{"Win.Dropper.Bifrost-9993163-0": {"bis": [{"bi": "pe-encrypted-section", "hashes": ["4beed9c0549d7ada7dc8ad39669dbad611648c9b8957bc3e25298e00994a0b0f", "14a4c1408da2ae0d9762d82a2161a8a567e425c5b3543c3e9fe225d9aeb680db", "3b1c14bda01283311dd7f62882fd74e65735202f635323be30a5f98c0e2d009f", "0357d948e0ad1377a41b06db264b67433553388074496e8a3b9d7e0d464dcfd8", "df8dabcc26df0e40c3e2e2ed7b9477891aeaaa8ee1a1d7f227c83d81b07fe9b2", "d1c56ea372d6245f633d594be70cb61ffdfa5199d140823de63479aaf5872557", "54cec1ab049ef4eeca383b00c00e4a2a9845ca58edf123290a60563bc70fa7ce", "c329a63536aba1515a27e9df136521f49a4f28e905e05c351530a77591403c69", "db69691fa03da43646cf603dd7c73982d27be89c1cb9b4d3badd3576e42d1832", "a2da494eb48b27c0866db394d9da53b78210dd4c68a8fcc68925d5124f9ffdc0", "0a98d4c81b1abdad17061c0ddec9d6239b4b7141523fe0ed45f9621d01b98583", "d47657ffcd7eb8fef58015ef781d47c732220b9652ff4ad225fbb4ed9563ec19", "0199b8abacc6d10add7b87ba0baf97673e638782ca43b6336ad6da87ce599d1d", "6d8e6e013c7f00884bfb72c06f5d7056b52aa83679a167f4ebf3393c28cfe3bd", "cbc8e3d5589a02eef1f1ec1d96870903bc3ce6a445abc6271b7b777f1319d34c", "de11ca3b3f81a5b7a9d6d3b6bdb0f23000cd82c4ead1e9c199147776b24fcd9e", "aa6482bcaad1facc238ada6b4c550c58acb522cae7502648db8ced6033bde2fa", "28cbab6d8ef92706eab11d26cd9ef93fa511b3433790065f88f70f8cbeb86d89", "52da358a1b38f8105dd6f19c2601de4fc803cfdcd3b22c473f27701948cb6040", "c34c66c001427f13ea2927c30d8a7c2e391079deedc02e697837da643334b968", "1171fa5d8b2597e9d372c04c0c889f0d99a1074e545ffe2888f1e88a5c999e35"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "memory-execute-readwrite", "hashes": ["4beed9c0549d7ada7dc8ad39669dbad611648c9b8957bc3e25298e00994a0b0f", "14a4c1408da2ae0d9762d82a2161a8a567e425c5b3543c3e9fe225d9aeb680db", "3b1c14bda01283311dd7f62882fd74e65735202f635323be30a5f98c0e2d009f", "0357d948e0ad1377a41b06db264b67433553388074496e8a3b9d7e0d464dcfd8", "df8dabcc26df0e40c3e2e2ed7b9477891aeaaa8ee1a1d7f227c83d81b07fe9b2", "d1c56ea372d6245f633d594be70cb61ffdfa5199d140823de63479aaf5872557", "54cec1ab049ef4eeca383b00c00e4a2a9845ca58edf123290a60563bc70fa7ce", "c329a63536aba1515a27e9df136521f49a4f28e905e05c351530a77591403c69", "db69691fa03da43646cf603dd7c73982d27be89c1cb9b4d3badd3576e42d1832", "a2da494eb48b27c0866db394d9da53b78210dd4c68a8fcc68925d5124f9ffdc0", "0a98d4c81b1abdad17061c0ddec9d6239b4b7141523fe0ed45f9621d01b98583", "d47657ffcd7eb8fef58015ef781d47c732220b9652ff4ad225fbb4ed9563ec19", "0199b8abacc6d10add7b87ba0baf97673e638782ca43b6336ad6da87ce599d1d", "6d8e6e013c7f00884bfb72c06f5d7056b52aa83679a167f4ebf3393c28cfe3bd", "cbc8e3d5589a02eef1f1ec1d96870903bc3ce6a445abc6271b7b777f1319d34c", "de11ca3b3f81a5b7a9d6d3b6bdb0f23000cd82c4ead1e9c199147776b24fcd9e", "aa6482bcaad1facc238ada6b4c550c58acb522cae7502648db8ced6033bde2fa", "28cbab6d8ef92706eab11d26cd9ef93fa511b3433790065f88f70f8cbeb86d89", "52da358a1b38f8105dd6f19c2601de4fc803cfdcd3b22c473f27701948cb6040", "c34c66c001427f13ea2927c30d8a7c2e391079deedc02e697837da643334b968", "1171fa5d8b2597e9d372c04c0c889f0d99a1074e545ffe2888f1e88a5c999e35"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["4beed9c0549d7ada7dc8ad39669dbad611648c9b8957bc3e25298e00994a0b0f", "14a4c1408da2ae0d9762d82a2161a8a567e425c5b3543c3e9fe225d9aeb680db", "3b1c14bda01283311dd7f62882fd74e65735202f635323be30a5f98c0e2d009f", "0357d948e0ad1377a41b06db264b67433553388074496e8a3b9d7e0d464dcfd8", "df8dabcc26df0e40c3e2e2ed7b9477891aeaaa8ee1a1d7f227c83d81b07fe9b2", "d1c56ea372d6245f633d594be70cb61ffdfa5199d140823de63479aaf5872557", "54cec1ab049ef4eeca383b00c00e4a2a9845ca58edf123290a60563bc70fa7ce", "c329a63536aba1515a27e9df136521f49a4f28e905e05c351530a77591403c69", "db69691fa03da43646cf603dd7c73982d27be89c1cb9b4d3badd3576e42d1832", "a2da494eb48b27c0866db394d9da53b78210dd4c68a8fcc68925d5124f9ffdc0", "0a98d4c81b1abdad17061c0ddec9d6239b4b7141523fe0ed45f9621d01b98583", "d47657ffcd7eb8fef58015ef781d47c732220b9652ff4ad225fbb4ed9563ec19", "0199b8abacc6d10add7b87ba0baf97673e638782ca43b6336ad6da87ce599d1d", "6d8e6e013c7f00884bfb72c06f5d7056b52aa83679a167f4ebf3393c28cfe3bd", "cbc8e3d5589a02eef1f1ec1d96870903bc3ce6a445abc6271b7b777f1319d34c", "de11ca3b3f81a5b7a9d6d3b6bdb0f23000cd82c4ead1e9c199147776b24fcd9e", "aa6482bcaad1facc238ada6b4c550c58acb522cae7502648db8ced6033bde2fa", "28cbab6d8ef92706eab11d26cd9ef93fa511b3433790065f88f70f8cbeb86d89", "52da358a1b38f8105dd6f19c2601de4fc803cfdcd3b22c473f27701948cb6040", "c34c66c001427f13ea2927c30d8a7c2e391079deedc02e697837da643334b968", "1171fa5d8b2597e9d372c04c0c889f0d99a1074e545ffe2888f1e88a5c999e35"], "mitre_attack_tags": []}, {"bi": "modified-file-in-user-dir", "hashes": ["4beed9c0549d7ada7dc8ad39669dbad611648c9b8957bc3e25298e00994a0b0f", "14a4c1408da2ae0d9762d82a2161a8a567e425c5b3543c3e9fe225d9aeb680db", "3b1c14bda01283311dd7f62882fd74e65735202f635323be30a5f98c0e2d009f", "0357d948e0ad1377a41b06db264b67433553388074496e8a3b9d7e0d464dcfd8", "df8dabcc26df0e40c3e2e2ed7b9477891aeaaa8ee1a1d7f227c83d81b07fe9b2", "d1c56ea372d6245f633d594be70cb61ffdfa5199d140823de63479aaf5872557", "54cec1ab049ef4eeca383b00c00e4a2a9845ca58edf123290a60563bc70fa7ce", "c329a63536aba1515a27e9df136521f49a4f28e905e05c351530a77591403c69", "db69691fa03da43646cf603dd7c73982d27be89c1cb9b4d3badd3576e42d1832", "a2da494eb48b27c0866db394d9da53b78210dd4c68a8fcc68925d5124f9ffdc0", "0a98d4c81b1abdad17061c0ddec9d6239b4b7141523fe0ed45f9621d01b98583", "d47657ffcd7eb8fef58015ef781d47c732220b9652ff4ad225fbb4ed9563ec19", "0199b8abacc6d10add7b87ba0baf97673e638782ca43b6336ad6da87ce599d1d", "6d8e6e013c7f00884bfb72c06f5d7056b52aa83679a167f4ebf3393c28cfe3bd", "cbc8e3d5589a02eef1f1ec1d96870903bc3ce6a445abc6271b7b777f1319d34c", "de11ca3b3f81a5b7a9d6d3b6bdb0f23000cd82c4ead1e9c199147776b24fcd9e", "aa6482bcaad1facc238ada6b4c550c58acb522cae7502648db8ced6033bde2fa", "28cbab6d8ef92706eab11d26cd9ef93fa511b3433790065f88f70f8cbeb86d89", "52da358a1b38f8105dd6f19c2601de4fc803cfdcd3b22c473f27701948cb6040", "c34c66c001427f13ea2927c30d8a7c2e391079deedc02e697837da643334b968", "1171fa5d8b2597e9d372c04c0c889f0d99a1074e545ffe2888f1e88a5c999e35"], "mitre_attack_tags": []}, {"bi": "pe-section-execute-writable", "hashes": ["4beed9c0549d7ada7dc8ad39669dbad611648c9b8957bc3e25298e00994a0b0f", "14a4c1408da2ae0d9762d82a2161a8a567e425c5b3543c3e9fe225d9aeb680db", "3b1c14bda01283311dd7f62882fd74e65735202f635323be30a5f98c0e2d009f", "0357d948e0ad1377a41b06db264b67433553388074496e8a3b9d7e0d464dcfd8", "df8dabcc26df0e40c3e2e2ed7b9477891aeaaa8ee1a1d7f227c83d81b07fe9b2", "d1c56ea372d6245f633d594be70cb61ffdfa5199d140823de63479aaf5872557", "54cec1ab049ef4eeca383b00c00e4a2a9845ca58edf123290a60563bc70fa7ce", "c329a63536aba1515a27e9df136521f49a4f28e905e05c351530a77591403c69", "db69691fa03da43646cf603dd7c73982d27be89c1cb9b4d3badd3576e42d1832", "a2da494eb48b27c0866db394d9da53b78210dd4c68a8fcc68925d5124f9ffdc0", "0a98d4c81b1abdad17061c0ddec9d6239b4b7141523fe0ed45f9621d01b98583", "d47657ffcd7eb8fef58015ef781d47c732220b9652ff4ad225fbb4ed9563ec19", "0199b8abacc6d10add7b87ba0baf97673e638782ca43b6336ad6da87ce599d1d", "6d8e6e013c7f00884bfb72c06f5d7056b52aa83679a167f4ebf3393c28cfe3bd", "cbc8e3d5589a02eef1f1ec1d96870903bc3ce6a445abc6271b7b777f1319d34c", "de11ca3b3f81a5b7a9d6d3b6bdb0f23000cd82c4ead1e9c199147776b24fcd9e", "aa6482bcaad1facc238ada6b4c550c58acb522cae7502648db8ced6033bde2fa", "28cbab6d8ef92706eab11d26cd9ef93fa511b3433790065f88f70f8cbeb86d89", "52da358a1b38f8105dd6f19c2601de4fc803cfdcd3b22c473f27701948cb6040", "c34c66c001427f13ea2927c30d8a7c2e391079deedc02e697837da643334b968", "1171fa5d8b2597e9d372c04c0c889f0d99a1074e545ffe2888f1e88a5c999e35"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-packed-upx", "hashes": ["4beed9c0549d7ada7dc8ad39669dbad611648c9b8957bc3e25298e00994a0b0f", "14a4c1408da2ae0d9762d82a2161a8a567e425c5b3543c3e9fe225d9aeb680db", "3b1c14bda01283311dd7f62882fd74e65735202f635323be30a5f98c0e2d009f", "0357d948e0ad1377a41b06db264b67433553388074496e8a3b9d7e0d464dcfd8", "df8dabcc26df0e40c3e2e2ed7b9477891aeaaa8ee1a1d7f227c83d81b07fe9b2", "d1c56ea372d6245f633d594be70cb61ffdfa5199d140823de63479aaf5872557", "54cec1ab049ef4eeca383b00c00e4a2a9845ca58edf123290a60563bc70fa7ce", "c329a63536aba1515a27e9df136521f49a4f28e905e05c351530a77591403c69", "db69691fa03da43646cf603dd7c73982d27be89c1cb9b4d3badd3576e42d1832", "a2da494eb48b27c0866db394d9da53b78210dd4c68a8fcc68925d5124f9ffdc0", "0a98d4c81b1abdad17061c0ddec9d6239b4b7141523fe0ed45f9621d01b98583", "d47657ffcd7eb8fef58015ef781d47c732220b9652ff4ad225fbb4ed9563ec19", "0199b8abacc6d10add7b87ba0baf97673e638782ca43b6336ad6da87ce599d1d", "6d8e6e013c7f00884bfb72c06f5d7056b52aa83679a167f4ebf3393c28cfe3bd", "cbc8e3d5589a02eef1f1ec1d96870903bc3ce6a445abc6271b7b777f1319d34c", "de11ca3b3f81a5b7a9d6d3b6bdb0f23000cd82c4ead1e9c199147776b24fcd9e", "aa6482bcaad1facc238ada6b4c550c58acb522cae7502648db8ced6033bde2fa", "28cbab6d8ef92706eab11d26cd9ef93fa511b3433790065f88f70f8cbeb86d89", "52da358a1b38f8105dd6f19c2601de4fc803cfdcd3b22c473f27701948cb6040", "c34c66c001427f13ea2927c30d8a7c2e391079deedc02e697837da643334b968", "1171fa5d8b2597e9d372c04c0c889f0d99a1074e545ffe2888f1e88a5c999e35"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "modified-executable", "hashes": ["4beed9c0549d7ada7dc8ad39669dbad611648c9b8957bc3e25298e00994a0b0f", "14a4c1408da2ae0d9762d82a2161a8a567e425c5b3543c3e9fe225d9aeb680db", "3b1c14bda01283311dd7f62882fd74e65735202f635323be30a5f98c0e2d009f", "0357d948e0ad1377a41b06db264b67433553388074496e8a3b9d7e0d464dcfd8", "d1c56ea372d6245f633d594be70cb61ffdfa5199d140823de63479aaf5872557", "54cec1ab049ef4eeca383b00c00e4a2a9845ca58edf123290a60563bc70fa7ce", "c329a63536aba1515a27e9df136521f49a4f28e905e05c351530a77591403c69", "db69691fa03da43646cf603dd7c73982d27be89c1cb9b4d3badd3576e42d1832", "0a98d4c81b1abdad17061c0ddec9d6239b4b7141523fe0ed45f9621d01b98583", "d47657ffcd7eb8fef58015ef781d47c732220b9652ff4ad225fbb4ed9563ec19", "0199b8abacc6d10add7b87ba0baf97673e638782ca43b6336ad6da87ce599d1d", "6d8e6e013c7f00884bfb72c06f5d7056b52aa83679a167f4ebf3393c28cfe3bd", "cbc8e3d5589a02eef1f1ec1d96870903bc3ce6a445abc6271b7b777f1319d34c", "de11ca3b3f81a5b7a9d6d3b6bdb0f23000cd82c4ead1e9c199147776b24fcd9e", "aa6482bcaad1facc238ada6b4c550c58acb522cae7502648db8ced6033bde2fa", "28cbab6d8ef92706eab11d26cd9ef93fa511b3433790065f88f70f8cbeb86d89", "52da358a1b38f8105dd6f19c2601de4fc803cfdcd3b22c473f27701948cb6040", "c34c66c001427f13ea2927c30d8a7c2e391079deedc02e697837da643334b968", "1171fa5d8b2597e9d372c04c0c889f0d99a1074e545ffe2888f1e88a5c999e35"], "mitre_attack_tags": []}, {"bi": "created-executable-in-user-dir", "hashes": ["4beed9c0549d7ada7dc8ad39669dbad611648c9b8957bc3e25298e00994a0b0f", "14a4c1408da2ae0d9762d82a2161a8a567e425c5b3543c3e9fe225d9aeb680db", "3b1c14bda01283311dd7f62882fd74e65735202f635323be30a5f98c0e2d009f", "0357d948e0ad1377a41b06db264b67433553388074496e8a3b9d7e0d464dcfd8", "d1c56ea372d6245f633d594be70cb61ffdfa5199d140823de63479aaf5872557", "54cec1ab049ef4eeca383b00c00e4a2a9845ca58edf123290a60563bc70fa7ce", "c329a63536aba1515a27e9df136521f49a4f28e905e05c351530a77591403c69", "db69691fa03da43646cf603dd7c73982d27be89c1cb9b4d3badd3576e42d1832", "0a98d4c81b1abdad17061c0ddec9d6239b4b7141523fe0ed45f9621d01b98583", "d47657ffcd7eb8fef58015ef781d47c732220b9652ff4ad225fbb4ed9563ec19", "0199b8abacc6d10add7b87ba0baf97673e638782ca43b6336ad6da87ce599d1d", "6d8e6e013c7f00884bfb72c06f5d7056b52aa83679a167f4ebf3393c28cfe3bd", "cbc8e3d5589a02eef1f1ec1d96870903bc3ce6a445abc6271b7b777f1319d34c", "de11ca3b3f81a5b7a9d6d3b6bdb0f23000cd82c4ead1e9c199147776b24fcd9e", "aa6482bcaad1facc238ada6b4c550c58acb522cae7502648db8ced6033bde2fa", "28cbab6d8ef92706eab11d26cd9ef93fa511b3433790065f88f70f8cbeb86d89", "52da358a1b38f8105dd6f19c2601de4fc803cfdcd3b22c473f27701948cb6040", "c34c66c001427f13ea2927c30d8a7c2e391079deedc02e697837da643334b968", "1171fa5d8b2597e9d372c04c0c889f0d99a1074e545ffe2888f1e88a5c999e35"], "mitre_attack_tags": []}, {"bi": "registry-autorun-key-modified", "hashes": ["4beed9c0549d7ada7dc8ad39669dbad611648c9b8957bc3e25298e00994a0b0f", "14a4c1408da2ae0d9762d82a2161a8a567e425c5b3543c3e9fe225d9aeb680db", "3b1c14bda01283311dd7f62882fd74e65735202f635323be30a5f98c0e2d009f", "0357d948e0ad1377a41b06db264b67433553388074496e8a3b9d7e0d464dcfd8", "d1c56ea372d6245f633d594be70cb61ffdfa5199d140823de63479aaf5872557", "54cec1ab049ef4eeca383b00c00e4a2a9845ca58edf123290a60563bc70fa7ce", "c329a63536aba1515a27e9df136521f49a4f28e905e05c351530a77591403c69", "db69691fa03da43646cf603dd7c73982d27be89c1cb9b4d3badd3576e42d1832", "0a98d4c81b1abdad17061c0ddec9d6239b4b7141523fe0ed45f9621d01b98583", "d47657ffcd7eb8fef58015ef781d47c732220b9652ff4ad225fbb4ed9563ec19", "0199b8abacc6d10add7b87ba0baf97673e638782ca43b6336ad6da87ce599d1d", "6d8e6e013c7f00884bfb72c06f5d7056b52aa83679a167f4ebf3393c28cfe3bd", "cbc8e3d5589a02eef1f1ec1d96870903bc3ce6a445abc6271b7b777f1319d34c", "de11ca3b3f81a5b7a9d6d3b6bdb0f23000cd82c4ead1e9c199147776b24fcd9e", "aa6482bcaad1facc238ada6b4c550c58acb522cae7502648db8ced6033bde2fa", "28cbab6d8ef92706eab11d26cd9ef93fa511b3433790065f88f70f8cbeb86d89", "52da358a1b38f8105dd6f19c2601de4fc803cfdcd3b22c473f27701948cb6040", "c34c66c001427f13ea2927c30d8a7c2e391079deedc02e697837da643334b968", "1171fa5d8b2597e9d372c04c0c889f0d99a1074e545ffe2888f1e88a5c999e35"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "potential-registry-persistence", "hashes": ["4beed9c0549d7ada7dc8ad39669dbad611648c9b8957bc3e25298e00994a0b0f", "14a4c1408da2ae0d9762d82a2161a8a567e425c5b3543c3e9fe225d9aeb680db", "3b1c14bda01283311dd7f62882fd74e65735202f635323be30a5f98c0e2d009f", "0357d948e0ad1377a41b06db264b67433553388074496e8a3b9d7e0d464dcfd8", "d1c56ea372d6245f633d594be70cb61ffdfa5199d140823de63479aaf5872557", "54cec1ab049ef4eeca383b00c00e4a2a9845ca58edf123290a60563bc70fa7ce", "c329a63536aba1515a27e9df136521f49a4f28e905e05c351530a77591403c69", "db69691fa03da43646cf603dd7c73982d27be89c1cb9b4d3badd3576e42d1832", "0a98d4c81b1abdad17061c0ddec9d6239b4b7141523fe0ed45f9621d01b98583", "d47657ffcd7eb8fef58015ef781d47c732220b9652ff4ad225fbb4ed9563ec19", "0199b8abacc6d10add7b87ba0baf97673e638782ca43b6336ad6da87ce599d1d", "6d8e6e013c7f00884bfb72c06f5d7056b52aa83679a167f4ebf3393c28cfe3bd", "cbc8e3d5589a02eef1f1ec1d96870903bc3ce6a445abc6271b7b777f1319d34c", "de11ca3b3f81a5b7a9d6d3b6bdb0f23000cd82c4ead1e9c199147776b24fcd9e", "aa6482bcaad1facc238ada6b4c550c58acb522cae7502648db8ced6033bde2fa", "28cbab6d8ef92706eab11d26cd9ef93fa511b3433790065f88f70f8cbeb86d89", "52da358a1b38f8105dd6f19c2601de4fc803cfdcd3b22c473f27701948cb6040", "c34c66c001427f13ea2927c30d8a7c2e391079deedc02e697837da643334b968", "1171fa5d8b2597e9d372c04c0c889f0d99a1074e545ffe2888f1e88a5c999e35"], "mitre_attack_tags": ["TA0003"]}, {"bi": "pe-uses-iexpress", "hashes": ["4beed9c0549d7ada7dc8ad39669dbad611648c9b8957bc3e25298e00994a0b0f", "14a4c1408da2ae0d9762d82a2161a8a567e425c5b3543c3e9fe225d9aeb680db", "3b1c14bda01283311dd7f62882fd74e65735202f635323be30a5f98c0e2d009f", "0357d948e0ad1377a41b06db264b67433553388074496e8a3b9d7e0d464dcfd8", "d1c56ea372d6245f633d594be70cb61ffdfa5199d140823de63479aaf5872557", "54cec1ab049ef4eeca383b00c00e4a2a9845ca58edf123290a60563bc70fa7ce", "c329a63536aba1515a27e9df136521f49a4f28e905e05c351530a77591403c69", "db69691fa03da43646cf603dd7c73982d27be89c1cb9b4d3badd3576e42d1832", "0a98d4c81b1abdad17061c0ddec9d6239b4b7141523fe0ed45f9621d01b98583", "d47657ffcd7eb8fef58015ef781d47c732220b9652ff4ad225fbb4ed9563ec19", "0199b8abacc6d10add7b87ba0baf97673e638782ca43b6336ad6da87ce599d1d", "6d8e6e013c7f00884bfb72c06f5d7056b52aa83679a167f4ebf3393c28cfe3bd", "cbc8e3d5589a02eef1f1ec1d96870903bc3ce6a445abc6271b7b777f1319d34c", "de11ca3b3f81a5b7a9d6d3b6bdb0f23000cd82c4ead1e9c199147776b24fcd9e", "aa6482bcaad1facc238ada6b4c550c58acb522cae7502648db8ced6033bde2fa", "28cbab6d8ef92706eab11d26cd9ef93fa511b3433790065f88f70f8cbeb86d89", "52da358a1b38f8105dd6f19c2601de4fc803cfdcd3b22c473f27701948cb6040", "c34c66c001427f13ea2927c30d8a7c2e391079deedc02e697837da643334b968", "1171fa5d8b2597e9d372c04c0c889f0d99a1074e545ffe2888f1e88a5c999e35"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-resource-lang-arabic", "hashes": ["4beed9c0549d7ada7dc8ad39669dbad611648c9b8957bc3e25298e00994a0b0f", "df8dabcc26df0e40c3e2e2ed7b9477891aeaaa8ee1a1d7f227c83d81b07fe9b2", "c329a63536aba1515a27e9df136521f49a4f28e905e05c351530a77591403c69", "db69691fa03da43646cf603dd7c73982d27be89c1cb9b4d3badd3576e42d1832", "a2da494eb48b27c0866db394d9da53b78210dd4c68a8fcc68925d5124f9ffdc0", "0a98d4c81b1abdad17061c0ddec9d6239b4b7141523fe0ed45f9621d01b98583", "0199b8abacc6d10add7b87ba0baf97673e638782ca43b6336ad6da87ce599d1d", "6d8e6e013c7f00884bfb72c06f5d7056b52aa83679a167f4ebf3393c28cfe3bd", "cbc8e3d5589a02eef1f1ec1d96870903bc3ce6a445abc6271b7b777f1319d34c", "de11ca3b3f81a5b7a9d6d3b6bdb0f23000cd82c4ead1e9c199147776b24fcd9e", "aa6482bcaad1facc238ada6b4c550c58acb522cae7502648db8ced6033bde2fa", "28cbab6d8ef92706eab11d26cd9ef93fa511b3433790065f88f70f8cbeb86d89"], "mitre_attack_tags": []}, {"bi": "pe-tls-callback", "hashes": ["d1c56ea372d6245f633d594be70cb61ffdfa5199d140823de63479aaf5872557", "54cec1ab049ef4eeca383b00c00e4a2a9845ca58edf123290a60563bc70fa7ce", "c329a63536aba1515a27e9df136521f49a4f28e905e05c351530a77591403c69", "db69691fa03da43646cf603dd7c73982d27be89c1cb9b4d3badd3576e42d1832", "0a98d4c81b1abdad17061c0ddec9d6239b4b7141523fe0ed45f9621d01b98583", "6d8e6e013c7f00884bfb72c06f5d7056b52aa83679a167f4ebf3393c28cfe3bd", "cbc8e3d5589a02eef1f1ec1d96870903bc3ce6a445abc6271b7b777f1319d34c", "de11ca3b3f81a5b7a9d6d3b6bdb0f23000cd82c4ead1e9c199147776b24fcd9e", "aa6482bcaad1facc238ada6b4c550c58acb522cae7502648db8ced6033bde2fa", "28cbab6d8ef92706eab11d26cd9ef93fa511b3433790065f88f70f8cbeb86d89", "52da358a1b38f8105dd6f19c2601de4fc803cfdcd3b22c473f27701948cb6040", "1171fa5d8b2597e9d372c04c0c889f0d99a1074e545ffe2888f1e88a5c999e35"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "excessive-foreign-memory-modification", "hashes": ["3b1c14bda01283311dd7f62882fd74e65735202f635323be30a5f98c0e2d009f", "c329a63536aba1515a27e9df136521f49a4f28e905e05c351530a77591403c69", "db69691fa03da43646cf603dd7c73982d27be89c1cb9b4d3badd3576e42d1832", "0a98d4c81b1abdad17061c0ddec9d6239b4b7141523fe0ed45f9621d01b98583", "d47657ffcd7eb8fef58015ef781d47c732220b9652ff4ad225fbb4ed9563ec19", "6d8e6e013c7f00884bfb72c06f5d7056b52aa83679a167f4ebf3393c28cfe3bd", "cbc8e3d5589a02eef1f1ec1d96870903bc3ce6a445abc6271b7b777f1319d34c", "de11ca3b3f81a5b7a9d6d3b6bdb0f23000cd82c4ead1e9c199147776b24fcd9e", "aa6482bcaad1facc238ada6b4c550c58acb522cae7502648db8ced6033bde2fa", "28cbab6d8ef92706eab11d26cd9ef93fa511b3433790065f88f70f8cbeb86d89", "c34c66c001427f13ea2927c30d8a7c2e391079deedc02e697837da643334b968"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "antivirus-flagged-artifact", "hashes": ["c329a63536aba1515a27e9df136521f49a4f28e905e05c351530a77591403c69", "db69691fa03da43646cf603dd7c73982d27be89c1cb9b4d3badd3576e42d1832", "0a98d4c81b1abdad17061c0ddec9d6239b4b7141523fe0ed45f9621d01b98583", "6d8e6e013c7f00884bfb72c06f5d7056b52aa83679a167f4ebf3393c28cfe3bd", "cbc8e3d5589a02eef1f1ec1d96870903bc3ce6a445abc6271b7b777f1319d34c", "de11ca3b3f81a5b7a9d6d3b6bdb0f23000cd82c4ead1e9c199147776b24fcd9e", "aa6482bcaad1facc238ada6b4c550c58acb522cae7502648db8ced6033bde2fa", "28cbab6d8ef92706eab11d26cd9ef93fa511b3433790065f88f70f8cbeb86d89", "52da358a1b38f8105dd6f19c2601de4fc803cfdcd3b22c473f27701948cb6040", "c34c66c001427f13ea2927c30d8a7c2e391079deedc02e697837da643334b968"], "mitre_attack_tags": []}, {"bi": "pe-header-timestamp-prior", "hashes": ["c329a63536aba1515a27e9df136521f49a4f28e905e05c351530a77591403c69", "db69691fa03da43646cf603dd7c73982d27be89c1cb9b4d3badd3576e42d1832", "0a98d4c81b1abdad17061c0ddec9d6239b4b7141523fe0ed45f9621d01b98583", "6d8e6e013c7f00884bfb72c06f5d7056b52aa83679a167f4ebf3393c28cfe3bd", "cbc8e3d5589a02eef1f1ec1d96870903bc3ce6a445abc6271b7b777f1319d34c", "de11ca3b3f81a5b7a9d6d3b6bdb0f23000cd82c4ead1e9c199147776b24fcd9e", "aa6482bcaad1facc238ada6b4c550c58acb522cae7502648db8ced6033bde2fa", "28cbab6d8ef92706eab11d26cd9ef93fa511b3433790065f88f70f8cbeb86d89", "52da358a1b38f8105dd6f19c2601de4fc803cfdcd3b22c473f27701948cb6040", "1171fa5d8b2597e9d372c04c0c889f0d99a1074e545ffe2888f1e88a5c999e35"], "mitre_attack_tags": []}, {"bi": "malware-bifrost-default-mutex-detected", "hashes": ["3b1c14bda01283311dd7f62882fd74e65735202f635323be30a5f98c0e2d009f", "0a98d4c81b1abdad17061c0ddec9d6239b4b7141523fe0ed45f9621d01b98583", "d47657ffcd7eb8fef58015ef781d47c732220b9652ff4ad225fbb4ed9563ec19", "6d8e6e013c7f00884bfb72c06f5d7056b52aa83679a167f4ebf3393c28cfe3bd", "cbc8e3d5589a02eef1f1ec1d96870903bc3ce6a445abc6271b7b777f1319d34c", "de11ca3b3f81a5b7a9d6d3b6bdb0f23000cd82c4ead1e9c199147776b24fcd9e", "aa6482bcaad1facc238ada6b4c550c58acb522cae7502648db8ced6033bde2fa", "28cbab6d8ef92706eab11d26cd9ef93fa511b3433790065f88f70f8cbeb86d89", "c34c66c001427f13ea2927c30d8a7c2e391079deedc02e697837da643334b968"], "mitre_attack_tags": []}, {"bi": "pe-section-shared", "hashes": ["d1c56ea372d6245f633d594be70cb61ffdfa5199d140823de63479aaf5872557", "54cec1ab049ef4eeca383b00c00e4a2a9845ca58edf123290a60563bc70fa7ce", "0a98d4c81b1abdad17061c0ddec9d6239b4b7141523fe0ed45f9621d01b98583", "6d8e6e013c7f00884bfb72c06f5d7056b52aa83679a167f4ebf3393c28cfe3bd", "cbc8e3d5589a02eef1f1ec1d96870903bc3ce6a445abc6271b7b777f1319d34c", "de11ca3b3f81a5b7a9d6d3b6bdb0f23000cd82c4ead1e9c199147776b24fcd9e", "aa6482bcaad1facc238ada6b4c550c58acb522cae7502648db8ced6033bde2fa", "28cbab6d8ef92706eab11d26cd9ef93fa511b3433790065f88f70f8cbeb86d89", "52da358a1b38f8105dd6f19c2601de4fc803cfdcd3b22c473f27701948cb6040"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "malware-known-trojan-av", "hashes": ["0a98d4c81b1abdad17061c0ddec9d6239b4b7141523fe0ed45f9621d01b98583", "6d8e6e013c7f00884bfb72c06f5d7056b52aa83679a167f4ebf3393c28cfe3bd", "cbc8e3d5589a02eef1f1ec1d96870903bc3ce6a445abc6271b7b777f1319d34c", "de11ca3b3f81a5b7a9d6d3b6bdb0f23000cd82c4ead1e9c199147776b24fcd9e", "aa6482bcaad1facc238ada6b4c550c58acb522cae7502648db8ced6033bde2fa", "28cbab6d8ef92706eab11d26cd9ef93fa511b3433790065f88f70f8cbeb86d89", "52da358a1b38f8105dd6f19c2601de4fc803cfdcd3b22c473f27701948cb6040", "c34c66c001427f13ea2927c30d8a7c2e391079deedc02e697837da643334b968"], "mitre_attack_tags": []}, {"bi": "artifact-flagged-anomaly", "hashes": ["14a4c1408da2ae0d9762d82a2161a8a567e425c5b3543c3e9fe225d9aeb680db", "0357d948e0ad1377a41b06db264b67433553388074496e8a3b9d7e0d464dcfd8", "df8dabcc26df0e40c3e2e2ed7b9477891aeaaa8ee1a1d7f227c83d81b07fe9b2", "d1c56ea372d6245f633d594be70cb61ffdfa5199d140823de63479aaf5872557", "54cec1ab049ef4eeca383b00c00e4a2a9845ca58edf123290a60563bc70fa7ce", "db69691fa03da43646cf603dd7c73982d27be89c1cb9b4d3badd3576e42d1832", "c34c66c001427f13ea2927c30d8a7c2e391079deedc02e697837da643334b968"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "modified-file-in-system-dir", "hashes": ["14a4c1408da2ae0d9762d82a2161a8a567e425c5b3543c3e9fe225d9aeb680db", "0357d948e0ad1377a41b06db264b67433553388074496e8a3b9d7e0d464dcfd8", "c329a63536aba1515a27e9df136521f49a4f28e905e05c351530a77591403c69", "db69691fa03da43646cf603dd7c73982d27be89c1cb9b4d3badd3576e42d1832", "1171fa5d8b2597e9d372c04c0c889f0d99a1074e545ffe2888f1e88a5c999e35"], "mitre_attack_tags": []}, {"bi": "windows-crash-tool-execution-detected", "hashes": ["df8dabcc26df0e40c3e2e2ed7b9477891aeaaa8ee1a1d7f227c83d81b07fe9b2", "c329a63536aba1515a27e9df136521f49a4f28e905e05c351530a77591403c69", "db69691fa03da43646cf603dd7c73982d27be89c1cb9b4d3badd3576e42d1832", "a2da494eb48b27c0866db394d9da53b78210dd4c68a8fcc68925d5124f9ffdc0", "52da358a1b38f8105dd6f19c2601de4fc803cfdcd3b22c473f27701948cb6040"], "mitre_attack_tags": []}, {"bi": "crash-dump-file-created", "hashes": ["df8dabcc26df0e40c3e2e2ed7b9477891aeaaa8ee1a1d7f227c83d81b07fe9b2", "c329a63536aba1515a27e9df136521f49a4f28e905e05c351530a77591403c69", "db69691fa03da43646cf603dd7c73982d27be89c1cb9b4d3badd3576e42d1832", "a2da494eb48b27c0866db394d9da53b78210dd4c68a8fcc68925d5124f9ffdc0", "52da358a1b38f8105dd6f19c2601de4fc803cfdcd3b22c473f27701948cb6040"], "mitre_attack_tags": []}, {"bi": "fault-report-file-created", "hashes": ["df8dabcc26df0e40c3e2e2ed7b9477891aeaaa8ee1a1d7f227c83d81b07fe9b2", "c329a63536aba1515a27e9df136521f49a4f28e905e05c351530a77591403c69", "db69691fa03da43646cf603dd7c73982d27be89c1cb9b4d3badd3576e42d1832", "a2da494eb48b27c0866db394d9da53b78210dd4c68a8fcc68925d5124f9ffdc0", "52da358a1b38f8105dd6f19c2601de4fc803cfdcd3b22c473f27701948cb6040"], "mitre_attack_tags": []}, {"bi": "pe-header-writable", "hashes": ["4beed9c0549d7ada7dc8ad39669dbad611648c9b8957bc3e25298e00994a0b0f", "14a4c1408da2ae0d9762d82a2161a8a567e425c5b3543c3e9fe225d9aeb680db", "0357d948e0ad1377a41b06db264b67433553388074496e8a3b9d7e0d464dcfd8", "0199b8abacc6d10add7b87ba0baf97673e638782ca43b6336ad6da87ce599d1d"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-filename-mismatch", "hashes": ["14a4c1408da2ae0d9762d82a2161a8a567e425c5b3543c3e9fe225d9aeb680db", "0357d948e0ad1377a41b06db264b67433553388074496e8a3b9d7e0d464dcfd8", "c34c66c001427f13ea2927c30d8a7c2e391079deedc02e697837da643334b968"], "mitre_attack_tags": []}, {"bi": "registry-service-with-autostart-created", "hashes": ["14a4c1408da2ae0d9762d82a2161a8a567e425c5b3543c3e9fe225d9aeb680db", "0357d948e0ad1377a41b06db264b67433553388074496e8a3b9d7e0d464dcfd8"], "mitre_attack_tags": ["TA0005", "TA0003", "TA0004", "T1112", "T1574"]}, {"bi": "currentcontrolset-service-added", "hashes": ["14a4c1408da2ae0d9762d82a2161a8a567e425c5b3543c3e9fe225d9aeb680db", "0357d948e0ad1377a41b06db264b67433553388074496e8a3b9d7e0d464dcfd8"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1569", "T1547"]}, {"bi": "process-long-cmdline", "hashes": ["14a4c1408da2ae0d9762d82a2161a8a567e425c5b3543c3e9fe225d9aeb680db", "0357d948e0ad1377a41b06db264b67433553388074496e8a3b9d7e0d464dcfd8"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "imports-IsDebuggerPresent", "hashes": ["14a4c1408da2ae0d9762d82a2161a8a567e425c5b3543c3e9fe225d9aeb680db", "0357d948e0ad1377a41b06db264b67433553388074496e8a3b9d7e0d464dcfd8"], "mitre_attack_tags": ["TA0005", "TA0007"]}, {"bi": "unsigned-roaming-execution", "hashes": ["14a4c1408da2ae0d9762d82a2161a8a567e425c5b3543c3e9fe225d9aeb680db", "0357d948e0ad1377a41b06db264b67433553388074496e8a3b9d7e0d464dcfd8"], "mitre_attack_tags": ["TA0005"]}, {"bi": "pe-certificate", "hashes": ["14a4c1408da2ae0d9762d82a2161a8a567e425c5b3543c3e9fe225d9aeb680db", "0357d948e0ad1377a41b06db264b67433553388074496e8a3b9d7e0d464dcfd8"], "mitre_attack_tags": []}, {"bi": "pe-imports-exe", "hashes": ["14a4c1408da2ae0d9762d82a2161a8a567e425c5b3543c3e9fe225d9aeb680db", "0357d948e0ad1377a41b06db264b67433553388074496e8a3b9d7e0d464dcfd8"], "mitre_attack_tags": []}, {"bi": "pe-resource-lang-korean", "hashes": ["14a4c1408da2ae0d9762d82a2161a8a567e425c5b3543c3e9fe225d9aeb680db", "0357d948e0ad1377a41b06db264b67433553388074496e8a3b9d7e0d464dcfd8"], "mitre_attack_tags": []}, {"bi": "pe-dos-header-initialsp", "hashes": ["df8dabcc26df0e40c3e2e2ed7b9477891aeaaa8ee1a1d7f227c83d81b07fe9b2", "db69691fa03da43646cf603dd7c73982d27be89c1cb9b4d3badd3576e42d1832"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-dos-header-initialip", "hashes": ["df8dabcc26df0e40c3e2e2ed7b9477891aeaaa8ee1a1d7f227c83d81b07fe9b2", "db69691fa03da43646cf603dd7c73982d27be89c1cb9b4d3badd3576e42d1832"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-dos-header-initialcs", "hashes": ["df8dabcc26df0e40c3e2e2ed7b9477891aeaaa8ee1a1d7f227c83d81b07fe9b2", "db69691fa03da43646cf603dd7c73982d27be89c1cb9b4d3badd3576e42d1832"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "artifact-pe-header-overlap", "hashes": ["df8dabcc26df0e40c3e2e2ed7b9477891aeaaa8ee1a1d7f227c83d81b07fe9b2", "db69691fa03da43646cf603dd7c73982d27be89c1cb9b4d3badd3576e42d1832"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-dos-header-checksum", "hashes": ["df8dabcc26df0e40c3e2e2ed7b9477891aeaaa8ee1a1d7f227c83d81b07fe9b2", "db69691fa03da43646cf603dd7c73982d27be89c1cb9b4d3badd3576e42d1832"], "mitre_attack_tags": []}, {"bi": "pe-unalign-hdr", "hashes": ["df8dabcc26df0e40c3e2e2ed7b9477891aeaaa8ee1a1d7f227c83d81b07fe9b2", "db69691fa03da43646cf603dd7c73982d27be89c1cb9b4d3badd3576e42d1832"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "network-fast-flux-nameserver", "hashes": ["d1c56ea372d6245f633d594be70cb61ffdfa5199d140823de63479aaf5872557", "54cec1ab049ef4eeca383b00c00e4a2a9845ca58edf123290a60563bc70fa7ce"], "mitre_attack_tags": []}, {"bi": "dns-query-nxdomain", "hashes": ["d1c56ea372d6245f633d594be70cb61ffdfa5199d140823de63479aaf5872557", "54cec1ab049ef4eeca383b00c00e4a2a9845ca58edf123290a60563bc70fa7ce"], "mitre_attack_tags": []}, {"bi": "feed-domain-antivirus-service", "hashes": ["d1c56ea372d6245f633d594be70cb61ffdfa5199d140823de63479aaf5872557", "54cec1ab049ef4eeca383b00c00e4a2a9845ca58edf123290a60563bc70fa7ce"], "mitre_attack_tags": []}, {"bi": "network-dns-category-dynamic", "hashes": ["d1c56ea372d6245f633d594be70cb61ffdfa5199d140823de63479aaf5872557", "54cec1ab049ef4eeca383b00c00e4a2a9845ca58edf123290a60563bc70fa7ce"], "mitre_attack_tags": []}, {"bi": "pe-resource-lang-spanish", "hashes": ["d1c56ea372d6245f633d594be70cb61ffdfa5199d140823de63479aaf5872557", "1171fa5d8b2597e9d372c04c0c889f0d99a1074e545ffe2888f1e88a5c999e35"], "mitre_attack_tags": []}, {"bi": "artifact-flagged-vm", "hashes": ["c329a63536aba1515a27e9df136521f49a4f28e905e05c351530a77591403c69", "db69691fa03da43646cf603dd7c73982d27be89c1cb9b4d3badd3576e42d1832"], "mitre_attack_tags": ["TA0005", "TA0007", "T1497"]}, {"bi": "registry-activesetup-key-modified", "hashes": ["c329a63536aba1515a27e9df136521f49a4f28e905e05c351530a77591403c69", "db69691fa03da43646cf603dd7c73982d27be89c1cb9b4d3badd3576e42d1832"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "malware-spynet-default-mutex-detected", "hashes": ["c329a63536aba1515a27e9df136521f49a4f28e905e05c351530a77591403c69", "db69691fa03da43646cf603dd7c73982d27be89c1cb9b4d3badd3576e42d1832"], "mitre_attack_tags": []}, {"bi": "pe-invalid-checksum", "hashes": ["d47657ffcd7eb8fef58015ef781d47c732220b9652ff4ad225fbb4ed9563ec19", "52da358a1b38f8105dd6f19c2601de4fc803cfdcd3b22c473f27701948cb6040"], "mitre_attack_tags": []}, {"bi": "process-hollowing-detected", "hashes": ["d47657ffcd7eb8fef58015ef781d47c732220b9652ff4ad225fbb4ed9563ec19", "c34c66c001427f13ea2927c30d8a7c2e391079deedc02e697837da643334b968"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "artifact-pe-no-dos", "hashes": ["54cec1ab049ef4eeca383b00c00e4a2a9845ca58edf123290a60563bc70fa7ce"], "mitre_attack_tags": []}, {"bi": "pe-header-numofsymbols", "hashes": ["db69691fa03da43646cf603dd7c73982d27be89c1cb9b4d3badd3576e42d1832"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-uses-visual-basic", "hashes": ["d47657ffcd7eb8fef58015ef781d47c732220b9652ff4ad225fbb4ed9563ec19"], "mitre_attack_tags": []}, {"bi": "pe-section-name-contains-whitespace", "hashes": ["d47657ffcd7eb8fef58015ef781d47c732220b9652ff4ad225fbb4ed9563ec19"], "mitre_attack_tags": []}, {"bi": "pe-packed-asprotect", "hashes": ["52da358a1b38f8105dd6f19c2601de4fc803cfdcd3b22c473f27701948cb6040"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "registry-autorun-key-system-dir", "hashes": ["1171fa5d8b2597e9d372c04c0c889f0d99a1074e545ffe2888f1e88a5c999e35"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "pe-dos-header-paragraphs", "hashes": ["1171fa5d8b2597e9d372c04c0c889f0d99a1074e545ffe2888f1e88a5c999e35"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "malware-misspell-binary", "hashes": ["1171fa5d8b2597e9d372c04c0c889f0d99a1074e545ffe2888f1e88a5c999e35"], "mitre_attack_tags": ["TA0005", "T1036"]}, {"bi": "pe-dos-header-relocations", "hashes": ["1171fa5d8b2597e9d372c04c0c889f0d99a1074e545ffe2888f1e88a5c999e35"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-dos-header-pages", "hashes": ["1171fa5d8b2597e9d372c04c0c889f0d99a1074e545ffe2888f1e88a5c999e35"], "mitre_attack_tags": ["TA0005", "T1027"]}], "category": "Dropper", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": false, "Threat Grid": true, "Umbrella": false, "WSA": false}, "description": "Bifrost is a backdoor with more than 10 variants. Bifrost uses the typical server, server builder and client backdoor program configuration to allow a remote attacker who uses the client to execute arbitrary code on the compromised machine. Bifrost contains standard RAT features such as a file manager, screen capture utility, keylogging, video recording, microphone and camera monitoring, and a process manager. To mark its presence in the system, Bifrost uses a mutex that may be named \"Bif1234\" or \"Tr0gBot.\"", "hashes": ["0199b8abacc6d10add7b87ba0baf97673e638782ca43b6336ad6da87ce599d1d", "0357d948e0ad1377a41b06db264b67433553388074496e8a3b9d7e0d464dcfd8", "0a98d4c81b1abdad17061c0ddec9d6239b4b7141523fe0ed45f9621d01b98583", "1171fa5d8b2597e9d372c04c0c889f0d99a1074e545ffe2888f1e88a5c999e35", "14a4c1408da2ae0d9762d82a2161a8a567e425c5b3543c3e9fe225d9aeb680db", "28cbab6d8ef92706eab11d26cd9ef93fa511b3433790065f88f70f8cbeb86d89", "3b1c14bda01283311dd7f62882fd74e65735202f635323be30a5f98c0e2d009f", "4beed9c0549d7ada7dc8ad39669dbad611648c9b8957bc3e25298e00994a0b0f", "52da358a1b38f8105dd6f19c2601de4fc803cfdcd3b22c473f27701948cb6040", "54cec1ab049ef4eeca383b00c00e4a2a9845ca58edf123290a60563bc70fa7ce", "6d8e6e013c7f00884bfb72c06f5d7056b52aa83679a167f4ebf3393c28cfe3bd", "a2da494eb48b27c0866db394d9da53b78210dd4c68a8fcc68925d5124f9ffdc0", "aa6482bcaad1facc238ada6b4c550c58acb522cae7502648db8ced6033bde2fa", "c329a63536aba1515a27e9df136521f49a4f28e905e05c351530a77591403c69", "c34c66c001427f13ea2927c30d8a7c2e391079deedc02e697837da643334b968", "cbc8e3d5589a02eef1f1ec1d96870903bc3ce6a445abc6271b7b777f1319d34c", "d1c56ea372d6245f633d594be70cb61ffdfa5199d140823de63479aaf5872557", "d47657ffcd7eb8fef58015ef781d47c732220b9652ff4ad225fbb4ed9563ec19", "db69691fa03da43646cf603dd7c73982d27be89c1cb9b4d3badd3576e42d1832", "de11ca3b3f81a5b7a9d6d3b6bdb0f23000cd82c4ead1e9c199147776b24fcd9e", "df8dabcc26df0e40c3e2e2ed7b9477891aeaaa8ee1a1d7f227c83d81b07fe9b2"], "iocs": {"domain": [{"hashes": ["54cec1ab049ef4eeca383b00c00e4a2a9845ca58edf123290a60563bc70fa7ce", "d1c56ea372d6245f633d594be70cb61ffdfa5199d140823de63479aaf5872557"], "host": "clmat73[.]duckdns[.]org"}], "file": [{"hashes": ["0a98d4c81b1abdad17061c0ddec9d6239b4b7141523fe0ed45f9621d01b98583", "28cbab6d8ef92706eab11d26cd9ef93fa511b3433790065f88f70f8cbeb86d89", "6d8e6e013c7f00884bfb72c06f5d7056b52aa83679a167f4ebf3393c28cfe3bd", "aa6482bcaad1facc238ada6b4c550c58acb522cae7502648db8ced6033bde2fa", "cbc8e3d5589a02eef1f1ec1d96870903bc3ce6a445abc6271b7b777f1319d34c", "de11ca3b3f81a5b7a9d6d3b6bdb0f23000cd82c4ead1e9c199147776b24fcd9e"], "path": "%TEMP%\\IXP000.TMP\\Stub.exe"}, {"hashes": ["0a98d4c81b1abdad17061c0ddec9d6239b4b7141523fe0ed45f9621d01b98583", "28cbab6d8ef92706eab11d26cd9ef93fa511b3433790065f88f70f8cbeb86d89", "6d8e6e013c7f00884bfb72c06f5d7056b52aa83679a167f4ebf3393c28cfe3bd", "aa6482bcaad1facc238ada6b4c550c58acb522cae7502648db8ced6033bde2fa", "cbc8e3d5589a02eef1f1ec1d96870903bc3ce6a445abc6271b7b777f1319d34c", "de11ca3b3f81a5b7a9d6d3b6bdb0f23000cd82c4ead1e9c199147776b24fcd9e"], "path": "%TEMP%\\IXP000.TMP\\haZl0oh.exe"}, {"hashes": ["0199b8abacc6d10add7b87ba0baf97673e638782ca43b6336ad6da87ce599d1d", "4beed9c0549d7ada7dc8ad39669dbad611648c9b8957bc3e25298e00994a0b0f", "d47657ffcd7eb8fef58015ef781d47c732220b9652ff4ad225fbb4ed9563ec19"], "path": "%TEMP%\\IXP000.TMP\\SERVER.EXE"}, {"hashes": ["c329a63536aba1515a27e9df136521f49a4f28e905e05c351530a77591403c69", "db69691fa03da43646cf603dd7c73982d27be89c1cb9b4d3badd3576e42d1832"], "path": "%SystemRoot%\\SysWOW64\\logs.dat"}, {"hashes": ["c329a63536aba1515a27e9df136521f49a4f28e905e05c351530a77591403c69", "db69691fa03da43646cf603dd7c73982d27be89c1cb9b4d3badd3576e42d1832"], "path": "%SystemRoot%\\SysWOW64\\Coffin Of Evil.exe"}, {"hashes": ["0357d948e0ad1377a41b06db264b67433553388074496e8a3b9d7e0d464dcfd8", "14a4c1408da2ae0d9762d82a2161a8a567e425c5b3543c3e9fe225d9aeb680db"], "path": "%System32%\\CatRoot\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\oem3.CAT"}, {"hashes": ["0357d948e0ad1377a41b06db264b67433553388074496e8a3b9d7e0d464dcfd8", "14a4c1408da2ae0d9762d82a2161a8a567e425c5b3543c3e9fe225d9aeb680db"], "path": "%SystemRoot%\\INF\\oem3.inf"}, {"hashes": ["0357d948e0ad1377a41b06db264b67433553388074496e8a3b9d7e0d464dcfd8", "14a4c1408da2ae0d9762d82a2161a8a567e425c5b3543c3e9fe225d9aeb680db"], "path": "%System32%\\DriverStore\\INFCACHE.0"}, {"hashes": ["0357d948e0ad1377a41b06db264b67433553388074496e8a3b9d7e0d464dcfd8", "14a4c1408da2ae0d9762d82a2161a8a567e425c5b3543c3e9fe225d9aeb680db"], "path": "%SystemRoot%\\INF\\oem3.PNF"}, {"hashes": ["0357d948e0ad1377a41b06db264b67433553388074496e8a3b9d7e0d464dcfd8", "14a4c1408da2ae0d9762d82a2161a8a567e425c5b3543c3e9fe225d9aeb680db"], "path": "%APPDATA%\\Mastersoft\\Mirage Driver\\ZOOKDriverSetup.exe"}, {"hashes": ["0357d948e0ad1377a41b06db264b67433553388074496e8a3b9d7e0d464dcfd8", "14a4c1408da2ae0d9762d82a2161a8a567e425c5b3543c3e9fe225d9aeb680db"], "path": "%APPDATA%\\Mastersoft\\Mirage Driver\\dfmirage.cat"}, {"hashes": ["0357d948e0ad1377a41b06db264b67433553388074496e8a3b9d7e0d464dcfd8", "14a4c1408da2ae0d9762d82a2161a8a567e425c5b3543c3e9fe225d9aeb680db"], "path": "%APPDATA%\\Mastersoft\\Mirage Driver\\dfmirage.inf"}, {"hashes": ["0357d948e0ad1377a41b06db264b67433553388074496e8a3b9d7e0d464dcfd8", "14a4c1408da2ae0d9762d82a2161a8a567e425c5b3543c3e9fe225d9aeb680db"], "path": "%APPDATA%\\Mastersoft\\Mirage Driver\\x64\\dfmirage.dll"}, {"hashes": ["0357d948e0ad1377a41b06db264b67433553388074496e8a3b9d7e0d464dcfd8", "14a4c1408da2ae0d9762d82a2161a8a567e425c5b3543c3e9fe225d9aeb680db"], "path": "%APPDATA%\\Mastersoft\\Mirage Driver\\x64\\dfmirage.sys"}, {"hashes": ["0357d948e0ad1377a41b06db264b67433553388074496e8a3b9d7e0d464dcfd8", "14a4c1408da2ae0d9762d82a2161a8a567e425c5b3543c3e9fe225d9aeb680db"], "path": "%APPDATA%\\Mastersoft\\Mirage Driver\\x86"}, {"hashes": ["0357d948e0ad1377a41b06db264b67433553388074496e8a3b9d7e0d464dcfd8", "14a4c1408da2ae0d9762d82a2161a8a567e425c5b3543c3e9fe225d9aeb680db"], "path": "%System32%\\DriverStore\\FileRepository\\dfmirage.inf_%PROCESSOR_ARCHITECTURE%_neutral_83b5f055f9286973"}, {"hashes": ["c329a63536aba1515a27e9df136521f49a4f28e905e05c351530a77591403c69", "db69691fa03da43646cf603dd7c73982d27be89c1cb9b4d3badd3576e42d1832"], "path": "%TEMP%\\IXP000.TMP\\\u00e4\u00e6\u00c7\u00dd.EXE"}, {"hashes": ["0357d948e0ad1377a41b06db264b67433553388074496e8a3b9d7e0d464dcfd8", "14a4c1408da2ae0d9762d82a2161a8a567e425c5b3543c3e9fe225d9aeb680db"], "path": "%System32%\\DriverStore\\FileRepository\\dfmirage.inf_%PROCESSOR_ARCHITECTURE%_neutral_83b5f055f9286973\\dfmirage.PNF"}, {"hashes": ["0357d948e0ad1377a41b06db264b67433553388074496e8a3b9d7e0d464dcfd8", "14a4c1408da2ae0d9762d82a2161a8a567e425c5b3543c3e9fe225d9aeb680db"], "path": "%System32%\\DriverStore\\FileRepository\\dfmirage.inf_%PROCESSOR_ARCHITECTURE%_neutral_83b5f055f9286973\\x64"}, {"hashes": ["0357d948e0ad1377a41b06db264b67433553388074496e8a3b9d7e0d464dcfd8", "14a4c1408da2ae0d9762d82a2161a8a567e425c5b3543c3e9fe225d9aeb680db"], "path": "%TEMP%\\IXP000.TMP\\ZOOKDriverSetup.exe"}, {"hashes": ["0357d948e0ad1377a41b06db264b67433553388074496e8a3b9d7e0d464dcfd8", "14a4c1408da2ae0d9762d82a2161a8a567e425c5b3543c3e9fe225d9aeb680db"], "path": "%TEMP%\\IXP000.TMP\\ZOOKDriverSetup64.exe"}, {"hashes": ["0357d948e0ad1377a41b06db264b67433553388074496e8a3b9d7e0d464dcfd8", "14a4c1408da2ae0d9762d82a2161a8a567e425c5b3543c3e9fe225d9aeb680db"], "path": "%TEMP%\\IXP000.TMP\\dfmirage.cat"}, {"hashes": ["0357d948e0ad1377a41b06db264b67433553388074496e8a3b9d7e0d464dcfd8", "14a4c1408da2ae0d9762d82a2161a8a567e425c5b3543c3e9fe225d9aeb680db"], "path": "%TEMP%\\IXP000.TMP\\dfmirage.dll"}, {"hashes": ["0357d948e0ad1377a41b06db264b67433553388074496e8a3b9d7e0d464dcfd8", "14a4c1408da2ae0d9762d82a2161a8a567e425c5b3543c3e9fe225d9aeb680db"], "path": "%TEMP%\\IXP000.TMP\\dfmirage.inf"}, {"hashes": ["0357d948e0ad1377a41b06db264b67433553388074496e8a3b9d7e0d464dcfd8", "14a4c1408da2ae0d9762d82a2161a8a567e425c5b3543c3e9fe225d9aeb680db"], "path": "%TEMP%\\IXP000.TMP\\dfmirage.sys"}, {"hashes": ["0357d948e0ad1377a41b06db264b67433553388074496e8a3b9d7e0d464dcfd8", "14a4c1408da2ae0d9762d82a2161a8a567e425c5b3543c3e9fe225d9aeb680db"], "path": "%TEMP%\\IXP000.TMP\\dfmirage64.cat"}, {"hashes": ["0357d948e0ad1377a41b06db264b67433553388074496e8a3b9d7e0d464dcfd8", "14a4c1408da2ae0d9762d82a2161a8a567e425c5b3543c3e9fe225d9aeb680db"], "path": "%TEMP%\\IXP000.TMP\\dfmirage64.dll"}, {"hashes": ["0357d948e0ad1377a41b06db264b67433553388074496e8a3b9d7e0d464dcfd8", "14a4c1408da2ae0d9762d82a2161a8a567e425c5b3543c3e9fe225d9aeb680db"], "path": "%TEMP%\\IXP000.TMP\\dfmirage64.inf"}, {"hashes": ["0357d948e0ad1377a41b06db264b67433553388074496e8a3b9d7e0d464dcfd8", "14a4c1408da2ae0d9762d82a2161a8a567e425c5b3543c3e9fe225d9aeb680db"], "path": "%TEMP%\\IXP000.TMP\\dfmirage64.sys"}, {"hashes": ["0357d948e0ad1377a41b06db264b67433553388074496e8a3b9d7e0d464dcfd8", "14a4c1408da2ae0d9762d82a2161a8a567e425c5b3543c3e9fe225d9aeb680db"], "path": "%TEMP%\\IXP000.TMP\\dfmirage7.cat"}, {"hashes": ["0357d948e0ad1377a41b06db264b67433553388074496e8a3b9d7e0d464dcfd8", "14a4c1408da2ae0d9762d82a2161a8a567e425c5b3543c3e9fe225d9aeb680db"], "path": "%TEMP%\\IXP000.TMP\\dfmirage7.dll"}, {"hashes": ["0357d948e0ad1377a41b06db264b67433553388074496e8a3b9d7e0d464dcfd8", "14a4c1408da2ae0d9762d82a2161a8a567e425c5b3543c3e9fe225d9aeb680db"], "path": "%TEMP%\\IXP000.TMP\\dfmirage7.inf"}, {"hashes": ["0357d948e0ad1377a41b06db264b67433553388074496e8a3b9d7e0d464dcfd8", "14a4c1408da2ae0d9762d82a2161a8a567e425c5b3543c3e9fe225d9aeb680db"], "path": "%TEMP%\\IXP000.TMP\\dfmirage7.sys"}, {"hashes": ["0357d948e0ad1377a41b06db264b67433553388074496e8a3b9d7e0d464dcfd8"], "path": "%TEMP%\\{6e20cf75-8771-08e4-ac9c-cf06f9c68b15}\\x64\\SET1C99.tmp"}, {"hashes": ["54cec1ab049ef4eeca383b00c00e4a2a9845ca58edf123290a60563bc70fa7ce"], "path": "%TEMP%\\IXP000.TMP\\sock4.exe"}, {"hashes": ["14a4c1408da2ae0d9762d82a2161a8a567e425c5b3543c3e9fe225d9aeb680db"], "path": "%System32%\\DriverStore\\Temp\\{150fc9c3-ee36-0f44-7212-c11610ae4318}\\SETEDBD.tmp"}, {"hashes": ["0357d948e0ad1377a41b06db264b67433553388074496e8a3b9d7e0d464dcfd8"], "path": "%System32%\\DriverStore\\Temp\\{4349f353-bd69-76d3-5a48-3b1a14900f42}\\SET213B.tmp"}, {"hashes": ["14a4c1408da2ae0d9762d82a2161a8a567e425c5b3543c3e9fe225d9aeb680db"], "path": "%System32%\\DriverStore\\Temp\\{150fc9c3-ee36-0f44-7212-c11610ae4318}\\SETEE3B.tmp"}, {"hashes": ["0357d948e0ad1377a41b06db264b67433553388074496e8a3b9d7e0d464dcfd8"], "path": "%System32%\\DriverStore\\Temp\\{4349f353-bd69-76d3-5a48-3b1a14900f42}\\SET218A.tmp"}, {"hashes": ["14a4c1408da2ae0d9762d82a2161a8a567e425c5b3543c3e9fe225d9aeb680db"], "path": "%System32%\\DriverStore\\Temp\\{150fc9c3-ee36-0f44-7212-c11610ae4318}\\x64\\SETEC45.tmp"}, {"hashes": ["0357d948e0ad1377a41b06db264b67433553388074496e8a3b9d7e0d464dcfd8"], "path": "%System32%\\DriverStore\\Temp\\{4349f353-bd69-76d3-5a48-3b1a14900f42}\\x64\\SET204F.tmp"}, {"hashes": ["14a4c1408da2ae0d9762d82a2161a8a567e425c5b3543c3e9fe225d9aeb680db"], "path": "%System32%\\DriverStore\\Temp\\{150fc9c3-ee36-0f44-7212-c11610ae4318}\\x64\\SETED01.tmp"}, {"hashes": ["0357d948e0ad1377a41b06db264b67433553388074496e8a3b9d7e0d464dcfd8"], "path": "%System32%\\DriverStore\\Temp\\{4349f353-bd69-76d3-5a48-3b1a14900f42}\\x64\\SET20CD.tmp"}, {"hashes": ["0357d948e0ad1377a41b06db264b67433553388074496e8a3b9d7e0d464dcfd8"], "path": "%System32%\\DRIVERS\\SET346B.tmp"}, {"hashes": ["14a4c1408da2ae0d9762d82a2161a8a567e425c5b3543c3e9fe225d9aeb680db"], "path": "%System32%\\DRIVERS\\SETC04.tmp"}, {"hashes": ["0357d948e0ad1377a41b06db264b67433553388074496e8a3b9d7e0d464dcfd8"], "path": "%System32%\\SET3A46.tmp"}, {"hashes": ["14a4c1408da2ae0d9762d82a2161a8a567e425c5b3543c3e9fe225d9aeb680db"], "path": "%System32%\\SET1613.tmp"}, {"hashes": ["d1c56ea372d6245f633d594be70cb61ffdfa5199d140823de63479aaf5872557"], "path": "\\tempo\\stat2.dll"}, {"hashes": ["d1c56ea372d6245f633d594be70cb61ffdfa5199d140823de63479aaf5872557"], "path": "\\tempo\\winas1.exe"}, {"hashes": ["d1c56ea372d6245f633d594be70cb61ffdfa5199d140823de63479aaf5872557"], "path": "%TEMP%\\IXP000.TMP\\stub19n.exe"}], "ip": [], "mutex": [{"hashes": ["0a98d4c81b1abdad17061c0ddec9d6239b4b7141523fe0ed45f9621d01b98583", "28cbab6d8ef92706eab11d26cd9ef93fa511b3433790065f88f70f8cbeb86d89", "3b1c14bda01283311dd7f62882fd74e65735202f635323be30a5f98c0e2d009f", "6d8e6e013c7f00884bfb72c06f5d7056b52aa83679a167f4ebf3393c28cfe3bd", "aa6482bcaad1facc238ada6b4c550c58acb522cae7502648db8ced6033bde2fa", "c34c66c001427f13ea2927c30d8a7c2e391079deedc02e697837da643334b968", "cbc8e3d5589a02eef1f1ec1d96870903bc3ce6a445abc6271b7b777f1319d34c", "de11ca3b3f81a5b7a9d6d3b6bdb0f23000cd82c4ead1e9c199147776b24fcd9e"], "name": "Bif1234"}, {"hashes": ["52da358a1b38f8105dd6f19c2601de4fc803cfdcd3b22c473f27701948cb6040", "a2da494eb48b27c0866db394d9da53b78210dd4c68a8fcc68925d5124f9ffdc0", "c329a63536aba1515a27e9df136521f49a4f28e905e05c351530a77591403c69", "db69691fa03da43646cf603dd7c73982d27be89c1cb9b4d3badd3576e42d1832", "df8dabcc26df0e40c3e2e2ed7b9477891aeaaa8ee1a1d7f227c83d81b07fe9b2"], "name": "Global\\<random guid>"}, {"hashes": ["0357d948e0ad1377a41b06db264b67433553388074496e8a3b9d7e0d464dcfd8", "14a4c1408da2ae0d9762d82a2161a8a567e425c5b3543c3e9fe225d9aeb680db"], "name": "DrvInst.exe_mutex_{5B10AC83-4F13-4fde-8C0B-B85681BA8D73}"}, {"hashes": ["c329a63536aba1515a27e9df136521f49a4f28e905e05c351530a77591403c69", "db69691fa03da43646cf603dd7c73982d27be89c1cb9b4d3badd3576e42d1832"], "name": "Spy-Net"}, {"hashes": ["c329a63536aba1515a27e9df136521f49a4f28e905e05c351530a77591403c69", "db69691fa03da43646cf603dd7c73982d27be89c1cb9b4d3badd3576e42d1832"], "name": "Spy-Net_Persist"}, {"hashes": ["c329a63536aba1515a27e9df136521f49a4f28e905e05c351530a77591403c69", "db69691fa03da43646cf603dd7c73982d27be89c1cb9b4d3badd3576e42d1832"], "name": "Spy-Net_Sair"}, {"hashes": ["0357d948e0ad1377a41b06db264b67433553388074496e8a3b9d7e0d464dcfd8", "14a4c1408da2ae0d9762d82a2161a8a567e425c5b3543c3e9fe225d9aeb680db"], "name": "SetuplogMutex"}, {"hashes": ["d47657ffcd7eb8fef58015ef781d47c732220b9652ff4ad225fbb4ed9563ec19"], "name": "Bif123"}], "registry": [{"hashes": ["0199b8abacc6d10add7b87ba0baf97673e638782ca43b6336ad6da87ce599d1d", "0357d948e0ad1377a41b06db264b67433553388074496e8a3b9d7e0d464dcfd8", "0a98d4c81b1abdad17061c0ddec9d6239b4b7141523fe0ed45f9621d01b98583", "1171fa5d8b2597e9d372c04c0c889f0d99a1074e545ffe2888f1e88a5c999e35", "14a4c1408da2ae0d9762d82a2161a8a567e425c5b3543c3e9fe225d9aeb680db", "28cbab6d8ef92706eab11d26cd9ef93fa511b3433790065f88f70f8cbeb86d89", "3b1c14bda01283311dd7f62882fd74e65735202f635323be30a5f98c0e2d009f", "4beed9c0549d7ada7dc8ad39669dbad611648c9b8957bc3e25298e00994a0b0f", "52da358a1b38f8105dd6f19c2601de4fc803cfdcd3b22c473f27701948cb6040", "54cec1ab049ef4eeca383b00c00e4a2a9845ca58edf123290a60563bc70fa7ce", "6d8e6e013c7f00884bfb72c06f5d7056b52aa83679a167f4ebf3393c28cfe3bd", "aa6482bcaad1facc238ada6b4c550c58acb522cae7502648db8ced6033bde2fa", "c329a63536aba1515a27e9df136521f49a4f28e905e05c351530a77591403c69", "c34c66c001427f13ea2927c30d8a7c2e391079deedc02e697837da643334b968", "d1c56ea372d6245f633d594be70cb61ffdfa5199d140823de63479aaf5872557", "d47657ffcd7eb8fef58015ef781d47c732220b9652ff4ad225fbb4ed9563ec19", "db69691fa03da43646cf603dd7c73982d27be89c1cb9b4d3badd3576e42d1832", "de11ca3b3f81a5b7a9d6d3b6bdb0f23000cd82c4ead1e9c199147776b24fcd9e"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUNONCE", "value_name": "wextract_cleanup0"}, {"hashes": ["c329a63536aba1515a27e9df136521f49a4f28e905e05c351530a77591403c69", "db69691fa03da43646cf603dd7c73982d27be89c1cb9b4d3badd3576e42d1832"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\ACTIVE SETUP\\INSTALLED COMPONENTS\\{3G4L2686-J4L1-X5MV-12RE-JFH5V38F5030}", "value_name": "StubPath"}, {"hashes": ["c329a63536aba1515a27e9df136521f49a4f28e905e05c351530a77591403c69", "db69691fa03da43646cf603dd7c73982d27be89c1cb9b4d3badd3576e42d1832"], "key": "<HKCU>\\SOFTWARE\\COFFIN OF EVIL", "value_name": "FileName"}, {"hashes": ["0357d948e0ad1377a41b06db264b67433553388074496e8a3b9d7e0d464dcfd8", "14a4c1408da2ae0d9762d82a2161a8a567e425c5b3543c3e9fe225d9aeb680db"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\DFMIRAGE", "value_name": "Type"}, {"hashes": ["0357d948e0ad1377a41b06db264b67433553388074496e8a3b9d7e0d464dcfd8", "14a4c1408da2ae0d9762d82a2161a8a567e425c5b3543c3e9fe225d9aeb680db"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\DFMIRAGE", "value_name": "ErrorControl"}, {"hashes": ["0357d948e0ad1377a41b06db264b67433553388074496e8a3b9d7e0d464dcfd8", "14a4c1408da2ae0d9762d82a2161a8a567e425c5b3543c3e9fe225d9aeb680db"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\DFMIRAGE", "value_name": "Tag"}, {"hashes": ["0357d948e0ad1377a41b06db264b67433553388074496e8a3b9d7e0d464dcfd8", "14a4c1408da2ae0d9762d82a2161a8a567e425c5b3543c3e9fe225d9aeb680db"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\DFMIRAGE", "value_name": "ImagePath"}, {"hashes": ["0357d948e0ad1377a41b06db264b67433553388074496e8a3b9d7e0d464dcfd8", "14a4c1408da2ae0d9762d82a2161a8a567e425c5b3543c3e9fe225d9aeb680db"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\DFMIRAGE", "value_name": "Group"}, {"hashes": ["0357d948e0ad1377a41b06db264b67433553388074496e8a3b9d7e0d464dcfd8", "14a4c1408da2ae0d9762d82a2161a8a567e425c5b3543c3e9fe225d9aeb680db"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\DFMIRAGE", "value_name": "Start"}, {"hashes": ["0357d948e0ad1377a41b06db264b67433553388074496e8a3b9d7e0d464dcfd8", "14a4c1408da2ae0d9762d82a2161a8a567e425c5b3543c3e9fe225d9aeb680db"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\EVENTLOG\\SYSTEM\\DFMIRAGE", "value_name": null}, {"hashes": ["0357d948e0ad1377a41b06db264b67433553388074496e8a3b9d7e0d464dcfd8", "14a4c1408da2ae0d9762d82a2161a8a567e425c5b3543c3e9fe225d9aeb680db"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\DFMIRAGE\\DEVICE0", "value_name": null}, {"hashes": ["0357d948e0ad1377a41b06db264b67433553388074496e8a3b9d7e0d464dcfd8", "14a4c1408da2ae0d9762d82a2161a8a567e425c5b3543c3e9fe225d9aeb680db"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\CONTROL\\VIDEO\\{D3A43A86-910D-44AA-BF0C-18BDDCB118B6}", "value_name": null}, {"hashes": ["0357d948e0ad1377a41b06db264b67433553388074496e8a3b9d7e0d464dcfd8", "14a4c1408da2ae0d9762d82a2161a8a567e425c5b3543c3e9fe225d9aeb680db"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\CONTROL\\VIDEO\\{D3A43A86-910D-44AA-BF0C-18BDDCB118B6}\\VIDEO", "value_name": null}, {"hashes": ["0357d948e0ad1377a41b06db264b67433553388074496e8a3b9d7e0d464dcfd8", "14a4c1408da2ae0d9762d82a2161a8a567e425c5b3543c3e9fe225d9aeb680db"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\DFMIRAGE\\VIDEO", "value_name": null}, {"hashes": ["0357d948e0ad1377a41b06db264b67433553388074496e8a3b9d7e0d464dcfd8", "14a4c1408da2ae0d9762d82a2161a8a567e425c5b3543c3e9fe225d9aeb680db"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\CONTROL\\VIDEO\\{D3A43A86-910D-44AA-BF0C-18BDDCB118B6}\\0000", "value_name": null}, {"hashes": ["0357d948e0ad1377a41b06db264b67433553388074496e8a3b9d7e0d464dcfd8", "14a4c1408da2ae0d9762d82a2161a8a567e425c5b3543c3e9fe225d9aeb680db"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\CONTROL\\CLASS\\{4D36E968-E325-11CE-BFC1-08002BE10318}\\0003\\SETTINGS", "value_name": null}, {"hashes": ["0357d948e0ad1377a41b06db264b67433553388074496e8a3b9d7e0d464dcfd8", "14a4c1408da2ae0d9762d82a2161a8a567e425c5b3543c3e9fe225d9aeb680db"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\INVIDEOINSTALL", "value_name": null}, {"hashes": ["0357d948e0ad1377a41b06db264b67433553388074496e8a3b9d7e0d464dcfd8", "14a4c1408da2ae0d9762d82a2161a8a567e425c5b3543c3e9fe225d9aeb680db"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\SETUP\\PNPLOCKDOWNFILES", "value_name": "%SystemPath%\\system32\\DRIVERS\\dfmirage.sys"}, {"hashes": ["0357d948e0ad1377a41b06db264b67433553388074496e8a3b9d7e0d464dcfd8", "14a4c1408da2ae0d9762d82a2161a8a567e425c5b3543c3e9fe225d9aeb680db"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\SETUP\\PNPLOCKDOWNFILES", "value_name": "%SystemPath%\\system32\\dfmirage.dll"}, {"hashes": ["0357d948e0ad1377a41b06db264b67433553388074496e8a3b9d7e0d464dcfd8", "14a4c1408da2ae0d9762d82a2161a8a567e425c5b3543c3e9fe225d9aeb680db"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\CONTROL\\GROUPORDERLIST", "value_name": "Video"}, {"hashes": ["0357d948e0ad1377a41b06db264b67433553388074496e8a3b9d7e0d464dcfd8", "14a4c1408da2ae0d9762d82a2161a8a567e425c5b3543c3e9fe225d9aeb680db"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\EVENTLOG\\SYSTEM\\DFMIRAGE", "value_name": "EventMessageFile"}, {"hashes": ["0357d948e0ad1377a41b06db264b67433553388074496e8a3b9d7e0d464dcfd8", "14a4c1408da2ae0d9762d82a2161a8a567e425c5b3543c3e9fe225d9aeb680db"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\EVENTLOG\\SYSTEM\\DFMIRAGE", "value_name": "TypesSupported"}, {"hashes": ["0357d948e0ad1377a41b06db264b67433553388074496e8a3b9d7e0d464dcfd8", "14a4c1408da2ae0d9762d82a2161a8a567e425c5b3543c3e9fe225d9aeb680db"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\DFMIRAGE\\DEVICE0", "value_name": "HighResBootCompatible"}, {"hashes": ["0357d948e0ad1377a41b06db264b67433553388074496e8a3b9d7e0d464dcfd8", "14a4c1408da2ae0d9762d82a2161a8a567e425c5b3543c3e9fe225d9aeb680db"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\DFMIRAGE\\DEVICE0", "value_name": "CapabilityOverride"}, {"hashes": ["0357d948e0ad1377a41b06db264b67433553388074496e8a3b9d7e0d464dcfd8", "14a4c1408da2ae0d9762d82a2161a8a567e425c5b3543c3e9fe225d9aeb680db"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\DFMIRAGE\\DEVICE0", "value_name": "InstalledDisplayDrivers"}, {"hashes": ["0357d948e0ad1377a41b06db264b67433553388074496e8a3b9d7e0d464dcfd8", "14a4c1408da2ae0d9762d82a2161a8a567e425c5b3543c3e9fe225d9aeb680db"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\DFMIRAGE\\DEVICE0", "value_name": "Attach.ToDesktop"}, {"hashes": ["0357d948e0ad1377a41b06db264b67433553388074496e8a3b9d7e0d464dcfd8", "14a4c1408da2ae0d9762d82a2161a8a567e425c5b3543c3e9fe225d9aeb680db"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\DFMIRAGE\\DEVICE0", "value_name": "VgaCompatible"}, {"hashes": ["0357d948e0ad1377a41b06db264b67433553388074496e8a3b9d7e0d464dcfd8", "14a4c1408da2ae0d9762d82a2161a8a567e425c5b3543c3e9fe225d9aeb680db"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\DFMIRAGE\\DEVICE0", "value_name": "MirrorDriver"}, {"hashes": ["0357d948e0ad1377a41b06db264b67433553388074496e8a3b9d7e0d464dcfd8", "14a4c1408da2ae0d9762d82a2161a8a567e425c5b3543c3e9fe225d9aeb680db"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\DFMIRAGE\\DEVICE0", "value_name": "Device Description"}, {"hashes": ["0357d948e0ad1377a41b06db264b67433553388074496e8a3b9d7e0d464dcfd8", "14a4c1408da2ae0d9762d82a2161a8a567e425c5b3543c3e9fe225d9aeb680db"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\CONTROL\\VIDEO\\{D3A43A86-910D-44AA-BF0C-18BDDCB118B6}\\VIDEO", "value_name": "Service"}, {"hashes": ["0357d948e0ad1377a41b06db264b67433553388074496e8a3b9d7e0d464dcfd8", "14a4c1408da2ae0d9762d82a2161a8a567e425c5b3543c3e9fe225d9aeb680db"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\DFMIRAGE\\VIDEO", "value_name": "Service"}, {"hashes": ["0357d948e0ad1377a41b06db264b67433553388074496e8a3b9d7e0d464dcfd8", "14a4c1408da2ae0d9762d82a2161a8a567e425c5b3543c3e9fe225d9aeb680db"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\ENUM\\ROOT\\DISPLAY\\0000\\DEVICE PARAMETERS", "value_name": "VideoID"}, {"hashes": ["0357d948e0ad1377a41b06db264b67433553388074496e8a3b9d7e0d464dcfd8", "14a4c1408da2ae0d9762d82a2161a8a567e425c5b3543c3e9fe225d9aeb680db"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\CONTROL\\VIDEO\\{D3A43A86-910D-44AA-BF0C-18BDDCB118B6}\\0000", "value_name": "HighResBootCompatible"}, {"hashes": ["0357d948e0ad1377a41b06db264b67433553388074496e8a3b9d7e0d464dcfd8", "14a4c1408da2ae0d9762d82a2161a8a567e425c5b3543c3e9fe225d9aeb680db"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\CONTROL\\VIDEO\\{D3A43A86-910D-44AA-BF0C-18BDDCB118B6}\\0000", "value_name": "CapabilityOverride"}, {"hashes": ["0357d948e0ad1377a41b06db264b67433553388074496e8a3b9d7e0d464dcfd8", "14a4c1408da2ae0d9762d82a2161a8a567e425c5b3543c3e9fe225d9aeb680db"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\CONTROL\\VIDEO\\{D3A43A86-910D-44AA-BF0C-18BDDCB118B6}\\0000", "value_name": "InstalledDisplayDrivers"}, {"hashes": ["0357d948e0ad1377a41b06db264b67433553388074496e8a3b9d7e0d464dcfd8", "14a4c1408da2ae0d9762d82a2161a8a567e425c5b3543c3e9fe225d9aeb680db"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\CONTROL\\VIDEO\\{D3A43A86-910D-44AA-BF0C-18BDDCB118B6}\\0000", "value_name": "Attach.ToDesktop"}, {"hashes": ["0357d948e0ad1377a41b06db264b67433553388074496e8a3b9d7e0d464dcfd8", "14a4c1408da2ae0d9762d82a2161a8a567e425c5b3543c3e9fe225d9aeb680db"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\CONTROL\\VIDEO\\{D3A43A86-910D-44AA-BF0C-18BDDCB118B6}\\0000", "value_name": "VgaCompatible"}, {"hashes": ["0357d948e0ad1377a41b06db264b67433553388074496e8a3b9d7e0d464dcfd8", "14a4c1408da2ae0d9762d82a2161a8a567e425c5b3543c3e9fe225d9aeb680db"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\CONTROL\\VIDEO\\{D3A43A86-910D-44AA-BF0C-18BDDCB118B6}\\0000", "value_name": "MirrorDriver"}, {"hashes": ["0357d948e0ad1377a41b06db264b67433553388074496e8a3b9d7e0d464dcfd8", "14a4c1408da2ae0d9762d82a2161a8a567e425c5b3543c3e9fe225d9aeb680db"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\CONTROL\\VIDEO\\{D3A43A86-910D-44AA-BF0C-18BDDCB118B6}\\0000", "value_name": "Device Description"}, {"hashes": ["0357d948e0ad1377a41b06db264b67433553388074496e8a3b9d7e0d464dcfd8", "14a4c1408da2ae0d9762d82a2161a8a567e425c5b3543c3e9fe225d9aeb680db"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\CONTROL\\CLASS\\{4D36E968-E325-11CE-BFC1-08002BE10318}\\0003\\SETTINGS", "value_name": "HighResBootCompatible"}, {"hashes": ["0357d948e0ad1377a41b06db264b67433553388074496e8a3b9d7e0d464dcfd8", "14a4c1408da2ae0d9762d82a2161a8a567e425c5b3543c3e9fe225d9aeb680db"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\CONTROL\\CLASS\\{4D36E968-E325-11CE-BFC1-08002BE10318}\\0003\\SETTINGS", "value_name": "CapabilityOverride"}, {"hashes": ["0357d948e0ad1377a41b06db264b67433553388074496e8a3b9d7e0d464dcfd8", "14a4c1408da2ae0d9762d82a2161a8a567e425c5b3543c3e9fe225d9aeb680db"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\CONTROL\\CLASS\\{4D36E968-E325-11CE-BFC1-08002BE10318}\\0003\\SETTINGS", "value_name": "InstalledDisplayDrivers"}, {"hashes": ["0357d948e0ad1377a41b06db264b67433553388074496e8a3b9d7e0d464dcfd8", "14a4c1408da2ae0d9762d82a2161a8a567e425c5b3543c3e9fe225d9aeb680db"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\CONTROL\\CLASS\\{4D36E968-E325-11CE-BFC1-08002BE10318}\\0003\\SETTINGS", "value_name": "Attach.ToDesktop"}, {"hashes": ["0357d948e0ad1377a41b06db264b67433553388074496e8a3b9d7e0d464dcfd8", "14a4c1408da2ae0d9762d82a2161a8a567e425c5b3543c3e9fe225d9aeb680db"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\CONTROL\\CLASS\\{4D36E968-E325-11CE-BFC1-08002BE10318}\\0003\\SETTINGS", "value_name": "VgaCompatible"}, {"hashes": ["0357d948e0ad1377a41b06db264b67433553388074496e8a3b9d7e0d464dcfd8", "14a4c1408da2ae0d9762d82a2161a8a567e425c5b3543c3e9fe225d9aeb680db"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\CONTROL\\CLASS\\{4D36E968-E325-11CE-BFC1-08002BE10318}\\0003\\SETTINGS", "value_name": "MirrorDriver"}, {"hashes": ["0357d948e0ad1377a41b06db264b67433553388074496e8a3b9d7e0d464dcfd8", "14a4c1408da2ae0d9762d82a2161a8a567e425c5b3543c3e9fe225d9aeb680db"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\CONTROL\\CLASS\\{4D36E968-E325-11CE-BFC1-08002BE10318}\\0003\\SETTINGS", "value_name": "Device Description"}, {"hashes": ["0357d948e0ad1377a41b06db264b67433553388074496e8a3b9d7e0d464dcfd8", "14a4c1408da2ae0d9762d82a2161a8a567e425c5b3543c3e9fe225d9aeb680db"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\PNPSYSPREP\\SERVICESTARTTYPEBACKUP", "value_name": "dfmirage"}, {"hashes": ["0357d948e0ad1377a41b06db264b67433553388074496e8a3b9d7e0d464dcfd8", "14a4c1408da2ae0d9762d82a2161a8a567e425c5b3543c3e9fe225d9aeb680db"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\CONTROL\\CLASS\\{4D36E968-E325-11CE-BFC1-08002BE10318}\\0003", "value_name": "FeatureScore"}, {"hashes": ["c329a63536aba1515a27e9df136521f49a4f28e905e05c351530a77591403c69"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "ron"}]}, "reports_count": 21}, "Win.Dropper.Cerber-9993689-0": {"bis": [{"bi": "antivirus-service-flagged-artifact", "hashes": ["a98fb6e329c2046d296dccac5580f1bf2b8fd6186913deb9cddcafc09be0813c", "5317f8a165ff205a65635eec691450948e7846ef1a70bca64b03ff4f8523cd97", "91e17a189ddc9dfec52d8d36621c9e860b0dc025e2f77112196d0ecec2008332", "fa023caa3aebd699466398bae8c709d826e5c1a14718c969688854f28936d07f", "21ede0344d272a3a8a772dbdaadbacff83b522fcb01728965a8f29a4726358d9", "7e77d51383f33f8a97f0a5d05fbe82c4d6d143bbae5a65f4866ead944cff3560", "8d96be2882017859c132e29135bfa8389fc518c7a8fa115987cb81ab8ee58399", "437b4e98592df3aa97453cd91bc42554c4e7d22f57eb72acd30399aab9f8ed7e", "33c027dc736af58e3cf4d9bd76abbbfc6adf461e1d942db0d0f7d06b513c8c94", "e51930227c1f303ca6b34fa94170d81f0512165ff7308526f5c68197f347e2cb", "ed9206075e59643ee7f26257e1acb9f53c1758fd53cdfa269e5323f686a1c5d3", "3bc94f387e5e1118773d9ab986039115bf9038f9262da84e0691ecb3334462aa", "0fd02c1cf5e471eccd229ab0534077e3dda91308acbaa6b4e8a15d4fc97b6b98", "af3ef5a49e1b5a7e2c0f099a0522ec94a8f520456d2631166f3ec0210d82d022", "06577101079df0a09060e0eb44b8c6eda8255f138ed3c5af2b669039567f51c5", "aa3c2568af4df9ecf3b4f11a25d50996a0f6005cddd38388f1190d3db8acfd4e", "9a1c47f337e892d67effafa70018fe9cf0e56d0c51a019989a97245e75d0be3d", "c1935ad5839cafe73c88f081d513b45379190e02395d8022c702b7472374b710", "6a38e36c3c79a10d84b1df2a28b6fc3c650bd2799b8ab2ce5e869ecf5e7ee92c", "bcb99f7cd04b670f21c60f63ff3549197affb1efa90ec9c00702540d581fee7f", "f68c5d2b029a43c0a265012f51f77dc0ba6dd72a44c3457606a600a9b08359d1", "b5e74f86d3d81801831504919301322a5bf66fbaad05153cb0d6607b0734131f", "3d426b7064f1d2dd537433dd263cbc3f049f3a01261e4f1e93d9dbbd9689d3e4", "4e7b0a65c1c022ac01703abcd924b9430289ad2fd0739b4d840eb32dcaf63258", "dc4e4a4900ac37937edeb3eae99d639bea6bac21ed34c54a9ab0b916fb556167", "0529bd46932a20e14da07133bd2614e7f81ef08a6ad26764ef9d732dd4988e35", "db9506aeffa9157c1e3a3f0a9852a96222d4b4c3b6937c2b1cb4ea5a10c2be4b", "94281f5e13a94a424a2704cfd6f5db503f8fc1d8753edd7b88a1b72d2c9c75ef", "7554e314af227056d5b542909815beb58fe0a2ca50b406d18e1263e04f5d91f3", "10362bfd9ff8f18e62e3820f517a90a157b6fa7a546a8c8f5f6130dfdd3de88b", "0fd57d56f1a5aa99eb20e4d15a31363292ead1d949734cc54570c9bb3fd53d03", "71a988b2ace69974a4e85a98621b8782decdb5255ff499fb04fb69882cc54312", "6830b989159440052c7fb38c5a78edd1cf3574b33e9d4e25863a8280d7249b11", "284e151ec6597ce6ccc0fb1848d44177bdb351ee0ad00b360014ea7ac5a31d84", "9ee10a8a4ae234cda9f7c4d329142208d8b638269143be2ac4ea10071c21d0b5", "64b287518fbff6bdf964537422e415bcb3435dc73fa98e767f6df01b8d092f5f", "072fa77729d844c920070ee8185d91d404c65892bd3ec3324473ad0155b68988", "ef1b63884af89306dabf230b9c25410dac0c26c974083d1d2a0ddd2d201cd6a3", "7a5307616f8987e9e9991b4b3b0c9a50daeb18947426bc010f3e043ae1ffe658", "6971cad8f0b8e9de3bb406ec10956e0ee095a47d127c7b245379fdd66cf5f32e", "514670325741ff21596e562511ff1e7ad12b7a627cdbeedc67b93ed44f3e732e", "0f074c20be427e86895db557908d85e833b1c2b1a765ea17bf9d1dcd77aa1ad1", "060fb684fd152f2546906c5b85485c24d4e94c7b5e8b93458097d7014154ccc9", "00ec05a0fd4ccd413e28f89d1443089eda2e50becdc97e2b44a6e74c55d65fb8", "8df01a08896f45bf84ba3bfe6d0b1bf7539bc00a71794e4126502c1650cb593e", "757fbdc22c3a597eb40bca8f50f71d0bc59d874bbadee0709a7d3d7631896626", "42ee13d14f840858d94c7e8712c75455bc6828b65d02d2c798f8e304348bd21d", "3445899a37c24d910f0f91f4a330c26054f3f0018b6c44fe619fe4887673786a", "1f159d6772407b57400c1d524b97415f66134673ffd8b07c0fe123addea75f90", "bc225ff15a0644c18094284c4e502f3ecbddb86fed694631326856f0ed0164e7", "478c99de0dcee5ab3da347112b287cdae59780f1cc2f5c5d01e646d8d927474d", "55cf600f0eac84ea1af8fcbb602d59e00498c86ae3b3221f63eb7506904e31e1", "3ca55dfb0daf326b2f643596c081276febf119e8da00f9d7d027a877b9b143d0", "f3efbedbcdf30498ed948c6bb1aec6107c76a95bd5000fb9b52766253bd6ee3d", "722fab49e11fffd69225bbb0590fd8fc5091d4ea4ed2d3619e1ffb8dca0f1759", "61d0f5e6ab7147b59153a2f446d5778ec04ce7b351f2e0a0669c7a82bb89d1db", "e3faa862cfacce2dd526f90a5112ca645985c8f9edb6ed0b2012523c66c14a32", "b393780f6b168798953a8d3b2f2a859d042b60d8a013a2385238587f175b9abc", "a7da8ed5b35cbf0ce2d235e2520d394186740963d0f4649e8ccb684653759f30", "baeadc69299f16afc9cddaf010a8dcec6e4ab739ea880d3f3f2e39dc5c4f1f6f", "bd68e7d7a9005e82fcf9ee806d780da54dcb12deee112b868e70c897eaae495e", "82332488e17daa5917aafb06e4fe1854f960a3d01f7fec85ba50cd2fc63b35a8", "e3b5ce6842c8fa2c1037d58aa4a1424fa4089b39755e2b00c575f948e2b89c40", "35752610b7219f53b5a5de2448f0a60175abe48204384ee55ac898dcb95dea66", "37916ebe997db8c5abee95de5dc4ee60792db18f5a23cd9bbb3b301a321c22ce", "f626d6e4f4e421aa380caa10bdda4f2624dad2bbfbeb187732207f3d4c1926f5", "8a31b4848a103a3292bba78161cc402eee6b8d9e75b41258fc994411d2b9673f", "35853dfe6731d377efc7fbe049a6a2fc0d6cde89ad82b4a2968c8b118e8d2031", "38f3433e21eeb74aa9de3987c9842a7a3b09b0947c0c2fad548d2c9a1146d18d", "9e5b5e4619da2e44f2915dfdfb14c57c82580299ab11c8214a081264fdd44acc", "eb35c000eeb1d368e452a6eef6c1d162b998228f41e4691c70ae97601e8e6442", "d337f1e65f568830654e5ea5c9990a73bff97a145c786e2f34aeb20e7dfc677a", "75c507c6bb4c61e97e17ac9c16ae13d9ab6ad934a6ea1962ef014bc0ec607e89", "d83b387414319ce8d132672b5311c057852ff413683c0fe49d752bdb147237f8", "15c99d9e00084189cdb2abc12a57ffdea53ea181371b7d5bef30c7e91d881f38", "1f9fc37a1c9df0e760d8efc1a8671dc50d214bf55782c091ec382e2a36acc4db", "e30232cb5fe9d81f04d448df08ba8124278572cb9a26f623d103485e0a537c04", "b89daedb507a3beac6eca4e5065ffa9f1f50694f0cabeb8be1bc9a8970a49082", "b569fb0818fe4182279ce8c98a86e5be17caa84f17b296a2cf076af578526ad7", "943486d70b4bc860761c0db97a02ffc628c546527a97512ce96c8f431ab6724c", "f9d8e319c20af4a7ee83929537cdbd49e0e27db8e08bef506dbb6d879d807252", "c42dfe64f1735b6d4bfb09403d3456ff6138be8e58447f05028ddbbcf6b43613", "f6f158850b3dde3385499ecdafc2ef9ba1b2eb37b02a3ce76c3e3347aa272d05", "f064c33d423319607e3bfa771f6a7acab34b3daa130bfdbfdb554ee886d41e72", "7e9b585b5bb50aec1f77132d85ac19cfcde0ff46341ceeb8dd17f558d111624a", "cd9884124884492086133dfad6156b7d8004cb189fef0e089a2b6129865ffc19", "037e63fa3cfd335313e3cb78d14b0e0a779c4da19a7646d75403858a879d70f9", "2808e6b2ebe3634f82b388f17e007478854ec366cb7fd09321b6ea128d3a2155", "e01baa616f8863c33bffa3c10b970766af4aad3b5b666d0e0b50e7ef7cf55446", "ddfb6bf3328852fc6e73d7dcfbf2db696e085e8dda7757465f40aa8b32361152", "f899f12df814d2f8cdd33864ad6cd5c7f8c4305a1b0ed4d3f845994978abcf32", "ef50489388dd956bb36ec5d29e869337e66417cf8cbc47207411a7027c8598ee", "129bdda489f6349ec751d65c7ce8723941ed40d1ef1dd546371dccd597720ffc", "38b2606a56f63721f744eac093b50e2df5cd4b8cf6bef14ab4c8525a4b690255", "3ce95b260f730ebebc8cf735a23960164c98b4a542f7058b140e81ae9ad4baf7", "a0d8511d744da4c1dbf0de4d02ae8831da579a0aec7d6fb1fea296a4cd42bd1d", "b45ada058a241bc8e69bf499f1e4236f2e10a0ffa5afddf638733dad715f6b82", "ea32abddea0da67213ee9022c45e5554e6b0187a43ca224e743a848c4f45e3b7", "ae01f0fd6f786159f0f3f26e90e05d3869fb190176090ac479a55c4d8988f954", "adb7fc1758cbfd9d2fa68357b54406efaeeb2cbb7a6beeed44a17ce2a0c16089", "4fc3c2f8781ee6a2c07cf9c6573f6a93b86cbcf5ed046659b89a129e038f1c89", "3660b8b6775b3cb51e02de69df3ea7e7d33e416ff18dcb383bbfd9832b6f58c2", "f1a397df96b00ab54f46efb442d23f33d136babf5e2e2b58faf8d7b191675c1b", "3bcd9037e33d95aed6b24bc62ddcfcd5e0e33a88c067a068b3262b648f21b876", "e47dd4e61d7441fd7b9f1ad21dc1aafd9c03fdeb84db7a230c59b90d98a2841f", "b162f8d2ab92f50f9e18d60f462e36cbb5d7ec5bdd3d9015655ffc22c16aa0ab", "0e331f718ab1b3f3fab012b47f555ed2c3e14f751c833f280c0dd822cd18a1c6", "295a3be41b49bd5eacd29948c45be6df94a787c7873c9f73779f6cc473b2d088", "9abbdd26d5deb63881071512afd4081fc7513e1ab4c1cc77d285484a1610a59c", "b719a30f482e0c48982b91cc2575da1d57eedce245cac9844ada69722c4264f4", "eecbd7df302c9040d47f66e3c76d2a4f06a20a960b5eb283787ee210550ac6c9", "580a08068b8283df49c7d47177f354794d2a0abbbf9774e81432ab5626db99cd", "37d74ffc805cb18b38b59dc6f1982e78ec5fb6d458373451779e23bd5f21e8c3", "203edf058978544a7df0461d63dd601475f37f8dbb27b9707065344e7e6ce8be", "654aa52ae3de9f6843f8b61c1344c884df121cf1fcb23848ab4d4c0079c370ef", "0fdec37e33050abc0186bcdac49c6e677fe22dd52174846a87d5b3135fdb7028", "b4a7534abef4ef11d117b35e73a0fbb0f1fcc6e9500cff101b9db5b2bf78f8e6", "19301e15ac811ffb6bd39380ca618f5c5fb1826e4bc52f6aa6967e00d62dc634", "584f53a8d11f2e3b7835a2aeaf0d42448dd064854d954c51eec6e0e4b17f80c1"], "mitre_attack_tags": []}, {"bi": "imports-IsDebuggerPresent", "hashes": ["a98fb6e329c2046d296dccac5580f1bf2b8fd6186913deb9cddcafc09be0813c", "5317f8a165ff205a65635eec691450948e7846ef1a70bca64b03ff4f8523cd97", "91e17a189ddc9dfec52d8d36621c9e860b0dc025e2f77112196d0ecec2008332", "fa023caa3aebd699466398bae8c709d826e5c1a14718c969688854f28936d07f", "21ede0344d272a3a8a772dbdaadbacff83b522fcb01728965a8f29a4726358d9", "7e77d51383f33f8a97f0a5d05fbe82c4d6d143bbae5a65f4866ead944cff3560", "8d96be2882017859c132e29135bfa8389fc518c7a8fa115987cb81ab8ee58399", "437b4e98592df3aa97453cd91bc42554c4e7d22f57eb72acd30399aab9f8ed7e", "33c027dc736af58e3cf4d9bd76abbbfc6adf461e1d942db0d0f7d06b513c8c94", "e51930227c1f303ca6b34fa94170d81f0512165ff7308526f5c68197f347e2cb", "ed9206075e59643ee7f26257e1acb9f53c1758fd53cdfa269e5323f686a1c5d3", "3bc94f387e5e1118773d9ab986039115bf9038f9262da84e0691ecb3334462aa", "0fd02c1cf5e471eccd229ab0534077e3dda91308acbaa6b4e8a15d4fc97b6b98", "af3ef5a49e1b5a7e2c0f099a0522ec94a8f520456d2631166f3ec0210d82d022", "06577101079df0a09060e0eb44b8c6eda8255f138ed3c5af2b669039567f51c5", "aa3c2568af4df9ecf3b4f11a25d50996a0f6005cddd38388f1190d3db8acfd4e", "9a1c47f337e892d67effafa70018fe9cf0e56d0c51a019989a97245e75d0be3d", "c1935ad5839cafe73c88f081d513b45379190e02395d8022c702b7472374b710", "6a38e36c3c79a10d84b1df2a28b6fc3c650bd2799b8ab2ce5e869ecf5e7ee92c", "bcb99f7cd04b670f21c60f63ff3549197affb1efa90ec9c00702540d581fee7f", "f68c5d2b029a43c0a265012f51f77dc0ba6dd72a44c3457606a600a9b08359d1", "b5e74f86d3d81801831504919301322a5bf66fbaad05153cb0d6607b0734131f", "3d426b7064f1d2dd537433dd263cbc3f049f3a01261e4f1e93d9dbbd9689d3e4", "4e7b0a65c1c022ac01703abcd924b9430289ad2fd0739b4d840eb32dcaf63258", "dc4e4a4900ac37937edeb3eae99d639bea6bac21ed34c54a9ab0b916fb556167", "0529bd46932a20e14da07133bd2614e7f81ef08a6ad26764ef9d732dd4988e35", "db9506aeffa9157c1e3a3f0a9852a96222d4b4c3b6937c2b1cb4ea5a10c2be4b", "94281f5e13a94a424a2704cfd6f5db503f8fc1d8753edd7b88a1b72d2c9c75ef", "7554e314af227056d5b542909815beb58fe0a2ca50b406d18e1263e04f5d91f3", "10362bfd9ff8f18e62e3820f517a90a157b6fa7a546a8c8f5f6130dfdd3de88b", "0fd57d56f1a5aa99eb20e4d15a31363292ead1d949734cc54570c9bb3fd53d03", "71a988b2ace69974a4e85a98621b8782decdb5255ff499fb04fb69882cc54312", "6830b989159440052c7fb38c5a78edd1cf3574b33e9d4e25863a8280d7249b11", "284e151ec6597ce6ccc0fb1848d44177bdb351ee0ad00b360014ea7ac5a31d84", "9ee10a8a4ae234cda9f7c4d329142208d8b638269143be2ac4ea10071c21d0b5", "64b287518fbff6bdf964537422e415bcb3435dc73fa98e767f6df01b8d092f5f", "072fa77729d844c920070ee8185d91d404c65892bd3ec3324473ad0155b68988", "ef1b63884af89306dabf230b9c25410dac0c26c974083d1d2a0ddd2d201cd6a3", "7a5307616f8987e9e9991b4b3b0c9a50daeb18947426bc010f3e043ae1ffe658", "6971cad8f0b8e9de3bb406ec10956e0ee095a47d127c7b245379fdd66cf5f32e", "514670325741ff21596e562511ff1e7ad12b7a627cdbeedc67b93ed44f3e732e", "0f074c20be427e86895db557908d85e833b1c2b1a765ea17bf9d1dcd77aa1ad1", "060fb684fd152f2546906c5b85485c24d4e94c7b5e8b93458097d7014154ccc9", "00ec05a0fd4ccd413e28f89d1443089eda2e50becdc97e2b44a6e74c55d65fb8", "8df01a08896f45bf84ba3bfe6d0b1bf7539bc00a71794e4126502c1650cb593e", "757fbdc22c3a597eb40bca8f50f71d0bc59d874bbadee0709a7d3d7631896626", "42ee13d14f840858d94c7e8712c75455bc6828b65d02d2c798f8e304348bd21d", "3445899a37c24d910f0f91f4a330c26054f3f0018b6c44fe619fe4887673786a", "1f159d6772407b57400c1d524b97415f66134673ffd8b07c0fe123addea75f90", "bc225ff15a0644c18094284c4e502f3ecbddb86fed694631326856f0ed0164e7", "478c99de0dcee5ab3da347112b287cdae59780f1cc2f5c5d01e646d8d927474d", "55cf600f0eac84ea1af8fcbb602d59e00498c86ae3b3221f63eb7506904e31e1", "3ca55dfb0daf326b2f643596c081276febf119e8da00f9d7d027a877b9b143d0", "f3efbedbcdf30498ed948c6bb1aec6107c76a95bd5000fb9b52766253bd6ee3d", "722fab49e11fffd69225bbb0590fd8fc5091d4ea4ed2d3619e1ffb8dca0f1759", "61d0f5e6ab7147b59153a2f446d5778ec04ce7b351f2e0a0669c7a82bb89d1db", "e3faa862cfacce2dd526f90a5112ca645985c8f9edb6ed0b2012523c66c14a32", "b393780f6b168798953a8d3b2f2a859d042b60d8a013a2385238587f175b9abc", "a7da8ed5b35cbf0ce2d235e2520d394186740963d0f4649e8ccb684653759f30", "baeadc69299f16afc9cddaf010a8dcec6e4ab739ea880d3f3f2e39dc5c4f1f6f", "bd68e7d7a9005e82fcf9ee806d780da54dcb12deee112b868e70c897eaae495e", "82332488e17daa5917aafb06e4fe1854f960a3d01f7fec85ba50cd2fc63b35a8", "e3b5ce6842c8fa2c1037d58aa4a1424fa4089b39755e2b00c575f948e2b89c40", "35752610b7219f53b5a5de2448f0a60175abe48204384ee55ac898dcb95dea66", "37916ebe997db8c5abee95de5dc4ee60792db18f5a23cd9bbb3b301a321c22ce", "f626d6e4f4e421aa380caa10bdda4f2624dad2bbfbeb187732207f3d4c1926f5", "8a31b4848a103a3292bba78161cc402eee6b8d9e75b41258fc994411d2b9673f", "35853dfe6731d377efc7fbe049a6a2fc0d6cde89ad82b4a2968c8b118e8d2031", "38f3433e21eeb74aa9de3987c9842a7a3b09b0947c0c2fad548d2c9a1146d18d", "9e5b5e4619da2e44f2915dfdfb14c57c82580299ab11c8214a081264fdd44acc", "eb35c000eeb1d368e452a6eef6c1d162b998228f41e4691c70ae97601e8e6442", "d337f1e65f568830654e5ea5c9990a73bff97a145c786e2f34aeb20e7dfc677a", "75c507c6bb4c61e97e17ac9c16ae13d9ab6ad934a6ea1962ef014bc0ec607e89", "d83b387414319ce8d132672b5311c057852ff413683c0fe49d752bdb147237f8", "15c99d9e00084189cdb2abc12a57ffdea53ea181371b7d5bef30c7e91d881f38", "1f9fc37a1c9df0e760d8efc1a8671dc50d214bf55782c091ec382e2a36acc4db", "e30232cb5fe9d81f04d448df08ba8124278572cb9a26f623d103485e0a537c04", "b89daedb507a3beac6eca4e5065ffa9f1f50694f0cabeb8be1bc9a8970a49082", "b569fb0818fe4182279ce8c98a86e5be17caa84f17b296a2cf076af578526ad7", "943486d70b4bc860761c0db97a02ffc628c546527a97512ce96c8f431ab6724c", "f9d8e319c20af4a7ee83929537cdbd49e0e27db8e08bef506dbb6d879d807252", "c42dfe64f1735b6d4bfb09403d3456ff6138be8e58447f05028ddbbcf6b43613", "f6f158850b3dde3385499ecdafc2ef9ba1b2eb37b02a3ce76c3e3347aa272d05", "f064c33d423319607e3bfa771f6a7acab34b3daa130bfdbfdb554ee886d41e72", "7e9b585b5bb50aec1f77132d85ac19cfcde0ff46341ceeb8dd17f558d111624a", "cd9884124884492086133dfad6156b7d8004cb189fef0e089a2b6129865ffc19", "037e63fa3cfd335313e3cb78d14b0e0a779c4da19a7646d75403858a879d70f9", "2808e6b2ebe3634f82b388f17e007478854ec366cb7fd09321b6ea128d3a2155", "e01baa616f8863c33bffa3c10b970766af4aad3b5b666d0e0b50e7ef7cf55446", "ddfb6bf3328852fc6e73d7dcfbf2db696e085e8dda7757465f40aa8b32361152", "f899f12df814d2f8cdd33864ad6cd5c7f8c4305a1b0ed4d3f845994978abcf32", "ef50489388dd956bb36ec5d29e869337e66417cf8cbc47207411a7027c8598ee", "129bdda489f6349ec751d65c7ce8723941ed40d1ef1dd546371dccd597720ffc", "38b2606a56f63721f744eac093b50e2df5cd4b8cf6bef14ab4c8525a4b690255", "3ce95b260f730ebebc8cf735a23960164c98b4a542f7058b140e81ae9ad4baf7", "a0d8511d744da4c1dbf0de4d02ae8831da579a0aec7d6fb1fea296a4cd42bd1d", "b45ada058a241bc8e69bf499f1e4236f2e10a0ffa5afddf638733dad715f6b82", "ea32abddea0da67213ee9022c45e5554e6b0187a43ca224e743a848c4f45e3b7", "ae01f0fd6f786159f0f3f26e90e05d3869fb190176090ac479a55c4d8988f954", "adb7fc1758cbfd9d2fa68357b54406efaeeb2cbb7a6beeed44a17ce2a0c16089", "4fc3c2f8781ee6a2c07cf9c6573f6a93b86cbcf5ed046659b89a129e038f1c89", "3660b8b6775b3cb51e02de69df3ea7e7d33e416ff18dcb383bbfd9832b6f58c2", "f1a397df96b00ab54f46efb442d23f33d136babf5e2e2b58faf8d7b191675c1b", "3bcd9037e33d95aed6b24bc62ddcfcd5e0e33a88c067a068b3262b648f21b876", "e47dd4e61d7441fd7b9f1ad21dc1aafd9c03fdeb84db7a230c59b90d98a2841f", "b162f8d2ab92f50f9e18d60f462e36cbb5d7ec5bdd3d9015655ffc22c16aa0ab", "0e331f718ab1b3f3fab012b47f555ed2c3e14f751c833f280c0dd822cd18a1c6", "295a3be41b49bd5eacd29948c45be6df94a787c7873c9f73779f6cc473b2d088", "9abbdd26d5deb63881071512afd4081fc7513e1ab4c1cc77d285484a1610a59c", "b719a30f482e0c48982b91cc2575da1d57eedce245cac9844ada69722c4264f4", "eecbd7df302c9040d47f66e3c76d2a4f06a20a960b5eb283787ee210550ac6c9", "580a08068b8283df49c7d47177f354794d2a0abbbf9774e81432ab5626db99cd", "37d74ffc805cb18b38b59dc6f1982e78ec5fb6d458373451779e23bd5f21e8c3", "203edf058978544a7df0461d63dd601475f37f8dbb27b9707065344e7e6ce8be", "654aa52ae3de9f6843f8b61c1344c884df121cf1fcb23848ab4d4c0079c370ef", "0fdec37e33050abc0186bcdac49c6e677fe22dd52174846a87d5b3135fdb7028", "b4a7534abef4ef11d117b35e73a0fbb0f1fcc6e9500cff101b9db5b2bf78f8e6", "19301e15ac811ffb6bd39380ca618f5c5fb1826e4bc52f6aa6967e00d62dc634", "584f53a8d11f2e3b7835a2aeaf0d42448dd064854d954c51eec6e0e4b17f80c1"], "mitre_attack_tags": ["TA0005", "TA0007"]}, {"bi": "pe-imports-toolhelp", "hashes": ["a98fb6e329c2046d296dccac5580f1bf2b8fd6186913deb9cddcafc09be0813c", "5317f8a165ff205a65635eec691450948e7846ef1a70bca64b03ff4f8523cd97", "91e17a189ddc9dfec52d8d36621c9e860b0dc025e2f77112196d0ecec2008332", "fa023caa3aebd699466398bae8c709d826e5c1a14718c969688854f28936d07f", "21ede0344d272a3a8a772dbdaadbacff83b522fcb01728965a8f29a4726358d9", "7e77d51383f33f8a97f0a5d05fbe82c4d6d143bbae5a65f4866ead944cff3560", "8d96be2882017859c132e29135bfa8389fc518c7a8fa115987cb81ab8ee58399", "437b4e98592df3aa97453cd91bc42554c4e7d22f57eb72acd30399aab9f8ed7e", "33c027dc736af58e3cf4d9bd76abbbfc6adf461e1d942db0d0f7d06b513c8c94", "e51930227c1f303ca6b34fa94170d81f0512165ff7308526f5c68197f347e2cb", "ed9206075e59643ee7f26257e1acb9f53c1758fd53cdfa269e5323f686a1c5d3", "3bc94f387e5e1118773d9ab986039115bf9038f9262da84e0691ecb3334462aa", "0fd02c1cf5e471eccd229ab0534077e3dda91308acbaa6b4e8a15d4fc97b6b98", "af3ef5a49e1b5a7e2c0f099a0522ec94a8f520456d2631166f3ec0210d82d022", "06577101079df0a09060e0eb44b8c6eda8255f138ed3c5af2b669039567f51c5", "aa3c2568af4df9ecf3b4f11a25d50996a0f6005cddd38388f1190d3db8acfd4e", "9a1c47f337e892d67effafa70018fe9cf0e56d0c51a019989a97245e75d0be3d", "c1935ad5839cafe73c88f081d513b45379190e02395d8022c702b7472374b710", "6a38e36c3c79a10d84b1df2a28b6fc3c650bd2799b8ab2ce5e869ecf5e7ee92c", "bcb99f7cd04b670f21c60f63ff3549197affb1efa90ec9c00702540d581fee7f", "f68c5d2b029a43c0a265012f51f77dc0ba6dd72a44c3457606a600a9b08359d1", "b5e74f86d3d81801831504919301322a5bf66fbaad05153cb0d6607b0734131f", "3d426b7064f1d2dd537433dd263cbc3f049f3a01261e4f1e93d9dbbd9689d3e4", "4e7b0a65c1c022ac01703abcd924b9430289ad2fd0739b4d840eb32dcaf63258", "dc4e4a4900ac37937edeb3eae99d639bea6bac21ed34c54a9ab0b916fb556167", "0529bd46932a20e14da07133bd2614e7f81ef08a6ad26764ef9d732dd4988e35", "db9506aeffa9157c1e3a3f0a9852a96222d4b4c3b6937c2b1cb4ea5a10c2be4b", "94281f5e13a94a424a2704cfd6f5db503f8fc1d8753edd7b88a1b72d2c9c75ef", "7554e314af227056d5b542909815beb58fe0a2ca50b406d18e1263e04f5d91f3", "10362bfd9ff8f18e62e3820f517a90a157b6fa7a546a8c8f5f6130dfdd3de88b", "0fd57d56f1a5aa99eb20e4d15a31363292ead1d949734cc54570c9bb3fd53d03", "71a988b2ace69974a4e85a98621b8782decdb5255ff499fb04fb69882cc54312", "6830b989159440052c7fb38c5a78edd1cf3574b33e9d4e25863a8280d7249b11", "284e151ec6597ce6ccc0fb1848d44177bdb351ee0ad00b360014ea7ac5a31d84", "9ee10a8a4ae234cda9f7c4d329142208d8b638269143be2ac4ea10071c21d0b5", "64b287518fbff6bdf964537422e415bcb3435dc73fa98e767f6df01b8d092f5f", "072fa77729d844c920070ee8185d91d404c65892bd3ec3324473ad0155b68988", "ef1b63884af89306dabf230b9c25410dac0c26c974083d1d2a0ddd2d201cd6a3", "7a5307616f8987e9e9991b4b3b0c9a50daeb18947426bc010f3e043ae1ffe658", "6971cad8f0b8e9de3bb406ec10956e0ee095a47d127c7b245379fdd66cf5f32e", "514670325741ff21596e562511ff1e7ad12b7a627cdbeedc67b93ed44f3e732e", "0f074c20be427e86895db557908d85e833b1c2b1a765ea17bf9d1dcd77aa1ad1", "060fb684fd152f2546906c5b85485c24d4e94c7b5e8b93458097d7014154ccc9", "00ec05a0fd4ccd413e28f89d1443089eda2e50becdc97e2b44a6e74c55d65fb8", "8df01a08896f45bf84ba3bfe6d0b1bf7539bc00a71794e4126502c1650cb593e", "757fbdc22c3a597eb40bca8f50f71d0bc59d874bbadee0709a7d3d7631896626", "42ee13d14f840858d94c7e8712c75455bc6828b65d02d2c798f8e304348bd21d", "3445899a37c24d910f0f91f4a330c26054f3f0018b6c44fe619fe4887673786a", "1f159d6772407b57400c1d524b97415f66134673ffd8b07c0fe123addea75f90", "bc225ff15a0644c18094284c4e502f3ecbddb86fed694631326856f0ed0164e7", "478c99de0dcee5ab3da347112b287cdae59780f1cc2f5c5d01e646d8d927474d", "55cf600f0eac84ea1af8fcbb602d59e00498c86ae3b3221f63eb7506904e31e1", "3ca55dfb0daf326b2f643596c081276febf119e8da00f9d7d027a877b9b143d0", "f3efbedbcdf30498ed948c6bb1aec6107c76a95bd5000fb9b52766253bd6ee3d", "722fab49e11fffd69225bbb0590fd8fc5091d4ea4ed2d3619e1ffb8dca0f1759", "61d0f5e6ab7147b59153a2f446d5778ec04ce7b351f2e0a0669c7a82bb89d1db", "e3faa862cfacce2dd526f90a5112ca645985c8f9edb6ed0b2012523c66c14a32", "b393780f6b168798953a8d3b2f2a859d042b60d8a013a2385238587f175b9abc", "a7da8ed5b35cbf0ce2d235e2520d394186740963d0f4649e8ccb684653759f30", "baeadc69299f16afc9cddaf010a8dcec6e4ab739ea880d3f3f2e39dc5c4f1f6f", "bd68e7d7a9005e82fcf9ee806d780da54dcb12deee112b868e70c897eaae495e", "82332488e17daa5917aafb06e4fe1854f960a3d01f7fec85ba50cd2fc63b35a8", "e3b5ce6842c8fa2c1037d58aa4a1424fa4089b39755e2b00c575f948e2b89c40", "35752610b7219f53b5a5de2448f0a60175abe48204384ee55ac898dcb95dea66", "37916ebe997db8c5abee95de5dc4ee60792db18f5a23cd9bbb3b301a321c22ce", "f626d6e4f4e421aa380caa10bdda4f2624dad2bbfbeb187732207f3d4c1926f5", "8a31b4848a103a3292bba78161cc402eee6b8d9e75b41258fc994411d2b9673f", "35853dfe6731d377efc7fbe049a6a2fc0d6cde89ad82b4a2968c8b118e8d2031", "38f3433e21eeb74aa9de3987c9842a7a3b09b0947c0c2fad548d2c9a1146d18d", "9e5b5e4619da2e44f2915dfdfb14c57c82580299ab11c8214a081264fdd44acc", "eb35c000eeb1d368e452a6eef6c1d162b998228f41e4691c70ae97601e8e6442", "d337f1e65f568830654e5ea5c9990a73bff97a145c786e2f34aeb20e7dfc677a", "75c507c6bb4c61e97e17ac9c16ae13d9ab6ad934a6ea1962ef014bc0ec607e89", "d83b387414319ce8d132672b5311c057852ff413683c0fe49d752bdb147237f8", "15c99d9e00084189cdb2abc12a57ffdea53ea181371b7d5bef30c7e91d881f38", "1f9fc37a1c9df0e760d8efc1a8671dc50d214bf55782c091ec382e2a36acc4db", "e30232cb5fe9d81f04d448df08ba8124278572cb9a26f623d103485e0a537c04", "b89daedb507a3beac6eca4e5065ffa9f1f50694f0cabeb8be1bc9a8970a49082", "b569fb0818fe4182279ce8c98a86e5be17caa84f17b296a2cf076af578526ad7", "943486d70b4bc860761c0db97a02ffc628c546527a97512ce96c8f431ab6724c", "f9d8e319c20af4a7ee83929537cdbd49e0e27db8e08bef506dbb6d879d807252", "c42dfe64f1735b6d4bfb09403d3456ff6138be8e58447f05028ddbbcf6b43613", "f6f158850b3dde3385499ecdafc2ef9ba1b2eb37b02a3ce76c3e3347aa272d05", "f064c33d423319607e3bfa771f6a7acab34b3daa130bfdbfdb554ee886d41e72", "7e9b585b5bb50aec1f77132d85ac19cfcde0ff46341ceeb8dd17f558d111624a", "cd9884124884492086133dfad6156b7d8004cb189fef0e089a2b6129865ffc19", "037e63fa3cfd335313e3cb78d14b0e0a779c4da19a7646d75403858a879d70f9", "2808e6b2ebe3634f82b388f17e007478854ec366cb7fd09321b6ea128d3a2155", "e01baa616f8863c33bffa3c10b970766af4aad3b5b666d0e0b50e7ef7cf55446", "ddfb6bf3328852fc6e73d7dcfbf2db696e085e8dda7757465f40aa8b32361152", "f899f12df814d2f8cdd33864ad6cd5c7f8c4305a1b0ed4d3f845994978abcf32", "ef50489388dd956bb36ec5d29e869337e66417cf8cbc47207411a7027c8598ee", "129bdda489f6349ec751d65c7ce8723941ed40d1ef1dd546371dccd597720ffc", "38b2606a56f63721f744eac093b50e2df5cd4b8cf6bef14ab4c8525a4b690255", "3ce95b260f730ebebc8cf735a23960164c98b4a542f7058b140e81ae9ad4baf7", "a0d8511d744da4c1dbf0de4d02ae8831da579a0aec7d6fb1fea296a4cd42bd1d", "b45ada058a241bc8e69bf499f1e4236f2e10a0ffa5afddf638733dad715f6b82", "ea32abddea0da67213ee9022c45e5554e6b0187a43ca224e743a848c4f45e3b7", "ae01f0fd6f786159f0f3f26e90e05d3869fb190176090ac479a55c4d8988f954", "adb7fc1758cbfd9d2fa68357b54406efaeeb2cbb7a6beeed44a17ce2a0c16089", "4fc3c2f8781ee6a2c07cf9c6573f6a93b86cbcf5ed046659b89a129e038f1c89", "3660b8b6775b3cb51e02de69df3ea7e7d33e416ff18dcb383bbfd9832b6f58c2", "f1a397df96b00ab54f46efb442d23f33d136babf5e2e2b58faf8d7b191675c1b", "3bcd9037e33d95aed6b24bc62ddcfcd5e0e33a88c067a068b3262b648f21b876", "e47dd4e61d7441fd7b9f1ad21dc1aafd9c03fdeb84db7a230c59b90d98a2841f", "b162f8d2ab92f50f9e18d60f462e36cbb5d7ec5bdd3d9015655ffc22c16aa0ab", "0e331f718ab1b3f3fab012b47f555ed2c3e14f751c833f280c0dd822cd18a1c6", "295a3be41b49bd5eacd29948c45be6df94a787c7873c9f73779f6cc473b2d088", "9abbdd26d5deb63881071512afd4081fc7513e1ab4c1cc77d285484a1610a59c", "b719a30f482e0c48982b91cc2575da1d57eedce245cac9844ada69722c4264f4", "eecbd7df302c9040d47f66e3c76d2a4f06a20a960b5eb283787ee210550ac6c9", "580a08068b8283df49c7d47177f354794d2a0abbbf9774e81432ab5626db99cd", "37d74ffc805cb18b38b59dc6f1982e78ec5fb6d458373451779e23bd5f21e8c3", "203edf058978544a7df0461d63dd601475f37f8dbb27b9707065344e7e6ce8be", "654aa52ae3de9f6843f8b61c1344c884df121cf1fcb23848ab4d4c0079c370ef", "0fdec37e33050abc0186bcdac49c6e677fe22dd52174846a87d5b3135fdb7028", "b4a7534abef4ef11d117b35e73a0fbb0f1fcc6e9500cff101b9db5b2bf78f8e6", "19301e15ac811ffb6bd39380ca618f5c5fb1826e4bc52f6aa6967e00d62dc634", "584f53a8d11f2e3b7835a2aeaf0d42448dd064854d954c51eec6e0e4b17f80c1"], "mitre_attack_tags": ["TA0007", "T1057"]}, {"bi": "memory-execute-readwrite", "hashes": ["a98fb6e329c2046d296dccac5580f1bf2b8fd6186913deb9cddcafc09be0813c", "5317f8a165ff205a65635eec691450948e7846ef1a70bca64b03ff4f8523cd97", "91e17a189ddc9dfec52d8d36621c9e860b0dc025e2f77112196d0ecec2008332", "fa023caa3aebd699466398bae8c709d826e5c1a14718c969688854f28936d07f", "21ede0344d272a3a8a772dbdaadbacff83b522fcb01728965a8f29a4726358d9", "7e77d51383f33f8a97f0a5d05fbe82c4d6d143bbae5a65f4866ead944cff3560", "8d96be2882017859c132e29135bfa8389fc518c7a8fa115987cb81ab8ee58399", "437b4e98592df3aa97453cd91bc42554c4e7d22f57eb72acd30399aab9f8ed7e", "33c027dc736af58e3cf4d9bd76abbbfc6adf461e1d942db0d0f7d06b513c8c94", "e51930227c1f303ca6b34fa94170d81f0512165ff7308526f5c68197f347e2cb", "ed9206075e59643ee7f26257e1acb9f53c1758fd53cdfa269e5323f686a1c5d3", "3bc94f387e5e1118773d9ab986039115bf9038f9262da84e0691ecb3334462aa", "0fd02c1cf5e471eccd229ab0534077e3dda91308acbaa6b4e8a15d4fc97b6b98", "af3ef5a49e1b5a7e2c0f099a0522ec94a8f520456d2631166f3ec0210d82d022", "06577101079df0a09060e0eb44b8c6eda8255f138ed3c5af2b669039567f51c5", "aa3c2568af4df9ecf3b4f11a25d50996a0f6005cddd38388f1190d3db8acfd4e", "9a1c47f337e892d67effafa70018fe9cf0e56d0c51a019989a97245e75d0be3d", "c1935ad5839cafe73c88f081d513b45379190e02395d8022c702b7472374b710", "6a38e36c3c79a10d84b1df2a28b6fc3c650bd2799b8ab2ce5e869ecf5e7ee92c", "bcb99f7cd04b670f21c60f63ff3549197affb1efa90ec9c00702540d581fee7f", "f68c5d2b029a43c0a265012f51f77dc0ba6dd72a44c3457606a600a9b08359d1", "b5e74f86d3d81801831504919301322a5bf66fbaad05153cb0d6607b0734131f", "3d426b7064f1d2dd537433dd263cbc3f049f3a01261e4f1e93d9dbbd9689d3e4", "4e7b0a65c1c022ac01703abcd924b9430289ad2fd0739b4d840eb32dcaf63258", "dc4e4a4900ac37937edeb3eae99d639bea6bac21ed34c54a9ab0b916fb556167", "0529bd46932a20e14da07133bd2614e7f81ef08a6ad26764ef9d732dd4988e35", "db9506aeffa9157c1e3a3f0a9852a96222d4b4c3b6937c2b1cb4ea5a10c2be4b", "94281f5e13a94a424a2704cfd6f5db503f8fc1d8753edd7b88a1b72d2c9c75ef", "7554e314af227056d5b542909815beb58fe0a2ca50b406d18e1263e04f5d91f3", "10362bfd9ff8f18e62e3820f517a90a157b6fa7a546a8c8f5f6130dfdd3de88b", "0fd57d56f1a5aa99eb20e4d15a31363292ead1d949734cc54570c9bb3fd53d03", "71a988b2ace69974a4e85a98621b8782decdb5255ff499fb04fb69882cc54312", "6830b989159440052c7fb38c5a78edd1cf3574b33e9d4e25863a8280d7249b11", "284e151ec6597ce6ccc0fb1848d44177bdb351ee0ad00b360014ea7ac5a31d84", "9ee10a8a4ae234cda9f7c4d329142208d8b638269143be2ac4ea10071c21d0b5", "64b287518fbff6bdf964537422e415bcb3435dc73fa98e767f6df01b8d092f5f", "072fa77729d844c920070ee8185d91d404c65892bd3ec3324473ad0155b68988", "ef1b63884af89306dabf230b9c25410dac0c26c974083d1d2a0ddd2d201cd6a3", "7a5307616f8987e9e9991b4b3b0c9a50daeb18947426bc010f3e043ae1ffe658", "6971cad8f0b8e9de3bb406ec10956e0ee095a47d127c7b245379fdd66cf5f32e", "514670325741ff21596e562511ff1e7ad12b7a627cdbeedc67b93ed44f3e732e", "0f074c20be427e86895db557908d85e833b1c2b1a765ea17bf9d1dcd77aa1ad1", "060fb684fd152f2546906c5b85485c24d4e94c7b5e8b93458097d7014154ccc9", "00ec05a0fd4ccd413e28f89d1443089eda2e50becdc97e2b44a6e74c55d65fb8", "8df01a08896f45bf84ba3bfe6d0b1bf7539bc00a71794e4126502c1650cb593e", "757fbdc22c3a597eb40bca8f50f71d0bc59d874bbadee0709a7d3d7631896626", "42ee13d14f840858d94c7e8712c75455bc6828b65d02d2c798f8e304348bd21d", "3445899a37c24d910f0f91f4a330c26054f3f0018b6c44fe619fe4887673786a", "1f159d6772407b57400c1d524b97415f66134673ffd8b07c0fe123addea75f90", "bc225ff15a0644c18094284c4e502f3ecbddb86fed694631326856f0ed0164e7", "478c99de0dcee5ab3da347112b287cdae59780f1cc2f5c5d01e646d8d927474d", "55cf600f0eac84ea1af8fcbb602d59e00498c86ae3b3221f63eb7506904e31e1", "3ca55dfb0daf326b2f643596c081276febf119e8da00f9d7d027a877b9b143d0", "f3efbedbcdf30498ed948c6bb1aec6107c76a95bd5000fb9b52766253bd6ee3d", "722fab49e11fffd69225bbb0590fd8fc5091d4ea4ed2d3619e1ffb8dca0f1759", "61d0f5e6ab7147b59153a2f446d5778ec04ce7b351f2e0a0669c7a82bb89d1db", "b393780f6b168798953a8d3b2f2a859d042b60d8a013a2385238587f175b9abc", "a7da8ed5b35cbf0ce2d235e2520d394186740963d0f4649e8ccb684653759f30", "baeadc69299f16afc9cddaf010a8dcec6e4ab739ea880d3f3f2e39dc5c4f1f6f", "bd68e7d7a9005e82fcf9ee806d780da54dcb12deee112b868e70c897eaae495e", "e3b5ce6842c8fa2c1037d58aa4a1424fa4089b39755e2b00c575f948e2b89c40", "35752610b7219f53b5a5de2448f0a60175abe48204384ee55ac898dcb95dea66", "37916ebe997db8c5abee95de5dc4ee60792db18f5a23cd9bbb3b301a321c22ce", "8a31b4848a103a3292bba78161cc402eee6b8d9e75b41258fc994411d2b9673f", "35853dfe6731d377efc7fbe049a6a2fc0d6cde89ad82b4a2968c8b118e8d2031", "eb35c000eeb1d368e452a6eef6c1d162b998228f41e4691c70ae97601e8e6442", "d337f1e65f568830654e5ea5c9990a73bff97a145c786e2f34aeb20e7dfc677a", "d83b387414319ce8d132672b5311c057852ff413683c0fe49d752bdb147237f8", "15c99d9e00084189cdb2abc12a57ffdea53ea181371b7d5bef30c7e91d881f38", "1f9fc37a1c9df0e760d8efc1a8671dc50d214bf55782c091ec382e2a36acc4db", "e30232cb5fe9d81f04d448df08ba8124278572cb9a26f623d103485e0a537c04", "b89daedb507a3beac6eca4e5065ffa9f1f50694f0cabeb8be1bc9a8970a49082", "b569fb0818fe4182279ce8c98a86e5be17caa84f17b296a2cf076af578526ad7", "943486d70b4bc860761c0db97a02ffc628c546527a97512ce96c8f431ab6724c", "f9d8e319c20af4a7ee83929537cdbd49e0e27db8e08bef506dbb6d879d807252", "c42dfe64f1735b6d4bfb09403d3456ff6138be8e58447f05028ddbbcf6b43613", "7e9b585b5bb50aec1f77132d85ac19cfcde0ff46341ceeb8dd17f558d111624a", "cd9884124884492086133dfad6156b7d8004cb189fef0e089a2b6129865ffc19", "037e63fa3cfd335313e3cb78d14b0e0a779c4da19a7646d75403858a879d70f9", "2808e6b2ebe3634f82b388f17e007478854ec366cb7fd09321b6ea128d3a2155", "ddfb6bf3328852fc6e73d7dcfbf2db696e085e8dda7757465f40aa8b32361152", "129bdda489f6349ec751d65c7ce8723941ed40d1ef1dd546371dccd597720ffc", "38b2606a56f63721f744eac093b50e2df5cd4b8cf6bef14ab4c8525a4b690255", "3ce95b260f730ebebc8cf735a23960164c98b4a542f7058b140e81ae9ad4baf7", "ea32abddea0da67213ee9022c45e5554e6b0187a43ca224e743a848c4f45e3b7", "ae01f0fd6f786159f0f3f26e90e05d3869fb190176090ac479a55c4d8988f954", "adb7fc1758cbfd9d2fa68357b54406efaeeb2cbb7a6beeed44a17ce2a0c16089", "3bcd9037e33d95aed6b24bc62ddcfcd5e0e33a88c067a068b3262b648f21b876", "e47dd4e61d7441fd7b9f1ad21dc1aafd9c03fdeb84db7a230c59b90d98a2841f", "b162f8d2ab92f50f9e18d60f462e36cbb5d7ec5bdd3d9015655ffc22c16aa0ab", "9abbdd26d5deb63881071512afd4081fc7513e1ab4c1cc77d285484a1610a59c", "b719a30f482e0c48982b91cc2575da1d57eedce245cac9844ada69722c4264f4", "580a08068b8283df49c7d47177f354794d2a0abbbf9774e81432ab5626db99cd", "37d74ffc805cb18b38b59dc6f1982e78ec5fb6d458373451779e23bd5f21e8c3", "203edf058978544a7df0461d63dd601475f37f8dbb27b9707065344e7e6ce8be", "654aa52ae3de9f6843f8b61c1344c884df121cf1fcb23848ab4d4c0079c370ef", "0fdec37e33050abc0186bcdac49c6e677fe22dd52174846a87d5b3135fdb7028", "b4a7534abef4ef11d117b35e73a0fbb0f1fcc6e9500cff101b9db5b2bf78f8e6", "19301e15ac811ffb6bd39380ca618f5c5fb1826e4bc52f6aa6967e00d62dc634", "584f53a8d11f2e3b7835a2aeaf0d42448dd064854d954c51eec6e0e4b17f80c1"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "excessive-foreign-memory-modification", "hashes": ["a98fb6e329c2046d296dccac5580f1bf2b8fd6186913deb9cddcafc09be0813c", "5317f8a165ff205a65635eec691450948e7846ef1a70bca64b03ff4f8523cd97", "91e17a189ddc9dfec52d8d36621c9e860b0dc025e2f77112196d0ecec2008332", "fa023caa3aebd699466398bae8c709d826e5c1a14718c969688854f28936d07f", "21ede0344d272a3a8a772dbdaadbacff83b522fcb01728965a8f29a4726358d9", "7e77d51383f33f8a97f0a5d05fbe82c4d6d143bbae5a65f4866ead944cff3560", "8d96be2882017859c132e29135bfa8389fc518c7a8fa115987cb81ab8ee58399", "437b4e98592df3aa97453cd91bc42554c4e7d22f57eb72acd30399aab9f8ed7e", "33c027dc736af58e3cf4d9bd76abbbfc6adf461e1d942db0d0f7d06b513c8c94", "e51930227c1f303ca6b34fa94170d81f0512165ff7308526f5c68197f347e2cb", "ed9206075e59643ee7f26257e1acb9f53c1758fd53cdfa269e5323f686a1c5d3", "3bc94f387e5e1118773d9ab986039115bf9038f9262da84e0691ecb3334462aa", "0fd02c1cf5e471eccd229ab0534077e3dda91308acbaa6b4e8a15d4fc97b6b98", "af3ef5a49e1b5a7e2c0f099a0522ec94a8f520456d2631166f3ec0210d82d022", "06577101079df0a09060e0eb44b8c6eda8255f138ed3c5af2b669039567f51c5", "aa3c2568af4df9ecf3b4f11a25d50996a0f6005cddd38388f1190d3db8acfd4e", "9a1c47f337e892d67effafa70018fe9cf0e56d0c51a019989a97245e75d0be3d", "c1935ad5839cafe73c88f081d513b45379190e02395d8022c702b7472374b710", "6a38e36c3c79a10d84b1df2a28b6fc3c650bd2799b8ab2ce5e869ecf5e7ee92c", "bcb99f7cd04b670f21c60f63ff3549197affb1efa90ec9c00702540d581fee7f", "f68c5d2b029a43c0a265012f51f77dc0ba6dd72a44c3457606a600a9b08359d1", "b5e74f86d3d81801831504919301322a5bf66fbaad05153cb0d6607b0734131f", "3d426b7064f1d2dd537433dd263cbc3f049f3a01261e4f1e93d9dbbd9689d3e4", "4e7b0a65c1c022ac01703abcd924b9430289ad2fd0739b4d840eb32dcaf63258", "dc4e4a4900ac37937edeb3eae99d639bea6bac21ed34c54a9ab0b916fb556167", "0529bd46932a20e14da07133bd2614e7f81ef08a6ad26764ef9d732dd4988e35", "db9506aeffa9157c1e3a3f0a9852a96222d4b4c3b6937c2b1cb4ea5a10c2be4b", "94281f5e13a94a424a2704cfd6f5db503f8fc1d8753edd7b88a1b72d2c9c75ef", "7554e314af227056d5b542909815beb58fe0a2ca50b406d18e1263e04f5d91f3", "10362bfd9ff8f18e62e3820f517a90a157b6fa7a546a8c8f5f6130dfdd3de88b", "0fd57d56f1a5aa99eb20e4d15a31363292ead1d949734cc54570c9bb3fd53d03", "71a988b2ace69974a4e85a98621b8782decdb5255ff499fb04fb69882cc54312", "6830b989159440052c7fb38c5a78edd1cf3574b33e9d4e25863a8280d7249b11", "284e151ec6597ce6ccc0fb1848d44177bdb351ee0ad00b360014ea7ac5a31d84", "9ee10a8a4ae234cda9f7c4d329142208d8b638269143be2ac4ea10071c21d0b5", "64b287518fbff6bdf964537422e415bcb3435dc73fa98e767f6df01b8d092f5f", "072fa77729d844c920070ee8185d91d404c65892bd3ec3324473ad0155b68988", "ef1b63884af89306dabf230b9c25410dac0c26c974083d1d2a0ddd2d201cd6a3", "7a5307616f8987e9e9991b4b3b0c9a50daeb18947426bc010f3e043ae1ffe658", "6971cad8f0b8e9de3bb406ec10956e0ee095a47d127c7b245379fdd66cf5f32e", "514670325741ff21596e562511ff1e7ad12b7a627cdbeedc67b93ed44f3e732e", "0f074c20be427e86895db557908d85e833b1c2b1a765ea17bf9d1dcd77aa1ad1", "060fb684fd152f2546906c5b85485c24d4e94c7b5e8b93458097d7014154ccc9", "00ec05a0fd4ccd413e28f89d1443089eda2e50becdc97e2b44a6e74c55d65fb8", "8df01a08896f45bf84ba3bfe6d0b1bf7539bc00a71794e4126502c1650cb593e", "757fbdc22c3a597eb40bca8f50f71d0bc59d874bbadee0709a7d3d7631896626", "42ee13d14f840858d94c7e8712c75455bc6828b65d02d2c798f8e304348bd21d", "3445899a37c24d910f0f91f4a330c26054f3f0018b6c44fe619fe4887673786a", "1f159d6772407b57400c1d524b97415f66134673ffd8b07c0fe123addea75f90", "bc225ff15a0644c18094284c4e502f3ecbddb86fed694631326856f0ed0164e7", "478c99de0dcee5ab3da347112b287cdae59780f1cc2f5c5d01e646d8d927474d", "55cf600f0eac84ea1af8fcbb602d59e00498c86ae3b3221f63eb7506904e31e1", "3ca55dfb0daf326b2f643596c081276febf119e8da00f9d7d027a877b9b143d0", "f3efbedbcdf30498ed948c6bb1aec6107c76a95bd5000fb9b52766253bd6ee3d", "722fab49e11fffd69225bbb0590fd8fc5091d4ea4ed2d3619e1ffb8dca0f1759", "61d0f5e6ab7147b59153a2f446d5778ec04ce7b351f2e0a0669c7a82bb89d1db", "b393780f6b168798953a8d3b2f2a859d042b60d8a013a2385238587f175b9abc", "a7da8ed5b35cbf0ce2d235e2520d394186740963d0f4649e8ccb684653759f30", "baeadc69299f16afc9cddaf010a8dcec6e4ab739ea880d3f3f2e39dc5c4f1f6f", "bd68e7d7a9005e82fcf9ee806d780da54dcb12deee112b868e70c897eaae495e", "e3b5ce6842c8fa2c1037d58aa4a1424fa4089b39755e2b00c575f948e2b89c40", "35752610b7219f53b5a5de2448f0a60175abe48204384ee55ac898dcb95dea66", "37916ebe997db8c5abee95de5dc4ee60792db18f5a23cd9bbb3b301a321c22ce", "8a31b4848a103a3292bba78161cc402eee6b8d9e75b41258fc994411d2b9673f", "35853dfe6731d377efc7fbe049a6a2fc0d6cde89ad82b4a2968c8b118e8d2031", "eb35c000eeb1d368e452a6eef6c1d162b998228f41e4691c70ae97601e8e6442", "d337f1e65f568830654e5ea5c9990a73bff97a145c786e2f34aeb20e7dfc677a", "d83b387414319ce8d132672b5311c057852ff413683c0fe49d752bdb147237f8", "15c99d9e00084189cdb2abc12a57ffdea53ea181371b7d5bef30c7e91d881f38", "1f9fc37a1c9df0e760d8efc1a8671dc50d214bf55782c091ec382e2a36acc4db", "e30232cb5fe9d81f04d448df08ba8124278572cb9a26f623d103485e0a537c04", "b89daedb507a3beac6eca4e5065ffa9f1f50694f0cabeb8be1bc9a8970a49082", "b569fb0818fe4182279ce8c98a86e5be17caa84f17b296a2cf076af578526ad7", "943486d70b4bc860761c0db97a02ffc628c546527a97512ce96c8f431ab6724c", "f9d8e319c20af4a7ee83929537cdbd49e0e27db8e08bef506dbb6d879d807252", "c42dfe64f1735b6d4bfb09403d3456ff6138be8e58447f05028ddbbcf6b43613", "7e9b585b5bb50aec1f77132d85ac19cfcde0ff46341ceeb8dd17f558d111624a", "cd9884124884492086133dfad6156b7d8004cb189fef0e089a2b6129865ffc19", "037e63fa3cfd335313e3cb78d14b0e0a779c4da19a7646d75403858a879d70f9", "2808e6b2ebe3634f82b388f17e007478854ec366cb7fd09321b6ea128d3a2155", "ddfb6bf3328852fc6e73d7dcfbf2db696e085e8dda7757465f40aa8b32361152", "129bdda489f6349ec751d65c7ce8723941ed40d1ef1dd546371dccd597720ffc", "38b2606a56f63721f744eac093b50e2df5cd4b8cf6bef14ab4c8525a4b690255", "3ce95b260f730ebebc8cf735a23960164c98b4a542f7058b140e81ae9ad4baf7", "ea32abddea0da67213ee9022c45e5554e6b0187a43ca224e743a848c4f45e3b7", "ae01f0fd6f786159f0f3f26e90e05d3869fb190176090ac479a55c4d8988f954", "adb7fc1758cbfd9d2fa68357b54406efaeeb2cbb7a6beeed44a17ce2a0c16089", "3bcd9037e33d95aed6b24bc62ddcfcd5e0e33a88c067a068b3262b648f21b876", "e47dd4e61d7441fd7b9f1ad21dc1aafd9c03fdeb84db7a230c59b90d98a2841f", "b162f8d2ab92f50f9e18d60f462e36cbb5d7ec5bdd3d9015655ffc22c16aa0ab", "9abbdd26d5deb63881071512afd4081fc7513e1ab4c1cc77d285484a1610a59c", "b719a30f482e0c48982b91cc2575da1d57eedce245cac9844ada69722c4264f4", "580a08068b8283df49c7d47177f354794d2a0abbbf9774e81432ab5626db99cd", "37d74ffc805cb18b38b59dc6f1982e78ec5fb6d458373451779e23bd5f21e8c3", "203edf058978544a7df0461d63dd601475f37f8dbb27b9707065344e7e6ce8be", "654aa52ae3de9f6843f8b61c1344c884df121cf1fcb23848ab4d4c0079c370ef", "0fdec37e33050abc0186bcdac49c6e677fe22dd52174846a87d5b3135fdb7028", "b4a7534abef4ef11d117b35e73a0fbb0f1fcc6e9500cff101b9db5b2bf78f8e6", "19301e15ac811ffb6bd39380ca618f5c5fb1826e4bc52f6aa6967e00d62dc634", "584f53a8d11f2e3b7835a2aeaf0d42448dd064854d954c51eec6e0e4b17f80c1"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "process-hollowing-detected", "hashes": ["a98fb6e329c2046d296dccac5580f1bf2b8fd6186913deb9cddcafc09be0813c", "5317f8a165ff205a65635eec691450948e7846ef1a70bca64b03ff4f8523cd97", "91e17a189ddc9dfec52d8d36621c9e860b0dc025e2f77112196d0ecec2008332", "fa023caa3aebd699466398bae8c709d826e5c1a14718c969688854f28936d07f", "21ede0344d272a3a8a772dbdaadbacff83b522fcb01728965a8f29a4726358d9", "7e77d51383f33f8a97f0a5d05fbe82c4d6d143bbae5a65f4866ead944cff3560", "8d96be2882017859c132e29135bfa8389fc518c7a8fa115987cb81ab8ee58399", "437b4e98592df3aa97453cd91bc42554c4e7d22f57eb72acd30399aab9f8ed7e", "33c027dc736af58e3cf4d9bd76abbbfc6adf461e1d942db0d0f7d06b513c8c94", "e51930227c1f303ca6b34fa94170d81f0512165ff7308526f5c68197f347e2cb", "ed9206075e59643ee7f26257e1acb9f53c1758fd53cdfa269e5323f686a1c5d3", "3bc94f387e5e1118773d9ab986039115bf9038f9262da84e0691ecb3334462aa", "0fd02c1cf5e471eccd229ab0534077e3dda91308acbaa6b4e8a15d4fc97b6b98", "af3ef5a49e1b5a7e2c0f099a0522ec94a8f520456d2631166f3ec0210d82d022", "06577101079df0a09060e0eb44b8c6eda8255f138ed3c5af2b669039567f51c5", "aa3c2568af4df9ecf3b4f11a25d50996a0f6005cddd38388f1190d3db8acfd4e", "9a1c47f337e892d67effafa70018fe9cf0e56d0c51a019989a97245e75d0be3d", "c1935ad5839cafe73c88f081d513b45379190e02395d8022c702b7472374b710", "6a38e36c3c79a10d84b1df2a28b6fc3c650bd2799b8ab2ce5e869ecf5e7ee92c", "bcb99f7cd04b670f21c60f63ff3549197affb1efa90ec9c00702540d581fee7f", "f68c5d2b029a43c0a265012f51f77dc0ba6dd72a44c3457606a600a9b08359d1", "b5e74f86d3d81801831504919301322a5bf66fbaad05153cb0d6607b0734131f", "3d426b7064f1d2dd537433dd263cbc3f049f3a01261e4f1e93d9dbbd9689d3e4", "4e7b0a65c1c022ac01703abcd924b9430289ad2fd0739b4d840eb32dcaf63258", "dc4e4a4900ac37937edeb3eae99d639bea6bac21ed34c54a9ab0b916fb556167", "0529bd46932a20e14da07133bd2614e7f81ef08a6ad26764ef9d732dd4988e35", "db9506aeffa9157c1e3a3f0a9852a96222d4b4c3b6937c2b1cb4ea5a10c2be4b", "94281f5e13a94a424a2704cfd6f5db503f8fc1d8753edd7b88a1b72d2c9c75ef", "7554e314af227056d5b542909815beb58fe0a2ca50b406d18e1263e04f5d91f3", "10362bfd9ff8f18e62e3820f517a90a157b6fa7a546a8c8f5f6130dfdd3de88b", "0fd57d56f1a5aa99eb20e4d15a31363292ead1d949734cc54570c9bb3fd53d03", "71a988b2ace69974a4e85a98621b8782decdb5255ff499fb04fb69882cc54312", "6830b989159440052c7fb38c5a78edd1cf3574b33e9d4e25863a8280d7249b11", "284e151ec6597ce6ccc0fb1848d44177bdb351ee0ad00b360014ea7ac5a31d84", "9ee10a8a4ae234cda9f7c4d329142208d8b638269143be2ac4ea10071c21d0b5", "64b287518fbff6bdf964537422e415bcb3435dc73fa98e767f6df01b8d092f5f", "072fa77729d844c920070ee8185d91d404c65892bd3ec3324473ad0155b68988", "ef1b63884af89306dabf230b9c25410dac0c26c974083d1d2a0ddd2d201cd6a3", "7a5307616f8987e9e9991b4b3b0c9a50daeb18947426bc010f3e043ae1ffe658", "6971cad8f0b8e9de3bb406ec10956e0ee095a47d127c7b245379fdd66cf5f32e", "514670325741ff21596e562511ff1e7ad12b7a627cdbeedc67b93ed44f3e732e", "0f074c20be427e86895db557908d85e833b1c2b1a765ea17bf9d1dcd77aa1ad1", "060fb684fd152f2546906c5b85485c24d4e94c7b5e8b93458097d7014154ccc9", "00ec05a0fd4ccd413e28f89d1443089eda2e50becdc97e2b44a6e74c55d65fb8", "8df01a08896f45bf84ba3bfe6d0b1bf7539bc00a71794e4126502c1650cb593e", "757fbdc22c3a597eb40bca8f50f71d0bc59d874bbadee0709a7d3d7631896626", "42ee13d14f840858d94c7e8712c75455bc6828b65d02d2c798f8e304348bd21d", "3445899a37c24d910f0f91f4a330c26054f3f0018b6c44fe619fe4887673786a", "1f159d6772407b57400c1d524b97415f66134673ffd8b07c0fe123addea75f90", "bc225ff15a0644c18094284c4e502f3ecbddb86fed694631326856f0ed0164e7", "478c99de0dcee5ab3da347112b287cdae59780f1cc2f5c5d01e646d8d927474d", "55cf600f0eac84ea1af8fcbb602d59e00498c86ae3b3221f63eb7506904e31e1", "3ca55dfb0daf326b2f643596c081276febf119e8da00f9d7d027a877b9b143d0", "f3efbedbcdf30498ed948c6bb1aec6107c76a95bd5000fb9b52766253bd6ee3d", "722fab49e11fffd69225bbb0590fd8fc5091d4ea4ed2d3619e1ffb8dca0f1759", "61d0f5e6ab7147b59153a2f446d5778ec04ce7b351f2e0a0669c7a82bb89d1db", "b393780f6b168798953a8d3b2f2a859d042b60d8a013a2385238587f175b9abc", "a7da8ed5b35cbf0ce2d235e2520d394186740963d0f4649e8ccb684653759f30", "baeadc69299f16afc9cddaf010a8dcec6e4ab739ea880d3f3f2e39dc5c4f1f6f", "bd68e7d7a9005e82fcf9ee806d780da54dcb12deee112b868e70c897eaae495e", "e3b5ce6842c8fa2c1037d58aa4a1424fa4089b39755e2b00c575f948e2b89c40", "35752610b7219f53b5a5de2448f0a60175abe48204384ee55ac898dcb95dea66", "37916ebe997db8c5abee95de5dc4ee60792db18f5a23cd9bbb3b301a321c22ce", "8a31b4848a103a3292bba78161cc402eee6b8d9e75b41258fc994411d2b9673f", "35853dfe6731d377efc7fbe049a6a2fc0d6cde89ad82b4a2968c8b118e8d2031", "eb35c000eeb1d368e452a6eef6c1d162b998228f41e4691c70ae97601e8e6442", "d337f1e65f568830654e5ea5c9990a73bff97a145c786e2f34aeb20e7dfc677a", "15c99d9e00084189cdb2abc12a57ffdea53ea181371b7d5bef30c7e91d881f38", "1f9fc37a1c9df0e760d8efc1a8671dc50d214bf55782c091ec382e2a36acc4db", "e30232cb5fe9d81f04d448df08ba8124278572cb9a26f623d103485e0a537c04", "b89daedb507a3beac6eca4e5065ffa9f1f50694f0cabeb8be1bc9a8970a49082", "b569fb0818fe4182279ce8c98a86e5be17caa84f17b296a2cf076af578526ad7", "943486d70b4bc860761c0db97a02ffc628c546527a97512ce96c8f431ab6724c", "f9d8e319c20af4a7ee83929537cdbd49e0e27db8e08bef506dbb6d879d807252", "c42dfe64f1735b6d4bfb09403d3456ff6138be8e58447f05028ddbbcf6b43613", "7e9b585b5bb50aec1f77132d85ac19cfcde0ff46341ceeb8dd17f558d111624a", "cd9884124884492086133dfad6156b7d8004cb189fef0e089a2b6129865ffc19", "037e63fa3cfd335313e3cb78d14b0e0a779c4da19a7646d75403858a879d70f9", "2808e6b2ebe3634f82b388f17e007478854ec366cb7fd09321b6ea128d3a2155", "ddfb6bf3328852fc6e73d7dcfbf2db696e085e8dda7757465f40aa8b32361152", "129bdda489f6349ec751d65c7ce8723941ed40d1ef1dd546371dccd597720ffc", "38b2606a56f63721f744eac093b50e2df5cd4b8cf6bef14ab4c8525a4b690255", "3ce95b260f730ebebc8cf735a23960164c98b4a542f7058b140e81ae9ad4baf7", "ea32abddea0da67213ee9022c45e5554e6b0187a43ca224e743a848c4f45e3b7", "ae01f0fd6f786159f0f3f26e90e05d3869fb190176090ac479a55c4d8988f954", "adb7fc1758cbfd9d2fa68357b54406efaeeb2cbb7a6beeed44a17ce2a0c16089", "3bcd9037e33d95aed6b24bc62ddcfcd5e0e33a88c067a068b3262b648f21b876", "e47dd4e61d7441fd7b9f1ad21dc1aafd9c03fdeb84db7a230c59b90d98a2841f", "b162f8d2ab92f50f9e18d60f462e36cbb5d7ec5bdd3d9015655ffc22c16aa0ab", "9abbdd26d5deb63881071512afd4081fc7513e1ab4c1cc77d285484a1610a59c", "b719a30f482e0c48982b91cc2575da1d57eedce245cac9844ada69722c4264f4", "580a08068b8283df49c7d47177f354794d2a0abbbf9774e81432ab5626db99cd", "37d74ffc805cb18b38b59dc6f1982e78ec5fb6d458373451779e23bd5f21e8c3", "203edf058978544a7df0461d63dd601475f37f8dbb27b9707065344e7e6ce8be", "654aa52ae3de9f6843f8b61c1344c884df121cf1fcb23848ab4d4c0079c370ef", "0fdec37e33050abc0186bcdac49c6e677fe22dd52174846a87d5b3135fdb7028", "b4a7534abef4ef11d117b35e73a0fbb0f1fcc6e9500cff101b9db5b2bf78f8e6", "19301e15ac811ffb6bd39380ca618f5c5fb1826e4bc52f6aa6967e00d62dc634", "584f53a8d11f2e3b7835a2aeaf0d42448dd064854d954c51eec6e0e4b17f80c1"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "pe-encrypted-section", "hashes": ["a98fb6e329c2046d296dccac5580f1bf2b8fd6186913deb9cddcafc09be0813c", "5317f8a165ff205a65635eec691450948e7846ef1a70bca64b03ff4f8523cd97", "91e17a189ddc9dfec52d8d36621c9e860b0dc025e2f77112196d0ecec2008332", "fa023caa3aebd699466398bae8c709d826e5c1a14718c969688854f28936d07f", "21ede0344d272a3a8a772dbdaadbacff83b522fcb01728965a8f29a4726358d9", "7e77d51383f33f8a97f0a5d05fbe82c4d6d143bbae5a65f4866ead944cff3560", "8d96be2882017859c132e29135bfa8389fc518c7a8fa115987cb81ab8ee58399", "437b4e98592df3aa97453cd91bc42554c4e7d22f57eb72acd30399aab9f8ed7e", "33c027dc736af58e3cf4d9bd76abbbfc6adf461e1d942db0d0f7d06b513c8c94", "e51930227c1f303ca6b34fa94170d81f0512165ff7308526f5c68197f347e2cb", "ed9206075e59643ee7f26257e1acb9f53c1758fd53cdfa269e5323f686a1c5d3", "3bc94f387e5e1118773d9ab986039115bf9038f9262da84e0691ecb3334462aa", "0fd02c1cf5e471eccd229ab0534077e3dda91308acbaa6b4e8a15d4fc97b6b98", "af3ef5a49e1b5a7e2c0f099a0522ec94a8f520456d2631166f3ec0210d82d022", "06577101079df0a09060e0eb44b8c6eda8255f138ed3c5af2b669039567f51c5", "aa3c2568af4df9ecf3b4f11a25d50996a0f6005cddd38388f1190d3db8acfd4e", "9a1c47f337e892d67effafa70018fe9cf0e56d0c51a019989a97245e75d0be3d", "c1935ad5839cafe73c88f081d513b45379190e02395d8022c702b7472374b710", "6a38e36c3c79a10d84b1df2a28b6fc3c650bd2799b8ab2ce5e869ecf5e7ee92c", "bcb99f7cd04b670f21c60f63ff3549197affb1efa90ec9c00702540d581fee7f", "f68c5d2b029a43c0a265012f51f77dc0ba6dd72a44c3457606a600a9b08359d1", "b5e74f86d3d81801831504919301322a5bf66fbaad05153cb0d6607b0734131f", "3d426b7064f1d2dd537433dd263cbc3f049f3a01261e4f1e93d9dbbd9689d3e4", "4e7b0a65c1c022ac01703abcd924b9430289ad2fd0739b4d840eb32dcaf63258", "dc4e4a4900ac37937edeb3eae99d639bea6bac21ed34c54a9ab0b916fb556167", "0529bd46932a20e14da07133bd2614e7f81ef08a6ad26764ef9d732dd4988e35", "db9506aeffa9157c1e3a3f0a9852a96222d4b4c3b6937c2b1cb4ea5a10c2be4b", "94281f5e13a94a424a2704cfd6f5db503f8fc1d8753edd7b88a1b72d2c9c75ef", "7554e314af227056d5b542909815beb58fe0a2ca50b406d18e1263e04f5d91f3", "10362bfd9ff8f18e62e3820f517a90a157b6fa7a546a8c8f5f6130dfdd3de88b", "0fd57d56f1a5aa99eb20e4d15a31363292ead1d949734cc54570c9bb3fd53d03", "71a988b2ace69974a4e85a98621b8782decdb5255ff499fb04fb69882cc54312", "6830b989159440052c7fb38c5a78edd1cf3574b33e9d4e25863a8280d7249b11", "284e151ec6597ce6ccc0fb1848d44177bdb351ee0ad00b360014ea7ac5a31d84", "9ee10a8a4ae234cda9f7c4d329142208d8b638269143be2ac4ea10071c21d0b5", "64b287518fbff6bdf964537422e415bcb3435dc73fa98e767f6df01b8d092f5f", "072fa77729d844c920070ee8185d91d404c65892bd3ec3324473ad0155b68988", "ef1b63884af89306dabf230b9c25410dac0c26c974083d1d2a0ddd2d201cd6a3", "7a5307616f8987e9e9991b4b3b0c9a50daeb18947426bc010f3e043ae1ffe658", "6971cad8f0b8e9de3bb406ec10956e0ee095a47d127c7b245379fdd66cf5f32e", "514670325741ff21596e562511ff1e7ad12b7a627cdbeedc67b93ed44f3e732e", "0f074c20be427e86895db557908d85e833b1c2b1a765ea17bf9d1dcd77aa1ad1", "060fb684fd152f2546906c5b85485c24d4e94c7b5e8b93458097d7014154ccc9", "00ec05a0fd4ccd413e28f89d1443089eda2e50becdc97e2b44a6e74c55d65fb8", "8df01a08896f45bf84ba3bfe6d0b1bf7539bc00a71794e4126502c1650cb593e", "757fbdc22c3a597eb40bca8f50f71d0bc59d874bbadee0709a7d3d7631896626", "42ee13d14f840858d94c7e8712c75455bc6828b65d02d2c798f8e304348bd21d", "3445899a37c24d910f0f91f4a330c26054f3f0018b6c44fe619fe4887673786a", "1f159d6772407b57400c1d524b97415f66134673ffd8b07c0fe123addea75f90", "bc225ff15a0644c18094284c4e502f3ecbddb86fed694631326856f0ed0164e7", "478c99de0dcee5ab3da347112b287cdae59780f1cc2f5c5d01e646d8d927474d", "55cf600f0eac84ea1af8fcbb602d59e00498c86ae3b3221f63eb7506904e31e1", "3ca55dfb0daf326b2f643596c081276febf119e8da00f9d7d027a877b9b143d0", "f3efbedbcdf30498ed948c6bb1aec6107c76a95bd5000fb9b52766253bd6ee3d", "722fab49e11fffd69225bbb0590fd8fc5091d4ea4ed2d3619e1ffb8dca0f1759", "61d0f5e6ab7147b59153a2f446d5778ec04ce7b351f2e0a0669c7a82bb89d1db", "e3faa862cfacce2dd526f90a5112ca645985c8f9edb6ed0b2012523c66c14a32", "b393780f6b168798953a8d3b2f2a859d042b60d8a013a2385238587f175b9abc", "a7da8ed5b35cbf0ce2d235e2520d394186740963d0f4649e8ccb684653759f30", "82332488e17daa5917aafb06e4fe1854f960a3d01f7fec85ba50cd2fc63b35a8", "e3b5ce6842c8fa2c1037d58aa4a1424fa4089b39755e2b00c575f948e2b89c40", "37916ebe997db8c5abee95de5dc4ee60792db18f5a23cd9bbb3b301a321c22ce", "f626d6e4f4e421aa380caa10bdda4f2624dad2bbfbeb187732207f3d4c1926f5", "38f3433e21eeb74aa9de3987c9842a7a3b09b0947c0c2fad548d2c9a1146d18d", "9e5b5e4619da2e44f2915dfdfb14c57c82580299ab11c8214a081264fdd44acc", "75c507c6bb4c61e97e17ac9c16ae13d9ab6ad934a6ea1962ef014bc0ec607e89", "15c99d9e00084189cdb2abc12a57ffdea53ea181371b7d5bef30c7e91d881f38", "cd9884124884492086133dfad6156b7d8004cb189fef0e089a2b6129865ffc19", "037e63fa3cfd335313e3cb78d14b0e0a779c4da19a7646d75403858a879d70f9", "2808e6b2ebe3634f82b388f17e007478854ec366cb7fd09321b6ea128d3a2155", "e01baa616f8863c33bffa3c10b970766af4aad3b5b666d0e0b50e7ef7cf55446", "ddfb6bf3328852fc6e73d7dcfbf2db696e085e8dda7757465f40aa8b32361152", "ef50489388dd956bb36ec5d29e869337e66417cf8cbc47207411a7027c8598ee", "129bdda489f6349ec751d65c7ce8723941ed40d1ef1dd546371dccd597720ffc", "38b2606a56f63721f744eac093b50e2df5cd4b8cf6bef14ab4c8525a4b690255", "3660b8b6775b3cb51e02de69df3ea7e7d33e416ff18dcb383bbfd9832b6f58c2", "b162f8d2ab92f50f9e18d60f462e36cbb5d7ec5bdd3d9015655ffc22c16aa0ab", "0e331f718ab1b3f3fab012b47f555ed2c3e14f751c833f280c0dd822cd18a1c6", "295a3be41b49bd5eacd29948c45be6df94a787c7873c9f73779f6cc473b2d088", "eecbd7df302c9040d47f66e3c76d2a4f06a20a960b5eb283787ee210550ac6c9", "37d74ffc805cb18b38b59dc6f1982e78ec5fb6d458373451779e23bd5f21e8c3", "203edf058978544a7df0461d63dd601475f37f8dbb27b9707065344e7e6ce8be", "19301e15ac811ffb6bd39380ca618f5c5fb1826e4bc52f6aa6967e00d62dc634"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "registry-autorun-key-modified", "hashes": ["a98fb6e329c2046d296dccac5580f1bf2b8fd6186913deb9cddcafc09be0813c", "5317f8a165ff205a65635eec691450948e7846ef1a70bca64b03ff4f8523cd97", "91e17a189ddc9dfec52d8d36621c9e860b0dc025e2f77112196d0ecec2008332", "fa023caa3aebd699466398bae8c709d826e5c1a14718c969688854f28936d07f", "21ede0344d272a3a8a772dbdaadbacff83b522fcb01728965a8f29a4726358d9", "7e77d51383f33f8a97f0a5d05fbe82c4d6d143bbae5a65f4866ead944cff3560", "8d96be2882017859c132e29135bfa8389fc518c7a8fa115987cb81ab8ee58399", "437b4e98592df3aa97453cd91bc42554c4e7d22f57eb72acd30399aab9f8ed7e", "33c027dc736af58e3cf4d9bd76abbbfc6adf461e1d942db0d0f7d06b513c8c94", "e51930227c1f303ca6b34fa94170d81f0512165ff7308526f5c68197f347e2cb", "ed9206075e59643ee7f26257e1acb9f53c1758fd53cdfa269e5323f686a1c5d3", "3bc94f387e5e1118773d9ab986039115bf9038f9262da84e0691ecb3334462aa", "0fd02c1cf5e471eccd229ab0534077e3dda91308acbaa6b4e8a15d4fc97b6b98", "af3ef5a49e1b5a7e2c0f099a0522ec94a8f520456d2631166f3ec0210d82d022", "06577101079df0a09060e0eb44b8c6eda8255f138ed3c5af2b669039567f51c5", "aa3c2568af4df9ecf3b4f11a25d50996a0f6005cddd38388f1190d3db8acfd4e", "9a1c47f337e892d67effafa70018fe9cf0e56d0c51a019989a97245e75d0be3d", "c1935ad5839cafe73c88f081d513b45379190e02395d8022c702b7472374b710", "6a38e36c3c79a10d84b1df2a28b6fc3c650bd2799b8ab2ce5e869ecf5e7ee92c", "bcb99f7cd04b670f21c60f63ff3549197affb1efa90ec9c00702540d581fee7f", "f68c5d2b029a43c0a265012f51f77dc0ba6dd72a44c3457606a600a9b08359d1", "b5e74f86d3d81801831504919301322a5bf66fbaad05153cb0d6607b0734131f", "3d426b7064f1d2dd537433dd263cbc3f049f3a01261e4f1e93d9dbbd9689d3e4", "4e7b0a65c1c022ac01703abcd924b9430289ad2fd0739b4d840eb32dcaf63258", "dc4e4a4900ac37937edeb3eae99d639bea6bac21ed34c54a9ab0b916fb556167", "0529bd46932a20e14da07133bd2614e7f81ef08a6ad26764ef9d732dd4988e35", "db9506aeffa9157c1e3a3f0a9852a96222d4b4c3b6937c2b1cb4ea5a10c2be4b", "94281f5e13a94a424a2704cfd6f5db503f8fc1d8753edd7b88a1b72d2c9c75ef", "7554e314af227056d5b542909815beb58fe0a2ca50b406d18e1263e04f5d91f3", "10362bfd9ff8f18e62e3820f517a90a157b6fa7a546a8c8f5f6130dfdd3de88b", "0fd57d56f1a5aa99eb20e4d15a31363292ead1d949734cc54570c9bb3fd53d03", "71a988b2ace69974a4e85a98621b8782decdb5255ff499fb04fb69882cc54312", "6830b989159440052c7fb38c5a78edd1cf3574b33e9d4e25863a8280d7249b11", "284e151ec6597ce6ccc0fb1848d44177bdb351ee0ad00b360014ea7ac5a31d84", "9ee10a8a4ae234cda9f7c4d329142208d8b638269143be2ac4ea10071c21d0b5", "64b287518fbff6bdf964537422e415bcb3435dc73fa98e767f6df01b8d092f5f", "072fa77729d844c920070ee8185d91d404c65892bd3ec3324473ad0155b68988", "ef1b63884af89306dabf230b9c25410dac0c26c974083d1d2a0ddd2d201cd6a3", "7a5307616f8987e9e9991b4b3b0c9a50daeb18947426bc010f3e043ae1ffe658", "6971cad8f0b8e9de3bb406ec10956e0ee095a47d127c7b245379fdd66cf5f32e", "514670325741ff21596e562511ff1e7ad12b7a627cdbeedc67b93ed44f3e732e", "0f074c20be427e86895db557908d85e833b1c2b1a765ea17bf9d1dcd77aa1ad1", "060fb684fd152f2546906c5b85485c24d4e94c7b5e8b93458097d7014154ccc9", "00ec05a0fd4ccd413e28f89d1443089eda2e50becdc97e2b44a6e74c55d65fb8", "8df01a08896f45bf84ba3bfe6d0b1bf7539bc00a71794e4126502c1650cb593e", "757fbdc22c3a597eb40bca8f50f71d0bc59d874bbadee0709a7d3d7631896626", "42ee13d14f840858d94c7e8712c75455bc6828b65d02d2c798f8e304348bd21d", "3445899a37c24d910f0f91f4a330c26054f3f0018b6c44fe619fe4887673786a", "1f159d6772407b57400c1d524b97415f66134673ffd8b07c0fe123addea75f90", "bc225ff15a0644c18094284c4e502f3ecbddb86fed694631326856f0ed0164e7", "478c99de0dcee5ab3da347112b287cdae59780f1cc2f5c5d01e646d8d927474d", "55cf600f0eac84ea1af8fcbb602d59e00498c86ae3b3221f63eb7506904e31e1", "3ca55dfb0daf326b2f643596c081276febf119e8da00f9d7d027a877b9b143d0", "f3efbedbcdf30498ed948c6bb1aec6107c76a95bd5000fb9b52766253bd6ee3d", "722fab49e11fffd69225bbb0590fd8fc5091d4ea4ed2d3619e1ffb8dca0f1759", "a7da8ed5b35cbf0ce2d235e2520d394186740963d0f4649e8ccb684653759f30", "baeadc69299f16afc9cddaf010a8dcec6e4ab739ea880d3f3f2e39dc5c4f1f6f", "bd68e7d7a9005e82fcf9ee806d780da54dcb12deee112b868e70c897eaae495e", "35752610b7219f53b5a5de2448f0a60175abe48204384ee55ac898dcb95dea66", "8a31b4848a103a3292bba78161cc402eee6b8d9e75b41258fc994411d2b9673f", "35853dfe6731d377efc7fbe049a6a2fc0d6cde89ad82b4a2968c8b118e8d2031", "eb35c000eeb1d368e452a6eef6c1d162b998228f41e4691c70ae97601e8e6442", "e30232cb5fe9d81f04d448df08ba8124278572cb9a26f623d103485e0a537c04", "b89daedb507a3beac6eca4e5065ffa9f1f50694f0cabeb8be1bc9a8970a49082", "b569fb0818fe4182279ce8c98a86e5be17caa84f17b296a2cf076af578526ad7", "943486d70b4bc860761c0db97a02ffc628c546527a97512ce96c8f431ab6724c", "f9d8e319c20af4a7ee83929537cdbd49e0e27db8e08bef506dbb6d879d807252", "c42dfe64f1735b6d4bfb09403d3456ff6138be8e58447f05028ddbbcf6b43613", "7e9b585b5bb50aec1f77132d85ac19cfcde0ff46341ceeb8dd17f558d111624a", "cd9884124884492086133dfad6156b7d8004cb189fef0e089a2b6129865ffc19", "037e63fa3cfd335313e3cb78d14b0e0a779c4da19a7646d75403858a879d70f9", "129bdda489f6349ec751d65c7ce8723941ed40d1ef1dd546371dccd597720ffc", "ea32abddea0da67213ee9022c45e5554e6b0187a43ca224e743a848c4f45e3b7", "3bcd9037e33d95aed6b24bc62ddcfcd5e0e33a88c067a068b3262b648f21b876", "e47dd4e61d7441fd7b9f1ad21dc1aafd9c03fdeb84db7a230c59b90d98a2841f", "b719a30f482e0c48982b91cc2575da1d57eedce245cac9844ada69722c4264f4", "580a08068b8283df49c7d47177f354794d2a0abbbf9774e81432ab5626db99cd", "37d74ffc805cb18b38b59dc6f1982e78ec5fb6d458373451779e23bd5f21e8c3", "654aa52ae3de9f6843f8b61c1344c884df121cf1fcb23848ab4d4c0079c370ef", "b4a7534abef4ef11d117b35e73a0fbb0f1fcc6e9500cff101b9db5b2bf78f8e6", "584f53a8d11f2e3b7835a2aeaf0d42448dd064854d954c51eec6e0e4b17f80c1"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "modified-executable", "hashes": ["a98fb6e329c2046d296dccac5580f1bf2b8fd6186913deb9cddcafc09be0813c", "5317f8a165ff205a65635eec691450948e7846ef1a70bca64b03ff4f8523cd97", "91e17a189ddc9dfec52d8d36621c9e860b0dc025e2f77112196d0ecec2008332", "fa023caa3aebd699466398bae8c709d826e5c1a14718c969688854f28936d07f", "21ede0344d272a3a8a772dbdaadbacff83b522fcb01728965a8f29a4726358d9", "7e77d51383f33f8a97f0a5d05fbe82c4d6d143bbae5a65f4866ead944cff3560", "8d96be2882017859c132e29135bfa8389fc518c7a8fa115987cb81ab8ee58399", "437b4e98592df3aa97453cd91bc42554c4e7d22f57eb72acd30399aab9f8ed7e", "e51930227c1f303ca6b34fa94170d81f0512165ff7308526f5c68197f347e2cb", "ed9206075e59643ee7f26257e1acb9f53c1758fd53cdfa269e5323f686a1c5d3", "3bc94f387e5e1118773d9ab986039115bf9038f9262da84e0691ecb3334462aa", "0fd02c1cf5e471eccd229ab0534077e3dda91308acbaa6b4e8a15d4fc97b6b98", "af3ef5a49e1b5a7e2c0f099a0522ec94a8f520456d2631166f3ec0210d82d022", "06577101079df0a09060e0eb44b8c6eda8255f138ed3c5af2b669039567f51c5", "aa3c2568af4df9ecf3b4f11a25d50996a0f6005cddd38388f1190d3db8acfd4e", "9a1c47f337e892d67effafa70018fe9cf0e56d0c51a019989a97245e75d0be3d", "c1935ad5839cafe73c88f081d513b45379190e02395d8022c702b7472374b710", "6a38e36c3c79a10d84b1df2a28b6fc3c650bd2799b8ab2ce5e869ecf5e7ee92c", "bcb99f7cd04b670f21c60f63ff3549197affb1efa90ec9c00702540d581fee7f", "f68c5d2b029a43c0a265012f51f77dc0ba6dd72a44c3457606a600a9b08359d1", "b5e74f86d3d81801831504919301322a5bf66fbaad05153cb0d6607b0734131f", "3d426b7064f1d2dd537433dd263cbc3f049f3a01261e4f1e93d9dbbd9689d3e4", "4e7b0a65c1c022ac01703abcd924b9430289ad2fd0739b4d840eb32dcaf63258", "dc4e4a4900ac37937edeb3eae99d639bea6bac21ed34c54a9ab0b916fb556167", "0529bd46932a20e14da07133bd2614e7f81ef08a6ad26764ef9d732dd4988e35", "db9506aeffa9157c1e3a3f0a9852a96222d4b4c3b6937c2b1cb4ea5a10c2be4b", "94281f5e13a94a424a2704cfd6f5db503f8fc1d8753edd7b88a1b72d2c9c75ef", "7554e314af227056d5b542909815beb58fe0a2ca50b406d18e1263e04f5d91f3", "10362bfd9ff8f18e62e3820f517a90a157b6fa7a546a8c8f5f6130dfdd3de88b", "0fd57d56f1a5aa99eb20e4d15a31363292ead1d949734cc54570c9bb3fd53d03", "71a988b2ace69974a4e85a98621b8782decdb5255ff499fb04fb69882cc54312", "6830b989159440052c7fb38c5a78edd1cf3574b33e9d4e25863a8280d7249b11", "284e151ec6597ce6ccc0fb1848d44177bdb351ee0ad00b360014ea7ac5a31d84", "9ee10a8a4ae234cda9f7c4d329142208d8b638269143be2ac4ea10071c21d0b5", "64b287518fbff6bdf964537422e415bcb3435dc73fa98e767f6df01b8d092f5f", "072fa77729d844c920070ee8185d91d404c65892bd3ec3324473ad0155b68988", "ef1b63884af89306dabf230b9c25410dac0c26c974083d1d2a0ddd2d201cd6a3", "7a5307616f8987e9e9991b4b3b0c9a50daeb18947426bc010f3e043ae1ffe658", "6971cad8f0b8e9de3bb406ec10956e0ee095a47d127c7b245379fdd66cf5f32e", "514670325741ff21596e562511ff1e7ad12b7a627cdbeedc67b93ed44f3e732e", "0f074c20be427e86895db557908d85e833b1c2b1a765ea17bf9d1dcd77aa1ad1", "060fb684fd152f2546906c5b85485c24d4e94c7b5e8b93458097d7014154ccc9", "00ec05a0fd4ccd413e28f89d1443089eda2e50becdc97e2b44a6e74c55d65fb8", "8df01a08896f45bf84ba3bfe6d0b1bf7539bc00a71794e4126502c1650cb593e", "757fbdc22c3a597eb40bca8f50f71d0bc59d874bbadee0709a7d3d7631896626", "42ee13d14f840858d94c7e8712c75455bc6828b65d02d2c798f8e304348bd21d", "3445899a37c24d910f0f91f4a330c26054f3f0018b6c44fe619fe4887673786a", "1f159d6772407b57400c1d524b97415f66134673ffd8b07c0fe123addea75f90", "bc225ff15a0644c18094284c4e502f3ecbddb86fed694631326856f0ed0164e7", "478c99de0dcee5ab3da347112b287cdae59780f1cc2f5c5d01e646d8d927474d", "55cf600f0eac84ea1af8fcbb602d59e00498c86ae3b3221f63eb7506904e31e1", "3ca55dfb0daf326b2f643596c081276febf119e8da00f9d7d027a877b9b143d0", "f3efbedbcdf30498ed948c6bb1aec6107c76a95bd5000fb9b52766253bd6ee3d", "a7da8ed5b35cbf0ce2d235e2520d394186740963d0f4649e8ccb684653759f30", "baeadc69299f16afc9cddaf010a8dcec6e4ab739ea880d3f3f2e39dc5c4f1f6f", "bd68e7d7a9005e82fcf9ee806d780da54dcb12deee112b868e70c897eaae495e", "35752610b7219f53b5a5de2448f0a60175abe48204384ee55ac898dcb95dea66", "8a31b4848a103a3292bba78161cc402eee6b8d9e75b41258fc994411d2b9673f", "e30232cb5fe9d81f04d448df08ba8124278572cb9a26f623d103485e0a537c04", "b89daedb507a3beac6eca4e5065ffa9f1f50694f0cabeb8be1bc9a8970a49082", "b569fb0818fe4182279ce8c98a86e5be17caa84f17b296a2cf076af578526ad7", "943486d70b4bc860761c0db97a02ffc628c546527a97512ce96c8f431ab6724c", "f9d8e319c20af4a7ee83929537cdbd49e0e27db8e08bef506dbb6d879d807252", "c42dfe64f1735b6d4bfb09403d3456ff6138be8e58447f05028ddbbcf6b43613", "7e9b585b5bb50aec1f77132d85ac19cfcde0ff46341ceeb8dd17f558d111624a", "cd9884124884492086133dfad6156b7d8004cb189fef0e089a2b6129865ffc19", "037e63fa3cfd335313e3cb78d14b0e0a779c4da19a7646d75403858a879d70f9", "129bdda489f6349ec751d65c7ce8723941ed40d1ef1dd546371dccd597720ffc", "38b2606a56f63721f744eac093b50e2df5cd4b8cf6bef14ab4c8525a4b690255", "ea32abddea0da67213ee9022c45e5554e6b0187a43ca224e743a848c4f45e3b7", "3bcd9037e33d95aed6b24bc62ddcfcd5e0e33a88c067a068b3262b648f21b876", "e47dd4e61d7441fd7b9f1ad21dc1aafd9c03fdeb84db7a230c59b90d98a2841f", "b719a30f482e0c48982b91cc2575da1d57eedce245cac9844ada69722c4264f4", "580a08068b8283df49c7d47177f354794d2a0abbbf9774e81432ab5626db99cd", "37d74ffc805cb18b38b59dc6f1982e78ec5fb6d458373451779e23bd5f21e8c3", "654aa52ae3de9f6843f8b61c1344c884df121cf1fcb23848ab4d4c0079c370ef", "b4a7534abef4ef11d117b35e73a0fbb0f1fcc6e9500cff101b9db5b2bf78f8e6"], "mitre_attack_tags": []}, {"bi": "created-executable-in-user-dir", "hashes": ["a98fb6e329c2046d296dccac5580f1bf2b8fd6186913deb9cddcafc09be0813c", "5317f8a165ff205a65635eec691450948e7846ef1a70bca64b03ff4f8523cd97", "91e17a189ddc9dfec52d8d36621c9e860b0dc025e2f77112196d0ecec2008332", "fa023caa3aebd699466398bae8c709d826e5c1a14718c969688854f28936d07f", "21ede0344d272a3a8a772dbdaadbacff83b522fcb01728965a8f29a4726358d9", "7e77d51383f33f8a97f0a5d05fbe82c4d6d143bbae5a65f4866ead944cff3560", "8d96be2882017859c132e29135bfa8389fc518c7a8fa115987cb81ab8ee58399", "437b4e98592df3aa97453cd91bc42554c4e7d22f57eb72acd30399aab9f8ed7e", "e51930227c1f303ca6b34fa94170d81f0512165ff7308526f5c68197f347e2cb", "ed9206075e59643ee7f26257e1acb9f53c1758fd53cdfa269e5323f686a1c5d3", "3bc94f387e5e1118773d9ab986039115bf9038f9262da84e0691ecb3334462aa", "0fd02c1cf5e471eccd229ab0534077e3dda91308acbaa6b4e8a15d4fc97b6b98", "af3ef5a49e1b5a7e2c0f099a0522ec94a8f520456d2631166f3ec0210d82d022", "06577101079df0a09060e0eb44b8c6eda8255f138ed3c5af2b669039567f51c5", "aa3c2568af4df9ecf3b4f11a25d50996a0f6005cddd38388f1190d3db8acfd4e", "9a1c47f337e892d67effafa70018fe9cf0e56d0c51a019989a97245e75d0be3d", "c1935ad5839cafe73c88f081d513b45379190e02395d8022c702b7472374b710", "6a38e36c3c79a10d84b1df2a28b6fc3c650bd2799b8ab2ce5e869ecf5e7ee92c", "bcb99f7cd04b670f21c60f63ff3549197affb1efa90ec9c00702540d581fee7f", "f68c5d2b029a43c0a265012f51f77dc0ba6dd72a44c3457606a600a9b08359d1", "b5e74f86d3d81801831504919301322a5bf66fbaad05153cb0d6607b0734131f", "3d426b7064f1d2dd537433dd263cbc3f049f3a01261e4f1e93d9dbbd9689d3e4", "4e7b0a65c1c022ac01703abcd924b9430289ad2fd0739b4d840eb32dcaf63258", "dc4e4a4900ac37937edeb3eae99d639bea6bac21ed34c54a9ab0b916fb556167", "0529bd46932a20e14da07133bd2614e7f81ef08a6ad26764ef9d732dd4988e35", "db9506aeffa9157c1e3a3f0a9852a96222d4b4c3b6937c2b1cb4ea5a10c2be4b", "94281f5e13a94a424a2704cfd6f5db503f8fc1d8753edd7b88a1b72d2c9c75ef", "7554e314af227056d5b542909815beb58fe0a2ca50b406d18e1263e04f5d91f3", "10362bfd9ff8f18e62e3820f517a90a157b6fa7a546a8c8f5f6130dfdd3de88b", "0fd57d56f1a5aa99eb20e4d15a31363292ead1d949734cc54570c9bb3fd53d03", "71a988b2ace69974a4e85a98621b8782decdb5255ff499fb04fb69882cc54312", "6830b989159440052c7fb38c5a78edd1cf3574b33e9d4e25863a8280d7249b11", "284e151ec6597ce6ccc0fb1848d44177bdb351ee0ad00b360014ea7ac5a31d84", "9ee10a8a4ae234cda9f7c4d329142208d8b638269143be2ac4ea10071c21d0b5", "64b287518fbff6bdf964537422e415bcb3435dc73fa98e767f6df01b8d092f5f", "072fa77729d844c920070ee8185d91d404c65892bd3ec3324473ad0155b68988", "ef1b63884af89306dabf230b9c25410dac0c26c974083d1d2a0ddd2d201cd6a3", "7a5307616f8987e9e9991b4b3b0c9a50daeb18947426bc010f3e043ae1ffe658", "6971cad8f0b8e9de3bb406ec10956e0ee095a47d127c7b245379fdd66cf5f32e", "514670325741ff21596e562511ff1e7ad12b7a627cdbeedc67b93ed44f3e732e", "0f074c20be427e86895db557908d85e833b1c2b1a765ea17bf9d1dcd77aa1ad1", "060fb684fd152f2546906c5b85485c24d4e94c7b5e8b93458097d7014154ccc9", "00ec05a0fd4ccd413e28f89d1443089eda2e50becdc97e2b44a6e74c55d65fb8", "8df01a08896f45bf84ba3bfe6d0b1bf7539bc00a71794e4126502c1650cb593e", "757fbdc22c3a597eb40bca8f50f71d0bc59d874bbadee0709a7d3d7631896626", "42ee13d14f840858d94c7e8712c75455bc6828b65d02d2c798f8e304348bd21d", "3445899a37c24d910f0f91f4a330c26054f3f0018b6c44fe619fe4887673786a", "1f159d6772407b57400c1d524b97415f66134673ffd8b07c0fe123addea75f90", "bc225ff15a0644c18094284c4e502f3ecbddb86fed694631326856f0ed0164e7", "478c99de0dcee5ab3da347112b287cdae59780f1cc2f5c5d01e646d8d927474d", "55cf600f0eac84ea1af8fcbb602d59e00498c86ae3b3221f63eb7506904e31e1", "3ca55dfb0daf326b2f643596c081276febf119e8da00f9d7d027a877b9b143d0", "f3efbedbcdf30498ed948c6bb1aec6107c76a95bd5000fb9b52766253bd6ee3d", "a7da8ed5b35cbf0ce2d235e2520d394186740963d0f4649e8ccb684653759f30", "35752610b7219f53b5a5de2448f0a60175abe48204384ee55ac898dcb95dea66", "8a31b4848a103a3292bba78161cc402eee6b8d9e75b41258fc994411d2b9673f", "d83b387414319ce8d132672b5311c057852ff413683c0fe49d752bdb147237f8", "b89daedb507a3beac6eca4e5065ffa9f1f50694f0cabeb8be1bc9a8970a49082", "943486d70b4bc860761c0db97a02ffc628c546527a97512ce96c8f431ab6724c", "f9d8e319c20af4a7ee83929537cdbd49e0e27db8e08bef506dbb6d879d807252", "c42dfe64f1735b6d4bfb09403d3456ff6138be8e58447f05028ddbbcf6b43613", "7e9b585b5bb50aec1f77132d85ac19cfcde0ff46341ceeb8dd17f558d111624a", "cd9884124884492086133dfad6156b7d8004cb189fef0e089a2b6129865ffc19", "037e63fa3cfd335313e3cb78d14b0e0a779c4da19a7646d75403858a879d70f9", "129bdda489f6349ec751d65c7ce8723941ed40d1ef1dd546371dccd597720ffc", "38b2606a56f63721f744eac093b50e2df5cd4b8cf6bef14ab4c8525a4b690255", "ea32abddea0da67213ee9022c45e5554e6b0187a43ca224e743a848c4f45e3b7", "e47dd4e61d7441fd7b9f1ad21dc1aafd9c03fdeb84db7a230c59b90d98a2841f", "b719a30f482e0c48982b91cc2575da1d57eedce245cac9844ada69722c4264f4", "37d74ffc805cb18b38b59dc6f1982e78ec5fb6d458373451779e23bd5f21e8c3", "654aa52ae3de9f6843f8b61c1344c884df121cf1fcb23848ab4d4c0079c370ef", "b4a7534abef4ef11d117b35e73a0fbb0f1fcc6e9500cff101b9db5b2bf78f8e6"], "mitre_attack_tags": []}, {"bi": "modified-file-in-user-dir", "hashes": ["a98fb6e329c2046d296dccac5580f1bf2b8fd6186913deb9cddcafc09be0813c", "5317f8a165ff205a65635eec691450948e7846ef1a70bca64b03ff4f8523cd97", "91e17a189ddc9dfec52d8d36621c9e860b0dc025e2f77112196d0ecec2008332", "fa023caa3aebd699466398bae8c709d826e5c1a14718c969688854f28936d07f", "21ede0344d272a3a8a772dbdaadbacff83b522fcb01728965a8f29a4726358d9", "7e77d51383f33f8a97f0a5d05fbe82c4d6d143bbae5a65f4866ead944cff3560", "8d96be2882017859c132e29135bfa8389fc518c7a8fa115987cb81ab8ee58399", "437b4e98592df3aa97453cd91bc42554c4e7d22f57eb72acd30399aab9f8ed7e", "e51930227c1f303ca6b34fa94170d81f0512165ff7308526f5c68197f347e2cb", "ed9206075e59643ee7f26257e1acb9f53c1758fd53cdfa269e5323f686a1c5d3", "3bc94f387e5e1118773d9ab986039115bf9038f9262da84e0691ecb3334462aa", "0fd02c1cf5e471eccd229ab0534077e3dda91308acbaa6b4e8a15d4fc97b6b98", "af3ef5a49e1b5a7e2c0f099a0522ec94a8f520456d2631166f3ec0210d82d022", "06577101079df0a09060e0eb44b8c6eda8255f138ed3c5af2b669039567f51c5", "aa3c2568af4df9ecf3b4f11a25d50996a0f6005cddd38388f1190d3db8acfd4e", "9a1c47f337e892d67effafa70018fe9cf0e56d0c51a019989a97245e75d0be3d", "c1935ad5839cafe73c88f081d513b45379190e02395d8022c702b7472374b710", "6a38e36c3c79a10d84b1df2a28b6fc3c650bd2799b8ab2ce5e869ecf5e7ee92c", "bcb99f7cd04b670f21c60f63ff3549197affb1efa90ec9c00702540d581fee7f", "f68c5d2b029a43c0a265012f51f77dc0ba6dd72a44c3457606a600a9b08359d1", "b5e74f86d3d81801831504919301322a5bf66fbaad05153cb0d6607b0734131f", "3d426b7064f1d2dd537433dd263cbc3f049f3a01261e4f1e93d9dbbd9689d3e4", "4e7b0a65c1c022ac01703abcd924b9430289ad2fd0739b4d840eb32dcaf63258", "dc4e4a4900ac37937edeb3eae99d639bea6bac21ed34c54a9ab0b916fb556167", "0529bd46932a20e14da07133bd2614e7f81ef08a6ad26764ef9d732dd4988e35", "db9506aeffa9157c1e3a3f0a9852a96222d4b4c3b6937c2b1cb4ea5a10c2be4b", "94281f5e13a94a424a2704cfd6f5db503f8fc1d8753edd7b88a1b72d2c9c75ef", "7554e314af227056d5b542909815beb58fe0a2ca50b406d18e1263e04f5d91f3", "10362bfd9ff8f18e62e3820f517a90a157b6fa7a546a8c8f5f6130dfdd3de88b", "0fd57d56f1a5aa99eb20e4d15a31363292ead1d949734cc54570c9bb3fd53d03", "71a988b2ace69974a4e85a98621b8782decdb5255ff499fb04fb69882cc54312", "6830b989159440052c7fb38c5a78edd1cf3574b33e9d4e25863a8280d7249b11", "284e151ec6597ce6ccc0fb1848d44177bdb351ee0ad00b360014ea7ac5a31d84", "9ee10a8a4ae234cda9f7c4d329142208d8b638269143be2ac4ea10071c21d0b5", "64b287518fbff6bdf964537422e415bcb3435dc73fa98e767f6df01b8d092f5f", "072fa77729d844c920070ee8185d91d404c65892bd3ec3324473ad0155b68988", "ef1b63884af89306dabf230b9c25410dac0c26c974083d1d2a0ddd2d201cd6a3", "7a5307616f8987e9e9991b4b3b0c9a50daeb18947426bc010f3e043ae1ffe658", "6971cad8f0b8e9de3bb406ec10956e0ee095a47d127c7b245379fdd66cf5f32e", "514670325741ff21596e562511ff1e7ad12b7a627cdbeedc67b93ed44f3e732e", "0f074c20be427e86895db557908d85e833b1c2b1a765ea17bf9d1dcd77aa1ad1", "060fb684fd152f2546906c5b85485c24d4e94c7b5e8b93458097d7014154ccc9", "00ec05a0fd4ccd413e28f89d1443089eda2e50becdc97e2b44a6e74c55d65fb8", "8df01a08896f45bf84ba3bfe6d0b1bf7539bc00a71794e4126502c1650cb593e", "757fbdc22c3a597eb40bca8f50f71d0bc59d874bbadee0709a7d3d7631896626", "42ee13d14f840858d94c7e8712c75455bc6828b65d02d2c798f8e304348bd21d", "3445899a37c24d910f0f91f4a330c26054f3f0018b6c44fe619fe4887673786a", "1f159d6772407b57400c1d524b97415f66134673ffd8b07c0fe123addea75f90", "bc225ff15a0644c18094284c4e502f3ecbddb86fed694631326856f0ed0164e7", "478c99de0dcee5ab3da347112b287cdae59780f1cc2f5c5d01e646d8d927474d", "55cf600f0eac84ea1af8fcbb602d59e00498c86ae3b3221f63eb7506904e31e1", "3ca55dfb0daf326b2f643596c081276febf119e8da00f9d7d027a877b9b143d0", "f3efbedbcdf30498ed948c6bb1aec6107c76a95bd5000fb9b52766253bd6ee3d", "a7da8ed5b35cbf0ce2d235e2520d394186740963d0f4649e8ccb684653759f30", "35752610b7219f53b5a5de2448f0a60175abe48204384ee55ac898dcb95dea66", "8a31b4848a103a3292bba78161cc402eee6b8d9e75b41258fc994411d2b9673f", "b89daedb507a3beac6eca4e5065ffa9f1f50694f0cabeb8be1bc9a8970a49082", "943486d70b4bc860761c0db97a02ffc628c546527a97512ce96c8f431ab6724c", "f9d8e319c20af4a7ee83929537cdbd49e0e27db8e08bef506dbb6d879d807252", "c42dfe64f1735b6d4bfb09403d3456ff6138be8e58447f05028ddbbcf6b43613", "7e9b585b5bb50aec1f77132d85ac19cfcde0ff46341ceeb8dd17f558d111624a", "cd9884124884492086133dfad6156b7d8004cb189fef0e089a2b6129865ffc19", "037e63fa3cfd335313e3cb78d14b0e0a779c4da19a7646d75403858a879d70f9", "129bdda489f6349ec751d65c7ce8723941ed40d1ef1dd546371dccd597720ffc", "38b2606a56f63721f744eac093b50e2df5cd4b8cf6bef14ab4c8525a4b690255", "3ce95b260f730ebebc8cf735a23960164c98b4a542f7058b140e81ae9ad4baf7", "ea32abddea0da67213ee9022c45e5554e6b0187a43ca224e743a848c4f45e3b7", "e47dd4e61d7441fd7b9f1ad21dc1aafd9c03fdeb84db7a230c59b90d98a2841f", "b719a30f482e0c48982b91cc2575da1d57eedce245cac9844ada69722c4264f4", "37d74ffc805cb18b38b59dc6f1982e78ec5fb6d458373451779e23bd5f21e8c3", "654aa52ae3de9f6843f8b61c1344c884df121cf1fcb23848ab4d4c0079c370ef", "b4a7534abef4ef11d117b35e73a0fbb0f1fcc6e9500cff101b9db5b2bf78f8e6"], "mitre_attack_tags": []}, {"bi": "deleted-submitted-file", "hashes": ["a98fb6e329c2046d296dccac5580f1bf2b8fd6186913deb9cddcafc09be0813c", "5317f8a165ff205a65635eec691450948e7846ef1a70bca64b03ff4f8523cd97", "91e17a189ddc9dfec52d8d36621c9e860b0dc025e2f77112196d0ecec2008332", "fa023caa3aebd699466398bae8c709d826e5c1a14718c969688854f28936d07f", "21ede0344d272a3a8a772dbdaadbacff83b522fcb01728965a8f29a4726358d9", "7e77d51383f33f8a97f0a5d05fbe82c4d6d143bbae5a65f4866ead944cff3560", "8d96be2882017859c132e29135bfa8389fc518c7a8fa115987cb81ab8ee58399", "437b4e98592df3aa97453cd91bc42554c4e7d22f57eb72acd30399aab9f8ed7e", "33c027dc736af58e3cf4d9bd76abbbfc6adf461e1d942db0d0f7d06b513c8c94", "e51930227c1f303ca6b34fa94170d81f0512165ff7308526f5c68197f347e2cb", "ed9206075e59643ee7f26257e1acb9f53c1758fd53cdfa269e5323f686a1c5d3", "3bc94f387e5e1118773d9ab986039115bf9038f9262da84e0691ecb3334462aa", "0fd02c1cf5e471eccd229ab0534077e3dda91308acbaa6b4e8a15d4fc97b6b98", "af3ef5a49e1b5a7e2c0f099a0522ec94a8f520456d2631166f3ec0210d82d022", "06577101079df0a09060e0eb44b8c6eda8255f138ed3c5af2b669039567f51c5", "aa3c2568af4df9ecf3b4f11a25d50996a0f6005cddd38388f1190d3db8acfd4e", "9a1c47f337e892d67effafa70018fe9cf0e56d0c51a019989a97245e75d0be3d", "c1935ad5839cafe73c88f081d513b45379190e02395d8022c702b7472374b710", "6a38e36c3c79a10d84b1df2a28b6fc3c650bd2799b8ab2ce5e869ecf5e7ee92c", "bcb99f7cd04b670f21c60f63ff3549197affb1efa90ec9c00702540d581fee7f", "f68c5d2b029a43c0a265012f51f77dc0ba6dd72a44c3457606a600a9b08359d1", "b5e74f86d3d81801831504919301322a5bf66fbaad05153cb0d6607b0734131f", "3d426b7064f1d2dd537433dd263cbc3f049f3a01261e4f1e93d9dbbd9689d3e4", "4e7b0a65c1c022ac01703abcd924b9430289ad2fd0739b4d840eb32dcaf63258", "dc4e4a4900ac37937edeb3eae99d639bea6bac21ed34c54a9ab0b916fb556167", "0529bd46932a20e14da07133bd2614e7f81ef08a6ad26764ef9d732dd4988e35", "db9506aeffa9157c1e3a3f0a9852a96222d4b4c3b6937c2b1cb4ea5a10c2be4b", "94281f5e13a94a424a2704cfd6f5db503f8fc1d8753edd7b88a1b72d2c9c75ef", "7554e314af227056d5b542909815beb58fe0a2ca50b406d18e1263e04f5d91f3", "10362bfd9ff8f18e62e3820f517a90a157b6fa7a546a8c8f5f6130dfdd3de88b", "0fd57d56f1a5aa99eb20e4d15a31363292ead1d949734cc54570c9bb3fd53d03", "71a988b2ace69974a4e85a98621b8782decdb5255ff499fb04fb69882cc54312", "6830b989159440052c7fb38c5a78edd1cf3574b33e9d4e25863a8280d7249b11", "284e151ec6597ce6ccc0fb1848d44177bdb351ee0ad00b360014ea7ac5a31d84", "9ee10a8a4ae234cda9f7c4d329142208d8b638269143be2ac4ea10071c21d0b5", "64b287518fbff6bdf964537422e415bcb3435dc73fa98e767f6df01b8d092f5f", "072fa77729d844c920070ee8185d91d404c65892bd3ec3324473ad0155b68988", "ef1b63884af89306dabf230b9c25410dac0c26c974083d1d2a0ddd2d201cd6a3", "7a5307616f8987e9e9991b4b3b0c9a50daeb18947426bc010f3e043ae1ffe658", "6971cad8f0b8e9de3bb406ec10956e0ee095a47d127c7b245379fdd66cf5f32e", "514670325741ff21596e562511ff1e7ad12b7a627cdbeedc67b93ed44f3e732e", "0f074c20be427e86895db557908d85e833b1c2b1a765ea17bf9d1dcd77aa1ad1", "060fb684fd152f2546906c5b85485c24d4e94c7b5e8b93458097d7014154ccc9", "00ec05a0fd4ccd413e28f89d1443089eda2e50becdc97e2b44a6e74c55d65fb8", "8df01a08896f45bf84ba3bfe6d0b1bf7539bc00a71794e4126502c1650cb593e", "757fbdc22c3a597eb40bca8f50f71d0bc59d874bbadee0709a7d3d7631896626", "42ee13d14f840858d94c7e8712c75455bc6828b65d02d2c798f8e304348bd21d", "3445899a37c24d910f0f91f4a330c26054f3f0018b6c44fe619fe4887673786a", "1f159d6772407b57400c1d524b97415f66134673ffd8b07c0fe123addea75f90", "bc225ff15a0644c18094284c4e502f3ecbddb86fed694631326856f0ed0164e7", "478c99de0dcee5ab3da347112b287cdae59780f1cc2f5c5d01e646d8d927474d", "55cf600f0eac84ea1af8fcbb602d59e00498c86ae3b3221f63eb7506904e31e1", "3ca55dfb0daf326b2f643596c081276febf119e8da00f9d7d027a877b9b143d0", "f3efbedbcdf30498ed948c6bb1aec6107c76a95bd5000fb9b52766253bd6ee3d", "722fab49e11fffd69225bbb0590fd8fc5091d4ea4ed2d3619e1ffb8dca0f1759", "a7da8ed5b35cbf0ce2d235e2520d394186740963d0f4649e8ccb684653759f30", "35752610b7219f53b5a5de2448f0a60175abe48204384ee55ac898dcb95dea66", "8a31b4848a103a3292bba78161cc402eee6b8d9e75b41258fc994411d2b9673f", "b89daedb507a3beac6eca4e5065ffa9f1f50694f0cabeb8be1bc9a8970a49082", "f9d8e319c20af4a7ee83929537cdbd49e0e27db8e08bef506dbb6d879d807252", "c42dfe64f1735b6d4bfb09403d3456ff6138be8e58447f05028ddbbcf6b43613", "7e9b585b5bb50aec1f77132d85ac19cfcde0ff46341ceeb8dd17f558d111624a", "cd9884124884492086133dfad6156b7d8004cb189fef0e089a2b6129865ffc19", "037e63fa3cfd335313e3cb78d14b0e0a779c4da19a7646d75403858a879d70f9", "129bdda489f6349ec751d65c7ce8723941ed40d1ef1dd546371dccd597720ffc", "3ce95b260f730ebebc8cf735a23960164c98b4a542f7058b140e81ae9ad4baf7", "ea32abddea0da67213ee9022c45e5554e6b0187a43ca224e743a848c4f45e3b7", "e47dd4e61d7441fd7b9f1ad21dc1aafd9c03fdeb84db7a230c59b90d98a2841f", "b719a30f482e0c48982b91cc2575da1d57eedce245cac9844ada69722c4264f4", "37d74ffc805cb18b38b59dc6f1982e78ec5fb6d458373451779e23bd5f21e8c3", "b4a7534abef4ef11d117b35e73a0fbb0f1fcc6e9500cff101b9db5b2bf78f8e6"], "mitre_attack_tags": ["TA0005"]}, {"bi": "registry-autorun-key-data-dir", "hashes": ["a98fb6e329c2046d296dccac5580f1bf2b8fd6186913deb9cddcafc09be0813c", "5317f8a165ff205a65635eec691450948e7846ef1a70bca64b03ff4f8523cd97", "91e17a189ddc9dfec52d8d36621c9e860b0dc025e2f77112196d0ecec2008332", "fa023caa3aebd699466398bae8c709d826e5c1a14718c969688854f28936d07f", "21ede0344d272a3a8a772dbdaadbacff83b522fcb01728965a8f29a4726358d9", "7e77d51383f33f8a97f0a5d05fbe82c4d6d143bbae5a65f4866ead944cff3560", "8d96be2882017859c132e29135bfa8389fc518c7a8fa115987cb81ab8ee58399", "437b4e98592df3aa97453cd91bc42554c4e7d22f57eb72acd30399aab9f8ed7e", "e51930227c1f303ca6b34fa94170d81f0512165ff7308526f5c68197f347e2cb", "ed9206075e59643ee7f26257e1acb9f53c1758fd53cdfa269e5323f686a1c5d3", "3bc94f387e5e1118773d9ab986039115bf9038f9262da84e0691ecb3334462aa", "0fd02c1cf5e471eccd229ab0534077e3dda91308acbaa6b4e8a15d4fc97b6b98", "af3ef5a49e1b5a7e2c0f099a0522ec94a8f520456d2631166f3ec0210d82d022", "06577101079df0a09060e0eb44b8c6eda8255f138ed3c5af2b669039567f51c5", "aa3c2568af4df9ecf3b4f11a25d50996a0f6005cddd38388f1190d3db8acfd4e", "9a1c47f337e892d67effafa70018fe9cf0e56d0c51a019989a97245e75d0be3d", "c1935ad5839cafe73c88f081d513b45379190e02395d8022c702b7472374b710", "6a38e36c3c79a10d84b1df2a28b6fc3c650bd2799b8ab2ce5e869ecf5e7ee92c", "bcb99f7cd04b670f21c60f63ff3549197affb1efa90ec9c00702540d581fee7f", "f68c5d2b029a43c0a265012f51f77dc0ba6dd72a44c3457606a600a9b08359d1", "b5e74f86d3d81801831504919301322a5bf66fbaad05153cb0d6607b0734131f", "3d426b7064f1d2dd537433dd263cbc3f049f3a01261e4f1e93d9dbbd9689d3e4", "4e7b0a65c1c022ac01703abcd924b9430289ad2fd0739b4d840eb32dcaf63258", "dc4e4a4900ac37937edeb3eae99d639bea6bac21ed34c54a9ab0b916fb556167", "0529bd46932a20e14da07133bd2614e7f81ef08a6ad26764ef9d732dd4988e35", "db9506aeffa9157c1e3a3f0a9852a96222d4b4c3b6937c2b1cb4ea5a10c2be4b", "94281f5e13a94a424a2704cfd6f5db503f8fc1d8753edd7b88a1b72d2c9c75ef", "7554e314af227056d5b542909815beb58fe0a2ca50b406d18e1263e04f5d91f3", "10362bfd9ff8f18e62e3820f517a90a157b6fa7a546a8c8f5f6130dfdd3de88b", "0fd57d56f1a5aa99eb20e4d15a31363292ead1d949734cc54570c9bb3fd53d03", "71a988b2ace69974a4e85a98621b8782decdb5255ff499fb04fb69882cc54312", "6830b989159440