{"Win.Dropper.Formbook-9987985-0": {"bis": [{"bi": "pe-encrypted-section", "hashes": ["56f1040045ad7e244e7825dfb1c8d6a4714811511cc4c72d73d5c13c7411a168", "2ffc755ae132cc543efb894bc94596f4beff9820abe8311c2f4dbc4efd7fc240", "694b9ea09a47c2f24b47c60ddff0a0537828e8ba964c0ad0045b9862bce37d42", "88e39d27b4ea76f3413a5561e71b3360f79de3c8025a0357b6dfc6764a721a39", "a20d6f1b2ff848088c1a588170ad1a1d726af6bb6a929c31ddf4cfc0e9e76a5f", "1f990c973ea05f2f378b060bcaa6a722c76533317b5700215684ea89f4307a11", "43016c15520ced69adc74938c0dca2d675bc29450e55e70c617e423f30a0286b", "6afc0810fb38206252dacd24b06fe2deab975c9ba917d1e113a7abaed82d93f7", "a63e0773595f36b7ada59361abb3b0df6bf684188170da64325f7224265ecc62", "3b88eba319371131abc7c71ec3420a71045c3ddd7394ab2ee5a037449f5ca244", "9daf1c68275ccf2f41c0772e712cb4549ec1d1e2aeda2ed8d64b1e4179f89bb5", "3c0682e45d8c2b7127d90becc7354fea3928a6d3e981de82de8dd30c68766c99", "aa42eafab66c88f070520fe3dbfdb60c53f8539630f57111c0201729b29b8e31", "8fa69958e1c3bb6964ce4f56bc4ca621c19a4902ed59872291f5727c2f0e0432", "851b20d33b8210f3d20ab4694011a0858eeb745e248a768c1e4c214efb59464b", "1b884968467e50db56279a3d7058f96734186cdab01f51f29616babff72e5332", "1e170d4925f50729c424e977db1cc81e86ca14305a7b8634d55bbe5265932f1d", "5773fe5fe72f07ad3c3547c3d37169d78e65afa28163f960e8eedf620b8d94b4", "4aa831832b7ebd8961bdd8acd7146c934a7f0fb05850bf1a48abd91144b81865", "3ceb374ef6968ff23e46095580a01e00eb2fa28512a04a643b97ba99eb5824cb", "39f92d325132b3785dfc0c8344b9b56f6f15d91fc37f1d901fa4f4bc6b5ec2cb", "076951d55cc7d2bb25fe038497044c8743acc25898b7fde670c5da27d1a52cb4", "c0e79df1a3c99ac22bb6ead55904af95d69e740a4c570d545335e6d74a41c8cb", "52579747e239df7738d31f9ff12669eadb6729fd8a3983b77f3a0bc772ce9714", "331a2f20c2ac3630e787c3124c2d23c329bafd0cd058b6ee0b101dedcb7594a7"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "memory-execute-readwrite", "hashes": ["56f1040045ad7e244e7825dfb1c8d6a4714811511cc4c72d73d5c13c7411a168", "2ffc755ae132cc543efb894bc94596f4beff9820abe8311c2f4dbc4efd7fc240", "694b9ea09a47c2f24b47c60ddff0a0537828e8ba964c0ad0045b9862bce37d42", "88e39d27b4ea76f3413a5561e71b3360f79de3c8025a0357b6dfc6764a721a39", "a20d6f1b2ff848088c1a588170ad1a1d726af6bb6a929c31ddf4cfc0e9e76a5f", "1f990c973ea05f2f378b060bcaa6a722c76533317b5700215684ea89f4307a11", "43016c15520ced69adc74938c0dca2d675bc29450e55e70c617e423f30a0286b", "6afc0810fb38206252dacd24b06fe2deab975c9ba917d1e113a7abaed82d93f7", "a63e0773595f36b7ada59361abb3b0df6bf684188170da64325f7224265ecc62", "3b88eba319371131abc7c71ec3420a71045c3ddd7394ab2ee5a037449f5ca244", "9daf1c68275ccf2f41c0772e712cb4549ec1d1e2aeda2ed8d64b1e4179f89bb5", "3c0682e45d8c2b7127d90becc7354fea3928a6d3e981de82de8dd30c68766c99", "aa42eafab66c88f070520fe3dbfdb60c53f8539630f57111c0201729b29b8e31", "8fa69958e1c3bb6964ce4f56bc4ca621c19a4902ed59872291f5727c2f0e0432", "851b20d33b8210f3d20ab4694011a0858eeb745e248a768c1e4c214efb59464b", "1b884968467e50db56279a3d7058f96734186cdab01f51f29616babff72e5332", "1e170d4925f50729c424e977db1cc81e86ca14305a7b8634d55bbe5265932f1d", "5773fe5fe72f07ad3c3547c3d37169d78e65afa28163f960e8eedf620b8d94b4", "4aa831832b7ebd8961bdd8acd7146c934a7f0fb05850bf1a48abd91144b81865", "3ceb374ef6968ff23e46095580a01e00eb2fa28512a04a643b97ba99eb5824cb", "39f92d325132b3785dfc0c8344b9b56f6f15d91fc37f1d901fa4f4bc6b5ec2cb", "076951d55cc7d2bb25fe038497044c8743acc25898b7fde670c5da27d1a52cb4", "c0e79df1a3c99ac22bb6ead55904af95d69e740a4c570d545335e6d74a41c8cb", "52579747e239df7738d31f9ff12669eadb6729fd8a3983b77f3a0bc772ce9714", "331a2f20c2ac3630e787c3124c2d23c329bafd0cd058b6ee0b101dedcb7594a7"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["56f1040045ad7e244e7825dfb1c8d6a4714811511cc4c72d73d5c13c7411a168", "2ffc755ae132cc543efb894bc94596f4beff9820abe8311c2f4dbc4efd7fc240", "694b9ea09a47c2f24b47c60ddff0a0537828e8ba964c0ad0045b9862bce37d42", "88e39d27b4ea76f3413a5561e71b3360f79de3c8025a0357b6dfc6764a721a39", "a20d6f1b2ff848088c1a588170ad1a1d726af6bb6a929c31ddf4cfc0e9e76a5f", "1f990c973ea05f2f378b060bcaa6a722c76533317b5700215684ea89f4307a11", "43016c15520ced69adc74938c0dca2d675bc29450e55e70c617e423f30a0286b", "6afc0810fb38206252dacd24b06fe2deab975c9ba917d1e113a7abaed82d93f7", "a63e0773595f36b7ada59361abb3b0df6bf684188170da64325f7224265ecc62", "3b88eba319371131abc7c71ec3420a71045c3ddd7394ab2ee5a037449f5ca244", "9daf1c68275ccf2f41c0772e712cb4549ec1d1e2aeda2ed8d64b1e4179f89bb5", "3c0682e45d8c2b7127d90becc7354fea3928a6d3e981de82de8dd30c68766c99", "aa42eafab66c88f070520fe3dbfdb60c53f8539630f57111c0201729b29b8e31", "8fa69958e1c3bb6964ce4f56bc4ca621c19a4902ed59872291f5727c2f0e0432", "851b20d33b8210f3d20ab4694011a0858eeb745e248a768c1e4c214efb59464b", "1b884968467e50db56279a3d7058f96734186cdab01f51f29616babff72e5332", "1e170d4925f50729c424e977db1cc81e86ca14305a7b8634d55bbe5265932f1d", "5773fe5fe72f07ad3c3547c3d37169d78e65afa28163f960e8eedf620b8d94b4", "4aa831832b7ebd8961bdd8acd7146c934a7f0fb05850bf1a48abd91144b81865", "3ceb374ef6968ff23e46095580a01e00eb2fa28512a04a643b97ba99eb5824cb", "39f92d325132b3785dfc0c8344b9b56f6f15d91fc37f1d901fa4f4bc6b5ec2cb", "076951d55cc7d2bb25fe038497044c8743acc25898b7fde670c5da27d1a52cb4", "c0e79df1a3c99ac22bb6ead55904af95d69e740a4c570d545335e6d74a41c8cb", "52579747e239df7738d31f9ff12669eadb6729fd8a3983b77f3a0bc772ce9714", "331a2f20c2ac3630e787c3124c2d23c329bafd0cd058b6ee0b101dedcb7594a7"], "mitre_attack_tags": []}, {"bi": "excessive-foreign-memory-modification", "hashes": ["56f1040045ad7e244e7825dfb1c8d6a4714811511cc4c72d73d5c13c7411a168", "2ffc755ae132cc543efb894bc94596f4beff9820abe8311c2f4dbc4efd7fc240", "694b9ea09a47c2f24b47c60ddff0a0537828e8ba964c0ad0045b9862bce37d42", "88e39d27b4ea76f3413a5561e71b3360f79de3c8025a0357b6dfc6764a721a39", "a20d6f1b2ff848088c1a588170ad1a1d726af6bb6a929c31ddf4cfc0e9e76a5f", "1f990c973ea05f2f378b060bcaa6a722c76533317b5700215684ea89f4307a11", "43016c15520ced69adc74938c0dca2d675bc29450e55e70c617e423f30a0286b", "6afc0810fb38206252dacd24b06fe2deab975c9ba917d1e113a7abaed82d93f7", "a63e0773595f36b7ada59361abb3b0df6bf684188170da64325f7224265ecc62", "3b88eba319371131abc7c71ec3420a71045c3ddd7394ab2ee5a037449f5ca244", "9daf1c68275ccf2f41c0772e712cb4549ec1d1e2aeda2ed8d64b1e4179f89bb5", "3c0682e45d8c2b7127d90becc7354fea3928a6d3e981de82de8dd30c68766c99", "aa42eafab66c88f070520fe3dbfdb60c53f8539630f57111c0201729b29b8e31", "8fa69958e1c3bb6964ce4f56bc4ca621c19a4902ed59872291f5727c2f0e0432", "851b20d33b8210f3d20ab4694011a0858eeb745e248a768c1e4c214efb59464b", "1b884968467e50db56279a3d7058f96734186cdab01f51f29616babff72e5332", "1e170d4925f50729c424e977db1cc81e86ca14305a7b8634d55bbe5265932f1d", "5773fe5fe72f07ad3c3547c3d37169d78e65afa28163f960e8eedf620b8d94b4", "4aa831832b7ebd8961bdd8acd7146c934a7f0fb05850bf1a48abd91144b81865", "3ceb374ef6968ff23e46095580a01e00eb2fa28512a04a643b97ba99eb5824cb", "39f92d325132b3785dfc0c8344b9b56f6f15d91fc37f1d901fa4f4bc6b5ec2cb", "076951d55cc7d2bb25fe038497044c8743acc25898b7fde670c5da27d1a52cb4", "c0e79df1a3c99ac22bb6ead55904af95d69e740a4c570d545335e6d74a41c8cb", "52579747e239df7738d31f9ff12669eadb6729fd8a3983b77f3a0bc772ce9714", "331a2f20c2ac3630e787c3124c2d23c329bafd0cd058b6ee0b101dedcb7594a7"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "pe-uses-dot-net", "hashes": ["56f1040045ad7e244e7825dfb1c8d6a4714811511cc4c72d73d5c13c7411a168", "2ffc755ae132cc543efb894bc94596f4beff9820abe8311c2f4dbc4efd7fc240", "694b9ea09a47c2f24b47c60ddff0a0537828e8ba964c0ad0045b9862bce37d42", "88e39d27b4ea76f3413a5561e71b3360f79de3c8025a0357b6dfc6764a721a39", "a20d6f1b2ff848088c1a588170ad1a1d726af6bb6a929c31ddf4cfc0e9e76a5f", "1f990c973ea05f2f378b060bcaa6a722c76533317b5700215684ea89f4307a11", "43016c15520ced69adc74938c0dca2d675bc29450e55e70c617e423f30a0286b", "6afc0810fb38206252dacd24b06fe2deab975c9ba917d1e113a7abaed82d93f7", "a63e0773595f36b7ada59361abb3b0df6bf684188170da64325f7224265ecc62", "3b88eba319371131abc7c71ec3420a71045c3ddd7394ab2ee5a037449f5ca244", "9daf1c68275ccf2f41c0772e712cb4549ec1d1e2aeda2ed8d64b1e4179f89bb5", "3c0682e45d8c2b7127d90becc7354fea3928a6d3e981de82de8dd30c68766c99", "aa42eafab66c88f070520fe3dbfdb60c53f8539630f57111c0201729b29b8e31", "8fa69958e1c3bb6964ce4f56bc4ca621c19a4902ed59872291f5727c2f0e0432", "851b20d33b8210f3d20ab4694011a0858eeb745e248a768c1e4c214efb59464b", "1b884968467e50db56279a3d7058f96734186cdab01f51f29616babff72e5332", "1e170d4925f50729c424e977db1cc81e86ca14305a7b8634d55bbe5265932f1d", "5773fe5fe72f07ad3c3547c3d37169d78e65afa28163f960e8eedf620b8d94b4", "4aa831832b7ebd8961bdd8acd7146c934a7f0fb05850bf1a48abd91144b81865", "3ceb374ef6968ff23e46095580a01e00eb2fa28512a04a643b97ba99eb5824cb", "39f92d325132b3785dfc0c8344b9b56f6f15d91fc37f1d901fa4f4bc6b5ec2cb", "076951d55cc7d2bb25fe038497044c8743acc25898b7fde670c5da27d1a52cb4", "c0e79df1a3c99ac22bb6ead55904af95d69e740a4c570d545335e6d74a41c8cb", "52579747e239df7738d31f9ff12669eadb6729fd8a3983b77f3a0bc772ce9714", "331a2f20c2ac3630e787c3124c2d23c329bafd0cd058b6ee0b101dedcb7594a7"], "mitre_attack_tags": []}, {"bi": "sample-launched-copy-of-self", "hashes": ["56f1040045ad7e244e7825dfb1c8d6a4714811511cc4c72d73d5c13c7411a168", "2ffc755ae132cc543efb894bc94596f4beff9820abe8311c2f4dbc4efd7fc240", "694b9ea09a47c2f24b47c60ddff0a0537828e8ba964c0ad0045b9862bce37d42", "88e39d27b4ea76f3413a5561e71b3360f79de3c8025a0357b6dfc6764a721a39", "1f990c973ea05f2f378b060bcaa6a722c76533317b5700215684ea89f4307a11", "6afc0810fb38206252dacd24b06fe2deab975c9ba917d1e113a7abaed82d93f7", "a63e0773595f36b7ada59361abb3b0df6bf684188170da64325f7224265ecc62", "9daf1c68275ccf2f41c0772e712cb4549ec1d1e2aeda2ed8d64b1e4179f89bb5", "8fa69958e1c3bb6964ce4f56bc4ca621c19a4902ed59872291f5727c2f0e0432", "851b20d33b8210f3d20ab4694011a0858eeb745e248a768c1e4c214efb59464b", "1b884968467e50db56279a3d7058f96734186cdab01f51f29616babff72e5332", "1e170d4925f50729c424e977db1cc81e86ca14305a7b8634d55bbe5265932f1d", "5773fe5fe72f07ad3c3547c3d37169d78e65afa28163f960e8eedf620b8d94b4", "4aa831832b7ebd8961bdd8acd7146c934a7f0fb05850bf1a48abd91144b81865", "3ceb374ef6968ff23e46095580a01e00eb2fa28512a04a643b97ba99eb5824cb", "39f92d325132b3785dfc0c8344b9b56f6f15d91fc37f1d901fa4f4bc6b5ec2cb", "076951d55cc7d2bb25fe038497044c8743acc25898b7fde670c5da27d1a52cb4", "c0e79df1a3c99ac22bb6ead55904af95d69e740a4c570d545335e6d74a41c8cb", "52579747e239df7738d31f9ff12669eadb6729fd8a3983b77f3a0bc772ce9714", "331a2f20c2ac3630e787c3124c2d23c329bafd0cd058b6ee0b101dedcb7594a7"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "file-ini-read", "hashes": ["2ffc755ae132cc543efb894bc94596f4beff9820abe8311c2f4dbc4efd7fc240", "88e39d27b4ea76f3413a5561e71b3360f79de3c8025a0357b6dfc6764a721a39", "a20d6f1b2ff848088c1a588170ad1a1d726af6bb6a929c31ddf4cfc0e9e76a5f", "43016c15520ced69adc74938c0dca2d675bc29450e55e70c617e423f30a0286b", "6afc0810fb38206252dacd24b06fe2deab975c9ba917d1e113a7abaed82d93f7", "9daf1c68275ccf2f41c0772e712cb4549ec1d1e2aeda2ed8d64b1e4179f89bb5", "aa42eafab66c88f070520fe3dbfdb60c53f8539630f57111c0201729b29b8e31", "1b884968467e50db56279a3d7058f96734186cdab01f51f29616babff72e5332", "1e170d4925f50729c424e977db1cc81e86ca14305a7b8634d55bbe5265932f1d", "5773fe5fe72f07ad3c3547c3d37169d78e65afa28163f960e8eedf620b8d94b4", "52579747e239df7738d31f9ff12669eadb6729fd8a3983b77f3a0bc772ce9714"], "mitre_attack_tags": []}, {"bi": "windows-vault-api", "hashes": ["2ffc755ae132cc543efb894bc94596f4beff9820abe8311c2f4dbc4efd7fc240", "88e39d27b4ea76f3413a5561e71b3360f79de3c8025a0357b6dfc6764a721a39", "a20d6f1b2ff848088c1a588170ad1a1d726af6bb6a929c31ddf4cfc0e9e76a5f", "43016c15520ced69adc74938c0dca2d675bc29450e55e70c617e423f30a0286b", "6afc0810fb38206252dacd24b06fe2deab975c9ba917d1e113a7abaed82d93f7", "9daf1c68275ccf2f41c0772e712cb4549ec1d1e2aeda2ed8d64b1e4179f89bb5", "aa42eafab66c88f070520fe3dbfdb60c53f8539630f57111c0201729b29b8e31", "1b884968467e50db56279a3d7058f96734186cdab01f51f29616babff72e5332", "1e170d4925f50729c424e977db1cc81e86ca14305a7b8634d55bbe5265932f1d", "5773fe5fe72f07ad3c3547c3d37169d78e65afa28163f960e8eedf620b8d94b4", "52579747e239df7738d31f9ff12669eadb6729fd8a3983b77f3a0bc772ce9714"], "mitre_attack_tags": ["TA0006", "T1003", "T1555"]}, {"bi": "firefox-password-manager-local-database-access", "hashes": ["2ffc755ae132cc543efb894bc94596f4beff9820abe8311c2f4dbc4efd7fc240", "88e39d27b4ea76f3413a5561e71b3360f79de3c8025a0357b6dfc6764a721a39", "a20d6f1b2ff848088c1a588170ad1a1d726af6bb6a929c31ddf4cfc0e9e76a5f", "43016c15520ced69adc74938c0dca2d675bc29450e55e70c617e423f30a0286b", "6afc0810fb38206252dacd24b06fe2deab975c9ba917d1e113a7abaed82d93f7", "9daf1c68275ccf2f41c0772e712cb4549ec1d1e2aeda2ed8d64b1e4179f89bb5", "aa42eafab66c88f070520fe3dbfdb60c53f8539630f57111c0201729b29b8e31", "1b884968467e50db56279a3d7058f96734186cdab01f51f29616babff72e5332", "1e170d4925f50729c424e977db1cc81e86ca14305a7b8634d55bbe5265932f1d", "5773fe5fe72f07ad3c3547c3d37169d78e65afa28163f960e8eedf620b8d94b4", "52579747e239df7738d31f9ff12669eadb6729fd8a3983b77f3a0bc772ce9714"], "mitre_attack_tags": ["TA0006", "T1003"]}, {"bi": "enumeration-browser-information", "hashes": ["2ffc755ae132cc543efb894bc94596f4beff9820abe8311c2f4dbc4efd7fc240", "88e39d27b4ea76f3413a5561e71b3360f79de3c8025a0357b6dfc6764a721a39", "a20d6f1b2ff848088c1a588170ad1a1d726af6bb6a929c31ddf4cfc0e9e76a5f", "43016c15520ced69adc74938c0dca2d675bc29450e55e70c617e423f30a0286b", "6afc0810fb38206252dacd24b06fe2deab975c9ba917d1e113a7abaed82d93f7", "9daf1c68275ccf2f41c0772e712cb4549ec1d1e2aeda2ed8d64b1e4179f89bb5", "aa42eafab66c88f070520fe3dbfdb60c53f8539630f57111c0201729b29b8e31", "1b884968467e50db56279a3d7058f96734186cdab01f51f29616babff72e5332", "1e170d4925f50729c424e977db1cc81e86ca14305a7b8634d55bbe5265932f1d", "5773fe5fe72f07ad3c3547c3d37169d78e65afa28163f960e8eedf620b8d94b4", "52579747e239df7738d31f9ff12669eadb6729fd8a3983b77f3a0bc772ce9714"], "mitre_attack_tags": ["TA0007", "TA0009", "TA0006", "T1083", "T1217", "T1005", "T1119", "T1552", "T1539", "T1555"]}, {"bi": "malware-generic-infostealer", "hashes": ["2ffc755ae132cc543efb894bc94596f4beff9820abe8311c2f4dbc4efd7fc240", "88e39d27b4ea76f3413a5561e71b3360f79de3c8025a0357b6dfc6764a721a39", "a20d6f1b2ff848088c1a588170ad1a1d726af6bb6a929c31ddf4cfc0e9e76a5f", "43016c15520ced69adc74938c0dca2d675bc29450e55e70c617e423f30a0286b", "6afc0810fb38206252dacd24b06fe2deab975c9ba917d1e113a7abaed82d93f7", "9daf1c68275ccf2f41c0772e712cb4549ec1d1e2aeda2ed8d64b1e4179f89bb5", "aa42eafab66c88f070520fe3dbfdb60c53f8539630f57111c0201729b29b8e31", "1b884968467e50db56279a3d7058f96734186cdab01f51f29616babff72e5332", "1e170d4925f50729c424e977db1cc81e86ca14305a7b8634d55bbe5265932f1d", "5773fe5fe72f07ad3c3547c3d37169d78e65afa28163f960e8eedf620b8d94b4", "52579747e239df7738d31f9ff12669eadb6729fd8a3983b77f3a0bc772ce9714"], "mitre_attack_tags": ["TA0007", "TA0009", "TA0006", "T1083", "T1005", "T1119", "T1552"]}, {"bi": "modified-file-in-user-dir", "hashes": ["56f1040045ad7e244e7825dfb1c8d6a4714811511cc4c72d73d5c13c7411a168", "2ffc755ae132cc543efb894bc94596f4beff9820abe8311c2f4dbc4efd7fc240", "a20d6f1b2ff848088c1a588170ad1a1d726af6bb6a929c31ddf4cfc0e9e76a5f", "1f990c973ea05f2f378b060bcaa6a722c76533317b5700215684ea89f4307a11", "3b88eba319371131abc7c71ec3420a71045c3ddd7394ab2ee5a037449f5ca244", "3c0682e45d8c2b7127d90becc7354fea3928a6d3e981de82de8dd30c68766c99", "8fa69958e1c3bb6964ce4f56bc4ca621c19a4902ed59872291f5727c2f0e0432", "851b20d33b8210f3d20ab4694011a0858eeb745e248a768c1e4c214efb59464b", "1b884968467e50db56279a3d7058f96734186cdab01f51f29616babff72e5332", "39f92d325132b3785dfc0c8344b9b56f6f15d91fc37f1d901fa4f4bc6b5ec2cb"], "mitre_attack_tags": []}, {"bi": "modified-executable", "hashes": ["56f1040045ad7e244e7825dfb1c8d6a4714811511cc4c72d73d5c13c7411a168", "2ffc755ae132cc543efb894bc94596f4beff9820abe8311c2f4dbc4efd7fc240", "a20d6f1b2ff848088c1a588170ad1a1d726af6bb6a929c31ddf4cfc0e9e76a5f", "3b88eba319371131abc7c71ec3420a71045c3ddd7394ab2ee5a037449f5ca244", "3c0682e45d8c2b7127d90becc7354fea3928a6d3e981de82de8dd30c68766c99", "8fa69958e1c3bb6964ce4f56bc4ca621c19a4902ed59872291f5727c2f0e0432", "851b20d33b8210f3d20ab4694011a0858eeb745e248a768c1e4c214efb59464b", "39f92d325132b3785dfc0c8344b9b56f6f15d91fc37f1d901fa4f4bc6b5ec2cb"], "mitre_attack_tags": []}, {"bi": "created-executable-in-user-dir", "hashes": ["56f1040045ad7e244e7825dfb1c8d6a4714811511cc4c72d73d5c13c7411a168", "2ffc755ae132cc543efb894bc94596f4beff9820abe8311c2f4dbc4efd7fc240", "a20d6f1b2ff848088c1a588170ad1a1d726af6bb6a929c31ddf4cfc0e9e76a5f", "3b88eba319371131abc7c71ec3420a71045c3ddd7394ab2ee5a037449f5ca244", "3c0682e45d8c2b7127d90becc7354fea3928a6d3e981de82de8dd30c68766c99", "8fa69958e1c3bb6964ce4f56bc4ca621c19a4902ed59872291f5727c2f0e0432", "851b20d33b8210f3d20ab4694011a0858eeb745e248a768c1e4c214efb59464b", "39f92d325132b3785dfc0c8344b9b56f6f15d91fc37f1d901fa4f4bc6b5ec2cb"], "mitre_attack_tags": []}, {"bi": "windows-util-schtask", "hashes": ["56f1040045ad7e244e7825dfb1c8d6a4714811511cc4c72d73d5c13c7411a168", "2ffc755ae132cc543efb894bc94596f4beff9820abe8311c2f4dbc4efd7fc240", "3b88eba319371131abc7c71ec3420a71045c3ddd7394ab2ee5a037449f5ca244", "3c0682e45d8c2b7127d90becc7354fea3928a6d3e981de82de8dd30c68766c99", "8fa69958e1c3bb6964ce4f56bc4ca621c19a4902ed59872291f5727c2f0e0432", "851b20d33b8210f3d20ab4694011a0858eeb745e248a768c1e4c214efb59464b", "39f92d325132b3785dfc0c8344b9b56f6f15d91fc37f1d901fa4f4bc6b5ec2cb"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1053"]}, {"bi": "windows-util-schtask-generic", "hashes": ["56f1040045ad7e244e7825dfb1c8d6a4714811511cc4c72d73d5c13c7411a168", "2ffc755ae132cc543efb894bc94596f4beff9820abe8311c2f4dbc4efd7fc240", "3b88eba319371131abc7c71ec3420a71045c3ddd7394ab2ee5a037449f5ca244", "3c0682e45d8c2b7127d90becc7354fea3928a6d3e981de82de8dd30c68766c99", "8fa69958e1c3bb6964ce4f56bc4ca621c19a4902ed59872291f5727c2f0e0432", "851b20d33b8210f3d20ab4694011a0858eeb745e248a768c1e4c214efb59464b", "39f92d325132b3785dfc0c8344b9b56f6f15d91fc37f1d901fa4f4bc6b5ec2cb"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1053"]}, {"bi": "task-pointed-to-appdata-directory", "hashes": ["56f1040045ad7e244e7825dfb1c8d6a4714811511cc4c72d73d5c13c7411a168", "2ffc755ae132cc543efb894bc94596f4beff9820abe8311c2f4dbc4efd7fc240", "3b88eba319371131abc7c71ec3420a71045c3ddd7394ab2ee5a037449f5ca244", "3c0682e45d8c2b7127d90becc7354fea3928a6d3e981de82de8dd30c68766c99", "8fa69958e1c3bb6964ce4f56bc4ca621c19a4902ed59872291f5727c2f0e0432", "851b20d33b8210f3d20ab4694011a0858eeb745e248a768c1e4c214efb59464b", "39f92d325132b3785dfc0c8344b9b56f6f15d91fc37f1d901fa4f4bc6b5ec2cb"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1053"]}, {"bi": "created-executable-sample-appdata", "hashes": ["56f1040045ad7e244e7825dfb1c8d6a4714811511cc4c72d73d5c13c7411a168", "2ffc755ae132cc543efb894bc94596f4beff9820abe8311c2f4dbc4efd7fc240", "3b88eba319371131abc7c71ec3420a71045c3ddd7394ab2ee5a037449f5ca244", "3c0682e45d8c2b7127d90becc7354fea3928a6d3e981de82de8dd30c68766c99", "8fa69958e1c3bb6964ce4f56bc4ca621c19a4902ed59872291f5727c2f0e0432", "851b20d33b8210f3d20ab4694011a0858eeb745e248a768c1e4c214efb59464b", "39f92d325132b3785dfc0c8344b9b56f6f15d91fc37f1d901fa4f4bc6b5ec2cb"], "mitre_attack_tags": ["TA0005", "T1564"]}, {"bi": "dot-net-process-hollowing-detected", "hashes": ["a20d6f1b2ff848088c1a588170ad1a1d726af6bb6a929c31ddf4cfc0e9e76a5f", "43016c15520ced69adc74938c0dca2d675bc29450e55e70c617e423f30a0286b", "3c0682e45d8c2b7127d90becc7354fea3928a6d3e981de82de8dd30c68766c99", "aa42eafab66c88f070520fe3dbfdb60c53f8539630f57111c0201729b29b8e31"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "network-fast-flux-domain", "hashes": ["56f1040045ad7e244e7825dfb1c8d6a4714811511cc4c72d73d5c13c7411a168", "1f990c973ea05f2f378b060bcaa6a722c76533317b5700215684ea89f4307a11", "3c0682e45d8c2b7127d90becc7354fea3928a6d3e981de82de8dd30c68766c99"], "mitre_attack_tags": []}, {"bi": "feed-domain-antivirus-service", "hashes": ["56f1040045ad7e244e7825dfb1c8d6a4714811511cc4c72d73d5c13c7411a168", "3b88eba319371131abc7c71ec3420a71045c3ddd7394ab2ee5a037449f5ca244", "3c0682e45d8c2b7127d90becc7354fea3928a6d3e981de82de8dd30c68766c99"], "mitre_attack_tags": []}, {"bi": "registry-autorun-key-modified", "hashes": ["56f1040045ad7e244e7825dfb1c8d6a4714811511cc4c72d73d5c13c7411a168", "2ffc755ae132cc543efb894bc94596f4beff9820abe8311c2f4dbc4efd7fc240", "a20d6f1b2ff848088c1a588170ad1a1d726af6bb6a929c31ddf4cfc0e9e76a5f"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "process-check-zone-identifier", "hashes": ["56f1040045ad7e244e7825dfb1c8d6a4714811511cc4c72d73d5c13c7411a168", "2ffc755ae132cc543efb894bc94596f4beff9820abe8311c2f4dbc4efd7fc240", "a20d6f1b2ff848088c1a588170ad1a1d726af6bb6a929c31ddf4cfc0e9e76a5f"], "mitre_attack_tags": ["TA0007", "TA0005", "T1518", "T1553"]}, {"bi": "network-communications-http-get", "hashes": ["1f990c973ea05f2f378b060bcaa6a722c76533317b5700215684ea89f4307a11", "3b88eba319371131abc7c71ec3420a71045c3ddd7394ab2ee5a037449f5ca244", "3c0682e45d8c2b7127d90becc7354fea3928a6d3e981de82de8dd30c68766c99"], "mitre_attack_tags": ["TA0011", "T1105"]}, {"bi": "registry-autorun-key-data-dir", "hashes": ["2ffc755ae132cc543efb894bc94596f4beff9820abe8311c2f4dbc4efd7fc240", "a20d6f1b2ff848088c1a588170ad1a1d726af6bb6a929c31ddf4cfc0e9e76a5f"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "process-created-executable-autorun", "hashes": ["2ffc755ae132cc543efb894bc94596f4beff9820abe8311c2f4dbc4efd7fc240", "a20d6f1b2ff848088c1a588170ad1a1d726af6bb6a929c31ddf4cfc0e9e76a5f"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "pe-certificate", "hashes": ["a20d6f1b2ff848088c1a588170ad1a1d726af6bb6a929c31ddf4cfc0e9e76a5f", "3c0682e45d8c2b7127d90becc7354fea3928a6d3e981de82de8dd30c68766c99"], "mitre_attack_tags": []}, {"bi": "hosts-file-modification", "hashes": ["a20d6f1b2ff848088c1a588170ad1a1d726af6bb6a929c31ddf4cfc0e9e76a5f", "1b884968467e50db56279a3d7058f96734186cdab01f51f29616babff72e5332"], "mitre_attack_tags": ["TA0011", "TA0005"]}, {"bi": "network-only-safe-domains-contacted", "hashes": ["1f990c973ea05f2f378b060bcaa6a722c76533317b5700215684ea89f4307a11", "3b88eba319371131abc7c71ec3420a71045c3ddd7394ab2ee5a037449f5ca244"], "mitre_attack_tags": []}, {"bi": "windows-crash-tool-execution-detected", "hashes": ["1f990c973ea05f2f378b060bcaa6a722c76533317b5700215684ea89f4307a11", "1b884968467e50db56279a3d7058f96734186cdab01f51f29616babff72e5332"], "mitre_attack_tags": []}, {"bi": "crash-dump-file-created", "hashes": ["1f990c973ea05f2f378b060bcaa6a722c76533317b5700215684ea89f4307a11", "1b884968467e50db56279a3d7058f96734186cdab01f51f29616babff72e5332"], "mitre_attack_tags": []}, {"bi": "fault-report-file-created", "hashes": ["1f990c973ea05f2f378b060bcaa6a722c76533317b5700215684ea89f4307a11", "1b884968467e50db56279a3d7058f96734186cdab01f51f29616babff72e5332"], "mitre_attack_tags": []}, {"bi": "network-fast-flux-nameserver", "hashes": ["3b88eba319371131abc7c71ec3420a71045c3ddd7394ab2ee5a037449f5ca244", "3c0682e45d8c2b7127d90becc7354fea3928a6d3e981de82de8dd30c68766c99"], "mitre_attack_tags": []}, {"bi": "dns-query-nxdomain", "hashes": ["3b88eba319371131abc7c71ec3420a71045c3ddd7394ab2ee5a037449f5ca244", "3c0682e45d8c2b7127d90becc7354fea3928a6d3e981de82de8dd30c68766c99"], "mitre_attack_tags": []}, {"bi": "netbios-query", "hashes": ["3b88eba319371131abc7c71ec3420a71045c3ddd7394ab2ee5a037449f5ca244", "3c0682e45d8c2b7127d90becc7354fea3928a6d3e981de82de8dd30c68766c99"], "mitre_attack_tags": ["TA0007", "T1016"]}, {"bi": "network-dns-category-parked-domain", "hashes": ["3b88eba319371131abc7c71ec3420a71045c3ddd7394ab2ee5a037449f5ca244", "3c0682e45d8c2b7127d90becc7354fea3928a6d3e981de82de8dd30c68766c99"], "mitre_attack_tags": []}, {"bi": "network-http-blank-user-agent", "hashes": ["3b88eba319371131abc7c71ec3420a71045c3ddd7394ab2ee5a037449f5ca244", "3c0682e45d8c2b7127d90becc7354fea3928a6d3e981de82de8dd30c68766c99"], "mitre_attack_tags": ["TA0011", "T1071"]}, {"bi": "http-response-redirect", "hashes": ["3b88eba319371131abc7c71ec3420a71045c3ddd7394ab2ee5a037449f5ca244", "3c0682e45d8c2b7127d90becc7354fea3928a6d3e981de82de8dd30c68766c99"], "mitre_attack_tags": []}, {"bi": "malware-formbook-mutex-detected", "hashes": ["3b88eba319371131abc7c71ec3420a71045c3ddd7394ab2ee5a037449f5ca244", "3c0682e45d8c2b7127d90becc7354fea3928a6d3e981de82de8dd30c68766c99"], "mitre_attack_tags": []}, {"bi": "artifact-flagged-obfuscation", "hashes": ["9daf1c68275ccf2f41c0772e712cb4549ec1d1e2aeda2ed8d64b1e4179f89bb5", "3c0682e45d8c2b7127d90becc7354fea3928a6d3e981de82de8dd30c68766c99"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "dns-excessive-domain-queries", "hashes": ["56f1040045ad7e244e7825dfb1c8d6a4714811511cc4c72d73d5c13c7411a168"], "mitre_attack_tags": ["TA0011", "T1008"]}, {"bi": "feed-domain-rat", "hashes": ["56f1040045ad7e244e7825dfb1c8d6a4714811511cc4c72d73d5c13c7411a168"], "mitre_attack_tags": []}, {"bi": "network-dns-category-dynamic", "hashes": ["56f1040045ad7e244e7825dfb1c8d6a4714811511cc4c72d73d5c13c7411a168"], "mitre_attack_tags": []}, {"bi": "artifact-windows-task", "hashes": ["56f1040045ad7e244e7825dfb1c8d6a4714811511cc4c72d73d5c13c7411a168"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1053"]}, {"bi": "malware-nanocore-artifact-detected", "hashes": ["56f1040045ad7e244e7825dfb1c8d6a4714811511cc4c72d73d5c13c7411a168"], "mitre_attack_tags": []}, {"bi": "schtask-forcefully-created", "hashes": ["56f1040045ad7e244e7825dfb1c8d6a4714811511cc4c72d73d5c13c7411a168"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1053"]}, {"bi": "modified-file-in-program-dir", "hashes": ["56f1040045ad7e244e7825dfb1c8d6a4714811511cc4c72d73d5c13c7411a168"], "mitre_attack_tags": []}, {"bi": "dotnet-malicious-assembly-name", "hashes": ["56f1040045ad7e244e7825dfb1c8d6a4714811511cc4c72d73d5c13c7411a168"], "mitre_attack_tags": []}, {"bi": "pe-filename-mismatch", "hashes": ["a20d6f1b2ff848088c1a588170ad1a1d726af6bb6a929c31ddf4cfc0e9e76a5f"], "mitre_attack_tags": []}, {"bi": "dns-dynamic-domain", "hashes": ["1f990c973ea05f2f378b060bcaa6a722c76533317b5700215684ea89f4307a11"], "mitre_attack_tags": ["TA0011", "T1568"]}, {"bi": "network-snort-indicator-compromise", "hashes": ["1f990c973ea05f2f378b060bcaa6a722c76533317b5700215684ea89f4307a11"], "mitre_attack_tags": []}, {"bi": "public-ip-address-identification-attempt", "hashes": ["1f990c973ea05f2f378b060bcaa6a722c76533317b5700215684ea89f4307a11"], "mitre_attack_tags": ["TA0007", "T1082", "T1016"]}, {"bi": "feed-public-ip-check-dns", "hashes": ["1f990c973ea05f2f378b060bcaa6a722c76533317b5700215684ea89f4307a11"], "mitre_attack_tags": []}, {"bi": "geoip-ip-address-location-attempt", "hashes": ["1f990c973ea05f2f378b060bcaa6a722c76533317b5700215684ea89f4307a11"], "mitre_attack_tags": ["TA0007", "T1082", "T1016"]}, {"bi": "deleted-submitted-file", "hashes": ["3b88eba319371131abc7c71ec3420a71045c3ddd7394ab2ee5a037449f5ca244"], "mitre_attack_tags": ["TA0005"]}, {"bi": "process-windows-script-launched", "hashes": ["3b88eba319371131abc7c71ec3420a71045c3ddd7394ab2ee5a037449f5ca244"], "mitre_attack_tags": ["TA0002", "T1059"]}, {"bi": "network-explorer-process", "hashes": ["3b88eba319371131abc7c71ec3420a71045c3ddd7394ab2ee5a037449f5ca244"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "sc-service-stop-windefend", "hashes": ["9daf1c68275ccf2f41c0772e712cb4549ec1d1e2aeda2ed8d64b1e4179f89bb5"], "mitre_attack_tags": ["TA0005", "T1562"]}, {"bi": "http-response-client-error", "hashes": ["3c0682e45d8c2b7127d90becc7354fea3928a6d3e981de82de8dd30c68766c99"], "mitre_attack_tags": []}, {"bi": "deleted-executable-in-system-dir", "hashes": ["3c0682e45d8c2b7127d90becc7354fea3928a6d3e981de82de8dd30c68766c99"], "mitre_attack_tags": []}, {"bi": "url-not-found", "hashes": ["3c0682e45d8c2b7127d90becc7354fea3928a6d3e981de82de8dd30c68766c99"], "mitre_attack_tags": []}, {"bi": "network-dns-safe-categories", "hashes": ["3c0682e45d8c2b7127d90becc7354fea3928a6d3e981de82de8dd30c68766c99"], "mitre_attack_tags": []}, {"bi": "html-small-file-redirect", "hashes": ["3c0682e45d8c2b7127d90becc7354fea3928a6d3e981de82de8dd30c68766c99"], "mitre_attack_tags": []}, {"bi": "process-hollowing-detected", "hashes": ["3ceb374ef6968ff23e46095580a01e00eb2fa28512a04a643b97ba99eb5824cb"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}], "category": "Dropper", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": true, "Threat Grid": true, "Umbrella": false, "WSA": false}, "description": "Formbook is an information stealer that attempts to collect sensitive information from an infected machine by logging keystrokes, stealing saved web browser credentials, and monitoring information copied to the clipboard.", "hashes": ["076951d55cc7d2bb25fe038497044c8743acc25898b7fde670c5da27d1a52cb4", "1b884968467e50db56279a3d7058f96734186cdab01f51f29616babff72e5332", "1e170d4925f50729c424e977db1cc81e86ca14305a7b8634d55bbe5265932f1d", "1f990c973ea05f2f378b060bcaa6a722c76533317b5700215684ea89f4307a11", "2ffc755ae132cc543efb894bc94596f4beff9820abe8311c2f4dbc4efd7fc240", "331a2f20c2ac3630e787c3124c2d23c329bafd0cd058b6ee0b101dedcb7594a7", "39f92d325132b3785dfc0c8344b9b56f6f15d91fc37f1d901fa4f4bc6b5ec2cb", "3b88eba319371131abc7c71ec3420a71045c3ddd7394ab2ee5a037449f5ca244", "3c0682e45d8c2b7127d90becc7354fea3928a6d3e981de82de8dd30c68766c99", "3ceb374ef6968ff23e46095580a01e00eb2fa28512a04a643b97ba99eb5824cb", "43016c15520ced69adc74938c0dca2d675bc29450e55e70c617e423f30a0286b", "4aa831832b7ebd8961bdd8acd7146c934a7f0fb05850bf1a48abd91144b81865", "52579747e239df7738d31f9ff12669eadb6729fd8a3983b77f3a0bc772ce9714", "56f1040045ad7e244e7825dfb1c8d6a4714811511cc4c72d73d5c13c7411a168", "5773fe5fe72f07ad3c3547c3d37169d78e65afa28163f960e8eedf620b8d94b4", "694b9ea09a47c2f24b47c60ddff0a0537828e8ba964c0ad0045b9862bce37d42", "6afc0810fb38206252dacd24b06fe2deab975c9ba917d1e113a7abaed82d93f7", "851b20d33b8210f3d20ab4694011a0858eeb745e248a768c1e4c214efb59464b", "88e39d27b4ea76f3413a5561e71b3360f79de3c8025a0357b6dfc6764a721a39", "8fa69958e1c3bb6964ce4f56bc4ca621c19a4902ed59872291f5727c2f0e0432", "9daf1c68275ccf2f41c0772e712cb4549ec1d1e2aeda2ed8d64b1e4179f89bb5", "a20d6f1b2ff848088c1a588170ad1a1d726af6bb6a929c31ddf4cfc0e9e76a5f", "a63e0773595f36b7ada59361abb3b0df6bf684188170da64325f7224265ecc62", "aa42eafab66c88f070520fe3dbfdb60c53f8539630f57111c0201729b29b8e31", "c0e79df1a3c99ac22bb6ead55904af95d69e740a4c570d545335e6d74a41c8cb", "c200e87cc731615296978f276b4891b70b997c0ce5d32d150806cabcf256d669", "ca7817b5db1f1175b33ff0ef4f28b10aa9bee536533d0055efcbf06410718964", "cc0fd7ad500452379bbe0440c8b02be9976a7fe6af32298d7554ef76f1842109", "cdd39fbc8f042dd91a5131240a9f201eb0158de4e810877c03efe7c82ef0ace6", "ce9b4322c989c56c05785a1adcfbf02d24e4452d9d042b187e9495d2c350f051", "da90732c210955d4f34aa7ce0c4d8e36830fa7136e7457585174f9d0ec775edd", "e65c580c2e9488a5b1d663b83bc321cfc2a0ad030381f3e16ee38665f9006e00", "f4ada716b05f8227090dd0304d30b34ae0a8ae013ba37452d1bbf4144c44407c", "f519a7adeec97db32f536e9868c000842db13a165080a6f85a6d990c8e45dfb6", "f852033e9aa3f67367b531db3ad5352c101af5e58f38a9b285035e7d7ff74afe"], "iocs": {"domain": [{"hashes": ["1f990c973ea05f2f378b060bcaa6a722c76533317b5700215684ea89f4307a11"], "host": "checkip[.]dyndns[.]org"}, {"hashes": ["1f990c973ea05f2f378b060bcaa6a722c76533317b5700215684ea89f4307a11"], "host": "freegeoip[.]app"}, {"hashes": ["56f1040045ad7e244e7825dfb1c8d6a4714811511cc4c72d73d5c13c7411a168"], "host": "chinomso[.]duckdns[.]org"}, {"hashes": ["3c0682e45d8c2b7127d90becc7354fea3928a6d3e981de82de8dd30c68766c99"], "host": "www[.]junky[.]club"}, {"hashes": ["3c0682e45d8c2b7127d90becc7354fea3928a6d3e981de82de8dd30c68766c99"], "host": "www[.]glomesweetglome[.]com"}, {"hashes": ["3c0682e45d8c2b7127d90becc7354fea3928a6d3e981de82de8dd30c68766c99"], "host": "www[.]meyer[.]cruises"}, {"hashes": ["3c0682e45d8c2b7127d90becc7354fea3928a6d3e981de82de8dd30c68766c99"], "host": "www[.]klikq[.]com"}, {"hashes": ["3c0682e45d8c2b7127d90becc7354fea3928a6d3e981de82de8dd30c68766c99"], "host": "www[.]oldi-treffen[.]com"}, {"hashes": ["3c0682e45d8c2b7127d90becc7354fea3928a6d3e981de82de8dd30c68766c99"], "host": "www[.]caribbeanclubbonaire[.]net"}, {"hashes": ["3c0682e45d8c2b7127d90becc7354fea3928a6d3e981de82de8dd30c68766c99"], "host": "www[.]higherthan75[.]com"}, {"hashes": ["3c0682e45d8c2b7127d90becc7354fea3928a6d3e981de82de8dd30c68766c99"], "host": "www[.]roswellurbanvineyard[.]com"}, {"hashes": ["3c0682e45d8c2b7127d90becc7354fea3928a6d3e981de82de8dd30c68766c99"], "host": "www[.]rebuildtransmissionservice[.]com"}, {"hashes": ["3c0682e45d8c2b7127d90becc7354fea3928a6d3e981de82de8dd30c68766c99"], "host": "www[.]buyquickdeals[.]com"}, {"hashes": ["1f990c973ea05f2f378b060bcaa6a722c76533317b5700215684ea89f4307a11"], "host": "ipbase[.]com"}, {"hashes": ["3b88eba319371131abc7c71ec3420a71045c3ddd7394ab2ee5a037449f5ca244"], "host": "www[.]gordonmicah[.]xyz"}, {"hashes": ["3b88eba319371131abc7c71ec3420a71045c3ddd7394ab2ee5a037449f5ca244"], "host": "www[.]magazinadziavane[.]com"}, {"hashes": ["3b88eba319371131abc7c71ec3420a71045c3ddd7394ab2ee5a037449f5ca244"], "host": "www[.]avp-travaux[.]com"}, {"hashes": ["3b88eba319371131abc7c71ec3420a71045c3ddd7394ab2ee5a037449f5ca244"], "host": "www[.]vgmpradio[.]com"}, {"hashes": ["3b88eba319371131abc7c71ec3420a71045c3ddd7394ab2ee5a037449f5ca244"], "host": "www[.]365bet356[.]com"}, {"hashes": ["3b88eba319371131abc7c71ec3420a71045c3ddd7394ab2ee5a037449f5ca244"], "host": "www[.]thealphabrains[.]com"}, {"hashes": ["3b88eba319371131abc7c71ec3420a71045c3ddd7394ab2ee5a037449f5ca244"], "host": "www[.]caldirectloans[.]com"}, {"hashes": ["3b88eba319371131abc7c71ec3420a71045c3ddd7394ab2ee5a037449f5ca244"], "host": "www[.]econiq[.]us"}, {"hashes": ["3b88eba319371131abc7c71ec3420a71045c3ddd7394ab2ee5a037449f5ca244"], "host": "www[.]showersplash[.]com"}], "file": [{"hashes": ["2ffc755ae132cc543efb894bc94596f4beff9820abe8311c2f4dbc4efd7fc240", "39f92d325132b3785dfc0c8344b9b56f6f15d91fc37f1d901fa4f4bc6b5ec2cb", "3b88eba319371131abc7c71ec3420a71045c3ddd7394ab2ee5a037449f5ca244", "3c0682e45d8c2b7127d90becc7354fea3928a6d3e981de82de8dd30c68766c99", "56f1040045ad7e244e7825dfb1c8d6a4714811511cc4c72d73d5c13c7411a168", "851b20d33b8210f3d20ab4694011a0858eeb745e248a768c1e4c214efb59464b", "8fa69958e1c3bb6964ce4f56bc4ca621c19a4902ed59872291f5727c2f0e0432"], "path": "%TEMP%\\tmp<random, matching [A-F0-9]{1,4}>.tmp"}, {"hashes": ["1b884968467e50db56279a3d7058f96734186cdab01f51f29616babff72e5332", "a20d6f1b2ff848088c1a588170ad1a1d726af6bb6a929c31ddf4cfc0e9e76a5f"], "path": "%System32%\\drivers\\etc\\hosts"}, {"hashes": ["56f1040045ad7e244e7825dfb1c8d6a4714811511cc4c72d73d5c13c7411a168"], "path": "%ProgramFiles(x86)%\\AGP Manager"}, {"hashes": ["56f1040045ad7e244e7825dfb1c8d6a4714811511cc4c72d73d5c13c7411a168"], "path": "%ProgramFiles(x86)%\\AGP Manager\\agpmgr.exe"}, {"hashes": ["56f1040045ad7e244e7825dfb1c8d6a4714811511cc4c72d73d5c13c7411a168"], "path": "%APPDATA%\\D19AB989-A35F-4710-83DF-7B2DB7EFE7C5"}, {"hashes": ["56f1040045ad7e244e7825dfb1c8d6a4714811511cc4c72d73d5c13c7411a168"], "path": "%APPDATA%\\D19AB989-A35F-4710-83DF-7B2DB7EFE7C5\\Logs"}, {"hashes": ["56f1040045ad7e244e7825dfb1c8d6a4714811511cc4c72d73d5c13c7411a168"], "path": "%APPDATA%\\D19AB989-A35F-4710-83DF-7B2DB7EFE7C5\\Logs\\Administrator"}, {"hashes": ["56f1040045ad7e244e7825dfb1c8d6a4714811511cc4c72d73d5c13c7411a168"], "path": "%APPDATA%\\D19AB989-A35F-4710-83DF-7B2DB7EFE7C5\\run.dat"}, {"hashes": ["56f1040045ad7e244e7825dfb1c8d6a4714811511cc4c72d73d5c13c7411a168"], "path": "%APPDATA%\\D19AB989-A35F-4710-83DF-7B2DB7EFE7C5\\task.dat"}, {"hashes": ["56f1040045ad7e244e7825dfb1c8d6a4714811511cc4c72d73d5c13c7411a168"], "path": "%System32%\\Tasks\\AGP Manager"}, {"hashes": ["56f1040045ad7e244e7825dfb1c8d6a4714811511cc4c72d73d5c13c7411a168"], "path": "%System32%\\Tasks\\AGP Manager Task"}, {"hashes": ["a20d6f1b2ff848088c1a588170ad1a1d726af6bb6a929c31ddf4cfc0e9e76a5f"], "path": "%APPDATA%\\NXLun"}, {"hashes": ["a20d6f1b2ff848088c1a588170ad1a1d726af6bb6a929c31ddf4cfc0e9e76a5f"], "path": "%APPDATA%\\NXLun\\NXLun.exe"}, {"hashes": ["3b88eba319371131abc7c71ec3420a71045c3ddd7394ab2ee5a037449f5ca244"], "path": "%APPDATA%\\ohursB.exe"}, {"hashes": ["3c0682e45d8c2b7127d90becc7354fea3928a6d3e981de82de8dd30c68766c99"], "path": "%APPDATA%\\YYBuWmgsHfk.exe"}, {"hashes": ["39f92d325132b3785dfc0c8344b9b56f6f15d91fc37f1d901fa4f4bc6b5ec2cb"], "path": "%APPDATA%\\vGeroIiCN.exe"}, {"hashes": ["851b20d33b8210f3d20ab4694011a0858eeb745e248a768c1e4c214efb59464b"], "path": "%APPDATA%\\sIYfcmrdwEC.exe"}, {"hashes": ["8fa69958e1c3bb6964ce4f56bc4ca621c19a4902ed59872291f5727c2f0e0432"], "path": "%APPDATA%\\rlOtoP.exe"}, {"hashes": ["56f1040045ad7e244e7825dfb1c8d6a4714811511cc4c72d73d5c13c7411a168"], "path": "%APPDATA%\\VwBkiqeJ.exe"}, {"hashes": ["2ffc755ae132cc543efb894bc94596f4beff9820abe8311c2f4dbc4efd7fc240"], "path": "%APPDATA%\\uMakgx"}, {"hashes": ["2ffc755ae132cc543efb894bc94596f4beff9820abe8311c2f4dbc4efd7fc240"], "path": "%APPDATA%\\uMakgx\\uMakgx.exe"}, {"hashes": ["2ffc755ae132cc543efb894bc94596f4beff9820abe8311c2f4dbc4efd7fc240"], "path": "%APPDATA%\\KxVxzrkAELyD.exe"}], "ip": [{"hashes": ["3c0682e45d8c2b7127d90becc7354fea3928a6d3e981de82de8dd30c68766c99"], "ip": "81[.]169[.]145[.]164"}, {"hashes": ["3c0682e45d8c2b7127d90becc7354fea3928a6d3e981de82de8dd30c68766c99"], "ip": "34[.]102[.]136[.]180"}, {"hashes": ["1f990c973ea05f2f378b060bcaa6a722c76533317b5700215684ea89f4307a11"], "ip": "75[.]2[.]60[.]5"}, {"hashes": ["1f990c973ea05f2f378b060bcaa6a722c76533317b5700215684ea89f4307a11"], "ip": "193[.]122[.]130[.]0"}, {"hashes": ["3c0682e45d8c2b7127d90becc7354fea3928a6d3e981de82de8dd30c68766c99"], "ip": "63[.]250[.]43[.]3"}, {"hashes": ["3b88eba319371131abc7c71ec3420a71045c3ddd7394ab2ee5a037449f5ca244"], "ip": "146[.]59[.]209[.]152"}, {"hashes": ["1f990c973ea05f2f378b060bcaa6a722c76533317b5700215684ea89f4307a11"], "ip": "172[.]67[.]160[.]84"}, {"hashes": ["56f1040045ad7e244e7825dfb1c8d6a4714811511cc4c72d73d5c13c7411a168"], "ip": "194[.]5[.]98[.]226"}], "mutex": [{"hashes": ["3b88eba319371131abc7c71ec3420a71045c3ddd7394ab2ee5a037449f5ca244", "3c0682e45d8c2b7127d90becc7354fea3928a6d3e981de82de8dd30c68766c99"], "name": "8-3503835SZBFHHZ"}, {"hashes": ["56f1040045ad7e244e7825dfb1c8d6a4714811511cc4c72d73d5c13c7411a168"], "name": "Global\\{bee718f3-e47a-44f8-955e-2fe2c6c0351c}"}, {"hashes": ["3c0682e45d8c2b7127d90becc7354fea3928a6d3e981de82de8dd30c68766c99"], "name": "1L21SQ530Y19A2G2"}, {"hashes": ["3b88eba319371131abc7c71ec3420a71045c3ddd7394ab2ee5a037449f5ca244"], "name": "S-1-5-21-2580483-1244764195207"}, {"hashes": ["3b88eba319371131abc7c71ec3420a71045c3ddd7394ab2ee5a037449f5ca244"], "name": "5Q85TO54T7IUJHCG"}, {"hashes": ["c0e79df1a3c99ac22bb6ead55904af95d69e740a4c570d545335e6d74a41c8cb"], "name": "DvgAsrEtPlXvjdEbGtypQiJ"}, {"hashes": ["43016c15520ced69adc74938c0dca2d675bc29450e55e70c617e423f30a0286b"], "name": "NGoDEoGyuCGBFiJVlcvNkyB"}, {"hashes": ["1f990c973ea05f2f378b060bcaa6a722c76533317b5700215684ea89f4307a11"], "name": "Global\\15842d41-ae1a-11ed-9660-001517b20fcd"}, {"hashes": ["1b884968467e50db56279a3d7058f96734186cdab01f51f29616babff72e5332"], "name": "Global\\3d822721-ae1a-11ed-9660-0015179ca376"}, {"hashes": ["52579747e239df7738d31f9ff12669eadb6729fd8a3983b77f3a0bc772ce9714"], "name": "DUgGplDVWdlohlHdRLj"}, {"hashes": ["2ffc755ae132cc543efb894bc94596f4beff9820abe8311c2f4dbc4efd7fc240"], "name": "WbyUtOvcY"}, {"hashes": ["a20d6f1b2ff848088c1a588170ad1a1d726af6bb6a929c31ddf4cfc0e9e76a5f"], "name": "ghswoCxNjC"}, {"hashes": ["076951d55cc7d2bb25fe038497044c8743acc25898b7fde670c5da27d1a52cb4"], "name": "KaILnwpfHSISrfJtaroX"}], "registry": [{"hashes": ["56f1040045ad7e244e7825dfb1c8d6a4714811511cc4c72d73d5c13c7411a168"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "AGP Manager"}, {"hashes": ["56f1040045ad7e244e7825dfb1c8d6a4714811511cc4c72d73d5c13c7411a168"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\SCHEDULE\\TASKCACHE\\TASKS", "value_name": "Path"}, {"hashes": ["a20d6f1b2ff848088c1a588170ad1a1d726af6bb6a929c31ddf4cfc0e9e76a5f"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "NXLun"}, {"hashes": ["56f1040045ad7e244e7825dfb1c8d6a4714811511cc4c72d73d5c13c7411a168"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\SCHEDULE\\TASKCACHE\\TASKS", "value_name": "Hash"}, {"hashes": ["56f1040045ad7e244e7825dfb1c8d6a4714811511cc4c72d73d5c13c7411a168"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\SCHEDULE\\TASKCACHE\\TASKS", "value_name": "Triggers"}, {"hashes": ["2ffc755ae132cc543efb894bc94596f4beff9820abe8311c2f4dbc4efd7fc240"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "uMakgx"}]}, "reports_count": 25}, "Win.Dropper.Nanocore-9988136-0": {"bis": [{"bi": "memory-execute-readwrite", "hashes": ["749956cbbd0d1d3aed4eb24dddc1155aec6c46239152d536cfe1cbdfe23250bc", "68ed334c88c0025bf39d643d78a3badf9b3e1d210c942b0db0a45c81ce725ec2", "053a7a87ab88862eaa93cc1ad7d2a6d063f5f4d4ced27d79293fa30e2b01f886", "a650ed425a9549bd72db33f473722e19de1973131ffe5c92aac98febdcb2ae42", "53806c9d142b44c2d80270df36a34f82aaf5f42a38971ad8ef0a97d55ad43ea0", "c0d689354e7d9fd75932612420be7a3af50f68bfd3cb735553c0fc8e90ec9d6f", "3efbe7ca98c370afb81540c589f0f2a9bae8de2f7cf5e0e96956da42aff04c1f", "79ef439dc27f1c73fc3ca890a34897951bc88ae654db07a1f7ccb27134f0a055", "40b8a9b13e4ecdf38e805c017af1381779626d2aef6f966bf1b32b5fb7884f30", "ea358a82310adff5d0274118dd708c2f9ae94d0149358b91d9a5ca570bda8e56", "ff40716166e751434afcf5e091af5570bd7db0867789bc3ac2a1fcb9d4157f4d", "e14b408bfb28c06b97d8d02899c880dbbf3c0ae966b8fa5e3a2c646dd0d30cb6", "fd4729c13748c27ae23dffdc85b658db358285579a5713c5216f15738d651fbf", "f43c85fe614c5115b376d23787a1836cdbdef9923e7132653332331314f5cea5", "06c1e92b9102991eba2779b9369f352b40342e1534ce036156b0ad96bc34d58b", "8fec72cbdcb941034a7c0c64052220cde12dc466cf2106304ec77ebd2c7bd2c1", "58d471afddee8cfdc699d41d67024e1d63b83c038f17c0058722f708485aeffc", "52336dc775740988572f7d158eadc307fdaa72a178dfddaa59523980ef0b97f3", "82e1f7ad19a10760ff9917a9596f8feea2180086b9ade82064ef1a5344b9bb68", "f3d3bf58ba929bfc591edef51a03d4e3ff1799bc9fe61c1c7791e948891866c0"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["749956cbbd0d1d3aed4eb24dddc1155aec6c46239152d536cfe1cbdfe23250bc", "68ed334c88c0025bf39d643d78a3badf9b3e1d210c942b0db0a45c81ce725ec2", "053a7a87ab88862eaa93cc1ad7d2a6d063f5f4d4ced27d79293fa30e2b01f886", "a650ed425a9549bd72db33f473722e19de1973131ffe5c92aac98febdcb2ae42", "53806c9d142b44c2d80270df36a34f82aaf5f42a38971ad8ef0a97d55ad43ea0", "c0d689354e7d9fd75932612420be7a3af50f68bfd3cb735553c0fc8e90ec9d6f", "3efbe7ca98c370afb81540c589f0f2a9bae8de2f7cf5e0e96956da42aff04c1f", "79ef439dc27f1c73fc3ca890a34897951bc88ae654db07a1f7ccb27134f0a055", "40b8a9b13e4ecdf38e805c017af1381779626d2aef6f966bf1b32b5fb7884f30", "ea358a82310adff5d0274118dd708c2f9ae94d0149358b91d9a5ca570bda8e56", "ff40716166e751434afcf5e091af5570bd7db0867789bc3ac2a1fcb9d4157f4d", "e14b408bfb28c06b97d8d02899c880dbbf3c0ae966b8fa5e3a2c646dd0d30cb6", "fd4729c13748c27ae23dffdc85b658db358285579a5713c5216f15738d651fbf", "f43c85fe614c5115b376d23787a1836cdbdef9923e7132653332331314f5cea5", "06c1e92b9102991eba2779b9369f352b40342e1534ce036156b0ad96bc34d58b", "8fec72cbdcb941034a7c0c64052220cde12dc466cf2106304ec77ebd2c7bd2c1", "58d471afddee8cfdc699d41d67024e1d63b83c038f17c0058722f708485aeffc", "52336dc775740988572f7d158eadc307fdaa72a178dfddaa59523980ef0b97f3", "82e1f7ad19a10760ff9917a9596f8feea2180086b9ade82064ef1a5344b9bb68", "f3d3bf58ba929bfc591edef51a03d4e3ff1799bc9fe61c1c7791e948891866c0"], "mitre_attack_tags": []}, {"bi": "artifact-flagged-anomaly", "hashes": ["749956cbbd0d1d3aed4eb24dddc1155aec6c46239152d536cfe1cbdfe23250bc", "68ed334c88c0025bf39d643d78a3badf9b3e1d210c942b0db0a45c81ce725ec2", "053a7a87ab88862eaa93cc1ad7d2a6d063f5f4d4ced27d79293fa30e2b01f886", "a650ed425a9549bd72db33f473722e19de1973131ffe5c92aac98febdcb2ae42", "53806c9d142b44c2d80270df36a34f82aaf5f42a38971ad8ef0a97d55ad43ea0", "c0d689354e7d9fd75932612420be7a3af50f68bfd3cb735553c0fc8e90ec9d6f", "3efbe7ca98c370afb81540c589f0f2a9bae8de2f7cf5e0e96956da42aff04c1f", "79ef439dc27f1c73fc3ca890a34897951bc88ae654db07a1f7ccb27134f0a055", "40b8a9b13e4ecdf38e805c017af1381779626d2aef6f966bf1b32b5fb7884f30", "ea358a82310adff5d0274118dd708c2f9ae94d0149358b91d9a5ca570bda8e56", "ff40716166e751434afcf5e091af5570bd7db0867789bc3ac2a1fcb9d4157f4d", "e14b408bfb28c06b97d8d02899c880dbbf3c0ae966b8fa5e3a2c646dd0d30cb6", "fd4729c13748c27ae23dffdc85b658db358285579a5713c5216f15738d651fbf", "f43c85fe614c5115b376d23787a1836cdbdef9923e7132653332331314f5cea5", "06c1e92b9102991eba2779b9369f352b40342e1534ce036156b0ad96bc34d58b", "8fec72cbdcb941034a7c0c64052220cde12dc466cf2106304ec77ebd2c7bd2c1", "58d471afddee8cfdc699d41d67024e1d63b83c038f17c0058722f708485aeffc", "52336dc775740988572f7d158eadc307fdaa72a178dfddaa59523980ef0b97f3", "82e1f7ad19a10760ff9917a9596f8feea2180086b9ade82064ef1a5344b9bb68", "f3d3bf58ba929bfc591edef51a03d4e3ff1799bc9fe61c1c7791e948891866c0"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "excessive-foreign-memory-modification", "hashes": ["749956cbbd0d1d3aed4eb24dddc1155aec6c46239152d536cfe1cbdfe23250bc", "68ed334c88c0025bf39d643d78a3badf9b3e1d210c942b0db0a45c81ce725ec2", "053a7a87ab88862eaa93cc1ad7d2a6d063f5f4d4ced27d79293fa30e2b01f886", "a650ed425a9549bd72db33f473722e19de1973131ffe5c92aac98febdcb2ae42", "53806c9d142b44c2d80270df36a34f82aaf5f42a38971ad8ef0a97d55ad43ea0", "c0d689354e7d9fd75932612420be7a3af50f68bfd3cb735553c0fc8e90ec9d6f", "3efbe7ca98c370afb81540c589f0f2a9bae8de2f7cf5e0e96956da42aff04c1f", "79ef439dc27f1c73fc3ca890a34897951bc88ae654db07a1f7ccb27134f0a055", "40b8a9b13e4ecdf38e805c017af1381779626d2aef6f966bf1b32b5fb7884f30", "ea358a82310adff5d0274118dd708c2f9ae94d0149358b91d9a5ca570bda8e56", "ff40716166e751434afcf5e091af5570bd7db0867789bc3ac2a1fcb9d4157f4d", "e14b408bfb28c06b97d8d02899c880dbbf3c0ae966b8fa5e3a2c646dd0d30cb6", "fd4729c13748c27ae23dffdc85b658db358285579a5713c5216f15738d651fbf", "f43c85fe614c5115b376d23787a1836cdbdef9923e7132653332331314f5cea5", "06c1e92b9102991eba2779b9369f352b40342e1534ce036156b0ad96bc34d58b", "8fec72cbdcb941034a7c0c64052220cde12dc466cf2106304ec77ebd2c7bd2c1", "58d471afddee8cfdc699d41d67024e1d63b83c038f17c0058722f708485aeffc", "52336dc775740988572f7d158eadc307fdaa72a178dfddaa59523980ef0b97f3", "82e1f7ad19a10760ff9917a9596f8feea2180086b9ade82064ef1a5344b9bb68", "f3d3bf58ba929bfc591edef51a03d4e3ff1799bc9fe61c1c7791e948891866c0"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "pe-uses-visual-basic", "hashes": ["749956cbbd0d1d3aed4eb24dddc1155aec6c46239152d536cfe1cbdfe23250bc", "68ed334c88c0025bf39d643d78a3badf9b3e1d210c942b0db0a45c81ce725ec2", "053a7a87ab88862eaa93cc1ad7d2a6d063f5f4d4ced27d79293fa30e2b01f886", "a650ed425a9549bd72db33f473722e19de1973131ffe5c92aac98febdcb2ae42", "53806c9d142b44c2d80270df36a34f82aaf5f42a38971ad8ef0a97d55ad43ea0", "c0d689354e7d9fd75932612420be7a3af50f68bfd3cb735553c0fc8e90ec9d6f", "3efbe7ca98c370afb81540c589f0f2a9bae8de2f7cf5e0e96956da42aff04c1f", "79ef439dc27f1c73fc3ca890a34897951bc88ae654db07a1f7ccb27134f0a055", "40b8a9b13e4ecdf38e805c017af1381779626d2aef6f966bf1b32b5fb7884f30", "ea358a82310adff5d0274118dd708c2f9ae94d0149358b91d9a5ca570bda8e56", "ff40716166e751434afcf5e091af5570bd7db0867789bc3ac2a1fcb9d4157f4d", "e14b408bfb28c06b97d8d02899c880dbbf3c0ae966b8fa5e3a2c646dd0d30cb6", "fd4729c13748c27ae23dffdc85b658db358285579a5713c5216f15738d651fbf", "f43c85fe614c5115b376d23787a1836cdbdef9923e7132653332331314f5cea5", "06c1e92b9102991eba2779b9369f352b40342e1534ce036156b0ad96bc34d58b", "8fec72cbdcb941034a7c0c64052220cde12dc466cf2106304ec77ebd2c7bd2c1", "58d471afddee8cfdc699d41d67024e1d63b83c038f17c0058722f708485aeffc", "52336dc775740988572f7d158eadc307fdaa72a178dfddaa59523980ef0b97f3", "82e1f7ad19a10760ff9917a9596f8feea2180086b9ade82064ef1a5344b9bb68", "f3d3bf58ba929bfc591edef51a03d4e3ff1799bc9fe61c1c7791e948891866c0"], "mitre_attack_tags": []}, {"bi": "artifact-flagged-vm", "hashes": ["749956cbbd0d1d3aed4eb24dddc1155aec6c46239152d536cfe1cbdfe23250bc", "68ed334c88c0025bf39d643d78a3badf9b3e1d210c942b0db0a45c81ce725ec2", "053a7a87ab88862eaa93cc1ad7d2a6d063f5f4d4ced27d79293fa30e2b01f886", "a650ed425a9549bd72db33f473722e19de1973131ffe5c92aac98febdcb2ae42", "53806c9d142b44c2d80270df36a34f82aaf5f42a38971ad8ef0a97d55ad43ea0", "c0d689354e7d9fd75932612420be7a3af50f68bfd3cb735553c0fc8e90ec9d6f", "3efbe7ca98c370afb81540c589f0f2a9bae8de2f7cf5e0e96956da42aff04c1f", "79ef439dc27f1c73fc3ca890a34897951bc88ae654db07a1f7ccb27134f0a055", "40b8a9b13e4ecdf38e805c017af1381779626d2aef6f966bf1b32b5fb7884f30", "ea358a82310adff5d0274118dd708c2f9ae94d0149358b91d9a5ca570bda8e56", "ff40716166e751434afcf5e091af5570bd7db0867789bc3ac2a1fcb9d4157f4d", "e14b408bfb28c06b97d8d02899c880dbbf3c0ae966b8fa5e3a2c646dd0d30cb6", "fd4729c13748c27ae23dffdc85b658db358285579a5713c5216f15738d651fbf", "f43c85fe614c5115b376d23787a1836cdbdef9923e7132653332331314f5cea5", "06c1e92b9102991eba2779b9369f352b40342e1534ce036156b0ad96bc34d58b", "8fec72cbdcb941034a7c0c64052220cde12dc466cf2106304ec77ebd2c7bd2c1", "58d471afddee8cfdc699d41d67024e1d63b83c038f17c0058722f708485aeffc", "52336dc775740988572f7d158eadc307fdaa72a178dfddaa59523980ef0b97f3", "82e1f7ad19a10760ff9917a9596f8feea2180086b9ade82064ef1a5344b9bb68", "f3d3bf58ba929bfc591edef51a03d4e3ff1799bc9fe61c1c7791e948891866c0"], "mitre_attack_tags": ["TA0005", "TA0007", "T1497"]}, {"bi": "modified-file-in-user-dir", "hashes": ["749956cbbd0d1d3aed4eb24dddc1155aec6c46239152d536cfe1cbdfe23250bc", "68ed334c88c0025bf39d643d78a3badf9b3e1d210c942b0db0a45c81ce725ec2", "053a7a87ab88862eaa93cc1ad7d2a6d063f5f4d4ced27d79293fa30e2b01f886", "a650ed425a9549bd72db33f473722e19de1973131ffe5c92aac98febdcb2ae42", "53806c9d142b44c2d80270df36a34f82aaf5f42a38971ad8ef0a97d55ad43ea0", "c0d689354e7d9fd75932612420be7a3af50f68bfd3cb735553c0fc8e90ec9d6f", "3efbe7ca98c370afb81540c589f0f2a9bae8de2f7cf5e0e96956da42aff04c1f", "79ef439dc27f1c73fc3ca890a34897951bc88ae654db07a1f7ccb27134f0a055", "40b8a9b13e4ecdf38e805c017af1381779626d2aef6f966bf1b32b5fb7884f30", "ea358a82310adff5d0274118dd708c2f9ae94d0149358b91d9a5ca570bda8e56", "ff40716166e751434afcf5e091af5570bd7db0867789bc3ac2a1fcb9d4157f4d", "e14b408bfb28c06b97d8d02899c880dbbf3c0ae966b8fa5e3a2c646dd0d30cb6", "fd4729c13748c27ae23dffdc85b658db358285579a5713c5216f15738d651fbf", "f43c85fe614c5115b376d23787a1836cdbdef9923e7132653332331314f5cea5", "06c1e92b9102991eba2779b9369f352b40342e1534ce036156b0ad96bc34d58b", "8fec72cbdcb941034a7c0c64052220cde12dc466cf2106304ec77ebd2c7bd2c1", "58d471afddee8cfdc699d41d67024e1d63b83c038f17c0058722f708485aeffc", "52336dc775740988572f7d158eadc307fdaa72a178dfddaa59523980ef0b97f3", "f3d3bf58ba929bfc591edef51a03d4e3ff1799bc9fe61c1c7791e948891866c0"], "mitre_attack_tags": []}, {"bi": "registry-autorun-key-modified", "hashes": ["749956cbbd0d1d3aed4eb24dddc1155aec6c46239152d536cfe1cbdfe23250bc", "68ed334c88c0025bf39d643d78a3badf9b3e1d210c942b0db0a45c81ce725ec2", "053a7a87ab88862eaa93cc1ad7d2a6d063f5f4d4ced27d79293fa30e2b01f886", "a650ed425a9549bd72db33f473722e19de1973131ffe5c92aac98febdcb2ae42", "53806c9d142b44c2d80270df36a34f82aaf5f42a38971ad8ef0a97d55ad43ea0", "c0d689354e7d9fd75932612420be7a3af50f68bfd3cb735553c0fc8e90ec9d6f", "3efbe7ca98c370afb81540c589f0f2a9bae8de2f7cf5e0e96956da42aff04c1f", "79ef439dc27f1c73fc3ca890a34897951bc88ae654db07a1f7ccb27134f0a055", "40b8a9b13e4ecdf38e805c017af1381779626d2aef6f966bf1b32b5fb7884f30", "ff40716166e751434afcf5e091af5570bd7db0867789bc3ac2a1fcb9d4157f4d", "fd4729c13748c27ae23dffdc85b658db358285579a5713c5216f15738d651fbf", "f43c85fe614c5115b376d23787a1836cdbdef9923e7132653332331314f5cea5", "06c1e92b9102991eba2779b9369f352b40342e1534ce036156b0ad96bc34d58b", "8fec72cbdcb941034a7c0c64052220cde12dc466cf2106304ec77ebd2c7bd2c1", "58d471afddee8cfdc699d41d67024e1d63b83c038f17c0058722f708485aeffc", "52336dc775740988572f7d158eadc307fdaa72a178dfddaa59523980ef0b97f3", "82e1f7ad19a10760ff9917a9596f8feea2180086b9ade82064ef1a5344b9bb68", "f3d3bf58ba929bfc591edef51a03d4e3ff1799bc9fe61c1c7791e948891866c0"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "modified-executable", "hashes": ["749956cbbd0d1d3aed4eb24dddc1155aec6c46239152d536cfe1cbdfe23250bc", "68ed334c88c0025bf39d643d78a3badf9b3e1d210c942b0db0a45c81ce725ec2", "053a7a87ab88862eaa93cc1ad7d2a6d063f5f4d4ced27d79293fa30e2b01f886", "a650ed425a9549bd72db33f473722e19de1973131ffe5c92aac98febdcb2ae42", "53806c9d142b44c2d80270df36a34f82aaf5f42a38971ad8ef0a97d55ad43ea0", "c0d689354e7d9fd75932612420be7a3af50f68bfd3cb735553c0fc8e90ec9d6f", "3efbe7ca98c370afb81540c589f0f2a9bae8de2f7cf5e0e96956da42aff04c1f", "79ef439dc27f1c73fc3ca890a34897951bc88ae654db07a1f7ccb27134f0a055", "40b8a9b13e4ecdf38e805c017af1381779626d2aef6f966bf1b32b5fb7884f30", "ff40716166e751434afcf5e091af5570bd7db0867789bc3ac2a1fcb9d4157f4d", "fd4729c13748c27ae23dffdc85b658db358285579a5713c5216f15738d651fbf", "f43c85fe614c5115b376d23787a1836cdbdef9923e7132653332331314f5cea5", "06c1e92b9102991eba2779b9369f352b40342e1534ce036156b0ad96bc34d58b", "8fec72cbdcb941034a7c0c64052220cde12dc466cf2106304ec77ebd2c7bd2c1", "58d471afddee8cfdc699d41d67024e1d63b83c038f17c0058722f708485aeffc", "52336dc775740988572f7d158eadc307fdaa72a178dfddaa59523980ef0b97f3", "f3d3bf58ba929bfc591edef51a03d4e3ff1799bc9fe61c1c7791e948891866c0"], "mitre_attack_tags": []}, {"bi": "process-hollowing-detected", "hashes": ["749956cbbd0d1d3aed4eb24dddc1155aec6c46239152d536cfe1cbdfe23250bc", "68ed334c88c0025bf39d643d78a3badf9b3e1d210c942b0db0a45c81ce725ec2", "053a7a87ab88862eaa93cc1ad7d2a6d063f5f4d4ced27d79293fa30e2b01f886", "a650ed425a9549bd72db33f473722e19de1973131ffe5c92aac98febdcb2ae42", "53806c9d142b44c2d80270df36a34f82aaf5f42a38971ad8ef0a97d55ad43ea0", "3efbe7ca98c370afb81540c589f0f2a9bae8de2f7cf5e0e96956da42aff04c1f", "40b8a9b13e4ecdf38e805c017af1381779626d2aef6f966bf1b32b5fb7884f30", "ea358a82310adff5d0274118dd708c2f9ae94d0149358