e822cfb6ffa0cca7c80bd33a8184912e6621aa28459e06f70929d9d36d9", "562f05f30ffb78866d0077785cfb36d11200f44dbf4abd68b4c43b016a136f8d", "57631559806e8a977e616b9c00fbe3ff2a957d5c65bbd4bbd5fcd53a63489949", "588c4714537fe5243b82572b8b98d2cc83cb99a18d188eaf883791e5125786da", "5a21751f48b27dff8488521a6113a4e102164ad68f1d6ac43f90b8ad7a0ebc8d", "693969c204a6b9714af4128612abeb08e36fbfc03bbef71accd253b0895b45b5", "793c06d0016e679f27a26643ff229dc942588838874fa4605961c74d10c34a49", "7e319635b05f872bcde07b37a87c45ac59a19cc403062b0a7a18125f6aa07d02", "7f73061dda346d0528d01f811e508b5fc47076df69503576032053166340d2af", "80654347845e9392f5039a94342f7b28c345c1ae6766939d7bda21360bf605bd", "8444fb5e16ca451dad9a315610b43a604ded969009404bf88110f9a840cbd96b", "a381580451ceb6fdc34f6efbb4597352d1b8b41abc8a78ecb90057f8d68384b4", "cf239b6dae275f53efa5723c0d9763c0bc5ec4052b93de80a170f6463116ee1e", "dab394cde1e5511f04e7ec2916cc473950358aa3cf37e0f393d1f739526eafad"], "path": "%TEMP%\\tmp<random, matching [A-F0-9]{1,4}>.bmp"}, {"hashes": ["04eb026fd69ee85a204deb1ab3d894fc95d543ff94667bc1f9baf05b77e1aa0c", "11dd9314fe25aa3eb43b042abf8b81b9e50fcfd79528b81288e3f98961789db6", "168ef2a56df0859de10120b164c6696d5affbf606fa9d6e79d78f6065d3edc03", "1e0b0bfbc83d700f9583f730244b02b26b12ba1db5c50edbe3489418acc837de", "202e5716d57ea7202f2231153c600fcf7f96017f82b70a11d6f15cb637a28779", "258d29d87887f9e9303c0c23f466c6807c89f41ba19bc29d99d688971eb59c22", "2e8e2e885a25bb09aa90943880e7d81b9addfc0013d76c205cc5f615028f1839", "2f2f6a0ef0de62b9c305b24260b9208064130ea88d47a955f922a20f2be02ac0", "31dc34001eb08664526ad2389b4b0cdf28214c595eba05bf0f84bf16fa6b119b", "341d486619e7e2f91de5be87f1bca56ab58c3edebcdc35a949ea306cc4f2c91b", "377df2eb0bffe8d47667a343f80f0dff71a47227369f8a63a5336736fca1718d", "3d3382e61f289dd249b6817a694dc2c5ddfcdce7dafad7d1f3074e04bfa9442d", "4843ee4070f7d7a3c6e06e2e1ba26014c1d1b54ba1ca6eed552ddbb7ffa76d7b", "4e38a707a26fda9ba556cc17b79cb01121a51e6692809c18afe36e491b39174d", "4f6e0e822cfb6ffa0cca7c80bd33a8184912e6621aa28459e06f70929d9d36d9", "562f05f30ffb78866d0077785cfb36d11200f44dbf4abd68b4c43b016a136f8d", "57631559806e8a977e616b9c00fbe3ff2a957d5c65bbd4bbd5fcd53a63489949", "588c4714537fe5243b82572b8b98d2cc83cb99a18d188eaf883791e5125786da", "5a21751f48b27dff8488521a6113a4e102164ad68f1d6ac43f90b8ad7a0ebc8d", "693969c204a6b9714af4128612abeb08e36fbfc03bbef71accd253b0895b45b5", "793c06d0016e679f27a26643ff229dc942588838874fa4605961c74d10c34a49", "7e319635b05f872bcde07b37a87c45ac59a19cc403062b0a7a18125f6aa07d02", "7f73061dda346d0528d01f811e508b5fc47076df69503576032053166340d2af", "80654347845e9392f5039a94342f7b28c345c1ae6766939d7bda21360bf605bd", "8444fb5e16ca451dad9a315610b43a604ded969009404bf88110f9a840cbd96b", "a381580451ceb6fdc34f6efbb4597352d1b8b41abc8a78ecb90057f8d68384b4", "cf239b6dae275f53efa5723c0d9763c0bc5ec4052b93de80a170f6463116ee1e", "dab394cde1e5511f04e7ec2916cc473950358aa3cf37e0f393d1f739526eafad"], "path": "<dir>\\_HELP_HELP_HELP_<random, matching '[A-F0-9]{4,8}'>_.hta"}, {"hashes": ["04eb026fd69ee85a204deb1ab3d894fc95d543ff94667bc1f9baf05b77e1aa0c", "11dd9314fe25aa3eb43b042abf8b81b9e50fcfd79528b81288e3f98961789db6", "168ef2a56df0859de10120b164c6696d5affbf606fa9d6e79d78f6065d3edc03", "1e0b0bfbc83d700f9583f730244b02b26b12ba1db5c50edbe3489418acc837de", "202e5716d57ea7202f2231153c600fcf7f96017f82b70a11d6f15cb637a28779", "258d29d87887f9e9303c0c23f466c6807c89f41ba19bc29d99d688971eb59c22", "2e8e2e885a25bb09aa90943880e7d81b9addfc0013d76c205cc5f615028f1839", "2f2f6a0ef0de62b9c305b24260b9208064130ea88d47a955f922a20f2be02ac0", "31dc34001eb08664526ad2389b4b0cdf28214c595eba05bf0f84bf16fa6b119b", "341d486619e7e2f91de5be87f1bca56ab58c3edebcdc35a949ea306cc4f2c91b", "377df2eb0bffe8d47667a343f80f0dff71a47227369f8a63a5336736fca1718d", "3d3382e61f289dd249b6817a694dc2c5ddfcdce7dafad7d1f3074e04bfa9442d", "4843ee4070f7d7a3c6e06e2e1ba26014c1d1b54ba1ca6eed552ddbb7ffa76d7b", "4e38a707a26fda9ba556cc17b79cb01121a51e6692809c18afe36e491b39174d", "4f6e0e822cfb6ffa0cca7c80bd33a8184912e6621aa28459e06f70929d9d36d9", "562f05f30ffb78866d0077785cfb36d11200f44dbf4abd68b4c43b016a136f8d", "57631559806e8a977e616b9c00fbe3ff2a957d5c65bbd4bbd5fcd53a63489949", "588c4714537fe5243b82572b8b98d2cc83cb99a18d188eaf883791e5125786da", "5a21751f48b27dff8488521a6113a4e102164ad68f1d6ac43f90b8ad7a0ebc8d", "693969c204a6b9714af4128612abeb08e36fbfc03bbef71accd253b0895b45b5", "793c06d0016e679f27a26643ff229dc942588838874fa4605961c74d10c34a49", "7e319635b05f872bcde07b37a87c45ac59a19cc403062b0a7a18125f6aa07d02", "7f73061dda346d0528d01f811e508b5fc47076df69503576032053166340d2af", "80654347845e9392f5039a94342f7b28c345c1ae6766939d7bda21360bf605bd", "8444fb5e16ca451dad9a315610b43a604ded969009404bf88110f9a840cbd96b", "a381580451ceb6fdc34f6efbb4597352d1b8b41abc8a78ecb90057f8d68384b4", "cf239b6dae275f53efa5723c0d9763c0bc5ec4052b93de80a170f6463116ee1e", "dab394cde1e5511f04e7ec2916cc473950358aa3cf37e0f393d1f739526eafad"], "path": "<dir>\\_HELP_HELP_HELP_<random, matching '[A-F0-9]{4,8}'>_.png"}], "ip": [{"hashes": ["04eb026fd69ee85a204deb1ab3d894fc95d543ff94667bc1f9baf05b77e1aa0c", "11dd9314fe25aa3eb43b042abf8b81b9e50fcfd79528b81288e3f98961789db6", "168ef2a56df0859de10120b164c6696d5affbf606fa9d6e79d78f6065d3edc03", "1e0b0bfbc83d700f9583f730244b02b26b12ba1db5c50edbe3489418acc837de", "202e5716d57ea7202f2231153c600fcf7f96017f82b70a11d6f15cb637a28779", "258d29d87887f9e9303c0c23f466c6807c89f41ba19bc29d99d688971eb59c22", "2e8e2e885a25bb09aa90943880e7d81b9addfc0013d76c205cc5f615028f1839", "2f2f6a0ef0de62b9c305b24260b9208064130ea88d47a955f922a20f2be02ac0", "31dc34001eb08664526ad2389b4b0cdf28214c595eba05bf0f84bf16fa6b119b", "341d486619e7e2f91de5be87f1bca56ab58c3edebcdc35a949ea306cc4f2c91b", "377df2eb0bffe8d47667a343f80f0dff71a47227369f8a63a5336736fca1718d", "3d3382e61f289dd249b6817a694dc2c5ddfcdce7dafad7d1f3074e04bfa9442d", "4843ee4070f7d7a3c6e06e2e1ba26014c1d1b54ba1ca6eed552ddbb7ffa76d7b", "4e38a707a26fda9ba556cc17b79cb01121a51e6692809c18afe36e491b39174d", "4f6e0e822cfb6ffa0cca7c80bd33a8184912e6621aa28459e06f70929d9d36d9", "562f05f30ffb78866d0077785cfb36d11200f44dbf4abd68b4c43b016a136f8d", "57631559806e8a977e616b9c00fbe3ff2a957d5c65bbd4bbd5fcd53a63489949", "588c4714537fe5243b82572b8b98d2cc83cb99a18d188eaf883791e5125786da", "5a21751f48b27dff8488521a6113a4e102164ad68f1d6ac43f90b8ad7a0ebc8d", "693969c204a6b9714af4128612abeb08e36fbfc03bbef71accd253b0895b45b5", "793c06d0016e679f27a26643ff229dc942588838874fa4605961c74d10c34a49", "7e319635b05f872bcde07b37a87c45ac59a19cc403062b0a7a18125f6aa07d02", "7f73061dda346d0528d01f811e508b5fc47076df69503576032053166340d2af", "80654347845e9392f5039a94342f7b28c345c1ae6766939d7bda21360bf605bd", "8444fb5e16ca451dad9a315610b43a604ded969009404bf88110f9a840cbd96b", "a381580451ceb6fdc34f6efbb4597352d1b8b41abc8a78ecb90057f8d68384b4", "cf239b6dae275f53efa5723c0d9763c0bc5ec4052b93de80a170f6463116ee1e", "dab394cde1e5511f04e7ec2916cc473950358aa3cf37e0f393d1f739526eafad"], "ip": "178[.]128[.]255[.]179"}, {"hashes": ["04eb026fd69ee85a204deb1ab3d894fc95d543ff94667bc1f9baf05b77e1aa0c", "11dd9314fe25aa3eb43b042abf8b81b9e50fcfd79528b81288e3f98961789db6", "168ef2a56df0859de10120b164c6696d5affbf606fa9d6e79d78f6065d3edc03", "1e0b0bfbc83d700f9583f730244b02b26b12ba1db5c50edbe3489418acc837de", "202e5716d57ea7202f2231153c600fcf7f96017f82b70a11d6f15cb637a28779", "258d29d87887f9e9303c0c23f466c6807c89f41ba19bc29d99d688971eb59c22", "2e8e2e885a25bb09aa90943880e7d81b9addfc0013d76c205cc5f615028f1839", "2f2f6a0ef0de62b9c305b24260b9208064130ea88d47a955f922a20f2be02ac0", "31dc34001eb08664526ad2389b4b0cdf28214c595eba05bf0f84bf16fa6b119b", "341d486619e7e2f91de5be87f1bca56ab58c3edebcdc35a949ea306cc4f2c91b", "377df2eb0bffe8d47667a343f80f0dff71a47227369f8a63a5336736fca1718d", "3d3382e61f289dd249b6817a694dc2c5ddfcdce7dafad7d1f3074e04bfa9442d", "4843ee4070f7d7a3c6e06e2e1ba26014c1d1b54ba1ca6eed552ddbb7ffa76d7b", "4e38a707a26fda9ba556cc17b79cb01121a51e6692809c18afe36e491b39174d", "4f6e0e822cfb6ffa0cca7c80bd33a8184912e6621aa28459e06f70929d9d36d9", "562f05f30ffb78866d0077785cfb36d11200f44dbf4abd68b4c43b016a136f8d", "57631559806e8a977e616b9c00fbe3ff2a957d5c65bbd4bbd5fcd53a63489949", "588c4714537fe5243b82572b8b98d2cc83cb99a18d188eaf883791e5125786da", "5a21751f48b27dff8488521a6113a4e102164ad68f1d6ac43f90b8ad7a0ebc8d", "693969c204a6b9714af4128612abeb08e36fbfc03bbef71accd253b0895b45b5", "793c06d0016e679f27a26643ff229dc942588838874fa4605961c74d10c34a49", "7e319635b05f872bcde07b37a87c45ac59a19cc403062b0a7a18125f6aa07d02", "7f73061dda346d0528d01f811e508b5fc47076df69503576032053166340d2af", "80654347845e9392f5039a94342f7b28c345c1ae6766939d7bda21360bf605bd", "8444fb5e16ca451dad9a315610b43a604ded969009404bf88110f9a840cbd96b", "a381580451ceb6fdc34f6efbb4597352d1b8b41abc8a78ecb90057f8d68384b4", "cf239b6dae275f53efa5723c0d9763c0bc5ec4052b93de80a170f6463116ee1e", "dab394cde1e5511f04e7ec2916cc473950358aa3cf37e0f393d1f739526eafad"], "ip": "91[.]117[.]40[.]0/27"}, {"hashes": ["04eb026fd69ee85a204deb1ab3d894fc95d543ff94667bc1f9baf05b77e1aa0c", "11dd9314fe25aa3eb43b042abf8b81b9e50fcfd79528b81288e3f98961789db6", "168ef2a56df0859de10120b164c6696d5affbf606fa9d6e79d78f6065d3edc03", "1e0b0bfbc83d700f9583f730244b02b26b12ba1db5c50edbe3489418acc837de", "202e5716d57ea7202f2231153c600fcf7f96017f82b70a11d6f15cb637a28779", "258d29d87887f9e9303c0c23f466c6807c89f41ba19bc29d99d688971eb59c22", "2e8e2e885a25bb09aa90943880e7d81b9addfc0013d76c205cc5f615028f1839", "2f2f6a0ef0de62b9c305b24260b9208064130ea88d47a955f922a20f2be02ac0", "31dc34001eb08664526ad2389b4b0cdf28214c595eba05bf0f84bf16fa6b119b", "341d486619e7e2f91de5be87f1bca56ab58c3edebcdc35a949ea306cc4f2c91b", "377df2eb0bffe8d47667a343f80f0dff71a47227369f8a63a5336736fca1718d", "3d3382e61f289dd249b6817a694dc2c5ddfcdce7dafad7d1f3074e04bfa9442d", "4843ee4070f7d7a3c6e06e2e1ba26014c1d1b54ba1ca6eed552ddbb7ffa76d7b", "4e38a707a26fda9ba556cc17b79cb01121a51e6692809c18afe36e491b39174d", "4f6e0e822cfb6ffa0cca7c80bd33a8184912e6621aa28459e06f70929d9d36d9", "562f05f30ffb78866d0077785cfb36d11200f44dbf4abd68b4c43b016a136f8d", "57631559806e8a977e616b9c00fbe3ff2a957d5c65bbd4bbd5fcd53a63489949", "588c4714537fe5243b82572b8b98d2cc83cb99a18d188eaf883791e5125786da", "5a21751f48b27dff8488521a6113a4e102164ad68f1d6ac43f90b8ad7a0ebc8d", "693969c204a6b9714af4128612abeb08e36fbfc03bbef71accd253b0895b45b5", "793c06d0016e679f27a26643ff229dc942588838874fa4605961c74d10c34a49", "7e319635b05f872bcde07b37a87c45ac59a19cc403062b0a7a18125f6aa07d02", "7f73061dda346d0528d01f811e508b5fc47076df69503576032053166340d2af", "80654347845e9392f5039a94342f7b28c345c1ae6766939d7bda21360bf605bd", "8444fb5e16ca451dad9a315610b43a604ded969009404bf88110f9a840cbd96b", "a381580451ceb6fdc34f6efbb4597352d1b8b41abc8a78ecb90057f8d68384b4", "cf239b6dae275f53efa5723c0d9763c0bc5ec4052b93de80a170f6463116ee1e", "dab394cde1e5511f04e7ec2916cc473950358aa3cf37e0f393d1f739526eafad"], "ip": "91[.]119[.]40[.]0/27"}, {"hashes": ["04eb026fd69ee85a204deb1ab3d894fc95d543ff94667bc1f9baf05b77e1aa0c", "11dd9314fe25aa3eb43b042abf8b81b9e50fcfd79528b81288e3f98961789db6", "168ef2a56df0859de10120b164c6696d5affbf606fa9d6e79d78f6065d3edc03", "1e0b0bfbc83d700f9583f730244b02b26b12ba1db5c50edbe3489418acc837de", "202e5716d57ea7202f2231153c600fcf7f96017f82b70a11d6f15cb637a28779", "258d29d87887f9e9303c0c23f466c6807c89f41ba19bc29d99d688971eb59c22", "2e8e2e885a25bb09aa90943880e7d81b9addfc0013d76c205cc5f615028f1839", "2f2f6a0ef0de62b9c305b24260b9208064130ea88d47a955f922a20f2be02ac0", "31dc34001eb08664526ad2389b4b0cdf28214c595eba05bf0f84bf16fa6b119b", "341d486619e7e2f91de5be87f1bca56ab58c3edebcdc35a949ea306cc4f2c91b", "377df2eb0bffe8d47667a343f80f0dff71a47227369f8a63a5336736fca1718d", "3d3382e61f289dd249b6817a694dc2c5ddfcdce7dafad7d1f3074e04bfa9442d", "4843ee4070f7d7a3c6e06e2e1ba26014c1d1b54ba1ca6eed552ddbb7ffa76d7b", "4e38a707a26fda9ba556cc17b79cb01121a51e6692809c18afe36e491b39174d", "4f6e0e822cfb6ffa0cca7c80bd33a8184912e6621aa28459e06f70929d9d36d9", "562f05f30ffb78866d0077785cfb36d11200f44dbf4abd68b4c43b016a136f8d", "57631559806e8a977e616b9c00fbe3ff2a957d5c65bbd4bbd5fcd53a63489949", "588c4714537fe5243b82572b8b98d2cc83cb99a18d188eaf883791e5125786da", "5a21751f48b27dff8488521a6113a4e102164ad68f1d6ac43f90b8ad7a0ebc8d", "693969c204a6b9714af4128612abeb08e36fbfc03bbef71accd253b0895b45b5", "793c06d0016e679f27a26643ff229dc942588838874fa4605961c74d10c34a49", "7e319635b05f872bcde07b37a87c45ac59a19cc403062b0a7a18125f6aa07d02", "7f73061dda346d0528d01f811e508b5fc47076df69503576032053166340d2af", "80654347845e9392f5039a94342f7b28c345c1ae6766939d7bda21360bf605bd", "8444fb5e16ca451dad9a315610b43a604ded969009404bf88110f9a840cbd96b", "a381580451ceb6fdc34f6efbb4597352d1b8b41abc8a78ecb90057f8d68384b4", "cf239b6dae275f53efa5723c0d9763c0bc5ec4052b93de80a170f6463116ee1e", "dab394cde1e5511f04e7ec2916cc473950358aa3cf37e0f393d1f739526eafad"], "ip": "91[.]121[.]40[.]0/22"}, {"hashes": ["04eb026fd69ee85a204deb1ab3d894fc95d543ff94667bc1f9baf05b77e1aa0c", "258d29d87887f9e9303c0c23f466c6807c89f41ba19bc29d99d688971eb59c22", "2e8e2e885a25bb09aa90943880e7d81b9addfc0013d76c205cc5f615028f1839", "377df2eb0bffe8d47667a343f80f0dff71a47227369f8a63a5336736fca1718d", "4e38a707a26fda9ba556cc17b79cb01121a51e6692809c18afe36e491b39174d", "4f6e0e822cfb6ffa0cca7c80bd33a8184912e6621aa28459e06f70929d9d36d9", "562f05f30ffb78866d0077785cfb36d11200f44dbf4abd68b4c43b016a136f8d", "588c4714537fe5243b82572b8b98d2cc83cb99a18d188eaf883791e5125786da", "5a21751f48b27dff8488521a6113a4e102164ad68f1d6ac43f90b8ad7a0ebc8d", "693969c204a6b9714af4128612abeb08e36fbfc03bbef71accd253b0895b45b5", "8444fb5e16ca451dad9a315610b43a604ded969009404bf88110f9a840cbd96b", "a381580451ceb6fdc34f6efbb4597352d1b8b41abc8a78ecb90057f8d68384b4", "cf239b6dae275f53efa5723c0d9763c0bc5ec4052b93de80a170f6463116ee1e", "dab394cde1e5511f04e7ec2916cc473950358aa3cf37e0f393d1f739526eafad"], "ip": "172[.]66[.]42[.]238"}, {"hashes": ["11dd9314fe25aa3eb43b042abf8b81b9e50fcfd79528b81288e3f98961789db6", "168ef2a56df0859de10120b164c6696d5affbf606fa9d6e79d78f6065d3edc03", "1e0b0bfbc83d700f9583f730244b02b26b12ba1db5c50edbe3489418acc837de", "202e5716d57ea7202f2231153c600fcf7f96017f82b70a11d6f15cb637a28779", "2f2f6a0ef0de62b9c305b24260b9208064130ea88d47a955f922a20f2be02ac0", "31dc34001eb08664526ad2389b4b0cdf28214c595eba05bf0f84bf16fa6b119b", "341d486619e7e2f91de5be87f1bca56ab58c3edebcdc35a949ea306cc4f2c91b", "3d3382e61f289dd249b6817a694dc2c5ddfcdce7dafad7d1f3074e04bfa9442d", "4843ee4070f7d7a3c6e06e2e1ba26014c1d1b54ba1ca6eed552ddbb7ffa76d7b", "57631559806e8a977e616b9c00fbe3ff2a957d5c65bbd4bbd5fcd53a63489949", "793c06d0016e679f27a26643ff229dc942588838874fa4605961c74d10c34a49", "7e319635b05f872bcde07b37a87c45ac59a19cc403062b0a7a18125f6aa07d02", "7f73061dda346d0528d01f811e508b5fc47076df69503576032053166340d2af", "80654347845e9392f5039a94342f7b28c345c1ae6766939d7bda21360bf605bd"], "ip": "172[.]66[.]41[.]18"}, {"hashes": ["11dd9314fe25aa3eb43b042abf8b81b9e50fcfd79528b81288e3f98961789db6", "258d29d87887f9e9303c0c23f466c6807c89f41ba19bc29d99d688971eb59c22", "2e8e2e885a25bb09aa90943880e7d81b9addfc0013d76c205cc5f615028f1839", "3d3382e61f289dd249b6817a694dc2c5ddfcdce7dafad7d1f3074e04bfa9442d", "562f05f30ffb78866d0077785cfb36d11200f44dbf4abd68b4c43b016a136f8d", "57631559806e8a977e616b9c00fbe3ff2a957d5c65bbd4bbd5fcd53a63489949", "793c06d0016e679f27a26643ff229dc942588838874fa4605961c74d10c34a49", "7e319635b05f872bcde07b37a87c45ac59a19cc403062b0a7a18125f6aa07d02", "7f73061dda346d0528d01f811e508b5fc47076df69503576032053166340d2af", "8444fb5e16ca451dad9a315610b43a604ded969009404bf88110f9a840cbd96b", "a381580451ceb6fdc34f6efbb4597352d1b8b41abc8a78ecb90057f8d68384b4", "cf239b6dae275f53efa5723c0d9763c0bc5ec4052b93de80a170f6463116ee1e"], "ip": "104[.]20[.]20[.]251"}, {"hashes": ["168ef2a56df0859de10120b164c6696d5affbf606fa9d6e79d78f6065d3edc03", "1e0b0bfbc83d700f9583f730244b02b26b12ba1db5c50edbe3489418acc837de", "202e5716d57ea7202f2231153c600fcf7f96017f82b70a11d6f15cb637a28779", "2f2f6a0ef0de62b9c305b24260b9208064130ea88d47a955f922a20f2be02ac0", "341d486619e7e2f91de5be87f1bca56ab58c3edebcdc35a949ea306cc4f2c91b", "377df2eb0bffe8d47667a343f80f0dff71a47227369f8a63a5336736fca1718d", "4e38a707a26fda9ba556cc17b79cb01121a51e6692809c18afe36e491b39174d", "588c4714537fe5243b82572b8b98d2cc83cb99a18d188eaf883791e5125786da", "dab394cde1e5511f04e7ec2916cc473950358aa3cf37e0f393d1f739526eafad"], "ip": "172[.]67[.]2[.]88"}, {"hashes": ["04eb026fd69ee85a204deb1ab3d894fc95d543ff94667bc1f9baf05b77e1aa0c", "31dc34001eb08664526ad2389b4b0cdf28214c595eba05bf0f84bf16fa6b119b", "4843ee4070f7d7a3c6e06e2e1ba26014c1d1b54ba1ca6eed552ddbb7ffa76d7b", "4f6e0e822cfb6ffa0cca7c80bd33a8184912e6621aa28459e06f70929d9d36d9", "5a21751f48b27dff8488521a6113a4e102164ad68f1d6ac43f90b8ad7a0ebc8d", "693969c204a6b9714af4128612abeb08e36fbfc03bbef71accd253b0895b45b5", "80654347845e9392f5039a94342f7b28c345c1ae6766939d7bda21360bf605bd"], "ip": "104[.]20[.]21[.]251"}], "mutex": [{"hashes": ["04eb026fd69ee85a204deb1ab3d894fc95d543ff94667bc1f9baf05b77e1aa0c", "11dd9314fe25aa3eb43b042abf8b81b9e50fcfd79528b81288e3f98961789db6", "168ef2a56df0859de10120b164c6696d5affbf606fa9d6e79d78f6065d3edc03", "1e0b0bfbc83d700f9583f730244b02b26b12ba1db5c50edbe3489418acc837de", "202e5716d57ea7202f2231153c600fcf7f96017f82b70a11d6f15cb637a28779", "258d29d87887f9e9303c0c23f466c6807c89f41ba19bc29d99d688971eb59c22", "2e8e2e885a25bb09aa90943880e7d81b9addfc0013d76c205cc5f615028f1839", "2f2f6a0ef0de62b9c305b24260b9208064130ea88d47a955f922a20f2be02ac0", "31dc34001eb08664526ad2389b4b0cdf28214c595eba05bf0f84bf16fa6b119b", "341d486619e7e2f91de5be87f1bca56ab58c3edebcdc35a949ea306cc4f2c91b", "377df2eb0bffe8d47667a343f80f0dff71a47227369f8a63a5336736fca1718d", "3d3382e61f289dd249b6817a694dc2c5ddfcdce7dafad7d1f3074e04bfa9442d", "4843ee4070f7d7a3c6e06e2e1ba26014c1d1b54ba1ca6eed552ddbb7ffa76d7b", "4e38a707a26fda9ba556cc17b79cb01121a51e6692809c18afe36e491b39174d", "4f6e0e822cfb6ffa0cca7c80bd33a8184912e6621aa28459e06f70929d9d36d9", "562f05f30ffb78866d0077785cfb36d11200f44dbf4abd68b4c43b016a136f8d", "57631559806e8a977e616b9c00fbe3ff2a957d5c65bbd4bbd5fcd53a63489949", "588c4714537fe5243b82572b8b98d2cc83cb99a18d188eaf883791e5125786da", "5a21751f48b27dff8488521a6113a4e102164ad68f1d6ac43f90b8ad7a0ebc8d", "693969c204a6b9714af4128612abeb08e36fbfc03bbef71accd253b0895b45b5", "793c06d0016e679f27a26643ff229dc942588838874fa4605961c74d10c34a49", "7e319635b05f872bcde07b37a87c45ac59a19cc403062b0a7a18125f6aa07d02", "7f73061dda346d0528d01f811e508b5fc47076df69503576032053166340d2af", "80654347845e9392f5039a94342f7b28c345c1ae6766939d7bda21360bf605bd", "8444fb5e16ca451dad9a315610b43a604ded969009404bf88110f9a840cbd96b", "a381580451ceb6fdc34f6efbb4597352d1b8b41abc8a78ecb90057f8d68384b4", "cf239b6dae275f53efa5723c0d9763c0bc5ec4052b93de80a170f6463116ee1e", "dab394cde1e5511f04e7ec2916cc473950358aa3cf37e0f393d1f739526eafad"], "name": "shell.{381828AA-8B28-3374-1B67-35680555C5EF}"}, {"hashes": ["04eb026fd69ee85a204deb1ab3d894fc95d543ff94667bc1f9baf05b77e1aa0c", "11dd9314fe25aa3eb43b042abf8b81b9e50fcfd79528b81288e3f98961789db6", "168ef2a56df0859de10120b164c6696d5affbf606fa9d6e79d78f6065d3edc03", "1e0b0bfbc83d700f9583f730244b02b26b12ba1db5c50edbe3489418acc837de", "202e5716d57ea7202f2231153c600fcf7f96017f82b70a11d6f15cb637a28779", "258d29d87887f9e9303c0c23f466c6807c89f41ba19bc29d99d688971eb59c22", "2e8e2e885a25bb09aa90943880e7d81b9addfc0013d76c205cc5f615028f1839", "2f2f6a0ef0de62b9c305b24260b9208064130ea88d47a955f922a20f2be02ac0", "31dc34001eb08664526ad2389b4b0cdf28214c595eba05bf0f84bf16fa6b119b", "341d486619e7e2f91de5be87f1bca56ab58c3edebcdc35a949ea306cc4f2c91b", "377df2eb0bffe8d47667a343f80f0dff71a47227369f8a63a5336736fca1718d", "3d3382e61f289dd249b6817a694dc2c5ddfcdce7dafad7d1f3074e04bfa9442d", "4843ee4070f7d7a3c6e06e2e1ba26014c1d1b54ba1ca6eed552ddbb7ffa76d7b", "4e38a707a26fda9ba556cc17b79cb01121a51e6692809c18afe36e491b39174d", "4f6e0e822cfb6ffa0cca7c80bd33a8184912e6621aa28459e06f70929d9d36d9", "562f05f30ffb78866d0077785cfb36d11200f44dbf4abd68b4c43b016a136f8d", "57631559806e8a977e616b9c00fbe3ff2a957d5c65bbd4bbd5fcd53a63489949", "588c4714537fe5243b82572b8b98d2cc83cb99a18d188eaf883791e5125786da", "5a21751f48b27dff8488521a6113a4e102164ad68f1d6ac43f90b8ad7a0ebc8d", "693969c204a6b9714af4128612abeb08e36fbfc03bbef71accd253b0895b45b5", "793c06d0016e679f27a26643ff229dc942588838874fa4605961c74d10c34a49", "7e319635b05f872bcde07b37a87c45ac59a19cc403062b0a7a18125f6aa07d02", "7f73061dda346d0528d01f811e508b5fc47076df69503576032053166340d2af", "80654347845e9392f5039a94342f7b28c345c1ae6766939d7bda21360bf605bd", "8444fb5e16ca451dad9a315610b43a604ded969009404bf88110f9a840cbd96b", "a381580451ceb6fdc34f6efbb4597352d1b8b41abc8a78ecb90057f8d68384b4", "cf239b6dae275f53efa5723c0d9763c0bc5ec4052b93de80a170f6463116ee1e", "dab394cde1e5511f04e7ec2916cc473950358aa3cf37e0f393d1f739526eafad"], "name": "Global\\C::Users:Administrator:AppData:Local:Microsoft:Windows:Explorer:thumbcache_idx.db!16613a8"}], "registry": [{"hashes": ["04eb026fd69ee85a204deb1ab3d894fc95d543ff94667bc1f9baf05b77e1aa0c", "11dd9314fe25aa3eb43b042abf8b81b9e50fcfd79528b81288e3f98961789db6", "168ef2a56df0859de10120b164c6696d5affbf606fa9d6e79d78f6065d3edc03", "1e0b0bfbc83d700f9583f730244b02b26b12ba1db5c50edbe3489418acc837de", "202e5716d57ea7202f2231153c600fcf7f96017f82b70a11d6f15cb637a28779", "258d29d87887f9e9303c0c23f466c6807c89f41ba19bc29d99d688971eb59c22", "2e8e2e885a25bb09aa90943880e7d81b9addfc0013d76c205cc5f615028f1839", "2f2f6a0ef0de62b9c305b24260b9208064130ea88d47a955f922a20f2be02ac0", "31dc34001eb08664526ad2389b4b0cdf28214c595eba05bf0f84bf16fa6b119b", "341d486619e7e2f91de5be87f1bca56ab58c3edebcdc35a949ea306cc4f2c91b", "377df2eb0bffe8d47667a343f80f0dff71a47227369f8a63a5336736fca1718d", "3d3382e61f289dd249b6817a694dc2c5ddfcdce7dafad7d1f3074e04bfa9442d", "4843ee4070f7d7a3c6e06e2e1ba26014c1d1b54ba1ca6eed552ddbb7ffa76d7b", "4e38a707a26fda9ba556cc17b79cb01121a51e6692809c18afe36e491b39174d", "4f6e0e822cfb6ffa0cca7c80bd33a8184912e6621aa28459e06f70929d9d36d9", "562f05f30ffb78866d0077785cfb36d11200f44dbf4abd68b4c43b016a136f8d", "57631559806e8a977e616b9c00fbe3ff2a957d5c65bbd4bbd5fcd53a63489949", "588c4714537fe5243b82572b8b98d2cc83cb99a18d188eaf883791e5125786da", "5a21751f48b27dff8488521a6113a4e102164ad68f1d6ac43f90b8ad7a0ebc8d", "693969c204a6b9714af4128612abeb08e36fbfc03bbef71accd253b0895b45b5", "793c06d0016e679f27a26643ff229dc942588838874fa4605961c74d10c34a49", "7e319635b05f872bcde07b37a87c45ac59a19cc403062b0a7a18125f6aa07d02", "7f73061dda346d0528d01f811e508b5fc47076df69503576032053166340d2af", "80654347845e9392f5039a94342f7b28c345c1ae6766939d7bda21360bf605bd", "8444fb5e16ca451dad9a315610b43a604ded969009404bf88110f9a840cbd96b", "a381580451ceb6fdc34f6efbb4597352d1b8b41abc8a78ecb90057f8d68384b4", "cf239b6dae275f53efa5723c0d9763c0bc5ec4052b93de80a170f6463116ee1e", "dab394cde1e5511f04e7ec2916cc473950358aa3cf37e0f393d1f739526eafad"], "key": "<HKCR>\\LOCAL SETTINGS\\MUICACHE\\82\\52C64B7E", "value_name": "LanguageList"}]}, "reports_count": 28}, "Win.Ransomware.TeslaCrypt-9985040-0": {"bis": [{"bi": "antivirus-flagged-artifact", "hashes": ["8837ded9097e82948c53a4c875d66ff10271127e93702f89a8e4a9265625564d", "31e2b0639ccb2499f79c4d45a037a1b6db52e4d0145605076d5a3b28fe564566", "cb998389d745287bc242eb23fe128d50bb42198b6e2cf7092e9576471cf25a38", "ee0ca0f158ba207090b00152ac85b17e4ba097335bcf9242ca8246e849bcf537", "d89d2f295b2a07e6bf0bf6c2a1b47c8221700746b781a5e537099c212da6b06b", "d91e331d39b96788c6c7fb7ab3bf652d46f53be628331a7753ed1955e5f717be", "3113c2ac299a173a07ea6de7da87a2f2f29ed95e509b9dc6e7128ea9a8796266", "10a0df06ed33b5ed2771a316abc7cc9a621c2097fa9a4522d9c0ac31c4953b70", "046979df42da0affa983d6c73be7ad19afacbb6a05a28855cd302a24624ebb97", "6fd825e2bddea82cbc88fccbfdd50f425aa05047ffab0b511fb55c3f85ae88e4", "91df821cfa7634ff2b6e08a73533885f3ed24c19aa61d3f5d5e346b97d1f1590", "acbbd4b0c721c51bd9e510823659b521536ce43aad5eb324783c1c9e03e94974", "4559e437ee99d1f7cf2727597e030fade0c452c3ae0649e4669306372522db22", "2bce73c239a95080211fbfbc5b5268e1fecc81b3e5348ca391d00486dfe67d70", "e5db44290dea09182ee4383925805ee3bc901966cba16d7c05704b5a01eed95a", "4f7473bb503c036c12d8e5850f3aaeb1c8abe9cab4dd8b16314f258999eaa5cf"], "mitre_attack_tags": []}, {"bi": "pe-encrypted-section", "hashes": ["8837ded9097e82948c53a4c875d66ff10271127e93702f89a8e4a9265625564d", "31e2b0639ccb2499f79c4d45a037a1b6db52e4d0145605076d5a3b28fe564566", "cb998389d745287bc242eb23fe128d50bb42198b6e2cf7092e9576471cf25a38", "ee0ca0f158ba207090b00152ac85b17e4ba097335bcf9242ca8246e849bcf537", "d89d2f295b2a07e6bf0bf6c2a1b47c8221700746b781a5e537099c212da6b06b", "d91e331d39b96788c6c7fb7ab3bf652d46f53be628331a7753ed1955e5f717be", "3113c2ac299a173a07ea6de7da87a2f2f29ed95e509b9dc6e7128ea9a8796266", "10a0df06ed33b5ed2771a316abc7cc9a621c2097fa9a4522d9c0ac31c4953b70", "046979df42da0affa983d6c73be7ad19afacbb6a05a28855cd302a24624ebb97", "6fd825e2bddea82cbc88fccbfdd50f425aa05047ffab0b511fb55c3f85ae88e4", "91df821cfa7634ff2b6e08a73533885f3ed24c19aa61d3f5d5e346b97d1f1590", "acbbd4b0c721c51bd9e510823659b521536ce43aad5eb324783c1c9e03e94974", "4559e437ee99d1f7cf2727597e030fade0c452c3ae0649e4669306372522db22", "2bce73c239a95080211fbfbc5b5268e1fecc81b3e5348ca391d00486dfe67d70", "e5db44290dea09182ee4383925805ee3bc901966cba16d7c05704b5a01eed95a", "4f7473bb503c036c12d8e5850f3aaeb1c8abe9cab4dd8b16314f258999eaa5cf"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "memory-execute-readwrite", "hashes": ["8837ded9097e82948c53a4c875d66ff10271127e93702f89a8e4a9265625564d", "31e2b0639ccb2499f79c4d45a037a1b6db52e4d0145605076d5a3b28fe564566", "cb998389d745287bc242eb23fe128d50bb42198b6e2cf7092e9576471cf25a38", "ee0ca0f158ba207090b00152ac85b17e4ba097335bcf9242ca8246e849bcf537", "d89d2f295b2a07e6bf0bf6c2a1b47c8221700746b781a5e537099c212da6b06b", "d91e331d39b96788c6c7fb7ab3bf652d46f53be628331a7753ed1955e5f717be", "3113c2ac299a173a07ea6de7da87a2f2f29ed95e509b9dc6e7128ea9a8796266", "10a0df06ed33b5ed2771a316abc7cc9a621c2097fa9a4522d9c0ac31c4953b70", "046979df42da0affa983d6c73be7ad19afacbb6a05a28855cd302a24624ebb97", "6fd825e2bddea82cbc88fccbfdd50f425aa05047ffab0b511fb55c3f85ae88e4", "91df821cfa7634ff2b6e08a73533885f3ed24c19aa61d3f5d5e346b97d1f1590", "acbbd4b0c721c51bd9e510823659b521536ce43aad5eb324783c1c9e03e94974", "4559e437ee99d1f7cf2727597e030fade0c452c3ae0649e4669306372522db22", "2bce73c239a95080211fbfbc5b5268e1fecc81b3e5348ca391d00486dfe67d70", "e5db44290dea09182ee4383925805ee3bc901966cba16d7c05704b5a01eed95a", "4f7473bb503c036c12d8e5850f3aaeb1c8abe9cab4dd8b16314f258999eaa5cf"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "modified-executable", "hashes": ["8837ded9097e82948c53a4c875d66ff10271127e93702f89a8e4a9265625564d", "31e2b0639ccb2499f79c4d45a037a1b6db52e4d0145605076d5a3b28fe564566", "cb998389d745287bc242eb23fe128d50bb42198b6e2cf7092e9576471cf25a38", "ee0ca0f158ba207090b00152ac85b17e4ba097335bcf9242ca8246e849bcf537", "d89d2f295b2a07e6bf0bf6c2a1b47c8221700746b781a5e537099c212da6b06b", "d91e331d39b96788c6c7fb7ab3bf652d46f53be628331a7753ed1955e5f717be", "3113c2ac299a173a07ea6de7da87a2f2f29ed95e509b9dc6e7128ea9a8796266", "10a0df06ed33b5ed2771a316abc7cc9a621c2097fa9a4522d9c0ac31c4953b70", "046979df42da0affa983d6c73be7ad19afacbb6a05a28855cd302a24624ebb97", "6fd825e2bddea82cbc88fccbfdd50f425aa05047ffab0b511fb55c3f85ae88e4", "91df821cfa7634ff2b6e08a73533885f3ed24c19aa61d3f5d5e346b97d1f1590", "acbbd4b0c721c51bd9e510823659b521536ce43aad5eb324783c1c9e03e94974", "4559e437ee99d1f7cf2727597e030fade0c452c3ae0649e4669306372522db22", "2bce73c239a95080211fbfbc5b5268e1fecc81b3e5348ca391d00486dfe67d70", "e5db44290dea09182ee4383925805ee3bc901966cba16d7c05704b5a01eed95a", "4f7473bb503c036c12d8e5850f3aaeb1c8abe9cab4dd8b16314f258999eaa5cf"], "mitre_attack_tags": []}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["8837ded9097e82948c53a4c875d66ff10271127e93702f89a8e4a9265625564d", "31e2b0639ccb2499f79c4d45a037a1b6db52e4d0145605