052c7fb38c5a78edd1cf3574b33e9d4e25863a8280d7249b11", "284e151ec6597ce6ccc0fb1848d44177bdb351ee0ad00b360014ea7ac5a31d84", "9ee10a8a4ae234cda9f7c4d329142208d8b638269143be2ac4ea10071c21d0b5", "64b287518fbff6bdf964537422e415bcb3435dc73fa98e767f6df01b8d092f5f", "072fa77729d844c920070ee8185d91d404c65892bd3ec3324473ad0155b68988", "ef1b63884af89306dabf230b9c25410dac0c26c974083d1d2a0ddd2d201cd6a3", "7a5307616f8987e9e9991b4b3b0c9a50daeb18947426bc010f3e043ae1ffe658", "6971cad8f0b8e9de3bb406ec10956e0ee095a47d127c7b245379fdd66cf5f32e", "514670325741ff21596e562511ff1e7ad12b7a627cdbeedc67b93ed44f3e732e", "0f074c20be427e86895db557908d85e833b1c2b1a765ea17bf9d1dcd77aa1ad1", "060fb684fd152f2546906c5b85485c24d4e94c7b5e8b93458097d7014154ccc9", "00ec05a0fd4ccd413e28f89d1443089eda2e50becdc97e2b44a6e74c55d65fb8", "8df01a08896f45bf84ba3bfe6d0b1bf7539bc00a71794e4126502c1650cb593e", "757fbdc22c3a597eb40bca8f50f71d0bc59d874bbadee0709a7d3d7631896626", "42ee13d14f840858d94c7e8712c75455bc6828b65d02d2c798f8e304348bd21d", "3445899a37c24d910f0f91f4a330c26054f3f0018b6c44fe619fe4887673786a", "1f159d6772407b57400c1d524b97415f66134673ffd8b07c0fe123addea75f90", "bc225ff15a0644c18094284c4e502f3ecbddb86fed694631326856f0ed0164e7", "478c99de0dcee5ab3da347112b287cdae59780f1cc2f5c5d01e646d8d927474d", "55cf600f0eac84ea1af8fcbb602d59e00498c86ae3b3221f63eb7506904e31e1", "3ca55dfb0daf326b2f643596c081276febf119e8da00f9d7d027a877b9b143d0", "f3efbedbcdf30498ed948c6bb1aec6107c76a95bd5000fb9b52766253bd6ee3d", "a7da8ed5b35cbf0ce2d235e2520d394186740963d0f4649e8ccb684653759f30", "35752610b7219f53b5a5de2448f0a60175abe48204384ee55ac898dcb95dea66", "8a31b4848a103a3292bba78161cc402eee6b8d9e75b41258fc994411d2b9673f", "b89daedb507a3beac6eca4e5065ffa9f1f50694f0cabeb8be1bc9a8970a49082", "943486d70b4bc860761c0db97a02ffc628c546527a97512ce96c8f431ab6724c", "f9d8e319c20af4a7ee83929537cdbd49e0e27db8e08bef506dbb6d879d807252", "c42dfe64f1735b6d4bfb09403d3456ff6138be8e58447f05028ddbbcf6b43613", "7e9b585b5bb50aec1f77132d85ac19cfcde0ff46341ceeb8dd17f558d111624a", "cd9884124884492086133dfad6156b7d8004cb189fef0e089a2b6129865ffc19", "037e63fa3cfd335313e3cb78d14b0e0a779c4da19a7646d75403858a879d70f9", "129bdda489f6349ec751d65c7ce8723941ed40d1ef1dd546371dccd597720ffc", "ea32abddea0da67213ee9022c45e5554e6b0187a43ca224e743a848c4f45e3b7", "e47dd4e61d7441fd7b9f1ad21dc1aafd9c03fdeb84db7a230c59b90d98a2841f", "b719a30f482e0c48982b91cc2575da1d57eedce245cac9844ada69722c4264f4", "37d74ffc805cb18b38b59dc6f1982e78ec5fb6d458373451779e23bd5f21e8c3", "654aa52ae3de9f6843f8b61c1344c884df121cf1fcb23848ab4d4c0079c370ef", "b4a7534abef4ef11d117b35e73a0fbb0f1fcc6e9500cff101b9db5b2bf78f8e6"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "pe-invalid-checksum", "hashes": ["a98fb6e329c2046d296dccac5580f1bf2b8fd6186913deb9cddcafc09be0813c", "5317f8a165ff205a65635eec691450948e7846ef1a70bca64b03ff4f8523cd97", "91e17a189ddc9dfec52d8d36621c9e860b0dc025e2f77112196d0ecec2008332", "fa023caa3aebd699466398bae8c709d826e5c1a14718c969688854f28936d07f", "21ede0344d272a3a8a772dbdaadbacff83b522fcb01728965a8f29a4726358d9", "7e77d51383f33f8a97f0a5d05fbe82c4d6d143bbae5a65f4866ead944cff3560", "8d96be2882017859c132e29135bfa8389fc518c7a8fa115987cb81ab8ee58399", "437b4e98592df3aa97453cd91bc42554c4e7d22f57eb72acd30399aab9f8ed7e", "e51930227c1f303ca6b34fa94170d81f0512165ff7308526f5c68197f347e2cb", "ed9206075e59643ee7f26257e1acb9f53c1758fd53cdfa269e5323f686a1c5d3", "3bc94f387e5e1118773d9ab986039115bf9038f9262da84e0691ecb3334462aa", "0fd02c1cf5e471eccd229ab0534077e3dda91308acbaa6b4e8a15d4fc97b6b98", "af3ef5a49e1b5a7e2c0f099a0522ec94a8f520456d2631166f3ec0210d82d022", "06577101079df0a09060e0eb44b8c6eda8255f138ed3c5af2b669039567f51c5", "aa3c2568af4df9ecf3b4f11a25d50996a0f6005cddd38388f1190d3db8acfd4e", "9a1c47f337e892d67effafa70018fe9cf0e56d0c51a019989a97245e75d0be3d", "c1935ad5839cafe73c88f081d513b45379190e02395d8022c702b7472374b710", "6a38e36c3c79a10d84b1df2a28b6fc3c650bd2799b8ab2ce5e869ecf5e7ee92c", "bcb99f7cd04b670f21c60f63ff3549197affb1efa90ec9c00702540d581fee7f", "f68c5d2b029a43c0a265012f51f77dc0ba6dd72a44c3457606a600a9b08359d1", "b5e74f86d3d81801831504919301322a5bf66fbaad05153cb0d6607b0734131f", "3d426b7064f1d2dd537433dd263cbc3f049f3a01261e4f1e93d9dbbd9689d3e4", "4e7b0a65c1c022ac01703abcd924b9430289ad2fd0739b4d840eb32dcaf63258", "dc4e4a4900ac37937edeb3eae99d639bea6bac21ed34c54a9ab0b916fb556167", "0529bd46932a20e14da07133bd2614e7f81ef08a6ad26764ef9d732dd4988e35", "db9506aeffa9157c1e3a3f0a9852a96222d4b4c3b6937c2b1cb4ea5a10c2be4b", "94281f5e13a94a424a2704cfd6f5db503f8fc1d8753edd7b88a1b72d2c9c75ef", "7554e314af227056d5b542909815beb58fe0a2ca50b406d18e1263e04f5d91f3", "10362bfd9ff8f18e62e3820f517a90a157b6fa7a546a8c8f5f6130dfdd3de88b", "0fd57d56f1a5aa99eb20e4d15a31363292ead1d949734cc54570c9bb3fd53d03", "71a988b2ace69974a4e85a98621b8782decdb5255ff499fb04fb69882cc54312", "6830b989159440052c7fb38c5a78edd1cf3574b33e9d4e25863a8280d7249b11", "284e151ec6597ce6ccc0fb1848d44177bdb351ee0ad00b360014ea7ac5a31d84", "9ee10a8a4ae234cda9f7c4d329142208d8b638269143be2ac4ea10071c21d0b5", "64b287518fbff6bdf964537422e415bcb3435dc73fa98e767f6df01b8d092f5f", "072fa77729d844c920070ee8185d91d404c65892bd3ec3324473ad0155b68988", "ef1b63884af89306dabf230b9c25410dac0c26c974083d1d2a0ddd2d201cd6a3", "7a5307616f8987e9e9991b4b3b0c9a50daeb18947426bc010f3e043ae1ffe658", "6971cad8f0b8e9de3bb406ec10956e0ee095a47d127c7b245379fdd66cf5f32e", "514670325741ff21596e562511ff1e7ad12b7a627cdbeedc67b93ed44f3e732e", "0f074c20be427e86895db557908d85e833b1c2b1a765ea17bf9d1dcd77aa1ad1", "060fb684fd152f2546906c5b85485c24d4e94c7b5e8b93458097d7014154ccc9", "00ec05a0fd4ccd413e28f89d1443089eda2e50becdc97e2b44a6e74c55d65fb8", "8df01a08896f45bf84ba3bfe6d0b1bf7539bc00a71794e4126502c1650cb593e", "757fbdc22c3a597eb40bca8f50f71d0bc59d874bbadee0709a7d3d7631896626", "42ee13d14f840858d94c7e8712c75455bc6828b65d02d2c798f8e304348bd21d", "3445899a37c24d910f0f91f4a330c26054f3f0018b6c44fe619fe4887673786a", "1f159d6772407b57400c1d524b97415f66134673ffd8b07c0fe123addea75f90", "bc225ff15a0644c18094284c4e502f3ecbddb86fed694631326856f0ed0164e7", "478c99de0dcee5ab3da347112b287cdae59780f1cc2f5c5d01e646d8d927474d", "55cf600f0eac84ea1af8fcbb602d59e00498c86ae3b3221f63eb7506904e31e1", "3ca55dfb0daf326b2f643596c081276febf119e8da00f9d7d027a877b9b143d0", "f3efbedbcdf30498ed948c6bb1aec6107c76a95bd5000fb9b52766253bd6ee3d", "e3faa862cfacce2dd526f90a5112ca645985c8f9edb6ed0b2012523c66c14a32", "82332488e17daa5917aafb06e4fe1854f960a3d01f7fec85ba50cd2fc63b35a8", "f626d6e4f4e421aa380caa10bdda4f2624dad2bbfbeb187732207f3d4c1926f5", "38f3433e21eeb74aa9de3987c9842a7a3b09b0947c0c2fad548d2c9a1146d18d", "cd9884124884492086133dfad6156b7d8004cb189fef0e089a2b6129865ffc19", "037e63fa3cfd335313e3cb78d14b0e0a779c4da19a7646d75403858a879d70f9", "3660b8b6775b3cb51e02de69df3ea7e7d33e416ff18dcb383bbfd9832b6f58c2", "f1a397df96b00ab54f46efb442d23f33d136babf5e2e2b58faf8d7b191675c1b", "0e331f718ab1b3f3fab012b47f555ed2c3e14f751c833f280c0dd822cd18a1c6", "295a3be41b49bd5eacd29948c45be6df94a787c7873c9f73779f6cc473b2d088"], "mitre_attack_tags": []}, {"bi": "cmd-exe-file-execution", "hashes": ["a98fb6e329c2046d296dccac5580f1bf2b8fd6186913deb9cddcafc09be0813c", "5317f8a165ff205a65635eec691450948e7846ef1a70bca64b03ff4f8523cd97", "91e17a189ddc9dfec52d8d36621c9e860b0dc025e2f77112196d0ecec2008332", "fa023caa3aebd699466398bae8c709d826e5c1a14718c969688854f28936d07f", "21ede0344d272a3a8a772dbdaadbacff83b522fcb01728965a8f29a4726358d9", "7e77d51383f33f8a97f0a5d05fbe82c4d6d143bbae5a65f4866ead944cff3560", "8d96be2882017859c132e29135bfa8389fc518c7a8fa115987cb81ab8ee58399", "437b4e98592df3aa97453cd91bc42554c4e7d22f57eb72acd30399aab9f8ed7e", "e51930227c1f303ca6b34fa94170d81f0512165ff7308526f5c68197f347e2cb", "ed9206075e59643ee7f26257e1acb9f53c1758fd53cdfa269e5323f686a1c5d3", "3bc94f387e5e1118773d9ab986039115bf9038f9262da84e0691ecb3334462aa", "0fd02c1cf5e471eccd229ab0534077e3dda91308acbaa6b4e8a15d4fc97b6b98", "af3ef5a49e1b5a7e2c0f099a0522ec94a8f520456d2631166f3ec0210d82d022", "06577101079df0a09060e0eb44b8c6eda8255f138ed3c5af2b669039567f51c5", "aa3c2568af4df9ecf3b4f11a25d50996a0f6005cddd38388f1190d3db8acfd4e", "9a1c47f337e892d67effafa70018fe9cf0e56d0c51a019989a97245e75d0be3d", "c1935ad5839cafe73c88f081d513b45379190e02395d8022c702b7472374b710", "6a38e36c3c79a10d84b1df2a28b6fc3c650bd2799b8ab2ce5e869ecf5e7ee92c", "bcb99f7cd04b670f21c60f63ff3549197affb1efa90ec9c00702540d581fee7f", "f68c5d2b029a43c0a265012f51f77dc0ba6dd72a44c3457606a600a9b08359d1", "b5e74f86d3d81801831504919301322a5bf66fbaad05153cb0d6607b0734131f", "3d426b7064f1d2dd537433dd263cbc3f049f3a01261e4f1e93d9dbbd9689d3e4", "4e7b0a65c1c022ac01703abcd924b9430289ad2fd0739b4d840eb32dcaf63258", "dc4e4a4900ac37937edeb3eae99d639bea6bac21ed34c54a9ab0b916fb556167", "0529bd46932a20e14da07133bd2614e7f81ef08a6ad26764ef9d732dd4988e35", "db9506aeffa9157c1e3a3f0a9852a96222d4b4c3b6937c2b1cb4ea5a10c2be4b", "94281f5e13a94a424a2704cfd6f5db503f8fc1d8753edd7b88a1b72d2c9c75ef", "7554e314af227056d5b542909815beb58fe0a2ca50b406d18e1263e04f5d91f3", "10362bfd9ff8f18e62e3820f517a90a157b6fa7a546a8c8f5f6130dfdd3de88b", "0fd57d56f1a5aa99eb20e4d15a31363292ead1d949734cc54570c9bb3fd53d03", "71a988b2ace69974a4e85a98621b8782decdb5255ff499fb04fb69882cc54312", "6830b989159440052c7fb38c5a78edd1cf3574b33e9d4e25863a8280d7249b11", "284e151ec6597ce6ccc0fb1848d44177bdb351ee0ad00b360014ea7ac5a31d84", "9ee10a8a4ae234cda9f7c4d329142208d8b638269143be2ac4ea10071c21d0b5", "64b287518fbff6bdf964537422e415bcb3435dc73fa98e767f6df01b8d092f5f", "072fa77729d844c920070ee8185d91d404c65892bd3ec3324473ad0155b68988", "ef1b63884af89306dabf230b9c25410dac0c26c974083d1d2a0ddd2d201cd6a3", "7a5307616f8987e9e9991b4b3b0c9a50daeb18947426bc010f3e043ae1ffe658", "6971cad8f0b8e9de3bb406ec10956e0ee095a47d127c7b245379fdd66cf5f32e", "514670325741ff21596e562511ff1e7ad12b7a627cdbeedc67b93ed44f3e732e", "0f074c20be427e86895db557908d85e833b1c2b1a765ea17bf9d1dcd77aa1ad1", "060fb684fd152f2546906c5b85485c24d4e94c7b5e8b93458097d7014154ccc9", "00ec05a0fd4ccd413e28f89d1443089eda2e50becdc97e2b44a6e74c55d65fb8", "8df01a08896f45bf84ba3bfe6d0b1bf7539bc00a71794e4126502c1650cb593e", "757fbdc22c3a597eb40bca8f50f71d0bc59d874bbadee0709a7d3d7631896626", "42ee13d14f840858d94c7e8712c75455bc6828b65d02d2c798f8e304348bd21d", "3445899a37c24d910f0f91f4a330c26054f3f0018b6c44fe619fe4887673786a", "1f159d6772407b57400c1d524b97415f66134673ffd8b07c0fe123addea75f90", "bc225ff15a0644c18094284c4e502f3ecbddb86fed694631326856f0ed0164e7", "478c99de0dcee5ab3da347112b287cdae59780f1cc2f5c5d01e646d8d927474d", "55cf600f0eac84ea1af8fcbb602d59e00498c86ae3b3221f63eb7506904e31e1", "3ca55dfb0daf326b2f643596c081276febf119e8da00f9d7d027a877b9b143d0", "f3efbedbcdf30498ed948c6bb1aec6107c76a95bd5000fb9b52766253bd6ee3d", "943486d70b4bc860761c0db97a02ffc628c546527a97512ce96c8f431ab6724c", "037e63fa3cfd335313e3cb78d14b0e0a779c4da19a7646d75403858a879d70f9", "3ce95b260f730ebebc8cf735a23960164c98b4a542f7058b140e81ae9ad4baf7"], "mitre_attack_tags": ["TA0002", "T1059"]}, {"bi": "registry-hide-files", "hashes": ["a98fb6e329c2046d296dccac5580f1bf2b8fd6186913deb9cddcafc09be0813c", "5317f8a165ff205a65635eec691450948e7846ef1a70bca64b03ff4f8523cd97", "91e17a189ddc9dfec52d8d36621c9e860b0dc025e2f77112196d0ecec2008332", "fa023caa3aebd699466398bae8c709d826e5c1a14718c969688854f28936d07f", "21ede0344d272a3a8a772dbdaadbacff83b522fcb01728965a8f29a4726358d9", "7e77d51383f33f8a97f0a5d05fbe82c4d6d143bbae5a65f4866ead944cff3560", "8d96be2882017859c132e29135bfa8389fc518c7a8fa115987cb81ab8ee58399", "437b4e98592df3aa97453cd91bc42554c4e7d22f57eb72acd30399aab9f8ed7e", "e51930227c1f303ca6b34fa94170d81f0512165ff7308526f5c68197f347e2cb", "ed9206075e59643ee7f26257e1acb9f53c1758fd53cdfa269e5323f686a1c5d3", "3bc94f387e5e1118773d9ab986039115bf9038f9262da84e0691ecb3334462aa", "0fd02c1cf5e471eccd229ab0534077e3dda91308acbaa6b4e8a15d4fc97b6b98", "af3ef5a49e1b5a7e2c0f099a0522ec94a8f520456d2631166f3ec0210d82d022", "06577101079df0a09060e0eb44b8c6eda8255f138ed3c5af2b669039567f51c5", "aa3c2568af4df9ecf3b4f11a25d50996a0f6005cddd38388f1190d3db8acfd4e", "9a1c47f337e892d67effafa70018fe9cf0e56d0c51a019989a97245e75d0be3d", "c1935ad5839cafe73c88f081d513b45379190e02395d8022c702b7472374b710", "6a38e36c3c79a10d84b1df2a28b6fc3c650bd2799b8ab2ce5e869ecf5e7ee92c", "bcb99f7cd04b670f21c60f63ff3549197affb1efa90ec9c00702540d581fee7f", "f68c5d2b029a43c0a265012f51f77dc0ba6dd72a44c3457606a600a9b08359d1", "b5e74f86d3d81801831504919301322a5bf66fbaad05153cb0d6607b0734131f", "3d426b7064f1d2dd537433dd263cbc3f049f3a01261e4f1e93d9dbbd9689d3e4", "4e7b0a65c1c022ac01703abcd924b9430289ad2fd0739b4d840eb32dcaf63258", "dc4e4a4900ac37937edeb3eae99d639bea6bac21ed34c54a9ab0b916fb556167", "0529bd46932a20e14da07133bd2614e7f81ef08a6ad26764ef9d732dd4988e35", "db9506aeffa9157c1e3a3f0a9852a96222d4b4c3b6937c2b1cb4ea5a10c2be4b", "94281f5e13a94a424a2704cfd6f5db503f8fc1d8753edd7b88a1b72d2c9c75ef", "7554e314af227056d5b542909815beb58fe0a2ca50b406d18e1263e04f5d91f3", "10362bfd9ff8f18e62e3820f517a90a157b6fa7a546a8c8f5f6130dfdd3de88b", "0fd57d56f1a5aa99eb20e4d15a31363292ead1d949734cc54570c9bb3fd53d03", "71a988b2ace69974a4e85a98621b8782decdb5255ff499fb04fb69882cc54312", "6830b989159440052c7fb38c5a78edd1cf3574b33e9d4e25863a8280d7249b11", "284e151ec6597ce6ccc0fb1848d44177bdb351ee0ad00b360014ea7ac5a31d84", "9ee10a8a4ae234cda9f7c4d329142208d8b638269143be2ac4ea10071c21d0b5", "64b287518fbff6bdf964537422e415bcb3435dc73fa98e767f6df01b8d092f5f", "072fa77729d844c920070ee8185d91d404c65892bd3ec3324473ad0155b68988", "ef1b63884af89306dabf230b9c25410dac0c26c974083d1d2a0ddd2d201cd6a3", "7a5307616f8987e9e9991b4b3b0c9a50daeb18947426bc010f3e043ae1ffe658", "6971cad8f0b8e9de3bb406ec10956e0ee095a47d127c7b245379fdd66cf5f32e", "514670325741ff21596e562511ff1e7ad12b7a627cdbeedc67b93ed44f3e732e", "0f074c20be427e86895db557908d85e833b1c2b1a765ea17bf9d1dcd77aa1ad1", "060fb684fd152f2546906c5b85485c24d4e94c7b5e8b93458097d7014154ccc9", "00ec05a0fd4ccd413e28f89d1443089eda2e50becdc97e2b44a6e74c55d65fb8", "8df01a08896f45bf84ba3bfe6d0b1bf7539bc00a71794e4126502c1650cb593e", "757fbdc22c3a597eb40bca8f50f71d0bc59d874bbadee0709a7d3d7631896626", "42ee13d14f840858d94c7e8712c75455bc6828b65d02d2c798f8e304348bd21d", "3445899a37c24d910f0f91f4a330c26054f3f0018b6c44fe619fe4887673786a", "1f159d6772407b57400c1d524b97415f66134673ffd8b07c0fe123addea75f90", "bc225ff15a0644c18094284c4e502f3ecbddb86fed694631326856f0ed0164e7", "478c99de0dcee5ab3da347112b287cdae59780f1cc2f5c5d01e646d8d927474d", "55cf600f0eac84ea1af8fcbb602d59e00498c86ae3b3221f63eb7506904e31e1", "3ca55dfb0daf326b2f643596c081276febf119e8da00f9d7d027a877b9b143d0", "f3efbedbcdf30498ed948c6bb1aec6107c76a95bd5000fb9b52766253bd6ee3d", "eb35c000eeb1d368e452a6eef6c1d162b998228f41e4691c70ae97601e8e6442", "037e63fa3cfd335313e3cb78d14b0e0a779c4da19a7646d75403858a879d70f9", "584f53a8d11f2e3b7835a2aeaf0d42448dd064854d954c51eec6e0e4b17f80c1"], "mitre_attack_tags": ["TA0005", "T1564"]}, {"bi": "unsigned-roaming-execution", "hashes": ["a98fb6e329c2046d296dccac5580f1bf2b8fd6186913deb9cddcafc09be0813c", "5317f8a165ff205a65635eec691450948e7846ef1a70bca64b03ff4f8523cd97", "91e17a189ddc9dfec52d8d36621c9e860b0dc025e2f77112196d0ecec2008332", "fa023caa3aebd699466398bae8c709d826e5c1a14718c969688854f28936d07f", "21ede0344d272a3a8a772dbdaadbacff83b522fcb01728965a8f29a4726358d9", "7e77d51383f33f8a97f0a5d05fbe82c4d6d143bbae5a65f4866ead944cff3560", "8d96be2882017859c132e29135bfa8389fc518c7a8fa115987cb81ab8ee58399", "437b4e98592df3aa97453cd91bc42554c4e7d22f57eb72acd30399aab9f8ed7e", "e51930227c1f303ca6b34fa94170d81f0512165ff7308526f5c68197f347e2cb", "ed9206075e59643ee7f26257e1acb9f53c1758fd53cdfa269e5323f686a1c5d3", "3bc94f387e5e1118773d9ab986039115bf9038f9262da84e0691ecb3334462aa", "0fd02c1cf5e471eccd229ab0534077e3dda91308acbaa6b4e8a15d4fc97b6b98", "af3ef5a49e1b5a7e2c0f099a0522ec94a8f520456d2631166f3ec0210d82d022", "06577101079df0a09060e0eb44b8c6eda8255f138ed3c5af2b669039567f51c5", "aa3c2568af4df9ecf3b4f11a25d50996a0f6005cddd38388f1190d3db8acfd4e", "9a1c47f337e892d67effafa70018fe9cf0e56d0c51a019989a97245e75d0be3d", "c1935ad5839cafe73c88f081d513b45379190e02395d8022c702b7472374b710", "6a38e36c3c79a10d84b1df2a28b6fc3c650bd2799b8ab2ce5e869ecf5e7ee92c", "bcb99f7cd04b670f21c60f63ff3549197affb1efa90ec9c00702540d581fee7f", "f68c5d2b029a43c0a265012f51f77dc0ba6dd72a44c3457606a600a9b08359d1", "b5e74f86d3d81801831504919301322a5bf66fbaad05153cb0d6607b0734131f", "3d426b7064f1d2dd537433dd263cbc3f049f3a01261e4f1e93d9dbbd9689d3e4", "4e7b0a65c1c022ac01703abcd924b9430289ad2fd0739b4d840eb32dcaf63258", "dc4e4a4900ac37937edeb3eae99d639bea6bac21ed34c54a9ab0b916fb556167", "0529bd46932a20e14da07133bd2614e7f81ef08a6ad26764ef9d732dd4988e35", "db9506aeffa9157c1e3a3f0a9852a96222d4b4c3b6937c2b1cb4ea5a10c2be4b", "94281f5e13a94a424a2704cfd6f5db503f8fc1d8753edd7b88a1b72d2c9c75ef", "7554e314af227056d5b542909815beb58fe0a2ca50b406d18e1263e04f5d91f3", "10362bfd9ff8f18e62e3820f517a90a157b6fa7a546a8c8f5f6130dfdd3de88b", "0fd57d56f1a5aa99eb20e4d15a31363292ead1d949734cc54570c9bb3fd53d03", "71a988b2ace69974a4e85a98621b8782decdb5255ff499fb04fb69882cc54312", "6830b989159440052c7fb38c5a78edd1cf3574b33e9d4e25863a8280d7249b11", "284e151ec6597ce6ccc0fb1848d44177bdb351ee0ad00b360014ea7ac5a31d84", "9ee10a8a4ae234cda9f7c4d329142208d8b638269143be2ac4ea10071c21d0b5", "64b287518fbff6bdf964537422e415bcb3435dc73fa98e767f6df01b8d092f5f", "072fa77729d844c920070ee8185d91d404c65892bd3ec3324473ad0155b68988", "ef1b63884af89306dabf230b9c25410dac0c26c974083d1d2a0ddd2d201cd6a3", "7a5307616f8987e9e9991b4b3b0c9a50daeb18947426bc010f3e043ae1ffe658", "6971cad8f0b8e9de3bb406ec10956e0ee095a47d127c7b245379fdd66cf5f32e", "514670325741ff21596e562511ff1e7ad12b7a627cdbeedc67b93ed44f3e732e", "0f074c20be427e86895db557908d85e833b1c2b1a765ea17bf9d1dcd77aa1ad1", "060fb684fd152f2546906c5b85485c24d4e94c7b5e8b93458097d7014154ccc9", "00ec05a0fd4ccd413e28f89d1443089eda2e50becdc97e2b44a6e74c55d65fb8", "8df01a08896f45bf84ba3bfe6d0b1bf7539bc00a71794e4126502c1650cb593e", "757fbdc22c3a597eb40bca8f50f71d0bc59d874bbadee0709a7d3d7631896626", "42ee13d14f840858d94c7e8712c75455bc6828b65d02d2c798f8e304348bd21d", "3445899a37c24d910f0f91f4a330c26054f3f0018b6c44fe619fe4887673786a", "1f159d6772407b57400c1d524b97415f66134673ffd8b07c0fe123addea75f90", "bc225ff15a0644c18094284c4e502f3ecbddb86fed694631326856f0ed0164e7", "478c99de0dcee5ab3da347112b287cdae59780f1cc2f5c5d01e646d8d927474d", "55cf600f0eac84ea1af8fcbb602d59e00498c86ae3b3221f63eb7506904e31e1", "3ca55dfb0daf326b2f643596c081276febf119e8da00f9d7d027a877b9b143d0", "f3efbedbcdf30498ed948c6bb1aec6107c76a95bd5000fb9b52766253bd6ee3d", "943486d70b4bc860761c0db97a02ffc628c546527a97512ce96c8f431ab6724c", "037e63fa3cfd335313e3cb78d14b0e0a779c4da19a7646d75403858a879d70f9", "37d74ffc805cb18b38b59dc6f1982e78ec5fb6d458373451779e23bd5f21e8c3"], "mitre_attack_tags": ["TA0005"]}, {"bi": "listening-port-opened", "hashes": ["a98fb6e329c2046d296dccac5580f1bf2b8fd6186913deb9cddcafc09be0813c", "5317f8a165ff205a65635eec691450948e7846ef1a70bca64b03ff4f8523cd97", "91e17a189ddc9dfec52d8d36621c9e860b0dc025e2f77112196d0ecec2008332", "fa023caa3aebd699466398bae8c709d826e5c1a14718c969688854f28936d07f", "21ede0344d272a3a8a772dbdaadbacff83b522fcb01728965a8f29a4726358d9", "7e77d51383f33f8a97f0a5d05fbe82c4d6d143bbae5a65f4866ead944cff3560", "8d96be2882017859c132e29135bfa8389fc518c7a8fa115987cb81ab8ee58399", "437b4e98592df3aa97453cd91bc42554c4e7d22f57eb72acd30399aab9f8ed7e", "e51930227c1f303ca6b34fa94170d81f0512165ff7308526f5c68197f347e2cb", "ed9206075e59643ee7f26257e1acb9f53c1758fd53cdfa269e5323f686a1c5d3", "3bc94f387e5e1118773d9ab986039115bf9038f9262da84e0691ecb3334462aa", "0fd02c1cf5e471eccd229ab0534077e3dda91308acbaa6b4e8a15d4fc97b6b98", "af3ef5a49e1b5a7e2c0f099a0522ec94a8f520456d2631166f3ec0210d82d022", "06577101079df0a09060e0eb44b8c6eda8255f138ed3c5af2b669039567f51c5", "aa3c2568af4df9ecf3b4f11a25d50996a0f6005cddd38388f1190d3db8acfd4e", "9a1c47f337e892d67effafa70018fe9cf0e56d0c51a019989a97245e75d0be3d", "c1935ad5839cafe73c88f081d513b45379190e02395d8022c702b7472374b710", "6a38e36c3c79a10d84b1df2a28b6fc3c650bd2799b8ab2ce5e869ecf5e7ee92c", "bcb99f7cd04b670f21c60f63ff3549197affb1efa90ec9c00702540d581fee7f", "f68c5d2b029a43c0a265012f51f77dc0ba6dd72a44c3457606a600a9b08359d1", "b5e74f86d3d81801831504919301322a5bf66fbaad05153cb0d6607b0734131f", "3d426b7064f1d2dd537433dd263cbc3f049f3a01261e4f1e93d9dbbd9689d3e4", "4e7b0a65c1c022ac01703abcd924b9430289ad2fd0739b4d840eb32dcaf63258", "dc4e4a4900ac37937edeb3eae99d639bea6bac21ed34c54a9ab0b916fb556167", "0529bd46932a20e14da07133bd2614e7f81ef08a6ad26764ef9d732dd4988e35", "db9506aeffa9157c1e3a3f0a9852a96222d4b4c3b6937c2b1cb4ea5a10c2be4b", "94281f5e13a94a424a2704cfd6f5db503f8fc1d8753edd7b88a1b72d2c9c75ef", "7554e314af227056d5b542909815beb58fe0a2ca50b406d18e1263e04f5d91f3", "10362bfd9ff8f18e62e3820f517a90a157b6fa7a546a8c8f5f6130dfdd3de88b", "0fd57d56f1a5aa99eb20e4d15a31363292ead1d949734cc54570c9bb3fd53d03", "71a988b2ace69974a4e85a98621b8782decdb5255ff499fb04fb69882cc54312", "6830b989159440052c7fb38c5a78edd1cf3574b33e9d4e25863a8280d7249b11", "284e151ec6597ce6ccc0fb1848d44177bdb351ee0ad00b360014ea7ac5a31d84", "9ee10a8a4ae234cda9f7c4d329142208d8b638269143be2ac4ea10071c21d0b5", "64b287518fbff6bdf964537422e415bcb3435dc73fa98e767f6df01b8d092f5f", "072fa77729d844c920070ee8185d91d404c65892bd3ec3324473ad0155b68988", "ef1b63884af89306dabf230b9c25410dac0c26c974083d1d2a0ddd2d201cd6a3", "7a5307616f8987e9e9991b4b3b0c9a50daeb18947426bc010f3e043ae1ffe658", "6971cad8f0b8e9de3bb406ec10956e0ee095a47d127c7b245379fdd66cf5f32e", "514670325741ff21596e562511ff1e7ad12b7a627cdbeedc67b93ed44f3e732e", "0f074c20be427e86895db557908d85e833b1c2b1a765ea17bf9d1dcd77aa1ad1", "060fb684fd152f2546906c5b85485c24d4e94c7b5e8b93458097d7014154ccc9", "00ec05a0fd4ccd413e28f89d1443089eda2e50becdc97e2b44a6e74c55d65fb8", "8df01a08896f45bf84ba3bfe6d0b1bf7539bc00a71794e4126502c1650cb593e", "757fbdc22c3a597eb40bca8f50f71d0bc59d874bbadee0709a7d3d7631896626", "42ee13d14f840858d94c7e8712c75455bc6828b65d02d2c798f8e304348bd21d", "3445899a37c24d910f0f91f4a330c26054f3f0018b6c44fe619fe4887673786a", "1f159d6772407b57400c1d524b97415f66134673ffd8b07c0fe123addea75f90", "bc225ff15a0644c18094284c4e502f3ecbddb86fed694631326856f0ed0164e7", "478c99de0dcee5ab3da347112b287cdae59780f1cc2f5c5d01e646d8d927474d", "55cf600f0eac84ea1af8fcbb602d59e00498c86ae3b3221f63eb7506904e31e1", "3ca55dfb0daf326b2f643596c081276febf119e8da00f9d7d027a877b9b143d0", "f3efbedbcdf30498ed948c6bb1aec6107c76a95bd5000fb9b52766253bd6ee3d", "037e63fa3cfd335313e3cb78d14b0e0a779c4da19a7646d75403858a879d70f9", "37d74ffc805cb18b38b59dc6f1982e78ec5fb6d458373451779e23bd5f21e8c3"], "mitre_attack_tags": ["TA0011", "T1219"]}, {"bi": "startup-folder-modification", "hashes": ["a98fb6e329c2046d296dccac5580f1bf2b8fd6186913deb9cddcafc09be0813c", "5317f8a165ff205a65635eec691450948e7846ef1a70bca64b03ff4f8523cd97", "91e17a189ddc9dfec52d8d36621c9e860b0dc025e2f77112196d0ecec2008332", "fa023caa3aebd699466398bae8c709d826e5c1a14718c969688854f28936d07f", "21ede0344d272a3a8a772dbdaadbacff83b522fcb01728965a8f29a4726358d9", "7e77d51383f33f8a97f0a5d05fbe82c4d6d143bbae5a65f4866ead944cff3560", "8d96be2882017859c132e29135bfa8389fc518c7a8fa115987cb81ab8ee58399", "437b4e98592df3aa97453cd91bc42554c4e7d22f57eb72acd30399aab9f8ed7e", "e51930227c1f303ca6b34fa94170d81f0512165ff7308526f5c68197f347e2cb", "ed9206075e59643ee7f26257e1acb9f53c1758fd53cdfa269e5323f686a1c5d3", "3bc94f387e5e1118773d9ab986039115bf9038f9262da84e0691ecb3334462aa", "0fd02c1cf5e471eccd229ab0534077e3dda91308acbaa6b4e8a15d4fc97b6b98", "af3ef5a49e1b5a7e2c0f099a0522ec94a8f520456d2631166f3ec0210d82d022", "06577101079df0a09060e0eb44b8c6eda8255f138ed3c5af2b669039567f51c5", "aa3c2568af4df9ecf3b4f11a25d50996a0f6005cddd38388f1190d3db8acfd4e", "9a1c47f337e892d67effafa70018fe9cf0e56d0c51a019989a97245e75d0be3d", "c1935ad5839cafe73c88f081d513b45379190e02395d8022c702b7472374b710", "6a38e36c3c79a10d84b1df2a28b6fc3c650bd2799b8ab2ce5e869ecf5e7ee92c", "bcb99f7cd04b670f21c60f63ff3549197affb1efa90ec9c00702540d581fee7f", "f68c5d2b029a43c0a265012f51f77dc0ba6dd72a44c3457606a600a9b08359d1", "b5e74f86d3d81801831504919301322a5bf66fbaad05153cb0d6607b0734131f", "3d426b7064f1d2dd537433dd263cbc3f049f3a01261e4f1e93d9dbbd9689d3e4", "4e7b0a65c1c022ac01703abcd924b9430289ad2fd0739b4d840eb32dcaf63258", "dc4e4a4900ac37937edeb3eae99d639bea6bac21ed34c54a9ab0b916fb556167", "0529bd46932a20e14da07133bd2614e7f81ef08a6ad26764ef9d732dd4988e35", "db9506aeffa9157c1e3a3f0a9852a96222d4b4c3b6937c2b1cb4ea5a10c2be4b", "94281f5e13a94a424a2704cfd6f5db503f8fc1d8753edd7b88a1b72d2c9c75ef", "7554e314af227056d5b542909815beb58fe0a2ca50b406d18e1263e04f5d91f3", "10362bfd9ff8f18e62e3820f517a90a157b6fa7a546a8c8f5f6130dfdd3de88b", "0fd57d56f1a5aa99eb20e4d15a31363292ead1d949734cc54570c9bb3fd53d03", "71a988b2ace69974a4e85a98621b8782decdb5255ff499fb04fb69882cc54312", "6830b989159440052c7fb38c5a78edd1cf3574b33e9d4e25863a8280d7249b11", "284e151ec6597ce6ccc0fb1848d44177bdb351ee0ad00b360014ea7ac5a31d84", "9ee10a8a4ae234cda9f7c4d329142208d8b638269143be2ac4ea10071c21d0b5", "64b287518fbff6bdf964537422e415bcb3435dc73fa98e767f6df01b8d092f5f", "072fa77729d844c920070ee8185d91d404c65892bd3ec3324473ad0155b68988", "ef1b63884af89306dabf230b9c25410dac0c26c974083d1d2a0ddd2d201cd6a3", "7a5307616f8987e9e9991b4b3b0c9a50daeb18947426bc010f3e043ae1ffe658", "6971cad8f0b8e9de3bb406ec10956e0ee095a47d127c7b245379fdd66cf5f32e", "514670325741ff21596e562511ff1e7ad12b7a627cdbeedc67b93ed44f3e732e", "0f074c20be427e86895db557908d85e833b1c2b1a765ea17bf9d1dcd77aa1ad1", "060fb684fd152f2546906c5b85485c24d4e94c7b5e8b93458097d7014154ccc9", "00ec05a0fd4ccd413e28f89d1443089eda2e50becdc97e2b44a6e74c55d65fb8", "8df01a08896f45bf84ba3bfe6d0b1bf7539bc00a71794e4126502c1650cb593e", "757fbdc22c3a597eb40bca8f50f71d0bc59d874bbadee0709a7d3d7631896626", "42ee13d14f840858d94c7e8712c75455bc6828b65d02d2c798f8e304348bd21d", "3445899a37c24d910f0f91f4a330c26054f3f0018b6c44fe619fe4887673786a", "1f159d6772407b57400c1d524b97415f66134673ffd8b07c0fe123addea75f90", "bc225ff15a0644c18094284c4e502f3ecbddb86fed694631326856f0ed0164e7", "478c99de0dcee5ab3da347112b287cdae59780f1cc2f5c5d01e646d8d927474d", "55cf600f0eac84ea1af8fcbb602d59e00498c86ae3b3221f63eb7506904e31e1", "3ca55dfb0daf326b2f643596c081276febf119e8da00f9d7d027a877b9b143d0", "f3efbedbcdf30498ed948c6bb1aec6107c76a95bd5000fb9b52766253bd6ee3d", "037e63fa3cfd335313e3cb78d14b0e0a779c4da19a7646d75403858a879d70f9", "b4a7534abef4ef11d117b35e73a0fbb0f1fcc6e9500cff101b9db5b2bf78f8e6"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "registry-large-data-entry", "hashes": ["a98fb6e329c2046d296dccac5580f1bf2b8fd6186913deb9cddcafc09be0813c", "5317f8a165ff205a65635eec691450948e7846ef1a70bca64b03ff4f8523cd97", "91e17a189ddc9dfec52d8d36621c9e860b0dc025e2f77112196d0ecec2008332", "fa023caa3aebd699466398bae8c709d826e5c1a14718c969688854f28936d07f", "21ede0344d272a3a8a772dbdaadbacff83b522fcb01728965a8f29a4726358d9", "7e77d51383f33f8a97f0a5d05fbe82c4d6d143bbae5a65f4866ead944cff3560", "8d96be2882017859c132e29135bfa8389fc518c7a8fa115987cb81ab8ee58399", "437b4e98592df3aa97453cd91bc42554c4e7d22f57eb72acd30399aab9f8ed7e", "e51930227c1f303ca6b34fa94170d81f0512165ff7308526f5c68197f347e2cb", "ed9206075e59643ee7f26257e1acb9f53c1758fd53cdfa269e5323f686a1c5d3", "3bc94f387e5e1118773d9ab986039115bf9038f9262da84e0691ecb3334462aa", "0fd02c1cf5e471eccd229ab0534077e3dda91308acbaa6b4e8a15d4fc97b6b98", "af3ef5a49e1b5a7e2c0f099a0522ec94a8f520456d2631166f3ec0210d82d022", "06577101079df0a09060e0eb44b8c6eda8255f138ed3c5af2b669039567f51c5", "aa3c2568af4df9ecf3b4f11a25d50996a0f6005cddd38388f1190d3db8acfd4e", "9a1c47f337e892d67effafa70018fe9cf0e56d0c51a019989a97245e75d0be3d", "c1935ad5839cafe73c88f081d513b45379190e02395d8022c702b7472374b710", "6a38e36c3c79a10d84b1df2a28b6fc3c650bd2799b8ab2ce5e869ecf5e7ee92c", "bcb99f7cd04b670f21c60f63ff3549197affb1efa90ec9c00702540d581fee7f", "f68c5d2b029a43c0a265012f51f77dc0ba6dd72a44c3457606a600a9b08359d1", "b5e74f86d3d81801831504919301322a5bf66fbaad05153cb0d6607b0734131f", "3d426b7064f1d2dd537433dd263cbc3f049f3a01261e4f1e93d9dbbd9689d3e4", "4e7b0a65c1c022ac01703abcd924b9430289ad2fd0739b4d840eb32dcaf63258", "dc4e4a4900ac37937edeb3eae99d639bea6bac21ed34c54a9ab0b916fb556167", "0529bd46932a20e14da07133bd2614e7f81ef08a6ad26764ef9d732dd4988e35", "db9506aeffa9157c1e3a3f0a9852a96222d4b4c3b6937c2b1cb4ea5a10c2be4b", "94281f5e13a94a424a2704cfd6f5db503f8fc1d8753edd7b88a1b72d2c9c75ef", "7554e314af227056d5b542909815beb58fe0a2ca50b406d18e1263e04f5d91f3", "10362bfd9ff8f18e62e3820f517a90a157b6fa7a546a8c8f5f6130dfdd3de88b", "0fd57d56f1a5aa99eb20e4d15a31363292ead1d949734cc54570c9bb3fd53d03", "71a988b2ace69974a4e85a98621b8782decdb5255ff499fb04fb69882cc54312", "6830b989159440052c7fb38c5a78edd1cf3574b33e9d4e25863a8280d7249b11", "284e151ec6597ce6ccc0fb1848d44177bdb351ee0ad00b360014ea7ac5a31d84", "9ee10a8a4ae234cda9f7c4d329142208d8b638269143be2ac4ea10071c21d0b5", "64b287518fbff6bdf964537422e415bcb3435dc73fa98e767f6df01b8d092f5f", "072fa77729d844c920070ee8185d91d404c65892bd3ec3324473ad0155b68988", "ef1b63884af89306dabf230b9c25410dac0c26c974083d1d2a0ddd2d201cd6a3", "7a5307616f8987e9e9991b4b3b0c9a50daeb18947426bc010f3e043ae1ffe658", "6971cad8f0b8e9de3bb406ec10956e0ee095a47d127c7b245379fdd66cf5f32e", "514670325741ff21596e562511ff1e7ad12b7a627cdbeedc67b93ed44f3e732e", "0f074c20be427e86895db557908d85e833b1c2b1a765ea17bf9d1dcd77aa1ad1", "060fb684fd152f2546906c5b85485c24d4e94c7b5e8b93458097d7014154ccc9", "00ec05a0fd4ccd413e28f89d1443089eda2e50becdc97e2b44a6e74c55d65fb8", "8df01a08896f45bf84ba3bfe6d0b1bf7539bc00a71794e4126502c1650cb593e", "757fbdc22c3a597eb40bca8f50f71d0bc59d874bbadee0709a7d3d7631896626", "42ee13d14f840858d94c7e8712c75455bc6828b65d02d2c798f8e304348bd21d", "3445899a37c24d910f0f91f4a330c26054f3f0018b6c44fe619fe4887673786a", "1f159d6772407b57400c1d524b97415f66134673ffd8b07c0fe123addea75f90", "bc225ff15a0644c18094284c4e502f3ecbddb86fed694631326856f0ed0164e7", "478c99de0dcee5ab3da347112b287cdae59780f1cc2f5c5d01e646d8d927474d", "55cf600f0eac84ea1af8fcbb602d59e00498c86ae3b3221f63eb7506904e31e1", "3ca55dfb0daf326b2f643596c081276febf119e8da00f9d7d027a877b9b143d0", "f3efbedbcdf30498ed948c6bb1aec6107c76a95bd5000fb9b52766253bd6ee3d", "037e63fa3cfd335313e3cb78d14b0e0a779c4da19a7646d75403858a879d70f9"], "mitre_attack_tags": ["TA0005", "T1112"]}, {"bi": "excessive-udp-connections", "hashes": ["a98fb6e329c2046d296dccac5580f1bf2b8fd6186913deb9cddcafc09be0813c", "5317f8a165ff205a65635eec691450948e7846ef1a70bca64b03ff4f8523cd97", "91e17a189ddc9dfec52d8d36621c9e860b0dc025e2f77112196d0ecec2008332", "fa023caa3aebd699466398bae8c709d826e5c1a14718c969688854f28936d07f", "21ede0344d272a3a8a772dbdaadbacff83b522fcb01728965a8f29a4726358d9", "7e77d51383f33f8a97f0a5d05fbe82c4d6d143bbae5a65f4866ead944cff3560", "8d96be2882017859c132e29135bfa8389fc518c7a8fa115987cb81ab8ee58399", "437b4e98592df3aa97453cd91bc42554c4e7d22f57eb72acd30399aab9f8ed7e", "e51930227c1f303ca6b34fa94170d81f0512165ff7308526f5c68197f347e2cb", "ed9206075e59643ee7f26257e1acb9f53c1758fd53cdfa269e5323f686a1c5d3", "3bc94f387e5e1118773d9ab986039115bf9038f9262da84e0691ecb3334462aa", "0fd02c1cf5e471eccd229ab0534077e3dda91308acbaa6b4e8a15d4fc97b6b98", "af3ef5a49e1b5a7e2c0f099a0522ec94a8f520456d2631166f3ec0210d82d022", "06577101079df0a09060e0eb44b8c6eda8255f138ed3c5af2b669039567f51c5", "aa3c2568af4df9ecf3b4f11a25d50996a0f6005cddd38388f1190d3db8acfd4e", "9a1c47f337e892d67effafa70018fe9cf0e56d0c51a019989a97245e75d0be3d", "c1935ad5839cafe73c88f081d513b45379190e02395d8022c702b7472374b710", "6a38e36c3c79a10d84b1df2a28b6fc3c650bd2799b8ab2ce5e869ecf5e7ee92c", "bcb99f7cd04b670f21c60f63ff3549197affb1efa90ec9c00702540d581fee7f", "f68c5d2b029a43c0a265012f51f77dc0ba6dd72a44c3457606a600a9b08359d1", "b5e74f86d3d81801831504919301322a5bf66fbaad05153cb0d6607b0734131f", "3d426b7064f1d2dd537433dd263cbc3f049f3a01261e4f1e93d9dbbd9689d3e4", "4e7b0a65c1c022ac01703abcd924b9430289ad2fd0739b4d840eb32dcaf63258", "dc4e4a4900ac37937edeb3eae99d639bea6bac21ed34c54a9ab0b916fb556167", "0529bd46932a20e14da07133bd2614e7f81ef08a6ad26764ef9d732dd4988e35", "db9506aeffa9157c1e3a3f0a9852a96222d4b4c3b6937c2b1cb4ea5a10c2be4b", "94281f5e13a94a424a2704cfd6f5db503f8fc1d8753edd7b88a1b72d2c9c75ef", "7554e314af227056d5b542909815beb58fe0a2ca50b406d18e1263e04f5d91f3", "10362bfd9ff8f18e62e3820f517a90a157b6fa7a546a8c8f5f6130dfdd3de88b", "0fd57d56f1a5aa99eb20e4d15a31363292ead1d949734cc54570c9bb3fd53d03", "71a988b2ace69974a4e85a98621b8782decdb5255ff499fb04fb69882cc54312", "6830b989159440052c7fb38c5a78edd1cf3574b33e9d4e25863a8280d7249b11", "284e151ec6597ce6ccc0fb1848d44177bdb351ee0ad00b360014ea7ac5a31d84", "9ee10a8a4ae234cda9f7c4d329142208d8b638269143be2ac4ea10071c21d0b5", "64b287518fbff6bdf964537422e415bcb3435dc73fa98e767f6df01b8d092f5f", "072fa77729d844c920070ee8185d91d404c65892bd3ec3324473ad0155b68988", "ef1b63884af89306dabf230b9c25410dac0c26c974083d1d2a0ddd2d201cd6a3", "7a5307616f8987e9e9991b4b3b0c9a50daeb18947426bc010f3e043ae1ffe658", "6971cad8f0b8e9de3bb406ec10956e0ee095a47d127c7b245379fdd66cf5f32e", "514670325741ff21596e562511ff1e7ad12b7a627cdbeedc67b93ed44f3e732e", "0f074c20be427e86895db557908d85e833b1c2b1a765ea17bf9d1dcd77aa1ad1", "060fb684fd152f2546906c5b85485c24d4e94c7b5e8b93458097d7014154ccc9", "00ec05a0fd4ccd413e28f89d1443089eda2e50becdc97e2b44a6e74c55d65fb8", "8df01a08896f45bf84ba3bfe6d0b1bf7539bc00a71794e4126502c1650cb593e", "757fbdc22c3a597eb40bca8f50f71d0bc59d874bbadee0709a7d3d7631896626", "42ee13d14f840858d94c7e8712c75455bc6828b65d02d2c798f8e304348bd21d", "3445899a37c24d910f0f91f4a330c26054f3f0018b6c44fe619fe4887673786a", "1f159d6772407b57400c1d524b97415f66134673ffd8b07c0fe123addea75f90", "bc225ff15a0644c18094284c4e502f3ecbddb86fed694631326856f0ed0164e7", "478c99de0dcee5ab3da347112b287cdae59780f1cc2f5c5d01e646d8d927474d", "55cf600f0eac84ea1af8fcbb602d59e00498c86ae3b3221f63eb7506904e31e1", "3ca55dfb0daf326b2f643596c081276febf119e8da00f9d7d027a877b9b143d0", "f3efbedbcdf30498ed948c6bb1aec6107c76a95bd5000fb9b52766253bd6ee3d", "037e63fa3cfd335313e3cb78d14b0e0a779c4da19a7646d75403858a879d70f9"], "mitre_attack_tags": ["TA0011", "T1095", "T1008"]}, {"bi": "malware-ransomware-cerber", "hashes": ["a98fb6e329c2046d296dccac5580f1bf2b8fd6186913deb9cddcafc09be0813c", "5317f8a165ff205a65635eec691450948e7846ef1a70bca64b03ff4f8523cd97", "91e17a189ddc9dfec52d8d36621c9e860b0dc025e2f77112196d0ecec2008332", "fa023caa3aebd699466398bae8c709d826e5c1a14718c969688854f28936d07f", "21ede0344d272a3a8a772dbdaadbacff83b522fcb01728965a8f29a4726358d9", "7e77d51383f33f8a97f0a5d05fbe82c4d6d143bbae5a65f4866ead944cff3560", "8d96be2882017859c132e29135bfa8389fc518c7a8fa115987cb81ab8ee58399", "437b4e98592df3aa97453cd91bc42554c4e7d22f57eb72acd30399aab9f8ed7e", "e51930227c1f303ca6b34fa94170d81f0512165ff7308526f5c68197f347e2cb", "ed9206075e59643ee7f26257e1acb9f53c1758fd53cdfa269e5323f686a1c5d3", "3bc94f387e5e1118773d9ab986039115bf9038f9262da84e0691ecb3334462aa", "0fd02c1cf5e471eccd229ab0534077e3dda91308acbaa6b4e8a15d4fc97b6b98", "af3ef5a49e1b5a7e2c0f099a0522ec94a8f520456d2631166f3ec0210d82d022", "06577101079df0a09060e0eb44b8c6eda8255f138ed3c5af2b669039567f51c5", "aa3c2568af4df9ecf3b4f11a25d50996a0f6005cddd38388f1190d3db8acfd4e", "9a1c47f337e892d67effafa70018fe9cf0e56d0c51a019989a97245e75d0be3d", "c1935ad5839cafe73c88f081d513b45379190e02395d8022c702b7472374b710", "6a38e36c3c79a10d84b1df2a28b6fc3c650bd2799b8ab2ce5e869ecf5e7ee92c", "bcb99f7cd04b670f21c60f63ff3549197affb1efa90ec9c00702540d581fee7f", "f68c5d2b029a43c0a265012f51f77dc0ba6dd72a44c3457606a600a9b08359d1", "b5e74f86d3d81801831504919301322a5bf66fbaad05153cb0d6607b0734131f", "3d426b7064f1d2dd537433dd263cbc3f049f3a01261e4f1e93d9dbbd9689d3e4", "4e7b0a65c1c022ac01703abcd924b9430289ad2fd0739b4d840eb32dcaf63258", "dc4e4a4900ac37937edeb3eae99d639bea6bac21ed34c54a9ab0b916fb556167", "0529bd46932a20e14da07133bd2614e7f81ef08a6ad26764ef9d732dd4988e35", "db9506aeffa9157c1e3a3f0a9852a96222d4b4c3b6937c2b1cb4ea5a10c2be4b", "94281f5e13a94a424a2704cfd6f5db503f8fc1d8753edd7b88a1b72d2c9c75ef", "7554e314af227056d5b542909815beb58fe0a2ca50b406d18e1263e04f5d91f3", "10362bfd9ff8f18e62e3820f517a90a157b6fa7a546a8c8f5f6130dfdd3de88b", "0fd57d56f1a5aa99eb20e4d15a31363292ead1d949734cc54570c9bb3fd53d03", "71a988b2ace69974a4e85a98621b8782decdb5255ff499fb04fb69882cc54312", "6830b989159440052c7fb38c5a78edd1cf3574b33e9d4e25863a8280d7249b11", "284e151ec6597ce6ccc0fb1848d44177bdb351ee0ad00b360014ea7ac5a31d84", "9ee10a8a4ae234cda9f7c4d329142208d8b638269143be2ac4ea10071c21d0b5", "64b287518fbff6bdf964537422e415bcb3435dc73fa98e767f6df01b8d092f5f", "072fa77729d844c920070ee8185d91d404c65892bd3ec3324473ad0155b68988", "ef1b63884af89306dabf230b9c25410dac0c26c974083d1d2a0ddd2d201cd6a3", "7a5307616f8987e9e9991b4b3b0c9a50daeb18947426bc010f3e043ae1ffe658", "6971cad8f0b8e9de3bb406ec10956e0ee095a47d127c7b245379fdd66cf5f32e", "514670325741ff21596e562511ff1e7ad12b7a627cdbeedc67b93ed44f3e732e", "0f074c20be427e86895db557908d85e833b1c2b1a765ea17bf9d1dcd77aa1ad1", "060fb684fd152f2546906c5b85485c24d4e94c7b5e8b93458097d7014154ccc9", "00ec05a0fd4ccd413e28f89d1443089eda2e50becdc97e2b44a6e74c55d65fb8", "8df01a08896f45bf84ba3bfe6d0b1bf7539bc00a71794e4126502c1650cb593e", "757fbdc22c3a597eb40bca8f50f71d0bc59d874bbadee0709a7d3d7631896626", "42ee13d14f840858d94c7e8712c75455bc6828b65d02d2c798f8e304348bd21d", "3445899a37c24d910f0f91f4a330c26054f3f0018b6c44fe619fe4887673786a", "1f159d6772407b57400c1d524b97415f66134673ffd8b07c0fe123addea75f90", "bc225ff15a0644c18094284c4e502f3ecbddb86fed694631326856f0ed0164e7", "478c99de0dcee5ab3da347112b287cdae59780f1cc2f5c5d01e646d8d927474d", "55cf600f0eac84ea1af8fcbb602d59e00498c86ae3b3221f63eb7506904e31e1", "3ca55dfb0daf326b2f643596c081276febf119e8da00f9d7d027a877b9b143d0", "f3efbedbcdf30498ed948c6bb1aec6107c76a95bd5000fb9b52766253bd6ee3d", "037e63fa3cfd335313e3cb78d14b0e0a779c4da19a7646d75403858a879d70f9"], "mitre_attack_tags": ["TA0040", "T1486"]}, {"bi": "process-uses-localhost-traffic", "hashes": ["a98fb6e329c2046d296dccac5580f1bf2b8fd6186913deb9cddcafc09be0813c", "5317f8a165ff205a65635eec691450948e7846ef1a70bca64b03ff4f8523cd97", "91e17a189ddc9dfec52d8d36621c9e860b0dc025e2f77112196d0ecec2008332", "fa023caa3aebd699466398bae8c709d826e5c1a14718c969688854f28936d07f", "21ede0344d272a3a8a772dbdaadbacff83b522fcb01728965a8f29a4726358d9", "7e77d51383f33f8a97f0a5d05fbe82c4d6d143bbae5a65f4866ead944cff3560", "8d96be2882017859c132e29135bfa8389fc518c7a8fa115987cb81ab8ee58399", "437b4e98592df3aa97453cd91bc42554c4e7d22f57eb72acd30399aab9f8ed7e", "e51930227c1f303ca6b34fa94170d81f0512165ff7308526f5c68197f347e2cb", "ed9206075e59643ee7f26257e1acb9f53c1758fd53cdfa269e5323f686a1c5d3", "3bc94f387e5e1118773d9ab986039115bf9038f9262da84e0691ecb3334462aa", "0fd02c1cf5e471eccd229ab0534077e3dda91308acbaa6b4e8a15d4fc97b6b98", "af3ef5a49e1b5a7e2c0f099a0522ec94a8f520456d2631166f3ec0210d82d022", "06577101079df0a09060e0eb44b8c6eda8255f138ed3c5af2b669039567f51c5", "aa3c2568af4df9ecf3b4f11a25d50996a0f6005cddd38388f1190d3db8acfd4e", "9a1c47f337e892d67effafa70018fe9cf0e56d0c51a019989a97245e75d0be3d", "c1935ad5839cafe73c88f081d513b45379190e02395d8022c702b7472374b710", "6a38e36c3c79a10d84b1df2a28b6fc3c650bd2799b8ab2ce5e869ecf5e7ee92c", "bcb99f7cd04b670f21c60f63ff3549197affb1efa90ec9c00702540d581fee7f", "f68c5d2b029a43c0a265012f51f77dc0ba6dd72a44c3457606a600a9b08359d1", "b5e74f86d3d81801831504919301322a5bf66fbaad05153cb0d6607b0734131f", "3d426b7064f1d2dd537433dd263cbc3f049f3a01261e4f1e93d9dbbd9689d3e4", "4e7b0a65c1c022ac01703abcd924b9430289ad2fd0739b4d840eb32dcaf63258", "dc4e4a4900ac37937edeb3eae99d639bea6bac21ed34c54a9ab0b916fb556167", "0529bd46932a20e14da07133bd2614e7f81ef08a6ad26764ef9d732dd4988e35", "db9506aeffa9157c1e3a3f0a9852a96222d4b4c3b6937c2b1cb4ea5a10c2be4b", "94281f5e13a94a424a2704cfd6f5db503f8fc1d8753edd7b88a1b72d2c9c75ef", "7554e314af227056d5b542909815beb58fe0a2ca50b406d18e1263e04f5d91f3", "10362bfd9ff8f18e62e3820f517a90a157b6fa7a546a8c8f5f6130dfdd3de88b", "0fd57d56f1a5aa99eb20e4d15a31363292ead1d949734cc54570c9bb3fd53d03", "71a988b2ace69974a4e85a98621b8782decdb5255ff499fb04fb69882cc54312", "6830b989159440052c7fb38c5a78edd1cf3574b33e9d4e25863a8280d7249b11", "284e151ec6597ce6ccc0fb1848d44177bdb351ee0ad00b360014ea7ac5a31d84", "9ee10a8a4ae234cda9f7c4d329142208d8b638269143be2ac4ea10071c21d0b5", "64b287518fbff6bdf964537422e415bcb3435dc73fa98e767f6df01b8d092f5f", "072fa77729d844c920070ee8185d91d404c65892bd3ec3324473ad0155b68988", "ef1b63884af89306dabf230b9c25410dac0c26c974083d1d2a0ddd2d201cd6a3", "7a5307616f8987e9e9991b4b3b0c9a50daeb18947426bc010f3e043ae1ffe658", "6971cad8f0b8e9de3bb406ec10956e0ee095a47d127c7b245379fdd66cf5f32e", "514670325741ff21596e562511ff1e7ad12b7a627cdbeedc67b93ed44f3e732e", "0f074c20be427e86895db557908d85e833b1c2b1a765ea17bf9d1dcd77aa1ad1", "060fb684fd152f2546906c5b85485c24d4e94c7b5e8b93458097d7014154ccc9", "00ec05a0fd4ccd413e28f89d1443089eda2e50becdc97e2b44a6e74c55d65fb8", "8df01a08896f45bf84ba3bfe6d0b1bf7539bc00a71794e4126502c1650cb593e", "757fbdc22c3a597eb40bca8f50f71d0bc59d874bbadee0709a7d3d7631896626", "42ee13d14f840858d94c7e8712c75455bc6828b65d02d2c798f8e304348bd21d", "3445899a37c24d910f0f91f4a330c26054f3f0018b6c44fe619fe4887673786a", "1f159d6772407b57400c1d524b97415f66134673ffd8b07c0fe123addea75f90", "bc225ff15a0644c18094284c4e502f3ecbddb86fed694631326856f0ed0164e7", "478c99de0dcee5ab3da347112b287cdae59780f1cc2f5c5d01e646d8d927474d", "55cf600f0eac84ea1af8fcbb602d59e00498c86ae3b3221f63eb7506904e31e1", "3ca55dfb0daf326b2f643596c081276febf119e8da00f9d7d027a877b9b143d0", "f3efbedbcdf30498ed948c6bb1aec6107c76a95bd5000fb9b52766253bd6ee3d", "037e63fa3cfd335313e3cb78d14b0e0a779c4da19a7646d75403858a879d70f9"], "mitre_attack_tags": ["TA0007", "T1049"]}, {"bi": "process-ping", "hashes": ["a98fb6e329c2046d296dccac5580f1bf2b8fd6186913deb9cddcafc09be0813c", "5317f8a165ff205a65635eec691450948e7846ef1a70bca64b03ff4f8523cd97", "91e17a189ddc9dfec52d8d36621c9e860b0dc025e2f77112196d0ecec2008332", "fa023caa3aebd699466398bae8c709d826e5c1a14718c969688854f28936d07f", "21ede0344d272a3a8a772dbdaadbacff83b522fcb01728965a8f29a4726358d9", "7e77d51383f33f8a97f0a5d05fbe82c4d6d143bbae5a65f4866ead944cff3560", "8d96be2882017859c132e29135bfa8389fc518c7a8fa115987cb81ab8ee58399", "437b4e98592df3aa97453cd91bc42554c4e7d22f57eb72acd30399aab9f8ed7e", "e51930227c1f303ca6b34fa94170d81f0512165ff7308526f5c68197f347e2cb", "ed9206075e59643ee7f26257e1acb9f53c1758fd53cdfa269e5323f686a1c5d3", "3bc94f387e5e1118773d9ab986039115bf9038f9262da84e0691ecb3334462aa", "0fd02c1cf5e471eccd229ab0534077e3dda91308acbaa6b4e8a15d4fc97b6b98", "af3ef5a49e1b5a7e2c0f099a0522ec94a8f520456d2631166f3ec0210d82d022", "06577101079df0a09060e0eb44b8c6eda8255f138ed3c5af2b669039567f51c5", "aa3c2568af4df9ecf3b4f11a25d50996a0f6005cddd38388f1190d3db8acfd4e", "9a1c47f337e892d67effafa70018fe9cf0e56d0c51a019989a97245e75d0be3d", "c1935ad5839cafe73c88f081d513b45379190e02395d8022c702b7472374b710", "6a38e36c3c79a10d84b1df2a28b6fc3c650bd2799b8ab2ce5e869ecf5e7ee92c", "bcb99f7cd04b670f21c60f63ff3549197affb1efa90ec9c00702540d581fee7f", "f68c5d2b029a43c0a265012f51f77dc0ba6dd72a44c3457606a600a9b08359d1", "b5e74f86d3d81801831504919301322a5bf66fbaad05153cb0d6607b0734131f", "3d426b7064f1d2dd537433dd263cbc3f049f3a01261e4f1e93d9dbbd9689d3e4", "4e7b0a65c1c022ac01703abcd924b9430289ad2fd0739b4d840eb32dcaf63258", "dc4e4a4900ac37937edeb3eae99d639bea6bac21ed34c54a9ab0b916fb556167", "0529bd46932a20e14da07133bd2614e7f81ef08a6ad26764ef9d732dd4988e35", "db9506aeffa9157c1e3a3f0a9852a96222d4b4c3b6937c2b1cb4ea5a10c2be4b", "94281f5e13a94a424a2704cfd6f5db503f8fc1d8753edd7b88a1b72d2c9c75ef", "7554e314af227056d5b542909815beb58fe0a2ca50b406d18e1263e04f5d91f3", "10362bfd9ff8f18e62e3820f517a90a157b6fa7a546a8c8f5f6130dfdd3de88b", "0fd57d56f1a5aa99eb20e4d15a31363292ead1d949734cc54570c9bb3fd53d03", "71a988b2ace69974a4e85a98621b8782decdb5255ff499fb04fb69882cc54312", "6830b989159440052c7fb38c5a78edd1cf3574b33e9d4e25863a8280d7249b11", "284e151ec6597ce6ccc0fb1848d44177bdb351ee0ad00b360014ea7ac5a31d84", "9ee10a8a4ae234cda9f7c4d329142208d8b638269143be2ac4ea10071c21d0b5", "64b287518fbff6bdf964537422e415bcb3435dc73fa98e767f6df01b8d092f5f", "072fa77729d844c920070ee8185d91d404c65892bd3ec3324473ad0155b68988", "ef1b63884af89306dabf230b9c25410dac0c26c974083d1d2a0ddd2d201cd6a3", "7a5307616f8987e9e9991b4b3b0c9a50daeb18947426bc010f3e043ae1ffe658", "6971cad8f0b8e9de3bb406ec10956e0ee095a47d127c7b245379fdd66cf5f32e", "514670325741ff21596e562511ff1e7ad12b7a627cdbeedc67b93ed44f3e732e", "0f074c20be427e86895db557908d85e833b1c2b1a765ea17bf9d1dcd77aa1ad1", "060fb684fd152f2546906c5b85485c24d4e94c7b5e8b93458097d7014154ccc9", "00ec05a0fd4ccd413e28f89d1443089eda2e50becdc97e2b44a6e74c55d65fb8", "8df01a08896f45bf84ba3bfe6d0b1bf7539bc00a71794e4126502c1650cb593e", "757fbdc22c3a597eb40bca8f50f71d0bc59d874bbadee0709a7d3d7631896626", "42ee13d14f840858d94c7e8712c75455bc6828b65d02d2c798f8e304348bd21d", "3445899a37c24d910f0f91f4a330c26054f3f0018b6c44fe619fe4887673786a", "1f159d6772407b57400c1d524b97415f66134673ffd8b07c0fe123addea75f90", "bc225ff15a0644c18094284c4e502f3ecbddb86fed694631326856f0ed0164e7", "478c99de0dcee5ab3da347112b287cdae59780f1cc2f5c5d01e646d8d927474d", "55cf600f0eac84ea1af8fcbb602d59e00498c86ae3b3221f63eb7506904e31e1", "3ca55dfb0daf326b2f643596c081276febf119e8da00f9d7d027a877b9b143d0", "f3efbedbcdf30498ed948c6bb1aec6107c76a95bd5000fb9b52766253bd6ee3d", "037e63fa3cfd335313e3cb78d14b0e0a779c4da19a7646d75403858a879d70f9"], "mitre_attack_tags": ["TA0007", "T1049"]}, {"bi": "process-ping-localhost", "hashes": ["a98fb6e329c2046d296dccac5580f1bf2b8fd6186913deb9cddcafc09be0813c", "5317f8a165ff205a65635eec691450948e7846ef1a70bca64b03ff4f8523cd97", "91e17a189ddc9dfec52d8d36621c9e860b0dc025e2f77112196d0ecec2008332", "fa023caa3aebd699466398bae8c709d826e5c1a14718c969688854f28936d07f", "21ede0344d272a3a8a772dbdaadbacff83b522fcb01728965a8f29a4726358d9", "7e77d51383f33f8a97f0a5d05fbe82c4d6d143bbae5a65f4866ead944cff3560", "8d96be2882017859c132e29135bfa8389fc518c7a8fa115987cb81ab8ee58399", "437b4e98592df3aa97453cd91bc42554c4e7d22f57eb72acd30399aab9f8ed7e", "e51930227c1f303ca6b34fa94170d81f0512165ff7308526f5c68197f347e2cb", "ed9206075e59643ee7f26257e1acb9f53c1758fd53cdfa269e5323f686a1c5d3", "3bc94f387e5e1118773d9ab986039115bf9038f9262da84e0691ecb3334462aa", "0fd02c1cf5e471eccd229ab0534077e3dda91308acbaa6b4e8a15d4fc97b6b98", "af3ef5a49e1b5a7e2c0f099a0522ec94a8f520456d2631166f3ec0210d82d022", "06577101079df0a09060e0eb44b8c6eda8255f138ed3c5af2b669039567f51c5", "aa3c2568af4df9ecf3b4f11a25d50996a0f6005cddd38388f1190d3db8acfd4e", "9a1c47f337e892d67effafa70018fe9cf0e56d0c51a019989a97245e75d0be3d", "c1935ad5839cafe73c88f081d513b45379190e02395d8022c702b7472374b710", "6a38e36c3c79a10d84b1df2a28b6fc3c650bd2799b8ab2ce5e869ecf5e7ee92c", "bcb99f7cd04b670f21c60f63ff3549197affb1efa90ec9c00702540d581fee7f", "f68c5d2b029a43c0a265012f51f77dc0ba6dd72a44c3457606a600a9b08359d1", "b5e74f86d3d81801831504919301322a5bf66fbaad05153cb0d6607b0734131f", "3d426b7064f1d2dd537433dd263cbc3f049f3a01261e4f1e93d9dbbd9689d3e4", "4e7b0a65c1c022ac01703abcd924b9430289ad2fd0739b4d840eb32dcaf63258", "dc4e4a4900ac37937edeb3eae99d639bea6bac21ed34c54a9ab0b916fb556167", "0529bd46932a20e14da07133bd2614e7f81ef08a6ad26764ef9d732dd4988e35", "db9506aeffa9157c1e3a3f0a9852a96222d4b4c3b6937c2b1cb4ea5a10c2be4b", "94281f5e13a94a424a2704cfd6f5db503f8fc1d8753edd7b88a1b72d2c9c75ef", "7554e314af227056d5b542909815beb58fe0a2ca50b406d18e1263e04f5d91f3", "10362bfd9ff8f18e62e3820f517a90a157b6fa7a546a8c8f5f6130dfdd3de88b", "0fd57d56f1a5aa99eb20e4d15a31363292ead1d949734cc54570c9bb3fd53d03", "71a988b2ace69974a4e85a98621b8782decdb5255ff499fb04fb69882cc54312", "6830b989159440052c7fb38c5a78edd1cf3574b33e9d4e25863a8280d7249b11", "284e151ec6597ce6ccc0fb1848d44177bdb351ee0ad00b360014ea7ac5a31d84", "9ee10a8a4ae234cda9f7c4d329142208d8b638269143be2ac4ea10071c21d0b5", "64b287518fbff6bdf964537422e415bcb3435dc73fa98e767f6df01b8d092f5f", "072fa77729d844c920070ee8185d91d404c65892bd3ec3324473ad0155b68988", "ef1b63884af89306dabf230b9c25410dac0c26c974083d1d2a0ddd2d201cd6a3", "7a5307616f8987e9e9991b4b3b0c9a50daeb18947426bc010f3e043ae1ffe658", "6971cad8f0b8e9de3bb406ec10956e0ee095a47d127c7b245379fdd66cf5f32e", "514670325741ff21596e562511ff1e7ad12b7a627cdbeedc67b93ed44f3e732e", "0f074c20be427e86895db557908d85e833b1c2b1a765ea17bf9d1dcd77aa1ad1", "060fb684fd152f2546906c5b85485c24d4e94c7b5e8b93458097d7014154ccc9", "00ec05a0fd4ccd413e28f89d1443089eda2e50becdc97e2b44a6e74c55d65fb8", "8df01a08896f45bf84ba3bfe6d0b1bf7539bc00a71794e4126502c1650cb593e", "757fbdc22c3a597eb40bca8f50f71d0bc59d874bbadee0709a7d3d7631896626", "42ee13d14f840858d94c7e8712c75455bc6828b65d02d2c798f8e304348bd21d", "3445899a37c24d910f0f91f4a330c26054f3f0018b6c44fe619fe4887673786a", "1f159d6772407b57400c1d524b97415f66134673ffd8b07c0fe123addea75f90", "bc225ff15a0644c18094284c4e502f3ecbddb86fed694631326856f0ed0164e7", "478c99de0dcee5ab3da347112b287cdae59780f1cc2f5c5d01e646d8d927474d", "55cf600f0eac84ea1af8fcbb602d59e00498c86ae3b3221f63eb7506904e31e1", "3ca55dfb0daf326b2f643596c081276febf119e8da00f9d7d027a877b9b143d0", "f3efbedbcdf30498ed948c6bb1aec6107c76a95bd5000fb9b52766253bd6ee3d", "037e63fa3cfd335313e3cb78d14b0e0a779c4da19a7646d75403858a879d70f9"], "mitre_attack_tags": ["TA0007", "T1016"]}, {"bi": "startup-folder-lnk-file", "hashes": ["a98fb6e329c2046d296dccac5580f1bf2b8fd6186913deb9cddcafc09be0813c", "5317f8a165ff205a65635eec691450948e7846ef1a70bca64b03ff4f8523cd97", "91e17a189ddc9dfec52d8d36621c9e860b0dc025e2f77112196d0ecec2008332", "fa023caa3aebd699466398bae8c709d826e5c1a14718c969688854f28936d07f", "21ede0344d272a3a8a772dbdaadbacff83b522fcb01728965a8f29a4726358d9", "7e77d51383f33f8a97f0a5d05fbe82c4d6d143bbae5a65f4866ead944cff3560", "8d96be2882017859c132e29135bfa8389fc518c7a8fa115987cb81ab8ee58399", "437b4e98592df3aa97453cd91bc42554c4e7d22f57eb72acd30399aab9f8ed7e", "e51930227c1f303ca6b34fa94170d81f0512165ff7308526f5c68197f347e2cb", "ed9206075e59643ee7f26257e1acb9f53c1758fd53cdfa269e5323f686a1c5d3", "3bc94f387e5e1118773d9ab986039115bf9038f9262da84e0691ecb3334462aa", "0fd02c1cf5e471eccd229ab0534077e3dda91308acbaa6b4e8a15d4fc97b6b98", "af3ef5a49e1b5a7e2c0f099a0522ec94a8f520456d2631166f3ec0210d82d022", "06577101079df0a09060e0eb44b8c6eda8255f138ed3c5af2b669039567f51c5", "aa3c2568af4df9ecf3b4f11a25d50996a0f6005cddd38388f1190d3db8acfd4e", "9a1c47f337e892d67effafa70018fe9cf0e56d0c51a019989a97245e75d0be3d", "c1935ad5839cafe73c88f081d513b45379190e02395d8022c702b7472374b710", "6a38e36c3c79a10d84b1df2a28b6fc3c650bd2799b8ab2ce5e869ecf5e7ee92c", "bcb99f7cd04b670f21c60f63ff3549197affb1efa90ec9c00702540d581fee7f", "f68c5d2b029a43c0a265012f51f77dc0ba6dd72a44c3457606a600a9b08359d1", "b5e74f86d3d81801831504919301322a5bf66fbaad05153cb0d6607b0734131f", "3d426b7064f1d2dd537433dd263cbc3f049f3a01261e4f1e93d9dbbd9689d3e4", "4e7b0a65c1c022ac01703abcd924b9430289ad2fd0739b4d840eb32dcaf63258", "dc4e4a4900ac37937edeb3eae99d639bea6bac21ed34c54a9ab0b916fb556167", "0529bd46932a20e14da07133bd2614e7f81ef08a6ad26764ef9d732dd4988e35", "db9506aeffa9157c1e3a3f0a9852a96222d4b4c3b6937c2b1cb4ea5a10c2be4b", "94281f5e13a94a424a2704cfd6f5db503f8fc1d8753edd7b88a1b72d2c9c75ef", "7554e314af227056d5b542909815beb58fe0a2ca50b406d18e1263e04f5d91f3", "10362bfd9ff8f18e62e3820f517a90a157b6fa7a546a8c8f5f6130dfdd3de88b", "0fd57d56f1a5aa99eb20e4d15a31363292ead1d949734cc54570c9bb3fd53d03", "71a988b2ace69974a4e85a98621b8782decdb5255ff499fb04fb69882cc54312", "6830b989159440052c7fb38c5a78edd1cf3574b33e9d4e25863a8280d7249b11", "284e151ec6597ce6ccc0fb1848d44177bdb351ee0ad00b360014ea7ac5a31d84", "9ee10a8a4ae234cda9f7c4d329142208d8b638269143be2ac4ea10071c21d0b5", "64b287518fbff6bdf964537422e415bcb3435dc73fa98e767f6df01b8d092f5f", "072fa77729d844c920070ee8185d91d404c65892bd3ec3324473ad0155b68988", "ef1b63884af89306dabf230b9c25410dac0c26c974083d1d2a0ddd2d201cd6a3", "7a5307616f8987e9e9991b4b3b0c9a50daeb18947426bc010f3e043ae1ffe658", "6971cad8f0b8e9de3bb406ec10956e0ee095a47d127c7b245379fdd66cf5f32e", "514670325741ff21596e562511ff1e7ad12b7a627cdbeedc67b93ed44f3e732e", "0f074c20be427e86895db557908d85e833b1c2b1a765ea17bf9d1dcd77aa1ad1", "060fb684fd152f2546906c5b85485c24d4e94c7b5e8b93458097d7014154ccc9", "00ec05a0fd4ccd413e28f89d1443089eda2e50becdc97e2b44a6e74c55d65fb8", "8df01a08896f45bf84ba3bfe6d0b1bf7539bc00a71794e4126502c1650cb593e", "757fbdc22c3a597eb40bca8f50f71d0bc59d874bbadee0709a7d3d7631896626", "42ee13d14f840858d94c7e8712c75455bc6828b65d02d2c798f8e304348bd21d", "3445899a37c24d910f0f91f4a330c26054f3f0018b6c44fe619fe4887673786a", "1f159d6772407b57400c1d524b97415f66134673ffd8b07c0fe123addea75f90", "bc225ff15a0644c18094284c4e502f3ecbddb86fed694631326856f0ed0164e7", "478c99de0dcee5ab3da347112b287cdae59780f1cc2f5c5d01e646d8d927474d", "55cf600f0eac84ea1af8fcbb602d59e00498c86ae3b3221f63eb7506904e31e1", "3ca55dfb0daf326b2f643596c081276febf119e8da00f9d7d027a877b9b143d0", "f3efbedbcdf30498ed948c6bb1aec6107c76a95bd5000fb9b52766253bd6ee3d", "037e63fa3cfd335313e3cb78d14b0e0a779c4da19a7646d75403858a879d70f9"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "recycler-file-creation", "hashes": ["a98fb6e329c2046d296dccac5580f1bf2b8fd6186913deb9cddcafc09be0813c", "5317f8a165ff205a65635eec691450948e7846ef1a70bca64b03ff4f8523cd97", "91e17a189ddc9dfec52d8d36621c9e860b0dc025e2f77112196d0ecec2008332", "fa023caa3aebd699466398bae8c709d826e5c1a14718c969688854f28936d07f", "21ede0344d272a3a8a772dbdaadbacff83b522fcb01728965a8f29a4726358d9", "7e77d51383f33f8a97f0a5d05fbe82c4d6d143bbae5a65f4866ead944cff3560", "8d96be2882017859c132e29135bfa8389fc518c7a8fa115987cb81ab8ee58399", "437b4e98592df3aa97453cd91bc42554c4e7d22f57eb72acd30399aab9f8ed7e", "e51930227c1f303ca6b34fa94170d81f0512165ff7308526f5c68197f347e2cb", "ed9206075e59643ee7f26257e1acb9f53c1758fd53cdfa269e5323f686a1c5d3", "3bc94f387e5e1118773d9ab986039115bf9038f9262da84e0691ecb3334462aa", "0fd02c1cf5e471eccd229ab0534077e3dda91308acbaa6b4e8a15d4fc97b6b98", "af3ef5a49e1b5a7e2c0f099a0522ec94a8f520456d2631166f3ec0210d82d022", "06577101079df0a09060e0eb44b8c6eda8255f138ed3c5af2b669039567f51c5", "aa3c2568af4df9ecf3b4f11a25d50996a0f6005cddd38388f1190d3db8acfd4e", "9a1c47f337e892d67effafa70018fe9cf0e56d0c51a019989a97245e75d0be3d", "c1935ad5839cafe73c88f081d513b45379190e02395d8022c702b7472374b710", "6a38e36c3c79a10d84b1df2a28b6fc3c650bd2799b8ab2ce5e869ecf5e7ee92c", "bcb99f7cd04b670f21c60f63ff3549197affb1efa90ec9c00702540d581fee7f", "f68c5d2b029a43c0a265012f51f77dc0ba6dd72a44c3457606a600a9b08359d1", "b5e74f86d3d81801831504919301322a5bf66fbaad05153cb0d6607b0734131f", "3d426b7064f1d2dd537433dd263cbc3f049f3a01261e4f1e93d9dbbd9689d3e4", "4e7b0a65c1c022ac01703abcd924b9430289ad2fd0739b4d840eb32dcaf63258", "dc4e4a4900ac37937edeb3eae99d639bea6bac21ed34c54a9ab0b916fb556167", "0529bd46932a20e14da07133bd2614e7f81ef08a6ad26764ef9d732dd4988e35", "db9506aeffa9157c1e3a3f0a9852a96222d4b4c3b6937c2b1cb4ea5a10c2be4b", "94281f5e13a94a424a2704cfd6f5db503f8fc1d8753edd7b88a1b72d2c9c75ef", "7554e314af227056d5b542909815beb58fe0a2ca50b406d18e1263e04f5d91f3", "10362bfd9ff8f18e62e3820f517a90a157b6fa7a546a8c8f5f6130dfdd3de88b", "0fd57d56f1a5aa99eb20e4d15a31363292ead1d949734cc54570c9bb3fd53d03", "71a988b2ace69974a4e85a98621b8782decdb5255ff499fb04fb69882cc54312", "6830b989159440052c7fb38c5a78edd1cf3574b33e9d4e25863a8280d7249b11", "284e151ec6597ce6ccc0fb1848d44177bdb351ee0ad00b360014ea7ac5a31d84", "9ee10a8a4ae234cda9f7c4d329142208d8b638269143be2ac4ea10071c21d0b5", "64b287518fbff6bdf964537422e415bcb3435dc73fa98e767f6df01b8d092f5f", "072fa77729d844c920070ee8185d91d404c65892bd3ec3324473ad0155b68988", "ef1b63884af89306dabf230b9c25410dac0c26c974083d1d2a0ddd2d201cd6a3", "7a5307616f8987e9e9991b4b3b0c9a50daeb18947426bc010f3e043ae1ffe658", "6971cad8f0b8e9de3bb406ec10956e0ee095a47d127c7b245379fdd66cf5f32e", "514670325741ff21596e562511ff1e7ad12b7a627cdbeedc67b93ed44f3e732e", "0f074c20be427e86895db557908d85e833b1c2b1a765ea17bf9d1dcd77aa1ad1", "060fb684fd152f2546906c5b85485c24d4e94c7b5e8b93458097d7014154ccc9", "00ec05a0fd4ccd413e28f89d1443089eda2e50becdc97e2b44a6e74c55d65fb8", "8df01a08896f45bf84ba3bfe6d0b1bf7539bc00a71794e4126502c1650cb593e", "757fbdc22c3a597eb40bca8f50f71d0bc59d874bbadee0709a7d3d7631896626", "42ee13d14f840858d94c7e8712c75455bc6828b65d02d2c798f8e304348bd21d", "3445899a37c24d910f0f91f4a330c26054f3f0018b6c44fe619fe4887673786a", "1f159d6772407b57400c1d524b97415f66134673ffd8b07c0fe123addea75f90", "bc225ff15a0644c18094284c4e502f3ecbddb86fed694631326856f0ed0164e7", "478c99de0dcee5ab3da347112b287cdae59780f1cc2f5c5d01e646d8d927474d", "55cf600f0eac84ea1af8fcbb602d59e00498c86ae3b3221f63eb7506904e31e1", "3ca55dfb0daf326b2f643596c081276febf119e8da00f9d7d027a877b9b143d0", "f3efbedbcdf30498ed948c6bb1aec6107c76a95bd5000fb9b52766253bd6ee3d", "037e63fa3cfd335313e3cb78d14b0e0a779c4da19a7646d75403858a879d70f9"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-section-name-contains-whitespace", "hashes": ["a98fb6e329c2046d296dccac5580f1bf2b8fd6186913deb9cddcafc09be0813c", "5317f8a165ff205a65635eec691450948e7846ef1a70bca64b03ff4f8523cd97", "91e17a189ddc9dfec52d8d36621c9e860b0dc025e2f77112196d0ecec2008332", "fa023caa3aebd699466398bae8c709d826e5c1a14718c969688854f28936d07f", "21ede0344d272a3a8a772dbdaadbacff83b522fcb01728965a8f29a4726358d9", "7e77d51383f33f8a97f0a5d05fbe82c4d6d143bbae5a65f4866ead944cff3560", "8d96be2882017859c132e29135bfa8389fc518c7a8fa115987cb81ab8ee58399", "437b4e98592df3aa97453cd91bc42554c4e7d22f57eb72acd30399aab9f8ed7e", "e51930227c1f303ca6b34fa94170d81f0512165ff7308526f5c68197f347e2cb", "ed9206075e59643ee7f26257e1acb9f53c1758fd53cdfa269e5323f686a1c5d3", "3bc94f387e5e1118773d9ab986039115bf9038f9262da84e0691ecb3334462aa", "0fd02c1cf5e471eccd229ab0534077e3dda91308acbaa6b4e8a15d4fc97b6b98", "af3ef5a49e1b5a7e2c0f099a0522ec94a8f520456d2631166f3ec0210d82d022", "06577101079df0a09060e0eb44b8c6eda8255f138ed3c5af2b669039567f51c5", "aa3c2568af4df9ecf3b4f11a25d50996a0f6005cddd38388f1190d3db8acfd4e", "9a1c47f337e892d67effafa70018fe9cf0e56d0c51a019989a97245e75d0be3d", "c1935ad5839cafe73c88f081d513b45379190e02395d8022c702b7472374b710", "6a38e36c3c79a10d84b1df2a28b6fc3c650bd2799b8ab2ce5e869ecf5e7ee92c", "bcb99f7cd04b670f21c60f63ff3549197affb1efa90ec9c00702540d581fee7f", "f68c5d2b029a43c0a265012f51f77dc0ba6dd72a44c3457606a600a9b08359d1", "b5e74f86d3d81801831504919301322a5bf66fbaad05153cb0d6607b0734131f", "3d426b7064f1d2dd537433dd263cbc3f049f3a01261e4f1e93d9dbbd9689d3e4", "4e7b0a65c1c022ac01703abcd924b9430289ad2fd0739b4d840eb32dcaf63258", "dc4e4a4900ac37937edeb3eae99d639bea6bac21ed34c54a9ab0b916fb556167", "0529bd46932a20e14da07133bd2614e7f81ef08a6ad26764ef9d732dd4988e35", "db9506aeffa9157c1e3a3f0a9852a96222d4b4c3b6937c2b1cb4ea5a10c2be4b", "94281f5e13a94a424a2704cfd6f5db503f8fc1d8753edd7b88a1b72d2c9c75ef", "7554e314af227056d5b542909815beb58fe0a2ca50b406d18e1263e04f5d91f3", "10362bfd9ff8f18e62e3820f517a90a157b6fa7a546a8c8f5f6130dfdd3de88b", "0fd57d56f1a5aa99eb20e4d15a31363292ead1d949734cc54570c9bb3fd53d03", "71a988b2ace69974a4e85a98621b8782decdb5255ff499fb04fb69882cc54312", "6830b989159440052c7fb38c5a78edd1cf3574b33e9d4e25863a8280d7249b11", "284e151ec6597ce6ccc0fb1848d44177bdb351ee0ad00b360014ea7ac5a31d84", "9ee10a8a4ae234cda9f7c4d329142208d8b638269143be2ac4ea10071c21d0b5", "64b287518fbff6bdf964537422e415bcb3435dc73fa98e767f6df01b8d092f5f", "072fa77729d844c920070ee8185d91d404c65892bd3ec3324473ad0155b68988", "ef1b63884af89306dabf230b9c25410dac0c26c974083d1d2a0ddd2d201cd6a3", "7a5307616f8987e9e9991b4b3b0c9a50daeb18947426bc010f3e043ae1ffe658", "6971cad8f0b8e9de3bb406ec10956e0ee095a47d127c7b245379fdd66cf5f32e", "514670325741ff21596e562511ff1e7ad12b7a627cdbeedc67b93ed44f3e732e", "0f074c20be427e86895db557908d85e833b1c2b1a765ea17bf9d1dcd77aa1ad1", "060fb684fd152f2546906c5b85485c24d4e94c7b5e8b93458097d7014154ccc9", "00ec05a0fd4ccd413e28f89d1443089eda2e50becdc97e2b44a6e74c55d65fb8", "8df01a08896f45bf84ba3bfe6d0b1bf7539bc00a71794e4126502c1650cb593e", "757fbdc22c3a597eb40bca8f50f71d0bc59d874bbadee0709a7d3d7631896626", "42ee13d14f840858d94c7e8712c75455bc6828b65d02d2c798f8e304348bd21d", "3445899a37c24d910f0f91f4a330c26054f3f0018b6c44fe619fe4887673786a", "1f159d6772407b57400c1d524b97415f66134673ffd8b07c0fe123addea75f90", "bc225ff15a0644c18094284c4e502f3ecbddb86fed694631326856f0ed0164e7", "478c99de0dcee5ab3da347112b287cdae59780f1cc2f5c5d01e646d8d927474d", "55cf600f0eac84ea1af8fcbb602d59e00498c86ae3b3221f63eb7506904e31e1", "3ca55dfb0daf326b2f643596c081276febf119e8da00f9d7d027a877b9b143d0", "f3efbedbcdf30498ed948c6bb1aec6107c76a95bd5000fb9b52766253bd6ee3d", "037e63fa3cfd335313e3cb78d14b0e0a779c4da19a7646d75403858a879d70f9"], "mitre_attack_tags": []}, {"bi": "registry-autorun-commandprocessor", "hashes": ["a98fb6e329c2046d296dccac5580f1bf2b8fd6186913deb9cddcafc09be0813c", "5317f8a165ff205a65635eec691450948e7846ef1a70bca64b03ff4f8523cd97", "91e17a189ddc9dfec52d8d36621c9e860b0dc025e2f77112196d0ecec2008332", "fa023caa3aebd699466398bae8c709d826e5c1a14718c969688854f28936d07f", "21ede0344d272a3a8a772dbdaadbacff83b522fcb01728965a8f29a4726358d9", "7e77d51383f33f8a97f0a5d05fbe82c4d6d143bbae5a65f4866ead944cff3560", "8d96be2882017859c132e29135bfa8389fc518c7a8fa115987cb81ab8ee58399", "437b4e98592df3aa97453cd91bc42554c4e7d22f57eb72acd30399aab9f8ed7e", "e51930227c1f303ca6b34fa94170d81f0512165ff7308526f5c68197f347e2cb", "ed9206075e59643ee7f26257e1acb9f53c1758fd53cdfa269e5323f686a1c5d3", "3bc94f387e5e1118773d9ab986039115bf9038f9262da84e0691ecb3334462aa", "0fd02c1cf5e471eccd229ab0534077e3dda91308acbaa6b4e8a15d4fc97b6b98", "af3ef5a49e1b5a7e2c0f099a0522ec94a8f520456d2631166f3ec0210d82d022", "06577101079df0a09060e0eb44b8c6eda8255f138ed3c5af2b669039567f51c5", "aa3c2568af4df9ecf3b4f11a25d50996a0f6005cddd38388f1190d3db8acfd4e", "9a1c47f337e892d67effafa70018fe9cf0e56d0c51a019989a97245e75d0be3d", "c1935ad5839cafe73c88f081d513b45379190e02395d8022c702b7472374b710", "6a38e36c3c79a10d84b1df2a28b6fc3c650bd2799b8ab2ce5e869ecf5e7ee92c", "bcb99f7cd04b670f21c60f63ff3549197affb1efa90ec9c00702540d581fee7f", "f68c5d2b029a43c0a265012f51f77dc0ba6dd72a44c3457606a600a9b08359d1", "b5e74f86d3d81801831504919301322a5bf66fbaad05153cb0d6607b0734131f", "3d426b7064f1d2dd537433dd263cbc3f049f3a01261e4f1e93d9dbbd9689d3e4", "4e7b0a65c1c022ac01703abcd924b9430289ad2fd0739b4d840eb32dcaf63258", "dc4e4a4900ac37937edeb3eae99d639bea6bac21ed34c54a9ab0b916fb556167", "0529bd46932a20e14da07133bd2614e7f81ef08a6ad26764ef9d732dd4988e35", "db9506aeffa9157c1e3a3f0a9852a96222d4b4c3b6937c2b1cb4ea5a10c2be4b", "94281f5e13a94a424a2704cfd6f5db503f8fc1d8753edd7b88a1b72d2c9c75ef", "7554e314af227056d5b542909815beb58fe0a2ca50b406d18e1263e04f5d91f3", "10362bfd9ff8f18e62e3820f517a90a157b6fa7a546a8c8f5f6130dfdd3de88b", "0fd57d56f1a5aa99eb20e4d15a31363292ead1d949734cc54570c9bb3fd53d03", "71a988b2ace69974a4e85a98621b8782decdb5255ff499fb04fb69882cc54312", "6830b989159440052c7fb38c5a78edd1cf3574b33e9d4e25863a8280d7249b11", "284e151ec6597ce6ccc0fb1848d44177bdb351ee0ad00b360014ea7ac5a31d84", "9ee10a8a4ae234cda9f7c4d329142208d8b638269143be2ac4ea10071c21d0b5", "64b287518fbff6bdf964537422e415bcb3435dc73fa98e767f6df01b8d092f5f", "072fa77729d844c920070ee8185d91d404c65892bd3ec3324473ad0155b68988", "ef1b63884af89306dabf230b9c25410dac0c26c974083d1d2a0ddd2d201cd6a3", "7a5307616f8987e9e9991b4b3b0c9a50daeb18947426bc010f3e043ae1ffe658", "6971cad8f0b8e9de3bb406ec10956e0ee095a47d127c7b245379fdd66cf5f32e", "514670325741ff21596e562511ff1e7ad12b7a627cdbeedc67b93ed44f3e732e", "0f074c20be427e86895db557908d85e833b1c2b1a765ea17bf9d1dcd77aa1ad1", "060fb684fd152f2546906c5b85485c24d4e94c7b5e8b93458097d7014154ccc9", "00ec05a0fd4ccd413e28f89d1443089eda2e50becdc97e2b44a6e74c55d65fb8", "8df01a08896f45bf84ba3bfe6d0b1bf7539bc00a71794e4126502c1650cb593e", "757fbdc22c3a597eb40bca8f50f71d0bc59d874bbadee0709a7d3d7631896626", "42ee13d14f840858d94c7e8712c75455bc6828b65d02d2c798f8e304348bd21d", "3445899a37c24d910f0f91f4a330c26054f3f0018b6c44fe619fe4887673786a", "1f159d6772407b57400c1d524b97415f66134673ffd8b07c0fe123addea75f90", "bc225ff15a0644c18094284c4e502f3ecbddb86fed694631326856f0ed0164e7", "478c99de0dcee5ab3da347112b287cdae59780f1cc2f5c5d01e646d8d927474d", "55cf600f0eac84ea1af8fcbb602d59e00498c86ae3b3221f63eb7506904e31e1", "3ca55dfb0daf326b2f643596c081276febf119e8da00f9d7d027a877b9b143d0", "f3efbedbcdf30498ed948c6bb1aec6107c76a95bd5000fb9b52766253bd6ee3d", "037e63fa3cfd335313e3cb78d14b0e0a779c4da19a7646d75403858a879d70f9"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "screen-saver-modified", "hashes": ["a98fb6e329c2046d296dccac5580f1bf2b8fd6186913deb9cddcafc09be0813c", "5317f8a165ff205a65635eec691450948e7846ef1a70bca64b03ff4f8523cd97", "91e17a189ddc9dfec52d8d36621c9e860b0dc025e2f77112196d0ecec2008332", "fa023caa3aebd699466398bae8c709d826e5c1a14718c969688854f28936d07f", "21ede0344d272a3a8a772dbdaadbacff83b522fcb01728965a8f29a4726358d9", "7e77d51383f33f8a97f0a5d05fbe82c4d6d143bbae5a65f4866ead944cff3560", "8d96be2882017859c132e29135bfa8389fc518c7a8fa115987cb81ab8ee58399", "437b4e98592df3aa97453cd91bc42554c4e7d22f57eb72acd30399aab9f8ed7e", "e51930227c1f303ca6b34fa94170d81f0512165ff7308526f5c68197f347e2cb", "ed9206075e59643ee7f26257e1acb9f53c1758fd53cdfa269e5323f686a1c5d3", "3bc94f387e5e1118773d9ab986039115bf9038f9262da84e0691ecb3334462aa", "0fd02c1cf5e471eccd229ab0534077e3dda91308acbaa6b4e8a15d4fc97b6b98", "af3ef5a49e1b5a7e2c0f099a0522ec94a8f520456d2631166f3ec0210d82d022", "06577101079df0a09060e0eb44b8c6eda8255f138ed3c5af2b669039567f51c5", "aa3c2568af4df9ecf3b4f11a25d50996a0f6005cddd38388f1190d3db8acfd4e", "9a1c47f337e892d67effafa70018fe9cf0e56d0c51a019989a97245e75d0be3d", "c1935ad5839cafe73c88f081d513b45379190e02395d8022c702b7472374b710", "6a38e36c3c79a10d84b1df2a28b6fc3c650bd2799b8ab2ce5e869ecf5e7ee92c", "bcb99f7cd04b670f21c60f63ff3549197affb1efa90ec9c00702540d581fee7f", "f68c5d2b029a43c0a265012f51f77dc0ba6dd72a44c3457606a600a9b08359d1", "b5e74f86d3d81801831504919301322a5bf66fbaad05153cb0d6607b0734131f", "3d426b7064f1d2dd537433dd263cbc3f049f3a01261e4f1e93d9dbbd9689d3e4", "4e7b0a65c1c022ac01703abcd924b9430289ad2fd0739b4d840eb32dcaf63258", "dc4e4a4900ac37937edeb3eae99d639bea6bac21ed34c54a9ab0b916fb556167", "0529bd46932a20e14da07133bd2614e7f81ef08a6ad26764ef9d732dd4988e35", "db9506aeffa9157c1e3a3f0a9852a96222d4b4c3b6937c2b1cb4ea5a10c2be4b", "94281f5e13a94a424a2704cfd6f5db503f8fc1d8753edd7b88a1b72d2c9c75ef", "7554e314af227056d5b542909815beb58fe0a2ca50b406d18e1263e04f5d91f3", "10362bfd9ff8f18e62e3820f517a90a157b6fa7a546a8c8f5f6130dfdd3de88b", "0fd57d56f1a5aa99eb20e4d15a31363292ead1d949734cc54570c9bb3fd53d03", "71a988b2ace69974a4e85a98621b8782decdb5255ff499fb04fb69882cc54312", "6830b989159440052c7fb38c5a78edd1cf3574b33e9d4e25863a8280d7249b11", "284e151ec6597ce6ccc0fb1848d44177bdb351ee0ad00b360014ea7ac5a31d84", "9ee10a8a4ae234cda9f7c4d329142208d8b638269143be2ac4ea10071c21d0b5", "64b287518fbff6bdf964537422e415bcb3435dc73fa98e767f6df01b8d092f5f", "072fa77729d844c920070ee8185d91d404c65892bd3ec3324473ad0155b68988", "ef1b63884af89306dabf230b9c25410dac0c26c974083d1d2a0ddd2d201cd6a3", "7a5307616f8987e9e9991b4b3b0c9a50daeb18947426bc010f3e043ae1ffe658", "6971cad8f0b8e9de3bb406ec10956e0ee095a47d127c7b245379fdd66cf5f32e", "514670325741ff21596e562511ff1e7ad12b7a627cdbeedc67b93ed44f3e732e", "0f074c20be427e86895db557908d85e833b1c2b1a765ea17bf9d1dcd77aa1ad1", "060fb684fd152f2546906c5b85485c24d4e94c7b5e8b93458097d7014154ccc9", "00ec05a0fd4ccd413e28f89d1443089eda2e50becdc97e2b44a6e74c55d65fb8", "8df01a08896f45bf84ba3bfe6d0b1bf7539bc00a71794e4126502c1650cb593e", "757fbdc22c3a597eb40bca8f50f71d0bc59d874bbadee0709a7d3d7631896626", "42ee13d14f840858d94c7e8712c75455bc6828b65d02d2c798f8e304348bd21d", "3445899a37c24d910f0f91f4a330c26054f3f0018b6c44fe619fe4887673786a", "1f159d6772407b57400c1d524b97415f66134673ffd8b07c0fe123addea75f90", "bc225ff15a0644c18094284c4e502f3ecbddb86fed694631326856f0ed0164e7", "478c99de0dcee5ab3da347112b287cdae59780f1cc2f5c5d01e646d8d927474d", "55cf600f0eac84ea1af8fcbb602d59e00498c86ae3b3221f63eb7506904e31e1", "3ca55dfb0daf326b2f643596c081276febf119e8da00f9d7d027a877b9b143d0", "f3efbedbcdf30498ed948c6bb1aec6107c76a95bd5000fb9b52766253bd6ee3d", "037e63fa3cfd335313e3cb78d14b0e0a779c4da19a7646d75403858a879d70f9"], "mitre_attack_tags": ["TA0003", "TA0004", "T1546"]}, {"bi": "process-check-deep-freeze", "hashes": ["a98fb6e329c2046d296dccac5580f1bf2b8fd6186913deb9cddcafc09be0813c", "5317f8a165ff205a65635eec691450948e7846ef1a70bca64b03ff4f8523cd97", "91e17a189ddc9dfec52d8d36621c9e860b0dc025e2f77112196d0ecec2008332", "fa023caa3aebd699466398bae8c709d826e5c1a14718c969688854f28936d07f", "21ede0344d272a3a8a772dbdaadbacff83b522fcb01728965a8f29a4726358d9", "7e77d51383f33f8a97f0a5d05fbe82c4d6d143bbae5a65f4866ead944cff3560", "8d96be2882017859c132e29135bfa8389fc518c7a8fa115987cb81ab8ee58399", "437b4e98592df3aa97453cd91bc42554c4e7d22f57eb72acd30399aab9f8ed7e", "e51930227c1f303ca6b34fa94170d81f0512165ff7308526f5c68197f347e2cb", "ed9206075e59643ee7f26257e1acb9f53c1758fd53cdfa269e5323f686a1c5d3", "3bc94f387e5e1118773d9ab986039115bf9038f9262da84e0691ecb3334462aa", "0fd02c1cf5e471eccd229ab0534077e3dda91308acbaa6b4e8a15d4fc97b6b98", "af3ef5a49e1b5a7e2c0f099a0522ec94a8f520456d2631166f3ec0210d82d022", "06577101079df0a09060e0eb44b8c6eda8255f138ed3c5af2b669039567f51c5", "aa3c2568af4df9ecf3b4f11a25d50996a0f6005cddd38388f1190d3db8acfd4e", "9a1c47f337e892d67effafa70018fe9cf0e56d0c51a019989a97245e75d0be3d", "c1935ad5839cafe73c88f081d513b45379190e02395d8022c702b7472374b710", "6a38e36c3c79a10d84b1df2a28b6fc3c650bd2799b8ab2ce5e869ecf5e7ee92c", "bcb99f7cd04b670f21c60f63ff3549197affb1efa90ec9c00702540d581fee7f", "f68c5d2b029a43c0a265012f51f77dc0ba6dd72a44c3457606a600a9b08359d1", "b5e74f86d3d81801831504919301322a5bf66fbaad05153cb0d6607b0734131f", "3d426b7064f1d2dd537433dd263cbc3f049f3a01261e4f1e93d9dbbd9689d3e4", "4e7b0a65c1c022ac01703abcd924b9430289ad2fd0739b4d840eb32dcaf63258", "dc4e4a4900ac37937edeb3eae99d639bea6bac21ed34c54a9ab0b916fb556167", "0529bd46932a20e14da07133bd2614e7f81ef08a6ad26764ef9d732dd4988e35", "db9506aeffa9157c1e3a3f0a9852a96222d4b4c3b6937c2b1cb4ea5a10c2be4b", "94281f5e13a94a424a2704cfd6f5db503f8fc1d8753edd7b88a1b72d2c9c75ef", "7554e314af227056d5b542909815beb58fe0a2ca50b406d18e1263e04f5d91f3", "10362bfd9ff8f18e62e3820f517a90a157b6fa7a546a8c8f5f6130dfdd3de88b", "0fd57d56f1a5aa99eb20e4d15a31363292ead1d949734cc54570c9bb3fd53d03", "71a988b2ace69974a4e85a98621b8782decdb5255ff499fb04fb69882cc54312", "6830b989159440052c7fb38c5a78edd1cf3574b33e9d4e25863a8280d7249b11", "284e151ec6597ce6ccc0fb1848d44177bdb351ee0ad00b360014ea7ac5a31d84", "9ee10a8a4ae234cda9f7c4d329142208d8b638269143be2ac4ea10071c21d0b5", "64b287518fbff6bdf964537422e415bcb3435dc73fa98e767f6df01b8d092f5f", "072fa77729d844c920070ee8185d91d404c65892bd3ec3324473ad0155b68988", "ef1b63884af89306dabf230b9c25410dac0c26c974083d1d2a0ddd2d201cd6a3", "7a5307616f8987e9e9991b4b3b0c9a50daeb18947426bc010f3e043ae1ffe658", "6971cad8f0b8e9de3bb406ec10956e0ee095a47d127c7b245379fdd66cf5f32e", "514670325741ff21596e562511ff1e7ad12b7a627cdbeedc67b93ed44f3e732e", "0f074c20be427e86895db557908d85e833b1c2b1a765ea17bf9d1dcd77aa1ad1", "060fb684fd152f2546906c5b85485c24d4e94c7b5e8b93458097d7014154ccc9", "00ec05a0fd4ccd413e28f89d1443089eda2e50becdc97e2b44a6e74c55d65fb8", "8df01a08896f45bf84ba3bfe6d0b1bf7539bc00a71794e4126502c1650cb593e", "757fbdc22c3a597eb40bca8f50f71d0bc59d874bbadee0709a7d3d7631896626", "42ee13d14f840858d94c7e8712c75455bc6828b65d02d2c798f8e304348bd21d", "3445899a37c24d910f0f91f4a330c26054f3f0018b6c44fe619fe4887673786a", "1f159d6772407b57400c1d524b97415f66134673ffd8b07c0fe123addea75f90", "bc225ff15a0644c18094284c4e502f3ecbddb86fed694631326856f0ed0164e7", "478c99de0dcee5ab3da347112b287cdae59780f1cc2f5c5d01e646d8d927474d", "55cf600f0eac84ea1af8fcbb602d59e00498c86ae3b3221f63eb7506904e31e1", "3ca55dfb0daf326b2f643596c081276febf119e8da00f9d7d027a877b9b143d0", "f3efbedbcdf30498ed948c6bb1aec6107c76a95bd5000fb9b52766253bd6ee3d", "037e63fa3cfd335313e3cb78d14b0e0a779c4da19a7646d75403858a879d70f9"], "mitre_attack_tags": ["TA0005", "TA0007", "T1497"]}, {"bi": "process-check-analysis-tools", "hashes": ["a98fb6e329c2046d296dccac5580f1bf2b8fd6186913deb9cddcafc09be0813c", "5317f8a165ff205a65635eec691450948e7846ef1a70bca64b03ff4f8523cd97", "91e17a189ddc9dfec52d8d36621c9e860b0dc025e2f77112196d0ecec2008332", "fa023caa3aebd699466398bae8c709d826e5c1a14718c969688854f28936d07f", "21ede0344d272a3a8a772dbdaadbacff83b522fcb01728965a8f29a4726358d9", "7e77d51383f33f8a97f0a5d05fbe82c4d6d143bbae5a65f4866ead944cff3560", "8d96be2882017859c132e29135bfa8389fc518c7a8fa115987cb81ab8ee58399", "437b4e98592df3aa97453cd91bc42554c4e7d22f57eb72acd30399aab9f8ed7e", "e51930227c1f303ca6b34fa94170d81f0512165ff7308526f5c68197f347e2cb", "ed9206075e59643ee7f26257e1acb9f53c1758fd53cdfa269e5323f686a1c5d3", "3bc94f387e5e1118773d9ab986039115bf9038f9262da84e0691ecb3334462aa", "0fd02c1cf5e471eccd229ab0534077e3dda91308acbaa6b4e8a15d4fc97b6b98", "af3ef5a49e1b5a7e2c0f099a0522ec94a8f520456d2631166f3ec0210d82d022", "06577101079df0a09060e0eb44b8c6eda8255f138ed3c5af2b669039567f51c5", "aa3c2568af4df9ecf3b4f11a25d50996a0f6005cddd38388f1190d3db8acfd4e", "9a1c47f337e892d67effafa70018fe9cf0e56d0c51a019989a97245e75d0be3d", "c1935ad5839cafe73c88f081d513b45379190e02395d8022c702b7472374b710", "6a38e36c3c79a10d84b1df2a28b6fc3c650bd2799b8ab2ce5e869ecf5e7ee92c", "bcb99f7cd04b670f21c60f63ff3549197affb1efa90ec9c00702540d581fee7f", "f68c5d2b029a43c0a265012f51f77dc0ba6dd72a44c3457606a600a9b08359d1", "b5e74f86d3d81801831504919301322a5bf66fbaad05153cb0d6607b0734131f", "3d426b7064f1d2dd537433dd263cbc3f049f3a01261e4f1e93d9dbbd9689d3e4", "4e7b0a65c1c022ac01703abcd924b9430289ad2fd0739b4d840eb32dcaf63258", "dc4e4a4900ac37937edeb3eae99d639bea6bac21ed34c54a9ab0b916fb556167", "0529bd46932a20e14da07133bd2614e7f81ef08a6ad26764ef9d732dd4988e35", "db9506aeffa9157c1e3a3f0a9852a96222d4b4c3b6937c2b1cb4ea5a10c2be4b", "94281f5e13a94a424a2704cfd6f5db503f8fc1d8753edd7b88a1b72d2c9c75ef", "7554e314af227056d5b542909815beb58fe0a2ca50b406d18e1263e04f5d91f3", "10362bfd9ff8f18e62e3820f517a90a157b6fa7a546a8c8f5f6130dfdd3de88b", "0fd57d56f1a5aa99eb20e4d15a31363292ead1d949734cc54570c9bb3fd53d03", "71a988b2ace69974a4e85a98621b8782decdb5255ff499fb04fb69882cc54312", "6830b989159440052c7fb38c5a78edd1cf3574b33e9d4e25863a8280d7249b11", "284e151ec6597ce6ccc0fb1848d44177bdb351ee0ad00b360014ea7ac5a31d84", "9ee10a8a4ae234cda9f7c4d329142208d8b638269143be2ac4ea10071c21d0b5", "64b287518fbff6bdf964537422e415bcb3435dc73fa98e767f6df01b8d092f5f", "072fa77729d844c920070ee8185d91d404c65892bd3ec3324473ad0155b68988", "ef1b63884af89306dabf230b9c25410dac0c26c974083d1d2a0ddd2d201cd6a3", "7a5307616f8987e9e9991b4b3b0c9a50daeb18947426bc010f3e043ae1ffe658", "6971cad8f0b8e9de3bb406ec10956e0ee095a47d127c7b245379fdd66cf5f32e", "514670325741ff21596e562511ff1e7ad12b7a627cdbeedc67b93ed44f3e732e", "0f074c20be427e86895db557908d85e833b1c2b1a765ea17bf9d1dcd77aa1ad1", "060fb684fd152f2546906c5b85485c24d4e94c7b5e8b93458097d7014154ccc9", "00ec05a0fd4ccd413e28f89d1443089eda2e50becdc97e2b44a6e74c55d65fb8", "8df01a08896f45bf84ba3bfe6d0b1bf7539bc00a71794e4126502c1650cb593e", "757fbdc22c3a597eb40bca8f50f71d0bc59d874bbadee0709a7d3d7631896626", "42ee13d14f840858d94c7e8712c75455bc6828b65d02d2c798f8e304348bd21d", "3445899a37c24d910f0f91f4a330c26054f3f0018b6c44fe619fe4887673786a", "1f159d6772407b57400c1d524b97415f66134673ffd8b07c0fe123addea75f90", "bc225ff15a0644c18094284c4e502f3ecbddb86fed694631326856f0ed0164e7", "478c99de0dcee5ab3da347112b287cdae59780f1cc2f5c5d01e646d8d927474d", "55cf600f0eac84ea1af8fcbb602d59e00498c86ae3b3221f63eb7506904e31e1", "3ca55dfb0daf326b2f643596c081276febf119e8da00f9d7d027a877b9b143d0", "f3efbedbcdf30498ed948c6bb1aec6107c76a95bd5000fb9b52766253bd6ee3d", "037e63fa3cfd335313e3cb78d14b0e0a779c4da19a7646d75403858a879d70f9"], "mitre_attack_tags": ["TA0005", "TA0007", "T1497"]}, {"bi": "sample-launched-copy-of-self", "hashes": ["61d0f5e6ab7147b59153a2f446d5778ec04ce7b351f2e0a0669c7a82bb89d1db", "b393780f6b168798953a8d3b2f2a859d042b60d8a013a2385238587f175b9abc", "baeadc69299f16afc9cddaf010a8dcec6e4ab739ea880d3f3f2e39dc5c4f1f6f", "bd68e7d7a9005e82fcf9ee806d780da54dcb12deee112b868e70c897eaae495e", "e3b5ce6842c8fa2c1037d58aa4a1424fa4089b39755e2b00c575f948e2b89c40", "37916ebe997db8c5abee95de5dc4ee60792db18f5a23cd9bbb3b301a321c22ce", "35853dfe6731d377efc7fbe049a6a2fc0d6cde89ad82b4a2968c8b118e8d2031", "d337f1e65f568830654e5ea5c9990a73bff97a145c786e2f34aeb20e7dfc677a", "d83b387414319ce8d132672b5311c057852ff413683c0fe49d752bdb147237f8", "15c99d9e00084189cdb2abc12a57ffdea53ea181371b7d5bef30c7e91d881f38", "1f9fc37a1c9df0e760d8efc1a8671dc50d214bf55782c091ec382e2a36acc4db", "e30232cb5fe9d81f04d448df08ba8124278572cb9a26f623d103485e0a537c04", "b569fb0818fe4182279ce8c98a86e5be17caa84f17b296a2cf076af578526ad7", "943486d70b4bc860761c0db97a02ffc628c546527a97512ce96c8f431ab6724c", "2808e6b2ebe3634f82b388f17e007478854ec366cb7fd09321b6ea128d3a2155", "ddfb6bf3328852fc6e73d7dcfbf2db696e085e8dda7757465f40aa8b32361152", "38b2606a56f63721f744eac093b50e2df5cd4b8cf6bef14ab4c8525a4b690255", "ae01f0fd6f786159f0f3f26e90e05d3869fb190176090ac479a55c4d8988f954", "adb7fc1758cbfd9d2fa68357b54406efaeeb2cbb7a6beeed44a17ce2a0c16089", "b162f8d2ab92f50f9e18d60f462e36cbb5d7ec5bdd3d9015655ffc22c16aa0ab", "9abbdd26d5deb63881071512afd4081fc7513e1ab4c1cc77d285484a1610a59c", "580a08068b8283df49c7d47177f354794d2a0abbbf9774e81432ab5626db99cd", "203edf058978544a7df0461d63dd601475f37f8dbb27b9707065344e7e6ce8be", "654aa52ae3de9f6843f8b61c1344c884df121cf1fcb23848ab4d4c0079c370ef", "0fdec37e33050abc0186bcdac49c6e677fe22dd52174846a87d5b3135fdb7028", "19301e15ac811ffb6bd39380ca618f5c5fb1826e4bc52f6aa6967e00d62dc634"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "feed-domain-antivirus-service", "hashes": ["33c027dc736af58e3cf4d9bd76abbbfc6adf461e1d942db0d0f7d06b513c8c94", "722fab49e11fffd69225bbb0590fd8fc5091d4ea4ed2d3619e1ffb8dca0f1759", "a7da8ed5b35cbf0ce2d235e2520d394186740963d0f4649e8ccb684653759f30", "35752610b7219f53b5a5de2448f0a60175abe48204384ee55ac898dcb95dea66", "8a31b4848a103a3292bba78161cc402eee6b8d9e75b41258fc994411d2b9673f", "35853dfe6731d377efc7fbe049a6a2fc0d6cde89ad82b4a2968c8b118e8d2031", "eb35c000eeb1d368e452a6eef6c1d162b998228f41e4691c70ae97601e8e6442", "d337f1e65f568830654e5ea5c9990a73bff97a145c786e2f34aeb20e7dfc677a", "b89daedb507a3beac6eca4e5065ffa9f1f50694f0cabeb8be1bc9a8970a49082", "943486d70b4bc860761c0db97a02ffc628c546527a97512ce96c8f431ab6724c", "f9d8e319c20af4a7ee83929537cdbd49e0e27db8e08bef506dbb6d879d807252", "c42dfe64f1735b6d4bfb09403d3456ff6138be8e58447f05028ddbbcf6b43613", "7e9b585b5bb50aec1f77132d85ac19cfcde0ff46341ceeb8dd17f558d111624a", "cd9884124884492086133dfad6156b7d8004cb189fef0e089a2b6129865ffc19", "129bdda489f6349ec751d65c7ce8723941ed40d1ef1dd546371dccd597720ffc", "ea32abddea0da67213ee9022c45e5554e6b0187a43ca224e743a848c4f45e3b7", "adb7fc1758cbfd9d2fa68357b54406efaeeb2cbb7a6beeed44a17ce2a0c16089", "3bcd9037e33d95aed6b24bc62ddcfcd5e0e33a88c067a068b3262b648f21b876", "e47dd4e61d7441fd7b9f1ad21dc1aafd9c03fdeb84db7a230c59b90d98a2841f", "9abbdd26d5deb63881071512afd4081fc7513e1ab4c1cc77d285484a1610a59c", "b719a30f482e0c48982b91cc2575da1d57eedce245cac9844ada69722c4264f4", "0fdec37e33050abc0186bcdac49c6e677fe22dd52174846a87d5b3135fdb7028", "b4a7534abef4ef11d117b35e73a0fbb0f1fcc6e9500cff101b9db5b2bf78f8e6", "584f53a8d11f2e3b7835a2aeaf0d42448dd064854d954c51eec6e0e4b17f80c1"], "mitre_attack_tags": []}, {"bi": "feed-domain-rat", "hashes": ["a7da8ed5b35cbf0ce2d235e2520d394186740963d0f4649e8ccb684653759f30", "35752610b7219f53b5a5de2448f0a60175abe48204384ee55ac898dcb95dea66", "8a31b4848a103a3292bba78161cc402eee6b8d9e75b41258fc994411d2b9673f", "eb35c000eeb1d368e452a6eef6c1d162b998228f41e4691c70ae97601e8e6442", "d337f1e65f568830654e5ea5c9990a73bff97a145c786e2f34aeb20e7dfc677a", "b89daedb507a3beac6eca4e5065ffa9f1f50694f0cabeb8be1bc9a8970a49082", "943486d70b4bc860761c0db97a02ffc628c546527a97512ce96c8f431ab6724c", "f9d8e319c20af4a7ee83929537cdbd49e0e27db8e08bef506dbb6d879d807252", "c42dfe64f1735b6d4bfb09403d3456ff6138be8e58447f05028ddbbcf6b43613", "7e9b585b5bb50aec1f77132d85ac19cfcde0ff46341ceeb8dd17f558d111624a", "cd9884124884492086133dfad6156b7d8004cb189fef0e089a2b6129865ffc19", "129bdda489f6349ec751d65c7ce8723941ed40d1ef1dd546371dccd597720ffc", "ea32abddea0da67213ee9022c45e5554e6b0187a43ca224e743a848c4f45e3b7", "e47dd4e61d7441fd7b9f1ad21dc1aafd9c03fdeb84db7a230c59b90d98a2841f", "b719a30f482e0c48982b91cc2575da1d57eedce245cac9844ada69722c4264f4", "584f53a8d11f2e3b7835a2aeaf0d42448dd064854d954c51eec6e0e4b17f80c1"], "mitre_attack_tags": []}, {"bi": "dns-excessive-domain-queries", "hashes": ["33c027dc736af58e3cf4d9bd76abbbfc6adf461e1d942db0d0f7d06b513c8c94", "a7da8ed5b35cbf0ce2d235e2520d394186740963d0f4649e8ccb684653759f30", "35752610b7219f53b5a5de2448f0a60175abe48204384ee55ac898dcb95dea66", "8a31b4848a103a3292bba78161cc402eee6b8d9e75b41258fc994411d2b9673f", "eb35c000eeb1d368e452a6eef6c1d162b998228f41e4691c70ae97601e8e6442", "b89daedb507a3beac6eca4e5065ffa9f1f50694f0cabeb8be1bc9a8970a49082", "f9d8e319c20af4a7ee83929537cdbd49e0e27db8e08bef506dbb6d879d807252", "c42dfe64f1735b6d4bfb09403d3456ff6138be8e58447f05028ddbbcf6b43613", "7e9b585b5bb50aec1f77132d85ac19cfcde0ff46341ceeb8dd17f558d111624a", "cd9884124884492086133dfad6156b7d8004cb189fef0e089a2b6129865ffc19", "129bdda489f6349ec751d65c7ce8723941ed40d1ef1dd546371dccd597720ffc", "ea32abddea0da67213ee9022c45e5554e6b0187a43ca224e743a848c4f45e3b7", "e47dd4e61d7441fd7b9f1ad21dc1aafd9c03fdeb84db7a230c59b90d98a2841f", "b719a30f482e0c48982b91cc2575da1d57eedce245cac9844ada69722c4264f4", "584f53a8d11f2e3b7835a2aeaf0d42448dd064854d954c51eec6e0e4b17f80c1"], "mitre_attack_tags": ["TA0011", "T1008"]}, {"bi": "process-requested-named-pipe", "hashes": ["a7da8ed5b35cbf0ce2d235e2520d394186740963d0f4649e8ccb684653759f30", "35752610b7219f53b5a5de2448f0a60175abe48204384ee55ac898dcb95dea66", "8a31b4848a103a3292bba78161cc402eee6b8d9e75b41258fc994411d2b9673f", "eb35c000eeb1d368e452a6eef6c1d162b998228f41e4691c70ae97601e8e6442", "b89daedb507a3beac6eca4e5065ffa9f1f50694f0cabeb8be1bc9a8970a49082", "f9d8e319c20af4a7ee83929537cdbd49e0e27db8e08bef506dbb6d879d807252", "c42dfe64f1735b6d4bfb09403d3456ff6138be8e58447f05028ddbbcf6b43613", "7e9b585b5bb50aec1f77132d85ac19cfcde0ff46341ceeb8dd17f558d111624a", "cd9884124884492086133dfad6156b7d8004cb189fef0e089a2b6129865ffc19", "129bdda489f6349ec751d65c7ce8723941ed40d1ef1dd546371dccd597720ffc", "ea32abddea0da67213ee9022c45e5554e6b0187a43ca224e743a848c4f45e3b7", "3bcd9037e33d95aed6b24bc62ddcfcd5e0e33a88c067a068b3262b648f21b876", "e47dd4e61d7441fd7b9f1ad21dc1aafd9c03fdeb84db7a230c59b90d98a2841f", "b719a30f482e0c48982b91cc2575da1d57eedce245cac9844ada69722c4264f4", "584f53a8d11f2e3b7835a2aeaf0d42448dd064854d954c51eec6e0e4b17f80c1"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "created-executable-sample-appdata", "hashes": ["a7da8ed5b35cbf0ce2d235e2520d394186740963d0f4649e8ccb684653759f30", "35752610b7219f53b5a5de2448f0a60175abe48204384ee55ac898dcb95dea66", "8a31b4848a103a3292bba78161cc402eee6b8d9e75b41258fc994411d2b9673f", "b89daedb507a3beac6eca4e5065ffa9f1f50694f0cabeb8be1bc9a8970a49082", "f9d8e319c20af4a7ee83929537cdbd49e0e27db8e08bef506dbb6d879d807252", "c42dfe64f1735b6d4bfb09403d3456ff6138be8e58447f05028ddbbcf6b43613", "7e9b585b5bb50aec1f77132d85ac19cfcde0ff46341ceeb8dd17f558d111624a", "cd9884124884492086133dfad6156b7d8004cb189fef0e089a2b6129865ffc19", "129bdda489f6349ec751d65c7ce8723941ed40d1ef1dd546371dccd597720ffc", "38b2606a56f63721f744eac093b50e2df5cd4b8cf6bef14ab4c8525a4b690255", "ea32abddea0da67213ee9022c45e5554e6b0187a43ca224e743a848c4f45e3b7", "e47dd4e61d7441fd7b9f1ad21dc1aafd9c03fdeb84db7a230c59b90d98a2841f", "b719a30f482e0c48982b91cc2575da1d57eedce245cac9844ada69722c4264f4", "654aa52ae3de9f6843f8b61c1344c884df121cf1fcb23848ab4d4c0079c370ef", "b4a7534abef4ef11d117b35e73a0fbb0f1fcc6e9500cff101b9db5b2bf78f8e6"], "mitre_attack_tags": ["TA0005", "T1564"]}, {"bi": "excessive-sample-duplication", "hashes": ["a7da8ed5b35cbf0ce2d235e2520d394186740963d0f4649e8ccb684653759f30", "35752610b7219f53b5a5de2448f0a60175abe48204384ee55ac898dcb95dea66", "8a31b4848a103a3292bba78161cc402eee6b8d9e75b41258fc994411d2b9673f", "b89daedb507a3beac6eca4e5065ffa9f1f50694f0cabeb8be1bc9a8970a49082", "f9d8e319c20af4a7ee83929537cdbd49e0e27db8e08bef506dbb6d879d807252", "c42dfe64f1735b6d4bfb09403d3456ff6138be8e58447f05028ddbbcf6b43613", "7e9b585b5bb50aec1f77132d85ac19cfcde0ff46341ceeb8dd17f558d111624a", "cd9884124884492086133dfad6156b7d8004cb189fef0e089a2b6129865ffc19", "129bdda489f6349ec751d65c7ce8723941ed40d1ef1dd546371dccd597720ffc", "38b2606a56f63721f744eac093b50e2df5cd4b8cf6bef14ab4c8525a4b690255", "ea32abddea0da67213ee9022c45e5554e6b0187a43ca224e743a848c4f45e3b7", "e47dd4e61d7441fd7b9f1ad21dc1aafd9c03fdeb84db7a230c59b90d98a2841f", "b719a30f482e0c48982b91cc2575da1d57eedce245cac9844ada69722c4264f4", "b4a7534abef4ef11d117b35e73a0fbb0f1fcc6e9500cff101b9db5b2bf78f8e6"], "mitre_attack_tags": ["TA0005", "TA0003"]}, {"bi": "antivirus-flagged-artifact", "hashes": ["a7da8ed5b35cbf0ce2d235e2520d394186740963d0f4649e8ccb684653759f30", "35752610b7219f53b5a5de2448f0a60175abe48204384ee55ac898dcb95dea66", "8a31b4848a103a3292bba78161cc402eee6b8d9e75b41258fc994411d2b9673f", "b89daedb507a3beac6eca4e5065ffa9f1f50694f0cabeb8be1bc9a8970a49082", "f9d8e319c20af4a7ee83929537cdbd49e0e27db8e08bef506dbb6d879d807252", "c42dfe64f1735b6d4bfb09403d3456ff6138be8e58447f05028ddbbcf6b43613", "7e9b585b5bb50aec1f77132d85ac19cfcde0ff46341ceeb8dd17f558d111624a", "cd9884124884492086133dfad6156b7d8004cb189fef0e089a2b6129865ffc19", "129bdda489f6349ec751d65c7ce8723941ed40d1ef1dd546371dccd597720ffc", "ea32abddea0da67213ee9022c45e5554e6b0187a43ca224e743a848c4f45e3b7", "e47dd4e61d7441fd7b9f1ad21dc1aafd9c03fdeb84db7a230c59b90d98a2841f", "b719a30f482e0c48982b91cc2575da1d57eedce245cac9844ada69722c4264f4"], "mitre_attack_tags": []}, {"bi": "localhost-ipaddress-detected", "hashes": ["a7da8ed5b35cbf0ce2d235e2520d394186740963d0f4649e8ccb684653759f30", "35752610b7219f53b5a5de2448f0a60175abe48204384ee55ac898dcb95dea66", "8a31b4848a103a3292bba78161cc402eee6b8d9e75b41258fc994411d2b9673f", "b89daedb507a3beac6eca4e5065ffa9f1f50694f0cabeb8be1bc9a8970a49082", "f9d8e319c20af4a7ee83929537cdbd49e0e27db8e08bef506dbb6d879d807252", "c42dfe64f1735b6d4bfb09403d3456ff6138be8e58447f05028ddbbcf6b43613", "7e9b585b5bb50aec1f77132d85ac19cfcde0ff46341ceeb8dd17f558d111624a", "cd9884124884492086133dfad6156b7d8004cb189fef0e089a2b6129865ffc19", "129bdda489f6349ec751d65c7ce8723941ed40d1ef1dd546371dccd597720ffc", "ea32abddea0da67213ee9022c45e5554e6b0187a43ca224e743a848c4f45e3b7", "e47dd4e61d7441fd7b9f1ad21dc1aafd9c03fdeb84db7a230c59b90d98a2841f", "b719a30f482e0c48982b91cc2575da1d57eedce245cac9844ada69722c4264f4"], "mitre_attack_tags": []}, {"bi": "public-ip-address-identification-attempt", "hashes": ["a7da8ed5b35cbf0ce2d235e2520d394186740963d0f4649e8ccb684653759f30", "35752610b7219f53b5a5de2448f0a60175abe48204384ee55ac898dcb95dea66", "8a31b4848a103a3292bba78161cc402eee6b8d9e75b41258fc994411d2b9673f", "b89daedb507a3beac6eca4e5065ffa9f1f50694f0cabeb8be1bc9a8970a49082", "f9d8e319c20af4a7ee83929537cdbd49e0e27db8e08bef506dbb6d879d807252", "c42dfe64f1735b6d4bfb09403d3456ff6138be8e58447f05028ddbbcf6b43613", "7e9b585b5bb50aec1f77132d85ac19cfcde0ff46341ceeb8dd17f558d111624a", "cd9884124884492086133dfad6156b7d8004cb189fef0e089a2b6129865ffc19", "129bdda489f6349ec751d65c7ce8723941ed40d1ef1dd546371dccd597720ffc", "ea32abddea0da67213ee9022c45e5554e6b0187a43ca224e743a848c4f45e3b7", "e47dd4e61d7441fd7b9f1ad21dc1aafd9c03fdeb84db7a230c59b90d98a2841f", "b719a30f482e0c48982b91cc2575da1d57eedce245cac9844ada69722c4264f4"], "mitre_attack_tags": ["TA0007", "T1082", "T1016"]}, {"bi": "feed-public-ip-check-dns", "hashes": ["a7da8ed5b35cbf0ce2d235e2520d394186740963d0f4649e8ccb684653759f30", "35752610b7219f53b5a5de2448f0a60175abe48204384ee55ac898dcb95dea66", "8a31b4848a103a3292bba78161cc402eee6b8d9e75b41258fc994411d2b9673f", "b89daedb507a3beac6eca4e5065ffa9f1f50694f0cabeb8be1bc9a8970a49082", "f9d8e319c20af4a7ee83929537cdbd49e0e27db8e08bef506dbb6d879d807252", "c42dfe64f1735b6d4bfb09403d3456ff6138be8e58447f05028ddbbcf6b43613", "7e9b585b5bb50aec1f77132d85ac19cfcde0ff46341ceeb8dd17f558d111624a", "cd9884124884492086133dfad6156b7d8004cb189fef0e089a2b6129865ffc19", "129bdda489f6349ec751d65c7ce8723941ed40d1ef1dd546371dccd597720ffc", "ea32abddea0da67213ee9022c45e5554e6b0187a43ca224e743a848c4f45e3b7", "e47dd4e61d7441fd7b9f1ad21dc1aafd9c03fdeb84db7a230c59b90d98a2841f", "b719a30f482e0c48982b91cc2575da1d57eedce245cac9844ada69722c4264f4"], "mitre_attack_tags": []}, {"bi": "registry-autorun-suspicious-public-ip", "hashes": ["a7da8ed5b35cbf0ce2d235e2520d394186740963d0f4649e8ccb684653759f30", "35752610b7219f53b5a5de2448f0a60175abe48204384ee55ac898dcb95dea66", "8a31b4848a103a3292bba78161cc402eee6b8d9e75b41258fc994411d2b9673f", "b89daedb507a3beac6eca4e5065ffa9f1f50694f0cabeb8be1bc9a8970a49082", "f9d8e319c20af4a7ee83929537cdbd49e0e27db8e08bef506dbb6d879d807252", "c42dfe64f1735b6d4bfb09403d3456ff6138be8e58447f05028ddbbcf6b43613", "7e9b585b5bb50aec1f77132d85ac19cfcde0ff46341ceeb8dd17f558d111624a", "cd9884124884492086133dfad6156b7d8004cb189fef0e089a2b6129865ffc19", "129bdda489f6349ec751d65c7ce8723941ed40d1ef1dd546371dccd597720ffc", "ea32abddea0da67213ee9022c45e5554e6b0187a43ca224e743a848c4f45e3b7", "e47dd4e61d7441fd7b9f1ad21dc1aafd9c03fdeb84db7a230c59b90d98a2841f", "b719a30f482e0c48982b91cc2575da1d57eedce245cac9844ada69722c4264f4"], "mitre_attack_tags": []}, {"bi": "network-benign-process", "hashes": ["a7da8ed5b35cbf0ce2d235e2520d394186740963d0f4649e8ccb684653759f30", "35752610b7219f53b5a5de2448f0a60175abe48204384ee55ac898dcb95dea66", "8a31b4848a103a3292bba78161cc402eee6b8d9e75b41258fc994411d2b9673f", "b89daedb507a3beac6eca4e5065ffa9f1f50694f0cabeb8be1bc9a8970a49082", "f9d8e319c20af4a7ee83929537cdbd49e0e27db8e08bef506dbb6d879d807252", "c42dfe64f1735b6d4bfb09403d3456ff6138be8e58447f05028ddbbcf6b43613", "7e9b585b5bb50aec1f77132d85ac19cfcde0ff46341ceeb8dd17f558d111624a", "cd9884124884492086133dfad6156b7d8004cb189fef0e089a2b6129865ffc19", "129bdda489f6349ec751d65c7ce8723941ed40d1ef1dd546371dccd597720ffc", "ea32abddea0da67213ee9022c45e5554e6b0187a43ca224e743a848c4f45e3b7", "e47dd4e61d7441fd7b9f1ad21dc1aafd9c03fdeb84db7a230c59b90d98a2841f", "b719a30f482e0c48982b91cc2575da1d57eedce245cac9844ada69722c4264f4"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "pe-certificate", "hashes": ["a7da8ed5b35cbf0ce2d235e2520d394186740963d0f4649e8ccb684653759f30", "35752610b7219f53b5a5de2448f0a60175abe48204384ee55ac898dcb95dea66", "8a31b4848a103a3292bba78161cc402eee6b8d9e75b41258fc994411d2b9673f", "b89daedb507a3beac6eca4e5065ffa9f1f50694f0cabeb8be1bc9a8970a49082", "f9d8e319c20af4a7ee83929537cdbd49e0e27db8e08bef506dbb6d879d807252", "c42dfe64f1735b6d4bfb09403d3456ff6138be8e58447f05028ddbbcf6b43613", "7e9b585b5bb50aec1f77132d85ac19cfcde0ff46341ceeb8dd17f558d111624a", "cd9884124884492086133dfad6156b7d8004cb189fef0e089a2b6129865ffc19", "129bdda489f6349ec751d65c7ce8723941ed40d1ef1dd546371dccd597720ffc", "ea32abddea0da67213ee9022c45e5554e6b0187a43ca224e743a848c4f45e3b7", "e47dd4e61d7441fd7b9f1ad21dc1aafd9c03fdeb84db7a230c59b90d98a2841f", "b719a30f482e0c48982b91cc2575da1d57eedce245cac9844ada69722c4264f4"], "mitre_attack_tags": []}, {"bi": "modified-file-on-usb", "hashes": ["a7da8ed5b35cbf0ce2d235e2520d394186740963d0f4649e8ccb684653759f30", "35752610b7219f53b5a5de2448f0a60175abe48204384ee55ac898dcb95dea66", "8a31b4848a103a3292bba78161cc402eee6b8d9e75b41258fc994411d2b9673f", "b89daedb507a3beac6eca4e5065ffa9f1f50694f0cabeb8be1bc9a8970a49082", "f9d8e319c20af4a7ee83929537cdbd49e0e27db8e08bef506dbb6d879d807252", "c42dfe64f1735b6d4bfb09403d3456ff6138be8e58447f05028ddbbcf6b43613", "7e9b585b5bb50aec1f77132d85ac19cfcde0ff46341ceeb8dd17f558d111624a", "cd9884124884492086133dfad6156b7d8004cb189fef0e089a2b6129865ffc19", "129bdda489f6349ec751d65c7ce8723941ed40d1ef1dd546371dccd597720ffc", "ea32abddea0da67213ee9022c45e5554e6b0187a43ca224e743a848c4f45e3b7", "e47dd4e61d7441fd7b9f1ad21dc1aafd9c03fdeb84db7a230c59b90d98a2841f", "b719a30f482e0c48982b91cc2575da1d57eedce245cac9844ada69722c4264f4"], "mitre_attack_tags": ["TA0011", "T1092"]}, {"bi": "created-executable-on-usb", "hashes": ["a7da8ed5b35cbf0ce2d235e2520d394186740963d0f4649e8ccb684653759f30", "35752610b7219f53b5a5de2448f0a60175abe48204384ee55ac898dcb95dea66", "8a31b4848a103a3292bba78161cc402eee6b8d9e75b41258fc994411d2b9673f", "b89daedb507a3beac6eca4e5065ffa9f1f50694f0cabeb8be1bc9a8970a49082", "f9d8e319c20af4a7ee83929537cdbd49e0e27db8e08bef506dbb6d879d807252", "c42dfe64f1735b6d4bfb09403d3456ff6138be8e58447f05028ddbbcf6b43613", "7e9b585b5bb50aec1f77132d85ac19cfcde0ff46341ceeb8dd17f558d111624a", "cd9884124884492086133dfad6156b7d8004cb189fef0e089a2b6129865ffc19", "129bdda489f6349ec751d65c7ce8723941ed40d1ef1dd546371dccd597720ffc", "ea32abddea0da67213ee9022c45e5554e6b0187a43ca224e743a848c4f45e3b7", "e47dd4e61d7441fd7b9f1ad21dc1aafd9c03fdeb84db7a230c59b90d98a2841f", "b719a30f482e0c48982b91cc2575da1d57eedce245cac9844ada69722c4264f4"], "mitre_attack_tags": ["TA0001", "TA0008", "T1091"]}, {"bi": "sample-copied-to-usb", "hashes": ["a7da8ed5b35cbf0ce2d235e2520d394186740963d0f4649e8ccb684653759f30", "35752610b7219f53b5a5de2448f0a60175abe48204384ee55ac898dcb95dea66", "8a31b4848a103a3292bba78161cc402eee6b8d9e75b41258fc994411d2b9673f", "b89daedb507a3beac6eca4e5065ffa9f1f50694f0cabeb8be1bc9a8970a49082", "f9d8e319c20af4a7ee83929537cdbd49e0e27db8e08bef506dbb6d879d807252", "c42dfe64f1735b6d4bfb09403d3456ff6138be8e58447f05028ddbbcf6b43613", "7e9b585b5bb50aec1f77132d85ac19cfcde0ff46341ceeb8dd17f558d111624a", "cd9884124884492086133dfad6156b7d8004cb189fef0e089a2b6129865ffc19", "129bdda489f6349ec751d65c7ce8723941ed40d1ef1dd546371dccd597720ffc", "ea32abddea0da67213ee9022c45e5554e6b0187a43ca224e743a848c4f45e3b7", "e47dd4e61d7441fd7b9f1ad21dc1aafd9c03fdeb84db7a230c59b90d98a2841f", "b719a30f482e0c48982b91cc2575da1d57eedce245cac9844ada69722c4264f4"], "mitre_attack_tags": ["TA0001", "TA0008", "T1091"]}, {"bi": "artifact-exec-extension-obfuscation", "hashes": ["a7da8ed5b35cbf0ce2d235e2520d394186740963d0f4649e8ccb684653759f30", "35752610b7219f53b5a5de2448f0a60175abe48204384ee55ac898dcb95dea66", "8a31b4848a103a3292bba78161cc402eee6b8d9e75b41258fc994411d2b9673f", "b89daedb507a3beac6eca4e5065ffa9f1f50694f0cabeb8be1bc9a8970a49082", "f9d8e319c20af4a7ee83929537cdbd49e0e27db8e08bef506dbb6d879d807252", "c42dfe64f1735b6d4bfb09403d3456ff6138be8e58447f05028ddbbcf6b43613", "7e9b585b5bb50aec1f77132d85ac19cfcde0ff46341ceeb8dd17f558d111624a", "cd9884124884492086133dfad6156b7d8004cb189fef0e089a2b6129865ffc19", "129bdda489f6349ec751d65c7ce8723941ed40d1ef1dd546371dccd597720ffc", "ea32abddea0da67213ee9022c45e5554e6b0187a43ca224e743a848c4f45e3b7", "e47dd4e61d7441fd7b9f1ad21dc1aafd9c03fdeb84db7a230c59b90d98a2841f", "b719a30f482e0c48982b91cc2575da1d57eedce245cac9844ada69722c4264f4"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "artifact-lnk-calls-cmd", "hashes": ["a7da8ed5b35cbf0ce2d235e2520d394186740963d0f4649e8ccb684653759f30", "35752610b7219f53b5a5de2448f0a60175abe48204384ee55ac898dcb95dea66", "8a31b4848a103a3292bba78161cc402eee6b8d9e75b41258fc994411d2b9673f", "b89daedb507a3beac6eca4e5065ffa9f1f50694f0cabeb8be1bc9a8970a49082", "f9d8e319c20af4a7ee83929537cdbd49e0e27db8e08bef506dbb6d879d807252", "c42dfe64f1735b6d4bfb09403d3456ff6138be8e58447f05028ddbbcf6b43613", "7e9b585b5bb50aec1f77132d85ac19cfcde0ff46341ceeb8dd17f558d111624a", "cd9884124884492086133dfad6156b7d8004cb189fef0e089a2b6129865ffc19", "129bdda489f6349ec751d65c7ce8723941ed40d1ef1dd546371dccd597720ffc", "ea32abddea0da67213ee9022c45e5554e6b0187a43ca224e743a848c4f45e3b7", "e47dd4e61d7441fd7b9f1ad21dc1aafd9c03fdeb84db7a230c59b90d98a2841f", "b719a30f482e0c48982b91cc2575da1d57eedce245cac9844ada69722c4264f4"], "mitre_attack_tags": ["TA0002", "T1059"]}, {"bi": "process-requested-file-external-drive", "hashes": ["a7da8ed5b35cbf0ce2d235e2520d394186740963d0f4649e8ccb684653759f30", "35752610b7219f53b5a5de2448f0a60175abe48204384ee55ac898dcb95dea66", "8a31b4848a103a3292bba78161cc402eee6b8d9e75b41258fc994411d2b9673f", "b89daedb507a3beac6eca4e5065ffa9f1f50694f0cabeb8be1bc9a8970a49082", "f9d8e319c20af4a7ee83929537cdbd49e0e27db8e08bef506dbb6d879d807252", "c42dfe64f1735b6d4bfb09403d3456ff6138be8e58447f05028ddbbcf6b43613", "7e9b585b5bb50aec1f77132d85ac19cfcde0ff46341ceeb8dd17f558d111624a", "cd9884124884492086133dfad6156b7d8004cb189fef0e089a2b6129865ffc19", "129bdda489f6349ec751d65c7ce8723941ed40d1ef1dd546371dccd597720ffc", "ea32abddea0da67213ee9022c45e5554e6b0187a43ca224e743a848c4f45e3b7", "e47dd4e61d7441fd7b9f1ad21dc1aafd9c03fdeb84db7a230c59b90d98a2841f", "b719a30f482e0c48982b91cc2575da1d57eedce245cac9844ada69722c4264f4"], "mitre_attack_tags": ["TA0009", "T1025"]}, {"bi": "lnk-no-creation-date", "hashes": ["a7da8ed5b35cbf0ce2d235e2520d394186740963d0f4649e8ccb684653759f30", "35752610b7219f53b5a5de2448f0a60175abe48204384ee55ac898dcb95dea66", "8a31b4848a103a3292bba78161cc402eee6b8d9e75b41258fc994411d2b9673f", "b89daedb507a3beac6eca4e5065ffa9f1f50694f0cabeb8be1bc9a8970a49082", "f9d8e319c20af4a7ee83929537cdbd49e0e27db8e08bef506dbb6d879d807252", "c42dfe64f1735b6d4bfb09403d3456ff6138be8e58447f05028ddbbcf6b43613", "7e9b585b5bb50aec1f77132d85ac19cfcde0ff46341ceeb8dd17f558d111624a", "cd9884124884492086133dfad6156b7d8004cb189fef0e089a2b6129865ffc19", "129bdda489f6349ec751d65c7ce8723941ed40d1ef1dd546371dccd597720ffc", "ea32abddea0da67213ee9022c45e5554e6b0187a43ca224e743a848c4f45e3b7", "e47dd4e61d7441fd7b9f1ad21dc1aafd9c03fdeb84db7a230c59b90d98a2841f", "b719a30f482e0c48982b91cc2575da1d57eedce245cac9844ada69722c4264f4"], "mitre_attack_tags": ["TA0002", "T1203"]}, {"bi": "malware-ruskill-mutex-detected", "hashes": ["a7da8ed5b35cbf0ce2d235e2520d394186740963d0f4649e8ccb684653759f30", "35752610b7219f53b5a5de2448f0a60175abe48204384ee55ac898dcb95dea66", "8a31b4848a103a3292bba78161cc402eee6b8d9e75b41258fc994411d2b9673f", "b89daedb507a3beac6eca4e5065ffa9f1f50694f0cabeb8be1bc9a8970a49082", "f9d8e319c20af4a7ee83929537cdbd49e0e27db8e08bef506dbb6d879d807252", "c42dfe64f1735b6d4bfb09403d3456ff6138be8e58447f05028ddbbcf6b43613", "7e9b585b5bb50aec1f77132d85ac19cfcde0ff46341ceeb8dd17f558d111624a", "cd9884124884492086133dfad6156b7d8004cb189fef0e089a2b6129865ffc19", "129bdda489f6349ec751d65c7ce8723941ed40d1ef1dd546371dccd597720ffc", "ea32abddea0da67213ee9022c45e5554e6b0187a43ca224e743a848c4f45e3b7", "e47dd4e61d7441fd7b9f1ad21dc1aafd9c03fdeb84db7a230c59b90d98a2841f", "b719a30f482e0c48982b91cc2575da1d57eedce245cac9844ada69722c4264f4"], "mitre_attack_tags": []}, {"bi": "artifact-lnk-calls-cmd-exit", "hashes": ["a7da8ed5b35cbf0ce2d235e2520d394186740963d0f4649e8ccb684653759f30", "35752610b7219f53b5a5de2448f0a60175abe48204384ee55ac898dcb95dea66", "8a31b4848a103a3292bba78161cc402eee6b8d9e75b41258fc994411d2b9673f", "b89daedb507a3beac6eca4e5065ffa9f1f50694f0cabeb8be1bc9a8970a49082", "f9d8e319c20af4a7ee83929537cdbd49e0e27db8e08bef506dbb6d879d807252", "c42dfe64f1735b6d4bfb09403d3456ff6138be8e58447f05028ddbbcf6b43613", "7e9b585b5bb50aec1f77132d85ac19cfcde0ff46341ceeb8dd17f558d111624a", "cd9884124884492086133dfad6156b7d8004cb189fef0e089a2b6129865ffc19", "129bdda489f6349ec751d65c7ce8723941ed40d1ef1dd546371dccd597720ffc", "ea32abddea0da67213ee9022c45e5554e6b0187a43ca224e743a848c4f45e3b7", "e47dd4e61d7441fd7b9f1ad21dc1aafd9c03fdeb84db7a230c59b90d98a2841f", "b719a30f482e0c48982b91cc2575da1d57eedce245cac9844ada69722c4264f4"], "mitre_attack_tags": ["TA0002", "T1059"]}, {"bi": "artifact-multiple-extensions", "hashes": ["a7da8ed5b35cbf0ce2d235e2520d394186740963d0f4649e8ccb684653759f30", "35752610b7219f53b5a5de2448f0a60175abe48204384ee55ac898dcb95dea66", "8a31b4848a103a3292bba78161cc402eee6b8d9e75b41258fc994411d2b9673f", "b89daedb507a3beac6eca4e5065ffa9f1f50694f0cabeb8be1bc9a8970a49082", "f9d8e319c20af4a7ee83929537cdbd49e0e27db8e08bef506dbb6d879d807252", "c42dfe64f1735b6d4bfb09403d3456ff6138be8e58447f05028ddbbcf6b43613", "7e9b585b5bb50aec1f77132d85ac19cfcde0ff46341ceeb8dd17f558d111624a", "cd9884124884492086133dfad6156b7d8004cb189fef0e089a2b6129865ffc19", "129bdda489f6349ec751d65c7ce8723941ed40d1ef1dd546371dccd597720ffc", "ea32abddea0da67213ee9022c45e5554e6b0187a43ca224e743a848c4f45e3b7", "e47dd4e61d7441fd7b9f1ad21dc1aafd9c03fdeb84db7a230c59b90d98a2841f", "b719a30f482e0c48982b91cc2575da1d57eedce245cac9844ada69722c4264f4"], "mitre_attack_tags": ["TA0005", "T1036"]}, {"bi": "dns-query-nxdomain", "hashes": ["33c027dc736af58e3cf4d9bd76abbbfc6adf461e1d942db0d0f7d06b513c8c94", "722fab49e11fffd69225bbb0590fd8fc5091d4ea4ed2d3619e1ffb8dca0f1759", "8a31b4848a103a3292bba78161cc402eee6b8d9e75b41258fc994411d2b9673f", "35853dfe6731d377efc7fbe049a6a2fc0d6cde89ad82b4a2968c8b118e8d2031", "eb35c000eeb1d368e452a6eef6c1d162b998228f41e4691c70ae97601e8e6442", "943486d70b4bc860761c0db97a02ffc628c546527a97512ce96c8f431ab6724c", "adb7fc1758cbfd9d2fa68357b54406efaeeb2cbb7a6beeed44a17ce2a0c16089", "9abbdd26d5deb63881071512afd4081fc7513e1ab4c1cc77d285484a1610a59c", "0fdec37e33050abc0186bcdac49c6e677fe22dd52174846a87d5b3135fdb7028", "b4a7534abef4ef11d117b35e73a0fbb0f1fcc6e9500cff101b9db5b2bf78f8e6", "584f53a8d11f2e3b7835a2aeaf0d42448dd064854d954c51eec6e0e4b17f80c1"], "mitre_attack_tags": []}, {"bi": "registry-autorun-key-temp-dir", "hashes": ["a7da8ed5b35cbf0ce2d235e2520d394186740963d0f4649e8ccb684653759f30", "35752610b7219f53b5a5de2448f0a60175abe48204384ee55ac898dcb95dea66", "b89daedb507a3beac6eca4e5065ffa9f1f50694f0cabeb8be1bc9a8970a49082", "f9d8e319c20af4a7ee83929537cdbd49e0e27db8e08bef506dbb6d879d807252", "c42dfe64f1735b6d4bfb09403d3456ff6138be8e58447f05028ddbbcf6b43613", "7e9b585b5bb50aec1f77132d85ac19cfcde0ff46341ceeb8dd17f558d111624a", "cd9884124884492086133dfad6156b7d8004cb189fef0e089a2b6129865ffc19", "129bdda489f6349ec751d65c7ce8723941ed40d1ef1dd546371dccd597720ffc", "ea32abddea0da67213ee9022c45e5554e6b0187a43ca224e743a848c4f45e3b7", "e47dd4e61d7441fd7b9f1ad21dc1aafd9c03fdeb84db7a230c59b90d98a2841f", "b719a30f482e0c48982b91cc2575da1d57eedce245cac9844ada69722c4264f4"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "pe-section-execute-writable", "hashes": ["a7da8ed5b35cbf0ce2d235e2520d394186740963d0f4649e8ccb684653759f30", "bd68e7d7a9005e82fcf9ee806d780da54dcb12deee112b868e70c897eaae495e", "35752610b7219f53b5a5de2448f0a60175abe48204384ee55ac898dcb95dea66", "f9d8e319c20af4a7ee83929537cdbd49e0e27db8e08bef506dbb6d879d807252", "cd9884124884492086133dfad6156b7d8004cb189fef0e089a2b6129865ffc19", "129bdda489f6349ec751d65c7ce8723941ed40d1ef1dd546371dccd597720ffc", "ea32abddea0da67213ee9022c45e5554e6b0187a43ca224e743a848c4f45e3b7", "adb7fc1758cbfd9d2fa68357b54406efaeeb2cbb7a6beeed44a17ce2a0c16089", "b719a30f482e0c48982b91cc2575da1d57eedce245cac9844ada69722c4264f4"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "network-only-safe-domains-contacted", "hashes": ["33c027dc736af58e3cf4d9bd76abbbfc6adf461e1d942db0d0f7d06b513c8c94", "722fab49e11fffd69225bbb0590fd8fc5091d4ea4ed2d3619e1ffb8dca0f1759", "35853dfe6731d377efc7fbe049a6a2fc0d6cde89ad82b4a2968c8b118e8d2031", "eb35c000eeb1d368e452a6eef6c1d162b998228f41e4691c70ae97601e8e6442", "ae01f0fd6f786159f0f3f26e90e05d3869fb190176090ac479a55c4d8988f954", "3bcd9037e33d95aed6b24bc62ddcfcd5e0e33a88c067a068b3262b648f21b876", "584f53a8d11f2e3b7835a2aeaf0d42448dd064854d954c51eec6e0e4b17f80c1"], "mitre_attack_tags": []}, {"bi": "network-fast-flux-domain", "hashes": ["33c027dc736af58e3cf4d9bd76abbbfc6adf461e1d942db0d0f7d06b513c8c94", "722fab49e11fffd69225bbb0590fd8fc5091d4ea4ed2d3619e1ffb8dca0f1759", "a7da8ed5b35cbf0ce2d235e2520d394186740963d0f4649e8ccb684653759f30", "35853dfe6731d377efc7fbe049a6a2fc0d6cde89ad82b4a2968c8b118e8d2031", "eb35c000eeb1d368e452a6eef6c1d162b998228f41e4691c70ae97601e8e6442", "584f53a8d11f2e3b7835a2aeaf0d42448dd064854d954c51eec6e0e4b17f80c1"], "mitre_attack_tags": []}, {"bi": "network-file-uploaded", "hashes": ["33c027dc736af58e3cf4d9bd76abbbfc6adf461e1d942db0d0f7d06b513c8c94", "722fab49e11fffd69225bbb0590fd8fc5091d4ea4ed2d3619e1ffb8dca0f1759", "d337f1e65f568830654e5ea5c9990a73bff97a145c786e2f34aeb20e7dfc677a", "3bcd9037e33d95aed6b24bc62ddcfcd5e0e33a88c067a068b3262b648f21b876", "584f53a8d11f2e3b7835a2aeaf0d42448dd064854d954c51eec6e0e4b17f80c1"], "mitre_attack_tags": ["TA0010", "T1011"]}, {"bi": "nginx-webserver-detected", "hashes": ["33c027dc736af58e3cf4d9bd76abbbfc6adf461e1d942db0d0f7d06b513c8c94", "d337f1e65f568830654e5ea5c9990a73bff97a145c786e2f34aeb20e7dfc677a", "3bcd9037e33d95aed6b24bc62ddcfcd5e0e33a88c067a068b3262b648f21b876", "654aa52ae3de9f6843f8b61c1344c884df121cf1fcb23848ab4d4c0079c370ef", "584f53a8d11f2e3b7835a2aeaf0d42448dd064854d954c51eec6e0e4b17f80c1"], "mitre_attack_tags": []}, {"bi": "network-communications-http-post", "hashes": ["33c027dc736af58e3cf4d9bd76abbbfc6adf461e1d942db0d0f7d06b513c8c94", "722fab49e11fffd69225bbb0590fd8fc5091d4ea4ed2d3619e1ffb8dca0f1759", "d337f1e65f568830654e5ea5c9990a73bff97a145c786e2f34aeb20e7dfc677a", "3bcd9037e33d95aed6b24bc62ddcfcd5e0e33a88c067a068b3262b648f21b876", "584f53a8d11f2e3b7835a2aeaf0d42448dd064854d954c51eec6e0e4b17f80c1"], "mitre_attack_tags": ["TA0010", "T1048"]}, {"bi": "network-snort-protocol", "hashes": ["33c027dc736af58e3cf4d9bd76abbbfc6adf461e1d942db0d0f7d06b513c8c94", "8a31b4848a103a3292bba78161cc402eee6b8d9e75b41258fc994411d2b9673f", "35853dfe6731d377efc7fbe049a6a2fc0d6cde89ad82b4a2968c8b118e8d2031", "adb7fc1758cbfd9d2fa68357b54406efaeeb2cbb7a6beeed44a17ce2a0c16089", "9abbdd26d5deb63881071512afd4081fc7513e1ab4c1cc77d285484a1610a59c"], "mitre_attack_tags": []}, {"bi": "fake-recycler-folder-creation", "hashes": ["baeadc69299f16afc9cddaf010a8dcec6e4ab739ea880d3f3f2e39dc5c4f1f6f", "bd68e7d7a9005e82fcf9ee806d780da54dcb12deee112b868e70c897eaae495e", "e30232cb5fe9d81f04d448df08ba8124278572cb9a26f623d103485e0a537c04", "b569fb0818fe4182279ce8c98a86e5be17caa84f17b296a2cf076af578526ad7", "580a08068b8283df49c7d47177f354794d2a0abbbf9774e81432ab5626db99cd"], "mitre_attack_tags": ["TA0005", "T1036"]}, {"bi": "registry-winlogon-key-modified-nt", "hashes": ["baeadc69299f16afc9cddaf010a8dcec6e4ab739ea880d3f3f2e39dc5c4f1f6f", "bd68e7d7a9005e82fcf9ee806d780da54dcb12deee112b868e70c897eaae495e", "e30232cb5fe9d81f04d448df08ba8124278572cb9a26f623d103485e0a537c04", "b569fb0818fe4182279ce8c98a86e5be17caa84f17b296a2cf076af578526ad7", "580a08068b8283df49c7d47177f354794d2a0abbbf9774e81432ab5626db99cd"], "mitre_attack_tags": ["TA0005", "TA0003", "TA0004", "T1112", "T1547"]}, {"bi": "file-ini-modified", "hashes": ["baeadc69299f16afc9cddaf010a8dcec6e4ab739ea880d3f3f2e39dc5c4f1f6f", "bd68e7d7a9005e82fcf9ee806d780da54dcb12deee112b868e70c897eaae495e", "e30232cb5fe9d81f04d448df08ba8124278572cb9a26f623d103485e0a537c04", "b569fb0818fe4182279ce8c98a86e5be17caa84f17b296a2cf076af578526ad7", "580a08068b8283df49c7d47177f354794d2a0abbbf9774e81432ab5626db99cd"], "mitre_attack_tags": ["TA0003"]}, {"bi": "recycler-exe-artifact", "hashes": ["baeadc69299f16afc9cddaf010a8dcec6e4ab739ea880d3f3f2e39dc5c4f1f6f", "bd68e7d7a9005e82fcf9ee806d780da54dcb12deee112b868e70c897eaae495e", "e30232cb5fe9d81f04d448df08ba8124278572cb9a26f623d103485e0a537c04", "b569fb0818fe4182279ce8c98a86e5be17caa84f17b296a2cf076af578526ad7", "580a08068b8283df49c7d47177f354794d2a0abbbf9774e81432ab5626db99cd"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "registry-autorun-key-recycler-dir", "hashes": ["baeadc69299f16afc9cddaf010a8dcec6e4ab739ea880d3f3f2e39dc5c4f1f6f", "bd68e7d7a9005e82fcf9ee806d780da54dcb12deee112b868e70c897eaae495e", "e30232cb5fe9d81f04d448df08ba8124278572cb9a26f623d103485e0a537c04", "b569fb0818fe4182279ce8c98a86e5be17caa84f17b296a2cf076af578526ad7", "580a08068b8283df49c7d47177f354794d2a0abbbf9774e81432ab5626db99cd"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "fake-recycler-registration", "hashes": ["baeadc69299f16afc9cddaf010a8dcec6e4ab739ea880d3f3f2e39dc5c4f1f6f", "bd68e7d7a9005e82fcf9ee806d780da54dcb12deee112b868e70c897eaae495e", "e30232cb5fe9d81f04d448df08ba8124278572cb9a26f623d103485e0a537c04", "b569fb0818fe4182279ce8c98a86e5be17caa84f17b296a2cf076af578526ad7", "580a08068b8283df49c7d47177f354794d2a0abbbf9774e81432ab5626db99cd"], "mitre_attack_tags": ["TA0005", "T1036"]}, {"bi": "fake-recycler-exe-creation", "hashes": ["baeadc69299f16afc9cddaf010a8dcec6e4ab739ea880d3f3f2e39dc5c4f1f6f", "bd68e7d7a9005e82fcf9ee806d780da54dcb12deee112b868e70c897eaae495e", "e30232cb5fe9d81f04d448df08ba8124278572cb9a26f623d103485e0a537c04", "b569fb0818fe4182279ce8c98a86e5be17caa84f17b296a2cf076af578526ad7", "580a08068b8283df49c7d47177f354794d2a0abbbf9774e81432ab5626db99cd"], "mitre_attack_tags": ["TA0005", "T1036"]}, {"bi": "registry-service-autostart-disabled", "hashes": ["eb35c000eeb1d368e452a6eef6c1d162b998228f41e4691c70ae97601e8e6442", "943486d70b4bc860761c0db97a02ffc628c546527a97512ce96c8f431ab6724c", "3bcd9037e33d95aed6b24bc62ddcfcd5e0e33a88c067a068b3262b648f21b876", "b4a7534abef4ef11d117b35e73a0fbb0f1fcc6e9500cff101b9db5b2bf78f8e6", "584f53a8d11f2e3b7835a2aeaf0d42448dd064854d954c51eec6e0e4b17f80c1"], "mitre_attack_tags": ["TA0005", "TA0040", "TA0003", "TA0004", "T1112", "T1574", "T1489"]}, {"bi": "registry-disable-windefender", "hashes": ["eb35c000eeb1d368e452a6eef6c1d162b998228f41e4691c70ae97601e8e6442", "943486d70b4bc860761c0db97a02ffc628c546527a97512ce96c8f431ab6724c", "3bcd9037e33d95aed6b24bc62ddcfcd5e0e33a88c067a068b3262b648f21b876", "b4a7534abef4ef11d117b35e73a0fbb0f1fcc6e9500cff101b9db5b2bf78f8e6", "584f53a8d11f2e3b7835a2aeaf0d42448dd064854d954c51eec6e0e4b17f80c1"], "mitre_attack_tags": ["TA0005", "T1562"]}, {"bi": "registry-ie-zone-settings-modified", "hashes": ["33c027dc736af58e3cf4d9bd76abbbfc6adf461e1d942db0d0f7d06b513c8c94", "722fab49e11fffd69225bbb0590fd8fc5091d4ea4ed2d3619e1ffb8dca0f1759", "38b2606a56f63721f744eac093b50e2df5cd4b8cf6bef14ab4c8525a4b690255", "37d74ffc805cb18b38b59dc6f1982e78ec5fb6d458373451779e23bd5f21e8c3"], "mitre_attack_tags": ["TA0005", "T1562"]}, {"bi": "process-check-zone-identifier", "hashes": ["33c027dc736af58e3cf4d9bd76abbbfc6adf461e1d942db0d0f7d06b513c8c94", "722fab49e11fffd69225bbb0590fd8fc5091d4ea4ed2d3619e1ffb8dca0f1759", "eb35c000eeb1d368e452a6eef6c1d162b998228f41e4691c70ae97601e8e6442", "584f53a8d11f2e3b7835a2aeaf0d42448dd064854d954c51eec6e0e4b17f80c1"], "mitre_attack_tags": ["TA0007", "TA0005", "T1518", "T1553"]}, {"bi": "network-opendns-malicious", "hashes": ["722fab49e11fffd69225bbb0590fd8fc5091d4ea4ed2d3619e1ffb8dca0f1759", "8a31b4848a103a3292bba78161cc402eee6b8d9e75b41258fc994411d2b9673f", "eb35c000eeb1d368e452a6eef6c1d162b998228f41e4691c70ae97601e8e6442", "b4a7534abef4ef11d117b35e73a0fbb0f1fcc6e9500cff101b9db5b2bf78f8e6"], "mitre_attack_tags": []}, {"bi": "netbios-query", "hashes": ["722fab49e11fffd69225bbb0590fd8fc5091d4ea4ed2d3619e1ffb8dca0f1759", "0fdec37e33050abc0186bcdac49c6e677fe22dd52174846a87d5b3135fdb7028", "b4a7534abef4ef11d117b35e73a0fbb0f1fcc6e9500cff101b9db5b2bf78f8e6", "584f53a8d11f2e3b7835a2aeaf0d42448dd064854d954c51eec6e0e4b17f80c1"], "mitre_attack_tags": ["TA0007", "T1016"]}, {"bi": "pe-uses-armadillo", "hashes": ["35853dfe6731d377efc7fbe049a6a2fc0d6cde89ad82b4a2968c8b118e8d2031", "adb7fc1758cbfd9d2fa68357b54406efaeeb2cbb7a6beeed44a17ce2a0c16089", "9abbdd26d5deb63881071512afd4081fc7513e1ab4c1cc77d285484a1610a59c", "0fdec37e33050abc0186bcdac49c6e677fe22dd52174846a87d5b3135fdb7028"], "mitre_attack_tags": ["TA0005", "TA0007", "T1027"]}, {"bi": "dns-public-server-contacted", "hashes": ["35853dfe6731d377efc7fbe049a6a2fc0d6cde89ad82b4a2968c8b118e8d2031", "eb35c000eeb1d368e452a6eef6c1d162b998228f41e4691c70ae97601e8e6442", "3bcd9037e33d95aed6b24bc62ddcfcd5e0e33a88c067a068b3262b648f21b876", "584f53a8d11f2e3b7835a2aeaf0d42448dd064854d954c51eec6e0e4b17f80c1"], "mitre_attack_tags": ["TA0011", "T1071"]}, {"bi": "artifact-memory-vm-detect", "hashes": ["35853dfe6731d377efc7fbe049a6a2fc0d6cde89ad82b4a2968c8b118e8d2031", "adb7fc1758cbfd9d2fa68357b54406efaeeb2cbb7a6beeed44a17ce2a0c16089", "9abbdd26d5deb63881071512afd4081fc7513e1ab4c1cc77d285484a1610a59c", "0fdec37e33050abc0186bcdac49c6e677fe22dd52174846a87d5b3135fdb7028"], "mitre_attack_tags": ["TA0005", "TA0007", "T1497"]}, {"bi": "excessive-dns-query-nxdomain", "hashes": ["33c027dc736af58e3cf4d9bd76abbbfc6adf461e1d942db0d0f7d06b513c8c94", "adb7fc1758cbfd9d2fa68357b54406efaeeb2cbb7a6beeed44a17ce2a0c16089", "9abbdd26d5deb63881071512afd4081fc7513e1ab4c1cc77d285484a1610a59c"], "mitre_attack_tags": ["TA0011", "T1008"]}, {"bi": "http-response-client-error", "hashes": ["33c027dc736af58e3cf4d9bd76abbbfc6adf461e1d942db0d0f7d06b513c8c94", "722fab49e11fffd69225bbb0590fd8fc5091d4ea4ed2d3619e1ffb8dca0f1759", "654aa52ae3de9f6843f8b61c1344c884df121cf1fcb23848ab4d4c0079c370ef"], "mitre_attack_tags": []}, {"bi": "artifact-windows-task", "hashes": ["33c027dc736af58e3cf4d9bd76abbbfc6adf461e1d942db0d0f7d06b513c8c94", "722fab49e11fffd69225bbb0590fd8fc5091d4ea4ed2d3619e1ffb8dca0f1759", "38b2606a56f63721f744eac093b50e2df5cd4b8cf6bef14ab4c8525a4b690255"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1053"]}, {"bi": "windows-util-schtask", "hashes": ["33c027dc736af58e3cf4d9bd76abbbfc6adf461e1d942db0d0f7d06b513c8c94", "722fab49e11fffd69225bbb0590fd8fc5091d4ea4ed2d3619e1ffb8dca0f1759", "38b2606a56f63721f744eac093b50e2df5cd4b8cf6bef14ab4c8525a4b690255"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1053"]}, {"bi": "windows-util-schtask-generic", "hashes": ["33c027dc736af58e3cf4d9bd76abbbfc6adf461e1d942db0d0f7d06b513c8c94", "722fab49e11fffd69225bbb0590fd8fc5091d4ea4ed2d3619e1ffb8dca0f1759", "38b2606a56f63721f744eac093b50e2df5cd4b8cf6bef14ab4c8525a4b690255"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1053"]}, {"bi": "html-page-not-found", "hashes": ["33c027dc736af58e3cf4d9bd76abbbfc6adf461e1d942db0d0f7d06b513c8c94", "722fab49e11fffd69225bbb0590fd8fc5091d4ea4ed2d3619e1ffb8dca0f1759", "654aa52ae3de9f6843f8b61c1344c884df121cf1fcb23848ab4d4c0079c370ef"], "mitre_attack_tags": []}, {"bi": "altered-sample-dns-flagged", "hashes": ["722fab49e11fffd69225bbb0590fd8fc5091d4ea4ed2d3619e1ffb8dca0f1759", "8a31b4848a103a3292bba78161cc402eee6b8d9e75b41258fc994411d2b9673f", "b4a7534abef4ef11d117b35e73a0fbb0f1fcc6e9500cff101b9db5b2bf78f8e6"], "mitre_attack_tags": ["TA0011", "T1102"]}, {"bi": "registry-disablesuac", "hashes": ["eb35c000eeb1d368e452a6eef6c1d162b998228f41e4691c70ae97601e8e6442", "3bcd9037e33d95aed6b24bc62ddcfcd5e0e33a88c067a068b3262b648f21b876", "584f53a8d11f2e3b7835a2aeaf0d42448dd064854d954c51eec6e0e4b17f80c1"], "mitre_attack_tags": ["TA0005", "TA0004", "T1548", "T1562"]}, {"bi": "artifact-vm-detect", "hashes": ["adb7fc1758cbfd9d2fa68357b54406efaeeb2cbb7a6beeed44a17ce2a0c16089", "9abbdd26d5deb63881071512afd4081fc7513e1ab4c1cc77d285484a1610a59c", "0fdec37e33050abc0186bcdac49c6e677fe22dd52174846a87d5b3135fdb7028"], "mitre_attack_tags": ["TA0005", "TA0007", "T1497"]}, {"bi": "windows-crash-tool-execution-detected", "hashes": ["33c027dc736af58e3cf4d9bd76abbbfc6adf461e1d942db0d0f7d06b513c8c94", "722fab49e11fffd69225bbb0590fd8fc5091d4ea4ed2d3619e1ffb8dca0f1759"], "mitre_attack_tags": []}, {"bi": "process-check-virtualbox", "hashes": ["33c027dc736af58e3cf4d9bd76abbbfc6adf461e1d942db0d0f7d06b513c8c94", "722fab49e11fffd69225bbb0590fd8fc5091d4ea4ed2d3619e1ffb8dca0f1759"], "mitre_attack_tags": ["TA0005", "TA0007", "T1497"]}, {"bi": "registry-image-file-execution-debugger", "hashes": ["33c027dc736af58e3cf4d9bd76abbbfc6adf461e1d942db0d0f7d06b513c8c94", "722fab49e11fffd69225bbb0590fd8fc5091d4ea4ed2d3619e1ffb8dca0f1759"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1569", "T1547"]}, {"bi": "image-file-execution-options-set", "hashes": ["33c027dc736af58e3cf4d9bd76abbbfc6adf461e1d942db0d0f7d06b513c8c94", "722fab49e11fffd69225bbb0590fd8fc5091d4ea4ed2d3619e1ffb8dca0f1759"], "mitre_attack_tags": ["TA0003", "TA0004", "T1546"]}, {"bi": "image-file-execution-options-set-to-malicious-value", "hashes": ["33c027dc736af58e3cf4d9bd76abbbfc6adf461e1d942db0d0f7d06b513c8c94", "722fab49e11fffd69225bbb0590fd8fc5091d4ea4ed2d3619e1ffb8dca0f1759"], "mitre_attack_tags": ["TA0003", "TA0004", "T1546"]}, {"bi": "windows-util-schtask-create-onlogon", "hashes": ["33c027dc736af58e3cf4d9bd76abbbfc6adf461e1d942db0d0f7d06b513c8c94", "722fab49e11fffd69225bbb0590fd8fc5091d4ea4ed2d3619e1ffb8dca0f1759"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1053"]}, {"bi": "disables-windows-firewall", "hashes": ["33c027dc736af58e3cf4d9bd76abbbfc6adf461e1d942db0d0f7d06b513c8c94", "722fab49e11fffd69225bbb0590fd8fc5091d4ea4ed2d3619e1ffb8dca0f1759"], "mitre_attack_tags": ["TA0005", "T1562"]}, {"bi": "process-check-vmware", "hashes": ["33c027dc736af58e3cf4d9bd76abbbfc6adf461e1d942db0d0f7d06b513c8c94", "722fab49e11fffd69225bbb0590fd8fc5091d4ea4ed2d3619e1ffb8dca0f1759"], "mitre_attack_tags": ["TA0005", "TA0007", "T1497"]}, {"bi": "malware-betabot-registry-key", "hashes": ["33c027dc736af58e3cf4d9bd76abbbfc6adf461e1d942db0d0f7d06b513c8c94", "722fab49e11fffd69225bbb0590fd8fc5091d4ea4ed2d3619e1ffb8dca0f1759"], "mitre_attack_tags": ["TA0002", "TA0005", "T1059", "T1112"]}, {"bi": "windows-util-nslookup", "hashes": ["c1935ad5839cafe73c88f081d513b45379190e02395d8022c702b7472374b710", "dc4e4a4900ac37937edeb3eae99d639bea6bac21ed34c54a9ab0b916fb556167"], "mitre_attack_tags": ["TA0007"]}, {"bi": "pe-header-timestamp-prior", "hashes": ["a7da8ed5b35cbf0ce2d235e2520d394186740963d0f4649e8ccb684653759f30", "cd9884124884492086133dfad6156b7d8004cb189fef0e089a2b6129865ffc19"], "mitre_attack_tags": []}, {"bi": "network-dns-category-cnc", "hashes": ["8a31b4848a103a3292bba78161cc402eee6b8d9e75b41258fc994411d2b9673f", "b4a7534abef4ef11d117b35e73a0fbb0f1fcc6e9500cff101b9db5b2bf78f8e6"], "mitre_attack_tags": ["TA0011"]}, {"bi": "artifact-windows-component-suspicious-creation", "hashes": ["8a31b4848a103a3292bba78161cc402eee6b8d9e75b41258fc994411d2b9673f", "943486d70b4bc860761c0db97a02ffc628c546527a97512ce96c8f431ab6724c"], "mitre_attack_tags": ["TA0005", "TA0002", "T1036", "T1569"]}, {"bi": "feed-domain-banking", "hashes": ["eb35c000eeb1d368e452a6eef6c1d162b998228f41e4691c70ae97601e8e6442", "584f53a8d11f2e3b7835a2aeaf0d42448dd064854d954c51eec6e0e4b17f80c1"], "mitre_attack_tags": []}, {"bi": "malware-chthonic-rat-detected", "hashes": ["eb35c000eeb1d368e452a6eef6c1d162b998228f41e4691c70ae97601e8e6442", "584f53a8d11f2e3b7835a2aeaf0d42448dd064854d954c51eec6e0e4b17f80c1"], "mitre_attack_tags": []}, {"bi": "file-ini-read", "hashes": ["d337f1e65f568830654e5ea5c9990a73bff97a145c786e2f34aeb20e7dfc677a", "3ce95b260f730ebebc8cf735a23960164c98b4a542f7058b140e81ae9ad4baf7"], "mitre_attack_tags": []}, {"bi": "firefox-password-manager-local-database-access", "hashes": ["d337f1e65f568830654e5ea5c9990a73bff97a145c786e2f34aeb20e7dfc677a", "3ce95b260f730ebebc8cf735a23960164c98b4a542f7058b140e81ae9ad4baf7"], "mitre_attack_tags": ["TA0006", "T1003"]}, {"bi": "enumeration-browser-information", "hashes": ["d337f1e65f568830654e5ea5c9990a73bff97a145c786e2f34aeb20e7dfc677a", "3ce95b260f730ebebc8cf735a23960164c98b4a542f7058b140e81ae9ad4baf7"], "mitre_attack_tags": ["TA0007", "TA0009", "TA0006", "T1083", "T1217", "T1005", "T1119", "T1552", "T1539", "T1555"]}, {"bi": "registry-login-info-guest-modified", "hashes": ["d337f1e65f568830654e5ea5c9990a73bff97a145c786e2f34aeb20e7dfc677a", "3ce95b260f730ebebc8cf735a23960164c98b4a542f7058b140e81ae9ad4baf7"], "mitre_attack_tags": ["TA0005", "TA0003", "T1112", "T1098"]}, {"bi": "malware-fareit-file-activity", "hashes": ["d337f1e65f568830654e5ea5c9990a73bff97a145c786e2f34aeb20e7dfc677a", "3ce95b260f730ebebc8cf735a23960164c98b4a542f7058b140e81ae9ad4baf7"], "mitre_attack_tags": []}, {"bi": "registry-login-info-modified", "hashes": ["d337f1e65f568830654e5ea5c9990a73bff97a145c786e2f34aeb20e7dfc677a", "3ce95b260f730ebebc8cf735a23960164c98b4a542f7058b140e81ae9ad4baf7"], "mitre_attack_tags": ["TA0005", "TA0003", "T1112", "T1098"]}, {"bi": "url-not-found", "hashes": ["d337f1e65f568830654e5ea5c9990a73bff97a145c786e2f34aeb20e7dfc677a", "ae01f0fd6f786159f0f3f26e90e05d3869fb190176090ac479a55c4d8988f954"], "mitre_attack_tags": []}, {"bi": "registry-created-user", "hashes": ["d337f1e65f568830654e5ea5c9990a73bff97a145c786e2f34aeb20e7dfc677a", "3ce95b260f730ebebc8cf735a23960164c98b4a542f7058b140e81ae9ad4baf7"], "mitre_attack_tags": ["TA0005", "TA0003", "T1112", "T1098"]}, {"bi": "malware-generic-infostealer", "hashes": ["d337f1e65f568830654e5ea5c9990a73bff97a145c786e2f34aeb20e7dfc677a", "3ce95b260f730ebebc8cf735a23960164c98b4a542f7058b140e81ae9ad4baf7"], "mitre_attack_tags": ["TA0007", "TA0009", "TA0006", "T1083", "T1005", "T1119", "T1552"]}, {"bi": "enumeration-ftp-program-information", "hashes": ["d337f1e65f568830654e5ea5c9990a73bff97a145c786e2f34aeb20e7dfc677a", "3ce95b260f730ebebc8cf735a23960164c98b4a542f7058b140e81ae9ad4baf7"], "mitre_attack_tags": ["TA0007", "TA0009", "TA0006", "T1083", "T1005", "T1119", "T1552", "T1555"]}, {"bi": "pe-imports-psapi-dll", "hashes": ["943486d70b4bc860761c0db97a02ffc628c546527a97512ce96c8f431ab6724c", "38b2606a56f63721f744eac093b50e2df5cd4b8cf6bef14ab4c8525a4b690255"], "mitre_attack_tags": ["TA0007", "T1057"]}, {"bi": "artifact-flagged-anomaly", "hashes": ["7e9b585b5bb50aec1f77132d85ac19cfcde0ff46341ceeb8dd17f558d111624a", "f899f12df814d2f8cdd33864ad6cd5c7f8c4305a1b0ed4d3f845994978abcf32"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-filename-mismatch", "hashes": ["38b2606a56f63721f744eac093b50e2df5cd4b8cf6bef14ab4c8525a4b690255", "37d74ffc805cb18b38b59dc6f1982e78ec5fb6d458373451779e23bd5f21e8c3"], "mitre_attack_tags": []}, {"bi": "enumeration-email-program-information", "hashes": ["3ce95b260f730ebebc8cf735a23960164c98b4a542f7058b140e81ae9ad4baf7", "37d74ffc805cb18b38b59dc6f1982e78ec5fb6d458373451779e23bd5f21e8c3"], "mitre_attack_tags": ["TA0007", "TA0009", "TA0006", "T1083", "T1087", "T1005", "T1119", "T1114", "T1552"]}, {"bi": "network-communications-http-get", "hashes": ["ae01f0fd6f786159f0f3f26e90e05d3869fb190176090ac479a55c4d8988f954", "654aa52ae3de9f6843f8b61c1344c884df121cf1fcb23848ab4d4c0079c370ef"], "mitre_attack_tags": ["TA0011", "T1105"]}, {"bi": "process-explorer-suspicious-launch", "hashes": ["37d74ffc805cb18b38b59dc6f1982e78ec5fb6d458373451779e23bd5f21e8c3", "b4a7534abef4ef11d117b35e73a0fbb0f1fcc6e9500cff101b9db5b2bf78f8e6"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "microsoft-block-rule-list-app-executed", "hashes": ["a98fb6e329c2046d296dccac5580f1bf2b8fd6186913deb9cddcafc09be0813c"], "mitre_attack_tags": ["TA0005", "T1562"]}, {"bi": "artifact-lnk-calls-mshta", "hashes": ["a98fb6e329c2046d296dccac5580f1bf2b8fd6186913deb9cddcafc09be0813c"], "mitre_attack_tags": ["TA0005"]}, {"bi": "enumeration-volumes", "hashes": ["fa023caa3aebd699466398bae8c709d826e5c1a14718c969688854f28936d07f"], "mitre_attack_tags": ["TA0007", "T1082"]}, {"bi": "at-created-task-and-hidden-file-disabled", "hashes": ["94281f5e13a94a424a2704cfd6f5db503f8fc1d8753edd7b88a1b72d2c9c75ef"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1053"]}, {"bi": "network-dns-category-phishing", "hashes": ["722fab49e11fffd69225bbb0590fd8fc5091d4ea4ed2d3619e1ffb8dca0f1759"], "mitre_attack_tags": []}, {"bi": "network-snort-malware", "hashes": ["722fab49e11fffd69225bbb0590fd8fc5091d4ea4ed2d3619e1ffb8dca0f1759"], "mitre_attack_tags": []}, {"bi": "altered-sample-snort-flagged", "hashes": ["722fab49e11fffd69225bbb0590fd8fc5091d4ea4ed2d3619e1ffb8dca0f1759"], "mitre_attack_tags": ["TA0011", "T1102"]}, {"bi": "html-malicious-page-not-found", "hashes": ["722fab49e11fffd69225bbb0590fd8fc5091d4ea4ed2d3619e1ffb8dca0f1759"], "mitre_attack_tags": []}, {"bi": "html-phishing-page-not-found", "hashes": ["722fab49e11fffd69225bbb0590fd8fc5091d4ea4ed2d3619e1ffb8dca0f1759"], "mitre_attack_tags": []}, {"bi": "network-snort-indicator-compromise", "hashes": ["8a31b4848a103a3292bba78161cc402eee6b8d9e75b41258fc994411d2b9673f"], "mitre_attack_tags": []}, {"bi": "possible-dga-communication", "hashes": ["8a31b4848a103a3292bba78161cc402eee6b8d9e75b41258fc994411d2b9673f"], "mitre_attack_tags": ["TA0011", "T1568"]}, {"bi": "network-communications-smtp", "hashes": ["35853dfe6731d377efc7fbe049a6a2fc0d6cde89ad82b4a2968c8b118e8d2031"], "mitre_attack_tags": ["TA0011", "T1071"]}, {"bi": "network-smtp-spambot", "hashes": ["35853dfe6731d377efc7fbe049a6a2fc0d6cde89ad82b4a2968c8b118e8d2031"], "mitre_attack_tags": []}, {"bi": "url-gate-php", "hashes": ["d337f1e65f568830654e5ea5c9990a73bff97a145c786e2f34aeb20e7dfc677a"], "mitre_attack_tags": ["TA0011", "T1071"]}, {"bi": "enumeration-cryptocurrency-information", "hashes": ["d337f1e65f568830654e5ea5c9990a73bff97a145c786e2f34aeb20e7dfc677a"], "mitre_attack_tags": ["TA0007", "TA0009", "TA0006", "T1083", "T1005", "T1119", "T1552"]}, {"bi": "windows-firewall-halted", "hashes": ["943486d70b4bc860761c0db97a02ffc628c546527a97512ce96c8f431ab6724c"], "mitre_attack_tags": ["TA0005", "T1562"]}, {"bi": "net-service-stop", "hashes": ["943486d70b4bc860761c0db97a02ffc628c546527a97512ce96c8f431ab6724c"], "mitre_attack_tags": ["TA0002", "T1569"]}, {"bi": "malware-madness-pro", "hashes": ["943486d70b4bc860761c0db97a02ffc628c546527a97512ce96c8f431ab6724c"], "mitre_attack_tags": []}, {"bi": "hook-installed", "hashes": ["38b2606a56f63721f744eac093b50e2df5cd4b8cf6bef14ab4c8525a4b690255"], "mitre_attack_tags": ["TA0009", "TA0006", "T1056"]}, {"bi": "modified-file-in-program-dir", "hashes": ["38b2606a56f63721f744eac093b50e2df5cd4b8cf6bef14ab4c8525a4b690255"], "mitre_attack_tags": []}, {"bi": "modified-file-in-system-dir", "hashes": ["38b2606a56f63721f744eac093b50e2df5cd4b8cf6bef14ab4c8525a4b690255"], "mitre_attack_tags": []}, {"bi": "dns-bypassed-assigned-server", "hashes": ["38b2606a56f63721f744eac093b50e2df5cd4b8cf6bef14ab4c8525a4b690255"], "mitre_attack_tags": ["TA0011", "TA0005"]}, {"bi": "network-dns-safe-categories", "hashes": ["38b2606a56f63721f744eac093b50e2df5cd4b8cf6bef14ab4c8525a4b690255"], "mitre_attack_tags": []}, {"bi": "internet-explorer-phishing", "hashes": ["38b2606a56f63721f744eac093b50e2df5cd4b8cf6bef14ab4c8525a4b690255"], "mitre_attack_tags": ["TA0005", "T1562"]}, {"bi": "registry-service-schedule-and-task-path", "hashes": ["38b2606a56f63721f744eac093b50e2df5cd4b8cf6bef14ab4c8525a4b690255"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1569", "T1547"]}, {"bi": "deleted-executable-in-program-dir", "hashes": ["38b2606a56f63721f744eac093b50e2df5cd4b8cf6bef14ab4c8525a4b690255"], "mitre_attack_tags": []}, {"bi": "task-pointed-to-appdata-directory", "hashes": ["38b2606a56f63721f744eac093b50e2df5cd4b8cf6bef14ab4c8525a4b690255"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1053"]}, {"bi": "process-long-cmdline", "hashes": ["3ce95b260f730ebebc8cf735a23960164c98b4a542f7058b140e81ae9ad4baf7"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "files-deleted-used-batch", "hashes": ["3ce95b260f730ebebc8cf735a23960164c98b4a542f7058b140e81ae9ad4baf7"], "mitre_attack_tags": ["TA0005"]}, {"bi": "process-svchost-suspicious-launch", "hashes": ["ae01f0fd6f786159f0f3f26e90e05d3869fb190176090ac479a55c4d8988f954"], "mitre_attack_tags": ["TA0005", "T1036"]}, {"bi": "http-response-redirect", "hashes": ["ae01f0fd6f786159f0f3f26e90e05d3869fb190176090ac479a55c4d8988f954"], "mitre_attack_tags": []}, {"bi": "sample-pe-modified-on-disk", "hashes": ["37d74ffc805cb18b38b59dc6f1982e78ec5fb6d458373451779e23bd5f21e8c3"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "windows-firewall-modification", "hashes": ["37d74ffc805cb18b38b59dc6f1982e78ec5fb6d458373451779e23bd5f21e8c3"], "mitre_attack_tags": ["TA0005", "T1562"]}, {"bi": "file-alternate-data-stream-modification", "hashes": ["37d74ffc805cb18b38b59dc6f1982e78ec5fb6d458373451779e23bd5f21e8c3"], "mitre_attack_tags": ["TA0005", "T1564"]}, {"bi": "file-alternate-data-stream-creation", "hashes": ["37d74ffc805cb18b38b59dc6f1982e78ec5fb6d458373451779e23bd5f21e8c3"], "mitre_attack_tags": ["TA0005", "T1564"]}, {"bi": "malware-zeus-mutex-detected", "hashes": ["37d74ffc805cb18b38b59dc6f1982e78ec5fb6d458373451779e23bd5f21e8c3"], "mitre_attack_tags": []}, {"bi": "sample-modified-deleted", "hashes": ["37d74ffc805cb18b38b59dc6f1982e78ec5fb6d458373451779e23bd5f21e8c3"], "mitre_attack_tags": ["TA0005"]}, {"bi": "eml-same-sender-recipient", "hashes": ["37d74ffc805cb18b38b59dc6f1982e78ec5fb6d458373451779e23bd5f21e8c3"], "mitre_attack_tags": ["TA0001", "T1566"]}, {"bi": "outlook-express-com-server", "hashes": ["37d74ffc805cb18b38b59dc6f1982e78ec5fb6d458373451779e23bd5f21e8c3"], "mitre_attack_tags": ["TA0009", "TA0003", "TA0004", "T1114", "T1546"]}, {"bi": "eml-link", "hashes": ["37d74ffc805cb18b38b59dc6f1982e78ec5fb6d458373451779e23bd5f21e8c3"], "mitre_attack_tags": ["TA0001", "T1566"]}, {"bi": "eml-mismatched-name-to-header", "hashes": ["37d74ffc805cb18b38b59dc6f1982e78ec5fb6d458373451779e23bd5f21e8c3"], "mitre_attack_tags": ["TA0001", "T1566"]}, {"bi": "email-same-sender-receiver-domain", "hashes": ["37d74ffc805cb18b38b59dc6f1982e78ec5fb6d458373451779e23bd5f21e8c3"], "mitre_attack_tags": []}, {"bi": "network-http-numeric-ip", "hashes": ["654aa52ae3de9f6843f8b61c1344c884df121cf1fcb23848ab4d4c0079c370ef"], "mitre_attack_tags": ["TA0011", "T1071"]}, {"bi": "pe-subtype-com", "hashes": ["654aa52ae3de9f6843f8b61c1344c884df121cf1fcb23848ab4d4c0079c370ef"], "mitre_attack_tags": []}, {"bi": "potential-registry-persistence", "hashes": ["b4a7534abef4ef11d117b35e73a0fbb0f1fcc6e9500cff101b9db5b2bf78f8e6"], "mitre_attack_tags": ["TA0003"]}, {"bi": "command-deleted-shadow-copy", "hashes": ["b4a7534abef4ef11d117b35e73a0fbb0f1fcc6e9500cff101b9db5b2bf78f8e6"], "mitre_attack_tags": ["TA0040", "T1490"]}, {"bi": "malware-generic-ransomware-backup-del", "hashes": ["b4a7534abef4ef11d117b35e73a0fbb0f1fcc6e9500cff101b9db5b2bf78f8e6"], "mitre_attack_tags": []}, {"bi": "feed-domain-ransomware", "hashes": ["b4a7534abef4ef11d117b35e73a0fbb0f1fcc6e9500cff101b9db5b2bf78f8e6"], "mitre_attack_tags": []}, {"bi": "registry-systemrestore-disabled", "hashes": ["b4a7534abef4ef11d117b35e73a0fbb0f1fcc6e9500cff101b9db5b2bf78f8e6"], "mitre_attack_tags": ["TA0040", "T1490"]}, {"bi": "malware-cryptowall-dropper-detected", "hashes": ["b4a7534abef4ef11d117b35e73a0fbb0f1fcc6e9500cff101b9db5b2bf78f8e6"], "mitre_attack_tags": []}], "category": "Dropper", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": true, "Threat Grid": true, "Umbrella": true, "WSA": true}, "description": "Cerber is ransomware that encrypts documents, photos, databases and other important files. Historically, this malware would replace files with encrypted versions and add the file extension \".cerber,\" although in more recent campaigns, other file extensions are