b91d9a5ca570bda8e56", "ff40716166e751434afcf5e091af5570bd7db0867789bc3ac2a1fcb9d4157f4d", "e14b408bfb28c06b97d8d02899c880dbbf3c0ae966b8fa5e3a2c646dd0d30cb6", "fd4729c13748c27ae23dffdc85b658db358285579a5713c5216f15738d651fbf", "f43c85fe614c5115b376d23787a1836cdbdef9923e7132653332331314f5cea5", "06c1e92b9102991eba2779b9369f352b40342e1534ce036156b0ad96bc34d58b", "8fec72cbdcb941034a7c0c64052220cde12dc466cf2106304ec77ebd2c7bd2c1", "58d471afddee8cfdc699d41d67024e1d63b83c038f17c0058722f708485aeffc", "82e1f7ad19a10760ff9917a9596f8feea2180086b9ade82064ef1a5344b9bb68", "f3d3bf58ba929bfc591edef51a03d4e3ff1799bc9fe61c1c7791e948891866c0"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "pe-invalid-checksum", "hashes": ["749956cbbd0d1d3aed4eb24dddc1155aec6c46239152d536cfe1cbdfe23250bc", "68ed334c88c0025bf39d643d78a3badf9b3e1d210c942b0db0a45c81ce725ec2", "053a7a87ab88862eaa93cc1ad7d2a6d063f5f4d4ced27d79293fa30e2b01f886", "a650ed425a9549bd72db33f473722e19de1973131ffe5c92aac98febdcb2ae42", "53806c9d142b44c2d80270df36a34f82aaf5f42a38971ad8ef0a97d55ad43ea0", "79ef439dc27f1c73fc3ca890a34897951bc88ae654db07a1f7ccb27134f0a055", "40b8a9b13e4ecdf38e805c017af1381779626d2aef6f966bf1b32b5fb7884f30", "ff40716166e751434afcf5e091af5570bd7db0867789bc3ac2a1fcb9d4157f4d", "fd4729c13748c27ae23dffdc85b658db358285579a5713c5216f15738d651fbf", "f43c85fe614c5115b376d23787a1836cdbdef9923e7132653332331314f5cea5", "06c1e92b9102991eba2779b9369f352b40342e1534ce036156b0ad96bc34d58b", "58d471afddee8cfdc699d41d67024e1d63b83c038f17c0058722f708485aeffc", "82e1f7ad19a10760ff9917a9596f8feea2180086b9ade82064ef1a5344b9bb68", "f3d3bf58ba929bfc591edef51a03d4e3ff1799bc9fe61c1c7791e948891866c0"], "mitre_attack_tags": []}, {"bi": "dot-net-process-hollowing-detected", "hashes": ["749956cbbd0d1d3aed4eb24dddc1155aec6c46239152d536cfe1cbdfe23250bc", "68ed334c88c0025bf39d643d78a3badf9b3e1d210c942b0db0a45c81ce725ec2", "053a7a87ab88862eaa93cc1ad7d2a6d063f5f4d4ced27d79293fa30e2b01f886", "a650ed425a9549bd72db33f473722e19de1973131ffe5c92aac98febdcb2ae42", "53806c9d142b44c2d80270df36a34f82aaf5f42a38971ad8ef0a97d55ad43ea0", "ea358a82310adff5d0274118dd708c2f9ae94d0149358b91d9a5ca570bda8e56", "ff40716166e751434afcf5e091af5570bd7db0867789bc3ac2a1fcb9d4157f4d", "e14b408bfb28c06b97d8d02899c880dbbf3c0ae966b8fa5e3a2c646dd0d30cb6", "fd4729c13748c27ae23dffdc85b658db358285579a5713c5216f15738d651fbf", "f43c85fe614c5115b376d23787a1836cdbdef9923e7132653332331314f5cea5", "06c1e92b9102991eba2779b9369f352b40342e1534ce036156b0ad96bc34d58b", "8fec72cbdcb941034a7c0c64052220cde12dc466cf2106304ec77ebd2c7bd2c1", "58d471afddee8cfdc699d41d67024e1d63b83c038f17c0058722f708485aeffc", "f3d3bf58ba929bfc591edef51a03d4e3ff1799bc9fe61c1c7791e948891866c0"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "process-check-zone-identifier", "hashes": ["749956cbbd0d1d3aed4eb24dddc1155aec6c46239152d536cfe1cbdfe23250bc", "68ed334c88c0025bf39d643d78a3badf9b3e1d210c942b0db0a45c81ce725ec2", "053a7a87ab88862eaa93cc1ad7d2a6d063f5f4d4ced27d79293fa30e2b01f886", "a650ed425a9549bd72db33f473722e19de1973131ffe5c92aac98febdcb2ae42", "53806c9d142b44c2d80270df36a34f82aaf5f42a38971ad8ef0a97d55ad43ea0", "ea358a82310adff5d0274118dd708c2f9ae94d0149358b91d9a5ca570bda8e56", "ff40716166e751434afcf5e091af5570bd7db0867789bc3ac2a1fcb9d4157f4d", "e14b408bfb28c06b97d8d02899c880dbbf3c0ae966b8fa5e3a2c646dd0d30cb6", "f43c85fe614c5115b376d23787a1836cdbdef9923e7132653332331314f5cea5", "06c1e92b9102991eba2779b9369f352b40342e1534ce036156b0ad96bc34d58b", "58d471afddee8cfdc699d41d67024e1d63b83c038f17c0058722f708485aeffc", "82e1f7ad19a10760ff9917a9596f8feea2180086b9ade82064ef1a5344b9bb68", "f3d3bf58ba929bfc591edef51a03d4e3ff1799bc9fe61c1c7791e948891866c0"], "mitre_attack_tags": ["TA0007", "TA0005", "T1518", "T1553"]}, {"bi": "created-executable-in-user-dir", "hashes": ["749956cbbd0d1d3aed4eb24dddc1155aec6c46239152d536cfe1cbdfe23250bc", "53806c9d142b44c2d80270df36a34f82aaf5f42a38971ad8ef0a97d55ad43ea0", "c0d689354e7d9fd75932612420be7a3af50f68bfd3cb735553c0fc8e90ec9d6f", "3efbe7ca98c370afb81540c589f0f2a9bae8de2f7cf5e0e96956da42aff04c1f", "79ef439dc27f1c73fc3ca890a34897951bc88ae654db07a1f7ccb27134f0a055", "40b8a9b13e4ecdf38e805c017af1381779626d2aef6f966bf1b32b5fb7884f30", "fd4729c13748c27ae23dffdc85b658db358285579a5713c5216f15738d651fbf", "8fec72cbdcb941034a7c0c64052220cde12dc466cf2106304ec77ebd2c7bd2c1", "58d471afddee8cfdc699d41d67024e1d63b83c038f17c0058722f708485aeffc", "52336dc775740988572f7d158eadc307fdaa72a178dfddaa59523980ef0b97f3", "f3d3bf58ba929bfc591edef51a03d4e3ff1799bc9fe61c1c7791e948891866c0"], "mitre_attack_tags": []}, {"bi": "malware-nanocore-artifact-detected", "hashes": ["749956cbbd0d1d3aed4eb24dddc1155aec6c46239152d536cfe1cbdfe23250bc", "68ed334c88c0025bf39d643d78a3badf9b3e1d210c942b0db0a45c81ce725ec2", "053a7a87ab88862eaa93cc1ad7d2a6d063f5f4d4ced27d79293fa30e2b01f886", "a650ed425a9549bd72db33f473722e19de1973131ffe5c92aac98febdcb2ae42", "ea358a82310adff5d0274118dd708c2f9ae94d0149358b91d9a5ca570bda8e56", "ff40716166e751434afcf5e091af5570bd7db0867789bc3ac2a1fcb9d4157f4d", "e14b408bfb28c06b97d8d02899c880dbbf3c0ae966b8fa5e3a2c646dd0d30cb6", "f43c85fe614c5115b376d23787a1836cdbdef9923e7132653332331314f5cea5", "06c1e92b9102991eba2779b9369f352b40342e1534ce036156b0ad96bc34d58b", "58d471afddee8cfdc699d41d67024e1d63b83c038f17c0058722f708485aeffc", "f3d3bf58ba929bfc591edef51a03d4e3ff1799bc9fe61c1c7791e948891866c0"], "mitre_attack_tags": []}, {"bi": "windows-crash-tool-execution-detected", "hashes": ["749956cbbd0d1d3aed4eb24dddc1155aec6c46239152d536cfe1cbdfe23250bc", "68ed334c88c0025bf39d643d78a3badf9b3e1d210c942b0db0a45c81ce725ec2", "053a7a87ab88862eaa93cc1ad7d2a6d063f5f4d4ced27d79293fa30e2b01f886", "a650ed425a9549bd72db33f473722e19de1973131ffe5c92aac98febdcb2ae42", "ff40716166e751434afcf5e091af5570bd7db0867789bc3ac2a1fcb9d4157f4d", "e14b408bfb28c06b97d8d02899c880dbbf3c0ae966b8fa5e3a2c646dd0d30cb6", "fd4729c13748c27ae23dffdc85b658db358285579a5713c5216f15738d651fbf", "f43c85fe614c5115b376d23787a1836cdbdef9923e7132653332331314f5cea5", "06c1e92b9102991eba2779b9369f352b40342e1534ce036156b0ad96bc34d58b", "58d471afddee8cfdc699d41d67024e1d63b83c038f17c0058722f708485aeffc", "f3d3bf58ba929bfc591edef51a03d4e3ff1799bc9fe61c1c7791e948891866c0"], "mitre_attack_tags": []}, {"bi": "feed-domain-antivirus-service", "hashes": ["c0d689354e7d9fd75932612420be7a3af50f68bfd3cb735553c0fc8e90ec9d6f", "3efbe7ca98c370afb81540c589f0f2a9bae8de2f7cf5e0e96956da42aff04c1f", "79ef439dc27f1c73fc3ca890a34897951bc88ae654db07a1f7ccb27134f0a055", "40b8a9b13e4ecdf38e805c017af1381779626d2aef6f966bf1b32b5fb7884f30", "ea358a82310adff5d0274118dd708c2f9ae94d0149358b91d9a5ca570bda8e56", "e14b408bfb28c06b97d8d02899c880dbbf3c0ae966b8fa5e3a2c646dd0d30cb6", "8fec72cbdcb941034a7c0c64052220cde12dc466cf2106304ec77ebd2c7bd2c1", "52336dc775740988572f7d158eadc307fdaa72a178dfddaa59523980ef0b97f3", "82e1f7ad19a10760ff9917a9596f8feea2180086b9ade82064ef1a5344b9bb68"], "mitre_attack_tags": []}, {"bi": "process-with-multiple-children", "hashes": ["68ed334c88c0025bf39d643d78a3badf9b3e1d210c942b0db0a45c81ce725ec2", "053a7a87ab88862eaa93cc1ad7d2a6d063f5f4d4ced27d79293fa30e2b01f886", "a650ed425a9549bd72db33f473722e19de1973131ffe5c92aac98febdcb2ae42", "ff40716166e751434afcf5e091af5570bd7db0867789bc3ac2a1fcb9d4157f4d", "f43c85fe614c5115b376d23787a1836cdbdef9923e7132653332331314f5cea5", "06c1e92b9102991eba2779b9369f352b40342e1534ce036156b0ad96bc34d58b", "58d471afddee8cfdc699d41d67024e1d63b83c038f17c0058722f708485aeffc", "f3d3bf58ba929bfc591edef51a03d4e3ff1799bc9fe61c1c7791e948891866c0"], "mitre_attack_tags": ["TA0005"]}, {"bi": "registry-autorun-key-data-dir", "hashes": ["53806c9d142b44c2d80270df36a34f82aaf5f42a38971ad8ef0a97d55ad43ea0", "c0d689354e7d9fd75932612420be7a3af50f68bfd3cb735553c0fc8e90ec9d6f", "3efbe7ca98c370afb81540c589f0f2a9bae8de2f7cf5e0e96956da42aff04c1f", "79ef439dc27f1c73fc3ca890a34897951bc88ae654db07a1f7ccb27134f0a055", "40b8a9b13e4ecdf38e805c017af1381779626d2aef6f966bf1b32b5fb7884f30", "fd4729c13748c27ae23dffdc85b658db358285579a5713c5216f15738d651fbf", "8fec72cbdcb941034a7c0c64052220cde12dc466cf2106304ec77ebd2c7bd2c1", "52336dc775740988572f7d158eadc307fdaa72a178dfddaa59523980ef0b97f3"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "network-dns-category-dynamic", "hashes": ["53806c9d142b44c2d80270df36a34f82aaf5f42a38971ad8ef0a97d55ad43ea0", "c0d689354e7d9fd75932612420be7a3af50f68bfd3cb735553c0fc8e90ec9d6f", "3efbe7ca98c370afb81540c589f0f2a9bae8de2f7cf5e0e96956da42aff04c1f", "40b8a9b13e4ecdf38e805c017af1381779626d2aef6f966bf1b32b5fb7884f30", "ea358a82310adff5d0274118dd708c2f9ae94d0149358b91d9a5ca570bda8e56", "e14b408bfb28c06b97d8d02899c880dbbf3c0ae966b8fa5e3a2c646dd0d30cb6", "52336dc775740988572f7d158eadc307fdaa72a178dfddaa59523980ef0b97f3"], "mitre_attack_tags": []}, {"bi": "feed-domain-rat", "hashes": ["c0d689354e7d9fd75932612420be7a3af50f68bfd3cb735553c0fc8e90ec9d6f", "3efbe7ca98c370afb81540c589f0f2a9bae8de2f7cf5e0e96956da42aff04c1f", "40b8a9b13e4ecdf38e805c017af1381779626d2aef6f966bf1b32b5fb7884f30", "ea358a82310adff5d0274118dd708c2f9ae94d0149358b91d9a5ca570bda8e56", "e14b408bfb28c06b97d8d02899c880dbbf3c0ae966b8fa5e3a2c646dd0d30cb6", "8fec72cbdcb941034a7c0c64052220cde12dc466cf2106304ec77ebd2c7bd2c1", "52336dc775740988572f7d158eadc307fdaa72a178dfddaa59523980ef0b97f3"], "mitre_attack_tags": []}, {"bi": "created-executable-sample-appdata", "hashes": ["c0d689354e7d9fd75932612420be7a3af50f68bfd3cb735553c0fc8e90ec9d6f", "3efbe7ca98c370afb81540c589f0f2a9bae8de2f7cf5e0e96956da42aff04c1f", "79ef439dc27f1c73fc3ca890a34897951bc88ae654db07a1f7ccb27134f0a055", "40b8a9b13e4ecdf38e805c017af1381779626d2aef6f966bf1b32b5fb7884f30", "fd4729c13748c27ae23dffdc85b658db358285579a5713c5216f15738d651fbf", "8fec72cbdcb941034a7c0c64052220cde12dc466cf2106304ec77ebd2c7bd2c1", "52336dc775740988572f7d158eadc307fdaa72a178dfddaa59523980ef0b97f3"], "mitre_attack_tags": ["TA0005", "T1564"]}, {"bi": "network-fast-flux-domain", "hashes": ["c0d689354e7d9fd75932612420be7a3af50f68bfd3cb735553c0fc8e90ec9d6f", "3efbe7ca98c370afb81540c589f0f2a9bae8de2f7cf5e0e96956da42aff04c1f", "ea358a82310adff5d0274118dd708c2f9ae94d0149358b91d9a5ca570bda8e56", "e14b408bfb28c06b97d8d02899c880dbbf3c0ae966b8fa5e3a2c646dd0d30cb6", "8fec72cbdcb941034a7c0c64052220cde12dc466cf2106304ec77ebd2c7bd2c1", "52336dc775740988572f7d158eadc307fdaa72a178dfddaa59523980ef0b97f3"], "mitre_attack_tags": []}, {"bi": "potential-registry-persistence", "hashes": ["c0d689354e7d9fd75932612420be7a3af50f68bfd3cb735553c0fc8e90ec9d6f", "3efbe7ca98c370afb81540c589f0f2a9bae8de2f7cf5e0e96956da42aff04c1f", "52336dc775740988572f7d158eadc307fdaa72a178dfddaa59523980ef0b97f3", "82e1f7ad19a10760ff9917a9596f8feea2180086b9ade82064ef1a5344b9bb68"], "mitre_attack_tags": ["TA0003"]}, {"bi": "benign-process-has-child", "hashes": ["c0d689354e7d9fd75932612420be7a3af50f68bfd3cb735553c0fc8e90ec9d6f", "3efbe7ca98c370afb81540c589f0f2a9bae8de2f7cf5e0e96956da42aff04c1f", "79ef439dc27f1c73fc3ca890a34897951bc88ae654db07a1f7ccb27134f0a055", "52336dc775740988572f7d158eadc307fdaa72a178dfddaa59523980ef0b97f3"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "antivirus-flagged-artifact", "hashes": ["749956cbbd0d1d3aed4eb24dddc1155aec6c46239152d536cfe1cbdfe23250bc", "40b8a9b13e4ecdf38e805c017af1381779626d2aef6f966bf1b32b5fb7884f30", "8fec72cbdcb941034a7c0c64052220cde12dc466cf2106304ec77ebd2c7bd2c1"], "mitre_attack_tags": []}, {"bi": "registry-autorun-key-temp-dir", "hashes": ["749956cbbd0d1d3aed4eb24dddc1155aec6c46239152d536cfe1cbdfe23250bc", "58d471afddee8cfdc699d41d67024e1d63b83c038f17c0058722f708485aeffc", "f3d3bf58ba929bfc591edef51a03d4e3ff1799bc9fe61c1c7791e948891866c0"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "artifact-windows-task", "hashes": ["c0d689354e7d9fd75932612420be7a3af50f68bfd3cb735553c0fc8e90ec9d6f", "3efbe7ca98c370afb81540c589f0f2a9bae8de2f7cf5e0e96956da42aff04c1f", "52336dc775740988572f7d158eadc307fdaa72a178dfddaa59523980ef0b97f3"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1053"]}, {"bi": "localhost-ipaddress-detected", "hashes": ["c0d689354e7d9fd75932612420be7a3af50f68bfd3cb735553c0fc8e90ec9d6f", "3efbe7ca98c370afb81540c589f0f2a9bae8de2f7cf5e0e96956da42aff04c1f", "52336dc775740988572f7d158eadc307fdaa72a178dfddaa59523980ef0b97f3"], "mitre_attack_tags": []}, {"bi": "windows-util-schtask", "hashes": ["c0d689354e7d9fd75932612420be7a3af50f68bfd3cb735553c0fc8e90ec9d6f", "3efbe7ca98c370afb81540c589f0f2a9bae8de2f7cf5e0e96956da42aff04c1f", "52336dc775740988572f7d158eadc307fdaa72a178dfddaa59523980ef0b97f3"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1053"]}, {"bi": "windows-util-schtask-generic", "hashes": ["c0d689354e7d9fd75932612420be7a3af50f68bfd3cb735553c0fc8e90ec9d6f", "3efbe7ca98c370afb81540c589f0f2a9bae8de2f7cf5e0e96956da42aff04c1f", "52336dc775740988572f7d158eadc307fdaa72a178dfddaa59523980ef0b97f3"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1053"]}, {"bi": "network-benign-process", "hashes": ["c0d689354e7d9fd75932612420be7a3af50f68bfd3cb735553c0fc8e90ec9d6f", "3efbe7ca98c370afb81540c589f0f2a9bae8de2f7cf5e0e96956da42aff04c1f", "52336dc775740988572f7d158eadc307fdaa72a178dfddaa59523980ef0b97f3"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "windows-util-schtask-create-onlogon", "hashes": ["c0d689354e7d9fd75932612420be7a3af50f68bfd3cb735553c0fc8e90ec9d6f", "3efbe7ca98c370afb81540c589f0f2a9bae8de2f7cf5e0e96956da42aff04c1f", "52336dc775740988572f7d158eadc307fdaa72a178dfddaa59523980ef0b97f3"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1053"]}, {"bi": "task-pointed-to-appdata-directory", "hashes": ["c0d689354e7d9fd75932612420be7a3af50f68bfd3cb735553c0fc8e90ec9d6f", "3efbe7ca98c370afb81540c589f0f2a9bae8de2f7cf5e0e96956da42aff04c1f", "52336dc775740988572f7d158eadc307fdaa72a178dfddaa59523980ef0b97f3"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1053"]}, {"bi": "malware-cybergate-rat", "hashes": ["c0d689354e7d9fd75932612420be7a3af50f68bfd3cb735553c0fc8e90ec9d6f", "3efbe7ca98c370afb81540c589f0f2a9bae8de2f7cf5e0e96956da42aff04c1f", "52336dc775740988572f7d158eadc307fdaa72a178dfddaa59523980ef0b97f3"], "mitre_attack_tags": []}, {"bi": "network-only-safe-domains-contacted", "hashes": ["79ef439dc27f1c73fc3ca890a34897951bc88ae654db07a1f7ccb27134f0a055", "8fec72cbdcb941034a7c0c64052220cde12dc466cf2106304ec77ebd2c7bd2c1", "82e1f7ad19a10760ff9917a9596f8feea2180086b9ade82064ef1a5344b9bb68"], "mitre_attack_tags": []}, {"bi": "dns-excessive-domain-queries", "hashes": ["ea358a82310adff5d0274118dd708c2f9ae94d0149358b91d9a5ca570bda8e56", "e14b408bfb28c06b97d8d02899c880dbbf3c0ae966b8fa5e3a2c646dd0d30cb6", "82e1f7ad19a10760ff9917a9596f8feea2180086b9ade82064ef1a5344b9bb68"], "mitre_attack_tags": ["TA0011", "T1008"]}, {"bi": "regasm-network-connection", "hashes": ["ea358a82310adff5d0274118dd708c2f9ae94d0149358b91d9a5ca570bda8e56", "e14b408bfb28c06b97d8d02899c880dbbf3c0ae966b8fa5e3a2c646dd0d30cb6", "8fec72cbdcb941034a7c0c64052220cde12dc466cf2106304ec77ebd2c7bd2c1"], "mitre_attack_tags": ["TA0005"]}, {"bi": "malware-known-trojan-av", "hashes": ["749956cbbd0d1d3aed4eb24dddc1155aec6c46239152d536cfe1cbdfe23250bc", "8fec72cbdcb941034a7c0c64052220cde12dc466cf2106304ec77ebd2c7bd2c1"], "mitre_attack_tags": []}, {"bi": "process-with-excessive-children", "hashes": ["749956cbbd0d1d3aed4eb24dddc1155aec6c46239152d536cfe1cbdfe23250bc", "e14b408bfb28c06b97d8d02899c880dbbf3c0ae966b8fa5e3a2c646dd0d30cb6"], "mitre_attack_tags": ["TA0005"]}, {"bi": "pe-filename-mismatch", "hashes": ["53806c9d142b44c2d80270df36a34f82aaf5f42a38971ad8ef0a97d55ad43ea0", "8fec72cbdcb941034a7c0c64052220cde12dc466cf2106304ec77ebd2c7bd2c1"], "mitre_attack_tags": []}, {"bi": "network-fast-flux-nameserver", "hashes": ["53806c9d142b44c2d80270df36a34f82aaf5f42a38971ad8ef0a97d55ad43ea0", "82e1f7ad19a10760ff9917a9596f8feea2180086b9ade82064ef1a5344b9bb68"], "mitre_attack_tags": []}, {"bi": "pe-uses-dot-net", "hashes": ["53806c9d142b44c2d80270df36a34f82aaf5f42a38971ad8ef0a97d55ad43ea0", "8fec72cbdcb941034a7c0c64052220cde12dc466cf2106304ec77ebd2c7bd2c1"], "mitre_attack_tags": []}, {"bi": "network-communications-http-get", "hashes": ["79ef439dc27f1c73fc3ca890a34897951bc88ae654db07a1f7ccb27134f0a055", "8fec72cbdcb941034a7c0c64052220cde12dc466cf2106304ec77ebd2c7bd2c1"], "mitre_attack_tags": ["TA0011", "T1105"]}, {"bi": "http-response-redirect", "hashes": ["79ef439dc27f1c73fc3ca890a34897951bc88ae654db07a1f7ccb27134f0a055", "8fec72cbdcb941034a7c0c64052220cde12dc466cf2106304ec77ebd2c7bd2c1"], "mitre_attack_tags": []}, {"bi": "dns-query-nxdomain", "hashes": ["40b8a9b13e4ecdf38e805c017af1381779626d2aef6f966bf1b32b5fb7884f30", "82e1f7ad19a10760ff9917a9596f8feea2180086b9ade82064ef1a5344b9bb68"], "mitre_attack_tags": []}, {"bi": "dns-public-server-contacted", "hashes": ["ea358a82310adff5d0274118dd708c2f9ae94d0149358b91d9a5ca570bda8e56", "e14b408bfb28c06b97d8d02899c880dbbf3c0ae966b8fa5e3a2c646dd0d30cb6"], "mitre_attack_tags": ["TA0011", "T1071"]}, {"bi": "network-dns-safe-categories", "hashes": ["53806c9d142b44c2d80270df36a34f82aaf5f42a38971ad8ef0a97d55ad43ea0"], "mitre_attack_tags": []}, {"bi": "malware-imminent-filepath", "hashes": ["53806c9d142b44c2d80270df36a34f82aaf5f42a38971ad8ef0a97d55ad43ea0"], "mitre_attack_tags": []}, {"bi": "audio-video-mutex-detected", "hashes": ["53806c9d142b44c2d80270df36a34f82aaf5f42a38971ad8ef0a97d55ad43ea0"], "mitre_attack_tags": ["TA0009", "T1123", "T1125"]}, {"bi": "process-long-cmdline", "hashes": ["79ef439dc27f1c73fc3ca890a34897951bc88ae654db07a1f7ccb27134f0a055"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "url-not-found", "hashes": ["79ef439dc27f1c73fc3ca890a34897951bc88ae654db07a1f7ccb27134f0a055"], "mitre_attack_tags": []}, {"bi": "sample-launched-copy-of-self", "hashes": ["40b8a9b13e4ecdf38e805c017af1381779626d2aef6f966bf1b32b5fb7884f30"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "unsigned-roaming-execution", "hashes": ["40b8a9b13e4ecdf38e805c017af1381779626d2aef6f966bf1b32b5fb7884f30"], "mitre_attack_tags": ["TA0005"]}, {"bi": "pe-imports-toolhelp", "hashes": ["40b8a9b13e4ecdf38e805c017af1381779626d2aef6f966bf1b32b5fb7884f30"], "mitre_attack_tags": ["TA0007", "T1057"]}, {"bi": "registry-activesetup-key-modified", "hashes": ["40b8a9b13e4ecdf38e805c017af1381779626d2aef6f966bf1b32b5fb7884f30"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "malware-netwire-artifact", "hashes": ["40b8a9b13e4ecdf38e805c017af1381779626d2aef6f966bf1b32b5fb7884f30"], "mitre_attack_tags": []}, {"bi": "excessive-process-creates", "hashes": ["e14b408bfb28c06b97d8d02899c880dbbf3c0ae966b8fa5e3a2c646dd0d30cb6"], "mitre_attack_tags": ["TA0040", "T1499"]}, {"bi": "artifact-flagged-sandbox", "hashes": ["8fec72cbdcb941034a7c0c64052220cde12dc466cf2106304ec77ebd2c7bd2c1"], "mitre_attack_tags": ["TA0005", "TA0007", "T1497"]}, {"bi": "network-communications-smtp", "hashes": ["8fec72cbdcb941034a7c0c64052220cde12dc466cf2106304ec77ebd2c7bd2c1"], "mitre_attack_tags": ["TA0011", "T1071"]}, {"bi": "network-smtp-spambot", "hashes": ["8fec72cbdcb941034a7c0c64052220cde12dc466cf2106304ec77ebd2c7bd2c1"], "mitre_attack_tags": []}, {"bi": "network-smtp-spambot-v2", "hashes": ["8fec72cbdcb941034a7c0c64052220cde12dc466cf2106304ec77ebd2c7bd2c1"], "mitre_attack_tags": []}, {"bi": "dns-dynamic-domain", "hashes": ["8fec72cbdcb941034a7c0c64052220cde12dc466cf2106304ec77ebd2c7bd2c1"], "mitre_attack_tags": ["TA0011", "T1568"]}, {"bi": "network-snort-indicator-compromise", "hashes": ["8fec72cbdcb941034a7c0c64052220cde12dc466cf2106304ec77ebd2c7bd2c1"], "mitre_attack_tags": []}, {"bi": "file-ini-read", "hashes": ["8fec72cbdcb941034a7c0c64052220cde12dc466cf2106304ec77ebd2c7bd2c1"], "mitre_attack_tags": []}, {"bi": "windows-vault-api", "hashes": ["8fec72cbdcb941034a7c0c64052220cde12dc466cf2106304ec77ebd2c7bd2c1"], "mitre_attack_tags": ["TA0006", "T1003", "T1555"]}, {"bi": "firefox-password-manager-local-database-access", "hashes": ["8fec72cbdcb941034a7c0c64052220cde12dc466cf2106304ec77ebd2c7bd2c1"], "mitre_attack_tags": ["TA0006", "T1003"]}, {"bi": "enumeration-browser-information", "hashes": ["8fec72cbdcb941034a7c0c64052220cde12dc466cf2106304ec77ebd2c7bd2c1"], "mitre_attack_tags": ["TA0007", "TA0009", "TA0006", "T1083", "T1217", "T1005", "T1119", "T1552", "T1539", "T1555"]}, {"bi": "listening-port-opened", "hashes": ["8fec72cbdcb941034a7c0c64052220cde12dc466cf2106304ec77ebd2c7bd2c1"], "mitre_attack_tags": ["TA0011", "T1219"]}, {"bi": "network-http-blank-user-agent", "hashes": ["8fec72cbdcb941034a7c0c64052220cde12dc466cf2106304ec77ebd2c7bd2c1"], "mitre_attack_tags": ["TA0011", "T1071"]}, {"bi": "public-ip-address-identification-attempt", "hashes": ["8fec72cbdcb941034a7c0c64052220cde12dc466cf2106304ec77ebd2c7bd2c1"], "mitre_attack_tags": ["TA0007", "T1082", "T1016"]}, {"bi": "feed-public-ip-check-dns", "hashes": ["8fec72cbdcb941034a7c0c64052220cde12dc466cf2106304ec77ebd2c7bd2c1"], "mitre_attack_tags": []}, {"bi": "registry-autorun-suspicious-public-ip", "hashes": ["8fec72cbdcb941034a7c0c64052220cde12dc466cf2106304ec77ebd2c7bd2c1"], "mitre_attack_tags": []}, {"bi": "fault-report-file-created", "hashes": ["8fec72cbdcb941034a7c0c64052220cde12dc466cf2106304ec77ebd2c7bd2c1"], "mitre_attack_tags": []}, {"bi": "compiler-vbc-run", "hashes": ["8fec72cbdcb941034a7c0c64052220cde12dc466cf2106304ec77ebd2c7bd2c1"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "process-check-browser-mail-client-files", "hashes": ["8fec72cbdcb941034a7c0c64052220cde12dc466cf2106304ec77ebd2c7bd2c1"], "mitre_attack_tags": ["TA0007", "T1518"]}, {"bi": "malware-hawkeye-detected", "hashes": ["8fec72cbdcb941034a7c0c64052220cde12dc466cf2106304ec77ebd2c7bd2c1"], "mitre_attack_tags": []}, {"bi": "dot-net-crash-tool-execution-detected", "hashes": ["8fec72cbdcb941034a7c0c64052220cde12dc466cf2106304ec77ebd2c7bd2c1"], "mitre_attack_tags": []}, {"bi": "eml-same-sender-recipient", "hashes": ["8fec72cbdcb941034a7c0c64052220cde12dc466cf2106304ec77ebd2c7bd2c1"], "mitre_attack_tags": ["TA0001", "T1566"]}, {"bi": "malware-generic-infostealer", "hashes": ["8fec72cbdcb941034a7c0c64052220cde12dc466cf2106304ec77ebd2c7bd2c1"], "mitre_attack_tags": ["TA0007", "TA0009", "TA0006", "T1083", "T1005", "T1119", "T1552"]}, {"bi": "enumeration-email-program-information", "hashes": ["8fec72cbdcb941034a7c0c64052220cde12dc466cf2106304ec77ebd2c7bd2c1"], "mitre_attack_tags": ["TA0007", "TA0009", "TA0006", "T1083", "T1087", "T1005", "T1119", "T1114", "T1552"]}, {"bi": "email-same-sender-receiver-domain", "hashes": ["8fec72cbdcb941034a7c0c64052220cde12dc466cf2106304ec77ebd2c7bd2c1"], "mitre_attack_tags": []}, {"bi": "process-explorer-suspicious-launch", "hashes": ["82e1f7ad19a10760ff9917a9596f8feea2180086b9ade82064ef1a5344b9bb68"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "possible-dga-communication", "hashes": ["82e1f7ad19a10760ff9917a9596f8feea2180086b9ade82064ef1a5344b9bb68"], "mitre_attack_tags": ["TA0011", "T1568"]}, {"bi": "network-explorer-process", "hashes": ["82e1f7ad19a10760ff9917a9596f8feea2180086b9ade82064ef1a5344b9bb68"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "process-check-virtualbox", "hashes": ["82e1f7ad19a10760ff9917a9596f8feea2180086b9ade82064ef1a5344b9bb68"], "mitre_attack_tags": ["TA0005", "TA0007", "T1497"]}, {"bi": "registry-ie-zone-settings-modified", "hashes": ["82e1f7ad19a10760ff9917a9596f8feea2180086b9ade82064ef1a5344b9bb68"], "mitre_attack_tags": ["TA0005", "T1562"]}, {"bi": "registry-image-file-execution-debugger", "hashes": ["82e1f7ad19a10760ff9917a9596f8feea2180086b9ade82064ef1a5344b9bb68"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1569", "T1547"]}, {"bi": "image-file-execution-options-set", "hashes": ["82e1f7ad19a10760ff9917a9596f8feea2180086b9ade82064ef1a5344b9bb68"], "mitre_attack_tags": ["TA0003", "TA0004", "T1546"]}, {"bi": "image-file-execution-options-set-to-malicious-value", "hashes": ["82e1f7ad19a10760ff9917a9596f8feea2180086b9ade82064ef1a5344b9bb68"], "mitre_attack_tags": ["TA0003", "TA0004", "T1546"]}, {"bi": "disables-windows-firewall", "hashes": ["82e1f7ad19a10760ff9917a9596f8feea2180086b9ade82064ef1a5344b9bb68"], "mitre_attack_tags": ["TA0005", "T1562"]}, {"bi": "process-check-vmware", "hashes": ["82e1f7ad19a10760ff9917a9596f8feea2180086b9ade82064ef1a5344b9bb68"], "mitre_attack_tags": ["TA0005", "TA0007", "T1497"]}, {"bi": "registry-disable-exception-chain-validation", "hashes": ["82e1f7ad19a10760ff9917a9596f8feea2180086b9ade82064ef1a5344b9bb68"], "mitre_attack_tags": ["TA0002", "T1569"]}], "category": "Dropper", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": true, "Threat Grid": true, "Umbrella": false, "WSA": false}, "description": "Nanocore is a .NET remote access trojan. Its source code has been leaked several times, making it widely available. Like other RATs, it allows full control of the system, including recording video and audio, stealing passwords, downloading files and recording keystrokes.", "hashes": ["053a7a87ab88862eaa93cc1ad7d2a6d063f5f4d4ced27d79293fa30e2b01f886", "06c1e92b9102991eba2779b9369f352b40342e1534ce036156b0ad96bc34d58b", "3efbe7ca98c370afb81540c589f0f2a9bae8de2f7cf5e0e96956da42aff04c1f", "40b8a9b13e4ecdf38e805c017af1381779626d2aef6f966bf1b32b5fb7884f30", "52336dc775740988572f7d158eadc307fdaa72a178dfddaa59523980ef0b97f3", "53806c9d142b44c2d80270df36a34f82aaf5f42a38971ad8ef0a97d55ad43ea0", "58d471afddee8cfdc699d41d67024e1d63b83c038f17c0058722f708485aeffc", "68ed334c88c0025bf39d643d78a3badf9b3e1d210c942b0db0a45c81ce725ec2", "749956cbbd0d1d3aed4eb24dddc1155aec6c46239152d536cfe1cbdfe23250bc", "79ef439dc27f1c73fc3ca890a34897951bc88ae654db07a1f7ccb27134f0a055", "82e1f7ad19a10760ff9917a9596f8feea2180086b9ade82064ef1a5344b9bb68", "8fec72cbdcb941034a7c0c64052220cde12dc466cf2106304ec77ebd2c7bd2c1", "a650ed425a9549bd72db33f473722e19de1973131ffe5c92aac98febdcb2ae42", "c0d689354e7d9fd75932612420be7a3af50f68bfd3cb735553c0fc8e90ec9d6f", "e14b408bfb28c06b97d8d02899c880dbbf3c0ae966b8fa5e3a2c646dd0d30cb6", "ea358a82310adff5d0274118dd708c2f9ae94d0149358b91d9a5ca570bda8e56", "f3d3bf58ba929bfc591edef51a03d4e3ff1799bc9fe61c1c7791e948891866c0", "f43c85fe614c5115b376d23787a1836cdbdef9923e7132653332331314f5cea5", "fd4729c13748c27ae23dffdc85b658db358285579a5713c5216f15738d651fbf", "ff40716166e751434afcf5e091af5570bd7db0867789bc3ac2a1fcb9d4157f4d"], "iocs": {"domain": [{"hashes": ["3efbe7ca98c370afb81540c589f0f2a9bae8de2f7cf5e0e96956da42aff04c1f", "52336dc775740988572f7d158eadc307fdaa72a178dfddaa59523980ef0b97f3", "c0d689354e7d9fd75932612420be7a3af50f68bfd3cb735553c0fc8e90ec9d6f"], "host": "wins10up[.]16-b[.]it"}, {"hashes": ["3efbe7ca98c370afb81540c589f0f2a9bae8de2f7cf5e0e96956da42aff04c1f", "52336dc775740988572f7d158eadc307fdaa72a178dfddaa59523980ef0b97f3", "c0d689354e7d9fd75932612420be7a3af50f68bfd3cb735553c0fc8e90ec9d6f"], "host": "sslwin[.]moneyhome[.]biz"}, {"hashes": ["3efbe7ca98c370afb81540c589f0f2a9bae8de2f7cf5e0e96956da42aff04c1f", "52336dc775740988572f7d158eadc307fdaa72a178dfddaa59523980ef0b97f3", "c0d689354e7d9fd75932612420be7a3af50f68bfd3cb735553c0fc8e90ec9d6f"], "host": "k4l1m3r4[.]publicvm[.]com"}, {"hashes": ["3efbe7ca98c370afb81540c589f0f2a9bae8de2f7cf5e0e96956da42aff04c1f", "52336dc775740988572f7d158eadc307fdaa72a178dfddaa59523980ef0b97f3", "c0d689354e7d9fd75932612420be7a3af50f68bfd3cb735553c0fc8e90ec9d6f"], "host": "put0carad3verg4[.]strangled[.]net"}, {"hashes": ["3efbe7ca98c370afb81540c589f0f2a9bae8de2f7cf5e0e96956da42aff04c1f", "52336dc775740988572f7d158eadc307fdaa72a178dfddaa59523980ef0b97f3", "c0d689354e7d9fd75932612420be7a3af50f68bfd3cb735553c0fc8e90ec9d6f"], "host": "clar0dsl[.]serveminecraft[.]net"}, {"hashes": ["e14b408bfb28c06b97d8d02899c880dbbf3c0ae966b8fa5e3a2c646dd0d30cb6", "ea358a82310adff5d0274118dd708c2f9ae94d0149358b91d9a5ca570bda8e56"], "host": "peppers[.]duckdns[.]org"}, {"hashes": ["79ef439dc27f1c73fc3ca890a34897951bc88ae654db07a1f7ccb27134f0a055"], "host": "go[.]microsoft[.]com"}, {"hashes": ["79ef439dc27f1c73fc3ca890a34897951bc88ae654db07a1f7ccb27134f0a055"], "host": "www[.]bing[.]com"}, {"hashes": ["8fec72cbdcb941034a7c0c64052220cde12dc466cf2106304ec77ebd2c7bd2c1"], "host": "whatismyipaddress[.]com"}, {"hashes": ["82e1f7ad19a10760ff9917a9596f8feea2180086b9ade82064ef1a5344b9bb68"], "host": "google[.]com"}, {"hashes": ["8fec72cbdcb941034a7c0c64052220cde12dc466cf2106304ec77ebd2c7bd2c1"], "host": "checkip[.]dyndns[.]org"}, {"hashes": ["79ef439dc27f1c73fc3ca890a34897951bc88ae654db07a1f7ccb27134f0a055"], "host": "learn[.]microsoft[.]com"}, {"hashes": ["40b8a9b13e4ecdf38e805c017af1381779626d2aef6f966bf1b32b5fb7884f30"], "host": "thoka[.]linkpc[.]net"}, {"hashes": ["82e1f7ad19a10760ff9917a9596f8feea2180086b9ade82064ef1a5344b9bb68"], "host": "7163zbh16356ztug13765gv541[.]su"}, {"hashes": ["53806c9d142b44c2d80270df36a34f82aaf5f42a38971ad8ef0a97d55ad43ea0"], "host": "kazaz[.]no-ip[.]info"}, {"hashes": ["82e1f7ad19a10760ff9917a9596f8feea2180086b9ade82064ef1a5344b9bb68"], "host": "1378137613gbadz13567ds13[.]su"}, {"hashes": ["82e1f7ad19a10760ff9917a9596f8feea2180086b9ade82064ef1a5344b9bb68"], "host": "asdjihnu1z763hubad6tn13[.]su"}, {"hashes": ["82e1f7ad19a10760ff9917a9596f8feea2180086b9ade82064ef1a5344b9bb68"], "host": "hjadzgt613bhu8967rv61563fv[.]su"}, {"hashes": ["8fec72cbdcb941034a7c0c64052220cde12dc466cf2106304ec77ebd2c7bd2c1"], "host": "mail[.]alonqood[.]com"}, {"hashes": ["82e1f7ad19a10760ff9917a9596f8feea2180086b9ade82064ef1a5344b9bb68"], "host": "1376bad654134c667213[.]online"}, {"hashes": ["82e1f7ad19a10760ff9917a9596f8feea2180086b9ade82064ef1a5344b9bb68"], "host": "137zt67g1635r5bd671563gbzasduzh512[.]online"}, {"hashes": ["82e1f7ad19a10760ff9917a9596f8feea2180086b9ade82064ef1a5344b9bb68"], "host": "13hjkz7513v64541852v65431b5411dxv24[.]su"}, {"hashes": ["82e1f7ad19a10760ff9917a9596f8feea2180086b9ade82064ef1a5344b9bb68"], "host": "13uhbt1z3tz78a56sdvghf1563451[.]ru"}, {"hashes": ["82e1f7ad19a10760ff9917a9596f8feea2180086b9ade82064ef1a5344b9bb68"], "host": "713zgjj2iigbh1766av441bsd67613[.]ru"}], "file": [{"hashes": ["053a7a87ab88862eaa93cc1ad7d2a6d063f5f4d4ced27d79293fa30e2b01f886", "06c1e92b9102991eba2779b9369f352b40342e1534ce036156b0ad96bc34d58b", "58d471afddee8cfdc699d41d67024e1d63b83c038f17c0058722f708485aeffc", "68ed334c88c0025bf39d643d78a3badf9b3e1d210c942b0db0a45c81ce725ec2", "749956cbbd0d1d3aed4eb24dddc1155aec6c46239152d536cfe1cbdfe23250bc", "a650ed425a9549bd72db33f473722e19de1973131ffe5c92aac98febdcb2ae42", "e14b408bfb28c06b97d8d02899c880dbbf3c0ae966b8fa5e3a2c646dd0d30cb6", "ea358a82310adff5d0274118dd708c2f9ae94d0149358b91d9a5ca570bda8e56", "f3d3bf58ba929bfc591edef51a03d4e3ff1799bc9fe61c1c7791e948891866c0", "f43c85fe614c5115b376d23787a1836cdbdef9923e7132653332331314f5cea5", "ff40716166e751434afcf5e091af5570bd7db0867789bc3ac2a1fcb9d4157f4d"], "path": "%APPDATA%\\D19AB989-A35F-4710-83DF-7B2DB7EFE7C5"}, {"hashes": ["053a7a87ab88862eaa93cc1ad7d2a6d063f5f4d4ced27d79293fa30e2b01f886", "06c1e92b9102991eba2779b9369f352b40342e1534ce036156b0ad96bc34d58b", "58d471afddee8cfdc699d41d67024e1d63b83c038f17c0058722f708485aeffc", "68ed334c88c0025bf39d643d78a3badf9b3e1d210c942b0db0a45c81ce725ec2", "749956cbbd0d1d3aed4eb24dddc1155aec6c46239152d536cfe1cbdfe23250bc", "a650ed425a9549bd72db33f473722e19de1973131ffe5c92aac98febdcb2ae42", "e14b408bfb28c06b97d8d02899c880dbbf3c0ae966b8fa5e3a2c646dd0d30cb6", "ea358a82310adff5d0274118dd708c2f9ae94d0149358b91d9a5ca570bda8e56", "f3d3bf58ba929bfc591edef51a03d4e3ff1799bc9fe61c1c7791e948891866c0", "f43c85fe614c5115b376d23787a1836cdbdef9923e7132653332331314f5cea5", "ff40716166e751434afcf5e091af5570bd7db0867789bc3ac2a1fcb9d4157f4d"], "path": "%APPDATA%\\D19AB989-A35F-4710-83DF-7B2DB7EFE7C5\\Logs"}, {"hashes": ["053a7a87ab88862eaa93cc1ad7d2a6d063f5f4d4ced27d79293fa30e2b01f886", "06c1e92b9102991eba2779b9369f352b40342e1534ce036156b0ad96bc34d58b", "58d471afddee8cfdc699d41d67024e1d63b83c038f17c0058722f708485aeffc", "68ed334c88c0025bf39d643d78a3badf9b3e1d210c942b0db0a45c81ce725ec2", "749956cbbd0d1d3aed4eb24dddc1155aec6c46239152d536cfe1cbdfe23250bc", "a650ed425a9549bd72db33f473722e19de1973131ffe5c92aac98febdcb2ae42", "e14b408bfb28c06b97d8d02899c880dbbf3c0ae966b8fa5e3a2c646dd0d30cb6", "ea358a82310adff5d0274118dd708c2f9ae94d0149358b91d9a5ca570bda8e56", "f3d3bf58ba929bfc591edef51a03d4e3ff1799bc9fe61c1c7791e948891866c0", "f43c85fe614c5115b376d23787a1836cdbdef9923e7132653332331314f5cea5", "ff40716166e751434afcf5e091af5570bd7db0867789bc3ac2a1fcb9d4157f4d"], "path": "%APPDATA%\\D19AB989-A35F-4710-83DF-7B2DB7EFE7C5\\Logs\\Administrator"}, {"hashes": ["053a7a87ab88862eaa93cc1ad7d2a6d063f5f4d4ced27d79293fa30e2b01f886", "06c1e92b9102991eba2779b9369f352b40342e1534ce036156b0ad96bc34d58b", "58d471afddee8cfdc699d41d67024e1d63b83c038f17c0058722f708485aeffc", "68ed334c88c0025bf39d643d78a3badf9b3e1d210c942b0db0a45c81ce725ec2", "749956cbbd0d1d3aed4eb24dddc1155aec6c46239152d536cfe1cbdfe23250bc", "a650ed425a9549bd72db33f473722e19de1973131ffe5c92aac98febdcb2ae42", "e14b408bfb28c06b97d8d02899c880dbbf3c0ae966b8fa5e3a2c646dd0d30cb6", "ea358a82310adff5d0274118dd708c2f9ae94d0149358b91d9a5ca570bda8e56", "f3d3bf58ba929bfc591edef51a03d4e3ff1799bc9fe61c1c7791e948891866c0", "f43c85fe614c5115b376d23787a1836cdbdef9923e7132653332331314f5cea5", "ff40716166e751434afcf5e091af5570bd7db0867789bc3ac2a1fcb9d4157f4d"], "path": "%APPDATA%\\D19AB989-A35F-4710-83DF-7B2DB7EFE7C5\\run.dat"}, {"hashes": ["053a7a87ab88862eaa93cc1ad7d2a6d063f5f4d4ced27d79293fa30e2b01f886", "06c1e92b9102991eba2779b9369f352b40342e1534ce036156b0ad96bc34d58b", "58d471afddee8cfdc699d41d67024e1d63b83c038f17c0058722f708485aeffc", "68ed334c88c0025bf39d643d78a3badf9b3e1d210c942b0db0a45c81ce725ec2", "749956cbbd0d1d3aed4eb24dddc1155aec6c46239152d536cfe1cbdfe23250bc", "a650ed425a9549bd72db33f473722e19de1973131ffe5c92aac98febdcb2ae42", "e14b408bfb28c06b97d8d02899c880dbbf3c0ae966b8fa5e3a2c646dd0d30cb6", "ea358a82310adff5d0274118dd708c2f9ae94d0149358b91d9a5ca570bda8e56", "f3d3bf58ba929bfc591edef51a03d4e3ff1799bc9fe61c1c7791e948891866c0", "f43c85fe614c5115b376d23787a1836cdbdef9923e7132653332331314f5cea5", "ff40716166e751434afcf5e091af5570bd7db0867789bc3ac2a1fcb9d4157f4d"], "path": "%APPDATA%\\D19AB989-A35F-4710-83DF-7B2DB7EFE7C5\\.lock"}, {"hashes": ["053a7a87ab88862eaa93cc1ad7d2a6d063f5f4d4ced27d79293fa30e2b01f886", "06c1e92b9102991eba2779b9369f352b40342e1534ce036156b0ad96bc34d58b", "68ed334c88c0025bf39d643d78a3badf9b3e1d210c942b0db0a45c81ce725ec2", "a650ed425a9549bd72db33f473722e19de1973131ffe5c92aac98febdcb2ae42", "f43c85fe614c5115b376d23787a1836cdbdef9923e7132653332331314f5cea5", "ff40716166e751434afcf5e091af5570bd7db0867789bc3ac2a1fcb9d4157f4d"], "path": "%ProgramData%\\asd12z371623"}, {"hashes": ["053a7a87ab88862eaa93cc1ad7d2a6d063f5f4d4ced27d79293fa30e2b01f886", "06c1e92b9102991eba2779b9369f352b40342e1534ce036156b0ad96bc34d58b", "68ed334c88c0025bf39d643d78a3badf9b3e1d210c942b0db0a45c81ce725ec2", "a650ed425a9549bd72db33f473722e19de1973131ffe5c92aac98febdcb2ae42", "f43c85fe614c5115b376d23787a1836cdbdef9923e7132653332331314f5cea5", "ff40716166e751434afcf5e091af5570bd7db0867789bc3ac2a1fcb9d4157f4d"], "path": "%ProgramData%\\asd12z371623\\asd12z371623.exe"}, {"hashes": ["3efbe7ca98c370afb81540c589f0f2a9bae8de2f7cf5e0e96956da42aff04c1f", "40b8a9b13e4ecdf38e805c017af1381779626d2aef6f966bf1b32b5fb7884f30", "52336dc775740988572f7d158eadc307fdaa72a178dfddaa59523980ef0b97f3", "c0d689354e7d9fd75932612420be7a3af50f68bfd3cb735553c0fc8e90ec9d6f"], "path": "%APPDATA%\\Nvidia"}, {"hashes": ["3efbe7ca98c370afb81540c589f0f2a9bae8de2f7cf5e0e96956da42aff04c1f", "40b8a9b13e4ecdf38e805c017af1381779626d2aef6f966bf1b32b5fb7884f30", "52336dc775740988572f7d158eadc307fdaa72a178dfddaa59523980ef0b97f3", "c0d689354e7d9fd75932612420be7a3af50f68bfd3cb735553c0fc8e90ec9d6f"], "path": "%APPDATA%\\Nvidia\\Nvidia.exe"}, {"hashes": ["3efbe7ca98c370afb81540c589f0f2a9bae8de2f7cf5e0e96956da42aff04c1f", "52336dc775740988572f7d158eadc307fdaa72a178dfddaa59523980ef0b97f3", "c0d689354e7d9fd75932612420be7a3af50f68bfd3cb735553c0fc8e90ec9d6f"], "path": "%System32%\\Tasks\\Nvidia"}, {"hashes": ["3efbe7ca98c370afb81540c589f0f2a9bae8de2f7cf5e0e96956da42aff04c1f", "52336dc775740988572f7d158eadc307fdaa72a178dfddaa59523980ef0b97f3", "c0d689354e7d9fd75932612420be7a3af50f68bfd3cb735553c0fc8e90ec9d6f"], "path": "%APPDATA%\\Microsoft\\Windows\\ZWcCUkGLY8aBx"}, {"hashes": ["3efbe7ca98c370afb81540c589f0f2a9bae8de2f7cf5e0e96956da42aff04c1f", "52336dc775740988572f7d158eadc307fdaa72a178dfddaa59523980ef0b97f3", "c0d689354e7d9fd75932612420be7a3af50f68bfd3cb735553c0fc8e90ec9d6f"], "path": "%APPDATA%\\Microsoft\\Windows\\ZWcCUkGLY8aBx\\ZWcCUkGLY8aBx.dat"}, {"hashes": ["3efbe7ca98c370afb81540c589f0f2a9bae8de2f7cf5e0e96956da42aff04c1f", "52336dc775740988572f7d158eadc307fdaa72a178dfddaa59523980ef0b97f3", "c0d689354e7d9fd75932612420be7a3af50f68bfd3cb735553c0fc8e90ec9d6f"], "path": "%APPDATA%\\Microsoft\\Windows\\ZWcCUkGLY8aBx\\ZWcCUkGLY8aBx.nfo"}, {"hashes": ["3efbe7ca98c370afb81540c589f0f2a9bae8de2f7cf5e0e96956da42aff04c1f", "52336dc775740988572f7d158eadc307fdaa72a178dfddaa59523980ef0b97f3", "c0d689354e7d9fd75932612420be7a3af50f68bfd3cb735553c0fc8e90ec9d6f"], "path": "%APPDATA%\\Microsoft\\Windows\\ZWcCUkGLY8aBx\\ZWcCUkGLY8aBx.svr"}, {"hashes": ["58d471afddee8cfdc699d41d67024e1d63b83c038f17c0058722f708485aeffc", "749956cbbd0d1d3aed4eb24dddc1155aec6c46239152d536cfe1cbdfe23250bc", "f3d3bf58ba929bfc591edef51a03d4e3ff1799bc9fe61c1c7791e948891866c0"], "path": "%TEMP%\\asdhub1326t1t63"}, {"hashes": ["58d471afddee8cfdc699d41d67024e1d63b83c038f17c0058722f708485aeffc", "749956cbbd0d1d3aed4eb24dddc1155aec6c46239152d536cfe1cbdfe23250bc", "f3d3bf58ba929bfc591edef51a03d4e3ff1799bc9fe61c1c7791e948891866c0"], "path": "%TEMP%\\asdhub1326t1t63\\asdhub1326t1t63.exe"}, {"hashes": ["8fec72cbdcb941034a7c0c64052220cde12dc466cf2106304ec77ebd2c7bd2c1"], "path": "%APPDATA%\\pid.txt"}, {"hashes": ["8fec72cbdcb941034a7c0c64052220cde12dc466cf2106304ec77ebd2c7bd2c1"], "path": "%APPDATA%\\pidloc.txt"}, {"hashes": ["8fec72cbdcb941034a7c0c64052220cde12dc466cf2106304ec77ebd2c7bd2c1"], "path": "%TEMP%\\holdermail.txt"}, {"hashes": ["8fec72cbdcb941034a7c0c64052220cde12dc466cf2106304ec77ebd2c7bd2c1"], "path": "%TEMP%\\holderwb.txt"}, {"hashes": ["82e1f7ad19a10760ff9917a9596f8feea2180086b9ade82064ef1a5344b9bb68"], "path": "%ProgramData%\\CPU Temp Monitor Service"}, {"hashes": ["40b8a9b13e4ecdf38e805c017af1381779626d2aef6f966bf1b32b5fb7884f30"], "path": "%APPDATA%\\Install"}, {"hashes": ["40b8a9b13e4ecdf38e805c017af1381779626d2aef6f966bf1b32b5fb7884f30"], "path": "%APPDATA%\\Install\\Host.exe"}, {"hashes": ["53806c9d142b44c2d80270df36a34f82aaf5f42a38971ad8ef0a97d55ad43ea0"], "path": "%APPDATA%\\Imminent"}, {"hashes": ["53806c9d142b44c2d80270df36a34f82aaf5f42a38971ad8ef0a97d55ad43ea0"], "path": "%APPDATA%\\Imminent\\Logs"}, {"hashes": ["8fec72cbdcb941034a7c0c64052220cde12dc466cf2106304ec77ebd2c7bd2c1"], "path": "%TEMP%\\Mail.txt"}, {"hashes": ["8fec72cbdcb941034a7c0c64052220cde12dc466cf2106304ec77ebd2c7bd2c1"], "path": "%TEMP%\\Web.txt"}, {"hashes": ["40b8a9b13e4ecdf38e805c017af1381779626d2aef6f966bf1b32b5fb7884f30"], "path": "%APPDATA%\\Install\\.Identifier"}, {"hashes": ["52336dc775740988572f7d158eadc307fdaa72a178dfddaa59523980ef0b97f3"], "path": "%TEMP%\\Nvidia"}, {"hashes": ["52336dc775740988572f7d158eadc307fdaa72a178dfddaa59523980ef0b97f3"], "path": "%TEMP%\\Nvidia\\Nvidia.exe"}, {"hashes": ["8fec72cbdcb941034a7c0c64052220cde12dc466cf2106304ec77ebd2c7bd2c1"], "path": "%TEMP%\\EBFile_1.exe"}, {"hashes": ["8fec72cbdcb941034a7c0c64052220cde12dc466cf2106304ec77ebd2c7bd2c1"], "path": "%APPDATA%\\appdata"}, {"hashes": ["fd4729c13748c27ae23dffdc85b658db358285579a5713c5216f15738d651fbf"], "path": "%APPDATA%\\SterownikiDzwieku"}, {"hashes": ["fd4729c13748c27ae23dffdc85b658db358285579a5713c5216f15738d651fbf"], "path": "%APPDATA%\\SterownikiDzwieku\\SterownikiDzwieku.exe"}, {"hashes": ["82e1f7ad19a10760ff9917a9596f8feea2180086b9ade82064ef1a5344b9bb68"], "path": "%ProgramData%\\CPU Temp Monitor Service\\yzxgxokgb.txt"}, {"hashes": ["53806c9d142b44c2d80270df36a34f82aaf5f42a38971ad8ef0a97d55ad43ea0"], "path": "%LOCALAPPDATA%\\chrome"}, {"hashes": ["53806c9d142b44c2d80270df36a34f82aaf5f42a38971ad8ef0a97d55ad43ea0"], "path": "%LOCALAPPDATA%\\chrome\\chromeupdate.exe"}, {"hashes": ["53806c9d142b44c2d80270df36a34f82aaf5f42a38971ad8ef0a97d55ad43ea0"], "path": "%APPDATA%\\Imminent\\Logs\\17-02-2023"}, {"hashes": ["8fec72cbdcb941034a7c0c64052220cde12dc466cf2106304ec77ebd2c7bd2c1"], "path": "%APPDATA%\\appdata\\adobereader.exe"}, {"hashes": ["79ef439dc27f1c73fc3ca890a34897951bc88ae654db07a1f7ccb27134f0a055"], "path": "%APPDATA%\\rtimer12"}, {"hashes": ["79ef439dc27f1c73fc3ca890a34897951bc88ae654db07a1f7ccb27134f0a055"], "path": "%APPDATA%\\rtimer12\\rtimer431.exe"}], "ip": [{"hashes": ["053a7a87ab88862eaa93cc1ad7d2a6d063f5f4d4ced27d79293fa30e2b01f886", "06c1e92b9102991eba2779b9369f352b40342e1534ce036156b0ad96bc34d58b", "58d471afddee8cfdc699d41d67024e1d63b83c038f17c0058722f708485aeffc", "68ed334c88c0025bf39d643d78a3badf9b3e1d210c942b0db0a45c81ce725ec2", "749956cbbd0d1d3aed4eb24dddc1155aec6c46239152d536cfe1cbdfe23250bc", "a650ed425a9549bd72db33f473722e19de1973131ffe5c92aac98febdcb2ae42", "f3d3bf58ba929bfc591edef51a03d4e3ff1799bc9fe61c1c7791e948891866c0", "f43c85fe614c5115b376d23787a1836cdbdef9923e7132653332331314f5cea5", "ff40716166e751434afcf5e091af5570bd7db0867789bc3ac2a1fcb9d4157f4d"], "ip": "78[.]31[.]65[.]197"}, {"hashes": ["3efbe7ca98c370afb81540c589f0f2a9bae8de2f7cf5e0e96956da42aff04c1f", "52336dc775740988572f7d158eadc307fdaa72a178dfddaa59523980ef0b97f3", "c0d689354e7d9fd75932612420be7a3af50f68bfd3cb735553c0fc8e90ec9d6f"], "ip": "38[.]79[.]142[.]66"}, {"hashes": ["3efbe7ca98c370afb81540c589f0f2a9bae8de2f7cf5e0e96956da42aff04c1f", "52336dc775740988572f7d158eadc307fdaa72a178dfddaa59523980ef0b97f3", "c0d689354e7d9fd75932612420be7a3af50f68bfd3cb735553c0fc8e90ec9d6f"], "ip": "204[.]16[.]169[.]54"}, {"hashes": ["e14b408bfb28c06b97d8d02899c880dbbf3c0ae966b8fa5e3a2c646dd0d30cb6", "ea358a82310adff5d0274118dd708c2f9ae94d0149358b91d9a5ca570bda8e56"], "ip": "192[.]169[.]69[.]25"}, {"hashes": ["8fec72cbdcb941034a7c0c64052220cde12dc466cf2106304ec77ebd2c7bd2c1"], "ip": "104[.]16[.]154[.]36"}, {"hashes": ["8fec72cbdcb941034a7c0c64052220cde12dc466cf2106304ec77ebd2c7bd2c1"], "ip": "204[.]11[.]58[.]189"}, {"hashes": ["82e1f7ad19a10760ff9917a9596f8feea2180086b9ade82064ef1a5344b9bb68"], "ip": "142[.]250[.]72[.]110"}, {"hashes": ["8fec72cbdcb941034a7c0c64052220cde12dc466cf2106304ec77ebd2c7bd2c1"], "ip": "193[.]122[.]130[.]0"}, {"hashes": ["79ef439dc27f1c73fc3ca890a34897951bc88ae654db07a1f7ccb27134f0a055"], "ip": "23[.]192[.]63[.]45"}, {"hashes": ["79ef439dc27f1c73fc3ca890a34897951bc88ae654db07a1f7ccb27134f0a055"], "ip": "23[.]7[.]178[.]157"}], "mutex": [{"hashes": ["053a7a87ab88862eaa93cc1ad7d2a6d063f5f4d4ced27d79293fa30e2b01f886", "06c1e92b9102991eba2779b9369f352b40342e1534ce036156b0ad96bc34d58b", "58d471afddee8cfdc699d41d67024e1d63b83c038f17c0058722f708485aeffc", "68ed334c88c0025bf39d643d78a3badf9b3e1d210c942b0db0a45c81ce725ec2", "749956cbbd0d1d3aed4eb24dddc1155aec6c46239152d536cfe1cbdfe23250bc", "a650ed425a9549bd72db33f473722e19de1973131ffe5c92aac98febdcb2ae42", "f3d3bf58ba929bfc591edef51a03d4e3ff1799bc9fe61c1c7791e948891866c0", "f43c85fe614c5115b376d23787a1836cdbdef9923e7132653332331314f5cea5", "ff40716166e751434afcf5e091af5570bd7db0867789bc3ac2a1fcb9d4157f4d"], "name": "Global\\{3edaf3de-dd09-4a68-8caf-e4d9870816f3}"}, {"hashes": ["3efbe7ca98c370afb81540c589f0f2a9bae8de2f7cf5e0e96956da42aff04c1f", "52336dc775740988572f7d158eadc307fdaa72a178dfddaa59523980ef0b97f3", "c0d689354e7d9fd75932612420be7a3af50f68bfd3cb735553c0fc8e90ec9d6f"], "name": "CYBERGATEUPDATE"}, {"hashes": ["3efbe7ca98c370afb81540c589f0f2a9bae8de2f7cf5e0e96956da42aff04c1f", "52336dc775740988572f7d158eadc307fdaa72a178dfddaa59523980ef0b97f3", "c0d689354e7d9fd75932612420be7a3af50f68bfd3cb735553c0fc8e90ec9d6f"], "name": "ZWcCUkGLY8aBx"}, {"hashes": ["e14b408bfb28c06b97d8d02899c880dbbf3c0ae966b8fa5e3a2c646dd0d30cb6", "ea358a82310adff5d0274118dd708c2f9ae94d0149358b91d9a5ca570bda8e56"], "name": "Global\\{876508ca-5f42-46b6-bb64-6a0441f8d11b}"}, {"hashes": ["40b8a9b13e4ecdf38e805c017af1381779626d2aef6f966bf1b32b5fb7884f30"], "name": "-"}, {"hashes": ["53806c9d142b44c2d80270df36a34f82aaf5f42a38971ad8ef0a97d55ad43ea0"], "name": "1e1f50f3-e850-4622-90c7-1d7628d20f19"}, {"hashes": ["8fec72cbdcb941034a7c0c64052220cde12dc466cf2106304ec77ebd2c7bd2c1"], "name": "Global\\1e9b1fc0-af18-11ed-9660-001517052f72"}], "registry": [{"hashes": ["053a7a87ab88862eaa93cc1ad7d2a6d063f5f4d4ced27d79293fa30e2b01f886", "06c1e92b9102991eba2779b9369f352b40342e1534ce036156b0ad96bc34d58b", "68ed334c88c0025bf39d643d78a3badf9b3e1d210c942b0db0a45c81ce725ec2", "a650ed425a9549bd72db33f473722e19de1973131ffe5c92aac98febdcb2ae42", "f43c85fe614c5115b376d23787a1836cdbdef9923e7132653332331314f5cea5", "ff40716166e751434afcf5e091af5570bd7db0867789bc3ac2a1fcb9d4157f4d"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "asd12z371623.exe"}, {"hashes": ["3efbe7ca98c370afb81540c589f0f2a9bae8de2f7cf5e0e96956da42aff04c1f", "40b8a9b13e4ecdf38e805c017af1381779626d2aef6f966bf1b32b5fb7884f30", "52336dc775740988572f7d158eadc307fdaa72a178dfddaa59523980ef0b97f3", "c0d689354e7d9fd75932612420be7a3af50f68bfd3cb735553c0fc8e90ec9d6f"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "Nvidia.exe"}, {"hashes": ["3efbe7ca98c370afb81540c589f0f2a9bae8de2f7cf5e0e96956da42aff04c1f", "52336dc775740988572f7d158eadc307fdaa72a178dfddaa59523980ef0b97f3", "c0d689354e7d9fd75932612420be7a3af50f68bfd3cb735553c0fc8e90ec9d6f"], "key": "<HKCU>\\SOFTWARE\\ZWCCUKGLY8ABX", "value_name": null}, {"hashes": ["3efbe7ca98c370afb81540c589f0f2a9bae8de2f7cf5e0e96956da42aff04c1f", "52336dc775740988572f7d158eadc307fdaa72a178dfddaa59523980ef0b97f3", "c0d689354e7d9fd75932612420be7a3af50f68bfd3cb735553c0fc8e90ec9d6f"], "key": "<HKCU>\\SOFTWARE\\ZWCCUKGLY8ABX", "value_name": "ServerStarted"}, {"hashes": ["3efbe7ca98c370afb81540c589f0f2a9bae8de2f7cf5e0e96956da42aff04c1f", "52336dc775740988572f7d158eadc307fdaa72a178dfddaa59523980ef0b97f3", "c0d689354e7d9fd75932612420be7a3af50f68bfd3cb735553c0fc8e90ec9d6f"], "key": "<HKCU>\\SOFTWARE\\ZWCCUKGLY8ABX", "value_name": "InstalledServer"}, {"hashes": ["58d471afddee8cfdc699d41d67024e1d63b83c038f17c0058722f708485aeffc", "749956cbbd0d1d3aed4eb24dddc1155aec6c46239152d536cfe1cbdfe23250bc", "f3d3bf58ba929bfc591edef51a03d4e3ff1799bc9fe61c1c7791e948891866c0"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "asdhub1326t1t63.exe"}, {"hashes": ["68ed334c88c0025bf39d643d78a3badf9b3e1d210c942b0db0a45c81ce725ec2", "749956cbbd0d1d3aed4eb24dddc1155aec6c46239152d536cfe1cbdfe23250bc"], "key": "<HKCR>\\LOCAL SETTINGS\\MUICACHE\\82\\52C64B7E", "value_name": "LanguageList"}, {"hashes": ["68ed334c88c0025bf39d643d78a3badf9b3e1d210c942b0db0a45c81ce725ec2", "749956cbbd0d1d3aed4eb24dddc1155aec6c46239152d536cfe1cbdfe23250bc"], "key": "<HKCR>\\LOCAL SETTINGS\\MUICACHE\\82\\52C64B7E", "value_name": "@C:\\Windows\\system32\\DeviceCenter.dll,-2000"}, {"hashes": ["8fec72cbdcb941034a7c0c64052220cde12dc466cf2106304ec77ebd2c7bd2c1"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\EXPLORER\\ADVANCED", "value_name": "Hidden"}, {"hashes": ["82e1f7ad19a10760ff9917a9596f8feea2180086b9ade82064ef1a5344b9bb68"], "key": "<HKCU>\\SOFTWARE\\APPDATALOW\\SOFTWARE\\{3E0AE736-E36F-7A5F-0575-AB594FE2749A}\\0E121E41\\C28FB9BA8E7D", "value_name": "a659cfc22c71119"}, {"hashes": ["82e1f7ad19a10760ff9917a9596f8feea2180086b9ade82064ef1a5344b9bb68"], "key": "<HKCU>\\SOFTWARE\\APPDATALOW\\SOFTWARE\\{3E0AE736-E36F-7A5F-0575-AB594FE2749A}\\0E121E41\\C28FB9BA8E7D", "value_name": "6888ba0030fb"}, {"hashes": ["82e1f7ad19a10760ff9917a9596f8feea2180086b9ade82064ef1a5344b9bb68"], "key": "<HKCU>\\SOFTWARE\\APPDATALOW\\SOFTWARE\\{3E0AE736-E36F-7A5F-0575-AB594FE2749A}\\0E121E41\\C28FB9BA8E7D", "value_name": "971ae43462ae5e84a7f"}, {"hashes": ["82e1f7ad19a10760ff9917a9596f8feea2180086b9ade82064ef1a5344b9bb68"], "key": "<HKCU>\\SOFTWARE\\APPDATALOW\\SOFTWARE\\{3E0AE736-E36F-7A5F-0575-AB594FE2749A}\\0E121E41\\C28FB9BA8E7D", "value_name": "e325b447a677a64e"}, {"hashes": ["82e1f7ad19a10760ff9917a9596f8feea2180086b9ade82064ef1a5344b9bb68"], "key": "<HKCU>\\SOFTWARE\\APPDATALOW\\SOFTWARE\\{3E0AE736-E36F-7A5F-0575-AB594FE2749A}\\0E121E41\\C28FB9BA8E7D", "value_name": "54d42584b52325841"}, {"hashes": ["82e1f7ad19a10760ff9917a9596f8feea2180086b9ade82064ef1a5344b9bb68"], "key": "<HKCU>\\SOFTWARE\\APPDATALOW\\SOFTWARE\\{3E0AE736-E36F-7A5F-0575-AB594FE2749A}\\0E121E41\\C28FB9BA8E7D", "value_name": "1a3c254271"}, {"hashes": ["82e1f7ad19a10760ff9917a9596f8feea2180086b9ade82064ef1a5344b9bb68"], "key": "<HKCU>\\SOFTWARE\\APPDATALOW\\SOFTWARE\\{3E0AE736-E36F-7A5F-0575-AB594FE2749A}\\0E121E41\\C28FB9BA8E7D", "value_name": "25d466015585a2a"}, {"hashes": ["82e1f7ad19a10760ff9917a9596f8feea2180086b9ade82064ef1a5344b9bb68"], "key": "<HKCU>\\SOFTWARE\\APPDATALOW\\SOFTWARE\\{3E0AE736-E36F-7A5F-0575-AB594FE2749A}\\0E121E41\\C28FB9BA8E7D", "value_name": "4c8756bdc22d7d231"}, {"hashes": ["82e1f7ad19a10760ff9917a9596f8feea2180086b9ade82064ef1a5344b9bb68"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\IMAGE FILE EXECUTION OPTIONS\\RSTRUI.EXE", "value_name": null}, {"hashes": ["82e1f7ad19a10760ff9917a9596f8feea2180086b9ade82064ef1a5344b9bb68"], "key": "<HKCU>\\SOFTWARE\\APPDATALOW\\SOFTWARE\\MYMAILCLIENT", "value_name": null}, {"hashes": ["82e1f7ad19a10760ff9917a9596f8feea2180086b9ade82064ef1a5344b9bb68"], "key": "<HKCU>\\SOFTWARE\\APPDATALOW\\GOOGLE UPDATER", "value_name": null}, {"hashes": ["82e1f7ad19a10760ff9917a9596f8feea2180086b9ade82064ef1a5344b9bb68"], "key": "<HKCU>\\SOFTWARE\\APPDATALOW\\SOFTWARE\\{3E0AE736-E36F-7A5F-0575-AB594FE2749A}\\0E121E41\\BF4A0695A26DA0B1F", "value_name": null}, {"hashes": ["82e1f7ad19a10760ff9917a9596f8feea2180086b9ade82064ef1a5344b9bb68"], "key": "<HKCU>\\SOFTWARE\\APPDATALOW\\SOFTWARE\\{3E0AE736-E36F-7A5F-0575-AB594FE2749A}\\0E121E41\\55F941A93A30DC52", "value_name": null}, {"hashes": ["82e1f7ad19a10760ff9917a9596f8feea2180086b9ade82064ef1a5344b9bb68"], "key": "<HKCU>\\SOFTWARE\\APPDATALOW\\SOFTWARE\\{3E0AE736-E36F-7A5F-0575-AB594FE2749A}\\0E121E41\\C28FB9BA8E7D", "value_name": null}, {"hashes": ["79ef439dc27f1c73fc3ca890a34897951bc88ae654db07a1f7ccb27134f0a055"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\EXT\\STATS\\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}", "value_name": null}, {"hashes": ["40b8a9b13e4ecdf38e805c017af1381779626d2aef6f966bf1b32b5fb7884f30"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\ACTIVE SETUP\\INSTALLED COMPONENTS\\{5PQMSRGI-Q85J-60VQ-M4EG-UXW21U57UP7E}", "value_name": null}, {"hashes": ["40b8a9b13e4ecdf38e805c017af1381779626d2aef6f966bf1b32b5fb7884f30"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "NetWire"}, {"hashes": ["40b8a9b13e4ecdf38e805c017af1381779626d2aef6f966bf1b32b5fb7884f30"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\ACTIVE SETUP\\INSTALLED COMPONENTS\\{5PQMSRGI-Q85J-60VQ-M4EG-UXW21U57UP7E}", "value_name": "StubPath"}, {"hashes": ["82e1f7ad19a10760ff9917a9596f8feea2180086b9ade82064ef1a5344b9bb68"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\ACTION CENTER\\CHECKS\\{E8433B72-5842-4D43-8645-BC2C35960837}.CHECK.101", "value_name": "CheckSetting"}, {"hashes": ["82e1f7ad19a10760ff9917a9596f8feea2180086b9ade82064ef1a5344b9bb68"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\ACTION CENTER\\CHECKS\\{E8433B72-5842-4D43-8645-BC2C35960837}.CHECK.103", "value_name": "CheckSetting"}, {"hashes": ["82e1f7ad19a10760ff9917a9596f8feea2180086b9ade82064ef1a5344b9bb68"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\ACTION CENTER\\CHECKS\\{E8433B72-5842-4D43-8645-BC2C35960837}.CHECK.100", "value_name": "CheckSetting"}, {"hashes": ["82e1f7ad19a10760ff9917a9596f8feea2180086b9ade82064ef1a5344b9bb68"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\ACTION CENTER\\CHECKS\\{E8433B72-5842-4D43-8645-BC2C35960837}.CHECK.102", "value_name": "CheckSetting"}, {"hashes": ["fd4729c13748c27ae23dffdc85b658db358285579a5713c5216f15738d651fbf"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "SterownikiDzwieku.exe"}, {"hashes": ["c0d689354e7d9fd75932612420be7a3af50f68bfd3cb735553c0fc8e90ec9d6f"], "key": "<HKCU>\\SOFTWARE\\1916", "value_name": "Mutex"}, {"hashes": ["52336dc775740988572f7d158eadc307fdaa72a178dfddaa59523980ef0b97f3"], "key": "<HKCU>\\SOFTWARE\\1904", "value_name": null}, {"hashes": ["52336dc775740988572f7d158eadc307fdaa72a178dfddaa59523980ef0b97f3"], "key": "<HKCU>\\SOFTWARE\\1904", "value_name": "Mutex"}, {"hashes": ["82e1f7ad19a10760ff9917a9596f8feea2180086b9ade82064ef1a5344b9bb68"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\ACTION CENTER\\CHECKS\\{E8433B72-5842-4D43-8645-BC2C35960837}.CHECK.104", "value_name": "CheckSetting"}, {"hashes": ["82e1f7ad19a10760ff9917a9596f8feea2180086b9ade82064ef1a5344b9bb68"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\IMAGE FILE EXECUTION OPTIONS\\3MC55MSMS3O1.EXE", "value_name": null}, {"hashes": ["82e1f7ad19a10760ff9917a9596f8feea2180086b9ade82064ef1a5344b9bb68"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\IMAGE FILE EXECUTION OPTIONS\\3MC55MSMS3O1.EXE", "value_name": "DisableExceptionChainValidation"}, {"hashes": ["82e1f7ad19a10760ff9917a9596f8feea2180086b9ade82064ef1a5344b9bb68"], "key": "<HKCU>\\SOFTWARE\\APPDATALOW\\SOFTWARE\\{3E0AE736-E36F-7A5F-0575-AB594FE2749A}\\0E121E41\\C28FB9BA8E7D", "value_name": "44ca71f8ebd63ba2"}, {"hashes": ["82e1f7ad19a10760ff9917a9596f8feea2180086b9ade82064ef1a5344b9bb68"], "key": "<HKCU>\\SOFTWARE\\APPDATALOW\\SOFTWARE\\{3E0AE736-E36F-7A5F-0575-AB594FE2749A}\\0E121E41\\C28FB9BA8E7D", "value_name": "7c4dcf10970d38f6"}, {"hashes": ["82e1f7ad19a10760ff9917a9596f8feea2180086b9ade82064ef1a5344b9bb68"], "key": "<HKCU>\\SOFTWARE\\APPDATALOW\\SOFTWARE\\{3E0AE736-E36F-7A5F-0575-AB594FE2749A}\\0E121E41\\C28FB9BA8E7D", "value_name": "b7dda1e8438eab"}, {"hashes": ["3efbe7ca98c370afb81540c589f0f2a9bae8de2f7cf5e0e96956da42aff04c1f"], "key": "<HKCU>\\SOFTWARE\\916", "value_name": null}, {"hashes": ["82e1f7ad19a10760ff9917a9596f8feea2180086b9ade82064ef1a5344b9bb68"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUNONCE", "value_name": "CPU