076d5a3b28fe564566", "cb998389d745287bc242eb23fe128d50bb42198b6e2cf7092e9576471cf25a38", "ee0ca0f158ba207090b00152ac85b17e4ba097335bcf9242ca8246e849bcf537", "d89d2f295b2a07e6bf0bf6c2a1b47c8221700746b781a5e537099c212da6b06b", "d91e331d39b96788c6c7fb7ab3bf652d46f53be628331a7753ed1955e5f717be", "3113c2ac299a173a07ea6de7da87a2f2f29ed95e509b9dc6e7128ea9a8796266", "10a0df06ed33b5ed2771a316abc7cc9a621c2097fa9a4522d9c0ac31c4953b70", "046979df42da0affa983d6c73be7ad19afacbb6a05a28855cd302a24624ebb97", "6fd825e2bddea82cbc88fccbfdd50f425aa05047ffab0b511fb55c3f85ae88e4", "91df821cfa7634ff2b6e08a73533885f3ed24c19aa61d3f5d5e346b97d1f1590", "acbbd4b0c721c51bd9e510823659b521536ce43aad5eb324783c1c9e03e94974", "4559e437ee99d1f7cf2727597e030fade0c452c3ae0649e4669306372522db22", "2bce73c239a95080211fbfbc5b5268e1fecc81b3e5348ca391d00486dfe67d70", "e5db44290dea09182ee4383925805ee3bc901966cba16d7c05704b5a01eed95a", "4f7473bb503c036c12d8e5850f3aaeb1c8abe9cab4dd8b16314f258999eaa5cf"], "mitre_attack_tags": []}, {"bi": "modified-file-in-user-dir", "hashes": ["8837ded9097e82948c53a4c875d66ff10271127e93702f89a8e4a9265625564d", "31e2b0639ccb2499f79c4d45a037a1b6db52e4d0145605076d5a3b28fe564566", "cb998389d745287bc242eb23fe128d50bb42198b6e2cf7092e9576471cf25a38", "ee0ca0f158ba207090b00152ac85b17e4ba097335bcf9242ca8246e849bcf537", "d89d2f295b2a07e6bf0bf6c2a1b47c8221700746b781a5e537099c212da6b06b", "d91e331d39b96788c6c7fb7ab3bf652d46f53be628331a7753ed1955e5f717be", "3113c2ac299a173a07ea6de7da87a2f2f29ed95e509b9dc6e7128ea9a8796266", "10a0df06ed33b5ed2771a316abc7cc9a621c2097fa9a4522d9c0ac31c4953b70", "046979df42da0affa983d6c73be7ad19afacbb6a05a28855cd302a24624ebb97", "6fd825e2bddea82cbc88fccbfdd50f425aa05047ffab0b511fb55c3f85ae88e4", "91df821cfa7634ff2b6e08a73533885f3ed24c19aa61d3f5d5e346b97d1f1590", "acbbd4b0c721c51bd9e510823659b521536ce43aad5eb324783c1c9e03e94974", "4559e437ee99d1f7cf2727597e030fade0c452c3ae0649e4669306372522db22", "2bce73c239a95080211fbfbc5b5268e1fecc81b3e5348ca391d00486dfe67d70", "e5db44290dea09182ee4383925805ee3bc901966cba16d7c05704b5a01eed95a", "4f7473bb503c036c12d8e5850f3aaeb1c8abe9cab4dd8b16314f258999eaa5cf"], "mitre_attack_tags": []}, {"bi": "pe-invalid-checksum", "hashes": ["8837ded9097e82948c53a4c875d66ff10271127e93702f89a8e4a9265625564d", "31e2b0639ccb2499f79c4d45a037a1b6db52e4d0145605076d5a3b28fe564566", "cb998389d745287bc242eb23fe128d50bb42198b6e2cf7092e9576471cf25a38", "ee0ca0f158ba207090b00152ac85b17e4ba097335bcf9242ca8246e849bcf537", "d89d2f295b2a07e6bf0bf6c2a1b47c8221700746b781a5e537099c212da6b06b", "d91e331d39b96788c6c7fb7ab3bf652d46f53be628331a7753ed1955e5f717be", "3113c2ac299a173a07ea6de7da87a2f2f29ed95e509b9dc6e7128ea9a8796266", "10a0df06ed33b5ed2771a316abc7cc9a621c2097fa9a4522d9c0ac31c4953b70", "046979df42da0affa983d6c73be7ad19afacbb6a05a28855cd302a24624ebb97", "6fd825e2bddea82cbc88fccbfdd50f425aa05047ffab0b511fb55c3f85ae88e4", "91df821cfa7634ff2b6e08a73533885f3ed24c19aa61d3f5d5e346b97d1f1590", "acbbd4b0c721c51bd9e510823659b521536ce43aad5eb324783c1c9e03e94974", "4559e437ee99d1f7cf2727597e030fade0c452c3ae0649e4669306372522db22", "2bce73c239a95080211fbfbc5b5268e1fecc81b3e5348ca391d00486dfe67d70", "e5db44290dea09182ee4383925805ee3bc901966cba16d7c05704b5a01eed95a", "4f7473bb503c036c12d8e5850f3aaeb1c8abe9cab4dd8b16314f258999eaa5cf"], "mitre_attack_tags": []}, {"bi": "network-opendns-malicious", "hashes": ["8837ded9097e82948c53a4c875d66ff10271127e93702f89a8e4a9265625564d", "31e2b0639ccb2499f79c4d45a037a1b6db52e4d0145605076d5a3b28fe564566", "cb998389d745287bc242eb23fe128d50bb42198b6e2cf7092e9576471cf25a38", "ee0ca0f158ba207090b00152ac85b17e4ba097335bcf9242ca8246e849bcf537", "d89d2f295b2a07e6bf0bf6c2a1b47c8221700746b781a5e537099c212da6b06b", "d91e331d39b96788c6c7fb7ab3bf652d46f53be628331a7753ed1955e5f717be", "3113c2ac299a173a07ea6de7da87a2f2f29ed95e509b9dc6e7128ea9a8796266", "10a0df06ed33b5ed2771a316abc7cc9a621c2097fa9a4522d9c0ac31c4953b70", "046979df42da0affa983d6c73be7ad19afacbb6a05a28855cd302a24624ebb97", "6fd825e2bddea82cbc88fccbfdd50f425aa05047ffab0b511fb55c3f85ae88e4", "91df821cfa7634ff2b6e08a73533885f3ed24c19aa61d3f5d5e346b97d1f1590", "acbbd4b0c721c51bd9e510823659b521536ce43aad5eb324783c1c9e03e94974", "4559e437ee99d1f7cf2727597e030fade0c452c3ae0649e4669306372522db22", "2bce73c239a95080211fbfbc5b5268e1fecc81b3e5348ca391d00486dfe67d70", "e5db44290dea09182ee4383925805ee3bc901966cba16d7c05704b5a01eed95a", "4f7473bb503c036c12d8e5850f3aaeb1c8abe9cab4dd8b16314f258999eaa5cf"], "mitre_attack_tags": []}, {"bi": "network-file-uploaded", "hashes": ["8837ded9097e82948c53a4c875d66ff10271127e93702f89a8e4a9265625564d", "31e2b0639ccb2499f79c4d45a037a1b6db52e4d0145605076d5a3b28fe564566", "cb998389d745287bc242eb23fe128d50bb42198b6e2cf7092e9576471cf25a38", "ee0ca0f158ba207090b00152ac85b17e4ba097335bcf9242ca8246e849bcf537", "d89d2f295b2a07e6bf0bf6c2a1b47c8221700746b781a5e537099c212da6b06b", "d91e331d39b96788c6c7fb7ab3bf652d46f53be628331a7753ed1955e5f717be", "3113c2ac299a173a07ea6de7da87a2f2f29ed95e509b9dc6e7128ea9a8796266", "10a0df06ed33b5ed2771a316abc7cc9a621c2097fa9a4522d9c0ac31c4953b70", "046979df42da0affa983d6c73be7ad19afacbb6a05a28855cd302a24624ebb97", "6fd825e2bddea82cbc88fccbfdd50f425aa05047ffab0b511fb55c3f85ae88e4", "91df821cfa7634ff2b6e08a73533885f3ed24c19aa61d3f5d5e346b97d1f1590", "acbbd4b0c721c51bd9e510823659b521536ce43aad5eb324783c1c9e03e94974", "4559e437ee99d1f7cf2727597e030fade0c452c3ae0649e4669306372522db22", "2bce73c239a95080211fbfbc5b5268e1fecc81b3e5348ca391d00486dfe67d70", "e5db44290dea09182ee4383925805ee3bc901966cba16d7c05704b5a01eed95a", "4f7473bb503c036c12d8e5850f3aaeb1c8abe9cab4dd8b16314f258999eaa5cf"], "mitre_attack_tags": ["TA0010", "T1011"]}, {"bi": "network-fast-flux-domain", "hashes": ["8837ded9097e82948c53a4c875d66ff10271127e93702f89a8e4a9265625564d", "31e2b0639ccb2499f79c4d45a037a1b6db52e4d0145605076d5a3b28fe564566", "cb998389d745287bc242eb23fe128d50bb42198b6e2cf7092e9576471cf25a38", "ee0ca0f158ba207090b00152ac85b17e4ba097335bcf9242ca8246e849bcf537", "d89d2f295b2a07e6bf0bf6c2a1b47c8221700746b781a5e537099c212da6b06b", "d91e331d39b96788c6c7fb7ab3bf652d46f53be628331a7753ed1955e5f717be", "3113c2ac299a173a07ea6de7da87a2f2f29ed95e509b9dc6e7128ea9a8796266", "10a0df06ed33b5ed2771a316abc7cc9a621c2097fa9a4522d9c0ac31c4953b70", "046979df42da0affa983d6c73be7ad19afacbb6a05a28855cd302a24624ebb97", "6fd825e2bddea82cbc88fccbfdd50f425aa05047ffab0b511fb55c3f85ae88e4", "91df821cfa7634ff2b6e08a73533885f3ed24c19aa61d3f5d5e346b97d1f1590", "acbbd4b0c721c51bd9e510823659b521536ce43aad5eb324783c1c9e03e94974", "4559e437ee99d1f7cf2727597e030fade0c452c3ae0649e4669306372522db22", "2bce73c239a95080211fbfbc5b5268e1fecc81b3e5348ca391d00486dfe67d70", "e5db44290dea09182ee4383925805ee3bc901966cba16d7c05704b5a01eed95a", "4f7473bb503c036c12d8e5850f3aaeb1c8abe9cab4dd8b16314f258999eaa5cf"], "mitre_attack_tags": []}, {"bi": "network-communications-http-post", "hashes": ["8837ded9097e82948c53a4c875d66ff10271127e93702f89a8e4a9265625564d", "31e2b0639ccb2499f79c4d45a037a1b6db52e4d0145605076d5a3b28fe564566", "cb998389d745287bc242eb23fe128d50bb42198b6e2cf7092e9576471cf25a38", "ee0ca0f158ba207090b00152ac85b17e4ba097335bcf9242ca8246e849bcf537", "d89d2f295b2a07e6bf0bf6c2a1b47c8221700746b781a5e537099c212da6b06b", "d91e331d39b96788c6c7fb7ab3bf652d46f53be628331a7753ed1955e5f717be", "3113c2ac299a173a07ea6de7da87a2f2f29ed95e509b9dc6e7128ea9a8796266", "10a0df06ed33b5ed2771a316abc7cc9a621c2097fa9a4522d9c0ac31c4953b70", "046979df42da0affa983d6c73be7ad19afacbb6a05a28855cd302a24624ebb97", "6fd825e2bddea82cbc88fccbfdd50f425aa05047ffab0b511fb55c3f85ae88e4", "91df821cfa7634ff2b6e08a73533885f3ed24c19aa61d3f5d5e346b97d1f1590", "acbbd4b0c721c51bd9e510823659b521536ce43aad5eb324783c1c9e03e94974", "4559e437ee99d1f7cf2727597e030fade0c452c3ae0649e4669306372522db22", "2bce73c239a95080211fbfbc5b5268e1fecc81b3e5348ca391d00486dfe67d70", "e5db44290dea09182ee4383925805ee3bc901966cba16d7c05704b5a01eed95a", "4f7473bb503c036c12d8e5850f3aaeb1c8abe9cab4dd8b16314f258999eaa5cf"], "mitre_attack_tags": ["TA0010", "T1048"]}, {"bi": "network-communications-http-get", "hashes": ["8837ded9097e82948c53a4c875d66ff10271127e93702f89a8e4a9265625564d", "31e2b0639ccb2499f79c4d45a037a1b6db52e4d0145605076d5a3b28fe564566", "cb998389d745287bc242eb23fe128d50bb42198b6e2cf7092e9576471cf25a38", "ee0ca0f158ba207090b00152ac85b17e4ba097335bcf9242ca8246e849bcf537", "d89d2f295b2a07e6bf0bf6c2a1b47c8221700746b781a5e537099c212da6b06b", "d91e331d39b96788c6c7fb7ab3bf652d46f53be628331a7753ed1955e5f717be", "3113c2ac299a173a07ea6de7da87a2f2f29ed95e509b9dc6e7128ea9a8796266", "10a0df06ed33b5ed2771a316abc7cc9a621c2097fa9a4522d9c0ac31c4953b70", "046979df42da0affa983d6c73be7ad19afacbb6a05a28855cd302a24624ebb97", "6fd825e2bddea82cbc88fccbfdd50f425aa05047ffab0b511fb55c3f85ae88e4", "91df821cfa7634ff2b6e08a73533885f3ed24c19aa61d3f5d5e346b97d1f1590", "acbbd4b0c721c51bd9e510823659b521536ce43aad5eb324783c1c9e03e94974", "4559e437ee99d1f7cf2727597e030fade0c452c3ae0649e4669306372522db22", "2bce73c239a95080211fbfbc5b5268e1fecc81b3e5348ca391d00486dfe67d70", "e5db44290dea09182ee4383925805ee3bc901966cba16d7c05704b5a01eed95a", "4f7473bb503c036c12d8e5850f3aaeb1c8abe9cab4dd8b16314f258999eaa5cf"], "mitre_attack_tags": ["TA0011", "T1105"]}, {"bi": "dns-query-nxdomain", "hashes": ["8837ded9097e82948c53a4c875d66ff10271127e93702f89a8e4a9265625564d", "31e2b0639ccb2499f79c4d45a037a1b6db52e4d0145605076d5a3b28fe564566", "cb998389d745287bc242eb23fe128d50bb42198b6e2cf7092e9576471cf25a38", "ee0ca0f158ba207090b00152ac85b17e4ba097335bcf9242ca8246e849bcf537", "d89d2f295b2a07e6bf0bf6c2a1b47c8221700746b781a5e537099c212da6b06b", "d91e331d39b96788c6c7fb7ab3bf652d46f53be628331a7753ed1955e5f717be", "3113c2ac299a173a07ea6de7da87a2f2f29ed95e509b9dc6e7128ea9a8796266", "10a0df06ed33b5ed2771a316abc7cc9a621c2097fa9a4522d9c0ac31c4953b70", "046979df42da0affa983d6c73be7ad19afacbb6a05a28855cd302a24624ebb97", "6fd825e2bddea82cbc88fccbfdd50f425aa05047ffab0b511fb55c3f85ae88e4", "91df821cfa7634ff2b6e08a73533885f3ed24c19aa61d3f5d5e346b97d1f1590", "acbbd4b0c721c51bd9e510823659b521536ce43aad5eb324783c1c9e03e94974", "4559e437ee99d1f7cf2727597e030fade0c452c3ae0649e4669306372522db22", "2bce73c239a95080211fbfbc5b5268e1fecc81b3e5348ca391d00486dfe67d70", "e5db44290dea09182ee4383925805ee3bc901966cba16d7c05704b5a01eed95a", "4f7473bb503c036c12d8e5850f3aaeb1c8abe9cab4dd8b16314f258999eaa5cf"], "mitre_attack_tags": []}, {"bi": "network-only-safe-domains-contacted", "hashes": ["8837ded9097e82948c53a4c875d66ff10271127e93702f89a8e4a9265625564d", "31e2b0639ccb2499f79c4d45a037a1b6db52e4d0145605076d5a3b28fe564566", "cb998389d745287bc242eb23fe128d50bb42198b6e2cf7092e9576471cf25a38", "ee0ca0f158ba207090b00152ac85b17e4ba097335bcf9242ca8246e849bcf537", "d89d2f295b2a07e6bf0bf6c2a1b47c8221700746b781a5e537099c212da6b06b", "d91e331d39b96788c6c7fb7ab3bf652d46f53be628331a7753ed1955e5f717be", "3113c2ac299a173a07ea6de7da87a2f2f29ed95e509b9dc6e7128ea9a8796266", "10a0df06ed33b5ed2771a316abc7cc9a621c2097fa9a4522d9c0ac31c4953b70", "046979df42da0affa983d6c73be7ad19afacbb6a05a28855cd302a24624ebb97", "6fd825e2bddea82cbc88fccbfdd50f425aa05047ffab0b511fb55c3f85ae88e4", "91df821cfa7634ff2b6e08a73533885f3ed24c19aa61d3f5d5e346b97d1f1590", "acbbd4b0c721c51bd9e510823659b521536ce43aad5eb324783c1c9e03e94974", "4559e437ee99d1f7cf2727597e030fade0c452c3ae0649e4669306372522db22", "2bce73c239a95080211fbfbc5b5268e1fecc81b3e5348ca391d00486dfe67d70", "e5db44290dea09182ee4383925805ee3bc901966cba16d7c05704b5a01eed95a", "4f7473bb503c036c12d8e5850f3aaeb1c8abe9cab4dd8b16314f258999eaa5cf"], "mitre_attack_tags": []}, {"bi": "network-dns-category-parked-domain", "hashes": ["8837ded9097e82948c53a4c875d66ff10271127e93702f89a8e4a9265625564d", "31e2b0639ccb2499f79c4d45a037a1b6db52e4d0145605076d5a3b28fe564566", "cb998389d745287bc242eb23fe128d50bb42198b6e2cf7092e9576471cf25a38", "ee0ca0f158ba207090b00152ac85b17e4ba097335bcf9242ca8246e849bcf537", "d89d2f295b2a07e6bf0bf6c2a1b47c8221700746b781a5e537099c212da6b06b", "d91e331d39b96788c6c7fb7ab3bf652d46f53be628331a7753ed1955e5f717be", "3113c2ac299a173a07ea6de7da87a2f2f29ed95e509b9dc6e7128ea9a8796266", "10a0df06ed33b5ed2771a316abc7cc9a621c2097fa9a4522d9c0ac31c4953b70", "046979df42da0affa983d6c73be7ad19afacbb6a05a28855cd302a24624ebb97", "6fd825e2bddea82cbc88fccbfdd50f425aa05047ffab0b511fb55c3f85ae88e4", "91df821cfa7634ff2b6e08a73533885f3ed24c19aa61d3f5d5e346b97d1f1590", "acbbd4b0c721c51bd9e510823659b521536ce43aad5eb324783c1c9e03e94974", "4559e437ee99d1f7cf2727597e030fade0c452c3ae0649e4669306372522db22", "2bce73c239a95080211fbfbc5b5268e1fecc81b3e5348ca391d00486dfe67d70", "e5db44290dea09182ee4383925805ee3bc901966cba16d7c05704b5a01eed95a", "4f7473bb503c036c12d8e5850f3aaeb1c8abe9cab4dd8b16314f258999eaa5cf"], "mitre_attack_tags": []}, {"bi": "network-file-downloaded-to-disk", "hashes": ["8837ded9097e82948c53a4c875d66ff10271127e93702f89a8e4a9265625564d", "31e2b0639ccb2499f79c4d45a037a1b6db52e4d0145605076d5a3b28fe564566", "cb998389d745287bc242eb23fe128d50bb42198b6e2cf7092e9576471cf25a38", "ee0ca0f158ba207090b00152ac85b17e4ba097335bcf9242ca8246e849bcf537", "d89d2f295b2a07e6bf0bf6c2a1b47c8221700746b781a5e537099c212da6b06b", "d91e331d39b96788c6c7fb7ab3bf652d46f53be628331a7753ed1955e5f717be", "3113c2ac299a173a07ea6de7da87a2f2f29ed95e509b9dc6e7128ea9a8796266", "10a0df06ed33b5ed2771a316abc7cc9a621c2097fa9a4522d9c0ac31c4953b70", "046979df42da0affa983d6c73be7ad19afacbb6a05a28855cd302a24624ebb97", "6fd825e2bddea82cbc88fccbfdd50f425aa05047ffab0b511fb55c3f85ae88e4", "91df821cfa7634ff2b6e08a73533885f3ed24c19aa61d3f5d5e346b97d1f1590", "acbbd4b0c721c51bd9e510823659b521536ce43aad5eb324783c1c9e03e94974", "4559e437ee99d1f7cf2727597e030fade0c452c3ae0649e4669306372522db22", "2bce73c239a95080211fbfbc5b5268e1fecc81b3e5348ca391d00486dfe67d70", "e5db44290dea09182ee4383925805ee3bc901966cba16d7c05704b5a01eed95a", "4f7473bb503c036c12d8e5850f3aaeb1c8abe9cab4dd8b16314f258999eaa5cf"], "mitre_attack_tags": []}, {"bi": "feed-domain-antivirus-service", "hashes": ["8837ded9097e82948c53a4c875d66ff10271127e93702f89a8e4a9265625564d", "31e2b0639ccb2499f79c4d45a037a1b6db52e4d0145605076d5a3b28fe564566", "cb998389d745287bc242eb23fe128d50bb42198b6e2cf7092e9576471cf25a38", "ee0ca0f158ba207090b00152ac85b17e4ba097335bcf9242ca8246e849bcf537", "d89d2f295b2a07e6bf0bf6c2a1b47c8221700746b781a5e537099c212da6b06b", "d91e331d39b96788c6c7fb7ab3bf652d46f53be628331a7753ed1955e5f717be", "3113c2ac299a173a07ea6de7da87a2f2f29ed95e509b9dc6e7128ea9a8796266", "10a0df06ed33b5ed2771a316abc7cc9a621c2097fa9a4522d9c0ac31c4953b70", "046979df42da0affa983d6c73be7ad19afacbb6a05a28855cd302a24624ebb97", "6fd825e2bddea82cbc88fccbfdd50f425aa05047ffab0b511fb55c3f85ae88e4", "91df821cfa7634ff2b6e08a73533885f3ed24c19aa61d3f5d5e346b97d1f1590", "acbbd4b0c721c51bd9e510823659b521536ce43aad5eb324783c1c9e03e94974", "4559e437ee99d1f7cf2727597e030fade0c452c3ae0649e4669306372522db22", "2bce73c239a95080211fbfbc5b5268e1fecc81b3e5348ca391d00486dfe67d70", "e5db44290dea09182ee4383925805ee3bc901966cba16d7c05704b5a01eed95a", "4f7473bb503c036c12d8e5850f3aaeb1c8abe9cab4dd8b16314f258999eaa5cf"], "mitre_attack_tags": []}, {"bi": "process-requested-named-pipe", "hashes": ["8837ded9097e82948c53a4c875d66ff10271127e93702f89a8e4a9265625564d", "31e2b0639ccb2499f79c4d45a037a1b6db52e4d0145605076d5a3b28fe564566", "cb998389d745287bc242eb23fe128d50bb42198b6e2cf7092e9576471cf25a38", "ee0ca0f158ba207090b00152ac85b17e4ba097335bcf9242ca8246e849bcf537", "d89d2f295b2a07e6bf0bf6c2a1b47c8221700746b781a5e537099c212da6b06b", "d91e331d39b96788c6c7fb7ab3bf652d46f53be628331a7753ed1955e5f717be", "3113c2ac299a173a07ea6de7da87a2f2f29ed95e509b9dc6e7128ea9a8796266", "10a0df06ed33b5ed2771a316abc7cc9a621c2097fa9a4522d9c0ac31c4953b70", "046979df42da0affa983d6c73be7ad19afacbb6a05a28855cd302a24624ebb97", "6fd825e2bddea82cbc88fccbfdd50f425aa05047ffab0b511fb55c3f85ae88e4", "91df821cfa7634ff2b6e08a73533885f3ed24c19aa61d3f5d5e346b97d1f1590", "acbbd4b0c721c51bd9e510823659b521536ce43aad5eb324783c1c9e03e94974", "4559e437ee99d1f7cf2727597e030fade0c452c3ae0649e4669306372522db22", "2bce73c239a95080211fbfbc5b5268e1fecc81b3e5348ca391d00486dfe67d70", "e5db44290dea09182ee4383925805ee3bc901966cba16d7c05704b5a01eed95a", "4f7473bb503c036c12d8e5850f3aaeb1c8abe9cab4dd8b16314f258999eaa5cf"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "http-response-client-error", "hashes": ["8837ded9097e82948c53a4c875d66ff10271127e93702f89a8e4a9265625564d", "31e2b0639ccb2499f79c4d45a037a1b6db52e4d0145605076d5a3b28fe564566", "cb998389d745287bc242eb23fe128d50bb42198b6e2cf7092e9576471cf25a38", "ee0ca0f158ba207090b00152ac85b17e4ba097335bcf9242ca8246e849bcf537", "d89d2f295b2a07e6bf0bf6c2a1b47c8221700746b781a5e537099c212da6b06b", "d91e331d39b96788c6c7fb7ab3bf652d46f53be628331a7753ed1955e5f717be", "3113c2ac299a173a07ea6de7da87a2f2f29ed95e509b9dc6e7128ea9a8796266", "10a0df06ed33b5ed2771a316abc7cc9a621c2097fa9a4522d9c0ac31c4953b70", "046979df42da0affa983d6c73be7ad19afacbb6a05a28855cd302a24624ebb97", "6fd825e2bddea82cbc88fccbfdd50f425aa05047ffab0b511fb55c3f85ae88e4", "91df821cfa7634ff2b6e08a73533885f3ed24c19aa61d3f5d5e346b97d1f1590", "acbbd4b0c721c51bd9e510823659b521536ce43aad5eb324783c1c9e03e94974", "4559e437ee99d1f7cf2727597e030fade0c452c3ae0649e4669306372522db22", "2bce73c239a95080211fbfbc5b5268e1fecc81b3e5348ca391d00486dfe67d70", "e5db44290dea09182ee4383925805ee3bc901966cba16d7c05704b5a01eed95a", "4f7473bb503c036c12d8e5850f3aaeb1c8abe9cab4dd8b16314f258999eaa5cf"], "mitre_attack_tags": []}, {"bi": "deleted-submitted-file", "hashes": ["8837ded9097e82948c53a4c875d66ff10271127e93702f89a8e4a9265625564d", "31e2b0639ccb2499f79c4d45a037a1b6db52e4d0145605076d5a3b28fe564566", "cb998389d745287bc242eb23fe128d50bb42198b6e2cf7092e9576471cf25a38", "ee0ca0f158ba207090b00152ac85b17e4ba097335bcf9242ca8246e849bcf537", "d89d2f295b2a07e6bf0bf6c2a1b47c8221700746b781a5e537099c212da6b06b", "d91e331d39b96788c6c7fb7ab3bf652d46f53be628331a7753ed1955e5f717be", "3113c2ac299a173a07ea6de7da87a2f2f29ed95e509b9dc6e7128ea9a8796266", "10a0df06ed33b5ed2771a316abc7cc9a621c2097fa9a4522d9c0ac31c4953b70", "046979df42da0affa983d6c73be7ad19afacbb6a05a28855cd302a24624ebb97", "6fd825e2bddea82cbc88fccbfdd50f425aa05047ffab0b511fb55c3f85ae88e4", "91df821cfa7634ff2b6e08a73533885f3ed24c19aa61d3f5d5e346b97d1f1590", "acbbd4b0c721c51bd9e510823659b521536ce43aad5eb324783c1c9e03e94974", "4559e437ee99d1f7cf2727597e030fade0c452c3ae0649e4669306372522db22", "2bce73c239a95080211fbfbc5b5268e1fecc81b3e5348ca391d00486dfe67d70", "e5db44290dea09182ee4383925805ee3bc901966cba16d7c05704b5a01eed95a", "4f7473bb503c036c12d8e5850f3aaeb1c8abe9cab4dd8b16314f258999eaa5cf"], "mitre_attack_tags": ["TA0005"]}, {"bi": "enumeration-browser-information", "hashes": ["8837ded9097e82948c53a4c875d66ff10271127e93702f89a8e4a9265625564d", "31e2b0639ccb2499f79c4d45a037a1b6db52e4d0145605076d5a3b28fe564566", "cb998389d745287bc242eb23fe128d50bb42198b6e2cf7092e9576471cf25a38", "ee0ca0f158ba207090b00152ac85b17e4ba097335bcf9242ca8246e849bcf537", "d89d2f295b2a07e6bf0bf6c2a1b47c8221700746b781a5e537099c212da6b06b", "d91e331d39b96788c6c7fb7ab3bf652d46f53be628331a7753ed1955e5f717be", "3113c2ac299a173a07ea6de7da87a2f2f29ed95e509b9dc6e7128ea9a8796266", "10a0df06ed33b5ed2771a316abc7cc9a621c2097fa9a4522d9c0ac31c4953b70", "046979df42da0affa983d6c73be7ad19afacbb6a05a28855cd302a24624ebb97", "6fd825e2bddea82cbc88fccbfdd50f425aa05047ffab0b511fb55c3f85ae88e4", "91df821cfa7634ff2b6e08a73533885f3ed24c19aa61d3f5d5e346b97d1f1590", "acbbd4b0c721c51bd9e510823659b521536ce43aad5eb324783c1c9e03e94974", "4559e437ee99d1f7cf2727597e030fade0c452c3ae0649e4669306372522db22", "2bce73c239a95080211fbfbc5b5268e1fecc81b3e5348ca391d00486dfe67d70", "e5db44290dea09182ee4383925805ee3bc901966cba16d7c05704b5a01eed95a", "4f7473bb503c036c12d8e5850f3aaeb1c8abe9cab4dd8b16314f258999eaa5cf"], "mitre_attack_tags": ["TA0007", "TA0009", "TA0006", "T1083", "T1217", "T1005", "T1119", "T1552", "T1539", "T1555"]}, {"bi": "sample-launched-copy-of-self", "hashes": ["8837ded9097e82948c53a4c875d66ff10271127e93702f89a8e4a9265625564d", "31e2b0639ccb2499f79c4d45a037a1b6db52e4d0145605076d5a3b28fe564566", "cb998389d745287bc242eb23fe128d50bb42198b6e2cf7092e9576471cf25a38", "ee0ca0f158ba207090b00152ac85b17e4ba097335bcf9242ca8246e849bcf537", "d89d2f295b2a07e6bf0bf6c2a1b47c8221700746b781a5e537099c212da6b06b", "d91e331d39b96788c6c7fb7ab3bf652d46f53be628331a7753ed1955e5f717be", "3113c2ac299a173a07ea6de7da87a2f2f29ed95e509b9dc6e7128ea9a8796266", "10a0df06ed33b5ed2771a316abc7cc9a621c2097fa9a4522d9c0ac31c4953b70", "046979df42da0affa983d6c73be7ad19afacbb6a05a28855cd302a24624ebb97", "6fd825e2bddea82cbc88fccbfdd50f425aa05047ffab0b511fb55c3f85ae88e4", "91df821cfa7634ff2b6e08a73533885f3ed24c19aa61d3f5d5e346b97d1f1590", "acbbd4b0c721c51bd9e510823659b521536ce43aad5eb324783c1c9e03e94974", "4559e437ee99d1f7cf2727597e030fade0c452c3ae0649e4669306372522db22", "2bce73c239a95080211fbfbc5b5268e1fecc81b3e5348ca391d00486dfe67d70", "e5db44290dea09182ee4383925805ee3bc901966cba16d7c05704b5a01eed95a", "4f7473bb503c036c12d8e5850f3aaeb1c8abe9cab4dd8b16314f258999eaa5cf"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "network-dns-category-proxy", "hashes": ["8837ded9097e82948c53a4c875d66ff10271127e93702f89a8e4a9265625564d", "31e2b0639ccb2499f79c4d45a037a1b6db52e4d0145605076d5a3b28fe564566", "cb998389d745287bc242eb23fe128d50bb42198b6e2cf7092e9576471cf25a38", "ee0ca0f158ba207090b00152ac85b17e4ba097335bcf9242ca8246e849bcf537", "d89d2f295b2a07e6bf0bf6c2a1b47c8221700746b781a5e537099c212da6b06b", "d91e331d39b96788c6c7fb7ab3bf652d46f53be628331a7753ed1955e5f717be", "3113c2ac299a173a07ea6de7da87a2f2f29ed95e509b9dc6e7128ea9a8796266", "10a0df06ed33b5ed2771a316abc7cc9a621c2097fa9a4522d9c0ac31c4953b70", "046979df42da0affa983d6c73be7ad19afacbb6a05a28855cd302a24624ebb97", "6fd825e2bddea82cbc88fccbfdd50f425aa05047ffab0b511fb55c3f85ae88e4", "91df821cfa7634ff2b6e08a73533885f3ed24c19aa61d3f5d5e346b97d1f1590", "acbbd4b0c721c51bd9e510823659b521536ce43aad5eb324783c1c9e03e94974", "4559e437ee99d1f7cf2727597e030fade0c452c3ae0649e4669306372522db22", "2bce73c239a95080211fbfbc5b5268e1fecc81b3e5348ca391d00486dfe67d70", "e5db44290dea09182ee4383925805ee3bc901966cba16d7c05704b5a01eed95a", "4f7473bb503c036c12d8e5850f3aaeb1c8abe9cab4dd8b16314f258999eaa5cf"], "mitre_attack_tags": []}, {"bi": "altered-sample-dns-flagged", "hashes": ["8837ded9097e82948c53a4c875d66ff10271127e93702f89a8e4a9265625564d", "31e2b0639ccb2499f79c4d45a037a1b6db52e4d0145605076d5a3b28fe564566", "cb998389d745287bc242eb23fe128d50bb42198b6e2cf7092e9576471cf25a38", "ee0ca0f158ba207090b00152ac85b17e4ba097335bcf9242ca8246e849bcf537", "d89d2f295b2a07e6bf0bf6c2a1b47c8221700746b781a5e537099c212da6b06b", "d91e331d39b96788c6c7fb7ab3bf652d46f53be628331a7753ed1955e5f717be", "3113c2ac299a173a07ea6de7da87a2f2f29ed95e509b9dc6e7128ea9a8796266", "10a0df06ed33b5ed2771a316abc7cc9a621c2097fa9a4522d9c0ac31c4953b70", "046979df42da0affa983d6c73be7ad19afacbb6a05a28855cd302a24624ebb97", "6fd825e2bddea82cbc88fccbfdd50f425aa05047ffab0b511fb55c3f85ae88e4", "91df821cfa7634ff2b6e08a73533885f3ed24c19aa61d3f5d5e346b97d1f1590", "acbbd4b0c721c51bd9e510823659b521536ce43aad5eb324783c1c9e03e94974", "4559e437ee99d1f7cf2727597e030fade0c452c3ae0649e4669306372522db22", "2bce73c239a95080211fbfbc5b5268e1fecc81b3e5348ca391d00486dfe67d70", "e5db44290dea09182ee4383925805ee3bc901966cba16d7c05704b5a01eed95a", "4f7473bb503c036c12d8e5850f3aaeb1c8abe9cab4dd8b16314f258999eaa5cf"], "mitre_attack_tags": ["TA0011", "T1102"]}, {"bi": "sample-launched-copy-domain-flagged", "hashes": ["8837ded9097e82948c53a4c875d66ff10271127e93702f89a8e4a9265625564d", "31e2b0639ccb2499f79c4d45a037a1b6db52e4d0145605076d5a3b28fe564566", "cb998389d745287bc242eb23fe128d50bb42198b6e2cf7092e9576471cf25a38", "ee0ca0f158ba207090b00152ac85b17e4ba097335bcf9242ca8246e849bcf537", "d89d2f295b2a07e6bf0bf6c2a1b47c8221700746b781a5e537099c212da6b06b", "d91e331d39b96788c6c7fb7ab3bf652d46f53be628331a7753ed1955e5f717be", "3113c2ac299a173a07ea6de7da87a2f2f29ed95e509b9dc6e7128ea9a8796266", "10a0df06ed33b5ed2771a316abc7cc9a621c2097fa9a4522d9c0ac31c4953b70", "046979df42da0affa983d6c73be7ad19afacbb6a05a28855cd302a24624ebb97", "6fd825e2bddea82cbc88fccbfdd50f425aa05047ffab0b511fb55c3f85ae88e4", "91df821cfa7634ff2b6e08a73533885f3ed24c19aa61d3f5d5e346b97d1f1590", "acbbd4b0c721c51bd9e510823659b521536ce43aad5eb324783c1c9e03e94974", "4559e437ee99d1f7cf2727597e030fade0c452c3ae0649e4669306372522db22", "2bce73c239a95080211fbfbc5b5268e1fecc81b3e5348ca391d00486dfe67d70", "e5db44290dea09182ee4383925805ee3bc901966cba16d7c05704b5a01eed95a", "4f7473bb503c036c12d8e5850f3aaeb1c8abe9cab4dd8b16314f258999eaa5cf"], "mitre_attack_tags": ["TA0011", "T1102"]}, {"bi": "registry-autorun-key-modified", "hashes": ["8837ded9097e82948c53a4c875d66ff10271127e93702f89a8e4a9265625564d", "31e2b0639ccb2499f79c4d45a037a1b6db52e4d0145605076d5a3b28fe564566", "cb998389d745287bc242eb23fe128d50bb42198b6e2cf7092e9576471cf25a38", "ee0ca0f158ba207090b00152ac85b17e4ba097335bcf9242ca8246e849bcf537", "d89d2f295b2a07e6bf0bf6c2a1b47c8221700746b781a5e537099c212da6b06b", "d91e331d39b96788c6c7fb7ab3bf652d46f53be628331a7753ed1955e5f717be", "3113c2ac299a173a07ea6de7da87a2f2f29ed95e509b9dc6e7128ea9a8796266", "10a0df06ed33b5ed2771a316abc7cc9a621c2097fa9a4522d9c0ac31c4953b70", "046979df42da0affa983d6c73be7ad19afacbb6a05a28855cd302a24624ebb97", "6fd825e2bddea82cbc88fccbfdd50f425aa05047ffab0b511fb55c3f85ae88e4", "91df821cfa7634ff2b6e08a73533885f3ed24c19aa61d3f5d5e346b97d1f1590", "acbbd4b0c721c51bd9e510823659b521536ce43aad5eb324783c1c9e03e94974", "4559e437ee99d1f7cf2727597e030fade0c452c3ae0649e4669306372522db22", "2bce73c239a95080211fbfbc5b5268e1fecc81b3e5348ca391d00486dfe67d70", "e5db44290dea09182ee4383925805ee3bc901966cba16d7c05704b5a01eed95a", "4f7473bb503c036c12d8e5850f3aaeb1c8abe9cab4dd8b16314f258999eaa5cf"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "modified-file-in-program-dir", "hashes": ["8837ded9097e82948c53a4c875d66ff10271127e93702f89a8e4a9265625564d", "31e2b0639ccb2499f79c4d45a037a1b6db52e4d0145605076d5a3b28fe564566", "cb998389d745287bc242eb23fe128d50bb42198b6e2cf7092e9576471cf25a38", "ee0ca0f158ba207090b00152ac85b17e4ba097335bcf9242ca8246e849bcf537", "d89d2f295b2a07e6bf0bf6c2a1b47c8221700746b781a5e537099c212da6b06b", "d91e331d39b96788c6c7fb7ab3bf652d46f53be628331a7753ed1955e5f717be", "3113c2ac299a173a07ea6de7da87a2f2f29ed95e509b9dc6e7128ea9a8796266", "10a0df06ed33b5ed2771a316abc7cc9a621c2097fa9a4522d9c0ac31c4953b70", "046979df42da0affa983d6c73be7ad19afacbb6a05a28855cd302a24624ebb97", "6fd825e2bddea82cbc88fccbfdd50f425aa05047ffab0b511fb55c3f85ae88e4", "91df821cfa7634ff2b6e08a73533885f3ed24c19aa61d3f5d5e346b97d1f1590", "acbbd4b0c721c51bd9e510823659b521536ce43aad5eb324783c1c9e03e94974", "4559e437ee99d1f7cf2727597e030fade0c452c3ae0649e4669306372522db22", "2bce73c239a95080211fbfbc5b5268e1fecc81b3e5348ca391d00486dfe67d70", "e5db44290dea09182ee4383925805ee3bc901966cba16d7c05704b5a01eed95a", "4f7473bb503c036c12d8e5850f3aaeb1c8abe9cab4dd8b16314f258999eaa5cf"], "mitre_attack_tags": []}, {"bi": "network-dns-upload-file", "hashes": ["8837ded9097e82948c53a4c875d66ff10271127e93702f89a8e4a9265625564d", "31e2b0639ccb2499f79c4d45a037a1b6db52e4d0145605076d5a3b28fe564566", "cb998389d745287bc242eb23fe128d50bb42198b6e2cf7092e9576471cf25a38", "ee0ca0f158ba207090b00152ac85b17e4ba097335bcf9242ca8246e849bcf537", "d89d2f295b2a07e6bf0bf6c2a1b47c8221700746b781a5e537099c212da6b06b", "d91e331d39b96788c6c7fb7ab3bf652d46f53be628331a7753ed1955e5f717be", "3113c2ac299a173a07ea6de7da87a2f2f29ed95e509b9dc6e7128ea9a8796266", "10a0df06ed33b5ed2771a316abc7cc9a621c2097fa9a4522d9c0ac31c4953b70", "046979df42da0affa983d6c73be7ad19afacbb6a05a28855cd302a24624ebb97", "6fd825e2bddea82cbc88fccbfdd50f425aa05047ffab0b511fb55c3f85ae88e4", "91df821cfa7634ff2b6e08a73533885f3ed24c19aa61d3f5d5e346b97d1f1590", "acbbd4b0c721c51bd9e510823659b521536ce43aad5eb324783c1c9e03e94974", "4559e437ee99d1f7cf2727597e030fade0c452