{"Win.Dropper.HawkEye-9995256-0": {"bis": [{"bi": "memory-execute-readwrite", "hashes": ["c6d48bba55f820d2845e6895edee07daeaef65f5863774d8c29c317671eb8cda", "32801325c6a7e2512338c52618569bfe42e0ccc414ad8403478e832c621872c9", "3e4e4cd4d9b33b20816288baa2715c5b44b1e750e27b49cbd6d3f9f806ca8001", "75168296430a81c1b6a07ec4ae998b2b9e8ce8dc6de4f7c6eb35af4d50458813", "32e33f3283cbb118ab9cb4bac65e9207fb19472ac0526c1ccde3c09dfbe07007", "898cc0800c85027161e26481160bd83544fa7ade222233e2b2552e00ed899e71", "36fb3d0e48ee960deeb4d88fe7c1f8c1ad3315eec57c95113ac1fee0afcf2d6e", "a584ee3d48e013bee43f2428dde6d75943f4623f46aa7301f1b1287d778ae0de", "971d009ff009864f116e9d169aa28b4f74cacc6af1aa6fd66076657b74ddbc85", "96a7a364a472cedfa586ed85f268ac9e066212c063634af76f8385a50f1fd55f", "c8d941639c1a5ae652058a3a2eb0717f3f3a5a1950496c4371f196c27ca6dafe", "a394d5606596a74e223108ad2f534d8cb211299a0d6d90c73c462c3afc5d3a45", "c0ea1cf0aee4fb81d4964f80e6bb717a9129df23a00f0925e72280bf49025338", "c55dfa3f8e4df552dc3234902b76ba3b2b1e9ebb1702f01f86e88ac1271f7793", "7039f7b53d740f9d27da784b3dbbff127c8e4926af4517c77a884d8d3e22455e", "c72e21494340dea02f5d4ad2ea0d02f008b27034ad368ac884c38ff4fe52ba9c", "b0f148376f721ed74f252e36ac7045b6f7beb571ed131d39f1ba06c3fa8c15f4", "a71e76ced9e8a5e3a4fff02ac395f1966f21b5d3381a96ac8ff337f12f489306", "34234ccbab39e5876a404340e61f3772c0459c03a8bcb49ce81df08b5155300c", "287a6c0f58a354b6fbbce18d6d2bdf9082a0fb15c293b215c428977cd2ba5844", "9a6a56ae7799714a9ff7d2582881ce2d576a5554b003480c43a6832a1af02f91", "acbcbd598b758bd6de681b96dfd81ef2028a82e66064f21856a6587b50765783", "8d2241b4be30e2fefa1c97f6017aab6880ef77fad41698e45a3674f207dd3c4e", "6886bb95013a9f916fbbde507c721a2df5863b077f37bd20097e0fe43772dc12", "cb06dbb74a77f5ca77b82b184c707a3666a6c813a6cac2b8c699a5c86e3ca0e7"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["c6d48bba55f820d2845e6895edee07daeaef65f5863774d8c29c317671eb8cda", "32801325c6a7e2512338c52618569bfe42e0ccc414ad8403478e832c621872c9", "3e4e4cd4d9b33b20816288baa2715c5b44b1e750e27b49cbd6d3f9f806ca8001", "75168296430a81c1b6a07ec4ae998b2b9e8ce8dc6de4f7c6eb35af4d50458813", "32e33f3283cbb118ab9cb4bac65e9207fb19472ac0526c1ccde3c09dfbe07007", "898cc0800c85027161e26481160bd83544fa7ade222233e2b2552e00ed899e71", "36fb3d0e48ee960deeb4d88fe7c1f8c1ad3315eec57c95113ac1fee0afcf2d6e", "a584ee3d48e013bee43f2428dde6d75943f4623f46aa7301f1b1287d778ae0de", "971d009ff009864f116e9d169aa28b4f74cacc6af1aa6fd66076657b74ddbc85", "96a7a364a472cedfa586ed85f268ac9e066212c063634af76f8385a50f1fd55f", "c8d941639c1a5ae652058a3a2eb0717f3f3a5a1950496c4371f196c27ca6dafe", "a394d5606596a74e223108ad2f534d8cb211299a0d6d90c73c462c3afc5d3a45", "c0ea1cf0aee4fb81d4964f80e6bb717a9129df23a00f0925e72280bf49025338", "c55dfa3f8e4df552dc3234902b76ba3b2b1e9ebb1702f01f86e88ac1271f7793", "7039f7b53d740f9d27da784b3dbbff127c8e4926af4517c77a884d8d3e22455e", "c72e21494340dea02f5d4ad2ea0d02f008b27034ad368ac884c38ff4fe52ba9c", "b0f148376f721ed74f252e36ac7045b6f7beb571ed131d39f1ba06c3fa8c15f4", "a71e76ced9e8a5e3a4fff02ac395f1966f21b5d3381a96ac8ff337f12f489306", "34234ccbab39e5876a404340e61f3772c0459c03a8bcb49ce81df08b5155300c", "287a6c0f58a354b6fbbce18d6d2bdf9082a0fb15c293b215c428977cd2ba5844", "9a6a56ae7799714a9ff7d2582881ce2d576a5554b003480c43a6832a1af02f91", "acbcbd598b758bd6de681b96dfd81ef2028a82e66064f21856a6587b50765783", "8d2241b4be30e2fefa1c97f6017aab6880ef77fad41698e45a3674f207dd3c4e", "6886bb95013a9f916fbbde507c721a2df5863b077f37bd20097e0fe43772dc12", "cb06dbb74a77f5ca77b82b184c707a3666a6c813a6cac2b8c699a5c86e3ca0e7"], "mitre_attack_tags": []}, {"bi": "pe-invalid-checksum", "hashes": ["c6d48bba55f820d2845e6895edee07daeaef65f5863774d8c29c317671eb8cda", "32801325c6a7e2512338c52618569bfe42e0ccc414ad8403478e832c621872c9", "3e4e4cd4d9b33b20816288baa2715c5b44b1e750e27b49cbd6d3f9f806ca8001", "75168296430a81c1b6a07ec4ae998b2b9e8ce8dc6de4f7c6eb35af4d50458813", "32e33f3283cbb118ab9cb4bac65e9207fb19472ac0526c1ccde3c09dfbe07007", "898cc0800c85027161e26481160bd83544fa7ade222233e2b2552e00ed899e71", "36fb3d0e48ee960deeb4d88fe7c1f8c1ad3315eec57c95113ac1fee0afcf2d6e", "a584ee3d48e013bee43f2428dde6d75943f4623f46aa7301f1b1287d778ae0de", "971d009ff009864f116e9d169aa28b4f74cacc6af1aa6fd66076657b74ddbc85", "96a7a364a472cedfa586ed85f268ac9e066212c063634af76f8385a50f1fd55f", "c8d941639c1a5ae652058a3a2eb0717f3f3a5a1950496c4371f196c27ca6dafe", "a394d5606596a74e223108ad2f534d8cb211299a0d6d90c73c462c3afc5d3a45", "c0ea1cf0aee4fb81d4964f80e6bb717a9129df23a00f0925e72280bf49025338", "c55dfa3f8e4df552dc3234902b76ba3b2b1e9ebb1702f01f86e88ac1271f7793", "7039f7b53d740f9d27da784b3dbbff127c8e4926af4517c77a884d8d3e22455e", "c72e21494340dea02f5d4ad2ea0d02f008b27034ad368ac884c38ff4fe52ba9c", "b0f148376f721ed74f252e36ac7045b6f7beb571ed131d39f1ba06c3fa8c15f4", "a71e76ced9e8a5e3a4fff02ac395f1966f21b5d3381a96ac8ff337f12f489306", "34234ccbab39e5876a404340e61f3772c0459c03a8bcb49ce81df08b5155300c", "287a6c0f58a354b6fbbce18d6d2bdf9082a0fb15c293b215c428977cd2ba5844", "9a6a56ae7799714a9ff7d2582881ce2d576a5554b003480c43a6832a1af02f91", "acbcbd598b758bd6de681b96dfd81ef2028a82e66064f21856a6587b50765783", "8d2241b4be30e2fefa1c97f6017aab6880ef77fad41698e45a3674f207dd3c4e", "6886bb95013a9f916fbbde507c721a2df5863b077f37bd20097e0fe43772dc12", "cb06dbb74a77f5ca77b82b184c707a3666a6c813a6cac2b8c699a5c86e3ca0e7"], "mitre_attack_tags": []}, {"bi": "pe-uses-visual-basic", "hashes": ["c6d48bba55f820d2845e6895edee07daeaef65f5863774d8c29c317671eb8cda", "32801325c6a7e2512338c52618569bfe42e0ccc414ad8403478e832c621872c9", "3e4e4cd4d9b33b20816288baa2715c5b44b1e750e27b49cbd6d3f9f806ca8001", "75168296430a81c1b6a07ec4ae998b2b9e8ce8dc6de4f7c6eb35af4d50458813", "32e33f3283cbb118ab9cb4bac65e9207fb19472ac0526c1ccde3c09dfbe07007", "898cc0800c85027161e26481160bd83544fa7ade222233e2b2552e00ed899e71", "36fb3d0e48ee960deeb4d88fe7c1f8c1ad3315eec57c95113ac1fee0afcf2d6e", "a584ee3d48e013bee43f2428dde6d75943f4623f46aa7301f1b1287d778ae0de", "971d009ff009864f116e9d169aa28b4f74cacc6af1aa6fd66076657b74ddbc85", "96a7a364a472cedfa586ed85f268ac9e066212c063634af76f8385a50f1fd55f", "c8d941639c1a5ae652058a3a2eb0717f3f3a5a1950496c4371f196c27ca6dafe", "a394d5606596a74e223108ad2f534d8cb211299a0d6d90c73c462c3afc5d3a45", "c0ea1cf0aee4fb81d4964f80e6bb717a9129df23a00f0925e72280bf49025338", "c55dfa3f8e4df552dc3234902b76ba3b2b1e9ebb1702f01f86e88ac1271f7793", "7039f7b53d740f9d27da784b3dbbff127c8e4926af4517c77a884d8d3e22455e", "c72e21494340dea02f5d4ad2ea0d02f008b27034ad368ac884c38ff4fe52ba9c", "b0f148376f721ed74f252e36ac7045b6f7beb571ed131d39f1ba06c3fa8c15f4", "a71e76ced9e8a5e3a4fff02ac395f1966f21b5d3381a96ac8ff337f12f489306", "34234ccbab39e5876a404340e61f3772c0459c03a8bcb49ce81df08b5155300c", "287a6c0f58a354b6fbbce18d6d2bdf9082a0fb15c293b215c428977cd2ba5844", "9a6a56ae7799714a9ff7d2582881ce2d576a5554b003480c43a6832a1af02f91", "acbcbd598b758bd6de681b96dfd81ef2028a82e66064f21856a6587b50765783", "8d2241b4be30e2fefa1c97f6017aab6880ef77fad41698e45a3674f207dd3c4e", "6886bb95013a9f916fbbde507c721a2df5863b077f37bd20097e0fe43772dc12", "cb06dbb74a77f5ca77b82b184c707a3666a6c813a6cac2b8c699a5c86e3ca0e7"], "mitre_attack_tags": []}, {"bi": "modified-file-in-user-dir", "hashes": ["32801325c6a7e2512338c52618569bfe42e0ccc414ad8403478e832c621872c9", "3e4e4cd4d9b33b20816288baa2715c5b44b1e750e27b49cbd6d3f9f806ca8001", "75168296430a81c1b6a07ec4ae998b2b9e8ce8dc6de4f7c6eb35af4d50458813", "32e33f3283cbb118ab9cb4bac65e9207fb19472ac0526c1ccde3c09dfbe07007", "898cc0800c85027161e26481160bd83544fa7ade222233e2b2552e00ed899e71", "36fb3d0e48ee960deeb4d88fe7c1f8c1ad3315eec57c95113ac1fee0afcf2d6e", "a584ee3d48e013bee43f2428dde6d75943f4623f46aa7301f1b1287d778ae0de", "971d009ff009864f116e9d169aa28b4f74cacc6af1aa6fd66076657b74ddbc85", "96a7a364a472cedfa586ed85f268ac9e066212c063634af76f8385a50f1fd55f", "c8d941639c1a5ae652058a3a2eb0717f3f3a5a1950496c4371f196c27ca6dafe", "a394d5606596a74e223108ad2f534d8cb211299a0d6d90c73c462c3afc5d3a45", "c0ea1cf0aee4fb81d4964f80e6bb717a9129df23a00f0925e72280bf49025338", "c55dfa3f8e4df552dc3234902b76ba3b2b1e9ebb1702f01f86e88ac1271f7793", "7039f7b53d740f9d27da784b3dbbff127c8e4926af4517c77a884d8d3e22455e", "c72e21494340dea02f5d4ad2ea0d02f008b27034ad368ac884c38ff4fe52ba9c", "b0f148376f721ed74f252e36ac7045b6f7beb571ed131d39f1ba06c3fa8c15f4", "a71e76ced9e8a5e3a4fff02ac395f1966f21b5d3381a96ac8ff337f12f489306", "34234ccbab39e5876a404340e61f3772c0459c03a8bcb49ce81df08b5155300c", "287a6c0f58a354b6fbbce18d6d2bdf9082a0fb15c293b215c428977cd2ba5844", "9a6a56ae7799714a9ff7d2582881ce2d576a5554b003480c43a6832a1af02f91", "acbcbd598b758bd6de681b96dfd81ef2028a82e66064f21856a6587b50765783", "8d2241b4be30e2fefa1c97f6017aab6880ef77fad41698e45a3674f207dd3c4e", "6886bb95013a9f916fbbde507c721a2df5863b077f37bd20097e0fe43772dc12", "cb06dbb74a77f5ca77b82b184c707a3666a6c813a6cac2b8c699a5c86e3ca0e7"], "mitre_attack_tags": []}, {"bi": "excessive-foreign-memory-modification", "hashes": ["c6d48bba55f820d2845e6895edee07daeaef65f5863774d8c29c317671eb8cda", "32801325c6a7e2512338c52618569bfe42e0ccc414ad8403478e832c621872c9", "3e4e4cd4d9b33b20816288baa2715c5b44b1e750e27b49cbd6d3f9f806ca8001", "75168296430a81c1b6a07ec4ae998b2b9e8ce8dc6de4f7c6eb35af4d50458813", "32e33f3283cbb118ab9cb4bac65e9207fb19472ac0526c1ccde3c09dfbe07007", "898cc0800c85027161e26481160bd83544fa7ade222233e2b2552e00ed899e71", "36fb3d0e48ee960deeb4d88fe7c1f8c1ad3315eec57c95113ac1fee0afcf2d6e", "a584ee3d48e013bee43f2428dde6d75943f4623f46aa7301f1b1287d778ae0de", "971d009ff009864f116e9d169aa28b4f74cacc6af1aa6fd66076657b74ddbc85", "96a7a364a472cedfa586ed85f268ac9e066212c063634af76f8385a50f1fd55f", "c8d941639c1a5ae652058a3a2eb0717f3f3a5a1950496c4371f196c27ca6dafe", "a394d5606596a74e223108ad2f534d8cb211299a0d6d90c73c462c3afc5d3a45", "c0ea1cf0aee4fb81d4964f80e6bb717a9129df23a00f0925e72280bf49025338", "c55dfa3f8e4df552dc3234902b76ba3b2b1e9ebb1702f01f86e88ac1271f7793", "7039f7b53d740f9d27da784b3dbbff127c8e4926af4517c77a884d8d3e22455e", "c72e21494340dea02f5d4ad2ea0d02f008b27034ad368ac884c38ff4fe52ba9c", "b0f148376f721ed74f252e36ac7045b6f7beb571ed131d39f1ba06c3fa8c15f4", "34234ccbab39e5876a404340e61f3772c0459c03a8bcb49ce81df08b5155300c", "287a6c0f58a354b6fbbce18d6d2bdf9082a0fb15c293b215c428977cd2ba5844", "acbcbd598b758bd6de681b96dfd81ef2028a82e66064f21856a6587b50765783", "8d2241b4be30e2fefa1c97f6017aab6880ef77fad41698e45a3674f207dd3c4e", "6886bb95013a9f916fbbde507c721a2df5863b077f37bd20097e0fe43772dc12", "cb06dbb74a77f5ca77b82b184c707a3666a6c813a6cac2b8c699a5c86e3ca0e7"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "modified-executable", "hashes": ["32801325c6a7e2512338c52618569bfe42e0ccc414ad8403478e832c621872c9", "3e4e4cd4d9b33b20816288baa2715c5b44b1e750e27b49cbd6d3f9f806ca8001", "75168296430a81c1b6a07ec4ae998b2b9e8ce8dc6de4f7c6eb35af4d50458813", "32e33f3283cbb118ab9cb4bac65e9207fb19472ac0526c1ccde3c09dfbe07007", "36fb3d0e48ee960deeb4d88fe7c1f8c1ad3315eec57c95113ac1fee0afcf2d6e", "a584ee3d48e013bee43f2428dde6d75943f4623f46aa7301f1b1287d778ae0de", "971d009ff009864f116e9d169aa28b4f74cacc6af1aa6fd66076657b74ddbc85", "96a7a364a472cedfa586ed85f268ac9e066212c063634af76f8385a50f1fd55f", "c8d941639c1a5ae652058a3a2eb0717f3f3a5a1950496c4371f196c27ca6dafe", "a394d5606596a74e223108ad2f534d8cb211299a0d6d90c73c462c3afc5d3a45", "c0ea1cf0aee4fb81d4964f80e6bb717a9129df23a00f0925e72280bf49025338", "c55dfa3f8e4df552dc3234902b76ba3b2b1e9ebb1702f01f86e88ac1271f7793", "7039f7b53d740f9d27da784b3dbbff127c8e4926af4517c77a884d8d3e22455e", "c72e21494340dea02f5d4ad2ea0d02f008b27034ad368ac884c38ff4fe52ba9c", "b0f148376f721ed74f252e36ac7045b6f7beb571ed131d39f1ba06c3fa8c15f4", "34234ccbab39e5876a404340e61f3772c0459c03a8bcb49ce81df08b5155300c", "287a6c0f58a354b6fbbce18d6d2bdf9082a0fb15c293b215c428977cd2ba5844", "9a6a56ae7799714a9ff7d2582881ce2d576a5554b003480c43a6832a1af02f91", "acbcbd598b758bd6de681b96dfd81ef2028a82e66064f21856a6587b50765783", "8d2241b4be30e2fefa1c97f6017aab6880ef77fad41698e45a3674f207dd3c4e", "6886bb95013a9f916fbbde507c721a2df5863b077f37bd20097e0fe43772dc12", "cb06dbb74a77f5ca77b82b184c707a3666a6c813a6cac2b8c699a5c86e3ca0e7"], "mitre_attack_tags": []}, {"bi": "created-executable-in-user-dir", "hashes": ["32801325c6a7e2512338c52618569bfe42e0ccc414ad8403478e832c621872c9", "75168296430a81c1b6a07ec4ae998b2b9e8ce8dc6de4f7c6eb35af4d50458813", "32e33f3283cbb118ab9cb4bac65e9207fb19472ac0526c1ccde3c09dfbe07007", "36fb3d0e48ee960deeb4d88fe7c1f8c1ad3315eec57c95113ac1fee0afcf2d6e", "a584ee3d48e013bee43f2428dde6d75943f4623f46aa7301f1b1287d778ae0de", "971d009ff009864f116e9d169aa28b4f74cacc6af1aa6fd66076657b74ddbc85", "96a7a364a472cedfa586ed85f268ac9e066212c063634af76f8385a50f1fd55f", "c8d941639c1a5ae652058a3a2eb0717f3f3a5a1950496c4371f196c27ca6dafe", "a394d5606596a74e223108ad2f534d8cb211299a0d6d90c73c462c3afc5d3a45", "c0ea1cf0aee4fb81d4964f80e6bb717a9129df23a00f0925e72280bf49025338", "c55dfa3f8e4df552dc3234902b76ba3b2b1e9ebb1702f01f86e88ac1271f7793", "c72e21494340dea02f5d4ad2ea0d02f008b27034ad368ac884c38ff4fe52ba9c", "b0f148376f721ed74f252e36ac7045b6f7beb571ed131d39f1ba06c3fa8c15f4", "34234ccbab39e5876a404340e61f3772c0459c03a8bcb49ce81df08b5155300c", "287a6c0f58a354b6fbbce18d6d2bdf9082a0fb15c293b215c428977cd2ba5844", "9a6a56ae7799714a9ff7d2582881ce2d576a5554b003480c43a6832a1af02f91", "acbcbd598b758bd6de681b96dfd81ef2028a82e66064f21856a6587b50765783", "8d2241b4be30e2fefa1c97f6017aab6880ef77fad41698e45a3674f207dd3c4e", "6886bb95013a9f916fbbde507c721a2df5863b077f37bd20097e0fe43772dc12", "cb06dbb74a77f5ca77b82b184c707a3666a6c813a6cac2b8c699a5c86e3ca0e7"], "mitre_attack_tags": []}, {"bi": "registry-autorun-key-modified", "hashes": ["32801325c6a7e2512338c52618569bfe42e0ccc414ad8403478e832c621872c9", "3e4e4cd4d9b33b20816288baa2715c5b44b1e750e27b49cbd6d3f9f806ca8001", "75168296430a81c1b6a07ec4ae998b2b9e8ce8dc6de4f7c6eb35af4d50458813", "32e33f3283cbb118ab9cb4bac65e9207fb19472ac0526c1ccde3c09dfbe07007", "36fb3d0e48ee960deeb4d88fe7c1f8c1ad3315eec57c95113ac1fee0afcf2d6e", "a394d5606596a74e223108ad2f534d8cb211299a0d6d90c73c462c3afc5d3a45", "c0ea1cf0aee4fb81d4964f80e6bb717a9129df23a00f0925e72280bf49025338", "7039f7b53d740f9d27da784b3dbbff127c8e4926af4517c77a884d8d3e22455e", "c72e21494340dea02f5d4ad2ea0d02f008b27034ad368ac884c38ff4fe52ba9c", "b0f148376f721ed74f252e36ac7045b6f7beb571ed131d39f1ba06c3fa8c15f4", "a71e76ced9e8a5e3a4fff02ac395f1966f21b5d3381a96ac8ff337f12f489306", "34234ccbab39e5876a404340e61f3772c0459c03a8bcb49ce81df08b5155300c", "287a6c0f58a354b6fbbce18d6d2bdf9082a0fb15c293b215c428977cd2ba5844", "9a6a56ae7799714a9ff7d2582881ce2d576a5554b003480c43a6832a1af02f91", "acbcbd598b758bd6de681b96dfd81ef2028a82e66064f21856a6587b50765783", "8d2241b4be30e2fefa1c97f6017aab6880ef77fad41698e45a3674f207dd3c4e", "6886bb95013a9f916fbbde507c721a2df5863b077f37bd20097e0fe43772dc12", "cb06dbb74a77f5ca77b82b184c707a3666a6c813a6cac2b8c699a5c86e3ca0e7"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "pe-encrypted-section", "hashes": ["898cc0800c85027161e26481160bd83544fa7ade222233e2b2552e00ed899e71", "36fb3d0e48ee960deeb4d88fe7c1f8c1ad3315eec57c95113ac1fee0afcf2d6e", "a584ee3d48e013bee43f2428dde6d75943f4623f46aa7301f1b1287d778ae0de", "971d009ff009864f116e9d169aa28b4f74cacc6af1aa6fd66076657b74ddbc85", "96a7a364a472cedfa586ed85f268ac9e066212c063634af76f8385a50f1fd55f", "c8d941639c1a5ae652058a3a2eb0717f3f3a5a1950496c4371f196c27ca6dafe", "a394d5606596a74e223108ad2f534d8cb211299a0d6d90c73c462c3afc5d3a45", "c0ea1cf0aee4fb81d4964f80e6bb717a9129df23a00f0925e72280bf49025338", "c55dfa3f8e4df552dc3234902b76ba3b2b1e9ebb1702f01f86e88ac1271f7793", "c72e21494340dea02f5d4ad2ea0d02f008b27034ad368ac884c38ff4fe52ba9c", "b0f148376f721ed74f252e36ac7045b6f7beb571ed131d39f1ba06c3fa8c15f4", "287a6c0f58a354b6fbbce18d6d2bdf9082a0fb15c293b215c428977cd2ba5844", "9a6a56ae7799714a9ff7d2582881ce2d576a5554b003480c43a6832a1af02f91", "acbcbd598b758bd6de681b96dfd81ef2028a82e66064f21856a6587b50765783", "8d2241b4be30e2fefa1c97f6017aab6880ef77fad41698e45a3674f207dd3c4e", "6886bb95013a9f916fbbde507c721a2df5863b077f37bd20097e0fe43772dc12", "cb06dbb74a77f5ca77b82b184c707a3666a6c813a6cac2b8c699a5c86e3ca0e7"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "feed-domain-antivirus-service", "hashes": ["c6d48bba55f820d2845e6895edee07daeaef65f5863774d8c29c317671eb8cda", "75168296430a81c1b6a07ec4ae998b2b9e8ce8dc6de4f7c6eb35af4d50458813", "898cc0800c85027161e26481160bd83544fa7ade222233e2b2552e00ed899e71", "36fb3d0e48ee960deeb4d88fe7c1f8c1ad3315eec57c95113ac1fee0afcf2d6e", "a584ee3d48e013bee43f2428dde6d75943f4623f46aa7301f1b1287d778ae0de", "971d009ff009864f116e9d169aa28b4f74cacc6af1aa6fd66076657b74ddbc85", "96a7a364a472cedfa586ed85f268ac9e066212c063634af76f8385a50f1fd55f", "c8d941639c1a5ae652058a3a2eb0717f3f3a5a1950496c4371f196c27ca6dafe", "c0ea1cf0aee4fb81d4964f80e6bb717a9129df23a00f0925e72280bf49025338", "c55dfa3f8e4df552dc3234902b76ba3b2b1e9ebb1702f01f86e88ac1271f7793", "b0f148376f721ed74f252e36ac7045b6f7beb571ed131d39f1ba06c3fa8c15f4", "34234ccbab39e5876a404340e61f3772c0459c03a8bcb49ce81df08b5155300c", "287a6c0f58a354b6fbbce18d6d2bdf9082a0fb15c293b215c428977cd2ba5844", "8d2241b4be30e2fefa1c97f6017aab6880ef77fad41698e45a3674f207dd3c4e", "6886bb95013a9f916fbbde507c721a2df5863b077f37bd20097e0fe43772dc12", "cb06dbb74a77f5ca77b82b184c707a3666a6c813a6cac2b8c699a5c86e3ca0e7"], "mitre_attack_tags": []}, {"bi": "antivirus-flagged-artifact", "hashes": ["c6d48bba55f820d2845e6895edee07daeaef65f5863774d8c29c317671eb8cda", "32801325c6a7e2512338c52618569bfe42e0ccc414ad8403478e832c621872c9", "3e4e4cd4d9b33b20816288baa2715c5b44b1e750e27b49cbd6d3f9f806ca8001", "75168296430a81c1b6a07ec4ae998b2b9e8ce8dc6de4f7c6eb35af4d50458813", "36fb3d0e48ee960deeb4d88fe7c1f8c1ad3315eec57c95113ac1fee0afcf2d6e", "a394d5606596a74e223108ad2f534d8cb211299a0d6d90c73c462c3afc5d3a45", "c0ea1cf0aee4fb81d4964f80e6bb717a9129df23a00f0925e72280bf49025338", "7039f7b53d740f9d27da784b3dbbff127c8e4926af4517c77a884d8d3e22455e", "c72e21494340dea02f5d4ad2ea0d02f008b27034ad368ac884c38ff4fe52ba9c", "b0f148376f721ed74f252e36ac7045b6f7beb571ed131d39f1ba06c3fa8c15f4", "287a6c0f58a354b6fbbce18d6d2bdf9082a0fb15c293b215c428977cd2ba5844", "acbcbd598b758bd6de681b96dfd81ef2028a82e66064f21856a6587b50765783", "8d2241b4be30e2fefa1c97f6017aab6880ef77fad41698e45a3674f207dd3c4e", "6886bb95013a9f916fbbde507c721a2df5863b077f37bd20097e0fe43772dc12", "cb06dbb74a77f5ca77b82b184c707a3666a6c813a6cac2b8c699a5c86e3ca0e7"], "mitre_attack_tags": []}, {"bi": "malware-known-trojan-av", "hashes": ["c6d48bba55f820d2845e6895edee07daeaef65f5863774d8c29c317671eb8cda", "32801325c6a7e2512338c52618569bfe42e0ccc414ad8403478e832c621872c9", "3e4e4cd4d9b33b20816288baa2715c5b44b1e750e27b49cbd6d3f9f806ca8001", "75168296430a81c1b6a07ec4ae998b2b9e8ce8dc6de4f7c6eb35af4d50458813", "36fb3d0e48ee960deeb4d88fe7c1f8c1ad3315eec57c95113ac1fee0afcf2d6e", "a394d5606596a74e223108ad2f534d8cb211299a0d6d90c73c462c3afc5d3a45", "c0ea1cf0aee4fb81d4964f80e6bb717a9129df23a00f0925e72280bf49025338", "7039f7b53d740f9d27da784b3dbbff127c8e4926af4517c77a884d8d3e22455e", "c72e21494340dea02f5d4ad2ea0d02f008b27034ad368ac884c38ff4fe52ba9c", "b0f148376f721ed74f252e36ac7045b6f7beb571ed131d39f1ba06c3fa8c15f4", "287a6c0f58a354b6fbbce18d6d2bdf9082a0fb15c293b215c428977cd2ba5844", "acbcbd598b758bd6de681b96dfd81ef2028a82e66064f21856a6587b50765783", "8d2241b4be30e2fefa1c97f6017aab6880ef77fad41698e45a3674f207dd3c4e", "6886bb95013a9f916fbbde507c721a2df5863b077f37bd20097e0fe43772dc12", "cb06dbb74a77f5ca77b82b184c707a3666a6c813a6cac2b8c699a5c86e3ca0e7"], "mitre_attack_tags": []}, {"bi": "sample-launched-copy-of-self", "hashes": ["c6d48bba55f820d2845e6895edee07daeaef65f5863774d8c29c317671eb8cda", "3e4e4cd4d9b33b20816288baa2715c5b44b1e750e27b49cbd6d3f9f806ca8001", "32e33f3283cbb118ab9cb4bac65e9207fb19472ac0526c1ccde3c09dfbe07007", "898cc0800c85027161e26481160bd83544fa7ade222233e2b2552e00ed899e71", "a584ee3d48e013bee43f2428dde6d75943f4623f46aa7301f1b1287d778ae0de", "971d009ff009864f116e9d169aa28b4f74cacc6af1aa6fd66076657b74ddbc85", "96a7a364a472cedfa586ed85f268ac9e066212c063634af76f8385a50f1fd55f", "c8d941639c1a5ae652058a3a2eb0717f3f3a5a1950496c4371f196c27ca6dafe", "a394d5606596a74e223108ad2f534d8cb211299a0d6d90c73c462c3afc5d3a45", "c55dfa3f8e4df552dc3234902b76ba3b2b1e9ebb1702f01f86e88ac1271f7793", "7039f7b53d740f9d27da784b3dbbff127c8e4926af4517c77a884d8d3e22455e", "c72e21494340dea02f5d4ad2ea0d02f008b27034ad368ac884c38ff4fe52ba9c", "acbcbd598b758bd6de681b96dfd81ef2028a82e66064f21856a6587b50765783"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "files-created-vbs", "hashes": ["32801325c6a7e2512338c52618569bfe42e0ccc414ad8403478e832c621872c9", "75168296430a81c1b6a07ec4ae998b2b9e8ce8dc6de4f7c6eb35af4d50458813", "36fb3d0e48ee960deeb4d88fe7c1f8c1ad3315eec57c95113ac1fee0afcf2d6e", "c0ea1cf0aee4fb81d4964f80e6bb717a9129df23a00f0925e72280bf49025338", "b0f148376f721ed74f252e36ac7045b6f7beb571ed131d39f1ba06c3fa8c15f4", "a71e76ced9e8a5e3a4fff02ac395f1966f21b5d3381a96ac8ff337f12f489306", "34234ccbab39e5876a404340e61f3772c0459c03a8bcb49ce81df08b5155300c", "287a6c0f58a354b6fbbce18d6d2bdf9082a0fb15c293b215c428977cd2ba5844", "9a6a56ae7799714a9ff7d2582881ce2d576a5554b003480c43a6832a1af02f91", "8d2241b4be30e2fefa1c97f6017aab6880ef77fad41698e45a3674f207dd3c4e", "6886bb95013a9f916fbbde507c721a2df5863b077f37bd20097e0fe43772dc12", "cb06dbb74a77f5ca77b82b184c707a3666a6c813a6cac2b8c699a5c86e3ca0e7"], "mitre_attack_tags": ["TA0002", "T1059"]}, {"bi": "vbs-calls-shell", "hashes": ["32801325c6a7e2512338c52618569bfe42e0ccc414ad8403478e832c621872c9", "75168296430a81c1b6a07ec4ae998b2b9e8ce8dc6de4f7c6eb35af4d50458813", "36fb3d0e48ee960deeb4d88fe7c1f8c1ad3315eec57c95113ac1fee0afcf2d6e", "c0ea1cf0aee4fb81d4964f80e6bb717a9129df23a00f0925e72280bf49025338", "b0f148376f721ed74f252e36ac7045b6f7beb571ed131d39f1ba06c3fa8c15f4", "a71e76ced9e8a5e3a4fff02ac395f1966f21b5d3381a96ac8ff337f12f489306", "34234ccbab39e5876a404340e61f3772c0459c03a8bcb49ce81df08b5155300c", "287a6c0f58a354b6fbbce18d6d2bdf9082a0fb15c293b215c428977cd2ba5844", "9a6a56ae7799714a9ff7d2582881ce2d576a5554b003480c43a6832a1af02f91", "8d2241b4be30e2fefa1c97f6017aab6880ef77fad41698e45a3674f207dd3c4e", "6886bb95013a9f916fbbde507c721a2df5863b077f37bd20097e0fe43772dc12", "cb06dbb74a77f5ca77b82b184c707a3666a6c813a6cac2b8c699a5c86e3ca0e7"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "vbs-creates-and-runs", "hashes": ["32801325c6a7e2512338c52618569bfe42e0ccc414ad8403478e832c621872c9", "75168296430a81c1b6a07ec4ae998b2b9e8ce8dc6de4f7c6eb35af4d50458813", "36fb3d0e48ee960deeb4d88fe7c1f8c1ad3315eec57c95113ac1fee0afcf2d6e", "c0ea1cf0aee4fb81d4964f80e6bb717a9129df23a00f0925e72280bf49025338", "b0f148376f721ed74f252e36ac7045b6f7beb571ed131d39f1ba06c3fa8c15f4", "a71e76ced9e8a5e3a4fff02ac395f1966f21b5d3381a96ac8ff337f12f489306", "34234ccbab39e5876a404340e61f3772c0459c03a8bcb49ce81df08b5155300c", "287a6c0f58a354b6fbbce18d6d2bdf9082a0fb15c293b215c428977cd2ba5844", "9a6a56ae7799714a9ff7d2582881ce2d576a5554b003480c43a6832a1af02f91", "8d2241b4be30e2fefa1c97f6017aab6880ef77fad41698e45a3674f207dd3c4e", "6886bb95013a9f916fbbde507c721a2df5863b077f37bd20097e0fe43772dc12", "cb06dbb74a77f5ca77b82b184c707a3666a6c813a6cac2b8c699a5c86e3ca0e7"], "mitre_attack_tags": ["TA0002", "T1059"]}, {"bi": "process-windows-script-launched", "hashes": ["32801325c6a7e2512338c52618569bfe42e0ccc414ad8403478e832c621872c9", "75168296430a81c1b6a07ec4ae998b2b9e8ce8dc6de4f7c6eb35af4d50458813", "36fb3d0e48ee960deeb4d88fe7c1f8c1ad3315eec57c95113ac1fee0afcf2d6e", "c0ea1cf0aee4fb81d4964f80e6bb717a9129df23a00f0925e72280bf49025338", "b0f148376f721ed74f252e36ac7045b6f7beb571ed131d39f1ba06c3fa8c15f4", "a71e76ced9e8a5e3a4fff02ac395f1966f21b5d3381a96ac8ff337f12f489306", "34234ccbab39e5876a404340e61f3772c0459c03a8bcb49ce81df08b5155300c", "287a6c0f58a354b6fbbce18d6d2bdf9082a0fb15c293b215c428977cd2ba5844", "9a6a56ae7799714a9ff7d2582881ce2d576a5554b003480c43a6832a1af02f91", "8d2241b4be30e2fefa1c97f6017aab6880ef77fad41698e45a3674f207dd3c4e", "6886bb95013a9f916fbbde507c721a2df5863b077f37bd20097e0fe43772dc12", "cb06dbb74a77f5ca77b82b184c707a3666a6c813a6cac2b8c699a5c86e3ca0e7"], "mitre_attack_tags": ["TA0002", "T1059"]}, {"bi": "sample-pe-modified-on-disk", "hashes": ["32801325c6a7e2512338c52618569bfe42e0ccc414ad8403478e832c621872c9", "75168296430a81c1b6a07ec4ae998b2b9e8ce8dc6de4f7c6eb35af4d50458813", "36fb3d0e48ee960deeb4d88fe7c1f8c1ad3315eec57c95113ac1fee0afcf2d6e", "c0ea1cf0aee4fb81d4964f80e6bb717a9129df23a00f0925e72280bf49025338", "b0f148376f721ed74f252e36ac7045b6f7beb571ed131d39f1ba06c3fa8c15f4", "a71e76ced9e8a5e3a4fff02ac395f1966f21b5d3381a96ac8ff337f12f489306", "34234ccbab39e5876a404340e61f3772c0459c03a8bcb49ce81df08b5155300c", "287a6c0f58a354b6fbbce18d6d2bdf9082a0fb15c293b215c428977cd2ba5844", "9a6a56ae7799714a9ff7d2582881ce2d576a5554b003480c43a6832a1af02f91", "8d2241b4be30e2fefa1c97f6017aab6880ef77fad41698e45a3674f207dd3c4e", "6886bb95013a9f916fbbde507c721a2df5863b077f37bd20097e0fe43772dc12", "cb06dbb74a77f5ca77b82b184c707a3666a6c813a6cac2b8c699a5c86e3ca0e7"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "pe-filename-mismatch", "hashes": ["75168296430a81c1b6a07ec4ae998b2b9e8ce8dc6de4f7c6eb35af4d50458813", "36fb3d0e48ee960deeb4d88fe7c1f8c1ad3315eec57c95113ac1fee0afcf2d6e", "c0ea1cf0aee4fb81d4964f80e6bb717a9129df23a00f0925e72280bf49025338", "b0f148376f721ed74f252e36ac7045b6f7beb571ed131d39f1ba06c3fa8c15f4", "a71e76ced9e8a5e3a4fff02ac395f1966f21b5d3381a96ac8ff337f12f489306", "34234ccbab39e5876a404340e61f3772c0459c03a8bcb49ce81df08b5155300c", "287a6c0f58a354b6fbbce18d6d2bdf9082a0fb15c293b215c428977cd2ba5844", "9a6a56ae7799714a9ff7d2582881ce2d576a5554b003480c43a6832a1af02f91", "8d2241b4be30e2fefa1c97f6017aab6880ef77fad41698e45a3674f207dd3c4e", "6886bb95013a9f916fbbde507c721a2df5863b077f37bd20097e0fe43772dc12", "cb06dbb74a77f5ca77b82b184c707a3666a6c813a6cac2b8c699a5c86e3ca0e7"], "mitre_attack_tags": []}, {"bi": "feed-domain-rat", "hashes": ["c6d48bba55f820d2845e6895edee07daeaef65f5863774d8c29c317671eb8cda", "75168296430a81c1b6a07ec4ae998b2b9e8ce8dc6de4f7c6eb35af4d50458813", "36fb3d0e48ee960deeb4d88fe7c1f8c1ad3315eec57c95113ac1fee0afcf2d6e", "c0ea1cf0aee4fb81d4964f80e6bb717a9129df23a00f0925e72280bf49025338", "b0f148376f721ed74f252e36ac7045b6f7beb571ed131d39f1ba06c3fa8c15f4", "287a6c0f58a354b6fbbce18d6d2bdf9082a0fb15c293b215c428977cd2ba5844", "8d2241b4be30e2fefa1c97f6017aab6880ef77fad41698e45a3674f207dd3c4e", "6886bb95013a9f916fbbde507c721a2df5863b077f37bd20097e0fe43772dc12", "cb06dbb74a77f5ca77b82b184c707a3666a6c813a6cac2b8c699a5c86e3ca0e7"], "mitre_attack_tags": []}, {"bi": "process-hollowing-detected", "hashes": ["c6d48bba55f820d2845e6895edee07daeaef65f5863774d8c29c317671eb8cda", "32801325c6a7e2512338c52618569bfe42e0ccc414ad8403478e832c621872c9", "75168296430a81c1b6a07ec4ae998b2b9e8ce8dc6de4f7c6eb35af4d50458813", "898cc0800c85027161e26481160bd83544fa7ade222233e2b2552e00ed899e71", "a584ee3d48e013bee43f2428dde6d75943f4623f46aa7301f1b1287d778ae0de", "971d009ff009864f116e9d169aa28b4f74cacc6af1aa6fd66076657b74ddbc85", "96a7a364a472cedfa586ed85f268ac9e066212c063634af76f8385a50f1fd55f", "c8d941639c1a5ae652058a3a2eb0717f3f3a5a1950496c4371f196c27ca6dafe", "c55dfa3f8e4df552dc3234902b76ba3b2b1e9ebb1702f01f86e88ac1271f7793"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "network-opendns-malicious", "hashes": ["75168296430a81c1b6a07ec4ae998b2b9e8ce8dc6de4f7c6eb35af4d50458813", "36fb3d0e48ee960deeb4d88fe7c1f8c1ad3315eec57c95113ac1fee0afcf2d6e", "c0ea1cf0aee4fb81d4964f80e6bb717a9129df23a00f0925e72280bf49025338", "b0f148376f721ed74f252e36ac7045b6f7beb571ed131d39f1ba06c3fa8c15f4", "34234ccbab39e5876a404340e61f3772c0459c03a8bcb49ce81df08b5155300c", "287a6c0f58a354b6fbbce18d6d2bdf9082a0fb15c293b215c428977cd2ba5844", "8d2241b4be30e2fefa1c97f6017aab6880ef77fad41698e45a3674f207dd3c4e", "6886bb95013a9f916fbbde507c721a2df5863b077f37bd20097e0fe43772dc12", "cb06dbb74a77f5ca77b82b184c707a3666a6c813a6cac2b8c699a5c86e3ca0e7"], "mitre_attack_tags": []}, {"bi": "altered-sample-dns-flagged", "hashes": ["75168296430a81c1b6a07ec4ae998b2b9e8ce8dc6de4f7c6eb35af4d50458813", "36fb3d0e48ee960deeb4d88fe7c1f8c1ad3315eec57c95113ac1fee0afcf2d6e", "c0ea1cf0aee4fb81d4964f80e6bb717a9129df23a00f0925e72280bf49025338", "b0f148376f721ed74f252e36ac7045b6f7beb571ed131d39f1ba06c3fa8c15f4", "34234ccbab39e5876a404340e61f3772c0459c03a8bcb49ce81df08b5155300c", "287a6c0f58a354b6fbbce18d6d2bdf9082a0fb15c293b215c428977cd2ba5844", "8d2241b4be30e2fefa1c97f6017aab6880ef77fad41698e45a3674f207dd3c4e", "6886bb95013a9f916fbbde507c721a2df5863b077f37bd20097e0fe43772dc12", "cb06dbb74a77f5ca77b82b184c707a3666a6c813a6cac2b8c699a5c86e3ca0e7"], "mitre_attack_tags": ["TA0011", "T1102"]}, {"bi": "network-dns-category-phishing", "hashes": ["36fb3d0e48ee960deeb4d88fe7c1f8c1ad3315eec57c95113ac1fee0afcf2d6e", "c0ea1cf0aee4fb81d4964f80e6bb717a9129df23a00f0925e72280bf49025338", "b0f148376f721ed74f252e36ac7045b6f7beb571ed131d39f1ba06c3fa8c15f4", "34234ccbab39e5876a404340e61f3772c0459c03a8bcb49ce81df08b5155300c", "287a6c0f58a354b6fbbce18d6d2bdf9082a0fb15c293b215c428977cd2ba5844", "8d2241b4be30e2fefa1c97f6017aab6880ef77fad41698e45a3674f207dd3c4e", "6886bb95013a9f916fbbde507c721a2df5863b077f37bd20097e0fe43772dc12", "cb06dbb74a77f5ca77b82b184c707a3666a6c813a6cac2b8c699a5c86e3ca0e7"], "mitre_attack_tags": []}, {"bi": "malware-nanocore-artifact-detected", "hashes": ["32801325c6a7e2512338c52618569bfe42e0ccc414ad8403478e832c621872c9", "3e4e4cd4d9b33b20816288baa2715c5b44b1e750e27b49cbd6d3f9f806ca8001", "75168296430a81c1b6a07ec4ae998b2b9e8ce8dc6de4f7c6eb35af4d50458813", "a394d5606596a74e223108ad2f534d8cb211299a0d6d90c73c462c3afc5d3a45", "7039f7b53d740f9d27da784b3dbbff127c8e4926af4517c77a884d8d3e22455e", "c72e21494340dea02f5d4ad2ea0d02f008b27034ad368ac884c38ff4fe52ba9c", "acbcbd598b758bd6de681b96dfd81ef2028a82e66064f21856a6587b50765783"], "mitre_attack_tags": []}, {"bi": "process-check-zone-identifier", "hashes": ["32801325c6a7e2512338c52618569bfe42e0ccc414ad8403478e832c621872c9", "3e4e4cd4d9b33b20816288baa2715c5b44b1e750e27b49cbd6d3f9f806ca8001", "32e33f3283cbb118ab9cb4bac65e9207fb19472ac0526c1ccde3c09dfbe07007", "a394d5606596a74e223108ad2f534d8cb211299a0d6d90c73c462c3afc5d3a45", "7039f7b53d740f9d27da784b3dbbff127c8e4926af4517c77a884d8d3e22455e", "c72e21494340dea02f5d4ad2ea0d02f008b27034ad368ac884c38ff4fe52ba9c", "34234ccbab39e5876a404340e61f3772c0459c03a8bcb49ce81df08b5155300c"], "mitre_attack_tags": ["TA0007", "TA0005", "T1518", "T1553"]}, {"bi": "imports-IsDebuggerPresent", "hashes": ["32e33f3283cbb118ab9cb4bac65e9207fb19472ac0526c1ccde3c09dfbe07007", "a584ee3d48e013bee43f2428dde6d75943f4623f46aa7301f1b1287d778ae0de", "971d009ff009864f116e9d169aa28b4f74cacc6af1aa6fd66076657b74ddbc85", "96a7a364a472cedfa586ed85f268ac9e066212c063634af76f8385a50f1fd55f", "c8d941639c1a5ae652058a3a2eb0717f3f3a5a1950496c4371f196c27ca6dafe", "c55dfa3f8e4df552dc3234902b76ba3b2b1e9ebb1702f01f86e88ac1271f7793", "34234ccbab39e5876a404340e61f3772c0459c03a8bcb49ce81df08b5155300c"], "mitre_attack_tags": ["TA0005", "TA0007"]}, {"bi": "pe-imports-toolhelp", "hashes": ["32e33f3283cbb118ab9cb4bac65e9207fb19472ac0526c1ccde3c09dfbe07007", "a584ee3d48e013bee43f2428dde6d75943f4623f46aa7301f1b1287d778ae0de", "971d009ff009864f116e9d169aa28b4f74cacc6af1aa6fd66076657b74ddbc85", "96a7a364a472cedfa586ed85f268ac9e066212c063634af76f8385a50f1fd55f", "c8d941639c1a5ae652058a3a2eb0717f3f3a5a1950496c4371f196c27ca6dafe", "c55dfa3f8e4df552dc3234902b76ba3b2b1e9ebb1702f01f86e88ac1271f7793", "34234ccbab39e5876a404340e61f3772c0459c03a8bcb49ce81df08b5155300c"], "mitre_attack_tags": ["TA0007", "T1057"]}, {"bi": "hook-installed", "hashes": ["36fb3d0e48ee960deeb4d88fe7c1f8c1ad3315eec57c95113ac1fee0afcf2d6e", "c0ea1cf0aee4fb81d4964f80e6bb717a9129df23a00f0925e72280bf49025338", "b0f148376f721ed74f252e36ac7045b6f7beb571ed131d39f1ba06c3fa8c15f4", "287a6c0f58a354b6fbbce18d6d2bdf9082a0fb15c293b215c428977cd2ba5844", "8d2241b4be30e2fefa1c97f6017aab6880ef77fad41698e45a3674f207dd3c4e", "6886bb95013a9f916fbbde507c721a2df5863b077f37bd20097e0fe43772dc12", "cb06dbb74a77f5ca77b82b184c707a3666a6c813a6cac2b8c699a5c86e3ca0e7"], "mitre_attack_tags": ["TA0009", "TA0006", "T1056"]}, {"bi": "artifact-memory-vm-detect", "hashes": ["36fb3d0e48ee960deeb4d88fe7c1f8c1ad3315eec57c95113ac1fee0afcf2d6e", "c0ea1cf0aee4fb81d4964f80e6bb717a9129df23a00f0925e72280bf49025338", "b0f148376f721ed74f252e36ac7045b6f7beb571ed131d39f1ba06c3fa8c15f4", "287a6c0f58a354b6fbbce18d6d2bdf9082a0fb15c293b215c428977cd2ba5844", "8d2241b4be30e2fefa1c97f6017aab6880ef77fad41698e45a3674f207dd3c4e", "6886bb95013a9f916fbbde507c721a2df5863b077f37bd20097e0fe43772dc12", "cb06dbb74a77f5ca77b82b184c707a3666a6c813a6cac2b8c699a5c86e3ca0e7"], "mitre_attack_tags": ["TA0005", "TA0007", "T1497"]}, {"bi": "malware-darkcomet-detected", "hashes": ["36fb3d0e48ee960deeb4d88fe7c1f8c1ad3315eec57c95113ac1fee0afcf2d6e", "c0ea1cf0aee4fb81d4964f80e6bb717a9129df23a00f0925e72280bf49025338", "b0f148376f721ed74f252e36ac7045b6f7beb571ed131d39f1ba06c3fa8c15f4", "287a6c0f58a354b6fbbce18d6d2bdf9082a0fb15c293b215c428977cd2ba5844", "8d2241b4be30e2fefa1c97f6017aab6880ef77fad41698e45a3674f207dd3c4e", "6886bb95013a9f916fbbde507c721a2df5863b077f37bd20097e0fe43772dc12", "cb06dbb74a77f5ca77b82b184c707a3666a6c813a6cac2b8c699a5c86e3ca0e7"], "mitre_attack_tags": []}, {"bi": "malware-darkcomet-registry-detected", "hashes": ["36fb3d0e48ee960deeb4d88fe7c1f8c1ad3315eec57c95113ac1fee0afcf2d6e", "c0ea1cf0aee4fb81d4964f80e6bb717a9129df23a00f0925e72280bf49025338", "b0f148376f721ed74f252e36ac7045b6f7beb571ed131d39f1ba06c3fa8c15f4", "287a6c0f58a354b6fbbce18d6d2bdf9082a0fb15c293b215c428977cd2ba5844", "8d2241b4be30e2fefa1c97f6017aab6880ef77fad41698e45a3674f207dd3c4e", "6886bb95013a9f916fbbde507c721a2df5863b077f37bd20097e0fe43772dc12", "cb06dbb74a77f5ca77b82b184c707a3666a6c813a6cac2b8c699a5c86e3ca0e7"], "mitre_attack_tags": []}, {"bi": "malware-darkcomet-mutex-detected", "hashes": ["36fb3d0e48ee960deeb4d88fe7c1f8c1ad3315eec57c95113ac1fee0afcf2d6e", "c0ea1cf0aee4fb81d4964f80e6bb717a9129df23a00f0925e72280bf49025338", "b0f148376f721ed74f252e36ac7045b6f7beb571ed131d39f1ba06c3fa8c15f4", "287a6c0f58a354b6fbbce18d6d2bdf9082a0fb15c293b215c428977cd2ba5844", "8d2241b4be30e2fefa1c97f6017aab6880ef77fad41698e45a3674f207dd3c4e", "6886bb95013a9f916fbbde507c721a2df5863b077f37bd20097e0fe43772dc12", "cb06dbb74a77f5ca77b82b184c707a3666a6c813a6cac2b8c699a5c86e3ca0e7"], "mitre_attack_tags": []}, {"bi": "malware-adware-av", "hashes": ["36fb3d0e48ee960deeb4d88fe7c1f8c1ad3315eec57c95113ac1fee0afcf2d6e", "c0ea1cf0aee4fb81d4964f80e6bb717a9129df23a00f0925e72280bf49025338", "b0f148376f721ed74f252e36ac7045b6f7beb571ed131d39f1ba06c3fa8c15f4", "287a6c0f58a354b6fbbce18d6d2bdf9082a0fb15c293b215c428977cd2ba5844", "8d2241b4be30e2fefa1c97f6017aab6880ef77fad41698e45a3674f207dd3c4e", "6886bb95013a9f916fbbde507c721a2df5863b077f37bd20097e0fe43772dc12", "cb06dbb74a77f5ca77b82b184c707a3666a6c813a6cac2b8c699a5c86e3ca0e7"], "mitre_attack_tags": []}, {"bi": "modified-file-in-program-dir", "hashes": ["3e4e4cd4d9b33b20816288baa2715c5b44b1e750e27b49cbd6d3f9f806ca8001", "75168296430a81c1b6a07ec4ae998b2b9e8ce8dc6de4f7c6eb35af4d50458813", "a394d5606596a74e223108ad2f534d8cb211299a0d6d90c73c462c3afc5d3a45", "7039f7b53d740f9d27da784b3dbbff127c8e4926af4517c77a884d8d3e22455e", "c72e21494340dea02f5d4ad2ea0d02f008b27034ad368ac884c38ff4fe52ba9c", "acbcbd598b758bd6de681b96dfd81ef2028a82e66064f21856a6587b50765783"], "mitre_attack_tags": []}, {"bi": "network-communications-http-get", "hashes": ["32e33f3283cbb118ab9cb4bac65e9207fb19472ac0526c1ccde3c09dfbe07007", "a584ee3d48e013bee43f2428dde6d75943f4623f46aa7301f1b1287d778ae0de", "971d009ff009864f116e9d169aa28b4f74cacc6af1aa6fd66076657b74ddbc85", "96a7a364a472cedfa586ed85f268ac9e066212c063634af76f8385a50f1fd55f", "c8d941639c1a5ae652058a3a2eb0717f3f3a5a1950496c4371f196c27ca6dafe", "c55dfa3f8e4df552dc3234902b76ba3b2b1e9ebb1702f01f86e88ac1271f7793"], "mitre_attack_tags": ["TA0011", "T1105"]}, {"bi": "network-only-safe-domains-contacted", "hashes": ["32e33f3283cbb118ab9cb4bac65e9207fb19472ac0526c1ccde3c09dfbe07007", "a584ee3d48e013bee43f2428dde6d75943f4623f46aa7301f1b1287d778ae0de", "971d009ff009864f116e9d169aa28b4f74cacc6af1aa6fd66076657b74ddbc85", "96a7a364a472cedfa586ed85f268ac9e066212c063634af76f8385a50f1fd55f", "c8d941639c1a5ae652058a3a2eb0717f3f3a5a1950496c4371f196c27ca6dafe", "c55dfa3f8e4df552dc3234902b76ba3b2b1e9ebb1702f01f86e88ac1271f7793"], "mitre_attack_tags": []}, {"bi": "file-ini-read", "hashes": ["32e33f3283cbb118ab9cb4bac65e9207fb19472ac0526c1ccde3c09dfbe07007", "a584ee3d48e013bee43f2428dde6d75943f4623f46aa7301f1b1287d778ae0de", "971d009ff009864f116e9d169aa28b4f74cacc6af1aa6fd66076657b74ddbc85", "96a7a364a472cedfa586ed85f268ac9e066212c063634af76f8385a50f1fd55f", "c8d941639c1a5ae652058a3a2eb0717f3f3a5a1950496c4371f196c27ca6dafe", "c55dfa3f8e4df552dc3234902b76ba3b2b1e9ebb1702f01f86e88ac1271f7793"], "mitre_attack_tags": []}, {"bi": "enumeration-browser-information", "hashes": ["32e33f3283cbb118ab9cb4bac65e9207fb19472ac0526c1ccde3c09dfbe07007", "a584ee3d48e013bee43f2428dde6d75943f4623f46aa7301f1b1287d778ae0de", "971d009ff009864f116e9d169aa28b4f74cacc6af1aa6fd66076657b74ddbc85", "96a7a364a472cedfa586ed85f268ac9e066212c063634af76f8385a50f1fd55f", "c8d941639c1a5ae652058a3a2eb0717f3f3a5a1950496c4371f196c27ca6dafe", "c55dfa3f8e4df552dc3234902b76ba3b2b1e9ebb1702f01f86e88ac1271f7793"], "mitre_attack_tags": ["TA0007", "TA0009", "TA0006", "T1083", "T1217", "T1005", "T1119", "T1552", "T1539", "T1555"]}, {"bi": "network-http-blank-user-agent", "hashes": ["32e33f3283cbb118ab9cb4bac65e9207fb19472ac0526c1ccde3c09dfbe07007", "a584ee3d48e013bee43f2428dde6d75943f4623f46aa7301f1b1287d778ae0de", "971d009ff009864f116e9d169aa28b4f74cacc6af1aa6fd66076657b74ddbc85", "96a7a364a472cedfa586ed85f268ac9e066212c063634af76f8385a50f1fd55f", "c8d941639c1a5ae652058a3a2eb0717f3f3a5a1950496c4371f196c27ca6dafe", "c55dfa3f8e4df552dc3234902b76ba3b2b1e9ebb1702f01f86e88ac1271f7793"], "mitre_attack_tags": ["TA0011", "T1071"]}, {"bi": "public-ip-address-identification-attempt", "hashes": ["32e33f3283cbb118ab9cb4bac65e9207fb19472ac0526c1ccde3c09dfbe07007", "a584ee3d48e013bee43f2428dde6d75943f4623f46aa7301f1b1287d778ae0de", "971d009ff009864f116e9d169aa28b4f74cacc6af1aa6fd66076657b74ddbc85", "96a7a364a472cedfa586ed85f268ac9e066212c063634af76f8385a50f1fd55f", "c8d941639c1a5ae652058a3a2eb0717f3f3a5a1950496c4371f196c27ca6dafe", "c55dfa3f8e4df552dc3234902b76ba3b2b1e9ebb1702f01f86e88ac1271f7793"], "mitre_attack_tags": ["TA0007", "T1082", "T1016"]}, {"bi": "created-executable-sample-appdata", "hashes": ["32e33f3283cbb118ab9cb4bac65e9207fb19472ac0526c1ccde3c09dfbe07007", "a584ee3d48e013bee43f2428dde6d75943f4623f46aa7301f1b1287d778ae0de", "971d009ff009864f116e9d169aa28b4f74cacc6af1aa6fd66076657b74ddbc85", "96a7a364a472cedfa586ed85f268ac9e066212c063634af76f8385a50f1fd55f", "c8d941639c1a5ae652058a3a2eb0717f3f3a5a1950496c4371f196c27ca6dafe", "c55dfa3f8e4df552dc3234902b76ba3b2b1e9ebb1702f01f86e88ac1271f7793"], "mitre_attack_tags": ["TA0005", "T1564"]}, {"bi": "network-fast-flux-domain", "hashes": ["a584ee3d48e013bee43f2428dde6d75943f4623f46aa7301f1b1287d778ae0de", "971d009ff009864f116e9d169aa28b4f74cacc6af1aa6fd66076657b74ddbc85", "96a7a364a472cedfa586ed85f268ac9e066212c063634af76f8385a50f1fd55f", "c8d941639c1a5ae652058a3a2eb0717f3f3a5a1950496c4371f196c27ca6dafe", "a394d5606596a74e223108ad2f534d8cb211299a0d6d90c73c462c3afc5d3a45", "c55dfa3f8e4df552dc3234902b76ba3b2b1e9ebb1702f01f86e88ac1271f7793"], "mitre_attack_tags": []}, {"bi": "network-communications-smtp", "hashes": ["a584ee3d48e013bee43f2428dde6d75943f4623f46aa7301f1b1287d778ae0de", "971d009ff009864f116e9d169aa28b4f74cacc6af1aa6fd66076657b74ddbc85", "96a7a364a472cedfa586ed85f268ac9e066212c063634af76f8385a50f1fd55f", "c8d941639c1a5ae652058a3a2eb0717f3f3a5a1950496c4371f196c27ca6dafe", "c55dfa3f8e4df552dc3234902b76ba3b2b1e9ebb1702f01f86e88ac1271f7793"], "mitre_attack_tags": ["TA0011", "T1071"]}, {"bi": "network-smtp-spambot", "hashes": ["a584ee3d48e013bee43f2428dde6d75943f4623f46aa7301f1b1287d778ae0de", "971d009ff009864f116e9d169aa28b4f74cacc6af1aa6fd66076657b74ddbc85", "96a7a364a472cedfa586ed85f268ac9e066212c063634af76f8385a50f1fd55f", "c8d941639c1a5ae652058a3a2eb0717f3f3a5a1950496c4371f196c27ca6dafe", "c55dfa3f8e4df552dc3234902b76ba3b2b1e9ebb1702f01f86e88ac1271f7793"], "mitre_attack_tags": []}, {"bi": "windows-vault-api", "hashes": ["a584ee3d48e013bee43f2428dde6d75943f4623f46aa7301f1b1287d778ae0de", "971d009ff009864f116e9d169aa28b4f74cacc6af1aa6fd66076657b74ddbc85", "96a7a364a472cedfa586ed85f268ac9e066212c063634af76f8385a50f1fd55f", "c8d941639c1a5ae652058a3a2eb0717f3f3a5a1950496c4371f196c27ca6dafe", "c55dfa3f8e4df552dc3234902b76ba3b2b1e9ebb1702f01f86e88ac1271f7793"], "mitre_attack_tags": ["TA0006", "T1003", "T1555"]}, {"bi": "deleted-submitted-file", "hashes": ["a584ee3d48e013bee43f2428dde6d75943f4623f46aa7301f1b1287d778ae0de", "971d009ff009864f116e9d169aa28b4f74cacc6af1aa6fd66076657b74ddbc85", "96a7a364a472cedfa586ed85f268ac9e066212c063634af76f8385a50f1fd55f", "c8d941639c1a5ae652058a3a2eb0717f3f3a5a1950496c4371f196c27ca6dafe", "c55dfa3f8e4df552dc3234902b76ba3b2b1e9ebb1702f01f86e88ac1271f7793"], "mitre_attack_tags": ["TA0005"]}, {"bi": "firefox-password-manager-local-database-access", "hashes": ["a584ee3d48e013bee43f2428dde6d75943f4623f46aa7301f1b1287d778ae0de", "971d009ff009864f116e9d169aa28b4f74cacc6af1aa6fd66076657b74ddbc85", "96a7a364a472cedfa586ed85f268ac9e066212c063634af76f8385a50f1fd55f", "c8d941639c1a5ae652058a3a2eb0717f3f3a5a1950496c4371f196c27ca6dafe", "c55dfa3f8e4df552dc3234902b76ba3b2b1e9ebb1702f01f86e88ac1271f7793"], "mitre_attack_tags": ["TA0006", "T1003"]}, {"bi": "compound-vb-self-delete", "hashes": ["a584ee3d48e013bee43f2428dde6d75943f4623f46aa7301f1b1287d778ae0de", "971d009ff009864f116e9d169aa28b4f74cacc6af1aa6fd66076657b74ddbc85", "96a7a364a472cedfa586ed85f268ac9e066212c063634af76f8385a50f1fd55f", "c8d941639c1a5ae652058a3a2eb0717f3f3a5a1950496c4371f196c27ca6dafe", "c55dfa3f8e4df552dc3234902b76ba3b2b1e9ebb1702f01f86e88ac1271f7793"], "mitre_attack_tags": []}, {"bi": "listening-port-opened", "hashes": ["a584ee3d48e013bee43f2428dde6d75943f4623f46aa7301f1b1287d778ae0de", "971d009ff009864f116e9d169aa28b4f74cacc6af1aa6fd66076657b74ddbc85", "96a7a364a472cedfa586ed85f268ac9e066212c063634af76f8385a50f1fd55f", "c8d941639c1a5ae652058a3a2eb0717f3f3a5a1950496c4371f196c27ca6dafe", "c55dfa3f8e4df552dc3234902b76ba3b2b1e9ebb1702f01f86e88ac1271f7793"], "mitre_attack_tags": ["TA0011", "T1219"]}, {"bi": "feed-public-ip-check-dns", "hashes": ["a584ee3d48e013bee43f2428dde6d75943f4623f46aa7301f1b1287d778ae0de", "971d009ff009864f116e9d169aa28b4f74cacc6af1aa6fd66076657b74ddbc85", "96a7a364a472cedfa586ed85f268ac9e066212c063634af76f8385a50f1fd55f", "c8d941639c1a5ae652058a3a2eb0717f3f3a5a1950496c4371f196c27ca6dafe", "c55dfa3f8e4df552dc3234902b76ba3b2b1e9ebb1702f01f86e88ac1271f7793"], "mitre_attack_tags": []}, {"bi": "http-response-redirect", "hashes": ["a584ee3d48e013bee43f2428dde6d75943f4623f46aa7301f1b1287d778ae0de", "971d009ff009864f116e9d169aa28b4f74cacc6af1aa6fd66076657b74ddbc85", "96a7a364a472cedfa586ed85f268ac9e066212c063634af76f8385a50f1fd55f", "c8d941639c1a5ae652058a3a2eb0717f3f3a5a1950496c4371f196c27ca6dafe", "c55dfa3f8e4df552dc3234902b76ba3b2b1e9ebb1702f01f86e88ac1271f7793"], "mitre_attack_tags": []}, {"bi": "unsigned-roaming-execution", "hashes": ["a584ee3d48e013bee43f2428dde6d75943f4623f46aa7301f1b1287d778ae0de", "971d009ff009864f116e9d169aa28b4f74cacc6af1aa6fd66076657b74ddbc85", "96a7a364a472cedfa586ed85f268ac9e066212c063634af76f8385a50f1fd55f", "c8d941639c1a5ae652058a3a2eb0717f3f3a5a1950496c4371f196c27ca6dafe", "c55dfa3f8e4df552dc3234902b76ba3b2b1e9ebb1702f01f86e88ac1271f7793"], "mitre_attack_tags": ["TA0005"]}, {"bi": "usb-drive-autoplay-modification", "hashes": ["a584ee3d48e013bee43f2428dde6d75943f4623f46aa7301f1b1287d778ae0de", "971d009ff009864f116e9d169aa28b4f74cacc6af1aa6fd66076657b74ddbc85", "96a7a364a472cedfa586ed85f268ac9e066212c063634af76f8385a50f1fd55f", "c8d941639c1a5ae652058a3a2eb0717f3f3a5a1950496c4371f196c27ca6dafe", "c55dfa3f8e4df552dc3234902b76ba3b2b1e9ebb1702f01f86e88ac1271f7793"], "mitre_attack_tags": ["TA0001", "TA0008", "T1091"]}, {"bi": "modified-file-on-usb", "hashes": ["a584ee3d48e013bee43f2428dde6d75943f4623f46aa7301f1b1287d778ae0de", "971d009ff009864f116e9d169aa28b4f74cacc6af1aa6fd66076657b74ddbc85", "96a7a364a472cedfa586ed85f268ac9e066212c063634af76f8385a50f1fd55f", "c8d941639c1a5ae652058a3a2eb0717f3f3a5a1950496c4371f196c27ca6dafe", "c55dfa3f8e4df552dc3234902b76ba3b2b1e9ebb1702f01f86e88ac1271f7793"], "mitre_attack_tags": ["TA0011", "T1092"]}, {"bi": "created-executable-on-usb", "hashes": ["a584ee3d48e013bee43f2428dde6d75943f4623f46aa7301f1b1287d778ae0de", "971d009ff009864f116e9d169aa28b4f74cacc6af1aa6fd66076657b74ddbc85", "96a7a364a472cedfa586ed85f268ac9e066212c063634af76f8385a50f1fd55f", "c8d941639c1a5ae652058a3a2eb0717f3f3a5a1950496c4371f196c27ca6dafe", "c55dfa3f8e4df552dc3234902b76ba3b2b1e9ebb1702f01f86e88ac1271f7793"], "mitre_attack_tags": ["TA0001", "TA0008", "T1091"]}, {"bi": "sample-copied-to-usb", "hashes": ["a584ee3d48e013bee43f2428dde6d75943f4623f46aa7301f1b1287d778ae0de", "971d009ff009864f116e9d169aa28b4f74cacc6af1aa6fd66076657b74ddbc85", "96a7a364a472cedfa586ed85f268ac9e066212c063634af76f8385a50f1fd55f", "c8d941639c1a5ae652058a3a2eb0717f3f3a5a1950496c4371f196c27ca6dafe", "c55dfa3f8e4df552dc3234902b76ba3b2b1e9ebb1702f01f86e88ac1271f7793"], "mitre_attack_tags": ["TA0001", "TA0008", "T1091"]}, {"bi": "compiler-vbc-run", "hashes": ["a584ee3d48e013bee43f2428dde6d75943f4623f46aa7301f1b1287d778ae0de", "971d009ff009864f116e9d169aa28b4f74cacc6af1aa6fd66076657b74ddbc85", "96a7a364a472cedfa586ed85f268ac9e066212c063634af76f8385a50f1fd55f", "c8d941639c1a5ae652058a3a2eb0717f3f3a5a1950496c4371f196c27ca6dafe", "c55dfa3f8e4df552dc3234902b76ba3b2b1e9ebb1702f01f86e88ac1271f7793"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "process-check-browser-mail-client-files", "hashes": ["a584ee3d48e013bee43f2428dde6d75943f4623f46aa7301f1b1287d778ae0de", "971d009ff009864f116e9d169aa28b4f74cacc6af1aa6fd66076657b74ddbc85", "96a7a364a472cedfa586ed85f268ac9e066212c063634af76f8385a50f1fd55f", "c8d941639c1a5ae652058a3a2eb0717f3f3a5a1950496c4371f196c27ca6dafe", "c55dfa3f8e4df552dc3234902b76ba3b2b1e9ebb1702f01f86e88ac1271f7793"], "mitre_attack_tags": ["TA0007", "T1518"]}, {"bi": "malware-hawkeye-detected", "hashes": ["a584ee3d48e013bee43f2428dde6d75943f4623f46aa7301f1b1287d778ae0de", "971d009ff009864f116e9d169aa28b4f74cacc6af1aa6fd66076657b74ddbc85", "96a7a364a472cedfa586ed85f268ac9e066212c063634af76f8385a50f1fd55f", "c8d941639c1a5ae652058a3a2eb0717f3f3a5a1950496c4371f196c27ca6dafe", "c55dfa3f8e4df552dc3234902b76ba3b2b1e9ebb1702f01f86e88ac1271f7793"], "mitre_attack_tags": []}, {"bi": "dot-net-process-hollowing-detected", "hashes": ["a584ee3d48e013bee43f2428dde6d75943f4623f46aa7301f1b1287d778ae0de", "971d009ff009864f116e9d169aa28b4f74cacc6af1aa6fd66076657b74ddbc85", "96a7a364a472cedfa586ed85f268ac9e066212c063634af76f8385a50f1fd55f", "c8d941639c1a5ae652058a3a2eb0717f3f3a5a1950496c4371f196c27ca6dafe", "c55dfa3f8e4df552dc3234902b76ba3b2b1e9ebb1702f01f86e88ac1271f7793"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "malware-generic-infostealer", "hashes": ["a584ee3d48e013bee43f2428dde6d75943f4623f46aa7301f1b1287d778ae0de", "971d009ff009864f116e9d169aa28b4f74cacc6af1aa6fd66076657b74ddbc85", "96a7a364a472cedfa586ed85f268ac9e066212c063634af76f8385a50f1fd55f", "c8d941639c1a5ae652058a3a2eb0717f3f3a5a1950496c4371f196c27ca6dafe", "c55dfa3f8e4df552dc3234902b76ba3b2b1e9ebb1702f01f86e88ac1271f7793"], "mitre_attack_tags": ["TA0007", "TA0009", "TA0006", "T1083", "T1005", "T1119", "T1552"]}, {"bi": "enumeration-email-program-information", "hashes": ["a584ee3d48e013bee43f2428dde6d75943f4623f46aa7301f1b1287d778ae0de", "971d009ff009864f116e9d169aa28b4f74cacc6af1aa6fd66076657b74ddbc85", "96a7a364a472cedfa586ed85f268ac9e066212c063634af76f8385a50f1fd55f", "c8d941639c1a5ae652058a3a2eb0717f3f3a5a1950496c4371f196c27ca6dafe", "c55dfa3f8e4df552dc3234902b76ba3b2b1e9ebb1702f01f86e88ac1271f7793"], "mitre_attack_tags": ["TA0007", "TA0009", "TA0006", "T1083", "T1087", "T1005", "T1119", "T1114", "T1552"]}, {"bi": "dns-query-nxdomain", "hashes": ["c6d48bba55f820d2845e6895edee07daeaef65f5863774d8c29c317671eb8cda", "75168296430a81c1b6a07ec4ae998b2b9e8ce8dc6de4f7c6eb35af4d50458813", "898cc0800c85027161e26481160bd83544fa7ade222233e2b2552e00ed899e71"], "mitre_attack_tags": []}, {"bi": "dns-dynamic-domain", "hashes": ["32801325c6a7e2512338c52618569bfe42e0ccc414ad8403478e832c621872c9", "75168296430a81c1b6a07ec4ae998b2b9e8ce8dc6de4f7c6eb35af4d50458813", "32e33f3283cbb118ab9cb4bac65e9207fb19472ac0526c1ccde3c09dfbe07007"], "mitre_attack_tags": ["TA0011", "T1568"]}, {"bi": "dns-excessive-domain-queries", "hashes": ["3e4e4cd4d9b33b20816288baa2715c5b44b1e750e27b49cbd6d3f9f806ca8001", "75168296430a81c1b6a07ec4ae998b2b9e8ce8dc6de4f7c6eb35af4d50458813", "a394d5606596a74e223108ad2f534d8cb211299a0d6d90c73c462c3afc5d3a45"], "mitre_attack_tags": ["TA0011", "T1008"]}, {"bi": "artifact-windows-task", "hashes": ["3e4e4cd4d9b33b20816288baa2715c5b44b1e750e27b49cbd6d3f9f806ca8001", "a394d5606596a74e223108ad2f534d8cb211299a0d6d90c73c462c3afc5d3a45", "7039f7b53d740f9d27da784b3dbbff127c8e4926af4517c77a884d8d3e22455e"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1053"]}, {"bi": "windows-util-schtask", "hashes": ["3e4e4cd4d9b33b20816288baa2715c5b44b1e750e27b49cbd6d3f9f806ca8001", "a394d5606596a74e223108ad2f534d8cb211299a0d6d90c73c462c3afc5d3a45", "7039f7b53d740f9d27da784b3dbbff127c8e4926af4517c77a884d8d3e22455e"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1053"]}, {"bi": "schtask-forcefully-created", "hashes": ["3e4e4cd4d9b33b20816288baa2715c5b44b1e750e27b49cbd6d3f9f806ca8001", "a394d5606596a74e223108ad2f534d8cb211299a0d6d90c73c462c3afc5d3a45", "7039f7b53d740f9d27da784b3dbbff127c8e4926af4517c77a884d8d3e22455e"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1053"]}, {"bi": "dns-public-server-contacted", "hashes": ["3e4e4cd4d9b33b20816288baa2715c5b44b1e750e27b49cbd6d3f9f806ca8001", "75168296430a81c1b6a07ec4ae998b2b9e8ce8dc6de4f7c6eb35af4d50458813", "a394d5606596a74e223108ad2f534d8cb211299a0d6d90c73c462c3afc5d3a45"], "mitre_attack_tags": ["TA0011", "T1071"]}, {"bi": "windows-util-schtask-generic", "hashes": ["3e4e4cd4d9b33b20816288baa2715c5b44b1e750e27b49cbd6d3f9f806ca8001", "a394d5606596a74e223108ad2f534d8cb211299a0d6d90c73c462c3afc5d3a45", "7039f7b53d740f9d27da784b3dbbff127c8e4926af4517c77a884d8d3e22455e"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1053"]}, {"bi": "task-pointed-to-appdata-directory", "hashes": ["3e4e4cd4d9b33b20816288baa2715c5b44b1e750e27b49cbd6d3f9f806ca8001", "a394d5606596a74e223108ad2f534d8cb211299a0d6d90c73c462c3afc5d3a45", "7039f7b53d740f9d27da784b3dbbff127c8e4926af4517c77a884d8d3e22455e"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1053"]}, {"bi": "pe-uses-dot-net", "hashes": ["a394d5606596a74e223108ad2f534d8cb211299a0d6d90c73c462c3afc5d3a45", "c72e21494340dea02f5d4ad2ea0d02f008b27034ad368ac884c38ff4fe52ba9c", "acbcbd598b758bd6de681b96dfd81ef2028a82e66064f21856a6587b50765783"], "mitre_attack_tags": []}, {"bi": "network-dns-category-dynamic", "hashes": ["3e4e4cd4d9b33b20816288baa2715c5b44b1e750e27b49cbd6d3f9f806ca8001", "a394d5606596a74e223108ad2f534d8cb211299a0d6d90c73c462c3afc5d3a45"], "mitre_attack_tags": []}, {"bi": "network-snort-indicator-compromise", "hashes": ["32e33f3283cbb118ab9cb4bac65e9207fb19472ac0526c1ccde3c09dfbe07007", "898cc0800c85027161e26481160bd83544fa7ade222233e2b2552e00ed899e71"], "mitre_attack_tags": []}, {"bi": "excessive-dns-query-nxdomain", "hashes": ["c6d48bba55f820d2845e6895edee07daeaef65f5863774d8c29c317671eb8cda"], "mitre_attack_tags": ["TA0011", "T1008"]}, {"bi": "pe-vb-imports-toolhelp", "hashes": ["c6d48bba55f820d2845e6895edee07daeaef65f5863774d8c29c317671eb8cda"], "mitre_attack_tags": ["TA0007", "T1057"]}, {"bi": "malware-webmonitor-rat-domain-detected", "hashes": ["c6d48bba55f820d2845e6895edee07daeaef65f5863774d8c29c317671eb8cda"], "mitre_attack_tags": ["TA0011", "T1095", "T1219"]}, {"bi": "network-fast-flux-nameserver", "hashes": ["3e4e4cd4d9b33b20816288baa2715c5b44b1e750e27b49cbd6d3f9f806ca8001"], "mitre_attack_tags": []}, {"bi": "registry-autorun-key-data-dir", "hashes": ["32e33f3283cbb118ab9cb4bac65e9207fb19472ac0526c1ccde3c09dfbe07007"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "registry-autorun-suspicious-public-ip", "hashes": ["32e33f3283cbb118ab9cb4bac65e9207fb19472ac0526c1ccde3c09dfbe07007"], "mitre_attack_tags": []}, {"bi": "process-created-executable-autorun", "hashes": ["32e33f3283cbb118ab9cb4bac65e9207fb19472ac0526c1ccde3c09dfbe07007"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "pe-packed-upx", "hashes": ["898cc0800c85027161e26481160bd83544fa7ade222233e2b2552e00ed899e71"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "netbios-query", "hashes": ["898cc0800c85027161e26481160bd83544fa7ade222233e2b2552e00ed899e71"], "mitre_attack_tags": ["TA0007", "T1016"]}, {"bi": "deleted-executable-in-program-dir", "hashes": ["c72e21494340dea02f5d4ad2ea0d02f008b27034ad368ac884c38ff4fe52ba9c"], "mitre_attack_tags": []}, {"bi": "excessive-tcp-connections", "hashes": ["acbcbd598b758bd6de681b96dfd81ef2028a82e66064f21856a6587b50765783"], "mitre_attack_tags": ["TA0011", "T1095", "T1008"]}], "category": "Dropper", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": true, "Threat