used.", "hashes": ["00ec05a0fd4ccd413e28f89d1443089eda2e50becdc97e2b44a6e74c55d65fb8", "037e63fa3cfd335313e3cb78d14b0e0a779c4da19a7646d75403858a879d70f9", "0529bd46932a20e14da07133bd2614e7f81ef08a6ad26764ef9d732dd4988e35", "060fb684fd152f2546906c5b85485c24d4e94c7b5e8b93458097d7014154ccc9", "06577101079df0a09060e0eb44b8c6eda8255f138ed3c5af2b669039567f51c5", "072fa77729d844c920070ee8185d91d404c65892bd3ec3324473ad0155b68988", "0e331f718ab1b3f3fab012b47f555ed2c3e14f751c833f280c0dd822cd18a1c6", "0f074c20be427e86895db557908d85e833b1c2b1a765ea17bf9d1dcd77aa1ad1", "0fd02c1cf5e471eccd229ab0534077e3dda91308acbaa6b4e8a15d4fc97b6b98", "0fd57d56f1a5aa99eb20e4d15a31363292ead1d949734cc54570c9bb3fd53d03", "0fdec37e33050abc0186bcdac49c6e677fe22dd52174846a87d5b3135fdb7028", "10362bfd9ff8f18e62e3820f517a90a157b6fa7a546a8c8f5f6130dfdd3de88b", "129bdda489f6349ec751d65c7ce8723941ed40d1ef1dd546371dccd597720ffc", "15c99d9e00084189cdb2abc12a57ffdea53ea181371b7d5bef30c7e91d881f38", "19301e15ac811ffb6bd39380ca618f5c5fb1826e4bc52f6aa6967e00d62dc634", "1f159d6772407b57400c1d524b97415f66134673ffd8b07c0fe123addea75f90", "1f9fc37a1c9df0e760d8efc1a8671dc50d214bf55782c091ec382e2a36acc4db", "203edf058978544a7df0461d63dd601475f37f8dbb27b9707065344e7e6ce8be", "21ede0344d272a3a8a772dbdaadbacff83b522fcb01728965a8f29a4726358d9", "2808e6b2ebe3634f82b388f17e007478854ec366cb7fd09321b6ea128d3a2155", "284e151ec6597ce6ccc0fb1848d44177bdb351ee0ad00b360014ea7ac5a31d84", "295a3be41b49bd5eacd29948c45be6df94a787c7873c9f73779f6cc473b2d088", "33c027dc736af58e3cf4d9bd76abbbfc6adf461e1d942db0d0f7d06b513c8c94", "3445899a37c24d910f0f91f4a330c26054f3f0018b6c44fe619fe4887673786a", "35752610b7219f53b5a5de2448f0a60175abe48204384ee55ac898dcb95dea66", "35853dfe6731d377efc7fbe049a6a2fc0d6cde89ad82b4a2968c8b118e8d2031", "3660b8b6775b3cb51e02de69df3ea7e7d33e416ff18dcb383bbfd9832b6f58c2", "37916ebe997db8c5abee95de5dc4ee60792db18f5a23cd9bbb3b301a321c22ce", "37d74ffc805cb18b38b59dc6f1982e78ec5fb6d458373451779e23bd5f21e8c3", "38b2606a56f63721f744eac093b50e2df5cd4b8cf6bef14ab4c8525a4b690255", "38f3433e21eeb74aa9de3987c9842a7a3b09b0947c0c2fad548d2c9a1146d18d", "3bc94f387e5e1118773d9ab986039115bf9038f9262da84e0691ecb3334462aa", "3bcd9037e33d95aed6b24bc62ddcfcd5e0e33a88c067a068b3262b648f21b876", "3ca55dfb0daf326b2f643596c081276febf119e8da00f9d7d027a877b9b143d0", "3ce95b260f730ebebc8cf735a23960164c98b4a542f7058b140e81ae9ad4baf7", "3d426b7064f1d2dd537433dd263cbc3f049f3a01261e4f1e93d9dbbd9689d3e4", "42ee13d14f840858d94c7e8712c75455bc6828b65d02d2c798f8e304348bd21d", "437b4e98592df3aa97453cd91bc42554c4e7d22f57eb72acd30399aab9f8ed7e", "478c99de0dcee5ab3da347112b287cdae59780f1cc2f5c5d01e646d8d927474d", "4e7b0a65c1c022ac01703abcd924b9430289ad2fd0739b4d840eb32dcaf63258", "4fc3c2f8781ee6a2c07cf9c6573f6a93b86cbcf5ed046659b89a129e038f1c89", "514670325741ff21596e562511ff1e7ad12b7a627cdbeedc67b93ed44f3e732e", "5317f8a165ff205a65635eec691450948e7846ef1a70bca64b03ff4f8523cd97", "55cf600f0eac84ea1af8fcbb602d59e00498c86ae3b3221f63eb7506904e31e1", "580a08068b8283df49c7d47177f354794d2a0abbbf9774e81432ab5626db99cd", "584f53a8d11f2e3b7835a2aeaf0d42448dd064854d954c51eec6e0e4b17f80c1", "61d0f5e6ab7147b59153a2f446d5778ec04ce7b351f2e0a0669c7a82bb89d1db", "64b287518fbff6bdf964537422e415bcb3435dc73fa98e767f6df01b8d092f5f", "654aa52ae3de9f6843f8b61c1344c884df121cf1fcb23848ab4d4c0079c370ef", "6830b989159440052c7fb38c5a78edd1cf3574b33e9d4e25863a8280d7249b11", "6971cad8f0b8e9de3bb406ec10956e0ee095a47d127c7b245379fdd66cf5f32e", "6a38e36c3c79a10d84b1df2a28b6fc3c650bd2799b8ab2ce5e869ecf5e7ee92c", "71a988b2ace69974a4e85a98621b8782decdb5255ff499fb04fb69882cc54312", "722fab49e11fffd69225bbb0590fd8fc5091d4ea4ed2d3619e1ffb8dca0f1759", "7554e314af227056d5b542909815beb58fe0a2ca50b406d18e1263e04f5d91f3", "757fbdc22c3a597eb40bca8f50f71d0bc59d874bbadee0709a7d3d7631896626", "75c507c6bb4c61e97e17ac9c16ae13d9ab6ad934a6ea1962ef014bc0ec607e89", "7a5307616f8987e9e9991b4b3b0c9a50daeb18947426bc010f3e043ae1ffe658", "7e77d51383f33f8a97f0a5d05fbe82c4d6d143bbae5a65f4866ead944cff3560", "7e9b585b5bb50aec1f77132d85ac19cfcde0ff46341ceeb8dd17f558d111624a", "82332488e17daa5917aafb06e4fe1854f960a3d01f7fec85ba50cd2fc63b35a8", "8a31b4848a103a3292bba78161cc402eee6b8d9e75b41258fc994411d2b9673f", "8d96be2882017859c132e29135bfa8389fc518c7a8fa115987cb81ab8ee58399", "8df01a08896f45bf84ba3bfe6d0b1bf7539bc00a71794e4126502c1650cb593e", "91e17a189ddc9dfec52d8d36621c9e860b0dc025e2f77112196d0ecec2008332", "94281f5e13a94a424a2704cfd6f5db503f8fc1d8753edd7b88a1b72d2c9c75ef", "943486d70b4bc860761c0db97a02ffc628c546527a97512ce96c8f431ab6724c", "9a1c47f337e892d67effafa70018fe9cf0e56d0c51a019989a97245e75d0be3d", "9abbdd26d5deb63881071512afd4081fc7513e1ab4c1cc77d285484a1610a59c", "9e5b5e4619da2e44f2915dfdfb14c57c82580299ab11c8214a081264fdd44acc", "9ee10a8a4ae234cda9f7c4d329142208d8b638269143be2ac4ea10071c21d0b5", "a0d8511d744da4c1dbf0de4d02ae8831da579a0aec7d6fb1fea296a4cd42bd1d", "a7da8ed5b35cbf0ce2d235e2520d394186740963d0f4649e8ccb684653759f30", "a98fb6e329c2046d296dccac5580f1bf2b8fd6186913deb9cddcafc09be0813c", "aa3c2568af4df9ecf3b4f11a25d50996a0f6005cddd38388f1190d3db8acfd4e", "adb7fc1758cbfd9d2fa68357b54406efaeeb2cbb7a6beeed44a17ce2a0c16089", "ae01f0fd6f786159f0f3f26e90e05d3869fb190176090ac479a55c4d8988f954", "af3ef5a49e1b5a7e2c0f099a0522ec94a8f520456d2631166f3ec0210d82d022", "b162f8d2ab92f50f9e18d60f462e36cbb5d7ec5bdd3d9015655ffc22c16aa0ab", "b393780f6b168798953a8d3b2f2a859d042b60d8a013a2385238587f175b9abc", "b45ada058a241bc8e69bf499f1e4236f2e10a0ffa5afddf638733dad715f6b82", "b4a7534abef4ef11d117b35e73a0fbb0f1fcc6e9500cff101b9db5b2bf78f8e6", "b569fb0818fe4182279ce8c98a86e5be17caa84f17b296a2cf076af578526ad7", "b5e74f86d3d81801831504919301322a5bf66fbaad05153cb0d6607b0734131f", "b719a30f482e0c48982b91cc2575da1d57eedce245cac9844ada69722c4264f4", "b89daedb507a3beac6eca4e5065ffa9f1f50694f0cabeb8be1bc9a8970a49082", "baeadc69299f16afc9cddaf010a8dcec6e4ab739ea880d3f3f2e39dc5c4f1f6f", "bc225ff15a0644c18094284c4e502f3ecbddb86fed694631326856f0ed0164e7", "bcb99f7cd04b670f21c60f63ff3549197affb1efa90ec9c00702540d581fee7f", "bd68e7d7a9005e82fcf9ee806d780da54dcb12deee112b868e70c897eaae495e", "c1935ad5839cafe73c88f081d513b45379190e02395d8022c702b7472374b710", "c42dfe64f1735b6d4bfb09403d3456ff6138be8e58447f05028ddbbcf6b43613", "cd9884124884492086133dfad6156b7d8004cb189fef0e089a2b6129865ffc19", "d337f1e65f568830654e5ea5c9990a73bff97a145c786e2f34aeb20e7dfc677a", "d83b387414319ce8d132672b5311c057852ff413683c0fe49d752bdb147237f8", "db9506aeffa9157c1e3a3f0a9852a96222d4b4c3b6937c2b1cb4ea5a10c2be4b", "dc4e4a4900ac37937edeb3eae99d639bea6bac21ed34c54a9ab0b916fb556167", "ddfb6bf3328852fc6e73d7dcfbf2db696e085e8dda7757465f40aa8b32361152", "e01baa616f8863c33bffa3c10b970766af4aad3b5b666d0e0b50e7ef7cf55446", "e30232cb5fe9d81f04d448df08ba8124278572cb9a26f623d103485e0a537c04", "e3b5ce6842c8fa2c1037d58aa4a1424fa4089b39755e2b00c575f948e2b89c40", "e3faa862cfacce2dd526f90a5112ca645985c8f9edb6ed0b2012523c66c14a32", "e47dd4e61d7441fd7b9f1ad21dc1aafd9c03fdeb84db7a230c59b90d98a2841f", "e51930227c1f303ca6b34fa94170d81f0512165ff7308526f5c68197f347e2cb", "ea32abddea0da67213ee9022c45e5554e6b0187a43ca224e743a848c4f45e3b7", "eb35c000eeb1d368e452a6eef6c1d162b998228f41e4691c70ae97601e8e6442", "ed9206075e59643ee7f26257e1acb9f53c1758fd53cdfa269e5323f686a1c5d3", "eecbd7df302c9040d47f66e3c76d2a4f06a20a960b5eb283787ee210550ac6c9", "ef1b63884af89306dabf230b9c25410dac0c26c974083d1d2a0ddd2d201cd6a3", "ef50489388dd956bb36ec5d29e869337e66417cf8cbc47207411a7027c8598ee", "f064c33d423319607e3bfa771f6a7acab34b3daa130bfdbfdb554ee886d41e72", "f1a397df96b00ab54f46efb442d23f33d136babf5e2e2b58faf8d7b191675c1b", "f3efbedbcdf30498ed948c6bb1aec6107c76a95bd5000fb9b52766253bd6ee3d", "f626d6e4f4e421aa380caa10bdda4f2624dad2bbfbeb187732207f3d4c1926f5", "f68c5d2b029a43c0a265012f51f77dc0ba6dd72a44c3457606a600a9b08359d1", "f6f158850b3dde3385499ecdafc2ef9ba1b2eb37b02a3ce76c3e3347aa272d05", "f899f12df814d2f8cdd33864ad6cd5c7f8c4305a1b0ed4d3f845994978abcf32", "f9d8e319c20af4a7ee83929537cdbd49e0e27db8e08bef506dbb6d879d807252", "fa023caa3aebd699466398bae8c709d826e5c1a14718c969688854f28936d07f"], "iocs": {"domain": [{"hashes": ["129bdda489f6349ec751d65c7ce8723941ed40d1ef1dd546371dccd597720ffc", "35752610b7219f53b5a5de2448f0a60175abe48204384ee55ac898dcb95dea66", "7e9b585b5bb50aec1f77132d85ac19cfcde0ff46341ceeb8dd17f558d111624a", "8a31b4848a103a3292bba78161cc402eee6b8d9e75b41258fc994411d2b9673f", "a7da8ed5b35cbf0ce2d235e2520d394186740963d0f4649e8ccb684653759f30", "b719a30f482e0c48982b91cc2575da1d57eedce245cac9844ada69722c4264f4", "b89daedb507a3beac6eca4e5065ffa9f1f50694f0cabeb8be1bc9a8970a49082", "c42dfe64f1735b6d4bfb09403d3456ff6138be8e58447f05028ddbbcf6b43613", "cd9884124884492086133dfad6156b7d8004cb189fef0e089a2b6129865ffc19", "e47dd4e61d7441fd7b9f1ad21dc1aafd9c03fdeb84db7a230c59b90d98a2841f", "ea32abddea0da67213ee9022c45e5554e6b0187a43ca224e743a848c4f45e3b7", "f9d8e319c20af4a7ee83929537cdbd49e0e27db8e08bef506dbb6d879d807252"], "host": "api[.]wipmania[.]com"}, {"hashes": ["129bdda489f6349ec751d65c7ce8723941ed40d1ef1dd546371dccd597720ffc", "35752610b7219f53b5a5de2448f0a60175abe48204384ee55ac898dcb95dea66", "7e9b585b5bb50aec1f77132d85ac19cfcde0ff46341ceeb8dd17f558d111624a", "a7da8ed5b35cbf0ce2d235e2520d394186740963d0f4649e8ccb684653759f30", "b719a30f482e0c48982b91cc2575da1d57eedce245cac9844ada69722c4264f4", "b89daedb507a3beac6eca4e5065ffa9f1f50694f0cabeb8be1bc9a8970a49082", "c42dfe64f1735b6d4bfb09403d3456ff6138be8e58447f05028ddbbcf6b43613", "cd9884124884492086133dfad6156b7d8004cb189fef0e089a2b6129865ffc19", "e47dd4e61d7441fd7b9f1ad21dc1aafd9c03fdeb84db7a230c59b90d98a2841f", "ea32abddea0da67213ee9022c45e5554e6b0187a43ca224e743a848c4f45e3b7", "f9d8e319c20af4a7ee83929537cdbd49e0e27db8e08bef506dbb6d879d807252"], "host": "a[.]najwahaifamelema2[.]com"}, {"hashes": ["129bdda489f6349ec751d65c7ce8723941ed40d1ef1dd546371dccd597720ffc", "35752610b7219f53b5a5de2448f0a60175abe48204384ee55ac898dcb95dea66", "7e9b585b5bb50aec1f77132d85ac19cfcde0ff46341ceeb8dd17f558d111624a", "a7da8ed5b35cbf0ce2d235e2520d394186740963d0f4649e8ccb684653759f30", "b719a30f482e0c48982b91cc2575da1d57eedce245cac9844ada69722c4264f4", "b89daedb507a3beac6eca4e5065ffa9f1f50694f0cabeb8be1bc9a8970a49082", "c42dfe64f1735b6d4bfb09403d3456ff6138be8e58447f05028ddbbcf6b43613", "cd9884124884492086133dfad6156b7d8004cb189fef0e089a2b6129865ffc19", "e47dd4e61d7441fd7b9f1ad21dc1aafd9c03fdeb84db7a230c59b90d98a2841f", "ea32abddea0da67213ee9022c45e5554e6b0187a43ca224e743a848c4f45e3b7", "f9d8e319c20af4a7ee83929537cdbd49e0e27db8e08bef506dbb6d879d807252"], "host": "a[.]najwahaifamelema3[.]com"}, {"hashes": ["129bdda489f6349ec751d65c7ce8723941ed40d1ef1dd546371dccd597720ffc", "35752610b7219f53b5a5de2448f0a60175abe48204384ee55ac898dcb95dea66", "7e9b585b5bb50aec1f77132d85ac19cfcde0ff46341ceeb8dd17f558d111624a", "a7da8ed5b35cbf0ce2d235e2520d394186740963d0f4649e8ccb684653759f30", "b719a30f482e0c48982b91cc2575da1d57eedce245cac9844ada69722c4264f4", "b89daedb507a3beac6eca4e5065ffa9f1f50694f0cabeb8be1bc9a8970a49082", "c42dfe64f1735b6d4bfb09403d3456ff6138be8e58447f05028ddbbcf6b43613", "cd9884124884492086133dfad6156b7d8004cb189fef0e089a2b6129865ffc19", "e47dd4e61d7441fd7b9f1ad21dc1aafd9c03fdeb84db7a230c59b90d98a2841f", "ea32abddea0da67213ee9022c45e5554e6b0187a43ca224e743a848c4f45e3b7", "f9d8e319c20af4a7ee83929537cdbd49e0e27db8e08bef506dbb6d879d807252"], "host": "a[.]najwahaifamelema4[.]com"}, {"hashes": ["129bdda489f6349ec751d65c7ce8723941ed40d1ef1dd546371dccd597720ffc", "35752610b7219f53b5a5de2448f0a60175abe48204384ee55ac898dcb95dea66", "7e9b585b5bb50aec1f77132d85ac19cfcde0ff46341ceeb8dd17f558d111624a", "a7da8ed5b35cbf0ce2d235e2520d394186740963d0f4649e8ccb684653759f30", "b719a30f482e0c48982b91cc2575da1d57eedce245cac9844ada69722c4264f4", "b89daedb507a3beac6eca4e5065ffa9f1f50694f0cabeb8be1bc9a8970a49082", "c42dfe64f1735b6d4bfb09403d3456ff6138be8e58447f05028ddbbcf6b43613", "cd9884124884492086133dfad6156b7d8004cb189fef0e089a2b6129865ffc19", "e47dd4e61d7441fd7b9f1ad21dc1aafd9c03fdeb84db7a230c59b90d98a2841f", "ea32abddea0da67213ee9022c45e5554e6b0187a43ca224e743a848c4f45e3b7", "f9d8e319c20af4a7ee83929537cdbd49e0e27db8e08bef506dbb6d879d807252"], "host": "a[.]najwahaifamelema5[.]com"}, {"hashes": ["129bdda489f6349ec751d65c7ce8723941ed40d1ef1dd546371dccd597720ffc", "35752610b7219f53b5a5de2448f0a60175abe48204384ee55ac898dcb95dea66", "7e9b585b5bb50aec1f77132d85ac19cfcde0ff46341ceeb8dd17f558d111624a", "a7da8ed5b35cbf0ce2d235e2520d394186740963d0f4649e8ccb684653759f30", "b719a30f482e0c48982b91cc2575da1d57eedce245cac9844ada69722c4264f4", "b89daedb507a3beac6eca4e5065ffa9f1f50694f0cabeb8be1bc9a8970a49082", "c42dfe64f1735b6d4bfb09403d3456ff6138be8e58447f05028ddbbcf6b43613", "cd9884124884492086133dfad6156b7d8004cb189fef0e089a2b6129865ffc19", "e47dd4e61d7441fd7b9f1ad21dc1aafd9c03fdeb84db7a230c59b90d98a2841f", "ea32abddea0da67213ee9022c45e5554e6b0187a43ca224e743a848c4f45e3b7", "f9d8e319c20af4a7ee83929537cdbd49e0e27db8e08bef506dbb6d879d807252"], "host": "a[.]najwahaifamelema6[.]com"}, {"hashes": ["129bdda489f6349ec751d65c7ce8723941ed40d1ef1dd546371dccd597720ffc", "35752610b7219f53b5a5de2448f0a60175abe48204384ee55ac898dcb95dea66", "7e9b585b5bb50aec1f77132d85ac19cfcde0ff46341ceeb8dd17f558d111624a", "a7da8ed5b35cbf0ce2d235e2520d394186740963d0f4649e8ccb684653759f30", "b719a30f482e0c48982b91cc2575da1d57eedce245cac9844ada69722c4264f4", "b89daedb507a3beac6eca4e5065ffa9f1f50694f0cabeb8be1bc9a8970a49082", "c42dfe64f1735b6d4bfb09403d3456ff6138be8e58447f05028ddbbcf6b43613", "cd9884124884492086133dfad6156b7d8004cb189fef0e089a2b6129865ffc19", "e47dd4e61d7441fd7b9f1ad21dc1aafd9c03fdeb84db7a230c59b90d98a2841f", "ea32abddea0da67213ee9022c45e5554e6b0187a43ca224e743a848c4f45e3b7", "f9d8e319c20af4a7ee83929537cdbd49e0e27db8e08bef506dbb6d879d807252"], "host": "a[.]najwahaifamelema7[.]com"}, {"hashes": ["129bdda489f6349ec751d65c7ce8723941ed40d1ef1dd546371dccd597720ffc", "35752610b7219f53b5a5de2448f0a60175abe48204384ee55ac898dcb95dea66", "7e9b585b5bb50aec1f77132d85ac19cfcde0ff46341ceeb8dd17f558d111624a", "a7da8ed5b35cbf0ce2d235e2520d394186740963d0f4649e8ccb684653759f30", "b719a30f482e0c48982b91cc2575da1d57eedce245cac9844ada69722c4264f4", "b89daedb507a3beac6eca4e5065ffa9f1f50694f0cabeb8be1bc9a8970a49082", "c42dfe64f1735b6d4bfb09403d3456ff6138be8e58447f05028ddbbcf6b43613", "cd9884124884492086133dfad6156b7d8004cb189fef0e089a2b6129865ffc19", "e47dd4e61d7441fd7b9f1ad21dc1aafd9c03fdeb84db7a230c59b90d98a2841f", "ea32abddea0da67213ee9022c45e5554e6b0187a43ca224e743a848c4f45e3b7", "f9d8e319c20af4a7ee83929537cdbd49e0e27db8e08bef506dbb6d879d807252"], "host": "a[.]najwahaifamelema8[.]com"}, {"hashes": ["129bdda489f6349ec751d65c7ce8723941ed40d1ef1dd546371dccd597720ffc", "35752610b7219f53b5a5de2448f0a60175abe48204384ee55ac898dcb95dea66", "7e9b585b5bb50aec1f77132d85ac19cfcde0ff46341ceeb8dd17f558d111624a", "a7da8ed5b35cbf0ce2d235e2520d394186740963d0f4649e8ccb684653759f30", "b719a30f482e0c48982b91cc2575da1d57eedce245cac9844ada69722c4264f4", "b89daedb507a3beac6eca4e5065ffa9f1f50694f0cabeb8be1bc9a8970a49082", "c42dfe64f1735b6d4bfb09403d3456ff6138be8e58447f05028ddbbcf6b43613", "cd9884124884492086133dfad6156b7d8004cb189fef0e089a2b6129865ffc19", "e47dd4e61d7441fd7b9f1ad21dc1aafd9c03fdeb84db7a230c59b90d98a2841f", "ea32abddea0da67213ee9022c45e5554e6b0187a43ca224e743a848c4f45e3b7", "f9d8e319c20af4a7ee83929537cdbd49e0e27db8e08bef506dbb6d879d807252"], "host": "a[.]najwahaifamelema9[.]com"}, {"hashes": ["129bdda489f6349ec751d65c7ce8723941ed40d1ef1dd546371dccd597720ffc", "35752610b7219f53b5a5de2448f0a60175abe48204384ee55ac898dcb95dea66", "7e9b585b5bb50aec1f77132d85ac19cfcde0ff46341ceeb8dd17f558d111624a", "a7da8ed5b35cbf0ce2d235e2520d394186740963d0f4649e8ccb684653759f30", "b719a30f482e0c48982b91cc2575da1d57eedce245cac9844ada69722c4264f4", "b89daedb507a3beac6eca4e5065ffa9f1f50694f0cabeb8be1bc9a8970a49082", "c42dfe64f1735b6d4bfb09403d3456ff6138be8e58447f05028ddbbcf6b43613", "cd9884124884492086133dfad6156b7d8004cb189fef0e089a2b6129865ffc19", "e47dd4e61d7441fd7b9f1ad21dc1aafd9c03fdeb84db7a230c59b90d98a2841f", "ea32abddea0da67213ee9022c45e5554e6b0187a43ca224e743a848c4f45e3b7", "f9d8e319c20af4a7ee83929537cdbd49e0e27db8e08bef506dbb6d879d807252"], "host": "a[.]najwahaifamelema10[.]com"}, {"hashes": ["129bdda489f6349ec751d65c7ce8723941ed40d1ef1dd546371dccd597720ffc", "35752610b7219f53b5a5de2448f0a60175abe48204384ee55ac898dcb95dea66", "7e9b585b5bb50aec1f77132d85ac19cfcde0ff46341ceeb8dd17f558d111624a", "a7da8ed5b35cbf0ce2d235e2520d394186740963d0f4649e8ccb684653759f30", "b719a30f482e0c48982b91cc2575da1d57eedce245cac9844ada69722c4264f4", "b89daedb507a3beac6eca4e5065ffa9f1f50694f0cabeb8be1bc9a8970a49082", "c42dfe64f1735b6d4bfb09403d3456ff6138be8e58447f05028ddbbcf6b43613", "cd9884124884492086133dfad6156b7d8004cb189fef0e089a2b6129865ffc19", "e47dd4e61d7441fd7b9f1ad21dc1aafd9c03fdeb84db7a230c59b90d98a2841f", "ea32abddea0da67213ee9022c45e5554e6b0187a43ca224e743a848c4f45e3b7", "f9d8e319c20af4a7ee83929537cdbd49e0e27db8e08bef506dbb6d879d807252"], "host": "a[.]najwahaifamelema11[.]com"}, {"hashes": ["129bdda489f6349ec751d65c7ce8723941ed40d1ef1dd546371dccd597720ffc", "35752610b7219f53b5a5de2448f0a60175abe48204384ee55ac898dcb95dea66", "7e9b585b5bb50aec1f77132d85ac19cfcde0ff46341ceeb8dd17f558d111624a", "a7da8ed5b35cbf0ce2d235e2520d394186740963d0f4649e8ccb684653759f30", "b719a30f482e0c48982b91cc2575da1d57eedce245cac9844ada69722c4264f4", "b89daedb507a3beac6eca4e5065ffa9f1f50694f0cabeb8be1bc9a8970a49082", "c42dfe64f1735b6d4bfb09403d3456ff6138be8e58447f05028ddbbcf6b43613", "cd9884124884492086133dfad6156b7d8004cb189fef0e089a2b6129865ffc19", "e47dd4e61d7441fd7b9f1ad21dc1aafd9c03fdeb84db7a230c59b90d98a2841f", "ea32abddea0da67213ee9022c45e5554e6b0187a43ca224e743a848c4f45e3b7", "f9d8e319c20af4a7ee83929537cdbd49e0e27db8e08bef506dbb6d879d807252"], "host": "a[.]najwahaifamelema12[.]com"}, {"hashes": ["129bdda489f6349ec751d65c7ce8723941ed40d1ef1dd546371dccd597720ffc", "35752610b7219f53b5a5de2448f0a60175abe48204384ee55ac898dcb95dea66", "7e9b585b5bb50aec1f77132d85ac19cfcde0ff46341ceeb8dd17f558d111624a", "a7da8ed5b35cbf0ce2d235e2520d394186740963d0f4649e8ccb684653759f30", "b719a30f482e0c48982b91cc2575da1d57eedce245cac9844ada69722c4264f4", "b89daedb507a3beac6eca4e5065ffa9f1f50694f0cabeb8be1bc9a8970a49082", "c42dfe64f1735b6d4bfb09403d3456ff6138be8e58447f05028ddbbcf6b43613", "cd9884124884492086133dfad6156b7d8004cb189fef0e089a2b6129865ffc19", "e47dd4e61d7441fd7b9f1ad21dc1aafd9c03fdeb84db7a230c59b90d98a2841f", "ea32abddea0da67213ee9022c45e5554e6b0187a43ca224e743a848c4f45e3b7", "f9d8e319c20af4a7ee83929537cdbd49e0e27db8e08bef506dbb6d879d807252"], "host": "a[.]najwahaifamelema13[.]com"}, {"hashes": ["129bdda489f6349ec751d65c7ce8723941ed40d1ef1dd546371dccd597720ffc", "35752610b7219f53b5a5de2448f0a60175abe48204384ee55ac898dcb95dea66", "7e9b585b5bb50aec1f77132d85ac19cfcde0ff46341ceeb8dd17f558d111624a", "a7da8ed5b35cbf0ce2d235e2520d394186740963d0f4649e8ccb684653759f30", "b719a30f482e0c48982b91cc2575da1d57eedce245cac9844ada69722c4264f4", "b89daedb507a3beac6eca4e5065ffa9f1f50694f0cabeb8be1bc9a8970a49082", "c42dfe64f1735b6d4bfb09403d3456ff6138be8e58447f05028ddbbcf6b43613", "cd9884124884492086133dfad6156b7d8004cb189fef0e089a2b6129865ffc19", "e47dd4e61d7441fd7b9f1ad21dc1aafd9c03fdeb84db7a230c59b90d98a2841f", "ea32abddea0da67213ee9022c45e5554e6b0187a43ca224e743a848c4f45e3b7", "f9d8e319c20af4a7ee83929537cdbd49e0e27db8e08bef506dbb6d879d807252"], "host": "a[.]najwahaifamelema1[.]com"}, {"hashes": ["129bdda489f6349ec751d65c7ce8723941ed40d1ef1dd546371dccd597720ffc", "35752610b7219f53b5a5de2448f0a60175abe48204384ee55ac898dcb95dea66", "7e9b585b5bb50aec1f77132d85ac19cfcde0ff46341ceeb8dd17f558d111624a", "a7da8ed5b35cbf0ce2d235e2520d394186740963d0f4649e8ccb684653759f30", "b719a30f482e0c48982b91cc2575da1d57eedce245cac9844ada69722c4264f4", "b89daedb507a3beac6eca4e5065ffa9f1f50694f0cabeb8be1bc9a8970a49082", "c42dfe64f1735b6d4bfb09403d3456ff6138be8e58447f05028ddbbcf6b43613", "cd9884124884492086133dfad6156b7d8004cb189fef0e089a2b6129865ffc19", "e47dd4e61d7441fd7b9f1ad21dc1aafd9c03fdeb84db7a230c59b90d98a2841f", "ea32abddea0da67213ee9022c45e5554e6b0187a43ca224e743a848c4f45e3b7", "f9d8e319c20af4a7ee83929537cdbd49e0e27db8e08bef506dbb6d879d807252"], "host": "a[.]najwahaifamelema14[.]com"}, {"hashes": ["129bdda489f6349ec751d65c7ce8723941ed40d1ef1dd546371dccd597720ffc", "35752610b7219f53b5a5de2448f0a60175abe48204384ee55ac898dcb95dea66", "7e9b585b5bb50aec1f77132d85ac19cfcde0ff46341ceeb8dd17f558d111624a", "a7da8ed5b35cbf0ce2d235e2520d394186740963d0f4649e8ccb684653759f30", "b719a30f482e0c48982b91cc2575da1d57eedce245cac9844ada69722c4264f4", "b89daedb507a3beac6eca4e5065ffa9f1f50694f0cabeb8be1bc9a8970a49082", "c42dfe64f1735b6d4bfb09403d3456ff6138be8e58447f05028ddbbcf6b43613", "cd9884124884492086133dfad6156b7d8004cb189fef0e089a2b6129865ffc19", "e47dd4e61d7441fd7b9f1ad21dc1aafd9c03fdeb84db7a230c59b90d98a2841f", "ea32abddea0da67213ee9022c45e5554e6b0187a43ca224e743a848c4f45e3b7", "f9d8e319c20af4a7ee83929537cdbd49e0e27db8e08bef506dbb6d879d807252"], "host": "a[.]najwahaifamelema15[.]com"}, {"hashes": ["9abbdd26d5deb63881071512afd4081fc7513e1ab4c1cc77d285484a1610a59c", "adb7fc1758cbfd9d2fa68357b54406efaeeb2cbb7a6beeed44a17ce2a0c16089"], "host": "nutqlfkq123a5[.]com"}, {"hashes": ["9abbdd26d5deb63881071512afd4081fc7513e1ab4c1cc77d285484a1610a59c", "adb7fc1758cbfd9d2fa68357b54406efaeeb2cbb7a6beeed44a17ce2a0c16089"], "host": "nutqlfkq123a6[.]com"}, {"hashes": ["9abbdd26d5deb63881071512afd4081fc7513e1ab4c1cc77d285484a1610a59c", "adb7fc1758cbfd9d2fa68357b54406efaeeb2cbb7a6beeed44a17ce2a0c16089"], "host": "nutqlfkq123a9[.]com"}, {"hashes": ["9abbdd26d5deb63881071512afd4081fc7513e1ab4c1cc77d285484a1610a59c", "adb7fc1758cbfd9d2fa68357b54406efaeeb2cbb7a6beeed44a17ce2a0c16089"], "host": "nutqlfkq123a1[.]com"}, {"hashes": ["9abbdd26d5deb63881071512afd4081fc7513e1ab4c1cc77d285484a1610a59c", "adb7fc1758cbfd9d2fa68357b54406efaeeb2cbb7a6beeed44a17ce2a0c16089"], "host": "nutqlfkq123a10[.]com"}, {"hashes": ["9abbdd26d5deb63881071512afd4081fc7513e1ab4c1cc77d285484a1610a59c", "adb7fc1758cbfd9d2fa68357b54406efaeeb2cbb7a6beeed44a17ce2a0c16089"], "host": "nutqlfkq123a2[.]com"}, {"hashes": ["9abbdd26d5deb63881071512afd4081fc7513e1ab4c1cc77d285484a1610a59c", "adb7fc1758cbfd9d2fa68357b54406efaeeb2cbb7a6beeed44a17ce2a0c16089"], "host": "nutqlfkq123a3[.]com"}, {"hashes": ["9abbdd26d5deb63881071512afd4081fc7513e1ab4c1cc77d285484a1610a59c", "adb7fc1758cbfd9d2fa68357b54406efaeeb2cbb7a6beeed44a17ce2a0c16089"], "host": "nutqlfkq123a4[.]com"}, {"hashes": ["0fdec37e33050abc0186bcdac49c6e677fe22dd52174846a87d5b3135fdb7028", "584f53a8d11f2e3b7835a2aeaf0d42448dd064854d954c51eec6e0e4b17f80c1"], "host": "count-x[.]com"}, {"hashes": ["9abbdd26d5deb63881071512afd4081fc7513e1ab4c1cc77d285484a1610a59c", "adb7fc1758cbfd9d2fa68357b54406efaeeb2cbb7a6beeed44a17ce2a0c16089"], "host": "nutqlfkq123a7[.]com"}, {"hashes": ["9abbdd26d5deb63881071512afd4081fc7513e1ab4c1cc77d285484a1610a59c", "adb7fc1758cbfd9d2fa68357b54406efaeeb2cbb7a6beeed44a17ce2a0c16089"], "host": "nutqlfkq123a8[.]com"}, {"hashes": ["722fab49e11fffd69225bbb0590fd8fc5091d4ea4ed2d3619e1ffb8dca0f1759"], "host": "wachaoutlol[.]com"}, {"hashes": ["722fab49e11fffd69225bbb0590fd8fc5091d4ea4ed2d3619e1ffb8dca0f1759"], "host": "freqysonsi[.]com"}, {"hashes": ["722fab49e11fffd69225bbb0590fd8fc5091d4ea4ed2d3619e1ffb8dca0f1759"], "host": "youblomesa[.]com"}, {"hashes": ["722fab49e11fffd69225bbb0590fd8fc5091d4ea4ed2d3619e1ffb8dca0f1759"], "host": "terasponsor[.]com"}, {"hashes": ["722fab49e11fffd69225bbb0590fd8fc5091d4ea4ed2d3619e1ffb8dca0f1759"], "host": "mustufacka[.]com"}, {"hashes": ["722fab49e11fffd69225bbb0590fd8fc5091d4ea4ed2d3619e1ffb8dca0f1759"], "host": "gandaband[.]com"}, {"hashes": ["722fab49e11fffd69225bbb0590fd8fc5091d4ea4ed2d3619e1ffb8dca0f1759"], "host": "drongobast[.]com"}, {"hashes": ["722fab49e11fffd69225bbb0590fd8fc5091d4ea4ed2d3619e1ffb8dca0f1759"], "host": "footserda[.]com"}, {"hashes": ["584f53a8d11f2e3b7835a2aeaf0d42448dd064854d954c51eec6e0e4b17f80c1"], "host": "count-x[.]net"}, {"hashes": ["943486d70b4bc860761c0db97a02ffc628c546527a97512ce96c8f431ab6724c"], "host": "infinitysolutions[.]name"}, {"hashes": ["b4a7534abef4ef11d117b35e73a0fbb0f1fcc6e9500cff101b9db5b2bf78f8e6"], "host": "babamamama[.]com"}, {"hashes": ["b4a7534abef4ef11d117b35e73a0fbb0f1fcc6e9500cff101b9db5b2bf78f8e6"], "host": "martsblazer[.]com"}, {"hashes": ["b4a7534abef4ef11d117b35e73a0fbb0f1fcc6e9500cff101b9db5b2bf78f8e6"], "host": "jollyhollypanzer[.]com"}, {"hashes": ["eb35c000eeb1d368e452a6eef6c1d162b998228f41e4691c70ae97601e8e6442"], "host": "a2kiaymoster13902[.]com"}, {"hashes": ["eb35c000eeb1d368e452a6eef6c1d162b998228f41e4691c70ae97601e8e6442"], "host": "a2kiaymoster14902[.]com"}, {"hashes": ["eb35c000eeb1d368e452a6eef6c1d162b998228f41e4691c70ae97601e8e6442"], "host": "a2kiaymoster15902[.]com"}, {"hashes": ["eb35c000eeb1d368e452a6eef6c1d162b998228f41e4691c70ae97601e8e6442"], "host": "a2kiaymoster1902[.]com"}, {"hashes": ["eb35c000eeb1d368e452a6eef6c1d162b998228f41e4691c70ae97601e8e6442"], "host": "a2kiaymoster12902[.]com"}, {"hashes": ["b4a7534abef4ef11d117b35e73a0fbb0f1fcc6e9500cff101b9db5b2bf78f8e6"], "host": "bossmaytellu[.]com"}, {"hashes": ["b4a7534abef4ef11d117b35e73a0fbb0f1fcc6e9500cff101b9db5b2bf78f8e6"], "host": "godblessmikenigga[.]com"}, {"hashes": ["38b2606a56f63721f744eac093b50e2df5cd4b8cf6bef14ab4c8525a4b690255"], "host": "1[.]e8d151b95eff86fe257419ea54879fd35f72746c7985ae949a[.]search[.]google[.]com"}, {"hashes": ["38b2606a56f63721f744eac093b50e2df5cd4b8cf6bef14ab4c8525a4b690255"], "host": "6[.]0[.]0[.]300[.]4083029023[.]201759697[.]0[.]0[.]e8d151b95eff86fe257419ea54879fd35f72746c7985ae949a[.]google[.]com"}, {"hashes": ["d337f1e65f568830654e5ea5c9990a73bff97a145c786e2f34aeb20e7dfc677a"], "host": "redtdram[.]com"}], "file": [{"hashes": ["00ec05a0fd4ccd413e28f89d1443089eda2e50becdc97e2b44a6e74c55d65fb8", "037e63fa3cfd335313e3cb78d14b0e0a779c4da19a7646d75403858a879d70f9", "0529bd46932a20e14da07133bd2614e7f81ef08a6ad26764ef9d732dd4988e35", "060fb684fd152f2546906c5b85485c24d4e94c7b5e8b93458097d7014154ccc9", "06577101079df0a09060e0eb44b8c6eda8255f138ed3c5af2b669039567f51c5", "072fa77729d844c920070ee8185d91d404c65892bd3ec3324473ad0155b68988", "0f074c20be427e86895db557908d85e833b1c2b1a765ea17bf9d1dcd77aa1ad1", "0fd02c1cf5e471eccd229ab0534077e3dda91308acbaa6b4e8a15d4fc97b6b98", "0fd57d56f1a5aa99eb20e4d15a31363292ead1d949734cc54570c9bb3fd53d03", "10362bfd9ff8f18e62e3820f517a90a157b6fa7a546a8c8f5f6130dfdd3de88b", "1f159d6772407b57400c1d524b97415f66134673ffd8b07c0fe123addea75f90", "21ede0344d272a3a8a772dbdaadbacff83b522fcb01728965a8f29a4726358d9", "284e151ec6597ce6ccc0fb1848d44177bdb351ee0ad00b360014ea7ac5a31d84", "3445899a37c24d910f0f91f4a330c26054f3f0018b6c44fe619fe4887673786a", "3bc94f387e5e1118773d9ab986039115bf9038f9262da84e0691ecb3334462aa", "3ca55dfb0daf326b2f643596c081276febf119e8da00f9d7d027a877b9b143d0", "3d426b7064f1d2dd537433dd263cbc3f049f3a01261e4f1e93d9dbbd9689d3e4", "42ee13d14f840858d94c7e8712c75455bc6828b65d02d2c798f8e304348bd21d", "437b4e98592df3aa97453cd91bc42554c4e7d22f57eb72acd30399aab9f8ed7e", "478c99de0dcee5ab3da347112b287cdae59780f1cc2f5c5d01e646d8d927474d", "4e7b0a65c1c022ac01703abcd924b9430289ad2fd0739b4d840eb32dcaf63258", "514670325741ff21596e562511ff1e7ad12b7a627cdbeedc67b93ed44f3e732e", "5317f8a165ff205a65635eec691450948e7846ef1a70bca64b03ff4f8523cd97", "55cf600f0eac84ea1af8fcbb602d59e00498c86ae3b3221f63eb7506904e31e1", "64b287518fbff6bdf964537422e415bcb3435dc73fa98e767f6df01b8d092f5f", "6830b989159440052c7fb38c5a78edd1cf3574b33e9d4e25863a8280d7249b11", "6971cad8f0b8e9de3bb406ec10956e0ee095a47d127c7b245379fdd66cf5f32e", "6a38e36c3c79a10d84b1df2a28b6fc3c650bd2799b8ab2ce5e869ecf5e7ee92c", "71a988b2ace69974a4e85a98621b8782decdb5255ff499fb04fb69882cc54312", "7554e314af227056d5b542909815beb58fe0a2ca50b406d18e1263e04f5d91f3", "757fbdc22c3a597eb40bca8f50f71d0bc59d874bbadee0709a7d3d7631896626", "7a5307616f8987e9e9991b4b3b0c9a50daeb18947426bc010f3e043ae1ffe658", "7e77d51383f33f8a97f0a5d05fbe82c4d6d143bbae5a65f4866ead944cff3560", "8d96be2882017859c132e29135bfa8389fc518c7a8fa115987cb81ab8ee58399", "8df01a08896f45bf84ba3bfe6d0b1bf7539bc00a71794e4126502c1650cb593e", "91e17a189ddc9dfec52d8d36621c9e860b0dc025e2f77112196d0ecec2008332", "94281f5e13a94a424a2704cfd6f5db503f8fc1d8753edd7b88a1b72d2c9c75ef", "9a1c47f337e892d67effafa70018fe9cf0e56d0c51a019989a97245e75d0be3d", "9ee10a8a4ae234cda9f7c4d329142208d8b638269143be2ac4ea10071c21d0b5", "a98fb6e329c2046d296dccac5580f1bf2b8fd6186913deb9cddcafc09be0813c", "aa3c2568af4df9ecf3b4f11a25d50996a0f6005cddd38388f1190d3db8acfd4e", "af3ef5a49e1b5a7e2c0f099a0522ec94a8f520456d2631166f3ec0210d82d022", "b5e74f86d3d81801831504919301322a5bf66fbaad05153cb0d6607b0734131f", "bc225ff15a0644c18094284c4e502f3ecbddb86fed694631326856f0ed0164e7", "bcb99f7cd04b670f21c60f63ff3549197affb1efa90ec9c00702540d581fee7f", "c1935ad5839cafe73c88f081d513b45379190e02395d8022c702b7472374b710", "db9506aeffa9157c1e3a3f0a9852a96222d4b4c3b6937c2b1cb4ea5a10c2be4b", "dc4e4a4900ac37937edeb3eae99d639bea6bac21ed34c54a9ab0b916fb556167", "e51930227c1f303ca6b34fa94170d81f0512165ff7308526f5c68197f347e2cb", "ed9206075e59643ee7f26257e1acb9f53c1758fd53cdfa269e5323f686a1c5d3", "ef1b63884af89306dabf230b9c25410dac0c26c974083d1d2a0ddd2d201cd6a3", "f3efbedbcdf30498ed948c6bb1aec6107c76a95bd5000fb9b52766253bd6ee3d", "f68c5d2b029a43c0a265012f51f77dc0ba6dd72a44c3457606a600a9b08359d1", "fa023caa3aebd699466398bae8c709d826e5c1a14718c969688854f28936d07f"], "path": "\\$Recycle.bin\\S-1-5-21-2580483871-590521980-3826313501-500\\$ast-S-1-5-21-2580483871-590521980-3826313501-500"}, {"hashes": ["00ec05a0fd4ccd413e28f89d1443089eda2e50becdc97e2b44a6e74c55d65fb8", "037e63fa3cfd335313e3cb78d14b0e0a779c4da19a7646d75403858a879d70f9", "0529bd46932a20e14da07133bd2614e7f81ef08a6ad26764ef9d732dd4988e35", "060fb684fd152f2546906c5b85485c24d4e94c7b5e8b93458097d7014154ccc9", "06577101079df0a09060e0eb44b8c6eda8255f138ed3c5af2b669039567f51c5", "072fa77729d844c920070ee8185d91d404c65892bd3ec3324473ad0155b68988", "0f074c20be427e86895db557908d85e833b1c2b1a765ea17bf9d1dcd77aa1ad1", "0fd02c1cf5e471eccd229ab0534077e3dda91308acbaa6b4e8a15d4fc97b6b98", "0fd57d56f1a5aa99eb20e4d15a31363292ead1d949734cc54570c9bb3fd53d03", "10362bfd9ff8f18e62e3820f517a90a157b6fa7a546a8c8f5f6130dfdd3de88b", "1f159d6772407b57400c1d524b97415f66134673ffd8b07c0fe123addea75f90", "21ede0344d272a3a8a772dbdaadbacff83b522fcb01728965a8f29a4726358d9", "284e151ec6597ce6ccc0fb1848d44177bdb351ee0ad00b360014ea7ac5a31d84", "3445899a37c24d910f0f91f4a330c26054f3f0018b6c44fe619fe4887673786a", "3bc94f387e5e1118773d9ab986039115bf9038f9262da84e0691ecb3334462aa", "3ca55dfb0daf326b2f643596c081276febf119e8da00f9d7d027a877b9b143d0", "3d426b7064f1d2dd537433dd263cbc3f049f3a01261e4f1e93d9dbbd9689d3e4", "42ee13d14f840858d94c7e8712c75455bc6828b65d02d2c798f8e304348bd21d", "437b4e98592df3aa97453cd91bc42554c4e7d22f57eb72acd30399aab9f8ed7e", "478c99de0dcee5ab3da347112b287cdae59780f1cc2f5c5d01e646d8d927474d", "4e7b0a65c1c022ac01703abcd924b9430289ad2fd0739b4d840eb32dcaf63258", "514670325741ff21596e562511ff1e7ad12b7a627cdbeedc67b93ed44f3e732e", "5317f8a165ff205a65635eec691450948e7846ef1a70bca64b03ff4f8523cd97", "55cf600f0eac84ea1af8fcbb602d59e00498c86ae3b3221f63eb7506904e31e1", "64b287518fbff6bdf964537422e415bcb3435dc73fa98e767f6df01b8d092f5f", "6830b989159440052c7fb38c5a78edd1cf3574b33e9d4e25863a8280d7249b11", "6971cad8f0b8e9de3bb406ec10956e0ee095a47d127c7b245379fdd66cf5f32e", "6a38e36c3c79a10d84b1df2a28b6fc3c650bd2799b8ab2ce5e869ecf5e7ee92c", "71a988b2ace69974a4e85a98621b8782decdb5255ff499fb04fb69882cc54312", "7554e314af227056d5b542909815beb58fe0a2ca50b406d18e1263e04f5d91f3", "757fbdc22c3a597eb40bca8f50f71d0bc59d874bbadee0709a7d3d7631896626", "7a5307616f8987e9e9991b4b3b0c9a50daeb18947426bc010f3e043ae1ffe658", "7e77d51383f33f8a97f0a5d05fbe82c4d6d143bbae5a65f4866ead944cff3560", "8d96be2882017859c132e29135bfa8389fc518c7a8fa115987cb81ab8ee58399", "8df01a08896f45bf84ba3bfe6d0b1bf7539bc00a71794e4126502c1650cb593e", "91e17a189ddc9dfec52d8d36621c9e860b0dc025e2f77112196d0ecec2008332", "94281f5e13a94a424a2704cfd6f5db503f8fc1d8753edd7b88a1b72d2c9c75ef", "9a1c47f337e892d67effafa70018fe9cf0e56d0c51a019989a97245e75d0be3d", "9ee10a8a4ae234cda9f7c4d329142208d8b638269143be2ac4ea10071c21d0b5", "a98fb6e329c2046d296dccac5580f1bf2b8fd6186913deb9cddcafc09be0813c", "aa3c2568af4df9ecf3b4f11a25d50996a0f6005cddd38388f1190d3db8acfd4e", "af3ef5a49e1b5a7e2c0f099a0522ec94a8f520456d2631166f3ec0210d82d022", "b5e74f86d3d81801831504919301322a5bf66fbaad05153cb0d6607b0734131f", "bc225ff15a0644c18094284c4e502f3ecbddb86fed694631326856f0ed0164e7", "bcb99f7cd04b670f21c60f63ff3549197affb1efa90ec9c00702540d581fee7f", "c1935ad5839cafe73c88f081d513b45379190e02395d8022c702b7472374b710", "db9506aeffa9157c1e3a3f0a9852a96222d4b4c3b6937c2b1cb4ea5a10c2be4b", "dc4e4a4900ac37937edeb3eae99d639bea6bac21ed34c54a9ab0b916fb556167", "e51930227c1f303ca6b34fa94170d81f0512165ff7308526f5c68197f347e2cb", "ed9206075e59643ee7f26257e1acb9f53c1758fd53cdfa269e5323f686a1c5d3", "ef1b63884af89306dabf230b9c25410dac0c26c974083d1d2a0ddd2d201cd6a3", "f3efbedbcdf30498ed948c6bb1aec6107c76a95bd5000fb9b52766253bd6ee3d", "f68c5d2b029a43c0a265012f51f77dc0ba6dd72a44c3457606a600a9b08359d1", "fa023caa3aebd699466398bae8c709d826e5c1a14718c969688854f28936d07f"], "path": "%APPDATA%\\Microsoft\\Windows\\IEUpdate"}, {"hashes": ["00ec05a0fd4ccd413e28f89d1443089eda2e50becdc97e2b44a6e74c55d65fb8", "037e63fa3cfd335313e3cb78d14b0e0a779c4da19a7646d75403858a879d70f9", "0529bd46932a20e14da07133bd2614e7f81ef08a6ad26764ef9d732dd4988e35", "060fb684fd152f2546906c5b85485c24d4e94c7b5e8b93458097d7014154ccc9", "06577101079df0a09060e0eb44b8c6eda8255f138ed3c5af2b669039567f51c5", "072fa77729d844c920070ee8185d91d404c65892bd3ec3324473ad0155b68988", "0f074c20be427e86895db557908d85e833b1c2b1a765ea17bf9d1dcd77aa1ad1", "0fd02c1cf5e471eccd229ab0534077e3dda91308acbaa6b4e8a15d4fc97b6b98", "0fd57d56f1a5aa99eb20e4d15a31363292ead1d949734cc54570c9bb3fd53d03", "10362bfd9ff8f18e62e3820f517a90a157b6fa7a546a8c8f5f6130dfdd3de88b", "1f159d6772407b57400c1d524b97415f66134673ffd8b07c0fe123addea75f90", "21ede0344d272a3a8a772dbdaadbacff83b522fcb01728965a8f29a4726358d9", "284e151ec6597ce6ccc0fb1848d44177bdb351ee0ad00b360014ea7ac5a31d84", "3445899a37c24d910f0f91f4a330c26054f3f0018b6c44fe619fe4887673786a", "3bc94f387e5e1118773d9ab986039115bf9038f9262da84e0691ecb3334462aa", "3ca55dfb0daf326b2f643596c081276febf119e8da00f9d7d027a877b9b143d0", "3d426b7064f1d2dd537433dd263cbc3f049f3a01261e4f1e93d9dbbd9689d3e4", "42ee13d14f840858d94c7e8712c75455bc6828b65d02d2c798f8e304348bd21d", "437b4e98592df3aa97453cd91bc42554c4e7d22f57eb72acd30399aab9f8ed7e", "478c99de0dcee5ab3da347112b287cdae59780f1cc2f5c5d01e646d8d927474d", "4e7b0a65c1c022ac01703abcd924b9430289ad2fd0739b4d840eb32dcaf63258", "514670325741ff21596e562511ff1e7ad12b7a627cdbeedc67b93ed44f3e732e", "5317f8a165ff205a65635eec691450948e7846ef1a70bca64b03ff4f8523cd97", "55cf600f0eac84ea1af8fcbb602d59e00498c86ae3b3221f63eb7506904e31e1", "64b287518fbff6bdf964537422e415bcb3435dc73fa98e767f6df01b8d092f5f", "6830b989159440052c7fb38c5a78edd1cf3574b33e9d4e25863a8280d7249b11", "6971cad8f0b8e9de3bb406ec10956e0ee095a47d127c7b245379fdd66cf5f32e", "6a38e36c3c79a10d84b1df2a28b6fc3c650bd2799b8ab2ce5e869ecf5e7ee92c", "71a988b2ace69974a4e85a98621b8782decdb5255ff499fb04fb69882cc54312", "7554e314af227056d5b542909815beb58fe0a2ca50b406d18e1263e04f5d91f3", "757fbdc22c3a597eb40bca8f50f71d0bc59d874bbadee0709a7d3d7631896626", "7a5307616f8987e9e9991b4b3b0c9a50daeb18947426bc010f3e043ae1ffe658", "7e77d51383f33f8a97f0a5d05fbe82c4d6d143bbae5a65f4866ead944cff3560", "8d96be2882017859c132e29135bfa8389fc518c7a8fa115987cb81ab8ee58399", "8df01a08896f45bf84ba3bfe6d0b1bf7539bc00a71794e4126502c1650cb593e", "91e17a189ddc9dfec52d8d36621c9e860b0dc025e2f77112196d0ecec2008332", "94281f5e13a94a424a2704cfd6f5db503f8fc1d8753edd7b88a1b72d2c9c75ef", "9a1c47f337e892d67effafa70018fe9cf0e56d0c51a019989a97245e75d0be3d", "9ee10a8a4ae234cda9f7c4d329142208d8b638269143be2ac4ea10071c21d0b5", "a98fb6e329c2046d296dccac5580f1bf2b8fd6186913deb9cddcafc09be0813c", "aa3c2568af4df9ecf3b4f11a25d50996a0f6005cddd38388f1190d3db8acfd4e", "af3ef5a49e1b5a7e2c0f099a0522ec94a8f520456d2631166f3ec0210d82d022", "b5e74f86d3d81801831504919301322a5bf66fbaad05153cb0d6607b0734131f", "bc225ff15a0644c18094284c4e502f3ecbddb86fed694631326856f0ed0164e7", "bcb99f7cd04b670f21c60f63ff3549197affb1efa90ec9c00702540d581fee7f", "c1935ad5839cafe73c88f081d513b45379190e02395d8022c702b7472374b710", "db9506aeffa9157c1e3a3f0a9852a96222d4b4c3b6937c2b1cb4ea5a10c2be4b", "dc4e4a4900ac37937edeb3eae99d639bea6bac21ed34c54a9ab0b916fb556167", "e51930227c1f303ca6b34fa94170d81f0512165ff7308526f5c68197f347e2cb", "ed9206075e59643ee7f26257e1acb9f53c1758fd53cdfa269e5323f686a1c5d3", "ef1b63884af89306dabf230b9c25410dac0c26c974083d1d2a0ddd2d201cd6a3", "f3efbedbcdf30498ed948c6bb1aec6107c76a95bd5000fb9b52766253bd6ee3d", "f68c5d2b029a43c0a265012f51f77dc0ba6dd72a44c3457606a600a9b08359d1", "fa023caa3aebd699466398bae8c709d826e5c1a14718c969688854f28936d07f"], "path": "%TEMP%\\tmp<random, matching [A-F0-9]{1,4}>.tmp"}, {"hashes": ["129bdda489f6349ec751d65c7ce8723941ed40d1ef1dd546371dccd597720ffc", "35752610b7219f53b5a5de2448f0a60175abe48204384ee55ac898dcb95dea66", "7e9b585b5bb50aec1f77132d85ac19cfcde0ff46341ceeb8dd17f558d111624a", "8a31b4848a103a3292bba78161cc402eee6b8d9e75b41258fc994411d2b9673f", "a7da8ed5b35cbf0ce2d235e2520d394186740963d0f4649e8ccb684653759f30", "b719a30f482e0c48982b91cc2575da1d57eedce245cac9844ada69722c4264f4", "b89daedb507a3beac6eca4e5065ffa9f1f50694f0cabeb8be1bc9a8970a49082", "c42dfe64f1735b6d4bfb09403d3456ff6138be8e58447f05028ddbbcf6b43613", "cd9884124884492086133dfad6156b7d8004cb189fef0e089a2b6129865ffc19", "e47dd4e61d7441fd7b9f1ad21dc1aafd9c03fdeb84db7a230c59b90d98a2841f", "ea32abddea0da67213ee9022c45e5554e6b0187a43ca224e743a848c4f45e3b7", "f9d8e319c20af4a7ee83929537cdbd49e0e27db8e08bef506dbb6d879d807252"], "path": "\\$RECYCLE.BIN.lnk"}, {"hashes": ["129bdda489f6349ec751d65c7ce8723941ed40d1ef1dd546371dccd597720ffc", "35752610b7219f53b5a5de2448f0a60175abe48204384ee55ac898dcb95dea66", "7e9b585b5bb50aec1f77132d85ac19cfcde0ff46341ceeb8dd17f558d111624a", "8a31b4848a103a3292bba78161cc402eee6b8d9e75b41258fc994411d2b9673f", "a7da8ed5b35cbf0ce2d235e2520d394186740963d0f4649e8ccb684653759f30", "b719a30f482e0c48982b91cc2575da1d57eedce245cac9844ada69722c4264f4", "b89daedb507a3beac6eca4e5065ffa9f1f50694f0cabeb8be1bc9a8970a49082", "c42dfe64f1735b6d4bfb09403d3456ff6138be8e58447f05028ddbbcf6b43613", "cd9884124884492086133dfad6156b7d8004cb189fef0e089a2b6129865ffc19", "e47dd4e61d7441fd7b9f1ad21dc1aafd9c03fdeb84db7a230c59b90d98a2841f", "ea32abddea0da67213ee9022c45e5554e6b0187a43ca224e743a848c4f45e3b7", "f9d8e319c20af4a7ee83929537cdbd49e0e27db8e08bef506dbb6d879d807252"], "path": "\\System_Volume_Information.lnk"}, {"hashes": ["129bdda489f6349ec751d65c7ce8723941ed40d1ef1dd546371dccd597720ffc", "35752610b7219f53b5a5de2448f0a60175abe48204384ee55ac898dcb95dea66", "7e9b585b5bb50aec1f77132d85ac19cfcde0ff46341ceeb8dd17f558d111624a", "8a31b4848a103a3292bba78161cc402eee6b8d9e75b41258fc994411d2b9673f", "a7da8ed5b35cbf0ce2d235e2520d394186740963d0f4649e8ccb684653759f30", "b719a30f482e0c48982b91cc2575da1d57eedce245cac9844ada69722c4264f4", "b89daedb507a3beac6eca4e5065ffa9f1f50694f0cabeb8be1bc9a8970a49082", "c42dfe64f1735b6d4bfb09403d3456ff6138be8e58447f05028ddbbcf6b43613", "cd9884124884492086133dfad6156b7d8004cb189fef0e089a2b6129865ffc19", "e47dd4e61d7441fd7b9f1ad21dc1aafd9c03fdeb84db7a230c59b90d98a2841f", "ea32abddea0da67213ee9022c45e5554e6b0187a43ca224e743a848c4f45e3b7", "f9d8e319c20af4a7ee83929537cdbd49e0e27db8e08bef506dbb6d879d807252"], "path": "\\jsdrpAj.exe"}, {"hashes": ["129bdda489f6349ec751d65c7ce8723941ed40d1ef1dd546371dccd597720ffc", "35752610b7219f53b5a5de2448f0a60175abe48204384ee55ac898dcb95dea66", "7e9b585b5bb50aec1f77132d85ac19cfcde0ff46341ceeb8dd17f558d111624a", "8a31b4848a103a3292bba78161cc402eee6b8d9e75b41258fc994411d2b9673f", "a7da8ed5b35cbf0ce2d235e2520d394186740963d0f4649e8ccb684653759f30", "b719a30f482e0c48982b91cc2575da1d57eedce245cac9844ada69722c4264f4", "b89daedb507a3beac6eca4e5065ffa9f1f50694f0cabeb8be1bc9a8970a49082", "c42dfe64f1735b6d4bfb09403d3456ff6138be8e58447f05028ddbbcf6b43613", "cd9884124884492086133dfad6156b7d8004cb189fef0e089a2b6129865ffc19", "e47dd4e61d7441fd7b9f1ad21dc1aafd9c03fdeb84db7a230c59b90d98a2841f", "ea32abddea0da67213ee9022c45e5554e6b0187a43ca224e743a848c4f45e3b7", "f9d8e319c20af4a7ee83929537cdbd49e0e27db8e08bef506dbb6d879d807252"], "path": "E:\\$RECYCLE.BIN.lnk"}, {"hashes": ["129bdda489f6349ec751d65c7ce8723941ed40d1ef1dd546371dccd597720ffc", "35752610b7219f53b5a5de2448f0a60175abe48204384ee55ac898dcb95dea66", "7e9b585b5bb50aec1f77132d85ac19cfcde0ff46341ceeb8dd17f558d111624a", "8a31b4848a103a3292bba78161cc402eee6b8d9e75b41258fc994411d2b9673f", "a7da8ed5b35cbf0ce2d235e2520d394186740963d0f4649e8ccb684653759f30", "b719a30f482e0c48982b91cc2575da1d57eedce245cac9844ada69722c4264f4", "b89daedb507a3beac6eca4e5065ffa9f1f50694f0cabeb8be1bc9a8970a49082", "c42dfe64f1735b6d4bfb09403d3456ff6138be8e58447f05028ddbbcf6b43613", "cd9884124884492086133dfad6156b7d8004cb189fef0e089a2b6129865ffc19", "e47dd4e61d7441fd7b9f1ad21dc1aafd9c03fdeb84db7a230c59b90d98a2841f", "ea32abddea0da67213ee9022c45e5554e6b0187a43ca224e743a848c4f45e3b7", "f9d8e319c20af4a7ee83929537cdbd49e0e27db8e08bef506dbb6d879d807252"], "path": "E:\\System_Volume_Information.lnk"}, {"hashes": ["129bdda489f6349ec751d65c7ce8723941ed40d1ef1dd546371dccd597720ffc", "35752610b7219f53b5a5de2448f0a60175abe48204384ee55ac898dcb95dea66", "7e9b585b5bb50aec1f77132d85ac19cfcde0ff46341ceeb8dd17f558d111624a", "8a31b4848a103a3292bba78161cc402eee6b8d9e75b41258fc994411d2b9673f", "a7da8ed5b35cbf0ce2d235e2520d394186740963d0f4649e8ccb684653759f30", "b719a30f482e0c48982b91cc2575da1d57eedce245cac9844ada69722c4264f4", "b89daedb507a3beac6eca4e5065ffa9f1f50694f0cabeb8be1bc9a8970a49082", "c42dfe64f1735b6d4bfb09403d3456ff6138be8e58447f05028ddbbcf6b43613", "cd9884124884492086133dfad6156b7d8004cb189fef0e089a2b6129865ffc19", "e47dd4e61d7441fd7b9f1ad21dc1aafd9c03fdeb84db7a230c59b90d98a2841f", "ea32abddea0da67213ee9022c45e5554e6b0187a43ca224e743a848c4f45e3b7", "f9d8e319c20af4a7ee83929537cdbd49e0e27db8e08bef506dbb6d879d807252"], "path": "E:\\c731200"}, {"hashes": ["129bdda489f6349ec751d65c7ce8723941ed40d1ef1dd546371dccd597720ffc", "35752610b7219f53b5a5de2448f0a60175abe48204384ee55ac898dcb95dea66", "7e9b585b5bb50aec1f77132d85ac19cfcde0ff46341ceeb8dd17f558d111624a", "8a31b4848a103a3292bba78161cc402eee6b8d9e75b41258fc994411d2b9673f", "a7da8ed5b35cbf0ce2d235e2520d394186740963d0f4649e8ccb684653759f30", "b719a30f482e0c48982b91cc2575da1d57eedce245cac9844ada69722c4264f4", "b89daedb507a3beac6eca4e5065ffa9f1f50694f0cabeb8be1bc9a8970a49082", "c42dfe64f1735b6d4bfb09403d3456ff6138be8e58447f05028ddbbcf6b43613", "cd9884124884492086133dfad6156b7d8004cb189fef0e089a2b6129865ffc19", "e47dd4e61d7441fd7b9f1ad21dc1aafd9c03fdeb84db7a230c59b90d98a2841f", "ea32abddea0da67213ee9022c45e5554e6b0187a43ca224e743a848c4f45e3b7", "f9d8e319c20af4a7ee83929537cdbd49e0e27db8e08bef506dbb6d879d807252"], "path": "E:\\jsdrpAj.exe"}, {"hashes": ["129bdda489f6349ec751d65c7ce8723941ed40d1ef1dd546371dccd597720ffc", "35752610b7219f53b5a5de2448f0a60175abe48204384ee55ac898dcb95dea66", "7e9b585b5bb50aec1f77132d85ac19cfcde0ff46341ceeb8dd17f558d111624a", "8a31b4848a103a3292bba78161cc402eee6b8d9e75b41258fc994411d2b9673f", "a7da8ed5b35cbf0ce2d235e2520d394186740963d0f4649e8ccb684653759f30", "b719a30f482e0c48982b91cc2575da1d57eedce245cac9844ada69722c4264f4", "b89daedb507a3beac6eca4e5065ffa9f1f50694f0cabeb8be1bc9a8970a49082", "c42dfe64f1735b6d4bfb09403d3456ff6138be8e58447f05028ddbbcf6b43613", "cd9884124884492086133dfad6156b7d8004cb189fef0e089a2b6129865ffc19", "e47dd4e61d7441fd7b9f1ad21dc1aafd9c03fdeb84db7a230c59b90d98a2841f", "ea32abddea0da67213ee9022c45e5554e6b0187a43ca224e743a848c4f45e3b7", "f9d8e319c20af4a7ee83929537cdbd49e0e27db8e08bef506dbb6d879d807252"], "path": "%APPDATA%\\c731200"}, {"hashes": ["129bdda489f6349ec751d65c7ce8723941ed40d1ef1dd546371dccd597720ffc", "35752610b7219f53b5a5de2448f0a60175abe48204384ee55ac898dcb95dea66", "7e9b585b5bb50aec1f77132d85ac19cfcde0ff46341ceeb8dd17f558d111624a", "8a31b4848a103a3292bba78161cc402eee6b8d9e75b41258fc994411d2b9673f", "a7da8ed5b35cbf0ce2d235e2520d394186740963d0f4649e8ccb684653759f30", "b719a30f482e0c48982b91cc2575da1d57eedce245cac9844ada69722c4264f4", "b89daedb507a3beac6eca4e5065ffa9f1f50694f0cabeb8be1bc9a8970a49082", "c42dfe64f1735b6d4bfb09403d3456ff6138be8e58447f05028ddbbcf6b43613", "cd9884124884492086133dfad6156b7d8004cb189fef0e089a2b6129865ffc19", "e47dd4e61d7441fd7b9f1ad21dc1aafd9c03fdeb84db7a230c59b90d98a2841f", "ea32abddea0da67213ee9022c45e5554e6b0187a43ca224e743a848c4f45e3b7", "f9d8e319c20af4a7ee83929537cdbd49e0e27db8e08bef506dbb6d879d807252"], "path": "%TEMP%\\c731200"}, {"hashes": ["129bdda489f6349ec751d65c7ce8723941ed40d1ef1dd546371dccd597720ffc", "35752610b7219f53b5a5de2448f0a60175abe48204384ee55ac898dcb95dea66", "7e9b585b5bb50aec1f77132d85ac19cfcde0ff46341ceeb8dd17f558d111624a", "a7da8ed5b35cbf0ce2d235e2520d394186740963d0f4649e8ccb684653759f30", "b719a30f482e0c48982b91cc2575da1d57eedce245cac9844ada69722c4264f4", "b89daedb507a3beac6eca4e5065ffa9f1f50694f0cabeb8be1bc9a8970a49082", "c42dfe64f1735b6d4bfb09403d3456ff6138be8e58447f05028ddbbcf6b43613", "cd9884124884492086133dfad6156b7d8004cb189fef0e089a2b6129865ffc19", "e47dd4e61d7441fd7b9f1ad21dc1aafd9c03fdeb84db7a230c59b90d98a2841f", "ea32abddea0da67213ee9022c45e5554e6b0187a43ca224e743a848c4f45e3b7", "f9d8e319c20af4a7ee83929537cdbd49e0e27db8e08bef506dbb6d879d807252"], "path": "%TEMP%\\Adobe"}, {"hashes": ["129bdda489f6349ec751d65c7ce8723941ed40d1ef1dd546371dccd597720ffc", "35752610b7219f53b5a5de2448f0a60175abe48204384ee55ac898dcb95dea66", "7e9b585b5bb50aec1f77132d85ac19cfcde0ff46341ceeb8dd17f558d111624a", "a7da8ed5b35cbf0ce2d235e2520d394186740963d0f4649e8ccb684653759f30", "b719a30f482e0c48982b91cc2575da1d57eedce245cac9844ada69722c4264f4", "b89daedb507a3beac6eca4e5065ffa9f1f50694f0cabeb8be1bc9a8970a49082", "c42dfe64f1735b6d4bfb09403d3456ff6138be8e58447f05028ddbbcf6b43613", "cd9884124884492086133dfad6156b7d8004cb189fef0e089a2b6129865ffc19", "e47dd4e61d7441fd7b9f1ad21dc1aafd9c03fdeb84db7a230c59b90d98a2841f", "ea32abddea0da67213ee9022c45e5554e6b0187a43ca224e743a848c4f45e3b7", "f9d8e319c20af4a7ee83929537cdbd49e0e27db8e08bef506dbb6d879d807252"], "path": "%TEMP%\\Adobe\\Reader_sl.exe"}, {"hashes": ["129bdda489f6349ec751d65c7ce8723941ed40d1ef1dd546371dccd597720ffc", "35752610b7219f53b5a5de2448f0a60175abe48204384ee55ac898dcb95dea66", "7e9b585b5bb50aec1f77132d85ac19cfcde0ff46341ceeb8dd17f558d111624a", "a7da8ed5b35cbf0ce2d235e2520d394186740963d0f4649e8ccb684653759f30", "b719a30f482e0c48982b91cc2575da1d57eedce245cac9844ada69722c4264f4", "b89daedb507a3beac6eca4e5065ffa9f1f50694f0cabeb8be1bc9a8970a49082", "c42dfe64f1735b6d4bfb09403d3456ff6138be8e58447f05028ddbbcf6b43613", "cd9884124884492086133dfad6156b7d8004cb189fef0e089a2b6129865ffc19", "e47dd4e61d7441fd7b9f1ad21dc1aafd9c03fdeb84db7a230c59b90d98a2841f", "ea32abddea0da67213ee9022c45e5554e6b0187a43ca224e743a848c4f45e3b7", "f9d8e319c20af4a7ee83929537cdbd49e0e27db8e08bef506dbb6d879d807252"], "path": "%APPDATA%\\Identities\\Uoawaq.exe"}, {"hashes": ["580a08068b8283df49c7d47177f354794d2a0abbbf9774e81432ab5626db99cd", "b569fb0818fe4182279ce8c98a86e5be17caa84f17b296a2cf076af578526ad7", "baeadc69299f16afc9cddaf010a8dcec6e4ab739ea880d3f3f2e39dc5c4f1f6f", "bd68e7d7a9005e82fcf9ee806d780da54dcb12deee112b868e70c897eaae495e", "e30232cb5fe9d81f04d448df08ba8124278572cb9a26f623d103485e0a537c04"], "path": "\\RECYCLER"}, {"hashes": ["10362bfd9ff8f18e62e3820f517a90a157b6fa7a546a8c8f5f6130dfdd3de88b", "bcb99f7cd04b670f21c60f63ff3549197affb1efa90ec9c00702540d581fee7f", "f68c5d2b029a43c0a265012f51f77dc0ba6dd72a44c3457606a600a9b08359d1"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\StartUp\\cipher.lnk"}, {"hashes": ["10362bfd9ff8f18e62e3820f517a90a157b6fa7a546a8c8f5f6130dfdd3de88b", "bcb99f7cd04b670f21c60f63ff3549197affb1efa90ec9c00702540d581fee7f", "f68c5d2b029a43c0a265012f51f77dc0ba6dd72a44c3457606a600a9b08359d1"], "path": "%APPDATA%\\Microsoft\\Windows\\IEUpdate\\cipher.exe"}, {"hashes": ["7e77d51383f33f8a97f0a5d05fbe82c4d6d143bbae5a65f4866ead944cff3560", "aa3c2568af4df9ecf3b4f11a25d50996a0f6005cddd38388f1190d3db8acfd4e"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\StartUp\\xpsrchvw.lnk"}, {"hashes": ["072fa77729d844c920070ee8185d91d404c65892bd3ec3324473ad0155b68988", "437b4e98592df3aa97453cd91bc42554c4e7d22f57eb72acd30399aab9f8ed7e"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\StartUp\\wuapp.lnk"}, {"hashes": ["4e7b0a65c1c022ac01703abcd924b9430289ad2fd0739b4d840eb32dcaf63258", "71a988b2ace69974a4e85a98621b8782decdb5255ff499fb04fb69882cc54312"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\StartUp\\ntkrnlpa.lnk"}, {"hashes": ["00ec05a0fd4ccd413e28f89d1443089eda2e50becdc97e2b44a6e74c55d65fb8", "db9506aeffa9157c1e3a3f0a9852a96222d4b4c3b6937c2b1cb4ea5a10c2be4b"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\StartUp\\CertEnrollCtrl.lnk"}, {"hashes": ["1f159d6772407b57400c1d524b97415f66134673ffd8b07c0fe123addea75f90", "21ede0344d272a3a8a772dbdaadbacff83b522fcb01728965a8f29a4726358d9"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\StartUp\\PkgMgr.lnk"}, {"hashes": ["3bc94f387e5e1118773d9ab986039115bf9038f9262da84e0691ecb3334462aa", "af3ef5a49e1b5a7e2c0f099a0522ec94a8f520456d2631166f3ec0210d82d022"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\StartUp\\Dism.lnk"}, {"hashes": ["3bc94f387e5e1118773d9ab986039115bf9038f9262da84e0691ecb3334462aa", "af3ef5a49e1b5a7e2c0f099a0522ec94a8f520456d2631166f3ec0210d82d022"], "path": "%APPDATA%\\Microsoft\\Windows\\IEUpdate\\Dism.exe"}, {"hashes": ["c1935ad5839cafe73c88f081d513b45379190e02395d8022c702b7472374b710", "dc4e4a4900ac37937edeb3eae99d639bea6bac21ed34c54a9ab0b916fb556167"], "path": "%APPDATA%\\Microsoft\\Windows\\IEUpdate\\nslookup.exe"}, {"hashes": ["c1935ad5839cafe73c88f081d513b45379190e02395d8022c702b7472374b710", "dc4e4a4900ac37937edeb3eae99d639bea6bac21ed34c54a9ab0b916fb556167"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\StartUp\\nslookup.lnk"}, {"hashes": ["00ec05a0fd4ccd413e28f89d1443089eda2e50becdc97e2b44a6e74c55d65fb8", "db9506aeffa9157c1e3a3f0a9852a96222d4b4c3b6937c2b1cb4ea5a10c2be4b"], "path": "%APPDATA%\\Microsoft\\Windows\\IEUpdate\\CertEnrollCtrl.exe"}, {"hashes": ["7e77d51383f33f8a97f0a5d05fbe82c4d6d143bbae5a65f4866ead944cff3560", "aa3c2568af4df9ecf3b4f11a25d50996a0f6005cddd38388f1190d3db8acfd4e"], "path": "%APPDATA%\\Microsoft\\Windows\\IEUpdate\\xpsrchvw.exe"}, {"hashes": ["4e7b0a65c1c022ac01703abcd924b9430289ad2fd0739b4d840eb32dcaf63258", "71a988b2ace69974a4e85a98621b8782decdb5255ff499fb04fb69882cc54312"], "path": "%APPDATA%\\Microsoft\\Windows\\IEUpdate\\ntkrnlpa.exe"}, {"hashes": ["1f159d6772407b57400c1d524b97415f66134673ffd8b07c0fe123addea75f90", "21ede0344d272a3a8a772dbdaadbacff83b522fcb01728965a8f29a4726358d9"], "path": "%APPDATA%\\Microsoft\\Windows\\IEUpdate\\PkgMgr.exe"}, {"hashes": ["072fa77729d844c920070ee8185d91d404c65892bd3ec3324473ad0155b68988", "437b4e98592df3aa97453cd91bc42554c4e7d22f57eb72acd30399aab9f8ed7e"], "path": "%APPDATA%\\Microsoft\\Windows\\IEUpdate\\wuapp.exe"}, {"hashes": ["580a08068b8283df49c7d47177f354794d2a0abbbf9774e81432ab5626db99cd", "b569fb0818fe4182279ce8c98a86e5be17caa84f17b296a2cf076af578526ad7"], "path": "\\RECYCLER\\S-1-5-21-0243556031-888888379-781862338-166110941"}, {"hashes": ["580a08068b8283df49c7d47177f354794d2a0abbbf9774e81432ab5626db99cd", "b569fb0818fe4182279ce8c98a86e5be17caa84f17b296a2cf076af578526ad7"], "path": "\\RECYCLER\\S-1-5-21-0243556031-888888379-781862338-166110941\\Desktop.ini"}, {"hashes": ["580a08068b8283df49c7d47177f354794d2a0abbbf9774e81432ab5626db99cd", "b569fb0818fe4182279ce8c98a86e5be17caa84f17b296a2cf076af578526ad7"], "path": "\\RECYCLER\\S-1-5-21-0243556031-888888379-781862338-166110941\\z6106911.exe"}, {"hashes": ["bd68e7d7a9005e82fcf9ee806d780da54dcb12deee112b868e70c897eaae495e", "e30232cb5fe9d81f04d448df08ba8124278572cb9a26f623d103485e0a537c04"], "path": "\\RECYCLER\\S-1-5-21-0243556031-888888379-781862338-921171881"}, {"hashes": ["bd68e7d7a9005e82fcf9ee806d780da54dcb12deee112b868e70c897eaae495e", "e30232cb5fe9d81f04d448df08ba8124278572cb9a26f623d103485e0a537c04"], "path": "\\RECYCLER\\S-1-5-21-0243556031-888888379-781862338-921171881\\1873dq8.exe"}, {"hashes": ["bd68e7d7a9005e82fcf9ee806d780da54dcb12deee112b868e70c897eaae495e", "e30232cb5fe9d81f04d448df08ba8124278572cb9a26f623d103485e0a537c04"], "path": "\\RECYCLER\\S-1-5-21-0243556031-888888379-781862338-921171881\\Desktop.ini"}, {"hashes": ["5317f8a165ff205a65635eec691450948e7846ef1a70bca64b03ff4f8523cd97", "d83b387414319ce8d132672b5311c057852ff413683c0fe49d752bdb147237f8"], "path": "%TEMP%\\<random, matching '[a-z]{4,9}'>.exe"}, {"hashes": ["037e63fa3cfd335313e3cb78d14b0e0a779c4da19a7646d75403858a879d70f9"], "path": "\\$Recycle.Bin\\<User SID>\\$ast-S-1-5-21-2580483871-590521980-3826313501-500\\tfOc1LY0wOYAD6FA4uOgnU.dat"}, {"hashes": ["037e63fa3cfd335313e3cb78d14b0e0a779c4da19a7646d75403858a879d70f9"], "path": "%TEMP%\\tmpE33C.exe"}, {"hashes": ["3bcd9037e33d95aed6b24bc62ddcfcd5e0e33a88c067a068b3262b648f21b876"], "path": "%ProgramData%\\msxospssk.exe"}, {"hashes": ["baeadc69299f16afc9cddaf010a8dcec6e4ab739ea880d3f3f2e39dc5c4f1f6f"], "path": "\\RECYCLER\\S-1-5-21-0243556031-888888379-781862338-92111881\\183dq8.exe"}, {"hashes": ["baeadc69299f16afc9cddaf010a8dcec6e4ab739ea880d3f3f2e39dc5c4f1f6f"], "path": "\\RECYCLER\\S-1-5-21-0243556031-888888379-781862338-92111881\\Desktop.ini"}, {"hashes": ["37d74ffc805cb18b38b59dc6f1982e78ec5fb6d458373451779e23bd5f21e8c3"], "path": "%APPDATA%\\Igsafo\\gadu.exe"}, {"hashes": ["38b2606a56f63721f744eac093b50e2df5cd4b8cf6bef14ab4c8525a4b690255"], "path": "%SystemRoot%\\Fonts\\ODiH2.exe"}, {"hashes": ["38b2606a56f63721f744eac093b50e2df5cd4b8cf6bef14ab4c8525a4b690255"], "path": "%SystemRoot%\\SysWOW64\\ODiH2.exe"}, {"hashes": ["38b2606a56f63721f744eac093b50e2df5cd4b8cf6bef14ab4c8525a4b690255"], "path": "%LOCALAPPDATA%\\ODiH2.exe"}, {"hashes": ["654aa52ae3de9f6843f8b61c1344c884df121cf1fcb23848ab4d4c0079c370ef"], "path": "%LOCALAPPDATA%\\CrashDumps\\mpjhnbjw.exe"}, {"hashes": ["3ce95b260f730ebebc8cf735a23960164c98b4a542f7058b140e81ae9ad4baf7"], "path": "%TEMP%\\587079943.bat"}], "ip": [{"hashes": ["00ec05a0fd4ccd413e28f89d1443089eda2e50becdc97e2b44a6e74c55d65fb8", "037e63fa3cfd335313e3cb78d14b0e0a779c4da19a7646d75403858a879d70f9", "0529bd46932a20e14da07133bd2614e7f81ef08a6ad26764ef9d732dd4988e35", "060fb684fd152f2546906c5b85485c24d4e94c7b5e8b93458097d7014154ccc9", "06577101079df0a09060e0eb44b8c6eda8255f138ed3c5af2b669039567f51c5", "072fa77729d844c920070ee8185d91d404c65892bd3ec3324473ad0155b68988", "0f074c20be427e86895db557908d85e833b1c2b1a765ea17bf9d1dcd77aa1ad1", "0fd02c1cf5e471eccd229ab0534077e3dda91308acbaa6b4e8a15d4fc97b6b98", "0fd57d56f1a5aa99eb20e4d15a31363292ead1d949734cc54570c9bb3fd53d03", "10362bfd9ff8f18e62e3820f517a90a157b6fa7a546a8c8f5f6130dfdd3de88b", "1f159d6772407b57400c1d524b97415f66134673ffd8b07c0fe123addea75f90", "21ede0344d272a3a8a772dbdaadbacff83b522fcb01728965a8f29a4726358d9", "284e151ec6597ce6ccc0fb1848d44177bdb351ee0ad00b360014ea7ac5a31d84", "3445899a37c24d910f0f91f4a330c26054f3f0018b6c44fe619fe4887673786a", "3bc94f387e5e1118773d9ab986039115bf9038f9262da84e0691ecb3334462aa", "3ca55dfb0daf326b2f643596c081276febf119e8da00f9d7d027a877b9b143d0", "3d426b7064f1d2dd537433dd263cbc3f049f3a01261e4f1e93d9dbbd9689d3e4", "42ee13d14f840858d94c7e8712c75455bc6828b65d02d2c798f8e304348bd21d", "437b4e98592df3aa97453cd91bc42554c4e7d22f57eb72acd30399aab9f8ed7e", "478c99de0dcee5ab3da347112b287cdae59780f1cc2f5c5d01e646d8d927474d", "4e7b0a65c1c022ac01703abcd924b9430289ad2fd0739b4d840eb32dcaf63258", "514670325741ff21596e562511ff1e7ad12b7a627cdbeedc67b93ed44f3e732e", "5317f8a165ff205a65635eec691450948e7846ef1a70bca64b03ff4f8523cd97", "55cf600f0eac84ea1af8fcbb602d59e00498c86ae3b3221f63eb7506904e31e1", "64b287518fbff6bdf964537422e415bcb3435dc73fa98e767f6df01b8d092f5f", "6830b989159440052c7fb38c5a78edd1cf3574b33e9d4e25863a8280d7249b11", "6971cad8f0b8e9de3bb406ec10956e0ee095a47d127c7b245379fdd66cf5f32e", "6a38e36c3c79a10d84b1df2a28b6fc3c650bd2799b8ab2ce5e869ecf5e7ee92c", "71a988b2ace69974a4e85a98621b8782decdb5255ff499fb04fb69882cc54312", "7554e314af227056d5b542909815beb58fe0a2ca50b406d18e1263e04f5d91f3", "757fbdc22c3a597eb40bca8f50f71d0bc59d874bbadee0709a7d3d7631896626", "7a5307616f8987e9e9991b4b3b0c9a50daeb18947426bc010f3e043ae1ffe658", "7e77d51383f33f8a97f0a5d05fbe82c4d6d143bbae5a65f4866ead944cff3560", "8d96be2882017859c132e29135bfa8389fc518c7a8fa115987cb81ab8ee58399", "8df01a08896f45bf84ba3bfe6d0b1bf7539bc00a71794e4126502c1650cb593e", "91e17a189ddc9dfec52d8d36621c9e860b0dc025e2f77112196d0ecec2008332", "94281f5e13a94a424a2704cfd6f5db503f8fc1d8753edd7b88a1b72d2c9c75ef", "9a1c47f337e892d67effafa70018fe9cf0e56d0c51a019989a97245e75d0be3d", "9ee10a8a4ae234cda9f7c4d329142208d8b638269143be2ac4ea10071c21d0b5", "a98fb6e329c2046d296dccac5580f1bf2b8fd6186913deb9cddcafc09be0813c", "aa3c2568af4df9ecf3b4f11a25d50996a0f6005cddd38388f1190d3db8acfd4e", "af3ef5a49e1b5a7e2c0f099a0522ec94a8f520456d2631166f3ec0210d82d022", "b5e74f86d3d81801831504919301322a5bf66fbaad05153cb0d6607b0734131f", "bc225ff15a0644c18094284c4e502f3ecbddb86fed694631326856f0ed0164e7", "bcb99f7cd04b670f21c60f63ff3549197affb1efa90ec9c00702540d581fee7f", "c1935ad5839cafe73c88f081d513b45379190e02395d8022c702b7472374b710", "db9506aeffa9157c1e3a3f0a9852a96222d4b4c3b6937c2b1cb4ea5a10c2be4b", "dc4e4a4900ac37937edeb3eae99d639bea6bac21ed34c54a9ab0b916fb556167", "e51930227c1f303ca6b34fa94170d81f0512165ff7308526f5c68197f347e2cb", "ed9206075e59643ee7f26257e1acb9f53c1758fd53cdfa269e5323f686a1c5d3", "ef1b63884af89306dabf230b9c25410dac0c26c974083d1d2a0ddd2d201cd6a3", "f3efbedbcdf30498ed948c6bb1aec6107c76a95bd5000fb9b52766253bd6ee3d", "f68c5d2b029a43c0a265012f51f77dc0ba6dd72a44c3457606a600a9b08359d1", "fa023caa3aebd699466398bae8c709d826e5c1a14718c969688854f28936d07f"], "ip": "146[.]185[.]220[.]111"}, {"hashes": ["129bdda489f6349ec751d65c7ce8723941ed40d1ef1dd546371dccd597720ffc", "35752610b7219f53b5a5de2448f0a60175abe48204384ee55ac898dcb95dea66", "7e9b585b5bb50aec1f77132d85ac19cfcde0ff46341ceeb8dd17f558d111624a", "a7da8ed5b35cbf0ce2d235e2520d394186740963d0f4649e8ccb684653759f30", "b719a30f482e0c48982b91cc2575da1d57eedce245cac9844ada69722c4264f4", "b89daedb507a3beac6eca4e5065ffa9f1f50694f0cabeb8be1bc9a8970a49082", "c42dfe64f1735b6d4bfb09403d3456ff6138be8e58447f05028ddbbcf6b43613", "cd9884124884492086133dfad6156b7d8004cb189fef0e089a2b6129865ffc19", "e47dd4e61d7441fd7b9f1ad21dc1aafd9c03fdeb84db7a230c59b90d98a2841f", "ea32abddea0da67213ee9022c45e5554e6b0187a43ca224e743a848c4f45e3b7", "f9d8e319c20af4a7ee83929537cdbd49e0e27db8e08bef506dbb6d879d807252"], "ip": "199[.]2[.]137[.]29"}, {"hashes": ["060fb684fd152f2546906c5b85485c24d4e94c7b5e8b93458097d7014154ccc9", "0fd57d56f1a5aa99eb20e4d15a31363292ead1d949734cc54570c9bb3fd53d03", "3445899a37c24d910f0f91f4a330c26054f3f0018b6c44fe619fe4887673786a", "437b4e98592df3aa97453cd91bc42554c4e7d22f57eb72acd30399aab9f8ed7e", "64b287518fbff6bdf964537422e415bcb3435dc73fa98e767f6df01b8d092f5f", "6971cad8f0b8e9de3bb406ec10956e0ee095a47d127c7b245379fdd66cf5f32e", "9ee10a8a4ae234cda9f7c4d329142208d8b638269143be2ac4ea10071c21d0b5", "bc225ff15a0644c18094284c4e502f3ecbddb86fed694631326856f0ed0164e7", "fa023caa3aebd699466398bae8c709d826e5c1a14718c969688854f28936d07f"], "ip": "94[.]220[.]232[.]237"}, {"hashes": ["3bc94f387e5e1118773d9ab986039115bf9038f9262da84e0691ecb3334462aa", "42ee13d14f840858d94c7e8712c75455bc6828b65d02d2c798f8e304348bd21d", "478c99de0dcee5ab3da347112b287cdae59780f1cc2f5c5d01e646d8d927474d", "64b287518fbff6bdf964537422e415bcb3435dc73fa98e767f6df01b8d092f5f", "7554e314af227056d5b542909815beb58fe0a2ca50b406d18e1263e04f5d91f3", "8df01a08896f45bf84ba3bfe6d0b1bf7539bc00a71794e4126502c1650cb593e", "ef1b63884af89306dabf230b9c25410dac0c26c974083d1d2a0ddd2d201cd6a3"], "ip": "37[.]143[.]193[.]119"}, {"hashes": ["037e63fa3cfd335313e3cb78d14b0e0a779c4da19a7646d75403858a879d70f9", "3445899a37c24d910f0f91f4a330c26054f3f0018b6c44fe619fe4887673786a", "437b4e98592df3aa97453cd91bc42554c4e7d22f57eb72acd30399aab9f8ed7e", "55cf600f0eac84ea1af8fcbb602d59e00498c86ae3b3221f63eb7506904e31e1", "6830b989159440052c7fb38c5a78edd1cf3574b33e9d4e25863a8280d7249b11", "7e77d51383f33f8a97f0a5d05fbe82c4d6d143bbae5a65f4866ead944cff3560", "bc225ff15a0644c18094284c4e502f3ecbddb86fed694631326856f0ed0164e7"], "ip": "72[.]12[.]192[.]41"}, {"hashes": ["0fd02c1cf5e471eccd229ab0534077e3dda91308acbaa6b4e8a15d4fc97b6b98", "284e151ec6597ce6ccc0fb1848d44177bdb351ee0ad00b360014ea7ac5a31d84", "478c99de0dcee5ab3da347112b287cdae59780f1cc2f5c5d01e646d8d927474d", "8df01a08896f45bf84ba3bfe6d0b1bf7539bc00a71794e4126502c1650cb593e", "aa3c2568af4df9ecf3b4f11a25d50996a0f6005cddd38388f1190d3db8acfd4e", "b5e74f86d3d81801831504919301322a5bf66fbaad05153cb0d6607b0734131f", "f3efbedbcdf30498ed948c6bb1aec6107c76a95bd5000fb9b52766253bd6ee3d"], "ip": "37[.]49[.]224[.]80"}, {"hashes": ["037e63fa3cfd335313e3cb78d14b0e0a779c4da19a7646d75403858a879d70f9", "06577101079df0a09060e0eb44b8c6eda8255f138ed3c5af2b669039567f51c5", "1f159d6772407b57400c1d524b97415f66134673ffd8b07c0fe123addea75f90", "437b4e98592df3aa97453cd91bc42554c4e7d22f57eb72acd30399aab9f8ed7e", "478c99de0dcee5ab3da347112b287cdae59780f1cc2f5c5d01e646d8d927474d", "55cf600f0eac84ea1af8fcbb602d59e00498c86ae3b3221f63eb7506904e31e1", "dc4e4a4900ac37937edeb3eae99d639bea6bac21ed34c54a9ab0b916fb556167"], "ip": "74[.]242[.]165[.]171"}, {"hashes": ["060fb684fd152f2546906c5b85485c24d4e94c7b5e8b93458097d7014154ccc9", "3bc94f387e5e1118773d9ab986039115bf9038f9262da84e0691ecb3334462aa", "478c99de0dcee5ab3da347112b287cdae59780f1cc2f5c5d01e646d8d927474d", "4e7b0a65c1c022ac01703abcd924b9430289ad2fd0739b4d840eb32dcaf63258", "aa3c2568af4df9ecf3b4f11a25d50996a0f6005cddd38388f1190d3db8acfd4e", "b5e74f86d3d81801831504919301322a5bf66fbaad05153cb0d6607b0734131f"], "ip": "132[.]206[.]107[.]8"}, {"hashes": ["284e151ec6597ce6ccc0fb1848d44177bdb351ee0ad00b360014ea7ac5a31d84", "71a988b2ace69974a4e85a98621b8782decdb5255ff499fb04fb69882cc54312", "7a5307616f8987e9e9991b4b3b0c9a50daeb18947426bc010f3e043ae1ffe658", "8d96be2882017859c132e29135bfa8389fc518c7a8fa115987cb81ab8ee58399", "aa3c2568af4df9ecf3b4f11a25d50996a0f6005cddd38388f1190d3db8acfd4e", "ef1b63884af89306dabf230b9c25410dac0c26c974083d1d2a0ddd2d201cd6a3"], "ip": "122[.]133[.]88[.]223"}, {"hashes": ["284e151ec6597ce6ccc0fb1848d44177bdb351ee0ad00b360014ea7ac5a31d84", "3d426b7064f1d2dd537433dd263cbc3f049f3a01261e4f1e93d9dbbd9689d3e4", "478c99de0dcee5ab3da347112b287cdae59780f1cc2f5c5d01e646d8d927474d", "7554e314af227056d5b542909815beb58fe0a2ca50b406d18e1263e04f5d91f3", "b5e74f86d3d81801831504919301322a5bf66fbaad05153cb0d6607b0734131f", "c1935ad5839cafe73c88f081d513b45379190e02395d8022c702b7472374b710"], "ip": "219[.]66[.]179[.]33"}, {"hashes": ["037e63fa3cfd335313e3cb78d14b0e0a779c4da19a7646d75403858a879d70f9", "060fb684fd152f2546906c5b85485c24d4e94c7b5e8b93458097d7014154ccc9", "0fd02c1cf5e471eccd229ab0534077e3dda91308acbaa6b4e8a15d4fc97b6b98", "3bc94f387e5e1118773d9ab986039115bf9038f9262da84e0691ecb3334462aa", "437b4e98592df3aa97453cd91bc42554c4e7d22f57eb72acd30399aab9f8ed7e", "f68c5d2b029a43c0a265012f51f77dc0ba6dd72a44c3457606a600a9b08359d1"], "ip": "99[.]198[.]64[.]149"}, {"hashes": ["757fbdc22c3a597eb40bca8f50f71d0bc59d874bbadee0709a7d3d7631896626", "91e17a189ddc9dfec52d8d36621c9e860b0dc025e2f77112196d0ecec2008332", "aa3c2568af4df9ecf3b4f11a25d50996a0f6005cddd38388f1190d3db8acfd4e", "b5e74f86d3d81801831504919301322a5bf66fbaad05153cb0d6607b0734131f", "c1935ad5839cafe73c88f081d513b45379190e02395d8022c702b7472374b710", "dc4e4a4900ac37937edeb3eae99d639bea6bac21ed34c54a9ab0b916fb556167"], "ip": "173[.]16[.]22[.]29"}, {"hashes": ["06577101079df0a09060e0eb44b8c6eda8255f138ed3c5af2b669039567f51c5", "3d426b7064f1d2dd537433dd263cbc3f049f3a01261e4f1e93d9dbbd9689d3e4", "514670325741ff21596e562511ff1e7ad12b7a627cdbeedc67b93ed44f3e732e", "8d96be2882017859c132e29135bfa8389fc518c7a8fa115987cb81ab8ee58399", "8df01a08896f45bf84ba3bfe6d0b1bf7539bc00a71794e4126502c1650cb593e", "9a1c47f337e892d67effafa70018fe9cf0e56d0c51a019989a97245e75d0be3d"], "ip": "68[.]41[.]230[.]151"}, {"hashes": ["21ede0344d272a3a8a772dbdaadbacff83b522fcb01728965a8f29a4726358d9", "514670325741ff21596e562511ff1e7ad12b7a627cdbeedc67b93ed44f3e732e", "757fbdc22c3a597eb40bca8f50f71d0bc59d874bbadee0709a7d3d7631896626", "91e17a189ddc9dfec52d8d36621c9e860b0dc025e2f77112196d0ecec2008332", "ef1b63884af89306dabf230b9c25410dac0c26c974083d1d2a0ddd2d201cd6a3", "f68c5d2b029a43c0a265012f51f77dc0ba6dd72a44c3457606a600a9b08359d1"], "ip": "72[.]195[.]181[.]32"}, {"hashes": ["1f159d6772407b57400c1d524b97415f66134673ffd8b07c0fe123addea75f90", "478c99de0dcee5ab3da347112b287cdae59780f1cc2f5c5d01e646d8d927474d", "4e7b0a65c1c022ac01703abcd924b9430289ad2fd0739b4d840eb32dcaf63258", "7554e314af227056d5b542909815beb58fe0a2ca50b406d18e1263e04f5d91f3", "b5e74f86d3d81801831504919301322a5bf66fbaad05153cb0d6607b0734131f", "db9506aeffa9157c1e3a3f0a9852a96222d4b4c3b6937c2b1cb4ea5a10c2be4b"], "ip": "190[.]105[.]70[.]165"}, {"hashes": ["0fd57d56f1a5aa99eb20e4d15a31363292ead1d949734cc54570c9bb3fd53d03", "21ede0344d272a3a8a772dbdaadbacff83b522fcb01728965a8f29a4726358d9", "3ca55dfb0daf326b2f643596c081276febf119e8da00f9d7d027a877b9b143d0", "91e17a189ddc9dfec52d8d36621c9e860b0dc025e2f77112196d0ecec2008332", "ef1b63884af89306dabf230b9c25410dac0c26c974083d1d2a0ddd2d201cd6a3", "fa023caa3aebd699466398bae8c709d826e5c1a14718c969688854f28936d07f"], "ip": "150[.]107[.]214[.]94"}, {"hashes": ["06577101079df0a09060e0eb44b8c6eda8255f138ed3c5af2b669039567f51c5", "072fa77729d844c920070ee8185d91d404c65892bd3ec3324473ad0155b68988", "0f074c20be427e86895db557908d85e833b1c2b1a765ea17bf9d1dcd77aa1ad1", "7554e314af227056d5b542909815beb58fe0a2ca50b406d18e1263e04f5d91f3", "a98fb6e329c2046d296dccac5580f1bf2b8fd6186913deb9cddcafc09be0813c", "bcb99f7cd04b670f21c60f63ff3549197affb1efa90ec9c00702540d581fee7f"], "ip": "221[.]154[.]138[.]182"}, {"hashes": ["478c99de0dcee5ab3da347112b287cdae59780f1cc2f5c5d01e646d8d927474d", "4e7b0a65c1c022ac01703abcd924b9430289ad2fd0739b4d840eb32dcaf63258", "6830b989159440052c7fb38c5a78edd1cf3574b33e9d4e25863a8280d7249b11", "8d96be2882017859c132e29135bfa8389fc518c7a8fa115987cb81ab8ee58399", "9ee10a8a4ae234cda9f7c4d329142208d8b638269143be2ac4ea10071c21d0b5", "bcb99f7cd04b670f21c60f63ff3549197affb1efa90ec9c00702540d581fee7f"], "ip": "186[.]10[.]71[.]45"}, {"hashes": ["037e63fa3cfd335313e3cb78d14b0e0a779c4da19a7646d75403858a879d70f9", "072fa77729d844c920070ee8185d91d404c65892bd3ec3324473ad0155b68988", "1f159d6772407b57400c1d524b97415f66134673ffd8b07c0fe123addea75f90", "55cf600f0eac84ea1af8fcbb602d59e00498c86ae3b3221f63eb7506904e31e1", "6830b989159440052c7fb38c5a78edd1cf3574b33e9d4e25863a8280d7249b11", "8df01a08896f45bf84ba3bfe6d0b1bf7539bc00a71794e4126502c1650cb593e"], "ip": "138[.]130[.]68[.]113"}, {"hashes": ["0fd57d56f1a5aa99eb20e4d15a31363292ead1d949734cc54570c9bb3fd53d03", "21ede0344d272a3a8a772dbdaadbacff83b522fcb01728965a8f29a4726358d9", "64b287518fbff6bdf964537422e415bcb3435dc73fa98e767f6df01b8d092f5f", "8df01a08896f45bf84ba3bfe6d0b1bf7539bc00a71794e4126502c1650cb593e", "ef1b63884af89306dabf230b9c25410dac0c26c974083d1d2a0ddd2d201cd6a3"], "ip": "182[.]74[.]9[.]51"}, {"hashes": ["3d426b7064f1d2dd537433dd263cbc3f049f3a01261e4f1e93d9dbbd9689d3e4", "8d96be2882017859c132e29135bfa8389fc518c7a8fa115987cb81ab8ee58399", "a98fb6e329c2046d296dccac5580f1bf2b8fd6186913deb9cddcafc09be0813c", "c1935ad5839cafe73c88f081d513b45379190e02395d8022c702b7472374b710", "db9506aeffa9157c1e3a3f0a9852a96222d4b4c3b6937c2b1cb4ea5a10c2be4b"], "ip": "60[.]62[.]134[.]208"}, {"hashes": ["3ca55dfb0daf326b2f643596c081276febf119e8da00f9d7d027a877b9b143d0", "437b4e98592df3aa97453cd91bc42554c4e7d22f57eb72acd30399aab9f8ed7e", "6971cad8f0b8e9de3bb406ec10956e0ee095a47d127c7b245379fdd66cf5f32e", "af3ef5a49e1b5a7e2c0f099a0522ec94a8f520456d2631166f3ec0210d82d022", "ef1b63884af89306dabf230b9c25410dac0c26c974083d1d2a0ddd2d201cd6a3"], "ip": "217[.]117[.]7[.]115"}, {"hashes": ["3d426b7064f1d2dd537433dd263cbc3f049f3a01261e4f1e93d9dbbd9689d3e4", "437b4e98592df3aa97453cd91bc42554c4e7d22f57eb72acd30399aab9f8ed7e", "5317f8a165ff205a65635eec691450948e7846ef1a70bca64b03ff4f8523cd97", "6971cad8f0b8e9de3bb406ec10956e0ee095a47d127c7b245379fdd66cf5f32e", "bcb99f7cd04b670f21c60f63ff3549197affb1efa90ec9c00702540d581fee7f"], "ip": "172[.]242[.]113[.]103"}, {"hashes": ["060fb684fd152f2546906c5b85485c24d4e94c7b5e8b93458097d7014154ccc9", "437b4e98592df3aa97453cd91bc42554c4e7d22f57eb72acd30399aab9f8ed7e", "514670325741ff21596e562511ff1e7ad12b7a627cdbeedc67b93ed44f3e732e", "6a38e36c3c79a10d84b1df2a28b6fc3c650bd2799b8ab2ce5e869ecf5e7ee92c", "8d96be2882017859c132e29135bfa8389fc518c7a8fa115987cb81ab8ee58399"], "ip": "75[.]105[.]52[.]218"}, {"hashes": ["42ee13d14f840858d94c7e8712c75455bc6828b65d02d2c798f8e304348bd21d", "478c99de0dcee5ab3da347112b287cdae59780f1cc2f5c5d01e646d8d927474d", "5317f8a165ff205a65635eec691450948e7846ef1a70bca64b03ff4f8523cd97", "9a1c47f337e892d67effafa70018fe9cf0e56d0c51a019989a97245e75d0be3d", "fa023caa3aebd699466398bae8c709d826e5c1a14718c969688854f28936d07f"], "ip": "114[.]35[.]114[.]129"}, {"hashes": ["037e63fa3cfd335313e3cb78d14b0e0a779c4da19a7646d75403858a879d70f9", "0529bd46932a20e14da07133bd2614e7f81ef08a6ad26764ef9d732dd4988e35", "6a38e36c3c79a10d84b1df2a28b6fc3c650bd2799b8ab2ce5e869ecf5e7ee92c", "8d96be2882017859c132e29135bfa8389fc518c7a8fa115987cb81ab8ee58399", "ef1b63884af89306dabf230b9c25410dac0c26c974083d1d2a0ddd2d201cd6a3"], "ip": "98[.]249[.]114[.]42"}, {"hashes": ["06577101079df0a09060e0eb44b8c6eda8255f138ed3c5af2b669039567f51c5", "10362bfd9ff8f18e62e3820f517a90a157b6fa7a546a8c8f5f6130dfdd3de88b", "3ca55dfb0daf326b2f643596c081276febf119e8da00f9d7d027a877b9b143d0", "437b4e98592df3aa97453cd91bc42554c4e7d22f57eb72acd30399aab9f8ed7e", "7554e314af227056d5b542909815beb58fe0a2ca50b406d18e1263e04f5d91f3"], "ip": "202[.]57[.]10[.]53"}, {"hashes": ["10362bfd9ff8f18e62e3820f517a90a157b6fa7a546a8c8f5f6130dfdd3de88b", "284e151ec6597ce6ccc0fb1848d44177bdb351ee0ad00b360014ea7ac5a31d84", "8d96be2882017859c132e29135bfa8389fc518c7a8fa115987cb81ab8ee58399", "9a1c47f337e892d67effafa70018fe9cf0e56d0c51a019989a97245e75d0be3d", "aa3c2568af4df9ecf3b4f11a25d50996a0f6005cddd38388f1190d3db8acfd4e"], "ip": "67[.]158[.]166[.]125"}, {"hashes": ["00ec05a0fd4ccd413e28f89d1443089eda2e50becdc97e2b44a6e74c55d65fb8", "0fd57d56f1a5aa99eb20e4d15a31363292ead1d949734cc54570c9bb3fd53d03", "514670325741ff21596e562511ff1e7ad12b7a627cdbeedc67b93ed44f3e732e", "6a38e36c3c79a10d84b1df2a28b6fc3c650bd2799b8ab2ce5e869ecf5e7ee92c", "aa3c2568af4df9ecf3b4f11a25d50996a0f6005cddd38388f1190d3db8acfd4e"], "ip": "67[.]242[.]0[.]27"}, {"hashes": ["21ede0344d272a3a8a772dbdaadbacff83b522fcb01728965a8f29a4726358d9", "3d426b7064f1d2dd537433dd263cbc3f049f3a01261e4f1e93d9dbbd9689d3e4", "7a5307616f8987e9e9991b4b3b0c9a50daeb18947426bc010f3e043ae1ffe658", "af3ef5a49e1b5a7e2c0f099a0522ec94a8f520456d2631166f3ec0210d82d022", "bcb99f7cd04b670f21c60f63ff3549197affb1efa90ec9c00702540d581fee7f"], "ip": "172[.]243[.]197[.]237"}, {"hashes": ["0f074c20be427e86895db557908d85e833b1c2b1a765ea17bf9d1dcd77aa1ad1", "284e151ec6597ce6ccc0fb1848d44177bdb351ee0ad00b360014ea7ac5a31d84", "7554e314af227056d5b542909815beb58fe0a2ca50b406d18e1263e04f5d91f3", "9a1c47f337e892d67effafa70018fe9cf0e56d0c51a019989a97245e75d0be3d", "dc4e4a4900ac37937edeb3eae99d639bea6bac21ed34c54a9ab0b916fb556167"], "ip": "217[.]23[.]11[.]180"}, {"hashes": ["060fb684fd152f2546906c5b85485c24d4e94c7b5e8b93458097d7014154ccc9", "21ede0344d272a3a8a772dbdaadbacff83b522fcb01728965a8f29a4726358d9", "9a1c47f337e892d67effafa70018fe9cf0e56d0c51a019989a97245e75d0be3d", "c1935ad5839cafe73c88f081d513b45379190e02395d8022c702b7472374b710", "dc4e4a4900ac37937edeb3eae99d639bea6bac21ed34c54a9ab0b916fb556167"], "ip": "76[.]177[.]184[.]239"}, {"hashes": ["060fb684fd152f2546906c5b85485c24d4e94c7b5e8b93458097d7014154ccc9", "0fd02c1cf5e471eccd229ab0534077e3dda91308acbaa6b4e8a15d4fc97b6b98", "0fd57d56f1a5aa99eb20e4d15a31363292ead1d949734cc54570c9bb3fd53d03", "3bc94f387e5e1118773d9ab986039115bf9038f9262da84e0691ecb3334462aa", "bcb99f7cd04b670f21c60f63ff3549197affb1efa90ec9c00702540d581fee7f"], "ip": "79[.]116[.]249[.]155"}, {"hashes": ["00ec05a0fd4ccd413e28f89d1443089eda2e50becdc97e2b44a6e74c55d65fb8", "3ca55dfb0daf326b2f643596c081276febf119e8da00f9d7d027a877b9b143d0", "64b287518fbff6bdf964537422e415bcb3435dc73fa98e767f6df01b8d092f5f", "dc4e4a4900ac37937edeb3eae99d639bea6bac21ed34c54a9ab0b916fb556167", "f68c5d2b029a43c0a265012f51f77dc0ba6dd72a44c3457606a600a9b08359d1"], "ip": "1[.]168[.]203[.]177"}, {"hashes": ["0529bd46932a20e14da07133bd2614e7f81ef08a6ad26764ef9d732dd4988e35", "10362bfd9ff8f18e62e3820f517a90a157b6fa7a546a8c8f5f6130dfdd3de88b", "4e7b0a65c1c022ac01703abcd924b9430289ad2fd0739b4d840eb32dcaf63258", "514670325741ff21596e562511ff1e7ad12b7a627cdbeedc67b93ed44f3e732e", "ef1b63884af89306dabf230b9c25410dac0c26c974083d1d2a0ddd2d201cd6a3"], "ip": "91[.]66[.]102[.]153"}, {"hashes": ["0529bd46932a20e14da07133bd2614e7f81ef08a6ad26764ef9d732dd4988e35", "3bc94f387e5e1118773d9ab986039115bf9038f9262da84e0691ecb3334462aa", "6830b989159440052c7fb38c5a78edd1cf3574b33e9d4e25863a8280d7249b11", "9a1c47f337e892d67effafa70018fe9cf0e56d0c51a019989a97245e75d0be3d", "ef1b63884af89306dabf230b9c25410dac0c26c974083d1d2a0ddd2d201cd6a3"], "ip": "67[.]82[.]83[.]27"}, {"hashes": ["3bc94f387e5e1118773d9ab986039115bf9038f9262da84e0691ecb3334462aa", "6830b989159440052c7fb38c5a78edd1cf3574b33e9d4e25863a8280d7249b11", "6971cad8f0b8e9de3bb406ec10956e0ee095a47d127c7b245379fdd66cf5f32e", "9ee10a8a4ae234cda9f7c4d329142208d8b638269143be2ac4ea10071c21d0b5", "af3ef5a49e1b5a7e2c0f099a0522ec94a8f520456d2631166f3ec0210d82d022"], "ip": "85[.]86[.]71[.]34"}, {"hashes": ["0f074c20be427e86895db557908d85e833b1c2b1a765ea17bf9d1dcd77aa1ad1", "478c99de0dcee5ab3da347112b287cdae59780f1cc2f5c5d01e646d8d927474d", "6971cad8f0b8e9de3bb406ec10956e0ee095a47d127c7b245379fdd66cf5f32e", "91e17a189ddc9dfec52d8d36621c9e860b0dc025e2f77112196d0ecec2008332", "a98fb6e329c2046d296dccac5580f1bf2b8fd6186913deb9cddcafc09be0813c"], "ip": "72[.]85[.]246[.]251"}, {"hashes": ["0529bd46932a20e14da07133bd2614e7f81ef08a6ad26764ef9d732dd4988e35", "514670325741ff21596e562511ff1e7ad12b7a627cdbeedc67b93ed44f3e732e", "6830b989159440052c7fb38c5a78edd1cf3574b33e9d4e25863a8280d7249b11", "7554e314af227056d5b542909815beb58fe0a2ca50b406d18e1263e04f5d91f3", "e51930227c1f303ca6b34fa94170d81f0512165ff7308526f5c68197f347e2cb"], "ip": "59[.]171[.]10[.]110"}, {"hashes": ["037e63fa3cfd335313e3cb78d14b0e0a779c4da19a7646d75403858a879d70f9", "9a1c47f337e892d67effafa70018fe9cf0e56d0c51a019989a97245e75d0be3d", "bcb99f7cd04b670f21c60f63ff3549197affb1efa90ec9c00702540d581fee7f", "c1935ad5839cafe73c88f081d513b45379190e02395d8022c702b7472374b710", "fa023caa3aebd699466398bae8c709d826e5c1a14718c969688854f28936d07f"], "ip": "174[.]113[.]170[.]84"}, {"hashes": ["514670325741ff21596e562511ff1e7ad12b7a627cdbeedc67b93ed44f3e732e", "55cf600f0eac84ea1af8fcbb602d59e00498c86ae3b3221f63eb7506904e31e1", "71a988b2ace69974a4e85a98621b8782decdb5255ff499fb04fb69882cc54312", "bcb99f7cd04b670f21c60f63ff3549197affb1efa90ec9c00702540d581fee7f", "ef1b63884af89306dabf230b9c25410dac0c26c974083d1d2a0ddd2d201cd6a3"], "ip": "182[.]74[.]119[.]182"}, {"hashes": ["0f074c20be427e86895db557908d85e833b1c2b1a765ea17bf9d1dcd77aa1ad1", "6830b989159440052c7fb38c5a78edd1cf3574b33e9d4e25863a8280d7249b11", "6a38e36c3c79a10d84b1df2a28b6fc3c650bd2799b8ab2ce5e869ecf5e7ee92c", "71a988b2ace69974a4e85a98621b8782decdb5255ff499fb04fb69882cc54312", "f68c5d2b029a43c0a265012f51f77dc0ba6dd72a44c3457606a600a9b08359d1"], "ip": "59[.]171[.]32[.]22"}, {"hashes": ["0f074c20be427e86895db557908d85e833b1c2b1a765ea17bf9d1dcd77aa1ad1", "6830b989159440052c7fb38c5a78edd1cf3574b33e9d4e25863a8280d7249b11", "9a1c47f337e892d67effafa70018fe9cf0e56d0c51a019989a97245e75d0be3d", "f68c5d2b029a43c0a265012f51f77dc0ba6dd72a44c3457606a600a9b08359d1", "fa023caa3aebd699466398bae8c709d826e5c1a14718c969688854f28936d07f"], "ip": "122[.]26[.]79[.]151"}, {"hashes": ["3445899a37c24d910f0f91f4a330c26054f3f0018b6c44fe619fe4887673786a", "55cf600f0eac84ea1af8fcbb602d59e00498c86ae3b3221f63eb7506904e31e1", "7a5307616f8987e9e9991b4b3b0c9a50daeb18947426bc010f3e043ae1ffe658", "dc4e4a4900ac37937edeb3eae99d639bea6bac21ed34c54a9ab0b916fb556167"], "ip": "24[.]121[.]9[.]167"}, {"hashes": ["072fa77729d844c920070ee8185d91d404c65892bd3ec3324473ad0155b68988", "7a5307616f8987e9e9991b4b3b0c9a50daeb18947426bc010f3e043ae1ffe658", "dc4e4a4900ac37937edeb3eae99d639bea6bac21ed34c54a9ab0b916fb556167", "f68c5d2b029a43c0a265012f51f77dc0ba6dd72a44c3457606a600a9b08359d1"], "ip": "108[.]184[.]119[.]207"}, {"hashes": ["0f074c20be427e86895db557908d85e833b1c2b1a765ea17bf9d1dcd77aa1ad1", "514670325741ff21596e562511ff1e7ad12b7a627cdbeedc67b93ed44f3e732e", "6971cad8f0b8e9de3bb406ec10956e0ee095a47d127c7b245379fdd66cf5f32e", "ef1b63884af89306dabf230b9c25410dac0c26c974083d1d2a0ddd2d201cd6a3"], "ip": "129[.]24[.]2[.]67"}, {"hashes": ["072fa77729d844c920070ee8185d91d404c65892bd3ec3324473ad0155b68988", "64b287518fbff6bdf964537422e415bcb3435dc73fa98e767f6df01b8d092f5f", "8d96be2882017859c132e29135bfa8389fc518c7a8fa115987cb81ab8ee58399", "bcb99f7cd04b670f21c60f63ff3549197affb1efa90ec9c00702540d581fee7f"], "ip": "111[.]243[.]33[.]118"}, {"hashes": ["072fa77729d844c920070ee8185d91d404c65892bd3ec3324473ad0155b68988", "1f159d6772407b57400c1d524b97415f66134673ffd8b07c0fe123addea75f90", "f3efbedbcdf30498ed948c6bb1aec6107c76a95bd5000fb9b52766253bd6ee3d", "fa023caa3aebd699466398bae8c709d826e5c1a14718c969688854f28936d07f"], "ip": "98[.]206[.]145[.]217"}, {"hashes": ["8df01a08896f45bf84ba3bfe6d0b1bf7539bc00a71794e4126502c1650cb593e", "bcb99f7cd04b670f21c60f63ff3549197affb1efa90ec9c00702540d581fee7f", "db9506aeffa9157c1e3a3f0a9852a96222d4b4c3b6937c2b1cb4ea5a10c2be4b", "ed9206075e59643ee7f26257e1acb9f53c1758fd53cdfa269e5323f686a1c5d3"], "ip": "175[.]213[.]187[.]25"}, {"hashes": ["1f159d6772407b57400c1d524b97415f66134673ffd8b07c0fe123addea75f90", "a98fb6e329c2046d296dccac5580f1bf2b8fd6186913deb9cddcafc09be0813c", "db9506aeffa9157c1e3a3f0a9852a96222d4b4c3b6937c2b1cb4ea5a10c2be4b", "ed9206075e59643ee7f26257e1acb9f53c1758fd53cdfa269e5323f686a1c5d3"], "ip": "89[.]32[.]219[.]165"}], "mutex": [{"hashes": ["00ec05a0fd4ccd413e28f89d1443089eda2e50becdc97e2b44a6e74c55d65fb8", "037e63fa3cfd335313e3cb78d14b0e0a779c4da19a7646d75403858a879d70f9", "0529bd46932a20e14da07133bd2614e7f81ef08a6ad26764ef9d732dd4988e35", "060fb684fd152f2546906c5b85485c24d4e94c7b5e8b93458097d7014154ccc9", "06577101079df0a09060e0eb44b8c6eda8255f138ed3c5af2b669039567f51c5", "072fa77729d844c920070ee8185d91d404c65892bd3ec3324473ad0155b68988", "0f074c20be427e86895db557908d85e833b1c2b1a765ea17bf9d1dcd77aa1ad1", "0fd02c1cf5e471eccd229ab0534077e3dda91308acbaa6b4e8a15d4fc97b6b98", "0fd57d56f1a5aa99eb20e4d15a31363292ead1d949734cc54570c9bb3fd53d03", "10362bfd9ff8f18e62e3820f517a90a157b6fa7a546a8c8f5f6130dfdd3de88b", "1f159d6772407b57400c1d524b97415f66134673ffd8b07c0fe123addea75f90", "21ede0344d272a3a8a772dbdaadbacff83b522fcb01728965a8f29a4726358d9", "284e151ec6597ce6ccc0fb1848d44177bdb351ee0ad00b360014ea7ac5a31d84", "3445899a37c24d910f0f91f4a330c26054f3f0018b6c44fe619fe4887673786a", "3bc94f387e5e1118773d9ab986039115bf9038f9262da84e0691ecb3334462aa", "3ca55dfb0daf326b2f643596c081276febf119e8da00f9d7d027a877b9b143d0", "3d426b7064f1d2dd537433dd263cbc3f049f3a01261e4f1e93d9dbbd9689d3e4", "42ee13d14f840858d94c7e8712c75455bc6828b65d02d2c798f8e304348bd21d", "437b4e98592df3aa97453cd91bc42554c4e7d22f57eb72acd30399aab9f8ed7e", "478c99de0dcee5ab3da347112b287cdae59780f1cc2f5c5d01e646d8d927474d", "4e7b0a65c1c022ac01703abcd924b9430289ad2fd0739b4d840eb32dcaf63258", "514670325741ff21596e562511ff1e7ad12b7a627cdbeedc67b93ed44f3e732e", "5317f8a165ff205a65635eec691450948e7846ef1a70bca64b03ff4f8523cd97", "55cf600f0eac84ea1af8fcbb602d59e00498c86ae3b3221f63eb7506904e31e1", "64b287518fbff6bdf964537422e415bcb3435dc73fa98e767f6df01b8d092f5f", "6830b989159440052c7fb38c5a78edd1cf3574b33e9d4e25863a8280d7249b11", "6971cad8f0b8e9de3bb406ec10956e0ee095a47d127c7b245379fdd66cf5f32e", "6a38e36c3c79a10d84b1df2a28b6fc3c650bd2799b8ab2ce5e869ecf5e7ee92c", "71a988b2ace69974a4e85a98621b8782decdb5255ff499fb04fb69882cc54312", "7554e314af227056d5b542909815beb58fe0a2ca50b406d18e1263e04f5d91f3", "757fbdc22c3a597eb40bca8f50f71d0bc59d874bbadee0709a7d3d7631896626", "7a5307616f8987e9e9991b4b3b0c9a50daeb18947426bc010f3e043ae1ffe658", "7e77d51383f33f8a97f0a5d05fbe82c4d6d143bbae5a65f4866ead944cff3560", "8d96be2882017859c132e29135bfa8389fc518c7a8fa115987cb81ab8ee58399", "8df01a08896f45bf84ba3bfe6d0b1bf7539bc00a71794e4126502c1650cb593e", "91e17a189ddc9dfec52d8d36621c9e860b0dc025e2f77112196d0ecec2008332", "94281f5e13a94a424a2704cfd6f5db503f8fc1d8753edd7b88a1b72d2c9c75ef", "9a1c47f337e892d67effafa70018fe9cf0e56d0c51a019989a97245e75d0be3d", "9ee10a8a4ae234cda9f7c4d329142208d8b638269143be2ac4ea10071c21d0b5", "a98fb6e329c2046d296dccac5580f1bf2b8fd6186913deb9cddcafc09be0813c", "aa3c2568af4df9ecf3b4f11a25d50996a0f6005cddd38388f1190d3db8acfd4e", "af3ef5a49e1b5a7e2c0f099a0522ec94a8f520456d2631166f3ec0210d82d022", "b5e74f86d3d81801831504919301322a5bf66fbaad05153cb0d6607b0734131f", "bc225ff15a0644c18094284c4e502f3ecbddb86fed694631326856f0ed0164e7", "bcb99f7cd04b670f21c60f63ff3549197affb1efa90ec9c00702540d581fee7f", "c1935ad5839cafe73c88f081d513b45379190e02395d8022c702b7472374b710", "db9506aeffa9157c1e3a3f0a9852a96222d4b4c3b6937c2b1cb4ea5a10c2be4b", "dc4e4a4900ac37937edeb3eae99d639bea6bac21ed34c54a9ab0b916fb556167", "e51930227c1f303ca6b34fa94170d81f0512165ff7308526f5c68197f347e2cb", "ed9206075e59643ee7f26257e1acb9f53c1758fd53cdfa269e5323f686a1c5d3", "ef1b63884af89306dabf230b9c25410dac0c26c974083d1d2a0ddd2d201cd6a3", "f3efbedbcdf30498ed948c6bb1aec6107c76a95bd5000fb9b52766253bd6ee3d", "f68c5d2b029a43c0a265012f51f77dc0ba6dd72a44c3457606a600a9b08359d1", "fa023caa3aebd699466398bae8c709d826e5c1a14718c969688854f28936d07f"], "name": "Frz_State"}, {"hashes": ["00ec05a0fd4ccd413e28f89d1443089eda2e50becdc97e2b44a6e74c55d65fb8", "037e63fa3cfd335313e3cb78d14b0e0a779c4da19a7646d75403858a879d70f9", "0529bd46932a20e14da07133bd2614e7f81ef08a6ad26764ef9d732dd4988e35", "060fb684fd152f2546906c5b85485c24d4e94c7b5e8b93458097d7014154ccc9", "06577101079df0a09060e0eb44b8c6eda8255f138ed3c5af2b669039567f51c5", "072fa77729d844c920070ee8185d91d404c65892bd3ec3324473ad0155b68988", "0f074c20be427e86895db557908d85e833b1c2b1a765ea17bf9d1dcd77aa1ad1", "0fd02c1cf5e471eccd229ab0534077e3dda91308acbaa6b4e8a15d4fc97b6b98", "0fd57d56f1a5aa99eb20e4d15a31363292ead1d949734cc54570c9bb3fd53d03", "10362bfd9ff8f18e62e3820f517a90a157b6fa7a546a8c8f5f6130dfdd3de88b", "1f159d6772407b57400c1d524b97415f66134673ffd8b07c0fe123addea75f90", "21ede0344d272a3a8a772dbdaadbacff83b522fcb01728965a8f29a4726358d9", "284e151ec6597ce6ccc0fb1848d44177bdb351ee0ad00b360014ea7ac5a31d84", "3445899a37c24d910f0f91f4a330c26054f3f0018b6c44fe619fe4887673786a", "3bc94f387e5e1118773d9ab986039115bf9038f9262da84e0691ecb3334462aa", "3ca55dfb0daf326b2f643596c081276febf119e8da00f9d7d027a877b9b143d0", "3d426b7064f1d2dd537433dd263cbc3f049f3a01261e4f1e93d9dbbd9689d3e4", "42ee13d14f840858d94c7e8712c75455bc6828b65d02d2c798f8e304348bd21d", "437b4e98592df3aa97453cd91bc42554c4e7d22f57eb72acd30399aab9f8ed7e", "478c99de0dcee5ab3da347112b287cdae59780f1cc2f5c5d01e646d8d927474d", "4e7b0a65c1c022ac01703abcd924b9430289ad2fd0739b4d840eb32dcaf63258", "514670325741ff21596e562511ff1e7ad12b7a627cdbeedc67b93ed44f3e732e", "5317f8a165ff205a65635eec691450948e7846ef1a70bca64b03ff4f8523cd97", "55cf600f0eac84ea1af8fcbb602d59e00498c86ae3b3221f63eb7506904e31e1", "64b287518fbff6bdf964537422e415bcb3435dc73fa98e767f6df01b8d092f5f", "6830b989159440052c7fb38c5a78edd1cf3574b33e9d4e25863a8280d7249b11", "6971cad8f0b8e9de3bb406ec10956e0ee095a47d127c7b245379fdd66cf5f32e", "6a38e36c3c79a10d84b1df2a28b6fc3c650bd2799b8ab2ce5e869ecf5e7ee92c", "71a988b2ace69974a4e85a98621b8782decdb5255ff499fb04fb69882cc54312", "7554e314af227056d5b542909815beb58fe0a2ca50b406d18e1263e04f5d91f3", "757fbdc22c3a597eb40bca8f50f71d0bc59d874bbadee0709a7d3d7631896626", "7a5307616f8987e9e9991b4b3b0c9a50daeb18947426bc010f3e043ae1ffe658", "7e77d51383f33f8a97f0a5d05fbe82c4d6d143bbae5a65f4866ead944cff3560", "8d96be2882017859c132e29135bfa8389fc518c7a8fa115987cb81ab8ee58399", "8df01a08896f45bf84ba3bfe6d0b1bf7539bc00a71794e4126502c1650cb593e", "91e17a189ddc9dfec52d8d36621c9e860b0dc025e2f77112196d0ecec2008332", "94281f5e13a94a424a2704cfd6f5db503f8fc1d8753edd7b88a1b72d2c9c75ef", "9a1c47f337e892d67effafa70018fe9cf0e56d0c51a019989a97245e75d0be3d", "9ee10a8a4ae234cda9f7c4d329142208d8b638269143be2ac4ea10071c21d0b5", "a98fb6e329c2046d296dccac5580f1bf2b8fd6186913deb9cddcafc09be0813c", "aa3c2568af4df9ecf3b4f11a25d50996a0f6005cddd38388f1190d3db8acfd4e", "af3ef5a49e1b5a7e2c0f099a0522ec94a8f520456d2631166f3ec0210d82d022", "b5e74f86d3d81801831504919301322a5bf66fbaad05153cb0d6607b0734131f", "bc225ff15a0644c18094284c4e502f3ecbddb86fed694631326856f0ed0164e7", "bcb99f7cd04b670f21c60f63ff3549197affb1efa90ec9c00702540d581fee7f", "c1935ad5839cafe73c88f081d513b45379190e02395d8022c702b7472374b710", "db9506aeffa9157c1e3a3f0a9852a96222d4b4c3b6937c2b1cb4ea5a10c2be4b", "dc4e4a4900ac37937edeb3eae99d639bea6bac21ed34c54a9ab0b916fb556167", "e51930227c1f303ca6b34fa94170d81f0512165ff7308526f5c68197f347e2cb", "ed9206075e59643ee7f26257e1acb9f53c1758fd53cdfa269e5323f686a1c5d3", "ef1b63884af89306dabf230b9c25410dac0c26c974083d1d2a0ddd2d201cd6a3", "f3efbedbcdf30498ed948c6bb1aec6107c76a95bd5000fb9b52766253bd6ee3d", "f68c5d2b029a43c0a265012f51f77dc0ba6dd72a44c3457606a600a9b08359d1", "fa023caa3aebd699466398bae8c709d826e5c1a14718c969688854f28936d07f"], "name": "shell.{C7036634-CCD0-7DFF-8826-3DEB3B7F4A3E}"}, {"hashes": ["00ec05a0fd4ccd413e28f89d1443089eda2e50becdc97e2b44a6e74c55d65fb8", "037e63fa3cfd335313e3cb78d14b0e0a779c4da19a7646d75403858a879d70f9", "0529bd46932a20e14da07133bd2614e7f81ef08a6ad26764ef9d732dd4988e35", "060fb684fd152f2546906c5b85485c24d4e94c7b5e8b93458097d7014154ccc9", "06577101079df0a09060e0eb44b8c6eda8255f138ed3c5af2b669039567f51c5", "072fa77729d844c920070ee8185d91d404c65892bd3ec3324473ad0155b68988", "0f074c20be427e86895db557908d85e833b1c2b1a765ea17bf9d1dcd77aa1ad1", "0fd02c1cf5e471eccd229ab0534077e3dda91308acbaa6b4e8a15d4fc97b6b98", "0fd57d56f1a5aa99eb20e4d15a31363292ead1d949734cc54570c9bb3fd53d03", "10362bfd9ff8f18e62e3820f517a90a157b6fa7a546a8c8f5f6130dfdd3de88b", "1f159d6772407b57400c1d524b97415f66134673ffd8b07c0fe123addea75f90", "21ede0344d272a3a8a772dbdaadbacff83b522fcb01728965a8f29a4726358d9", "284e151ec6597ce6ccc0fb1848d44177bdb351ee0ad00b360014ea7ac5a31d84", "3445899a37c24d910f0f91f4a330c26054f3f0018b6c44fe619fe4887673786a", "3bc94f387e5e1118773d9ab986039115bf9038f9262da84e0691ecb3334462aa", "3ca55dfb0daf326b2f643596c081276febf119e8da00f9d7d027a877b9b143d0", "3d426b7064f1d2dd537433dd263cbc3f049f3a01261e4f1e93d9dbbd9689d3e4", "42ee13d14f840858d94c7e8712c75455bc6828b65d02d2c798f8e304348bd21d", "437b4e98592df3aa97453cd91bc42554c4e7d22f57eb72acd30399aab9f8ed7e", "478c99de0dcee5ab3da347112b287cdae59780f1cc2f5c5d01e646d8d927474d", "4e7b0a65c1c022ac01703abcd924b9430289ad2fd0739b4d840eb32dcaf63258", "514670325741ff21596e562511ff1e7ad12b7a627cdbeedc67b93ed44f3e732e", "5317f8a165ff205a65635eec691450948e7846ef1a70bca64b03ff4f8523cd97", "55cf600f0eac84ea1af8fcbb602d59e00498c86ae3b3221f63eb7506904e31e1", "64b287518fbff6bdf964537422e415bcb3435dc73fa98e767f6df01b8d092f5f", "6830b989159440052c7fb38c5a78edd1cf3574b33e9d4e25863a8280d7249b11", "6971cad8f0b8e9de3bb406ec10956e0ee095a47d127c7b245379fdd66cf5f32e", "6a38e36c3c79a10d84b1df2a28b6fc3c650bd2799b8ab2ce5e869ecf5e7ee92c", "71a988b2ace69974a4e85a98621b8782decdb5255ff499fb04fb69882cc54312", "7554e314af227056d5b542909815beb58fe0a2ca50b406d18e1263e04f5d91f3", "757fbdc22c3a597eb40bca8f50f71d0bc59d874bbadee0709a7d3d7631896626", "7a5307616f8987e9e9991b4b3b0c9a50daeb18947426bc010f3e043ae1ffe658", "7e77d51383f33f8a97f0a5d05fbe82c4d6d143bbae5a65f4866ead944cff3560", "8d96be2882017859c132e29135bfa8389fc518c7a8fa115987cb81ab8ee58399", "8df01a08896f45bf84ba3bfe6d0b1bf7539bc00a71794e4126502c1650cb593e", "91e17a189ddc9dfec52d8d36621c9e860b0dc025e2f77112196d0ecec2008332", "94281f5e13a94a424a2704cfd6f5db503f8fc1d8753edd7b88a1b72d2c9c75ef", "9a1c47f337e892d67effafa70018fe9cf0e56d0c51a019989a97245e75d0be3d", "9ee10a8a4ae234cda9f7c4d329142208d8b638269143be2ac4ea10071c21d0b5", "a98fb6e329c2046d296dccac5580f1bf2b8fd6186913deb9cddcafc09be0813c", "aa3c2568af4df9ecf3b4f11a25d50996a0f6005cddd38388f1190d3db8acfd4e", "af3ef5a49e1b5a7e2c0f099a0522ec94a8f520456d2631166f3ec0210d82d022", "b5e74f86d3d81801831504919301322a5bf66fbaad05153cb0d6607b0734131f", "bc225ff15a0644c18094284c4e502f3ecbddb86fed694631326856f0ed0164e7", "bcb99f7cd04b670f21c60f63ff3549197affb1efa90ec9c00702540d581fee7f", "c1935ad5839cafe73c88f081d513b45379190e02395d8022c702b7472374b710", "db9506aeffa9157c1e3a3f0a9852a96222d4b4c3b6937c2b1cb4ea5a10c2be4b", "dc4e4a4900ac37937edeb3eae99d639bea6bac21ed34c54a9ab0b916fb556167", "e51930227c1f303ca6b34fa94170d81f0512165ff7308526f5c68197f347e2cb", "ed9206075e59643ee7f26257e1acb9f53c1758fd53cdfa269e5323f686a1c5d3", "ef1b63884af89306dabf230b9c25410dac0c26c974083d1d2a0ddd2d201cd6a3", "f3efbedbcdf30498ed948c6bb1aec6107c76a95bd5000fb9b52766253bd6ee3d", "f68c5d2b029a43c0a265012f51f77dc0ba6dd72a44c3457606a600a9b08359d1", "fa023caa3aebd699466398bae8c709d826e5c1a14718c969688854f28936d07f"], "name": "shell.{18A81F10-BD38-0CDB-EF51-7696490D1424}"}, {"hashes": ["129bdda489f6349ec751d65c7ce8723941ed40d1ef1dd546371dccd597720ffc", "35752610b7219f53b5a5de2448f0a60175abe48204384ee55ac898dcb95dea66", "7e9b585b5bb50aec1f77132d85ac19cfcde0ff46341ceeb8dd17f558d111624a", "8a31b4848a103a3292bba78161cc402eee6b8d9e75b41258fc994411d2b9673f", "a7da8ed5b35cbf0ce2d235e2520d394186740963d0f4649e8ccb684653759f30", "b719a30f482e0c48982b91cc2575da1d57eedce245cac9844ada69722c4264f4", "b89daedb507a3beac6eca4e5065ffa9f1f50694f0cabeb8be1bc9a8970a49082", "c42dfe64f1735b6d4bfb09403d3456ff6138be8e58447f05028ddbbcf6b43613", "cd9884124884492086133dfad6156b7d8004cb189fef0e089a2b6129865ffc19", "e47dd4e61d7441fd7b9f1ad21dc1aafd9c03fdeb84db7a230c59b90d98a2841f", "ea32abddea0da67213ee9022c45e5554e6b0187a43ca224e743a848c4f45e3b7", "f9d8e319c20af4a7ee83929537cdbd49e0e27db8e08bef506dbb6d879d807252"], "name": "c731200"}, {"hashes": ["129bdda489f6349ec751d65c7ce8723941ed40d1ef1dd546371dccd597720ffc", "35752610b7219f53b5a5de2448f0a60175abe48204384ee55ac898dcb95dea66", "7e9b585b5bb50aec1f77132d85ac19cfcde0ff46341ceeb8dd17f558d111624a", "a7da8ed5b35cbf0ce2d235e2520d394186740963d0f4649e8ccb684653759f30", "b719a30f482e0c48982b91cc2575da1d57eedce245cac9844ada69722c4264f4", "b89daedb507a3beac6eca4e5065ffa9f1f50694f0cabeb8be1bc9a8970a49082", "c42dfe64f1735b6d4bfb09403d3456ff6138be8e58447f05028ddbbcf6b43613", "cd9884124884492086133dfad6156b7d8004cb189fef0e089a2b6129865ffc19", "e47dd4e61d7441fd7b9f1ad21dc1aafd9c03fdeb84db7a230c59b90d98a2841f", "ea32abddea0da67213ee9022c45e5554e6b0187a43ca224e743a848c4f45e3b7", "f9d8e319c20af4a7ee83929537cdbd49e0e27db8e08bef506dbb6d879d807252"], "name": "SSLOADasdasc000300"}, {"hashes": ["129bdda489f6349ec751d65c7ce8723941ed40d1ef1dd546371dccd597720ffc", "35752610b7219f53b5a5de2448f0a60175abe48204384ee55ac898dcb95dea66", "7e9b585b5bb50aec1f77132d85ac19cfcde0ff46341ceeb8dd17f558d111624a", "a7da8ed5b35cbf0ce2d235e2520d394186740963d0f4649e8ccb684653759f30", "b719a30f482e0c48982b91cc2575da1d57eedce245cac9844ada69722c4264f4", "b89daedb507a3beac6eca4e5065ffa9f1f50694f0cabeb8be1bc9a8970a49082", "c42dfe64f1735b6d4bfb09403d3456ff6138be8e58447f05028ddbbcf6b43613", "cd9884124884492086133dfad6156b7d8004cb189fef0e089a2b6129865ffc19", "e47dd4e61d7441fd7b9f1ad21dc1aafd9c03fdeb84db7a230c59b90d98a2841f", "ea32abddea0da67213ee9022c45e5554e6b0187a43ca224e743a848c4f45e3b7", "f9d8e319c20af4a7ee83929537cdbd49e0e27db8e08bef506dbb6d879d807252"], "name": "-43993de0Mutex"}, {"hashes": ["129bdda489f6349ec751d65c7ce8723941ed40d1ef1dd546371dccd597720ffc", "35752610b7219f53b5a5de2448f0a60175abe48204384ee55ac898dcb95dea66", "7e9b585b5bb50aec1f77132d85ac19cfcde0ff46341ceeb8dd17f558d111624a", "a7da8ed5b35cbf0ce2d235e2520d394186740963d0f4649e8ccb684653759f30", "b719a30f482e0c48982b91cc2575da1d57eedce245cac9844ada69722c4264f4", "b89daedb507a3beac6eca4e5065ffa9f1f50694f0cabeb8be1bc9a8970a49082", "c42dfe64f1735b6d4bfb09403d3456ff6138be8e58447f05028ddbbcf6b43613", "cd9884124884492086133dfad6156b7d8004cb189fef0e089a2b6129865ffc19", "e47dd4e61d7441fd7b9f1ad21dc1aafd9c03fdeb84db7a230c59b90d98a2841f", "ea32abddea0da67213ee9022c45e5554e6b0187a43ca224e743a848c4f45e3b7", "f9d8e319c20af4a7ee83929537cdbd49e0e27db8e08bef506dbb6d879d807252"], "name": "SVCHOST_MUTEX_OBJECT_RELEASED_c000300"}, {"hashes": ["129bdda489f6349ec751d65c7ce8723941ed40d1ef1dd546371dccd597720ffc", "35752610b7219f53b5a5de2448f0a60175abe48204384ee55ac898dcb95dea66", "7e9b585b5bb50aec1f77132d85ac19cfcde0ff46341ceeb8dd17f558d111624a", "a7da8ed5b35cbf0ce2d235e2520d394186740963d0f4649e8ccb684653759f30", "b719a30f482e0c48982b91cc2575da1d57eedce245cac9844ada69722c4264f4", "b89daedb507a3beac6eca4e5065ffa9f1f50694f0cabeb8be1bc9a8970a49082", "c42dfe64f1735b6d4bfb09403d3456ff6138be8e58447f05028ddbbcf6b43613", "cd9884124884492086133dfad6156b7d8004cb189fef0e089a2b6129865ffc19", "e47dd4e61d7441fd7b9f1ad21dc1aafd9c03fdeb84db7a230c59b90d98a2841f", "ea32abddea0da67213ee9022c45e5554e6b0187a43ca224e743a848c4f45e3b7", "f9d8e319c20af4a7ee83929537cdbd49e0e27db8e08bef506dbb6d879d807252"], "name": "FvLQ49I\u0013\u2013\u00c0zLjj6m"}, {"hashes": ["8a31b4848a103a3292bba78161cc402eee6b8d9e75b41258fc994411d2b9673f"], "name": "SSLOADasdasc000900"}, {"hashes": ["943486d70b4bc860761c0db97a02ffc628c546527a97512ce96c8f431ab6724c"], "name": "GH5K-GKL8-CPP4-DE24"}, {"hashes": ["37d74ffc805cb18b38b59dc6f1982e78ec5fb6d458373451779e23bd5f21e8c3"], "name": "Local\\{A95EDA1C-EEE2-09FD-FF48-D36CE9A5618F}"}, {"hashes": ["37d74ffc805cb18b38b59dc6f1982e78ec5fb6d458373451779e23bd5f21e8c3"], "name": "Local\\{DB29A428-90D6-7B8A-FF48-D36CE9A5618F}"}, {"hashes": ["37d74ffc805cb18b38b59dc6f1982e78ec5fb6d458373451779e23bd5f21e8c3"], "name": "Local\\{12B0A59F-9161-B213-FF48-D36CE9A5618F}"}, {"hashes": ["37d74ffc805cb18b38b59dc6f1982e78ec5fb6d458373451779e23bd5f21e8c3"], "name": "Local\\{E54AD8D8-EC26-45E9-FF48-D36CE9A5618F}"}, {"hashes": ["8a31b4848a103a3292bba78161cc402eee6b8d9e75b41258fc994411d2b9673f"], "name": "SVCHOST_MUTEX_OBJECT_RELEASED_c000900"}, {"hashes": ["8a31b4848a103a3292bba78161cc402eee6b8d9e75b41258fc994411d2b9673f"], "name": "-65b46629Mutex"}, {"hashes": ["8a31b4848a103a3292bba78161cc402eee6b8d9e75b41258fc994411d2b9673f"], "name": "FvLQ49I\u0013\u008d\u00c0zLjj6m"}, {"hashes": ["37d74ffc805cb18b38b59dc6f1982e78ec5fb6d458373451779e23bd5f21e8c3"], "name": "GLOBAL\\{<random GUID>}"}, {"hashes": ["35853dfe6731d377efc7fbe049a6a2fc0d6cde89ad82b4a2968c8b118e8d2031"], "name": "{FFCEE3F2-AB33-AF5A-6FA1-731547ACF820}"}, {"hashes": ["38b2606a56f63721f744eac093b50e2df5cd4b8cf6bef14ab4c8525a4b690255"], "name": "Global\\0w5kSbK8156j"}, {"hashes": ["38b2606a56f63721f744eac093b50e2df5cd4b8cf6bef14ab4c8525a4b690255"], "name": "Global\\V3W6x3pCHBS3"}, {"hashes": ["38b2606a56f63721f744eac093b50e2df5cd4b8cf6bef14ab4c8525a4b690255"], "name": "Global\\fdjfidjOIAFJ"}, {"hashes": ["38b2606a56f63721f744eac093b50e2df5cd4b8cf6bef14ab4c8525a4b690255"], "name": "Global\\uAvO6F8bgarN"}, {"hashes": ["654aa52ae3de9f6843f8b61c1344c884df121cf1fcb23848ab4d4c0079c370ef"], "name": "Wipdjrgugx"}, {"hashes": ["654aa52ae3de9f6843f8b61c1344c884df121cf1fcb23848ab4d4c0079c370ef"], "name": "Wipdjrgugx_970"}], "registry": [{"hashes": ["00ec05a0fd4ccd413e28f89d1443089eda2e50becdc97e2b44a6e74c55d65fb8", "037e63fa3cfd335313e3cb78d14b0e0a779c4da19a7646d75403858a879d70f9", "0529bd46932a20e14da07133bd2614e7f81ef08a6ad26764ef9d732dd4988e35", "060fb684fd152f2546906c5b85485c24d4e94c7b5e8b93458097d7014154ccc9", "06577101079df0a09060e0eb44b8c6eda8255f138ed3c5af2b669039567f51c5", "072fa77729d844c920070ee8185d91d404c65892bd3ec3324473ad0155b68988", "0f074c20be427e86895db557908d85e833b1c2b1a765ea17bf9d1dcd77aa1ad1", "0fd02c1cf5e471eccd229ab0534077e3dda91308acbaa6b4e8a15d4fc97b6b98", "0fd57d56f1a5aa99eb20e4d15a31363292ead1d949734cc54570c9bb3fd53d03", "10362bfd9ff8f18e62e3820f517a90a157b6fa7a546a8c8f5f6130dfdd3de88b", "1f159d6772407b57400c1d524b97415f66134673ffd8b07c0fe123addea75f90", "21ede0344d272a3a8a772dbdaadbacff83b522fcb01728965a8f29a4726358d9", "284e151ec6597ce6ccc0fb1848d44177bdb351ee0ad00b360014ea7ac5a31d84", "3445899a37c24d910f0f91f4a330c26054f3f0018b6c44fe619fe4887673786a", "3bc94f387e5e1118773d9ab986039115bf9038f9262da84e0691ecb3334462aa", "3ca55dfb0daf326b2f643596c081276febf119e8da00f9d7d027a877b9b143d0", "3d426b7064f1d2dd537433dd263cbc3f049f3a01261e4f1e93d9dbbd9689d3e4", "42ee13d14f840858d94c7e8712c75455bc6828b65d02d2c798f8e304348bd21d", "437b4e98592df3aa97453cd91bc42554c4e7d22f57eb72acd30399aab9f8ed7e", "478c99de0dcee5ab3da347112b287cdae59780f1cc2f5c5d01e646d8d927474d", "4e7b0a65c1c022ac01703abcd924b9430289ad2fd0739b4d840eb32dcaf63258", "514670325741ff21596e562511ff1e7ad12b7a627cdbeedc67b93ed44f3e732e", "5317f8a165ff205a65635eec691450948e7846ef1a70bca64b03ff4f8523cd97", "55cf600f0eac84ea1af8fcbb602d59e00498c86ae3b3221f63eb7506904e31e1", "584f53a8d11f2e3b7835a2aeaf0d42448dd064854d954c51eec6e0e4b17f80c1", "64b287518fbff6bdf964537422e415bcb3435dc73fa98e767f6df01b8d092f5f", "6830b989159440052c7fb38c5a78edd1cf3574b33e9d4e25863a8280d7249b11", "6971cad8f0b8e9de3bb406ec10956e0ee095a47d127c7b245379fdd66cf5f32e", "6a38e36c3c79a10d84b1df2a28b6fc3c650bd2799b8ab2ce5e869ecf5e7ee92c", "71a988b2ace69974a4e85a98621b8782decdb5255ff499fb04fb69882cc54312", "7554e314af227056d5b542909815beb58fe0a2ca50b406d18e1263e04f5d91f3", "757fbdc22c3a597eb40bca8f50f71d0bc59d874bbadee0709a7d3d7631896626", "7a5307616f8987e9e9991b4b3b0c9a50daeb18947426bc010f3e043ae1ffe658", "7e77d51383f33f8a97f0a5d05fbe82c4d6d143bbae5a65f4866ead944cff3560", "8d96be2882017859c132e29135bfa8389fc518c7a8fa115987cb81ab8ee58399", "8df01a08896f45bf84ba3bfe6d0b1bf7539bc00a71794e4126502c1650cb593e", "91e17a189ddc9dfec52d8d36621c9e860b0dc025e2f77112196d0ecec2008332", "94281f5e13a94a424a2704cfd6f5db503f8fc1d8753edd7b88a1b72d2c9c75ef", "9a1c47f337e892d67effafa70018fe9cf0e56d0c51a019989a97245e75d0be3d", "9ee10a8a4ae234cda9f7c4d329142208d8b638269143be2ac4ea10071c21d0b5", "a98fb6e329c2046d296dccac5580f1bf2b8fd6186913deb9cddcafc09be0813c", "aa3c2568af4df9ecf3b4f11a25d50996a0f6005cddd38388f1190d3db8acfd4e", "af3ef5a49e1b5a7e2c0f099a0522ec94a8f520456d2631166f3ec0210d82d022", "b5e74f86d3d81801831504919301322a5bf66fbaad05153cb0d6607b0734131f", "bc225ff15a0644c18094284c4e502f3ecbddb86fed694631326856f0ed0164e7", "bcb99f7cd04b670f21c60f63ff3549197affb1efa90ec9c00702540d581fee7f", "c1935ad5839cafe73c88f081d513b45379190e02395d8022c702b7472374b710", "db9506aeffa9157c1e3a3f0a9852a96222d4b4c3b6937c2b1cb4ea5a10c2be4b", "dc4e4a4900ac37937edeb3eae99d639bea6bac21ed34c54a9ab0b916fb556167", "e51930227c1f303ca6b34fa94170d81f0512165ff7308526f5c68197f347e2cb", "eb35c000eeb1d368e452a6eef6c1d162b998228f41e4691c70ae97601e8e6442", "ed9206075e59643ee7f26257e1acb9f53c1758fd53cdfa269e5323f686a1c5d3", "ef1b63884af89306dabf230b9c25410dac0c26c974083d1d2a0ddd2d201cd6a3", "f3efbedbcdf30498ed948c6bb1aec6107c76a95bd5000fb9b52766253bd6ee3d", "f68c5d2b029a43c0a265012f51f77dc0ba6dd72a44c3457606a600a9b08359d1", "fa023caa3aebd699466398bae8c709d826e5c1a14718c969688854f28936d07f"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\EXPLORER\\ADVANCED", "value_name": "ShowSuperHidden"}, {"hashes": ["00ec05a0fd4ccd413e28f89d1443089eda2e50becdc97e2b44a6e74c55d65fb8", "037e63fa3cfd335313e3cb78d14b0e0a779c4da19a7646d75403858a879d70f9", "0529bd46932a20e14da07133bd2614e7f81ef08a6ad26764ef9d732dd4988e35", "060fb684fd152f2546906c5b85485c24d4e94c7b5e8b93458097d7014154ccc9", "06577101079df0a09060e0eb44b8c6eda8255f138ed3c5af2b669039567f51c5", "072fa77729d844c920070ee8185d91d404c65892bd3ec3324473ad0155b68988", "0f074c20be427e86895db557908d85e833b1c2b1a765ea17bf9d1dcd77aa1ad1", "0fd02c1cf5e471eccd229ab0534077e3dda91308acbaa6b4e8a15d4fc97b6b98", "0fd57d56f1a5aa99eb20e4d15a31363292ead1d949734cc54570c9bb3fd53d03", "10362bfd9ff8f18e62e3820f517a90a157b6fa7a546a8c8f5f6130dfdd3de88b", "1f159d6772407b57400c1d524b97415f66134673ffd8b07c0fe123addea75f90", "21ede0344d272a3a8a772dbdaadbacff83b522fcb01728965a8f29a4726358d9", "284e151ec6597ce6ccc0fb1848d44177bdb351ee0ad00b360014ea7ac5a31d84", "3445899a37c24d910f0f91f4a330c26054f3f0018b6c44fe619fe4887673786a", "3bc94f387e5e1118773d9ab986039115bf9038f9262da84e0691ecb3334462aa", "3ca55dfb0daf326b2f643596c081276febf119e8da00f9d7d027a877b9b143d0", "3d426b7064f1d2dd537433dd263cbc3f049f3a01261e4f1e93d9dbbd9689d3e4", "42ee13d14f840858d94c7e8712c75455bc6828b65d02d2c798f8e304348bd21d", "437b4e98592df3aa97453cd91bc42554c4e7d22f57eb72acd30399aab9f8ed7e", "478c99de0dcee5ab3da347112b287cdae59780f1cc2f5c5d01e646d8d927474d", "4e7b0a65c1c022ac01703abcd924b9430289ad2fd0739b4d840eb32dcaf63258", "514670325741ff21596e562511ff1e7ad12b7a627cdbeedc67b93ed44f3e732e", "5317f8a165ff205a65635eec691450948e7846ef1a70bca64b03ff4f8523cd97", "55cf600f0eac84ea1af8fcbb602d59e00498c86ae3b3221f63eb7506904e31e1", "64b287518fbff6bdf964537422e415bcb3435dc73fa98e767f6df01b8d092f5f", "6830b989159440052c7fb38c5a78edd1cf3574b33e9d4e25863a8280d7249b11", "6971cad8f0b8e9de3bb406ec10956e0ee095a47d127c7b245379fdd66cf5f32e", "6a38e36c3c79a10d84b1df2a28b6fc3c650bd2799b8ab2ce5e869ecf5e7ee92c", "71a988b2ace69974a4e85a98621b8782decdb5255ff499fb04fb69882cc54312", "7554e314af227056d5b542909815beb58fe0a2ca50b406d18e1263e04f5d91f3", "757fbdc22c3a597eb40bca8f50f71d0bc59d874bbadee0709a7d3d7631896626", "7a5307616f8987e9e9991b4b3b0c9a50daeb18947426bc010f3e043ae1ffe658", "7e77d51383f33f8a97f0a5d05fbe82c4d6d143bbae5a65f4866ead944cff3560", "8d96be2882017859c132e29135bfa8389fc518c7a8fa115987cb81ab8ee58399", "8df01a08896f45bf84ba3bfe6d0b1bf7539bc00a71794e4126502c1650cb593e", "91e17a189ddc9dfec52d8d36621c9e860b0dc025e2f77112196d0ecec2008332", "94281f5e13a94a424a2704cfd6f5db503f8fc1d8753edd7b88a1b72d2c9c75ef", "9a1c47f337e892d67effafa70018fe9cf0e56d0c51a019989a97245e75d0be3d", "9ee10a8a4ae234cda9f7c4d329142208d8b638269143be2ac4ea10071c21d0b5", "a98fb6e329c2046d296dccac5580f1bf2b8fd6186913deb9cddcafc09be0813c", "aa3c2568af4df9ecf3b4f11a25d50996a0f6005cddd38388f1190d3db8acfd4e", "af3ef5a49e1b5a7e2c0f099a0522ec94a8f520456d2631166f3ec0210d82d022", "b5e74f86d3d81801831504919301322a5bf66fbaad05153cb0d6607b0734131f", "bc225ff15a0644c18094284c4e502f3ecbddb86fed694631326856f0ed0164e7", "bcb99f7cd04b670f21c60f63ff3549197affb1efa90ec9c00702540d581fee7f", "c1935ad5839cafe73c88f081d513b45379190e02395d8022c702b7472374b710", "db9506aeffa9157c1e3a3f0a9852a96222d4b4c3b6937c2b1cb4ea5a10c2be4b", "dc4e4a4900ac37937edeb3eae99d639bea6bac21ed34c54a9ab0b916fb556167", "e51930227c1f303ca6b34fa94170d81f0512165ff7308526f5c68197f347e2cb", "ed9206075e59643ee7f26257e1acb9f53c1758fd53cdfa269e5323f686a1c5d3", "ef1b63884af89306dabf230b9c25410dac0c26c974083d1d2a0ddd2d201cd6a3", "f3efbedbcdf30498ed948c6bb1aec6107c76a95bd5000fb9b52766253bd6ee3d", "f68c5d2b029a43c0a265012f51f77dc0ba6dd72a44c3457606a600a9b08359d1", "fa023caa3aebd699466398bae8c709d826e5c1a14718c969688854f28936d07f"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\OUTLOOK EXPRESS\\5.0", "value_name": null}, {"hashes": ["00ec05a0fd4ccd413e28f89d1443089eda2e50becdc97e2b44a6e74c55d65fb8", "037e63fa3cfd335313e3cb78d14b0e0a779c4da19a7646d75403858a879d70f9", "0529bd46932a20e14da07133bd2614e7f81ef08a6ad26764ef9d732dd4988e35", "060fb684fd152f2546906c5b85485c24d4e94c7b5e8b93458097d7014154ccc9", "06577101079df0a09060e0eb44b8c6eda8255f138ed3c5af2b669039567f51c5", "072fa77729d844c920070ee8185d91d404c65892bd3ec3324473ad0155b68988", "0f074c20be427e86895db557908d85e833b1c2b1a765ea17bf9d1dcd77aa1ad1", "0fd02c1cf5e471eccd229ab0534077e3dda91308acbaa6b4e8a15d4fc97b6b98", "0fd57d56f1a5aa99eb20e4d15a31363292ead1d949734cc54570c9bb3fd53d03", "10362bfd9ff8f18e62e3820f517a90a157b6fa7a546a8c8f5f6130dfdd3de88b", "1f159d6772407b57400c1d524b97415f66134673ffd8b07c0fe123addea75f90", "21ede0344d272a3a8a772dbdaadbacff83b522fcb01728965a8f29a4726358d9", "284e151ec6597ce6ccc0fb1848d44177bdb351ee0ad00b360014ea7ac5a31d84", "3445899a37c24d910f0f91f4a330c26054f3f0018b6c44fe619fe4887673786a", "3bc94f387e5e1118773d9ab986039115bf9038f9262da84e0691ecb3334462aa", "3ca55dfb0daf326b2f643596c081276febf119e8da00f9d7d027a877b9b143d0", "3d426b7064f1d2dd537433dd263cbc3f049f3a01261e4f1e93d9dbbd9689d3e4", "42ee13d14f840858d94c7e8712c75455bc6828b65d02d2c798f8e304348bd21d", "437b4e98592df3aa97453cd91bc42554c4e7d22f57eb72acd30399aab9f8ed7e", "478c99de0dcee5ab3da347112b287cdae59780f1cc2f5c5d01e646d8d927474d", "4e7b0a65c1c022ac01703abcd924b9430289ad2fd0739b4d840eb32dcaf63258", "514670325741ff21596e562511ff1e7ad12b7a627cdbeedc67b93ed44f3e732e", "5317f8a165ff205a65635eec691450948e7846ef1a70bca64b03ff4f8523cd97", "55cf600f0eac84ea1af8fcbb602d59e00498c86ae3b3221f63eb7506904e31e1", "64b287518fbff6bdf964537422e415bcb3435dc73fa98e767f6df01b8d092f5f", "6830b989159440052c7fb38c5a78edd1cf3574b33e9d4e25863a8280d7249b11", "6971cad8f0b8e9de3bb406ec10956e0ee095a47d127c7b245379fdd66cf5f32e", "6a38e36c3c79a10d84b1df2a28b6fc3c650bd2799b8ab2ce5e869ecf5e7ee92c", "71a988b2ace69974a4e85a98621b8782decdb5255ff499fb04fb69882cc54312", "7554e314af227056d5b542909815beb58fe0a2ca50b406d18e1263e04f5d91f3", "757fbdc22c3a597eb40bca8f50f71d0bc59d874bbadee0709a7d3d7631896626", "7a5307616f8987e9e9991b4b3b0c9a50daeb18947426bc010f3e043ae1ffe658", "7e77d51383f33f8a97f0a5d05fbe82c4d6d143bbae5a65f4866ead944cff3560", "8d96be2882017859c132e29135bfa8389fc518c7a8fa115987cb81ab8ee58399", "8df01a08896f45bf84ba3bfe6d0b1bf7539bc00a71794e4126502c1650cb593e", "91e17a189ddc9dfec52d8d36621c9e860b0dc025e2f77112196d0ecec2008332", "94281f5e13a94a424a2704cfd6f5db503f8fc1d8753edd7b88a1b72d2c9c75ef", "9a1c47f337e892d67effafa70018fe9cf0e56d0c51a019989a97245e75d0be3d", "9ee10a8a4ae234cda9f7c4d329142208d8b638269143be2ac4ea10071c21d0b5", "a98fb6e329c2046d296dccac5580f1bf2b8fd6186913deb9cddcafc09be0813c", "aa3c2568af4df9ecf3b4f11a25d50996a0f6005cddd38388f1190d3db8acfd4e", "af3ef5a49e1b5a7e2c0f099a0522ec94a8f520456d2631166f3ec0210d82d022", "b5e74f86d3d81801831504919301322a5bf66fbaad05153cb0d6607b0734131f", "bc225ff15a0644c18094284c4e502f3ecbddb86fed694631326856f0ed0164e7", "bcb99f7cd04b670f21c60f63ff3549197affb1efa90ec9c00702540d581fee7f", "c1935ad5839cafe73c88f081d513b45379190e02395d8022c702b7472374b710", "db9506aeffa9157c1e3a3f0a9852a96222d4b4c3b6937c2b1cb4ea5a10c2be4b", "dc4e4a4900ac37937edeb3eae99d639bea6bac21ed34c54a9ab0b916fb556167", "e51930227c1f303ca6b34fa94170d81f0512165ff7308526f5c68197f347e2cb", "ed9206075e59643ee7f26257e1acb9f53c1758fd53cdfa269e5323f686a1c5d3", "ef1b63884af89306dabf230b9c25410dac0c26c974083d1d2a0ddd2d201cd6a3", "f3efbedbcdf30498ed948c6bb1aec6107c76a95bd5000fb9b52766253bd6ee3d", "f68c5d2b029a43c0a265012f51f77dc0ba6dd72a44c3457606a600a9b08359d1", "fa023caa3aebd699466398bae8c709d826e5c1a14718c969688854f28936d07f"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\OUTLOOK EXPRESS\\5.0\\SHARED SETTINGS\\SETUP\\30002", "value_name": null}, {"hashes": ["00ec05a0fd4ccd413e28f89d1443089eda2e50becdc97e2b44a6e74c55d65fb8", "037e63fa3cfd335313e3cb78d14b0e0a779c4da19a7646d75403858a879d70f9", "0529bd46932a20e14da07133bd2614e7f81ef08a6ad26764ef9d732dd4988e35", "060fb684fd152f2546906c5b85485c24d4e94c7b5e8b93458097d7014154ccc9", "06577101079df0a09060e0eb44b8c6eda8255f138ed3c5af2b669039567f51c5", "072fa77729d844c920070ee8185d91d404c65892bd3ec3324473ad0155b68988", "0f074c20be427e86895db557908d85e833b1c2b1a765ea17bf9d1dcd77aa1ad1", "0fd02c1cf5e471eccd229ab0534077e3dda91308acbaa6b4e8a15d4fc97b6b98", "0fd57d56f1a5aa99eb20e4d15a31363292ead1d949734cc54570c9bb3fd53d03", "10362bfd9ff8f18e62e3820f517a90a157b6fa7a546a8c8f5f6130dfdd3de88b", "1f159d6772407b57400c1d524b97415f66134673ffd8b07c0fe123addea75f90", "21ede0344d272a3a8a772dbdaadbacff83b522fcb01728965a8f29a4726358d9", "284e151ec6597ce6ccc0fb1848d44177bdb351ee0ad00b360014ea7ac5a31d84", "3445899a37c24d910f0f91f4a330c26054f3f0018b6c44fe619fe4887673786a", "3bc94f387e5e1118773d9ab986039115bf9038f9262da84e0691ecb3334462aa", "3ca55dfb0daf326b2f643596c081276febf119e8da00f9d7d027a877b9b143d0", "3d426b7064f1d2dd537433dd263cbc3f049f3a01261e4f1e93d9dbbd9689d3e4", "42ee13d14f840858d94c7e8712c75455bc6828b65d02d2c798f8e304348bd21d", "437b4e98592df3aa97453cd91bc42554c4e7d22f57eb72acd30399aab9f8ed7e", "478c99de0dcee5ab3da347112b287cdae59780f1cc2f5c5d01e646d8d927474d", "4e7b0a65c1c022ac01703abcd924b9430289ad2fd0739b4d840eb32dcaf63258", "514670325741ff21596e562511ff1e7ad12b7a627cdbeedc67b93ed44f3e732e", "5317f8a165ff205a65635eec691450948e7846ef1a70bca64b03ff4f8523cd97", "55cf600f0eac84ea1af8fcbb602d59e00498c86ae3b3221f63eb7506904e31e1", "64b287518fbff6bdf964537422e415bcb3435dc73fa98e767f6df01b8d092f5f", "6830b989159440052c7fb38c5a78edd1cf3574b33e9d4e25863a8280d7249b11", "6971cad8f0b8e9de3bb406ec10956e0ee095a47d127c7b245379fdd66cf5f32e", "6a38e36c3c79a10d84b1df2a28b6fc3c650bd2799b8ab2ce5e869ecf5e7ee92c", "71a988b2ace69974a4e85a98621b8782decdb5255ff499fb04fb69882cc54312", "7554e314af227056d5b542909815beb58fe0a2ca50b406d18e1263e04f5d91f3", "757fbdc22c3a597eb40bca8f50f71d0bc59d874bbadee0709a7d3d7631896626", "7a5307616f8987e9e9991b4b3b0c9a50daeb18947426bc010f3e043ae1ffe658", "7e77d51383f33f8a97f0a5d05fbe82c4d6d143bbae5a65f4866ead944cff3560", "8d96be2882017859c132e29135bfa8389fc518c7a8fa115987cb81ab8ee58399", "8df01a08896f45bf84ba3bfe6d0b1bf7539bc00a71794e4126502c1650cb593e", "91e17a189ddc9dfec52d8d36621c9e860b0dc025e2f77112196d0ecec2008332", "94281f5e13a94a424a2704cfd6f5db503f8fc1d8753edd7b88a1b72d2c9c75ef", "9a1c47f337e892d67effafa70018fe9cf0e56d0c51a019989a97245e75d0be3d", "9ee10a8a4ae234cda9f7c4d329142208d8b638269143be2ac4ea10071c21d0b5", "a98fb6e329c2046d296dccac5580f1bf2b8fd6186913deb9cddcafc09be0813c", "aa3c2568af4df9ecf3b4f11a25d50996a0f6005cddd38388f1190d3db8acfd4e", "af3ef5a49e1b5a7e2c0f099a0522ec94a8f520456d2631166f3ec0210d82d022", "b5e74f86d3d81801831504919301322a5bf66fbaad05153cb0d6607b0734131f", "bc225ff15a0644c18094284c4e502f3ecbddb86fed694631326856f0ed0164e7", "bcb99f7cd04b670f21c60f63ff3549197affb1efa90ec9c00702540d581fee7f", "c1935ad5839cafe73c88f081d513b45379190e02395d8022c702b7472374b710", "db9506aeffa9157c1e3a3f0a9852a96222d4b4c3b6937c2b1cb4ea5a10c2be4b", "dc4e4a4900ac37937edeb3eae99d639bea6bac21ed34c54a9ab0b916fb556167", "e51930227c1f303ca6b34fa94170d81f0512165ff7308526f5c68197f347e2cb", "ed9206075e59643ee7f26257e1acb9f53c1758fd53cdfa269e5323f686a1c5d3", "ef1b63884af89306dabf230b9c25410dac0c26c974083d1d2a0ddd2d201cd6a3", "f3efbedbcdf30498ed948c6bb1aec6107c76a95bd5000fb9b52766253bd6ee3d", "f68c5d2b029a43c0a265012f51f77dc0ba6dd72a44c3457606a600a9b08359d1", "fa023caa3aebd699466398bae8c709d826e5c1a14718c969688854f28936d07f"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\OUTLOOK EXPRESS\\5.0\\SHARED SETTINGS\\SETUP\\30002", "value_name": "DS@Busf"}, {"hashes": ["00ec05a0fd4ccd413e28f89d1443089eda2e50becdc97e2b44a6e74c55d65fb8", "037e63fa3cfd335313e3cb78d14b0e0a779c4da19a7646d75403858a879d70f9", "0529bd46932a20e14da07133bd2614e7f81ef08a6ad26764ef9d732dd4988e35", "060fb684fd152f2546906c5b85485c24d4e94c7b5e8b93458097d7014154ccc9", "06577101079df0a09060e0eb44b8c6eda8255f138ed3c5af2b669039567f51c5", "072fa77729d844c920070ee8185d91d404c65892bd3ec3324473ad0155b68988", "0f074c20be427e86895db557908d85e833b1c2b1a765ea17bf9d1dcd77aa1ad1", "0fd02c1cf5e471eccd229ab0534077e3dda91308acbaa6b4e8a15d4fc97b6b98", "0fd57d56f1a5aa99eb20e4d15a31363292ead1d949734cc54570c9bb3fd53d03", "10362bfd9ff8f18e62e3820f517a90a157b6fa7a546a8c8f5f6130dfdd3de88b", "1f159d6772407b57400c1d524b97415f66134673ffd8b07c0fe123addea75f90", "21ede0344d272a3a8a772dbdaadbacff83b522fcb01728965a8f29a4726358d9", "284e151ec6597ce6ccc0fb1848d44177bdb351ee0ad00b360014ea7ac5a31d84", "3445899a37c24d910f0f91f4a330c26054f3f0018b6c44fe619fe4887673786a", "3bc94f387e5e1118773d9ab986039115bf9038f9262da84e0691ecb3334462aa", "3ca55dfb0daf326b2f643596c081276febf119e8da00f9d7d027a877b9b143d0", "3d426b7064f1d2dd537433dd263cbc3f049f3a01261e4f1e93d9dbbd9689d3e4", "42ee13d14f840858d94c7e8712c75455bc6828b65d02d2c798f8e304348bd21d", "437b4e98592df3aa97453cd91bc42554c4e7d22f57eb72acd30399aab9f8ed7e", "478c99de0dcee5ab3da347112b287cdae59780f1cc2f5c5d01e646d8d927474d", "4e7b0a65c1c022ac01703abcd924b9430289ad2fd0739b4d840eb32dcaf63258", "514670325741ff21596e562511ff1e7ad12b7a627cdbeedc67b93ed44f3e732e", "5317f8a165ff205a65635eec691450948e7846ef1a70bca64b03ff4f8523cd97", "55cf600f0eac84ea1af8fcbb602d59e00498c86ae3b3221f63eb7506904e31e1", "64b287518fbff6bdf964537422e415bcb3435dc73fa98e767f6df01b8d092f5f", "6830b989159440052c7fb38c5a78edd1cf3574b33e9d4e25863a8280d7249b11", "6971cad8f0b8e9de3bb406ec10956e0ee095a47d127c7b245379fdd66cf5f32e", "6a38e36c3c79a10d84b1df2a28b6fc3c650bd2799b8ab2ce5e869ecf5e7ee92c", "71a988b2ace69974a4e85a98621b8782decdb5255ff499fb04fb69882cc54312", "7554e314af227056d5b542909815beb58fe0a2ca50b406d18e1263e04f5d91f3", "757fbdc22c3a597eb40bca8f50f71d0bc59d874bbadee0709a7d3d7631896626", "7a5307616f8987e9e9991b4b3b0c9a50daeb18947426bc010f3e043ae1ffe658", "7e77d51383f33f8a97f0a5d05fbe82c4d6d143bbae5a65f4866ead944cff3560", "8d96be2882017859c132e29135bfa8389fc518c7a8fa115987cb81ab8ee58399", "8df01a08896f45bf84ba3bfe6d0b1bf7539bc00a71794e4126502c1650cb593e", "91e17a189ddc9dfec52d8d36621c9e860b0dc025e2f77112196d0ecec2008332", "94281f5e13a94a424a2704cfd6f5db503f8fc1d8753edd7b88a1b72d2c9c75ef", "9a1c47f337e892d67effafa70018fe9cf0e56d0c51a019989a97245e75d0be3d", "9ee10a8a4ae234cda9f7c4d329142208d8b638269143be2ac4ea10071c21d0b5", "a98fb6e329c2046d296dccac5580f1bf2b8fd6186913deb9cddcafc09be0813c", "aa3c2568af4df9ecf3b4f11a25d50996a0f6005cddd38388f1190d3db8acfd4e", "af3ef5a49e1b5a7e2c0f099a0522ec94a8f520456d2631166f3ec0210d82d022", "b5e74f86d3d81801831504919301322a5bf66fbaad05153cb0d6607b0734131f", "bc225ff15a0644c18094284c4e502f3ecbddb86fed694631326856f0ed0164e7", "bcb99f7cd04b670f21c60f63ff3549197affb1efa90ec9c00702540d581fee7f", "c1935ad5839cafe73c88f081d513b45379190e02395d8022c702b7472374b710", "db9506aeffa9157c1e3a3f0a9852a96222d4b4c3b6937c2b1cb4ea5a10c2be4b", "dc4e4a4900ac37937edeb3eae99d639bea6bac21ed34c54a9ab0b916fb556167", "e51930227c1f303ca6b34fa94170d81f0512165ff7308526f5c68197f347e2cb", "ed9206075e59643ee7f26257e1acb9f53c1758fd53cdfa269e5323f686a1c5d3", "ef1b63884af89306dabf230b9c25410dac0c26c974083d1d2a0ddd2d201cd6a3", "f3efbedbcdf30498ed948c6bb1aec6107c76a95bd5000fb9b52766253bd6ee3d", "f68c5d2b029a43c0a265012f51f77dc0ba6dd72a44c3457606a600a9b08359d1", "fa023caa3aebd699466398bae8c709d826e5c1a14718c969688854f28936d07f"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\OUTLOOK EXPRESS\\5.0\\SHARED SETTINGS\\SETUP\\30002", "value_name": "ET@Busf"}, {"hashes": ["00ec05a0fd4ccd413e28f89d1443089eda2e50becdc97e2b44a6e74c55d65fb8", "037e63fa3cfd335313e3cb78d14b0e0a779c4da19a7646d75403858a879d70f9", "0529bd46932a20e14da07133bd2614e7f81ef08a6ad26764ef9d732dd4988e35", "060fb684fd152f2546906c5b85485c24d4e94c7b5e8b93458097d7014154ccc9", "06577101079df0a09060e0eb44b8c6eda8255f138ed3c5af2b669039567f51c5", "072fa77729d844c920070ee8185d91d404c65892bd3ec3324473ad0155b68988", "0f074c20be427e86895db557908d85e833b1c2b1a765ea17bf9d1dcd77aa1ad1", "0fd02c1cf5e471eccd229ab0534077e3dda91308acbaa6b4e8a15d4fc97b6b98", "0fd57d56f1a5aa99eb20e4d15a31363292ead1d949734cc54570c9bb3fd53d03", "10362bfd9ff8f18e62e3820f517a90a157b6fa7a546a8c8f5f6130dfdd3de88b", "1f159d6772407b57400c1d524b97415f66134673ffd8b07c0fe123addea75f90", "21ede0344d272a3a8a772dbdaadbacff83b522fcb01728965a8f29a4726358d9", "284e151ec6597ce6ccc0fb1848d44177bdb351ee0ad00b360014ea7ac5a31d84", "3445899a37c24d910f0f91f4a330c26054f3f0018b6c44fe619fe4887673786a", "3bc94f387e5e1118773d9ab986039115bf9038f9262da84e0691ecb3334462aa", "3ca55dfb0daf326b2f643596c081276febf119e8da00f9d7d027a877b9b143d0", "3d426b7064f1d2dd537433dd263cbc3f049f3a01261e4f1e93d9dbbd9689d3e4", "42ee13d14f840858d94c7e8712c75455bc6828b65d02d2c798f8e304348bd21d", "437b4e98592df3aa97453cd91bc42554c4e7d22f57eb72acd30399aab9f8ed7e", "478c99de0dcee5ab3da347112b287cdae59780f1cc2f5c5d01e646d8d927474d", "4e7b0a65c1c022ac01703abcd924b9430289ad2fd0739b4d840eb32dcaf63258", "514670325741ff21596e562511ff1e7ad12b7a627cdbeedc67b93ed44f3e732e", "5317f8a165ff205a65635eec691450948e7846ef1a70bca64b03ff4f8523cd97", "55cf600f0eac84ea1af8fcbb602d59e00498c86ae3b3221f63eb7506904e31e1", "64b287518fbff6bdf964537422e415bcb3435dc73fa98e767f6df01b8d092f5f", "6830b989159440052c7fb38c5a78edd1cf3574b33e9d4e25863a8280d7249b11", "6971cad8f0b8e9de3bb406ec10956e0ee095a47d127c7b245379fdd66cf5f32e", "6a38e36c3c79a10d84b1df2a28b6fc3c650bd2799b8ab2ce5e869ecf5e7ee92c", "71a988b2ace69974a4e85a98621b8782decdb5255ff499fb04fb69882cc54312", "7554e314af227056d5b542909815beb58fe0a2ca50b406d18e1263e04f5d91f3", "757fbdc22c3a597eb40bca8f50f71d0bc59d874bbadee0709a7d3d7631896626", "7a5307616f8987e9e9991b4b3b0c9a50daeb18947426bc010f3e043ae1ffe658", "7e77d51383f33f8a97f0a5d05fbe82c4d6d143bbae5a65f4866ead944cff3560", "8d96be2882017859c132e29135bfa8389fc518c7a8fa115987cb81ab8ee58399", "8df01a08896f45bf84ba3bfe6d0b1bf7539bc00a71794e4126502c1650cb593e", "91e17a189ddc9dfec52d8d36621c9e860b0dc025e2f77112196d0ecec2008332", "94281f5e13a94a424a2704cfd6f5db503f8fc1d8753edd7b88a1b72d2c9c75ef", "9a1c47f337e892d67effafa70018fe9cf0e56d0c51a019989a97245e75d0be3d", "9ee10a8a4ae234cda9f7c4d329142208d8b638269143be2ac4ea10071c21d0b5", "a98fb6e329c2046d296dccac5580f1bf2b8fd6186913deb9cddcafc09be0813c", "aa3c2568af4df9ecf3b4f11a25d50996a0f6005cddd38388f1190d3db8acfd4e", "af3ef5a49e1b5a7e2c0f099a0522ec94a8f520456d2631166f3ec0210d82d022", "b5e74f86d3d81801831504919301322a5bf66fbaad05153cb0d6607b0734131f", "bc225ff15a0644c18094284c4e502f3ecbddb86fed694631326856f0ed0164e7", "bcb99f7cd04b670f21c60f63ff3549197affb1efa90ec9c00702540d581fee7f", "c1935ad5839cafe73c88f081d513b45379190e02395d8022c702b7472374b710", "db9506aeffa9157c1e3a3f0a9852a96222d4b4c3b6937c2b1cb4ea5a10c2be4b", "dc4e4a4900ac37937edeb3eae99d639bea6bac21ed34c54a9ab0b916fb556167", "e51930227c1f303ca6b34fa94170d81f0512165ff7308526f5c68197f347e2cb", "ed9206075e59643ee7f26257e1acb9f53c1758fd53cdfa269e5323f686a1c5d3", "ef1b63884af89306dabf230b9c25410dac0c26c974083d1d2a0ddd2d201cd6a3", "f3efbedbcdf30498ed948c6bb1aec6107c76a95bd5000fb9b52766253bd6ee3d", "f68c5d2b029a43c0a265012f51f77dc0ba6dd72a44c3457606a600a9b08359d1", "fa023caa3aebd699466398bae8c709d826e5c1a14718c969688854f28936d07f"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\EXPLORER\\DISCARDABLE\\POSTSETUP\\COMPONENT CATEGORIES\\{F3F18253-2050-E690-FED7-0BE7DF1E790D}", "value_name": null}, {"hashes": ["00ec05a0fd4ccd413e28f89d1443089eda2e50becdc97e2b44a6e74c55d65fb8", "037e63fa3cfd335313e3cb78d14b0e0a779c4da19a7646d75403858a879d70f9", "0529bd46932a20e14da07133bd2614e7f81ef08a6ad26764ef9d732dd4988e35", "060fb684fd152f2546906c5b85485c24d4e94c7b5e8b93458097d7014154ccc9", "06577101079df0a09060e0eb44b8c6eda8255f138ed3c5af2b669039567f51c5", "072fa77729d844c920070ee8185d91d404c65892bd3ec3324473ad0155b68988", "0f074c20be427e86895db557908d85e833b1c2b1a765ea17bf9d1dcd77aa1ad1", "0fd02c1cf5e471eccd229ab0534077e3dda91308acbaa6b4e8a15d4fc97b6b98", "0fd57d56f1a5aa99eb20e4d15a31363292ead1d949734cc54570c9bb3fd53d03", "10362bfd9ff8f18e62e3820f517a90a157b6fa7a546a8c8f5f6130dfdd3de88b", "1f159d6772407b57400c1d524b97415f66134673ffd8b07c0fe123addea75f90", "21ede0344d272a3a8a772dbdaadbacff83b522fcb01728965a8f29a4726358d9", "284e151ec6597ce6ccc0fb1848d44177bdb351ee0ad00b360014ea7ac5a31d84", "3445899a37c24d910f0f91f4a330c26054f3f0018b6c44fe619fe4887673786a", "3bc94f387e5e1118773d9ab986039115bf9038f9262da84e0691ecb3334462aa", "3ca55dfb0daf326b2f643596c081276febf119e8da00f9d7d027a877b9b143d0", "3d426b7064f1d2dd537433dd263cbc3f049f3a01261e4f1e93d9dbbd9689d3e4", "42ee13d14f840858d94c7e8712c75455bc6828b65d02d2c798f8e304348bd21d", "437b4e98592df3aa97453cd91bc42554c4e7d22f57eb72acd30399aab9f8ed7e", "478c99de0dcee5ab3da347112b287cdae59780f1cc2f5c5d01e646d8d927474d", "4e7b0a65c1c022ac01703abcd924b9430289ad2fd0739b4d840eb32dcaf63258", "514670325741ff21596e562511ff1e7ad12b7a627cdbeedc67b93ed44f3e732e", "5317f8a165ff205a65635eec691450948e7846ef1a70bca64b03ff4f8523cd97", "55cf600f0eac84ea1af8fcbb602d59e00498c86ae3b3221f63eb7506904e31e1", "64b287518fbff6bdf964537422e415bcb3435dc73fa98e767f6df01b8d092f5f", "6830b989159440052c7fb38c5a78edd1cf3574b33e9d4e25863a8280d7249b11", "6971cad8f0b8e9de3bb406ec10956e0ee095a47d127c7b245379fdd66cf5f32e", "6a38e36c3c79a10d84b1df2a28b6fc3c650bd2799b8ab2ce5e869ecf5e7ee92c", "71a988b2ace69974a4e85a98621b8782decdb5255ff499fb04fb69882cc54312", "7554e314af227056d5b542909815beb58fe0a2ca50b406d18e1263e04f5d91f3", "757fbdc22c3a597eb40bca8f50f71d0bc59d874bbadee0709a7d3d7631896626", "7a5307616f8987e9e9991b4b3b0c9a50daeb18947426bc010f3e043ae1ffe658", "7e77d51383f33f8a97f0a5d05fbe82c4d6d143bbae5a65f4866ead944cff3560", "8d96be2882017859c132e29135bfa8389fc518c7a8fa115987cb81ab8ee58399", "8df01a08896f45bf84ba3bfe6d0b1bf7539bc00a71794e4126502c1650cb593e", "91e17a189ddc9dfec52d8d36621c9e860b0dc025e2f77112196d0ecec2008332", "94281f5e13a94a424a2704cfd6f5db503f8fc1d8753edd7b88a1b72d2c9c75ef", "9a1c47f337e892d67effafa70018fe9cf0e56d0c51a019989a97245e75d0be3d", "9ee10a8a4ae234cda9f7c4d329142208d8b638269143be2ac4ea10071c21d0b5", "a98fb6e329c2046d296dccac5580f1bf2b8fd6186913deb9cddcafc09be0813c", "aa3c2568af4df9ecf3b4f11a25d50996a0f6005cddd38388f1190d3db8acfd4e", "af3ef5a49e1b5a7e2c0f099a0522ec94a8f520456d2631166f3ec0210d82d022", "b5e74f86d3d81801831504919301322a5bf66fbaad05153cb0d6607b0734131f", "bc225ff15a0644c18094284c4e502f3ecbddb86fed694631326856f0ed0164e7", "bcb99f7cd04b670f21c60f63ff3549197affb1efa90ec9c00702540d581fee7f", "c1935ad5839cafe73c88f081d513b45379190e02395d8022c702b7472374b710", "db9506aeffa9157c1e3a3f0a9852a96222d4b4c3b6937c2b1cb4ea5a10c2be4b", "dc4e4a4900ac37937edeb3eae99d639bea6bac21ed34c54a9ab0b916fb556167", "e51930227c1f303ca6b34fa94170d81f0512165ff7308526f5c68197f347e2cb", "ed9206075e59643ee7f26257e1acb9f53c1758fd53cdfa269e5323f686a1c5d3", "ef1b63884af89306dabf230b9c25410dac0c26c974083d1d2a0ddd2d201cd6a3", "f3efbedbcdf30498ed948c6bb1aec6107c76a95bd5000fb9b52766253bd6ee3d", "f68c5d2b029a43c0a265012f51f77dc0ba6dd72a44c3457606a600a9b08359d1", "fa023caa3aebd699466398bae8c709d826e5c1a14718c969688854f28936d07f"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\EXPLORER\\DISCARDABLE\\POSTSETUP\\COMPONENT CATEGORIES\\{F3F18253-2050-E690-FED7-0BE7DF1E790D}\\ENUM", "value_name": null}, {"hashes": ["00ec05a0fd4ccd413e28f89d1443089eda2e50becdc97e2b44a6e74c55d65fb8", "037e63fa3cfd335313e3cb78d14b0e0a779c4da19a7646d75403858a879d70f9", "0529bd46932a20e14da07133bd2614e7f81ef08a6ad26764ef9d732dd4988e35", "060fb684fd152f2546906c5b85485c24d4e94c7b5e8b93458097d7014154ccc9", "06577101079df0a09060e0eb44b8c6eda8255f138ed3c5af2b669039567f51c5", "072fa77729d844c920070ee8185d91d404c65892bd3ec3324473ad0155b68988", "0f074c20be427e86895db557908d85e833b1c2b1a765ea17bf9d1dcd77aa1ad1", "0fd02c1cf5e471eccd229ab0534077e3dda91308acbaa6b4e8a15d4fc97b6b98", "0fd57d56f1a5aa99eb20e4d15a31363292ead1d949734cc54570c9bb3fd53d03", "10362bfd9ff8f18e62e3820f517a90a157b6fa7a546a8c8f5f6130dfdd3de88b", "1f159d6772407b57400c1d524b97415f66134673ffd8b07c0fe123addea75f90", "21ede0344d272a3a8a772dbdaadbacff83b522fcb01728965a8f29a4726358d9", "284e151ec6597ce6ccc0fb1848d44177bdb351ee0ad00b360014ea7ac5a31d84", "3445899a37c24d910f0f91f4a330c26054f3f0018b6c44fe619fe4887673786a", "3bc94f387e5e1118773d9ab986039115bf9038f9262da84e0691ecb3334462aa", "3ca55dfb0daf326b2f643596c081276febf119e8da00f9d7d027a877b9b143d0", "3d426b7064f1d2dd537433dd263cbc3f049f3a01261e4f1e93d9dbbd9689d3e4", "42ee13d14f840858d94c7e8712c75455bc6828b65d02d2c798f8e304348bd21d", "437b4e98592df3aa97453cd91bc42554c4e7d22f57eb72acd30399aab9f8ed7e", "478c99de0dcee5ab3da347112b287cdae59780f1cc2f5c5d01e646d8d927474d", "4e7b0a65c1c022ac01703abcd924b9430289ad2fd0739b4d840eb32dcaf63258", "514670325741ff21596e562511ff1e7ad12b7a627cdbeedc67b93ed44f3e732e", "5317f8a165ff205a65635eec691450948e7846ef1a70bca64b03ff4f8523cd97", "55cf600f0eac84ea1af8fcbb602d59e00498c86ae3b3221f63eb7506904e31e1", "64b287518fbff6bdf964537422e415bcb3435dc73fa98e767f6df01b8d092f5f", "6830b989159440052c7fb38c5a78edd1cf3574b33e9d4e25863a8280d7249b11", "6971cad8f0b8e9de3bb406ec10956e0ee095a47d127c7b245379fdd66cf5f32e", "6a38e36c3c79a10d84b1df2a28b6fc3c650bd2799b8ab2ce5e869ecf5e7ee92c", "71a988b2ace69974a4e85a98621b8782decdb5255ff499fb04fb69882cc54312", "7554e314af227056d5b542909815beb58fe0a2ca50b406d18e1263e04f5d91f3", "757fbdc22c3a597eb40bca8f50f71d0bc59d874bbadee0709a7d3d7631896626", "7a5307616f8987e9e9991b4b3b0c9a50daeb18947426bc010f3e043ae1ffe658", "7e77d51383f33f8a97f0a5d05fbe82c4d6d143bbae5a65f4866ead944cff3560", "8d96be2882017859c132e29135bfa8389fc518c7a8fa115987cb81ab8ee58399", "8df01a08896f45bf84ba3bfe6d0b1bf7539bc00a71794e4126502c1650cb593e", "91e17a189ddc9dfec52d8d36621c9e860b0dc025e2f77112196d0ecec2008332", "94281f5e13a94a424a2704cfd6f5db503f8fc1d8753edd7b88a1b72d2c9c75ef", "9a1c47f337e892d67effafa70018fe9cf0e56d0c51a019989a97245e75d0be3d", "9ee10a8a4ae234cda9f7c4d329142208d8b638269143be2ac4ea10071c21d0b5", "a98fb6e329c2046d296dccac5580f1bf2b8fd6186913deb9cddcafc09be0813c", "aa3c2568af4df9ecf3b4f11a25d50996a0f6005cddd38388f1190d3db8acfd4e", "af3ef5a49e1b5a7e2c0f099a0522ec94a8f520456d2631166f3ec0210d82d022", "b5e74f86d3d81801831504919301322a5bf66fbaad05153cb0d6607b0734131f", "bc225ff15a0644c18094284c4e502f3ecbddb86fed694631326856f0ed0164e7", "bcb99f7cd04b670f21c60f63ff3549197affb1efa90ec9c00702540d581fee7f", "c1935ad5839cafe73c88f081d513b45379190e02395d8022c702b7472374b710", "db9506aeffa9157c1e3a3f0a9852a96222d4b4c3b6937c2b1cb4ea5a10c2be4b", "dc4e4a4900ac37937edeb3eae99d639bea6bac21ed34c54a9ab0b916fb556167", "e51930227c1f303ca6b34fa94170d81f0512165ff7308526f5c68197f347e2cb", "ed9206075e59643ee7f26257e1acb9f53c1758fd53cdfa269e5323f686a1c5d3", "ef1b63884af89306dabf230b9c25410dac0c26c974083d1d2a0ddd2d201cd6a3", "f3efbedbcdf30498ed948c6bb1aec6107c76a95bd5000fb9b52766253bd6ee3d", "f68c5d2b029a43c0a265012f51f77dc0ba6dd72a44c3457606a600a9b08359d1", "fa023caa3aebd699466398bae8c709d826e5c1a14718c969688854f28936d07f"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\OUTLOOK EXPRESS", "value_name": null}, {"hashes": ["00ec05a0fd4ccd413e28f89d1443089eda2e50becdc97e2b44a6e74c55d65fb8", "037e63fa3cfd335313e3cb78d14b0e0a779c4da19a7646d75403858a879d70f9", "0529bd46932a20e14da07133bd2614e7f81ef08a6ad26764ef9d732dd4988e35", "060fb684fd152f2546906c5b85485c24d4e94c7b5e8b93458097d7014154ccc9", "06577101079df0a09060e0eb44b8c6eda8255f138ed3c5af2b669039567f51c5", "072fa77729d844c920070ee8185d91d404c65892bd3ec3324473ad0155b68988", "0f074c20be427e86895db557908d85e833b1c2b1a765ea17bf9d1dcd77aa1ad1", "0fd02c1cf5e471eccd229ab0534077e3dda91308acbaa6b4e8a15d4fc97b6b98", "0fd57d56f1a5aa99eb20e4d15a31363292ead1d949734cc54570c9bb3fd53d03", "10362bfd9ff8f18e62e3820f517a90a157b6fa7a546a8c8f5f6130dfdd3de88b", "1f159d6772407b57400c1d524b97415f66134673ffd8b07c0fe123addea75f90", "21ede0344d272a3a8a772dbdaadbacff83b522fcb01728965a8f29a4726358d9", "284e151ec6597ce6ccc0fb1848d44177bdb351ee0ad00b360014ea7ac5a31d84", "3445899a37c24d910f0f91f4a330c26054f3f0018b6c44fe619fe4887673786a", "3bc94f387e5e1118773d9ab986039115bf9038f9262da84e0691ecb3334462aa", "3ca55dfb0daf326b2f643596c081276febf119e8da00f9d7d027a877b9b143d0", "3d426b7064f1d2dd537433dd263cbc3f049f3a01261e4f1e93d9dbbd9689d3e4", "42ee13d14f840858d94c7e8712c75455bc6828b65d02d2c798f8e304348bd21d", "437b4e98592df3aa97453cd91bc42554c4e7d22f57eb72acd30399aab9f8ed7e", "478c99de0dcee5ab3da347112b287cdae59780f1cc2f5c5d01e646d8d927474d", "4e7b0a65c1c022ac01703abcd924b9430289ad2fd0739b4d840eb32dcaf63258", "514670325741ff21596e562511ff1e7ad12b7a627cdbeedc67b93ed44f3e732e", "5317f8a165ff205a65635eec691450948e7846ef1a70bca64b03ff4f8523cd97", "55cf600f0eac84ea1af8fcbb602d59e00498c86ae3b3221f63eb7506904e31e1", "64b287518fbff6bdf964537422e415bcb3435dc73fa98e767f6df01b8d092f5f", "6830b989159440052c7fb38c5a78edd1cf3574b33e9d4e25863a8280d7249b11", "6971cad8f0b8e9de3bb406ec10956e0ee095a47d127c7b245379fdd66cf5f32e", "6a38e36c3c79a10d84b1df2a28b6fc3c650bd2799b8ab2ce5e869ecf5e7ee92c", "71a988b2ace69974a4e85a98621b8782decdb5255ff499fb04fb69882cc54312", "7554e314af227056d5b542909815beb58fe0a2ca50b406d18e1263e04f5d91f3", "757fbdc22c3a597eb40bca8f50f71d0bc59d874bbadee0709a7d3d7631896626", "7a5307616f8987e9e9991b4b3b0c9a50daeb18947426bc010f3e043ae1ffe658", "7e77d51383f33f8a97f0a5d05fbe82c4d6d143bbae5a65f4866ead944cff3560", "8d96be2882017859c132e29135bfa8389fc518c7a8fa115987cb81ab8ee58399", "8df01a08896f45bf84ba3bfe6d0b1bf7539bc00a71794e4126502c1650cb593e", "91e17a189ddc9dfec52d8d36621c9e860b0dc025e2f77112196d0ecec2008332", "94281f5e13a94a424a2704cfd6f5db503f8fc1d8753edd7b88a1b72d2c9c75ef", "9a1c47f337e892d67effafa70018fe9cf0e56d0c51a019989a97245e75d0be3d", "9ee10a8a4ae234cda9f7c4d329142208d8b638269143be2ac4ea10071c21d0b5", "a98fb6e329c2046d296dccac5580f1bf2b8fd6186913deb9cddcafc09be0813c", "aa3c2568af4df9ecf3b4f11a25d50996a0f6005cddd38388f1190d3db8acfd4e", "af3ef5a49e1b5a7e2c0f099a0522ec94a8f520456d2631166f3ec0210d82d022", "b5e74f86d3d81801831504919301322a5bf66fbaad05153cb0d6607b0734131f", "bc225ff15a0644c18094284c4e502f3ecbddb86fed694631326856f0ed0164e7", "bcb99f7cd04b670f21c60f63ff3549197affb1efa90ec9c00702540d581fee7f", "c1935ad5839cafe73c88f081d513b45379190e02395d8022c702b7472374b710", "db9506aeffa9157c1e3a3f0a9852a96222d4b4c3b6937c2b1cb4ea5a10c2be4b", "dc4e4a4900ac37937edeb3eae99d639bea6bac21ed34c54a9ab0b916fb556167", "e51930227c1f303ca6b34fa94170d81f0512165ff7308526f5c68197f347e2cb", "ed9206075e59643ee7f26257e1acb9f53c1758fd53cdfa269e5323f686a1c5d3", "ef1b63884af89306dabf230b9c25410dac0c26c974083d1d2a0ddd2d201cd6a3", "f3efbedbcdf30498ed948c6bb1aec6107c76a95bd5000fb9b52766253bd6ee3d", "f68c5d2b029a43c0a265012f51f77dc0ba6dd72a44c3457606a600a9b08359d1", "fa023caa3aebd699466398bae8c709d826e5c1a14718c969688854f28936d07f"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\OUTLOOK EXPRESS\\5.0\\SHARED SETTINGS", "value_name": null}, {"hashes": ["00ec05a0fd4ccd413e28f89d1443089eda2e50becdc97e2b44a6e74c55d65fb8", "037e63fa3cfd335313e3cb78d14b0e0a779c4da19a7646d75403858a879d70f9", "0529bd46932a20e14da07133bd2614e7f81ef08a6ad26764ef9d732dd4988e35", "060fb684fd152f2546906c5b85485c24d4e94c7b5e8b93458097d7014154ccc9", "06577101079df0a09060e0eb44b8c6eda8255f138ed3c5af2b669039567f51c5", "072fa77729d844c920070ee8185d91d404c65892bd3ec3324473ad0155b68988", "0f074c20be427e86895db557908d85e833b1c2b1a765ea17bf9d1dcd77aa1ad1", "0fd02c1cf5e471eccd229ab0534077e3dda91308acbaa6b4e8a15d4fc97b6b98", "0fd57d56f1a5aa99eb20e4d15a31363292ead1d949734cc54570c9bb3fd53d03", "10362bfd9ff8f18e62e3820f517a90a157b6fa7a546a8c8f5f6130dfdd3de88b", "1f159d6772407b57400c1d524b97415f66134673ffd8b07c0fe123addea75f90", "21ede0344d272a3a8a772dbdaadbacff83b522fcb01728965a8f29a4726358d9", "284e151ec6597ce6ccc0fb1848d44177bdb351ee0ad00b360014ea7ac5a31d84", "3445899a37c24d910f0f91f4a330c26054f3f0018b6c44fe619fe4887673786a", "3bc94f387e5e1118773d9ab986039115bf9038f9262da84e0691ecb3334462aa", "3ca55dfb0daf326b2f643596c081276febf119e8da00f9d7d027a877b9b143d0", "3d426b7064f1d2dd537433dd263cbc3f049f3a01261e4f1e93d9dbbd9689d3e4", "42ee13d14f840858d94c7e8712c75455bc6828b65d02d2c798f8e304348bd21d", "437b4e98592df3aa97453cd91bc42554c4e7d22f57eb72acd30399aab9f8ed7e", "478c99de0dcee5ab3da347112b287cdae59780f1cc2f5c5d01e646d8d927474d", "4e7b0a65c1c022ac01703abcd924b9430289ad2fd0739b4d840eb32dcaf63258", "514670325741ff21596e562511ff1e7ad12b7a627cdbeedc67b93ed44f3e732e", "5317f8a165ff205a65635eec691450948e7846ef1a70bca64b03ff4f8523cd97", "55cf600f0eac84ea1af8fcbb602d59e00498c86ae3b3221f63eb7506904e31e1", "64b287518fbff6bdf964537422e415bcb3435dc73fa98e767f6df01b8d092f5f", "6830b989159440052c7fb38c5a78edd1cf3574b33e9d4e25863a8280d7249b11", "6971cad8f0b8e9de3bb406ec10956e0ee095a47d127c7b245379fdd66cf5f32e", "6a38e36c3c79a10d84b1df2a28b6fc3c650bd2799b8ab2ce5e869ecf5e7ee92c", "71a988b2ace69974a4e85a98621b8782decdb5255ff499fb04fb69882cc54312", "7554e314af227056d5b542909815beb58fe0a2ca50b406d18e1263e04f5d91f3", "757fbdc22c3a597eb40bca8f50f71d0bc59d874bbadee0709a7d3d7631896626", "7a5307616f8987e9e9991b4b3b0c9a50daeb18947426bc010f3e043ae1ffe658", "7e77d51383f33f8a97f0a5d05fbe82c4d6d143bbae5a65f4866ead944cff3560", "8d96be2882017859c132e29135bfa8389fc518c7a8fa115987cb81ab8ee58399", "8df01a08896f45bf84ba3bfe6d0b1bf7539bc00a71794e4126502c1650cb593e", "91e17a189ddc9dfec52d8d36621c9e860b0dc025e2f77112196d0ecec2008332", "94281f5e13a94a424a2704cfd6f5db503f8fc1d8753edd7b88a1b72d2c9c75ef", "9a1c47f337e892d67effafa70018fe9cf0e56d0c51a019989a97245e75d0be3d", "9ee10a8a4ae234cda9f7c4d329142208d8b638269143be2ac4ea10071c21d0b5", "a98fb6e329c2046d296dccac5580f1bf2b8fd6186913deb9cddcafc09be0813c", "aa3c2568af4df9ecf3b4f11a25d50996a0f6005cddd38388f1190d3db8acfd4e", "af3ef5a49e1b5a7e2c0f099a0522ec94a8f520456d2631166f3ec0210d82d022", "b5e74f86d3d81801831504919301322a5bf66fbaad05153cb0d6607b0734131f", "bc225ff15a0644c18094284c4e502f3ecbddb86fed694631326856f0ed0164e7", "bcb99f7cd04b670f21c60f63ff3549197affb1efa90ec9c00702540d581fee7f", "c1935ad5839cafe73c88f081d513b45379190e02395d8022c702b7472374b710", "db9506aeffa9157c1e3a3f0a9852a96222d4b4c3b6937c2b1cb4ea5a10c2be4b", "dc4e4a4900ac37937edeb3eae99d639bea6bac21ed34c54a9ab0b916fb556167", "e51930227c1f303ca6b34fa94170d81f0512165ff7308526f5c68197f347e2cb", "ed9206075e59643ee7f26257e1acb9f53c1758fd53cdfa269e5323f686a1c5d3", "ef1b63884af89306dabf230b9c25410dac0c26c974083d1d2a0ddd2d201cd6a3", "f3efbedbcdf30498ed948c6bb1aec6107c76a95bd5000fb9b52766253bd6ee3d", "f68c5d2b029a43c0a265012f51f77dc0ba6dd72a44c3457606a600a9b08359d1", "fa023caa3aebd699466398bae8c709d826e5c1a14718c969688854f28936d07f"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\OUTLOOK EXPRESS\\5.0\\SHARED SETTINGS\\SETUP", "value_name": null}, {"hashes": ["00ec05a0fd4ccd413e28f89d1443089eda2e50becdc97e2b44a6e74c55d65fb8", "037e63fa3cfd335313e3cb78d14b0e0a779c4da19a7646d75403858a879d70f9", "0529bd46932a20e14da07133bd2614e7f81ef08a6ad26764ef9d732dd4988e35", "060fb684fd152f2546906c5b85485c24d4e94c7b5e8b93458097d7014154ccc9", "06577101079df0a09060e0eb44b8c6eda8255f138ed3c5af2b669039567f51c5", "072fa77729d844c920070ee8185d91d404c65892bd3ec3324473ad0155b68988", "0f074c20be427e86895db557908d85e833b1c2b1a765ea17bf9d1dcd77aa1ad1", "0fd02c1cf5e471eccd229ab0534077e3dda91308acbaa6b4e8a15d4fc97b6b98", "0fd57d56f1a5aa99eb20e4d15a31363292ead1d949734cc54570c9bb3fd53d03", "10362bfd9ff8f18e62e3820f517a90a157b6fa7a546a8c8f5f6130dfdd3de88b", "1f159d6772407b57400c1d524b97415f66134673ffd8b07c0fe123addea75f90", "21ede0344d272a3a8a772dbdaadbacff83b522fcb01728965a8f29a4726358d9", "284e151ec6597ce6ccc0fb1848d44177bdb351ee0ad00b360014ea7ac5a31d84", "3445899a37c24d910f0f91f4a330c26054f3f0018b6c44fe619fe4887673786a", "3bc94f387e5e1118773d9ab986039115bf9038f9262da84e0691ecb3334462aa", "3ca55dfb0daf326b2f643596c081276febf119e8da00f9d7d027a877b9b143d0", "3d426b7064f1d2dd537433dd263cbc3f049f3a01261e4f1e93d9dbbd9689d3e4", "42ee13d14f840858d94c7e8712c75455bc6828b65d02d2c798f8e304348bd21d", "437b4e98592df3aa97453cd91bc42554c4e7d22f57eb72acd30399aab9f8ed7e", "478c99de0dcee5ab3da347112b287cdae59780f1cc2f5c5d01e646d8d927474d", "4e7b0a65c1c022ac01703abcd924b9430289ad2fd0739b4d840eb32dcaf63258", "514670325741ff21596e562511ff1e7ad12b7a627cdbeedc67b93ed44f3e732e", "5317f8a165ff205a65635eec691450948e7846ef1a70bca64b03ff4f8523cd97", "55cf600f0eac84ea1af8fcbb602d59e00498c86ae3b3221f63eb7506904e31e1", "64b287518fbff6bdf964537422e415bcb3435dc73fa98e767f6df01b8d092f5f", "6830b989159440052c7fb38c5a78edd1cf3574b33e9d4e25863a8280d7249b11", "6971cad8f0b8e9de3bb406ec10956e0ee095a47d127c7b245379fdd66cf5f32e", "6a38e36c3c79a10d84b1df2a28b6fc3c650bd2799b8ab2ce5e869ecf5e7ee92c", "71a988b2ace69974a4e85a98621b8782decdb5255ff499fb04fb69882cc54312", "7554e314af227056d5b542909815beb58fe0a2ca50b406d18e1263e04f5d91f3", "757fbdc22c3a597eb40bca8f50f71d0bc59d874bbadee0709a7d3d7631896626", "7a5307616f8987e9e9991b4b3b0c9a50daeb18947426bc010f3e043ae1ffe658", "7e77d51383f33f8a97f0a5d05fbe82c4d6d143bbae5a65f4866ead944cff3560", "8d96be2882017859c132e29135bfa8389fc518c7a8fa115987cb81ab8ee58399", "8df01a08896f45bf84ba3bfe6d0b1bf7539bc00a71794e4126502c1650cb593e", "91e17a189ddc9dfec52d8d36621c9e860b0dc025e2f77112196d0ecec2008332", "94281f5e13a94a424a2704cfd6f5db503f8fc1d8753edd7b88a1b72d2c9c75ef", "9a1c47f337e892d67effafa70018fe9cf0e56d0c51a019989a97245e75d0be3d", "9ee10a8a4ae234cda9f7c4d329142208d8b638269143be2ac4ea10071c21d0b5", "a98fb6e329c2046d296dccac5580f1bf2b8fd6186913deb9cddcafc09be0813c", "aa3c2568af4df9ecf3b4f11a25d50996a0f6005cddd38388f1190d3db8acfd4e", "af3ef5a49e1b5a7e2c0f099a0522ec94a8f520456d2631166f3ec0210d82d022", "b5e74f86d3d81801831504919301322a5bf66fbaad05153cb0d6607b0734131f", "bc225ff15a0644c18094284c4e502f3ecbddb86fed694631326856f0ed0164e7", "bcb99f7cd04b670f21c60f63ff3549197affb1efa90ec9c00702540d581fee7f", "c1935ad5839cafe73c88f081d513b45379190e02395d8022c702b7472374b710", "db9506aeffa9157c1e3a3f0a9852a96222d4b4c3b6937c2b1cb4ea5a10c2be4b", "dc4e4a4900ac37937edeb3eae99d639bea6bac21ed34c54a9ab0b916fb556167", "e51930227c1f303ca6b34fa94170d81f0512165ff7308526f5c68197f347e2cb", "ed9206075e59643ee7f26257e1acb9f53c1758fd53cdfa269e5323f686a1c5d3", "ef1b63884af89306dabf230b9c25410dac0c26c974083d1d2a0ddd2d201cd6a3", "f3efbedbcdf30498ed948c6bb1aec6107c76a95bd5000fb9b52766253bd6ee3d", "f68c5d2b029a43c0a265012f51f77dc0ba6dd72a44c3457606a600a9b08359d1", "fa023caa3aebd699466398bae8c709d826e5c1a14718c969688854f28936d07f"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\OUTLOOK EXPRESS\\5.0\\SHARED SETTINGS\\SETUP\\30002", "value_name": "ET@Cu~d"}, {"hashes": ["00ec05a0fd4ccd413e28f89d1443089eda2e50becdc97e2b44a6e74c55d65fb8", "060fb684fd152f2546906c5b85485c24d4e94c7b5e8b93458097d7014154ccc9", "0f074c20be427e86895db557908d85e833b1c2b1a765ea17bf9d1dcd77aa1ad1", "0fd02c1cf5e471eccd229ab0534077e3dda91308acbaa6b4e8a15d4fc97b6b98", "1f159d6772407b57400c1d524b97415f66134673ffd8b07c0fe123addea75f90", "21ede0344d272a3a8a772dbdaadbacff83b522fcb01728965a8f29a4726358d9", "284e151ec6597ce6ccc0fb1848d44177bdb351ee0ad00b360014ea7ac5a31d84", "3445899a37c24d910f0f91f4a330c26054f3f0018b6c44fe619fe4887673786a", "3bc94f387e5e1118773d9ab986039115bf9038f9262da84e0691ecb3334462aa", "3ca55dfb0daf326b2f643596c081276febf119e8da00f9d7d027a877b9b143d0", "42ee13d14f840858d94c7e8712c75455bc6828b65d02d2c798f8e304348bd21d", "437b4e98592df3aa97453cd91bc42554c4e7d22f57eb72acd30399aab9f8ed7e", "4e7b0a65c1c022ac01703abcd924b9430289ad2fd0739b4d840eb32dcaf63258", "514670325741ff21596e562511ff1e7ad12b7a627cdbeedc67b93ed44f3e732e", "5317f8a165ff205a65635eec691450948e7846ef1a70bca64b03ff4f8523cd97", "64b287518fbff6bdf964537422e415bcb3435dc73fa98e767f6df01b8d092f5f", "6830b989159440052c7fb38c5a78edd1cf3574b33e9d4e25863a8280d7249b11", "6971cad8f0b8e9de3bb406ec10956e0ee095a47d127c7b245379fdd66cf5f32e", "71a988b2ace69974a4e85a98621b8782decdb5255ff499fb04fb69882cc54312", "7554e314af227056d5b542909815beb58fe0a2ca50b406d18e1263e04f5d91f3", "757fbdc22c3a597eb40bca8f50f71d0bc59d874bbadee0709a7d3d7631896626", "8d96be2882017859c132e29135bfa8389fc518c7a8fa115987cb81ab8ee58399", "8df01a08896f45bf84ba3bfe6d0b1bf7539bc00a71794e4126502c1650cb593e", "91e17a189ddc9dfec52d8d36621c9e860b0dc025e2f77112196d0ecec2008332", "94281f5e13a94a424a2704cfd6f5db503f8fc1d8753edd7b88a1b72d2c9c75ef", "9a1c47f337e892d67effafa70018fe9cf0e56d0c51a019989a97245e75d0be3d", "a98fb6e329c2046d296dccac5580f1bf2b8fd6186913deb9cddcafc09be0813c", "b5e74f86d3d81801831504919301322a5bf66fbaad05153cb0d6607b0734131f", "bcb99f7cd04b670f21c60f63ff3549197affb1efa90ec9c00702540d581fee7f", "db9506aeffa9157c1e3a3f0a9852a96222d4b4c3b6937c2b1cb4ea5a10c2be4b", "dc4e4a4900ac37937edeb3eae99d639bea6bac21ed34c54a9ab0b916fb556167", "e51930227c1f303ca6b34fa94170d81f0512165ff7308526f5c68197f347e2cb", "f68c5d2b029a43c0a265012f51f77dc0ba6dd72a44c3457606a600a9b08359d1", "fa023caa3aebd699466398bae8c709d826e5c1a14718c969688854f28936d07f"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\OUTLOOK EXPRESS\\5.0\\SHARED SETTINGS\\SETUP\\10002", "value_name": null}, {"hashes": ["129bdda489f6349ec751d65c7ce8723941ed40d1ef1dd546371dccd597720ffc", "35752610b7219f53b5a5de2448f0a60175abe48204384ee55ac898dcb95dea66", "7e9b585b5bb50aec1f77132d85ac19cfcde0ff46341ceeb8dd17f558d111624a", "a7da8ed5b35cbf0ce2d235e2520d394186740963d0f4649e8ccb684653759f30", "b719a30f482e0c48982b91cc2575da1d57eedce245cac9844ada69722c4264f4", "b89daedb507a3beac6eca4e5065ffa9f1f50694f0cabeb8be1bc9a8970a49082", "c42dfe64f1735b6d4bfb09403d3456ff6138be8e58447f05028ddbbcf6b43613", "cd9884124884492086133dfad6156b7d8004cb189fef0e089a2b6129865ffc19", "e47dd4e61d7441fd7b9f1ad21dc1aafd9c03fdeb84db7a230c59b90d98a2841f", "ea32abddea0da67213ee9022c45e5554e6b0187a43ca224e743a848c4f45e3b7", "f9d8e319c20af4a7ee83929537cdbd49e0e27db8e08bef506dbb6d879d807252"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "Adobe System Incorporated"}, {"hashes": ["129bdda489f6349ec751d65c7ce8723941ed40d1ef1dd546371dccd597720ffc", "35752610b7219f53b5a5de2448f0a60175abe48204384ee55ac898dcb95dea66", "7e9b585b5bb50aec1f77132d85ac19cfcde0ff46341ceeb8dd17f558d111624a", "a7da8ed5b35cbf0ce2d235e2520d394186740963d0f4649e8ccb684653759f30", "b719a30f482e0c48982b91cc2575da1d57eedce245cac9844ada69722c4264f4", "b89daedb507a3beac6eca4e5065ffa9f1f50694f0cabeb8be1bc9a8970a49082", "c42dfe64f1735b6d4bfb09403d3456ff6138be8e58447f05028ddbbcf6b43613", "cd9884124884492086133dfad6156b7d8004cb189fef0e089a2b6129865ffc19", "e47dd4e61d7441fd7b9f1ad21dc1aafd9c03fdeb84db7a230c59b90d98a2841f", "ea32abddea0da67213ee9022c45e5554e6b0187a43ca224e743a848c4f45e3b7", "f9d8e319c20af4a7ee83929537cdbd49e0e27db8e08bef506dbb6d879d807252"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "Uoawaq"}, {"hashes": ["580a08068b8283df49c7d47177f354794d2a0abbbf9774e81432ab5626db99cd", "b569fb0818fe4182279ce8c98a86e5be17caa84f17b296a2cf076af578526ad7", "baeadc69299f16afc9cddaf010a8dcec6e4ab739ea880d3f3f2e39dc5c4f1f6f", "bd68e7d7a9005e82fcf9ee806d780da54dcb12deee112b868e70c897eaae495e", "e30232cb5fe9d81f04d448df08ba8124278572cb9a26f623d103485e0a537c04"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINLOGON", "value_name": "Taskman"}, {"hashes": ["580a08068b8283df49c7d47177f354794d2a0abbbf9774e81432ab5626db99cd", "b569fb0818fe4182279ce8c98a86e5be17caa84f17b296a2cf076af578526ad7", "baeadc69299f16afc9cddaf010a8dcec6e4ab739ea880d3f3f2e39dc5c4f1f6f", "bd68e7d7a9005e82fcf9ee806d780da54dcb12deee112b868e70c897eaae495e", "e30232cb5fe9d81f04d448df08ba8124278572cb9a26f623d103485e0a537c04"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINLOGON", "value_name": "Shell"}, {"hashes": ["3bcd9037e33d95aed6b24bc62ddcfcd5e0e33a88c067a068b3262b648f21b876", "584f53a8d11f2e3b7835a2aeaf0d42448dd064854d954c51eec6e0e4b17f80c1", "b4a7534abef4ef11d117b35e73a0fbb0f1fcc6e9500cff101b9db5b2bf78f8e6", "eb35c000eeb1d368e452a6eef6c1d162b998228f41e4691c70ae97601e8e6442"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WSCSVC", "value_name": "Start"}, {"hashes": ["3bcd9037e33d95aed6b24bc62ddcfcd5e0e33a88c067a068b3262b648f21b876", "584f53a8d11f2e3b7835a2aeaf0d42448dd064854d954c51eec6e0e4b17f80c1", "b4a7534abef4ef11d117b35e73a0fbb0f1fcc6e9500cff101b9db5b2bf78f8e6", "eb35c000eeb1d368e452a6eef6c1d162b998228f41e4691c70ae97601e8e6442"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WINDEFEND", "value_name": "Start"}, {"hashes": ["3bcd9037e33d95aed6b24bc62ddcfcd5e0e33a88c067a068b3262b648f21b876", "584f53a8d11f2e3b7835a2aeaf0d42448dd064854d954c51eec6e0e4b17f80c1", "943486d70b4bc860761c0db97a02ffc628c546527a97512ce96c8f431ab6724c", "eb35c000eeb1d368e452a6eef6c1d162b998228f41e4691c70ae97601e8e6442"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\MPSSVC", "value_name": "Start"}, {"hashes": ["3bcd9037e33d95aed6b24bc62ddcfcd5e0e33a88c067a068b3262b648f21b876", "584f53a8d11f2e3b7835a2aeaf0d42448dd064854d954c51eec6e0e4b17f80c1", "b4a7534abef4ef11d117b35e73a0fbb0f1fcc6e9500cff101b9db5b2bf78f8e6", "eb35c000eeb1d368e452a6eef6c1d162b998228f41e4691c70ae97601e8e6442"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WUAUSERV", "value_name": "Start"}, {"hashes": ["3bcd9037e33d95aed6b24bc62ddcfcd5e0e33a88c067a068b3262b648f21b876", "584f53a8d11f2e3b7835a2aeaf0d42448dd064854d954c51eec6e0e4b17f80c1", "eb35c000eeb1d368e452a6eef6c1d162b998228f41e4691c70ae97601e8e6442"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\SYSTEM", "value_name": "EnableLUA"}, {"hashes": ["3bcd9037e33d95aed6b24bc62ddcfcd5e0e33a88c067a068b3262b648f21b876", "584f53a8d11f2e3b7835a2aeaf0d42448dd064854d954c51eec6e0e4b17f80c1", "eb35c000eeb1d368e452a6eef6c1d162b998228f41e4691c70ae97601e8e6442"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\SHAREDACCESS", "value_name": "Start"}, {"hashes": ["3bcd9037e33d95aed6b24bc62ddcfcd5e0e33a88c067a068b3262b648f21b876", "584f53a8d11f2e3b7835a2aeaf0d42448dd064854d954c51eec6e0e4b17f80c1", "eb35c000eeb1d368e452a6eef6c1d162b998228f41e4691c70ae97601e8e6442"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\EXPLORER", "value_name": "TaskbarNoNotification"}, {"hashes": ["3bcd9037e33d95aed6b24bc62ddcfcd5e0e33a88c067a068b3262b648f21b876", "584f53a8d11f2e3b7835a2aeaf0d42448dd064854d954c51eec6e0e4b17f80c1", "eb35c000eeb1d368e452a6eef6c1d162b998228f41e4691c70ae97601e8e6442"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\EXPLORER", "value_name": "TaskbarNoNotification"}, {"hashes": ["3bcd9037e33d95aed6b24bc62ddcfcd5e0e33a88c067a068b3262b648f21b876", "584f53a8d11f2e3b7835a2aeaf0d42448dd064854d954c51eec6e0e4b17f80c1", "eb35c000eeb1d368e452a6eef6c1d162b998228f41e4691c70ae97601e8e6442"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\EXPLORER", "value_name": "HideSCAHealth"}, {"hashes": ["3bcd9037e33d95aed6b24bc62ddcfcd5e0e33a88c067a068b3262b648f21b876", "584f53a8d11f2e3b7835a2aeaf0d42448dd064854d954c51eec6e0e4b17f80c1", "eb35c000eeb1d368e452a6eef6c1d162b998228f41e4691c70ae97601e8e6442"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\EXPLORER", "value_name": "HideSCAHealth"}, {"hashes": ["3bcd9037e33d95aed6b24bc62ddcfcd5e0e33a88c067a068b3262b648f21b876", "584f53a8d11f2e3b7835a2aeaf0d42448dd064854d954c51eec6e0e4b17f80c1", "eb35c000eeb1d368e452a6eef6c1d162b998228f41e4691c70ae97601e8e6442"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\EXPLORER\\RUN", "value_name": null}, {"hashes": ["10362bfd9ff8f18e62e3820f517a90a157b6fa7a546a8c8f5f6130dfdd3de88b", "bcb99f7cd04b670f21c60f63ff3549197affb1efa90ec9c00702540d581fee7f", "f68c5d2b029a43c0a265012f51f77dc0ba6dd72a44c3457606a600a9b08359d1"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "cipher"}, {"hashes": ["10362bfd9ff8f18e62e3820f517a90a157b6fa7a546a8c8f5f6130dfdd3de88b", "bcb99f7cd04b670f21c60f63ff3549197affb1efa90ec9c00702540d581fee7f", "f68c5d2b029a43c0a265012f51f77dc0ba6dd72a44c3457606a600a9b08359d1"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUNONCE", "value_name": "cipher"}, {"hashes": ["00ec05a0fd4ccd413e28f89d1443089eda2e50becdc97e2b44a6e74c55d65fb8", "db9506aeffa9157c1e3a3f0a9852a96222d4b4c3b6937c2b1cb4ea5a10c2be4b"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "CertEnrollCtrl"}, {"hashes": ["00ec05a0fd4ccd413e28f89d1443089eda2e50becdc97e2b44a6e74c55d65fb8", "db9506aeffa9157c1e3a3f0a9852a96222d4b4c3b6937c2b1cb4ea5a10c2be4b"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUNONCE", "value_name": "CertEnrollCtrl"}, {"hashes": ["4e7b0a65c1c022ac01703abcd924b9430289ad2fd0739b4d840eb32dcaf63258", "71a988b2ace69974a4e85a98621b8782decdb5255ff499fb04fb69882cc54312"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "ntkrnlpa"}, {"hashes": ["4e7b0a65c1c022ac01703abcd924b9430289ad2fd0739b4d840eb32dcaf63258", "71a988b2ace69974a4e85a98621b8782decdb5255ff499fb04fb69882cc54312"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUNONCE", "value_name": "ntkrnlpa"}, {"hashes": ["3bc94f387e5e1118773d9ab986039115bf9038f9262da84e0691ecb3334462aa", "af3ef5a49e1b5a7e2c0f099a0522ec94a8f520456d2631166f3ec0210d82d022"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "Dism"}, {"hashes": ["3bc94f387e5e1118773d9ab986039115bf9038f9262da84e0691ecb3334462aa", "af3ef5a49e1b5a7e2c0f099a0522ec94a8f520456d2631166f3ec0210d82d022"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUNONCE", "value_name": "Dism"}, {"hashes": ["c1935ad5839cafe73c88f081d513b45379190e02395d8022c702b7472374b710", "dc4e4a4900ac37937edeb3eae99d639bea6bac21ed34c54a9ab0b916fb556167"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "nslookup"}, {"hashes": ["c1935ad5839cafe73c88f081d513b45379190e02395d8022c702b7472374b710", "dc4e4a4900ac37937edeb3eae99d639bea6bac21ed34c54a9ab0b916fb556167"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUNONCE", "value_name": "nslookup"}, {"hashes": ["7e77d51383f33f8a97f0a5d05fbe82c4d6d143bbae5a65f4866ead944cff3560", "aa3c2568af4df9ecf3b4f11a25d50996a0f6005cddd38388f1190d3db8acfd4e"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "xpsrchvw"}, {"hashes": ["7e77d51383f33f8a97f0a5d05fbe82c4d6d143bbae5a65f4866ead944cff3560", "aa3c2568af4df9ecf3b4f11a25d50996a0f6005cddd38388f1190d3db8acfd4e"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUNONCE", "value_name": "xpsrchvw"}, {"hashes": ["1f159d6772407b57400c1d524b97415f66134673ffd8b07c0fe123addea75f90", "21ede0344d272a3a8a772dbdaadbacff83b522fcb01728965a8f29a4726358d9"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "PkgMgr"}, {"hashes": ["1f159d6772407b57400c1d524b97415f66134673ffd8b07c0fe123addea75f90", "21ede0344d272a3a8a772dbdaadbacff83b522fcb01728965a8f29a4726358d9"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUNONCE", "value_name": "PkgMgr"}, {"hashes": ["072fa77729d844c920070ee8185d91d404c65892bd3ec3324473ad0155b68988", "437b4e98592df3aa97453cd91bc42554c4e7d22f57eb72acd30399aab9f8ed7e"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "wuapp"}, {"hashes": ["072fa77729d844c920070ee8185d91d404c65892bd3ec3324473ad0155b68988", "437b4e98592df3aa97453cd91bc42554c4e7d22f57eb72acd30399aab9f8ed7e"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUNONCE", "value_name": "wuapp"}, {"hashes": ["580a08068b8283df49c7d47177f354794d2a0abbbf9774e81432ab5626db99cd", "b569fb0818fe4182279ce8c98a86e5be17caa84f17b296a2cf076af578526ad7"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "e6116093a"}, {"hashes": ["bd68e7d7a9005e82fcf9ee806d780da54dcb12deee112b868e70c897eaae495e", "e30232cb5fe9d81f04d448df08ba8124278572cb9a26f623d103485e0a537c04"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "6p27dq8"}, {"hashes": ["b5e74f86d3d81801831504919301322a5bf66fbaad05153cb0d6607b0734131f"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUNONCE", "value_name": "icsunattend"}, {"hashes": ["fa023caa3aebd699466398bae8c709d826e5c1a14718c969688854f28936d07f"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "mountvol"}, {"hashes": ["fa023caa3aebd699466398bae8c709d826e5c1a14718c969688854f28936d07f"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUNONCE", "value_name": "mountvol"}, {"hashes": ["943486d70b4bc860761c0db97a02ffc628c546527a97512ce96c8f431ab6724c"], "key": "<HKCU>\\SOFTWARE\\CPPGURU", "value_name": "mv"}]}, "reports_count": 