Temp Monitor Service"}, {"hashes": ["82e1f7ad19a10760ff9917a9596f8feea2180086b9ade82064ef1a5344b9bb68"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "CPU Temp Monitor Service"}, {"hashes": ["82e1f7ad19a10760ff9917a9596f8feea2180086b9ade82064ef1a5344b9bb68"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\IMAGE FILE EXECUTION OPTIONS\\RSTRUI.EXE", "value_name": "Debugger"}, {"hashes": ["82e1f7ad19a10760ff9917a9596f8feea2180086b9ade82064ef1a5344b9bb68"], "key": "<HKCU>\\SOFTWARE\\APPDATALOW\\SOFTWARE\\{3E0AE736-E36F-7A5F-0575-AB594FE2749A}\\0E121E41\\BF4A0695A26DA0B1F", "value_name": "274202c1ffff8"}, {"hashes": ["53806c9d142b44c2d80270df36a34f82aaf5f42a38971ad8ef0a97d55ad43ea0"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "updater"}, {"hashes": ["3efbe7ca98c370afb81540c589f0f2a9bae8de2f7cf5e0e96956da42aff04c1f"], "key": "<HKCU>\\SOFTWARE\\916", "value_name": "Mutex"}, {"hashes": ["8fec72cbdcb941034a7c0c64052220cde12dc466cf2106304ec77ebd2c7bd2c1"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "adobereader.exe"}, {"hashes": ["79ef439dc27f1c73fc3ca890a34897951bc88ae654db07a1f7ccb27134f0a055"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "rtimer431.exe"}]}, "reports_count": 20}, "Win.Dropper.Raccoon-9988310-0": {"bis": [{"bi": "memory-execute-readwrite", "hashes": ["e622bfc9c6c1457a6652dd284206d1ae23a06971b2cac1ffabf6ed907b0917be", "1fbea8de123b8a8c9af77b9b5b92bdb63b0d19609e8990527378cb81ecf431e9", "50de5d9e517b3873dce423f23e594132c345421351b422ab0afa102485a42157", "747bd6273995007ca9d21d347e4717f4f3eec119a941a401a4bc5206929cfa35", "1d7e2c9f1ff6d0e0fb6e0fd9e27c5fa9017700913fd0ef99d765199e3b8ca63c", "68708df5eec1937caa894bf69c8bc4cad786983059603309efdaa5d3cb32d0f1", "9b81b625916ba8cbd0b75319d113463b7ba8792731f7e7ef18119976882018c0", "e3d9fba192a6ac072a26d8fe01bd46e588b8ac1a1884a9631bf065eda1030c4e", "01f4f01b6853139297b1604d5ebf7e09a2a5a2cf2a68f3f4daa0b321453a1be1", "36fa1ef7e51ccbfb479295f282dcc041857bc815ffce4a804de9032d32b83f21", "cfed04391c70bf143b7a8177719dc643196be2d35aced4753523a6e0468b907e", "d9bb6a6e6aecb53d126d326d539f0156b041fe13fcd2ec805f5e47c9c5e27f4e", "924e194f9a48d337a08e955ab59a4d950a345a67cdf82457352f46ac178cf3f2", "866c9d84b99d9f3ec9eb5a334bcf09eb97656065d215db720e93ac1c7bce4527", "55d88c61e70034fe1b551101deb3428b95514fd2118dd3436c23f3164a1445b0", "4f260d78edb483d8ba7a142a6f676c5cd557704d51e6685a4b8f4b102b464cf4", "9922548baf0ae8ebb1076f7f447843a908065b823478baa1b3863386d276ef61"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["e622bfc9c6c1457a6652dd284206d1ae23a06971b2cac1ffabf6ed907b0917be", "1fbea8de123b8a8c9af77b9b5b92bdb63b0d19609e8990527378cb81ecf431e9", "50de5d9e517b3873dce423f23e594132c345421351b422ab0afa102485a42157", "747bd6273995007ca9d21d347e4717f4f3eec119a941a401a4bc5206929cfa35", "1d7e2c9f1ff6d0e0fb6e0fd9e27c5fa9017700913fd0ef99d765199e3b8ca63c", "68708df5eec1937caa894bf69c8bc4cad786983059603309efdaa5d3cb32d0f1", "9b81b625916ba8cbd0b75319d113463b7ba8792731f7e7ef18119976882018c0", "e3d9fba192a6ac072a26d8fe01bd46e588b8ac1a1884a9631bf065eda1030c4e", "01f4f01b6853139297b1604d5ebf7e09a2a5a2cf2a68f3f4daa0b321453a1be1", "36fa1ef7e51ccbfb479295f282dcc041857bc815ffce4a804de9032d32b83f21", "cfed04391c70bf143b7a8177719dc643196be2d35aced4753523a6e0468b907e", "d9bb6a6e6aecb53d126d326d539f0156b041fe13fcd2ec805f5e47c9c5e27f4e", "924e194f9a48d337a08e955ab59a4d950a345a67cdf82457352f46ac178cf3f2", "866c9d84b99d9f3ec9eb5a334bcf09eb97656065d215db720e93ac1c7bce4527", "55d88c61e70034fe1b551101deb3428b95514fd2118dd3436c23f3164a1445b0", "4f260d78edb483d8ba7a142a6f676c5cd557704d51e6685a4b8f4b102b464cf4", "9922548baf0ae8ebb1076f7f447843a908065b823478baa1b3863386d276ef61"], "mitre_attack_tags": []}, {"bi": "hook-installed", "hashes": ["e622bfc9c6c1457a6652dd284206d1ae23a06971b2cac1ffabf6ed907b0917be", "1fbea8de123b8a8c9af77b9b5b92bdb63b0d19609e8990527378cb81ecf431e9", "50de5d9e517b3873dce423f23e594132c345421351b422ab0afa102485a42157", "747bd6273995007ca9d21d347e4717f4f3eec119a941a401a4bc5206929cfa35", "1d7e2c9f1ff6d0e0fb6e0fd9e27c5fa9017700913fd0ef99d765199e3b8ca63c", "68708df5eec1937caa894bf69c8bc4cad786983059603309efdaa5d3cb32d0f1", "9b81b625916ba8cbd0b75319d113463b7ba8792731f7e7ef18119976882018c0", "e3d9fba192a6ac072a26d8fe01bd46e588b8ac1a1884a9631bf065eda1030c4e", "01f4f01b6853139297b1604d5ebf7e09a2a5a2cf2a68f3f4daa0b321453a1be1", "36fa1ef7e51ccbfb479295f282dcc041857bc815ffce4a804de9032d32b83f21", "cfed04391c70bf143b7a8177719dc643196be2d35aced4753523a6e0468b907e", "d9bb6a6e6aecb53d126d326d539f0156b041fe13fcd2ec805f5e47c9c5e27f4e", "924e194f9a48d337a08e955ab59a4d950a345a67cdf82457352f46ac178cf3f2", "866c9d84b99d9f3ec9eb5a334bcf09eb97656065d215db720e93ac1c7bce4527", "55d88c61e70034fe1b551101deb3428b95514fd2118dd3436c23f3164a1445b0", "4f260d78edb483d8ba7a142a6f676c5cd557704d51e6685a4b8f4b102b464cf4", "9922548baf0ae8ebb1076f7f447843a908065b823478baa1b3863386d276ef61"], "mitre_attack_tags": ["TA0009", "TA0006", "T1056"]}, {"bi": "pe-tls-callback", "hashes": ["e622bfc9c6c1457a6652dd284206d1ae23a06971b2cac1ffabf6ed907b0917be", "1fbea8de123b8a8c9af77b9b5b92bdb63b0d19609e8990527378cb81ecf431e9", "50de5d9e517b3873dce423f23e594132c345421351b422ab0afa102485a42157", "747bd6273995007ca9d21d347e4717f4f3eec119a941a401a4bc5206929cfa35", "1d7e2c9f1ff6d0e0fb6e0fd9e27c5fa9017700913fd0ef99d765199e3b8ca63c", "68708df5eec1937caa894bf69c8bc4cad786983059603309efdaa5d3cb32d0f1", "9b81b625916ba8cbd0b75319d113463b7ba8792731f7e7ef18119976882018c0", "e3d9fba192a6ac072a26d8fe01bd46e588b8ac1a1884a9631bf065eda1030c4e", "01f4f01b6853139297b1604d5ebf7e09a2a5a2cf2a68f3f4daa0b321453a1be1", "36fa1ef7e51ccbfb479295f282dcc041857bc815ffce4a804de9032d32b83f21", "cfed04391c70bf143b7a8177719dc643196be2d35aced4753523a6e0468b907e", "d9bb6a6e6aecb53d126d326d539f0156b041fe13fcd2ec805f5e47c9c5e27f4e", "924e194f9a48d337a08e955ab59a4d950a345a67cdf82457352f46ac178cf3f2", "866c9d84b99d9f3ec9eb5a334bcf09eb97656065d215db720e93ac1c7bce4527", "55d88c61e70034fe1b551101deb3428b95514fd2118dd3436c23f3164a1445b0", "4f260d78edb483d8ba7a142a6f676c5cd557704d51e6685a4b8f4b102b464cf4", "9922548baf0ae8ebb1076f7f447843a908065b823478baa1b3863386d276ef61"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-header-timestamp-prior", "hashes": ["e622bfc9c6c1457a6652dd284206d1ae23a06971b2cac1ffabf6ed907b0917be", "1fbea8de123b8a8c9af77b9b5b92bdb63b0d19609e8990527378cb81ecf431e9", "50de5d9e517b3873dce423f23e594132c345421351b422ab0afa102485a42157", "747bd6273995007ca9d21d347e4717f4f3eec119a941a401a4bc5206929cfa35", "1d7e2c9f1ff6d0e0fb6e0fd9e27c5fa9017700913fd0ef99d765199e3b8ca63c", "68708df5eec1937caa894bf69c8bc4cad786983059603309efdaa5d3cb32d0f1", "9b81b625916ba8cbd0b75319d113463b7ba8792731f7e7ef18119976882018c0", "e3d9fba192a6ac072a26d8fe01bd46e588b8ac1a1884a9631bf065eda1030c4e", "01f4f01b6853139297b1604d5ebf7e09a2a5a2cf2a68f3f4daa0b321453a1be1", "36fa1ef7e51ccbfb479295f282dcc041857bc815ffce4a804de9032d32b83f21", "cfed04391c70bf143b7a8177719dc643196be2d35aced4753523a6e0468b907e", "d9bb6a6e6aecb53d126d326d539f0156b041fe13fcd2ec805f5e47c9c5e27f4e", "924e194f9a48d337a08e955ab59a4d950a345a67cdf82457352f46ac178cf3f2", "866c9d84b99d9f3ec9eb5a334bcf09eb97656065d215db720e93ac1c7bce4527", "55d88c61e70034fe1b551101deb3428b95514fd2118dd3436c23f3164a1445b0", "4f260d78edb483d8ba7a142a6f676c5cd557704d51e6685a4b8f4b102b464cf4", "9922548baf0ae8ebb1076f7f447843a908065b823478baa1b3863386d276ef61"], "mitre_attack_tags": []}, {"bi": "pe-section-shared", "hashes": ["e622bfc9c6c1457a6652dd284206d1ae23a06971b2cac1ffabf6ed907b0917be", "1fbea8de123b8a8c9af77b9b5b92bdb63b0d19609e8990527378cb81ecf431e9", "50de5d9e517b3873dce423f23e594132c345421351b422ab0afa102485a42157", "747bd6273995007ca9d21d347e4717f4f3eec119a941a401a4bc5206929cfa35", "1d7e2c9f1ff6d0e0fb6e0fd9e27c5fa9017700913fd0ef99d765199e3b8ca63c", "68708df5eec1937caa894bf69c8bc4cad786983059603309efdaa5d3cb32d0f1", "9b81b625916ba8cbd0b75319d113463b7ba8792731f7e7ef18119976882018c0", "e3d9fba192a6ac072a26d8fe01bd46e588b8ac1a1884a9631bf065eda1030c4e", "01f4f01b6853139297b1604d5ebf7e09a2a5a2cf2a68f3f4daa0b321453a1be1", "36fa1ef7e51ccbfb479295f282dcc041857bc815ffce4a804de9032d32b83f21", "cfed04391c70bf143b7a8177719dc643196be2d35aced4753523a6e0468b907e", "d9bb6a6e6aecb53d126d326d539f0156b041fe13fcd2ec805f5e47c9c5e27f4e", "924e194f9a48d337a08e955ab59a4d950a345a67cdf82457352f46ac178cf3f2", "866c9d84b99d9f3ec9eb5a334bcf09eb97656065d215db720e93ac1c7bce4527", "55d88c61e70034fe1b551101deb3428b95514fd2118dd3436c23f3164a1445b0", "4f260d78edb483d8ba7a142a6f676c5cd557704d51e6685a4b8f4b102b464cf4", "9922548baf0ae8ebb1076f7f447843a908065b823478baa1b3863386d276ef61"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-encrypted-section", "hashes": ["e622bfc9c6c1457a6652dd284206d1ae23a06971b2cac1ffabf6ed907b0917be", "1fbea8de123b8a8c9af77b9b5b92bdb63b0d19609e8990527378cb81ecf431e9", "50de5d9e517b3873dce423f23e594132c345421351b422ab0afa102485a42157", "747bd6273995007ca9d21d347e4717f4f3eec119a941a401a4bc5206929cfa35", "1d7e2c9f1ff6d0e0fb6e0fd9e27c5fa9017700913fd0ef99d765199e3b8ca63c", "68708df5eec1937caa894bf69c8bc4cad786983059603309efdaa5d3cb32d0f1", "9b81b625916ba8cbd0b75319d113463b7ba8792731f7e7ef18119976882018c0", "e3d9fba192a6ac072a26d8fe01bd46e588b8ac1a1884a9631bf065eda1030c4e", "01f4f01b6853139297b1604d5ebf7e09a2a5a2cf2a68f3f4daa0b321453a1be1", "36fa1ef7e51ccbfb479295f282dcc041857bc815ffce4a804de9032d32b83f21", "cfed04391c70bf143b7a8177719dc643196be2d35aced4753523a6e0468b907e", "d9bb6a6e6aecb53d126d326d539f0156b041fe13fcd2ec805f5e47c9c5e27f4e", "924e194f9a48d337a08e955ab59a4d950a345a67cdf82457352f46ac178cf3f2", "55d88c61e70034fe1b551101deb3428b95514fd2118dd3436c23f3164a1445b0", "4f260d78edb483d8ba7a142a6f676c5cd557704d51e6685a4b8f4b102b464cf4", "9922548baf0ae8ebb1076f7f447843a908065b823478baa1b3863386d276ef61"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "excessive-foreign-memory-modification", "hashes": ["e622bfc9c6c1457a6652dd284206d1ae23a06971b2cac1ffabf6ed907b0917be", "1fbea8de123b8a8c9af77b9b5b92bdb63b0d19609e8990527378cb81ecf431e9", "50de5d9e517b3873dce423f23e594132c345421351b422ab0afa102485a42157", "747bd6273995007ca9d21d347e4717f4f3eec119a941a401a4bc5206929cfa35", "1d7e2c9f1ff6d0e0fb6e0fd9e27c5fa9017700913fd0ef99d765199e3b8ca63c", "68708df5eec1937caa894bf69c8bc4cad786983059603309efdaa5d3cb32d0f1", "9b81b625916ba8cbd0b75319d113463b7ba8792731f7e7ef18119976882018c0", "e3d9fba192a6ac072a26d8fe01bd46e588b8ac1a1884a9631bf065eda1030c4e", "01f4f01b6853139297b1604d5ebf7e09a2a5a2cf2a68f3f4daa0b321453a1be1", "36fa1ef7e51ccbfb479295f282dcc041857bc815ffce4a804de9032d32b83f21", "cfed04391c70bf143b7a8177719dc643196be2d35aced4753523a6e0468b907e", "d9bb6a6e6aecb53d126d326d539f0156b041fe13fcd2ec805f5e47c9c5e27f4e", "924e194f9a48d337a08e955ab59a4d950a345a67cdf82457352f46ac178cf3f2", "55d88c61e70034fe1b551101deb3428b95514fd2118dd3436c23f3164a1445b0", "4f260d78edb483d8ba7a142a6f676c5cd557704d51e6685a4b8f4b102b464cf4", "9922548baf0ae8ebb1076f7f447843a908065b823478baa1b3863386d276ef61"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "process-hollowing-detected", "hashes": ["e622bfc9c6c1457a6652dd284206d1ae23a06971b2cac1ffabf6ed907b0917be", "1fbea8de123b8a8c9af77b9b5b92bdb63b0d19609e8990527378cb81ecf431e9", "50de5d9e517b3873dce423f23e594132c345421351b422ab0afa102485a42157", "747bd6273995007ca9d21d347e4717f4f3eec119a941a401a4bc5206929cfa35", "1d7e2c9f1ff6d0e0fb6e0fd9e27c5fa9017700913fd0ef99d765199e3b8ca63c", "68708df5eec1937caa894bf69c8bc4cad786983059603309efdaa5d3cb32d0f1", "9b81b625916ba8cbd0b75319d113463b7ba8792731f7e7ef18119976882018c0", "e3d9fba192a6ac072a26d8fe01bd46e588b8ac1a1884a9631bf065eda1030c4e", "01f4f01b6853139297b1604d5ebf7e09a2a5a2cf2a68f3f4daa0b321453a1be1", "36fa1ef7e51ccbfb479295f282dcc041857bc815ffce4a804de9032d32b83f21", "cfed04391c70bf143b7a8177719dc643196be2d35aced4753523a6e0468b907e", "924e194f9a48d337a08e955ab59a4d950a345a67cdf82457352f46ac178cf3f2", "55d88c61e70034fe1b551101deb3428b95514fd2118dd3436c23f3164a1445b0", "4f260d78edb483d8ba7a142a6f676c5cd557704d51e6685a4b8f4b102b464cf4", "9922548baf0ae8ebb1076f7f447843a908065b823478baa1b3863386d276ef61"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "windows-crash-tool-execution-detected", "hashes": ["e622bfc9c6c1457a6652dd284206d1ae23a06971b2cac1ffabf6ed907b0917be", "1fbea8de123b8a8c9af77b9b5b92bdb63b0d19609e8990527378cb81ecf431e9", "68708df5eec1937caa894bf69c8bc4cad786983059603309efdaa5d3cb32d0f1", "36fa1ef7e51ccbfb479295f282dcc041857bc815ffce4a804de9032d32b83f21", "866c9d84b99d9f3ec9eb5a334bcf09eb97656065d215db720e93ac1c7bce4527", "4f260d78edb483d8ba7a142a6f676c5cd557704d51e6685a4b8f4b102b464cf4", "9922548baf0ae8ebb1076f7f447843a908065b823478baa1b3863386d276ef61"], "mitre_attack_tags": []}, {"bi": "modified-file-in-user-dir", "hashes": ["1fbea8de123b8a8c9af77b9b5b92bdb63b0d19609e8990527378cb81ecf431e9", "68708df5eec1937caa894bf69c8bc4cad786983059603309efdaa5d3cb32d0f1", "e3d9fba192a6ac072a26d8fe01bd46e588b8ac1a1884a9631bf065eda1030c4e", "36fa1ef7e51ccbfb479295f282dcc041857bc815ffce4a804de9032d32b83f21", "866c9d84b99d9f3ec9eb5a334bcf09eb97656065d215db720e93ac1c7bce4527", "4f260d78edb483d8ba7a142a6f676c5cd557704d51e6685a4b8f4b102b464cf4", "9922548baf0ae8ebb1076f7f447843a908065b823478baa1b3863386d276ef61"], "mitre_attack_tags": []}, {"bi": "network-opendns-malicious", "hashes": ["747bd6273995007ca9d21d347e4717f4f3eec119a941a401a4bc5206929cfa35", "1d7e2c9f1ff6d0e0fb6e0fd9e27c5fa9017700913fd0ef99d765199e3b8ca63c", "9b81b625916ba8cbd0b75319d113463b7ba8792731f7e7ef18119976882018c0", "cfed04391c70bf143b7a8177719dc643196be2d35aced4753523a6e0468b907e", "d9bb6a6e6aecb53d126d326d539f0156b041fe13fcd2ec805f5e47c9c5e27f4e", "924e194f9a48d337a08e955ab59a4d950a345a67cdf82457352f46ac178cf3f2", "55d88c61e70034fe1b551101deb3428b95514fd2118dd3436c23f3164a1445b0"], "mitre_attack_tags": []}, {"bi": "malware-raccoon-mutex", "hashes": ["747bd6273995007ca9d21d347e4717f4f3eec119a941a401a4bc5206929cfa35", "1d7e2c9f1ff6d0e0fb6e0fd9e27c5fa9017700913fd0ef99d765199e3b8ca63c", "9b81b625916ba8cbd0b75319d113463b7ba8792731f7e7ef18119976882018c0", "cfed04391c70bf143b7a8177719dc643196be2d35aced4753523a6e0468b907e", "d9bb6a6e6aecb53d126d326d539f0156b041fe13fcd2ec805f5e47c9c5e27f4e", "924e194f9a48d337a08e955ab59a4d950a345a67cdf82457352f46ac178cf3f2", "55d88c61e70034fe1b551101deb3428b95514fd2118dd3436c23f3164a1445b0"], "mitre_attack_tags": []}, {"bi": "crash-dump-file-created", "hashes": ["1fbea8de123b8a8c9af77b9b5b92bdb63b0d19609e8990527378cb81ecf431e9", "68708df5eec1937caa894bf69c8bc4cad786983059603309efdaa5d3cb32d0f1", "36fa1ef7e51ccbfb479295f282dcc041857bc815ffce4a804de9032d32b83f21", "866c9d84b99d9f3ec9eb5a334bcf09eb97656065d215db720e93ac1c7bce4527", "4f260d78edb483d8ba7a142a6f676c5cd557704d51e6685a4b8f4b102b464cf4", "9922548baf0ae8ebb1076f7f447843a908065b823478baa1b3863386d276ef61"], "mitre_attack_tags": []}, {"bi": "fault-report-file-created", "hashes": ["1fbea8de123b8a8c9af77b9b5b92bdb63b0d19609e8990527378cb81ecf431e9", "68708df5eec1937caa894bf69c8bc4cad786983059603309efdaa5d3cb32d0f1", "36fa1ef7e51ccbfb479295f282dcc041857bc815ffce4a804de9032d32b83f21", "866c9d84b99d9f3ec9eb5a334bcf09eb97656065d215db720e93ac1c7bce4527", "4f260d78edb483d8ba7a142a6f676c5cd557704d51e6685a4b8f4b102b464cf4", "9922548baf0ae8ebb1076f7f447843a908065b823478baa1b3863386d276ef61"], "mitre_attack_tags": []}, {"bi": "sample-launched-copy-of-self", "hashes": ["68708df5eec1937caa894bf69c8bc4cad786983059603309efdaa5d3cb32d0f1", "36fa1ef7e51ccbfb479295f282dcc041857bc815ffce4a804de9032d32b83f21", "4f260d78edb483d8ba7a142a6f676c5cd557704d51e6685a4b8f4b102b464cf4", "9922548baf0ae8ebb1076f7f447843a908065b823478baa1b3863386d276ef61"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "pe-section-blank-name", "hashes": ["68708df5eec1937caa894bf69c8bc4cad786983059603309efdaa5d3cb32d0f1", "4f260d78edb483d8ba7a142a6f676c5cd557704d51e6685a4b8f4b102b464cf4"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "modified-executable", "hashes": ["e3d9fba192a6ac072a26d8fe01bd46e588b8ac1a1884a9631bf065eda1030c4e", "01f4f01b6853139297b1604d5ebf7e09a2a5a2cf2a68f3f4daa0b321453a1be1"], "mitre_attack_tags": []}, {"bi": "created-executable-in-user-dir", "hashes": ["e3d9fba192a6ac072a26d8fe01bd46e588b8ac1a1884a9631bf065eda1030c4e"], "mitre_attack_tags": []}, {"bi": "dns-query-nxdomain", "hashes": ["e3d9fba192a6ac072a26d8fe01bd46e588b8ac1a1884a9631bf065eda1030c4e"], "mitre_attack_tags": []}, {"bi": "dns-excessive-domain-queries", "hashes": ["e3d9fba192a6ac072a26d8fe01bd46e588b8ac1a1884a9631bf065eda1030c4e"], "mitre_attack_tags": ["TA0011", "T1008"]}, {"bi": "feed-domain-antivirus-service", "hashes": ["e3d9fba192a6ac072a26d8fe01bd46e588b8ac1a1884a9631bf065eda1030c4e"], "mitre_attack_tags": []}, {"bi": "pe-certificate", "hashes": ["e3d9fba192a6ac072a26d8fe01bd46e588b8ac1a1884a9631bf065eda1030c4e"], "mitre_attack_tags": []}, {"bi": "startup-folder-modification", "hashes": ["e3d9fba192a6ac072a26d8fe01bd46e588b8ac1a1884a9631bf065eda1030c4e"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "artifact-windows-component-suspicious-creation", "hashes": ["e3d9fba192a6ac072a26d8fe01bd46e588b8ac1a1884a9631bf065eda1030c4e"], "mitre_attack_tags": ["TA0005", "TA0002", "T1036", "T1569"]}, {"bi": "process-modified-zone-identifier", "hashes": ["e3d9fba192a6ac072a26d8fe01bd46e588b8ac1a1884a9631bf065eda1030c4e"], "mitre_attack_tags": ["TA0007", "TA0005", "T1518", "T1553"]}, {"bi": "created-executable-sample-appdata", "hashes": ["e3d9fba192a6ac072a26d8fe01bd46e588b8ac1a1884a9631bf065eda1030c4e"], "mitre_attack_tags": ["TA0005", "T1564"]}], "category": "Dropper", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": false, "Threat Grid": true, "Umbrella": true, "WSA": true}, "description": "Raccoon is an information-stealer written in C++. It collects system information and a list of installed applications, then steals cookies and autofill form details from various browsers (Chrome, Internet Explorer, Firefox, etc.). The malware can also steal credentials from email clients like Outlook, Thunderbird and Foxmail, then scan the infected device for information about valid cryptocurrency wallets. ", "hashes": ["01f4f01b6853139297b1604d5ebf7e09a2a5a2cf2a68f3f4daa0b321453a1be1", "1d7e2c9f1ff6d0e0fb6e0fd9e27c5fa9017700913fd0ef99d765199e3b8ca63c", "1fbea8de123b8a8c9af77b9b5b92bdb63b0d19609e8990527378cb81ecf431e9", "36fa1ef7e51ccbfb479295f282dcc041857bc815ffce4a804de9032d32b83f21", "4f260d78edb483d8ba7a142a6f676c5cd557704d51e6685a4b8f4b102b464cf4", "50de5d9e517b3873dce423f23e594132c345421351b422ab0afa102485a42157", "55d88c61e70034fe1b551101deb3428b95514fd2118dd3436c23f3164a1445b0", "68708df5eec1937caa894bf69c8bc4cad786983059603309efdaa5d3cb32d0f1", "747bd6273995007ca9d21d347e4717f4f3eec119a941a401a4bc5206929cfa35", "866c9d84b99d9f3ec9eb5a334bcf09eb97656065d215db720e93ac1c7bce4527", "924e194f9a48d337a08e955ab59a4d950a345a67cdf82457352f46ac178cf3f2", "9922548baf0ae8ebb1076f7f447843a908065b823478baa1b3863386d276ef61", "9b81b625916ba8cbd0b75319d113463b7ba8792731f7e7ef18119976882018c0", "cfed04391c70bf143b7a8177719dc643196be2d35aced4753523a6e0468b907e", "d9bb6a6e6aecb53d126d326d539f0156b041fe13fcd2ec805f5e47c9c5e27f4e", "e3d9fba192a6ac072a26d8fe01bd46e588b8ac1a1884a9631bf065eda1030c4e", "e622bfc9c6c1457a6652dd284206d1ae23a06971b2cac1ffabf6ed907b0917be"], "iocs": {"domain": [{"hashes": ["1d7e2c9f1ff6d0e0fb6e0fd9e27c5fa9017700913fd0ef99d765199e3b8ca63c", "55d88c61e70034fe1b551101deb3428b95514fd2118dd3436c23f3164a1445b0", "747bd6273995007ca9d21d347e4717f4f3eec119a941a401a4bc5206929cfa35", "924e194f9a48d337a08e955ab59a4d950a345a67cdf82457352f46ac178cf3f2", "9b81b625916ba8cbd0b75319d113463b7ba8792731f7e7ef18119976882018c0", "cfed04391c70bf143b7a8177719dc643196be2d35aced4753523a6e0468b907e", "d9bb6a6e6aecb53d126d326d539f0156b041fe13fcd2ec805f5e47c9c5e27f4e"], "host": "telete[.]in"}, {"hashes": ["e3d9fba192a6ac072a26d8fe01bd46e588b8ac1a1884a9631bf065eda1030c4e"], "host": "restreamnewsp1ot5s8[.]net"}], "file": [{"hashes": ["e3d9fba192a6ac072a26d8fe01bd46e588b8ac1a1884a9631bf065eda1030c4e"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\smss.exe"}, {"hashes": ["01f4f01b6853139297b1604d5ebf7e09a2a5a2cf2a68f3f4daa0b321453a1be1"], "path": "%ProgramData%\\b26ec769d32209b95045aec12985cb3b"}, {"hashes": ["01f4f01b6853139297b1604d5ebf7e09a2a5a2cf2a68f3f4daa0b321453a1be1"], "path": "%ProgramData%\\d2adf13ee3"}, {"hashes": ["01f4f01b6853139297b1604d5ebf7e09a2a5a2cf2a68f3f4daa0b321453a1be1"], "path": "%ProgramData%\\d2adf13ee3\\bdif.exe"}, {"hashes": ["01f4f01b6853139297b1604d5ebf7e09a2a5a2cf2a68f3f4daa0b321453a1be1"], "path": "%ProgramData%\\d2adf13ee3\\bdif.exe:Zone.Identifier"}], "ip": [{"hashes": ["1d7e2c9f1ff6d0e0fb6e0fd9e27c5fa9017700913fd0ef99d765199e3b8ca63c", "55d88c61e70034fe1b551101deb3428b95514fd2118dd3436c23f3164a1445b0", "747bd6273995007ca9d21d347e4717f4f3eec119a941a401a4bc5206929cfa35", "924e194f9a48d337a08e955ab59a4d950a345a67cdf82457352f46ac178cf3f2", "9b81b625916ba8cbd0b75319d113463b7ba8792731f7e7ef18119976882018c0", "cfed04391c70bf143b7a8177719dc643196be2d35aced4753523a6e0468b907e", "d9bb6a6e6aecb53d126d326d539f0156b041fe13fcd2ec805f5e47c9c5e27f4e"], "ip": "178[.]20[.]158[.]28"}], "mutex": [{"hashes": ["1d7e2c9f1ff6d0e0fb6e0fd9e27c5fa9017700913fd0ef99d765199e3b8ca63c", "55d88c61e70034fe1b551101deb3428b95514fd2118dd3436c23f3164a1445b0", "747bd6273995007ca9d21d347e4717f4f3eec119a941a401a4bc5206929cfa35", "924e194f9a48d337a08e955ab59a4d950a345a67cdf82457352f46ac178cf3f2", "9b81b625916ba8cbd0b75319d113463b7ba8792731f7e7ef18119976882018c0", "cfed04391c70bf143b7a8177719dc643196be2d35aced4753523a6e0468b907e", "d9bb6a6e6aecb53d126d326d539f0156b041fe13fcd2ec805f5e47c9c5e27f4e"], "name": "dfthorbnjAdministrator"}, {"hashes": ["1fbea8de123b8a8c9af77b9b5b92bdb63b0d19609e8990527378cb81ecf431e9", "36fa1ef7e51ccbfb479295f282dcc041857bc815ffce4a804de9032d32b83f21", "4f260d78edb483d8ba7a142a6f676c5cd557704d51e6685a4b8f4b102b464cf4", "68708df5eec1937caa894bf69c8bc4cad786983059603309efdaa5d3cb32d0f1", "866c9d84b99d9f3ec9eb5a334bcf09eb97656065d215db720e93ac1c7bce4527", "9922548baf0ae8ebb1076f7f447843a908065b823478baa1b3863386d276ef61"], "name": "Global\\<random guid>"}, {"hashes": ["e3d9fba192a6ac072a26d8fe01bd46e588b8ac1a1884a9631bf065eda1030c4e"], "name": "Asinc32537252"}], "registry": []}, "reports_count": 17}, "Win.Dropper.Zeus-9988134-0": {"bis": [{"bi": "memory-execute-readwrite", "hashes": ["509d232f20467648fe65a6e80633089c180a8578d8261f2a855468df181f21bf", "a30109e6257dcd2061f8b97048fb0857ffdc6ebd6aa182e7fab7fc991902ffa6", "712d4fdd065b2fc56f76f7e9a80170d6c3a6890a7d2c2832fdad4e702eebd3f9", "28e97a0e80445dc2b6bdb7788f46e4725be66a8b6bd10bab9a0e6606a019d233", "f0352da956db605dff874e2012a2cd7d1c8f5243113364d6573bdfd6a5b66cbd", "f9a9251d8bb3367ddd526c4ede83e85131a746427dd0e4cbc91d911ded6dae14", "2265ebdb4c1f4bff5b3b9a5ee22c656dc767300a4ed24fe75736920f3a87cfa0", "a42ff67a87835c92866d6b6eb5be36eee73a38f2ec27e87e27f42f927f67c4e6", "8f396d7e2c9c39daf77269d2fc0c09c5e060dc6dcbd2e7c975edf0543dd831b2", "7bcec64384ba0f9c98c37dfe34aeb7a7e02d8274fb2a8c0dcf9f57a071ad749b", "d1580f128d8482e61a2ffc369295047fc95f021f94e9254bd91d3e45e99402c1", "4057a92dba45b12688236bbb8014ee4a6b0691a925d88cec95917aab3585826c", "f7a26b708b437c1bacddbb219429f2080966fbe5c1e15215c75faa7ec659809a", "c99e88c7586e9387df13aa382de006760e6afa2c2e28450b4d4167e85c309fc2", "a47fdaf0f8175a8987ee5f252116b29d92300fc27283d06c96da0e16a50500a7", "5b2afd2c68782390c8278ce3d4b66f57145f496c357add2b05bc5a54753456c7", "4d1624381db7e6ddea26fdcef4599f304b31e1b0f9371abcc0b88ca131e10672"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["509d232f20467648fe65a6e80633089c180a8578d8261f2a855468df181f21bf", "a30109e6257dcd2061f8b97048fb0857ffdc6ebd6aa182e7fab7fc991902ffa6", "712d4fdd065b2fc56f76f7e9a80170d6c3a6890a7d2c2832fdad4e702eebd3f9", "28e97a0e80445dc2b6bdb7788f46e4725be66a8b6bd10bab9a0e6606a019d233", "f0352da956db605dff874e2012a2cd7d1c8f5243113364d6573bdfd6a5b66cbd", "f9a9251d8bb3367ddd526c4ede83e85131a746427dd0e4cbc91d911ded6dae14", "2265ebdb4c1f4bff5b3b9a5ee22c656dc767300a4ed24fe75736920f3a87cfa0", "a42ff67a87835c92866d6b6eb5be36eee73a38f2ec27e87e27f42f927f67c4e6", "8f396d7e2c9c39daf77269d2fc0c09c5e060dc6dcbd2e7c975edf0543dd831b2", "7bcec64384ba0f9c98c37dfe34aeb7a7e02d8274fb2a8c0dcf9f57a071ad749b", "d1580f128d8482e61a2ffc369295047fc95f021f94e9254bd91d3e45e99402c1", "4057a92dba45b12688236bbb8014ee4a6b0691a925d88cec95917aab3585826c", "f7a26b708b437c1bacddbb219429f2080966fbe5c1e15215c75faa7ec659809a", "c99e88c7586e9387df13aa382de006760e6afa2c2e28450b4d4167e85c309fc2", "a47fdaf0f8175a8987ee5f252116b29d92300fc27283d06c96da0e16a50500a7", "5b2afd2c68782390c8278ce3d4b66f57145f496c357add2b05bc5a54753456c7", "4d1624381db7e6ddea26fdcef4599f304b31e1b0f9371abcc0b88ca131e10672"], "mitre_attack_tags": []}, {"bi": "excessive-foreign-memory-modification", "hashes": ["509d232f20467648fe65a6e80633089c180a8578d8261f2a855468df181f21bf", "a30109e6257dcd2061f8b97048fb0857ffdc6ebd6aa182e7fab7fc991902ffa6", "712d4fdd065b2fc56f76f7e9a80170d6c3a6890a7d2c2832fdad4e702eebd3f9", "28e97a0e80445dc2b6bdb7788f46e4725be66a8b6bd10bab9a0e6606a019d233", "f0352da956db605dff874e2012a2cd7d1c8f5243113364d6573bdfd6a5b66cbd", "f9a9251d8bb3367ddd526c4ede83e85131a746427dd0e4cbc91d911ded6dae14", "2265ebdb4c1f4bff5b3b9a5ee22c656dc767300a4ed24fe75736920f3a87cfa0", "a42ff67a87835c92866d6b6eb5be36eee73a38f2ec27e87e27f42f927f67c4e6", "8f396d7e2c9c39daf77269d2fc0c09c5e060dc6dcbd2e7c975edf0543dd831b2", "7bcec64384ba0f9c98c37dfe34aeb7a7e02d8274fb2a8c0dcf9f57a071ad749b", "d1580f128d8482e61a2ffc369295047fc95f021f94e9254bd91d3e45e99402c1", "4057a92dba45b12688236bbb8014ee4a6b0691a925d88cec95917aab3585826c", "f7a26b708b437c1bacddbb219429f2080966fbe5c1e15215c75faa7ec659809a", "c99e88c7586e9387df13aa382de006760e6afa2c2e28450b4d4167e85c309fc2", "a47fdaf0f8175a8987ee5f252116b29d92300fc27283d06c96da0e16a50500a7", "5b2afd2c68782390c8278ce3d4b66f57145f496c357add2b05bc5a54753456c7", "4d1624381db7e6ddea26fdcef4599f304b31e1b0f9371abcc0b88ca131e10672"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "process-hollowing-detected", "hashes": ["509d232f20467648fe65a6e80633089c180a8578d8261f2a855468df181f21bf", "a30109e6257dcd2061f8b97048fb0857ffdc6ebd6aa182e7fab7fc991902ffa6", "712d4fdd065b2fc56f76f7e9a80170d6c3a6890a7d2c2832fdad4e702eebd3f9", "28e97a0e80445dc2b6bdb7788f46e4725be66a8b6bd10bab9a0e6606a019d233", "f0352da956db605dff874e2012a2cd7d1c8f5243113364d6573bdfd6a5b66cbd", "f9a9251d8bb3367ddd526c4ede83e85131a746427dd0e4cbc91d911ded6dae14", "2265ebdb4c1f4bff5b3b9a5ee22c656dc767300a4ed24fe75736920f3a87cfa0", "a42ff67a87835c92866d6b6eb5be36eee73a38f2ec27e87e27f42f927f67c4e6", "8f396d7e2c9c39daf77269d2fc0c09c5e060dc6dcbd2e7c975edf0543dd831b2", "7bcec64384ba0f9c98c37dfe34aeb7a7e02d8274fb2a8c0dcf9f57a071ad749b", "d1580f128d8482e61a2ffc369295047fc95f021f94e9254bd91d3e45e99402c1", "4057a92dba45b12688236bbb8014ee4a6b0691a925d88cec95917aab3585826c", "f7a26b708b437c1bacddbb219429f2080966fbe5c1e15215c75faa7ec659809a", "c99e88c7586e9387df13aa382de006760e6afa2c2e28450b4d4167e85c309fc2", "a47fdaf0f8175a8987ee5f252116b29d92300fc27283d06c96da0e16a50500a7", "5b2afd2c68782390c8278ce3d4b66f57145f496c357add2b05bc5a54753456c7", "4d1624381db7e6ddea26fdcef4599f304b31e1b0f9371abcc0b88ca131e10672"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "pe-certificate", "hashes": ["509d232f20467648fe65a6e80633089c180a8578d8261f2a855468df181f21bf", "a30109e6257dcd2061f8b97048fb0857ffdc6ebd6aa182e7fab7fc991902ffa6", "712d4fdd065b2fc56f76f7e9a80170d6c3a6890a7d2c2832fdad4e702eebd3f9", "28e97a0e80445dc2b6bdb7788f46e4725be66a8b6bd10bab9a0e6606a019d233", "f0352da956db605dff874e2012a2cd7d1c8f5243113364d6573bdfd6a5b66cbd", "f9a9251d8bb3367ddd526c4ede83e85131a746427dd0e4cbc91d911ded6dae14", "2265ebdb4c1f4bff5b3b9a5ee22c656dc767300a4ed24fe75736920f3a87cfa0", "a42ff67a87835c92866d6b6eb5be36eee73a38f2ec27e87e27f42f927f67c4e6", "8f396d7e2c9c39daf77269d2fc0c09c5e060dc6dcbd2e7c975edf0543dd831b2", "7bcec64384ba0f9c98c37dfe34aeb7a7e02d8274fb2a8c0dcf9f57a071ad749b", "d1580f128d8482e61a2ffc369295047fc95f021f94e9254bd91d3e45e99402c1", "4057a92dba45b12688236bbb8014ee4a6b0691a925d88cec95917aab3585826c", "f7a26b708b437c1bacddbb219429f2080966fbe5c1e15215c75faa7ec659809a", "c99e88c7586e9387df13aa382de006760e6afa2c2e28450b4d4167e85c309fc2", "a47fdaf0f8175a8987ee5f252116b29d92300fc27283d06c96da0e16a50500a7", "5b2afd2c68782390c8278ce3d4b66f57145f496c357add2b05bc5a54753456c7", "4d1624381db7e6ddea26fdcef4599f304b31e1b0f9371abcc0b88ca131e10672"], "mitre_attack_tags": []}, {"bi": "pe-tls-callback", "hashes": ["509d232f20467648fe65a6e80633089c180a8578d8261f2a855468df181f21bf", "a30109e6257dcd2061f8b97048fb0857ffdc6ebd6aa182e7fab7fc991902ffa6", "712d4fdd065b2fc56f76f7e9a80170d6c3a6890a7d2c2832fdad4e702eebd3f9", "28e97a0e80445dc2b6bdb7788f46e4725be66a8b6bd10bab9a0e6606a019d233", "f0352da956db605dff874e2012a2cd7d1c8f5243113364d6573bdfd6a5b66cbd", "f9a9251d8bb3367ddd526c4ede83e85131a746427dd0e4cbc91d911ded6dae14", "2265ebdb4c1f4bff5b3b9a5ee22c656dc767300a4ed24fe75736920f3a87cfa0", "a42ff67a87835c92866d6b6eb5be36eee73a38f2ec27e87e27f42f927f67c4e6", "8f396d7e2c9c39daf77269d2fc0c09c5e060dc6dcbd2e7c975edf0543dd831b2", "7bcec64384ba0f9c98c37dfe34aeb7a7e02d8274fb2a8c0dcf9f57a071ad749b", "d1580f128d8482e61a2ffc369295047fc95f021f94e9254bd91d3e45e99402c1", "4057a92dba45b12688236bbb8014ee4a6b0691a925d88cec95917aab3585826c", "f7a26b708b437c1bacddbb219429f2080966fbe5c1e15215c75faa7ec659809a", "c99e88c7586e9387df13aa382de006760e6afa2c2e28450b4d4167e85c309fc2", "a47fdaf0f8175a8987ee5f252116b29d92300fc27283d06c96da0e16a50500a7", "5b2afd2c68782390c8278ce3d4b66f57145f496c357add2b05bc5a54753456c7", "4d1624381db7e6ddea26fdcef4599f304b31e1b0f9371abcc0b88ca131e10672"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-invalid-certificate-signature", "hashes": ["509d232f20467648fe65a6e80633089c180a8578d8261f2a855468df181f21bf", "a30109e6257dcd2061f8b97048fb0857ffdc6ebd6aa182e7fab7fc991902ffa6", "712d4fdd065b2fc56f76f7e9a80170d6c3a6890a7d2c2832fdad4e702eebd3f9", "28e97a0e80445dc2b6bdb7788f46e4725be66a8b6bd10bab9a0e6606a019d233", "f0352da956db605dff874e2012a2cd7d1c8f5243113364d6573bdfd6a5b66cbd", "f9a9251d8bb3367ddd526c4ede83e85131a746427dd0e4cbc91d911ded6dae14", "2265ebdb4c1f4bff5b3b9a5ee22c656dc767300a4ed24fe75736920f3a87cfa0", "a42ff67a87835c92866d6b6eb5be36eee73a38f2ec27e87e27f42f927f67c4e6", "8f396d7e2c9c39daf77269d2fc0c09c5e060dc6dcbd2e7c975edf0543dd831b2", "7bcec64384ba0f9c98c37dfe34aeb7a7e02d8274fb2a8c0dcf9f57a071ad749b", "d1580f128d8482e61a2ffc369295047fc95f021f94e9254bd91d3e45e99402c1", "4057a92dba45b12688236bbb8014ee4a6b0691a925d88cec95917aab3585826c", "f7a26b708b437c1bacddbb219429f2080966fbe5c1e15215c75faa7ec659809a", "c99e88c7586e9387df13aa382de006760e6afa2c2e28450b4d4167e85c309fc2", "a47fdaf0f8175a8987ee5f252116b29d92300fc27283d06c96da0e16a50500a7", "5b2afd2c68782390c8278ce3d4b66f57145f496c357add2b05bc5a54753456c7", "4d1624381db7e6ddea26fdcef4599f304b31e1b0f9371abcc0b88ca131e10672"], "mitre_attack_tags": ["TA0005", "T1553"]}, {"bi": "pe-invalid-checksum", "hashes": ["509d232f20467648fe65a6e80633089c180a8578d8261f2a855468df181f21bf", "a30109e6257dcd2061f8b97048fb0857ffdc6ebd6aa182e7fab7fc991902ffa6", "712d4fdd065b2fc56f76f7e9a80170d6c3a6890a7d2c2832fdad4e702eebd3f9", "f0352da956db605dff874e2012a2cd7d1c8f5243113364d6573bdfd6a5b66cbd", "f9a9251d8bb3367ddd526c4ede83e85131a746427dd0e4cbc91d911ded6dae14", "2265ebdb4c1f4bff5b3b9a5ee22c656dc767300a4ed24fe75736920f3a87cfa0", "a42ff67a87835c92866d6b6eb5be36eee73a38f2ec27e87e27f42f927f67c4e6", "8f396d7e2c9c39daf77269d2fc0c09c5e060dc6dcbd2e7c975edf0543dd831b2", "d1580f128d8482e61a2ffc369295047fc95f021f94e9254bd91d3e45e99402c1", "4057a92dba45b12688236bbb8014ee4a6b0691a925d88cec95917aab3585826c", "f7a26b708b437c1bacddbb219429f2080966fbe5c1e15215c75faa7ec659809a", "c99e88c7586e9387df13aa382de006760e6afa2c2e28450b4d4167e85c309fc2", "a47fdaf0f8175a8987ee5f252116b29d92300fc27283d06c96da0e16a50500a7", "5b2afd2c68782390c8278ce3d4b66f57145f496c357add2b05bc5a54753456c7", "4d1624381db7e6ddea26fdcef4599f304b31e1b0f9371abcc0b88ca131e10672"], "mitre_attack_tags": []}, {"bi": "sample-launched-copy-of-self", "hashes": ["509d232f20467648fe65a6e80633089c180a8578d8261f2a855468df181f21bf", "28e97a0e80445dc2b6bdb7788f46e4725be66a8b6bd10bab9a0e6606a019d233", "f0352da956db605dff874e2012a2cd7d1c8f5243113364d6573bdfd6a5b66cbd", "2265ebdb4c1f4bff5b3b9a5ee22c656dc767300a4ed24fe75736920f3a87cfa0", "8f396d7e2c9c39daf77269d2fc0c09c5e060dc6dcbd2e7c975edf0543dd831b2", "f7a26b708b437c1bacddbb219429f2080966fbe5c1e15215c75faa7ec659809a", "c99e88c7586e9387df13aa382de006760e6afa2c2e28450b4d4167e85c309fc2", "a47fdaf0f8175a8987ee5f252116b29d92300fc27283d06c96da0e16a50500a7", "5b2afd2c68782390c8278ce3d4b66f57145f496c357add2b05bc5a54753456c7"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "antivirus-flagged-artifact", "hashes": ["a30109e6257dcd2061f8b97048fb0857ffdc6ebd6aa182e7fab7fc991902ffa6", "712d4fdd065b2fc56f76f7e9a80170d6c3a6890a7d2c2832fdad4e702eebd3f9", "28e97a0e80445dc2b6bdb7788f46e4725be66a8b6bd10bab9a0e6606a019d233", "f9a9251d8bb3367ddd526c4ede83e85131a746427dd0e4cbc91d911ded6dae14", "a42ff67a87835c92866d6b6eb5be36eee73a38f2ec27e87e27f42f927f67c4e6", "7bcec64384ba0f9c98c37dfe34aeb7a7e02d8274fb2a8c0dcf9f57a071ad749b", "d1580f128d8482e61a2ffc369295047fc95f021f94e9254bd91d3e45e99402c1", "4057a92dba45b12688236bbb8014ee4a6b0691a925d88cec95917aab3585826c", "4d1624381db7e6ddea26fdcef4599f304b31e1b0f9371abcc0b88ca131e10672"], "mitre_attack_tags": []}, {"bi": "modified-executable", "hashes": ["a30109e6257dcd2061f8b97048fb0857ffdc6ebd6aa182e7fab7fc991902ffa6", "712d4fdd065b2fc56f76f7e9a80170d6c3a6890a7d2c2832fdad4e702eebd3f9", "28e97a0e80445dc2b6bdb7788f46e4725be66a8b6bd10bab9a0e6606a019d233", "f9a9251d8bb3367ddd526c4ede83e85131a746427dd0e4cbc91d911ded6dae14", "a42ff67a87835c92866d6b6eb5be36eee73a38f2ec27e87e27f42f927f67c4e6", "7bcec64384ba0f9c98c37dfe34aeb7a7e02d8274fb2a8c0dcf9f57a071ad749b", "d1580f128d8482e61a2ffc369295047fc95f021f94e9254bd91d3e45e99402c1", "4057a92dba45b12688236bbb8014ee4a6b0691a925d88cec95917aab3585826c", "4d1624381db7e6ddea26fdcef4599f304b31e1b0f9371abcc0b88ca131e10672"], "mitre_attack_tags": []}, {"bi": "created-executable-in-user-dir", "hashes": ["a30109e6257dcd2061f8b97048fb0857ffdc6ebd6aa182e7fab7fc991902ffa6", "712d4fdd065b2fc56f76f7e9a80170d6c3a6890a7d2c2832fdad4e702eebd3f9", "28e97a0e80445dc2b6bdb7788f46e4725be66a8b6bd10bab9a0e6606a019d233", "f9a9251d8bb3367ddd526c4ede83e85131a746427dd0e4cbc91d911ded6dae14", "a42ff67a87835c92866d6b6eb5be36eee73a38f2ec27e87e27f42f927f67c4e6", "7bcec64384ba0f9c98c37dfe34aeb7a7e02d8274fb2a8c0dcf9f57a071ad749b", "d1580f128d8482e61a2ffc369295047fc95f021f94e9254bd91d3e45e99402c1", "4057a92dba45b12688236bbb8014ee4a6b0691a925d88cec95917aab3585826c", "4d1624381db7e6ddea26fdcef4599f304b31e1b0f9371abcc0b88ca131e10672"], "mitre_attack_tags": []}, {"bi": "modified-file-in-user-dir", "hashes": ["a30109e6257dcd2061f8b97048fb0857ffdc6ebd6aa182e7fab7fc991902ffa6", "712d4fdd065b2fc56f76f7e9a80170d6c3a6890a7d2c2832fdad4e702eebd3f9", "28e97a0e80445dc2b6bdb7788f46e4725be66a8b6bd10bab9a0e6606a019d233", "f9a9251d8bb3367ddd526c4ede83e85131a746427dd0e4cbc91d911ded6dae14", "a42ff67a87835c92866d6b6eb5be36eee73a38f2ec27e87e27f42f927f67c4e6", "7bcec64384ba0f9c98c37dfe34aeb7a7e02d8274fb2a8c0dcf9f57a071ad749b", "d1580f128d8482e61a2ffc369295047fc95f021f94e9254bd91d3e45e99402c1", "4057a92dba45b12688236bbb8014ee4a6b0691a925d88cec95917aab3585826c", "4d1624381db7e6ddea26fdcef4599f304b31e1b0f9371abcc0b88ca131e10672"], "mitre_attack_tags": []}, {"bi": "registry-autorun-key-modified", "hashes": ["a30109e6257dcd2061f8b97048fb0857ffdc6ebd6aa182e7fab7fc991902ffa6", "712d4fdd065b2fc56f76f7e9a80170d6c3a6890a7d2c2832fdad4e702eebd3f9", "28e97a0e80445dc2b6bdb7788f46e4725be66a8b6bd10bab9a0e6606a019d233", "f9a9251d8bb3367ddd526c4ede83e85131a746427dd0e4cbc91d911ded6dae14", "a42ff67a87835c92866d6b6eb5be36eee73a38f2ec27e87e27f42f927f67c4e6", "7bcec64384ba0f9c98c37dfe34aeb7a7e02d8274fb2a8c0dcf9f57a071ad749b", "d1580f128d8482e61a2ffc369295047fc95f021f94e9254bd91d3e45e99402c1", "4057a92dba45b12688236bbb8014ee4a6b0691a925d88cec95917aab3585826c", "4d1624381db7e6ddea26fdcef4599f304b31e1b0f9371abcc0b88ca131e10672"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "malware-known-trojan-av", "hashes": ["a30109e6257dcd2061f8b97048fb0857ffdc6ebd6aa182e7fab7fc991902ffa6", "712d4fdd065b2fc56f76f7e9a80170d6c3a6890a7d2c2832fdad4e702eebd3f9", "28e97a0e80445dc2b6bdb7788f46e4725be66a8b6bd10bab9a0e6606a019d233", "f9a9251d8bb3367ddd526c4ede83e85131a746427dd0e4cbc91d911ded6dae14", "a42ff67a87835c92866d6b6eb5be36eee73a38f2ec27e87e27f42f927f67c4e6", "d1580f128d8482e61a2ffc369295047fc95f021f94e9254bd91d3e45e99402c1", "4057a92dba45b12688236bbb8014ee4a6b0691a925d88cec95917aab3585826c", "4d1624381db7e6ddea26fdcef4599f304b31e1b0f9371abcc0b88ca131e10672"], "mitre_attack_tags": []}, {"bi": "registry-autorun-key-data-dir", "hashes": ["a30109e6257dcd2061f8b97048fb0857ffdc6ebd6aa182e7fab7fc991902ffa6", "712d4fdd065b2fc56f76f7e9a80170d6c3a6890a7d2c2832fdad4e702eebd3f9", "f9a9251d8bb3367ddd526c4ede83e85131a746427dd0e4cbc91d911ded6dae14", "a42ff67a87835c92866d6b6eb5be36eee73a38f2ec27e87e27f42f927f67c4e6", "7bcec64384ba0f9c98c37dfe34aeb7a7e02d8274fb2a8c0dcf9f57a071ad749b", "d1580f128d8482e61a2ffc369295047fc95f021f94e9254bd91d3e45e99402c1", "4057a92dba45b12688236bbb8014ee4a6b0691a925d88cec95917aab3585826c", "4d1624381db7e6ddea26fdcef4599f304b31e1b0f9371abcc0b88ca131e10672"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "pe-imports-toolhelp", "hashes": ["a30109e6257dcd2061f8b97048fb0857ffdc6ebd6aa182e7fab7fc991902ffa6", "712d4fdd065b2fc56f76f7e9a80170d6c3a6890a7d2c2832fdad4e702eebd3f9", "28e97a0e80445dc2b6bdb7788f46e4725be66a8b6bd10bab9a0e6606a019d233", "f9a9251d8bb3367ddd526c4ede83e85131a746427dd0e4cbc91d911ded6dae14", "a42ff67a87835c92866d6b6eb5be36eee73a38f2ec27e87e27f42f927f67c4e6", "d1580f128d8482e61a2ffc369295047fc95f021f94e9254bd91d3e45e99402c1", "4057a92dba45b12688236bbb8014ee4a6b0691a925d88cec95917aab3585826c", "4d1624381db7e6ddea26fdcef4599f304b31e1b0f9371abcc0b88ca131e10672"], "mitre_attack_tags": ["TA0007", "T1057"]}, {"bi": "listening-port-opened", "hashes": ["a30109e6257dcd2061f8b97048fb0857ffdc6ebd6aa182e7fab7fc991902ffa6", "712d4fdd065b2fc56f76f7e9a80170d6c3a6890a7d2c2832fdad4e702eebd3f9", "f9a9251d8bb3367ddd526c4ede83e85131a746427dd0e4cbc91d911ded6dae14", "a42ff67a87835c92866d6b6eb5be36eee73a38f2ec27e87e27f42f927f67c4e6", "d1580f128d8482e61a2ffc369295047fc95f021f94e9254bd91d3e45e99402c1", "4057a92dba45b12688236bbb8014ee4a6b0691a925d88cec95917aab3585826c", "4d1624381db7e6ddea26fdcef4599f304b31e1b0f9371abcc0b88ca131e10672"], "mitre_attack_tags": ["TA0011", "T1219"]}, {"bi": "files-deleted-used-batch", "hashes": ["a30109e6257dcd2061f8b97048fb0857ffdc6ebd6aa182e7fab7fc991902ffa6", "712d4fdd065b2fc56f76f7e9a80170d6c3a6890a7d2c2832fdad4e702eebd3f9", "f9a9251d8bb3367ddd526c4ede83e85131a746427dd0e4cbc91d911ded6dae14", "a42ff67a87835c92866d6b6eb5be36eee73a38f2ec27e87e27f42f927f67c4e6", "d1580f128d8482e61a2ffc369295047fc95f021f94e9254bd91d3e45e99402c1", "4057a92dba45b12688236bbb8014ee4a6b0691a925d88cec95917aab3585826c", "4d1624381db7e6ddea26fdcef4599f304b31e1b0f9371abcc0b88ca131e10672"], "mitre_attack_tags": ["TA0005"]}, {"bi": "cmd-exe-file-execution", "hashes": ["a30109e6257dcd2061f8b97048fb0857ffdc6ebd6aa182e7fab7fc991902ffa6", "712d4fdd065b2fc56f76f7e9a80170d6c3a6890a7d2c2832fdad4e702eebd3f9", "f9a9251d8bb3367ddd526c4ede83e85131a746427dd0e4cbc91d911ded6dae14", "a42ff67a87835c92866d6b6eb5be36eee73a38f2ec27e87e27f42f927f67c4e6", "d1580f128d8482e61a2ffc369295047fc95f021f94e9254bd91d3e45e99402c1", "4057a92dba45b12688236bbb8014ee4a6b0691a925d88cec95917aab3585826c", "4d1624381db7e6ddea26fdcef4599f304b31e1b0f9371abcc0b88ca131e10672"], "mitre_attack_tags": ["TA0002", "T1059"]}, {"bi": "unsigned-roaming-execution", "hashes": ["a30109e6257dcd2061f8b97048fb0857ffdc6ebd6aa182e7fab7fc991902ffa6", "712d4fdd065b2fc56f76f7e9a80170d6c3a6890a7d2c2832fdad4e702eebd3f9", "f9a9251d8bb3367ddd526c4ede83e85131a746427dd0e4cbc91d911ded6dae14", "a42ff67a87835c92866d6b6eb5be36eee73a38f2ec27e87e27f42f927f67c4e6", "d1580f128d8482e61a2ffc369295047fc95f021f94e9254bd91d3e45e99402c1", "4057a92dba45b12688236bbb8014ee4a6b0691a925d88cec95917aab3585826c", "4d1624381db7e6ddea26fdcef4599f304b31e1b0f9371abcc0b88ca131e10672"], "mitre_attack_tags": ["TA0005"]}, {"bi": "sample-pe-modified-on-disk", "hashes": ["a30109e6257dcd2061f8b97048fb0857ffdc6ebd6aa182e7fab7fc991902ffa6", "712d4fdd065b2fc56f76f7e9a80170d6c3a6890a7d2c2832fdad4e702eebd3f9", "f9a9251d8bb3367ddd526c4ede83e85131a746427dd0e4cbc91d911ded6dae14", "a42ff67a87835c92866d6b6eb5be36eee73a38f2ec27e87e27f42f927f67c4e6", "d1580f128d8482e61a2ffc369295047fc95f021f94e9254bd91d3e45e99402c1", "4057a92dba45b12688236bbb8014ee4a6b0691a925d88cec95917aab3585826c", "4d1624381db7e6ddea26fdcef4599f304b31e1b0f9371abcc0b88ca131e10672"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "registry-ie-zone-settings-modified", "hashes": ["a30109e6257dcd2061f8b97048fb0857ffdc6ebd6aa182e7fab7fc991902ffa6", "712d4fdd065b2fc56f76f7e9a80170d6c3a6890a7d2c2832fdad4e702eebd3f9", "f9a9251d8bb3367ddd526c4ede83e85131a746427dd0e4cbc91d911ded6dae14", "a42ff67a87835c92866d6b6eb5be36eee73a38f2ec27e87e27f42f927f67c4e6", "d1580f128d8482e61a2ffc369295047fc95f021f94e9254bd91d3e45e99402c1", "4057a92dba45b12688236bbb8014ee4a6b0691a925d88cec95917aab3585826c", "4d1624381db7e6ddea26fdcef4599f304b31e1b0f9371abcc0b88ca131e10672"], "mitre_attack_tags": ["TA0005", "T1562"]}, {"bi": "malware-zeus-mutex-detected", "hashes": ["a30109e6257dcd2061f8b97048fb0857ffdc6ebd6aa182e7fab7fc991902ffa6", "712d4fdd065b2fc56f76f7e9a80170d6c3a6890a7d2c2832fdad4e702eebd3f9", "f9a9251d8bb3367ddd526c4ede83e85131a746427dd0e4cbc91d911ded6dae14", "a42ff67a87835c92866d6b6eb5be36eee73a38f2ec27e87e27f42f927f67c4e6", "d1580f128d8482e61a2ffc369295047fc95f021f94e9254bd91d3e45e99402c1", "4057a92dba45b12688236bbb8014ee4a6b0691a925d88cec95917aab3585826c", "4d1624381db7e6ddea26fdcef4599f304b31e1b0f9371abcc0b88ca131e10672"], "mitre_attack_tags": []}, {"bi": "dns-query-nxdomain", "hashes": ["f9a9251d8bb3367ddd526c4ede83e85131a746427dd0e4cbc91d911ded6dae14", "a42ff67a87835c92866d6b6eb5be36eee73a38f2ec27e87e27f42f927f67c4e6", "7bcec64384ba0f9c98c37dfe34aeb7a7e02d8274fb2a8c0dcf9f57a071ad749b", "d1580f128d8482e61a2ffc369295047fc95f021f94e9254bd91d3e45e99402c1", "4d1624381db7e6ddea26fdcef4599f304b31e1b0f9371abcc0b88ca131e10672"], "mitre_attack_tags": []}, {"bi": "feed-domain-rat", "hashes": ["f9a9251d8bb3367ddd526c4ede83e85131a746427dd0e4cbc91d911ded6dae14", "a42ff67a87835c92866d6b6eb5be36eee73a38f2ec27e87e27f42f927f67c4e6", "7bcec64384ba0f9c98c37dfe34aeb7a7e02d8274fb2a8c0dcf9f57a071ad749b", "d1580f128d8482e61a2ffc369295047fc95f021f94e9254bd91d3e45e99402c1", "4d1624381db7e6ddea26fdcef4599f304b31e1b0f9371abcc0b88ca131e10672"], "mitre_attack_tags": []}, {"bi": "feed-domain-antivirus-service", "hashes": ["f9a9251d8bb3367ddd526c4ede83e85131a746427dd0e4cbc91d911ded6dae14", "a42ff67a87835c92866d6b6eb5be36eee73a38f2ec27e87e27f42f927f67c4e6", "7bcec64384ba0f9c98c37dfe34aeb7a7e02d8274fb2a8c0dcf9f57a071ad749b", "d1580f128d8482e61a2ffc369295047fc95f021f94e9254bd91d3e45e99402c1", "4d1624381db7e6ddea26fdcef4599f304b31e1b0f9371abcc0b88ca131e10672"], "mitre_attack_tags": []}, {"bi": "feed-domain-banking", "hashes": ["f9a9251d8bb3367ddd526c4ede83e85131a746427dd0e4cbc91d911ded6dae14", "a42ff67a87835c92866d6b6eb5be36eee73a38f2ec27e87e27f42f927f67c4e6", "d1580f128d8482e61a2ffc369295047fc95f021f94e9254bd91d3e45e99402c1", "4d1624381db7e6ddea26fdcef4599f304b31e1b0f9371abcc0b88ca131e10672"], "mitre_attack_tags": []}, {"bi": "network-communications-http-get", "hashes": ["a30109e6257dcd2061f8b97048fb0857ffdc6ebd6aa182e7fab7fc991902ffa6", "712d4fdd065b2fc56f76f7e9a80170d6c3a6890a7d2c2832fdad4e702eebd3f9", "4057a92dba45b12688236bbb8014ee4a6b0691a925d88cec95917aab3585826c"], "mitre_attack_tags": ["TA0011", "T1105"]}, {"bi": "artifact-flagged-anomaly", "hashes": ["712d4fdd065b2fc56f76f7e9a80170d6c3a6890a7d2c2832fdad4e702eebd3f9", "28e97a0e80445dc2b6bdb7788f46e4725be66a8b6bd10bab9a0e6606a019d233", "4057a92dba45b12688236bbb8014ee4a6b0691a925d88cec95917aab3585826c"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "http-response-redirect", "hashes": ["a30109e6257dcd2061f8b97048fb0857ffdc6ebd6aa182e7fab7fc991902ffa6", "712d4fdd065b2fc56f76f7e9a80170d6c3a6890a7d2c2832fdad4e702eebd3f9"], "mitre_attack_tags": []}, {"bi": "url-not-found", "hashes": ["a30109e6257dcd2061f8b97048fb0857ffdc6ebd6aa182e7fab7fc991902ffa6", "712d4fdd065b2fc56f76f7e9a80170d6c3a6890a7d2c2832fdad4e702eebd3f9"], "mitre_attack_tags": []}, {"bi": "network-opendns-malicious", "hashes": ["712d4fdd065b2fc56f76f7e9a80170d6c3a6890a7d2c2832fdad4e702eebd3f9", "7bcec64384ba0f9c98c37dfe34aeb7a7e02d8274fb2a8c0dcf9f57a071ad749b"], "mitre_attack_tags": []}, {"bi": "imports-IsDebuggerPresent", "hashes": ["28e97a0e80445dc2b6bdb7788f46e4725be66a8b6bd10bab9a0e6606a019d233", "7bcec64384ba0f9c98c37dfe34aeb7a7e02d8274fb2a8c0dcf9f57a071ad749b"], "mitre_attack_tags": ["TA0005", "TA0007"]}, {"bi": "created-executable-sample-appdata", "hashes": ["28e97a0e80445dc2b6bdb7788f46e4725be66a8b6bd10bab9a0e6606a019d233", "7bcec64384ba0f9c98c37dfe34aeb7a7e02d8274fb2a8c0dcf9f57a071ad749b"], "mitre_attack_tags": ["TA0005", "T1564"]}, {"bi": "http-response-client-error", "hashes": ["712d4fdd065b2fc56f76f7e9a80170d6c3a6890a7d2c2832fdad4e702eebd3f9"], "mitre_attack_tags": []}, {"bi": "altered-sample-dns-flagged", "hashes": ["712d4fdd065b2fc56f76f7e9a80170d6c3a6890a7d2c2832fdad4e702eebd3f9"], "mitre_attack_tags": ["TA0011", "T1102"]}, {"bi": "potential-registry-persistence", "hashes": ["28e97a0e80445dc2b6bdb7788f46e4725be66a8b6bd10bab9a0e6606a019d233"], "mitre_attack_tags": ["TA0003"]}, {"bi": "artifact-windows-component-suspicious-creation", "hashes": ["28e97a0e80445dc2b6bdb7788f46e4725be66a8b6bd10bab9a0e6606a019d233"], "mitre_attack_tags": ["TA0005", "TA0002", "T1036", "T1569"]}, {"bi": "network-snort-protocol", "hashes": ["7bcec64384ba0f9c98c37dfe34aeb7a7e02d8274fb2a8c0dcf9f57a071ad749b"], "mitre_attack_tags": []}, {"bi": "dns-excessive-domain-queries", "hashes": ["7bcec64384ba0f9c98c37dfe34aeb7a7e02d8274fb2a8c0dcf9f57a071ad749b"], "mitre_attack_tags": ["TA0011", "T1008"]}, {"bi": "process-requested-named-pipe", "hashes": ["7bcec64384ba0f9c98c37dfe34aeb7a7e02d8274fb2a8c0dcf9f57a071ad749b"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "network-snort-indicator-compromise", "hashes": ["7bcec64384ba0f9c98c37dfe34aeb7a7e02d8274fb2a8c0dcf9f57a071ad749b"], "mitre_attack_tags": []}, {"bi": "localhost-ipaddress-detected", "hashes": ["7bcec64384ba0f9c98c37dfe34aeb7a7e02d8274fb2a8c0dcf9f57a071ad749b"], "mitre_attack_tags": []}, {"bi": "public-ip-address-identification-attempt", "hashes": ["7bcec64384ba0f9c98c37dfe34aeb7a7e02d8274fb2a8c0dcf9f57a071ad749b"], "mitre_attack_tags": ["TA0007", "T1082", "T1016"]}, {"bi": "feed-public-ip-check-dns", "hashes": ["7bcec64384ba0f9c98c37dfe34aeb7a7e02d8274fb2a8c0dcf9f57a071ad749b"], "mitre_attack_tags": []}, {"bi": "registry-autorun-suspicious-public-ip", "hashes": ["7bcec64384ba0f9c98c37dfe34aeb7a7e02d8274fb2a8c0dcf9f57a071ad749b"], "mitre_attack_tags": []}, {"bi": "excessive-sample-duplication", "hashes": ["7bcec64384ba0f9c98c37dfe34aeb7a7e02d8274fb2a8c0dcf9f57a071ad749b"], "mitre_attack_tags": ["TA0005", "TA0003"]}, {"bi": "network-dns-category-cnc", "hashes": ["7bcec64384ba0f9c98c37dfe34aeb7a7e02d8274fb2a8c0dcf9f57a071ad749b"], "mitre_attack_tags": ["TA0011"]}, {"bi": "network-benign-process", "hashes": ["7bcec64384ba0f9c98c37dfe34aeb7a7e02d8274fb2a8c0dcf9f57a071ad749b"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "modified-file-on-usb", "hashes": ["7bcec64384ba0f9c98c37dfe34aeb7a7e02d8274fb2a8c0dcf9f57a071ad749b"], "mitre_attack_tags": ["TA0011", "T1092"]}, {"bi": "created-executable-on-usb", "hashes": ["7bcec64384ba0f9c98c37dfe34aeb7a7e02d8274fb2a8c0dcf9f57a071ad749b"], "mitre_attack_tags": ["TA0001", "TA0008", "T1091"]}, {"bi": "sample-copied-to-usb", "hashes": ["7bcec64384ba0f9c98c37dfe34aeb7a7e02d8274fb2a8c0dcf9f57a071ad749b"], "mitre_attack_tags": ["TA0001", "TA0008", "T1091"]}, {"bi": "artifact-exec-extension-obfuscation", "hashes": ["7bcec64384ba0f9c98c37dfe34aeb7a7e02d8274fb2a8c0dcf9f57a071ad749b"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "possible-dga-communication", "hashes": ["7bcec64384ba0f9c98c37dfe34aeb7a7e02d8274fb2a8c0dcf9f57a071ad749b"], "mitre_attack_tags": ["TA0011", "T1568"]}, {"bi": "artifact-lnk-calls-cmd", "hashes": ["7bcec64384ba0f9c98c37dfe34aeb7a7e02d8274fb2a8c0dcf9f57a071ad749b"], "mitre_attack_tags": ["TA0002", "T1059"]}, {"bi": "registry-autorun-key-temp-dir", "hashes": ["7bcec64384ba0f9c98c37dfe34aeb7a7e02d8274fb2a8c0dcf9f57a071ad749b"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "process-requested-file-external-drive", "hashes": ["7bcec64384ba0f9c98c37dfe34aeb7a7e02d8274fb2a8c0dcf9f57a071ad749b"], "mitre_attack_tags": ["TA0009", "T1025"]}, {"bi": "lnk-no-creation-date", "hashes": ["7bcec64384ba0f9c98c37dfe34aeb7a7e02d8274fb2a8c0dcf9f57a071ad749b"], "mitre_attack_tags": ["TA0002", "T1203"]}, {"bi": "malware-ruskill-mutex-detected", "hashes": ["7bcec64384ba0f9c98c37dfe34aeb7a7e02d8274fb2a8c0dcf9f57a071ad749b"], "mitre_attack_tags": []}, {"bi": "artifact-lnk-calls-cmd-exit", "hashes": ["7bcec64384ba0f9c98c37dfe34aeb7a7e02d8274fb2a8c0dcf9f57a071ad749b"], "mitre_attack_tags": ["TA0002", "T1059"]}, {"bi": "artifact-multiple-extensions", "hashes": ["7bcec64384ba0f9c98c37dfe34aeb7a7e02d8274fb2a8c0dcf9f57a071ad749b"], "mitre_attack_tags": ["TA0005", "T1036"]}, {"bi": "netbios-query", "hashes": ["4d1624381db7e6ddea26fdcef4599f304b31e1b0f9371abcc0b88ca131e10672"], "mitre_attack_tags": ["TA0007", "T1016"]}], "category": "Dropper", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": true, "Threat Grid": true, "Umbrella": true, "WSA": true}, "description": "Zeus is a trojan that steals information such as banking credentials using methods such as key-logging and form-grabbing.", "hashes": ["2265ebdb4c1f4bff5b3b9a5ee22c656dc767300a4ed24fe75736920f3a87cfa0", "28e97a0e80445dc2b6bdb7788f46e4725be66a8b6bd10bab9a0e6606a019d233", "4057a92dba45b12688236bbb8014ee4a6b0691a925d88cec95917aab3585826c", "4d1624381db7e6ddea26fdcef4599f304b31e1b0f9371abcc0b88ca131e10672", "509d232f20467648fe65a6e80633089c180a8578d8261f2a855468df181f21bf", "5b2afd2c68782390c8278ce3d4b66f57145f496c357add2b05bc5a54753456c7", "712d4fdd065b2fc56f76f7e9a80170d6c3a6890a7d2c2832fdad4e702eebd3f9", "7bcec64384ba0f9c98c37dfe34aeb7a7e02d8274fb2a8c0dcf9f57a071ad749b", "8f396d7e2c9c39daf77269d2fc0c09c5e060dc6dcbd2e7c975edf0543dd831b2", "a30109e6257dcd2061f8b97048fb0857ffdc6ebd6aa182e7fab7fc991902ffa6", "a42ff67a87835c92866d6b6eb5be36eee73a38f2ec27e87e27f42f927f67c4e6", "a47fdaf0f8175a8987ee5f252116b29d92300fc27283d06c96da0e16a50500a7", "c99e88c7586e9387df13aa382de006760e6afa2c2e28450b4d4167e85c309fc2", "d1580f128d8482e61a2ffc369295047fc95f021f94e9254bd91d3e45e99402c1", "f0352da956db605dff874e2012a2cd7d1c8f5243113364d6573bdfd6a5b66cbd", "f7a26b708b437c1bacddbb219429f2080966fbe5c1e15215c75faa7ec659809a", "f9a9251d8bb3367ddd526c4ede83e85131a746427dd0e4cbc91d911ded6dae14"], "iocs": {"domain": [{"hashes": ["7bcec64384ba0f9c98c37dfe34aeb7a7e02d8274fb2a8c0dcf9f57a071ad749b"], "host": "api[.]wipmania[.]com"}, {"hashes": ["7bcec64384ba0f9c98c37dfe34aeb7a7e02d8274fb2a8c0dcf9f57a071ad749b"], "host": "n[.]aoyylwyxd[.]ru"}, {"hashes": ["7bcec64384ba0f9c98c37dfe34aeb7a7e02d8274fb2a8c0dcf9f57a071ad749b"], "host": "n[.]ezjhyxxbf[.]ru"}, {"hashes": ["7bcec64384ba0f9c98c37dfe34aeb7a7e02d8274fb2a8c0dcf9f57a071ad749b"], "host": "n[.]hmiblgoja[.]ru"}, {"hashes": ["7bcec64384ba0f9c98c37dfe34aeb7a7e02d8274fb2a8c0dcf9f57a071ad749b"], "host": "n[.]jntbxduhz[.]ru"}, {"hashes": ["7bcec64384ba0f9c98c37dfe34aeb7a7e02d8274fb2a8c0dcf9f57a071ad749b"], "host": "n[.]jupoofsnc[.]ru"}, {"hashes": ["7bcec64384ba0f9c98c37dfe34aeb7a7e02d8274fb2a8c0dcf9f57a071ad749b"], "host": "n[.]kvupdstwh[.]ru"}, {"hashes": ["7bcec64384ba0f9c98c37dfe34aeb7a7e02d8274fb2a8c0dcf9f57a071ad749b"], "host": "n[.]lotys[.]ru"}, {"hashes": ["7bcec64384ba0f9c98c37dfe34aeb7a7e02d8274fb2a8c0dcf9f57a071ad749b"], "host": "n[.]oceardpku[.]ru"}, {"hashes": ["7bcec64384ba0f9c98c37dfe34aeb7a7e02d8274fb2a8c0dcf9f57a071ad749b"], "host": "n[.]spgpemwqk[.]ru"}, {"hashes": ["7bcec64384ba0f9c98c37dfe34aeb7a7e02d8274fb2a8c0dcf9f57a071ad749b"], "host": "n[.]vbemnggcj[.]ru"}, {"hashes": ["7bcec64384ba0f9c98c37dfe34aeb7a7e02d8274fb2a8c0dcf9f57a071ad749b"], "host": "n[.]yqqufklho[.]ru"}, {"hashes": ["7bcec64384ba0f9c98c37dfe34aeb7a7e02d8274fb2a8c0dcf9f57a071ad749b"], "host": "n[.]yxntnyrap[.]ru"}, {"hashes": ["7bcec64384ba0f9c98c37dfe34aeb7a7e02d8274fb2a8c0dcf9f57a071ad749b"], "host": "n[.]zhgcuntif[.]ru"}, {"hashes": ["7bcec64384ba0f9c98c37dfe34aeb7a7e02d8274fb2a8c0dcf9f57a071ad749b"], "host": "n[.]zhjdwkpaz[.]ru"}, {"hashes": ["712d4fdd065b2fc56f76f7e9a80170d6c3a6890a7d2c2832fdad4e702eebd3f9"], "host": "dogaltas[.]gen[.]tr"}, {"hashes": ["712d4fdd065b2fc56f76f7e9a80170d6c3a6890a7d2c2832fdad4e702eebd3f9"], "host": "www[.]dogaltas[.]gen[.]tr"}, {"hashes": ["4d1624381db7e6ddea26fdcef4599f304b31e1b0f9371abcc0b88ca131e10672"], "host": "jeonero[.]com"}, {"hashes": ["a30109e6257dcd2061f8b97048fb0857ffdc6ebd6aa182e7fab7fc991902ffa6"], "host": "ismailerdem[.]com"}, {"hashes": ["a42ff67a87835c92866d6b6eb5be36eee73a38f2ec27e87e27f42f927f67c4e6"], "host": "pongwebdevelop[.]com"}, {"hashes": ["d1580f128d8482e61a2ffc369295047fc95f021f94e9254bd91d3e45e99402c1"], "host": "softtechinterviews[.]com"}, {"hashes": ["f9a9251d8bb3367ddd526c4ede83e85131a746427dd0e4cbc91d911ded6dae14"], "host": "paperboidope[.]com"}, {"hashes": ["4057a92dba45b12688236bbb8014ee4a6b0691a925d88cec95917aab3585826c"], "host": "panhandlepros[.]com"}, {"hashes": ["a30109e6257dcd2061f8b97048fb0857ffdc6ebd6aa182e7fab7fc991902ffa6"], "host": "www[.]ismailerdem[.]com"}], "file": [{"hashes": ["4057a92dba45b12688236bbb8014ee4a6b0691a925d88cec95917aab3585826c", "4d1624381db7e6ddea26fdcef4599f304b31e1b0f9371abcc0b88ca131e10672", "712d4fdd065b2fc56f76f7e9a80170d6c3a6890a7d2c2832fdad4e702eebd3f9", "7bcec64384ba0f9c98c37dfe34aeb7a7e02d8274fb2a8c0dcf9f57a071ad749b", "a30109e6257dcd2061f8b97048fb0857ffdc6ebd6aa182e7fab7fc991902ffa6", "a42ff67a87835c92866d6b6eb5be36eee73a38f2ec27e87e27f42f927f67c4e6", "d1580f128d8482e61a2ffc369295047fc95f021f94e9254bd91d3e45e99402c1", "f9a9251d8bb3367ddd526c4ede83e85131a746427dd0e4cbc91d911ded6dae14"], "path": "%APPDATA%\\<random, matching '[a-z0-9]{3,7}'>"}, {"hashes": ["4057a92dba45b12688236bbb8014ee4a6b0691a925d88cec95917aab3585826c", "4d1624381db7e6ddea26fdcef4599f304b31e1b0f9371abcc0b88ca131e10672", "712d4fdd065b2fc56f76f7e9a80170d6c3a6890a7d2c2832fdad4e702eebd3f9", "a30109e6257dcd2061f8b97048fb0857ffdc6ebd6aa182e7fab7fc991902ffa6", "a42ff67a87835c92866d6b6eb5be36eee73a38f2ec27e87e27f42f927f67c4e6", "d1580f128d8482e61a2ffc369295047fc95f021f94e9254bd91d3e45e99402c1", "f9a9251d8bb3367ddd526c4ede83e85131a746427dd0e4cbc91d911ded6dae14"], "path": "%TEMP%\\tmp<random, matching '[0-9a-z]{8}'>.bat"}, {"hashes": ["4057a92dba45b12688236bbb8014ee4a6b0691a925d88cec95917aab3585826c", "4d1624381db7e6ddea26fdcef4599f304b31e1b0f9371abcc0b88ca131e10672", "712d4fdd065b2fc56f76f7e9a80170d6c3a6890a7d2c2832fdad4e702eebd3f9", "a30109e6257dcd2061f8b97048fb0857ffdc6ebd6aa182e7fab7fc991902ffa6", "a42ff67a87835c92866d6b6eb5be36eee73a38f2ec27e87e27f42f927f67c4e6", "d1580f128d8482e61a2ffc369295047fc95f021f94e9254bd91d3e45e99402c1", "f9a9251d8bb3367ddd526c4ede83e85131a746427dd0e4cbc91d911ded6dae14"], "path": "%APPDATA%\\<random, matching '[A-Z][a-z]{3,5}\\[a-z]{4,6}'>.exe"}, {"hashes": ["7bcec64384ba0f9c98c37dfe34aeb7a7e02d8274fb2a8c0dcf9f57a071ad749b"], "path": "\\$RECYCLE.BIN.lnk"}, {"hashes": ["7bcec64384ba0f9c98c37dfe34aeb7a7e02d8274fb2a8c0dcf9f57a071ad749b"], "path": "\\System_Volume_Information.lnk"}, {"hashes": ["7bcec64384ba0f9c98c37dfe34aeb7a7e02d8274fb2a8c0dcf9f57a071ad749b"], "path": "\\jsdrpAj.exe"}, {"hashes": ["7bcec64384ba0f9c98c37dfe34aeb7a7e02d8274fb2a8c0dcf9f57a071ad749b"], "path": "E:\\$RECYCLE.BIN.lnk"}, {"hashes": ["7bcec64384ba0f9c98c37dfe34aeb7a7e02d8274fb2a8c0dcf9f57a071ad749b"], "path": "E:\\System_Volume_Information.lnk"}, {"hashes": ["7bcec64384ba0f9c98c37dfe34aeb7a7e02d8274fb2a8c0dcf9f57a071ad749b"], "path": "E:\\c731200"}, {"hashes": ["7bcec64384ba0f9c98c37dfe34aeb7a7e02d8274fb2a8c0dcf9f57a071ad749b"], "path": "E:\\jsdrpAj.exe"}, {"hashes": ["7bcec64384ba0f9c98c37dfe34aeb7a7e02d8274fb2a8c0dcf9f57a071ad749b"], "path": "%TEMP%\\c731200"}, {"hashes": ["7bcec64384ba0f9c98c37dfe34aeb7a7e02d8274fb2a8c0dcf9f57a071ad749b"], "path": "%TEMP%\\Adobe"}, {"hashes": ["7bcec64384ba0f9c98c37dfe34aeb7a7e02d8274fb2a8c0dcf9f57a071ad749b"], "path": "%TEMP%\\Adobe\\Reader_sl.exe"}, {"hashes": ["28e97a0e80445dc2b6bdb7788f46e4725be66a8b6bd10bab9a0e6606a019d233"], "path": "%LOCALAPPDATA%\\svchost.exe"}, {"hashes": ["28e97a0e80445dc2b6bdb7788f46e4725be66a8b6bd10bab9a0e6606a019d233"], "path": "%LOCALAPPDATA%\\Microsoft\\Windows\\Temporary Internet Files\\Low\\svchost.exe"}, {"hashes": ["712d4fdd065b2fc56f76f7e9a80170d6c3a6890a7d2c2832fdad4e702eebd3f9"], "path": "%APPDATA%\\Yxgye\\sovak.lec"}, {"hashes": ["4d1624381db7e6ddea26fdcef4599f304b31e1b0f9371abcc0b88ca131e10672"], "path": "%APPDATA%\\Gousla\\kaun.epa"}, {"hashes": ["28e97a0e80445dc2b6bdb7788f46e4725be66a8b6bd10bab9a0e6606a019d233"], "path": "%LOCALAPPDATA%\\Microsoft\\Windows\\Temporary Internet Files\\Low\\RCX51FD.tmp"}, {"hashes": ["d1580f128d8482e61a2ffc369295047fc95f021f94e9254bd91d3e45e99402c1"], "path": "%APPDATA%\\Uktipi\\abox.okt"}, {"hashes": ["7bcec64384ba0f9c98c37dfe34aeb7a7e02d8274fb2a8c0dcf9f57a071ad749b"], "path": "%APPDATA%\\Identities\\Noawaj.exe"}, {"hashes": ["4057a92dba45b12688236bbb8014ee4a6b0691a925d88cec95917aab3585826c"], "path": "%APPDATA%\\Cayku\\inwa.ivv"}, {"hashes": ["f9a9251d8bb3367ddd526c4ede83e85131a746427dd0e4cbc91d911ded6dae14"], "path": "%APPDATA%\\Okbaeq\\katao.yma"}, {"hashes": ["a30109e6257dcd2061f8b97048fb0857ffdc6ebd6aa182e7fab7fc991902ffa6"], "path": "%APPDATA%\\Zaby\\iwqa.due"}, {"hashes": ["a42ff67a87835c92866d6b6eb5be36eee73a38f2ec27e87e27f42f927f67c4e6"], "path": "%APPDATA%\\Tufafe\\afaw.ukh"}], "ip": [{"hashes": ["7bcec64384ba0f9c98c37dfe34aeb7a7e02d8274fb2a8c0dcf9f57a071ad749b"], "ip": "194[.]58[.]112[.]165"}, {"hashes": ["7bcec64384ba0f9c98c37dfe34aeb7a7e02d8274fb2a8c0dcf9f57a071ad749b"], "ip": "204[.]95[.]99[.]243"}, {"hashes": ["4057a92dba45b12688236bbb8014ee4a6b0691a925d88cec95917aab3585826c"], "ip": "34[.]98[.]99[.]30"}, {"hashes": ["712d4fdd065b2fc56f76f7e9a80170d6c3a6890a7d2c2832fdad4e702eebd3f9"], "ip": "78[.]135[.]105[.]7"}, {"hashes": ["a30109e6257dcd2061f8b97048fb0857ffdc6ebd6aa182e7fab7fc991902ffa6"], "ip": "31[.]210[.]72[.]207"}], "mutex": [{"hashes": ["4057a92dba45b12688236bbb8014ee4a6b0691a925d88cec95917aab3585826c", "4d1624381db7e6ddea26fdcef4599f304b31e1b0f9371abcc0b88ca131e10672", "712d4fdd065b2fc56f76f7e9a80170d6c3a6890a7d2c2832fdad4e702eebd3f9", "a30109e6257dcd2061f8b97048fb0857ffdc6ebd6aa182e7fab7fc991902ffa6", "a42ff67a87835c92866d6b6eb5be36eee73a38f2ec27e87e27f42f927f67c4e6", "d1580f128d8482e61a2ffc369295047fc95f021f94e9254bd91d3e45e99402c1", "f9a9251d8bb3367ddd526c4ede83e85131a746427dd0e4cbc91d911ded6dae14"], "name": "GLOBAL\\{<random GUID>}"}, {"hashes": ["4057a92dba45b12688236bbb8014ee4a6b0691a925d88cec95917aab3585826c", "4d1624381db7e6ddea26fdcef4599f304b31e1b0f9371abcc0b88ca131e10672", "712d4fdd065b2fc56f76f7e9a80170d6c3a6890a7d2c2832fdad4e702eebd3f9", "a30109e6257dcd2061f8b97048fb0857ffdc6ebd6aa182e7fab7fc991902ffa6", "a42ff67a87835c92866d6b6eb5be36eee73a38f2ec27e87e27f42f927f67c4e6", "d1580f128d8482e61a2ffc369295047fc95f021f94e9254bd91d3e45e99402c1", "f9a9251d8bb3367ddd526c4ede83e85131a746427dd0e4cbc91d911ded6dae14"], "name": "Local\\{<random GUID>}"}, {"hashes": ["4057a92dba45b12688236bbb8014ee4a6b0691a925d88cec95917aab3585826c", "712d4fdd065b2fc56f76f7e9a80170d6c3a6890a7d2c2832fdad4e702eebd3f9", "a30109e6257dcd2061f8b97048fb0857ffdc6ebd6aa182e7fab7fc991902ffa6", "a42ff67a87835c92866d6b6eb5be36eee73a38f2ec27e87e27f42f927f67c4e6", "d1580f128d8482e61a2ffc369295047fc95f021f94e9254bd91d3e45e99402c1"], "name": "Local\\{40FFE963-4AE6-8B45-9914-7AFC0F4D2293}"}, {"hashes": ["7bcec64384ba0f9c98c37dfe34aeb7a7e02d8274fb2a8c0dcf9f57a071ad749b"], "name": "c731200"}, {"hashes": ["7bcec64384ba0f9c98c37dfe34aeb7a7e02d8274fb2a8c0dcf9f57a071ad749b"], "name": "SSLOADasdasc000900"}, {"hashes": ["7bcec64384ba0f9c98c37dfe34aeb7a7e02d8274fb2a8c0dcf9f57a071ad749b"], "name": "SVCHOST_MUTEX_OBJECT_RELEASED_c000900"}, {"hashes": ["7bcec64384ba0f9c98c37dfe34aeb7a7e02d8274fb2a8c0dcf9f57a071ad749b"], "name": "-65b46629Mutex"}, {"hashes": ["7bcec64384ba0f9c98c37dfe34aeb7a7e02d8274fb2a8c0dcf9f57a071ad749b"], "name": "FvLQ49I\u0013\u008d\u00c0zLjj6m"}, {"hashes": ["28e97a0e80445dc2b6bdb7788f46e4725be66a8b6bd10bab9a0e6606a019d233"], "name": "mutex"}], "registry": [{"hashes": ["4057a92dba45b12688236bbb8014ee4a6b0691a925d88cec95917aab3585826c", "4d1624381db7e6ddea26fdcef4599f304b31e1b0f9371abcc0b88ca131e10672", "712d4fdd065b2fc56f76f7e9a80170d6c3a6890a7d2c2832fdad4e702eebd3f9", "a30109e6257dcd2061f8b97048fb0857ffdc6ebd6aa182e7fab7fc991902ffa6", "a42ff67a87835c92866d6b6eb5be36eee73a38f2ec27e87e27f42f927f67c4e6", "d1580f128d8482e61a2ffc369295047fc95f021f94e9254bd91d3e45e99402c1", "f9a9251d8bb3367ddd526c4ede83e85131a746427dd0e4cbc91d911ded6dae14"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\INTERNET EXPLORER\\PRIVACY", "value_name": "CleanCookies"}, {"hashes": ["4057a92dba45b12688236bbb8014ee4a6b0691a925d88cec95917aab3585826c", "4d1624381db7e6ddea26fdcef4599f304b31e1b0f9371abcc0b88ca131e10672", "712d4fdd065b2fc56f76f7e9a80170d6c3a6890a7d2c2832fdad4e702eebd3f9", "a30109e6257dcd2061f8b97048fb0857ffdc6ebd6aa182e7fab7fc991902ffa6", "a42ff67a87835c92866d6b6eb5be36eee73a38f2ec27e87e27f42f927f67c4e6", "d1580f128d8482e61a2ffc369295047fc95f021f94e9254bd91d3e45e99402c1", "f9a9251d8bb3367ddd526c4ede83e85131a746427dd0e4cbc91d911ded6dae14"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\ACTION CENTER\\CHECKS\\{E8433B72-5842-4D43-8645-BC2C35960837}.CHECK.101", "value_name": "CheckSetting"}, {"hashes": ["4057a92dba45b12688236bbb8014ee4a6b0691a925d88cec95917aab3585826c", "4d1624381db7e6ddea26fdcef4599f304b31e1b0f9371abcc0b88ca131e10672", "712d4fdd065b2fc56f76f7e9a80170d6c3a6890a7d2c2832fdad4e702eebd3f9", "a30109e6257dcd2061f8b97048fb0857ffdc6ebd6aa182e7fab7fc991902ffa6", "a42ff67a87835c92866d6b6eb5be36eee73a38f2ec27e87e27f42f927f67c4e6", "d1580f128d8482e61a2ffc369295047fc95f021f94e9254bd91d3e45e99402c1", "f9a9251d8bb3367ddd526c4ede83e85131a746427dd0e4cbc91d911ded6dae14"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\ACTION CENTER\\CHECKS\\{E8433B72-5842-4D43-8645-BC2C35960837}.CHECK.103", "value_name": "CheckSetting"}, {"hashes": ["4057a92dba45b12688236bbb8014ee4a6b0691a925d88cec95917aab3585826c", "4d1624381db7e6ddea26fdcef4599f304b31e1b0f9371abcc0b88ca131e10672", "712d4fdd065b2fc56f76f7e9a80170d6c3a6890a7d2c2832fdad4e702eebd3f9", "a30109e6257dcd2061f8b97048fb0857ffdc6ebd6aa182e7fab7fc991902ffa6", "a42ff67a87835c92866d6b6eb5be36eee73a38f2ec27e87e27f42f927f67c4e6", "d1580f128d8482e61a2ffc369295047fc95f021f94e9254bd91d3e45e99402c1", "f9a9251d8bb3367ddd526c4ede83e85131a746427dd0e4cbc91d911ded6dae14"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\ACTION CENTER\\CHECKS\\{E8433B72-5842-4D43-8645-BC2C35960837}.CHECK.100", "value_name": "CheckSetting"}, {"hashes": ["4057a92dba45b12688236bbb8014ee4a6b0691a925d88cec95917aab3585826c", "4d1624381db7e6ddea26fdcef4599f304b31e1b0f9371abcc0b88ca131e10672", "712d4fdd065b2fc56f76f7e9a80170d6c3a6890a7d2c2832fdad4e702eebd3f9", "a30109e6257dcd2061f8b97048fb0857ffdc6ebd6aa182e7fab7fc991902ffa6", "a42ff67a87835c92866d6b6eb5be36eee73a38f2ec27e87e27f42f927f67c4e6", "d1580f128d8482e61a2ffc369295047fc95f021f94e9254bd91d3e45e99402c1", "f9a9251d8bb3367ddd526c4ede83e85131a746427dd0e4cbc91d911ded6dae14"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\ACTION CENTER\\CHECKS\\{E8433B72-5842-4D43-8645-BC2C35960837}.CHECK.102", "value_name": "CheckSetting"}, {"hashes": ["4057a92dba45b12688236bbb8014ee4a6b0691a925d88cec95917aab3585826c", "4d1624381db7e6ddea26fdcef4599f304b31e1b0f9371abcc0b88ca131e10672", "712d4fdd065b2fc56f76f7e9a80170d6c3a6890a7d2c2832fdad4e702eebd3f9", "a30109e6257dcd2061f8b97048fb0857ffdc6ebd6aa182e7fab7fc991902ffa6", "a42ff67a87835c92866d6b6eb5be36eee73a38f2ec27e87e27f42f927f67c4e6", "d1580f128d8482e61a2ffc369295047fc95f021f94e9254bd91d3e45e99402c1", "f9a9251d8bb3367ddd526c4ede83e85131a746427dd0e4cbc91d911ded6dae14"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\ACTION CENTER\\CHECKS\\{E8433B72-5842-4D43-8645-BC2C35960837}.CHECK.104", "value_name": "CheckSetting"}, {"hashes": ["4057a92dba45b12688236bbb8014ee4a6b0691a925d88cec95917aab3585826c", "4d1624381db7e6ddea26fdcef4599f304b31e1b0f9371abcc0b88ca131e10672", "712d4fdd065b2fc56f76f7e9a80170d6c3a6890a7d2c2832fdad4e702eebd3f9", "a30109e6257dcd2061f8b97048fb0857ffdc6ebd6aa182e7fab7fc991902ffa6", "a42ff67a87835c92866d6b6eb5be36eee73a38f2ec27e87e27f42f927f67c4e6", "d1580f128d8482e61a2ffc369295047fc95f021f94e9254bd91d3e45e99402c1", "f9a9251d8bb3367ddd526c4ede83e85131a746427dd0e4cbc91d911ded6dae14"], "key": "<HKCU>\\Software\\Microsoft\\<random, matching '[A-Z][a-z]{3,11}'>", "value_name": null}, {"hashes": ["4057a92dba45b12688236bbb8014ee4a6b0691a925d88cec95917aab3585826c", "712d4fdd065b2fc56f76f7e9a80170d6c3a6890a7d2c2832fdad4e702eebd3f9", "a30109e6257dcd2061f8b97048fb0857ffdc6ebd6aa182e7fab7fc991902ffa6", "a42ff67a87835c92866d6b6eb5be36eee73a38f2ec27e87e27f42f927f67c4e6", "d1580f128d8482e61a2ffc369295047fc95f021f94e9254bd91d3e45e99402c1"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "{A6EB954B-36CE-6D51-9914-7AFC0F4D2293}"}, {"hashes": ["7bcec64384ba0f9c98c37dfe34aeb7a7e02d8274fb2a8c0dcf9f57a071ad749b"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "Adobe System Incorporated"}, {"hashes": ["28e97a0e80445dc2b6bdb7788f46e4725be66a8b6bd10bab9a0e6606a019d233"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUNONCE", "value_name": "Microsoft"}, {"hashes": ["712d4fdd065b2fc56f76f7e9a80170d6c3a6890a7d2c2832fdad4e702eebd3f9"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\GUZUDU", "value_name": "Vane"}, {"hashes": ["7bcec64384ba0f9c98c37dfe34aeb7a7e02d8274fb2a8c0dcf9f57a071ad749b"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "Noawaj"}, {"hashes": ["4d1624381db7e6ddea26fdcef4599f304b31e1b0f9371abcc0b88ca131e10672"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\AKEDUP", "value_name": "Ofik"}, {"hashes": ["4d1624381db7e6ddea26fdcef4599f304b31e1b0f9371abcc0b88ca131e10672"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "{A321EDBC-895F-504C-36ED-F9F6E3D2B83B}"}, {"hashes": ["d1580f128d8482e61a2ffc369295047fc95f021f94e9254bd91d3e45e99402c1"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\PAYXPO", "value_name": "Cuabo"}, {"hashes": ["4057a92dba45b12688236bbb8014ee4a6b0691a925d88cec95917aab3585826c"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\ICONF", "value_name": "Loqy"}, {"hashes": ["a30109e6257dcd2061f8b97048fb0857ffdc6ebd6aa182e7fab7fc991902ffa6"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\OXWU", "value_name": "Reyfcia"}, {"hashes": ["f9a9251d8bb3367ddd526c4ede83e85131a746427dd0e4cbc91d911ded6dae14"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\AHUQ", "value_name": "Naleebd"}, {"hashes": ["a42ff67a87835c92866d6b6eb5be36eee73a38f2ec27e87e27f42f927f67c4e6"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\YWZI", "value_name": "Abixz"}, {"hashes": ["f9a9251d8bb3367ddd526c4ede83e85131a746427dd0e4cbc91d911ded6dae14"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "{CA9B4E57-786A-6431-6D2A-F7D19DF1047C}"}]}, "reports_count": 17}, "Win.Dropper.njRAT-9988317-0": {"bis": [{"bi": "pe-uses-dot-net", "hashes": ["784fab75d3d0ec206a77bb05194da023167ea8ae597465dc0ef52b30bb143931", "15c45e30b4ab1abfbd74b6e61809f33a103b89d517a2ac71d1e70b88689425aa", "5eaa9f5769a034d4f29a1d0d10654a04cbc046a43c48a52c0bae0e531d98cfe4", "6ee0be250617ad76b6e6f63dfa9458ab0b9af4dc54d7900ddf6f7c1918702515", "0decb4d54983bae4fe244fd05f37c44552dd41026ce2f7476e324d0d70528a20", "514cd202222e9177c5e08d530ece79354aeffc92ed317788bdff6e0f6fd51ea9", "3404e23a0a617c14889c39f1dac9bd7f8089f297bc080b3b8430146d02f28cbb", "f1ea762519d991b1d3f53db198a886f7f42d9b5cc4d207d61394742e11f447e8", "de81b5b06749d5baee35810180069081774764b81f132c03a7fc0b7e3e115675", "823bc1e7d4e594c01b006d1f096074506e3e366116d09d3be30f0dc2919f6570"], "mitre_attack_tags": []}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["784fab75d3d0ec206a77bb05194da023167ea8ae597465dc0ef52b30bb143931", "15c45e30b4ab1abfbd74b6e61809f33a103b89d517a2ac71d1e70b88689425aa", "5eaa9f5769a034d4f29a1d0d10654a04cbc046a43c48a52c0bae0e531d98cfe4", "0decb4d54983bae4fe244fd05f37c44552dd41026ce2f7476e324d0d70528a20", "514cd202222e9177c5e08d530ece79354aeffc92ed317788bdff6e0f6fd51ea9", "3404e23a0a617c14889c39f1dac9bd7f8089f297bc080b3b8430146d02f28cbb", "f1ea762519d991b1d3f53db198a886f7f42d9b5cc4d207d61394742e11f447e8", "de81b5b06749d5baee35810180069081774764b81f132c03a7fc0b7e3e115675", "823bc1e7d4e594c01b006d1f096074506e3e366116d09d3be30f0dc2919f6570"], "mitre_attack_tags": []}, {"bi": "memory-execute-readwrite", "hashes": ["15c45e30b4ab1abfbd74b6e61809f33a103b89d517a2ac71d1e70b88689425aa", "5eaa9f5769a034d4f29a1d0d10654a04cbc046a43c48a52c0bae0e531d98cfe4", "6ee0be250617ad76b6e6f63dfa9458ab0b9af4dc54d7900ddf6f7c1918702515", "0decb4d54983bae4fe244fd05f37c44552dd41026ce2f7476e324d0d70528a20", "514cd202222e9177c5e08d530ece79354aeffc92ed317788bdff6e0f6fd51ea9", "3404e23a0a617c14889c39f1dac9bd7f8089f297bc080b3b8430146d02f28cbb", "f1ea762519d991b1d3f53db198a886f7f42d9b5cc4d207d61394742e11f447e8", "de81b5b06749d5baee35810180069081774764b81f132c03a7fc0b7e3e115675", "823bc1e7d4e594c01b006d1f096074506e3e366116d09d3be30f0dc2919f6570"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "netsh-firewall-generic", "hashes": ["15c45e30b4ab1abfbd74b6e61809f33a103b89d517a2ac71d1e70b88689425aa", "5eaa9f5769a034d4f29a1d0d10654a04cbc046a43c48a52c0bae0e531d98cfe4", "6ee0be250617ad76b6e6f63dfa9458ab0b9af4dc54d7900ddf6f7c1918702515", "0decb4d54983bae4fe244fd05f37c44552dd41026ce2f7476e324d0d70528a20", "514cd202222e9177c5e08d530ece79354aeffc92ed317788bdff6e0f6fd51ea9", "3404e23a0a617c14889c39f1dac9bd7f8089f297bc080b3b8430146d02f28cbb", "f1ea762519d991b1d3f53db198a886f7f42d9b5cc4d207d61394742e11f447e8", "de81b5b06749d5baee35810180069081774764b81f132c03a7fc0b7e3e115675", "823bc1e7d4e594c01b006d1f096074506e3e366116d09d3be30f0dc2919f6570"], "mitre_attack_tags": ["TA0007", "TA0005", "T1016", "T1562"]}, {"bi": "netsh-firewall-add", "hashes": ["15c45e30b4ab1abfbd74b6e61809f33a103b89d517a2ac71d1e70b88689425aa", "5eaa9f5769a034d4f29a1d0d10654a04cbc046a43c48a52c0bae0e531d98cfe4", "6ee0be250617ad76b6e6f63dfa9458ab0b9af4dc54d7900ddf6f7c1918702515", "0decb4d54983bae4fe244fd05f37c44552dd41026ce2f7476e324d0d70528a20", "514cd202222e9177c5e08d530ece79354aeffc92ed317788bdff6e0f6fd51ea9", "3404e23a0a617c14889c39f1dac9bd7f8089f297bc080b3b8430146d02f28cbb", "f1ea762519d991b1d3f53db198a886f7f42d9b5cc4d207d61394742e11f447e8", "de81b5b06749d5baee35810180069081774764b81f132c03a7fc0b7e3e115675", "823bc1e7d4e594c01b006d1f096074506e3e366116d09d3be30f0dc2919f6570"], "mitre_attack_tags": ["TA0005", "T1562"]}, {"bi": "registry-disable-open-file-security-warning", "hashes": ["15c45e30b4ab1abfbd74b6e61809f33a103b89d517a2ac71d1e70b88689425aa", "5eaa9f5769a034d4f29a1d0d10654a04cbc046a43c48a52c0bae0e531d98cfe4", "6ee0be250617ad76b6e6f63dfa9458ab0b9af4dc54d7900ddf6f7c1918702515", "0decb4d54983bae4fe244fd05f37c44552dd41026ce2f7476e324d0d70528a20", "514cd202222e9177c5e08d530ece79354aeffc92ed317788bdff6e0f6fd51ea9", "3404e23a0a617c14889c39f1dac9bd7f8089f297bc080b3b8430146d02f28cbb", "f1ea762519d991b1d3f53db198a886f7f42d9b5cc4d207d61394742e11f447e8", "de81b5b06749d5baee35810180069081774764b81f132c03a7fc0b7e3e115675", "823bc1e7d4e594c01b006d1f096074506e3e366116d09d3be30f0dc2919f6570"], "mitre_attack_tags": ["TA0005", "T1112", "T1562"]}, {"bi": "malware-generic-dotnet-trojan-uses-random-guid-mutex", "hashes": ["15c45e30b4ab1abfbd74b6e61809f33a103b89d517a2ac71d1e70b88689425aa", "5eaa9f5769a034d4f29a1d0d10654a04cbc046a43c48a52c0bae0e531d98cfe4", "6ee0be250617ad76b6e6f63dfa9458ab0b9af4dc54d7900ddf6f7c1918702515", "0decb4d54983bae4fe244fd05f37c44552dd41026ce2f7476e324d0d70528a20", "514cd202222e9177c5e08d530ece79354aeffc92ed317788bdff6e0f6fd51ea9", "3404e23a0a617c14889c39f1dac9bd7f8089f297bc080b3b8430146d02f28cbb", "f1ea762519d991b1d3f53db198a886f7f42d9b5cc4d207d61394742e11f447e8", "de81b5b06749d5baee35810180069081774764b81f132c03a7fc0b7e3e115675", "823bc1e7d4e594c01b006d1f096074506e3e366116d09d3be30f0dc2919f6570"], "mitre_attack_tags": []}, {"bi": "modified-executable", "hashes": ["15c45e30b4ab1abfbd74b6e61809f33a103b89d517a2ac71d1e70b88689425aa", "6ee0be250617ad76b6e6f63dfa9458ab0b9af4dc54d7900ddf6f7c1918702515", "514cd202222e9177c5e08d530ece79354aeffc92ed317788bdff6e0f6fd51ea9", "3404e23a0a617c14889c39f1dac9bd7f8089f297bc080b3b8430146d02f28cbb", "f1ea762519d991b1d3f53db198a886f7f42d9b5cc4d207d61394742e11f447e8", "de81b5b06749d5baee35810180069081774764b81f132c03a7fc0b7e3e115675", "823bc1e7d4e594c01b006d1f096074506e3e366116d09d3be30f0dc2919f6570"], "mitre_attack_tags": []}, {"bi": "created-executable-in-user-dir", "hashes": ["15c45e30b4ab1abfbd74b6e61809f33a103b89d517a2ac71d1e70b88689425aa", "6ee0be250617ad76b6e6f63dfa9458ab0b9af4dc54d7900ddf6f7c1918702515", "514cd202222e9177c5e08d530ece79354aeffc92ed317788bdff6e0f6fd51ea9", "3404e23a0a617c14889c39f1dac9bd7f8089f297bc080b3b8430146d02f28cbb", "f1ea762519d991b1d3f53db198a886f7f42d9b5cc4d207d61394742e11f447e8", "de81b5b06749d5baee35810180069081774764b81f132c03a7fc0b7e3e115675", "823bc1e7d4e594c01b006d1f096074506e3e366116d09d3be30f0dc2919f6570"], "mitre_attack_tags": []}, {"bi": "modified-file-in-user-dir", "hashes": ["15c45e30b4ab1abfbd74b6e61809f33a103b89d517a2ac71d1e70b88689425aa", "6ee0be250617ad76b6e6f63dfa9458ab0b9af4dc54d7900ddf6f7c1918702515", "514cd202222e9177c5e08d530ece79354aeffc92ed317788bdff6e0f6fd51ea9", "3404e23a0a617c14889c39f1dac9bd7f8089f297bc080b3b8430146d02f28cbb", "f1ea762519d991b1d3f53db198a886f7f42d9b5cc4d207d61394742e11f447e8", "de81b5b06749d5baee35810180069081774764b81f132c03a7fc0b7e3e115675", "823bc1e7d4e594c01b006d1f096074506e3e366116d09d3be30f0dc2919f6570"], "mitre_attack_tags": []}, {"bi": "registry-autorun-key-modified", "hashes": ["15c45e30b4ab1abfbd74b6e61809f33a103b89d517a2ac71d1e70b88689425aa", "6ee0be250617ad76b6e6f63dfa9458ab0b9af4dc54d7900ddf6f7c1918702515", "514cd202222e9177c5e08d530ece79354aeffc92ed317788bdff6e0f6fd51ea9", "3404e23a0a617c14889c39f1dac9bd7f8089f297bc080b3b8430146d02f28cbb", "f1ea762519d991b1d3f53db198a886f7f42d9b5cc4d207d61394742e11f447e8", "de81b5b06749d5baee35810180069081774764b81f132c03a7fc0b7e3e115675", "823bc1e7d4e594c01b006d1f096074506e3e366116d09d3be30f0dc2919f6570"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "firewall-exception-user-dir", "hashes": ["15c45e30b4ab1abfbd74b6e61809f33a103b89d517a2ac71d1e70b88689425aa", "6ee0be250617ad76b6e6f63dfa9458ab0b9af4dc54d7900ddf6f7c1918702515", "514cd202222e9177c5e08d530ece79354aeffc92ed317788bdff6e0f6fd51ea9", "3404e23a0a617c14889c39f1dac9bd7f8089f297bc080b3b8430146d02f28cbb", "f1ea762519d991b1d3f53db198a886f7f42d9b5cc4d207d61394742e11f447e8", "de81b5b06749d5baee35810180069081774764b81f132c03a7fc0b7e3e115675", "823bc1e7d4e594c01b006d1f096074506e3e366116d09d3be30f0dc2919f6570"], "mitre_attack_tags": ["TA0005", "T1562"]}, {"bi": "malware-trojan-njrat-registry", "hashes": ["15c45e30b4ab1abfbd74b6e61809f33a103b89d517a2ac71d1e70b88689425aa", "6ee0be250617ad76b6e6f63dfa9458ab0b9af4dc54d7900ddf6f7c1918702515", "514cd202222e9177c5e08d530ece79354aeffc92ed317788bdff6e0f6fd51ea9", "3404e23a0a617c14889c39f1dac9bd7f8089f297bc080b3b8430146d02f28cbb", "f1ea762519d991b1d3f53db198a886f7f42d9b5cc4d207d61394742e11f447e8", "de81b5b06749d5baee35810180069081774764b81f132c03a7fc0b7e3e115675", "823bc1e7d4e594c01b006d1f096074506e3e366116d09d3be30f0dc2919f6570"], "mitre_attack_tags": ["TA0005", "T1112"]}, {"bi": "created-executable-sample-appdata", "hashes": ["15c45e30b4ab1abfbd74b6e61809f33a103b89d517a2ac71d1e70b88689425aa", "6ee0be250617ad76b6e6f63dfa9458ab0b9af4dc54d7900ddf6f7c1918702515", "514cd202222e9177c5e08d530ece79354aeffc92ed317788bdff6e0f6fd51ea9", "3404e23a0a617c14889c39f1dac9bd7f8089f297bc080b3b8430146d02f28cbb", "f1ea762519d991b1d3f53db198a886f7f42d9b5cc4d207d61394742e11f447e8", "de81b5b06749d5baee35810180069081774764b81f132c03a7fc0b7e3e115675", "823bc1e7d4e594c01b006d1f096074506e3e366116d09d3be30f0dc2919f6570"], "mitre_attack_tags": ["TA0005", "T1564"]}, {"bi": "network-dns-category-dynamic", "hashes": ["6ee0be250617ad76b6e6f63dfa9458ab0b9af4dc54d7900ddf6f7c1918702515", "0decb4d54983bae4fe244fd05f37c44552dd41026ce2f7476e324d0d70528a20", "514cd202222e9177c5e08d530ece79354aeffc92ed317788bdff6e0f6fd51ea9", "3404e23a0a617c14889c39f1dac9bd7f8089f297bc080b3b8430146d02f28cbb", "de81b5b06749d5baee35810180069081774764b81f132c03a7fc0b7e3e115675", "823bc1e7d4e594c01b006d1f096074506e3e366116d09d3be30f0dc2919f6570"], "mitre_attack_tags": []}, {"bi": "startup-folder-modification", "hashes": ["15c45e30b4ab1abfbd74b6e61809f33a103b89d517a2ac71d1e70b88689425aa", "6ee0be250617ad76b6e6f63dfa9458ab0b9af4dc54d7900ddf6f7c1918702515", "514cd202222e9177c5e08d530ece79354aeffc92ed317788bdff6e0f6fd51ea9", "3404e23a0a617c14889c39f1dac9bd7f8089f297bc080b3b8430146d02f28cbb", "f1ea762519d991b1d3f53db198a886f7f42d9b5cc4d207d61394742e11f447e8"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "registry-autorun-key-temp-dir", "hashes": ["6ee0be250617ad76b6e6f63dfa9458ab0b9af4dc54d7900ddf6f7c1918702515", "3404e23a0a617c14889c39f1dac9bd7f8089f297bc080b3b8430146d02f28cbb", "f1ea762519d991b1d3f53db198a886f7f42d9b5cc4d207d61394742e11f447e8", "de81b5b06749d5baee35810180069081774764b81f132c03a7fc0b7e3e115675", "823bc1e7d4e594c01b006d1f096074506e3e366116d09d3be30f0dc2919f6570"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "artifact-multiple-extensions", "hashes": ["15c45e30b4ab1abfbd74b6e61809f33a103b89d517a2ac71d1e70b88689425aa", "5eaa9f5769a034d4f29a1d0d10654a04cbc046a43c48a52c0bae0e531d98cfe4", "0decb4d54983bae4fe244fd05f37c44552dd41026ce2f7476e324d0d70528a20", "514cd202222e9177c5e08d530ece79354aeffc92ed317788bdff6e0f6fd51ea9"], "mitre_attack_tags": ["TA0005", "T1036"]}, {"bi": "feed-domain-rat", "hashes": ["6ee0be250617ad76b6e6f63dfa9458ab0b9af4dc54d7900ddf6f7c1918702515", "514cd202222e9177c5e08d530ece79354aeffc92ed317788bdff6e0f6fd51ea9", "3404e23a0a617c14889c39f1dac9bd7f8089f297bc080b3b8430146d02f28cbb"], "mitre_attack_tags": []}, {"bi": "sample-launched-copy-of-self", "hashes": ["15c45e30b4ab1abfbd74b6e61809f33a103b89d517a2ac71d1e70b88689425aa", "514cd202222e9177c5e08d530ece79354aeffc92ed317788bdff6e0f6fd51ea9"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "registry-autorun-key-data-dir", "hashes": ["15c45e30b4ab1abfbd74b6e61809f33a103b89d517a2ac71d1e70b88689425aa", "514cd202222e9177c5e08d530ece79354aeffc92ed317788bdff6e0f6fd51ea9"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "unsigned-roaming-execution", "hashes": ["15c45e30b4ab1abfbd74b6e61809f33a103b89d517a2ac71d1e70b88689425aa", "514cd202222e9177c5e08d530ece79354aeffc92ed317788bdff6e0f6fd51ea9"], "mitre_attack_tags": ["TA0005"]}, {"bi": "malware-trojan-njrat-detected", "hashes": ["15c45e30b4ab1abfbd74b6e61809f33a103b89d517a2ac71d1e70b88689425aa", "5eaa9f5769a034d4f29a1d0d10654a04cbc046a43c48a52c0bae0e531d98cfe4"], "mitre_attack_tags": []}, {"bi": "process-long-cmdline", "hashes": ["5eaa9f5769a034d4f29a1d0d10654a04cbc046a43c48a52c0bae0e531d98cfe4", "0decb4d54983bae4fe244fd05f37c44552dd41026ce2f7476e324d0d70528a20"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "network-fast-flux-domain", "hashes": ["6ee0be250617ad76b6e6f63dfa9458ab0b9af4dc54d7900ddf6f7c1918702515", "3404e23a0a617c14889c39f1dac9bd7f8089f297bc080b3b8430146d02f28cbb"], "mitre_attack_tags": []}, {"bi": "artifact-windows-component-suspicious-creation", "hashes": ["6ee0be250617ad76b6e6f63dfa9458ab0b9af4dc54d7900ddf6f7c1918702515", "514cd202222e9177c5e08d530ece79354aeffc92ed317788bdff6e0f6fd51ea9"], "mitre_attack_tags": ["TA0005", "TA0002", "T1036", "T1569"]}, {"bi": "feed-domain-antivirus-service", "hashes": ["514cd202222e9177c5e08d530ece79354aeffc92ed317788bdff6e0f6fd51ea9", "3404e23a0a617c14889c39f1dac9bd7f8089f297bc080b3b8430146d02f28cbb"], "mitre_attack_tags": []}, {"bi": "network-dns-safe-categories", "hashes": ["de81b5b06749d5baee35810180069081774764b81f132c03a7fc0b7e3e115675", "823bc1e7d4e594c01b006d1f096074506e3e366116d09d3be30f0dc2919f6570"], "mitre_attack_tags": []}, {"bi": "pe-header-subsystem", "hashes": ["784fab75d3d0ec206a77bb05194da023167ea8ae597465dc0ef52b30bb143931"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "network-fast-flux-nameserver", "hashes": ["514cd202222e9177c5e08d530ece79354aeffc92ed317788bdff6e0f6fd51ea9"], "mitre_attack_tags": []}, {"bi": "dns-query-nxdomain", "hashes": ["514cd202222e9177c5e08d530ece79354aeffc92ed317788bdff6e0f6fd51ea9"], "mitre_attack_tags": []}, {"bi": "fake-explorer-process", "hashes": ["514cd202222e9177c5e08d530ece79354aeffc92ed317788bdff6e0f6fd51ea9"], "mitre_attack_tags": ["TA0005", "T1036"]}, {"bi": "dns-dynamic-domain", "hashes": ["f1ea762519d991b1d3f53db198a886f7f42d9b5cc4d207d61394742e11f447e8"], "mitre_attack_tags": ["TA0011", "T1568"]}], "category": "Dropper", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": true, "Threat Grid": true, "Umbrella": false, "WSA": false}, "description": "njRAT, also known as Bladabindi, is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes and remotely turn on the victim's webcam and microphone. njRAT was developed by the Sparclyheason group. Some of the largest attacks using this malware date back to 2014.", "hashes": ["0decb4d54983bae4fe244fd05f37c44552dd41026ce2f7476e324d0d70528a20", "15c45e30b4ab1abfbd74b6e61809f33a103b89d517a2ac71d1e70b88689425aa", "3404e23a0a617c14889c39f1dac9bd7f8089f297bc080b3b8430146d02f28cbb", "514cd202222e9177c5e08d530ece79354aeffc92ed317788bdff6e0f6fd51ea9", "5eaa9f5769a034d4f29a1d0d10654a04cbc046a43c48a52c0bae0e531d98cfe4", "6ee0be250617ad76b6e6f63dfa9458ab0b9af4dc54d7900ddf6f7c1918702515", "784fab75d3d0ec206a77bb05194da023167ea8ae597465dc0ef52b30bb143931", "823bc1e7d4e594c01b006d1f096074506e3e366116d09d3be30f0dc2919f6570", "de81b5b06749d5baee35810180069081774764b81f132c03a7fc0b7e3e115675", "f1ea762519d991b1d3f53db198a886f7f42d9b5cc4d207d61394742e11f447e8"], "iocs": {"domain": [{"hashes": ["823bc1e7d4e594c01b006d1f096074506e3e366116d09d3be30f0dc2919f6570", "de81b5b06749d5baee35810180069081774764b81f132c03a7fc0b7e3e115675"], "host": "manatwork[.]no-ip[.]biz"}, {"hashes": ["f1ea762519d991b1d3f53db198a886f7f42d9b5cc4d207d61394742e11f447e8"], "host": "system-32[.]ddns[.]net"}, {"hashes": ["514cd202222e9177c5e08d530ece79354aeffc92ed317788bdff6e0f6fd51ea9"], "host": "lukkzhacker[.]duckdns[.]org"}, {"hashes": ["3404e23a0a617c14889c39f1dac9bd7f8089f297bc080b3b8430146d02f28cbb"], "host": "bloodhacking[.]duckdns[.]org"}, {"hashes": ["0decb4d54983bae4fe244fd05f37c44552dd41026ce2f7476e324d0d70528a20"], "host": "s3apika[.]freedynamicdns[.]org"}, {"hashes": ["6ee0be250617ad76b6e6f63dfa9458ab0b9af4dc54d7900ddf6f7c1918702515"], "host": "hackedlogoutz[.]duckdns[.]org"}], "file": [{"hashes": ["823bc1e7d4e594c01b006d1f096074506e3e366116d09d3be30f0dc2919f6570", "de81b5b06749d5baee35810180069081774764b81f132c03a7fc0b7e3e115675"], "path": "%TEMP%\\WindowsUpdate.exe.tmp"}, {"hashes": ["823bc1e7d4e594c01b006d1f096074506e3e366116d09d3be30f0dc2919f6570", "de81b5b06749d5baee35810180069081774764b81f132c03a7fc0b7e3e115675"], "path": "%TEMP%\\WindowsUpdate.exe"}, {"hashes": ["514cd202222e9177c5e08d530ece79354aeffc92ed317788bdff6e0f6fd51ea9"], "path": "%APPDATA%\\explorer.exe"}, {"hashes": ["3404e23a0a617c14889c39f1dac9bd7f8089f297bc080b3b8430146d02f28cbb"], "path": "%TEMP%\\System.exe"}, {"hashes": ["514cd202222e9177c5e08d530ece79354aeffc92ed317788bdff6e0f6fd51ea9"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\93f19dda2412c86ad7520ba4198f39a0.exe"}, {"hashes": ["514cd202222e9177c5e08d530ece79354aeffc92ed317788bdff6e0f6fd51ea9"], "path": "%APPDATA%\\explorer.exe.tmp"}, {"hashes": ["6ee0be250617ad76b6e6f63dfa9458ab0b9af4dc54d7900ddf6f7c1918702515"], "path": "%TEMP%\\dllhost.exe"}, {"hashes": ["15c45e30b4ab1abfbd74b6e61809f33a103b89d517a2ac71d1e70b88689425aa"], "path": "%APPDATA%\\Trojan.exe.tmp"}, {"hashes": ["15c45e30b4ab1abfbd74b6e61809f33a103b89d517a2ac71d1e70b88689425aa"], "path": "%APPDATA%\\Trojan.exe"}, {"hashes": ["3404e23a0a617c14889c39f1dac9bd7f8089f297bc080b3b8430146d02f28cbb"], "path": "%TEMP%\\System.exe.tmp"}, {"hashes": ["3404e23a0a617c14889c39f1dac9bd7f8089f297bc080b3b8430146d02f28cbb"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\301b5fcf8ce2fab8868e80b6c1f912fe.exe"}, {"hashes": ["15c45e30b4ab1abfbd74b6e61809f33a103b89d517a2ac71d1e70b88689425aa"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\8515eb34d8f9de5af815466e9715b3e5.exe"}, {"hashes": ["f1ea762519d991b1d3f53db198a886f7f42d9b5cc4d207d61394742e11f447e8"], "path": "%TEMP%\\javaupdate.exe.tmp"}, {"hashes": ["f1ea762519d991b1d3f53db198a886f7f42d9b5cc4d207d61394742e11f447e8"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\3fc0f2282a8aad20e9973738d93f539b.exe"}, {"hashes": ["f1ea762519d991b1d3f53db198a886f7f42d9b5cc4d207d61394742e11f447e8"], "path": "%TEMP%\\javaupdate.exe"}, {"hashes": ["5eaa9f5769a034d4f29a1d0d10654a04cbc046a43c48a52c0bae0e531d98cfe4"], "path": "\\TEMP\\5eaa9f5769a034d4f29a1d0d10654a04cbc046a43c48a52c0bae0e531d98cfe4.exe.tmp"}, {"hashes": ["6ee0be250617ad76b6e6f63dfa9458ab0b9af4dc54d7900ddf6f7c1918702515"], "path": "%TEMP%\\dllhost.exe.tmp"}, {"hashes": ["6ee0be250617ad76b6e6f63dfa9458ab0b9af4dc54d7900ddf6f7c1918702515"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\bb62e28591030e826081bf1f4a74c0b8.exe"}, {"hashes": ["0decb4d54983bae4fe244fd05f37c44552dd41026ce2f7476e324d0d70528a20"], "path": "\\TEMP\\0decb4d54983bae4fe244fd05f37c44552dd41026ce2f7476e324d0d70528a20.exe.tmp"}], "ip": [{"hashes": ["3404e23a0a617c14889c39f1dac9bd7f8089f297bc080b3b8430146d02f28cbb"], "ip": "189[.]51[.]21[.]22"}, {"hashes": ["6ee0be250617ad76b6e6f63dfa9458ab0b9af4dc54d7900ddf6f7c1918702515"], "ip": "200[.]153[.]144[.]119"}], "mutex": [{"hashes": ["0decb4d54983bae4fe244fd05f37c44552dd41026ce2f7476e324d0d70528a20", "15c45e30b4ab1abfbd74b6e61809f33a103b89d517a2ac71d1e70b88689425aa", "3404e23a0a617c14889c39f1dac9bd7f8089f297bc080b3b8430146d02f28cbb", "514cd202222e9177c5e08d530ece79354aeffc92ed317788bdff6e0f6fd51ea9", "5eaa9f5769a034d4f29a1d0d10654a04cbc046a43c48a52c0bae0e531d98cfe4", "6ee0be250617ad76b6e6f63dfa9458ab0b9af4dc54d7900ddf6f7c1918702515", "823bc1e7d4e594c01b006d1f096074506e3e366116d09d3be30f0dc2919f6570", "de81b5b06749d5baee35810180069081774764b81f132c03a7fc0b7e3e115675", "f1ea762519d991b1d3f53db198a886f7f42d9b5cc4d207d61394742e11f447e8"], "name": "<32 random hex characters>"}], "registry": [{"hashes": ["0decb4d54983bae4fe244fd05f37c44552dd41026ce2f7476e324d0d70528a20", "15c45e30b4ab1abfbd74b6e61809f33a103b89d517a2ac71d1e70b88689425aa", "3404e23a0a617c14889c39f1dac9bd7f8089f297bc080b3b8430146d02f28cbb", "514cd202222e9177c5e08d530ece79354aeffc92ed317788bdff6e0f6fd51ea9", "5eaa9f5769a034d4f29a1d0d10654a04cbc046a43c48a52c0bae0e531d98cfe4", "6ee0be250617ad76b6e6f63dfa9458ab0b9af4dc54d7900ddf6f7c1918702515", "823bc1e7d4e594c01b006d1f096074506e3e366116d09d3be30f0dc2919f6570", "de81b5b06749d5baee35810180069081774764b81f132c03a7fc0b7e3e115675", "f1ea762519d991b1d3f53db198a886f7f42d9b5cc4d207d61394742e11f447e8"], "key": "<HKCU>\\ENVIRONMENT", "value_name": "SEE_MASK_NOZONECHECKS"}, {"hashes": ["823bc1e7d4e594c01b006d1f096074506e3e366116d09d3be30f0dc2919f6570", "de81b5b06749d5baee35810180069081774764b81f132c03a7fc0b7e3e115675"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "2814667a3ff5b067280784d8be595983"}, {"hashes": ["823bc1e7d4e594c01b006d1f096074506e3e366116d09d3be30f0dc2919f6570", "de81b5b06749d5baee35810180069081774764b81f132c03a7fc0b7e3e115675"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "2814667a3ff5b067280784d8be595983"}, {"hashes": ["15c45e30b4ab1abfbd74b6e61809f33a103b89d517a2ac71d1e70b88689425aa"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "8515eb34d8f9de5af815466e9715b3e5"}, {"hashes": ["15c45e30b4ab1abfbd74b6e61809f33a103b89d517a2ac71d1e70b88689425aa"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "8515eb34d8f9de5af815466e9715b3e5"}, {"hashes": ["514cd202222e9177c5e08d530ece79354aeffc92ed317788bdff6e0f6fd51ea9"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "93f19dda2412c86ad7520ba4198f39a0"}, {"hashes": ["514cd202222e9177c5e08d530ece79354aeffc92ed317788bdff6e0f6fd51ea9"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "93f19dda2412c86ad7520ba4198f39a0"}, {"hashes": ["3404e23a0a617c14889c39f1dac9bd7f8089f297bc080b3b8430146d02f28cbb"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "301b5fcf8ce2fab8868e80b6c1f912fe"}, {"hashes": ["3404e23a0a617c14889c39f1dac9bd7f8089f297bc080b3b8430146d02f28cbb"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "301b5fcf8ce2fab8868e80b6c1f912fe"}, {"hashes": ["f1ea762519d991b1d3f53db198a886f7f42d9b5cc4d207d61394742e11f447e8"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "3fc0f2282a8aad20e9973738d93f539b"}, {"hashes": ["f1ea762519d991b1d3f53db198a886f7f42d9b5cc4d207d61394742e11f447e8"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "3fc0f2282a8aad20e9973738d93f539b"}, {"hashes": ["6ee0be250617ad76b6e6f63dfa9458ab0b9af4dc54d7900ddf6f7c1918702515"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "bb62e28591030e826081bf1f4a74c0b8"}, {"hashes": ["6ee0be250617ad76b6e6f63dfa9458ab0b9af4dc54d7900ddf6f7c1918702515"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "bb62e28591030e826081bf1f4a74c0b8"}]}, "reports_count": 10}, "Win.Ransomware.Cerber-9988129-0": {"bis": [{"bi": "memory-execute-readwrite", "hashes": ["99ca82326950462e277e73f6c276cd52ec86e277ef7fe26df52cc441cfc23d36", "6d4c281bbe47a629a26beb8fb2153eb45d72168e593456c84a14118f1bde0dc5", "01511c6ad7d6da2e5081db34c45aea2d6c2d157440d1e1f4fadb5cc3cff86f60", "410a019072ab938487ea98d0a518251ba0bfed924ebeb782bb571664b06e1da9", "23d6c1ece3a1ee85060b57e3faa3a6c2025381d91dbb478c0b853bad35314a38", "86dbb841c5ad0120b910f3aac0eefab5fb04c760b43a53489c176145a6dc4ac2", "64eb2a2a555c87b8c081e98dd9bcc6f9bba87ac41f29770eb9bb5c1b16b4485e", "79dd9d68695ac2b81c4c45dff1bfece72543e55436b49a57a8aad0b11cd79e7b", "252a25e1adffe4f0458a34133a3a283258ab5b0e33e341ed66fd221b93f21215", "8da0cba69f36e57b1ec89d9485edc72b58e7912767c422791d83410dd8c1dfb9", "a7112b7c3ad24a2e23388f05d640c30d9ef92ecfdf2c870f554623f297cfe9ff", "8d56b340cac8fdf640565cfe1a767a1ec9c40fd9bc20aeb33c7d2903ee612235", "46215f5401da97df51bef50822598f09ff32ddeb1f7e0294f27f3c58dcfe2356", "69eac3c62a2d29ebbb4839f1b65fd3ee98042afbcc92afa750d46f7528bfae60", "b7836e20bc9631ace0f26deb0cc5c50515f94640b02149745661f5cba8cbffca", "85037ccf4776021c3b7d4803b18dc9435eeb0cb032c9409b580effd33db45e08", "b49f11f35af41c45c6d7a700485bb8bc638f8f74c2a6c8f35fe5dfb3a3c3fcb0", "b1c64080fa8a33025ecb6e5774bf7e31d087df3cf38ca93de732a6915c14e34c", "7a6d1a8de7a364659d5af20eae4199fe4541a21bfdb7171e01bb03ed562f640e", "021d7666d16dd5083ce4a0eb886f0ea16ac79edf334094233bf32cb93332963d", "ab60c61cfa92cbfe6eae4dd3bf43f3148e94989ee1efdbe1e1fc2a34b5dc2cf4", "8fe5a320488cbf6569bde928113c066395901e2a3c7fc285db5edd1443c8e635", "491b70e562b9b69d164e57ea99127bdd82437eabe0efcf27c59cbe715b5e2e07", "1e26af9bdc05dcfdbf6626f1deb7cd8851ddead22c6e94e1ca39190e61bbc0fe", "85265f3b356aa631e4bd47e5978dc5e30ca590f368958d673f10ed5b5fc3e3fc"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["99ca82326950462e277e73f6c276cd52ec86e277ef7fe26df52cc441cfc23d36", "6d4c281bbe47a629a26beb8fb2153eb45d72168e593456c84a14118f1bde0dc5", "01511c6ad7d6da2e5081db34c45aea2d6c2d157440d1e1f4fadb5cc3cff86f60", "410a019072ab938487ea98d0a518251ba0bfed924ebeb782bb571664b06e1da9", "23d6c1ece3a1ee85060b57e3faa3a6c2025381d91dbb478c0b853bad35314a38", "86dbb841c5ad0120b910f3aac0eefab5fb04c760b43a53489c176145a6dc4ac2", "64eb2a2a555c87b8c081e98dd9bcc6f9bba87ac41f29770eb9bb5c1b16b4485e", "79dd9d68695ac2b81c4c45dff1bfece72543e55436b49a57a8aad0b11cd79e7b", "252a25e1adffe4f0458a34133a3a283258ab5b0e33e341ed66fd221b93f21215", "8da0cba69f36e57b1ec89d9485edc72b58e7912767c422791d83410dd8c1dfb9", "a7112b7c3ad24a2e23388f05d640c30d9ef92ecfdf2c870f554623f297cfe9ff", "8d56b340cac8fdf640565cfe1a767a1ec9c40fd9bc20aeb33c7d2903ee612235", "46215f5401da97df51bef50822598f09ff32ddeb1f7e0294f27f3c58dcfe2356", "69eac3c62a2d29ebbb4839f1b65fd3ee98042afbcc92afa750d46f7528bfae60", "b7836e20bc9631ace0f26deb0cc5c50515f94640b02149745661f5cba8cbffca", "85037ccf4776021c3b7d4803b18dc9435eeb0cb032c9409b580effd33db45e08", "b49f11f35af41c45c6d7a700485bb8bc638f8f74c2a6c8f35fe5dfb3a3c3fcb0", "b1c64080fa8a33025ecb6e5774bf7e31d087df3cf38ca93de732a6915c14e34c", "7a6d1a8de7a364659d5af20eae4199fe4541a21bfdb7171e01bb03ed562f640e", "021d7666d16dd5083ce4a0eb886f0ea16ac79edf334094233bf32cb93332963d", "ab60c61cfa92cbfe6eae4dd3bf43f3148e94989ee1efdbe1e1fc2a34b5dc2cf4", "8fe5a320488cbf6569bde928113c066395901e2a3c7fc285db5edd1443c8e635", "491b70e562b9b69d164e57ea99127bdd82437eabe0efcf27c59cbe715b5e2e07", "1e26af9bdc05dcfdbf6626f1deb7cd8851ddead22c6e94e1ca39190e61bbc0fe", "85265f3b356aa631e4bd47e5978dc5e30ca590f368958d673f10ed5b5fc3e3fc"], "mitre_attack_tags": []}, {"bi": "modified-file-in-user-dir", "hashes": ["99ca82326950462e277e73f6c276cd52ec86e277ef7fe26df52cc441cfc23d36", "6d4c281bbe47a629a26beb8fb2153eb45d72168e593456c84a14118f1bde0dc5", "01511c6ad7d6da2e5081db34c45aea2d6c2d157440d1e1f4fadb5cc3cff86f60", "410a019072ab938487ea98d0a518251ba0bfed924ebeb782bb571664b06e1da9", "23d6c1ece3a1ee85060b57e3faa3a6c2025381d91dbb478c0b853bad35314a38", "86dbb841c5ad0120b910f3aac0eefab5fb04c760b43a53489c176145a6dc4ac2", "64eb2a2a555c87b8c081e98dd9bcc6f9bba87ac41f29770eb9bb5c1b16b4485e", "79dd9d68695ac2b81c4c45dff1bfece72543e55436b49a57a8aad0b11cd79e7b", "252a25e1adffe4f0458a34133a3a283258ab5b0e33e341ed66fd221b93f21215", "8da0cba69f36e57b1ec89d9485edc72b58e7912767c422791d83410dd8c1dfb9", "a7112b7c3ad24a2e23388f05d640c30d9ef92ecfdf2c870f554623f297cfe9ff", "8d56b340cac8fdf640565cfe1a767a1ec9c40fd9bc20aeb33c7d2903ee612235", "46215f5401da97df51bef50822598f09ff32ddeb1f7e0294f27f3c58dcfe2356", "69eac3c62a2d29ebbb4839f1b65fd3ee98042afbcc92afa750d46f7528bfae60", "b7836e20bc9631ace0f26deb0cc5c50515f94640b02149745661f5cba8cbffca", "85037ccf4776021c3b7d4803b18dc9435eeb0cb032c9409b580effd33db45e08", "b49f11f35af41c45c6d7a700485bb8bc638f8f74c2a6c8f35fe5dfb3a3c3fcb0", "b1c64080fa8a33025ecb6e5774bf7e31d087df3cf38ca93de732a6915c14e34c", "7a6d1a8de7a364659d5af20eae4199fe4541a21bfdb7171e01bb03ed562f640e", "021d7666d16dd5083ce4a0eb886f0ea16ac79edf334094233bf32cb93332963d", "ab60c61cfa92cbfe6eae4dd3bf43f3148e94989ee1efdbe1e1fc2a34b5dc2cf4", "8fe5a320488cbf6569bde928113c066395901e2a3c7fc285db5edd1443c8e635", "491b70e562b9b69d164e57ea99127bdd82437eabe0efcf27c59cbe715b5e2e07", "1e26af9bdc05dcfdbf6626f1deb7cd8851ddead22c6e94e1ca39190e61bbc0fe", "85265f3b356aa631e4bd47e5978dc5e30ca590f368958d673f10ed5b5fc3e3fc"], "mitre_attack_tags": []}, {"bi": "pe-section-execute-writable", "hashes": ["99ca82326950462e277e73f6c276cd52ec86e277ef7fe26df52cc441cfc23d36", "6d4c281bbe47a629a26beb8fb2153eb45d72168e593456c84a14118f1bde0dc5", "01511c6ad7d6da2e5081db34c45aea2d6c2d157440d1e1f4fadb5cc3cff86f60", "410a019072ab938487ea98d0a518251ba0bfed924ebeb782bb571664b06e1da9", "23d6c1ece3a1ee85060b57e3faa3a6c2025381d91dbb478c0b853bad35314a38", "86dbb841c5ad0120b910f3aac0eefab5fb04c760b43a53489c176145a6dc4ac2", "64eb2a2a555c87b8c081e98dd9bcc6f9bba87ac41f29770eb9bb5c1b16b4485e", "79dd9d68695ac2b81c4c45dff1bfece72543e55436b49a57a8aad0b11cd79e7b", "252a25e1adffe4f0458a34133a3a283258ab5b0e33e341ed66fd221b93f21215", "8da0cba69f36e57b1ec89d9485edc72b58e7912767c422791d83410dd8c1dfb9", "a7112b7c3ad24a2e23388f05d640c30d9ef92ecfdf2c870f554623f297cfe9ff", "8d56b340cac8fdf640565cfe1a767a1ec9c40fd9bc20aeb33c7d2903ee612235", "46215f5401da97df51bef50822598f09ff32ddeb1f7e0294f27f3c58dcfe2356", "69eac3c62a2d29ebbb4839f1b65fd3ee98042afbcc92afa750d46f7528bfae60", "b7836e20bc9631ace0f26deb0cc5c50515f94640b02149745661f5cba8cbffca", "85037ccf4776021c3b7d4803b18dc9435eeb0cb032c9409b580effd33db45e08", "b49f11f35af41c45c6d7a700485bb8bc638f8f74c2a6c8f35fe5dfb3a3c3fcb0", "b1c64080fa8a33025ecb6e5774bf7e31d087df3cf38ca93de732a6915c14e34c", "7a6d1a8de7a364659d5af20eae4199fe4541a21bfdb7171e01bb03ed562f640e", "021d7666d16dd5083ce4a0eb886f0ea16ac79edf334094233bf32cb93332963d", "ab60c61cfa92cbfe6eae4dd3bf43f3148e94989ee1efdbe1e1fc2a34b5dc2cf4", "8fe5a320488cbf6569bde928113c066395901e2a3c7fc285db5edd1443c8e635", "491b70e562b9b69d164e57ea99127bdd82437eabe0efcf27c59cbe715b5e2e07", "1e26af9bdc05dcfdbf6626f1deb7cd8851ddead22c6e94e1ca39190e61bbc0fe", "85265f3b356aa631e4bd47e5978dc5e30ca590f368958d673f10ed5b5fc3e3fc"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-packed-upx", "hashes": ["99ca82326950462e277e73f6c276cd52ec86e277ef7fe26df52cc441cfc23d36", "6d4c281bbe47a629a26beb8fb2153eb45d72168e593456c84a14118f1bde0dc5", "01511c6ad7d6da2e5081db34c45aea2d6c2d157440d1e1f4fadb5cc3cff86f60", "410a019072ab938487ea98d0a518251ba0bfed924ebeb782bb571664b06e1da9", "23d6c1ece3a1ee85060b57e3faa3a6c2025381d91dbb478c0b853bad35314a38", "86dbb841c5ad0120b910f3aac0eefab5fb04c760b43a53489c176145a6dc4ac2", "64eb2a2a555c87b8c081e98dd9bcc6f9bba87ac41f29770eb9bb5c1b16b4485e", "79dd9d68695ac2b81c4c45dff1bfece72543e55436b49a57a8aad0b11cd79e7b", "252a25e1adffe4f0458a34133a3a283258ab5b0e33e341ed66fd221b93f21215", "8da0cba69f36e57b1ec89d9485edc72b58e7912767c422791d83410dd8c1dfb9", "a7112b7c3ad24a2e23388f05d640c30d9ef92ecfdf2c870f554623f297cfe9ff", "8d56b340cac8fdf640565cfe1a767a1ec9c40fd9bc20aeb33c7d2903ee612235", "46215f5401da97df51bef50822598f09ff32ddeb1f7e0294f27f3c58dcfe2356", "69eac3c62a2d29ebbb4839f1b65fd3ee98042afbcc92afa750d46f7528bfae60", "b7836e20bc9631ace0f26deb0cc5c50515f94640b02149745661f5cba8cbffca", "85037ccf4776021c3b7d4803b18dc9435eeb0cb032c9409b580effd33db45e08", "b49f11f35af41c45c6d7a700485bb8bc638f8f74c2a6c8f35fe5dfb3a3c3fcb0", "b1c64080fa8a33025ecb6e5774bf7e31d087df3cf38ca93de732a6915c14e34c", "7a6d1a8de7a364659d5af20eae4199fe4541a21bfdb7171e01bb03ed562f640e", "021d7666d16dd5083ce4a0eb886f0ea16ac79edf334094233bf32cb93332963d", "ab60c61cfa92cbfe6eae4dd3bf43f3148e94989ee1efdbe1e1fc2a34b5dc2cf4", "8fe5a320488cbf6569bde928113c066395901e2a3c7fc285db5edd1443c8e635", "491b70e562b9b69d164e57ea99127bdd82437eabe0efcf27c59cbe715b5e2e07", "1e26af9bdc05dcfdbf6626f1deb7cd8851ddead22c6e94e1ca39190e61bbc0fe", "85265f3b356aa631e4bd47e5978dc5e30ca590f368958d673f10ed5b5fc3e3fc"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "network-fast-flux-domain", "hashes": ["99ca82326950462e277e73f6c276cd52ec86e277ef7fe26df52cc441cfc23d36", "6d4c281bbe47a629a26beb8fb2153eb45d72168e593456c84a14118f1bde0dc5", "01511c6ad7d6da2e5081db34c45aea2d6c2d157440d1e1f4fadb5cc3cff86f60", "410a019072ab938487ea98d0a518251ba0bfed924ebeb782bb571664b06e1da9", "23d6c1ece3a1ee85060b57e3faa3a6c2025381d91dbb478c0b853bad35314a38", "86dbb841c5ad0120b910f3aac0eefab5fb04c760b43a53489c176145a6dc4ac2", "64eb2a2a555c87b8c081e98dd9bcc6f9bba87ac41f29770eb9bb5c1b16b4485e", "79dd9d68695ac2b81c4c45dff1bfece72543e55436b49a57a8aad0b11cd79e7b", "252a25e1adffe4f0458a34133a3a283258ab5b0e33e341ed66fd221b93f21215", "8da0cba69f36e57b1ec89d9485edc72b58e7912767c422791d83410dd8c1dfb9", "a7112b7c3ad24a2e23388f05d640c30d9ef92ecfdf2c870f554623f297cfe9ff", "8d56b340cac8fdf640565cfe1a767a1ec9c40fd9bc20aeb33c7d2903ee612235", "46215f5401da97df51bef50822598f09ff32ddeb1f7e0294f27f3c58dcfe2356", "69eac3c62a2d29ebbb4839f1b65fd3ee98042afbcc92afa750d46f7528bfae60", "b7836e20bc9631ace0f26deb0cc5c50515f94640b02149745661f5cba8cbffca", "85037ccf4776021c3b7d4803b18dc9435eeb0cb032c9409b580effd33db45e08", "b49f11f35af41c45c6d7a700485bb8bc638f8f74c2a6c8f35fe5dfb3a3c3fcb0", "b1c64080fa8a33025ecb6e5774bf7e31d087df3cf38ca93de732a6915c14e34c", "7a6d1a8de7a364659d5af20eae4199fe4541a21bfdb7171e01bb03ed562f640e", "021d7666d16dd5083ce4a0eb886f0ea16ac79edf334094233bf32cb93332963d", "ab60c61cfa92cbfe6eae4dd3bf43f3148e94989ee1efdbe1e1fc2a34b5dc2cf4", "8fe5a320488cbf6569bde928113c066395901e2a3c7fc285db5edd1443c8e635", "491b70e562b9b69d164e57ea99127bdd82437eabe0efcf27c59cbe715b5e2e07", "1e26af9bdc05dcfdbf6626f1deb7cd8851ddead22c6e94e1ca39190e61bbc0fe", "85265f3b356aa631e4bd47e5978dc5e30ca590f368958d673f10ed5b5fc3e3fc"], "mitre_attack_tags": []}, {"bi": "network-communications-http-get", "hashes": ["99ca82326950462e277e73f6c276cd52ec86e277ef7fe26df52cc441cfc23d36", "6d4c281bbe47a629a26beb8fb2153eb45d72168e593456c84a14118f1bde0dc5", "01511c6ad7d6da2e5081db34c45aea2d6c2d157440d1e1f4fadb5cc3cff86f60", "410a019072ab938487ea98d0a518251ba0bfed924ebeb782bb571664b06e1da9", "23d6c1ece3a1ee85060b57e3faa3a6c2025381d91dbb478c0b853bad35314a38", "86dbb841c5ad0120b910f3aac0eefab5fb04c760b43a53489c176145a6dc4ac2", "64eb2a2a555c87b8c081e98dd9bcc6f9bba87ac41f29770eb9bb5c1b16b4485e", "79dd9d68695ac2b81c4c45dff1bfece72543e55436b49a57a8aad0b11cd79e7b", "252a25e1adffe4f0458a34133a3a283258ab5b0e33e341ed66fd221b93f21215", "8da0cba69f36e57b1ec89d9485edc72b58e7912767c422791d83410dd8c1dfb9", "a7112b7c3ad24a2e23388f05d640c30d9ef92ecfdf2c870f554623f297cfe9ff", "8d56b340cac8fdf640565cfe1a767a1ec9c40fd9bc20aeb33c7d2903ee612235", "46215f5401da97df51bef50822598f09ff32ddeb1f7e0294f27f3c58dcfe2356", "69eac3c62a2d29ebbb4839f1b65fd3ee98042afbcc92afa750d46f7528bfae60", "b7836e20bc9631ace0f26deb0cc5c50515f94640b02149745661f5cba8cbffca", "85037ccf4776021c3b7d4803b18dc9435eeb0cb032c9409b580effd33db45e08", "b49f11f35af41c45c6d7a700485bb8bc638f8f74c2a6c8f35fe5dfb3a3c3fcb0", "b1c64080fa8a33025ecb6e5774bf7e31d087df3cf38ca93de732a6915c14e34c", "7a6d1a8de7a364659d5af20eae4199fe4541a21bfdb7171e01bb03ed562f640e", "021d7666d16dd5083ce4a0eb886f0ea16ac79edf334094233bf32cb93332963d", "ab60c61cfa92cbfe6eae4dd3bf43f3148e94989ee1efdbe1e1fc2a34b5dc2cf4", "8fe5a320488cbf6569bde928113c066395901e2a3c7fc285db5edd1443c8e635", "491b70e562b9b69d164e57ea99127bdd82437eabe0efcf27c59cbe715b5e2e07", "1e26af9bdc05dcfdbf6626f1deb7cd8851ddead22c6e94e1ca39190e61bbc0fe", "85265f3b356aa631e4bd47e5978dc5e30ca590f368958d673f10ed5b5fc3e3fc"], "mitre_attack_tags": ["TA0011", "T1105"]}, {"bi": "dns-query-nxdomain", "hashes": ["99ca82326950462e277e73f6c276cd52ec86e277ef7fe26df52cc441cfc23d36", "6d4c281bbe47a629a26beb8fb2153eb45d72168e593456c84a14118f1bde0dc5", "01511c6ad7d6da2e5081db34c45aea2d6c2d157440d1e1f4fadb5cc3cff86f60", "410a019072ab938487ea98d0a518251ba0bfed924ebeb782bb571664b06e1da9", "23d6c1ece3a1ee85060b57e3faa3a6c2025381d91dbb478c0b853bad35314a38", "86dbb841c5ad0120b910f3aac0eefab5fb04c760b43a53489c176145a6dc4ac2", "64eb2a2a555c87b8c081e98dd9bcc6f9bba87ac41f29770eb9bb5c1b16b4485e", "79dd9d68695ac2b81c4c45dff1bfece72543e55436b49a57a8aad0b11cd79e7b", "252a25e1adffe4f0458a34133a3a283258ab5b0e33e341ed66fd221b93f21215", "8da0cba69f36e57b1ec89d9485edc72b58e7912767c422791d83410dd8c1dfb9", "a7112b7c3ad24a2e23388f05d640c30d9ef92ecfdf2c870f554623f297cfe9ff", "8d56b340cac8fdf640565cfe1a767a1ec9c40fd9bc20aeb33c7d2903ee612235", "46215f5401da97df51bef50822598f09ff32ddeb1f7e0294f27f3c58dcfe2356", "69eac3c62a2d29ebbb4839f1b65fd3ee98042afbcc92afa750d46f7528bfae60", "b7836e20bc9631ace0f26deb0cc5c50515f94640b02149745661f5cba8cbffca", "85037ccf4776021c3b7d4803b18dc9435eeb0cb032c9409b580effd33db45e08", "b49f11f35af41c45c6d7a700485bb8bc638f8f74c2a6c8f35fe5dfb3a3c3fcb0", "b1c64080fa8a33025ecb6e5774bf7e31d087df3cf38ca93de732a6915c14e34c", "7a6d1a8de7a364659d5af20eae4199fe4541a21bfdb7171e01bb03ed562f640e", "021d7666d16dd5083ce4a0eb886f0ea16ac79edf334094233bf32cb93332963d", "ab60c61cfa92cbfe6eae4dd3bf43f3148e94989ee1efdbe1e1fc2a34b5dc2cf4", "8fe5a320488cbf6569bde928113c066395901e2a3c7fc285db5edd1443c8e635", "491b70e562b9b69d164e57ea99127bdd82437eabe0efcf27c59cbe715b5e2e07", "1e26af9bdc05dcfdbf6626f1deb7cd8851ddead22c6e94e1ca39190e61bbc0fe", "85265f3b356aa631e4bd47e5978dc5e30ca590f368958d673f10ed5b5fc3e3fc"], "mitre_attack_tags": []}, {"bi": "network-only-safe-domains-contacted", "hashes": ["99ca82326950462e277e73f6c276cd52ec86e277ef7fe26df52cc441cfc23d36", "6d4c281bbe47a629a26beb8fb2153eb45d72168e593456c84a14118f1bde0dc5", "01511c6ad7d6da2e5081db34c45aea2d6c2d157440d1e1f4fadb5cc3cff86f60", "410a019072ab938487ea98d0a518251ba0bfed924ebeb782bb571664b06e1da9", "23d6c1ece3a1ee85060b57e3faa3a6c2025381d91dbb478c0b853bad35314a38", "86dbb841c5ad0120b910f3aac0eefab5fb04c760b43a53489c176145a6dc4ac2", "64eb2a2a555c87b8c081e98dd9bcc6f9bba87ac41f29770eb9bb5c1b16b4485e", "79dd9d68695ac2b81c4c45dff1bfece72543e55436b49a57a8aad0b11cd79e7b", "252a25e1adffe4f0458a34133a3a283258ab5b0e33e341ed66fd221b93f21215", "8da0cba69f36e57b1ec89d9485edc72b58e7912767c422791d83410dd8c1dfb9", "a7112b7c3ad24a2e23388f05d640c30d9ef92ecfdf2c870f554623f297cfe9ff", "8d56b340cac8fdf640565cfe1a767a1ec9c40fd9bc20aeb33c7d2903ee612235", "46215f5401da97df51bef50822598f09ff32ddeb1f7e0294f27f3c58dcfe2356", "69eac3c62a2d29ebbb4839f1b65fd3ee98042afbcc92afa750d46f7528bfae60", "b7836e20bc9631ace0f26deb0cc5c50515f94640b02149745661f5cba8cbffca", "85037ccf4776021c3b7d4803b18dc9435eeb0cb032c9409b580effd33db45e08", "b49f11f35af41c45c6d7a700485bb8bc638f8f74c2a6c8f35fe5dfb3a3c3fcb0", "b1c64080fa8a33025ecb6e5774bf7e31d087df3cf38ca93de732a6915c14e34c", "7a6d1a8de7a364659d5af20eae4199fe4541a21bfdb7171e01bb03ed562f640e", "021d7666d16dd5083ce4a0eb886f0ea16ac79edf334094233bf32cb93332963d", "ab60c61cfa92cbfe6eae4dd3bf43f3148e94989ee1efdbe1e1fc2a34b5dc2cf4", "8fe5a320488cbf6569bde928113c066395901e2a3c7fc285db5edd1443c8e635", "491b70e562b9b69d164e57ea99127bdd82437eabe0efcf27c59cbe715b5e2e07", "1e26af9bdc05dcfdbf6626f1deb7cd8851ddead22c6e94e1ca39190e61bbc0fe", "85265f3b356aa631e4bd47e5978dc5e30ca590f368958d673f10ed5b5fc3e3fc"], "mitre_attack_tags": []}, {"bi": "feed-domain-antivirus-service", "hashes": ["99ca82326950462e277e73f6c276cd52ec86e277ef7fe26df52cc441cfc23d36", "6d4c281bbe47a629a26beb8fb2153eb45d72168e593456c84a14118f1bde0dc5", "01511c6ad7d6da2e5081db34c45aea2d6c2d157440d1e1f4fadb5cc3cff86f60", "410a019072ab938487ea98d0a518251ba0bfed924ebeb782bb571664b06e1da9", "23d6c1ece3a1ee85060b57e3faa3a6c2025381d91dbb478c0b853bad35314a38", "86dbb841c5ad0120b910f3aac0eefab5fb04c760b43a53489c176145a6dc4ac2", "64eb2a2a555c87b8c081e98dd9bcc6f9bba87ac41f29770eb9bb5c1b16b4485e", "79dd9d68695ac2b81c4c45dff1bfece72543e55436b49a57a8aad0b11cd79e7b", "252a25e1adffe4f0458a34133a3a283258ab5b0e33e341ed66fd221b