Grid": true, "Umbrella": true, "WSA": true}, "description": "HawkEye is an information stealing malware that specifically targets usernames and passwords stored by web browsers and mail clients on an infected machine. It is commonly spread via email and can also propagate through removable media.", "hashes": ["287a6c0f58a354b6fbbce18d6d2bdf9082a0fb15c293b215c428977cd2ba5844", "32801325c6a7e2512338c52618569bfe42e0ccc414ad8403478e832c621872c9", "32e33f3283cbb118ab9cb4bac65e9207fb19472ac0526c1ccde3c09dfbe07007", "34234ccbab39e5876a404340e61f3772c0459c03a8bcb49ce81df08b5155300c", "36fb3d0e48ee960deeb4d88fe7c1f8c1ad3315eec57c95113ac1fee0afcf2d6e", "3e4e4cd4d9b33b20816288baa2715c5b44b1e750e27b49cbd6d3f9f806ca8001", "6886bb95013a9f916fbbde507c721a2df5863b077f37bd20097e0fe43772dc12", "7039f7b53d740f9d27da784b3dbbff127c8e4926af4517c77a884d8d3e22455e", "75168296430a81c1b6a07ec4ae998b2b9e8ce8dc6de4f7c6eb35af4d50458813", "898cc0800c85027161e26481160bd83544fa7ade222233e2b2552e00ed899e71", "8d2241b4be30e2fefa1c97f6017aab6880ef77fad41698e45a3674f207dd3c4e", "96a7a364a472cedfa586ed85f268ac9e066212c063634af76f8385a50f1fd55f", "971d009ff009864f116e9d169aa28b4f74cacc6af1aa6fd66076657b74ddbc85", "9a6a56ae7799714a9ff7d2582881ce2d576a5554b003480c43a6832a1af02f91", "a394d5606596a74e223108ad2f534d8cb211299a0d6d90c73c462c3afc5d3a45", "a584ee3d48e013bee43f2428dde6d75943f4623f46aa7301f1b1287d778ae0de", "a71e76ced9e8a5e3a4fff02ac395f1966f21b5d3381a96ac8ff337f12f489306", "acbcbd598b758bd6de681b96dfd81ef2028a82e66064f21856a6587b50765783", "b0f148376f721ed74f252e36ac7045b6f7beb571ed131d39f1ba06c3fa8c15f4", "c0ea1cf0aee4fb81d4964f80e6bb717a9129df23a00f0925e72280bf49025338", "c55dfa3f8e4df552dc3234902b76ba3b2b1e9ebb1702f01f86e88ac1271f7793", "c6d48bba55f820d2845e6895edee07daeaef65f5863774d8c29c317671eb8cda", "c72e21494340dea02f5d4ad2ea0d02f008b27034ad368ac884c38ff4fe52ba9c", "c8d941639c1a5ae652058a3a2eb0717f3f3a5a1950496c4371f196c27ca6dafe", "cb06dbb74a77f5ca77b82b184c707a3666a6c813a6cac2b8c699a5c86e3ca0e7", "cdb8c41c3ed32e84ab2e5257c848324132f0c448c8c8ebcbceab43d983039b9a", "d01028946943ca05f439b9234bc488d59419ebc48a887428b682c8a06b145915", "d9304845820a1afaa30caac48bcc203e2a2146984554064c7e2707700af2bfb5", "e891b2d7eb5c0db98b7053c4fe2fde3b688fe9e95a2ee40d6d4da93d221a8a88", "eb9ebf761bd0b59124b085bed4493b73d93250222f5401d76232a4d0fa7e8128", "f159c78cffa3a1c338a8cdebc5961c8e3a7a14856558f1b2c67a5f082e9dc908", "f4ffa4c6a0723c9e7e25230ae09cec61f2a0d07d57f17d81a43b176568c8d098", "f7f30c26960697c4512cfa464416c3505840985770aaf3f932e51904b51696a9"], "iocs": {"domain": [{"hashes": ["287a6c0f58a354b6fbbce18d6d2bdf9082a0fb15c293b215c428977cd2ba5844", "34234ccbab39e5876a404340e61f3772c0459c03a8bcb49ce81df08b5155300c", "36fb3d0e48ee960deeb4d88fe7c1f8c1ad3315eec57c95113ac1fee0afcf2d6e", "6886bb95013a9f916fbbde507c721a2df5863b077f37bd20097e0fe43772dc12", "8d2241b4be30e2fefa1c97f6017aab6880ef77fad41698e45a3674f207dd3c4e", "b0f148376f721ed74f252e36ac7045b6f7beb571ed131d39f1ba06c3fa8c15f4", "c0ea1cf0aee4fb81d4964f80e6bb717a9129df23a00f0925e72280bf49025338", "cb06dbb74a77f5ca77b82b184c707a3666a6c813a6cac2b8c699a5c86e3ca0e7"], "host": "salako[.]net"}, {"hashes": ["96a7a364a472cedfa586ed85f268ac9e066212c063634af76f8385a50f1fd55f", "971d009ff009864f116e9d169aa28b4f74cacc6af1aa6fd66076657b74ddbc85", "a584ee3d48e013bee43f2428dde6d75943f4623f46aa7301f1b1287d778ae0de", "c55dfa3f8e4df552dc3234902b76ba3b2b1e9ebb1702f01f86e88ac1271f7793", "c8d941639c1a5ae652058a3a2eb0717f3f3a5a1950496c4371f196c27ca6dafe"], "host": "whatismyipaddress[.]com"}, {"hashes": ["96a7a364a472cedfa586ed85f268ac9e066212c063634af76f8385a50f1fd55f", "971d009ff009864f116e9d169aa28b4f74cacc6af1aa6fd66076657b74ddbc85", "a584ee3d48e013bee43f2428dde6d75943f4623f46aa7301f1b1287d778ae0de", "c55dfa3f8e4df552dc3234902b76ba3b2b1e9ebb1702f01f86e88ac1271f7793", "c8d941639c1a5ae652058a3a2eb0717f3f3a5a1950496c4371f196c27ca6dafe"], "host": "smtp[.]yandex[.]com"}, {"hashes": ["32e33f3283cbb118ab9cb4bac65e9207fb19472ac0526c1ccde3c09dfbe07007"], "host": "checkip[.]dyndns[.]org"}, {"hashes": ["32801325c6a7e2512338c52618569bfe42e0ccc414ad8403478e832c621872c9"], "host": "minergate[.]sytes[.]net"}, {"hashes": ["898cc0800c85027161e26481160bd83544fa7ade222233e2b2552e00ed899e71"], "host": "logover[.]su"}, {"hashes": ["75168296430a81c1b6a07ec4ae998b2b9e8ce8dc6de4f7c6eb35af4d50458813"], "host": "delta[.]http80[.]info"}, {"hashes": ["3e4e4cd4d9b33b20816288baa2715c5b44b1e750e27b49cbd6d3f9f806ca8001"], "host": "monarch1[.]myddns[.]me"}, {"hashes": ["a394d5606596a74e223108ad2f534d8cb211299a0d6d90c73c462c3afc5d3a45"], "host": "wilfred123[.]ddns[.]net"}, {"hashes": ["c6d48bba55f820d2845e6895edee07daeaef65f5863774d8c29c317671eb8cda"], "host": "chevalblanc[.]1e517001[.]to"}, {"hashes": ["c6d48bba55f820d2845e6895edee07daeaef65f5863774d8c29c317671eb8cda"], "host": "chevalblanc[.]93319601[.]to"}, {"hashes": ["c6d48bba55f820d2845e6895edee07daeaef65f5863774d8c29c317671eb8cda"], "host": "chevalblanc[.]81252b01[.]to"}, {"hashes": ["c6d48bba55f820d2845e6895edee07daeaef65f5863774d8c29c317671eb8cda"], "host": "chevalblanc[.]bb8c4e01[.]to"}, {"hashes": ["c6d48bba55f820d2845e6895edee07daeaef65f5863774d8c29c317671eb8cda"], "host": "chevalblanc[.]6a0fe901[.]to"}, {"hashes": ["c6d48bba55f820d2845e6895edee07daeaef65f5863774d8c29c317671eb8cda"], "host": "chevalblanc[.]wm01[.]to"}, {"hashes": ["c6d48bba55f820d2845e6895edee07daeaef65f5863774d8c29c317671eb8cda"], "host": "chevalblanc[.]49b56c01[.]to"}, {"hashes": ["c6d48bba55f820d2845e6895edee07daeaef65f5863774d8c29c317671eb8cda"], "host": "chevalblanc[.]69385701[.]to"}, {"hashes": ["c6d48bba55f820d2845e6895edee07daeaef65f5863774d8c29c317671eb8cda"], "host": "chevalblanc[.]53fb0701[.]to"}, {"hashes": ["c6d48bba55f820d2845e6895edee07daeaef65f5863774d8c29c317671eb8cda"], "host": "chevalblanc[.]efe87401[.]to"}, {"hashes": ["c6d48bba55f820d2845e6895edee07daeaef65f5863774d8c29c317671eb8cda"], "host": "chevalblanc[.]cf488101[.]to"}], "file": [{"hashes": ["287a6c0f58a354b6fbbce18d6d2bdf9082a0fb15c293b215c428977cd2ba5844", "36fb3d0e48ee960deeb4d88fe7c1f8c1ad3315eec57c95113ac1fee0afcf2d6e", "6886bb95013a9f916fbbde507c721a2df5863b077f37bd20097e0fe43772dc12", "8d2241b4be30e2fefa1c97f6017aab6880ef77fad41698e45a3674f207dd3c4e", "b0f148376f721ed74f252e36ac7045b6f7beb571ed131d39f1ba06c3fa8c15f4", "c0ea1cf0aee4fb81d4964f80e6bb717a9129df23a00f0925e72280bf49025338", "cb06dbb74a77f5ca77b82b184c707a3666a6c813a6cac2b8c699a5c86e3ca0e7"], "path": "%APPDATA%\\dclogs"}, {"hashes": ["32801325c6a7e2512338c52618569bfe42e0ccc414ad8403478e832c621872c9", "3e4e4cd4d9b33b20816288baa2715c5b44b1e750e27b49cbd6d3f9f806ca8001", "7039f7b53d740f9d27da784b3dbbff127c8e4926af4517c77a884d8d3e22455e", "75168296430a81c1b6a07ec4ae998b2b9e8ce8dc6de4f7c6eb35af4d50458813", "a394d5606596a74e223108ad2f534d8cb211299a0d6d90c73c462c3afc5d3a45", "acbcbd598b758bd6de681b96dfd81ef2028a82e66064f21856a6587b50765783", "c72e21494340dea02f5d4ad2ea0d02f008b27034ad368ac884c38ff4fe52ba9c"], "path": "%APPDATA%\\D19AB989-A35F-4710-83DF-7B2DB7EFE7C5"}, {"hashes": ["32801325c6a7e2512338c52618569bfe42e0ccc414ad8403478e832c621872c9", "3e4e4cd4d9b33b20816288baa2715c5b44b1e750e27b49cbd6d3f9f806ca8001", "7039f7b53d740f9d27da784b3dbbff127c8e4926af4517c77a884d8d3e22455e", "75168296430a81c1b6a07ec4ae998b2b9e8ce8dc6de4f7c6eb35af4d50458813", "a394d5606596a74e223108ad2f534d8cb211299a0d6d90c73c462c3afc5d3a45", "acbcbd598b758bd6de681b96dfd81ef2028a82e66064f21856a6587b50765783", "c72e21494340dea02f5d4ad2ea0d02f008b27034ad368ac884c38ff4fe52ba9c"], "path": "%APPDATA%\\D19AB989-A35F-4710-83DF-7B2DB7EFE7C5\\Logs"}, {"hashes": ["32801325c6a7e2512338c52618569bfe42e0ccc414ad8403478e832c621872c9", "3e4e4cd4d9b33b20816288baa2715c5b44b1e750e27b49cbd6d3f9f806ca8001", "7039f7b53d740f9d27da784b3dbbff127c8e4926af4517c77a884d8d3e22455e", "75168296430a81c1b6a07ec4ae998b2b9e8ce8dc6de4f7c6eb35af4d50458813", "a394d5606596a74e223108ad2f534d8cb211299a0d6d90c73c462c3afc5d3a45", "acbcbd598b758bd6de681b96dfd81ef2028a82e66064f21856a6587b50765783", "c72e21494340dea02f5d4ad2ea0d02f008b27034ad368ac884c38ff4fe52ba9c"], "path": "%APPDATA%\\D19AB989-A35F-4710-83DF-7B2DB7EFE7C5\\Logs\\Administrator"}, {"hashes": ["32801325c6a7e2512338c52618569bfe42e0ccc414ad8403478e832c621872c9", "3e4e4cd4d9b33b20816288baa2715c5b44b1e750e27b49cbd6d3f9f806ca8001", "7039f7b53d740f9d27da784b3dbbff127c8e4926af4517c77a884d8d3e22455e", "75168296430a81c1b6a07ec4ae998b2b9e8ce8dc6de4f7c6eb35af4d50458813", "a394d5606596a74e223108ad2f534d8cb211299a0d6d90c73c462c3afc5d3a45", "acbcbd598b758bd6de681b96dfd81ef2028a82e66064f21856a6587b50765783", "c72e21494340dea02f5d4ad2ea0d02f008b27034ad368ac884c38ff4fe52ba9c"], "path": "%APPDATA%\\D19AB989-A35F-4710-83DF-7B2DB7EFE7C5\\run.dat"}, {"hashes": ["3e4e4cd4d9b33b20816288baa2715c5b44b1e750e27b49cbd6d3f9f806ca8001", "7039f7b53d740f9d27da784b3dbbff127c8e4926af4517c77a884d8d3e22455e", "75168296430a81c1b6a07ec4ae998b2b9e8ce8dc6de4f7c6eb35af4d50458813", "a394d5606596a74e223108ad2f534d8cb211299a0d6d90c73c462c3afc5d3a45", "acbcbd598b758bd6de681b96dfd81ef2028a82e66064f21856a6587b50765783", "c72e21494340dea02f5d4ad2ea0d02f008b27034ad368ac884c38ff4fe52ba9c"], "path": "%ProgramFiles(x86)%\\AGP Manager"}, {"hashes": ["3e4e4cd4d9b33b20816288baa2715c5b44b1e750e27b49cbd6d3f9f806ca8001", "7039f7b53d740f9d27da784b3dbbff127c8e4926af4517c77a884d8d3e22455e", "75168296430a81c1b6a07ec4ae998b2b9e8ce8dc6de4f7c6eb35af4d50458813", "a394d5606596a74e223108ad2f534d8cb211299a0d6d90c73c462c3afc5d3a45", "acbcbd598b758bd6de681b96dfd81ef2028a82e66064f21856a6587b50765783", "c72e21494340dea02f5d4ad2ea0d02f008b27034ad368ac884c38ff4fe52ba9c"], "path": "%ProgramFiles(x86)%\\AGP Manager\\agpmgr.exe"}, {"hashes": ["96a7a364a472cedfa586ed85f268ac9e066212c063634af76f8385a50f1fd55f", "971d009ff009864f116e9d169aa28b4f74cacc6af1aa6fd66076657b74ddbc85", "a584ee3d48e013bee43f2428dde6d75943f4623f46aa7301f1b1287d778ae0de", "c55dfa3f8e4df552dc3234902b76ba3b2b1e9ebb1702f01f86e88ac1271f7793", "c8d941639c1a5ae652058a3a2eb0717f3f3a5a1950496c4371f196c27ca6dafe"], "path": "\\Sys.exe"}, {"hashes": ["96a7a364a472cedfa586ed85f268ac9e066212c063634af76f8385a50f1fd55f", "971d009ff009864f116e9d169aa28b4f74cacc6af1aa6fd66076657b74ddbc85", "a584ee3d48e013bee43f2428dde6d75943f4623f46aa7301f1b1287d778ae0de", "c55dfa3f8e4df552dc3234902b76ba3b2b1e9ebb1702f01f86e88ac1271f7793", "c8d941639c1a5ae652058a3a2eb0717f3f3a5a1950496c4371f196c27ca6dafe"], "path": "\\autorun.inf"}, {"hashes": ["96a7a364a472cedfa586ed85f268ac9e066212c063634af76f8385a50f1fd55f", "971d009ff009864f116e9d169aa28b4f74cacc6af1aa6fd66076657b74ddbc85", "a584ee3d48e013bee43f2428dde6d75943f4623f46aa7301f1b1287d778ae0de", "c55dfa3f8e4df552dc3234902b76ba3b2b1e9ebb1702f01f86e88ac1271f7793", "c8d941639c1a5ae652058a3a2eb0717f3f3a5a1950496c4371f196c27ca6dafe"], "path": "E:\\autorun.inf"}, {"hashes": ["96a7a364a472cedfa586ed85f268ac9e066212c063634af76f8385a50f1fd55f", "971d009ff009864f116e9d169aa28b4f74cacc6af1aa6fd66076657b74ddbc85", "a584ee3d48e013bee43f2428dde6d75943f4623f46aa7301f1b1287d778ae0de", "c55dfa3f8e4df552dc3234902b76ba3b2b1e9ebb1702f01f86e88ac1271f7793", "c8d941639c1a5ae652058a3a2eb0717f3f3a5a1950496c4371f196c27ca6dafe"], "path": "%APPDATA%\\pid.txt"}, {"hashes": ["96a7a364a472cedfa586ed85f268ac9e066212c063634af76f8385a50f1fd55f", "971d009ff009864f116e9d169aa28b4f74cacc6af1aa6fd66076657b74ddbc85", "a584ee3d48e013bee43f2428dde6d75943f4623f46aa7301f1b1287d778ae0de", "c55dfa3f8e4df552dc3234902b76ba3b2b1e9ebb1702f01f86e88ac1271f7793", "c8d941639c1a5ae652058a3a2eb0717f3f3a5a1950496c4371f196c27ca6dafe"], "path": "%APPDATA%\\pidloc.txt"}, {"hashes": ["96a7a364a472cedfa586ed85f268ac9e066212c063634af76f8385a50f1fd55f", "971d009ff009864f116e9d169aa28b4f74cacc6af1aa6fd66076657b74ddbc85", "a584ee3d48e013bee43f2428dde6d75943f4623f46aa7301f1b1287d778ae0de", "c55dfa3f8e4df552dc3234902b76ba3b2b1e9ebb1702f01f86e88ac1271f7793", "c8d941639c1a5ae652058a3a2eb0717f3f3a5a1950496c4371f196c27ca6dafe"], "path": "%TEMP%\\holdermail.txt"}, {"hashes": ["96a7a364a472cedfa586ed85f268ac9e066212c063634af76f8385a50f1fd55f", "971d009ff009864f116e9d169aa28b4f74cacc6af1aa6fd66076657b74ddbc85", "a584ee3d48e013bee43f2428dde6d75943f4623f46aa7301f1b1287d778ae0de", "c55dfa3f8e4df552dc3234902b76ba3b2b1e9ebb1702f01f86e88ac1271f7793", "c8d941639c1a5ae652058a3a2eb0717f3f3a5a1950496c4371f196c27ca6dafe"], "path": "%TEMP%\\holderwb.txt"}, {"hashes": ["96a7a364a472cedfa586ed85f268ac9e066212c063634af76f8385a50f1fd55f", "971d009ff009864f116e9d169aa28b4f74cacc6af1aa6fd66076657b74ddbc85", "a584ee3d48e013bee43f2428dde6d75943f4623f46aa7301f1b1287d778ae0de", "c55dfa3f8e4df552dc3234902b76ba3b2b1e9ebb1702f01f86e88ac1271f7793", "c8d941639c1a5ae652058a3a2eb0717f3f3a5a1950496c4371f196c27ca6dafe"], "path": "%TEMP%\\SysInfo.txt"}, {"hashes": ["96a7a364a472cedfa586ed85f268ac9e066212c063634af76f8385a50f1fd55f", "971d009ff009864f116e9d169aa28b4f74cacc6af1aa6fd66076657b74ddbc85", "a584ee3d48e013bee43f2428dde6d75943f4623f46aa7301f1b1287d778ae0de", "c55dfa3f8e4df552dc3234902b76ba3b2b1e9ebb1702f01f86e88ac1271f7793", "c8d941639c1a5ae652058a3a2eb0717f3f3a5a1950496c4371f196c27ca6dafe"], "path": "%APPDATA%\\Windows Update.exe"}, {"hashes": ["96a7a364a472cedfa586ed85f268ac9e066212c063634af76f8385a50f1fd55f", "971d009ff009864f116e9d169aa28b4f74cacc6af1aa6fd66076657b74ddbc85", "a584ee3d48e013bee43f2428dde6d75943f4623f46aa7301f1b1287d778ae0de", "c55dfa3f8e4df552dc3234902b76ba3b2b1e9ebb1702f01f86e88ac1271f7793", "c8d941639c1a5ae652058a3a2eb0717f3f3a5a1950496c4371f196c27ca6dafe"], "path": "E:\\Sys.exe"}, {"hashes": ["3e4e4cd4d9b33b20816288baa2715c5b44b1e750e27b49cbd6d3f9f806ca8001", "7039f7b53d740f9d27da784b3dbbff127c8e4926af4517c77a884d8d3e22455e", "a394d5606596a74e223108ad2f534d8cb211299a0d6d90c73c462c3afc5d3a45"], "path": "%APPDATA%\\D19AB989-A35F-4710-83DF-7B2DB7EFE7C5\\task.dat"}, {"hashes": ["3e4e4cd4d9b33b20816288baa2715c5b44b1e750e27b49cbd6d3f9f806ca8001", "7039f7b53d740f9d27da784b3dbbff127c8e4926af4517c77a884d8d3e22455e", "a394d5606596a74e223108ad2f534d8cb211299a0d6d90c73c462c3afc5d3a45"], "path": "%System32%\\Tasks\\AGP Manager"}, {"hashes": ["3e4e4cd4d9b33b20816288baa2715c5b44b1e750e27b49cbd6d3f9f806ca8001", "7039f7b53d740f9d27da784b3dbbff127c8e4926af4517c77a884d8d3e22455e", "a394d5606596a74e223108ad2f534d8cb211299a0d6d90c73c462c3afc5d3a45"], "path": "%System32%\\Tasks\\AGP Manager Task"}, {"hashes": ["a394d5606596a74e223108ad2f534d8cb211299a0d6d90c73c462c3afc5d3a45", "acbcbd598b758bd6de681b96dfd81ef2028a82e66064f21856a6587b50765783", "c72e21494340dea02f5d4ad2ea0d02f008b27034ad368ac884c38ff4fe52ba9c"], "path": "%TEMP%\\win86.exe"}, {"hashes": ["36fb3d0e48ee960deeb4d88fe7c1f8c1ad3315eec57c95113ac1fee0afcf2d6e", "b0f148376f721ed74f252e36ac7045b6f7beb571ed131d39f1ba06c3fa8c15f4", "c0ea1cf0aee4fb81d4964f80e6bb717a9129df23a00f0925e72280bf49025338"], "path": "%TEMP%\\Axrozun"}, {"hashes": ["36fb3d0e48ee960deeb4d88fe7c1f8c1ad3315eec57c95113ac1fee0afcf2d6e", "b0f148376f721ed74f252e36ac7045b6f7beb571ed131d39f1ba06c3fa8c15f4", "c0ea1cf0aee4fb81d4964f80e6bb717a9129df23a00f0925e72280bf49025338"], "path": "%TEMP%\\Axrozun\\azrezon.exe"}, {"hashes": ["36fb3d0e48ee960deeb4d88fe7c1f8c1ad3315eec57c95113ac1fee0afcf2d6e", "b0f148376f721ed74f252e36ac7045b6f7beb571ed131d39f1ba06c3fa8c15f4", "c0ea1cf0aee4fb81d4964f80e6bb717a9129df23a00f0925e72280bf49025338"], "path": "%TEMP%\\Axrozun\\azrezon.vbs"}, {"hashes": ["3e4e4cd4d9b33b20816288baa2715c5b44b1e750e27b49cbd6d3f9f806ca8001", "7039f7b53d740f9d27da784b3dbbff127c8e4926af4517c77a884d8d3e22455e", "a394d5606596a74e223108ad2f534d8cb211299a0d6d90c73c462c3afc5d3a45"], "path": "%TEMP%\\tmp<random, matching [A-F0-9]{1,4}>.tmp"}, {"hashes": ["6886bb95013a9f916fbbde507c721a2df5863b077f37bd20097e0fe43772dc12", "cb06dbb74a77f5ca77b82b184c707a3666a6c813a6cac2b8c699a5c86e3ca0e7"], "path": "%TEMP%\\Zaxuerv"}, {"hashes": ["6886bb95013a9f916fbbde507c721a2df5863b077f37bd20097e0fe43772dc12", "cb06dbb74a77f5ca77b82b184c707a3666a6c813a6cac2b8c699a5c86e3ca0e7"], "path": "%TEMP%\\Zaxuerv\\zaxveru.exe"}, {"hashes": ["6886bb95013a9f916fbbde507c721a2df5863b077f37bd20097e0fe43772dc12", "cb06dbb74a77f5ca77b82b184c707a3666a6c813a6cac2b8c699a5c86e3ca0e7"], "path": "%TEMP%\\Zaxuerv\\zaxveru.vbs"}, {"hashes": ["287a6c0f58a354b6fbbce18d6d2bdf9082a0fb15c293b215c428977cd2ba5844", "8d2241b4be30e2fefa1c97f6017aab6880ef77fad41698e45a3674f207dd3c4e"], "path": "%TEMP%\\Acxuzor"}, {"hashes": ["287a6c0f58a354b6fbbce18d6d2bdf9082a0fb15c293b215c428977cd2ba5844", "8d2241b4be30e2fefa1c97f6017aab6880ef77fad41698e45a3674f207dd3c4e"], "path": "%TEMP%\\Acxuzor\\avxuerz.exe"}, {"hashes": ["287a6c0f58a354b6fbbce18d6d2bdf9082a0fb15c293b215c428977cd2ba5844", "8d2241b4be30e2fefa1c97f6017aab6880ef77fad41698e45a3674f207dd3c4e"], "path": "%TEMP%\\Acxuzor\\avxuerz.vbs"}, {"hashes": ["75168296430a81c1b6a07ec4ae998b2b9e8ce8dc6de4f7c6eb35af4d50458813"], "path": "%TEMP%\\subfolder"}, {"hashes": ["75168296430a81c1b6a07ec4ae998b2b9e8ce8dc6de4f7c6eb35af4d50458813"], "path": "%TEMP%\\subfolder\\firefox.exe"}, {"hashes": ["75168296430a81c1b6a07ec4ae998b2b9e8ce8dc6de4f7c6eb35af4d50458813"], "path": "%TEMP%\\subfolder\\firefox.vbs"}, {"hashes": ["34234ccbab39e5876a404340e61f3772c0459c03a8bcb49ce81df08b5155300c"], "path": "%TEMP%\\Coxuen"}, {"hashes": ["34234ccbab39e5876a404340e61f3772c0459c03a8bcb49ce81df08b5155300c"], "path": "%TEMP%\\Coxuen\\corvxen.exe"}, {"hashes": ["898cc0800c85027161e26481160bd83544fa7ade222233e2b2552e00ed899e71"], "path": "%APPDATA%\\zzx.txt"}, {"hashes": ["34234ccbab39e5876a404340e61f3772c0459c03a8bcb49ce81df08b5155300c"], "path": "%TEMP%\\Coxuen\\corvxen.vbs"}, {"hashes": ["a71e76ced9e8a5e3a4fff02ac395f1966f21b5d3381a96ac8ff337f12f489306"], "path": "%TEMP%\\Short Term Loan Review"}, {"hashes": ["a71e76ced9e8a5e3a4fff02ac395f1966f21b5d3381a96ac8ff337f12f489306"], "path": "%TEMP%\\Short Term Loan Review\\Short Term.scr"}, {"hashes": ["a71e76ced9e8a5e3a4fff02ac395f1966f21b5d3381a96ac8ff337f12f489306"], "path": "%TEMP%\\Short Term Loan Review\\Short Term.vbs"}, {"hashes": ["32801325c6a7e2512338c52618569bfe42e0ccc414ad8403478e832c621872c9"], "path": "%TEMP%\\outlook_sys"}, {"hashes": ["32801325c6a7e2512338c52618569bfe42e0ccc414ad8403478e832c621872c9"], "path": "%TEMP%\\outlook_sys\\outlook_sys.exe"}, {"hashes": ["9a6a56ae7799714a9ff7d2582881ce2d576a5554b003480c43a6832a1af02f91"], "path": "%TEMP%\\Long Term Loan Review"}, {"hashes": ["32801325c6a7e2512338c52618569bfe42e0ccc414ad8403478e832c621872c9"], "path": "%TEMP%\\outlook_sys\\outlook_sys.vbs"}, {"hashes": ["9a6a56ae7799714a9ff7d2582881ce2d576a5554b003480c43a6832a1af02f91"], "path": "%TEMP%\\Long Term Loan Review\\LongTerm.exe"}, {"hashes": ["9a6a56ae7799714a9ff7d2582881ce2d576a5554b003480c43a6832a1af02f91"], "path": "%TEMP%\\Long Term Loan Review\\LongTerm.vbs"}, {"hashes": ["32e33f3283cbb118ab9cb4bac65e9207fb19472ac0526c1ccde3c09dfbe07007"], "path": "%APPDATA%\\ptm"}, {"hashes": ["32e33f3283cbb118ab9cb4bac65e9207fb19472ac0526c1ccde3c09dfbe07007"], "path": "%APPDATA%\\ptm\\ptm.exe"}], "ip": [{"hashes": ["287a6c0f58a354b6fbbce18d6d2bdf9082a0fb15c293b215c428977cd2ba5844", "34234ccbab39e5876a404340e61f3772c0459c03a8bcb49ce81df08b5155300c", "36fb3d0e48ee960deeb4d88fe7c1f8c1ad3315eec57c95113ac1fee0afcf2d6e", "6886bb95013a9f916fbbde507c721a2df5863b077f37bd20097e0fe43772dc12", "8d2241b4be30e2fefa1c97f6017aab6880ef77fad41698e45a3674f207dd3c4e", "b0f148376f721ed74f252e36ac7045b6f7beb571ed131d39f1ba06c3fa8c15f4", "c0ea1cf0aee4fb81d4964f80e6bb717a9129df23a00f0925e72280bf49025338", "cb06dbb74a77f5ca77b82b184c707a3666a6c813a6cac2b8c699a5c86e3ca0e7"], "ip": "217[.]160[.]0[.]143"}, {"hashes": ["96a7a364a472cedfa586ed85f268ac9e066212c063634af76f8385a50f1fd55f", "971d009ff009864f116e9d169aa28b4f74cacc6af1aa6fd66076657b74ddbc85", "a584ee3d48e013bee43f2428dde6d75943f4623f46aa7301f1b1287d778ae0de", "c55dfa3f8e4df552dc3234902b76ba3b2b1e9ebb1702f01f86e88ac1271f7793", "c8d941639c1a5ae652058a3a2eb0717f3f3a5a1950496c4371f196c27ca6dafe"], "ip": "77[.]88[.]21[.]158"}, {"hashes": ["971d009ff009864f116e9d169aa28b4f74cacc6af1aa6fd66076657b74ddbc85", "a584ee3d48e013bee43f2428dde6d75943f4623f46aa7301f1b1287d778ae0de", "c55dfa3f8e4df552dc3234902b76ba3b2b1e9ebb1702f01f86e88ac1271f7793"], "ip": "104[.]16[.]155[.]36"}, {"hashes": ["a394d5606596a74e223108ad2f534d8cb211299a0d6d90c73c462c3afc5d3a45", "acbcbd598b758bd6de681b96dfd81ef2028a82e66064f21856a6587b50765783", "c72e21494340dea02f5d4ad2ea0d02f008b27034ad368ac884c38ff4fe52ba9c"], "ip": "185[.]209[.]85[.]183"}, {"hashes": ["96a7a364a472cedfa586ed85f268ac9e066212c063634af76f8385a50f1fd55f", "c8d941639c1a5ae652058a3a2eb0717f3f3a5a1950496c4371f196c27ca6dafe"], "ip": "104[.]16[.]154[.]36"}, {"hashes": ["acbcbd598b758bd6de681b96dfd81ef2028a82e66064f21856a6587b50765783"], "ip": "103[.]70[.]136[.]100"}, {"hashes": ["c72e21494340dea02f5d4ad2ea0d02f008b27034ad368ac884c38ff4fe52ba9c"], "ip": "185[.]84[.]181[.]72"}, {"hashes": ["32e33f3283cbb118ab9cb4bac65e9207fb19472ac0526c1ccde3c09dfbe07007"], "ip": "193[.]122[.]6[.]168"}, {"hashes": ["32801325c6a7e2512338c52618569bfe42e0ccc414ad8403478e832c621872c9"], "ip": "185[.]82[.]220[.]137"}, {"hashes": ["7039f7b53d740f9d27da784b3dbbff127c8e4926af4517c77a884d8d3e22455e"], "ip": "191[.]101[.]22[.]34"}], "mutex": [{"hashes": ["32801325c6a7e2512338c52618569bfe42e0ccc414ad8403478e832c621872c9", "3e4e4cd4d9b33b20816288baa2715c5b44b1e750e27b49cbd6d3f9f806ca8001", "7039f7b53d740f9d27da784b3dbbff127c8e4926af4517c77a884d8d3e22455e", "75168296430a81c1b6a07ec4ae998b2b9e8ce8dc6de4f7c6eb35af4d50458813", "a394d5606596a74e223108ad2f534d8cb211299a0d6d90c73c462c3afc5d3a45", "acbcbd598b758bd6de681b96dfd81ef2028a82e66064f21856a6587b50765783", "c72e21494340dea02f5d4ad2ea0d02f008b27034ad368ac884c38ff4fe52ba9c"], "name": "GLOBAL\\{<random