119}, "Win.Dropper.LokiBot-9993959-0": {"bis": [{"bi": "pe-encrypted-section", "hashes": ["f7b8d63457a0f9193fc2343f3e84600adb9d20a5de738c5f58ea3625c059439b", "08129aba55d0282cf9bddbbd2b04499e972e321bec4477110a3df8ba5e26731a", "fd7389cfc829f7000267d0cb0accfcf4b8c2c73de0607b31899b0aee7356a26b", "e2e138502ef3e8e83dbbf02d02db73b021e383e592b39f3b658f68446a963da7", "8897996ae1cd40ab8ba2edb577e5845a65b3fe0c6efe90f3c27ee920ad591c2c", "cc7ef3e8d36e206de123e91a750ecc565fc7718c691fb477d0d2f1d853d1ad01", "dd72a3a6f50c0409c09567e9187c29b252734451b3a5814d1c60a377cdfaf739", "09ab7483ce488bc6cf7be401bf1246cf59cde5bc4ebe81d3aebb43ff2cd85398", "a3d578e74702ef75d093a8889312c107c4d13dda49e2b5a3691889fbe2974b37", "e433832a285407bc019d5b443c891ef1e436758aeb7afaf67d4151d8cd4d4c56", "54ab28a4fea3aab1315aa73ac2a1b89ce71761878e7c7a8392bf6f95f3d0e775", "a1974279f06f9e589582df17a106e0830baa549780f65ece88488acb535d0179", "2558cf38481549c9fdd11d2b3fde4b0168c8d7fb7726dd8f588e60e22794ac6b", "45cfd7b084155ba74c37f46ef6c7932e736ab50979b5a904cd0521c8ef894e28", "3badfd1548575cffa198d8be072123c415b9a8ec0f5e88338a9dc0b49259fa1c", "189fb3451b47f12e1fa298faf29a657bcf1451b9eecf8894e390a9b49bf065a7", "cd9e80f954e35a0d3a4a35d5e7376ef110dd391a3c3e3fbd640141d63c5b4c1c", "0ddd516729c268faf26249955752d44054a9b574bb4b7c98a734ec4c35513f7c", "00a41c3cdaa424eeb6319db533ba421d00deef10194ec3ed41baaff069abfbc6", "1d1f6ee67baf7713754ef87f61397cbc50201d2163c893fc48ef17fd5490f041", "b248e571e370c460158a6830cab97b373bb42a0097f1a53c7614eb855cd497bb", "ac1f1fc3b388480bb7bd199a62cbe6f29838116916185161546b049706f284aa", "4dc866260dab99e966d7c6b6bb95f687349109366aa42bd605bc75d4b9e47719", "c72494a079460be53a0ca6abb0d79d0bcf10b7910a10bd98add12f2ced6a0faf", "e5ef5ac327eb750ccf20d193afe786d7504285e10e275207fe96eb6f0720bd1f", "c330d20f3a5b2cdd00677996bbfedfab8cc02238f21bfae06dddac9b049559b4", "bcf334e20c396eff7811f125e008bce46940ef068f583a9c08d2b4c6ac5f5aff", "1bda936bb3a63072cd7ec02d904d5797e604d892e448ae92745c0b99bcb920ca", "82d3a9e6afd813acc280c1ed2b49d268528aca6d9b0ccba3933f1c734600dd16", "9cb370cedb049039b08ef47c226518ff3881bc8309c89b57e25dc042169ab96a", "f1d403c1118525c883c851f370e0736bf476f613f87797d3c1098df7a44fe299", "66293653ca713a861eb03ca30166d83f848795a08d0f3cbc552753dd06a4f49c", "c26d692da76ec707a09bb16fddf20918eae1a437771f88ac9f8906fd7733e882", "b0ba093319eb66f3b86b64d5c80468e50eb7b3d7d6367cdb76161f08de3552d6", "a828db8a503476cdd03ae7dca2e8d547acc4c6f3af139c5fd45f9948a128da67", "3970c7b91720a57f356bc895c164f92e776f8e946ff1b059ea0b210b260c256c", "879914057bce3a36fc6736cfdcf0492b622ed5eeb3a2e930f9cda48d1c6157fd", "9a7075f81112630b9569f5463293a6a96a7d0624d47e5bf786cff0d479ce50dd", "9b86d3eceda1e624e9881973daec758e29304f0f6fefd5c5debaf62200462545", "09c60f53c40df2a7318c619692756096a1a4a5c485f14e033aae08dcd653df22", "ffa09d8400871f639dd233a6e37deb7248de7ecf7c897f836985da057c73d986", "23ee90260a961a345f216fa590850992a50af61aa6a8e8934d23fc4c44529634", "c86e5f0c113c534daa1fbc91a82dbd31b038b617ebdb1dc0327b4dfda1a6edd8", "dd2ce215057e11030001f03813e116c4b11406d75068681cf0cc41de4aba2667", "c7cb474d6a0c30f8e6f8533879a3dfc569aa5a861df16bb0ea0489fc1b627d13", "1dd8c3b05b5324703f758c6ad1ba609de4143170b93c1eefc20c14545bd44b08"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["f7b8d63457a0f9193fc2343f3e84600adb9d20a5de738c5f58ea3625c059439b", "08129aba55d0282cf9bddbbd2b04499e972e321bec4477110a3df8ba5e26731a", "fd7389cfc829f7000267d0cb0accfcf4b8c2c73de0607b31899b0aee7356a26b", "e2e138502ef3e8e83dbbf02d02db73b021e383e592b39f3b658f68446a963da7", "8897996ae1cd40ab8ba2edb577e5845a65b3fe0c6efe90f3c27ee920ad591c2c", "cc7ef3e8d36e206de123e91a750ecc565fc7718c691fb477d0d2f1d853d1ad01", "dd72a3a6f50c0409c09567e9187c29b252734451b3a5814d1c60a377cdfaf739", "09ab7483ce488bc6cf7be401bf1246cf59cde5bc4ebe81d3aebb43ff2cd85398", "a3d578e74702ef75d093a8889312c107c4d13dda49e2b5a3691889fbe2974b37", "e433832a285407bc019d5b443c891ef1e436758aeb7afaf67d4151d8cd4d4c56", "54ab28a4fea3aab1315aa73ac2a1b89ce71761878e7c7a8392bf6f95f3d0e775", "a1974279f06f9e589582df17a106e0830baa549780f65ece88488acb535d0179", "2558cf38481549c9fdd11d2b3fde4b0168c8d7fb7726dd8f588e60e22794ac6b", "45cfd7b084155ba74c37f46ef6c7932e736ab50979b5a904cd0521c8ef894e28", "3badfd1548575cffa198d8be072123c415b9a8ec0f5e88338a9dc0b49259fa1c", "189fb3451b47f12e1fa298faf29a657bcf1451b9eecf8894e390a9b49bf065a7", "cd9e80f954e35a0d3a4a35d5e7376ef110dd391a3c3e3fbd640141d63c5b4c1c", "0ddd516729c268faf26249955752d44054a9b574bb4b7c98a734ec4c35513f7c", "00a41c3cdaa424eeb6319db533ba421d00deef10194ec3ed41baaff069abfbc6", "1d1f6ee67baf7713754ef87f61397cbc50201d2163c893fc48ef17fd5490f041", "b248e571e370c460158a6830cab97b373bb42a0097f1a53c7614eb855cd497bb", "ac1f1fc3b388480bb7bd199a62cbe6f29838116916185161546b049706f284aa", "4dc866260dab99e966d7c6b6bb95f687349109366aa42bd605bc75d4b9e47719", "c72494a079460be53a0ca6abb0d79d0bcf10b7910a10bd98add12f2ced6a0faf", "e5ef5ac327eb750ccf20d193afe786d7504285e10e275207fe96eb6f0720bd1f", "c330d20f3a5b2cdd00677996bbfedfab8cc02238f21bfae06dddac9b049559b4", "bcf334e20c396eff7811f125e008bce46940ef068f583a9c08d2b4c6ac5f5aff", "1bda936bb3a63072cd7ec02d904d5797e604d892e448ae92745c0b99bcb920ca", "82d3a9e6afd813acc280c1ed2b49d268528aca6d9b0ccba3933f1c734600dd16", "9cb370cedb049039b08ef47c226518ff3881bc8309c89b57e25dc042169ab96a", "f1d403c1118525c883c851f370e0736bf476f613f87797d3c1098df7a44fe299", "66293653ca713a861eb03ca30166d83f848795a08d0f3cbc552753dd06a4f49c", "c26d692da76ec707a09bb16fddf20918eae1a437771f88ac9f8906fd7733e882", "b0ba093319eb66f3b86b64d5c80468e50eb7b3d7d6367cdb76161f08de3552d6", "a828db8a503476cdd03ae7dca2e8d547acc4c6f3af139c5fd45f9948a128da67", "3970c7b91720a57f356bc895c164f92e776f8e946ff1b059ea0b210b260c256c", "879914057bce3a36fc6736cfdcf0492b622ed5eeb3a2e930f9cda48d1c6157fd", "9a7075f81112630b9569f5463293a6a96a7d0624d47e5bf786cff0d479ce50dd", "9b86d3eceda1e624e9881973daec758e29304f0f6fefd5c5debaf62200462545", "09c60f53c40df2a7318c619692756096a1a4a5c485f14e033aae08dcd653df22", "ffa09d8400871f639dd233a6e37deb7248de7ecf7c897f836985da057c73d986", "23ee90260a961a345f216fa590850992a50af61aa6a8e8934d23fc4c44529634", "c86e5f0c113c534daa1fbc91a82dbd31b038b617ebdb1dc0327b4dfda1a6edd8", "dd2ce215057e11030001f03813e116c4b11406d75068681cf0cc41de4aba2667", "c7cb474d6a0c30f8e6f8533879a3dfc569aa5a861df16bb0ea0489fc1b627d13", "1dd8c3b05b5324703f758c6ad1ba609de4143170b93c1eefc20c14545bd44b08"], "mitre_attack_tags": []}, {"bi": "imports-IsDebuggerPresent", "hashes": ["f7b8d63457a0f9193fc2343f3e84600adb9d20a5de738c5f58ea3625c059439b", "08129aba55d0282cf9bddbbd2b04499e972e321bec4477110a3df8ba5e26731a", "fd7389cfc829f7000267d0cb0accfcf4b8c2c73de0607b31899b0aee7356a26b", "e2e138502ef3e8e83dbbf02d02db73b021e383e592b39f3b658f68446a963da7", "8897996ae1cd40ab8ba2edb577e5845a65b3fe0c6efe90f3c27ee920ad591c2c", "cc7ef3e8d36e206de123e91a750ecc565fc7718c691fb477d0d2f1d853d1ad01", "dd72a3a6f50c0409c09567e9187c29b252734451b3a5814d1c60a377cdfaf739", "09ab7483ce488bc6cf7be401bf1246cf59cde5bc4ebe81d3aebb43ff2cd85398", "a3d578e74702ef75d093a8889312c107c4d13dda49e2b5a3691889fbe2974b37", "e433832a285407bc019d5b443c891ef1e436758aeb7afaf67d4151d8cd4d4c56", "54ab28a4fea3aab1315aa73ac2a1b89ce71761878e7c7a8392bf6f95f3d0e775", "a1974279f06f9e589582df17a106e0830baa549780f65ece88488acb535d0179", "2558cf38481549c9fdd11d2b3fde4b0168c8d7fb7726dd8f588e60e22794ac6b", "45cfd7b084155ba74c37f46ef6c7932e736ab50979b5a904cd0521c8ef894e28", "3badfd1548575cffa198d8be072123c415b9a8ec0f5e88338a9dc0b49259fa1c", "189fb3451b47f12e1fa298faf29a657bcf1451b9eecf8894e390a9b49bf065a7", "cd9e80f954e35a0d3a4a35d5e7376ef110dd391a3c3e3fbd640141d63c5b4c1c", "0ddd516729c268faf26249955752d44054a9b574bb4b7c98a734ec4c35513f7c", "00a41c3cdaa424eeb6319db533ba421d00deef10194ec3ed41baaff069abfbc6", "1d1f6ee67baf7713754ef87f61397cbc50201d2163c893fc48ef17fd5490f041", "b248e571e370c460158a6830cab97b373bb42a0097f1a53c7614eb855cd497bb", "ac1f1fc3b388480bb7bd199a62cbe6f29838116916185161546b049706f284aa", "4dc866260dab99e966d7c6b6bb95f687349109366aa42bd605bc75d4b9e47719", "c72494a079460be53a0ca6abb0d79d0bcf10b7910a10bd98add12f2ced6a0faf", "e5ef5ac327eb750ccf20d193afe786d7504285e10e275207fe96eb6f0720bd1f", "c330d20f3a5b2cdd00677996bbfedfab8cc02238f21bfae06dddac9b049559b4", "bcf334e20c396eff7811f125e008bce46940ef068f583a9c08d2b4c6ac5f5aff", "1bda936bb3a63072cd7ec02d904d5797e604d892e448ae92745c0b99bcb920ca", "82d3a9e6afd813acc280c1ed2b49d268528aca6d9b0ccba3933f1c734600dd16", "9cb370cedb049039b08ef47c226518ff3881bc8309c89b57e25dc042169ab96a", "f1d403c1118525c883c851f370e0736bf476f613f87797d3c1098df7a44fe299", "66293653ca713a861eb03ca30166d83f848795a08d0f3cbc552753dd06a4f49c", "c26d692da76ec707a09bb16fddf20918eae1a437771f88ac9f8906fd7733e882", "b0ba093319eb66f3b86b64d5c80468e50eb7b3d7d6367cdb76161f08de3552d6", "a828db8a503476cdd03ae7dca2e8d547acc4c6f3af139c5fd45f9948a128da67", "3970c7b91720a57f356bc895c164f92e776f8e946ff1b059ea0b210b260c256c", "879914057bce3a36fc6736cfdcf0492b622ed5eeb3a2e930f9cda48d1c6157fd", "9a7075f81112630b9569f5463293a6a96a7d0624d47e5bf786cff0d479ce50dd", "9b86d3eceda1e624e9881973daec758e29304f0f6fefd5c5debaf62200462545", "09c60f53c40df2a7318c619692756096a1a4a5c485f14e033aae08dcd653df22", "ffa09d8400871f639dd233a6e37deb7248de7ecf7c897f836985da057c73d986", "23ee90260a961a345f216fa590850992a50af61aa6a8e8934d23fc4c44529634", "c86e5f0c113c534daa1fbc91a82dbd31b038b617ebdb1dc0327b4dfda1a6edd8", "dd2ce215057e11030001f03813e116c4b11406d75068681cf0cc41de4aba2667", "c7cb474d6a0c30f8e6f8533879a3dfc569aa5a861df16bb0ea0489fc1b627d13", "1dd8c3b05b5324703f758c6ad1ba609de4143170b93c1eefc20c14545bd44b08"], "mitre_attack_tags": ["TA0005", "TA0007"]}, {"bi": "antivirus-flagged-artifact", "hashes": ["f7b8d63457a0f9193fc2343f3e84600adb9d20a5de738c5f58ea3625c059439b", "08129aba55d0282cf9bddbbd2b04499e972e321bec4477110a3df8ba5e26731a", "fd7389cfc829f7000267d0cb0accfcf4b8c2c73de0607b31899b0aee7356a26b", "e2e138502ef3e8e83dbbf02d02db73b021e383e592b39f3b658f68446a963da7", "8897996ae1cd40ab8ba2edb577e5845a65b3fe0c6efe90f3c27ee920ad591c2c", "cc7ef3e8d36e206de123e91a750ecc565fc7718c691fb477d0d2f1d853d1ad01", "dd72a3a6f50c0409c09567e9187c29b252734451b3a5814d1c60a377cdfaf739", "09ab7483ce488bc6cf7be401bf1246cf59cde5bc4ebe81d3aebb43ff2cd85398", "a3d578e74702ef75d093a8889312c107c4d13dda49e2b5a3691889fbe2974b37", "e433832a285407bc019d5b443c891ef1e436758aeb7afaf67d4151d8cd4d4c56", "54ab28a4fea3aab1315aa73ac2a1b89ce71761878e7c7a8392bf6f95f3d0e775", "a1974279f06f9e589582df17a106e0830baa549780f65ece88488acb535d0179", "2558cf38481549c9fdd11d2b3fde4b0168c8d7fb7726dd8f588e60e22794ac6b", "45cfd7b084155ba74c37f46ef6c7932e736ab50979b5a904cd0521c8ef894e28", "3badfd1548575cffa198d8be072123c415b9a8ec0f5e88338a9dc0b49259fa1c", "189fb3451b47f12e1fa298faf29a657bcf1451b9eecf8894e390a9b49bf065a7", "cd9e80f954e35a0d3a4a35d5e7376ef110dd391a3c3e3fbd640141d63c5b4c1c", "0ddd516729c268faf26249955752d44054a9b574bb4b7c98a734ec4c35513f7c", "00a41c3cdaa424eeb6319db533ba421d00deef10194ec3ed41baaff069abfbc6", "1d1f6ee67baf7713754ef87f61397cbc50201d2163c893fc48ef17fd5490f041", "b248e571e370c460158a6830cab97b373bb42a0097f1a53c7614eb855cd497bb", "ac1f1fc3b388480bb7bd199a62cbe6f29838116916185161546b049706f284aa", "4dc866260dab99e966d7c6b6bb95f687349109366aa42bd605bc75d4b9e47719", "c72494a079460be53a0ca6abb0d79d0bcf10b7910a10bd98add12f2ced6a0faf", "e5ef5ac327eb750ccf20d193afe786d7504285e10e275207fe96eb6f0720bd1f", "bcf334e20c396eff7811f125e008bce46940ef068f583a9c08d2b4c6ac5f5aff", "1bda936bb3a63072cd7ec02d904d5797e604d892e448ae92745c0b99bcb920ca", "82d3a9e6afd813acc280c1ed2b49d268528aca6d9b0ccba3933f1c734600dd16", "9cb370cedb049039b08ef47c226518ff3881bc8309c89b57e25dc042169ab96a", "f1d403c1118525c883c851f370e0736bf476f613f87797d3c1098df7a44fe299", "66293653ca713a861eb03ca30166d83f848795a08d0f3cbc552753dd06a4f49c", "c26d692da76ec707a09bb16fddf20918eae1a437771f88ac9f8906fd7733e882", "b0ba093319eb66f3b86b64d5c80468e50eb7b3d7d6367cdb76161f08de3552d6", "a828db8a503476cdd03ae7dca2e8d547acc4c6f3af139c5fd45f9948a128da67", "3970c7b91720a57f356bc895c164f92e776f8e946ff1b059ea0b210b260c256c", "879914057bce3a36fc6736cfdcf0492b622ed5eeb3a2e930f9cda48d1c6157fd", "9a7075f81112630b9569f5463293a6a96a7d0624d47e5bf786cff0d479ce50dd", "9b86d3eceda1e624e9881973daec758e29304f0f6fefd5c5debaf62200462545", "09c60f53c40df2a7318c619692756096a1a4a5c485f14e033aae08dcd653df22", "ffa09d8400871f639dd233a6e37deb7248de7ecf7c897f836985da057c73d986", "23ee90260a961a345f216fa590850992a50af61aa6a8e8934d23fc4c44529634", "c86e5f0c113c534daa1fbc91a82dbd31b038b617ebdb1dc0327b4dfda1a6edd8", "dd2ce215057e11030001f03813e116c4b11406d75068681cf0cc41de4aba2667", "c7cb474d6a0c30f8e6f8533879a3dfc569aa5a861df16bb0ea0489fc1b627d13", "1dd8c3b05b5324703f758c6ad1ba609de4143170b93c1eefc20c14545bd44b08"], "mitre_attack_tags": []}, {"bi": "memory-execute-readwrite", "hashes": ["f7b8d63457a0f9193fc2343f3e84600adb9d20a5de738c5f58ea3625c059439b", "08129aba55d0282cf9bddbbd2b04499e972e321bec4477110a3df8ba5e26731a", "fd7389cfc829f7000267d0cb0accfcf4b8c2c73de0607b31899b0aee7356a26b", "e2e138502ef3e8e83dbbf02d02db73b021e383e592b39f3b658f68446a963da7", "8897996ae1cd40ab8ba2edb577e5845a65b3fe0c6efe90f3c27ee920ad591c2c", "cc7ef3e8d36e206de123e91a750ecc565fc7718c691fb477d0d2f1d853d1ad01", "dd72a3a6f50c0409c09567e9187c29b252734451b3a5814d1c60a377cdfaf739", "09ab7483ce488bc6cf7be401bf1246cf59cde5bc4ebe81d3aebb43ff2cd85398", "a3d578e74702ef75d093a8889312c107c4d13dda49e2b5a3691889fbe2974b37", "e433832a285407bc019d5b443c891ef1e436758aeb7afaf67d4151d8cd4d4c56", "54ab28a4fea3aab1315aa73ac2a1b89ce71761878e7c7a8392bf6f95f3d0e775", "a1974279f06f9e589582df17a106e0830baa549780f65ece88488acb535d0179", "2558cf38481549c9fdd11d2b3fde4b0168c8d7fb7726dd8f588e60e22794ac6b", "45cfd7b084155ba74c37f46ef6c7932e736ab50979b5a904cd0521c8ef894e28", "3badfd1548575cffa198d8be072123c415b9a8ec0f5e88338a9dc0b49259fa1c", "189fb3451b47f12e1fa298faf29a657bcf1451b9eecf8894e390a9b49bf065a7", "cd9e80f954e35a0d3a4a35d5e7376ef110dd391a3c3e3fbd640141d63c5b4c1c", "0ddd516729c268faf26249955752d44054a9b574bb4b7c98a734ec4c35513f7c", "00a41c3cdaa424eeb6319db533ba421d00deef10194ec3ed41baaff069abfbc6", "1d1f6ee67baf7713754ef87f61397cbc50201d2163c893fc48ef17fd5490f041", "b248e571e370c460158a6830cab97b373bb42a0097f1a53c7614eb855cd497bb", "ac1f1fc3b388480bb7bd199a62cbe6f29838116916185161546b049706f284aa", "4dc866260dab99e966d7c6b6bb95f687349109366aa42bd605bc75d4b9e47719", "c72494a079460be53a0ca6abb0d79d0bcf10b7910a10bd98add12f2ced6a0faf", "e5ef5ac327eb750ccf20d193afe786d7504285e10e275207fe96eb6f0720bd1f", "bcf334e20c396eff7811f125e008bce46940ef068f583a9c08d2b4c6ac5f5aff", "1bda936bb3a63072cd7ec02d904d5797e604d892e448ae92745c0b99bcb920ca", "82d3a9e6afd813acc280c1ed2b49d268528aca6d9b0ccba3933f1c734600dd16", "9cb370cedb049039b08ef47c226518ff3881bc8309c89b57e25dc042169ab96a", "f1d403c1118525c883c851f370e0736bf476f613f87797d3c1098df7a44fe299", "66293653ca713a861eb03ca30166d83f848795a08d0f3cbc552753dd06a4f49c", "c26d692da76ec707a09bb16fddf20918eae1a437771f88ac9f8906fd7733e882", "b0ba093319eb66f3b86b64d5c80468e50eb7b3d7d6367cdb76161f08de3552d6", "a828db8a503476cdd03ae7dca2e8d547acc4c6f3af139c5fd45f9948a128da67", "3970c7b91720a57f356bc895c164f92e776f8e946ff1b059ea0b210b260c256c", "879914057bce3a36fc6736cfdcf0492b622ed5eeb3a2e930f9cda48d1c6157fd", "9a7075f81112630b9569f5463293a6a96a7d0624d47e5bf786cff0d479ce50dd", "9b86d3eceda1e624e9881973daec758e29304f0f6fefd5c5debaf62200462545", "09c60f53c40df2a7318c619692756096a1a4a5c485f14e033aae08dcd653df22", "ffa09d8400871f639dd233a6e37deb7248de7ecf7c897f836985da057c73d986", "23ee90260a961a345f216fa590850992a50af61aa6a8e8934d23fc4c44529634", "c86e5f0c113c534daa1fbc91a82dbd31b038b617ebdb1dc0327b4dfda1a6edd8", "dd2ce215057e11030001f03813e116c4b11406d75068681cf0cc41de4aba2667", "c7cb474d6a0c30f8e6f8533879a3dfc569aa5a861df16bb0ea0489fc1b627d13", "1dd8c3b05b5324703f758c6ad1ba609de4143170b93c1eefc20c14545bd44b08"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "modified-executable", "hashes": ["f7b8d63457a0f9193fc2343f3e84600adb9d20a5de738c5f58ea3625c059439b", "08129aba55d0282cf9bddbbd2b04499e972e321bec4477110a3df8ba5e26731a", "fd7389cfc829f7000267d0cb0accfcf4b8c2c73de0607b31899b0aee7356a26b", "e2e138502ef3e8e83dbbf02d02db73b021e383e592b39f3b658f68446a963da7", "8897996ae1cd40ab8ba2edb577e5845a65b3fe0c6efe90f3c27ee920ad591c2c", "cc7ef3e8d36e206de123e91a750ecc565fc7718c691fb477d0d2f1d853d1ad01", "dd72a3a6f50c0409c09567e9187c29b252734451b3a5814d1c60a377cdfaf739", "09ab7483ce488bc6cf7be401bf1246cf59cde5bc4ebe81d3aebb43ff2cd85398", "a3d578e74702ef75d093a8889312c107c4d13dda49e2b5a3691889fbe2974b37", "e433832a285407bc019d5b443c891ef1e436758aeb7afaf67d4151d8cd4d4c56", "54ab28a4fea3aab1315aa73ac2a1b89ce71761878e7c7a8392bf6f95f3d0e775", "a1974279f06f9e589582df17a106e0830baa549780f65ece88488acb535d0179", "2558cf38481549c9fdd11d2b3fde4b0168c8d7fb7726dd8f588e60e22794ac6b", "45cfd7b084155ba74c37f46ef6c7932e736ab50979b5a904cd0521c8ef894e28", "3badfd1548575cffa198d8be072123c415b9a8ec0f5e88338a9dc0b49259fa1c", "189fb3451b47f12e1fa298faf29a657bcf1451b9eecf8894e390a9b49bf065a7", "cd9e80f954e35a0d3a4a35d5e7376ef110dd391a3c3e3fbd640141d63c5b4c1c", "0ddd516729c268faf26249955752d44054a9b574bb4b7c98a734ec4c35513f7c", "00a41c3cdaa424eeb6319db533ba421d00deef10194ec3ed41baaff069abfbc6", "1d1f6ee67baf7713754ef87f61397cbc50201d2163c893fc48ef17fd5490f041", "b248e571e370c460158a6830cab97b373bb42a0097f1a53c7614eb855cd497bb", "ac1f1fc3b388480bb7bd199a62cbe6f29838116916185161546b049706f284aa", "4dc866260dab99e966d7c6b6bb95f687349109366aa42bd605bc75d4b9e47719", "c72494a079460be53a0ca6abb0d79d0bcf10b7910a10bd98add12f2ced6a0faf", "e5ef5ac327eb750ccf20d193afe786d7504285e10e275207fe96eb6f0720bd1f", "bcf334e20c396eff7811f125e008bce46940ef068f583a9c08d2b4c6ac5f5aff", "1bda936bb3a63072cd7ec02d904d5797e604d892e448ae92745c0b99bcb920ca", "82d3a9e6afd813acc280c1ed2b49d268528aca6d9b0ccba3933f1c734600dd16", "9cb370cedb049039b08ef47c226518ff3881bc8309c89b57e25dc042169ab96a", "f1d403c1118525c883c851f370e0736bf476f613f87797d3c1098df7a44fe299", "66293653ca713a861eb03ca30166d83f848795a08d0f3cbc552753dd06a4f49c", "c26d692da76ec707a09bb16fddf20918eae1a437771f88ac9f8906fd7733e882", "b0ba093319eb66f3b86b64d5c80468e50eb7b3d7d6367cdb76161f08de3552d6", "a828db8a503476cdd03ae7dca2e8d547acc4c6f3af139c5fd45f9948a128da67", "3970c7b91720a57f356bc895c164f92e776f8e946ff1b059ea0b210b260c256c", "879914057bce3a36fc6736cfdcf0492b622ed5eeb3a2e930f9cda48d1c6157fd", "9a7075f81112630b9569f5463293a6a96a7d0624d47e5bf786cff0d479ce50dd", "9b86d3eceda1e624e9881973daec758e29304f0f6fefd5c5debaf62200462545", "09c60f53c40df2a7318c619692756096a1a4a5c485f14e033aae08dcd653df22", "ffa09d8400871f639dd233a6e37deb7248de7ecf7c897f836985da057c73d986", "23ee90260a961a345f216fa590850992a50af61aa6a8e8934d23fc4c44529634", "c86e5f0c113c534daa1fbc91a82dbd31b038b617ebdb1dc0327b4dfda1a6edd8", "dd2ce215057e11030001f03813e116c4b11406d75068681cf0cc41de4aba2667", "c7cb474d6a0c30f8e6f8533879a3dfc569aa5a861df16bb0ea0489fc1b627d13", "1dd8c3b05b5324703f758c6ad1ba609de4143170b93c1eefc20c14545bd44b08"], "mitre_attack_tags": []}, {"bi": "created-executable-in-user-dir", "hashes": ["f7b8d63457a0f9193fc2343f3e84600adb9d20a5de738c5f58ea3625c059439b", "08129aba55d0282cf9bddbbd2b04499e972e321bec4477110a3df8ba5e26731a", "fd7389cfc829f7000267d0cb0accfcf4b8c2c73de0607b31899b0aee7356a26b", "e2e138502ef3e8e83dbbf02d02db73b021e383e592b39f3b658f68446a963da7", "8897996ae1cd40ab8ba2edb577e5845a65b3fe0c6efe90f3c27ee920ad591c2c", "cc7ef3e8d36e206de123e91a750ecc565fc7718c691fb477d0d2f1d853d1ad01", "dd72a3a6f50c0409c09567e9187c29b252734451b3a5814d1c60a377cdfaf739", "09ab7483ce488bc6cf7be401bf1246cf59cde5bc4ebe81d3aebb43ff2cd85398", "a3d578e74702ef75d093a8889312c107c4d13dda49e2b5a3691889fbe2974b37", "e433832a285407bc019d5b443c891ef1e436758aeb7afaf67d4151d8cd4d4c56", "54ab28a4fea3aab1315aa73ac2a1b89ce71761878e7c7a8392bf6f95f3d0e775", "a1974279f06f9e589582df17a106e0830baa549780f65ece88488acb535d0179", "2558cf38481549c9fdd11d2b3fde4b0168c8d7fb7726dd8f588e60e22794ac6b", "45cfd7b084155ba74c37f46ef6c7932e736ab50979b5a904cd0521c8ef894e28", "3badfd1548575cffa198d8be072123c415b9a8ec0f5e88338a9dc0b49259fa1c", "189fb3451b47f12e1fa298faf29a657bcf1451b9eecf8894e390a9b49bf065a7", "cd9e80f954e35a0d3a4a35d5e7376ef110dd391a3c3e3fbd640141d63c5b4c1c", "0ddd516729c268faf26249955752d44054a9b574bb4b7c98a734ec4c35513f7c", "00a41c3cdaa424eeb6319db533ba421d00deef10194ec3ed41baaff069abfbc6", "1d1f6ee67baf7713754ef87f61397cbc50201d2163c893fc48ef17fd5490f041", "b248e571e370c460158a6830cab97b373bb42a0097f1a53c7614eb855cd497bb", "ac1f1fc3b388480bb7bd199a62cbe6f29838116916185161546b049706f284aa", "4dc866260dab99e966d7c6b6bb95f687349109366aa42bd605bc75d4b9e47719", "c72494a079460be53a0ca6abb0d79d0bcf10b7910a10bd98add12f2ced6a0faf", "e5ef5ac327eb750ccf20d193afe786d7504285e10e275207fe96eb6f0720bd1f", "bcf334e20c396eff7811f125e008bce46940ef068f583a9c08d2b4c6ac5f5aff", "1bda936bb3a63072cd7ec02d904d5797e604d892e448ae92745c0b99bcb920ca", "82d3a9e6afd813acc280c1ed2b49d268528aca6d9b0ccba3933f1c734600dd16", "9cb370cedb049039b08ef47c226518ff3881bc8309c89b57e25dc042169ab96a", "f1d403c1118525c883c851f370e0736bf476f613f87797d3c1098df7a44fe299", "66293653ca713a861eb03ca30166d83f848795a08d0f3cbc552753dd06a4f49c", "c26d692da76ec707a09bb16fddf20918eae1a437771f88ac9f8906fd7733e882", "b0ba093319eb66f3b86b64d5c80468e50eb7b3d7d6367cdb76161f08de3552d6", "a828db8a503476cdd03ae7dca2e8d547acc4c6f3af139c5fd45f9948a128da67", "3970c7b91720a57f356bc895c164f92e776f8e946ff1b059ea0b210b260c256c", "879914057bce3a36fc6736cfdcf0492b622ed5eeb3a2e930f9cda48d1c6157fd", "9a7075f81112630b9569f5463293a6a96a7d0624d47e5bf786cff0d479ce50dd", "9b86d3eceda1e624e9881973daec758e29304f0f6fefd5c5debaf62200462545", "09c60f53c40df2a7318c619692756096a1a4a5c485f14e033aae08dcd653df22", "ffa09d8400871f639dd233a6e37deb7248de7ecf7c897f836985da057c73d986", "23ee90260a961a345f216fa590850992a50af61aa6a8e8934d23fc4c44529634", "c86e5f0c113c534daa1fbc91a82dbd31b038b617ebdb1dc0327b4dfda1a6edd8", "dd2ce215057e11030001f03813e116c4b11406d75068681cf0cc41de4aba2667", "c7cb474d6a0c30f8e6f8533879a3dfc569aa5a861df16bb0ea0489fc1b627d13", "1dd8c3b05b5324703f758c6ad1ba609de4143170b93c1eefc20c14545bd44b08"], "mitre_attack_tags": []}, {"bi": "modified-file-in-user-dir", "hashes": ["f7b8d63457a0f9193fc2343f3e84600adb9d20a5de738c5f58ea3625c059439b", "08129aba55d0282cf9bddbbd2b04499e972e321bec4477110a3df8ba5e26731a", "fd7389cfc829f7000267d0cb0accfcf4b8c2c73de0607b31899b0aee7356a26b", "e2e138502ef3e8e83dbbf02d02db73b021e383e592b39f3b658f68446a963da7", "8897996ae1cd40ab8ba2edb577e5845a65b3fe0c6efe90f3c27ee920ad591c2c", "cc7ef3e8d36e206de123e91a750ecc565fc7718c691fb477d0d2f1d853d1ad01", "dd72a3a6f50c0409c09567e9187c29b252734451b3a5814d1c60a377cdfaf739", "09ab7483ce488bc6cf7be401bf1246cf59cde5bc4ebe81d3aebb43ff2cd85398", "a3d578e74702ef75d093a8889312c107c4d13dda49e2b5a3691889fbe2974b37", "e433832a285407bc019d5b443c891ef1e436758aeb7afaf67d4151d8cd4d4c56", "54ab28a4fea3aab1315aa73ac2a1b89ce71761878e7c7a8392bf6f95f3d0e775", "a1974279f06f9e589582df17a106e0830baa549780f65ece88488acb535d0179", "2558cf38481549c9fdd11d2b3fde4b0168c8d7fb7726dd8f588e60e22794ac6b", "45cfd7b084155ba74c37f46ef6c7932e736ab50979b5a904cd0521c8ef894e28", "3badfd1548575cffa198d8be072123c415b9a8ec0f5e88338a9dc0b49259fa1c", "189fb3451b47f12e1fa298faf29a657bcf1451b9eecf8894e390a9b49bf065a7", "cd9e80f954e35a0d3a4a35d5e7376ef110dd391a3c3e3fbd640141d63c5b4c1c", "0ddd516729c268faf26249955752d44054a9b574bb4b7c98a734ec4c35513f7c", "00a41c3cdaa424eeb6319db533ba421d00deef10194ec3ed41baaff069abfbc6", "1d1f6ee67baf7713754ef87f61397cbc50201d2163c893fc48ef17fd5490f041", "b248e571e370c460158a6830cab97b373bb42a0097f1a53c7614eb855cd497bb", "ac1f1fc3b388480bb7bd199a62cbe6f29838116916185161546b049706f284aa", "4dc866260dab99e966d7c6b6bb95f687349109366aa42bd605bc75d4b9e47719", "c72494a079460be53a0ca6abb0d79d0bcf10b7910a10bd98add12f2ced6a0faf", "e5ef5ac327eb750ccf20d193afe786d7504285e10e275207fe96eb6f0720bd1f", "bcf334e20c396eff7811f125e008bce46940ef068f583a9c08d2b4c6ac5f5aff", "1bda936bb3a63072cd7ec02d904d5797e604d892e448ae92745c0b99bcb920ca", "82d3a9e6afd813acc280c1ed2b49d268528aca6d9b0ccba3933f1c734600dd16", "9cb370cedb049039b08ef47c226518ff3881bc8309c89b57e25dc042169ab96a", "f1d403c1118525c883c851f370e0736bf476f613f87797d3c1098df7a44fe299", "66293653ca713a861eb03ca30166d83f848795a08d0f3cbc552753dd06a4f49c", "c26d692da76ec707a09bb16fddf20918eae1a437771f88ac9f8906fd7733e882", "b0ba093319eb66f3b86b64d5c80468e50eb7b3d7d6367cdb76161f08de3552d6", "a828db8a503476cdd03ae7dca2e8d547acc4c6f3af139c5fd45f9948a128da67", "3970c7b91720a57f356bc895c164f92e776f8e946ff1b059ea0b210b260c256c", "879914057bce3a36fc6736cfdcf0492b622ed5eeb3a2e930f9cda48d1c6157fd", "9a7075f81112630b9569f5463293a6a96a7d0624d47e5bf786cff0d479ce50dd", "9b86d3eceda1e624e9881973daec758e29304f0f6fefd5c5debaf62200462545", "09c60f53c40df2a7318c619692756096a1a4a5c485f14e033aae08dcd653df22", "ffa09d8400871f639dd233a6e37deb7248de7ecf7c897f836985da057c73d986", "23ee90260a961a345f216fa590850992a50af61aa6a8e8934d23fc4c44529634", "c86e5f0c113c534daa1fbc91a82dbd31b038b617ebdb1dc0327b4dfda1a6edd8", "dd2ce215057e11030001f03813e116c4b11406d75068681cf0cc41de4aba2667", "c7cb474d6a0c30f8e6f8533879a3dfc569aa5a861df16bb0ea0489fc1b627d13", "1dd8c3b05b5324703f758c6ad1ba609de4143170b93c1eefc20c14545bd44b08"], "mitre_attack_tags": []}, {"bi": "artifact-flagged-anomaly", "hashes": ["f7b8d63457a0f9193fc2343f3e84600adb9d20a5de738c5f58ea3625c059439b", "08129aba55d0282cf9bddbbd2b04499e972e321bec4477110a3df8ba5e26731a", "fd7389cfc829f7000267d0cb0accfcf4b8c2c73de0607b31899b0aee7356a26b", "e2e138502ef3e8e83dbbf02d02db73b021e383e592b39f3b658f68446a963da7", "8897996ae1cd40ab8ba2edb577e5845a65b3fe0c6efe90f3c27ee920ad591c2c", "cc7ef3e8d36e206de123e91a750ecc565fc7718c691fb477d0d2f1d853d1ad01", "dd72a3a6f50c0409c09567e9187c29b252734451b3a5814d1c60a377cdfaf739", "09ab7483ce488bc6cf7be401bf1246cf59cde5bc4ebe81d3aebb43ff2cd85398", "a3d578e74702ef75d093a8889312c107c4d13dda49e2b5a3691889fbe2974b37", "e433832a285407bc019d5b443c891ef1e436758aeb7afaf67d4151d8cd4d4c56", "54ab28a4fea3aab1315aa73ac2a1b89ce71761878e7c7a8392bf6f95f3d0e775", "a1974279f06f9e589582df17a106e0830baa549780f65ece88488acb535d0179", "2558cf38481549c9fdd11d2b3fde4b0168c8d7fb7726dd8f588e60e22794ac6b", "45cfd7b084155ba74c37f46ef6c7932e736ab50979b5a904cd0521c8ef894e28", "3badfd1548575cffa198d8be072123c415b9a8ec0f5e88338a9dc0b49259fa1c", "189fb3451b47f12e1fa298faf29a657bcf1451b9eecf8894e390a9b49bf065a7", "cd9e80f954e35a0d3a4a35d5e7376ef110dd391a3c3e3fbd640141d63c5b4c1c", "0ddd516729c268faf26249955752d44054a9b574bb4b7c98a734ec4c35513f7c", "00a41c3cdaa424eeb6319db533ba421d00deef10194ec3ed41baaff069abfbc6", "1d1f6ee67baf7713754ef87f61397cbc50201d2163c893fc48ef17fd5490f041", "b248e571e370c460158a6830cab97b373bb42a0097f1a53c7614eb855cd497bb", "ac1f1fc3b388480bb7bd199a62cbe6f29838116916185161546b049706f284aa", "4dc866260dab99e966d7c6b6bb95f687349109366aa42bd605bc75d4b9e47719", "c72494a079460be53a0ca6abb0d79d0bcf10b7910a10bd98add12f2ced6a0faf", "e5ef5ac327eb750ccf20d193afe786d7504285e10e275207fe96eb6f0720bd1f", "bcf334e20c396eff7811f125e008bce46940ef068f583a9c08d2b4c6ac5f5aff", "1bda936bb3a63072cd7ec02d904d5797e604d892e448ae92745c0b99bcb920ca", "82d3a9e6afd813acc280c1ed2b49d268528aca6d9b0ccba3933f1c734600dd16", "9cb370cedb049039b08ef47c226518ff3881bc8309c89b57e25dc042169ab96a", "f1d403c1118525c883c851f370e0736bf476f613f87797d3c1098df7a44fe299", "66293653ca713a861eb03ca30166d83f848795a08d0f3cbc552753dd06a4f49c", "c26d692da76ec707a09bb16fddf20918eae1a437771f88ac9f8906fd7733e882", "b0ba093319eb66f3b86b64d5c80468e50eb7b3d7d6367cdb76161f08de3552d6", "a828db8a503476cdd03ae7dca2e8d547acc4c6f3af139c5fd45f9948a128da67", "3970c7b91720a57f356bc895c164f92e776f8e946ff1b059ea0b210b260c256c", "879914057bce3a36fc6736cfdcf0492b622ed5eeb3a2e930f9cda48d1c6157fd", "9a7075f81112630b9569f5463293a6a96a7d0624d47e5bf786cff0d479ce50dd", "9b86d3eceda1e624e9881973daec758e29304f0f6fefd5c5debaf62200462545", "09c60f53c40df2a7318c619692756096a1a4a5c485f14e033aae08dcd653df22", "ffa09d8400871f639dd233a6e37deb7248de7ecf7c897f836985da057c73d986", "23ee90260a961a345f216fa590850992a50af61aa6a8e8934d23fc4c44529634", "c86e5f0c113c534daa1fbc91a82dbd31b038b617ebdb1dc0327b4dfda1a6edd8", "dd2ce215057e11030001f03813e116c4b11406d75068681cf0cc41de4aba2667", "c7cb474d6a0c30f8e6f8533879a3dfc569aa5a861df16bb0ea0489fc1b627d13", "1dd8c3b05b5324703f758c6ad1ba609de4143170b93c1eefc20c14545bd44b08"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-filename-mismatch", "hashes": ["f7b8d63457a0f9193fc2343f3e84600adb9d20a5de738c5f58ea3625c059439b", "08129aba55d0282cf9bddbbd2b04499e972e321bec4477110a3df8ba5e26731a", "fd7389cfc829f7000267d0cb0accfcf4b8c2c73de0607b31899b0aee7356a26b", "e2e138502ef3e8e83dbbf02d02db73b021e383e592b39f3b658f68446a963da7", "8897996ae1cd40ab8ba2edb577e5845a65b3fe0c6efe90f3c27ee920ad591c2c", "cc7ef3e8d36e206de123e91a750ecc565fc7718c691fb477d0d2f1d853d1ad01", "dd72a3a6f50c0409c09567e9187c29b252734451b3a5814d1c60a377cdfaf739", "09ab7483ce488bc6cf7be401bf1246cf59cde5bc4ebe81d3aebb43ff2cd85398", "a3d578e74702ef75d093a8889312c107c4d13dda49e2b5a3691889fbe2974b37", "e433832a285407bc019d5b443c891ef1e436758aeb7afaf67d4151d8cd4d4c56", "54ab28a4fea3aab1315aa73ac2a1b89ce71761878e7c7a8392bf6f95f3d0e775", "a1974279f06f9e589582df17a106e0830baa549780f65ece88488acb535d0179", "2558cf38481549c9fdd11d2b3fde4b0168c8d7fb7726dd8f588e60e22794ac6b", "45cfd7b084155ba74c37f46ef6c7932e736ab50979b5a904cd0521c8ef894e28", "3badfd1548575cffa198d8be072123c415b9a8ec0f5e88338a9dc0b49259fa1c", "189fb3451b47f12e1fa298faf29a657bcf1451b9eecf8894e390a9b49bf065a7", "cd9e80f954e35a0d3a4a35d5e7376ef110dd391a3c3e3fbd640141d63c5b4c1c", "0ddd516729c268faf26249955752d44054a9b574bb4b7c98a734ec4c35513f7c", "00a41c3cdaa424eeb6319db533ba421d00deef10194ec3ed41baaff069abfbc6", "1d1f6ee67baf7713754ef87f61397cbc50201d2163c893fc48ef17fd5490f041", "b248e571e370c460158a6830cab97b373bb42a0097f1a53c7614eb855cd497bb", "ac1f1fc3b388480bb7bd199a62cbe6f29838116916185161546b049706f284aa", "4dc866260dab99e966d7c6b6bb95f687349109366aa42bd605bc75d4b9e47719", "c72494a079460be53a0ca6abb0d79d0bcf10b7910a10bd98add12f2ced6a0faf", "e5ef5ac327eb750ccf20d193afe786d7504285e10e275207fe96eb6f0720bd1f", "bcf334e20c396eff7811f125e008bce46940ef068f583a9c08d2b4c6ac5f5aff", "1bda936bb3a63072cd7ec02d904d5797e604d892e448ae92745c0b99bcb920ca", "82d3a9e6afd813acc280c1ed2b49d268528aca6d9b0ccba3933f1c734600dd16", "9cb370cedb049039b08ef47c226518ff3881bc8309c89b57e25dc042169ab96a", "f1d403c1118525c883c851f370e0736bf476f613f87797d3c1098df7a44fe299", "66293653ca713a861eb03ca30166d83f848795a08d0f3cbc552753dd06a4f49c", "c26d692da76ec707a09bb16fddf20918eae1a437771f88ac9f8906fd7733e882", "b0ba093319eb66f3b86b64d5c80468e50eb7b3d7d6367cdb76161f08de3552d6", "a828db8a503476cdd03ae7dca2e8d547acc4c6f3af139c5fd45f9948a128da67", "3970c7b91720a57f356bc895c164f92e776f8e946ff1b059ea0b210b260c256c", "879914057bce3a36fc6736cfdcf0492b622ed5eeb3a2e930f9cda48d1c6157fd", "9a7075f81112630b9569f5463293a6a96a7d0624d47e5bf786cff0d479ce50dd", "9b86d3eceda1e624e9881973daec758e29304f0f6fefd5c5debaf62200462545", "09c60f53c40df2a7318c619692756096a1a4a5c485f14e033aae08dcd653df22", "ffa09d8400871f639dd233a6e37deb7248de7ecf7c897f836985da057c73d986", "23ee90260a961a345f216fa590850992a50af61aa6a8e8934d23fc4c44529634", "c86e5f0c113c534daa1fbc91a82dbd31b038b617ebdb1dc0327b4dfda1a6edd8", "dd2ce215057e11030001f03813e116c4b11406d75068681cf0cc41de4aba2667", "c7cb474d6a0c30f8e6f8533879a3dfc569aa5a861df16bb0ea0489fc1b627d13", "1dd8c3b05b5324703f758c6ad1ba609de4143170b93c1eefc20c14545bd44b08"], "mitre_attack_tags": []}, {"bi": "network-file-uploaded", "hashes": ["f7b8d63457a0f9193fc2343f3e84600adb9d20a5de738c5f58ea3625c059439b", "08129aba55d0282cf9bddbbd2b04499e972e321bec4477110a3df8ba5e26731a", "fd7389cfc829f7000267d0cb0accfcf4b8c2c73de0607b31899b0aee7356a26b", "e2e138502ef3e8e83dbbf02d02db73b021e383e592b39f3b658f68446a963da7", "8897996ae1cd40ab8ba2edb577e5845a65b3fe0c6efe90f3c27ee920ad591c2c", "cc7ef3e8d36e206de123e91a750ecc565fc7718c691fb477d0d2f1d853d1ad01", "dd72a3a6f50c0409c09567e9187c29b252734451b3a5814d1c60a377cdfaf739", "09ab7483ce488bc6cf7be401bf1246cf59cde5bc4ebe81d3aebb43ff2cd85398", "a3d578e74702ef75d093a8889312c107c4d13dda49e2b5a3691889fbe2974b37", "e433832a285407bc019d5b443c891ef1e436758aeb7afaf67d4151d8cd4d4c56", "54ab28a4fea3aab1315aa73ac2a1b89ce71761878e7c7a8392bf6f95f3d0e775", "a1974279f06f9e589582df17a106e0830baa549780f65ece88488acb535d0179", "2558cf38481549c9fdd11d2b3fde4b0168c8d7fb7726dd8f588e60e22794ac6b", "45cfd7b084155ba74c37f46ef6c7932e736ab50979b5a904cd0521c8ef894e28", "3badfd1548575cffa198d8be072123c415b9a8ec0f5e88338a9dc0b49259fa1c", "189fb3451b47f12e1fa298faf29a657bcf1451b9eecf8894e390a9b49bf065a7", "cd9e80f954e35a0d3a4a35d5e7376ef110dd391a3c3e3fbd640141d63c5b4c1c", "0ddd516729c268faf26249955752d44054a9b574bb4b7c98a734ec4c35513f7c", "00a41c3cdaa424eeb6319db533ba421d00deef10194ec3ed41baaff069abfbc6", "1d1f6ee67baf7713754ef87f61397cbc50201d2163c893fc48ef17fd5490f041", "b248e571e370c460158a6830cab97b373bb42a0097f1a53c7614eb855cd497bb", "ac1f1fc3b388480bb7bd199a62cbe6f29838116916185161546b049706f284aa", "4dc866260dab99e966d7c6b6bb95f687349109366aa42bd605bc75d4b9e47719", "c72494a079460be53a0ca6abb0d79d0bcf10b7910a10bd98add12f2ced6a0faf", "e5ef5ac327eb750ccf20d193afe786d7504285e10e275207fe96eb6f0720bd1f", "bcf334e20c396eff7811f125e008bce46940ef068f583a9c08d2b4c6ac5f5aff", "1bda936bb3a63072cd7ec02d904d5797e604d892e448ae92745c0b99bcb920ca", "82d3a9e6afd813acc280c1ed2b49d268528aca6d9b0ccba3933f1c734600dd16", "9cb370cedb049039b08ef47c226518ff3881bc8309c89b57e25dc042169ab96a", "f1d403c1118525c883c851f370e0736bf476f613f87797d3c1098df7a44fe299", "66293653ca713a861eb03ca30166d83f848795a08d0f3cbc552753dd06a4f49c", "c26d692da76ec707a09bb16fddf20918eae1a437771f88ac9f8906fd7733e882", "b0ba093319eb66f3b86b64d5c80468e50eb7b3d7d6367cdb76161f08de3552d6", "a828db8a503476cdd03ae7dca2e8d547acc4c6f3af139c5fd45f9948a128da67", "3970c7b91720a57f356bc895c164f92e776f8e946ff1b059ea0b210b260c256c", "879914057bce3a36fc6736cfdcf0492b622ed5eeb3a2e930f9cda48d1c6157fd", "9a7075f81112630b9569f5463293a6a96a7d0624d47e5bf786cff0d479ce50dd", "9b86d3eceda1e624e9881973daec758e29304f0f6fefd5c5debaf62200462545", "09c60f53c40df2a7318c619692756096a1a4a5c485f14e033aae08dcd653df22", "ffa09d8400871f639dd233a6e37deb7248de7ecf7c897f836985da057c73d986", "23ee90260a961a345f216fa590850992a50af61aa6a8e8934d23fc4c44529634", "c86e5f0c113c534daa1fbc91a82dbd31b038b617ebdb1dc0327b4dfda1a6edd8", "dd2ce215057e11030001f03813e116c4b11406d75068681cf0cc41de4aba2667", "c7cb474d6a0c30f8e6f8533879a3dfc569aa5a861df16bb0ea0489fc1b627d13", "1dd8c3b05b5324703f758c6ad1ba609de4143170b93c1eefc20c14545bd44b08"], "mitre_attack_tags": ["TA0010", "T1011"]}, {"bi": "nginx-webserver-detected", "hashes": ["f7b8d63457a0f9193fc2343f3e84600adb9d20a5de738c5f58ea3625c059439b", "08129aba55d0282cf9bddbbd2b04499e972e321bec4477110a3df8ba5e26731a", "fd7389cfc829f7000267d0cb0accfcf4b8c2c73de0607b31899b0aee7356a26b", "e2e138502ef3e8e83dbbf02d02db73b021e383e592b39f3b658f68446a963da7", "8897996ae1cd40ab8ba2edb577e5845a65b3fe0c6efe90f3c27ee920ad591c2c", "cc7ef3e8d36e206de123e91a750ecc565fc7718c691fb477d0d2f1d853d1ad01", "dd72a3a6f50c0409c09567e9187c29b252734451b3a5814d1c60a377cdfaf739", "09ab7483ce488bc6cf7be401bf1246cf59cde5bc4ebe81d3aebb43ff2cd85398", "a3d578e74702ef75d093a8889312c107c4d13dda49e2b5a3691889fbe2974b37", "e433832a285407bc019d5b443c891ef1e436758aeb7afaf67d4151d8cd4d4c56", "54ab28a4fea3aab1315aa73ac2a1b89ce71761878e7c7a8392bf6f95f3d0e775", "a1974279f06f9e589582df17a106e0830baa549780f65ece88488acb535d0179", "2558cf38481549c9fdd11d2b3fde4b0168c8d7fb7726dd8f588e60e22794ac6b", "45cfd7b084155ba74c37f46ef6c7932e736ab50979b5a904cd0521c8ef894e28", "3badfd1548575cffa198d8be072123c415b9a8ec0f5e88338a9dc0b49259fa1c", "189fb3451b47f12e1fa298faf29a657bcf1451b9eecf8894e390a9b49bf065a7", "cd9e80f954e35a0d3a4a35d5e7376ef110dd391a3c3e3fbd640141d63c5b4c1c", "0ddd516729c268faf26249955752d44054a9b574bb4b7c98a734ec4c35513f7c", "00a41c3cdaa424eeb6319db533ba421d00deef10194ec3ed41baaff069abfbc6", "1d1f6ee67baf7713754ef87f61397cbc50201d2163c893fc48ef17fd5490f041", "b248e571e370c460158a6830cab97b373bb42a0097f1a53c7614eb855cd497bb", "ac1f1fc3b388480bb7bd199a62cbe6f29838116916185161546b049706f284aa", "4dc866260dab99e966d7c6b6bb95f687349109366aa42bd605bc75d4b9e47719", "c72494a079460be53a0ca6abb0d79d0bcf10b7910a10bd98add12f2ced6a0faf", "e5ef5ac327eb750ccf20d193afe786d7504285e10e275207fe96eb6f0720bd1f", "bcf334e20c396eff7811f125e008bce46940ef068f583a9c08d2b4c6ac5f5aff", "1bda936bb3a63072cd7ec02d904d5797e604d892e448ae92745c0b99bcb920ca", "82d3a9e6afd813acc280c1ed2b49d268528aca6d9b0ccba3933f1c734600dd16", "9cb370cedb049039b08ef47c226518ff3881bc8309c89b57e25dc042169ab96a", "f1d403c1118525c883c851f370e0736bf476f613f87797d3c1098df7a44fe299", "66293653ca713a861eb03ca30166d83f848795a08d0f3cbc552753dd06a4f49c", "c26d692da76ec707a09bb16fddf20918eae1a437771f88ac9f8906fd7733e882", "b0ba093319eb66f3b86b64d5c80468e50eb7b3d7d6367cdb76161f08de3552d6", "a828db8a503476cdd03ae7dca2e8d547acc4c6f3af139c5fd45f9948a128da67", "3970c7b91720a57f356bc895c164f92e776f8e946ff1b059ea0b210b260c256c", "879914057bce3a36fc6736cfdcf0492b622ed5eeb3a2e930f9cda48d1c6157fd", "9a7075f81112630b9569f5463293a6a96a7d0624d47e5bf786cff0d479ce50dd", "9b86d3eceda1e624e9881973daec758e29304f0f6fefd5c5debaf62200462545", "09c60f53c40df2a7318c619692756096a1a4a5c485f14e033aae08dcd653df22", "ffa09d8400871f639dd233a6e37deb7248de7ecf7c897f836985da057c73d986", "23ee90260a961a345f216fa590850992a50af61aa6a8e8934d23fc4c44529634", "c86e5f0c113c534daa1fbc91a82dbd31b038b617ebdb1dc0327b4dfda1a6edd8", "dd2ce215057e11030001f03813e116c4b11406d75068681cf0cc41de4aba2667", "c7cb474d6a0c30f8e6f8533879a3dfc569aa5a861df16bb0ea0489fc1b627d13", "1dd8c3b05b5324703f758c6ad1ba609de4143170b93c1eefc20c14545bd44b08"], "mitre_attack_tags": []}, {"bi": "process-long-cmdline", "hashes": ["f7b8d63457a0f9193fc2343f3e84600adb9d20a5de738c5f58ea3625c059439b", "08129aba55d0282cf9bddbbd2b04499e972e321bec4477110a3df8ba5e26731a", "fd7389cfc829f7000267d0cb0accfcf4b8c2c73de0607b31899b0aee7356a26b", "e2e138502ef3e8e83dbbf02d02db73b021e383e592b39f3b658f68446a963da7", "8897996ae1cd40ab8ba2edb577e5845a65b3fe0c6efe90f3c27ee920ad591c2c", "cc7ef3e8d36e206de123e91a750ecc565fc7718c691fb477d0d2f1d853d1ad01", "dd72a3a6f50c0409c09567e9187c29b252734451b3a5814d1c60a377cdfaf739", "09ab7483ce488bc6cf7be401bf1246cf59cde5bc4ebe81d3aebb43ff2cd85398", "a3d578e74702ef75d093a8889312c107c4d13dda49e2b5a3691889fbe2974b37", "e433832a285407bc019d5b443c891ef1e436758aeb7afaf67d4151d8cd4d4c56", "54ab28a4fea3aab1315aa73ac2a1b89ce71761878e7c7a8392bf6f95f3d0e775", "a1974279f06f9e589582df17a106e0830baa549780f65ece88488acb535d0179", "2558cf38481549c9fdd11d2b3fde4b0168c8d7fb7726dd8f588e60e22794ac6b", "45cfd7b084155ba74c37f46ef6c7932e736ab50979b5a904cd0521c8ef894e28", "3badfd1548575cffa198d8be072123c415b9a8ec0f5e88338a9dc0b49259fa1c", "189fb3451b47f12e1fa298faf29a657bcf1451b9eecf8894e390a9b49bf065a7", "cd9e80f954e35a0d3a4a35d5e7376ef110dd391a3c3e3fbd640141d63c5b4c1c", "0ddd516729c268faf26249955752d44054a9b574bb4b7c98a734ec4c35513f7c", "00a41c3cdaa424eeb6319db533ba421d00deef10194ec3ed41baaff069abfbc6", "1d1f6ee67baf7713754ef87f61397cbc50201d2163c893fc48ef17fd5490f041", "b248e571e370c460158a6830cab97b373bb42a0097f1a53c7614eb855cd497bb", "ac1f1fc3b388480bb7bd199a62cbe6f29838116916185161546b049706f284aa", "4dc866260dab99e966d7c6b6bb95f687349109366aa42bd605bc75d4b9e47719", "c72494a079460be53a0ca6abb0d79d0bcf10b7910a10bd98add12f2ced6a0faf", "e5ef5ac327eb750ccf20d193afe786d7504285e10e275207fe96eb6f0720bd1f", "bcf334e20c396eff7811f125e008bce46940ef068f583a9c08d2b4c6ac5f5aff", "1bda936bb3a63072cd7ec02d904d5797e604d892e448ae92745c0b99bcb920ca", "82d3a9e6afd813acc280c1ed2b49d268528aca6d9b0ccba3933f1c734600dd16", "9cb370cedb049039b08ef47c226518ff3881bc8309c89b57e25dc042169ab96a", "f1d403c1118525c883c851f370e0736bf476f613f87797d3c1098df7a44fe299", "66293653ca713a861eb03ca30166d83f848795a08d0f3cbc552753dd06a4f49c", "c26d692da76ec707a09bb16fddf20918eae1a437771f88ac9f8906fd7733e882", "b0ba093319eb66f3b86b64d5c80468e50eb7b3d7d6367cdb76161f08de3552d6", "a828db8a503476cdd03ae7dca2e8d547acc4c6f3af139c5fd45f9948a128da67", "3970c7b91720a57f356bc895c164f92e776f8e946ff1b059ea0b210b260c256c", "879914057bce3a36fc6736cfdcf0492b622ed5eeb3a2e930f9cda48d1c6157fd", "9a7075f81112630b9569f5463293a6a96a7d0624d47e5bf786cff0d479ce50dd", "9b86d3eceda1e624e9881973daec758e29304f0f6fefd5c5debaf62200462545", "09c60f53c40df2a7318c619692756096a1a4a5c485f14e033aae08dcd653df22", "ffa09d8400871f639dd233a6e37deb7248de7ecf7c897f836985da057c73d986", "23ee90260a961a345f216fa590850992a50af61aa6a8e8934d23fc4c44529634", "c86e5f0c113c534daa1fbc91a82dbd31b038b617ebdb1dc0327b4dfda1a6edd8", "dd2ce215057e11030001f03813e116c4b11406d75068681cf0cc41de4aba2667", "c7cb474d6a0c30f8e6f8533879a3dfc569aa5a861df16bb0ea0489fc1b627d13", "1dd8c3b05b5324703f758c6ad1ba609de4143170b93c1eefc20c14545bd44b08"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "network-http-numeric-ip", "hashes": ["f7b8d63457a0f9193fc2343f3e84600adb9d20a5de738c5f58ea3625c059439b", "08129aba55d0282cf9bddbbd2b04499e972e321bec4477110a3df8ba5e26731a", "fd7389cfc829f7000267d0cb0accfcf4b8c2c73de0607b31899b0aee7356a26b", "e2e138502ef3e8e83dbbf02d02db73b021e383e592b39f3b658f68446a963da7", "8897996ae1cd40ab8ba2edb577e5845a65b3fe0c6efe90f3c27ee920ad591c2c", "cc7ef3e8d36e206de123e91a750ecc565fc7718c691fb477d0d2f1d853d1ad01", "dd72a3a6f50c0409c09567e9187c29b252734451b3a5814d1c60a377cdfaf739", "09ab7483ce488bc6cf7be401bf1246cf59cde5bc4ebe81d3aebb43ff2cd85398", "a3d578e74702ef75d093a8889312c107c4d13dda49e2b5a3691889fbe2974b37", "e433832a285407bc019d5b443c891ef1e436758aeb7afaf67d4151d8cd4d4c56", "54ab28a4fea3aab1315aa73ac2a1b89ce71761878e7c7a8392bf6f95f3d0e775", "a1974279f06f9e589582df17a106e0830baa549780f65ece88488acb535d0179", "2558cf38481549c9fdd11d2b3fde4b0168c8d7fb7726dd8f588e60e22794ac6b", "45cfd7b084155ba74c37f46ef6c7932e736ab50979b5a904cd0521c8ef894e28", "3badfd1548575cffa198d8be072123c415b9a8ec0f5e88338a9dc0b49259fa1c", "189fb3451b47f12e1fa298faf29a657bcf1451b9eecf8894e390a9b49bf065a7", "cd9e80f954e35a0d3a4a35d5e7376ef110dd391a3c3e3fbd640141d63c5b4c1c", "0ddd516729c268faf26249955752d44054a9b574bb4b7c98a734ec4c35513f7c", "00a41c3cdaa424eeb6319db533ba421d00deef10194ec3ed41baaff069abfbc6", "1d1f6ee67baf7713754ef87f61397cbc50201d2163c893fc48ef17fd5490f041", "b248e571e370c460158a6830cab97b373bb42a0097f1a53c7614eb855cd497bb", "ac1f1fc3b388480bb7bd199a62cbe6f29838116916185161546b049706f284aa", "4dc866260dab99e966d7c6b6bb95f687349109366aa42bd605bc75d4b9e47719", "c72494a079460be53a0ca6abb0d79d0bcf10b7910a10bd98add12f2ced6a0faf", "e5ef5ac327eb750ccf20d193afe786d7504285e10e275207fe96eb6f0720bd1f", "bcf334e20c396eff7811f125e008bce46940ef068f583a9c08d2b4c6ac5f5aff", "1bda936bb3a63072cd7ec02d904d5797e604d892e448ae92745c0b99bcb920ca", "82d3a9e6afd813acc280c1ed2b49d268528aca6d9b0ccba3933f1c734600dd16", "9cb370cedb049039b08ef47c226518ff3881bc8309c89b57e25dc042169ab96a", "f1d403c1118525c883c851f370e0736bf476f613f87797d3c1098df7a44fe299", "66293653ca713a861eb03ca30166d83f848795a08d0f3cbc552753dd06a4f49c", "c26d692da76ec707a09bb16fddf20918eae1a437771f88ac9f8906fd7733e882", "b0ba093319eb66f3b86b64d5c80468e50eb7b3d7d6367cdb76161f08de3552d6", "a828db8a503476cdd03ae7dca2e8d547acc4c6f3af139c5fd45f9948a128da67", "3970c7b91720a57f356bc895c164f92e776f8e946ff1b059ea0b210b260c256c", "879914057bce3a36fc6736cfdcf0492b622ed5eeb3a2e930f9cda48d1c6157fd", "9a7075f81112630b9569f5463293a6a96a7d0624d47e5bf786cff0d479ce50dd", "9b86d3eceda1e624e9881973daec758e29304f0f6fefd5c5debaf62200462545", "09c60f53c40df2a7318c619692756096a1a4a5c485f14e033aae08dcd653df22", "ffa09d8400871f639dd233a6e37deb7248de7ecf7c897f836985da057c73d986", "23ee90260a961a345f216fa590850992a50af61aa6a8e8934d23fc4c44529634", "c86e5f0c113c534daa1fbc91a82dbd31b038b617ebdb1dc0327b4dfda1a6edd8", "dd2ce215057e11030001f03813e116c4b11406d75068681cf0cc41de4aba2667", "c7cb474d6a0c30f8e6f8533879a3dfc569aa5a861df16bb0ea0489fc1b627d13", "1dd8c3b05b5324703f758c6ad1ba609de4143170b93c1eefc20c14545bd44b08"], "mitre_attack_tags": ["TA0011", "T1071"]}, {"bi": "network-communications-http-post", "hashes": ["f7b8d63457a0f9193fc2343f3e84600adb9d20a5de738c5f58ea3625c059439b", "08129aba55d0282cf9bddbbd2b04499e972e321bec4477110a3df8ba5e26731a", "fd7389cfc829f7000267d0cb0accfcf4b8c2c73de0607b31899b0aee7356a26b", "e2e138502ef3e8e83dbbf02d02db73b021e383e592b39f3b658f68446a963da7", "8897996ae1cd40ab8ba2edb577e5845a65b3fe0c6efe90f3c27ee920ad591c2c", "cc7ef3e8d36e206de123e91a750ecc565fc7718c691fb477d0d2f1d853d1ad01", "dd72a3a6f50c0409c09567e9187c29b252734451b3a5814d1c60a377cdfaf739", "09ab7483ce488bc6cf7be401bf1246cf59cde5bc4ebe81d3aebb43ff2cd85398", "a3d578e74702ef75d093a8889312c107c4d13dda49e2b5a3691889fbe2974b37", "e433832a285407bc019d5b443c891ef1e436758aeb7afaf67d4151d8cd4d4c56", "54ab28a4fea3aab1315aa73ac2a1b89ce71761878e7c7a8392bf6f95f3d0e775", "a1974279f06f9e589582df17a106e0830baa549780f65ece88488acb535d0179", "2558cf38481549c9fdd11d2b3fde4b0168c8d7fb7726dd8f588e60e22794ac6b", "45cfd7b084155ba74c37f46ef6c7932e736ab50979b5a904cd0521c8ef894e28", "3badfd1548575cffa198d8be072123c415b9a8ec0f5e88338a9dc0b49259fa1c", "189fb3451b47f12e1fa298faf29a657bcf1451b9eecf8894e390a9b49bf065a7", "cd9e80f954e35a0d3a4a35d5e7376ef110dd391a3c3e3fbd640141d63c5b4c1c", "0ddd516729c268faf26249955752d44054a9b574bb4b7c98a734ec4c35513f7c", "00a41c3cdaa424eeb6319db533ba421d00deef10194ec3ed41baaff069abfbc6", "1d1f6ee67baf7713754ef87f61397cbc50201d2163c893fc48ef17fd5490f041", "b248e571e370c460158a6830cab97b373bb42a0097f1a53c7614eb855cd497bb", "ac1f1fc3b388480bb7bd199a62cbe6f29838116916185161546b049706f284aa", "4dc866260dab99e966d7c6b6bb95f687349109366aa42bd605bc75d4b9e47719", "c72494a079460be53a0ca6abb0d79d0bcf10b7910a10bd98add12f2ced6a0faf", "e5ef5ac327eb750ccf20d193afe786d7504285e10e275207fe96eb6f0720bd1f", "bcf334e20c396eff7811f125e008bce46940ef068f583a9c08d2b4c6ac5f5aff", "1bda936bb3a63072cd7ec02d904d5797e604d892e448ae92745c0b99bcb920ca", "82d3a9e6afd813acc280c1ed2b49d268528aca6d9b0ccba3933f1c734600dd16", "9cb370cedb049039b08ef47c226518ff3881bc8309c89b57e25dc042169ab96a", "f1d403c1118525c883c851f370e0736bf476f613f87797d3c1098df7a44fe299", "66293653ca713a861eb03ca30166d83f848795a08d0f3cbc552753dd06a4f49c", "c26d692da76ec707a09bb16fddf20918eae1a437771f88ac9f8906fd7733e882", "b0ba093319eb66f3b86b64d5c80468e50eb7b3d7d6367cdb76161f08de3552d6", "a828db8a503476cdd03ae7dca2e8d547acc4c6f3af139c5fd45f9948a128da67", "3970c7b91720a57f356bc895c164f92e776f8e946ff1b059ea0b210b260c256c", "879914057bce3a36fc6736cfdcf0492b622ed5eeb3a2e930f9cda48d1c6157fd", "9a7075f81112630b9569f5463293a6a96a7d0624d47e5bf786cff0d479ce50dd", "9b86d3eceda1e624e9881973daec758e29304f0f6fefd5c5debaf62200462545", "09c60f53c40df2a7318c619692756096a1a4a5c485f14e033aae08dcd653df22", "ffa09d8400871f639dd233a6e37deb7248de7ecf7c897f836985da057c73d986", "23ee90260a961a345f216fa590850992a50af61aa6a8e8934d23fc4c44529634", "c86e5f0c113c534daa1fbc91a82dbd31b038b617ebdb1dc0327b4dfda1a6edd8", "dd2ce215057e11030001f03813e116c4b11406d75068681cf0cc41de4aba2667", "c7cb474d6a0c30f8e6f8533879a3dfc569aa5a861df16bb0ea0489fc1b627d13", "1dd8c3b05b5324703f758c6ad1ba609de4143170b93c1eefc20c14545bd44b08"], "mitre_attack_tags": ["TA0010", "T1048"]}, {"bi": "network-snort-malware", "hashes": ["f7b8d63457a0f9193fc2343f3e84600adb9d20a5de738c5f58ea3625c059439b", "08129aba55d0282cf9bddbbd2b04499e972e321bec4477110a3df8ba5e26731a", "fd7389cfc829f7000267d0cb0accfcf4b8c2c73de0607b31899b0aee7356a26b", "e2e138502ef3e8e83dbbf02d02db73b021e383e592b39f3b658f68446a963da7", "8897996ae1cd40ab8ba2edb577e5845a65b3fe0c6efe90f3c27ee920ad591c2c", "cc7ef3e8d36e206de123e91a750ecc565fc7718c691fb477d0d2f1d853d1ad01", "dd72a3a6f50c0409c09567e9187c29b252734451b3a5814d1c60a377cdfaf739", "09ab7483ce488bc6cf7be401bf1246cf59cde5bc4ebe81d3aebb43ff2cd85398", "a3d578e74702ef75d093a8889312c107c4d13dda49e2b5a3691889fbe2974b37", "e433832a285407bc019d5b443c891ef1e436758aeb7afaf67d4151d8cd4d4c56", "54ab28a4fea3aab1315aa73ac2a1b89ce71761878e7c7a8392bf6f95f3d0e775", "a1974279f06f9e589582df17a106e0830baa549780f65ece88488acb535d0179", "2558cf38481549c9fdd11d2b3fde4b0168c8d7fb7726dd8f588e60e22794ac6b", "45cfd7b084155ba74c37f46ef6c7932e736ab50979b5a904cd0521c8ef894e28", "3badfd1548575cffa198d8be072123c415b9a8ec0f5e88338a9dc0b49259fa1c", "189fb3451b47f12e1fa298faf29a657bcf1451b9eecf8894e390a9b49bf065a7", "cd9e80f954e35a0d3a4a35d5e7376ef110dd391a3c3e3fbd640141d63c5b4c1c", "0ddd516729c268faf26249955752d44054a9b574bb4b7c98a734ec4c35513f7c", "00a41c3cdaa424eeb6319db533ba421d00deef10194ec3ed41baaff069abfbc6", "1d1f6ee67baf7713754ef87f61397cbc50201d2163c893fc48ef17fd5490f041", "b248e571e370c460158a6830cab97b373bb42a0097f1a53c7614eb855cd497bb", "ac1f1fc3b388480bb7bd199a62cbe6f29838116916185161546b049706f284aa", "4dc866260dab99e966d7c6b6bb95f687349109366aa42bd605bc75d4b9e47719", "c72494a079460be53a0ca6abb0d79d0bcf10b7910a10bd98add12f2ced6a0faf", "e5ef5ac327eb750ccf20d193afe786d7504285e10e275207fe96eb6f0720bd1f", "bcf334e20c396eff7811f125e008bce46940ef068f583a9c08d2b4c6ac5f5aff", "1bda936bb3a63072cd7ec02d904d5797e604d892e448ae92745c0b99bcb920ca", "82d3a9e6afd813acc280c1ed2b49d268528aca6d9b0ccba3933f1c734600dd16", "9cb370cedb049039b08ef47c226518ff3881bc8309c89b57e25dc042169ab96a", "f1d403c1118525c883c851f370e0736bf476f613f87797d3c1098df7a44fe299", "66293653ca713a861eb03ca30166d83f848795a08d0f3cbc552753dd06a4f49c", "c26d692da76ec707a09bb16fddf20918eae1a437771f88ac9f8906fd7733e882", "b0ba093319eb66f3b86b64d5c80468e50eb7b3d7d6367cdb76161f08de3552d6", "a828db8a503476cdd03ae7dca2e8d547acc4c6f3af139c5fd45f9948a128da67", "3970c7b91720a57f356bc895c164f92e776f8e946ff1b059ea0b210b260c256c", "879914057bce3a36fc6736cfdcf0492b622ed5eeb3a2e930f9cda48d1c6157fd", "9a7075f81112630b9569f5463293a6a96a7d0624d47e5bf786cff0d479ce50dd", "9b86d3eceda1e624e9881973daec758e29304f0f6fefd5c5debaf62200462545", "09c60f53c40df2a7318c619692756096a1a4a5c485f14e033aae08dcd653df22", "ffa09d8400871f639dd233a6e37deb7248de7ecf7c897f836985da057c73d986", "23ee90260a961a345f216fa590850992a50af61aa6a8e8934d23fc4c44529634", "c86e5f0c113c534daa1fbc91a82dbd31b038b617ebdb1dc0327b4dfda1a6edd8", "dd2ce215057e11030001f03813e116c4b11406d75068681cf0cc41de4aba2667", "c7cb474d6a0c30f8e6f8533879a3dfc569aa5a861df16bb0ea0489fc1b627d13", "1dd8c3b05b5324703f758c6ad1ba609de4143170b93c1eefc20c14545bd44b08"], "mitre_attack_tags": []}, {"bi": "malware-known-trojan-av", "hashes": ["f7b8d63457a0f9193fc2343f3e84600adb9d20a5de738c5f58ea3625c059439b", "08129aba55d0282cf9bddbbd2b04499e972e321bec4477110a3df8ba5e26731a", "fd7389cfc829f7000267d0cb0accfcf4b8c2c73de0607b31899b0aee7356a26b", "e2e138502ef3e8e83dbbf02d02db73b021e383e592b39f3b658f68446a963da7", "8897996ae1cd40ab8ba2edb577e5845a65b3fe0c6efe90f3c27ee920ad591c2c", "cc7ef3e8d36e206de123e91a750ecc565fc7718c691fb477d0d2f1d853d1ad01", "dd72a3a6f50c0409c09567e9187c29b252734451b3a5814d1c60a377cdfaf739", "09ab7483ce488bc6cf7be401bf1246cf59cde5bc4ebe81d3aebb43ff2cd85398", "a3d578e74702ef75d093a8889312c107c4d13dda49e2b5a3691889fbe2974b37", "e433832a285407bc019d5b443c891ef1e436758aeb7afaf67d4151d8cd4d4c56", "54ab28a4fea3aab1315aa73ac2a1b89ce71761878e7c7a8392bf6f95f3d0e775", "a1974279f06f9e589582df17a106e0830baa549780f65ece88488acb535d0179", "2558cf38481549c9fdd11d2b3fde4b0168c8d7fb7726dd8f588e60e22794ac6b", "45cfd7b084155ba74c37f46ef6c7932e736ab50979b5a904cd0521c8ef894e28", "3badfd1548575cffa198d8be072123c415b9a8ec0f5e88338a9dc0b49259fa1c", "189fb3451b47f12e1fa298faf29a657bcf1451b9eecf8894e390a9b49bf065a7", "cd9e80f954e35a0d3a4a35d5e7376ef110dd391a3c3e3fbd640141d63c5b4c1c", "0ddd516729c268faf26249955752d44054a9b574bb4b7c98a734ec4c35513f7c", "00a41c3cdaa424eeb6319db533ba421d00deef10194ec3ed41baaff069abfbc6", "1d1f6ee67baf7713754ef87f61397cbc50201d2163c893fc48ef17fd5490f041", "b248e571e370c460158a6830cab97b373bb42a0097f1a53c7614eb855cd497bb", "ac1f1fc3b388480bb7bd199a62cbe6f29838116916185161546b049706f284aa", "4dc866260dab99e966d7c6b6bb95f687349109366aa42bd605bc75d4b9e47719", "c72494a079460be53a0ca6abb0d79d0bcf10b7910a10bd98add12f2ced6a0faf", "e5ef5ac327eb750ccf20d193afe786d7504285e10e275207fe96eb6f0720bd1f", "bcf334e20c396eff7811f125e008bce46940ef068f583a9c08d2b4c6ac5f5aff", "1bda936bb3a63072cd7ec02d904d5797e604d892e448ae92745c0b99bcb920ca", "82d3a9e6afd813acc280c1ed2b49d268528aca6d9b0ccba3933f1c734600dd16", "9cb370cedb049039b08ef47c226518ff3881bc8309c89b57e25dc042169ab96a", "f1d403c1118525c883c851f370e0736bf476f613f87797d3c1098df7a44fe299", "66293653ca713a861eb03ca30166d83f848795a08d0f3cbc552753dd06a4f49c", "c26d692da76ec707a09bb16fddf20918eae1a437771f88ac9f8906fd7733e882", "b0ba093319eb66f3b86b64d5c80468e50eb7b3d7d6367cdb76161f08de3552d6", "a828db8a503476cdd03ae7dca2e8d547acc4c6f3af139c5fd45f9948a128da67", "3970c7b91720a57f356bc895c164f92e776f8e946ff1b059ea0b210b260c256c", "879914057bce3a36fc6736cfdcf0492b622ed5eeb3a2e930f9cda48d1c6157fd", "9a7075f81112630b9569f5463293a6a96a7d0624d47e5bf786cff0d479ce50dd", "9b86d3eceda1e624e9881973daec758e29304f0f6fefd5c5debaf62200462545", "09c60f53c40df2a7318c619692756096a1a4a5c485f14e033aae08dcd653df22", "ffa09d8400871f639dd233a6e37deb7248de7ecf7c897f836985da057c73d986", "23ee90260a961a345f216fa590850992a50af61aa6a8e8934d23fc4c44529634", "c86e5f0c113c534daa1fbc91a82dbd31b038b617ebdb1dc0327b4dfda1a6edd8", "dd2ce215057e11030001f03813e116c4b11406d75068681cf0cc41de4aba2667", "c7cb474d6a0c30f8e6f8533879a3dfc569aa5a861df16bb0ea0489fc1b627d13", "1dd8c3b05b5324703f758c6ad1ba609de4143170b93c1eefc20c14545bd44b08"], "mitre_attack_tags": []}, {"bi": "enumeration-browser-information", "hashes": ["f7b8d63457a0f9193fc2343f3e84600adb9d20a5de738c5f58ea3625c059439b", "08129aba55d0282cf9bddbbd2b04499e972e321bec4477110a3df8ba5e26731a", "fd7389cfc829f7000267d0cb0accfcf4b8c2c73de0607b31899b0aee7356a26b", "e2e138502ef3e8e83dbbf02d02db73b021e383e592b39f3b658f68446a963da7", "8897996ae1cd40ab8ba2edb577e5845a65b3fe0c6efe90f3c27ee920ad591c2c", "cc7ef3e8d36e206de123e91a750ecc565fc7718c691fb477d0d2f1d853d1ad01", "dd72a3a6f50c0409c09567e9187c29b252734451b3a5814d1c60a377cdfaf739", "09ab7483ce488bc6cf7be401bf1246cf59cde5bc4ebe81d3aebb43ff2cd85398", "a3d578e74702ef75d093a8889312c107c4d13dda49e2b5a3691889fbe2974b37", "e433832a285407bc019d5b443c891ef1e436758aeb7afaf67d4151d8cd4d4c56", "54ab28a4fea3aab1315aa73ac2a1b89ce71761878e7c7a8392bf6f95f3d0e775", "a1974279f06f9e589582df17a106e0830baa549780f65ece88488acb535d0179", "2558cf38481549c9fdd11d2b3fde4b0168c8d7fb7726dd8f588e60e22794ac6b", "45cfd7b084155ba74c37f46ef6c7932e736ab50979b5a904cd0521c8ef894e28", "3badfd1548575cffa198d8be072123c415b9a8ec0f5e88338a9dc0b49259fa1c", "189fb3451b47f12e1fa298faf29a657bcf1451b9eecf8894e390a9b49bf065a7", "cd9e80f954e35a0d3a4a35d5e7376ef110dd391a3c3e3fbd640141d63c5b4c1c", "0ddd516729c268faf26249955752d44054a9b574bb4b7c98a734ec4c35513f7c", "00a41c3cdaa424eeb6319db533ba421d00deef10194ec3ed41baaff069abfbc6", "1d1f6ee67baf7713754ef87f61397cbc50201d2163c893fc48ef17fd5490f041", "b248e571e370c460158a6830cab97b373bb42a0097f1a53c7614eb855cd497bb", "ac1f1fc3b388480bb7bd199a62cbe6f29838116916185161546b049706f284aa", "4dc866260dab99e966d7c6b6bb95f687349109366aa42bd605bc75d4b9e47719", "c72494a079460be53a0ca6abb0d79d0bcf10b7910a10bd98add12f2ced6a0faf", "e5ef5ac327eb750ccf20d193afe786d7504285e10e275207fe96eb6f0720bd1f", "bcf334e20c396eff7811f125e008bce46940ef068f583a9c08d2b4c6ac5f5aff", "1bda936bb3a63072cd7ec02d904d5797e604d892e448ae92745c0b99bcb920ca", "82d3a9e6afd813acc280c1ed2b49d268528aca6d9b0ccba3933f1c734600dd16", "9cb370cedb049039b08ef47c226518ff3881bc8309c89b57e25dc042169ab96a", "f1d403c1118525c883c851f370e0736bf476f613f87797d3c1098df7a44fe299", "66293653ca713a861eb03ca30166d83f848795a08d0f3cbc552753dd06a4f49c", "c26d692da76ec707a09bb16fddf20918eae1a437771f88ac9f8906fd7733e882", "b0ba093319eb66f3b86b64d5c80468e50eb7b3d7d6367cdb76161f08de3552d6", "a828db8a503476cdd03ae7dca2e8d547acc4c6f3af139c5fd45f9948a128da67", "3970c7b91720a57f356bc895c164f92e776f8e946ff1b059ea0b210b260c256c", "879914057bce3a36fc6736cfdcf0492b622ed5eeb3a2e930f9cda48d1c6157fd", "9a7075f81112630b9569f5463293a6a96a7d0624d47e5bf786cff0d479ce50dd", "9b86d3eceda1e624e9881973daec758e29304f0f6fefd5c5debaf62200462545", "09c60f53c40df2a7318c619692756096a1a4a5c485f14e033aae08dcd653df22", "ffa09d8400871f639dd233a6e37deb7248de7ecf7c897f836985da057c73d986", "23ee90260a961a345f216fa590850992a50af61aa6a8e8934d23fc4c44529634", "c86e5f0c113c534daa1fbc91a82dbd31b038b617ebdb1dc0327b4dfda1a6edd8", "dd2ce215057e11030001f03813e116c4b11406d75068681cf0cc41de4aba2667", "c7cb474d6a0c30f8e6f8533879a3dfc569aa5a861df16bb0ea0489fc1b627d13", "1dd8c3b05b5324703f758c6ad1ba609de4143170b93c1eefc20c14545bd44b08"], "mitre_attack_tags": ["TA0007", "TA0009", "TA0006", "T1083", "T1217", "T1005", "T1119", "T1552", "T1539", "T1555"]}, {"bi": "network-http-blank-user-agent", "hashes": ["f7b8d63457a0f9193fc2343f3e84600adb9d20a5de738c5f58ea3625c059439b", "08129aba55d0282cf9bddbbd2b04499e972e321bec4477110a3df8ba5e26731a", "fd7389cfc829f7000267d0cb0accfcf4b8c2c73de0607b31899b0aee7356a26b", "e2e138502ef3e8e83dbbf02d02db73b021e383e592b39f3b658f68446a963da7", "8897996ae1cd40ab8ba2edb577e5845a65b3fe0c6efe90f3c27ee920ad591c2c", "cc7ef3e8d36e206de123e91a750ecc565fc7718c691fb477d0d2f1d853d1ad01", "dd72a3a6f50c0409c09567e9187c29b252734451b3a5814d1c60a377cdfaf739", "09ab7483ce488bc6cf7be401bf1246cf59cde5bc4ebe81d3aebb43ff2cd85398", "a3d578e74702ef75d093a8889312c107c4d13dda49e2b5a3691889fbe2974b37", "e433832a285407bc019d5b443c891ef1e436758aeb7afaf67d4151d8cd4d4c56", "54ab28a4fea3aab1315aa73ac2a1b89ce71761878e7c7a8392bf6f95f3d0e775", "a1974279f06f9e589582df17a106e0830baa549780f65ece88488acb535d0179", "2558cf38481549c9fdd11d2b3fde4b0168c8d7fb7726dd8f588e60e22794ac6b", "45cfd7b084155ba74c37f46ef6c7932e736ab50979b5a904cd0521c8ef894e28", "3badfd1548575cffa198d8be072123c415b9a8ec0f5e88338a9dc0b49259fa1c", "189fb3451b47f12e1fa298faf29a657bcf1451b9eecf8894e390a9b49bf065a7", "cd9e80f954e35a0d3a4a35d5e7376ef110dd391a3c3e3fbd640141d63c5b4c1c", "0ddd516729c268faf26249955752d44054a9b574bb4b7c98a734ec4c35513f7c", "00a41c3cdaa424eeb6319db533ba421d00deef10194ec3ed41baaff069abfbc6", "1d1f6ee67baf7713754ef87f61397cbc50201d2163c893fc48ef17fd5490f041", "b248e571e370c460158a6830cab97b373bb42a0097f1a53c7614eb855cd497bb", "ac1f1fc3b388480bb7bd199a62cbe6f29838116916185161546b049706f284aa", "4dc866260dab99e966d7c6b6bb95f687349109366aa42bd605bc75d4b9e47719", "c72494a079460be53a0ca6abb0d79d0bcf10b7910a10bd98add12f2ced6a0faf", "e5ef5ac327eb750ccf20d193afe786d7504285e10e275207fe96eb6f0720bd1f", "bcf334e20c396eff7811f125e008bce46940ef068f583a9c08d2b4c6ac5f5aff", "1bda936bb3a63072cd7ec02d904d5797e604d892e448ae92745c0b99bcb920ca", "82d3a9e6afd813acc280c1ed2b49d268528aca6d9b0ccba3933f1c734600dd16", "9cb370cedb049039b08ef47c226518ff3881bc8309c89b57e25dc042169ab96a", "f1d403c1118525c883c851f370e0736bf476f613f87797d3c1098df7a44fe299", "66293653ca713a861eb03ca30166d83f848795a08d0f3cbc552753dd06a4f49c", "c26d692da76ec707a09bb16fddf20918eae1a437771f88ac9f8906fd7733e882", "b0ba093319eb66f3b86b64d5c80468e50eb7b3d7d6367cdb76161f08de3552d6", "a828db8a503476cdd03ae7dca2e8d547acc4c6f3af139c5fd45f9948a128da67", "3970c7b91720a57f356bc895c164f92e776f8e946ff1b059ea0b210b260c256c", "879914057bce3a36fc6736cfdcf0492b622ed5eeb3a2e930f9cda48d1c6157fd", "9a7075f81112630b9569f5463293a6a96a7d0624d47e5bf786cff0d479ce50dd", "9b86d3eceda1e624e9881973daec758e29304f0f6fefd5c5debaf62200462545", "09c60f53c40df2a7318c619692756096a1a4a5c485f14e033aae08dcd653df22", "ffa09d8400871f639dd233a6e37deb7248de7ecf7c897f836985da057c73d986", "23ee90260a961a345f216fa590850992a50af61aa6a8e8934d23fc4c44529634", "c86e5f0c113c534daa1fbc91a82dbd31b038b617ebdb1dc0327b4dfda1a6edd8", "dd2ce215057e11030001f03813e116c4b11406d75068681cf0cc41de4aba2667", "c7cb474d6a0c30f8e6f8533879a3dfc569aa5a861df16bb0ea0489fc1b627d13", "1dd8c3b05b5324703f758c6ad1ba609de4143170b93c1eefc20c14545bd44b08"], "mitre_attack_tags": ["TA0011", "T1071"]}, {"bi": "artifact-windows-task", "hashes": ["f7b8d63457a0f9193fc2343f3e84600adb9d20a5de738c5f58ea3625c059439b", "08129aba55d0282cf9bddbbd2b04499e972e321bec4477110a3df8ba5e26731a", "fd7389cfc829f7000267d0cb0accfcf4b8c2c73de0607b31899b0aee7356a26b", "e2e138502ef3e8e83dbbf02d02db73b021e383e592b39f3b658f68446a963da7", "8897996ae1cd40ab8ba2edb577e5845a65b3fe0c6efe90f3c27ee920ad591c2c", "cc7ef3e8d36e206de123e91a750ecc565fc7718c691fb477d0d2f1d853d1ad01", "dd72a3a6f50c0409c09567e9187c29b252734451b3a5814d1c60a377cdfaf739", "09ab7483ce488bc6cf7be401bf1246cf59cde5bc4ebe81d3aebb43ff2cd85398", "a3d578e74702ef75d093a8889312c107c4d13dda49e2b5a3691889fbe2974b37", "e433832a285407bc019d5b443c891ef1e436758aeb7afaf67d4151d8cd4d4c56", "54ab28a4fea3aab1315aa73ac2a1b89ce71761878e7c7a8392bf6f95f3d0e775", "a1974279f06f9e589582df17a106e0830baa549780f65ece88488acb535d0179", "2558cf38481549c9fdd11d2b3fde4b0168c8d7fb7726dd8f588e60e22794ac6b", "45cfd7b084155ba74c37f46ef6c7932e736ab50979b5a904cd0521c8ef894e28", "3badfd1548575cffa198d8be072123c415b9a8ec0f5e88338a9dc0b49259fa1c", "189fb3451b47f12e1fa298faf29a657bcf1451b9eecf8894e390a9b49bf065a7", "cd9e80f954e35a0d3a4a35d5e7376ef110dd391a3c3e3fbd640141d63c5b4c1c", "0ddd516729c268faf26249955752d44054a9b574bb4b7c98a734ec4c35513f7c", "00a41c3cdaa424eeb6319db533ba421d00deef10194ec3ed41baaff069abfbc6", "1d1f6ee67baf7713754ef87f61397cbc50201d2163c893fc48ef17fd5490f041", "b248e571e370c460158a6830cab97b373bb42a0097f1a53c7614eb855cd497bb", "ac1f1fc3b388480bb7bd199a62cbe6f29838116916185161546b049706f284aa", "4dc866260dab99e966d7c6b6bb95f687349109366aa42bd605bc75d4b9e47719", "c72494a079460be53a0ca6abb0d79d0bcf10b7910a10bd98add12f2ced6a0faf", "e5ef5ac327eb750ccf20d193afe786d7504285e10e275207fe96eb6f0720bd1f", "bcf334e20c396eff7811f125e008bce46940ef068f583a9c08d2b4c6ac5f5aff", "1bda936bb3a63072cd7ec02d904d5797e604d892e448ae92745c0b99bcb920ca", "82d3a9e6afd813acc280c1ed2b49d268528aca6d9b0ccba3933f1c734600dd16", "9cb370cedb049039b08ef47c226518ff3881bc8309c89b57e25dc042169ab96a", "f1d403c1118525c883c851f370e0736bf476f613f87797d3c1098df7a44fe299", "66293653ca713a861eb03ca30166d83f848795a08d0f3cbc552753dd06a4f49c", "c26d692da76ec707a09bb16fddf20918eae1a437771f88ac9f8906fd7733e882", "b0ba093319eb66f3b86b64d5c80468e50eb7b3d7d6367cdb76161f08de3552d6", "a828db8a503476cdd03ae7dca2e8d547acc4c6f3af139c5fd45f9948a128da67", "3970c7b91720a57f356bc895c164f92e776f8e946ff1b059ea0b210b260c256c", "879914057bce3a36fc6736cfdcf0492b622ed5eeb3a2e930f9cda48d1c6157fd", "9a7075f81112630b9569f5463293a6a96a7d0624d47e5bf786cff0d479ce50dd", "9b86d3eceda1e624e9881973daec758e29304f0f6fefd5c5debaf62200462545", "09c60f53c40df2a7318c619692756096a1a4a5c485f14e033aae08dcd653df22", "ffa09d8400871f639dd233a6e37deb7248de7ecf7c897f836985da057c73d986", "23ee90260a961a345f216fa590850992a50af61aa6a8e8934d23fc4c44529634", "c86e5f0c113c534daa1fbc91a82dbd31b038b617ebdb1dc0327b4dfda1a6edd8", "dd2ce215057e11030001f03813e116c4b11406d75068681cf0cc41de4aba2667", "c7cb474d6a0c30f8e6f8533879a3dfc569aa5a861df16bb0ea0489fc1b627d13", "1dd8c3b05b5324703f758c6ad1ba609de4143170b93c1eefc20c14545bd44b08"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1053"]}, {"bi": "pe-uses-dot-net", "hashes": ["f7b8d63457a0f9193fc2343f3e84600adb9d20a5de738c5f58ea3625c059439b", "08129aba55d0282cf9bddbbd2b04499e972e321bec4477110a3df8ba5e26731a", "fd7389cfc829f7000267d0cb0accfcf4b8c2c73de0607b31899b0aee7356a26b", "e2e138502ef3e8e83dbbf02d02db73b021e383e592b39f3b658f68446a963da7", "8897996ae1cd40ab8ba2edb577e5845a65b3fe0c6efe90f3c27ee920ad591c2c", "cc7ef3e8d36e206de123e91a750ecc565fc7718c691fb477d0d2f1d853d1ad01", "dd72a3a6f50c0409c09567e9187c29b252734451b3a5814d1c60a377cdfaf739", "09ab7483ce488bc6cf7be401bf1246cf59cde5bc4ebe81d3aebb43ff2cd85398", "a3d578e74702ef75d093a8889312c107c4d13dda49e2b5a3691889fbe2974b37", "e433832a285407bc019d5b443c891ef1e436758aeb7afaf67d4151d8cd4d4c56", "54ab28a4fea3aab1315aa73ac2a1b89ce71761878e7c7a8392bf6f95f3d0e775", "a1974279f06f9e589582df17a106e0830baa549780f65ece88488acb535d0179", "2558cf38481549c9fdd11d2b3fde4b0168c8d7fb7726dd8f588e60e22794ac6b", "45cfd7b084155ba74c37f46ef6c7932e736ab50979b5a904cd0521c8ef894e28", "3badfd1548575cffa198d8be072123c415b9a8ec0f5e88338a9dc0b49259fa1c", "189fb3451b47f12e1fa298faf29a657bcf1451b9eecf8894e390a9b49bf065a7", "cd9e80f954e35a0d3a4a35d5e7376ef110dd391a3c3e3fbd640141d63c5b4c1c", "0ddd516729c268faf26249955752d44054a9b574bb4b7c98a734ec4c35513f7c", "00a41c3cdaa424eeb6319db533ba421d00deef10194ec3ed41baaff069abfbc6", "1d1f6ee67baf7713754ef87f61397cbc50201d2163c893fc48ef17fd5490f041", "b248e571e370c460158a6830cab97b373bb42a0097f1a53c7614eb855cd497bb", "ac1f1fc3b388480bb7bd199a62cbe6f29838116916185161546b049706f284aa", "4dc866260dab99e966d7c6b6bb95f687349109366aa42bd605bc75d4b9e47719", "c72494a079460be53a0ca6abb0d79d0bcf10b7910a10bd98add12f2ced6a0faf", "e5ef5ac327eb750ccf20d193afe786d7504285e10e275207fe96eb6f0720bd1f", "bcf334e20c396eff7811f125e008bce46940ef068f583a9c08d2b4c6ac5f5aff", "1bda936bb3a63072cd7ec02d904d5797e604d892e448ae92745c0b99bcb920ca", "82d3a9e6afd813acc280c1ed2b49d268528aca6d9b0ccba3933f1c734600dd16", "9cb370cedb049039b08ef47c226518ff3881bc8309c89b57e25dc042169ab96a", "f1d403c1118525c883c851f370e0736bf476f613f87797d3c1098df7a44fe299", "66293653ca713a861eb03ca30166d83f848795a08d0f3cbc552753dd06a4f49c", "c26d692da76ec707a09bb16fddf20918eae1a437771f88ac9f8906fd7733e882", "b0ba093319eb66f3b86b64d5c80468e50eb7b3d7d6367cdb76161f08de3552d6", "a828db8a503476cdd03ae7dca2e8d547acc4c6f3af139c5fd45f9948a128da67", "3970c7b91720a57f356bc895c164f92e776f8e946ff1b059ea0b210b260c256c", "879914057bce3a36fc6736cfdcf0492b622ed5eeb3a2e930f9cda48d1c6157fd", "9a7075f81112630b9569f5463293a6a96a7d0624d47e5bf786cff0d479ce50dd", "9b86d3eceda1e624e9881973daec758e29304f0f6fefd5c5debaf62200462545", "09c60f53c40df2a7318c619692756096a1a4a5c485f14e033aae08dcd653df22", "ffa09d8400871f639dd233a6e37deb7248de7ecf7c897f836985da057c73d986", "23ee90260a961a345f216fa590850992a50af61aa6a8e8934d23fc4c44529634", "c86e5f0c113c534daa1fbc91a82dbd31b038b617ebdb1dc0327b4dfda1a6edd8", "dd2ce215057e11030001f03813e116c4b11406d75068681cf0cc41de4aba2667", "c7cb474d6a0c30f8e6f8533879a3dfc569aa5a861df16bb0ea0489fc1b627d13", "1dd8c3b05b5324703f758c6ad1ba609de4143170b93c1eefc20c14545bd44b08"], "mitre_attack_tags": []}, {"bi": "registry-autorun-key-modified", "hashes": ["f7b8d63457a0f9193fc2343f3e84600adb9d20a5de738c5f58ea3625c059439b", "08129aba55d0282cf9bddbbd2b04499e972e321bec4477110a3df8ba5e26731a", "fd7389cfc829f7000267d0cb0accfcf4b8c2c73de0607b31899b0aee7356a26b", "e2e138502ef3e8e83dbbf02d02db73b021e383e592b39f3b658f68446a963da7", "8897996ae1cd40ab8ba2edb577e5845a65b3fe0c6efe90f3c27ee920ad591c2c", "cc7ef3e8d36e206de123e91a750ecc565fc7718c691fb477d0d2f1d853d1ad01", "dd72a3a6f50c0409c09567e9187c29b252734451b3a5814d1c60a377cdfaf739", "09ab7483ce488bc6cf7be401bf1246cf59cde5bc4ebe81d3aebb43ff2cd85398", "a3d578e74702ef75d093a8889312c107c4d13dda49e2b5a3691889fbe2974b37", "e433832a285407bc019d5b443c891ef1e436758aeb7afaf67d4151d8cd4d4c56", "54ab28a4fea3aab1315aa73ac2a1b89ce71761878e7c7a8392bf6f95f3d0e775", "a1974279f06f9e589582df17a106e0830baa549780f65ece88488acb535d0179", "2558cf38481549c9fdd11d2b3fde4b0168c8d7fb7726dd8f588e60e22794ac6b", "45cfd7b084155ba74c37f46ef6c7932e736ab50979b5a904cd0521c8ef894e28", "3badfd1548575cffa198d8be072123c415b9a8ec0f5e88338a9dc0b49259fa1c", "189fb3451b47f12e1fa298faf29a657bcf1451b9eecf8894e390a9b49bf065a7", "cd9e80f954e35a0d3a4a35d5e7376ef110dd391a3c3e3fbd640141d63c5b4c1c", "0ddd516729c268faf26249955752d44054a9b574bb4b7c98a734ec4c35513f7c", "00a41c3cdaa424eeb6319db533ba421d00deef10194ec3ed41baaff069abfbc6", "1d1f6ee67baf7713754ef87f61397cbc50201d2163c893fc48ef17fd5490f041", "b248e571e370c460158a6830cab97b373bb42a0097f1a53c7614eb855cd497bb", "ac1f1fc3b388480bb7bd199a62cbe6f29838116916185161546b049706f284aa", "4dc866260dab99e966d7c6b6bb95f687349109366aa42bd605bc75d4b9e47719", "c72494a079460be53a0ca6abb0d79d0bcf10b7910a10bd98add12f2ced6a0faf", "e5ef5ac327eb750ccf20d193afe786d7504285e10e275207fe96eb6f0720bd1f", "bcf334e20c396eff7811f125e008bce46940ef068f583a9c08d2b4c6ac5f5aff", "1bda936bb3a63072cd7ec02d904d5797e604d892e448ae92745c0b99bcb920ca", "82d3a9e6afd813acc280c1ed2b49d268528aca6d9b0ccba3933f1c734600dd16", "9cb370cedb049039b08ef47c226518ff3881bc8309c89b57e25dc042169ab96a", "f1d403c1118525c883c851f370e0736bf476f613f87797d3c1098df7a44fe299", "66293653ca713a861eb03ca30166d83f848795a08d0f3cbc552753dd06a4f49c", "c26d692da76ec707a09bb16fddf20918eae1a437771f88ac9f8906fd7733e882", "b0ba093319eb66f3b86b64d5c80468e50eb7b3d7d6367cdb76161f08de3552d6", "a828db8a503476cdd03ae7dca2e8d547acc4c6f3af139c5fd45f9948a128da67", "3970c7b91720a57f356bc895c164f92e776f8e946ff1b059ea0b210b260c256c", "879914057bce3a36fc6736cfdcf0492b622ed5eeb3a2e930f9cda48d1c6157fd", "9a7075f81112630b9569f5463293a6a96a7d0624d47e5bf786cff0d479ce50dd", "9b86d3eceda1e624e9881973daec758e29304f0f6fefd5c5debaf62200462545", "09c60f53c40df2a7318c619692756096a1a4a5c485f14e033aae08dcd653df22", "ffa09d8400871f639dd233a6e37deb7248de7ecf7c897f836985da057c73d986", "23ee90260a961a345f216fa590850992a50af61aa6a8e8934d23fc4c44529634", "c86e5f0c113c534daa1fbc91a82dbd31b038b617ebdb1dc0327b4dfda1a6edd8", "dd2ce215057e11030001f03813e116c4b11406d75068681cf0cc41de4aba2667", "c7cb474d6a0c30f8e6f8533879a3dfc569aa5a861df16bb0ea0489fc1b627d13", "1dd8c3b05b5324703f758c6ad1ba609de4143170b93c1eefc20c14545bd44b08"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "windows-util-schtask", "hashes": ["f7b8d63457a0f9193fc2343f3e84600adb9d20a5de738c5f58ea3625c059439b", "08129aba55d0282cf9bddbbd2b04499e972e321bec4477110a3df8ba5e26731a", "fd7389cfc829f7000267d0cb0accfcf4b8c2c73de0607b31899b0aee7356a26b", "e2e138502ef3e8e83dbbf02d02db73b021e383e592b39f3b658f68446a963da7", "8897996ae1cd40ab8ba2edb577e5845a65b3fe0c6efe90f3c27ee920ad591c2c", "cc7ef3e8d36e206de123e91a750ecc565fc7718c691fb477d0d2f1d853d1ad01", "dd72a3a6f50c0409c09567e9187c29b252734451b3a5814d1c60a377cdfaf739", "09ab7483ce488bc6cf7be401bf1246cf59cde5bc4ebe81d3aebb43ff2cd85398", "a3d578e74702ef75d093a8889312c107c4d13dda49e2b5a3691889fbe2974b37", "e433832a285407bc019d5b443c891ef1e436758aeb7afaf67d4151d8cd4d4c56", "54ab28a4fea3aab1315aa73ac2a1b89ce71761878e7c7a8392bf6f95f3d0e775", "a1974279f06f9e589582df17a106e0830baa549780f65ece88488acb535d0179", "2558cf38481549c9fdd11d2b3fde4b0168c8d7fb7726dd8f588e60e22794ac6b", "45cfd7b084155ba74c37f46ef6c7932e736ab50979b5a904cd0521c8ef894e28", "3badfd1548575cffa198d8be072123c415b9a8ec0f5e88338a9dc0b49259fa1c", "189fb3451b47f12e1fa298faf29a657bcf1451b9eecf8894e390a9b49bf065a7", "cd9e80f954e35a0d3a4a35d5e7376ef110dd391a3c3e3fbd640141d63c5b4c1c", "0ddd516729c268faf26249955752d44054a9b574bb4b7c98a734ec4c35513f7c", "00a41c3cdaa424eeb6319db533ba421d00deef10194ec3ed41baaff069abfbc6", "1d1f6ee67baf7713754ef87f61397cbc50201d2163c893fc48ef17fd5490f041", "b248e571e370c460158a6830cab97b373bb42a0097f1a53c7614eb855cd497bb", "ac1f1fc3b388480bb7bd199a62cbe6f29838116916185161546b049706f284aa", "4dc866260dab99e966d7c6b6bb95f687349109366aa42bd605bc75d4b9e47719", "c72494a079460be53a0ca6abb0d79d0bcf10b7910a10bd98add12f2ced6a0faf", "e5ef5ac327eb750ccf20d193afe786d7504285e10e275207fe96eb6f0720bd1f", "bcf334e20c396eff7811f125e008bce46940ef068f583a9c08d2b4c6ac5f5aff", "1bda936bb3a63072cd7ec02d904d5797e604d892e448ae92745c0b99bcb920ca", "82d3a9e6afd813acc280c1ed2b49d268528aca6d9b0ccba3933f1c734600dd16", "9cb370cedb049039b08ef47c226518ff3881bc8309c89b57e25dc042169ab96a", "f1d403c1118525c883c851f370e0736bf476f613f87797d3c1098df7a44fe299", "66293653ca713a861eb03ca30166d83f848795a08d0f3cbc552753dd06a4f49c", "c26d692da76ec707a09bb16fddf20918eae1a437771f88ac9f8906fd7733e882", "b0ba093319eb66f3b86b64d5c80468e50eb7b3d7d6367cdb76161f08de3552d6", "a828db8a503476cdd03ae7dca2e8d547acc4c6f3af139c5fd45f9948a128da67", "3970c7b91720a57f356bc895c164f92e776f8e946ff1b059ea0b210b260c256c", "879914057bce3a36fc6736cfdcf0492b622ed5eeb3a2e930f9cda48d1c6157fd", "9a7075f81112630b9569f5463293a6a96a7d0624d47e5bf786cff0d479ce50dd", "9b86d3eceda1e624e9881973daec758e29304f0f6fefd5c5debaf62200462545", "09c60f53c40df2a7318c619692756096a1a4a5c485f14e033aae08dcd653df22", "ffa09d8400871f639dd233a6e37deb7248de7ecf7c897f836985da057c73d986", "23ee90260a961a345f216fa590850992a50af61aa6a8e8934d23fc4c44529634", "c86e5f0c113c534daa1fbc91a82dbd31b038b617ebdb1dc0327b4dfda1a6edd8", "dd2ce215057e11030001f03813e116c4b11406d75068681cf0cc41de4aba2667", "c7cb474d6a0c30f8e6f8533879a3dfc569aa5a861df16bb0ea0489fc1b627d13", "1dd8c3b05b5324703f758c6ad1ba609de4143170b93c1eefc20c14545bd44b08"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1053"]}, {"bi": "windows-util-schtask-generic", "hashes": ["f7b8d63457a0f9193fc2343f3e84600adb9d20a5de738c5f58ea3625c059439b", "08129aba55d0282cf9bddbbd2b04499e972e321bec4477110a3df8ba5e26731a", "fd7389cfc829f7000267d0cb0accfcf4b8c2c73de0607b31899b0aee7356a26b", "e2e138502ef3e8e83dbbf02d02db73b021e383e592b39f3b658f68446a963da7", "8897996ae1cd40ab8ba2edb577e5845a65b3fe0c6efe90f3c27ee920ad591c2c", "cc7ef3e8d36e206de123e91a750ecc565fc7718c691fb477d0d2f1d853d1ad01", "dd72a3a6f50c0409c09567e9187c29b252734451b3a5814d1c60a377cdfaf739", "09ab7483ce488bc6cf7be401bf1246cf59cde5bc4ebe81d3aebb43ff2cd85398", "a3d578e74702ef75d093a8889312c107c4d13dda49e2b5a3691889fbe2974b37", "e433832a285407bc019d5b443c891ef1e436758aeb7afaf67d4151d8cd4d4c56", "54ab28a4fea3aab1315aa73ac2a1b89ce71761878e7c7a8392bf6f95f3d0e775", "a1974279f06f9e589582df17a106e0830baa549780f65ece88488acb535d0179", "2558cf38481549c9fdd11d2b3fde4b0168c8d7fb7726dd8f588e60e22794ac6b", "45cfd7b084155ba74c37f46ef6c7932e736ab50979b5a904cd0521c8ef894e28", "3badfd1548575cffa198d8be072123c415b9a8ec0f5e88338a9dc0b49259fa1c", "189fb3451b47f12e1fa298faf29a657bcf1451b9eecf8894e390a9b49bf065a7", "cd9e80f954e35a0d3a4a35d5e7376ef110dd391a3c3e3fbd640141d63c5b4c1c", "0ddd516729c268faf26249955752d44054a9b574bb4b7c98a734ec4c35513f7c", "00a41c3cdaa424eeb6319db533ba421d00deef10194ec3ed41baaff069abfbc6", "1d1f6ee67baf7713754ef87f61397cbc50201d2163c893fc48ef17fd5490f041", "b248e571e370c460158a6830cab97b373bb42a0097f1a53c7614eb855cd497bb", "ac1f1fc3b388480bb7bd199a62cbe6f29838116916185161546b049706f284aa", "4dc866260dab99e966d7c6b6bb95f687349109366aa42bd605bc75d4b9e47719", "c72494a079460be53a0ca6abb0d79d0bcf10b7910a10bd98add12f2ced6a0faf", "e5ef5ac327eb750ccf20d193afe786d7504285e10e275207fe96eb6f0720bd1f", "bcf334e20c396eff7811f125e008bce46940ef068f583a9c08d2b4c6ac5f5aff", "1bda936bb3a63072cd7ec02d904d5797e604d892e448ae92745c0b99bcb920ca", "82d3a9e6afd813acc280c1ed2b49d268528aca6d9b0ccba3933f1c734600dd16", "9cb370cedb049039b08ef47c226518ff3881bc8309c89b57e25dc042169ab96a", "f1d403c1118525c883c851f370e0736bf476f613f87797d3c1098df7a44fe299", "66293653ca713a861eb03ca30166d83f848795a08d0f3cbc552753dd06a4f49c", "c26d692da76ec707a09bb16fddf20918eae1a437771f88ac9f8906fd7733e882", "b0ba093319eb66f3b86b64d5c80468e50eb7b3d7d6367cdb76161f08de3552d6", "a828db8a503476cdd03ae7dca2e8d547acc4c6f3af139c5fd45f9948a128da67", "3970c7b91720a57f356bc895c164f92e776f8e946ff1b059ea0b210b260c256c", "879914057bce3a36fc6736cfdcf0492b622ed5eeb3a2e930f9cda48d1c6157fd", "9a7075f81112630b9569f5463293a6a96a7d0624d47e5bf786cff0d479ce50dd", "9b86d3eceda1e624e9881973daec758e29304f0f6fefd5c5debaf62200462545", "09c60f53c40df2a7318c619692756096a1a4a5c485f14e033aae08dcd653df22", "ffa09d8400871f639dd233a6e37deb7248de7ecf7c897f836985da057c73d986", "23ee90260a961a345f216fa590850992a50af61aa6a8e8934d23fc4c44529634", "c86e5f0c113c534daa1fbc91a82dbd31b038b617ebdb1dc0327b4dfda1a6edd8", "dd2ce215057e11030001f03813e116c4b11406d75068681cf0cc41de4aba2667", "c7cb474d6a0c30f8e6f8533879a3dfc569aa5a861df16bb0ea0489fc1b627d13", "1dd8c3b05b5324703f758c6ad1ba609de4143170b93c1eefc20c14545bd44b08"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1053"]}, {"bi": "potential-registry-persistence", "hashes": ["f7b8d63457a0f9193fc2343f3e84600adb9d20a5de738c5f58ea3625c059439b", "08129aba55d0282cf9bddbbd2b04499e972e321bec4477110a3df8ba5e26731a", "fd7389cfc829f7000267d0cb0accfcf4b8c2c73de0607b31899b0aee7356a26b", "e2e138502ef3e8e83dbbf02d02db73b021e383e592b39f3b658f68446a963da7", "8897996ae1cd40ab8ba2edb577e5845a65b3fe0c6efe90f3c27ee920ad591c2c", "cc7ef3e8d36e206de123e91a750ecc565fc7718c691fb477d0d2f1d853d1ad01", "dd72a3a6f50c0409c09567e9187c29b252734451b3a5814d1c60a377cdfaf739", "09ab7483ce488bc6cf7be401bf1246cf59cde5bc4ebe81d3aebb43ff2cd85398", "a3d578e74702ef75d093a8889312c107c4d13dda49e2b5a3691889fbe2974b37", "e433832a285407bc019d5b443c891ef1e436758aeb7afaf67d4151d8cd4d4c56", "54ab28a4fea3aab1315aa73ac2a1b89ce71761878e7c7a8392bf6f95f3d0e775", "a1974279f06f9e589582df17a106e0830baa549780f65ece88488acb535d0179", "2558cf38481549c9fdd11d2b3fde4b0168c8d7fb7726dd8f588e60e22794ac6b", "45cfd7b084155ba74c37f46ef6c7932e736ab50979b5a904cd0521c8ef894e28", "3badfd1548575cffa198d8be072123c415b9a8ec0f5e88338a9dc0b49259fa1c", "189fb3451b47f12e1fa298faf29a657bcf1451b9eecf8894e390a9b49bf065a7", "cd9e80f954e35a0d3a4a35d5e7376ef110dd391a3c3e3fbd640141d63c5b4c1c", "0ddd516729c268faf26249955752d44054a9b574bb4b7c98a734ec4c35513f7c", "00a41c3cdaa424eeb6319db533ba421d00deef10194ec3ed41baaff069abfbc6", "1d1f6ee67baf7713754ef87f61397cbc50201d2163c893fc48ef17fd5490f041", "b248e571e370c460158a6830cab97b373bb42a0097f1a53c7614eb855cd497bb", "ac1f1fc3b388480bb7bd199a62cbe6f29838116916185161546b049706f284aa", "4dc866260dab99e966d7c6b6bb95f687349109366aa42bd605bc75d4b9e47719", "c72494a079460be53a0ca6abb0d79d0bcf10b7910a10bd98add12f2ced6a0faf", "e5ef5ac327eb750ccf20d193afe786d7504285e10e275207fe96eb6f0720bd1f", "bcf334e20c396eff7811f125e008bce46940ef068f583a9c08d2b4c6ac5f5aff", "1bda936bb3a63072cd7ec02d904d5797e604d892e448ae92745c0b99bcb920ca", "82d3a9e6afd813acc280c1ed2b49d268528aca6d9b0ccba3933f1c734600dd16", "9cb370cedb049039b08ef47c226518ff3881bc8309c89b57e25dc042169ab96a", "f1d403c1118525c883c851f370e0736bf476f613f87797d3c1098df7a44fe299", "66293653ca713a861eb03ca30166d83f848795a08d0f3cbc552753dd06a4f49c", "c26d692da76ec707a09bb16fddf20918eae1a437771f88ac9f8906fd7733e882", "b0ba093319eb66f3b86b64d5c80468e50eb7b3d7d6367cdb76161f08de3552d6", "a828db8a503476cdd03ae7dca2e8d547acc4c6f3af139c5fd45f9948a128da67", "3970c7b91720a57f356bc895c164f92e776f8e946ff1b059ea0b210b260c256c", "879914057bce3a36fc6736cfdcf0492b622ed5eeb3a2e930f9cda48d1c6157fd", "9a7075f81112630b9569f5463293a6a96a7d0624d47e5bf786cff0d479ce50dd", "9b86d3eceda1e624e9881973daec758e29304f0f6fefd5c5debaf62200462545", "09c60f53c40df2a7318c619692756096a1a4a5c485f14e033aae08dcd653df22", "ffa09d8400871f639dd233a6e37deb7248de7ecf7c897f836985da057c73d986", "23ee90260a961a345f216fa590850992a50af61aa6a8e8934d23fc4c44529634", "c86e5f0c113c534daa1fbc91a82dbd31b038b617ebdb1dc0327b4dfda1a6edd8", "dd2ce215057e11030001f03813e116c4b11406d75068681cf0cc41de4aba2667", "c7cb474d6a0c30f8e6f8533879a3dfc569aa5a861df16bb0ea0489fc1b627d13", "1dd8c3b05b5324703f758c6ad1ba609de4143170b93c1eefc20c14545bd44b08"], "mitre_attack_tags": ["TA0003"]}, {"bi": "registry-service-autostart-disabled", "hashes": ["f7b8d63457a0f9193fc2343f3e84600adb9d20a5de738c5f58ea3625c059439b", "08129aba55d0282cf9bddbbd2b04499e972e321bec4477110a3df8ba5e26731a", "fd7389cfc829f7000267d0cb0accfcf4b8c2c73de0607b31899b0aee7356a26b", "e2e138502ef3e8e83dbbf02d02db73b021e383e592b39f3b658f68446a963da7", "8897996ae1cd40ab8ba2edb577e5845a65b3fe0c6efe90f3c27ee920ad591c2c", "cc7ef3e8d36e206de123e91a750ecc565fc7718c691fb477d0d2f1d853d1ad01", "dd72a3a6f50c0409c09567e9187c29b252734451b3a5814d1c60a377cdfaf739", "09ab7483ce488bc6cf7be401bf1246cf59cde5bc4ebe81d3aebb43ff2cd85398", "a3d578e74702ef75d093a8889312c107c4d13dda49e2b5a3691889fbe2974b37", "e433832a285407bc019d5b443c891ef1e436758aeb7afaf67d4151d8cd4d4c56", "54ab28a4fea3aab1315aa73ac2a1b89ce71761878e7c7a8392bf6f95f3d0e775", "a1974279f06f9e589582df17a106e0830baa549780f65ece88488acb535d0179", "2558cf38481549c9fdd11d2b3fde4b0168c8d7fb7726dd8f588e60e22794ac6b", "45cfd7b084155ba74c37f46ef6c7932e736ab50979b5a904cd0521c8ef894e28", "3badfd1548575cffa198d8be072123c415b9a8ec0f5e88338a9dc0b49259fa1c", "189fb3451b47f12e1fa298faf29a657bcf1451b9eecf8894e390a9b49bf065a7", "cd9e80f954e35a0d3a4a35d5e7376ef110dd391a3c3e3fbd640141d63c5b4c1c", "0ddd516729c268faf26249955752d44054a9b574bb4b7c98a734ec4c35513f7c", "00a41c3cdaa424eeb6319db533ba421d00deef10194ec3ed41baaff069abfbc6", "1d1f6ee67baf7713754ef87f61397cbc50201d2163c893fc48ef17fd5490f041", "b248e571e370c460158a6830cab97b373bb42a0097f1a53c7614eb855cd497bb", "ac1f1fc3b388480bb7bd199a62cbe6f29838116916185161546b049706f284aa", "4dc866260dab99e966d7c6b6bb95f687349109366aa42bd605bc75d4b9e47719", "c72494a079460be53a0ca6abb0d79d0bcf10b7910a10bd98add12f2ced6a0faf", "e5ef5ac327eb750ccf20d193afe786d7504285e10e275207fe96eb6f0720bd1f", "bcf334e20c396eff7811f125e008bce46940ef068f583a9c08d2b4c6ac5f5aff", "1bda936bb3a63072cd7ec02d904d5797e604d892e448ae92745c0b99bcb920ca", "82d3a9e6afd813acc280c1ed2b49d268528aca6d9b0ccba3933f1c734600dd16", "9cb370cedb049039b08ef47c226518ff3881bc8309c89b57e25dc042169ab96a", "f1d403c1118525c883c851f370e0736bf476f613f87797d3c1098df7a44fe299", "66293653ca713a861eb03ca30166d83f848795a08d0f3cbc552753dd06a4f49c", "c26d692da76ec707a09bb16fddf20918eae1a437771f88ac9f8906fd7733e882", "b0ba093319eb66f3b86b64d5c80468e50eb7b3d7d6367cdb76161f08de3552d6", "a828db8a503476cdd03ae7dca2e8d547acc4c6f3af139c5fd45f9948a128da67", "3970c7b91720a57f356bc895c164f92e776f8e946ff1b059ea0b210b260c256c", "879914057bce3a36fc6736cfdcf0492b622ed5eeb3a2e930f9cda48d1c6157fd", "9a7075f81112630b9569f5463293a6a96a7d0624d47e5bf786cff0d479ce50dd", "9b86d3eceda1e624e9881973daec758e29304f0f6fefd5c5debaf62200462545", "09c60f53c40df2a7318c619692756096a1a4a5c485f14e033aae08dcd653df22", "ffa09d8400871f639dd233a6e37deb7248de7ecf7c897f836985da057c73d986", "23ee90260a961a345f216fa590850992a50af61aa6a8e8934d23fc4c44529634", "c86e5f0c113c534daa1fbc91a82dbd31b038b617ebdb1dc0327b4dfda1a6edd8", "dd2ce215057e11030001f03813e116c4b11406d75068681cf0cc41de4aba2667", "c7cb474d6a0c30f8e6f8533879a3dfc569aa5a861df16bb0ea0489fc1b627d13", "1dd8c3b05b5324703f758c6ad1ba609de4143170b93c1eefc20c14545bd44b08"], "mitre_attack_tags": ["TA0005", "TA0040", "TA0003", "TA0004", "T1112", "T1574", "T1489"]}, {"bi": "firefox-cookie-read", "hashes": ["f7b8d63457a0f9193fc2343f3e84600adb9d20a5de738c5f58ea3625c059439b", "08129aba55d0282cf9bddbbd2b04499e972e321bec4477110a3df8ba5e26731a", "fd7389cfc829f7000267d0cb0accfcf4b8c2c73de0607b31899b0aee7356a26b", "e2e138502ef3e8e83dbbf02d02db73b021e383e592b39f3b658f68446a963da7", "8897996ae1cd40ab8ba2edb577e5845a65b3fe0c6efe90f3c27ee920ad591c2c", "cc7ef3e8d36e206de123e91a750ecc565fc7718c691fb477d0d2f1d853d1ad01", "dd72a3a6f50c0409c09567e9187c29b252734451b3a5814d1c60a377cdfaf739", "09ab7483ce488bc6cf7be401bf1246cf59cde5bc4ebe81d3aebb43ff2cd85398", "a3d578e74702ef75d093a8889312c107c4d13dda49e2b5a3691889fbe2974b37", "e433832a285407bc019d5b443c891ef1e436758aeb7afaf67d4151d8cd4d4c56", "54ab28a4fea3aab1315aa73ac2a1b89ce71761878e7c7a8392bf6f95f3d0e775", "a1974279f06f9e589582df17a106e0830baa549780f65ece88488acb535d0179", "2558cf38481549c9fdd11d2b3fde4b0168c8d7fb7726dd8f588e60e22794ac6b", "45cfd7b084155ba74c37f46ef6c7932e736ab50979b5a904cd0521c8ef894e28", "3badfd1548575cffa198d8be072123c415b9a8ec0f5e88338a9dc0b49259fa1c", "189fb3451b47f12e1fa298faf29a657bcf1451b9eecf8894e390a9b49bf065a7", "cd9e80f954e35a0d3a4a35d5e7376ef110dd391a3c3e3fbd640141d63c5b4c1c", "0ddd516729c268faf26249955752d44054a9b574bb4b7c98a734ec4c35513f7c", "00a41c3cdaa424eeb6319db533ba421d00deef10194ec3ed41baaff069abfbc6", "1d1f6ee67baf7713754ef87f61397cbc50201d2163c893fc48ef17fd5490f041", "b248e571e370c460158a6830cab97b373bb42a0097f1a53c7614eb855cd497bb", "ac1f1fc3b388480bb7bd199a62cbe6f29838116916185161546b049706f284aa", "4dc866260dab99e966d7c6b6bb95f687349109366aa42bd605bc75d4b9e47719", "c72494a079460be53a0ca6abb0d79d0bcf10b7910a10bd98add12f2ced6a0faf", "e5ef5ac327eb750ccf20d193afe786d7504285e10e275207fe96eb6f0720bd1f", "bcf334e20c396eff7811f125e008bce46940ef068f583a9c08d2b4c6ac5f5aff", "1bda936bb3a63072cd7ec02d904d5797e604d892e448ae92745c0b99bcb920ca", "82d3a9e6afd813acc280c1ed2b49d268528aca6d9b0ccba3933f1c734600dd16", "9cb370cedb049039b08ef47c226518ff3881bc8309c89b57e25dc042169ab96a", "f1d403c1118525c883c851f370e0736bf476f613f87797d3c1098df7a44fe299", "66293653ca713a861eb03ca30166d83f848795a08d0f3cbc552753dd06a4f49c", "c26d692da76ec707a09bb16fddf20918eae1a437771f88ac9f8906fd7733e882", "b0ba093319eb66f3b86b64d5c80468e50eb7b3d7d6367cdb76161f08de3552d6", "a828db8a503476cdd03ae7dca2e8d547acc4c6f3af139c5fd45f9948a128da67", "3970c7b91720a57f356bc895c164f92e776f8e946ff1b059ea0b210b260c256c", "879914057bce3a36fc6736cfdcf0492b622ed5eeb3a2e930f9cda48d1c6157fd", "9a7075f81112630b9569f5463293a6a96a7d0624d47e5bf786cff0d479ce50dd", "9b86d3eceda1e624e9881973daec758e29304f0f6fefd5c5debaf62200462545", "09c60f53c40df2a7318c619692756096a1a4a5c485f14e033aae08dcd653df22", "ffa09d8400871f639dd233a6e37deb7248de7ecf7c897f836985da057c73d986", "23ee90260a961a345f216fa590850992a50af61aa6a8e8934d23fc4c44529634", "c86e5f0c113c534daa1fbc91a82dbd31b038b617ebdb1dc0327b4dfda1a6edd8", "dd2ce215057e11030001f03813e116c4b11406d75068681cf0cc41de4aba2667", "c7cb474d6a0c30f8e6f8533879a3dfc569aa5a861df16bb0ea0489fc1b627d13", "1dd8c3b05b5324703f758c6ad1ba609de4143170b93c1eefc20c14545bd44b08"], "mitre_attack_tags": ["TA0009", "T1005", "T1119"]}, {"bi": "pe-tls-callback", "hashes": ["f7b8d63457a0f9193fc2343f3e84600adb9d20a5de738c5f58ea3625c059439b", "08129aba55d0282cf9bddbbd2b04499e972e321bec4477110a3df8ba5e26731a", "fd7389cfc829f7000267d0cb0accfcf4b8c2c73de0607b31899b0aee7356a26b", "e2e138502ef3e8e83dbbf02d02db73b021e383e592b39f3b658f68446a963da7", "8897996ae1cd40ab8ba2edb577e5845a65b3fe0c6efe90f3c27ee920ad591c2c", "cc7ef3e8d36e206de123e91a750ecc565fc7718c691fb477d0d2f1d853d1ad01", "dd72a3a6f50c0409c09567e9187c29b252734451b3a5814d1c60a377cdfaf739", "09ab7483ce488bc6cf7be401bf1246cf59cde5bc4ebe81d3aebb43ff2cd85398", "a3d578e74702ef75d093a8889312c107c4d13dda49e2b5a3691889fbe2974b37", "e433832a285407bc019d5b443c891ef1e436758aeb7afaf67d4151d8cd4d4c56", "54ab28a4fea3aab1315aa73ac2a1b89ce71761878e7c7a8392bf6f95f3d0e775", "a1974279f06f9e589582df17a106e0830baa549780f65ece88488acb535d0179", "2558cf38481549c9fdd11d2b3fde4b0168c8d7fb7726dd8f588e60e22794ac6b", "45cfd7b084155ba74c37f46ef6c7932e736ab50979b5a904cd0521c8ef894e28", "3badfd1548575cffa198d8be072123c415b9a8ec0f5e88338a9dc0b49259fa1c", "189fb3451b47f12e1fa298faf29a657bcf1451b9eecf8894e390a9b49bf065a7", "cd9e80f954e35a0d3a4a35d5e7376ef110dd391a3c3e3fbd640141d63c5b4c1c", "0ddd516729c268faf26249955752d44054a9b574bb4b7c98a734ec4c35513f7c", "00a41c3cdaa424eeb6319db533ba421d00deef10194ec3ed41baaff069abfbc6", "1d1f6ee67baf7713754ef87f61397cbc50201d2163c893fc48ef17fd5490f041", "b248e571e370c460158a6830cab97b373bb42a0097f1a53c7614eb855cd497bb", "ac1f1fc3b388480bb7bd199a62cbe6f29838116916185161546b049706f284aa", "4dc866260dab99e966d7c6b6bb95f687349109366aa42bd605bc75d4b9e47719", "c72494a079460be53a0ca6abb0d79d0bcf10b7910a10bd98add12f2ced6a0faf", "e5ef5ac327eb750ccf20d193afe786d7504285e10e275207fe96eb6f0720bd1f", "bcf334e20c396eff7811f125e008bce46940ef068f583a9c08d2b4c6ac5f5aff", "1bda936bb3a63072cd7ec02d904d5797e604d892e448ae92745c0b99bcb920ca", "82d3a9e6afd813acc280c1ed2b49d268528aca6d9b0ccba3933f1c734600dd16", "9cb370cedb049039b08ef47c226518ff3881bc8309c89b57e25dc042169ab96a", "f1d403c1118525c883c851f370e0736bf476f613f87797d3c1098df7a44fe299", "66293653ca713a861eb03ca30166d83f848795a08d0f3cbc552753dd06a4f49c", "c26d692da76ec707a09bb16fddf20918eae1a437771f88ac9f8906fd7733e882", "b0ba093319eb66f3b86b64d5c80468e50eb7b3d7d6367cdb76161f08de3552d6", "a828db8a503476cdd03ae7dca2e8d547acc4c6f3af139c5fd45f9948a128da67", "3970c7b91720a57f356bc895c164f92e776f8e946ff1b059ea0b210b260c256c", "879914057bce3a36fc6736cfdcf0492b622ed5eeb3a2e930f9cda48d1c6157fd", "9a7075f81112630b9569f5463293a6a96a7d0624d47e5bf786cff0d479ce50dd", "9b86d3eceda1e624e9881973daec758e29304f0f6fefd5c5debaf62200462545", "09c60f53c40df2a7318c619692756096a1a4a5c485f14e033aae08dcd653df22", "ffa09d8400871f639dd233a6e37deb7248de7ecf7c897f836985da057c73d986", "23ee90260a961a345f216fa590850992a50af61aa6a8e8934d23fc4c44529634", "c86e5f0c113c534daa1fbc91a82dbd31b038b617ebdb1dc0327b4dfda1a6edd8", "dd2ce215057e11030001f03813e116c4b11406d75068681cf0cc41de4aba2667", "c7cb474d6a0c30f8e6f8533879a3dfc569aa5a861df16bb0ea0489fc1b627d13", "1dd8c3b05b5324703f758c6ad1ba609de4143170b93c1eefc20c14545bd44b08"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "auto-update-disabled", "hashes": ["f7b8d63457a0f9193fc2343f3e84600adb9d20a5de738c5f58ea3625c059439b", "08129aba55d0282cf9bddbbd2b04499e972e321bec4477110a3df8ba5e26731a", "fd7389cfc829f7000267d0cb0accfcf4b8c2c73de0607b31899b0aee7356a26b", "e2e138502ef3e8e83dbbf02d02db73b021e383e592b39f3b658f68446a963da7", "8897996ae1cd40ab8ba2edb577e5845a65b3fe0c6efe90f3c27ee920ad591c2c", "cc7ef3e8d36e206de123e91a750ecc565fc7718c691fb477d0d2f1d853d1ad01", "dd72a3a6f50c0409c09567e9187c29b252734451b3a5814d1c60a377cdfaf739", "09ab7483ce488bc6cf7be401bf1246cf59cde5bc4ebe81d3aebb43ff2cd85398", "a3d578e74702ef75d093a8889312c107c4d13dda49e2b5a3691889fbe2974b37", "e433832a285407bc019d5b443c891ef1e436758aeb7afaf67d4151d8cd4d4c56", "54ab28a4fea3aab1315aa73ac2a1b89ce71761878e7c7a8392bf6f95f3d0e775", "a1974279f06f9e589582df17a106e0830baa549780f65ece88488acb535d0179", "2558cf38481549c9fdd11d2b3fde4b0168c8d7fb7726dd8f588e60e22794ac6b", "45cfd7b084155ba74c37f46ef6c7932e736ab50979b5a904cd0521c8ef894e28", "3badfd1548575cffa198d8be072123c415b9a8ec0f5e88338a9dc0b49259fa1c", "189fb3451b47f12e1fa298faf29a657bcf1451b9eecf8894e390a9b49bf065a7", "cd9e80f954e35a0d3a4a35d5e7376ef110dd391a3c3e3fbd640141d63c5b4c1c", "0ddd516729c268faf26249955752d44054a9b574bb4b7c98a734ec4c35513f7c", "00a41c3cdaa424eeb6319db533ba421d00deef10194ec3ed41baaff069abfbc6", "1d1f6ee67baf7713754ef87f61397cbc50201d2163c893fc48ef17fd5490f041", "b248e571e370c460158a6830cab97b373bb42a0097f1a53c7614eb855cd497bb", "ac1f1fc3b388480bb7bd199a62cbe6f29838116916185161546b049706f284aa", "4dc866260dab99e966d7c6b6bb95f687349109366aa42bd605bc75d4b9e47719", "c72494a079460be53a0ca6abb0d79d0bcf10b7910a10bd98add12f2ced6a0faf", "e5ef5ac327eb750ccf20d193afe786d7504285e10e275207fe96eb6f0720bd1f", "bcf334e20c396eff7811f125e008bce46940ef068f583a9c08d2b4c6ac5f5aff", "1bda936bb3a63072cd7ec02d904d5797e604d892e448ae92745c0b99bcb920ca", "82d3a9e6afd813acc280c1ed2b49d268528aca6d9b0ccba3933f1c734600dd16", "9cb370cedb049039b08ef47c226518ff3881bc8309c89b57e25dc042169ab96a", "f1d403c1118525c883c851f370e0736bf476f613f87797d3c1098df7a44fe299", "66293653ca713a861eb03ca30166d83f848795a08d0f3cbc552753dd06a4f49c", "c26d692da76ec707a09bb16fddf20918eae1a437771f88ac9f8906fd7733e882", "b0ba093319eb66f3b86b64d5c80468e50eb7b3d7d6367cdb76161f08de3552d6", "a828db8a503476cdd03ae7dca2e8d547acc4c6f3af139c5fd45f9948a128da67", "3970c7b91720a57f356bc895c164f92e776f8e946ff1b059ea0b210b260c256c", "879914057bce3a36fc6736cfdcf0492b622ed5eeb3a2e930f9cda48d1c6157fd", "9a7075f81112630b9569f5463293a6a96a7d0624d47e5bf786cff0d479ce50dd", "9b86d3eceda1e624e9881973daec758e29304f0f6fefd5c5debaf62200462545", "09c60f53c40df2a7318c619692756096a1a4a5c485f14e033aae08dcd653df22", "ffa09d8400871f639dd233a6e37deb7248de7ecf7c897f836985da057c73d986", "23ee90260a961a345f216fa590850992a50af61aa6a8e8934d23fc4c44529634", "c86e5f0c113c534daa1fbc91a82dbd31b038b617ebdb1dc0327b4dfda1a6edd8", "dd2ce215057e11030001f03813e116c4b11406d75068681cf0cc41de4aba2667", "c7cb474d6a0c30f8e6f8533879a3dfc569aa5a861df16bb0ea0489fc1b627d13", "1dd8c3b05b5324703f758c6ad1ba609de4143170b93c1eefc20c14545bd44b08"], "mitre_attack_tags": ["TA0005", "T1562"]}, {"bi": "pe-header-linker-major", "hashes": ["f7b8d63457a0f9193fc2343f3e84600adb9d20a5de738c5f58ea3625c059439b", "08129aba55d0282cf9bddbbd2b04499e972e321bec4477110a3df8ba5e26731a", "fd7389cfc829f7000267d0cb0accfcf4b8c2c73de0607b31899b0aee7356a26b", "e2e138502ef3e8e83dbbf02d02db73b021e383e592b39f3b658f68446a963da7", "8897996ae1cd40ab8ba2edb577e5845a65b3fe0c6efe90f3c27ee920ad591c2c", "cc7ef3e8d36e206de123e91a750ecc565fc7718c691fb477d0d2f1d853d1ad01", "dd72a3a6f50c0409c09567e9187c29b252734451b3a5814d1c60a377cdfaf739", "09ab7483ce488bc6cf7be401bf1246cf59cde5bc4ebe81d3aebb43ff2cd85398", "a3d578e74702ef75d093a8889312c107c4d13dda49e2b5a3691889fbe2974b37", "e433832a285407bc019d5b443c891ef1e436758aeb7afaf67d4151d8cd4d4c56", "54ab28a4fea3aab1315aa73ac2a1b89ce71761878e7c7a8392bf6f95f3d0e775", "a1974279f06f9e589582df17a106e0830baa549780f65ece88488acb535d0179", "2558cf38481549c9fdd11d2b3fde4b0168c8d7fb7726dd8f588e60e22794ac6b", "45cfd7b084155ba74c37f46ef6c7932e736ab50979b5a904cd0521c8ef894e28", "3badfd1548575cffa198d8be072123c415b9a8ec0f5e88338a9dc0b49259fa1c", "189fb3451b47f12e1fa298faf29a657bcf1451b9eecf8894e390a9b49bf065a7", "cd9e80f954e35a0d3a4a35d5e7376ef110dd391a3c3e3fbd640141d63c5b4c1c", "0ddd516729c268faf26249955752d44054a9b574bb4b7c98a734ec4c35513f7c", "00a41c3cdaa424eeb6319db533ba421d00deef10194ec3ed41baaff069abfbc6", "1d1f6ee67baf7713754ef87f61397cbc50201d2163c893fc48ef17fd5490f041", "b248e571e370c460158a6830cab97b373bb42a0097f1a53c7614eb855cd497bb", "ac1f1fc3b388480bb7bd199a62cbe6f29838116916185161546b049706f284aa", "4dc866260dab99e966d7c6b6bb95f687349109366aa42bd605bc75d4b9e47719", "c72494a079460be53a0ca6abb0d79d0bcf10b7910a10bd98add12f2ced6a0faf", "e5ef5ac327eb750ccf20d193afe786d7504285e10e275207fe96eb6f0720bd1f", "bcf334e20c396eff7811f125e008bce46940ef068f583a9c08d2b4c6ac5f5aff", "1bda936bb3a63072cd7ec02d904d5797e604d892e448ae92745c0b99bcb920ca", "82d3a9e6afd813acc280c1ed2b49d268528aca6d9b0ccba3933f1c734600dd16", "9cb370cedb049039b08ef47c226518ff3881bc8309c89b57e25dc042169ab96a", "f1d403c1118525c883c851f370e0736bf476f613f87797d3c1098df7a44fe299", "66293653ca713a861eb03ca30166d83f848795a08d0f3cbc552753dd06a4f49c", "c26d692da76ec707a09bb16fddf20918eae1a437771f88ac9f8906fd7733e882", "b0ba093319eb66f3b86b64d5c80468e50eb7b3d7d6367cdb76161f08de3552d6", "a828db8a503476cdd03ae7dca2e8d547acc4c6f3af139c5fd45f9948a128da67", "3970c7b91720a57f356bc895c164f92e776f8e946ff1b059ea0b210b260c256c", "879914057bce3a36fc6736cfdcf0492b622ed5eeb3a2e930f9cda48d1c6157fd", "9a7075f81112630b9569f5463293a6a96a7d0624d47e5bf786cff0d479ce50dd", "9b86d3eceda1e624e9881973daec758e29304f0f6fefd5c5debaf62200462545", "09c60f53c40df2a7318c619692756096a1a4a5c485f14e033aae08dcd653df22", "ffa09d8400871f639dd233a6e37deb7248de7ecf7c897f836985da057c73d986", "23ee90260a961a345f216fa590850992a50af61aa6a8e8934d23fc4c44529634", "c86e5f0c113c534daa1fbc91a82dbd31b038b617ebdb1dc0327b4dfda1a6edd8", "dd2ce215057e11030001f03813e116c4b11406d75068681cf0cc41de4aba2667", "c7cb474d6a0c30f8e6f8533879a3dfc569aa5a861df16bb0ea0489fc1b627d13", "1dd8c3b05b5324703f758c6ad1ba609de4143170b93c1eefc20c14545bd44b08"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "malware-generic-dotnet-trojan-uses-random-guid-mutex", "hashes": ["f7b8d63457a0f9193fc2343f3e84600adb9d20a5de738c5f58ea3625c059439b", "08129aba55d0282cf9bddbbd2b04499e972e321bec4477110a3df8ba5e26731a", "fd7389cfc829f7000267d0cb0accfcf4b8c2c73de0607b31899b0aee7356a26b", "e2e138502ef3e8e83dbbf02d02db73b021e383e592b39f3b658f68446a963da7", "8897996ae1cd40ab8ba2edb577e5845a65b3fe0c6efe90f3c27ee920ad591c2c", "cc7ef3e8d36e206de123e91a750ecc565fc7718c691fb477d0d2f1d853d1ad01", "dd72a3a6f50c0409c09567e9187c29b252734451b3a5814d1c60a377cdfaf739", "09ab7483ce488bc6cf7be401bf1246cf59cde5bc4ebe81d3aebb43ff2cd85398", "a3d578e74702ef75d093a8889312c107c4d13dda49e2b5a3691889fbe2974b37", "e433832a285407bc019d5b443c891ef1e436758aeb7afaf67d4151d8cd4d4c56", "54ab28a4fea3aab1315aa73ac2a1b89ce71761878e7c7a8392bf6f95f3d0e775", "a1974279f06f9e589582df17a106e0830baa549780f65ece88488acb535d0179", "2558cf38481549c9fdd11d2b3fde4b0168c8d7fb7726dd8f588e60e22794ac6b", "45cfd7b084155ba74c37f46ef6c7932e736ab50979b5a904cd0521c8ef894e28", "3badfd1548575cffa198d8be072123c415b9a8ec0f5e88338a9dc0b49259fa1c", "189fb3451b47f12e1fa298faf29a657bcf1451b9eecf8894e390a9b49bf065a7", "cd9e80f954e35a0d3a4a35d5e7376ef110dd391a3c3e3fbd640141d63c5b4c1c", "0ddd516729c268faf26249955752d44054a9b574bb4b7c98a734ec4c35513f7c", "00a41c3cdaa424eeb6319db533ba421d00deef10194ec3ed41baaff069abfbc6", "1d1f6ee67baf7713754ef87f61397cbc50201d2163c893fc48ef17fd5490f041", "b248e571e370c460158a6830cab97b373bb42a0097f1a53c7614eb855cd497bb", "ac1f1fc3b388480bb7bd199a62cbe6f29838116916185161546b049706f284aa", "4dc866260dab99e966d7c6b6bb95f687349109366aa42bd605bc75d4b9e47719", "c72494a079460be53a0ca6abb0d79d0bcf10b7910a10bd98add12f2ced6a0faf", "e5ef5ac327eb750ccf20d193afe786d7504285e10e275207fe96eb6f0720bd1f", "bcf334e20c396eff7811f125e008bce46940ef068f583a9c08d2b4c6ac5f5aff", "1bda936bb3a63072cd7ec02d904d5797e604d892e448ae92745c0b99bcb920ca", "82d3a9e6afd813acc280c1ed2b49d268528aca6d9b0ccba3933f1c734600dd16", "9cb370cedb049039b08ef47c226518ff3881bc8309c89b57e25dc042169ab96a", "f1d403c1118525c883c851f370e0736bf476f613f87797d3c1098df7a44fe299", "66293653ca713a861eb03ca30166d83f848795a08d0f3cbc552753dd06a4f49c", "c26d692da76ec707a09bb16fddf20918eae1a437771f88ac9f8906fd7733e882", "b0ba093319eb66f3b86b64d5c80468e50eb7b3d7d6367cdb76161f08de3552d6", "a828db8a503476cdd03ae7dca2e8d547acc4c6f3af139c5fd45f9948a128da67", "3970c7b91720a57f356bc895c164f92e776f8e946ff1b059ea0b210b260c256c", "879914057bce3a36fc6736cfdcf0492b622ed5eeb3a2e930f9cda48d1c6157fd", "9a7075f81112630b9569f5463293a6a96a7d0624d47e5bf786cff0d479ce50dd", "9b86d3eceda1e624e9881973daec758e29304f0f6fefd5c5debaf62200462545", "09c60f53c40df2a7318c619692756096a1a4a5c485f14e033aae08dcd653df22", "ffa09d8400871f639dd233a6e37deb7248de7ecf7c897f836985da057c73d986", "23ee90260a961a345f216fa590850992a50af61aa6a8e8934d23fc4c44529634", "c86e5f0c113c534daa1fbc91a82dbd31b038b617ebdb1dc0327b4dfda1a6edd8", "dd2ce215057e11030001f03813e116c4b11406d75068681cf0cc41de4aba2667", "c7cb474d6a0c30f8e6f8533879a3dfc569aa5a861df16bb0ea0489fc1b627d13", "1dd8c3b05b5324703f758c6ad1ba609de4143170b93c1eefc20c14545bd44b08"], "mitre_attack_tags": []}, {"bi": "pe-uses-fasm", "hashes": ["f7b8d63457a0f9193fc2343f3e84600adb9d20a5de738c5f58ea3625c059439b", "08129aba55d0282cf9bddbbd2b04499e972e321bec4477110a3df8ba5e26731a", "fd7389cfc829f7000267d0cb0accfcf4b8c2c73de0607b31899b0aee7356a26b", "e2e138502ef3e8e83dbbf02d02db73b021e383e592b39f3b658f68446a963da7", "8897996ae1cd40ab8ba2edb577e5845a65b3fe0c6efe90f3c27ee920ad591c2c", "cc7ef3e8d36e206de123e91a750ecc565fc7718c691fb477d0d2f1d853d1ad01", "dd72a3a6f50c0409c09567e9187c29b252734451b3a5814d1c60a377cdfaf739", "09ab7483ce488bc6cf7be401bf1246cf59cde5bc4ebe81d3aebb43ff2cd85398", "a3d578e74702ef75d093a8889312c107c4d13dda49e2b5a3691889fbe2974b37", "e433832a285407bc019d5b443c891ef1e436758aeb7afaf67d4151d8cd4d4c56", "54ab28a4fea3aab1315aa73ac2a1b89ce71761878e7c7a8392bf6f95f3d0e775", "a1974279f06f9e589582df17a106e0830baa549780f65ece88488acb535d0179", "2558cf38481549c9fdd11d2b3fde4b0168c8d7fb7726dd8f588e60e22794ac6b", "45cfd7b084155ba74c37f46ef6c7932e736ab50979b5a904cd0521c8ef894e28", "3badfd1548575cffa198d8be072123c415b9a8ec0f5e88338a9dc0b49259fa1c", "189fb3451b47f12e1fa298faf29a657bcf1451b9eecf8894e390a9b49bf065a7", "cd9e80f954e35a0d3a4a35d5e7376ef110dd391a3c3e3fbd640141d63c5b4c1c", "0ddd516729c268faf26249955752d44054a9b574bb4b7c98a734ec4c35513f7c", "00a41c3cdaa424eeb6319db533ba421d00deef10194ec3ed41baaff069abfbc6", "1d1f6ee67baf7713754ef87f61397cbc50201d2163c893fc48ef17fd5490f041", "b248e571e370c460158a6830cab97b373bb42a0097f1a53c7614eb855cd497bb", "ac1f1fc3b388480bb7bd199a62cbe6f29838116916185161546b049706f284aa", "4dc866260dab99e966d7c6b6bb95f687349109366aa42bd605bc75d4b9e47719", "c72494a079460be53a0ca6abb0d79d0bcf10b7910a10bd98add12f2ced6a0faf", "e5ef5ac327eb750ccf20d193afe786d7504285e10e275207fe96eb6f0720bd1f", "bcf334e20c396eff7811f125e008bce46940ef068f583a9c08d2b4c6ac5f5aff", "1bda936bb3a63072cd7ec02d904d5797e604d892e448ae92745c0b99bcb920ca", "82d3a9e6afd813acc280c1ed2b49d268528aca6d9b0ccba3933f1c734600dd16", "9cb370cedb049039b08ef47c226518ff3881bc8309c89b57e25dc042169ab96a", "f1d403c1118525c883c851f370e0736bf476f613f87797d3c1098df7a44fe299", "66293653ca713a861eb03ca30166d83f848795a08d0f3cbc552753dd06a4f49c", "c26d692da76ec707a09bb16fddf20918eae1a437771f88ac9f8906fd7733e882", "b0ba093319eb66f3b86b64d5c80468e50eb7b3d7d6367cdb76161f08de3552d6", "a828db8a503476cdd03ae7dca2e8d547acc4c6f3af139c5fd45f9948a128da67", "3970c7b91720a57f356bc895c164f92e776f8e946ff1b059ea0b210b260c256c", "879914057bce3a36fc6736cfdcf0492b622ed5eeb3a2e930f9cda48d1c6157fd", "9a7075f81112630b9569f5463293a6a96a7d0624d47e5bf786cff0d479ce50dd", "9b86d3eceda1e624e9881973daec758e29304f0f6fefd5c5debaf62200462545", "09c60f53c40df2a7318c619692756096a1a4a5c485f14e033aae08dcd653df22", "ffa09d8400871f639dd233a6e37deb7248de7ecf7c897f836985da057c73d986", "23ee90260a961a345f216fa590850992a50af61aa6a8e8934d23fc4c44529634", "c86e5f0c113c534daa1fbc91a82dbd31b038b617ebdb1dc0327b4dfda1a6edd8", "dd2ce215057e11030001f03813e116c4b11406d75068681cf0cc41de4aba2667", "c7cb474d6a0c30f8e6f8533879a3dfc569aa5a861df16bb0ea0489fc1b627d13", "1dd8c3b05b5324703f758c6ad1ba609de4143170b93c1eefc20c14545bd44b08"], "mitre_attack_tags": []}, {"bi": "pe-header-timestamp-future", "hashes": ["f7b8d63457a0f9193fc2343f3e84600adb9d20a5de738c5f58ea3625c059439b", "08129aba55d0282cf9bddbbd2b04499e972e321bec4477110a3df8ba5e26731a", "fd7389cfc829f7000267d0cb0accfcf4b8c2c73de0607b31899b0aee7356a26b", "e2e138502ef3e8e83dbbf02d02db73b021e383e592b39f3b658f68446a963da7", "8897996ae1cd40ab8ba2edb577e5845a65b3fe0c6efe90f3c27ee920ad591c2c", "cc7ef3e8d36e206de123e91a750ecc565fc7718c691fb477d0d2f1d853d1ad01", "dd72a3a6f50c0409c09567e9187c29b252734451b3a5814d1c60a377cdfaf739", "09ab7483ce488bc6cf7be401bf1246cf59cde5bc4ebe81d3aebb43ff2cd85398", "a3d578e74702ef75d093a8889312c107c4d13dda49e2b5a3691889fbe2974b37", "e433832a285407bc019d5b443c891ef1e436758aeb7afaf67d4151d8cd4d4c56", "54ab28a4fea3aab1315aa73ac2a1b89ce71761878e7c7a8392bf6f95f3d0e775", "a1974279f06f9e589582df17a106e0830baa549780f65ece88488acb535d0179", "2558cf38481549c9fdd11d2b3fde4b0168c8d7fb7726dd8f588e60e22794ac6b", "45cfd7b084155ba74c37f46ef6c7932e736ab50979b5a904cd0521c8ef894e28", "3badfd1548575cffa198d8be072123c415b9a8ec0f5e88338a9dc0b49259fa1c", "189fb3451b47f12e1fa298faf29a657bcf1451b9eecf8894e390a9b49bf065a7", "cd9e80f954e35a0d3a4a35d5e7376ef110dd391a3c3e3fbd640141d63c5b4c1c", "0ddd516729c268faf26249955752d44054a9b574bb4b7c98a734ec4c35513f7c", "00a41c3cdaa424eeb6319db533ba421d00deef10194ec3ed41baaff069abfbc6", "1d1f6ee67baf7713754ef87f61397cbc50201d2163c893fc48ef17fd5490f041", "b248e571e370c460158a6830cab97b373bb42a0097f1a53c7614eb855cd497bb", "ac1f1fc3b388480bb7bd199a62cbe6f29838116916185161546b049706f284aa", "4dc866260dab99e966d7c6b6bb95f687349109366aa42bd605bc75d4b9e47719", "c72494a079460be53a0ca6abb0d79d0bcf10b7910a10bd98add12f2ced6a0faf", "e5ef5ac327eb750ccf20d193afe786d7504285e10e275207fe96eb6f0720bd1f", "bcf334e20c396eff7811f125e008bce46940ef068f583a9c08d2b4c6ac5f5aff", "1bda936bb3a63072cd7ec02d904d5797e604d892e448ae92745c0b99bcb920ca", "82d3a9e6afd813acc280c1ed2b49d268528aca6d9b0ccba3933f1c734600dd16", "9cb370cedb049039b08ef47c226518ff3881bc8309c89b57e25dc042169ab96a", "f1d403c1118525c883c851f370e0736bf476f613f87797d3c1098df7a44fe299", "66293653ca713a861eb03ca30166d83f848795a08d0f3cbc552753dd06a4f49c", "c26d692da76ec707a09bb16fddf20918eae1a437771f88ac9f8906fd7733e882", "b0ba093319eb66f3b86b64d5c80468e50eb7b3d7d6367cdb76161f08de3552d6", "a828db8a503476cdd03ae7dca2e8d547acc4c6f3af139c5fd45f9948a128da67", "3970c7b91720a57f356bc895c164f92e776f8e946ff1b059ea0b210b260c256c", "879914057bce3a36fc6736cfdcf0492b622ed5eeb3a2e930f9cda48d1c6157fd", "9a7075f81112630b9569f5463293a6a96a7d0624d47e5bf786cff0d479ce50dd", "9b86d3eceda1e624e9881973daec758e29304f0f6fefd5c5debaf62200462545", "09c60f53c40df2a7318c619692756096a1a4a5c485f14e033aae08dcd653df22", "ffa09d8400871f639dd233a6e37deb7248de7ecf7c897f836985da057c73d986", "23ee90260a961a345f216fa590850992a50af61aa6a8e8934d23fc4c44529634", "c86e5f0c113c534daa1fbc91a82dbd31b038b617ebdb1dc0327b4dfda1a6edd8", "dd2ce215057e11030001f03813e116c4b11406d75068681cf0cc41de4aba2667", "c7cb474d6a0c30f8e6f8533879a3dfc569aa5a861df16bb0ea0489fc1b627d13", "1dd8c3b05b5324703f758c6ad1ba609de4143170b93c1eefc20c14545bd44b08"], "mitre_attack_tags": []}, {"bi": "registry-disable-windefender", "hashes": ["f7b8d63457a0f9193fc2343f3e84600adb9d20a5de738c5f58ea3625c059439b", "08129aba55d0282cf9bddbbd2b04499e972e321bec4477110a3df8ba5e26731a", "fd7389cfc829f7000267d0cb0accfcf4b8c2c73de0607b31899b0aee7356a26b", "e2e138502ef3e8e83dbbf02d02db73b021e383e592b39f3b658f68446a963da7", "8897996ae1cd40ab8ba2edb577e5845a65b3fe0c6efe90f3c27ee920ad591c2c", "cc7ef3e8d36e206de123e91a750ecc565fc7718c691fb477d0d2f1d853d1ad01", "dd72a3a6f50c0409c09567e9187c29b252734451b3a5814d1c60a377cdfaf739", "09ab7483ce488bc6cf7be401bf1246cf59cde5bc4ebe81d3aebb43ff2cd85398", "a3d578e74702ef75d093a8889312c107c4d13dda49e2b5a3691889fbe2974b37", "e433832a285407bc019d5b443c891ef1e436758aeb7afaf67d4151d8cd4d4c56", "54ab28a4fea3aab1315aa73ac2a1b89ce71761878e7c7a8392bf6f95f3d0e775", "a1974279f06f9e589582df17a106e0830baa549780f65ece88488acb535d0179", "2558cf38481549c9fdd11d2b3fde4b0168c8d7fb7726dd8f588e60e22794ac6b", "45cfd7b084155ba74c37f46ef6c7932e736ab50979b5a904cd0521c8ef894e28", "3badfd1548575cffa198d8be072123c415b9a8ec0f5e88338a9dc0b49259fa1c", "189fb3451b47f12e1fa298faf29a657bcf1451b9eecf8894e390a9b49bf065a7", "cd9e80f954e35a0d3a4a35d5e7376ef110dd391a3c3e3fbd640141d63c5b4c1c", "0ddd516729c268faf26249955752d44054a9b574bb4b7c98a734ec4c35513f7c", "00a41c3cdaa424eeb6319db533ba421d00deef10194ec3ed41baaff069abfbc6", "1d1f6ee67baf7713754ef87f61397cbc50201d2163c893fc48ef17fd5490f041", "b248e571e370c460158a6830cab97b373bb42a0097f1a53c7614eb855cd497bb", "ac1f1fc3b388480bb7bd199a62cbe6f29838116916185161546b049706f284aa", "4dc866260dab99e966d7c6b6bb95f687349109366aa42bd605bc75d4b9e47719", "c72494a079460be53a0ca6abb0d79d0bcf10b7910a10bd98add12f2ced6a0faf", "e5ef5ac327eb750ccf20d193afe786d7504285e10e275207fe96eb6f0720bd1f", "bcf334e20c396eff7811f125e008bce46940ef068f583a9c08d2b4c6ac5f5aff", "1bda936bb3a63072cd7ec02d904d5797e604d892e448ae92745c0b99bcb920ca", "82d3a9e6afd813acc280c1ed2b49d268528aca6d9b0ccba3933f1c734600dd16", "9cb370cedb049039b08ef47c226518ff3881bc8309c89b57e25dc042169ab96a", "f1d403c1118525c883c851f370e0736bf476f613f87797d3c1098df7a44fe299", "66293653ca713a861eb03ca30166d83f848795a08d0f3cbc552753dd06a4f49c", "c26d692da76ec707a09bb16fddf20918eae1a437771f88ac9f8906fd7733e882", "b0ba093319eb66f3b86b64d5c80468e50eb7b3d7d6367cdb76161f08de3552d6", "a828db8a503476cdd03ae7dca2e8d547acc4c6f3af139c5fd45f9948a128da67", "3970c7b91720a57f356bc895c164f92e776f8e946ff1b059ea0b210b260c256c", "879914057bce3a36fc6736cfdcf0492b622ed5eeb3a2e930f9cda48d1c6157fd", "9a7075f81112630b9569f5463293a6a96a7d0624d47e5bf786cff0d479ce50dd", "9b86d3eceda1e624e9881973daec758e29304f0f6fefd5c5debaf62200462545", "09c60f53c40df2a7318c619692756096a1a4a5c485f14e033aae08dcd653df22", "ffa09d8400871f639dd233a6e37deb7248de7ecf7c897f836985da057c73d986", "23ee90260a961a345f216fa590850992a50af61aa6a8e8934d23fc4c44529634", "c86e5f0c113c534daa1fbc91a82dbd31b038b617ebdb1dc0327b4dfda1a6edd8", "dd2ce215057e11030001f03813e116c4b11406d75068681cf0cc41de4aba2667", "c7cb474d6a0c30f8e6f8533879a3dfc569aa5a861df16bb0ea0489fc1b627d13", "1dd8c3b05b5324703f758c6ad1ba609de4143170b93c1eefc20c14545bd44b08"], "mitre_attack_tags": ["TA0005", "T1562"]}, {"bi": "task-pointed-to-appdata-directory", "hashes": ["f7b8d63457a0f9193fc2343f3e84600adb9d20a5de738c5f58ea3625c059439b", "08129aba55d0282cf9bddbbd2b04499e972e321bec4477110a3df8ba5e26731a", "fd7389cfc829f7000267d0cb0accfcf4b8c2c73de0607b31899b0aee7356a26b", "e2e138502ef3e8e83dbbf02d02db73b021e383e592b39f3b658f68446a963da7", "8897996ae1cd40ab8ba2edb577e5845a65b3fe0c6efe90f3c27ee920ad591c2c", "cc7ef3e8d36e206de123e91a750ecc565fc7718c691fb477d0d2f1d853d1ad01", "dd72a3a6f50c0409c09567e9187c29b252734451b3a5814d1c60a377cdfaf739", "09ab7483ce488bc6cf7be401bf1246cf59cde5bc4ebe81d3aebb43ff2cd85398", "a3d578e74702ef75d093a8889312c107c4d13dda49e2b5a3691889fbe2974b37", "e433832a285407bc019d5b443c891ef1e436758aeb7afaf67d4151d8cd4d4c56", "54ab28a4fea3aab1315aa73ac2a1b89ce71761878e7c7a8392bf6f95f3d0e775", "a1974279f06f9e589582df17a106e0830baa549780f65ece88488acb535d0179", "2558cf38481549c9fdd11d2b3fde4b0168c8d7fb7726dd8f588e60e22794ac6b", "45cfd7b084155ba74c37f46ef6c7932e736ab50979b5a904cd0521c8ef894e28", "3badfd1548575cffa198d8be072123c415b9a8ec0f5e88338a9dc0b49259fa1c", "189fb3451b47f12e1fa298faf29a657bcf1451b9eecf8894e390a9b49bf065a7", "cd9e80f954e35a0d3a4a35d5e7376ef110dd391a3c3e3fbd640141d63c5b4c1c", "0ddd516729c268faf26249955752d44054a9b574bb4b7c98a734ec4c35513f7c", "00a41c3cdaa424eeb6319db533ba421d00deef10194ec3ed41baaff069abfbc6", "1d1f6ee67baf7713754ef87f61397cbc50201d2163c893fc48ef17fd5490f041", "b248e571e370c460158a6830cab97b373bb42a0097f1a53c7614eb855cd497bb", "ac1f1fc3b388480bb7bd199a62cbe6f29838116916185161546b049706f284aa", "4dc866260dab99e966d7c6b6bb95f687349109366aa42bd605bc75d4b9e47719", "c72494a079460be53a0ca6abb0d79d0bcf10b7910a10bd98add12f2ced6a0faf", "e5ef5ac327eb750ccf20d193afe786d7504285e10e275207fe96eb6f0720bd1f", "bcf334e20c396eff7811f125e008bce46940ef068f583a9c08d2b4c6ac5f5aff", "1bda936bb3a63072cd7ec02d904d5797e604d892e448ae92745c0b99bcb920ca", "82d3a9e6afd813acc280c1ed2b49d268528aca6d9b0ccba3933f1c734600dd16", "9cb370cedb049039b08ef47c226518ff3881bc8309c89b57e25dc042169ab96a", "f1d403c1118525c883c851f370e0736bf476f613f87797d3c1098df7a44fe299", "66293653ca713a861eb03ca30166d83f848795a08d0f3cbc552753dd06a4f49c", "c26d692da76ec707a09bb16fddf20918eae1a437771f88ac9f8906fd7733e882", "b0ba093319eb66f3b86b64d5c80468e50eb7b3d7d6367cdb76161f08de3552d6", "a828db8a503476cdd03ae7dca2e8d547acc4c6f3af139c5fd45f9948a128da67", "3970c7b91720a57f356bc895c164f92e776f8e946ff1b059ea0b210b260c256c", "879914057bce3a36fc6736cfdcf0492b622ed5eeb3a2e930f9cda48d1c6157fd", "9a7075f81112630b9569f5463293a6a96a7d0624d47e5bf786cff0d479ce50dd", "9b86d3eceda1e624e9881973daec758e29304f0f6fefd5c5debaf62200462545", "09c60f53c40df2a7318c619692756096a1a4a5c485f14e033aae08dcd653df22", "ffa09d8400871f639dd233a6e37deb7248de7ecf7c897f836985da057c73d986", "23ee90260a961a345f216fa590850992a50af61aa6a8e8934d23fc4c44529634", "c86e5f0c113c534daa1fbc91a82dbd31b038b617ebdb1dc0327b4dfda1a6edd8", "dd2ce215057e11030001f03813e116c4b11406d75068681cf0cc41de4aba2667", "c7cb474d6a0c30f8e6f8533879a3dfc569aa5a861df16bb0ea0489fc1b627d13", "1dd8c3b05b5324703f758c6ad1ba609de4143170b93c1eefc20c14545bd44b08"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1053"]}, {"bi": "registry-user-shell-folder-modified", "hashes": ["f7b8d63457a0f9193fc2343f3e84600adb9d20a5de738c5f58ea3625c059439b", "08129aba55d0282cf9bddbbd2b04499e972e321bec4477110a3df8ba5e26731a", "fd7389cfc829f7000267d0cb0accfcf4b8c2c73de0607b31899b0aee7356a26b", "e2e138502ef3e8e83dbbf02d02db73b021e383e592b39f3b658f68446a963da7", "8897996ae1cd40ab8ba2edb577e5845a65b3fe0c6efe90f3c27ee920ad591c2c", "cc7ef3e8d36e206de123e91a750ecc565fc7718c691fb477d0d2f1d853d1ad01", "dd72a3a6f50c0409c09567e9187c29b252734451b3a5814d1c60a377cdfaf739", "09ab7483ce488bc6cf7be401bf1246cf59cde5bc4ebe81d3aebb43ff2cd85398", "a3d578e74702ef75d093a8889312c107c4d13dda49e2b5a3691889fbe2974b37", "e433832a285407bc019d5b443c891ef1e436758aeb7afaf67d4151d8cd4d4c56", "54ab28a4fea3aab1315aa73ac2a1b89ce71761878e7c7a8392bf6f95f3d0e775", "a1974279f06f9e589582df17a106e0830baa549780f65ece88488acb535d0179", "2558cf38481549c9fdd11d2b3fde4b0168c8d7fb7726dd8f588e60e22794ac6b", "45cfd7b084155ba74c37f46ef6c7932e736ab50979b5a904cd0521c8ef894e28", "3badfd1548575cffa198d8be072123c415b9a8ec0f5e88338a9dc0b49259fa1c", "189fb3451b47f12e1fa298faf29a657bcf1451b9eecf8894e390a9b49bf065a7", "cd9e80f954e35a0d3a4a35d5e7376ef110dd391a3c3e3fbd640141d63c5b4c1c", "0ddd516729c268faf26249955752d44054a9b574bb4b7c98a734ec4c35513f7c", "00a41c3cdaa424eeb6319db533ba421d00deef10194ec3ed41baaff069abfbc6", "1d1f6ee67baf7713754ef87f61397cbc50201d2163c893fc48ef17fd5490f041", "b248e571e370c460158a6830cab97b373bb42a0097f1a53c7614eb855cd497bb", "ac1f1fc3b388480bb7bd199a62cbe6f29838116916185161546b049706f284aa", "4dc866260dab99e966d7c6b6bb95f687349109366aa42bd605bc75d4b9e47719", "c72494a079460be53a0ca6abb0d79d0bcf10b7910a10bd98add12f2ced6a0faf", "e5ef5ac327eb750ccf20d193afe786d7504285e10e275207fe96eb6f0720bd1f", "bcf334e20c396eff7811f125e008bce46940ef068f583a9c08d2b4c6ac5f5aff", "1bda936bb3a63072cd7ec02d904d5797e604d892e448ae92745c0b99bcb920ca", "82d3a9e6afd813acc280c1ed2b49d268528aca6d9b0ccba3933f1c734600dd16", "9cb370cedb049039b08ef47c226518ff3881bc8309c89b57e25dc042169ab96a", "f1d403c1118525c883c851f370e0736bf476f613f87797d3c1098df7a44fe299", "66293653ca713a861eb03ca30166d83f848795a08d0f3cbc552753dd06a4f49c", "c26d692da76ec707a09bb16fddf20918eae1a437771f88ac9f8906fd7733e882", "b0ba093319eb66f3b86b64d5c80468e50eb7b3d7d6367cdb76161f08de3552d6", "a828db8a503476cdd03ae7dca2e8d547acc4c6f3af139c5fd45f9948a128da67", "3970c7b91720a57f356bc895c164f92e776f8e946ff1b059ea0b210b260c256c", "879914057bce3a36fc6736cfdcf0492b622ed5eeb3a2e930f9cda48d1c6157fd", "9a7075f81112630b9569f5463293a6a96a7d0624d47e5bf786cff0d479ce50dd", "9b86d3eceda1e624e9881973daec758e29304f0f6fefd5c5debaf62200462545", "09c60f53c40df2a7318c619692756096a1a4a5c485f14e033aae08dcd653df22", "ffa09d8400871f639dd233a6e37deb7248de7ecf7c897f836985da057c73d986", "23ee90260a961a345f216fa590850992a50af61aa6a8e8934d23fc4c44529634", "c86e5f0c113c534daa1fbc91a82dbd31b038b617ebdb1dc0327b4dfda1a6edd8", "dd2ce215057e11030001f03813e116c4b11406d75068681cf0cc41de4aba2667", "c7cb474d6a0c30f8e6f8533879a3dfc569aa5a861df16bb0ea0489fc1b627d13", "1dd8c3b05b5324703f758c6ad1ba609de4143170b93c1eefc20c14545bd44b08"], "mitre_attack_tags": ["TA0005", "TA0003", "TA0004", "T1112", "T1547"]}, {"bi": "malware-generic-infostealer", "hashes": ["f7b8d63457a0f9193fc2343f3e84600adb9d20a5de738c5f58ea3625c059439b", "08129aba55d0282cf9bddbbd2b04499e972e321bec4477110a3df8ba5e26731a", "fd7389cfc829f7000267d0cb0accfcf4b8c2c73de0607b31899b0aee7356a26b", "e2e138502ef3e8e83dbbf02d02db73b021e383e592b39f3b658f68446a963da7", "8897996ae1cd40ab8ba2edb577e5845a65b3fe0c6efe90f3c27ee920ad591c2c", "cc7ef3e8d36e206de123e91a750ecc565fc7718c691fb477d0d2f1d853d1ad01", "dd72a3a6f50c0409c09567e9187c29b252734451b3a5814d1c60a377cdfaf739", "09ab7483ce488bc6cf7be401bf1246cf59cde5bc4ebe81d3aebb43ff2cd85398", "a3d578e74702ef75d093a8889312c107c4d13dda49e2b5a3691889fbe2974b37", "e433832a285407bc019d5b443c891ef1e436758aeb7afaf67d4151d8cd4d4c56", "54ab28a4fea3aab1315aa73ac2a1b89ce71761878e7c7a8392bf6f95f3d0e775", "a1974279f06f9e589582df17a106e0830baa549780f65ece88488acb535d0179", "2558cf38481549c9fdd11d2b3fde4b0168c8d7fb7726dd8f588e60e22794ac6b", "45cfd7b084155ba74c37f46ef6c7932e736ab50979b5a904cd0521c8ef894e28", "3badfd1548575cffa198d8be072123c415b9a8ec0f5e88338a9dc0b49259fa1c", "189fb3451b47f12e1fa298faf29a657bcf1451b9eecf8894e390a9b49bf065a7", "cd9e80f954e35a0d3a4a35d5e7376ef110dd391a3c3e3fbd640141d63c5b4c1c", "0ddd516729c268faf26249955752d44054a9b574bb4b7c98a734ec4c35513f7c", "00a41c3cdaa424eeb6319db533ba421d00deef10194ec3ed41baaff069abfbc6", "1d1f6ee67baf7713754ef87f61397cbc50201d2163c893fc48ef17fd5490f041", "b248e571e370c460158a6830cab97b373bb42a0097f1a53c7614eb855cd497bb", "ac1f1fc3b388480bb7bd199a62cbe6f29838116916185161546b049706f284aa", "4dc866260dab99e966d7c6b6bb95f687349109366aa42bd605bc75d4b9e47719", "c72494a079460be53a0ca6abb0d79d0bcf10b7910a10bd98add12f2ced6a0faf", "e5ef5ac327eb750ccf20d193afe786d7504285e10e275207fe96eb6f0720bd1f", "bcf334e20c396eff7811f125e008bce46940ef068f583a9c08d2b4c6ac5f5aff", "1bda936bb3a63072cd7ec02d904d5797e604d892e448ae92745c0b99bcb920ca", "82d3a9e6afd813acc280c1ed2b49d268528aca6d9b0ccba3933f1c734600dd16", "9cb370cedb049039b08ef47c226518ff3881bc8309c89b57e25dc042169ab96a", "f1d403c1118525c883c851f370e0736bf476f613f87797d3c1098df7a44fe299", "66293653ca713a861eb03ca30166d83f848795a08d0f3cbc552753dd06a4f49c", "c26d692da76ec707a09bb16fddf20918eae1a437771f88ac9f8906fd7733e882", "b0ba093319eb66f3b86b64d5c80468e50eb7b3d7d6367cdb76161f08de3552d6", "a828db8a503476cdd03ae7dca2e8d547acc4c6f3af139c5fd45f9948a128da67", "3970c7b91720a57f356bc895c164f92e776f8e946ff1b059ea0b210b260c256c", "879914057bce3a36fc6736cfdcf0492b622ed5eeb3a2e930f9cda48d1c6157fd", "9a7075f81112630b9569f5463293a6a96a7d0624d47e5bf786cff0d479ce50dd", "9b86d3eceda1e624e9881973daec758e29304f0f6fefd5c5debaf62200462545", "09c60f53c40df2a7318c619692756096a1a4a5c485f14e033aae08dcd653df22", "ffa09d8400871f639dd233a6e37deb7248de7ecf7c897f836985da057c73d986", "23ee90260a961a345f216fa590850992a50af61aa6a8e8934d23fc4c44529634", "c86e5f0c113c534daa1fbc91a82dbd31b038b617ebdb1dc0327b4dfda1a6edd8", "dd2ce215057e11030001f03813e116c4b11406d75068681cf0cc41de4aba2667", "c7cb474d6a0c30f8e6f8533879a3dfc569aa5a861df16bb0ea0489fc1b627d13", "1dd8c3b05b5324703f758c6ad1ba609de4143170b93c1eefc20c14545bd44b08"], "mitre_attack_tags": ["TA0007", "TA0009", "TA0006", "T1083", "T1005", "T1119", "T1552"]}, {"bi": "enumeration-cryptocurrency-information", "hashes": ["f7b8d63457a0f9193fc2343f3e84600adb9d20a5de738c5f58ea3625c059439b", "08129aba55d0282cf9bddbbd2b04499e972e321bec4477110a3df8ba5e26731a", "fd7389cfc829f7000267d0cb0accfcf4b8c2c73de0607b31899b0aee7356a26b", "e2e138502ef3e8e83dbbf02d02db73b021e383e592b39f3b658f68446a963da7", "8897996ae1cd40ab8ba2edb577e5845a65b3fe0c6efe90f3c27ee920ad591c2c", "cc7ef3e8d36e206de123e91a750ecc565fc7718c691fb477d0d2f1d853d1ad01", "dd72a3a6f50c0409c09567e9187c29b252734451b3a5814d1c60a377cdfaf739", "09ab7483ce488bc6cf7be401bf1246cf59cde5bc4ebe81d3aebb43ff2cd85398", "a3d578e74702ef75d093a8889312c107c4d13dda49e2b5a3691889fbe2974b37", "e433832a285407bc019d5b443c891ef1e436758aeb7afaf67d4151d8cd4d4c56", "54ab28a4fea3aab1315aa73ac2a1b89ce71761878e7c7a8392bf6f95f3d0e775", "a1974279f06f9e589582df17a106e0830baa549780f65ece88488acb535d0179", "2558cf38481549c9fdd11d2b3fde4b0168c8d7fb7726dd8f588e60e22794ac6b", "45cfd7b084155ba74c37f46ef6c7932e736ab50979b5a904cd0521c8ef894e28", "3badfd1548575cffa198d8be072123c415b9a8ec0f5e88338a9dc0b49259fa1c", "189fb3451b47f12e1fa298faf29a657bcf1451b9eecf8894e390a9b49bf065a7", "cd9e80f954e35a0d3a4a35d5e7376ef110dd391a3c3e3fbd640141d63c5b4c1c", "0ddd516729c268faf26249955752d44054a9b574bb4b7c98a734ec4c35513f7c", "00a41c3cdaa424eeb6319db533ba421d00deef10194ec3ed41baaff069abfbc6", "1d1f6ee67baf7713754ef87f61397cbc50201d2163c893fc48ef17fd5490f041", "b248e571e370c460158a6830cab97b373bb42a0097f1a53c7614eb855cd497bb", "ac1f1fc3b388480bb7bd199a62cbe6f29838116916185161546b049706f284aa", "4dc866260dab99e966d7c6b6bb95f687349109366aa42bd605bc75d4b9e47719", "c72494a079460be53a0ca6abb0d79d0bcf10b7910a10bd98add12f2ced6a0faf", "e5ef5ac327eb750ccf20d193afe786d7504285e10e275207fe96eb6f0720bd1f", "bcf334e20c396eff7811f125e008bce46940ef068f583a9c08d2b4c6ac5f5aff", "1bda936bb3a63072cd7ec02d904d5797e604d892e448ae92745c0b99bcb920ca", "82d3a9e6afd813acc280c1ed2b49d268528aca6d9b0ccba3933f1c734600dd16", "9cb370cedb049039b08ef47c226518ff3881bc8309c89b57e25dc042169ab96a", "f1d403c1118525c883c851f370e0736bf476f613f87797d3c1098df7a44fe299", "66293653ca713a861eb03ca30166d83f848795a08d0f3cbc552753dd06a4f49c", "c26d692da76ec707a09bb16fddf20918eae1a437771f88ac9f8906fd7733e882", "b0ba093319eb66f3b86b64d5c80468e50eb7b3d7d6367cdb76161f08de3552d6", "a828db8a503476cdd03ae7dca2e8d547acc4c6f3af139c5fd45f9948a128da67", "3970c7b91720a57f356bc895c164f92e776f8e946ff1b059ea0b210b260c256c", "879914057bce3a36fc6736cfdcf0492b622ed5eeb3a2e930f9cda48d1c6157fd", "9a7075f81112630b9569f5463293a6a96a7d0624d47e5bf786cff0d479ce50dd", "9b86d3eceda1e624e9881973daec758e29304f0f6fefd5c5debaf62200462545", "09c60f53c40df2a7318c619692756096a1a4a5c485f14e033aae08dcd653df22", "ffa09d8400871f639dd233a6e37deb7248de7ecf7c897f836985da057c73d986", "23ee90260a961a345f216fa590850992a50af61aa6a8e8934d23fc4c44529634", "c86e5f0c113c534daa1fbc91a82dbd31b038b617ebdb1dc0327b4dfda1a6edd8", "dd2ce215057e11030001f03813e116c4b11406d75068681cf0cc41de4aba2667", "c7cb474d6a0c30f8e6f8533879a3dfc569aa5a861df16bb0ea0489fc1b627d13", "1dd8c3b05b5324703f758c6ad1ba609de4143170b93c1eefc20c14545bd44b08"], "mitre_attack_tags": ["TA0007", "TA0009", "TA0006", "T1083", "T1005", "T1119", "T1552"]}, {"bi": "enumeration-email-program-information", "hashes": ["f7b8d63457a0f9193fc2343f3e84600adb9d20a5de738c5f58ea3625c059439b", "08129aba55d0282cf9bddbbd2b04499e972e321bec4477110a3df8ba5e26731a", "fd7389cfc829f7000267d0cb0accfcf4b8c2c73de0607b31899b0aee7356a26b", "e2e138502ef3e8e83dbbf02d02db73b021e383e592b39f3b658f68446a963da7", "8897996ae1cd40ab8ba2edb577e5845a65b3fe0c6efe90f3c27ee920ad591c2c", "cc7ef3e8d36e206de123e91a750ecc565fc7718c691fb477d0d2f1d853d1ad01", "dd72a3a6f50c0409c09567e9187c29b252734451b3a5814d1c60a377cdfaf739", "09ab7483ce488bc6cf7be401bf1246cf59cde5bc4ebe81d3aebb43ff2cd85398", "a3d578e74702ef75d093a8889312c107c4d13dda49e2b5a3691889fbe2974b37", "e433832a285407bc019d5b443c891ef1e436758aeb7afaf67d4151d8cd4d4c56", "54ab28a4fea3aab1315aa73ac2a1b89ce71761878e7c7a8392bf6f95f3d0e775", "a1974279f06f9e589582df17a106e0830baa549780f65ece88488acb535d0179", "2558cf38481549c9fdd11d2b3fde4b0168c8d7fb7726dd8f588e60e22794ac6b", "45cfd7b084155ba74c37f46ef6c7932e736ab50979b5a904cd0521c8ef894e28", "3badfd1548575cffa198d8be072123c415b9a8ec0f5e88338a9dc0b49259fa1c", "189fb3451b47f12e1fa298faf29a657bcf1451b9eecf8894e390a9b49bf065a7", "cd9e80f954e35a0d3a4a35d5e7376ef110dd391a3c3e3fbd640141d63c5b4c1c", "0ddd516729c268faf26249955752d44054a9b574bb4b7c98a734ec4c35513f7c", "00a41c3cdaa424eeb6319db533ba421d00deef10194ec3ed41baaff069abfbc6", "1d1f6ee67baf7713754ef87f61397cbc50201d2163c893fc48ef17fd5490f041", "b248e571e370c460158a6830cab97b373bb42a0097f1a53c7614eb855cd497bb", "ac1f1fc3b388480bb7bd199a62cbe6f29838116916185161546b049706f284aa", "4dc866260dab99e966d7c6b6bb95f687349109366aa42bd605bc75d4b9e47719", "c72494a079460be53a0ca6abb0d79d0bcf10b7910a10bd98add12f2ced6a0faf", "e5ef5ac327eb750ccf20d193afe786d7504285e10e275207fe96eb6f0720bd1f", "bcf334e20c396eff7811f125e008bce46940ef068f583a9c08d2b4c6ac5f5aff", "1bda936bb3a63072cd7ec02d904d5797e604d892e448ae92745c0b99bcb920ca", "82d3a9e6afd813acc280c1ed2b49d268528aca6d9b0ccba3933f1c734600dd16", "9cb370cedb049039b08ef47c226518ff3881bc8309c89b57e25dc042169ab96a", "f1d403c1118525c883c851f370e0736bf476f613f87797d3c1098df7a44fe299", "66293653ca713a861eb03ca30166d83f848795a08d0f3cbc552753dd06a4f49c", "c26d692da76ec707a09bb16fddf20918eae1a437771f88ac9f8906fd7733e882", "b0ba093319eb66f3b86b64d5c80468e50eb7b3d7d6367cdb76161f08de3552d6", "a828db8a503476cdd03ae7dca2e8d547acc4c6f3af139c5fd45f9948a128da67", "3970c7b91720a57f356bc895c164f92e776f8e946ff1b059ea0b210b260c256c", "879914057bce3a36fc6736cfdcf0492b622ed5eeb3a2e930f9cda48d1c6157fd", "9a7075f81112630b9569f5463293a6a96a7d0624d47e5bf786cff0d479ce50dd", "9b86d3eceda1e624e9881973daec758e29304f0f6fefd5c5debaf62200462545", "09c60f53c40df2a7318c619692756096a1a4a5c485f14e033aae08dcd653df22", "ffa09d8400871f639dd233a6e37deb7248de7ecf7c897f836985da057c73d986", "23ee90260a961a345f216fa590850992a50af61aa6a8e8934d23fc4c44529634", "c86e5f0c113c534daa1fbc91a82dbd31b038b617ebdb1dc0327b4dfda1a6edd8", "dd2ce215057e11030001f03813e116c4b11406d75068681cf0cc41de4aba2667", "c7cb474d6a0c30f8e6f8533879a3dfc569aa5a861df16bb0ea0489fc1b627d13", "1dd8c3b05b5324703f758c6ad1ba609de4143170b93c1eefc20c14545bd44b08"], "mitre_attack_tags": ["TA0007", "TA0009", "TA0006", "T1083", "T1087", "T1005", "T1119", "T1114", "T1552"]}, {"bi": "enumeration-game-information", "hashes": ["f7b8d63457a0f9193fc2343f3e84600adb9d20a5de738c5f58ea3625c059439b", "08129aba55d0282cf9bddbbd2b04499e972e321bec4477110a3df8ba5e26731a", "fd7389cfc829f7000267d0cb0accfcf4b8c2c73de0607b31899b0aee7356a26b", "e2e138502ef3e8e83dbbf02d02db73b021e383e592b39f3b658f68446a963da7", "8897996ae1cd40ab8ba2edb577e5845a65b3fe0c6efe90f3c27ee920ad591c2c", "cc7ef3e8d36e206de123e91a750ecc565fc7718c691fb477d0d2f1d853d1ad01", "dd72a3a6f50c0409c09567e9187c29b252734451b3a5814d1c60a377cdfaf739", "09ab7483ce488bc6cf7be401bf1246cf59cde5bc4ebe81d3aebb43ff2cd85398", "a3d578e74702ef75d093a8889312c107c4d13dda49e2b5a3691889fbe2974b37", "e433832a285407bc019d5b443c891ef1e436758aeb7afaf67d4151d8cd4d4c56", "54ab28a4fea3aab1315aa73ac2a1b89ce71761878e7c7a8392bf6f95f3d0e775", "a1974279f06f9e589582df17a106e0830baa549780f65ece88488acb535d0179", "2558cf38481549c9fdd11d2b3fde4b0168c8d7fb7726dd8f588e60e22794ac6b", "45cfd7b084155ba74c37f46ef6c7932e736ab50979b5a904cd0521c8ef894e28", "3badfd1548575cffa198d8be072123c415b9a8ec0f5e88338a9dc0b49259fa1c", "189fb3451b47f12e1fa298faf29a657bcf1451b9eecf8894e390a9b49bf065a7", "cd9e80f954e35a0d3a4a35d5e7376ef110dd391a3c3e3fbd640141d63c5b4c1c", "0ddd516729c268faf26249955752d44054a9b574bb4b7c98a734ec4c35513f7c", "00a41c3cdaa424eeb6319db533ba421d00deef10194ec3ed41baaff069abfbc6", "1d1f6ee67baf7713754ef87f61397cbc50201d2163c893fc48ef17fd5490f041", "b248e571e370c460158a6830cab97b373bb42a0097f1a53c7614eb855cd497bb", "ac1f1fc3b388480bb7bd199a62cbe6f29838116916185161546b049706f284aa", "4dc866260dab99e966d7c6b6bb95f687349109366aa42bd605bc75d4b9e47719", "c72494a079460be53a0ca6abb0d79d0bcf10b7910a10bd98add12f2ced6a0faf", "e5ef5ac327eb750ccf20d193afe786d7504285e10e275207fe96eb6f0720bd1f", "bcf334e20c396eff7811f125e008bce46940ef068f583a9c08d2b4c6ac5f5aff", "1bda936bb3a63072cd7ec02d904d5797e604d892e448ae92745c0b99bcb920ca", "82d3a9e6afd813acc280c1ed2b49d268528aca6d9b0ccba3933f1c734600dd16", "9cb370cedb049039b08ef47c226518ff3881bc8309c89b57e25dc042169ab96a", "f1d403c1118525c883c851f370e0736bf476f613f87797d3c1098df7a44fe299", "66293653ca713a861eb03ca30166d83f848795a08d0f3cbc552753dd06a4f49c", "c26d692da76ec707a09bb16fddf20918eae1a437771f88ac9f8906fd7733e882", "b0ba093319eb66f3b86b64d5c80468e50eb7b3d7d6367cdb76161f08de3552d6", "a828db8a503476cdd03ae7dca2e8d547acc4c6f3af139c5fd45f9948a128da67", "3970c7b91720a57f356bc895c164f92e776f8e946ff1b059ea0b210b260c256c", "879914057bce3a36fc6736cfdcf0492b622ed5eeb3a2e930f9cda48d1c6157fd", "9a7075f81112630b9569f5463293a6a96a7d0624d47e5bf786cff0d479ce50dd", "9b86d3eceda1e624e9881973daec758e29304f0f6fefd5c5debaf62200462545", "09c60f53c40df2a7318c619692756096a1a4a5c485f14e033aae08dcd653df22", "ffa09d8400871f639dd233a6e37deb7248de7ecf7c897f836985da057c73d986", "23ee90260a961a345f216fa590850992a50af61aa6a8e8934d23fc4c44529634", "c86e5f0c113c534daa1fbc91a82dbd31b038b617ebdb1dc0327b4dfda1a6edd8", "dd2ce215057e11030001f03813e116c4b11406d75068681cf0cc41de4aba2667", "c7cb474d6a0c30f8e6f8533879a3dfc569aa5a861df16bb0ea0489fc1b627d13", "1dd8c3b05b5324703f758c6ad1ba609de4143170b93c1eefc20c14545bd44b08"], "mitre_attack_tags": ["TA0007", "TA0009", "TA0006", "T1083", "T1005", "T1119", "T1552", "T1555"]}, {"bi": "pe-uses-iexpress", "hashes": ["f7b8d63457a0f9193fc2343f3e84600adb9d20a5de738c5f58ea3625c059439b", "08129aba55d0282cf9bddbbd2b04499e972e321bec4477110a3df8ba5e26731a", "fd7389cfc829f7000267d0cb0accfcf4b8c2c73de0607b31899b0aee7356a26b", "e2e138502ef3e8e83dbbf02d02db73b021e383e592b39f3b658f68446a963da7", "8897996ae1cd40ab8ba2edb577e5845a65b3fe0c6efe90f3c27ee920ad591c2c", "cc7ef3e8d36e206de123e91a750ecc565fc7718c691fb477d0d2f1d853d1ad01", "dd72a3a6f50c0409c09567e9187c29b252734451b3a5814d1c60a377cdfaf739", "09ab7483ce488bc6cf7be401bf1246cf59cde5bc4ebe81d3aebb43ff2cd85398", "a3d578e74702ef75d093a8889312c107c4d13dda49e2b5a3691889fbe2974b37", "e433832a285407bc019d5b443c891ef1e436758aeb7afaf67d4151d8cd4d4c56", "54ab28a4fea3aab1315aa73ac2a1b89ce71761878e7c7a8392bf6f95f3d0e775", "a1974279f06f9e589582df17a106e0830baa549780f65ece88488acb535d0179", "2558cf38481549c9fdd11d2b3fde4b0168c8d7fb7726dd8f588e60e22794ac6b", "45cfd7b084155ba74c37f46ef6c7932e736ab50979b5a904cd0521c8ef894e28", "3badfd1548575cffa198d8be072123c415b9a8ec0f5e88338a9dc0b49259fa1c", "189fb3451b47f12e1fa298faf29a657bcf1451b9eecf8894e390a9b49bf065a7", "cd9e80f954e35a0d3a4a35d5e7376ef110dd391a3c3e3fbd640141d63c5b4c1c", "0ddd516729c268faf26249955752d44054a9b574bb4b7c98a734ec4c35513f7c", "00a41c3cdaa424eeb6319db533ba421d00deef10194ec3ed41baaff069abfbc6", "1d1f6ee67baf7713754ef87f61397cbc50201d2163c893fc48ef17fd5490f041", "b248e571e370c460158a6830cab97b373bb42a0097f1a53c7614eb855cd497bb", "ac1f1fc3b388480bb7bd199a62cbe6f29838116916185161546b049706f284aa", "4dc866260dab99e966d7c6b6bb95f687349109366aa42bd605bc75d4b9e47719", "c72494a079460be53a0ca6abb0d79d0bcf10b7910a10bd98add12f2ced6a0faf", "e5ef5ac327eb750ccf20d193afe786d7504285e10e275207fe96eb6f0720bd1f", "bcf334e20c396eff7811f125e008bce46940ef068f583a9c08d2b4c6ac5f5aff", "1bda936bb3a63072cd7ec02d904d5797e604d892e448ae92745c0b99bcb920ca", "82d3a9e6afd813acc280c1ed2b49d268528aca6d9b0ccba3933f1c734600dd16", "9cb370cedb049039b08ef47c226518ff3881bc8309c89b57e25dc042169ab96a", "f1d403c1118525c883c851f370e0736bf476f613f87797d3c1098df7a44fe299", "66293653ca713a861eb03ca30166d83f848795a08d0f3cbc552753dd06a4f49c", "c26d692da76ec707a09bb16fddf20918eae1a437771f88ac9f8906fd7733e882", "b0ba093319eb66f3b86b64d5c80468e50eb7b3d7d6367cdb76161f08de3552d6", "a828db8a503476cdd03ae7dca2e8d547acc4c6f3af139c5fd45f9948a128da67", "3970c7b91720a57f356bc895c164f92e776f8e946ff1b059ea0b210b260c256c", "879914057bce3a36fc6736cfdcf0492b622ed5eeb3a2e930f9cda48d1c6157fd", "9a7075f81112630b9569f5463293a6a96a7d0624d47e5bf786cff0d479ce50dd", "9b86d3eceda1e624e9881973daec758e29304f0f6fefd5c5debaf62200462545", "09c60f53c40df2a7318c619692756096a1a4a5c485f14e033aae08dcd653df22", "ffa09d8400871f639dd233a6e37deb7248de7ecf7c897f836985da057c73d986", "23ee90260a961a345f216fa590850992a50af61aa6a8e8934d23fc4c44529634", "c86e5f0c113c534daa1fbc91a82dbd31b038b617ebdb1dc0327b4dfda1a6edd8", "dd2ce215057e11030001f03813e116c4b11406d75068681cf0cc41de4aba2667", "c7cb474d6a0c30f8e6f8533879a3dfc569aa5a861df16bb0ea0489fc1b627d13", "1dd8c3b05b5324703f758c6ad1ba609de4143170b93c1eefc20c14545bd44b08"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "network-snort-server", "hashes": ["f7b8d63457a0f9193fc2343f3e84600adb9d20a5de738c5f58ea3625c059439b", "08129aba55d0282cf9bddbbd2b04499e972e321bec4477110a3df8ba5e26731a", "fd7389cfc829f7000267d0cb0accfcf4b8c2c73de0607b31899b0aee7356a26b", "e2e138502ef3e8e83dbbf02d02db73b021e383e592b39f3b658f68446a963da7", "8897996ae1cd40ab8ba2edb577e5845a65b3fe0c6efe90f3c27ee920ad591c2c", "cc7ef3e8d36e206de123e91a750ecc565fc7718c691fb477d0d2f1d853d1ad01", "dd72a3a6f50c0409c09567e9187c29b252734451b3a5814d1c60a377cdfaf739", "09ab7483ce488bc6cf7be401bf1246cf59cde5bc4ebe81d3aebb43ff2cd85398", "a3d578e74702ef75d093a8889312c107c4d13dda49e2b5a3691889fbe2974b37", "e433832a285407bc019d5b443c891ef1e436758aeb7afaf67d4151d8cd4d4c56", "a1974279f06f9e589582df17a106e0830baa549780f65ece88488acb535d0179", "2558cf38481549c9fdd11d2b3fde4b0168c8d7fb7726dd8f588e60e22794ac6b", "45cfd7b084155ba74c37f46ef6c7932e736ab50979b5a904cd0521c8ef894e28", "3badfd1548575cffa198d8be072123c415b9a8ec0f5e88338a9dc0b49259fa1c", "189fb3451b47f12e1fa298faf29a657bcf1451b9eecf8894e390a9b49bf065a7", "cd9e80f954e35a0d3a4a35d5e7376ef110dd391a3c3e3fbd640141d63c5b4c1c", "0ddd516729c268faf26249955752d44054a9b574bb4b7c98a734ec4c35513f7c", "00a41c3cdaa424eeb6319db533ba421d00deef10194ec3ed41baaff069abfbc6", "1d1f6ee67baf7713754ef87f61397cbc50201d2163c893fc48ef17fd5490f041", "b248e571e370c460158a6830cab97b373bb42a0097f1a53c7614eb855cd497bb", "ac1f1fc3b388480bb7bd199a62cbe6f29838116916185161546b049706f284aa", "4dc866260dab99e966d7c6b6bb95f687349109366aa42bd605bc75d4b9e47719", "c72494a079460be53a0ca6abb0d79d0bcf10b7910a10bd98add12f2ced6a0faf", "e5ef5ac327eb750ccf20d193afe786d7504285e10e275207fe96eb6f0720bd1f", "bcf334e20c396eff7811f125e008bce46940ef068f583a9c08d2b4c6ac5f5aff", "1bda936bb3a63072cd7ec02d904d5797e604d892e448ae92745c0b99bcb920ca", "82d3a9e6afd813acc280c1ed2b49d268528aca6d9b0ccba3933f1c734600dd16", "9cb370cedb049039b08ef47c226518ff3881bc8309c89b57e25dc042169ab96a", "f1d403c1118525c883c851f370e0736bf476f613f87797d3c1098df7a44fe299", "66293653ca713a861eb03ca30166d83f848795a08d0f3cbc552753dd06a4f49c", "c26d692da76ec707a09bb16fddf20918eae1a437771f88ac9f8906fd7733e882", "b0ba093319eb66f3b86b64d5c80468e50eb7b3d7d6367cdb76161f08de3552d6", "a828db8a503476cdd03ae7dca2e8d547acc4c6f3af139c5fd45f9948a128da67", "879914057bce3a36fc6736cfdcf0492b622ed5eeb3a2e930f9cda48d1c6157fd", "9a7075f81112630b9569f5463293a6a96a7d0624d47e5bf786cff0d479ce50dd", "9b86d3eceda1e624e9881973daec758e29304f0f6fefd5c5debaf62200462545", "09c60f53c40df2a7318c619692756096a1a4a5c485f14e033aae08dcd653df22", "ffa09d8400871f639dd233a6e37deb7248de7ecf7c897f836985da057c73d986", "23ee90260a961a345f216fa590850992a50af61aa6a8e8934d23fc4c44529634", "c86e5f0c113c534daa1fbc91a82dbd31b038b617ebdb1dc0327b4dfda1a6edd8", "dd2ce215057e11030001f03813e116c4b11406d75068681cf0cc41de4aba2667", "c7cb474d6a0c30f8e6f8533879a3dfc569aa5a861df16bb0ea0489fc1b627d13"], "mitre_attack_tags": []}, {"bi": "pe-invalid-checksum", "hashes": ["c330d20f3a5b2cdd00677996bbfedfab8cc02238f21bfae06dddac9b049559b4"], "mitre_attack_tags": []}, {"bi": "network-communications-http-get", "hashes": ["a828db8a503476cdd03ae7dca2e8d547acc4c6f3af139c5fd45f9948a128da67"], "mitre_attack_tags": ["TA0011", "T1105"]}, {"bi": "network-downloaded-executable", "hashes": ["a828db8a503476cdd03ae7dca2e8d547acc4c6f3af139c5fd45f9948a128da67"], "mitre_attack_tags": ["TA0011", "T1105"]}, {"bi": "network-snort-file-exe", "hashes": ["a828db8a503476cdd03ae7dca2e8d547acc4c6f3af139c5fd45f9948a128da67"], "mitre_attack_tags": []}, {"bi": "network-downloaded-obfuscated-executable", "hashes": ["a828db8a503476cdd03ae7dca2e8d547acc4c6f3af139c5fd45f9948a128da67"], "mitre_attack_tags": ["TA0005", "TA0011", "T1027", "T1105"]}, {"bi": "network-file-downloaded-to-disk", "hashes": ["a828db8a503476cdd03ae7dca2e8d547acc4c6f3af139c5fd45f9948a128da67"], "mitre_attack_tags": []}, {"bi": "network-downloaded-antivirus-flagged", "hashes": ["a828db8a503476cdd03ae7dca2e8d547acc4c6f3af139c5fd45f9948a128da67"], "mitre_attack_tags": []}, {"bi": "pe-imports-toolhelp", "hashes": ["a828db8a503476cdd03ae7dca2e8d547acc4c6f3af139c5fd45f9948a128da67"], "mitre_attack_tags": ["TA0007", "T1057"]}, {"bi": "registry-autorun-key-temp-dir", "hashes": ["a828db8a503476cdd03ae7dca2e8d547acc4c6f3af139c5fd45f9948a128da67"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}], "category": "Dropper", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": true, "Threat Grid": true, "Umbrella": false, "WSA": false}, "description": "Lokibot is an information-stealing malware designed to siphon sensitive information stored on an infected device. It is modular in nature, supporting the ability to steal sensitive information from several popular applications. It is commonly pushed via malicious documents delivered via spam