c3ae0649e4669306372522db22", "2bce73c239a95080211fbfbc5b5268e1fecc81b3e5348ca391d00486dfe67d70", "e5db44290dea09182ee4383925805ee3bc901966cba16d7c05704b5a01eed95a", "4f7473bb503c036c12d8e5850f3aaeb1c8abe9cab4dd8b16314f258999eaa5cf"], "mitre_attack_tags": []}, {"bi": "cmd-exe-file-execution", "hashes": ["8837ded9097e82948c53a4c875d66ff10271127e93702f89a8e4a9265625564d", "31e2b0639ccb2499f79c4d45a037a1b6db52e4d0145605076d5a3b28fe564566", "cb998389d745287bc242eb23fe128d50bb42198b6e2cf7092e9576471cf25a38", "ee0ca0f158ba207090b00152ac85b17e4ba097335bcf9242ca8246e849bcf537", "d89d2f295b2a07e6bf0bf6c2a1b47c8221700746b781a5e537099c212da6b06b", "d91e331d39b96788c6c7fb7ab3bf652d46f53be628331a7753ed1955e5f717be", "3113c2ac299a173a07ea6de7da87a2f2f29ed95e509b9dc6e7128ea9a8796266", "10a0df06ed33b5ed2771a316abc7cc9a621c2097fa9a4522d9c0ac31c4953b70", "046979df42da0affa983d6c73be7ad19afacbb6a05a28855cd302a24624ebb97", "6fd825e2bddea82cbc88fccbfdd50f425aa05047ffab0b511fb55c3f85ae88e4", "91df821cfa7634ff2b6e08a73533885f3ed24c19aa61d3f5d5e346b97d1f1590", "acbbd4b0c721c51bd9e510823659b521536ce43aad5eb324783c1c9e03e94974", "4559e437ee99d1f7cf2727597e030fade0c452c3ae0649e4669306372522db22", "2bce73c239a95080211fbfbc5b5268e1fecc81b3e5348ca391d00486dfe67d70", "e5db44290dea09182ee4383925805ee3bc901966cba16d7c05704b5a01eed95a", "4f7473bb503c036c12d8e5850f3aaeb1c8abe9cab4dd8b16314f258999eaa5cf"], "mitre_attack_tags": ["TA0002", "T1059"]}, {"bi": "modified-file-in-system-dir", "hashes": ["8837ded9097e82948c53a4c875d66ff10271127e93702f89a8e4a9265625564d", "31e2b0639ccb2499f79c4d45a037a1b6db52e4d0145605076d5a3b28fe564566", "cb998389d745287bc242eb23fe128d50bb42198b6e2cf7092e9576471cf25a38", "ee0ca0f158ba207090b00152ac85b17e4ba097335bcf9242ca8246e849bcf537", "d89d2f295b2a07e6bf0bf6c2a1b47c8221700746b781a5e537099c212da6b06b", "d91e331d39b96788c6c7fb7ab3bf652d46f53be628331a7753ed1955e5f717be", "3113c2ac299a173a07ea6de7da87a2f2f29ed95e509b9dc6e7128ea9a8796266", "10a0df06ed33b5ed2771a316abc7cc9a621c2097fa9a4522d9c0ac31c4953b70", "046979df42da0affa983d6c73be7ad19afacbb6a05a28855cd302a24624ebb97", "6fd825e2bddea82cbc88fccbfdd50f425aa05047ffab0b511fb55c3f85ae88e4", "91df821cfa7634ff2b6e08a73533885f3ed24c19aa61d3f5d5e346b97d1f1590", "acbbd4b0c721c51bd9e510823659b521536ce43aad5eb324783c1c9e03e94974", "4559e437ee99d1f7cf2727597e030fade0c452c3ae0649e4669306372522db22", "2bce73c239a95080211fbfbc5b5268e1fecc81b3e5348ca391d00486dfe67d70", "e5db44290dea09182ee4383925805ee3bc901966cba16d7c05704b5a01eed95a", "4f7473bb503c036c12d8e5850f3aaeb1c8abe9cab4dd8b16314f258999eaa5cf"], "mitre_attack_tags": []}, {"bi": "http-response-redirect", "hashes": ["8837ded9097e82948c53a4c875d66ff10271127e93702f89a8e4a9265625564d", "31e2b0639ccb2499f79c4d45a037a1b6db52e4d0145605076d5a3b28fe564566", "cb998389d745287bc242eb23fe128d50bb42198b6e2cf7092e9576471cf25a38", "ee0ca0f158ba207090b00152ac85b17e4ba097335bcf9242ca8246e849bcf537", "d89d2f295b2a07e6bf0bf6c2a1b47c8221700746b781a5e537099c212da6b06b", "d91e331d39b96788c6c7fb7ab3bf652d46f53be628331a7753ed1955e5f717be", "3113c2ac299a173a07ea6de7da87a2f2f29ed95e509b9dc6e7128ea9a8796266", "10a0df06ed33b5ed2771a316abc7cc9a621c2097fa9a4522d9c0ac31c4953b70", "046979df42da0affa983d6c73be7ad19afacbb6a05a28855cd302a24624ebb97", "6fd825e2bddea82cbc88fccbfdd50f425aa05047ffab0b511fb55c3f85ae88e4", "91df821cfa7634ff2b6e08a73533885f3ed24c19aa61d3f5d5e346b97d1f1590", "acbbd4b0c721c51bd9e510823659b521536ce43aad5eb324783c1c9e03e94974", "4559e437ee99d1f7cf2727597e030fade0c452c3ae0649e4669306372522db22", "2bce73c239a95080211fbfbc5b5268e1fecc81b3e5348ca391d00486dfe67d70", "e5db44290dea09182ee4383925805ee3bc901966cba16d7c05704b5a01eed95a", "4f7473bb503c036c12d8e5850f3aaeb1c8abe9cab4dd8b16314f258999eaa5cf"], "mitre_attack_tags": []}, {"bi": "imports-IsDebuggerPresent", "hashes": ["8837ded9097e82948c53a4c875d66ff10271127e93702f89a8e4a9265625564d", "31e2b0639ccb2499f79c4d45a037a1b6db52e4d0145605076d5a3b28fe564566", "cb998389d745287bc242eb23fe128d50bb42198b6e2cf7092e9576471cf25a38", "ee0ca0f158ba207090b00152ac85b17e4ba097335bcf9242ca8246e849bcf537", "d89d2f295b2a07e6bf0bf6c2a1b47c8221700746b781a5e537099c212da6b06b", "d91e331d39b96788c6c7fb7ab3bf652d46f53be628331a7753ed1955e5f717be", "3113c2ac299a173a07ea6de7da87a2f2f29ed95e509b9dc6e7128ea9a8796266", "10a0df06ed33b5ed2771a316abc7cc9a621c2097fa9a4522d9c0ac31c4953b70", "046979df42da0affa983d6c73be7ad19afacbb6a05a28855cd302a24624ebb97", "6fd825e2bddea82cbc88fccbfdd50f425aa05047ffab0b511fb55c3f85ae88e4", "91df821cfa7634ff2b6e08a73533885f3ed24c19aa61d3f5d5e346b97d1f1590", "acbbd4b0c721c51bd9e510823659b521536ce43aad5eb324783c1c9e03e94974", "4559e437ee99d1f7cf2727597e030fade0c452c3ae0649e4669306372522db22", "2bce73c239a95080211fbfbc5b5268e1fecc81b3e5348ca391d00486dfe67d70", "e5db44290dea09182ee4383925805ee3bc901966cba16d7c05704b5a01eed95a", "4f7473bb503c036c12d8e5850f3aaeb1c8abe9cab4dd8b16314f258999eaa5cf"], "mitre_attack_tags": ["TA0005", "TA0007"]}, {"bi": "cta-match", "hashes": ["8837ded9097e82948c53a4c875d66ff10271127e93702f89a8e4a9265625564d", "31e2b0639ccb2499f79c4d45a037a1b6db52e4d0145605076d5a3b28fe564566", "cb998389d745287bc242eb23fe128d50bb42198b6e2cf7092e9576471cf25a38", "ee0ca0f158ba207090b00152ac85b17e4ba097335bcf9242ca8246e849bcf537", "d89d2f295b2a07e6bf0bf6c2a1b47c8221700746b781a5e537099c212da6b06b", "d91e331d39b96788c6c7fb7ab3bf652d46f53be628331a7753ed1955e5f717be", "3113c2ac299a173a07ea6de7da87a2f2f29ed95e509b9dc6e7128ea9a8796266", "10a0df06ed33b5ed2771a316abc7cc9a621c2097fa9a4522d9c0ac31c4953b70", "046979df42da0affa983d6c73be7ad19afacbb6a05a28855cd302a24624ebb97", "6fd825e2bddea82cbc88fccbfdd50f425aa05047ffab0b511fb55c3f85ae88e4", "91df821cfa7634ff2b6e08a73533885f3ed24c19aa61d3f5d5e346b97d1f1590", "acbbd4b0c721c51bd9e510823659b521536ce43aad5eb324783c1c9e03e94974", "4559e437ee99d1f7cf2727597e030fade0c452c3ae0649e4669306372522db22", "2bce73c239a95080211fbfbc5b5268e1fecc81b3e5348ca391d00486dfe67d70", "e5db44290dea09182ee4383925805ee3bc901966cba16d7c05704b5a01eed95a", "4f7473bb503c036c12d8e5850f3aaeb1c8abe9cab4dd8b16314f258999eaa5cf"], "mitre_attack_tags": []}, {"bi": "pe-imports-psapi-dll", "hashes": ["8837ded9097e82948c53a4c875d66ff10271127e93702f89a8e4a9265625564d", "31e2b0639ccb2499f79c4d45a037a1b6db52e4d0145605076d5a3b28fe564566", "cb998389d745287bc242eb23fe128d50bb42198b6e2cf7092e9576471cf25a38", "ee0ca0f158ba207090b00152ac85b17e4ba097335bcf9242ca8246e849bcf537", "d89d2f295b2a07e6bf0bf6c2a1b47c8221700746b781a5e537099c212da6b06b", "d91e331d39b96788c6c7fb7ab3bf652d46f53be628331a7753ed1955e5f717be", "3113c2ac299a173a07ea6de7da87a2f2f29ed95e509b9dc6e7128ea9a8796266", "10a0df06ed33b5ed2771a316abc7cc9a621c2097fa9a4522d9c0ac31c4953b70", "046979df42da0affa983d6c73be7ad19afacbb6a05a28855cd302a24624ebb97", "6fd825e2bddea82cbc88fccbfdd50f425aa05047ffab0b511fb55c3f85ae88e4", "91df821cfa7634ff2b6e08a73533885f3ed24c19aa61d3f5d5e346b97d1f1590", "acbbd4b0c721c51bd9e510823659b521536ce43aad5eb324783c1c9e03e94974", "4559e437ee99d1f7cf2727597e030fade0c452c3ae0649e4669306372522db22", "2bce73c239a95080211fbfbc5b5268e1fecc81b3e5348ca391d00486dfe67d70", "e5db44290dea09182ee4383925805ee3bc901966cba16d7c05704b5a01eed95a", "4f7473bb503c036c12d8e5850f3aaeb1c8abe9cab4dd8b16314f258999eaa5cf"], "mitre_attack_tags": ["TA0007", "T1057"]}, {"bi": "modified-file-on-usb", "hashes": ["8837ded9097e82948c53a4c875d66ff10271127e93702f89a8e4a9265625564d", "31e2b0639ccb2499f79c4d45a037a1b6db52e4d0145605076d5a3b28fe564566", "cb998389d745287bc242eb23fe128d50bb42198b6e2cf7092e9576471cf25a38", "ee0ca0f158ba207090b00152ac85b17e4ba097335bcf9242ca8246e849bcf537", "d89d2f295b2a07e6bf0bf6c2a1b47c8221700746b781a5e537099c212da6b06b", "d91e331d39b96788c6c7fb7ab3bf652d46f53be628331a7753ed1955e5f717be", "3113c2ac299a173a07ea6de7da87a2f2f29ed95e509b9dc6e7128ea9a8796266", "10a0df06ed33b5ed2771a316abc7cc9a621c2097fa9a4522d9c0ac31c4953b70", "046979df42da0affa983d6c73be7ad19afacbb6a05a28855cd302a24624ebb97", "6fd825e2bddea82cbc88fccbfdd50f425aa05047ffab0b511fb55c3f85ae88e4", "91df821cfa7634ff2b6e08a73533885f3ed24c19aa61d3f5d5e346b97d1f1590", "acbbd4b0c721c51bd9e510823659b521536ce43aad5eb324783c1c9e03e94974", "4559e437ee99d1f7cf2727597e030fade0c452c3ae0649e4669306372522db22", "2bce73c239a95080211fbfbc5b5268e1fecc81b3e5348ca391d00486dfe67d70", "e5db44290dea09182ee4383925805ee3bc901966cba16d7c05704b5a01eed95a", "4f7473bb503c036c12d8e5850f3aaeb1c8abe9cab4dd8b16314f258999eaa5cf"], "mitre_attack_tags": ["TA0011", "T1092"]}, {"bi": "startup-folder-modification", "hashes": ["8837ded9097e82948c53a4c875d66ff10271127e93702f89a8e4a9265625564d", "31e2b0639ccb2499f79c4d45a037a1b6db52e4d0145605076d5a3b28fe564566", "cb998389d745287bc242eb23fe128d50bb42198b6e2cf7092e9576471cf25a38", "ee0ca0f158ba207090b00152ac85b17e4ba097335bcf9242ca8246e849bcf537", "d89d2f295b2a07e6bf0bf6c2a1b47c8221700746b781a5e537099c212da6b06b", "d91e331d39b96788c6c7fb7ab3bf652d46f53be628331a7753ed1955e5f717be", "3113c2ac299a173a07ea6de7da87a2f2f29ed95e509b9dc6e7128ea9a8796266", "10a0df06ed33b5ed2771a316abc7cc9a621c2097fa9a4522d9c0ac31c4953b70", "046979df42da0affa983d6c73be7ad19afacbb6a05a28855cd302a24624ebb97", "6fd825e2bddea82cbc88fccbfdd50f425aa05047ffab0b511fb55c3f85ae88e4", "91df821cfa7634ff2b6e08a73533885f3ed24c19aa61d3f5d5e346b97d1f1590", "acbbd4b0c721c51bd9e510823659b521536ce43aad5eb324783c1c9e03e94974", "4559e437ee99d1f7cf2727597e030fade0c452c3ae0649e4669306372522db22", "2bce73c239a95080211fbfbc5b5268e1fecc81b3e5348ca391d00486dfe67d70", "e5db44290dea09182ee4383925805ee3bc901966cba16d7c05704b5a01eed95a", "4f7473bb503c036c12d8e5850f3aaeb1c8abe9cab4dd8b16314f258999eaa5cf"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "excessive-file-modifications", "hashes": ["8837ded9097e82948c53a4c875d66ff10271127e93702f89a8e4a9265625564d", "31e2b0639ccb2499f79c4d45a037a1b6db52e4d0145605076d5a3b28fe564566", "cb998389d745287bc242eb23fe128d50bb42198b6e2cf7092e9576471cf25a38", "ee0ca0f158ba207090b00152ac85b17e4ba097335bcf9242ca8246e849bcf537", "d89d2f295b2a07e6bf0bf6c2a1b47c8221700746b781a5e537099c212da6b06b", "d91e331d39b96788c6c7fb7ab3bf652d46f53be628331a7753ed1955e5f717be", "3113c2ac299a173a07ea6de7da87a2f2f29ed95e509b9dc6e7128ea9a8796266", "10a0df06ed33b5ed2771a316abc7cc9a621c2097fa9a4522d9c0ac31c4953b70", "046979df42da0affa983d6c73be7ad19afacbb6a05a28855cd302a24624ebb97", "6fd825e2bddea82cbc88fccbfdd50f425aa05047ffab0b511fb55c3f85ae88e4", "91df821cfa7634ff2b6e08a73533885f3ed24c19aa61d3f5d5e346b97d1f1590", "acbbd4b0c721c51bd9e510823659b521536ce43aad5eb324783c1c9e03e94974", "4559e437ee99d1f7cf2727597e030fade0c452c3ae0649e4669306372522db22", "2bce73c239a95080211fbfbc5b5268e1fecc81b3e5348ca391d00486dfe67d70", "e5db44290dea09182ee4383925805ee3bc901966cba16d7c05704b5a01eed95a", "4f7473bb503c036c12d8e5850f3aaeb1c8abe9cab4dd8b16314f258999eaa5cf"], "mitre_attack_tags": []}, {"bi": "process-check-browser-mail-client-files", "hashes": ["8837ded9097e82948c53a4c875d66ff10271127e93702f89a8e4a9265625564d", "31e2b0639ccb2499f79c4d45a037a1b6db52e4d0145605076d5a3b28fe564566", "cb998389d745287bc242eb23fe128d50bb42198b6e2cf7092e9576471cf25a38", "ee0ca0f158ba207090b00152ac85b17e4ba097335bcf9242ca8246e849bcf537", "d89d2f295b2a07e6bf0bf6c2a1b47c8221700746b781a5e537099c212da6b06b", "d91e331d39b96788c6c7fb7ab3bf652d46f53be628331a7753ed1955e5f717be", "3113c2ac299a173a07ea6de7da87a2f2f29ed95e509b9dc6e7128ea9a8796266", "10a0df06ed33b5ed2771a316abc7cc9a621c2097fa9a4522d9c0ac31c4953b70", "046979df42da0affa983d6c73be7ad19afacbb6a05a28855cd302a24624ebb97", "6fd825e2bddea82cbc88fccbfdd50f425aa05047ffab0b511fb55c3f85ae88e4", "91df821cfa7634ff2b6e08a73533885f3ed24c19aa61d3f5d5e346b97d1f1590", "acbbd4b0c721c51bd9e510823659b521536ce43aad5eb324783c1c9e03e94974", "4559e437ee99d1f7cf2727597e030fade0c452c3ae0649e4669306372522db22", "2bce73c239a95080211fbfbc5b5268e1fecc81b3e5348ca391d00486dfe67d70", "e5db44290dea09182ee4383925805ee3bc901966cba16d7c05704b5a01eed95a", "4f7473bb503c036c12d8e5850f3aaeb1c8abe9cab4dd8b16314f258999eaa5cf"], "mitre_attack_tags": ["TA0007", "T1518"]}, {"bi": "malware-generic-ransomware-entropy", "hashes": ["8837ded9097e82948c53a4c875d66ff10271127e93702f89a8e4a9265625564d", "31e2b0639ccb2499f79c4d45a037a1b6db52e4d0145605076d5a3b28fe564566", "cb998389d745287bc242eb23fe128d50bb42198b6e2cf7092e9576471cf25a38", "ee0ca0f158ba207090b00152ac85b17e4ba097335bcf9242ca8246e849bcf537", "d89d2f295b2a07e6bf0bf6c2a1b47c8221700746b781a5e537099c212da6b06b", "d91e331d39b96788c6c7fb7ab3bf652d46f53be628331a7753ed1955e5f717be", "3113c2ac299a173a07ea6de7da87a2f2f29ed95e509b9dc6e7128ea9a8796266", "10a0df06ed33b5ed2771a316abc7cc9a621c2097fa9a4522d9c0ac31c4953b70", "046979df42da0affa983d6c73be7ad19afacbb6a05a28855cd302a24624ebb97", "6fd825e2bddea82cbc88fccbfdd50f425aa05047ffab0b511fb55c3f85ae88e4", "91df821cfa7634ff2b6e08a73533885f3ed24c19aa61d3f5d5e346b97d1f1590", "acbbd4b0c721c51bd9e510823659b521536ce43aad5eb324783c1c9e03e94974", "4559e437ee99d1f7cf2727597e030fade0c452c3ae0649e4669306372522db22", "2bce73c239a95080211fbfbc5b5268e1fecc81b3e5348ca391d00486dfe67d70", "e5db44290dea09182ee4383925805ee3bc901966cba16d7c05704b5a01eed95a", "4f7473bb503c036c12d8e5850f3aaeb1c8abe9cab4dd8b16314f258999eaa5cf"], "mitre_attack_tags": []}, {"bi": "malware-generic-ransomware-backup-del", "hashes": ["8837ded9097e82948c53a4c875d66ff10271127e93702f89a8e4a9265625564d", "31e2b0639ccb2499f79c4d45a037a1b6db52e4d0145605076d5a3b28fe564566", "cb998389d745287bc242eb23fe128d50bb42198b6e2cf7092e9576471cf25a38", "ee0ca0f158ba207090b00152ac85b17e4ba097335bcf9242ca8246e849bcf537", "d89d2f295b2a07e6bf0bf6c2a1b47c8221700746b781a5e537099c212da6b06b", "d91e331d39b96788c6c7fb7ab3bf652d46f53be628331a7753ed1955e5f717be", "3113c2ac299a173a07ea6de7da87a2f2f29ed95e509b9dc6e7128ea9a8796266", "10a0df06ed33b5ed2771a316abc7cc9a621c2097fa9a4522d9c0ac31c4953b70", "046979df42da0affa983d6c73be7ad19afacbb6a05a28855cd302a24624ebb97", "6fd825e2bddea82cbc88fccbfdd50f425aa05047ffab0b511fb55c3f85ae88e4", "91df821cfa7634ff2b6e08a73533885f3ed24c19aa61d3f5d5e346b97d1f1590", "acbbd4b0c721c51bd9e510823659b521536ce43aad5eb324783c1c9e03e94974", "4559e437ee99d1f7cf2727597e030fade0c452c3ae0649e4669306372522db22", "2bce73c239a95080211fbfbc5b5268e1fecc81b3e5348ca391d00486dfe67d70", "e5db44290dea09182ee4383925805ee3bc901966cba16d7c05704b5a01eed95a", "4f7473bb503c036c12d8e5850f3aaeb1c8abe9cab4dd8b16314f258999eaa5cf"], "mitre_attack_tags": []}, {"bi": "feed-domain-ransomware", "hashes": ["8837ded9097e82948c53a4c875d66ff10271127e93702f89a8e4a9265625564d", "31e2b0639ccb2499f79c4d45a037a1b6db52e4d0145605076d5a3b28fe564566", "cb998389d745287bc242eb23fe128d50bb42198b6e2cf7092e9576471cf25a38", "ee0ca0f158ba207090b00152ac85b17e4ba097335bcf9242ca8246e849bcf537", "d89d2f295b2a07e6bf0bf6c2a1b47c8221700746b781a5e537099c212da6b06b", "d91e331d39b96788c6c7fb7ab3bf652d46f53be628331a7753ed1955e5f717be", "3113c2ac299a173a07ea6de7da87a2f2f29ed95e509b9dc6e7128ea9a8796266", "10a0df06ed33b5ed2771a316abc7cc9a621c2097fa9a4522d9c0ac31c4953b70", "046979df42da0affa983d6c73be7ad19afacbb6a05a28855cd302a24624ebb97", "6fd825e2bddea82cbc88fccbfdd50f425aa05047ffab0b511fb55c3f85ae88e4", "91df821cfa7634ff2b6e08a73533885f3ed24c19aa61d3f5d5e346b97d1f1590", "acbbd4b0c721c51bd9e510823659b521536ce43aad5eb324783c1c9e03e94974", "4559e437ee99d1f7cf2727597e030fade0c452c3ae0649e4669306372522db22", "2bce73c239a95080211fbfbc5b5268e1fecc81b3e5348ca391d00486dfe67d70", "e5db44290dea09182ee4383925805ee3bc901966cba16d7c05704b5a01eed95a", "4f7473bb503c036c12d8e5850f3aaeb1c8abe9cab4dd8b16314f258999eaa5cf"], "mitre_attack_tags": []}, {"bi": "cmd-exe-file-deletion", "hashes": ["8837ded9097e82948c53a4c875d66ff10271127e93702f89a8e4a9265625564d", "31e2b0639ccb2499f79c4d45a037a1b6db52e4d0145605076d5a3b28fe564566", "cb998389d745287bc242eb23fe128d50bb42198b6e2cf7092e9576471cf25a38", "ee0ca0f158ba207090b00152ac85b17e4ba097335bcf9242ca8246e849bcf537", "d89d2f295b2a07e6bf0bf6c2a1b47c8221700746b781a5e537099c212da6b06b", "d91e331d39b96788c6c7fb7ab3bf652d46f53be628331a7753ed1955e5f717be", "3113c2ac299a173a07ea6de7da87a2f2f29ed95e509b9dc6e7128ea9a8796266", "10a0df06ed33b5ed2771a316abc7cc9a621c2097fa9a4522d9c0ac31c4953b70", "046979df42da0affa983d6c73be7ad19afacbb6a05a28855cd302a24624ebb97", "6fd825e2bddea82cbc88fccbfdd50f425aa05047ffab0b511fb55c3f85ae88e4", "91df821cfa7634ff2b6e08a73533885f3ed24c19aa61d3f5d5e346b97d1f1590", "acbbd4b0c721c51bd9e510823659b521536ce43aad5eb324783c1c9e03e94974", "4559e437ee99d1f7cf2727597e030fade0c452c3ae0649e4669306372522db22", "2bce73c239a95080211fbfbc5b5268e1fecc81b3e5348ca391d00486dfe67d70", "e5db44290dea09182ee4383925805ee3bc901966cba16d7c05704b5a01eed95a", "4f7473bb503c036c12d8e5850f3aaeb1c8abe9cab4dd8b16314f258999eaa5cf"], "mitre_attack_tags": ["TA0005"]}, {"bi": "wmic-shadowcopy-delete", "hashes": ["8837ded9097e82948c53a4c875d66ff10271127e93702f89a8e4a9265625564d", "31e2b0639ccb2499f79c4d45a037a1b6db52e4d0145605076d5a3b28fe564566", "cb998389d745287bc242eb23fe128d50bb42198b6e2cf7092e9576471cf25a38", "ee0ca0f158ba207090b00152ac85b17e4ba097335bcf9242ca8246e849bcf537", "d89d2f295b2a07e6bf0bf6c2a1b47c8221700746b781a5e537099c212da6b06b", "d91e331d39b96788c6c7fb7ab3bf652d46f53be628331a7753ed1955e5f717be", "3113c2ac299a173a07ea6de7da87a2f2f29ed95e509b9dc6e7128ea9a8796266", "10a0df06ed33b5ed2771a316abc7cc9a621c2097fa9a4522d9c0ac31c4953b70", "046979df42da0affa983d6c73be7ad19afacbb6a05a28855cd302a24624ebb97", "6fd825e2bddea82cbc88fccbfdd50f425aa05047ffab0b511fb55c3f85ae88e4", "91df821cfa7634ff2b6e08a73533885f3ed24c19aa61d3f5d5e346b97d1f1590", "acbbd4b0c721c51bd9e510823659b521536ce43aad5eb324783c1c9e03e94974", "4559e437ee99d1f7cf2727597e030fade0c452c3ae0649e4669306372522db22", "2bce73c239a95080211fbfbc5b5268e1fecc81b3e5348ca391d00486dfe67d70", "e5db44290dea09182ee4383925805ee3bc901966cba16d7c05704b5a01eed95a", "4f7473bb503c036c12d8e5850f3aaeb1c8abe9cab4dd8b16314f258999eaa5cf"], "mitre_attack_tags": ["TA0002", "TA0040", "T1047", "T1490"]}, {"bi": "microsoft-block-rule-list-app-executed", "hashes": ["8837ded9097e82948c53a4c875d66ff10271127e93702f89a8e4a9265625564d", "31e2b0639ccb2499f79c4d45a037a1b6db52e4d0145605076d5a3b28fe564566", "cb998389d745287bc242eb23fe128d50bb42198b6e2cf7092e9576471cf25a38", "ee0ca0f158ba207090b00152ac85b17e4ba097335bcf9242ca8246e849bcf537", "d89d2f295b2a07e6bf0bf6c2a1b47c8221700746b781a5e537099c212da6b06b", "d91e331d39b96788c6c7fb7ab3bf652d46f53be628331a7753ed1955e5f717be", "3113c2ac299a173a07ea6de7da87a2f2f29ed95e509b9dc6e7128ea9a8796266", "10a0df06ed33b5ed2771a316abc7cc9a621c2097fa9a4522d9c0ac31c4953b70", "046979df42da0affa983d6c73be7ad19afacbb6a05a28855cd302a24624ebb97", "6fd825e2bddea82cbc88fccbfdd50f425aa05047ffab0b511fb55c3f85ae88e4", "91df821cfa7634ff2b6e08a73533885f3ed24c19aa61d3f5d5e346b97d1f1590", "acbbd4b0c721c51bd9e510823659b521536ce43aad5eb324783c1c9e03e94974", "4559e437ee99d1f7cf2727597e030fade0c452c3ae0649e4669306372522db22", "2bce73c239a95080211fbfbc5b5268e1fecc81b3e5348ca391d00486dfe67d70", "e5db44290dea09182ee4383925805ee3bc901966cba16d7c05704b5a01eed95a", "4f7473bb503c036c12d8e5850f3aaeb1c8abe9cab4dd8b16314f258999eaa5cf"], "mitre_attack_tags": ["TA0005", "T1562"]}, {"bi": "malware-generic-ransomware-notes", "hashes": ["8837ded9097e82948c53a4c875d66ff10271127e93702f89a8e4a9265625564d", "31e2b0639ccb2499f79c4d45a037a1b6db52e4d0145605076d5a3b28fe564566", "cb998389d745287bc242eb23fe128d50bb42198b6e2cf7092e9576471cf25a38", "ee0ca0f158ba207090b00152ac85b17e4ba097335bcf9242ca8246e849bcf537", "d89d2f295b2a07e6bf0bf6c2a1b47c8221700746b781a5e537099c212da6b06b", "d91e331d39b96788c6c7fb7ab3bf652d46f53be628331a7753ed1955e5f717be", "3113c2ac299a173a07ea6de7da87a2f2f29ed95e509b9dc6e7128ea9a8796266", "10a0df06ed33b5ed2771a316abc7cc9a621c2097fa9a4522d9c0ac31c4953b70", "046979df42da0affa983d6c73be7ad19afacbb6a05a28855cd302a24624ebb97", "6fd825e2bddea82cbc88fccbfdd50f425aa05047ffab0b511fb55c3f85ae88e4", "91df821cfa7634ff2b6e08a73533885f3ed24c19aa61d3f5d5e346b97d1f1590", "acbbd4b0c721c51bd9e510823659b521536ce43aad5eb324783c1c9e03e94974", "4559e437ee99d1f7cf2727597e030fade0c452c3ae0649e4669306372522db22", "2bce73c239a95080211fbfbc5b5268e1fecc81b3e5348ca391d00486dfe67d70", "e5db44290dea09182ee4383925805ee3bc901966cba16d7c05704b5a01eed95a", "4f7473bb503c036c12d8e5850f3aaeb1c8abe9cab4dd8b16314f258999eaa5cf"], "mitre_attack_tags": []}, {"bi": "firefox-prefs-modified", "hashes": ["8837ded9097e82948c53a4c875d66ff10271127e93702f89a8e4a9265625564d", "31e2b0639ccb2499f79c4d45a037a1b6db52e4d0145605076d5a3b28fe564566", "cb998389d745287bc242eb23fe128d50bb42198b6e2cf7092e9576471cf25a38", "ee0ca0f158ba207090b00152ac85b17e4ba097335bcf9242ca8246e849bcf537", "d89d2f295b2a07e6bf0bf6c2a1b47c8221700746b781a5e537099c212da6b06b", "d91e331d39b96788c6c7fb7ab3bf652d46f53be628331a7753ed1955e5f717be", "3113c2ac299a173a07ea6de7da87a2f2f29ed95e509b9dc6e7128ea9a8796266", "10a0df06ed33b5ed2771a316abc7cc9a621c2097fa9a4522d9c0ac31c4953b70", "046979df42da0affa983d6c73be7ad19afacbb6a05a28855cd302a24624ebb97", "6fd825e2bddea82cbc88fccbfdd50f425aa05047ffab0b511fb55c3f85ae88e4", "91df821cfa7634ff2b6e08a73533885f3ed24c19aa61d3f5d5e346b97d1f1590", "acbbd4b0c721c51bd9e510823659b521536ce43aad5eb324783c1c9e03e94974", "4559e437ee99d1f7cf2727597e030fade0c452c3ae0649e4669306372522db22", "2bce73c239a95080211fbfbc5b5268e1fecc81b3e5348ca391d00486dfe67d70", "e5db44290dea09182ee4383925805ee3bc901966cba16d7c05704b5a01eed95a", "4f7473bb503c036c12d8e5850f3aaeb1c8abe9cab4dd8b16314f258999eaa5cf"], "mitre_attack_tags": ["TA0009"]}, {"bi": "recycler-file-creation", "hashes": ["8837ded9097e82948c53a4c875d66ff10271127e93702f89a8e4a9265625564d", "31e2b0639ccb2499f79c4d45a037a1b6db52e4d0145605076d5a3b28fe564566", "cb998389d745287bc242eb23fe128d50bb42198b6e2cf7092e9576471cf25a38", "ee0ca0f158ba207090b00152ac85b17e4ba097335bcf9242ca8246e849bcf537", "d89d2f295b2a07e6bf0bf6c2a1b47c8221700746b781a5e537099c212da6b06b", "d91e331d39b96788c6c7fb7ab3bf652d46f53be628331a7753ed1955e5f717be", "3113c2ac299a173a07ea6de7da87a2f2f29ed95e509b9dc6e7128ea9a8796266", "10a0df06ed33b5ed2771a316abc7cc9a621c2097fa9a4522d9c0ac31c4953b70", "046979df42da0affa983d6c73be7ad19afacbb6a05a28855cd302a24624ebb97", "6fd825e2bddea82cbc88fccbfdd50f425aa05047ffab0b511fb55c3f85ae88e4", "91df821cfa7634ff2b6e08a73533885f3ed24c19aa61d3f5d5e346b97d1f1590", "acbbd4b0c721c51bd9e510823659b521536ce43aad5eb324783c1c9e03e94974", "4559e437ee99d1f7cf2727597e030fade0c452c3ae0649e4669306372522db22", "2bce73c239a95080211fbfbc5b5268e1fecc81b3e5348ca391d00486dfe67d70", "e5db44290dea09182ee4383925805ee3bc901966cba16d7c05704b5a01eed95a", "4f7473bb503c036c12d8e5850f3aaeb1c8abe9cab4dd8b16314f258999eaa5cf"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "malware-generic-ransomware", "hashes": ["8837ded9097e82948c53a4c875d66ff10271127e93702f89a8e4a9265625564d", "31e2b0639ccb2499f79c4d45a037a1b6db52e4d0145605076d5a3b28fe564566", "cb998389d745287bc242eb23fe128d50bb42198b6e2cf7092e9576471cf25a38", "ee0ca0f158ba207090b00152ac85b17e4ba097335bcf9242ca8246e849bcf537", "d89d2f295b2a07e6bf0bf6c2a1b47c8221700746b781a5e537099c212da6b06b", "d91e331d39b96788c6c7fb7ab3bf652d46f53be628331a7753ed1955e5f717be", "3113c2ac299a173a07ea6de7da87a2f2f29ed95e509b9dc6e7128ea9a8796266", "10a0df06ed33b5ed2771a316abc7cc9a621c2097fa9a4522d9c0ac31c4953b70", "046979df42da0affa983d6c73be7ad19afacbb6a05a28855cd302a24624ebb97", "6fd825e2bddea82cbc88fccbfdd50f425aa05047ffab0b511fb55c3f85ae88e4", "91df821cfa7634ff2b6e08a73533885f3ed24c19aa61d3f5d5e346b97d1f1590", "acbbd4b0c721c51bd9e510823659b521536ce43aad5eb324783c1c9e03e94974", "4559e437ee99d1f7cf2727597e030fade0c452c3ae0649e4669306372522db22", "2bce73c239a95080211fbfbc5b5268e1fecc81b3e5348ca391d00486dfe67d70", "e5db44290dea09182ee4383925805ee3bc901966cba16d7c05704b5a01eed95a", "4f7473bb503c036c12d8e5850f3aaeb1c8abe9cab4dd8b16314f258999eaa5cf"], "mitre_attack_tags": []}, {"bi": "possible-privilege-escalation-detected", "hashes": ["8837ded9097e82948c53a4c875d66ff10271127e93702f89a8e4a9265625564d", "31e2b0639ccb2499f79c4d45a037a1b6db52e4d0145605076d5a3b28fe564566", "cb998389d745287bc242eb23fe128d50bb42198b6e2cf7092e9576471cf25a38", "ee0ca0f158ba207090b00152ac85b17e4ba097335bcf9242ca8246e849bcf537", "d89d2f295b2a07e6bf0bf6c2a1b47c8221700746b781a5e537099c212da6b06b", "d91e331d39b96788c6c7fb7ab3bf652d46f53be628331a7753ed1955e5f717be", "3113c2ac299a173a07ea6de7da87a2f2f29ed95e509b9dc6e7128ea9a8796266", "10a0df06ed33b5ed2771a316abc7cc9a621c2097fa9a4522d9c0ac31c4953b70", "046979df42da0affa983d6c73be7ad19afacbb6a05a28855cd302a24624ebb97", "6fd825e2bddea82cbc88fccbfdd50f425aa05047ffab0b511fb55c3f85ae88e4", "91df821cfa7634ff2b6e08a73533885f3ed24c19aa61d3f5d5e346b97d1f1590", "acbbd4b0c721c51bd9e510823659b521536ce43aad5eb324783c1c9e03e94974", "4559e437ee99d1f7cf2727597e030fade0c452c3ae0649e4669306372522db22", "2bce73c239a95080211fbfbc5b5268e1fecc81b3e5348ca391d00486dfe67d70", "e5db44290dea09182ee4383925805ee3bc901966cba16d7c05704b5a01eed95a", "4f7473bb503c036c12d8e5850f3aaeb1c8abe9cab4dd8b16314f258999eaa5cf"], "mitre_attack_tags": ["TA0004", "T1068"]}, {"bi": "process-read-ie-cookies", "hashes": ["8837ded9097e82948c53a4c875d66ff10271127e93702f89a8e4a9265625564d", "31e2b0639ccb2499f79c4d45a037a1b6db52e4d0145605076d5a3b28fe564566", "cb998389d745287bc242eb23fe128d50bb42198b6e2cf7092e9576471cf25a38", "ee0ca0f158ba207090b00152ac85b17e4ba097335bcf9242ca8246e849bcf537", "d89d2f295b2a07e6bf0bf6c2a1b47c8221700746b781a5e537099c212da6b06b", "d91e331d39b96788c6c7fb7ab3bf652d46f53be628331a7753ed1955e5f717be", "3113c2ac299a173a07ea6de7da87a2f2f29ed95e509b9dc6e7128ea9a8796266", "10a0df06ed33b5ed2771a316abc7cc9a621c2097fa9a4522d9c0ac31c4953b70", "046979df42da0affa983d6c73be7ad19afacbb6a05a28855cd302a24624ebb97", "6fd825e2bddea82cbc88fccbfdd50f425aa05047ffab0b511fb55c3f85ae88e4", "91df821cfa7634ff2b6e08a73533885f3ed24c19aa61d3f5d5e346b97d1f1590", "acbbd4b0c721c51bd9e510823659b521536ce43aad5eb324783c1c9e03e94974", "4559e437ee99d1f7cf2727597e030fade0c452c3ae0649e4669306372522db22", "2bce73c239a95080211fbfbc5b5268e1fecc81b3e5348ca391d00486dfe67d70", "e5db44290dea09182ee4383925805ee3bc901966cba16d7c05704b5a01eed95a", "4f7473bb503c036c12d8e5850f3aaeb1c8abe9cab4dd8b16314f258999eaa5cf"], "mitre_attack_tags": ["TA0009", "T1005", "T1119"]}, {"bi": "process-deletes-many-files", "hashes": ["8837ded9097e82948c53a4c875d66ff10271127e93702f89a8e4a9265625564d", "31e2b0639ccb2499f79c4d45a037a1b6db52e4d0145605076d5a3b28fe564566", "cb998389d745287bc242eb23fe128d50bb42198b6e2cf7092e9576471cf25a38", "ee0ca0f158ba207090b00152ac85b17e4ba097335bcf9242ca8246e849bcf537", "d89d2f295b2a07e6bf0bf6c2a1b47c8221700746b781a5e537099c212da6b06b", "d91e331d39b96788c6c7fb7ab3bf652d46f53be628331a7753ed1955e5f717be", "3113c2ac299a173a07ea6de7da87a2f2f29ed95e509b9dc6e7128ea9a8796266", "10a0df06ed33b5ed2771a316abc7cc9a621c2097fa9a4522d9c0ac31c4953b70", "046979df42da0affa983d6c73be7ad19afacbb6a05a28855cd302a24624ebb97", "6fd825e2bddea82cbc88fccbfdd50f425aa05047ffab0b511fb55c3f85ae88e4", "91df821cfa7634ff2b6e08a73533885f3ed24c19aa61d3f5d5e346b97d1f1590", "acbbd4b0c721c51bd9e510823659b521536ce43aad5eb324783c1c9e03e94974", "4559e437ee99d1f7cf2727597e030fade0c452c3ae0649e4669306372522db22", "2bce73c239a95080211fbfbc5b5268e1fecc81b3e5348ca391d00486dfe67d70", "e5db44290dea09182ee4383925805ee3bc901966cba16d7c05704b5a01eed95a", "4f7473bb503c036c12d8e5850f3aaeb1c8abe9cab4dd8b16314f258999eaa5cf"], "mitre_attack_tags": []}, {"bi": "malware-ransomware-teslacrypt-31", "hashes": ["8837ded9097e82948c53a4c875d66ff10271127e93702f89a8e4a9265625564d", "31e2b0639ccb2499f79c4d45a037a1b6db52e4d0145605076d5a3b28fe564566", "cb998389d745287bc242eb23fe128d50bb42198b6e2cf7092e9576471cf25a38", "ee0ca0f158ba207090b00152ac85b17e4ba097335bcf9242ca8246e849bcf537", "d89d2f295b2a07e6bf0bf6c2a1b47c8221700746b781a5e537099c212da6b06b", "d91e331d39b96788c6c7fb7ab3bf652d46f53be628331a7753ed1955e5f717be", "3113c2ac299a173a07ea6de7da87a2f2f29ed95e509