GUID>}"}, {"hashes": ["36fb3d0e48ee960deeb4d88fe7c1f8c1ad3315eec57c95113ac1fee0afcf2d6e", "b0f148376f721ed74f252e36ac7045b6f7beb571ed131d39f1ba06c3fa8c15f4", "c0ea1cf0aee4fb81d4964f80e6bb717a9129df23a00f0925e72280bf49025338"], "name": "DC_MUTEX-VW9E0BJ"}, {"hashes": ["6886bb95013a9f916fbbde507c721a2df5863b077f37bd20097e0fe43772dc12", "cb06dbb74a77f5ca77b82b184c707a3666a6c813a6cac2b8c699a5c86e3ca0e7"], "name": "DC_MUTEX-SNQ9FC5"}, {"hashes": ["287a6c0f58a354b6fbbce18d6d2bdf9082a0fb15c293b215c428977cd2ba5844", "8d2241b4be30e2fefa1c97f6017aab6880ef77fad41698e45a3674f207dd3c4e"], "name": "DC_MUTEX-XU9P7EK"}, {"hashes": ["34234ccbab39e5876a404340e61f3772c0459c03a8bcb49ce81df08b5155300c"], "name": "2f120e27-e0dd-40c0-926d-cacc170a801b"}, {"hashes": ["c6d48bba55f820d2845e6895edee07daeaef65f5863774d8c29c317671eb8cda"], "name": "CB228061E88BC2B69FA01FC09F3CAE00"}], "registry": [{"hashes": ["287a6c0f58a354b6fbbce18d6d2bdf9082a0fb15c293b215c428977cd2ba5844", "36fb3d0e48ee960deeb4d88fe7c1f8c1ad3315eec57c95113ac1fee0afcf2d6e", "6886bb95013a9f916fbbde507c721a2df5863b077f37bd20097e0fe43772dc12", "8d2241b4be30e2fefa1c97f6017aab6880ef77fad41698e45a3674f207dd3c4e", "b0f148376f721ed74f252e36ac7045b6f7beb571ed131d39f1ba06c3fa8c15f4", "c0ea1cf0aee4fb81d4964f80e6bb717a9129df23a00f0925e72280bf49025338", "cb06dbb74a77f5ca77b82b184c707a3666a6c813a6cac2b8c699a5c86e3ca0e7"], "key": "<HKCU>\\SOFTWARE\\DC3_FEXEC", "value_name": null}, {"hashes": ["3e4e4cd4d9b33b20816288baa2715c5b44b1e750e27b49cbd6d3f9f806ca8001", "7039f7b53d740f9d27da784b3dbbff127c8e4926af4517c77a884d8d3e22455e", "75168296430a81c1b6a07ec4ae998b2b9e8ce8dc6de4f7c6eb35af4d50458813", "a394d5606596a74e223108ad2f534d8cb211299a0d6d90c73c462c3afc5d3a45", "acbcbd598b758bd6de681b96dfd81ef2028a82e66064f21856a6587b50765783", "c72e21494340dea02f5d4ad2ea0d02f008b27034ad368ac884c38ff4fe52ba9c"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "AGP Manager"}, {"hashes": ["96a7a364a472cedfa586ed85f268ac9e066212c063634af76f8385a50f1fd55f", "971d009ff009864f116e9d169aa28b4f74cacc6af1aa6fd66076657b74ddbc85", "a584ee3d48e013bee43f2428dde6d75943f4623f46aa7301f1b1287d778ae0de", "c55dfa3f8e4df552dc3234902b76ba3b2b1e9ebb1702f01f86e88ac1271f7793", "c8d941639c1a5ae652058a3a2eb0717f3f3a5a1950496c4371f196c27ca6dafe"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\EXPLORER\\ADVANCED", "value_name": "Hidden"}, {"hashes": ["36fb3d0e48ee960deeb4d88fe7c1f8c1ad3315eec57c95113ac1fee0afcf2d6e", "b0f148376f721ed74f252e36ac7045b6f7beb571ed131d39f1ba06c3fa8c15f4", "c0ea1cf0aee4fb81d4964f80e6bb717a9129df23a00f0925e72280bf49025338"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUNONCE", "value_name": "Axrozue"}, {"hashes": ["6886bb95013a9f916fbbde507c721a2df5863b077f37bd20097e0fe43772dc12", "cb06dbb74a77f5ca77b82b184c707a3666a6c813a6cac2b8c699a5c86e3ca0e7"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUNONCE", "value_name": "Zaxuner"}, {"hashes": ["287a6c0f58a354b6fbbce18d6d2bdf9082a0fb15c293b215c428977cd2ba5844", "8d2241b4be30e2fefa1c97f6017aab6880ef77fad41698e45a3674f207dd3c4e"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUNONCE", "value_name": "Acuxern"}, {"hashes": ["32e33f3283cbb118ab9cb4bac65e9207fb19472ac0526c1ccde3c09dfbe07007"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "ptm"}, {"hashes": ["898cc0800c85027161e26481160bd83544fa7ade222233e2b2552e00ed899e71"], "key": "<HKCU>\\ACRONIS", "value_name": null}, {"hashes": ["898cc0800c85027161e26481160bd83544fa7ade222233e2b2552e00ed899e71"], "key": "<HKCU>\\ACRONIS", "value_name": "Conv"}, {"hashes": ["898cc0800c85027161e26481160bd83544fa7ade222233e2b2552e00ed899e71"], "key": "<HKCU>\\ACRONIS", "value_name": "ConvAsAdm"}, {"hashes": ["898cc0800c85027161e26481160bd83544fa7ade222233e2b2552e00ed899e71"], "key": "<HKCU>\\ACRONIS", "value_name": "IsAdmin"}, {"hashes": ["34234ccbab39e5876a404340e61f3772c0459c03a8bcb49ce81df08b5155300c"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUNONCE", "value_name": "Coreuv"}, {"hashes": ["a71e76ced9e8a5e3a4fff02ac395f1966f21b5d3381a96ac8ff337f12f489306"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUNONCE", "value_name": "Short Term "}, {"hashes": ["32801325c6a7e2512338c52618569bfe42e0ccc414ad8403478e832c621872c9"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUNONCE", "value_name": "outlook_sys"}, {"hashes": ["9a6a56ae7799714a9ff7d2582881ce2d576a5554b003480c43a6832a1af02f91"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUNONCE", "value_name": "Long Term Loan "}, {"hashes": ["75168296430a81c1b6a07ec4ae998b2b9e8ce8dc6de4f7c6eb35af4d50458813"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUNONCE", "value_name": "firefox"}]}, "reports_count": 25}, "Win.Dropper.Kuluoz-9994888-0": {"bis": [{"bi": "memory-execute-readwrite", "hashes": ["29788f51207813c3403377e1674f468d20d3ed7e45f15dbe1ca1ad044bdf2792", "028fdd74004cff65fe2f4977a71c402008874a2ad55f38b29f8edb093ae8c2d9", "00502f3a5e474959f8ce93b5feeb79dd7f6eff4ecd7dbefe0c2e3678de0eedf6", "2afecd890b126bc1fbbe694b40a8d64f9c6feacf3e92589a2aaa85cacf1b9f6b", "22a4ff01ae30c88ca2237c306eb74cf7b237d7f19992cd04498802531fbbbc37", "22fe5826d997627a3b8de9bf294c64982ead2ce0e0e8a714701e2c0031724cd7", "0f84d1068efc6101d418994a6c0141d1bb5163e1853dc4c846bc297b74821871", "016f8bb1679a9874d406645ec5fbf9fe01f1349c718c2a19507dcd01ff2bbbbf", "11a5c730b3f4114d72e6d756bf7a56b8f5a3ddc4acfb4ea26f8e7f789fce4db0", "02ba868962d78226f227bd28fbcb968e4b4fca390ed617c2f3ccc30f60159a21", "0e295123a220ffab3b256d7dfb4c9d628d8cfbd60c3860df3690b45b12ce8da5", "192c9c3b0a954bbbc6c28580031cc70dc30cb759cd3b04c374a7aa000dcdedac", "20ff0ac60be2dcd35809c92b0cfd47e966c821df2627713f1acdb5d68c8ce92b", "3aad7855aecc9e3d66c8bf8e3882a43f20e92f84c33997c46ec247303f5fca2b", "27290dadc36cce8e75a1940f42c0006275bebe27e4f6e8bf145b0559e001ee0c", "1041183e190b64467f531ab81cc85fc600f19b04d869d741a7540f7e887d19c1", "13858a319ec0f498c3bcadd3fe22c4a6f98c8aef8046039afa07cfcb2ac9c0a3", "01426a2a369847c154bbf2ee9fe8d2fa4c35fbac43dc9a67beeda28f31329ee4", "0c493764094a0f20f2066b1c6dd5620cecf298d0474c0e27c8502efdd84ad1cb", "2ad296ade0c55703b53b8270aa494fdbe8a577e134e3cfeb7c766981602d96d9", "15f934e01433fbf5045a4b02ad70f220113c65966300081bbee7c825992763b5", "0d875382e169d8d0cee865be13592c356f3e0bda4c53709e7cb6cf1c058e1a4c", "0220e3fc2b2066f271a89c632da64595d838544de4b5ebc5f04aac66940971f7", "36e28c49a0cbd460214b4b4f8525ad08a2a34637d2662161b3ec352a74217945", "35d506f99a4e9022a56c5b1c344b6e29d045359563198b3aaf906acaf9e737e6", "9cb7116a5df0b28954e70b973bc0e687fa1e8ea3c333e5c24c3efbf433c5925d"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "modified-executable", "hashes": ["29788f51207813c3403377e1674f468d20d3ed7e45f15dbe1ca1ad044bdf2792", "028fdd74004cff65fe2f4977a71c402008874a2ad55f38b29f8edb093ae8c2d9", "00502f3a5e474959f8ce93b5feeb79dd7f6eff4ecd7dbefe0c2e3678de0eedf6", "2afecd890b126bc1fbbe694b40a8d64f9c6feacf3e92589a2aaa85cacf1b9f6b", "22a4ff01ae30c88ca2237c306eb74cf7b237d7f19992cd04498802531fbbbc37", "22fe5826d997627a3b8de9bf294c64982ead2ce0e0e8a714701e2c0031724cd7", "0f84d1068efc6101d418994a6c0141d1bb5163e1853dc4c846bc297b74821871", "016f8bb1679a9874d406645ec5fbf9fe01f1349c718c2a19507dcd01ff2bbbbf", "11a5c730b3f4114d72e6d756bf7a56b8f5a3ddc4acfb4ea26f8e7f789fce4db0", "02ba868962d78226f227bd28fbcb968e4b4fca390ed617c2f3ccc30f60159a21", "0e295123a220ffab3b256d7dfb4c9d628d8cfbd60c3860df3690b45b12ce8da5", "192c9c3b0a954bbbc6c28580031cc70dc30cb759cd3b04c374a7aa000dcdedac", "20ff0ac60be2dcd35809c92b0cfd47e966c821df2627713f1acdb5d68c8ce92b", "3aad7855aecc9e3d66c8bf8e3882a43f20e92f84c33997c46ec247303f5fca2b", "27290dadc36cce8e75a1940f42c0006275bebe27e4f6e8bf145b0559e001ee0c", "1041183e190b64467f531ab81cc85fc600f19b04d869d741a7540f7e887d19c1", "13858a319ec0f498c3bcadd3fe22c4a6f98c8aef8046039afa07cfcb2ac9c0a3", "01426a2a369847c154bbf2ee9fe8d2fa4c35fbac43dc9a67beeda28f31329ee4", "0c493764094a0f20f2066b1c6dd5620cecf298d0474c0e27c8502efdd84ad1cb", "2ad296ade0c55703b53b8270aa494fdbe8a577e134e3cfeb7c766981602d96d9", "15f934e01433fbf5045a4b02ad70f220113c65966300081bbee7c825992763b5", "0d875382e169d8d0cee865be13592c356f3e0bda4c53709e7cb6cf1c058e1a4c", "0220e3fc2b2066f271a89c632da64595d838544de4b5ebc5f04aac66940971f7", "36e28c49a0cbd460214b4b4f8525ad08a2a34637d2662161b3ec352a74217945", "35d506f99a4e9022a56c5b1c344b6e29d045359563198b3aaf906acaf9e737e6", "9cb7116a5df0b28954e70b973bc0e687fa1e8ea3c333e5c24c3efbf433c5925d"], "mitre_attack_tags": []}, {"bi": "created-executable-in-user-dir", "hashes": ["29788f51207813c3403377e1674f468d20d3ed7e45f15dbe1ca1ad044bdf2792", "028fdd74004cff65fe2f4977a71c402008874a2ad55f38b29f8edb093ae8c2d9", "00502f3a5e474959f8ce93b5feeb79dd7f6eff4ecd7dbefe0c2e3678de0eedf6", "2afecd890b126bc1fbbe694b40a8d64f9c6feacf3e92589a2aaa85cacf1b9f6b", "22a4ff01ae30c88ca2237c306eb74cf7b237d7f19992cd04498802531fbbbc37", "22fe5826d997627a3b8de9bf294c64982ead2ce0e0e8a714701e2c0031724cd7", "0f84d1068efc6101d418994a6c0141d1bb5163e1853dc4c846bc297b74821871", "016f8bb1679a9874d406645ec5fbf9fe01f1349c718c2a19507dcd01ff2bbbbf", "11a5c730b3f4114d72e6d756bf7a56b8f5a3ddc4acfb4ea26f8e7f789fce4db0", "02ba868962d78226f227bd28fbcb968e4b4fca390ed617c2f3ccc30f60159a21", "0e295123a220ffab3b256d7dfb4c9d628d8cfbd60c3860df3690b45b12ce8da5", "192c9c3b0a954bbbc6c28580031cc70dc30cb759cd3b04c374a7aa000dcdedac", "20ff0ac60be2dcd35809c92b0cfd47e966c821df2627713f1acdb5d68c8ce92b", "3aad7855aecc9e3d66c8bf8e3882a43f20e92f84c33997c46ec247303f5fca2b", "27290dadc36cce8e75a1940f42c0006275bebe27e4f6e8bf145b0559e001ee0c", "1041183e190b64467f531ab81cc85fc600f19b04d869d741a7540f7e887d19c1", "13858a319ec0f498c3bcadd3fe22c4a6f98c8aef8046039afa07cfcb2ac9c0a3", "01426a2a369847c154bbf2ee9fe8d2fa4c35fbac43dc9a67beeda28f31329ee4", "0c493764094a0f20f2066b1c6dd5620cecf298d0474c0e27c8502efdd84ad1cb", "2ad296ade0c55703b53b8270aa494fdbe8a577e134e3cfeb7c766981602d96d9", "15f934e01433fbf5045a4b02ad70f220113c65966300081bbee7c825992763b5", "0d875382e169d8d0cee865be13592c356f3e0bda4c53709e7cb6cf1c058e1a4c", "0220e3fc2b2066f271a89c632da64595d838544de4b5ebc5f04aac66940971f7", "36e28c49a0cbd460214b4b4f8525ad08a2a34637d2662161b3ec352a74217945", "35d506f99a4e9022a56c5b1c344b6e29d045359563198b3aaf906acaf9e737e6", "9cb7116a5df0b28954e70b973bc0e687fa1e8ea3c333e5c24c3efbf433c5925d"], "mitre_attack_tags": []}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["29788f51207813c3403377e1674f468d20d3ed7e45f15dbe1ca1ad044bdf2792", "028fdd74004cff65fe2f4977a71c402008874a2ad55f38b29f8edb093ae8c2d9", "00502f3a5e474959f8ce93b5feeb79dd7f6eff4ecd7dbefe0c2e3678de0eedf6", "2afecd890b126bc1fbbe694b40a8d64f9c6feacf3e92589a2aaa85cacf1b9f6b", "22a4ff01ae30c88ca2237c306eb74cf7b237d7f19992cd04498802531fbbbc37", "22fe5826d997627a3b8de9bf294c64982ead2ce0e0e8a714701e2c0031724cd7", "0f84d1068efc6101d418994a6c0141d1bb5163e1853dc4c846bc297b74821871", "016f8bb1679a9874d406645ec5fbf9fe01f1349c718c2a19507dcd01ff2bbbbf", "11a5c730b3f4114d72e6d756bf7a56b8f5a3ddc4acfb4ea26f8e7f789fce4db0", "02ba868962d78226f227bd28fbcb968e4b4fca390ed617c2f3ccc30f60159a21", "0e295123a220ffab3b256d7dfb4c9d628d8cfbd60c3860df3690b45b12ce8da5", "192c9c3b0a954bbbc6c28580031cc70dc30cb759cd3b04c374a7aa000dcdedac", "20ff0ac60be2dcd35809c92b0cfd47e966c821df2627713f1acdb5d68c8ce92b", "3aad7855aecc9e3d66c8bf8e3882a43f20e92f84c33997c46ec247303f5fca2b", "27290dadc36cce8e75a1940f42c0006275bebe27e4f6e8bf145b0559e001ee0c", "1041183e190b64467f531ab81cc85fc600f19b04d869d741a7540f7e887d19c1", "13858a319ec0f498c3bcadd3fe22c4a6f98c8aef8046039afa07cfcb2ac9c0a3", "01426a2a369847c154bbf2ee9fe8d2fa4c35fbac43dc9a67beeda28f31329ee4", "0c493764094a0f20f2066b1c6dd5620cecf298d0474c0e27c8502efdd84ad1cb", "2ad296ade0c55703b53b8270aa494fdbe8a577e134e3cfeb7c766981602d96d9", "15f934e01433fbf5045a4b02ad70f220113c65966300081bbee7c825992763b5", "0d875382e169d8d0cee865be13592c356f3e0bda4c53709e7cb6cf1c058e1a4c", "0220e3fc2b2066f271a89c632da64595d838544de4b5ebc5f04aac66940971f7", "36e28c49a0cbd460214b4b4f8525ad08a2a34637d2662161b3ec352a74217945", "35d506f99a4e9022a56c5b1c344b6e29d045359563198b3aaf906acaf9e737e6", "9cb7116a5df0b28954e70b973bc0e687fa1e8ea3c333e5c24c3efbf433c5925d"], "mitre_attack_tags": []}, {"bi": "modified-file-in-user-dir", "hashes": ["29788f51207813c3403377e1674f468d20d3ed7e45f15dbe1ca1ad044bdf2792", "028fdd74004cff65fe2f4977a71c402008874a2ad55f38b29f8edb093ae8c2d9", "00502f3a5e474959f8ce93b5feeb79dd7f6eff4ecd7dbefe0c2e3678de0eedf6", "2afecd890b126bc1fbbe694b40a8d64f9c6feacf3e92589a2aaa85cacf1b9f6b", "22a4ff01ae30c88ca2237c306eb74cf7b237d7f19992cd04498802531fbbbc37", "22fe5826d997627a3b8de9bf294c64982ead2ce0e0e8a714701e2c0031724cd7", "0f84d1068efc6101d418994a6c0141d1bb5163e1853dc4c846bc297b74821871", "016f8bb1679a9874d406645ec5fbf9fe01f1349c718c2a19507dcd01ff2bbbbf", "11a5c730b3f4114d72e6d756bf7a56b8f5a3ddc4acfb4ea26f8e7f789fce4db0", "02ba868962d78226f227bd28fbcb968e4b4fca390ed617c2f3ccc30f60159a21", "0e295123a220ffab3b256d7dfb4c9d628d8cfbd60c3860df3690b45b12ce8da5", "192c9c3b0a954bbbc6c28580031cc70dc30cb759cd3b04c374a7aa000dcdedac", "20ff0ac60be2dcd35809c92b0cfd47e966c821df2627713f1acdb5d68c8ce92b", "3aad7855aecc9e3d66c8bf8e3882a43f20e92f84c33997c46ec247303f5fca2b", "27290dadc36cce8e75a1940f42c0006275bebe27e4f6e8bf145b0559e001ee0c", "1041183e190b64467f531ab81cc85fc600f19b04d869d741a7540f7e887d19c1", "13858a319ec0f498c3bcadd3fe22c4a6f98c8aef8046039afa07cfcb2ac9c0a3", "01426a2a369847c154bbf2ee9fe8d2fa4c35fbac43dc9a67beeda28f31329ee4", "0c493764094a0f20f2066b1c6dd5620cecf298d0474c0e27c8502efdd84ad1cb", "2ad296ade0c55703b53b8270aa494fdbe8a577e134e3cfeb7c766981602d96d9", "15f934e01433fbf5045a4b02ad70f220113c65966300081bbee7c825992763b5", "0d875382e169d8d0cee865be13592c356f3e0bda4c53709e7cb6cf1c058e1a4c", "0220e3fc2b2066f271a89c632da64595d838544de4b5ebc5f04aac66940971f7", "36e28c49a0cbd460214b4b4f8525ad08a2a34637d2662161b3ec352a74217945", "35d506f99a4e9022a56c5b1c344b6e29d045359563198b3aaf906acaf9e737e6", "9cb7116a5df0b28954e70b973bc0e687fa1e8ea3c333e5c24c3efbf433c5925d"], "mitre_attack_tags": []}, {"bi": "pe-invalid-checksum", "hashes": ["29788f51207813c3403377e1674f468d20d3ed7e45f15dbe1ca1ad044bdf2792", "028fdd74004cff65fe2f4977a71c402008874a2ad55f38b29f8edb093ae8c2d9", "00502f3a5e474959f8ce93b5feeb79dd7f6eff4ecd7dbefe0c2e3678de0eedf6", "2afecd890b126bc1fbbe694b40a8d64f9c6feacf3e92589a2aaa85cacf1b9f6b", "22a4ff01ae30c88ca2237c306eb74cf7b237d7f19992cd04498802531fbbbc37", "22fe5826d997627a3b8de9bf294c64982ead2ce0e0e8a714701e2c0031724cd7", "0f84d1068efc6101d418994a6c0141d1bb5163e1853dc4c846bc297b74821871", "016f8bb1679a9874d406645ec5fbf9fe01f1349c718c2a19507dcd01ff2bbbbf", "11a5c730b3f4114d72e6d756bf7a56b8f5a3ddc4acfb4ea26f8e7f789fce4db0", "02ba868962d78226f227bd28fbcb968e4b4fca390ed617c2f3ccc30f60159a21", "0e295123a220ffab3b256d7dfb4c9d628d8cfbd60c3860df3690b45b12ce8da5", "192c9c3b0a954bbbc6c28580031cc70dc30cb759cd3b04c374a7aa000dcdedac", "20ff0ac60be2dcd35809c92b0cfd47e966c821df2627713f1acdb5d68c8ce92b", "3aad7855aecc9e3d66c8bf8e3882a43f20e92f84c33997c46ec247303f5fca2b", "27290dadc36cce8e75a1940f42c0006275bebe27e4f6e8bf145b0559e001ee0c", "1041183e190b64467f531ab81cc85fc600f19b04d869d741a7540f7e887d19c1", "13858a319ec0f498c3bcadd3fe22c4a6f98c8aef8046039afa07cfcb2ac9c0a3", "01426a2a369847c154bbf2ee9fe8d2fa4c35fbac43dc9a67beeda28f31329ee4", "0c493764094a0f20f2066b1c6dd5620cecf298d0474c0e27c8502efdd84ad1cb", "2ad296ade0c55703b53b8270aa494fdbe8a577e134e3cfeb7c766981602d96d9", "15f934e01433fbf5045a4b02ad70f220113c65966300081bbee7c825992763b5", "0d875382e169d8d0cee865be13592c356f3e0bda4c53709e7cb6cf1c058e1a4c", "0220e3fc2b2066f271a89c632da64595d838544de4b5ebc5f04aac66940971f7", "36e28c49a0cbd460214b4b4f8525ad08a2a34637d2662161b3ec352a74217945", "35d506f99a4e9022a56c5b1c344b6e29d045359563198b3aaf906acaf9e737e6", "9cb7116a5df0b28954e70b973bc0e687fa1e8ea3c333e5c24c3efbf433c5925d"], "mitre_attack_tags": []}, {"bi": "process-svchost-suspicious-launch", "hashes": ["29788f51207813c3403377e1674f468d20d3ed7e45f15dbe1ca1ad044bdf2792", "028fdd74004cff65fe2f4977a71c402008874a2ad55f38b29f8edb093ae8c2d9", "00502f3a5e474959f8ce93b5feeb79dd7f6eff4ecd7dbefe0c2e3678de0eedf6", "2afecd890b126bc1fbbe694b40a8d64f9c6feacf3e92589a2aaa85cacf1b9f6b", "22a4ff01ae30c88ca2237c306eb74cf7b237d7f19992cd04498802531fbbbc37", "22fe5826d997627a3b8de9bf294c64982ead2ce0e0e8a714701e2c0031724cd7", "0f84d1068efc6101d418994a6c0141d1bb5163e1853dc4c846bc297b74821871", "016f8bb1679a9874d406645ec5fbf9fe01f1349c718c2a19507dcd01ff2bbbbf", "11a5c730b3f4114d72e6d756bf7a56b8f5a3ddc4acfb4ea26f8e7f789fce4db0", "02ba868962d78226f227bd28fbcb968e4b4fca390ed617c2f3ccc30f60159a21", "0e295123a220ffab3b256d7dfb4c9d628d8cfbd60c3860df3690b45b12ce8da5", "192c9c3b0a954bbbc6c28580031cc70dc30cb759cd3b04c374a7aa000dcdedac", "20ff0ac60be2dcd35809c92b0cfd47e966c821df2627713f1acdb5d68c8ce92b", "3aad7855aecc9e3d66c8bf8e3882a43f20e92f84c33997c46ec247303f5fca2b", "27290dadc36cce8e75a1940f42c0006275bebe27e4f6e8bf145b0559e001ee0c", "1041183e190b64467f531ab81cc85fc600f19b04d869d741a7540f7e887d19c1", "13858a319ec0f498c3bcadd3fe22c4a6f98c8aef8046039afa07cfcb2ac9c0a3", "01426a2a369847c154bbf2ee9fe8d2fa4c35fbac43dc9a67beeda28f31329ee4", "0c493764094a0f20f2066b1c6dd5620cecf298d0474c0e27c8502efdd84ad1cb", "2ad296ade0c55703b53b8270aa494fdbe8a577e134e3cfeb7c766981602d96d9", "15f934e01433fbf5045a4b02ad70f220113c65966300081bbee7c825992763b5", "0d875382e169d8d0cee865be13592c356f3e0bda4c53709e7cb6cf1c058e1a4c", "0220e3fc2b2066f271a89c632da64595d838544de4b5ebc5f04aac66940971f7", "36e28c49a0cbd460214b4b4f8525ad08a2a34637d2662161b3ec352a74217945", "35d506f99a4e9022a56c5b1c344b6e29d045359563198b3aaf906acaf9e737e6", "9cb7116a5df0b28954e70b973bc0e687fa1e8ea3c333e5c24c3efbf433c5925d"], "mitre_attack_tags": ["TA0005", "T1036"]}, {"bi": "registry-autorun-key-data-dir", "hashes": ["29788f51207813c3403377e1674f468d20d3ed7e45f15dbe1ca1ad044bdf2792", "028fdd74004cff65fe2f4977a71c402008874a2ad55f38b29f8edb093ae8c2d9", "00502f3a5e474959f8ce93b5feeb79dd7f6eff4ecd7dbefe0c2e3678de0eedf6", "2afecd890b126bc1fbbe694b40a8d64f9c6feacf3e92589a2aaa85cacf1b9f6b", "22a4ff01ae30c88ca2237c306eb74cf7b237d7f19992cd04498802531fbbbc37", "22fe5826d997627a3b8de9bf294c64982ead2ce0e0e8a714701e2c0031724cd7", "0f84d1068efc6101d418994a6c0141d1bb5163e1853dc4c846bc297b74821871", "016f8bb1679a9874d406645ec5fbf9fe01f1349c718c2a19507dcd01ff2bbbbf", "11a5c730b3f4114d72e6d756bf7a56b8f5a3ddc4acfb4ea26f8e7f789fce4db0", "02ba868962d78226f227bd28fbcb968e4b4fca390ed617c2f3ccc30f60159a21", "0e295123a220ffab3b256d7dfb4c9d628d8cfbd60c3860df3690b45b12ce8da5", "192c9c3b0a954bbbc6c28580031cc70dc30cb759cd3b04c374a7aa000dcdedac", "20ff0ac60be2dcd35809c92b0cfd47e966c821df2627713f1acdb5d68c8ce92b", "3aad7855aecc9e3d66c8bf8e3882a43f20e92f84c33997c46ec247303f5fca2b", "27290dadc36cce8e75a1940f42c0006275bebe27e4f6e8bf145b0559e001ee0c", "1041183e190b64467f531ab81cc85fc600f19b04d869d741a7540f7e887d19c1", "13858a319ec0f498c3bcadd3fe22c4a6f98c8aef8046039afa07cfcb2ac9c0a3", "01426a2a369847c154bbf2ee9fe8d2fa4c35fbac43dc9a67beeda28f31329ee4", "0c493764094a0f20f2066b1c6dd5620cecf298d0474c0e27c8502efdd84ad1cb", "2ad296ade0c55703b53b8270aa494fdbe8a577e134e3cfeb7c766981602d96d9", "15f934e01433fbf5045a4b02ad70f220113c65966300081bbee7c825992763b5", "0d875382e169d8d0cee865be13592c356f3e0bda4c53709e7cb6cf1c058e1a4c", "0220e3fc2b2066f271a89c632da64595d838544de4b5ebc5f04aac66940971f7", "36e28c49a0cbd460214b4b4f8525ad08a2a34637d2662161b3ec352a74217945", "35d506f99a4e9022a56c5b1c344b6e29d045359563198b3aaf906acaf9e737e6", "9cb7116a5df0b28954e70b973bc0e687fa1e8ea3c333e5c24c3efbf433c5925d"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "registry-autorun-key-modified", "hashes": ["29788f51207813c3403377e1674f468d20d3ed7e45f15dbe1ca1ad044bdf2792", "028fdd74004cff65fe2f4977a71c402008874a2ad55f38b29f8edb093ae8c2d9", "00502f3a5e474959f8ce93b5feeb79dd7f6eff4ecd7dbefe0c2e3678de0eedf6", "2afecd890b126bc1fbbe694b40a8d64f9c6feacf3e92589a2aaa85cacf1b9f6b", "22a4ff01ae30c88ca2237c306eb74cf7b237d7f19992cd04498802531fbbbc37", "22fe5826d997627a3b8de9bf294c64982ead2ce0e0e8a714701e2c0031724cd7", "0f84d1068efc6101d418994a6c0141d1bb5163e1853dc4c846bc297b74821871", "016f8bb1679a9874d406645ec5fbf9fe01f1349c718c2a19507dcd01ff2bbbbf", "11a5c730b3f4114d72e6d756bf7a56b8f5a3ddc4acfb4ea26f8e7f789fce4db0", "02ba868962d78226f227bd28fbcb968e4b4fca390ed617c2f3ccc30f60159a21", "0e295123a220ffab3b256d7dfb4c9d628d8cfbd60c3860df3690b45b12ce8da5", "192c9c3b0a954bbbc6c28580031cc70dc30cb759cd3b04c374a7aa000dcdedac", "20ff0ac60be2dcd35809c92b0cfd47e966c821df2627713f1acdb5d68c8ce92b", "3aad7855aecc9e3d66c8bf8e3882a43f20e92f84c33997c46ec247303f5fca2b", "27290dadc36cce8e75a1940f42c0006275bebe27e4f6e8bf145b0559e001ee0c", "1041183e190b64467f531ab81cc85fc600f19b04d869d741a7540f7e887d19c1", "13858a319ec0f498c3bcadd3fe22c4a6f98c8aef8046039afa07cfcb2ac9c0a3", "01426a2a369847c154bbf2ee9fe8d2fa4c35fbac43dc9a67beeda28f31329ee4", "0c493764094a0f20f2066b1c6dd5620cecf298d0474c0e27c8502efdd84ad1cb", "2ad296ade0c55703b53b8270aa494fdbe8a577e134e3cfeb7c766981602d96d9", "15f934e01433fbf5045a4b02ad70f220113c65966300081bbee7c825992763b5", "0d875382e169d8d0cee865be13592c356f3e0bda4c53709e7cb6cf1c058e1a4c", "0220e3fc2b2066f271a89c632da64595d838544de4b5ebc5f04aac66940971f7", "36e28c49a0cbd460214b4b4f8525ad08a2a34637d2662161b3ec352a74217945", "35d506f99a4e9022a56c5b1c344b6e29d045359563198b3aaf906acaf9e737e6", "9cb7116a5df0b28954e70b973bc0e687fa1e8ea3c333e5c24c3efbf433c5925d"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "imports-IsDebuggerPresent", "hashes": ["29788f51207813c3403377e1674f468d20d3ed7e45f15dbe1ca1ad044bdf2792", "028fdd74004cff65fe2f4977a71c402008874a2ad55f38b29f8edb093ae8c2d9", "00502f3a5e474959f8ce93b5feeb79dd7f6eff4ecd7dbefe0c2e3678de0eedf6", "2afecd890b126bc1fbbe694b40a8d64f9c6feacf3e92589a2aaa85cacf1b9f6b", "22a4ff01ae30c88ca2237c306eb74cf7b237d7f19992cd04498802531fbbbc37", "22fe5826d997627a3b8de9bf294c64982ead2ce0e0e8a714701e2c0031724cd7", "0f84d1068efc6101d418994a6c0141d1bb5163e1853dc4c846bc297b74821871", "016f8bb1679a9874d406645ec5fbf9fe01f1349c718c2a19507dcd01ff2bbbbf", "11a5c730b3f4114d72e6d756bf7a56b8f5a3ddc4acfb4ea26f8e7f789fce4db0", "02ba868962d78226f227bd28fbcb968e4b4fca390ed617c2f3ccc30f60159a21", "0e295123a220ffab3b256d7dfb4c9d628d8cfbd60c3860df3690b45b12ce8da5", "192c9c3b0a954bbbc6c28580031cc70dc30cb759cd3b04c374a7aa000dcdedac", "20ff0ac60be2dcd35809c92b0cfd47e966c821df2627713f1acdb5d68c8ce92b", "3aad7855aecc9e3d66c8bf8e3882a43f20e92f84c33997c46ec247303f5fca2b", "27290dadc36cce8e75a1940f42c0006275bebe27e4f6e8bf145b0559e001ee0c", "1041183e190b64467f531ab81cc85fc600f19b04d869d741a7540f7e887d19c1", "13858a319ec0f498c3bcadd3fe22c4a6f98c8aef8046039afa07cfcb2ac9c0a3", "01426a2a369847c154bbf2ee9fe8d2fa4c35fbac43dc9a67beeda28f31329ee4", "0c493764094a0f20f2066b1c6dd5620cecf298d0474c0e27c8502efdd84ad1cb", "2ad296ade0c55703b53b8270aa494fdbe8a577e134e3cfeb7c766981602d96d9", "15f934e01433fbf5045a4b02ad70f220113c65966300081bbee7c825992763b5", "0d875382e169d8d0cee865be13592c356f3e0bda4c53709e7cb6cf1c058e1a4c", "0220e3fc2b2066f271a89c632da64595d838544de4b5ebc5f04aac66940971f7", "36e28c49a0cbd460214b4b4f8525ad08a2a34637d2662161b3ec352a74217945", "35d506f99a4e9022a56c5b1c344b6e29d045359563198b3aaf906acaf9e737e6", "9cb7116a5df0b28954e70b973bc0e687fa1e8ea3c333e5c24c3efbf433c5925d"], "mitre_attack_tags": ["TA0005", "TA0007"]}, {"bi": "malware-kuluoz-mutex", "hashes": ["29788f51207813c3403377e1674f468d20d3ed7e45f15dbe1ca1ad044bdf2792", "028fdd74004cff65fe2f4977a71c402008874a2ad55f38b29f8edb093ae8c2d9", "00502f3a5e474959f8ce93b5feeb79dd7f6eff4ecd7dbefe0c2e3678de0eedf6", "2afecd890b126bc1fbbe694b40a8d64f9c6feacf3e92589a2aaa85cacf1b9f6b", "22a4ff01ae30c88ca2237c306eb74cf7b237d7f19992cd04498802531fbbbc37", "22fe5826d997627a3b8de9bf294c64982ead2ce0e0e8a714701e2c0031724cd7", "0f84d1068efc6101d418994a6c0141d1bb5163e1853dc4c846bc297b74821871", "016f8bb1679a9874d406645ec5fbf9fe01f1349c718c2a19507dcd01ff2bbbbf", "11a5c730b3f4114d72e6d756bf7a56b8f5a3ddc4acfb4ea26f8e7f789fce4db0", "02ba868962d78226f227bd28fbcb968e4b4fca390ed617c2f3ccc30f60159a21", "0e295123a220ffab3b256d7dfb4c9d628d8cfbd60c3860df3690b45b12ce8da5", "192c9c3b0a954bbbc6c28580031cc70dc30cb759cd3b04c374a7aa000dcdedac", "20ff0ac60be2dcd35809c92b0cfd47e966c821df2627713f1acdb5d68c8ce92b", "3aad7855aecc9e3d66c8bf8e3882a43f20e92f84c33997c46ec247303f5fca2b", "27290dadc36cce8e75a1940f42c0006275bebe27e4f6e8bf145b0559e001ee0c", "1041183e190b64467f531ab81cc85fc600f19b04d869d741a7540f7e887d19c1", "13858a319ec0f498c3bcadd3fe22c4a6f98c8aef8046039afa07cfcb2ac9c0a3", "01426a2a369847c154bbf2ee9fe8d2fa4c35fbac43dc9a67beeda28f31329ee4", "0c493764094a0f20f2066b1c6dd5620cecf298d0474c0e27c8502efdd84ad1cb", "2ad296ade0c55703b53b8270aa494fdbe8a577e134e3cfeb7c766981602d96d9", "15f934e01433fbf5045a4b02ad70f220113c65966300081bbee7c825992763b5", "0d875382e169d8d0cee865be13592c356f3e0bda4c53709e7cb6cf1c058e1a4c", "0220e3fc2b2066f271a89c632da64595d838544de4b5ebc5f04aac66940971f7", "36e28c49a0cbd460214b4b4f8525ad08a2a34637d2662161b3ec352a74217945", "35d506f99a4e9022a56c5b1c344b6e29d045359563198b3aaf906acaf9e737e6", "9cb7116a5df0b28954e70b973bc0e687fa1e8ea3c333e5c24c3efbf433c5925d"], "mitre_attack_tags": []}, {"bi": "created-executable-sample-appdata", "hashes": ["29788f51207813c3403377e1674f468d20d3ed7e45f15dbe1ca1ad044bdf2792", "028fdd74004cff65fe2f4977a71c402008874a2ad55f38b29f8edb093ae8c2d9", "00502f3a5e474959f8ce93b5feeb79dd7f6eff4ecd7dbefe0c2e3678de0eedf6", "2afecd890b126bc1fbbe694b40a8d64f9c6feacf3e92589a2aaa85cacf1b9f6b", "22a4ff01ae30c88ca2237c306eb74cf7b237d7f19992cd04498802531fbbbc37", "22fe5826d997627a3b8de9bf294c64982ead2ce0e0e8a714701e2c0031724cd7", "0f84d1068efc6101d418994a6c0141d1bb5163e1853dc4c846bc297b74821871", "016f8bb1679a9874d406645ec5fbf9fe01f1349c718c2a19507dcd01ff2bbbbf", "11a5c730b3f4114d72e6d756bf7a56b8f5a3ddc4acfb4ea26f8e7f789fce4db0", "02ba868962d78226f227bd28fbcb968e4b4fca390ed617c2f3ccc30f60159a21", "0e295123a220ffab3b256d7dfb4c9d628d8cfbd60c3860df3690b45b12ce8da5", "192c9c3b0a954bbbc6c28580031cc70dc30cb759cd3b04c374a7aa000dcdedac", "20ff0ac60be2dcd35809c92b0cfd47e966c821df2627713f1acdb5d68c8ce92b", "3aad7855aecc9e3d66c8bf8e3882a43f20e92f84c33997c46ec247303f5fca2b", "27290dadc36cce8e75a1940f42c0006275bebe27e4f6e8bf145b0559e001ee0c", "1041183e190b64467f531ab81cc85fc600f19b04d869d741a7540f7e887d19c1", "13858a319ec0f498c3bcadd3fe22c4a6f98c8aef8046039afa07cfcb2ac9c0a3", "01426a2a369847c154bbf2ee9fe8d2fa4c35fbac43dc9a67beeda28f31329ee4", "0c493764094a0f20f2066b1c6dd5620cecf298d0474c0e27c8502efdd84ad1cb", "2ad296ade0c55703b53b8270aa494fdbe8a577e134e3cfeb7c766981602d96d9", "15f934e01433fbf5045a4b02ad70f220113c65966300081bbee7c825992763b5", "0d875382e169d8d0cee865be13592c356f3e0bda4c53709e7cb6cf1c058e1a4c", "0220e3fc2b2066f271a89c632da64595d838544de4b5ebc5f04aac66940971f7", "36e28c49a0cbd460214b4b4f8525ad08a2a34637d2662161b3ec352a74217945", "35d506f99a4e9022a56c5b1c344b6e29d045359563198b3aaf906acaf9e737e6", "9cb7116a5df0b28954e70b973bc0e687fa1e8ea3c333e5c24c3efbf433c5925d"], "mitre_attack_tags": ["TA0005", "T1564"]}], "category": "Dropper", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": false, "Threat