emails.", "hashes": ["00a41c3cdaa424eeb6319db533ba421d00deef10194ec3ed41baaff069abfbc6", "08129aba55d0282cf9bddbbd2b04499e972e321bec4477110a3df8ba5e26731a", "09ab7483ce488bc6cf7be401bf1246cf59cde5bc4ebe81d3aebb43ff2cd85398", "09c60f53c40df2a7318c619692756096a1a4a5c485f14e033aae08dcd653df22", "0ddd516729c268faf26249955752d44054a9b574bb4b7c98a734ec4c35513f7c", "189fb3451b47f12e1fa298faf29a657bcf1451b9eecf8894e390a9b49bf065a7", "1bda936bb3a63072cd7ec02d904d5797e604d892e448ae92745c0b99bcb920ca", "1d1f6ee67baf7713754ef87f61397cbc50201d2163c893fc48ef17fd5490f041", "1dd8c3b05b5324703f758c6ad1ba609de4143170b93c1eefc20c14545bd44b08", "23ee90260a961a345f216fa590850992a50af61aa6a8e8934d23fc4c44529634", "2558cf38481549c9fdd11d2b3fde4b0168c8d7fb7726dd8f588e60e22794ac6b", "3970c7b91720a57f356bc895c164f92e776f8e946ff1b059ea0b210b260c256c", "3badfd1548575cffa198d8be072123c415b9a8ec0f5e88338a9dc0b49259fa1c", "45cfd7b084155ba74c37f46ef6c7932e736ab50979b5a904cd0521c8ef894e28", "4dc866260dab99e966d7c6b6bb95f687349109366aa42bd605bc75d4b9e47719", "54ab28a4fea3aab1315aa73ac2a1b89ce71761878e7c7a8392bf6f95f3d0e775", "66293653ca713a861eb03ca30166d83f848795a08d0f3cbc552753dd06a4f49c", "82d3a9e6afd813acc280c1ed2b49d268528aca6d9b0ccba3933f1c734600dd16", "879914057bce3a36fc6736cfdcf0492b622ed5eeb3a2e930f9cda48d1c6157fd", "8897996ae1cd40ab8ba2edb577e5845a65b3fe0c6efe90f3c27ee920ad591c2c", "9a7075f81112630b9569f5463293a6a96a7d0624d47e5bf786cff0d479ce50dd", "9b86d3eceda1e624e9881973daec758e29304f0f6fefd5c5debaf62200462545", "9cb370cedb049039b08ef47c226518ff3881bc8309c89b57e25dc042169ab96a", "a1974279f06f9e589582df17a106e0830baa549780f65ece88488acb535d0179", "a3d578e74702ef75d093a8889312c107c4d13dda49e2b5a3691889fbe2974b37", "a828db8a503476cdd03ae7dca2e8d547acc4c6f3af139c5fd45f9948a128da67", "ac1f1fc3b388480bb7bd199a62cbe6f29838116916185161546b049706f284aa", "b0ba093319eb66f3b86b64d5c80468e50eb7b3d7d6367cdb76161f08de3552d6", "b248e571e370c460158a6830cab97b373bb42a0097f1a53c7614eb855cd497bb", "bcf334e20c396eff7811f125e008bce46940ef068f583a9c08d2b4c6ac5f5aff", "c26d692da76ec707a09bb16fddf20918eae1a437771f88ac9f8906fd7733e882", "c330d20f3a5b2cdd00677996bbfedfab8cc02238f21bfae06dddac9b049559b4", "c72494a079460be53a0ca6abb0d79d0bcf10b7910a10bd98add12f2ced6a0faf", "c7cb474d6a0c30f8e6f8533879a3dfc569aa5a861df16bb0ea0489fc1b627d13", "c86e5f0c113c534daa1fbc91a82dbd31b038b617ebdb1dc0327b4dfda1a6edd8", "cc7ef3e8d36e206de123e91a750ecc565fc7718c691fb477d0d2f1d853d1ad01", "cd9e80f954e35a0d3a4a35d5e7376ef110dd391a3c3e3fbd640141d63c5b4c1c", "dd2ce215057e11030001f03813e116c4b11406d75068681cf0cc41de4aba2667", "dd72a3a6f50c0409c09567e9187c29b252734451b3a5814d1c60a377cdfaf739", "e2e138502ef3e8e83dbbf02d02db73b021e383e592b39f3b658f68446a963da7", "e433832a285407bc019d5b443c891ef1e436758aeb7afaf67d4151d8cd4d4c56", "e5ef5ac327eb750ccf20d193afe786d7504285e10e275207fe96eb6f0720bd1f", "f1d403c1118525c883c851f370e0736bf476f613f87797d3c1098df7a44fe299", "f7b8d63457a0f9193fc2343f3e84600adb9d20a5de738c5f58ea3625c059439b", "fd7389cfc829f7000267d0cb0accfcf4b8c2c73de0607b31899b0aee7356a26b", "ffa09d8400871f639dd233a6e37deb7248de7ecf7c897f836985da057c73d986"], "iocs": {"domain": [], "file": [{"hashes": ["00a41c3cdaa424eeb6319db533ba421d00deef10194ec3ed41baaff069abfbc6", "08129aba55d0282cf9bddbbd2b04499e972e321bec4477110a3df8ba5e26731a", "09ab7483ce488bc6cf7be401bf1246cf59cde5bc4ebe81d3aebb43ff2cd85398", "09c60f53c40df2a7318c619692756096a1a4a5c485f14e033aae08dcd653df22", "0ddd516729c268faf26249955752d44054a9b574bb4b7c98a734ec4c35513f7c", "189fb3451b47f12e1fa298faf29a657bcf1451b9eecf8894e390a9b49bf065a7", "1bda936bb3a63072cd7ec02d904d5797e604d892e448ae92745c0b99bcb920ca", "1d1f6ee67baf7713754ef87f61397cbc50201d2163c893fc48ef17fd5490f041", "1dd8c3b05b5324703f758c6ad1ba609de4143170b93c1eefc20c14545bd44b08", "23ee90260a961a345f216fa590850992a50af61aa6a8e8934d23fc4c44529634", "2558cf38481549c9fdd11d2b3fde4b0168c8d7fb7726dd8f588e60e22794ac6b", "3970c7b91720a57f356bc895c164f92e776f8e946ff1b059ea0b210b260c256c", "3badfd1548575cffa198d8be072123c415b9a8ec0f5e88338a9dc0b49259fa1c", "45cfd7b084155ba74c37f46ef6c7932e736ab50979b5a904cd0521c8ef894e28", "4dc866260dab99e966d7c6b6bb95f687349109366aa42bd605bc75d4b9e47719", "54ab28a4fea3aab1315aa73ac2a1b89ce71761878e7c7a8392bf6f95f3d0e775", "66293653ca713a861eb03ca30166d83f848795a08d0f3cbc552753dd06a4f49c", "82d3a9e6afd813acc280c1ed2b49d268528aca6d9b0ccba3933f1c734600dd16", "879914057bce3a36fc6736cfdcf0492b622ed5eeb3a2e930f9cda48d1c6157fd", "8897996ae1cd40ab8ba2edb577e5845a65b3fe0c6efe90f3c27ee920ad591c2c", "9a7075f81112630b9569f5463293a6a96a7d0624d47e5bf786cff0d479ce50dd", "9b86d3eceda1e624e9881973daec758e29304f0f6fefd5c5debaf62200462545", "9cb370cedb049039b08ef47c226518ff3881bc8309c89b57e25dc042169ab96a", "a1974279f06f9e589582df17a106e0830baa549780f65ece88488acb535d0179", "a3d578e74702ef75d093a8889312c107c4d13dda49e2b5a3691889fbe2974b37", "a828db8a503476cdd03ae7dca2e8d547acc4c6f3af139c5fd45f9948a128da67", "ac1f1fc3b388480bb7bd199a62cbe6f29838116916185161546b049706f284aa", "b0ba093319eb66f3b86b64d5c80468e50eb7b3d7d6367cdb76161f08de3552d6", "b248e571e370c460158a6830cab97b373bb42a0097f1a53c7614eb855cd497bb", "bcf334e20c396eff7811f125e008bce46940ef068f583a9c08d2b4c6ac5f5aff", "c26d692da76ec707a09bb16fddf20918eae1a437771f88ac9f8906fd7733e882", "c72494a079460be53a0ca6abb0d79d0bcf10b7910a10bd98add12f2ced6a0faf", "c7cb474d6a0c30f8e6f8533879a3dfc569aa5a861df16bb0ea0489fc1b627d13", "c86e5f0c113c534daa1fbc91a82dbd31b038b617ebdb1dc0327b4dfda1a6edd8", "cc7ef3e8d36e206de123e91a750ecc565fc7718c691fb477d0d2f1d853d1ad01", "cd9e80f954e35a0d3a4a35d5e7376ef110dd391a3c3e3fbd640141d63c5b4c1c", "dd2ce215057e11030001f03813e116c4b11406d75068681cf0cc41de4aba2667", "dd72a3a6f50c0409c09567e9187c29b252734451b3a5814d1c60a377cdfaf739", "e2e138502ef3e8e83dbbf02d02db73b021e383e592b39f3b658f68446a963da7", "e433832a285407bc019d5b443c891ef1e436758aeb7afaf67d4151d8cd4d4c56", "e5ef5ac327eb750ccf20d193afe786d7504285e10e275207fe96eb6f0720bd1f", "f1d403c1118525c883c851f370e0736bf476f613f87797d3c1098df7a44fe299", "f7b8d63457a0f9193fc2343f3e84600adb9d20a5de738c5f58ea3625c059439b", "fd7389cfc829f7000267d0cb0accfcf4b8c2c73de0607b31899b0aee7356a26b", "ffa09d8400871f639dd233a6e37deb7248de7ecf7c897f836985da057c73d986"], "path": "%TEMP%\\IXP001.TMP"}, {"hashes": ["00a41c3cdaa424eeb6319db533ba421d00deef10194ec3ed41baaff069abfbc6", "08129aba55d0282cf9bddbbd2b04499e972e321bec4477110a3df8ba5e26731a", "09ab7483ce488bc6cf7be401bf1246cf59cde5bc4ebe81d3aebb43ff2cd85398", "09c60f53c40df2a7318c619692756096a1a4a5c485f14e033aae08dcd653df22", "0ddd516729c268faf26249955752d44054a9b574bb4b7c98a734ec4c35513f7c", "189fb3451b47f12e1fa298faf29a657bcf1451b9eecf8894e390a9b49bf065a7", "1bda936bb3a63072cd7ec02d904d5797e604d892e448ae92745c0b99bcb920ca", "1d1f6ee67baf7713754ef87f61397cbc50201d2163c893fc48ef17fd5490f041", "1dd8c3b05b5324703f758c6ad1ba609de4143170b93c1eefc20c14545bd44b08", "23ee90260a961a345f216fa590850992a50af61aa6a8e8934d23fc4c44529634", "2558cf38481549c9fdd11d2b3fde4b0168c8d7fb7726dd8f588e60e22794ac6b", "3970c7b91720a57f356bc895c164f92e776f8e946ff1b059ea0b210b260c256c", "3badfd1548575cffa198d8be072123c415b9a8ec0f5e88338a9dc0b49259fa1c", "45cfd7b084155ba74c37f46ef6c7932e736ab50979b5a904cd0521c8ef894e28", "4dc866260dab99e966d7c6b6bb95f687349109366aa42bd605bc75d4b9e47719", "54ab28a4fea3aab1315aa73ac2a1b89ce71761878e7c7a8392bf6f95f3d0e775", "66293653ca713a861eb03ca30166d83f848795a08d0f3cbc552753dd06a4f49c", "82d3a9e6afd813acc280c1ed2b49d268528aca6d9b0ccba3933f1c734600dd16", "879914057bce3a36fc6736cfdcf0492b622ed5eeb3a2e930f9cda48d1c6157fd", "8897996ae1cd40ab8ba2edb577e5845a65b3fe0c6efe90f3c27ee920ad591c2c", "9a7075f81112630b9569f5463293a6a96a7d0624d47e5bf786cff0d479ce50dd", "9b86d3eceda1e624e9881973daec758e29304f0f6fefd5c5debaf62200462545", "9cb370cedb049039b08ef47c226518ff3881bc8309c89b57e25dc042169ab96a", "a1974279f06f9e589582df17a106e0830baa549780f65ece88488acb535d0179", "a3d578e74702ef75d093a8889312c107c4d13dda49e2b5a3691889fbe2974b37", "a828db8a503476cdd03ae7dca2e8d547acc4c6f3af139c5fd45f9948a128da67", "ac1f1fc3b388480bb7bd199a62cbe6f29838116916185161546b049706f284aa", "b0ba093319eb66f3b86b64d5c80468e50eb7b3d7d6367cdb76161f08de3552d6", "b248e571e370c460158a6830cab97b373bb42a0097f1a53c7614eb855cd497bb", "bcf334e20c396eff7811f125e008bce46940ef068f583a9c08d2b4c6ac5f5aff", "c26d692da76ec707a09bb16fddf20918eae1a437771f88ac9f8906fd7733e882", "c72494a079460be53a0ca6abb0d79d0bcf10b7910a10bd98add12f2ced6a0faf", "c7cb474d6a0c30f8e6f8533879a3dfc569aa5a861df16bb0ea0489fc1b627d13", "c86e5f0c113c534daa1fbc91a82dbd31b038b617ebdb1dc0327b4dfda1a6edd8", "cc7ef3e8d36e206de123e91a750ecc565fc7718c691fb477d0d2f1d853d1ad01", "cd9e80f954e35a0d3a4a35d5e7376ef110dd391a3c3e3fbd640141d63c5b4c1c", "dd2ce215057e11030001f03813e116c4b11406d75068681cf0cc41de4aba2667", "dd72a3a6f50c0409c09567e9187c29b252734451b3a5814d1c60a377cdfaf739", "e2e138502ef3e8e83dbbf02d02db73b021e383e592b39f3b658f68446a963da7", "e433832a285407bc019d5b443c891ef1e436758aeb7afaf67d4151d8cd4d4c56", "e5ef5ac327eb750ccf20d193afe786d7504285e10e275207fe96eb6f0720bd1f", "f1d403c1118525c883c851f370e0736bf476f613f87797d3c1098df7a44fe299", "f7b8d63457a0f9193fc2343f3e84600adb9d20a5de738c5f58ea3625c059439b", "fd7389cfc829f7000267d0cb0accfcf4b8c2c73de0607b31899b0aee7356a26b", "ffa09d8400871f639dd233a6e37deb7248de7ecf7c897f836985da057c73d986"], "path": "%TEMP%\\IXP001.TMP\\TMP4351$.TMP"}, {"hashes": ["00a41c3cdaa424eeb6319db533ba421d00deef10194ec3ed41baaff069abfbc6", "08129aba55d0282cf9bddbbd2b04499e972e321bec4477110a3df8ba5e26731a", "09ab7483ce488bc6cf7be401bf1246cf59cde5bc4ebe81d3aebb43ff2cd85398", "09c60f53c40df2a7318c619692756096a1a4a5c485f14e033aae08dcd653df22", "0ddd516729c268faf26249955752d44054a9b574bb4b7c98a734ec4c35513f7c", "189fb3451b47f12e1fa298faf29a657bcf1451b9eecf8894e390a9b49bf065a7", "1bda936bb3a63072cd7ec02d904d5797e604d892e448ae92745c0b99bcb920ca", "1d1f6ee67baf7713754ef87f61397cbc50201d2163c893fc48ef17fd5490f041", "1dd8c3b05b5324703f758c6ad1ba609de4143170b93c1eefc20c14545bd44b08", "23ee90260a961a345f216fa590850992a50af61aa6a8e8934d23fc4c44529634", "2558cf38481549c9fdd11d2b3fde4b0168c8d7fb7726dd8f588e60e22794ac6b", "3970c7b91720a57f356bc895c164f92e776f8e946ff1b059ea0b210b260c256c", "3badfd1548575cffa198d8be072123c415b9a8ec0f5e88338a9dc0b49259fa1c", "45cfd7b084155ba74c37f46ef6c7932e736ab50979b5a904cd0521c8ef894e28", "4dc866260dab99e966d7c6b6bb95f687349109366aa42bd605bc75d4b9e47719", "54ab28a4fea3aab1315aa73ac2a1b89ce71761878e7c7a8392bf6f95f3d0e775", "66293653ca713a861eb03ca30166d83f848795a08d0f3cbc552753dd06a4f49c", "82d3a9e6afd813acc280c1ed2b49d268528aca6d9b0ccba3933f1c734600dd16", "879914057bce3a36fc6736cfdcf0492b622ed5eeb3a2e930f9cda48d1c6157fd", "8897996ae1cd40ab8ba2edb577e5845a65b3fe0c6efe90f3c27ee920ad591c2c", "9a7075f81112630b9569f5463293a6a96a7d0624d47e5bf786cff0d479ce50dd", "9b86d3eceda1e624e9881973daec758e29304f0f6fefd5c5debaf62200462545", "9cb370cedb049039b08ef47c226518ff3881bc8309c89b57e25dc042169ab96a", "a1974279f06f9e589582df17a106e0830baa549780f65ece88488acb535d0179", "a3d578e74702ef75d093a8889312c107c4d13dda49e2b5a3691889fbe2974b37", "a828db8a503476cdd03ae7dca2e8d547acc4c6f3af139c5fd45f9948a128da67", "ac1f1fc3b388480bb7bd199a62cbe6f29838116916185161546b049706f284aa", "b0ba093319eb66f3b86b64d5c80468e50eb7b3d7d6367cdb76161f08de3552d6", "b248e571e370c460158a6830cab97b373bb42a0097f1a53c7614eb855cd497bb", "bcf334e20c396eff7811f125e008bce46940ef068f583a9c08d2b4c6ac5f5aff", "c26d692da76ec707a09bb16fddf20918eae1a437771f88ac9f8906fd7733e882", "c72494a079460be53a0ca6abb0d79d0bcf10b7910a10bd98add12f2ced6a0faf", "c7cb474d6a0c30f8e6f8533879a3dfc569aa5a861df16bb0ea0489fc1b627d13", "c86e5f0c113c534daa1fbc91a82dbd31b038b617ebdb1dc0327b4dfda1a6edd8", "cc7ef3e8d36e206de123e91a750ecc565fc7718c691fb477d0d2f1d853d1ad01", "cd9e80f954e35a0d3a4a35d5e7376ef110dd391a3c3e3fbd640141d63c5b4c1c", "dd2ce215057e11030001f03813e116c4b11406d75068681cf0cc41de4aba2667", "dd72a3a6f50c0409c09567e9187c29b252734451b3a5814d1c60a377cdfaf739", "e2e138502ef3e8e83dbbf02d02db73b021e383e592b39f3b658f68446a963da7", "e433832a285407bc019d5b443c891ef1e436758aeb7afaf67d4151d8cd4d4c56", "e5ef5ac327eb750ccf20d193afe786d7504285e10e275207fe96eb6f0720bd1f", "f1d403c1118525c883c851f370e0736bf476f613f87797d3c1098df7a44fe299", "f7b8d63457a0f9193fc2343f3e84600adb9d20a5de738c5f58ea3625c059439b", "fd7389cfc829f7000267d0cb0accfcf4b8c2c73de0607b31899b0aee7356a26b", "ffa09d8400871f639dd233a6e37deb7248de7ecf7c897f836985da057c73d986"], "path": "%TEMP%\\IXP002.TMP"}, {"hashes": ["00a41c3cdaa424eeb6319db533ba421d00deef10194ec3ed41baaff069abfbc6", "08129aba55d0282cf9bddbbd2b04499e972e321bec4477110a3df8ba5e26731a", "09ab7483ce488bc6cf7be401bf1246cf59cde5bc4ebe81d3aebb43ff2cd85398", "09c60f53c40df2a7318c619692756096a1a4a5c485f14e033aae08dcd653df22", "0ddd516729c268faf26249955752d44054a9b574bb4b7c98a734ec4c35513f7c", "189fb3451b47f12e1fa298faf29a657bcf1451b9eecf8894e390a9b49bf065a7", "1bda936bb3a63072cd7ec02d904d5797e604d892e448ae92745c0b99bcb920ca", "1d1f6ee67baf7713754ef87f61397cbc50201d2163c893fc48ef17fd5490f041", "1dd8c3b05b5324703f758c6ad1ba609de4143170b93c1eefc20c14545bd44b08", "23ee90260a961a345f216fa590850992a50af61aa6a8e8934d23fc4c44529634", "2558cf38481549c9fdd11d2b3fde4b0168c8d7fb7726dd8f588e60e22794ac6b", "3970c7b91720a57f356bc895c164f92e776f8e946ff1b059ea0b210b260c256c", "3badfd1548575cffa198d8be072123c415b9a8ec0f5e88338a9dc0b49259fa1c", "45cfd7b084155ba74c37f46ef6c7932e736ab50979b5a904cd0521c8ef894e28", "4dc866260dab99e966d7c6b6bb95f687349109366aa42bd605bc75d4b9e47719", "54ab28a4fea3aab1315aa73ac2a1b89ce71761878e7c7a8392bf6f95f3d0e775", "66293653ca713a861eb03ca30166d83f848795a08d0f3cbc552753dd06a4f49c", "82d3a9e6afd813acc280c1ed2b49d268528aca6d9b0ccba3933f1c734600dd16", "879914057bce3a36fc6736cfdcf0492b622ed5eeb3a2e930f9cda48d1c6157fd", "8897996ae1cd40ab8ba2edb577e5845a65b3fe0c6efe90f3c27ee920ad591c2c", "9a7075f81112630b9569f5463293a6a96a7d0624d47e5bf786cff0d479ce50dd", "9b86d3eceda1e624e9881973daec758e29304f0f6fefd5c5debaf62200462545", "9cb370cedb049039b08ef47c226518ff3881bc8309c89b57e25dc042169ab96a", "a1974279f06f9e589582df17a106e0830baa549780f65ece88488acb535d0179", "a3d578e74702ef75d093a8889312c107c4d13dda49e2b5a3691889fbe2974b37", "a828db8a503476cdd03ae7dca2e8d547acc4c6f3af139c5fd45f9948a128da67", "ac1f1fc3b388480bb7bd199a62cbe6f29838116916185161546b049706f284aa", "b0ba093319eb66f3b86b64d5c80468e50eb7b3d7d6367cdb76161f08de3552d6", "b248e571e370c460158a6830cab97b373bb42a0097f1a53c7614eb855cd497bb", "bcf334e20c396eff7811f125e008bce46940ef068f583a9c08d2b4c6ac5f5aff", "c26d692da76ec707a09bb16fddf20918eae1a437771f88ac9f8906fd7733e882", "c72494a079460be53a0ca6abb0d79d0bcf10b7910a10bd98add12f2ced6a0faf", "c7cb474d6a0c30f8e6f8533879a3dfc569aa5a861df16bb0ea0489fc1b627d13", "c86e5f0c113c534daa1fbc91a82dbd31b038b617ebdb1dc0327b4dfda1a6edd8", "cc7ef3e8d36e206de123e91a750ecc565fc7718c691fb477d0d2f1d853d1ad01", "cd9e80f954e35a0d3a4a35d5e7376ef110dd391a3c3e3fbd640141d63c5b4c1c", "dd2ce215057e11030001f03813e116c4b11406d75068681cf0cc41de4aba2667", "dd72a3a6f50c0409c09567e9187c29b252734451b3a5814d1c60a377cdfaf739", "e2e138502ef3e8e83dbbf02d02db73b021e383e592b39f3b658f68446a963da7", "e433832a285407bc019d5b443c891ef1e436758aeb7afaf67d4151d8cd4d4c56", "e5ef5ac327eb750ccf20d193afe786d7504285e10e275207fe96eb6f0720bd1f", "f1d403c1118525c883c851f370e0736bf476f613f87797d3c1098df7a44fe299", "f7b8d63457a0f9193fc2343f3e84600adb9d20a5de738c5f58ea3625c059439b", "fd7389cfc829f7000267d0cb0accfcf4b8c2c73de0607b31899b0aee7356a26b", "ffa09d8400871f639dd233a6e37deb7248de7ecf7c897f836985da057c73d986"], "path": "%TEMP%\\IXP002.TMP\\TMP4351$.TMP"}, {"hashes": ["00a41c3cdaa424eeb6319db533ba421d00deef10194ec3ed41baaff069abfbc6", "08129aba55d0282cf9bddbbd2b04499e972e321bec4477110a3df8ba5e26731a", "09ab7483ce488bc6cf7be401bf1246cf59cde5bc4ebe81d3aebb43ff2cd85398", "09c60f53c40df2a7318c619692756096a1a4a5c485f14e033aae08dcd653df22", "0ddd516729c268faf26249955752d44054a9b574bb4b7c98a734ec4c35513f7c", "189fb3451b47f12e1fa298faf29a657bcf1451b9eecf8894e390a9b49bf065a7", "1bda936bb3a63072cd7ec02d904d5797e604d892e448ae92745c0b99bcb920ca", "1d1f6ee67baf7713754ef87f61397cbc50201d2163c893fc48ef17fd5490f041", "1dd8c3b05b5324703f758c6ad1ba609de4143170b93c1eefc20c14545bd44b08", "23ee90260a961a345f216fa590850992a50af61aa6a8e8934d23fc4c44529634", "2558cf38481549c9fdd11d2b3fde4b0168c8d7fb7726dd8f588e60e22794ac6b", "3970c7b91720a57f356bc895c164f92e776f8e946ff1b059ea0b210b260c256c", "3badfd1548575cffa198d8be072123c415b9a8ec0f5e88338a9dc0b49259fa1c", "45cfd7b084155ba74c37f46ef6c7932e736ab50979b5a904cd0521c8ef894e28", "4dc866260dab99e966d7c6b6bb95f687349109366aa42bd605bc75d4b9e47719", "54ab28a4fea3aab1315aa73ac2a1b89ce71761878e7c7a8392bf6f95f3d0e775", "66293653ca713a861eb03ca30166d83f848795a08d0f3cbc552753dd06a4f49c", "82d3a9e6afd813acc280c1ed2b49d268528aca6d9b0ccba3933f1c734600dd16", "879914057bce3a36fc6736cfdcf0492b622ed5eeb3a2e930f9cda48d1c6157fd", "8897996ae1cd40ab8ba2edb577e5845a65b3fe0c6efe90f3c27ee920ad591c2c", "9a7075f81112630b9569f5463293a6a96a7d0624d47e5bf786cff0d479ce50dd", "9b86d3eceda1e624e9881973daec758e29304f0f6fefd5c5debaf62200462545", "9cb370cedb049039b08ef47c226518ff3881bc8309c89b57e25dc042169ab96a", "a1974279f06f9e589582df17a106e0830baa549780f65ece88488acb535d0179", "a3d578e74702ef75d093a8889312c107c4d13dda49e2b5a3691889fbe2974b37", "a828db8a503476cdd03ae7dca2e8d547acc4c6f3af139c5fd45f9948a128da67", "ac1f1fc3b388480bb7bd199a62cbe6f29838116916185161546b049706f284aa", "b0ba093319eb66f3b86b64d5c80468e50eb7b3d7d6367cdb76161f08de3552d6", "b248e571e370c460158a6830cab97b373bb42a0097f1a53c7614eb855cd497bb", "bcf334e20c396eff7811f125e008bce46940ef068f583a9c08d2b4c6ac5f5aff", "c26d692da76ec707a09bb16fddf20918eae1a437771f88ac9f8906fd7733e882", "c72494a079460be53a0ca6abb0d79d0bcf10b7910a10bd98add12f2ced6a0faf", "c7cb474d6a0c30f8e6f8533879a3dfc569aa5a861df16bb0ea0489fc1b627d13", "c86e5f0c113c534daa1fbc91a82dbd31b038b617ebdb1dc0327b4dfda1a6edd8", "cc7ef3e8d36e206de123e91a750ecc565fc7718c691fb477d0d2f1d853d1ad01", "cd9e80f954e35a0d3a4a35d5e7376ef110dd391a3c3e3fbd640141d63c5b4c1c", "dd2ce215057e11030001f03813e116c4b11406d75068681cf0cc41de4aba2667", "dd72a3a6f50c0409c09567e9187c29b252734451b3a5814d1c60a377cdfaf739", "e2e138502ef3e8e83dbbf02d02db73b021e383e592b39f3b658f68446a963da7", "e433832a285407bc019d5b443c891ef1e436758aeb7afaf67d4151d8cd4d4c56", "e5ef5ac327eb750ccf20d193afe786d7504285e10e275207fe96eb6f0720bd1f", "f1d403c1118525c883c851f370e0736bf476f613f87797d3c1098df7a44fe299", "f7b8d63457a0f9193fc2343f3e84600adb9d20a5de738c5f58ea3625c059439b", "fd7389cfc829f7000267d0cb0accfcf4b8c2c73de0607b31899b0aee7356a26b", "ffa09d8400871f639dd233a6e37deb7248de7ecf7c897f836985da057c73d986"], "path": "%TEMP%\\IXP003.TMP"}, {"hashes": ["00a41c3cdaa424eeb6319db533ba421d00deef10194ec3ed41baaff069abfbc6", "08129aba55d0282cf9bddbbd2b04499e972e321bec4477110a3df8ba5e26731a", "09ab7483ce488bc6cf7be401bf1246cf59cde5bc4ebe81d3aebb43ff2cd85398", "09c60f53c40df2a7318c619692756096a1a4a5c485f14e033aae08dcd653df22", "0ddd516729c268faf26249955752d44054a9b574bb4b7c98a734ec4c35513f7c", "189fb3451b47f12e1fa298faf29a657bcf1451b9eecf8894e390a9b49bf065a7", "1bda936bb3a63072cd7ec02d904d5797e604d892e448ae92745c0b99bcb920ca", "1d1f6ee67baf7713754ef87f61397cbc50201d2163c893fc48ef17fd5490f041", "1dd8c3b05b5324703f758c6ad1ba609de4143170b93c1eefc20c14545bd44b08", "23ee90260a961a345f216fa590850992a50af61aa6a8e8934d23fc4c44529634", "2558cf38481549c9fdd11d2b3fde4b0168c8d7fb7726dd8f588e60e22794ac6b", "3970c7b91720a57f356bc895c164f92e776f8e946ff1b059ea0b210b260c256c", "3badfd1548575cffa198d8be072123c415b9a8ec0f5e88338a9dc0b49259fa1c", "45cfd7b084155ba74c37f46ef6c7932e736ab50979b5a904cd0521c8ef894e28", "4dc866260dab99e966d7c6b6bb95f687349109366aa42bd605bc75d4b9e47719", "54ab28a4fea3aab1315aa73ac2a1b89ce71761878e7c7a8392bf6f95f3d0e775", "66293653ca713a861eb03ca30166d83f848795a08d0f3cbc552753dd06a4f49c", "82d3a9e6afd813acc280c1ed2b49d268528aca6d9b0ccba3933f1c734600dd16", "879914057bce3a36fc6736cfdcf0492b622ed5eeb3a2e930f9cda48d1c6157fd", "8897996ae1cd40ab8ba2edb577e5845a65b3fe0c6efe90f3c27ee920ad591c2c", "9a7075f81112630b9569f5463293a6a96a7d0624d47e5bf786cff0d479ce50dd", "9b86d3eceda1e624e9881973daec758e29304f0f6fefd5c5debaf62200462545", "9cb370cedb049039b08ef47c226518ff3881bc8309c89b57e25dc042169ab96a", "a1974279f06f9e589582df17a106e0830baa549780f65ece88488acb535d0179", "a3d578e74702ef75d093a8889312c107c4d13dda49e2b5a3691889fbe2974b37", "a828db8a503476cdd03ae7dca2e8d547acc4c6f3af139c5fd45f9948a128da67", "ac1f1fc3b388480bb7bd199a62cbe6f29838116916185161546b049706f284aa", "b0ba093319eb66f3b86b64d5c80468e50eb7b3d7d6367cdb76161f08de3552d6", "b248e571e370c460158a6830cab97b373bb42a0097f1a53c7614eb855cd497bb", "bcf334e20c396eff7811f125e008bce46940ef068f583a9c08d2b4c6ac5f5aff", "c26d692da76ec707a09bb16fddf20918eae1a437771f88ac9f8906fd7733e882", "c72494a079460be53a0ca6abb0d79d0bcf10b7910a10bd98add12f2ced6a0faf", "c7cb474d6a0c30f8e6f8533879a3dfc569aa5a861df16bb0ea0489fc1b627d13", "c86e5f0c113c534daa1fbc91a82dbd31b038b617ebdb1dc0327b4dfda1a6edd8", "cc7ef3e8d36e206de123e91a750ecc565fc7718c691fb477d0d2f1d853d1ad01", "cd9e80f954e35a0d3a4a35d5e7376ef110dd391a3c3e3fbd640141d63c5b4c1c", "dd2ce215057e11030001f03813e116c4b11406d75068681cf0cc41de4aba2667", "dd72a3a6f50c0409c09567e9187c29b252734451b3a5814d1c60a377cdfaf739", "e2e138502ef3e8e83dbbf02d02db73b021e383e592b39f3b658f68446a963da7", "e433832a285407bc019d5b443c891ef1e436758aeb7afaf67d4151d8cd4d4c56", "e5ef5ac327eb750ccf20d193afe786d7504285e10e275207fe96eb6f0720bd1f", "f1d403c1118525c883c851f370e0736bf476f613f87797d3c1098df7a44fe299", "f7b8d63457a0f9193fc2343f3e84600adb9d20a5de738c5f58ea3625c059439b", "fd7389cfc829f7000267d0cb0accfcf4b8c2c73de0607b31899b0aee7356a26b", "ffa09d8400871f639dd233a6e37deb7248de7ecf7c897f836985da057c73d986"], "path": "%TEMP%\\IXP003.TMP\\TMP4351$.TMP"}, {"hashes": ["00a41c3cdaa424eeb6319db533ba421d00deef10194ec3ed41baaff069abfbc6", "08129aba55d0282cf9bddbbd2b04499e972e321bec4477110a3df8ba5e26731a", "09ab7483ce488bc6cf7be401bf1246cf59cde5bc4ebe81d3aebb43ff2cd85398", "09c60f53c40df2a7318c619692756096a1a4a5c485f14e033aae08dcd653df22", "0ddd516729c268faf26249955752d44054a9b574bb4b7c98a734ec4c35513f7c", "189fb3451b47f12e1fa298faf29a657bcf1451b9eecf8894e390a9b49bf065a7", "1bda936bb3a63072cd7ec02d904d5797e604d892e448ae92745c0b99bcb920ca", "1d1f6ee67baf7713754ef87f61397cbc50201d2163c893fc48ef17fd5490f041", "1dd8c3b05b5324703f758c6ad1ba609de4143170b93c1eefc20c14545bd44b08", "23ee90260a961a345f216fa590850992a50af61aa6a8e8934d23fc4c44529634", "2558cf38481549c9fdd11d2b3fde4b0168c8d7fb7726dd8f588e60e22794ac6b", "3970c7b91720a57f356bc895c164f92e776f8e946ff1b059ea0b210b260c256c", "3badfd1548575cffa198d8be072123c415b9a8ec0f5e88338a9dc0b49259fa1c", "45cfd7b084155ba74c37f46ef6c7932e736ab50979b5a904cd0521c8ef894e28", "4dc866260dab99e966d7c6b6bb95f687349109366aa42bd605bc75d4b9e47719", "54ab28a4fea3aab1315aa73ac2a1b89ce71761878e7c7a8392bf6f95f3d0e775", "66293653ca713a861eb03ca30166d83f848795a08d0f3cbc552753dd06a4f49c", "82d3a9e6afd813acc280c1ed2b49d268528aca6d9b0ccba3933f1c734600dd16", "879914057bce3a36fc6736cfdcf0492b622ed5eeb3a2e930f9cda48d1c6157fd", "8897996ae1cd40ab8ba2edb577e5845a65b3fe0c6efe90f3c27ee920ad591c2c", "9a7075f81112630b9569f5463293a6a96a7d0624d47e5bf786cff0d479ce50dd", "9b86d3eceda1e624e9881973daec758e29304f0f6fefd5c5debaf62200462545", "9cb370cedb049039b08ef47c226518ff3881bc8309c89b57e25dc042169ab96a", "a1974279f06f9e589582df17a106e0830baa549780f65ece88488acb535d0179", "a3d578e74702ef75d093a8889312c107c4d13dda49e2b5a3691889fbe2974b37", "a828db8a503476cdd03ae7dca2e8d547acc4c6f3af139c5fd45f9948a128da67", "ac1f1fc3b388480bb7bd199a62cbe6f29838116916185161546b049706f284aa", "b0ba093319eb66f3b86b64d5c80468e50eb7b3d7d6367cdb76161f08de3552d6", "b248e571e370c460158a6830cab97b373bb42a0097f1a53c7614eb855cd497bb", "bcf334e20c396eff7811f125e008bce46940ef068f583a9c08d2b4c6ac5f5aff", "c26d692da76ec707a09bb16fddf20918eae1a437771f88ac9f8906fd7733e882", "c72494a079460be53a0ca6abb0d79d0bcf10b7910a10bd98add12f2ced6a0faf", "c7cb474d6a0c30f8e6f8533879a3dfc569aa5a861df16bb0ea0489fc1b627d13", "c86e5f0c113c534daa1fbc91a82dbd31b038b617ebdb1dc0327b4dfda1a6edd8", "cc7ef3e8d36e206de123e91a750ecc565fc7718c691fb477d0d2f1d853d1ad01", "cd9e80f954e35a0d3a4a35d5e7376ef110dd391a3c3e3fbd640141d63c5b4c1c", "dd2ce215057e11030001f03813e116c4b11406d75068681cf0cc41de4aba2667", "dd72a3a6f50c0409c09567e9187c29b252734451b3a5814d1c60a377cdfaf739", "e2e138502ef3e8e83dbbf02d02db73b021e383e592b39f3b658f68446a963da7", "e433832a285407bc019d5b443c891ef1e436758aeb7afaf67d4151d8cd4d4c56", "e5ef5ac327eb750ccf20d193afe786d7504285e10e275207fe96eb6f0720bd1f", "f1d403c1118525c883c851f370e0736bf476f613f87797d3c1098df7a44fe299", "f7b8d63457a0f9193fc2343f3e84600adb9d20a5de738c5f58ea3625c059439b", "fd7389cfc829f7000267d0cb0accfcf4b8c2c73de0607b31899b0aee7356a26b", "ffa09d8400871f639dd233a6e37deb7248de7ecf7c897f836985da057c73d986"], "path": "%LOCALAPPDATA%\\Yandex"}, {"hashes": ["00a41c3cdaa424eeb6319db533ba421d00deef10194ec3ed41baaff069abfbc6", "08129aba55d0282cf9bddbbd2b04499e972e321bec4477110a3df8ba5e26731a", "09ab7483ce488bc6cf7be401bf1246cf59cde5bc4ebe81d3aebb43ff2cd85398", "09c60f53c40df2a7318c619692756096a1a4a5c485f14e033aae08dcd653df22", "0ddd516729c268faf26249955752d44054a9b574bb4b7c98a734ec4c35513f7c", "189fb3451b47f12e1fa298faf29a657bcf1451b9eecf8894e390a9b49bf065a7", "1bda936bb3a63072cd7ec02d904d5797e604d892e448ae92745c0b99bcb920ca", "1d1f6ee67baf7713754ef87f61397cbc50201d2163c893fc48ef17fd5490f041", "1dd8c3b05b5324703f758c6ad1ba609de4143170b93c1eefc20c14545bd44b08", "23ee90260a961a345f216fa590850992a50af61aa6a8e8934d23fc4c44529634", "2558cf38481549c9fdd11d2b3fde4b0168c8d7fb7726dd8f588e60e22794ac6b", "3970c7b91720a57f356bc895c164f92e776f8e946ff1b059ea0b210b260c256c", "3badfd1548575cffa198d8be072123c415b9a8ec0f5e88338a9dc0b49259fa1c", "45cfd7b084155ba74c37f46ef6c7932e736ab50979b5a904cd0521c8ef894e28", "4dc866260dab99e966d7c6b6bb95f687349109366aa42bd605bc75d4b9e47719", "54ab28a4fea3aab1315aa73ac2a1b89ce71761878e7c7a8392bf6f95f3d0e775", "66293653ca713a861eb03ca30166d83f848795a08d0f3cbc552753dd06a4f49c", "82d3a9e6afd813acc280c1ed2b49d268528aca6d9b0ccba3933f1c734600dd16", "879914057bce3a36fc6736cfdcf0492b622ed5eeb3a2e930f9cda48d1c6157fd", "8897996ae1cd40ab8ba2edb577e5845a65b3fe0c6efe90f3c27ee920ad591c2c", "9a7075f81112630b9569f5463293a6a96a7d0624d47e5bf786cff0d479ce50dd", "9b86d3eceda1e624e9881973daec758e29304f0f6fefd5c5debaf62200462545", "9cb370cedb049039b08ef47c226518ff3881bc8309c89b57e25dc042169ab96a", "a1974279f06f9e589582df17a106e0830baa549780f65ece88488acb535d0179", "a3d578e74702ef75d093a8889312c107c4d13dda49e2b5a3691889fbe2974b37", "a828db8a503476cdd03ae7dca2e8d547acc4c6f3af139c5fd45f9948a128da67", "ac1f1fc3b388480bb7bd199a62cbe6f29838116916185161546b049706f284aa", "b0ba093319eb66f3b86b64d5c80468e50eb7b3d7d6367cdb76161f08de3552d6", "b248e571e370c460158a6830cab97b373bb42a0097f1a53c7614eb855cd497bb", "bcf334e20c396eff7811f125e008bce46940ef068f583a9c08d2b4c6ac5f5aff", "c26d692da76ec707a09bb16fddf20918eae1a437771f88ac9f8906fd7733e882", "c72494a079460be53a0ca6abb0d79d0bcf10b7910a10bd98add12f2ced6a0faf", "c7cb474d6a0c30f8e6f8533879a3dfc569aa5a861df16bb0ea0489fc1b627d13", "c86e5f0c113c534daa1fbc91a82dbd31b038b617ebdb1dc0327b4dfda1a6edd8", "cc7ef3e8d36e206de123e91a750ecc565fc7718c691fb477d0d2f1d853d1ad01", "cd9e80f954e35a0d3a4a35d5e7376ef110dd391a3c3e3fbd640141d63c5b4c1c", "dd2ce215057e11030001f03813e116c4b11406d75068681cf0cc41de4aba2667", "dd72a3a6f50c0409c09567e9187c29b252734451b3a5814d1c60a377cdfaf739", "e2e138502ef3e8e83dbbf02d02db73b021e383e592b39f3b658f68446a963da7", "e433832a285407bc019d5b443c891ef1e436758aeb7afaf67d4151d8cd4d4c56", "e5ef5ac327eb750ccf20d193afe786d7504285e10e275207fe96eb6f0720bd1f", "f1d403c1118525c883c851f370e0736bf476f613f87797d3c1098df7a44fe299", "f7b8d63457a0f9193fc2343f3e84600adb9d20a5de738c5f58ea3625c059439b", "fd7389cfc829f7000267d0cb0accfcf4b8c2c73de0607b31899b0aee7356a26b", "ffa09d8400871f639dd233a6e37deb7248de7ecf7c897f836985da057c73d986"], "path": "%LOCALAPPDATA%\\Yandex\\YaAddon"}, {"hashes": ["00a41c3cdaa424eeb6319db533ba421d00deef10194ec3ed41baaff069abfbc6", "08129aba55d0282cf9bddbbd2b04499e972e321bec4477110a3df8ba5e26731a", "09ab7483ce488bc6cf7be401bf1246cf59cde5bc4ebe81d3aebb43ff2cd85398", "09c60f53c40df2a7318c619692756096a1a4a5c485f14e033aae08dcd653df22", "0ddd516729c268faf26249955752d44054a9b574bb4b7c98a734ec4c35513f7c", "189fb3451b47f12e1fa298faf29a657bcf1451b9eecf8894e390a9b49bf065a7", "1bda936bb3a63072cd7ec02d904d5797e604d892e448ae92745c0b99bcb920ca", "1d1f6ee67baf7713754ef87f61397cbc50201d2163c893fc48ef17fd5490f041", "1dd8c3b05b5324703f758c6ad1ba609de4143170b93c1eefc20c14545bd44b08", "23ee90260a961a345f216fa590850992a50af61aa6a8e8934d23fc4c44529634", "2558cf38481549c9fdd11d2b3fde4b0168c8d7fb7726dd8f588e60e22794ac6b", "3970c7b91720a57f356bc895c164f92e776f8e946ff1b059ea0b210b260c256c", "3badfd1548575cffa198d8be072123c415b9a8ec0f5e88338a9dc0b49259fa1c", "45cfd7b084155ba74c37f46ef6c7932e736ab50979b5a904cd0521c8ef894e28", "4dc866260dab99e966d7c6b6bb95f687349109366aa42bd605bc75d4b9e47719", "54ab28a4fea3aab1315aa73ac2a1b89ce71761878e7c7a8392bf6f95f3d0e775", "66293653ca713a861eb03ca30166d83f848795a08d0f3cbc552753dd06a4f49c", "82d3a9e6afd813acc280c1ed2b49d268528aca6d9b0ccba3933f1c734600dd16", "879914057bce3a36fc6736cfdcf0492b622ed5eeb3a2e930f9cda48d1c6157fd", "8897996ae1cd40ab8ba2edb577e5845a65b3fe0c6efe90f3c27ee920ad591c2c", "9a7075f81112630b9569f5463293a6a96a7d0624d47e5bf786cff0d479ce50dd", "9b86d3eceda1e624e9881973daec758e29304f0f6fefd5c5debaf62200462545", "9cb370cedb049039b08ef47c226518ff3881bc8309c89b57e25dc042169ab96a", "a1974279f06f9e589582df17a106e0830baa549780f65ece88488acb535d0179", "a3d578e74702ef75d093a8889312c107c4d13dda49e2b5a3691889fbe2974b37", "a828db8a503476cdd03ae7dca2e8d547acc4c6f3af139c5fd45f9948a128da67", "ac1f1fc3b388480bb7bd199a62cbe6f29838116916185161546b049706f284aa", "b0ba093319eb66f3b86b64d5c80468e50eb7b3d7d6367cdb76161f08de3552d6", "b248e571e370c460158a6830cab97b373bb42a0097f1a53c7614eb855cd497bb", "bcf334e20c396eff7811f125e008bce46940ef068f583a9c08d2b4c6ac5f5aff", "c26d692da76ec707a09bb16fddf20918eae1a437771f88ac9f8906fd7733e882", "c72494a079460be53a0ca6abb0d79d0bcf10b7910a10bd98add12f2ced6a0faf", "c7cb474d6a0c30f8e6f8533879a3dfc569aa5a861df16bb0ea0489fc1b627d13", "c86e5f0c113c534daa1fbc91a82dbd31b038b617ebdb1dc0327b4dfda1a6edd8", "cc7ef3e8d36e206de123e91a750ecc565fc7718c691fb477d0d2f1d853d1ad01", "cd9e80f954e35a0d3a4a35d5e7376ef110dd391a3c3e3fbd640141d63c5b4c1c", "dd2ce215057e11030001f03813e116c4b11406d75068681cf0cc41de4aba2667", "dd72a3a6f50c0409c09567e9187c29b252734451b3a5814d1c60a377cdfaf739", "e2e138502ef3e8e83dbbf02d02db73b021e383e592b39f3b658f68446a963da7", "e433832a285407bc019d5b443c891ef1e436758aeb7afaf67d4151d8cd4d4c56", "e5ef5ac327eb750ccf20d193afe786d7504285e10e275207fe96eb6f0720bd1f", "f1d403c1118525c883c851f370e0736bf476f613f87797d3c1098df7a44fe299", "f7b8d63457a0f9193fc2343f3e84600adb9d20a5de738c5f58ea3625c059439b", "fd7389cfc829f7000267d0cb0accfcf4b8c2c73de0607b31899b0aee7356a26b", "ffa09d8400871f639dd233a6e37deb7248de7ecf7c897f836985da057c73d986"], "path": "%TEMP%\\5975271bda"}, {"hashes": ["00a41c3cdaa424eeb6319db533ba421d00deef10194ec3ed41baaff069abfbc6", "08129aba55d0282cf9bddbbd2b04499e972e321bec4477110a3df8ba5e26731a", "09ab7483ce488bc6cf7be401bf1246cf59cde5bc4ebe81d3aebb43ff2cd85398", "09c60f53c40df2a7318c619692756096a1a4a5c485f14e033aae08dcd653df22", "0ddd516729c268faf26249955752d44054a9b574bb4b7c98a734ec4c35513f7c", "189fb3451b47f12e1fa298faf29a657bcf1451b9eecf8894e390a9b49bf065a7", "1bda936bb3a63072cd7ec02d904d5797e604d892e448ae92745c0b99bcb920ca", "1d1f6ee67baf7713754ef87f61397cbc50201d2163c893fc48ef17fd5490f041", "1dd8c3b05b5324703f758c6ad1ba609de4143170b93c1eefc20c14545bd44b08", "23ee90260a961a345f216fa590850992a50af61aa6a8e8934d23fc4c44529634", "2558cf38481549c9fdd11d2b3fde4b0168c8d7fb7726dd8f588e60e22794ac6b", "3970c7b91720a57f356bc895c164f92e776f8e946ff1b059ea0b210b260c256c", "3badfd1548575cffa198d8be072123c415b9a8ec0f5e88338a9dc0b49259fa1c", "45cfd7b084155ba74c37f46ef6c7932e736ab50979b5a904cd0521c8ef894e28", "4dc866260dab99e966d7c6b6bb95f687349109366aa42bd605bc75d4b9e47719", "54ab28a4fea3aab1315aa73ac2a1b89ce71761878e7c7a8392bf6f95f3d0e775", "66293653ca713a861eb03ca30166d83f848795a08d0f3cbc552753dd06a4f49c", "82d3a9e6afd813acc280c1ed2b49d268528aca6d9b0ccba3933f1c734600dd16", "879914057bce3a36fc6736cfdcf0492b622ed5eeb3a2e930f9cda48d1c6157fd", "8897996ae1cd40ab8ba2edb577e5845a65b3fe0c6efe90f3c27ee920ad591c2c", "9a7075f81112630b9569f5463293a6a96a7d0624d47e5bf786cff0d479ce50dd", "9b86d3eceda1e624e9881973daec758e29304f0f6fefd5c5debaf62200462545", "9cb370cedb049039b08ef47c226518ff3881bc8309c89b57e25dc042169ab96a", "a1974279f06f9e589582df17a106e0830baa549780f65ece88488acb535d0179", "a3d578e74702ef75d093a8889312c107c4d13dda49e2b5a3691889fbe2974b37", "a828db8a503476cdd03ae7dca2e8d547acc4c6f3af139c5fd45f9948a128da67", "ac1f1fc3b388480bb7bd199a62cbe6f29838116916185161546b049706f284aa", "b0ba093319eb66f3b86b64d5c80468e50eb7b3d7d6367cdb76161f08de3552d6", "b248e571e370c460158a6830cab97b373bb42a0097f1a53c7614eb855cd497bb", "bcf334e20c396eff7811f125e008bce46940ef068f583a9c08d2b4c6ac5f5aff", "c26d692da76ec707a09bb16fddf20918eae1a437771f88ac9f8906fd7733e882", "c72494a079460be53a0ca6abb0d79d0bcf10b7910a10bd98add12f2ced6a0faf", "c7cb474d6a0c30f8e6f8533879a3dfc569aa5a861df16bb0ea0489fc1b627d13", "c86e5f0c113c534daa1fbc91a82dbd31b038b617ebdb1dc0327b4dfda1a6edd8", "cc7ef3e8d36e206de123e91a750ecc565fc7718c691fb477d0d2f1d853d1ad01", "cd9e80f954e35a0d3a4a35d5e7376ef110dd391a3c3e3fbd640141d63c5b4c1c", "dd2ce215057e11030001f03813e116c4b11406d75068681cf0cc41de4aba2667", "dd72a3a6f50c0409c09567e9187c29b252734451b3a5814d1c60a377cdfaf739", "e2e138502ef3e8e83dbbf02d02db73b021e383e592b39f3b658f68446a963da7", "e433832a285407bc019d5b443c891ef1e436758aeb7afaf67d4151d8cd4d4c56", "e5ef5ac327eb750ccf20d193afe786d7504285e10e275207fe96eb6f0720bd1f", "f1d403c1118525c883c851f370e0736bf476f613f87797d3c1098df7a44fe299", "f7b8d63457a0f9193fc2343f3e84600adb9d20a5de738c5f58ea3625c059439b", "fd7389cfc829f7000267d0cb0accfcf4b8c2c73de0607b31899b0aee7356a26b", "ffa09d8400871f639dd233a6e37deb7248de7ecf7c897f836985da057c73d986"], "path": "%TEMP%\\5975271bda\\metafor.exe"}, {"hashes": ["00a41c3cdaa424eeb6319db533ba421d00deef10194ec3ed41baaff069abfbc6", "08129aba55d0282cf9bddbbd2b04499e972e321bec4477110a3df8ba5e26731a", "09ab7483ce488bc6cf7be401bf1246cf59cde5bc4ebe81d3aebb43ff2cd85398", "09c60f53c40df2a7318c619692756096a1a4a5c485f14e033aae08dcd653df22", "0ddd516729c268faf26249955752d44054a9b574bb4b7c98a734ec4c35513f7c", "189fb3451b47f12e1fa298faf29a657bcf1451b9eecf8894e390a9b49bf065a7", "1bda936bb3a63072cd7ec02d904d5797e604d892e448ae92745c0b99bcb920ca", "1d1f6ee67baf7713754ef87f61397cbc50201d2163c893fc48ef17fd5490f041", "1dd8c3b05b5324703f758c6ad1ba609de4143170b93c1eefc20c14545bd44b08", "23ee90260a961a345f216fa590850992a50af61aa6a8e8934d23fc4c44529634", "2558cf38481549c9fdd11d2b3fde4b0168c8d7fb7726dd8f588e60e22794ac6b", "3970c7b91720a57f356bc895c164f92e776f8e946ff1b059ea0b210b260c256c", "3badfd1548575cffa198d8be072123c415b9a8ec0f5e88338a9dc0b49259fa1c", "45cfd7b084155ba74c37f46ef6c7932e736ab50979b5a904cd0521c8ef894e28", "4dc866260dab99e966d7c6b6bb95f687349109366aa42bd605bc75d4b9e47719", "54ab28a4fea3aab1315aa73ac2a1b89ce71761878e7c7a8392bf6f95f3d0e775", "66293653ca713a861eb03ca30166d83f848795a08d0f3cbc552753dd06a4f49c", "82d3a9e6afd813acc280c1ed2b49d268528aca6d9b0ccba3933f1c734600dd16", "879914057bce3a36fc6736cfdcf0492b622ed5eeb3a2e930f9cda48d1c6157fd", "8897996ae1cd40ab8ba2edb577e5845a65b3fe0c6efe90f3c27ee920ad591c2c", "9a7075f81112630b9569f5463293a6a96a7d0624d47e5bf786cff0d479ce50dd", "9b86d3eceda1e624e9881973daec758e29304f0f6fefd5c5debaf62200462545", "9cb370cedb049039b08ef47c226518ff3881bc8309c89b57e25dc042169ab96a", "a1974279f06f9e589582df17a106e0830baa549780f65ece88488acb535d0179", "a3d578e74702ef75d093a8889312c107c4d13dda49e2b5a3691889fbe2974b37", "a828db8a503476cdd03ae7dca2e8d547acc4c6f3af139c5fd45f9948a128da67", "ac1f1fc3b388480bb7bd199a62cbe6f29838116916185161546b049706f284aa", "b0ba093319eb66f3b86b64d5c80468e50eb7b3d7d6367cdb76161f08de3552d6", "b248e571e370c460158a6830cab97b373bb42a0097f1a53c7614eb855cd497bb", "bcf334e20c396eff7811f125e008bce46940ef068f583a9c08d2b4c6ac5f5aff", "c26d692da76ec707a09bb16fddf20918eae1a437771f88ac9f8906fd7733e882", "c72494a079460be53a0ca6abb0d79d0bcf10b7910a10bd98add12f2ced6a0faf", "c7cb474d6a0c30f8e6f8533879a3dfc569aa5a861df16bb0ea0489fc1b627d13", "c86e5f0c113c534daa1fbc91a82dbd31b038b617ebdb1dc0327b4dfda1a6edd8", "cc7ef3e8d36e206de123e91a750ecc565fc7718c691fb477d0d2f1d853d1ad01", "cd9e80f954e35a0d3a4a35d5e7376ef110dd391a3c3e3fbd640141d63c5b4c1c", "dd2ce215057e11030001f03813e116c4b11406d75068681cf0cc41de4aba2667", "dd72a3a6f50c0409c09567e9187c29b252734451b3a5814d1c60a377cdfaf739", "e2e138502ef3e8e83dbbf02d02db73b021e383e592b39f3b658f68446a963da7", "e433832a285407bc019d5b443c891ef1e436758aeb7afaf67d4151d8cd4d4c56", "e5ef5ac327eb750ccf20d193afe786d7504285e10e275207fe96eb6f0720bd1f", "f1d403c1118525c883c851f370e0736bf476f613f87797d3c1098df7a44fe299", "f7b8d63457a0f9193fc2343f3e84600adb9d20a5de738c5f58ea3625c059439b", "fd7389cfc829f7000267d0cb0accfcf4b8c2c73de0607b31899b0aee7356a26b", "ffa09d8400871f639dd233a6e37deb7248de7ecf7c897f836985da057c73d986"], "path": "%System32%\\Tasks\\metafor.exe"}, {"hashes": ["00a41c3cdaa424eeb6319db533ba421d00deef10194ec3ed41baaff069abfbc6", "08129aba55d0282cf9bddbbd2b04499e972e321bec4477110a3df8ba5e26731a", "09ab7483ce488bc6cf7be401bf1246cf59cde5bc4ebe81d3aebb43ff2cd85398", "09c60f53c40df2a7318c619692756096a1a4a5c485f14e033aae08dcd653df22", "0ddd516729c268faf26249955752d44054a9b574bb4b7c98a734ec4c35513f7c", "189fb3451b47f12e1fa298faf29a657bcf1451b9eecf8894e390a9b49bf065a7", "1bda936bb3a63072cd7ec02d904d5797e604d892e448ae92745c0b99bcb920ca", "1d1f6ee67baf7713754ef87f61397cbc50201d2163c893fc48ef17fd5490f041", "1dd8c3b05b5324703f758c6ad1ba609de4143170b93c1eefc20c14545bd44b08", "23ee90260a961a345f216fa590850992a50af61aa6a8e8934d23fc4c44529634", "2558cf38481549c9fdd11d2b3fde4b0168c8d7fb7726dd8f588e60e22794ac6b", "3970c7b91720a57f356bc895c164f92e776f8e946ff1b059ea0b210b260c256c", "3badfd1548575cffa198d8be072123c415b9a8ec0f5e88338a9dc0b49259fa1c", "45cfd7b084155ba74c37f46ef6c7932e736ab50979b5a904cd0521c8ef894e28", "4dc866260dab99e966d7c6b6bb95f687349109366aa42bd605bc75d4b9e47719", "54ab28a4fea3aab1315aa73ac2a1b89ce71761878e7c7a8392bf6f95f3d0e775", "66293653ca713a861eb03ca30166d83f848795a08d0f3cbc552753dd06a4f49c", "82d3a9e6afd813acc280c1ed2b49d268528aca6d9b0ccba3933f1c734600dd16", "879914057bce3a36fc6736cfdcf0492b622ed5eeb3a2e930f9cda48d1c6157fd", "8897996ae1cd40ab8ba2edb577e5845a65b3fe0c6efe90f3c27ee920ad591c2c", "9a7075f81112630b9569f5463293a6a96a7d0624d47e5bf786cff0d479ce50dd", "9b86d3eceda1e624e9881973daec758e29304f0f6fefd5c5debaf62200462545", "9cb370cedb049039b08ef47c226518ff3881bc8309c89b57e25dc042169ab96a", "a1974279f06f9e589582df17a106e0830baa549780f65ece88488acb535d0179", "a3d578e74702ef75d093a8889312c107c4d13dda49e2b5a3691889fbe2974b37", "a828db8a503476cdd03ae7dca2e8d547acc4c6f3af139c5fd45f9948a128da67", "ac1f1fc3b388480bb7bd199a62cbe6f29838116916185161546b049706f284aa", "b0ba093319eb66f3b86b64d5c80468e50eb7b3d7d6367cdb76161f08de3552d6", "b248e571e370c460158a6830cab97b373bb42a0097f1a53c7614eb855cd497bb", "bcf334e20c396eff7811f125e008bce46940ef068f583a9c08d2b4c6ac5f5aff", "c26d692da76ec707a09bb16fddf20918eae1a437771f88ac9f8906fd7733e882", "c72494a079460be53a0ca6abb0d79d0bcf10b7910a10bd98add12f2ced6a0faf", "c7cb474d6a0c30f8e6f8533879a3dfc569aa5a861df16bb0ea0489fc1b627d13", "c86e5f0c113c534daa1fbc91a82dbd31b038b617ebdb1dc0327b4dfda1a6edd8", "cc7ef3e8d36e206de123e91a750ecc565fc7718c691fb477d0d2f1d853d1ad01", "cd9e80f954e35a0d3a4a35d5e7376ef110dd391a3c3e3fbd640141d63c5b4c1c", "dd2ce215057e11030001f03813e116c4b11406d75068681cf0cc41de4aba2667", "dd72a3a6f50c0409c09567e9187c29b252734451b3a5814d1c60a377cdfaf739", "e2e138502ef3e8e83dbbf02d02db73b021e383e592b39f3b658f68446a963da7", "e433832a285407bc019d5b443c891ef1e436758aeb7afaf67d4151d8cd4d4c56", "e5ef5ac327eb750ccf20d193afe786d7504285e10e275207fe96eb6f0720bd1f", "f1d403c1118525c883c851f370e0736bf476f613f87797d3c1098df7a44fe299", "f7b8d63457a0f9193fc2343f3e84600adb9d20a5de738c5f58ea3625c059439b", "fd7389cfc829f7000267d0cb0accfcf4b8c2c73de0607b31899b0aee7356a26b", "ffa09d8400871f639dd233a6e37deb7248de7ecf7c897f836985da057c73d986"], "path": "%TEMP%\\IXP001.TMP\\en467862.exe"}, {"hashes": ["00a41c3cdaa424eeb6319db533ba421d00deef10194ec3ed41baaff069abfbc6", "08129aba55d0282cf9bddbbd2b04499e972e321bec4477110a3df8ba5e26731a", "09ab7483ce488bc6cf7be401bf1246cf59cde5bc4ebe81d3aebb43ff2cd85398", "09c60f53c40df2a7318c619692756096a1a4a5c485f14e033aae08dcd653df22", "0ddd516729c268faf26249955752d44054a9b574bb4b7c98a734ec4c35513f7c", "189fb3451b47f12e1fa298faf29a657bcf1451b9eecf8894e390a9b49bf065a7", "1bda936bb3a63072cd7ec02d904d5797e604d892e448ae92745c0b99bcb920ca", "1d1f6ee67baf7713754ef87f61397cbc50201d2163c893fc48ef17fd5490f041", "1dd8c3b05b5324703f758c6ad1ba609de4143170b93c1eefc20c14545bd44b08", "23ee90260a961a345f216fa590850992a50af61aa6a8e8934d23fc4c44529634", "2558cf38481549c9fdd11d2b3fde4b0168c8d7fb7726dd8f588e60e22794ac6b", "3970c7b91720a57f356bc895c164f92e776f8e946ff1b059ea0b210b260c256c", "3badfd1548575cffa198d8be072123c415b9a8ec0f5e88338a9dc0b49259fa1c", "45cfd7b084155ba74c37f46ef6c7932e736ab50979b5a904cd0521c8ef894e28", "4dc866260dab99e966d7c6b6bb95f687349109366aa42bd605bc75d4b9e47719", "54ab28a4fea3aab1315aa73ac2a1b89ce71761878e7c7a8392bf6f95f3d0e775", "66293653ca713a861eb03ca30166d83f848795a08d0f3cbc552753dd06a4f49c", "82d3a9e6afd813acc280c1ed2b49d268528aca6d9b0ccba3933f1c734600dd16", "879914057bce3a36fc6736cfdcf0492b622ed5eeb3a2e930f9cda48d1c6157fd", "8897996ae1cd40ab8ba2edb577e5845a65b3fe0c6efe90f3c27ee920ad591c2c", "9a7075f81112630b9569f5463293a6a96a7d0624d47e5bf786cff0d479ce50dd", "9b86d3eceda1e624e9881973daec758e29304f0f6fefd5c5debaf62200462545", "9cb370cedb049039b08ef47c226518ff3881bc8309c89b57e25dc042169ab96a", "a1974279f06f9e589582df17a106e0830baa549780f65ece88488acb535d0179", "a3d578e74702ef75d093a8889312c107c4d13dda49e2b5a3691889fbe2974b37", "a828db8a503476cdd03ae7dca2e8d547acc4c6f3af139c5fd45f9948a128da67", "ac1f1fc3b388480bb7bd199a62cbe6f29838116916185161546b049706f284aa", "b0ba093319eb66f3b86b64d5c80468e50eb7b3d7d6367cdb76161f08de3552d6", "b248e571e370c460158a6830cab97b373bb42a0097f1a53c7614eb855cd497bb", "bcf334e20c396eff7811f125e008bce46940ef068f583a9c08d2b4c6ac5f5aff", "c26d692da76ec707a09bb16fddf20918eae1a437771f88ac9f8906fd7733e882", "c72494a079460be53a0ca6abb0d79d0bcf10b7910a10bd98add12f2ced6a0faf", "c7cb474d6a0c30f8e6f8533879a3dfc569aa5a861df16bb0ea0489fc1b627d13", "c86e5f0c113c534daa1fbc91a82dbd31b038b617ebdb1dc0327b4dfda1a6edd8", "cc7ef3e8d36e206de123e91a750ecc565fc7718c691fb477d0d2f1d853d1ad01", "cd9e80f954e35a0d3a4a35d5e7376ef110dd391a3c3e3fbd640141d63c5b4c1c", "dd2ce215057e11030001f03813e116c4b11406d75068681cf0cc41de4aba2667", "dd72a3a6f50c0409c09567e9187c29b252734451b3a5814d1c60a377cdfaf739", "e2e138502ef3e8e83dbbf02d02db73b021e383e592b39f3b658f68446a963da7", "e433832a285407bc019d5b443c891ef1e436758aeb7afaf67d4151d8cd4d4c56", "e5ef5ac327eb750ccf20d193afe786d7504285e10e275207fe96eb6f0720bd1f", "f1d403c1118525c883c851f370e0736bf476f613f87797d3c1098df7a44fe299", "f7b8d63457a0f9193fc2343f3e84600adb9d20a5de738c5f58ea3625c059439b", "fd7389cfc829f7000267d0cb0accfcf4b8c2c73de0607b31899b0aee7356a26b", "ffa09d8400871f639dd233a6e37deb7248de7ecf7c897f836985da057c73d986"], "path": "%TEMP%\\IXP001.TMP\\kino4251.exe"}, {"hashes": ["00a41c3cdaa424eeb6319db533ba421d00deef10194ec3ed41baaff069abfbc6", "08129aba55d0282cf9bddbbd2b04499e972e321bec4477110a3df8ba5e26731a", "09ab7483ce488bc6cf7be401bf1246cf59cde5bc4ebe81d3aebb43ff2cd85398", "09c60f53c40df2a7318c619692756096a1a4a5c485f14e033aae08dcd653df22", "0ddd516729c268faf26249955752d44054a9b574bb4b7c98a734ec4c35513f7c", "189fb3451b47f12e1fa298faf29a657bcf1451b9eecf8894e390a9b49bf065a7", "1bda936bb3a63072cd7ec02d904d5797e604d892e448ae92745c0b99bcb920ca", "1d1f6ee67baf7713754ef87f61397cbc50201d2163c893fc48ef17fd5490f041", "1dd8c3b05b5324703f758c6ad1ba609de4143170b93c1eefc20c14545bd44b08", "23ee90260a961a345f216fa590850992a50af61aa6a8e8934d23fc4c44529634", "2558cf38481549c9fdd11d2b3fde4b0168c8d7fb7726dd8f588e60e22794ac6b", "3970c7b91720a57f356bc895c164f92e776f8e946ff1b059ea0b210b260c256c", "3badfd1548575cffa198d8be072123c415b9a8ec0f5e88338a9dc0b49259fa1c", "45cfd7b084155ba74c37f46ef6c7932e736ab50979b5a904cd0521c8ef894e28", "4dc866260dab99e966d7c6b6bb95f687349109366aa42bd605bc75d4b9e47719", "54ab28a4fea3aab1315aa73ac2a1b89ce71761878e7c7a8392bf6f95f3d0e775", "66293653ca713a861eb03ca30166d83f848795a08d0f3cbc552753dd06a4f49c", "82d3a9e6afd813acc280c1ed2b49d268528aca6d9b0ccba3933f1c734600dd16", "879914057bce3a36fc6736cfdcf0492b622ed5eeb3a2e930f9cda48d1c6157fd", "8897996ae1cd40ab8ba2edb577e5845a65b3fe0c6efe90f3c27ee920ad591c2c", "9a7075f81112630b9569f5463293a6a96a7d0624d47e5bf786cff0d479ce50dd", "9b86d3eceda1e624e9881973daec758e29304f0f6fefd5c5debaf62200462545", "9cb370cedb049039b08ef47c226518ff3881bc8309c89b57e25dc042169ab96a", "a1974279f06f9e589582df17a106e0830baa549780f65ece88488acb535d0179", "a3d578e74702ef75d093a8889312c107c4d13dda49e2b5a3691889fbe2974b37", "a828db8a503476cdd03ae7dca2e8d547acc4c6f3af139c5fd45f9948a128da67", "ac1f1fc3b388480bb7bd199a62cbe6f29838116916185161546b049706f284aa", "b0ba093319eb66f3b86b64d5c80468e50eb7b3d7d6367cdb76161f08de3552d6", "b248e571e370c460158a6830cab97b373bb42a0097f1a53c7614eb855cd497bb", "bcf334e20c396eff7811f125e008bce46940ef068f583a9c08d2b4c6ac5f5aff", "c26d692da76ec707a09bb16fddf20918eae1a437771f88ac9f8906fd7733e882", "c72494a079460be53a0ca6abb0d79d0bcf10b7910a10bd98add12f2ced6a0faf", "c7cb474d6a0c30f8e6f8533879a3dfc569aa5a861df16bb0ea0489fc1b627d13", "c86e5f0c113c534daa1fbc91a82dbd31b038b617ebdb1dc0327b4dfda1a6edd8", "cc7ef3e8d36e206de123e91a750ecc565fc7718c691fb477d0d2f1d853d1ad01", "cd9e80f954e35a0d3a4a35d5e7376ef110dd391a3c3e3fbd640141d63c5b4c1c", "dd2ce215057e11030001f03813e116c4b11406d75068681cf0cc41de4aba2667", "dd72a3a6f50c0409c09567e9187c29b252734451b3a5814d1c60a377cdfaf739", "e2e138502ef3e8e83dbbf02d02db73b021e383e592b39f3b658f68446a963da7", "e433832a285407bc019d5b443c891ef1e436758aeb7afaf67d4151d8cd4d4c56", "e5ef5ac327eb750ccf20d193afe786d7504285e10e275207fe96eb6f0720bd1f", "f1d403c1118525c883c851f370e0736bf476f613f87797d3c1098df7a44fe299", "f7b8d63457a0f9193fc2343f3e84600adb9d20a5de738c5f58ea3625c059439b", "fd7389cfc829f7000267d0cb0accfcf4b8c2c73de0607b31899b0aee7356a26b", "ffa09d8400871f639dd233a6e37deb7248de7ecf7c897f836985da057c73d986"], "path": "%TEMP%\\IXP002.TMP\\dAE02s16.exe"}, {"hashes": ["00a41c3cdaa424eeb6319db533ba421d00deef10194ec3ed41baaff069abfbc6", "08129aba55d0282cf9bddbbd2b04499e972e321bec4477110a3df8ba5e26731a", "09ab7483ce488bc6cf7be401bf1246cf59cde5bc4ebe81d3aebb43ff2cd85398", "09c60f53c40df2a7318c619692756096a1a4a5c485f14e033aae08dcd653df22", "0ddd516729c268faf26249955752d44054a9b574bb4b7c98a734ec4c35513f7c", "189fb3451b47f12e1fa298faf29a657bcf1451b9eecf8894e390a9b49bf065a7", "1bda936bb3a63072cd7ec02d904d5797e604d892e448ae92745c0b99bcb920ca", "1d1f6ee67baf7713754ef87f61397cbc50201d2163c893fc48ef17fd5490f041", "1dd8c3b05b5324703f758c6ad1ba609de4143170b93c1eefc20c14545bd44b08", "23ee90260a961a345f216fa590850992a50af61aa6a8e8934d23fc4c44529634", "2558cf38481549c9fdd11d2b3fde4b0168c8d7fb7726dd8f588e60e22794ac6b", "3970c7b91720a57f356bc895c164f92e776f8e946ff1b059ea0b210b260c256c", "3badfd1548575cffa198d8be072123c415b9a8ec0f5e88338a9dc0b49259fa1c", "45cfd7b084155ba74c37f46ef6c7932e736ab50979b5a904cd0521c8ef894e28", "4dc866260dab99e966d7c6b6bb95f687349109366aa42bd605bc75d4b9e47719", "54ab28a4fea3aab1315aa73ac2a1b89ce71761878e7c7a8392bf6f95f3d0e775", "66293653ca713a861eb03ca30166d83f848795a08d0f3cbc552753dd06a4f49c", "82d3a9e6afd813acc280c1ed2b49d268528aca6d9b0ccba3933f1c734600dd16", "879914057bce3a36fc6736cfdcf0492b622ed5eeb3a2e930f9cda48d1c6157fd", "8897996ae1cd40ab8ba2edb577e5845a65b3fe0c6efe90f3c27ee920ad591c2c", "9a7075f81112630b9569f5463293a6a96a7d0624d47e5bf786cff0d479ce50dd", "9b86d3eceda1e624e9881973daec758e29304f0f6fefd5c5debaf62200462545", "9cb370cedb049039b08ef47c226518ff3881bc8309c89b57e25dc042169ab96a", "a1974279f06f9e589582df17a106e0830baa549780f65ece88488acb535d0179", "a3d578e74702ef75d093a8889312c107c4d13dda49e2b5a3691889fbe2974b37", "a828db8a503476cdd03ae7dca2e8d547acc4c6f3af139c5fd45f9948a128da67", "ac1f1fc3b388480bb7bd199a62cbe6f29838116916185161546b049706f284aa", "b0ba093319eb66f3b86b64d5c80468e50eb7b3d7d6367cdb76161f08de3552d6", "b248e571e370c460158a6830cab97b373bb42a0097f1a53c7614eb855cd497bb", "bcf334e20c396eff7811f125e008bce46940ef068f583a9c08d2b4c6ac5f5aff", "c26d692da76ec707a09bb16fddf20918eae1a437771f88ac9f8906fd7733e882", "c72494a079460be53a0ca6abb0d79d0bcf10b7910a10bd98add12f2ced6a0faf", "c7cb474d6a0c30f8e6f8533879a3dfc569aa5a861df16bb0ea0489fc1b627d13", "c86e5f0c113c534daa1fbc91a82dbd31b038b617ebdb1dc0327b4dfda1a6edd8", "cc7ef3e8d36e206de123e91a750ecc565fc7718c691fb477d0d2f1d853d1ad01", "cd9e80f954e35a0d3a4a35d5e7376ef110dd391a3c3e3fbd640141d63c5b4c1c", "dd2ce215057e11030001f03813e116c4b11406d75068681cf0cc41de4aba2667", "dd72a3a6f50c0409c09567e9187c29b252734451b3a5814d1c60a377cdfaf739", "e2e138502ef3e8e83dbbf02d02db73b021e383e592b39f3b658f68446a963da7", "e433832a285407bc019d5b443c891ef1e436758aeb7afaf67d4151d8cd4d4c56", "e5ef5ac327eb750ccf20d193afe786d7504285e10e275207fe96eb6f0720bd1f", "f1d403c1118525c883c851f370e0736bf476f613f87797d3c1098df7a44fe299", "f7b8d63457a0f9193fc2343f3e84600adb9d20a5de738c5f58ea3625c059439b", "fd7389cfc829f7000267d0cb0accfcf4b8c2c73de0607b31899b0aee7356a26b", "ffa09d8400871f639dd233a6e37deb7248de7ecf7c897f836985da057c73d986"], "path": "%TEMP%\\IXP002.TMP\\kino2751.exe"}, {"hashes": ["00a41c3cdaa424eeb6319db533ba421d00deef10194ec3ed41baaff069abfbc6", "08129aba55d0282cf9bddbbd2b04499e972e321bec4477110a3df8ba5e26731a", "09ab7483ce488bc6cf7be401bf1246cf59cde5bc4ebe81d3aebb43ff2cd85398", "09c60f53c40df2a7318c619692756096a1a4a5c485f14e033aae08dcd653df22", "0ddd516729c268faf26249955752d44054a9b574bb4b7c98a734ec4c35513f7c", "189fb3451b47f12e1fa298faf29a657bcf1451b9eecf8894e390a9b49bf065a7", "1bda936bb3a63072cd7ec02d904d5797e604d892e448ae92745c0b99bcb920ca", "1d1f6ee67baf7713754ef87f61397cbc50201d2163c893fc48ef17fd5490f041", "1dd8c3b05b5324703f758c6ad1ba609de4143170b93c1eefc20c14545bd44b08", "23ee90260a961a345f216fa590850992a50af61aa6a8e8934d23fc4c44529634", "2558cf38481549c9fdd11d2b3fde4b0168c8d7fb7726dd8f588e60e22794ac6b", "3970c7b91720a57f356bc895c164f92e776f8e946ff1b059ea0b210b260c256c", "3badfd1548575cffa198d8be072123c415b9a8ec0f5e88338a9dc0b49259fa1c", "45cfd7b084155ba74c37f46ef6c7932e736ab50979b5a904cd0521c8ef894e28", "4dc866260dab99e966d7c6b6bb95f687349109366aa42bd605bc75d4b9e47719", "54ab28a4fea3aab1315aa73ac2a1b89ce71761878e7c7a8392bf6f95f3d0e775", "66293653ca713a861eb03ca30166d83f848795a08d0f3cbc552753dd06a4f49c", "82d3a9e6afd813acc280c1ed2b49d268528aca6d9b0ccba3933f1c734600dd16", "879914057bce3a36fc6736cfdcf0492b622ed5eeb3a2e930f9cda48d1c6157fd", "8897996ae1cd40ab8ba2edb577e5845a65b3fe0c6efe90f3c27ee920ad591c2c", "9a7075f81112630b9569f5463293a6a96a7d0624d47e5bf786cff0d479ce50dd", "9b86d3eceda1e624e9881973daec758e29304f0f6fefd5c5debaf62200462545", "9cb370cedb049039b08ef47c226518ff3881bc8309c89b57e25dc042169ab96a", "a1974279f06f9e589582df17a106e0830baa549780f65ece88488acb535d0179", "a3d578e74702ef75d093a8889312c107c4d13dda49e2b5a3691889fbe2974b37", "a828db8a503476cdd03ae7dca2e8d547acc4c6f3af139c5fd45f9948a128da67", "ac1f1fc3b388480bb7bd199a62cbe6f29838116916185161546b049706f284aa", "b0ba093319eb66f3b86b64d5c80468e50eb7b3d7d6367cdb76161f08de3552d6", "b248e571e370c460158a6830cab97b373bb42a0097f1a53c7614eb855cd497bb", "bcf334e20c396eff7811f125e008bce46940ef068f583a9c08d2b4c6ac5f5aff", "c26d692da76ec707a09bb16fddf20918eae1a437771f88ac9f8906fd7733e882", "c72494a079460be53a0ca6abb0d79d0bcf10b7910a10bd98add12f2ced6a0faf", "c7cb474d6a0c30f8e6f8533879a3dfc569aa5a861df16bb0ea0489fc1b627d13", "c86e5f0c113c534daa1fbc91a82dbd31b038b617ebdb1dc0327b4dfda1a6edd8", "cc7ef3e8d36e206de123e91a750ecc565fc7718c691fb477d0d2f1d853d1ad01", "cd9e80f954e35a0d3a4a35d5e7376ef110dd391a3c3e3fbd640141d63c5b4c1c", "dd2ce215057e11030001f03813e116c4b11406d75068681cf0cc41de4aba2667", "dd72a3a6f50c0409c09567e9187c29b252734451b3a5814d1c60a377cdfaf739", "e2e138502ef3e8e83dbbf02d02db73b021e383e592b39f3b658f68446a963da7", "e433832a285407bc019d5b443c891ef1e436758aeb7afaf67d4151d8cd4d4c56", "e5ef5ac327eb750ccf20d193afe786d7504285e10e275207fe96eb6f0720bd1f", "f1d403c1118525c883c851f370e0736bf476f613f87797d3c1098df7a44fe299", "f7b8d63457a0f9193fc2343f3e84600adb9d20a5de738c5f58ea3625c059439b", "fd7389cfc829f7000267d0cb0accfcf4b8c2c73de0607b31899b0aee7356a26b", "ffa09d8400871f639dd233a6e37deb7248de7ecf7c897f836985da057c73d986"], "path": "%TEMP%\\IXP003.TMP\\bus7719.exe"}, {"hashes": ["00a41c3cdaa424eeb6319db533ba421d00deef10194ec3ed41baaff069abfbc6", "08129aba55d0282cf9bddbbd2b04499e972e321bec4477110a3df8ba5e26731a", "09ab7483ce488bc6cf7be401bf1246cf59cde5bc4ebe81d3aebb43ff2cd85398", "09c60f53c40df2a7318c619692756096a1a4a5c485f14e033aae08dcd653df22", "0ddd516729c268faf26249955752d44054a9b574bb4b7c98a734ec4c35513f7c", "189fb3451b47f12e1fa298faf29a657bcf1451b9eecf8894e390a9b49bf065a7", "1bda936bb3a63072cd7ec02d904d5797e604d892e448ae92745c0b99bcb920ca", "1d1f6ee67baf7713754ef87f61397cbc50201d2163c893fc48ef17fd5490f041", "1dd8c3b05b5324703f758c6ad1ba609de4143170b93c1eefc20c14545bd44b08", "23ee90260a961a345f216fa590850992a50af61aa6a8e8934d23fc4c44529634", "2558cf38481549c9fdd11d2b3fde4b0168c8d7fb7726dd8f588e60e22794ac6b", "3970c7b91720a57f356bc895c164f92e776f8e946ff1b059ea0b210b260c256c", "3badfd1548575cffa198d8be072123c415b9a8ec0f5e88338a9dc0b49259fa1c", "45cfd7b084155ba74c37f46ef6c7932e736ab50979b5a904cd0521c8ef894e28", "4dc866260dab99e966d7c6b6bb95f687349109366aa42bd605bc75d4b9e47719", "54ab28a4fea3aab1315aa73ac2a1b89ce71761878e7c7a8392bf6f95f3d0e775", "66293653ca713a861eb03ca30166d83f848795a08d0f3cbc552753dd06a4f49c", "82d3a9e6afd813acc280c1ed2b49d268528aca6d9b0ccba3933f1c734600dd16", "879914057bce3a36fc6736cfdcf0492b622ed5eeb3a2e930f9cda48d1c6157fd", "8897996ae1cd40ab8ba2edb577e5845a65b3fe0c6efe90f3c27ee920ad591c2c", "9a7075f81112630b9569f5463293a6a96a7d0624d47e5bf786cff0d479ce50dd", "9b86d3eceda1e624e9881973daec758e29304f0f6fefd5c5debaf62200462545", "9cb370cedb049039b08ef47c226518ff3881bc8309c89b57e25dc042169ab96a", "a1974279f06f9e589582df17a106e0830baa549780f65ece88488acb535d0179", "a3d578e74702ef75d093a8889312c107c4d13dda49e2b5a3691889fbe2974b37", "a828db8a503476cdd03ae7dca2e8d547acc4c6f3af139c5fd45f9948a128da67", "ac1f1fc3b388480bb7bd199a62cbe6f29838116916185161546b049706f284aa", "b0ba093319eb66f3b86b64d5c80468e50eb7b3d7d6367cdb76161f08de3552d6", "b248e571e370c460158a6830cab97b373bb42a0097f1a53c7614eb855cd497bb", "bcf334e20c396eff7811f125e008bce46940ef068f583a9c08d2b4c6ac5f5aff", "c26d692da76ec707a09bb16fddf20918eae1a437771f88ac9f8906fd7733e882", "c72494a079460be53a0ca6abb0d79d0bcf10b7910a10bd98add12f2ced6a0faf", "c7cb474d6a0c30f8e6f8533879a3dfc569aa5a861df16bb0ea0489fc1b627d13", "c86e5f0c113c534daa1fbc91a82dbd31b038b617ebdb1dc0327b4dfda1a6edd8", "cc7ef3e8d36e206de123e91a750ecc565fc7718c691fb477d0d2f1d853d1ad01", "cd9e80f954e35a0d3a4a35d5e7376ef110dd391a3c3e3fbd640141d63c5b4c1c", "dd2ce215057e11030001f03813e116c4b11406d75068681cf0cc41de4aba2667", "dd72a3a6f50c0409c09567e9187c29b252734451b3a5814d1c60a377cdfaf739", "e2e138502ef3e8e83dbbf02d02db73b021e383e592b39f3b658f68446a963da7", "e433832a285407bc019d5b443c891ef1e436758aeb7afaf67d4151d8cd4d4c56", "e5ef5ac327eb750ccf20d193afe786d7504285e10e275207fe96eb6f0720bd1f", "f1d403c1118525c883c851f370e0736bf476f613f87797d3c1098df7a44fe299", "f7b8d63457a0f9193fc2343f3e84600adb9d20a5de738c5f58ea3625c059439b", "fd7389cfc829f7000267d0cb0accfcf4b8c2c73de0607b31899b0aee7356a26b", "ffa09d8400871f639dd233a6e37deb7248de7ecf7c897f836985da057c73d986"], "path": "%TEMP%\\IXP003.TMP\\con6935.exe"}, {"hashes": ["00a41c3cdaa424eeb6319db533ba421d00deef10194ec3ed41baaff069abfbc6", "08129aba55d0282cf9bddbbd2b04499e972e321bec4477110a3df8ba5e26731a", "09ab7483ce488bc6cf7be401bf1246cf59cde5bc4ebe81d3aebb43ff2cd85398", "09c60f53c40df2a7318c619692756096a1a4a5c485f14e033aae08dcd653df22", "0ddd516729c268faf26249955752d44054a9b574bb4b7c98a734ec4c35513f7c", "189fb3451b47f12e1fa298faf29a657bcf1451b9eecf8894e390a9b49bf065a7", "1bda936bb3a63072cd7ec02d904d5797e604d892e448ae92745c0b99bcb920ca", "1d1f6ee67baf7713754ef87f61397cbc50201d2163c893fc48ef17fd5490f041", "1dd8c3b05b5324703f758c6ad1ba609de4143170b93c1eefc20c14545bd44b08", "23ee90260a961a345f216fa590850992a50af61aa6a8e8934d23fc4c44529634", "2558cf38481549c9fdd11d2b3fde4b0168c8d7fb7726dd8f588e60e22794ac6b", "3970c7b91720a57f356bc895c164f92e776f8e946ff1b059ea0b210b260c256c", "3badfd1548575cffa198d8be072123c415b9a8ec0f5e88338a9dc0b49259fa1c", "45cfd7b084155ba74c37f46ef6c7932e736ab50979b5a904cd0521c8ef894e28", "4dc866260dab99e966d7c6b6bb95f687349109366aa42bd605bc75d4b9e47719", "54ab28a4fea3aab1315aa73ac2a1b89ce71761878e7c7a8392bf6f95f3d0e775", "66293653ca713a861eb03ca30166d83f848795a08d0f3cbc552753dd06a4f49c", "82d3a9e6afd813acc280c1ed2b49d268528aca6d9b0ccba3933f1c734600dd16", "879914057bce3a36fc6736cfdcf0492b622ed5eeb3a2e930f9cda48d1c6157fd", "8897996ae1cd40ab8ba2edb577e5845a65b3fe0c6efe90f3c27ee920ad591c2c", "9a7075f81112630b9569f5463293a6a96a7d0624d47e5bf786cff0d479ce50dd", "9b86d3eceda1e624e9881973daec758e29304f0f6fefd5c5debaf62200462545", "9cb370cedb049039b08ef47c226518ff3881bc8309c89b57e25dc042169ab96a", "a1974279f06f9e589582df17a106e0830baa549780f65ece88488acb535d0179", "a3d578e74702ef75d093a8889312c107c4d13dda49e2b5a3691889fbe2974b37", "a828db8a503476cdd03ae7dca2e8d547acc4c6f3af139c5fd45f9948a128da67", "ac1f1fc3b388480bb7bd199a62cbe6f29838116916185161546b049706f284aa", "b0ba093319eb66f3b86b64d5c80468e50eb7b3d7d6367cdb76161f08de3552d6", "b248e571e370c460158a6830cab97b373bb42a0097f1a53c7614eb855cd497bb", "bcf334e20c396eff7811f125e008bce46940ef068f583a9c08d2b4c6ac5f5aff", "c26d692da76ec707a09bb16fddf20918eae1a437771f88ac9f8906fd7733e882", "c72494a079460be53a0ca6abb0d79d0bcf10b7910a10bd98add12f2ced6a0faf", "c7cb474d6a0c30f8e6f8533879a3dfc569aa5a861df16bb0ea0489fc1b627d13", "c86e5f0c113c534daa1fbc91a82dbd31b038b617ebdb1dc0327b4dfda1a6edd8", "cc7ef3e8d36e206de123e91a750ecc565fc7718c691fb477d0d2f1d853d1ad01", "cd9e80f954e35a0d3a4a35d5e7376ef110dd391a3c3e3fbd640141d63c5b4c1c", "dd2ce215057e11030001f03813e116c4b11406d75068681cf0cc41de4aba2667", "dd72a3a6f50c0409c09567e9187c29b252734451b3a5814d1c60a377cdfaf739", "e2e138502ef3e8e83dbbf02d02db73b021e383e592b39f3b658f68446a963da7", "e433832a285407bc019d5b443c891ef1e436758aeb7afaf67d4151d8cd4d4c56", "e5ef5ac327eb750ccf20d193afe786d7504285e10e275207fe96eb6f0720bd1f", "f1d403c1118525c883c851f370e0736bf476f613f87797d3c1098df7a44fe299", "f7b8d63457a0f9193fc2343f3e84600adb9d20a5de738c5f58ea3625c059439b", "fd7389cfc829f7000267d0cb0accfcf4b8c2c73de0607b31899b0aee7356a26b", "ffa09d8400871f639dd233a6e37deb7248de7ecf7c897f836985da057c73d986"], "path": "%TEMP%\\IXP000.TMP\\ge023694.exe"}, {"hashes": ["00a41c3cdaa424eeb6319db533ba421d00deef10194ec3ed41baaff069abfbc6", "08129aba55d0282cf9bddbbd2b04499e972e321bec4477110a3df8ba5e26731a", "09ab7483ce488bc6cf7be401bf1246cf59cde5bc4ebe81d3aebb43ff2cd85398", "09c60f53c40df2a7318c619692756096a1a4a5c485f14e033aae08dcd653df22", "0ddd516729c268faf26249955752d44054a9b574bb4b7c98a734ec4c35513f7c", "189fb3451b47f12e1fa298faf29a657bcf1451b9eecf8894e390a9b49bf065a7", "1bda936bb3a63072cd7ec02d904d5797e604d892e448ae92745c0b99bcb920ca", "1d1f6ee67baf7713754ef87f61397cbc50201d2163c893fc48ef17fd5490f041", "1dd8c3b05b5324703f758c6ad1ba609de4143170b93c1eefc20c14545bd44b08", "23ee90260a961a345f216fa590850992a50af61aa6a8e8934d23fc4c44529634", "2558cf38481549c9fdd11d2b3fde4b0168c8d7fb7726dd8f588e60e22794ac6b", "3970c7b91720a57f356bc895c164f92e776f8e946ff1b059ea0b210b260c256c", "3badfd1548575cffa198d8be072123c415b9a8ec0f5e88338a9dc0b49259fa1c", "45cfd7b084155ba74c37f46ef6c7932e736ab50979b5a904cd0521c8ef894e28", "4dc866260dab99e966d7c6b6bb95f687349109366aa42bd605bc75d4b9e47719", "54ab28a4fea3aab1315aa73ac2a1b89ce71761878e7c7a8392bf6f95f3d0e775", "66293653ca713a861eb03ca30166d83f848795a08d0f3cbc552753dd06a4f49c", "82d3a9e6afd813acc280c1ed2b49d268528aca6d9b0ccba3933f1c734600dd16", "879914057bce3a36fc6736cfdcf0492b622ed5eeb3a2e930f9cda48d1c6157fd", "8897996ae1cd40ab8ba2edb577e5845a65b3fe0c6efe90f3c27ee920ad591c2c", "9a7075f81112630b9569f5463293a6a96a7d0624d47e5bf786cff0d479ce50dd", "9b86d3eceda1e624e9881973daec758e29304f0f6fefd5c5debaf62200462545", "9cb370cedb049039b08ef47c226518ff3881bc8309c89b57e25dc042169ab96a", "a1974279f06f9e589582df17a106e0830baa549780f65ece88488acb535d0179", "a3d578e74702ef75d093a8889312c107c4d13dda49e2b5a3691889fbe2974b37", "a828db8a503476cdd03ae7dca2e8d547acc4c6f3af139c5fd45f9948a128da67", "ac1f1fc3b388480bb7bd199a62cbe6f29838116916185161546b049706f284aa", "b0ba093319eb66f3b86b64d5c80468e50eb7b3d7d6367cdb76161f08de3552d6", "b248e571e370c460158a6830cab97b373bb42a0097f1a53c7614eb855cd497bb", "bcf334e20c396eff7811f125e008bce46940ef068f583a9c08d2b4c6ac5f5aff", "c26d692da76ec707a09bb16fddf20918eae1a437771f88ac9f8906fd7733e882", "c72494a079460be53a0ca6abb0d79d0bcf10b7910a10bd98add12f2ced6a0faf", "c7cb474d6a0c30f8e6f8533879a3dfc569aa5a861df16bb0ea0489fc1b627d13", "c86e5f0c113c534daa1fbc91a82dbd31b038b617ebdb1dc0327b4dfda1a6edd8", "cc7ef3e8d36e206de123e91a750ecc565fc7718c691fb477d0d2f1d853d1ad01", "cd9e80f954e35a0d3a4a35d5e7376ef110dd391a3c3e3fbd640141d63c5b4c1c", "dd2ce215057e11030001f03813e116c4b11406d75068681cf0cc41de4aba2667", "dd72a3a6f50c0409c09567e9187c29b252734451b3a5814d1c60a377cdfaf739", "e2e138502ef3e8e83dbbf02d02db73b021e383e592b39f3b658f68446a963da7", "e433832a285407bc019d5b443c891ef1e436758aeb7afaf67d4151d8cd4d4c56", "e5ef5ac327eb750ccf20d193afe786d7504285e10e275207fe96eb6f0720bd1f", "f1d403c1118525c883c851f370e0736bf476f613f87797d3c1098df7a44fe299", "f7b8d63457a0f9193fc2343f3e84600adb9d20a5de738c5f58ea3625c059439b", "fd7389cfc829f7000267d0cb0accfcf4b8c2c73de0607b31899b0aee7356a26b", "ffa09d8400871f639dd233a6e37deb7248de7ecf7c897f836985da057c73d986"], "path": "%TEMP%\\IXP000.TMP\\kino6903.exe"}, {"hashes": ["a828db8a503476cdd03ae7dca2e8d547acc4c6f3af139c5fd45f9948a128da67"], "path": "%TEMP%\\1000005051"}, {"hashes": ["a828db8a503476cdd03ae7dca2e8d547acc4c6f3af139c5fd45f9948a128da67"], "path": "%TEMP%\\1000005051\\foto0162.exe"}, {"hashes": ["a828db8a503476cdd03ae7dca2e8d547acc4c6f3af139c5fd45f9948a128da67"], "path": "%TEMP%\\IXP000.TMP\\si449430.exe"}, {"hashes": ["a828db8a503476cdd03ae7dca2e8d547acc4c6f3af139c5fd45f9948a128da67"], "path": "%TEMP%\\IXP000.TMP\\unio6664.exe"}, {"hashes": ["a828db8a503476cdd03ae7dca2e8d547acc4c6f3af139c5fd45f9948a128da67"], "path": "%TEMP%\\IXP001.TMP\\rgE97s18.exe"}, {"hashes": ["a828db8a503476cdd03ae7dca2e8d547acc4c6f3af139c5fd45f9948a128da67"], "path": "%TEMP%\\IXP001.TMP\\unio2273.exe"}, {"hashes": ["a828db8a503476cdd03ae7dca2e8d547acc4c6f3af139c5fd45f9948a128da67"], "path": "%TEMP%\\IXP002.TMP\\pro0091.exe"}, {"hashes": ["a828db8a503476cdd03ae7dca2e8d547acc4c6f3af139c5fd45f9948a128da67"], "path": "%TEMP%\\IXP002.TMP\\qu1017.exe"}], "ip": [{"hashes": ["00a41c3cdaa424eeb6319db533ba421d00deef10194ec3ed41baaff069abfbc6", "08129aba55d0282cf9bddbbd2b04499e972e321bec4477110a3df8ba5e26731a", "09ab7483ce488bc6cf7be401bf1246cf59cde5bc4ebe81d3aebb43ff2cd85398", "09c60f53c40df2a7318c619692756096a1a4a5c485f14e033aae08dcd653df22", "0ddd516729c268faf26249955752d44054a9b574bb4b7c98a734ec4c35513f7c", "189fb3451b47f12e1fa298faf29a657bcf1451b9eecf8894e390a9b49bf065a7", "1bda936bb3a63072cd7ec02d904d5797e604d892e448ae92745c0b99bcb920ca", "1d1f6ee67baf7713754ef87f61397cbc50201d2163c893fc48ef17fd5490f041", "1dd8c3b05b5324703f758c6ad1ba609de4143170b93c1eefc20c14545bd44b08", "23ee90260a961a345f216fa590850992a50af61aa6a8e8934d23fc4c44529634", "2558cf38481549c9fdd11d2b3fde4b0168c8d7fb7726dd8f588e60e22794ac6b", "3970c7b91720a57f356bc895c164f92e776f8e946ff1b059ea0b210b260c256c", "3badfd1548575cffa198d8be072123c415b9a8ec0f5e88338a9dc0b49259fa1c", "45cfd7b084155ba74c37f46ef6c7932e736ab50979b5a904cd0521c8ef894e28", "4dc866260dab99e966d7c6b6bb95f687349109366aa42bd605bc75d4b9e47719", "54ab28a4fea3aab1315aa73ac2a1b89ce71761878e7c7a8392bf6f95f3d0e775", "66293653ca713a861eb03ca30166d83f848795a08d0f3cbc552753dd06a4f49c", "82d3a9e6afd813acc280c1ed2b49d268528aca6d9b0ccba3933f1c734600dd16", "879914057bce3a36fc6736cfdcf0492b622ed5eeb3a2e930f9cda48d1c6157fd", "8897996ae1cd40ab8ba2edb577e5845a65b3fe0c6efe90f3c27ee920ad591c2c", "9a7075f81112630b9569f5463293a6a96a7d0624d47e5bf786cff0d479ce50dd", "9b86d3eceda1e624e9881973daec758e29304f0f6fefd5c5debaf62200462545", "9cb370cedb049039b08ef47c226518ff3881bc8309c89b57e25dc042169ab96a", "a1974279f06f9e589582df17a106e0830baa549780f65ece88488acb535d0179", "a3d578e74702ef75d093a8889312c107c4d13dda49e2b5a3691889fbe2974b37", "a828db8a503476cdd03ae7dca2e8d547acc4c6f3af139c5fd45f9948a128da67", "ac1f1fc3b388480bb7bd199a62cbe6f29838116916185161546b049706f284aa", "b0ba093319eb66f3b86b64d5c80468e50eb7b3d7d6367cdb76161f08de3552d6", "b248e571e370c460158a6830cab97b373bb42a0097f1a53c7614eb855cd497bb", "bcf334e20c396eff7811f125e008bce46940ef068f583a9c08d2b4c6ac5f5aff", "c26d692da76ec707a09bb16fddf20918eae1a437771f88ac9f8906fd7733e882", "c72494a079460be53a0ca6abb0d79d0bcf10b7910a10bd98add12f2ced6a0faf", "c7cb474d6a0c30f8e6f8533879a3dfc569aa5a861df16bb0ea0489fc1b627d13", "c86e5f0c113c534daa1fbc91a82dbd31b038b617ebdb1dc0327b4dfda1a6edd8", "cc7ef3e8d36e206de123e91a750ecc565fc7718c691fb477d0d2f1d853d1ad01", "cd9e80f954e35a0d3a4a35d5e7376ef110dd391a3c3e3fbd640141d63c5b4c1c", "dd2ce215057e11030001f03813e116c4b11406d75068681cf0cc41de4aba2667", "dd72a3a6f50c0409c09567e9187c29b252734451b3a5814d1c60a377cdfaf739", "e2e138502ef3e8e83dbbf02d02db73b021e383e592b39f3b658f68446a963da7", "e433832a285407bc019d5b443c891ef1e436758aeb7afaf67d4151d8cd4d4c56", "e5ef5ac327eb750ccf20d193afe786d7504285e10e275207fe96eb6f0720bd1f", "f1d403c1118525c883c851f370e0736bf476f613f87797d3c1098df7a44fe299", "f7b8d63457a0f9193fc2343f3e84600adb9d20a5de738c5f58ea3625c059439b", "fd7389cfc829f7000267d0cb0accfcf4b8c2c73de0607b31899b0aee7356a26b", "ffa09d8400871f639dd233a6e37deb7248de7ecf7c897f836985da057c73d986"], "ip": "31[.]41[.]244[.]200"}, {"hashes": ["00a41c3cdaa424eeb6319db533ba421d00deef10194ec3ed41baaff069abfbc6", "08129aba55d0282cf9bddbbd2b04499e972e321bec4477110a3df8ba5e26731a", "09ab7483ce488bc6cf7be401bf1246cf59cde5bc4ebe81d3aebb43ff2cd85398", "09c60f53c40df2a7318c619692756096a1a4a5c485f14e033aae08dcd653df22", "0ddd516729c268faf26249955752d44054a9b574bb4b7c98a734ec4c35513f7c", "189fb3451b47f12e1fa298faf29a657bcf1451b9eecf8894e390a9b49bf065a7", "1bda936bb3a63072cd7ec02d904d5797e604d892e448ae92745c0b99bcb920ca", "1d1f6ee67baf7713754ef87f61397cbc50201d2163c893fc48ef17fd5490f041", "1dd8c3b05b5324703f758c6ad1ba609de4143170b93c1eefc20c14545bd44b08", "23ee90260a961a345f216fa590850992a50af61aa6a8e8934d23fc4c44529634", "2558cf38481549c9fdd11d2b3fde4b0168c8d7fb7726dd8f588e60e22794ac6b", "3970c7b91720a57f356bc895c164f92e776f8e946ff1b059ea0b210b260c256c", "3badfd1548575cffa198d8be072123c415b9a8ec0f5e88338a9dc0b49259fa1c", "45cfd7b084155ba74c37f46ef6c7932e736ab50979b5a904cd0521c8ef894e28", "4dc866260dab99e966d7c6b6bb95f687349109366aa42bd605bc75d4b9e47719", "54ab28a4fea3aab1315aa73ac2a1b89ce71761878e7c7a8392bf6f95f3d0e775", "66293653ca713a861eb03ca30166d83f848795a08d0f3cbc552753dd06a4f49c", "82d3a9e6afd813acc280c1ed2b49d268528aca6d9b0ccba3933f1c734600dd16", "879914057bce3a36fc6736cfdcf0492b622ed5eeb3a2e930f9cda48d1c6157fd", "8897996ae1cd40ab8ba2edb577e5845a65b3fe0c6efe90f3c27ee920ad591c2c", "9a7075f81112630b9569f5463293a6a96a7d0624d47e5bf786cff0d479ce50dd", "9b86d3eceda1e624e9881973daec758e29304f0f6fefd5c5debaf62200462545", "9cb370cedb049039b08ef47c226518ff3881bc8309c89b57e25dc042169ab96a", "a1974279f06f9e589582df17a106e0830baa549780f65ece88488acb535d0179", "a3d578e74702ef75d093a8889312c107c4d13dda49e2b5a3691889fbe2974b37", "a828db8a503476cdd03ae7dca2e8d547acc4c6f3af139c5fd45f9948a128da67", "ac1f1fc3b388480bb7bd199a62cbe6f29838116916185161546b049706f284aa", "b0ba093319eb66f3b86b64d5c80468e50eb7b3d7d6367cdb76161f08de3552d6", "b248e571e370c460158a6830cab97b373bb42a0097f1a53c7614eb855cd497bb", "bcf334e20c396eff7811f125e008bce46940ef068f583a9c08d2b4c6ac5f5aff", "c26d692da76ec707a09bb16fddf20918eae1a437771f88ac9f8906fd7733e882", "c72494a079460be53a0ca6abb0d79d0bcf10b7910a10bd98add12f2ced6a0faf", "c7cb474d6a0c30f8e6f8533879a3dfc569aa5a861df16bb0ea0489fc1b627d13", "c86e5f0c113c534daa1fbc91a82dbd31b038b617ebdb1dc0327b4dfda1a6edd8", "cc7ef3e8d36e206de123e91a750ecc565fc7718c691fb477d0d2f1d853d1ad01", "cd9e80f954e35a0d3a4a35d5e7376ef110dd391a3c3e3fbd640141d63c5b4c1c", "dd2ce215057e11030001f03813e116c4b11406d75068681cf0cc41de4aba2667", "dd72a3a6f50c0409c09567e9187c29b252734451b3a5814d1c60a377cdfaf739", "e2e138502ef3e8e83dbbf02d02db73b021e383e592b39f3b658f68446a963da7", "e433832a285407bc019d5b443c891ef1e436758aeb7afaf67d4151d8cd4d4c56", "e5ef5ac327eb750ccf20d193afe786d7504285e10e275207fe96eb6f0720bd1f", "f1d403c1118525c883c851f370e0736bf476f613f87797d3c1098df7a44fe299", "f7b8d63457a0f9193fc2343f3e84600adb9d20a5de738c5f58ea3625c059439b", "fd7389cfc829f7000267d0cb0accfcf4b8c2c73de0607b31899b0aee7356a26b", "ffa09d8400871f639dd233a6e37deb7248de7ecf7c897f836985da057c73d986"], "ip": "193[.]233[.]20[.]30"}], "mutex": [{"hashes": ["00a41c3cdaa424eeb6319db533ba421d00deef10194ec3ed41baaff069abfbc6", "08129aba55d0282cf9bddbbd2b04499e972e321bec4477110a3df8ba5e26731a", "09ab7483ce488bc6cf7be401bf1246cf59cde5bc4ebe81d3aebb43ff2cd85398", "09c60f53c40df2a7318c619692756096a1a4a5c485f14e033aae08dcd653df22", "0ddd516729c268faf26249955752d44054a9b574bb4b7c98a734ec4c35513f7c", "189fb3451b47f12e1fa298faf29a657bcf1451b9eecf8894e390a9b49bf065a7", "1bda936bb3a63072cd7ec02d904d5797e604d892e448ae92745c0b99bcb920ca", "1d1f6ee67baf7713754ef87f61397cbc50201d2163c893fc48ef17fd5490f041", "1dd8c3b05b5324703f758c6ad1ba609de4143170b93c1eefc20c14545bd44b08", "23ee90260a961a345f216fa590850992a50af61aa6a8e8934d23fc4c44529634", "2558cf38481549c9fdd11d2b3fde4b0168c8d7fb7726dd8f588e60e22794ac6b", "3970c7b91720a57f356bc895c164f92e776f8e946ff1b059ea0b210b260c256c", "3badfd1548575cffa198d8be072123c415b9a8ec0f5e88338a9dc0b49259fa1c", "45cfd7b084155ba74c37f46ef6c7932e736ab50979b5a904cd0521c8ef894e28", "4dc866260dab99e966d7c6b6bb95f687349109366aa42bd605bc75d4b9e47719", "54ab28a4fea3aab1315aa73ac2a1b89ce71761878e7c7a8392bf6f95f3d0e775", "66293653ca713a861eb03ca30166d83f848795a08d0f3cbc552753dd06a4f49c", "82d3a9e6afd813acc280c1ed2b49d268528aca6d9b0ccba3933f1c734600dd16", "879914057bce3a36fc6736cfdcf0492b622ed5eeb3a2e930f9cda48d1c6157fd", "8897996ae1cd40ab8ba2edb577e5845a65b3fe0c6efe90f3c27ee920ad591c2c", "9a7075f81112630b9569f5463293a6a96a7d0624d47e5bf786cff0d479ce50dd", "9b86d3eceda1e624e9881973daec758e29304f0f6fefd5c5debaf62200462545", "9cb370cedb049039b08ef47c226518ff3881bc8309c89b57e25dc042169ab96a", "a1974279f06f9e589582df17a106e0830baa549780f65ece88488acb535d0179", "a3d578e74702ef75d093a8889312c107c4d13dda49e2b5a3691889fbe2974b37", "a828db8a503476cdd03ae7dca2e8d547acc4c6f3af139c5fd45f9948a128da67", "ac1f1fc3b388480bb7bd199a62cbe6f29838116916185161546b049706f284aa", "b0ba093319eb66f3b86b64d5c80468e50eb7b3d7d6367cdb76161f08de3552d6", "b248e571e370c460158a6830cab97b373bb42a0097f1a53c7614eb855cd497bb", "bcf334e20c396eff7811f125e008bce46940ef068f583a9c08d2b4c6ac5f5aff", "c26d692da76ec707a09bb16fddf20918eae1a437771f88ac9f8906fd7733e882", "c72494a079460be53a0ca6abb0d79d0bcf10b7910a10bd98add12f2ced6a0faf", "c7cb474d6a0c30f8e6f8533879a3dfc569aa5a861df16bb0ea0489fc1b627d13", "c86e5f0c113c534daa1fbc91a82dbd31b038b617ebdb1dc0327b4dfda1a6edd8", "cc7ef3e8d36e206de123e91a750ecc565fc7718c691fb477d0d2f1d853d1ad01", "cd9e80f954e35a0d3a4a35d5e7376ef110dd391a3c3e3fbd640141d63c5b4c1c", "dd2ce215057e11030001f03813e116c4b11406d75068681cf0cc41de4aba2667", "dd72a3a6f50c0409c09567e9187c29b252734451b3a5814d1c60a377cdfaf739", "e2e138502ef3e8e83dbbf02d02db73b021e383e592b39f3b658f68446a963da7", "e433832a285407bc019d5b443c891ef1e436758aeb7afaf67d4151d8cd4d4c56", "e5ef5ac327eb750ccf20d193afe786d7504285e10e275207fe96eb6f0720bd1f", "f1d403c1118525c883c851f370e0736bf476f613f87797d3c1098df7a44fe299", "f7b8d63457a0f9193fc2343f3e84600adb9d20a5de738c5f58ea3625c059439b", "fd7389cfc829f7000267d0cb0accfcf4b8c2c73de0607b31899b0aee7356a26b", "ffa09d8400871f639dd233a6e37deb7248de7ecf7c897f836985da057c73d986"], "name": "006700e5a2ab05704bbb0c589b88924d"}], "registry": [{"hashes": ["00a41c3cdaa424eeb6319db533ba421d00deef10194ec3ed41baaff069abfbc6", "08129aba55d0282cf9bddbbd2b04499e972e321bec4477110a3df8ba5e26731a", "09ab7483ce488bc6cf7be401bf1246cf59cde5bc4ebe81d3aebb43ff2cd85398", "09c60f53c40df2a7318c619692756096a1a4a5c485f14e033aae08dcd653df22", "0ddd516729c268faf26249955752d44054a9b574bb4b7c98a734ec4c35513f7c", "189fb3451b47f12e1fa298faf29a657bcf1451b9eecf8894e390a9b49bf065a7", "1bda936bb3a63072cd7ec02d904d5797e604d892e448ae92745c0b99bcb920ca", "1d1f6ee67baf7713754ef87f61397cbc50201d2163c893fc48ef17fd5490f041", "1dd8c3b05b5324703f758c6ad1ba609de4143170b93c1eefc20c14545bd44b08", "23ee90260a961a345f216fa590850992a50af61aa6a8e8934d23fc4c44529634", "2558cf38481549c9fdd11d2b3fde4b0168c8d7fb7726dd8f588e60e22794ac6b", "3970c7b91720a57f356bc895c164f92e776f8e946ff1b059ea0b210b260c256c", "3badfd1548575cffa198d8be072123c415b9a8ec0f5e88338a9dc0b49259fa1c", "45cfd7b084155ba74c37f46ef6c7932e736ab50979b5a904cd0521c8ef894e28", "4dc866260dab99e966d7c6b6bb95f687349109366aa42bd605bc75d4b9e47719", "54ab28a4fea3aab1315aa73ac2a1b89ce71761878e7c7a8392bf6f95f3d0e775", "66293653ca713a861eb03ca30166d83f848795a08d0f3cbc552753dd06a4f49c", "82d3a9e6afd813acc280c1ed2b49d268528aca6d9b0ccba3933f1c734600dd16", "879914057bce3a36fc6736cfdcf0492b622ed5eeb3a2e930f9cda48d1c6157fd", "8897996ae1cd40ab8ba2edb577e5845a65b3fe0c6efe90f3c27ee920ad591c2c", "9a7075f81112630b9569f5463293a6a96a7d0624d47e5bf786cff0d479ce50dd", "9b86d3eceda1e624e9881973daec758e29304f0f6fefd5c5debaf62200462545", "9cb370cedb049039b08ef47c226518ff3881bc8309c89b57e25dc042169ab96a", "a1974279f06f9e589582df17a106e0830baa549780f65ece88488acb535d0179", "a3d578e74702ef75d093a8889312c107c4d13dda49e2b5a3691889fbe2974b37", "a828db8a503476cdd03ae7dca2e8d547acc4c6f3af139c5fd45f9948a128da67", "ac1f1fc3b388480bb7bd199a62cbe6f29838116916185161546b049706f284aa", "b0ba093319eb66f3b86b64d5c80468e50eb7b3d7d6367cdb76161f08de3552d6", "b248e571e370c460158a6830cab97b373bb42a0097f1a53c7614eb855cd497bb", "bcf334e20c396eff7811f125e008bce46940ef068f583a9c08d2b4c6ac5f5aff", "c26d692da76ec707a09bb16fddf20918eae1a437771f88ac9f8906fd7733e882", "c72494a079460be53a0ca6abb0d79d0bcf10b7910a10bd98add12f2ced6a0faf", "c7cb474d6a0c30f8e6f8533879a3dfc569aa5a861df16bb0ea0489fc1b627d13", "c86e5f0c113c534daa1fbc91a82dbd31b038b617ebdb1dc0327b4dfda1a6edd8", "cc7ef3e8d36e206de123e91a750ecc565fc7718c691fb477d0d2f1d853d1ad01", "cd9e80f954e35a0d3a4a35d5e7376ef110dd391a3c3e3fbd640141d63c5b4c1c", "dd2ce215057e11030001f03813e116c4b11406d75068681cf0cc41de4aba2667", "dd72a3a6f50c0409c09567e9187c29b252734451b3a5814d1c60a377cdfaf739", "e2e138502ef3e8e83dbbf02d02db73b021e383e592b39f3b658f68446a963da7", "e433832a285407bc019d5b443c891ef1e436758aeb7afaf67d4151d8cd4d4c56", "e5ef5ac327eb750ccf20d193afe786d7504285e10e275207fe96eb6f0720bd1f", "f1d403c1118525c883c851f370e0736bf476f613f87797d3c1098df7a44fe299", "f7b8d63457a0f9193fc2343f3e84600adb9d20a5de738c5f58ea3625c059439b", "fd7389cfc829f7000267d0cb0accfcf4b8c2c73de0607b31899b0aee7356a26b", "ffa09d8400871f639dd233a6e37deb7248de7ecf7c897f836985da057c73d986"], "key": "<HKLM>\\SOFTWARE\\POLICIES\\MICROSOFT\\WINDOWS DEFENDER", "value_name": "DisableAntiSpyware"}, {"hashes": ["00a41c3cdaa424eeb6319db533ba421d00deef10194ec3ed41baaff069abfbc6", "08129aba55d0282cf9bddbbd2b04499e972e321bec4477110a3df8ba5e26731a", "09ab7483ce488bc6cf7be401bf1246cf59cde5bc4ebe81d3aebb43ff2cd85398", "09c60f53c40df2a7318c619692756096a1a4a5c485f14e033aae08dcd653df22", "0ddd516729c268faf26249955752d44054a9b574bb4b7c98a734ec4c35513f7c", "189fb3451b47f12e1fa298faf29a657bcf1451b9eecf8894e390a9b49bf065a7", "1bda936bb3a63072cd7ec02d904d5797e604d892e448ae92745c0b99bcb920ca", "1d1f6ee67baf7713754ef87f61397cbc50201d2163c893fc48ef17fd5490f041", "1dd8c3b05b5324703f758c6ad1ba609de4143170b93c1eefc20c14545bd44b08", "23ee90260a961a345f216fa590850992a50af61aa6a8e8934d23fc4c44529634", "2558cf38481549c9fdd11d2b3fde4b0168c8d7fb7726dd8f588e60e22794ac6b", "3970c7b91720a57f356bc895c164f92e776f8e946ff1b059ea0b210b260c256c", "3badfd1548575cffa198d8be072123c415b9a8ec0f5e88338a9dc0b49259fa1c", "45cfd7b084155ba74c37f46ef6c7932e736ab50979b5a904cd0521c8ef894e28", "4dc866260dab99e966d7c6b6bb95f687349109366aa42bd605bc75d4b9e47719", "54ab28a4fea3aab1315aa73ac2a1b89ce71761878e7c7a8392bf6f95f3d0e775", "66293653ca713a861eb03ca30166d83f848795a08d0f3cbc552753dd06a4f49c", "82d3a9e6afd813acc280c1ed2b49d268528aca6d9b0ccba3933f1c734600dd16", "879914057bce3a36fc6736cfdcf0492b622ed5eeb3a2e930f9cda48d1c6157fd", "8897996ae1cd40ab8ba2edb577e5845a65b3fe0c6efe90f3c27ee920ad591c2c", "9a7075f81112630b9569f5463293a6a96a7d0624d47e5bf786cff0d479ce50dd", "9b86d3eceda1e624e9881973daec758e29304f0f6fefd5c5debaf62200462545", "9cb370cedb049039b08ef47c226518ff3881bc8309c89b57e25dc042169ab96a", "a1974279f06f9e589582df17a106e0830baa549780f65ece88488acb535d0179", "a3d578e74702ef75d093a8889312c107c4d13dda49e2b5a3691889fbe2974b37", "a828db8a503476cdd03ae7dca2e8d547acc4c6f3af139c5fd45f9948a128da67", "ac1f1fc3b388480bb7bd199a62cbe6f29838116916185161546b049706f284aa", "b0ba093319eb66f3b86b64d5c80468e50eb7b3d7d6367cdb76161f08de3552d6", "b248e571e370c460158a6830cab97b373bb42a0097f1a53c7614eb855cd497bb", "bcf334e20c396eff7811f125e008bce46940ef068f583a9c08d2b4c6ac5f5aff", "c26d692da76ec707a09bb16fddf20918eae1a437771f88ac9f8906fd7733e882", "c72494a079460be53a0ca6abb0d79d0bcf10b7910a10bd98add12f2ced6a0faf", "c7cb474d6a0c30f8e6f8533879a3dfc569aa5a861df16bb0ea0489fc1b627d13", "c86e5f0c113c534daa1fbc91a82dbd31b038b617ebdb1dc0327b4dfda1a6edd8", "cc7ef3e8d36e206de123e91a750ecc565fc7718c691fb477d0d2f1d853d1ad01", "cd9e80f954e35a0d3a4a35d5e7376ef110dd391a3c3e3fbd640141d63c5b4c1c", "dd2ce215057e11030001f03813e116c4b11406d75068681cf0cc41de4aba2667", "dd72a3a6f50c0409c09567e9187c29b252734451b3a5814d1c60a377cdfaf739", "e2e138502ef3e8e83dbbf02d02db73b021e383e592b39f3b658f68446a963da7", "e433832a285407bc019d5b443c891ef1e436758aeb7afaf67d4151d8cd4d4c56", "e5ef5ac327eb750ccf20d193afe786d7504285e10e275207fe96eb6f0720bd1f", "f1d403c1118525c883c851f370e0736bf476f613f87797d3c1098df7a44fe299", "f7b8d63457a0f9193fc2343f3e84600adb9d20a5de738c5f58ea3625c059439b", "fd7389cfc829f7000267d0cb0accfcf4b8c2c73de0607b31899b0aee7356a26b", "ffa09d8400871f639dd233a6e37deb7248de7ecf7c897f836985da057c73d986"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WINDEFEND", "value_name": "Start"}, {"hashes": ["00a41c3cdaa424eeb6319db533ba421d00deef10194ec3ed41baaff069abfbc6", "08129aba55d0282cf9bddbbd2b04499e972e321bec4477110a3df8ba5e26731a", "09ab7483ce488bc6cf7be401bf1246cf59cde5bc4ebe81d3aebb43ff2cd85398", "09c60f53c40df2a7318c619692756096a1a4a5c485f14e033aae08dcd653df22", "0ddd516729c268faf26249955752d44054a9b574bb4b7c98a734ec4c35513f7c", "189fb3451b47f12e1fa298faf29a657bcf1451b9eecf8894e390a9b49bf065a7", "1bda936bb3a63072cd7ec02d904d5797e604d892e448ae92745c0b99bcb920ca", "1d1f6ee67baf7713754ef87f61397cbc50201d2163c893fc48ef17fd5490f041", "1dd8c3b05b5324703f758c6ad1ba609de4143170b93c1eefc20c14545bd44b08", "23ee90260a961a345f216fa590850992a50af61aa6a8e8934d23fc4c44529634", "2558cf38481549c9fdd11d2b3fde4b0168c8d7fb7726dd8f588e60e22794ac6b", "3970c7b91720a57f356bc895c164f92e776f8e946ff1b059ea0b210b260c256c", "3badfd1548575cffa198d8be072123c415b9a8ec0f5e88338a9dc0b49259fa1c", "45cfd7b084155ba74c37f46ef6c7932e736ab50979b5a904cd0521c8ef894e28", "4dc866260dab99e966d7c6b6bb95f687349109366aa42bd605bc75d4b9e47719", "54ab28a4fea3aab1315aa73ac2a1b89ce71761878e7c7a8392bf6f95f3d0e775", "66293653ca713a861eb03ca30166d83f848795a08d0f3cbc552753dd06a4f49c", "82d3a9e6afd813acc280c1ed2b49d268528aca6d9b0ccba3933f1c734600dd16", "879914057bce3a36fc6736cfdcf0492b622ed5eeb3a2e930f9cda48d1c6157fd", "8897996ae1cd40ab8ba2edb577e5845a65b3fe0c6efe90f3c27ee920ad591c2c", "9a7075f81112630b9569f5463293a6a96a7d0624d47e5bf786cff0d479ce50dd", "9b86d3eceda1e624e9881973daec758e29304f0f6fefd5c5debaf62200462545", "9cb370cedb049039b08ef47c226518ff3881bc8309c89b57e25dc042169ab96a", "a1974279f06f9e589582df17a106e0830baa549780f65ece88488acb535d0179", "a3d578e74702ef75d093a8889312c107c4d13dda49e2b5a3691889fbe2974b37", "a828db8a503476cdd03ae7dca2e8d547acc4c6f3af139c5fd45f9948a128da67", "ac1f1fc3b388480bb7bd199a62cbe6f29838116916185161546b049706f284aa", "b0ba093319eb66f3b86b64d5c80468e50eb7b3d7d6367cdb76161f08de3552d6", "b248e571e370c460158a6830cab97b373bb42a0097f1a53c7614eb855cd497bb", "bcf334e20c396eff7811f125e008bce46940ef068f583a9c08d2b4c6ac5f5aff", "c26d692da76ec707a09bb16fddf20918eae1a437771f88ac9f8906fd7733e882", "c72494a079460be53a0ca6abb0d79d0bcf10b7910a10bd98add12f2ced6a0faf", "c7cb474d6a0c30f8e6f8533879a3dfc569aa5a861df16bb0ea0489fc1b627d13", "c86e5f0c113c534daa1fbc91a82dbd31b038b617ebdb1dc0327b4dfda1a6edd8", "cc7ef3e8d36e206de123e91a750ecc565fc7718c691fb477d0d2f1d853d1ad01", "cd9e80f954e35a0d3a4a35d5e7376ef110dd391a3c3e3fbd640141d63c5b4c1c", "dd2ce215057e11030001f03813e116c4b11406d75068681cf0cc41de4aba2667", "dd72a3a6f50c0409c09567e9187c29b252734451b3a5814d1c60a377cdfaf739", "e2e138502ef3e8e83dbbf02d02db73b021e383e592b39f3b658f68446a963da7", "e433832a285407bc019d5b443c891ef1e436758aeb7afaf67d4151d8cd4d4c56", "e5ef5ac327eb750ccf20d193afe786d7504285e10e275207fe96eb6f0720bd1f", "f1d403c1118525c883c851f370e0736bf476f613f87797d3c1098df7a44fe299", "f7b8d63457a0f9193fc2343f3e84600adb9d20a5de738c5f58ea3625c059439b", "fd7389cfc829f7000267d0cb0accfcf4b8c2c73de0607b31899b0aee7356a26b", "ffa09d8400871f639dd233a6e37deb7248de7ecf7c897f836985da057c73d986"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUNONCE", "value_name": "wextract_cleanup0"}, {"hashes": ["00a41c3cdaa424eeb6319db533ba421d00deef10194ec3ed41baaff069abfbc6", "08129aba55d0282cf9bddbbd2b04499e972e321bec4477110a3df8ba5e26731a", "09ab7483ce488bc6cf7be401bf1246cf59cde5bc4ebe81d3aebb43ff2cd85398", "09c60f53c40df2a7318c619692756096a1a4a5c485f14e033aae08dcd653df22", "0ddd516729c268faf26249955752d44054a9b574bb4b7c98a734ec4c35513f7c", "189fb3451b47f12e1fa298faf29a657bcf1451b9eecf8894e390a9b49bf065a7", "1bda936bb3a63072cd7ec02d904d5797e604d892e448ae92745c0b99bcb920ca", "1d1f6ee67baf7713754ef87f61397cbc50201d2163c893fc48ef17fd5490f041", "1dd8c3b05b5324703f758c6ad1ba609de4143170b93c1eefc20c14545bd44b08", "23ee90260a961a345f216fa590850992a50af61aa6a8e8934d23fc4c44529634", "2558cf38481549c9fdd11d2b3fde4b0168c8d7fb7726dd8f588e60e22794ac6b", "3970c7b91720a57f356bc895c164f92e776f8e946ff1b059ea0b210b260c256c", "3badfd1548575cffa198d8be072123c415b9a8ec0f5e88338a9dc0b49259fa1c", "45cfd7b084155ba74c37f46ef6c7932e736ab50979b5a904cd0521c8ef894e28", "4dc866260dab99e966d7c6b6bb95f687349109366aa42bd605bc75d4b9e47719", "54ab28a4fea3aab1315aa73ac2a1b89ce71761878e7c7a8392bf6f95f3d0e775", "66293653ca713a861eb03ca30166d83f848795a08d0f3cbc552753dd06a4f49c", "82d3a9e6afd813acc280c1ed2b49d268528aca6d9b0ccba3933f1c734600dd16", "879914057bce3a36fc6736cfdcf0492b622ed5eeb3a2e930f9cda48d1c6157fd", "8897996ae1cd40ab8ba2edb577e5845a65b3fe0c6efe90f3c27ee920ad591c2c", "9a7075f81112630b9569f5463293a6a96a7d0624d47e5bf786cff0d479ce50dd", "9b86d3eceda1e624e9881973daec758e29304f0f6fefd5c5debaf62200462545", "9cb370cedb049039b08ef47c226518ff3881bc8309c89b57e25dc042169ab96a", "a1974279f06f9e589582df17a106e0830baa549780f65ece88488acb535d0179", "a3d578e74702ef75d093a8889312c107c4d13dda49e2b5a3691889fbe2974b37", "a828db8a503476cdd03ae7dca2e8d547acc4c6f3af139c5fd45f9948a128da67", "ac1f1fc3b388480bb7bd199a62cbe6f29838116916185161546b049706f284aa", "b0ba093319eb66f3b86b64d5c80468e50eb7b3d7d6367cdb76161f08de3552d6", "b248e571e370c460158a6830cab97b373bb42a0097f1a53c7614eb855cd497bb", "bcf334e20c396eff7811f125e008bce46940ef068f583a9c08d2b4c6ac5f5aff", "c26d692da76ec707a09bb16fddf20918eae1a437771f88ac9f8906fd7733e882", "c72494a079460be53a0ca6abb0d79d0bcf10b7910a10bd98add12f2ced6a0faf", "c7cb474d6a0c30f8e6f8533879a3dfc569aa5a861df16bb0ea0489fc1b627d13", "c86e5f0c113c534daa1fbc91a82dbd31b038b617ebdb1dc0327b4dfda1a6edd8", "cc7ef3e8d36e206de123e91a750ecc565fc7718c691fb477d0d2f1d853d1ad01", "cd9e80f954e35a0d3a4a35d5e7376ef110dd391a3c3e3fbd640141d63c5b4c1c", "dd2ce215057e11030001f03813e116c4b11406d75068681cf0cc41de4aba2667", "dd72a3a6f50c0409c09567e9187c29b252734451b3a5814d1c60a377cdfaf739", "e2e138502ef3e8e83dbbf02d02db73b021e383e592b39f3b658f68446a963da7", "e433832a285407bc019d5b443c891ef1e436758aeb7afaf67d4151d8cd4d4c56", "e5ef5ac327eb750ccf20d193afe786d7504285e10e275207fe96eb6f0720bd1f", "f1d403c1118525c883c851f370e0736bf476f613f87797d3c1098df7a44fe299", "f7b8d63457a0f9193fc2343f3e84600adb9d20a5de738c5f58ea3625c059439b", "fd7389cfc829f7000267d0cb0accfcf4b8c2c73de0607b31899b0aee7356a26b", "ffa09d8400871f639dd233a6e37deb7248de7ecf7c897f836985da057c73d986"], "key": "<HKLM>\\SOFTWARE\\POLICIES\\MICROSOFT\\WINDOWS\\WINDOWSUPDATE\\AU", "value_name": null}, {"hashes": ["00a41c3cdaa424eeb6319db533ba421d00deef10194ec3ed41baaff069abfbc6", "08129aba55d0282cf9bddbbd2b04499e972e321bec4477110a3df8ba5e26731a", "09ab7483ce488bc6cf7be401bf1246cf59cde5bc4ebe81d3aebb43ff2cd85398", "09c60f53c40df2a7318c619692756096a1a4a5c485f14e033aae08dcd653df22", "0ddd516729c268faf26249955752d44054a9b574bb4b7c98a734ec4c35513f7c", "189fb3451b47f12e1fa298faf29a657bcf1451b9eecf8894e390a9b49bf065a7", "1bda936bb3a63072cd7ec02d904d5797e604d892e448ae92745c0b99bcb920ca", "1d1f6ee67baf7713754ef87f61397cbc50201d2163c893fc48ef17fd5490f041", "1dd8c3b05b5324703f758c6ad1ba609de4143170b93c1eefc20c14545bd44b08", "23ee90260a961a345f216fa590850992a50af61aa6a8e8934d23fc4c44529634", "2558cf38481549c9fdd11d2b3fde4b0168c8d7fb7726dd8f588e60e22794ac6b", "3970c7b91720a57f356bc895c164f92e776f8e946ff1b059ea0b210b260c256c", "3badfd1548575cffa198d8be072123c415b9a8ec0f5e88338a9dc0b49259fa1c", "45cfd7b084155ba74c37f46ef6c7932e736ab50979b5a904cd0521c8ef894e28", "4dc866260dab99e966d7c6b6bb95f687349109366aa42bd605bc75d4b9e47719", "54ab28a4fea3aab1315aa73ac2a1b89ce71761878e7c7a8392bf6f95f3d0e775", "66293653ca713a861eb03ca30166d83f848795a08d0f3cbc552753dd06a4f49c", "82d3a9e6afd813acc280c1ed2b49d268528aca6d9b0ccba3933f1c734600dd16", "879914057bce3a36fc6736cfdcf0492b622ed5eeb3a2e930f9cda48d1c6157fd", "8897996ae1cd40ab8ba2edb577e5845a65b3fe0c6efe90f3c27ee920ad591c2c", "9a7075f81112630b9569f5463293a6a96a7d0624d47e5bf786cff0d479ce50dd", "9b86d3eceda1e624e9881973daec758e29304f0f6fefd5c5debaf62200462545", "9cb370cedb049039b08ef47c226518ff3881bc8309c89b57e25dc042169ab96a", "a1974279f06f9e589582df17a106e0830baa549780f65ece88488acb535d0179", "a3d578e74702ef75d093a8889312c107c4d13dda49e2b5a3691889fbe2974b37", "a828db8a503476cdd03ae7dca2e8d547acc4c6f3af139c5fd45f9948a128da67", "ac1f1fc3b388480bb7bd199a62cbe6f29838116916185161546b049706f284aa", "b0ba093319eb66f3b86b64d5c80468e50eb7b3d7d6367cdb76161f08de3552d6", "b248e571e370c460158a6830cab97b373bb42a0097f1a53c7614eb855cd497bb", "bcf334e20c396eff7811f125e008bce46940ef068f583a9c08d2b4c6ac5f5aff", "c26d692da76ec707a09bb16fddf20918eae1a437771f88ac9f8906fd7733e882", "c72494a079460be53a0ca6abb0d79d0bcf10b7910a10bd98add12f2ced6a0faf", "c7cb474d6a0c30f8e6f8533879a3dfc569aa5a861df16bb0ea0489fc1b627d13", "c86e5f0c113c534daa1fbc91a82dbd31b038b617ebdb1dc0327b4dfda1a6edd8", "cc7ef3e8d36e206de123e91a750ecc565fc7718c691fb477d0d2f1d853d1ad01", "cd9e80f954e35a0d3a4a35d5e7376ef110dd391a3c3e3fbd640141d63c5b4c1c", "dd2ce215057e11030001f03813e116c4b11406d75068681cf0cc41de4aba2667", "dd72a3a6f50c0409c09567e9187c29b252734451b3a5814d1c60a377cdfaf739", "e2e138502ef3e8e83dbbf02d02db73b021e383e592b39f3b658f68446a963da7", "e433832a285407bc019d5b443c891ef1e436758aeb7afaf67d4151d8cd4d4c56", "e5ef5ac327eb750ccf20d193afe786d7504285e10e275207fe96eb6f0720bd1f", "f1d403c1118525c883c851f370e0736bf476f613f87797d3c1098df7a44fe299", "f7b8d63457a0f9193fc2343f3e84600adb9d20a5de738c5f58ea3625c059439b", "fd7389cfc829f7000267d0cb0accfcf4b8c2c73de0607b31899b0aee7356a26b", "ffa09d8400871f639dd233a6e37deb7248de7ecf7c897f836985da057c73d986"], "key": "<HKLM>\\SOFTWARE\\POLICIES\\MICROSOFT\\WINDOWS\\WINDOWSUPDATE\\AU", "value_name": "NoAutoRebootWithLoggedOnUsers"}, {"hashes": ["00a41c3cdaa424eeb6319db533ba421d00deef10194ec3ed41baaff069abfbc6", "08129aba55d0282cf9bddbbd2b04499e972e321bec4477110a3df8ba5e26731a", "09ab7483ce488bc6cf7be401bf1246cf59cde5bc4ebe81d3aebb43ff2cd85398", "09c60f53c40df2a7318c619692756096a1a4a5c485f14e033aae08dcd653df22", "0ddd516729c268faf26249955752d44054a9b574bb4b7c98a734ec4c35513f7c", "189fb3451b47f12e1fa298faf29a657bcf1451b9eecf8894e390a9b49bf065a7", "1bda936bb3a63072cd7ec02d904d5797e604d892e448ae92745c0b99bcb920ca", "1d1f6ee67baf7713754ef87f61397cbc50201d2163c893fc48ef17fd5490f041", "1dd8c3b05b5324703f758c6ad1ba609de4143170b93c1eefc20c14545bd44b08", "23ee90260a961a345f216fa590850992a50af61aa6a8e8934d23fc4c44529634", "2558cf38481549c9fdd11d2b3fde4b0168c8d7fb7726dd8f588e60e22794ac6b", "3970c7b91720a57f356bc895c164f92e776f8e946ff1b059ea0b210b260c256c", "3badfd1548575cffa198d8be072123c415b9a8ec0f5e88338a9dc0b49259fa1c", "45cfd7b084155ba74c37f46ef6c7932e736ab50979b5a904cd0521c8ef894e28", "4dc866260dab99e966d7c6b6bb95f687349109366aa42bd605bc75d4b9e47719", "54ab28a4fea3aab1315aa73ac2a1b89ce71761878e7c7a8392bf6f95f3d0e775", "66293653ca713a861eb03ca30166d83f848795a08d0f3cbc552753dd06a4f49c", "82d3a9e6afd813acc280c1ed2b49d268528aca6d9b0ccba3933f1c734600dd16", "879914057bce3a36fc6736cfdcf0492b622ed5eeb3a2e930f9cda48d1c6157fd", "8897996ae1cd40ab8ba2edb577e5845a65b3fe0c6efe90f3c27ee920ad591c2c", "9a7075f81112630b9569f5463293a6a96a7d0624d47e5bf786cff0d479ce50dd", "9b86d3eceda1e624e9881973daec758e29304f0f6fefd5c5debaf62200462545", "9cb370cedb049039b08ef47c226518ff3881bc8309c89b57e25dc042169ab96a", "a1974279f06f9e589582df17a106e0830baa549780f65ece88488acb535d0179", "a3d578e74702ef75d093a8889312c107c4d13dda49e2b5a3691889fbe2974b37", "a828db8a503476cdd03ae7dca2e8d547acc4c6f3af139c5fd45f9948a128da67", "ac1f1fc3b388480bb7bd199a62cbe6f29838116916185161546b049706f284aa", "b0ba093319eb66f3b86b64d5c80468e50eb7b3d7d6367cdb76161f08de3552d6", "b248e571e370c460158a6830cab97b373bb42a0097f1a53c7614eb855cd497bb", "bcf334e20c396eff7811f125e008bce46940ef068f583a9c08d2b4c6ac5f5aff", "c26d692da76ec707a09bb16fddf20918eae1a437771f88ac9f8906fd7733e882", "c72494a079460be53a0ca6abb0d79d0bcf10b7910a10bd98add12f2ced6a0faf", "c7cb474d6a0c30f8e6f8533879a3dfc569aa5a861df16bb0ea0489fc1b627d13", "c86e5f0c113c534daa1fbc91a82dbd31b038b617ebdb1dc0327b4dfda1a6edd8", "cc7ef3e8d36e206de123e91a750ecc565fc7718c691fb477d0d2f1d853d1ad01", "cd9e80f954e35a0d3a4a35d5e7376ef110dd391a3c3e3fbd640141d63c5b4c1c", "dd2ce215057e11030001f03813e116c4b11406d75068681cf0cc41de4aba2667", "dd72a3a6f50c0409c09567e9187c29b252734451b3a5814d1c60a377cdfaf739", "e2e138502ef3e8e83dbbf02d02db73b021e383e592b39f3b658f68446a963da7", "e433832a285407bc019d5b443c891ef1e436758aeb7afaf67d4151d8cd4d4c56", "e5ef5ac327eb750ccf20d193afe786d7504285e10e275207fe96eb6f0720bd1f", "f1d403c1118525c883c851f370e0736bf476f613f87797d3c1098df7a44fe299", "f7b8d63457a0f9193fc2343f3e84600adb9d20a5de738c5f58ea3625c059439b", "fd7389cfc829f7000267d0cb0accfcf4b8c2c73de0607b31899b0aee7356a26b", "ffa09d8400871f639dd233a6e37deb7248de7ecf7c897f836985da057c73d986"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WUAUSERV", "value_name": "Start"}, {"hashes": ["00a41c3cdaa424eeb6319db533ba421d00deef10194ec3ed41baaff069abfbc6", "08129aba55d0282cf9bddbbd2b04499e972e321bec4477110a3df8ba5e26731a", "09ab7483ce488bc6cf7be401bf1246cf59cde5bc4ebe81d3aebb43ff2cd85398", "09c60f53c40df2a7318c619692756096a1a4a5c485f14e033aae08dcd653df22", "0ddd516729c268faf26249955752d44054a9b574bb4b7c98a734ec4c35513f7c", "189fb3451b47f12e1fa298faf29a657bcf1451b9eecf8894e390a9b49bf065a7", "1bda936bb3a63072cd7ec02d904d5797e604d892e448ae92745c0b99bcb920ca", "1d1f6ee67baf7713754ef87f61397cbc50201d2163c893fc48ef17fd5490f041", "1dd8c3b05b5324703f758c6ad1ba609de4143170b93c1eefc20c14545bd44b08", "23ee90260a961a345f216fa590850992a50af61aa6a8e8934d23fc4c44529634", "2558cf38481549c9fdd11d2b3fde4b0168c8d7fb7726dd8f588e60e22794ac6b", "3970c7b91720a57f356bc895c164f92e776f8e946ff1b059ea0b210b260c256c", "3badfd1548575cffa198d8be072123c415b9a8ec0f5e88338a9dc0b49259fa1c", "45cfd7b084155ba74c37f46ef6c7932e736ab50979b5a904cd0521c8ef894e28", "4dc866260dab99e966d7c6b6bb95f687349109366aa42bd605bc75d4b9e47719", "54ab28a4fea3aab1315aa73ac2a1b89ce71761878e7c7a8392bf6f95f3d0e775", "66293653ca713a861eb03ca30166d83f848795a08d0f3cbc552753dd06a4f49c", "82d3a9e6afd813acc280c1ed2b49d268528aca6d9b0ccba3933f1c734600dd16", "879914057bce3a36fc6736cfdcf0492b622ed5eeb3a2e930f9cda48d1c6157fd", "8897996ae1cd40ab8ba2edb577e5845a65b3fe0c6efe90f3c27ee920ad591c2c", "9a7075f81112630b9569f5463293a6a96a7d0624d47e5bf786cff0d479ce50dd", "9b86d3eceda1e624e9881973daec758e29304f0f6fefd5c5debaf62200462545", "9cb370cedb049039b08ef47c226518ff3881bc8309c89b57e25dc042169ab96a", "a1974279f06f9e589582df17a106e0830baa549780f65ece88488acb535d0179", "a3d578e74702ef75d093a8889312c107c4d13dda49e2b5a3691889fbe2974b37", "a828db8a503476cdd03ae7dca2e8d547acc4c6f3af139c5fd45f9948a128da67", "ac1f1fc3b388480bb7bd199a62cbe6f29838116916185161546b049706f284aa", "b0ba093319eb66f3b86b64d5c80468e50eb7b3d7d6367cdb76161f08de3552d6", "b248e571e370c460158a6830cab97b373bb42a0097f1a53c7614eb855cd497bb", "bcf334e20c396eff7811f125e008bce46940ef068f583a9c08d2b4c6ac5f5aff", "c26d692da76ec707a09bb16fddf20918eae1a437771f88ac9f8906fd7733e882", "c72494a079460be53a0ca6abb0d79d0bcf10b7910a10bd98add12f2ced6a0faf", "c7cb474d6a0c30f8e6f8533879a3dfc569aa5a861df16bb0ea0489fc1b627d13", "c86e5f0c113c534daa1fbc91a82dbd31b038b617ebdb1dc0327b4dfda1a6edd8", "cc7ef3e8d36e206de123e91a750ecc565fc7718c691fb477d0d2f1d853d1ad01", "cd9e80f954e35a0d3a4a35d5e7376ef110dd391a3c3e3fbd640141d63c5b4c1c", "dd2ce215057e11030001f03813e116c4b11406d75068681cf0cc41de4aba2667", "dd72a3a6f50c0409c09567e9187c29b252734451b3a5814d1c60a377cdfaf739", "e2e138502ef3e8e83dbbf02d02db73b021e383e592b39f3b658f68446a963da7", "e433832a285407bc019d5b443c891ef1e436758aeb7afaf67d4151d8cd4d4c56", "e5ef5ac327eb750ccf20d193afe786d7504285e10e275207fe96eb6f0720bd1f", "f1d403c1118525c883c851f370e0736bf476f613f87797d3c1098df7a44fe299", "f7b8d63457a0f9193fc2343f3e84600adb9d20a5de738c5f58ea3625c059439b", "fd7389cfc829f7000267d0cb0accfcf4b8c2c73de0607b31899b0aee7356a26b", "ffa09d8400871f639dd233a6e37deb7248de7ecf7c897f836985da057c73d986"], "key": "<HKLM>\\SOFTWARE\\POLICIES\\MICROSOFT\\WINDOWS\\WINDOWSUPDATE\\AU", "value_name": "NoAutoUpdate"}, {"hashes": ["00a41c3cdaa424eeb6319db533ba421d00deef10194ec3ed41baaff069abfbc6", "08129aba55d0282cf9bddbbd2b04499e972e321bec4477110a3df8ba5e26731a", "09ab7483ce488bc6cf7be401bf1246cf59cde5bc4ebe81d3aebb43ff2cd85398", "09c60f53c40df2a7318c619692756096a1a4a5c485f14e033aae08dcd653df22", "0ddd516729c268faf26249955752d44054a9b574bb4b7c98a734ec4c35513f7c", "189fb3451b47f12e1fa298faf29a657bcf1451b9eecf8894e390a9b49bf065a7", "1bda936bb3a63072cd7ec02d904d5797e604d892e448ae92745c0b99bcb920ca", "1d1f6ee67baf7713754ef87f61397cbc50201d2163c893fc48ef17fd5490f041", "1dd8c3b05b5324703f758c6ad1ba609de4143170b93c1eefc20c14545bd44b08", "23ee90260a961a345f216fa590850992a50af61aa6a8e8934d23fc4c44529634", "2558cf38481549c9fdd11d2b3fde4b0168c8d7fb7726dd8f588e60e22794ac6b", "3970c7b91720a57f356bc895c164f92e776f8e946ff1b059ea0b210b260c256c", "3badfd1548575cffa198d8be072123c415b9a8ec0f5e88338a9dc0b49259fa1c", "45cfd7b084155ba74c37f46ef6c7932e736ab50979b5a904cd0521c8ef894e28", "4dc866260dab99e966d7c6b6bb95f687349109366aa42bd605bc75d4b9e47719", "54ab28a4fea3aab1315aa73ac2a1b89ce71761878e7c7a8392bf6f95f3d0e775", "66293653ca713a861eb03ca30166d83f848795a08d0f3cbc552753dd06a4f49c", "82d3a9e6afd813acc280c1ed2b49d268528aca6d9b0ccba3933f1c734600dd16", "879914057bce3a36fc6736cfdcf0492b622ed5eeb3a2e930f9cda48d1c6157fd", "8897996ae1cd40ab8ba2edb577e5845a65b3fe0c6efe90f3c27ee920ad591c2c", "9a7075f81112630b9569f5463293a6a96a7d0624d47e5bf786cff0d479ce50dd", "9b86d3eceda1e624e9881973daec758e29304f0f6fefd5c5debaf62200462545", "9cb370cedb049039b08ef47c226518ff3881bc8309c89b57e25dc042169ab96a", "a1974279f06f9e589582df17a106e0830baa549780f65ece88488acb535d0179", "a3d578e74702ef75d093a8889312c107c4d13dda49e2b5a3691889fbe2974b37", "a828db8a503476cdd03ae7dca2e8d547acc4c6f3af139c5fd45f9948a128da67", "ac1f1fc3b388480bb7bd199a62cbe6f29838116916185161546b049706f284aa", "b0ba093319eb66f3b86b64d5c80468e50eb7b3d7d6367cdb76161f08de3552d6", "b248e571e370c460158a6830cab97b373bb42a0097f1a53c7614eb855cd497bb", "bcf334e20c396eff7811f125e008bce46940ef068f583a9c08d2b4c6ac5f5aff", "c26d692da76ec707a09bb16fddf20918eae1a437771f88ac9f8906fd7733e882", "c72494a079460be53a0ca6abb0d79d0bcf10b7910a10bd98add12f2ced6a0faf", "c7cb474d6a0c30f8e6f8533879a3dfc569aa5a861df16bb0ea0489fc1b627d13", "c86e5f0c113c534daa1fbc91a82dbd31b038b617ebdb1dc0327b4dfda1a6edd8", "cc7ef3e8d36e206de123e91a750ecc565fc7718c691fb477d0d2f1d853d1ad01", "cd9e80f954e35a0d3a4a35d5e7376ef110dd391a3c3e3fbd640141d63c5b4c1c", "dd2ce215057e11030001f03813e116c4b11406d75068681cf0cc41de4aba2667", "dd72a3a6f50c0409c09567e9187c29b252734451b3a5814d1c60a377cdfaf739", "e2e138502ef3e8e83dbbf02d02db73b021e383e592b39f3b658f68446a963da7", "e433832a285407bc019d5b443c891ef1e436758aeb7afaf67d4151d8cd4d4c56", "e5ef5ac327eb750ccf20d193afe786d7504285e10e275207fe96eb6f0720bd1f", "f1d403c1118525c883c851f370e0736bf476f613f87797d3c1098df7a44fe299", "f7b8d63457a0f9193fc2343f3e84600adb9d20a5de738c5f58ea3625c059439b", "fd7389cfc829f7000267d0cb0accfcf4b8c2c73de0607b31899b0aee7356a26b", "ffa09d8400871f639dd233a6e37deb7248de7ecf7c897f836985da057c73d986"], "key": "<HKLM>\\SOFTWARE\\POLICIES\\MICROSOFT\\WINDOWS DEFENDER\\REAL-TIME PROTECTION", "value_name": "DisableBehaviorMonitoring"}, {"hashes": ["00a41c3cdaa424eeb6319db533ba421d00deef10194ec3ed41baaff069abfbc6", "08129aba55d0282cf9bddbbd2b04499e972e321bec4477110a3df8ba5e26731a", "09ab7483ce488bc6cf7be401bf1246cf59cde5bc4ebe81d3aebb43ff2cd85398", "09c60f53c40df2a7318c619692756096a1a4a5c485f14e033aae08dcd653df22", "0ddd516729c268faf26249955752d44054a9b574bb4b7c98a734ec4c35513f7c", "189fb3451b47f12e1fa298faf29a657bcf1451b9eecf8894e390a9b49bf065a7", "1bda936bb3a63072cd7ec02d904d5797e604d892e448ae92745c0b99bcb920ca", "1d1f6ee67baf7713754ef87f61397cbc50201d2163c893fc48ef17fd5490f041", "1dd8c3b05b5324703f758c6ad1ba609de4143170b93c1eefc20c14545bd44b08", "23ee90260a961a345f216fa590850992a50af61aa6a8e8934d23fc4c44529634", "2558cf38481549c9fdd11d2b3fde4b0168c8d7fb7726dd8f588e60e22794ac6b", "3970c7b91720a57f356bc895c164f92e776f8e946ff1b059ea0b210b260c256c", "3badfd1548575cffa198d8be072123c415b9a8ec0f5e88338a9dc0b49259fa1c", "45cfd7b084155ba74c37f46ef6c7932e736ab50979b5a904cd0521c8ef894e28", "4dc866260dab99e966d7c6b6bb95f687349109366aa42bd605bc75d4b9e47719", "54ab28a4fea3aab1315aa73ac2a1b89ce71761878e7c7a8392bf6f95f3d0e775", "66293653ca713a861eb03ca30166d83f848795a08d0f3cbc552753dd06a4f49c", "82d3a9e6afd813acc280c1ed2b49d268528aca6d9b0ccba3933f1c734600dd16", "879914057bce3a36fc6736cfdcf0492b622ed5eeb3a2e930f9cda48d1c6157fd", "8897996ae1cd40ab8ba2edb577e5845a65b3fe0c6efe90f3c27ee920ad591c2c", "9a7075f81112630b9569f5463293a6a96a7d0624d47e5bf786cff0d479ce50dd", "9b86d3eceda1e624e9881973daec758e29304f0f6fefd5c5debaf62200462545", "9cb370cedb049039b08ef47c226518ff3881bc8309c89b57e25dc042169ab96a", "a1974279f06f9e589582df17a106e0830baa549780f65ece88488acb535d0179", "a3d578e74702ef75d093a8889312c107c4d13dda49e2b5a3691889fbe2974b37", "a828db8a503476cdd03ae7dca2e8d547acc4c6f3af139c5fd45f9948a128da67", "ac1f1fc3b388480bb7bd199a62cbe6f29838116916185161546b049706f284aa", "b0ba093319eb66f3b86b64d5c80468e50eb7b3d7d6367cdb76161f08de3552d6", "b248e571e370c460158a6830cab97b373bb42a0097f1a53c7614eb855cd497bb", "bcf334e20c396eff7811f125e008bce46940ef068f583a9c08d2b4c6ac5f5aff", "c26d692da76ec707a09bb16fddf20918eae1a437771f88ac9f8906fd7733e882", "c72494a079460be53a0ca6abb0d79d0bcf10b7910a10bd98add12f2ced6a0faf", "c7cb474d6a0c30f8e6f8533879a3dfc569aa5a861df16bb0ea0489fc1b627d13", "c86e5f0c113c534daa1fbc91a82dbd31b038b617ebdb1dc0327b4dfda1a6edd8", "cc7ef3e8d36e206de123e91a750ecc565fc7718c691fb477d0d2f1d853d1ad01", "cd9e80f954e35a0d3a4a35d5e7376ef110dd391a3c3e3fbd640141d63c5b4c1c", "dd2ce215057e11030001f03813e116c4b11406d75068681cf0cc41de4aba2667", "dd72a3a6f50c0409c09567e9187c29b252734451b3a5814d1c60a377cdfaf739", "e2e138502ef3e8e83dbbf02d02db73b021e383e592b39f3b658f68446a963da7", "e433832a285407bc019d5b443c891ef1e436758aeb7afaf67d4151d8cd4d4c56", "e5ef5ac327eb750ccf20d193afe786d7504285e10e275207fe96eb6f0720bd1f", "f1d403c1118525c883c851f370e0736bf476f613f87797d3c1098df7a44fe299", "f7b8d63457a0f9193fc2343f3e84600adb9d20a5de738c5f58ea3625c059439b", "fd7389cfc829f7000267d0cb0accfcf4b8c2c73de0607b31899b0aee7356a26b", "ffa09d8400871f639dd233a6e37deb7248de7ecf7c897f836985da057c73d986"], "key": "<HKLM>\\SOFTWARE\\POLICIES\\MICROSOFT\\WINDOWS DEFENDER\\REAL-TIME PROTECTION", "value_name": "DisableOnAccessProtection"}, {"hashes": ["00a41c3cdaa424eeb6319db533ba421d00deef10194ec3ed41baaff069abfbc6", "08129aba55d0282cf9bddbbd2b04499e972e321bec4477110a3df8ba5e26731a", "09ab7483ce488bc6cf7be401bf1246cf59cde5bc4ebe81d3aebb43ff2cd85398", "09c60f53c40df2a7318c619692756096a1a4a5c485f14e033aae08dcd653df22", "0ddd516729c268faf26249955752d44054a9b574bb4b7c98a734ec4c35513f7c", "189fb3451b47f12e1fa298faf29a657bcf1451b9eecf8894e390a9b49bf065a7", "1bda936bb3a63072cd7ec02d904d5797e604d892e448ae92745c0b99bcb920ca", "1d1f6ee67baf7713754ef87f61397cbc50201d2163c893fc48ef17fd5490f041", "1dd8c3b05b5324703f758c6ad1ba609de4143170b93c1eefc20c14545bd44b08", "23ee90260a961a345f216fa590850992a50af61aa6a8e8934d23fc4c44529634", "2558cf38481549c9fdd11d2b3fde4b0168c8d7fb7726dd8f588e60e22794ac6b", "3970c7b91720a57f356bc895c164f92e776f8e946ff1b059ea0b210b260c256c", "3badfd1548575cffa198d8be072123c415b9a8ec0f5e88338a9dc0b49259fa1c", "45cfd7b084155ba74c37f46ef6c7932e736ab50979b5a904cd0521c8ef894e28", "4dc866260dab99e966d7c6b6bb95f687349109366aa42bd605bc75d4b9e47719", "54ab28a4fea3aab1315aa73ac2a1b89ce71761878e7c7a8392bf6f95f3d0e775", "66293653ca713a861eb03ca30166d83f848795a08d0f3cbc552753dd06a4f49c", "82d3a9e6afd813acc280c1ed2b49d268528aca6d9b0ccba3933f1c734600dd16", "879914057bce3a36fc6736cfdcf0492b622ed5eeb3a2e930f9cda48d1c6157fd", "8897996ae1cd40ab8ba2edb577e5845a65b3fe0c6efe90f3c27ee920ad591c2c", "9a7075f81112630b9569f5463293a6a96a7d0624d47e5bf786cff0d479ce50dd", "9b86d3eceda1e624e9881973daec758e29304f0f6fefd5c5debaf62200462545", "9cb370cedb049039b08ef47c226518ff3881bc8309c89b57e25dc042169ab96a", "a1974279f06f9e589582df17a106e0830baa549780f65ece88488acb535d0179", "a3d578e74702ef75d093a8889312c107c4d13dda49e2b5a3691889fbe2974b37", "a828db8a503476cdd03ae7dca2e8d547acc4c6f3af139c5fd45f9948a128da67", "ac1f1fc3b388480bb7bd199a62cbe6f29838116916185161546b049706f284aa", "b0ba093319eb66f3b86b64d5c80468e50eb7b3d7d6367cdb76161f08de3552d6", "b248e571e370c460158a6830cab97b373bb42a0097f1a53c7614eb855cd497bb", "bcf334e20c396eff7811f125e008bce46940ef068f583a9c08d2b4c6ac5f5aff", "c26d692da76ec707a09bb16fddf20918eae1a437771f88ac9f8906fd7733e882", "c72494a079460be53a0ca6abb0d79d0bcf10b7910a10bd98add12f2ced6a0faf", "c7cb474d6a0c30f8e6f8533879a3dfc569aa5a861df16bb0ea0489fc1b627d13", "c86e5f0c113c534daa1fbc91a82dbd31b038b617ebdb1dc0327b4dfda1a6edd8", "cc7ef3e8d36e206de123e91a750ecc565fc7718c691fb477d0d2f1d853d1ad01", "cd9e80f954e35a0d3a4a35d5e7376ef110dd391a3c3e3fbd640141d63c5b4c1c", "dd2ce215057e11030001f03813e116c4b11406d75068681cf0cc41de4aba2667", "dd72a3a6f50c0409c09567e9187c29b252734451b3a5814d1c60a377cdfaf739", "e2e138502ef3e8e83dbbf02d02db73b021e383e592b39f3b658f68446a963da7", "e433832a285407bc019d5b443c891ef1e436758aeb7afaf67d4151d8cd4d4c56", "e5ef5ac327eb750ccf20d193afe786d7504285e10e275207fe96eb6f0720bd1f", "f1d403c1118525c883c851f370e0736bf476f613f87797d3c1098df7a44fe299", "f7b8d63457a0f9193fc2343f3e84600adb9d20a5de738c5f58ea3625c059439b", "fd7389cfc829f7000267d0cb0accfcf4b8c2c73de0607b31899b0aee7356a26b", "ffa09d8400871f639dd233a6e37deb7248de7ecf7c897f836985da057c73d986"], "key": "<HKLM>\\SOFTWARE\\POLICIES\\MICROSOFT\\WINDOWS DEFENDER\\REAL-TIME PROTECTION", "value_name": "DisableScanOnRealtimeEnable"}, {"hashes": ["00a41c3cdaa424eeb6319db533ba421d00deef10194ec3ed41baaff069abfbc6", "08129aba55d0282cf9bddbbd2b04499e972e321bec4477110a3df8ba5e26731a", "09ab7483ce488bc6cf7be401bf1246cf59cde5bc4ebe81d3aebb43ff2cd85398", "09c60f53c40df2a7318c619692756096a1a4a5c485f14e033aae08dcd653df22", "0ddd516729c268faf26249955752d44054a9b574bb4b7c98a734ec4c35513f7c", "189fb3451b47f12e1fa298faf29a657bcf1451b9eecf8894e390a9b49bf065a7", "1bda936bb3a63072cd7ec02d904d5797e604d892e448ae92745c0b99bcb920ca", "1d1f6ee67baf7713754ef87f61397cbc50201d2163c893fc48ef17fd5490f041", "1dd8c3b05b5324703f758c6ad1ba609de4143170b93c1eefc20c14545bd44b08", "23ee90260a961a345f216fa590850992a50af61aa6a8e8934d23fc4c44529634", "2558cf38481549c9fdd11d2b3fde4b0168c8d7fb7726dd8f588e60e22794ac6b", "3970c7b91720a57f356bc895c164f92e776f8e946ff1b059ea0b210b260c256c", "3badfd1548575cffa198d8be072123c415b9a8ec0f5e88338a9dc0b49259fa1c", "45cfd7b084155ba74c37f46ef6c7932e736ab50979b5a904cd0521c8ef894e28", "4dc866260dab99e966d7c6b6bb95f687349109366aa42bd605bc75d4b9e47719", "54ab28a4fea3aab1315aa73ac2a1b89ce71761878e7c7a8392bf6f95f3d0e775", "66293653ca713a861eb03ca30166d83f848795a08d0f3cbc552753dd06a4f49c", "82d3a9e6afd813acc280c1ed2b49d268528aca6d9b0ccba3933f1c734600dd16", "879914057bce3a36fc6736cfdcf0492b622ed5eeb3a2e930f9cda48d1c6157fd", "8897996ae1cd40ab8ba2edb577e5845a65b3fe0c6efe90f3c27ee920ad591c2c", "9a7075f81112630b9569f5463293a6a96a7d0624d47e5bf786cff0d479ce50dd", "9b86d3eceda1e624e9881973daec758e29304f0f6fefd5c5debaf62200462545", "9cb370cedb049039b08ef47c226518ff3881bc8309c89b57e25dc042169ab96a", "a1974279f06f9e589582df17a106e0830baa549780f65ece88488acb535d0179", "a3d578e74702ef75d093a8889312c107c4d13dda49e2b5a3691889fbe2974b37", "a828db8a503476cdd03ae7dca2e8d547acc4c6f3af139c5fd45f9948a128da67", "ac1f1fc3b388480bb7bd199a62cbe6f29838116916185161546b049706f284aa", "b0ba093319eb66f3b86b64d5c80468e50eb7b3d7d6367cdb76161f08de3552d6", "b248e571e370c460158a6830cab97b373bb42a0097f1a53c7614eb855cd497bb", "bcf334e20c396eff7811f125e008bce46940ef068f583a9c08d2b4c6ac5f5aff", "c26d692da76ec707a09bb16fddf20918eae1a437771f88ac9f8906fd7733e882", "c72494a079460be53a0ca6abb0d79d0bcf10b7910a10bd98add12f2ced6a0faf", "c7cb474d6a0c30f8e6f8533879a3dfc569aa5a861df16bb0ea0489fc1b627d13", "c86e5f0c113c534daa1fbc91a82dbd31b038b617ebdb1dc0327b4dfda1a6edd8", "cc7ef3e8d36e206de123e91a750ecc565fc7718c691fb477d0d2f1d853d1ad01", "cd9e80f954e35a0d3a4a35d5e7376ef110dd391a3c3e3fbd640141d63c5b4c1c", "dd2ce215057e11030001f03813e116c4b11406d75068681cf0cc41de4aba2667", "dd72a3a6f50c0409c09567e9187c29b252734451b3a5814d1c60a377cdfaf739", "e2e138502ef3e8e83dbbf02d02db73b021e383e592b39f3b658f68446a963da7", "e433832a285407bc019d5b443c891ef1e436758aeb7afaf67d4151d8cd4d4c56", "e5ef5ac327eb750ccf20d193afe786d7504285e10e275207fe96eb6f0720bd1f", "f1d403c1118525c883c851f370e0736bf476f613f87797d3c1098df7a44fe299", "f7b8d63457a0f9193fc2343f3e84600adb9d20a5de738c5f58ea3625c059439b", "fd7389cfc829f7000267d0cb0accfcf4b8c2c73de0607b31899b0aee7356a26b", "ffa09d8400871f639dd233a6e37deb7248de7ecf7c897f836985da057c73d986"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUNONCE", "value_name": "wextract_cleanup1"}, {"hashes": ["00a41c3cdaa424eeb6319db533ba421d00deef10194ec3ed41baaff069abfbc6", "08129aba55d0282cf9bddbbd2b04499e972e321bec4477110a3df8ba5e26731a", "09ab7483ce488bc6cf7be401bf1246cf59cde5bc4ebe81d3aebb43ff2cd85398", "09c60f53c40df2a7318c619692756096a1a4a5c485f14e033aae08dcd653df22", "0ddd516729c268faf26249955752d44054a9b574bb4b7c98a734ec4c35513f7c", "189fb3451b47f12e1fa298faf29a657bcf1451b9eecf8894e390a9b49bf065a7", "1bda936bb3a63072cd7ec02d904d5797e604d892e448ae92745c0b99bcb920ca", "1d1f6ee67baf7713754ef87f61397cbc50201d2163c893fc48ef17fd5490f041", "1dd8c3b05b5324703f758c6ad1ba609de4143170b93c1eefc20c14545bd44b08", "23ee90260a961a345f216fa590850992a50af61aa6a8e8934d23fc4c44529634", "2558cf38481549c9fdd11d2b3fde4b0168c8d7fb7726dd8f588e60e22794ac6b", "3970c7b91720a57f356bc895c164f92e776f8e946ff1b059ea0b210b260c256c", "3badfd1548575cffa198d8be072123c415b9a8ec0f5e88338a9dc0b49259fa1c", "45cfd7b084155ba74c37f46ef6c7932e736ab50979b5a904cd0521c8ef894e28", "4dc866260dab99e966d7c6b6bb95f687349109366aa42bd605bc75d4b9e47719", "54ab28a4fea3aab1315aa73ac2a1b89ce71761878e7c7a8392bf6f95f3d0e775", "66293653ca713a861eb03ca30166d83f848795a08d0f3cbc552753dd06a4f49c", "82d3a9e6afd813acc280c1ed2b49d268528aca6d9b0ccba3933f1c734600dd16", "879914057bce3a36fc6736cfdcf0492b622ed5eeb3a2e930f9cda48d1c6157fd", "8897996ae1cd40ab8ba2edb577e5845a65b3fe0c6efe90f3c27ee920ad591c2c", "9a7075f81112630b9569f5463293a6a96a7d0624d47e5bf786cff0d479ce50dd", "9b86d3eceda1e624e9881973daec758e29304f0f6fefd5c5debaf62200462545", "9cb370cedb049039b08ef47c226518ff3881bc8309c89b57e25dc042169ab96a", "a1974279f06f9e589582df17a106e0830baa549780f65ece88488acb535d0179", "a3d578e74702ef75d093a8889312c107c4d13dda49e2b5a3691889fbe2974b37", "a828db8a503476cdd03ae7dca2e8d547acc4c6f3af139c5fd45f9948a128da67", "ac1f1fc3b388480bb7bd199a62cbe6f29838116916185161546b049706f284aa", "b0ba093319eb66f3b86b64d5c80468e50eb7b3d7d6367cdb76161f08de3552d6", "b248e571e370c460158a6830cab97b373bb42a0097f1a53c7614eb855cd497bb", "bcf334e20c396eff7811f125e008bce46940ef068f583a9c08d2b4c6ac5f5aff", "c26d692da76ec707a09bb16fddf20918eae1a437771f88ac9f8906fd7733e882", "c72494a079460be53a0ca6abb0d79d0bcf10b7910a10bd98add12f2ced6a0faf", "c7cb474d6a0c30f8e6f8533879a3dfc569aa5a861df16bb0ea0489fc1b627d13", "c86e5f0c113c534daa1fbc91a82dbd31b038b617ebdb1dc0327b4dfda1a6edd8", "cc7ef3e8d36e206de123e91a750ecc565fc7718c691fb477d0d2f1d853d1ad01", "cd9e80f954e35a0d3a4a35d5e7376ef110dd391a3c3e3fbd640141d63c5b4c1c", "dd2ce215057e11030001f03813e116c4b11406d75068681cf0cc41de4aba2667", "dd72a3a6f50c0409c09567e9187c29b252734451b3a5814d1c60a377cdfaf739", "e2e138502ef3e8e83dbbf02d02db73b021e383e592b39f3b658f68446a963da7", "e433832a285407bc019d5b443c891ef1e436758aeb7afaf67d4151d8cd4d4c56", "e5ef5ac327eb750ccf20d193afe786d7504285e10e275207fe96eb6f0720bd1f", "f1d403c1118525c883c851f370e0736bf476f613f87797d3c1098df7a44fe299", "f7b8d63457a0f9193fc2343f3e84600adb9d20a5de738c5f58ea3625c059439b", "fd7389cfc829f7000267d0cb0accfcf4b8c2c73de0607b31899b0aee7356a26b", "ffa09d8400871f639dd233a6e37deb7248de7ecf7c897f836985da057c73d986"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUNONCE", "value_name": "wextract_cleanup2"}, {"hashes": ["00a41c3cdaa424eeb6319db533ba421d00deef10194ec3ed41baaff069abfbc6", "08129aba55d0282cf9bddbbd2b04499e972e321bec4477110a3df8ba5e26731a", "09ab7483ce488bc6cf7be401bf1246cf59cde5bc4ebe81d3aebb43ff2cd85398", "09c60f53c40df2a7318c619692756096a1a4a5c485f14e033aae08dcd653df22", "0ddd516729c268faf26249955752d44054a9b574bb4b7c98a734ec4c35513f7c", "189fb3451b47f12e1fa298faf29a657bcf1451b9eecf8894e390a9b49bf065a7", "1bda936bb3a63072cd7ec02d904d5797e604d892e448ae92745c0b99bcb920ca", "1d1f6ee67baf7713754ef87f61397cbc50201d2163c893fc48ef17fd5490f041", "1dd8c3b05b5324703f758c6ad1ba609de4143170b93c1eefc20c14545bd44b08", "23ee90260a961a345f216fa590850992a50af61aa6a8e8934d23fc4c44529634", "2558cf38481549c9fdd11d2b3fde4b0168c8d7fb7726dd8f588e60e22794ac6b", "3970c7b91720a57f356bc895c164f92e776f8e946ff1b059ea0b210b260c256c", "3badfd1548575cffa198d8be072123c415b9a8ec0f5e88338a9dc0b49259fa1c", "45cfd7b084155ba74c37f46ef6c7932e736ab50979b5a904cd0521c8ef894e28", "4dc866260dab99e966d7c6b6bb95f687349109366aa42bd605bc75d4b9e47719", "54ab28a4fea3aab1315aa73ac2a1b89ce71761878e7c7a8392bf6f95f3d0e775", "66293653ca713a861eb03ca30166d83f848795a08d0f3cbc552753dd06a4f49c", "82d3a9e6afd813acc280c1ed2b49d268528aca6d9b0ccba3933f1c734600dd16", "879914057bce3a36fc6736cfdcf0492b622ed5eeb3a2e930f9cda48d1c6157fd", "8897996ae1cd40ab8ba2edb577e5845a65b3fe0c6efe90f3c27ee920ad591c2c", "9a7075f81112630b9569f5463293a6a96a7d0624d47e5bf786cff0d479ce50dd", "9b86d3eceda1e624e9881973daec758e29304f0f6fefd5c5debaf62200462545", "9cb370cedb049039b08ef47c226518ff3881bc8309c89b57e25dc042169ab96a", "a1974279f06f9e589582df17a106e0830baa549780f65ece88488acb535d0179", "a3d578e74702ef75d093a8889312c107c4d13dda49e2b5a3691889fbe2974b37", "a828db8a503476cdd03ae7dca2e8d547acc4c6f3af139c5fd45f9948a128da67", "ac1f1fc3b388480bb7bd199a62cbe6f29838116916185161546b049706f284aa", "b0ba093319eb66f3b86b64d5c80468e50eb7b3d7d6367cdb76161f08de3552d6", "b248e571e370c460158a6830cab97b373bb42a0097f1a53c7614eb855cd497bb", "bcf334e20c396eff7811f125e008bce46940ef068f583a9c08d2b4c6ac5f5aff", "c26d692da76ec707a09bb16fddf20918eae1a437771f88ac9f8906fd7733e882", "c72494a079460be53a0ca6abb0d79d0bcf10b7910a10bd98add12f2ced6a0faf", "c7cb474d6a0c30f8e6f8533879a3dfc569aa5a861df16bb0ea0489fc1b627d13", "c86e5f0c113c534daa1fbc91a82dbd31b038b617ebdb1dc0327b4dfda1a6edd8", "cc7ef3e8d36e206de123e91a750ecc565fc7718c691fb477d0d2f1d853d1ad01", "cd9e80f954e35a0d3a4a35d5e7376ef110dd391a3c3e3fbd640141d63c5b4c1c", "dd2ce215057e11030001f03813e116c4b11406d75068681cf0cc41de4aba2667", "dd72a3a6f50c0409c09567e9187c29b252734451b3a5814d1c60a377cdfaf739", "e2e138502ef3e8e83dbbf02d02db73b021e383e592b39f3b658f68446a963da7", "e433832a285407bc019d5b443c891ef1e436758aeb7afaf67d4151d8cd4d4c56", "e5ef5ac327eb750ccf20d193afe786d7504285e10e275207fe96eb6f0720bd1f", "f1d403c1118525c883c851f370e0736bf476f613f87797d3c1098df7a44fe299", "f7b8d63457a0f9193fc2343f3e84600adb9d20a5de738c5f58ea3625c059439b", "fd7389cfc829f7000267d0cb0accfcf4b8c2c73de0607b31899b0aee7356a26b", "ffa09d8400871f639dd233a6e37deb7248de7ecf7c897f836985da057c73d986"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUNONCE", "value_name": "wextract_cleanup3"}, {"hashes": ["00a41c3cdaa424eeb6319db533ba421d00deef10194ec3ed41baaff069abfbc6", "08129aba55d0282cf9bddbbd2b04499e972e321bec4477110a3df8ba5e26731a", "09ab7483ce488bc6cf7be401bf1246cf59cde5bc4ebe81d3aebb43ff2cd85398", "09c60f53c40df2a7318c619692756096a1a4a5c485f14e033aae08dcd653df22", "0ddd516729c268faf26249955752d44054a9b574bb4b7c98a734ec4c35513f7c", "189fb3451b47f12e1fa298faf29a657bcf1451b9eecf8894e390a9b49bf065a7", "1bda936bb3a63072cd7ec02d904d5797e604d892e448ae92745c0b99bcb920ca", "1d1f6ee67baf7713754ef87f61397cbc50201d2163c893fc48ef17fd5490f041", "1dd8c3b05b5324703f758c6ad1ba609de4143170b93c1eefc20c14545bd44b08", "23ee90260a961a345f216fa590850992a50af61aa6a8e8934d23fc4c44529634", "2558cf38481549c9fdd11d2b3fde4b0168c8d7fb7726dd8f588e60e22794ac6b", "3970c7b91720a57f356bc895c164f92e776f8e946ff1b059ea0b210b260c256c", "3badfd1548575cffa198d8be072123c415b9a8ec0f5e88338a9dc0b49259fa1c", "45cfd7b084155ba74c37f46ef6c7932e736ab50979b5a904cd0521c8ef894e28", "4dc866260dab99e966d7c6b6bb95f687349109366aa42bd605bc75d4b9e47719", "54ab28a4fea3aab1315aa73ac2a1b89ce71761878e7c7a8392bf6f95f3d0e775", "66293653ca713a861eb03ca30166d83f848795a08d0f3cbc552753dd06a4f49c", "82d3a9e6afd813acc280c1ed2b49d268528aca6d9b0ccba3933f1c734600dd16", "879914057bce3a36fc6736cfdcf0492b622ed5eeb3a2e930f9cda48d1c6157fd", "8897996ae1cd40ab8ba2edb577e5845a65b3fe0c6efe90f3c27ee920ad591c2c", "9a7075f81112630b9569f5463293a6a96a7d0624d47e5bf786cff0d479ce50dd", "9b86d3eceda1e624e9881973daec758e29304f0f6fefd5c5debaf62200462545", "9cb370cedb049039b08ef47c226518ff3881bc8309c89b57e25dc042169ab96a", "a1974279f06f9e589582df17a106e0830baa549780f65ece88488acb535d0179", "a3d578e74702ef75d093a8889312c107c4d13dda49e2b5a3691889fbe2974b37", "a828db8a503476cdd03ae7dca2e8d547acc4c6f3af139c5fd45f9948a128da67", "ac1f1fc3b388480bb7bd199a62cbe6f29838116916185161546b049706f284aa", "b0ba093319eb66f3b86b64d5c80468e50eb7b3d7d6367cdb76161f08de3552d6", "b248e571e370c460158a6830cab97b373bb42a0097f1a53c7614eb855cd497bb", "bcf334e20c396eff7811f125e008bce46940ef068f583a9c08d2b4c6ac5f5aff", "c26d692da76ec707a09bb16fddf20918eae1a437771f88ac9f8906fd7733e882", "c72494a079460be53a0ca6abb0d79d0bcf10b7910a10bd98add12f2ced6a0faf", "c7cb474d6a0c30f8e6f8533879a3dfc569aa5a861df16bb0ea0489fc1b627d13", "c86e5f0c113c534daa1fbc91a82dbd31b038b617ebdb1dc0327b4dfda1a6edd8", "cc7ef3e8d36e206de123e91a750ecc565fc7718c691fb477d0d2f1d853d1ad01", "cd9e80f954e35a0d3a4a35d5e7376ef110dd391a3c3e3fbd640141d63c5b4c1c", "dd2ce215057e11030001f03813e116c4b11406d75068681cf0cc41de4aba2667", "dd72a3a6f50c0409c09567e9187c29b252734451b3a5814d1c60a377cdfaf739", "e2e138502ef3e8e83dbbf02d02db73b021e383e592b39f3b658f68446a963da7", "e433832a285407bc019d5b443c891ef1e436758aeb7afaf67d4151d8cd4d4c56", "e5ef5ac327eb750ccf20d193afe786d7504285e10e275207fe96eb6f0720bd1f", "f1d403c1118525c883c851f370e0736bf476f613f87797d3c1098df7a44fe299", "f7b8d63457a0f9193fc2343f3e84600adb9d20a5de738c5f58ea3625c059439b", "fd7389cfc829f7000267d0cb0accfcf4b8c2c73de0607b31899b0aee7356a26b", "ffa09d8400871f639dd233a6e37deb7248de7ecf7c897f836985da057c73d986"], "key": "<HKLM>\\SOFTWARE\\POLICIES\\MICROSOFT\\WINDOWS DEFENDER\\REAL-TIME PROTECTION", "value_name": "DisableIOAVProtection"}, {"hashes": ["00a41c3cdaa424eeb6319db533ba421d00deef10194ec3ed41baaff069abfbc6", "08129aba55d0282cf9bddbbd2b04499e972e321bec4477110a3df8ba5e26731a", "09ab7483ce488bc6cf7be401bf1246cf59cde5bc4ebe81d3aebb43ff2cd85398", "09c60f53c40df2a7318c619692756096a1a4a5c485f14e033aae08dcd653df22", "0ddd516729c268faf26249955752d44054a9b574bb4b7c98a734ec4c35513f7c", "189fb3451b47f12e1fa298faf29a657bcf1451b9eecf8894e390a9b49bf065a7", "1bda936bb3a63072cd7ec02d904d5797e604d892e448ae92745c0b99bcb920ca", "1d1f6ee67baf7713754ef87f61397cbc50201d2163c893fc48ef17fd5490f041", "1dd8c3b05b5324703f758c6ad1ba609de4143170b93c1eefc20c14545bd44b08", "23ee90260a961a345f216fa590850992a50af61aa6a8e8934d23fc4c44529634", "2558cf38481549c9fdd11d2b3fde4b0168c8d7fb7726dd8f588e60e22794ac6b", "3970c7b91720a57f356bc895c164f92e776f8e946ff1b059ea0b210b260c256c", "3badfd1548575cffa198d8be072123c415b9a8ec0f5e88338a9dc0b49259fa1c", "45cfd7b084155ba74c37f46ef6c7932e736ab50979b5a904cd0521c8ef894e28", "4dc866260dab99e966d7c6b6bb95f687349109366aa42bd605bc75d4b9e47719", "54ab28a4fea3aab1315aa73ac2a1b89ce71761878e7c7a8392bf6f95f3d0e775", "66293653ca713a861eb03ca30166d83f848795a08d0f3cbc552753dd06a4f49c", "82d3a9e6afd813acc280c1ed2b49d268528aca6d9b0ccba3933f1c734600dd16", "879914057bce3a36fc6736cfdcf0492b622ed5eeb3a2e930f9cda48d1c6157fd", "8897996ae1cd40ab8ba2edb577e5845a65b3fe0c6efe90f3c27ee920ad591c2c", "9a7075f81112630b9569f5463293a6a96a7d0624d47e5bf786cff0d479ce50dd", "9b86d3eceda1e624e9881973daec758e29304f0f6fefd5c5debaf62200462545", "9cb370cedb049039b08ef47c226518ff3881bc8309c89b57e25dc042169ab96a", "a1974279f06f9e589582df17a106e0830baa549780f65ece88488acb535d0179", "a3d578e74702ef75d093a8889312c107c4d13dda49e2b5a3691889fbe2974b37", "a828db8a503476cdd03ae7dca2e8d547acc4c6f3af139c5fd45f9948a128da67", "ac1f1fc3b388480bb7bd199a62cbe6f29838116916185161546b049706f284aa", "b0ba093319eb66f3b86b64d5c80468e50eb7b3d7d6367cdb76161f08de3552d6", "b248e571e370c460158a6830cab97b373bb42a0097f1a53c7614eb855cd497bb", "bcf334e20c396eff7811f125e008bce46940ef068f583a9c08d2b4c6ac5f5aff", "c26d692da76ec707a09bb16fddf20918eae1a437771f88ac9f8906fd7733e882", "c72494a079460be53a0ca6abb0d79d0bcf10b7910a10bd98add12f2ced6a0faf", "c7cb474d6a0c30f8e6f8533879a3dfc569aa5a861df16bb0ea0489fc1b627d13", "c86e5f0c113c534daa1fbc91a82dbd31b038b617ebdb1dc0327b4dfda1a6edd8", "cc7ef3e8d36e206de123e91a750ecc565fc7718c691fb477d0d2f1d853d1ad01", "cd9e80f954e35a0d3a4a35d5e7376ef110dd391a3c3e3fbd640141d63c5b4c1c", "dd2ce215057e11030001f03813e116c4b11406d75068681cf0cc41de4aba2667", "dd72a3a6f50c0409c09567e9187c29b252734451b3a5814d1c60a377cdfaf739", "e2e138502ef3e8e83dbbf02d02db73b021e383e592b39f3b658f68446a963da7", "e433832a285407bc019d5b443c891ef1e436758aeb7afaf67d4151d8cd4d4c56", "e5ef5ac327eb750ccf20d193afe786d7504285e10e275207fe96eb6f0720bd1f", "f1d403c1118525c883c851f370e0736bf476f613f87797d3c1098df7a44fe299", "f7b8d63457a0f9193fc2343f3e84600adb9d20a5de738c5f58ea3625c059439b", "fd7389cfc829f7000267d0cb0accfcf4b8c2c73de0607b31899b0aee7356a26b", "ffa09d8400871f639dd233a6e37deb7248de7ecf7c897f836985da057c73d986"], "key": "<HKLM>\\SOFTWARE\\POLICIES\\MICROSOFT\\WINDOWS DEFENDER", "value_name": null}, {"hashes": ["00a41c3cdaa424eeb6319db533ba421d00deef10194ec3ed41baaff069abfbc6", "08129aba55d0282cf9bddbbd2b04499e972e321bec4477110a3df8ba5e26731a", "09ab7483ce488bc6cf7be401bf1246cf59cde5bc4ebe81d3aebb43ff2cd85398", "09c60f53c40df2a7318c619692756096a1a4a5c485f14e033aae08dcd653df22", "0ddd516729c268faf26249955752d44054a9b574bb4b7c98a734ec4c35513f7c", "189fb3451b47f12e1fa298faf29a657bcf1451b9eecf8894e390a9b49bf065a7", "1bda936bb3a63072cd7ec02d904d5797e604d892e448ae92745c0b99bcb920ca", "1d1f6ee67baf7713754ef87f61397cbc50201d2163c893fc48ef17fd5490f041", "1dd8c3b05b5324703f758c6ad1ba609de4143170b93c1eefc20c14545bd44b08", "23ee90260a961a345f216fa590850992a50af61aa6a8e8934d23fc4c44529634", "2558cf38481549c9fdd11d2b3fde4b0168c8d7fb7726dd8f588e60e22794ac6b", "3970c7b91720a57f356bc895c164f92e776f8e946ff1b059ea0b210b260c256c", "3badfd1548575cffa198d8be072123c415b9a8ec0f5e88338a9dc0b49259fa1c", "45cfd7b084155ba74c37f46ef6c7932e736ab50979b5a904cd0521c8ef894e28", "4dc866260dab99e966d7c6b6bb95f687349109366aa42bd605bc75d4b9e47719", "54ab28a4fea3aab1315aa73ac2a1b89ce71761878e7c7a8392bf6f95f3d0e775", "66293653ca713a861eb03ca30166d83f848795a08d0f3cbc552753dd06a4f49c", "82d3a9e6afd813acc280c1ed2b49d268528aca6d9b0ccba3933f1c734600dd16", "879914057bce3a36fc6736cfdcf0492b622ed5eeb3a2e930f9cda48d1c6157fd", "8897996ae1cd40ab8ba2edb577e5845a65b3fe0c6efe90f3c27ee920ad591c2c", "9a7075f81112630b9569f5463293a6a96a7d0624d47e5bf786cff0d479ce50dd", "9b86d3eceda1e624e9881973daec758e29304f0f6fefd5c5debaf62200462545", "9cb370cedb049039b08ef47c226518ff3881bc8309c89b57e25dc042169ab96a", "a1974279f06f9e589582df17a106e0830baa549780f65ece88488acb535d0179", "a3d578e74702ef75d093a8889312c107c4d13dda49e2b5a3691889fbe2974b37", "a828db8a503476cdd03ae7dca2e8d547acc4c6f3af139c5fd45f9948a128da67", "ac1f1fc3b388480bb7bd199a62cbe6f29838116916185161546b049706f284aa", "b0ba093319eb66f3b86b64d5c80468e50eb7b3d7d6367cdb76161f08de3552d6", "b248e571e370c460158a6830cab97b373bb42a0097f1a53c7614eb855cd497bb", "bcf334e20c396eff7811f125e008bce46940ef068f583a9c08d2b4c6ac5f5aff", "c26d692da76ec707a09bb16fddf20918eae1a437771f88ac9f8906fd7733e882", "c72494a079460be53a0ca6abb0d79d0bcf10b7910a10bd98add12f2ced6a0faf", "c7cb474d6a0c30f8e6f8533879a3dfc569aa5a861df16bb0ea0489fc1b627d13", "c86e5f0c113c534daa1fbc91a82dbd31b038b617ebdb1dc0327b4dfda1a6edd8", "cc7ef3e8d36e206de123e91a750ecc565fc7718c691fb477d0d2f1d853d1ad01", "cd9e80f954e35a0d3a4a35d5e7376ef110dd391a3c3e3fbd640141d63c5b4c1c", "dd2ce215057e11030001f03813e116c4b11406d75068681cf0cc41de4aba2667", "dd72a3a6f50c0409c09567e9187c29b252734451b3a5814d1c60a377cdfaf739", "e2e138502ef3e8e83dbbf02d02db73b021e383e592b39f3b658f68446a963da7", "e433832a285407bc019d5b443c891ef1e436758aeb7afaf67d4151d8cd4d4c56", "e5ef5ac327eb750ccf20d193afe786d7504285e10e275207fe96eb6f0720bd1f", "f1d403c1118525c883c851f370e0736bf476f613f87797d3c1098df7a44fe299", "f7b8d63457a0f9193fc2343f3e84600adb9d20a5de738c5f58ea3625c059439b", "fd7389cfc829f7000267d0cb0accfcf4b8c2c73de0607b31899b0aee7356a26b", "ffa09d8400871f639dd233a6e37deb7248de7ecf7c897f836985da057c73d986"], "key": "<HKLM>\\SOFTWARE\\POLICIES\\MICROSOFT\\WINDOWS DEFENDER\\REAL-TIME PROTECTION", "value_name": null}, {"hashes": ["00a41c3cdaa424eeb6319db533ba421d00deef10194ec3ed41baaff069abfbc6", "08129aba55d0282cf9bddbbd2b04499e972e321bec4477110a3df8ba5e26731a", "09ab7483ce488bc6cf7be401bf1246cf59cde5bc4ebe81d3aebb43ff2cd85398", "09c60f53c40df2a7318c619692756096a1a4a5c485f14e033aae08dcd653df22", "0ddd516729c268faf26249955752d44054a9b574bb4b7c98a734ec4c35513f7c", "189fb3451b47f12e1fa298faf29a657bcf1451b9eecf8894e390a9b49bf065a7", "1bda936bb3a63072cd7ec02d904d5797e604d892e448ae92745c0b99bcb920ca", "1d1f6ee67baf7713754ef87f61397cbc50201d2163c893fc48ef17fd5490f041", "1dd8c3b05b5324703f758c6ad1ba609de4143170b93c1eefc20c14545bd44b08", "23ee90260a961a345f216fa590850992a50af61aa6a8e8934d23fc4c44529634", "2558cf38481549c9fdd11d2b3fde4b0168c8d7fb7726dd8f588e60e22794ac6b", "3970c7b91720a57f356bc895c164f92e776f8e946ff1b059ea0b210b260c256c", "3badfd1548575cffa198d8be072123c415b9a8ec0f5e88338a9dc0b49259fa1c", "45cfd7b084155ba74c37f46ef6c7932e736ab50979b5a904cd0521c8ef894e28", "4dc866260dab99e966d7c6b6bb95f687349109366aa42bd605bc75d4b9e47719", "54ab28a4fea3aab1315aa73ac2a1b89ce71761878e7c7a8392bf6f95f3d0e775", "66293653ca713a861eb03ca30166d83f848795a08d0f3cbc552753dd06a4f49c", "82d3a9e6afd813acc280c1ed2b49d268528aca6d9b0ccba3933f1c734600dd16", "879914057bce3a36fc6736cfdcf0492b622ed5eeb3a2e930f9cda48d1c6157fd", "8897996ae1cd40ab8ba2edb577e5845a65b3fe0c6efe90f3c27ee920ad591c2c", "9a7075f81112630b9569f5463293a6a96a7d0624d47e5bf786cff0d479ce50dd", "9b86d3eceda1e624e9881973daec758e29304f0f6fefd5c5debaf62200462545", "9cb370cedb049039b08ef47c226518ff3881bc8309c89b57e25dc042169ab96a", "a1974279f06f9e589582df17a106e0830baa549780f65ece88488acb535d0179", "a3d578e74702ef75d093a8889312c107c4d13dda49e2b5a3691889fbe2974b37", "a828db8a503476cdd03ae7dca2e8d547acc4c6f3af139c5fd45f9948a128da67", "ac1f1fc3b388480bb7bd199a62cbe6f29838116916185161546b049706f284aa", "b0ba093319eb66f3b86b64d5c80468e50eb7b3d7d6367cdb76161f08de3552d6", "b248e571e370c460158a6830cab97b373bb42a0097f1a53c7614eb855cd497bb", "bcf334e20c396eff7811f125e008bce46940ef068f583a9c08d2b4c6ac5f5aff", "c26d692da76ec707a09bb16fddf20918eae1a437771f88ac9f8906fd7733e882", "c72494a079460be53a0ca6abb0d79d0bcf10b7910a10bd98add12f2ced6a0faf", "c7cb474d6a0c30f8e6f8533879a3dfc569aa5a861df16bb0ea0489fc1b627d13", "c86e5f0c113c534daa1fbc91a82dbd31b038b617ebdb1dc0327b4dfda1a6edd8", "cc7ef3e8d36e206de123e91a750ecc565fc7718c691fb477d0d2f1d853d1ad01", "cd9e80f954e35a0d3a4a35d5e7376ef110dd391a3c3e3fbd640141d63c5b4c1c", "dd2ce215057e11030001f03813e116c4b11406d75068681cf0cc41de4aba2667", "dd72a3a6f50c0409c09567e9187c29b252734451b3a5814d1c60a377cdfaf739", "e2e138502ef3e8e83dbbf02d02db73b021e383e592b39f3b658f68446a963da7", "e433832a285407bc019d5b443c891ef1e436758aeb7afaf67d4151d8cd4d4c56", "e5ef5ac327eb750ccf20d193afe786d7504285e10e275207fe96eb6f0720bd1f", "f1d403c1118525c883c851f370e0736bf476f613f87797d3c1098df7a44fe299", "f7b8d63457a0f9193fc2343f3e84600adb9d20a5de738c5f58ea3625c059439b", "fd7389cfc829f7000267d0cb0accfcf4b8c2c73de0607b31899b0aee7356a26b", "ffa09d8400871f639dd233a6e37deb7248de7ecf7c897f836985da057c73d986"], "key": "<HKLM>\\SOFTWARE\\POLICIES\\MICROSOFT\\WINDOWS\\WINDOWSUPDATE", "value_name": null}, {"hashes": ["00a41c3cdaa424eeb6319db533ba421d00deef10194ec3ed41baaff069abfbc6", "08129aba55d0282cf9bddbbd2b04499e972e321bec4477110a3df8ba5e26731a", "09ab7483ce488bc6cf7be401bf1246cf59cde5bc4ebe81d3aebb43ff2cd85398", "09c60f53c40df2a7318c619692756096a1a4a5c485f14e033aae08dcd653df22", "0ddd516729c268faf26249955752d44054a9b574bb4b7c98a734ec4c35513f7c", "189fb3451b47f12e1fa298faf29a657bcf1451b9eecf8894e390a9b49bf065a7", "1bda936bb3a63072cd7ec02d904d5797e604d892e448ae92745c0b99bcb920ca", "1d1f6ee67baf7713754ef87f61397cbc50201d2163c893fc48ef17fd5490f041", "1dd8c3b05b5324703f758c6ad1ba609de4143170b93c1eefc20c14545bd44b08", "23ee90260a961a345f216fa590850992a50af61aa6a8e8934d23fc4c44529634", "2558cf38481549c9fdd11d2b3fde4b0168c8d7fb7726dd8f588e60e22794ac6b", "3970c7b91720a57f356bc895c164f92e776f8e946ff1b059ea0b210b260c256c", "3badfd1548575cffa198d8be072123c415b9a8ec0f5e88338a9dc0b49259fa1c", "45cfd7b084155ba74c37f46ef6c7932e736ab50979b5a904cd0521c8ef894e28", "4dc866260dab99e966d7c6b6bb95f687349109366aa42bd605bc75d4b9e47719", "54ab28a4fea3aab1315aa73ac2a1b89ce71761878e7c7a8392bf6f95f3d0e775", "66293653ca713a861eb03ca30166d83f848795a08d0f3cbc552753dd06a4f49c", "82d3a9e6afd813acc280c1ed2b49d268528aca6d9b0ccba3933f1c734600dd16", "879914057bce3a36fc6736cfdcf0492b622ed5eeb3a2e930f9cda48d1c6157fd", "8897996ae1cd40ab8ba2edb577e5845a65b3fe0c6efe90f3c27ee920ad591c2c", "9a7075f81112630b9569f5463293a6a96a7d0624d47e5bf786cff0d479ce50dd", "9b86d3eceda1e624e9881973daec758e29304f0f6fefd5c5debaf62200462545", "9cb370cedb049039b08ef47c226518ff3881bc8309c89b57e25dc042169ab96a", "a1974279f06f9e589582df17a106e0830baa549780f65ece88488acb535d0179", "a3d578e74702ef75d093a8889312c107c4d13dda49e2b5a3691889fbe2974b37", "a828db8a503476cdd03ae7dca2e8d547acc4c6f3af139c5fd45f9948a128da67", "ac1f1fc3b388480bb7bd199a62cbe6f29838116916185161546b049706f284aa", "b0ba093319eb66f3b86b64d5c80468e50eb7b3d7d6367cdb76161f08de3552d6", "b248e571e370c460158a6830cab97b373bb42a0097f1a53c7614eb855cd497bb", "bcf334e20c396eff7811f125e008bce46940ef068f583a9c08d2b4c6ac5f5aff", "c26d692da76ec707a09bb16fddf20918eae1a437771f88ac9f8906fd7733e882", "c72494a079460be53a0ca6abb0d79d0bcf10b7910a10bd98add12f2ced6a0faf", "c7cb474d6a0c30f8e6f8533879a3dfc569aa5a861df16bb0ea0489fc1b627d13", "c86e5f0c113c534daa1fbc91a82dbd31b038b617ebdb1dc0327b4dfda1a6edd8", "cc7ef3e8d36e206de123e91a750ecc565fc7718c691fb477d0d2f1d853d1ad01", "cd9e80f954e35a0d3a4a35d5e7376ef110dd391a3c3e3fbd640141d63c5b4c1c", "dd2ce215057e11030001f03813e116c4b11406d75068681cf0cc41de4aba2667", "dd72a3a6f50c0409c09567e9187c29b252734451b3a5814d1c60a377cdfaf739", "e2e138502ef3e8e83dbbf02d02db73b021e383e592b39f3b658f68446a963da7", "e433832a285407bc019d5b443c891ef1e436758aeb7afaf67d4151d8cd4d4c56", "e5ef5ac327eb750ccf20d193afe786d7504285e10e275207fe96eb6f0720bd1f", "f1d403c1118525c883c851f370e0736bf476f613f87797d3c1098df7a44fe299", "f7b8d63457a0f9193fc2343f3e84600adb9d20a5de738c5f58ea3625c059439b", "fd7389cfc829f7000267d0cb0accfcf4b8c2c73de0607b31899b0aee7356a26b", "ffa09d8400871f639dd233a6e37deb7248de7ecf7c897f836985da057c73d986"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS DEFENDER\\FEATURES", "value_name": null}, {"hashes": ["00a41c3cdaa424eeb6319db533ba421d00deef10194ec3ed41baaff069abfbc6", "08129aba55d0282cf9bddbbd2b04499e972e321bec4477110a3df8ba5e26731a", "09ab7483ce488bc6cf7be401bf1246cf59cde5bc4ebe81d3aebb43ff2cd85398", "09c60f53c40df2a7318c619692756096a1a4a5c485f14e033aae08dcd653df22", "0ddd516729c268faf26249955752d44054a9b574bb4b7c98a734ec4c35513f7c", "189fb3451b47f12e1fa298faf29a657bcf1451b9eecf8894e390a9b49bf065a7", "1bda936bb3a63072cd7ec02d904d5797e604d892e448ae92745c0b99bcb920ca", "1d1f6ee67baf7713754ef87f61397cbc50201d2163c893fc48ef17fd5490f041", "1dd8c3b05b5324703f758c6ad1ba609de4143170b93c1eefc20c14545bd44b08", "23ee90260a961a345f216fa590850992a50af61aa6a8e8934d23fc4c44529634", "2558cf38481549c9fdd11d2b3fde4b0168c8d7fb7726dd8f588e60e22794ac6b", "3970c7b91720a57f356bc895c164f92e776f8e946ff1b059ea0b210b260c256c", "3badfd1548575cffa198d8be072123c415b9a8ec0f5e88338a9dc0b49259fa1c", "45cfd7b084155ba74c37f46ef6c7932e736ab50979b5a904cd0521c8ef894e28", "4dc866260dab99e966d7c6b6bb95f687349109366aa42bd605bc75d4b9e47719", "54ab28a4fea3aab1315aa73ac2a1b89ce71761878e7c7a8392bf6f95f3d0e775", "66293653ca713a861eb03ca30166d83f848795a08d0f3cbc552753dd06a4f49c", "82d3a9e6afd813acc280c1ed2b49d268528aca6d9b0ccba3933f1c734600dd16", "879914057bce3a36fc6736cfdcf0492b622ed5eeb3a2e930f9cda48d1c6157fd", "8897996ae1cd40ab8ba2edb577e5845a65b3fe0c6efe90f3c27ee920ad591c2c", "9a7075f81112630b9569f5463293a6a96a7d0624d47e5bf786cff0d479ce50dd", "9b86d3eceda1e624e9881973daec758e29304f0f6fefd5c5debaf62200462545", "9cb370cedb049039b08ef47c226518ff3881bc8309c89b57e25dc042169ab96a", "a1974279f06f9e589582df17a106e0830baa549780f65ece88488acb535d0179", "a3d578e74702ef75d093a8889312c107c4d13dda49e2b5a3691889fbe2974b37", "a828db8a503476cdd03ae7dca2e8d547acc4c6f3af139c5fd45f9948a128da67", "ac1f1fc3b388480bb7bd199a62cbe6f29838116916185161546b049706f284aa", "b0ba093319eb66f3b86b64d5c80468e50eb7b3d7d6367cdb76161f08de3552d6", "b248e571e370c460158a6830cab97b373bb42a0097f1a53c7614eb855cd497bb", "bcf334e20c396eff7811f125e008bce46940ef068f583a9c08d2b4c6ac5f5aff", "c26d692da76ec707a09bb16fddf20918eae1a437771f88ac9f8906fd7733e882", "c72494a079460be53a0ca6abb0d79d0bcf10b7910a10bd98add12f2ced6a0faf", "c7cb474d6a0c30f8e6f8533879a3dfc569aa5a861df16bb0ea0489fc1b627d13", "c86e5f0c113c534daa1fbc91a82dbd31b038b617ebdb1dc0327b4dfda1a6edd8", "cc7ef3e8d36e206de123e91a750ecc565fc7718c691fb477d0d2f1d853d1ad01", "cd9e80f954e35a0d3a4a35d5e7376ef110dd391a3c3e3fbd640141d63c5b4c1c", "dd2ce215057e11030001f03813e116c4b11406d75068681cf0cc41de4aba2667", "dd72a3a6f50c0409c09567e9187c29b252734451b3a5814d1c60a377cdfaf739", "e2e138502ef3e8e83dbbf02d02db73b021e383e592b39f3b658f68446a963da7", "e433832a285407bc019d5b443c891ef1e436758aeb7afaf67d4151d8cd4d4c56", "e5ef5ac327eb750ccf20d193afe786d7504285e10e275207fe96eb6f0720bd1f", "f1d403c1118525c883c851f370e0736bf476f613f87797d3c1098df7a44fe299", "f7b8d63457a0f9193fc2343f3e84600adb9d20a5de738c5f58ea3625c059439b", "fd7389cfc829f7000267d0cb0accfcf4b8c2c73de0607b31899b0aee7356a26b", "ffa09d8400871f639dd233a6e37deb7248de7ecf7c897f836985da057c73d986"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS DEFENDER\\FEATURES", "value_name": "TamperProtection"}, {"hashes": ["00a41c3cdaa424eeb6319db533ba421d00deef10194ec3ed41baaff069abfbc6", "08129aba55d0282cf9bddbbd2b04499e972e321bec4477110a3df8ba5e26731a", "09ab7483ce488bc6cf7be401bf1246cf59cde5bc4ebe81d3aebb43ff2cd85398", "09c60f53c40df2a7318c619692756096a1a4a5c485f14e033aae08dcd653df22", "0ddd516729c268faf26249955752d44054a9b574bb4b7c98a734ec4c35513f7c", "189fb3451b47f12e1fa298faf29a657bcf1451b9eecf8894e390a9b49bf065a7", "1bda936bb3a63072cd7ec02d904d5797e604d892e448ae92745c0b99bcb920ca", "1d1f6ee67baf7713754ef87f61397cbc50201d2163c893fc48ef17fd5490f041", "1dd8c3b05b5324703f758c6ad1ba609de4143170b93c1eefc20c14545bd44b08", "23ee90260a961a345f216fa590850992a50af61aa6a8e8934d23fc4c44529634", "2558cf38481549c9fdd11d2b3fde4b0168c8d7fb7726dd8f588e60e22794ac6b", "3970c7b91720a57f356bc895c164f92e776f8e946ff1b059ea0b210b260c256c", "3badfd1548575cffa198d8be072123c415b9a8ec0f5e88338a9dc0b49259fa1c", "45cfd7b084155ba74c37f46ef6c7932e736ab50979b5a904cd0521c8ef894e28", "4dc866260dab99e966d7c6b6bb95f687349109366aa42bd605bc75d4b9e47719", "54ab28a4fea3aab1315aa73ac2a1b89ce71761878e7c7a8392bf6f95f3d0e775", "66293653ca713a861eb03ca30166d83f848795a08d0f3cbc552753dd06a4f49c", "82d3a9e6afd813acc280c1ed2b49d268528aca6d9b0ccba3933f1c734600dd16", "879914057bce3a36fc6736cfdcf0492b622ed5eeb3a2e930f9cda48d1c6157fd", "8897996ae1cd40ab8ba2edb577e5845a65b3fe0c6efe90f3c27ee920ad591c2c", "9a7075f81112630b9569f5463293a6a96a7d0624d47e5bf786cff0d479ce50dd", "9b86d3eceda1e624e9881973daec758e29304f0f6fefd5c5debaf62200462545", "9cb370cedb049039b08ef47c226518ff3881bc8309c89b57e25dc042169ab96a", "a1974279f06f9e589582df17a106e0830baa549780f65ece88488acb535d0179", "a3d578e74702ef75d093a8889312c107c4d13dda49e2b5a3691889fbe2974b37", "a828db8a503476cdd03ae7dca2e8d547acc4c6f3af139c5fd45f9948a128da67", "ac1f1fc3b388480bb7bd199a62cbe6f29838116916185161546b049706f284aa", "b0ba093319eb66f3b86b64d5c80468e50eb7b3d7d6367cdb76161f08de3552d6", "b248e571e370c460158a6830cab97b373bb42a0097f1a53c7614eb855cd497bb", "bcf334e20c396eff7811f125e008bce46940ef068f583a9c08d2b4c6ac5f5aff", "c26d692da76ec707a09bb16fddf20918eae1a437771f88ac9f8906fd7733e882", "c72494a079460be53a0ca6abb0d79d0bcf10b7910a10bd98add12f2ced6a0faf", "c7cb474d6a0c30f8e6f8533879a3dfc569aa5a861df16bb0ea0489fc1b627d13", "c86e5f0c113c534daa1fbc91a82dbd31b038b617ebdb1dc0327b4dfda1a6edd8", "cc7ef3e8d36e206de123e91a750ecc565fc7718c691fb477d0d2f1d853d1ad01", "cd9e80f954e35a0d3a4a35d5e7376ef110dd391a3c3e3fbd640141d63c5b4c1c", "dd2ce215057e11030001f03813e116c4b11406d75068681cf0cc41de4aba2667", "dd72a3a6f50c0409c09567e9187c29b252734451b3a5814d1c60a377cdfaf739", "e2e138502ef3e8e83dbbf02d02db73b021e383e592b39f3b658f68446a963da7", "e433832a285407bc019d5b443c891ef1e436758aeb7afaf67d4151d8cd4d4c56", "e5ef5ac327eb750ccf20d193afe786d7504285e10e275207fe96eb6f0720bd1f", "f1d403c1118525c883c851f370e0736bf476f613f87797d3c1098df7a44fe299", "f7b8d63457a0f9193fc2343f3e84600adb9d20a5de738c5f58ea3625c059439b", "fd7389cfc829f7000267d0cb0accfcf4b8c2c73de0607b31899b0aee7356a26b", "ffa09d8400871f639dd233a6e37deb7248de7ecf7c897f836985da057c73d986"], "key": "<HKLM>\\SOFTWARE\\POLICIES\\MICROSOFT\\WINDOWS DEFENDER\\REAL-TIME PROTECTION", "value_name": "DisableRealtimeMonitoring"}, {"hashes": ["00a41c3cdaa424eeb6319db533ba421d00deef10194ec3ed41baaff069abfbc6", "08129aba55d0282cf9bddbbd2b04499e972e321bec4477110a3df8ba5e26731a", "09ab7483ce488bc6cf7be401bf1246cf59cde5bc4ebe81d3aebb43ff2cd85398", "09c60f53c40df2a7318c619692756096a1a4a5c485f14e033aae08dcd653df22", "0ddd516729c268faf26249955752d44054a9b574bb4b7c98a734ec4c35513f7c", "189fb3451b47f12e1fa298faf29a657bcf1451b9eecf8894e390a9b49bf065a7", "1bda936bb3a63072cd7ec02d904d5797e604d892e448ae92745c0b99bcb920ca", "1d1f6ee67baf7713754ef87f61397cbc50201d2163c893fc48ef17fd5490f041", "1dd8c3b05b5324703f758c6ad1ba609de4143170b93c1eefc20c14545bd44b08", "23ee90260a961a345f216fa590850992a50af61aa6a8e8934d23fc4c44529634", "2558cf38481549c9fdd11d2b3fde4b0168c8d7fb7726dd8f588e60e22794ac6b", "3970c7b91720a57f356bc895c164f92e776f8e946ff1b059ea0b210b260c256c", "3badfd1548575cffa198d8be072123c415b9a8ec0f5e88338a9dc0b49259fa1c", "45cfd7b084155ba74c37f46ef6c7932e736ab50979b5a904cd0521c8ef894e28", "4dc866260dab99e966d7c6b6bb95f687349109366aa42bd605bc75d4b9e47719", "54ab28a4fea3aab1315aa73ac2a1b89ce71761878e7c7a8392bf6f95f3d0e775", "66293653ca713a861eb03ca30166d83f848795a08d0f3cbc552753dd06a4f49c", "82d3a9e6afd813acc280c1ed2b49d268528aca6d9b0ccba3933f1c734600dd16", "879914057bce3a36fc6736cfdcf0492b622ed5eeb3a2e930f9cda48d1c6157fd", "8897996ae1cd40ab8ba2edb577e5845a65b3fe0c6efe90f3c27ee920ad591c2c", "9a7075f81112630b9569f5463293a6a96a7d0624d47e5bf786cff0d479ce50dd", "9b86d3eceda1e624e9881973daec758e29304f0f6fefd5c5debaf62200462545", "9cb370cedb049039b08ef47c226518ff3881bc8309c89b57e25dc042169ab96a", "a1974279f06f9e589582df17a106e0830baa549780f65ece88488acb535d0179", "a3d578e74702ef75d093a8889312c107c4d13dda49e2b5a3691889fbe2974b37", "a828db8a503476cdd03ae7dca2e8d547acc4c6f3af139c5fd45f9948a128da67", "ac1f1fc3b388480bb7bd199a62cbe6f29838116916185161546b049706f284aa", "b0ba093319eb66f3b86b64d5c80468e50eb7b3d7d6367cdb76161f08de3552d6", "b248e571e370c460158a6830cab97b373bb42a0097f1a53c7614eb855cd497bb", "bcf334e20c396eff7811f125e008bce46940ef068f583a9c08d2b4c6ac5f5aff", "c26d692da76ec707a09bb16fddf20918eae1a437771f88ac9f8906fd7733e882", "c72494a079460be53a0ca6abb0d79d0bcf10b7910a10bd98add12f2ced6a0faf", "c7cb474d6a0c30f8e6f8533879a3dfc569aa5a861df16bb0ea0489fc1b627d13", "c86e5f0c113c534daa1fbc91a82dbd31b038b617ebdb1dc0327b4dfda1a6edd8", "cc7ef3e8d36e206de123e91a750ecc565fc7718c691fb477d0d2f1d853d1ad01", "cd9e80f954e35a0d3a4a35d5e7376ef110dd391a3c3e3fbd640141d63c5b4c1c", "dd2ce215057e11030001f03813e116c4b11406d75068681cf0cc41de4aba2667", "dd72a3a6f50c0409c09567e9187c29b252734451b3a5814d1c60a377cdfaf739", "e2e138502ef3e8e83dbbf02d02db73b021e383e592b39f3b658f68446a963da7", "e433832a285407bc019d5b443c891ef1e436758aeb7afaf67d4151d8cd4d4c56", "e5ef5ac327eb750ccf20d193afe786d7504285e10e275207fe96eb6f0720bd1f", "f1d403c1118525c883c851f370e0736bf476f613f87797d3c1098df7a44fe299", "f7b8d63457a0f9193fc2343f3e84600adb9d20a5de738c5f58ea3625c059439b", "fd7389cfc829f7000267d0cb0accfcf4b8c2c73de0607b31899b0aee7356a26b", "ffa09d8400871f639dd233a6e37deb7248de7ecf7c897f836985da057c73d986"], "key": "<HKLM>\\SOFTWARE\\POLICIES\\MICROSOFT\\WINDOWS DEFENDER SECURITY