b9dc6e7128ea9a8796266", "10a0df06ed33b5ed2771a316abc7cc9a621c2097fa9a4522d9c0ac31c4953b70", "046979df42da0affa983d6c73be7ad19afacbb6a05a28855cd302a24624ebb97", "6fd825e2bddea82cbc88fccbfdd50f425aa05047ffab0b511fb55c3f85ae88e4", "91df821cfa7634ff2b6e08a73533885f3ed24c19aa61d3f5d5e346b97d1f1590", "acbbd4b0c721c51bd9e510823659b521536ce43aad5eb324783c1c9e03e94974", "4559e437ee99d1f7cf2727597e030fade0c452c3ae0649e4669306372522db22", "2bce73c239a95080211fbfbc5b5268e1fecc81b3e5348ca391d00486dfe67d70", "e5db44290dea09182ee4383925805ee3bc901966cba16d7c05704b5a01eed95a", "4f7473bb503c036c12d8e5850f3aaeb1c8abe9cab4dd8b16314f258999eaa5cf"], "mitre_attack_tags": ["TA0040", "T1486"]}, {"bi": "artifact-multiple-extensions", "hashes": ["8837ded9097e82948c53a4c875d66ff10271127e93702f89a8e4a9265625564d", "31e2b0639ccb2499f79c4d45a037a1b6db52e4d0145605076d5a3b28fe564566", "cb998389d745287bc242eb23fe128d50bb42198b6e2cf7092e9576471cf25a38", "ee0ca0f158ba207090b00152ac85b17e4ba097335bcf9242ca8246e849bcf537", "d89d2f295b2a07e6bf0bf6c2a1b47c8221700746b781a5e537099c212da6b06b", "d91e331d39b96788c6c7fb7ab3bf652d46f53be628331a7753ed1955e5f717be", "3113c2ac299a173a07ea6de7da87a2f2f29ed95e509b9dc6e7128ea9a8796266", "10a0df06ed33b5ed2771a316abc7cc9a621c2097fa9a4522d9c0ac31c4953b70", "046979df42da0affa983d6c73be7ad19afacbb6a05a28855cd302a24624ebb97", "6fd825e2bddea82cbc88fccbfdd50f425aa05047ffab0b511fb55c3f85ae88e4", "91df821cfa7634ff2b6e08a73533885f3ed24c19aa61d3f5d5e346b97d1f1590", "acbbd4b0c721c51bd9e510823659b521536ce43aad5eb324783c1c9e03e94974", "4559e437ee99d1f7cf2727597e030fade0c452c3ae0649e4669306372522db22", "2bce73c239a95080211fbfbc5b5268e1fecc81b3e5348ca391d00486dfe67d70", "e5db44290dea09182ee4383925805ee3bc901966cba16d7c05704b5a01eed95a", "4f7473bb503c036c12d8e5850f3aaeb1c8abe9cab4dd8b16314f258999eaa5cf"], "mitre_attack_tags": ["TA0005", "T1036"]}, {"bi": "html-small-file-redirect", "hashes": ["8837ded9097e82948c53a4c875d66ff10271127e93702f89a8e4a9265625564d", "31e2b0639ccb2499f79c4d45a037a1b6db52e4d0145605076d5a3b28fe564566", "cb998389d745287bc242eb23fe128d50bb42198b6e2cf7092e9576471cf25a38", "ee0ca0f158ba207090b00152ac85b17e4ba097335bcf9242ca8246e849bcf537", "d89d2f295b2a07e6bf0bf6c2a1b47c8221700746b781a5e537099c212da6b06b", "d91e331d39b96788c6c7fb7ab3bf652d46f53be628331a7753ed1955e5f717be", "3113c2ac299a173a07ea6de7da87a2f2f29ed95e509b9dc6e7128ea9a8796266", "10a0df06ed33b5ed2771a316abc7cc9a621c2097fa9a4522d9c0ac31c4953b70", "046979df42da0affa983d6c73be7ad19afacbb6a05a28855cd302a24624ebb97", "6fd825e2bddea82cbc88fccbfdd50f425aa05047ffab0b511fb55c3f85ae88e4", "91df821cfa7634ff2b6e08a73533885f3ed24c19aa61d3f5d5e346b97d1f1590", "acbbd4b0c721c51bd9e510823659b521536ce43aad5eb324783c1c9e03e94974", "4559e437ee99d1f7cf2727597e030fade0c452c3ae0649e4669306372522db22", "2bce73c239a95080211fbfbc5b5268e1fecc81b3e5348ca391d00486dfe67d70", "e5db44290dea09182ee4383925805ee3bc901966cba16d7c05704b5a01eed95a", "4f7473bb503c036c12d8e5850f3aaeb1c8abe9cab4dd8b16314f258999eaa5cf"], "mitre_attack_tags": []}, {"bi": "malware-generic-infostealer", "hashes": ["8837ded9097e82948c53a4c875d66ff10271127e93702f89a8e4a9265625564d", "31e2b0639ccb2499f79c4d45a037a1b6db52e4d0145605076d5a3b28fe564566", "cb998389d745287bc242eb23fe128d50bb42198b6e2cf7092e9576471cf25a38", "ee0ca0f158ba207090b00152ac85b17e4ba097335bcf9242ca8246e849bcf537", "d89d2f295b2a07e6bf0bf6c2a1b47c8221700746b781a5e537099c212da6b06b", "d91e331d39b96788c6c7fb7ab3bf652d46f53be628331a7753ed1955e5f717be", "3113c2ac299a173a07ea6de7da87a2f2f29ed95e509b9dc6e7128ea9a8796266", "10a0df06ed33b5ed2771a316abc7cc9a621c2097fa9a4522d9c0ac31c4953b70", "046979df42da0affa983d6c73be7ad19afacbb6a05a28855cd302a24624ebb97", "6fd825e2bddea82cbc88fccbfdd50f425aa05047ffab0b511fb55c3f85ae88e4", "91df821cfa7634ff2b6e08a73533885f3ed24c19aa61d3f5d5e346b97d1f1590", "acbbd4b0c721c51bd9e510823659b521536ce43aad5eb324783c1c9e03e94974", "4559e437ee99d1f7cf2727597e030fade0c452c3ae0649e4669306372522db22", "2bce73c239a95080211fbfbc5b5268e1fecc81b3e5348ca391d00486dfe67d70", "e5db44290dea09182ee4383925805ee3bc901966cba16d7c05704b5a01eed95a", "4f7473bb503c036c12d8e5850f3aaeb1c8abe9cab4dd8b16314f258999eaa5cf"], "mitre_attack_tags": ["TA0007", "TA0009", "TA0006", "T1083", "T1005", "T1119", "T1552"]}, {"bi": "enumeration-email-program-information", "hashes": ["8837ded9097e82948c53a4c875d66ff10271127e93702f89a8e4a9265625564d", "31e2b0639ccb2499f79c4d45a037a1b6db52e4d0145605076d5a3b28fe564566", "cb998389d745287bc242eb23fe128d50bb42198b6e2cf7092e9576471cf25a38", "ee0ca0f158ba207090b00152ac85b17e4ba097335bcf9242ca8246e849bcf537", "d89d2f295b2a07e6bf0bf6c2a1b47c8221700746b781a5e537099c212da6b06b", "d91e331d39b96788c6c7fb7ab3bf652d46f53be628331a7753ed1955e5f717be", "3113c2ac299a173a07ea6de7da87a2f2f29ed95e509b9dc6e7128ea9a8796266", "10a0df06ed33b5ed2771a316abc7cc9a621c2097fa9a4522d9c0ac31c4953b70", "046979df42da0affa983d6c73be7ad19afacbb6a05a28855cd302a24624ebb97", "6fd825e2bddea82cbc88fccbfdd50f425aa05047ffab0b511fb55c3f85ae88e4", "91df821cfa7634ff2b6e08a73533885f3ed24c19aa61d3f5d5e346b97d1f1590", "acbbd4b0c721c51bd9e510823659b521536ce43aad5eb324783c1c9e03e94974", "4559e437ee99d1f7cf2727597e030fade0c452c3ae0649e4669306372522db22", "2bce73c239a95080211fbfbc5b5268e1fecc81b3e5348ca391d00486dfe67d70", "e5db44290dea09182ee4383925805ee3bc901966cba16d7c05704b5a01eed95a", "4f7473bb503c036c12d8e5850f3aaeb1c8abe9cab4dd8b16314f258999eaa5cf"], "mitre_attack_tags": ["TA0007", "TA0009", "TA0006", "T1083", "T1087", "T1005", "T1119", "T1114", "T1552"]}, {"bi": "process-check-zone-identifier", "hashes": ["8837ded9097e82948c53a4c875d66ff10271127e93702f89a8e4a9265625564d", "31e2b0639ccb2499f79c4d45a037a1b6db52e4d0145605076d5a3b28fe564566", "cb998389d745287bc242eb23fe128d50bb42198b6e2cf7092e9576471cf25a38", "ee0ca0f158ba207090b00152ac85b17e4ba097335bcf9242ca8246e849bcf537", "d89d2f295b2a07e6bf0bf6c2a1b47c8221700746b781a5e537099c212da6b06b", "d91e331d39b96788c6c7fb7ab3bf652d46f53be628331a7753ed1955e5f717be", "3113c2ac299a173a07ea6de7da87a2f2f29ed95e509b9dc6e7128ea9a8796266", "10a0df06ed33b5ed2771a316abc7cc9a621c2097fa9a4522d9c0ac31c4953b70", "046979df42da0affa983d6c73be7ad19afacbb6a05a28855cd302a24624ebb97", "6fd825e2bddea82cbc88fccbfdd50f425aa05047ffab0b511fb55c3f85ae88e4", "91df821cfa7634ff2b6e08a73533885f3ed24c19aa61d3f5d5e346b97d1f1590", "acbbd4b0c721c51bd9e510823659b521536ce43aad5eb324783c1c9e03e94974", "4559e437ee99d1f7cf2727597e030fade0c452c3ae0649e4669306372522db22", "2bce73c239a95080211fbfbc5b5268e1fecc81b3e5348ca391d00486dfe67d70", "e5db44290dea09182ee4383925805ee3bc901966cba16d7c05704b5a01eed95a", "4f7473bb503c036c12d8e5850f3aaeb1c8abe9cab4dd8b16314f258999eaa5cf"], "mitre_attack_tags": ["TA0007", "TA0005", "T1518", "T1553"]}, {"bi": "artifact-rss-feeds", "hashes": ["8837ded9097e82948c53a4c875d66ff10271127e93702f89a8e4a9265625564d", "31e2b0639ccb2499f79c4d45a037a1b6db52e4d0145605076d5a3b28fe564566", "cb998389d745287bc242eb23fe128d50bb42198b6e2cf7092e9576471cf25a38", "ee0ca0f158ba207090b00152ac85b17e4ba097335bcf9242ca8246e849bcf537", "d89d2f295b2a07e6bf0bf6c2a1b47c8221700746b781a5e537099c212da6b06b", "d91e331d39b96788c6c7fb7ab3bf652d46f53be628331a7753ed1955e5f717be", "3113c2ac299a173a07ea6de7da87a2f2f29ed95e509b9dc6e7128ea9a8796266", "10a0df06ed33b5ed2771a316abc7cc9a621c2097fa9a4522d9c0ac31c4953b70", "046979df42da0affa983d6c73be7ad19afacbb6a05a28855cd302a24624ebb97", "6fd825e2bddea82cbc88fccbfdd50f425aa05047ffab0b511fb55c3f85ae88e4", "91df821cfa7634ff2b6e08a73533885f3ed24c19aa61d3f5d5e346b97d1f1590", "acbbd4b0c721c51bd9e510823659b521536ce43aad5eb324783c1c9e03e94974", "4559e437ee99d1f7cf2727597e030fade0c452c3ae0649e4669306372522db22", "2bce73c239a95080211fbfbc5b5268e1fecc81b3e5348ca391d00486dfe67d70", "e5db44290dea09182ee4383925805ee3bc901966cba16d7c05704b5a01eed95a", "4f7473bb503c036c12d8e5850f3aaeb1c8abe9cab4dd8b16314f258999eaa5cf"], "mitre_attack_tags": ["TA0005", "T1564"]}, {"bi": "html-page-not-found", "hashes": ["8837ded9097e82948c53a4c875d66ff10271127e93702f89a8e4a9265625564d", "31e2b0639ccb2499f79c4d45a037a1b6db52e4d0145605076d5a3b28fe564566", "cb998389d745287bc242eb23fe128d50bb42198b6e2cf7092e9576471cf25a38", "ee0ca0f158ba207090b00152ac85b17e4ba097335bcf9242ca8246e849bcf537", "d89d2f295b2a07e6bf0bf6c2a1b47c8221700746b781a5e537099c212da6b06b", "d91e331d39b96788c6c7fb7ab3bf652d46f53be628331a7753ed1955e5f717be", "3113c2ac299a173a07ea6de7da87a2f2f29ed95e509b9dc6e7128ea9a8796266", "10a0df06ed33b5ed2771a316abc7cc9a621c2097fa9a4522d9c0ac31c4953b70", "046979df42da0affa983d6c73be7ad19afacbb6a05a28855cd302a24624ebb97", "6fd825e2bddea82cbc88fccbfdd50f425aa05047ffab0b511fb55c3f85ae88e4", "91df821cfa7634ff2b6e08a73533885f3ed24c19aa61d3f5d5e346b97d1f1590", "acbbd4b0c721c51bd9e510823659b521536ce43aad5eb324783c1c9e03e94974", "4559e437ee99d1f7cf2727597e030fade0c452c3ae0649e4669306372522db22", "2bce73c239a95080211fbfbc5b5268e1fecc81b3e5348ca391d00486dfe67d70", "e5db44290dea09182ee4383925805ee3bc901966cba16d7c05704b5a01eed95a", "4f7473bb503c036c12d8e5850f3aaeb1c8abe9cab4dd8b16314f258999eaa5cf"], "mitre_attack_tags": []}, {"bi": "html-malicious-page-not-found", "hashes": ["8837ded9097e82948c53a4c875d66ff10271127e93702f89a8e4a9265625564d", "31e2b0639ccb2499f79c4d45a037a1b6db52e4d0145605076d5a3b28fe564566", "cb998389d745287bc242eb23fe128d50bb42198b6e2cf7092e9576471cf25a38", "ee0ca0f158ba207090b00152ac85b17e4ba097335bcf9242ca8246e849bcf537", "d89d2f295b2a07e6bf0bf6c2a1b47c8221700746b781a5e537099c212da6b06b", "d91e331d39b96788c6c7fb7ab3bf652d46f53be628331a7753ed1955e5f717be", "3113c2ac299a173a07ea6de7da87a2f2f29ed95e509b9dc6e7128ea9a8796266", "10a0df06ed33b5ed2771a316abc7cc9a621c2097fa9a4522d9c0ac31c4953b70", "046979df42da0affa983d6c73be7ad19afacbb6a05a28855cd302a24624ebb97", "6fd825e2bddea82cbc88fccbfdd50f425aa05047ffab0b511fb55c3f85ae88e4", "91df821cfa7634ff2b6e08a73533885f3ed24c19aa61d3f5d5e346b97d1f1590", "acbbd4b0c721c51bd9e510823659b521536ce43aad5eb324783c1c9e03e94974", "4559e437ee99d1f7cf2727597e030fade0c452c3ae0649e4669306372522db22", "2bce73c239a95080211fbfbc5b5268e1fecc81b3e5348ca391d00486dfe67d70", "e5db44290dea09182ee4383925805ee3bc901966cba16d7c05704b5a01eed95a", "4f7473bb503c036c12d8e5850f3aaeb1c8abe9cab4dd8b16314f258999eaa5cf"], "mitre_attack_tags": []}, {"bi": "network-fast-flux-nameserver", "hashes": ["8837ded9097e82948c53a4c875d66ff10271127e93702f89a8e4a9265625564d", "31e2b0639ccb2499f79c4d45a037a1b6db52e4d0145605076d5a3b28fe564566", "d91e331d39b96788c6c7fb7ab3bf652d46f53be628331a7753ed1955e5f717be"], "mitre_attack_tags": []}, {"bi": "feed-domain-rat", "hashes": ["8837ded9097e82948c53a4c875d66ff10271127e93702f89a8e4a9265625564d"], "mitre_attack_tags": []}, {"bi": "malware-known-trojan-av", "hashes": ["8837ded9097e82948c53a4c875d66ff10271127e93702f89a8e4a9265625564d"], "mitre_attack_tags": []}], "category": "Ransomware", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": true, "Threat Grid": true, "Umbrella": true, "WSA": true}, "description": "TeslaCrypt is a well-known ransomware family that encrypts a user's files with strong encryption and demands Bitcoin in exchange for a file decryption service. A flaw in the encryption algorithm was discovered that allowed files to be decrypted without paying the extortion request, and eventually, the malware developers released the master key allowing all encrypted files to be recovered easily.", "hashes": ["046979df42da0affa983d6c73be7ad19afacbb6a05a28855cd302a24624ebb97", "10a0df06ed33b5ed2771a316abc7cc9a621c2097fa9a4522d9c0ac31c4953b70", "2bce73c239a95080211fbfbc5b5268e1fecc81b3e5348ca391d00486dfe67d70", "3113c2ac299a173a07ea6de7da87a2f2f29ed95e509b9dc6e7128ea9a8796266", "31e2b0639ccb2499f79c4d45a037a1b6db52e4d0145605076d5a3b28fe564566", "4559e437ee99d1f7cf2727597e030fade0c452c3ae0649e4669306372522db22", "4f7473bb503c036c12d8e5850f3aaeb1c8abe9cab4dd8b16314f258999eaa5cf", "6fd825e2bddea82cbc88fccbfdd50f425aa05047ffab0b511fb55c3f85ae88e4", "8837ded9097e82948c53a4c875d66ff10271127e93702f89a8e4a9265625564d", "91df821cfa7634ff2b6e08a73533885f3ed24c19aa61d3f5d5e346b97d1f1590", "acbbd4b0c721c51bd9e510823659b521536ce43aad5eb324783c1c9e03e94974", "cb998389d745287bc242eb23fe128d50bb42198b6e2cf7092e9576471cf25a38", "d89d2f295b2a07e6bf0bf6c2a1b47c8221700746b781a5e537099c212da6b06b", "d91e331d39b96788c6c7fb7ab3bf652d46f53be628331a7753ed1955e5f717be", "e5db44290dea09182ee4383925805ee3bc901966cba16d7c05704b5a01eed95a", "ee0ca0f158ba207090b00152ac85b17e4ba097335bcf9242ca8246e849bcf537"], "iocs": {"domain": [{"hashes": ["046979df42da0affa983d6c73be7ad19afacbb6a05a28855cd302a24624ebb97", "10a0df06ed33b5ed2771a316abc7cc9a621c2097fa9a4522d9c0ac31c4953b70", "2bce73c239a95080211fbfbc5b5268e1fecc81b3e5348ca391d00486dfe67d70", "3113c2ac299a173a07ea6de7da87a2f2f29ed95e509b9dc6e7128ea9a8796266", "31e2b0639ccb2499f79c4d45a037a1b6db52e4d0145605076d5a3b28fe564566", "4559e437ee99d1f7cf2727597e030fade0c452c3ae0649e4669306372522db22", "4f7473bb503c036c12d8e5850f3aaeb1c8abe9cab4dd8b16314f258999eaa5cf", "6fd825e2bddea82cbc88fccbfdd50f425aa05047ffab0b511fb55c3f85ae88e4", "8837ded9097e82948c53a4c875d66ff10271127e93702f89a8e4a9265625564d", "91df821cfa7634ff2b6e08a73533885f3ed24c19aa61d3f5d5e346b97d1f1590", "acbbd4b0c721c51bd9e510823659b521536ce43aad5eb324783c1c9e03e94974", "cb998389d745287bc242eb23fe128d50bb42198b6e2cf7092e9576471cf25a38", "d89d2f295b2a07e6bf0bf6c2a1b47c8221700746b781a5e537099c212da6b06b", "d91e331d39b96788c6c7fb7ab3bf652d46f53be628331a7753ed1955e5f717be", "e5db44290dea09182ee4383925805ee3bc901966cba16d7c05704b5a01eed95a", "ee0ca0f158ba207090b00152ac85b17e4ba097335bcf9242ca8246e849bcf537"], "host": "biocarbon[.]com[.]ec"}, {"hashes": ["046979df42da0affa983d6c73be7ad19afacbb6a05a28855cd302a24624ebb97", "10a0df06ed33b5ed2771a316abc7cc9a621c2097fa9a4522d9c0ac31c4953b70", "2bce73c239a95080211fbfbc5b5268e1fecc81b3e5348ca391d00486dfe67d70", "3113c2ac299a173a07ea6de7da87a2f2f29ed95e509b9dc6e7128ea9a8796266", "31e2b0639ccb2499f79c4d45a037a1b6db52e4d0145605076d5a3b28fe564566", "4559e437ee99d1f7cf2727597e030fade0c452c3ae0649e4669306372522db22", "4f7473bb503c036c12d8e5850f3aaeb1c8abe9cab4dd8b16314f258999eaa5cf", "6fd825e2bddea82cbc88fccbfdd50f425aa05047ffab0b511fb55c3f85ae88e4", "8837ded9097e82948c53a4c875d66ff10271127e93702f89a8e4a9265625564d", "91df821cfa7634ff2b6e08a73533885f3ed24c19aa61d3f5d5e346b97d1f1590", "acbbd4b0c721c51bd9e510823659b521536ce43aad5eb324783c1c9e03e94974", "cb998389d745287bc242eb23fe128d50bb42198b6e2cf7092e9576471cf25a38", "d89d2f295b2a07e6bf0bf6c2a1b47c8221700746b781a5e537099c212da6b06b", "d91e331d39b96788c6c7fb7ab3bf652d46f53be628331a7753ed1955e5f717be", "e5db44290dea09182ee4383925805ee3bc901966cba16d7c05704b5a01eed95a", "ee0ca0f158ba207090b00152ac85b17e4ba097335bcf9242ca8246e849bcf537"], "host": "imagescroll[.]com"}, {"hashes": ["046979df42da0affa983d6c73be7ad19afacbb6a05a28855cd302a24624ebb97", "10a0df06ed33b5ed2771a316abc7cc9a621c2097fa9a4522d9c0ac31c4953b70", "2bce73c239a95080211fbfbc5b5268e1fecc81b3e5348ca391d00486dfe67d70", "3113c2ac299a173a07ea6de7da87a2f2f29ed95e509b9dc6e7128ea9a8796266", "31e2b0639ccb2499f79c4d45a037a1b6db52e4d0145605076d5a3b28fe564566", "4559e437ee99d1f7cf2727597e030fade0c452c3ae0649e4669306372522db22", "4f7473bb503c036c12d8e5850f3aaeb1c8abe9cab4dd8b16314f258999eaa5cf", "6fd825e2bddea82cbc88fccbfdd50f425aa05047ffab0b511fb55c3f85ae88e4", "8837ded9097e82948c53a4c875d66ff10271127e93702f89a8e4a9265625564d", "91df821cfa7634ff2b6e08a73533885f3ed24c19aa61d3f5d5e346b97d1f1590", "acbbd4b0c721c51bd9e510823659b521536ce43aad5eb324783c1c9e03e94974", "cb998389d745287bc242eb23fe128d50bb42198b6e2cf7092e9576471cf25a38", "d89d2f295b2a07e6bf0bf6c2a1b47c8221700746b781a5e537099c212da6b06b", "d91e331d39b96788c6c7fb7ab3bf652d46f53be628331a7753ed1955e5f717be", "e5db44290dea09182ee4383925805ee3bc901966cba16d7c05704b5a01eed95a", "ee0ca0f158ba207090b00152ac85b17e4ba097335bcf9242ca8246e849bcf537"], "host": "music[.]mbsaeger[.]com"}, {"hashes": ["046979df42da0affa983d6c73be7ad19afacbb6a05a28855cd302a24624ebb97", "10a0df06ed33b5ed2771a316abc7cc9a621c2097fa9a4522d9c0ac31c4953b70", "2bce73c239a95080211fbfbc5b5268e1fecc81b3e5348ca391d00486dfe67d70", "3113c2ac299a173a07ea6de7da87a2f2f29ed95e509b9dc6e7128ea9a8796266", "31e2b0639ccb2499f79c4d45a037a1b6db52e4d0145605076d5a3b28fe564566", "4559e437ee99d1f7cf2727597e030fade0c452c3ae0649e4669306372522db22", "4f7473bb503c036c12d8e5850f3aaeb1c8abe9cab4dd8b16314f258999eaa5cf", "6fd825e2bddea82cbc88fccbfdd50f425aa05047ffab0b511fb55c3f85ae88e4", "8837ded9097e82948c53a4c875d66ff10271127e93702f89a8e4a9265625564d", "91df821cfa7634ff2b6e08a73533885f3ed24c19aa61d3f5d5e346b97d1f1590", "acbbd4b0c721c51bd9e510823659b521536ce43aad5eb324783c1c9e03e94974", "cb998389d745287bc242eb23fe128d50bb42198b6e2cf7092e9576471cf25a38", "d89d2f295b2a07e6bf0bf6c2a1b47c8221700746b781a5e537099c212da6b06b", "d91e331d39b96788c6c7fb7ab3bf652d46f53be628331a7753ed1955e5f717be", "e5db44290dea09182ee4383925805ee3bc901966cba16d7c05704b5a01eed95a", "ee0ca0f158ba207090b00152ac85b17e4ba097335bcf9242ca8246e849bcf537"], "host": "stacon[.]eu"}, {"hashes": ["046979df42da0affa983d6c73be7ad19afacbb6a05a28855cd302a24624ebb97", "10a0df06ed33b5ed2771a316abc7cc9a621c2097fa9a4522d9c0ac31c4953b70", "2bce73c239a95080211fbfbc5b5268e1fecc81b3e5348ca391d00486dfe67d70", "3113c2ac299a173a07ea6de7da87a2f2f29ed95e509b9dc6e7128ea9a8796266", "31e2b0639ccb2499f79c4d45a037a1b6db52e4d0145605076d5a3b28fe564566", "4559e437ee99d1f7cf2727597e030fade0c452c3ae0649e4669306372522db22", "4f7473bb503c036c12d8e5850f3aaeb1c8abe9cab4dd8b16314f258999eaa5cf", "6fd825e2bddea82cbc88fccbfdd50f425aa05047ffab0b511fb55c3f85ae88e4", "8837ded9097e82948c53a4c875d66ff10271127e93702f89a8e4a9265625564d", "91df821cfa7634ff2b6e08a73533885f3ed24c19aa61d3f5d5e346b97d1f1590", "acbbd4b0c721c51bd9e510823659b521536ce43aad5eb324783c1c9e03e94974", "cb998389d745287bc242eb23fe128d50bb42198b6e2cf7092e9576471cf25a38", "d89d2f295b2a07e6bf0bf6c2a1b47c8221700746b781a5e537099c212da6b06b", "d91e331d39b96788c6c7fb7ab3bf652d46f53be628331a7753ed1955e5f717be", "e5db44290dea09182ee4383925805ee3bc901966cba16d7c05704b5a01eed95a", "ee0ca0f158ba207090b00152ac85b17e4ba097335bcf9242ca8246e849bcf537"], "host": "surrogacyandadoption[.]com"}, {"hashes": ["046979df42da0affa983d6c73be7ad19afacbb6a05a28855cd302a24624ebb97", "10a0df06ed33b5ed2771a316abc7cc9a621c2097fa9a4522d9c0ac31c4953b70", "2bce73c239a95080211fbfbc5b5268e1fecc81b3e5348ca391d00486dfe67d70", "3113c2ac299a173a07ea6de7da87a2f2f29ed95e509b9dc6e7128ea9a8796266", "31e2b0639ccb2499f79c4d45a037a1b6db52e4d0145605076d5a3b28fe564566", "4559e437ee99d1f7cf2727597e030fade0c452c3ae0649e4669306372522db22", "4f7473bb503c036c12d8e5850f3aaeb1c8abe9cab4dd8b16314f258999eaa5cf", "6fd825e2bddea82cbc88fccbfdd50f425aa05047ffab0b511fb55c3f85ae88e4", "8837ded9097e82948c53a4c875d66ff10271127e93702f89a8e4a9265625564d", "91df821cfa7634ff2b6e08a73533885f3ed24c19aa61d3f5d5e346b97d1f1590", "acbbd4b0c721c51bd9e510823659b521536ce43aad5eb324783c1c9e03e94974", "cb998389d745287bc242eb23fe128d50bb42198b6e2cf7092e9576471cf25a38", "d89d2f295b2a07e6bf0bf6c2a1b47c8221700746b781a5e537099c212da6b06b", "d91e331d39b96788c6c7fb7ab3bf652d46f53be628331a7753ed1955e5f717be", "e5db44290dea09182ee4383925805ee3bc901966cba16d7c05704b5a01eed95a", "ee0ca0f158ba207090b00152ac85b17e4ba097335bcf9242ca8246e849bcf537"], "host": "worldisonefamily[.]info"}, {"hashes": ["046979df42da0affa983d6c73be7ad19afacbb6a05a28855cd302a24624ebb97", "10a0df06ed33b5ed2771a316abc7cc9a621c2097fa9a4522d9c0ac31c4953b70", "2bce73c239a95080211fbfbc5b5268e1fecc81b3e5348ca391d00486dfe67d70", "3113c2ac299a173a07ea6de7da87a2f2f29ed95e509b9dc6e7128ea9a8796266", "31e2b0639ccb2499f79c4d45a037a1b6db52e4d0145605076d5a3b28fe564566", "4559e437ee99d1f7cf2727597e030fade0c452c3ae0649e4669306372522db22", "4f7473bb503c036c12d8e5850f3aaeb1c8abe9cab4dd8b16314f258999eaa5cf", "6fd825e2bddea82cbc88fccbfdd50f425aa05047ffab0b511fb55c3f85ae88e4", "8837ded9097e82948c53a4c875d66ff10271127e93702f89a8e4a9265625564d", "91df821cfa7634ff2b6e08a73533885f3ed24c19aa61d3f5d5e346b97d1f1590", "acbbd4b0c721c51bd9e510823659b521536ce43aad5eb324783c1c9e03e94974", "cb998389d745287bc242eb23fe128d50bb42198b6e2cf7092e9576471cf25a38", "d89d2f295b2a07e6bf0bf6c2a1b47c8221700746b781a5e537099c212da6b06b", "d91e331d39b96788c6c7fb7ab3bf652d46f53be628331a7753ed1955e5f717be", "e5db44290dea09182ee4383925805ee3bc901966cba16d7c05704b5a01eed95a", "ee0ca0f158ba207090b00152ac85b17e4ba097335bcf9242ca8246e849bcf537"], "host": "apps[.]identrust[.]com"}], "file": [{"hashes": ["046979df42da0affa983d6c73be7ad19afacbb6a05a28855cd302a24624ebb97", "10a0df06ed33b5ed2771a316abc7cc9a621c2097fa9a4522d9c0ac31c4953b70", "2bce73c239a95080211fbfbc5b5268e1fecc81b3e5348ca391d00486dfe67d70", "3113c2ac299a173a07ea6de7da87a2f2f29ed95e509b9dc6e7128ea9a8796266", "31e2b0639ccb2499f79c4d45a037a1b6db52e4d0145605076d5a3b28fe564566", "4559e437ee99d1f7cf2727597e030fade0c452c3ae0649e4669306372522db22", "4f7473bb503c036c12d8e5850f3aaeb1c8abe9cab4dd8b16314f258999eaa5cf", "6fd825e2bddea82cbc88fccbfdd50f425aa05047ffab0b511fb55c3f85ae88e4", "8837ded9097e82948c53a4c875d66ff10271127e93702f89a8e4a9265625564d", "91df821cfa7634ff2b6e08a73533885f3ed24c19aa61d3f5d5e346b97d1f1590", "acbbd4b0c721c51bd9e510823659b521536ce43aad5eb324783c1c9e03e94974", "cb998389d745287bc242eb23fe128d50bb42198b6e2cf7092e9576471cf25a38", "d89d2f295b2a07e6bf0bf6c2a1b47c8221700746b781a5e537099c212da6b06b", "d91e331d39b96788c6c7fb7ab3bf652d46f53be628331a7753ed1955e5f717be", "e5db44290dea09182ee4383925805ee3bc901966cba16d7c05704b5a01eed95a", "ee0ca0f158ba207090b00152ac85b17e4ba097335bcf9242ca8246e849bcf537"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$I08BO8F.xlsx"}, {"hashes": ["046979df42da0affa983d6c73be7ad19afacbb6a05a28855cd302a24624ebb97", "10a0df06ed33b5ed2771a316abc7cc9a621c2097fa9a4522d9c0ac31c4953b70", "2bce73c239a95080211fbfbc5b5268e1fecc81b3e5348ca391d00486dfe67d70", "3113c2ac299a173a07ea6de7da87a2f2f29ed95e509b9dc6e7128ea9a8796266", "31e2b0639ccb2499f79c4d45a037a1b6db52e4d0145605076d5a3b28fe564566", "4559e437ee99d1f7cf2727597e030fade0c452c3ae0649e4669306372522db22", "4f7473bb503c036c12d8e5850f3aaeb1c8abe9cab4dd8b16314f258999eaa5cf", "6fd825e2bddea82cbc88fccbfdd50f425aa05047ffab0b511fb55c3f85ae88e4", "8837ded9097e82948c53a4c875d66ff10271127e93702f89a8e4a9265625564d", "91df821cfa7634ff2b6e08a73533885f3ed24c19aa61d3f5d5e346b97d1f1590", "acbbd4b0c721c51bd9e510823659b521536ce43aad5eb324783c1c9e03e94974", "cb998389d745287bc242eb23fe128d50bb42198b6e2cf7092e9576471cf25a38", "d89d2f295b2a07e6bf0bf6c2a1b47c8221700746b781a5e537099c212da6b06b", "d91e331d39b96788c6c7fb7ab3bf652d46f53be628331a7753ed1955e5f717be", "e5db44290dea09182ee4383925805ee3bc901966cba16d7c05704b5a01eed95a", "ee0ca0f158ba207090b00152ac85b17e4ba097335bcf9242ca8246e849bcf537"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$I11KHR4.doc"}, {"hashes": ["046979df42da0affa983d6c73be7ad19afacbb6a05a28855cd302a24624ebb97", "10a0df06ed33b5ed2771a316abc7cc9a621c2097fa9a4522d9c0ac31c4953b70", "2bce73c239a95080211fbfbc5b5268e1fecc81b3e5348ca391d00486dfe67d70", "3113c2ac299a173a07ea6de7da87a2f2f29ed95e509b9dc6e7128ea9a8796266", "31e2b0639ccb2499f79c4d45a037a1b6db52e4d0145605076d5a3b28fe564566", "4559e437ee99d1f7cf2727597e030fade0c452c3ae0649e4669306372522db22", "4f7473bb503c036c12d8e5850f3aaeb1c8abe9cab4dd8b16314f258999eaa5cf", "6fd825e2bddea82cbc88fccbfdd50f425aa05047ffab0b511fb55c3f85ae88e4", "8837ded9097e82948c53a4c875d66ff10271127e93702f89a8e4a9265625564d", "91df821cfa7634ff2b6e08a73533885f3ed24c19aa61d3f5d5e346b97d1f1590", "acbbd4b0c721c51bd9e510823659b521536ce43aad5eb324783c1c9e03e94974", "cb998389d745287bc242eb23fe128d50bb42198b6e2cf7092e9576471cf25a38", "d89d2f295b2a07e6bf0bf6c2a1b47c8221700746b781a5e537099c212da6b06b", "d91e331d39b96788c6c7fb7ab3bf652d46f53be628331a7753ed1955e5f717be", "e5db44290dea09182ee4383925805ee3bc901966cba16d7c05704b5a01eed95a", "ee0ca0f158ba207090b00152ac85b17e4ba097335bcf9242ca8246e849bcf537"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$I5QKHLN.doc"}, {"hashes": ["046979df42da0affa983d6c73be7ad19afacbb6a05a28855cd302a24624ebb97", "10a0df06ed33b5ed2771a316abc7cc9a621c2097fa9a4522d9c0ac31c4953b70", "2bce73c239a95080211fbfbc5b5268e1fecc81b3e5348ca391d00486dfe67d70", "3113c2ac299a173a07ea6de7da87a2f2f29ed95e509b9dc6e7128ea9a8796266", "31e2b0639ccb2499f79c4d45a037a1b6db52e4d0145605076d5a3b28fe564566", "4559e437ee99d1f7cf2727597e030fade0c452c3ae0649e4669306372522db22", "4f7473bb503c036c12d8e5850f3aaeb1c8abe9cab4dd8b16314f258999eaa5cf", "6fd825e2bddea82cbc88fccbfdd50f425aa05047ffab0b511fb55c3f85ae88e4", "8837ded9097e82948c53a4c875d66ff10271127e93702f89a8e4a9265625564d", "91df821cfa7634ff2b6e08a73533885f3ed24c19aa61d3f5d5e346b97d1f1590", "acbbd4b0c721c51bd9e510823659b521536ce43aad5eb324783c1c9e03e94974", "cb998389d745287bc242eb23fe128d50bb42198b6e2cf7092e9576471cf25a38", "d89d2f295b2a07e6bf0bf6c2a1b47c8221700746b781a5e537099c212da6b06b", "d91e331d39b96788c6c7fb7ab3bf652d46f53be628331a7753ed1955e5f717be", "e5db44290dea09182ee4383925805ee3bc901966cba16d7c05704b5a01eed95a", "ee0ca0f158ba207090b00152ac85b17e4ba097335bcf9242ca8246e849bcf537"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$I62TWBD.ppt"}, {"hashes": ["046979df42da0affa983d6c73be7ad19afacbb6a05a28855cd302a24624ebb97", "10a0df06ed33b5ed2771a316abc7cc9a621c2097fa9a4522d9c0ac31c4953b70", "2bce73c239a95080211fbfbc5b5268e1fecc81b3e5348ca391d00486dfe67d70", "3113c2ac299a173a07ea6de7da87a2f2f29ed95e509b9dc6e7128ea9a8796266", "31e2b0639ccb2499f79c4d45a037a1b6db52e4d0145605076d5a3b28fe564566", "4559e437ee99d1f7cf2727597e030fade0c452c3ae0649e4669306372522db22", "4f7473bb503c036c12d8e5850f3aaeb1c8abe9cab4dd8b16314f258999eaa5cf", "6fd825e2bddea82cbc88fccbfdd50f425aa05047ffab0b511fb55c3f85ae88e4", "8837ded9097e82948c53a4c875d66ff10271127e93702f89a8e4a9265625564d", "91df821cfa7634ff2b6e08a73533885f3ed24c19aa61d3f5d5e346b97d1f1590", "acbbd4b0c721c51bd9e510823659b521536ce43aad5eb324783c1c9e03e94974", "cb998389d745287bc242eb23fe128d50bb42198b6e2cf7092e9576471cf25a38", "d89d2f295b2a07e6bf0bf6c2a1b47c8221700746b781a5e537099c212da6b06b", "d91e331d39b96788c6c7fb7ab3bf652d46f53be628331a7753ed1955e5f717be", "e5db44290dea09182ee4383925805ee3bc901966cba16d7c05704b5a01eed95a", "ee0ca0f158ba207090b00152ac85b17e4ba097335bcf9242ca8246e849bcf537"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$I6FZORX.doc"}, {"hashes": ["046979df42da0affa983d6c73be7ad19afacbb6a05a28855cd302a24624ebb97", "10a0df06ed33b5ed2771a316abc7cc9a621c2097fa9a4522d9c0ac31c4953b70", "2bce73c239a95080211fbfbc5b5268e1fecc81b3e5348ca391d00486dfe67d70", "3113c2ac299a173a07ea6de7da87a2f2f29ed95e509b9dc6e7128ea9a8796266", "31e2b0639ccb2499f79c4d45a037a1b6db52e4d0145605076d5a3b28fe564566", "4559e437ee99d1f7cf2727597e030fade0c452c3ae0649e4669306372522db22", "4f7473bb503c036c12d8e5850f3aaeb1c8abe9cab4dd8b16314f258999eaa5cf", "6fd825e2bddea82cbc88fccbfdd50f425aa05047ffab0b511fb55c3f85ae88e4", "8837ded9097e82948c53a4c875d66ff10271127e93702f89a8e4a9265625564d", "91df821cfa7634ff2b6e08a73533885f3ed24c19aa61d3f5d5e346b97d1f1590", "acbbd4b0c721c51bd9e510823659b521536ce43aad5eb324783c1c9e03e94974", "cb998389d745287bc242eb23fe128d50bb42198b6e2cf7092e9576471cf25a38", "d89d2f295b2a07e6bf0bf6c2a1b47c8221700746b781a5e537099c212da6b06b", "d91e331d39b96788c6c7fb7ab3bf652d46f53be628331a7753ed1955e5f717be", "e5db44290dea09182ee4383925805ee3bc901966cba16d7c05704b5a01eed95a", "ee0ca0f158ba207090b00152ac85b17e4ba097335bcf9242ca8246e849bcf537"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$IABMX83.pdf"}, {"hashes": ["046979df42da0affa983d6c73be7ad19afacbb6a05a28855cd302a24624ebb97", "10a0df06ed33b5ed2771a316abc7cc9a621c2097fa9a4522d9c0ac31c4953b70", "2bce73c239a95080211fbfbc5b5268e1fecc81b3e5348ca391d00486dfe67d70", "3113c2ac299a173a07ea6de7da87a2f2f29ed95e509b9dc6e7128ea9a8796266", "31e2b0639ccb2499f79c4d45a037a1b6db52e4d0145605076d5a3b28fe564566", "4559e437ee99d