93f21215", "8da0cba69f36e57b1ec89d9485edc72b58e7912767c422791d83410dd8c1dfb9", "a7112b7c3ad24a2e23388f05d640c30d9ef92ecfdf2c870f554623f297cfe9ff", "8d56b340cac8fdf640565cfe1a767a1ec9c40fd9bc20aeb33c7d2903ee612235", "46215f5401da97df51bef50822598f09ff32ddeb1f7e0294f27f3c58dcfe2356", "69eac3c62a2d29ebbb4839f1b65fd3ee98042afbcc92afa750d46f7528bfae60", "b7836e20bc9631ace0f26deb0cc5c50515f94640b02149745661f5cba8cbffca", "85037ccf4776021c3b7d4803b18dc9435eeb0cb032c9409b580effd33db45e08", "b49f11f35af41c45c6d7a700485bb8bc638f8f74c2a6c8f35fe5dfb3a3c3fcb0", "b1c64080fa8a33025ecb6e5774bf7e31d087df3cf38ca93de732a6915c14e34c", "7a6d1a8de7a364659d5af20eae4199fe4541a21bfdb7171e01bb03ed562f640e", "021d7666d16dd5083ce4a0eb886f0ea16ac79edf334094233bf32cb93332963d", "ab60c61cfa92cbfe6eae4dd3bf43f3148e94989ee1efdbe1e1fc2a34b5dc2cf4", "8fe5a320488cbf6569bde928113c066395901e2a3c7fc285db5edd1443c8e635", "491b70e562b9b69d164e57ea99127bdd82437eabe0efcf27c59cbe715b5e2e07", "1e26af9bdc05dcfdbf6626f1deb7cd8851ddead22c6e94e1ca39190e61bbc0fe", "85265f3b356aa631e4bd47e5978dc5e30ca590f368958d673f10ed5b5fc3e3fc"], "mitre_attack_tags": []}, {"bi": "imports-IsDebuggerPresent", "hashes": ["99ca82326950462e277e73f6c276cd52ec86e277ef7fe26df52cc441cfc23d36", "6d4c281bbe47a629a26beb8fb2153eb45d72168e593456c84a14118f1bde0dc5", "01511c6ad7d6da2e5081db34c45aea2d6c2d157440d1e1f4fadb5cc3cff86f60", "410a019072ab938487ea98d0a518251ba0bfed924ebeb782bb571664b06e1da9", "23d6c1ece3a1ee85060b57e3faa3a6c2025381d91dbb478c0b853bad35314a38", "86dbb841c5ad0120b910f3aac0eefab5fb04c760b43a53489c176145a6dc4ac2", "64eb2a2a555c87b8c081e98dd9bcc6f9bba87ac41f29770eb9bb5c1b16b4485e", "79dd9d68695ac2b81c4c45dff1bfece72543e55436b49a57a8aad0b11cd79e7b", "252a25e1adffe4f0458a34133a3a283258ab5b0e33e341ed66fd221b93f21215", "8da0cba69f36e57b1ec89d9485edc72b58e7912767c422791d83410dd8c1dfb9", "a7112b7c3ad24a2e23388f05d640c30d9ef92ecfdf2c870f554623f297cfe9ff", "8d56b340cac8fdf640565cfe1a767a1ec9c40fd9bc20aeb33c7d2903ee612235", "46215f5401da97df51bef50822598f09ff32ddeb1f7e0294f27f3c58dcfe2356", "69eac3c62a2d29ebbb4839f1b65fd3ee98042afbcc92afa750d46f7528bfae60", "b7836e20bc9631ace0f26deb0cc5c50515f94640b02149745661f5cba8cbffca", "85037ccf4776021c3b7d4803b18dc9435eeb0cb032c9409b580effd33db45e08", "b49f11f35af41c45c6d7a700485bb8bc638f8f74c2a6c8f35fe5dfb3a3c3fcb0", "b1c64080fa8a33025ecb6e5774bf7e31d087df3cf38ca93de732a6915c14e34c", "7a6d1a8de7a364659d5af20eae4199fe4541a21bfdb7171e01bb03ed562f640e", "021d7666d16dd5083ce4a0eb886f0ea16ac79edf334094233bf32cb93332963d", "ab60c61cfa92cbfe6eae4dd3bf43f3148e94989ee1efdbe1e1fc2a34b5dc2cf4", "8fe5a320488cbf6569bde928113c066395901e2a3c7fc285db5edd1443c8e635", "491b70e562b9b69d164e57ea99127bdd82437eabe0efcf27c59cbe715b5e2e07", "1e26af9bdc05dcfdbf6626f1deb7cd8851ddead22c6e94e1ca39190e61bbc0fe", "85265f3b356aa631e4bd47e5978dc5e30ca590f368958d673f10ed5b5fc3e3fc"], "mitre_attack_tags": ["TA0005", "TA0007"]}, {"bi": "excessive-udp-connections", "hashes": ["99ca82326950462e277e73f6c276cd52ec86e277ef7fe26df52cc441cfc23d36", "6d4c281bbe47a629a26beb8fb2153eb45d72168e593456c84a14118f1bde0dc5", "01511c6ad7d6da2e5081db34c45aea2d6c2d157440d1e1f4fadb5cc3cff86f60", "410a019072ab938487ea98d0a518251ba0bfed924ebeb782bb571664b06e1da9", "23d6c1ece3a1ee85060b57e3faa3a6c2025381d91dbb478c0b853bad35314a38", "86dbb841c5ad0120b910f3aac0eefab5fb04c760b43a53489c176145a6dc4ac2", "64eb2a2a555c87b8c081e98dd9bcc6f9bba87ac41f29770eb9bb5c1b16b4485e", "79dd9d68695ac2b81c4c45dff1bfece72543e55436b49a57a8aad0b11cd79e7b", "252a25e1adffe4f0458a34133a3a283258ab5b0e33e341ed66fd221b93f21215", "8da0cba69f36e57b1ec89d9485edc72b58e7912767c422791d83410dd8c1dfb9", "a7112b7c3ad24a2e23388f05d640c30d9ef92ecfdf2c870f554623f297cfe9ff", "8d56b340cac8fdf640565cfe1a767a1ec9c40fd9bc20aeb33c7d2903ee612235", "46215f5401da97df51bef50822598f09ff32ddeb1f7e0294f27f3c58dcfe2356", "69eac3c62a2d29ebbb4839f1b65fd3ee98042afbcc92afa750d46f7528bfae60", "b7836e20bc9631ace0f26deb0cc5c50515f94640b02149745661f5cba8cbffca", "85037ccf4776021c3b7d4803b18dc9435eeb0cb032c9409b580effd33db45e08", "b49f11f35af41c45c6d7a700485bb8bc638f8f74c2a6c8f35fe5dfb3a3c3fcb0", "b1c64080fa8a33025ecb6e5774bf7e31d087df3cf38ca93de732a6915c14e34c", "7a6d1a8de7a364659d5af20eae4199fe4541a21bfdb7171e01bb03ed562f640e", "021d7666d16dd5083ce4a0eb886f0ea16ac79edf334094233bf32cb93332963d", "ab60c61cfa92cbfe6eae4dd3bf43f3148e94989ee1efdbe1e1fc2a34b5dc2cf4", "8fe5a320488cbf6569bde928113c066395901e2a3c7fc285db5edd1443c8e635", "491b70e562b9b69d164e57ea99127bdd82437eabe0efcf27c59cbe715b5e2e07", "1e26af9bdc05dcfdbf6626f1deb7cd8851ddead22c6e94e1ca39190e61bbc0fe", "85265f3b356aa631e4bd47e5978dc5e30ca590f368958d673f10ed5b5fc3e3fc"], "mitre_attack_tags": ["TA0011", "T1095", "T1008"]}, {"bi": "document-decoy-dropped", "hashes": ["99ca82326950462e277e73f6c276cd52ec86e277ef7fe26df52cc441cfc23d36", "6d4c281bbe47a629a26beb8fb2153eb45d72168e593456c84a14118f1bde0dc5", "01511c6ad7d6da2e5081db34c45aea2d6c2d157440d1e1f4fadb5cc3cff86f60", "410a019072ab938487ea98d0a518251ba0bfed924ebeb782bb571664b06e1da9", "23d6c1ece3a1ee85060b57e3faa3a6c2025381d91dbb478c0b853bad35314a38", "86dbb841c5ad0120b910f3aac0eefab5fb04c760b43a53489c176145a6dc4ac2", "64eb2a2a555c87b8c081e98dd9bcc6f9bba87ac41f29770eb9bb5c1b16b4485e", "79dd9d68695ac2b81c4c45dff1bfece72543e55436b49a57a8aad0b11cd79e7b", "252a25e1adffe4f0458a34133a3a283258ab5b0e33e341ed66fd221b93f21215", "8da0cba69f36e57b1ec89d9485edc72b58e7912767c422791d83410dd8c1dfb9", "a7112b7c3ad24a2e23388f05d640c30d9ef92ecfdf2c870f554623f297cfe9ff", "8d56b340cac8fdf640565cfe1a767a1ec9c40fd9bc20aeb33c7d2903ee612235", "46215f5401da97df51bef50822598f09ff32ddeb1f7e0294f27f3c58dcfe2356", "69eac3c62a2d29ebbb4839f1b65fd3ee98042afbcc92afa750d46f7528bfae60", "b7836e20bc9631ace0f26deb0cc5c50515f94640b02149745661f5cba8cbffca", "85037ccf4776021c3b7d4803b18dc9435eeb0cb032c9409b580effd33db45e08", "b49f11f35af41c45c6d7a700485bb8bc638f8f74c2a6c8f35fe5dfb3a3c3fcb0", "b1c64080fa8a33025ecb6e5774bf7e31d087df3cf38ca93de732a6915c14e34c", "7a6d1a8de7a364659d5af20eae4199fe4541a21bfdb7171e01bb03ed562f640e", "021d7666d16dd5083ce4a0eb886f0ea16ac79edf334094233bf32cb93332963d", "ab60c61cfa92cbfe6eae4dd3bf43f3148e94989ee1efdbe1e1fc2a34b5dc2cf4", "8fe5a320488cbf6569bde928113c066395901e2a3c7fc285db5edd1443c8e635", "491b70e562b9b69d164e57ea99127bdd82437eabe0efcf27c59cbe715b5e2e07", "1e26af9bdc05dcfdbf6626f1deb7cd8851ddead22c6e94e1ca39190e61bbc0fe", "85265f3b356aa631e4bd47e5978dc5e30ca590f368958d673f10ed5b5fc3e3fc"], "mitre_attack_tags": []}, {"bi": "malware-ransomware-cerber", "hashes": ["99ca82326950462e277e73f6c276cd52ec86e277ef7fe26df52cc441cfc23d36", "6d4c281bbe47a629a26beb8fb2153eb45d72168e593456c84a14118f1bde0dc5", "01511c6ad7d6da2e5081db34c45aea2d6c2d157440d1e1f4fadb5cc3cff86f60", "410a019072ab938487ea98d0a518251ba0bfed924ebeb782bb571664b06e1da9", "23d6c1ece3a1ee85060b57e3faa3a6c2025381d91dbb478c0b853bad35314a38", "86dbb841c5ad0120b910f3aac0eefab5fb04c760b43a53489c176145a6dc4ac2", "64eb2a2a555c87b8c081e98dd9bcc6f9bba87ac41f29770eb9bb5c1b16b4485e", "79dd9d68695ac2b81c4c45dff1bfece72543e55436b49a57a8aad0b11cd79e7b", "252a25e1adffe4f0458a34133a3a283258ab5b0e33e341ed66fd221b93f21215", "8da0cba69f36e57b1ec89d9485edc72b58e7912767c422791d83410dd8c1dfb9", "a7112b7c3ad24a2e23388f05d640c30d9ef92ecfdf2c870f554623f297cfe9ff", "8d56b340cac8fdf640565cfe1a767a1ec9c40fd9bc20aeb33c7d2903ee612235", "46215f5401da97df51bef50822598f09ff32ddeb1f7e0294f27f3c58dcfe2356", "69eac3c62a2d29ebbb4839f1b65fd3ee98042afbcc92afa750d46f7528bfae60", "b7836e20bc9631ace0f26deb0cc5c50515f94640b02149745661f5cba8cbffca", "85037ccf4776021c3b7d4803b18dc9435eeb0cb032c9409b580effd33db45e08", "b49f11f35af41c45c6d7a700485bb8bc638f8f74c2a6c8f35fe5dfb3a3c3fcb0", "b1c64080fa8a33025ecb6e5774bf7e31d087df3cf38ca93de732a6915c14e34c", "7a6d1a8de7a364659d5af20eae4199fe4541a21bfdb7171e01bb03ed562f640e", "021d7666d16dd5083ce4a0eb886f0ea16ac79edf334094233bf32cb93332963d", "ab60c61cfa92cbfe6eae4dd3bf43f3148e94989ee1efdbe1e1fc2a34b5dc2cf4", "8fe5a320488cbf6569bde928113c066395901e2a3c7fc285db5edd1443c8e635", "491b70e562b9b69d164e57ea99127bdd82437eabe0efcf27c59cbe715b5e2e07", "1e26af9bdc05dcfdbf6626f1deb7cd8851ddead22c6e94e1ca39190e61bbc0fe", "85265f3b356aa631e4bd47e5978dc5e30ca590f368958d673f10ed5b5fc3e3fc"], "mitre_attack_tags": ["TA0040", "T1486"]}, {"bi": "netsh-firewall-generic", "hashes": ["99ca82326950462e277e73f6c276cd52ec86e277ef7fe26df52cc441cfc23d36", "6d4c281bbe47a629a26beb8fb2153eb45d72168e593456c84a14118f1bde0dc5", "01511c6ad7d6da2e5081db34c45aea2d6c2d157440d1e1f4fadb5cc3cff86f60", "410a019072ab938487ea98d0a518251ba0bfed924ebeb782bb571664b06e1da9", "23d6c1ece3a1ee85060b57e3faa3a6c2025381d91dbb478c0b853bad35314a38", "86dbb841c5ad0120b910f3aac0eefab5fb04c760b43a53489c176145a6dc4ac2", "64eb2a2a555c87b8c081e98dd9bcc6f9bba87ac41f29770eb9bb5c1b16b4485e", "79dd9d68695ac2b81c4c45dff1bfece72543e55436b49a57a8aad0b11cd79e7b", "252a25e1adffe4f0458a34133a3a283258ab5b0e33e341ed66fd221b93f21215", "8da0cba69f36e57b1ec89d9485edc72b58e7912767c422791d83410dd8c1dfb9", "a7112b7c3ad24a2e23388f05d640c30d9ef92ecfdf2c870f554623f297cfe9ff", "8d56b340cac8fdf640565cfe1a767a1ec9c40fd9bc20aeb33c7d2903ee612235", "46215f5401da97df51bef50822598f09ff32ddeb1f7e0294f27f3c58dcfe2356", "69eac3c62a2d29ebbb4839f1b65fd3ee98042afbcc92afa750d46f7528bfae60", "b7836e20bc9631ace0f26deb0cc5c50515f94640b02149745661f5cba8cbffca", "85037ccf4776021c3b7d4803b18dc9435eeb0cb032c9409b580effd33db45e08", "b49f11f35af41c45c6d7a700485bb8bc638f8f74c2a6c8f35fe5dfb3a3c3fcb0", "b1c64080fa8a33025ecb6e5774bf7e31d087df3cf38ca93de732a6915c14e34c", "7a6d1a8de7a364659d5af20eae4199fe4541a21bfdb7171e01bb03ed562f640e", "021d7666d16dd5083ce4a0eb886f0ea16ac79edf334094233bf32cb93332963d", "ab60c61cfa92cbfe6eae4dd3bf43f3148e94989ee1efdbe1e1fc2a34b5dc2cf4", "8fe5a320488cbf6569bde928113c066395901e2a3c7fc285db5edd1443c8e635", "491b70e562b9b69d164e57ea99127bdd82437eabe0efcf27c59cbe715b5e2e07", "1e26af9bdc05dcfdbf6626f1deb7cd8851ddead22c6e94e1ca39190e61bbc0fe", "85265f3b356aa631e4bd47e5978dc5e30ca590f368958d673f10ed5b5fc3e3fc"], "mitre_attack_tags": ["TA0007", "TA0005", "T1016", "T1562"]}, {"bi": "feed-domain-ransomware", "hashes": ["99ca82326950462e277e73f6c276cd52ec86e277ef7fe26df52cc441cfc23d36", "6d4c281bbe47a629a26beb8fb2153eb45d72168e593456c84a14118f1bde0dc5", "01511c6ad7d6da2e5081db34c45aea2d6c2d157440d1e1f4fadb5cc3cff86f60", "410a019072ab938487ea98d0a518251ba0bfed924ebeb782bb571664b06e1da9", "23d6c1ece3a1ee85060b57e3faa3a6c2025381d91dbb478c0b853bad35314a38", "86dbb841c5ad0120b910f3aac0eefab5fb04c760b43a53489c176145a6dc4ac2", "64eb2a2a555c87b8c081e98dd9bcc6f9bba87ac41f29770eb9bb5c1b16b4485e", "79dd9d68695ac2b81c4c45dff1bfece72543e55436b49a57a8aad0b11cd79e7b", "252a25e1adffe4f0458a34133a3a283258ab5b0e33e341ed66fd221b93f21215", "8da0cba69f36e57b1ec89d9485edc72b58e7912767c422791d83410dd8c1dfb9", "a7112b7c3ad24a2e23388f05d640c30d9ef92ecfdf2c870f554623f297cfe9ff", "8d56b340cac8fdf640565cfe1a767a1ec9c40fd9bc20aeb33c7d2903ee612235", "46215f5401da97df51bef50822598f09ff32ddeb1f7e0294f27f3c58dcfe2356", "69eac3c62a2d29ebbb4839f1b65fd3ee98042afbcc92afa750d46f7528bfae60", "b7836e20bc9631ace0f26deb0cc5c50515f94640b02149745661f5cba8cbffca", "85037ccf4776021c3b7d4803b18dc9435eeb0cb032c9409b580effd33db45e08", "b49f11f35af41c45c6d7a700485bb8bc638f8f74c2a6c8f35fe5dfb3a3c3fcb0", "b1c64080fa8a33025ecb6e5774bf7e31d087df3cf38ca93de732a6915c14e34c", "7a6d1a8de7a364659d5af20eae4199fe4541a21bfdb7171e01bb03ed562f640e", "021d7666d16dd5083ce4a0eb886f0ea16ac79edf334094233bf32cb93332963d", "ab60c61cfa92cbfe6eae4dd3bf43f3148e94989ee1efdbe1e1fc2a34b5dc2cf4", "8fe5a320488cbf6569bde928113c066395901e2a3c7fc285db5edd1443c8e635", "491b70e562b9b69d164e57ea99127bdd82437eabe0efcf27c59cbe715b5e2e07", "1e26af9bdc05dcfdbf6626f1deb7cd8851ddead22c6e94e1ca39190e61bbc0fe", "85265f3b356aa631e4bd47e5978dc5e30ca590f368958d673f10ed5b5fc3e3fc"], "mitre_attack_tags": []}, {"bi": "decoy-wpfv", "hashes": ["99ca82326950462e277e73f6c276cd52ec86e277ef7fe26df52cc441cfc23d36", "6d4c281bbe47a629a26beb8fb2153eb45d72168e593456c84a14118f1bde0dc5", "01511c6ad7d6da2e5081db34c45aea2d6c2d157440d1e1f4fadb5cc3cff86f60", "410a019072ab938487ea98d0a518251ba0bfed924ebeb782bb571664b06e1da9", "23d6c1ece3a1ee85060b57e3faa3a6c2025381d91dbb478c0b853bad35314a38", "86dbb841c5ad0120b910f3aac0eefab5fb04c760b43a53489c176145a6dc4ac2", "64eb2a2a555c87b8c081e98dd9bcc6f9bba87ac41f29770eb9bb5c1b16b4485e", "79dd9d68695ac2b81c4c45dff1bfece72543e55436b49a57a8aad0b11cd79e7b", "252a25e1adffe4f0458a34133a3a283258ab5b0e33e341ed66fd221b93f21215", "8da0cba69f36e57b1ec89d9485edc72b58e7912767c422791d83410dd8c1dfb9", "a7112b7c3ad24a2e23388f05d640c30d9ef92ecfdf2c870f554623f297cfe9ff", "8d56b340cac8fdf640565cfe1a767a1ec9c40fd9bc20aeb33c7d2903ee612235", "46215f5401da97df51bef50822598f09ff32ddeb1f7e0294f27f3c58dcfe2356", "69eac3c62a2d29ebbb4839f1b65fd3ee98042afbcc92afa750d46f7528bfae60", "b7836e20bc9631ace0f26deb0cc5c50515f94640b02149745661f5cba8cbffca", "85037ccf4776021c3b7d4803b18dc9435eeb0cb032c9409b580effd33db45e08", "b49f11f35af41c45c6d7a700485bb8bc638f8f74c2a6c8f35fe5dfb3a3c3fcb0", "b1c64080fa8a33025ecb6e5774bf7e31d087df3cf38ca93de732a6915c14e34c", "7a6d1a8de7a364659d5af20eae4199fe4541a21bfdb7171e01bb03ed562f640e", "021d7666d16dd5083ce4a0eb886f0ea16ac79edf334094233bf32cb93332963d", "ab60c61cfa92cbfe6eae4dd3bf43f3148e94989ee1efdbe1e1fc2a34b5dc2cf4", "8fe5a320488cbf6569bde928113c066395901e2a3c7fc285db5edd1443c8e635", "491b70e562b9b69d164e57ea99127bdd82437eabe0efcf27c59cbe715b5e2e07", "1e26af9bdc05dcfdbf6626f1deb7cd8851ddead22c6e94e1ca39190e61bbc0fe", "85265f3b356aa631e4bd47e5978dc5e30ca590f368958d673f10ed5b5fc3e3fc"], "mitre_attack_tags": ["TA0001", "T1566"]}, {"bi": "microsoft-block-rule-list-app-executed", "hashes": ["99ca82326950462e277e73f6c276cd52ec86e277ef7fe26df52cc441cfc23d36", "6d4c281bbe47a629a26beb8fb2153eb45d72168e593456c84a14118f1bde0dc5", "01511c6ad7d6da2e5081db34c45aea2d6c2d157440d1e1f4fadb5cc3cff86f60", "410a019072ab938487ea98d0a518251ba0bfed924ebeb782bb571664b06e1da9", "23d6c1ece3a1ee85060b57e3faa3a6c2025381d91dbb478c0b853bad35314a38", "86dbb841c5ad0120b910f3aac0eefab5fb04c760b43a53489c176145a6dc4ac2", "64eb2a2a555c87b8c081e98dd9bcc6f9bba87ac41f29770eb9bb5c1b16b4485e", "79dd9d68695ac2b81c4c45dff1bfece72543e55436b49a57a8aad0b11cd79e7b", "252a25e1adffe4f0458a34133a3a283258ab5b0e33e341ed66fd221b93f21215", "8da0cba69f36e57b1ec89d9485edc72b58e7912767c422791d83410dd8c1dfb9", "a7112b7c3ad24a2e23388f05d640c30d9ef92ecfdf2c870f554623f297cfe9ff", "8d56b340cac8fdf640565cfe1a767a1ec9c40fd9bc20aeb33c7d2903ee612235", "46215f5401da97df51bef50822598f09ff32ddeb1f7e0294f27f3c58dcfe2356", "69eac3c62a2d29ebbb4839f1b65fd3ee98042afbcc92afa750d46f7528bfae60", "b7836e20bc9631ace0f26deb0cc5c50515f94640b02149745661f5cba8cbffca", "85037ccf4776021c3b7d4803b18dc9435eeb0cb032c9409b580effd33db45e08", "b49f11f35af41c45c6d7a700485bb8bc638f8f74c2a6c8f35fe5dfb3a3c3fcb0", "b1c64080fa8a33025ecb6e5774bf7e31d087df3cf38ca93de732a6915c14e34c", "7a6d1a8de7a364659d5af20eae4199fe4541a21bfdb7171e01bb03ed562f640e", "021d7666d16dd5083ce4a0eb886f0ea16ac79edf334094233bf32cb93332963d", "ab60c61cfa92cbfe6eae4dd3bf43f3148e94989ee1efdbe1e1fc2a34b5dc2cf4", "8fe5a320488cbf6569bde928113c066395901e2a3c7fc285db5edd1443c8e635", "491b70e562b9b69d164e57ea99127bdd82437eabe0efcf27c59cbe715b5e2e07", "1e26af9bdc05dcfdbf6626f1deb7cd8851ddead22c6e94e1ca39190e61bbc0fe", "85265f3b356aa631e4bd47e5978dc5e30ca590f368958d673f10ed5b5fc3e3fc"], "mitre_attack_tags": ["TA0005", "T1562"]}, {"bi": "windows-speech-api", "hashes": ["99ca82326950462e277e73f6c276cd52ec86e277ef7fe26df52cc441cfc23d36", "6d4c281bbe47a629a26beb8fb2153eb45d72168e593456c84a14118f1bde0dc5", "01511c6ad7d6da2e5081db34c45aea2d6c2d157440d1e1f4fadb5cc3cff86f60", "410a019072ab938487ea98d0a518251ba0bfed924ebeb782bb571664b06e1da9", "23d6c1ece3a1ee85060b57e3faa3a6c2025381d91dbb478c0b853bad35314a38", "86dbb841c5ad0120b910f3aac0eefab5fb04c760b43a53489c176145a6dc4ac2", "64eb2a2a555c87b8c081e98dd9bcc6f9bba87ac41f29770eb9bb5c1b16b4485e", "79dd9d68695ac2b81c4c45dff1bfece72543e55436b49a57a8aad0b11cd79e7b", "252a25e1adffe4f0458a34133a3a283258ab5b0e33e341ed66fd221b93f21215", "8da0cba69f36e57b1ec89d9485edc72b58e7912767c422791d83410dd8c1dfb9", "a7112b7c3ad24a2e23388f05d640c30d9ef92ecfdf2c870f554623f297cfe9ff", "8d56b340cac8fdf640565cfe1a767a1ec9c40fd9bc20aeb33c7d2903ee612235", "46215f5401da97df51bef50822598f09ff32ddeb1f7e0294f27f3c58dcfe2356", "69eac3c62a2d29ebbb4839f1b65fd3ee98042afbcc92afa750d46f7528bfae60", "b7836e20bc9631ace0f26deb0cc5c50515f94640b02149745661f5cba8cbffca", "85037ccf4776021c3b7d4803b18dc9435eeb0cb032c9409b580effd33db45e08", "b49f11f35af41c45c6d7a700485bb8bc638f8f74c2a6c8f35fe5dfb3a3c3fcb0", "b1c64080fa8a33025ecb6e5774bf7e31d087df3cf38ca93de732a6915c14e34c", "7a6d1a8de7a364659d5af20eae4199fe4541a21bfdb7171e01bb03ed562f640e", "021d7666d16dd5083ce4a0eb886f0ea16ac79edf334094233bf32cb93332963d", "ab60c61cfa92cbfe6eae4dd3bf43f3148e94989ee1efdbe1e1fc2a34b5dc2cf4", "8fe5a320488cbf6569bde928113c066395901e2a3c7fc285db5edd1443c8e635", "491b70e562b9b69d164e57ea99127bdd82437eabe0efcf27c59cbe715b5e2e07", "1e26af9bdc05dcfdbf6626f1deb7cd8851ddead22c6e94e1ca39190e61bbc0fe", "85265f3b356aa631e4bd47e5978dc5e30ca590f368958d673f10ed5b5fc3e3fc"], "mitre_attack_tags": ["TA0040", "T1491"]}, {"bi": "pdf-password-protected", "hashes": ["99ca82326950462e277e73f6c276cd52ec86e277ef7fe26df52cc441cfc23d36", "6d4c281bbe47a629a26beb8fb2153eb45d72168e593456c84a14118f1bde0dc5", "01511c6ad7d6da2e5081db34c45aea2d6c2d157440d1e1f4fadb5cc3cff86f60", "410a019072ab938487ea98d0a518251ba0bfed924ebeb782bb571664b06e1da9", "23d6c1ece3a1ee85060b57e3faa3a6c2025381d91dbb478c0b853bad35314a38", "86dbb841c5ad0120b910f3aac0eefab5fb04c760b43a53489c176145a6dc4ac2", "64eb2a2a555c87b8c081e98dd9bcc6f9bba87ac41f29770eb9bb5c1b16b4485e", "79dd9d68695ac2b81c4c45dff1bfece72543e55436b49a57a8aad0b11cd79e7b", "252a25e1adffe4f0458a34133a3a283258ab5b0e33e341ed66fd221b93f21215", "8da0cba69f36e57b1ec89d9485edc72b58e7912767c422791d83410dd8c1dfb9", "a7112b7c3ad24a2e23388f05d640c30d9ef92ecfdf2c870f554623f297cfe9ff", "8d56b340cac8fdf640565cfe1a767a1ec9c40fd9bc20aeb33c7d2903ee612235", "46215f5401da97df51bef50822598f09ff32ddeb1f7e0294f27f3c58dcfe2356", "69eac3c62a2d29ebbb4839f1b65fd3ee98042afbcc92afa750d46f7528bfae60", "b7836e20bc9631ace0f26deb0cc5c50515f94640b02149745661f5cba8cbffca", "85037ccf4776021c3b7d4803b18dc9435eeb0cb032c9409b580effd33db45e08", "b49f11f35af41c45c6d7a700485bb8bc638f8f74c2a6c8f35fe5dfb3a3c3fcb0", "b1c64080fa8a33025ecb6e5774bf7e31d087df3cf38ca93de732a6915c14e34c", "7a6d1a8de7a364659d5af20eae4199fe4541a21bfdb7171e01bb03ed562f640e", "021d7666d16dd5083ce4a0eb886f0ea16ac79edf334094233bf32cb93332963d", "ab60c61cfa92cbfe6eae4dd3bf43f3148e94989ee1efdbe1e1fc2a34b5dc2cf4", "8fe5a320488cbf6569bde928113c066395901e2a3c7fc285db5edd1443c8e635", "491b70e562b9b69d164e57ea99127bdd82437eabe0efcf27c59cbe715b5e2e07", "1e26af9bdc05dcfdbf6626f1deb7cd8851ddead22c6e94e1ca39190e61bbc0fe", "85265f3b356aa631e4bd47e5978dc5e30ca590f368958d673f10ed5b5fc3e3fc"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "process-deletes-many-files", "hashes": ["99ca82326950462e277e73f6c276cd52ec86e277ef7fe26df52cc441cfc23d36", "6d4c281bbe47a629a26beb8fb2153eb45d72168e593456c84a14118f1bde0dc5", "01511c6ad7d6da2e5081db34c45aea2d6c2d157440d1e1f4fadb5cc3cff86f60", "410a019072ab938487ea98d0a518251ba0bfed924ebeb782bb571664b06e1da9", "23d6c1ece3a1ee85060b57e3faa3a6c2025381d91dbb478c0b853bad35314a38", "86dbb841c5ad0120b910f3aac0eefab5fb04c760b43a53489c176145a6dc4ac2", "64eb2a2a555c87b8c081e98dd9bcc6f9bba87ac41f29770eb9bb5c1b16b4485e", "79dd9d68695ac2b81c4c45dff1bfece72543e55436b49a57a8aad0b11cd79e7b", "252a25e1adffe4f0458a34133a3a283258ab5b0e33e341ed66fd221b93f21215", "8da0cba69f36e57b1ec89d9485edc72b58e7912767c422791d83410dd8c1dfb9", "a7112b7c3ad24a2e23388f05d640c30d9ef92ecfdf2c870f554623f297cfe9ff", "8d56b340cac8fdf640565cfe1a767a1ec9c40fd9bc20aeb33c7d2903ee612235", "46215f5401da97df51bef50822598f09ff32ddeb1f7e0294f27f3c58dcfe2356", "69eac3c62a2d29ebbb4839f1b65fd3ee98042afbcc92afa750d46f7528bfae60", "b7836e20bc9631ace0f26deb0cc5c50515f94640b02149745661f5cba8cbffca", "85037ccf4776021c3b7d4803b18dc9435eeb0cb032c9409b580effd33db45e08", "b49f11f35af41c45c6d7a700485bb8bc638f8f74c2a6c8f35fe5dfb3a3c3fcb0", "b1c64080fa8a33025ecb6e5774bf7e31d087df3cf38ca93de732a6915c14e34c", "7a6d1a8de7a364659d5af20eae4199fe4541a21bfdb7171e01bb03ed562f640e", "021d7666d16dd5083ce4a0eb886f0ea16ac79edf334094233bf32cb93332963d", "ab60c61cfa92cbfe6eae4dd3bf43f3148e94989ee1efdbe1e1fc2a34b5dc2cf4", "8fe5a320488cbf6569bde928113c066395901e2a3c7fc285db5edd1443c8e635", "491b70e562b9b69d164e57ea99127bdd82437eabe0efcf27c59cbe715b5e2e07", "1e26af9bdc05dcfdbf6626f1deb7cd8851ddead22c6e94e1ca39190e61bbc0fe", "85265f3b356aa631e4bd47e5978dc5e30ca590f368958d673f10ed5b5fc3e3fc"], "mitre_attack_tags": []}, {"bi": "malware-generic-infostealer", "hashes": ["99ca82326950462e277e73f6c276cd52ec86e277ef7fe26df52cc441cfc23d36", "6d4c281bbe47a629a26beb8fb2153eb45d72168e593456c84a14118f1bde0dc5", "01511c6ad7d6da2e5081db34c45aea2d6c2d157440d1e1f4fadb5cc3cff86f60", "410a019072ab938487ea98d0a518251ba0bfed924ebeb782bb571664b06e1da9", "23d6c1ece3a1ee85060b57e3faa3a6c2025381d91dbb478c0b853bad35314a38", "86dbb841c5ad0120b910f3aac0eefab5fb04c760b43a53489c176145a6dc4ac2", "64eb2a2a555c87b8c081e98dd9bcc6f9bba87ac41f29770eb9bb5c1b16b4485e", "79dd9d68695ac2b81c4c45dff1bfece72543e55436b49a57a8aad0b11cd79e7b", "252a25e1adffe4f0458a34133a3a283258ab5b0e33e341ed66fd221b93f21215", "8da0cba69f36e57b1ec89d9485edc72b58e7912767c422791d83410dd8c1dfb9", "a7112b7c3ad24a2e23388f05d640c30d9ef92ecfdf2c870f554623f297cfe9ff", "8d56b340cac8fdf640565cfe1a767a1ec9c40fd9bc20aeb33c7d2903ee612235", "46215f5401da97df51bef50822598f09ff32ddeb1f7e0294f27f3c58dcfe2356", "69eac3c62a2d29ebbb4839f1b65fd3ee98042afbcc92afa750d46f7528bfae60", "b7836e20bc9631ace0f26deb0cc5c50515f94640b02149745661f5cba8cbffca", "85037ccf4776021c3b7d4803b18dc9435eeb0cb032c9409b580effd33db45e08", "b49f11f35af41c45c6d7a700485bb8bc638f8f74c2a6c8f35fe5dfb3a3c3fcb0", "b1c64080fa8a33025ecb6e5774bf7e31d087df3cf38ca93de732a6915c14e34c", "7a6d1a8de7a364659d5af20eae4199fe4541a21bfdb7171e01bb03ed562f640e", "021d7666d16dd5083ce4a0eb886f0ea16ac79edf334094233bf32cb93332963d", "ab60c61cfa92cbfe6eae4dd3bf43f3148e94989ee1efdbe1e1fc2a34b5dc2cf4", "8fe5a320488cbf6569bde928113c066395901e2a3c7fc285db5edd1443c8e635", "491b70e562b9b69d164e57ea99127bdd82437eabe0efcf27c59cbe715b5e2e07", "1e26af9bdc05dcfdbf6626f1deb7cd8851ddead22c6e94e1ca39190e61bbc0fe", "85265f3b356aa631e4bd47e5978dc5e30ca590f368958d673f10ed5b5fc3e3fc"], "mitre_attack_tags": ["TA0007", "TA0009", "TA0006", "T1083", "T1005", "T1119", "T1552"]}, {"bi": "enumeration-cryptocurrency-information", "hashes": ["99ca82326950462e277e73f6c276cd52ec86e277ef7fe26df52cc441cfc23d36", "6d4c281bbe47a629a26beb8fb2153eb45d72168e593456c84a14118f1bde0dc5", "01511c6ad7d6da2e5081db34c45aea2d6c2d157440d1e1f4fadb5cc3cff86f60", "410a019072ab938487ea98d0a518251ba0bfed924ebeb782bb571664b06e1da9", "23d6c1ece3a1ee85060b57e3faa3a6c2025381d91dbb478c0b853bad35314a38", "86dbb841c5ad0120b910f3aac0eefab5fb04c760b43a53489c176145a6dc4ac2", "64eb2a2a555c87b8c081e98dd9bcc6f9bba87ac41f29770eb9bb5c1b16b4485e", "79dd9d68695ac2b81c4c45dff1bfece72543e55436b49a57a8aad0b11cd79e7b", "252a25e1adffe4f0458a34133a3a283258ab5b0e33e341ed66fd221b93f21215", "8da0cba69f36e57b1ec89d9485edc72b58e7912767c422791d83410dd8c1dfb9", "a7112b7c3ad24a2e23388f05d640c30d9ef92ecfdf2c870f554623f297cfe9ff", "8d56b340cac8fdf640565cfe1a767a1ec9c40fd9bc20aeb33c7d2903ee612235", "46215f5401da97df51bef50822598f09ff32ddeb1f7e0294f27f3c58dcfe2356", "69eac3c62a2d29ebbb4839f1b65fd3ee98042afbcc92afa750d46f7528bfae60", "b7836e20bc9631ace0f26deb0cc5c50515f94640b02149745661f5cba8cbffca", "85037ccf4776021c3b7d4803b18dc9435eeb0cb032c9409b580effd33db45e08", "b49f11f35af41c45c6d7a700485bb8bc638f8f74c2a6c8f35fe5dfb3a3c3fcb0", "b1c64080fa8a33025ecb6e5774bf7e31d087df3cf38ca93de732a6915c14e34c", "7a6d1a8de7a364659d5af20eae4199fe4541a21bfdb7171e01bb03ed562f640e", "021d7666d16dd5083ce4a0eb886f0ea16ac79edf334094233bf32cb93332963d", "ab60c61cfa92cbfe6eae4dd3bf43f3148e94989ee1efdbe1e1fc2a34b5dc2cf4", "8fe5a320488cbf6569bde928113c066395901e2a3c7fc285db5edd1443c8e635", "491b70e562b9b69d164e57ea99127bdd82437eabe0efcf27c59cbe715b5e2e07", "1e26af9bdc05dcfdbf6626f1deb7cd8851ddead22c6e94e1ca39190e61bbc0fe", "85265f3b356aa631e4bd47e5978dc5e30ca590f368958d673f10ed5b5fc3e3fc"], "mitre_attack_tags": ["TA0007", "TA0009", "TA0006", "T1083", "T1005", "T1119", "T1552"]}, {"bi": "enumeration-email-program-information", "hashes": ["99ca82326950462e277e73f6c276cd52ec86e277ef7fe26df52cc441cfc23d36", "6d4c281bbe47a629a26beb8fb2153eb45d72168e593456c84a14118f1bde0dc5", "01511c6ad7d6da2e5081db34c45aea2d6c2d157440d1e1f4fadb5cc3cff86f60", "410a019072ab938487ea98d0a518251ba0bfed924ebeb782bb571664b06e1da9", "23d6c1ece3a1ee85060b57e3faa3a6c2025381d91dbb478c0b853bad35314a38", "86dbb841c5ad0120b910f3aac0eefab5fb04c760b43a53489c176145a6dc4ac2", "64eb2a2a555c87b8c081e98dd9bcc6f9bba87ac41f29770eb9bb5c1b16b4485e", "79dd9d68695ac2b81c4c45dff1bfece72543e55436b49a57a8aad0b11cd79e7b", "252a25e1adffe4f0458a34133a3a283258ab5b0e33e341ed66fd221b93f21215", "8da0cba69f36e57b1ec89d9485edc72b58e7912767c422791d83410dd8c1dfb9", "a7112b7c3ad24a2e23388f05d640c30d9ef92ecfdf2c870f554623f297cfe9ff", "8d56b340cac8fdf640565cfe1a767a1ec9c40fd9bc20aeb33c7d2903ee612235", "46215f5401da97df51bef50822598f09ff32ddeb1f7e0294f27f3c58dcfe2356", "69eac3c62a2d29ebbb4839f1b65fd3ee98042afbcc92afa750d46f7528bfae60", "b7836e20bc9631ace0f26deb0cc5c50515f94640b02149745661f5cba8cbffca", "85037ccf4776021c3b7d4803b18dc9435eeb0cb032c9409b580effd33db45e08", "b49f11f35af41c45c6d7a700485bb8bc638f8f74c2a6c8f35fe5dfb3a3c3fcb0", "b1c64080fa8a33025ecb6e5774bf7e31d087df3cf38ca93de732a6915c14e34c", "7a6d1a8de7a364659d5af20eae4199fe4541a21bfdb7171e01bb03ed562f640e", "021d7666d16dd5083ce4a0eb886f0ea16ac79edf334094233bf32cb93332963d", "ab60c61cfa92cbfe6eae4dd3bf43f3148e94989ee1efdbe1e1fc2a34b5dc2cf4", "8fe5a320488cbf6569bde928113c066395901e2a3c7fc285db5edd1443c8e635", "491b70e562b9b69d164e57ea99127bdd82437eabe0efcf27c59cbe715b5e2e07", "1e26af9bdc05dcfdbf6626f1deb7cd8851ddead22c6e94e1ca39190e61bbc0fe", "85265f3b356aa631e4bd47e5978dc5e30ca590f368958d673f10ed5b5fc3e3fc"], "mitre_attack_tags": ["TA0007", "TA0009", "TA0006", "T1083", "T1087", "T1005", "T1119", "T1114", "T1552"]}, {"bi": "rtf-appended-data", "hashes": ["99ca82326950462e277e73f6c276cd52ec86e277ef7fe26df52cc441cfc23d36", "6d4c281bbe47a629a26beb8fb2153eb45d72168e593456c84a14118f1bde0dc5", "01511c6ad7d6da2e5081db34c45aea2d6c2d157440d1e1f4fadb5cc3cff86f60", "410a019072ab938487ea98d0a518251ba0bfed924ebeb782bb571664b06e1da9", "23d6c1ece3a1ee85060b57e3faa3a6c2025381d91dbb478c0b853bad35314a38", "86dbb841c5ad0120b910f3aac0eefab5fb04c760b43a53489c176145a6dc4ac2", "64eb2a2a555c87b8c081e98dd9bcc6f9bba87ac41f29770eb9bb5c1b16b4485e", "79dd9d68695ac2b81c4c45dff1bfece72543e55436b49a57a8aad0b11cd79e7b", "252a25e1adffe4f0458a34133a3a283258ab5b0e33e341ed66fd221b93f21215", "8da0cba69f36e57b1ec89d9485edc72b58e7912767c422791d83410dd8c1dfb9", "a7112b7c3ad24a2e23388f05d640c30d9ef92ecfdf2c870f554623f297cfe9ff", "8d56b340cac8fdf640565cfe1a767a1ec9c40fd9bc20aeb33c7d2903ee612235", "46215f5401da97df51bef50822598f09ff32ddeb1f7e0294f27f3c58dcfe2356", "69eac3c62a2d29ebbb4839f1b65fd3ee98042afbcc92afa750d46f7528bfae60", "b7836e20bc9631ace0f26deb0cc5c50515f94640b02149745661f5cba8cbffca", "85037ccf4776021c3b7d4803b18dc9435eeb0cb032c9409b580effd33db45e08", "b49f11f35af41c45c6d7a700485bb8bc638f8f74c2a6c8f35fe5dfb3a3c3fcb0", "b1c64080fa8a33025ecb6e5774bf7e31d087df3cf38ca93de732a6915c14e34c", "7a6d1a8de7a364659d5af20eae4199fe4541a21bfdb7171e01bb03ed562f640e", "021d7666d16dd5083ce4a0eb886f0ea16ac79edf334094233bf32cb93332963d", "ab60c61cfa92cbfe6eae4dd3bf43f3148e94989ee1efdbe1e1fc2a34b5dc2cf4", "8fe5a320488cbf6569bde928113c066395901e2a3c7fc285db5edd1443c8e635", "491b70e562b9b69d164e57ea99127bdd82437eabe0efcf27c59cbe715b5e2e07", "1e26af9bdc05dcfdbf6626f1deb7cd8851ddead22c6e94e1ca39190e61bbc0fe", "85265f3b356aa631e4bd47e5978dc5e30ca590f368958d673f10ed5b5fc3e3fc"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "rtf-high-entropy", "hashes": ["99ca82326950462e277e73f6c276cd52ec86e277ef7fe26df52cc441cfc23d36", "6d4c281bbe47a629a26beb8fb2153eb45d72168e593456c84a14118f1bde0dc5", "01511c6ad7d6da2e5081db34c45aea2d6c2d157440d1e1f4fadb5cc3cff86f60", "410a019072ab938487ea98d0a518251ba0bfed924ebeb782bb571664b06e1da9", "23d6c1ece3a1ee85060b57e3faa3a6c2025381d91dbb478c0b853bad35314a38", "86dbb841c5ad0120b910f3aac0eefab5fb04c760b43a53489c176145a6dc4ac2", "64eb2a2a555c87b8c081e98dd9bcc6f9bba87ac41f29770eb9bb5c1b16b4485e", "79dd9d68695ac2b81c4c45dff1bfece72543e55436b49a57a8aad0b11cd79e7b", "252a25e1adffe4f0458a34133a3a283258ab5b0e33e341ed66fd221b93f21215", "8da0cba69f36e57b1ec89d9485edc72b58e7912767c422791d83410dd8c1dfb9", "a7112b7c3ad24a2e23388f05d640c30d9ef92ecfdf2c870f554623f297cfe9ff", "8d56b340cac8fdf640565cfe1a767a1ec9c40fd9bc20aeb33c7d2903ee612235", "46215f5401da97df51bef50822598f09ff32ddeb1f7e0294f27f3c58dcfe2356", "69eac3c62a2d29ebbb4839f1b65fd3ee98042afbcc92afa750d46f7528bfae60", "b7836e20bc9631ace0f26deb0cc5c50515f94640b02149745661f5cba8cbffca", "85037ccf4776021c3b7d4803b18dc9435eeb0cb032c9409b580effd33db45e08", "b49f11f35af41c45c6d7a700485bb8bc638f8f74c2a6c8f35fe5dfb3a3c3fcb0", "b1c64080fa8a33025ecb6e5774bf7e31d087df3cf38ca93de732a6915c14e34c", "7a6d1a8de7a364659d5af20eae4199fe4541a21bfdb7171e01bb03ed562f640e", "021d7666d16dd5083ce4a0eb886f0ea16ac79edf334094233bf32cb93332963d", "ab60c61cfa92cbfe6eae4dd3bf43f3148e94989ee1efdbe1e1fc2a34b5dc2cf4", "8fe5a320488cbf6569bde928113c066395901e2a3c7fc285db5edd1443c8e635", "491b70e562b9b69d164e57ea99127bdd82437eabe0efcf27c59cbe715b5e2e07", "1e26af9bdc05dcfdbf6626f1deb7cd8851ddead22c6e94e1ca39190e61bbc0fe", "85265f3b356aa631e4bd47e5978dc5e30ca590f368958d673f10ed5b5fc3e3fc"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "enumeration-game-information", "hashes": ["99ca82326950462e277e73f6c276cd52ec86e277ef7fe26df52cc441cfc23d36", "6d4c281bbe47a629a26beb8fb2153eb45d72168e593456c84a14118f1bde0dc5", "01511c6ad7d6da2e5081db34c45aea2d6c2d157440d1e1f4fadb5cc3cff86f60", "410a019072ab938487ea98d0a518251ba0bfed924ebeb782bb571664b06e1da9", "23d6c1ece3a1ee85060b57e3faa3a6c2025381d91dbb478c0b853bad35314a38", "86dbb841c5ad0120b910f3aac0eefab5fb04c760b43a53489c176145a6dc4ac2", "64eb2a2a555c87b8c081e98dd9bcc6f9bba87ac41f29770eb9bb5c1b16b4485e", "79dd9d68695ac2b81c4c45dff1bfece72543e55436b49a57a8aad0b11cd79e7b", "252a25e1adffe4f0458a34133a3a283258ab5b0e33e341ed66fd221b93f21215", "8da0cba69f36e57b1ec89d9485edc72b58e7912767c422791d83410dd8c1dfb9", "a7112b7c3ad24a2e23388f05d640c30d9ef92ecfdf2c870f554623f297cfe9ff", "8d56b340cac8fdf640565cfe1a767a1ec9c40fd9bc20aeb33c7d2903ee612235", "46215f5401da97df51bef50822598f09ff32ddeb1f7e0294f27f3c58dcfe2356", "69eac3c62a2d29ebbb4839f1b65fd3ee98042afbcc92afa750d46f7528bfae60", "b7836e20bc9631ace0f26deb0cc5c50515f94640b02149745661f5cba8cbffca", "85037ccf4776021c3b7d4803b18dc9435eeb0cb032c9409b580effd33db45e08", "b49f11f35af41c45c6d7a700485bb8bc638f8f74c2a6c8f35fe5dfb3a3c3fcb0", "b1c64080fa8a33025ecb6e5774bf7e31d087df3cf38ca93de732a6915c14e34c", "7a6d1a8de7a364659d5af20eae4199fe4541a21bfdb7171e01bb03ed562f640e", "021d7666d16dd5083ce4a0eb886f0ea16ac79edf334094233bf32cb93332963d", "ab60c61cfa92cbfe6eae4dd3bf43f3148e94989ee1efdbe1e1fc2a34b5dc2cf4", "8fe5a320488cbf6569bde928113c066395901e2a3c7fc285db5edd1443c8e635", "491b70e562b9b69d164e57ea99127bdd82437eabe0efcf27c59cbe715b5e2e07", "1e26af9bdc05dcfdbf6626f1deb7cd8851ddead22c6e94e1ca39190e61bbc0fe", "85265f3b356aa631e4bd47e5978dc5e30ca590f368958d673f10ed5b5fc3e3fc"], "mitre_attack_tags": ["TA0007", "TA0009", "TA0006", "T1083", "T1005", "T1119", "T1552", "T1555"]}, {"bi": "enumeration-sql-server-information", "hashes": ["99ca82326950462e277e73f6c276cd52ec86e277ef7fe26df52cc441cfc23d36", "6d4c281bbe47a629a26beb8fb2153eb45d72168e593456c84a14118f1bde0dc5", "01511c6ad7d6da2e5081db34c45aea2d6c2d157440d1e1f4fadb5cc3cff86f60", "410a019072ab938487ea98d0a518251ba0bfed924ebeb782bb571664b06e1da9", "23d6c1ece3a1ee85060b57e3faa3a6c2025381d91dbb478c0b853bad35314a38", "86dbb841c5ad0120b910f3aac0eefab5fb04c760b43a53489c176145a6dc4ac2", "64eb2a2a555c87b8c081e98dd9bcc6f9bba87ac41f29770eb9bb5c1b16b4485e", "79dd9d68695ac2b81c4c45dff1bfece72543e55436b49a57a8aad0b11cd79e7b", "252a25e1adffe4f0458a34133a3a283258ab5b0e33e341ed66fd221b93f21215", "8da0cba69f36e57b1ec89d9485edc72b58e7912767c422791d83410dd8c1dfb9", "a7112b7c3ad24a2e23388f05d640c30d9ef92ecfdf2c870f554623f297cfe9ff", "8d56b340cac8fdf640565cfe1a767a1ec9c40fd9bc20aeb33c7d2903ee612235", "46215f5401da97df51bef50822598f09ff32ddeb1f7e0294f27f3c58dcfe2356", "69eac3c62a2d29ebbb4839f1b65fd3ee98042afbcc92afa750d46f7528bfae60", "b7836e20bc9631ace0f26deb0cc5c50515f94640b02149745661f5cba8cbffca", "85037ccf4776021c3b7d4803b18dc9435eeb0cb032c9409b580effd33db45e08", "b49f11f35af41c45c6d7a700485bb8bc638f8f74c2a6c8f35fe5dfb3a3c3fcb0", "b1c64080fa8a33025ecb6e5774bf7e31d087df3cf38ca93de732a6915c14e34c", "7a6d1a8de7a364659d5af20eae4199fe4541a21bfdb7171e01bb03ed562f640e", "021d7666d16dd5083ce4a0eb886f0ea16ac79edf334094233bf32cb93332963d", "ab60c61cfa92cbfe6eae4dd3bf43f3148e94989ee1efdbe1e1fc2a34b5dc2cf4", "8fe5a320488cbf6569bde928113c066395901e2a3c7fc285db5edd1443c8e635", "491b70e562b9b69d164e57ea99127bdd82437eabe0efcf27c59cbe715b5e2e07", "1e26af9bdc05dcfdbf6626f1deb7cd8851ddead22c6e94e1ca39190e61bbc0fe", "85265f3b356aa631e4bd47e5978dc5e30ca590f368958d673f10ed5b5fc3e3fc"], "mitre_attack_tags": ["TA0007", "T1082"]}, {"bi": "randomly-named-files", "hashes": ["99ca82326950462e277e73f6c276cd52ec86e277ef7fe26df52cc441cfc23d36", "6d4c281bbe47a629a26beb8fb2153eb45d72168e593456c84a14118f1bde0dc5", "01511c6ad7d6da2e5081db34c45aea2d6c2d157440d1e1f4fadb5cc3cff86f60", "410a019072ab938487ea98d0a518251ba0bfed924ebeb782bb571664b06e1da9", "23d6c1ece3a1ee85060b57e3faa3a6c2025381d91dbb478c0b853bad35314a38", "86dbb841c5ad0120b910f3aac0eefab5fb04c760b43a53489c176145a6dc4ac2", "64eb2a2a555c87b8c081e98dd9bcc6f9bba87ac41f29770eb9bb5c1b16b4485e", "79dd9d68695ac2b81c4c45dff1bfece72543e55436b49a57a8aad0b11cd79e7b", "252a25e1adffe4f0458a34133a3a283258ab5b0e33e341ed66fd221b93f21215", "8da0cba69f36e57b1ec89d9485edc72b58e7912767c422791d83410dd8c1dfb9", "a7112b7c3ad24a2e23388f05d640c30d9ef92ecfdf2c870f554623f297cfe9ff", "8d56b340cac8fdf640565cfe1a767a1ec9c40fd9bc20aeb33c7d2903ee612235", "46215f5401da97df51bef50822598f09ff32ddeb1f7e0294f27f3c58dcfe2356", "69eac3c62a2d29ebbb4839f1b65fd3ee98042afbcc92afa750d46f7528bfae60", "b7836e20bc9631ace0f26deb0cc5c50515f94640b02149745661f5cba8cbffca", "85037ccf4776021c3b7d4803b18dc9435eeb0cb032c9409b580effd33db45e08", "b49f11f35af41c45c6d7a700485bb8bc638f8f74c2a6c8f35fe5dfb3a3c3fcb0", "b1c64080fa8a33025ecb6e5774bf7e31d087df3cf38ca93de732a6915c14e34c", "021d7666d16dd5083ce4a0eb886f0ea16ac79edf334094233bf32cb93332963d", "ab60c61cfa92cbfe6eae4dd3bf43f3148e94989ee1efdbe1e1fc2a34b5dc2cf4", "8fe5a320488cbf6569bde928113c066395901e2a3c7fc285db5edd1443c8e635", "491b70e562b9b69d164e57ea99127bdd82437eabe0efcf27c59cbe715b5e2e07", "1e26af9bdc05dcfdbf6626f1deb7cd8851ddead22c6e94e1ca39190e61bbc0fe", "85265f3b356aa631e4bd47e5978dc5e30ca590f368958d673f10ed5b5fc3e3fc"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "network-snort-protocol", "hashes": ["6d4c281bbe47a629a26beb8fb2153eb45d72168e593456c84a14118f1bde0dc5", "01511c6ad7d6da2e5081db34c45aea2d6c2d157440d1e1f4fadb5cc3cff86f60", "410a019072ab938487ea98d0a518251ba0bfed924ebeb782bb571664b06e1da9", "23d6c1ece3a1ee85060b57e3faa3a6c2025381d91dbb478c0b853bad35314a38", "79dd9d68695ac2b81c4c45dff1bfece72543e55436b49a57a8aad0b11cd79e7b", "8da0cba69f36e57b1ec89d9485edc72b58e7912767c422791d83410dd8c1dfb9", "a7112b7c3ad24a2e23388f05d640c30d9ef92ecfdf2c870f554623f297cfe9ff", "8d56b340cac8fdf640565cfe1a767a1ec9c40fd9bc20aeb33c7d2903ee612235", "46215f5401da97df51bef50822598f09ff32ddeb1f7e0294f27f3c58dcfe2356", "69eac3c62a2d29ebbb4839f1b65fd3ee98042afbcc92afa750d46f7528bfae60", "85037ccf4776021c3b7d4803b18dc9435eeb0cb032c9409b580effd33db45e08", "b49f11f35af41c45c6d7a700485bb8bc638f8f74c2a6c8f35fe5dfb3a3c3fcb0", "b1c64080fa8a33025ecb6e5774bf7e31d087df3cf38ca93de732a6915c14e34c", "021d7666d16dd5083ce4a0eb886f0ea16ac79edf334094233bf32cb93332963d", "85265f3b356aa631e4bd47e5978dc5e30ca590f368958d673f10ed5b5fc3e3fc"], "mitre_attack_tags": []}, {"bi": "network-file-downloaded-to-disk", "hashes": ["6d4c281bbe47a629a26beb8fb2153eb45d72168e593456c84a14118f1bde0dc5", "01511c6ad7d6da2e5081db34c45aea2d6c2d157440d1e1f4fadb5cc3cff86f60", "410a019072ab938487ea98d0a518251ba0bfed924ebeb782bb571664b06e1da9", "23d6c1ece3a1ee85060b57e3faa3a6c2025381d91dbb478c0b853bad35314a38", "79dd9d68695ac2b81c4c45dff1bfece72543e55436b49a57a8aad0b11cd79e7b", "8da0cba69f36e57b1ec89d9485edc72b58e7912767c422791d83410dd8c1dfb9", "a7112b7c3ad24a2e23388f05d640c30d9ef92ecfdf2c870f554623f297cfe9ff", "8d56b340cac8fdf640565cfe1a767a1ec9c40fd9bc20aeb33c7d2903ee612235", "46215f5401da97df51bef50822598f09ff32ddeb1f7e0294f27f3c58dcfe2356", "69eac3c62a2d29ebbb4839f1b65fd3ee98042afbcc92afa750d46f7528bfae60", "85037ccf4776021c3b7d4803b18dc9435eeb0cb032c9409b580effd33db45e08", "b49f11f35af41c45c6d7a700485bb8bc638f8f74c2a6c8f35fe5dfb3a3c3fcb0", "b1c64080fa8a33025ecb6e5774bf7e31d087df3cf38ca93de732a6915c14e34c", "021d7666d16dd5083ce4a0eb886f0ea16ac79edf334094233bf32cb93332963d", "85265f3b356aa631e4bd47e5978dc5e30ca590f368958d673f10ed5b5fc3e3fc"], "mitre_attack_tags": []}, {"bi": "network-snort-indicator-compromise", "hashes": ["6d4c281bbe47a629a26beb8fb2153eb45d72168e593456c84a14118f1bde0dc5", "01511c6ad7d6da2e5081db34c45aea2d6c2d157440d1e1f4fadb5cc3cff86f60", "410a019072ab938487ea98d0a518251ba0bfed924ebeb782bb571664b06e1da9", "23d6c1ece3a1ee85060b57e3faa3a6c2025381d91dbb478c0b853bad35314a38", "79dd9d68695ac2b81c4c45dff1bfece72543e55436b49a57a8aad0b11cd79e7b", "8da0cba69f36e57b1ec89d9485edc72b58e7912767c422791d83410dd8c1dfb9", "a7112b7c3ad24a2e23388f05d640c30d9ef92ecfdf2c870f554623f297cfe9ff", "8d56b340cac8fdf640565cfe1a767a1ec9c40fd9bc20aeb33c7d2903ee612235", "46215f5401da97df51bef50822598f09ff32ddeb1f7e0294f27f3c58dcfe2356", "69eac3c62a2d29ebbb4839f1b65fd3ee98042afbcc92afa750d46f7528bfae60", "85037ccf4776021c3b7d4803b18dc9435eeb0cb032c9409b580effd33db45e08", "b49f11f35af41c45c6d7a700485bb8bc638f8f74c2a6c8f35fe5dfb3a3c3fcb0", "b1c64080fa8a33025ecb6e5774bf7e31d087df3cf38ca93de732a6915c14e34c", "021d7666d16dd5083ce4a0eb886f0ea16ac79edf334094233bf32cb93332963d", "85265f3b356aa631e4bd47e5978dc5e30ca590f368958d673f10ed5b5fc3e3fc"], "mitre_attack_tags": []}, {"bi": "netbios-query", "hashes": ["99ca82326950462e277e73f6c276cd52ec86e277ef7fe26df52cc441cfc23d36", "86dbb841c5ad0120b910f3aac0eefab5fb04c760b43a53489c176145a6dc4ac2", "64eb2a2a555c87b8c081e98dd9bcc6f9bba87ac41f29770eb9bb5c1b16b4485e", "252a25e1adffe4f0458a34133a3a283258ab5b0e33e341ed66fd221b93f21215", "b7836e20bc9631ace0f26deb0cc5c50515f94640b02149745661f5cba8cbffca", "7a6d1a8de7a364659d5af20eae4199fe4541a21bfdb7171e01bb03ed562f640e", "ab60c61cfa92cbfe6eae4dd3bf43f3148e94989ee1efdbe1e1fc2a34b5dc2cf4", "8fe5a320488cbf6569bde928113c066395901e2a3c7fc285db5edd1443c8e635", "491b70e562b9b69d164e57ea99127bdd82437eabe0efcf27c59cbe715b5e2e07", "1e26af9bdc05dcfdbf6626f1deb7cd8851ddead22c6e94e1ca39190e61bbc0fe"], "mitre_attack_tags": ["TA0007", "T1016"]}, {"bi": "http-response-client-error", "hashes": ["99ca82326950462e277e73f6c276cd52ec86e277ef7fe26df52cc441cfc23d36", "86dbb841c5ad0120b910f3aac0eefab5fb04c760b43a53489c176145a6dc4ac2", "64eb2a2a555c87b8c081e98dd9bcc6f9bba87ac41f29770eb9bb5c1b16b4485e", "252a25e1adffe4f0458a34133a3a283258ab5b0e33e341ed66fd221b93f21215", "b7836e20bc9631ace0f26deb0cc5c50515f94640b02149745661f5cba8cbffca", "7a6d1a8de7a364659d5af20eae4199fe4541a21bfdb7171e01bb03ed562f640e", "ab60c61cfa92cbfe6eae4dd3bf43f3148e94989ee1efdbe1e1fc2a34b5dc2cf4", "8fe5a320488cbf6569bde928113c066395901e2a3c7fc285db5edd1443c8e635", "491b70e562b9b69d164e57ea99127bdd82437eabe0efcf27c59cbe715b5e2e07", "1e26af9bdc05dcfdbf6626f1deb7cd8851ddead22c6e94e1ca39190e61bbc0fe"], "mitre_attack_tags": []}, {"bi": "network-fast-flux-nameserver", "hashes": ["6d4c281bbe47a629a26beb8fb2153eb45d72168e593456c84a14118f1bde0dc5", "410a019072ab938487ea98d0a518251ba0bfed924ebeb782bb571664b06e1da9", "8d56b340cac8fdf640565cfe1a767a1ec9c40fd9bc20aeb33c7d2903ee612235"], "mitre_attack_tags": []}], "category": "Ransomware", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": true, "Threat Grid": true, "Umbrella": false, "WSA": false}, "description": "Cerber is ransomware that encrypts documents, photos, databases and other important files. Historically, this malware would replace files with encrypted versions and add the file extension \".cerber,\" although in more recent campaigns, other file extensions are used.", "hashes": ["01511c6ad7d6da2e5081db34c45aea2d6c2d157440d1e1f4fadb5cc3cff86f60", "021d7666d16dd5083ce4a0eb886f0ea16ac79edf334094233bf32cb93332963d", "1e26af9bdc05dcfdbf6626f1deb7cd8851ddead22c6e94e1ca39190e61bbc0fe", "23d6c1ece3a1ee85060b57e3faa3a6c2025381d91dbb478c0b853bad35314a38", "252a25e1adffe4f0458a34133a3a283258ab5b0e33e341ed66fd221b93f21215", "410a019072ab938487ea98d0a518251ba0bfed924ebeb782bb571664b06e1da9", "46215f5401da97df51bef50822598f09ff32ddeb1f7e0294f27f3c58dcfe2356", "491b70e562b9b69d164e57ea99127bdd82437eabe0efcf27c59cbe715b5e2e07", "64eb2a2a555c87b8c081e98dd9bcc6f9bba87ac41f29770eb9bb5c1b16b4485e", "69eac3c62a2d29ebbb4839f1b65fd3ee98042afbcc92afa750d46f7528bfae60", "6d4c281bbe47a629a26beb8fb2153eb45d72168e593456c84a14118f1bde0dc5", "79dd9d68695ac2b81c4c45dff1bfece72543e55436b49a57a8aad0b11cd79e7b", "7a6d1a8de7a364659d5af20eae4199fe4541a21bfdb7171e01bb03ed562f640e", "85037ccf4776021c3b7d4803b18dc9435eeb0cb032c9409b580effd33db45e08", "85265f3b356aa631e4bd47e5978dc5e30ca590f368958d673f10ed5b5fc3e3fc", "86dbb841c5ad0120b910f3aac0eefab5fb04c760b43a53489c176145a6dc4ac2", "8d56b340cac8fdf640565cfe1a767a1ec9c40fd9bc20aeb33c7d2903ee612235", "8da0cba69f36e57b1ec89d9485edc72b58e7912767c422791d83410dd8c1dfb9", "8fe5a320488cbf6569bde928113c066395901e2a3c7fc285db5edd1443c8e635", "99ca82326950462e277e73f6c276cd52ec86e277ef7fe26df52cc441cfc23d36", "a7112b7c3ad24a2e23388f05d640c30d9ef92ecfdf2c870f554623f297cfe9ff", "ab60c61cfa92cbfe6eae4dd3bf43f3148e94989ee1efdbe1e1fc2a34b5dc2cf4", "b1c64080fa8a33025ecb6e5774bf7e31d087df3cf38ca93de732a6915c14e34c", "b49f11f35af41c45c6d7a700485bb8bc638f8f74c2a6c8f35fe5dfb3a3c3fcb0", "b7836e20bc9631ace0f26deb0cc5c50515f94640b02149745661f5cba8cbffca", "bb8256f0e13e52b7a19caa00bc08266f4d0aa47be8b15ee675577b2fc636ea1f", "c487e1e21b70214a8d0bd059e377f1c139e754e670befbf9cf0c5685c1215b91", "c4f9f8b2dc3139cb75731a4add0baebfe1e02e7b8f41f567debabf2fb90584d4", "c787897d89967918b630037b4ef62fa571d86b2ee8872e2f9226db72f71dbca7", "d14587f3efbe076a84a253af3b9fa975bf52c37d72d7227dfeef1623f54201e3", "d263bd6a5941f3507f77305a4faeb8b5010f8e9363c875f69d395de53dbf8187", "d4f4b5eab86c90be01fb3edbe5a3983f03f08120d507631bf164a82466d25a02", "e300085d890bd9bfb8cce1345d308813fed50b668897bcf678387f636704d927", "e6cc2eed3dcc4445de90d043002a8041b93f8b14850442d8c3f4eb896e433fc1", "f0eb6d12cddec87105103792290c63008740e692f4f73bc7f66431f0c2fa9f1f", "f460224a053ad88bec043dd3de386fa8480584ff64e56395e310d1e54ff8242a"], "iocs": {"domain": [{"hashes": ["01511c6ad7d6da2e5081db34c45aea2d6c2d157440d1e1f4fadb5cc3cff86f60", "021d7666d16dd5083ce4a0eb886f0ea16ac79edf334094233bf32cb93332963d", "1e26af9bdc05dcfdbf6626f1deb7cd8851ddead22c6e94e1ca39190e61bbc0fe", "23d6c1ece3a1ee85060b57e3faa3a6c2025381d91dbb478c0b853bad35314a38", "252a25e1adffe4f0458a34133a3a283258ab5b0e33e341ed66fd221b93f21215", "410a019072ab938487ea98d0a518251ba0bfed924ebeb782bb571664b06e1da9", "46215f5401da97df51bef50822598f09ff32ddeb1f7e0294f27f3c58dcfe2356", "491b70e562b9b69d164e57ea99127bdd82437eabe0efcf27c59cbe715b5e2e07", "64eb2a2a555c87b8c081e98dd9bcc6f9bba87ac41f29770eb9bb5c1b16b4485e", "69eac3c62a2d29ebbb4839f1b65fd3ee98042afbcc92afa750d46f7528bfae60", "6d4c281bbe47a629a26beb8fb2153eb45d72168e593456c84a14118f1bde0dc5", "79dd9d68695ac2b81c4c45dff1bfece72543e55436b49a57a8aad0b11cd79e7b", "7a6d1a8de7a364659d5af20eae4199fe4541a21bfdb7171e01bb03ed562f640e", "85037ccf4776021c3b7d4803b18dc9435eeb0cb032c9409b580effd33db45e08", "85265f3b356aa631e4bd47e5978dc5e30ca590f368958d673f10ed5b5fc3e3fc", "86dbb841c5ad0120b910f3aac0eefab5fb04c760b43a53489c176145a6dc4ac2", "8d56b340cac8fdf640565cfe1a767a1ec9c40fd9bc20aeb33c7d2903ee612235", "8da0cba69f36e57b1ec89d9485edc72b58e7912767c422791d83410dd8c1dfb9", "8fe5a320488cbf6569bde928113c066395901e2a3c7fc285db5edd1443c8e635", "99ca82326950462e277e73f6c276cd52ec86e277ef7fe26df52cc441cfc23d36", "a7112b7c3ad24a2e23388f05d640c30d9ef92ecfdf2c870f554623f297cfe9ff", "ab60c61cfa92cbfe6eae4dd3bf43f3148e94989ee1efdbe1e1fc2a34b5dc2cf4", "b1c64080fa8a33025ecb6e5774bf7e31d087df3cf38ca93de732a6915c14e34c", "b49f11f35af41c45c6d7a700485bb8bc638f8f74c2a6c8f35fe5dfb3a3c3fcb0", "b7836e20bc9631ace0f26deb0cc5c50515f94640b02149745661f5cba8cbffca"], "host": "api[.]blockcypher[.]com"}, {"hashes": ["01511c6ad7d6da2e5081db34c45aea2d6c2d157440d1e1f4fadb5cc3cff86f60", "021d7666d16dd5083ce4a0eb886f0ea16ac79edf334094233bf32cb93332963d", "23d6c1ece3a1ee85060b57e3faa3a6c2025381d91dbb478c0b853bad35314a38", "410a019072ab938487ea98d0a518251ba0bfed924ebeb782bb571664b06e1da9", "46215f5401da97df51bef50822598f09ff32ddeb1f7e0294f27f3c58dcfe2356", "69eac3c62a2d29ebbb4839f1b65fd3ee98042afbcc92afa750d46f7528bfae60", "6d4c281bbe47a629a26beb8fb2153eb45d72168e593456c84a14118f1bde0dc5", "79dd9d68695ac2b81c4c45dff1bfece72543e55436b49a57a8aad0b11cd79e7b", "85037ccf4776021c3b7d4803b18dc9435eeb0cb032c9409b580effd33db45e08", "85265f3b356aa631e4bd47e5978dc5e30ca590f368958d673f10ed5b5fc3e3fc", "8d56b340cac8fdf640565cfe1a767a1ec9c40fd9bc20aeb33c7d2903ee612235", "8da0cba69f36e57b1ec89d9485edc72b58e7912767c422791d83410dd8c1dfb9", "a7112b7c3ad24a2e23388f05d640c30d9ef92ecfdf2c870f554623f297cfe9ff", "b1c64080fa8a33025ecb6e5774bf7e31d087df3cf38ca93de732a6915c14e34c", "b49f11f35af41c45c6d7a700485bb8bc638f8f74c2a6c8f35fe5dfb3a3c3fcb0"], "host": "hjhqmbxyinislkkt[.]1j9r76[.]top"}, {"hashes": ["1e26af9bdc05dcfdbf6626f1deb7cd8851ddead22c6e94e1ca39190e61bbc0fe", "252a25e1adffe4f0458a34133a3a283258ab5b0e33e341ed66fd221b93f21215", "491b70e562b9b69d164e57ea99127bdd82437eabe0efcf27c59cbe715b5e2e07", "64eb2a2a555c87b8c081e98dd9bcc6f9bba87ac41f29770eb9bb5c1b16b4485e", "7a6d1a8de7a364659d5af20eae4199fe4541a21bfdb7171e01bb03ed562f640e", "86dbb841c5ad0120b910f3aac0eefab5fb04c760b43a53489c176145a6dc4ac2", "8fe5a320488cbf6569bde928113c066395901e2a3c7fc285db5edd1443c8e635", "99ca82326950462e277e73f6c276cd52ec86e277ef7fe26df52cc441cfc23d36", "ab60c61cfa92cbfe6eae4dd3bf43f3148e94989ee1efdbe1e1fc2a34b5dc2cf4", "b7836e20bc9631ace0f26deb0cc5c50515f94640b02149745661f5cba8cbffca"], "host": "bitaps[.]com"}, {"hashes": ["1e26af9bdc05dcfdbf6626f1deb7cd8851ddead22c6e94e1ca39190e61bbc0fe", "252a25e1adffe4f0458a34133a3a283258ab5b0e33e341ed66fd221b93f21215", "491b70e562b9b69d164e57ea99127bdd82437eabe0efcf27c59cbe715b5e2e07", "64eb2a2a555c87b8c081e98dd9bcc6f9bba87ac41f29770eb9bb5c1b16b4485e", "7a6d1a8de7a364659d5af20eae4199fe4541a21bfdb7171e01bb03ed562f640e", "86dbb841c5ad0120b910f3aac0eefab5fb04c760b43a53489c176145a6dc4ac2", "8fe5a320488cbf6569bde928113c066395901e2a3c7fc285db5edd1443c8e635", "99ca82326950462e277e73f6c276cd52ec86e277ef7fe26df52cc441cfc23d36", "ab60c61cfa92cbfe6eae4dd3bf43f3148e94989ee1efdbe1e1fc2a34b5dc2cf4", "b7836e20bc9631ace0f26deb0cc5c50515f94640b02149745661f5cba8cbffca"], "host": "chain[.]so"}, {"hashes": ["1e26af9bdc05dcfdbf6626f1deb7cd8851ddead22c6e94e1ca39190e61bbc0fe", "252a25e1adffe4f0458a34133a3a283258ab5b0e33e341ed66fd221b93f21215", "491b70e562b9b69d164e57ea99127bdd82437eabe0efcf27c59cbe715b5e2e07", "64eb2a2a555c87b8c081e98dd9bcc6f9bba87ac41f29770eb9bb5c1b16b4485e", "7a6d1a8de7a364659d5af20eae4199fe4541a21bfdb7171e01bb03ed562f640e", "86dbb841c5ad0120b910f3aac0eefab5fb04c760b43a53489c176145a6dc4ac2", "8fe5a320488cbf6569bde928113c066395901e2a3c7fc285db5edd1443c8e635", "99ca82326950462e277e73f6c276cd52ec86e277ef7fe26df52cc441cfc23d36", "ab60c61cfa92cbfe6eae4dd3bf43f3148e94989ee1efdbe1e1fc2a34b5dc2cf4", "b7836e20bc9631ace0f26deb0cc5c50515f94640b02149745661f5cba8cbffca"], "host": "btc[.]blockr[.]io"}], "file": [{"hashes": ["01511c6ad7d6da2e5081db34c45aea2d6c2d157440d1e1f4fadb5cc3cff86f60", "021d7666d16dd5083ce4a0eb886f0ea16ac79edf334094233bf32cb93332963d", "1e26af9bdc05dcfdbf6626f1deb7cd8851ddead22c6e94e1ca39190e61bbc0fe", "23d6c1ece3a1ee85060b57e3faa3a6c2025381d91dbb478c0b853bad35314a38", "252a25e1adffe4f0458a34133a3a283258ab5b0e33e341ed66fd221b93f21215", "410a019072ab938487ea98d0a518251ba0bfed924ebeb782bb571664b06e1da9", "46215f5401da97df51bef50822598f09ff32ddeb1f7e0294f27f3c58dcfe2356", "491b70e562b9b69d164e57ea99127bdd82437eabe0efcf27c59cbe715b5e2e07", "64eb2a2a555c87b8c081e98dd9bcc6f9bba87ac41f29770eb9bb5c1b16b4485e", "69eac3c62a2d29ebbb4839f1b65fd3ee98042afbcc92afa750d46f7528bfae60", "6d4c281bbe47a629a26beb8fb2153eb45d72168e593456c84a14118f1bde0dc5", "79dd9d68695ac2b81c4c45dff1bfece72543e55436b49a57a8aad0b11cd79e7b", "7a6d1a8de7a364659d5af20eae4199fe4541a21bfdb7171e01bb03ed562f640e", "85037ccf4776021c3b7d4803b18dc9435eeb0cb032c9409b580effd33db45e08", "85265f3b356aa631e4bd47e5978dc5e30ca590f368958d673f10ed5b5fc3e3fc", "86dbb841c5ad0120b910f3aac0eefab5fb04c760b43a53489c176145a6dc4ac2", "8d56b340cac8fdf640565cfe1a767a1ec9c40fd9bc20aeb33c7d2903ee612235", "8da0cba69f36e57b1ec89d9485edc72b58e7912767c422791d83410dd8c1dfb9", "8fe5a320488cbf6569bde928113c066395901e2a3c7fc285db5edd1443c8e635", "99ca82326950462e277e73f6c276cd52ec86e277ef7fe26df52cc441cfc23d36", "a7112b7c3ad24a2e23388f05d640c30d9ef92ecfdf2c870f554623f297cfe9ff", "ab60c61cfa92cbfe6eae4dd3bf43f3148e94989ee1efdbe1e1fc2a34b5dc2cf4", "b1c64080fa8a33025ecb6e5774bf7e31d087df3cf38ca93de732a6915c14e34c", "b49f11f35af41c45c6d7a700485bb8bc638f8f74c2a6c8f35fe5dfb3a3c3fcb0", "b7836e20bc9631ace0f26deb0cc5c50515f94640b02149745661f5cba8cbffca"], "path": "%TEMP%\\d19ab989"}, {"hashes": ["01511c6ad7d6da2e5081db34c45aea2d6c2d157440d1e1f4fadb5cc3cff86f60", "021d7666d16dd5083ce4a0eb886f0ea16ac79edf334094233bf32cb93332963d", "1e26af9bdc05dcfdbf6626f1deb7cd8851ddead22c6e94e1ca39190e61bbc0fe", "23d6c1ece3a1ee85060b57e3faa3a6c2025381d91dbb478c0b853bad35314a38", "252a25e1adffe4f0458a34133a3a283258ab5b0e33e341ed66fd221b93f21215", "410a019072ab938487ea98d0a518251ba0bfed924ebeb782bb571664b06e1da9", "46215f5401da97df51bef50822598f09ff32ddeb1f7e0294f27f3c58dcfe2356", "491b70e562b9b69d164e57ea99127bdd82437eabe0efcf27c59cbe715b5e2e07", "64eb2a2a555c87b8c081e98dd9bcc6f9bba87ac41f29770eb9bb5c1b16b4485e", "69eac3c62a2d29ebbb4839f1b65fd3ee98042afbcc92afa750d46f7528bfae60", "6d4c281bbe47a629a26beb8fb2153eb45d72168e593456c84a14118f1bde0dc5", "79dd9d68695ac2b81c4c45dff1bfece72543e55436b49a57a8aad0b11cd79e7b", "7a6d1a8de7a364659d5af20eae4199fe4541a21bfdb7171e01bb03ed562f640e", "85037ccf4776021c3b7d4803b18dc9435eeb0cb032c9409b580effd33db45e08", "85265f3b356aa631e4bd47e5978dc5e30ca590f368958d673f10ed5b5fc3e3fc", "86dbb841c5ad0120b910f3aac0eefab5fb04c760b43a53489c176145a6dc4ac2", "8d56b340cac8fdf640565cfe1a767a1ec9c40fd9bc20aeb33c7d2903ee612235", "8da0cba69f36e57b1ec89d9485edc72b58e7912767c422791d83410dd8c1dfb9", "8fe5a320488cbf6569bde928113c066395901e2a3c7fc285db5edd1443c8e635", "99ca82326950462e277e73f6c276cd52ec86e277ef7fe26df52cc441cfc23d36", "a7112b7c3ad24a2e23388f05d640c30d9ef92ecfdf2c870f554623f297cfe9ff", "ab60c61cfa92cbfe6eae4dd3bf43f3148e94989ee1efdbe1e1fc2a34b5dc2cf4", "b1c64080fa8a33025ecb6e5774bf7e31d087df3cf38ca93de732a6915c14e34c", "b49f11f35af41c45c6d7a700485bb8bc638f8f74c2a6c8f35fe5dfb3a3c3fcb0", "b7836e20bc9631ace0f26deb0cc5c50515f94640b02149745661f5cba8cbffca"], "path": "%TEMP%\\d19ab989\\4710.tmp"}, {"hashes": ["01511c6ad7d6da2e5081db34c45aea2d6c2d157440d1e1f4fadb5cc3cff86f60", "021d7666d16dd5083ce4a0eb886f0ea16ac79edf334094233bf32cb93332963d", "1e26af9bdc05dcfdbf6626f1deb7cd8851ddead22c6e94e1ca39190e61bbc0fe", "23d6c1ece3a1ee85060b57e3faa3a6c2025381d91dbb478c0b853bad35314a38", "252a25e1adffe4f0458a34133a3a283258ab5b0e33e341ed66fd221b93f21215", "410a019072ab938487ea98d0a518251ba0bfed924ebeb782bb571664b06e1da9", "46215f5401da97df51bef50822598f09ff32ddeb1f7e0294f27f3c58dcfe2356", "491b70e562b9b69d164e57ea99127bdd82437eabe0efcf27c59cbe715b5e2e07", "64eb2a2a555c87b8c081e98dd9bcc6f9bba87ac41f29770eb9bb5c1b16b4485e", "69eac3c62a2d29ebbb4839f1b65fd3ee98042afbcc92afa750d46f7528bfae60", "6d4c281bbe47a629a26beb8fb2153eb45d72168e593456c84a14118f1bde0dc5", "79dd9d68695ac2b81c4c45dff1bfece72543e55436b49a57a8aad0b11cd79e7b", "7a6d1a8de7a364659d5af20eae4199fe4541a21bfdb7171e01bb03ed562f640e", "85037ccf4776021c3b7d4803b18dc9435eeb0cb032c9409b580effd33db45e08", "85265f3b356aa631e4bd47e5978dc5e30ca590f368958d673f10ed5b5fc3e3fc", "86dbb841c5ad0120b910f3aac0eefab5fb04c760b43a53489c176145a6dc4ac2", "8d56b340cac8fdf640565cfe1a767a1ec9c40fd9bc20aeb33c7d2903ee612235", "8da0cba69f36e57b1ec89d9485edc72b58e7912767c422791d83410dd8c1dfb9", "8fe5a320488cbf6569bde928113c066395901e2a3c7fc285db5edd1443c8e635", "99ca82326950462e277e73f6c276cd52ec86e277ef7fe26df52cc441cfc23d36", "a7112b7c3ad24a2e23388f05d640c30d9ef92ecfdf2c870f554623f297cfe9ff", "ab60c61cfa92cbfe6eae4dd3bf43f3148e94989ee1efdbe1e1fc2a34b5dc2cf4", "b1c64080fa8a33025ecb6e5774bf7e31d087df3cf38ca93de732a6915c14e34c", "b49f11f35af41c45c6d7a700485bb8bc638f8f74c2a6c8f35fe5dfb3a3c3fcb0", "b7836e20bc9631ace0f26deb0cc5c50515f94640b02149745661f5cba8cbffca"], "path": "%TEMP%\\d19ab989\\a35f.tmp"}, {"hashes": ["01511c6ad7d6da2e5081db34c45aea2d6c2d157440d1e1f4fadb5cc3cff86f60", "021d7666d16dd5083ce4a0eb886f0ea16ac79edf334094233bf32cb93332963d", "1e26af9bdc05dcfdbf6626f1deb7cd8851ddead22c6e94e1ca39190e61bbc0fe", "23d6c1ece3a1ee85060b57e3faa3a6c2025381d91dbb478c0b853bad35314a38", "252a25e1adffe4f0458a34133a3a283258ab5b0e33e341ed66fd221b93f21215", "410a019072ab938487ea98d0a518251ba0bfed924ebeb782bb571664b06e1da9", "46215f5401da97df51bef50822598f09ff32ddeb1f7e0294f27f3c58dcfe2356", "491b70e562b9b69d164e57ea99127bdd82437eabe0efcf27c59cbe715b5e2e07", "64eb2a2a555c87b8c081e98dd9bcc6f9bba87ac41f29770eb9bb5c1b16b4485e", "69eac3c62a2d29ebbb4839f1b65fd3ee98042afbcc92afa750d46f7528bfae60", "6d4c281bbe47a629a26beb8fb2153eb45d72168e593456c84a14118f1bde0dc5", "79dd9d68695ac2b81c4c45dff1bfece72543e55436b49a57a8aad0b11cd79e7b", "7a6d1a8de7a364659d5af20eae4199fe4541a21bfdb7171e01bb03ed562f640e", "85037ccf4776021c3b7d4803b18dc9435eeb0cb032c9409b580effd33db45e08", "85265f3b356aa631e4bd47e5978dc5e30ca590f368958d673f10ed5b5fc3e3fc", "86dbb841c5ad0120b910f3aac0eefab5fb04c760b43a53489c176145a6dc4ac2", "8d56b340cac8fdf640565cfe1a767a1ec9c40fd9bc20aeb33c7d2903ee612235", "8da0cba69f36e57b1ec89d9485edc72b58e7912767c422791d83410dd8c1dfb9", "8fe5a320488cbf6569bde928113c066395901e2a3c7fc285db5edd1443c8e635", "99ca82326950462e277e73f6c276cd52ec86e277ef7fe26df52cc441cfc23d36", "a7112b7c3ad24a2e23388f05d640c30d9ef92ecfdf2c870f554623f297cfe9ff", "ab60c61cfa92cbfe6eae4dd3bf43f3148e94989ee1efdbe1e1fc2a34b5dc2cf4", "b1c64080fa8a33025ecb6e5774bf7e31d087df3cf38ca93de732a6915c14e34c", "b49f11f35af41c45c6d7a700485bb8bc638f8f74c2a6c8f35fe5dfb3a3c3fcb0", "b7836e20bc9631ace0f26deb0cc5c50515f94640b02149745661f5cba8cbffca"], "path": "%LOCALAPPDATA%\\Microsoft\\Office\\Groove1\\System\\CSMIPC.dat"}, {"hashes": ["01511c6ad7d6da2e5081db34c45aea2d6c2d157440d1e1f4fadb5cc3cff86f60", "021d7666d16dd5083ce4a0eb886f0ea16ac79edf334094233bf32cb93332963d", "1e26af9bdc05dcfdbf6626f1deb7cd8851ddead22c6e94e1ca39190e61bbc0fe", "23d6c1ece3a1ee85060b57e3faa3a6c2025381d91dbb478c0b853bad35314a38", "252a25e1adffe4f0458a34133a3a283258ab5b0e33e341ed66fd221b93f21215", "410a019072ab938487ea98d0a518251ba0bfed924ebeb782bb571664b06e1da9", "46215f5401da97df51bef50822598f09ff32ddeb1f7e0294f27f3c58dcfe2356", "491b70e562b9b69d164e57ea99127bdd82437eabe0efcf27c59cbe715b5e2e07", "64eb2a2a555c87b8c081e98dd9bcc6f9bba87ac41f29770eb9bb5c1b16b4485e", "69eac3c62a2d29ebbb4839f1b65fd3ee98042afbcc92afa750d46f7528bfae60", "6d4c281bbe47a629a26beb8fb2153eb45d72168e593456c84a14118f1bde0dc5", "79dd9d68695ac2b81c4c45dff1bfece72543e55436b49a57a8aad0b11cd79e7b", "7a6d1a8de7a364659d5af20eae4199fe4541a21bfdb7171e01bb03ed562f640e", "85037ccf4776021c3b7d4803b18dc9435eeb0cb032c9409b580effd33db45e08", "85265f3b356aa631e4bd47e5978dc5e30ca590f368958d673f10ed5b5fc3e3fc", "86dbb841c5ad0120b910f3aac0eefab5fb04c760b43a53489c176145a6dc4ac2", "8d56b340cac8fdf640565cfe1a767a1ec9c40fd9bc20aeb33c7d2903ee612235", "8da0cba69f36e57b1ec89d9485edc72b58e7912767c422791d83410dd8c1dfb9", "8fe5a320488cbf6569bde928113c066395901e2a3c7fc285db5edd1443c8e635", "99ca82326950462e277e73f6c276cd52ec86e277ef7fe26df52cc441cfc23d36", "a7112b7c3ad24a2e23388f05d640c30d9ef92ecfdf2c870f554623f297cfe9ff", "ab60c61cfa92cbfe6eae4dd3bf43f3148e94989ee1efdbe1e1fc2a34b5dc2cf4", "b1c64080fa8a33025ecb6e5774bf7e31d087df3cf38ca93de732a6915c14e34c", "b49f11f35af41c45c6d7a700485bb8bc638f8f74c2a6c8f35fe5dfb3a3c3fcb0", "b7836e20bc9631ace0f26deb0cc5c50515f94640b02149745661f5cba8cbffca"], "path": "%TEMP%\\tmp<random, matching [A-F0-9]{1,4}>.tmp"}, {"hashes": ["01511c6ad7d6da2e5081db34c45aea2d6c2d157440d1e1f4fadb5cc3cff86f60", "021d7666d16dd5083ce4a0eb886f0ea16ac79edf334094233bf32cb93332963d", "1e26af9bdc05dcfdbf6626f1deb7cd8851ddead22c6e94e1ca39190e61bbc0fe", "23d6c1ece3a1ee85060b57e3faa3a6c2025381d91dbb478c0b853bad35314a38", "252a25e1adffe4f0458a34133a3a283258ab5b0e33e341ed66fd221b93f21215", "410a019072ab938487ea98d0a518251ba0bfed924ebeb782bb571664b06e1da9", "46215f5401da97df51bef50822598f09ff32ddeb1f7e0294f27f3c58dcfe2356", "491b70e562b9b69d164e57ea99127bdd82437eabe0efcf27c59cbe715b5e2e07", "64eb2a2a555c87b8c081e98dd9bcc6f9bba87ac41f29770eb9bb5c1b16b4485e", "69eac3c62a2d29ebbb4839f1b65fd3ee98042afbcc92afa750d46f7528bfae60", "6d4c281bbe47a629a26beb8fb2153eb45d72168e593456c84a14118f1bde0dc5", "79dd9d68695ac2b81c4c45dff1bfece72543e55436b49a57a8aad0b11cd79e7b", "7a6d1a8de7a364659d5af20eae4199fe4541a21bfdb7171e01bb03ed562f640e", "85037ccf4776021c3b7d4803b18dc9435eeb0cb032c9409b580effd33db45e08", "85265f3b356aa631e4bd47e5978dc5e30ca590f368958d673f10ed5b5fc3e3fc", "86dbb841c5ad0120b910f3aac0eefab5fb04c760b43a53489c176145a6dc4ac2", "8d56b340cac8fdf640565cfe1a767a1ec9c40fd9bc20aeb33c7d2903ee612235", "8da0cba69f36e57b1ec89d9485edc72b58e7912767c422791d83410dd8c1dfb9", "8fe5a320488cbf6569bde928113c066395901e2a3c7fc285db5edd1443c8e635", "99ca82326950462e277e73f6c276cd52ec86e277ef7fe26df52cc441cfc23d36", "a7112b7c3ad24a2e23388f05d640c30d9ef92ecfdf2c870f554623f297cfe9ff", "ab60c61cfa92cbfe6eae4dd3bf43f3148e94989ee1efdbe1e1fc2a34b5dc2cf4", "b1c64080fa8a33025ecb6e5774bf7e31d087df3cf38ca93de732a6915c14e34c", "b49f11f35af41c45c6d7a700485bb8bc638f8f74c2a6c8f35fe5dfb3a3c3fcb0", "b7836e20bc9631ace0f26deb0cc5c50515f94640b02149745661f5cba8cbffca"], "path": "%TEMP%\\tmp<random, matching [A-F0-9]{1,4}>.bmp"}, {"hashes": ["01511c6ad7d6da2e5081db34c45aea2d6c2d157440d1e1f4fadb5cc3cff86f60", "021d7666d16dd5083ce4a0eb886f0ea16ac79edf334094233bf32cb93332963d", "1e26af9bdc05dcfdbf6626f1deb7cd8851ddead22c6e94e1ca39190e61bbc0fe", "23d6c1ece3a1ee85060b57e3faa3a6c2025381d91dbb478c0b853bad35314a38", "252a25e1adffe4f0458a34133a3a283258ab5b0e33e341ed66fd221b93f21215", "410a019072ab938487ea98d0a518251ba0bfed924ebeb782bb571664b06e1da9", "46215f5401da97df51bef50822598f09ff32ddeb1f7e0294f27f3c58dcfe2356", "491b70e562b9b69d164e57ea99127bdd82437eabe0efcf27c59cbe715b5e2e07", "64eb2a2a555c87b8c081e98dd9bcc6f9bba87ac41f29770eb9bb5c1b16b4485e", "69eac3c62a2d29ebbb4839f1b65fd3ee98042afbcc92afa750d46f7528bfae60", "6d4c281bbe47a629a26beb8fb2153eb45d72168e593456c84a14118f1bde0dc5", "79dd9d68695ac2b81c4c45dff1bfece72543e55436b49a57a8aad0b11cd79e7b", "7a6d1a8de7a364659d5af20eae4199fe4541a21bfdb7171e01bb03ed562f640e", "85037ccf4776021c3b7d4803b18dc9435eeb0cb032c9409b580effd33db45e08", "85265f3b356aa631e4bd47e5978dc5e30ca590f368958d673f10ed5b5fc3e3fc", "86dbb841c5ad0120b910f3aac0eefab5fb04c760b43a53489c176145a6dc4ac2", "8d56b340cac8fdf640565cfe1a767a1ec9c40fd9bc20aeb33c7d2903ee612235", "8da0cba69f36e57b1ec89d9485edc72b58e7912767c422791d83410dd8c1dfb9", "8fe5a320488cbf6569bde928113c066395901e2a3c7fc285db5edd1443c8e635", "99ca82326950462e277e73f6c276cd52ec86e277ef7fe26df52cc441cfc23d36", "a7112b7c3ad24a2e23388f05d640c30d9ef92ecfdf2c870f554623f297cfe9ff", "ab60c61cfa92cbfe6eae4dd3bf43f3148e94989ee1efdbe1e1fc2a34b5dc2cf4", "b1c64080fa8a33025ecb6e5774bf7e31d087df3cf38ca93de732a6915c14e34c", "b49f11f35af41c45c6d7a700485bb8bc638f8f74c2a6c8f35fe5dfb3a3c3fcb0", "b7836e20bc9631ace0f26deb0cc5c50515f94640b02149745661f5cba8cbffca"], "path": "<dir>\\_READ_THIS_FILE_<random, matching [A-F0-9]{4,8}>_.hta"}, {"hashes": ["01511c6ad7d6da2e5081db34c45aea2d6c2d157440d1e1f4fadb5cc3cff86f60", "021d7666d16dd5083ce4a0eb886f0ea16ac79edf334094233bf32cb93332963d", "1e26af9bdc05dcfdbf6626f1deb7cd8851ddead22c6e94e1ca39190e61bbc0fe", "23d6c1ece3a1ee85060b57e3faa3a6c2025381d91dbb478c0b853bad35314a38", "252a25e1adffe4f0458a34133a3a283258ab5b0e33e341ed66fd221b93f21215", "410a019072ab938487ea98d0a518251ba0bfed924ebeb782bb571664b06e1da9", "46215f5401da97df51bef50822598f09ff32ddeb1f7e0294f27f3c58dcfe2356", "491b70e562b9b69d164e57ea99127bdd82437eabe0efcf27c59cbe715b5e2e07", "64eb2a2a555c87b8c081e98dd9bcc6f9bba87ac41f29770eb9bb5c1b16b4485e", "69eac3c62a2d29ebbb4839f1b65fd3ee98042afbcc92afa750d46f7528bfae60", "6d4c281bbe47a629a26beb8fb2153eb45d72168e593456c84a14118f1bde0dc5", "79dd9d68695ac2b81c4c45dff1bfece72543e55436b49a57a8aad0b11cd79e7b", "7a6d1a8de7a364659d5af20eae4199fe4541a21bfdb7171e01bb03ed562f640e", "85037ccf4776021c3b7d4803b18dc9435eeb0cb032c9409b580effd33db45e08", "85265f3b356aa631e4bd47e5978dc5e30ca590f368958d673f10ed5b5fc3e3fc", "86dbb841c5ad0120b910f3aac0eefab5fb04c760b43a53489c176145a6dc4ac2", "8d56b340cac8fdf640565cfe1a767a1ec9c40fd9bc20aeb33c7d2903ee612235", "8da0cba69f36e57b1ec89d9485edc72b58e7912767c422791d83410dd8c1dfb9", "8fe5a320488cbf6569bde928113c066395901e2a3c7fc285db5edd1443c8e635", "99ca82326950462e277e73f6c276cd52ec86e277ef7fe26df52cc441cfc23d36", "a7112b7c3ad24a2e23388f05d640c30d9ef92ecfdf2c870f554623f297cfe9ff", "ab60c61cfa92cbfe6eae4dd3bf43f3148e94989ee1efdbe1e1fc2a34b5dc2cf4", "b1c64080fa8a33025ecb6e5774bf7e31d087df3cf38ca93de732a6915c14e34c", "b49f11f35af41c45c6d7a700485bb8bc638f8f74c2a6c8f35fe5dfb3a3c3fcb0", "b7836e20bc9631ace0f26deb0cc5c50515f94640b02149745661f5cba8cbffca"], "path": "<dir>\\_READ_THIS_FILE_<random, matching [A-F0-9]{4,8}>_.txt"}, {"hashes": ["01511c6ad7d6da2e5081db34c45aea2d6c2d157440d1e1f4fadb5cc3cff86f60", "021d7666d16dd5083ce4a0eb886f0ea16ac79edf334094233bf32cb93332963d", "1e26af9bdc05dcfdbf6626f1deb7cd8851ddead22c6e94e1ca39190e61bbc0fe", "23d6c1ece3a1ee85060b57e3faa3a6c2025381d91dbb478c0b853bad35314a38", "252a25e1adffe4f0458a34133a3a283258ab5b0e33e341ed66fd221b93f21215", "410a019072ab938487ea98d0a518251ba0bfed924ebeb782bb571664b06e1da9", "46215f5401da97df51bef50822598f09ff32ddeb1f7e0294f27f3c58dcfe2356", "491b70e562b9b69d164e57ea99127bdd82437eabe0efcf27c59cbe715b5e2e07", "64eb2a2a555c87b8c081e98dd9bcc6f9bba87ac41f29770eb9bb5c1b16b4485e", "69eac3c62a2d29ebbb4839f1b65fd3ee98042afbcc92afa750d46f7528bfae60", "6d4c281bbe47a629a26beb8fb2153eb45d72168e593456c84a14118f1bde0dc5", "79dd9d68695ac2b81c4c45dff1bfece72543e55436b49a57a8aad0b11cd79e7b", "7a6d1a8de7a364659d5af20eae4199fe4541a21bfdb7171e01bb03ed562f640e", "85037ccf4776021c3b7d4803b18dc9435eeb0cb032c9409b580effd33db45e08", "85265f3b356aa631e4bd47e5978dc5e30ca590f368958d673f10ed5b5fc3e3fc", "86dbb841c5ad0120b910f3aac0eefab5fb04c760b43a53489c176145a6dc4ac2", "8d56b340cac8fdf640565cfe1a767a1ec9c40fd9bc20aeb33c7d2903ee612235", "8da0cba69f36e57b1ec89d9485edc72b58e7912767c422791d83410dd8c1dfb9", "8fe5a320488cbf6569bde928113c066395901e2a3c7fc285db5edd1443c8e635", "99ca82326950462e277e73f6c276cd52ec86e277ef7fe26df52cc441cfc23d36", "a7112b7c3ad24a2e23388f05d640c30d9ef92ecfdf2c870f554623f297cfe9ff", "ab60c61cfa92cbfe6eae4dd3bf43f3148e94989ee1efdbe1e1fc2a34b5dc2cf4", "b1c64080fa8a33025ecb6e5774bf7e31d087df3cf38ca93de732a6915c14e34c", "b49f11f35af41c45c6d7a700485bb8bc638f8f74c2a6c8f35fe5dfb3a3c3fcb0", "b7836e20bc9631ace0f26deb0cc5c50515f94640b02149745661f5cba8cbffca"], "path": "<dir>\\_READ_THIS_FILE_<random, matching [A-F0-9]{4,8}>_.jpeg"}], "ip": [{"hashes": ["01511c6ad7d6da2e5081db34c45aea2d6c2d157440d1e1f4fadb5cc3cff86f60", "021d7666d16dd5083ce4a0eb886f0ea16ac79edf334094233bf32cb93332963d", "1e26af9bdc05dcfdbf6626f1deb7cd8851ddead22c6e94e1ca39190e61bbc0fe", "23d6c1ece3a1ee85060b57e3faa3a6c2025381d91dbb478c0b853bad35314a38", "252a25e1adffe4f0458a34133a3a283258ab5b0e33e341ed66fd221b93f21215", "410a019072ab938487ea98d0a518251ba0bfed924ebeb782bb571664b06e1da9", "46215f5401da97df51bef50822598f09ff32ddeb1f7e0294f27f3c58dcfe2356", "491b70e562b9b69d164e57ea99127bdd82437eabe0efcf27c59cbe715b5e2e07", "64eb2a2a555c87b8c081e98dd9bcc6f9bba87ac41f29770eb9bb5c1b16b4485e", "69eac3c62a2d29ebbb4839f1b65fd3ee98042afbcc92afa750d46f7528bfae60", "6d4c281bbe47a629a26beb8fb2153eb45d72168e593456c84a14118f1bde0dc5", "79dd9d68695ac2b81c4c45dff1bfece72543e55436b49a57a8aad0b11cd79e7b", "7a6d1a8de7a364659d5af20eae4199fe4541a21bfdb7171e01bb03ed562f640e", "85037ccf4776021c3b7d4803b18dc9435eeb0cb032c9409b580effd33db45e08", "85265f3b356aa631e4bd47e5978dc5e30ca590f368958d673f10ed5b5fc3e3fc", "86dbb841c5ad0120b910f3aac0eefab5fb04c760b43a53489c176145a6dc4ac2", "8d56b340cac8fdf640565cfe1a767a1ec9c40fd9bc20aeb33c7d2903ee612235", "8da0cba69f36e57b1ec89d9485edc72b58e7912767c422791d83410dd8c1dfb9", "8fe5a320488cbf6569bde928113c066395901e2a3c7fc285db5edd1443c8e635", "99ca82326950462e277e73f6c276cd52ec86e277ef7fe26df52cc441cfc23d36", "a7112b7c3ad24a2e23388f05d640c30d9ef92ecfdf2c870f554623f297cfe9ff", "ab60c61cfa92cbfe6eae4dd3bf43f3148e94989ee1efdbe1e1fc2a34b5dc2cf4", "b1c64080fa8a33025ecb6e5774bf7e31d087df3cf38ca93de732a6915c14e34c", "b49f11f35af41c45c6d7a700485bb8bc638f8f74c2a6c8f35fe5dfb3a3c3fcb0", "b7836e20bc9631ace0f26deb0cc5c50515f94640b02149745661f5cba8cbffca"], "ip": "149[.]202[.]64[.]0/27"}, {"hashes": ["01511c6ad7d6da2e5081db34c45aea2d6c2d157440d1e1f4fadb5cc3cff86f60", "021d7666d16dd5083ce4a0eb886f0ea16ac79edf334094233bf32cb93332963d", "1e26af9bdc05dcfdbf6626f1deb7cd8851ddead22c6e94e1ca39190e61bbc0fe", "23d6c1ece3a1ee85060b57e3faa3a6c2025381d91dbb478c0b853bad35314a38", "252a25e1adffe4f0458a34133a3a283258ab5b0e33e341ed66fd221b93f21215", "410a019072ab938487ea98d0a518251ba0bfed924ebeb782bb571664b06e1da9", "46215f5401da97df51bef50822598f09ff32ddeb1f7e0294f27f3c58dcfe2356", "491b70e562b9b69d164e57ea99127bdd82437eabe0efcf27c59cbe715b5e2e07", "64eb2a2a555c87b8c081e98dd9bcc6f9bba87ac41f29770eb9bb5c1b16b4485e", "69eac3c62a2d29ebbb4839f1b65fd3ee98042afbcc92afa750d46f7528bfae60", "6d4c281bbe47a629a26beb8fb2153eb45d72168e593456c84a14118f1bde0dc5", "79dd9d68695ac2b81c4c45dff1bfece72543e55436b49a57a8aad0b11cd79e7b", "7a6d1a8de7a364659d5af20eae4199fe4541a21bfdb7171e01bb03ed562f640e", "85037ccf4776021c3b7d4803b18dc9435eeb0cb032c9409b580effd33db45e08", "85265f3b356aa631e4bd47e5978dc5e30ca590f368958d673f10ed5b5fc3e3fc", "86dbb841c5ad0120b910f3aac0eefab5fb04c760b43a53489c176145a6dc4ac2", "8d56b340cac8fdf640565cfe1a767a1ec9c40fd9bc20aeb33c7d2903ee612235", "8da0cba69f36e57b1ec89d9485edc72b58e7912767c422791d83410dd8c1dfb9", "8fe5a320488cbf6569bde928113c066395901e2a3c7fc285db5edd1443c8e635", "99ca82326950462e277e73f6c276cd52ec86e277ef7fe26df52cc441cfc23d36", "a7112b7c3ad24a2e23388f05d640c30d9ef92ecfdf2c870f554623f297cfe9ff", "ab60c61cfa92cbfe6eae4dd3bf43f3148e94989ee1efdbe1e1fc2a34b5dc2cf4", "b1c64080fa8a33025ecb6e5774bf7e31d087df3cf38ca93de732a6915c14e34c", "b49f11f35af41c45c6d7a700485bb8bc638f8f74c2a6c8f35fe5dfb3a3c3fcb0", "b7836e20bc9631ace0f26deb0cc5c50515f94640b02149745661f5cba8cbffca"], "ip": "149[.]202[.]122[.]0/27"}, {"hashes": ["01511c6ad7d6da2e5081db34c45aea2d6c2d157440d1e1f4fadb5cc3cff86f60", "021d7666d16dd5083ce4a0eb886f0ea16ac79edf334094233bf32cb93332963d", "1e26af9bdc05dcfdbf6626f1deb7cd8851ddead22c6e94e1ca39190e61bbc0fe", "23d6c1ece3a1ee85060b57e3faa3a6c2025381d91dbb478c0b853bad35314a38", "252a25e1adffe4f0458a34133a3a283258ab5b0e33e341ed66fd221b93f21215", "410a019072ab938487ea98d0a518251ba0bfed924ebeb782bb571664b06e1da9", "46215f5401da97df51bef50822598f09ff32ddeb1f7e0294f27f3c58dcfe2356", "491b70e562b9b69d164e57ea99127bdd82437eabe0efcf27c59cbe715b5e2e07", "64eb2a2a555c87b8c081e98dd9bcc6f9bba87ac41f29770eb9bb5c1b16b4485e", "69eac3c62a2d29ebbb4839f1b65fd3ee98042afbcc92afa750d46f7528bfae60", "6d4c281bbe47a629a26beb8fb2153eb45d72168e593456c84a14118f1bde0dc5", "79dd9d68695ac2b81c4c45dff1bfece72543e55436b49a57a8aad0b11cd79e7b", "7a6d1a8de7a364659d5af20eae4199fe4541a21bfdb7171e01bb03ed562f640e", "85037ccf4776021c3b7d4803b18dc9435eeb0cb032c9409b580effd33db45e08", "85265f3b356aa631e4bd47e5978dc5e30ca590f368958d673f10ed5b5fc3e3fc", "86dbb841c5ad0120b910f3aac0eefab5fb04c760b43a53489c176145a6dc4ac2", "8d56b340cac8fdf640565cfe1a767a1ec9c40fd9bc20aeb33c7d2903ee612235", "8da0cba69f36e57b1ec89d9485edc72b58e7912767c422791d83410dd8c1dfb9", "8fe5a320488cbf6569bde928113c066395901e2a3c7fc285db5edd1443c8e635", "99ca82326950462e277e73f6c276cd52ec86e277ef7fe26df52cc441cfc23d36", "a7112b7c3ad24a2e23388f05d640c30d9ef92ecfdf2c870f554623f297cfe9ff", "ab60c61cfa92cbfe6eae4dd3bf43f3148e94989ee1efdbe1e1fc2a34b5dc2cf4", "b1c64080fa8a33025ecb6e5774bf7e31d087df3cf38ca93de732a6915c14e34c", "b49f11f35af41c45c6d7a700485bb8bc638f8f74c2a6c8f35fe5dfb3a3c3fcb0", "b7836e20bc9631ace0f26deb0cc5c50515f94640b02149745661f5cba8cbffca"], "ip": "149[.]202[.]248[.]0/22"}, {"hashes": ["01511c6ad7d6da2e5081db34c45aea2d6c2d157440d1e1f4fadb5cc3cff86f60", "021d7666d16dd5083ce4a0eb886f0ea16ac79edf334094233bf32cb93332963d", "69eac3c62a2d29ebbb4839f1b65fd3ee98042afbcc92afa750d46f7528bfae60", "7a6d1a8de7a364659d5af20eae4199fe4541a21bfdb7171e01bb03ed562f640e", "85037ccf4776021c3b7d4803b18dc9435eeb0cb032c9409b580effd33db45e08", "85265f3b356aa631e4bd47e5978dc5e30ca590f368958d673f10ed5b5fc3e3fc", "86dbb841c5ad0120b910f3aac0eefab5fb04c760b43a53489c176145a6dc4ac2", "8da0cba69f36e57b1ec89d9485edc72b58e7912767c422791d83410dd8c1dfb9", "8fe5a320488cbf6569bde928113c066395901e2a3c7fc285db5edd1443c8e635", "ab60c61cfa92cbfe6eae4dd3bf43f3148e94989ee1efdbe1e1fc2a34b5dc2cf4", "b49f11f35af41c45c6d7a700485bb8bc638f8f74c2a6c8f35fe5dfb3a3c3fcb0"], "ip": "172[.]67[.]2[.]88"}, {"hashes": ["1e26af9bdc05dcfdbf6626f1deb7cd8851ddead22c6e94e1ca39190e61bbc0fe", "252a25e1adffe4f0458a34133a3a283258ab5b0e33e341ed66fd221b93f21215", "491b70e562b9b69d164e57ea99127bdd82437eabe0efcf27c59cbe715b5e2e07", "64eb2a2a555c87b8c081e98dd9bcc6f9bba87ac41f29770eb9bb5c1b16b4485e", "7a6d1a8de7a364659d5af20eae4199fe4541a21bfdb7171e01bb03ed562f640e", "86dbb841c5ad0120b910f3aac0eefab5fb04c760b43a53489c176145a6dc4ac2", "8fe5a320488cbf6569bde928113c066395901e2a3c7fc285db5edd1443c8e635", "99ca82326950462e277e73f6c276cd52ec86e277ef7fe26df52cc441cfc23d36", "ab60c61cfa92cbfe6eae4dd3bf43f3148e94989ee1efdbe1e1fc2a34b5dc2cf4", "b7836e20bc9631ace0f26deb0cc5c50515f94640b02149745661f5cba8cbffca"], "ip": "178[.]128[.]255[.]179"}, {"hashes": ["23d6c1ece3a1ee85060b57e3faa3a6c2025381d91dbb478c0b853bad35314a38", "252a25e1adffe4f0458a34133a3a283258ab5b0e33e341ed66fd221b93f21215", "46215f5401da97df51bef50822598f09ff32ddeb1f7e0294f27f3c58dcfe2356", "491b70e562b9b69d164e57ea99127bdd82437eabe0efcf27c59cbe715b5e2e07", "64eb2a2a555c87b8c081e98dd9bcc6f9bba87ac41f29770eb9bb5c1b16b4485e", "6d4c281bbe47a629a26beb8fb2153eb45d72168e593456c84a14118f1bde0dc5", "79dd9d68695ac2b81c4c45dff1bfece72543e55436b49a57a8aad0b11cd79e7b", "8d56b340cac8fdf640565cfe1a767a1ec9c40fd9bc20aeb33c7d2903ee612235"], "ip": "104[.]20[.]21[.]251"}, {"hashes": ["1e26af9bdc05dcfdbf6626f1deb7cd8851ddead22c6e94e1ca39190e61bbc0fe", "410a019072ab938487ea98d0a518251ba0bfed924ebeb782bb571664b06e1da9", "99ca82326950462e277e73f6c276cd52ec86e277ef7fe26df52cc441cfc23d36", "a7112b7c3ad24a2e23388f05d640c30d9ef92ecfdf2c870f554623f297cfe9ff", "b1c64080fa8a33025ecb6e5774bf7e31d087df3cf38ca93de732a6915c14e34c", "b7836e20bc9631ace0f26deb0cc5c50515f94640b02149745661f5cba8cbffca"], "ip": "104[.]20[.]20[.]251"}, {"hashes": ["491b70e562b9b69d164e57ea99127bdd82437eabe0efcf27c59cbe715b5e2e07", "64eb2a2a555c87b8c081e98dd9bcc6f9bba87ac41f29770eb9bb5c1b16b4485e", "7a6d1a8de7a364659d5af20eae4199fe4541a21bfdb7171e01bb03ed562f640e", "86dbb841c5ad0120b910f3aac0eefab5fb04c760b43a53489c176145a6dc4ac2", "99ca82326950462e277e73f6c276cd52ec86e277ef7fe26df52cc441cfc23d36", "b7836e20bc9631ace0f26deb0cc5c50515f94640b02149745661f5cba8cbffca"], "ip": "172[.]66[.]42[.]238"}, {"hashes": ["1e26af9bdc05dcfdbf6626f1deb7cd8851ddead22c6e94e1ca39190e61bbc0fe", "252a25e1adffe4f0458a34133a3a283258ab5b0e33e341ed66fd221b93f21215", "8fe5a320488cbf6569bde928113c066395901e2a3c7fc285db5edd1443c8e635", "ab60c61cfa92cbfe6eae4dd3bf43f3148e94989ee1efdbe1e1fc2a34b5dc2cf4"], "ip": "172[.]66[.]41[.]18"}], "mutex": [{"hashes": ["01511c6ad7d6da2e5081db34c45aea2d6c2d157440d1e1f4fadb5cc3cff86f60", "021d7666d16dd5083ce4a0eb886f0ea16ac79edf334094233bf32cb93332963d", "1e26af9bdc05dcfdbf6626f1deb7cd8851ddead22c6e94e1ca39190e61bbc0fe", "23d6c1ece3a1ee85060b57e3faa3a6c2025381d91dbb478c0b853bad35314a38", "252a25e1adffe4f0458a34133a3a283258ab5b0e33e341ed66fd221b93f21215", "410a019072ab938487ea98d0a518251ba0bfed924ebeb782bb571664b06e1da9", "46215f5401da97df51bef50822598f09ff32ddeb1f7e0294f27f3c58dcfe2356", "491b70e562b9b69d164e57ea99127bdd82437eabe0efcf27c59cbe715b5e2e07", "64eb2a2a555c87b8c081e98dd9bcc6f9bba87ac41f29770eb9bb5c1b16b4485e", "69eac3c62a2d29ebbb4839f1b65fd3ee98042afbcc92afa750d46f7528bfae60", "6d4c281bbe47a629a26beb8fb2153eb45d72168e593456c84a14118f1bde0dc5", "79dd9d68695ac2b81c4c45dff1bfece72543e55436b49a57a8aad0b11cd79e7b", "7a6d1a8de7a364659d5af20eae4199fe4541a21bfdb7171e01bb03ed562f640e", "85037ccf4776021c3b7d4803b18dc9435eeb0cb032c9409b580effd33db45e08", "85265f3b356aa631e4bd47e5978dc5e30ca590f368958d673f10ed5b5fc3e3fc", "86dbb841c5ad0120b910f3aac0eefab5fb04c760b43a53489c176145a6dc4ac2", "8d56b340cac8fdf640565cfe1a767a1ec9c40fd9bc20aeb33c7d2903ee612235", "8da0cba69f36e57b1ec89d9485edc72b58e7912767c422791d83410dd8c1dfb9", "8fe5a320488cbf6569bde928113c066395901e2a3c7fc285db5edd1443c8e635", "99ca82326950462e277e73f6c276cd52ec86e277ef7fe26df52cc441cfc23d36", "a7112b7c3ad24a2e23388f05d640c30d9ef92ecfdf2c870f554623f297cfe9ff", "ab60c61cfa92cbfe6eae4dd3bf43f3148e94989ee1efdbe1e1fc2a34b5dc2cf4", "b1c64080fa8a33025ecb6e5774bf7e31d087df3cf38ca93de732a6915c14e34c", "b49f11f35af41c45c6d7a700485bb8bc638f8f74c2a6c8f35fe5dfb3a3c3fcb0", "b7836e20bc9631ace0f26deb0cc5c50515f94640b02149745661f5cba8cbffca"], "name": "shell.{381828AA-8B28-3374-1B67-35680555C5EF}"}, {"hashes": ["01511c6ad7d6da2e5081db34c45aea2d6c2d157440d1e1f4fadb5cc3cff86f60", "021d7666d16dd5083ce4a0eb886f0ea16ac79edf334094233bf32cb93332963d", "1e26af9bdc05dcfdbf6626f1deb7cd8851ddead22c6e94e1ca39190e61bbc0fe", "23d6c1ece3a1ee85060b57e3faa3a6c2025381d91dbb478c0b853bad35314a38", "252a25e1adffe4f0458a34133a3a283258ab5b0e33e341ed66fd221b93f21215", "410a019072ab938487ea98d0a518251ba0bfed924ebeb782bb571664b06e1da9", "46215f5401da97df51bef50822598f09ff32ddeb1f7e0294f27f3c58dcfe2356", "491b70e562b9b69d164e57ea99127bdd82437eabe0efcf27c59cbe715b5e2e07", "64eb2a2a555c87b8c081e98dd9bcc6f9bba87ac41f29770eb9bb5c1b16b4485e", "69eac3c62a2d29ebbb4839f1b65fd3ee98042afbcc92afa750d46f7528bfae60", "6d4c281bbe47a629a26beb8fb2153eb45d72168e593456c84a14118f1bde0dc5", "79dd9d68695ac2b81c4c45dff1bfece72543e55436b49a57a8aad0b11cd79e7b", "7a6d1a8de7a364659d5af20eae4199fe4541a21bfdb7171e01bb03ed562f640e", "85037ccf4776021c3b7d4803b18dc9435eeb0cb032c9409b580effd33db45e08", "85265f3b356aa631e4bd47e5978dc5e30ca590f368958d673f10ed5b5fc3e3fc", "86dbb841c5ad0120b910f3aac0eefab5fb04c760b43a53489c176145a6dc4ac2", "8d56b340cac8fdf640565cfe1a767a1ec9c40fd9bc20aeb33c7d2903ee612235", "8da0cba69f36e57b1ec89d9485edc72b58e7912767c422791d83410dd8c1dfb9", "8fe5a320488cbf6569bde928113c066395901e2a3c7fc285db5edd1443c8e635", "99ca82326950462e277e73f6c276cd52ec86e277ef7fe26df52cc441cfc23d36", "a7112b7c3ad24a2e23388f05d640c30d9ef92ecfdf2c870f554623f297cfe9ff", "ab60c61cfa92cbfe6eae4dd3bf43f3148e94989ee1efdbe1e1fc2a34b5dc2cf4", "b1c64080fa8a33025ecb6e5774bf7e31d087df3cf38ca93de732a6915c14e34c", "b49f11f35af41c45c6d7a700485bb8bc638f8f74c2a6c8f35fe5dfb3a3c3fcb0", "b7836e20bc9631ace0f26deb0cc5c50515f94640b02149745661f5cba8cbffca"], "name": "fuuu"}], "registry": []}, "reports_count": 25}, "Win.Ransomware.Locky-9988336-0": {"bis": [{"bi": "pe-encrypted-section", "hashes": ["5feca7d20b950f2b4a4498ae29a0b4abcdaa38e8e4da4cf1dc2786683ec2526c", "cf2cc0ddb2bbf2abb601734eb15054f348de5645b2c192fbc8906bc4dffceb11", "f556cd21035c1a5790ee917894525c8b7f48463c03f862da09e435f7c193b223", "395f1d3b183d2f200dd4c17fc07730eefdbeff0e30074b45adf7ab9ac010baf4", "c01daa19a50388dffaafaff71046b71afc896082c187775e1d43937b3b5858e6", "30e8996a0f3b1ac41421482cda2a382729d335b4693a32667e6994b3157842ba", "91bd44f78e8049943ee0f1515d1de58e8823c6bbf65687cb0ba92f2202010efd", "9adf00c647589ae33d841040666e28987e5a88aaf1f08e20a33bfb0c89280380", "7a72cc00144801b4d6efcdb2dfc87152fbbf63b95b75207e164c174deb31a829", "ff0327525f5459163cd7b2a4795067e4fa74858c7bd0799909226239c96cdc5b", "1d42deb34a41e503493a62da4c0c1e1fbc1ccd69613bb4f2776160eeaeb5e203"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "memory-execute-readwrite", "hashes": ["5feca7d20b950f2b4a4498ae29a0b4abcdaa38e8e4da4cf1dc2786683ec2526c", "cf2cc0ddb2bbf2abb601734eb15054f348de5645b2c192fbc8906bc4dffceb11", "f556cd21035c1a5790ee917894525c8b7f48463c03f862da09e435f7c193b223", "395f1d3b183d2f200dd4c17fc07730eefdbeff0e30074b45adf7ab9ac010baf4", "c01daa19a50388dffaafaff71046b71afc896082c187775e1d43937b3b5858e6", "30e8996a0f3b1ac41421482cda2a382729d335b4693a32667e6994b3157842ba", "91bd44f78e8049943ee0f1515d1de58e8823c6bbf65687cb0ba92f2202010efd", "9adf00c647589ae33d841040666e28987e5a88aaf1f08e20a33bfb0c89280380", "7a72cc00144801b4d6efcdb2dfc87152fbbf63b95b75207e164c174deb31a829", "ff0327525f5459163cd7b2a4795067e4fa74858c7bd0799909226239c96cdc5b", "1d42deb34a41e503493a62da4c0c1e1fbc1ccd69613bb4f2776160eeaeb5e203"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["5feca7d20b950f2b4a4498ae29a0b4abcdaa38e8e4da4cf1dc2786683ec2526c", "cf2cc0ddb2bbf2abb601734eb15054f348de5645b2c192fbc8906bc4dffceb11", "f556cd21035c1a5790ee917894525c8b7f48463c03f862da09e435f7c193b223", "395f1d3b183d2f200dd4c17fc07730eefdbeff0e30074b45adf7ab9ac010baf4", "c01daa19a50388dffaafaff71046b71afc896082c187775e1d43937b3b5858e6", "30e8996a0f3b1ac41421482cda2a382729d335b4693a32667e6994b3157842ba", "91bd44f78e8049943ee0f1515d1de58e8823c6bbf65687cb0ba92f2202010efd", "9adf00c647589ae33d841040666e28987e5a88aaf1f08e20a33bfb0c89280380", "7a72cc00144801b4d6efcdb2dfc87152fbbf63b95b75207e164c174deb31a829", "ff0327525f5459163cd7b2a4795067e4fa74858c7bd0799909226239c96cdc5b", "1d42deb34a41e503493a62da4c0c1e1fbc1ccd69613bb4f2776160eeaeb5e203"], "mitre_attack_tags": []}, {"bi": "pe-section-execute-writable", "hashes": ["5feca7d20b950f2b4a4498ae29a0b4abcdaa38e8e4da4cf1dc2786683ec2526c", "cf2cc0ddb2bbf2abb601734eb15054f348de5645b2c192fbc8906bc4dffceb11", "f556cd21035c1a5790ee917894525c8b7f48463c03f862da09e435f7c193b223", "395f1d3b183d2f200dd4c17fc07730eefdbeff0e30074b45adf7ab9ac010baf4", "c01daa19a50388dffaafaff71046b71afc896082c187775e1d43937b3b5858e6", "30e8996a0f3b1ac41421482cda2a382729d335b4693a32667e6994b3157842ba", "91bd44f78e8049943ee0f1515d1de58e8823c6bbf65687cb0ba92f2202010efd", "9adf00c647589ae33d841040666e28987e5a88aaf1f08e20a33bfb0c89280380", "7a72cc00144801b4d6efcdb2dfc87152fbbf63b95b75207e164c174deb31a829", "ff0327525f5459163cd7b2a4795067e4fa74858c7bd0799909226239c96cdc5b", "1d42deb34a41e503493a62da4c0c1e1fbc1ccd69613bb4f2776160eeaeb5e203"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-packed-upx", "hashes": ["5feca7d20b950f2b4a4498ae29a0b4abcdaa38e8e4da4cf1dc2786683ec2526c", "cf2cc0ddb2bbf2abb601734eb15054f348de5645b2c192fbc8906bc4dffceb11", "f556cd21035c1a5790ee917894525c8b7f48463c03f862da09e435f7c193b223", "395f1d3b183d2f200dd4c17fc07730eefdbeff0e30074b45adf7ab9ac010baf4", "c01daa19a50388dffaafaff71046b71afc896082c187775e1d43937b3b5858e6", "30e8996a0f3b1ac41421482cda2a382729d335b4693a32667e6994b3157842ba", "91bd44f78e8049943ee0f1515d1de58e8823c6bbf65687cb0ba92f2202010efd", "9adf00c647589ae33d841040666e28987e5a88aaf1f08e20a33bfb0c89280380", "7a72cc00144801b4d6efcdb2dfc87152fbbf63b95b75207e164c174deb31a829", "ff0327525f5459163cd7b2a4795067e4fa74858c7bd0799909226239c96cdc5b", "1d42deb34a41e503493a62da4c0c1e1fbc1ccd69613bb4f2776160eeaeb5e203"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "excessive-foreign-memory-modification", "hashes": ["5feca7d20b950f2b4a4498ae29a0b4abcdaa38e8e4da4cf1dc2786683ec2526c", "cf2cc0ddb2bbf2abb601734eb15054f348de5645b2c192fbc8906bc4dffceb11", "f556cd21035c1a5790ee917894525c8b7f48463c03f862da09e435f7c193b223", "395f1d3b183d2f200dd4c17fc07730eefdbeff0e30074b45adf7ab9ac010baf4", "c01daa19a50388dffaafaff71046b71afc896082c187775e1d43937b3b5858e6", "30e8996a0f3b1ac41421482cda2a382729d335b4693a32667e6994b3157842ba", "91bd44f78e8049943ee0f1515d1de58e8823c6bbf65687cb0ba92f2202010efd", "9adf00c647589ae33d841040666e28987e5a88aaf1f08e20a33bfb0c89280380", "7a72cc00144801b4d6efcdb2dfc87152fbbf63b95b75207e164c174deb31a829", "ff0327525f5459163cd7b2a4795067e4fa74858c7bd0799909226239c96cdc5b", "1d42deb34a41e503493a62da4c0c1e1fbc1ccd69613bb4f2776160eeaeb5e203"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "modified-file-in-user-dir", "hashes": ["5feca7d20b950f2b4a4498ae29a0b4abcdaa38e8e4da4cf1dc2786683ec2526c", "cf2cc0ddb2bbf2abb601734eb15054f348de5645b2c192fbc8906bc4dffceb11", "f556cd21035c1a5790ee917894525c8b7f48463c03f862da09e435f7c193b223", "395f1d3b183d2f200dd4c17fc07730eefdbeff0e30074b45adf7ab9ac010baf4", "c01daa19a50388dffaafaff71046b71afc896082c187775e1d43937b3b5858e6", "30e8996a0f3b1ac41421482cda2a382729d335b4693a32667e6994b3157842ba", "9adf00c647589ae33d841040666e28987e5a88aaf1f08e20a33bfb0c89280380", "7a72cc00144801b4d6efcdb2dfc87152fbbf63b95b75207e164c174deb31a829", "ff0327525f5459163cd7b2a4795067e4fa74858c7bd0799909226239c96cdc5b", "1d42deb34a41e503493a62da4c0c1e1fbc1ccd69613bb4f2776160eeaeb5e203"], "mitre_attack_tags": []}, {"bi": "artifact-flagged-anomaly", "hashes": ["5feca7d20b950f2b4a4498ae29a0b4abcdaa38e8e4da4cf1dc2786683ec2526c", "cf2cc0ddb2bbf2abb601734eb15054f348de5645b2c192fbc8906bc4dffceb11", "f556cd21035c1a5790ee917894525c8b7f48463c03f862da09e435f7c193b223", "395f1d3b183d2f200dd4c17fc07730eefdbeff0e30074b45adf7ab9ac010baf4", "c01daa19a50388dffaafaff71046b71afc896082c187775e1d43937b3b5858e6", "30e8996a0f3b1ac41421482cda2a382729d335b4693a32667e6994b3157842ba", "91bd44f78e8049943ee0f1515d1de58e8823c6bbf65687cb0ba92f2202010efd", "9adf00c647589ae33d841040666e28987e5a88aaf1f08e20a33bfb0c89280380", "ff0327525f5459163cd7b2a4795067e4fa74858c7bd0799909226239c96cdc5b", "1d42deb34a41e503493a62da4c0c1e1fbc1ccd69613bb4f2776160eeaeb5e203"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "process-requested-named-pipe", "hashes": ["5feca7d20b950f2b4a4498ae29a0b4abcdaa38e8e4da4cf1dc2786683ec2526c", "cf2cc0ddb2bbf2abb601734eb15054f348de5645b2c192fbc8906bc4dffceb11", "f556cd21035c1a5790ee917894525c8b7f48463c03f862da09e435f7c193b223", "395f1d3b183d2f200dd4c17fc07730eefdbeff0e30074b45adf7ab9ac010baf4", "c01daa19a50388dffaafaff71046b71afc896082c187775e1d43937b3b5858e6", "30e8996a0f3b1ac41421482cda2a382729d335b4693a32667e6994b3157842ba", "9adf00c647589ae33d841040666e28987e5a88aaf1f08e20a33bfb0c89280380", "1d42deb34a41e503493a62da4c0c1e1fbc1ccd69613bb4f2776160eeaeb5e203"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "process-hollowing-detected", "hashes": ["5feca7d20b950f2b4a4498ae29a0b4abcdaa38e8e4da4cf1dc2786683ec2526c", "395f1d3b183d2f200dd4c17fc07730eefdbeff0e30074b45adf7ab9ac010baf4", "c01daa19a50388dffaafaff71046b71afc896082c187775e1d43937b3b5858e6", "30e8996a0f3b1ac41421482cda2a382729d335b4693a32667e6994b3157842ba", "9adf00c647589ae33d841040666e28987e5a88aaf1f08e20a33bfb0c89280380", "7a72cc00144801b4d6efcdb2dfc87152fbbf63b95b75207e164c174deb31a829", "ff0327525f5459163cd7b2a4795067e4fa74858c7bd0799909226239c96cdc5b", "1d42deb34a41e503493a62da4c0c1e1fbc1ccd69613bb4f2776160eeaeb5e203"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "process-deletes-many-files", "hashes": ["5feca7d20b950f2b4a4498ae29a0b4abcdaa38e8e4da4cf1dc2786683ec2526c", "cf2cc0ddb2bbf2abb601734eb15054f348de5645b2c192fbc8906bc4dffceb11", "f556cd21035c1a5790ee917894525c8b7f48463c03f862da09e435f7c193b223", "395f1d3b183d2f200dd4c17fc07730eefdbeff0e30074b45adf7ab9ac010baf4", "c01daa19a50388dffaafaff71046b71afc896082c187775e1d43937b3b5858e6", "30e8996a0f3b1ac41421482cda2a382729d335b4693a32667e6994b3157842ba", "9adf00c647589ae33d841040666e28987e5a88aaf1f08e20a33bfb0c89280380", "1d42deb34a41e503493a62da4c0c1e1fbc1ccd69613bb4f2776160eeaeb5e203"], "mitre_attack_tags": []}, {"bi": "command-deleted-shadow-copy", "hashes": ["5feca7d20b950f2b4a4498ae29a0b4abcdaa38e8e4da4cf1dc2786683ec2526c", "cf2cc0ddb2bbf2abb601734eb15054f348de5645b2c192fbc8906bc4dffceb11", "f556cd21035c1a5790ee917894525c8b7f48463c03f862da09e435f7c193b223", "395f1d3b183d2f200dd4c17fc07730eefdbeff0e30074b45adf7ab9ac010baf4", "c01daa19a50388dffaafaff71046b71afc896082c187775e1d43937b3b5858e6", "30e8996a0f3b1ac41421482cda2a382729d335b4693a32667e6994b3157842ba", "9adf00c647589ae33d841040666e28987e5a88aaf1f08e20a33bfb0c89280380"], "mitre_attack_tags": ["TA0040", "T1490"]}, {"bi": "malware-generic-ransomware-backup-del", "hashes": ["5feca7d20b950f2b4a4498ae29a0b4abcdaa38e8e4da4cf1dc2786683ec2526c", "cf2cc0ddb2bbf2abb601734eb15054f348de5645b2c192fbc8906bc4dffceb11", "f556cd21035c1a5790ee917894525c8b7f48463c03f862da09e435f7c193b223", "395f1d3b183d2f200dd4c17fc07730eefdbeff0e30074b45adf7ab9ac010baf4", "c01daa19a50388dffaafaff71046b71afc896082c187775e1d43937b3b5858e6", "30e8996a0f3b1ac41421482cda2a382729d335b4693a32667e6994b3157842ba", "9adf00c647589ae33d841040666e28987e5a88aaf1f08e20a33bfb0c89280380"], "mitre_attack_tags": []}, {"bi": "deleted-submitted-file", "hashes": ["cf2cc0ddb2bbf2abb601734eb15054f348de5645b2c192fbc8906bc4dffceb11", "f556cd21035c1a5790ee917894525c8b7f48463c03f862da09e435f7c193b223", "395f1d3b183d2f200dd4c17fc07730eefdbeff0e30074b45adf7ab9ac010baf4", "c01daa19a50388dffaafaff71046b71afc896082c187775e1d43937b3b5858e6", "30e8996a0f3b1ac41421482cda2a382729d335b4693a32667e6994b3157842ba", "ff0327525f5459163cd7b2a4795067e4fa74858c7bd0799909226239c96cdc5b", "1d42deb34a41e503493a62da4c0c1e1fbc1ccd69613bb4f2776160eeaeb5e203"], "mitre_attack_tags": ["TA0005"]}, {"bi": "excessive-file-modifications", "hashes": ["5feca7d20b950f2b4a4498ae29a0b4abcdaa38e8e4da4cf1dc2786683ec2526c", "cf2cc0ddb2bbf2abb601734eb15054f348de5645b2c192fbc8906bc4dffceb11", "f556cd21035c1a5790ee917894525c8b7f48463c03f862da09e435f7c193b223", "c01daa19a50388dffaafaff71046b71afc896082c187775e1d43937b3b5858e6", "30e8996a0f3b1ac41421482cda2a382729d335b4693a32667e6994b3157842ba", "9adf00c647589ae33d841040666e28987e5a88aaf1f08e20a33bfb0c89280380"], "mitre_attack_tags": []}, {"bi": "cmd-exe-file-execution", "hashes": ["cf2cc0ddb2bbf2abb601734eb15054f348de5645b2c192fbc8906bc4dffceb11", "f556cd21035c1a5790ee917894525c8b7f48463c03f862da09e435f7c193b223", "395f1d3b183d2f200dd4c17fc07730eefdbeff0e30074b45adf7ab9ac010baf4", "c01daa19a50388dffaafaff71046b71afc896082c187775e1d43937b3b5858e6", "30e8996a0f3b1ac41421482cda2a382729d335b4693a32667e6994b3157842ba", "ff0327525f5459163cd7b2a4795067e4fa74858c7bd0799909226239c96cdc5b"], "mitre_attack_tags": ["TA0002", "T1059"]}, {"bi": "sample-launched-copy-of-self", "hashes": ["5feca7d20b950f2b4a4498ae29a0b4abcdaa38e8e4da4cf1dc2786683ec2526c", "91bd44f78e8049943ee0f1515d1de58e8823c6bbf65687cb0ba92f2202010efd", "9adf00c647589ae33d841040666e28987e5a88aaf1f08e20a33bfb0c89280380", "7a72cc00144801b4d6efcdb2dfc87152fbbf63b95b75207e164c174deb31a829", "ff0327525f5459163cd7b2a4795067e4fa74858c7bd0799909226239c96cdc5b"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "network-file-uploaded", "hashes": ["cf2cc0ddb2bbf2abb601734eb15054f348de5645b2c192fbc8906bc4dffceb11", "f556cd21035c1a5790ee917894525c8b7f48463c03f862da09e435f7c193b223", "395f1d3b183d2f200dd4c17fc07730eefdbeff0e30074b45adf7ab9ac010baf4", "c01daa19a50388dffaafaff71046b71afc896082c187775e1d43937b3b5858e6", "30e8996a0f3b1ac41421482cda2a382729d335b4693a32667e6994b3157842ba"], "mitre_attack_tags": ["TA0010", "T1011"]}, {"bi": "nginx-webserver-detected", "hashes": ["cf2cc0ddb2bbf2abb601734eb15054f348de5645b2c192fbc8906bc4dffceb11", "f556cd21035c1a5790ee917894525c8b7f48463c03f862da09e435f7c193b223", "395f1d3b183d2f200dd4c17fc07730eefdbeff0e30074b45adf7ab9ac010baf4", "c01daa19a50388dffaafaff71046b71afc896082c187775e1d43937b3b5858e6", "30e8996a0f3b1ac41421482cda2a382729d335b4693a32667e6994b3157842ba"], "mitre_attack_tags": []}, {"bi": "network-http-numeric-ip", "hashes": ["cf2cc0ddb2bbf2abb601734eb15054f348de5645b2c192fbc8906bc4dffceb11", "f556cd21035c1a5790ee917894525c8b7f48463c03f862da09e435f7c193b223", "395f1d3b183d2f200dd4c17fc07730eefdbeff0e30074b45adf7ab9ac010baf4", "c01daa19a50388dffaafaff71046b71afc896082c187775e1d43937b3b5858e6", "30e8996a0f3b1ac41421482cda2a382729d335b4693a32667e6994b3157842ba"], "mitre_attack_tags": ["TA0011", "T1071"]}, {"bi": "network-communications-http-post", "hashes": ["cf2cc0ddb2bbf2abb601734eb15054f348de5645b2c192fbc8906bc4dffceb11", "f556cd21035c1a5790ee917894525c8b7f48463c03f862da09e435f7c193b223", "395f1d3b183d2f200dd4c17fc07730eefdbeff0e30074b45adf7ab9ac010baf4", "c01daa19a50388dffaafaff71046b71afc896082c187775e1d43937b3b5858e6", "30e8996a0f3b1ac41421482cda2a382729d335b4693a32667e6994b3157842ba"], "mitre_attack_tags": ["TA0010", "T1048"]}, {"bi": "http-response-client-error", "hashes": ["cf2cc0ddb2bbf2abb601734eb15054f348de5645b2c192fbc8906bc4dffceb11", "f556cd21035c1a5790ee917894525c8b7f48463c03f862da09e435f7c193b223", "395f1d3b183d2f200dd4c17fc07730eefdbeff0e30074b45adf7ab9ac010baf4", "c01daa19a50388dffaafaff71046b71afc896082c187775e1d43937b3b5858e6", "30e8996a0f3b1ac41421482cda2a382729d335b4693a32667e6994b3157842ba"], "mitre_attack_tags": []}, {"bi": "network-snort-malware", "hashes": ["cf2cc0ddb2bbf2abb601734eb15054f348de5645b2c192fbc8906bc4dffceb11", "f556cd21035c1a5790ee917894525c8b7f48463c03f862da09e435f7c193b223", "395f1d3b183d2f200dd4c17fc07730eefdbeff0e30074b45adf7ab9ac010baf4", "c01daa19a50388dffaafaff71046b71afc896082c187775e1d43937b3b5858e6", "30e8996a0f3b1ac41421482cda2a382729d335b4693a32667e6994b3157842ba"], "mitre_attack_tags": []}, {"bi": "altered-sample-snort-flagged", "hashes": ["cf2cc0ddb2bbf2abb601734eb15054f348de5645b2c192fbc8906bc4dffceb11", "f556cd21035c1a5790ee917894525c8b7f48463c03f862da09e435f7c193b223", "395f1d3b183d2f200dd4c17fc07730eefdbeff0e30074b45adf7ab9ac010baf4", "c01daa19a50388dffaafaff71046b71afc896082c187775e1d43937b3b5858e6", "30e8996a0f3b1ac41421482cda2a382729d335b4693a32667e6994b3157842ba"], "mitre_attack_tags": ["TA0011", "T1102"]}, {"bi": "artifact-windows-task", "hashes": ["cf2cc0ddb2bbf2abb601734eb15054f348de5645b2c192fbc8906bc4dffceb11", "f556cd21035c1a5790ee917894525c8b7f48463c03f862da09e435f7c193b223", "395f1d3b183d2f200dd4c17fc07730eefdbeff0e30074b45adf7ab9ac010baf4", "c01daa19a50388dffaafaff71046b71afc896082c187775e1d43937b3b5858e6", "30e8996a0f3b1ac41421482cda2a382729d335b4693a32667e6994b3157842ba"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1053"]}, {"bi": "network-dns-category-proxy", "hashes": ["cf2cc0ddb2bbf2abb601734eb15054f348de5645b2c192fbc8906bc4dffceb11", "f556cd21035c1a5790ee917894525c8b7f48463c03f862da09e435f7c193b223", "395f1d3b183d2f200dd4c17fc07730eefdbeff0e30074b45adf7ab9ac010baf4", "c01daa19a50388dffaafaff71046b71afc896082c187775e1d43937b3b5858e6", "30e8996a0f3b1ac41421482cda2a382729d335b4693a32667e6994b3157842ba"], "mitre_attack_tags": []}, {"bi": "artifact-exec-extension-obfuscation", "hashes": ["cf2cc0ddb2bbf2abb601734eb15054f348de5645b2c192fbc8906bc4dffceb11", "f556cd21035c1a5790ee917894525c8b7f48463c03f862da09e435f7c193b223", "395f1d3b183d2f200dd4c17fc07730eefdbeff0e30074b45adf7ab9ac010baf4", "c01daa19a50388dffaafaff71046b71afc896082c187775e1d43937b3b5858e6", "30e8996a0f3b1ac41421482cda2a382729d335b4693a32667e6994b3157842ba"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "malware-ransomware-locky", "hashes": ["cf2cc0ddb2bbf2abb601734eb15054f348de5645b2c192fbc8906bc4dffceb11", "f556cd21035c1a5790ee917894525c8b7f48463c03f862da09e435f7c193b223", "395f1d3b183d2f200dd4c17fc07730eefdbeff0e30074b45adf7ab9ac010baf4", "c01daa19a50388dffaafaff71046b71afc896082c187775e1d43937b3b5858e6", "30e8996a0f3b1ac41421482cda2a382729d335b4693a32667e6994b3157842ba"], "mitre_attack_tags": ["TA0040", "T1486"]}, {"bi": "decoy-wpfv", "hashes": ["cf2cc0ddb2bbf2abb601734eb15054f348de5645b2c192fbc8906bc4dffceb11", "f556cd21035c1a5790ee917894525c8b7f48463c03f862da09e435f7c193b223", "395f1d3b183d2f200dd4c17fc07730eefdbeff0e30074b45adf7ab9ac010baf4", "c01daa19a50388dffaafaff71046b71afc896082c187775e1d43937b3b5858e6", "30e8996a0f3b1ac41421482cda2a382729d335b4693a32667e6994b3157842ba"], "mitre_attack_tags": ["TA0001", "T1566"]}, {"bi": "file-pending-delete", "hashes": ["cf2cc0ddb2bbf2abb601734eb15054f348de5645b2c192fbc8906bc4dffceb11", "f556cd21035c1a5790ee917894525c8b7f48463c03f862da09e435f7c193b223", "395f1d3b183d2f200dd4c17fc07730eefdbeff0e30074b45adf7ab9ac010baf4", "c01daa19a50388dffaafaff71046b71afc896082c187775e1d43937b3b5858e6", "30e8996a0f3b1ac41421482cda2a382729d335b4693a32667e6994b3157842ba"], "mitre_attack_tags": ["TA0005"]}, {"bi": "cmd-exe-file-deletion", "hashes": ["cf2cc0ddb2bbf2abb601734eb15054f348de5645b2c192fbc8906bc4dffceb11", "f556cd21035c1a5790ee917894525c8b7f48463c03f862da09e435f7c193b223", "395f1d3b183d2f200dd4c17fc07730eefdbeff0e30074b45adf7ab9ac010baf4", "c01daa19a50388dffaafaff71046b71afc896082c187775e1d43937b3b5858e6", "30e8996a0f3b1ac41421482cda2a382729d335b4693a32667e6994b3157842ba"], "mitre_attack_tags": ["TA0005"]}, {"bi": "enumeration-email-program-information", "hashes": ["cf2cc0ddb2bbf2abb601734eb15054f348de5645b2c192fbc8906bc4dffceb11", "f556cd21035c1a5790ee917894525c8b7f48463c03f862da09e435f7c193b223", "395f1d3b183d2f200dd4c17fc07730eefdbeff0e30074b45adf7ab9ac010baf4", "c01daa19a50388dffaafaff71046b71afc896082c187775e1d43937b3b5858e6", "30e8996a0f3b1ac41421482cda2a382729d335b4693a32667e6994b3157842ba"], "mitre_attack_tags": ["TA0007", "TA0009", "TA0006", "T1083", "T1087", "T1005", "T1119", "T1114", "T1552"]}, {"bi": "html-page-not-found", "hashes": ["cf2cc0ddb2bbf2abb601734eb15054f348de5645b2c192fbc8906bc4dffceb11", "f556cd21035c1a5790ee917894525c8b7f48463c03f862da09e435f7c193b223", "395f1d3b183d2f200dd4c17fc07730eefdbeff0e30074b45adf7ab9ac010baf4", "c01daa19a50388dffaafaff71046b71afc896082c187775e1d43937b3b5858e6", "30e8996a0f3b1ac41421482cda2a382729d335b4693a32667e6994b3157842ba"], "mitre_attack_tags": []}, {"bi": "antivirus-flagged-artifact", "hashes": ["5feca7d20b950f2b4a4498ae29a0b4abcdaa38e8e4da4cf1dc2786683ec2526c", "cf2cc0ddb2bbf2abb601734eb15054f348de5645b2c192fbc8906bc4dffceb11", "30e8996a0f3b1ac41421482cda2a382729d335b4693a32667e6994b3157842ba", "9adf00c647589ae33d841040666e28987e5a88aaf1f08e20a33bfb0c89280380"], "mitre_attack_tags": []}, {"bi": "modified-executable", "hashes": ["5feca7d20b950f2b4a4498ae29a0b4abcdaa38e8e4da4cf1dc2786683ec2526c", "9adf00c647589ae33d841040666e28987e5a88aaf1f08e20a33bfb0c89280380", "ff0327525f5459163cd7b2a4795067e4fa74858c7bd0799909226239c96cdc5b", "1d42deb34a41e503493a62da4c0c1e1fbc1ccd69613bb4f2776160eeaeb5e203"], "mitre_attack_tags": []}, {"bi": "created-executable-in-user-dir", "hashes": ["5feca7d20b950f2b4a4498ae29a0b4abcdaa38e8e4da4cf1dc2786683ec2526c", "9adf00c647589ae33d841040666e28987e5a88aaf1f08e20a33bfb0c89280380", "ff0327525f5459163cd7b2a4795067e4fa74858c7bd0799909226239c96cdc5b", "1d42deb34a41e503493a62da4c0c1e1fbc1ccd69613bb4f2776160eeaeb5e203"], "mitre_attack_tags": []}, {"bi": "registry-autorun-key-modified", "hashes": ["5feca7d20b950f2b4a4498ae29a0b4abcdaa38e8e4da4cf1dc2786683ec2526c", "9adf00c647589ae33d841040666e28987e5a88aaf1f08e20a33bfb0c89280380", "ff0327525f5459163cd7b2a4795067e4fa74858c7bd0799909226239c96cdc5b", "1d42deb34a41e503493a62da4c0c1e1fbc1ccd69613bb4f2776160eeaeb5e203"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "pe-dos-header-pages", "hashes": ["cf2cc0ddb2bbf2abb601734eb15054f348de5645b2c192fbc8906bc4dffceb11", "f556cd21035c1a5790ee917894525c8b7f48463c03f862da09e435f7c193b223", "395f1d3b183d2f200dd4c17fc07730eefdbeff0e30074b45adf7ab9ac010baf4", "c01daa19a50388dffaafaff71046b71afc896082c187775e1d43937b3b5858e6"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "created-executable-sample-appdata", "hashes": ["5feca7d20b950f2b4a4498ae29a0b4abcdaa38e8e4da4cf1dc2786683ec2526c", "9adf00c647589ae33d841040666e28987e5a88aaf1f08e20a33bfb0c89280380", "ff0327525f5459163cd7b2a4795067e4fa74858c7bd0799909226239c96cdc5b"], "mitre_attack_tags": ["TA0005", "T1564"]}, {"bi": "artifact-flagged-sandbox", "hashes": ["5feca7d20b950f2b4a4498ae29a0b4abcdaa38e8e4da4cf1dc2786683ec2526c", "9adf00c647589ae33d841040666e28987e5a88aaf1f08e20a33bfb0c89280380"], "mitre_attack_tags": ["TA0005", "TA0007", "T1497"]}, {"bi": "document-contains-vbforms", "hashes": ["5feca7d20b950f2b4a4498ae29a0b4abcdaa38e8e4da4cf1dc2786683ec2526c", "9adf00c647589ae33d841040666e28987e5a88aaf1f08e20a33bfb0c89280380"], "mitre_attack_tags": []}, {"bi": "vba-document-open", "hashes": ["5feca7d20b950f2b4a4498ae29a0b4abcdaa38e8e4da4cf1dc2786683ec2526c", "9adf00c647589ae33d841040666e28987e5a88aaf1f08e20a33bfb0c89280380"], "mitre_attack_tags": ["TA0002", "T1059"]}, {"bi": "document-single-page", "hashes": ["5feca7d20b950f2b4a4498ae29a0b4abcdaa38e8e4da4cf1dc2786683ec2526c", "9adf00c647589ae33d841040666e28987e5a88aaf1f08e20a33bfb0c89280380"], "mitre_attack_tags": []}, {"bi": "document-contains-vba-macro", "hashes": ["5feca7d20b950f2b4a4498ae29a0b4abcdaa38e8e4da4cf1dc2786683ec2526c", "9adf00c647589ae33d841040666e28987e5a88aaf1f08e20a33bfb0c89280380"], "mitre_attack_tags": ["TA0002", "TA0001", "T1559", "T1566"]}, {"bi": "artifact-flagged-obfuscation", "hashes": ["5feca7d20b950f2b4a4498ae29a0b4abcdaa38e8e4da4cf1dc2786683ec2526c", "9adf00c647589ae33d841040666e28987e5a88aaf1f08e20a33bfb0c89280380"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "hook-installed", "hashes": ["5feca7d20b950f2b4a4498ae29a0b4abcdaa38e8e4da4cf1dc2786683ec2526c", "9adf00c647589ae33d841040666e28987e5a88aaf1f08e20a33bfb0c89280380"], "mitre_attack_tags": ["TA0009", "TA0006", "T1056"]}, {"bi": "modified-file-in-program-dir", "hashes": ["5feca7d20b950f2b4a4498ae29a0b4abcdaa38e8e4da4cf1dc2786683ec2526c", "9adf00c647589ae33d841040666e28987e5a88aaf1f08e20a33bfb0c89280380"], "mitre_attack_tags": []}, {"bi": "artifact-flagged-vm", "hashes": ["5feca7d20b950f2b4a4498ae29a0b4abcdaa38e8e4da4cf1dc2786683ec2526c", "9adf00c647589ae33d841040666e28987e5a88aaf1f08e20a33bfb0c89280380"], "mitre_attack_tags": ["TA0005", "TA0007", "T1497"]}, {"bi": "modified-file-in-system-dir", "hashes": ["5feca7d20b950f2b4a4498ae29a0b4abcdaa38e8e4da4cf1dc2786683ec2526c", "9adf00c647589ae33d841040666e28987e5a88aaf1f08e20a33bfb0c89280380"], "mitre_attack_tags": []}, {"bi": "registry-autorun-key-system-dir", "hashes": ["5feca7d20b950f2b4a4498ae29a0b4abcdaa38e8e4da4cf1dc2786683ec2526c", "9adf00c647589ae33d841040666e28987e5a88aaf1f08e20a33bfb0c89280380"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "imports-IsDebuggerPresent", "hashes": ["5feca7d20b950f2b4a4498ae29a0b4abcdaa38e8e4da4cf1dc2786683ec2526c", "9adf00c647589ae33d841040666e28987e5a88aaf1f08e20a33bfb0c89280380"], "mitre_attack_tags": ["TA0005", "TA0007"]}, {"bi": "excessive-sample-duplication", "hashes": ["5feca7d20b950f2b4a4498ae29a0b4abcdaa38e8e4da4cf1dc2786683ec2526c", "9adf00c647589ae33d841040666e28987e5a88aaf1f08e20a33bfb0c89280380"], "mitre_attack_tags": ["TA0005", "TA0003"]}, {"bi": "pe-resource-lang-russian", "hashes": ["5feca7d20b950f2b4a4498ae29a0b4abcdaa38e8e4da4cf1dc2786683ec2526c", "9adf00c647589ae33d841040666e28987e5a88aaf1f08e20a33bfb0c89280380"], "mitre_attack_tags": []}, {"bi": "pe-imports-psapi-dll", "hashes": ["5feca7d20b950f2b4a4498ae29a0b4abcdaa38e8e4da4cf1dc2786683ec2526c", "9adf00c647589ae33d841040666e28987e5a88aaf1f08e20a33bfb0c89280380"], "mitre_attack_tags": ["TA0007", "T1057"]}, {"bi": "pe-certificate", "hashes": ["5feca7d20b950f2b4a4498ae29a0b4abcdaa38e8e4da4cf1dc2786683ec2526c", "9adf00c647589ae33d841040666e28987e5a88aaf1f08e20a33bfb0c89280380"], "mitre_attack_tags": []}, {"bi": "pe-subtype-com", "hashes": ["5feca7d20b950f2b4a4498ae29a0b4abcdaa38e8e4da4cf1dc2786683ec2526c", "9adf00c647589ae33d841040666e28987e5a88aaf1f08e20a33bfb0c89280380"], "mitre_attack_tags": []}, {"bi": "pe-imports-toolhelp", "hashes": ["5feca7d20b950f2b4a4498ae29a0b4abcdaa38e8e4da4cf1dc2786683ec2526c", "9adf00c647589ae33d841040666e28987e5a88aaf1f08e20a33bfb0c89280380"], "mitre_attack_tags": ["TA0007", "T1057"]}, {"bi": "modified-file-on-usb", "hashes": ["5feca7d20b950f2b4a4498ae29a0b4abcdaa38e8e4da4cf1dc2786683ec2526c", "9adf00c647589ae33d841040666e28987e5a88aaf1f08e20a33bfb0c89280380"], "mitre_attack_tags": ["TA0011", "T1092"]}, {"bi": "startup-folder-modification", "hashes": ["5feca7d20b950f2b4a4498ae29a0b4abcdaa38e8e4da4cf1dc2786683ec2526c", "9adf00c647589ae33d841040666e28987e5a88aaf1f08e20a33bfb0c89280380"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "pe-imports-exe", "hashes": ["5feca7d20b950f2b4a4498ae29a0b4abcdaa38e8e4da4cf1dc2786683ec2526c", "9adf00c647589ae33d841040666e28987e5a88aaf1f08e20a33bfb0c89280380"], "mitre_attack_tags": []}, {"bi": "artifact-flagged-antianalysis", "hashes": ["5feca7d20b950f2b4a4498ae29a0b4abcdaa38e8e4da4cf1dc2786683ec2526c", "9adf00c647589ae33d841040666e28987e5a88aaf1f08e20a33bfb0c89280380"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "artifact-pe-no-dos", "hashes": ["5feca7d20b950f2b4a4498ae29a0b4abcdaa38e8e4da4cf1dc2786683ec2526c", "9adf00c647589ae33d841040666e28987e5a88aaf1f08e20a33bfb0c89280380"], "mitre_attack_tags": []}, {"bi": "pe-resource-lang-spanish", "hashes": ["5feca7d20b950f2b4a4498ae29a0b4abcdaa38e8e4da4cf1dc2786683ec2526c", "9adf00c647589ae33d841040666e28987e5a88aaf1f08e20a33bfb0c89280380"], "mitre_attack_tags": []}, {"bi": "recycler-file-creation", "hashes": ["5feca7d20b950f2b4a4498ae29a0b4abcdaa38e8e4da4cf1dc2786683ec2526c", "9adf00c647589ae33d841040666e28987e5a88aaf1f08e20a33bfb0c89280380"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "malware-generic-ransomware", "hashes": ["5feca7d20b950f2b4a4498ae29a0b4abcdaa38e8e4da4cf1dc2786683ec2526c", "9adf00c647589ae33d841040666e28987e5a88aaf1f08e20a33bfb0c89280380"], "mitre_attack_tags": []}, {"bi": "recycler-exe-artifact", "hashes": ["5feca7d20b950f2b4a4498ae29a0b4abcdaa38e8e4da4cf1dc2786683ec2526c", "9adf00c647589ae33d841040666e28987e5a88aaf1f08e20a33bfb0c89280380"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-resource-lang-korean", "hashes": ["5feca7d20b950f2b4a4498ae29a0b4abcdaa38e8e4da4cf1dc2786683ec2526c", "9adf00c647589ae33d841040666e28987e5a88aaf1f08e20a33bfb0c89280380"], "mitre_attack_tags": []}, {"bi": "pe-resource-lang-arabic", "hashes": ["5feca7d20b950f2b4a4498ae29a0b4abcdaa38e8e4da4cf1dc2786683ec2526c", "9adf00c647589ae33d841040666e28987e5a88aaf1f08e20a33bfb0c89280380"], "mitre_attack_tags": []}, {"bi": "deleted-executable-in-program-dir", "hashes": ["5feca7d20b950f2b4a4498ae29a0b4abcdaa38e8e4da4cf1dc2786683ec2526c", "9adf00c647589ae33d841040666e28987e5a88aaf1f08e20a33bfb0c89280380"], "mitre_attack_tags": []}, {"bi": "vba-document-uses-hidden-setting", "hashes": ["5feca7d20b950f2b4a4498ae29a0b4abcdaa38e8e4da4cf1dc2786683ec2526c", "9adf00c647589ae33d841040666e28987e5a88aaf1f08e20a33bfb0c89280380"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "html-js-uses-eval", "hashes": ["5feca7d20b950f2b4a4498ae29a0b4abcdaa38e8e4da4cf1dc2786683ec2526c", "9adf00c647589ae33d841040666e28987e5a88aaf1f08e20a33bfb0c89280380"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "vba-document-import-dll-function", "hashes": ["5feca7d20b950f2b4a4498ae29a0b4abcdaa38e8e4da4cf1dc2786683ec2526c", "9adf00c647589ae33d841040666e28987e5a88aaf1f08e20a33bfb0c89280380"], "mitre_attack_tags": ["TA0005", "TA0002", "T1202"]}, {"bi": "embedded-document-resource", "hashes": ["5feca7d20b950f2b4a4498ae29a0b4abcdaa38e8e4da4cf1dc2786683ec2526c", "9adf00c647589ae33d841040666e28987e5a88aaf1f08e20a33bfb0c89280380"], "mitre_attack_tags": []}, {"bi": "msi-certificate", "hashes": ["5feca7d20b950f2b4a4498ae29a0b4abcdaa38e8e4da4cf1dc2786683ec2526c", "9adf00c647589ae33d841040666e28987e5a88aaf1f08e20a33bfb0c89280380"], "mitre_attack_tags": []}, {"bi": "pe-pdb-copy", "hashes": ["5feca7d20b950f2b4a4498ae29a0b4abcdaa38e8e4da4cf1dc2786683ec2526c", "9adf00c647589ae33d841040666e28987e5a88aaf1f08e20a33bfb0c89280380"], "mitre_attack_tags": []}, {"bi": "pe-subtype-cpl", "hashes": ["5feca7d20b950f2b4a4498ae29a0b4abcdaa38e8e4da4cf1dc2786683ec2526c", "9adf00c647589ae33d841040666e28987e5a88aaf1f08e20a33bfb0c89280380"], "mitre_attack_tags": []}, {"bi": "vba-document-international-property", "hashes": ["5feca7d20b950f2b4a4498ae29a0b4abcdaa38e8e4da4cf1dc2786683ec2526c", "9adf00c647589ae33d841040666e28987e5a88aaf1f08e20a33bfb0c89280380"], "mitre_attack_tags": ["TA0007", "T1082"]}, {"bi": "document-contains-hidden-sheet", "hashes": ["5feca7d20b950f2b4a4498ae29a0b4abcdaa38e8e4da4cf1dc2786683ec2526c", "9adf00c647589ae33d841040666e28987e5a88aaf1f08e20a33bfb0c89280380"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "artifact-xsl-contains-script", "hashes": ["5feca7d20b950f2b4a4498ae29a0b4abcdaa38e8e4da4cf1dc2786683ec2526c", "9adf00c647589ae33d841040666e28987e5a88aaf1f08e20a33bfb0c89280380"], "mitre_attack_tags": ["TA0002", "T1204"]}, {"bi": "excessive-file-read", "hashes": ["5feca7d20b950f2b4a4498ae29a0b4abcdaa38e8e4da4cf1dc2786683ec2526c", "9adf00c647589ae33d841040666e28987e5a88aaf1f08e20a33bfb0c89280380"], "mitre_attack_tags": ["TA0007", "T1083"]}, {"bi": "dns-query-nxdomain", "hashes": ["91bd44f78e8049943ee0f1515d1de58e8823c6bbf65687cb0ba92f2202010efd", "ff0327525f5459163cd7b2a4795067e4fa74858c7bd0799909226239c96cdc5b"], "mitre_attack_tags": []}, {"bi": "feed-domain-antivirus-service", "hashes": ["91bd44f78e8049943ee0f1515d1de58e8823c6bbf65687cb0ba92f2202010efd", "ff0327525f5459163cd7b2a4795067e4fa74858c7bd0799909226239c96cdc5b"], "mitre_attack_tags": []}, {"bi": "pe-uses-armadillo", "hashes": ["5feca7d20b950f2b4a4498ae29a0b4abcdaa38e8e4da4cf1dc2786683ec2526c"], "mitre_attack_tags": ["TA0005", "TA0007", "T1027"]}, {"bi": "netbios-query", "hashes": ["91bd44f78e8049943ee0f1515d1de58e8823c6bbf65687cb0ba92f2202010efd"], "mitre_attack_tags": ["TA0007", "T1016"]}, {"bi": "process-explorer-suspicious-launch", "hashes": ["91bd44f78e8049943ee0f1515d1de58e8823c6bbf65687cb0ba92f2202010efd"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "document-decoy-dropped", "hashes": ["9adf00c647589ae33d841040666e28987e5a88aaf1f08e20a33bfb0c89280380"], "mitre_attack_tags": []}, {"bi": "js-uses-eval", "hashes": ["9adf00c647589ae33d841040666e28987e5a88aaf1f08e20a33bfb0c89280380"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "windows-crash-tool-execution-detected", "hashes": ["7a72cc00144801b4d6efcdb2dfc87152fbbf63b95b75207e164c174deb31a829"], "mitre_attack_tags": []}, {"bi": "crash-dump-file-created", "hashes": ["7a72cc00144801b4d6efcdb2dfc87152fbbf63b95b75207e164c174deb31a829"], "mitre_attack_tags": []}, {"bi": "fault-report-file-created", "hashes": ["7a72cc00144801b4d6efcdb2dfc87152fbbf63b95b75207e164c174deb31a829"], "mitre_attack_tags": []}, {"bi": "pe-section-name-contains-whitespace", "hashes": ["7a72cc00144801b4d6efcdb2dfc87152fbbf63b95b75207e164c174deb31a829"], "mitre_attack_tags": []}, {"bi": "feed-domain-banking", "hashes": ["ff0327525f5459163cd7b2a4795067e4fa74858c7bd0799909226239c96cdc5b"], "mitre_attack_tags": []}, {"bi": "registry-autorun-key-data-dir", "hashes": ["ff0327525f5459163cd7b2a4795067e4fa74858c7bd0799909226239c96cdc5b"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "files-deleted-used-batch", "hashes": ["ff0327525f5459163cd7b2a4795067e4fa74858c7bd0799909226239c96cdc5b"], "mitre_attack_tags": ["TA0005"]}, {"bi": "unsigned-roaming-execution", "hashes": ["ff0327525f5459163cd7b2a4795067e4fa74858c7bd0799909226239c96cdc5b"], "mitre_attack_tags": ["TA0005"]}, {"bi": "process-check-virtualbox", "hashes": ["ff0327525f5459163cd7b2a4795067e4fa74858c7bd0799909226239c96cdc5b"], "mitre_attack_tags": ["TA0005", "TA0007", "T1497"]}, {"bi": "process-requested-softice", "hashes": ["ff0327525f5459163cd7b2a4795067e4fa74858c7bd0799909226239c96cdc5b"], "mitre_attack_tags": ["TA0005", "TA0007", "T1497"]}, {"bi": "malware-panda-mutex-detected", "hashes": ["ff0327525f5459163cd7b2a4795067e4fa74858c7bd0799909226239c96cdc5b"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "process-check-deep-freeze", "hashes": ["ff0327525f5459163cd7b2a4795067e4fa74858c7bd0799909226239c96cdc5b"], "mitre_attack_tags": ["TA0005", "TA0007", "T1497"]}, {"bi": "process-check-analysis-tools", "hashes": ["ff0327525f5459163cd7b2a4795067e4fa74858c7bd0799909226239c96cdc5b"], "mitre_attack_tags": ["TA0005", "TA0007", "T1497"]}, {"bi": "sandbox-detection-mutex", "hashes": ["ff0327525f5459163cd7b2a4795067e4fa74858c7bd0799909226239c96cdc5b"], "mitre_attack_tags": ["TA0005", "TA0007", "T1497"]}, {"bi": "process-check-vmware", "hashes": ["ff0327525f5459163cd7b2a4795067e4fa74858c7bd0799909226239c96cdc5b"], "mitre_attack_tags": ["TA0005", "TA0007", "T1497"]}, {"bi": "process-detection-parallels", "hashes": ["ff0327525f5459163cd7b2a4795067e4fa74858c7bd0799909226239c96cdc5b"], "mitre_attack_tags": ["TA0005", "TA0007", "T1497"]}, {"bi": "process-long-cmdline", "hashes": ["1d42deb34a41e503493a62da4c0c1e1fbc1ccd69613bb4f2776160eeaeb5e203"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "process-av-strings", "hashes": ["1d42deb34a41e503493a62da4c0c1e1fbc1ccd69613bb4f2776160eeaeb5e203"], "mitre_attack_tags": ["TA0005", "T1562"]}, {"bi": "potential-registry-persistence", "hashes": ["1d42deb34a41e503493a62da4c0c1e1fbc1ccd69613bb4f2776160eeaeb5e203"], "mitre_attack_tags": ["TA0003"]}, {"bi": "registry-modification-reg", "hashes": ["1d42deb34a41e503493a62da4c0c1e1fbc1ccd69613bb4f2776160eeaeb5e203"], "mitre_attack_tags": []}, {"bi": "randomly-named-files", "hashes": ["1d42deb34a41e503493a62da4c0c1e1fbc1ccd69613bb4f2776160eeaeb5e203"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "microsoft-block-rule-list-app-executed", "hashes": ["1d42deb34a41e503493a62da4c0c1e1fbc1ccd69613bb4f2776160eeaeb5e203"], "mitre_attack_tags": ["TA0005", "T1562"]}, {"bi": "malware-svchost-misspell", "hashes": ["1d42deb34a41e503493a62da4c0c1e1fbc1ccd69613bb4f2776160eeaeb5e203"], "mitre_attack_tags": ["TA0005", "T1036"]}, {"bi": "malware-misspell-binary", "hashes": ["1d42deb34a41e503493a62da4c0c1e1fbc1ccd69613bb4f2776160eeaeb5e203"], "mitre_attack_tags": ["TA0005", "T1036"]}, {"bi": "registry-script-detected", "hashes": ["1d42deb34a41e503493a62da4c0c1e1fbc1ccd69613bb4f2776160eeaeb5e203"], "mitre_attack_tags": ["TA0005", "TA0002", "T1112", "T1059"]}, {"bi": "process-mshta-cmdline-script", "hashes": ["1d42deb34a41e503493a62da4c0c1e1fbc1ccd69613bb4f2776160eeaeb5e203"], "mitre_attack_tags": ["TA0005"]}], "category": "Ransomware", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": true, "Threat