CENTER", "value_name": null}, {"hashes": ["00a41c3cdaa424eeb6319db533ba421d00deef10194ec3ed41baaff069abfbc6", "08129aba55d0282cf9bddbbd2b04499e972e321bec4477110a3df8ba5e26731a", "09ab7483ce488bc6cf7be401bf1246cf59cde5bc4ebe81d3aebb43ff2cd85398", "09c60f53c40df2a7318c619692756096a1a4a5c485f14e033aae08dcd653df22", "0ddd516729c268faf26249955752d44054a9b574bb4b7c98a734ec4c35513f7c", "189fb3451b47f12e1fa298faf29a657bcf1451b9eecf8894e390a9b49bf065a7", "1bda936bb3a63072cd7ec02d904d5797e604d892e448ae92745c0b99bcb920ca", "1d1f6ee67baf7713754ef87f61397cbc50201d2163c893fc48ef17fd5490f041", "1dd8c3b05b5324703f758c6ad1ba609de4143170b93c1eefc20c14545bd44b08", "23ee90260a961a345f216fa590850992a50af61aa6a8e8934d23fc4c44529634", "2558cf38481549c9fdd11d2b3fde4b0168c8d7fb7726dd8f588e60e22794ac6b", "3970c7b91720a57f356bc895c164f92e776f8e946ff1b059ea0b210b260c256c", "3badfd1548575cffa198d8be072123c415b9a8ec0f5e88338a9dc0b49259fa1c", "45cfd7b084155ba74c37f46ef6c7932e736ab50979b5a904cd0521c8ef894e28", "4dc866260dab99e966d7c6b6bb95f687349109366aa42bd605bc75d4b9e47719", "54ab28a4fea3aab1315aa73ac2a1b89ce71761878e7c7a8392bf6f95f3d0e775", "66293653ca713a861eb03ca30166d83f848795a08d0f3cbc552753dd06a4f49c", "82d3a9e6afd813acc280c1ed2b49d268528aca6d9b0ccba3933f1c734600dd16", "879914057bce3a36fc6736cfdcf0492b622ed5eeb3a2e930f9cda48d1c6157fd", "8897996ae1cd40ab8ba2edb577e5845a65b3fe0c6efe90f3c27ee920ad591c2c", "9a7075f81112630b9569f5463293a6a96a7d0624d47e5bf786cff0d479ce50dd", "9b86d3eceda1e624e9881973daec758e29304f0f6fefd5c5debaf62200462545", "9cb370cedb049039b08ef47c226518ff3881bc8309c89b57e25dc042169ab96a", "a1974279f06f9e589582df17a106e0830baa549780f65ece88488acb535d0179", "a3d578e74702ef75d093a8889312c107c4d13dda49e2b5a3691889fbe2974b37", "a828db8a503476cdd03ae7dca2e8d547acc4c6f3af139c5fd45f9948a128da67", "ac1f1fc3b388480bb7bd199a62cbe6f29838116916185161546b049706f284aa", "b0ba093319eb66f3b86b64d5c80468e50eb7b3d7d6367cdb76161f08de3552d6", "b248e571e370c460158a6830cab97b373bb42a0097f1a53c7614eb855cd497bb", "bcf334e20c396eff7811f125e008bce46940ef068f583a9c08d2b4c6ac5f5aff", "c26d692da76ec707a09bb16fddf20918eae1a437771f88ac9f8906fd7733e882", "c72494a079460be53a0ca6abb0d79d0bcf10b7910a10bd98add12f2ced6a0faf", "c7cb474d6a0c30f8e6f8533879a3dfc569aa5a861df16bb0ea0489fc1b627d13", "c86e5f0c113c534daa1fbc91a82dbd31b038b617ebdb1dc0327b4dfda1a6edd8", "cc7ef3e8d36e206de123e91a750ecc565fc7718c691fb477d0d2f1d853d1ad01", "cd9e80f954e35a0d3a4a35d5e7376ef110dd391a3c3e3fbd640141d63c5b4c1c", "dd2ce215057e11030001f03813e116c4b11406d75068681cf0cc41de4aba2667", "dd72a3a6f50c0409c09567e9187c29b252734451b3a5814d1c60a377cdfaf739", "e2e138502ef3e8e83dbbf02d02db73b021e383e592b39f3b658f68446a963da7", "e433832a285407bc019d5b443c891ef1e436758aeb7afaf67d4151d8cd4d4c56", "e5ef5ac327eb750ccf20d193afe786d7504285e10e275207fe96eb6f0720bd1f", "f1d403c1118525c883c851f370e0736bf476f613f87797d3c1098df7a44fe299", "f7b8d63457a0f9193fc2343f3e84600adb9d20a5de738c5f58ea3625c059439b", "fd7389cfc829f7000267d0cb0accfcf4b8c2c73de0607b31899b0aee7356a26b", "ffa09d8400871f639dd233a6e37deb7248de7ecf7c897f836985da057c73d986"], "key": "<HKLM>\\SOFTWARE\\POLICIES\\MICROSOFT\\WINDOWS\\WINDOWSUPDATE\\AU", "value_name": "AUOptions"}, {"hashes": ["00a41c3cdaa424eeb6319db533ba421d00deef10194ec3ed41baaff069abfbc6", "08129aba55d0282cf9bddbbd2b04499e972e321bec4477110a3df8ba5e26731a", "09ab7483ce488bc6cf7be401bf1246cf59cde5bc4ebe81d3aebb43ff2cd85398", "09c60f53c40df2a7318c619692756096a1a4a5c485f14e033aae08dcd653df22", "0ddd516729c268faf26249955752d44054a9b574bb4b7c98a734ec4c35513f7c", "189fb3451b47f12e1fa298faf29a657bcf1451b9eecf8894e390a9b49bf065a7", "1bda936bb3a63072cd7ec02d904d5797e604d892e448ae92745c0b99bcb920ca", "1d1f6ee67baf7713754ef87f61397cbc50201d2163c893fc48ef17fd5490f041", "1dd8c3b05b5324703f758c6ad1ba609de4143170b93c1eefc20c14545bd44b08", "23ee90260a961a345f216fa590850992a50af61aa6a8e8934d23fc4c44529634", "2558cf38481549c9fdd11d2b3fde4b0168c8d7fb7726dd8f588e60e22794ac6b", "3970c7b91720a57f356bc895c164f92e776f8e946ff1b059ea0b210b260c256c", "3badfd1548575cffa198d8be072123c415b9a8ec0f5e88338a9dc0b49259fa1c", "45cfd7b084155ba74c37f46ef6c7932e736ab50979b5a904cd0521c8ef894e28", "4dc866260dab99e966d7c6b6bb95f687349109366aa42bd605bc75d4b9e47719", "54ab28a4fea3aab1315aa73ac2a1b89ce71761878e7c7a8392bf6f95f3d0e775", "66293653ca713a861eb03ca30166d83f848795a08d0f3cbc552753dd06a4f49c", "82d3a9e6afd813acc280c1ed2b49d268528aca6d9b0ccba3933f1c734600dd16", "879914057bce3a36fc6736cfdcf0492b622ed5eeb3a2e930f9cda48d1c6157fd", "8897996ae1cd40ab8ba2edb577e5845a65b3fe0c6efe90f3c27ee920ad591c2c", "9a7075f81112630b9569f5463293a6a96a7d0624d47e5bf786cff0d479ce50dd", "9b86d3eceda1e624e9881973daec758e29304f0f6fefd5c5debaf62200462545", "9cb370cedb049039b08ef47c226518ff3881bc8309c89b57e25dc042169ab96a", "a1974279f06f9e589582df17a106e0830baa549780f65ece88488acb535d0179", "a3d578e74702ef75d093a8889312c107c4d13dda49e2b5a3691889fbe2974b37", "a828db8a503476cdd03ae7dca2e8d547acc4c6f3af139c5fd45f9948a128da67", "ac1f1fc3b388480bb7bd199a62cbe6f29838116916185161546b049706f284aa", "b0ba093319eb66f3b86b64d5c80468e50eb7b3d7d6367cdb76161f08de3552d6", "b248e571e370c460158a6830cab97b373bb42a0097f1a53c7614eb855cd497bb", "bcf334e20c396eff7811f125e008bce46940ef068f583a9c08d2b4c6ac5f5aff", "c26d692da76ec707a09bb16fddf20918eae1a437771f88ac9f8906fd7733e882", "c72494a079460be53a0ca6abb0d79d0bcf10b7910a10bd98add12f2ced6a0faf", "c7cb474d6a0c30f8e6f8533879a3dfc569aa5a861df16bb0ea0489fc1b627d13", "c86e5f0c113c534daa1fbc91a82dbd31b038b617ebdb1dc0327b4dfda1a6edd8", "cc7ef3e8d36e206de123e91a750ecc565fc7718c691fb477d0d2f1d853d1ad01", "cd9e80f954e35a0d3a4a35d5e7376ef110dd391a3c3e3fbd640141d63c5b4c1c", "dd2ce215057e11030001f03813e116c4b11406d75068681cf0cc41de4aba2667", "dd72a3a6f50c0409c09567e9187c29b252734451b3a5814d1c60a377cdfaf739", "e2e138502ef3e8e83dbbf02d02db73b021e383e592b39f3b658f68446a963da7", "e433832a285407bc019d5b443c891ef1e436758aeb7afaf67d4151d8cd4d4c56", "e5ef5ac327eb750ccf20d193afe786d7504285e10e275207fe96eb6f0720bd1f", "f1d403c1118525c883c851f370e0736bf476f613f87797d3c1098df7a44fe299", "f7b8d63457a0f9193fc2343f3e84600adb9d20a5de738c5f58ea3625c059439b", "fd7389cfc829f7000267d0cb0accfcf4b8c2c73de0607b31899b0aee7356a26b", "ffa09d8400871f639dd233a6e37deb7248de7ecf7c897f836985da057c73d986"], "key": "<HKLM>\\SOFTWARE\\POLICIES\\MICROSOFT\\WINDOWS\\WINDOWSUPDATE\\AU", "value_name": "AutoInstallMinorUpdates"}, {"hashes": ["00a41c3cdaa424eeb6319db533ba421d00deef10194ec3ed41baaff069abfbc6", "08129aba55d0282cf9bddbbd2b04499e972e321bec4477110a3df8ba5e26731a", "09ab7483ce488bc6cf7be401bf1246cf59cde5bc4ebe81d3aebb43ff2cd85398", "09c60f53c40df2a7318c619692756096a1a4a5c485f14e033aae08dcd653df22", "0ddd516729c268faf26249955752d44054a9b574bb4b7c98a734ec4c35513f7c", "189fb3451b47f12e1fa298faf29a657bcf1451b9eecf8894e390a9b49bf065a7", "1bda936bb3a63072cd7ec02d904d5797e604d892e448ae92745c0b99bcb920ca", "1d1f6ee67baf7713754ef87f61397cbc50201d2163c893fc48ef17fd5490f041", "1dd8c3b05b5324703f758c6ad1ba609de4143170b93c1eefc20c14545bd44b08", "23ee90260a961a345f216fa590850992a50af61aa6a8e8934d23fc4c44529634", "2558cf38481549c9fdd11d2b3fde4b0168c8d7fb7726dd8f588e60e22794ac6b", "3970c7b91720a57f356bc895c164f92e776f8e946ff1b059ea0b210b260c256c", "3badfd1548575cffa198d8be072123c415b9a8ec0f5e88338a9dc0b49259fa1c", "45cfd7b084155ba74c37f46ef6c7932e736ab50979b5a904cd0521c8ef894e28", "4dc866260dab99e966d7c6b6bb95f687349109366aa42bd605bc75d4b9e47719", "54ab28a4fea3aab1315aa73ac2a1b89ce71761878e7c7a8392bf6f95f3d0e775", "66293653ca713a861eb03ca30166d83f848795a08d0f3cbc552753dd06a4f49c", "82d3a9e6afd813acc280c1ed2b49d268528aca6d9b0ccba3933f1c734600dd16", "879914057bce3a36fc6736cfdcf0492b622ed5eeb3a2e930f9cda48d1c6157fd", "8897996ae1cd40ab8ba2edb577e5845a65b3fe0c6efe90f3c27ee920ad591c2c", "9a7075f81112630b9569f5463293a6a96a7d0624d47e5bf786cff0d479ce50dd", "9b86d3eceda1e624e9881973daec758e29304f0f6fefd5c5debaf62200462545", "9cb370cedb049039b08ef47c226518ff3881bc8309c89b57e25dc042169ab96a", "a1974279f06f9e589582df17a106e0830baa549780f65ece88488acb535d0179", "a3d578e74702ef75d093a8889312c107c4d13dda49e2b5a3691889fbe2974b37", "a828db8a503476cdd03ae7dca2e8d547acc4c6f3af139c5fd45f9948a128da67", "ac1f1fc3b388480bb7bd199a62cbe6f29838116916185161546b049706f284aa", "b0ba093319eb66f3b86b64d5c80468e50eb7b3d7d6367cdb76161f08de3552d6", "b248e571e370c460158a6830cab97b373bb42a0097f1a53c7614eb855cd497bb", "bcf334e20c396eff7811f125e008bce46940ef068f583a9c08d2b4c6ac5f5aff", "c26d692da76ec707a09bb16fddf20918eae1a437771f88ac9f8906fd7733e882", "c72494a079460be53a0ca6abb0d79d0bcf10b7910a10bd98add12f2ced6a0faf", "c7cb474d6a0c30f8e6f8533879a3dfc569aa5a861df16bb0ea0489fc1b627d13", "c86e5f0c113c534daa1fbc91a82dbd31b038b617ebdb1dc0327b4dfda1a6edd8", "cc7ef3e8d36e206de123e91a750ecc565fc7718c691fb477d0d2f1d853d1ad01", "cd9e80f954e35a0d3a4a35d5e7376ef110dd391a3c3e3fbd640141d63c5b4c1c", "dd2ce215057e11030001f03813e116c4b11406d75068681cf0cc41de4aba2667", "dd72a3a6f50c0409c09567e9187c29b252734451b3a5814d1c60a377cdfaf739", "e2e138502ef3e8e83dbbf02d02db73b021e383e592b39f3b658f68446a963da7", "e433832a285407bc019d5b443c891ef1e436758aeb7afaf67d4151d8cd4d4c56", "e5ef5ac327eb750ccf20d193afe786d7504285e10e275207fe96eb6f0720bd1f", "f1d403c1118525c883c851f370e0736bf476f613f87797d3c1098df7a44fe299", "f7b8d63457a0f9193fc2343f3e84600adb9d20a5de738c5f58ea3625c059439b", "fd7389cfc829f7000267d0cb0accfcf4b8c2c73de0607b31899b0aee7356a26b", "ffa09d8400871f639dd233a6e37deb7248de7ecf7c897f836985da057c73d986"], "key": "<HKLM>\\SOFTWARE\\POLICIES\\MICROSOFT\\WINDOWS DEFENDER SECURITY CENTER\\NOTIFICATIONS", "value_name": null}, {"hashes": ["00a41c3cdaa424eeb6319db533ba421d00deef10194ec3ed41baaff069abfbc6", "08129aba55d0282cf9bddbbd2b04499e972e321bec4477110a3df8ba5e26731a", "09ab7483ce488bc6cf7be401bf1246cf59cde5bc4ebe81d3aebb43ff2cd85398", "09c60f53c40df2a7318c619692756096a1a4a5c485f14e033aae08dcd653df22", "0ddd516729c268faf26249955752d44054a9b574bb4b7c98a734ec4c35513f7c", "189fb3451b47f12e1fa298faf29a657bcf1451b9eecf8894e390a9b49bf065a7", "1bda936bb3a63072cd7ec02d904d5797e604d892e448ae92745c0b99bcb920ca", "1d1f6ee67baf7713754ef87f61397cbc50201d2163c893fc48ef17fd5490f041", "1dd8c3b05b5324703f758c6ad1ba609de4143170b93c1eefc20c14545bd44b08", "23ee90260a961a345f216fa590850992a50af61aa6a8e8934d23fc4c44529634", "2558cf38481549c9fdd11d2b3fde4b0168c8d7fb7726dd8f588e60e22794ac6b", "3970c7b91720a57f356bc895c164f92e776f8e946ff1b059ea0b210b260c256c", "3badfd1548575cffa198d8be072123c415b9a8ec0f5e88338a9dc0b49259fa1c", "45cfd7b084155ba74c37f46ef6c7932e736ab50979b5a904cd0521c8ef894e28", "4dc866260dab99e966d7c6b6bb95f687349109366aa42bd605bc75d4b9e47719", "54ab28a4fea3aab1315aa73ac2a1b89ce71761878e7c7a8392bf6f95f3d0e775", "66293653ca713a861eb03ca30166d83f848795a08d0f3cbc552753dd06a4f49c", "82d3a9e6afd813acc280c1ed2b49d268528aca6d9b0ccba3933f1c734600dd16", "879914057bce3a36fc6736cfdcf0492b622ed5eeb3a2e930f9cda48d1c6157fd", "8897996ae1cd40ab8ba2edb577e5845a65b3fe0c6efe90f3c27ee920ad591c2c", "9a7075f81112630b9569f5463293a6a96a7d0624d47e5bf786cff0d479ce50dd", "9b86d3eceda1e624e9881973daec758e29304f0f6fefd5c5debaf62200462545", "9cb370cedb049039b08ef47c226518ff3881bc8309c89b57e25dc042169ab96a", "a1974279f06f9e589582df17a106e0830baa549780f65ece88488acb535d0179", "a3d578e74702ef75d093a8889312c107c4d13dda49e2b5a3691889fbe2974b37", "a828db8a503476cdd03ae7dca2e8d547acc4c6f3af139c5fd45f9948a128da67", "ac1f1fc3b388480bb7bd199a62cbe6f29838116916185161546b049706f284aa", "b0ba093319eb66f3b86b64d5c80468e50eb7b3d7d6367cdb76161f08de3552d6", "b248e571e370c460158a6830cab97b373bb42a0097f1a53c7614eb855cd497bb", "bcf334e20c396eff7811f125e008bce46940ef068f583a9c08d2b4c6ac5f5aff", "c26d692da76ec707a09bb16fddf20918eae1a437771f88ac9f8906fd7733e882", "c72494a079460be53a0ca6abb0d79d0bcf10b7910a10bd98add12f2ced6a0faf", "c7cb474d6a0c30f8e6f8533879a3dfc569aa5a861df16bb0ea0489fc1b627d13", "c86e5f0c113c534daa1fbc91a82dbd31b038b617ebdb1dc0327b4dfda1a6edd8", "cc7ef3e8d36e206de123e91a750ecc565fc7718c691fb477d0d2f1d853d1ad01", "cd9e80f954e35a0d3a4a35d5e7376ef110dd391a3c3e3fbd640141d63c5b4c1c", "dd2ce215057e11030001f03813e116c4b11406d75068681cf0cc41de4aba2667", "dd72a3a6f50c0409c09567e9187c29b252734451b3a5814d1c60a377cdfaf739", "e2e138502ef3e8e83dbbf02d02db73b021e383e592b39f3b658f68446a963da7", "e433832a285407bc019d5b443c891ef1e436758aeb7afaf67d4151d8cd4d4c56", "e5ef5ac327eb750ccf20d193afe786d7504285e10e275207fe96eb6f0720bd1f", "f1d403c1118525c883c851f370e0736bf476f613f87797d3c1098df7a44fe299", "f7b8d63457a0f9193fc2343f3e84600adb9d20a5de738c5f58ea3625c059439b", "fd7389cfc829f7000267d0cb0accfcf4b8c2c73de0607b31899b0aee7356a26b", "ffa09d8400871f639dd233a6e37deb7248de7ecf7c897f836985da057c73d986"], "key": "<HKLM>\\SOFTWARE\\POLICIES\\MICROSOFT\\WINDOWS DEFENDER SECURITY CENTER\\NOTIFICATIONS", "value_name": "DisableNotifications"}, {"hashes": ["00a41c3cdaa424eeb6319db533ba421d00deef10194ec3ed41baaff069abfbc6", "08129aba55d0282cf9bddbbd2b04499e972e321bec4477110a3df8ba5e26731a", "09ab7483ce488bc6cf7be401bf1246cf59cde5bc4ebe81d3aebb43ff2cd85398", "09c60f53c40df2a7318c619692756096a1a4a5c485f14e033aae08dcd653df22", "0ddd516729c268faf26249955752d44054a9b574bb4b7c98a734ec4c35513f7c", "189fb3451b47f12e1fa298faf29a657bcf1451b9eecf8894e390a9b49bf065a7", "1bda936bb3a63072cd7ec02d904d5797e604d892e448ae92745c0b99bcb920ca", "1d1f6ee67baf7713754ef87f61397cbc50201d2163c893fc48ef17fd5490f041", "1dd8c3b05b5324703f758c6ad1ba609de4143170b93c1eefc20c14545bd44b08", "23ee90260a961a345f216fa590850992a50af61aa6a8e8934d23fc4c44529634", "2558cf38481549c9fdd11d2b3fde4b0168c8d7fb7726dd8f588e60e22794ac6b", "3970c7b91720a57f356bc895c164f92e776f8e946ff1b059ea0b210b260c256c", "3badfd1548575cffa198d8be072123c415b9a8ec0f5e88338a9dc0b49259fa1c", "45cfd7b084155ba74c37f46ef6c7932e736ab50979b5a904cd0521c8ef894e28", "4dc866260dab99e966d7c6b6bb95f687349109366aa42bd605bc75d4b9e47719", "54ab28a4fea3aab1315aa73ac2a1b89ce71761878e7c7a8392bf6f95f3d0e775", "66293653ca713a861eb03ca30166d83f848795a08d0f3cbc552753dd06a4f49c", "82d3a9e6afd813acc280c1ed2b49d268528aca6d9b0ccba3933f1c734600dd16", "879914057bce3a36fc6736cfdcf0492b622ed5eeb3a2e930f9cda48d1c6157fd", "8897996ae1cd40ab8ba2edb577e5845a65b3fe0c6efe90f3c27ee920ad591c2c", "9a7075f81112630b9569f5463293a6a96a7d0624d47e5bf786cff0d479ce50dd", "9b86d3eceda1e624e9881973daec758e29304f0f6fefd5c5debaf62200462545", "9cb370cedb049039b08ef47c226518ff3881bc8309c89b57e25dc042169ab96a", "a1974279f06f9e589582df17a106e0830baa549780f65ece88488acb535d0179", "a3d578e74702ef75d093a8889312c107c4d13dda49e2b5a3691889fbe2974b37", "a828db8a503476cdd03ae7dca2e8d547acc4c6f3af139c5fd45f9948a128da67", "ac1f1fc3b388480bb7bd199a62cbe6f29838116916185161546b049706f284aa", "b0ba093319eb66f3b86b64d5c80468e50eb7b3d7d6367cdb76161f08de3552d6", "b248e571e370c460158a6830cab97b373bb42a0097f1a53c7614eb855cd497bb", "bcf334e20c396eff7811f125e008bce46940ef068f583a9c08d2b4c6ac5f5aff", "c26d692da76ec707a09bb16fddf20918eae1a437771f88ac9f8906fd7733e882", "c72494a079460be53a0ca6abb0d79d0bcf10b7910a10bd98add12f2ced6a0faf", "c7cb474d6a0c30f8e6f8533879a3dfc569aa5a861df16bb0ea0489fc1b627d13", "c86e5f0c113c534daa1fbc91a82dbd31b038b617ebdb1dc0327b4dfda1a6edd8", "cc7ef3e8d36e206de123e91a750ecc565fc7718c691fb477d0d2f1d853d1ad01", "cd9e80f954e35a0d3a4a35d5e7376ef110dd391a3c3e3fbd640141d63c5b4c1c", "dd2ce215057e11030001f03813e116c4b11406d75068681cf0cc41de4aba2667", "dd72a3a6f50c0409c09567e9187c29b252734451b3a5814d1c60a377cdfaf739", "e2e138502ef3e8e83dbbf02d02db73b021e383e592b39f3b658f68446a963da7", "e433832a285407bc019d5b443c891ef1e436758aeb7afaf67d4151d8cd4d4c56", "e5ef5ac327eb750ccf20d193afe786d7504285e10e275207fe96eb6f0720bd1f", "f1d403c1118525c883c851f370e0736bf476f613f87797d3c1098df7a44fe299", "f7b8d63457a0f9193fc2343f3e84600adb9d20a5de738c5f58ea3625c059439b", "fd7389cfc829f7000267d0cb0accfcf4b8c2c73de0607b31899b0aee7356a26b", "ffa09d8400871f639dd233a6e37deb7248de7ecf7c897f836985da057c73d986"], "key": "<HKLM>\\SOFTWARE\\POLICIES\\MICROSOFT\\WINDOWS\\WINDOWSUPDATE\\AU", "value_name": "UseWUServer"}, {"hashes": ["00a41c3cdaa424eeb6319db533ba421d00deef10194ec3ed41baaff069abfbc6", "08129aba55d0282cf9bddbbd2b04499e972e321bec4477110a3df8ba5e26731a", "09ab7483ce488bc6cf7be401bf1246cf59cde5bc4ebe81d3aebb43ff2cd85398", "09c60f53c40df2a7318c619692756096a1a4a5c485f14e033aae08dcd653df22", "0ddd516729c268faf26249955752d44054a9b574bb4b7c98a734ec4c35513f7c", "189fb3451b47f12e1fa298faf29a657bcf1451b9eecf8894e390a9b49bf065a7", "1bda936bb3a63072cd7ec02d904d5797e604d892e448ae92745c0b99bcb920ca", "1d1f6ee67baf7713754ef87f61397cbc50201d2163c893fc48ef17fd5490f041", "1dd8c3b05b5324703f758c6ad1ba609de4143170b93c1eefc20c14545bd44b08", "23ee90260a961a345f216fa590850992a50af61aa6a8e8934d23fc4c44529634", "2558cf38481549c9fdd11d2b3fde4b0168c8d7fb7726dd8f588e60e22794ac6b", "3970c7b91720a57f356bc895c164f92e776f8e946ff1b059ea0b210b260c256c", "3badfd1548575cffa198d8be072123c415b9a8ec0f5e88338a9dc0b49259fa1c", "45cfd7b084155ba74c37f46ef6c7932e736ab50979b5a904cd0521c8ef894e28", "4dc866260dab99e966d7c6b6bb95f687349109366aa42bd605bc75d4b9e47719", "54ab28a4fea3aab1315aa73ac2a1b89ce71761878e7c7a8392bf6f95f3d0e775", "66293653ca713a861eb03ca30166d83f848795a08d0f3cbc552753dd06a4f49c", "82d3a9e6afd813acc280c1ed2b49d268528aca6d9b0ccba3933f1c734600dd16", "879914057bce3a36fc6736cfdcf0492b622ed5eeb3a2e930f9cda48d1c6157fd", "8897996ae1cd40ab8ba2edb577e5845a65b3fe0c6efe90f3c27ee920ad591c2c", "9a7075f81112630b9569f5463293a6a96a7d0624d47e5bf786cff0d479ce50dd", "9b86d3eceda1e624e9881973daec758e29304f0f6fefd5c5debaf62200462545", "9cb370cedb049039b08ef47c226518ff3881bc8309c89b57e25dc042169ab96a", "a1974279f06f9e589582df17a106e0830baa549780f65ece88488acb535d0179", "a3d578e74702ef75d093a8889312c107c4d13dda49e2b5a3691889fbe2974b37", "a828db8a503476cdd03ae7dca2e8d547acc4c6f3af139c5fd45f9948a128da67", "ac1f1fc3b388480bb7bd199a62cbe6f29838116916185161546b049706f284aa", "b0ba093319eb66f3b86b64d5c80468e50eb7b3d7d6367cdb76161f08de3552d6", "b248e571e370c460158a6830cab97b373bb42a0097f1a53c7614eb855cd497bb", "bcf334e20c396eff7811f125e008bce46940ef068f583a9c08d2b4c6ac5f5aff", "c26d692da76ec707a09bb16fddf20918eae1a437771f88ac9f8906fd7733e882", "c72494a079460be53a0ca6abb0d79d0bcf10b7910a10bd98add12f2ced6a0faf", "c7cb474d6a0c30f8e6f8533879a3dfc569aa5a861df16bb0ea0489fc1b627d13", "c86e5f0c113c534daa1fbc91a82dbd31b038b617ebdb1dc0327b4dfda1a6edd8", "cc7ef3e8d36e206de123e91a750ecc565fc7718c691fb477d0d2f1d853d1ad01", "cd9e80f954e35a0d3a4a35d5e7376ef110dd391a3c3e3fbd640141d63c5b4c1c", "dd2ce215057e11030001f03813e116c4b11406d75068681cf0cc41de4aba2667", "dd72a3a6f50c0409c09567e9187c29b252734451b3a5814d1c60a377cdfaf739", "e2e138502ef3e8e83dbbf02d02db73b021e383e592b39f3b658f68446a963da7", "e433832a285407bc019d5b443c891ef1e436758aeb7afaf67d4151d8cd4d4c56", "e5ef5ac327eb750ccf20d193afe786d7504285e10e275207fe96eb6f0720bd1f", "f1d403c1118525c883c851f370e0736bf476f613f87797d3c1098df7a44fe299", "f7b8d63457a0f9193fc2343f3e84600adb9d20a5de738c5f58ea3625c059439b", "fd7389cfc829f7000267d0cb0accfcf4b8c2c73de0607b31899b0aee7356a26b", "ffa09d8400871f639dd233a6e37deb7248de7ecf7c897f836985da057c73d986"], "key": "<HKLM>\\SOFTWARE\\POLICIES\\MICROSOFT\\WINDOWS\\WINDOWSUPDATE", "value_name": "DoNotConnectToWindowsUpdateInternetLocations"}, {"hashes": ["00a41c3cdaa424eeb6319db533ba421d00deef10194ec3ed41baaff069abfbc6", "08129aba55d0282cf9bddbbd2b04499e972e321bec4477110a3df8ba5e26731a", "09ab7483ce488bc6cf7be401bf1246cf59cde5bc4ebe81d3aebb43ff2cd85398", "09c60f53c40df2a7318c619692756096a1a4a5c485f14e033aae08dcd653df22", "0ddd516729c268faf26249955752d44054a9b574bb4b7c98a734ec4c35513f7c", "189fb3451b47f12e1fa298faf29a657bcf1451b9eecf8894e390a9b49bf065a7", "1bda936bb3a63072cd7ec02d904d5797e604d892e448ae92745c0b99bcb920ca", "1d1f6ee67baf7713754ef87f61397cbc50201d2163c893fc48ef17fd5490f041", "1dd8c3b05b5324703f758c6ad1ba609de4143170b93c1eefc20c14545bd44b08", "23ee90260a961a345f216fa590850992a50af61aa6a8e8934d23fc4c44529634", "2558cf38481549c9fdd11d2b3fde4b0168c8d7fb7726dd8f588e60e22794ac6b", "3970c7b91720a57f356bc895c164f92e776f8e946ff1b059ea0b210b260c256c", "3badfd1548575cffa198d8be072123c415b9a8ec0f5e88338a9dc0b49259fa1c", "45cfd7b084155ba74c37f46ef6c7932e736ab50979b5a904cd0521c8ef894e28", "4dc866260dab99e966d7c6b6bb95f687349109366aa42bd605bc75d4b9e47719", "54ab28a4fea3aab1315aa73ac2a1b89ce71761878e7c7a8392bf6f95f3d0e775", "66293653ca713a861eb03ca30166d83f848795a08d0f3cbc552753dd06a4f49c", "82d3a9e6afd813acc280c1ed2b49d268528aca6d9b0ccba3933f1c734600dd16", "879914057bce3a36fc6736cfdcf0492b622ed5eeb3a2e930f9cda48d1c6157fd", "8897996ae1cd40ab8ba2edb577e5845a65b3fe0c6efe90f3c27ee920ad591c2c", "9a7075f81112630b9569f5463293a6a96a7d0624d47e5bf786cff0d479ce50dd", "9b86d3eceda1e624e9881973daec758e29304f0f6fefd5c5debaf62200462545", "9cb370cedb049039b08ef47c226518ff3881bc8309c89b57e25dc042169ab96a", "a1974279f06f9e589582df17a106e0830baa549780f65ece88488acb535d0179", "a3d578e74702ef75d093a8889312c107c4d13dda49e2b5a3691889fbe2974b37", "a828db8a503476cdd03ae7dca2e8d547acc4c6f3af139c5fd45f9948a128da67", "ac1f1fc3b388480bb7bd199a62cbe6f29838116916185161546b049706f284aa", "b0ba093319eb66f3b86b64d5c80468e50eb7b3d7d6367cdb76161f08de3552d6", "b248e571e370c460158a6830cab97b373bb42a0097f1a53c7614eb855cd497bb", "bcf334e20c396eff7811f125e008bce46940ef068f583a9c08d2b4c6ac5f5aff", "c26d692da76ec707a09bb16fddf20918eae1a437771f88ac9f8906fd7733e882", "c72494a079460be53a0ca6abb0d79d0bcf10b7910a10bd98add12f2ced6a0faf", "c7cb474d6a0c30f8e6f8533879a3dfc569aa5a861df16bb0ea0489fc1b627d13", "c86e5f0c113c534daa1fbc91a82dbd31b038b617ebdb1dc0327b4dfda1a6edd8", "cc7ef3e8d36e206de123e91a750ecc565fc7718c691fb477d0d2f1d853d1ad01", "cd9e80f954e35a0d3a4a35d5e7376ef110dd391a3c3e3fbd640141d63c5b4c1c", "dd2ce215057e11030001f03813e116c4b11406d75068681cf0cc41de4aba2667", "dd72a3a6f50c0409c09567e9187c29b252734451b3a5814d1c60a377cdfaf739", "e2e138502ef3e8e83dbbf02d02db73b021e383e592b39f3b658f68446a963da7", "e433832a285407bc019d5b443c891ef1e436758aeb7afaf67d4151d8cd4d4c56", "e5ef5ac327eb750ccf20d193afe786d7504285e10e275207fe96eb6f0720bd1f", "f1d403c1118525c883c851f370e0736bf476f613f87797d3c1098df7a44fe299", "f7b8d63457a0f9193fc2343f3e84600adb9d20a5de738c5f58ea3625c059439b", "fd7389cfc829f7000267d0cb0accfcf4b8c2c73de0607b31899b0aee7356a26b", "ffa09d8400871f639dd233a6e37deb7248de7ecf7c897f836985da057c73d986"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS DEFENDER\\FEATURES", "value_name": null}, {"hashes": ["00a41c3cdaa424eeb6319db533ba421d00deef10194ec3ed41baaff069abfbc6", "08129aba55d0282cf9bddbbd2b04499e972e321bec4477110a3df8ba5e26731a", "09ab7483ce488bc6cf7be401bf1246cf59cde5bc4ebe81d3aebb43ff2cd85398", "09c60f53c40df2a7318c619692756096a1a4a5c485f14e033aae08dcd653df22", "0ddd516729c268faf26249955752d44054a9b574bb4b7c98a734ec4c35513f7c", "189fb3451b47f12e1fa298faf29a657bcf1451b9eecf8894e390a9b49bf065a7", "1bda936bb3a63072cd7ec02d904d5797e604d892e448ae92745c0b99bcb920ca", "1d1f6ee67baf7713754ef87f61397cbc50201d2163c893fc48ef17fd5490f041", "1dd8c3b05b5324703f758c6ad1ba609de4143170b93c1eefc20c14545bd44b08", "23ee90260a961a345f216fa590850992a50af61aa6a8e8934d23fc4c44529634", "2558cf38481549c9fdd11d2b3fde4b0168c8d7fb7726dd8f588e60e22794ac6b", "3970c7b91720a57f356bc895c164f92e776f8e946ff1b059ea0b210b260c256c", "3badfd1548575cffa198d8be072123c415b9a8ec0f5e88338a9dc0b49259fa1c", "45cfd7b084155ba74c37f46ef6c7932e736ab50979b5a904cd0521c8ef894e28", "4dc866260dab99e966d7c6b6bb95f687349109366aa42bd605bc75d4b9e47719", "54ab28a4fea3aab1315aa73ac2a1b89ce71761878e7c7a8392bf6f95f3d0e775", "66293653ca713a861eb03ca30166d83f848795a08d0f3cbc552753dd06a4f49c", "82d3a9e6afd813acc280c1ed2b49d268528aca6d9b0ccba3933f1c734600dd16", "879914057bce3a36fc6736cfdcf0492b622ed5eeb3a2e930f9cda48d1c6157fd", "8897996ae1cd40ab8ba2edb577e5845a65b3fe0c6efe90f3c27ee920ad591c2c", "9a7075f81112630b9569f5463293a6a96a7d0624d47e5bf786cff0d479ce50dd", "9b86d3eceda1e624e9881973daec758e29304f0f6fefd5c5debaf62200462545", "9cb370cedb049039b08ef47c226518ff3881bc8309c89b57e25dc042169ab96a", "a1974279f06f9e589582df17a106e0830baa549780f65ece88488acb535d0179", "a3d578e74702ef75d093a8889312c107c4d13dda49e2b5a3691889fbe2974b37", "a828db8a503476cdd03ae7dca2e8d547acc4c6f3af139c5fd45f9948a128da67", "ac1f1fc3b388480bb7bd199a62cbe6f29838116916185161546b049706f284aa", "b0ba093319eb66f3b86b64d5c80468e50eb7b3d7d6367cdb76161f08de3552d6", "b248e571e370c460158a6830cab97b373bb42a0097f1a53c7614eb855cd497bb", "bcf334e20c396eff7811f125e008bce46940ef068f583a9c08d2b4c6ac5f5aff", "c26d692da76ec707a09bb16fddf20918eae1a437771f88ac9f8906fd7733e882", "c72494a079460be53a0ca6abb0d79d0bcf10b7910a10bd98add12f2ced6a0faf", "c7cb474d6a0c30f8e6f8533879a3dfc569aa5a861df16bb0ea0489fc1b627d13", "c86e5f0c113c534daa1fbc91a82dbd31b038b617ebdb1dc0327b4dfda1a6edd8", "cc7ef3e8d36e206de123e91a750ecc565fc7718c691fb477d0d2f1d853d1ad01", "cd9e80f954e35a0d3a4a35d5e7376ef110dd391a3c3e3fbd640141d63c5b4c1c", "dd2ce215057e11030001f03813e116c4b11406d75068681cf0cc41de4aba2667", "dd72a3a6f50c0409c09567e9187c29b252734451b3a5814d1c60a377cdfaf739", "e2e138502ef3e8e83dbbf02d02db73b021e383e592b39f3b658f68446a963da7", "e433832a285407bc019d5b443c891ef1e436758aeb7afaf67d4151d8cd4d4c56", "e5ef5ac327eb750ccf20d193afe786d7504285e10e275207fe96eb6f0720bd1f", "f1d403c1118525c883c851f370e0736bf476f613f87797d3c1098df7a44fe299", "f7b8d63457a0f9193fc2343f3e84600adb9d20a5de738c5f58ea3625c059439b", "fd7389cfc829f7000267d0cb0accfcf4b8c2c73de0607b31899b0aee7356a26b", "ffa09d8400871f639dd233a6e37deb7248de7ecf7c897f836985da057c73d986"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS DEFENDER\\FEATURES", "value_name": "TamperProtection"}, {"hashes": ["00a41c3cdaa424eeb6319db533ba421d00deef10194ec3ed41baaff069abfbc6", "08129aba55d0282cf9bddbbd2b04499e972e321bec4477110a3df8ba5e26731a", "09ab7483ce488bc6cf7be401bf1246cf59cde5bc4ebe81d3aebb43ff2cd85398", "09c60f53c40df2a7318c619692756096a1a4a5c485f14e033aae08dcd653df22", "0ddd516729c268faf26249955752d44054a9b574bb4b7c98a734ec4c35513f7c", "189fb3451b47f12e1fa298faf29a657bcf1451b9eecf8894e390a9b49bf065a7", "1bda936bb3a63072cd7ec02d904d5797e604d892e448ae92745c0b99bcb920ca", "1d1f6ee67baf7713754ef87f61397cbc50201d2163c893fc48ef17fd5490f041", "1dd8c3b05b5324703f758c6ad1ba609de4143170b93c1eefc20c14545bd44b08", "23ee90260a961a345f216fa590850992a50af61aa6a8e8934d23fc4c44529634", "2558cf38481549c9fdd11d2b3fde4b0168c8d7fb7726dd8f588e60e22794ac6b", "3970c7b91720a57f356bc895c164f92e776f8e946ff1b059ea0b210b260c256c", "3badfd1548575cffa198d8be072123c415b9a8ec0f5e88338a9dc0b49259fa1c", "45cfd7b084155ba74c37f46ef6c7932e736ab50979b5a904cd0521c8ef894e28", "4dc866260dab99e966d7c6b6bb95f687349109366aa42bd605bc75d4b9e47719", "54ab28a4fea3aab1315aa73ac2a1b89ce71761878e7c7a8392bf6f95f3d0e775", "66293653ca713a861eb03ca30166d83f848795a08d0f3cbc552753dd06a4f49c", "82d3a9e6afd813acc280c1ed2b49d268528aca6d9b0ccba3933f1c734600dd16", "879914057bce3a36fc6736cfdcf0492b622ed5eeb3a2e930f9cda48d1c6157fd", "8897996ae1cd40ab8ba2edb577e5845a65b3fe0c6efe90f3c27ee920ad591c2c", "9a7075f81112630b9569f5463293a6a96a7d0624d47e5bf786cff0d479ce50dd", "9b86d3eceda1e624e9881973daec758e29304f0f6fefd5c5debaf62200462545", "9cb370cedb049039b08ef47c226518ff3881bc8309c89b57e25dc042169ab96a", "a1974279f06f9e589582df17a106e0830baa549780f65ece88488acb535d0179", "a3d578e74702ef75d093a8889312c107c4d13dda49e2b5a3691889fbe2974b37", "a828db8a503476cdd03ae7dca2e8d547acc4c6f3af139c5fd45f9948a128da67", "ac1f1fc3b388480bb7bd199a62cbe6f29838116916185161546b049706f284aa", "b0ba093319eb66f3b86b64d5c80468e50eb7b3d7d6367cdb76161f08de3552d6", "b248e571e370c460158a6830cab97b373bb42a0097f1a53c7614eb855cd497bb", "bcf334e20c396eff7811f125e008bce46940ef068f583a9c08d2b4c6ac5f5aff", "c26d692da76ec707a09bb16fddf20918eae1a437771f88ac9f8906fd7733e882", "c72494a079460be53a0ca6abb0d79d0bcf10b7910a10bd98add12f2ced6a0faf", "c7cb474d6a0c30f8e6f8533879a3dfc569aa5a861df16bb0ea0489fc1b627d13", "c86e5f0c113c534daa1fbc91a82dbd31b038b617ebdb1dc0327b4dfda1a6edd8", "cc7ef3e8d36e206de123e91a750ecc565fc7718c691fb477d0d2f1d853d1ad01", "cd9e80f954e35a0d3a4a35d5e7376ef110dd391a3c3e3fbd640141d63c5b4c1c", "dd2ce215057e11030001f03813e116c4b11406d75068681cf0cc41de4aba2667", "dd72a3a6f50c0409c09567e9187c29b252734451b3a5814d1c60a377cdfaf739", "e2e138502ef3e8e83dbbf02d02db73b021e383e592b39f3b658f68446a963da7", "e433832a285407bc019d5b443c891ef1e436758aeb7afaf67d4151d8cd4d4c56", "e5ef5ac327eb750ccf20d193afe786d7504285e10e275207fe96eb6f0720bd1f", "f1d403c1118525c883c851f370e0736bf476f613f87797d3c1098df7a44fe299", "f7b8d63457a0f9193fc2343f3e84600adb9d20a5de738c5f58ea3625c059439b", "fd7389cfc829f7000267d0cb0accfcf4b8c2c73de0607b31899b0aee7356a26b", "ffa09d8400871f639dd233a6e37deb7248de7ecf7c897f836985da057c73d986"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\EXPLORER\\USER SHELL FOLDERS", "value_name": "Startup"}, {"hashes": ["a828db8a503476cdd03ae7dca2e8d547acc4c6f3af139c5fd45f9948a128da67"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "foto0162.exe"}, {"hashes": ["a3d578e74702ef75d093a8889312c107c4d13dda49e2b5a3691889fbe2974b37"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\SCHEDULE\\TASKCACHE\\\\{C72B2E0E-B5F8-4B19-AB9A-B828C968A522}", "value_name": "Path"}, {"hashes": ["a3d578e74702ef75d093a8889312c107c4d13dda49e2b5a3691889fbe2974b37"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\SCHEDULE\\TASKCACHE\\\\{C72B2E0E-B5F8-4B19-AB9A-B828C968A522}", "value_name": "Hash"}, {"hashes": ["a3d578e74702ef75d093a8889312c107c4d13dda49e2b5a3691889fbe2974b37"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\SCHEDULE\\TASKCACHE\\\\{C72B2E0E-B5F8-4B19-AB9A-B828C968A522}", "value_name": "Triggers"}, {"hashes": ["a3d578e74702ef75d093a8889312c107c4d13dda49e2b5a3691889fbe2974b37"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\SCHEDULE\\TASKCACHE\\\\{C72B2E0E-B5F8-4B19-AB9A-B828C968A522}", "value_name": "DynamicInfo"}]}, "reports_count": 46}, "Win.Dropper.Tofsee-9993367-0": {"bis": [{"bi": "pe-encrypted-section", "hashes": ["939036c35d85644dbca5216eb2e1bfb7fa67811046f8255482bc6cda2682c26c", "f66edfe9c475fe0522cd87c7738e3f86692ea37f0e1083e2cd0d7d8212c5d036", "cbb4f76caa2e58533c0cd7ada651ccb8c8069879bfe4d04d6b8a0c658ca13397", "a94d813c9217947da23706f2e400b89cc31fe6973cd3539ff1559b74f9eda100", "840b2b2bd08ec79d19b5504debdbad612518346599444e676e23789a8455047d", "4228742b043c47e0780ba276d9a8723ed7a510f22d201648122df1cd25802468", "979819e0c50c5f49306c4cfd771039671c095f22d921ef836275392efd0c3611", "337d917fe321f1e54f3927061475587a278314b7c8266955430bb4b8876cdf4a", "83831a5b5db3553e3a122b266d889349a3380414c27e322266e9d93926831180", "198fcd646496fa679b3ee7127d0dbae4eb42776f3789562afb8c4afff0caec72", "6fd8c636c94dc1380aef341cde76a40a02ee7e18161daee955c45c5004d88fb3", "5a66c05a5d48e8c178f9e656ba1cc6e124e552af6d947af29e3afcb435dd31ce", "2849b4a5145d840a746643b01050e13c0bc35151413da47d5b174a00c64b1c73", "6c737394b6f8c4fe504730f4bd3d8c66d6b2e625bf05214c1c4b409f5b0cd3a8", "f2405e47f4b46167eddfcd740204784d52cdd1d7b57c17fc00e5c686b7dc98de", "be23b54bcac341046ed5a2c35a1ee830610e578627978c2bb012138dfff6a3f5", "d5252b92597828b52ddec826eb84b24f492480d076eed9aeec80cc3b93a0118a", "afce5d660d26f82af8addf704455c951756bcc4e0629b46b4cc56428e224f315", "faeeb04040aa97fbfbe9df50bd1bfd08bfaf9c5d9a9ae5b90d173656da31cf43", "908bc59262f91f2c86e1159957b7b9adfd6ab186cafd4f767d8723cc5ceeda7d", "8ce009fe7fadda76ddcc21248231af4358fa92e7f877e73f0e37726476f85b01", "6c4911f38de2b08a9e7015453aeed31956019d78a1219f60dd79c10b3e0b3141", "ba138751a85fa76814cb894a80bc7275a665931be5830296a15bd54f504e0ab4", "4e421a44146530c1ac6f0976024b53c3c86d8be05d0f446bc95510de7eeb3925", "4be0b658faf09a05495a9ae17ac6c58ec392ed6c4624859fc1c5b275eb36f627", "605a483757ecf0738b4b4a019a46a4d6b9e3fc07b6e845f0264b27821df1078c", "a5fba9c9d35a709764284dd85a0781548055e92773182481dc7fd61e59771c0d", "db44bb6cba207bd9fa4cf54924609ac951542c90eb881661a0c92057ef85f0b7", "af52a7b94279d62adfa28891989a3b71a7a17efc4550358933f822621157c6d0", "e8f2d98b28d262c52fad3b17e70895048a7e3581dc3fe78da3c7214b7b9ea7f0", "26515e880aaf2e119424c894836ed5c79a590c4764f4bae20d473d217832a01d", "1c7cd8e86443aa599665ef2c4d1264f9efd82b4d4d6e0460a18b97c2f1582aea", "ada5f594c110065e963f60e53a802dbbaf7321d244ab2bbe1cbd4abf7d90200c", "1a31c3549256936581d375838891a8ad4a71cbd05d225a186e99b5296a25916e", "be4462b4dcbb28eb5a251b40ee7a38a22e481dacd76fdd07e89c0c1d115ab6d7", "768eef12b8082acde11a4d3b62bd5424f8e95bb83f1b7b7a5bc4c62531ff2e20", "ef68efd56c698763b226dfd09a07c88bb4bf9d9e0ce3cce6a4667e7d5cbf9969", "03c857615f0b6602b4e501076ba73602b16531b6d83a2aa40e3ea38fb6909418", "4521bf6f882807bdbb0c8f5f044c1415a543e2ca257ead36fba04c6a7919e6c0", "bf0dbed2199658935e948e57220075e24144639b7e8cdcd56d8c1887142d758a", "e9d09f322085232721e4239b087c8c66150e27322042a2ea5bd7bb42a501bcc7", "03924699129f7f0b9a65041a4dcf96185004b90bd4d6017adfd720412630fbd4", "521a9ce550a408da634f02b39b4f8d18c37d9a4a5aa4c92948532dd175afe0ea", "74f7c20fdee2b0e569b3fc7d42521c2b55b3c280d5e7bc8a767ccef5ab5c17ff", "847d9652c563b3315fc34fd708aecdde038aec8c2fb13997a72b6fd894579e34"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "imports-IsDebuggerPresent", "hashes": ["939036c35d85644dbca5216eb2e1bfb7fa67811046f8255482bc6cda2682c26c", "f66edfe9c475fe0522cd87c7738e3f86692ea37f0e1083e2cd0d7d8212c5d036", "cbb4f76caa2e58533c0cd7ada651ccb8c8069879bfe4d04d6b8a0c658ca13397", "a94d813c9217947da23706f2e400b89cc31fe6973cd3539ff1559b74f9eda100", "840b2b2bd08ec79d19b5504debdbad612518346599444e676e23789a8455047d", "4228742b043c47e0780ba276d9a8723ed7a510f22d201648122df1cd25802468", "979819e0c50c5f49306c4cfd771039671c095f22d921ef836275392efd0c3611", "337d917fe321f1e54f3927061475587a278314b7c8266955430bb4b8876cdf4a", "83831a5b5db3553e3a122b266d889349a3380414c27e322266e9d93926831180", "198fcd646496fa679b3ee7127d0dbae4eb42776f3789562afb8c4afff0caec72", "6fd8c636c94dc1380aef341cde76a40a02ee7e18161daee955c45c5004d88fb3", "5a66c05a5d48e8c178f9e656ba1cc6e124e552af6d947af29e3afcb435dd31ce", "2849b4a5145d840a746643b01050e13c0bc35151413da47d5b174a00c64b1c73", "6c737394b6f8c4fe504730f4bd3d8c66d6b2e625bf05214c1c4b409f5b0cd3a8", "f2405e47f4b46167eddfcd740204784d52cdd1d7b57c17fc00e5c686b7dc98de", "be23b54bcac341046ed5a2c35a1ee830610e578627978c2bb012138dfff6a3f5", "d5252b92597828b52ddec826eb84b24f492480d076eed9aeec80cc3b93a0118a", "afce5d660d26f82af8addf704455c951756bcc4e0629b46b4cc56428e224f315", "faeeb04040aa97fbfbe9df50bd1bfd08bfaf9c5d9a9ae5b90d173656da31cf43", "908bc59262f91f2c86e1159957b7b9adfd6ab186cafd4f767d8723cc5ceeda7d", "8ce009fe7fadda76ddcc21248231af4358fa92e7f877e73f0e37726476f85b01", "6c4911f38de2b08a9e7015453aeed31956019d78a1219f60dd79c10b3e0b3141", "ba138751a85fa76814cb894a80bc7275a665931be5830296a15bd54f504e0ab4", "4e421a44146530c1ac6f0976024b53c3c86d8be05d0f446bc95510de7eeb3925", "4be0b658faf09a05495a9ae17ac6c58ec392ed6c4624859fc1c5b275eb36f627", "605a483757ecf0738b4b4a019a46a4d6b9e3fc07b6e845f0264b27821df1078c", "a5fba9c9d35a709764284dd85a0781548055e92773182481dc7fd61e59771c0d", "db44bb6cba207bd9fa4cf54924609ac951542c90eb881661a0c92057ef85f0b7", "af52a7b94279d62adfa28891989a3b71a7a17efc4550358933f822621157c6d0", "e8f2d98b28d262c52fad3b17e70895048a7e3581dc3fe78da3c7214b7b9ea7f0", "26515e880aaf2e119424c894836ed5c79a590c4764f4bae20d473d217832a01d", "1c7cd8e86443aa599665ef2c4d1264f9efd82b4d4d6e0460a18b97c2f1582aea", "ada5f594c110065e963f60e53a802dbbaf7321d244ab2bbe1cbd4abf7d90200c", "1a31c3549256936581d375838891a8ad4a71cbd05d225a186e99b5296a25916e", "be4462b4dcbb28eb5a251b40ee7a38a22e481dacd76fdd07e89c0c1d115ab6d7", "768eef12b8082acde11a4d3b62bd5424f8e95bb83f1b7b7a5bc4c62531ff2e20", "ef68efd56c698763b226dfd09a07c88bb4bf9d9e0ce3cce6a4667e7d5cbf9969", "03c857615f0b6602b4e501076ba73602b16531b6d83a2aa40e3ea38fb6909418", "4521bf6f882807bdbb0c8f5f044c1415a543e2ca257ead36fba04c6a7919e6c0", "bf0dbed2199658935e948e57220075e24144639b7e8cdcd56d8c1887142d758a", "e9d09f322085232721e4239b087c8c66150e27322042a2ea5bd7bb42a501bcc7", "03924699129f7f0b9a65041a4dcf96185004b90bd4d6017adfd720412630fbd4", "521a9ce550a408da634f02b39b4f8d18c37d9a4a5aa4c92948532dd175afe0ea", "74f7c20fdee2b0e569b3fc7d42521c2b55b3c280d5e7bc8a767ccef5ab5c17ff", "847d9652c563b3315fc34fd708aecdde038aec8c2fb13997a72b6fd894579e34"], "mitre_attack_tags": ["TA0005", "TA0007"]}, {"bi": "memory-execute-readwrite", "hashes": ["939036c35d85644dbca5216eb2e1bfb7fa67811046f8255482bc6cda2682c26c", "f66edfe9c475fe0522cd87c7738e3f86692ea37f0e1083e2cd0d7d8212c5d036", "cbb4f76caa2e58533c0cd7ada651ccb8c8069879bfe4d04d6b8a0c658ca13397", "a94d813c9217947da23706f2e400b89cc31fe6973cd3539ff1559b74f9eda100", "840b2b2bd08ec79d19b5504debdbad612518346599444e676e23789a8455047d", "4228742b043c47e0780ba276d9a8723ed7a510f22d201648122df1cd25802468", "979819e0c50c5f49306c4cfd771039671c095f22d921ef836275392efd0c3611", "337d917fe321f1e54f3927061475587a278314b7c8266955430bb4b8876cdf4a", "83831a5b5db3553e3a122b266d889349a3380414c27e322266e9d93926831180", "198fcd646496fa679b3ee7127d0dbae4eb42776f3789562afb8c4afff0caec72", "6fd8c636c94dc1380aef341cde76a40a02ee7e18161daee955c45c5004d88fb3", "5a66c05a5d48e8c178f9e656ba1cc6e124e552af6d947af29e3afcb435dd31ce", "2849b4a5145d840a746643b01050e13c0bc35151413da47d5b174a00c64b1c73", "6c737394b6f8c4fe504730f4bd3d8c66d6b2e625bf05214c1c4b409f5b0cd3a8", "f2405e47f4b46167eddfcd740204784d52cdd1d7b57c17fc00e5c686b7dc98de", "be23b54bcac341046ed5a2c35a1ee830610e578627978c2bb012138dfff6a3f5", "d5252b92597828b52ddec826eb84b24f492480d076eed9aeec80cc3b93a0118a", "afce5d660d26f82af8addf704455c951756bcc4e0629b46b4cc56428e224f315", "faeeb04040aa97fbfbe9df50bd1bfd08bfaf9c5d9a9ae5b90d173656da31cf43", "908bc59262f91f2c86e1159957b7b9adfd6ab186cafd4f767d8723cc5ceeda7d", "8ce009fe7fadda76ddcc21248231af4358fa92e7f877e73f0e37726476f85b01", "6c4911f38de2b08a9e7015453aeed31956019d78a1219f60dd79c10b3e0b3141", "ba138751a85fa76814cb894a80bc7275a665931be5830296a15bd54f504e0ab4", "4be0b658faf09a05495a9ae17ac6c58ec392ed6c4624859fc1c5b275eb36f627", "605a483757ecf0738b4b4a019a46a4d6b9e3fc07b6e845f0264b27821df1078c", "a5fba9c9d35a709764284dd85a0781548055e92773182481dc7fd61e59771c0d", "db44bb6cba207bd9fa4cf54924609ac951542c90eb881661a0c92057ef85f0b7", "af52a7b94279d62adfa28891989a3b71a7a17efc4550358933f822621157c6d0", "e8f2d98b28d262c52fad3b17e70895048a7e3581dc3fe78da3c7214b7b9ea7f0", "26515e880aaf2e119424c894836ed5c79a590c4764f4bae20d473d217832a01d", "1c7cd8e86443aa599665ef2c4d1264f9efd82b4d4d6e0460a18b97c2f1582aea", "ada5f594c110065e963f60e53a802dbbaf7321d244ab2bbe1cbd4abf7d90200c", "1a31c3549256936581d375838891a8ad4a71cbd05d225a186e99b5296a25916e", "be4462b4dcbb28eb5a251b40ee7a38a22e481dacd76fdd07e89c0c1d115ab6d7", "768eef12b8082acde11a4d3b62bd5424f8e95bb83f1b7b7a5bc4c62531ff2e20", "03c857615f0b6602b4e501076ba73602b16531b6d83a2aa40e3ea38fb6909418", "4521bf6f882807bdbb0c8f5f044c1415a543e2ca257ead36fba04c6a7919e6c0", "bf0dbed2199658935e948e57220075e24144639b7e8cdcd56d8c1887142d758a", "e9d09f322085232721e4239b087c8c66150e27322042a2ea5bd7bb42a501bcc7", "03924699129f7f0b9a65041a4dcf96185004b90bd4d6017adfd720412630fbd4", "521a9ce550a408da634f02b39b4f8d18c37d9a4a5aa4c92948532dd175afe0ea", "74f7c20fdee2b0e569b3fc7d42521c2b55b3c280d5e7bc8a767ccef5ab5c17ff"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["939036c35d85644dbca5216eb2e1bfb7fa67811046f8255482bc6cda2682c26c", "f66edfe9c475fe0522cd87c7738e3f86692ea37f0e1083e2cd0d7d8212c5d036", "cbb4f76caa2e58533c0cd7ada651ccb8c8069879bfe4d04d6b8a0c658ca13397", "a94d813c9217947da23706f2e400b89cc31fe6973cd3539ff1559b74f9eda100", "840b2b2bd08ec79d19b5504debdbad612518346599444e676e23789a8455047d", "4228742b043c47e0780ba276d9a8723ed7a510f22d201648122df1cd25802468", "979819e0c50c5f49306c4cfd771039671c095f22d921ef836275392efd0c3611", "83831a5b5db3553e3a122b266d889349a3380414c27e322266e9d93926831180", "198fcd646496fa679b3ee7127d0dbae4eb42776f3789562afb8c4afff0caec72", "6fd8c636c94dc1380aef341cde76a40a02ee7e18161daee955c45c5004d88fb3", "5a66c05a5d48e8c178f9e656ba1cc6e124e552af6d947af29e3afcb435dd31ce", "2849b4a5145d840a746643b01050e13c0bc35151413da47d5b174a00c64b1c73", "6c737394b6f8c4fe504730f4bd3d8c66d6b2e625bf05214c1c4b409f5b0cd3a8", "f2405e47f4b46167eddfcd740204784d52cdd1d7b57c17fc00e5c686b7dc98de", "be23b54bcac341046ed5a2c35a1ee830610e578627978c2bb012138dfff6a3f5", "afce5d660d26f82af8addf704455c951756bcc4e0629b46b4cc56428e224f315", "faeeb04040aa97fbfbe9df50bd1bfd08bfaf9c5d9a9ae5b90d173656da31cf43", "908bc59262f91f2c86e1159957b7b9adfd6ab186cafd4f767d8723cc5ceeda7d", "8ce009fe7fadda76ddcc21248231af4358fa92e7f877e73f0e37726476f85b01", "6c4911f38de2b08a9e7015453aeed31956019d78a1219f60dd79c10b3e0b3141", "ba138751a85fa76814cb894a80bc7275a665931be5830296a15bd54f504e0ab4", "4e421a44146530c1ac6f0976024b53c3c86d8be05d0f446bc95510de7eeb3925", "4be0b658faf09a05495a9ae17ac6c58ec392ed6c4624859fc1c5b275eb36f627", "605a483757ecf0738b4b4a019a46a4d6b9e3fc07b6e845f0264b27821df1078c", "a5fba9c9d35a709764284dd85a0781548055e92773182481dc7fd61e59771c0d", "db44bb6cba207bd9fa4cf54924609ac951542c90eb881661a0c92057ef85f0b7", "af52a7b94279d62adfa28891989a3b71a7a17efc4550358933f822621157c6d0", "26515e880aaf2e119424c894836ed5c79a590c4764f4bae20d473d217832a01d", "1c7cd8e86443aa599665ef2c4d1264f9efd82b4d4d6e0460a18b97c2f1582aea", "ada5f594c110065e963f60e53a802dbbaf7321d244ab2bbe1cbd4abf7d90200c", "1a31c3549256936581d375838891a8ad4a71cbd05d225a186e99b5296a25916e", "be4462b4dcbb28eb5a251b40ee7a38a22e481dacd76fdd07e89c0c1d115ab6d7", "ef68efd56c698763b226dfd09a07c88bb4bf9d9e0ce3cce6a4667e7d5cbf9969", "4521bf6f882807bdbb0c8f5f044c1415a543e2ca257ead36fba04c6a7919e6c0", "bf0dbed2199658935e948e57220075e24144639b7e8cdcd56d8c1887142d758a", "e9d09f322085232721e4239b087c8c66150e27322042a2ea5bd7bb42a501bcc7", "03924699129f7f0b9a65041a4dcf96185004b90bd4d6017adfd720412630fbd4", "521a9ce550a408da634f02b39b4f8d18c37d9a4a5aa4c92948532dd175afe0ea", "74f7c20fdee2b0e569b3fc7d42521c2b55b3c280d5e7bc8a767ccef5ab5c17ff", "847d9652c563b3315fc34fd708aecdde038aec8c2fb13997a72b6fd894579e34"], "mitre_attack_tags": []}, {"bi": "modified-file-in-user-dir", "hashes": ["939036c35d85644dbca5216eb2e1bfb7fa67811046f8255482bc6cda2682c26c", "f66edfe9c475fe0522cd87c7738e3f86692ea37f0e1083e2cd0d7d8212c5d036", "840b2b2bd08ec79d19b5504debdbad612518346599444e676e23789a8455047d", "4228742b043c47e0780ba276d9a8723ed7a510f22d201648122df1cd25802468", "979819e0c50c5f49306c4cfd771039671c095f22d921ef836275392efd0c3611", "83831a5b5db3553e3a122b266d889349a3380414c27e322266e9d93926831180", "6fd8c636c94dc1380aef341cde76a40a02ee7e18161daee955c45c5004d88fb3", "6c737394b6f8c4fe504730f4bd3d8c66d6b2e625bf05214c1c4b409f5b0cd3a8", "f2405e47f4b46167eddfcd740204784d52cdd1d7b57c17fc00e5c686b7dc98de", "faeeb04040aa97fbfbe9df50bd1bfd08bfaf9c5d9a9ae5b90d173656da31cf43", "908bc59262f91f2c86e1159957b7b9adfd6ab186cafd4f767d8723cc5ceeda7d", "8ce009fe7fadda76ddcc21248231af4358fa92e7f877e73f0e37726476f85b01", "6c4911f38de2b08a9e7015453aeed31956019d78a1219f60dd79c10b3e0b3141", "db44bb6cba207bd9fa4cf54924609ac951542c90eb881661a0c92057ef85f0b7", "af52a7b94279d62adfa28891989a3b71a7a17efc4550358933f822621157c6d0", "e8f2d98b28d262c52fad3b17e70895048a7e3581dc3fe78da3c7214b7b9ea7f0", "26515e880aaf2e119424c894836ed5c79a590c4764f4bae20d473d217832a01d", "ada5f594c110065e963f60e53a802dbbaf7321d244ab2bbe1cbd4abf7d90200c", "1a31c3549256936581d375838891a8ad4a71cbd05d225a186e99b5296a25916e", "be4462b4dcbb28eb5a251b40ee7a38a22e481dacd76fdd07e89c0c1d115ab6d7", "03c857615f0b6602b4e501076ba73602b16531b6d83a2aa40e3ea38fb6909418", "4521bf6f882807bdbb0c8f5f044c1415a543e2ca257ead36fba04c6a7919e6c0", "bf0dbed2199658935e948e57220075e24144639b7e8cdcd56d8c1887142d758a", "e9d09f322085232721e4239b087c8c66150e27322042a2ea5bd7bb42a501bcc7", "74f7c20fdee2b0e569b3fc7d42521c2b55b3c280d5e7bc8a767ccef5ab5c17ff"], "mitre_attack_tags": []}, {"bi": "modified-executable", "hashes": ["939036c35d85644dbca5216eb2e1bfb7fa67811046f8255482bc6cda2682c26c", "f66edfe9c475fe0522cd87c7738e3f86692ea37f0e1083e2cd0d7d8212c5d036", "840b2b2bd08ec79d19b5504debdbad612518346599444e676e23789a8455047d", "4228742b043c47e0780ba276d9a8723ed7a510f22d201648122df1cd25802468", "979819e0c50c5f49306c4cfd771039671c095f22d921ef836275392efd0c3611", "83831a5b5db3553e3a122b266d889349a3380414c27e322266e9d93926831180", "6fd8c636c94dc1380aef341cde76a40a02ee7e18161daee955c45c5004d88fb3", "f2405e47f4b46167eddfcd740204784d52cdd1d7b57c17fc00e5c686b7dc98de", "faeeb04040aa97fbfbe9df50bd1bfd08bfaf9c5d9a9ae5b90d173656da31cf43", "908bc59262f91f2c86e1159957b7b9adfd6ab186cafd4f767d8723cc5ceeda7d", "8ce009fe7fadda76ddcc21248231af4358fa92e7f877e73f0e37726476f85b01", "6c4911f38de2b08a9e7015453aeed31956019d78a1219f60dd79c10b3e0b3141", "db44bb6cba207bd9fa4cf54924609ac951542c90eb881661a0c92057ef85f0b7", "26515e880aaf2e119424c894836ed5c79a590c4764f4bae20d473d217832a01d", "ada5f594c110065e963f60e53a802dbbaf7321d244ab2bbe1cbd4abf7d90200c", "1a31c3549256936581d375838891a8ad4a71cbd05d225a186e99b5296a25916e", "be4462b4dcbb28eb5a251b40ee7a38a22e481dacd76fdd07e89c0c1d115ab6d7", "4521bf6f882807bdbb0c8f5f044c1415a543e2ca257ead36fba04c6a7919e6c0", "bf0dbed2199658935e948e57220075e24144639b7e8cdcd56d8c1887142d758a", "e9d09f322085232721e4239b087c8c66150e27322042a2ea5bd7bb42a501bcc7", "74f7c20fdee2b0e569b3fc7d42521c2b55b3c280d5e7bc8a767ccef5ab5c17ff"], "mitre_attack_tags": []}, {"bi": "created-executable-in-user-dir", "hashes": ["939036c35d85644dbca5216eb2e1bfb7fa67811046f8255482bc6cda2682c26c", "f66edfe9c475fe0522cd87c7738e3f86692ea37f0e1083e2cd0d7d8212c5d036", "840b2b2bd08ec79d19b5504debdbad612518346599444e676e23789a8455047d", "4228742b043c47e0780ba276d9a8723ed7a510f22d201648122df1cd25802468", "979819e0c50c5f49306c4cfd771039671c095f22d921ef836275392efd0c3611", "83831a5b5db3553e3a122b266d889349a3380414c27e322266e9d93926831180", "6fd8c636c94dc1380aef341cde76a40a02ee7e18161daee955c45c5004d88fb3", "f2405e47f4b46167eddfcd740204784d52cdd1d7b57c17fc00e5c686b7dc98de", "faeeb04040aa97fbfbe9df50bd1bfd08bfaf9c5d9a9ae5b90d173656da31cf43", "908bc59262f91f2c86e1159957b7b9adfd6ab186cafd4f767d8723cc5ceeda7d", "8ce009fe7fadda76ddcc21248231af4358fa92e7f877e73f0e37726476f85b01", "6c4911f38de2b08a9e7015453aeed31956019d78a1219f60dd79c10b3e0b3141", "db44bb6cba207bd9fa4cf54924609ac951542c90eb881661a0c92057ef85f0b7", "26515e880aaf2e119424c894836ed5c79a590c4764f4bae20d473d217832a01d", "ada5f594c110065e963f60e53a802dbbaf7321d244ab2bbe1cbd4abf7d90200c", "1a31c3549256936581d375838891a8ad4a71cbd05d225a186e99b5296a25916e", "be4462b4dcbb28eb5a251b40ee7a38a22e481dacd76fdd07e89c0c1d115ab6d7", "4521bf6f882807bdbb0c8f5f044c1415a543e2ca257ead36fba04c6a7919e6c0", "bf0dbed2199658935e948e57220075e24144639b7e8cdcd56d8c1887142d758a", "e9d09f322085232721e4239b087c8c66150e27322042a2ea5bd7bb42a501bcc7", "74f7c20fdee2b0e569b3fc7d42521c2b55b3c280d5e7bc8a767ccef5ab5c17ff"], "mitre_attack_tags": []}, {"bi": "network-snort-malware", "hashes": ["939036c35d85644dbca5216eb2e1bfb7fa67811046f8255482bc6cda2682c26c", "cbb4f76caa2e58533c0cd7ada651ccb8c8069879bfe4d04d6b8a0c658ca13397", "840b2b2bd08ec79d19b5504debdbad612518346599444e676e23789a8455047d", "4228742b043c47e0780ba276d9a8723ed7a510f22d201648122df1cd25802468", "979819e0c50c5f49306c4cfd771039671c095f22d921ef836275392efd0c3611", "198fcd646496fa679b3ee7127d0dbae4eb42776f3789562afb8c4afff0caec72", "5a66c05a5d48e8c178f9e656ba1cc6e124e552af6d947af29e3afcb435dd31ce", "f2405e47f4b46167eddfcd740204784d52cdd1d7b57c17fc00e5c686b7dc98de", "afce5d660d26f82af8addf704455c951756bcc4e0629b46b4cc56428e224f315", "faeeb04040aa97fbfbe9df50bd1bfd08bfaf9c5d9a9ae5b90d173656da31cf43", "8ce009fe7fadda76ddcc21248231af4358fa92e7f877e73f0e37726476f85b01", "605a483757ecf0738b4b4a019a46a4d6b9e3fc07b6e845f0264b27821df1078c", "26515e880aaf2e119424c894836ed5c79a590c4764f4bae20d473d217832a01d", "1c7cd8e86443aa599665ef2c4d1264f9efd82b4d4d6e0460a18b97c2f1582aea", "1a31c3549256936581d375838891a8ad4a71cbd05d225a186e99b5296a25916e", "be4462b4dcbb28eb5a251b40ee7a38a22e481dacd76fdd07e89c0c1d115ab6d7", "4521bf6f882807bdbb0c8f5f044c1415a543e2ca257ead36fba04c6a7919e6c0", "bf0dbed2199658935e948e57220075e24144639b7e8cdcd56d8c1887142d758a", "e9d09f322085232721e4239b087c8c66150e27322042a2ea5bd7bb42a501bcc7", "74f7c20fdee2b0e569b3fc7d42521c2b55b3c280d5e7bc8a767ccef5ab5c17ff"], "mitre_attack_tags": []}, {"bi": "registry-autorun-key-modified", "hashes": ["939036c35d85644dbca5216eb2e1bfb7fa67811046f8255482bc6cda2682c26c", "f66edfe9c475fe0522cd87c7738e3f86692ea37f0e1083e2cd0d7d8212c5d036", "840b2b2bd08ec79d19b5504debdbad612518346599444e676e23789a8455047d", "4228742b043c47e0780ba276d9a8723ed7a510f22d201648122df1cd25802468", "979819e0c50c5f49306c4cfd771039671c095f22d921ef836275392efd0c3611", "6fd8c636c94dc1380aef341cde76a40a02ee7e18161daee955c45c5004d88fb3", "f2405e47f4b46167eddfcd740204784d52cdd1d7b57c17fc00e5c686b7dc98de", "faeeb04040aa97fbfbe9df50bd1bfd08bfaf9c5d9a9ae5b90d173656da31cf43", "908bc59262f91f2c86e1159957b7b9adfd6ab186cafd4f767d8723cc5ceeda7d", "8ce009fe7fadda76ddcc21248231af4358fa92e7f877e73f0e37726476f85b01", "db44bb6cba207bd9fa4cf54924609ac951542c90eb881661a0c92057ef85f0b7", "26515e880aaf2e119424c894836ed5c79a590c4764f4bae20d473d217832a01d", "ada5f594c110065e963f60e53a802dbbaf7321d244ab2bbe1cbd4abf7d90200c", "1a31c3549256936581d375838891a8ad4a71cbd05d225a186e99b5296a25916e", "be4462b4dcbb28eb5a251b40ee7a38a22e481dacd76fdd07e89c0c1d115ab6d7", "4521bf6f882807bdbb0c8f5f044c1415a543e2ca257ead36fba04c6a7919e6c0", "bf0dbed2199658935e948e57220075e24144639b7e8cdcd56d8c1887142d758a", "e9d09f322085232721e4239b087c8c66150e27322042a2ea5bd7bb42a501bcc7", "74f7c20fdee2b0e569b3fc7d42521c2b55b3c280d5e7bc8a767ccef5ab5c17ff"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "nginx-webserver-detected", "hashes": ["939036c35d85644dbca5216eb2e1bfb7fa67811046f8255482bc6cda2682c26c", "f66edfe9c475fe0522cd87c7738e3f86692ea37f0e1083e2cd0d7d8212c5d036", "4228742b043c47e0780ba276d9a8723ed7a510f22d201648122df1cd25802468", "979819e0c50c5f49306c4cfd771039671c095f22d921ef836275392efd0c3611", "6fd8c636c94dc1380aef341cde76a40a02ee7e18161daee955c45c5004d88fb3", "f2405e47f4b46167eddfcd740204784d52cdd1d7b57c17fc00e5c686b7dc98de", "faeeb04040aa97fbfbe9df50bd1bfd08bfaf9c5d9a9ae5b90d173656da31cf43", "908bc59262f91f2c86e1159957b7b9adfd6ab186cafd4f767d8723cc5ceeda7d", "6c4911f38de2b08a9e7015453aeed31956019d78a1219f60dd79c10b3e0b3141", "db44bb6cba207bd9fa4cf54924609ac951542c90eb881661a0c92057ef85f0b7", "26515e880aaf2e119424c894836ed5c79a590c4764f4bae20d473d217832a01d", "ada5f594c110065e963f60e53a802dbbaf7321d244ab2bbe1cbd4abf7d90200c", "1a31c3549256936581d375838891a8ad4a71cbd05d225a186e99b5296a25916e", "be4462b4dcbb28eb5a251b40ee7a38a22e481dacd76fdd07e89c0c1d115ab6d7", "4521bf6f882807bdbb0c8f5f044c1415a543e2ca257ead36fba04c6a7919e6c0", "bf0dbed2199658935e948e57220075e24144639b7e8cdcd56d8c1887142d758a", "e9d09f322085232721e4239b087c8c66150e27322042a2ea5bd7bb42a501bcc7", "74f7c20fdee2b0e569b3fc7d42521c2b55b3c280d5e7bc8a767ccef5ab5c17ff"], "mitre_attack_tags": []}, {"bi": "network-http-numeric-ip", "hashes": ["939036c35d85644dbca5216eb2e1bfb7fa67811046f8255482bc6cda2682c26c", "f66edfe9c475fe0522cd87c7738e3f86692ea37f0e1083e2cd0d7d8212c5d036", "4228742b043c47e0780ba276d9a8723ed7a510f22d201648122df1cd25802468", "979819e0c50c5f49306c4cfd771039671c095f22d921ef836275392efd0c3611", "6fd8c636c94dc1380aef341cde76a40a02ee7e18161daee955c45c5004d88fb3", "f2405e47f4b46167eddfcd740204784d52cdd1d7b57c17fc00e5c686b7dc98de", "faeeb04040aa97fbfbe9df50bd1bfd08bfaf9c5d9a9ae5b90d173656da31cf43", "908bc59262f91f2c86e1159957b7b9adfd6ab186cafd4f767d8723cc5ceeda7d", "db44bb6cba207bd9fa4cf54924609ac951542c90eb881661a0c92057ef85f0b7", "26515e880aaf2e119424c894836ed5c79a590c4764f4bae20d473d217832a01d", "ada5f594c110065e963f60e53a802dbbaf7321d244ab2bbe1cbd4abf7d90200c", "1a31c3549256936581d375838891a8ad4a71cbd05d225a186e99b5296a25916e", "be4462b4dcbb28eb5a251b40ee7a38a22e481dacd76fdd07e89c0c1d115ab6d7", "4521bf6f882807bdbb0c8f5f044c1415a543e2ca257ead36fba04c6a7919e6c0", "bf0dbed2199658935e948e57220075e24144639b7e8cdcd56d8c1887142d758a", "e9d09f322085232721e4239b087c8c66150e27322042a2ea5bd7bb42a501bcc7", "74f7c20fdee2b0e569b3fc7d42521c2b55b3c280d5e7bc8a767ccef5ab5c17ff"], "mitre_attack_tags": ["TA0011", "T1071"]}, {"bi": "registry-service-autostart-disabled", "hashes": ["939036c35d85644dbca5216eb2e1bfb7fa67811046f8255482bc6cda2682c26c", "840b2b2bd08ec79d19b5504debdbad612518346599444e676e23789a8455047d", "4228742b043c47e0780ba276d9a8723ed7a510f22d201648122df1cd25802468", "979819e0c50c5f49306c4cfd771039671c095f22d921ef836275392efd0c3611", "337d917fe321f1e54f3927061475587a278314b7c8266955430bb4b8876cdf4a", "2849b4a5145d840a746643b01050e13c0bc35151413da47d5b174a00c64b1c73", "f2405e47f4b46167eddfcd740204784d52cdd1d7b57c17fc00e5c686b7dc98de", "be23b54bcac341046ed5a2c35a1ee830610e578627978c2bb012138dfff6a3f5", "d5252b92597828b52ddec826eb84b24f492480d076eed9aeec80cc3b93a0118a", "8ce009fe7fadda76ddcc21248231af4358fa92e7f877e73f0e37726476f85b01", "ba138751a85fa76814cb894a80bc7275a665931be5830296a15bd54f504e0ab4", "1a31c3549256936581d375838891a8ad4a71cbd05d225a186e99b5296a25916e", "be4462b4dcbb28eb5a251b40ee7a38a22e481dacd76fdd07e89c0c1d115ab6d7", "03924699129f7f0b9a65041a4dcf96185004b90bd4d6017adfd720412630fbd4", "521a9ce550a408da634f02b39b4f8d18c37d9a4a5aa4c92948532dd175afe0ea", "74f7c20fdee2b0e569b3fc7d42521c2b55b3c280d5e7bc8a767ccef5ab5c17ff"], "mitre_attack_tags": ["TA0005", "TA0040", "TA0003", "TA0004", "T1112", "T1574", "T1489"]}, {"bi": "auto-update-disabled", "hashes": ["939036c35d85644dbca5216eb2e1bfb7fa67811046f8255482bc6cda2682c26c", "840b2b2bd08ec79d19b5504debdbad612518346599444e676e23789a8455047d", "4228742b043c47e0780ba276d9a8723ed7a510f22d201648122df1cd25802468", "979819e0c50c5f49306c4cfd771039671c095f22d921ef836275392efd0c3611", "337d917fe321f1e54f3927061475587a278314b7c8266955430bb4b8876cdf4a", "2849b4a5145d840a746643b01050e13c0bc35151413da47d5b174a00c64b1c73", "f2405e47f4b46167eddfcd740204784d52cdd1d7b57c17fc00e5c686b7dc98de", "be23b54bcac341046ed5a2c35a1ee830610e578627978c2bb012138dfff6a3f5", "d5252b92597828b52ddec826eb84b24f492480d076eed9aeec80cc3b93a0118a", "8ce009fe7fadda76ddcc21248231af4358fa92e7f877e73f0e37726476f85b01", "ba138751a85fa76814cb894a80bc7275a665931be5830296a15bd54f504e0ab4", "1a31c3549256936581d375838891a8ad4a71cbd05d225a186e99b5296a25916e", "be4462b4dcbb28eb5a251b40ee7a38a22e481dacd76fdd07e89c0c1d115ab6d7", "03924699129f7f0b9a65041a4dcf96185004b90bd4d6017adfd720412630fbd4", "521a9ce550a408da634f02b39b4f8d18c37d9a4a5aa4c92948532dd175afe0ea", "74f7c20fdee2b0e569b3fc7d42521c2b55b3c280d5e7bc8a767ccef5ab5c17ff"], "mitre_attack_tags": ["TA0005", "T1562"]}, {"bi": "registry-disable-windefender", "hashes": ["939036c35d85644dbca5216eb2e1bfb7fa67811046f8255482bc6cda2682c26c", "840b2b2bd08ec79d19b5504debdbad612518346599444e676e23789a8455047d", "4228742b043c47e0780ba276d9a8723ed7a510f22d201648122df1cd25802468", "979819e0c50c5f49306c4cfd771039671c095f22d921ef836275392efd0c3611", "337d917fe321f1e54f3927061475587a278314b7c8266955430bb4b8876cdf4a", "2849b4a5145d840a746643b01050e13c0bc35151413da47d5b174a00c64b1c73", "f2405e47f4b46167eddfcd740204784d52cdd1d7b57c17fc00e5c686b7dc98de", "be23b54bcac341046ed5a2c35a1ee830610e578627978c2bb012138dfff6a3f5", "d5252b92597828b52ddec826eb84b24f492480d076eed9aeec80cc3b93a0118a", "8ce009fe7fadda76ddcc21248231af4358fa92e7f877e73f0e37726476f85b01", "ba138751a85fa76814cb894a80bc7275a665931be5830296a15bd54f504e0ab4", "1a31c3549256936581d375838891a8ad4a71cbd05d225a186e99b5296a25916e", "be4462b4dcbb28eb5a251b40ee7a38a22e481dacd76fdd07e89c0c1d115ab6d7", "03924699129f7f0b9a65041a4dcf96185004b90bd4d6017adfd720412630fbd4", "521a9ce550a408da634f02b39b4f8d18c37d9a4a5aa4c92948532dd175afe0ea", "74f7c20fdee2b0e569b3fc7d42521c2b55b3c280d5e7bc8a767ccef5ab5c17ff"], "mitre_attack_tags": ["TA0005", "T1562"]}, {"bi": "network-snort-server", "hashes": ["939036c35d85644dbca5216eb2e1bfb7fa67811046f8255482bc6cda2682c26c", "cbb4f76caa2e58533c0cd7ada651ccb8c8069879bfe4d04d6b8a0c658ca13397", "840b2b2bd08ec79d19b5504debdbad612518346599444e676e23789a8455047d", "4228742b043c47e0780ba276d9a8723ed7a510f22d201648122df1cd25802468", "979819e0c50c5f49306c4cfd771039671c095f22d921ef836275392efd0c3611", "198fcd646496fa679b3ee7127d0dbae4eb42776f3789562afb8c4afff0caec72", "5a66c05a5d48e8c178f9e656ba1cc6e124e552af6d947af29e3afcb435dd31ce", "f2405e47f4b46167eddfcd740204784d52cdd1d7b57c17fc00e5c686b7dc98de", "afce5d660d26f82af8addf704455c951756bcc4e0629b46b4cc56428e224f315", "8ce009fe7fadda76ddcc21248231af4358fa92e7f877e73f0e37726476f85b01", "6c4911f38de2b08a9e7015453aeed31956019d78a1219f60dd79c10b3e0b3141", "1c7cd8e86443aa599665ef2c4d1264f9efd82b4d4d6e0460a18b97c2f1582aea", "1a31c3549256936581d375838891a8ad4a71cbd05d225a186e99b5296a25916e", "be4462b4dcbb28eb5a251b40ee7a38a22e481dacd76fdd07e89c0c1d115ab6d7", "74f7c20fdee2b0e569b3fc7d42521c2b55b3c280d5e7bc8a767ccef5ab5c17ff"], "mitre_attack_tags": []}, {"bi": "enumeration-browser-information", "hashes": ["939036c35d85644dbca5216eb2e1bfb7fa67811046f8255482bc6cda2682c26c", "cbb4f76caa2e58533c0cd7ada651ccb8c8069879bfe4d04d6b8a0c658ca13397", "840b2b2bd08ec79d19b5504debdbad612518346599444e676e23789a8455047d", "4228742b043c47e0780ba276d9a8723ed7a510f22d201648122df1cd25802468", "979819e0c50c5f49306c4cfd771039671c095f22d921ef836275392efd0c3611", "198fcd646496fa679b3ee7127d0dbae4eb42776f3789562afb8c4afff0caec72", "5a66c05a5d48e8c178f9e656ba1cc6e124e552af6d947af29e3afcb435dd31ce", "f2405e47f4b46167eddfcd740204784d52cdd1d7b57c17fc00e5c686b7dc98de", "afce5d660d26f82af8addf704455c951756bcc4e0629b46b4cc56428e224f315", "8ce009fe7fadda76ddcc21248231af4358fa92e7f877e73f0e37726476f85b01", "605a483757ecf0738b4b4a019a46a4d6b9e3fc07b6e845f0264b27821df1078c", "1c7cd8e86443aa599665ef2c4d1264f9efd82b4d4d6e0460a18b97c2f1582aea", "1a31c3549256936581d375838891a8ad4a71cbd05d225a186e99b5296a25916e", "be4462b4dcbb28eb5a251b40ee7a38a22e481dacd76fdd07e89c0c1d115ab6d7", "74f7c20fdee2b0e569b3fc7d42521c2b55b3c280d5e7bc8a767ccef5ab5c17ff"], "mitre_attack_tags": ["TA0007", "TA0009", "TA0006", "T1083", "T1217", "T1005", "T1119", "T1552", "T1539", "T1555"]}, {"bi": "firefox-cookie-read", "hashes": ["939036c35d85644dbca5216eb2e1bfb7fa67811046f8255482bc6cda2682c26c", "cbb4f76caa2e58533c0cd7ada651ccb8c8069879bfe4d04d6b8a0c658ca13397", "840b2b2bd08ec79d19b5504debdbad612518346599444e676e23789a8455047d", "4228742b043c47e0780ba276d9a8723ed7a510f22d201648122df1cd25802468", "979819e0c50c5f49306c4cfd771039671c095f22d921ef836275392efd0c3611", "198fcd646496fa679b3ee7127d0dbae4eb42776f3789562afb8c4afff0caec72", "5a66c05a5d48e8c178f9e656ba1cc6e124e552af6d947af29e3afcb435dd31ce", "f2405e47f4b46167eddfcd740204784d52cdd1d7b57c17fc00e5c686b7dc98de", "afce5d660d26f82af8addf704455c951756bcc4e0629b46b4cc56428e224f315", "8ce009fe7fadda76ddcc21248231af4358fa92e7f877e73f0e37726476f85b01", "605a483757ecf0738b4b4a019a46a4d6b9e3fc07b6e845f0264b27821df1078c", "1c7cd8e86443aa599665ef2c4d1264f9efd82b4d4d6e0460a18b97c2f1582aea", "1a31c3549256936581d375838891a8ad4a71cbd05d225a186e99b5296a25916e", "be4462b4dcbb28eb5a251b40ee7a38a22e481dacd76fdd07e89c0c1d115ab6d7", "74f7c20fdee2b0e569b3fc7d42521c2b55b3c280d5e7bc8a767ccef5ab5c17ff"], "mitre_attack_tags": ["TA0009", "T1005", "T1119"]}, {"bi": "malware-generic-infostealer", "hashes": ["939036c35d85644dbca5216eb2e1bfb7fa67811046f8255482bc6cda2682c26c", "cbb4f76caa2e58533c0cd7ada651ccb8c8069879bfe4d04d6b8a0c658ca13397", "840b2b2bd08ec79d19b5504debdbad612518346599444e676e23789a8455047d", "4228742b043c47e0780ba276d9a8723ed7a510f22d201648122df1cd25802468", "979819e0c50c5f49306c4cfd771039671c095f22d921ef836275392efd0c3611", "198fcd646496fa679b3ee7127d0dbae4eb42776f3789562afb8c4afff0caec72", "5a66c05a5d48e8c178f9e656ba1cc6e124e552af6d947af29e3afcb435dd31ce", "f2405e47f4b46167eddfcd740204784d52cdd1d7b57c17fc00e5c686b7dc98de", "afce5d660d26f82af8addf704455c951756bcc4e0629b46b4cc56428e224f315", "8ce009fe7fadda76ddcc21248231af4358fa92e7f877e73f0e37726476f85b01", "605a483757ecf0738b4b4a019a46a4d6b9e3fc07b6e845f0264b27821df1078c", "1c7cd8e86443aa599665ef2c4d1264f9efd82b4d4d6e0460a18b97c2f1582aea", "1a31c3549256936581d375838891a8ad4a71cbd05d225a186e99b5296a25916e", "be4462b4dcbb28eb5a251b40ee7a38a22e481dacd76fdd07e89c0c1d115ab6d7", "74f7c20fdee2b0e569b3fc7d42521c2b55b3c280d5e7bc8a767ccef5ab5c17ff"], "mitre_attack_tags": ["TA0007", "TA0009", "TA0006", "T1083", "T1005", "T1119", "T1552"]}, {"bi": "enumeration-cryptocurrency-information", "hashes": ["939036c35d85644dbca5216eb2e1bfb7fa67811046f8255482bc6cda2682c26c", "cbb4f76caa2e58533c0cd7ada651ccb8c8069879bfe4d04d6b8a0c658ca13397", "840b2b2bd08ec79d19b5504debdbad612518346599444e676e23789a8455047d", "4228742b043c47e0780ba276d9a8723ed7a510f22d201648122df1cd25802468", "979819e0c50c5f49306c4cfd771039671c095f22d921ef836275392efd0c3611", "198fcd646496fa679b3ee7127d0dbae4eb42776f3789562afb8c4afff0caec72", "5a66c05a5d48e8c178f9e656ba1cc6e124e552af6d947af29e3afcb435dd31ce", "f2405e47f4b46167eddfcd740204784d52cdd1d7b57c17fc00e5c686b7dc98de", "afce5d660d26f82af8addf704455c951756bcc4e0629b46b4cc56428e224f315", "8ce009fe7fadda76ddcc21248231af4358fa92e7f877e73f0e37726476f85b01", "605a483757ecf0738b4b4a019a46a4d6b9e3fc07b6e845f0264b27821df1078c", "1c7cd8e86443aa599665ef2c4d1264f9efd82b4d4d6e0460a18b97c2f1582aea", "1a31c3549256936581d375838891a8ad4a71cbd05d225a186e99b5296a25916e", "be4462b4dcbb28eb5a251b40ee7a38a22e481dacd76fdd07e89c0c1d115ab6d7", "74f7c20fdee2b0e569b3fc7d42521c2b55b3c280d5e7bc8a767ccef5ab5c17ff"], "mitre_attack_tags": ["TA0007", "TA0009", "TA0006", "T1083", "T1005", "T1119", "T1552"]}, {"bi": "enumeration-email-program-information", "hashes": ["939036c35d85644dbca5216eb2e1bfb7fa67811046f8255482bc6cda2682c26c", "cbb4f76caa2e58533c0cd7ada651ccb8c8069879bfe4d04d6b8a0c658ca13397", "840b2b2bd08ec79d19b5504debdbad612518346599444e676e23789a8455047d", "4228742b043c47e0780ba276d9a8723ed7a510f22d201648122df1cd25802468", "979819e0c50c5f49306c4cfd771039671c095f22d921ef836275392efd0c3611", "198fcd646496fa679b3ee7127d0dbae4eb42776f3789562afb8c4afff0caec72", "5a66c05a5d48e8c178f9e656ba1cc6e124e552af6d947af29e3afcb435dd31ce", "f2405e47f4b46167eddfcd740204784d52cdd1d7b57c17fc00e5c686b7dc98de", "afce5d660d26f82af8addf704455c951756bcc4e0629b46b4cc56428e224f315", "8ce009fe7fadda76ddcc21248231af4358fa92e7f877e73f0e37726476f85b01", "605a483757ecf0738b4b4a019a46a4d6b9e3fc07b6e845f0264b27821df1078c", "1c7cd8e86443aa599665ef2c4d1264f9efd82b4d4d6e0460a18b97c2f1582aea", "1a31c3549256936581d375838891a8ad4a71cbd05d225a186e99b5296a25916e", "be4462b4dcbb28eb5a251b40ee7a38a22e481dacd76fdd07e89c0c1d115ab6d7", "74f7c20fdee2b0e569b3fc7d42521c2b55b3c280d5e7bc8a767ccef5ab5c17ff"], "mitre_attack_tags": ["TA0007", "TA0009", "TA0006", "T1083", "T1087", "T1005", "T1119", "T1114", "T1552"]}, {"bi": "enumeration-game-information", "hashes": ["939036c35d85644dbca5216eb2e1bfb7fa67811046f8255482bc6cda2682c26c", "cbb4f76caa2e58533c0cd7ada651ccb8c8069879bfe4d04d6b8a0c658ca13397", "840b2b2bd08ec79d19b5504debdbad612518346599444e676e23789a8455047d", "4228742b043c47e0780ba276d9a8723ed7a510f22d201648122df1cd25802468", "979819e0c50c5f49306c4cfd771039671c095f22d921ef836275392efd0c3611", "198fcd646496fa679b3ee7127d0dbae4eb42776f3789562afb8c4afff0caec72", "5a66c05a5d48e8c178f9e656ba1cc6e124e552af6d947af29e3afcb435dd31ce", "f2405e47f4b46167eddfcd740204784d52cdd1d7b57c17fc00e5c686b7dc98de", "afce5d660d26f82af8addf704455c951756bcc4e0629b46b4cc56428e224f315", "8ce009fe7fadda76ddcc21248231af4358fa92e7f877e73f0e37726476f85b01", "605a483757ecf0738b4b4a019a46a4d6b9e3fc07b6e845f0264b27821df1078c", "1c7cd8e86443aa599665ef2c4d1264f9efd82b4d4d6e0460a18b97c2f1582aea", "1a31c3549256936581d375838891a8ad4a71cbd05d225a186e99b5296a25916e", "be4462b4dcbb28eb5a251b40ee7a38a22e481dacd76fdd07e89c0c1d115ab6d7", "74f7c20fdee2b0e569b3fc7d42521c2b55b3c280d5e7bc8a767ccef5ab5c17ff"], "mitre_attack_tags": ["TA0007", "TA0009", "TA0006", "T1083", "T1005", "T1119", "T1552", "T1555"]}, {"bi": "antivirus-flagged-artifact", "hashes": ["939036c35d85644dbca5216eb2e1bfb7fa67811046f8255482bc6cda2682c26c", "840b2b2bd08ec79d19b5504debdbad612518346599444e676e23789a8455047d", "4228742b043c47e0780ba276d9a8723ed7a510f22d201648122df1cd25802468", "979819e0c50c5f49306c4cfd771039671c095f22d921ef836275392efd0c3611", "f2405e47f4b46167eddfcd740204784d52cdd1d7b57c17fc00e5c686b7dc98de", "faeeb04040aa97fbfbe9df50bd1bfd08bfaf9c5d9a9ae5b90d173656da31cf43", "8ce009fe7fadda76ddcc21248231af4358fa92e7f877e73f0e37726476f85b01", "26515e880aaf2e119424c894836ed5c79a590c4764f4bae20d473d217832a01d", "1a31c3549256936581d375838891a8ad4a71cbd05d225a186e99b5296a25916e", "be4462b4dcbb28eb5a251b40ee7a38a22e481dacd76fdd07e89c0c1d115ab6d7", "4521bf6f882807bdbb0c8f5f044c1415a543e2ca257ead36fba04c6a7919e6c0", "bf0dbed2199658935e948e57220075e24144639b7e8cdcd56d8c1887142d758a", "e9d09f322085232721e4239b087c8c66150e27322042a2ea5bd7bb42a501bcc7", "74f7c20fdee2b0e569b3fc7d42521c2b55b3c280d5e7bc8a767ccef5ab5c17ff"], "mitre_attack_tags": []}, {"bi": "artifact-flagged-anomaly", "hashes": ["939036c35d85644dbca5216eb2e1bfb7fa67811046f8255482bc6cda2682c26c", "f66edfe9c475fe0522cd87c7738e3f86692ea37f0e1083e2cd0d7d8212c5d036", "840b2b2bd08ec79d19b5504debdbad612518346599444e676e23789a8455047d", "4228742b043c47e0780ba276d9a8723ed7a510f22d201648122df1cd25802468", "979819e0c50c5f49306c4cfd771039671c095f22d921ef836275392efd0c3611", "6fd8c636c94dc1380aef341cde76a40a02ee7e18161daee955c45c5004d88fb3", "f2405e47f4b46167eddfcd740204784d52cdd1d7b57c17fc00e5c686b7dc98de", "908bc59262f91f2c86e1159957b7b9adfd6ab186cafd4f767d8723cc5ceeda7d", "8ce009fe7fadda76ddcc21248231af4358fa92e7f877e73f0e37726476f85b01", "db44bb6cba207bd9fa4cf54924609ac951542c90eb881661a0c92057ef85f0b7", "ada5f594c110065e963f60e53a802dbbaf7321d244ab2bbe1cbd4abf7d90200c", "1a31c3549256936581d375838891a8ad4a71cbd05d225a186e99b5296a25916e", "be4462b4dcbb28eb5a251b40ee7a38a22e481dacd76fdd07e89c0c1d115ab6d7", "74f7c20fdee2b0e569b3fc7d42521c2b55b3c280d5e7bc8a767ccef5ab5c17ff"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "network-http-blank-user-agent", "hashes": ["939036c35d85644dbca5216eb2e1bfb7fa67811046f8255482bc6cda2682c26c", "f66edfe9c475fe0522cd87c7738e3f86692ea37f0e1083e2cd0d7d8212c5d036", "4228742b043c47e0780ba276d9a8723ed7a510f22d201648122df1cd25802468", "979819e0c50c5f49306c4cfd771039671c095f22d921ef836275392efd0c3611", "6fd8c636c94dc1380aef341cde76a40a02ee7e18161daee955c45c5004d88fb3", "f2405e47f4b46167eddfcd740204784d52cdd1d7b57c17fc00e5c686b7dc98de", "908bc59262f91f2c86e1159957b7b9adfd6ab186cafd4f767d8723cc5ceeda7d", "db44bb6cba207bd9fa4cf54924609ac951542c90eb881661a0c92057ef85f0b7", "ada5f594c110065e963f60e53a802dbbaf7321d244ab2bbe1cbd4abf7d90200c", "1a31c3549256936581d375838891a8ad4a71cbd05d225a186e99b5296a25916e", "be4462b4dcbb28eb5a251b40ee7a38a22e481dacd76fdd07e89c0c1d115ab6d7", "74f7c20fdee2b0e569b3fc7d42521c2b55b3c280d5e7bc8a767ccef5ab5c17ff"], "mitre_attack_tags": ["TA0011", "T1071"]}, {"bi": "artifact-windows-task", "hashes": ["939036c35d85644dbca5216eb2e1bfb7fa67811046f8255482bc6cda2682c26c", "4228742b043c47e0780ba276d9a8723ed7a510f22d201648122df1cd25802468", "979819e0c50c5f49306c4cfd771039671c095f22d921ef836275392efd0c3611", "f2405e47f4b46167eddfcd740204784d52cdd1d7b57c17fc00e5c686b7dc98de", "faeeb04040aa97fbfbe9df50bd1bfd08bfaf9c5d9a9ae5b90d173656da31cf43", "26515e880aaf2e119424c894836ed5c79a590c4764f4bae20d473d217832a01d", "1a31c3549256936581d375838891a8ad4a71cbd05d225a186e99b5296a25916e", "be4462b4dcbb28eb5a251b40ee7a38a22e481dacd76fdd07e89c0c1d115ab6d7", "4521bf6f882807bdbb0c8f5f044c1415a543e2ca257ead36fba04c6a7919e6c0", "bf0dbed2199658935e948e57220075e24144639b7e8cdcd56d8c1887142d758a", "e9d09f322085232721e4239b087c8c66150e27322042a2ea5bd7bb42a501bcc7", "74f7c20fdee2b0e569b3fc7d42521c2b55b3c280d5e7bc8a767ccef5ab5c17ff"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1053"]}, {"bi": "windows-util-schtask", "hashes": ["939036c35d85644dbca5216eb2e1bfb7fa67811046f8255482bc6cda2682c26c", "4228742b043c47e0780ba276d9a8723ed7a510f22d201648122df1cd25802468", "979819e0c50c5f49306c4cfd771039671c095f22d921ef836275392efd0c3611", "f2405e47f4b46167eddfcd740204784d52cdd1d7b57c17fc00e5c686b7dc98de", "faeeb04040aa97fbfbe9df50bd1bfd08bfaf9c5d9a9ae5b90d173656da31cf43", "26515e880aaf2e119424c894836ed5c79a590c4764f4bae20d473d217832a01d", "1a31c3549256936581d375838891a8ad4a71cbd05d225a186e99b5296a25916e", "be4462b4dcbb28eb5a251b40ee7a38a22e481dacd76fdd07e89c0c1d115ab6d7", "4521bf6f882807bdbb0c8f5f044c1415a543e2ca257ead36fba04c6a7919e6c0", "bf0dbed2199658935e948e57220075e24144639b7e8cdcd56d8c1887142d758a", "e9d09f322085232721e4239b087c8c66150e27322042a2ea5bd7bb42a501bcc7", "74f7c20fdee2b0e569b3fc7d42521c2b55b3c280d5e7bc8a767ccef5ab5c17ff"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1053"]}, {"bi": "network-communications-http-get", "hashes": ["f66edfe9c475fe0522cd87c7738e3f86692ea37f0e1083e2cd0d7d8212c5d036", "6fd8c636c94dc1380aef341cde76a40a02ee7e18161daee955c45c5004d88fb3", "faeeb04040aa97fbfbe9df50bd1bfd08bfaf9c5d9a9ae5b90d173656da31cf43", "908bc59262f91f2c86e1159957b7b9adfd6ab186cafd4f767d8723cc5ceeda7d", "6c4911f38de2b08a9e7015453aeed31956019d78a1219f60dd79c10b3e0b3141", "4be0b658faf09a05495a9ae17ac6c58ec392ed6c4624859fc1c5b275eb36f627", "db44bb6cba207bd9fa4cf54924609ac951542c90eb881661a0c92057ef85f0b7", "26515e880aaf2e119424c894836ed5c79a590c4764f4bae20d473d217832a01d", "ada5f594c110065e963f60e53a802dbbaf7321d244ab2bbe1cbd4abf7d90200c", "4521bf6f882807bdbb0c8f5f044c1415a543e2ca257ead36fba04c6a7919e6c0", "bf0dbed2199658935e948e57220075e24144639b7e8cdcd56d8c1887142d758a", "e9d09f322085232721e4239b087c8c66150e27322042a2ea5bd7bb42a501bcc7"], "mitre_attack_tags": ["TA0011", "T1105"]}, {"bi": "pe-resource-lang-serbian", "hashes": ["4228742b043c47e0780ba276d9a8723ed7a510f22d201648122df1cd25802468", "979819e0c50c5f49306c4cfd771039671c095f22d921ef836275392efd0c3611", "f2405e47f4b46167eddfcd740204784d52cdd1d7b57c17fc00e5c686b7dc98de", "faeeb04040aa97fbfbe9df50bd1bfd08bfaf9c5d9a9ae5b90d173656da31cf43", "8ce009fe7fadda76ddcc21248231af4358fa92e7f877e73f0e37726476f85b01", "26515e880aaf2e119424c894836ed5c79a590c4764f4bae20d473d217832a01d", "be4462b4dcbb28eb5a251b40ee7a38a22e481dacd76fdd07e89c0c1d115ab6d7", "4521bf6f882807bdbb0c8f5f044c1415a543e2ca257ead36fba04c6a7919e6c0", "bf0dbed2199658935e948e57220075e24144639b7e8cdcd56d8c1887142d758a", "e9d09f322085232721e4239b087c8c66150e27322042a2ea5bd7bb42a501bcc7", "74f7c20fdee2b0e569b3fc7d42521c2b55b3c280d5e7bc8a767ccef5ab5c17ff"], "mitre_attack_tags": []}, {"bi": "pe-invalid-checksum", "hashes": ["f66edfe9c475fe0522cd87c7738e3f86692ea37f0e1083e2cd0d7d8212c5d036", "83831a5b5db3553e3a122b266d889349a3380414c27e322266e9d93926831180", "6fd8c636c94dc1380aef341cde76a40a02ee7e18161daee955c45c5004d88fb3", "908bc59262f91f2c86e1159957b7b9adfd6ab186cafd4f767d8723cc5ceeda7d", "6c4911f38de2b08a9e7015453aeed31956019d78a1219f60dd79c10b3e0b3141", "4e421a44146530c1ac6f0976024b53c3c86d8be05d0f446bc95510de7eeb3925", "db44bb6cba207bd9fa4cf54924609ac951542c90eb881661a0c92057ef85f0b7", "ada5f594c110065e963f60e53a802dbbaf7321d244ab2bbe1cbd4abf7d90200c", "ef68efd56c698763b226dfd09a07c88bb4bf9d9e0ce3cce6a4667e7d5cbf9969", "847d9652c563b3315fc34fd708aecdde038aec8c2fb13997a72b6fd894579e34"], "mitre_attack_tags": []}, {"bi": "network-file-downloaded-to-disk", "hashes": ["f66edfe9c475fe0522cd87c7738e3f86692ea37f0e1083e2cd0d7d8212c5d036", "6fd8c636c94dc1380aef341cde76a40a02ee7e18161daee955c45c5004d88fb3", "faeeb04040aa97fbfbe9df50bd1bfd08bfaf9c5d9a9ae5b90d173656da31cf43", "908bc59262f91f2c86e1159957b7b9adfd6ab186cafd4f767d8723cc5ceeda7d", "db44bb6cba207bd9fa4cf54924609ac951542c90eb881661a0c92057ef85f0b7", "26515e880aaf2e119424c894836ed5c79a590c4764f4bae20d473d217832a01d", "ada5f594c110065e963f60e53a802dbbaf7321d244ab2bbe1cbd4abf7d90200c", "4521bf6f882807bdbb0c8f5f044c1415a543e2ca257ead36fba04c6a7919e6c0", "bf0dbed2199658935e948e57220075e24144639b7e8cdcd56d8c1887142d758a", "e9d09f322085232721e4239b087c8c66150e27322042a2ea5bd7bb42a501bcc7"], "mitre_attack_tags": []}, {"bi": "registry-autorun-key-data-dir", "hashes": ["f66edfe9c475fe0522cd87c7738e3f86692ea37f0e1083e2cd0d7d8212c5d036", "6fd8c636c94dc1380aef341cde76a40a02ee7e18161daee955c45c5004d88fb3", "faeeb04040aa97fbfbe9df50bd1bfd08bfaf9c5d9a9ae5b90d173656da31cf43", "908bc59262f91f2c86e1159957b7b9adfd6ab186cafd4f767d8723cc5ceeda7d", "db44bb6cba207bd9fa4cf54924609ac951542c90eb881661a0c92057ef85f0b7", "26515e880aaf2e119424c894836ed5c79a590c4764f4bae20d473d217832a01d", "ada5f594c110065e963f60e53a802dbbaf7321d244ab2bbe1cbd4abf7d90200c", "4521bf6f882807bdbb0c8f5f044c1415a543e2ca257ead36fba04c6a7919e6c0", "bf0dbed2199658935e948e57220075e24144639b7e8cdcd56d8c1887142d758a", "e9d09f322085232721e4239b087c8c66150e27322042a2ea5bd7bb42a501bcc7"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "unsigned-roaming-execution", "hashes": ["f66edfe9c475fe0522cd87c7738e3f86692ea37f0e1083e2cd0d7d8212c5d036", "6fd8c636c94dc1380aef341cde76a40a02ee7e18161daee955c45c5004d88fb3", "faeeb04040aa97fbfbe9df50bd1bfd08bfaf9c5d9a9ae5b90d173656da31cf43", "908bc59262f91f2c86e1159957b7b9adfd6ab186cafd4f767d8723cc5ceeda7d", "db44bb6cba207bd9fa4cf54924609ac951542c90eb881661a0c92057ef85f0b7", "26515e880aaf2e119424c894836ed5c79a590c4764f4bae20d473d217832a01d", "ada5f594c110065e963f60e53a802dbbaf7321d244ab2bbe1cbd4abf7d90200c", "4521bf6f882807bdbb0c8f5f044c1415a543e2ca257ead36fba04c6a7919e6c0", "bf0dbed2199658935e948e57220075e24144639b7e8cdcd56d8c1887142d758a", "e9d09f322085232721e4239b087c8c66150e27322042a2ea5bd7bb42a501bcc7"], "mitre_attack_tags": ["TA0005"]}, {"bi": "pe-filename-mismatch", "hashes": ["939036c35d85644dbca5216eb2e1bfb7fa67811046f8255482bc6cda2682c26c", "840b2b2bd08ec79d19b5504debdbad612518346599444e676e23789a8455047d", "4228742b043c47e0780ba276d9a8723ed7a510f22d201648122df1cd25802468", "979819e0c50c5f49306c4cfd771039671c095f22d921ef836275392efd0c3611", "f2405e47f4b46167eddfcd740204784d52cdd1d7b57c17fc00e5c686b7dc98de", "8ce009fe7fadda76ddcc21248231af4358fa92e7f877e73f0e37726476f85b01", "1a31c3549256936581d375838891a8ad4a71cbd05d225a186e99b5296a25916e", "be4462b4dcbb28eb5a251b40ee7a38a22e481dacd76fdd07e89c0c1d115ab6d7", "74f7c20fdee2b0e569b3fc7d42521c2b55b3c280d5e7bc8a767ccef5ab5c17ff"], "mitre_attack_tags": []}, {"bi": "process-long-cmdline", "hashes": ["939036c35d85644dbca5216eb2e1bfb7fa67811046f8255482bc6cda2682c26c", "4228742b043c47e0780ba276d9a8723ed7a510f22d201648122df1cd25802468", "979819e0c50c5f49306c4cfd771039671c095f22d921ef836275392efd0c3611", "83831a5b5db3553e3a122b266d889349a3380414c27e322266e9d93926831180", "f2405e47f4b46167eddfcd740204784d52cdd1d7b57c17fc00e5c686b7dc98de", "6c4911f38de2b08a9e7015453aeed31956019d78a1219f60dd79c10b3e0b3141", "1a31c3549256936581d375838891a8ad4a71cbd05d225a186e99b5296a25916e", "be4462b4dcbb28eb5a251b40ee7a38a22e481dacd76fdd07e89c0c1d115ab6d7", "74f7c20fdee2b0e569b3fc7d42521c2b55b3c280d5e7bc8a767ccef5ab5c17ff"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "malware-known-trojan-av", "hashes": ["939036c35d85644dbca5216eb2e1bfb7fa67811046f8255482bc6cda2682c26c", "840b2b2bd08ec79d19b5504debdbad612518346599444e676e23789a8455047d", "4228742b043c47e0780ba276d9a8723ed7a510f22d201648122df1cd25802468", "979819e0c50c5f49306c4cfd771039671c095f22d921ef836275392efd0c3611", "f2405e47f4b46167eddfcd740204784d52cdd1d7b57c17fc00e5c686b7dc98de", "8ce009fe7fadda76ddcc21248231af4358fa92e7f877e73f0e37726476f85b01", "1a31c3549256936581d375838891a8ad4a71cbd05d225a186e99b5296a25916e", "be4462b4dcbb28eb5a251b40ee7a38a22e481dacd76fdd07e89c0c1d115ab6d7", "74f7c20fdee2b0e569b3fc7d42521c2b55b3c280d5e7bc8a767ccef5ab5c17ff"], "mitre_attack_tags": []}, {"bi": "pe-uses-dot-net", "hashes": ["939036c35d85644dbca5216eb2e1bfb7fa67811046f8255482bc6cda2682c26c", "840b2b2bd08ec79d19b5504debdbad612518346599444e676e23789a8455047d", "4228742b043c47e0780ba276d9a8723ed7a510f22d201648122df1cd25802468", "979819e0c50c5f49306c4cfd771039671c095f22d921ef836275392efd0c3611", "f2405e47f4b46167eddfcd740204784d52cdd1d7b57c17fc00e5c686b7dc98de", "8ce009fe7fadda76ddcc21248231af4358fa92e7f877e73f0e37726476f85b01", "1a31c3549256936581d375838891a8ad4a71cbd05d225a186e99b5296a25916e", "be4462b4dcbb28eb5a251b40ee7a38a22e481dacd76fdd07e89c0c1d115ab6d7", "74f7c20fdee2b0e569b3fc7d42521c2b55b3c280d5e7bc8a767ccef5ab5c17ff"], "mitre_attack_tags": []}, {"bi": "potential-registry-persistence", "hashes": ["939036c35d85644dbca5216eb2e1bfb7fa67811046f8255482bc6cda2682c26c", "840b2b2bd08ec79d19b5504debdbad612518346599444e676e23789a8455047d", "4228742b043c47e0780ba276d9a8723ed7a510f22d201648122df1cd25802468", "979819e0c50c5f49306c4cfd771039671c095f22d921ef836275392efd0c3611", "f2405e47f4b46167eddfcd740204784d52cdd1d7b57c17fc00e5c686b7dc98de", "8ce009fe7fadda76ddcc21248231af4358fa92e7f877e73f0e37726476f85b01", "1a31c3549256936581d375838891a8ad4a71cbd05d225a186e99b5296a25916e", "be4462b4dcbb28eb5a251b40ee7a38a22e481dacd76fdd07e89c0c1d115ab6d7", "74f7c20fdee2b0e569b3fc7d42521c2b55b3c280d5e7bc8a767ccef5ab5c17ff"], "mitre_attack_tags": ["TA0003"]}, {"bi": "pe-tls-callback", "hashes": ["939036c35d85644dbca5216eb2e1bfb7fa67811046f8255482bc6cda2682c26c", "840b2b2bd08ec79d19b5504debdbad612518346599444e676e23789a8455047d", "4228742b043c47e0780ba276d9a8723ed7a510f22d201648122df1cd25802468", "979819e0c50c5f49306c4cfd771039671c095f22d921ef836275392efd0c3611", "f2405e47f4b46167eddfcd740204784d52cdd1d7b57c17fc00e5c686b7dc98de", "8ce009fe7fadda76ddcc21248231af4358fa92e7f877e73f0e37726476f85b01", "1a31c3549256936581d375838891a8ad4a71cbd05d225a186e99b5296a25916e", "be4462b4dcbb28eb5a251b40ee7a38a22e481dacd76fdd07e89c0c1d115ab6d7", "74f7c20fdee2b0e569b3fc7d42521c2b55b3c280d5e7bc8a767ccef5ab5c17ff"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-header-linker-major", "hashes": ["939036c35d85644dbca5216eb2e1bfb7fa67811046f8255482bc6cda2682c26c", "840b2b2bd08ec79d19b5504debdbad612518346599444e676e23789a8455047d", "4228742b043c47e0780ba276d9a8723ed7a510f22d201648122df1cd25802468", "979819e0c50c5f49306c4cfd771039671c095f22d921ef836275392efd0c3611", "f2405e47f4b46167eddfcd740204784d52cdd1d7b57c17fc00e5c686b7dc98de", "8ce009fe7fadda76ddcc21248231af4358fa92e7f877e73f0e37726476f85b01", "1a31c3549256936581d375838891a8ad4a71cbd05d225a186e99b5296a25916e", "be4462b4dcbb28eb5a251b40ee7a38a22e481dacd76fdd07e89c0c1d115ab6d7", "74f7c20fdee2b0e569b3fc7d42521c2b55b3c280d5e7bc8a767ccef5ab5c17ff"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-uses-fasm", "hashes": ["939036c35d85644dbca5216eb2e1bfb7fa67811046f8255482bc6cda2682c26c", "840b2b2bd08ec79d19b5504debdbad612518346599444e676e23789a8455047d", "4228742b043c47e0780ba276d9a8723ed7a510f22d201648122df1cd25802468", "979819e0c50c5f49306c4cfd771039671c095f22d921ef836275392efd0c3611", "f2405e47f4b46167eddfcd740204784d52cdd1d7b57c17fc00e5c686b7dc98de", "8ce009fe7fadda76ddcc21248231af4358fa92e7f877e73f0e37726476f85b01", "1a31c3549256936581d375838891a8ad4a71cbd05d225a186e99b5296a25916e", "be4462b4dcbb28eb5a251b40ee7a38a22e481dacd76fdd07e89c0c1d115ab6d7", "74f7c20fdee2b0e569b3fc7d42521c2b55b3c280d5e7bc8a767ccef5ab5c17ff"], "mitre_attack_tags": []}, {"bi": "pe-header-timestamp-future", "hashes": ["939036c35d85644dbca5216eb2e1bfb7fa67811046f8255482bc6cda2682c26c", "840b2b2bd08ec79d19b5504debdbad612518346599444e676e23789a8455047d", "4228742b043c47e0780ba276d9a8723ed7a510f22d201648122df1cd25802468", "979819e0c50c5f49306c4cfd771039671c095f22d921ef836275392efd0c3611", "f2405e47f4b46167eddfcd740204784d52cdd1d7b57c17fc00e5c686b7dc98de", "8ce009fe7fadda76ddcc21248231af4358fa92e7f877e73f0e37726476f85b01", "1a31c3549256936581d375838891a8ad4a71cbd05d225a186e99b5296a25916e", "be4462b4dcbb28eb5a251b40ee7a38a22e481dacd76fdd07e89c0c1d115ab6d7", "74f7c20fdee2b0e569b3fc7d42521c2b55b3c280d5e7bc8a767ccef5ab5c17ff"], "mitre_attack_tags": []}, {"bi": "pe-uses-iexpress", "hashes": ["939036c35d85644dbca5216eb2e1bfb7fa67811046f8255482bc6cda2682c26c", "840b2b2bd08ec79d19b5504debdbad612518346599444e676e23789a8455047d", "4228742b043c47e0780ba276d9a8723ed7a510f22d201648122df1cd25802468", "979819e0c50c5f49306c4cfd771039671c095f22d921ef836275392efd0c3611", "f2405e47f4b46167eddfcd740204784d52cdd1d7b57c17fc00e5c686b7dc98de", "8ce009fe7fadda76ddcc21248231af4358fa92e7f877e73f0e37726476f85b01", "1a31c3549256936581d375838891a8ad4a71cbd05d225a186e99b5296a25916e", "be4462b4dcbb28eb5a251b40ee7a38a22e481dacd76fdd07e89c0c1d115ab6d7", "74f7c20fdee2b0e569b3fc7d42521c2b55b3c280d5e7bc8a767ccef5ab5c17ff"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "excessive-foreign-memory-modification", "hashes": ["83831a5b5db3553e3a122b266d889349a3380414c27e322266e9d93926831180", "faeeb04040aa97fbfbe9df50bd1bfd08bfaf9c5d9a9ae5b90d173656da31cf43", "6c4911f38de2b08a9e7015453aeed31956019d78a1219f60dd79c10b3e0b3141", "a5fba9c9d35a709764284dd85a0781548055e92773182481dc7fd61e59771c0d", "26515e880aaf2e119424c894836ed5c79a590c4764f4bae20d473d217832a01d", "768eef12b8082acde11a4d3b62bd5424f8e95bb83f1b7b7a5bc4c62531ff2e20", "4521bf6f882807bdbb0c8f5f044c1415a543e2ca257ead36fba04c6a7919e6c0", "bf0dbed2199658935e948e57220075e24144639b7e8cdcd56d8c1887142d758a", "e9d09f322085232721e4239b087c8c66150e27322042a2ea5bd7bb42a501bcc7"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "windows-crash-tool-execution-detected", "hashes": ["6c737394b6f8c4fe504730f4bd3d8c66d6b2e625bf05214c1c4b409f5b0cd3a8", "faeeb04040aa97fbfbe9df50bd1bfd08bfaf9c5d9a9ae5b90d173656da31cf43", "af52a7b94279d62adfa28891989a3b71a7a17efc4550358933f822621157c6d0", "e8f2d98b28d262c52fad3b17e70895048a7e3581dc3fe78da3c7214b7b9ea7f0", "26515e880aaf2e119424c894836ed5c79a590c4764f4bae20d473d217832a01d", "03c857615f0b6602b4e501076ba73602b16531b6d83a2aa40e3ea38fb6909418", "4521bf6f882807bdbb0c8f5f044c1415a543e2ca257ead36fba04c6a7919e6c0", "bf0dbed2199658935e948e57220075e24144639b7e8cdcd56d8c1887142d758a", "e9d09f322085232721e4239b087c8c66150e27322042a2ea5bd7bb42a501bcc7"], "mitre_attack_tags": []}, {"bi": "crash-dump-file-created", "hashes": ["6c737394b6f8c4fe504730f4bd3d8c66d6b2e625bf05214c1c4b409f5b0cd3a8", "faeeb04040aa97fbfbe9df50bd1bfd08bfaf9c5d9a9ae5b90d173656da31cf43", "af52a7b94279d62adfa28891989a3b71a7a17efc4550358933f822621157c6d0", "e8f2d98b28d262c52fad3b17e70895048a7e3581dc3fe78da3c7214b7b9ea7f0", "26515e880aaf2e119424c894836ed5c79a590c4764f4bae20d473d217832a01d", "03c857615f0b6602b4e501076ba73602b16531b6d83a2aa40e3ea38fb6909418", "4521bf6f882807bdbb0c8f5f044c1415a543e2ca257ead36fba04c6a7919e6c0", "bf0dbed2199658935e948e57220075e24144639b7e8cdcd56d8c1887142d758a", "e9d09f322085232721e4239b087c8c66150e27322042a2ea5bd7bb42a501bcc7"], "mitre_attack_tags": []}, {"bi": "fault-report-file-created", "hashes": ["6c737394b6f8c4fe504730f4bd3d8c66d6b2e625bf05214c1c4b409f5b0cd3a8", "faeeb04040aa97fbfbe9df50bd1bfd08bfaf9c5d9a9ae5b90d173656da31cf43", "af52a7b94279d62adfa28891989a3b71a7a17efc4550358933f822621157c6d0", "e8f2d98b28d262c52fad3b17e70895048a7e3581dc3fe78da3c7214b7b9ea7f0", "26515e880aaf2e119424c894836ed5c79a590c4764f4bae20d473d217832a01d", "03c857615f0b6602b4e501076ba73602b16531b6d83a2aa40e3ea38fb6909418", "4521bf6f882807bdbb0c8f5f044c1415a543e2ca257ead36fba04c6a7919e6c0", "bf0dbed2199658935e948e57220075e24144639b7e8cdcd56d8c1887142d758a", "e9d09f322085232721e4239b087c8c66150e27322042a2ea5bd7bb42a501bcc7"], "mitre_attack_tags": []}, {"bi": "network-file-uploaded", "hashes": ["939036c35d85644dbca5216eb2e1bfb7fa67811046f8255482bc6cda2682c26c", "4228742b043c47e0780ba276d9a8723ed7a510f22d201648122df1cd25802468", "979819e0c50c5f49306c4cfd771039671c095f22d921ef836275392efd0c3611", "f2405e47f4b46167eddfcd740204784d52cdd1d7b57c17fc00e5c686b7dc98de", "6c4911f38de2b08a9e7015453aeed31956019d78a1219f60dd79c10b3e0b3141", "1a31c3549256936581d375838891a8ad4a71cbd05d225a186e99b5296a25916e", "be4462b4dcbb28eb5a251b40ee7a38a22e481dacd76fdd07e89c0c1d115ab6d7", "74f7c20fdee2b0e569b3fc7d42521c2b55b3c280d5e7bc8a767ccef5ab5c17ff"], "mitre_attack_tags": ["TA0010", "T1011"]}, {"bi": "network-communications-http-post", "hashes": ["939036c35d85644dbca5216eb2e1bfb7fa67811046f8255482bc6cda2682c26c", "4228742b043c47e0780ba276d9a8723ed7a510f22d201648122df1cd25802468", "979819e0c50c5f49306c4cfd771039671c095f22d921ef836275392efd0c3611", "f2405e47f4b46167eddfcd740204784d52cdd1d7b57c17fc00e5c686b7dc98de", "6c4911f38de2b08a9e7015453aeed31956019d78a1219f60dd79c10b3e0b3141", "1a31c3549256936581d375838891a8ad4a71cbd05d225a186e99b5296a25916e", "be4462b4dcbb28eb5a251b40ee7a38a22e481dacd76fdd07e89c0c1d115ab6d7", "74f7c20fdee2b0e569b3fc7d42521c2b55b3c280d5e7bc8a767ccef5ab5c17ff"], "mitre_attack_tags": ["TA0010", "T1048"]}, {"bi": "network-fast-flux-domain", "hashes": ["83831a5b5db3553e3a122b266d889349a3380414c27e322266e9d93926831180", "faeeb04040aa97fbfbe9df50bd1bfd08bfaf9c5d9a9ae5b90d173656da31cf43", "6c4911f38de2b08a9e7015453aeed31956019d78a1219f60dd79c10b3e0b3141", "4be0b658faf09a05495a9ae17ac6c58ec392ed6c4624859fc1c5b275eb36f627", "26515e880aaf2e119424c894836ed5c79a590c4764f4bae20d473d217832a01d", "4521bf6f882807bdbb0c8f5f044c1415a543e2ca257ead36fba04c6a7919e6c0", "bf0dbed2199658935e948e57220075e24144639b7e8cdcd56d8c1887142d758a", "e9d09f322085232721e4239b087c8c66150e27322042a2ea5bd7bb42a501bcc7"], "mitre_attack_tags": []}, {"bi": "feed-domain-antivirus-service", "hashes": ["83831a5b5db3553e3a122b266d889349a3380414c27e322266e9d93926831180", "faeeb04040aa97fbfbe9df50bd1bfd08bfaf9c5d9a9ae5b90d173656da31cf43", "6c4911f38de2b08a9e7015453aeed31956019d78a1219f60dd79c10b3e0b3141", "4be0b658faf09a05495a9ae17ac6c58ec392ed6c4624859fc1c5b275eb36f627", "26515e880aaf2e119424c894836ed5c79a590c4764f4bae20d473d217832a01d", "4521bf6f882807bdbb0c8f5f044c1415a543e2ca257ead36fba04c6a7919e6c0", "bf0dbed2199658935e948e57220075e24144639b7e8cdcd56d8c1887142d758a", "e9d09f322085232721e4239b087c8c66150e27322042a2ea5bd7bb42a501bcc7"], "mitre_attack_tags": []}, {"bi": "windows-util-schtask-generic", "hashes": ["939036c35d85644dbca5216eb2e1bfb7fa67811046f8255482bc6cda2682c26c", "4228742b043c47e0780ba276d9a8723ed7a510f22d201648122df1cd25802468", "979819e0c50c5f49306c4cfd771039671c095f22d921ef836275392efd0c3611", "f2405e47f4b46167eddfcd740204784d52cdd1d7b57c17fc00e5c686b7dc98de", "1a31c3549256936581d375838891a8ad4a71cbd05d225a186e99b5296a25916e", "be4462b4dcbb28eb5a251b40ee7a38a22e481dacd76fdd07e89c0c1d115ab6d7", "74f7c20fdee2b0e569b3fc7d42521c2b55b3c280d5e7bc8a767ccef5ab5c17ff"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1053"]}, {"bi": "malware-generic-dotnet-trojan-uses-random-guid-mutex", "hashes": ["939036c35d85644dbca5216eb2e1bfb7fa67811046f8255482bc6cda2682c26c", "4228742b043c47e0780ba276d9a8723ed7a510f22d201648122df1cd25802468", "979819e0c50c5f49306c4cfd771039671c095f22d921ef836275392efd0c3611", "f2405e47f4b46167eddfcd740204784d52cdd1d7b57c17fc00e5c686b7dc98de", "1a31c3549256936581d375838891a8ad4a71cbd05d225a186e99b5296a25916e", "be4462b4dcbb28eb5a251b40ee7a38a22e481dacd76fdd07e89c0c1d115ab6d7", "74f7c20fdee2b0e569b3fc7d42521c2b55b3c280d5e7bc8a767ccef5ab5c17ff"], "mitre_attack_tags": []}, {"bi": "task-pointed-to-appdata-directory", "hashes": ["939036c35d85644dbca5216eb2e1bfb7fa67811046f8255482bc6cda2682c26c", "4228742b043c47e0780ba276d9a8723ed7a510f22d201648122df1cd25802468", "979819e0c50c5f49306c4cfd771039671c095f22d921ef836275392efd0c3611", "f2405e47f4b46167eddfcd740204784d52cdd1d7b57c17fc00e5c686b7dc98de", "1a31c3549256936581d375838891a8ad4a71cbd05d225a186e99b5296a25916e", "be4462b4dcbb28eb5a251b40ee7a38a22e481dacd76fdd07e89c0c1d115ab6d7", "74f7c20fdee2b0e569b3fc7d42521c2b55b3c280d5e7bc8a767ccef5ab5c17ff"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1053"]}, {"bi": "registry-user-shell-folder-modified", "hashes": ["939036c35d85644dbca5216eb2e1bfb7fa67811046f8255482bc6cda2682c26c", "4228742b043c47e0780ba276d9a8723ed7a510f22d201648122df1cd25802468", "979819e0c50c5f49306c4cfd771039671c095f22d921ef836275392efd0c3611", "f2405e47f4b46167eddfcd740204784d52cdd1d7b57c17fc00e5c686b7dc98de", "1a31c3549256936581d375838891a8ad4a71cbd05d225a186e99b5296a25916e", "be4462b4dcbb28eb5a251b40ee7a38a22e481dacd76fdd07e89c0c1d115ab6d7", "74f7c20fdee2b0e569b3fc7d42521c2b55b3c280d5e7bc8a767ccef5ab5c17ff"], "mitre_attack_tags": ["TA0005", "TA0003", "TA0004", "T1112", "T1547"]}, {"bi": "network-opendns-malicious", "hashes": ["83831a5b5db3553e3a122b266d889349a3380414c27e322266e9d93926831180", "faeeb04040aa97fbfbe9df50bd1bfd08bfaf9c5d9a9ae5b90d173656da31cf43", "6c4911f38de2b08a9e7015453aeed31956019d78a1219f60dd79c10b3e0b3141", "26515e880aaf2e119424c894836ed5c79a590c4764f4bae20d473d217832a01d", "4521bf6f882807bdbb0c8f5f044c1415a543e2ca257ead36fba04c6a7919e6c0", "bf0dbed2199658935e948e57220075e24144639b7e8cdcd56d8c1887142d758a", "e9d09f322085232721e4239b087c8c66150e27322042a2ea5bd7bb42a501bcc7"], "mitre_attack_tags": []}, {"bi": "network-only-safe-domains-contacted", "hashes": ["83831a5b5db3553e3a122b266d889349a3380414c27e322266e9d93926831180", "faeeb04040aa97fbfbe9df50bd1bfd08bfaf9c5d9a9ae5b90d173656da31cf43", "6c4911f38de2b08a9e7015453aeed31956019d78a1219f60dd79c10b3e0b3141", "26515e880aaf2e119424c894836ed5c79a590c4764f4bae20d473d217832a01d", "4521bf6f882807bdbb0c8f5f044c1415a543e2ca257ead36fba04c6a7919e6c0", "bf0dbed2199658935e948e57220075e24144639b7e8cdcd56d8c1887142d758a", "e9d09f322085232721e4239b087c8c66150e27322042a2ea5bd7bb42a501bcc7"], "mitre_attack_tags": []}, {"bi": "process-requested-named-pipe", "hashes": ["83831a5b5db3553e3a122b266d889349a3380414c27e322266e9d93926831180", "faeeb04040aa97fbfbe9df50bd1bfd08bfaf9c5d9a9ae5b90d173656da31cf43", "6c4911f38de2b08a9e7015453aeed31956019d78a1219f60dd79c10b3e0b3141", "26515e880aaf2e119424c894836ed5c79a590c4764f4bae20d473d217832a01d", "4521bf6f882807bdbb0c8f5f044c1415a543e2ca257ead36fba04c6a7919e6c0", "bf0dbed2199658935e948e57220075e24144639b7e8cdcd56d8c1887142d758a", "e9d09f322085232721e4239b087c8c66150e27322042a2ea5bd7bb42a501bcc7"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "sample-launched-copy-of-self", "hashes": ["faeeb04040aa97fbfbe9df50bd1bfd08bfaf9c5d9a9ae5b90d173656da31cf43", "a5fba9c9d35a709764284dd85a0781548055e92773182481dc7fd61e59771c0d", "26515e880aaf2e119424c894836ed5c79a590c4764f4bae20d473d217832a01d", "768eef12b8082acde11a4d3b62bd5424f8e95bb83f1b7b7a5bc4c62531ff2e20", "4521bf6f882807bdbb0c8f5f044c1415a543e2ca257ead36fba04c6a7919e6c0", "bf0dbed2199658935e948e57220075e24144639b7e8cdcd56d8c1887142d758a", "e9d09f322085232721e4239b087c8c66150e27322042a2ea5bd7bb42a501bcc7"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "process-hollowing-detected", "hashes": ["faeeb04040aa97fbfbe9df50bd1bfd08bfaf9c5d9a9ae5b90d173656da31cf43", "a5fba9c9d35a709764284dd85a0781548055e92773182481dc7fd61e59771c0d", "26515e880aaf2e119424c894836ed5c79a590c4764f4bae20d473d217832a01d", "768eef12b8082acde11a4d3b62bd5424f8e95bb83f1b7b7a5bc4c62531ff2e20", "4521bf6f882807bdbb0c8f5f044c1415a543e2ca257ead36fba04c6a7919e6c0", "bf0dbed2199658935e948e57220075e24144639b7e8cdcd56d8c1887142d758a", "e9d09f322085232721e4239b087c8c66150e27322042a2ea5bd7bb42a501bcc7"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "pe-imports-toolhelp", "hashes": ["a94d813c9217947da23706f2e400b89cc31fe6973cd3539ff1559b74f9eda100", "faeeb04040aa97fbfbe9df50bd1bfd08bfaf9c5d9a9ae5b90d173656da31cf43", "26515e880aaf2e119424c894836ed5c79a590c4764f4bae20d473d217832a01d", "4521bf6f882807bdbb0c8f5f044c1415a543e2ca257ead36fba04c6a7919e6c0", "bf0dbed2199658935e948e57220075e24144639b7e8cdcd56d8c1887142d758a", "e9d09f322085232721e4239b087c8c66150e27322042a2ea5bd7bb42a501bcc7"], "mitre_attack_tags": ["TA0007", "T1057"]}, {"bi": "network-downloaded-executable", "hashes": ["faeeb04040aa97fbfbe9df50bd1bfd08bfaf9c5d9a9ae5b90d173656da31cf43", "26515e880aaf2e119424c894836ed5c79a590c4764f4bae20d473d217832a01d", "4521bf6f882807bdbb0c8f5f044c1415a543e2ca257ead36fba04c6a7919e6c0", "bf0dbed2199658935e948e57220075e24144639b7e8cdcd56d8c1887142d758a", "e9d09f322085232721e4239b087c8c66150e27322042a2ea5bd7bb42a501bcc7"], "mitre_attack_tags": ["TA0011", "T1105"]}, {"bi": "network-snort-file-exe", "hashes": ["faeeb04040aa97fbfbe9df50bd1bfd08bfaf9c5d9a9ae5b90d173656da31cf43", "26515e880aaf2e119424c894836ed5c79a590c4764f4bae20d473d217832a01d", "4521bf6f882807bdbb0c8f5f044c1415a543e2ca257ead36fba04c6a7919e6c0", "bf0dbed2199658935e948e57220075e24144639b7e8cdcd56d8c1887142d758a", "e9d09f322085232721e4239b087c8c66150e27322042a2ea5bd7bb42a501bcc7"], "mitre_attack_tags": []}, {"bi": "network-dns-download-executable", "hashes": ["faeeb04040aa97fbfbe9df50bd1bfd08bfaf9c5d9a9ae5b90d173656da31cf43", "26515e880aaf2e119424c894836ed5c79a590c4764f4bae20d473d217832a01d", "4521bf6f882807bdbb0c8f5f044c1415a543e2ca257ead36fba04c6a7919e6c0", "bf0dbed2199658935e948e57220075e24144639b7e8cdcd56d8c1887142d758a", "e9d09f322085232721e4239b087c8c66150e27322042a2ea5bd7bb42a501bcc7"], "mitre_attack_tags": []}, {"bi": "network-dns-malicious-snort", "hashes": ["faeeb04040aa97fbfbe9df50bd1bfd08bfaf9c5d9a9ae5b90d173656da31cf43", "26515e880aaf2e119424c894836ed5c79a590c4764f4bae20d473d217832a01d", "4521bf6f882807bdbb0c8f5f044c1415a543e2ca257ead36fba04c6a7919e6c0", "bf0dbed2199658935e948e57220075e24144639b7e8cdcd56d8c1887142d758a", "e9d09f322085232721e4239b087c8c66150e27322042a2ea5bd7bb42a501bcc7"], "mitre_attack_tags": ["TA0011", "T1102"]}, {"bi": "network-downloaded-executed-from", "hashes": ["faeeb04040aa97fbfbe9df50bd1bfd08bfaf9c5d9a9ae5b90d173656da31cf43", "26515e880aaf2e119424c894836ed5c79a590c4764f4bae20d473d217832a01d", "4521bf6f882807bdbb0c8f5f044c1415a543e2ca257ead36fba04c6a7919e6c0", "bf0dbed2199658935e948e57220075e24144639b7e8cdcd56d8c1887142d758a", "e9d09f322085232721e4239b087c8c66150e27322042a2ea5bd7bb42a501bcc7"], "mitre_attack_tags": ["TA0011", "T1105"]}, {"bi": "network-snort-indicator-compromise", "hashes": ["faeeb04040aa97fbfbe9df50bd1bfd08bfaf9c5d9a9ae5b90d173656da31cf43", "26515e880aaf2e119424c894836ed5c79a590c4764f4bae20d473d217832a01d", "4521bf6f882807bdbb0c8f5f044c1415a543e2ca257ead36fba04c6a7919e6c0", "bf0dbed2199658935e948e57220075e24144639b7e8cdcd56d8c1887142d758a", "e9d09f322085232721e4239b087c8c66150e27322042a2ea5bd7bb42a501bcc7"], "mitre_attack_tags": []}, {"bi": "sample-launched-copy-domain-flagged", "hashes": ["faeeb04040aa97fbfbe9df50bd1bfd08bfaf9c5d9a9ae5b90d173656da31cf43", "26515e880aaf2e119424c894836ed5c79a590c4764f4bae20d473d217832a01d", "4521bf6f882807bdbb0c8f5f044c1415a543e2ca257ead36fba04c6a7919e6c0", "bf0dbed2199658935e948e57220075e24144639b7e8cdcd56d8c1887142d758a", "e9d09f322085232721e4239b087c8c66150e27322042a2ea5bd7bb42a501bcc7"], "mitre_attack_tags": ["TA0011", "T1102"]}, {"bi": "network-downloaded-antivirus-flagged", "hashes": ["faeeb04040aa97fbfbe9df50bd1bfd08bfaf9c5d9a9ae5b90d173656da31cf43", "26515e880aaf2e119424c894836ed5c79a590c4764f4bae20d473d217832a01d", "4521bf6f882807bdbb0c8f5f044c1415a543e2ca257ead36fba04c6a7919e6c0", "bf0dbed2199658935e948e57220075e24144639b7e8cdcd56d8c1887142d758a", "e9d09f322085232721e4239b087c8c66150e27322042a2ea5bd7bb42a501bcc7"], "mitre_attack_tags": []}, {"bi": "feed-domain-ransomware", "hashes": ["faeeb04040aa97fbfbe9df50bd1bfd08bfaf9c5d9a9ae5b90d173656da31cf43", "26515e880aaf2e119424c894836ed5c79a590c4764f4bae20d473d217832a01d", "4521bf6f882807bdbb0c8f5f044c1415a543e2ca257ead36fba04c6a7919e6c0", "bf0dbed2199658935e948e57220075e24144639b7e8cdcd56d8c1887142d758a", "e9d09f322085232721e4239b087c8c66150e27322042a2ea5bd7bb42a501bcc7"], "mitre_attack_tags": []}, {"bi": "malware-ransomware-djvu-file-path", "hashes": ["faeeb04040aa97fbfbe9df50bd1bfd08bfaf9c5d9a9ae5b90d173656da31cf43", "26515e880aaf2e119424c894836ed5c79a590c4764f4bae20d473d217832a01d", "4521bf6f882807bdbb0c8f5f044c1415a543e2ca257ead36fba04c6a7919e6c0", "bf0dbed2199658935e948e57220075e24144639b7e8cdcd56d8c1887142d758a", "e9d09f322085232721e4239b087c8c66150e27322042a2ea5bd7bb42a501bcc7"], "mitre_attack_tags": ["TA0040", "T1486"]}, {"bi": "created-executable-sample-appdata", "hashes": ["faeeb04040aa97fbfbe9df50bd1bfd08bfaf9c5d9a9ae5b90d173656da31cf43", "26515e880aaf2e119424c894836ed5c79a590c4764f4bae20d473d217832a01d", "4521bf6f882807bdbb0c8f5f044c1415a543e2ca257ead36fba04c6a7919e6c0", "bf0dbed2199658935e948e57220075e24144639b7e8cdcd56d8c1887142d758a", "e9d09f322085232721e4239b087c8c66150e27322042a2ea5bd7bb42a501bcc7"], "mitre_attack_tags": ["TA0005", "T1564"]}, {"bi": "registry-service-with-autostart-created", "hashes": ["83831a5b5db3553e3a122b266d889349a3380414c27e322266e9d93926831180", "6c4911f38de2b08a9e7015453aeed31956019d78a1219f60dd79c10b3e0b3141"], "mitre_attack_tags": ["TA0005", "TA0003", "TA0004", "T1112", "T1574"]}, {"bi": "currentcontrolset-service-added", "hashes": ["83831a5b5db3553e3a122b266d889349a3380414c27e322266e9d93926831180", "6c4911f38de2b08a9e7015453aeed31956019d78a1219f60dd79c10b3e0b3141"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1569", "T1547"]}, {"bi": "network-fast-flux-nameserver", "hashes": ["83831a5b5db3553e3a122b266d889349a3380414c27e322266e9d93926831180", "6c4911f38de2b08a9e7015453aeed31956019d78a1219f60dd79c10b3e0b3141"], "mitre_attack_tags": []}, {"bi": "network-communications-smtp", "hashes": ["83831a5b5db3553e3a122b266d889349a3380414c27e322266e9d93926831180", "6c4911f38de2b08a9e7015453aeed31956019d78a1219f60dd79c10b3e0b3141"], "mitre_attack_tags": ["TA0011", "T1071"]}, {"bi": "dns-query-nxdomain", "hashes": ["83831a5b5db3553e3a122b266d889349a3380414c27e322266e9d93926831180", "6c4911f38de2b08a9e7015453aeed31956019d78a1219f60dd79c10b3e0b3141"], "mitre_attack_tags": []}, {"bi": "network-smtp-spambot", "hashes": ["83831a5b5db3553e3a122b266d889349a3380414c27e322266e9d93926831180", "6c4911f38de2b08a9e7015453aeed31956019d78a1219f60dd79c10b3e0b3141"], "mitre_attack_tags": []}, {"bi": "feed-domain-rat", "hashes": ["83831a5b5db3553e3a122b266d889349a3380414c27e322266e9d93926831180", "6c4911f38de2b08a9e7015453aeed31956019d78a1219f60dd79c10b3e0b3141"], "mitre_attack_tags": []}, {"bi": "deleted-submitted-file", "hashes": ["83831a5b5db3553e3a122b266d889349a3380414c27e322266e9d93926831180", "6c4911f38de2b08a9e7015453aeed31956019d78a1219f60dd79c10b3e0b3141"], "mitre_attack_tags": ["TA0005"]}, {"bi": "process-svchost-suspicious-launch", "hashes": ["83831a5b5db3553e3a122b266d889349a3380414c27e322266e9d93926831180", "6c4911f38de2b08a9e7015453aeed31956019d78a1219f60dd79c10b3e0b3141"], "mitre_attack_tags": ["TA0005", "T1036"]}, {"bi": "altered-sample-dns-flagged", "hashes": ["83831a5b5db3553e3a122b266d889349a3380414c27e322266e9d93926831180", "6c4911f38de2b08a9e7015453aeed31956019d78a1219f60dd79c10b3e0b3141"], "mitre_attack_tags": ["TA0011", "T1102"]}, {"bi": "cmd-exe-file-execution", "hashes": ["83831a5b5db3553e3a122b266d889349a3380414c27e322266e9d93926831180", "6c4911f38de2b08a9e7015453aeed31956019d78a1219f60dd79c10b3e0b3141"], "mitre_attack_tags": ["TA0002", "T1059"]}, {"bi": "network-dns-category-cnc", "hashes": ["83831a5b5db3553e3a122b266d889349a3380414c27e322266e9d93926831180", "6c4911f38de2b08a9e7015453aeed31956019d78a1219f60dd79c10b3e0b3141"], "mitre_attack_tags": ["TA0011"]}, {"bi": "sc-service-start", "hashes": ["83831a5b5db3553e3a122b266d889349a3380414c27e322266e9d93926831180", "6c4911f38de2b08a9e7015453aeed31956019d78a1219f60dd79c10b3e0b3141"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1569", "T1543"]}, {"bi": "netbios-null-domain", "hashes": ["83831a5b5db3553e3a122b266d889349a3380414c27e322266e9d93926831180", "6c4911f38de2b08a9e7015453aeed31956019d78a1219f60dd79c10b3e0b3141"], "mitre_attack_tags": []}, {"bi": "file-alternate-data-stream-modification", "hashes": ["83831a5b5db3553e3a122b266d889349a3380414c27e322266e9d93926831180", "6c4911f38de2b08a9e7015453aeed31956019d78a1219f60dd79c10b3e0b3141"], "mitre_attack_tags": ["TA0005", "T1564"]}, {"bi": "malware-tofsee-cmd-detected", "hashes": ["83831a5b5db3553e3a122b266d889349a3380414c27e322266e9d93926831180", "6c4911f38de2b08a9e7015453aeed31956019d78a1219f60dd79c10b3e0b3141"], "mitre_attack_tags": ["TA0005", "T1562"]}, {"bi": "netsh-firewall-generic", "hashes": ["83831a5b5db3553e3a122b266d889349a3380414c27e322266e9d93926831180", "6c4911f38de2b08a9e7015453aeed31956019d78a1219f60dd79c10b3e0b3141"], "mitre_attack_tags": ["TA0007", "TA0005", "T1016", "T1562"]}, {"bi": "sc-service-create", "hashes": ["83831a5b5db3553e3a122b266d889349a3380414c27e322266e9d93926831180", "6c4911f38de2b08a9e7015453aeed31956019d78a1219f60dd79c10b3e0b3141"], "mitre_attack_tags": ["TA0003", "TA0004", "T1543"]}, {"bi": "file-alternate-data-stream-creation", "hashes": ["83831a5b5db3553e3a122b266d889349a3380414c27e322266e9d93926831180", "6c4911f38de2b08a9e7015453aeed31956019d78a1219f60dd79c10b3e0b3141"], "mitre_attack_tags": ["TA0005", "T1564"]}, {"bi": "registry-windows-defender-exclusions-added", "hashes": ["83831a5b5db3553e3a122b266d889349a3380414c27e322266e9d93926831180", "6c4911f38de2b08a9e7015453aeed31956019d78a1219f60dd79c10b3e0b3141"], "mitre_attack_tags": ["TA0005", "T1562"]}, {"bi": "dns-bypassed-assigned-server", "hashes": ["83831a5b5db3553e3a122b266d889349a3380414c27e322266e9d93926831180", "6c4911f38de2b08a9e7015453aeed31956019d78a1219f60dd79c10b3e0b3141"], "mitre_attack_tags": ["TA0011", "TA0005"]}, {"bi": "netsh-firewall-add", "hashes": ["83831a5b5db3553e3a122b266d889349a3380414c27e322266e9d93926831180", "6c4911f38de2b08a9e7015453aeed31956019d78a1219f60dd79c10b3e0b3141"], "mitre_attack_tags": ["TA0005", "T1562"]}, {"bi": "sc-service-create-execute", "hashes": ["83831a5b5db3553e3a122b266d889349a3380414c27e322266e9d93926831180", "6c4911f38de2b08a9e7015453aeed31956019d78a1219f60dd79c10b3e0b3141"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1569", "T1543"]}, {"bi": "excessive-tcp-connections", "hashes": ["a94d813c9217947da23706f2e400b89cc31fe6973cd3539ff1559b74f9eda100"], "mitre_attack_tags": ["TA0011", "T1095", "T1008"]}, {"bi": "network-http-non-standard-port", "hashes": ["6c4911f38de2b08a9e7015453aeed31956019d78a1219f60dd79c10b3e0b3141"], "mitre_attack_tags": ["TA0011", "T1571"]}, {"bi": "dns-excessive-domain-queries", "hashes": ["6c4911f38de2b08a9e7015453aeed31956019d78a1219f60dd79c10b3e0b3141"], "mitre_attack_tags": ["TA0011", "T1008"]}, {"bi": "network-smtp-spambot-v2", "hashes": ["6c4911f38de2b08a9e7015453aeed31956019d78a1219f60dd79c10b3e0b3141"], "mitre_attack_tags": []}, {"bi": "network-snort-sensitive-data", "hashes": ["6c4911f38de2b08a9e7015453aeed31956019d78a1219f60dd79c10b3e0b3141"], "mitre_attack_tags": []}, {"bi": "network-dns-category-file-storage", "hashes": ["6c4911f38de2b08a9e7015453aeed31956019d78a1219f60dd79c10b3e0b3141"], "mitre_attack_tags": []}, {"bi": "listening-port-opened", "hashes": ["6c4911f38de2b08a9e7015453aeed31956019d78a1219f60dd79c10b3e0b3141"], "mitre_attack_tags": ["TA0011", "T1219"]}, {"bi": "localhost-ipaddress-detected", "hashes": ["6c4911f38de2b08a9e7015453aeed31956019d78a1219f60dd79c10b3e0b3141"], "mitre_attack_tags": []}, {"bi": "http-response-redirect", "hashes": ["6c4911f38de2b08a9e7015453aeed31956019d78a1219f60dd79c10b3e0b3141"], "mitre_attack_tags": []}, {"bi": "registry-large-data-entry", "hashes": ["6c4911f38de2b08a9e7015453aeed31956019d78a1219f60dd79c10b3e0b3141"], "mitre_attack_tags": ["TA0005", "T1112"]}, {"bi": "html-small-file-redirect", "hashes": ["6c4911f38de2b08a9e7015453aeed31956019d78a1219f60dd79c10b3e0b3141"], "mitre_attack_tags": []}, {"bi": "malware-tofsee-domain-detected", "hashes": ["6c4911f38de2b08a9e7015453aeed31956019d78a1219f60dd79c10b3e0b3141"], "mitre_attack_tags": []}, {"bi": "malware-tofsee-filepath", "hashes": ["6c4911f38de2b08a9e7015453aeed31956019d78a1219f60dd79c10b3e0b3141"], "mitre_attack_tags": ["TA0011", "TA0005", "T1105", "T1112"]}, {"bi": "double-url-detected", "hashes": ["6c4911f38de2b08a9e7015453aeed31956019d78a1219f60dd79c10b3e0b3141"], "mitre_attack_tags": ["TA0011", "T1102"]}, {"bi": "zen-spamhaus-domain-contacted", "hashes": ["6c4911f38de2b08a9e7015453aeed31956019d78a1219f60dd79c10b3e0b3141"], "mitre_attack_tags": ["TA0005", "TA0007", "T1497"]}], "category": "Dropper", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": true, "Threat Grid": true, "Umbrella": true, "WSA": true}, "description": "Tofsee is multi-purpose malware that features several modules used to carry out various activities such as sending spam messages, conducting click fraud, mining cryptocurrency, and more. Infected systems become part of the Tofsee spam botnet and are used to send large volumes of spam messages to infect additional systems and increase the size of the botnet.", "hashes": ["03924699129f7f0b9a65041a4dcf96185004b90bd4d6017adfd720412630fbd4", "03c857615f0b6602b4e501076ba73602b16531b6d83a2aa40e3ea38fb6909418", "198fcd646496fa679b3ee7127d0dbae4eb42776f3789562afb8c4afff0caec72", "1a31c3549256936581d375838891a8ad4a71cbd05d225a186e99b5296a25916e", "1c7cd8e86443aa599665ef2c4d1264f9efd82b4d4d6e0460a18b97c2f1582aea", "26515e880aaf2e119424c894836ed5c79a590c4764f4bae20d473d217832a01d", "2849b4a5145d840a746643b01050e13c0bc35151413da47d5b174a00c64b1c73", "337d917fe321f1e54f3927061475587a278314b7c8266955430bb4b8876cdf4a", "4228742b043c47e0780ba276d9a8723ed7a510f22d201648122df1cd25802468", "4521bf6f882807bdbb0c8f5f044c1415a543e2ca257ead36fba04c6a7919e6c0", "4be0b658faf09a05495a9ae17ac6c58ec392ed6c4624859fc1c5b275eb36f627", "4e421a44146530c1ac6f0976024b53c3c86d8be05d0f446bc95510de7eeb3925", "521a9ce550a408da634f02b39b4f8d18c37d9a4a5aa4c92948532dd175afe0ea", "5a66c05a5d48e8c178f9e656ba1cc6e124e552af6d947af29e3afcb435dd31ce", "605a483757ecf0738b4b4a019a46a4d6b9e3fc07b6e845f0264b27821df1078c", "6c4911f38de2b08a9e7015453aeed31956019d78a1219f60dd79c10b3e0b3141", "6c737394b6f8c4fe504730f4bd3d8c66d6b2e625bf05214c1c4b409f5b0cd3a8", "6fd8c636c94dc1380aef341cde76a40a02ee7e18161daee955c45c5004d88fb3", "74f7c20fdee2b0e569b3fc7d42521c2b55b3c280d5e7bc8a767ccef5ab5c17ff", "768eef12b8082acde11a4d3b62bd5424f8e95bb83f1b7b7a5bc4c62531ff2e20", "83831a5b5db3553e3a122b266d889349a3380414c27e322266e9d93926831180", "840b2b2bd08ec79d19b5504debdbad612518346599444e676e23789a8455047d", "847d9652c563b3315fc34fd708aecdde038aec8c2fb13997a72b6fd894579e34", "8ce009fe7fadda76ddcc21248231af4358fa92e7f877e73f0e37726476f85b01", "908bc59262f91f2c86e1159957b7b9adfd6ab186cafd4f767d8723cc5ceeda7d", "939036c35d85644dbca5216eb2e1bfb7fa67811046f8255482bc6cda2682c26c", "979819e0c50c5f49306c4cfd771039671c095f22d921ef836275392efd0c3611", "a5fba9c9d35a709764284dd85a0781548055e92773182481dc7fd61e59771c0d", "a94d813c9217947da23706f2e400b89cc31fe6973cd3539ff1559b74f9eda100", "ada5f594c110065e963f60e53a802dbbaf7321d244ab2bbe1cbd4abf7d90200c", "af52a7b94279d62adfa28891989a3b71a7a17efc4550358933f822621157c6d0", "afce5d660d26f82af8addf704455c951756bcc4e0629b46b4cc56428e224f315", "ba138751a85fa76814cb894a80bc7275a665931be5830296a15bd54f504e0ab4", "be23b54bcac341046ed5a2c35a1ee830610e578627978c2bb012138dfff6a3f5", "be4462b4dcbb28eb5a251b40ee7a38a22e481dacd76fdd07e89c0c1d115ab6d7", "bf0dbed2199658935e948e57220075e24144639b7e8cdcd56d8c1887142d758a", "cbb4f76caa2e58533c0cd7ada651ccb8c8069879bfe4d04d6b8a0c658ca13397", "d5252b92597828b52ddec826eb84b24f492480d076eed9aeec80cc3b93a0118a", "db44bb6cba207bd9fa4cf54924609ac951542c90eb881661a0c92057ef85f0b7", "e8f2d98b28d262c52fad3b17e70895048a7e3581dc3fe78da3c7214b7b9ea7f0", "e9d09f322085232721e4239b087c8c66150e27322042a2ea5bd7bb42a501bcc7", "ef68efd56c698763b226dfd09a07c88bb4bf9d9e0ce3cce6a4667e7d5cbf9969", "f2405e47f4b46167eddfcd740204784d52cdd1d7b57c17fc00e5c686b7dc98de", "f66edfe9c475fe0522cd87c7738e3f86692ea37f0e1083e2cd0d7d8212c5d036", "faeeb04040aa97fbfbe9df50bd1bfd08bfaf9c5d9a9ae5b90d173656da31cf43"], "iocs": {"domain": [{"hashes": ["26515e880aaf2e119424c894836ed5c79a590c4764f4bae20d473d217832a01d", "4521bf6f882807bdbb0c8f5f044c1415a543e2ca257ead36fba04c6a7919e6c0", "bf0dbed2199658935e948e57220075e24144639b7e8cdcd56d8c1887142d758a", "e9d09f322085232721e4239b087c8c66150e27322042a2ea5bd7bb42a501bcc7", "faeeb04040aa97fbfbe9df50bd1bfd08bfaf9c5d9a9ae5b90d173656da31cf43"], "host": "t[.]me"}, {"hashes": ["26515e880aaf2e119424c894836ed5c79a590c4764f4bae20d473d217832a01d", "4521bf6f882807bdbb0c8f5f044c1415a543e2ca257ead36fba04c6a7919e6c0", "bf0dbed2199658935e948e57220075e24144639b7e8cdcd56d8c1887142d758a", "e9d09f322085232721e4239b087c8c66150e27322042a2ea5bd7bb42a501bcc7", "faeeb04040aa97fbfbe9df50bd1bfd08bfaf9c5d9a9ae5b90d173656da31cf43"], "host": "api[.]2ip[.]ua"}, {"hashes": ["26515e880aaf2e119424c894836ed5c79a590c4764f4bae20d473d217832a01d", "4521bf6f882807bdbb0c8f5f044c1415a543e2ca257ead36fba04c6a7919e6c0", "bf0dbed2199658935e948e57220075e24144639b7e8cdcd56d8c1887142d758a", "e9d09f322085232721e4239b087c8c66150e27322042a2ea5bd7bb42a501bcc7", "faeeb04040aa97fbfbe9df50bd1bfd08bfaf9c5d9a9ae5b90d173656da31cf43"], "host": "uaery[.]top"}, {"hashes": ["26515e880aaf2e119424c894836ed5c79a590c4764f4bae20d473d217832a01d", "4521bf6f882807bdbb0c8f5f044c1415a543e2ca257ead36fba04c6a7919e6c0", "bf0dbed2199658935e948e57220075e24144639b7e8cdcd56d8c1887142d758a", "e9d09f322085232721e4239b087c8c66150e27322042a2ea5bd7bb42a501bcc7", "faeeb04040aa97fbfbe9df50bd1bfd08bfaf9c5d9a9ae5b90d173656da31cf43"], "host": "zexeq[.]com"}, {"hashes": ["6c4911f38de2b08a9e7015453aeed31956019d78a1219f60dd79c10b3e0b3141", "83831a5b5db3553e3a122b266d889349a3380414c27e322266e9d93926831180"], "host": "microsoft-com[.]mail[.]protection[.]outlook[.]com"}, {"hashes": ["6c4911f38de2b08a9e7015453aeed31956019d78a1219f60dd79c10b3e0b3141", "83831a5b5db3553e3a122b266d889349a3380414c27e322266e9d93926831180"], "host": "microsoft[.]com"}, {"hashes": ["6c4911f38de2b08a9e7015453aeed31956019d78a1219f60dd79c10b3e0b3141", "83831a5b5db3553e3a122b266d889349a3380414c27e322266e9d93926831180"], "host": "muspelheim[.]be"}, {"hashes": ["6c4911f38de2b08a9e7015453aeed31956019d78a1219f60dd79c10b3e0b3141"], "host": "249[.]5[.]55[.]69[.]bl[.]spamcop[.]net"}, {"hashes": ["6c4911f38de2b08a9e7015453aeed31956019d78a1219f60dd79c10b3e0b3141"], "host": "249[.]5[.]55[.]69[.]cbl[.]abuseat[.]org"}, {"hashes": ["6c4911f38de2b08a9e7015453aeed31956019d78a1219f60dd79c10b3e0b3141"], "host": "249[.]5[.]55[.]69[.]dnsbl[.]sorbs[.]net"}, {"hashes": ["6c4911f38de2b08a9e7015453aeed31956019d78a1219f60dd79c10b3e0b3141"], "host": "249[.]5[.]55[.]69[.]in-addr[.]arpa"}, {"hashes": ["6c4911f38de2b08a9e7015453aeed31956019d78a1219f60dd79c10b3e0b3141"], "host": "249[.]5[.]55[.]69[.]sbl-xbl[.]spamhaus[.]org"}, {"hashes": ["6c4911f38de2b08a9e7015453aeed31956019d78a1219f60dd79c10b3e0b3141"], "host": "249[.]5[.]55[.]69[.]zen[.]spamhaus[.]org"}, {"hashes": ["6c4911f38de2b08a9e7015453aeed31956019d78a1219f60dd79c10b3e0b3141"], "host": "i[.]instagram[.]com"}, {"hashes": ["6c4911f38de2b08a9e7015453aeed31956019d78a1219f60dd79c10b3e0b3141"], "host": "work[.]a-poster[.]info"}, {"hashes": ["6c4911f38de2b08a9e7015453aeed31956019d78a1219f60dd79c10b3e0b3141"], "host": "www[.]google[.]com"}, {"hashes": ["6c4911f38de2b08a9e7015453aeed31956019d78a1219f60dd79c10b3e0b3141"], "host": "login[.]yahoo[.]com"}, {"hashes": ["6c4911f38de2b08a9e7015453aeed31956019d78a1219f60dd79c10b3e0b3141"], "host": "www[.]tiktok[.]com"}, {"hashes": ["6c4911f38de2b08a9e7015453aeed31956019d78a1219f60dd79c10b3e0b3141"], "host": "login[.]live[.]com"}, {"hashes": ["6c4911f38de2b08a9e7015453aeed31956019d78a1219f60dd79c10b3e0b3141"], "host": "imap[.]t-online[.]de"}, {"hashes": ["6c4911f38de2b08a9e7015453aeed31956019d78a1219f60dd79c10b3e0b3141"], "host": "api[.]steampowered[.]com"}, {"hashes": ["6c4911f38de2b08a9e7015453aeed31956019d78a1219f60dd79c10b3e0b3141"], "host": "static[.]cdninstagram[.]com"}, {"hashes": ["6c4911f38de2b08a9e7015453aeed31956019d78a1219f60dd79c10b3e0b3141"], "host": "android[.]litres[.]ru"}, {"hashes": ["6c4911f38de2b08a9e7015453aeed31956019d78a1219f60dd79c10b3e0b3141"], "host": "jnb-efz[.]ms-acdc[.]office[.]com"}, {"hashes": ["6c4911f38de2b08a9e7015453aeed31956019d78a1219f60dd79c10b3e0b3141"], "host": "smtp[.]mail[.]yahoo[.]co[.]jp"}, {"hashes": ["4be0b658faf09a05495a9ae17ac6c58ec392ed6c4624859fc1c5b275eb36f627"], "host": "don-die[.]com"}, {"hashes": ["83831a5b5db3553e3a122b266d889349a3380414c27e322266e9d93926831180"], "host": "51[.]193[.]124[.]176[.]in-addr[.]arpa"}, {"hashes": ["6c4911f38de2b08a9e7015453aeed31956019d78a1219f60dd79c10b3e0b3141"], "host": "mail[.]snu[.]ac[.]kr"}], "file": [{"hashes": ["198fcd646496fa679b3ee7127d0dbae4eb42776f3789562afb8c4afff0caec72", "1a31c3549256936581d375838891a8ad4a71cbd05d225a186e99b5296a25916e", "1c7cd8e86443aa599665ef2c4d1264f9efd82b4d4d6e0460a18b97c2f1582aea", "4228742b043c47e0780ba276d9a8723ed7a510f22d201648122df1cd25802468", "5a66c05a5d48e8c178f9e656ba1cc6e124e552af6d947af29e3afcb435dd31ce", "605a483757ecf0738b4b4a019a46a4d6b9e3fc07b6e845f0264b27821df1078c", "74f7c20fdee2b0e569b3fc7d42521c2b55b3c280d5e7bc8a767ccef5ab5c17ff", "840b2b2bd08ec79d19b5504debdbad612518346599444e676e23789a8455047d", "8ce009fe7fadda76ddcc21248231af4358fa92e7f877e73f0e37726476f85b01", "939036c35d85644dbca5216eb2e1bfb7fa67811046f8255482bc6cda2682c26c", "979819e0c50c5f49306c4cfd771039671c095f22d921ef836275392efd0c3611", "afce5d660d26f82af8addf704455c951756bcc4e0629b46b4cc56428e224f315", "be4462b4dcbb28eb5a251b40ee7a38a22e481dacd76fdd07e89c0c1d115ab6d7", "cbb4f76caa2e58533c0cd7ada651ccb8c8069879bfe4d04d6b8a0c658ca13397", "f2405e47f4b46167eddfcd740204784d52cdd1d7b57c17fc00e5c686b7dc98de"], "path": "%LOCALAPPDATA%\\Yandex"}, {"hashes": ["198fcd646496fa679b3ee7127d0dbae4eb42776f3789562afb8c4afff0caec72", "1a31c3549256936581d375838891a8ad4a71cbd05d225a186e99b5296a25916e", "1c7cd8e86443aa599665ef2c4d1264f9efd82b4d4d6e0460a18b97c2f1582aea", "4228742b043c47e0780ba276d9a8723ed7a510f22d201648122df1cd25802468", "5a66c05a5d48e8c178f9e656ba1cc6e124e552af6d947af29e3afcb435dd31ce", "605a483757ecf0738b4b4a019a46a4d6b9e3fc07b6e845f0264b27821df1078c", "74f7c20fdee2b0e569b3fc7d42521c2b55b3c280d5e7bc8a767ccef5ab5c17ff", "840b2b2bd08ec79d19b5504debdbad612518346599444e676e23789a8455047d", "8ce009fe7fadda76ddcc21248231af4358fa92e7f877e73f0e37726476f85b01", "939036c35d85644dbca5216eb2e1bfb7fa67811046f8255482bc6cda2682c26c", "979819e0c50c5f49306c4cfd771039671c095f22d921ef836275392efd0c3611", "afce5d660d26f82af8addf704455c951756bcc4e0629b46b4cc56428e224f315", "be4462b4dcbb28eb5a251b40ee7a38a22e481dacd76fdd07e89c0c1d115ab6d7", "cbb4f76caa2e58533c0cd7ada651ccb8c8069879bfe4d04d6b8a0c658ca13397", "f2405e47f4b46167eddfcd740204784d52cdd1d7b57c17fc00e5c686b7dc98de"], "path": "%LOCALAPPDATA%\\Yandex\\YaAddon"}, {"hashes": ["1a31c3549256936581d375838891a8ad4a71cbd05d225a186e99b5296a25916e", "4228742b043c47e0780ba276d9a8723ed7a510f22d201648122df1cd25802468", "74f7c20fdee2b0e569b3fc7d42521c2b55b3c280d5e7bc8a767ccef5ab5c17ff", "840b2b2bd08ec79d19b5504debdbad612518346599444e676e23789a8455047d", "8ce009fe7fadda76ddcc21248231af4358fa92e7f877e73f0e37726476f85b01", "939036c35d85644dbca5216eb2e1bfb7fa67811046f8255482bc6cda2682c26c", "979819e0c50c5f49306c4cfd771039671c095f22d921ef836275392efd0c3611", "be4462b4dcbb28eb5a251b40ee7a38a22e481dacd76fdd07e89c0c1d115ab6d7", "f2405e47f4b46167eddfcd740204784d52cdd1d7b57c17fc00e5c686b7dc98de"], "path": "%TEMP%\\IXP001.TMP"}, {"hashes": ["1a31c3549256936581d375838891a8ad4a71cbd05d225a186e99b5296a25916e", "4228742b043c47e0780ba276d9a8723ed7a510f22d201648122df1cd25802468", "74f7c20fdee2b0e569b3fc7d42521c2b55b3c280d5e7bc8a767ccef5ab5c17ff", "840b2b2bd08ec79d19b5504debdbad612518346599444e676e23789a8455047d", "8ce009fe7fadda76ddcc21248231af4358fa92e7f877e73f0e37726476f85b01", "939036c35d85644dbca5216eb2e1bfb7fa67811046f8255482bc6cda2682c26c", "979819e0c50c5f49306c4cfd771039671c095f22d921ef836275392efd0c3611", "be4462b4dcbb28eb5a251b40ee7a38a22e481dacd76fdd07e89c0c1d115ab6d7", "f2405e47f4b46167eddfcd740204784d52cdd1d7b57c17fc00e5c686b7dc98de"], "path": "%TEMP%\\IXP001.TMP\\TMP4351$.TMP"}, {"hashes": ["1a31c3549256936581d375838891a8ad4a71cbd05d225a186e99b5296a25916e", "4228742b043c47e0780ba276d9a8723ed7a510f22d201648122df1cd25802468", "74f7c20fdee2b0e569b3fc7d42521c2b55b3c280d5e7bc8a767ccef5ab5c17ff", "840b2b2bd08ec79d19b5504debdbad612518346599444e676e23789a8455047d", "8ce009fe7fadda76ddcc21248231af4358fa92e7f877e73f0e37726476f85b01", "939036c35d85644dbca5216eb2e1bfb7fa67811046f8255482bc6cda2682c26c", "979819e0c50c5f49306c4cfd771039671c095f22d921ef836275392efd0c3611", "be4462b4dcbb28eb5a251b40ee7a38a22e481dacd76fdd07e89c0c1d115ab6d7", "f2405e47f4b46167eddfcd740204784d52cdd1d7b57c17fc00e5c686b7dc98de"], "path": "%TEMP%\\IXP002.TMP"}, {"hashes": ["1a31c3549256936581d375838891a8ad4a71cbd05d225a186e99b5296a25916e", "4228742b043c47e0780ba276d9a8723ed7a510f22d201648122df1cd25802468", "74f7c20fdee2b0e569b3fc7d42521c2b55b3c280d5e7bc8a767ccef5ab5c17ff", "840b2b2bd08ec79d19b5504debdbad612518346599444e676e23789a8455047d", "8ce009fe7fadda76ddcc21248231af4358fa92e7f877e73f0e37726476f85b01", "939036c35d85644dbca5216eb2e1bfb7fa67811046f8255482bc6cda2682c26c", "979819e0c50c5f49306c4cfd771039671c095f22d921ef836275392efd0c3611", "be4462b4dcbb28eb5a251b40ee7a38a22e481dacd76fdd07e89c0c1d115ab6d7", "f2405e47f4b46167eddfcd740204784d52cdd1d7b57c17fc00e5c686b7dc98de"], "path": "%TEMP%\\IXP002.TMP\\TMP4351$.TMP"}, {"hashes": ["1a31c3549256936581d375838891a8ad4a71cbd05d225a186e99b5296a25916e", "4228742b043c47e0780ba276d9a8723ed7a510f22d201648122df1cd25802468", "74f7c20fdee2b0e569b3fc7d42521c2b55b3c280d5e7bc8a767ccef5ab5c17ff", "840b2b2bd08ec79d19b5504debdbad612518346599444e676e23789a8455047d", "8ce009fe7fadda76ddcc21248231af4358fa92e7f877e73f0e37726476f85b01", "939036c35d85644dbca5216eb2e1bfb7fa67811046f8255482bc6cda2682c26c", "979819e0c50c5f49306c4cfd771039671c095f22d921ef836275392efd0c3611", "be4462b4dcbb28eb5a251b40ee7a38a22e481dacd76fdd07e89c0c1d115ab6d7", "f2405e47f4b46167eddfcd740204784d52cdd1d7b57c17fc00e5c686b7dc98de"], "path": "%TEMP%\\IXP003.TMP"}, {"hashes": ["1a31c3549256936581d375838891a8ad4a71cbd05d225a186e99b5296a25916e", "4228742b043c47e0780ba276d9a8723ed7a510f22d201648122df1cd25802468", "74f7c20fdee2b0e569b3fc7d42521c2b55b3c280d5e7bc8a767ccef5ab5c17ff", "840b2b2bd08ec79d19b5504debdbad612518346599444e676e23789a8455047d", "8ce009fe7fadda76ddcc21248231af4358fa92e7f877e73f0e37726476f85b01", "939036c35d85644dbca5216eb2e1bfb7fa67811046f8255482bc6cda2682c26c", "979819e0c50c5f49306c4cfd771039671c095f22d921ef836275392efd0c3611", "be4462b4dcbb28eb5a251b40ee7a38a22e481dacd76fdd07e89c0c1d115ab6d7", "f2405e47f4b46167eddfcd740204784d52cdd1d7b57c17fc00e5c686b7dc98de"], "path": "%TEMP%\\IXP003.TMP\\TMP4351$.TMP"}, {"hashes": ["1a31c3549256936581d375838891a8ad4a71cbd05d225a186e99b5296a25916e", "4228742b043c47e0780ba276d9a8723ed7a510f22d201648122df1cd25802468", "74f7c20fdee2b0e569b3fc7d42521c2b55b3c280d5e7bc8a767ccef5ab5c17ff", "939036c35d85644dbca5216eb2e1bfb7fa67811046f8255482bc6cda2682c26c", "979819e0c50c5f49306c4cfd771039671c095f22d921ef836275392efd0c3611", "be4462b4dcbb28eb5a251b40ee7a38a22e481dacd76fdd07e89c0c1d115ab6d7", "f2405e47f4b46167eddfcd740204784d52cdd1d7b57c17fc00e5c686b7dc98de"], "path": "%TEMP%\\5975271bda"}, {"hashes": ["1a31c3549256936581d375838891a8ad4a71cbd05d225a186e99b5296a25916e", "4228742b043c47e0780ba276d9a8723ed7a510f22d201648122df1cd25802468", "74f7c20fdee2b0e569b3fc7d42521c2b55b3c280d5e7bc8a767ccef5ab5c17ff", "939036c35d85644dbca5216eb2e1bfb7fa67811046f8255482bc6cda2682c26c", "979819e0c50c5f49306c4cfd771039671c095f22d921ef836275392efd0c3611", "be4462b4dcbb28eb5a251b40ee7a38a22e481dacd76fdd07e89c0c1d115ab6d7", "f2405e47f4b46167eddfcd740204784d52cdd1d7b57c17fc00e5c686b7dc98de"], "path": "%TEMP%\\5975271bda\\metafor.exe"}, {"hashes": ["1a31c3549256936581d375838891a8ad4a71cbd05d225a186e99b5296a25916e", "4228742b043c47e0780ba276d9a8723ed7a510f22d201648122df1cd25802468", "74f7c20fdee2b0e569b3fc7d42521c2b55b3c280d5e7bc8a767ccef5ab5c17ff", "939036c35d85644dbca5216eb2e1bfb7fa67811046f8255482bc6cda2682c26c", "979819e0c50c5f49306c4cfd771039671c095f22d921ef836275392efd0c3611", "be4462b4dcbb28eb5a251b40ee7a38a22e481dacd76fdd07e89c0c1d115ab6d7", "f2405e47f4b46167eddfcd740204784d52cdd1d7b57c17fc00e5c686b7dc98de"], "path": "%System32%\\Tasks\\metafor.exe"}, {"hashes": ["4228742b043c47e0780ba276d9a8723ed7a510f22d201648122df1cd25802468", "74f7c20fdee2b0e569b3fc7d42521c2b55b3c280d5e7bc8a767ccef5ab5c17ff", "8ce009fe7fadda76ddcc21248231af4358fa92e7f877e73f0e37726476f85b01", "979819e0c50c5f49306c4cfd771039671c095f22d921ef836275392efd0c3611", "be4462b4dcbb28eb5a251b40ee7a38a22e481dacd76fdd07e89c0c1d115ab6d7", "f2405e47f4b46167eddfcd740204784d52cdd1d7b57c17fc00e5c686b7dc98de"], "path": "%TEMP%\\IXP001.TMP\\en738609.exe"}, {"hashes": ["4228742b043c47e0780ba276d9a8723ed7a510f22d201648122df1cd25802468", "74f7c20fdee2b0e569b3fc7d42521c2b55b3c280d5e7bc8a767ccef5ab5c17ff", "8ce009fe7fadda76ddcc21248231af4358fa92e7f877e73f0e37726476f85b01", "979819e0c50c5f49306c4cfd771039671c095f22d921ef836275392efd0c3611", "be4462b4dcbb28eb5a251b40ee7a38a22e481dacd76fdd07e89c0c1d115ab6d7", "f2405e47f4b46167eddfcd740204784d52cdd1d7b57c17fc00e5c686b7dc98de"], "path": "%TEMP%\\IXP001.TMP\\kino7002.exe"}, {"hashes": ["4228742b043c47e0780ba276d9a8723ed7a510f22d201648122df1cd25802468", "74f7c20fdee2b0e569b3fc7d42521c2b55b3c280d5e7bc8a767ccef5ab5c17ff", "8ce009fe7fadda76ddcc21248231af4358fa92e7f877e73f0e37726476f85b01", "979819e0c50c5f49306c4cfd771039671c095f22d921ef836275392efd0c3611", "be4462b4dcbb28eb5a251b40ee7a38a22e481dacd76fdd07e89c0c1d115ab6d7", "f2405e47f4b46167eddfcd740204784d52cdd1d7b57c17fc00e5c686b7dc98de"], "path": "%TEMP%\\IXP002.TMP\\dtR78s46.exe"}, {"hashes": ["4228742b043c47e0780ba276d9a8723ed7a510f22d201648122df1cd25802468", "74f7c20fdee2b0e569b3fc7d42521c2b55b3c280d5e7bc8a767ccef5ab5c17ff", "8ce009fe7fadda76ddcc21248231af4358fa92e7f877e73f0e37726476f85b01", "979819e0c50c5f49306c4cfd771039671c095f22d921ef836275392efd0c3611", "be4462b4dcbb28eb5a251b40ee7a38a22e481dacd76fdd07e89c0c1d115ab6d7", "f2405e47f4b46167eddfcd740204784d52cdd1d7b57c17fc00e5c686b7dc98de"], "path": "%TEMP%\\IXP002.TMP\\kino3035.exe"}, {"hashes": ["4228742b043c47e0780ba276d9a8723ed7a510f22d201648122df1cd25802468", "74f7c20fdee2b0e569b3fc7d42521c2b55b3c280d5e7bc8a767ccef5ab5c17ff", "8ce009fe7fadda76ddcc21248231af4358fa92e7f877e73f0e37726476f85b01", "979819e0c50c5f49306c4cfd771039671c095f22d921ef836275392efd0c3611", "be4462b4dcbb28eb5a251b40ee7a38a22e481dacd76fdd07e89c0c1d115ab6d7", "f2405e47f4b46167eddfcd740204784d52cdd1d7b57c17fc00e5c686b7dc98de"], "path": "%TEMP%\\IXP003.TMP\\bus5992.exe"}, {"hashes": ["4228742b043c47e0780ba276d9a8723ed7a510f22d201648122df1cd25802468", "74f7c20fdee2b0e569b3fc7d42521c2b55b3c280d5e7bc8a767ccef5ab5c17ff", "8ce009fe7fadda76ddcc21248231af4358fa92e7f877e73f0e37726476f85b01", "979819e0c50c5f49306c4cfd771039671c095f22d921ef836275392efd0c3611", "be4462b4dcbb28eb5a251b40ee7a38a22e481dacd76fdd07e89c0c1d115ab6d7", "f2405e47f4b46167eddfcd740204784d52cdd1d7b57c17fc00e5c686b7dc98de"], "path": "%TEMP%\\IXP003.TMP\\con7447.exe"}, {"hashes": ["4228742b043c47e0780ba276d9a8723ed7a510f22d201648122df1cd25802468", "74f7c20fdee2b0e569b3fc7d42521c2b55b3c280d5e7bc8a767ccef5ab5c17ff", "8ce009fe7fadda76ddcc21248231af4358fa92e7f877e73f0e37726476f85b01", "979819e0c50c5f49306c4cfd771039671c095f22d921ef836275392efd0c3611", "be4462b4dcbb28eb5a251b40ee7a38a22e481dacd76fdd07e89c0c1d115ab6d7", "f2405e47f4b46167eddfcd740204784d52cdd1d7b57c17fc00e5c686b7dc98de"], "path": "%TEMP%\\IXP000.TMP\\ge884549.exe"}, {"hashes": ["4228742b043c47e0780ba276d9a8723ed7a510f22d201648122df1cd25802468", "74f7c20fdee2b0e569b3fc7d42521c2b55b3c280d5e7bc8a767ccef5ab5c17ff", "8ce009fe7fadda76ddcc21248231af4358fa92e7f877e73f0e37726476f85b01", "979819e0c50c5f49306c4cfd771039671c095f22d921ef836275392efd0c3611", "be4462b4dcbb28eb5a251b40ee7a38a22e481dacd76fdd07e89c0c1d115ab6d7", "f2405e47f4b46167eddfcd740204784d52cdd1d7b57c17fc00e5c686b7dc98de"], "path": "%TEMP%\\IXP000.TMP\\kino3798.exe"}, {"hashes": ["26515e880aaf2e119424c894836ed5c79a590c4764f4bae20d473d217832a01d", "4521bf6f882807bdbb0c8f5f044c1415a543e2ca257ead36fba04c6a7919e6c0", "bf0dbed2199658935e948e57220075e24144639b7e8cdcd56d8c1887142d758a", "e9d09f322085232721e4239b087c8c66150e27322042a2ea5bd7bb42a501bcc7", "faeeb04040aa97fbfbe9df50bd1bfd08bfaf9c5d9a9ae5b90d173656da31cf43"], "path": "%APPDATA%\\Microsoft\\Network"}, {"hashes": ["26515e880aaf2e119424c894836ed5c79a590c4764f4bae20d473d217832a01d", "4521bf6f882807bdbb0c8f5f044c1415a543e2ca257ead36fba04c6a7919e6c0", "bf0dbed2199658935e948e57220075e24144639b7e8cdcd56d8c1887142d758a", "e9d09f322085232721e4239b087c8c66150e27322042a2ea5bd7bb42a501bcc7", "faeeb04040aa97fbfbe9df50bd1bfd08bfaf9c5d9a9ae5b90d173656da31cf43"], "path": "I:\\5d2860c89d774.jpg"}, {"hashes": ["26515e880aaf2e119424c894836ed5c79a590c4764f4bae20d473d217832a01d", "4521bf6f882807bdbb0c8f5f044c1415a543e2ca257ead36fba04c6a7919e6c0", "bf0dbed2199658935e948e57220075e24144639b7e8cdcd56d8c1887142d758a", "e9d09f322085232721e4239b087c8c66150e27322042a2ea5bd7bb42a501bcc7", "faeeb04040aa97fbfbe9df50bd1bfd08bfaf9c5d9a9ae5b90d173656da31cf43"], "path": "\\SystemID"}, {"hashes": ["26515e880aaf2e119424c894836ed5c79a590c4764f4bae20d473d217832a01d", "4521bf6f882807bdbb0c8f5f044c1415a543e2ca257ead36fba04c6a7919e6c0", "bf0dbed2199658935e948e57220075e24144639b7e8cdcd56d8c1887142d758a", "e9d09f322085232721e4239b087c8c66150e27322042a2ea5bd7bb42a501bcc7", "faeeb04040aa97fbfbe9df50bd1bfd08bfaf9c5d9a9ae5b90d173656da31cf43"], "path": "\\SystemID\\PersonalID.txt"}, {"hashes": ["26515e880aaf2e119424c894836ed5c79a590c4764f4bae20d473d217832a01d", "4521bf6f882807bdbb0c8f5f044c1415a543e2ca257ead36fba04c6a7919e6c0", "bf0dbed2199658935e948e57220075e24144639b7e8cdcd56d8c1887142d758a", "e9d09f322085232721e4239b087c8c66150e27322042a2ea5bd7bb42a501bcc7", "faeeb04040aa97fbfbe9df50bd1bfd08bfaf9c5d9a9ae5b90d173656da31cf43"], "path": "%LOCALAPPDATA%\\bowsakkdestx.txt"}, {"hashes": ["26515e880aaf2e119424c894836ed5c79a590c4764f4bae20d473d217832a01d", "4521bf6f882807bdbb0c8f5f044c1415a543e2ca257ead36fba04c6a7919e6c0", "bf0dbed2199658935e948e57220075e24144639b7e8cdcd56d8c1887142d758a", "e9d09f322085232721e4239b087c8c66150e27322042a2ea5bd7bb42a501bcc7", "faeeb04040aa97fbfbe9df50bd1bfd08bfaf9c5d9a9ae5b90d173656da31cf43"], "path": "%System32%\\Tasks\\Time Trigger Task"}, {"hashes": ["26515e880aaf2e119424c894836ed5c79a590c4764f4bae20d473d217832a01d", "4521bf6f882807bdbb0c8f5f044c1415a543e2ca257ead36fba04c6a7919e6c0", "bf0dbed2199658935e948e57220075e24144639b7e8cdcd56d8c1887142d758a", "e9d09f322085232721e4239b087c8c66150e27322042a2ea5bd7bb42a501bcc7", "faeeb04040aa97fbfbe9df50bd1bfd08bfaf9c5d9a9ae5b90d173656da31cf43"], "path": "%System32%\\Tasks\\Azure-Update-Task"}, {"hashes": ["26515e880aaf2e119424c894836ed5c79a590c4764f4bae20d473d217832a01d", "4521bf6f882807bdbb0c8f5f044c1415a543e2ca257ead36fba04c6a7919e6c0", "bf0dbed2199658935e948e57220075e24144639b7e8cdcd56d8c1887142d758a", "e9d09f322085232721e4239b087c8c66150e27322042a2ea5bd7bb42a501bcc7", "faeeb04040aa97fbfbe9df50bd1bfd08bfaf9c5d9a9ae5b90d173656da31cf43"], "path": "%APPDATA%\\Microsoft\\Network\\mstsca.exe"}, {"hashes": ["26515e880aaf2e119424c894836ed5c79a590c4764f4bae20d473d217832a01d", "4521bf6f882807bdbb0c8f5f044c1415a543e2ca257ead36fba04c6a7919e6c0", "bf0dbed2199658935e948e57220075e24144639b7e8cdcd56d8c1887142d758a", "e9d09f322085232721e4239b087c8c66150e27322042a2ea5bd7bb42a501bcc7", "faeeb04040aa97fbfbe9df50bd1bfd08bfaf9c5d9a9ae5b90d173656da31cf43"], "path": "%LOCALAPPDATA%\\3856b5d6-9eb0-496c-b0d1-db92b0f6ed65"}, {"hashes": ["26515e880aaf2e119424c894836ed5c79a590c4764f4bae20d473d217832a01d", "4521bf6f882807bdbb0c8f5f044c1415a543e2ca257ead36fba04c6a7919e6c0", "bf0dbed2199658935e948e57220075e24144639b7e8cdcd56d8c1887142d758a", "e9d09f322085232721e4239b087c8c66150e27322042a2ea5bd7bb42a501bcc7", "faeeb04040aa97fbfbe9df50bd1bfd08bfaf9c5d9a9ae5b90d173656da31cf43"], "path": "%LOCALAPPDATA%\\7c34bb01-5d78-49c4-8bbb-73fdc7aa1262"}, {"hashes": ["26515e880aaf2e119424c894836ed5c79a590c4764f4bae20d473d217832a01d", "4521bf6f882807bdbb0c8f5f044c1415a543e2ca257ead36fba04c6a7919e6c0", "bf0dbed2199658935e948e57220075e24144639b7e8cdcd56d8c1887142d758a", "e9d09f322085232721e4239b087c8c66150e27322042a2ea5bd7bb42a501bcc7", "faeeb04040aa97fbfbe9df50bd1bfd08bfaf9c5d9a9ae5b90d173656da31cf43"], "path": "%LOCALAPPDATA%\\7c34bb01-5d78-49c4-8bbb-73fdc7aa1262\\build2.exe"}, {"hashes": ["26515e880aaf2e119424c894836ed5c79a590c4764f4bae20d473d217832a01d", "4521bf6f882807bdbb0c8f5f044c1415a543e2ca257ead36fba04c6a7919e6c0", "bf0dbed2199658935e948e57220075e24144639b7e8cdcd56d8c1887142d758a", "e9d09f322085232721e4239b087c8c66150e27322042a2ea5bd7bb42a501bcc7", "faeeb04040aa97fbfbe9df50bd1bfd08bfaf9c5d9a9ae5b90d173656da31cf43"], "path": "%LOCALAPPDATA%\\7c34bb01-5d78-49c4-8bbb-73fdc7aa1262\\build3.exe"}, {"hashes": ["6fd8c636c94dc1380aef341cde76a40a02ee7e18161daee955c45c5004d88fb3", "908bc59262f91f2c86e1159957b7b9adfd6ab186cafd4f767d8723cc5ceeda7d", "ada5f594c110065e963f60e53a802dbbaf7321d244ab2bbe1cbd4abf7d90200c", "db44bb6cba207bd9fa4cf54924609ac951542c90eb881661a0c92057ef85f0b7", "f66edfe9c475fe0522cd87c7738e3f86692ea37f0e1083e2cd0d7d8212c5d036"], "path": "%APPDATA%\\telemetry"}, {"hashes": ["6fd8c636c94dc1380aef341cde76a40a02ee7e18161daee955c45c5004d88fb3", "908bc59262f91f2c86e1159957b7b9adfd6ab186cafd4f767d8723cc5ceeda7d", "ada5f594c110065e963f60e53a802dbbaf7321d244ab2bbe1cbd4abf7d90200c", "db44bb6cba207bd9fa4cf54924609ac951542c90eb881661a0c92057ef85f0b7", "f66edfe9c475fe0522cd87c7738e3f86692ea37f0e1083e2cd0d7d8212c5d036"], "path": "%APPDATA%\\telemetry\\svcservice.exe"}, {"hashes": ["1a31c3549256936581d375838891a8ad4a71cbd05d225a186e99b5296a25916e", "840b2b2bd08ec79d19b5504debdbad612518346599444e676e23789a8455047d", "939036c35d85644dbca5216eb2e1bfb7fa67811046f8255482bc6cda2682c26c"], "path": "%TEMP%\\IXP001.TMP\\en531198.exe"}, {"hashes": ["1a31c3549256936581d375838891a8ad4a71cbd05d225a186e99b5296a25916e", "840b2b2bd08ec79d19b5504debdbad612518346599444e676e23789a8455047d", "939036c35d85644dbca5216eb2e1bfb7fa67811046f8255482bc6cda2682c26c"], "path": "%TEMP%\\IXP001.TMP\\kino8130.exe"}, {"hashes": ["1a31c3549256936581d375838891a8ad4a71cbd05d225a186e99b5296a25916e", "840b2b2bd08ec79d19b5504debdbad612518346599444e676e23789a8455047d", "939036c35d85644dbca5216eb2e1bfb7fa67811046f8255482bc6cda2682c26c"], "path": "%TEMP%\\IXP002.TMP\\dEV10s21.exe"}, {"hashes": ["1a31c3549256936581d375838891a8ad4a71cbd05d225a186e99b5296a25916e", "840b2b2bd08ec79d19b5504debdbad612518346599444e676e23789a8455047d", "939036c35d85644dbca5216eb2e1bfb7fa67811046f8255482bc6cda2682c26c"], "path": "%TEMP%\\IXP002.TMP\\kino1897.exe"}, {"hashes": ["1a31c3549256936581d375838891a8ad4a71cbd05d225a186e99b5296a25916e", "840b2b2bd08ec79d19b5504debdbad612518346599444e676e23789a8455047d", "939036c35d85644dbca5216eb2e1bfb7fa67811046f8255482bc6cda2682c26c"], "path": "%TEMP%\\IXP003.TMP\\bus8421.exe"}, {"hashes": ["1a31c3549256936581d375838891a8ad4a71cbd05d225a186e99b5296a25916e", "840b2b2bd08ec79d19b5504debdbad612518346599444e676e23789a8455047d", "939036c35d85644dbca5216eb2e1bfb7fa67811046f8255482bc6cda2682c26c"], "path": "%TEMP%\\IXP003.TMP\\con0703.exe"}, {"hashes": ["1a31c3549256936581d375838891a8ad4a71cbd05d225a186e99b5296a25916e", "840b2b2bd08ec79d19b5504debdbad612518346599444e676e23789a8455047d", "939036c35d85644dbca5216eb2e1bfb7fa67811046f8255482bc6cda2682c26c"], "path": "%TEMP%\\IXP000.TMP\\ge895986.exe"}, {"hashes": ["1a31c3549256936581d375838891a8ad4a71cbd05d225a186e99b5296a25916e", "840b2b2bd08ec79d19b5504debdbad612518346599444e676e23789a8455047d", "939036c35d85644dbca5216eb2e1bfb7fa67811046f8255482bc6cda2682c26c"], "path": "%TEMP%\\IXP000.TMP\\kino3076.exe"}, {"hashes": ["6c4911f38de2b08a9e7015453aeed31956019d78a1219f60dd79c10b3e0b3141", "83831a5b5db3553e3a122b266d889349a3380414c27e322266e9d93926831180"], "path": "%SystemRoot%\\SysWOW64\\config\\systemprofile"}, {"hashes": ["6c4911f38de2b08a9e7015453aeed31956019d78a1219f60dd79c10b3e0b3141", "83831a5b5db3553e3a122b266d889349a3380414c27e322266e9d93926831180"], "path": "%SystemRoot%\\SysWOW64\\config\\systemprofile:.repos"}, {"hashes": ["26515e880aaf2e119424c894836ed5c79a590c4764f4bae20d473d217832a01d"], "path": "%LOCALAPPDATA%\\3856b5d6-9eb0-496c-b0d1-db92b0f6ed65\\26515e880aaf2e119424c894836ed5c79a590c4764f4bae20d473d217832a01d.exe"}, {"hashes": ["e9d09f322085232721e4239b087c8c66150e27322042a2ea5bd7bb42a501bcc7"], "path": "%LOCALAPPDATA%\\3856b5d6-9eb0-496c-b0d1-db92b0f6ed65\\e9d09f322085232721e4239b087c8c66150e27322042a2ea5bd7bb42a501bcc7.exe"}, {"hashes": ["83831a5b5db3553e3a122b266d889349a3380414c27e322266e9d93926831180"], "path": "%TEMP%\\pdnezupm.exe"}, {"hashes": ["4521bf6f882807bdbb0c8f5f044c1415a543e2ca257ead36fba04c6a7919e6c0"], "path": "%LOCALAPPDATA%\\3856b5d6-9eb0-496c-b0d1-db92b0f6ed65\\4521bf6f882807bdbb0c8f5f044c1415a543e2ca257ead36fba04c6a7919e6c0.exe"}, {"hashes": ["bf0dbed2199658935e948e57220075e24144639b7e8cdcd56d8c1887142d758a"], "path": "%LOCALAPPDATA%\\3856b5d6-9eb0-496c-b0d1-db92b0f6ed65\\bf0dbed2199658935e948e57220075e24144639b7e8cdcd56d8c1887142d758a.exe"}, {"hashes": ["faeeb04040aa97fbfbe9df50bd1bfd08bfaf9c5d9a9ae5b90d173656da31cf43"], "path": "%LOCALAPPDATA%\\3856b5d6-9eb0-496c-b0d1-db92b0f6ed65\\faeeb04040aa97fbfbe9df50bd1bfd08bfaf9c5d9a9ae5b90d173656da31cf43.exe"}, {"hashes": ["6c4911f38de2b08a9e7015453aeed31956019d78a1219f60dd79c10b3e0b3141"], "path": "%TEMP%\\qityfnno.exe"}], "ip": [{"hashes": ["198fcd646496fa679b3ee7127d0dbae4eb42776f3789562afb8c4afff0caec72", "1a31c3549256936581d375838891a8ad4a71cbd05d225a186e99b5296a25916e", "1c7cd8e86443aa599665ef2c4d1264f9efd82b4d4d6e0460a18b97c2f1582aea", "4228742b043c47e0780ba276d9a8723ed7a510f22d201648122df1cd25802468", "5a66c05a5d48e8c178f9e656ba1cc6e124e552af6d947af29e3afcb435dd31ce", "605a483757ecf0738b4b4a019a46a4d6b9e3fc07b6e845f0264b27821df1078c", "74f7c20fdee2b0e569b3fc7d42521c2b55b3c280d5e7bc8a767ccef5ab5c17ff", "840b2b2bd08ec79d19b5504debdbad612518346599444e676e23789a8455047d", "8ce009fe7fadda76ddcc21248231af4358fa92e7f877e73f0e37726476f85b01", "939036c35d85644dbca5216eb2e1bfb7fa67811046f8255482bc6cda2682c26c", "979819e0c50c5f49306c4cfd771039671c095f22d921ef836275392efd0c3611", "afce5d660d26f82af8addf704455c951756bcc4e0629b46b4cc56428e224f315", "be4462b4dcbb28eb5a251b40ee7a38a22e481dacd76fdd07e89c0c1d115ab6d7", "cbb4f76caa2e58533c0cd7ada651ccb8c8069879bfe4d04d6b8a0c658ca13397", "f2405e47f4b46167eddfcd740204784d52cdd1d7b57c17fc00e5c686b7dc98de"], "ip": "193[.]233[.]20[.]28"}, {"hashes": ["1a31c3549256936581d375838891a8ad4a71cbd05d225a186e99b5296a25916e", "4228742b043c47e0780ba276d9a8723ed7a510f22d201648122df1cd25802468", "74f7c20fdee2b0e569b3fc7d42521c2b55b3c280d5e7bc8a767ccef5ab5c17ff", "939036c35d85644dbca5216eb2e1bfb7fa67811046f8255482bc6cda2682c26c", "979819e0c50c5f49306c4cfd771039671c095f22d921ef836275392efd0c3611", "be4462b4dcbb28eb5a251b40ee7a38a22e481dacd76fdd07e89c0c1d115ab6d7", "f2405e47f4b46167eddfcd740204784d52cdd1d7b57c17fc00e5c686b7dc98de"], "ip": "31[.]41[.]244[.]200"}, {"hashes": ["26515e880aaf2e119424c894836ed5c79a590c4764f4bae20d473d217832a01d", "4521bf6f882807bdbb0c8f5f044c1415a543e2ca257ead36fba04c6a7919e6c0", "bf0dbed2199658935e948e57220075e24144639b7e8cdcd56d8c1887142d758a", "e9d09f322085232721e4239b087c8c66150e27322042a2ea5bd7bb42a501bcc7", "faeeb04040aa97fbfbe9df50bd1bfd08bfaf9c5d9a9ae5b90d173656da31cf43"], "ip": "149[.]154[.]167[.]99"}, {"hashes": ["26515e880aaf2e119424c894836ed5c79a590c4764f4bae20d473d217832a01d", "4521bf6f882807bdbb0c8f5f044c1415a543e2ca257ead36fba04c6a7919e6c0", "bf0dbed2199658935e948e57220075e24144639b7e8cdcd56d8c1887142d758a", "e9d09f322085232721e4239b087c8c66150e27322042a2ea5bd7bb42a501bcc7", "faeeb04040aa97fbfbe9df50bd1bfd08bfaf9c5d9a9ae5b90d173656da31cf43"], "ip": "162[.]0[.]217[.]254"}, {"hashes": ["6fd8c636c94dc1380aef341cde76a40a02ee7e18161daee955c45c5004d88fb3", "908bc59262f91f2c86e1159957b7b9adfd6ab186cafd4f767d8723cc5ceeda7d", "ada5f594c110065e963f60e53a802dbbaf7321d244ab2bbe1cbd4abf7d90200c", "db44bb6cba207bd9fa4cf54924609ac951542c90eb881661a0c92057ef85f0b7", "f66edfe9c475fe0522cd87c7738e3f86692ea37f0e1083e2cd0d7d8212c5d036"], "ip": "45[.]159[.]189[.]105"}, {"hashes": ["26515e880aaf2e119424c894836ed5c79a590c4764f4bae20d473d217832a01d", "4521bf6f882807bdbb0c8f5f044c1415a543e2ca257ead36fba04c6a7919e6c0", "bf0dbed2199658935e948e57220075e24144639b7e8cdcd56d8c1887142d758a", "e9d09f322085232721e4239b087c8c66150e27322042a2ea5bd7bb42a501bcc7", "faeeb04040aa97fbfbe9df50bd1bfd08bfaf9c5d9a9ae5b90d173656da31cf43"], "ip": "116[.]203[.]13[.]130"}, {"hashes": ["bf0dbed2199658935e948e57220075e24144639b7e8cdcd56d8c1887142d758a", "e9d09f322085232721e4239b087c8c66150e27322042a2ea5bd7bb42a501bcc7", "faeeb04040aa97fbfbe9df50bd1bfd08bfaf9c5d9a9ae5b90d173656da31cf43"], "ip": "151[.]251[.]19[.]81"}, {"hashes": ["6c4911f38de2b08a9e7015453aeed31956019d78a1219f60dd79c10b3e0b3141", "83831a5b5db3553e3a122b266d889349a3380414c27e322266e9d93926831180"], "ip": "80[.]66[.]75[.]254"}, {"hashes": ["26515e880aaf2e119424c894836ed5c79a590c4764f4bae20d473d217832a01d", "4521bf6f882807bdbb0c8f5f044c1415a543e2ca257ead36fba04c6a7919e6c0"], "ip": "86[.]122[.]83[.]142"}, {"hashes": ["6c4911f38de2b08a9e7015453aeed31956019d78a1219f60dd79c10b3e0b3141", "83831a5b5db3553e3a122b266d889349a3380414c27e322266e9d93926831180"], "ip": "176[.]124[.]193[.]51"}, {"hashes": ["6c4911f38de2b08a9e7015453aeed31956019d78a1219f60dd79c10b3e0b3141"], "ip": "194[.]25[.]134[.]50"}, {"hashes": ["83831a5b5db3553e3a122b266d889349a3380414c27e322266e9d93926831180"], "ip": "104[.]47[.]53[.]36"}, {"hashes": ["6c4911f38de2b08a9e7015453aeed31956019d78a1219f60dd79c10b3e0b3141"], "ip": "67[.]195[.]204[.]151"}, {"hashes": ["6c4911f38de2b08a9e7015453aeed31956019d78a1219f60dd79c10b3e0b3141"], "ip": "104[.]47[.]18[.]97"}, {"hashes": ["6c4911f38de2b08a9e7015453aeed31956019d78a1219f60dd79c10b3e0b3141"], "ip": "37[.]1[.]217[.]172"}, {"hashes": ["6c4911f38de2b08a9e7015453aeed31956019d78a1219f60dd79c10b3e0b3141"], "ip": "176[.]113[.]115[.]136"}, {"hashes": ["faeeb04040aa97fbfbe9df50bd1bfd08bfaf9c5d9a9ae5b90d173656da31cf43"], "ip": "37[.]34[.]248[.]24"}, {"hashes": ["e9d09f322085232721e4239b087c8c66150e27322042a2ea5bd7bb42a501bcc7"], "ip": "109[.]98[.]58[.]98"}, {"hashes": ["6c4911f38de2b08a9e7015453aeed31956019d78a1219f60dd79c10b3e0b3141"], "ip": "157[.]240[.]241[.]63"}, {"hashes": ["26515e880aaf2e119424c894836ed5c79a590c4764f4bae20d473d217832a01d"], "ip": "186[.]182[.]55[.]44"}, {"hashes": ["6c4911f38de2b08a9e7015453aeed31956019d78a1219f60dd79c10b3e0b3141"], "ip": "142[.]251[.]40[.]164"}, {"hashes": ["6c4911f38de2b08a9e7015453aeed31956019d78a1219f60dd79c10b3e0b3141"], "ip": "20[.]112[.]52[.]29"}, {"hashes": ["83831a5b5db3553e3a122b266d889349a3380414c27e322266e9d93926831180"], "ip": "20[.]103[.]85[.]33"}, {"hashes": ["bf0dbed2199658935e948e57220075e24144639b7e8cdcd56d8c1887142d758a"], "ip": "211[.]171[.]233[.]129"}, {"hashes": ["4521bf6f882807bdbb0c8f5f044c1415a543e2ca257ead36fba04c6a7919e6c0"], "ip": "58[.]235[.]189[.]192"}, {"hashes": ["6c4911f38de2b08a9e7015453aeed31956019d78a1219f60dd79c10b3e0b3141"], "ip": "80[.]66[.]75[.]4"}, {"hashes": ["6c4911f38de2b08a9e7015453aeed31956019d78a1219f60dd79c10b3e0b3141"], "ip": "40[.]126[.]24[.]147"}, {"hashes": ["6c4911f38de2b08a9e7015453aeed31956019d78a1219f60dd79c10b3e0b3141"], "ip": "176[.]113[.]115[.]154/31"}, {"hashes": ["6c4911f38de2b08a9e7015453aeed31956019d78a1219f60dd79c10b3e0b3141"], "ip": "157[.]240[.]249[.]63"}, {"hashes": ["6c4911f38de2b08a9e7015453aeed31956019d78a1219f60dd79c10b3e0b3141"], "ip": "182[.]22[.]21[.]247"}, {"hashes": ["6c4911f38de2b08a9e7015453aeed31956019d78a1219f60dd79c10b3e0b3141"], "ip": "176[.]113[.]115[.]239"}, {"hashes": ["6c4911f38de2b08a9e7015453aeed31956019d78a1219f60dd79c10b3e0b3141"], "ip": "193[.]26[.]19[.]101"}, {"hashes": ["6c4911f38de2b08a9e7015453aeed31956019d78a1219f60dd79c10b3e0b3141"], "ip": "176[.]113[.]115[.]135"}, {"hashes": ["6c4911f38de2b08a9e7015453aeed31956019d78a1219f60dd79c10b3e0b3141"], "ip": "52[.]98[.]22[.]18"}, {"hashes": ["6c4911f38de2b08a9e7015453aeed31956019d78a1219f60dd79c10b3e0b3141"], "ip": "104[.]96[.]240[.]83"}, {"hashes": ["6c4911f38de2b08a9e7015453aeed31956019d78a1219f60dd79c10b3e0b3141"], "ip": "40[.]93[.]207[.]7"}, {"hashes": ["a94d813c9217947da23706f2e400b89cc31fe6973cd3539ff1559b74f9eda100"], "ip": "91[.]215[.]85[.]15"}, {"hashes": ["6c4911f38de2b08a9e7015453aeed31956019d78a1219f60dd79c10b3e0b3141"], "ip": "52[.]98[.]20[.]162"}, {"hashes": ["4be0b658faf09a05495a9ae17ac6c58ec392ed6c4624859fc1c5b275eb36f627"], "ip": "104[.]21[.]50[.]222"}, {"hashes": ["6c4911f38de2b08a9e7015453aeed31956019d78a1219f60dd79c10b3e0b3141"], "ip": "147[.]46[.]10[.]141"}, {"hashes": ["6c4911f38de2b08a9e7015453aeed31956019d78a1219f60dd79c10b3e0b3141"], "ip": "23[.]221[.]227[.]6"}], "mutex": [{"hashes": ["03c857615f0b6602b4e501076ba73602b16531b6d83a2aa40e3ea38fb6909418", "26515e880aaf2e119424c894836ed5c79a590c4764f4bae20d473d217832a01d", "4521bf6f882807bdbb0c8f5f044c1415a543e2ca257ead36fba04c6a7919e6c0", "6c737394b6f8c4fe504730f4bd3d8c66d6b2e625bf05214c1c4b409f5b0cd3a8", "af52a7b94279d62adfa28891989a3b71a7a17efc4550358933f822621157c6d0", "bf0dbed2199658935e948e57220075e24144639b7e8cdcd56d8c1887142d758a", "e8f2d98b28d262c52fad3b17e70895048a7e3581dc3fe78da3c7214b7b9ea7f0", "e9d09f322085232721e4239b087c8c66150e27322042a2ea5bd7bb42a501bcc7", "faeeb04040aa97fbfbe9df50bd1bfd08bfaf9c5d9a9ae5b90d173656da31cf43"], "name": "Global\\<random