1f7cf2727597e030fade0c452c3ae0649e4669306372522db22", "4f7473bb503c036c12d8e5850f3aaeb1c8abe9cab4dd8b16314f258999eaa5cf", "6fd825e2bddea82cbc88fccbfdd50f425aa05047ffab0b511fb55c3f85ae88e4", "8837ded9097e82948c53a4c875d66ff10271127e93702f89a8e4a9265625564d", "91df821cfa7634ff2b6e08a73533885f3ed24c19aa61d3f5d5e346b97d1f1590", "acbbd4b0c721c51bd9e510823659b521536ce43aad5eb324783c1c9e03e94974", "cb998389d745287bc242eb23fe128d50bb42198b6e2cf7092e9576471cf25a38", "d89d2f295b2a07e6bf0bf6c2a1b47c8221700746b781a5e537099c212da6b06b", "d91e331d39b96788c6c7fb7ab3bf652d46f53be628331a7753ed1955e5f717be", "e5db44290dea09182ee4383925805ee3bc901966cba16d7c05704b5a01eed95a", "ee0ca0f158ba207090b00152ac85b17e4ba097335bcf9242ca8246e849bcf537"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$IAJ2Y6R.pdf"}, {"hashes": ["046979df42da0affa983d6c73be7ad19afacbb6a05a28855cd302a24624ebb97", "10a0df06ed33b5ed2771a316abc7cc9a621c2097fa9a4522d9c0ac31c4953b70", "2bce73c239a95080211fbfbc5b5268e1fecc81b3e5348ca391d00486dfe67d70", "3113c2ac299a173a07ea6de7da87a2f2f29ed95e509b9dc6e7128ea9a8796266", "31e2b0639ccb2499f79c4d45a037a1b6db52e4d0145605076d5a3b28fe564566", "4559e437ee99d1f7cf2727597e030fade0c452c3ae0649e4669306372522db22", "4f7473bb503c036c12d8e5850f3aaeb1c8abe9cab4dd8b16314f258999eaa5cf", "6fd825e2bddea82cbc88fccbfdd50f425aa05047ffab0b511fb55c3f85ae88e4", "8837ded9097e82948c53a4c875d66ff10271127e93702f89a8e4a9265625564d", "91df821cfa7634ff2b6e08a73533885f3ed24c19aa61d3f5d5e346b97d1f1590", "acbbd4b0c721c51bd9e510823659b521536ce43aad5eb324783c1c9e03e94974", "cb998389d745287bc242eb23fe128d50bb42198b6e2cf7092e9576471cf25a38", "d89d2f295b2a07e6bf0bf6c2a1b47c8221700746b781a5e537099c212da6b06b", "d91e331d39b96788c6c7fb7ab3bf652d46f53be628331a7753ed1955e5f717be", "e5db44290dea09182ee4383925805ee3bc901966cba16d7c05704b5a01eed95a", "ee0ca0f158ba207090b00152ac85b17e4ba097335bcf9242ca8246e849bcf537"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$IALGTCS.xlsx"}, {"hashes": ["046979df42da0affa983d6c73be7ad19afacbb6a05a28855cd302a24624ebb97", "10a0df06ed33b5ed2771a316abc7cc9a621c2097fa9a4522d9c0ac31c4953b70", "2bce73c239a95080211fbfbc5b5268e1fecc81b3e5348ca391d00486dfe67d70", "3113c2ac299a173a07ea6de7da87a2f2f29ed95e509b9dc6e7128ea9a8796266", "31e2b0639ccb2499f79c4d45a037a1b6db52e4d0145605076d5a3b28fe564566", "4559e437ee99d1f7cf2727597e030fade0c452c3ae0649e4669306372522db22", "4f7473bb503c036c12d8e5850f3aaeb1c8abe9cab4dd8b16314f258999eaa5cf", "6fd825e2bddea82cbc88fccbfdd50f425aa05047ffab0b511fb55c3f85ae88e4", "8837ded9097e82948c53a4c875d66ff10271127e93702f89a8e4a9265625564d", "91df821cfa7634ff2b6e08a73533885f3ed24c19aa61d3f5d5e346b97d1f1590", "acbbd4b0c721c51bd9e510823659b521536ce43aad5eb324783c1c9e03e94974", "cb998389d745287bc242eb23fe128d50bb42198b6e2cf7092e9576471cf25a38", "d89d2f295b2a07e6bf0bf6c2a1b47c8221700746b781a5e537099c212da6b06b", "d91e331d39b96788c6c7fb7ab3bf652d46f53be628331a7753ed1955e5f717be", "e5db44290dea09182ee4383925805ee3bc901966cba16d7c05704b5a01eed95a", "ee0ca0f158ba207090b00152ac85b17e4ba097335bcf9242ca8246e849bcf537"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$IGTBBSA.accdb"}, {"hashes": ["046979df42da0affa983d6c73be7ad19afacbb6a05a28855cd302a24624ebb97", "10a0df06ed33b5ed2771a316abc7cc9a621c2097fa9a4522d9c0ac31c4953b70", "2bce73c239a95080211fbfbc5b5268e1fecc81b3e5348ca391d00486dfe67d70", "3113c2ac299a173a07ea6de7da87a2f2f29ed95e509b9dc6e7128ea9a8796266", "31e2b0639ccb2499f79c4d45a037a1b6db52e4d0145605076d5a3b28fe564566", "4559e437ee99d1f7cf2727597e030fade0c452c3ae0649e4669306372522db22", "4f7473bb503c036c12d8e5850f3aaeb1c8abe9cab4dd8b16314f258999eaa5cf", "6fd825e2bddea82cbc88fccbfdd50f425aa05047ffab0b511fb55c3f85ae88e4", "8837ded9097e82948c53a4c875d66ff10271127e93702f89a8e4a9265625564d", "91df821cfa7634ff2b6e08a73533885f3ed24c19aa61d3f5d5e346b97d1f1590", "acbbd4b0c721c51bd9e510823659b521536ce43aad5eb324783c1c9e03e94974", "cb998389d745287bc242eb23fe128d50bb42198b6e2cf7092e9576471cf25a38", "d89d2f295b2a07e6bf0bf6c2a1b47c8221700746b781a5e537099c212da6b06b", "d91e331d39b96788c6c7fb7ab3bf652d46f53be628331a7753ed1955e5f717be", "e5db44290dea09182ee4383925805ee3bc901966cba16d7c05704b5a01eed95a", "ee0ca0f158ba207090b00152ac85b17e4ba097335bcf9242ca8246e849bcf537"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$IH49RPF.ppt"}, {"hashes": ["046979df42da0affa983d6c73be7ad19afacbb6a05a28855cd302a24624ebb97", "10a0df06ed33b5ed2771a316abc7cc9a621c2097fa9a4522d9c0ac31c4953b70", "2bce73c239a95080211fbfbc5b5268e1fecc81b3e5348ca391d00486dfe67d70", "3113c2ac299a173a07ea6de7da87a2f2f29ed95e509b9dc6e7128ea9a8796266", "31e2b0639ccb2499f79c4d45a037a1b6db52e4d0145605076d5a3b28fe564566", "4559e437ee99d1f7cf2727597e030fade0c452c3ae0649e4669306372522db22", "4f7473bb503c036c12d8e5850f3aaeb1c8abe9cab4dd8b16314f258999eaa5cf", "6fd825e2bddea82cbc88fccbfdd50f425aa05047ffab0b511fb55c3f85ae88e4", "8837ded9097e82948c53a4c875d66ff10271127e93702f89a8e4a9265625564d", "91df821cfa7634ff2b6e08a73533885f3ed24c19aa61d3f5d5e346b97d1f1590", "acbbd4b0c721c51bd9e510823659b521536ce43aad5eb324783c1c9e03e94974", "cb998389d745287bc242eb23fe128d50bb42198b6e2cf7092e9576471cf25a38", "d89d2f295b2a07e6bf0bf6c2a1b47c8221700746b781a5e537099c212da6b06b", "d91e331d39b96788c6c7fb7ab3bf652d46f53be628331a7753ed1955e5f717be", "e5db44290dea09182ee4383925805ee3bc901966cba16d7c05704b5a01eed95a", "ee0ca0f158ba207090b00152ac85b17e4ba097335bcf9242ca8246e849bcf537"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$IH71GGR.ppt"}, {"hashes": ["046979df42da0affa983d6c73be7ad19afacbb6a05a28855cd302a24624ebb97", "10a0df06ed33b5ed2771a316abc7cc9a621c2097fa9a4522d9c0ac31c4953b70", "2bce73c239a95080211fbfbc5b5268e1fecc81b3e5348ca391d00486dfe67d70", "3113c2ac299a173a07ea6de7da87a2f2f29ed95e509b9dc6e7128ea9a8796266", "31e2b0639ccb2499f79c4d45a037a1b6db52e4d0145605076d5a3b28fe564566", "4559e437ee99d1f7cf2727597e030fade0c452c3ae0649e4669306372522db22", "4f7473bb503c036c12d8e5850f3aaeb1c8abe9cab4dd8b16314f258999eaa5cf", "6fd825e2bddea82cbc88fccbfdd50f425aa05047ffab0b511fb55c3f85ae88e4", "8837ded9097e82948c53a4c875d66ff10271127e93702f89a8e4a9265625564d", "91df821cfa7634ff2b6e08a73533885f3ed24c19aa61d3f5d5e346b97d1f1590", "acbbd4b0c721c51bd9e510823659b521536ce43aad5eb324783c1c9e03e94974", "cb998389d745287bc242eb23fe128d50bb42198b6e2cf7092e9576471cf25a38", "d89d2f295b2a07e6bf0bf6c2a1b47c8221700746b781a5e537099c212da6b06b", "d91e331d39b96788c6c7fb7ab3bf652d46f53be628331a7753ed1955e5f717be", "e5db44290dea09182ee4383925805ee3bc901966cba16d7c05704b5a01eed95a", "ee0ca0f158ba207090b00152ac85b17e4ba097335bcf9242ca8246e849bcf537"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$IJKODPH.pdf"}, {"hashes": ["046979df42da0affa983d6c73be7ad19afacbb6a05a28855cd302a24624ebb97", "10a0df06ed33b5ed2771a316abc7cc9a621c2097fa9a4522d9c0ac31c4953b70", "2bce73c239a95080211fbfbc5b5268e1fecc81b3e5348ca391d00486dfe67d70", "3113c2ac299a173a07ea6de7da87a2f2f29ed95e509b9dc6e7128ea9a8796266", "31e2b0639ccb2499f79c4d45a037a1b6db52e4d0145605076d5a3b28fe564566", "4559e437ee99d1f7cf2727597e030fade0c452c3ae0649e4669306372522db22", "4f7473bb503c036c12d8e5850f3aaeb1c8abe9cab4dd8b16314f258999eaa5cf", "6fd825e2bddea82cbc88fccbfdd50f425aa05047ffab0b511fb55c3f85ae88e4", "8837ded9097e82948c53a4c875d66ff10271127e93702f89a8e4a9265625564d", "91df821cfa7634ff2b6e08a73533885f3ed24c19aa61d3f5d5e346b97d1f1590", "acbbd4b0c721c51bd9e510823659b521536ce43aad5eb324783c1c9e03e94974", "cb998389d745287bc242eb23fe128d50bb42198b6e2cf7092e9576471cf25a38", "d89d2f295b2a07e6bf0bf6c2a1b47c8221700746b781a5e537099c212da6b06b", "d91e331d39b96788c6c7fb7ab3bf652d46f53be628331a7753ed1955e5f717be", "e5db44290dea09182ee4383925805ee3bc901966cba16d7c05704b5a01eed95a", "ee0ca0f158ba207090b00152ac85b17e4ba097335bcf9242ca8246e849bcf537"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$IJP965K.accdb"}, {"hashes": ["046979df42da0affa983d6c73be7ad19afacbb6a05a28855cd302a24624ebb97", "10a0df06ed33b5ed2771a316abc7cc9a621c2097fa9a4522d9c0ac31c4953b70", "2bce73c239a95080211fbfbc5b5268e1fecc81b3e5348ca391d00486dfe67d70", "3113c2ac299a173a07ea6de7da87a2f2f29ed95e509b9dc6e7128ea9a8796266", "31e2b0639ccb2499f79c4d45a037a1b6db52e4d0145605076d5a3b28fe564566", "4559e437ee99d1f7cf2727597e030fade0c452c3ae0649e4669306372522db22", "4f7473bb503c036c12d8e5850f3aaeb1c8abe9cab4dd8b16314f258999eaa5cf", "6fd825e2bddea82cbc88fccbfdd50f425aa05047ffab0b511fb55c3f85ae88e4", "8837ded9097e82948c53a4c875d66ff10271127e93702f89a8e4a9265625564d", "91df821cfa7634ff2b6e08a73533885f3ed24c19aa61d3f5d5e346b97d1f1590", "acbbd4b0c721c51bd9e510823659b521536ce43aad5eb324783c1c9e03e94974", "cb998389d745287bc242eb23fe128d50bb42198b6e2cf7092e9576471cf25a38", "d89d2f295b2a07e6bf0bf6c2a1b47c8221700746b781a5e537099c212da6b06b", "d91e331d39b96788c6c7fb7ab3bf652d46f53be628331a7753ed1955e5f717be", "e5db44290dea09182ee4383925805ee3bc901966cba16d7c05704b5a01eed95a", "ee0ca0f158ba207090b00152ac85b17e4ba097335bcf9242ca8246e849bcf537"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$IKY5R3M.pdf"}, {"hashes": ["046979df42da0affa983d6c73be7ad19afacbb6a05a28855cd302a24624ebb97", "10a0df06ed33b5ed2771a316abc7cc9a621c2097fa9a4522d9c0ac31c4953b70", "2bce73c239a95080211fbfbc5b5268e1fecc81b3e5348ca391d00486dfe67d70", "3113c2ac299a173a07ea6de7da87a2f2f29ed95e509b9dc6e7128ea9a8796266", "31e2b0639ccb2499f79c4d45a037a1b6db52e4d0145605076d5a3b28fe564566", "4559e437ee99d1f7cf2727597e030fade0c452c3ae0649e4669306372522db22", "4f7473bb503c036c12d8e5850f3aaeb1c8abe9cab4dd8b16314f258999eaa5cf", "6fd825e2bddea82cbc88fccbfdd50f425aa05047ffab0b511fb55c3f85ae88e4", "8837ded9097e82948c53a4c875d66ff10271127e93702f89a8e4a9265625564d", "91df821cfa7634ff2b6e08a73533885f3ed24c19aa61d3f5d5e346b97d1f1590", "acbbd4b0c721c51bd9e510823659b521536ce43aad5eb324783c1c9e03e94974", "cb998389d745287bc242eb23fe128d50bb42198b6e2cf7092e9576471cf25a38", "d89d2f295b2a07e6bf0bf6c2a1b47c8221700746b781a5e537099c212da6b06b", "d91e331d39b96788c6c7fb7ab3bf652d46f53be628331a7753ed1955e5f717be", "e5db44290dea09182ee4383925805ee3bc901966cba16d7c05704b5a01eed95a", "ee0ca0f158ba207090b00152ac85b17e4ba097335bcf9242ca8246e849bcf537"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$IMYCSIT.pdf"}, {"hashes": ["046979df42da0affa983d6c73be7ad19afacbb6a05a28855cd302a24624ebb97", "10a0df06ed33b5ed2771a316abc7cc9a621c2097fa9a4522d9c0ac31c4953b70", "2bce73c239a95080211fbfbc5b5268e1fecc81b3e5348ca391d00486dfe67d70", "3113c2ac299a173a07ea6de7da87a2f2f29ed95e509b9dc6e7128ea9a8796266", "31e2b0639ccb2499f79c4d45a037a1b6db52e4d0145605076d5a3b28fe564566", "4559e437ee99d1f7cf2727597e030fade0c452c3ae0649e4669306372522db22", "4f7473bb503c036c12d8e5850f3aaeb1c8abe9cab4dd8b16314f258999eaa5cf", "6fd825e2bddea82cbc88fccbfdd50f425aa05047ffab0b511fb55c3f85ae88e4", "8837ded9097e82948c53a4c875d66ff10271127e93702f89a8e4a9265625564d", "91df821cfa7634ff2b6e08a73533885f3ed24c19aa61d3f5d5e346b97d1f1590", "acbbd4b0c721c51bd9e510823659b521536ce43aad5eb324783c1c9e03e94974", "cb998389d745287bc242eb23fe128d50bb42198b6e2cf7092e9576471cf25a38", "d89d2f295b2a07e6bf0bf6c2a1b47c8221700746b781a5e537099c212da6b06b", "d91e331d39b96788c6c7fb7ab3bf652d46f53be628331a7753ed1955e5f717be", "e5db44290dea09182ee4383925805ee3bc901966cba16d7c05704b5a01eed95a", "ee0ca0f158ba207090b00152ac85b17e4ba097335bcf9242ca8246e849bcf537"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$ISLP722.doc"}, {"hashes": ["046979df42da0affa983d6c73be7ad19afacbb6a05a28855cd302a24624ebb97", "10a0df06ed33b5ed2771a316abc7cc9a621c2097fa9a4522d9c0ac31c4953b70", "2bce73c239a95080211fbfbc5b5268e1fecc81b3e5348ca391d00486dfe67d70", "3113c2ac299a173a07ea6de7da87a2f2f29ed95e509b9dc6e7128ea9a8796266", "31e2b0639ccb2499f79c4d45a037a1b6db52e4d0145605076d5a3b28fe564566", "4559e437ee99d1f7cf2727597e030fade0c452c3ae0649e4669306372522db22", "4f7473bb503c036c12d8e5850f3aaeb1c8abe9cab4dd8b16314f258999eaa5cf", "6fd825e2bddea82cbc88fccbfdd50f425aa05047ffab0b511fb55c3f85ae88e4", "8837ded9097e82948c53a4c875d66ff10271127e93702f89a8e4a9265625564d", "91df821cfa7634ff2b6e08a73533885f3ed24c19aa61d3f5d5e346b97d1f1590", "acbbd4b0c721c51bd9e510823659b521536ce43aad5eb324783c1c9e03e94974", "cb998389d745287bc242eb23fe128d50bb42198b6e2cf7092e9576471cf25a38", "d89d2f295b2a07e6bf0bf6c2a1b47c8221700746b781a5e537099c212da6b06b", "d91e331d39b96788c6c7fb7ab3bf652d46f53be628331a7753ed1955e5f717be", "e5db44290dea09182ee4383925805ee3bc901966cba16d7c05704b5a01eed95a", "ee0ca0f158ba207090b00152ac85b17e4ba097335bcf9242ca8246e849bcf537"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$IXLC77A.pdf"}, {"hashes": ["046979df42da0affa983d6c73be7ad19afacbb6a05a28855cd302a24624ebb97", "10a0df06ed33b5ed2771a316abc7cc9a621c2097fa9a4522d9c0ac31c4953b70", "2bce73c239a95080211fbfbc5b5268e1fecc81b3e5348ca391d00486dfe67d70", "3113c2ac299a173a07ea6de7da87a2f2f29ed95e509b9dc6e7128ea9a8796266", "31e2b0639ccb2499f79c4d45a037a1b6db52e4d0145605076d5a3b28fe564566", "4559e437ee99d1f7cf2727597e030fade0c452c3ae0649e4669306372522db22", "4f7473bb503c036c12d8e5850f3aaeb1c8abe9cab4dd8b16314f258999eaa5cf", "6fd825e2bddea82cbc88fccbfdd50f425aa05047ffab0b511fb55c3f85ae88e4", "8837ded9097e82948c53a4c875d66ff10271127e93702f89a8e4a9265625564d", "91df821cfa7634ff2b6e08a73533885f3ed24c19aa61d3f5d5e346b97d1f1590", "acbbd4b0c721c51bd9e510823659b521536ce43aad5eb324783c1c9e03e94974", "cb998389d745287bc242eb23fe128d50bb42198b6e2cf7092e9576471cf25a38", "d89d2f295b2a07e6bf0bf6c2a1b47c8221700746b781a5e537099c212da6b06b", "d91e331d39b96788c6c7fb7ab3bf652d46f53be628331a7753ed1955e5f717be", "e5db44290dea09182ee4383925805ee3bc901966cba16d7c05704b5a01eed95a", "ee0ca0f158ba207090b00152ac85b17e4ba097335bcf9242ca8246e849bcf537"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$IXUL2U1.doc"}, {"hashes": ["046979df42da0affa983d6c73be7ad19afacbb6a05a28855cd302a24624ebb97", "10a0df06ed33b5ed2771a316abc7cc9a621c2097fa9a4522d9c0ac31c4953b70", "2bce73c239a95080211fbfbc5b5268e1fecc81b3e5348ca391d00486dfe67d70", "3113c2ac299a173a07ea6de7da87a2f2f29ed95e509b9dc6e7128ea9a8796266", "31e2b0639ccb2499f79c4d45a037a1b6db52e4d0145605076d5a3b28fe564566", "4559e437ee99d1f7cf2727597e030fade0c452c3ae0649e4669306372522db22", "4f7473bb503c036c12d8e5850f3aaeb1c8abe9cab4dd8b16314f258999eaa5cf", "6fd825e2bddea82cbc88fccbfdd50f425aa05047ffab0b511fb55c3f85ae88e4", "8837ded9097e82948c53a4c875d66ff10271127e93702f89a8e4a9265625564d", "91df821cfa7634ff2b6e08a73533885f3ed24c19aa61d3f5d5e346b97d1f1590", "acbbd4b0c721c51bd9e510823659b521536ce43aad5eb324783c1c9e03e94974", "cb998389d745287bc242eb23fe128d50bb42198b6e2cf7092e9576471cf25a38", "d89d2f295b2a07e6bf0bf6c2a1b47c8221700746b781a5e537099c212da6b06b", "d91e331d39b96788c6c7fb7ab3bf652d46f53be628331a7753ed1955e5f717be", "e5db44290dea09182ee4383925805ee3bc901966cba16d7c05704b5a01eed95a", "ee0ca0f158ba207090b00152ac85b17e4ba097335bcf9242ca8246e849bcf537"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$IYSR1FU.ppt"}, {"hashes": ["046979df42da0affa983d6c73be7ad19afacbb6a05a28855cd302a24624ebb97", "10a0df06ed33b5ed2771a316abc7cc9a621c2097fa9a4522d9c0ac31c4953b70", "2bce73c239a95080211fbfbc5b5268e1fecc81b3e5348ca391d00486dfe67d70", "3113c2ac299a173a07ea6de7da87a2f2f29ed95e509b9dc6e7128ea9a8796266", "31e2b0639ccb2499f79c4d45a037a1b6db52e4d0145605076d5a3b28fe564566", "4559e437ee99d1f7cf2727597e030fade0c452c3ae0649e4669306372522db22", "4f7473bb503c036c12d8e5850f3aaeb1c8abe9cab4dd8b16314f258999eaa5cf", "6fd825e2bddea82cbc88fccbfdd50f425aa05047ffab0b511fb55c3f85ae88e4", "8837ded9097e82948c53a4c875d66ff10271127e93702f89a8e4a9265625564d", "91df821cfa7634ff2b6e08a73533885f3ed24c19aa61d3f5d5e346b97d1f1590", "acbbd4b0c721c51bd9e510823659b521536ce43aad5eb324783c1c9e03e94974", "cb998389d745287bc242eb23fe128d50bb42198b6e2cf7092e9576471cf25a38", "d89d2f295b2a07e6bf0bf6c2a1b47c8221700746b781a5e537099c212da6b06b", "d91e331d39b96788c6c7fb7ab3bf652d46f53be628331a7753ed1955e5f717be", "e5db44290dea09182ee4383925805ee3bc901966cba16d7c05704b5a01eed95a", "ee0ca0f158ba207090b00152ac85b17e4ba097335bcf9242ca8246e849bcf537"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$IZ2GMJW.XLSX"}, {"hashes": ["046979df42da0affa983d6c73be7ad19afacbb6a05a28855cd302a24624ebb97", "10a0df06ed33b5ed2771a316abc7cc9a621c2097fa9a4522d9c0ac31c4953b70", "2bce73c239a95080211fbfbc5b5268e1fecc81b3e5348ca391d00486dfe67d70", "3113c2ac299a173a07ea6de7da87a2f2f29ed95e509b9dc6e7128ea9a8796266", "31e2b0639ccb2499f79c4d45a037a1b6db52e4d0145605076d5a3b28fe564566", "4559e437ee99d1f7cf2727597e030fade0c452c3ae0649e4669306372522db22", "4f7473bb503c036c12d8e5850f3aaeb1c8abe9cab4dd8b16314f258999eaa5cf", "6fd825e2bddea82cbc88fccbfdd50f425aa05047ffab0b511fb55c3f85ae88e4", "8837ded9097e82948c53a4c875d66ff10271127e93702f89a8e4a9265625564d", "91df821cfa7634ff2b6e08a73533885f3ed24c19aa61d3f5d5e346b97d1f1590", "acbbd4b0c721c51bd9e510823659b521536ce43aad5eb324783c1c9e03e94974", "cb998389d745287bc242eb23fe128d50bb42198b6e2cf7092e9576471cf25a38", "d89d2f295b2a07e6bf0bf6c2a1b47c8221700746b781a5e537099c212da6b06b", "d91e331d39b96788c6c7fb7ab3bf652d46f53be628331a7753ed1955e5f717be", "e5db44290dea09182ee4383925805ee3bc901966cba16d7c05704b5a01eed95a", "ee0ca0f158ba207090b00152ac85b17e4ba097335bcf9242ca8246e849bcf537"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$R08BO8F.xlsx"}, {"hashes": ["046979df42da0affa983d6c73be7ad19afacbb6a05a28855cd302a24624ebb97", "10a0df06ed33b5ed2771a316abc7cc9a621c2097fa9a4522d9c0ac31c4953b70", "2bce73c239a95080211fbfbc5b5268e1fecc81b3e5348ca391d00486dfe67d70", "3113c2ac299a173a07ea6de7da87a2f2f29ed95e509b9dc6e7128ea9a8796266", "31e2b0639ccb2499f79c4d45a037a1b6db52e4d0145605076d5a3b28fe564566", "4559e437ee99d1f7cf2727597e030fade0c452c3ae0649e4669306372522db22", "4f7473bb503c036c12d8e5850f3aaeb1c8abe9cab4dd8b16314f258999eaa5cf", "6fd825e2bddea82cbc88fccbfdd50f425aa05047ffab0b511fb55c3f85ae88e4", "8837ded9097e82948c53a4c875d66ff10271127e93702f89a8e4a9265625564d", "91df821cfa7634ff2b6e08a73533885f3ed24c19aa61d3f5d5e346b97d1f1590", "acbbd4b0c721c51bd9e510823659b521536ce43aad5eb324783c1c9e03e94974", "cb998389d745287bc242eb23fe128d50bb42198b6e2cf7092e9576471cf25a38", "d89d2f295b2a07e6bf0bf6c2a1b47c8221700746b781a5e537099c212da6b06b", "d91e331d39b96788c6c7fb7ab3bf652d46f53be628331a7753ed1955e5f717be", "e5db44290dea09182ee4383925805ee3bc901966cba16d7c05704b5a01eed95a", "ee0ca0f158ba207090b00152ac85b17e4ba097335bcf9242ca8246e849bcf537"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$R11KHR4.doc"}, {"hashes": ["046979df42da0affa983d6c73be7ad19afacbb6a05a28855cd302a24624ebb97", "10a0df06ed33b5ed2771a316abc7cc9a621c2097fa9a4522d9c0ac31c4953b70", "2bce73c239a95080211fbfbc5b5268e1fecc81b3e5348ca391d00486dfe67d70", "3113c2ac299a173a07ea6de7da87a2f2f29ed95e509b9dc6e7128ea9a8796266", "31e2b0639ccb2499f79c4d45a037a1b6db52e4d0145605076d5a3b28fe564566", "4559e437ee99d1f7cf2727597e030fade0c452c3ae0649e4669306372522db22", "4f7473bb503c036c12d8e5850f3aaeb1c8abe9cab4dd8b16314f258999eaa5cf", "6fd825e2bddea82cbc88fccbfdd50f425aa05047ffab0b511fb55c3f85ae88e4", "8837ded9097e82948c53a4c875d66ff10271127e93702f89a8e4a9265625564d", "91df821cfa7634ff2b6e08a73533885f3ed24c19aa61d3f5d5e346b97d1f1590", "acbbd4b0c721c51bd9e510823659b521536ce43aad5eb324783c1c9e03e94974", "cb998389d745287bc242eb23fe128d50bb42198b6e2cf7092e9576471cf25a38", "d89d2f295b2a07e6bf0bf6c2a1b47c8221700746b781a5e537099c212da6b06b", "d91e331d39b96788c6c7fb7ab3bf652d46f53be628331a7753ed1955e5f717be", "e5db44290dea09182ee4383925805ee3bc901966cba16d7c05704b5a01eed95a", "ee0ca0f158ba207090b00152ac85b17e4ba097335bcf9242ca8246e849bcf537"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$R5QKHLN.doc"}, {"hashes": ["046979df42da0affa983d6c73be7ad19afacbb6a05a28855cd302a24624ebb97", "10a0df06ed33b5ed2771a316abc7cc9a621c2097fa9a4522d9c0ac31c4953b70", "2bce73c239a95080211fbfbc5b5268e1fecc81b3e5348ca391d00486dfe67d70", "3113c2ac299a173a07ea6de7da87a2f2f29ed95e509b9dc6e7128ea9a8796266", "31e2b0639ccb2499f79c4d45a037a1b6db52e4d0145605076d5a3b28fe564566", "4559e437ee99d1f7cf2727597e030fade0c452c3ae0649e4669306372522db22", "4f7473bb503c036c12d8e5850f3aaeb1c8abe9cab4dd8b16314f258999eaa5cf", "6fd825e2bddea82cbc88fccbfdd50f425aa05047ffab0b511fb55c3f85ae88e4", "8837ded9097e82948c53a4c875d66ff10271127e93702f89a8e4a9265625564d", "91df821cfa7634ff2b6e08a73533885f3ed24c19aa61d3f5d5e346b97d1f1590", "acbbd4b0c721c51bd9e510823659b521536ce43aad5eb324783c1c9e03e94974", "cb998389d745287bc242eb23fe128d50bb42198b6e2cf7092e9576471cf25a38", "d89d2f295b2a07e6bf0bf6c2a1b47c8221700746b781a5e537099c212da6b06b", "d91e331d39b96788c6c7fb7ab3bf652d46f53be628331a7753ed1955e5f717be", "e5db44290dea09182ee4383925805ee3bc901966cba16d7c05704b5a01eed95a", "ee0ca0f158ba207090b00152ac85b17e4ba097335bcf9242ca8246e849bcf537"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$R62TWBD.ppt"}, {"hashes": ["046979df42da0affa983d6c73be7ad19afacbb6a05a28855cd302a24624ebb97", "10a0df06ed33b5ed2771a316abc7cc9a621c2097fa9a4522d9c0ac31c4953b70", "2bce73c239a95080211fbfbc5b5268e1fecc81b3e5348ca391d00486dfe67d70", "3113c2ac299a173a07ea6de7da87a2f2f29ed95e509b9dc6e7128ea9a8796266", "31e2b0639ccb2499f79c4d45a037a1b6db52e4d0145605076d5a3b28fe564566", "4559e437ee99d1f7cf2727597e030fade0c452c3ae0649e4669306372522db22", "4f7473bb503c036c12d8e5850f3aaeb1c8abe9cab4dd8b16314f258999eaa5cf", "6fd825e2bddea82cbc88fccbfdd50f425aa05047ffab0b511fb55c3f85ae88e4", "8837ded9097e82948c53a4c875d66ff10271127e93702f89a8e4a9265625564d", "91df821cfa7634ff2b6e08a73533885f3ed24c19aa61d3f5d5e346b97d1f1590", "acbbd4b0c721c51bd9e510823659b521536ce43aad5eb324783c1c9e03e94974", "cb998389d745287bc242eb23fe128d50bb42198b6e2cf7092e9576471cf25a38", "d89d2f295b2a07e6bf0bf6c2a1b47c8221700746b781a5e537099c212da6b06b", "d91e331d39b96788c6c7fb7ab3bf652d46f53be628331a7753ed1955e5f717be", "e5db44290dea09182ee4383925805ee3bc901966cba16d7c05704b5a01eed95a", "ee0ca0f158ba207090b00152ac85b17e4ba097335bcf9242ca8246e849bcf537"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$R6FZORX.doc"}, {"hashes": ["046979df42da0affa983d6c73be7ad19afacbb6a05a28855cd302a24624ebb97", "10a0df06ed33b5ed2771a316abc7cc9a621c2097fa9a4522d9c0ac31c4953b70", "2bce73c239a95080211fbfbc5b5268e1fecc81b3e5348ca391d00486dfe67d70", "3113c2ac299a173a07ea6de7da87a2f2f29ed95e509b9dc6e7128ea9a8796266", "31e2b0639ccb2499f79c4d45a037a1b6db52e4d0145605076d5a3b28fe564566", "4559e437ee99d1f7cf2727597e030fade0c452c3ae0649e4669306372522db22", "4f7473bb503c036c12d8e5850f3aaeb1c8abe9cab4dd8b16314f258999eaa5cf", "6fd825e2bddea82cbc88fccbfdd50f425aa05047ffab0b511fb55c3f85ae88e4", "8837ded9097e82948c53a4c875d66ff10271127e93702f89a8e4a9265625564d", "91df821cfa7634ff2b6e08a73533885f3ed24c19aa61d3f5d5e346b97d1f1590", "acbbd4b0c721c51bd9e510823659b521536ce43aad5eb324783c1c9e03e94974", "cb998389d745287bc242eb23fe128d50bb42198b6e2cf7092e9576471cf25a38", "d89d2f295b2a07e6bf0bf6c2a1b47c8221700746b781a5e537099c212da6b06b", "d91e331d39b96788c6c7fb7ab3bf652d46f53be628331a7753ed1955e5f717be", "e5db44290dea09182ee4383925805ee3bc901966cba16d7c05704b5a01eed95a", "ee0ca0f158ba207090b00152ac85b17e4ba097335bcf9242ca8246e849bcf537"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$RABMX83.pdf"}, {"hashes": ["046979df42da0affa983d6c73be7ad19afacbb6a05a28855cd302a24624ebb97", "10a0df06ed33b5ed2771a316abc7cc9a621c2097fa9a4522d9c0ac31c4953b70", "2bce73c239a95080211fbfbc5b5268e1fecc81b3e5348ca391d00486dfe67d70", "3113c2ac299a173a07ea6de7da87a2f2f29ed95e509b9dc6e7128ea9a8796266", "31e2b0639ccb2499f79c4d45a037a1b6db52e4d0145605076d5a3b28fe564566", "4559e437ee99d1f7cf2727597e030fade0c452c3ae0649e4669306372522db22", "4f7473bb503c036c12d8e5850f3aaeb1c8abe9cab4dd8b16314f258999eaa5cf", "6fd825e2bddea82cbc88fccbfdd50f425aa05047ffab0b511fb55c3f85ae88e4", "8837ded9097e82948c53a4c875d66ff10271127e93702f89a8e4a9265625564d", "91df821cfa7634ff2b6e08a73533885f3ed24c19aa61d3f5d5e346b97d1f1590", "acbbd4b0c721c51bd9e510823659b521536ce43aad5eb324783c1c9e03e94974", "cb998389d745287bc242eb23fe128d50bb42198b6e2cf7092e9576471cf25a38", "d89d2f295b2a07e6bf0bf6c2a1b47c8221700746b781a5e537099c212da6b06b", "d91e331d39b96788c6c7fb7ab3bf652d46f53be628331a7753ed1955e5f717be", "e5db44290dea09182ee4383925805ee3bc901966cba16d7c05704b5a01eed95a", "ee0ca0f158ba207090b00152ac85b17e4ba097335bcf9242ca8246e849bcf537"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$RAJ2Y6R.pdf"}, {"hashes": ["046979df42da0affa983d6c73be7ad19afacbb6a05a28855cd302a24624ebb97", "10a0df06ed33b5ed2771a316abc7cc9a621c2097fa9a4522d9c0ac31c4953b70", "2bce73c239a95080211fbfbc5b5268e1fecc81b3e5348ca391d00486dfe67d70", "3113c2ac299a173a07ea6de7da87a2f2f29ed95e509b9dc6e7128ea9a8796266", "31e2b0639ccb2499f79c4d45a037a1b6db52e4d0145605076d5a3b28fe564566", "4559e437ee99d1f7cf2727597e030fade0c452c3ae0649e4669306372522db22", "4f7473bb503c036c12d8e5850f3aaeb1c8abe9cab4dd8b16314f258999eaa5cf", "6fd825e2bddea82cbc88fccbfdd50f425aa05047ffab0b511fb55c3f85ae88e4", "8837ded9097e82948c53a4c875d66ff10271127e93702f89a8e4a9265625564d", "91df821cfa7634ff2b6e08a73533885f3ed24c19aa61d3f5d5e346b97d1f1590", "acbbd4b0c721c51bd9e510823659b521536ce43aad5eb324783c1c9e03e94974", "cb998389d745287bc242eb23fe128d50bb42198b6e2cf7092e9576471cf25a38", "d89d2f295b2a07e6bf0bf6c2a1b47c8221700746b781a5e537099c212da6b06b", "d91e331d39b96788c6c7fb7ab3bf652d46f53be628331a7753ed1955e5f717be", "e5db44290dea09182ee4383925805ee3bc901966cba16d7c05704b5a01eed95a", "ee0ca0f158ba207090b00152ac85b17e4ba097335bcf9242ca8246e849bcf537"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$RALGTCS.xlsx"}, {"hashes": ["046979df42da0affa983d6c73be7ad19afacbb6a05a28855cd302a24624ebb97", "10a0df06ed33b5ed2771a316abc7cc9a621c2097fa9a4522d9c0ac31c4953b70", "2bce73c239a95080211fbfbc5b5268e1fecc81b3e5348ca391d00486dfe67d70", "3113c2ac299a173a07ea6de7da87a2f2f29ed95e509b9dc6e7128ea9a8796266", "31e2b0639ccb2499f79c4d45a037a1b6db52e4d0145605076d5a3b28fe564566", "4559e437ee99d1f7cf2727597e030fade0c452c3ae0649e4669306372522db22", "4f7473bb503c036c12d8e5850f3aaeb1c8abe9cab4dd8b16314f258999eaa5cf", "6fd825e2bddea82cbc88fccbfdd50f425aa05047ffab0b511fb55c3f85ae88e4", "8837ded9097e82948c53a4c875d66ff10271127e93702f89a8e4a9265625564d", "91df821cfa7634ff2b6e08a73533885f3ed24c19aa61d3f5d5e346b97d1f1590", "acbbd4b0c721c51bd9e510823659b521536ce43aad5eb324783c1c9e03e94974", "cb998389d745287bc242eb23fe128d50bb42198b6e2cf7092e9576471cf25a38", "d89d2f295b2a07e6bf0bf6c2a1b47c8221700746b781a5e537099c212da6b06b", "d91e331d39b96788c6c7fb7ab3bf652d46f53be628331a7753ed1955e5f717be", "e5db44290dea09182ee4383925805ee3bc901966cba16d7c05704b5a01eed95a", "ee0ca0f158ba207090b00152ac85b17e4ba097335bcf9242ca8246e849bcf537"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$RGTBBSA.accdb"}, {"hashes": ["046979df42da0affa983d6c73be7ad19afacbb6a05a28855cd302a24624ebb97", "10a0df06ed33b5ed2771a316abc7cc9a621c2097fa9a4522d9c0ac31c4953b70", "2bce73c239a95080211fbfbc5b5268e1fecc81b3e5348ca391d00486dfe67d70", "3113c2ac299a173a07ea6de7da87a2f2f29ed95e509b9dc6e7128ea9a8796266", "31e2b0639ccb2499f79c4d45a037a1b6db52e4d0145605076d5a3b28fe564566", "4559e437ee99d1f7cf2727597e030fade0c452c3ae0649e4669306372522db22", "4f7473bb503c036c12d8e5850f3aaeb1c8abe9cab4dd8b16314f258999eaa5cf", "6fd825e2bddea82cbc88fccbfdd50f425aa05047ffab0b511fb55c3f85ae88e4", "8837ded9097e82948c53a4c875d66ff10271127e93702f89a8e4a9265625564d", "91df821cfa7634ff2b6e08a73533885f3ed24c19aa61d3f5d5e346b97d1f1590", "acbbd4b0c721c51bd9e510823659b521536ce43aad5eb324783c1c9e03e94974", "cb998389d745287bc242eb23fe128d50bb42198b6e2cf7092e9576471cf25a38", "d89d2f295b2a07e6bf0bf6c2a1b47c8221700746b781a5e537099c212da6b06b", "d91e331d39b96788c6c7fb7ab3bf652d46f53be628331a7753ed1955e5f717be", "e5db44290dea09182ee4383925805ee3bc901966cba16d7c05704b5a01eed95a", "ee0ca0f158ba207090b00152ac85b17e4ba097335bcf9242ca8246e849bcf537"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$RH49RPF.ppt"}, {"hashes": ["046979df42da0affa983d6c73be7ad19afacbb6a05a28855cd302a24624ebb97", "10a0df06ed33b5ed2771