Grid": true, "Umbrella": false, "WSA": false}, "description": "Locky is ransomware typically distributed via spam emails containing a maliciously crafted Microsoft Word document crafted to trick targets into enabling malicious macros. This family was originally released in 2016 and updated over the years with additional functionality.", "hashes": ["1d42deb34a41e503493a62da4c0c1e1fbc1ccd69613bb4f2776160eeaeb5e203", "30e8996a0f3b1ac41421482cda2a382729d335b4693a32667e6994b3157842ba", "395f1d3b183d2f200dd4c17fc07730eefdbeff0e30074b45adf7ab9ac010baf4", "5feca7d20b950f2b4a4498ae29a0b4abcdaa38e8e4da4cf1dc2786683ec2526c", "7a72cc00144801b4d6efcdb2dfc87152fbbf63b95b75207e164c174deb31a829", "91bd44f78e8049943ee0f1515d1de58e8823c6bbf65687cb0ba92f2202010efd", "9adf00c647589ae33d841040666e28987e5a88aaf1f08e20a33bfb0c89280380", "c01daa19a50388dffaafaff71046b71afc896082c187775e1d43937b3b5858e6", "cf2cc0ddb2bbf2abb601734eb15054f348de5645b2c192fbc8906bc4dffceb11", "f556cd21035c1a5790ee917894525c8b7f48463c03f862da09e435f7c193b223", "ff0327525f5459163cd7b2a4795067e4fa74858c7bd0799909226239c96cdc5b"], "iocs": {"domain": [{"hashes": ["30e8996a0f3b1ac41421482cda2a382729d335b4693a32667e6994b3157842ba", "395f1d3b183d2f200dd4c17fc07730eefdbeff0e30074b45adf7ab9ac010baf4", "c01daa19a50388dffaafaff71046b71afc896082c187775e1d43937b3b5858e6", "cf2cc0ddb2bbf2abb601734eb15054f348de5645b2c192fbc8906bc4dffceb11", "f556cd21035c1a5790ee917894525c8b7f48463c03f862da09e435f7c193b223"], "host": "www[.]bing[.]com"}, {"hashes": ["ff0327525f5459163cd7b2a4795067e4fa74858c7bd0799909226239c96cdc5b"], "host": "abrakadabra2017[.]com"}, {"hashes": ["91bd44f78e8049943ee0f1515d1de58e8823c6bbf65687cb0ba92f2202010efd"], "host": "oowerl[.]com"}], "file": [{"hashes": ["30e8996a0f3b1ac41421482cda2a382729d335b4693a32667e6994b3157842ba", "395f1d3b183d2f200dd4c17fc07730eefdbeff0e30074b45adf7ab9ac010baf4", "c01daa19a50388dffaafaff71046b71afc896082c187775e1d43937b3b5858e6", "cf2cc0ddb2bbf2abb601734eb15054f348de5645b2c192fbc8906bc4dffceb11", "f556cd21035c1a5790ee917894525c8b7f48463c03f862da09e435f7c193b223"], "path": "%ProgramData%\\Mozilla\\logs\\maintenanceservice-install.log"}, {"hashes": ["30e8996a0f3b1ac41421482cda2a382729d335b4693a32667e6994b3157842ba", "395f1d3b183d2f200dd4c17fc07730eefdbeff0e30074b45adf7ab9ac010baf4", "c01daa19a50388dffaafaff71046b71afc896082c187775e1d43937b3b5858e6", "cf2cc0ddb2bbf2abb601734eb15054f348de5645b2c192fbc8906bc4dffceb11", "f556cd21035c1a5790ee917894525c8b7f48463c03f862da09e435f7c193b223"], "path": "%ProgramData%\\Sun\\Java\\Java Update\\jaureglist.xml"}, {"hashes": ["30e8996a0f3b1ac41421482cda2a382729d335b4693a32667e6994b3157842ba", "395f1d3b183d2f200dd4c17fc07730eefdbeff0e30074b45adf7ab9ac010baf4", "c01daa19a50388dffaafaff71046b71afc896082c187775e1d43937b3b5858e6", "cf2cc0ddb2bbf2abb601734eb15054f348de5645b2c192fbc8906bc4dffceb11", "f556cd21035c1a5790ee917894525c8b7f48463c03f862da09e435f7c193b223"], "path": "%ProgramData%\\Microsoft\\RAC\\StateData\\RacMetaData.dat"}, {"hashes": ["30e8996a0f3b1ac41421482cda2a382729d335b4693a32667e6994b3157842ba", "395f1d3b183d2f200dd4c17fc07730eefdbeff0e30074b45adf7ab9ac010baf4", "c01daa19a50388dffaafaff71046b71afc896082c187775e1d43937b3b5858e6", "cf2cc0ddb2bbf2abb601734eb15054f348de5645b2c192fbc8906bc4dffceb11", "f556cd21035c1a5790ee917894525c8b7f48463c03f862da09e435f7c193b223"], "path": "%ProgramData%\\Adobe\\Updater6\\AdobeESDGlobalApps.xml"}, {"hashes": ["30e8996a0f3b1ac41421482cda2a382729d335b4693a32667e6994b3157842ba", "395f1d3b183d2f200dd4c17fc07730eefdbeff0e30074b45adf7ab9ac010baf4", "c01daa19a50388dffaafaff71046b71afc896082c187775e1d43937b3b5858e6", "cf2cc0ddb2bbf2abb601734eb15054f348de5645b2c192fbc8906bc4dffceb11", "f556cd21035c1a5790ee917894525c8b7f48463c03f862da09e435f7c193b223"], "path": "%ProgramData%\\Microsoft\\IlsCache\\ilrcache.xml"}, {"hashes": ["30e8996a0f3b1ac41421482cda2a382729d335b4693a32667e6994b3157842ba", "395f1d3b183d2f200dd4c17fc07730eefdbeff0e30074b45adf7ab9ac010baf4", "c01daa19a50388dffaafaff71046b71afc896082c187775e1d43937b3b5858e6", "cf2cc0ddb2bbf2abb601734eb15054f348de5645b2c192fbc8906bc4dffceb11", "f556cd21035c1a5790ee917894525c8b7f48463c03f862da09e435f7c193b223"], "path": "%ProgramData%\\Microsoft\\IlsCache\\imcrcache.xml"}, {"hashes": ["30e8996a0f3b1ac41421482cda2a382729d335b4693a32667e6994b3157842ba", "395f1d3b183d2f200dd4c17fc07730eefdbeff0e30074b45adf7ab9ac010baf4", "c01daa19a50388dffaafaff71046b71afc896082c187775e1d43937b3b5858e6", "cf2cc0ddb2bbf2abb601734eb15054f348de5645b2c192fbc8906bc4dffceb11", "f556cd21035c1a5790ee917894525c8b7f48463c03f862da09e435f7c193b223"], "path": "%ProgramData%\\Microsoft\\User Account Pictures\\admin.dat"}, {"hashes": ["30e8996a0f3b1ac41421482cda2a382729d335b4693a32667e6994b3157842ba", "395f1d3b183d2f200dd4c17fc07730eefdbeff0e30074b45adf7ab9ac010baf4", "c01daa19a50388dffaafaff71046b71afc896082c187775e1d43937b3b5858e6", "cf2cc0ddb2bbf2abb601734eb15054f348de5645b2c192fbc8906bc4dffceb11", "f556cd21035c1a5790ee917894525c8b7f48463c03f862da09e435f7c193b223"], "path": "%HOMEPATH%\\DesktopOSIRIS.bmp"}, {"hashes": ["30e8996a0f3b1ac41421482cda2a382729d335b4693a32667e6994b3157842ba", "395f1d3b183d2f200dd4c17fc07730eefdbeff0e30074b45adf7ab9ac010baf4", "c01daa19a50388dffaafaff71046b71afc896082c187775e1d43937b3b5858e6", "cf2cc0ddb2bbf2abb601734eb15054f348de5645b2c192fbc8906bc4dffceb11", "f556cd21035c1a5790ee917894525c8b7f48463c03f862da09e435f7c193b223"], "path": "%HOMEPATH%\\DesktopOSIRIS.htm"}, {"hashes": ["30e8996a0f3b1ac41421482cda2a382729d335b4693a32667e6994b3157842ba", "395f1d3b183d2f200dd4c17fc07730eefdbeff0e30074b45adf7ab9ac010baf4", "c01daa19a50388dffaafaff71046b71afc896082c187775e1d43937b3b5858e6", "cf2cc0ddb2bbf2abb601734eb15054f348de5645b2c192fbc8906bc4dffceb11", "f556cd21035c1a5790ee917894525c8b7f48463c03f862da09e435f7c193b223"], "path": "\\MSOCache\\All Users\\{90140000-0016-0409-0000-0000000FF1CE}-C\\0PZW70DW-"}, {"hashes": ["30e8996a0f3b1ac41421482cda2a382729d335b4693a32667e6994b3157842ba", "395f1d3b183d2f200dd4c17fc07730eefdbeff0e30074b45adf7ab9ac010baf4", "c01daa19a50388dffaafaff71046b71afc896082c187775e1d43937b3b5858e6", "cf2cc0ddb2bbf2abb601734eb15054f348de5645b2c192fbc8906bc4dffceb11", "f556cd21035c1a5790ee917894525c8b7f48463c03f862da09e435f7c193b223"], "path": "\\MSOCache\\All Users\\{90140000-0016-0409-0000-0000000FF1CE}-C\\0PZW70DW--Z1"}, {"hashes": ["30e8996a0f3b1ac41421482cda2a382729d335b4693a32667e6994b3157842ba", "395f1d3b183d2f200dd4c17fc07730eefdbeff0e30074b45adf7ab9ac010baf4", "c01daa19a50388dffaafaff71046b71afc896082c187775e1d43937b3b5858e6", "cf2cc0ddb2bbf2abb601734eb15054f348de5645b2c192fbc8906bc4dffceb11", "f556cd21035c1a5790ee917894525c8b7f48463c03f862da09e435f7c193b223"], "path": "\\MSOCache\\All Users\\{90140000-0018-0409-0000-0000000FF1CE}-C\\0PZW70DW-"}, {"hashes": ["30e8996a0f3b1ac41421482cda2a382729d335b4693a32667e6994b3157842ba", "395f1d3b183d2f200dd4c17fc07730eefdbeff0e30074b45adf7ab9ac010baf4", "c01daa19a50388dffaafaff71046b71afc896082c187775e1d43937b3b5858e6", "cf2cc0ddb2bbf2abb601734eb15054f348de5645b2c192fbc8906bc4dffceb11", "f556cd21035c1a5790ee917894525c8b7f48463c03f862da09e435f7c193b223"], "path": "\\MSOCache\\All Users\\{90140000-0018-0409-0000-0000000FF1CE}-C\\0PZW70DW--Z10I--E"}, {"hashes": ["30e8996a0f3b1ac41421482cda2a382729d335b4693a32667e6994b3157842ba", "395f1d3b183d2f200dd4c17fc07730eefdbeff0e30074b45adf7ab9ac010baf4", "c01daa19a50388dffaafaff71046b71afc896082c187775e1d43937b3b5858e6", "cf2cc0ddb2bbf2abb601734eb15054f348de5645b2c192fbc8906bc4dffceb11", "f556cd21035c1a5790ee917894525c8b7f48463c03f862da09e435f7c193b223"], "path": "\\MSOCache\\All Users\\{90140000-0019-0409-0000-0000000FF1CE}-C\\0PZW70DW-"}, {"hashes": ["30e8996a0f3b1ac41421482cda2a382729d335b4693a32667e6994b3157842ba", "395f1d3b183d2f200dd4c17fc07730eefdbeff0e30074b45adf7ab9ac010baf4", "c01daa19a50388dffaafaff71046b71afc896082c187775e1d43937b3b5858e6", "cf2cc0ddb2bbf2abb601734eb15054f348de5645b2c192fbc8906bc4dffceb11", "f556cd21035c1a5790ee917894525c8b7f48463c03f862da09e435f7c193b223"], "path": "\\MSOCache\\All Users\\{90140000-0019-0409-0000-0000000FF1CE}-C\\0PZW70DW--Z10I--"}, {"hashes": ["30e8996a0f3b1ac41421482cda2a382729d335b4693a32667e6994b3157842ba", "395f1d3b183d2f200dd4c17fc07730eefdbeff0e30074b45adf7ab9ac010baf4", "c01daa19a50388dffaafaff71046b71afc896082c187775e1d43937b3b5858e6", "cf2cc0ddb2bbf2abb601734eb15054f348de5645b2c192fbc8906bc4dffceb11", "f556cd21035c1a5790ee917894525c8b7f48463c03f862da09e435f7c193b223"], "path": "\\MSOCache\\All Users\\{90140000-001A-0409-0000-0000000FF1CE}-C\\0PZW70DW-"}, {"hashes": ["30e8996a0f3b1ac41421482cda2a382729d335b4693a32667e6994b3157842ba", "395f1d3b183d2f200dd4c17fc07730eefdbeff0e30074b45adf7ab9ac010baf4", "c01daa19a50388dffaafaff71046b71afc896082c187775e1d43937b3b5858e6", "cf2cc0ddb2bbf2abb601734eb15054f348de5645b2c192fbc8906bc4dffceb11", "f556cd21035c1a5790ee917894525c8b7f48463c03f862da09e435f7c193b223"], "path": "\\MSOCache\\All Users\\{90140000-001A-0409-0000-0000000FF1CE}-C\\0PZW70DW--Z10I"}, {"hashes": ["30e8996a0f3b1ac41421482cda2a382729d335b4693a32667e6994b3157842ba", "395f1d3b183d2f200dd4c17fc07730eefdbeff0e30074b45adf7ab9ac010baf4", "c01daa19a50388dffaafaff71046b71afc896082c187775e1d43937b3b5858e6", "cf2cc0ddb2bbf2abb601734eb15054f348de5645b2c192fbc8906bc4dffceb11", "f556cd21035c1a5790ee917894525c8b7f48463c03f862da09e435f7c193b223"], "path": "\\MSOCache\\All Users\\{90140000-001B-0409-0000-0000000FF1CE}-C\\0PZW70DW-"}, {"hashes": ["30e8996a0f3b1ac41421482cda2a382729d335b4693a32667e6994b3157842ba", "395f1d3b183d2f200dd4c17fc07730eefdbeff0e30074b45adf7ab9ac010baf4", "c01daa19a50388dffaafaff71046b71afc896082c187775e1d43937b3b5858e6", "cf2cc0ddb2bbf2abb601734eb15054f348de5645b2c192fbc8906bc4dffceb11", "f556cd21035c1a5790ee917894525c8b7f48463c03f862da09e435f7c193b223"], "path": "\\MSOCache\\All Users\\{90140000-001B-0409-0000-0000000FF1CE}-C\\0PZW70DW--Z"}, {"hashes": ["30e8996a0f3b1ac41421482cda2a382729d335b4693a32667e6994b3157842ba", "395f1d3b183d2f200dd4c17fc07730eefdbeff0e30074b45adf7ab9ac010baf4", "c01daa19a50388dffaafaff71046b71afc896082c187775e1d43937b3b5858e6", "cf2cc0ddb2bbf2abb601734eb15054f348de5645b2c192fbc8906bc4dffceb11", "f556cd21035c1a5790ee917894525c8b7f48463c03f862da09e435f7c193b223"], "path": "\\MSOCache\\All Users\\{90140000-002C-0409-0000-0000000FF1CE}-C\\0PZW70DW-"}, {"hashes": ["30e8996a0f3b1ac41421482cda2a382729d335b4693a32667e6994b3157842ba", "395f1d3b183d2f200dd4c17fc07730eefdbeff0e30074b45adf7ab9ac010baf4", "c01daa19a50388dffaafaff71046b71afc896082c187775e1d43937b3b5858e6", "cf2cc0ddb2bbf2abb601734eb15054f348de5645b2c192fbc8906bc4dffceb11", "f556cd21035c1a5790ee917894525c8b7f48463c03f862da09e435f7c193b223"], "path": "\\MSOCache\\All Users\\{90140000-002C-0409-0000-0000000FF1CE}-C\\0PZW70DW--Z1"}, {"hashes": ["30e8996a0f3b1ac41421482cda2a382729d335b4693a32667e6994b3157842ba", "395f1d3b183d2f200dd4c17fc07730eefdbeff0e30074b45adf7ab9ac010baf4", "c01daa19a50388dffaafaff71046b71afc896082c187775e1d43937b3b5858e6", "cf2cc0ddb2bbf2abb601734eb15054f348de5645b2c192fbc8906bc4dffceb11", "f556cd21035c1a5790ee917894525c8b7f48463c03f862da09e435f7c193b223"], "path": "\\MSOCache\\All Users\\{90140000-002C-0409-0000-0000000FF1CE}-C\\Proof.en\\0PZW70DW-"}, {"hashes": ["30e8996a0f3b1ac41421482cda2a382729d335b4693a32667e6994b3157842ba", "395f1d3b183d2f200dd4c17fc07730eefdbeff0e30074b45adf7ab9ac010baf4", "c01daa19a50388dffaafaff71046b71afc896082c187775e1d43937b3b5858e6", "cf2cc0ddb2bbf2abb601734eb15054f348de5645b2c192fbc8906bc4dffceb11", "f556cd21035c1a5790ee917894525c8b7f48463c03f862da09e435f7c193b223"], "path": "\\MSOCache\\All Users\\{90140000-002C-0409-0000-0000000FF1CE}-C\\Proof.es\\0PZW70DW-"}, {"hashes": ["30e8996a0f3b1ac41421482cda2a382729d335b4693a32667e6994b3157842ba", "395f1d3b183d2f200dd4c17fc07730eefdbeff0e30074b45adf7ab9ac010baf4", "c01daa19a50388dffaafaff71046b71afc896082c187775e1d43937b3b5858e6", "cf2cc0ddb2bbf2abb601734eb15054f348de5645b2c192fbc8906bc4dffceb11", "f556cd21035c1a5790ee917894525c8b7f48463c03f862da09e435f7c193b223"], "path": "\\MSOCache\\All Users\\{90140000-002C-0409-0000-0000000FF1CE}-C\\Proof.fr\\0PZW70DW-"}, {"hashes": ["30e8996a0f3b1ac41421482cda2a382729d335b4693a32667e6994b3157842ba", "395f1d3b183d2f200dd4c17fc07730eefdbeff0e30074b45adf7ab9ac010baf4", "c01daa19a50388dffaafaff71046b71afc896082c187775e1d43937b3b5858e6", "cf2cc0ddb2bbf2abb601734eb15054f348de5645b2c192fbc8906bc4dffceb11", "f556cd21035c1a5790ee917894525c8b7f48463c03f862da09e435f7c193b223"], "path": "\\MSOCache\\All Users\\{90140000-0044-0409-0000-0000000FF1CE}-C\\0PZW70DW-"}, {"hashes": ["30e8996a0f3b1ac41421482cda2a382729d335b4693a32667e6994b3157842ba", "395f1d3b183d2f200dd4c17fc07730eefdbeff0e30074b45adf7ab9ac010baf4", "c01daa19a50388dffaafaff71046b71afc896082c187775e1d43937b3b5858e6", "cf2cc0ddb2bbf2abb601734eb15054f348de5645b2c192fbc8906bc4dffceb11", "f556cd21035c1a5790ee917894525c8b7f48463c03f862da09e435f7c193b223"], "path": "\\MSOCache\\All Users\\{90140000-0044-0409-0000-0000000FF1CE}-C\\0PZW70DW--Z10I-"}, {"hashes": ["30e8996a0f3b1ac41421482cda2a382729d335b4693a32667e6994b3157842ba", "395f1d3b183d2f200dd4c17fc07730eefdbeff0e30074b45adf7ab9ac010baf4", "c01daa19a50388dffaafaff71046b71afc896082c187775e1d43937b3b5858e6", "cf2cc0ddb2bbf2abb601734eb15054f348de5645b2c192fbc8906bc4dffceb11", "f556cd21035c1a5790ee917894525c8b7f48463c03f862da09e435f7c193b223"], "path": "\\MSOCache\\All Users\\{90140000-00A1-0409-0000-0000000FF1CE}-C\\0PZW70DW-"}, {"hashes": ["30e8996a0f3b1ac41421482cda2a382729d335b4693a32667e6994b3157842ba", "395f1d3b183d2f200dd4c17fc07730eefdbeff0e30074b45adf7ab9ac010baf4", "c01daa19a50388dffaafaff71046b71afc896082c187775e1d43937b3b5858e6", "cf2cc0ddb2bbf2abb601734eb15054f348de5645b2c192fbc8906bc4dffceb11", "f556cd21035c1a5790ee917894525c8b7f48463c03f862da09e435f7c193b223"], "path": "\\MSOCache\\All Users\\{90140000-00A1-0409-0000-0000000FF1CE}-C\\0PZW70DW--Z10I"}, {"hashes": ["30e8996a0f3b1ac41421482cda2a382729d335b4693a32667e6994b3157842ba", "395f1d3b183d2f200dd4c17fc07730eefdbeff0e30074b45adf7ab9ac010baf4", "c01daa19a50388dffaafaff71046b71afc896082c187775e1d43937b3b5858e6", "cf2cc0ddb2bbf2abb601734eb15054f348de5645b2c192fbc8906bc4dffceb11", "f556cd21035c1a5790ee917894525c8b7f48463c03f862da09e435f7c193b223"], "path": "\\MSOCache\\All Users\\{90140000-00BA-0409-0000-0000000FF1CE}-C\\0PZW70DW-"}, {"hashes": ["30e8996a0f3b1ac41421482cda2a382729d335b4693a32667e6994b3157842ba", "395f1d3b183d2f200dd4c17fc07730eefdbeff0e30074b45adf7ab9ac010baf4", "c01daa19a50388dffaafaff71046b71afc896082c187775e1d43937b3b5858e6", "cf2cc0ddb2bbf2abb601734eb15054f348de5645b2c192fbc8906bc4dffceb11", "f556cd21035c1a5790ee917894525c8b7f48463c03f862da09e435f7c193b223"], "path": "\\MSOCache\\All Users\\{90140000-00BA-0409-0000-0000000FF1CE}-C\\0PZW70DW--Z10"}, {"hashes": ["30e8996a0f3b1ac41421482cda2a382729d335b4693a32667e6994b3157842ba", "395f1d3b183d2f200dd4c17fc07730eefdbeff0e30074b45adf7ab9ac010baf4", "c01daa19a50388dffaafaff71046b71afc896082c187775e1d43937b3b5858e6", "cf2cc0ddb2bbf2abb601734eb15054f348de5645b2c192fbc8906bc4dffceb11", "f556cd21035c1a5790ee917894525c8b7f48463c03f862da09e435f7c193b223"], "path": "\\MSOCache\\All Users\\{90140000-0115-0409-0000-0000000FF1CE}-C\\0PZW70DW-"}, {"hashes": ["30e8996a0f3b1ac41421482cda2a382729d335b4693a32667e6994b3157842ba", "395f1d3b183d2f200dd4c17fc07730eefdbeff0e30074b45adf7ab9ac010baf4", "c01daa19a50388dffaafaff71046b71afc896082c187775e1d43937b3b5858e6", "cf2cc0ddb2bbf2abb601734eb15054f348de5645b2c192fbc8906bc4dffceb11", "f556cd21035c1a5790ee917894525c8b7f48463c03f862da09e435f7c193b223"], "path": "\\MSOCache\\All Users\\{90140000-0115-0409-0000-0000000FF1CE}-C\\0PZW70DW--Z1"}, {"hashes": ["30e8996a0f3b1ac41421482cda2a382729d335b4693a32667e6994b3157842ba", "395f1d3b183d2f200dd4c17fc07730eefdbeff0e30074b45adf7ab9ac010baf4", "c01daa19a50388dffaafaff71046b71afc896082c187775e1d43937b3b5858e6", "cf2cc0ddb2bbf2abb601734eb15054f348de5645b2c192fbc8906bc4dffceb11", "f556cd21035c1a5790ee917894525c8b7f48463c03f862da09e435f7c193b223"], "path": "\\MSOCache\\All Users\\{90140000-0115-0409-0000-0000000FF1CE}-C\\0PZW70DW--Z10"}, {"hashes": ["30e8996a0f3b1ac41421482cda2a382729d335b4693a32667e6994b3157842ba", "395f1d3b183d2f200dd4c17fc07730eefdbeff0e30074b45adf7ab9ac010baf4", "c01daa19a50388dffaafaff71046b71afc896082c187775e1d43937b3b5858e6", "cf2cc0ddb2bbf2abb601734eb15054f348de5645b2c192fbc8906bc4dffceb11", "f556cd21035c1a5790ee917894525c8b7f48463c03f862da09e435f7c193b223"], "path": "\\MSOCache\\All Users\\{90140000-0115-0409-0000-0000000FF1CE}-C\\0PZW70DW--Z10I--"}, {"hashes": ["30e8996a0f3b1ac41421482cda2a382729d335b4693a32667e6994b3157842ba", "395f1d3b183d2f200dd4c17fc07730eefdbeff0e30074b45adf7ab9ac010baf4", "c01daa19a50388dffaafaff71046b71afc896082c187775e1d43937b3b5858e6", "cf2cc0ddb2bbf2abb601734eb15054f348de5645b2c192fbc8906bc4dffceb11", "f556cd21035c1a5790ee917894525c8b7f48463c03f862da09e435f7c193b223"], "path": "\\MSOCache\\All Users\\{90140000-0116-0409-1000-0000000FF1CE}-C\\0PZW70DW-"}, {"hashes": ["30e8996a0f3b1ac41421482cda2a382729d335b4693a32667e6994b3157842ba", "395f1d3b183d2f200dd4c17fc07730eefdbeff0e30074b45adf7ab9ac010baf4", "c01daa19a50388dffaafaff71046b71afc896082c187775e1d43937b3b5858e6", "cf2cc0ddb2bbf2abb601734eb15054f348de5645b2c192fbc8906bc4dffceb11", "f556cd21035c1a5790ee917894525c8b7f48463c03f862da09e435f7c193b223"], "path": "\\MSOCache\\All Users\\{90140000-0116-0409-1000-0000000FF1CE}-C\\0PZW70DW--Z10I-"}, {"hashes": ["30e8996a0f3b1ac41421482cda2a382729d335b4693a32667e6994b3157842ba", "395f1d3b183d2f200dd4c17fc07730eefdbeff0e30074b45adf7ab9ac010baf4", "c01daa19a50388dffaafaff71046b71afc896082c187775e1d43937b3b5858e6", "cf2cc0ddb2bbf2abb601734eb15054f348de5645b2c192fbc8906bc4dffceb11", "f556cd21035c1a5790ee917894525c8b7f48463c03f862da09e435f7c193b223"], "path": "\\MSOCache\\All Users\\{90140000-0116-0409-1000-0000000FF1CE}-C\\0PZW70DW--Z10I--ES"}, {"hashes": ["30e8996a0f3b1ac41421482cda2a382729d335b4693a32667e6994b3157842ba", "395f1d3b183d2f200dd4c17fc07730eefdbeff0e30074b45adf7ab9ac010baf4", "c01daa19a50388dffaafaff71046b71afc896082c187775e1d43937b3b5858e6", "cf2cc0ddb2bbf2abb601734eb15054f348de5645b2c192fbc8906bc4dffceb11", "f556cd21035c1a5790ee917894525c8b7f48463c03f862da09e435f7c193b223"], "path": "\\MSOCache\\All Users\\{90140000-0117-0409-0000-0000000FF1CE}-C\\0PZW70DW-"}, {"hashes": ["30e8996a0f3b1ac41421482cda2a382729d335b4693a32667e6994b3157842ba", "395f1d3b183d2f200dd4c17fc07730eefdbeff0e30074b45adf7ab9ac010baf4", "c01daa19a50388dffaafaff71046b71afc896082c187775e1d43937b3b5858e6", "cf2cc0ddb2bbf2abb601734eb15054f348de5645b2c192fbc8906bc4dffceb11", "f556cd21035c1a5790ee917894525c8b7f48463c03f862da09e435f7c193b223"], "path": "\\MSOCache\\All Users\\{90140000-0117-0409-0000-0000000FF1CE}-C\\0PZW70DW--Z10I--"}, {"hashes": ["30e8996a0f3b1ac41421482cda2a382729d335b4693a32667e6994b3157842ba", "395f1d3b183d2f200dd4c17fc07730eefdbeff0e30074b45adf7ab9ac010baf4", "c01daa19a50388dffaafaff71046b71afc896082c187775e1d43937b3b5858e6", "cf2cc0ddb2bbf2abb601734eb15054f348de5645b2c192fbc8906bc4dffceb11", "f556cd21035c1a5790ee917894525c8b7f48463c03f862da09e435f7c193b223"], "path": "\\MSOCache\\All Users\\{91140000-0011-0000-0000-0000000FF1CE}-C\\0PZW70DW-"}, {"hashes": ["30e8996a0f3b1ac41421482cda2a382729d335b4693a32667e6994b3157842ba", "395f1d3b183d2f200dd4c17fc07730eefdbeff0e30074b45adf7ab9ac010baf4", "c01daa19a50388dffaafaff71046b71afc896082c187775e1d43937b3b5858e6", "cf2cc0ddb2bbf2abb601734eb15054f348de5645b2c192fbc8906bc4dffceb11", "f556cd21035c1a5790ee917894525c8b7f48463c03f862da09e435f7c193b223"], "path": "\\MSOCache\\All Users\\{91140000-0011-0000-0000-0000000FF1CE}-C\\0PZW70DW--Z10I"}, {"hashes": ["30e8996a0f3b1ac41421482cda2a382729d335b4693a32667e6994b3157842ba", "395f1d3b183d2f200dd4c17fc07730eefdbeff0e30074b45adf7ab9ac010baf4", "c01daa19a50388dffaafaff71046b71afc896082c187775e1d43937b3b5858e6", "cf2cc0ddb2bbf2abb601734eb15054f348de5645b2c192fbc8906bc4dffceb11", "f556cd21035c1a5790ee917894525c8b7f48463c03f862da09e435f7c193b223"], "path": "%ProgramData%\\Microsoft\\OfficeSoftwareProtectionPlatform\\0PZW70DW--"}, {"hashes": ["30e8996a0f3b1ac41421482cda2a382729d335b4693a32667e6994b3157842ba", "395f1d3b183d2f200dd4c17fc07730eefdbeff0e30074b45adf7ab9ac010baf4", "c01daa19a50388dffaafaff71046b71afc896082c187775e1d43937b3b5858e6", "cf2cc0ddb2bbf2abb601734eb15054f348de5645b2c192fbc8906bc4dffceb11", "f556cd21035c1a5790ee917894525c8b7f48463c03f862da09e435f7c193b223"], "path": "%ProgramData%\\Microsoft\\OfficeSoftwareProtectionPlatform\\Cache\\0PZW70DW-"}, {"hashes": ["30e8996a0f3b1ac41421482cda2a382729d335b4693a32667e6994b3157842ba", "395f1d3b183d2f200dd4c17fc07730eefdbeff0e30074b45adf7ab9ac010baf4", "c01daa19a50388dffaafaff71046b71afc896082c187775e1d43937b3b5858e6", "cf2cc0ddb2bbf2abb601734eb15054f348de5645b2c192fbc8906bc4dffceb11", "f556cd21035c1a5790ee917894525c8b7f48463c03f862da09e435f7c193b223"], "path": "%ProgramData%\\Microsoft\\User Account Pictures\\0PZW70DW--Z10I--E"}, {"hashes": ["30e8996a0f3b1ac41421482cda2a382729d335b4693a32667e6994b3157842ba", "395f1d3b183d2f200dd4c17fc07730eefdbeff0e30074b45adf7ab9ac010baf4", "c01daa19a50388dffaafaff71046b71afc896082c187775e1d43937b3b5858e6", "cf2cc0ddb2bbf2abb601734eb15054f348de5645b2c192fbc8906bc4dffceb11", "f556cd21035c1a5790ee917894525c8b7f48463c03f862da09e435f7c193b223"], "path": "%ProgramData%\\Microsoft\\Windows Defender\\Scans\\CleanStore\\0PZW70DW--Z"}, {"hashes": ["30e8996a0f3b1ac41421482cda2a382729d335b4693a32667e6994b3157842ba", "395f1d3b183d2f200dd4c17fc07730eefdbeff0e30074b45adf7ab9ac010baf4", "c01daa19a50388dffaafaff71046b71afc896082c187775e1d43937b3b5858e6", "cf2cc0ddb2bbf2abb601734eb15054f348de5645b2c192fbc8906bc4dffceb11", "f556cd21035c1a5790ee917894525c8b7f48463c03f862da09e435f7c193b223"], "path": "%ProgramData%\\Microsoft\\Windows Defender\\Scans\\History\\CacheManager\\0PZW70DW-"}, {"hashes": ["30e8996a0f3b1ac41421482cda2a382729d335b4693a32667e6994b3157842ba", "395f1d3b183d2f200dd4c17fc07730eefdbeff0e30074b45adf7ab9ac010baf4", "c01daa19a50388dffaafaff71046b71afc896082c187775e1d43937b3b5858e6", "cf2cc0ddb2bbf2abb601734eb15054f348de5645b2c192fbc8906bc4dffceb11", "f556cd21035c1a5790ee917894525c8b7f48463c03f862da09e435f7c193b223"], "path": "%HOMEPATH%\\Documents\\OneNote Notebooks\\Notes\\0PZW70DW--Z10I--ES3X-"}, {"hashes": ["30e8996a0f3b1ac41421482cda2a382729d335b4693a32667e6994b3157842ba", "395f1d3b183d2f200dd4c17fc07730eefdbeff0e30074b45adf7ab9ac010baf4", "c01daa19a50388dffaafaff71046b71afc896082c187775e1d43937b3b5858e6", "cf2cc0ddb2bbf2abb601734eb15054f348de5645b2c192fbc8906bc4dffceb11", "f556cd21035c1a5790ee917894525c8b7f48463c03f862da09e435f7c193b223"], "path": "%HOMEPATH%\\Documents\\OneNote Notebooks\\Personal\\0PZW70DW--Z10I--ES3X-"}, {"hashes": ["30e8996a0f3b1ac41421482cda2a382729d335b4693a32667e6994b3157842ba", "395f1d3b183d2f200dd4c17fc07730eefdbeff0e30074b45adf7ab9ac010baf4", "c01daa19a50388dffaafaff71046b71afc896082c187775e1d43937b3b5858e6", "cf2cc0ddb2bbf2abb601734eb15054f348de5645b2c192fbc8906bc4dffceb11", "f556cd21035c1a5790ee917894525c8b7f48463c03f862da09e435f7c193b223"], "path": "%TEMP%\\<random, matching '[a-z]{3}[A-F0-9]{3,4}'>.tmp"}, {"hashes": ["5feca7d20b950f2b4a4498ae29a0b4abcdaa38e8e4da4cf1dc2786683ec2526c", "9adf00c647589ae33d841040666e28987e5a88aaf1f08e20a33bfb0c89280380"], "path": "\\$Recycle.Bin\\<User SID>\\desktop.ini.[stopper@india.com].wallet"}], "ip": [{"hashes": ["30e8996a0f3b1ac41421482cda2a382729d335b4693a32667e6994b3157842ba", "395f1d3b183d2f200dd4c17fc07730eefdbeff0e30074b45adf7ab9ac010baf4", "c01daa19a50388dffaafaff71046b71afc896082c187775e1d43937b3b5858e6", "cf2cc0ddb2bbf2abb601734eb15054f348de5645b2c192fbc8906bc4dffceb11", "f556cd21035c1a5790ee917894525c8b7f48463c03f862da09e435f7c193b223"], "ip": "194[.]31[.]59[.]5"}, {"hashes": ["30e8996a0f3b1ac41421482cda2a382729d335b4693a32667e6994b3157842ba", "cf2cc0ddb2bbf2abb601734eb15054f348de5645b2c192fbc8906bc4dffceb11", "f556cd21035c1a5790ee917894525c8b7f48463c03f862da09e435f7c193b223"], "ip": "13[.]107[.]21[.]200"}], "mutex": [{"hashes": ["30e8996a0f3b1ac41421482cda2a382729d335b4693a32667e6994b3157842ba", "395f1d3b183d2f200dd4c17fc07730eefdbeff0e30074b45adf7ab9ac010baf4", "c01daa19a50388dffaafaff71046b71afc896082c187775e1d43937b3b5858e6", "cf2cc0ddb2bbf2abb601734eb15054f348de5645b2c192fbc8906bc4dffceb11", "f556cd21035c1a5790ee917894525c8b7f48463c03f862da09e435f7c193b223"], "name": "Global\\4aEa7aGa9a4aBa6a4a4aBa1a5a8a4a1a"}, {"hashes": ["30e8996a0f3b1ac41421482cda2a382729d335b4693a32667e6994b3157842ba", "395f1d3b183d2f200dd4c17fc07730eefdbeff0e30074b45adf7ab9ac010baf4", "c01daa19a50388dffaafaff71046b71afc896082c187775e1d43937b3b5858e6", "cf2cc0ddb2bbf2abb601734eb15054f348de5645b2c192fbc8906bc4dffceb11", "f556cd21035c1a5790ee917894525c8b7f48463c03f862da09e435f7c193b223"], "name": "Local\\4aEa7aGa9a4aBa6a4a4aBa1a5a8a4a1a"}, {"hashes": ["5feca7d20b950f2b4a4498ae29a0b4abcdaa38e8e4da4cf1dc2786683ec2526c", "9adf00c647589ae33d841040666e28987e5a88aaf1f08e20a33bfb0c89280380"], "name": "Global\\syncronize_122STP"}, {"hashes": ["ff0327525f5459163cd7b2a4795067e4fa74858c7bd0799909226239c96cdc5b"], "name": "Frz_State"}, {"hashes": ["ff0327525f5459163cd7b2a4795067e4fa74858c7bd0799909226239c96cdc5b"], "name": "Sandboxie_SingleInstanceMutex_Control"}, {"hashes": ["ff0327525f5459163cd7b2a4795067e4fa74858c7bd0799909226239c96cdc5b"], "name": "MicrosoftVirtualPC7UserServiceMakeSureWe'reTheOnlyOneMutex"}, {"hashes": ["ff0327525f5459163cd7b2a4795067e4fa74858c7bd0799909226239c96cdc5b"], "name": "<32 random hex characters>"}, {"hashes": ["7a72cc00144801b4d6efcdb2dfc87152fbbf63b95b75207e164c174deb31a829"], "name": "Global\\c7eef521-b0de-11ed-9660-0015179b4e34"}, {"hashes": ["1d42deb34a41e503493a62da4c0c1e1fbc1ccd69613bb4f2776160eeaeb5e203"], "name": "{a3af5c44-b74e-41d5-a87a-4a043a1fb0ec}"}, {"hashes": ["1d42deb34a41e503493a62da4c0c1e1fbc1ccd69613bb4f2776160eeaeb5e203"], "name": "{84310dce-64d5-490d-9ae5-016108d66b7e}"}], "registry": [{"hashes": ["30e8996a0f3b1ac41421482cda2a382729d335b4693a32667e6994b3157842ba", "395f1d3b183d2f200dd4c17fc07730eefdbeff0e30074b45adf7ab9ac010baf4", "c01daa19a50388dffaafaff71046b71afc896082c187775e1d43937b3b5858e6", "cf2cc0ddb2bbf2abb601734eb15054f348de5645b2c192fbc8906bc4dffceb11", "f556cd21035c1a5790ee917894525c8b7f48463c03f862da09e435f7c193b223"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\INTERNET EXPLORER\\SEARCHSCOPES\\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}", "value_name": "FaviconPath"}, {"hashes": ["30e8996a0f3b1ac41421482cda2a382729d335b4693a32667e6994b3157842ba", "395f1d3b183d2f200dd4c17fc07730eefdbeff0e30074b45adf7ab9ac010baf4", "c01daa19a50388dffaafaff71046b71afc896082c187775e1d43937b3b5858e6", "cf2cc0ddb2bbf2abb601734eb15054f348de5645b2c192fbc8906bc4dffceb11", "f556cd21035c1a5790ee917894525c8b7f48463c03f862da09e435f7c193b223"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\INTERNET EXPLORER\\SEARCHSCOPES\\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}", "value_name": "Deleted"}, {"hashes": ["30e8996a0f3b1ac41421482cda2a382729d335b4693a32667e6994b3157842ba", "395f1d3b183d2f200dd4c17fc07730eefdbeff0e30074b45adf7ab9ac010baf4", "c01daa19a50388dffaafaff71046b71afc896082c187775e1d43937b3b5858e6", "cf2cc0ddb2bbf2abb601734eb15054f348de5645b2c192fbc8906bc4dffceb11", "f556cd21035c1a5790ee917894525c8b7f48463c03f862da09e435f7c193b223"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\INTERNET EXPLORER\\SEARCHSCOPES", "value_name": "DefaultScope"}, {"hashes": ["30e8996a0f3b1ac41421482cda2a382729d335b4693a32667e6994b3157842ba", "395f1d3b183d2f200dd4c17fc07730eefdbeff0e30074b45adf7ab9ac010baf4", "c01daa19a50388dffaafaff71046b71afc896082c187775e1d43937b3b5858e6", "cf2cc0ddb2bbf2abb601734eb15054f348de5645b2c192fbc8906bc4dffceb11", "f556cd21035c1a5790ee917894525c8b7f48463c03f862da09e435f7c193b223"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\VSS\\DIAG\\VSSAPIPUBLISHER", "value_name": null}, {"hashes": ["30e8996a0f3b1ac41421482cda2a382729d335b4693a32667e6994b3157842ba", "395f1d3b183d2f200dd4c17fc07730eefdbeff0e30074b45adf7ab9ac010baf4", "c01daa19a50388dffaafaff71046b71afc896082c187775e1d43937b3b5858e6", "cf2cc0ddb2bbf2abb601734eb15054f348de5645b2c192fbc8906bc4dffceb11", "f556cd21035c1a5790ee917894525c8b7f48463c03f862da09e435f7c193b223"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\EXT\\STATS\\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}", "value_name": null}, {"hashes": ["ff0327525f5459163cd7b2a4795067e4fa74858c7bd0799909226239c96cdc5b"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "sessionstore.exe"}, {"hashes": ["ff0327525f5459163cd7b2a4795067e4fa74858c7bd0799909226239c96cdc5b"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\GUTID", "value_name": null}, {"hashes": ["ff0327525f5459163cd7b2a4795067e4fa74858c7bd0799909226239c96cdc5b"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\KEMOA", "value_name": null}, {"hashes": ["ff0327525f5459163cd7b2a4795067e4fa74858c7bd0799909226239c96cdc5b"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\IPCAEM", "value_name": null}, {"hashes": ["ff0327525f5459163cd7b2a4795067e4fa74858c7bd0799909226239c96cdc5b"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\F12", "value_name": "Izys"}, {"hashes": ["1d42deb34a41e503493a62da4c0c1e1fbc1ccd69613bb4f2776160eeaeb5e203"], "key": "<HKCU>\\SOFTWARE\\{A3AF5C44-B74E-41D5-A87A-4A043A1FB0EC}", "value_name": null}, {"hashes": ["1d42deb34a41e503493a62da4c0c1e1fbc1ccd69613bb4f2776160eeaeb5e203"], "key": "<HKCU>\\SOFTWARE\\{A3AF5C44-B74E-41D5-A87A-4A043A1FB0EC}", "value_name": "temp"}, {"hashes": ["1d42deb34a41e503493a62da4c0c1e1fbc1ccd69613bb4f2776160eeaeb5e203"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "How To Recover Encrypted Files"}, {"hashes": ["1d42deb34a41e503493a62da4c0c1e1fbc1ccd69613bb4f2776160eeaeb5e203"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUNONCE", "value_name": "Scanner"}, {"hashes": ["9adf00c647589ae33d841040666e28987e5a88aaf1f08e20a33bfb0c89280380"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "9adf00c647589ae33d841040666e28987e5a88aaf1f08e20a33bfb0c89280380.exe"}, {"hashes": ["5feca7d20b950f2b4a4498ae29a0b4abcdaa38e8e4da4cf1dc2786683ec2526c"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "5feca7d20b950f2b4a4498ae29a0b4abcdaa38e8e4da4cf1dc2786683ec2526c.exe"}]}, "reports_count": 11}, "Win.Trojan.Qakbot-9988002-1": {"bis": [{"bi": "pe-encrypted-section", "hashes": ["2236204531ad81d7ab9b2c8e704497ebfde5e2554d2687fa3f5bd3800be540ff", "41536fc93761f6923f86562c12768a1053b08bb08f91b31043f423bf0a2c0229", "1e2a5a88e370b4bbc50a62e61040a2fc117af42bf672e56925c1e24b3dc5039e", "305d2b4f7ebd85932c6daa7eca77fa08fa0adfb48e11cfe86e22e47e1aaf774a", "3d5f9a4e0070cf99b4dffbe3d06500b8929462015467f294509c178c756c8b4b", "0fa59b6e8585416434a04898181b63ddcf3b785377da2d6711aeb8c441ad949c", "182aa91cc52306e7f71ae4135292c6157b002b5e91ba16e309261c4d63bf95fd", "240f24d87905781e0d893683d560dfaf8e8e1c8533617fe4791e6aa0b851b2de", "13cf01f962b5b63794e3774b2c616bb0fdbe487306b22045a50a18d209e10d3b", "3e376c34b73658f6ecde946265299d14f14d191191843b66f2ff581dfb2e39c4", "3cdf4800752be025dec2760a6c66eb059d734ebf2269d76186060fdb8176dfd9", "1e2dde336b5e068ed2f0ccaa2a14f2bbd61f32951b62ef1a964e542e1f65be66", "15e2851fc6481958b95eaab92541a7e37d126d0407308adb5b144b87b15d6bba", "1635881fe75944629367a4d9a989ee70a4d0897289218fda9d4dd4fb621b7104", "1eceabe6da6e92bf09cb95edf20cc717baa50180146807164aed808691f0bcc9", "10c51b1fc7c0331b2827d6cd076e444badf94c7c29ed982b198447c5b7eabf12", "1879a0fbb682735b9496f3a5e01a52d6720ce157bc49cde377c382bae4ed75ab", "2750e43ee7fb9e3ceffd87a2af2646454f63af292f6501804f3fdcacc0da6121", "2b1e565d706ae944fdc3517770819d310e346372bc52ec32ffbecfb4a05a2196", "126e16a74f8e126e8f8a87587423927cd7212cd761b058f40031fd8adad4ea24", "28d3830d68b8ead88c967f53d4544c5517fee4b18f27c2b7d7d4ecfdbc87c1dd", "22be1aff400bff0e8488683681571b2c923e2aa2ed7b146c3f2d72da27c75942", "b69f9b48df4766223316d7609dce39cc74450819fe65138547c6a21beb2d2d5e", "e7e9e9ede8090e5bcf5ee8341f4540c21ace2e419b0d3a766c5e460313ca4328", "3ff648fe8c26ccf15b923e9de9f2b7cab25a047350a50cba019bed47b1ad1f40", "402dc9f0deb84bc6a911e6a13a953a6049e9eb79203968ca5cb123b21dd349f4", "f29c24fceb5dd166b473d60785cf775c0b8e11380a4d237096cd99401c801d02", "4bc14c98bc777a7bb2cf013a460ff02b8a5a67a318be6c82e8b3f43ab72125d7", "d53a72da6f43cc8b0a7adca3e397addfccfb1d6e9650184f76afc294b66f98a1", "88fae62ee9c09b67123d42a4ddc9dce679e5508668b60d2a3d869578bc652ad8", "9a0777c33e3e3273e74105959554b6bcf05755c6105921a2cf70bb80ae744a07", "0266329991a609c3244535997bfc8a9c5a08953693f0960d72122d9dd19eaf53"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "memory-execute-readwrite", "hashes": ["2236204531ad81d7ab9b2c8e704497ebfde5e2554d2687fa3f5bd3800be540ff", "41536fc93761f6923f86562c12768a1053b08bb08f91b31043f423bf0a2c0229", "1e2a5a88e370b4bbc50a62e61040a2fc117af42bf672e56925c1e24b3dc5039e", "305d2b4f7ebd85932c6daa7eca77fa08fa0adfb48e11cfe86e22e47e1aaf774a", "3d5f9a4e0070cf99b4dffbe3d06500b8929462015467f294509c178c756c8b4b", "0fa59b6e8585416434a04898181b63ddcf3b785377da2d6711aeb8c441ad949c", "182aa91cc52306e7f71ae4135292c6157b002b5e91ba16e309261c4d63bf95fd", "240f24d87905781e0d893683d560dfaf8e8e1c8533617fe4791e6aa0b851b2de", "13cf01f962b5b63794e3774b2c616bb0fdbe487306b22045a50a18d209e10d3b", "3e376c34b73658f6ecde946265299d14f14d191191843b66f2ff581dfb2e39c4", "3cdf4800752be025dec2760a6c66eb059d734ebf2269d76186060fdb8176dfd9", "1e2dde336b5e068ed2f0ccaa2a14f2bbd61f32951b62ef1a964e542e1f65be66", "15e2851fc6481958b95eaab92541a7e37d126d0407308adb5b144b87b15d6bba", "1635881fe75944629367a4d9a989ee70a4d0897289218fda9d4dd4fb621b7104", "1eceabe6da6e92bf09cb95edf20cc717baa50180146807164aed808691f0bcc9", "10c51b1fc7c0331b2827d6cd076e444badf94c7c29ed982b198447c5b7eabf12", "1879a0fbb682735b9496f3a5e01a52d6720ce157bc49cde377c382bae4ed75ab", "2750e43ee7fb9e3ceffd87a2af2646454f63af292f6501804f3fdcacc0da6121", "2b1e565d706ae944fdc3517770819d310e346372bc52ec32ffbecfb4a05a2196", "126e16a74f8e126e8f8a87587423927cd7212cd761b058f40031fd8adad4ea24", "28d3830d68b8ead88c967f53d4544c5517fee4b18f27c2b7d7d4ecfdbc87c1dd", "22be1aff400bff0e8488683681571b2c923e2aa2ed7b146c3f2d72da27c75942", "b69f9b48df4766223316d7609dce39cc74450819fe65138547c6a21beb2d2d5e", "e7e9e9ede8090e5bcf5ee8341f4540c21ace2e419b0d3a766c5e460313ca4328", "3ff648fe8c26ccf15b923e9de9f2b7cab25a047350a50cba019bed47b1ad1f40", "402dc9f0deb84bc6a911e6a13a953a6049e9eb79203968ca5cb123b21dd349f4", "f29c24fceb5dd166b473d60785cf775c0b8e11380a4d237096cd99401c801d02", "4bc14c98bc777a7bb2cf013a460ff02b8a5a67a318be6c82e8b3f43ab72125d7", "d53a72da6f43cc8b0a7adca3e397addfccfb1d6e9650184f76afc294b66f98a1", "88fae62ee9c09b67123d42a4ddc9dce679e5508668b60d2a3d869578bc652ad8", "9a0777c33e3e3273e74105959554b6bcf05755c6105921a2cf70bb80ae744a07", "0266329991a609c3244535997bfc8a9c5a08953693f0960d72122d9dd19eaf53"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "modified-file-in-user-dir", "hashes": ["2236204531ad81d7ab9b2c8e704497ebfde5e2554d2687fa3f5bd3800be540ff", "41536fc93761f6923f86562c12768a1053b08bb08f91b31043f423bf0a2c0229", "1e2a5a88e370b4bbc50a62e61040a2fc117af42bf672e56925c1e24b3dc5039e", "305d2b4f7ebd85932c6daa7eca77fa08fa0adfb48e11cfe86e22e47e1aaf774a", "3d5f9a4e0070cf99b4dffbe3d06500b8929462015467f294509c178c756c8b4b", "0fa59b6e8585416434a04898181b63ddcf3b785377da2d6711aeb8c441ad949c", "182aa91cc52306e7f71ae4135292c6157b002b5e91ba16e309261c4d63bf95fd", "240f24d87905781e0d893683d560dfaf8e8e1c8533617fe4791e6aa0b851b2de", "13cf01f962b5b63794e3774b2c616bb0fdbe487306b22045a50a18d209e10d3b", "3e376c34b73658f6ecde946265299d14f14d191191843b66f2ff581dfb2e39c4", "3cdf4800752be025dec2760a6c66eb059d734ebf2269d76186060fdb8176dfd9", "1e2dde336b5e068ed2f0ccaa2a14f2bbd61f32951b62ef1a964e542e1f65be66", "15e2851fc6481958b95eaab92541a7e37d126d0407308adb5b144b87b15d6bba", "1635881fe75944629367a4d9a989ee70a4d0897289218fda9d4dd4fb621b7104", "1eceabe6da6e92bf09cb95edf20cc717baa50180146807164aed808691f0bcc9", "10c51b1fc7c0331b2827d6cd076e444badf94c7c29ed982b198447c5b7eabf12", "1879a0fbb682735b9496f3a5e01a52d6720ce157bc49cde377c382bae4ed75ab", "2750e43ee7fb9e3ceffd87a2af2646454f63af292f6501804f3fdcacc0da6121", "2b1e565d706ae944fdc3517770819d310e346372bc52ec32ffbecfb4a05a2196", "126e16a74f8e126e8f8a87587423927cd7212cd761b058f40031fd8adad4ea24", "28d3830d68b8ead88c967f53d4544c5517fee4b18f27c2b7d7d4ecfdbc87c1dd", "22be1aff400bff0e8488683681571b2c923e2aa2ed7b146c3f2d72da27c75942", "b69f9b48df4766223316d7609dce39cc74450819fe65138547c6a21beb2d2d5e", "e7e9e9ede8090e5bcf5ee8341f4540c21ace2e419b0d3a766c5e460313ca4328", "3ff648fe8c26ccf15b923e9de9f2b7cab25a047350a50cba019bed47b1ad1f40", "402dc9f0deb84bc6a911e6a13a953a6049e9eb79203968ca5cb123b21dd349f4", "f29c24fceb5dd166b473d60785cf775c0b8e11380a4d237096cd99401c801d02", "4bc14c98bc777a7bb2cf013a460ff02b8a5a67a318be6c82e8b3f43ab72125d7", "d53a72da6f43cc8b0a7adca3e397addfccfb1d6e9650184f76afc294b66f98a1", "88fae62ee9c09b67123d42a4ddc9dce679e5508668b60d2a3d869578bc652ad8", "9a0777c33e3e3273e74105959554b6bcf05755c6105921a2cf70bb80ae744a07", "0266329991a609c3244535997bfc8a9c5a08953693f0960d72122d9dd19eaf53"], "mitre_attack_tags": []}, {"bi": "pe-invalid-checksum", "hashes": ["2236204531ad81d7ab9b2c8e704497ebfde5e2554d2687fa3f5bd3800be540ff", "41536fc93761f6923f86562c12768a1053b08bb08f91b31043f423bf0a2c0229", "1e2a5a88e370b4bbc50a62e61040a2fc117af42bf672e56925c1e24b3dc5039e", "305d2b4f7ebd85932c6daa7eca77fa08fa0adfb48e11cfe86e22e47e1aaf774a", "3d5f9a4e0070cf99b4dffbe3d06500b8929462015467f294509c178c756c8b4b", "0fa59b6e8585416434a04898181b63ddcf3b785377da2d6711aeb8c441ad949c", "182aa91cc52306e7f71ae4135292c6157b002b5e91ba16e309261c4d63bf95fd", "240f24d87905781e0d893683d560dfaf8e8e1c8533617fe4791e6aa0b851b2de", "13cf01f962b5b63794e3774b2c616bb0fdbe487306b22045a50a18d209e10d3b", "3e376c34b73658f6ecde946265299d14f14d191191843b66f2ff581dfb2e39c4", "3cdf4800752be025dec2760a6c66eb059d734ebf2269d76186060fdb8176dfd9", "1e2dde336b5e068ed2f0ccaa2a14f2bbd61f32951b62ef1a964e542e1f65be66", "15e2851fc6481958b95eaab92541a7e37d126d0407308adb5b144b87b15d6bba", "1635881fe75944629367a4d9a989ee70a4d0897289218fda9d4dd4fb621b7104", "1eceabe6da6e92bf09cb95edf20cc717baa50180146807164aed808691f0bcc9", "10c51b1fc7c0331b2827d6cd076e444badf94c7c29ed982b198447c5b7eabf12", "1879a0fbb682735b9496f3a5e01a52d6720ce157bc49cde377c382bae4ed75ab", "2750e43ee7fb9e3ceffd87a2af2646454f63af292f6501804f3fdcacc0da6121", "2b1e565d706ae944fdc3517770819d310e346372bc52ec32ffbecfb4a05a2196", "126e16a74f8e126e8f8a87587423927cd7212cd761b058f40031fd8adad4ea24", "28d3830d68b8ead88c967f53d4544c5517fee4b18f27c2b7d7d4ecfdbc87c1dd", "22be1aff400bff0e8488683681571b2c923e2aa2ed7b146c3f2d72da27c75942", "b69f9b48df4766223316d7609dce39cc74450819fe65138547c6a21beb2d2d5e", "e7e9e9ede8090e5bcf5ee8341f4540c21ace2e419b0d3a766c5e460313ca4328", "3ff648fe8c26ccf15b923e9de9f2b7cab25a047350a50cba019bed47b1ad1f40", "402dc9f0deb84bc6a911e6a13a953a6049e9eb79203968ca5cb123b21dd349f4", "f29c24fceb5dd166b473d60785cf775c0b8e11380a4d237096cd99401c801d02", "4bc14c98bc777a7bb2cf013a460ff02b8a5a67a318be6c82e8b3f43ab72125d7", "d53a72da6f43cc8b0a7adca3e397addfccfb1d6e9650184f76afc294b66f98a1", "88fae62ee9c09b67123d42a4ddc9dce679e5508668b60d2a3d869578bc652ad8", "9a0777c33e3e3273e74105959554b6bcf05755c6105921a2cf70bb80ae744a07", "0266329991a609c3244535997bfc8a9c5a08953693f0960d72122d9dd19eaf53"], "mitre_attack_tags": []}, {"bi": "hook-installed", "hashes": ["2236204531ad81d7ab9b2c8e704497ebfde5e2554d2687fa3f5bd3800be540ff", "41536fc93761f6923f86562c12768a1053b08bb08f91b31043f423bf0a2c0229", "1e2a5a88e370b4bbc50a62e61040a2fc117af42bf672e56925c1e24b3dc5039e", "305d2b4f7ebd85932c6daa7eca77fa08fa0adfb48e11cfe86e22e47e1aaf774a", "3d5f9a4e0070cf99b4dffbe3d06500b8929462015467f294509c178c756c8b4b", "0fa59b6e8585416434a04898181b63ddcf3b785377da2d6711aeb8c441ad949c", "182aa91cc52306e7f71ae4135292c6157b002b5e91ba16e309261c4d63bf95fd", "240f24d87905781e0d893683d560dfaf8e8e1c8533617fe4791e6aa0b851b2de", "13cf01f962b5b63794e3774b2c616bb0fdbe487306b22045a50a18d209e10d3b", "3e376c34b73658f6ecde946265299d14f14d191191843b66f2ff581dfb2e39c4", "3cdf4800752be025dec2760a6c66eb059d734ebf2269d76186060fdb8176dfd9", "1e2dde336b5e068ed2f0ccaa2a14f2bbd61f32951b62ef1a964e542e1f65be66", "15e2851fc6481958b95eaab92541a7e37d126d0407308adb5b144b87b15d6bba", "1635881fe75944629367a4d9a989ee70a4d0897289218fda9d4dd4fb621b7104", "1eceabe6da6e92bf09cb95edf20cc717baa50180146807164aed808691f0bcc9", "10c51b1fc7c0331b2827d6cd076e444badf94c7c29ed982b198447c5b7eabf12", "1879a0fbb682735b9496f3a5e01a52d6720ce157bc49cde377c382bae4ed75ab", "2750e43ee7fb9e3ceffd87a2af2646454f63af292f6501804f3fdcacc0da6121", "2b1e565d706ae944fdc3517770819d310e346372bc52ec32ffbecfb4a05a2196", "126e16a74f8e126e8f8a87587423927cd7212cd761b058f40031fd8adad4ea24", "28d3830d68b8ead88c967f53d4544c5517fee4b18f27c2b7d7d4ecfdbc87c1dd", "22be1aff400bff0e8488683681571b2c923e2aa2ed7b146c3f2d72da27c75942", "b69f9b48df4766223316d7609dce39cc74450819fe65138547c6a21beb2d2d5e", "e7e9e9ede8090e5bcf5ee8341f4540c21ace2e419b0d3a766c5e460313ca4328", "3ff648fe8c26ccf15b923e9de9f2b7cab25a047350a50cba019bed47b1ad1f40", "402dc9f0deb84bc6a911e6a13a953a6049e9eb79203968ca5cb123b21dd349f4", "f29c24fceb5dd166b473d60785cf775c0b8e11380a4d237096cd99401c801d02", "4bc14c98bc777a7bb2cf013a460ff02b8a5a67a318be6c82e8b3f43ab72125d7", "d53a72da6f43cc8b0a7adca3e397addfccfb1d6e9650184f76afc294b66f98a1", "88fae62ee9c09b67123d42a4ddc9dce679e5508668b60d2a3d869578bc652ad8", "9a0777c33e3e3273e74105959554b6bcf05755c6105921a2cf70bb80ae744a07", "0266329991a609c3244535997bfc8a9c5a08953693f0960d72122d9dd19eaf53"], "mitre_attack_tags": ["TA0009", "TA0006", "T1056"]}, {"bi": "windows-crash-tool-execution-detected", "hashes": ["2236204531ad81d7ab9b2c8e704497ebfde5e2554d2687fa3f5bd3800be540ff", "41536fc93761f6923f86562c12768a1053b08bb08f91b31043f423bf0a2c0229", "1e2a5a88e370b4bbc50a62e61040a2fc117af42bf672e56925c1e24b3dc5039e", "305d2b4f7ebd85932c6daa7eca77fa08fa0adfb48e11cfe86e22e47e1aaf774a", "3d5f9a4e0070cf99b4dffbe3d06500b8929462015467f294509c178c756c8b4b", "0fa59b6e8585416434a04898181b63ddcf3b785377da2d6711aeb8c441ad949c", "182aa91cc52306e7f71ae4135292c6157b002b5e91ba16e309261c4d63bf95fd", "240f24d87905781e0d893683d560dfaf8e8e1c8533617fe4791e6aa0b851b2de", "13cf01f962b5b63794e3774b2c616bb0fdbe487306b22045a50a18d209e10d3b", "3e376c34b73658f6ecde946265299d14f14d191191843b66f2ff581dfb2e39c4", "3cdf4800752be025dec2760a6c66eb059d734ebf2269d76186060fdb8176dfd9", "1e2dde336b5e068ed2f0ccaa2a14f2bbd61f32951b62ef1a964e542e1f65be66", "15e2851fc6481958b95eaab92541a7e37d126d0407308adb5b144b87b15d6bba", "1635881fe75944629367a4d9a989ee70a4d0897289218fda9d4dd4fb621b7104", "1eceabe6da6e92bf09cb95edf20cc717baa50180146807164aed808691f0bcc9", "10c51b1fc7c0331b2827d6cd076e444badf94c7c29ed982b198447c5b7eabf12", "1879a0fbb682735b9496f3a5e01a52d6720ce157bc49cde377c382bae4ed75ab", "2750e43ee7fb9e3ceffd87a2af2646454f63af292f6501804f3fdcacc0da6121", "2b1e565d706ae944fdc3517770819d310e346372bc52ec32ffbecfb4a05a2196", "126e16a74f8e126e8f8a87587423927cd7212cd761b058f40031fd8adad4ea24", "28d3830d68b8ead88c967f53d4544c5517fee4b18f27c2b7d7d4ecfdbc87c1dd", "22be1aff400bff0e8488683681571b2c923e2aa2ed7b146c3f2d72da27c75942", "b69f9b48df4766223316d7609dce39cc74450819fe65138547c6a21beb2d2d5e", "e7e9e9ede8090e5bcf5ee8341f4540c21ace2e419b0d3a766c5e460313ca4328", "3ff648fe8c26ccf15b923e9de9f2b7cab25a047350a50cba019bed47b1ad1f40", "402dc9f0deb84bc6a911e6a13a953a6049e9eb79203968ca5cb123b21dd349f4", "f29c24fceb5dd166b473d60785cf775c0b8e11380a4d237096cd99401c801d02", "4bc14c98bc777a7bb2cf013a460ff02b8a5a67a318be6c82e8b3f43ab72125d7", "d53a72da6f43cc8b0a7adca3e397addfccfb1d6e9650184f76afc294b66f98a1", "88fae62ee9c09b67123d42a4ddc9dce679e5508668b60d2a3d869578bc652ad8", "9a0777c33e3e3273e74105959554b6bcf05755c6105921a2cf70bb80ae744a07", "0266329991a609c3244535997bfc8a9c5a08953693f0960d72122d9dd19eaf53"], "mitre_attack_tags": []}, {"bi": "crash-dump-file-created", "hashes": ["2236204531ad81d7ab9b2c8e704497ebfde5e2554d2687fa3f5bd3800be540ff", "41536fc93761f6923f86562c12768a1053b08bb08f91b31043f423bf0a2c0229", "1e2a5a88e370b4bbc50a62e61040a2fc117af42bf672e56925c1e24b3dc5039e", "305d2b4f7ebd85932c6daa7eca77fa08fa0adfb48e11cfe86e22e47e1aaf774a", "3d5f9a4e0070cf99b4dffbe3d06500b8929462015467f294509c178c756c8b4b", "0fa59b6e8585416434a04898181b63ddcf3b785377da2d6711aeb8c441ad949c", "182aa91cc52306e7f71ae4135292c6157b002b5e91ba16e309261c4d63bf95fd", "240f24d87905781e0d893683d560dfaf8e8e1c8533617fe4791e6aa0b851b2de", "13cf01f962b5b63794e3774b2c616bb0fdbe487306b22045a50a18d209e10d3b", "3e376c34b73658f6ecde946265299d14f14d191191843b66f2ff581dfb2e39c4", "3cdf4800752be025dec2760a6c66eb059d734ebf2269d76186060fdb8176dfd9", "1e2dde336b5e068ed2f0ccaa2a14f2bbd61f32951b62ef1a964e542e1f65be66", "15e2851fc6481958b95eaab92541a7e37d126d0407308adb5b144b87b15d6bba", "1635881fe75944629367a4d9a989ee70a4d0897289218fda9d4dd4fb621b7104", "1eceabe6da6e92bf09cb95edf20cc717baa50180146807164aed808691f0bcc9", "10c51b1fc7c0331b2827d6cd076e444badf94c7c29ed982b198447c5b7eabf12", "1879a0fbb682735b9496f3a5e01a52d6720ce157bc49cde377c382bae4ed75ab", "2750e43ee7fb9e3ceffd87a2af2646454f63af292f6501804f3fdcacc0da6121", "2b1e565d706ae944fdc3517770819d310e346372bc52ec32ffbecfb4a05a2196", "126e16a74f8e126e8f8a87587423927cd7212cd761b058f40031fd8adad4ea24", "28d3830d68b8ead88c967f53d4544c5517fee4b18f27c2b7d7d4ecfdbc87c1dd", "22be1aff400bff0e8488683681571b2c923e2aa2ed7b146c3f2d72da27c75942", "b69f9b48df4766223316d7609dce39cc74450819fe65138547c6a21beb2d2d5e", "e7e9e9ede8090e5bcf5ee8341f4540c21ace2e419b0d3a766c5e460313ca4328", "3ff648fe8c26ccf15b923e9de9f2b7cab25a047350a50cba019bed47b1ad1f40", "402dc9f0deb84bc6a911e6a13a953a6049e9eb79203968ca5cb123b21dd349f4", "f29c24fceb5dd166b473d60785cf775c0b8e11380a4d237096cd99401c801d02", "4bc14c98bc777a7bb2cf013a460ff02b8a5a67a318be6c82e8b3f43ab72125d7", "d53a72da6f43cc8b0a7adca3e397addfccfb1d6e9650184f76afc294b66f98a1", "88fae62ee9c09b67123d42a4ddc9dce679e5508668b60d2a3d869578bc652ad8", "9a0777c33e3e3273e74105959554b6bcf05755c6105921a2cf70bb80ae744a07", "0266329991a609c3244535997bfc8a9c5a08953693f0960d72122d9dd19eaf53"], "mitre_attack_tags": []}, {"bi": "fault-report-file-created", "hashes": ["2236204531ad81d7ab9b2c8e704497ebfde5e2554d2687fa3f5bd3800be540ff", "41536fc93761f6923f86562c12768a1053b08bb08f91b31043f423bf0a2c0229", "1e2a5a88e370b4bbc50a62e61040a2fc117af42bf672e56925c1e24b3dc5039e", "305d2b4f7ebd85932c6daa7eca77fa08fa0adfb48e11cfe86e22e47e1aaf774a", "3d5f9a4e0070cf99b4dffbe3d06500b8929462015467f294509c178c756c8b4b", "0fa59b6e8585416434a04898181b63ddcf3b785377da2d6711aeb8c441ad949c", "182aa91cc52306e7f71ae4135292c6157b002b5e91ba16e309261c4d63bf95fd", "240f24d87905781e0d893683d560dfaf8e8e1c8533617fe4791e6aa0b851b2de", "13cf01f962b5b63794e3774b2c616bb0fdbe487306b22045a50a18d209e10d3b", "3e376c34b73658f6ecde946265299d14f14d191191843b66f2ff581dfb2e39c4", "3cdf4800752be025dec2760a6c66eb059d734ebf2269d76186060fdb8176dfd9", "1e2dde336b5e068ed2f0ccaa2a14f2bbd61f32951b62ef1a964e542e1f65be66", "15e2851fc6481958b95eaab92541a7e37d126d0407308adb5b144b87b15d6bba", "1635881fe75944629367a4d9a989ee70a4d0897289218fda9d4dd4fb621b7104", "1eceabe6da6e92bf09cb95edf20cc717baa50180146807164aed808691f0bcc9", "10c51b1fc7c0331b2827d6cd076e444badf94c7c29ed982b198447c5b7eabf12", "1879a0fbb682735b9496f3a5e01a52d6720ce157bc49cde377c382bae4ed75ab", "2750e43ee7fb9e3ceffd87a2af2646454f63af292f6501804f3fdcacc0da6121", "2b1e565d706ae944fdc3517770819d310e346372bc52ec32ffbecfb4a05a2196", "126e16a74f8e126e8f8a87587423927cd7212cd761b058f40031fd8adad4ea24", "28d3830d68b8ead88c967f53d4544c5517fee4b18f27c2b7d7d4ecfdbc87c1dd", "22be1aff400bff0e8488683681571b2c923e2aa2ed7b146c3f2d72da27c75942", "b69f9b48df4766223316d7609dce39cc74450819fe65138547c6a21beb2d2d5e", "e7e9e9ede8090e5bcf5ee8341f4540c21ace2e419b0d3a766c5e460313ca4328", "3ff648fe8c26ccf15b923e9de9f2b7cab25a047350a50cba019bed47b1ad1f40", "402dc9f0deb84bc6a911e6a13a953a6049e9eb79203968ca5cb123b21dd349f4", "f29c24fceb5dd166b473d60785cf775c0b8e11380a4d237096cd99401c801d02", "4bc14c98bc777a7bb2cf013a460ff02b8a5a67a318be6c82e8b3f43ab72125d7", "d53a72da6f43cc8b0a7adca3e397addfccfb1d6e9650184f76afc294b66f98a1", "88fae62ee9c09b67123d42a4ddc9dce679e5508668b60d2a3d869578bc652ad8", "9a0777c33e3e3273e74105959554b6bcf05755c6105921a2cf70bb80ae744a07", "0266329991a609c3244535997bfc8a9c5a08953693f0960d72122d9dd19eaf53"], "mitre_attack_tags": []}, {"bi": "pe-certificate", "hashes": ["2236204531ad81d7ab9b2c8e704497ebfde5e2554d2687fa3f5bd3800be540ff", "41536fc93761f6923f86562c12768a1053b08bb08f91b31043f423bf0a2c0229", "1e2a5a88e370b4bbc50a62e61040a2fc117af42bf672e56925c1e24b3dc5039e", "305d2b4f7ebd85932c6daa7eca77fa08fa0adfb48e11cfe86e22e47e1aaf774a", "3d5f9a4e0070cf99b4dffbe3d06500b8929462015467f294509c178c756c8b4b", "0fa59b6e8585416434a04898181b63ddcf3b785377da2d6711aeb8c441ad949c", "182aa91cc52306e7f71ae4135292c6157b002b5e91ba16e309261c4d63bf95fd", "240f24d87905781e0d893683d560dfaf8e8e1c8533617fe4791e6aa0b851b2de", "13cf01f962b5b63794e3774b2c616bb0fdbe487306b22045a50a18d209e10d3b", "3e376c34b73658f6ecde946265299d14f14d191191843b66f2ff581dfb2e39c4", "3cdf4800752be025dec2760a6c66eb059d734ebf2269d76186060fdb8176dfd9", "1e2dde336b5e068ed2f0ccaa2a14f2bbd61f32951b62ef1a964e542e1f65be66", "15e2851fc6481958b95eaab92541a7e37d126d0407308adb5b144b87b15d6bba", "1635881fe75944629367a4d9a989ee70a4d0897289218fda9d4dd4fb621b7104", "1eceabe6da6e92bf09cb95edf20cc717baa50180146807164aed