guid>"}, {"hashes": ["1a31c3549256936581d375838891a8ad4a71cbd05d225a186e99b5296a25916e", "4228742b043c47e0780ba276d9a8723ed7a510f22d201648122df1cd25802468", "74f7c20fdee2b0e569b3fc7d42521c2b55b3c280d5e7bc8a767ccef5ab5c17ff", "939036c35d85644dbca5216eb2e1bfb7fa67811046f8255482bc6cda2682c26c", "979819e0c50c5f49306c4cfd771039671c095f22d921ef836275392efd0c3611", "be4462b4dcbb28eb5a251b40ee7a38a22e481dacd76fdd07e89c0c1d115ab6d7", "f2405e47f4b46167eddfcd740204784d52cdd1d7b57c17fc00e5c686b7dc98de"], "name": "006700e5a2ab05704bbb0c589b88924d"}, {"hashes": ["26515e880aaf2e119424c894836ed5c79a590c4764f4bae20d473d217832a01d", "4521bf6f882807bdbb0c8f5f044c1415a543e2ca257ead36fba04c6a7919e6c0", "bf0dbed2199658935e948e57220075e24144639b7e8cdcd56d8c1887142d758a", "e9d09f322085232721e4239b087c8c66150e27322042a2ea5bd7bb42a501bcc7", "faeeb04040aa97fbfbe9df50bd1bfd08bfaf9c5d9a9ae5b90d173656da31cf43"], "name": "{1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D}"}, {"hashes": ["26515e880aaf2e119424c894836ed5c79a590c4764f4bae20d473d217832a01d", "4521bf6f882807bdbb0c8f5f044c1415a543e2ca257ead36fba04c6a7919e6c0", "bf0dbed2199658935e948e57220075e24144639b7e8cdcd56d8c1887142d758a", "e9d09f322085232721e4239b087c8c66150e27322042a2ea5bd7bb42a501bcc7", "faeeb04040aa97fbfbe9df50bd1bfd08bfaf9c5d9a9ae5b90d173656da31cf43"], "name": "M5/610HP/STAGE2"}], "registry": [{"hashes": ["03924699129f7f0b9a65041a4dcf96185004b90bd4d6017adfd720412630fbd4", "1a31c3549256936581d375838891a8ad4a71cbd05d225a186e99b5296a25916e", "2849b4a5145d840a746643b01050e13c0bc35151413da47d5b174a00c64b1c73", "337d917fe321f1e54f3927061475587a278314b7c8266955430bb4b8876cdf4a", "4228742b043c47e0780ba276d9a8723ed7a510f22d201648122df1cd25802468", "521a9ce550a408da634f02b39b4f8d18c37d9a4a5aa4c92948532dd175afe0ea", "74f7c20fdee2b0e569b3fc7d42521c2b55b3c280d5e7bc8a767ccef5ab5c17ff", "840b2b2bd08ec79d19b5504debdbad612518346599444e676e23789a8455047d", "8ce009fe7fadda76ddcc21248231af4358fa92e7f877e73f0e37726476f85b01", "939036c35d85644dbca5216eb2e1bfb7fa67811046f8255482bc6cda2682c26c", "979819e0c50c5f49306c4cfd771039671c095f22d921ef836275392efd0c3611", "ba138751a85fa76814cb894a80bc7275a665931be5830296a15bd54f504e0ab4", "be23b54bcac341046ed5a2c35a1ee830610e578627978c2bb012138dfff6a3f5", "be4462b4dcbb28eb5a251b40ee7a38a22e481dacd76fdd07e89c0c1d115ab6d7", "d5252b92597828b52ddec826eb84b24f492480d076eed9aeec80cc3b93a0118a", "f2405e47f4b46167eddfcd740204784d52cdd1d7b57c17fc00e5c686b7dc98de"], "key": "<HKLM>\\SOFTWARE\\POLICIES\\MICROSOFT\\WINDOWS DEFENDER", "value_name": "DisableAntiSpyware"}, {"hashes": ["03924699129f7f0b9a65041a4dcf96185004b90bd4d6017adfd720412630fbd4", "1a31c3549256936581d375838891a8ad4a71cbd05d225a186e99b5296a25916e", "2849b4a5145d840a746643b01050e13c0bc35151413da47d5b174a00c64b1c73", "337d917fe321f1e54f3927061475587a278314b7c8266955430bb4b8876cdf4a", "4228742b043c47e0780ba276d9a8723ed7a510f22d201648122df1cd25802468", "521a9ce550a408da634f02b39b4f8d18c37d9a4a5aa4c92948532dd175afe0ea", "74f7c20fdee2b0e569b3fc7d42521c2b55b3c280d5e7bc8a767ccef5ab5c17ff", "840b2b2bd08ec79d19b5504debdbad612518346599444e676e23789a8455047d", "8ce009fe7fadda76ddcc21248231af4358fa92e7f877e73f0e37726476f85b01", "939036c35d85644dbca5216eb2e1bfb7fa67811046f8255482bc6cda2682c26c", "979819e0c50c5f49306c4cfd771039671c095f22d921ef836275392efd0c3611", "ba138751a85fa76814cb894a80bc7275a665931be5830296a15bd54f504e0ab4", "be23b54bcac341046ed5a2c35a1ee830610e578627978c2bb012138dfff6a3f5", "be4462b4dcbb28eb5a251b40ee7a38a22e481dacd76fdd07e89c0c1d115ab6d7", "d5252b92597828b52ddec826eb84b24f492480d076eed9aeec80cc3b93a0118a", "f2405e47f4b46167eddfcd740204784d52cdd1d7b57c17fc00e5c686b7dc98de"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WINDEFEND", "value_name": "Start"}, {"hashes": ["03924699129f7f0b9a65041a4dcf96185004b90bd4d6017adfd720412630fbd4", "1a31c3549256936581d375838891a8ad4a71cbd05d225a186e99b5296a25916e", "2849b4a5145d840a746643b01050e13c0bc35151413da47d5b174a00c64b1c73", "337d917fe321f1e54f3927061475587a278314b7c8266955430bb4b8876cdf4a", "4228742b043c47e0780ba276d9a8723ed7a510f22d201648122df1cd25802468", "521a9ce550a408da634f02b39b4f8d18c37d9a4a5aa4c92948532dd175afe0ea", "74f7c20fdee2b0e569b3fc7d42521c2b55b3c280d5e7bc8a767ccef5ab5c17ff", "840b2b2bd08ec79d19b5504debdbad612518346599444e676e23789a8455047d", "8ce009fe7fadda76ddcc21248231af4358fa92e7f877e73f0e37726476f85b01", "939036c35d85644dbca5216eb2e1bfb7fa67811046f8255482bc6cda2682c26c", "979819e0c50c5f49306c4cfd771039671c095f22d921ef836275392efd0c3611", "ba138751a85fa76814cb894a80bc7275a665931be5830296a15bd54f504e0ab4", "be23b54bcac341046ed5a2c35a1ee830610e578627978c2bb012138dfff6a3f5", "be4462b4dcbb28eb5a251b40ee7a38a22e481dacd76fdd07e89c0c1d115ab6d7", "d5252b92597828b52ddec826eb84b24f492480d076eed9aeec80cc3b93a0118a", "f2405e47f4b46167eddfcd740204784d52cdd1d7b57c17fc00e5c686b7dc98de"], "key": "<HKLM>\\SOFTWARE\\POLICIES\\MICROSOFT\\WINDOWS\\WINDOWSUPDATE\\AU", "value_name": null}, {"hashes": ["03924699129f7f0b9a65041a4dcf96185004b90bd4d6017adfd720412630fbd4", "1a31c3549256936581d375838891a8ad4a71cbd05d225a186e99b5296a25916e", "2849b4a5145d840a746643b01050e13c0bc35151413da47d5b174a00c64b1c73", "337d917fe321f1e54f3927061475587a278314b7c8266955430bb4b8876cdf4a", "4228742b043c47e0780ba276d9a8723ed7a510f22d201648122df1cd25802468", "521a9ce550a408da634f02b39b4f8d18c37d9a4a5aa4c92948532dd175afe0ea", "74f7c20fdee2b0e569b3fc7d42521c2b55b3c280d5e7bc8a767ccef5ab5c17ff", "840b2b2bd08ec79d19b5504debdbad612518346599444e676e23789a8455047d", "8ce009fe7fadda76ddcc21248231af4358fa92e7f877e73f0e37726476f85b01", "939036c35d85644dbca5216eb2e1bfb7fa67811046f8255482bc6cda2682c26c", "979819e0c50c5f49306c4cfd771039671c095f22d921ef836275392efd0c3611", "ba138751a85fa76814cb894a80bc7275a665931be5830296a15bd54f504e0ab4", "be23b54bcac341046ed5a2c35a1ee830610e578627978c2bb012138dfff6a3f5", "be4462b4dcbb28eb5a251b40ee7a38a22e481dacd76fdd07e89c0c1d115ab6d7", "d5252b92597828b52ddec826eb84b24f492480d076eed9aeec80cc3b93a0118a", "f2405e47f4b46167eddfcd740204784d52cdd1d7b57c17fc00e5c686b7dc98de"], "key": "<HKLM>\\SOFTWARE\\POLICIES\\MICROSOFT\\WINDOWS\\WINDOWSUPDATE\\AU", "value_name": "NoAutoRebootWithLoggedOnUsers"}, {"hashes": ["03924699129f7f0b9a65041a4dcf96185004b90bd4d6017adfd720412630fbd4", "1a31c3549256936581d375838891a8ad4a71cbd05d225a186e99b5296a25916e", "2849b4a5145d840a746643b01050e13c0bc35151413da47d5b174a00c64b1c73", "337d917fe321f1e54f3927061475587a278314b7c8266955430bb4b8876cdf4a", "4228742b043c47e0780ba276d9a8723ed7a510f22d201648122df1cd25802468", "521a9ce550a408da634f02b39b4f8d18c37d9a4a5aa4c92948532dd175afe0ea", "74f7c20fdee2b0e569b3fc7d42521c2b55b3c280d5e7bc8a767ccef5ab5c17ff", "840b2b2bd08ec79d19b5504debdbad612518346599444e676e23789a8455047d", "8ce009fe7fadda76ddcc21248231af4358fa92e7f877e73f0e37726476f85b01", "939036c35d85644dbca5216eb2e1bfb7fa67811046f8255482bc6cda2682c26c", "979819e0c50c5f49306c4cfd771039671c095f22d921ef836275392efd0c3611", "ba138751a85fa76814cb894a80bc7275a665931be5830296a15bd54f504e0ab4", "be23b54bcac341046ed5a2c35a1ee830610e578627978c2bb012138dfff6a3f5", "be4462b4dcbb28eb5a251b40ee7a38a22e481dacd76fdd07e89c0c1d115ab6d7", "d5252b92597828b52ddec826eb84b24f492480d076eed9aeec80cc3b93a0118a", "f2405e47f4b46167eddfcd740204784d52cdd1d7b57c17fc00e5c686b7dc98de"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WUAUSERV", "value_name": "Start"}, {"hashes": ["03924699129f7f0b9a65041a4dcf96185004b90bd4d6017adfd720412630fbd4", "1a31c3549256936581d375838891a8ad4a71cbd05d225a186e99b5296a25916e", "2849b4a5145d840a746643b01050e13c0bc35151413da47d5b174a00c64b1c73", "337d917fe321f1e54f3927061475587a278314b7c8266955430bb4b8876cdf4a", "4228742b043c47e0780ba276d9a8723ed7a510f22d201648122df1cd25802468", "521a9ce550a408da634f02b39b4f8d18c37d9a4a5aa4c92948532dd175afe0ea", "74f7c20fdee2b0e569b3fc7d42521c2b55b3c280d5e7bc8a767ccef5ab5c17ff", "840b2b2bd08ec79d19b5504debdbad612518346599444e676e23789a8455047d", "8ce009fe7fadda76ddcc21248231af4358fa92e7f877e73f0e37726476f85b01", "939036c35d85644dbca5216eb2e1bfb7fa67811046f8255482bc6cda2682c26c", "979819e0c50c5f49306c4cfd771039671c095f22d921ef836275392efd0c3611", "ba138751a85fa76814cb894a80bc7275a665931be5830296a15bd54f504e0ab4", "be23b54bcac341046ed5a2c35a1ee830610e578627978c2bb012138dfff6a3f5", "be4462b4dcbb28eb5a251b40ee7a38a22e481dacd76fdd07e89c0c1d115ab6d7", "d5252b92597828b52ddec826eb84b24f492480d076eed9aeec80cc3b93a0118a", "f2405e47f4b46167eddfcd740204784d52cdd1d7b57c17fc00e5c686b7dc98de"], "key": "<HKLM>\\SOFTWARE\\POLICIES\\MICROSOFT\\WINDOWS\\WINDOWSUPDATE\\AU", "value_name": "NoAutoUpdate"}, {"hashes": ["03924699129f7f0b9a65041a4dcf96185004b90bd4d6017adfd720412630fbd4", "1a31c3549256936581d375838891a8ad4a71cbd05d225a186e99b5296a25916e", "2849b4a5145d840a746643b01050e13c0bc35151413da47d5b174a00c64b1c73", "337d917fe321f1e54f3927061475587a278314b7c8266955430bb4b8876cdf4a", "4228742b043c47e0780ba276d9a8723ed7a510f22d201648122df1cd25802468", "521a9ce550a408da634f02b39b4f8d18c37d9a4a5aa4c92948532dd175afe0ea", "74f7c20fdee2b0e569b3fc7d42521c2b55b3c280d5e7bc8a767ccef5ab5c17ff", "840b2b2bd08ec79d19b5504debdbad612518346599444e676e23789a8455047d", "8ce009fe7fadda76ddcc21248231af4358fa92e7f877e73f0e37726476f85b01", "939036c35d85644dbca5216eb2e1bfb7fa67811046f8255482bc6cda2682c26c", "979819e0c50c5f49306c4cfd771039671c095f22d921ef836275392efd0c3611", "ba138751a85fa76814cb894a80bc7275a665931be5830296a15bd54f504e0ab4", "be23b54bcac341046ed5a2c35a1ee830610e578627978c2bb012138dfff6a3f5", "be4462b4dcbb28eb5a251b40ee7a38a22e481dacd76fdd07e89c0c1d115ab6d7", "d5252b92597828b52ddec826eb84b24f492480d076eed9aeec80cc3b93a0118a", "f2405e47f4b46167eddfcd740204784d52cdd1d7b57c17fc00e5c686b7dc98de"], "key": "<HKLM>\\SOFTWARE\\POLICIES\\MICROSOFT\\WINDOWS DEFENDER\\REAL-TIME PROTECTION", "value_name": "DisableBehaviorMonitoring"}, {"hashes": ["03924699129f7f0b9a65041a4dcf96185004b90bd4d6017adfd720412630fbd4", "1a31c3549256936581d375838891a8ad4a71cbd05d225a186e99b5296a25916e", "2849b4a5145d840a746643b01050e13c0bc35151413da47d5b174a00c64b1c73", "337d917fe321f1e54f3927061475587a278314b7c8266955430bb4b8876cdf4a", "4228742b043c47e0780ba276d9a8723ed7a510f22d201648122df1cd25802468", "521a9ce550a408da634f02b39b4f8d18c37d9a4a5aa4c92948532dd175afe0ea", "74f7c20fdee2b0e569b3fc7d42521c2b55b3c280d5e7bc8a767ccef5ab5c17ff", "840b2b2bd08ec79d19b5504debdbad612518346599444e676e23789a8455047d", "8ce009fe7fadda76ddcc21248231af4358fa92e7f877e73f0e37726476f85b01", "939036c35d85644dbca5216eb2e1bfb7fa67811046f8255482bc6cda2682c26c", "979819e0c50c5f49306c4cfd771039671c095f22d921ef836275392efd0c3611", "ba138751a85fa76814cb894a80bc7275a665931be5830296a15bd54f504e0ab4", "be23b54bcac341046ed5a2c35a1ee830610e578627978c2bb012138dfff6a3f5", "be4462b4dcbb28eb5a251b40ee7a38a22e481dacd76fdd07e89c0c1d115ab6d7", "d5252b92597828b52ddec826eb84b24f492480d076eed9aeec80cc3b93a0118a", "f2405e47f4b46167eddfcd740204784d52cdd1d7b57c17fc00e5c686b7dc98de"], "key": "<HKLM>\\SOFTWARE\\POLICIES\\MICROSOFT\\WINDOWS DEFENDER\\REAL-TIME PROTECTION", "value_name": "DisableOnAccessProtection"}, {"hashes": ["03924699129f7f0b9a65041a4dcf96185004b90bd4d6017adfd720412630fbd4", "1a31c3549256936581d375838891a8ad4a71cbd05d225a186e99b5296a25916e", "2849b4a5145d840a746643b01050e13c0bc35151413da47d5b174a00c64b1c73", "337d917fe321f1e54f3927061475587a278314b7c8266955430bb4b8876cdf4a", "4228742b043c47e0780ba276d9a8723ed7a510f22d201648122df1cd25802468", "521a9ce550a408da634f02b39b4f8d18c37d9a4a5aa4c92948532dd175afe0ea", "74f7c20fdee2b0e569b3fc7d42521c2b55b3c280d5e7bc8a767ccef5ab5c17ff", "840b2b2bd08ec79d19b5504debdbad612518346599444e676e23789a8455047d", "8ce009fe7fadda76ddcc21248231af4358fa92e7f877e73f0e37726476f85b01", "939036c35d85644dbca5216eb2e1bfb7fa67811046f8255482bc6cda2682c26c", "979819e0c50c5f49306c4cfd771039671c095f22d921ef836275392efd0c3611", "ba138751a85fa76814cb894a80bc7275a665931be5830296a15bd54f504e0ab4", "be23b54bcac341046ed5a2c35a1ee830610e578627978c2bb012138dfff6a3f5", "be4462b4dcbb28eb5a251b40ee7a38a22e481dacd76fdd07e89c0c1d115ab6d7", "d5252b92597828b52ddec826eb84b24f492480d076eed9aeec80cc3b93a0118a", "f2405e47f4b46167eddfcd740204784d52cdd1d7b57c17fc00e5c686b7dc98de"], "key": "<HKLM>\\SOFTWARE\\POLICIES\\MICROSOFT\\WINDOWS DEFENDER\\REAL-TIME PROTECTION", "value_name": "DisableScanOnRealtimeEnable"}, {"hashes": ["03924699129f7f0b9a65041a4dcf96185004b90bd4d6017adfd720412630fbd4", "1a31c3549256936581d375838891a8ad4a71cbd05d225a186e99b5296a25916e", "2849b4a5145d840a746643b01050e13c0bc35151413da47d5b174a00c64b1c73", "337d917fe321f1e54f3927061475587a278314b7c8266955430bb4b8876cdf4a", "4228742b043c47e0780ba276d9a8723ed7a510f22d201648122df1cd25802468", "521a9ce550a408da634f02b39b4f8d18c37d9a4a5aa4c92948532dd175afe0ea", "74f7c20fdee2b0e569b3fc7d42521c2b55b3c280d5e7bc8a767ccef5ab5c17ff", "840b2b2bd08ec79d19b5504debdbad612518346599444e676e23789a8455047d", "8ce009fe7fadda76ddcc21248231af4358fa92e7f877e73f0e37726476f85b01", "939036c35d85644dbca5216eb2e1bfb7fa67811046f8255482bc6cda2682c26c", "979819e0c50c5f49306c4cfd771039671c095f22d921ef836275392efd0c3611", "ba138751a85fa76814cb894a80bc7275a665931be5830296a15bd54f504e0ab4", "be23b54bcac341046ed5a2c35a1ee830610e578627978c2bb012138dfff6a3f5", "be4462b4dcbb28eb5a251b40ee7a38a22e481dacd76fdd07e89c0c1d115ab6d7", "d5252b92597828b52ddec826eb84b24f492480d076eed9aeec80cc3b93a0118a", "f2405e47f4b46167eddfcd740204784d52cdd1d7b57c17fc00e5c686b7dc98de"], "key": "<HKLM>\\SOFTWARE\\POLICIES\\MICROSOFT\\WINDOWS DEFENDER\\REAL-TIME PROTECTION", "value_name": "DisableIOAVProtection"}, {"hashes": ["03924699129f7f0b9a65041a4dcf96185004b90bd4d6017adfd720412630fbd4", "1a31c3549256936581d375838891a8ad4a71cbd05d225a186e99b5296a25916e", "2849b4a5145d840a746643b01050e13c0bc35151413da47d5b174a00c64b1c73", "337d917fe321f1e54f3927061475587a278314b7c8266955430bb4b8876cdf4a", "4228742b043c47e0780ba276d9a8723ed7a510f22d201648122df1cd25802468", "521a9ce550a408da634f02b39b4f8d18c37d9a4a5aa4c92948532dd175afe0ea", "74f7c20fdee2b0e569b3fc7d42521c2b55b3c280d5e7bc8a767ccef5ab5c17ff", "840b2b2bd08ec79d19b5504debdbad612518346599444e676e23789a8455047d", "8ce009fe7fadda76ddcc21248231af4358fa92e7f877e73f0e37726476f85b01", "939036c35d85644dbca5216eb2e1bfb7fa67811046f8255482bc6cda2682c26c", "979819e0c50c5f49306c4cfd771039671c095f22d921ef836275392efd0c3611", "ba138751a85fa76814cb894a80bc7275a665931be5830296a15bd54f504e0ab4", "be23b54bcac341046ed5a2c35a1ee830610e578627978c2bb012138dfff6a3f5", "be4462b4dcbb28eb5a251b40ee7a38a22e481dacd76fdd07e89c0c1d115ab6d7", "d5252b92597828b52ddec826eb84b24f492480d076eed9aeec80cc3b93a0118a", "f2405e47f4b46167eddfcd740204784d52cdd1d7b57c17fc00e5c686b7dc98de"], "key": "<HKLM>\\SOFTWARE\\POLICIES\\MICROSOFT\\WINDOWS DEFENDER", "value_name": null}, {"hashes": ["03924699129f7f0b9a65041a4dcf96185004b90bd4d6017adfd720412630fbd4", "1a31c3549256936581d375838891a8ad4a71cbd05d225a186e99b5296a25916e", "2849b4a5145d840a746643b01050e13c0bc35151413da47d5b174a00c64b1c73", "337d917fe321f1e54f3927061475587a278314b7c8266955430bb4b8876cdf4a", "4228742b043c47e0780ba276d9a8723ed7a510f22d201648122df1cd25802468", "521a9ce550a408da634f02b39b4f8d18c37d9a4a5aa4c92948532dd175afe0ea", "74f7c20fdee2b0e569b3fc7d42521c2b55b3c280d5e7bc8a767ccef5ab5c17ff", "840b2b2bd08ec79d19b5504debdbad612518346599444e676e23789a8455047d", "8ce009fe7fadda76ddcc21248231af4358fa92e7f877e73f0e37726476f85b01", "939036c35d85644dbca5216eb2e1bfb7fa67811046f8255482bc6cda2682c26c", "979819e0c50c5f49306c4cfd771039671c095f22d921ef836275392efd0c3611", "ba138751a85fa76814cb894a80bc7275a665931be5830296a15bd54f504e0ab4", "be23b54bcac341046ed5a2c35a1ee830610e578627978c2bb012138dfff6a3f5", "be4462b4dcbb28eb5a251b40ee7a38a22e481dacd76fdd07e89c0c1d115ab6d7", "d5252b92597828b52ddec826eb84b24f492480d076eed9aeec80cc3b93a0118a", "f2405e47f4b46167eddfcd740204784d52cdd1d7b57c17fc00e5c686b7dc98de"], "key": "<HKLM>\\SOFTWARE\\POLICIES\\MICROSOFT\\WINDOWS DEFENDER\\REAL-TIME PROTECTION", "value_name": null}, {"hashes": ["03924699129f7f0b9a65041a4dcf96185004b90bd4d6017adfd720412630fbd4", "1a31c3549256936581d375838891a8ad4a71cbd05d225a186e99b5296a25916e", "2849b4a5145d840a746643b01050e13c0bc35151413da47d5b174a00c64b1c73", "337d917fe321f1e54f3927061475587a278314b7c8266955430bb4b8876cdf4a", "4228742b043c47e0780ba276d9a8723ed7a510f22d201648122df1cd25802468", "521a9ce550a408da634f02b39b4f8d18c37d9a4a5aa4c92948532dd175afe0ea", "74f7c20fdee2b0e569b3fc7d42521c2b55b3c280d5e7bc8a767ccef5ab5c17ff", "840b2b2bd08ec79d19b5504debdbad612518346599444e676e23789a8455047d", "8ce009fe7fadda76ddcc21248231af4358fa92e7f877e73f0e37726476f85b01", "939036c35d85644dbca5216eb2e1bfb7fa67811046f8255482bc6cda2682c26c", "979819e0c50c5f49306c4cfd771039671c095f22d921ef836275392efd0c3611", "ba138751a85fa76814cb894a80bc7275a665931be5830296a15bd54f504e0ab4", "be23b54bcac341046ed5a2c35a1ee830610e578627978c2bb012138dfff6a3f5", "be4462b4dcbb28eb5a251b40ee7a38a22e481dacd76fdd07e89c0c1d115ab6d7", "d5252b92597828b52ddec826eb84b24f492480d076eed9aeec80cc3b93a0118a", "f2405e47f4b46167eddfcd740204784d52cdd1d7b57c17fc00e5c686b7dc98de"], "key": "<HKLM>\\SOFTWARE\\POLICIES\\MICROSOFT\\WINDOWS\\WINDOWSUPDATE", "value_name": null}, {"hashes": ["03924699129f7f0b9a65041a4dcf96185004b90bd4d6017adfd720412630fbd4", "1a31c3549256936581d375838891a8ad4a71cbd05d225a186e99b5296a25916e", "2849b4a5145d840a746643b01050e13c0bc35151413da47d5b174a00c64b1c73", "337d917fe321f1e54f3927061475587a278314b7c8266955430bb4b8876cdf4a", "4228742b043c47e0780ba276d9a8723ed7a510f22d201648122df1cd25802468", "521a9ce550a408da634f02b39b4f8d18c37d9a4a5aa4c92948532dd175afe0ea", "74f7c20fdee2b0e569b3fc7d42521c2b55b3c280d5e7bc8a767ccef5ab5c17ff", "840b2b2bd08ec79d19b5504debdbad612518346599444e676e23789a8455047d", "8ce009fe7fadda76ddcc21248231af4358fa92e7f877e73f0e37726476f85b01", "939036c35d85644dbca5216eb2e1bfb7fa67811046f8255482bc6cda2682c26c", "979819e0c50c5f49306c4cfd771039671c095f22d921ef836275392efd0c3611", "ba138751a85fa76814cb894a80bc7275a665931be5830296a15bd54f504e0ab4", "be23b54bcac341046ed5a2c35a1ee830610e578627978c2bb012138dfff6a3f5", "be4462b4dcbb28eb5a251b40ee7a38a22e481dacd76fdd07e89c0c1d115ab6d7", "d5252b92597828b52ddec826eb84b24f492480d076eed9aeec80cc3b93a0118a", "f2405e47f4b46167eddfcd740204784d52cdd1d7b57c17fc00e5c686b7dc98de"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS DEFENDER\\FEATURES", "value_name": null}, {"hashes": ["03924699129f7f0b9a65041a4dcf96185004b90bd4d6017adfd720412630fbd4", "1a31c3549256936581d375838891a8ad4a71cbd05d225a186e99b5296a25916e", "2849b4a5145d840a746643b01050e13c0bc35151413da47d5b174a00c64b1c73", "337d917fe321f1e54f3927061475587a278314b7c8266955430bb4b8876cdf4a", "4228742b043c47e0780ba276d9a8723ed7a510f22d201648122df1cd25802468", "521a9ce550a408da634f02b39b4f8d18c37d9a4a5aa4c92948532dd175afe0ea", "74f7c20fdee2b0e569b3fc7d42521c2b55b3c280d5e7bc8a767ccef5ab5c17ff", "840b2b2bd08ec79d19b5504debdbad612518346599444e676e23789a8455047d", "8ce009fe7fadda76ddcc21248231af4358fa92e7f877e73f0e37726476f85b01", "939036c35d85644dbca5216eb2e1bfb7fa67811046f8255482bc6cda2682c26c", "979819e0c50c5f49306c4cfd771039671c095f22d921ef836275392efd0c3611", "ba138751a85fa76814cb894a80bc7275a665931be5830296a15bd54f504e0ab4", "be23b54bcac341046ed5a2c35a1ee830610e578627978c2bb012138dfff6a3f5", "be4462b4dcbb28eb5a251b40ee7a38a22e481dacd76fdd07e89c0c1d115ab6d7", "d5252b92597828b52ddec826eb84b24f492480d076eed9aeec80cc3b93a0118a", "f2405e47f4b46167eddfcd740204784d52cdd1d7b57c17fc00e5c686b7dc98de"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS DEFENDER\\FEATURES", "value_name": "TamperProtection"}, {"hashes": ["03924699129f7f0b9a65041a4dcf96185004b90bd4d6017adfd720412630fbd4", "1a31c3549256936581d375838891a8ad4a71cbd05d225a186e99b5296a25916e", "2849b4a5145d840a746643b01050e13c0bc35151413da47d5b174a00c64b1c73", "337d917fe321f1e54f3927061475587a278314b7c8266955430bb4b8876cdf4a", "4228742b043c47e0780ba276d9a8723ed7a510f22d201648122df1cd25802468", "521a9ce550a408da634f02b39b4f8d18c37d9a4a5aa4c92948532dd175afe0ea", "74f7c20fdee2b0e569b3fc7d42521c2b55b3c280d5e7bc8a767ccef5ab5c17ff", "840b2b2bd08ec79d19b5504debdbad612518346599444e676e23789a8455047d", "8ce009fe7fadda76ddcc21248231af4358fa92e7f877e73f0e37726476f85b01", "939036c35d85644dbca5216eb2e1bfb7fa67811046f8255482bc6cda2682c26c", "979819e0c50c5f49306c4cfd771039671c095f22d921ef836275392efd0c3611", "ba138751a85fa76814cb894a80bc7275a665931be5830296a15bd54f504e0ab4", "be23b54bcac341046ed5a2c35a1ee830610e578627978c2bb012138dfff6a3f5", "be4462b4dcbb28eb5a251b40ee7a38a22e481dacd76fdd07e89c0c1d115ab6d7", "d5252b92597828b52ddec826eb84b24f492480d076eed9aeec80cc3b93a0118a", "f2405e47f4b46167eddfcd740204784d52cdd1d7b57c17fc00e5c686b7dc98de"], "key": "<HKLM>\\SOFTWARE\\POLICIES\\MICROSOFT\\WINDOWS DEFENDER\\REAL-TIME PROTECTION", "value_name": "DisableRealtimeMonitoring"}, {"hashes": ["03924699129f7f0b9a65041a4dcf96185004b90bd4d6017adfd720412630fbd4", "1a31c3549256936581d375838891a8ad4a71cbd05d225a186e99b5296a25916e", "2849b4a5145d840a746643b01050e13c0bc35151413da47d5b174a00c64b1c73", "337d917fe321f1e54f3927061475587a278314b7c8266955430bb4b8876cdf4a", "4228742b043c47e0780ba276d9a8723ed7a510f22d201648122df1cd25802468", "521a9ce550a408da634f02b39b4f8d18c37d9a4a5aa4c92948532dd175afe0ea", "74f7c20fdee2b0e569b3fc7d42521c2b55b3c280d5e7bc8a767ccef5ab5c17ff", "840b2b2bd08ec79d19b5504debdbad612518346599444e676e23789a8455047d", "8ce009fe7fadda76ddcc21248231af4358fa92e7f877e73f0e37726476f85b01", "939036c35d85644dbca5216eb2e1bfb7fa67811046f8255482bc6cda2682c26c", "979819e0c50c5f49306c4cfd771039671c095f22d921ef836275392efd0c3611", "ba138751a85fa76814cb894a80bc7275a665931be5830296a15bd54f504e0ab4", "be23b54bcac341046ed5a2c35a1ee830610e578627978c2bb012138dfff6a3f5", "be4462b4dcbb28eb5a251b40ee7a38a22e481dacd76fdd07e89c0c1d115ab6d7", "d5252b92597828b52ddec826eb84b24f492480d076eed9aeec80cc3b93a0118a", "f2405e47f4b46167eddfcd740204784d52cdd1d7b57c17fc00e5c686b7dc98de"], "key": "<HKLM>\\SOFTWARE\\POLICIES\\MICROSOFT\\WINDOWS DEFENDER SECURITY CENTER", "value_name": null}, {"hashes": ["03924699129f7f0b9a65041a4dcf96185004b90bd4d6017adfd720412630fbd4", "1a31c3549256936581d375838891a8ad4a71cbd05d225a186e99b5296a25916e", "2849b4a5145d840a746643b01050e13c0bc35151413da47d5b174a00c64b1c73", "337d917fe321f1e54f3927061475587a278314b7c8266955430bb4b8876cdf4a", "4228742b043c47e0780ba276d9a8723ed7a510f22d201648122df1cd25802468", "521a9ce550a408da634f02b39b4f8d18c37d9a4a5aa4c92948532dd175afe0ea", "74f7c20fdee2b0e569b3fc7d42521c2b55b3c280d5e7bc8a767ccef5ab5c17ff", "840b2b2bd08ec79d19b5504debdbad612518346599444e676e23789a8455047d", "8ce009fe7fadda76ddcc21248231af4358fa92e7f877e73f0e37726476f85b01", "939036c35d85644dbca5216eb2e1bfb7fa67811046f8255482bc6cda2682c26c", "979819e0c50c5f49306c4cfd771039671c095f22d921ef836275392efd0c3611", "ba138751a85fa76814cb894a80bc7275a665931be5830296a15bd54f504e0ab4", "be23b54bcac341046ed5a2c35a1ee830610e578627978c2bb012138dfff6a3f5", "be4462b4dcbb28eb5a251b40ee7a38a22e481dacd76fdd07e89c0c1d115ab6d7", "d5252b92597828b52ddec826eb84b24f492480d076eed9aeec80cc3b93a0118a", "f2405e47f4b46167eddfcd740204784d52cdd1d7b57c17fc00e5c686b7dc98de"], "key": "<HKLM>\\SOFTWARE\\POLICIES\\MICROSOFT\\WINDOWS\\WINDOWSUPDATE\\AU", "value_name": "AUOptions"}, {"hashes": ["03924699129f7f0b9a65041a4dcf96185004b90bd4d6017adfd720412630fbd4", "1a31c3549256936581d375838891a8ad4a71cbd05d225a186e99b5296a25916e", "2849b4a5145d840a746643b01050e13c0bc35151413da47d5b174a00c64b1c73", "337d917fe321f1e54f3927061475587a278314b7c8266955430bb4b8876cdf4a", "4228742b043c47e0780ba276d9a8723ed7a510f22d201648122df1cd25802468", "521a9ce550a408da634f02b39b4f8d18c37d9a4a5aa4c92948532dd175afe0ea", "74f7c20fdee2b0e569b3fc7d42521c2b55b3c280d5e7bc8a767ccef5ab5c17ff", "840b2b2bd08ec79d19b5504debdbad612518346599444e676e23789a8455047d", "8ce009fe7fadda76ddcc21248231af4358fa92e7f877e73f0e37726476f85b01", "939036c35d85644dbca5216eb2e1bfb7fa67811046f8255482bc6cda2682c26c", "979819e0c50c5f49306c4cfd771039671c095f22d921ef836275392efd0c3611", "ba138751a85fa76814cb894a80bc7275a665931be5830296a15bd54f504e0ab4", "be23b54bcac341046ed5a2c35a1ee830610e578627978c2bb012138dfff6a3f5", "be4462b4dcbb28eb5a251b40ee7a38a22e481dacd76fdd07e89c0c1d115ab6d7", "d5252b92597828b52ddec826eb84b24f492480d076eed9aeec80cc3b93a0118a", "f2405e47f4b46167eddfcd740204784d52cdd1d7b57c17fc00e5c686b7dc98de"], "key": "<HKLM>\\SOFTWARE\\POLICIES\\MICROSOFT\\WINDOWS\\WINDOWSUPDATE\\AU", "value_name": "AutoInstallMinorUpdates"}, {"hashes": ["03924699129f7f0b9a65041a4dcf96185004b90bd4d6017adfd720412630fbd4", "1a31c3549256936581d375838891a8ad4a71cbd05d225a186e99b5296a25916e", "2849b4a5145d840a746643b01050e13c0bc35151413da47d5b174a00c64b1c73", "337d917fe321f1e54f3927061475587a278314b7c8266955430bb4b8876cdf4a", "4228742b043c47e0780ba276d9a8723ed7a510f22d201648122df1cd25802468", "521a9ce550a408da634f02b39b4f8d18c37d9a4a5aa4c92948532dd175afe0ea", "74f7c20fdee2b0e569b3fc7d42521c2b55b3c280d5e7bc8a767ccef5ab5c17ff", "840b2b2bd08ec79d19b5504debdbad612518346599444e676e23789a8455047d", "8ce009fe7fadda76ddcc21248231af4358fa92e7f877e73f0e37726476f85b01", "939036c35d85644dbca5216eb2e1bfb7fa67811046f8255482bc6cda2682c26c", "979819e0c50c5f49306c4cfd771039671c095f22d921ef836275392efd0c3611", "ba138751a85fa76814cb894a80bc7275a665931be5830296a15bd54f504e0ab4", "be23b54bcac341046ed5a2c35a1ee830610e578627978c2bb012138dfff6a3f5", "be4462b4dcbb28eb5a251b40ee7a38a22e481dacd76fdd07e89c0c1d115ab6d7", "d5252b92597828b52ddec826eb84b24f492480d076eed9aeec80cc3b93a0118a", "f2405e47f4b46167eddfcd740204784d52cdd1d7b57c17fc00e5c686b7dc98de"], "key": "<HKLM>\\SOFTWARE\\POLICIES\\MICROSOFT\\WINDOWS DEFENDER SECURITY CENTER\\NOTIFICATIONS", "value_name": null}, {"hashes": ["03924699129f7f0b9a65041a4dcf96185004b90bd4d6017adfd720412630fbd4", "1a31c3549256936581d375838891a8ad4a71cbd05d225a186e99b5296a25916e", "2849b4a5145d840a746643b01050e13c0bc35151413da47d5b174a00c64b1c73", "337d917fe321f1e54f3927061475587a278314b7c8266955430bb4b8876cdf4a", "4228742b043c47e0780ba276d9a8723ed7a510f22d201648122df1cd25802468", "521a9ce550a408da634f02b39b4f8d18c37d9a4a5aa4c92948532dd175afe0ea", "74f7c20fdee2b0e569b3fc7d42521c2b55b3c280d5e7bc8a767ccef5ab5c17ff", "840b2b2bd08ec79d19b5504debdbad612518346599444e676e23789a8455047d", "8ce009fe7fadda76ddcc21248231af4358fa92e7f877e73f0e37726476f85b01", "939036c35d85644dbca5216eb2e1bfb7fa67811046f8255482bc6cda2682c26c", "979819e0c50c5f49306c4cfd771039671c095f22d921ef836275392efd0c3611", "ba138751a85fa76814cb894a80bc7275a665931be5830296a15bd54f504e0ab4", "be23b54bcac341046ed5a2c35a1ee830610e578627978c2bb012138dfff6a3f5", "be4462b4dcbb28eb5a251b40ee7a38a22e481dacd76fdd07e89c0c1d115ab6d7", "d5252b92597828b52ddec826eb84b24f492480d076eed9aeec80cc3b93a0118a", "f2405e47f4b46167eddfcd740204784d52cdd1d7b57c17fc00e5c686b7dc98de"], "key": "<HKLM>\\SOFTWARE\\POLICIES\\MICROSOFT\\WINDOWS DEFENDER SECURITY CENTER\\NOTIFICATIONS", "value_name": "DisableNotifications"}, {"hashes": ["03924699129f7f0b9a65041a4dcf96185004b90bd4d6017adfd720412630fbd4", "1a31c3549256936581d375838891a8ad4a71cbd05d225a186e99b5296a25916e", "2849b4a5145d840a746643b01050e13c0bc35151413da47d5b174a00c64b1c73", "337d917fe321f1e54f3927061475587a278314b7c8266955430bb4b8876cdf4a", "4228742b043c47e0780ba276d9a8723ed7a510f22d201648122df1cd25802468", "521a9ce550a408da634f02b39b4f8d18c37d9a4a5aa4c92948532dd175afe0ea", "74f7c20fdee2b0e569b3fc7d42521c2b55b3c280d5e7bc8a767ccef5ab5c17ff", "840b2b2bd08ec79d19b5504debdbad612518346599444e676e23789a8455047d", "8ce009fe7fadda76ddcc21248231af4358fa92e7f877e73f0e37726476f85b01", "939036c35d85644dbca5216eb2e1bfb7fa67811046f8255482bc6cda2682c26c", "979819e0c50c5f49306c4cfd771039671c095f22d921ef836275392efd0c3611", "ba138751a85fa76814cb894a80bc7275a665931be5830296a15bd54f504e0ab4", "be23b54bcac341046ed5a2c35a1ee830610e578627978c2bb012138dfff6a3f5", "be4462b4dcbb28eb5a251b40ee7a38a22e481dacd76fdd07e89c0c1d115ab6d7", "d5252b92597828b52ddec826eb84b24f492480d076eed9aeec80cc3b93a0118a", "f2405e47f4b46167eddfcd740204784d52cdd1d7b57c17fc00e5c686b7dc98de"], "key": "<HKLM>\\SOFTWARE\\POLICIES\\MICROSOFT\\WINDOWS\\WINDOWSUPDATE\\AU", "value_name": "UseWUServer"}, {"hashes": ["03924699129f7f0b9a65041a4dcf96185004b90bd4d6017adfd720412630fbd4", "1a31c3549256936581d375838891a8ad4a71cbd05d225a186e99b5296a25916e", "2849b4a5145d840a746643b01050e13c0bc35151413da47d5b174a00c64b1c73", "337d917fe321f1e54f3927061475587a278314b7c8266955430bb4b8876cdf4a", "4228742b043c47e0780ba276d9a8723ed7a510f22d201648122df1cd25802468", "521a9ce550a408da634f02b39b4f8d18c37d9a4a5aa4c92948532dd175afe0ea", "74f7c20fdee2b0e569b3fc7d42521c2b55b3c280d5e7bc8a767ccef5ab5c17ff", "840b2b2bd08ec79d19b5504debdbad612518346599444e676e23789a8455047d", "8ce009fe7fadda76ddcc21248231af4358fa92e7f877e73f0e37726476f85b01", "939036c35d85644dbca5216eb2e1bfb7fa67811046f8255482bc6cda2682c26c", "979819e0c50c5f49306c4cfd771039671c095f22d921ef836275392efd0c3611", "ba138751a85fa76814cb894a80bc7275a665931be5830296a15bd54f504e0ab4", "be23b54bcac341046ed5a2c35a1ee830610e578627978c2bb012138dfff6a3f5", "be4462b4dcbb28eb5a251b40ee7a38a22e481dacd76fdd07e89c0c1d115ab6d7", "d5252b92597828b52ddec826eb84b24f492480d076eed9aeec80cc3b93a0118a", "f2405e47f4b46167eddfcd740204784d52cdd1d7b57c17fc00e5c686b7dc98de"], "key": "<HKLM>\\SOFTWARE\\POLICIES\\MICROSOFT\\WINDOWS\\WINDOWSUPDATE", "value_name": "DoNotConnectToWindowsUpdateInternetLocations"}, {"hashes": ["1a31c3549256936581d375838891a8ad4a71cbd05d225a186e99b5296a25916e", "4228742b043c47e0780ba276d9a8723ed7a510f22d201648122df1cd25802468", "74f7c20fdee2b0e569b3fc7d42521c2b55b3c280d5e7bc8a767ccef5ab5c17ff", "840b2b2bd08ec79d19b5504debdbad612518346599444e676e23789a8455047d", "8ce009fe7fadda76ddcc21248231af4358fa92e7f877e73f0e37726476f85b01", "939036c35d85644dbca5216eb2e1bfb7fa67811046f8255482bc6cda2682c26c", "979819e0c50c5f49306c4cfd771039671c095f22d921ef836275392efd0c3611", "be4462b4dcbb28eb5a251b40ee7a38a22e481dacd76fdd07e89c0c1d115ab6d7", "f2405e47f4b46167eddfcd740204784d52cdd1d7b57c17fc00e5c686b7dc98de"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUNONCE", "value_name": "wextract_cleanup0"}, {"hashes": ["1a31c3549256936581d375838891a8ad4a71cbd05d225a186e99b5296a25916e", "4228742b043c47e0780ba276d9a8723ed7a510f22d201648122df1cd25802468", "74f7c20fdee2b0e569b3fc7d42521c2b55b3c280d5e7bc8a767ccef5ab5c17ff", "840b2b2bd08ec79d19b5504debdbad612518346599444e676e23789a8455047d", "8ce009fe7fadda76ddcc21248231af4358fa92e7f877e73f0e37726476f85b01", "939036c35d85644dbca5216eb2e1bfb7fa67811046f8255482bc6cda2682c26c", "979819e0c50c5f49306c4cfd771039671c095f22d921ef836275392efd0c3611", "be4462b4dcbb28eb5a251b40ee7a38a22e481dacd76fdd07e89c0c1d115ab6d7", "f2405e47f4b46167eddfcd740204784d52cdd1d7b57c17fc00e5c686b7dc98de"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUNONCE", "value_name": "wextract_cleanup1"}, {"hashes": ["1a31c3549256936581d375838891a8ad4a71cbd05d225a186e99b5296a25916e", "4228742b043c47e0780ba276d9a8723ed7a510f22d201648122df1cd25802468", "74f7c20fdee2b0e569b3fc7d42521c2b55b3c280d5e7bc8a767ccef5ab5c17ff", "840b2b2bd08ec79d19b5504debdbad612518346599444e676e23789a8455047d", "8ce009fe7fadda76ddcc21248231af4358fa92e7f877e73f0e37726476f85b01", "939036c35d85644dbca5216eb2e1bfb7fa67811046f8255482bc6cda2682c26c", "979819e0c50c5f49306c4cfd771039671c095f22d921ef836275392efd0c3611", "be4462b4dcbb28eb5a251b40ee7a38a22e481dacd76fdd07e89c0c1d115ab6d7", "f2405e47f4b46167eddfcd740204784d52cdd1d7b57c17fc00e5c686b7dc98de"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUNONCE", "value_name": "wextract_cleanup2"}, {"hashes": ["1a31c3549256936581d375838891a8ad4a71cbd05d225a186e99b5296a25916e", "4228742b043c47e0780ba276d9a8723ed7a510f22d201648122df1cd25802468", "74f7c20fdee2b0e569b3fc7d42521c2b55b3c280d5e7bc8a767ccef5ab5c17ff", "840b2b2bd08ec79d19b5504debdbad612518346599444e676e23789a8455047d", "8ce009fe7fadda76ddcc21248231af4358fa92e7f877e73f0e37726476f85b01", "939036c35d85644dbca5216eb2e1bfb7fa67811046f8255482bc6cda2682c26c", "979819e0c50c5f49306c4cfd771039671c095f22d921ef836275392efd0c3611", "be4462b4dcbb28eb5a251b40ee7a38a22e481dacd76fdd07e89c0c1d115ab6d7", "f2405e47f4b46167eddfcd740204784d52cdd1d7b57c17fc00e5c686b7dc98de"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUNONCE", "value_name": "wextract_cleanup3"}, {"hashes": ["1a31c3549256936581d375838891a8ad4a71cbd05d225a186e99b5296a25916e", "4228742b043c47e0780ba276d9a8723ed7a510f22d201648122df1cd25802468", "74f7c20fdee2b0e569b3fc7d42521c2b55b3c280d5e7bc8a767ccef5ab5c17ff", "840b2b2bd08ec79d19b5504debdbad612518346599444e676e23789a8455047d", "8ce009fe7fadda76ddcc21248231af4358fa92e7f877e73f0e37726476f85b01", "939036c35d85644dbca5216eb2e1bfb7fa67811046f8255482bc6cda2682c26c", "979819e0c50c5f49306c4cfd771039671c095f22d921ef836275392efd0c3611", "be4462b4dcbb28eb5a251b40ee7a38a22e481dacd76fdd07e89c0c1d115ab6d7", "f2405e47f4b46167eddfcd740204784d52cdd1d7b57c17fc00e5c686b7dc98de"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS DEFENDER\\FEATURES", "value_name": null}, {"hashes": ["1a31c3549256936581d375838891a8ad4a71cbd05d225a186e99b5296a25916e", "4228742b043c47e0780ba276d9a8723ed7a510f22d201648122df1cd25802468", "74f7c20fdee2b0e569b3fc7d42521c2b55b3c280d5e7bc8a767ccef5ab5c17ff", "840b2b2bd08ec79d19b5504debdbad612518346599444e676e23789a8455047d", "8ce009fe7fadda76ddcc21248231af4358fa92e7f877e73f0e37726476f85b01", "939036c35d85644dbca5216eb2e1bfb7fa67811046f8255482bc6cda2682c26c", "979819e0c50c5f49306c4cfd771039671c095f22d921ef836275392efd0c3611", "be4462b4dcbb28eb5a251b40ee7a38a22e481dacd76fdd07e89c0c1d115ab6d7", "f2405e47f4b46167eddfcd740204784d52cdd1d7b57c17fc00e5c686b7dc98de"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS DEFENDER\\FEATURES", "value_name": "TamperProtection"}, {"hashes": ["1a31c3549256936581d375838891a8ad4a71cbd05d225a186e99b5296a25916e", "4228742b043c47e0780ba276d9a8723ed7a510f22d201648122df1cd25802468", "74f7c20fdee2b0e569b3fc7d42521c2b55b3c280d5e7bc8a767ccef5ab5c17ff", "939036c35d85644dbca5216eb2e1bfb7fa67811046f8255482bc6cda2682c26c", "979819e0c50c5f49306c4cfd771039671c095f22d921ef836275392efd0c3611", "be4462b4dcbb28eb5a251b40ee7a38a22e481dacd76fdd07e89c0c1d115ab6d7", "f2405e47f4b46167eddfcd740204784d52cdd1d7b57c17fc00e5c686b7dc98de"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\EXPLORER\\USER SHELL FOLDERS", "value_name": "Startup"}, {"hashes": ["26515e880aaf2e119424c894836ed5c79a590c4764f4bae20d473d217832a01d", "4521bf6f882807bdbb0c8f5f044c1415a543e2ca257ead36fba04c6a7919e6c0", "bf0dbed2199658935e948e57220075e24144639b7e8cdcd56d8c1887142d758a", "e9d09f322085232721e4239b087c8c66150e27322042a2ea5bd7bb42a501bcc7", "faeeb04040aa97fbfbe9df50bd1bfd08bfaf9c5d9a9ae5b90d173656da31cf43"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION", "value_name": "SysHelper"}, {"hashes": ["6fd8c636c94dc1380aef341cde76a40a02ee7e18161daee955c45c5004d88fb3", "908bc59262f91f2c86e1159957b7b9adfd6ab186cafd4f767d8723cc5ceeda7d", "ada5f594c110065e963f60e53a802dbbaf7321d244ab2bbe1cbd4abf7d90200c", "db44bb6cba207bd9fa4cf54924609ac951542c90eb881661a0c92057ef85f0b7", "f66edfe9c475fe0522cd87c7738e3f86692ea37f0e1083e2cd0d7d8212c5d036"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "telemetry"}]}, "reports_count": 45}, "Win.Packed.Upatre-9993687-0": {"bis": [{"bi": "memory-execute-readwrite", "hashes": ["a73bab9b6dc013f658d6697a19f1d05c4f32b57753a3852290561f034839580a", "7855251519672468876b60b8c35541a992cb5767b148d8f2079a499701d76512", "0e25453d0e0055690295e27bf06f8576978a7f723ae1fb94d9dcf211a690ed6b", "ef738e5f133b99f03a35dd442fee4fa77d6f902726e496e5e9ab54830b8e62a0", "74f32dcfaa51e61fb520641c893c4e28237859be347af74d326f0a4b15d50c2d", "b31ee4a8ac5fbe56665c674033747599f48d32fc054cae2b0161adf9e7314f5a", "5dc9a3c8cc080070ffc4f21348093020641806b7aeb4dd11e2d28d51358df3d2", "d3a6f9e579a0dc46883c85abedae67503b3bc1d41459c558769ab093449998df", "3016f39b5da400f546881ba5628db1d570f2cc2c0064bf14773fd267102688bc", "7879400b65d6df96d0aa9c00ec3c7dd1dcfbc83841dc34cb175db4fea2c1bb20", "7e60bc0d3894082f8c7d634761083c1c3c9b3293670877f716d5aaa0c9d0985b", "fcf5c338d09cf3a4f31cee0040a5f9d7b81cc222b0bdfe1dfd573423a4c1a053", "e75775da8316b3ee239cb01583c15383234d77ff1324b26c84e30b144f674ae6", "cbb5a2f33ed4be9210208ec4c81ae64e2a7d0d97c1264af1e232359db8354caf", "3001f5ac516c69a8668e3fb1f1f8894d2cf9b1388f33989335f82cb99ffb2f20", "7fca81eba218f66884c7bb0373a5c6e8f1b6495c7aa67928d9c8e7657f878b24", "16008473272fbf4065bbc9601c67c54445c27241c38b60aa2bad8bb045e8e65e", "1a29c62f02b5c636c507f6cdc36a81b5188a4a598ffb339cfa092288c3e6a781"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "modified-executable", "hashes": ["a73bab9b6dc013f658d6697a19f1d05c4f32b57753a3852290561f034839580a", "7855251519672468876b60b8c35541a992cb5767b148d8f2079a499701d76512", "0e25453d0e0055690295e27bf06f8576978a7f723ae1fb94d9dcf211a690ed6b", "ef738e5f133b99f03a35dd442fee4fa77d6f902726e496e5e9ab54830b8e62a0", "74f32dcfaa51e61fb520641c893c4e28237859be347af74d326f0a4b15d50c2d", "b31ee4a8ac5fbe56665c674033747599f48d32fc054cae2b0161adf9e7314f5a", "5dc9a3c8cc080070ffc4f21348093020641806b7aeb4dd11e2d28d51358df3d2", "d3a6f9e579a0dc46883c85abedae67503b3bc1d41459c558769ab093449998df", "3016f39b5da400f546881ba5628db1d570f2cc2c0064bf14773fd267102688bc", "7879400b65d6df96d0aa9c00ec3c7dd1dcfbc83841dc34cb175db4fea2c1bb20", "7e60bc0d3894082f8c7d634761083c1c3c9b3293670877f716d5aaa0c9d0985b", "fcf5c338d09cf3a4f31cee0040a5f9d7b81cc222b0bdfe1dfd573423a4c1a053", "e75775da8316b3ee239cb01583c15383234d77ff1324b26c84e30b144f674ae6", "cbb5a2f33ed4be9210208ec4c81ae64e2a7d0d97c1264af1e232359db8354caf", "3001f5ac516c69a8668e3fb1f1f8894d2cf9b1388f33989335f82cb99ffb2f20", "7fca81eba218f66884c7bb0373a5c6e8f1b6495c7aa67928d9c8e7657f878b24", "16008473272fbf4065bbc9601c67c54445c27241c38b60aa2bad8bb045e8e65e", "1a29c62f02b5c636c507f6cdc36a81b5188a4a598ffb339cfa092288c3e6a781"], "mitre_attack_tags": []}, {"bi": "created-executable-in-user-dir", "hashes": ["a73bab9b6dc013f658d6697a19f1d05c4f32b57753a3852290561f034839580a", "7855251519672468876b60b8c35541a992cb5767b148d8f2079a499701d76512", "0e25453d0e0055690295e27bf06f8576978a7f723ae1fb94d9dcf211a690ed6b", "ef738e5f133b99f03a35dd442fee4fa77d6f902726e496e5e9ab54830b8e62a0", "74f32dcfaa51e61fb520641c893c4e28237859be347af74d326f0a4b15d50c2d", "b31ee4a8ac5fbe56665c674033747599f48d32fc054cae2b0161adf9e7314f5a", "5dc9a3c8cc080070ffc4f21348093020641806b7aeb4dd11e2d28d51358df3d2", "d3a6f9e579a0dc46883c85abedae67503b3bc1d41459c558769ab093449998df", "3016f39b5da400f546881ba5628db1d570f2cc2c0064bf14773fd267102688bc", "7879400b65d6df96d0aa9c00ec3c7dd1dcfbc83841dc34cb175db4fea2c1bb20", "7e60bc0d3894082f8c7d634761083c1c3c9b3293670877f716d5aaa0c9d0985b", "fcf5c338d09cf3a4f31cee0040a5f9d7b81cc222b0bdfe1dfd573423a4c1a053", "e75775da8316b3ee239cb01583c15383234d77ff1324b26c84e30b144f674ae6", "cbb5a2f33ed4be9210208ec4c81ae64e2a7d0d97c1264af1e232359db8354caf", "3001f5ac516c69a8668e3fb1f1f8894d2cf9b1388f33989335f82cb99ffb2f20", "7fca81eba218f66884c7bb0373a5c6e8f1b6495c7aa67928d9c8e7657f878b24", "16008473272fbf4065bbc9601c67c54445c27241c38b60aa2bad8bb045e8e65e", "1a29c62f02b5c636c507f6cdc36a81b5188a4a598ffb339cfa092288c3e6a781"], "mitre_attack_tags": []}, {"bi": "modified-file-in-user-dir", "hashes": ["a73bab9b6dc013f658d6697a19f1d05c4f32b57753a3852290561f034839580a", "7855251519672468876b60b8c35541a992cb5767b148d8f2079a499701d76512", "0e25453d0e0055690295e27bf06f8576978a7f723ae1fb94d9dcf211a690ed6b", "ef738e5f133b99f03a35dd442fee4fa77d6f902726e496e5e9ab54830b8e62a0", "74f32dcfaa51e61fb520641c893c4e28237859be347af74d326f0a4b15d50c2d", "b31ee4a8ac5fbe56665c674033747599f48d32fc054cae2b0161adf9e7314f5a", "5dc9a3c8cc080070ffc4f21348093020641806b7aeb4dd11e2d28d51358df3d2", "d3a6f9e579a0dc46883c85abedae67503b3bc1d41459c558769ab093449998df", "3016f39b5da400f546881ba5628db1d570f2cc2c0064bf14773fd267102688bc", "7879400b65d6df96d0aa9c00ec3c7dd1dcfbc83841dc34cb175db4fea2c1bb20", "7e60bc0d3894082f8c7d634761083c1c3c9b3293670877f716d5aaa0c9d0985b", "fcf5c338d09cf3a4f31cee0040a5f9d7b81cc222b0bdfe1dfd573423a4c1a053", "e75775da8316b3ee239cb01583c15383234d77ff1324b26c84e30b144f674ae6", "cbb5a2f33ed4be9210208ec4c81ae64e2a7d0d97c1264af1e232359db8354caf", "3001f5ac516c69a8668e3fb1f1f8894d2cf9b1388f33989335f82cb99ffb2f20", "7fca81eba218f66884c7bb0373a5c6e8f1b6495c7aa67928d9c8e7657f878b24", "16008473272fbf4065bbc9601c67c54445c27241c38b60aa2bad8bb045e8e65e", "1a29c62f02b5c636c507f6cdc36a81b5188a4a598ffb339cfa092288c3e6a781"], "mitre_attack_tags": []}, {"bi": "pe-invalid-checksum", "hashes": ["a73bab9b6dc013f658d6697a19f1d05c4f32b57753a3852290561f034839580a", "7855251519672468876b60b8c35541a992cb5767b148d8f2079a499701d76512", "0e25453d0e0055690295e27bf06f8576978a7f723ae1fb94d9dcf211a690ed6b", "ef738e5f133b99f03a35dd442fee4fa77d6f902726e496e5e9ab54830b8e62a0", "74f32dcfaa51e61fb520641c893c4e28237859be347af74d326f0a4b15d50c2d", "b31ee4a8ac5fbe56665c674033747599f48d32fc054cae2b0161adf9e7314f5a", "5dc9a3c8cc080070ffc4f21348093020641806b7aeb4dd11e2d28d51358df3d2", "d3a6f9e579a0dc46883c85abedae67503b3bc1d41459c558769ab093449998df", "3016f39b5da400f546881ba5628db1d570f2cc2c0064bf14773fd267102688bc", "7879400b65d6df96d0aa9c00ec3c7dd1dcfbc83841dc34cb175db4fea2c1bb20", "7e60bc0d3894082f8c7d634761083c1c3c9b3293670877f716d5aaa0c9d0985b", "fcf5c338d09cf3a4f31cee0040a5f9d7b81cc222b0bdfe1dfd573423a4c1a053", "e75775da8316b3ee239cb01583c15383234d77ff1324b26c84e30b144f674ae6", "cbb5a2f33ed4be9210208ec4c81ae64e2a7d0d97c1264af1e232359db8354caf", "3001f5ac516c69a8668e3fb1f1f8894d2cf9b1388f33989335f82cb99ffb2f20", "7fca81eba218f66884c7bb0373a5c6e8f1b6495c7aa67928d9c8e7657f878b24", "16008473272fbf4065bbc9601c67c54445c27241c38b60aa2bad8bb045e8e65e", "1a29c62f02b5c636c507f6cdc36a81b5188a4a598ffb339cfa092288c3e6a781"], "mitre_attack_tags": []}, {"bi": "artifact-flagged-anomaly", "hashes": ["a73bab9b6dc013f658d6697a19f1d05c4f32b57753a3852290561f034839580a", "7855251519672468876b60b8c35541a992cb5767b148d8f2079a499701d76512", "0e25453d0e0055690295e27bf06f8576978a7f723ae1fb94d9dcf211a690ed6b", "ef738e5f133b99f03a35dd442fee4fa77d6f902726e496e5e9ab54830b8e62a0", "74f32dcfaa51e61fb520641c893c4e28237859be347af74d326f0a4b15d50c2d", "b31ee4a8ac5fbe56665c674033747599f48d32fc054cae2b0161adf9e7314f5a", "5dc9a3c8cc080070ffc4f21348093020641806b7aeb4dd11e2d28d51358df3d2", "d3a6f9e579a0dc46883c85abedae67503b3bc1d41459c558769ab093449998df", "3016f39b5da400f546881ba5628db1d570f2cc2c0064bf14773fd267102688bc", "7879400b65d6df96d0aa9c00ec3c7dd1dcfbc83841dc34cb175db4fea2c1bb20", "7e60bc0d3894082f8c7d634761083c1c3c9b3293670877f716d5aaa0c9d0985b", "fcf5c338d09cf3a4f31cee0040a5f9d7b81cc222b0bdfe1dfd573423a4c1a053", "e75775da8316b3ee239cb01583c15383234d77ff1324b26c84e30b144f674ae6", "cbb5a2f33ed4be9210208ec4c81ae64e2a7d0d97c1264af1e232359db8354caf", "3001f5ac516c69a8668e3fb1f1f8894d2cf9b1388f33989335f82cb99ffb2f20", "7fca81eba218f66884c7bb0373a5c6e8f1b6495c7aa67928d9c8e7657f878b24", "16008473272fbf4065bbc9601c67c54445c27241c38b60aa2bad8bb045e8e65e", "1a29c62f02b5c636c507f6cdc36a81b5188a4a598ffb339cfa092288c3e6a781"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-section-execute-writable", "hashes": ["a73bab9b6dc013f658d6697a19f1d05c4f32b57753a3852290561f034839580a", "7855251519672468876b60b8c35541a992cb5767b148d8f2079a499701d76512", "0e25453d0e0055690295e27bf06f8576978a7f723ae1fb94d9dcf211a690ed6b", "ef738e5f133b99f03a35dd442fee4fa77d6f902726e496e5e9ab54830b8e62a0", "74f32dcfaa51e61fb520641c893c4e28237859be347af74d326f0a4b15d50c2d", "b31ee4a8ac5fbe56665c674033747599f48d32fc054cae2b0161adf9e7314f5a", "5dc9a3c8cc080070ffc4f21348093020641806b7aeb4dd11e2d28d51358df3d2", "d3a6f9e579a0dc46883c85abedae67503b3bc1d41459c558769ab093449998df", "3016f39b5da400f546881ba5628db1d570f2cc2c0064bf14773fd267102688bc", "7879400b65d6df96d0aa9c00ec3c7dd1dcfbc83841dc34cb175db4fea2c1bb20", "7e60bc0d3894082f8c7d634761083c1c3c9b3293670877f716d5aaa0c9d0985b", "fcf5c338d09cf3a4f31cee0040a5f9d7b81cc222b0bdfe1dfd573423a4c1a053", "e75775da8316b3ee239cb01583c15383234d77ff1324b26c84e30b144f674ae6", "cbb5a2f33ed4be9210208ec4c81ae64e2a7d0d97c1264af1e232359db8354caf", "3001f5ac516c69a8668e3fb1f1f8894d2cf9b1388f33989335f82cb99ffb2f20", "7fca81eba218f66884c7bb0373a5c6e8f1b6495c7aa67928d9c8e7657f878b24", "16008473272fbf4065bbc9601c67c54445c27241c38b60aa2bad8bb045e8e65e", "1a29c62f02b5c636c507f6cdc36a81b5188a4a598ffb339cfa092288c3e6a781"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "network-communications-http-get", "hashes": ["a73bab9b6dc013f658d6697a19f1d05c4f32b57753a3852290561f034839580a", "7855251519672468876b60b8c35541a992cb5767b148d8f2079a499701d76512", "0e25453d0e0055690295e27bf06f8576978a7f723ae1fb94d9dcf211a690ed6b", "ef738e5f133b99f03a35dd442fee4fa77d6f902726e496e5e9ab54830b8e62a0", "74f32dcfaa51e61fb520641c893c4e28237859be347af74d326f0a4b15d50c2d", "b31ee4a8ac5fbe56665c674033747599f48d32fc054cae2b0161adf9e7314f5a", "5dc9a3c8cc080070ffc4f21348093020641806b7aeb4dd11e2d28d51358df3d2", "d3a6f9e579a0dc46883c85abedae67503b3bc1d41459c558769ab093449998df", "3016f39b5da400f546881ba5628db1d570f2cc2c0064bf14773fd267102688bc", "7879400b65d6df96d0aa9c00ec3c7dd1dcfbc83841dc34cb175db4fea2c1bb20", "7e60bc0d3894082f8c7d634761083c1c3c9b3293670877f716d5aaa0c9d0985b", "fcf5c338d09cf3a4f31cee0040a5f9d7b81cc222b0bdfe1dfd573423a4c1a053", "e75775da8316b3ee239cb01583c15383234d77ff1324b26c84e30b144f674ae6", "cbb5a2f33ed4be9210208ec4c81ae64e2a7d0d97c1264af1e232359db8354caf", "3001f5ac516c69a8668e3fb1f1f8894d2cf9b1388f33989335f82cb99ffb2f20", "7fca81eba218f66884c7bb0373a5c6e8f1b6495c7aa67928d9c8e7657f878b24", "16008473272fbf4065bbc9601c67c54445c27241c38b60aa2bad8bb045e8e65e", "1a29c62f02b5c636c507f6cdc36a81b5188a4a598ffb339cfa092288c3e6a781"], "mitre_attack_tags": ["TA0011", "T1105"]}, {"bi": "http-response-client-error", "hashes": ["a73bab9b6dc013f658d6697a19f1d05c4f32b57753a3852290561f034839580a", "7855251519672468876b60b8c35541a992cb5767b148d8f2079a499701d76512", "0e25453d0e0055690295e27bf06f8576978a7f723ae1fb94d9dcf211a690ed6b", "ef738e5f133b99f03a35dd442fee4fa77d6f902726e496e5e9ab54830b8e62a0", "74f32dcfaa51e61fb520641c893c4e28237859be347af74d326f0a4b15d50c2d", "b31ee4a8ac5fbe56665c674033747599f48d32fc054cae2b0161adf9e7314f5a", "5dc9a3c8cc080070ffc4f21348093020641806b7aeb4dd11e2d28d51358df3d2", "d3a6f9e579a0dc46883c85abedae67503b3bc1d41459c558769ab093449998df", "3016f39b5da400f546881ba5628db1d570f2cc2c0064bf14773fd267102688bc", "7879400b65d6df96d0aa9c00ec3c7dd1dcfbc83841dc34cb175db4fea2c1bb20", "7e60bc0d3894082f8c7d634761083c1c3c9b3293670877f716d5aaa0c9d0985b", "fcf5c338d09cf3a4f31cee0040a5f9d7b81cc222b0bdfe1dfd573423a4c1a053", "e75775da8316b3ee239cb01583c15383234d77ff1324b26c84e30b144f674ae6", "cbb5a2f33ed4be9210208ec4c81ae64e2a7d0d97c1264af1e232359db8354caf", "3001f5ac516c69a8668e3fb1f1f8894d2cf9b1388f33989335f82cb99ffb2f20", "7fca81eba218f66884c7bb0373a5c6e8f1b6495c7aa67928d9c8e7657f878b24", "16008473272fbf4065bbc9601c67c54445c27241c38b60aa2bad8bb045e8e65e", "1a29c62f02b5c636c507f6cdc36a81b5188a4a598ffb339cfa092288c3e6a781"], "mitre_attack_tags": []}, {"bi": "suspicious-user-agent", "hashes": ["a73bab9b6dc013f658d6697a19f1d05c4f32b57753a3852290561f034839580a", "7855251519672468876b60b8c35541a992cb5767b148d8f2079a499701d76512", "0e25453d0e0055690295e27bf06f8576978a7f723ae1fb94d9dcf211a690ed6b", "ef738e5f133b99f03a35dd442fee4fa77d6f902726e496e5e9ab54830b8e62a0", "74f32dcfaa51e61fb520641c893c4e28237859be347af74d326f0a4b15d50c2d", "b31ee4a8ac5fbe56665c674033747599f48d32fc054cae2b0161adf9e7314f5a", "5dc9a3c8cc080070ffc4f21348093020641806b7aeb4dd11e2d28d51358df3d2", "d3a6f9e579a0dc46883c85abedae67503b3bc1d41459c558769ab093449998df", "3016f39b5da400f546881ba5628db1d570f2cc2c0064bf14773fd267102688bc", "7879400b65d6df96d0aa9c00ec3c7dd1dcfbc83841dc34cb175db4fea2c1bb20", "7e60bc0d3894082f8c7d634761083c1c3c9b3293670877f716d5aaa0c9d0985b", "fcf5c338d09cf3a4f31cee0040a5f9d7b81cc222b0bdfe1dfd573423a4c1a053", "e75775da8316b3ee239cb01583c15383234d77ff1324b26c84e30b144f674ae6", "cbb5a2f33ed4be9210208ec4c81ae64e2a7d0d97c1264af1e232359db8354caf", "3001f5ac516c69a8668e3fb1f1f8894d2cf9b1388f33989335f82cb99ffb2f20", "7fca81eba218f66884c7bb0373a5c6e8f1b6495c7aa67928d9c8e7657f878b24", "16008473272fbf4065bbc9601c67c54445c27241c38b60aa2bad8bb045e8e65e", "1a29c62f02b5c636c507f6cdc36a81b5188a4a598ffb339cfa092288c3e6a781"], "mitre_attack_tags": ["TA0011", "T1071"]}, {"bi": "pe-dos-header-paragraphs", "hashes": ["a73bab9b6dc013f658d6697a19f1d05c4f32b57753a3852290561f034839580a", "7855251519672468876b60b8c35541a992cb5767b148d8f2079a499701d76512", "0e25453d0e0055690295e27bf06f8576978a7f723ae1fb94d9dcf211a690ed6b", "ef738e5f133b99f03a35dd442fee4fa77d6f902726e496e5e9ab54830b8e62a0", "74f32dcfaa51e61fb520641c893c4e28237859be347af74d326f0a4b15d50c2d", "b31ee4a8ac5fbe56665c674033747599f48d32fc054cae2b0161adf9e7314f5a", "5dc9a3c8cc080070ffc4f21348093020641806b7aeb4dd11e2d28d51358df3d2", "d3a6f9e579a0dc46883c85abedae67503b3bc1d41459c558769ab093449998df", "3016f39b5da400f546881ba5628db1d570f2cc2c0064bf14773fd267102688bc", "7879400b65d6df96d0aa9c00ec3c7dd1dcfbc83841dc34cb175db4fea2c1bb20", "7e60bc0d3894082f8c7d634761083c1c3c9b3293670877f716d5aaa0c9d0985b", "fcf5c338d09cf3a4f31cee0040a5f9d7b81cc222b0bdfe1dfd573423a4c1a053", "e75775da8316b3ee239cb01583c15383234d77ff1324b26c84e30b144f674ae6", "cbb5a2f33ed4be9210208ec4c81ae64e2a7d0d97c1264af1e232359db8354caf", "3001f5ac516c69a8668e3fb1f1f8894d2cf9b1388f33989335f82cb99ffb2f20", "7fca81eba218f66884c7bb0373a5c6e8f1b6495c7aa67928d9c8e7657f878b24", "16008473272fbf4065bbc9601c67c54445c27241c38b60aa2bad8bb045e8e65e", "1a29c62f02b5c636c507f6cdc36a81b5188a4a598ffb339cfa092288c3e6a781"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "artifact-pe-no-dos", "hashes": ["a73bab9b6dc013f658d6697a19f1d05c4f32b57753a3852290561f034839580a", "7855251519672468876b60b8c35541a992cb5767b148d8f2079a499701d76512", "0e25453d0e0055690295e27bf06f8576978a7f723ae1fb94d9dcf211a690ed6b", "ef738e5f133b99f03a35dd442fee4fa77d6f902726e496e5e9ab54830b8e62a0", "74f32dcfaa51e61fb520641c893c4e28237859be347af74d326f0a4b15d50c2d", "b31ee4a8ac5fbe56665c674033747599f48d32fc054cae2b0161adf9e7314f5a", "5dc9a3c8cc080070ffc4f21348093020641806b7aeb4dd11e2d28d51358df3d2", "d3a6f9e579a0dc46883c85abedae67503b3bc1d41459c558769ab093449998df", "3016f39b5da400f546881ba5628db1d570f2cc2c0064bf14773fd267102688bc", "7879400b65d6df96d0aa9c00ec3c7dd1dcfbc83841dc34cb175db4fea2c1bb20", "7e60bc0d3894082f8c7d634761083c1c3c9b3293670877f716d5aaa0c9d0985b", "fcf5c338d09cf3a4f31cee0040a5f9d7b81cc222b0bdfe1dfd573423a4c1a053", "e75775da8316b3ee239cb01583c15383234d77ff1324b26c84e30b144f674ae6", "cbb5a2f33ed4be9210208ec4c81ae64e2a7d0d97c1264af1e232359db8354caf", "3001f5ac516c69a8668e3fb1f1f8894d2cf9b1388f33989335f82cb99ffb2f20", "7fca81eba218f66884c7bb0373a5c6e8f1b6495c7aa67928d9c8e7657f878b24", "16008473272fbf4065bbc9601c67c54445c27241c38b60aa2bad8bb045e8e65e", "1a29c62f02b5c636c507f6cdc36a81b5188a4a598ffb339cfa092288c3e6a781"], "mitre_attack_tags": []}, {"bi": "pe-packed-mpress", "hashes": ["a73bab9b6dc013f658d6697a19f1d05c4f32b57753a3852290561f034839580a", "7855251519672468876b60b8c35541a992cb5767b148d8f2079a499701d76512", "0e25453d0e0055690295e27bf06f8576978a7f723ae1fb94d9dcf211a690ed6b", "ef738e5f133b99f03a35dd442fee4fa77d6f902726e496e5e9ab54830b8e62a0", "74f32dcfaa51e61fb520641c893c4e28237859be347af74d326f0a4b15d50c2d", "b31ee4a8ac5fbe56665c674033747599f48d32fc054cae2b0161adf9e7314f5a", "5dc9a3c8cc080070ffc4f21348093020641806b7aeb4dd11e2d28d51358df3d2", "d3a6f9e579a0dc46883c85abedae67503b3bc1d41459c558769ab093449998df", "3016f39b5da400f546881ba5628db1d570f2cc2c0064bf14773fd267102688bc", "7879400b65d6df96d0aa9c00ec3c7dd1dcfbc83841dc34cb175db4fea2c1bb20", "7e60bc0d3894082f8c7d634761083c1c3c9b3293670877f716d5aaa0c9d0985b", "fcf5c338d09cf3a4f31cee0040a5f9d7b81cc222b0bdfe1dfd573423a4c1a053", "e75775da8316b3ee239cb01583c15383234d77ff1324b26c84e30b144f674ae6", "cbb5a2f33ed4be9210208ec4c81ae64e2a7d0d97c1264af1e232359db8354caf", "3001f5ac516c69a8668e3fb1f1f8894d2cf9b1388f33989335f82cb99ffb2f20", "7fca81eba218f66884c7bb0373a5c6e8f1b6495c7aa67928d9c8e7657f878b24", "16008473272fbf4065bbc9601c67c54445c27241c38b60aa2bad8bb045e8e65e", "1a29c62f02b5c636c507f6cdc36a81b5188a4a598ffb339cfa092288c3e6a781"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "malware-zeus-gameover-variant-detected-enc", "hashes": ["a73bab9b6dc013f658d6697a19f1d05c4f32b57753a3852290561f034839580a", "7855251519672468876b60b8c35541a992cb5767b148d8f2079a499701d76512", "0e25453d0e0055690295e27bf06f8576978a7f723ae1fb94d9dcf211a690ed6b", "ef738e5f133b99f03a35dd442fee4fa77d6f902726e496e5e9ab54830b8e62a0", "74f32dcfaa51e61fb520641c893c4e28237859be347af74d326f0a4b15d50c2d", "b31ee4a8ac5fbe56665c674033747599f48d32fc054cae2b0161adf9e7314f5a", "5dc9a3c8cc080070ffc4f21348093020641806b7aeb4dd11e2d28d51358df3d2", "d3a6f9e579a0dc46883c85abedae67503b3bc1d41459c558769ab093449998df", "3016f39b5da400f546881ba5628db1d570f2cc2c0064bf14773fd267102688bc", "7879400b65d6df96d0aa9c00ec3c7dd1dcfbc83841dc34cb175db4fea2c1bb20", "7e60bc0d3894082f8c7d634761083c1c3c9b3293670877f716d5aaa0c9d0985b", "fcf5c338d09cf3a4f31cee0040a5f9d7b81cc222b0bdfe1dfd573423a4c1a053", "e75775da8316b3ee239cb01583c15383234d77ff1324b26c84e30b144f674ae6", "cbb5a2f33ed4be9210208ec4c81ae64e2a7d0d97c1264af1e232359db8354caf", "3001f5ac516c69a8668e3fb1f1f8894d2cf9b1388f33989335f82cb99ffb2f20", "7fca81eba218f66884c7bb0373a5c6e8f1b6495c7aa67928d9c8e7657f878b24", "16008473272fbf4065bbc9601c67c54445c27241c38b60aa2bad8bb045e8e65e", "1a29c62f02b5c636c507f6cdc36a81b5188a4a598ffb339cfa092288c3e6a781"], "mitre_attack_tags": []}, {"bi": "html-page-not-found", "hashes": ["a73bab9b6dc013f658d6697a19f1d05c4f32b57753a3852290561f034839580a", "7855251519672468876b60b8c35541a992cb5767b148d8f2079a499701d76512", "0e25453d0e0055690295e27bf06f8576978a7f723ae1fb94d9dcf211a690ed6b", "ef738e5f133b99f03a35dd442fee4fa77d6f902726e496e5e9ab54830b8e62a0", "74f32dcfaa51e61fb520641c893c4e28237859be347af74d326f0a4b15d50c2d", "b31ee4a8ac5fbe56665c674033747599f48d32fc054cae2b0161adf9e7314f5a", "5dc9a3c8cc080070ffc4f21348093020641806b7aeb4dd11e2d28d51358df3d2", "d3a6f9e579a0dc46883c85abedae67503b3bc1d41459c558769ab093449998df", "3016f39b5da400f546881ba5628db1d570f2cc2c0064bf14773fd267102688bc", "7879400b65d6df96d0aa9c00ec3c7dd1dcfbc83841dc34cb175db4fea2c1bb20", "7e60bc0d3894082f8c7d634761083c1c3c9b3293670877f716d5aaa0c9d0985b", "fcf5c338d09cf3a4f31cee0040a5f9d7b81cc222b0bdfe1dfd573423a4c1a053", "e75775da8316b3ee239cb01583c15383234d77ff1324b26c84e30b144f674ae6", "cbb5a2f33ed4be9210208ec4c81ae64e2a7d0d97c1264af1e232359db8354caf", "3001f5ac516c69a8668e3fb1f1f8894d2cf9b1388f33989335f82cb99ffb2f20", "7fca81eba218f66884c7bb0373a5c6e8f1b6495c7aa67928d9c8e7657f878b24", "16008473272fbf4065bbc9601c67c54445c27241c38b60aa2bad8bb045e8e65e", "1a29c62f02b5c636c507f6cdc36a81b5188a4a598ffb339cfa092288c3e6a781"], "mitre_attack_tags": []}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["a73bab9b6dc013f658d6697a19f1d05c4f32b57753a3852290561f034839580a", "7855251519672468876b60b8c35541a992cb5767b148d8f2079a499701d76512", "0e25453d0e0055690295e27bf06f8576978a7f723ae1fb94d9dcf211a690ed6b", "ef738e5f133b99f03a35dd442fee4fa77d6f902726e496e5e9ab54830b8e62a0", "74f32dcfaa51e61fb520641c893c4e28237859be347af74d326f0a4b15d50c2d", "b31ee4a8ac5fbe56665c674033747599f48d32fc054cae2b0161adf9e7314f5a", "d3a6f9e579a0dc46883c85abedae67503b3bc1d41459c558769ab093449998df", "3016f39b5da400f546881ba5628db1d570f2cc2c0064bf14773fd267102688bc", "7879400b65d6df96d0aa9c00ec3c7dd1dcfbc83841dc34cb175db4fea2c1bb20", "7e60bc0d3894082f8c7d634761083c1c3c9b3293670877f716d5aaa0c9d0985b", "fcf5c338d09cf3a4f31cee0040a5f9d7b81cc222b0bdfe1dfd573423a4c1a053", "e75775da8316b3ee239cb01583c15383234d77ff1324b26c84e30b144f674ae6", "cbb5a2f33ed4be9210208ec4c81ae64e2a7d0d97c1264af1e232359db8354caf", "3001f5ac516c69a8668e3fb1f1f8894d2cf9b1388f33989335f82cb99ffb2f20", "7fca81eba218f66884c7bb0373a5c6e8f1b6495c7aa67928d9c8e7657f878b24", "16008473272fbf4065bbc9601c67c54445c27241c38b60aa2bad8bb045e8e65e", "1a29c62f02b5c636c507f6cdc36a81b5188a4a598ffb339cfa092288c3e6a781"], "mitre_attack_tags": []}], "category": "Packed", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": true, "Threat Grid": true, "Umbrella": false, "WSA": false}, "description": "Upatre is a malicious downloader often used by exploit kits and phishing campaigns. Upatre downloads and executes malicious executables such as banking malware.", "hashes": ["0e25453d0e0055690295e27bf06f8576978a7f723ae1fb94d9dcf211a690ed6b", "16008473272fbf4065bbc9601c67c54445c27241c38b60aa2bad8bb045e8e65e", "1a29c62f02b5c636c507f6cdc36a81b5188a4a598ffb339cfa092288c3e6a781", "3001f5ac516c69a8668e3fb1f1f8894d2cf9b1388f33989335f82cb99ffb2f20", "3016f39b5da400f546881ba5628db1d570f2cc2c0064bf14773fd267102688bc", "5dc9a3c8cc080070ffc4f21348093020641806b7aeb4dd11e2d28d51358df3d2", "74f32dcfaa51e61fb520641c893c4e28237859be347af74d326f0a4b15d50c2d", "7855251519672468876b60b8c35541a992cb5767b148d8f2079a499701d76512", "7879400b65d6df96d0aa9c00ec3c7dd1dcfbc83841dc34cb175db4fea2c1bb20", "7e60bc0d3894082f8c7d634761083c1c3c9b3293670877f716d5aaa0c9d0985b", "7fca81eba218f66884c7bb0373a5c6e8f1b6495c7aa67928d9c8e7657f878b24", "a73bab9b6dc013f658d6697a19f1d05c4f32b57753a3852290561f034839580a", "b31ee4a8ac5fbe56665c674033747599f48d32fc054cae2b0161adf9e7314f5a", "cbb5a2f33ed4be9210208ec4c81ae64e2a7d0d97c1264af1e232359db8354caf", "d3a6f9e579a0dc46883c85abedae67503b3bc1d41459c558769ab093449998df", "e75775da8316b3ee239cb01583c15383234d77ff1324b26c84e30b144f674ae6", "ef738e5f133b99f03a35dd442fee4fa77d6f902726e496e5e9ab54830b8e62a0", "fcf5c338d09cf3a4f31cee0040a5f9d7b81cc222b0bdfe1dfd573423a4c1a053"], "iocs": {"domain": [{"hashes": ["0e25453d0e0055690295e27bf06f8576978a7f723ae1fb94d9dcf211a690ed6b", "16008473272fbf4065bbc9601c67c54445c27241c38b60aa2bad8bb045e8e65e", "1a29c62f02b5c636c507f6cdc36a81b5188a4a598ffb339cfa092288c3e6a781", "3001f5ac516c69a8668e3fb1f1f8894d2cf9b1388f33989335f82cb99ffb2f20", "3016f39b5da400f546881ba5628db1d570f2cc2c0064bf14773fd267102688bc", "5dc9a3c8cc080070ffc4f21348093020641806b7aeb4dd11e2d28d51358df3d2", "74f32dcfaa51e61fb520641c893c4e28237859be347af74d326f0a4b15d50c2d", "7855251519672468876b60b8c35541a992cb5767b148d8f2079a499701d76512", "7879400b65d6df96d0aa9c00ec3c7dd1dcfbc83841dc34cb175db4fea2c1bb20", "7e60bc0d3894082f8c7d634761083c1c3c9b3293670877f716d5aaa0c9d0985b", "7fca81eba218f66884c7bb0373a5c6e8f1b6495c7aa67928d9c8e7657f878b24", "a73bab9b6dc013f658d6697a19f1d05c4f32b57753a3852290561f034839580a", "b31ee4a8ac5fbe56665c674033747599f48d32fc054cae2b0161adf9e7314f5a", "cbb5a2f33ed4be9210208ec4c81ae64e2a7d0d97c1264af1e232359db8354caf", "d3a6f9e579a0dc46883c85abedae67503b3bc1d41459c558769ab093449998df", "e75775da8316b3ee239cb01583c15383234d77ff1324b26c84e30b144f674ae6", "ef738e5f133b99f03a35dd442fee4fa77d6f902726e496e5e9ab54830b8e62a0", "fcf5c338d09cf3a4f31cee0040a5f9d7b81cc222b0bdfe1dfd573423a4c1a053"], "host": "aatextiles[.]com"}], "file": [{"hashes": ["0e25453d0e0055690295e27bf06f8576978a7f723ae1fb94d9dcf211a690ed6b", "16008473272fbf4065bbc9601c67c54445c27241c38b60aa2bad8bb045e8e65e", "1a29c62f02b5c636c507f6cdc36a81b5188a4a598ffb339cfa092288c3e6a781", "3001f5ac516c69a8668e3fb1f1f8894d2cf9b1388f33989335f82cb99ffb2f20", "3016f39b5da400f546881ba5628db1d570f2cc2c0064bf14773fd267102688bc", "5dc9a3c8cc080070ffc4f21348093020641806b7aeb4dd11e2d28d51358df3d2", "74f32dcfaa51e61fb520641c893c4e28237859be347af74d326f0a4b15d50c2d", "7855251519672468876b60b8c35541a992cb5767b148d8f2079a499701d76512", "7879400b65d6df96d0aa9c00ec3c7dd1dcfbc83841dc34cb175db4fea2c1bb20", "7e60bc0d3894082f8c7d634761083c1c3c9b3293670877f716d5aaa0c9d0985b", "7fca81eba218f66884c7bb0373a5c6e8f1b6495c7aa67928d9c8e7657f878b24", "a73bab9b6dc013f658d6697a19f1d05c4f32b57753a3852290561f034839580a", "b31ee4a8ac5fbe56665c674033747599f48d32fc054cae2b0161adf9e7314f5a", "cbb5a2f33ed4be9210208ec4c81ae64e2a7d0d97c1264af1e232359db8354caf", "d3a6f9e579a0dc46883c85abedae67503b3bc1d41459c558769ab093449998df", "e75775da8316b3ee239cb01583c15383234d77ff1324b26c84e30b144f674ae6", "ef738e5f133b99f03a35dd442fee4fa77d6f902726e496e5e9ab54830b8e62a0", "fcf5c338d09cf3a4f31cee0040a5f9d7b81cc222b0bdfe1dfd573423a4c1a053"], "path": "%TEMP%\\budha.exe"}], "ip": [{"hashes": ["0e25453d0e0055690295e27bf06f8576978a7f723ae1fb94d9dcf211a690ed6b", "16008473272fbf4065bbc9601c67c54445c27241c38b60aa2bad8bb045e8e65e", "1a29c62f02b5c636c507f6cdc36a81b5188a4a598ffb339cfa092288c3e6a781", "3001f5ac516c69a8668e3fb1f1f8894d2cf9b1388f33989335f82cb99ffb2f20", "3016f39b5da400f546881ba5628db1d570f2cc2c0064bf14773fd267102688bc", "5dc9a3c8cc080070ffc4f21348093020641806b7aeb4dd11e2d28d51358df3d2", "74f32dcfaa51e61fb520641c893c4e28237859be347af74d326f0a4b15d50c2d", "7855251519672468876b60b8c35541a992cb5767b148d8f2079a499701d76512", "7879400b65d6df96d0aa9c00ec3c7dd1dcfbc83841dc34cb175db4fea2c1bb20", "7e60bc0d3894082f8c7d634761083c1c3c9b3293670877f716d5aaa0c9d0985b", "7fca81eba218f66884c7bb0373a5c6e8f1b6495c7aa67928d9c8e7657f878b24", "a73bab9b6dc013f658d6697a19f1d05c4f32b57753a3852290561f034839580a", "b31ee4a8ac5fbe56665c674033747599f48d32fc054cae2b0161adf9e7314f5a", "cbb5a2f33ed4be9210208ec4c81ae64e2a7d0d97c1264af1e232359db8354caf", "d3a6f9e579a0dc46883c85abedae67503b3bc1d41459c558769ab093449998df", "e75775da8316b3ee239cb01583c15383234d77ff1324b26c84e30b144f674ae6", "ef738e5f133b99f03a35dd442fee4fa77d6f902726e496e5e9ab54830b8e62a0", "fcf5c338d09cf3a4f31cee0040a5f9d7b81cc222b0bdfe1dfd573423a4c1a053"], "ip": "207[.]148[.]248[.]143"}], "mutex": [], "registry": []}, "reports_count": 18}, "Win.Packed.Zusy-9993358-0": {"bis": [{"bi": "pe-encrypted-section", "hashes": ["a844f4b4cd3aa66b10306bfa01209bcb519d19d7e87b219669a9be984935528b", "e326eebba8ca1bdf084fb18157d56ab250ce10ddd58508264fb5443dbdfbbe61", "9d8a148b40e15d1a374ec81fb4aad1e09c8fc7cfee33c2141cae6b47c0b70983", "bf5401e25df5fcc0d5a05c64cef5e391692f28c3b290edd23c9487ba77e7204a", "2c88abd04b18282dc60484bbee15574dc3816cfbfcb3a4f0299ff92d41da9120", "39d7cab782004e79f16f695e96fc996e95a0f9e6a1ec37b391c091dc01f7eea2", "482f66d7a734f9cee31de1ee7a74dc2286fb493fee080040dda43ad6b15bff2e", "1087adf31edf1f9a8ab19b6053072366d495f191c187eda56a0c94c79d4d7d3c", "f1f1a6424de9cc0e4c9b3770e785a1e544c46bb6f4c7be61108f0b6276d8e140", "e1cc4cf92cb5d5a4a803f4ee1f29e4298998e3639e64ebe96accc9d15ae5d226", "582f066cc3904e23a604829b004a3b1602b86947a4c1b5752dd62e4b5b264357", "ac387553d29a6cc41f7c702e80ba8aa3ce0f18cfb15522da52e10dc45c3134ee", "669bddcbb2a4ccce13365b6a664517cc5c6fc149ad2cf1fbc936c2ec82916bf6", "ab4baa4103f7a5efe79a644977e40901d35ca7b4a166e5912a1de4ec3b34ba8a", "afcd87ae0ca9a66f107d89ae0abecff5cf23b36685d7a13a3ed815b109c5e006"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "memory-execute-readwrite", "hashes": ["a844f4b4cd3aa66b10306bfa01209bcb519d19d7e87b219669a9be984935528b", "e326eebba8ca1bdf084fb18157d56ab250ce10ddd58508264fb5443dbdfbbe61", "9d8a148b40e15d1a374ec81fb4aad1e09c8fc7cfee33c2141cae6b47c0b70983", "bf5401e25df5fcc0d5a05c64cef5e391692f28c3b290edd23c9487ba77e7204a", "2c88abd04b18282dc60484bbee15574dc3816cfbfcb3a4f0299ff92d41da9120", "39d7cab782004e79f16f695e96fc996e95a0f9e6a1ec37b391c091dc01f7eea2", "482f66d7a734f9cee31de1ee7a74dc2286fb493fee080040dda43ad6b15bff2e", "1087adf31edf1f9a8ab19b6053072366d495f191c187eda56a0c94c79d4d7d3c", "f1f1a6424de9cc0e4c9b3770e785a1e544c46bb6f4c7be61108f0b6276d8e140", "e1cc4cf92cb5d5a4a803f4ee1f29e4298998e3639e64ebe96accc9d15ae5d226", "582f066cc3904e23a604829b004a3b1602b86947a4c1b5752dd62e4b5b264357", "ac387553d29a6cc41f7c702e80ba8aa3ce0f18cfb15522da52e10dc45c3134ee", "669bddcbb2a4ccce13365b6a664517cc5c6fc149ad2cf1fbc936c2ec82916bf6", "ab4baa4103f7a5efe79a644977e40901d35ca7b4a166e5912a1de4ec3b34ba8a", "afcd87ae0ca9a66f107d89ae0abecff5cf23b36685d7a13a3ed815b109c5e006"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["a844f4b4cd3aa66b10306bfa01209bcb519d19d7e87b219669a9be984935528b", "e326eebba8ca1bdf084fb18157d56ab250ce10ddd58508264fb5443dbdfbbe61", "9d8a148b40e15d1a374ec81fb4aad1e09c8fc7cfee33c2141cae6b47c0b70983", "bf5401e25df5fcc0d5a05c64cef5e391692f28c3b290edd23c9487ba77e7204a", "2c88abd04b18282dc60484bbee15574dc3816cfbfcb3a4f0299ff92d41da9120", "39d7cab782004e79f16f695e96fc996e95a0f9e6a1ec37b391c091dc01f7eea2", "482f66d7a734f9cee31de1ee7a74dc2286fb493fee080040dda43ad6b15bff2e", "1087adf31edf1f9a8ab19b6053072366d495f191c187eda56a0c94c79d4d7d3c", "f1f1a6424de9cc0e4c9b3770e785a1e544c46bb6f4c7be61108f0b6276d8e140", "e1cc4cf92cb5d5a4a803f4ee1f29e4298998e3639e64ebe96accc9d15ae5d226", "582f066cc3904e23a604829b004a3b1602b86947a4c1b5752dd62e4b5b264357", "ac387553d29a6cc41f7c702e80ba8aa3ce0f18cfb15522da52e10dc45c3134ee", "669bddcbb2a4ccce13365b6a664517cc5c6fc149ad2cf1fbc936c2ec82916bf6", "ab4baa4103f7a5efe79a644977e40901d35ca7b4a166e5912a1de4ec3b34ba8a", "afcd87ae0ca9a66f107d89ae0abecff5cf23b36685d7a13a3ed815b109c5e006"], "mitre_attack_tags": []}, {"bi": "hook-installed", "hashes": ["a844f4b4cd3aa66b10306bfa01209bcb519d19d7e87b219669a9be984935528b", "e326eebba8ca1bdf084fb18157d56ab250ce10ddd58508264fb5443dbdfbbe61", "9d8a148b40e15d1a374ec81fb4aad1e09c8fc7cfee33c2141cae6b47c0b70983", "bf5401e25df5fcc0d5a05c64cef5e391692f28c3b290edd23c9487ba77e7204a", "2c88abd04b18282dc60484bbee15574dc3816cfbfcb3a4f0299ff92d41da9120", "39d7cab782004e79f16f695e96fc996e95a0f9e6a1ec37b391c091dc01f7eea2", "482f66d7a734f9cee31de1ee7a74dc2286fb493fee080040dda43ad6b15bff2e", "1087adf31edf1f9a8ab19b6053072366d495f191c187eda56a0c94c79d4d7d3c", "f1f1a6424de9cc0e4c9b3770e785a1e544c46bb6f4c7be61108f0b6276d8e140", "e1cc4cf92cb5d5a4a803f4ee1f29e4298998e3639e64ebe96accc9d15ae5d226", "582f066cc3904e23a604829b004a3b1602b86947a4c1b5752dd62e4b5b264357", "ac387553d29a6cc41f7c702e80ba8aa3ce0f18cfb15522da52e10dc45c3134ee", "669bddcbb2a4ccce13365b6a664517cc5c6fc149ad2cf1fbc936c2ec82916bf6", "ab4baa4103f7a5efe79a644977e40901d35ca7b4a166e5912a1de4ec3b34ba8a", "afcd87ae0ca9a66f107d89ae0abecff5cf23b36685d7a13a3ed815b109c5e006"], "mitre_attack_tags": ["TA0009", "TA0006", "T1056"]}, {"bi": "pe-uses-armadillo", "hashes": ["a844f4b4cd3aa66b10306bfa01209bcb519d19d7e87b219669a9be984935528b", "e326eebba8ca1bdf084fb18157d56ab250ce10ddd58508264fb5443dbdfbbe61", "9d8a148b40e15d1a374ec81fb4aad1e09c8fc7cfee33c2141cae6b47c0b70983", "bf5401e25df5fcc0d5a05c64cef5e391692f28c3b290edd23c9487ba77e7204a", "2c88abd04b18282dc60484bbee15574dc3816cfbfcb3a4f0299ff92d41da9120", "39d7cab782004e79f16f695e96fc996e95a0f9e6a1ec37b391c091dc01f7eea2", "482f66d7a734f9cee31de1ee7a74dc2286fb493fee080040dda43ad6b15bff2e", "1087adf31edf1f9a8ab19b6053072366d495f191c187eda56a0c94c79d4d7d3c", "f1f1a6424de9cc0e4c9b3770e785a1e544c46bb6f4c7be61108f0b6276d8e140", "e1cc4cf92cb5d5a4a803f4ee1f29e4298998e3639e64ebe96accc9d15ae5d226", "582f066cc3904e23a604829b004a3b1602b86947a4c1b5752dd62e4b5b264357", "ac387553d29a6cc41f7c702e80ba8aa3ce0f18cfb15522da52e10dc45c3134ee", "669bddcbb2a4ccce13365b6a664517cc5c6fc149ad2cf1fbc936c2ec82916bf6", "ab4baa4103f7a5efe79a644977e40901d35ca7b4a166e5912a1de4ec3b34ba8a", "afcd87ae0ca9a66f107d89ae0abecff5cf23b36685d7a13a3ed815b109c5e006"], "mitre_attack_tags": ["TA0005", "TA0007", "T1027"]}, {"bi": "process-read-many-scheduled-tasks", "hashes": ["a844f4b4cd3aa66b10306bfa01209bcb519d19d7e87b219669a9be984935528b", "e326eebba8ca1bdf084fb18157d56ab250ce10ddd58508264fb5443dbdfbbe61", "9d8a148b40e15d1a374ec81fb4aad1e09c8fc7cfee33c2141cae6b47c0b70983", "bf5401e25df5fcc0d5a05c64cef5e391692f28c3b290edd23c9487ba77e7204a", "2c88abd04b18282dc60484bbee15574dc3816cfbfcb3a4f0299ff92d41da9120", "39d7cab782004e79f16f695e96fc996e95a0f9e6a1ec37b391c091dc01f7eea2", "482f66d7a734f9cee31de1ee7a74dc2286fb493fee080040dda43ad6b15bff2e", "1087adf31edf1f9a8ab19b6053072366d495f191c187eda56a0c94c79d4d7d3c", "f1f1a6424de9cc0e4c9b3770e785a1e544c46bb6f4c7be61108f0b6276d8e140", "e1cc4cf92cb5d5a4a803f4ee1f29e4298998e3639e64ebe96accc9d15ae5d226", "582f066cc3904e23a604829b004a3b1602b86947a4c1b5752dd62e4b5b264357", "ac387553d29a6cc41f7c702e80ba8aa3ce0f18cfb15522da52e10dc45c3134ee", "669bddcbb2a4ccce13365b6a664517cc5c6fc149ad2cf1fbc936c2ec82916bf6", "ab4baa4103f7a5efe79a644977e40901d35ca7b4a166e5912a1de4ec3b34ba8a", "afcd87ae0ca9a66f107d89ae0abecff5cf23b36685d7a13a3ed815b109c5e006"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1053"]}, {"bi": "artifact-windows-task", "hashes": ["a844f4b4cd3aa66b10306bfa01209bcb519d19d7e87b219669a9be984935528b", "e326eebba8ca1bdf084fb18157d56ab250ce10ddd58508264fb5443dbdfbbe61", "9d8a148b40e15d1a374ec81fb4aad1e09c8fc7cfee33c2141cae6b47c0b70983", "bf5401e25df5fcc0d5a05c64cef5e391692f28c3b290edd23c9487ba77e7204a", "2c88abd04b18282dc60484bbee15574dc3816cfbfcb3a4f0299ff92d41da9120", "39d7cab782004e79f16f695e96fc996e95a0f9e6a1ec37b391c091dc01f7eea2", "482f66d7a734f9cee31de1ee7a74dc2286fb493fee080040dda43ad6b15bff2e", "1087adf31edf1f9a8ab19b6053072366d495f191c187eda56a0c94c79d4d7d3c", "f1f1a6424de9cc0e4c9b3770e785a1e544c46bb6f4c7be61108f0b6276d8e140", "e1cc4cf92cb5d5a4a803f4ee1f29e4298998e3639e64ebe96accc9d15ae5d226", "ac387553d29a6cc41f7c702e80ba8aa3ce0f18cfb15522da52e10dc45c3134ee", "669bddcbb2a4ccce13365b6a664517cc5c6fc149ad2cf1fbc936c2ec82916bf6", "afcd87ae0ca9a66f107d89ae0abecff5cf23b36685d7a13a3ed815b109c5e006"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1053"]}], "category": "Packed", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": true, "Threat Grid": true, "Umbrella": false, "WSA": false}, "description": "Zusy, also known as TinyBanker or Tinba, is a trojan that uses man-in-the-middle attacks to steal banking information. When executed, it injects itself into legitimate Windows processes such as \"explorer.exe\" and \"winver.exe.\" When the user accesses a banking website, it displays a form to trick the user into submitting personal information.", "hashes": ["1087adf31edf1f9a8ab19b6053072366d495f191c187eda56a0c94c79d4d7d3c", "2c88abd04b18282dc60484bbee15574dc3816cfbfcb3a4f0299ff92d41da9120", "39d7cab782004e79f16f695e96fc996e95a0f9e6a1ec37b391c091dc01f7eea2", "482f66d7a734f9cee31de1ee7a74dc2286fb493fee080040dda43ad6b15bff2e", "582f066cc3904e23a604829b004a3b1602b86947a4c1b5752dd62e4b5b264357", "669bddcbb2a4ccce13365b6a664517cc5c6fc149ad2cf1fbc936c2ec82916bf6", "9d8a148b40e15d1a374ec81fb4aad1e09c8fc7cfee33c2141cae6b47c0b70983", "a844f4b4cd3aa66b10306bfa01209bcb519d19d7e87b219669a9be984935528b", "ab4baa4103f7a5efe79a644977e40901d35ca7b4a166e5912a1de4ec3b34ba8a", "ac387553d29a6cc41f7c702e80ba8aa3ce0f18cfb15522da52e10dc45c3134ee", "afcd87ae0ca9a66f107d89ae0abecff5cf23b36685d7a13a3ed815b109c5e006", "bf5401e25df5fcc0d5a05c64cef5e391692f28c3b290edd23c9487ba77e7204a", "e1cc4cf92cb5d5a4a803f4ee1f29e4298998e3639e64ebe96accc9d15ae5d226", "e326eebba8ca1bdf084fb18157d56ab250ce10ddd58508264fb5443dbdfbbe61", "f1f1a6424de9cc0e4c9b3770e785a1e544c46bb6f4c7be61108f0b6276d8e140"], "iocs": {"domain": [], "file": [{"hashes": ["e326eebba8ca1bdf084fb18157d56ab250ce10ddd58508264fb5443dbdfbbe61"], "path": "%System32%\\Tasks\\Browser Lite Tools for WindowsM2WS"}, {"hashes": ["ac387553d29a6cc41f7c702e80ba8aa3ce0f18cfb15522da52e10dc45c3134ee"], "path": "%System32%\\Tasks\\Browser Lite Tools for WindowsJNFF"}, {"hashes": ["1087adf31edf1f9a8ab19b6053072366d495f191c187eda56a0c94c79d4d7d3c"], "path": "%System32%\\Tasks\\Browser Lite Tools for WindowsD9HP"}, {"hashes": ["2c88abd04b18282dc60484bbee15574dc3816cfbfcb3a4f0299ff92d41da9120"], "path": "%System32%\\Tasks\\Browser Lite Tools for WindowsZRRZ"}, {"hashes": ["ab4baa4103f7a5efe79a644977e40901d35ca7b4a166e5912a1de4ec3b34ba8a"], "path": "%System32%\\Tasks\\Browser Lite Tools for WindowsS6KQ"}, {"hashes": ["669bddcbb2a4ccce13365b6a664517cc5c6fc149ad2cf1fbc936c2ec82916bf6"], "path": "%System32%\\Tasks\\Browser Lite Tools for WindowsXXD9"}, {"hashes": ["482f66d7a734f9cee31de1ee7a74dc2286fb493fee080040dda43ad6b15bff2e"], "path": "%System32%\\Tasks\\Browser Lite Tools for WindowsNJ73"}, {"hashes": ["e1cc4cf92cb5d5a4a803f4ee1f29e4298998e3639e64ebe96accc9d15ae5d226"], "path": "%System32%\\Tasks\\Browser Lite Tools for WindowsLD19"}, {"hashes": ["9d8a148b40e15d1a374ec81fb4aad1e09c8fc7cfee33c2141cae6b47c0b70983"], "path": "%System32%\\Tasks\\Browser Lite Tools for WindowsI4MO"}, {"hashes": ["bf5401e25df5fcc0d5a05c64cef5e391692f28c3b290edd23c9487ba77e7204a"], "path": "%System32%\\Tasks\\Browser Lite Tools for WindowsHTD1"}, {"hashes": ["a844f4b4cd3aa66b10306bfa01209bcb519d19d7e87b219669a9be984935528b"], "path": "%System32%\\Tasks\\Browser Lite Tools for WindowsY6OA"}, {"hashes": ["39d7cab782004e79f16f695e96fc996e95a0f9e6a1ec37b391c091dc01f7eea2"], "path": "%System32%\\Tasks\\Browser Lite Tools for WindowsK4QY"}, {"hashes": ["afcd87ae0ca9a66f107d89ae0abecff5cf23b36685d7a13a3ed815b109c5e006"], "path": "%System32%\\Tasks\\Browser Lite Tools for WindowsCAAK"}, {"hashes": ["f1f1a6424de9cc0e4c9b3770e785a1e544c46bb6f4c7be61108f0b6276d8e140"], "path": "%System32%\\Tasks\\Browser Lite Tools for Windows1PXP"}], "ip": [{"hashes": ["1087adf31edf1f9a8ab19b6053072366d495f191c187eda56a0c94c79d4d7d3c", "2c88abd04b18282dc60484bbee15574dc3816cfbfcb3a4f0299ff92d41da9120", "39d7cab782004e79f16f695e96fc996e95a0f9e6a1ec37b391c091dc01f7eea2", "482f66d7a734f9cee31de1ee7a74dc2286fb493fee080040dda43ad6b15bff2e", "582f066cc3904e23a604829b004a3b1602b86947a4c1b5752dd62e4b5b264357", "669bddcbb2a4ccce13365b6a664517cc5c6fc149ad2cf1fbc936c2ec82916bf6", "9d8a148b40e15d1a374ec81fb4aad1e09c8fc7cfee33c2141cae6b47c0b70983", "a844f4b4cd3aa66b10306bfa01209bcb519d19d7e87b219669a9be984935528b", "ab4baa4103f7a5efe79a644977e40901d35ca7b4a166e5912a1de4ec3b34ba8a", "afcd87ae0ca9a66f107d89ae0abecff5cf23b36685d7a13a3ed815b109c5e006", "bf5401e25df5fcc0d5a05c64cef5e391692f28c3b290edd23c9487ba77e7204a", "e1cc4cf92cb5d5a4a803f4ee1f29e4298998e3639e64ebe96accc9d15ae5d226", "e326eebba8ca1bdf084fb18157d56ab250ce10ddd58508264fb5443dbdfbbe61", "f1f1a6424de9cc0e4c9b3770e785a1e544c46bb6f4c7be61108f0b6276d8e140"], "ip": "122[.]117[.]90[.]133"}, {"hashes": ["1087adf31edf1f9a8ab19b6053072366d495f191c187eda56a0c94c79d4d7d3c", "39d7cab782004e79f16f695e96fc996e95a0f9e6a1ec37b391c091dc01f7eea2", "482f66d7a734f9cee31de1ee7a74dc2286fb493fee080040dda43ad6b15bff2e", "582f066cc3904e23a604829b004a3b1602b86947a4c1b5752dd62e4b5b264357", "669bddcbb2a4ccce13365b6a664517cc5c6fc149ad2cf1fbc936c2ec82916bf6", "9d8a148b40e15d1a374ec81fb4aad1e09c8fc7cfee33c2141cae6b47c0b70983", "ab4baa4103f7a5efe79a644977e40901d35ca7b4a166e5912a1de4ec3b34ba8a", "afcd87ae0ca9a66f107d89ae0abecff5cf23b36685d7a13a3ed815b109c5e006", "bf5401e25df5fcc0d5a05c64cef5e391692f28c3b290edd23c9487ba77e7204a", "e1cc4cf92cb5d5a4a803f4ee1f29e4298998e3639e64ebe96accc9d15ae5d226", "e326eebba8ca1bdf084fb18157d56ab250ce10ddd58508264fb5443dbdfbbe61", "f1f1a6424de9cc0e4c9b3770e785a1e544c46bb6f4c7be61108f0b6276d8e140"], "ip": "210[.]2[.]149[.]202"}, {"hashes": ["1087adf31edf1f9a8ab19b6053072366d495f191c187eda56a0c94c79d4d7d3c", "2c88abd04b18282dc60484bbee15574dc3816cfbfcb3a4f0299ff92d41da9120", "482f66d7a734f9cee31de1ee7a74dc2286fb493fee080040dda43ad6b15bff2e", "582f066cc3904e23a604829b004a3b1602b86947a4c1b5752dd62e4b5b264357", "669bddcbb2a4ccce13365b6a664517cc5c6fc149ad2cf1fbc936c2ec82916bf6", "9d8a148b40e15d1a374ec81fb4aad1e09c8fc7cfee33c2141cae6b47c0b70983", "a844f4b4cd3aa66b10306bfa01209bcb519d19d7e87b219669a9be984935528b", "ab4baa4103f7a5efe79a644977e40901d35ca7b4a166e5912a1de4ec3b34ba8a", "ac387553d29a6cc41f7c702e80ba8aa3ce0f18cfb15522da52e10dc45c3134ee", "bf5401e25df5fcc0d5a05c64cef5e391692f28c3b290edd23c9487ba77e7204a"], "ip": "36[.]91[.]117[.]231"}, {"hashes": ["1087adf31edf1f9a8ab19b6053072366d495f191c187eda56a0c94c79d4d7d3c", "2c88abd04b18282dc60484bbee15574dc3816cfbfcb3a4f0299ff92d41da9120", "482f66d7a734f9cee31de1ee7a74dc2286fb493fee080040dda43ad6b15bff2e", "669bddcbb2a4ccce13365b6a664517cc5c6fc149ad2cf1fbc936c2ec82916bf6", "a844f4b4cd3aa66b10306bfa01209bcb519d19d7e87b219669a9be984935528b", "ac387553d29a6cc41f7c702e80ba8aa3ce0f18cfb15522da52e10dc45c3134ee", "afcd87ae0ca9a66f107d89ae0abecff5cf23b36685d7a13a3ed815b109c5e006", "e1cc4cf92cb5d5a4a803f4ee1f29e4298998e3639e64ebe96accc9d15ae5d226", "e326eebba8ca1bdf084fb18157d56ab250ce10ddd58508264fb5443dbdfbbe61", "f1f1a6424de9cc0e4c9b3770e785a1e544c46bb6f4c7be61108f0b6276d8e140"], "ip": "36[.]95[.]23[.]89"}, {"hashes": ["2c88abd04b18282dc60484bbee15574dc3816cfbfcb3a4f0299ff92d41da9120", "39d7cab782004e79f16f695e96fc996e95a0f9e6a1ec37b391c091dc01f7eea2", "582f066cc3904e23a604829b004a3b1602b86947a4c1b5752dd62e4b5b264357", "9d8a148b40e15d1a374ec81fb4aad1e09c8fc7cfee33c2141cae6b47c0b70983", "ab4baa4103f7a5efe79a644977e40901d35ca7b4a166e5912a1de4ec3b34ba8a", "ac387553d29a6cc41f7c702e80ba8aa3ce0f18cfb15522da52e10dc45c3134ee", "afcd87ae0ca9a66f107d89ae0abecff5cf23b36685d7a13a3ed815b109c5e006", "bf5401e25df5fcc0d5a05c64cef5e391692f28c3b290edd23c9487ba77e7204a", "e1cc4cf92cb5d5a4a803f4ee1f29e4298998e3639e64ebe96accc9d15ae5d226"], "ip": "202[.]9[.]121[.]143"}, {"hashes": ["1087adf31edf1f9a8ab19b6053072366d495f191c187eda56a0c94c79d4d7d3c", "39d7cab782004e79f16f695e96fc996e95a0f9e6a1ec37b391c091dc01f7eea2", "669bddcbb2a4ccce13365b6a664517cc5c6fc149ad2cf1fbc936c2ec82916bf6", "9d8a148b40e15d1a374ec81fb4aad1e09c8fc7cfee33c2141cae6b47c0b70983", "ab4baa4103f7a5efe79a644977e40901d35ca7b4a166e5912a1de4ec3b34ba8a", "afcd87ae0ca9a66f107d89ae0abecff5cf23b36685d7a13a3ed815b109c5e006", "bf5401e25df5fcc0d5a05c64cef5e391692f28c3b290edd23c9487ba77e7204a", "e1cc4cf92cb5d5a4a803f4ee1f29e4298998e3639e64ebe96accc9d15ae5d226", "e326eebba8ca1bdf084fb18157d56ab250ce10ddd58508264fb5443dbdfbbe61"], "ip": "110[.]172[.]137[.]20"}, {"hashes": ["39d7cab782004e79f16f695e96fc996e95a0f9e6a1ec37b391c091dc01f7eea2", "482f66d7a734f9cee31de1ee7a74dc2286fb493fee080040dda43ad6b15bff2e", "669bddcbb2a4ccce13365b6a664517cc5c6fc149ad2cf1fbc936c2ec82916bf6", "a844f4b4cd3aa66b10306bfa01209bcb519d19d7e87b219669a9be984935528b", "ac387553d29a6cc41f7c702e80ba8aa3ce0f18cfb15522da52e10dc45c3134ee", "e1cc4cf92cb5d5a4a803f4ee1f29e4298998e3639e64ebe96accc9d15ae5d226", "e326eebba8ca1bdf084fb18157d56ab250ce10ddd58508264fb5443dbdfbbe61", "f1f1a6424de9cc0e4c9b3770e785a1e544c46bb6f4c7be61108f0b6276d8e140"], "ip": "103[.]123[.]86[.]104"}, {"hashes": ["1087adf31edf1f9a8ab19b6053072366d495f191c187eda56a0c94c79d4d7d3c", "39d7cab782004e79f16f695e96fc996e95a0f9e6a1ec37b391c091dc01f7eea2", "582f066cc3904e23a604829b004a3b1602b86947a4c1b5752dd62e4b5b264357", "ac387553d29a6cc41f7c702e80ba8aa3ce0f18cfb15522da52e10dc45c3134ee", "afcd87ae0ca9a66f107d89ae0abecff5cf23b36685d7a13a3ed815b109c5e006", "bf5401e25df5fcc0d5a05c64cef5e391692f28c3b290edd23c9487ba77e7204a", "e326eebba8ca1bdf084fb18157d56ab250ce10ddd58508264fb5443dbdfbbe61"], "ip": "103[.]75[.]32[.]173"}, {"hashes": ["1087adf31edf1f9a8ab19b6053072366d495f191c187eda56a0c94c79d4d7d3c", "39d7cab782004e79f16f695e96fc996e95a0f9e6a1ec37b391c091dc01f7eea2", "482f66d7a734f9cee31de1ee7a74dc2286fb493fee080040dda43ad6b15bff2e", "669bddcbb2a4ccce13365b6a664517cc5c6fc149ad2cf1fbc936c2ec82916bf6", "a844f4b4cd3aa66b10306bfa01209bcb519d19d7e87b219669a9be984935528b", "ab4baa4103f7a5efe79a644977e40901d35ca7b4a166e5912a1de4ec3b34ba8a", "e326eebba8ca1bdf084fb18157d56ab250ce10ddd58508264fb5443dbdfbbe61"], "ip": "36[.]89[.]228[.]201"}, {"hashes": ["2c88abd04b18282dc60484bbee15574dc3816cfbfcb3a4f0299ff92d41da9120", "482f66d7a734f9cee31de1ee7a74dc2286fb493fee080040dda43ad6b15bff2e", "9d8a148b40e15d1a374ec81fb4aad1e09c8fc7cfee33c2141cae6b47c0b70983", "ac387553d29a6cc41f7c702e80ba8aa3ce0f18cfb15522da52e10dc45c3134ee", "bf5401e25df5fcc0d5a05c64cef5e391692f28c3b290edd23c9487ba77e7204a", "e1cc4cf92cb5d5a4a803f4ee1f29e4298998e3639e64ebe96accc9d15ae5d226", "f1f1a6424de9cc0e4c9b3770e785a1e544c46bb6f4c7be61108f0b6276d8e140"], "ip": "45[.]115[.]172[.]105"}, {"hashes": ["1087adf31edf1f9a8ab19b6053072366d495f191c187eda56a0c94c79d4d7d3c", "2c88abd04b18282dc60484bbee15574dc3816cfbfcb3a4f0299ff92d41da9120", "482f66d7a734f9cee31de1ee7a74dc2286fb493fee080040dda43ad6b15bff2e", "669bddcbb2a4ccce13365b6a664517cc5c6fc149ad2cf1fbc936c2ec82916bf6", "9d8a148b40e15d1a374ec81fb4aad1e09c8fc7cfee33c2141cae6b47c0b70983", "a844f4b4cd3aa66b10306bfa01209bcb519d19d7e87b219669a9be984935528b", "afcd87ae0ca9a66f107d89ae0abecff5cf23b36685d7a13a3ed815b109c5e006"], "ip": "103[.]146[.]232[.]154"}, {"hashes": ["582f066cc3904e23a604829b004a3b1602b86947a4c1b5752dd62e4b5b264357", "ab4baa4103f7a5efe79a644977e40901d35ca7b4a166e5912a1de4ec3b34ba8a", "ac387553d29a6cc41f7c702e80ba8aa3ce0f18cfb15522da52e10dc45c3134ee", "afcd87ae0ca9a66f107d89ae0abecff5cf23b36685d7a13a3ed815b109c5e006", "bf5401e25df5fcc0d5a05c64cef5e391692f28c3b290edd23c9487ba77e7204a", "f1f1a6424de9cc0e4c9b3770e785a1e544c46bb6f4c7be61108f0b6276d8e140"], "ip": "36[.]91[.]88[.]164"}, {"hashes": ["1087adf31edf1f9a8ab19b6053072366d495f191c187eda56a0c94c79d4d7d3c", "482f66d7a734f9cee31de1ee7a74dc2286fb493fee080040dda43ad6b15bff2e", "9d8a148b40e15d1a374ec81fb4aad1e09c8fc7cfee33c2141cae6b47c0b70983", "ab4baa4103f7a5efe79a644977e40901d35ca7b4a166e5912a1de4ec3b34ba8a", "e1cc4cf92cb5d5a4a803f4ee1f29e4298998e3639e64ebe96accc9d15ae5d226", "e326eebba8ca1bdf084fb18157d56ab250ce10ddd58508264fb5443dbdfbbe61"], "ip": "117[.]222[.]61[.]115"}, {"hashes": ["482f66d7a734f9cee31de1ee7a74dc2286fb493fee080040dda43ad6b15bff2e", "582f066cc3904e23a604829b004a3b1602b86947a4c1b5752dd62e4b5b264357", "a844f4b4cd3aa66b10306bfa01209bcb519d19d7e87b219669a9be984935528b", "ab4baa4103f7a5efe79a644977e40901d35ca7b4a166e5912a1de4ec3b34ba8a", "e1cc4cf92cb5d5a4a803f4ee1f29e4298998e3639e64ebe96accc9d15ae5d226", "f1f1a6424de9cc0e4c9b3770e785a1e544c46bb6f4c7be61108f0b6276d8e140"], "ip": "58[.]97[.]72[.]83"}, {"hashes": ["2c88abd04b18282dc60484bbee15574dc3816cfbfcb3a4f0299ff92d41da9120", "39d7cab782004e79f16f695e96fc996e95a0f9e6a1ec37b391c091dc01f7eea2", "a844f4b4cd3aa66b10306bfa01209bcb519d19d7e87b219669a9be984935528b", "ab4baa4103f7a5efe79a644977e40901d35ca7b4a166e5912a1de4ec3b34ba8a", "e326eebba8ca1bdf084fb18157d56ab250ce10ddd58508264fb5443dbdfbbe61"], "ip": "139[.]255[.]65[.]170"}, {"hashes": ["1087adf31edf1f9a8ab19b6053072366d495f191c187eda56a0c94c79d4d7d3c", "669bddcbb2a4ccce13365b6a664517cc5c6fc149ad2cf1fbc936c2ec82916bf6", "9d8a148b40e15d1a374ec81fb4aad1e09c8fc7cfee33c2141cae6b47c0b70983", "afcd87ae0ca9a66f107d89ae0abecff5cf23b36685d7a13a3ed815b109c5e006", "f1f1a6424de9cc0e4c9b3770e785a1e544c46bb6f4c7be61108f0b6276d8e140"], "ip": "202[.]65[.]119[.]162"}, {"hashes": ["2c88abd04b18282dc60484bbee15574dc3816cfbfcb3a4f0299ff92d41da9120", "669bddcbb2a4ccce13365b6a664517cc5c6fc149ad2cf1fbc936c2ec82916bf6", "9d8a148b40e15d1a374ec81fb4aad1e09c8fc7cfee33c2141cae6b47c0b70983", "ac387553d29a6cc41f7c702e80ba8aa3ce0f18cfb15522da52e10dc45c3134ee", "e326eebba8ca1bdf084fb18157d56ab250ce10ddd58508264fb5443dbdfbbe61"], "ip": "118[.]91[.]190[.]42"}, {"hashes": ["2c88abd04b18282dc60484bbee15574dc3816cfbfcb3a4f0299ff92d41da9120", "39d7cab782004e79f16f695e96fc996e95a0f9e6a1ec37b391c091dc01f7eea2", "669bddcbb2a4ccce13365b6a664517cc5c6fc149ad2cf1fbc936c2ec82916bf6", "bf5401e25df5fcc0d5a05c64cef5e391692f28c3b290edd23c9487ba77e7204a", "e1cc4cf92cb5d5a4a803f4ee1f29e4298998e3639e64ebe96accc9d15ae5d226"], "ip": "117[.]222[.]57[.]92"}, {"hashes": ["2c88abd04b18282dc60484bbee15574dc3816cfbfcb3a4f0299ff92d41da9120", "669bddcbb2a4ccce13365b6a664517cc5c6fc149ad2cf1fbc936c2ec82916bf6", "a844f4b4cd3aa66b10306bfa01209bcb519d19d7e87b219669a9be984935528b", "ac387553d29a6cc41f7c702e80ba8aa3ce0f18cfb15522da52e10dc45c3134ee"], "ip": "103[.]9[.]188[.]78"}, {"hashes": ["9d8a148b40e15d1a374ec81fb4aad1e09c8fc7cfee33c2141cae6b47c0b70983", "a844f4b4cd3aa66b10306bfa01209bcb519d19d7e87b219669a9be984935528b", "e1cc4cf92cb5d5a4a803f4ee1f29e4298998e3639e64ebe96accc9d15ae5d226", "e326eebba8ca1bdf084fb18157d56ab250ce10ddd58508264fb5443dbdfbbe61"], "ip": "103[.]47[.]170[.]130/31"}, {"hashes": ["a844f4b4cd3aa66b10306bfa01209bcb519d19d7e87b219669a9be984935528b"], "ip": "139[.]255[.]6[.]2"}, {"hashes": ["2c88abd04b18282dc60484bbee15574dc3816cfbfcb3a4f0299ff92d41da9120"], "ip": "36[.]91[.]186[.]235"}, {"hashes": ["ab4baa4103f7a5efe79a644977e40901d35ca7b4a166e5912a1de4ec3b34ba8a"], "ip": "103[.]194[.]88[.]4"}], "mutex": [{"hashes": ["1087adf31edf1f9a8ab19b6053072366d495f191c187eda56a0c94c79d4d7d3c", "2c88abd04b18282dc60484bbee15574dc3816cfbfcb3a4f0299ff92d41da9120", "39d7cab782004e79f16f695e96fc996e95a0f9e6a1ec37b391c091dc01f7eea2", "482f66d7a734f9cee31de1ee7a74dc2286fb493fee080040dda43ad6b15bff2e", "582f066cc3904e23a604829b004a3b1602b86947a4c1b5752dd62e4b5b264357", "669bddcbb2a4ccce13365b6a664517cc5c6fc149ad2cf1fbc936c2ec82916bf6", "9d8a148b40e15d1a374ec81fb4aad1e09c8fc7cfee33c2141cae6b47c0b70983", "a844f4b4cd3aa66b10306bfa01209bcb519d19d7e87b219669a9be984935528b", "ab4baa4103f7a5efe79a644977e40901d35ca7b4a166e5912a1de4ec3b34ba8a", "ac387553d29a6cc41f7c702e80ba8aa3ce0f18cfb15522da52e10dc45c3134ee", "afcd87ae0ca9a66f107d89ae0abecff5cf23b36685d7a13a3ed815b109c5e006", "bf5401e25df5fcc0d5a05c64cef5e391692f28c3b290edd23c9487ba77e7204a", "e1cc4cf92cb5d5a4a803f4ee1f29e4298998e3639e64ebe96accc9d15ae5d226", "e326eebba8ca1bdf084fb18157d56ab250ce10ddd58508264fb5443dbdfbbe61", "f1f1a6424de9cc0e4c9b3770e785a1e544c46bb6f4c7be61108f0b6276d8e140"], "name": "GLOBAL\\{<random GUID>}"}], "registry": [{"hashes": ["1087adf31edf1f9a8ab19b6053072366d495f191c187eda56a0c94c79d4d7d3c", "2c88abd04b18282dc60484bbee15574dc3816cfbfcb3a4f0299ff92d41da9120", "39d7cab782004e79f16f695e96fc996e95a0f9e6a1ec37b391c091dc01f7eea2", "482f66d7a734f9cee31de1ee7a74dc2286fb493fee080040dda43ad6b15bff2e", "582f066cc3904e23a604829b004a3b1602b86947a4c1b5752dd62e4b5b264357", "669bddcbb2a4ccce13365b6a664517cc5c6fc149ad2cf1fbc936c2ec82916bf6", "9d8a148b40e15d1a374ec81fb4aad1e09c8fc7cfee33c2141cae6b47c0b70983", "a844f4b4cd3aa66b10306bfa01209bcb519d19d7e87b219669a9be984935528b", "ab4baa4103f7a5efe79a644977e40901d35ca7b4a166e5912a1de4ec3b34ba8a", "ac387553d29a6cc41f7c702e80ba8aa3ce0f18cfb15522da52e10dc45c3134ee", "afcd87ae0ca9a66f107d89ae0abecff5cf23b36685d7a13a3ed815b109c5e006", "bf5401e25df5fcc0d5a05c64cef5e391692f28c3b290edd23c9487ba77e7204a", "e1cc4cf92cb5d5a4a803f4ee1f29e4298998e3639e64ebe96accc9d15ae5d226", "e326eebba8ca1bdf084fb18157d56ab250ce10ddd58508264fb5443dbdfbbe61", "f1f1a6424de9cc0e4c9b3770e785a1e544c46bb6f4c7be61108f0b6276d8e140"], "key": "<HKCU>\\SOFTWARE\\LOCAL APPWIZARD-GENERATED APPLICATIONS", "value_name": null}, {"hashes": ["1087adf31edf1f9a8ab19b6053072366d495f191c187eda56a0c94c79d4d7d3c", "2c88abd04b18282dc60484bbee15574dc3816cfbfcb3a4f0299ff92d41da9120", "39d7cab782004e79f16f695e96fc996e95a0f9e6a1ec37b391c091dc01f7eea2", "482f66d7a734f9cee31de1ee7a74dc2286fb493fee080040dda43ad6b15bff2e", "582f066cc3904e23a604829b004a3b1602b86947a4c1b5752dd62e4b5b264357", "669bddcbb2a4ccce13365b6a664517cc5c6fc149ad2cf1fbc936c2ec82916bf6", "9d8a148b40e15d1a374ec81fb4aad1e09c8fc7cfee33c2141cae6b47c0b70983", "a844f4b4cd3aa66b10306bfa01209bcb519d19d7e87b219669a9be984935528b", "ab4baa4103f7a5efe79a644977e40901d35ca7b4a166e5912a1de4ec3b34ba8a", "ac387553d29a6cc41f7c702e80ba8aa3ce0f18cfb15522da52e10dc45c3134ee", "afcd87ae0ca9a66f107d89ae0abecff5cf23b36685d7a13a3ed815b109c5e006", "bf5401e25df5fcc0d5a05c64cef5e391692f28c3b290edd23c9487ba77e7204a", "e1cc4cf92cb5d5a4a803f4ee1f29e4298998e3639e64ebe96accc9d15ae5d226", "e326eebba8ca1bdf084fb18157d56ab250ce10ddd58508264fb5443dbdfbbe61", "f1f1a6424de9cc0e4c9b3770e785a1e544c46bb6f4c7be61108f0b6276d8e140"], "key": "<HKCU>\\SOFTWARE\\LOCAL APPWIZARD-GENERATED APPLICATIONS\\CDB", "value_name": null}, {"hashes": ["1087adf31edf1f9a8ab19b6053072366d495f191c187eda56a0c94c79d4d7d3c", "2c88abd04b18282dc60484bbee15574dc3816cfbfcb3a4f0299ff92d41da9120", "39d7cab782004e79f16f695e96fc996e95a0f9e6a1ec37b391c091dc01f7eea2", "482f66d7a734f9cee31de1ee7a74dc2286fb493fee080040dda43ad6b15bff2e", "582f066cc3904e23a604829b004a3b1602b86947a4c1b5752dd62e4b5b264357", "669bddcbb2a4ccce13365b6a664517cc5c6fc149ad2cf1fbc936c2ec82916bf6", "9d8a148b40e15d1a374ec81fb4aad1e09c8fc7cfee33c2141cae6b47c0b70983", "a844f4b4cd3aa66b10306bfa01209bcb519d19d7e87b219669a9be984935528b", "ab4baa4103f7a5efe79a644977e40901d35ca7b4a166e5912a1de4ec3b34ba8a", "ac387553d29a6cc41f7c702e80ba8aa3ce0f18cfb15522da52e10dc45c3134ee", "afcd87ae0ca9a66f107d89ae0abecff5cf23b36685d7a13a3ed815b109c5e006", "bf5401e25df5fcc0d5a05c64cef5e391692f28c3b290edd23c9487ba77e7204a", "e1cc4cf92cb5d5a4a803f4ee1f29e4298998e3639e64ebe96accc9d15ae5d226", "e326eebba8ca1bdf084fb18157d56ab250ce10ddd58508264fb5443dbdfbbe61", "f1f1a6424de9cc0e4c9b3770e785a1e544c46bb6f4c7be61108f0b6276d8e140"], "key": "<HKCU>\\SOFTWARE\\LOCAL APPWIZARD-GENERATED APPLICATIONS\\CDB\\RECENT FILE LIST", "value_name": null}, {"hashes": ["1087adf31edf1f9a8ab19b6053072366d495f191c187eda56a0c94c79d4d7d3c", "2c88abd04b18282dc60484bbee15574dc3816cfbfcb3a4f0299ff92d41da9120", "39d7cab782004e79f16f695e96fc996e95a0f9e6a1ec37b391c091dc01f7eea2", "482f66d7a734f9cee31de1ee7a74dc2286fb493fee080040dda43ad6b15bff2e", "582f066cc3904e23a604829b004a3b1602b86947a4c1b5752dd62e4b5b264357", "669bddcbb2a4ccce13365b6a664517cc5c6fc149ad2cf1fbc936c2ec82916bf6", "9d8a148b40e15d1a374ec81fb4aad1e09c8fc7cfee33c2141cae6b47c0b70983", "a844f4b4cd3aa66b10306bfa01209bcb519d19d7e87b219669a9be984935528b", "ab4baa4103f7a5efe79a644977e40901d35ca7b4a166e5912a1de4ec3b34ba8a", "ac387553d29a6cc41f7c702e80ba8aa3ce0f18cfb15522da52e10dc45c3134ee", "afcd87ae0ca9a66f107d89ae0abecff5cf23b36685d7a13a3ed815b109c5e006", "bf5401e25df5fcc0d5a05c64cef5e391692f28c3b290edd23c9487ba77e7204a", "e1cc4cf92cb5d5a4a803f4ee1f29e4298998e3639e64ebe96accc9d15ae5d226", "e326eebba8ca1bdf084fb18157d56ab250ce10ddd58508264fb5443dbdfbbe61", "f1f1a6424de9cc0e4c9b3770e785a1e544c46bb6f4c7be61108f0b6276d8e140"], "key": "<HKCU>\\SOFTWARE\\LOCAL APPWIZARD-GENERATED APPLICATIONS\\CDB\\SETTINGS", "value_name": null}, {"hashes": ["bf5401e25df5fcc0d5a05c64cef5e391692f28c3b290edd23c9487ba77e7204a"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\SCHEDULE\\TASKCACHE\\TREE", "value_name": "Index"}, {"hashes": ["bf5401e25df5fcc0d5a05c64cef5e391692f28c3b290edd23c9487ba77e7204a"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\SCHEDULE\\TASKCACHE\\TREE", "value_name": "Id"}]}, "reports_count": 15}, "Win.Trojan.DarkComet-9993855-1": {"bis": [{"bi": "pe-encrypted-section", "hashes": ["69921e80a8e832e09f70910394061439b15041a3a5034c67d34569d6f68c7254", "142f94160c09be675fe3bf06a5fe84b3e023dce455322ec11cceee1511258921", "4d03acca31439bff32d232c6a18e94fa8472f36ca9ef567783269234f4bd9ac4", "9078c43f5035ac673c127949d8a3701259adf61d682cd0f77c2b8c353dfab463", "36b8535bdefbea5c1cb74fcee2dda32b1456ac9df5e44aac0c107edf249693f6", "842ea6781e660a24d0cb03a1dee05244214f2f05f5f301f7f4d3f2dda2679f20", "737e28a69d807f7498eacbeab45fc12d076823aaa5b5a6fe37d069e896d59caa", "85cdce0feb238fb93d2fa90e4e58ac1d590915dbc49e83bf0d749b7f4a1e726c", "3ac59633aa4d92f9c21862042bb1b15c39e4dd37082ee8b5bcbfedf778eb4ea8", "ee6ddc525cea2008b299981528f4b73962cc98e09362fae560ed77ed490e6186", "3d073fe21b27a7c2db7366704cd004e76148258864ca0b10d795316c32388cfa", "ddf5296ee0edec8fa1fd6bbd5d5403fdc23a56c47a58690ec71c13f1cc3ef602"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "memory-execute-readwrite", "hashes": ["69921e80a8e832e09f70910394061439b15041a3a5034c67d34569d6f68c7254", "142f94160c09be675fe3bf06a5fe84b3e023dce455322ec11cceee1511258921", "4d03acca31439bff32d232c6a18e94fa8472f36ca9ef567783269234f4bd9ac4", "9078c43f5035ac673c127949d8a3701259adf61d682cd0f77c2b8c353dfab463", "36b8535bdefbea5c1cb74fcee2dda32b1456ac9df5e44aac0c107edf249693f6", "842ea6781e660a24d0cb03a1dee05244214f2f05f5f301f7f4d3f2dda2679f20", "737e28a69d807f7498eacbeab45fc12d076823aaa5b5a6fe37d069e896d59caa", "85cdce0feb238fb93d2fa90e4e58ac1d590915dbc49e83bf0d749b7f4a1e726c", "3ac59633aa4d92f9c21862042bb1b15c39e4dd37082ee8b5bcbfedf778eb4ea8", "ee6ddc525cea2008b299981528f4b73962cc98e09362fae560ed77ed490e6186", "3d073fe21b27a7c2db7366704cd004e76148258864ca0b10d795316c32388cfa", "ddf5296ee0edec8fa1fd6bbd5d5403fdc23a56c47a58690ec71c13f1cc3ef602"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["69921e80a8e832e09f70910394061439b15041a3a5034c67d34569d6f68c7254", "142f94160c09be675fe3bf06a5fe84b3e023dce455322ec11cceee1511258921", "4d03acca31439bff32d232c6a18e94fa8472f36ca9ef567783269234f4bd9ac4", "9078c43f5035ac673c127949d8a3701259adf61d682cd0f77c2b8c353dfab463", "36b8535bdefbea5c1cb74fcee2dda32b1456ac9df5e44aac0c107edf249693f6", "842ea6781e660a24d0cb03a1dee05244214f2f05f5f301f7f4d3f2dda2679f20", "737e28a69d807f7498eacbeab45fc12d076823aaa5b5a6fe37d069e896d59caa", "85cdce0feb238fb93d2fa90e4e58ac1d590915dbc49e83bf0d749b7f4a1e726c", "3ac59633aa4d92f9c21862042bb1b15c39e4dd37082ee8b5bcbfedf778eb4ea8", "ee6ddc525cea2008b299981528f4b73962cc98e09362fae560ed77ed490e6186", "3d073fe21b27a7c2db7366704cd004e76148258864ca0b10d795316c32388cfa", "ddf5296ee0edec8fa1fd6bbd5d5403fdc23a56c47a58690ec71c13f1cc3ef602"], "mitre_attack_tags": []}, {"bi": "pe-invalid-checksum", "hashes": ["69921e80a8e832e09f70910394061439b15041a3a5034c67d34569d6f68c7254", "142f94160c09be675fe3bf06a5fe84b3e023dce455322ec11cceee1511258921", "4d03acca31439bff32d232c6a18e94fa8472f36ca9ef567783269234f4bd9ac4", "9078c43f5035ac673c127949d8a3701259adf61d682cd0f77c2b8c353dfab463", "36b8535bdefbea5c1cb74fcee2dda32b1456ac9df5e44aac0c107edf249693f6", "842ea6781e660a24d0cb03a1dee05244214f2f05f5f301f7f4d3f2dda2679f20", "737e28a69d807f7498eacbeab45fc12d076823aaa5b5a6fe37d069e896d59caa", "85cdce0feb238fb93d2fa90e4e58ac1d590915dbc49e83bf0d749b7f4a1e726c", "3ac59633aa4d92f9c21862042bb1b15c39e4dd37082ee8b5bcbfedf778eb4ea8", "ee6ddc525cea2008b299981528f4b73962cc98e09362fae560ed77ed490e6186", "3d073fe21b27a7c2db7366704cd004e76148258864ca0b10d795316c32388cfa", "ddf5296ee0edec8fa1fd6bbd5d5403fdc23a56c47a58690ec71c13f1cc3ef602"], "mitre_attack_tags": []}, {"bi": "artifact-flagged-anomaly", "hashes": ["69921e80a8e832e09f70910394061439b15041a3a5034c67d34569d6f68c7254", "142f94160c09be675fe3bf06a5fe84b3e023dce455322ec11cceee1511258921", "4d03acca31439bff32d232c6a18e94fa8472f36ca9ef567783269234f4bd9ac4", "9078c43f5035ac673c127949d8a3701259adf61d682cd0f77c2b8c353dfab463", "36b8535bdefbea5c1cb74fcee2dda32b1456ac9df5e44aac0c107edf249693f6", "842ea6781e660a24d0cb03a1dee05244214f2f05f5f301f7f4d3f2dda2679f20", "737e28a69d807f7498eacbeab45fc12d076823aaa5b5a6fe37d069e896d59caa", "85cdce0feb238fb93d2fa90e4e58ac1d590915dbc49e83bf0d749b7f4a1e726c", "3ac59633aa4d92f9c21862042bb1b15c39e4dd37082ee8b5bcbfedf778eb4ea8", "ee6ddc525cea2008b299981528f4b73962cc98e09362fae560ed77ed490e6186", "3d073fe21b27a7c2db7366704cd004e76148258864ca0b10d795316c32388cfa", "ddf5296ee0edec8fa1fd6bbd5d5403fdc23a56c47a58690ec71c13f1cc3ef602"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-section-execute-writable", "hashes": ["69921e80a8e832e09f70910394061439b15041a3a5034c67d34569d6f68c7254", "142f94160c09be675fe3bf06a5fe84b3e023dce455322ec11cceee1511258921", "4d03acca31439bff32d232c6a18e94fa8472f36ca9ef567783269234f4bd9ac4", "9078c43f5035ac673c127949d8a3701259adf61d682cd0f77c2b8c353dfab463", "36b8535bdefbea5c1cb74fcee2dda32b1456ac9df5e44aac0c107edf249693f6", "842ea6781e660a24d0cb03a1dee05244214f2f05f5f301f7f4d3f2dda2679f20", "737e28a69d807f7498eacbeab45fc12d076823aaa5b5a6fe37d069e896d59caa", "85cdce0feb238fb93d2fa90e4e58ac1d590915dbc49e83bf0d749b7f4a1e726c", "3ac59633aa4d92f9c21862042bb1b15c39e4dd37082ee8b5bcbfedf778eb4ea8", "ee6ddc525cea2008b299981528f4b73962cc98e09362fae560ed77ed490e6186", "3d073fe21b27a7c2db7366704cd004e76148258864ca0b10d795316c32388cfa", "ddf5296ee0edec8fa1fd6bbd5d5403fdc23a56c47a58690ec71c13f1cc3ef602"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "excessive-foreign-memory-modification", "hashes": ["69921e80a8e832e09f70910394061439b15041a3a5034c67d34569d6f68c7254", "142f94160c09be675fe3bf06a5fe84b3e023dce455322ec11cceee1511258921", "4d03acca31439bff32d232c6a18e94fa8472f36ca9ef567783269234f4bd9ac4", "9078c43f5035ac673c127949d8a3701259adf61d682cd0f77c2b8c353dfab463", "36b8535bdefbea5c1cb74fcee2dda32b1456ac9df5e44aac0c107edf249693f6", "842ea6781e660a24d0cb03a1dee05244214f2f05f5f301f7f4d3f2dda2679f20", "737e28a69d807f7498eacbeab45fc12d076823aaa5b5a6fe37d069e896d59caa", "85cdce0feb238fb93d2fa90e4e58ac1d590915dbc49e83bf0d749b7f4a1e726c", "3ac59633aa4d92f9c21862042bb1b15c39e4dd37082ee8b5bcbfedf778eb4ea8", "ee6ddc525cea2008b299981528f4b73962cc98e09362fae560ed77ed490e6186", "3d073fe21b27a7c2db7366704cd004e76148258864ca0b10d795316c32388cfa", "ddf5296ee0edec8fa1fd6bbd5d5403fdc23a56c47a58690ec71c13f1cc3ef602"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "sample-launched-copy-of-self", "hashes": ["69921e80a8e832e09f70910394061439b15041a3a5034c67d34569d6f68c7254", "142f94160c09be675fe3bf06a5fe84b3e023dce455322ec11cceee1511258921", "4d03acca31439bff32d232c6a18e94fa8472f36ca9ef567783269234f4bd9ac4", "9078c43f5035ac673c127949d8a3701259adf61d682cd0f77c2b8c353dfab463", "36b8535bdefbea5c1cb74fcee2dda32b1456ac9df5e44aac0c107edf249693f6", "842ea6781e660a24d0cb03a1dee05244214f2f05f5f301f7f4d3f2dda2679f20", "737e28a69d807f7498eacbeab45fc12d076823aaa5b5a6fe37d069e896d59caa", "85cdce0feb238fb93d2fa90e4e58ac1d590915dbc49e83bf0d749b7f4a1e726c", "3ac59633aa4d92f9c21862042bb1b15c39e4dd37082ee8b5bcbfedf778eb4ea8", "ee6ddc525cea2008b299981528f4b73962cc98e09362fae560ed77ed490e6186", "3d073fe21b27a7c2db7366704cd004e76148258864ca0b10d795316c32388cfa", "ddf5296ee0edec8fa1fd6bbd5d5403fdc23a56c47a58690ec71c13f1cc3ef602"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "process-hollowing-detected", "hashes": ["69921e80a8e832e09f70910394061439b15041a3a5034c67d34569d6f68c7254", "142f94160c09be675fe3bf06a5fe84b3e023dce455322ec11cceee1511258921", "4d03acca31439bff32d232c6a18e94fa8472f36ca9ef567783269234f4bd9ac4", "9078c43f5035ac673c127949d8a3701259adf61d682cd0f77c2b8c353dfab463", "36b8535bdefbea5c1cb74fcee2dda32b1456ac9df5e44aac0c107edf249693f6", "842ea6781e660a24d0cb03a1dee05244214f2f05f5f301f7f4d3f2dda2679f20", "737e28a69d807f7498eacbeab45fc12d076823aaa5b5a6fe37d069e896d59caa", "85cdce0feb238fb93d2fa90e4e58ac1d590915dbc49e83bf0d749b7f4a1e726c", "3ac59633aa4d92f9c21862042bb1b15c39e4dd37082ee8b5bcbfedf778eb4ea8", "ee6ddc525cea2008b299981528f4b73962cc98e09362fae560ed77ed490e6186", "3d073fe21b27a7c2db7366704cd004e76148258864ca0b10d795316c32388cfa", "ddf5296ee0edec8fa1fd6bbd5d5403fdc23a56c47a58690ec71c13f1cc3ef602"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "pe-section-blank-name", "hashes": ["69921e80a8e832e09f70910394061439b15041a3a5034c67d34569d6f68c7254", "142f94160c09be675fe3bf06a5fe84b3e023dce455322ec11cceee1511258921", "4d03acca31439bff32d232c6a18e94fa8472f36ca9ef567783269234f4bd9ac4", "9078c43f5035ac673c127949d8a3701259adf61d682cd0f77c2b8c353dfab463", "36b8535bdefbea5c1cb74fcee2dda32b1456ac9df5e44aac0c107edf249693f6", "842ea6781e660a24d0cb03a1dee05244214f2f05f5f301f7f4d3f2dda2679f20", "737e28a69d807f7498eacbeab45fc12d076823aaa5b5a6fe37d069e896d59caa", "85cdce0feb238fb93d2fa90e4e58ac1d590915dbc49e83bf0d749b7f4a1e726c", "3ac59633aa4d92f9c21862042bb1b15c39e4dd37082ee8b5bcbfedf778eb4ea8", "ee6ddc525cea2008b299981528f4b73962cc98e09362fae560ed77ed490e6186", "3d073fe21b27a7c2db7366704cd004e76148258864ca0b10d795316c32388cfa", "ddf5296ee0edec8fa1fd6bbd5d5403fdc23a56c47a58690ec71c13f1cc3ef602"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "artifact-pe-no-dos", "hashes": ["69921e80a8e832e09f70910394061439b15041a3a5034c67d34569d6f68c7254", "142f94160c09be675fe3bf06a5fe84b3e023dce455322ec11cceee1511258921", "4d03acca31439bff32d232c6a18e94fa8472f36ca9ef567783269234f4bd9ac4", "9078c43f5035ac673c127949d8a3701259adf61d682cd0f77c2b8c353dfab463", "36b8535bdefbea5c1cb74fcee2dda32b1456ac9df5e44aac0c107edf249693f6", "842ea6781e660a24d0cb03a1dee05244214f2f05f5f301f7f4d3f2dda2679f20", "737e28a69d807f7498eacbeab45fc12d076823aaa5b5a6fe37d069e896d59caa", "85cdce0feb238fb93d2fa90e4e58ac1d590915dbc49e83bf0d749b7f4a1e726c", "3ac59633aa4d92f9c21862042bb1b15c39e4dd37082ee8b5bcbfedf778eb4ea8", "ee6ddc525cea2008b299981528f4b73962cc98e09362fae560ed77ed490e6186", "3d073fe21b27a7c2db7366704cd004e76148258864ca0b10d795316c32388cfa", "ddf5296ee0edec8fa1fd6bbd5d5403fdc23a56c47a58690ec71c13f1cc3ef602"], "mitre_attack_tags": []}, {"bi": "modified-executable", "hashes": ["69921e80a8e832e09f70910394061439b15041a3a5034c67d34569d6f68c7254", "142f94160c09be675fe3bf06a5fe84b3e023dce455322ec11cceee1511258921", "4d03acca31439bff32d232c6a18e94fa8472f36ca9ef567783269234f4bd9ac4", "9078c43f5035ac673c127949d8a3701259adf61d682cd0f77c2b8c353dfab463", "737e28a69d807f7498eacbeab45fc12d076823aaa5b5a6fe37d069e896d59caa", "85cdce0feb238fb93d2fa90e4e58ac1d590915dbc49e83bf0d749b7f4a1e726c", "3ac59633aa4d92f9c21862042bb1b15c39e4dd37082ee8b5bcbfedf778eb4ea8", "3d073fe21b27a7c2db7366704cd004e76148258864ca0b10d795316c32388cfa", "ddf5296ee0edec8fa1fd6bbd5d5403fdc23a56c47a58690ec71c13f1cc3ef602"], "mitre_attack_tags": []}, {"bi": "registry-autorun-key-modified", "hashes": ["69921e80a8e832e09f70910394061439b15041a3a5034c67d34569d6f68c7254", "142f94160c09be675fe3bf06a5fe84b3e023dce455322ec11cceee1511258921", "4d03acca31439bff32d232c6a18e94fa8472f36ca9ef567783269234f4bd9ac4", "9078c43f5035ac673c127949d8a3701259adf61d682cd0f77c2b8c353dfab463", "737e28a69d807f7498eacbeab45fc12d076823aaa5b5a6fe37d069e896d59caa", "85cdce0feb238fb93d2fa90e4e58ac1d590915dbc49e83bf0d749b7f4a1e726c", "3ac59633aa4d92f9c21862042bb1b15c39e4dd37082ee8b5bcbfedf778eb4ea8", "3d073fe21b27a7c2db7366704cd004e76148258864ca0b10d795316c32388cfa", "ddf5296ee0edec8fa1fd6bbd5d5403fdc23a56c47a58690ec71c13f1cc3ef602"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "modified-file-in-user-dir", "hashes": ["142f94160c09be675fe3bf06a5fe84b3e023dce455322ec11cceee1511258921", "4d03acca31439bff32d232c6a18e94fa8472f36ca9ef567783269234f4bd9ac4", "9078c43f5035ac673c127949d8a3701259adf61d682cd0f77c2b8c353dfab463", "36b8535bdefbea5c1cb74fcee2dda32b1456ac9df5e44aac0c107edf249693f6", "737e28a69d807f7498eacbeab45fc12d076823aaa5b5a6fe37d069e896d59caa", "85cdce0feb238fb93d2fa90e4e58ac1d590915dbc49e83bf0d749b7f4a1e726c", "3ac59633aa4d92f9c21862042bb1b15c39e4dd37082ee8b5bcbfedf778eb4ea8", "3d073fe21b27a7c2db7366704cd004e76148258864ca0b10d795316c32388cfa", "ddf5296ee0edec8fa1fd6bbd5d5403fdc23a56c47a58690ec71c13f1cc3ef602"], "mitre_attack_tags": []}, {"bi": "malware-darkcomet-mutex-detected", "hashes": ["142f94160c09be675fe3bf06a5fe84b3e023dce455322ec11cceee1511258921", "4d03acca31439bff32d232c6a18e94fa8472f36ca9ef567783269234f4bd9ac4", "9078c43f5035ac673c127949d8a3701259adf61d682cd0f77c2b8c353dfab463", "737e28a69d807f7498eacbeab45fc12d076823aaa5b5a6fe37d069e896d59caa", "85cdce0feb238fb93d2fa90e4e58ac1d590915dbc49e83bf0d749b7f4a1e726c", "3ac59633aa4d92f9c21862042bb1b15c39e4dd37082ee8b5bcbfedf778eb4ea8", "3d073fe21b27a7c2db7366704cd004e76148258864ca0b10d795316c32388cfa", "ddf5296ee0edec8fa1fd6bbd5d5403fdc23a56c47a58690ec71c13f1cc3ef602"], "mitre_attack_tags": []}, {"bi": "registry-activesetup-key-modified", "hashes": ["142f94160c09be675fe3bf06a5fe84b3e023dce455322ec11cceee1511258921", "4d03acca31439bff32d232c6a18e94fa8472f36ca9ef567783269234f4bd9ac4", "9078c43f5035ac673c127949d8a3701259adf61d682cd0f77c2b8c353dfab463", "737e28a69d807f7498eacbeab45fc12d076823aaa5b5a6fe37d069e896d59caa", "85cdce0feb238fb93d2fa90e4e58ac1d590915dbc49e83bf0d749b7f4a1e726c", "3ac59633aa4d92f9c21862042bb1b15c39e4dd37082ee8b5bcbfedf778eb4ea8", "3d073fe21b27a7c2db7366704cd004e76148258864ca0b10d795316c32388cfa", "ddf5296ee0edec8fa1fd6bbd5d5403fdc23a56c47a58690ec71c13f1cc3ef602"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "modified-file-in-system-dir", "hashes": ["69921e80a8e832e09f70910394061439b15041a3a5034c67d34569d6f68c7254", "142f94160c09be675fe3bf06a5fe84b3e023dce455322ec11cceee1511258921", "4d03acca31439bff32d232c6a18e94fa8472f36ca9ef567783269234f4bd9ac4", "9078c43f5035ac673c127949d8a3701259adf61d682cd0f77c2b8c353dfab463", "85cdce0feb238fb93d2fa90e4e58ac1d590915dbc49e83bf0d749b7f4a1e726c", "3ac59633aa4d92f9c21862042bb1b15c39e4dd37082ee8b5bcbfedf778eb4ea8", "ddf5296ee0edec8fa1fd6bbd5d5403fdc23a56c47a58690ec71c13f1cc3ef602"], "mitre_attack_tags": []}, {"bi": "network-dns-safe-categories", "hashes": ["69921e80a8e832e09f70910394061439b15041a3a5034c67d34569d6f68c7254", "142f94160c09be675fe3bf06a5fe84b3e023dce455322ec11cceee1511258921", "4d03acca31439bff32d232c6a18e94fa8472f36ca9ef567783269234f4bd9ac4", "9078c43f5035ac673c127949d8a3701259adf61d682cd0f77c2b8c353dfab463", "737e28a69d807f7498eacbeab45fc12d076823aaa5b5a6fe37d069e896d59caa", "85cdce0feb238fb93d2fa90e4e58ac1d590915dbc49e83bf0d749b7f4a1e726c", "3d073fe21b27a7c2db7366704cd004e76148258864ca0b10d795316c32388cfa"], "mitre_attack_tags": []}, {"bi": "enumeration-vpn-program-information", "hashes": ["142f94160c09be675fe3bf06a5fe84b3e023dce455322ec11cceee1511258921", "4d03acca31439bff32d232c6a18e94fa8472f36ca9ef567783269234f4bd9ac4", "9078c43f5035ac673c127949d8a3701259adf61d682cd0f77c2b8c353dfab463", "737e28a69d807f7498eacbeab45fc12d076823aaa5b5a6fe37d069e896d59caa", "85cdce0feb238fb93d2fa90e4e58ac1d590915dbc49e83bf0d749b7f4a1e726c", "3ac59633aa4d92f9c21862042bb1b15c39e4dd37082ee8b5bcbfedf778eb4ea8", "3d073fe21b27a7c2db7366704cd004e76148258864ca0b10d795316c32388cfa"], "mitre_attack_tags": ["TA0007", "TA0009", "TA0006", "T1083", "T1005", "T1119", "T1552", "T1555"]}, {"bi": "network-fast-flux-nameserver", "hashes": ["142f94160c09be675fe3bf06a5fe84b3e023dce455322ec11cceee1511258921", "4d03acca31439bff32d232c6a18e94fa8472f36ca9ef567783269234f4bd9ac4", "9078c43f5035ac673c127949d8a3701259adf61d682cd0f77c2b8c353dfab463", "737e28a69d807f7498eacbeab45fc12d076823aaa5b5a6fe37d069e896d59caa", "85cdce0feb238fb93d2fa90e4e58ac1d590915dbc49e83bf0d749b7f4a1e726c", "3d073fe21b27a7c2db7366704cd004e76148258864ca0b10d795316c32388cfa"], "mitre_attack_tags": []}, {"bi": "dns-dynamic-domain", "hashes": ["69921e80a8e832e09f70910394061439b15041a3a5034c67d34569d6f68c7254", "142f94160c09be675fe3bf06a5fe84b3e023dce455322ec11cceee1511258921", "85cdce0feb238fb93d2fa90e4e58ac1d590915dbc49e83bf0d749b7f4a1e726c", "3ac59633aa4d92f9c21862042bb1b15c39e4dd37082ee8b5bcbfedf778eb4ea8", "ddf5296ee0edec8fa1fd6bbd5d5403fdc23a56c47a58690ec71c13f1cc3ef602"], "mitre_attack_tags": ["TA0011", "T1568"]}, {"bi": "process-explorer-suspicious-launch", "hashes": ["142f94160c09be675fe3bf06a5fe84b3e023dce455322ec11cceee1511258921", "4d03acca31439bff32d232c6a18e94fa8472f36ca9ef567783269234f4bd9ac4", "9078c43f5035ac673c127949d8a3701259adf61d682cd0f77c2b8c353dfab463", "85cdce0feb238fb93d2fa90e4e58ac1d590915dbc49e83bf0d749b7f4a1e726c", "3ac59633aa4d92f9c21862042bb1b15c39e4dd37082ee8b5bcbfedf778eb4ea8"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "process-requested-softice", "hashes": ["4d03acca31439bff32d232c6a18e94fa8472f36ca9ef567783269234f4bd9ac4", "9078c43f5035ac673c127949d8a3701259adf61d682cd0f77c2b8c353dfab463", "737e28a69d807f7498eacbeab45fc12d076823aaa5b5a6fe37d069e896d59caa", "3ac59633aa4d92f9c21862042bb1b15c39e4dd37082ee8b5bcbfedf778eb4ea8", "3d073fe21b27a7c2db7366704cd004e76148258864ca0b10d795316c32388cfa"], "mitre_attack_tags": ["TA0005", "TA0007", "T1497"]}, {"bi": "network-dns-category-dynamic", "hashes": ["4d03acca31439bff32d232c6a18e94fa8472f36ca9ef567783269234f4bd9ac4", "9078c43f5035ac673c127949d8a3701259adf61d682cd0f77c2b8c353dfab463", "737e28a69d807f7498eacbeab45fc12d076823aaa5b5a6fe37d069e896d59caa", "3d073fe21b27a7c2db7366704cd004e76148258864ca0b10d795316c32388cfa"], "mitre_attack_tags": []}, {"bi": "netbios-query", "hashes": ["142f94160c09be675fe3bf06a5fe84b3e023dce455322ec11cceee1511258921", "85cdce0feb238fb93d2fa90e4e58ac1d590915dbc49e83bf0d749b7f4a1e726c", "3ac59633aa4d92f9c21862042bb1b15c39e4dd37082ee8b5bcbfedf778eb4ea8"], "mitre_attack_tags": ["TA0007", "T1016"]}, {"bi": "registry-autorun-key-system-dir", "hashes": ["69921e80a8e832e09f70910394061439b15041a3a5034c67d34569d6f68c7254", "9078c43f5035ac673c127949d8a3701259adf61d682cd0f77c2b8c353dfab463"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "deleted-submitted-file", "hashes": ["142f94160c09be675fe3bf06a5fe84b3e023dce455322ec11cceee1511258921", "85cdce0feb238fb93d2fa90e4e58ac1d590915dbc49e83bf0d749b7f4a1e726c"], "mitre_attack_tags": ["TA0005"]}, {"bi": "feed-domain-rat", "hashes": ["3ac59633aa4d92f9c21862042bb1b15c39e4dd37082ee8b5bcbfedf778eb4ea8", "ddf5296ee0edec8fa1fd6bbd5d5403fdc23a56c47a58690ec71c13f1cc3ef602"], "mitre_attack_tags": []}, {"bi": "feed-domain-antivirus-service", "hashes": ["3ac59633aa4d92f9c21862042bb1b15c39e4dd37082ee8b5bcbfedf778eb4ea8", "ddf5296ee0edec8fa1fd6bbd5d5403fdc23a56c47a58690ec71c13f1cc3ef602"], "mitre_attack_tags": []}, {"bi": "antivirus-flagged-artifact", "hashes": ["69921e80a8e832e09f70910394061439b15041a3a5034c67d34569d6f68c7254"], "mitre_attack_tags": []}, {"bi": "hook-installed", "hashes": ["69921e80a8e832e09f70910394061439b15041a3a5034c67d34569d6f68c7254"], "mitre_attack_tags": ["TA0009", "TA0006", "T1056"]}, {"bi": "malware-known-trojan-av", "hashes": ["69921e80a8e832e09f70910394061439b15041a3a5034c67d34569d6f68c7254"], "mitre_attack_tags": []}, {"bi": "registry-disablesuac", "hashes": ["69921e80a8e832e09f70910394061439b15041a3a5034c67d34569d6f68c7254"], "mitre_attack_tags": ["TA0005", "TA0004", "T1548", "T1562"]}, {"bi": "pe-header-timestamp-prior", "hashes": ["69921e80a8e832e09f70910394061439b15041a3a5034c67d34569d6f68c7254"], "mitre_attack_tags": []}, {"bi": "pe-section-shared", "hashes": ["69921e80a8e832e09f70910394061439b15041a3a5034c67d34569d6f68c7254"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "embedded-pe-resource2", "hashes": ["69921e80a8e832e09f70910394061439b15041a3a5034c67d34569d6f68c7254"], "mitre_attack_tags": []}, {"bi": "malware-turkojan-mutex-detected", "hashes": ["69921e80a8e832e09f70910394061439b15041a3a5034c67d34569d6f68c7254"], "mitre_attack_tags": []}, {"bi": "dns-query-nxdomain", "hashes": ["3ac59633aa4d92f9c21862042bb1b15c39e4dd37082ee8b5bcbfedf778eb4ea8"], "mitre_attack_tags": []}, {"bi": "malware-bifrost-default-mutex-detected", "hashes": ["ee6ddc525cea2008b299981528f4b73962cc98e09362fae560ed77ed490e6186"], "mitre_attack_tags": []}, {"bi": "created-executable-in-user-dir", "hashes": ["ddf5296ee0edec8fa1fd6bbd5d5403fdc23a56c47a58690ec71c13f1cc3ef602"], "mitre_attack_tags": []}, {"bi": "network-only-safe-domains-contacted", "hashes": ["ddf5296ee0edec8fa1fd6bbd5d5403fdc23a56c47a58690ec71c13f1cc3ef602"], "mitre_attack_tags": []}, {"bi": "deleted-executable-in-system-dir", "hashes": ["ddf5296ee0edec8fa1fd6bbd5d5403fdc23a56c47a58690ec71c13f1cc3ef602"], "mitre_attack_tags": []}, {"bi": "registry-autorun-key-data-dir", "hashes": ["ddf5296ee0edec8fa1fd6bbd5d5403fdc23a56c47a58690ec71c13f1cc3ef602"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "malware-cybergate-rat", "hashes": ["ddf5296ee0edec8fa1fd6bbd5d5403fdc23a56c47a58690ec71c13f1cc3ef602"], "mitre_attack_tags": []}], "category": "Trojan", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": true, "Threat Grid": true, "Umbrella": false, "WSA": false}, "description": "DarkComet and related variants are a family of remote access trojans designed to provide an attacker with control over an infected system. Capabilities of this malware include the ability to download files from a user's machine, mechanisms for persistence and hiding, and the ability to send back usernames and passwords from the infected system.", "hashes": ["142f94160c09be675fe3bf06a5fe84b3e023dce455322ec11cceee1511258921", "36b8535bdefbea5c1cb74fcee2dda32b1456ac9df5e44aac0c107edf249693f6", "3ac59633aa4d92f9c21862042bb1b15c39e4dd37082ee8b5bcbfedf778eb4ea8", "3d073fe21b27a7c2db7366704cd004e76148258864ca0b10d795316c32388cfa", "4d03acca31439bff32d232c6a18e94fa8472f36ca9ef567783269234f4bd9ac4", "69921e80a8e832e09f70910394061439b15041a3a5034c67d34569d6f68c7254", "737e28a69d807f7498eacbeab45fc12d076823aaa5b5a6fe37d069e896d59caa", "842ea6781e660a24d0cb03a1dee05244214f2f05f5f301f7f4d3f2dda2679f20", "85cdce0feb238fb93d2fa90e4e58ac1d590915dbc49e83bf0d749b7f4a1e726c", "9078c43f5035ac673c127949d8a3701259adf61d682cd0f77c2b8c353dfab463", "ddf5296ee0edec8fa1fd6bbd5d5403fdc23a56c47a58690ec71c13f1cc3ef602", "ee6ddc525cea2008b299981528f4b73962cc98e09362fae560ed77ed490e6186"], "iocs": {"domain": [{"hashes": ["3d073fe21b27a7c2db7366704cd004e76148258864ca0b10d795316c32388cfa", "737e28a69d807f7498eacbeab45fc12d076823aaa5b5a6fe37d069e896d59caa"], "host": "rogerioskynet[.]no-ip[.]biz"}, {"hashes": ["142f94160c09be675fe3bf06a5fe84b3e023dce455322ec11cceee1511258921", "85cdce0feb238fb93d2fa90e4e58ac1d590915dbc49e83bf0d749b7f4a1e726c"], "host": "hasn[.]no-ip[.]org"}, {"hashes": ["3ac59633aa4d92f9c21862042bb1b15c39e4dd37082ee8b5bcbfedf778eb4ea8"], "host": "ncn[.]dyndns[.]tv"}, {"hashes": ["4d03acca31439bff32d232c6a18e94fa8472f36ca9ef567783269234f4bd9ac4"], "host": "vacinaparaloucos[.]no-ip[.]biz"}, {"hashes": ["69921e80a8e832e09f70910394061439b15041a3a5034c67d34569d6f68c7254"], "host": "tomjose[.]zapto[.]org"}, {"hashes": ["9078c43f5035ac673c127949d8a3701259adf61d682cd0f77c2b8c353dfab463"], "host": "abello1[.]no-ip[.]biz"}, {"hashes": ["ddf5296ee0edec8fa1fd6bbd5d5403fdc23a56c47a58690ec71c13f1cc3ef602"], "host": "dx1-system[.]no-ip[.]org"}], "file": [{"hashes": ["142f94160c09be675fe3bf06a5fe84b3e023dce455322ec11cceee1511258921", "3ac59633aa4d92f9c21862042bb1b15c39e4dd37082ee8b5bcbfedf778eb4ea8", "3d073fe21b27a7c2db7366704cd004e76148258864ca0b10d795316c32388cfa", "4d03acca31439bff32d232c6a18e94fa8472f36ca9ef567783269234f4bd9ac4", "737e28a69d807f7498eacbeab45fc12d076823aaa5b5a6fe37d069e896d59caa", "85cdce0feb238fb93d2fa90e4e58ac1d590915dbc49e83bf0d749b7f4a1e726c", "9078c43f5035ac673c127949d8a3701259adf61d682cd0f77c2b8c353dfab463", "ddf5296ee0edec8fa1fd6bbd5d5403fdc23a56c47a58690ec71c13f1cc3ef602"], "path": "%TEMP%\\XX--XX--XX.txt"}, {"hashes": ["142f94160c09be675fe3bf06a5fe84b3e023dce455322ec11cceee1511258921", "3ac59633aa4d92f9c21862042bb1b15c39e4dd37082ee8b5bcbfedf778eb4ea8", "3d073fe21b27a7c2db7366704cd004e76148258864ca0b10d795316c32388cfa", "4d03acca31439bff32d232c6a18e94fa8472f36ca9ef567783269234f4bd9ac4", "737e28a69d807f7498eacbeab45fc12d076823aaa5b5a6fe37d069e896d59caa", "85cdce0feb238fb93d2fa90e4e58ac1d590915dbc49e83bf0d749b7f4a1e726c", "9078c43f5035ac673c127949d8a3701259adf61d682cd0f77c2b8c353dfab463", "ddf5296ee0edec8fa1fd6bbd5d5403fdc23a56c47a58690ec71c13f1cc3ef602"], "path": "%TEMP%\\UuU.uUu"}, {"hashes": ["142f94160c09be675fe3bf06a5fe84b3e023dce455322ec11cceee1511258921", "3ac59633aa4d92f9c21862042bb1b15c39e4dd37082ee8b5bcbfedf778eb4ea8", "3d073fe21b27a7c2db7366704cd004e76148258864ca0b10d795316c32388cfa", "4d03acca31439bff32d232c6a18e94fa8472f36ca9ef567783269234f4bd9ac4", "737e28a69d807f7498eacbeab45fc12d076823aaa5b5a6fe37d069e896d59caa", "85cdce0feb238fb93d2fa90e4e58ac1d590915dbc49e83bf0d749b7f4a1e726c", "9078c43f5035ac673c127949d8a3701259adf61d682cd0f77c2b8c353dfab463", "ddf5296ee0edec8fa1fd6bbd5d5403fdc23a56c47a58690ec71c13f1cc3ef602"], "path": "%TEMP%\\XxX.xXx"}, {"hashes": ["142f94160c09be675fe3bf06a5fe84b3e023dce455322ec11cceee1511258921", "3ac59633aa4d92f9c21862042bb1b15c39e4dd37082ee8b5bcbfedf778eb4ea8", "3d073fe21b27a7c2db7366704cd004e76148258864ca0b10d795316c32388cfa", "4d03acca31439bff32d232c6a18e94fa8472f36ca9ef567783269234f4bd9ac4", "737e28a69d807f7498eacbeab45fc12d076823aaa5b5a6fe37d069e896d59caa", "85cdce0feb238fb93d2fa90e4e58ac1d590915dbc49e83bf0d749b7f4a1e726c", "9078c43f5035ac673c127949d8a3701259adf61d682cd0f77c2b8c353dfab463", "ddf5296ee0edec8fa1fd6bbd5d5403fdc23a56c47a58690ec71c13f1cc3ef602"], "path": "%APPDATA%\\logs.dat"}, {"hashes": ["3d073fe21b27a7c2db7366704cd004e76148258864ca0b10d795316c32388cfa", "737e28a69d807f7498eacbeab45fc12d076823aaa5b5a6fe37d069e896d59caa"], "path": "\\dir"}, {"hashes": ["3d073fe21b27a7c2db7366704cd004e76148258864ca0b10d795316c32388cfa", "737e28a69d807f7498eacbeab45fc12d076823aaa5b5a6fe37d069e896d59caa"], "path": "\\dir\\install"}, {"hashes": ["3d073fe21b27a7c2db7366704cd004e76148258864ca0b10d795316c32388cfa", "737e28a69d807f7498eacbeab45fc12d076823aaa5b5a6fe37d069e896d59caa"], "path": "\\dir\\install\\install"}, {"hashes": ["4d03acca31439bff32d232c6a18e94fa8472f36ca9ef567783269234f4bd9ac4", "ddf5296ee0edec8fa1fd6bbd5d5403fdc23a56c47a58690ec71c13f1cc3ef602"], "path": "%SystemRoot%\\SysWOW64\\install"}, {"hashes": ["4d03acca31439bff32d232c6a18e94fa8472f36ca9ef567783269234f4bd9ac4", "ddf5296ee0edec8fa1fd6bbd5d5403fdc23a56c47a58690ec71c13f1cc3ef602"], "path": "%SystemRoot%\\SysWOW64\\install\\server.exe"}, {"hashes": ["142f94160c09be675fe3bf06a5fe84b3e023dce455322ec11cceee1511258921", "85cdce0feb238fb93d2fa90e4e58ac1d590915dbc49e83bf0d749b7f4a1e726c"], "path": "%SystemRoot%\\SysWOW64\\system32"}, {"hashes": ["142f94160c09be675fe3bf06a5fe84b3e023dce455322ec11cceee1511258921", "85cdce0feb238fb93d2fa90e4e58ac1d590915dbc49e83bf0d749b7f4a1e726c"], "path": "%SystemRoot%\\SysWOW64\\system32\\system32.exe"}, {"hashes": ["3d073fe21b27a7c2db7366704cd004e76148258864ca0b10d795316c32388cfa", "737e28a69d807f7498eacbeab45fc12d076823aaa5b5a6fe37d069e896d59caa"], "path": "\\dir\\install\\install\\windows.exe"}, {"hashes": ["36b8535bdefbea5c1cb74fcee2dda32b1456ac9df5e44aac0c107edf249693f6"], "path": "%APPDATA%\\addons.dat"}, {"hashes": ["69921e80a8e832e09f70910394061439b15041a3a5034c67d34569d6f68c7254"], "path": "%SystemRoot%\\mstwain32.exe"}, {"hashes": ["69921e80a8e832e09f70910394061439b15041a3a5034c67d34569d6f68c7254"], "path": "%SystemRoot%\\cmsetac.dll"}, {"hashes": ["69921e80a8e832e09f70910394061439b15041a3a5034c67d34569d6f68c7254"], "path": "%SystemRoot%\\ntdtcstp.dll"}, {"hashes": ["ddf5296ee0edec8fa1fd6bbd5d5403fdc23a56c47a58690ec71c13f1cc3ef602"], "path": "%APPDATA%\\install"}, {"hashes": ["9078c43f5035ac673c127949d8a3701259adf61d682cd0f77c2b8c353dfab463"], "path": "%SystemRoot%\\win32"}, {"hashes": ["ddf5296ee0edec8fa1fd6bbd5d5403fdc23a56c47a58690ec71c13f1cc3ef602"], "path": "%APPDATA%\\install\\server.exe"}, {"hashes": ["9078c43f5035ac673c127949d8a3701259adf61d682cd0f77c2b8c353dfab463"], "path": "%SystemRoot%\\win32\\server.exe"}, {"hashes": ["3ac59633aa4d92f9c21862042bb1b15c39e4dd37082ee8b5bcbfedf778eb4ea8"], "path": "%SystemRoot%\\SysWOW64\\Installer"}, {"hashes": ["3ac59633aa4d92f9c21862042bb1b15c39e4dd37082ee8b5bcbfedf778eb4ea8"], "path": "%SystemRoot%\\SysWOW64\\Installer\\taskmgr.exe"}], "ip": [{"hashes": ["ddf5296ee0edec8fa1fd6bbd5d5403fdc23a56c47a58690ec71c13f1cc3ef602"], "ip": "204[.]95[.]99[.]142"}], "mutex": [{"hashes": ["142f94160c09be675fe3bf06a5fe84b3e023dce455322ec11cceee1511258921", "3ac59633aa4d92f9c21862042bb1b15c39e4dd37082ee8b5bcbfedf778eb4ea8", "3d073fe21b27a7c2db7366704cd004e76148258864ca0b10d795316c32388cfa", "4d03acca31439bff32d232c6a18e94fa8472f36ca9ef567783269234f4bd9ac4", "737e28a69d807f7498eacbeab45fc12d076823aaa5b5a6fe37d069e896d59caa", "85cdce0feb238fb93d2fa90e4e58ac1d590915dbc49e83bf0d749b7f4a1e726c", "9078c43f5035ac673c127949d8a3701259adf61d682cd0f77c2b8c353dfab463", "ddf5296ee0edec8fa1fd6bbd5d5403fdc23a56c47a58690ec71c13f1cc3ef602"], "name": "_x_X_BLOCKMOUSE_X_x_"}, {"hashes": ["142f94160c09be675fe3bf06a5fe84b3e023dce455322ec11cceee1511258921", "3ac59633aa4d92f9c21862042bb1b15c39e4dd37082ee8b5bcbfedf778eb4ea8", "3d073fe21b27a7c2db7366704cd004e76148258864ca0b10d795316c32388cfa", "4d03acca31439bff32d232c6a18e94fa8472f36ca9ef567783269234f4bd9ac4", "737e28a69d807f7498eacbeab45fc12d076823aaa5b5a6fe37d069e896d59caa", "85cdce0feb238fb93d2fa90e4e58ac1d590915dbc49e83bf0d749b7f4a1e726c", "9078c43f5035ac673c127949d8a3701259adf61d682cd0f77c2b8c353dfab463", "ddf5296ee0edec8fa1fd6bbd5d5403fdc23a56c47a58690ec71c13f1cc3ef602"], "name": "_x_X_PASSWORDLIST_X_x_"}, {"hashes": ["142f94160c09be675fe3bf06a5fe84b3e023dce455322ec11cceee1511258921", "3ac59633aa4d92f9c21862042bb1b15c39e4dd37082ee8b5bcbfedf778eb4ea8", "3d073fe21b27a7c2db7366704cd004e76148258864ca0b10d795316c32388cfa", "4d03acca31439bff32d232c6a18e94fa8472f36ca9ef567783269234f4bd9ac4", "737e28a69d807f7498eacbeab45fc12d076823aaa5b5a6fe37d069e896d59caa", "85cdce0feb238fb93d2fa90e4e58ac1d590915dbc49e83bf0d749b7f4a1e726c", "9078c43f5035ac673c127949d8a3701259adf61d682cd0f77c2b8c353dfab463", "ddf5296ee0edec8fa1fd6bbd5d5403fdc23a56c47a58690ec71c13f1cc3ef602"], "name": "_x_X_UPDATE_X_x_"}, {"hashes": ["3ac59633aa4d92f9c21862042bb1b15c39e4dd37082ee8b5bcbfedf778eb4ea8", "3d073fe21b27a7c2db7366704cd004e76148258864ca0b10d795316c32388cfa", "4d03acca31439bff32d232c6a18e94fa8472f36ca9ef567783269234f4bd9ac4", "737e28a69d807f7498eacbeab45fc12d076823aaa5b5a6fe37d069e896d59caa"], "name": "***MUTEX***"}, {"hashes": ["3ac59633aa4d92f9c21862042bb1b15c39e4dd37082ee8b5bcbfedf778eb4ea8", "3d073fe21b27a7c2db7366704cd004e76148258864ca0b10d795316c32388cfa", "4d03acca31439bff32d232c6a18e94fa8472f36ca9ef567783269234f4bd9ac4", "737e28a69d807f7498eacbeab45fc12d076823aaa5b5a6fe37d069e896d59caa"], "name": "***MUTEX***_SAIR"}, {"hashes": ["3ac59633aa4d92f9c21862042bb1b15c39e4dd37082ee8b5bcbfedf778eb4ea8", "4d03acca31439bff32d232c6a18e94fa8472f36ca9ef567783269234f4bd9ac4"], "name": "***MUTEX***_PERSIST"}, {"hashes": ["142f94160c09be675fe3bf06a5fe84b3e023dce455322ec11cceee1511258921", "85cdce0feb238fb93d2fa90e4e58ac1d590915dbc49e83bf0d749b7f4a1e726c"], "name": "***SpyChuck***"}, {"hashes": ["142f94160c09be675fe3bf06a5fe84b3e023dce455322ec11cceee1511258921", "85cdce0feb238fb93d2fa90e4e58ac1d590915dbc49e83bf0d749b7f4a1e726c"], "name": "***SpyChuck***_PERSIST"}, {"hashes": ["142f94160c09be675fe3bf06a5fe84b3e023dce455322ec11cceee1511258921", "85cdce0feb238fb93d2fa90e4e58ac1d590915dbc49e83bf0d749b7f4a1e726c"], "name": "***SpyChuck***_SAIR"}, {"hashes": ["69921e80a8e832e09f70910394061439b15041a3a5034c67d34569d6f68c7254"], "name": "ASPLOG"}, {"hashes": ["69921e80a8e832e09f70910394061439b15041a3a5034c67d34569d6f68c7254"], "name": "DENEK"}, {"hashes": ["ee6ddc525cea2008b299981528f4b73962cc98e09362fae560ed77ed490e6186"], "name": "Bif123"}, {"hashes": ["ddf5296ee0edec8fa1fd6bbd5d5403fdc23a56c47a58690ec71c13f1cc3ef602"], "name": "CyberGate1"}, {"hashes": ["9078c43f5035ac673c127949d8a3701259adf61d682cd0f77c2b8c353dfab463"], "name": "646sdf456sd4af564fsdfsd"}, {"hashes": ["9078c43f5035ac673c127949d8a3701259adf61d682cd0f77c2b8c353dfab463"], "name": "646sdf456sd4af564fsdfsd_PERSIST"}, {"hashes": ["9078c43f5035ac673c127949d8a3701259adf61d682cd0f77c2b8c353dfab463"], "name": "646sdf456sd4af564fsdfsd_SAIR"}], "registry": [{"hashes": ["142f94160c09be675fe3bf06a5fe84b3e023dce455322ec11cceee1511258921", "3ac59633aa4d92f9c21862042bb1b15c39e4dd37082ee8b5bcbfedf778eb4ea8", "3d073fe21b27a7c2db7366704cd004e76148258864ca0b10d795316c32388cfa", "4d03acca31439bff32d232c6a18e94fa8472f36ca9ef567783269234f4bd9ac4", "737e28a69d807f7498eacbeab45fc12d076823aaa5b5a6fe37d069e896d59caa", "85cdce0feb238fb93d2fa90e4e58ac1d590915dbc49e83bf0d749b7f4a1e726c", "9078c43f5035ac673c127949d8a3701259adf61d682cd0f77c2b8c353dfab463", "ddf5296ee0edec8fa1fd6bbd5d5403fdc23a56c47a58690ec71c13f1cc3ef602"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\EXPLORER\\RUN", "value_name": null}, {"hashes": ["142f94160c09be675fe3bf06a5fe84b3e023dce455322ec11cceee1511258921", "3ac59633aa4d92f9c21862042bb1b15c39e4dd37082ee8b5bcbfedf778eb4ea8", "3d073fe21b27a7c2db7366704cd004e76148258864ca0b10d795316c32388cfa", "4d03acca31439bff32d232c6a18e94fa8472f36ca9ef567783269234f4bd9ac4", "737e28a69d807f7498eacbeab45fc12d076823aaa5b5a6fe37d069e896d59caa", "85cdce0feb238fb93d2fa90e4e58ac1d590915dbc49e83bf0d749b7f4a1e726c", "9078c43f5035ac673c127949d8a3701259adf61d682cd0f77c2b8c353dfab463", "ddf5296ee0edec8fa1fd6bbd5d5403fdc23a56c47a58690ec71c13f1cc3ef602"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\EXPLORER\\RUN", "value_name": null}, {"hashes": ["3ac59633aa4d92f9c21862042bb1b15c39e4dd37082ee8b5bcbfedf778eb4ea8", "3d073fe21b27a7c2db7366704cd004e76148258864ca0b10d795316c32388cfa", "4d03acca31439bff32d232c6a18e94fa8472f36ca9ef567783269234f4bd9ac4", "737e28a69d807f7498eacbeab45fc12d076823aaa5b5a6fe37d069e896d59caa", "9078c43f5035ac673c127949d8a3701259adf61d682cd0f77c2b8c353dfab463", "ddf5296ee0edec8fa1fd6bbd5d5403fdc23a56c47a58690ec71c13f1cc3ef602"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\EXPLORER\\RUN", "value_name": "Policies"}, {"hashes": ["3ac59633aa4d92f9c21862042bb1b15c39e4dd37082ee8b5bcbfedf778eb4ea8", "3d073fe21b27a7c2db7366704cd004e76148258864ca0b10d795316c32388cfa", "4d03acca31439bff32d232c6a18e94fa8472f36ca9ef567783269234f4bd9ac4", "737e28a69d807f7498eacbeab45fc12d076823aaa5b5a6fe37d069e896d59caa", "9078c43f5035ac673c127949d8a3701259adf61d682cd0f77c2b8c353dfab463", "ddf5296ee0edec8fa1fd6bbd5d5403fdc23a56c47a58690ec71c13f1cc3ef602"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\EXPLORER\\RUN", "value_name": "Policies"}, {"hashes": ["3d073fe21b27a7c2db7366704cd004e76148258864ca0b10d795316c32388cfa", "4d03acca31439bff32d232c6a18e94fa8472f36ca9ef567783269234f4bd9ac4", "737e28a69d807f7498eacbeab45fc12d076823aaa5b5a6fe37d069e896d59caa"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\ACTIVE SETUP\\INSTALLED COMPONENTS\\{08B0E5JF-4FCB-11CF-AAA5-00401C6XX500}", "value_name": null}, {"hashes": ["3ac59633aa4d92f9c21862042bb1b15c39e4dd37082ee8b5bcbfedf778eb4ea8", "4d03acca31439bff32d232c6a18e94fa8472f36ca9ef567783269234f4bd9ac4", "9078c43f5035ac673c127949d8a3701259adf61d682cd0f77c2b8c353dfab463"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "HKLM"}, {"hashes": ["3ac59633aa4d92f9c21862042bb1b15c39e4dd37082ee8b5bcbfedf778eb4ea8", "4d03acca31439bff32d232c6a18e94fa8472f36ca9ef567783269234f4bd9ac4", "9078c43f5035ac673c127949d8a3701259adf61d682cd0f77c2b8c353dfab463"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "HKCU"}, {"hashes": ["3d073fe21b27a7c2db7366704cd004e76148258864ca0b10d795316c32388cfa", "4d03acca31439bff32d232c6a18e94fa8472f36ca9ef567783269234f4bd9ac4", "737e28a69d807f7498eacbeab45fc12d076823aaa5b5a6fe37d069e896d59caa"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\ACTIVE SETUP\\INSTALLED COMPONENTS\\{08B0E5JF-4FCB-11CF-AAA5-00401C6XX500}", "value_name": "StubPath"}, {"hashes": ["142f94160c09be675fe3bf06a5fe84b3e023dce455322ec11cceee1511258921", "85cdce0feb238fb93d2fa90e4e58ac1d590915dbc49e83bf0d749b7f4a1e726c"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\EXPLORER\\TASKBAND", "value_name": "FavoritesRemovedChanges"}, {"hashes": ["142f94160c09be675fe3bf06a5fe84b3e023dce455322ec11cceee1511258921", "85cdce0feb238fb93d2fa90e4e58ac1d590915dbc49e83bf0d749b7f4a1e726c"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\ACTIVE SETUP\\INSTALLED COMPONENTS\\{133O0260-G62R-WKV6-48OL-PO08NOG6SK71}", "value_name": null}, {"hashes": ["142f94160c09be675fe3bf06a5fe84b3e023dce455322ec11cceee1511258921", "85cdce0feb238fb93d2fa90e4e58ac1d590915dbc49e83bf0d749b7f4a1e726c"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\EXPLORER\\RUN", "value_name": "explorer"}, {"hashes": ["142f94160c09be675fe3bf06a5fe84b3e023dce455322ec11cceee1511258921", "85cdce0feb238fb93d2fa90e4e58ac1d590915dbc49e83bf0d749b7f4a1e726c"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\EXPLORER\\RUN", "value_name": "explorer"}, {"hashes": ["142f94160c09be675fe3bf06a5fe84b3e023dce455322ec11cceee1511258921", "85cdce0feb238fb93d2fa90e4e58ac1d590915dbc49e83bf0d749b7f4a1e726c"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\ACTIVE SETUP\\INSTALLED COMPONENTS\\{133O0260-G62R-WKV6-48OL-PO08NOG6SK71}", "value_name": "StubPath"}, {"hashes": ["142f94160c09be675fe3bf06a5fe84b3e023dce455322ec11cceee1511258921", "85cdce0feb238fb93d2fa90e4e58ac1d590915dbc49e83bf0d749b7f4a1e726c"], "key": "<HKCU>\\SOFTWARE\\HIDDENVICTIM", "value_name": null}, {"hashes": ["142f94160c09be675fe3bf06a5fe84b3e023dce455322ec11cceee1511258921", "85cdce0feb238fb93d2fa90e4e58ac1d590915dbc49e83bf0d749b7f4a1e726c"], "key": "<HKCU>\\SOFTWARE\\HIDDENVICTIM", "value_name": "FirstExecution"}, {"hashes": ["142f94160c09be675fe3bf06a5fe84b3e023dce455322ec11cceee1511258921", "85cdce0feb238fb93d2fa90e4e58ac1d590915dbc49e83bf0d749b7f4a1e726c"], "key": "<HKCU>\\SOFTWARE\\HIDDENVICTIM", "value_name": "NewIdentification"}, {"hashes": ["69921e80a8e832e09f70910394061439b15041a3a5034c67d34569d6f68c7254"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\SYSTEM", "value_name": "EnableLUA"}, {"hashes": ["69921e80a8e832e09f70910394061439b15041a3a5034c67d34569d6f68c7254"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "mstwain32"}, {"hashes": ["3ac59633aa4d92f9c21862042bb1b15c39e4dd37082ee8b5bcbfedf778eb4ea8"], "key": "<HKCU>\\SOFTWARE\\SERVER", "value_name": "NewIdentification"}, {"hashes": ["69921e80a8e832e09f70910394061439b15041a3a5034c67d34569d6f68c7254"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\VSS\\DIAG\\VSSAPIPUBLISHER", "value_name": null}, {"hashes": ["3ac59633aa4d92f9c21862042bb1b15c39e4dd37082ee8b5bcbfedf778eb4ea8"], "key": "<HKCU>\\SOFTWARE\\SERVER", "value_name": null}, {"hashes": ["ddf5296ee0edec8fa1fd6bbd5d5403fdc23a56c47a58690ec71c13f1cc3ef602"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\ACTIVE SETUP\\INSTALLED COMPONENTS\\{CG08B0E5JF-4FCB-11CF-AAA5-00401C6XX500}", "value_name": null}, {"hashes": ["ddf5296ee0edec8fa1fd6bbd5d5403fdc23a56c47a58690ec71c13f1cc3ef602"], "key": "<HKCU>\\SOFTWARE\\HACKED", "value_name": null}, {"hashes": ["ddf5296ee0edec8fa1fd6bbd5d5403fdc23a56c47a58690ec71c13f1cc3ef602"], "key": "<HKCU>\\SOFTWARE\\HACKED", "value_name": "NewIdentification"}, {"hashes": ["ddf5296ee0edec8fa1fd6bbd5d5403fdc23a56c47a58690ec71c13f1cc3ef602"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\ACTIVE SETUP\\INSTALLED COMPONENTS\\{CG08B0E5JF-4FCB-11CF-AAA5-00401C6XX500}", "value_name": "StubPath"}, {"hashes": ["3ac59633aa4d92f9c21862042bb1b15c39e4dd37082ee8b5bcbfedf778eb4ea8"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\ACTIVE SETUP\\INSTALLED COMPONENTS\\{C0M187M3-Q7CS-B438-J005-5W355T6K602G}", "value_name": null}, {"hashes": ["3ac59633aa4d92f9c21862042bb1b15c39e4dd37082ee8b5bcbfedf778eb4ea8"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\ACTIVE SETUP\\INSTALLED COMPONENTS\\{C0M187M3-Q7CS-B438-J005-5W355T6K602G}", "value_name": "StubPath"}, {"hashes": ["3ac59633aa4d92f9c21862042bb1b15c39e4dd37082ee8b5bcbfedf778eb4ea8"], "key": "<HKCU>\\SOFTWARE\\SERVER", "value_name": "FirstExecution"}, {"hashes": ["3d073fe21b27a7c2db7366704cd004e76148258864ca0b10d795316c32388cfa"], "key": "<HKCU>\\SOFTWARE\\BESTA", "value_name": null}, {"hashes": ["3d073fe21b27a7c2db7366704cd004e76148258864ca0b10d795316c32388cfa"], "key": "<HKCU>\\SOFTWARE\\BESTA", "value_name": "FirstExecution"}, {"hashes": ["3d073fe21b27a7c2db7366704cd004e76148258864ca0b10d795316c32388cfa"], "key": "<HKCU>\\SOFTWARE\\BESTA", "value_name": "NewIdentification"}, {"hashes": ["4d03acca31439bff32d232c6a18e94fa8472f36ca9ef567783269234f4bd9ac4"], "key": "<HKCU>\\SOFTWARE\\222222222", "value_name": null}, {"hashes": ["4d03acca31439bff32d232c6a18e94fa8472f36ca9ef567783269234f4bd9ac4"], "key": "<HKCU>\\SOFTWARE\\222222222", "value_name": "FirstExecution"}, {"hashes": ["4d03acca31439bff32d232c6a18e94fa8472f36ca9ef567783269234f4bd9ac4"], "key": "<HKCU>\\SOFTWARE\\222222222", "value_name": "NewIdentification"}, {"hashes": ["69921e80a8e832e09f70910394061439b15041a3a5034c67d34569d6f68c7254"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\VSS\\DIAG\\SPP", "value_name": "SppGetSnapshots (Enter)"}, {"hashes": ["69921e80a8e832e09f70910394061439b15041a3a5034c67d34569d6f68c7254"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\VSS\\DIAG\\SPP", "value_name": "SppGetSnapshots (Leave)"}, {"hashes": ["69921e80a8e832e09f70910394061439b15041a3a5034c67d34569d6f68c7254"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\VSS\\DIAG\\SPP", "value_name": "SppEnumGroups (Enter)"}, {"hashes": ["69921e80a8e832e09f70910394061439b15041a3a5034c67d34569d6f68c7254"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\VSS\\DIAG\\SPP", "value_name": "SppEnumGroups (Leave)"}, {"hashes": ["737e28a69d807f7498eacbeab45fc12d076823aaa5b5a6fe37d069e896d59caa"], "key": "<HKCU>\\SOFTWARE\\DO-VIDEO", "value_name": null}, {"hashes": ["737e28a69d807f7498eacbeab45fc12d076823aaa5b5a6fe37d069e896d59caa"], "key": "<HKCU>\\SOFTWARE\\DO-VIDEO", "value_name": "FirstExecution"}, {"hashes": ["737e28a69d807f7498eacbeab45fc12d076823aaa5b5a6fe37d069e896d59caa"], "key": "<HKCU>\\SOFTWARE\\DO-VIDEO", "value_name": "NewIdentification"}, {"hashes": ["9078c43f5035ac673c127949d8a3701259adf61d682cd0f77c2b8c353dfab463"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\ACTIVE SETUP\\INSTALLED COMPONENTS\\{HY5EG5Y3-10TM-8A17-B48J-2O0438S1OXQB}", "value_name": null}, {"hashes": ["9078c43f5035ac673c127949d8a3701259adf61d682cd0f77c2b8c353dfab463"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\ACTIVE SETUP\\INSTALLED COMPONENTS\\{HY5EG5Y3-10TM-8A17-B48J-2O0438S1OXQB}", "value_name": "StubPath"}, {"hashes": ["ddf5296ee0edec8fa1fd6bbd5d5403fdc23a56c47a58690ec71c13f1cc3ef602"], "key": "<HKCU>\\SOFTWARE\\HACKED", "value_name": "FirstExecution"}]}, "reports_count": 