a316abc7cc9a621c2097fa9a4522d9c0ac31c4953b70", "2bce73c239a95080211fbfbc5b5268e1fecc81b3e5348ca391d00486dfe67d70", "3113c2ac299a173a07ea6de7da87a2f2f29ed95e509b9dc6e7128ea9a8796266", "31e2b0639ccb2499f79c4d45a037a1b6db52e4d0145605076d5a3b28fe564566", "4559e437ee99d1f7cf2727597e030fade0c452c3ae0649e4669306372522db22", "4f7473bb503c036c12d8e5850f3aaeb1c8abe9cab4dd8b16314f258999eaa5cf", "6fd825e2bddea82cbc88fccbfdd50f425aa05047ffab0b511fb55c3f85ae88e4", "8837ded9097e82948c53a4c875d66ff10271127e93702f89a8e4a9265625564d", "91df821cfa7634ff2b6e08a73533885f3ed24c19aa61d3f5d5e346b97d1f1590", "acbbd4b0c721c51bd9e510823659b521536ce43aad5eb324783c1c9e03e94974", "cb998389d745287bc242eb23fe128d50bb42198b6e2cf7092e9576471cf25a38", "d89d2f295b2a07e6bf0bf6c2a1b47c8221700746b781a5e537099c212da6b06b", "d91e331d39b96788c6c7fb7ab3bf652d46f53be628331a7753ed1955e5f717be", "e5db44290dea09182ee4383925805ee3bc901966cba16d7c05704b5a01eed95a", "ee0ca0f158ba207090b00152ac85b17e4ba097335bcf9242ca8246e849bcf537"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$RH71GGR.ppt"}, {"hashes": ["046979df42da0affa983d6c73be7ad19afacbb6a05a28855cd302a24624ebb97", "10a0df06ed33b5ed2771a316abc7cc9a621c2097fa9a4522d9c0ac31c4953b70", "2bce73c239a95080211fbfbc5b5268e1fecc81b3e5348ca391d00486dfe67d70", "3113c2ac299a173a07ea6de7da87a2f2f29ed95e509b9dc6e7128ea9a8796266", "31e2b0639ccb2499f79c4d45a037a1b6db52e4d0145605076d5a3b28fe564566", "4559e437ee99d1f7cf2727597e030fade0c452c3ae0649e4669306372522db22", "4f7473bb503c036c12d8e5850f3aaeb1c8abe9cab4dd8b16314f258999eaa5cf", "6fd825e2bddea82cbc88fccbfdd50f425aa05047ffab0b511fb55c3f85ae88e4", "8837ded9097e82948c53a4c875d66ff10271127e93702f89a8e4a9265625564d", "91df821cfa7634ff2b6e08a73533885f3ed24c19aa61d3f5d5e346b97d1f1590", "acbbd4b0c721c51bd9e510823659b521536ce43aad5eb324783c1c9e03e94974", "cb998389d745287bc242eb23fe128d50bb42198b6e2cf7092e9576471cf25a38", "d89d2f295b2a07e6bf0bf6c2a1b47c8221700746b781a5e537099c212da6b06b", "d91e331d39b96788c6c7fb7ab3bf652d46f53be628331a7753ed1955e5f717be", "e5db44290dea09182ee4383925805ee3bc901966cba16d7c05704b5a01eed95a", "ee0ca0f158ba207090b00152ac85b17e4ba097335bcf9242ca8246e849bcf537"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$RJKODPH.pdf"}, {"hashes": ["046979df42da0affa983d6c73be7ad19afacbb6a05a28855cd302a24624ebb97", "10a0df06ed33b5ed2771a316abc7cc9a621c2097fa9a4522d9c0ac31c4953b70", "2bce73c239a95080211fbfbc5b5268e1fecc81b3e5348ca391d00486dfe67d70", "3113c2ac299a173a07ea6de7da87a2f2f29ed95e509b9dc6e7128ea9a8796266", "31e2b0639ccb2499f79c4d45a037a1b6db52e4d0145605076d5a3b28fe564566", "4559e437ee99d1f7cf2727597e030fade0c452c3ae0649e4669306372522db22", "4f7473bb503c036c12d8e5850f3aaeb1c8abe9cab4dd8b16314f258999eaa5cf", "6fd825e2bddea82cbc88fccbfdd50f425aa05047ffab0b511fb55c3f85ae88e4", "8837ded9097e82948c53a4c875d66ff10271127e93702f89a8e4a9265625564d", "91df821cfa7634ff2b6e08a73533885f3ed24c19aa61d3f5d5e346b97d1f1590", "acbbd4b0c721c51bd9e510823659b521536ce43aad5eb324783c1c9e03e94974", "cb998389d745287bc242eb23fe128d50bb42198b6e2cf7092e9576471cf25a38", "d89d2f295b2a07e6bf0bf6c2a1b47c8221700746b781a5e537099c212da6b06b", "d91e331d39b96788c6c7fb7ab3bf652d46f53be628331a7753ed1955e5f717be", "e5db44290dea09182ee4383925805ee3bc901966cba16d7c05704b5a01eed95a", "ee0ca0f158ba207090b00152ac85b17e4ba097335bcf9242ca8246e849bcf537"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$RJP965K.accdb"}, {"hashes": ["046979df42da0affa983d6c73be7ad19afacbb6a05a28855cd302a24624ebb97", "10a0df06ed33b5ed2771a316abc7cc9a621c2097fa9a4522d9c0ac31c4953b70", "2bce73c239a95080211fbfbc5b5268e1fecc81b3e5348ca391d00486dfe67d70", "3113c2ac299a173a07ea6de7da87a2f2f29ed95e509b9dc6e7128ea9a8796266", "31e2b0639ccb2499f79c4d45a037a1b6db52e4d0145605076d5a3b28fe564566", "4559e437ee99d1f7cf2727597e030fade0c452c3ae0649e4669306372522db22", "4f7473bb503c036c12d8e5850f3aaeb1c8abe9cab4dd8b16314f258999eaa5cf", "6fd825e2bddea82cbc88fccbfdd50f425aa05047ffab0b511fb55c3f85ae88e4", "8837ded9097e82948c53a4c875d66ff10271127e93702f89a8e4a9265625564d", "91df821cfa7634ff2b6e08a73533885f3ed24c19aa61d3f5d5e346b97d1f1590", "acbbd4b0c721c51bd9e510823659b521536ce43aad5eb324783c1c9e03e94974", "cb998389d745287bc242eb23fe128d50bb42198b6e2cf7092e9576471cf25a38", "d89d2f295b2a07e6bf0bf6c2a1b47c8221700746b781a5e537099c212da6b06b", "d91e331d39b96788c6c7fb7ab3bf652d46f53be628331a7753ed1955e5f717be", "e5db44290dea09182ee4383925805ee3bc901966cba16d7c05704b5a01eed95a", "ee0ca0f158ba207090b00152ac85b17e4ba097335bcf9242ca8246e849bcf537"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$RKY5R3M.pdf"}, {"hashes": ["046979df42da0affa983d6c73be7ad19afacbb6a05a28855cd302a24624ebb97", "10a0df06ed33b5ed2771a316abc7cc9a621c2097fa9a4522d9c0ac31c4953b70", "2bce73c239a95080211fbfbc5b5268e1fecc81b3e5348ca391d00486dfe67d70", "3113c2ac299a173a07ea6de7da87a2f2f29ed95e509b9dc6e7128ea9a8796266", "31e2b0639ccb2499f79c4d45a037a1b6db52e4d0145605076d5a3b28fe564566", "4559e437ee99d1f7cf2727597e030fade0c452c3ae0649e4669306372522db22", "4f7473bb503c036c12d8e5850f3aaeb1c8abe9cab4dd8b16314f258999eaa5cf", "6fd825e2bddea82cbc88fccbfdd50f425aa05047ffab0b511fb55c3f85ae88e4", "8837ded9097e82948c53a4c875d66ff10271127e93702f89a8e4a9265625564d", "91df821cfa7634ff2b6e08a73533885f3ed24c19aa61d3f5d5e346b97d1f1590", "acbbd4b0c721c51bd9e510823659b521536ce43aad5eb324783c1c9e03e94974", "cb998389d745287bc242eb23fe128d50bb42198b6e2cf7092e9576471cf25a38", "d89d2f295b2a07e6bf0bf6c2a1b47c8221700746b781a5e537099c212da6b06b", "d91e331d39b96788c6c7fb7ab3bf652d46f53be628331a7753ed1955e5f717be", "e5db44290dea09182ee4383925805ee3bc901966cba16d7c05704b5a01eed95a", "ee0ca0f158ba207090b00152ac85b17e4ba097335bcf9242ca8246e849bcf537"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$RMYCSIT.pdf"}, {"hashes": ["046979df42da0affa983d6c73be7ad19afacbb6a05a28855cd302a24624ebb97", "10a0df06ed33b5ed2771a316abc7cc9a621c2097fa9a4522d9c0ac31c4953b70", "2bce73c239a95080211fbfbc5b5268e1fecc81b3e5348ca391d00486dfe67d70", "3113c2ac299a173a07ea6de7da87a2f2f29ed95e509b9dc6e7128ea9a8796266", "31e2b0639ccb2499f79c4d45a037a1b6db52e4d0145605076d5a3b28fe564566", "4559e437ee99d1f7cf2727597e030fade0c452c3ae0649e4669306372522db22", "4f7473bb503c036c12d8e5850f3aaeb1c8abe9cab4dd8b16314f258999eaa5cf", "6fd825e2bddea82cbc88fccbfdd50f425aa05047ffab0b511fb55c3f85ae88e4", "8837ded9097e82948c53a4c875d66ff10271127e93702f89a8e4a9265625564d", "91df821cfa7634ff2b6e08a73533885f3ed24c19aa61d3f5d5e346b97d1f1590", "acbbd4b0c721c51bd9e510823659b521536ce43aad5eb324783c1c9e03e94974", "cb998389d745287bc242eb23fe128d50bb42198b6e2cf7092e9576471cf25a38", "d89d2f295b2a07e6bf0bf6c2a1b47c8221700746b781a5e537099c212da6b06b", "d91e331d39b96788c6c7fb7ab3bf652d46f53be628331a7753ed1955e5f717be", "e5db44290dea09182ee4383925805ee3bc901966cba16d7c05704b5a01eed95a", "ee0ca0f158ba207090b00152ac85b17e4ba097335bcf9242ca8246e849bcf537"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$RSLP722.doc"}, {"hashes": ["046979df42da0affa983d6c73be7ad19afacbb6a05a28855cd302a24624ebb97", "10a0df06ed33b5ed2771a316abc7cc9a621c2097fa9a4522d9c0ac31c4953b70", "2bce73c239a95080211fbfbc5b5268e1fecc81b3e5348ca391d00486dfe67d70", "3113c2ac299a173a07ea6de7da87a2f2f29ed95e509b9dc6e7128ea9a8796266", "31e2b0639ccb2499f79c4d45a037a1b6db52e4d0145605076d5a3b28fe564566", "4559e437ee99d1f7cf2727597e030fade0c452c3ae0649e4669306372522db22", "4f7473bb503c036c12d8e5850f3aaeb1c8abe9cab4dd8b16314f258999eaa5cf", "6fd825e2bddea82cbc88fccbfdd50f425aa05047ffab0b511fb55c3f85ae88e4", "8837ded9097e82948c53a4c875d66ff10271127e93702f89a8e4a9265625564d", "91df821cfa7634ff2b6e08a73533885f3ed24c19aa61d3f5d5e346b97d1f1590", "acbbd4b0c721c51bd9e510823659b521536ce43aad5eb324783c1c9e03e94974", "cb998389d745287bc242eb23fe128d50bb42198b6e2cf7092e9576471cf25a38", "d89d2f295b2a07e6bf0bf6c2a1b47c8221700746b781a5e537099c212da6b06b", "d91e331d39b96788c6c7fb7ab3bf652d46f53be628331a7753ed1955e5f717be", "e5db44290dea09182ee4383925805ee3bc901966cba16d7c05704b5a01eed95a", "ee0ca0f158ba207090b00152ac85b17e4ba097335bcf9242ca8246e849bcf537"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$RXLC77A.pdf"}, {"hashes": ["046979df42da0affa983d6c73be7ad19afacbb6a05a28855cd302a24624ebb97", "10a0df06ed33b5ed2771a316abc7cc9a621c2097fa9a4522d9c0ac31c4953b70", "2bce73c239a95080211fbfbc5b5268e1fecc81b3e5348ca391d00486dfe67d70", "3113c2ac299a173a07ea6de7da87a2f2f29ed95e509b9dc6e7128ea9a8796266", "31e2b0639ccb2499f79c4d45a037a1b6db52e4d0145605076d5a3b28fe564566", "4559e437ee99d1f7cf2727597e030fade0c452c3ae0649e4669306372522db22", "4f7473bb503c036c12d8e5850f3aaeb1c8abe9cab4dd8b16314f258999eaa5cf", "6fd825e2bddea82cbc88fccbfdd50f425aa05047ffab0b511fb55c3f85ae88e4", "8837ded9097e82948c53a4c875d66ff10271127e93702f89a8e4a9265625564d", "91df821cfa7634ff2b6e08a73533885f3ed24c19aa61d3f5d5e346b97d1f1590", "acbbd4b0c721c51bd9e510823659b521536ce43aad5eb324783c1c9e03e94974", "cb998389d745287bc242eb23fe128d50bb42198b6e2cf7092e9576471cf25a38", "d89d2f295b2a07e6bf0bf6c2a1b47c8221700746b781a5e537099c212da6b06b", "d91e331d39b96788c6c7fb7ab3bf652d46f53be628331a7753ed1955e5f717be", "e5db44290dea09182ee4383925805ee3bc901966cba16d7c05704b5a01eed95a", "ee0ca0f158ba207090b00152ac85b17e4ba097335bcf9242ca8246e849bcf537"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$RXUL2U1.doc"}, {"hashes": ["046979df42da0affa983d6c73be7ad19afacbb6a05a28855cd302a24624ebb97", "10a0df06ed33b5ed2771a316abc7cc9a621c2097fa9a4522d9c0ac31c4953b70", "2bce73c239a95080211fbfbc5b5268e1fecc81b3e5348ca391d00486dfe67d70", "3113c2ac299a173a07ea6de7da87a2f2f29ed95e509b9dc6e7128ea9a8796266", "31e2b0639ccb2499f79c4d45a037a1b6db52e4d0145605076d5a3b28fe564566", "4559e437ee99d1f7cf2727597e030fade0c452c3ae0649e4669306372522db22", "4f7473bb503c036c12d8e5850f3aaeb1c8abe9cab4dd8b16314f258999eaa5cf", "6fd825e2bddea82cbc88fccbfdd50f425aa05047ffab0b511fb55c3f85ae88e4", "8837ded9097e82948c53a4c875d66ff10271127e93702f89a8e4a9265625564d", "91df821cfa7634ff2b6e08a73533885f3ed24c19aa61d3f5d5e346b97d1f1590", "acbbd4b0c721c51bd9e510823659b521536ce43aad5eb324783c1c9e03e94974", "cb998389d745287bc242eb23fe128d50bb42198b6e2cf7092e9576471cf25a38", "d89d2f295b2a07e6bf0bf6c2a1b47c8221700746b781a5e537099c212da6b06b", "d91e331d39b96788c6c7fb7ab3bf652d46f53be628331a7753ed1955e5f717be", "e5db44290dea09182ee4383925805ee3bc901966cba16d7c05704b5a01eed95a", "ee0ca0f158ba207090b00152ac85b17e4ba097335bcf9242ca8246e849bcf537"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$RYSR1FU.ppt"}, {"hashes": ["046979df42da0affa983d6c73be7ad19afacbb6a05a28855cd302a24624ebb97", "10a0df06ed33b5ed2771a316abc7cc9a621c2097fa9a4522d9c0ac31c4953b70", "2bce73c239a95080211fbfbc5b5268e1fecc81b3e5348ca391d00486dfe67d70", "3113c2ac299a173a07ea6de7da87a2f2f29ed95e509b9dc6e7128ea9a8796266", "31e2b0639ccb2499f79c4d45a037a1b6db52e4d0145605076d5a3b28fe564566", "4559e437ee99d1f7cf2727597e030fade0c452c3ae0649e4669306372522db22", "4f7473bb503c036c12d8e5850f3aaeb1c8abe9cab4dd8b16314f258999eaa5cf", "6fd825e2bddea82cbc88fccbfdd50f425aa05047ffab0b511fb55c3f85ae88e4", "8837ded9097e82948c53a4c875d66ff10271127e93702f89a8e4a9265625564d", "91df821cfa7634ff2b6e08a73533885f3ed24c19aa61d3f5d5e346b97d1f1590", "acbbd4b0c721c51bd9e510823659b521536ce43aad5eb324783c1c9e03e94974", "cb998389d745287bc242eb23fe128d50bb42198b6e2cf7092e9576471cf25a38", "d89d2f295b2a07e6bf0bf6c2a1b47c8221700746b781a5e537099c212da6b06b", "d91e331d39b96788c6c7fb7ab3bf652d46f53be628331a7753ed1955e5f717be", "e5db44290dea09182ee4383925805ee3bc901966cba16d7c05704b5a01eed95a", "ee0ca0f158ba207090b00152ac85b17e4ba097335bcf9242ca8246e849bcf537"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$RZ2GMJW.XLSX"}, {"hashes": ["046979df42da0affa983d6c73be7ad19afacbb6a05a28855cd302a24624ebb97", "10a0df06ed33b5ed2771a316abc7cc9a621c2097fa9a4522d9c0ac31c4953b70", "2bce73c239a95080211fbfbc5b5268e1fecc81b3e5348ca391d00486dfe67d70", "3113c2ac299a173a07ea6de7da87a2f2f29ed95e509b9dc6e7128ea9a8796266", "31e2b0639ccb2499f79c4d45a037a1b6db52e4d0145605076d5a3b28fe564566", "4559e437ee99d1f7cf2727597e030fade0c452c3ae0649e4669306372522db22", "4f7473bb503c036c12d8e5850f3aaeb1c8abe9cab4dd8b16314f258999eaa5cf", "6fd825e2bddea82cbc88fccbfdd50f425aa05047ffab0b511fb55c3f85ae88e4", "8837ded9097e82948c53a4c875d66ff10271127e93702f89a8e4a9265625564d", "91df821cfa7634ff2b6e08a73533885f3ed24c19aa61d3f5d5e346b97d1f1590", "acbbd4b0c721c51bd9e510823659b521536ce43aad5eb324783c1c9e03e94974", "cb998389d745287bc242eb23fe128d50bb42198b6e2cf7092e9576471cf25a38", "d89d2f295b2a07e6bf0bf6c2a1b47c8221700746b781a5e537099c212da6b06b", "d91e331d39b96788c6c7fb7ab3bf652d46f53be628331a7753ed1955e5f717be", "e5db44290dea09182ee4383925805ee3bc901966cba16d7c05704b5a01eed95a", "ee0ca0f158ba207090b00152ac85b17e4ba097335bcf9242ca8246e849bcf537"], "path": "%ProgramFiles%\\7-Zip\\History.txt"}, {"hashes": ["046979df42da0affa983d6c73be7ad19afacbb6a05a28855cd302a24624ebb97", "10a0df06ed33b5ed2771a316abc7cc9a621c2097fa9a4522d9c0ac31c4953b70", "2bce73c239a95080211fbfbc5b5268e1fecc81b3e5348ca391d00486dfe67d70", "3113c2ac299a173a07ea6de7da87a2f2f29ed95e509b9dc6e7128ea9a8796266", "31e2b0639ccb2499f79c4d45a037a1b6db52e4d0145605076d5a3b28fe564566", "4559e437ee99d1f7cf2727597e030fade0c452c3ae0649e4669306372522db22", "4f7473bb503c036c12d8e5850f3aaeb1c8abe9cab4dd8b16314f258999eaa5cf", "6fd825e2bddea82cbc88fccbfdd50f425aa05047ffab0b511fb55c3f85ae88e4", "8837ded9097e82948c53a4c875d66ff10271127e93702f89a8e4a9265625564d", "91df821cfa7634ff2b6e08a73533885f3ed24c19aa61d3f5d5e346b97d1f1590", "acbbd4b0c721c51bd9e510823659b521536ce43aad5eb324783c1c9e03e94974", "cb998389d745287bc242eb23fe128d50bb42198b6e2cf7092e9576471cf25a38", "d89d2f295b2a07e6bf0bf6c2a1b47c8221700746b781a5e537099c212da6b06b", "d91e331d39b96788c6c7fb7ab3bf652d46f53be628331a7753ed1955e5f717be", "e5db44290dea09182ee4383925805ee3bc901966cba16d7c05704b5a01eed95a", "ee0ca0f158ba207090b00152ac85b17e4ba097335bcf9242ca8246e849bcf537"], "path": "%ProgramFiles%\\7-Zip\\Lang\\af.txt"}, {"hashes": ["046979df42da0affa983d6c73be7ad19afacbb6a05a28855cd302a24624ebb97", "10a0df06ed33b5ed2771a316abc7cc9a621c2097fa9a4522d9c0ac31c4953b70", "2bce73c239a95080211fbfbc5b5268e1fecc81b3e5348ca391d00486dfe67d70", "3113c2ac299a173a07ea6de7da87a2f2f29ed95e509b9dc6e7128ea9a8796266", "31e2b0639ccb2499f79c4d45a037a1b6db52e4d0145605076d5a3b28fe564566", "4559e437ee99d1f7cf2727597e030fade0c452c3ae0649e4669306372522db22", "4f7473bb503c036c12d8e5850f3aaeb1c8abe9cab4dd8b16314f258999eaa5cf", "6fd825e2bddea82cbc88fccbfdd50f425aa05047ffab0b511fb55c3f85ae88e4", "8837ded9097e82948c53a4c875d66ff10271127e93702f89a8e4a9265625564d", "91df821cfa7634ff2b6e08a73533885f3ed24c19aa61d3f5d5e346b97d1f1590", "acbbd4b0c721c51bd9e510823659b521536ce43aad5eb324783c1c9e03e94974", "cb998389d745287bc242eb23fe128d50bb42198b6e2cf7092e9576471cf25a38", "d89d2f295b2a07e6bf0bf6c2a1b47c8221700746b781a5e537099c212da6b06b", "d91e331d39b96788c6c7fb7ab3bf652d46f53be628331a7753ed1955e5f717be", "e5db44290dea09182ee4383925805ee3bc901966cba16d7c05704b5a01eed95a", "ee0ca0f158ba207090b00152ac85b17e4ba097335bcf9242ca8246e849bcf537"], "path": "%ProgramFiles%\\7-Zip\\Lang\\an.txt"}, {"hashes": ["046979df42da0affa983d6c73be7ad19afacbb6a05a28855cd302a24624ebb97", "10a0df06ed33b5ed2771a316abc7cc9a621c2097fa9a4522d9c0ac31c4953b70", "2bce73c239a95080211fbfbc5b5268e1fecc81b3e5348ca391d00486dfe67d70", "3113c2ac299a173a07ea6de7da87a2f2f29ed95e509b9dc6e7128ea9a8796266", "31e2b0639ccb2499f79c4d45a037a1b6db52e4d0145605076d5a3b28fe564566", "4559e437ee99d1f7cf2727597e030fade0c452c3ae0649e4669306372522db22", "4f7473bb503c036c12d8e5850f3aaeb1c8abe9cab4dd8b16314f258999eaa5cf", "6fd825e2bddea82cbc88fccbfdd50f425aa05047ffab0b511fb55c3f85ae88e4", "8837ded9097e82948c53a4c875d66ff10271127e93702f89a8e4a9265625564d", "91df821cfa7634ff2b6e08a73533885f3ed24c19aa61d3f5d5e346b97d1f1590", "acbbd4b0c721c51bd9e510823659b521536ce43aad5eb324783c1c9e03e94974", "cb998389d745287bc242eb23fe128d50bb42198b6e2cf7092e9576471cf25a38", "d89d2f295b2a07e6bf0bf6c2a1b47c8221700746b781a5e537099c212da6b06b", "d91e331d39b96788c6c7fb7ab3bf652d46f53be628331a7753ed1955e5f717be", "e5db44290dea09182ee4383925805ee3bc901966cba16d7c05704b5a01eed95a", "ee0ca0f158ba207090b00152ac85b17e4ba097335bcf9242ca8246e849bcf537"], "path": "%ProgramFiles%\\7-Zip\\Lang\\ba.txt"}, {"hashes": ["046979df42da0affa983d6c73be7ad19afacbb6a05a28855cd302a24624ebb97", "10a0df06ed33b5ed2771a316abc7cc9a621c2097fa9a4522d9c0ac31c4953b70", "2bce73c239a95080211fbfbc5b5268e1fecc81b3e5348ca391d00486dfe67d70", "3113c2ac299a173a07ea6de7da87a2f2f29ed95e509b9dc6e7128ea9a8796266", "31e2b0639ccb2499f79c4d45a037a1b6db52e4d0145605076d5a3b28fe564566", "4559e437ee99d1f7cf2727597e030fade0c452c3ae0649e4669306372522db22", "4f7473bb503c036c12d8e5850f3aaeb1c8abe9cab4dd8b16314f258999eaa5cf", "6fd825e2bddea82cbc88fccbfdd50f425aa05047ffab0b511fb55c3f85ae88e4", "8837ded9097e82948c53a4c875d66ff10271127e93702f89a8e4a9265625564d", "91df821cfa7634ff2b6e08a73533885f3ed24c19aa61d3f5d5e346b97d1f1590", "acbbd4b0c721c51bd9e510823659b521536ce43aad5eb324783c1c9e03e94974", "cb998389d745287bc242eb23fe128d50bb42198b6e2cf7092e9576471cf25a38", "d89d2f295b2a07e6bf0bf6c2a1b47c8221700746b781a5e537099c212da6b06b", "d91e331d39b96788c6c7fb7ab3bf652d46f53be628331a7753ed1955e5f717be", "e5db44290dea09182ee4383925805ee3bc901966cba16d7c05704b5a01eed95a", "ee0ca0f158ba207090b00152ac85b17e4ba097335bcf9242ca8246e849bcf537"], "path": "%ProgramFiles%\\7-Zip\\Lang\\be.txt"}, {"hashes": ["046979df42da0affa983d6c73be7ad19afacbb6a05a28855cd302a24624ebb97", "10a0df06ed33b5ed2771a316abc7cc9a621c2097fa9a4522d9c0ac31c4953b70", "2bce73c239a95080211fbfbc5b5268e1fecc81b3e5348ca391d00486dfe67d70", "3113c2ac299a173a07ea6de7da87a2f2f29ed95e509b9dc6e7128ea9a8796266", "31e2b0639ccb2499f79c4d45a037a1b6db52e4d0145605076d5a3b28fe564566", "4559e437ee99d1f7cf2727597e030fade0c452c3ae0649e4669306372522db22", "4f7473bb503c036c12d8e5850f3aaeb1c8abe9cab4dd8b16314f258999eaa5cf", "6fd825e2bddea82cbc88fccbfdd50f425aa05047ffab0b511fb55c3f85ae88e4", "8837ded9097e82948c53a4c875d66ff10271127e93702f89a8e4a9265625564d", "91df821cfa7634ff2b6e08a73533885f3ed24c19aa61d3f5d5e346b97d1f1590", "acbbd4b0c721c51bd9e510823659b521536ce43aad5eb324783c1c9e03e94974", "cb998389d745287bc242eb23fe128d50bb42198b6e2cf7092e9576471cf25a38", "d89d2f295b2a07e6bf0bf6c2a1b47c8221700746b781a5e537099c212da6b06b", "d91e331d39b96788c6c7fb7ab3bf652d46f53be628331a7753ed1955e5f717be", "e5db44290dea09182ee4383925805ee3bc901966cba16d7c05704b5a01eed95a", "ee0ca0f158ba207090b00152ac85b17e4ba097335bcf9242ca8246e849bcf537"], "path": "%ProgramFiles%\\7-Zip\\Lang\\bg.txt"}, {"hashes": ["046979df42da0affa983d6c73be7ad19afacbb6a05a28855cd302a24624ebb97", "10a0df06ed33b5ed2771a316abc7cc9a621c2097fa9a4522d9c0ac31c4953b70", "2bce73c239a95080211fbfbc5b5268e1fecc81b3e5348ca391d00486dfe67d70", "3113c2ac299a173a07ea6de7da87a2f2f29ed95e509b9dc6e7128ea9a8796266", "31e2b0639ccb2499f79c4d45a037a1b6db52e4d0145605076d5a3b28fe564566", "4559e437ee99d1f7cf2727597e030fade0c452c3ae0649e4669306372522db22", "4f7473bb503c036c12d8e5850f3aaeb1c8abe9cab4dd8b16314f258999eaa5cf", "6fd825e2bddea82cbc88fccbfdd50f425aa05047ffab0b511fb55c3f85ae88e4", "8837ded9097e82948c53a4c875d66ff10271127e93702f89a8e4a9265625564d", "91df821cfa7634ff2b6e08a73533885f3ed24c19aa61d3f5d5e346b97d1f1590", "acbbd4b0c721c51bd9e510823659b521536ce43aad5eb324783c1c9e03e94974", "cb998389d745287bc242eb23fe128d50bb42198b6e2cf7092e9576471cf25a38", "d89d2f295b2a07e6bf0bf6c2a1b47c8221700746b781a5e537099c212da6b06b", "d91e331d39b96788c6c7fb7ab3bf652d46f53be628331a7753ed1955e5f717be", "e5db44290dea09182ee4383925805ee3bc901966cba16d7c05704b5a01eed95a", "ee0ca0f158ba207090b00152ac85b17e4ba097335bcf9242ca8246e849bcf537"], "path": "%ProgramFiles%\\7-Zip\\Lang\\bn.txt"}, {"hashes": ["046979df42da0affa983d6c73be7ad19afacbb6a05a28855cd302a24624ebb97", "10a0df06ed33b5ed2771a316abc7cc9a621c2097fa9a4522d9c0ac31c4953b70", "2bce73c239a95080211fbfbc5b5268e1fecc81b3e5348ca391d00486dfe67d70", "3113c2ac299a173a07ea6de7da87a2f2f29ed95e509b9dc6e7128ea9a8796266", "31e2b0639ccb2499f79c4d45a037a1b6db52e4d0145605076d5a3b28fe564566", "4559e437ee99d1f7cf2727597e030fade0c452c3ae0649e4669306372522db22", "4f7473bb503c036c12d8e5850f3aaeb1c8abe9cab4dd8b16314f258999eaa5cf", "6fd825e2bddea82cbc88fccbfdd50f425aa05047ffab0b511fb55c3f85ae88e4", "8837ded9097e82948c53a4c875d66ff10271127e93702f89a8e4a9265625564d", "91df821cfa7634ff2b6e08a73533885f3ed24c19aa61d3f5d5e346b97d1f1590", "acbbd4b0c721c51bd9e510823659b521536ce43aad5eb324783c1c9e03e94974", "cb998389d745287bc242eb23fe128d50bb42198b6e2cf7092e9576471cf25a38", "d89d2f295b2a07e6bf0bf6c2a1b47c8221700746b781a5e537099c212da6b06b", "d91e331d39b96788c6c7fb7ab3bf652d46f53be628331a7753ed1955e5f717be", "e5db44290dea09182ee4383925805ee3bc901966cba16d7c05704b5a01eed95a", "ee0ca0f158ba207090b00152ac85b17e4ba097335bcf9242ca8246e849bcf537"], "path": "%ProgramFiles%\\7-Zip\\Lang\\br.txt"}, {"hashes": ["046979df42da0affa983d6c73be7ad19afacbb6a05a28855cd302a24624ebb97", "10a0df06ed33b5ed2771a316abc7cc9a621c2097fa9a4522d9c0ac31c4953b70", "2bce73c239a95080211fbfbc5b5268e1fecc81b3e5348ca391d00486dfe67d70", "3113c2ac299a173a07ea6de7da87a2f2f29ed95e509b9dc6e7128ea9a8796266", "31e2b0639ccb2499f79c4d45a037a1b6db52e4d0145605076d5a3b28fe564566", "4559e437ee99d1f7cf2727597e030fade0c452c3ae0649e4669306372522db22", "4f7473bb503c036c12d8e5850f3aaeb1c8abe9cab4dd8b16314f258999eaa5cf", "6fd825e2bddea82cbc88fccbfdd50f425aa05047ffab0b511fb55c3f85ae88e4", "8837ded9097e82948c53a4c875d66ff10271127e93702f89a8e4a9265625564d", "91df821cfa7634ff2b6e08a73533885f3ed24c19aa61d3f5d5e346b97d1f1590", "acbbd4b0c721c51bd9e510823659b521536ce43aad5eb324783c1c9e03e94974", "cb998389d745287bc242eb23fe128d50bb42198b6e2cf7092e9576471cf25a38", "d89d2f295b2a07e6bf0bf6c2a1b47c8221700746b781a5e537099c212da6b06b", "d91e331d39b96788c6c7fb7ab3bf652d46f53be628331a7753ed1955e5f717be", "e5db44290dea09182ee4383925805ee3bc901966cba16d7c05704b5a01eed95a", "ee0ca0f158ba207090b00152ac85b17e4ba097335bcf9242ca8246e849bcf537"], "path": "%ProgramFiles%\\7-Zip\\Lang\\ca.txt"}, {"hashes": ["046979df42da0affa983d6c73be7ad19afacbb6a05a28855cd302a24624ebb97", "10a0df06ed33b5ed2771a316abc7cc9a621c2097fa9a4522d9c0ac31c4953b70", "2bce73c239a95080211fbfbc5b5268e1fecc81b3e5348ca391d00486dfe67d70", "3113c2ac299a173a07ea6de7da87a2f2f29ed95e509b9dc6e7128ea9a8796266", "31e2b0639ccb2499f79c4d45a037a1b6db52e4d0145605076d5a3b28fe564566", "4559e437ee99d1f7cf2727597e030fade0c452c3ae0649e4669306372522db22", "4f7473bb503c036c12d8e5850f3aaeb1c8abe9cab4dd8b16314f258999eaa5cf", "6fd825e2bddea82cbc88fccbfdd50f425aa05047ffab0b511fb55c3f85ae88e4", "8837ded9097e82948c53a4c875d66ff10271127e93702f89a8e4a9265625564d", "91df821cfa7634ff2b6e08a73533885f3ed24c19aa61d3f5d5e346b97d1f1590", "acbbd4b0c721c51bd9e510823659b521536ce43aad5eb324783c1c9e03e94974", "cb998389d745287bc242eb23fe128d50bb42198b6e2cf7092e9576471cf25a38", "d89d2f295b2a07e6bf0bf6c2a1b47c8221700746b781a5e537099c212da6b06b", "d91e331d39b96788c6c7fb7ab3bf652d46f53be628331a7753ed1955e5f717be", "e5db44290dea09182ee4383925805ee3bc901966cba16d7c05704b5a01eed95a", "ee0ca0f158ba207090b00152ac85b17e4ba097335bcf9242ca8246e849bcf537"], "path": "%ProgramFiles%\\7-Zip\\Lang\\co.txt"}], "ip": [{"hashes": ["046979df42da0affa983d6c73be7ad19afacbb6a05a28855cd302a24624ebb97", "10a0df06ed33b5ed2771a316abc7cc9a621c2097fa9a4522d9c0ac31c4953b70", "2bce73c239a95080211fbfbc5b5268e1fecc81b3e5348ca391d00486dfe67d70", "3113c2ac299a173a07ea6de7da87a2f2f29ed95e509b9dc6e7128ea9a8796266", "31e2b0639ccb2499f79c4d45a037a1b6db52e4d0145605076d5a3b28fe564566", "4559e437ee99d1f7cf2727597e030fade0c452c3ae0649e4669306372522db22", "4f7473bb503c036c12d8e5850f3aaeb1c8abe9cab4dd8b16314f258999eaa5cf", "6fd825e2bddea82cbc88fccbfdd50f425aa05047ffab0b511fb55c3f85ae88e4", "8837ded9097e82948c53a4c875d66ff10271127e93702f89a8e4a9265625564d", "91df821cfa7634ff2b6e08a73533885f3ed24c19aa61d3f5d5e346b97d1f1590", "acbbd4b0c721c51bd9e510823659b521536ce43aad5eb324783c1c9e03e94974", "cb998389d745287bc242eb23fe128d50bb42198b6e2cf7092e9576471cf25a38", "d89d2f295b2a07e6bf0bf6c2a1b47c8221700746b781a5e537099c212da6b06b", "d91e331d39b96788c6c7fb7ab3bf652d46f53be628331a7753ed1955e5f717be", "e5db44290dea09182ee4383925805ee3bc901966cba16d7c05704b5a01eed95a", "ee0ca0f158ba207090b00152ac85b17e4ba097335bcf9242ca8246e849bcf537"], "ip": "85[.]128[.]188[.]138"}, {"hashes": ["046979df42da0affa983d6c73be7ad19afacbb6a05a28855cd302a24624ebb97", "10a0df06ed33b5ed2771a316abc7cc9a621c2097fa9a4522d9c0ac31c4953b70", "2bce73c239a95080211fbfbc5b5268e1fecc81b3e5348ca391d00486dfe67d70", "3113c2ac299a173a07ea6de7da87a2f2f29ed95e509b9dc6e7128ea9a8796266", "31e2b0639ccb2499f79c4d45a037a1b6db52e4d0145605076d5a3b28fe564566", "4559e437ee99d1f7cf2727597e030fade0c452c3ae0649e4669306372522db22", "4f7473bb503c036c12d8e5850f3aaeb1c8abe9cab4dd8b16314f258999eaa5cf", "6fd825e2bddea82cbc88fccbfdd50f425aa05047ffab0b511fb55c3f85ae88e4", "8837ded9097e82948c53a4c875d66ff10271127e93702f89a8e4a9265625564d", "91df821cfa7634ff2b6e08a73533885f3ed24c19aa61d3f5d5e346b97d1f1590", "acbbd4b0c721c51bd9e510823659b521536ce43aad5eb324783c1c9e03e94974", "cb998389d745287bc242eb23fe128d50bb42198b6e2cf7092e9576471cf25a38", "d89d2f295b2a07e6bf0bf6c2a1b47c8221700746b781a5e537099c212da6b06b", "d91e331d39b96788c6c7fb7ab3bf652d46f53be628331a7753ed1955e5f717be", "e5db44290dea09182ee4383925805ee3bc901966cba16d7c05704b5a01eed95a", "ee0ca0f158ba207090b00152ac85b17e4ba097335bcf9242ca8246e849bcf537"], "ip": "162[.]241[.]224[.]203"}, {"hashes": ["046979df42da0affa983d6c73be7ad19afacbb6a05a28855cd302a24624ebb97", "10a0df06ed33b5ed2771a316abc7cc9a621c2097fa9a4522d9c0ac31c4953b70", "2bce73c239a95080211fbfbc5b5268e1fecc81b3e5348ca391d00486dfe67d70", "3113c2ac299a173a07ea6de7da87a2f2f29ed95e509b9dc6e7128ea9a8796266", "31e2b0639ccb2499f79c4d45a037a1b6db52e4d0145605076d5a3b28fe564566", "4559e437ee99d1f7cf2727597e030fade0c452c3ae0649e4669306372522db22", "4f7473bb503c036c12d8e5850f3aaeb1c8abe9cab4dd8b16314f258999eaa5cf", "6fd825e2bddea82cbc88fccbfdd50f425aa05047ffab0b511fb55c3f85ae88e4", "8837ded9097e82948c53a4c875d66ff10271127e93702f89a8e4a9265625564d", "91df821cfa7634ff2b6e08a73533885f3ed24c19aa61d3f5d5e346b97d1f1590", "acbbd4b0c721c51bd9e510823659b521536ce43aad5eb324783c1c9e03e94974", "cb998389d745287bc242eb23fe128d50bb42198b6e2cf7092e9576471cf25a38", "d89d2f295b2a07e6bf0bf6c2a1b47c8221700746b781a5e537099c212da6b06b", "d91e331d39b96788c6c7fb7ab3bf652d46f53be628331a7753ed1955e5f717be", "e5db44290dea09182ee4383925805ee3bc901966cba16d7c05704b5a01eed95a", "ee0ca0f158ba207090b00152ac85b17e4ba097335bcf9242ca8246e849bcf537"], "ip": "34[.]98[.]99[.]30"}, {"hashes": ["046979df42da0affa983d6c73be7ad19afacbb6a05a28855cd302a24624ebb97", "10a0df06ed33b5ed2771a316abc7cc9a621c2097fa9a4522d9c0ac31c4953b70", "2bce73c239a95080211fbfbc5b5268e1fecc81b3e5348ca391d00486dfe67d70", "3113c2ac299a173a07ea6de7da87a2f2f29ed95e509b9dc6e7128ea9a8796266", "31e2b0639ccb2499f79c4d45a037a1b6db52e4d0145605076d5a3b28fe564566", "4559e437ee99d1f7cf2727597e030fade0c452c3ae0649e4669306372522db22", "4f7473bb503c036c12d8e5850f3aaeb1c8abe9cab4dd8b16314f258999eaa5cf", "6fd825e2bddea82cbc88fccbfdd50f425aa05047ffab0b511fb55c3f85ae88e4", "8837ded9097e82948c53a4c875d66ff10271127e93702f89a8e4a9265625564d", "91df821cfa7634ff2b6e08a73533885f3ed24c19aa61d3f5d5e346b97d1f1590", "acbbd4b0c721c51bd9e510823659b521536ce43aad5eb324783c1c9e03e94974", "cb998389d745287bc242eb23fe128d50bb42198b6e2cf7092e9576471cf25a38", "d89d2f295b2a07e6bf0bf6c2a1b47c8221700746b781a5e537099c212da6b06b", "d91e331d39b96788c6c7fb7ab3bf652d46f53be628331a7753ed1955e5f717be", "e5db44290dea09182ee4383925805ee3bc901966cba16d7c05704b5a01eed95a", "ee0ca0f158ba207090b00152ac85b17e4ba097335bcf9242ca8246e849bcf537"], "ip": "154[.]219[.]146[.]245"}, {"hashes": ["10a0df06ed33b5ed2771a316abc7cc9a621c2097fa9a4522d9c0ac31c4953b70", "2bce73c239a95080211fbfbc5b5268e1fecc81b3e5348ca391d00486dfe67d70", "3113c2ac