808691f0bcc9", "10c51b1fc7c0331b2827d6cd076e444badf94c7c29ed982b198447c5b7eabf12", "1879a0fbb682735b9496f3a5e01a52d6720ce157bc49cde377c382bae4ed75ab", "2750e43ee7fb9e3ceffd87a2af2646454f63af292f6501804f3fdcacc0da6121", "2b1e565d706ae944fdc3517770819d310e346372bc52ec32ffbecfb4a05a2196", "126e16a74f8e126e8f8a87587423927cd7212cd761b058f40031fd8adad4ea24", "28d3830d68b8ead88c967f53d4544c5517fee4b18f27c2b7d7d4ecfdbc87c1dd", "22be1aff400bff0e8488683681571b2c923e2aa2ed7b146c3f2d72da27c75942", "b69f9b48df4766223316d7609dce39cc74450819fe65138547c6a21beb2d2d5e", "e7e9e9ede8090e5bcf5ee8341f4540c21ace2e419b0d3a766c5e460313ca4328", "3ff648fe8c26ccf15b923e9de9f2b7cab25a047350a50cba019bed47b1ad1f40", "402dc9f0deb84bc6a911e6a13a953a6049e9eb79203968ca5cb123b21dd349f4", "f29c24fceb5dd166b473d60785cf775c0b8e11380a4d237096cd99401c801d02", "4bc14c98bc777a7bb2cf013a460ff02b8a5a67a318be6c82e8b3f43ab72125d7", "d53a72da6f43cc8b0a7adca3e397addfccfb1d6e9650184f76afc294b66f98a1", "88fae62ee9c09b67123d42a4ddc9dce679e5508668b60d2a3d869578bc652ad8", "9a0777c33e3e3273e74105959554b6bcf05755c6105921a2cf70bb80ae744a07", "0266329991a609c3244535997bfc8a9c5a08953693f0960d72122d9dd19eaf53"], "mitre_attack_tags": []}, {"bi": "malware-qakbot-mutex-detected", "hashes": ["2236204531ad81d7ab9b2c8e704497ebfde5e2554d2687fa3f5bd3800be540ff", "41536fc93761f6923f86562c12768a1053b08bb08f91b31043f423bf0a2c0229", "1e2a5a88e370b4bbc50a62e61040a2fc117af42bf672e56925c1e24b3dc5039e", "305d2b4f7ebd85932c6daa7eca77fa08fa0adfb48e11cfe86e22e47e1aaf774a", "3d5f9a4e0070cf99b4dffbe3d06500b8929462015467f294509c178c756c8b4b", "0fa59b6e8585416434a04898181b63ddcf3b785377da2d6711aeb8c441ad949c", "182aa91cc52306e7f71ae4135292c6157b002b5e91ba16e309261c4d63bf95fd", "240f24d87905781e0d893683d560dfaf8e8e1c8533617fe4791e6aa0b851b2de", "13cf01f962b5b63794e3774b2c616bb0fdbe487306b22045a50a18d209e10d3b", "3e376c34b73658f6ecde946265299d14f14d191191843b66f2ff581dfb2e39c4", "3cdf4800752be025dec2760a6c66eb059d734ebf2269d76186060fdb8176dfd9", "1e2dde336b5e068ed2f0ccaa2a14f2bbd61f32951b62ef1a964e542e1f65be66", "15e2851fc6481958b95eaab92541a7e37d126d0407308adb5b144b87b15d6bba", "1635881fe75944629367a4d9a989ee70a4d0897289218fda9d4dd4fb621b7104", "1eceabe6da6e92bf09cb95edf20cc717baa50180146807164aed808691f0bcc9", "10c51b1fc7c0331b2827d6cd076e444badf94c7c29ed982b198447c5b7eabf12", "1879a0fbb682735b9496f3a5e01a52d6720ce157bc49cde377c382bae4ed75ab", "2750e43ee7fb9e3ceffd87a2af2646454f63af292f6501804f3fdcacc0da6121", "2b1e565d706ae944fdc3517770819d310e346372bc52ec32ffbecfb4a05a2196", "126e16a74f8e126e8f8a87587423927cd7212cd761b058f40031fd8adad4ea24", "28d3830d68b8ead88c967f53d4544c5517fee4b18f27c2b7d7d4ecfdbc87c1dd", "22be1aff400bff0e8488683681571b2c923e2aa2ed7b146c3f2d72da27c75942", "b69f9b48df4766223316d7609dce39cc74450819fe65138547c6a21beb2d2d5e", "e7e9e9ede8090e5bcf5ee8341f4540c21ace2e419b0d3a766c5e460313ca4328", "3ff648fe8c26ccf15b923e9de9f2b7cab25a047350a50cba019bed47b1ad1f40", "402dc9f0deb84bc6a911e6a13a953a6049e9eb79203968ca5cb123b21dd349f4", "f29c24fceb5dd166b473d60785cf775c0b8e11380a4d237096cd99401c801d02", "4bc14c98bc777a7bb2cf013a460ff02b8a5a67a318be6c82e8b3f43ab72125d7", "d53a72da6f43cc8b0a7adca3e397addfccfb1d6e9650184f76afc294b66f98a1", "88fae62ee9c09b67123d42a4ddc9dce679e5508668b60d2a3d869578bc652ad8", "9a0777c33e3e3273e74105959554b6bcf05755c6105921a2cf70bb80ae744a07", "0266329991a609c3244535997bfc8a9c5a08953693f0960d72122d9dd19eaf53"], "mitre_attack_tags": []}, {"bi": "pe-header-timestamp-prior", "hashes": ["2236204531ad81d7ab9b2c8e704497ebfde5e2554d2687fa3f5bd3800be540ff", "41536fc93761f6923f86562c12768a1053b08bb08f91b31043f423bf0a2c0229", "1e2a5a88e370b4bbc50a62e61040a2fc117af42bf672e56925c1e24b3dc5039e", "305d2b4f7ebd85932c6daa7eca77fa08fa0adfb48e11cfe86e22e47e1aaf774a", "3d5f9a4e0070cf99b4dffbe3d06500b8929462015467f294509c178c756c8b4b", "0fa59b6e8585416434a04898181b63ddcf3b785377da2d6711aeb8c441ad949c", "182aa91cc52306e7f71ae4135292c6157b002b5e91ba16e309261c4d63bf95fd", "240f24d87905781e0d893683d560dfaf8e8e1c8533617fe4791e6aa0b851b2de", "13cf01f962b5b63794e3774b2c616bb0fdbe487306b22045a50a18d209e10d3b", "3e376c34b73658f6ecde946265299d14f14d191191843b66f2ff581dfb2e39c4", "3cdf4800752be025dec2760a6c66eb059d734ebf2269d76186060fdb8176dfd9", "1e2dde336b5e068ed2f0ccaa2a14f2bbd61f32951b62ef1a964e542e1f65be66", "15e2851fc6481958b95eaab92541a7e37d126d0407308adb5b144b87b15d6bba", "1635881fe75944629367a4d9a989ee70a4d0897289218fda9d4dd4fb621b7104", "1eceabe6da6e92bf09cb95edf20cc717baa50180146807164aed808691f0bcc9", "10c51b1fc7c0331b2827d6cd076e444badf94c7c29ed982b198447c5b7eabf12", "1879a0fbb682735b9496f3a5e01a52d6720ce157bc49cde377c382bae4ed75ab", "2750e43ee7fb9e3ceffd87a2af2646454f63af292f6501804f3fdcacc0da6121", "2b1e565d706ae944fdc3517770819d310e346372bc52ec32ffbecfb4a05a2196", "126e16a74f8e126e8f8a87587423927cd7212cd761b058f40031fd8adad4ea24", "28d3830d68b8ead88c967f53d4544c5517fee4b18f27c2b7d7d4ecfdbc87c1dd", "22be1aff400bff0e8488683681571b2c923e2aa2ed7b146c3f2d72da27c75942", "b69f9b48df4766223316d7609dce39cc74450819fe65138547c6a21beb2d2d5e", "e7e9e9ede8090e5bcf5ee8341f4540c21ace2e419b0d3a766c5e460313ca4328", "3ff648fe8c26ccf15b923e9de9f2b7cab25a047350a50cba019bed47b1ad1f40", "402dc9f0deb84bc6a911e6a13a953a6049e9eb79203968ca5cb123b21dd349f4", "f29c24fceb5dd166b473d60785cf775c0b8e11380a4d237096cd99401c801d02", "4bc14c98bc777a7bb2cf013a460ff02b8a5a67a318be6c82e8b3f43ab72125d7", "d53a72da6f43cc8b0a7adca3e397addfccfb1d6e9650184f76afc294b66f98a1", "88fae62ee9c09b67123d42a4ddc9dce679e5508668b60d2a3d869578bc652ad8", "9a0777c33e3e3273e74105959554b6bcf05755c6105921a2cf70bb80ae744a07", "0266329991a609c3244535997bfc8a9c5a08953693f0960d72122d9dd19eaf53"], "mitre_attack_tags": []}, {"bi": "pe-section-shared", "hashes": ["2236204531ad81d7ab9b2c8e704497ebfde5e2554d2687fa3f5bd3800be540ff", "41536fc93761f6923f86562c12768a1053b08bb08f91b31043f423bf0a2c0229", "1e2a5a88e370b4bbc50a62e61040a2fc117af42bf672e56925c1e24b3dc5039e", "305d2b4f7ebd85932c6daa7eca77fa08fa0adfb48e11cfe86e22e47e1aaf774a", "3d5f9a4e0070cf99b4dffbe3d06500b8929462015467f294509c178c756c8b4b", "0fa59b6e8585416434a04898181b63ddcf3b785377da2d6711aeb8c441ad949c", "182aa91cc52306e7f71ae4135292c6157b002b5e91ba16e309261c4d63bf95fd", "240f24d87905781e0d893683d560dfaf8e8e1c8533617fe4791e6aa0b851b2de", "13cf01f962b5b63794e3774b2c616bb0fdbe487306b22045a50a18d209e10d3b", "3e376c34b73658f6ecde946265299d14f14d191191843b66f2ff581dfb2e39c4", "3cdf4800752be025dec2760a6c66eb059d734ebf2269d76186060fdb8176dfd9", "1e2dde336b5e068ed2f0ccaa2a14f2bbd61f32951b62ef1a964e542e1f65be66", "15e2851fc6481958b95eaab92541a7e37d126d0407308adb5b144b87b15d6bba", "1635881fe75944629367a4d9a989ee70a4d0897289218fda9d4dd4fb621b7104", "1eceabe6da6e92bf09cb95edf20cc717baa50180146807164aed808691f0bcc9", "10c51b1fc7c0331b2827d6cd076e444badf94c7c29ed982b198447c5b7eabf12", "1879a0fbb682735b9496f3a5e01a52d6720ce157bc49cde377c382bae4ed75ab", "2750e43ee7fb9e3ceffd87a2af2646454f63af292f6501804f3fdcacc0da6121", "2b1e565d706ae944fdc3517770819d310e346372bc52ec32ffbecfb4a05a2196", "126e16a74f8e126e8f8a87587423927cd7212cd761b058f40031fd8adad4ea24", "28d3830d68b8ead88c967f53d4544c5517fee4b18f27c2b7d7d4ecfdbc87c1dd", "22be1aff400bff0e8488683681571b2c923e2aa2ed7b146c3f2d72da27c75942", "b69f9b48df4766223316d7609dce39cc74450819fe65138547c6a21beb2d2d5e", "e7e9e9ede8090e5bcf5ee8341f4540c21ace2e419b0d3a766c5e460313ca4328", "3ff648fe8c26ccf15b923e9de9f2b7cab25a047350a50cba019bed47b1ad1f40", "402dc9f0deb84bc6a911e6a13a953a6049e9eb79203968ca5cb123b21dd349f4", "f29c24fceb5dd166b473d60785cf775c0b8e11380a4d237096cd99401c801d02", "4bc14c98bc777a7bb2cf013a460ff02b8a5a67a318be6c82e8b3f43ab72125d7", "d53a72da6f43cc8b0a7adca3e397addfccfb1d6e9650184f76afc294b66f98a1", "88fae62ee9c09b67123d42a4ddc9dce679e5508668b60d2a3d869578bc652ad8", "9a0777c33e3e3273e74105959554b6bcf05755c6105921a2cf70bb80ae744a07", "0266329991a609c3244535997bfc8a9c5a08953693f0960d72122d9dd19eaf53"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-invalid-certificate-signature", "hashes": ["2236204531ad81d7ab9b2c8e704497ebfde5e2554d2687fa3f5bd3800be540ff", "41536fc93761f6923f86562c12768a1053b08bb08f91b31043f423bf0a2c0229", "1e2a5a88e370b4bbc50a62e61040a2fc117af42bf672e56925c1e24b3dc5039e", "305d2b4f7ebd85932c6daa7eca77fa08fa0adfb48e11cfe86e22e47e1aaf774a", "3d5f9a4e0070cf99b4dffbe3d06500b8929462015467f294509c178c756c8b4b", "0fa59b6e8585416434a04898181b63ddcf3b785377da2d6711aeb8c441ad949c", "182aa91cc52306e7f71ae4135292c6157b002b5e91ba16e309261c4d63bf95fd", "240f24d87905781e0d893683d560dfaf8e8e1c8533617fe4791e6aa0b851b2de", "13cf01f962b5b63794e3774b2c616bb0fdbe487306b22045a50a18d209e10d3b", "3e376c34b73658f6ecde946265299d14f14d191191843b66f2ff581dfb2e39c4", "3cdf4800752be025dec2760a6c66eb059d734ebf2269d76186060fdb8176dfd9", "1e2dde336b5e068ed2f0ccaa2a14f2bbd61f32951b62ef1a964e542e1f65be66", "15e2851fc6481958b95eaab92541a7e37d126d0407308adb5b144b87b15d6bba", "1635881fe75944629367a4d9a989ee70a4d0897289218fda9d4dd4fb621b7104", "1eceabe6da6e92bf09cb95edf20cc717baa50180146807164aed808691f0bcc9", "10c51b1fc7c0331b2827d6cd076e444badf94c7c29ed982b198447c5b7eabf12", "1879a0fbb682735b9496f3a5e01a52d6720ce157bc49cde377c382bae4ed75ab", "2750e43ee7fb9e3ceffd87a2af2646454f63af292f6501804f3fdcacc0da6121", "2b1e565d706ae944fdc3517770819d310e346372bc52ec32ffbecfb4a05a2196", "126e16a74f8e126e8f8a87587423927cd7212cd761b058f40031fd8adad4ea24", "28d3830d68b8ead88c967f53d4544c5517fee4b18f27c2b7d7d4ecfdbc87c1dd", "22be1aff400bff0e8488683681571b2c923e2aa2ed7b146c3f2d72da27c75942", "b69f9b48df4766223316d7609dce39cc74450819fe65138547c6a21beb2d2d5e", "e7e9e9ede8090e5bcf5ee8341f4540c21ace2e419b0d3a766c5e460313ca4328", "3ff648fe8c26ccf15b923e9de9f2b7cab25a047350a50cba019bed47b1ad1f40", "402dc9f0deb84bc6a911e6a13a953a6049e9eb79203968ca5cb123b21dd349f4", "f29c24fceb5dd166b473d60785cf775c0b8e11380a4d237096cd99401c801d02", "4bc14c98bc777a7bb2cf013a460ff02b8a5a67a318be6c82e8b3f43ab72125d7", "d53a72da6f43cc8b0a7adca3e397addfccfb1d6e9650184f76afc294b66f98a1", "88fae62ee9c09b67123d42a4ddc9dce679e5508668b60d2a3d869578bc652ad8", "9a0777c33e3e3273e74105959554b6bcf05755c6105921a2cf70bb80ae744a07", "0266329991a609c3244535997bfc8a9c5a08953693f0960d72122d9dd19eaf53"], "mitre_attack_tags": ["TA0005", "T1553"]}, {"bi": "pe-resource-lang-arabic", "hashes": ["2236204531ad81d7ab9b2c8e704497ebfde5e2554d2687fa3f5bd3800be540ff", "41536fc93761f6923f86562c12768a1053b08bb08f91b31043f423bf0a2c0229", "1e2a5a88e370b4bbc50a62e61040a2fc117af42bf672e56925c1e24b3dc5039e", "305d2b4f7ebd85932c6daa7eca77fa08fa0adfb48e11cfe86e22e47e1aaf774a", "3d5f9a4e0070cf99b4dffbe3d06500b8929462015467f294509c178c756c8b4b", "0fa59b6e8585416434a04898181b63ddcf3b785377da2d6711aeb8c441ad949c", "182aa91cc52306e7f71ae4135292c6157b002b5e91ba16e309261c4d63bf95fd", "240f24d87905781e0d893683d560dfaf8e8e1c8533617fe4791e6aa0b851b2de", "13cf01f962b5b63794e3774b2c616bb0fdbe487306b22045a50a18d209e10d3b", "3e376c34b73658f6ecde946265299d14f14d191191843b66f2ff581dfb2e39c4", "3cdf4800752be025dec2760a6c66eb059d734ebf2269d76186060fdb8176dfd9", "1e2dde336b5e068ed2f0ccaa2a14f2bbd61f32951b62ef1a964e542e1f65be66", "15e2851fc6481958b95eaab92541a7e37d126d0407308adb5b144b87b15d6bba", "1635881fe75944629367a4d9a989ee70a4d0897289218fda9d4dd4fb621b7104", "1eceabe6da6e92bf09cb95edf20cc717baa50180146807164aed808691f0bcc9", "10c51b1fc7c0331b2827d6cd076e444badf94c7c29ed982b198447c5b7eabf12", "1879a0fbb682735b9496f3a5e01a52d6720ce157bc49cde377c382bae4ed75ab", "2750e43ee7fb9e3ceffd87a2af2646454f63af292f6501804f3fdcacc0da6121", "2b1e565d706ae944fdc3517770819d310e346372bc52ec32ffbecfb4a05a2196", "126e16a74f8e126e8f8a87587423927cd7212cd761b058f40031fd8adad4ea24", "28d3830d68b8ead88c967f53d4544c5517fee4b18f27c2b7d7d4ecfdbc87c1dd", "22be1aff400bff0e8488683681571b2c923e2aa2ed7b146c3f2d72da27c75942", "b69f9b48df4766223316d7609dce39cc74450819fe65138547c6a21beb2d2d5e", "e7e9e9ede8090e5bcf5ee8341f4540c21ace2e419b0d3a766c5e460313ca4328", "3ff648fe8c26ccf15b923e9de9f2b7cab25a047350a50cba019bed47b1ad1f40", "402dc9f0deb84bc6a911e6a13a953a6049e9eb79203968ca5cb123b21dd349f4", "f29c24fceb5dd166b473d60785cf775c0b8e11380a4d237096cd99401c801d02", "4bc14c98bc777a7bb2cf013a460ff02b8a5a67a318be6c82e8b3f43ab72125d7", "d53a72da6f43cc8b0a7adca3e397addfccfb1d6e9650184f76afc294b66f98a1", "88fae62ee9c09b67123d42a4ddc9dce679e5508668b60d2a3d869578bc652ad8", "9a0777c33e3e3273e74105959554b6bcf05755c6105921a2cf70bb80ae744a07", "0266329991a609c3244535997bfc8a9c5a08953693f0960d72122d9dd19eaf53"], "mitre_attack_tags": []}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["2236204531ad81d7ab9b2c8e704497ebfde5e2554d2687fa3f5bd3800be540ff", "41536fc93761f6923f86562c12768a1053b08bb08f91b31043f423bf0a2c0229", "1e2a5a88e370b4bbc50a62e61040a2fc117af42bf672e56925c1e24b3dc5039e", "305d2b4f7ebd85932c6daa7eca77fa08fa0adfb48e11cfe86e22e47e1aaf774a", "3d5f9a4e0070cf99b4dffbe3d06500b8929462015467f294509c178c756c8b4b", "0fa59b6e8585416434a04898181b63ddcf3b785377da2d6711aeb8c441ad949c", "182aa91cc52306e7f71ae4135292c6157b002b5e91ba16e309261c4d63bf95fd", "240f24d87905781e0d893683d560dfaf8e8e1c8533617fe4791e6aa0b851b2de", "13cf01f962b5b63794e3774b2c616bb0fdbe487306b22045a50a18d209e10d3b", "3e376c34b73658f6ecde946265299d14f14d191191843b66f2ff581dfb2e39c4", "3cdf4800752be025dec2760a6c66eb059d734ebf2269d76186060fdb8176dfd9", "1e2dde336b5e068ed2f0ccaa2a14f2bbd61f32951b62ef1a964e542e1f65be66", "15e2851fc6481958b95eaab92541a7e37d126d0407308adb5b144b87b15d6bba", "1635881fe75944629367a4d9a989ee70a4d0897289218fda9d4dd4fb621b7104", "1eceabe6da6e92bf09cb95edf20cc717baa50180146807164aed808691f0bcc9", "10c51b1fc7c0331b2827d6cd076e444badf94c7c29ed982b198447c5b7eabf12", "1879a0fbb682735b9496f3a5e01a52d6720ce157bc49cde377c382bae4ed75ab", "2750e43ee7fb9e3ceffd87a2af2646454f63af292f6501804f3fdcacc0da6121", "2b1e565d706ae944fdc3517770819d310e346372bc52ec32ffbecfb4a05a2196", "126e16a74f8e126e8f8a87587423927cd7212cd761b058f40031fd8adad4ea24", "28d3830d68b8ead88c967f53d4544c5517fee4b18f27c2b7d7d4ecfdbc87c1dd", "22be1aff400bff0e8488683681571b2c923e2aa2ed7b146c3f2d72da27c75942", "e7e9e9ede8090e5bcf5ee8341f4540c21ace2e419b0d3a766c5e460313ca4328", "3ff648fe8c26ccf15b923e9de9f2b7cab25a047350a50cba019bed47b1ad1f40", "0266329991a609c3244535997bfc8a9c5a08953693f0960d72122d9dd19eaf53"], "mitre_attack_tags": []}], "category": "Trojan", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": false, "Threat Grid": true, "Umbrella": false, "WSA": false}, "description": "Qakbot, aka Qbot, has been around since at least 2008. Qbot primarily targets sensitive information like banking credentials but can also steal FTP credentials and spread across a network using SMB.", "hashes": ["0266329991a609c3244535997bfc8a9c5a08953693f0960d72122d9dd19eaf53", "0fa59b6e8585416434a04898181b63ddcf3b785377da2d6711aeb8c441ad949c", "10c51b1fc7c0331b2827d6cd076e444badf94c7c29ed982b198447c5b7eabf12", "126e16a74f8e126e8f8a87587423927cd7212cd761b058f40031fd8adad4ea24", "13cf01f962b5b63794e3774b2c616bb0fdbe487306b22045a50a18d209e10d3b", "15e2851fc6481958b95eaab92541a7e37d126d0407308adb5b144b87b15d6bba", "1635881fe75944629367a4d9a989ee70a4d0897289218fda9d4dd4fb621b7104", "182aa91cc52306e7f71ae4135292c6157b002b5e91ba16e309261c4d63bf95fd", "1879a0fbb682735b9496f3a5e01a52d6720ce157bc49cde377c382bae4ed75ab", "1e2a5a88e370b4bbc50a62e61040a2fc117af42bf672e56925c1e24b3dc5039e", "1e2dde336b5e068ed2f0ccaa2a14f2bbd61f32951b62ef1a964e542e1f65be66", "1eceabe6da6e92bf09cb95edf20cc717baa50180146807164aed808691f0bcc9", "2236204531ad81d7ab9b2c8e704497ebfde5e2554d2687fa3f5bd3800be540ff", "22be1aff400bff0e8488683681571b2c923e2aa2ed7b146c3f2d72da27c75942", "240f24d87905781e0d893683d560dfaf8e8e1c8533617fe4791e6aa0b851b2de", "2750e43ee7fb9e3ceffd87a2af2646454f63af292f6501804f3fdcacc0da6121", "28d3830d68b8ead88c967f53d4544c5517fee4b18f27c2b7d7d4ecfdbc87c1dd", "2b1e565d706ae944fdc3517770819d310e346372bc52ec32ffbecfb4a05a2196", "305d2b4f7ebd85932c6daa7eca77fa08fa0adfb48e11cfe86e22e47e1aaf774a", "3cdf4800752be025dec2760a6c66eb059d734ebf2269d76186060fdb8176dfd9", "3d5f9a4e0070cf99b4dffbe3d06500b8929462015467f294509c178c756c8b4b", "3e376c34b73658f6ecde946265299d14f14d191191843b66f2ff581dfb2e39c4", "3ff648fe8c26ccf15b923e9de9f2b7cab25a047350a50cba019bed47b1ad1f40", "402dc9f0deb84bc6a911e6a13a953a6049e9eb79203968ca5cb123b21dd349f4", "41536fc93761f6923f86562c12768a1053b08bb08f91b31043f423bf0a2c0229", "43ca13bcf60fe39388e47d6bd9d8f4a14c7238d479b17f395e9014510b672a4e", "489dbe2b23721a9f38105957ff1adbcd7ee827dcc473cee1f2c6754958761363", "4bc14c98bc777a7bb2cf013a460ff02b8a5a67a318be6c82e8b3f43ab72125d7", "4d80776f7818a94b908850206053bd52f3f2fd4a724b7ec4080462c55f84fedf", "4fea2198d58a6421f955e814fc6e0380dbfeca187b8729be799646cfe7a04607", "51f0475b4b51d7d40120e25fd604a1d4818ea30c30c3438ecdb66e5e8fb9d1aa", "5235acb79c9d58943f2dc420650d14186e405006f364b12cc653439e761ca458", "532bf5bd80a67f24d4c610536b17af903c9d3c3a9230870f63ba882a18a0b974", "56f84d17f51476e924224a1d9fa1f65f5efa96fe1ecc13b9e20a214af56d80ff", "5d139b4f25ad0cbc6e9a81573520519a70079581869f63fce35434e7b095a4b4", "61c72144161cea16343723cc417aefb5b733f80a9cc0342fdfa6bad724e39ab2", "645823d69b3729688f40893a4d082efac1f57a88ded03180379ef162f2cdb8e1", "64794536a25155fa54037d6a9274909be08650bda6383548445da769a58fd1be", "666fe2dd0575f22c88b48f0d1df0381eccf48f689c2a8e0915f0f613f10145ac", "6690c8542a603a1c8f387f2d8ba20ecbdbd794d779013dc49f08f037c4ec9030", "6c0a14a6800e5bd6a160e7410790ba4f217d5e1223ac99aaf8993e346ef6d77b", "716b35ab9709ac940380a710a7b5df4bbc3094d8755740252682b0d84a05c43e", "7504aaa2073c1b8e3b0979b16e733f04a2b4c012fb800413b96573ad87e82fc5", "795e1e2d3059a8521c7ddae855125dc20ee029f2a0d78b652d2702de5a186076", "82fdddbff686227ac1b3bea04cef9d51fa0875b285e208c5a33b1c01ac292f4b", "836565c921da1d7481cdfb71b6f813e80c9f25ecd45b712e944ed79ee43694a0", "84f13c974a7ad6f28e005e15dc9f903747bc605b93ea2c111bf6ae7cd0f104ef", "86e3b724f8ca50aca5d856e07bdbd849bfb8d0df5f9875eab42aab2b1d401d41", "873b4218f22923d86413fc2a56d42f4d2aaf69fca1aa3b8e3cacb0a0ac25383b", "88fae62ee9c09b67123d42a4ddc9dce679e5508668b60d2a3d869578bc652ad8", "8edb5910dc6797efd3d3d6533d8f1f8049e4d3ea223fab92682c1d8e032b66cf", "8f9cb668f5eaf60579458f25170ea334127a40e8a30afe7e2cccd44cb87b52e5", "924ebbc26a693d9199bf34a10c183ae36cda07345a7822727a5b9fab80c6e473", "9409f31b7e9db6a1b4ddf72523589552ad5f5c588d7ebd81ebfb08bcc4e0e09c", "9a0777c33e3e3273e74105959554b6bcf05755c6105921a2cf70bb80ae744a07", "9b3db97e93f9604daaf7004493803653606d6c78adc18450c5b0e7420ec583a7", "9be17f67778134b436b53dafe62eb7d4e2efb54edb4c56a70e988d93508d8632", "9dfae59889b7b3d9f7533146e1c0bdc5f2f6b9450cd04cb9dcb8bb41617d10fa", "9f07adf421cdceb0bfc46a5b4ab97bbd1afbc4222e3b18ade542644a4032d12a", "9f8f408057784e9efd501435fcc31647ee78f2899a2057721e96e4a87cc0e759", "a4999825d90a61aae1440ff3be347106aa126375e6c463e8fddd750e7b0891a0", "ae58556795bf440818da39dad827c40ca81c8cbfe2712867193b136d8b12522a", "ae86dd5bdac6b1e8491d309705fd8ea4d0f685da7296cbcf3c6ff2c08c19618c", "aed4c2e6463dd3d06306374ea50c757a51ee5610bcb56a9a05c7ce833b234729", "b0140d8a0e312b07944346c94439dcf13d3c7ad4b0ac11f2f23a82d013207830", "b69f9b48df4766223316d7609dce39cc74450819fe65138547c6a21beb2d2d5e", "b837b7a2a76a75b35ae15879f6c34864e9115abb39375644b34cac10eae3f52a", "b87715aba20e3de79a82da00cf089258b6e8fda4d0e3b4dbb44dd1186e016f7d", "b965c47d3e9059babafc2e20b5ff9595cf36b72b7d52a7c865a5e0ea5aeee7e8", "bbded82ccbbeaf73d1e03671c28728e20bfffc86f2c42ec5f41483b138b6f1ca", "bd3b7ef46779a59cdadf0a3b46c4af0b1e44487975097f0d41ed26a7bb9a7e9c", "c2b810c52f8650a27652452f44f13a4f4d990538357c1de7b09be749d1e80ce0", "c9af7eef88059f0eb74b26b628a658d20bcf46fe4fa4aba69995c2d9dbc161e9", "ca015916deeabfcadac4c25356caec1e0612eb906f0fc7684e038e1f8b4358a0", "d53a72da6f43cc8b0a7adca3e397addfccfb1d6e9650184f76afc294b66f98a1", "d8041283c6c045da9e739ecbb7ab871e3f4f7478d5f3228fdb85cad027314dcb", "dd154ec7dc7a681ed0371f5dea2bbb2bcf0993a84f51e0231c0e3e18201b3b59", "ddcf630698745b336b96b78d148fc3e5ce863d5f858c842235bd9bc6eb93f08a", "de70d56ebf05a1bba9a31c03b013d97b257f00e9af2e322d5054b9b24bd4f863", "e6a1c6e5cfb8794d128498c6c69bf78e103809f48c3f8aee44c245063e1effbe", "e7c6c58e412a74e0bc7c02a83d28727a9f46988d347887bd413d4f8f5eeea597", "e7c995548ef9a93de04ea1dea0f8c1e9f951204ac26b210586a8d81c9ec960ee", "e7e9e9ede8090e5bcf5ee8341f4540c21ace2e419b0d3a766c5e460313ca4328", "e9a8a70d5a05a8e9d508c5bace4f2af5fd41153cd30c15ef23faaa8d02f4d497", "ed0de89cac94552d05ef5f07b3806c78610ede42c24d96a12c71b5d0bd4dafbc", "f1eb0b16b29533de38e97030d57af44b5a72383782f00e1613ed373fc43ef5fa", "f29c24fceb5dd166b473d60785cf775c0b8e11380a4d237096cd99401c801d02", "f639a44077ff20d0e2b8d2620679c6083932c9f37b43a6e594637e4f8906079d", "f815360f4789e541a4bb40945b75123e764e35e89f61e2b16ed3e685802c570d", "fe1fa214982d71312199822f285d76168af234c600d8de15527245cdeb839fc3", "fe6ca7a818d9eab0faa92b116abe978a3a28fb9711d9d915d414cbca0554bd60"], "iocs": {"domain": [], "file": [{"hashes": ["0266329991a609c3244535997bfc8a9c5a08953693f0960d72122d9dd19eaf53", "0fa59b6e8585416434a04898181b63ddcf3b785377da2d6711aeb8c441ad949c", "10c51b1fc7c0331b2827d6cd076e444badf94c7c29ed982b198447c5b7eabf12", "126e16a74f8e126e8f8a87587423927cd7212cd761b058f40031fd8adad4ea24", "13cf01f962b5b63794e3774b2c616bb0fdbe487306b22045a50a18d209e10d3b", "15e2851fc6481958b95eaab92541a7e37d126d0407308adb5b144b87b15d6bba", "1635881fe75944629367a4d9a989ee70a4d0897289218fda9d4dd4fb621b7104", "182aa91cc52306e7f71ae4135292c6157b002b5e91ba16e309261c4d63bf95fd", "1879a0fbb682735b9496f3a5e01a52d6720ce157bc49cde377c382bae4ed75ab", "1e2a5a88e370b4bbc50a62e61040a2fc117af42bf672e56925c1e24b3dc5039e", "1e2dde336b5e068ed2f0ccaa2a14f2bbd61f32951b62ef1a964e542e1f65be66", "1eceabe6da6e92bf09cb95edf20cc717baa50180146807164aed808691f0bcc9", "2236204531ad81d7ab9b2c8e704497ebfde5e2554d2687fa3f5bd3800be540ff", "22be1aff400bff0e8488683681571b2c923e2aa2ed7b146c3f2d72da27c75942", "240f24d87905781e0d893683d560dfaf8e8e1c8533617fe4791e6aa0b851b2de", "2750e43ee7fb9e3ceffd87a2af2646454f63af292f6501804f3fdcacc0da6121", "28d3830d68b8ead88c967f53d4544c5517fee4b18f27c2b7d7d4ecfdbc87c1dd", "2b1e565d706ae944fdc3517770819d310e346372bc52ec32ffbecfb4a05a2196", "305d2b4f7ebd85932c6daa7eca77fa08fa0adfb48e11cfe86e22e47e1aaf774a", "3cdf4800752be025dec2760a6c66eb059d734ebf2269d76186060fdb8176dfd9", "3d5f9a4e0070cf99b4dffbe3d06500b8929462015467f294509c178c756c8b4b", "3e376c34b73658f6ecde946265299d14f14d191191843b66f2ff581dfb2e39c4", "3ff648fe8c26ccf15b923e9de9f2b7cab25a047350a50cba019bed47b1ad1f40", "402dc9f0deb84bc6a911e6a13a953a6049e9eb79203968ca5cb123b21dd349f4", "41536fc93761f6923f86562c12768a1053b08bb08f91b31043f423bf0a2c0229", "4bc14c98bc777a7bb2cf013a460ff02b8a5a67a318be6c82e8b3f43ab72125d7", "88fae62ee9c09b67123d42a4ddc9dce679e5508668b60d2a3d869578bc652ad8", "9a0777c33e3e3273e74105959554b6bcf05755c6105921a2cf70bb80ae744a07", "b69f9b48df4766223316d7609dce39cc74450819fe65138547c6a21beb2d2d5e", "d53a72da6f43cc8b0a7adca3e397addfccfb1d6e9650184f76afc294b66f98a1", "e7e9e9ede8090e5bcf5ee8341f4540c21ace2e419b0d3a766c5e460313ca4328", "f29c24fceb5dd166b473d60785cf775c0b8e11380a4d237096cd99401c801d02"], "path": "%APPDATA%\\Microsoft\\Xtuou"}], "ip": [], "mutex": [{"hashes": ["0266329991a609c3244535997bfc8a9c5a08953693f0960d72122d9dd19eaf53", "0fa59b6e8585416434a04898181b63ddcf3b785377da2d6711aeb8c441ad949c", "10c51b1fc7c0331b2827d6cd076e444badf94c7c29ed982b198447c5b7eabf12", "126e16a74f8e126e8f8a87587423927cd7212cd761b058f40031fd8adad4ea24", "13cf01f962b5b63794e3774b2c616bb0fdbe487306b22045a50a18d209e10d3b", "15e2851fc6481958b95eaab92541a7e37d126d0407308adb5b144b87b15d6bba", "1635881fe75944629367a4d9a989ee70a4d0897289218fda9d4dd4fb621b7104", "182aa91cc52306e7f71ae4135292c6157b002b5e91ba16e309261c4d63bf95fd", "1879a0fbb682735b9496f3a5e01a52d6720ce157bc49cde377c382bae4ed75ab", "1e2a5a88e370b4bbc50a62e61040a2fc117af42bf672e56925c1e24b3dc5039e", "1e2dde336b5e068ed2f0ccaa2a14f2bbd61f32951b62ef1a964e542e1f65be66", "1eceabe6da6e92bf09cb95edf20cc717baa50180146807164aed808691f0bcc9", "2236204531ad81d7ab9b2c8e704497ebfde5e2554d2687fa3f5bd3800be540ff", "22be1aff400bff0e8488683681571b2c923e2aa2ed7b146c3f2d72da27c75942", "240f24d87905781e0d893683d560dfaf8e8e1c8533617fe4791e6aa0b851b2de", "2750e43ee7fb9e3ceffd87a2af2646454f63af292f6501804f3fdcacc0da6121", "28d3830d68b8ead88c967f53d4544c5517fee4b18f27c2b7d7d4ecfdbc87c1dd", "2b1e565d706ae944fdc3517770819d310e346372bc52ec32ffbecfb4a05a2196", "305d2b4f7ebd85932c6daa7eca77fa08fa0adfb48e11cfe86e22e47e1aaf774a", "3cdf4800752be025dec2760a6c66eb059d734ebf2269d76186060fdb8176dfd9", "3d5f9a4e0070cf99b4dffbe3d06500b8929462015467f294509c178c756c8b4b", "3e376c34b73658f6ecde946265299d14f14d191191843b66f2ff581dfb2e39c4", "3ff648fe8c26ccf15b923e9de9f2b7cab25a047350a50cba019bed47b1ad1f40", "402dc9f0deb84bc6a911e6a13a953a6049e9eb79203968ca5cb123b21dd349f4", "41536fc93761f6923f86562c12768a1053b08bb08f91b31043f423bf0a2c0229", "4bc14c98bc777a7bb2cf013a460ff02b8a5a67a318be6c82e8b3f43ab72125d7", "88fae62ee9c09b67123d42a4ddc9dce679e5508668b60d2a3d869578bc652ad8", "9a0777c33e3e3273e74105959554b6bcf05755c6105921a2cf70bb80ae744a07", "b69f9b48df4766223316d7609dce39cc74450819fe65138547c6a21beb2d2d5e", "d53a72da6f43cc8b0a7adca3e397addfccfb1d6e9650184f76afc294b66f98a1", "e7e9e9ede8090e5bcf5ee8341f4540c21ace2e419b0d3a766c5e460313ca4328", "f29c24fceb5dd166b473d60785cf775c0b8e11380a4d237096cd99401c801d02"], "name": "Global\\{06253ADC-953E-436E-8695-87FADA31FDFB}"}, {"hashes": ["0266329991a609c3244535997bfc8a9c5a08953693f0960d72122d9dd19eaf53", "0fa59b6e8585416434a04898181b63ddcf3b785377da2d6711aeb8c441ad949c", "10c51b1fc7c0331b2827d6cd076e444badf94c7c29ed982b198447c5b7eabf12", "126e16a74f8e126e8f8a87587423927cd7212cd761b058f40031fd8adad4ea24", "13cf01f962b5b63794e3774b2c616bb0fdbe487306b22045a50a18d209e10d3b", "15e2851fc6481958b95eaab92541a7e37d126d0407308adb5b144b87b15d6bba", "1635881fe75944629367a4d9a989ee70a4d0897289218fda9d4dd4fb621b7104", "182aa91cc52306e7f71ae4135292c6157b002b5e91ba16e309261c4d63bf95fd", "1879a0fbb682735b9496f3a5e01a52d6720ce157bc49cde377c382bae4ed75ab", "1e2a5a88e370b4bbc50a62e61040a2fc117af42bf672e56925c1e24b3dc5039e", "1e2dde336b5e068ed2f0ccaa2a14f2bbd61f32951b62ef1a964e542e1f65be66", "1eceabe6da6e92bf09cb95edf20cc717baa50180146807164aed808691f0bcc9", "2236204531ad81d7ab9b2c8e704497ebfde5e2554d2687fa3f5bd3800be540ff", "22be1aff400bff0e8488683681571b2c923e2aa2ed7b146c3f2d72da27c75942", "240f24d87905781e0d893683d560dfaf8e8e1c8533617fe4791e6aa0b851b2de", "2750e43ee7fb9e3ceffd87a2af2646454f63af292f6501804f3fdcacc0da6121", "28d3830d68b8ead88c967f53d4544c5517fee4b18f27c2b7d7d4ecfdbc87c1dd", "2b1e565d706ae944fdc3517770819d310e346372bc52ec32ffbecfb4a05a2196", "305d2b4f7ebd85932c6daa7eca77fa08fa0adfb48e11cfe86e22e47e1aaf774a", "3cdf4800752be025dec2760a6c66eb059d734ebf2269d76186060fdb8176dfd9", "3d5f9a4e0070cf99b4dffbe3d06500b8929462015467f294509c178c756c8b4b", "3e376c34b73658f6ecde946265299d14f14d191191843b66f2ff581dfb2e39c4", "3ff648fe8c26ccf15b923e9de9f2b7cab25a047350a50cba019bed47b1ad1f40", "402dc9f0deb84bc6a911e6a13a953a6049e9eb79203968ca5cb123b21dd349f4", "41536fc93761f6923f86562c12768a1053b08bb08f91b31043f423bf0a2c0229", "4bc14c98bc777a7bb2cf013a460ff02b8a5a67a318be6c82e8b3f43ab72125d7", "88fae62ee9c09b67123d42a4ddc9dce679e5508668b60d2a3d869578bc652ad8", "9a0777c33e3e3273e74105959554b6bcf05755c6105921a2cf70bb80ae744a07", "b69f9b48df4766223316d7609dce39cc74450819fe65138547c6a21beb2d2d5e", "d53a72da6f43cc8b0a7adca3e397addfccfb1d6e9650184f76afc294b66f98a1", "e7e9e9ede8090e5bcf5ee8341f4540c21ace2e419b0d3a766c5e460313ca4328", "f29c24fceb5dd166b473d60785cf775c0b8e11380a4d237096cd99401c801d02"], "name": "{06253ADC-953E-436E-8695-87FADA31FDFB}"}, {"hashes": ["0266329991a609c3244535997bfc8a9c5a08953693f0960d72122d9dd19eaf53", "0fa59b6e8585416434a04898181b63ddcf3b785377da2d6711aeb8c441ad949c", "10c51b1fc7c0331b2827d6cd076e444badf94c7c29ed982b198447c5b7eabf12", "126e16a74f8e126e8f8a87587423927cd7212cd761b058f40031fd8adad4ea24", "13cf01f962b5b63794e3774b2c616bb0fdbe487306b22045a50a18d209e10d3b", "15e2851fc6481958b95eaab92541a7e37d126d0407308adb5b144b87b15d6bba", "1635881fe75944629367a4d9a989ee70a4d0897289218fda9d4dd4fb621b7104", "182aa91cc52306e7f71ae4135292c6157b002b5e91ba16e309261c4d63bf95fd", "1879a0fbb682735b9496f3a5e01a52d6720ce157bc49cde377c382bae4ed75ab", "1e2a5a88e370b4bbc50a62e61040a2fc117af42bf672e56925c1e24b3dc5039e", "1e2dde336b5e068ed2f0ccaa2a14f2bbd61f32951b62ef1a964e542e1f65be66", "1eceabe6da6e92bf09cb95edf20cc717baa50180146807164aed808691f0bcc9", "2236204531ad81d7ab9b2c8e704497ebfde5e2554d2687fa3f5bd3800be540ff", "22be1aff400bff0e8488683681571b2c923e2aa2ed7b146c3f2d72da27c75942", "240f24d87905781e0d893683d560dfaf8e8e1c8533617fe4791e6aa0b851b2de", "2750e43ee7fb9e3ceffd87a2af2646454f63af292f6501804f3fdcacc0da6121", "28d3830d68b8ead88c967f53d4544c5517fee4b18f27c2b7d7d4ecfdbc87c1dd", "2b1e565d706ae944fdc3517770819d310e346372bc52ec32ffbecfb4a05a2196", "305d2b4f7ebd85932c6daa7eca77fa08fa0adfb48e11cfe86e22e47e1aaf774a", "3cdf4800752be025dec2760a6c66eb059d734ebf2269d76186060fdb8176dfd9", "3d5f9a4e0070cf99b4dffbe3d06500b8929462015467f294509c178c756c8b4b", "3e376c34b73658f6ecde946265299d14f14d191191843b66f2ff581dfb2e39c4", "3ff648fe8c26ccf15b923e9de9f2b7cab25a047350a50cba019bed47b1ad1f40", "402dc9f0deb84bc6a911e6a13a953a6049e9eb79203968ca5cb123b21dd349f4", "41536fc93761f6923f86562c12768a1053b08bb08f91b31043f423bf0a2c0229", "4bc14c98bc777a7bb2cf013a460ff02b8a5a67a318be6c82e8b3f43ab72125d7", "88fae62ee9c09b67123d42a4ddc9dce679e5508668b60d2a3d869578bc652ad8", "9a0777c33e3e3273e74105959554b6bcf05755c6105921a2cf70bb80ae744a07", "b69f9b48df4766223316d7609dce39cc74450819fe65138547c6a21beb2d2d5e", "d53a72da6f43cc8b0a7adca3e397addfccfb1d6e9650184f76afc294b66f98a1", "e7e9e9ede8090e5bcf5ee8341f4540c21ace2e419b0d3a766c5e460313ca4328", "f29c24fceb5dd166b473d60785cf775c0b8e11380a4d237096cd99401c801d02"], "name": "{357206BB-1CE6-4313-A3FA-D21258CBCDE6}"}, {"hashes": ["0266329991a609c3244535997bfc8a9c5a08953693f0960d72122d9dd19eaf53", "0fa59b6e8585416434a04898181b63ddcf3b785377da2d6711aeb8c441ad949c", "10c51b1fc7c0331b2827d6cd076e444badf94c7c29ed982b198447c5b7eabf12", "126e16a74f8e126e8f8a87587423927cd7212cd761b058f40031fd8adad4ea24", "13cf01f962b5b63794e3774b2c616bb0fdbe487306b22045a50a18d209e10d3b", "15e2851fc6481958b95eaab92541a7e37d126d0407308adb5b144b87b15d6bba", "1635881fe75944629367a4d9a989ee70a4d0897289218fda9d4dd4fb621b7104", "182aa91cc52306e7f71ae4135292c6157b002b5e91ba16e309261c4d63bf95fd", "1879a0fbb682735b9496f3a5e01a52d6720ce157bc49cde377c382bae4ed75ab", "1e2a5a88e370b4bbc50a62e61040a2fc117af42bf672e56925c1e24b3dc5039e", "1e2dde336b5e068ed2f0ccaa2a14f2bbd61f32951b62ef1a964e542e1f65be66", "1eceabe6da6e92bf09cb95edf20cc717baa50180146807164aed808691f0bcc9", "2236204531ad81d7ab9b2c8e704497ebfde5e2554d2687fa3f5bd3800be540ff", "22be1aff400bff0e8488683681571b2c923e2aa2ed7b146c3f2d72da27c75942", "240f24d87905781e0d893683d560dfaf8e8e1c8533617fe4791e6aa0b851b2de", "2750e43ee7fb9e3ceffd87a2af2646454f63af292f6501804f3fdcacc0da6121", "28d3830d68b8ead88c967f53d4544c5517fee4b18f27c2b7d7d4ecfdbc87c1dd", "2b1e565d706ae944fdc3517770819d310e346372bc52ec32ffbecfb4a05a2196", "305d2b4f7ebd85932c6daa7eca77fa08fa0adfb48e11cfe86e22e47e1aaf774a", "3cdf4800752be025dec2760a6c66eb059d734ebf2269d76186060fdb8176dfd9", "3d5f9a4e0070cf99b4dffbe3d06500b8929462015467f294509c178c756c8b4b", "3e376c34b73658f6ecde946265299d14f14d191191843b66f2ff581dfb2e39c4", "3ff648fe8c26ccf15b923e9de9f2b7cab25a047350a50cba019bed47b1ad1f40", "402dc9f0deb84bc6a911e6a13a953a6049e9eb79203968ca5cb123b21dd349f4", "41536fc93761f6923f86562c12768a1053b08bb08f91b31043f423bf0a2c0229", "4bc14c98bc777a7bb2cf013a460ff02b8a5a67a318be6c82e8b3f43ab72125d7", "88fae62ee9c09b67123d42a4ddc9dce679e5508668b60d2a3d869578bc652ad8", "9a0777c33e3e3273e74105959554b6bcf05755c6105921a2cf70bb80ae744a07", "b69f9b48df4766223316d7609dce39cc74450819fe65138547c6a21beb2d2d5e", "d53a72da6f43cc8b0a7adca3e397addfccfb1d6e9650184f76afc294b66f98a1", "e7e9e9ede8090e5bcf5ee8341f4540c21ace2e419b0d3a766c5e460313ca4328", "f29c24fceb5dd166b473d60785cf775c0b8e11380a4d237096cd99401c801d02"], "name": "Global\\<random guid>"}], "registry": [{"hashes": ["0266329991a609c3244535997bfc8a9c5a08953693f0960d72122d9dd19eaf53", "0fa59b6e8585416434a04898181b63ddcf3b785377da2d6711aeb8c441ad949c", "10c51b1fc7c0331b2827d6cd076e444badf94c7c29ed982b198447c5b7eabf12", "126e16a74f8e126e8f8a87587423927cd7212cd761b058f40031fd8adad4ea24", "13cf01f962b5b63794e3774b2c616bb0fdbe487306b22045a50a18d209e10d3b", "15e2851fc6481958b95eaab92541a7e37d126d0407308adb5b144b87b15d6bba", "1635881fe75944629367a4d9a989ee70a4d0897289218fda9d4dd4fb621b7104", "182aa91cc52306e7f71ae4135292c6157b002b5e91ba16e309261c4d63bf95fd", "1879a0fbb682735b9496f3a5e01a52d6720ce157bc49cde377c382bae4ed75ab", "1e2a5a88e370b4bbc50a62e61040a2fc117af42bf672e56925c1e24b3dc5039e", "1e2dde336b5e068ed2f0ccaa2a14f2bbd61f32951b62ef1a964e542e1f65be66", "1eceabe6da6e92bf09cb95edf20cc717baa50180146807164aed808691f0bcc9", "2236204531ad81d7ab9b2c8e704497ebfde5e2554d2687fa3f5bd3800be540ff", "22be1aff400bff0e8488683681571b2c923e2aa2ed7b146c3f2d72da27c75942", "240f24d87905781e0d893683d560dfaf8e8e1c8533617fe4791e6aa0b851b2de", "2750e43ee7fb9e3ceffd87a2af2646454f63af292f6501804f3fdcacc0da6121", "28d3830d68b8ead88c967f53d4544c5517fee4b18f27c2b7d7d4ecfdbc87c1dd", "2b1e565d706ae944fdc3517770819d310e346372bc52ec32ffbecfb4a05a2196", "305d2b4f7ebd85932c6daa7eca77fa08fa0adfb48e11cfe86e22e47e1aaf774a", "3cdf4800752be025dec2760a6c66eb059d734ebf2269d76186060fdb8176dfd9", "3d5f9a4e0070cf99b4dffbe3d06500b8929462015467f294509c178c756c8b4b", "3e376c34b73658f6ecde946265299d14f14d191191843b66f2ff581dfb2e39c4", "3ff648fe8c26ccf15b923e9de9f2b7cab25a047350a50cba019bed47b1ad1f40", "402dc9f0deb84bc6a911e6a13a953a6049e9eb79203968ca5cb123b21dd349f4", "41536fc93761f6923f86562c12768a1053b08bb08f91b31043f423bf0a2c0229", "4bc14c98bc777a7bb2cf013a460ff02b8a5a67a318be6c82e8b3f43ab72125d7", "88fae62ee9c09b67123d42a4ddc9dce679e5508668b60d2a3d869578bc652ad8", "9a0777c33e3e3273e74105959554b6bcf05755c6105921a2cf70bb80ae744a07", "b69f9b48df4766223316d7609dce39cc74450819fe65138547c6a21beb2d2d5e", "d53a72da6f43cc8b0a7adca3e397addfccfb1d6e9650184f76afc294b66f98a1", "e7e9e9ede8090e5bcf5ee8341f4540c21ace2e419b0d3a766c5e460313ca4328", "f29c24fceb5dd166b473d60785cf775c0b8e11380a4d237096cd99401c801d02"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\DFWOFIK", "value_name": null}, {"hashes": ["0266329991a609c3244535997bfc8a9c5a08953693f0960d72122d9dd19eaf53", "0fa59b6e8585416434a04898181b63ddcf3b785377da2d6711aeb8c441ad949c", "10c51b1fc7c0331b2827d6cd076e444badf94c7c29ed982b198447c5b7eabf12", "126e16a74f8e126e8f8a87587423927cd7212cd761b058f40031fd8adad4ea24", "13cf01f962b5b63794e3774b2c616bb0fdbe487306b22045a50a18d209e10d3b", "15e2851fc6481958b95eaab92541a7e37d126d0407308adb5b144b87b15d6bba", "1635881fe75944629367a4d9a989ee70a4d0897289218fda9d4dd4fb621b7104", "182aa91cc52306e7f71ae4135292c6157b002b5e91ba16e309261c4d63bf95fd", "1879a0fbb682735b9496f3a5e01a52d6720ce157bc49cde377c382bae4ed75ab", "1e2a5a88e370b4bbc50a62e61040a2fc117af42bf672e56925c1e24b3dc5039e", "1e2dde336b5e068ed2f0ccaa2a14f2bbd61f32951b62ef1a964e542e1f65be66", "1eceabe6da6e92bf09cb95edf20cc717baa50180146807164aed808691f0bcc9", "2236204531ad81d7ab9b2c8e704497ebfde5e2554d2687fa3f5bd3800be540ff", "22be1aff400bff0e8488683681571b2c923e2aa2ed7b146c3f2d72da27c75942", "240f24d87905781e0d893683d560dfaf8e8e1c8533617fe4791e6aa0b851b2de", "2750e43ee7fb9e3ceffd87a2af2646454f63af292f6501804f3fdcacc0da6121", "28d3830d68b8ead88c967f53d4544c5517fee4b18f27c2b7d7d4ecfdbc87c1dd", "2b1e565d706ae944fdc3517770819d310e346372bc52ec32ffbecfb4a05a2196", "305d2b4f7ebd85932c6daa7eca77fa08fa0adfb48e11cfe86e22e47e1aaf774a", "3cdf4800752be025dec2760a6c66eb059d734ebf2269d76186060fdb8176dfd9", "3d5f9a4e0070cf99b4dffbe3d06500b8929462015467f294509c178c756c8b4b", "3e376c34b73658f6ecde946265299d14f14d191191843b66f2ff581dfb2e39c4", "3ff648fe8c26ccf15b923e9de9f2b7cab25a047350a50cba019bed47b1ad1f40", "402dc9f0deb84bc6a911e6a13a953a6049e9eb79203968ca5cb123b21dd349f4", "41536fc93761f6923f86562c12768a1053b08bb08f91b31043f423bf0a2c0229", "4bc14c98bc777a7bb2cf013a460ff02b8a5a67a318be6c82e8b3f43ab72125d7", "88fae62ee9c09b67123d42a4ddc9dce679e5508668b60d2a3d869578bc652ad8", "9a0777c33e3e3273e74105959554b6bcf05755c6105921a2cf70bb80ae744a07", "b69f9b48df4766223316d7609dce39cc74450819fe65138547c6a21beb2d2d5e", "d53a72da6f43cc8b0a7adca3e397addfccfb1d6e9650184f76afc294b66f98a1", "e7e9e9ede8090e5bcf5ee8341f4540c21ace2e419b0d3a766c5e460313ca4328", "f29c24fceb5dd166b473d60785cf775c0b8e11380a4d237096cd99401c801d02"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\DFWOFIK", "value_name": "bd63ad6b"}, {"hashes": ["0266329991a609c3244535997bfc8a9c5a08953693f0960d72122d9dd19eaf53", "0fa59b6e8585416434a04898181b63ddcf3b785377da2d6711aeb8c441ad949c", "10c51b1fc7c0331b2827d6cd076e444badf94c7c29ed982b198447c5b7eabf12", "126e16a74f8e126e8f8a87587423927cd7212cd761b058f40031fd8adad4ea24", "13cf01f962b5b63794e3774b2c616bb0fdbe487306b22045a50a18d209e10d3b", "15e2851fc6481958b95eaab92541a7e37d126d0407308adb5b144b87b15d6bba", "1635881fe75944629367a4d9a989ee70a4d0897289218fda9d4dd4fb621b7104", "182aa91cc52306e7f71ae4135292c6157b002b5e91ba16e309261c4d63bf95fd", "1879a0fbb682735b9496f3a5e01a52d6720ce157bc49cde377c382bae4ed75ab", "1e2a5a88e370b4bbc50a62e61040a2fc117af42bf672e56925c1e24b3dc5039e", "1e2dde336b5e068ed2f0ccaa2a14f2bbd61f32951b62ef1a964e542e1f65be66", "1eceabe6da6e92bf09cb95edf20cc717baa50180146807164aed808691f0bcc9", "2236204531ad81d7ab9b2c8e704497ebfde5e2554d2687fa3f5bd3800be540ff", "22be1aff400bff0e8488683681571b2c923e2aa2ed7b146c3f2d72da27c75942", "240f24d87905781e0d893683d560dfaf8e8e1c8533617fe4791e6aa0b851b2de", "2750e43ee7fb9e3ceffd87a2af2646454f63af292f6501804f3fdcacc0da6121", "28d3830d68b8ead88c967f53d4544c5517fee4b18f27c2b7d7d4ecfdbc87c1dd", "2b1e565d706ae944fdc3517770819d310e346372bc52ec32ffbecfb4a05a2196", "305d2b4f7ebd85932c6daa7eca77fa08fa0adfb48e11cfe86e22e47e1aaf774a", "3cdf4800752be025dec2760a6c66eb059d734ebf2269d76186060fdb8176dfd9", "3d5f9a4e0070cf99b4dffbe3d06500b8929462015467f294509c178c756c8b4b", "3e376c34b73658f6ecde946265299d14f14d191191843b66f2ff581dfb2e39c4", "3ff648fe8c26ccf15b923e9de9f2b7cab25a047350a50cba019bed47b1ad1f40", "402dc9f0deb84bc6a911e6a13a953a6049e9eb79203968ca5cb123b21dd349f4", "41536fc93761f6923f86562c12768a1053b08bb08f91b31043f423bf0a2c0229", "4bc14c98bc777a7bb2cf013a460ff02b8a5a67a318be6c82e8b3f43ab72125d7", "88fae62ee9c09b67123d42a4ddc9dce679e5508668b60d2a3d869578bc652ad8", "9a0777c33e3e3273e74105959554b6bcf05755c6105921a2cf70bb80ae744a07", "b69f9b48df4766223316d7609dce39cc74450819fe65138547c6a21beb2d2d5e", "d53a72da6f43cc8b0a7adca3e397addfccfb1d6e9650184f76afc294b66f98a1", "e7e9e9ede8090e5bcf5ee8341f4540c21ace2e419b0d3a766c5e460313ca4328", "f29c24fceb5dd166b473d60785cf775c0b8e11380a4d237096cd99401c801d02"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\DFWOFIK", "value_name": "bf228d17"}, {"hashes": ["0266329991a609c3244535997bfc8a9c5a08953693f0960d72122d9dd19eaf53", "0fa59b6e8585416434a04898181b63ddcf3b785377da2d6711aeb8c441ad949c", "10c51b1fc7c0331b2827d6cd076e444badf94c7c29ed982b198447c5b7eabf12", "126e16a74f8e126e8f8a87587423927cd7212cd761b058f40031fd8adad4ea24", "13cf01f962b5b63794e3774b2c616bb0fdbe487306b22045a50a18d209e10d3b", "15e2851fc6481958b95eaab92541a7e37d126d0407308adb5b144b87b15d6bba", "1635881fe75944629367a4d9a989ee70a4d0897289218fda9d4dd4fb621b7104", "182aa91cc52306e7f71ae4135292c6157b002b5e91ba16e309261c4d63bf95fd", "1879a0fbb682735b9496f3a5e01a52d6720ce157bc49cde377c382bae4ed75ab", "1e2a5a88e370b4bbc50a62e61040a2fc117af42bf672e56925c1e24b3dc5039e", "1e2dde336b5e068ed2f0ccaa2a14f2bbd61f32951b62ef1a964e542e1f65be66", "1eceabe6da6e92bf09cb95edf20cc717baa50180146807164aed808691f0bcc9", "2236204531ad81d7ab9b2c8e704497ebfde5e2554d2687fa3f5bd3800be540ff", "22be1aff400bff0e8488683681571b2c923e2aa2ed7b146c3f2d72da27c75942", "240f24d87905781e0d893683d560dfaf8e8e1c8533617fe4791e6aa0b851b2de", "2750e43ee7fb9e3ceffd87a2af2646454f63af292f6501804f3fdcacc0da6121", "28d3830d68b8ead88c967f53d4544c5517fee4b18f27c2b7d7d4ecfdbc87c1dd", "2b1e565d706ae944fdc3517770819d310e346372bc52ec32ffbecfb4a05a2196", "305d2b4f7ebd85932c6daa7eca77fa08fa0adfb48e11cfe86e22e47e1aaf774a", "3cdf4800752be025dec2760a6c66eb059d734ebf2269d76186060fdb8176dfd9", "3d5f9a4e0070cf99b4dffbe3d06500b8929462015467f294509c178c756c8b4b", "3e376c34b73658f6ecde946265299d14f14d191191843b66f2ff581dfb2e39c4", "3ff648fe8c26ccf15b923e9de9f2b7cab25a047350a50cba019bed47b1ad1f40", "402dc9f0deb84bc6a911e6a13a953a6049e9eb79203968ca5cb123b21dd349f4", "41536fc93761f6923f86562c12768a1053b08bb08f91b31043f423bf0a2c0229", "4bc14c98bc777a7bb2cf013a460ff02b8a5a67a318be6c82e8b3f43ab72125d7", "88fae62ee9c09b67123d42a4ddc9dce679e5508668b60d2a3d869578bc652ad8", "9a0777c33e3e3273e74105959554b6bcf05755c6105921a2cf70bb80ae744a07", "b69f9b48df4766223316d7609dce39cc74450819fe65138547c6a21beb2d2d5e", "d53a72da6f43cc8b0a7adca3e397addfccfb1d6e9650184f76afc294b66f98a1", "e7e9e9ede8090e5bcf5ee8341f4540c21ace2e419b0d3a766c5e460313ca4328", "f29c24fceb5dd166b473d60785cf775c0b8e11380a4d237096cd99401c801d02"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\DFWOFIK", "value_name": "f7b512d3"}, {"hashes": ["0266329991a609c3244535997bfc8a9c5a08953693f0960d72122d9dd19eaf53", "0fa59b6e8585416434a04898181b63ddcf3b785377da2d6711aeb8c441ad949c", "10c51b1fc7c0331b2827d6cd076e444badf94c7c29ed982b198447c5b7eabf12", "126e16a74f8e126e8f8a87587423927cd7212cd761b058f40031fd8adad4ea24", "13cf01f962b5b63794e3774b2c616bb0fdbe487306b22045a50a18d209e10d3b", "15e2851fc6481958b95eaab92541a7e37d126d0407308adb5b144b87b15d6bba", "1635881fe75944629367a4d9a989ee70a4d0897289218fda9d4dd4fb621b7104", "182aa91cc52306e7f71ae4135292c6157b002b5e91ba16e309261c4d63bf95fd", "1879a0fbb682735b9496f3a5e01a52d6720ce157bc49cde377c382bae4ed75ab", "1e2a5a88e370b4bbc50a62e61040a2fc117af42bf672e56925c1e24b3dc5039e", "1e2dde336b5e068ed2f0ccaa2a14f2bbd61f32951b62ef1a964e542e1f65be66", "1eceabe6da6e92bf09cb95edf20cc717baa50180146807164aed808691f0bcc9", "2236204531ad81d7ab9b2c8e704497ebfde5e2554d2687fa3f5bd3800be540ff", "22be1aff400bff0e8488683681571b2c923e2aa2ed7b146c3f2d72da27c75942", "240f24d87905781e0d893683d560dfaf8e8e1c8533617fe4791e6aa0b851b2de", "2750e43ee7fb9e3ceffd87a2af2646454f63af292f6501804f3fdcacc0da6121", "28d3830d68b8ead88c967f53d4544c5517fee4b18f27c2b7d7d4ecfdbc87c1dd", "2b1e565d706ae944fdc3517770819d310e346372bc52ec32ffbecfb4a05a2196", "305d2b4f7ebd85932c6daa7eca77fa08fa0adfb48e11cfe86e22e47e1aaf774a", "3cdf4800752be025dec2760a6c66eb059d734ebf2269d76186060fdb8176dfd9", "3d5f9a4e0070cf99b4dffbe3d06500b8929462015467f294509c178c756c8b4b", "3e376c34b73658f6ecde946265299d14f14d191191843b66f2ff581dfb2e39c4", "3ff648fe8c26ccf15b923e9de9f2b7cab25a047350a50cba019bed47b1ad1f40", "402dc9f0deb84bc6a911e6a13a953a6049e9eb79203968ca5cb123b21dd349f4", "41536fc93761f6923f86562c12768a1053b08bb08f91b31043f423bf0a2c0229", "4bc14c98bc777a7bb2cf013a460ff02b8a5a67a318be6c82e8b3f43ab72125d7", "88fae62ee9c09b67123d42a4ddc9dce679e5508668b60d2a3d869578bc652ad8", "9a0777c33e3e3273e74105959554b6bcf05755c6105921a2cf70bb80ae744a07", "b69f9b48df4766223316d7609dce39cc74450819fe65138547c6a21beb2d2d5e", "d53a72da6f43cc8b0a7adca3e397addfccfb1d6e9650184f76afc294b66f98a1", "e7e9e9ede8090e5bcf5ee8341f4540c21ace2e419b0d3a766c5e460313ca4328", "f29c24fceb5dd166b473d60785cf775c0b8e11380a4d237096cd99401c801d02"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\DFWOFIK", "value_name": "79eea72"}, {"hashes": ["0266329991a609c3244535997bfc8a9c5a08953693f0960d72122d9dd19eaf53", "0fa59b6e8585416434a04898181b63ddcf3b785377da2d6711aeb8c441ad949c", "10c51b1fc7c0331b2827d6cd076e444badf94c7c29ed982b198447c5b7eabf12", "126e16a74f8e126e8f8a87587423927cd7212cd761b058f40031fd8adad4ea24", "13cf01f962b5b63794e3774b2c616bb0fdbe487306b22045a50a18d209e10d3b", "15e2851fc6481958b95eaab92541a7e37d126d0407308adb5b144b87b15d6bba", "1635881fe75944629367a4d9a989ee70a4d0897289218fda9d4dd4fb621b7104", "182aa91cc52306e7f71ae4135292c6157b002b5e91ba16e309261c4d63bf95fd", "1879a0fbb682735b9496f3a5e01a52d6720ce157bc49cde377c382bae4ed75ab", "1e2a5a88e370b4bbc50a62e61040a2fc117af42bf672e56925c1e24b3dc5039e", "1e2dde336b5e068ed2f0ccaa2a14f2bbd61f32951b62ef1a964e542e1f65be66", "1eceabe6da6e92bf09cb95edf20cc717baa50180146807164aed808691f0bcc9", "2236204531ad81d7ab9b2c8e704497ebfde5e2554d2687fa3f5bd3800be540ff", "22be1aff400bff0e8488683681571b2c923e2aa2ed7b146c3f2d72da27c75942", "240f24d87905781e0d893683d560dfaf8e8e1c8533617fe4791e6aa0b851b2de", "2750e43ee7fb9e3ceffd87a2af2646454f63af292f6501804f3fdcacc0da6121", "28d3830d68b8ead88c967f53d4544c5517fee4b18f27c2b7d7d4ecfdbc87c1dd", "2b1e565d706ae944fdc3517770819d310e346372bc52ec32ffbecfb4a05a2196", "305d2b4f7ebd85932c6daa7eca77fa08fa0adfb48e11cfe86e22e47e1aaf774a", "3cdf4800752be025dec2760a6c66eb059d734ebf2269d76186060fdb8176dfd9", "3d5f9a4e0070cf99b4dffbe3d06500b8929462015467f294509c178c756c8b4b", "3e376c34b73658f6ecde946265299d14f14d191191843b66f2ff581dfb2e39c4", "3ff648fe8c26ccf15b923e9de9f2b7cab25a047350a50cba019bed47b1ad1f40", "402dc9f0deb84bc6a911e6a13a953a6049e9eb79203968ca5cb123b21dd349f4", "41536fc93761f6923f86562c12768a1053b08bb08f91b31043f423bf0a2c0229", "4bc14c98bc777a7bb2cf013a460ff02b8a5a67a318be6c82e8b3f43ab72125d7", "88fae62ee9c09b67123d42a4ddc9dce679e5508668b60d2a3d869578bc652ad8", "9a0777c33e3e3273e74105959554b6bcf05755c6105921a2cf70bb80ae744a07", "b69f9b48df4766223316d7609dce39cc74450819fe65138547c6a21beb2d2d5e", "d53a72da6f43cc8b0a7adca3e397addfccfb1d6e9650184f76afc294b66f98a1", "e7e9e9ede8090e5bcf5ee8341f4540c21ace2e419b0d3a766c5e460313ca4328", "f29c24fceb5dd166b473d60785cf775c0b8e11380a4d237096cd99401c801d02"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\DFWOFIK", "value_name": "7a96a5f8"}, {"hashes": ["0266329991a609c3244535997bfc8a9c5a08953693f0960d72122d9dd19eaf53", "0fa59b6e8585416434a04898181b63ddcf3b785377da2d6711aeb8c441ad949c", "10c51b1fc7c0331b2827d6cd076e444badf94c7c29ed982b198447c5b7eabf12", "126e16a74f8e126e8f8a87587423927cd7212cd761b058f40031fd8adad4ea24", "13cf01f962b5b63794e3774b2c616bb0fdbe487306b22045a50a18d209e10d3b", "15e2851fc6481958b95eaab92541a7e37d126d0407308adb5b144b87b15d6bba", "1635881fe75944629367a4d9a989ee70a4d0897289218fda9d4dd4fb621b7104", "182aa91cc52306e7f71ae4135292c6157b002b5e91ba16e309261c4d63bf95fd", "1879a0fbb682735b9496f3a5e01a52d6720ce157bc49cde377c382bae4ed75ab", "1e2a5a88e370b4bbc50a62e61040a2fc117af42bf672e56925c1e24b3dc5039e", "1e2dde336b5e068ed2f0ccaa2a14f2bbd61f32951b62ef1a964e542e1f65be66", "1eceabe6da6e92bf09cb95edf20cc717baa50180146807164aed808691f0bcc9", "2236204531ad81d7ab9b2c8e704497ebfde5e2554d2687fa3f5bd3800be540ff", "22be1aff400bff0e8488683681571b2c923e2aa2ed7b146c3f2d72da27c75942", "240f24d87905781e0d893683d560dfaf8e8e1c8533617fe4791e6aa0b851b2de", "2750e43ee7fb9e3ceffd87a2af2646454f63af292f6501804f3fdcacc0da6121", "28d3830d68b8ead88c967f53d4544c5517fee4b18f27c2b7d7d4ecfdbc87c1dd", "2b1e565d706ae944fdc3517770819d310e346372bc52ec32ffbecfb4a05a2196", "305d2b4f7ebd85932c6daa7eca77fa08fa0adfb48e11cfe86e22e47e1aaf774a", "3cdf4800752be025dec2760a6c66eb059d734ebf2269d76186060fdb8176dfd9", "3d5f9a4e0070cf99b4dffbe3d06500b8929462015467f294509c178c756c8b4b", "3e376c34b73658f6ecde946265299d14f14d191191843b66f2ff581dfb2e39c4", "3ff648fe8c26ccf15b923e9de9f2b7cab25a047350a50cba019bed47b1ad1f40", "402dc9f0deb84bc6a911e6a13a953a6049e9eb79203968ca5cb123b21dd349f4", "41536fc93761f6923f86562c12768a1053b08bb08f91b31043f423bf0a2c0229", "4bc14c98bc777a7bb2cf013a460ff02b8a5a67a318be6c82e8b3f43ab72125d7", "88fae62ee9c09b67123d42a4ddc9dce679e5508668b60d2a3d869578bc652ad8", "9a0777c33e3e3273e74105959554b6bcf05755c6105921a2cf70bb80ae744a07", "b69f9b48df4766223316d7609dce39cc74450819fe65138547c6a21beb2d2d5e", "d53a72da6f43cc8b0a7adca3e397addfccfb1d6e9650184f76afc294b66f98a1", "e7e9e9ede8090e5bcf5ee8341f4540c21ace2e419b0d3a766c5e460313ca4328", "f29c24fceb5dd166b473d60785cf775c0b8e11380a4d237096cd99401c801d02"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\DFWOFIK", "value_name": "c22ac29d"}, {"hashes": ["0266329991a609c3244535997bfc8a9c5a08953693f0960d72122d9dd19eaf53", "0fa59b6e8585416434a04898181b63ddcf3b785377da2d6711aeb8c441ad949c", "10c51b1fc7c0331b2827d6cd076e444badf94c7c29ed982b198447c5b7eabf12", "126e16a74f8e126e8f8a87587423927cd7212cd761b058f40031fd8adad4ea24", "13cf01f962b5b63794e3774b2c616bb0fdbe487306b22045a50a18d209e10d3b", "15e2851fc6481958b95eaab92541a7e37d126d0407308adb5b144b87b15d6bba", "1635881fe75944629367a4d9a989ee70a4d0897289218fda9d4dd4fb621b7104", "182aa91cc52306e7f71ae4135292c6157b002b5e91ba16e309261c4d63bf95fd", "1879a0fbb682735b9496f3a5e01a52d6720ce157bc49cde377c382bae4ed75ab", "1e2a5a88e370b4bbc50a62e61040a2fc117af42bf672e56925c1e24b3dc5039e", "1e2dde336b5e068ed2f0ccaa2a14f2bbd61f32951b62ef1a964e542e1f65be66", "1eceabe6da6e92bf09cb95edf20cc717baa50180146807164aed808691f0bcc9", "2236204531ad81d7ab9b2c8e704497ebfde5e2554d2687fa3f5bd3800be540ff", "22be1aff400bff0e8488683681571b2c923e2aa2ed7b146c3f2d72da27c75942", "240f24d87905781e0d893683d560dfaf8e8e1c8533617fe4791e6aa0b851b2de", "2750e43ee7fb9e3ceffd87a2af2646454f63af292f6501804f3fdcacc0da6121", "28d3830d68b8ead88c967f53d4544c5517fee4b18f27c2b7d7d4ecfdbc87c1dd", "2b1e565d706ae944fdc3517770819d310e346372bc52ec32ffbecfb4a05a2196", "305d2b4f7ebd85932c6daa7eca77fa08fa0adfb48e11cfe86e22e47e1aaf774a", "3cdf4800752be025dec2760a6c66eb059d734ebf2269d76186060fdb8176dfd9", "3d5f9a4e0070cf99b4dffbe3d06500b8929462015467f294509c178c756c8b4b", "3e376c34b73658f6ecde946265299d14f14d191191843b66f2ff581dfb2e39c4", "3ff648fe8c26ccf15b923e9de9f2b7cab25a047350a50cba019bed47b1ad1f40", "402dc9f0deb84bc6a911e6a13a953a6049e9eb79203968ca5cb123b21dd349f4", "41536fc93761f6923f86562c12768a1053b08bb08f91b31043f423bf0a2c0229", "4bc14c98bc777a7bb2cf013a460ff02b8a5a67a318be6c82e8b3f43ab72125d7", "88fae62ee9c09b67123d42a4ddc9dce679e5508668b60d2a3d869578bc652ad8", "9a0777c33e3e3273e74105959554b6bcf05755c6105921a2cf70bb80ae744a07", "b69f9b48df4766223316d7609dce39cc74450819fe65138547c6a21beb2d2d5e", "d53a72da6f43cc8b0a7adca3e397addfccfb1d6e9650184f76afc294b66f98a1", "e7e9e9ede8090e5bcf5ee8341f4540c21ace2e419b0d3a766c5e460313ca4328", "f29c24fceb5dd166b473d60785cf775c0b8e11380a4d237096cd99401c801d02"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\DFWOFIK", "value_name": "5dfca0e"}, {"hashes": ["0266329991a609c3244535997bfc8a9c5a08953693f0960d72122d9dd19eaf53", "0fa59b6e8585416434a04898181b63ddcf3b785377da2d6711aeb8c441ad949c", "10c51b1fc7c0331b2827d6cd076e444badf94c7c29ed982b198447c5b7eabf12", "126e16a74f8e126e8f8a87587423927cd7212cd761b058f40031fd8adad4ea24", "13cf01f962b5b63794e3774b2c616bb0fdbe487306b22045a50a18d209e10d3b", "15e2851fc6481958b95eaab92541a7e37d126d0407308adb5b144b87b15d6bba", "1635881fe75944629367a4d9a989ee70a4d0897289218fda9d4dd4fb621b7104", "182aa91cc52306e7f71ae4135292c6157b002b5e91ba16e309261c4d63bf95fd", "1879a0fbb682735b9496f3a5e01a52d6720ce157bc49cde377c382bae4ed75ab", "1e2a5a88e370b4bbc50a62e61040a2fc117af42bf672e56925c1e24b3dc5039e", "1e2dde336b5e068ed2f0ccaa2a14f2bbd61f32951b62ef1a964e542e1f65be66", "1eceabe6da6e92bf09cb95edf20cc717baa50180146807164aed808691f0bcc9", "2236204531ad81d7ab9b2c8e704497ebfde5e2554d2687fa3f5bd3800be540ff", "22be1aff400bff0e8488683681571b2c923e2aa2ed7b146c3f2d72da27c75942", "240f24d87905781e0d893683d560dfaf8e8e1c8533617fe4791e6aa0b851b2de", "2750e43ee7fb9e3ceffd87a2af2646454f63af292f6501804f3fdcacc0da6121", "28d3830d68b8ead88c967f53d4544c5517fee4b18f27c2b7d7d4ecfdbc87c1dd", "2b1e565d706ae944fdc3517770819d310e346372bc52ec32ffbecfb4a05a2196", "305d2b4f7ebd85932c6daa7eca77fa08fa0adfb48e11cfe86e22e47e1aaf774a", "3cdf4800752be025dec2760a6c66eb059d734ebf2269d76186060fdb8176dfd9", "3d5f9a4e0070cf99b4dffbe3d06500b8929462015467f294509c178c756c8b4b", "3e376c34b73658f6ecde946265299d14f14d191191843b66f2ff581dfb2e39c4", "3ff648fe8c26ccf15b923e9de9f2b7cab25a047350a50cba019bed47b1ad1f40", "402dc9f0deb84bc6a911e6a13a953a6049e9eb79203968ca5cb123b21dd349f4", "41536fc93761f6923f86562c12768a1053b08bb08f91b31043f423bf0a2c0229", "4bc14c98bc777a7bb2cf013a460ff02b8a5a67a318be6c82e8b3f43ab72125d7", "88fae62ee9c09b67123d42a4ddc9dce679e5508668b60d2a3d869578bc652ad8", "9a0777c33e3e3273e74105959554b6bcf05755c6105921a2cf70bb80ae744a07", "b69f9b48df4766223316d7609dce39cc74450819fe65138547c6a21beb2d2d5e", "d53a72da6f43cc8b0a7adca3e397addfccfb1d6e9650184f76afc294b66f98a1", "e7e9e9ede8090e5bcf5ee8341f4540c21ace2e419b0d3a766c5e460313ca4328", "f29c24fceb5dd166b473d60785cf775c0b8e11380a4d237096cd99401c801d02"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\DFWOFIK", "value_name": "88fc7d25"}]}, "reports_count": 32}, "exprev": [], "info": {"origin": "Cisco Talos Intelligence Group", "publication_date": "2023-02-24T13:42:56+00:00", "version": "2.1", "warning": "As a reminder, the information provided for the following threatsin this post is non-exhaustive and current as of the date ofpublication. Additionally, please keep in mind that IOC searchingis only one part of threat hunting. Spotting a single IOC does notnecessarily indicate maliciousness. Detection and coverage for thefollowing threats is subject to updates, pending additional threator vulnerability analysis. For the most current information, pleaserefer to your Firepower Management Center, Snort.org, or ClamAV.net."}, "signatures": ["Win.Ransomware.Locky-9988336-0", "Win.Dropper.njRAT-9988317-0", "Win.Dropper.Raccoon-9988310-0", "Win.Dropper.Nanocore-9988136-0", "Win.Dropper.Zeus-9988134-0", "Win.Ransomware.Cerber-9988129-0", "Win.Trojan.Qakbot-9988002-1", "Win.Dropper.Formbook-9987985-0"]}