12}, "Win.Virus.Ramnit-9993699-0": {"bis": [{"bi": "pe-encrypted-section", "hashes": ["708f61e53aff6e67f8cb80e4267d4030ef0744dc5517a979d5ac4ca098a0c271", "76b0732dbca956b771375e08286e64791b5151951df75c3333d330c3fc64b5ad", "a30850408cd40360a1d146dd6523e3abe9eb077076f00030d6f4cb854144300e", "892e127dea47acb58bdcf6dcbba6d1c0825578e17eda71aeca70753ca1392d87", "748fadc2257b32a766624b33448b2c665f627ab4783e5364f8b6de9be6fb4595", "e1efa5a4e2d6e7b4dd1bb810b702de584a27cecadc6ee3d9c52bf602837536cd", "5d4fafce265952687dc0457c9371e608ad495dcf34f9197dd111814fc0c12f16", "d2ab5a17cb955c177a73f6dee869140bf30ae2c6211bf22e62d4bd3069f87fef", "cb06c7223d2180727a5367df89303aa6477ab7dab6c0fd8e8a1fe64da2eae4d3", "a9e66a3df0d91547902987d153025a1db11c40eb69ab34941ceba3e69edff825", "d73d7848785595c34dea1a57ddaf4c83bdcd17e1deae76750856454215e9e369", "250fde02ed82039d271893fb9c57c21566e1306885ffa0ab9ef1d76b8e637450", "4a3ea8cc597c3dc0f78ac61c7cb05cdf3b6f4fc583a041611eafa10ad48775e7", "246f6b0f79d75adae9cd20b4be32421c3876d8d5c190710647b0f8487fde16d6", "f6b24b4f953a12a464c11c8c6eea113c7da1d447ed9a9c39754d26bb1de15f6b", "e94a7c984848c929bafaba780216e6f83ea4e02641f7feecbf3e08792882e20d", "0edef9c023045ca327cbdc4afcb26a729e863a406ededeea620a5156161bd65b", "6025eb9ff332381ae1b18ce3fabe0604f01fe42b313ea8ac0525dd92f368330f", "4460c8d695928d9791c2c56caa4f4d7f4e89b2f5f79f6cfd3f4104513c7b0caf", "5bcdb4fef1ef0db979cc431233e8ee60df86ff9a58dccb130b6cb14deaf20165", "ff8f64ba99905d7afb1bc98ec5dc64611bb73d508c8f6c40c26e30d2a61306b1", "6f7100b0a2575c3f4c6830642168a8dd9dfc779c5adb58959958bad267e1d2c6", "5148c0ea49147b1ad5b61fdb21690b36a8df66cd887c5f7a5860593e9cd33da6", "e23251582f9c3bff3b9e08303b9715c004db7235ca09c6888fe7673acba251f7", "978ee0b56f6aa31b0f09a1558c9712d187910e7f88e6b1cccaf91c6353fc951b"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "memory-execute-readwrite", "hashes": ["708f61e53aff6e67f8cb80e4267d4030ef0744dc5517a979d5ac4ca098a0c271", "76b0732dbca956b771375e08286e64791b5151951df75c3333d330c3fc64b5ad", "a30850408cd40360a1d146dd6523e3abe9eb077076f00030d6f4cb854144300e", "892e127dea47acb58bdcf6dcbba6d1c0825578e17eda71aeca70753ca1392d87", "748fadc2257b32a766624b33448b2c665f627ab4783e5364f8b6de9be6fb4595", "e1efa5a4e2d6e7b4dd1bb810b702de584a27cecadc6ee3d9c52bf602837536cd", "5d4fafce265952687dc0457c9371e608ad495dcf34f9197dd111814fc0c12f16", "d2ab5a17cb955c177a73f6dee869140bf30ae2c6211bf22e62d4bd3069f87fef", "cb06c7223d2180727a5367df89303aa6477ab7dab6c0fd8e8a1fe64da2eae4d3", "a9e66a3df0d91547902987d153025a1db11c40eb69ab34941ceba3e69edff825", "d73d7848785595c34dea1a57ddaf4c83bdcd17e1deae76750856454215e9e369", "250fde02ed82039d271893fb9c57c21566e1306885ffa0ab9ef1d76b8e637450", "4a3ea8cc597c3dc0f78ac61c7cb05cdf3b6f4fc583a041611eafa10ad48775e7", "246f6b0f79d75adae9cd20b4be32421c3876d8d5c190710647b0f8487fde16d6", "f6b24b4f953a12a464c11c8c6eea113c7da1d447ed9a9c39754d26bb1de15f6b", "e94a7c984848c929bafaba780216e6f83ea4e02641f7feecbf3e08792882e20d", "0edef9c023045ca327cbdc4afcb26a729e863a406ededeea620a5156161bd65b", "6025eb9ff332381ae1b18ce3fabe0604f01fe42b313ea8ac0525dd92f368330f", "4460c8d695928d9791c2c56caa4f4d7f4e89b2f5f79f6cfd3f4104513c7b0caf", "5bcdb4fef1ef0db979cc431233e8ee60df86ff9a58dccb130b6cb14deaf20165", "ff8f64ba99905d7afb1bc98ec5dc64611bb73d508c8f6c40c26e30d2a61306b1", "6f7100b0a2575c3f4c6830642168a8dd9dfc779c5adb58959958bad267e1d2c6", "5148c0ea49147b1ad5b61fdb21690b36a8df66cd887c5f7a5860593e9cd33da6", "e23251582f9c3bff3b9e08303b9715c004db7235ca09c6888fe7673acba251f7", "978ee0b56f6aa31b0f09a1558c9712d187910e7f88e6b1cccaf91c6353fc951b"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "modified-executable", "hashes": ["708f61e53aff6e67f8cb80e4267d4030ef0744dc5517a979d5ac4ca098a0c271", "76b0732dbca956b771375e08286e64791b5151951df75c3333d330c3fc64b5ad", "a30850408cd40360a1d146dd6523e3abe9eb077076f00030d6f4cb854144300e", "892e127dea47acb58bdcf6dcbba6d1c0825578e17eda71aeca70753ca1392d87", "748fadc2257b32a766624b33448b2c665f627ab4783e5364f8b6de9be6fb4595", "e1efa5a4e2d6e7b4dd1bb810b702de584a27cecadc6ee3d9c52bf602837536cd", "5d4fafce265952687dc0457c9371e608ad495dcf34f9197dd111814fc0c12f16", "d2ab5a17cb955c177a73f6dee869140bf30ae2c6211bf22e62d4bd3069f87fef", "cb06c7223d2180727a5367df89303aa6477ab7dab6c0fd8e8a1fe64da2eae4d3", "a9e66a3df0d91547902987d153025a1db11c40eb69ab34941ceba3e69edff825", "d73d7848785595c34dea1a57ddaf4c83bdcd17e1deae76750856454215e9e369", "250fde02ed82039d271893fb9c57c21566e1306885ffa0ab9ef1d76b8e637450", "4a3ea8cc597c3dc0f78ac61c7cb05cdf3b6f4fc583a041611eafa10ad48775e7", "246f6b0f79d75adae9cd20b4be32421c3876d8d5c190710647b0f8487fde16d6", "f6b24b4f953a12a464c11c8c6eea113c7da1d447ed9a9c39754d26bb1de15f6b", "e94a7c984848c929bafaba780216e6f83ea4e02641f7feecbf3e08792882e20d", "0edef9c023045ca327cbdc4afcb26a729e863a406ededeea620a5156161bd65b", "6025eb9ff332381ae1b18ce3fabe0604f01fe42b313ea8ac0525dd92f368330f", "4460c8d695928d9791c2c56caa4f4d7f4e89b2f5f79f6cfd3f4104513c7b0caf", "5bcdb4fef1ef0db979cc431233e8ee60df86ff9a58dccb130b6cb14deaf20165", "ff8f64ba99905d7afb1bc98ec5dc64611bb73d508c8f6c40c26e30d2a61306b1", "6f7100b0a2575c3f4c6830642168a8dd9dfc779c5adb58959958bad267e1d2c6", "5148c0ea49147b1ad5b61fdb21690b36a8df66cd887c5f7a5860593e9cd33da6", "e23251582f9c3bff3b9e08303b9715c004db7235ca09c6888fe7673acba251f7", "978ee0b56f6aa31b0f09a1558c9712d187910e7f88e6b1cccaf91c6353fc951b"], "mitre_attack_tags": []}, {"bi": "created-executable-in-user-dir", "hashes": ["708f61e53aff6e67f8cb80e4267d4030ef0744dc5517a979d5ac4ca098a0c271", "76b0732dbca956b771375e08286e64791b5151951df75c3333d330c3fc64b5ad", "a30850408cd40360a1d146dd6523e3abe9eb077076f00030d6f4cb854144300e", "892e127dea47acb58bdcf6dcbba6d1c0825578e17eda71aeca70753ca1392d87", "748fadc2257b32a766624b33448b2c665f627ab4783e5364f8b6de9be6fb4595", "e1efa5a4e2d6e7b4dd1bb810b702de584a27cecadc6ee3d9c52bf602837536cd", "5d4fafce265952687dc0457c9371e608ad495dcf34f9197dd111814fc0c12f16", "d2ab5a17cb955c177a73f6dee869140bf30ae2c6211bf22e62d4bd3069f87fef", "cb06c7223d2180727a5367df89303aa6477ab7dab6c0fd8e8a1fe64da2eae4d3", "a9e66a3df0d91547902987d153025a1db11c40eb69ab34941ceba3e69edff825", "d73d7848785595c34dea1a57ddaf4c83bdcd17e1deae76750856454215e9e369", "250fde02ed82039d271893fb9c57c21566e1306885ffa0ab9ef1d76b8e637450", "4a3ea8cc597c3dc0f78ac61c7cb05cdf3b6f4fc583a041611eafa10ad48775e7", "246f6b0f79d75adae9cd20b4be32421c3876d8d5c190710647b0f8487fde16d6", "f6b24b4f953a12a464c11c8c6eea113c7da1d447ed9a9c39754d26bb1de15f6b", "e94a7c984848c929bafaba780216e6f83ea4e02641f7feecbf3e08792882e20d", "0edef9c023045ca327cbdc4afcb26a729e863a406ededeea620a5156161bd65b", "6025eb9ff332381ae1b18ce3fabe0604f01fe42b313ea8ac0525dd92f368330f", "4460c8d695928d9791c2c56caa4f4d7f4e89b2f5f79f6cfd3f4104513c7b0caf", "5bcdb4fef1ef0db979cc431233e8ee60df86ff9a58dccb130b6cb14deaf20165", "ff8f64ba99905d7afb1bc98ec5dc64611bb73d508c8f6c40c26e30d2a61306b1", "6f7100b0a2575c3f4c6830642168a8dd9dfc779c5adb58959958bad267e1d2c6", "5148c0ea49147b1ad5b61fdb21690b36a8df66cd887c5f7a5860593e9cd33da6", "e23251582f9c3bff3b9e08303b9715c004db7235ca09c6888fe7673acba251f7", "978ee0b56f6aa31b0f09a1558c9712d187910e7f88e6b1cccaf91c6353fc951b"], "mitre_attack_tags": []}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["708f61e53aff6e67f8cb80e4267d4030ef0744dc5517a979d5ac4ca098a0c271", "76b0732dbca956b771375e08286e64791b5151951df75c3333d330c3fc64b5ad", "a30850408cd40360a1d146dd6523e3abe9eb077076f00030d6f4cb854144300e", "892e127dea47acb58bdcf6dcbba6d1c0825578e17eda71aeca70753ca1392d87", "748fadc2257b32a766624b33448b2c665f627ab4783e5364f8b6de9be6fb4595", "e1efa5a4e2d6e7b4dd1bb810b702de584a27cecadc6ee3d9c52bf602837536cd", "5d4fafce265952687dc0457c9371e608ad495dcf34f9197dd111814fc0c12f16", "d2ab5a17cb955c177a73f6dee869140bf30ae2c6211bf22e62d4bd3069f87fef", "cb06c7223d2180727a5367df89303aa6477ab7dab6c0fd8e8a1fe64da2eae4d3", "a9e66a3df0d91547902987d153025a1db11c40eb69ab34941ceba3e69edff825", "d73d7848785595c34dea1a57ddaf4c83bdcd17e1deae76750856454215e9e369", "250fde02ed82039d271893fb9c57c21566e1306885ffa0ab9ef1d76b8e637450", "4a3ea8cc597c3dc0f78ac61c7cb05cdf3b6f4fc583a041611eafa10ad48775e7", "246f6b0f79d75adae9cd20b4be32421c3876d8d5c190710647b0f8487fde16d6", "f6b24b4f953a12a464c11c8c6eea113c7da1d447ed9a9c39754d26bb1de15f6b", "e94a7c984848c929bafaba780216e6f83ea4e02641f7feecbf3e08792882e20d", "0edef9c023045ca327cbdc4afcb26a729e863a406ededeea620a5156161bd65b", "6025eb9ff332381ae1b18ce3fabe0604f01fe42b313ea8ac0525dd92f368330f", "4460c8d695928d9791c2c56caa4f4d7f4e89b2f5f79f6cfd3f4104513c7b0caf", "5bcdb4fef1ef0db979cc431233e8ee60df86ff9a58dccb130b6cb14deaf20165", "ff8f64ba99905d7afb1bc98ec5dc64611bb73d508c8f6c40c26e30d2a61306b1", "6f7100b0a2575c3f4c6830642168a8dd9dfc779c5adb58959958bad267e1d2c6", "5148c0ea49147b1ad5b61fdb21690b36a8df66cd887c5f7a5860593e9cd33da6", "e23251582f9c3bff3b9e08303b9715c004db7235ca09c6888fe7673acba251f7", "978ee0b56f6aa31b0f09a1558c9712d187910e7f88e6b1cccaf91c6353fc951b"], "mitre_attack_tags": []}, {"bi": "modified-file-in-user-dir", "hashes": ["708f61e53aff6e67f8cb80e4267d4030ef0744dc5517a979d5ac4ca098a0c271", "76b0732dbca956b771375e08286e64791b5151951df75c3333d330c3fc64b5ad", "a30850408cd40360a1d146dd6523e3abe9eb077076f00030d6f4cb854144300e", "892e127dea47acb58bdcf6dcbba6d1c0825578e17eda71aeca70753ca1392d87", "748fadc2257b32a766624b33448b2c665f627ab4783e5364f8b6de9be6fb4595", "e1efa5a4e2d6e7b4dd1bb810b702de584a27cecadc6ee3d9c52bf602837536cd", "5d4fafce265952687dc0457c9371e608ad495dcf34f9197dd111814fc0c12f16", "d2ab5a17cb955c177a73f6dee869140bf30ae2c6211bf22e62d4bd3069f87fef", "cb06c7223d2180727a5367df89303aa6477ab7dab6c0fd8e8a1fe64da2eae4d3", "a9e66a3df0d91547902987d153025a1db11c40eb69ab34941ceba3e69edff825", "d73d7848785595c34dea1a57ddaf4c83bdcd17e1deae76750856454215e9e369", "250fde02ed82039d271893fb9c57c21566e1306885ffa0ab9ef1d76b8e637450", "4a3ea8cc597c3dc0f78ac61c7cb05cdf3b6f4fc583a041611eafa10ad48775e7", "246f6b0f79d75adae9cd20b4be32421c3876d8d5c190710647b0f8487fde16d6", "f6b24b4f953a12a464c11c8c6eea113c7da1d447ed9a9c39754d26bb1de15f6b", "e94a7c984848c929bafaba780216e6f83ea4e02641f7feecbf3e08792882e20d", "0edef9c023045ca327cbdc4afcb26a729e863a406ededeea620a5156161bd65b", "6025eb9ff332381ae1b18ce3fabe0604f01fe42b313ea8ac0525dd92f368330f", "4460c8d695928d9791c2c56caa4f4d7f4e89b2f5f79f6cfd3f4104513c7b0caf", "5bcdb4fef1ef0db979cc431233e8ee60df86ff9a58dccb130b6cb14deaf20165", "ff8f64ba99905d7afb1bc98ec5dc64611bb73d508c8f6c40c26e30d2a61306b1", "6f7100b0a2575c3f4c6830642168a8dd9dfc779c5adb58959958bad267e1d2c6", "5148c0ea49147b1ad5b61fdb21690b36a8df66cd887c5f7a5860593e9cd33da6", "e23251582f9c3bff3b9e08303b9715c004db7235ca09c6888fe7673acba251f7", "978ee0b56f6aa31b0f09a1558c9712d187910e7f88e6b1cccaf91c6353fc951b"], "mitre_attack_tags": []}, {"bi": "pe-invalid-checksum", "hashes": ["708f61e53aff6e67f8cb80e4267d4030ef0744dc5517a979d5ac4ca098a0c271", "76b0732dbca956b771375e08286e64791b5151951df75c3333d330c3fc64b5ad", "a30850408cd40360a1d146dd6523e3abe9eb077076f00030d6f4cb854144300e", "892e127dea47acb58bdcf6dcbba6d1c0825578e17eda71aeca70753ca1392d87", "748fadc2257b32a766624b33448b2c665f627ab4783e5364f8b6de9be6fb4595", "e1efa5a4e2d6e7b4dd1bb810b702de584a27cecadc6ee3d9c52bf602837536cd", "5d4fafce265952687dc0457c9371e608ad495dcf34f9197dd111814fc0c12f16", "d2ab5a17cb955c177a73f6dee869140bf30ae2c6211bf22e62d4bd3069f87fef", "cb06c7223d2180727a5367df89303aa6477ab7dab6c0fd8e8a1fe64da2eae4d3", "a9e66a3df0d91547902987d153025a1db11c40eb69ab34941ceba3e69edff825", "d73d7848785595c34dea1a57ddaf4c83bdcd17e1deae76750856454215e9e369", "250fde02ed82039d271893fb9c57c21566e1306885ffa0ab9ef1d76b8e637450", "4a3ea8cc597c3dc0f78ac61c7cb05cdf3b6f4fc583a041611eafa10ad48775e7", "246f6b0f79d75adae9cd20b4be32421c3876d8d5c190710647b0f8487fde16d6", "f6b24b4f953a12a464c11c8c6eea113c7da1d447ed9a9c39754d26bb1de15f6b", "e94a7c984848c929bafaba780216e6f83ea4e02641f7feecbf3e08792882e20d", "0edef9c023045ca327cbdc4afcb26a729e863a406ededeea620a5156161bd65b", "6025eb9ff332381ae1b18ce3fabe0604f01fe42b313ea8ac0525dd92f368330f", "4460c8d695928d9791c2c56caa4f4d7f4e89b2f5f79f6cfd3f4104513c7b0caf", "5bcdb4fef1ef0db979cc431233e8ee60df86ff9a58dccb130b6cb14deaf20165", "ff8f64ba99905d7afb1bc98ec5dc64611bb73d508c8f6c40c26e30d2a61306b1", "6f7100b0a2575c3f4c6830642168a8dd9dfc779c5adb58959958bad267e1d2c6", "5148c0ea49147b1ad5b61fdb21690b36a8df66cd887c5f7a5860593e9cd33da6", "e23251582f9c3bff3b9e08303b9715c004db7235ca09c6888fe7673acba251f7", "978ee0b56f6aa31b0f09a1558c9712d187910e7f88e6b1cccaf91c6353fc951b"], "mitre_attack_tags": []}, {"bi": "pe-filename-mismatch", "hashes": ["708f61e53aff6e67f8cb80e4267d4030ef0744dc5517a979d5ac4ca098a0c271", "76b0732dbca956b771375e08286e64791b5151951df75c3333d330c3fc64b5ad", "a30850408cd40360a1d146dd6523e3abe9eb077076f00030d6f4cb854144300e", "892e127dea47acb58bdcf6dcbba6d1c0825578e17eda71aeca70753ca1392d87", "748fadc2257b32a766624b33448b2c665f627ab4783e5364f8b6de9be6fb4595", "e1efa5a4e2d6e7b4dd1bb810b702de584a27cecadc6ee3d9c52bf602837536cd", "5d4fafce265952687dc0457c9371e608ad495dcf34f9197dd111814fc0c12f16", "d2ab5a17cb955c177a73f6dee869140bf30ae2c6211bf22e62d4bd3069f87fef", "cb06c7223d2180727a5367df89303aa6477ab7dab6c0fd8e8a1fe64da2eae4d3", "a9e66a3df0d91547902987d153025a1db11c40eb69ab34941ceba3e69edff825", "d73d7848785595c34dea1a57ddaf4c83bdcd17e1deae76750856454215e9e369", "250fde02ed82039d271893fb9c57c21566e1306885ffa0ab9ef1d76b8e637450", "4a3ea8cc597c3dc0f78ac61c7cb05cdf3b6f4fc583a041611eafa10ad48775e7", "246f6b0f79d75adae9cd20b4be32421c3876d8d5c190710647b0f8487fde16d6", "f6b24b4f953a12a464c11c8c6eea113c7da1d447ed9a9c39754d26bb1de15f6b", "e94a7c984848c929bafaba780216e6f83ea4e02641f7feecbf3e08792882e20d", "0edef9c023045ca327cbdc4afcb26a729e863a406ededeea620a5156161bd65b", "6025eb9ff332381ae1b18ce3fabe0604f01fe42b313ea8ac0525dd92f368330f", "4460c8d695928d9791c2c56caa4f4d7f4e89b2f5f79f6cfd3f4104513c7b0caf", "5bcdb4fef1ef0db979cc431233e8ee60df86ff9a58dccb130b6cb14deaf20165", "ff8f64ba99905d7afb1bc98ec5dc64611bb73d508c8f6c40c26e30d2a61306b1", "6f7100b0a2575c3f4c6830642168a8dd9dfc779c5adb58959958bad267e1d2c6", "5148c0ea49147b1ad5b61fdb21690b36a8df66cd887c5f7a5860593e9cd33da6", "e23251582f9c3bff3b9e08303b9715c004db7235ca09c6888fe7673acba251f7", "978ee0b56f6aa31b0f09a1558c9712d187910e7f88e6b1cccaf91c6353fc951b"], "mitre_attack_tags": []}, {"bi": "registry-autorun-key-data-dir", "hashes": ["708f61e53aff6e67f8cb80e4267d4030ef0744dc5517a979d5ac4ca098a0c271", "76b0732dbca956b771375e08286e64791b5151951df75c3333d330c3fc64b5ad", "a30850408cd40360a1d146dd6523e3abe9eb077076f00030d6f4cb854144300e", "892e127dea47acb58bdcf6dcbba6d1c0825578e17eda71aeca70753ca1392d87", "748fadc2257b32a766624b33448b2c665f627ab4783e5364f8b6de9be6fb4595", "e1efa5a4e2d6e7b4dd1bb810b702de584a27cecadc6ee3d9c52bf602837536cd", "5d4fafce265952687dc0457c9371e608ad495dcf34f9197dd111814fc0c12f16", "d2ab5a17cb955c177a73f6dee869140bf30ae2c6211bf22e62d4bd3069f87fef", "cb06c7223d2180727a5367df89303aa6477ab7dab6c0fd8e8a1fe64da2eae4d3", "a9e66a3df0d91547902987d153025a1db11c40eb69ab34941ceba3e69edff825", "d73d7848785595c34dea1a57ddaf4c83bdcd17e1deae76750856454215e9e369", "250fde02ed82039d271893fb9c57c21566e1306885ffa0ab9ef1d76b8e637450", "4a3ea8cc597c3dc0f78ac61c7cb05cdf3b6f4fc583a041611eafa10ad48775e7", "246f6b0f79d75adae9cd20b4be32421c3876d8d5c190710647b0f8487fde16d6", "f6b24b4f953a12a464c11c8c6eea113c7da1d447ed9a9c39754d26bb1de15f6b", "e94a7c984848c929bafaba780216e6f83ea4e02641f7feecbf3e08792882e20d", "0edef9c023045ca327cbdc4afcb26a729e863a406ededeea620a5156161bd65b", "6025eb9ff332381ae1b18ce3fabe0604f01fe42b313ea8ac0525dd92f368330f", "4460c8d695928d9791c2c56caa4f4d7f4e89b2f5f79f6cfd3f4104513c7b0caf", "5bcdb4fef1ef0db979cc431233e8ee60df86ff9a58dccb130b6cb14deaf20165", "ff8f64ba99905d7afb1bc98ec5dc64611bb73d508c8f6c40c26e30d2a61306b1", "6f7100b0a2575c3f4c6830642168a8dd9dfc779c5adb58959958bad267e1d2c6", "5148c0ea49147b1ad5b61fdb21690b36a8df66cd887c5f7a5860593e9cd33da6", "e23251582f9c3bff3b9e08303b9715c004db7235ca09c6888fe7673acba251f7", "978ee0b56f6aa31b0f09a1558c9712d187910e7f88e6b1cccaf91c6353fc951b"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "registry-autorun-key-modified", "hashes": ["708f61e53aff6e67f8cb80e4267d4030ef0744dc5517a979d5ac4ca098a0c271", "76b0732dbca956b771375e08286e64791b5151951df75c3333d330c3fc64b5ad", "a30850408cd40360a1d146dd6523e3abe9eb077076f00030d6f4cb854144300e", "892e127dea47acb58bdcf6dcbba6d1c0825578e17eda71aeca70753ca1392d87", "748fadc2257b32a766624b33448b2c665f627ab4783e5364f8b6de9be6fb4595", "e1efa5a4e2d6e7b4dd1bb810b702de584a27cecadc6ee3d9c52bf602837536cd", "5d4fafce265952687dc0457c9371e608ad495dcf34f9197dd111814fc0c12f16", "d2ab5a17cb955c177a73f6dee869140bf30ae2c6211bf22e62d4bd3069f87fef", "cb06c7223d2180727a5367df89303aa6477ab7dab6c0fd8e8a1fe64da2eae4d3", "a9e66a3df0d91547902987d153025a1db11c40eb69ab34941ceba3e69edff825", "d73d7848785595c34dea1a57ddaf4c83bdcd17e1deae76750856454215e9e369", "250fde02ed82039d271893fb9c57c21566e1306885ffa0ab9ef1d76b8e637450", "4a3ea8cc597c3dc0f78ac61c7cb05cdf3b6f4fc583a041611eafa10ad48775e7", "246f6b0f79d75adae9cd20b4be32421c3876d8d5c190710647b0f8487fde16d6", "f6b24b4f953a12a464c11c8c6eea113c7da1d447ed9a9c39754d26bb1de15f6b", "e94a7c984848c929bafaba780216e6f83ea4e02641f7feecbf3e08792882e20d", "0edef9c023045ca327cbdc4afcb26a729e863a406ededeea620a5156161bd65b", "6025eb9ff332381ae1b18ce3fabe0604f01fe42b313ea8ac0525dd92f368330f", "4460c8d695928d9791c2c56caa4f4d7f4e89b2f5f79f6cfd3f4104513c7b0caf", "5bcdb4fef1ef0db979cc431233e8ee60df86ff9a58dccb130b6cb14deaf20165", "ff8f64ba99905d7afb1bc98ec5dc64611bb73d508c8f6c40c26e30d2a61306b1", "6f7100b0a2575c3f4c6830642168a8dd9dfc779c5adb58959958bad267e1d2c6", "5148c0ea49147b1ad5b61fdb21690b36a8df66cd887c5f7a5860593e9cd33da6", "e23251582f9c3bff3b9e08303b9715c004db7235ca09c6888fe7673acba251f7", "978ee0b56f6aa31b0f09a1558c9712d187910e7f88e6b1cccaf91c6353fc951b"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "imports-IsDebuggerPresent", "hashes": ["708f61e53aff6e67f8cb80e4267d4030ef0744dc5517a979d5ac4ca098a0c271", "76b0732dbca956b771375e08286e64791b5151951df75c3333d330c3fc64b5ad", "a30850408cd40360a1d146dd6523e3abe9eb077076f00030d6f4cb854144300e", "892e127dea47acb58bdcf6dcbba6d1c0825578e17eda71aeca70753ca1392d87", "748fadc2257b32a766624b33448b2c665f627ab4783e5364f8b6de9be6fb4595", "e1efa5a4e2d6e7b4dd1bb810b702de584a27cecadc6ee3d9c52bf602837536cd", "5d4fafce265952687dc0457c9371e608ad495dcf34f9197dd111814fc0c12f16", "d2ab5a17cb955c177a73f6dee869140bf30ae2c6211bf22e62d4bd3069f87fef", "cb06c7223d2180727a5367df89303aa6477ab7dab6c0fd8e8a1fe64da2eae4d3", "a9e66a3df0d91547902987d153025a1db11c40eb69ab34941ceba3e69edff825", "d73d7848785595c34dea1a57ddaf4c83bdcd17e1deae76750856454215e9e369", "250fde02ed82039d271893fb9c57c21566e1306885ffa0ab9ef1d76b8e637450", "4a3ea8cc597c3dc0f78ac61c7cb05cdf3b6f4fc583a041611eafa10ad48775e7", "246f6b0f79d75adae9cd20b4be32421c3876d8d5c190710647b0f8487fde16d6", "f6b24b4f953a12a464c11c8c6eea113c7da1d447ed9a9c39754d26bb1de15f6b", "e94a7c984848c929bafaba780216e6f83ea4e02641f7feecbf3e08792882e20d", "0edef9c023045ca327cbdc4afcb26a729e863a406ededeea620a5156161bd65b", "6025eb9ff332381ae1b18ce3fabe0604f01fe42b313ea8ac0525dd92f368330f", "4460c8d695928d9791c2c56caa4f4d7f4e89b2f5f79f6cfd3f4104513c7b0caf", "5bcdb4fef1ef0db979cc431233e8ee60df86ff9a58dccb130b6cb14deaf20165", "ff8f64ba99905d7afb1bc98ec5dc64611bb73d508c8f6c40c26e30d2a61306b1", "6f7100b0a2575c3f4c6830642168a8dd9dfc779c5adb58959958bad267e1d2c6", "5148c0ea49147b1ad5b61fdb21690b36a8df66cd887c5f7a5860593e9cd33da6", "e23251582f9c3bff3b9e08303b9715c004db7235ca09c6888fe7673acba251f7", "978ee0b56f6aa31b0f09a1558c9712d187910e7f88e6b1cccaf91c6353fc951b"], "mitre_attack_tags": ["TA0005", "TA0007"]}, {"bi": "registry-service-autostart-disabled", "hashes": ["708f61e53aff6e67f8cb80e4267d4030ef0744dc5517a979d5ac4ca098a0c271", "76b0732dbca956b771375e08286e64791b5151951df75c3333d330c3fc64b5ad", "a30850408cd40360a1d146dd6523e3abe9eb077076f00030d6f4cb854144300e", "892e127dea47acb58bdcf6dcbba6d1c0825578e17eda71aeca70753ca1392d87", "748fadc2257b32a766624b33448b2c665f627ab4783e5364f8b6de9be6fb4595", "e1efa5a4e2d6e7b4dd1bb810b702de584a27cecadc6ee3d9c52bf602837536cd", "5d4fafce265952687dc0457c9371e608ad495dcf34f9197dd111814fc0c12f16", "d2ab5a17cb955c177a73f6dee869140bf30ae2c6211bf22e62d4bd3069f87fef", "cb06c7223d2180727a5367df89303aa6477ab7dab6c0fd8e8a1fe64da2eae4d3", "a9e66a3df0d91547902987d153025a1db11c40eb69ab34941ceba3e69edff825", "d73d7848785595c34dea1a57ddaf4c83bdcd17e1deae76750856454215e9e369", "250fde02ed82039d271893fb9c57c21566e1306885ffa0ab9ef1d76b8e637450", "4a3ea8cc597c3dc0f78ac61c7cb05cdf3b6f4fc583a041611eafa10ad48775e7", "246f6b0f79d75adae9cd20b4be32421c3876d8d5c190710647b0f8487fde16d6", "f6b24b4f953a12a464c11c8c6eea113c7da1d447ed9a9c39754d26bb1de15f6b", "e94a7c984848c929bafaba780216e6f83ea4e02641f7feecbf3e08792882e20d", "0edef9c023045ca327cbdc4afcb26a729e863a406ededeea620a5156161bd65b", "6025eb9ff332381ae1b18ce3fabe0604f01fe42b313ea8ac0525dd92f368330f", "4460c8d695928d9791c2c56caa4f4d7f4e89b2f5f79f6cfd3f4104513c7b0caf", "5bcdb4fef1ef0db979cc431233e8ee60df86ff9a58dccb130b6cb14deaf20165", "ff8f64ba99905d7afb1bc98ec5dc64611bb73d508c8f6c40c26e30d2a61306b1", "6f7100b0a2575c3f4c6830642168a8dd9dfc779c5adb58959958bad267e1d2c6", "5148c0ea49147b1ad5b61fdb21690b36a8df66cd887c5f7a5860593e9cd33da6", "e23251582f9c3bff3b9e08303b9715c004db7235ca09c6888fe7673acba251f7", "978ee0b56f6aa31b0f09a1558c9712d187910e7f88e6b1cccaf91c6353fc951b"], "mitre_attack_tags": ["TA0005", "TA0040", "TA0003", "TA0004", "T1112", "T1574", "T1489"]}, {"bi": "registry-disablesuac", "hashes": ["708f61e53aff6e67f8cb80e4267d4030ef0744dc5517a979d5ac4ca098a0c271", "76b0732dbca956b771375e08286e64791b5151951df75c3333d330c3fc64b5ad", "a30850408cd40360a1d146dd6523e3abe9eb077076f00030d6f4cb854144300e", "892e127dea47acb58bdcf6dcbba6d1c0825578e17eda71aeca70753ca1392d87", "748fadc2257b32a766624b33448b2c665f627ab4783e5364f8b6de9be6fb4595", "e1efa5a4e2d6e7b4dd1bb810b702de584a27cecadc6ee3d9c52bf602837536cd", "5d4fafce265952687dc0457c9371e608ad495dcf34f9197dd111814fc0c12f16", "d2ab5a17cb955c177a73f6dee869140bf30ae2c6211bf22e62d4bd3069f87fef", "cb06c7223d2180727a5367df89303aa6477ab7dab6c0fd8e8a1fe64da2eae4d3", "a9e66a3df0d91547902987d153025a1db11c40eb69ab34941ceba3e69edff825", "d73d7848785595c34dea1a57ddaf4c83bdcd17e1deae76750856454215e9e369", "250fde02ed82039d271893fb9c57c21566e1306885ffa0ab9ef1d76b8e637450", "4a3ea8cc597c3dc0f78ac61c7cb05cdf3b6f4fc583a041611eafa10ad48775e7", "246f6b0f79d75adae9cd20b4be32421c3876d8d5c190710647b0f8487fde16d6", "f6b24b4f953a12a464c11c8c6eea113c7da1d447ed9a9c39754d26bb1de15f6b", "e94a7c984848c929bafaba780216e6f83ea4e02641f7feecbf3e08792882e20d", "0edef9c023045ca327cbdc4afcb26a729e863a406ededeea620a5156161bd65b", "6025eb9ff332381ae1b18ce3fabe0604f01fe42b313ea8ac0525dd92f368330f", "4460c8d695928d9791c2c56caa4f4d7f4e89b2f5f79f6cfd3f4104513c7b0caf", "5bcdb4fef1ef0db979cc431233e8ee60df86ff9a58dccb130b6cb14deaf20165", "ff8f64ba99905d7afb1bc98ec5dc64611bb73d508c8f6c40c26e30d2a61306b1", "6f7100b0a2575c3f4c6830642168a8dd9dfc779c5adb58959958bad267e1d2c6", "5148c0ea49147b1ad5b61fdb21690b36a8df66cd887c5f7a5860593e9cd33da6", "e23251582f9c3bff3b9e08303b9715c004db7235ca09c6888fe7673acba251f7", "978ee0b56f6aa31b0f09a1558c9712d187910e7f88e6b1cccaf91c6353fc951b"], "mitre_attack_tags": ["TA0005", "TA0004", "T1548", "T1562"]}, {"bi": "registry-winlogon-key-modified-nt", "hashes": ["708f61e53aff6e67f8cb80e4267d4030ef0744dc5517a979d5ac4ca098a0c271", "76b0732dbca956b771375e08286e64791b5151951df75c3333d330c3fc64b5ad", "a30850408cd40360a1d146dd6523e3abe9eb077076f00030d6f4cb854144300e", "892e127dea47acb58bdcf6dcbba6d1c0825578e17eda71aeca70753ca1392d87", "748fadc2257b32a766624b33448b2c665f627ab4783e5364f8b6de9be6fb4595", "e1efa5a4e2d6e7b4dd1bb810b702de584a27cecadc6ee3d9c52bf602837536cd", "5d4fafce265952687dc0457c9371e608ad495dcf34f9197dd111814fc0c12f16", "d2ab5a17cb955c177a73f6dee869140bf30ae2c6211bf22e62d4bd3069f87fef", "cb06c7223d2180727a5367df89303aa6477ab7dab6c0fd8e8a1fe64da2eae4d3", "a9e66a3df0d91547902987d153025a1db11c40eb69ab34941ceba3e69edff825", "d73d7848785595c34dea1a57ddaf4c83bdcd17e1deae76750856454215e9e369", "250fde02ed82039d271893fb9c57c21566e1306885ffa0ab9ef1d76b8e637450", "4a3ea8cc597c3dc0f78ac61c7cb05cdf3b6f4fc583a041611eafa10ad48775e7", "246f6b0f79d75adae9cd20b4be32421c3876d8d5c190710647b0f8487fde16d6", "f6b24b4f953a12a464c11c8c6eea113c7da1d447ed9a9c39754d26bb1de15f6b", "e94a7c984848c929bafaba780216e6f83ea4e02641f7feecbf3e08792882e20d", "0edef9c023045ca327cbdc4afcb26a729e863a406ededeea620a5156161bd65b", "6025eb9ff332381ae1b18ce3fabe0604f01fe42b313ea8ac0525dd92f368330f", "4460c8d695928d9791c2c56caa4f4d7f4e89b2f5f79f6cfd3f4104513c7b0caf", "5bcdb4fef1ef0db979cc431233e8ee60df86ff9a58dccb130b6cb14deaf20165", "ff8f64ba99905d7afb1bc98ec5dc64611bb73d508c8f6c40c26e30d2a61306b1", "6f7100b0a2575c3f4c6830642168a8dd9dfc779c5adb58959958bad267e1d2c6", "5148c0ea49147b1ad5b61fdb21690b36a8df66cd887c5f7a5860593e9cd33da6", "e23251582f9c3bff3b9e08303b9715c004db7235ca09c6888fe7673acba251f7", "978ee0b56f6aa31b0f09a1558c9712d187910e7f88e6b1cccaf91c6353fc951b"], "mitre_attack_tags": ["TA0005", "TA0003", "TA0004", "T1112", "T1547"]}, {"bi": "artifact-exec-extension-obfuscation", "hashes": ["708f61e53aff6e67f8cb80e4267d4030ef0744dc5517a979d5ac4ca098a0c271", "76b0732dbca956b771375e08286e64791b5151951df75c3333d330c3fc64b5ad", "a30850408cd40360a1d146dd6523e3abe9eb077076f00030d6f4cb854144300e", "892e127dea47acb58bdcf6dcbba6d1c0825578e17eda71aeca70753ca1392d87", "748fadc2257b32a766624b33448b2c665f627ab4783e5364f8b6de9be6fb4595", "e1efa5a4e2d6e7b4dd1bb810b702de584a27cecadc6ee3d9c52bf602837536cd", "5d4fafce265952687dc0457c9371e608ad495dcf34f9197dd111814fc0c12f16", "d2ab5a17cb955c177a73f6dee869140bf30ae2c6211bf22e62d4bd3069f87fef", "cb06c7223d2180727a5367df89303aa6477ab7dab6c0fd8e8a1fe64da2eae4d3", "a9e66a3df0d91547902987d153025a1db11c40eb69ab34941ceba3e69edff825", "d73d7848785595c34dea1a57ddaf4c83bdcd17e1deae76750856454215e9e369", "250fde02ed82039d271893fb9c57c21566e1306885ffa0ab9ef1d76b8e637450", "4a3ea8cc597c3dc0f78ac61c7cb05cdf3b6f4fc583a041611eafa10ad48775e7", "246f6b0f79d75adae9cd20b4be32421c3876d8d5c190710647b0f8487fde16d6", "f6b24b4f953a12a464c11c8c6eea113c7da1d447ed9a9c39754d26bb1de15f6b", "e94a7c984848c929bafaba780216e6f83ea4e02641f7feecbf3e08792882e20d", "0edef9c023045ca327cbdc4afcb26a729e863a406ededeea620a5156161bd65b", "6025eb9ff332381ae1b18ce3fabe0604f01fe42b313ea8ac0525dd92f368330f", "4460c8d695928d9791c2c56caa4f4d7f4e89b2f5f79f6cfd3f4104513c7b0caf", "5bcdb4fef1ef0db979cc431233e8ee60df86ff9a58dccb130b6cb14deaf20165", "ff8f64ba99905d7afb1bc98ec5dc64611bb73d508c8f6c40c26e30d2a61306b1", "6f7100b0a2575c3f4c6830642168a8dd9dfc779c5adb58959958bad267e1d2c6", "5148c0ea49147b1ad5b61fdb21690b36a8df66cd887c5f7a5860593e9cd33da6", "e23251582f9c3bff3b9e08303b9715c004db7235ca09c6888fe7673acba251f7", "978ee0b56f6aa31b0f09a1558c9712d187910e7f88e6b1cccaf91c6353fc951b"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "startup-folder-modification", "hashes": ["708f61e53aff6e67f8cb80e4267d4030ef0744dc5517a979d5ac4ca098a0c271", "76b0732dbca956b771375e08286e64791b5151951df75c3333d330c3fc64b5ad", "a30850408cd40360a1d146dd6523e3abe9eb077076f00030d6f4cb854144300e", "892e127dea47acb58bdcf6dcbba6d1c0825578e17eda71aeca70753ca1392d87", "748fadc2257b32a766624b33448b2c665f627ab4783e5364f8b6de9be6fb4595", "e1efa5a4e2d6e7b4dd1bb810b702de584a27cecadc6ee3d9c52bf602837536cd", "5d4fafce265952687dc0457c9371e608ad495dcf34f9197dd111814fc0c12f16", "d2ab5a17cb955c177a73f6dee869140bf30ae2c6211bf22e62d4bd3069f87fef", "cb06c7223d2180727a5367df89303aa6477ab7dab6c0fd8e8a1fe64da2eae4d3", "a9e66a3df0d91547902987d153025a1db11c40eb69ab34941ceba3e69edff825", "d73d7848785595c34dea1a57ddaf4c83bdcd17e1deae76750856454215e9e369", "250fde02ed82039d271893fb9c57c21566e1306885ffa0ab9ef1d76b8e637450", "4a3ea8cc597c3dc0f78ac61c7cb05cdf3b6f4fc583a041611eafa10ad48775e7", "246f6b0f79d75adae9cd20b4be32421c3876d8d5c190710647b0f8487fde16d6", "f6b24b4f953a12a464c11c8c6eea113c7da1d447ed9a9c39754d26bb1de15f6b", "e94a7c984848c929bafaba780216e6f83ea4e02641f7feecbf3e08792882e20d", "0edef9c023045ca327cbdc4afcb26a729e863a406ededeea620a5156161bd65b", "6025eb9ff332381ae1b18ce3fabe0604f01fe42b313ea8ac0525dd92f368330f", "4460c8d695928d9791c2c56caa4f4d7f4e89b2f5f79f6cfd3f4104513c7b0caf", "5bcdb4fef1ef0db979cc431233e8ee60df86ff9a58dccb130b6cb14deaf20165", "ff8f64ba99905d7afb1bc98ec5dc64611bb73d508c8f6c40c26e30d2a61306b1", "6f7100b0a2575c3f4c6830642168a8dd9dfc779c5adb58959958bad267e1d2c6", "5148c0ea49147b1ad5b61fdb21690b36a8df66cd887c5f7a5860593e9cd33da6", "e23251582f9c3bff3b9e08303b9715c004db7235ca09c6888fe7673acba251f7", "978ee0b56f6aa31b0f09a1558c9712d187910e7f88e6b1cccaf91c6353fc951b"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "registry-firewall-exceptions-enabled", "hashes": ["708f61e53aff6e67f8cb80e4267d4030ef0744dc5517a979d5ac4ca098a0c271", "76b0732dbca956b771375e08286e64791b5151951df75c3333d330c3fc64b5ad", "a30850408cd40360a1d146dd6523e3abe9eb077076f00030d6f4cb854144300e", "892e127dea47acb58bdcf6dcbba6d1c0825578e17eda71aeca70753ca1392d87", "748fadc2257b32a766624b33448b2c665f627ab4783e5364f8b6de9be6fb4595", "e1efa5a4e2d6e7b4dd1bb810b702de584a27cecadc6ee3d9c52bf602837536cd", "5d4fafce265952687dc0457c9371e608ad495dcf34f9197dd111814fc0c12f16", "d2ab5a17cb955c177a73f6dee869140bf30ae2c6211bf22e62d4bd3069f87fef", "cb06c7223d2180727a5367df89303aa6477ab7dab6c0fd8e8a1fe64da2eae4d3", "a9e66a3df0d91547902987d153025a1db11c40eb69ab34941ceba3e69edff825", "d73d7848785595c34dea1a57ddaf4c83bdcd17e1deae76750856454215e9e369", "250fde02ed82039d271893fb9c57c21566e1306885ffa0ab9ef1d76b8e637450", "4a3ea8cc597c3dc0f78ac61c7cb05cdf3b6f4fc583a041611eafa10ad48775e7", "246f6b0f79d75adae9cd20b4be32421c3876d8d5c190710647b0f8487fde16d6", "f6b24b4f953a12a464c11c8c6eea113c7da1d447ed9a9c39754d26bb1de15f6b", "e94a7c984848c929bafaba780216e6f83ea4e02641f7feecbf3e08792882e20d", "0edef9c023045ca327cbdc4afcb26a729e863a406ededeea620a5156161bd65b", "6025eb9ff332381ae1b18ce3fabe0604f01fe42b313ea8ac0525dd92f368330f", "4460c8d695928d9791c2c56caa4f4d7f4e89b2f5f79f6cfd3f4104513c7b0caf", "5bcdb4fef1ef0db979cc431233e8ee60df86ff9a58dccb130b6cb14deaf20165", "ff8f64ba99905d7afb1bc98ec5dc64611bb73d508c8f6c40c26e30d2a61306b1", "6f7100b0a2575c3f4c6830642168a8dd9dfc779c5adb58959958bad267e1d2c6", "5148c0ea49147b1ad5b61fdb21690b36a8df66cd887c5f7a5860593e9cd33da6", "e23251582f9c3bff3b9e08303b9715c004db7235ca09c6888fe7673acba251f7", "978ee0b56f6aa31b0f09a1558c9712d187910e7f88e6b1cccaf91c6353fc951b"], "mitre_attack_tags": ["TA0005", "T1562"]}, {"bi": "registry-disable-windefender", "hashes": ["708f61e53aff6e67f8cb80e4267d4030ef0744dc5517a979d5ac4ca098a0c271", "76b0732dbca956b771375e08286e64791b5151951df75c3333d330c3fc64b5ad", "a30850408cd40360a1d146dd6523e3abe9eb077076f00030d6f4cb854144300e", "892e127dea47acb58bdcf6dcbba6d1c0825578e17eda71aeca70753ca1392d87", "748fadc2257b32a766624b33448b2c665f627ab4783e5364f8b6de9be6fb4595", "e1efa5a4e2d6e7b4dd1bb810b702de584a27cecadc6ee3d9c52bf602837536cd", "5d4fafce265952687dc0457c9371e608ad495dcf34f9197dd111814fc0c12f16", "d2ab5a17cb955c177a73f6dee869140bf30ae2c6211bf22e62d4bd3069f87fef", "cb06c7223d2180727a5367df89303aa6477ab7dab6c0fd8e8a1fe64da2eae4d3", "a9e66a3df0d91547902987d153025a1db11c40eb69ab34941ceba3e69edff825", "d73d7848785595c34dea1a57ddaf4c83bdcd17e1deae76750856454215e9e369", "250fde02ed82039d271893fb9c57c21566e1306885ffa0ab9ef1d76b8e637450", "4a3ea8cc597c3dc0f78ac61c7cb05cdf3b6f4fc583a041611eafa10ad48775e7", "246f6b0f79d75adae9cd20b4be32421c3876d8d5c190710647b0f8487fde16d6", "f6b24b4f953a12a464c11c8c6eea113c7da1d447ed9a9c39754d26bb1de15f6b", "e94a7c984848c929bafaba780216e6f83ea4e02641f7feecbf3e08792882e20d", "0edef9c023045ca327cbdc4afcb26a729e863a406ededeea620a5156161bd65b", "6025eb9ff332381ae1b18ce3fabe0604f01fe42b313ea8ac0525dd92f368330f", "4460c8d695928d9791c2c56caa4f4d7f4e89b2f5f79f6cfd3f4104513c7b0caf", "5bcdb4fef1ef0db979cc431233e8ee60df86ff9a58dccb130b6cb14deaf20165", "ff8f64ba99905d7afb1bc98ec5dc64611bb73d508c8f6c40c26e30d2a61306b1", "6f7100b0a2575c3f4c6830642168a8dd9dfc779c5adb58959958bad267e1d2c6", "5148c0ea49147b1ad5b61fdb21690b36a8df66cd887c5f7a5860593e9cd33da6", "e23251582f9c3bff3b9e08303b9715c004db7235ca09c6888fe7673acba251f7", "978ee0b56f6aa31b0f09a1558c9712d187910e7f88e6b1cccaf91c6353fc951b"], "mitre_attack_tags": ["TA0005", "T1562"]}, {"bi": "malware-ramnit-mutex", "hashes": ["708f61e53aff6e67f8cb80e4267d4030ef0744dc5517a979d5ac4ca098a0c271", "76b0732dbca956b771375e08286e64791b5151951df75c3333d330c3fc64b5ad", "a30850408cd40360a1d146dd6523e3abe9eb077076f00030d6f4cb854144300e", "892e127dea47acb58bdcf6dcbba6d1c0825578e17eda71aeca70753ca1392d87", "748fadc2257b32a766624b33448b2c665f627ab4783e5364f8b6de9be6fb4595", "e1efa5a4e2d6e7b4dd1bb810b702de584a27cecadc6ee3d9c52bf602837536cd", "5d4fafce265952687dc0457c9371e608ad495dcf34f9197dd111814fc0c12f16", "d2ab5a17cb955c177a73f6dee869140bf30ae2c6211bf22e62d4bd3069f87fef", "cb06c7223d2180727a5367df89303aa6477ab7dab6c0fd8e8a1fe64da2eae4d3", "a9e66a3df0d91547902987d153025a1db11c40eb69ab34941ceba3e69edff825", "d73d7848785595c34dea1a57ddaf4c83bdcd17e1deae76750856454215e9e369", "250fde02ed82039d271893fb9c57c21566e1306885ffa0ab9ef1d76b8e637450", "4a3ea8cc597c3dc0f78ac61c7cb05cdf3b6f4fc583a041611eafa10ad48775e7", "246f6b0f79d75adae9cd20b4be32421c3876d8d5c190710647b0f8487fde16d6", "f6b24b4f953a12a464c11c8c6eea113c7da1d447ed9a9c39754d26bb1de15f6b", "e94a7c984848c929bafaba780216e6f83ea4e02641f7feecbf3e08792882e20d", "0edef9c023045ca327cbdc4afcb26a729e863a406ededeea620a5156161bd65b", "6025eb9ff332381ae1b18ce3fabe0604f01fe42b313ea8ac0525dd92f368330f", "4460c8d695928d9791c2c56caa4f4d7f4e89b2f5f79f6cfd3f4104513c7b0caf", "5bcdb4fef1ef0db979cc431233e8ee60df86ff9a58dccb130b6cb14deaf20165", "ff8f64ba99905d7afb1bc98ec5dc64611bb73d508c8f6c40c26e30d2a61306b1", "6f7100b0a2575c3f4c6830642168a8dd9dfc779c5adb58959958bad267e1d2c6", "5148c0ea49147b1ad5b61fdb21690b36a8df66cd887c5f7a5860593e9cd33da6", "e23251582f9c3bff3b9e08303b9715c004db7235ca09c6888fe7673acba251f7", "978ee0b56f6aa31b0f09a1558c9712d187910e7f88e6b1cccaf91c6353fc951b"], "mitre_attack_tags": []}, {"bi": "disables-windows-firewall", "hashes": ["708f61e53aff6e67f8cb80e4267d4030ef0744dc5517a979d5ac4ca098a0c271", "76b0732dbca956b771375e08286e64791b5151951df75c3333d330c3fc64b5ad", "a30850408cd40360a1d146dd6523e3abe9eb077076f00030d6f4cb854144300e", "892e127dea47acb58bdcf6dcbba6d1c0825578e17eda71aeca70753ca1392d87", "748fadc2257b32a766624b33448b2c665f627ab4783e5364f8b6de9be6fb4595", "e1efa5a4e2d6e7b4dd1bb810b702de584a27cecadc6ee3d9c52bf602837536cd", "5d4fafce265952687dc0457c9371e608ad495dcf34f9197dd111814fc0c12f16", "d2ab5a17cb955c177a73f6dee869140bf30ae2c6211bf22e62d4bd3069f87fef", "cb06c7223d2180727a5367df89303aa6477ab7dab6c0fd8e8a1fe64da2eae4d3", "a9e66a3df0d91547902987d153025a1db11c40eb69ab34941ceba3e69edff825", "d73d7848785595c34dea1a57ddaf4c83bdcd17e1deae76750856454215e9e369", "250fde02ed82039d271893fb9c57c21566e1306885ffa0ab9ef1d76b8e637450", "4a3ea8cc597c3dc0f78ac61c7cb05cdf3b6f4fc583a041611eafa10ad48775e7", "246f6b0f79d75adae9cd20b4be32421c3876d8d5c190710647b0f8487fde16d6", "f6b24b4f953a12a464c11c8c6eea113c7da1d447ed9a9c39754d26bb1de15f6b", "e94a7c984848c929bafaba780216e6f83ea4e02641f7feecbf3e08792882e20d", "0edef9c023045ca327cbdc4afcb26a729e863a406ededeea620a5156161bd65b", "6025eb9ff332381ae1b18ce3fabe0604f01fe42b313ea8ac0525dd92f368330f", "4460c8d695928d9791c2c56caa4f4d7f4e89b2f5f79f6cfd3f4104513c7b0caf", "5bcdb4fef1ef0db979cc431233e8ee60df86ff9a58dccb130b6cb14deaf20165", "ff8f64ba99905d7afb1bc98ec5dc64611bb73d508c8f6c40c26e30d2a61306b1", "6f7100b0a2575c3f4c6830642168a8dd9dfc779c5adb58959958bad267e1d2c6", "5148c0ea49147b1ad5b61fdb21690b36a8df66cd887c5f7a5860593e9cd33da6", "e23251582f9c3bff3b9e08303b9715c004db7235ca09c6888fe7673acba251f7", "978ee0b56f6aa31b0f09a1558c9712d187910e7f88e6b1cccaf91c6353fc951b"], "mitre_attack_tags": ["TA0005", "T1562"]}, {"bi": "disables-security-center-notifications", "hashes": ["708f61e53aff6e67f8cb80e4267d4030ef0744dc5517a979d5ac4ca098a0c271", "76b0732dbca956b771375e08286e64791b5151951df75c3333d330c3fc64b5ad", "a30850408cd40360a1d146dd6523e3abe9eb077076f00030d6f4cb854144300e", "892e127dea47acb58bdcf6dcbba6d1c0825578e17eda71aeca70753ca1392d87", "748fadc2257b32a766624b33448b2c665f627ab4783e5364f8b6de9be6fb4595", "e1efa5a4e2d6e7b4dd1bb810b702de584a27cecadc6ee3d9c52bf602837536cd", "5d4fafce265952687dc0457c9371e608ad495dcf34f9197dd111814fc0c12f16", "d2ab5a17cb955c177a73f6dee869140bf30ae2c6211bf22e62d4bd3069f87fef", "cb06c7223d2180727a5367df89303aa6477ab7dab6c0fd8e8a1fe64da2eae4d3", "a9e66a3df0d91547902987d153025a1db11c40eb69ab34941ceba3e69edff825", "d73d7848785595c34dea1a57ddaf4c83bdcd17e1deae76750856454215e9e369", "250fde02ed82039d271893fb9c57c21566e1306885ffa0ab9ef1d76b8e637450", "4a3ea8cc597c3dc0f78ac61c7cb05cdf3b6f4fc583a041611eafa10ad48775e7", "246f6b0f79d75adae9cd20b4be32421c3876d8d5c190710647b0f8487fde16d6", "f6b24b4f953a12a464c11c8c6eea113c7da1d447ed9a9c39754d26bb1de15f6b", "e94a7c984848c929bafaba780216e6f83ea4e02641f7feecbf3e08792882e20d", "0edef9c023045ca327cbdc4afcb26a729e863a406ededeea620a5156161bd65b", "6025eb9ff332381ae1b18ce3fabe0604f01fe42b313ea8ac0525dd92f368330f", "4460c8d695928d9791c2c56caa4f4d7f4e89b2f5f79f6cfd3f4104513c7b0caf", "5bcdb4fef1ef0db979cc431233e8ee60df86ff9a58dccb130b6cb14deaf20165", "ff8f64ba99905d7afb1bc98ec5dc64611bb73d508c8f6c40c26e30d2a61306b1", "6f7100b0a2575c3f4c6830642168a8dd9dfc779c5adb58959958bad267e1d2c6", "5148c0ea49147b1ad5b61fdb21690b36a8df66cd887c5f7a5860593e9cd33da6", "e23251582f9c3bff3b9e08303b9715c004db7235ca09c6888fe7673acba251f7", "978ee0b56f6aa31b0f09a1558c9712d187910e7f88e6b1cccaf91c6353fc951b"], "mitre_attack_tags": ["TA0005", "T1562"]}, {"bi": "registry-winlogon-key-value-modified-to-userinit", "hashes": ["708f61e53aff6e67f8cb80e4267d4030ef0744dc5517a979d5ac4ca098a0c271", "76b0732dbca956b771375e08286e64791b5151951df75c3333d330c3fc64b5ad", "a30850408cd40360a1d146dd6523e3abe9eb077076f00030d6f4cb854144300e", "892e127dea47acb58bdcf6dcbba6d1c0825578e17eda71aeca70753ca1392d87", "748fadc2257b32a766624b33448b2c665f627ab4783e5364f8b6de9be6fb4595", "e1efa5a4e2d6e7b4dd1bb810b702de584a27cecadc6ee3d9c52bf602837536cd", "5d4fafce265952687dc0457c9371e608ad495dcf34f9197dd111814fc0c12f16", "d2ab5a17cb955c177a73f6dee869140bf30ae2c6211bf22e62d4bd3069f87fef", "cb06c7223d2180727a5367df89303aa6477ab7dab6c0fd8e8a1fe64da2eae4d3", "a9e66a3df0d91547902987d153025a1db11c40eb69ab34941ceba3e69edff825", "d73d7848785595c34dea1a57ddaf4c83bdcd17e1deae76750856454215e9e369", "250fde02ed82039d271893fb9c57c21566e1306885ffa0ab9ef1d76b8e637450", "4a3ea8cc597c3dc0f78ac61c7cb05cdf3b6f4fc583a041611eafa10ad48775e7", "246f6b0f79d75adae9cd20b4be32421c3876d8d5c190710647b0f8487fde16d6", "f6b24b4f953a12a464c11c8c6eea113c7da1d447ed9a9c39754d26bb1de15f6b", "e94a7c984848c929bafaba780216e6f83ea4e02641f7feecbf3e08792882e20d", "0edef9c023045ca327cbdc4afcb26a729e863a406ededeea620a5156161bd65b", "6025eb9ff332381ae1b18ce3fabe0604f01fe42b313ea8ac0525dd92f368330f", "4460c8d695928d9791c2c56caa4f4d7f4e89b2f5f79f6cfd3f4104513c7b0caf", "5bcdb4fef1ef0db979cc431233e8ee60df86ff9a58dccb130b6cb14deaf20165", "ff8f64ba99905d7afb1bc98ec5dc64611bb73d508c8f6c40c26e30d2a61306b1", "6f7100b0a2575c3f4c6830642168a8dd9dfc779c5adb58959958bad267e1d2c6", "5148c0ea49147b1ad5b61fdb21690b36a8df66cd887c5f7a5860593e9cd33da6", "e23251582f9c3bff3b9e08303b9715c004db7235ca09c6888fe7673acba251f7", "978ee0b56f6aa31b0f09a1558c9712d187910e7f88e6b1cccaf91c6353fc951b"], "mitre_attack_tags": ["TA0005", "TA0003", "TA0004", "T1112", "T1547"]}, {"bi": "registry-firewall-notifications-disabled", "hashes": ["708f61e53aff6e67f8cb80e4267d4030ef0744dc5517a979d5ac4ca098a0c271", "76b0732dbca956b771375e08286e64791b5151951df75c3333d330c3fc64b5ad", "a30850408cd40360a1d146dd6523e3abe9eb077076f00030d6f4cb854144300e", "892e127dea47acb58bdcf6dcbba6d1c0825578e17eda71aeca70753ca1392d87", "748fadc2257b32a766624b33448b2c665f627ab4783e5364f8b6de9be6fb4595", "e1efa5a4e2d6e7b4dd1bb810b702de584a27cecadc6ee3d9c52bf602837536cd", "5d4fafce265952687dc0457c9371e608ad495dcf34f9197dd111814fc0c12f16", "d2ab5a17cb955c177a73f6dee869140bf30ae2c6211bf22e62d4bd3069f87fef", "cb06c7223d2180727a5367df89303aa6477ab7dab6c0fd8e8a1fe64da2eae4d3", "a9e66a3df0d91547902987d153025a1db11c40eb69ab34941ceba3e69edff825", "d73d7848785595c34dea1a57ddaf4c83bdcd17e1deae76750856454215e9e369", "250fde02ed82039d271893fb9c57c21566e1306885ffa0ab9ef1d76b8e637450", "4a3ea8cc597c3dc0f78ac61c7cb05cdf3b6f4fc583a041611eafa10ad48775e7", "246f6b0f79d75adae9cd20b4be32421c3876d8d5c190710647b0f8487fde16d6", "f6b24b4f953a12a464c11c8c6eea113c7da1d447ed9a9c39754d26bb1de15f6b", "e94a7c984848c929bafaba780216e6f83ea4e02641f7feecbf3e08792882e20d", "0edef9c023045ca327cbdc4afcb26a729e863a406ededeea620a5156161bd65b", "6025eb9ff332381ae1b18ce3fabe0604f01fe42b313ea8ac0525dd92f368330f", "4460c8d695928d9791c2c56caa4f4d7f4e89b2f5f79f6cfd3f4104513c7b0caf", "5bcdb4fef1ef0db979cc431233e8ee60df86ff9a58dccb130b6cb14deaf20165", "ff8f64ba99905d7afb1bc98ec5dc64611bb73d508c8f6c40c26e30d2a61306b1", "6f7100b0a2575c3f4c6830642168a8dd9dfc779c5adb58959958bad267e1d2c6", "5148c0ea49147b1ad5b61fdb21690b36a8df66cd887c5f7a5860593e9cd33da6", "e23251582f9c3bff3b9e08303b9715c004db7235ca09c6888fe7673acba251f7", "978ee0b56f6aa31b0f09a1558c9712d187910e7f88e6b1cccaf91c6353fc951b"], "mitre_attack_tags": ["TA0005", "T1562"]}, {"bi": "process-override-security-center-monitoring", "hashes": ["708f61e53aff6e67f8cb80e4267d4030ef0744dc5517a979d5ac4ca098a0c271", "76b0732dbca956b771375e08286e64791b5151951df75c3333d330c3fc64b5ad", "a30850408cd40360a1d146dd6523e3abe9eb077076f00030d6f4cb854144300e", "892e127dea47acb58bdcf6dcbba6d1c0825578e17eda71aeca70753ca1392d87", "748fadc2257b32a766624b33448b2c665f627ab4783e5364f8b6de9be6fb4595", "e1efa5a4e2d6e7b4dd1bb810b702de584a27cecadc6ee3d9c52bf602837536cd", "5d4fafce265952687dc0457c9371e608ad495dcf34f9197dd111814fc0c12f16", "d2ab5a17cb955c177a73f6dee869140bf30ae2c6211bf22e62d4bd3069f87fef", "cb06c7223d2180727a5367df89303aa6477ab7dab6c0fd8e8a1fe64da2eae4d3", "a9e66a3df0d91547902987d153025a1db11c40eb69ab34941ceba3e69edff825", "d73d7848785595c34dea1a57ddaf4c83bdcd17e1deae76750856454215e9e369", "250fde02ed82039d271893fb9c57c21566e1306885ffa0ab9ef1d76b8e637450", "4a3ea8cc597c3dc0f78ac61c7cb05cdf3b6f4fc583a041611eafa10ad48775e7", "246f6b0f79d75adae9cd20b4be32421c3876d8d5c190710647b0f8487fde16d6", "f6b24b4f953a12a464c11c8c6eea113c7da1d447ed9a9c39754d26bb1de15f6b", "e94a7c984848c929bafaba780216e6f83ea4e02641f7feecbf3e08792882e20d", "0edef9c023045ca327cbdc4afcb26a729e863a406ededeea620a5156161bd65b", "6025eb9ff332381ae1b18ce3fabe0604f01fe42b313ea8ac0525dd92f368330f", "4460c8d695928d9791c2c56caa4f4d7f4e89b2f5f79f6cfd3f4104513c7b0caf", "5bcdb4fef1ef0db979cc431233e8ee60df86ff9a58dccb130b6cb14deaf20165", "ff8f64ba99905d7afb1bc98ec5dc64611bb73d508c8f6c40c26e30d2a61306b1", "6f7100b0a2575c3f4c6830642168a8dd9dfc779c5adb58959958bad267e1d2c6", "5148c0ea49147b1ad5b61fdb21690b36a8df66cd887c5f7a5860593e9cd33da6", "e23251582f9c3bff3b9e08303b9715c004db7235ca09c6888fe7673acba251f7", "978ee0b56f6aa31b0f09a1558c9712d187910e7f88e6b1cccaf91c6353fc951b"], "mitre_attack_tags": ["TA0005", "T1562"]}, {"bi": "network-opendns-malicious", "hashes": ["708f61e53aff6e67f8cb80e4267d4030ef0744dc5517a979d5ac4ca098a0c271", "76b0732dbca956b771375e08286e64791b5151951df75c3333d330c3fc64b5ad", "a30850408cd40360a1d146dd6523e3abe9eb077076f00030d6f4cb854144300e", "892e127dea47acb58bdcf6dcbba6d1c0825578e17eda71aeca70753ca1392d87", "748fadc2257b32a766624b33448b2c665f627ab4783e5364f8b6de9be6fb4595", "e1efa5a4e2d6e7b4dd1bb810b702de584a27cecadc6ee3d9c52bf602837536cd", "5d4fafce265952687dc0457c9371e608ad495dcf34f9197dd111814fc0c12f16", "d2ab5a17cb955c177a73f6dee869140bf30ae2c6211bf22e62d4bd3069f87fef", "cb06c7223d2180727a5367df89303aa6477ab7dab6c0fd8e8a1fe64da2eae4d3", "a9e66a3df0d91547902987d153025a1db11c40eb69ab34941ceba3e69edff825", "d73d7848785595c34dea1a57ddaf4c83bdcd17e1deae76750856454215e9e369", "250fde02ed82039d271893fb9c57c21566e1306885ffa0ab9ef1d76b8e637450", "4a3ea8cc597c3dc0f78ac61c7cb05cdf3b6f4fc583a041611eafa10ad48775e7", "246f6b0f79d75adae9cd20b4be32421c3876d8d5c190710647b0f8487fde16d6", "f6b24b4f953a12a464c11c8c6eea113c7da1d447ed9a9c39754d26bb1de15f6b", "0edef9c023045ca327cbdc4afcb26a729e863a406ededeea620a5156161bd65b", "6025eb9ff332381ae1b18ce3fabe0604f01fe42b313ea8ac0525dd92f368330f", "4460c8d695928d9791c2c56caa4f4d7f4e89b2f5f79f6cfd3f4104513c7b0caf", "5bcdb4fef1ef0db979cc431233e8ee60df86ff9a58dccb130b6cb14deaf20165", "ff8f64ba99905d7afb1bc98ec5dc64611bb73d508c8f6c40c26e30d2a61306b1", "5148c0ea49147b1ad5b61fdb21690b36a8df66cd887c5f7a5860593e9cd33da6", "e23251582f9c3bff3b9e08303b9715c004db7235ca09c6888fe7673acba251f7", "978ee0b56f6aa31b0f09a1558c9712d187910e7f88e6b1cccaf91c6353fc951b"], "mitre_attack_tags": []}, {"bi": "dns-query-nxdomain", "hashes": ["708f61e53aff6e67f8cb80e4267d4030ef0744dc5517a979d5ac4ca098a0c271", "76b0732dbca956b771375e08286e64791b5151951df75c3333d330c3fc64b5ad", "a30850408cd40360a1d146dd6523e3abe9eb077076f00030d6f4cb854144300e", "892e127dea47acb58bdcf6dcbba6d1c0825578e17eda71aeca70753ca1392d87", "748fadc2257b32a766624b33448b2c665f627ab4783e5364f8b6de9be6fb4595", "e1efa5a4e2d6e7b4dd1bb810b702de584a27cecadc6ee3d9c52bf602837536cd", "5d4fafce265952687dc0457c9371e608ad495dcf34f9197dd111814fc0c12f16", "d2ab5a17cb955c177a73f6dee869140bf30ae2c6211bf22e62d4bd3069f87fef", "cb06c7223d2180727a5367df89303aa6477ab7dab6c0fd8e8a1fe64da2eae4d3", "a9e66a3df0d91547902987d153025a1db11c40eb69ab34941ceba3e69edff825", "d73d7848785595c34dea1a57ddaf4c83bdcd17e1deae76750856454215e9e369", "250fde02ed82039d271893fb9c57c21566e1306885ffa0ab9ef1d76b8e637450", "4a3ea8cc597c3dc0f78ac61c7cb05cdf3b6f4fc583a041611eafa10ad48775e7", "246f6b0f79d75adae9cd20b4be32421c3876d8d5c190710647b0f8487fde16d6", "f6b24b4f953a12a464c11c8c6eea113c7da1d447ed9a9c39754d26bb1de15f6b", "0edef9c023045ca327cbdc4afcb26a729e863a406ededeea620a5156161bd65b", "6025eb9ff332381ae1b18ce3fabe0604f01fe42b313ea8ac0525dd92f368330f", "4460c8d695928d9791c2c56caa4f4d7f4e89b2f5f79f6cfd3f4104513c7b0caf", "5bcdb4fef1ef0db979cc431233e8ee60df86ff9a58dccb130b6cb14deaf20165", "ff8f64ba99905d7afb1bc98ec5dc64611bb73d508c8f6c40c26e30d2a61306b1", "5148c0ea49147b1ad5b61fdb21690b36a8df66cd887c5f7a5860593e9cd33da6", "e23251582f9c3bff3b9e08303b9715c004db7235ca09c6888fe7673acba251f7", "978ee0b56f6aa31b0f09a1558c9712d187910e7f88e6b1cccaf91c6353fc951b"], "mitre_attack_tags": []}, {"bi": "netbios-query", "hashes": ["708f61e53aff6e67f8cb80e4267d4030ef0744dc5517a979d5ac4ca098a0c271", "76b0732dbca956b771375e08286e64791b5151951df75c3333d330c3fc64b5ad", "a30850408cd40360a1d146dd6523e3abe9eb077076f00030d6f4cb854144300e", "892e127dea47acb58bdcf6dcbba6d1c0825578e17eda71aeca70753ca1392d87", "748fadc2257b32a766624b33448b2c665f627ab4783e5364f8b6de9be6fb4595", "e1efa5a4e2d6e7b4dd1bb810b702de584a27cecadc6ee3d9c52bf602837536cd", "5d4fafce265952687dc0457c9371e608ad495dcf34f9197dd111814fc0c12f16", "d2ab5a17cb955c177a73f6dee869140bf30ae2c6211bf22e62d4bd3069f87fef", "cb06c7223d2180727a5367df89303aa6477ab7dab6c0fd8e8a1fe64da2eae4d3", "a9e66a3df0d91547902987d153025a1db11c40eb69ab34941ceba3e69edff825", "d73d7848785595c34dea1a57ddaf4c83bdcd17e1deae76750856454215e9e369", "250fde02ed82039d271893fb9c57c21566e1306885ffa0ab9ef1d76b8e637450", "4a3ea8cc597c3dc0f78ac61c7cb05cdf3b6f4fc583a041611eafa10ad48775e7", "246f6b0f79d75adae9cd20b4be32421c3876d8d5c190710647b0f8487fde16d6", "f6b24b4f953a12a464c11c8c6eea113c7da1d447ed9a9c39754d26bb1de15f6b", "0edef9c023045ca327cbdc4afcb26a729e863a406ededeea620a5156161bd65b", "6025eb9ff332381ae1b18ce3fabe0604f01fe42b313ea8ac0525dd92f368330f", "4460c8d695928d9791c2c56caa4f4d7f4e89b2f5f79f6cfd3f4104513c7b0caf", "5bcdb4fef1ef0db979cc431233e8ee60df86ff9a58dccb130b6cb14deaf20165", "ff8f64ba99905d7afb1bc98ec5dc64611bb73d508c8f6c40c26e30d2a61306b1", "5148c0ea49147b1ad5b61fdb21690b36a8df66cd887c5f7a5860593e9cd33da6", "e23251582f9c3bff3b9e08303b9715c004db7235ca09c6888fe7673acba251f7", "978ee0b56f6aa31b0f09a1558c9712d187910e7f88e6b1cccaf91c6353fc951b"], "mitre_attack_tags": ["TA0007", "T1016"]}, {"bi": "network-only-safe-domains-contacted", "hashes": ["708f61e53aff6e67f8cb80e4267d4030ef0744dc5517a979d5ac4ca098a0c271", "76b0732dbca956b771375e08286e64791b5151951df75c3333d330c3fc64b5ad", "a30850408cd40360a1d146dd6523e3abe9eb077076f00030d6f4cb854144300e", "892e127dea47acb58bdcf6dcbba6d1c0825578e17eda71aeca70753ca1392d87", "748fadc2257b32a766624b33448b2c665f627ab4783e5364f8b6de9be6fb4595", "e1efa5a4e2d6e7b4dd1bb810b702de584a27cecadc6ee3d9c52bf602837536cd", "5d4fafce265952687dc0457c9371e608ad495dcf34f9197dd111814fc0c12f16", "d2ab5a17cb955c177a73f6dee869140bf30ae2c6211bf22e62d4bd3069f87fef", "cb06c7223d2180727a5367df89303aa6477ab7dab6c0fd8e8a1fe64da2eae4d3", "a9e66a3df0d91547902987d153025a1db11c40eb69ab34941ceba3e69edff825", "d73d7848785595c34dea1a57ddaf4c83bdcd17e1deae76750856454215e9e369", "250fde02ed82039d271893fb9c57c21566e1306885ffa0ab9ef1d76b8e637450", "4a3ea8cc597c3dc0f78ac61c7cb05cdf3b6f4fc583a041611eafa10ad48775e7", "246f6b0f79d75adae9cd20b4be32421c3876d8d5c190710647b0f8487fde16d6", "f6b24b4f953a12a464c11c8c6eea113c7da1d447ed9a9c39754d26bb1de15f6b", "0edef9c023045ca327cbdc4afcb26a729e863a406ededeea620a5156161bd65b", "6025eb9ff332381ae1b18ce3fabe0604f01fe42b313ea8ac0525dd92f368330f", "4460c8d695928d9791c2c56caa4f4d7f4e89b2f5f79f6cfd3f4104513c7b0caf", "5bcdb4fef1ef0db979cc431233e8ee60df86ff9a58dccb130b6cb14deaf20165", "ff8f64ba99905d7afb1bc98ec5dc64611bb73d508c8f6c40c26e30d2a61306b1", "5148c0ea49147b1ad5b61fdb21690b36a8df66cd887c5f7a5860593e9cd33da6", "e23251582f9c3bff3b9e08303b9715c004db7235ca09c6888fe7673acba251f7", "978ee0b56f6aa31b0f09a1558c9712d187910e7f88e6b1cccaf91c6353fc951b"], "mitre_attack_tags": []}, {"bi": "feed-domain-banking", "hashes": ["708f61e53aff6e67f8cb80e4267d4030ef0744dc5517a979d5ac4ca098a0c271", "76b0732dbca956b771375e08286e64791b5151951df75c3333d330c3fc64b5ad", "a30850408cd40360a1d146dd6523e3abe9eb077076f00030d6f4cb854144300e", "892e127dea47acb58bdcf6dcbba6d1c0825578e17eda71aeca70753ca1392d87", "748fadc2257b32a766624b33448b2c665f627ab4783e5364f8b6de9be6fb4595", "e1efa5a4e2d6e7b4dd1bb810b702de584a27cecadc6ee3d9c52bf602837536cd", "5d4fafce265952687dc0457c9371e608ad495dcf34f9197dd111814fc0c12f16", "d2ab5a17cb955c177a73f6dee869140bf30ae2c6211bf22e62d4bd3069f87fef", "cb06c7223d2180727a5367df89303aa6477ab7dab6c0fd8e8a1fe64da2eae4d3", "a9e66a3df0d91547902987d153025a1db11c40eb69ab34941ceba3e69edff825", "d73d7848785595c34dea1a57ddaf4c83bdcd17e1deae76750856454215e9e369", "250fde02ed82039d271893fb9c57c21566e1306885ffa0ab9ef1d76b8e637450", "4a3ea8cc597c3dc0f78ac61c7cb05cdf3b6f4fc583a041611eafa10ad48775e7", "246f6b0f79d75adae9cd20b4be32421c3876d8d5c190710647b0f8487fde16d6", "f6b24b4f953a12a464c11c8c6eea113c7da1d447ed9a9c39754d26bb1de15f6b", "0edef9c023045ca327cbdc4afcb26a729e863a406ededeea620a5156161bd65b", "6025eb9ff332381ae1b18ce3fabe0604f01fe42b313ea8ac0525dd92f368330f", "4460c8d695928d9791c2c56caa4f4d7f4e89b2f5f79f6cfd3f4104513c7b0caf", "5bcdb4fef1ef0db979cc431233e8ee60df86ff9a58dccb130b6cb14deaf20165", "ff8f64ba99905d7afb1bc98ec5dc64611bb73d508c8f6c40c26e30d2a61306b1", "5148c0ea49147b1ad5b61fdb21690b36a8df66cd887c5f7a5860593e9cd33da6", "e23251582f9c3bff3b9e08303b9715c004db7235ca09c6888fe7673acba251f7", "978ee0b56f6aa31b0f09a1558c9712d187910e7f88e6b1cccaf91c6353fc951b"], "mitre_attack_tags": []}, {"bi": "feed-domain-antivirus-service", "hashes": ["708f61e53aff6e67f8cb80e4267d4030ef0744dc5517a979d5ac4ca098a0c271", "76b0732dbca956b771375e08286e64791b5151951df75c3333d330c3fc64b5ad", "a30850408cd40360a1d146dd6523e3abe9eb077076f00030d6f4cb854144300e", "892e127dea47acb58bdcf6dcbba6d1c0825578e17eda71aeca70753ca1392d87", "748fadc2257b32a766624b33448b2c665f627ab4783e5364f8b6de9be6fb4595", "e1efa5a4e2d6e7b4dd1bb810b702de584a27cecadc6ee3d9c52bf602837536cd", "5d4fafce265952687dc0457c9371e608ad495dcf34f9197dd111814fc0c12f16", "d2ab5a17cb955c177a73f6dee869140bf30ae2c6211bf22e62d4bd3069f87fef", "cb06c7223d2180727a5367df89303aa6477ab7dab6c0fd8e8a1fe64da2eae4d3", "a9e66a3df0d91547902987d153025a1db11c40eb69ab34941ceba3e69edff825", "d73d7848785595c34dea1a57ddaf4c83bdcd17e1deae76750856454215e9e369", "250fde02ed82039d271893fb9c57c21566e1306885ffa0ab9ef1d76b8e637450", "4a3ea8cc597c3dc0f78ac61c7cb05cdf3b6f4fc583a041611eafa10ad48775e7", "246f6b0f79d75adae9cd20b4be32421c3876d8d5c190710647b0f8487fde16d6", "f6b24b4f953a12a464c11c8c6eea113c7da1d447ed9a9c39754d26bb1de15f6b", "0edef9c023045ca327cbdc4afcb26a729e863a406ededeea620a5156161bd65b", "6025eb9ff332381ae1b18ce3fabe0604f01fe42b313ea8ac0525dd92f368330f", "4460c8d695928d9791c2c56caa4f4d7f4e89b2f5f79f6cfd3f4104513c7b0caf", "5bcdb4fef1ef0db979cc431233e8ee60df86ff9a58dccb130b6cb14deaf20165", "ff8f64ba99905d7afb1bc98ec5dc64611bb73d508c8f6c40c26e30d2a61306b1", "5148c0ea49147b1ad5b61fdb21690b36a8df66cd887c5f7a5860593e9cd33da6", "e23251582f9c3bff3b9e08303b9715c004db7235ca09c6888fe7673acba251f7", "978ee0b56f6aa31b0f09a1558c9712d187910e7f88e6b1cccaf91c6353fc951b"], "mitre_attack_tags": []}, {"bi": "artifact-windows-task", "hashes": ["708f61e53aff6e67f8cb80e4267d4030ef0744dc5517a979d5ac4ca098a0c271", "76b0732dbca956b771375e08286e64791b5151951df75c3333d330c3fc64b5ad", "a30850408cd40360a1d146dd6523e3abe9eb077076f00030d6f4cb854144300e", "892e127dea47acb58bdcf6dcbba6d1c0825578e17eda71aeca70753ca1392d87", "748fadc2257b32a766624b33448b2c665f627ab4783e5364f8b6de9be6fb4595", "e1efa5a4e2d6e7b4dd1bb810b702de584a27cecadc6ee3d9c52bf602837536cd", "5d4fafce265952687dc0457c9371e608ad495dcf34f9197dd111814fc0c12f16", "d2ab5a17cb955c177a73f6dee869140bf30ae2c6211bf22e62d4bd3069f87fef", "cb06c7223d2180727a5367df89303aa6477ab7dab6c0fd8e8a1fe64da2eae4d3", "a9e66a3df0d91547902987d153025a1db11c40eb69ab34941ceba3e69edff825", "d73d7848785595c34dea1a57ddaf4c83bdcd17e1deae76750856454215e9e369", "250fde02ed82039d271893fb9c57c21566e1306885ffa0ab9ef1d76b8e637450", "4a3ea8cc597c3dc0f78ac61c7cb05cdf3b6f4fc583a041611eafa10ad48775e7", "246f6b0f79d75adae9cd20b4be32421c3876d8d5c190710647b0f8487fde16d6", "f6b24b4f953a12a464c11c8c6eea113c7da1d447ed9a9c39754d26bb1de15f6b", "0edef9c023045ca327cbdc4afcb26a729e863a406ededeea620a5156161bd65b", "6025eb9ff332381ae1b18ce3fabe0604f01fe42b313ea8ac0525dd92f368330f", "4460c8d695928d9791c2c56caa4f4d7f4e89b2f5f79f6cfd3f4104513c7b0caf", "5bcdb4fef1ef0db979cc431233e8ee60df86ff9a58dccb130b6cb14deaf20165", "ff8f64ba99905d7afb1bc98ec5dc64611bb73d508c8f6c40c26e30d2a61306b1", "5148c0ea49147b1ad5b61fdb21690b36a8df66cd887c5f7a5860593e9cd33da6", "e23251582f9c3bff3b9e08303b9715c004db7235ca09c6888fe7673acba251f7", "978ee0b56f6aa31b0f09a1558c9712d187910e7f88e6b1cccaf91c6353fc951b"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1053"]}, {"bi": "network-dns-safe-categories", "hashes": ["708f61e53aff6e67f8cb80e4267d4030ef0744dc5517a979d5ac4ca098a0c271", "76b0732dbca956b771375e08286e64791b5151951df75c3333d330c3fc64b5ad", "a30850408cd40360a1d146dd6523e3abe9eb077076f00030d6f4cb854144300e", "892e127dea47acb58bdcf6dcbba6d1c0825578e17eda71aeca70753ca1392d87", "748fadc2257b32a766624b33448b2c665f627ab4783e5364f8b6de9be6fb4595", "e1efa5a4e2d6e7b4dd1bb810b702de584a27cecadc6ee3d9c52bf602837536cd", "5d4fafce265952687dc0457c9371e608ad495dcf34f9197dd111814fc0c12f16", "d2ab5a17cb955c177a73f6dee869140bf30ae2c6211bf22e62d4bd3069f87fef", "cb06c7223d2180727a5367df89303aa6477ab7dab6c0fd8e8a1fe64da2eae4d3", "a9e66a3df0d91547902987d153025a1db11c40eb69ab34941ceba3e69edff825", "d73d7848785595c34dea1a57ddaf4c83bdcd17e1deae76750856454215e9e369", "250fde02ed82039d271893fb9c57c21566e1306885ffa0ab9ef1d76b8e637450", "4a3ea8cc597c3dc0f78ac61c7cb05cdf3b6f4fc583a041611eafa10ad48775e7", "246f6b0f79d75adae9cd20b4be32421c3876d8d5c190710647b0f8487fde16d6", "f6b24b4f953a12a464c11c8c6eea113c7da1d447ed9a9c39754d26bb1de15f6b", "0edef9c023045ca327cbdc4afcb26a729e863a406ededeea620a5156161bd65b", "6025eb9ff332381ae1b18ce3fabe0604f01fe42b313ea8ac0525dd92f368330f", "4460c8d695928d9791c2c56caa4f4d7f4e89b2f5f79f6cfd3f4104513c7b0caf", "5bcdb4fef1ef0db979cc431233e8ee60df86ff9a58dccb130b6cb14deaf20165", "ff8f64ba99905d7afb1bc98ec5dc64611bb73d508c8f6c40c26e30d2a61306b1", "5148c0ea49147b1ad5b61fdb21690b36a8df66cd887c5f7a5860593e9cd33da6", "e23251582f9c3bff3b9e08303b9715c004db7235ca09c6888fe7673acba251f7", "978ee0b56f6aa31b0f09a1558c9712d187910e7f88e6b1cccaf91c6353fc951b"], "mitre_attack_tags": []}, {"bi": "network-fast-flux-domain", "hashes": ["708f61e53aff6e67f8cb80e4267d4030ef0744dc5517a979d5ac4ca098a0c271", "76b0732dbca956b771375e08286e64791b5151951df75c3333d330c3fc64b5ad", "a30850408cd40360a1d146dd6523e3abe9eb077076f00030d6f4cb854144300e", "892e127dea47acb58bdcf6dcbba6d1c0825578e17eda71aeca70753ca1392d87", "748fadc2257b32a766624b33448b2c665f627ab4783e5364f8b6de9be6fb4595", "e1efa5a4e2d6e7b4dd1bb810b702de584a27cecadc6ee3d9c52bf602837536cd", "d2ab5a17cb955c177a73f6dee869140bf30ae2c6211bf22e62d4bd3069f87fef", "cb06c7223d2180727a5367df89303aa6477ab7dab6c0fd8e8a1fe64da2eae4d3", "a9e66a3df0d91547902987d153025a1db11c40eb69ab34941ceba3e69edff825", "d73d7848785595c34dea1a57ddaf4c83bdcd17e1deae76750856454215e9e369", "250fde02ed82039d271893fb9c57c21566e1306885ffa0ab9ef1d76b8e637450", "4a3ea8cc597c3dc0f78ac61c7cb05cdf3b6f4fc583a041611eafa10ad48775e7", "246f6b0f79d75adae9cd20b4be32421c3876d8d5c190710647b0f8487fde16d6", "f6b24b4f953a12a464c11c8c6eea113c7da1d447ed9a9c39754d26bb1de15f6b", "0edef9c023045ca327cbdc4afcb26a729e863a406ededeea620a5156161bd65b", "6025eb9ff332381ae1b18ce3fabe0604f01fe42b313ea8ac0525dd92f368330f", "4460c8d695928d9791c2c56caa4f4d7f4e89b2f5f79f6cfd3f4104513c7b0caf", "5bcdb4fef1ef0db979cc431233e8ee60df86ff9a58dccb130b6cb14deaf20165", "ff8f64ba99905d7afb1bc98ec5dc64611bb73d508c8f6c40c26e30d2a61306b1", "5148c0ea49147b1ad5b61fdb21690b36a8df66cd887c5f7a5860593e9cd33da6", "e23251582f9c3bff3b9e08303b9715c004db7235ca09c6888fe7673acba251f7", "978ee0b56f6aa31b0f09a1558c9712d187910e7f88e6b1cccaf91c6353fc951b"], "mitre_attack_tags": []}, {"bi": "network-dns-malicious-snort", "hashes": ["708f61e53aff6e67f8cb80e4267d4030ef0744dc5517a979d5ac4ca098a0c271", "76b0732dbca956b771375e08286e64791b5151951df75c3333d330c3fc64b5ad", "a30850408cd40360a1d146dd6523e3abe9eb077076f00030d6f4cb854144300e", "892e127dea47acb58bdcf6dcbba6d1c0825578e17eda71aeca70753ca1392d87", "748fadc2257b32a766624b33448b2c665f627ab4783e5364f8b6de9be6fb4595", "e1efa5a4e2d6e7b4dd1bb810b702de584a27cecadc6ee3d9c52bf602837536cd", "d2ab5a17cb955c177a73f6dee869140bf30ae2c6211bf22e62d4bd3069f87fef", "cb06c7223d2180727a5367df89303aa6477ab7dab6c0fd8e8a1fe64da2eae4d3", "a9e66a3df0d91547902987d153025a1db11c40eb69ab34941ceba3e69edff825", "d73d7848785595c34dea1a57ddaf4c83bdcd17e1deae76750856454215e9e369", "250fde02ed82039d271893fb9c57c21566e1306885ffa0ab9ef1d76b8e637450", "4a3ea8cc597c3dc0f78ac61c7cb05cdf3b6f4fc583a041611eafa10ad48775e7", "246f6b0f79d75adae9cd20b4be32421c3876d8d5c190710647b0f8487fde16d6", "f6b24b4f953a12a464c11c8c6eea113c7da1d447ed9a9c39754d26bb1de15f6b", "0edef9c023045ca327cbdc4afcb26a729e863a406ededeea620a5156161bd65b", "6025eb9ff332381ae1b18ce3fabe0604f01fe42b313ea8ac0525dd92f368330f", "4460c8d695928d9791c2c56caa4f4d7f4e89b2f5f79f6cfd3f4104513c7b0caf", "5bcdb4fef1ef0db979cc431233e8ee60df86ff9a58dccb130b6cb14deaf20165", "ff8f64ba99905d7afb1bc98ec5dc64611bb73d508c8f6c40c26e30d2a61306b1", "5148c0ea49147b1ad5b61fdb21690b36a8df66cd887c5f7a5860593e9cd33da6", "e23251582f9c3bff3b9e08303b9715c004db7235ca09c6888fe7673acba251f7", "978ee0b56f6aa31b0f09a1558c9712d187910e7f88e6b1cccaf91c6353fc951b"], "mitre_attack_tags": ["TA0011", "T1102"]}, {"bi": "network-snort-protocol", "hashes": ["708f61e53aff6e67f8cb80e4267d4030ef0744dc5517a979d5ac4ca098a0c271", "76b0732dbca956b771375e08286e64791b5151951df75c3333d330c3fc64b5ad", "a30850408cd40360a1d146dd6523e3abe9eb077076f00030d6f4cb854144300e", "892e127dea47acb58bdcf6dcbba6d1c0825578e17eda71aeca70753ca1392d87", "748fadc2257b32a766624b33448b2c665f627ab4783e5364f8b6de9be6fb4595", "e1efa5a4e2d6e7b4dd1bb810b702de584a27cecadc6ee3d9c52bf602837536cd", "d2ab5a17cb955c177a73f6dee869140bf30ae2c6211bf22e62d4bd3069f87fef", "cb06c7223d2180727a5367df89303aa6477ab7dab6c0fd8e8a1fe64da2eae4d3", "a9e66a3df0d91547902987d153025a1db11c40eb69ab34941ceba3e69edff825", "d73d7848785595c34dea1a57ddaf4c83bdcd17e1deae76750856454215e9e369", "250fde02ed82039d271893fb9c57c21566e1306885ffa0ab9ef1d76b8e637450", "4a3ea8cc597c3dc0f78ac61c7cb05cdf3b6f4fc583a041611eafa10ad48775e7", "246f6b0f79d75adae9cd20b4be32421c3876d8d5c190710647b0f8487fde16d6", "f6b24b4f953a12a464c11c8c6eea113c7da1d447ed9a9c39754d26bb1de15f6b", "0edef9c023045ca327cbdc4afcb26a729e863a406ededeea620a5156161bd65b", "6025eb9ff332381ae1b18ce3fabe0604f01fe42b313ea8ac0525dd92f368330f", "4460c8d695928d9791c2c56caa4f4d7f4e89b2f5f79f6cfd3f4104513c7b0caf", "5bcdb4fef1ef0db979cc431233e8ee60df86ff9a58dccb130b6cb14deaf20165", "ff8f64ba99905d7afb1bc98ec5dc64611bb73d508c8f6c40c26e30d2a61306b1", "5148c0ea49147b1ad5b61fdb21690b36a8df66cd887c5f7a5860593e9cd33da6", "e23251582f9c3bff3b9e08303b9715c004db7235ca09c6888fe7673acba251f7", "978ee0b56f6aa31b0f09a1558c9712d187910e7f88e6b1cccaf91c6353fc951b"], "mitre_attack_tags": []}, {"bi": "network-snort-malware", "hashes": ["708f61e53aff6e67f8cb80e4267d4030ef0744dc5517a979d5ac4ca098a0c271", "76b0732dbca956b771375e08286e64791b5151951df75c3333d330c3fc64b5ad", "a30850408cd40360a1d146dd6523e3abe9eb077076f00030d6f4cb854144300e", "892e127dea47acb58bdcf6dcbba6d1c0825578e17eda71aeca70753ca1392d87", "748fadc2257b32a766624b33448b2c665f627ab4783e5364f8b6de9be6fb4595", "e1efa5a4e2d6e7b4dd1bb810b702de584a27cecadc6ee3d9c52bf602837536cd", "d2ab5a17cb955c177a73f6dee869140bf30ae2c6211bf22e62d4bd3069f87fef", "cb06c7223d2180727a5367df89303aa6477ab7dab6c0fd8e8a1fe64da2eae4d3", "a9e66a3df0d91547902987d153025a1db11c40eb69ab34941ceba3e69edff825", "d73d7848785595c34dea1a57ddaf4c83bdcd17e1deae76750856454215e9e369", "250fde02ed82039d271893fb9c57c21566e1306885ffa0ab9ef1d76b8e637450", "4a3ea8cc597c3dc0f78ac61c7cb05cdf3b6f4fc583a041611eafa10ad48775e7", "246f6b0f79d75adae9cd20b4be32421c3876d8d5c190710647b0f8487fde16d6", "f6b24b4f953a12a464c11c8c6eea113c7da1d447ed9a9c39754d26bb1de15f6b", "0edef9c023045ca327cbdc4afcb26a729e863a406ededeea620a5156161bd65b", "6025eb9ff332381ae1b18ce3fabe0604f01fe42b313ea8ac0525dd92f368330f", "4460c8d695928d9791c2c56caa4f4d7f4e89b2f5f79f6cfd3f4104513c7b0caf", "5bcdb4fef1ef0db979cc431233e8ee60df86ff9a58dccb130b6cb14deaf20165", "ff8f64ba99905d7afb1bc98ec5dc64611bb73d508c8f6c40c26e30d2a61306b1", "5148c0ea49147b1ad5b61fdb21690b36a8df66cd887c5f7a5860593e9cd33da6", "e23251582f9c3bff3b9e08303b9715c004db7235ca09c6888fe7673acba251f7", "978ee0b56f6aa31b0f09a1558c9712d187910e7f88e6b1cccaf91c6353fc951b"], "mitre_attack_tags": []}, {"bi": "network-dns-category-cnc", "hashes": ["708f61e53aff6e67f8cb80e4267d4030ef0744dc5517a979d5ac4ca098a0c271", "76b0732dbca956b771375e08286e64791b5151951df75c3333d330c3fc64b5ad", "a30850408cd40360a1d146dd6523e3abe9eb077076f00030d6f4cb854144300e", "892e127dea47acb58bdcf6dcbba6d1c0825578e17eda71aeca70753ca1392d87", "748fadc2257b32a766624b33448b2c665f627ab4783e5364f8b6de9be6fb4595", "e1efa5a4e2d6e7b4dd1bb810b702de584a27cecadc6ee3d9c52bf602837536cd", "d2ab5a17cb955c177a73f6dee869140bf30ae2c6211bf22e62d4bd3069f87fef", "cb06c7223d2180727a5367df89303aa6477ab7dab6c0fd8e8a1fe64da2eae4d3", "a9e66a3df0d91547902987d153025a1db11c40eb69ab34941ceba3e69edff825", "d73d7848785595c34dea1a57ddaf4c83bdcd17e1deae76750856454215e9e369", "250fde02ed82039d271893fb9c57c21566e1306885ffa0ab9ef1d76b8e637450", "4a3ea8cc597c3dc0f78ac61c7cb05cdf3b6f4fc583a041611eafa10ad48775e7", "246f6b0f79d75adae9cd20b4be32421c3876d8d5c190710647b0f8487fde16d6", "f6b24b4f953a12a464c11c8c6eea113c7da1d447ed9a9c39754d26bb1de15f6b", "0edef9c023045ca327cbdc4afcb26a729e863a406ededeea620a5156161bd65b", "6025eb9ff332381ae1b18ce3fabe0604f01fe42b313ea8ac0525dd92f368330f", "4460c8d695928d9791c2c56caa4f4d7f4e89b2f5f79f6cfd3f4104513c7b0caf", "5bcdb4fef1ef0db979cc431233e8ee60df86ff9a58dccb130b6cb14deaf20165", "ff8f64ba99905d7afb1bc98ec5dc64611bb73d508c8f6c40c26e30d2a61306b1", "5148c0ea49147b1ad5b61fdb21690b36a8df66cd887c5f7a5860593e9cd33da6", "e23251582f9c3bff3b9e08303b9715c004db7235ca09c6888fe7673acba251f7", "978ee0b56f6aa31b0f09a1558c9712d187910e7f88e6b1cccaf91c6353fc951b"], "mitre_attack_tags": ["TA0011"]}, {"bi": "possible-dga-communication", "hashes": ["708f61e53aff6e67f8cb80e4267d4030ef0744dc5517a979d5ac4ca098a0c271", "76b0732dbca956b771375e08286e64791b5151951df75c3333d330c3fc64b5ad", "a30850408cd40360a1d146dd6523e3abe9eb077076f00030d6f4cb854144300e", "892e127dea47acb58bdcf6dcbba6d1c0825578e17eda71aeca70753ca1392d87", "748fadc2257b32a766624b33448b2c665f627ab4783e5364f8b6de9be6fb4595", "e1efa5a4e2d6e7b4dd1bb810b702de584a27cecadc6ee3d9c52bf602837536cd", "d2ab5a17cb955c177a73f6dee869140bf30ae2c6211bf22e62d4bd3069f87fef", "cb06c7223d2180727a5367df89303aa6477ab7dab6c0fd8e8a1fe64da2eae4d3", "a9e66a3df0d91547902987d153025a1db11c40eb69ab34941ceba3e69edff825", "d73d7848785595c34dea1a57ddaf4c83bdcd17e1deae76750856454215e9e369", "250fde02ed82039d271893fb9c57c21566e1306885ffa0ab9ef1d76b8e637450", "4a3ea8cc597c3dc0f78ac61c7cb05cdf3b6f4fc583a041611eafa10ad48775e7", "246f6b0f79d75adae9cd20b4be32421c3876d8d5c190710647b0f8487fde16d6", "f6b24b4f953a12a464c11c8c6eea113c7da1d447ed9a9c39754d26bb1de15f6b", "0edef9c023045ca327cbdc4afcb26a729e863a406ededeea620a5156161bd65b", "6025eb9ff332381ae1b18ce3fabe0604f01fe42b313ea8ac0525dd92f368330f", "4460c8d695928d9791c2c56caa4f4d7f4e89b2f5f79f6cfd3f4104513c7b0caf", "5bcdb4fef1ef0db979cc431233e8ee60df86ff9a58dccb130b6cb14deaf20165", "ff8f64ba99905d7afb1bc98ec5dc64611bb73d508c8f6c40c26e30d2a61306b1", "5148c0ea49147b1ad5b61fdb21690b36a8df66cd887c5f7a5860593e9cd33da6", "e23251582f9c3bff3b9e08303b9715c004db7235ca09c6888fe7673acba251f7", "978ee0b56f6aa31b0f09a1558c9712d187910e7f88e6b1cccaf91c6353fc951b"], "mitre_attack_tags": ["TA0011", "T1568"]}, {"bi": "malware-ramnit-snort", "hashes": ["708f61e53aff6e67f8cb80e4267d4030ef0744dc5517a979d5ac4ca098a0c271", "76b0732dbca956b771375e08286e64791b5151951df75c3333d330c3fc64b5ad", "a30850408cd40360a1d146dd6523e3abe9eb077076f00030d6f4cb854144300e", "892e127dea47acb58bdcf6dcbba6d1c0825578e17eda71aeca70753ca1392d87", "748fadc2257b32a766624b33448b2c665f627ab4783e5364f8b6de9be6fb4595", "e1efa5a4e2d6e7b4dd1bb810b702de584a27cecadc6ee3d9c52bf602837536cd", "d2ab5a17cb955c177a73f6dee869140bf30ae2c6211bf22e62d4bd3069f87fef", "cb06c7223d2180727a5367df89303aa6477ab7dab6c0fd8e8a1fe64da2eae4d3", "a9e66a3df0d91547902987d153025a1db11c40eb69ab34941ceba3e69edff825", "d73d7848785595c34dea1a57ddaf4c83bdcd17e1deae76750856454215e9e369", "250fde02ed82039d271893fb9c57c21566e1306885ffa0ab9ef1d76b8e637450", "4a3ea8cc597c3dc0f78ac61c7cb05cdf3b6f4fc583a041611eafa10ad48775e7", "246f6b0f79d75adae9cd20b4be32421c3876d8d5c190710647b0f8487fde16d6", "f6b24b4f953a12a464c11c8c6eea113c7da1d447ed9a9c39754d26bb1de15f6b", "0edef9c023045ca327cbdc4afcb26a729e863a406ededeea620a5156161bd65b", "6025eb9ff332381ae1b18ce3fabe0604f01fe42b313ea8ac0525dd92f368330f", "4460c8d695928d9791c2c56caa4f4d7f4e89b2f5f79f6cfd3f4104513c7b0caf", "5bcdb4fef1ef0db979cc431233e8ee60df86ff9a58dccb130b6cb14deaf20165", "ff8f64ba99905d7afb1bc98ec5dc64611bb73d508c8f6c40c26e30d2a61306b1", "5148c0ea49147b1ad5b61fdb21690b36a8df66cd887c5f7a5860593e9cd33da6", "e23251582f9c3bff3b9e08303b9715c004db7235ca09c6888fe7673acba251f7", "978ee0b56f6aa31b0f09a1558c9712d187910e7f88e6b1cccaf91c6353fc951b"], "mitre_attack_tags": []}, {"bi": "network-fast-flux-nameserver", "hashes": ["892e127dea47acb58bdcf6dcbba6d1c0825578e17eda71aeca70753ca1392d87", "a9e66a3df0d91547902987d153025a1db11c40eb69ab34941ceba3e69edff825", "f6b24b4f953a12a464c11c8c6eea113c7da1d447ed9a9c39754d26bb1de15f6b"], "mitre_attack_tags": []}, {"bi": "pe-resource-lang-russian", "hashes": ["892e127dea47acb58bdcf6dcbba6d1c0825578e17eda71aeca70753ca1392d87"], "mitre_attack_tags": []}, {"bi": "pe-resource-lang-spanish", "hashes": ["d73d7848785595c34dea1a57ddaf4c83bdcd17e1deae76750856454215e9e369"], "mitre_attack_tags": []}, {"bi": "pe-resource-lang-arabic", "hashes": ["4a3ea8cc597c3dc0f78ac61c7cb05cdf3b6f4fc583a041611eafa10ad48775e7"], "mitre_attack_tags": []}, {"bi": "pe-resource-lang-korean", "hashes": ["6025eb9ff332381ae1b18ce3fabe0604f01fe42b313ea8ac0525dd92f368330f"], "mitre_attack_tags": []}], "category": "Virus", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": true, "Threat Grid": true, "Umbrella": true, "WSA": true}, "description": "Ramnit is a banking trojan that monitors web browser activity on an infected machine and collects login information from financial websites. It also can steal browser cookies and attempts to hide from popular antivirus software.", "hashes": ["0edef9c023045ca327cbdc4afcb26a729e863a406ededeea620a5156161bd65b", "246f6b0f79d75adae9cd20b4be32421c3876d8d5c190710647b0f8487fde16d6", "250fde02ed82039d271893fb9c57c21566e1306885ffa0ab9ef1d76b8e637450", "4460c8d695928d9791c2c56caa4f4d7f4e89b2f5f79f6cfd3f4104513c7b0caf", "4a3ea8cc597c3dc0f78ac61c7cb05cdf3b6f4fc583a041611eafa10ad48775e7", "5148c0ea49147b1ad5b61fdb21690b36a8df66cd887c5f7a5860593e9cd33da6", "5bcdb4fef1ef0db979cc431233e8ee60df86ff9a58dccb130b6cb14deaf20165", "5d4fafce265952687dc0457c9371e608ad495dcf34f9197dd111814fc0c12f16", "6025eb9ff332381ae1b18ce3fabe0604f01fe42b313ea8ac0525dd92f368330f", "6f7100b0a2575c3f4c6830642168a8dd9dfc779c5adb58959958bad267e1d2c6", "708f61e53aff6e67f8cb80e4267d4030ef0744dc5517a979d5ac4ca098a0c271", "748fadc2257b32a766624b33448b2c665f627ab4783e5364f8b6de9be6fb4595", "76b0732dbca956b771375e08286e64791b5151951df75c3333d330c3fc64b5ad", "892e127dea47acb58bdcf6dcbba6d1c0825578e17eda71aeca70753ca1392d87", "978ee0b56f6aa31b0f09a1558c9712d187910e7f88e6b1cccaf91c6353fc951b", "a30850408cd40360a1d146dd6523e3abe9eb077076f00030d6f4cb854144300e", "a9e66a3df0d91547902987d153025a1db11c40eb69ab34941ceba3e69edff825", "cb06c7223d2180727a5367df89303aa6477ab7dab6c0fd8e8a1fe64da2eae4d3", "d2ab5a17cb955c177a73f6dee869140bf30ae2c6211bf22e62d4bd3069f87fef", "d73d7848785595c34dea1a57ddaf4c83bdcd17e1deae76750856454215e9e369", "e1efa5a4e2d6e7b4dd1bb810b702de584a27cecadc6ee3d9c52bf602837536cd", "e23251582f9c3bff3b9e08303b9715c004db7235ca09c6888fe7673acba251f7", "e94a7c984848c929bafaba780216e6f83ea4e02641f7feecbf3e08792882e20d", "f6b24b4f953a12a464c11c8c6eea113c7da1d447ed9a9c39754d26bb1de15f6b", "ff8f64ba99905d7afb1bc98ec5dc64611bb73d508c8f6c40c26e30d2a61306b1"], "iocs": {"domain": [{"hashes": ["0edef9c023045ca327cbdc4afcb26a729e863a406ededeea620a5156161bd65b", "246f6b0f79d75adae9cd20b4be32421c3876d8d5c190710647b0f8487fde16d6", "250fde02ed82039d271893fb9c57c21566e1306885ffa0ab9ef1d76b8e637450", "4460c8d695928d9791c2c56caa4f4d7f4e89b2f5f79f6cfd3f4104513c7b0caf", "4a3ea8cc597c3dc0f78ac61c7cb05cdf3b6f4fc583a041611eafa10ad48775e7", "5148c0ea49147b1ad5b61fdb21690b36a8df66cd887c5f7a5860593e9cd33da6", "5bcdb4fef1ef0db979cc431233e8ee60df86ff9a58dccb130b6cb14deaf20165", "5d4fafce265952687dc0457c9371e608ad495dcf34f9197dd111814fc0c12f16", "6025eb9ff332381ae1b18ce3fabe0604f01fe42b313ea8ac0525dd92f368330f", "708f61e53aff6e67f8cb80e4267d4030ef0744dc5517a979d5ac4ca098a0c271", "748fadc2257b32a766624b33448b2c665f627ab4783e5364f8b6de9be6fb4595", "76b0732dbca956b771375e08286e64791b5151951df75c3333d330c3fc64b5ad", "892e127dea47acb58bdcf6dcbba6d1c0825578e17eda71aeca70753ca1392d87", "978ee0b56f6aa31b0f09a1558c9712d187910e7f88e6b1cccaf91c6353fc951b", "a30850408cd40360a1d146dd6523e3abe9eb077076f00030d6f4cb854144300e", "a9e66a3df0d91547902987d153025a1db11c40eb69ab34941ceba3e69edff825", "cb06c7223d2180727a5367df89303aa6477ab7dab6c0fd8e8a1fe64da2eae4d3", "d2ab5a17cb955c177a73f6dee869140bf30ae2c6211bf22e62d4bd3069f87fef", "d73d7848785595c34dea1a57ddaf4c83bdcd17e1deae76750856454215e9e369", "e1efa5a4e2d6e7b4dd1bb810b702de584a27cecadc6ee3d9c52bf602837536cd", "e23251582f9c3bff3b9e08303b9715c004db7235ca09c6888fe7673acba251f7", "f6b24b4f953a12a464c11c8c6eea113c7da1d447ed9a9c39754d26bb1de15f6b", "ff8f64ba99905d7afb1bc98ec5dc64611bb73d508c8f6c40c26e30d2a61306b1"], "host": "google[.]com"}, {"hashes": ["0edef9c023045ca327cbdc4afcb26a729e863a406ededeea620a5156161bd65b", "246f6b0f79d75adae9cd20b4be32421c3876d8d5c190710647b0f8487fde16d6", "250fde02ed82039d271893fb9c57c21566e1306885ffa0ab9ef1d76b8e637450", "4460c8d695928d9791c2c56caa4f4d7f4e89b2f5f79f6cfd3f4104513c7b0caf", "4a3ea8cc597c3dc0f78ac61c7cb05cdf3b6f4fc583a041611eafa10ad48775e7", "5148c0ea49147b1ad5b61fdb21690b36a8df66cd887c5f7a5860593e9cd33da6", "5bcdb4fef1ef0db979cc431233e8ee60df86ff9a58dccb130b6cb14deaf20165", "5d4fafce265952687dc0457c9371e608ad495dcf34f9197dd111814fc0c12f16", "6025eb9ff332381ae1b18ce3fabe0604f01fe42b313ea8ac0525dd92f368330f", "708f61e53aff6e67f8cb80e4267d4030ef0744dc5517a979d5ac4ca098a0c271", "748fadc2257b32a766624b33448b2c665f627ab4783e5364f8b6de9be6fb4595", "76b0732dbca956b771375e08286e64791b5151951df75c3333d330c3fc64b5ad", "892e127dea47acb58bdcf6dcbba6d1c0825578e17eda71aeca70753ca1392d87", "978ee0b56f6aa31b0f09a1558c9712d187910e7f88e6b1cccaf91c6353fc951b", "a30850408cd40360a1d146dd6523e3abe9eb077076f00030d6f4cb854144300e", "a9e66a3df0d91547902987d153025a1db11c40eb69ab34941ceba3e69edff825", "cb06c7223d2180727a5367df89303aa6477ab7dab6c0fd8e8a1fe64da2eae4d3", "d2ab5a17cb955c177a73f6dee869140bf30ae2c6211bf22e62d4bd3069f87fef", "d73d7848785595c34dea1a57ddaf4c83bdcd17e1deae76750856454215e9e369", "e1efa5a4e2d6e7b4dd1bb810b702de584a27cecadc6ee3d9c52bf602837536cd", "e23251582f9c3bff3b9e08303b9715c004db7235ca09c6888fe7673acba251f7", "f6b24b4f953a12a464c11c8c6eea113c7da1d447ed9a9c39754d26bb1de15f6b", "ff8f64ba99905d7afb1bc98ec5dc64611bb73d508c8f6c40c26e30d2a61306b1"], "host": "testetst[.]ru"}, {"hashes": ["0edef9c023045ca327cbdc4afcb26a729e863a406ededeea620a5156161bd65b", "246f6b0f79d75adae9cd20b4be32421c3876d8d5c190710647b0f8487fde16d6", "250fde02ed82039d271893fb9c57c21566e1306885ffa0ab9ef1d76b8e637450", "4460c8d695928d9791c2c56caa4f4d7f4e89b2f5f79f6cfd3f4104513c7b0caf", "4a3ea8cc597c3dc0f78ac61c7cb05cdf3b6f4fc583a041611eafa10ad48775e7", "5148c0ea49147b1ad5b61fdb21690b36a8df66cd887c5f7a5860593e9cd33da6", "5bcdb4fef1ef0db979cc431233e8ee60df86ff9a58dccb130b6cb14deaf20165", "6025eb9ff332381ae1b18ce3fabe0604f01fe42b313ea8ac0525dd92f368330f", "708f61e53aff6e67f8cb80e4267d4030ef0744dc5517a979d5ac4ca098a0c271", "748fadc2257b32a766624b33448b2c665f627ab4783e5364f8b6de9be6fb4595", "76b0732dbca956b771375e08286e64791b5151951df75c3333d330c3fc64b5ad", "892e127dea47acb58bdcf6dcbba6d1c0825578e17eda71aeca70753ca1392d87", "978ee0b56f6aa31b0f09a1558c9712d187910e7f88e6b1cccaf91c6353fc951b", "a30850408cd40360a1d146dd6523e3abe9eb077076f00030d6f4cb854144300e", "a9e66a3df0d91547902987d153025a1db11c40eb69ab34941ceba3e69edff825", "cb06c7223d2180727a5367df89303aa6477ab7dab6c0fd8e8a1fe64da2eae4d3", "d2ab5a17cb955c177a73f6dee869140bf30ae2c6211bf22e62d4bd3069f87fef", "d73d7848785595c34dea1a57ddaf4c83bdcd17e1deae76750856454215e9e369", "e1efa5a4e2d6e7b4dd1bb810b702de584a27cecadc6ee3d9c52bf602837536cd", "e23251582f9c3bff3b9e08303b9715c004db7235ca09c6888fe7673acba251f7", "f6b24b4f953a12a464c11c8c6eea113c7da1d447ed9a9c39754d26bb1de15f6b", "ff8f64ba99905d7afb1bc98ec5dc64611bb73d508c8f6c40c26e30d2a61306b1"], "host": "iihsmkek[.]com"}, {"hashes": ["0edef9c023045ca327cbdc4afcb26a729e863a406ededeea620a5156161bd65b", "246f6b0f79d75adae9cd20b4be32421c3876d8d5c190710647b0f8487fde16d6", "250fde02ed82039d271893fb9c57c21566e1306885ffa0ab9ef1d76b8e637450", "4460c8d695928d9791c2c56caa4f4d7f4e89b2f5f79f6cfd3f4104513c7b0caf", "4a3ea8cc597c3dc0f78ac61c7cb05cdf3b6f4fc583a041611eafa10ad48775e7", "5148c0ea49147b1ad5b61fdb21690b36a8df66cd887c5f7a5860593e9cd33da6", "5bcdb4fef1ef0db979cc431233e8ee60df86ff9a58dccb130b6cb14deaf20165", "6025eb9ff332381ae1b18ce3fabe0604f01fe42b313ea8ac0525dd92f368330f", "708f61e53aff6e67f8cb80e4267d4030ef0744dc5517a979d5ac4ca098a0c271", "748fadc2257b32a766624b33448b2c665f627ab4783e5364f8b6de9be6fb4595", "76b0732dbca956b771375e08286e64791b5151951df75c3333d330c3fc64b5ad", "892e127dea47acb58bdcf6dcbba6d1c0825578e17eda71aeca70753ca1392d87", "978ee0b56f6aa31b0f09a1558c9712d187910e7f88e6b1cccaf91c6353fc951b", "a30850408cd40360a1d146dd6523e3abe9eb077076f00030d6f4cb854144300e", "a9e66a3df0d91547902987d153025a1db11c40eb69ab34941ceba3e69edff825", "cb06c7223d2180727a5367df89303aa6477ab7dab6c0fd8e8a1fe64da2eae4d3", "d2ab5a17cb955c177a73f6dee869140bf30ae2c6211bf22e62d4bd3069f87fef", "d73d7848785595c34dea1a57ddaf4c83bdcd17e1deae76750856454215e9e369", "e1efa5a4e2d6e7b4dd1bb810b702de584a27cecadc6ee3d9c52bf602837536cd", "e23251582f9c3bff3b9e08303b9715c004db7235ca09c6888fe7673acba251f7", "f6b24b4f953a12a464c11c8c6eea113c7da1d447ed9a9c39754d26bb1de15f6b", "ff8f64ba99905d7afb1bc98ec5dc64611bb73d508c8f6c40c26e30d2a61306b1"], "host": "mtsoexdphaqliva[.]com"}, {"hashes": ["0edef9c023045ca327cbdc4afcb26a729e863a406ededeea620a5156161bd65b", "246f6b0f79d75adae9cd20b4be32421c3876d8d5c190710647b0f8487fde16d6", "250fde02ed82039d271893fb9c57c21566e1306885ffa0ab9ef1d76b8e637450", "4460c8d695928d9791c2c56caa4f4d7f4e89b2f5f79f6cfd3f4104513c7b0caf", "4a3ea8cc597c3dc0f78ac61c7cb05cdf3b6f4fc583a041611eafa10ad48775e7", "5148c0ea49147b1ad5b61fdb21690b36a8df66cd887c5f7a5860593e9cd33da6", "5bcdb4fef1ef0db979cc431233e8ee60df86ff9a58dccb130b6cb14deaf20165", "6025eb9ff332381ae1b18ce3fabe0604f01fe42b313ea8ac0525dd92f368330f", "708f61e53aff6e67f8cb80e4267d4030ef0744dc5517a979d5ac4ca098a0c271", "748fadc2257b32a766624b33448b2c665f627ab4783e5364f8b6de9be6fb4595", "76b0732dbca956b771375e08286e64791b5151951df75c3333d330c3fc64b5ad", "892e127dea47acb58bdcf6dcbba6d1c0825578e17eda71aeca70753ca1392d87", "978ee0b56f6aa31b0f09a1558c9712d187910e7f88e6b1cccaf91c6353fc951b", "a30850408cd40360a1d146dd6523e3abe9eb077076f00030d6f4cb854144300e", "a9e66a3df0d91547902987d153025a1db11c40eb69ab34941ceba3e69edff825", "cb06c7223d2180727a5367df89303aa6477ab7dab6c0fd8e8a1fe64da2eae4d3", "d2ab5a17cb955c177a73f6dee869140bf30ae2c6211bf22e62d4bd3069f87fef", "d73d7848785595c34dea1a57ddaf4c83bdcd17e1deae76750856454215e9e369", "e1efa5a4e2d6e7b4dd1bb810b702de584a27cecadc6ee3d9c52bf602837536cd", "e23251582f9c3bff3b9e08303b9715c004db7235ca09c6888fe7673acba251f7", "f6b24b4f953a12a464c11c8c6eea113c7da1d447ed9a9c39754d26bb1de15f6b", "ff8f64ba99905d7afb1bc98ec5dc64611bb73d508c8f6c40c26e30d2a61306b1"], "host": "uulwwmawqjujuuprpp[.]com"}, {"hashes": ["0edef9c023045ca327cbdc4afcb26a729e863a406ededeea620a5156161bd65b", "246f6b0f79d75adae9cd20b4be32421c3876d8d5c190710647b0f8487fde16d6", "250fde02ed82039d271893fb9c57c21566e1306885ffa0ab9ef1d76b8e637450", "4460c8d695928d9791c2c56caa4f4d7f4e89b2f5f79f6cfd3f4104513c7b0caf", "4a3ea8cc597c3dc0f78ac61c7cb05cdf3b6f4fc583a041611eafa10ad48775e7", "5148c0ea49147b1ad5b61fdb21690b36a8df66cd887c5f7a5860593e9cd33da6", "5bcdb4fef1ef0db979cc431233e8ee60df86ff9a58dccb130b6cb14deaf20165", "6025eb9ff332381ae1b18ce3fabe0604f01fe42b313ea8ac0525dd92f368330f", "708f61e53aff6e67f8cb80e4267d4030ef0744dc5517a979d5ac4ca098a0c271", "748fadc2257b32a766624b33448b2c665f627ab4783e5364f8b6de9be6fb4595", "76b0732dbca956b771375e08286e64791b5151951df75c3333d330c3fc64b5ad", "892e127dea47acb58bdcf6dcbba6d1c0825578e17eda71aeca70753ca1392d87", "978ee0b56f6aa31b0f09a1558c9712d187910e7f88e6b1cccaf91c6353fc951b", "a30850408cd40360a1d146dd6523e3abe9eb077076f00030d6f4cb854144300e", "a9e66a3df0d91547902987d153025a1db11c40eb69ab34941ceba3e69edff825", "cb06c7223d2180727a5367df89303aa6477ab7dab6c0fd8e8a1fe64da2eae4d3", "d2ab5a17cb955c177a73f6dee869140bf30ae2c6211bf22e62d4bd3069f87fef", "d73d7848785595c34dea1a57ddaf4c83bdcd17e1deae76750856454215e9e369", "e1efa5a4e2d6e7b4dd1bb810b702de584a27cecadc6ee3d9c52bf602837536cd", "e23251582f9c3bff3b9e08303b9715c004db7235ca09c6888fe7673acba251f7", "f6b24b4f953a12a464c11c8c6eea113c7da1d447ed9a9c39754d26bb1de15f6b", "ff8f64ba99905d7afb1bc98ec5dc64611bb73d508c8f6c40c26e30d2a61306b1"], "host": "twuybywnrlqcf[.]com"}, {"hashes": ["0edef9c023045ca327cbdc4afcb26a729e863a406ededeea620a5156161bd65b", "246f6b0f79d75adae9cd20b4be32421c3876d8d5c190710647b0f8487fde16d6", "250fde02ed82039d271893fb9c57c21566e1306885ffa0ab9ef1d76b8e637450", "4460c8d695928d9791c2c56caa4f4d7f4e89b2f5f79f6cfd3f4104513c7b0caf", "4a3ea8cc597c3dc0f78ac61c7cb05cdf3b6f4fc583a041611eafa10ad48775e7", "5148c0ea49147b1ad5b61fdb21690b36a8df66cd887c5f7a5860593e9cd33da6", "5bcdb4fef1ef0db979cc431233e8ee60df86ff9a58dccb130b6cb14deaf20165", "6025eb9ff332381ae1b18ce3fabe0604f01fe42b313ea8ac0525dd92f368330f", "708f61e53aff6e67f8cb80e4267d4030ef0744dc5517a979d5ac4ca098a0c271", "748fadc2257b32a766624b33448b2c665f627ab4783e5364f8b6de9be6fb4595", "76b0732dbca956b771375e08286e64791b5151951df75c3333d330c3fc64b5ad", "892e127dea47acb58bdcf6dcbba6d1c0825578e17eda71aeca70753ca1392d87", "978ee0b56f6aa31b0f09a1558c9712d187910e7f88e6b1cccaf91c6353fc951b", "a30850408cd40360a1d146dd6523e3abe9eb077076f00030d6f4cb854144300e", "a9e66a3df0d91547902987d153025a1db11c40eb69ab34941ceba3e69edff825", "cb06c7223d2180727a5367df89303aa6477ab7dab6c0fd8e8a1fe64da2eae4d3", "d2ab5a17cb955c177a73f6dee869140bf30ae2c6211bf22e62d4bd3069f87fef", "d73d7848785595c34dea1a57ddaf4c83bdcd17e1deae76750856454215e9e369", "e1efa5a4e2d6e7b4dd1bb810b702de584a27cecadc6ee3d9c52bf602837536cd", "e23251582f9c3bff3b9e08303b9715c004db7235ca09c6888fe7673acba251f7", "f6b24b4f953a12a464c11c8c6eea113c7da1d447ed9a9c39754d26bb1de15f6b", "ff8f64ba99905d7afb1bc98ec5dc64611bb73d508c8f6c40c26e30d2a61306b1"], "host": "wcqqjiixqutt[.]com"}, {"hashes": ["0edef9c023045ca327cbdc4afcb26a729e863a406ededeea620a5156161bd65b", "246f6b0f79d75adae9cd20b4be32421c3876d8d5c190710647b0f8487fde16d6", "250fde02ed82039d271893fb9c57c21566e1306885ffa0ab9ef1d76b8e637450", "4460c8d695928d9791c2c56caa4f4d7f4e89b2f5f79f6cfd3f4104513c7b0caf", "4a3ea8cc597c3dc0f78ac61c7cb05cdf3b6f4fc583a041611eafa10ad48775e7", "5148c0ea49147b1ad5b61fdb21690b36a8df66cd887c5f7a5860593e9cd33da6", "5bcdb4fef1ef0db979cc431233e8ee60df86ff9a58dccb130b6cb14deaf20165", "6025eb9ff332381ae1b18ce3fabe0604f01fe42b313ea8ac0525dd92f368330f", "708f61e53aff6e67f8cb80e4267d4030ef0744dc5517a979d5ac4ca098a0c271", "748fadc2257b32a766624b33448b2c665f627ab4783e5364f8b6de9be6fb4595", "76b0732dbca956b771375e08286e64791b5151951df75c3333d330c3fc64b5ad", "892e127dea47acb58bdcf6dcbba6d1c0825578e17eda71aeca70753ca1392d87", "978ee0b56f6aa31b0f09a1558c9712d187910e7f88e6b1cccaf91c6353fc951b", "a30850408cd40360a1d146dd6523e3abe9eb077076f00030d6f4cb854144300e", "a9e66a3df0d91547902987d153025a1db11c40eb69ab34941ceba3e69edff825", "cb06c7223d2180727a5367df89303aa6477ab7dab6c0fd8e8a1fe64da2eae4d3", "d2ab5a17cb955c177a73f6dee869140bf30ae2c6211bf22e62d4bd3069f87fef", "d73d7848785595c34dea1a57ddaf4c83bdcd17e1deae76750856454215e9e369", "e1efa5a4e2d6e7b4dd1bb810b702de584a27cecadc6ee3d9c52bf602837536cd", "e23251582f9c3bff3b9e08303b9715c004db7235ca09c6888fe7673acba251f7", "f6b24b4f953a12a464c11c8c6eea113c7da1d447ed9a9c39754d26bb1de15f6b", "ff8f64ba99905d7afb1bc98ec5dc64611bb73d508c8f6c40c26e30d2a61306b1"], "host": "ubgjsqkad[.]com"}, {"hashes": ["0edef9c023045ca327cbdc4afcb26a729e863a406ededeea620a5156161bd65b", "246f6b0f79d75adae9cd20b4be32421c3876d8d5c190710647b0f8487fde16d6", "250fde02ed82039d271893fb9c57c21566e1306885ffa0ab9ef1d76b8e637450", "4460c8d695928d9791c2c56caa4f4d7f4e89b2f5f79f6cfd3f4104513c7b0caf", "4a3ea8cc597c3dc0f78ac61c7cb05cdf3b6f4fc583a041611eafa10ad48775e7", "5148c0ea49147b1ad5b61fdb21690b36a8df66cd887c5f7a5860593e9cd33da6", "5bcdb4fef1ef0db979cc431233e8ee60df86ff9a58dccb130b6cb14deaf20165", "6025eb9ff332381ae1b18ce3fabe0604f01fe42b313ea8ac0525dd92f368330f", "708f61e53aff6e67f8cb80e4267d4030ef0744dc5517a979d5ac4ca098a0c271", "748fadc2257b32a766624b33448b2c665f627ab4783e5364f8b6de9be6fb4595", "76b0732dbca956b771375e08286e64791b5151951df75c3333d330c3fc64b5ad", "892e127dea47acb58bdcf6dcbba6d1c0825578e17eda71aeca70753ca1392d87", "978ee0b56f6aa31b0f09a1558c9712d187910e7f88e6b1cccaf91c6353fc951b", "a30850408cd40360a1d146dd6523e3abe9eb077076f00030d6f4cb854144300e", "a9e66a3df0d91547902987d153025a1db11c40eb69ab34941ceba3e69edff825", "cb06c7223d2180727a5367df89303aa6477ab7dab6c0fd8e8a1fe64da2eae4d3", "d2ab5a17cb955c177a73f6dee869140bf30ae2c6211bf22e62d4bd3069f87fef", "d73d7848785595c34dea1a57ddaf4c83bdcd17e1deae76750856454215e9e369", "e1efa5a4e2d6e7b4dd1bb810b702de584a27cecadc6ee3d9c52bf602837536cd", "e23251582f9c3bff3b9e08303b9715c004db7235ca09c6888fe7673acba251f7", "f6b24b4f953a12a464c11c8c6eea113c7da1d447ed9a9c39754d26bb1de15f6b", "ff8f64ba99905d7afb1bc98ec5dc64611bb73d508c8f6c40c26e30d2a61306b1"], "host": "tlmmcvqvearpxq[.]com"}, {"hashes": ["0edef9c023045ca327cbdc4afcb26a729e863a406ededeea620a5156161bd65b", "246f6b0f79d75adae9cd20b4be32421c3876d8d5c190710647b0f8487fde16d6", "250fde02ed82039d271893fb9c57c21566e1306885ffa0ab9ef1d76b8e637450", "4460c8d695928d9791c2c56caa4f4d7f4e89b2f5f79f6cfd3f4104513c7b0caf", "4a3ea8cc597c3dc0f78ac61c7cb05cdf3b6f4fc583a041611eafa10ad48775e7", "5148c0ea49147b1ad5b61fdb21690b36a8df66cd887c5f7a5860593e9cd33da6", "5bcdb4fef1ef0db979cc431233e8ee60df86ff9a58dccb130b6cb14deaf20165", "6025eb9ff332381ae1b18ce3fabe0604f01fe42b313ea8ac0525dd92f368330f", "708f61e53aff6e67f8cb80e4267d4030ef0744dc5517a979d5ac4ca098a0c271", "748fadc2257b32a766624b33448b2c665f627ab4783e5364f8b6de9be6fb4595", "76b0732dbca956b771375e08286e64791b5151951df75c3333d330c3fc64b5ad", "892e127dea47acb58bdcf6dcbba6d1c0825578e17eda71aeca70753ca1392d87", "978ee0b56f6aa31b0f09a1558c9712d187910e7f88e6b1cccaf91c6353fc951b", "a30850408cd40360a1d146dd6523e3abe9eb077076f00030d6f4cb854144300e", "a9e66a3df0d91547902987d153025a1db11c40eb69ab34941ceba3e69edff825", "cb06c7223d2180727a5367df89303aa6477ab7dab6c0fd8e8a1fe64da2eae4d3", "d2ab5a17cb955c177a73f6dee869140bf30ae2c6211bf22e62d4bd3069f87fef", "d73d7848785595c34dea1a57ddaf4c83bdcd17e1deae76750856454215e9e369", "e1efa5a4e2d6e7b4dd1bb810b702de584a27cecadc6ee3d9c52bf602837536cd", "e23251582f9c3bff3b9e08303b9715c004db7235ca09c6888fe7673acba251f7", "f6b24b4f953a12a464c11c8c6eea113c7da1d447ed9a9c39754d26bb1de15f6b", "ff8f64ba99905d7afb1bc98ec5dc64611bb73d508c8f6c40c26e30d2a61306b1"], "host": "flkheyxtcedehipox[.]com"}, {"hashes": ["0edef9c023045ca327cbdc4afcb26a729e863a406ededeea620a5156161bd65b", "246f6b0f79d75adae9cd20b4be32421c3876d8d5c190710647b0f8487fde16d6", "250fde02ed82039d271893fb9c57c21566e1306885ffa0ab9ef1d76b8e637450", "4460c8d695928d9791c2c56caa4f4d7f4e89b2f5f79f6cfd3f4104513c7b0caf", "4a3ea8cc597c3dc0f78ac61c7cb05cdf3b6f4fc583a041611eafa10ad48775e7", "5148c0ea49147b1ad5b61fdb21690b36a8df66cd887c5f7a5860593e9cd33da6", "5bcdb4fef1ef0db979cc431233e8ee60df86ff9a58dccb130b6cb14deaf20165", "6025eb9ff332381ae1b18ce3fabe0604f01fe42b313ea8ac0525dd92f368330f", "708f61e53aff6e67f8cb80e4267d4030ef0744dc5517a979d5ac4ca098a0c271", "748fadc2257b32a766624b33448b2c665f627ab4783e5364f8b6de9be6fb4595", "76b0732dbca956b771375e08286e64791b5151951df75c3333d330c3fc64b5ad", "892e127dea47acb58bdcf6dcbba6d1c0825578e17eda71aeca70753ca1392d87", "978ee0b56f6aa31b0f09a1558c9712d187910e7f88e6b1cccaf91c6353fc951b", "a30850408cd40360a1d146dd6523e3abe9eb077076f00030d6f4cb854144300e", "a9e66a3df0d91547902987d153025a1db11c40eb69ab34941ceba3e69edff825", "cb06c7223d2180727a5367df89303aa6477ab7dab6c0fd8e8a1fe64da2eae4d3", "d2ab5a17cb955c177a73f6dee869140bf30ae2c6211bf22e62d4bd3069f87fef", "d73d7848785595c34dea1a57ddaf4c83bdcd17e1deae76750856454215e9e369", "e1efa5a4e2d6e7b4dd1bb810b702de584a27cecadc6ee3d9c52bf602837536cd", "e23251582f9c3bff3b9e08303b9715c004db7235ca09c6888fe7673acba251f7", "f6b24b4f953a12a464c11c8c6eea113c7da1d447ed9a9c39754d26bb1de15f6b", "ff8f64ba99905d7afb1bc98ec5dc64611bb73d508c8f6c40c26e30d2a61306b1"], "host": "edirhtuawurxlobk[.]com"}, {"hashes": ["0edef9c023045ca327cbdc4afcb26a729e863a406ededeea620a5156161bd65b", "246f6b0f79d75adae9cd20b4be32421c3876d8d5c190710647b0f8487fde16d6", "250fde02ed82039d271893fb9c57c21566e1306885ffa0ab9ef1d76b8e637450", "4460c8d695928d9791c2c56caa4f4d7f4e89b2f5f79f6cfd3f4104513c7b0caf", "4a3ea8cc597c3dc0f78ac61c7cb05cdf3b6f4fc583a041611eafa10ad48775e7", "5148c0ea49147b1ad5b61fdb21690b36a8df66cd887c5f7a5860593e9cd33da6", "5bcdb4fef1ef0db979cc431233e8ee60df86ff9a58dccb130b6cb14deaf20165", "6025eb9ff332381ae1b18ce3fabe0604f01fe42b313ea8ac0525dd92f368330f", "708f61e53aff6e67f8cb80e4267d4030ef0744dc5517a979d5ac4ca098a0c271", "748fadc2257b32a766624b33448b2c665f627ab4783e5364f8b6de9be6fb4595", "76b0732dbca956b771375e08286e64791b5151951df75c3333d330c3fc64b5ad", "892e127dea47acb58bdcf6dcbba6d1c0825578e17eda71aeca70753ca1392d87", "978ee0b56f6aa31b0f09a1558c9712d187910e7f88e6b1cccaf91c6353fc951b", "a30850408cd40360a1d146dd6523e3abe9eb077076f00030d6f4cb854144300e", "a9e66a3df0d91547902987d153025a1db11c40eb69ab34941ceba3e69edff825", "cb06c7223d2180727a5367df89303aa6477ab7dab6c0fd8e8a1fe64da2eae4d3", "d2ab5a17cb955c177a73f6dee869140bf30ae2c6211bf22e62d4bd3069f87fef", "d73d7848785595c34dea1a57ddaf4c83bdcd17e1deae76750856454215e9e369", "e1efa5a4e2d6e7b4dd1bb810b702de584a27cecadc6ee3d9c52bf602837536cd", "e23251582f9c3bff3b9e08303b9715c004db7235ca09c6888fe7673acba251f7", "f6b24b4f953a12a464c11c8c6eea113c7da1d447ed9a9c39754d26bb1de15f6b", "ff8f64ba99905d7afb1bc98ec5dc64611bb73d508c8f6c40c26e30d2a61306b1"], "host": "tfjcwlxcjoviuvtr[.]com"}], "file": [{"hashes": ["0edef9c023045ca327cbdc4afcb26a729e863a406ededeea620a5156161bd65b", "246f6b0f79d75adae9cd20b4be32421c3876d8d5c190710647b0f8487fde16d6", "250fde02ed82039d271893fb9c57c21566e1306885ffa0ab9ef1d76b8e637450", "4460c8d695928d9791c2c56caa4f4d7f4e89b2f5f79f6cfd3f4104513c7b0caf", "4a3ea8cc597c3dc0f78ac61c7cb05cdf3b6f4fc583a041611eafa10ad48775e7", "5148c0ea49147b1ad5b61fdb21690b36a8df66cd887c5f7a5860593e9cd33da6", "5bcdb4fef1ef0db979cc431233e8ee60df86ff9a58dccb130b6cb14deaf20165", "5d4fafce265952687dc0457c9371e608ad495dcf34f9197dd111814fc0c12f16", "6025eb9ff332381ae1b18ce3fabe0604f01fe42b313ea8ac0525dd92f368330f", "6f7100b0a2575c3f4c6830642168a8dd9dfc779c5adb58959958bad267e1d2c6", "708f61e53aff6e67f8cb80e4267d4030ef0744dc5517a979d5ac4ca098a0c271", "748fadc2257b32a766624b33448b2c665f627ab4783e5364f8b6de9be6fb4595", "76b0732dbca956b771375e08286e64791b5151951df75c3333d330c3fc64b5ad", "892e127dea47acb58bdcf6dcbba6d1c0825578e17eda71aeca70753ca1392d87", "978ee0b56f6aa31b0f09a1558c9712d187910e7f88e6b1cccaf91c6353fc951b", "a30850408cd40360a1d146dd6523e3abe9eb077076f00030d6f4cb854144300e", "a9e66a3df0d91547902987d153025a1db11c40eb69ab34941ceba3e69edff825", "cb06c7223d2180727a5367df89303aa6477ab7dab6c0fd8e8a1fe64da2eae4d3", "d2ab5a17cb955c177a73f6dee869140bf30ae2c6211bf22e62d4bd3069f87fef", "d73d7848785595c34dea1a57ddaf4c83bdcd17e1deae76750856454215e9e369", "e1efa5a4e2d6e7b4dd1bb810b702de584a27cecadc6ee3d9c52bf602837536cd", "e23251582f9c3bff3b9e08303b9715c004db7235ca09c6888fe7673acba251f7", "e94a7c984848c929bafaba780216e6f83ea4e02641f7feecbf3e08792882e20d", "f6b24b4f953a12a464c11c8c6eea113c7da1d447ed9a9c39754d26bb1de15f6b", "ff8f64ba99905d7afb1bc98ec5dc64611bb73d508c8f6c40c26e30d2a61306b1"], "path": "%LOCALAPPDATA%\\bolpidti"}, {"hashes": ["0edef9c023045ca327cbdc4afcb26a729e863a406ededeea620a5156161bd65b", "246f6b0f79d75adae9cd20b4be32421c3876d8d5c190710647b0f8487fde16d6", "250fde02ed82039d271893fb9c57c21566e1306885ffa0ab9ef1d76b8e637450", "4460c8d695928d9791c2c56caa4f4d7f4e89b2f5f79f6cfd3f4104513c7b0caf", "4a3ea8cc597c3dc0f78ac61c7cb05cdf3b6f4fc583a041611eafa10ad48775e7", "5148c0ea49147b1ad5b61fdb21690b36a8df66cd887c5f7a5860593e9cd33da6", "5bcdb4fef1ef0db979cc431233e8ee60df86ff9a58dccb130b6cb14deaf20165", "5d4fafce265952687dc0457c9371e608ad495dcf34f9197dd111814fc0c12f16", "6025eb9ff332381ae1b18ce3fabe0604f01fe42b313ea8ac0525dd92f368330f", "6f7100b0a2575c3f4c6830642168a8dd9dfc779c5adb58959958bad267e1d2c6", "708f61e53aff6e67f8cb80e4267d4030ef0744dc5517a979d5ac4ca098a0c271", "748fadc2257b32a766624b33448b2c665f627ab4783e5364f8b6de9be6fb4595", "76b0732dbca956b771375e08286e64791b5151951df75c3333d330c3fc64b5ad", "892e127dea47acb58bdcf6dcbba6d1c0825578e17eda71aeca70753ca1392d87", "978ee0b56f6aa31b0f09a1558c9712d187910e7f88e6b1cccaf91c6353fc951b", "a30850408cd40360a1d146dd6523e3abe9eb077076f00030d6f4cb854144300e", "a9e66a3df0d91547902987d153025a1db11c40eb69ab34941ceba3e69edff825", "cb06c7223d2180727a5367df89303aa6477ab7dab6c0fd8e8a1fe64da2eae4d3", "d2ab5a17cb955c177a73f6dee869140bf30ae2c6211bf22e62d4bd3069f87fef", "d73d7848785595c34dea1a57ddaf4c83bdcd17e1deae76750856454215e9e369", "e1efa5a4e2d6e7b4dd1bb810b702de584a27cecadc6ee3d9c52bf602837536cd", "e23251582f9c3bff3b9e08303b9715c004db7235ca09c6888fe7673acba251f7", "e94a7c984848c929bafaba780216e6f83ea4e02641f7feecbf3e08792882e20d", "f6b24b4f953a12a464c11c8c6eea113c7da1d447ed9a9c39754d26bb1de15f6b", "ff8f64ba99905d7afb1bc98ec5dc64611bb73d508c8f6c40c26e30d2a61306b1"], "path": "%LOCALAPPDATA%\\bolpidti\\judcsgdy.exe"}, {"hashes": ["0edef9c023045ca327cbdc4afcb26a729e863a406ededeea620a5156161bd65b", "246f6b0f79d75adae9cd20b4be32421c3876d8d5c190710647b0f8487fde16d6", "250fde02ed82039d271893fb9c57c21566e1306885ffa0ab9ef1d76b8e637450", "4460c8d695928d9791c2c56caa4f4d7f4e89b2f5f79f6cfd3f4104513c7b0caf", "4a3ea8cc597c3dc0f78ac61c7cb05cdf3b6f4fc583a041611eafa10ad48775e7", "5148c0ea49147b1ad5b61fdb21690b36a8df66cd887c5f7a5860593e9cd33da6", "5bcdb4fef1ef0db979cc431233e8ee60df86ff9a58dccb130b6cb14deaf20165", "5d4fafce265952687dc0457c9371e608ad495dcf34f9197dd111814fc0c12f16", "6025eb9ff332381ae1b18ce3fabe0604f01fe42b313ea8ac0525dd92f368330f", "6f7100b0a2575c3f4c6830642168a8dd9dfc779c5adb58959958bad267e1d2c6", "708f61e53aff6e67f8cb80e4267d4030ef0744dc5517a979d5ac4ca098a0c271", "748fadc2257b32a766624b33448b2c665f627ab4783e5364f8b6de9be6fb4595", "76b0732dbca956b771375e08286e64791b5151951df75c3333d330c3fc64b5ad", "892e127dea47acb58bdcf6dcbba6d1c0825578e17eda71aeca70753ca1392d87", "978ee0b56f6aa31b0f09a1558c9712d187910e7f88e6b1cccaf91c6353fc951b", "a30850408cd40360a1d146dd6523e3abe9eb077076f00030d6f4cb854144300e", "a9e66a3df0d91547902987d153025a1db11c40eb69ab34941ceba3e69edff825", "cb06c7223d2180727a5367df89303aa6477ab7dab6c0fd8e8a1fe64da2eae4d3", "d2ab5a17cb955c177a73f6dee869140bf30ae2c6211bf22e62d4bd3069f87fef", "d73d7848785595c34dea1a57ddaf4c83bdcd17e1deae76750856454215e9e369", "e1efa5a4e2d6e7b4dd1bb810b702de584a27cecadc6ee3d9c52bf602837536cd", "e23251582f9c3bff3b9e08303b9715c004db7235ca09c6888fe7673acba251f7", "e94a7c984848c929bafaba780216e6f83ea4e02641f7feecbf3e08792882e20d", "f6b24b4f953a12a464c11c8c6eea113c7da1d447ed9a9c39754d26bb1de15f6b", "ff8f64ba99905d7afb1bc98ec5dc64611bb73d508c8f6c40c26e30d2a61306b1"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\judcsgdy.exe"}, {"hashes": ["0edef9c023045ca327cbdc4afcb26a729e863a406ededeea620a5156161bd65b", "246f6b0f79d75adae9cd20b4be32421c3876d8d5c190710647b0f8487fde16d6", "250fde02ed82039d271893fb9c57c21566e1306885ffa0ab9ef1d76b8e637450", "4460c8d695928d9791c2c56caa4f4d7f4e89b2f5f79f6cfd3f4104513c7b0caf", "4a3ea8cc597c3dc0f78ac61c7cb05cdf3b6f4fc583a041611eafa10ad48775e7", "5148c0ea49147b1ad5b61fdb21690b36a8df66cd887c5f7a5860593e9cd33da6", "5bcdb4fef1ef0db979cc431233e8ee60df86ff9a58dccb130b6cb14deaf20165", "5d4fafce265952687dc0457c9371e608ad495dcf34f9197dd111814fc0c12f16", "6025eb9ff332381ae1b18ce3fabe0604f01fe42b313ea8ac0525dd92f368330f", "6f7100b0a2575c3f4c6830642168a8dd9dfc779c5adb58959958bad267e1d2c6", "708f61e53aff6e67f8cb80e4267d4030ef0744dc5517a979d5ac4ca098a0c271", "748fadc2257b32a766624b33448b2c665f627ab4783e5364f8b6de9be6fb4595", "76b0732dbca956b771375e08286e64791b5151951df75c3333d330c3fc64b5ad", "892e127dea47acb58bdcf6dcbba6d1c0825578e17eda71aeca70753ca1392d87", "978ee0b56f6aa31b0f09a1558c9712d187910e7f88e6b1cccaf91c6353fc951b", "a30850408cd40360a1d146dd6523e3abe9eb077076f00030d6f4cb854144300e", "a9e66a3df0d91547902987d153025a1db11c40eb69ab34941ceba3e69edff825", "cb06c7223d2180727a5367df89303aa6477ab7dab6c0fd8e8a1fe64da2eae4d3", "d2ab5a17cb955c177a73f6dee869140bf30ae2c6211bf22e62d4bd3069f87fef", "d73d7848785595c34dea1a57ddaf4c83bdcd17e1deae76750856454215e9e369", "e1efa5a4e2d6e7b4dd1bb810b702de584a27cecadc6ee3d9c52bf602837536cd", "e23251582f9c3bff3b9e08303b9715c004db7235ca09c6888fe7673acba251f7", "e94a7c984848c929bafaba780216e6f83ea4e02641f7feecbf3e08792882e20d", "f6b24b4f953a12a464c11c8c6eea113c7da1d447ed9a9c39754d26bb1de15f6b", "ff8f64ba99905d7afb1bc98ec5dc64611bb73d508c8f6c40c26e30d2a61306b1"], "path": "\\TEMP\\wV6jD23"}], "ip": [{"hashes": ["0edef9c023045ca327cbdc4afcb26a729e863a406ededeea620a5156161bd65b", "246f6b0f79d75adae9cd20b4be32421c3876d8d5c190710647b0f8487fde16d6", "250fde02ed82039d271893fb9c57c21566e1306885ffa0ab9ef1d76b8e637450", "4460c8d695928d9791c2c56caa4f4d7f4e89b2f5f79f6cfd3f4104513c7b0caf", "4a3ea8cc597c3dc0f78ac61c7cb05cdf3b6f4fc583a041611eafa10ad48775e7", "5148c0ea49147b1ad5b61fdb21690b36a8df66cd887c5f7a5860593e9cd33da6", "5bcdb4fef1ef0db979cc431233e8ee60df86ff9a58dccb130b6cb14deaf20165", "5d4fafce265952687dc0457c9371e608ad495dcf34f9197dd111814fc0c12f16", "6025eb9ff332381ae1b18ce3fabe0604f01fe42b313ea8ac0525dd92f368330f", "708f61e53aff6e67f8cb80e4267d4030ef0744dc5517a979d5ac4ca098a0c271", "748fadc2257b32a766624b33448b2c665f627ab4783e5364f8b6de9be6fb4595", "76b0732dbca956b771375e08286e64791b5151951df75c3333d330c3fc64b5ad", "892e127dea47acb58bdcf6dcbba6d1c0825578e17eda71aeca70753ca1392d87", "978ee0b56f6aa31b0f09a1558c9712d187910e7f88e6b1cccaf91c6353fc951b", "a30850408cd40360a1d146dd6523e3abe9eb077076f00030d6f4cb854144300e", "a9e66a3df0d91547902987d153025a1db11c40eb69ab34941ceba3e69edff825", "cb06c7223d2180727a5367df89303aa6477ab7dab6c0fd8e8a1fe64da2eae4d3", "d2ab5a17cb955c177a73f6dee869140bf30ae2c6211bf22e62d4bd3069f87fef", "d73d7848785595c34dea1a57ddaf4c83bdcd17e1deae76750856454215e9e369", "e1efa5a4e2d6e7b4dd1bb810b702de584a27cecadc6ee3d9c52bf602837536cd", "e23251582f9c3bff3b9e08303b9715c004db7235ca09c6888fe7673acba251f7", "f6b24b4f953a12a464c11c8c6eea113c7da1d447ed9a9c39754d26bb1de15f6b", "ff8f64ba99905d7afb1bc98ec5dc64611bb73d508c8f6c40c26e30d2a61306b1"], "ip": "142[.]251[.]35[.]174"}, {"hashes": ["0edef9c023045ca327cbdc4afcb26a729e863a406ededeea620a5156161bd65b", "246f6b0f79d75adae9cd20b4be32421c3876d8d5c190710647b0f8487fde16d6", "250fde02ed82039d271893fb9c57c21566e1306885ffa0ab9ef1d76b8e637450", "4460c8d695928d9791c2c56caa4f4d7f4e89b2f5f79f6cfd3f4104513c7b0caf", "4a3ea8cc597c3dc0f78ac61c7cb05cdf3b6f4fc583a041611eafa10ad48775e7", "5148c0ea49147b1ad5b61fdb21690b36a8df66cd887c5f7a5860593e9cd33da6", "5bcdb4fef1ef0db979cc431233e8ee60df86ff9a58dccb130b6cb14deaf20165", "6025eb9ff332381ae1b18ce3fabe0604f01fe42b313ea8ac0525dd92f368330f", "708f61e53aff6e67f8cb80e4267d4030ef0744dc5517a979d5ac4ca098a0c271", "748fadc2257b32a766624b33448b2c665f627ab4783e5364f8b6de9be6fb4595", "76b0732dbca956b771375e08286e64791b5151951df75c3333d330c3fc64b5ad", "892e127dea47acb58bdcf6dcbba6d1c0825578e17eda71aeca70753ca1392d87", "978ee0b56f6aa31b0f09a1558c9712d187910e7f88e6b1cccaf91c6353fc951b", "a30850408cd40360a1d146dd6523e3abe9eb077076f00030d6f4cb854144300e", "a9e66a3df0d91547902987d153025a1db11c40eb69ab34941ceba3e69edff825", "cb06c7223d2180727a5367df89303aa6477ab7dab6c0fd8e8a1fe64da2eae4d3", "d2ab5a17cb955c177a73f6dee869140bf30ae2c6211bf22e62d4bd3069f87fef", "d73d7848785595c34dea1a57ddaf4c83bdcd17e1deae76750856454215e9e369", "e1efa5a4e2d6e7b4dd1bb810b702de584a27cecadc6ee3d9c52bf602837536cd", "e23251582f9c3bff3b9e08303b9715c004db7235ca09c6888fe7673acba251f7", "f6b24b4f953a12a464c11c8c6eea113c7da1d447ed9a9c39754d26bb1de15f6b", "ff8f64ba99905d7afb1bc98ec5dc64611bb73d508c8f6c40c26e30d2a61306b1"], "ip": "46[.]165[.]254[.]201"}, {"hashes": ["0edef9c023045ca327cbdc4afcb26a729e863a406ededeea620a5156161bd65b", "246f6b0f79d75adae9cd20b4be32421c3876d8d5c190710647b0f8487fde16d6", "250fde02ed82039d271893fb9c57c21566e1306885ffa0ab9ef1d76b8e637450", "4460c8d695928d9791c2c56caa4f4d7f4e89b2f5f79f6cfd3f4104513c7b0caf", "4a3ea8cc597c3dc0f78ac61c7cb05cdf3b6f4fc583a041611eafa10ad48775e7", "5148c0ea49147b1ad5b61fdb21690b36a8df66cd887c5f7a5860593e9cd33da6", "5bcdb4fef1ef0db979cc431233e8ee60df86ff9a58dccb130b6cb14deaf20165", "6025eb9ff332381ae1b18ce3fabe0604f01fe42b313ea8ac0525dd92f368330f", "708f61e53aff6e67f8cb80e4267d4030ef0744dc5517a979d5ac4ca098a0c271", "748fadc2257b32a766624b33448b2c665f627ab4783e5364f8b6de9be6fb4595", "76b0732dbca956b771375e08286e64791b5151951df75c3333d330c3fc64b5ad", "892e127dea47acb58bdcf6dcbba6d1c0825578e17eda71aeca70753ca1392d87", "978ee0b56f6aa31b0f09a1558c9712d187910e7f88e6b1cccaf91c6353fc951b", "a30850408cd40360a1d146dd6523e3abe9eb077076f00030d6f4cb854144300e", "a9e66a3df0d91547902987d153025a1db11c40eb69ab34941ceba3e69edff825", "cb06c7223d2180727a5367df89303aa6477ab7dab6c0fd8e8a1fe64da2eae4d3", "d2ab5a17cb955c177a73f6dee869140bf30ae2c6211bf22e62d4bd3069f87fef", "d73d7848785595c34dea1a57ddaf4c83bdcd17e1deae76750856454215e9e369", "e1efa5a4e2d6e7b4dd1bb810b702de584a27cecadc6ee3d9c52bf602837536cd", "e23251582f9c3bff3b9e08303b9715c004db7235ca09c6888fe7673acba251f7", "f6b24b4f953a12a464c11c8c6eea113c7da1d447ed9a9c39754d26bb1de15f6b", "ff8f64ba99905d7afb1bc98ec5dc64611bb73d508c8f6c40c26e30d2a61306b1"], "ip": "72[.]26[.]218[.]70"}, {"hashes": ["0edef9c023045ca327cbdc4afcb26a729e863a406ededeea620a5156161bd65b", "246f6b0f79d75adae9cd20b4be32421c3876d8d5c190710647b0f8487fde16d6", "250fde02ed82039d271893fb9c57c21566e1306885ffa0ab9ef1d76b8e637450", "4460c8d695928d9791c2c56caa4f4d7f4e89b2f5f79f6cfd3f4104513c7b0caf", "4a3ea8cc597c3dc0f78ac61c7cb05cdf3b6f4fc583a041611eafa10ad48775e7", "5148c0ea49147b1ad5b61fdb21690b36a8df66cd887c5f7a5860593e9cd33da6", "5bcdb4fef1ef0db979cc431233e8ee60df86ff9a58dccb130b6cb14deaf20165", "6025eb9ff332381ae1b18ce3fabe0604f01fe42b313ea8ac0525dd92f368330f", "708f61e53aff6e67f8cb80e4267d4030ef0744dc5517a979d5ac4ca098a0c271", "748fadc2257b32a766624b33448b2c665f627ab4783e5364f8b6de9be6fb4595", "76b0732dbca956b771375e08286e64791b5151951df75c3333d330c3fc64b5ad", "892e127dea47acb58bdcf6dcbba6d1c0825578e17eda71aeca70753ca1392d87", "978ee0b56f6aa31b0f09a1558c9712d187910e7f88e6b1cccaf91c6353fc951b", "a30850408cd40360a1d146dd6523e3abe9eb077076f00030d6f4cb854144300e", "a9e66a3df0d91547902987d153025a1db11c40eb69ab34941ceba3e69edff825", "cb06c7223d2180727a5367df89303aa6477ab7dab6c0fd8e8a1fe64da2eae4d3", "d2ab5a17cb955c177a73f6dee869140bf30ae2c6211bf22e62d4bd3069f87fef", "d73d7848785595c34dea1a57ddaf4c83bdcd17e1deae76750856454215e9e369", "e1efa5a4e2d6e7b4dd1bb810b702de584a27cecadc6ee3d9c52bf602837536cd", "e23251582f9c3bff3b9e08303b9715c004db7235ca09c6888fe7673acba251f7", "f6b24b4f953a12a464c11c8c6eea113c7da1d447ed9a9c39754d26bb1de15f6b", "ff8f64ba99905d7afb1bc98ec5dc64611bb73d508c8f6c40c26e30d2a61306b1"], "ip": "195[.]201[.]179[.]207"}, {"hashes": ["0edef9c023045ca327cbdc4afcb26a729e863a406ededeea620a5156161bd65b", "246f6b0f79d75adae9cd20b4be32421c3876d8d5c190710647b0f8487fde16d6", "250fde02ed82039d271893fb9c57c21566e1306885ffa0ab9ef1d76b8e637450", "4460c8d695928d9791c2c56caa4f4d7f4e89b2f5f79f6cfd3f4104513c7b0caf", "4a3ea8cc597c3dc0f78ac61c7cb05cdf3b6f4fc583a041611eafa10ad48775e7", "5148c0ea49147b1ad5b61fdb21690b36a8df66cd887c5f7a5860593e9cd33da6", "5bcdb4fef1ef0db979cc431233e8ee60df86ff9a58dccb130b6cb14deaf20165", "6025eb9ff332381ae1b18ce3fabe0604f01fe42b313ea8ac0525dd92f368330f", "708f61e53aff6e67f8cb80e4267d4030ef0744dc5517a979d5ac4ca098a0c271", "748fadc2257b32a766624b33448b2c665f627ab4783e5364f8b6de9be6fb4595", "76b0732dbca956b771375e08286e64791b5151951df75c3333d330c3fc64b5ad", "892e127dea47acb58bdcf6dcbba6d1c0825578e17eda71aeca70753ca1392d87", "978ee0b56f6aa31b0f09a1558c9712d187910e7f88e6b1cccaf91c6353fc951b", "a30850408cd40360a1d146dd6523e3abe9eb077076f00030d6f4cb854144300e", "a9e66a3df0d91547902987d153025a1db11c40eb69ab34941ceba3e69edff825", "cb06c7223d2180727a5367df89303aa6477ab7dab6c0fd8e8a1fe64da2eae4d3", "d2ab5a17cb955c177a73f6dee869140bf30ae2c6211bf22e62d4bd3069f87fef", "d73d7848785595c34dea1a57ddaf4c83bdcd17e1deae76750856454215e9e369", "e1efa5a4e2d6e7b4dd1bb810b702de584a27cecadc6ee3d9c52bf602837536cd", "e23251582f9c3bff3b9e08303b9715c004db7235ca09c6888fe7673acba251f7", "f6b24b4f953a12a464c11c8c6eea113c7da1d447ed9a9c39754d26bb1de15f6b", "ff8f64ba99905d7afb1bc98ec5dc64611bb73d508c8f6c40c26e30d2a61306b1"], "ip": "208[.]100[.]26[.]245"}, {"hashes": ["0edef9c023045ca327cbdc4afcb26a729e863a406ededeea620a5156161bd65b", "246f6b0f79d75adae9cd20b4be32421c3876d8d5c190710647b0f8487fde16d6", "250fde02ed82039d271893fb9c57c21566e1306885ffa0ab9ef1d76b8e637450", "4460c8d695928d9791c2c56caa4f4d7f4e89b2f5f79f6cfd3f4104513c7b0caf", "4a3ea8cc597c3dc0f78ac61c7cb05cdf3b6f4fc583a041611eafa10ad48775e7", "5148c0ea49147b1ad5b61fdb21690b36a8df66cd887c5f7a5860593e9cd33da6", "5bcdb4fef1ef0db979cc431233e8ee60df86ff9a58dccb130b6cb14deaf20165", "6025eb9ff332381ae1b18ce3fabe0604f01fe42b313ea8ac0525dd92f368330f", "708f61e53aff6e67f8cb80e4267d4030ef0744dc5517a979d5ac4ca098a0c271", "748fadc2257b32a766624b33448b2c665f627ab4783e5364f8b6de9be6fb4595", "76b0732dbca956b771375e08286e64791b5151951df75c3333d330c3fc64b5ad", "892e127dea47acb58bdcf6dcbba6d1c0825578e17eda71aeca70753ca1392d87", "978ee0b56f6aa31b0f09a1558c9712d187910e7f88e6b1cccaf91c6353fc951b", "a30850408cd40360a1d146dd6523e3abe9eb077076f00030d6f4cb854144300e", "a9e66a3df0d91547902987d153025a1db11c40eb69ab34941ceba3e69edff825", "cb06c7223d2180727a5367df89303aa6477ab7dab6c0fd8e8a1fe64da2eae4d3", "d2ab5a17cb955c177a73f6dee869140bf30ae2c6211bf22e62d4bd3069f87fef", "d73d7848785595c34dea1a57ddaf4c83bdcd17e1deae76750856454215e9e369", "e1efa5a4e2d6e7b4dd1bb810b702de584a27cecadc6ee3d9c52bf602837536cd", "e23251582f9c3bff3b9e08303b9715c004db7235ca09c6888fe7673acba251f7", "f6b24b4f953a12a464c11c8c6eea113c7da1d447ed9a9c39754d26bb1de15f6b", "ff8f64ba99905d7afb1bc98ec5dc64611bb73d508c8f6c40c26e30d2a61306b1"], "ip": "206[.]191[.]152[.]58"}, {"hashes": ["0edef9c023045ca327cbdc4afcb26a729e863a406ededeea620a5156161bd65b", "246f6b0f79d75adae9cd20b4be32421c3876d8d5c190710647b0f8487fde16d6", "250fde02ed82039d271893fb9c57c21566e1306885ffa0ab9ef1d76b8e637450", "4460c8d695928d9791c2c56caa4f4d7f4e89b2f5f79f6cfd3f4104513c7b0caf", "4a3ea8cc597c3dc0f78ac61c7cb05cdf3b6f4fc583a041611eafa10ad48775e7", "5148c0ea49147b1ad5b61fdb21690b36a8df66cd887c5f7a5860593e9cd33da6", "5bcdb4fef1ef0db979cc431233e8ee60df86ff9a58dccb130b6cb14deaf20165", "6025eb9ff332381ae1b18ce3fabe0604f01fe42b313ea8ac0525dd92f368330f", "708f61e53aff6e67f8cb80e4267d4030ef0744dc5517a979d5ac4ca098a0c271", "748fadc2257b32a766624b33448b2c665f627ab4783e5364f8b6de9be6fb4595", "76b0732dbca956b771375e08286e64791b5151951df75c3333d330c3fc64b5ad", "892e127dea47acb58bdcf6dcbba6d1c0825578e17eda71aeca70753ca1392d87", "978ee0b56f6aa31b0f09a1558c9712d187910e7f88e6b1cccaf91c6353fc951b", "a30850408cd40360a1d146dd6523e3abe9eb077076f00030d6f4cb854144300e", "a9e66a3df0d91547902987d153025a1db11c40eb69ab34941ceba3e69edff825", "cb06c7223d2180727a5367df89303aa6477ab7dab6c0fd8e8a1fe64da2eae4d3", "d2ab5a17cb955c177a73f6dee869140bf30ae2c6211bf22e62d4bd3069f87fef", "d73d7848785595c34dea1a57ddaf4c83bdcd17e1deae76750856454215e9e369", "e1efa5a4e2d6e7b4dd1bb810b702de584a27cecadc6ee3d9c52bf602837536cd", "e23251582f9c3bff3b9e08303b9715c004db7235ca09c6888fe7673acba251f7", "f6b24b4f953a12a464c11c8c6eea113c7da1d447ed9a9c39754d26bb1de15f6b", "ff8f64ba99905d7afb1bc98ec5dc64611bb73d508c8f6c40c26e30d2a61306b1"], "ip": "72[.]251[.]233[.]245"}, {"hashes": ["0edef9c023045ca327cbdc4afcb26a729e863a406ededeea620a5156161bd65b", "246f6b0f79d75adae9cd20b4be32421c3876d8d5c190710647b0f8487fde16d6", "250fde02ed82039d271893fb9c57c21566e1306885ffa0ab9ef1d76b8e637450", "4460c8d695928d9791c2c56caa4f4d7f4e89b2f5f79f6cfd3f4104513c7b0caf", "4a3ea8cc597c3dc0f78ac61c7cb05cdf3b6f4fc583a041611eafa10ad48775e7", "5148c0ea49147b1ad5b61fdb21690b36a8df66cd887c5f7a5860593e9cd33da6", "5bcdb4fef1ef0db979cc431233e8ee60df86ff9a58dccb130b6cb14deaf20165", "6025eb9ff332381ae1b18ce3fabe0604f01fe42b313ea8ac0525dd92f368330f", "708f61e53aff6e67f8cb80e4267d4030ef0744dc5517a979d5ac4ca098a0c271", "748fadc2257b32a766624b33448b2c665f627ab4783e5364f8b6de9be6fb4595", "76b0732dbca956b771375e08286e64791b5151951df75c3333d330c3fc64b5ad", "892e127dea47acb58bdcf6dcbba6d1c0825578e17eda71aeca70753ca1392d87", "978ee0b56f6aa31b0f09a1558c9712d187910e7f88e6b1cccaf91c6353fc951b", "a30850408cd40360a1d146dd6523e3abe9eb077076f00030d6f4cb854144300e", "a9e66a3df0d91547902987d153025a1db11c40eb69ab34941ceba3e69edff825", "cb06c7223d2180727a5367df89303aa6477ab7dab6c0fd8e8a1fe64da2eae4d3", "d2ab5a17cb955c177a73f6dee869140bf30ae2c6211bf22e62d4bd3069f87fef", "d73d7848785595c34dea1a57ddaf4c83bdcd17e1deae76750856454215e9e369", "e1efa5a4e2d6e7b4dd1bb810b702de584a27cecadc6ee3d9c52bf602837536cd", "e23251582f9c3bff3b9e08303b9715c004db7235ca09c6888fe7673acba251f7", "f6b24b4f953a12a464c11c8c6eea113c7da1d447ed9a9c39754d26bb1de15f6b", "ff8f64ba99905d7afb1bc98ec5dc64611bb73d508c8f6c40c26e30d2a61306b1"], "ip": "64[.]225[.]91[.]73"}], "mutex": [{"hashes": ["0edef9c023045ca327cbdc4afcb26a729e863a406ededeea620a5156161bd65b", "246f6b0f79d75adae9cd20b4be32421c3876d8d5c190710647b0f8487fde16d6", "250fde02ed82039d271893fb9c57c21566e1306885ffa0ab9ef1d76b8e637450", "4460c8d695928d9791c2c56caa4f4d7f4e89b2f5f79f6cfd3f4104513c7b0caf", "4a3ea8cc597c3dc0f78ac61c7cb05cdf3b6f4fc583a041611eafa10ad48775e7", "5148c0ea49147b1ad5b61fdb21690b36a8df66cd887c5f7a5860593e9cd33da6", "5bcdb4fef1ef0db979cc431233e8ee60df86ff9a58dccb130b6cb14deaf20165", "5d4fafce265952687dc0457c9371e608ad495dcf34f9197dd111814fc0c12f16", "6025eb9ff332381ae1b18ce3fabe0604f01fe42b313ea8ac0525dd92f368330f", "6f7100b0a2575c3f4c6830642168a8dd9dfc779c5adb58959958bad267e1d2c6", "708f61e53aff6e67f8cb80e4267d4030ef0744dc5517a979d5ac4ca098a0c271", "748fadc2257b32a766624b33448b2c665f627ab4783e5364f8b6de9be6fb4595", "76b0732dbca956b771375e08286e64791b5151951df75c3333d330c3fc64b5ad", "892e127dea47acb58bdcf6dcbba6d1c0825578e17eda71aeca70753ca1392d87", "978ee0b56f6aa31b0f09a1558c9712d187910e7f88e6b1cccaf91c6353fc951b", "a30850408cd40360a1d146dd6523e3abe9eb077076f00030d6f4cb854144300e", "a9e66a3df0d91547902987d153025a1db11c40eb69ab34941ceba3e69edff825", "cb06c7223d2180727a5367df89303aa6477ab7dab6c0fd8e8a1fe64da2eae4d3", "d2ab5a17cb955c177a73f6dee869140bf30ae2c6211bf22e62d4bd3069f87fef", "d73d7848785595c34dea1a57ddaf4c83bdcd17e1deae76750856454215e9e369", "e1efa5a4e2d6e7b4dd1bb810b702de584a27cecadc6ee3d9c52bf602837536cd", "e23251582f9c3bff3b9e08303b9715c004db7235ca09c6888fe7673acba251f7", "e94a7c984848c929bafaba780216e6f83ea4e02641f7feecbf3e08792882e20d", "f6b24b4f953a12a464c11c8c6eea113c7da1d447ed9a9c39754d26bb1de15f6b", "ff8f64ba99905d7afb1bc98ec5dc64611bb73d508c8f6c40c26e30d2a61306b1"], "name": "{7930D12C-1D38-EB63-89CF-4C8161B79ED4}"}, {"hashes": ["0edef9c023045ca327cbdc4afcb26a729e863a406ededeea620a5156161bd65b", "246f6b0f79d75adae9cd20b4be32421c3876d8d5c190710647b0f8487fde16d6", "250fde02ed82039d271893fb9c57c21566e1306885ffa0ab9ef1d76b8e637450", "4460c8d695928d9791c2c56caa4f4d7f4e89b2f5f79f6cfd3f4104513c7b0caf", "4a3ea8cc597c3dc0f78ac61c7cb05cdf3b6f4fc583a041611eafa10ad48775e7", "5148c0ea49147b1ad5b61fdb21690b36a8df66cd887c5f7a5860593e9cd33da6", "5bcdb4fef1ef0db979cc431233e8ee60df86ff9a58dccb130b6cb14deaf20165", "5d4fafce265952687dc0457c9371e608ad495dcf34f9197dd111814fc0c12f16", "6025eb9ff332381ae1b18ce3fabe0604f01fe42b313ea8ac0525dd92f368330f", "6f7100b0a2575c3f4c6830642168a8dd9dfc779c5adb58959958bad267e1d2c6", "708f61e53aff6e67f8cb80e4267d4030ef0744dc5517a979d5ac4ca098a0c271", "748fadc2257b32a766624b33448b2c665f627ab4783e5364f8b6de9be6fb4595", "76b0732dbca956b771375e08286e64791b5151951df75c3333d330c3fc64b5ad", "892e127dea47acb58bdcf6dcbba6d1c0825578e17eda71aeca70753ca1392d87", "978ee0b56f6aa31b0f09a1558c9712d187910e7f88e6b1cccaf91c6353fc951b", "a30850408cd40360a1d146dd6523e3abe9eb077076f00030d6f4cb854144300e", "a9e66a3df0d91547902987d153025a1db11c40eb69ab34941ceba3e69edff825", "cb06c7223d2180727a5367df89303aa6477ab7dab6c0fd8e8a1fe64da2eae4d3", "d2ab5a17cb955c177a73f6dee869140bf30ae2c6211bf22e62d4bd3069f87fef", "d73d7848785595c34dea1a57ddaf4c83bdcd17e1deae76750856454215e9e369", "e1efa5a4e2d6e7b4dd1bb810b702de584a27cecadc6ee3d9c52bf602837536cd", "e23251582f9c3bff3b9e08303b9715c004db7235ca09c6888fe7673acba251f7", "e94a7c984848c929bafaba780216e6f83ea4e02641f7feecbf3e08792882e20d", "f6b24b4f953a12a464c11c8c6eea113c7da1d447ed9a9c39754d26bb1de15f6b", "ff8f64ba99905d7afb1bc98ec5dc64611bb73d508c8f6c40c26e30d2a61306b1"], "name": "{79345B6A-421F-2958-EA08-07396ADB9E27}"}], "registry": [{"hashes": ["0edef9c023045ca327cbdc4afcb26a729e863a406ededeea620a5156161bd65b", "246f6b0f79d75adae9cd20b4be32421c3876d8d5c190710647b0f8487fde16d6", "250fde02ed82039d271893fb9c57c21566e1306885ffa0ab9ef1d76b8e637450", "4460c8d695928d9791c2c56caa4f4d7f4e89b2f5f79f6cfd3f4104513c7b0caf", "4a3ea8cc597c3dc0f78ac61c7cb05cdf3b6f4fc583a041611eafa10ad48775e7", "5148c0ea49147b1ad5b61fdb21690b36a8df66cd887c5f7a5860593e9cd33da6", "5bcdb4fef1ef0db979cc431233e8ee60df86ff9a58dccb130b6cb14deaf20165", "5d4fafce265952687dc0457c9371e608ad495dcf34f9197dd111814fc0c12f16", "6025eb9ff332381ae1b18ce3fabe0604f01fe42b313ea8ac0525dd92f368330f", "6f7100b0a2575c3f4c6830642168a8dd9dfc779c5adb58959958bad267e1d2c6", "708f61e53aff6e67f8cb80e4267d4030ef0744dc5517a979d5ac4ca098a0c271", "748fadc2257b32a766624b33448b2c665f627ab4783e5364f8b6de9be6fb4595", "76b0732dbca956b771375e08286e64791b5151951df75c3333d330c3fc64b5ad", "892e127dea47acb58bdcf6dcbba6d1c0825578e17eda71aeca70753ca1392d87", "978ee0b56f6aa31b0f09a1558c9712d187910e7f88e6b1cccaf91c6353fc951b", "a30850408cd40360a1d146dd6523e3abe9eb077076f00030d6f4cb854144300e", "a9e66a3df0d91547902987d153025a1db11c40eb69ab34941ceba3e69edff825", "cb06c7223d2180727a5367df89303aa6477ab7dab6c0fd8e8a1fe64da2eae4d3", "d2ab5a17cb955c177a73f6dee869140bf30ae2c6211bf22e62d4bd3069f87fef", "d73d7848785595c34dea1a57ddaf4c83bdcd17e1deae76750856454215e9e369", "e1efa5a4e2d6e7b4dd1bb810b702de584a27cecadc6ee3d9c52bf602837536cd", "e23251582f9c3bff3b9e08303b9715c004db7235ca09c6888fe7673acba251f7", "e94a7c984848c929bafaba780216e6f83ea4e02641f7feecbf3e08792882e20d", "f6b24b4f953a12a464c11c8c6eea113c7da1d447ed9a9c39754d26bb1de15f6b", "ff8f64ba99905d7afb1bc98ec5dc64611bb73d508c8f6c40c26e30d2a61306b1"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\SECURITY CENTER", "value_name": "AntiVirusOverride"}, {"hashes": ["0edef9c023045ca327cbdc4afcb26a729e863a406ededeea620a5156161bd65b", "246f6b0f79d75adae9cd20b4be32421c3876d8d5c190710647b0f8487fde16d6", "250fde02ed82039d271893fb9c57c21566e1306885ffa0ab9ef1d76b8e637450", "4460c8d695928d9791c2c56caa4f4d7f4e89b2f5f79f6cfd3f4104513c7b0caf", "4a3ea8cc597c3dc0f78ac61c7cb05cdf3b6f4fc583a041611eafa10ad48775e7", "5148c0ea49147b1ad5b61fdb21690b36a8df66cd887c5f7a5860593e9cd33da6", "5bcdb4fef1ef0db979cc431233e8ee60df86ff9a58dccb130b6cb14deaf20165", "5d4fafce265952687dc0457c9371e608ad495dcf34f9197dd111814fc0c12f16", "6025eb9ff332381ae1b18ce3fabe0604f01fe42b313ea8ac0525dd92f368330f", "6f7100b0a2575c3f4c6830642168a8dd9dfc779c5adb58959958bad267e1d2c6", "708f61e53aff6e67f8cb80e4267d4030ef0744dc5517a979d5ac4ca098a0c271", "748fadc2257b32a766624b33448b2c665f627ab4783e5364f8b6de9be6fb4595", "76b0732dbca956b771375e08286e64791b5151951df75c3333d330c3fc64b5ad", "892e127dea47acb58bdcf6dcbba6d1c0825578e17eda71aeca70753ca1392d87", "978ee0b56f6aa31b0f09a1558c9712d187910e7f88e6b1cccaf91c6353fc951b", "a30850408cd40360a1d146dd6523e3abe9eb077076f00030d6f4cb854144300e", "a9e66a3df0d91547902987d153025a1db11c40eb69ab34941ceba3e69edff825", "cb06c7223d2180727a5367df89303aa6477ab7dab6c0fd8e8a1fe64da2eae4d3", "d2ab5a17cb955c177a73f6dee869140bf30ae2c6211bf22e62d4bd3069f87fef", "d73d7848785595c34dea1a57ddaf4c83bdcd17e1deae76750856454215e9e369", "e1efa5a4e2d6e7b4dd1bb810b702de584a27cecadc6ee3d9c52bf602837536cd", "e23251582f9c3bff3b9e08303b9715c004db7235ca09c6888fe7673acba251f7", "e94a7c984848c929bafaba780216e6f83ea4e02641f7feecbf3e08792882e20d", "f6b24b4f953a12a464c11c8c6eea113c7da1d447ed9a9c39754d26bb1de15f6b", "ff8f64ba99905d7afb1bc98ec5dc64611bb73d508c8f6c40c26e30d2a61306b1"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\SECURITY CENTER", "value_name": "AntiVirusDisableNotify"}, {"hashes": ["0edef9c023045ca327cbdc4afcb26a729e863a406ededeea620a5156161bd65b", "246f6b0f79d75adae9cd20b4be32421c3876d8d5c190710647b0f8487fde16d6", "250fde02ed82039d271893fb9c57c21566e1306885ffa0ab9ef1d76b8e637450", "4460c8d695928d9791c2c56caa4f4d7f4e89b2f5f79f6cfd3f4104513c7b0caf", "4a3ea8cc597c3dc0f78ac61c7cb05cdf3b6f4fc583a041611eafa10ad48775e7", "5148c0ea49147b1ad5b61fdb21690b36a8df66cd887c5f7a5860593e9cd33da6", "5bcdb4fef1ef0db979cc431233e8ee60df86ff9a58dccb130b6cb14deaf20165", "5d4fafce265952687dc0457c9371e608ad495dcf34f9197dd111814fc0c12f16", "6025eb9ff332381ae1b18ce3fabe0604f01fe42b313ea8ac0525dd92f368330f", "6f7100b0a2575c3f4c6830642168a8dd9dfc779c5adb58959958bad267e1d2c6", "708f61e53aff6e67f8cb80e4267d4030ef0744dc5517a979d5ac4ca098a0c271", "748fadc2257b32a766624b33448b2c665f627ab4783e5364f8b6de9be6fb4595", "76b0732dbca956b771375e08286e64791b5151951df75c3333d330c3fc64b5ad", "892e127dea47acb58bdcf6dcbba6d1c0825578e17eda71aeca70753ca1392d87", "978ee0b56f6aa31b0f09a1558c9712d187910e7f88e6b1cccaf91c6353fc951b", "a30850408cd40360a1d146dd6523e3abe9eb077076f00030d6f4cb854144300e", "a9e66a3df0d91547902987d153025a1db11c40eb69ab34941ceba3e69edff825", "cb06c7223d2180727a5367df89303aa6477ab7dab6c0fd8e8a1fe64da2eae4d3", "d2ab5a17cb955c177a73f6dee869140bf30ae2c6211bf22e62d4bd3069f87fef", "d73d7848785595c34dea1a57ddaf4c83bdcd17e1deae76750856454215e9e369", "e1efa5a4e2d6e7b4dd1bb810b702de584a27cecadc6ee3d9c52bf602837536cd", "e23251582f9c3bff3b9e08303b9715c004db7235ca09c6888fe7673acba251f7", "e94a7c984848c929bafaba780216e6f83ea4e02641f7feecbf3e08792882e20d", "f6b24b4f953a12a464c11c8c6eea113c7da1d447ed9a9c39754d26bb1de15f6b", "ff8f64ba99905d7afb1bc98ec5dc64611bb73d508c8f6c40c26e30d2a61306b1"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\SECURITY CENTER", "value_name": "FirewallDisableNotify"}, {"hashes": ["0edef9c023045ca327cbdc4afcb26a729e863a406ededeea620a5156161bd65b", "246f6b0f79d75adae9cd20b4be32421c3876d8d5c190710647b0f8487fde16d6", "250fde02ed82039d271893fb9c57c21566e1306885ffa0ab9ef1d76b8e637450", "4460c8d695928d9791c2c56caa4f4d7f4e89b2f5f79f6cfd3f4104513c7b0caf", "4a3ea8cc597c3dc0f78ac61c7cb05cdf3b6f4fc583a041611eafa10ad48775e7", "5148c0ea49147b1ad5b61fdb21690b36a8df66cd887c5f7a5860593e9cd33da6", "5bcdb4fef1ef0db979cc431233e8ee60df86ff9a58dccb130b6cb14deaf20165", "5d4fafce265952687dc0457c9371e608ad495dcf34f9197dd111814fc0c12f16", "6025eb9ff332381ae1b18ce3fabe0604f01fe42b313ea8ac0525dd92f368330f", "6f7100b0a2575c3f4c6830642168a8dd9dfc779c5adb58959958bad267e1d2c6", "708f61e53aff6e67f8cb80e4267d4030ef0744dc5517a979d5ac4ca098a0c271", "748fadc2257b32a766624b33448b2c665f627ab4783e5364f8b6de9be6fb4595", "76b0732dbca956b771375e08286e64791b5151951df75c3333d330c3fc64b5ad", "892e127dea47acb58bdcf6dcbba6d1c0825578e17eda71aeca70753ca1392d87", "978ee0b56f6aa31b0f09a1558c9712d187910e7f88e6b1cccaf91c6353fc951b", "a30850408cd40360a1d146dd6523e3abe9eb077076f00030d6f4cb854144300e", "a9e66a3df0d91547902987d153025a1db11c40eb69ab34941ceba3e69edff825", "cb06c7223d2180727a5367df89303aa6477ab7dab6c0fd8e8a1fe64da2eae4d3", "d2ab5a17cb955c177a73f6dee869140bf30ae2c6211bf22e62d4bd3069f87fef", "d73d7848785595c34dea1a57ddaf4c83bdcd17e1deae76750856454215e9e369", "e1efa5a4e2d6e7b4dd1bb810b702de584a27cecadc6ee3d9c52bf602837536cd", "e23251582f9c3bff3b9e08303b9715c004db7235ca09c6888fe7673acba251f7", "e94a7c984848c929bafaba780216e6f83ea4e02641f7feecbf3e08792882e20d", "f6b24b4f953a12a464c11c8c6eea113c7da1d447ed9a9c39754d26bb1de15f6b", "ff8f64ba99905d7afb1bc98ec5dc64611bb73d508c8f6c40c26e30d2a61306b1"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\SECURITY CENTER", "value_name": "FirewallOverride"}, {"hashes": ["0edef9c023045ca327cbdc4afcb26a729e863a406ededeea620a5156161bd65b", "246f6b0f79d75adae9cd20b4be32421c3876d8d5c190710647b0f8487fde16d6", "250fde02ed82039d271893fb9c57c21566e1306885ffa0ab9ef1d76b8e637450", "4460c8d695928d9791c2c56caa4f4d7f4e89b2f5f79f6cfd3f4104513c7b0caf", "4a3ea8cc597c3dc0f78ac61c7cb05cdf3b6f4fc583a041611eafa10ad48775e7", "5148c0ea49147b1ad5b61fdb21690b36a8df66cd887c5f7a5860593e9cd33da6", "5bcdb4fef1ef0db979cc431233e8ee60df86ff9a58dccb130b6cb14deaf20165", "5d4fafce265952687dc0457c9371e608ad495dcf34f9197dd111814fc0c12f16", "6025eb9ff332381ae1b18ce3fabe0604f01fe42b313ea8ac0525dd92f368330f", "6f7100b0a2575c3f4c6830642168a8dd9dfc779c5adb58959958bad267e1d2c6", "708f61e53aff6e67f8cb80e4267d4030ef0744dc5517a979d5ac4ca098a0c271", "748fadc2257b32a766624b33448b2c665f627ab4783e5364f8b6de9be6fb4595", "76b0732dbca956b771375e08286e64791b5151951df75c3333d330c3fc64b5ad", "892e127dea47acb58bdcf6dcbba6d1c0825578e17eda71aeca70753ca1392d87", "978ee0b56f6aa31b0f09a1558c9712d187910e7f88e6b1cccaf91c6353fc951b", "a30850408cd40360a1d146dd6523e3abe9eb077076f00030d6f4cb854144300e", "a9e66a3df0d91547902987d153025a1db11c40eb69ab34941ceba3e69edff825", "cb06c7223d2180727a5367df89303aa6477ab7dab6c0fd8e8a1fe64da2eae4d3", "d2ab5a17cb955c177a73f6dee869140bf30ae2c6211bf22e62d4bd3069f87fef", "d73d7848785595c34dea1a57ddaf4c83bdcd17e1deae76750856454215e9e369", "e1efa5a4e2d6e7b4dd1bb810b702de584a27cecadc6ee3d9c52bf602837536cd", "e23251582f9c3bff3b9e08303b9715c004db7235ca09c6888fe7673acba251f7", "e94a7c984848c929bafaba780216e6f83ea4e02641f7feecbf3e08792882e20d", "f6b24b4f953a12a464c11c8c6eea113c7da1d447ed9a9c39754d26bb1de15f6b", "ff8f64ba99905d7afb1bc98ec5dc64611bb73d508c8f6c40c26e30d2a61306b1"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\SECURITY CENTER", "value_name": "UpdatesDisableNotify"}, {"hashes": ["0edef9c023045ca327cbdc4afcb26a729e863a406ededeea620a5156161bd65b", "246f6b0f79d75adae9cd20b4be32421c3876d8d5c190710647b0f8487fde16d6", "250fde02ed82039d271893fb9c57c21566e1306885ffa0ab9ef1d76b8e637450", "4460c8d695928d9791c2c56caa4f4d7f4e89b2f5f79f6cfd3f4104513c7b0caf", "4a3ea8cc597c3dc0f78ac61c7cb05cdf3b6f4fc583a041611eafa10ad48775e7", "5148c0ea49147b1ad5b61fdb21690b36a8df66cd887c5f7a5860593e9cd33da6", "5bcdb4fef1ef0db979cc431233e8ee60df86ff9a58dccb130b6cb14deaf20165", "5d4fafce265952687dc0457c9371e608ad495dcf34f9197dd111814fc0c12f16", "6025eb9ff332381ae1b18ce3fabe0604f01fe42b313ea8ac0525dd92f368330f", "6f7100b0a2575c3f4c6830642168a8dd9dfc779c5adb58959958bad267e1d2c6", "708f61e53aff6e67f8cb80e4267d4030ef0744dc5517a979d5ac4ca098a0c271", "748fadc2257b32a766624b33448b2c665f627ab4783e5364f8b6de9be6fb4595", "76b0732dbca956b771375e08286e64791b5151951df75c3333d330c3fc64b5ad", "892e127dea47acb58bdcf6dcbba6d1c0825578e17eda71aeca70753ca1392d87", "978ee0b56f6aa31b0f09a1558c9712d187910e7f88e6b1cccaf91c6353fc951b", "a30850408cd40360a1d146dd6523e3abe9eb077076f00030d6f4cb854144300e", "a9e66a3df0d91547902987d153025a1db11c40eb69ab34941ceba3e69edff825", "cb06c7223d2180727a5367df89303aa6477ab7dab6c0fd8e8a1fe64da2eae4d3", "d2ab5a17cb955c177a73f6dee869140bf30ae2c6211bf22e62d4bd3069f87fef", "d73d7848785595c34dea1a57ddaf4c83bdcd17e1deae76750856454215e9e369", "e1efa5a4e2d6e7b4dd1bb810b702de584a27cecadc6ee3d9c52bf602837536cd", "e23251582f9c3bff3b9e08303b9715c004db7235ca09c6888fe7673acba251f7", "e94a7c984848c929bafaba780216e6f83ea4e02641f7feecbf3e08792882e20d", "f6b24b4f953a12a464c11c8c6eea113c7da1d447ed9a9c39754d26bb1de15f6b", "ff8f64ba99905d7afb1bc98ec5dc64611bb73d508c8f6c40c26e30d2a61306b1"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\SECURITY CENTER", "value_name": "UacDisableNotify"}, {"hashes": ["0edef9c023045ca327cbdc4afcb26a729e863a406ededeea620a5156161bd65b", "246f6b0f79d75adae9cd20b4be32421c3876d8d5c190710647b0f8487fde16d6", "250fde02ed82039d271893fb9c57c21566e1306885ffa0ab9ef1d76b8e637450", "4460c8d695928d9791c2c56caa4f4d7f4e89b2f5f79f6cfd3f4104513c7b0caf", "4a3ea8cc597c3dc0f78ac61c7cb05cdf3b6f4fc583a041611eafa10ad48775e7", "5148c0ea49147b1ad5b61fdb21690b36a8df66cd887c5f7a5860593e9cd33da6", "5bcdb4fef1ef0db979cc431233e8ee60df86ff9a58dccb130b6cb14deaf20165", "5d4fafce265952687dc0457c9371e608ad495dcf34f9197dd111814fc0c12f16", "6025eb9ff332381ae1b18ce3fabe0604f01fe42b313ea8ac0525dd92f368330f", "6f7100b0a2575c3f4c6830642168a8dd9dfc779c5adb58959958bad267e1d2c6", "708f61e53aff6e67f8cb80e4267d4030ef0744dc5517a979d5ac4ca098a0c271", "748fadc2257b32a766624b33448b2c665f627ab4783e5364f8b6de9be6fb4595", "76b0732dbca956b771375e08286e64791b5151951df75c3333d330c3fc64b5ad", "892e127dea47acb58bdcf6dcbba6d1c0825578e17eda71aeca70753ca1392d87", "978ee0b56f6aa31b0f09a1558c9712d187910e7f88e6b1cccaf91c6353fc951b", "a30850408cd40360a1d146dd6523e3abe9eb077076f00030d6f4cb854144300e", "a9e66a3df0d91547902987d153025a1db11c40eb69ab34941ceba3e69edff825", "cb06c7223d2180727a5367df89303aa6477ab7dab6c0fd8e8a1fe64da2eae4d3", "d2ab5a17cb955c177a73f6dee869140bf30ae2c6211bf22e62d4bd3069f87fef", "d73d7848785595c34dea1a57ddaf4c83bdcd17e1deae76750856454215e9e369", "e1efa5a4e2d6e7b4dd1bb810b702de584a27cecadc6ee3d9c52bf602837536cd", "e23251582f9c3bff3b9e08303b9715c004db7235ca09c6888fe7673acba251f7", "e94a7c984848c929bafaba780216e6f83ea4e02641f7feecbf3e08792882e20d", "f6b24b4f953a12a464c11c8c6eea113c7da1d447ed9a9c39754d26bb1de15f6b", "ff8f64ba99905d7afb1bc98ec5dc64611bb73d508c8f6c40c26e30d2a61306b1"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\SYSTEM", "value_name": "EnableLUA"}, {"hashes": ["0edef9c023045ca327cbdc4afcb26a729e863a406ededeea620a5156161bd65b", "246f6b0f79d75adae9cd20b4be32421c3876d8d5c190710647b0f8487fde16d6", "250fde02ed82039d271893fb9c57c21566e1306885ffa0ab9ef1d76b8e637450", "4460c8d695928d9791c2c56caa4f4d7f4e89b2f5f79f6cfd3f4104513c7b0caf", "4a3ea8cc597c3dc0f78ac61c7cb05cdf3b6f4fc583a041611eafa10ad48775e7", "5148c0ea49147b1ad5b61fdb21690b36a8df66cd887c5f7a5860593e9cd33da6", "5bcdb4fef1ef0db979cc431233e8ee60df86ff9a58dccb130b6cb14deaf20165", "5d4fafce265952687dc0457c9371e608ad495dcf34f9197dd111814fc0c12f16", "6025eb9ff332381ae1b18ce3fabe0604f01fe42b313ea8ac0525dd92f368330f", "6f7100b0a2575c3f4c6830642168a8dd9dfc779c5adb58959958bad267e1d2c6", "708f61e53aff6e67f8cb80e4267d4030ef0744dc5517a979d5ac4ca098a0c271", "748fadc2257b32a766624b33448b2c665f627ab4783e5364f8b6de9be6fb4595", "76b0732dbca956b771375e08286e64791b5151951df75c3333d330c3fc64b5ad", "892e127dea47acb58bdcf6dcbba6d1c0825578e17eda71aeca70753ca1392d87", "978ee0b56f6aa31b0f09a1558c9712d187910e7f88e6b1cccaf91c6353fc951b", "a30850408cd40360a1d146dd6523e3abe9eb077076f00030d6f4cb854144300e", "a9e66a3df0d91547902987d153025a1db11c40eb69ab34941ceba3e69edff825", "cb06c7223d2180727a5367df89303aa6477ab7dab6c0fd8e8a1fe64da2eae4d3", "d2ab5a17cb955c177a73f6dee869140bf30ae2c6211bf22e62d4bd3069f87fef", "d73d7848785595c34dea1a57ddaf4c83bdcd17e1deae76750856454215e9e369", "e1efa5a4e2d6e7b4dd1bb810b702de584a27cecadc6ee3d9c52bf602837536cd", "e23251582f9c3bff3b9e08303b9715c004db7235ca09c6888fe7673acba251f7", "e94a7c984848c929bafaba780216e6f83ea4e02641f7feecbf3e08792882e20d", "f6b24b4f953a12a464c11c8c6eea113c7da1d447ed9a9c39754d26bb1de15f6b", "ff8f64ba99905d7afb1bc98ec5dc64611bb73d508c8f6c40c26e30d2a61306b1"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\SHAREDACCESS\\PARAMETERS\\FIREWALLPOLICY\\STANDARDPROFILE", "value_name": "EnableFirewall"}, {"hashes": ["0edef9c023045ca327cbdc4afcb26a729e863a406ededeea620a5156161bd65b", "246f6b0f79d75adae9cd20b4be32421c3876d8d5c190710647b0f8487fde16d6", "250fde02ed82039d271893fb9c57c21566e1306885ffa0ab9ef1d76b8e637450", "4460c8d695928d9791c2c56caa4f4d7f4e89b2f5f79f6cfd3f4104513c7b0caf", "4a3ea8cc597c3dc0f78ac61c7cb05cdf3b6f4fc583a041611eafa10ad48775e7", "5148c0ea49147b1ad5b61fdb21690b36a8df66cd887c5f7a5860593e9cd33da6", "5bcdb4fef1ef0db979cc431233e8ee60df86ff9a58dccb130b6cb14deaf20165", "5d4fafce265952687dc0457c9371e608ad495dcf34f9197dd111814fc0c12f16", "6025eb9ff332381ae1b18ce3fabe0604f01fe42b313ea8ac0525dd92f368330f", "6f7100b0a2575c3f4c6830642168a8dd9dfc779c5adb58959958bad267e1d2c6", "708f61e53aff6e67f8cb80e4267d4030ef0744dc5517a979d5ac4ca098a0c271", "748fadc2257b32a766624b33448b2c665f627ab4783e5364f8b6de9be6fb4595", "76b0732dbca956b771375e08286e64791b5151951df75c3333d330c3fc64b5ad", "892e127dea47acb58bdcf6dcbba6d1c0825578e17eda71aeca70753ca1392d87", "978ee0b56f6aa31b0f09a1558c9712d187910e7f88e6b1cccaf91c6353fc951b", "a30850408cd40360a1d146dd6523e3abe9eb077076f00030d6f4cb854144300e", "a9e66a3df0d91547902987d153025a1db11c40eb69ab34941ceba3e69edff825", "cb06c7223d2180727a5367df89303aa6477ab7dab6c0fd8e8a1fe64da2eae4d3", "d2ab5a17cb955c177a73f6dee869140bf30ae2c6211bf22e62d4bd3069f87fef", "d73d7848785595c34dea1a57ddaf4c83bdcd17e1deae76750856454215e9e369", "e1efa5a4e2d6e7b4dd1bb810b702de584a27cecadc6ee3d9c52bf602837536cd", "e23251582f9c3bff3b9e08303b9715c004db7235ca09c6888fe7673acba251f7", "e94a7c984848c929bafaba780216e6f83ea4e02641f7feecbf3e08792882e20d", "f6b24b4f953a12a464c11c8c6eea113c7da1d447ed9a9c39754d26bb1de15f6b", "ff8f64ba99905d7afb1bc98ec5dc64611bb73d508c8f6c40c26e30d2a61306b1"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\SHAREDACCESS\\PARAMETERS\\FIREWALLPOLICY\\STANDARDPROFILE", "value_name": "DoNotAllowExceptions"}, {"hashes": ["0edef9c023045ca327cbdc4afcb26a729e863a406ededeea620a5156161bd65b", "246f6b0f79d75adae9cd20b4be32421c3876d8d5c190710647b0f8487fde16d6", "250fde02ed82039d271893fb9c57c21566e1306885ffa0ab9ef1d76b8e637450", "4460c8d695928d9791c2c56caa4f4d7f4e89b2f5f79f6cfd3f4104513c7b0caf", "4a3ea8cc597c3dc0f78ac61c7cb05cdf3b6f4fc583a041611eafa10ad48775e7", "5148c0ea49147b1ad5b61fdb21690b36a8df66cd887c5f7a5860593e9cd33da6", "5bcdb4fef1ef0db979cc431233e8ee60df86ff9a58dccb130b6cb14deaf20165", "5d4fafce265952687dc0457c9371e608ad495dcf34f9197dd111814fc0c12f16", "6025eb9ff332381ae1b18ce3fabe0604f01fe42b313ea8ac0525dd92f368330f", "6f7100b0a2575c3f4c6830642168a8dd9dfc779c5adb58959958bad267e1d2c6", "708f61e53aff6e67f8cb80e4267d4030ef0744dc5517a979d5ac4ca098a0c271", "748fadc2257b32a766624b33448b2c665f627ab4783e5364f8b6de9be6fb4595", "76b0732dbca956b771375e08286e64791b5151951df75c3333d330c3fc64b5ad", "892e127dea47acb58bdcf6dcbba6d1c0825578e17eda71aeca70753ca1392d87", "978ee0b56f6aa31b0f09a1558c9712d187910e7f88e6b1cccaf91c6353fc951b", "a30850408cd40360a1d146dd6523e3abe9eb077076f00030d6f4cb854144300e", "a9e66a3df0d91547902987d153025a1db11c40eb69ab34941ceba3e69edff825", "cb06c7223d2180727a5367df89303aa6477ab7dab6c0fd8e8a1fe64da2eae4d3", "d2ab5a17cb955c177a73f6dee869140bf30ae2c6211bf22e62d4bd3069f87fef", "d73d7848785595c34dea1a57ddaf4c83bdcd17e1deae76750856454215e9e369", "e1efa5a4e2d6e7b4dd1bb810b702de584a27cecadc6ee3d9c52bf602837536cd", "e23251582f9c3bff3b9e08303b9715c004db7235ca09c6888fe7673acba251f7", "e94a7c984848c929bafaba780216e6f83ea4e02641f7feecbf3e08792882e20d", "f6b24b4f953a12a464c11c8c6eea113c7da1d447ed9a9c39754d26bb1de15f6b", "ff8f64ba99905d7afb1bc98ec5dc64611bb73d508c8f6c40c26e30d2a61306b1"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\SHAREDACCESS\\PARAMETERS\\FIREWALLPOLICY\\STANDARDPROFILE", "value_name": "DisableNotifications"}, {"hashes": ["0edef9c023045ca327cbdc4afcb26a729e863a406ededeea620a5156161bd65b", "246f6b0f79d75adae9cd20b4be32421c3876d8d5c190710647b0f8487fde16d6", "250fde02ed82039d271893fb9c57c21566e1306885ffa0ab9ef1d76b8e637450", "4460c8d695928d9791c2c56caa4f4d7f4e89b2f5f79f6cfd3f4104513c7b0caf", "4a3ea8cc597c3dc0f78ac61c7cb05cdf3b6f4fc583a041611eafa10ad48775e7", "5148c0ea49147b1ad5b61fdb21690b36a8df66cd887c5f7a5860593e9cd33da6", "5bcdb4fef1ef0db979cc431233e8ee60df86ff9a58dccb130b6cb14deaf20165", "5d4fafce265952687dc0457c9371e608ad495dcf34f9197dd111814fc0c12f16", "6025eb9ff332381ae1b18ce3fabe0604f01fe42b313ea8ac0525dd92f368330f", "6f7100b0a2575c3f4c6830642168a8dd9dfc779c5adb58959958bad267e1d2c6", "708f61e53aff6e67f8cb80e4267d4030ef0744dc5517a979d5ac4ca098a0c271", "748fadc2257b32a766624b33448b2c665f627ab4783e5364f8b6de9be6fb4595", "76b0732dbca956b771375e08286e64791b5151951df75c3333d330c3fc64b5ad", "892e127dea47acb58bdcf6dcbba6d1c0825578e17eda71aeca70753ca1392d87", "978ee0b56f6aa31b0f09a1558c9712d187910e7f88e6b1cccaf91c6353fc951b", "a30850408cd40360a1d146dd6523e3abe9eb077076f00030d6f4cb854144300e", "a9e66a3df0d91547902987d153025a1db11c40eb69ab34941ceba3e69edff825", "cb06c7223d2180727a5367df89303aa6477ab7dab6c0fd8e8a1fe64da2eae4d3", "d2ab5a17cb955c177a73f6dee869140bf30ae2c6211bf22e62d4bd3069f87fef", "d73d7848785595c34dea1a57ddaf4c83bdcd17e1deae76750856454215e9e369", "e1efa5a4e2d6e7b4dd1bb810b702de584a27cecadc6ee3d9c52bf602837536cd", "e23251582f9c3bff3b9e08303b9715c004db7235ca09c6888fe7673acba251f7", "e94a7c984848c929bafaba780216e6f83ea4e02641f7feecbf3e08792882e20d", "f6b24b4f953a12a464c11c8c6eea113c7da1d447ed9a9c39754d26bb1de15f6b", "ff8f64ba99905d7afb1bc98ec5dc64611bb73d508c8f6c40c26e30d2a61306b1"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WSCSVC", "value_name": "Start"}, {"hashes": ["0edef9c023045ca327cbdc4afcb26a729e863a406ededeea620a5156161bd65b", "246f6b0f79d75adae9cd20b4be32421c3876d8d5c190710647b0f8487fde16d6", "250fde02ed82039d271893fb9c57c21566e1306885ffa0ab9ef1d76b8e637450", "4460c8d695928d9791c2c56caa4f4d7f4e89b2f5f79f6cfd3f4104513c7b0caf", "4a3ea8cc597c3dc0f78ac61c7cb05cdf3b6f4fc583a041611eafa10ad48775e7", "5148c0ea49147b1ad5b61fdb21690b36a8df66cd887c5f7a5860593e9cd33da6", "5bcdb4fef1ef0db979cc431233e8ee60df86ff9a58dccb130b6cb14deaf20165", "5d4fafce265952687dc0457c9371e608ad495dcf34f9197dd111814fc0c12f16", "6025eb9ff332381ae1b18ce3fabe0604f01fe42b313ea8ac0525dd92f368330f", "6f7100b0a2575c3f4c6830642168a8dd9dfc779c5adb58959958bad267e1d2c6", "708f61e53aff6e67f8cb80e4267d4030ef0744dc5517a979d5ac4ca098a0c271", "748fadc2257b32a766624b33448b2c665f627ab4783e5364f8b6de9be6fb4595", "76b0732dbca956b771375e08286e64791b5151951df75c3333d330c3fc64b5ad", "892e127dea47acb58bdcf6dcbba6d1c0825578e17eda71aeca70753ca1392d87", "978ee0b56f6aa31b0f09a1558c9712d187910e7f88e6b1cccaf91c6353fc951b", "a30850408cd40360a1d146dd6523e3abe9eb077076f00030d6f4cb854144300e", "a9e66a3df0d91547902987d153025a1db11c40eb69ab34941ceba3e69edff825", "cb06c7223d2180727a5367df89303aa6477ab7dab6c0fd8e8a1fe64da2eae4d3", "d2ab5a17cb955c177a73f6dee869140bf30ae2c6211bf22e62d4bd3069f87fef", "d73d7848785595c34dea1a57ddaf4c83bdcd17e1deae76750856454215e9e369", "e1efa5a4e2d6e7b4dd1bb810b702de584a27cecadc6ee3d9c52bf602837536cd", "e23251582f9c3bff3b9e08303b9715c004db7235ca09c6888fe7673acba251f7", "e94a7c984848c929bafaba780216e6f83ea4e02641f7feecbf3e08792882e20d", "f6b24b4f953a12a464c11c8c6eea113c7da1d447ed9a9c39754d26bb1de15f6b", "ff8f64ba99905d7afb1bc98ec5dc64611bb73d508c8f6c40c26e30d2a61306b1"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WINDEFEND", "value_name": "Start"}, {"hashes": ["0edef9c023045ca327cbdc4afcb26a729e863a406ededeea620a5156161bd65b", "246f6b0f79d75adae9cd20b4be32421c3876d8d5c190710647b0f8487fde16d6", "250fde02ed82039d271893fb9c57c21566e1306885ffa0ab9ef1d76b8e637450", "4460c8d695928d9791c2c56caa4f4d7f4e89b2f5f79f6cfd3f4104513c7b0caf", "4a3ea8cc597c3dc0f78ac61c7cb05cdf3b6f4fc583a041611eafa10ad48775e7", "5148c0ea49147b1ad5b61fdb21690b36a8df66cd887c5f7a5860593e9cd33da6", "5bcdb4fef1ef0db979cc431233e8ee60df86ff9a58dccb130b6cb14deaf20165", "5d4fafce265952687dc0457c9371e608ad495dcf34f9197dd111814fc0c12f16", "6025eb9ff332381ae1b18ce3fabe0604f01fe42b313ea8ac0525dd92f368330f", "6f7100b0a2575c3f4c6830642168a8dd9dfc779c5adb58959958bad267e1d2c6", "708f61e53aff6e67f8cb80e4267d4030ef0744dc5517a979d5ac4ca098a0c271", "748fadc2257b32a766624b33448b2c665f627ab4783e5364f8b6de9be6fb4595", "76b0732dbca956b771375e08286e64791b5151951df75c3333d330c3fc64b5ad", "892e127dea47acb58bdcf6dcbba6d1c0825578e17eda71aeca70753ca1392d87", "978ee0b56f6aa31b0f09a1558c9712d187910e7f88e6b1cccaf91c6353fc951b", "a30850408cd40360a1d146dd6523e3abe9eb077076f00030d6f4cb854144300e", "a9e66a3df0d91547902987d153025a1db11c40eb69ab34941ceba3e69edff825", "cb06c7223d2180727a5367df89303aa6477ab7dab6c0fd8e8a1fe64da2eae4d3", "d2ab5a17cb955c177a73f6dee869140bf30ae2c6211bf22e62d4bd3069f87fef", "d73d7848785595c34dea1a57ddaf4c83bdcd17e1deae76750856454215e9e369", "e1efa5a4e2d6e7b4dd1bb810b702de584a27cecadc6ee3d9c52bf602837536cd", "e23251582f9c3bff3b9e08303b9715c004db7235ca09c6888fe7673acba251f7", "e94a7c984848c929bafaba780216e6f83ea4e02641f7feecbf3e08792882e20d", "f6b24b4f953a12a464c11c8c6eea113c7da1d447ed9a9c39754d26bb1de15f6b", "ff8f64ba99905d7afb1bc98ec5dc64611bb73d508c8f6c40c26e30d2a61306b1"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\MPSSVC", "value_name": "Start"}, {"hashes": ["0edef9c023045ca327cbdc4afcb26a729e863a406ededeea620a5156161bd65b", "246f6b0f79d75adae9cd20b4be32421c3876d8d5c190710647b0f8487fde16d6", "250fde02ed82039d271893fb9c57c21566e1306885ffa0ab9ef1d76b8e637450", "4460c8d695928d9791c2c56caa4f4d7f4e89b2f5f79f6cfd3f4104513c7b0caf", "4a3ea8cc597c3dc0f78ac61c7cb05cdf3b6f4fc583a041611eafa10ad48775e7", "5148c0ea49147b1ad5b61fdb21690b36a8df66cd887c5f7a5860593e9cd33da6", "5bcdb4fef1ef0db979cc431233e8ee60df86ff9a58dccb130b6cb14deaf20165", "5d4fafce265952687dc0457c9371e608ad495dcf34f9197dd111814fc0c12f16", "6025eb9ff332381ae1b18ce3fabe0604f01fe42b313ea8ac0525dd92f368330f", "6f7100b0a2575c3f4c6830642168a8dd9dfc779c5adb58959958bad267e1d2c6", "708f61e53aff6e67f8cb80e4267d4030ef0744dc5517a979d5ac4ca098a0c271", "748fadc2257b32a766624b33448b2c665f627ab4783e5364f8b6de9be6fb4595", "76b0732dbca956b771375e08286e64791b5151951df75c3333d330c3fc64b5ad", "892e127dea47acb58bdcf6dcbba6d1c0825578e17eda71aeca70753ca1392d87", "978ee0b56f6aa31b0f09a1558c9712d187910e7f88e6b1cccaf91c6353fc951b", "a30850408cd40360a1d146dd6523e3abe9eb077076f00030d6f4cb854144300e", "a9e66a3df0d91547902987d153025a1db11c40eb69ab34941ceba3e69edff825", "cb06c7223d2180727a5367df89303aa6477ab7dab6c0fd8e8a1fe64da2eae4d3", "d2ab5a17cb955c177a73f6dee869140bf30ae2c6211bf22e62d4bd3069f87fef", "d73d7848785595c34dea1a57ddaf4c83bdcd17e1deae76750856454215e9e369", "e1efa5a4e2d6e7b4dd1bb810b702de584a27cecadc6ee3d9c52bf602837536cd", "e23251582f9c3bff3b9e08303b9715c004db7235ca09c6888fe7673acba251f7", "e94a7c984848c929bafaba780216e6f83ea4e02641f7feecbf3e08792882e20d", "f6b24b4f953a12a464c11c8c6eea113c7da1d447ed9a9c39754d26bb1de15f6b", "ff8f64ba99905d7afb1bc98ec5dc64611bb73d508c8f6c40c26e30d2a61306b1"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION", "value_name": "jfghdug_ooetvtgk"}, {"hashes": ["0edef9c023045ca327cbdc4afcb26a729e863a406ededeea620a5156161bd65b", "246f6b0f79d75adae9cd20b4be32421c3876d8d5c190710647b0f8487fde16d6", "250fde02ed82039d271893fb9c57c21566e1306885ffa0ab9ef1d76b8e637450", "4460c8d695928d9791c2c56caa4f4d7f4e89b2f5f79f6cfd3f4104513c7b0caf", "4a3ea8cc597c3dc0f78ac61c7cb05cdf3b6f4fc583a041611eafa10ad48775e7", "5148c0ea49147b1ad5b61fdb21690b36a8df66cd887c5f7a5860593e9cd33da6", "5bcdb4fef1ef0db979cc431233e8ee60df86ff9a58dccb130b6cb14deaf20165", "5d4fafce265952687dc0457c9371e608ad495dcf34f9197dd111814fc0c12f16", "6025eb9ff332381ae1b18ce3fabe0604f01fe42b313ea8ac0525dd92f368330f", "6f7100b0a2575c3f4c6830642168a8dd9dfc779c5adb58959958bad267e1d2c6", "708f61e53aff6e67f8cb80e4267d4030ef0744dc5517a979d5ac4ca098a0c271", "748fadc2257b32a766624b33448b2c665f627ab4783e5364f8b6de9be6fb4595", "76b0732dbca956b771375e08286e64791b5151951df75c3333d330c3fc64b5ad", "892e127dea47acb58bdcf6dcbba6d1c0825578e17eda71aeca70753ca1392d87", "978ee0b56f6aa31b0f09a1558c9712d187910e7f88e6b1cccaf91c6353fc951b", "a30850408cd40360a1d146dd6523e3abe9eb077076f00030d6f4cb854144300e", "a9e66a3df0d91547902987d153025a1db11c40eb69ab34941ceba3e69edff825", "cb06c7223d2180727a5367df89303aa6477ab7dab6c0fd8e8a1fe64da2eae4d3", "d2ab5a17cb955c177a73f6dee869140bf30ae2c6211bf22e62d4bd3069f87fef", "d73d7848785595c34dea1a57ddaf4c83bdcd17e1deae76750856454215e9e369", "e1efa5a4e2d6e7b4dd1bb810b702de584a27cecadc6ee3d9c52bf602837536cd", "e23251582f9c3bff3b9e08303b9715c004db7235ca09c6888fe7673acba251f7", "e94a7c984848c929bafaba780216e6f83ea4e02641f7feecbf3e08792882e20d", "f6b24b4f953a12a464c11c8c6eea113c7da1d447ed9a9c39754d26bb1de15f6b", "ff8f64ba99905d7afb1bc98ec5dc64611bb73d508c8f6c40c26e30d2a61306b1"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "JudCsgdy"}, {"hashes": ["0edef9c023045ca327cbdc4afcb26a729e863a406ededeea620a5156161bd65b", "246f6b0f79d75adae9cd20b4be32421c3876d8d5c190710647b0f8487fde16d6", "250fde02ed82039d271893fb9c57c21566e1306885ffa0ab9ef1d76b8e637450", "4460c8d695928d9791c2c56caa4f4d7f4e89b2f5f79f6cfd3f4104513c7b0caf", "4a3ea8cc597c3dc0f78ac61c7cb05cdf3b6f4fc583a041611eafa10ad48775e7", "5148c0ea49147b1ad5b61fdb21690b36a8df66cd887c5f7a5860593e9cd33da6", "5bcdb4fef1ef0db979cc431233e8ee60df86ff9a58dccb130b6cb14deaf20165", "5d4fafce265952687dc0457c9371e608ad495dcf34f9197dd111814fc0c12f16", "6025eb9ff332381ae1b18ce3fabe0604f01fe42b313ea8ac0525dd92f368330f", "6f7100b0a2575c3f4c6830642168a8dd9dfc779c5adb58959958bad267e1d2c6", "708f61e53aff6e67f8cb80e4267d4030ef0744dc5517a979d5ac4ca098a0c271", "748fadc2257b32a766624b33448b2c665f627ab4783e5364f8b6de9be6fb4595", "76b0732dbca956b771375e08286e64791b5151951df75c3333d330c3fc64b5ad", "892e127dea47acb58bdcf6dcbba6d1c0825578e17eda71aeca70753ca1392d87", "978ee0b56f6aa31b0f09a1558c9712d187910e7f88e6b1cccaf91c6353fc951b", "a30850408cd40360a1d146dd6523e3abe9eb077076f00030d6f4cb854144300e", "a9e66a3df0d91547902987d153025a1db11c40eb69ab34941ceba3e69edff825", "cb06c7223d2180727a5367df89303aa6477ab7dab6c0fd8e8a1fe64da2eae4d3", "d2ab5a17cb955c177a73f6dee869140bf30ae2c6211bf22e62d4bd3069f87fef", "d73d7848785595c34dea1a57ddaf4c83bdcd17e1deae76750856454215e9e369", "e1efa5a4e2d6e7b4dd1bb810b702de584a27cecadc6ee3d9c52bf602837536cd", "e23251582f9c3bff3b9e08303b9715c004db7235ca09c6888fe7673acba251f7", "e94a7c984848c929bafaba780216e6f83ea4e02641f7feecbf3e08792882e20d", "f6b24b4f953a12a464c11c8c6eea113c7da1d447ed9a9c39754d26bb1de15f6b", "ff8f64ba99905d7afb1bc98ec5dc64611bb73d508c8f6c40c26e30d2a61306b1"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WUAUSERV", "value_name": "Start"}, {"hashes": ["0edef9c023045ca327cbdc4afcb26a729e863a406ededeea620a5156161bd65b", "246f6b0f79d75adae9cd20b4be32421c3876d8d5c190710647b0f8487fde16d6", "250fde02ed82039d271893fb9c57c21566e1306885ffa0ab9ef1d76b8e637450", "4460c8d695928d9791c2c56caa4f4d7f4e89b2f5f79f6cfd3f4104513c7b0caf", "4a3ea8cc597c3dc0f78ac61c7cb05cdf3b6f4fc583a041611eafa10ad48775e7", "5148c0ea49147b1ad5b61fdb21690b36a8df66cd887c5f7a5860593e9cd33da6", "5bcdb4fef1ef0db979cc431233e8ee60df86ff9a58dccb130b6cb14deaf20165", "5d4fafce265952687dc0457c9371e608ad495dcf34f9197dd111814fc0c12f16", "6025eb9ff332381ae1b18ce3fabe0604f01fe42b313ea8ac0525dd92f368330f", "6f7100b0a2575c3f4c6830642168a8dd9dfc779c5adb58959958bad267e1d2c6", "708f61e53aff6e67f8cb80e4267d4030ef0744dc5517a979d5ac4ca098a0c271", "748fadc2257b32a766624b33448b2c665f627ab4783e5364f8b6de9be6fb4595", "76b0732dbca956b771375e08286e64791b5151951df75c3333d330c3fc64b5ad", "892e127dea47acb58bdcf6dcbba6d1c0825578e17eda71aeca70753ca1392d87", "978ee0b56f6aa31b0f09a1558c9712d187910e7f88e6b1cccaf91c6353fc951b", "a30850408cd40360a1d146dd6523e3abe9eb077076f00030d6f4cb854144300e", "a9e66a3df0d91547902987d153025a1db11c40eb69ab34941ceba3e69edff825", "cb06c7223d2180727a5367df89303aa6477ab7dab6c0fd8e8a1fe64da2eae4d3", "d2ab5a17cb955c177a73f6dee869140bf30ae2c6211bf22e62d4bd3069f87fef", "d73d7848785595c34dea1a57ddaf4c83bdcd17e1deae76750856454215e9e369", "e1efa5a4e2d6e7b4dd1bb810b702de584a27cecadc6ee3d9c52bf602837536cd", "e23251582f9c3bff3b9e08303b9715c004db7235ca09c6888fe7673acba251f7", "e94a7c984848c929bafaba780216e6f83ea4e02641f7feecbf3e08792882e20d", "f6b24b4f953a12a464c11c8c6eea113c7da1d447ed9a9c39754d26bb1de15f6b", "ff8f64ba99905d7afb1bc98ec5dc64611bb73d508c8f6c40c26e30d2a61306b1"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "Windows Defender"}, {"hashes": ["0edef9c023045ca327cbdc4afcb26a729e863a406ededeea620a5156161bd65b", "246f6b0f79d75adae9cd20b4be32421c3876d8d5c190710647b0f8487fde16d6", "250fde02ed82039d271893fb9c57c21566e1306885ffa0ab9ef1d76b8e637450", "4460c8d695928d9791c2c56caa4f4d7f4e89b2f5f79f6cfd3f4104513c7b0caf", "4a3ea8cc597c3dc0f78ac61c7cb05cdf3b6f4fc583a041611eafa10ad48775e7", "5148c0ea49147b1ad5b61fdb21690b36a8df66cd887c5f7a5860593e9cd33da6", "5bcdb4fef1ef0db979cc431233e8ee60df86ff9a58dccb130b6cb14deaf20165", "5d4fafce265952687dc0457c9371e608ad495dcf34f9197dd111814fc0c12f16", "6025eb9ff332381ae1b18ce3fabe0604f01fe42b313ea8ac0525dd92f368330f", "6f7100b0a2575c3f4c6830642168a8dd9dfc779c5adb58959958bad267e1d2c6", "708f61e53aff6e67f8cb80e4267d4030ef0744dc5517a979d5ac4ca098a0c271", "748fadc2257b32a766624b33448b2c665f627ab4783e5364f8b6de9be6fb4595", "76b0732dbca956b771375e08286e64791b5151951df75c3333d330c3fc64b5ad", "892e127dea47acb58bdcf6dcbba6d1c0825578e17eda71aeca70753ca1392d87", "978ee0b56f6aa31b0f09a1558c9712d187910e7f88e6b1cccaf91c6353fc951b", "a30850408cd40360a1d146dd6523e3abe9eb077076f00030d6f4cb854144300e", "a9e66a3df0d91547902987d153025a1db11c40eb69ab34941ceba3e69edff825", "cb06c7223d2180727a5367df89303aa6477ab7dab6c0fd8e8a1fe64da2eae4d3", "d2ab5a17cb955c177a73f6dee869140bf30ae2c6211bf22e62d4bd3069f87fef", "d73d7848785595c34dea1a57ddaf4c83bdcd17e1deae76750856454215e9e369", "e1efa5a4e2d6e7b4dd1bb810b702de584a27cecadc6ee3d9c52bf602837536cd", "e23251582f9c3bff3b9e08303b9715c004db7235ca09c6888fe7673acba251f7", "e94a7c984848c929bafaba780216e6f83ea4e02641f7feecbf3e08792882e20d", "f6b24b4f953a12a464c11c8c6eea113c7da1d447ed9a9c39754d26bb1de15f6b", "ff8f64ba99905d7afb1bc98ec5dc64611bb73d508c8f6c40c26e30d2a61306b1"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINLOGON", "value_name": "Userinit"}, {"hashes": ["0edef9c023045ca327cbdc4afcb26a729e863a406ededeea620a5156161bd65b", "246f6b0f79d75adae9cd20b4be32421c3876d8d5c190710647b0f8487fde16d6", "250fde02ed82039d271893fb9c57c21566e1306885ffa0ab9ef1d76b8e637450", "4460c8d695928d9791c2c56caa4f4d7f4e89b2f5f79f6cfd3f4104513c7b0caf", "4a3ea8cc597c3dc0f78ac61c7cb05cdf3b6f4fc583a041611eafa10ad48775e7", "5148c0ea49147b1ad5b61fdb21690b36a8df66cd887c5f7a5860593e9cd33da6", "5bcdb4fef1ef0db979cc431233e8ee60df86ff9a58dccb130b6cb14deaf20165", "5d4fafce265952687dc0457c9371e608ad495dcf34f9197dd111814fc0c12f16", "6025eb9ff332381ae1b18ce3fabe0604f01fe42b313ea8ac0525dd92f368330f", "6f7100b0a2575c3f4c6830642168a8dd9dfc779c5adb58959958bad267e1d2c6", "708f61e53aff6e67f8cb80e4267d4030ef0744dc5517a979d5ac4ca098a0c271", "748fadc2257b32a766624b33448b2c665f627ab4783e5364f8b6de9be6fb4595", "76b0732dbca956b771375e08286e64791b5151951df75c3333d330c3fc64b5ad", "892e127dea47acb58bdcf6dcbba6d1c0825578e17eda71aeca70753ca1392d87", "978ee0b56f6aa31b0f09a1558c9712d187910e7f88e6b1cccaf91c6353fc951b", "a30850408cd40360a1d146dd6523e3abe9eb077076f00030d6f4cb854144300e", "a9e66a3df0d91547902987d153025a1db11c40eb69ab34941ceba3e69edff825", "cb06c7223d2180727a5367df89303aa6477ab7dab6c0fd8e8a1fe64da2eae4d3", "d2ab5a17cb955c177a73f6dee869140bf30ae2c6211bf22e62d4bd3069f87fef", "d73d7848785595c34dea1a57ddaf4c83bdcd17e1deae76750856454215e9e369", "e1efa5a4e2d6e7b4dd1bb810b702de584a27cecadc6ee3d9c52bf602837536cd", "e23251582f9c3bff3b9e08303b9715c004db7235ca09c6888fe7673acba251f7", "e94a7c984848c929bafaba780216e6f83ea4e02641f7feecbf3e08792882e20d", "f6b24b4f953a12a464c11c8c6eea113c7da1d447ed9a9c39754d26bb1de15f6b", "ff8f64ba99905d7afb1bc98ec5dc64611bb73d508c8f6c40c26e30d2a61306b1"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINLOGON", "value_name": "Userinit"}]}, "reports_count": 25}, "exprev": [], "info": {"origin": "Cisco Talos Intelligence Group", "publication_date": "2023-03-24T15:45:30+00:00", "version": "2.1", "warning": "As a reminder, the information provided for the following threatsin this post is non-exhaustive and current as of the date ofpublication. Additionally, please keep in mind that IOC searchingis only one part of threat hunting. Spotting a single IOC does notnecessarily indicate maliciousness. Detection and coverage for thefollowing threats is subject to updates, pending additional threator vulnerability analysis. For the most current information, pleaserefer to your Firepower Management Center, Snort.org, or ClamAV.net."}, "signatures": ["Win.Dropper.Bifrost-9993163-0", "Win.Dropper.Tofsee-9993367-0", "Win.Dropper.Cerber-9993689-0", "Win.Trojan.DarkComet-9993855-1", "Win.Packed.Zusy-9993358-0", "Win.Packed.Upatre-9993687-0", "Win.Dropper.LokiBot-9993959-0", "Win.Virus.Ramnit-9993699-0"]}