299a173a07ea6de7da87a2f2f29ed95e509b9dc6e7128ea9a8796266", "4f7473bb503c036c12d8e5850f3aaeb1c8abe9cab4dd8b16314f258999eaa5cf", "6fd825e2bddea82cbc88fccbfdd50f425aa05047ffab0b511fb55c3f85ae88e4", "91df821cfa7634ff2b6e08a73533885f3ed24c19aa61d3f5d5e346b97d1f1590", "cb998389d745287bc242eb23fe128d50bb42198b6e2cf7092e9576471cf25a38", "d89d2f295b2a07e6bf0bf6c2a1b47c8221700746b781a5e537099c212da6b06b", "e5db44290dea09182ee4383925805ee3bc901966cba16d7c05704b5a01eed95a", "ee0ca0f158ba207090b00152ac85b17e4ba097335bcf9242ca8246e849bcf537"], "ip": "23[.]221[.]227[.]165"}, {"hashes": ["046979df42da0affa983d6c73be7ad19afacbb6a05a28855cd302a24624ebb97", "31e2b0639ccb2499f79c4d45a037a1b6db52e4d0145605076d5a3b28fe564566", "4559e437ee99d1f7cf2727597e030fade0c452c3ae0649e4669306372522db22", "8837ded9097e82948c53a4c875d66ff10271127e93702f89a8e4a9265625564d", "acbbd4b0c721c51bd9e510823659b521536ce43aad5eb324783c1c9e03e94974", "d91e331d39b96788c6c7fb7ab3bf652d46f53be628331a7753ed1955e5f717be"], "ip": "23[.]221[.]227[.]169"}], "mutex": [{"hashes": ["046979df42da0affa983d6c73be7ad19afacbb6a05a28855cd302a24624ebb97", "10a0df06ed33b5ed2771a316abc7cc9a621c2097fa9a4522d9c0ac31c4953b70", "2bce73c239a95080211fbfbc5b5268e1fecc81b3e5348ca391d00486dfe67d70", "3113c2ac299a173a07ea6de7da87a2f2f29ed95e509b9dc6e7128ea9a8796266", "31e2b0639ccb2499f79c4d45a037a1b6db52e4d0145605076d5a3b28fe564566", "4559e437ee99d1f7cf2727597e030fade0c452c3ae0649e4669306372522db22", "4f7473bb503c036c12d8e5850f3aaeb1c8abe9cab4dd8b16314f258999eaa5cf", "6fd825e2bddea82cbc88fccbfdd50f425aa05047ffab0b511fb55c3f85ae88e4", "8837ded9097e82948c53a4c875d66ff10271127e93702f89a8e4a9265625564d", "91df821cfa7634ff2b6e08a73533885f3ed24c19aa61d3f5d5e346b97d1f1590", "acbbd4b0c721c51bd9e510823659b521536ce43aad5eb324783c1c9e03e94974", "cb998389d745287bc242eb23fe128d50bb42198b6e2cf7092e9576471cf25a38", "d89d2f295b2a07e6bf0bf6c2a1b47c8221700746b781a5e537099c212da6b06b", "d91e331d39b96788c6c7fb7ab3bf652d46f53be628331a7753ed1955e5f717be", "e5db44290dea09182ee4383925805ee3bc901966cba16d7c05704b5a01eed95a", "ee0ca0f158ba207090b00152ac85b17e4ba097335bcf9242ca8246e849bcf537"], "name": "ityeofm9234-23423"}], "registry": [{"hashes": ["046979df42da0affa983d6c73be7ad19afacbb6a05a28855cd302a24624ebb97", "10a0df06ed33b5ed2771a316abc7cc9a621c2097fa9a4522d9c0ac31c4953b70", "2bce73c239a95080211fbfbc5b5268e1fecc81b3e5348ca391d00486dfe67d70", "3113c2ac299a173a07ea6de7da87a2f2f29ed95e509b9dc6e7128ea9a8796266", "31e2b0639ccb2499f79c4d45a037a1b6db52e4d0145605076d5a3b28fe564566", "4559e437ee99d1f7cf2727597e030fade0c452c3ae0649e4669306372522db22", "4f7473bb503c036c12d8e5850f3aaeb1c8abe9cab4dd8b16314f258999eaa5cf", "6fd825e2bddea82cbc88fccbfdd50f425aa05047ffab0b511fb55c3f85ae88e4", "8837ded9097e82948c53a4c875d66ff10271127e93702f89a8e4a9265625564d", "91df821cfa7634ff2b6e08a73533885f3ed24c19aa61d3f5d5e346b97d1f1590", "acbbd4b0c721c51bd9e510823659b521536ce43aad5eb324783c1c9e03e94974", "cb998389d745287bc242eb23fe128d50bb42198b6e2cf7092e9576471cf25a38", "d89d2f295b2a07e6bf0bf6c2a1b47c8221700746b781a5e537099c212da6b06b", "d91e331d39b96788c6c7fb7ab3bf652d46f53be628331a7753ed1955e5f717be", "e5db44290dea09182ee4383925805ee3bc901966cba16d7c05704b5a01eed95a", "ee0ca0f158ba207090b00152ac85b17e4ba097335bcf9242ca8246e849bcf537"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\SYSTEM", "value_name": "EnableLinkedConnections"}, {"hashes": ["046979df42da0affa983d6c73be7ad19afacbb6a05a28855cd302a24624ebb97", "10a0df06ed33b5ed2771a316abc7cc9a621c2097fa9a4522d9c0ac31c4953b70", "2bce73c239a95080211fbfbc5b5268e1fecc81b3e5348ca391d00486dfe67d70", "3113c2ac299a173a07ea6de7da87a2f2f29ed95e509b9dc6e7128ea9a8796266", "31e2b0639ccb2499f79c4d45a037a1b6db52e4d0145605076d5a3b28fe564566", "4559e437ee99d1f7cf2727597e030fade0c452c3ae0649e4669306372522db22", "4f7473bb503c036c12d8e5850f3aaeb1c8abe9cab4dd8b16314f258999eaa5cf", "6fd825e2bddea82cbc88fccbfdd50f425aa05047ffab0b511fb55c3f85ae88e4", "8837ded9097e82948c53a4c875d66ff10271127e93702f89a8e4a9265625564d", "91df821cfa7634ff2b6e08a73533885f3ed24c19aa61d3f5d5e346b97d1f1590", "acbbd4b0c721c51bd9e510823659b521536ce43aad5eb324783c1c9e03e94974", "cb998389d745287bc242eb23fe128d50bb42198b6e2cf7092e9576471cf25a38", "d89d2f295b2a07e6bf0bf6c2a1b47c8221700746b781a5e537099c212da6b06b", "d91e331d39b96788c6c7fb7ab3bf652d46f53be628331a7753ed1955e5f717be", "e5db44290dea09182ee4383925805ee3bc901966cba16d7c05704b5a01eed95a", "ee0ca0f158ba207090b00152ac85b17e4ba097335bcf9242ca8246e849bcf537"], "key": "<HKCU>\\SOFTWARE\\XXXSYS", "value_name": null}, {"hashes": ["046979df42da0affa983d6c73be7ad19afacbb6a05a28855cd302a24624ebb97", "10a0df06ed33b5ed2771a316abc7cc9a621c2097fa9a4522d9c0ac31c4953b70", "2bce73c239a95080211fbfbc5b5268e1fecc81b3e5348ca391d00486dfe67d70", "3113c2ac299a173a07ea6de7da87a2f2f29ed95e509b9dc6e7128ea9a8796266", "31e2b0639ccb2499f79c4d45a037a1b6db52e4d0145605076d5a3b28fe564566", "4559e437ee99d1f7cf2727597e030fade0c452c3ae0649e4669306372522db22", "4f7473bb503c036c12d8e5850f3aaeb1c8abe9cab4dd8b16314f258999eaa5cf", "6fd825e2bddea82cbc88fccbfdd50f425aa05047ffab0b511fb55c3f85ae88e4", "8837ded9097e82948c53a4c875d66ff10271127e93702f89a8e4a9265625564d", "91df821cfa7634ff2b6e08a73533885f3ed24c19aa61d3f5d5e346b97d1f1590", "acbbd4b0c721c51bd9e510823659b521536ce43aad5eb324783c1c9e03e94974", "cb998389d745287bc242eb23fe128d50bb42198b6e2cf7092e9576471cf25a38", "d89d2f295b2a07e6bf0bf6c2a1b47c8221700746b781a5e537099c212da6b06b", "d91e331d39b96788c6c7fb7ab3bf652d46f53be628331a7753ed1955e5f717be", "e5db44290dea09182ee4383925805ee3bc901966cba16d7c05704b5a01eed95a", "ee0ca0f158ba207090b00152ac85b17e4ba097335bcf9242ca8246e849bcf537"], "key": "<HKCU>\\SOFTWARE\\XXXSYS", "value_name": "ID"}, {"hashes": ["046979df42da0affa983d6c73be7ad19afacbb6a05a28855cd302a24624ebb97", "10a0df06ed33b5ed2771a316abc7cc9a621c2097fa9a4522d9c0ac31c4953b70", "2bce73c239a95080211fbfbc5b5268e1fecc81b3e5348ca391d00486dfe67d70", "3113c2ac299a173a07ea6de7da87a2f2f29ed95e509b9dc6e7128ea9a8796266", "31e2b0639ccb2499f79c4d45a037a1b6db52e4d0145605076d5a3b28fe564566", "4559e437ee99d1f7cf2727597e030fade0c452c3ae0649e4669306372522db22", "4f7473bb503c036c12d8e5850f3aaeb1c8abe9cab4dd8b16314f258999eaa5cf", "6fd825e2bddea82cbc88fccbfdd50f425aa05047ffab0b511fb55c3f85ae88e4", "8837ded9097e82948c53a4c875d66ff10271127e93702f89a8e4a9265625564d", "91df821cfa7634ff2b6e08a73533885f3ed24c19aa61d3f5d5e346b97d1f1590", "acbbd4b0c721c51bd9e510823659b521536ce43aad5eb324783c1c9e03e94974", "cb998389d745287bc242eb23fe128d50bb42198b6e2cf7092e9576471cf25a38", "d89d2f295b2a07e6bf0bf6c2a1b47c8221700746b781a5e537099c212da6b06b", "d91e331d39b96788c6c7fb7ab3bf652d46f53be628331a7753ed1955e5f717be", "e5db44290dea09182ee4383925805ee3bc901966cba16d7c05704b5a01eed95a", "ee0ca0f158ba207090b00152ac85b17e4ba097335bcf9242ca8246e849bcf537"], "key": "<HKCU>\\Software\\<random, matching '[A-Z0-9]{14,16}'>", "value_name": null}, {"hashes": ["046979df42da0affa983d6c73be7ad19afacbb6a05a28855cd302a24624ebb97", "10a0df06ed33b5ed2771a316abc7cc9a621c2097fa9a4522d9c0ac31c4953b70", "2bce73c239a95080211fbfbc5b5268e1fecc81b3e5348ca391d00486dfe67d70", "3113c2ac299a173a07ea6de7da87a2f2f29ed95e509b9dc6e7128ea9a8796266", "31e2b0639ccb2499f79c4d45a037a1b6db52e4d0145605076d5a3b28fe564566", "4559e437ee99d1f7cf2727597e030fade0c452c3ae0649e4669306372522db22", "4f7473bb503c036c12d8e5850f3aaeb1c8abe9cab4dd8b16314f258999eaa5cf", "6fd825e2bddea82cbc88fccbfdd50f425aa05047ffab0b511fb55c3f85ae88e4", "8837ded9097e82948c53a4c875d66ff10271127e93702f89a8e4a9265625564d", "91df821cfa7634ff2b6e08a73533885f3ed24c19aa61d3f5d5e346b97d1f1590", "acbbd4b0c721c51bd9e510823659b521536ce43aad5eb324783c1c9e03e94974", "cb998389d745287bc242eb23fe128d50bb42198b6e2cf7092e9576471cf25a38", "d89d2f295b2a07e6bf0bf6c2a1b47c8221700746b781a5e537099c212da6b06b", "d91e331d39b96788c6c7fb7ab3bf652d46f53be628331a7753ed1955e5f717be", "e5db44290dea09182ee4383925805ee3bc901966cba16d7c05704b5a01eed95a", "ee0ca0f158ba207090b00152ac85b17e4ba097335bcf9242ca8246e849bcf537"], "key": "<HKCU>\\Software\\<random, matching '[A-Z0-9]{14,16}'>", "value_name": "data"}, {"hashes": ["3113c2ac299a173a07ea6de7da87a2f2f29ed95e509b9dc6e7128ea9a8796266"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "aingokyddfin"}, {"hashes": ["4559e437ee99d1f7cf2727597e030fade0c452c3ae0649e4669306372522db22"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "xynflbfpqxfg"}, {"hashes": ["91df821cfa7634ff2b6e08a73533885f3ed24c19aa61d3f5d5e346b97d1f1590"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "xsrdyarnlxkb"}, {"hashes": ["e5db44290dea09182ee4383925805ee3bc901966cba16d7c05704b5a01eed95a"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "nrosuypgjita"}, {"hashes": ["d91e331d39b96788c6c7fb7ab3bf652d46f53be628331a7753ed1955e5f717be"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "uqjergivpotl"}, {"hashes": ["8837ded9097e82948c53a4c875d66ff10271127e93702f89a8e4a9265625564d"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "cokwmnrosuyg"}, {"hashes": ["4f7473bb503c036c12d8e5850f3aaeb1c8abe9cab4dd8b16314f258999eaa5cf"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "xhcqdmqiixoc"}, {"hashes": ["2bce73c239a95080211fbfbc5b5268e1fecc81b3e5348ca391d00486dfe67d70"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "fsglxsrdyang"}, {"hashes": ["6fd825e2bddea82cbc88fccbfdd50f425aa05047ffab0b511fb55c3f85ae88e4"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "bajwwakyuxyv"}, {"hashes": ["31e2b0639ccb2499f79c4d45a037a1b6db52e4d0145605076d5a3b28fe564566"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "urbajwwakyuy"}, {"hashes": ["046979df42da0affa983d6c73be7ad19afacbb6a05a28855cd302a24624ebb97"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "xenfsxranlku"}, {"hashes": ["cb998389d745287bc242eb23fe128d50bb42198b6e2cf7092e9576471cf25a38"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "xxynflbfqxsl"}, {"hashes": ["acbbd4b0c721c51bd9e510823659b521536ce43aad5eb324783c1c9e03e94974"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "dcpegxxynflb"}, {"hashes": ["10a0df06ed33b5ed2771a316abc7cc9a621c2097fa9a4522d9c0ac31c4953b70"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "xxynflbfpqxe"}, {"hashes": ["d89d2f295b2a07e6bf0bf6c2a1b47c8221700746b781a5e537099c212da6b06b"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "wwakyuxyvyly"}, {"hashes": ["ee0ca0f158ba207090b00152ac85b17e4ba097335bcf9242ca8246e849bcf537"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "wakyuxyvalcg"}]}, "reports_count": 16}, "Win.Ransomware.Tofsee-9985077-0": {"bis": [{"bi": "pe-encrypted-section", "hashes": ["b7371868a517e14b30fc12515aa5dfea39f3786ce1a14b0061815d462302eebe", "a8dab16a73c683ced6a88ba70b1b3fba1d06d5c214e3b8a534b69c49ceab3bac", "e6f650114bc7e368a97786dacf73d57f3c4b8766f895fe2a570781ec9e8f6f28", "52f7941f779a31924cbdc50ea92481821281f9ed61e1751689e6d0d77a28b865", "d4ded32b48c5896ea5c338e2f0fb6131ec4365d2aca874901f979ef1b34cff53", "dd14921b8274f08aebcfe6d02359191fec130e13feffbde9b4cb88f9810bc10b", "712f57fd1ad51878132bf31a9c10845cfdd201268b5f29683f331daaa94064e0", "52d043fde53ca1f8206e8cccec0a6202608927cbe1ccc66c897ce7806e0bb8db", "a378313d3462b42b4bd6f81218d6ddcad3c58730042a09d6ea7d2724de6ad8f5", "685db303322dd68e66a46447b37022cdc4d0000576cad05eef5234eb09dc9f31", "8b945dac10d16c2f76a20b497a392f9782768d4ec233c38890c5b4e4d347b7e0", "f68d76ebc0c51240fccaccd641c66f1e0059b5ccfeabff3737fc5e5bbab1ddb7", "c8ecbd53f00218c14ea066848502f5828f7f77cde4fcee3b66e9c72088ab1ca8", "573c4a98edae30752a2a3153796707b149bd8fefe265509e6a4e95e64a00edde", "942b61d7f36de871315070d6b89f8bee9d49f043fd115b710b202138209a51a7", "9f7538929d41e712d2f0af226ca663c890b07301140d8569f071a43815dd39b4", "8c766a9efc8d743b072044be56b41a98eaa0750d17bd9940fd334423bf4163d5", "6017f05c453161374cfd6f9729b6b2e12d5e22f34e64c854700aeba843e512b4"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["b7371868a517e14b30fc12515aa5dfea39f3786ce1a14b0061815d462302eebe", "a8dab16a73c683ced6a88ba70b1b3fba1d06d5c214e3b8a534b69c49ceab3bac", "e6f650114bc7e368a97786dacf73d57f3c4b8766f895fe2a570781ec9e8f6f28", "52f7941f779a31924cbdc50ea92481821281f9ed61e1751689e6d0d77a28b865", "d4ded32b48c5896ea5c338e2f0fb6131ec4365d2aca874901f979ef1b34cff53", "dd14921b8274f08aebcfe6d02359191fec130e13feffbde9b4cb88f9810bc10b", "712f57fd1ad51878132bf31a9c10845cfdd201268b5f29683f331daaa94064e0", "52d043fde53ca1f8206e8cccec0a6202608927cbe1ccc66c897ce7806e0bb8db", "a378313d3462b42b4bd6f81218d6ddcad3c58730042a09d6ea7d2724de6ad8f5", "685db303322dd68e66a46447b37022cdc4d0000576cad05eef5234eb09dc9f31", "8b945dac10d16c2f76a20b497a392f9782768d4ec233c38890c5b4e4d347b7e0", "f68d76ebc0c51240fccaccd641c66f1e0059b5ccfeabff3737fc5e5bbab1ddb7", "c8ecbd53f00218c14ea066848502f5828f7f77cde4fcee3b66e9c72088ab1ca8", "573c4a98edae30752a2a3153796707b149bd8fefe265509e6a4e95e64a00edde", "942b61d7f36de871315070d6b89f8bee9d49f043fd115b710b202138209a51a7", "9f7538929d41e712d2f0af226ca663c890b07301140d8569f071a43815dd39b4", "8c766a9efc8d743b072044be56b41a98eaa0750d17bd9940fd334423bf4163d5", "6017f05c453161374cfd6f9729b6b2e12d5e22f34e64c854700aeba843e512b4"], "mitre_attack_tags": []}, {"bi": "imports-IsDebuggerPresent", "hashes": ["b7371868a517e14b30fc12515aa5dfea39f3786ce1a14b0061815d462302eebe", "a8dab16a73c683ced6a88ba70b1b3fba1d06d5c214e3b8a534b69c49ceab3bac", "e6f650114bc7e368a97786dacf73d57f3c4b8766f895fe2a570781ec9e8f6f28", "52f7941f779a31924cbdc50ea92481821281f9ed61e1751689e6d0d77a28b865", "d4ded32b48c5896ea5c338e2f0fb6131ec4365d2aca874901f979ef1b34cff53", "dd14921b8274f08aebcfe6d02359191fec130e13feffbde9b4cb88f9810bc10b", "712f57fd1ad51878132bf31a9c10845cfdd201268b5f29683f331daaa94064e0", "52d043fde53ca1f8206e8cccec0a6202608927cbe1ccc66c897ce7806e0bb8db", "a378313d3462b42b4bd6f81218d6ddcad3c58730042a09d6ea7d2724de6ad8f5", "685db303322dd68e66a46447b37022cdc4d0000576cad05eef5234eb09dc9f31", "8b945dac10d16c2f76a20b497a392f9782768d4ec233c38890c5b4e4d347b7e0", "f68d76ebc0c51240fccaccd641c66f1e0059b5ccfeabff3737fc5e5bbab1ddb7", "c8ecbd53f00218c14ea066848502f5828f7f77cde4fcee3b66e9c72088ab1ca8", "573c4a98edae30752a2a3153796707b149bd8fefe265509e6a4e95e64a00edde", "942b61d7f36de871315070d6b89f8bee9d49f043fd115b710b202138209a51a7", "9f7538929d41e712d2f0af226ca663c890b07301140d8569f071a43815dd39b4", "8c766a9efc8d743b072044be56b41a98eaa0750d17bd9940fd334423bf4163d5", "6017f05c453161374cfd6f9729b6b2e12d5e22f34e64c854700aeba843e512b4"], "mitre_attack_tags": ["TA0005", "TA0007"]}, {"bi": "memory-execute-readwrite", "hashes": ["b7371868a517e14b30fc12515aa5dfea39f3786ce1a14b0061815d462302eebe", "a8dab16a73c683ced6a88ba70b1b3fba1d06d5c214e3b8a534b69c49ceab3bac", "52f7941f779a31924cbdc50ea92481821281f9ed61e1751689e6d0d77a28b865", "d4ded32b48c5896ea5c338e2f0fb6131ec4365d2aca874901f979ef1b34cff53", "dd14921b8274f08aebcfe6d02359191fec130e13feffbde9b4cb88f9810bc10b", "712f57fd1ad51878132bf31a9c10845cfdd201268b5f29683f331daaa94064e0", "52d043fde53ca1f8206e8cccec0a6202608927cbe1ccc66c897ce7806e0bb8db", "a378313d3462b42b4bd6f81218d6ddcad3c58730042a09d6ea7d2724de6ad8f5", "685db303322dd68e66a46447b37022cdc4d0000576cad05eef5234eb09dc9f31", "8b945dac10d16c2f76a20b497a392f9782768d4ec233c38890c5b4e4d347b7e0", "f68d76ebc0c51240fccaccd641c66f1e0059b5ccfeabff3737fc5e5bbab1ddb7", "c8ecbd53f00218c14ea066848502f5828f7f77cde4fcee3b66e9c72088ab1ca8", "573c4a98edae30752a2a3153796707b149bd8fefe265509e6a4e95e64a00edde", "942b61d7f36de871315070d6b89f8bee9d49f043fd115b710b202138209a51a7", "9f7538929d41e712d2f0af226ca663c890b07301140d8569f071a43815dd39b4", "8c766a9efc8d743b072044be56b41a98eaa0750d17bd9940fd334423bf4163d5", "6017f05c453161374cfd6f9729b6b2e12d5e22f34e64c854700aeba843e512b4"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "pe-resource-lang-spanish", "hashes": ["b7371868a517e14b30fc12515aa5dfea39f3786ce1a14b0061815d462302eebe", "a8dab16a73c683ced6a88ba70b1b3fba1d06d5c214e3b8a534b69c49ceab3bac", "52f7941f779a31924cbdc50ea92481821281f9ed61e1751689e6d0d77a28b865", "d4ded32b48c5896ea5c338e2f0fb6131ec4365d2aca874901f979ef1b34cff53", "dd14921b8274f08aebcfe6d02359191fec130e13feffbde9b4cb88f9810bc10b", "712f57fd1ad51878132bf31a9c10845cfdd201268b5f29683f331daaa94064e0", "52d043fde53ca1f8206e8cccec0a6202608927cbe1ccc66c897ce7806e0bb8db", "a378313d3462b42b4bd6f81218d6ddcad3c58730042a09d6ea7d2724de6ad8f5", "685db303322dd68e66a46447b37022cdc4d0000576cad05eef5234eb09dc9f31", "8b945dac10d16c2f76a20b497a392f9782768d4ec233c38890c5b4e4d347b7e0", "f68d76ebc0c51240fccaccd641c66f1e0059b5ccfeabff3737fc5e5bbab1ddb7", "c8ecbd53f00218c14ea066848502f5828f7f77cde4fcee3b66e9c72088ab1ca8", "573c4a98edae30752a2a3153796707b149bd8fefe265509e6a4e95e64a00edde", "942b61d7f36de871315070d6b89f8bee9d49f043fd115b710b202138209a51a7", "9f7538929d41e712d2f0af226ca663c890b07301140d8569f071a43815dd39b4", "8c766a9efc8d743b072044be56b41a98eaa0750d17bd9940fd334423bf4163d5", "6017f05c453161374cfd6f9729b6b2e12d5e22f34e64c854700aeba843e512b4"], "mitre_attack_tags": []}, {"bi": "modified-file-in-user-dir", "hashes": ["b7371868a517e14b30fc12515aa5dfea39f3786ce1a14b0061815d462302eebe", "a8dab16a73c683ced6a88ba70b1b3fba1d06d5c214e3b8a534b69c49ceab3bac", "52f7941f779a31924cbdc50ea92481821281f9ed61e1751689e6d0d77a28b865", "dd14921b8274f08aebcfe6d02359191fec130e13feffbde9b4cb88f9810bc10b", "52d043fde53ca1f8206e8cccec0a6202608927cbe1ccc66c897ce7806e0bb8db", "685db303322dd68e66a46447b37022cdc4d0000576cad05eef5234eb09dc9f31", "8b945dac10d16c2f76a20b497a392f9782768d4ec233c38890c5b4e4d347b7e0", "573c4a98edae30752a2a3153796707b149bd8fefe265509e6a4e95e64a00edde", "942b61d7f36de871315070d6b89f8bee9d49f043fd115b710b202138209a51a7", "8c766a9efc8d743b072044be56b41a98eaa0750d17bd9940fd334423bf4163d5", "6017f05c453161374cfd6f9729b6b2e12d5e22f34e64c854700aeba843e512b4"], "mitre_attack_tags": []}, {"bi": "excessive-foreign-memory-modification", "hashes": ["52f7941f779a31924cbdc50ea92481821281f9ed61e1751689e6d0d77a28b865", "d4ded32b48c5896ea5c338e2f0fb6131ec4365d2aca874901f979ef1b34cff53", "712f57fd1ad51878132bf31a9c10845cfdd201268b5f29683f331daaa94064e0", "a378313d3462b42b4bd6f81218d6ddcad3c58730042a09d6ea7d2724de6ad8f5", "685db303322dd68e66a46447b37022cdc4d0000576cad05eef5234eb09dc9f31", "f68d76ebc0c51240fccaccd641c66f1e0059b5ccfeabff3737fc5e5bbab1ddb7", "c8ecbd53f00218c14ea066848502f5828f7f77cde4fcee3b66e9c72088ab1ca8", "942b61d7f36de871315070d6b89f8bee9d49f043fd115b710b202138209a51a7", "9f7538929d41e712d2f0af226ca663c890b07301140d8569f071a43815dd39b4"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "windows-crash-tool-execution-detected", "hashes": ["b7371868a517e14b30fc12515aa5dfea39f3786ce1a14b0061815d462302eebe", "a8dab16a73c683ced6a88ba70b1b3fba1d06d5c214e3b8a534b69c49ceab3bac", "dd14921b8274f08aebcfe6d02359191fec130e13feffbde9b4cb88f9810bc10b", "52d043fde53ca1f8206e8cccec0a6202608927cbe1ccc66c897ce7806e0bb8db", "8b945dac10d16c2f76a20b497a392f9782768d4ec233c38890c5b4e4d347b7e0", "573c4a98edae30752a2a3153796707b149bd8fefe265509e6a4e95e64a00edde", "8c766a9efc8d743b072044be56b41a98eaa0750d17bd9940fd334423bf4163d5", "6017f05c453161374cfd6f9729b6b2e12d5e22f34e64c854700aeba843e512b4"], "mitre_attack_tags": []}, {"bi": "crash-dump-file-created", "hashes": ["b7371868a517e14b30fc12515aa5dfea39f3786ce1a14b0061815d462302eebe", "a8dab16a73c683ced6a88ba70b1b3fba1d06d5c214e3b8a534b69c49ceab3bac", "dd14921b8274f08aebcfe6d02359191fec130e13feffbde9b4cb88f9810bc10b", "52d043fde53ca1f8206e8cccec0a6202608927cbe1ccc66c897ce7806e0bb8db", "8b945dac10d16c2f76a20b497a392f9782768d4ec233c38890c5b4e4d347b7e0", "573c4a98edae30752a2a3153796707b149bd8fefe265509e6a4e95e64a00edde", "8c766a9efc8d743b072044be56b41a98eaa0750d17bd9940fd334423bf4163d5", "6017f05c453161374cfd6f9729b6b2e12d5e22f34e64c854700aeba843e512b4"], "mitre_attack_tags": []}, {"bi": "fault-report-file-created", "hashes": ["b7371868a517e14b30fc12515aa5dfea39f3786ce1a14b0061815d462302eebe", "a8dab16a73c683ced6a88ba70b1b3fba1d06d5c214e3b8a534b69c49ceab3bac", "dd14921b8274f08aebcfe6d02359191fec130e13feffbde9b4cb88f9810bc10b", "52d043fde53ca1f8206e8cccec0a6202608927cbe1ccc66c897ce7806e0bb8db", "8b945dac10d16c2f76a20b497a392f9782768d4ec233c38890c5b4e4d347b7e0", "573c4a98edae30752a2a3153796707b149bd8fefe265509e6a4e95e64a00edde", "8c766a9efc8d743b072044be56b41a98eaa0750d17bd9940fd334423bf4163d5", "6017f05c453161374cfd6f9729b6b2e12d5e22f34e64c854700aeba843e512b4"], "mitre_attack_tags": []}, {"bi": "sample-launched-copy-of-self", "hashes": ["d4ded32b48c5896ea5c338e2f0fb6131ec4365d2aca874901f979ef1b34cff53", "712f57fd1ad51878132bf31a9c10845cfdd201268b5f29683f331daaa94064e0", "a378313d3462b42b4bd6f81218d6ddcad3c58730042a09d6ea7d2724de6ad8f5", "f68d76ebc0c51240fccaccd641c66f1e0059b5ccfeabff3737fc5e5bbab1ddb7", "c8ecbd53f00218c14ea066848502f5828f7f77cde4fcee3b66e9c72088ab1ca8", "9f7538929d41e712d2f0af226ca663c890b07301140d8569f071a43815dd39b4"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "process-hollowing-detected", "hashes": ["d4ded32b48c5896ea5c338e2f0fb6131ec4365d2aca874901f979ef1b34cff53", "712f57fd1ad51878132bf31a9c10845cfdd201268b5f29683f331daaa94064e0", "a378313d3462b42b4bd6f81218d6ddcad3c58730042a09d6ea7d2724de6ad8f5", "f68d76ebc0c51240fccaccd641c66f1e0059b5ccfeabff3737fc5e5bbab1ddb7", "c8ecbd53f00218c14ea066848502f5828f7f77cde4fcee3b66e9c72088ab1ca8", "9f7538929d41e712d2f0af226ca663c890b07301140d8569f071a43815dd39b4"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "pe-invalid-checksum", "hashes": ["e6f650114bc7e368a97786dacf73d57f3c4b8766f895fe2a570781ec9e8f6f28", "52f7941f779a31924cbdc50ea92481821281f9ed61e1751689e6d0d77a28b865", "685db303322dd68e66a46447b37022cdc4d0000576cad05eef5234eb09dc9f31", "942b61d7f36de871315070d6b89f8bee9d49f043fd115b710b202138209a51a7"], "mitre_attack_tags": []}, {"bi": "modified-executable", "hashes": ["52f7941f779a31924cbdc50ea92481821281f9ed61e1751689e6d0d77a28b865", "685db303322dd68e66a46447b37022cdc4d0000576cad05eef5234eb09dc9f31", "942b61d7f36de871315070d6b89f8bee9d49f043fd115b710b202138209a51a7"], "mitre_attack_tags": []}, {"bi": "created-executable-in-user-dir", "hashes": ["52f7941f779a31924cbdc50ea92481821281f9ed61e1751689e6d0d77a28b865", "685db303322dd68e66a46447b37022cdc4d0000576cad05eef5234eb09dc9f31", "942b61d7f36de871315070d6b89f8bee9d49f043fd115b710b202138209a51a7"], "mitre_attack_tags": []}, {"bi": "registry-service-with-autostart-created", "hashes": ["52f7941f779a31924cbdc50ea92481821281f9ed61e1751689e6d0d77a28b865", "685db303322dd68e66a46447b37022cdc4d0000576cad05eef5234eb09dc9f31", "942b61d7f36de871315070d6b89f8bee9d49f043fd115b710b202138209a51a7"], "mitre_attack_tags": ["TA0005", "TA0003", "TA0004", "T1112", "T1574"]}, {"bi": "currentcontrolset-service-added", "hashes": ["52f7941f779a31924cbdc50ea92481821281f9ed61e1751689e6d0d77a28b865", "685db303322dd68e66a46447b37022cdc4d0000576cad05eef5234eb09dc9f31", "942b61d7f36de871315070d6b89f8bee9d49f043fd115b710b202138209a51a7"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1569", "T1547"]}, {"bi": "process-long-cmdline", "hashes": ["52f7941f779a31924cbdc50ea92481821281f9ed61e1751689e6d0d77a28b865", "685db303322dd68e66a46447b37022cdc4d0000576cad05eef5234eb09dc9f31", "942b61d7f36de871315070d6b89f8bee9d49f043fd115b710b202138209a51a7"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "network-fast-flux-domain", "hashes": ["52f7941f779a31924cbdc50ea92481821281f9ed61e1751689e6d0d77a28b865", "685db303322dd68e66a46447b37022cdc4d0000576cad05eef5234eb09dc9f31", "942b61d7f36de871315070d6b89f8bee9d49f043fd115b710b202138209a51a7"], "mitre_attack_tags": []}, {"bi": "network-communications-http-get", "hashes": ["52f7941f779a31924cbdc50ea92481821281f9ed61e1751689e6d0d77a28b865", "685db303322dd68e66a46447b37022cdc4d0000576cad05eef5234eb09dc9f31", "942b61d7f36de871315070d6b89f8bee9d49f043fd115b710b202138209a51a7"], "mitre_attack_tags": ["TA0011", "T1105"]}, {"bi": "network-fast-flux-nameserver", "hashes": ["52f7941f779a31924cbdc50ea92481821281f9ed61e1751689e6d0d77a28b865", "685db303322dd68e66a46447b37022cdc4d0000576cad05eef5234eb09dc9f31", "942b61d7f36de871315070d6b89f8bee9d49f043fd115b710b202138209a51a7"], "mitre_attack_tags": []}, {"bi": "network-communications-smtp", "hashes": ["52f7941f779a31924cbdc50ea92481821281f9ed61e1751689e6d0d77a28b865", "685db303322dd68e66a46447b37022cdc4d0000576cad05eef5234eb09dc9f31", "942b61d7f36de871315070d6b89f8bee9d49f043fd115b710b202138209a51a7"], "mitre_attack_tags": ["TA0011", "T1071"]}, {"bi": "dns-query-nxdomain", "hashes": ["52f7941f779a31924cbdc50ea92481821281f9ed61e1751689e6d0d77a28b865", "685db303322dd68e66a46447b37022cdc4d0000576cad05eef5234eb09dc9f31", "942b61d7f36de871315070d6b89f8bee9d49f043fd115b710b202138209a51a7"], "mitre_attack_tags": []}, {"bi": "network-smtp-spambot", "hashes": ["52f7941f779a31924cbdc50ea92481821281f9ed61e1751689e6d0d77a28b865", "685db303322dd68e66a46447b37022cdc4d0000576cad05eef5234eb09dc9f31", "942b61d7f36de871315070d6b89f8bee9d49f043fd115b710b202138209a51a7"], "mitre_attack_tags": []}, {"bi": "dns-excessive-domain-queries", "hashes": ["52f7941f779a31924cbdc50ea92481821281f9ed61e1751689e6d0d77a28b865", "685db303322dd68e66a46447b37022cdc4d0000576cad05eef5234eb09dc9f31", "942b61d7f36de871315070d6b89f8bee9d49f043fd115b710b202138209a51a7"], "mitre_attack_tags": ["TA0011", "T1008"]}, {"bi": "network-only-safe-domains-contacted", "hashes": ["52f7941f779a31924cbdc50ea92481821281f9ed61e1751689e6d0d77a28b865", "685db303322dd68e66a46447b37022cdc4d0000576cad05eef5234eb09dc9f31", "942b61d7f36de871315070d6b89f8bee9d49f043fd115b710b202138209a51a7"], "mitre_attack_tags": []}, {"bi": "feed-domain-rat", "hashes": ["52f7941f779a31924cbdc50ea92481821281f9ed61e1751689e6d0d77a28b865", "685db303322dd68e66a46447b37022cdc4d0000576cad05eef5234eb09dc9f31", "942b61d7f36de871315070d6b89f8bee9d49f043fd115b710b202138209a51a7"], "mitre_attack_tags": []}, {"bi": "feed-domain-antivirus-service", "hashes": ["52f7941f779a31924cbdc50ea92481821281f9ed61e1751689e6d0d77a28b865", "685db303322dd68e66a46447b37022cdc4d0000576cad05eef5234eb09dc9f31", "942b61d7f36de871315070d6b89f8bee9d49f043fd115b710b202138209a51a7"], "mitre_attack_tags": []}, {"bi": "process-requested-named-pipe", "hashes": ["52f7941f779a31924cbdc50ea92481821281f9ed61e1751689e6d0d77a28b865", "685db303322dd68e66a46447b37022cdc4d0000576cad05eef5234eb09dc9f31", "942b61d7f36de871315070d6b89f8bee9d49f043fd115b710b202138209a51a7"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "network-snort-indicator-compromise", "hashes": ["52f7941f779a31924cbdc50ea92481821281f9ed61e1751689e6d0d77a28b865", "685db303322dd68e66a46447b37022cdc4d0000576cad05eef5234eb09dc9f31", "942b61d7f36de871315070d6b89f8bee9d49f043fd115b710b202138209a51a7"], "mitre_attack_tags": []}, {"bi": "network-dns-category-file-storage", "hashes": ["52f7941f779a31924cbdc50ea92481821281f9ed61e1751689e6d0d77a28b865", "685db303322dd68e66a46447b37022cdc4d0000576cad05eef5234eb09dc9f31", "942b61d7f36de871315070d6b89f8bee9d49f043fd115b710b202138209a51a7"], "mitre_attack_tags": []}, {"bi": "deleted-submitted-file", "hashes": ["52f7941f779a31924cbdc50ea92481821281f9ed61e1751689e6d0d77a28b865", "685db303322dd68e66a46447b37022cdc4d0000576cad05eef5234eb09dc9f31", "942b61d7f36de871315070d6b89f8bee9d49f043fd115b710b202138209a51a7"], "mitre_attack_tags": ["TA0005"]}, {"bi": "listening-port-opened", "hashes": ["52f7941f779a31924cbdc50ea92481821281f9ed61e1751689e6d0d77a28b865", "685db303322dd68e66a46447b37022cdc4d0000576cad05eef5234eb09dc9f31", "942b61d7f36de871315070d6b89f8bee9d49f043fd115b710b202138209a51a7"], "mitre_attack_tags": ["TA0011", "T1219"]}, {"bi": "process-svchost-suspicious-launch", "hashes": ["52f7941f779a31924cbdc50ea92481821281f9ed61e1751689e6d0d77a28b865", "685db303322dd68e66a46447b37022cdc4d0000576cad05eef5234eb09dc9f31", "942b61d7f36de871315070d6b89f8bee9d49f043fd115b710b202138209a51a7"], "mitre_attack_tags": ["TA0005", "T1036"]}, {"bi": "localhost-ipaddress-detected", "hashes": ["