Grid": true, "Umbrella": false, "WSA": false}, "description": "Kuluoz, sometimes known as \"Asprox,\" is a modular remote access trojan that is also known to download and execute follow-on malware, such as fake antivirus software. Kuluoz is often delivered via spam emails pretending to be shipment delivery notifications or flight booking confirmations.", "hashes": ["00502f3a5e474959f8ce93b5feeb79dd7f6eff4ecd7dbefe0c2e3678de0eedf6", "01426a2a369847c154bbf2ee9fe8d2fa4c35fbac43dc9a67beeda28f31329ee4", "016f8bb1679a9874d406645ec5fbf9fe01f1349c718c2a19507dcd01ff2bbbbf", "0220e3fc2b2066f271a89c632da64595d838544de4b5ebc5f04aac66940971f7", "028fdd74004cff65fe2f4977a71c402008874a2ad55f38b29f8edb093ae8c2d9", "02ba868962d78226f227bd28fbcb968e4b4fca390ed617c2f3ccc30f60159a21", "0c493764094a0f20f2066b1c6dd5620cecf298d0474c0e27c8502efdd84ad1cb", "0d875382e169d8d0cee865be13592c356f3e0bda4c53709e7cb6cf1c058e1a4c", "0e295123a220ffab3b256d7dfb4c9d628d8cfbd60c3860df3690b45b12ce8da5", "0f84d1068efc6101d418994a6c0141d1bb5163e1853dc4c846bc297b74821871", "1041183e190b64467f531ab81cc85fc600f19b04d869d741a7540f7e887d19c1", "11a5c730b3f4114d72e6d756bf7a56b8f5a3ddc4acfb4ea26f8e7f789fce4db0", "13858a319ec0f498c3bcadd3fe22c4a6f98c8aef8046039afa07cfcb2ac9c0a3", "15f934e01433fbf5045a4b02ad70f220113c65966300081bbee7c825992763b5", "192c9c3b0a954bbbc6c28580031cc70dc30cb759cd3b04c374a7aa000dcdedac", "20ff0ac60be2dcd35809c92b0cfd47e966c821df2627713f1acdb5d68c8ce92b", "22a4ff01ae30c88ca2237c306eb74cf7b237d7f19992cd04498802531fbbbc37", "22fe5826d997627a3b8de9bf294c64982ead2ce0e0e8a714701e2c0031724cd7", "27290dadc36cce8e75a1940f42c0006275bebe27e4f6e8bf145b0559e001ee0c", "29788f51207813c3403377e1674f468d20d3ed7e45f15dbe1ca1ad044bdf2792", "2ad296ade0c55703b53b8270aa494fdbe8a577e134e3cfeb7c766981602d96d9", "2afecd890b126bc1fbbe694b40a8d64f9c6feacf3e92589a2aaa85cacf1b9f6b", "35d506f99a4e9022a56c5b1c344b6e29d045359563198b3aaf906acaf9e737e6", "36e28c49a0cbd460214b4b4f8525ad08a2a34637d2662161b3ec352a74217945", "3aad7855aecc9e3d66c8bf8e3882a43f20e92f84c33997c46ec247303f5fca2b", "3c61cc31da277cf1ce10e8e91f37faea36c057b89da7b3123e6db682af189fd4", "3d7690027748a54d2b484cf94c7cf841090c87fdce0c0232ea3c777aa8a8e86a", "3e42861f302b2d4d517b70ce3a987ccfd31c216c859c33a04f88259d7ad10d73", "3e5e3ac70b2df7b7a1f35e53f2045b9bb476c00fb1237350c1bb75915081c232", "3e99ad00e9a3d91a6e2adccfbbb9129917a6e8a324f5324926acfb7cede2b3e4", "3ee074cb4c6a3ff4107aad00db4f5c36f09b7473401370e6a3db3ec302e4c6f2", "3f214f415b3bf355b33626da1803697a4857ba58a14ba68bac8a3dc9d2d81b7c", "3f67b00c7549a4af6fd43db6995fce244d040ad7bfa05640ddd44ef8b6fe7391", "40cf406922ddfc502cf0c58bf278ebae07afd7354a65764a88111afb7994d4a7", "433f955e465125af50961522fc37c558a1895b8f19a74295b0ea3da76e24f147", "495c8f1568e85ef8e164b170d489c8f902ff7d7e905bc2b1b8fb3a91072077e2", "502344b40fba1d822369db19f3a04dfab313fd7ba1a32ba880a9ece1ad20d080", "514c55b5f7fc37149db1fd9b25c96cc301c208346366ef9992044136e319eef6", "539c2aa6ded25a316c149823d308de872a1b58e4b6fd1c5c2af6ded0a84816a8", "5491a04c44580e7e8b70ea0460669cefd27ad126fb9f3cd8a98773e441de667c", "54abc27581753af5b70657bbf7474c1c50dc06b8bfbf4babda7fea95fee13ad2", "564483b3bddb3a9f35548cd75554e510dd79d6c19244aef1219dc1b7d6cf4bc8", "590b1e3a1a17e166bf57a4687f8bf0a5d66b71c15d74a99e989fabde5b3883e1", "5fafee3943e570dd814963c8297767c1b4d950b4f9c61e5de97a54fab2736519", "5fe5209619a795d4ff06fc01253f2d4c1e2e70bbca93c57fbd64d8a26dcbe3a3", "63829fd63421887217def52ecf6c8713211f39b7099b121b672db2a6ac526d15", "6718426b3ff4d9174dffa07ce7c950eaa1137ae64396154540efb62f6adcc58f", "678cff4f837ef23be463df114f73a44fb2ca6332adabc69722ba12d6e92a3f07", "681cb814ec01da81d1acc185d156e751bc414f445fa1e88a5441f2807ea1b6e5", "68864a01921d1d2f99379720179b2bc00ac026b9514072e339252c62ba7b3ae7", "6dea0aae0c9174985bb61bcb8bb6100f667854c95f3b2f530b2ac0a44bf20c4e", "6e2d095f53edc8c8e639e195b1415ccd67206568addac379dfbf8d423a6828ff", "6fac6838c5be4566c5687237374b67c33ef8653be397dd0d3bfb505373e6a868", "6fb00cd0930cd393596d0f12c773bdb52842704db2369f3979957175092519e2", "7506781429832aa9c6e16089d59ebe4b62c2e36304caae14b12fa1ceaa4753eb", "77d0ffb2484c182e7cfb95e78e452cac1b04db9e5191fce02c354d5e15ecd22e", "8291ae108cd0b0683813a42cb07ba71559339d82abd8b6f1fd19dbbd07927d3e", "848398d7aa2e41a491836589cf8092ae81e11e73e87a1f2ec0650797bba2e7a1", "84ef14bbc4c61a8a34597c6943d42d3b7cc8a5fe5d51fb671580daa54e486ae1", "857ea09ca99f4315366a3aeabdddb04d91707f498d6b3225a41420ed5c28e1c4", "882d075c63c9b7c330d6d122da21cf54efb6f8fd35968bb3016c79c08379a2f0", "88eb64eb6ad1bb976c20537e164e5071b643c9f8821fcd9272d625ff6cfa22ae", "8b05d1d9ffcf06fa9972913fd38bb461378c3f481d2413a8e5ef43302507c623", "8dba74f046294fb1aef5e8b25287900b3981ad89591539de220760a38178a407", "9508db292bffe87a29ccbae5923f338c0b838283d5dbcd7723dcb95f638000a3", "95c3cb915eee087cbd3c7bc8a94299c953b9460bd9dd753ba4ba95d8fb884c18", "96dbfc73acf8944a6a0e4db95d99b7e4d20df5dca3fcf325a00ddbc96608c38a", "972e58b2e4f0b76494eb8ebc0525c97f967166ef31d6981db78cf0ca17e42e1b", "9b1de817c88e17938ef590e01a03850f76ac8129363fbc5c6af2b5447c132637", "9cb7116a5df0b28954e70b973bc0e687fa1e8ea3c333e5c24c3efbf433c5925d", "a1e1a404d2af407781323df1ea6fc40259302c980cf3ce60e02c0509a56c192e", "a2130f348ab8dfa877cddfaa51065983cb2525b254be4c998587b7ef9040d0e3", "a3c9f11f54f3dc7aaa9d13b90a1d97b6701521284fa1461d5eeea2d336f8fbfe", "a5f2c4362df4e21b5680a17bfd0b3d80a56b031a10df4b1743ded3806947546a", "b3dd773f9bc613bfd67a9fe3ca82caf6506888e1f8fb6ec0fe09a353837a57c6", "b80f7b70ebfb40c973def23d18b3b75c3b6c587de4243938118baed01454d9ac", "ba5a3e97a65f9f826996518b168d478d254c10dcdadd45dded01a45180b91ee9", "beadf1e969f4c3ff43e7b444426508b43b021a559ece4542e51b452a92affbf6", "beed77321dd39b384274b4f22e7cf818f79c2255eb4899ead3c7e75494527814", "bf59eca9e660fe9508fed2166fe3117d8efcf1ce0235b6a6136bb78c48c90be2", "bf5aa542da3b80f25aba84eddd26c679e2b29f0731c23141627b387a7519ffdd", "c28bfa2303a0dfdd40afe80982bc525bd39989c65f7aa36e06ca5c566d4c91ca", "c29c0ce67fe42f0753d3f74cfceba47872ddca3d27ec00abca4c52bbbcedc0dd", "c3ff41e18dd8eae62e9f4a7514ff2d4e5d5e6ead55d145818e5f5111781f2b98", "c4e57198d81f3e3d3afc676dbe47d4ef67b6e39c6e616ab64c61f9bf2b755965", "c60d856864b85f255cd2d90990430473560eefc099090ef0465d6befafbbb473", "cfea609eb900864c71cf6b931b0729e589310376631a54bfc2a7fabd0eb371f6", "d7259e48958f306433cff9c4cf5e59aae8305bc308c3eef47f874732d5964927", "e3b89c4c338aafc46d97aa844e3412acc8bf9c85fce98e3e01b7e7bfc2bd2d9d", "e6a7bce89a27b90c18528fca2c5360cfb4deed0de47f64df7f1ed6918600f3a8", "f5d42c2dd316aa1cfc62811da11f6266d18e8cce9146f4aa55c1e13430e6f96a", "f693a6a8269ca551d3c045c402618150174f571fc52f5eef3d6c048ef5c655b1", "f9174628ba2b6a9aa15e6f090261c0ffcbff5c757037805b7b3946a7b6b6a2c3", "f928ce649d763d3818ad67eee99f92a21e9390df97885fd2f13aa89663483968", "fcc3d4757fb65fed647f043f0dbd6b90ccf9d76ff15d0bfcb16313c914792e56", "fd9d07ceedaa4487870b9425fec875478e58ec975f2e11425a6e824e2c2d350e"], "iocs": {"domain": [], "file": [{"hashes": ["00502f3a5e474959f8ce93b5feeb79dd7f6eff4ecd7dbefe0c2e3678de0eedf6", "01426a2a369847c154bbf2ee9fe8d2fa4c35fbac43dc9a67beeda28f31329ee4", "016f8bb1679a9874d406645ec5fbf9fe01f1349c718c2a19507dcd01ff2bbbbf", "0220e3fc2b2066f271a89c632da64595d838544de4b5ebc5f04aac66940971f7", "028fdd74004cff65fe2f4977a71c402008874a2ad55f38b29f8edb093ae8c2d9", "02ba868962d78226f227bd28fbcb968e4b4fca390ed617c2f3ccc30f60159a21", "0c493764094a0f20f2066b1c6dd5620cecf298d0474c0e27c8502efdd84ad1cb", "0d875382e169d8d0cee865be13592c356f3e0bda4c53709e7cb6cf1c058e1a4c", "0e295123a220ffab3b256d7dfb4c9d628d8cfbd60c3860df3690b45b12ce8da5", "0f84d1068efc6101d418994a6c0141d1bb5163e1853dc4c846bc297b74821871", "1041183e190b64467f531ab81cc85fc600f19b04d869d741a7540f7e887d19c1", "11a5c730b3f4114d72e6d756bf7a56b8f5a3ddc4acfb4ea26f8e7f789fce4db0", "13858a319ec0f498c3bcadd3fe22c4a6f98c8aef8046039afa07cfcb2ac9c0a3", "15f934e01433fbf5045a4b02ad70f220113c65966300081bbee7c825992763b5", "192c9c3b0a954bbbc6c28580031cc70dc30cb759cd3b04c374a7aa000dcdedac", "20ff0ac60be2dcd35809c92b0cfd47e966c821df2627713f1acdb5d68c8ce92b", "22a4ff01ae30c88ca2237c306eb74cf7b237d7f19992cd04498802531fbbbc37", "22fe5826d997627a3b8de9bf294c64982ead2ce0e0e8a714701e2c0031724cd7", "27290dadc36cce8e75a1940f42c0006275bebe27e4f6e8bf145b0559e001ee0c", "29788f51207813c3403377e1674f468d20d3ed7e45f15dbe1ca1ad044bdf2792", "2ad296ade0c55703b53b8270aa494fdbe8a577e134e3cfeb7c766981602d96d9", "2afecd890b126bc1fbbe694b40a8d64f9c6feacf3e92589a2aaa85cacf1b9f6b", "35d506f99a4e9022a56c5b1c344b6e29d045359563198b3aaf906acaf9e737e6", "36e28c49a0cbd460214b4b4f8525ad08a2a34637d2662161b3ec352a74217945", "3aad7855aecc9e3d66c8bf8e3882a43f20e92f84c33997c46ec247303f5fca2b", "9cb7116a5df0b28954e70b973bc0e687fa1e8ea3c333e5c24c3efbf433c5925d"], "path": "%LOCALAPPDATA%\\<random, matching '[a-z]{8}'>.exe"}], "ip": [{"hashes": ["01426a2a369847c154bbf2ee9fe8d2fa4c35fbac43dc9a67beeda28f31329ee4", "0220e3fc2b2066f271a89c632da64595d838544de4b5ebc5f04aac66940971f7", "028fdd74004cff65fe2f4977a71c402008874a2ad55f38b29f8edb093ae8c2d9", "02ba868962d78226f227bd28fbcb968e4b4fca390ed617c2f3ccc30f60159a21", "0c493764094a0f20f2066b1c6dd5620cecf298d0474c0e27c8502efdd84ad1cb", "0f84d1068efc6101d418994a6c0141d1bb5163e1853dc4c846bc297b74821871", "11a5c730b3f4114d72e6d756bf7a56b8f5a3ddc4acfb4ea26f8e7f789fce4db0", "13858a319ec0f498c3bcadd3fe22c4a6f98c8aef8046039afa07cfcb2ac9c0a3", "192c9c3b0a954bbbc6c28580031cc70dc30cb759cd3b04c374a7aa000dcdedac", "22fe5826d997627a3b8de9bf294c64982ead2ce0e0e8a714701e2c0031724cd7", "27290dadc36cce8e75a1940f42c0006275bebe27e4f6e8bf145b0559e001ee0c", "29788f51207813c3403377e1674f468d20d3ed7e45f15dbe1ca1ad044bdf2792", "2ad296ade0c55703b53b8270aa494fdbe8a577e134e3cfeb7c766981602d96d9", "2afecd890b126bc1fbbe694b40a8d64f9c6feacf3e92589a2aaa85cacf1b9f6b", "35d506f99a4e9022a56c5b1c344b6e29d045359563198b3aaf906acaf9e737e6", "36e28c49a0cbd460214b4b4f8525ad08a2a34637d2662161b3ec352a74217945", "3aad7855aecc9e3d66c8bf8e3882a43f20e92f84c33997c46ec247303f5fca2b", "9cb7116a5df0b28954e70b973bc0e687fa1e8ea3c333e5c24c3efbf433c5925d"], "ip": "76[.]74[.]184[.]127"}, {"hashes": ["00502f3a5e474959f8ce93b5feeb79dd7f6eff4ecd7dbefe0c2e3678de0eedf6", "016f8bb1679a9874d406645ec5fbf9fe01f1349c718c2a19507dcd01ff2bbbbf", "0220e3fc2b2066f271a89c632da64595d838544de4b5ebc5f04aac66940971f7", "028fdd74004cff65fe2f4977a71c402008874a2ad55f38b29f8edb093ae8c2d9", "0c493764094a0f20f2066b1c6dd5620cecf298d0474c0e27c8502efdd84ad1cb", "1041183e190b64467f531ab81cc85fc600f19b04d869d741a7540f7e887d19c1", "11a5c730b3f4114d72e6d756bf7a56b8f5a3ddc4acfb4ea26f8e7f789fce4db0", "15f934e01433fbf5045a4b02ad70f220113c65966300081bbee7c825992763b5", "192c9c3b0a954bbbc6c28580031cc70dc30cb759cd3b04c374a7aa000dcdedac", "20ff0ac60be2dcd35809c92b0cfd47e966c821df2627713f1acdb5d68c8ce92b", "22a4ff01ae30c88ca2237c306eb74cf7b237d7f19992cd04498802531fbbbc37", "27290dadc36cce8e75a1940f42c0006275bebe27e4f6e8bf145b0559e001ee0c", "29788f51207813c3403377e1674f468d20d3ed7e45f15dbe1ca1ad044bdf2792", "2afecd890b126bc1fbbe694b40a8d64f9c6feacf3e92589a2aaa85cacf1b9f6b", "36e28c49a0cbd460214b4b4f8525ad08a2a34637d2662161b3ec352a74217945"], "ip": "203[.]157[.]142[.]2"}, {"hashes": ["01426a2a369847c154bbf2ee9fe8d2fa4c35fbac43dc9a67beeda28f31329ee4", "02ba868962d78226f227bd28fbcb968e4b4fca390ed617c2f3ccc30f60159a21", "0c493764094a0f20f2066b1c6dd5620cecf298d0474c0e27c8502efdd84ad1cb", "0d875382e169d8d0cee865be13592c356f3e0bda4c53709e7cb6cf1c058e1a4c", "0e295123a220ffab3b256d7dfb4c9d628d8cfbd60c3860df3690b45b12ce8da5", "0f84d1068efc6101d418994a6c0141d1bb5163e1853dc4c846bc297b74821871", "13858a319ec0f498c3bcadd3fe22c4a6f98c8aef8046039afa07cfcb2ac9c0a3", "192c9c3b0a954bbbc6c28580031cc70dc30cb759cd3b04c374a7aa000dcdedac", "20ff0ac60be2dcd35809c92b0cfd47e966c821df2627713f1acdb5d68c8ce92b", "22a4ff01ae30c88ca2237c306eb74cf7b237d7f19992cd04498802531fbbbc37", "2ad296ade0c55703b53b8270aa494fdbe8a577e134e3cfeb7c766981602d96d9", "9cb7116a5df0b28954e70b973bc0e687fa1e8ea3c333e5c24c3efbf433c5925d"], "ip": "193[.]247[.]238[.]26"}, {"hashes": ["00502f3a5e474959f8ce93b5feeb79dd7f6eff4ecd7dbefe0c2e3678de0eedf6", "016f8bb1679a9874d406645ec5fbf9fe01f1349c718c2a19507dcd01ff2bbbbf", "02ba868962d78226f227bd28fbcb968e4b4fca390ed617c2f3ccc30f60159a21", "0d875382e169d8d0cee865be13592c356f3e0bda4c53709e7cb6cf1c058e1a4c", "0f84d1068efc6101d418994a6c0141d1bb5163e1853dc4c846bc297b74821871", "13858a319ec0f498c3bcadd3fe22c4a6f98c8aef8046039afa07cfcb2ac9c0a3", "15f934e01433fbf5045a4b02ad70f220113c65966300081bbee7c825992763b5", "192c9c3b0a954bbbc6c28580031cc70dc30cb759cd3b04c374a7aa000dcdedac", "2ad296ade0c55703b53b8270aa494fdbe8a577e134e3cfeb7c766981602d96d9", "2afecd890b126bc1fbbe694b40a8d64f9c6feacf3e92589a2aaa85cacf1b9f6b", "36e28c49a0cbd460214b4b4f8525ad08a2a34637d2662161b3ec352a74217945", "9cb7116a5df0b28954e70b973bc0e687fa1e8ea3c333e5c24c3efbf433c5925d"], "ip": "81[.]177[.]180[.]83"}, {"hashes": ["016f8bb1679a9874d406645ec5fbf9fe01f1349c718c2a19507dcd01ff2bbbbf", "02ba868962d78226f227bd28fbcb968e4b4fca390ed617c2f3ccc30f60159a21", "0d875382e169d8d0cee865be13592c356f3e0bda4c53709e7cb6cf1c058e1a4c", "11a5c730b3f4114d72e6d756bf7a56b8f5a3ddc4acfb4ea26f8e7f789fce4db0", "20ff0ac60be2dcd35809c92b0cfd47e966c821df2627713f1acdb5d68c8ce92b", "22a4ff01ae30c88ca2237c306eb74cf7b237d7f19992cd04498802531fbbbc37", "22fe5826d997627a3b8de9bf294c64982ead2ce0e0e8a714701e2c0031724cd7", "27290dadc36cce8e75a1940f42c0006275bebe27e4f6e8bf145b0559e001ee0c", "29788f51207813c3403377e1674f468d20d3ed7e45f15dbe1ca1ad044bdf2792", "36e28c49a0cbd460214b4b4f8525ad08a2a34637d2662161b3ec352a74217945", "9cb7116a5df0b28954e70b973bc0e687fa1e8ea3c333e5c24c3efbf433c5925d"], "ip": "151[.]3[.]8[.]106"}, {"hashes": ["01426a2a369847c154bbf2ee9fe8d2fa4c35fbac43dc9a67beeda28f31329ee4", "02ba868962d78226f227bd28fbcb968e4b4fca390ed617c2f3ccc30f60159a21", "0d875382e169d8d0cee865be13592c356f3e0bda4c53709e7cb6cf1c058e1a4c", "0e295123a220ffab3b256d7dfb4c9d628d8cfbd60c3860df3690b45b12ce8da5", "0f84d1068efc6101d418994a6c0141d1bb5163e1853dc4c846bc297b74821871", "1041183e190b64467f531ab81cc85fc600f19b04d869d741a7540f7e887d19c1", "13858a319ec0f498c3bcadd3fe22c4a6f98c8aef8046039afa07cfcb2ac9c0a3", "15f934e01433fbf5045a4b02ad70f220113c65966300081bbee7c825992763b5", "192c9c3b0a954bbbc6c28580031cc70dc30cb759cd3b04c374a7aa000dcdedac", "22a4ff01ae30c88ca2237c306eb74cf7b237d7f19992cd04498802531fbbbc37", "2ad296ade0c55703b53b8270aa494fdbe8a577e134e3cfeb7c766981602d96d9"], "ip": "87[.]106[.]200[.]140"}, {"hashes": ["00502f3a5e474959f8ce93b5feeb79dd7f6eff4ecd7dbefe0c2e3678de0eedf6", "1041183e190b64467f531ab81cc85fc600f19b04d869d741a7540f7e887d19c1", "11a5c730b3f4114d72e6d756bf7a56b8f5a3ddc4acfb4ea26f8e7f789fce4db0", "15f934e01433fbf5045a4b02ad70f220113c65966300081bbee7c825992763b5", "22fe5826d997627a3b8de9bf294c64982ead2ce0e0e8a714701e2c0031724cd7", "29788f51207813c3403377e1674f468d20d3ed7e45f15dbe1ca1ad044bdf2792", "2afecd890b126bc1fbbe694b40a8d64f9c6feacf3e92589a2aaa85cacf1b9f6b", "35d506f99a4e9022a56c5b1c344b6e29d045359563198b3aaf906acaf9e737e6", "3aad7855aecc9e3d66c8bf8e3882a43f20e92f84c33997c46ec247303f5fca2b", "9cb7116a5df0b28954e70b973bc0e687fa1e8ea3c333e5c24c3efbf433c5925d"], "ip": "113[.]53[.]247[.]147"}, {"hashes": ["00502f3a5e474959f8ce93b5feeb79dd7f6eff4ecd7dbefe0c2e3678de0eedf6", "01426a2a369847c154bbf2ee9fe8d2fa4c35fbac43dc9a67beeda28f31329ee4", "016f8bb1679a9874d406645ec5fbf9fe01f1349c718c2a19507dcd01ff2bbbbf", "02ba868962d78226f227bd28fbcb968e4b4fca390ed617c2f3ccc30f60159a21", "0e295123a220ffab3b256d7dfb4c9d628d8cfbd60c3860df3690b45b12ce8da5", "22fe5826d997627a3b8de9bf294c64982ead2ce0e0e8a714701e2c0031724cd7", "27290dadc36cce8e75a1940f42c0006275bebe27e4f6e8bf145b0559e001ee0c", "36e28c49a0cbd460214b4b4f8525ad08a2a34637d2662161b3ec352a74217945", "9cb7116a5df0b28954e70b973bc0e687fa1e8ea3c333e5c24c3efbf433c5925d"], "ip": "178[.]132[.]218[.]180"}, {"hashes": ["00502f3a5e474959f8ce93b5feeb79dd7f6eff4ecd7dbefe0c2e3678de0eedf6", "016f8bb1679a9874d406645ec5fbf9fe01f1349c718c2a19507dcd01ff2bbbbf", "028fdd74004cff65fe2f4977a71c402008874a2ad55f38b29f8edb093ae8c2d9", "0e295123a220ffab3b256d7dfb4c9d628d8cfbd60c3860df3690b45b12ce8da5", "1041183e190b64467f531ab81cc85fc600f19b04d869d741a7540f7e887d19c1", "15f934e01433fbf5045a4b02ad70f220113c65966300081bbee7c825992763b5", "22a4ff01ae30c88ca2237c306eb74cf7b237d7f19992cd04498802531fbbbc37", "35d506f99a4e9022a56c5b1c344b6e29d045359563198b3aaf906acaf9e737e6", "3aad7855aecc9e3d66c8bf8e3882a43f20e92f84c33997c46ec247303f5fca2b"], "ip": "91[.]121[.]70[.]14"}, {"hashes": ["0220e3fc2b2066f271a89c632da64595d838544de4b5ebc5f04aac66940971f7", "028fdd74004cff65fe2f4977a71c402008874a2ad55f38b29f8edb093ae8c2d9", "0c493764094a0f20f2066b1c6dd5620cecf298d0474c0e27c8502efdd84ad1cb", "22fe5826d997627a3b8de9bf294c64982ead2ce0e0e8a714701e2c0031724cd7", "27290dadc36cce8e75a1940f42c0006275bebe27e4f6e8bf145b0559e001ee0c", "35d506f99a4e9022a56c5b1c344b6e29d045359563198b3aaf906acaf9e737e6", "36e28c49a0cbd460214b4b4f8525ad08a2a34637d2662161b3ec352a74217945", "3aad7855aecc9e3d66c8bf8e3882a43f20e92f84c33997c46ec247303f5fca2b"], "ip": "142[.]4[.]60[.]242"}, {"hashes": ["016f8bb1679a9874d406645ec5fbf9fe01f1349c718c2a19507dcd01ff2bbbbf", "0220e3fc2b2066f271a89c632da64595d838544de4b5ebc5f04aac66940971f7", "0f84d1068efc6101d418994a6c0141d1bb5163e1853dc4c846bc297b74821871", "1041183e190b64467f531ab81cc85fc600f19b04d869d741a7540f7e887d19c1", "11a5c730b3f4114d72e6d756bf7a56b8f5a3ddc4acfb4ea26f8e7f789fce4db0", "13858a319ec0f498c3bcadd3fe22c4a6f98c8aef8046039afa07cfcb2ac9c0a3", "29788f51207813c3403377e1674f468d20d3ed7e45f15dbe1ca1ad044bdf2792", "2ad296ade0c55703b53b8270aa494fdbe8a577e134e3cfeb7c766981602d96d9"], "ip": "88[.]255[.]149[.]11"}, {"hashes": ["01426a2a369847c154bbf2ee9fe8d2fa4c35fbac43dc9a67beeda28f31329ee4", "016f8bb1679a9874d406645ec5fbf9fe01f1349c718c2a19507dcd01ff2bbbbf", "0220e3fc2b2066f271a89c632da64595d838544de4b5ebc5f04aac66940971f7", "0d875382e169d8d0cee865be13592c356f3e0bda4c53709e7cb6cf1c058e1a4c", "0e295123a220ffab3b256d7dfb4c9d628d8cfbd60c3860df3690b45b12ce8da5", "20ff0ac60be2dcd35809c92b0cfd47e966c821df2627713f1acdb5d68c8ce92b", "9cb7116a5df0b28954e70b973bc0e687fa1e8ea3c333e5c24c3efbf433c5925d"], "ip": "207[.]210[.]106[.]58"}], "mutex": [{"hashes": ["00502f3a5e474959f8ce93b5feeb79dd7f6eff4ecd7dbefe0c2e3678de0eedf6", "01426a2a369847c154bbf2ee9fe8d2fa4c35fbac43dc9a67beeda28f31329ee4", "016f8bb1679a9874d406645ec5fbf9fe01f1349c718c2a19507dcd01ff2bbbbf", "0220e3fc2b2066f271a89c632da64595d838544de4b5ebc5f04aac66940971f7", "028fdd74004cff65fe2f4977a71c402008874a2ad55f38b29f8edb093ae8c2d9", "02ba868962d78226f227bd28fbcb968e4b4fca390ed617c2f3ccc30f60159a21", "0c493764094a0f20f2066b1c6dd5620cecf298d0474c0e27c8502efdd84ad1cb", "0d875382e169d8d0cee865be13592c356f3e0bda4c53709e7cb6cf1c058e1a4c", "0e295123a220ffab3b256d7dfb4c9d628d8cfbd60c3860df3690b45b12ce8da5", "0f84d1068efc6101d418994a6c0141d1bb5163e1853dc4c846bc297b74821871", "1041183e190b64467f531ab81cc85fc600f19b04d869d741a7540f7e887d19c1", "11a5c730b3f4114d72e6d756bf7a56b8f5a3ddc4acfb4ea26f8e7f789fce4db0", "13858a319ec0f498c3bcadd3fe22c4a6f98c8aef8046039afa07cfcb2ac9c0a3", "15f934e01433fbf5045a4b02ad70f220113c65966300081bbee7c825992763b5", "192c9c3b0a954bbbc6c28580031cc70dc30cb759cd3b04c374a7aa000dcdedac", "20ff0ac60be2dcd35809c92b0cfd47e966c821df2627713f1acdb5d68c8ce92b", "22a4ff01ae30c88ca2237c306eb74cf7b237d7f19992cd04498802531fbbbc37", "22fe5826d997627a3b8de9bf294c64982ead2ce0e0e8a714701e2c0031724cd7", "27290dadc36cce8e75a1940f42c0006275bebe27e4f6e8bf145b0559e001ee0c", "29788f51207813c3403377e1674f468d20d3ed7e45f15dbe1ca1ad044bdf2792", "2ad296ade0c55703b53b8270aa494fdbe8a577e134e3cfeb7c766981602d96d9", "2afecd890b126bc1fbbe694b40a8d64f9c6feacf3e92589a2aaa85cacf1b9f6b", "35d506f99a4e9022a56c5b1c344b6e29d045359563198b3aaf906acaf9e737e6", "36e28c49a0cbd460214b4b4f8525ad08a2a34637d2662161b3ec352a74217945", "3aad7855aecc9e3d66c8bf8e3882a43f20e92f84c33997c46ec247303f5fca2b", "9cb7116a5df0b28954e70b973bc0e687fa1e8ea3c333e5c24c3efbf433c5925d"], "name": "2GVWNQJz1"}, {"hashes": ["00502f3a5e474959f8ce93b5feeb79dd7f6eff4ecd7dbefe0c2e3678de0eedf6", "01426a2a369847c154bbf2ee9fe8d2fa4c35fbac43dc9a67beeda28f31329ee4", "016f8bb1679a9874d406645ec5fbf9fe01f1349c718c2a19507dcd01ff2bbbbf", "0220e3fc2b2066f271a89c632da64595d838544de4b5ebc5f04aac66940971f7", "028fdd74004cff65fe2f4977a71c402008874a2ad55f38b29f8edb093ae8c2d9", "02ba868962d78226f227bd28fbcb968e4b4fca390ed617c2f3ccc30f60159a21", "0c493764094a0f20f2066b1c6dd5620cecf298d0474c0e27c8502efdd84ad1cb", "0d875382e169d8d0cee865be13592c356f3e0bda4c53709e7cb6cf1c058e1a4c", "0e295123a220ffab3b256d7dfb4c9d628d8cfbd60c3860df3690b45b12ce8da5", "0f84d1068efc6101d418994a6c0141d1bb5163e1853dc4c846bc297b74821871", "1041183e190b64467f531ab81cc85fc600f19b04d869d741a7540f7e887d19c1", "11a5c730b3f4114d72e6d756bf7a56b8f5a3ddc4acfb4ea26f8e7f789fce4db0", "13858a319ec0f498c3bcadd3fe22c4a6f98c8aef8046039afa07cfcb2ac9c0a3", "15f934e01433fbf5045a4b02ad70f220113c65966300081bbee7c825992763b5", "192c9c3b0a954bbbc6c28580031cc70dc30cb759cd3b04c374a7aa000dcdedac", "20ff0ac60be2dcd35809c92b0cfd47e966c821df2627713f1acdb5d68c8ce92b", "22a4ff01ae30c88ca2237c306eb74cf7b237d7f19992cd04498802531fbbbc37", "22fe5826d997627a3b8de9bf294c64982ead2ce0e0e8a714701e2c0031724cd7", "27290dadc36cce8e75a1940f42c0006275bebe27e4f6e8bf145b0559e001ee0c", "29788f51207813c3403377e1674f468d20d3ed7e45f15dbe1ca1ad044bdf2792", "2ad296ade0c55703b53b8270aa494fdbe8a577e134e3cfeb7c766981602d96d9", "2afecd890b126bc1fbbe694b40a8d64f9c6feacf3e92589a2aaa85cacf1b9f6b", "35d506f99a4e9022a56c5b1c344b6e29d045359563198b3aaf906acaf9e737e6", "36e28c49a0cbd460214b4b4f8525ad08a2a34637d2662161b3ec352a74217945", "3aad7855aecc9e3d66c8bf8e3882a43f20e92f84c33997c46ec247303f5fca2b", "9cb7116a5df0b28954e70b973bc0e687fa1e8ea3c333e5c24c3efbf433c5925d"], "name": "CCXPO_13_wKSU"}], "registry": [{"hashes": ["00502f3a5e474959f8ce93b5feeb79dd7f6eff4ecd7dbefe0c2e3678de0eedf6", "01426a2a369847c154bbf2ee9fe8d2fa4c35fbac43dc9a67beeda28f31329ee4", "016f8bb1679a9874d406645ec5fbf9fe01f1349c718c2a19507dcd01ff2bbbbf", "0220e3fc2b2066f271a89c632da64595d838544de4b5ebc5f04aac66940971f7", "028fdd74004cff65fe2f4977a71c402008874a2ad55f38b29f8edb093ae8c2d9", "02ba868962d78226f227bd28fbcb968e4b4fca390ed617c2f3ccc30f60159a21", "0c493764094a0f20f2066b1c6dd5620cecf298d0474c0e27c8502efdd84ad1cb", "0d875382e169d8d0cee865be13592c356f3e0bda4c53709e7cb6cf1c058e1a4c", "0e295123a220ffab3b256d7dfb4c9d628d8cfbd60c3860df3690b45b12ce8da5", "0f84d1068efc6101d418994a6c0141d1bb5163e1853dc4c846bc297b74821871", "1041183e190b64467f531ab81cc85fc600f19b04d869d741a7540f7e887d19c1", "11a5c730b3f4114d72e6d756bf7a56b8f5a3ddc4acfb4ea26f8e7f789fce4db0", "13858a319ec0f498c3bcadd3fe22c4a6f98c8aef8046039afa07cfcb2ac9c0a3", "15f934e01433fbf5045a4b02ad70f220113c65966300081bbee7c825992763b5", "192c9c3b0a954bbbc6c28580031cc70dc30cb759cd3b04c374a7aa000dcdedac", "20ff0ac60be2dcd35809c92b0cfd47e966c821df2627713f1acdb5d68c8ce92b", "22a4ff01ae30c88ca2237c306eb74cf7b237d7f19992cd04498802531fbbbc37", "22fe5826d997627a3b8de9bf294c64982ead2ce0e0e8a714701e2c0031724cd7", "27290dadc36cce8e75a1940f42c0006275bebe27e4f6e8bf145b0559e001ee0c", "29788f51207813c3403377e1674f468d20d3ed7e45f15dbe1ca1ad044bdf2792", "2ad296ade0c55703b53b8270aa494fdbe8a577e134e3cfeb7c766981602d96d9", "2afecd890b126bc1fbbe694b40a8d64f9c6feacf3e92589a2aaa85cacf1b9f6b", "35d506f99a4e9022a56c5b1c344b6e29d045359563198b3aaf906acaf9e737e6", "36e28c49a0cbd460214b4b4f8525ad08a2a34637d2662161b3ec352a74217945", "3aad7855aecc9e3d66c8bf8e3882a43f20e92f84c33997c46ec247303f5fca2b", "9cb7116a5df0b28954e70b973bc0e687fa1e8ea3c333e5c24c3efbf433c5925d"], "key": "<HKCU>\\SOFTWARE\\<random, matching '[a-zA-Z0-9]{5,9}'>", "value_name": null}, {"hashes": ["0f84d1068efc6101d418994a6c0141d1bb5163e1853dc4c846bc297b74821871", "13858a319ec0f498c3bcadd3fe22c4a6f98c8aef8046039afa07cfcb2ac9c0a3", "2ad296ade0c55703b53b8270aa494fdbe8a577e134e3cfeb7c766981602d96d9"], "key": "<HKCU>\\SOFTWARE\\HAFQELRH", "value_name": "kxlorvxn"}, {"hashes": ["0f84d1068efc6101d418994a6c0141d1bb5163e1853dc4c846bc297b74821871", "13858a319ec0f498c3bcadd3fe22c4a6f98c8aef8046039afa07cfcb2ac9c0a3", "2ad296ade0c55703b53b8270aa494fdbe8a577e134e3cfeb7c766981602d96d9"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "xkacxqqr"}, {"hashes": ["11a5c730b3f4114d72e6d756bf7a56b8f5a3ddc4acfb4ea26f8e7f789fce4db0", "29788f51207813c3403377e1674f468d20d3ed7e45f15dbe1ca1ad044bdf2792"], "key": "<HKCU>\\SOFTWARE\\OWMXSCVT", "value_name": "clpghwqf"}, {"hashes": ["35d506f99a4e9022a56c5b1c344b6e29d045359563198b3aaf906acaf9e737e6", "3aad7855aecc9e3d66c8bf8e3882a43f20e92f84c33997c46ec247303f5fca2b"], "key": "<HKCU>\\SOFTWARE\\GFEKSCVG", "value_name": "vmbrerlw"}, {"hashes": ["11a5c730b3f4114d72e6d756bf7a56b8f5a3ddc4acfb4ea26f8e7f789fce4db0", "29788f51207813c3403377e1674f468d20d3ed7e45f15dbe1ca1ad044bdf2792"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "bdpudrav"}, {"hashes": ["35d506f99a4e9022a56c5b1c344b6e29d045359563198b3aaf906acaf9e737e6", "3aad7855aecc9e3d66c8bf8e3882a43f20e92f84c33997c46ec247303f5fca2b"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "nxujmuak"}, {"hashes": ["9cb7116a5df0b28954e70b973bc0e687fa1e8ea3c333e5c24c3efbf433c5925d"], "key": "<HKCU>\\SOFTWARE\\JUQHUMGW", "value_name": "sqvsspvn"}, {"hashes": ["9cb7116a5df0b28954e70b973bc0e687fa1e8ea3c333e5c24c3efbf433c5925d"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "clxucfsq"}, {"hashes": ["01426a2a369847c154bbf2ee9fe8d2fa4c35fbac43dc9a67beeda28f31329ee4"], "key": "<HKCU>\\SOFTWARE\\NHHMDEUC", "value_name": "bkebjrtj"}, {"hashes": ["02ba868962d78226f227bd28fbcb968e4b4fca390ed617c2f3ccc30f60159a21"], "key": "<HKCU>\\SOFTWARE\\OELVBAJU", "value_name": "xwbcmfrn"}, {"hashes": ["01426a2a369847c154bbf2ee9fe8d2fa4c35fbac43dc9a67beeda28f31329ee4"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "rvebcdos"}, {"hashes": ["02ba868962d78226f227bd28fbcb968e4b4fca390ed617c2f3ccc30f60159a21"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "rdnapsgm"}, {"hashes": ["22fe5826d997627a3b8de9bf294c64982ead2ce0e0e8a714701e2c0031724cd7"], "key": "<HKCU>\\SOFTWARE\\MPBVOFKE", "value_name": "xwiivafw"}, {"hashes": ["0e295123a220ffab3b256d7dfb4c9d628d8cfbd60c3860df3690b45b12ce8da5"], "key": "<HKCU>\\SOFTWARE\\VUXUWDIM", "value_name": "dvtsxnuf"}, {"hashes": ["22fe5826d997627a3b8de9bf294c64982ead2ce0e0e8a714701e2c0031724cd7"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "gxwdapdt"}, {"hashes": ["0e295123a220ffab3b256d7dfb4c9d628d8cfbd60c3860df3690b45b12ce8da5"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "wkhpgjfw"}, {"hashes": ["016f8bb1679a9874d406645ec5fbf9fe01f1349c718c2a19507dcd01ff2bbbbf"], "key": "<HKCU>\\SOFTWARE\\IDIWBVCK", "value_name": "nxsksrvb"}, {"hashes": ["2afecd890b126bc1fbbe694b40a8d64f9c6feacf3e92589a2aaa85cacf1b9f6b"], "key": "<HKCU>\\SOFTWARE\\MGGJRFEA", "value_name": "hliipngk"}, {"hashes": ["016f8bb1679a9874d406645ec5fbf9fe01f1349c718c2a19507dcd01ff2bbbbf"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "pahgaxfk"}, {"hashes": ["2afecd890b126bc1fbbe694b40a8d64f9c6feacf3e92589a2aaa85cacf1b9f6b"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "wkstlpbm"}, {"hashes": ["27290dadc36cce8e75a1940f42c0006275bebe27e4f6e8bf145b0559e001ee0c"], "key": "<HKCU>\\SOFTWARE\\IPWQSJEP", "value_name": "khtlimfj"}, {"hashes": ["27290dadc36cce8e75a1940f42c0006275bebe27e4f6e8bf145b0559e001ee0c"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "fiursbbg"}, {"hashes": ["22a4ff01ae30c88ca2237c306eb74cf7b237d7f19992cd04498802531fbbbc37"], "key": "<HKCU>\\SOFTWARE\\GITNNMRX", "value_name": "hceuxock"}, {"hashes": ["22a4ff01ae30c88ca2237c306eb74cf7b237d7f19992cd04498802531fbbbc37"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "cedaixee"}, {"hashes": ["0c493764094a0f20f2066b1c6dd5620cecf298d0474c0e27c8502efdd84ad1cb"], "key": "<HKCU>\\SOFTWARE\\BFPQHXQX", "value_name": "kpeiaclf"}, {"hashes": ["0c493764094a0f20f2066b1c6dd5620cecf298d0474c0e27c8502efdd84ad1cb"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "kwpxolsk"}, {"hashes": ["15f934e01433fbf5045a4b02ad70f220113c65966300081bbee7c825992763b5"], "key": "<HKCU>\\SOFTWARE\\GOWWWCTS", "value_name": "ngrrkmsk"}, {"hashes": ["15f934e01433fbf5045a4b02ad70f220113c65966300081bbee7c825992763b5"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "umbrjucr"}, {"hashes": ["0220e3fc2b2066f271a89c632da64595d838544de4b5ebc5f04aac66940971f7"], "key": "<HKCU>\\SOFTWARE\\OKOGJOKP", "value_name": "wdogqdjn"}, {"hashes": ["0220e3fc2b2066f271a89c632da64595d838544de4b5ebc5f04aac66940971f7"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "mtdsqpes"}, {"hashes": ["192c9c3b0a954bbbc6c28580031cc70dc30cb759cd3b04c374a7aa000dcdedac"], "key": "<HKCU>\\SOFTWARE\\HJITILOL", "value_name": "ckdoxigj"}, {"hashes": ["1041183e190b64467f531ab81cc85fc600f19b04d869d741a7540f7e887d19c1"], "key": "<HKCU>\\SOFTWARE\\SNURSGVV", "value_name": "ahmtoxjv"}, {"hashes": ["192c9c3b0a954bbbc6c28580031cc70dc30cb759cd3b04c374a7aa000dcdedac"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "hhftmqkb"}, {"hashes": ["1041183e190b64467f531ab81cc85fc600f19b04d869d741a7540f7e887d19c1"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "tfoxthae"}, {"hashes": ["0d875382e169d8d0cee865be13592c356f3e0bda4c53709e7cb6cf1c058e1a4c"], "key": "<HKCU>\\SOFTWARE\\NBIOUOAR", "value_name": "epsfektb"}, {"hashes": ["0d875382e169d8d0cee865be13592c356f3e0bda4c53709e7cb6cf1c058e1a4c"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "bvguodrt"}, {"hashes": ["20ff0ac60be2dcd35809c92b0cfd47e966c821df2627713f1acdb5d68c8ce92b"], "key": "<HKCU>\\SOFTWARE\\NXAMAFEX", "value_name": "kjpjjmdv"}, {"hashes": ["20ff0ac60be2dcd35809c92b0cfd47e966c821df2627713f1acdb5d68c8ce92b"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "mqqvshmc"}, {"hashes": ["36e28c49a0cbd460214b4b4f8525ad08a2a34637d2662161b3ec352a74217945"], "key": "<HKCU>\\SOFTWARE\\UULINDTC", "value_name": "bdqrrhff"}, {"hashes": ["36e28c49a0cbd460214b4b4f8525ad08a2a34637d2662161b3ec352a74217945"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "trgcrfmh"}, {"hashes": ["028fdd74004cff65fe2f4977a71c402008874a2ad55f38b29f8edb093ae8c2d9"], "key": "<HKCU>\\SOFTWARE\\MIHMKPQP", "value_name": "kqxmswfb"}, {"hashes": ["028fdd74004cff65fe2f4977a71c402008874a2ad55f38b29f8edb093ae8c2d9"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "hdupxotn"}, {"hashes": ["00502f3a5e474959f8ce93b5feeb79dd7f6eff4ecd7dbefe0c2e3678de0eedf6"], "key": "<HKCU>\\SOFTWARE\\APROOJKN", "value_name": "vcvfmchw"}, {"hashes": ["00502f3a5e474959f8ce93b5feeb79dd7f6eff4ecd7dbefe0c2e3678de0eedf6"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "arforfdc"}]}, "reports_count": 26}, "Win.Dropper.LokiBot-9995267-0": {"bis": [{"bi": "pe-encrypted-section", "hashes": ["6020dc9cb609036c6f7f895d38cdecaf962a6efb3a39f84a175e0556afe80afd", "11634ea3ef30d4beeb73c51ac5153cbfac5bd12163a8d3f27ef239ce20d43239", "8ee3dc0214aa20169605b2fa6058ee59eafc02f1f0d27338f4d1954960d2a131", "d091c6670053f861a0b0528e244698df9ee2e6e88f36e615d6f1265cb302be10", "1cf4020e66e2bfd278b034441991ab9c4b86d90b92d2b70c55eaf9fdf4e4c1d3", "1bbb4374528cf6ca5e75201057498b025cd86af3aadd055eeab1f8df63e060f4", "d19fd82490dbc53bdc604e2f6c79a7f85f7d6dd66ef6f57798f403b2bfc0d367", "088cda450c0b4bdb9c1b913a73a47a85bd01967c0c94de5bf0045a337e96bb4b", "1f91f110d669e00d2f517ca2a33a19bad9e58e24ed7361099d541a230c61454f", "0b2174aaa22f46766725e8551d8191ebb66ff12156f5e337438f0e9a00ec0d2a", "803b332a3ed7caf147a77cff7d11322e1cd559d595761169e4328d42b257c8a3", "c973c87d98a07bf9142fcdcb4a2b647db3e17ddf20b3fcdfffe00892d3a2bbb8", "5ed98386abb0326fb81a4200085addb06c7b26e02b51efaa624a12be47d834b0", "13fe66d0f85b75af9b4c2ecf8251fa7d1800d7ce0c98210ed09414eb496369bb", "1fe4d1be4744591ed9ec166a6ec42082b5f546dd7183d8642b78f5480052c696", "07a221bef3d6ab41f7d234a345d1600491f08ee8e1e7a933518ba86b32033731", "011a3b2df7bdd0af5098314a22b2c611ca06ddcaa43620d67d53f4933bf8b742", "0e0744013438fd9feade11a2bece21edecdccaf75cb4823dcc96a8679023e19a", "18577a46633f206d96d4a4d06f8adbcae6fa09f4500db6c5efe820ca6ebe00bf", "062cebd1abc7f7adfc8e01683ef0ea34865440c37fc08c06b28fbecfc0b4bd7b", "003ba45ad5bf2c841859c43721b6bcbb4e1002d9630cc0dd1e1ea8ff2456fd56", "481920cc54ecf2c808fbf29cff0376e792afe6b10bb44737ff4b782b4e735db7", "20205c342c9355306d21950e3a85032de8d3ac6649aab1ffe6c485ac05b4b4a7", "765b882161573c24edb49aa1718371bdfcafe31d25aba65cd26f9b4ca07c029f", "1ac4a65da5b8fe68fc3dd892b42e90c861566d754f78965b29428f1b387caf70", "0f434385e7eba23c2f0887f47b3409fe63f15961bd19787e156a43527fa2e06c", "9bd7176592fd6c3067c61114736bef9547eea56859e196e65f0fd0e631d7d6e6", "1e8784959fb81f7b1ef0bfa506e34296567683428c4c99421d99c6900a83db8a", "7c185d7d1ba8d70b2f30f1526b1fbc003e35344fd1f3be6fd6652b06c417961b", "f375ccb26b214c0ac705aa9ca64f819de9112572c01b83c88e12e1ef9d16b60c", "10dc6c1faa1fe94fd3c0aefb39ef1a81d2b8b5013c5fd6518e46ff6bab08adcb", "10a708ad870990986a59f003b7c4ee81f786ef44d182be19e567bc56f7dda266", "1f732f2aedbdf313f8d692a263e175d8d433c64177f4186ac086c8124577ccf6", "1476d9a6bdedd18b40867ee7d6d65b2fa85f2824205602dc646594852165e023", "dbed2dd0503e73fbac6abbcb99adf1b723b0190bbde9b1e41c72c905fd5af9f2", "187c183f7991b7527f61460bb2c8632e4a8ff83cadcccd2cb172fc09becf960b", "04f4ed5fe2e0464f494d03003d29bfa42ca7bca411a13890419a9e023c1dc3c2", "2025af7b32fd101deaaa976af199bb524916da9203fe6d7edeb7cfce0d41ac0b"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "memory-execute-readwrite", "hashes": ["6020dc9cb609036c6f7f895d38cdecaf962a6efb3a39f84a175e0556afe80afd", "11634ea3ef30d4beeb73c51ac5153cbfac5bd12163a8d3f27ef239ce20d43239", "8ee3dc0214aa20169605b2fa6058ee59eafc02f1f0d27338f4d1954960d2a131", "d091c6670053f861a0b0528e244698df9ee2e6e88f36e615d6f1265cb302be10", "1cf4020e66e2bfd278b034441991ab9c4b86d90b92d2b70c55eaf9fdf4e4c1d3", "1bbb4374528cf6ca5e75201057498b025cd86af3aadd055eeab1f8df63e060f4", "d19fd82490dbc53bdc604e2f6c79a7f85f7d6dd66ef6f57798f403b2bfc0d367", "088cda450c0b4bdb9c1b913a73a47a85bd01967c0c94de5bf0045a337e96bb4b", "1f91f110d669e00d2f517ca2a33a19bad9e58e24ed7361099d541a230c61454f", "0b2174aaa22f46766725e8551d8191ebb66ff12156f5e337438f0e9a00ec0d2a", "803b332a3ed7caf147a77cff7d11322e1cd559d595761169e4328d42b257c8a3", "c973c87d98a07bf9142fcdcb4a2b647db3e17ddf20b3fcdfffe00892d3a2bbb8", "5ed98386abb0326fb81a4200085addb06c7b26e02b51efaa624a12be47d834b0", "13fe66d0f85b75af9b4c2ecf8251fa7d1800d7ce0c98210ed09414eb496369bb", "1fe4d1be4744591ed9ec166a6ec42082b5f546dd7183d8642b78f5480052c696", "07a221bef3d6ab41f7d234a345d1600491f08ee8e1e7a933518ba86b32033731", "011a3b2df7bdd0af5098314a22b2c611ca06ddcaa43620d67d53f4933bf8b742", "0e0744013438fd9feade11a2bece21edecdccaf75cb4823dcc96a8679023e19a", "18577a46633f206d96d4a4d06f8adbcae6fa09f4500db6c5efe820ca6ebe00bf", "062cebd1abc7f7adfc8e01683ef0ea34865440c37fc08c06b28fbecfc0b4bd7b", "003ba45ad5bf2c841859c43721b6bcbb4e1002d9630cc0dd1e1ea8ff2456fd56", "481920cc54ecf2c808fbf29cff0376e792afe6b10bb44737ff4b782b4e735db7", "20205c342c9355306d21950e3a85032de8d3ac6649aab1ffe6c485ac05b4b4a7", "765b882161573c24edb49aa1718371bdfcafe31d25aba65cd26f9b4ca07c029f", "1ac4a65da5b8fe68fc3dd892b42e90c861566d754f78965b29428f1b387caf70", "0f434385e7eba23c2f0887f47b3409fe63f15961bd19787e156a43527fa2e06c", "9bd7176592fd6c3067c61114736bef9547eea56859e196e65f0fd0e631d7d6e6", "1e8784959fb81f7b1ef0bfa506e34296567683428c4c99421d99c6900a83db8a", "7c185d7d1ba8d70b2f30f1526b1fbc003e35344fd1f3be6fd6652b06c417961b", "f375ccb26b214c0ac705aa9ca64f819de9112572c01b83c88e12e1ef9d16b60c", "10dc6c1faa1fe94fd3c0aefb39ef1a81d2b8b5013c5fd6518e46ff6bab08adcb", "10a708ad870990986a59f003b7c4ee81f786ef44d182be19e567bc56f7dda266", "1f732f2aedbdf313f8d692a263e175d8d433c64177f4186ac086c8124577ccf6", "1476d9a6bdedd18b40867ee7d6d65b2fa85f2824205602dc646594852165e023", "dbed2dd0503e73fbac6abbcb99adf1b723b0190bbde9b1e41c72c905fd5af9f2", "187c183f7991b7527f61460bb2c8632e4a8ff83cadcccd2cb172fc09becf960b", "04f4ed5fe2e0464f494d03003d29bfa42ca7bca411a13890419a9e023c1dc3c2", "2025af7b32fd101deaaa976af199bb524916da9203fe6d7edeb7cfce0d41ac0b"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "imports-IsDebuggerPresent", "hashes": ["6020dc9cb609036c6f7f895d38cdecaf962a6efb3a39f84a175e0556afe80afd", "11634ea3ef30d4beeb73c51ac5153cbfac5bd12163a8d3f27ef239ce20d43239", "8ee3dc0214aa20169605b2fa6058ee59eafc02f1f0d27338f4d1954960d2a131", "d091c6670053f861a0b0528e244698df9ee2e6e88f36e615d6f1265cb302be10", "1cf4020e66e2bfd278b034441991ab9c4b86d90b92d2b70c55eaf9fdf4e4c1d3", "1bbb4374528cf6ca5e75201057498b025cd86af3aadd055eeab1f8df63e060f4", "d19fd82490dbc53bdc604e2f6c79a7f85f7d6dd66ef6f57798f403b2bfc0d367", "088cda450c0b4bdb9c1b913a73a47a85bd01967c0c94de5bf0045a337e96bb4b", "1f91f110d669e00d2f517ca2a33a19bad9e58e24ed7361099d541a230c61454f", "0b2174aaa22f46766725e8551d8191ebb66ff12156f5e337438f0e9a00ec0d2a", "803b332a3ed7caf147a77cff7d11322e1cd559d595761169e4328d42b257c8a3", "c973c87d98a07bf9142fcdcb4a2b647db3e17ddf20b3fcdfffe00892d3a2bbb8", "5ed98386abb0326fb81a4200085addb06c7b26e02b51efaa624a12be47d834b0", "13fe66d0f85b75af9b4c2ecf8251fa7d1800d7ce0c98210ed09414eb496369bb", "1fe4d1be4744591ed9ec166a6ec42082b5f546dd7183d8642b78f5480052c696", "07a221bef3d6ab41f7d234a345d1600491f08ee8e1e7a933518ba86b32033731", "011a3b2df7bdd0af5098314a22b2c611ca06ddcaa43620d67d53f4933bf8b742", "0e0744013438fd9feade11a2bece21edecdccaf75cb4823dcc96a8679023e19a", "18577a46633f206d96d4a4d06f8adbcae6fa09f4500db6c5efe820ca6ebe00bf", "062cebd1abc7f7adfc8e01683ef0ea34865440c37fc08c06b28fbecfc0b4bd7b", "003ba45ad5bf2c841859c43721b6bcbb4e1002d9630cc0dd1e1ea8ff2456fd56", "481920cc54ecf2c808fbf29cff0376e792afe6b10bb44737ff4b782b4e735db7", "20205c342c9355306d21950e3a85032de8d3ac6649aab1ffe6c485ac05b4b4a7", "765b882161573c24edb49aa1718371bdfcafe31d25aba65cd26f9b4ca07c029f", "1ac4a65da5b8fe68fc3dd892b42e90c861566d754f78965b29428f1b387caf70", "0f434385e7eba23c2f0887f47b3409fe63f15961bd19787e156a43527fa2e06c", "9bd7176592fd6c3067c61114736bef9547eea56859e196e65f0fd0e631d7d6e6", "1e8784959fb81f7b1ef0bfa506e34296567683428c4c99421d99c6900a83db8a", "7c185d7d1ba8d70b2f30f1526b1fbc003e35344fd1f3be6fd6652b06c417961b", "f375ccb26b214c0ac705aa9ca64f819de9112572c01b83c88e12e1ef9d16b60c", "10dc6c1faa1fe94fd3c0aefb39ef1a81d2b8b5013c5fd6518e46ff6bab08adcb", "10a708ad870990986a59f003b7c4ee81f786ef44d182be19e567bc56f7dda266", "1f732f2aedbdf313f8d692a263e175d8d433c64177f4186ac086c8124577ccf6", "1476d9a6bdedd18b40867ee7d6d65b2fa85f2824205602dc646594852165e023", "dbed2dd0503e73fbac6abbcb99adf1b723b0190bbde9b1e41c72c905fd5af9f2", "187c183f7991b7527f61460bb2c8632e4a8ff83cadcccd2cb172fc09becf960b", "04f4ed5fe2e0464f494d03003d29bfa42ca7bca411a13890419a9e023c1dc3c2", "2025af7b32fd101deaaa976af199bb524916da9203fe6d7edeb7cfce0d41ac0b"], "mitre_attack_tags": ["TA0005", "TA0007"]}, {"bi": "registry-service-autostart-disabled", "hashes": ["1bbb4374528cf6ca5e75201057498b025cd86af3aadd055eeab1f8df63e060f4", "d19fd82490dbc53bdc604e2f6c79a7f85f7d6dd66ef6f57798f403b2bfc0d367", "088cda450c0b4bdb9c1b913a73a47a85bd01967c0c94de5bf0045a337e96bb4b", "1f91f110d669e00d2f517ca2a33a19bad9e58e24ed7361099d541a230c61454f", "0b2174aaa22f46766725e8551d8191ebb66ff12156f5e337438f0e9a00ec0d2a", "13fe66d0f85b75af9b4c2ecf8251fa7d1800d7ce0c98210ed09414eb496369bb", "1fe4d1be4744591ed9ec166a6ec42082b5f546dd7183d8642b78f5480052c696", "07a221bef3d6ab41f7d234a345d1600491f08ee8e1e7a933518ba86b32033731", "011a3b2df7bdd0af5098314a22b2c611ca06ddcaa43620d67d53f4933bf8b742", "0e0744013438fd9feade11a2bece21edecdccaf75cb4823dcc96a8679023e19a", "18577a46633f206d96d4a4d06f8adbcae6fa09f4500db6c5efe820ca6ebe00bf", "062cebd1abc7f7adfc8e01683ef0ea34865440c37fc08c06b28fbecfc0b4bd7b", "003ba45ad5bf2c841859c43721b6bcbb4e1002d9630cc0dd1e1ea8ff2456fd56", "20205c342c9355306d21950e3a85032de8d3ac6649aab1ffe6c485ac05b4b4a7", "1ac4a65da5b8fe68fc3dd892b42e90c861566d754f78965b29428f1b387caf70", "0f434385e7eba23c2f0887f47b3409fe63f15961bd19787e156a43527fa2e06c", "1e8784959fb81f7b1ef0bfa506e34296567683428c4c99421d99c6900a83db8a", "f375ccb26b214c0ac705aa9ca64f819de9112572c01b83c88e12e1ef9d16b60c", "10dc6c1faa1fe94fd3c0aefb39ef1a81d2b8b5013c5fd6518e46ff6bab08adcb", "10a708ad870990986a59f003b7c4ee81f786ef44d182be19e567bc56f7dda266", "1f732f2aedbdf313f8d692a263e175d8d433c64177f4186ac086c8124577ccf6", "1476d9a6bdedd18b40867ee7d6d65b2fa85f2824205602dc646594852165e023", "dbed2dd0503e73fbac6abbcb99adf1b723b0190bbde9b1e41c72c905fd5af9f2", "187c183f7991b7527f61460bb2c8632e4a8ff83cadcccd2cb172fc09becf960b", "04f4ed5fe2e0464f494d03003d29bfa42ca7bca411a13890419a9e023c1dc3c2", "2025af7b32fd101deaaa976af199bb524916da9203fe6d7edeb7cfce0d41ac0b"], "mitre_attack_tags": ["TA0005", "TA0040", "TA0003", "TA0004", "T1112", "T1574", "T1489"]}, {"bi": "auto-update-disabled", "hashes": ["1bbb4374528cf6ca5e75201057498b025cd86af3aadd055eeab1f8df63e060f4", "d19fd82490dbc53bdc604e2f6c79a7f85f7d6dd66ef6f57798f403b2bfc0d367", "088cda450c0b4bdb9c1b913a73a47a85bd01967c0c94de5bf0045a337e96bb4b", "1f91f110d669e00d2f517ca2a33a19bad9e58e24ed7361099d541a230c61454f", "0b2174aaa22f46766725e8551d8191ebb66ff12156f5e337438f0e9a00ec0d2a", "13fe66d0f85b75af9b4c2ecf8251fa7d1800d7ce0c98210ed09414eb496369bb", "1fe4d1be4744591ed9ec166a6ec42082b5f546dd7183d8642b78f5480052c696", "07a221bef3d6ab41f7d234a345d1600491f08ee8e1e7a933518ba86b32033731", "011a3b2df7bdd0af5098314a22b2c611ca06ddcaa43620d67d53f4933bf8b742", "0e0744013438fd9feade11a2bece21edecdccaf75cb4823dcc96a8679023e19a", "18577a46633f206d96d4a4d06f8adbcae6fa09f4500db6c5efe820ca6ebe00bf", "062cebd1abc7f7adfc8e01683ef0ea34865440c37fc08c06b28fbecfc0b4bd7b", "003ba45ad5bf2c841859c43721b6bcbb4e1002d9630cc0dd1e1ea8ff2456fd56", "20205c342c9355306d21950e3a85032de8d3ac6649aab1ffe6c485ac05b4b4a7", "1ac4a65da5b8fe68fc3dd892b42e90c861566d754f78965b29428f1b387caf70", "0f434385e7eba23c2f0887f47b3409fe63f15961bd19787e156a43527fa2e06c", "1e8784959fb81f7b1ef0bfa506e34296567683428c4c99421d99c6900a83db8a", "f375ccb26b214c0ac705aa9ca64f819de9112572c01b83c88e12e1ef9d16b60c", "10dc6c1faa1fe94fd3c0aefb39ef1a81d2b8b5013c5fd6518e46ff6bab08adcb", "10a708ad870990986a59f003b7c4ee81f786ef44d182be19e567bc56f7dda266", "1f732f2aedbdf313f8d692a263e175d8d433c64177f4186ac086c8124577ccf6", "1476d9a6bdedd18b40867ee7d6d65b2fa85f2824205602dc646594852165e023", "dbed2dd0503e73fbac6abbcb99adf1b723b0190bbde9b1e41c72c905fd5af9f2", "187c183f7991b7527f61460bb2c8632e4a8ff83cadcccd2cb172fc09becf960b", "04f4ed5fe2e0464f494d03003d29bfa42ca7bca411a13890419a9e023c1dc3c2", "2025af7b32fd101deaaa976af199bb524916da9203fe6d7edeb7cfce0d41ac0b"], "mitre_attack_tags": ["TA0005", "T1562"]}, {"bi": "registry-disable-windefender", "hashes": ["1bbb4374528cf6ca5e75201057498b025cd86af3aadd055eeab1f8df63e060f4", "d19fd82490dbc53bdc604e2f6c79a7f85f7d6dd66ef6f57798f403b2bfc0d367", "088cda450c0b4bdb9c1b913a73a47a85bd01967c0c94de5bf0045a337e96bb4b", "1f91f110d669e00d2f517ca2a33a19bad9e58e24ed7361099d541a230c61454f", "0b2174aaa22f46766725e8551d8191ebb66ff12156f5e337438f0e9a00ec0d2a", "13fe66d0f85b75af9b4c2ecf8251fa7d1800d7ce0c98210ed09414eb496369bb", "1fe4d1be4744591ed9ec166a6ec42082b5f546dd7183d8642b78f5480052c696", "07a221bef3d6ab41f7d234a345d1600491f08ee8e1e7a933518ba86b32033731", "011a3b2df7bdd0af5098314a22b2c611ca06ddcaa43620d67d53f4933bf8b742", "0e0744013438fd9feade11a2bece21edecdccaf75cb4823dcc96a8679023e19a", "18577a46633f206d96d4a4d06f8adbcae6fa09f4500db6c5efe820ca6ebe00bf", "062cebd1abc7f7adfc8e01683ef0ea34865440c37fc08c06b28fbecfc0b4bd7b", "003ba45ad5bf2c841859c43721b6bcbb4e1002d9630cc0dd1e1ea8ff2456fd56", "20205c342c9355306d21950e3a85032de8d3ac6649aab1ffe6c485ac05b4b4a7", "1ac4a65da5b8fe68fc3dd892b42e90c861566d754f78965b29428f1b387caf70", "0f434385e7eba23c2f0887f47b3409fe63f15961bd19787e156a43527fa2e06c", "1e8784959fb81f7b1ef0bfa506e34296567683428c4c99421d99c6900a83db8a", "f375ccb26b214c0ac705aa9ca64f819de9112572c01b83c88e12e1ef9d16b60c", "10dc6c1faa1fe94fd3c0aefb39ef1a81d2b8b5013c5fd6518e46ff6bab08adcb", "10a708ad870990986a59f003b7c4ee81f786ef44d182be19e567bc56f7dda266", "1f732f2aedbdf313f8d692a263e175d8d433c64177f4186ac086c8124577ccf6", "1476d9a6bdedd18b40867ee7d6d65b2fa85f2824205602dc646594852165e023", "dbed2dd0503e73fbac6abbcb99adf1b723b0190bbde9b1e41c72c905fd5af9f2", "187c183f7991b7527f61460bb2c8632e4a8ff83cadcccd2cb172fc09becf960b", "04f4ed5fe2e0464f494d03003d29bfa42ca7bca411a13890419a9e023c1dc3c2", "2025af7b32fd101deaaa976af199bb524916da9203fe6d7edeb7cfce0d41ac0b"], "mitre_attack_tags": ["TA0005", "T1562"]}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["6020dc9cb609036c6f7f895d38cdecaf962a6efb3a39f84a175e0556afe80afd", "11634ea3ef30d4beeb73c51ac5153cbfac5bd12163a8d3f27ef239ce20d43239", "8ee3dc0214aa20169605b2fa6058ee59eafc02f1f0d27338f4d1954960d2a131", "d091c6670053f861a0b0528e244698df9ee2e6e88f36e615d6f1265cb302be10", "d19fd82490dbc53bdc604e2f6c79a7f85f7d6dd66ef6f57798f403b2bfc0d367", "803b332a3ed7caf147a77cff7d11322e1cd559d595761169e4328d42b257c8a3", "c973c87d98a07bf9142fcdcb4a2b647db3e17ddf20b3fcdfffe00892d3a2bbb8", "5ed98386abb0326fb81a4200085addb06c7b26e02b51efaa624a12be47d834b0", "13fe66d0f85b75af9b4c2ecf8251fa7d1800d7ce0c98210ed09414eb496369bb", "011a3b2df7bdd0af5098314a22b2c611ca06ddcaa43620d67d53f4933bf8b742", "0e0744013438fd9feade11a2bece21edecdccaf75cb4823dcc96a8679023e19a", "062cebd1abc7f7adfc8e01683ef0ea34865440c37fc08c06b28fbecfc0b4bd7b", "481920cc54ecf2c808fbf29cff0376e792afe6b10bb44737ff4b782b4e735db7", "20205c342c9355306d21950e3a85032de8d3ac6649aab1ffe6c485ac05b4b4a7", "765b882161573c24edb49aa1718371bdfcafe31d25aba65cd26f9b4ca07c029f", "9bd7176592fd6c3067c61114736bef9547eea56859e196e65f0fd0e631d7d6e6", "1e8784959fb81f7b1ef0bfa506e34296567683428c4c99421d99c6900a83db8a", "f375ccb26b214c0ac705aa9ca64f819de9112572c01b83c88e12e1ef9d16b60c"], "mitre_attack_tags": []}, {"bi": "network-http-numeric-ip", "hashes": ["6020dc9cb609036c6f7f895d38cdecaf962a6efb3a39f84a175e0556afe80afd", "803b332a3ed7caf147a77cff7d11322e1cd559d595761169e4328d42b257c8a3", "c973c87d98a07bf9142fcdcb4a2b647db3e17ddf20b3fcdfffe00892d3a2bbb8", "5ed98386abb0326fb81a4200085addb06c7b26e02b51efaa624a12be47d834b0", "481920cc54ecf2c808fbf29cff0376e792afe6b10bb44737ff4b782b4e735db7", "765b882161573c24edb49aa1718371bdfcafe31d25aba65cd26f9b4ca07c029f", "9bd7176592fd6c3067c61114736bef9547eea56859e196e65f0fd0e631d7d6e6", "7c185d7d1ba8d70b2f30f1526b1fbc003e35344fd1f3be6fd6652b06c417961b"], "mitre_attack_tags": ["TA0011", "T1071"]}, {"bi": "file-ini-read", "hashes": ["6020dc9cb609036c6f7f895d38cdecaf962a6efb3a39f84a175e0556afe80afd", "803b332a3ed7caf147a77cff7d11322e1cd559d595761169e4328d42b257c8a3", "c973c87d98a07bf9142fcdcb4a2b647db3e17ddf20b3fcdfffe00892d3a2bbb8", "5ed98386abb0326fb81a4200085addb06c7b26e02b51efaa624a12be47d834b0", "481920cc54ecf2c808fbf29cff0376e792afe6b10bb44737ff4b782b4e735db7", "765b882161573c24edb49aa1718371bdfcafe31d25aba65cd26f9b4ca07c029f", "9bd7176592fd6c3067c61114736bef9547eea56859e196e65f0fd0e631d7d6e6", "7c185d7d1ba8d70b2f30f1526b1fbc003e35344fd1f3be6fd6652b06c417961b"], "mitre_attack_tags": []}, {"bi": "windows-vault-api", "hashes": ["6020dc9cb609036c6f7f895d38cdecaf962a6efb3a39f84a175e0556afe80afd", "803b332a3ed7caf147a77cff7d11322e1cd559d595761169e4328d42b257c8a3", "c973c87d98a07bf9142fcdcb4a2b647db3e17ddf20b3fcdfffe00892d3a2bbb8", "5ed98386abb0326fb81a4200085addb06c7b26e02b51efaa624a12be47d834b0", "481920cc54ecf2c808fbf29cff0376e792afe6b10bb44737ff4b782b4e735db7", "765b882161573c24edb49aa1718371bdfcafe31d25aba65cd26f9b4ca07c029f", "9bd7176592fd6c3067c61114736bef9547eea56859e196e65f0fd0e631d7d6e6", "7c185d7d1ba8d70b2f30f1526b1fbc003e35344fd1f3be6fd6652b06c417961b"], "mitre_attack_tags": ["TA0006", "T1003", "T1555"]}, {"bi": "firefox-password-manager-local-database-access", "hashes": ["6020dc9cb609036c6f7f895d38cdecaf962a6efb3a39f84a175e0556afe80afd", "803b332a3ed7caf147a77cff7d11322e1cd559d595761169e4328d42b257c8a3", "c973c87d98a07bf9142fcdcb4a2b647db3e17ddf20b3fcdfffe00892d3a2bbb8", "5ed98386abb0326fb81a4200085addb06c7b26e02b51efaa624a12be47d834b0", "481920cc54ecf2c808fbf29cff0376e792afe6b10bb44737ff4b782b4e735db7", "765b882161573c24edb49aa1718371bdfcafe31d25aba65cd26f9b4ca07c029f", "9bd7176592fd6c3067c61114736bef9547eea56859e196e65f0fd0e631d7d6e6", "7c185d7d1ba8d70b2f30f1526b1fbc003e35344fd1f3be6fd6652b06c417961b"], "mitre_attack_tags": ["TA0006", "T1003"]}, {"bi": "enumeration-browser-information", "hashes": ["6020dc9cb609036c6f7f895d38cdecaf962a6efb3a39f84a175e0556afe80afd", "803b332a3ed7caf147a77cff7d11322e1cd559d595761169e4328d42b257c8a3", "c973c87d98a07bf9142fcdcb4a2b647db3e17ddf20b3fcdfffe00892d3a2bbb8", "5ed98386abb0326fb81a4200085addb06c7b26e02b51efaa624a12be47d834b0", "481920cc54ecf2c808fbf29cff0376e792afe6b10bb44737ff4b782b4e735db7", "765b882161573c24edb49aa1718371bdfcafe31d25aba65cd26f9b4ca07c029f", "9bd7176592fd6c3067c61114736bef9547eea56859e196e65f0fd0e631d7d6e6", "7c185d7d1ba8d70b2f30f1526b1fbc003e35344fd1f3be6fd6652b06c417961b"], "mitre_attack_tags": ["TA0007", "TA0009", "TA0006", "T1083", "T1217", "T1005", "T1119", "T1552", "T1539", "T1555"]}, {"bi": "network-communications-http-get", "hashes": ["803b332a3ed7caf147a77cff7d11322e1cd559d595761169e4328d42b257c8a3", "c973c87d98a07bf9142fcdcb4a2b647db3e17ddf20b3fcdfffe00892d3a2bbb8", "5ed98386abb0326fb81a4200085addb06c7b26e02b51efaa624a12be47d834b0", "481920cc54ecf2c808fbf29cff0376e792afe6b10bb44737ff4b782b4e735db7", "765b882161573c24edb49aa1718371bdfcafe31d25aba65cd26f9b4ca07c029f", "9bd7176592fd6c3067c61114736bef9547eea56859e196e65f0fd0e631d7d6e6", "7c185d7d1ba8d70b2f30f1526b1fbc003e35344fd1f3be6fd6652b06c417961b"], "mitre_attack_tags": ["TA0011", "T1105"]}, {"bi": "firefox-cookie-read", "hashes": ["803b332a3ed7caf147a77cff7d11322e1cd559d595761169e4328d42b257c8a3", "c973c87d98a07bf9142fcdcb4a2b647db3e17ddf20b3fcdfffe00892d3a2bbb8", "5ed98386abb0326fb81a4200085addb06c7b26e02b51efaa624a12be47d834b0", "481920cc54ecf2c808fbf29cff0376e792afe6b10bb44737ff4b782b4e735db7", "765b882161573c24edb49aa1718371bdfcafe31d25aba65cd26f9b4ca07c029f", "9bd7176592fd6c3067c61114736bef9547eea56859e196e65f0fd0e631d7d6e6", "7c185d7d1ba8d70b2f30f1526b1fbc003e35344fd1f3be6fd6652b06c417961b"], "mitre_attack_tags": ["TA0009", "T1005", "T1119"]}, {"bi": "process-read-ie-cookies", "hashes": ["803b332a3ed7caf147a77cff7d11322e1cd559d595761169e4328d42b257c8a3", "c973c87d98a07bf9142fcdcb4a2b647db3e17ddf20b3fcdfffe00892d3a2bbb8", "5ed98386abb0326fb81a4200085addb06c7b26e02b51efaa624a12be47d834b0", "481920cc54ecf2c808fbf29cff0376e792afe6b10bb44737ff4b782b4e735db7", "765b882161573c24edb49aa1718371bdfcafe31d25aba65cd26f9b4ca07c029f", "9bd7176592fd6c3067c61114736bef9547eea56859e196e65f0fd0e631d7d6e6", "7c185d7d1ba8d70b2f30f1526b1fbc003e35344fd1f3be6fd6652b06c417961b"], "mitre_attack_tags": ["TA0009", "T1005", "T1119"]}, {"bi": "malware-generic-infostealer", "hashes": ["803b332a3ed7caf147a77cff7d11322e1cd559d595761169e4328d42b257c8a3", "c973c87d98a07bf9142fcdcb4a2b647db3e17ddf20b3fcdfffe00892d3a2bbb8", "5ed98386abb0326fb81a4200085addb06c7b26e02b51efaa624a12be47d834b0", "481920cc54ecf2c808fbf29cff0376e792afe6b10bb44737ff4b782b4e735db7", "765b882161573c24edb49aa1718371bdfcafe31d25aba65cd26f9b4ca07c029f", "9bd7176592fd6c3067c61114736bef9547eea56859e196e65f0fd0e631d7d6e6", "7c185d7d1ba8d70b2f30f1526b1fbc003e35344fd1f3be6fd6652b06c417961b"], "mitre_attack_tags": ["TA0007", "TA0009", "TA0006", "T1083", "T1005", "T1119", "T1552"]}, {"bi": "modified-file-in-user-dir", "hashes": ["6020dc9cb609036c6f7f895d38cdecaf962a6efb3a39f84a175e0556afe80afd", "11634ea3ef30d4beeb73c51ac5153cbfac5bd12163a8d3f27ef239ce20d43239", "8ee3dc0214aa20169605b2fa6058ee59eafc02f1f0d27338f4d1954960d2a131", "d091c6670053f861a0b0528e244698df9ee2e6e88f36e615d6f1265cb302be10", "1cf4020e66e2bfd278b034441991ab9c4b86d90b92d2b70c55eaf9fdf4e4c1d3"], "mitre_attack_tags": []}, {"bi": "windows-crash-tool-execution-detected", "hashes": ["11634ea3ef30d4beeb73c51ac5153cbfac5bd12163a8d3f27ef239ce20d43239", "8ee3dc0214aa20169605b2fa6058ee59eafc02f1f0d27338f4d1954960d2a131", "d091c6670053f861a0b0528e244698df9ee2e6e88f36e615d6f1265cb302be10", "1cf4020e66e2bfd278b034441991ab9c4b86d90b92d2b70c55eaf9fdf4e4c1d3"], "mitre_attack_tags": []}, {"bi": "crash-dump-file-created", "hashes": ["11634ea3ef30d4beeb73c51ac5153cbfac5bd12163a8d3f27ef239ce20d43239", "8ee3dc0214aa20169605b2fa6058ee59eafc02f1f0d27338f4d1954960d2a131", "d091c6670053f861a0b0528e244698df9ee2e6e88f36e615d6f1265cb302be10", "1cf4020e66e2bfd278b034441991ab9c4b86d90b92d2b70c55eaf9fdf4e4c1d3"], "mitre_attack_tags": []}, {"bi": "fault-report-file-created", "hashes": ["11634ea3ef30d4beeb73c51ac5153cbfac5bd12163a8d3f27ef239ce20d43239", "8ee3dc0214aa20169605b2fa6058ee59eafc02f1f0d27338f4d1954960d2a131", "d091c6670053f861a0b0528e244698df9ee2e6e88f36e615d6f1265cb302be10", "1cf4020e66e2bfd278b034441991ab9c4b86d90b92d2b70c55eaf9fdf4e4c1d3"], "mitre_attack_tags": []}, {"bi": "network-snort-sensitive-data", "hashes": ["c973c87d98a07bf9142fcdcb4a2b647db3e17ddf20b3fcdfffe00892d3a2bbb8", "9bd7176592fd6c3067c61114736bef9547eea56859e196e65f0fd0e631d7d6e6"], "mitre_attack_tags": []}, {"bi": "antivirus-flagged-artifact", "hashes": ["6020dc9cb609036c6f7f895d38cdecaf962a6efb3a39f84a175e0556afe80afd"], "mitre_attack_tags": []}, {"bi": "network-file-uploaded", "hashes": ["6020dc9cb609036c6f7f895d38cdecaf962a6efb3a39f84a175e0556afe80afd"], "mitre_attack_tags": ["TA0010", "T1011"]}, {"bi": "network-communications-http-post", "hashes": ["6020dc9cb609036c6f7f895d38cdecaf962a6efb3a39f84a175e0556afe80afd"], "mitre_attack_tags": ["TA0010", "T1048"]}, {"bi": "http-response-client-error", "hashes": ["6020dc9cb609036c6f7f895d38cdecaf962a6efb3a39f84a175e0556afe80afd"], "mitre_attack_tags": []}, {"bi": "malware-lokibot-mutex-detected", "hashes": ["6020dc9cb609036c6f7f895d38cdecaf962a6efb3a39f84a175e0556afe80afd"], "mitre_attack_tags": []}, {"bi": "network-snort-malware", "hashes": ["6020dc9cb609036c6f7f895d38cdecaf962a6efb3a39f84a175e0556afe80afd"], "mitre_attack_tags": []}, {"bi": "suspicious-user-agent", "hashes": ["6020dc9cb609036c6f7f895d38cdecaf962a6efb3a39f84a175e0556afe80afd"], "mitre_attack_tags": ["TA0011", "T1071"]}, {"bi": "deleted-submitted-file", "hashes": ["6020dc9cb609036c6f7f895d38cdecaf962a6efb3a39f84a175e0556afe80afd"], "mitre_attack_tags": ["TA0005"]}, {"bi": "malware-known-trojan-av", "hashes": ["6020dc9cb609036c6f7f895d38cdecaf962a6efb3a39f84a175e0556afe80afd"], "mitre_attack_tags": []}, {"bi": "altered-sample-snort-flagged", "hashes": ["6020dc9cb609036c6f7f895d38cdecaf962a6efb3a39f84a175e0556afe80afd"], "mitre_attack_tags": ["TA0011", "T1102"]}, {"bi": "pe-uses-heavens-gate", "hashes": ["6020dc9cb609036c6f7f895d38cdecaf962a6efb3a39f84a175e0556afe80afd"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "malware-lokibot-user-agent-detected", "hashes": ["6020dc9cb609036c6f7f895d38cdecaf962a6efb3a39f84a175e0556afe80afd"], "mitre_attack_tags": []}], "category": "Dropper", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": true, "Threat Grid": true, "Umbrella": false, "WSA": false}, "description": "Lokibot is an information-stealing malware designed to siphon sensitive information stored on an infected device. It is modular in nature, supporting the ability to steal sensitive information from a number of popular applications. It is commonly pushed via malicious documents delivered via spam emails.", "hashes": ["003ba45ad5bf2c841859c43721b6bcbb4e1002d9630cc0dd1e1ea8ff2456fd56", "011a3b2df7bdd0af5098314a22b2c611ca06ddcaa43620d67d53f4933bf8b742", "04f4ed5fe2e0464f494d03003d29bfa42ca7bca411a13890419a9e023c1dc3c2", "062cebd1abc7f7adfc8e01683ef0ea34865440c37fc08c06b28fbecfc0b4bd7b", "07a221bef3d6ab41f7d234a345d1600491f08ee8e1e7a933518ba86b32033731", "088cda450c0b4bdb9c1b913a73a47a85bd01967c0c94de5bf0045a337e96bb4b", "0b2174aaa22f46766725e8551d8191ebb66ff12156f5e337438f0e9a00ec0d2a", "0e0744013438fd9feade11a2bece21edecdccaf75cb4823dcc96a8679023e19a", "0f434385e7eba23c2f0887f47b3409fe63f15961bd19787e156a43527fa2e06c", "10a708ad870990986a59f003b7c4ee81f786ef44d182be19e567bc56f7dda266", "10dc6c1faa1fe94fd3c0aefb39ef1a81d2b8b5013c5fd6518e46ff6bab08adcb", "11634ea3ef30d4beeb73c51ac5153cbfac5bd12163a8d3f27ef239ce20d43239", "13fe66d0f85b75af9b4c2ecf8251fa7d1800d7ce0c98210ed09414eb496369bb", "1476d9a6bdedd18b40867ee7d6d65b2fa85f2824205602dc646594852165e023", "18577a46633f206d96d4a4d06f8adbcae6fa09f4500db6c5efe820ca6ebe00bf", "187c183f7991b7527f61460bb2c8632e4a8ff83cadcccd2cb172fc09becf960b", "1ac4a65da5b8fe68fc3dd892b42e90c861566d754f78965b29428f1b387caf70", "1bbb4374528cf6ca5e75201057498b025cd86af3aadd055eeab1f8df63e060f4", "1cf4020e66e2bfd278b034441991ab9c4b86d90b92d2b70c55eaf9fdf4e4c1d3", "1e8784959fb81f7b1ef0bfa506e34296567683428c4c99421d99c6900a83db8a", "1f732f2aedbdf313f8d692a263e175d8d433c64177f4186ac086c8124577ccf6", "1f91f110d669e00d2f517ca2a33a19bad9e58e24ed7361099d541a230c61454f", "1fe4d1be4744591ed9ec166a6ec42082b5f546dd7183d8642b78f5480052c696", "20205c342c9355306d21950e3a85032de8d3ac6649aab1ffe6c485ac05b4b4a7", "2025af7b32fd101deaaa976af199bb524916da9203fe6d7edeb7cfce0d41ac0b", "2161d98e529acb3f7593d2dcb7b52346e6a3c3cccb169fe736d0f557f484f54d", "2251858c0b826c6fd0929ffcfe06eaa832f7e1e46415115430067af1c27d2782", "24290c18e6766617ebba03878b7c662132bd5de83ed23335daa22e523b3c2bb8", "25d46e216146d8d018e64ed49276ede1d270fa28b1e8fd495dd97a2e57c193bb", "269d9873db8ac51e45866d71874d8fedd518d197369647860d0a0d5d777c017d", "27a5dc65d0e1202d1c0d034a8cf25ab2fc1b2ec5437a5c9a3f0d81e04a2db005", "29a97bf18eee3b39d21bbe7e86b403d4927a2d92f738d891c0704563f6700cf3", "2b038fdf953e2f0daeba7090c7ab14268af09ff2b6b49678cac7da4285c34d22", "2b04e2b9e82c507958d2c7307df58dde80304e8c2ea6f4198e30c4817a5785c9", "2bf38fe813530bd9290749a62b31634333bd9869d435f4c009a3f02e91cad911", "2e20739b4d3008a0c53d99a2332cca4de3e0f2b9313a673170716dca6d62e12b", "2e4036ef5848fc99816a012883c915ee8cab6fd867d72af76b1002103bc12747", "2f44ddeee5ccf15a98aa1fb14f8f17e3e453e9eecb6cbc45483ae546e037574c", "2f8575fe52c64c560829bbffd82e4eef9c7d995fdc05dfd6824f34238bf0771f", "3077553c9cffc591019fd2de4d46417e4d662c4f2f22e56dfb5b7d32cd0049cb", "332183816f9f72afd54ad86d79781065e25037a7edfac0ee5a6dcee987090def", "3351a44f61fd60581b3568f9a62d12c2820094508ac145d0ce015d3c2c7a4274", "33fc36acfc61cee2e3953c80365cb4fe8cb1888be8246137baf27d753a7ae353", "3469d20c194440e9193374a4bc15977e8bbcb6dfd0542f2556f99e34d6d14790", "38b069afa28681d7eb9bde9774fa1547f831a7b4a2ded5ae646d04da14ae7079", "3a3dec69ab00415f9e16b54cc386db269ba974334894b252947b0f7b56946d8d", "3a82c11ef3658fd47b69e303461b578ba036109fb7934de5714cc7993843085f", "3aee15ec5dac8b6d29be4b6e559a6b1e101282b769809d6959a9927bb4f09e23", "3b4e81056159ce991a7ca726e35bdc4faecd84cbcaafef72807a216a0390b83b", "3bb824fa66fefe7556e077ecaaab30ebf4aa53810564ea5f7c5188297e21b018", "402d3d20fac5b38e08e7a41caf9b406cd6ccbae404b7b0db2da65d4acce2ce2f", "4051dfda4d416a35faea27d736cc5e2cbe15d867e6352859811c21dc49b28139", "40757b91beeeda1d97cbce7a23fbf0a8deaf28df24b308ee0d5ab8f2a5d58a17", "4077b90148edd929a69085618bdacc43eb359fa5efce1655a16499005e5bf59d", "40a7d666358f620cf82ac9d08df6c799a4f495e9d970c039896a46daed7d2ded", "422ff83f7a9376cbfd8e258d885cdc7aff029a5e1900976ec76f1cf41a6cfad9", "423e153b8ffc0fa3c5f7f45f41c13f4fadbf24ea05a3111adda967bad8bf922c", "431d0ccfe1eb51a7ba0118d7e7b6e4bf403ddf7315f07afbfb60d4e19d7b69fe", "4380987b85b2e72cc3b4cba8e82e22f82193f7d1e563b35a8453252b2bcccf8b", "4532b193cdb9983b284571fcd459eba19ac200242679620a1f2dc8a3bccd955e", "465ddb075dae2caa1ae20d9c9da725ea9738bdef5b426e1bbb92246798f2ec99", "47f65edba551ffb331c354dc619481af7c89df733f8e5925e785b5a778d98655", "481920cc54ecf2c808fbf29cff0376e792afe6b10bb44737ff4b782b4e735db7", "48f9fe09fc83d1d097a64a24f961c7018780ca8be335a8cfcc6274c509a10628", "49ad82e55df3dbdb88957742c888bbb12dd90769064d09b9fa54ad5dbbf7b34a", "4af36e0c47603b1e0db142ad239b8a310bc3d2abf9689775e44802c31951acc8", "4bf230058dd8f0f09d3bced80809f7ec6943fa9c319f70fe93640ea56adda8f8", "4c5fbc36aed5758311f6371bf78d86789dc68a036378fc324899ed518c58b6df", "4e3ce3f3dfefce9eb2198f9890cecb8abae95ef6bf45987f2cfd9d4f5841a5e0", "4e5edece2eb24ea21a1d0da7da7a5fddaf739a876c1847c2ad8866d45497a5e8", "4ebca4489a4c29c0f26d805ec71308259e305dcaae0e3908d4eed359d81abfa3", "50f90b581cfe65f98e9e4a0909b58ebc39a7f501c74ecc45c6ad75771e639f51", "52e20e876e481d0a48b895666e6be9b08350c977bfb5597951d945051c401033", "537da04a7efae15dcf24d0be9f6c218c503510c19da216b32e9499a58085131c", "546b01f8d5fed4b13003956faf483627911ab5877b6d092f9d03760a4f5a4325", "547e49cae9952170b7a0546e8c93f73ac583aa7f87e17124ca4bc02ab355bb16", "55bdb97559c9deeedfa982ea656bdefe4f75e285bdfbf3e2d53355e1bd9f54c8", "56124fb1825b3fbe1cd0bad34c81491ad5dc916b01881cdfb6fe0c39cb507e56", "57eb9c15334e1414f3f17c932aed4100be62571991abc5bfaa9c9632b0d008c9", "584fb46969c1c007d4d2bd26a03ffd8983a3aebdb7d29890b76e2107ed875e42", "598bb1a861724d4a062853c0c1ed53a80563b240e695fb60da192e7b580337aa", "5b9c3f1d63c2f36f392a1b3dfe88a5786b1b5ebc0f90f9c1c4f578d1dceb91b1", "5cecba33f12156a7fb591d0e01d71e30afbba9463e3da28992cf632fe7e1fc74", "5ed98386abb0326fb81a4200085addb06c7b26e02b51efaa624a12be47d834b0", "5f1009e89ce5db075956c602f722e86b40c1c1bc3e7ddc1cf304ff2308cbc76a", "5f850b3eed12d3ffa6b77c7f7b97df1ce4c1fd2c8af36ad94000d27765eb4fe8", "6020dc9cb609036c6f7f895d38cdecaf962a6efb3a39f84a175e0556afe80afd", "61c2e7f07868d93dea9e5a9d68bb72cd7035bddcac5edba3ea60a269e81b2e99", "6229d7696ee1ebb8904755c19a8f5641d7ddbb57200d6ad4e561ebdbed75ea08", "6242a3eece36e5c87bd9e03f83018a18060ff33478f42f1d281f0b50f1bb0178", "63117b805d89dfc38fff4e832c925aca3d33b16592f26a3849fd8332ac1cdb37", "6389a1a77dd397cc252a33e5f82ce02555982caf6d54f454113f2d1b0b29e888", "644fd25dc07b463d4bbb894e590330897a3ce3cdc6b8d7a733df9b0efbccb8a0", "6466fd337c06356164c9f7b72fe8e9c3d4090f7c1681deebfc714f5664256369", "6655a8e5c8da735abac57285d5948395e43ae52f556ccb01d7a00e0cbc18bcdc", "673531ae3791f5d5236637ef8dae732060cae0651632fadd5fbf2c6358d61278", "6a0e02ea4c918143d986aeef81b5c2850b2a6d0ebc0e368f2aeea057f04e1faa", "6aa11dd71d8c595b24a14ca81697611b35e48e6162d268455926dac43b1b5d7f", "6ada8a1b64055c844f928cfe1f3ed13994ceeded8ca1bc2b27b064d97751a5e8", "6bf4ac2d9a4354c070954bf033617d4b42f51a1b73d0ebcc622e73cc78a7052f", "6de9af665b1883a0d3382b8abd9daf6b446be864df2d69674b2e0740c99f671f", "6e688ac5548a93771998c21dd76e0a44e22cea8f8a43f5b8ad5f2422bbbacbe0", "6ee943ac91027e9ae17b32614a75836644d7854d436087ba7554bb8b5d08d2f8", "6ef5b51e0b7e6ad72ce666c366460b8ad12c8b00cf0b0e5f7e2a7c0d42be4bb6", "6ff5a18860a3abf3e6e626f7202d328a273b2e6316e5033a9e38817c0174b9f2", "70a0be4b6d9993f1e14086b227f18d948a878271a716357bf57ae515b6b3f99f", "71450714b25f2fbfb7fc8c72df01e86285b41b54a2e3016c724e29c399ec2808", "715f4144a9bb7b890d02db008bd506c49aebda8abeafb371722c8d71f9a4e7a5", "71c449d8b8c99c1fdbe6c8aee10e1e5f6b5b2314f74c9883954d80dc8c6711c0", "740fb88b1aaad58a92a87d183f798456cea6dd06ed0a52715efc5c2114618217", "74ec7b52317a199c8cdb324fdb12f0877ef4e74be447aa35535a085223cf22e8", "75edb92a742299d3b3711b68c8b8ca21aef5a7cae9260b722c2a3a2afaf55676", "765b882161573c24edb49aa1718371bdfcafe31d25aba65cd26f9b4ca07c029f", "7c185d7d1ba8d70b2f30f1526b1fbc003e35344fd1f3be6fd6652b06c417961b", "7ce01cd998177954975f0da6b94bb0be07cbd37f6b45626d3c78dd044d5751b8", "7d6a1f726fba53fc66b834b6ab78ac97e1a616f8b9ba34324f7a4add8164e1e1", "7e93c6ea447656cd3704ff68f26e38ab98b5c263af9a59241407726dc3bed33d", "8039e321a89a4ccc2ed95038581314c1c8c24db87a58529e81185c6d15036dd8", "803b332a3ed7caf147a77cff7d11322e1cd559d595761169e4328d42b257c8a3", "807b66e23b9067af737195ff635add7c0f537520bdaa439cf8ec17d3b5091b02", "8084b92860baf071f6b5c51eea5205167f14441880918a4eabbc4aa64f37d814", "8179f0909d4583e7791e0a92f70b3c69b04f01579dbcbed6acf53546cbc6b5bc", "825bea635c64c3d7b4c020070c947eaf2cd56e1d88d71685ecebc6540936bb21", "82d5530ab2d0d665c7fdb9aae88dfe038cc4918b7a303f8d269ccd6b2f561049", "82fe4b76aab95bf6cee4895a3cddcb7650a7471752ea69e1b14777e655e3a077", "831d9c7d9549b60f9abba3e9047f88c5766677ca022ba5650ab1c68c41d6f6de", "847e5d31cdc576c87675d0fb9d35cc06a6e73b774040f7cc87c4a281612707fd", "84a71765cf48f72f149435a766e57802dacabe7b90e0da975a5c838101bdc2b0", "85b6da9bb2872b852361cdcd0b4b4b8958ca2c21010fb3dc6a59d5ba1928fa8c", "88dc3f6b79100ef4821808692551dea5a3aae3c8fca8754e24d5042f563d4b24", "8a768960c6af03d92ee29a574853ae5fe1458a8b6f6ae3e7ee8dbdbf52835d1d", "8dc26550f71208fb9b4de792bd948779ff715dceadda3f15a122d9f5ba86a737", "8ee3dc0214aa20169605b2fa6058ee59eafc02f1f0d27338f4d1954960d2a131", "918f908c82f6336a82dcd5087c9bf11927eb346b00513b1fd736ae0492a7ed2f", "928d78796b186232803e9d2df759bb9a3e85a1503b3413ba93afaf4597a09564", "94499ccf1b8a8343b54b29b0f903e5a1028a088f99c30b5900a9cb29c62fbd3c", "9467863d2031416bf3b15561ced143c8e4f73e08fe11f1b5d5e0c7aa333924c2", "975d017bb22320034e4a3e7cf7a70c95f73bb9826c7279c52542e0ffdf031833", "9a48c7986f74cc743518d697877d0cc0910cfaa23c99e5c41b21338d1fcacf6d", "9b18ec0055bc1ebd932e92ee3ba04e7e671fc16d028c3688bd34513465cb2245", "9b304a8deeb096d0b218e2453a60fd5c31eaa1a2878d0127d1b1c43e58b62696", "9b59a961c33399dcd6e00b7fc60b0345274d1f6616bb053a118630f540634aa0", "9b764f6500fbaeff2f72af07b1ffe1864ca04b0b8362ccc9a7cca1d0814908f5", "9bd7176592fd6c3067c61114736bef9547eea56859e196e65f0fd0e631d7d6e6", "9bdc61788e2a971625d102b19b31096cfb932d8b580ffae3677d0971dcfcb64c", "9c08dae7707b43e65469eb870916227f32c45eafcefe46d3005ab3f3f37df01c", "9fbb249bed218b40a4dd8a48d36c1eaa9d20c2d65bffed077842ddbcc06b87ca", "9fcac5d8b188b17d098ff40aa0477edb77674e60f21b751f2b5b1f61f126ffc7", "a0841c7106221da6a865abf5b163eea59285f5ad0865c4680f6816d9b2d6c398", "a10e4616cd4bc227a9f8842819f399802936ede1aa38e80adf291ba3de54cb46", "a3b160d78fe9d4ab9b1a55ff7a52493895effa078c14da1829c3278219b78a16", "a3c151fbb8c38eed2d81587f90d8df785adca76667b079929923ee48ab62e01b", "a4bdb91c2c0c3fcfd4e1194a94aa52d1f963db625546108ad6080ea781f39738", "a5277e6effa4899cf67800c57866a6c585902d45913fe01cb5407be15e0a37d7", "a5816eb506bfc4f2f012b1cab5d6fa94007d7dbb667308ac6d33135718cc03c9", "a6bf91ae9c537a377ec682928ee79197672969f36f4de65bc16027d68e871e14", "a6f8d006c3f308b72d98e2edffd6ee3c336982fec7627820de1f341e7258167e", "a772523f0729cbbc732201d9a620e410f5eef368d6012ac86abcb0a06ea0b492", "a796cf7c88b05494d5dce7479eff272c379c95e36a86db058c3747d7ce2dd222", "a8fa8eb4c464ab0a908fbe1672e3beba5c26793de4a5b95cecf1d210cc322c3a", "a9b5600056aadf1d1cea390c6eb251eef328d781f1c74de3c4e1722f4122bca7", "a9b72dded87b7cdfd7e069852d2b9b35033120bc1323b4f274138b1f73d36ea6", "aa131225ef791f8c003abfbd7ff0b4af42c4e642b5c7b3d92763a3cfb9e60261", "aae6e35b118ee3dd5e051b6284a02c6a54bcffe00f4db1a3cac27cb4d85177be", "ac7e40eee8c391739b0db8c9673a487d23e47855a79fe21a8996d9b4f68da0ea", "acc6f2de0ca8c844a56cb9c6b706157bffa06bc7381460cce77a6610cf6a0764", "ad678b2b5652784cfc06bcbfc3c8d83b8dfba9f9da072711d404b8b90a00e234", "ae413526825817c3576fd31da581e0731b76092c08329835ef9f62019a96dfce", "afb1b0f9843dd1c6c582c68f300e14c2993f4a3a2f5622a7c8268af9a61e7682", "b4619b56b7db4a18df8ae0ebd677b0731ebb946cb843017715dd560685011332", "b49fe4e84ac9748d8220c3de8238fb813bf893625a3855d62642435a113f6983", "b50422fd5dd16dab08405110f93062fc6041389b53c2fa0c7c1989c710d67144", "b58a1bc358b175a497f1e5a507d2271946c1960314a2f0a4bc43bc7bbaff9286", "b5fa06ffc8622b62ae0364d91e19a66d093c3cf0693fe674adf2ebd9f5e867b8", "bb37c44d99b30e484832ff4f25e1f98aebe212b0a04d5c272366069dcd24befc", "bcb663120a8909cfee96cbc81956b342de0f76bb53f653ed1e260847e051ae52", "bcd563d48a7fdbff0bf4d092346169dde3c13367464c7e5e0eff115f0bc589b2", "bd3c5c496a015b160645fe69066ebbe3e308a1c8de72a4225e7f38cf3d76a4ea", "bdcaba09c652380c33f60cf46d84efd7c6a50363e2e45b57fb3980c23ccd78a2", "be20e54f2f6d0b1d64afd12e216974c96ed61ba7704edb1a006ef8792606b2c1", "bebabe3c5175cec9b3c1b3a7f655df35bc6d70ebadd8c4bfabc82d41581be206", "bfe1ac60cb2a050f6fe99f41dc67c5783074f5506cb6bd4ffc4aa2967b601584", "c2ab02f9bff9e16fc0d7f3210c0c927deba4315e4acd8dd4fdbd5eb4b6026b78", "c37f50968224c738e5fe9473cc69534069b8323d0f2870c3e26c7ec3cc336bb1", "c500d4b5721ab7f24eab9f56e41a5c8bf09f3b046811d8353b18a17e01ac65dd", "c89bbee92bbfb39ebb8c407b4b9c16159f883122aeefa9bea1adef350b70e942", "c973c87d98a07bf9142fcdcb4a2b647db3e17ddf20b3fcdfffe00892d3a2bbb8", "c9ab991b0eb738afabaf88085a44916072beac271f0a43f3fd98d2d122b4a497", "c9cadf13213891eebef12683d82ce29130cc85295b756d90b01dcaac5f75e4eb", "ca38b9609c62aff3727fb7a855ad33405ca321caf1fc7e1e05baa861f8695fc3", "cbdae5d15ae21f36176fee32ed3bc0304d31ca635bdd549864386458a191680c", "cdf8c0fa4bb0a3b7dbc2c1797b9b7c98f7a29fca5105ef2add45fab71897b8cc", "cebdfcbc6e8266a9ef2c867b82c7891a21b78275fe3e15161673231053352d7f", "d00c8d039a1e7a342740093f6a81e4899ea5e6e4e1cd708a950cc371dfb36564", "d06feb2ddd1ecc31d5265552a733c47d94566d94bf69da921470062ded1ba263", "d091c6670053f861a0b0528e244698df9ee2e6e88f36e615d6f1265cb302be10", "d19fd82490dbc53bdc604e2f6c79a7f85f7d6dd66ef6f57798f403b2bfc0d367", "d2c89c1103611ff4d5f2837a80862eddb6685853bed3655b1200ab21d0bdb777", "d508aaf78bd922231d83b839423aa969d96b3d2685f4d0e9de7cb1f36cbc899d", "d60ae4db2f6f259377f5529d77b9b25c17d3863cad080fd5acb24b439ab2c328", "d6b13c4794a24abf5ea46de774c57282795a8210cb1b81fcd1b52000e57fe822", "d85210a19aa2d3b651c5d6731adc7eb7feae01c9c46b4ea1622b7c74609d453b", "d903396973569dd0f72c1842986cde1bb2719309078444d26c9d15cb4955f947", "da47e798928c71ff30725a81ce422a38480509fbf627783a827ff729502753ed", "da6e944d15e54c8dd563c90b24c1ffd7b3bb0b879ffc2c38c9c386dbd84282b4", "db49c84709881043320a3fe92b4492a55ac702a377b450498c74f0423e9e03f6", "dba8a0bc7623cbb8f9a246e389cfd982e9fd5977c6297d29788d4238ecf51ff8", "dbed2dd0503e73fbac6abbcb99adf1b723b0190bbde9b1e41c72c905fd5af9f2", "e07f24f54f279968a458af050528f791d05eef3d2b347fdb7083ff7027312bf4", "e0fdb1f9ef1d36df2fdf4d43db921617185dfb09f4eb86c94946afaa005b1162", "e355e6e9a5a80cc9cb0ed9703576458503a7637ff0af0402abfbbdc199b484c1", "e374a72bb9320edd700359fdff3b599d7599189f2a3d17e34ad91584e2672fd5", "e3ba9305791e5344994645037ccb8da3c775447954c0bd0f68c640657c744f5f", "e46ba64623557a647849e72e961b484e86522997116a1b6ef350ebda2418603a", "e49908e3bcda927b6ee689daaba0a246c2f57ea0e3eb80898e77e1313c3ea528", "e71df894e3bd36a5de0db387810accd579edfcf5b7b1e0192da45daebbd84fcd", "e93d7f259f7354ef6172568a889b9d0289e3c991a2e5dcf3dbbef4a2bbebedd5", "e940b97c36d67541714d88c0c5016c9a3e44d041a007456e2351f01ba45fe574", "e9b75ac3e1bafe3ea364924ac313bf1577916e7abeefe90a33073aab3e0a9709", "ea157666e4923f0afdfde549788caab783b44841179e8f122c277d6c88855b9b", "ee7f26981cebfb3fce81a032d14d8a821cf4bba39a6865e354068873ec0fc926", "eea77ce541f5ed8f8752012dc0542a40573d7a04b95c6068f0d1b85790a89827", "ef5195dd5a70ad9e4897cca4baa11b740c530c5b2dbcaf0c257afa20ac71cd62", "f1f7064a4db7ebe742b47a8b21b3f7fd067e154d683aa6a26add553c89a8b078", "f252edf9852a4e1ec5cffba81868c18251e0e00523cda6ce36e914af8fc36ebc", "f375ccb26b214c0ac705aa9ca64f819de9112572c01b83c88e12e1ef9d16b60c", "f57a0800083c41020190393461b4aff616751f3ceccf1b74a5c152538e1ec04d", "f7cab41a0d4b6ea7b1f979cf0659ef144cd38067b1ba09c106d5cfde23e17912", "f86476ac8e881c72e192e157590550bf9b0b61a35c3fe389492373985cbb9be1", "f89177d4fec365309f0eb293ee7372ba3dc35dc67a735619de2737ddc22e4687", "f9642854b2ad31be145a61f2ceb0f76b5d3d615852f173fa22dc037c1d4b17bf", "fd74a36558eafa61a6bd2e04830f54d05956fc7d3ae6bb3644b730b10d1f3fa5", "ff6b782bd1bc0d5984d6746d6e057d2f3c9ce613cdabaf28fade681995f4fbf6", "ffa89e193c1b7b5ba008773e5ea9e4c515d9921f58447699b6be33e49442836d", "ffe8c2cd1a68f91c4d0ae942f905a548c109effa83fba00b6460eea9ceb57df6"], "iocs": {"domain": [], "file": [{"hashes": ["765b882161573c24edb49aa1718371bdfcafe31d25aba65cd26f9b4ca07c029f", "803b332a3ed7caf147a77cff7d11322e1cd559d595761169e4328d42b257c8a3"], "path": "\\{09389d67-f724-2900-fb77-cb0d3fc9f9b2}"}, {"hashes": ["6020dc9cb609036c6f7f895d38cdecaf962a6efb3a39f84a175e0556afe80afd"], "path": "%APPDATA%\\D282E1"}, {"hashes": ["6020dc9cb609036c6f7f895d38cdecaf962a6efb3a39f84a175e0556afe80afd"], "path": "%APPDATA%\\D282E1\\1E80C5.lck"}, {"hashes": ["6020dc9cb609036c6f7f895d38cdecaf962a6efb3a39f84a175e0556afe80afd"], "path": "%APPDATA%\\Microsoft\\Crypto\\RSA\\S-1-5-21-2580483871-590521980-3826313501-500\\a18ca4003deb042bbee7a40f15e1970b_d19ab989-a35f-4710-83df-7b2db7efe7c5"}, {"hashes": ["c973c87d98a07bf9142fcdcb4a2b647db3e17ddf20b3fcdfffe00892d3a2bbb8"], "path": "\\{52d6d7ab-f540-6c27-890a-af500adc9a0d}"}, {"hashes": ["5ed98386abb0326fb81a4200085addb06c7b26e02b51efaa624a12be47d834b0"], "path": "\\{4fa167ab-f7e2-ff24-2e48-647ef8633960}"}, {"hashes": ["481920cc54ecf2c808fbf29cff0376e792afe6b10bb44737ff4b782b4e735db7"], "path": "\\{ef6007c6-a5d2-ddd4-8b35-1c2c1f5d4a96}"}, {"hashes": ["7c185d7d1ba8d70b2f30f1526b1fbc003e35344fd1f3be6fd6652b06c417961b"], "path": "\\{1e0b0e53-9094-b1ae-cc0d-9f9c10035e4c}"}, {"hashes": ["9bd7176592fd6c3067c61114736bef9547eea56859e196e65f0fd0e631d7d6e6"], "path": "\\{4d62b927-3e23-4273-ae85-f2b51f4bef63}"}], "ip": [{"hashes": ["481920cc54ecf2c808fbf29cff0376e792afe6b10bb44737ff4b782b4e735db7", "5ed98386abb0326fb81a4200085addb06c7b26e02b51efaa624a12be47d834b0", "765b882161573c24edb49aa1718371bdfcafe31d25aba65cd26f9b4ca07c029f", "7c185d7d1ba8d70b2f30f1526b1fbc003e35344fd1f3be6fd6652b06c417961b", "803b332a3ed7caf147a77cff7d11322e1cd559d595761169e4328d42b257c8a3", "9bd7176592fd6c3067c61114736bef9547eea56859e196e65f0fd0e631d7d6e6", "c973c87d98a07bf9142fcdcb4a2b647db3e17ddf20b3fcdfffe00892d3a2bbb8"], "ip": "179[.]43[.]154[.]216"}, {"hashes": ["6020dc9cb609036c6f7f895d38cdecaf962a6efb3a39f84a175e0556afe80afd"], "ip": "208[.]67[.]105[.]148"}], "mutex": [{"hashes": ["481920cc54ecf2c808fbf29cff0376e792afe6b10bb44737ff4b782b4e735db7", "5ed98386abb0326fb81a4200085addb06c7b26e02b51efaa624a12be47d834b0", "765b882161573c24edb49aa1718371bdfcafe31d25aba65cd26f9b4ca07c029f", "7c185d7d1ba8d70b2f30f1526b1fbc003e35344fd1f3be6fd6652b06c417961b", "803b332a3ed7caf147a77cff7d11322e1cd559d595761169e4328d42b257c8a3", "9bd7176592fd6c3067c61114736bef9547eea56859e196e65f0fd0e631d7d6e6", "c973c87d98a07bf9142fcdcb4a2b647db3e17ddf20b3fcdfffe00892d3a2bbb8"], "name": "Random name"}, {"hashes": ["481920cc54ecf2c808fbf29cff0376e792afe6b10bb44737ff4b782b4e735db7", "5ed98386abb0326fb81a4200085addb06c7b26e02b51efaa624a12be47d834b0", "765b882161573c24edb49aa1718371bdfcafe31d25aba65cd26f9b4ca07c029f", "7c185d7d1ba8d70b2f30f1526b1fbc003e35344fd1f3be6fd6652b06c417961b", "803b332a3ed7caf147a77cff7d11322e1cd559d595761169e4328d42b257c8a3", "9bd7176592fd6c3067c61114736bef9547eea56859e196e65f0fd0e631d7d6e6", "c973c87d98a07bf9142fcdcb4a2b647db3e17ddf20b3fcdfffe00892d3a2bbb8"], "name": "MSCTF.Asm.