52f7941f779a31924cbdc50ea92481821281f9ed61e1751689e6d0d77a28b865", "685db303322dd68e66a46447b37022cdc4d0000576cad05eef5234eb09dc9f31", "942b61d7f36de871315070d6b89f8bee9d49f043fd115b710b202138209a51a7"], "mitre_attack_tags": []}, {"bi": "cmd-exe-file-execution", "hashes": ["52f7941f779a31924cbdc50ea92481821281f9ed61e1751689e6d0d77a28b865", "685db303322dd68e66a46447b37022cdc4d0000576cad05eef5234eb09dc9f31", "942b61d7f36de871315070d6b89f8bee9d49f043fd115b710b202138209a51a7"], "mitre_attack_tags": ["TA0002", "T1059"]}, {"bi": "registry-large-data-entry", "hashes": ["52f7941f779a31924cbdc50ea92481821281f9ed61e1751689e6d0d77a28b865", "685db303322dd68e66a46447b37022cdc4d0000576cad05eef5234eb09dc9f31", "942b61d7f36de871315070d6b89f8bee9d49f043fd115b710b202138209a51a7"], "mitre_attack_tags": ["TA0005", "T1112"]}, {"bi": "sc-service-start", "hashes": ["52f7941f779a31924cbdc50ea92481821281f9ed61e1751689e6d0d77a28b865", "685db303322dd68e66a46447b37022cdc4d0000576cad05eef5234eb09dc9f31", "942b61d7f36de871315070d6b89f8bee9d49f043fd115b710b202138209a51a7"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1569", "T1543"]}, {"bi": "netbios-null-domain", "hashes": ["52f7941f779a31924cbdc50ea92481821281f9ed61e1751689e6d0d77a28b865", "685db303322dd68e66a46447b37022cdc4d0000576cad05eef5234eb09dc9f31", "942b61d7f36de871315070d6b89f8bee9d49f043fd115b710b202138209a51a7"], "mitre_attack_tags": []}, {"bi": "file-alternate-data-stream-modification", "hashes": ["52f7941f779a31924cbdc50ea92481821281f9ed61e1751689e6d0d77a28b865", "685db303322dd68e66a46447b37022cdc4d0000576cad05eef5234eb09dc9f31", "942b61d7f36de871315070d6b89f8bee9d49f043fd115b710b202138209a51a7"], "mitre_attack_tags": ["TA0005", "T1564"]}, {"bi": "malware-tofsee-cmd-detected", "hashes": ["52f7941f779a31924cbdc50ea92481821281f9ed61e1751689e6d0d77a28b865", "685db303322dd68e66a46447b37022cdc4d0000576cad05eef5234eb09dc9f31", "942b61d7f36de871315070d6b89f8bee9d49f043fd115b710b202138209a51a7"], "mitre_attack_tags": ["TA0005", "T1562"]}, {"bi": "netsh-firewall-generic", "hashes": ["52f7941f779a31924cbdc50ea92481821281f9ed61e1751689e6d0d77a28b865", "685db303322dd68e66a46447b37022cdc4d0000576cad05eef5234eb09dc9f31", "942b61d7f36de871315070d6b89f8bee9d49f043fd115b710b202138209a51a7"], "mitre_attack_tags": ["TA0007", "TA0005", "T1016", "T1562"]}, {"bi": "sc-service-create", "hashes": ["52f7941f779a31924cbdc50ea92481821281f9ed61e1751689e6d0d77a28b865", "685db303322dd68e66a46447b37022cdc4d0000576cad05eef5234eb09dc9f31", "942b61d7f36de871315070d6b89f8bee9d49f043fd115b710b202138209a51a7"], "mitre_attack_tags": ["TA0003", "TA0004", "T1543"]}, {"bi": "file-alternate-data-stream-creation", "hashes": ["52f7941f779a31924cbdc50ea92481821281f9ed61e1751689e6d0d77a28b865", "685db303322dd68e66a46447b37022cdc4d0000576cad05eef5234eb09dc9f31", "942b61d7f36de871315070d6b89f8bee9d49f043fd115b710b202138209a51a7"], "mitre_attack_tags": ["TA0005", "T1564"]}, {"bi": "new-service-launched", "hashes": ["52f7941f779a31924cbdc50ea92481821281f9ed61e1751689e6d0d77a28b865", "685db303322dd68e66a46447b37022cdc4d0000576cad05eef5234eb09dc9f31", "942b61d7f36de871315070d6b89f8bee9d49f043fd115b710b202138209a51a7"], "mitre_attack_tags": ["TA0002", "T1569"]}, {"bi": "registry-windows-defender-exclusions-added", "hashes": ["52f7941f779a31924cbdc50ea92481821281f9ed61e1751689e6d0d77a28b865", "685db303322dd68e66a46447b37022cdc4d0000576cad05eef5234eb09dc9f31", "942b61d7f36de871315070d6b89f8bee9d49f043fd115b710b202138209a51a7"], "mitre_attack_tags": ["TA0005", "T1562"]}, {"bi": "dns-bypassed-assigned-server", "hashes": ["52f7941f779a31924cbdc50ea92481821281f9ed61e1751689e6d0d77a28b865", "685db303322dd68e66a46447b37022cdc4d0000576cad05eef5234eb09dc9f31", "942b61d7f36de871315070d6b89f8bee9d49f043fd115b710b202138209a51a7"], "mitre_attack_tags": ["TA0011", "TA0005"]}, {"bi": "netsh-firewall-add", "hashes": ["52f7941f779a31924cbdc50ea92481821281f9ed61e1751689e6d0d77a28b865", "685db303322dd68e66a46447b37022cdc4d0000576cad05eef5234eb09dc9f31", "942b61d7f36de871315070d6b89f8bee9d49f043fd115b710b202138209a51a7"], "mitre_attack_tags": ["TA0005", "T1562"]}, {"bi": "malware-tofsee-domain-detected", "hashes": ["52f7941f779a31924cbdc50ea92481821281f9ed61e1751689e6d0d77a28b865", "685db303322dd68e66a46447b37022cdc4d0000576cad05eef5234eb09dc9f31", "942b61d7f36de871315070d6b89f8bee9d49f043fd115b710b202138209a51a7"], "mitre_attack_tags": []}, {"bi": "malware-tofsee-filepath", "hashes": ["52f7941f779a31924cbdc50ea92481821281f9ed61e1751689e6d0d77a28b865", "685db303322dd68e66a46447b37022cdc4d0000576cad05eef5234eb09dc9f31", "942b61d7f36de871315070d6b89f8bee9d49f043fd115b710b202138209a51a7"], "mitre_attack_tags": ["TA0011", "TA0005", "T1105", "T1112"]}, {"bi": "sc-service-create-execute", "hashes": ["52f7941f779a31924cbdc50ea92481821281f9ed61e1751689e6d0d77a28b865", "685db303322dd68e66a46447b37022cdc4d0000576cad05eef5234eb09dc9f31", "942b61d7f36de871315070d6b89f8bee9d49f043fd115b710b202138209a51a7"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1569", "T1543"]}, {"bi": "zen-spamhaus-domain-contacted", "hashes": ["52f7941f779a31924cbdc50ea92481821281f9ed61e1751689e6d0d77a28b865", "685db303322dd68e66a46447b37022cdc4d0000576cad05eef5234eb09dc9f31", "942b61d7f36de871315070d6b89f8bee9d49f043fd115b710b202138209a51a7"], "mitre_attack_tags": ["TA0005", "TA0007", "T1497"]}, {"bi": "network-file-uploaded", "hashes": ["52f7941f779a31924cbdc50ea92481821281f9ed61e1751689e6d0d77a28b865"], "mitre_attack_tags": ["TA0010", "T1011"]}, {"bi": "network-communications-http-post", "hashes": ["52f7941f779a31924cbdc50ea92481821281f9ed61e1751689e6d0d77a28b865"], "mitre_attack_tags": ["TA0010", "T1048"]}, {"bi": "network-smtp-spambot-v2", "hashes": ["52f7941f779a31924cbdc50ea92481821281f9ed61e1751689e6d0d77a28b865"], "mitre_attack_tags": []}, {"bi": "network-snort-sensitive-data", "hashes": ["52f7941f779a31924cbdc50ea92481821281f9ed61e1751689e6d0d77a28b865"], "mitre_attack_tags": []}], "category": "Ransomware", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": true, "Threat Grid": true, "Umbrella": false, "WSA": false}, "description": "Tofsee is multi-purpose malware that features several modules used to carry out various activities such as sending spam messages, conducting click fraud, mining cryptocurrency and more. Infected systems become part of the Tofsee spam botnet and are used to send large volumes of spam messages in an effort to infect additional systems and increase the overall size of the botnet under the operator's control.", "hashes": ["52d043fde53ca1f8206e8cccec0a6202608927cbe1ccc66c897ce7806e0bb8db", "52f7941f779a31924cbdc50ea92481821281f9ed61e1751689e6d0d77a28b865", "573c4a98edae30752a2a3153796707b149bd8fefe265509e6a4e95e64a00edde", "6017f05c453161374cfd6f9729b6b2e12d5e22f34e64c854700aeba843e512b4", "685db303322dd68e66a46447b37022cdc4d0000576cad05eef5234eb09dc9f31", "712f57fd1ad51878132bf31a9c10845cfdd201268b5f29683f331daaa94064e0", "8b945dac10d16c2f76a20b497a392f9782768d4ec233c38890c5b4e4d347b7e0", "8c766a9efc8d743b072044be56b41a98eaa0750d17bd9940fd334423bf4163d5", "942b61d7f36de871315070d6b89f8bee9d49f043fd115b710b202138209a51a7", "9f7538929d41e712d2f0af226ca663c890b07301140d8569f071a43815dd39b4", "a378313d3462b42b4bd6f81218d6ddcad3c58730042a09d6ea7d2724de6ad8f5", "a8dab16a73c683ced6a88ba70b1b3fba1d06d5c214e3b8a534b69c49ceab3bac", "b7371868a517e14b30fc12515aa5dfea39f3786ce1a14b0061815d462302eebe", "c8ecbd53f00218c14ea066848502f5828f7f77cde4fcee3b66e9c72088ab1ca8", "d4ded32b48c5896ea5c338e2f0fb6131ec4365d2aca874901f979ef1b34cff53", "dd14921b8274f08aebcfe6d02359191fec130e13feffbde9b4cb88f9810bc10b", "e6f650114bc7e368a97786dacf73d57f3c4b8766f895fe2a570781ec9e8f6f28", "f68d76ebc0c51240fccaccd641c66f1e0059b5ccfeabff3737fc5e5bbab1ddb7"], "iocs": {"domain": [{"hashes": ["52f7941f779a31924cbdc50ea92481821281f9ed61e1751689e6d0d77a28b865", "685db303322dd68e66a46447b37022cdc4d0000576cad05eef5234eb09dc9f31", "942b61d7f36de871315070d6b89f8bee9d49f043fd115b710b202138209a51a7"], "host": "249[.]5[.]55[.]69[.]bl[.]spamcop[.]net"}, {"hashes": ["52f7941f779a31924cbdc50ea92481821281f9ed61e1751689e6d0d77a28b865", "685db303322dd68e66a46447b37022cdc4d0000576cad05eef5234eb09dc9f31", "942b61d7f36de871315070d6b89f8bee9d49f043fd115b710b202138209a51a7"], "host": "249[.]5[.]55[.]69[.]cbl[.]abuseat[.]org"}, {"hashes": ["52f7941f779a31924cbdc50ea92481821281f9ed61e1751689e6d0d77a28b865", "685db303322dd68e66a46447b37022cdc4d0000576cad05eef5234eb09dc9f31", "942b61d7f36de871315070d6b89f8bee9d49f043fd115b710b202138209a51a7"], "host": "249[.]5[.]55[.]69[.]dnsbl[.]sorbs[.]net"}, {"hashes": ["52f7941f779a31924cbdc50ea92481821281f9ed61e1751689e6d0d77a28b865", "685db303322dd68e66a46447b37022cdc4d0000576cad05eef5234eb09dc9f31", "942b61d7f36de871315070d6b89f8bee9d49f043fd115b710b202138209a51a7"], "host": "249[.]5[.]55[.]69[.]in-addr[.]arpa"}, {"hashes": ["52f7941f779a31924cbdc50ea92481821281f9ed61e1751689e6d0d77a28b865", "685db303322dd68e66a46447b37022cdc4d0000576cad05eef5234eb09dc9f31", "942b61d7f36de871315070d6b89f8bee9d49f043fd115b710b202138209a51a7"], "host": "249[.]5[.]55[.]69[.]sbl-xbl[.]spamhaus[.]org"}, {"hashes": ["52f7941f779a31924cbdc50ea92481821281f9ed61e1751689e6d0d77a28b865", "685db303322dd68e66a46447b37022cdc4d0000576cad05eef5234eb09dc9f31", "942b61d7f36de871315070d6b89f8bee9d49f043fd115b710b202138209a51a7"], "host": "249[.]5[.]55[.]69[.]zen[.]spamhaus[.]org"}, {"hashes": ["52f7941f779a31924cbdc50ea92481821281f9ed61e1751689e6d0d77a28b865", "685db303322dd68e66a46447b37022cdc4d0000576cad05eef5234eb09dc9f31", "942b61d7f36de871315070d6b89f8bee9d49f043fd115b710b202138209a51a7"], "host": "i[.]instagram[.]com"}, {"hashes": ["52f7941f779a31924cbdc50ea92481821281f9ed61e1751689e6d0d77a28b865", "685db303322dd68e66a46447b37022cdc4d0000576cad05eef5234eb09dc9f31", "942b61d7f36de871315070d6b89f8bee9d49f043fd115b710b202138209a51a7"], "host": "microsoft-com[.]mail[.]protection[.]outlook[.]com"}, {"hashes": ["52f7941f779a31924cbdc50ea92481821281f9ed61e1751689e6d0d77a28b865", "685db303322dd68e66a46447b37022cdc4d0000576cad05eef5234eb09dc9f31", "942b61d7f36de871315070d6b89f8bee9d49f043fd115b710b202138209a51a7"], "host": "microsoft[.]com"}, {"hashes": ["52f7941f779a31924cbdc50ea92481821281f9ed61e1751689e6d0d77a28b865", "685db303322dd68e66a46447b37022cdc4d0000576cad05eef5234eb09dc9f31", "942b61d7f36de871315070d6b89f8bee9d49f043fd115b710b202138209a51a7"], "host": "www[.]google[.]com"}, {"hashes": ["52f7941f779a31924cbdc50ea92481821281f9ed61e1751689e6d0d77a28b865", "685db303322dd68e66a46447b37022cdc4d0000576cad05eef5234eb09dc9f31", "942b61d7f36de871315070d6b89f8bee9d49f043fd115b710b202138209a51a7"], "host": "svartalfheim[.]top"}, {"hashes": ["685db303322dd68e66a46447b37022cdc4d0000576cad05eef5234eb09dc9f31", "942b61d7f36de871315070d6b89f8bee9d49f043fd115b710b202138209a51a7"], "host": "www[.]instagram[.]com"}, {"hashes": ["685db303322dd68e66a46447b37022cdc4d0000576cad05eef5234eb09dc9f31", "942b61d7f36de871315070d6b89f8bee9d49f043fd115b710b202138209a51a7"], "host": "video-weaver[.]lax03[.]hls[.]ttvnw[.]net"}, {"hashes": ["685db303322dd68e66a46447b37022cdc4d0000576cad05eef5234eb09dc9f31", "942b61d7f36de871315070d6b89f8bee9d49f043fd115b710b202138209a51a7"], "host": "www[.]google[.]nl"}, {"hashes": ["685db303322dd68e66a46447b37022cdc4d0000576cad05eef5234eb09dc9f31", "942b61d7f36de871315070d6b89f8bee9d49f043fd115b710b202138209a51a7"], "host": "imap[.]mail[.]ru"}, {"hashes": ["52f7941f779a31924cbdc50ea92481821281f9ed61e1751689e6d0d77a28b865", "685db303322dd68e66a46447b37022cdc4d0000576cad05eef5234eb09dc9f31"], "host": "imap[.]ukr[.]net"}, {"hashes": ["52f7941f779a31924cbdc50ea92481821281f9ed61e1751689e6d0d77a28b865", "685db303322dd68e66a46447b37022cdc4d0000576cad05eef5234eb09dc9f31"], "host": "imap[.]yandex[.]ru"}, {"hashes": ["685db303322dd68e66a46447b37022cdc4d0000576cad05eef5234eb09dc9f31"], "host": "www[.]tiktok[.]com"}, {"hashes": ["685db303322dd68e66a46447b37022cdc4d0000576cad05eef5234eb09dc9f31"], "host": "www[.]ebay[.]co[.]uk"}, {"hashes": ["942b61d7f36de871315070d6b89f8bee9d49f043fd115b710b202138209a51a7"], "host": "www[.]omegle[.]com"}, {"hashes": ["685db303322dd68e66a46447b37022cdc4d0000576cad05eef5234eb09dc9f31"], "host": "imap[.]aol[.]com"}, {"hashes": ["52f7941f779a31924cbdc50ea92481821281f9ed61e1751689e6d0d77a28b865"], "host": "www[.]pornhub[.]com"}, {"hashes": ["52f7941f779a31924cbdc50ea92481821281f9ed61e1751689e6d0d77a28b865"], "host": "outlook[.]office365[.]com"}, {"hashes": ["942b61d7f36de871315070d6b89f8bee9d49f043fd115b710b202138209a51a7"], "host": "front1[.]omegle[.]com"}, {"hashes": ["685db303322dd68e66a46447b37022cdc4d0000576cad05eef5234eb09dc9f31"], "host": "ebay[.]com"}, {"hashes": ["52f7941f779a31924cbdc50ea92481821281f9ed61e1751689e6d0d77a28b865"], "host": "imap[.]tim[.]it"}, {"hashes": ["52f7941f779a31924cbdc50ea92481821281f9ed61e1751689e6d0d77a28b865"], "host": "imap[.]bol[.]com[.]br"}, {"hashes": ["942b61d7f36de871315070d6b89f8bee9d49f043fd115b710b202138209a51a7"], "host": "waw1[.]omegle[.]com"}, {"hashes": ["52f7941f779a31924cbdc50ea92481821281f9ed61e1751689e6d0d77a28b865"], "host": "reveiwgoo[.]com"}], "file": [{"hashes": ["52f7941f779a31924cbdc50ea92481821281f9ed61e1751689e6d0d77a28b865", "685db303322dd68e66a46447b37022cdc4d0000576cad05eef5234eb09dc9f31", "942b61d7f36de871315070d6b89f8bee9d49f043fd115b710b202138209a51a7"], "path": "%SystemRoot%\\SysWOW64\\config\\systemprofile"}, {"hashes": ["52f7941f779a31924cbdc50ea92481821281f9ed61e1751689e6d0d77a28b865", "685db303322dd68e66a46447b37022cdc4d0000576cad05eef5234eb09dc9f31", "942b61d7f36de871315070d6b89f8bee9d49f043fd115b710b202138209a51a7"], "path": "%SystemRoot%\\SysWOW64\\config\\systemprofile:.repos"}, {"hashes": ["942b61d7f36de871315070d6b89f8bee9d49f043fd115b710b202138209a51a7"], "path": "%SystemRoot%\\SysWOW64\\ijplojav"}, {"hashes": ["52f7941f779a31924cbdc50ea92481821281f9ed61e1751689e6d0d77a28b865"], "path": "%SystemRoot%\\SysWOW64\\ghnjmhyt"}, {"hashes": ["685db303322dd68e66a46447b37022cdc4d0000576cad05eef5234eb09dc9f31"], "path": "%SystemRoot%\\SysWOW64\\qrxtwrid"}, {"hashes": ["685db303322dd68e66a46447b37022cdc4d0000576cad05eef5234eb09dc9f31"], "path": "%TEMP%\\dsgdwcyb.exe"}, {"hashes": ["942b61d7f36de871315070d6b89f8bee9d49f043fd115b710b202138209a51a7"], "path": "%TEMP%\\gnnrscmx.exe"}, {"hashes": ["52f7941f779a31924cbdc50ea92481821281f9ed61e1751689e6d0d77a28b865"], "path": "%TEMP%\\ysizcadm.exe"}], "ip": [{"hashes": ["52f7941f779a31924cbdc50ea92481821281f9ed61e1751689e6d0d77a28b865", "685db303322dd68e66a46447b37022cdc4d0000576cad05eef5234eb09dc9f31", "942b61d7f36de871315070d6b89f8bee9d49f043fd115b710b202138209a51a7"], "ip": "31[.]13[.]65[.]52"}, {"hashes": ["52f7941f779a31924cbdc50ea92481821281f9ed61e1751689e6d0d77a28b865", "685db303322dd68e66a46447b37022cdc4d0000576cad05eef5234eb09dc9f31", "942b61d7f36de871315070d6b89f8bee9d49f043fd115b710b202138209a51a7"], "ip": "176[.]113[.]115[.]136"}, {"hashes": ["52f7941f779a31924cbdc50ea92481821281f9ed61e1751689e6d0d77a28b865", "685db303322dd68e66a46447b37022cdc4d0000576cad05eef5234eb09dc9f31", "942b61d7f36de871315070d6b89f8bee9d49f043fd115b710b202138209a51a7"], "ip": "80[.]66[.]75[.]4"}, {"hashes": ["52f7941f779a31924cbdc50ea92481821281f9ed61e1751689e6d0d77a28b865", "685db303322dd68e66a46447b37022cdc4d0000576cad05eef5234eb09dc9f31", "942b61d7f36de871315070d6b89f8bee9d49f043fd115b710b202138209a51a7"], "ip": "176[.]113[.]115[.]154/31"}, {"hashes": ["52f7941f779a31924cbdc50ea92481821281f9ed61e1751689e6d0d77a28b865", "685db303322dd68e66a46447b37022cdc4d0000576cad05eef5234eb09dc9f31", "942b61d7f36de871315070d6b89f8bee9d49f043fd115b710b202138209a51a7"], "ip": "176[.]113[.]115[.]158"}, {"hashes": ["52f7941f779a31924cbdc50ea92481821281f9ed61e1751689e6d0d77a28b865", "685db303322dd68e66a46447b37022cdc4d0000576cad05eef5234eb09dc9f31", "942b61d7f36de871315070d6b89f8bee9d49f043fd115b710b202138209a51a7"], "ip": "176[.]113[.]115[.]239"}, {"hashes": ["52f7941f779a31924cbdc50ea92481821281f9ed61e1751689e6d0d77a28b865", "685db303322dd68e66a46447b37022cdc4d0000576cad05eef5234eb09dc9f31", "942b61d7f36de871315070d6b89f8bee9d49f043fd115b710b202138209a51a7"], "ip": "176[.]113[.]115[.]135"}, {"hashes": ["685db303322dd68e66a46447b37022cdc4d0000576cad05eef5234eb09dc9f31", "942b61d7f36de871315070d6b89f8bee9d49f043fd115b710b202138209a51a7"], "ip": "94[.]100[.]180[.]90"}, {"hashes": ["685db303322dd68e66a46447b37022cdc4d0000576cad05eef5234eb09dc9f31", "942b61d7f36de871315070d6b89f8bee9d49f043fd115b710b202138209a51a7"], "ip": "31[.]13[.]65[.]174"}, {"hashes": ["52f7941f779a31924cbdc50ea92481821281f9ed61e1751689e6d0d77a28b865", "685db303322dd68e66a46447b37022cdc4d0000576cad05eef5234eb09dc9f31"], "ip": "77[.]88[.]21[.]125"}, {"hashes": ["52f7941f779a31924cbdc50ea92481821281f9ed61e1751689e6d0d77a28b865", "685db303322dd68e66a46447b37022cdc4d0000576cad05eef5234eb09dc9f31"], "ip": "212[.]42[.]75[.]240"}, {"hashes": ["685db303322dd68e66a46447b37022cdc4d0000576cad05eef5234eb09dc9f31", "942b61d7f36de871315070d6b89f8bee9d49f043fd115b710b202138209a51a7"], "ip": "52[.]223[.]241[.]7"}, {"hashes": ["52f7941f779a31924cbdc50ea92481821281f9ed61e1751689e6d0d77a28b865", "685db303322dd68e66a46447b37022cdc4d0000576cad05eef5234eb09dc9f31"], "ip": "40[.]93[.]207[.]0"}, {"hashes": ["685db303322dd68e66a46447b37022cdc4d0000576cad05eef5234eb09dc9f31", "942b61d7f36de871315070d6b89f8bee9d49f043fd115b710b202138209a51a7"], "ip": "142[.]250[.]176[.]196"}, {"hashes": ["685db303322dd68e66a46447b37022cdc4d0000576cad05eef5234eb09dc9f31", "942b61d7f36de871315070d6b89f8bee9d49f043fd115b710b202138209a51a7"], "ip": "142[.]251[.]35[.]163"}, {"hashes": ["52f7941f779a31924cbdc50ea92481821281f9ed61e1751689e6d0d77a28b865", "942b61d7f36de871315070d6b89f8bee9d49f043fd115b710b202138209a51a7"], "ip": "20[.]53[.]203[.]50"}, {"hashes": ["685db303322dd68e66a46447b37022cdc4d0000576cad05eef5234eb09dc9f31", "942b61d7f36de871315070d6b89f8bee9d49f043fd115b710b202138209a51a7"], "ip": "141[.]8[.]193[.]185"}, {"hashes": ["685db303322dd68e66a46447b37022cdc4d0000576cad05eef5234eb09dc9f31"], "ip": "23[.]3[.]13[.]35"}, {"hashes": ["52f7941f779a31924cbdc50ea92481821281f9ed61e1751689e6d0d77a28b865"], "ip": "66[.]254[.]114[.]41"}, {"hashes": ["52f7941f779a31924cbdc50ea92481821281f9ed61e1751689e6d0d77a28b865"], "ip": "40[.]97[.]188[.]2"}, {"hashes": ["52f7941f779a31924cbdc50ea92481821281f9ed61e1751689e6d0d77a28b865"], "ip": "200[.]147[.]36[.]76"}, {"hashes": ["52f7941f779a31924cbdc50ea92481821281f9ed61e1751689e6d0d77a28b865"], "ip": "104[.]47[.]18[.]97"}, {"hashes": ["942b61d7f36de871315070d6b89f8bee9d49f043fd115b710b202138209a51a7"], "ip": "104[.]23[.]141[.]25"}, {"hashes": ["942b61d7f36de871315070d6b89f8bee9d49f043fd115b710b202138209a51a7"], "ip": "104[.]23[.]139[.]25"}, {"hashes": ["942b61d7f36de871315070d6b89f8bee9d49f043fd115b710b202138209a51a7"], "ip": "104[.]23[.]143[.]25"}, {"hashes": ["685db303322dd68e66a46447b37022cdc4d0000576cad05eef5234eb09dc9f31"], "ip": "20[.]81[.]111[.]85"}, {"hashes": ["942b61d7f36de871315070d6b89f8bee9d49f043fd115b710b202138209a51a7"], "ip": "52[.]101[.]40[.]29"}, {"hashes": ["685db303322dd68e66a46447b37022cdc4d0000576cad05eef5234eb09dc9f31"], "ip": "209[.]140[.]139[.]232"}, {"hashes": ["685db303322dd68e66a46447b37022cdc4d0000576cad05eef5234eb09dc9f31"], "ip": "76[.]13[.]33[.]38"}, {"hashes": ["685db303322dd68e66a46447b37022cdc4d0000576cad05eef5234eb09dc9f31"], "ip": "67[.]195[.]176[.]152"}, {"hashes": ["52f7941f779a31924cbdc50ea92481821281f9ed61e1751689e6d0d77a28b865"], "ip": "34[.]91[.]161[.]171"}, {"hashes": ["52f7941f779a31924cbdc50ea92481821281f9ed61e1751689e6d0d77a28b865"], "ip": "80[.]66[.]64[.]123"}, {"hashes": ["52f7941f779a31924cbdc50ea92481821281f9ed61e1751689e6d0d77a28b865"], "ip": "173[.]194[.]215[.]105"}, {"hashes": ["52f7941f779a31924cbdc50ea92481821281f9ed61e1751689e6d0d77a28b865"], "ip": "161[.]97[.]131[.]139"}, {"hashes": ["685db303322dd68e66a46447b37022cdc4d0000576cad05eef5234eb09dc9f31"], "ip": "23[.]198[.]217[.]127"}], "mutex": [{"hashes": ["52d043fde53ca1f8206e8cccec0a6202608927cbe1ccc66c897ce7806e0bb8db", "573c4a98edae30752a2a3153796707b149bd8fefe265509e6a4e95e64a00edde", "6017f05c453161374cfd6f9729b6b2e12d5e22f34e64c854700aeba843e512b4", "8b945dac10d16c2f76a20b497a392f9782768d4ec233c38890c5b4e4d347b7e0", "8c766a9efc8d743b072044be56b41a98eaa0750d17bd9940fd334423bf4163d5", "a8dab16a73c683ced6a88ba70b1b3fba1d06d5c214e3b8a534b69c49ceab3bac", "b7371868a517e14b30fc12515aa5dfea39f3786ce1a14b0061815d462302eebe", "dd14921b8274f08aebcfe6d02359191fec130e13feffbde9b4cb88f9810bc10b"], "name": "Global\\<random guid>"}], "registry": [{"hashes": ["52f7941f779a31924cbdc50ea92481821281f9ed61e1751689e6d0d77a28b865", "685db303322dd68e66a46447b37022cdc4d0000576cad05eef5234eb09dc9f31", "942b61d7f36de871315070d6b89f8bee9d49f043fd115b710b202138209a51a7"], "key": "<HKU>\\.DEFAULT\\CONTROL PANEL\\BUSES", "value_name": null}, {"hashes": ["52f7941f779a31924cbdc50ea92481821281f9ed61e1751689e6d0d77a28b865", "685db303322dd68e66a46447b37022cdc4d0000576cad05eef5234eb09dc9f31", "942b61d7f36de871315070d6b89f8bee9d49f043fd115b710b202138209a51a7"], "key": "<HKU>\\.DEFAULT\\CONTROL PANEL\\BUSES", "value_name": "Config2"}, {"hashes": ["52f7941f779a31924cbdc50ea92481821281f9ed61e1751689e6d0d77a28b865", "685db303322dd68e66a46447b37022cdc4d0000576cad05eef5234eb09dc9f31", "942b61d7f36de871315070d6b89f8bee9d49f043fd115b710b202138209a51a7"], "key": "<HKU>\\.DEFAULT\\CONTROL PANEL\\BUSES", "value_name": "Config1"}, {"hashes": ["52f7941f779a31924cbdc50ea92481821281f9ed61e1751689e6d0d77a28b865", "685db303322dd68e66a46447b37022cdc4d0000576cad05eef5234eb09dc9f31", "942b61d7f36de871315070d6b89f8bee9d49f043fd115b710b202138209a51a7"], "key": "<HKU>\\.DEFAULT\\CONTROL PANEL\\BUSES", "value_name": "Config0"}, {"hashes": ["942b61d7f36de871315070d6b89f8bee9d49f043fd115b710b202138209a51a7"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\IJPLOJAV", "value_name": "Type"}, {"hashes": ["942b61d7f36de871315070d6b89f8bee9d49f043fd115b710b202138209a51a7"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\IJPLOJAV", "value_name": "Start"}, {"hashes": ["942b61d7f36de871315070d6b89f8bee9d49f043fd115b710b202138209a51a7"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\IJPLOJAV", "value_name": "ErrorControl"}, {"hashes": ["942b61d7f36de871315070d6b89f8bee9d49f043fd115b710b202138209a51a7"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\IJPLOJAV", "value_name": "DisplayName"}, {"hashes": ["942b61d7f36de871315070d6b89f8bee9d49f043fd115b710b202138209a51a7"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\IJPLOJAV", "value_name": "WOW64"}, {"hashes": ["52f7941f779a31924cbdc50ea92481821281f9ed61e1751689e6d0d77a28b865"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\GHNJMHYT", "value_name": null}, {"hashes": ["942b61d7f36de871315070d6b89f8bee9d49f043fd115b710b202138209a51a7"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\IJPLOJAV", "value_name": "ObjectName"}, {"hashes": ["942b61d7f36de871315070d6b89f8bee9d49f043fd115b710b202138209a51a7"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\IJPLOJAV", "value_name": "Description"}, {"hashes": ["52f7941f779a31924cbdc50ea92481821281f9ed61e1751689e6d0d77a28b865"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\GHNJMHYT", "value_name": "Type"}, {"hashes": ["52f7941f779a31924cbdc50ea92481821281f9ed61e1751689e6d0d77a28b865"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\GHNJMHYT", "value_name": "Start"}, {"hashes": ["52f7941f779a31924cbdc50ea92481821281f9ed61e1751689e6d0d77a28b865"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\GHNJMHYT", "value_name": "ErrorControl"}, {"hashes": ["52f7941f779a31924cbdc50ea92481821281f9ed61e1751689e6d0d77a28b865"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\GHNJMHYT", "value_name": "DisplayName"}, {"hashes": ["52f7941f779a31924cbdc50ea92481821281f9ed61e1751689e6d0d77a28b865"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\GHNJMHYT", "value_name": "WOW64"}, {"hashes": ["52f7941f779a31924cbdc50ea92481821281f9ed61e1751689e6d0d77a28b865"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\GHNJMHYT", "value_name": "ObjectName"}, {"hashes": ["52f7941f779a31924cbdc50ea92481821281f9ed61e1751689e6d0d77a28b865"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\GHNJMHYT", "value_name": "Description"}, {"hashes": ["942b61d7f36de871315070d6b89f8bee9d49f043fd115b710b202138209a51a7"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS DEFENDER\\EXCLUSIONS\\PATHS", "value_name": "C:\\Windows\\SysWOW64\\ijplojav"}, {"hashes": ["52f7941f779a31924cbdc50ea92481821281f9ed61e1751689e6d0d77a28b865"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS DEFENDER\\EXCLUSIONS\\PATHS", "value_name": "C:\\Windows\\SysWOW64\\ghnjmhyt"}, {"hashes": ["685db303322dd68e66a46447b37022cdc4d0000576cad05eef5234eb09dc9f31"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\QRXTWRID", "value_name": null}, {"hashes": ["685db303322dd68e66a46447b37022cdc4d0000576cad05eef5234eb09dc9f31"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\QRXTWRID", "value_name": "Type"}, {"hashes": ["685db303322dd68e66a46447b37022cdc4d0000576cad05eef5234eb09dc9f31"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\QRXTWRID", "value_name": "Start"}, {"hashes": ["685db303322dd68e66a46447b37022cdc4d0000576cad05eef5234eb09dc9f31"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\QRXTWRID", "value_name": "ErrorControl"}, {"hashes": ["685db303322dd68e66a46447b37022cdc4d0000576cad05eef5234eb09dc9f31"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\QRXTWRID", "value_name": "DisplayName"}, {"hashes": ["685db303322dd68e66a46447b37022cdc4d0000576cad05eef5234eb09dc9f31"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\QRXTWRID", "value_name": "WOW64"}, {"hashes": ["685db303322dd68e66a46447b37022cdc4d0000576cad05eef5234eb09dc9f31"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\QRXTWRID", "value_name": "ObjectName"}, {"hashes": ["685db303322dd68e66a46447b37022cdc4d0000576cad05eef5234eb09dc9f31"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\QRXTWRID", "value_name": "Description"}, {"hashes": ["685db303322dd68e66a46447b37022cdc4d0000576cad05eef5234eb09dc9f31"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS DEFENDER\\EXCLUSIONS\\PATHS", "value_name": "C:\\Windows\\SysWOW64\\qrxtwrid"}, {"hashes": ["52f7941f779a31924cbdc50ea92481821281f9ed61e1751689e6d0d77a28b865"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\GHNJMHYT", "value_name": "ImagePath"}, {"hashes": ["942b61d7f36de871315070d6b89f8bee9d49f043fd115b710b202138209a51a7"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\IJPLOJAV", "value_name": "ImagePath"}, {"hashes": ["685db303322dd68e66a46447b37022cdc4d0000576cad05eef5234eb09dc9f31"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\QRXTWRID", "value_name": "ImagePath"}]}, "reports_count": 18}, "exprev": [], "info": {"origin": "Cisco Talos Intelligence Group", "publication_date": "2023-01-27T19:17:24+00:00", "version": "2.1", "warning": "As a reminder, the information provided for the following threatsin this post is non-exhaustive and current as of the date ofpublication. Additionally, please keep in mind that IOC searchingis only one part of threat hunting. Spotting a single IOC does notnecessarily indicate maliciousness. Detection and coverage for thefollowing threats is subject to updates, pending additional threator vulnerability analysis. For the most current information, pleaserefer to your Firepower Management Center, Snort.org, or ClamAV.net."}, "signatures": ["Win.Dropper.HawkEye-9984948-0", "Win.Dropper.Zegost-9984959-1", "Win.Ransomware.TeslaCrypt-9985040-0", "Win.Ransomware.Tofsee-9985077-0", "Win.Dropper.Zeus-9985129-0", "Win.Dropper.LokiBot-9985173-0", "Win.Dropper.Nanocore-9985222-0", "Win.Ransomware.Cerber-9985289-0", "Win.Dropper.Bifrost-9985293-0"]}