{00000009-4fb3f26-9d18-66b568-627b8a85e4b6}"}, {"hashes": ["481920cc54ecf2c808fbf29cff0376e792afe6b10bb44737ff4b782b4e735db7", "5ed98386abb0326fb81a4200085addb06c7b26e02b51efaa624a12be47d834b0", "765b882161573c24edb49aa1718371bdfcafe31d25aba65cd26f9b4ca07c029f", "7c185d7d1ba8d70b2f30f1526b1fbc003e35344fd1f3be6fd6652b06c417961b", "803b332a3ed7caf147a77cff7d11322e1cd559d595761169e4328d42b257c8a3", "9bd7176592fd6c3067c61114736bef9547eea56859e196e65f0fd0e631d7d6e6", "c973c87d98a07bf9142fcdcb4a2b647db3e17ddf20b3fcdfffe00892d3a2bbb8"], "name": "Global\\MSCTF.Asm.{04fb3f26-9d18-66b5-6862-7b8a85e4b620}"}, {"hashes": ["481920cc54ecf2c808fbf29cff0376e792afe6b10bb44737ff4b782b4e735db7", "5ed98386abb0326fb81a4200085addb06c7b26e02b51efaa624a12be47d834b0", "765b882161573c24edb49aa1718371bdfcafe31d25aba65cd26f9b4ca07c029f", "7c185d7d1ba8d70b2f30f1526b1fbc003e35344fd1f3be6fd6652b06c417961b", "803b332a3ed7caf147a77cff7d11322e1cd559d595761169e4328d42b257c8a3", "9bd7176592fd6c3067c61114736bef9547eea56859e196e65f0fd0e631d7d6e6", "c973c87d98a07bf9142fcdcb4a2b647db3e17ddf20b3fcdfffe00892d3a2bbb8"], "name": "Session\\1\\MSCTF.Asm.{04fb3f26-9d18-66b5-6862-7b8a85e4b620}"}, {"hashes": ["481920cc54ecf2c808fbf29cff0376e792afe6b10bb44737ff4b782b4e735db7", "5ed98386abb0326fb81a4200085addb06c7b26e02b51efaa624a12be47d834b0", "765b882161573c24edb49aa1718371bdfcafe31d25aba65cd26f9b4ca07c029f", "7c185d7d1ba8d70b2f30f1526b1fbc003e35344fd1f3be6fd6652b06c417961b", "803b332a3ed7caf147a77cff7d11322e1cd559d595761169e4328d42b257c8a3", "9bd7176592fd6c3067c61114736bef9547eea56859e196e65f0fd0e631d7d6e6", "c973c87d98a07bf9142fcdcb4a2b647db3e17ddf20b3fcdfffe00892d3a2bbb8"], "name": "Session\\2\\MSCTF.Asm.{04fb3f26-9d18-66b5-6862-7b8a85e4b620}"}, {"hashes": ["481920cc54ecf2c808fbf29cff0376e792afe6b10bb44737ff4b782b4e735db7", "5ed98386abb0326fb81a4200085addb06c7b26e02b51efaa624a12be47d834b0", "765b882161573c24edb49aa1718371bdfcafe31d25aba65cd26f9b4ca07c029f", "7c185d7d1ba8d70b2f30f1526b1fbc003e35344fd1f3be6fd6652b06c417961b", "803b332a3ed7caf147a77cff7d11322e1cd559d595761169e4328d42b257c8a3", "9bd7176592fd6c3067c61114736bef9547eea56859e196e65f0fd0e631d7d6e6", "c973c87d98a07bf9142fcdcb4a2b647db3e17ddf20b3fcdfffe00892d3a2bbb8"], "name": "Session\\3\\MSCTF.Asm.{04fb3f26-9d18-66b5-6862-7b8a85e4b620}"}, {"hashes": ["481920cc54ecf2c808fbf29cff0376e792afe6b10bb44737ff4b782b4e735db7", "5ed98386abb0326fb81a4200085addb06c7b26e02b51efaa624a12be47d834b0", "765b882161573c24edb49aa1718371bdfcafe31d25aba65cd26f9b4ca07c029f", "7c185d7d1ba8d70b2f30f1526b1fbc003e35344fd1f3be6fd6652b06c417961b", "803b332a3ed7caf147a77cff7d11322e1cd559d595761169e4328d42b257c8a3", "9bd7176592fd6c3067c61114736bef9547eea56859e196e65f0fd0e631d7d6e6", "c973c87d98a07bf9142fcdcb4a2b647db3e17ddf20b3fcdfffe00892d3a2bbb8"], "name": "Session\\4\\MSCTF.Asm.{04fb3f26-9d18-66b5-6862-7b8a85e4b620}"}, {"hashes": ["481920cc54ecf2c808fbf29cff0376e792afe6b10bb44737ff4b782b4e735db7", "5ed98386abb0326fb81a4200085addb06c7b26e02b51efaa624a12be47d834b0", "765b882161573c24edb49aa1718371bdfcafe31d25aba65cd26f9b4ca07c029f", "7c185d7d1ba8d70b2f30f1526b1fbc003e35344fd1f3be6fd6652b06c417961b", "803b332a3ed7caf147a77cff7d11322e1cd559d595761169e4328d42b257c8a3", "9bd7176592fd6c3067c61114736bef9547eea56859e196e65f0fd0e631d7d6e6", "c973c87d98a07bf9142fcdcb4a2b647db3e17ddf20b3fcdfffe00892d3a2bbb8"], "name": "Session\\5\\MSCTF.Asm.{04fb3f26-9d18-66b5-6862-7b8a85e4b620}"}, {"hashes": ["481920cc54ecf2c808fbf29cff0376e792afe6b10bb44737ff4b782b4e735db7", "5ed98386abb0326fb81a4200085addb06c7b26e02b51efaa624a12be47d834b0", "765b882161573c24edb49aa1718371bdfcafe31d25aba65cd26f9b4ca07c029f", "7c185d7d1ba8d70b2f30f1526b1fbc003e35344fd1f3be6fd6652b06c417961b", "803b332a3ed7caf147a77cff7d11322e1cd559d595761169e4328d42b257c8a3", "9bd7176592fd6c3067c61114736bef9547eea56859e196e65f0fd0e631d7d6e6", "c973c87d98a07bf9142fcdcb4a2b647db3e17ddf20b3fcdfffe00892d3a2bbb8"], "name": "Session\\6\\MSCTF.Asm.{04fb3f26-9d18-66b5-6862-7b8a85e4b620}"}, {"hashes": ["481920cc54ecf2c808fbf29cff0376e792afe6b10bb44737ff4b782b4e735db7", "5ed98386abb0326fb81a4200085addb06c7b26e02b51efaa624a12be47d834b0", "765b882161573c24edb49aa1718371bdfcafe31d25aba65cd26f9b4ca07c029f", "7c185d7d1ba8d70b2f30f1526b1fbc003e35344fd1f3be6fd6652b06c417961b", "803b332a3ed7caf147a77cff7d11322e1cd559d595761169e4328d42b257c8a3", "9bd7176592fd6c3067c61114736bef9547eea56859e196e65f0fd0e631d7d6e6", "c973c87d98a07bf9142fcdcb4a2b647db3e17ddf20b3fcdfffe00892d3a2bbb8"], "name": "Session\\7\\MSCTF.Asm.{04fb3f26-9d18-66b5-6862-7b8a85e4b620}"}, {"hashes": ["481920cc54ecf2c808fbf29cff0376e792afe6b10bb44737ff4b782b4e735db7", "5ed98386abb0326fb81a4200085addb06c7b26e02b51efaa624a12be47d834b0", "765b882161573c24edb49aa1718371bdfcafe31d25aba65cd26f9b4ca07c029f", "7c185d7d1ba8d70b2f30f1526b1fbc003e35344fd1f3be6fd6652b06c417961b", "803b332a3ed7caf147a77cff7d11322e1cd559d595761169e4328d42b257c8a3", "9bd7176592fd6c3067c61114736bef9547eea56859e196e65f0fd0e631d7d6e6", "c973c87d98a07bf9142fcdcb4a2b647db3e17ddf20b3fcdfffe00892d3a2bbb8"], "name": "Session\\8\\MSCTF.Asm.{04fb3f26-9d18-66b5-6862-7b8a85e4b620}"}, {"hashes": ["6020dc9cb609036c6f7f895d38cdecaf962a6efb3a39f84a175e0556afe80afd"], "name": "3749282D282E1E80C56CAE5A"}, {"hashes": ["11634ea3ef30d4beeb73c51ac5153cbfac5bd12163a8d3f27ef239ce20d43239"], "name": "Global\\6f69f321-d229-11ed-9660-001517ddad26"}, {"hashes": ["1cf4020e66e2bfd278b034441991ab9c4b86d90b92d2b70c55eaf9fdf4e4c1d3"], "name": "Global\\dac866a1-d207-11ed-9660-001517383757"}, {"hashes": ["8ee3dc0214aa20169605b2fa6058ee59eafc02f1f0d27338f4d1954960d2a131"], "name": "Global\\c87f3f81-d218-11ed-9660-0015171e0af0"}, {"hashes": ["d091c6670053f861a0b0528e244698df9ee2e6e88f36e615d6f1265cb302be10"], "name": "Global\\b1b3e1e1-d275-11ed-9660-0015170cc556"}], "registry": [{"hashes": ["003ba45ad5bf2c841859c43721b6bcbb4e1002d9630cc0dd1e1ea8ff2456fd56", "011a3b2df7bdd0af5098314a22b2c611ca06ddcaa43620d67d53f4933bf8b742", "04f4ed5fe2e0464f494d03003d29bfa42ca7bca411a13890419a9e023c1dc3c2", "062cebd1abc7f7adfc8e01683ef0ea34865440c37fc08c06b28fbecfc0b4bd7b", "07a221bef3d6ab41f7d234a345d1600491f08ee8e1e7a933518ba86b32033731", "088cda450c0b4bdb9c1b913a73a47a85bd01967c0c94de5bf0045a337e96bb4b", "0b2174aaa22f46766725e8551d8191ebb66ff12156f5e337438f0e9a00ec0d2a", "0e0744013438fd9feade11a2bece21edecdccaf75cb4823dcc96a8679023e19a", "0f434385e7eba23c2f0887f47b3409fe63f15961bd19787e156a43527fa2e06c", "10a708ad870990986a59f003b7c4ee81f786ef44d182be19e567bc56f7dda266", "10dc6c1faa1fe94fd3c0aefb39ef1a81d2b8b5013c5fd6518e46ff6bab08adcb", "13fe66d0f85b75af9b4c2ecf8251fa7d1800d7ce0c98210ed09414eb496369bb", "1476d9a6bdedd18b40867ee7d6d65b2fa85f2824205602dc646594852165e023", "18577a46633f206d96d4a4d06f8adbcae6fa09f4500db6c5efe820ca6ebe00bf", "187c183f7991b7527f61460bb2c8632e4a8ff83cadcccd2cb172fc09becf960b", "1ac4a65da5b8fe68fc3dd892b42e90c861566d754f78965b29428f1b387caf70", "1bbb4374528cf6ca5e75201057498b025cd86af3aadd055eeab1f8df63e060f4", "1e8784959fb81f7b1ef0bfa506e34296567683428c4c99421d99c6900a83db8a", "1f732f2aedbdf313f8d692a263e175d8d433c64177f4186ac086c8124577ccf6", "1f91f110d669e00d2f517ca2a33a19bad9e58e24ed7361099d541a230c61454f", "1fe4d1be4744591ed9ec166a6ec42082b5f546dd7183d8642b78f5480052c696", "20205c342c9355306d21950e3a85032de8d3ac6649aab1ffe6c485ac05b4b4a7", "2025af7b32fd101deaaa976af199bb524916da9203fe6d7edeb7cfce0d41ac0b", "d19fd82490dbc53bdc604e2f6c79a7f85f7d6dd66ef6f57798f403b2bfc0d367", "dbed2dd0503e73fbac6abbcb99adf1b723b0190bbde9b1e41c72c905fd5af9f2", "f375ccb26b214c0ac705aa9ca64f819de9112572c01b83c88e12e1ef9d16b60c"], "key": "<HKLM>\\SOFTWARE\\POLICIES\\MICROSOFT\\WINDOWS DEFENDER", "value_name": "DisableAntiSpyware"}, {"hashes": ["003ba45ad5bf2c841859c43721b6bcbb4e1002d9630cc0dd1e1ea8ff2456fd56", "011a3b2df7bdd0af5098314a22b2c611ca06ddcaa43620d67d53f4933bf8b742", "04f4ed5fe2e0464f494d03003d29bfa42ca7bca411a13890419a9e023c1dc3c2", "062cebd1abc7f7adfc8e01683ef0ea34865440c37fc08c06b28fbecfc0b4bd7b", "07a221bef3d6ab41f7d234a345d1600491f08ee8e1e7a933518ba86b32033731", "088cda450c0b4bdb9c1b913a73a47a85bd01967c0c94de5bf0045a337e96bb4b", "0b2174aaa22f46766725e8551d8191ebb66ff12156f5e337438f0e9a00ec0d2a", "0e0744013438fd9feade11a2bece21edecdccaf75cb4823dcc96a8679023e19a", "0f434385e7eba23c2f0887f47b3409fe63f15961bd19787e156a43527fa2e06c", "10a708ad870990986a59f003b7c4ee81f786ef44d182be19e567bc56f7dda266", "10dc6c1faa1fe94fd3c0aefb39ef1a81d2b8b5013c5fd6518e46ff6bab08adcb", "13fe66d0f85b75af9b4c2ecf8251fa7d1800d7ce0c98210ed09414eb496369bb", "1476d9a6bdedd18b40867ee7d6d65b2fa85f2824205602dc646594852165e023", "18577a46633f206d96d4a4d06f8adbcae6fa09f4500db6c5efe820ca6ebe00bf", "187c183f7991b7527f61460bb2c8632e4a8ff83cadcccd2cb172fc09becf960b", "1ac4a65da5b8fe68fc3dd892b42e90c861566d754f78965b29428f1b387caf70", "1bbb4374528cf6ca5e75201057498b025cd86af3aadd055eeab1f8df63e060f4", "1e8784959fb81f7b1ef0bfa506e34296567683428c4c99421d99c6900a83db8a", "1f732f2aedbdf313f8d692a263e175d8d433c64177f4186ac086c8124577ccf6", "1f91f110d669e00d2f517ca2a33a19bad9e58e24ed7361099d541a230c61454f", "1fe4d1be4744591ed9ec166a6ec42082b5f546dd7183d8642b78f5480052c696", "20205c342c9355306d21950e3a85032de8d3ac6649aab1ffe6c485ac05b4b4a7", "2025af7b32fd101deaaa976af199bb524916da9203fe6d7edeb7cfce0d41ac0b", "d19fd82490dbc53bdc604e2f6c79a7f85f7d6dd66ef6f57798f403b2bfc0d367", "dbed2dd0503e73fbac6abbcb99adf1b723b0190bbde9b1e41c72c905fd5af9f2", "f375ccb26b214c0ac705aa9ca64f819de9112572c01b83c88e12e1ef9d16b60c"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WINDEFEND", "value_name": "Start"}, {"hashes": ["003ba45ad5bf2c841859c43721b6bcbb4e1002d9630cc0dd1e1ea8ff2456fd56", "011a3b2df7bdd0af5098314a22b2c611ca06ddcaa43620d67d53f4933bf8b742", "04f4ed5fe2e0464f494d03003d29bfa42ca7bca411a13890419a9e023c1dc3c2", "062cebd1abc7f7adfc8e01683ef0ea34865440c37fc08c06b28fbecfc0b4bd7b", "07a221bef3d6ab41f7d234a345d1600491f08ee8e1e7a933518ba86b32033731", "088cda450c0b4bdb9c1b913a73a47a85bd01967c0c94de5bf0045a337e96bb4b", "0b2174aaa22f46766725e8551d8191ebb66ff12156f5e337438f0e9a00ec0d2a", "0e0744013438fd9feade11a2bece21edecdccaf75cb4823dcc96a8679023e19a", "0f434385e7eba23c2f0887f47b3409fe63f15961bd19787e156a43527fa2e06c", "10a708ad870990986a59f003b7c4ee81f786ef44d182be19e567bc56f7dda266", "10dc6c1faa1fe94fd3c0aefb39ef1a81d2b8b5013c5fd6518e46ff6bab08adcb", "13fe66d0f85b75af9b4c2ecf8251fa7d1800d7ce0c98210ed09414eb496369bb", "1476d9a6bdedd18b40867ee7d6d65b2fa85f2824205602dc646594852165e023", "18577a46633f206d96d4a4d06f8adbcae6fa09f4500db6c5efe820ca6ebe00bf", "187c183f7991b7527f61460bb2c8632e4a8ff83cadcccd2cb172fc09becf960b", "1ac4a65da5b8fe68fc3dd892b42e90c861566d754f78965b29428f1b387caf70", "1bbb4374528cf6ca5e75201057498b025cd86af3aadd055eeab1f8df63e060f4", "1e8784959fb81f7b1ef0bfa506e34296567683428c4c99421d99c6900a83db8a", "1f732f2aedbdf313f8d692a263e175d8d433c64177f4186ac086c8124577ccf6", "1f91f110d669e00d2f517ca2a33a19bad9e58e24ed7361099d541a230c61454f", "1fe4d1be4744591ed9ec166a6ec42082b5f546dd7183d8642b78f5480052c696", "20205c342c9355306d21950e3a85032de8d3ac6649aab1ffe6c485ac05b4b4a7", "2025af7b32fd101deaaa976af199bb524916da9203fe6d7edeb7cfce0d41ac0b", "d19fd82490dbc53bdc604e2f6c79a7f85f7d6dd66ef6f57798f403b2bfc0d367", "dbed2dd0503e73fbac6abbcb99adf1b723b0190bbde9b1e41c72c905fd5af9f2", "f375ccb26b214c0ac705aa9ca64f819de9112572c01b83c88e12e1ef9d16b60c"], "key": "<HKLM>\\SOFTWARE\\POLICIES\\MICROSOFT\\WINDOWS\\WINDOWSUPDATE\\AU", "value_name": null}, {"hashes": ["003ba45ad5bf2c841859c43721b6bcbb4e1002d9630cc0dd1e1ea8ff2456fd56", "011a3b2df7bdd0af5098314a22b2c611ca06ddcaa43620d67d53f4933bf8b742", "04f4ed5fe2e0464f494d03003d29bfa42ca7bca411a13890419a9e023c1dc3c2", "062cebd1abc7f7adfc8e01683ef0ea34865440c37fc08c06b28fbecfc0b4bd7b", "07a221bef3d6ab41f7d234a345d1600491f08ee8e1e7a933518ba86b32033731", "088cda450c0b4bdb9c1b913a73a47a85bd01967c0c94de5bf0045a337e96bb4b", "0b2174aaa22f46766725e8551d8191ebb66ff12156f5e337438f0e9a00ec0d2a", "0e0744013438fd9feade11a2bece21edecdccaf75cb4823dcc96a8679023e19a", "0f434385e7eba23c2f0887f47b3409fe63f15961bd19787e156a43527fa2e06c", "10a708ad870990986a59f003b7c4ee81f786ef44d182be19e567bc56f7dda266", "10dc6c1faa1fe94fd3c0aefb39ef1a81d2b8b5013c5fd6518e46ff6bab08adcb", "13fe66d0f85b75af9b4c2ecf8251fa7d1800d7ce0c98210ed09414eb496369bb", "1476d9a6bdedd18b40867ee7d6d65b2fa85f2824205602dc646594852165e023", "18577a46633f206d96d4a4d06f8adbcae6fa09f4500db6c5efe820ca6ebe00bf", "187c183f7991b7527f61460bb2c8632e4a8ff83cadcccd2cb172fc09becf960b", "1ac4a65da5b8fe68fc3dd892b42e90c861566d754f78965b29428f1b387caf70", "1bbb4374528cf6ca5e75201057498b025cd86af3aadd055eeab1f8df63e060f4", "1e8784959fb81f7b1ef0bfa506e34296567683428c4c99421d99c6900a83db8a", "1f732f2aedbdf313f8d692a263e175d8d433c64177f4186ac086c8124577ccf6", "1f91f110d669e00d2f517ca2a33a19bad9e58e24ed7361099d541a230c61454f", "1fe4d1be4744591ed9ec166a6ec42082b5f546dd7183d8642b78f5480052c696", "20205c342c9355306d21950e3a85032de8d3ac6649aab1ffe6c485ac05b4b4a7", "2025af7b32fd101deaaa976af199bb524916da9203fe6d7edeb7cfce0d41ac0b", "d19fd82490dbc53bdc604e2f6c79a7f85f7d6dd66ef6f57798f403b2bfc0d367", "dbed2dd0503e73fbac6abbcb99adf1b723b0190bbde9b1e41c72c905fd5af9f2", "f375ccb26b214c0ac705aa9ca64f819de9112572c01b83c88e12e1ef9d16b60c"], "key": "<HKLM>\\SOFTWARE\\POLICIES\\MICROSOFT\\WINDOWS\\WINDOWSUPDATE\\AU", "value_name": "NoAutoRebootWithLoggedOnUsers"}, {"hashes": ["003ba45ad5bf2c841859c43721b6bcbb4e1002d9630cc0dd1e1ea8ff2456fd56", "011a3b2df7bdd0af5098314a22b2c611ca06ddcaa43620d67d53f4933bf8b742", "04f4ed5fe2e0464f494d03003d29bfa42ca7bca411a13890419a9e023c1dc3c2", "062cebd1abc7f7adfc8e01683ef0ea34865440c37fc08c06b28fbecfc0b4bd7b", "07a221bef3d6ab41f7d234a345d1600491f08ee8e1e7a933518ba86b32033731", "088cda450c0b4bdb9c1b913a73a47a85bd01967c0c94de5bf0045a337e96bb4b", "0b2174aaa22f46766725e8551d8191ebb66ff12156f5e337438f0e9a00ec0d2a", "0e0744013438fd9feade11a2bece21edecdccaf75cb4823dcc96a8679023e19a", "0f434385e7eba23c2f0887f47b3409fe63f15961bd19787e156a43527fa2e06c", "10a708ad870990986a59f003b7c4ee81f786ef44d182be19e567bc56f7dda266", "10dc6c1faa1fe94fd3c0aefb39ef1a81d2b8b5013c5fd6518e46ff6bab08adcb", "13fe66d0f85b75af9b4c2ecf8251fa7d1800d7ce0c98210ed09414eb496369bb", "1476d9a6bdedd18b40867ee7d6d65b2fa85f2824205602dc646594852165e023", "18577a46633f206d96d4a4d06f8adbcae6fa09f4500db6c5efe820ca6ebe00bf", "187c183f7991b7527f61460bb2c8632e4a8ff83cadcccd2cb172fc09becf960b", "1ac4a65da5b8fe68fc3dd892b42e90c861566d754f78965b29428f1b387caf70", "1bbb4374528cf6ca5e75201057498b025cd86af3aadd055eeab1f8df63e060f4", "1e8784959fb81f7b1ef0bfa506e34296567683428c4c99421d99c6900a83db8a", "1f732f2aedbdf313f8d692a263e175d8d433c64177f4186ac086c8124577ccf6", "1f91f110d669e00d2f517ca2a33a19bad9e58e24ed7361099d541a230c61454f", "1fe4d1be4744591ed9ec166a6ec42082b5f546dd7183d8642b78f5480052c696", "20205c342c9355306d21950e3a85032de8d3ac6649aab1ffe6c485ac05b4b4a7", "2025af7b32fd101deaaa976af199bb524916da9203fe6d7edeb7cfce0d41ac0b", "d19fd82490dbc53bdc604e2f6c79a7f85f7d6dd66ef6f57798f403b2bfc0d367", "dbed2dd0503e73fbac6abbcb99adf1b723b0190bbde9b1e41c72c905fd5af9f2", "f375ccb26b214c0ac705aa9ca64f819de9112572c01b83c88e12e1ef9d16b60c"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WUAUSERV", "value_name": "Start"}, {"hashes": ["003ba45ad5bf2c841859c43721b6bcbb4e1002d9630cc0dd1e1ea8ff2456fd56", "011a3b2df7bdd0af5098314a22b2c611ca06ddcaa43620d67d53f4933bf8b742", "04f4ed5fe2e0464f494d03003d29bfa42ca7bca411a13890419a9e023c1dc3c2", "062cebd1abc7f7adfc8e01683ef0ea34865440c37fc08c06b28fbecfc0b4bd7b", "07a221bef3d6ab41f7d234a345d1600491f08ee8e1e7a933518ba86b32033731", "088cda450c0b4bdb9c1b913a73a47a85bd01967c0c94de5bf0045a337e96bb4b", "0b2174aaa22f46766725e8551d8191ebb66ff12156f5e337438f0e9a00ec0d2a", "0e0744013438fd9feade11a2bece21edecdccaf75cb4823dcc96a8679023e19a", "0f434385e7eba23c2f0887f47b3409fe63f15961bd19787e156a43527fa2e06c", "10a708ad870990986a59f003b7c4ee81f786ef44d182be19e567bc56f7dda266", "10dc6c1faa1fe94fd3c0aefb39ef1a81d2b8b5013c5fd6518e46ff6bab08adcb", "13fe66d0f85b75af9b4c2ecf8251fa7d1800d7ce0c98210ed09414eb496369bb", "1476d9a6bdedd18b40867ee7d6d65b2fa85f2824205602dc646594852165e023", "18577a46633f206d96d4a4d06f8adbcae6fa09f4500db6c5efe820ca6ebe00bf", "187c183f7991b7527f61460bb2c8632e4a8ff83cadcccd2cb172fc09becf960b", "1ac4a65da5b8fe68fc3dd892b42e90c861566d754f78965b29428f1b387caf70", "1bbb4374528cf6ca5e75201057498b025cd86af3aadd055eeab1f8df63e060f4", "1e8784959fb81f7b1ef0bfa506e34296567683428c4c99421d99c6900a83db8a", "1f732f2aedbdf313f8d692a263e175d8d433c64177f4186ac086c8124577ccf6", "1f91f110d669e00d2f517ca2a33a19bad9e58e24ed7361099d541a230c61454f", "1fe4d1be4744591ed9ec166a6ec42082b5f546dd7183d8642b78f5480052c696", "20205c342c9355306d21950e3a85032de8d3ac6649aab1ffe6c485ac05b4b4a7", "2025af7b32fd101deaaa976af199bb524916da9203fe6d7edeb7cfce0d41ac0b", "d19fd82490dbc53bdc604e2f6c79a7f85f7d6dd66ef6f57798f403b2bfc0d367", "dbed2dd0503e73fbac6abbcb99adf1b723b0190bbde9b1e41c72c905fd5af9f2", "f375ccb26b214c0ac705aa9ca64f819de9112572c01b83c88e12e1ef9d16b60c"], "key": "<HKLM>\\SOFTWARE\\POLICIES\\MICROSOFT\\WINDOWS\\WINDOWSUPDATE\\AU", "value_name": "NoAutoUpdate"}, {"hashes": ["003ba45ad5bf2c841859c43721b6bcbb4e1002d9630cc0dd1e1ea8ff2456fd56", "011a3b2df7bdd0af5098314a22b2c611ca06ddcaa43620d67d53f4933bf8b742", "04f4ed5fe2e0464f494d03003d29bfa42ca7bca411a13890419a9e023c1dc3c2", "062cebd1abc7f7adfc8e01683ef0ea34865440c37fc08c06b28fbecfc0b4bd7b", "07a221bef3d6ab41f7d234a345d1600491f08ee8e1e7a933518ba86b32033731", "088cda450c0b4bdb9c1b913a73a47a85bd01967c0c94de5bf0045a337e96bb4b", "0b2174aaa22f46766725e8551d8191ebb66ff12156f5e337438f0e9a00ec0d2a", "0e0744013438fd9feade11a2bece21edecdccaf75cb4823dcc96a8679023e19a", "0f434385e7eba23c2f0887f47b3409fe63f15961bd19787e156a43527fa2e06c", "10a708ad870990986a59f003b7c4ee81f786ef44d182be19e567bc56f7dda266", "10dc6c1faa1fe94fd3c0aefb39ef1a81d2b8b5013c5fd6518e46ff6bab08adcb", "13fe66d0f85b75af9b4c2ecf8251fa7d1800d7ce0c98210ed09414eb496369bb", "1476d9a6bdedd18b40867ee7d6d65b2fa85f2824205602dc646594852165e023", "18577a46633f206d96d4a4d06f8adbcae6fa09f4500db6c5efe820ca6ebe00bf", "187c183f7991b7527f61460bb2c8632e4a8ff83cadcccd2cb172fc09becf960b", "1ac4a65da5b8fe68fc3dd892b42e90c861566d754f78965b29428f1b387caf70", "1bbb4374528cf6ca5e75201057498b025cd86af3aadd055eeab1f8df63e060f4", "1e8784959fb81f7b1ef0bfa506e34296567683428c4c99421d99c6900a83db8a", "1f732f2aedbdf313f8d692a263e175d8d433c64177f4186ac086c8124577ccf6", "1f91f110d669e00d2f517ca2a33a19bad9e58e24ed7361099d541a230c61454f", "1fe4d1be4744591ed9ec166a6ec42082b5f546dd7183d8642b78f5480052c696", "20205c342c9355306d21950e3a85032de8d3ac6649aab1ffe6c485ac05b4b4a7", "2025af7b32fd101deaaa976af199bb524916da9203fe6d7edeb7cfce0d41ac0b", "d19fd82490dbc53bdc604e2f6c79a7f85f7d6dd66ef6f57798f403b2bfc0d367", "dbed2dd0503e73fbac6abbcb99adf1b723b0190bbde9b1e41c72c905fd5af9f2", "f375ccb26b214c0ac705aa9ca64f819de9112572c01b83c88e12e1ef9d16b60c"], "key": "<HKLM>\\SOFTWARE\\POLICIES\\MICROSOFT\\WINDOWS DEFENDER\\REAL-TIME PROTECTION", "value_name": "DisableBehaviorMonitoring"}, {"hashes": ["003ba45ad5bf2c841859c43721b6bcbb4e1002d9630cc0dd1e1ea8ff2456fd56", "011a3b2df7bdd0af5098314a22b2c611ca06ddcaa43620d67d53f4933bf8b742", "04f4ed5fe2e0464f494d03003d29bfa42ca7bca411a13890419a9e023c1dc3c2", "062cebd1abc7f7adfc8e01683ef0ea34865440c37fc08c06b28fbecfc0b4bd7b", "07a221bef3d6ab41f7d234a345d1600491f08ee8e1e7a933518ba86b32033731", "088cda450c0b4bdb9c1b913a73a47a85bd01967c0c94de5bf0045a337e96bb4b", "0b2174aaa22f46766725e8551d8191ebb66ff12156f5e337438f0e9a00ec0d2a", "0e0744013438fd9feade11a2bece21edecdccaf75cb4823dcc96a8679023e19a", "0f434385e7eba23c2f0887f47b3409fe63f15961bd19787e156a43527fa2e06c", "10a708ad870990986a59f003b7c4ee81f786ef44d182be19e567bc56f7dda266", "10dc6c1faa1fe94fd3c0aefb39ef1a81d2b8b5013c5fd6518e46ff6bab08adcb", "13fe66d0f85b75af9b4c2ecf8251fa7d1800d7ce0c98210ed09414eb496369bb", "1476d9a6bdedd18b40867ee7d6d65b2fa85f2824205602dc646594852165e023", "18577a46633f206d96d4a4d06f8adbcae6fa09f4500db6c5efe820ca6ebe00bf", "187c183f7991b7527f61460bb2c8632e4a8ff83cadcccd2cb172fc09becf960b", "1ac4a65da5b8fe68fc3dd892b42e90c861566d754f78965b29428f1b387caf70", "1bbb4374528cf6ca5e75201057498b025cd86af3aadd055eeab1f8df63e060f4", "1e8784959fb81f7b1ef0bfa506e34296567683428c4c99421d99c6900a83db8a", "1f732f2aedbdf313f8d692a263e175d8d433c64177f4186ac086c8124577ccf6", "1f91f110d669e00d2f517ca2a33a19bad9e58e24ed7361099d541a230c61454f", "1fe4d1be4744591ed9ec166a6ec42082b5f546dd7183d8642b78f5480052c696", "20205c342c9355306d21950e3a85032de8d3ac6649aab1ffe6c485ac05b4b4a7", "2025af7b32fd101deaaa976af199bb524916da9203fe6d7edeb7cfce0d41ac0b", "d19fd82490dbc53bdc604e2f6c79a7f85f7d6dd66ef6f57798f403b2bfc0d367", "dbed2dd0503e73fbac6abbcb99adf1b723b0190bbde9b1e41c72c905fd5af9f2", "f375ccb26b214c0ac705aa9ca64f819de9112572c01b83c88e12e1ef9d16b60c"], "key": "<HKLM>\\SOFTWARE\\POLICIES\\MICROSOFT\\WINDOWS DEFENDER\\REAL-TIME PROTECTION", "value_name": "DisableOnAccessProtection"}, {"hashes": ["003ba45ad5bf2c841859c43721b6bcbb4e1002d9630cc0dd1e1ea8ff2456fd56", "011a3b2df7bdd0af5098314a22b2c611ca06ddcaa43620d67d53f4933bf8b742", "04f4ed5fe2e0464f494d03003d29bfa42ca7bca411a13890419a9e023c1dc3c2", "062cebd1abc7f7adfc8e01683ef0ea34865440c37fc08c06b28fbecfc0b4bd7b", "07a221bef3d6ab41f7d234a345d1600491f08ee8e1e7a933518ba86b32033731", "088cda450c0b4bdb9c1b913a73a47a85bd01967c0c94de5bf0045a337e96bb4b", "0b2174aaa22f46766725e8551d8191ebb66ff12156f5e337438f0e9a00ec0d2a", "0e0744013438fd9feade11a2bece21edecdccaf75cb4823dcc96a8679023e19a", "0f434385e7eba23c2f0887f47b3409fe63f15961bd19787e156a43527fa2e06c", "10a708ad870990986a59f003b7c4ee81f786ef44d182be19e567bc56f7dda266", "10dc6c1faa1fe94fd3c0aefb39ef1a81d2b8b5013c5fd6518e46ff6bab08adcb", "13fe66d0f85b75af9b4c2ecf8251fa7d1800d7ce0c98210ed09414eb496369bb", "1476d9a6bdedd18b40867ee7d6d65b2fa85f2824205602dc646594852165e023", "18577a46633f206d96d4a4d06f8adbcae6fa09f4500db6c5efe820ca6ebe00bf", "187c183f7991b7527f61460bb2c8632e4a8ff83cadcccd2cb172fc09becf960b", "1ac4a65da5b8fe68fc3dd892b42e90c861566d754f78965b29428f1b387caf70", "1bbb4374528cf6ca5e75201057498b025cd86af3aadd055eeab1f8df63e060f4", "1e8784959fb81f7b1ef0bfa506e34296567683428c4c99421d99c6900a83db8a", "1f732f2aedbdf313f8d692a263e175d8d433c64177f4186ac086c8124577ccf6", "1f91f110d669e00d2f517ca2a33a19bad9e58e24ed7361099d541a230c61454f", "1fe4d1be4744591ed9ec166a6ec42082b5f546dd7183d8642b78f5480052c696", "20205c342c9355306d21950e3a85032de8d3ac6649aab1ffe6c485ac05b4b4a7", "2025af7b32fd101deaaa976af199bb524916da9203fe6d7edeb7cfce0d41ac0b", "d19fd82490dbc53bdc604e2f6c79a7f85f7d6dd66ef6f57798f403b2bfc0d367", "dbed2dd0503e73fbac6abbcb99adf1b723b0190bbde9b1e41c72c905fd5af9f2", "f375ccb26b214c0ac705aa9ca64f819de9112572c01b83c88e12e1ef9d16b60c"], "key": "<HKLM>\\SOFTWARE\\POLICIES\\MICROSOFT\\WINDOWS DEFENDER\\REAL-TIME PROTECTION", "value_name": "DisableScanOnRealtimeEnable"}, {"hashes": ["003ba45ad5bf2c841859c43721b6bcbb4e1002d9630cc0dd1e1ea8ff2456fd56", "011a3b2df7bdd0af5098314a22b2c611ca06ddcaa43620d67d53f4933bf8b742", "04f4ed5fe2e0464f494d03003d29bfa42ca7bca411a13890419a9e023c1dc3c2", "062cebd1abc7f7adfc8e01683ef0ea34865440c37fc08c06b28fbecfc0b4bd7b", "07a221bef3d6ab41f7d234a345d1600491f08ee8e1e7a933518ba86b32033731", "088cda450c0b4bdb9c1b913a73a47a85bd01967c0c94de5bf0045a337e96bb4b", "0b2174aaa22f46766725e8551d8191ebb66ff12156f5e337438f0e9a00ec0d2a", "0e0744013438fd9feade11a2bece21edecdccaf75cb4823dcc96a8679023e19a", "0f434385e7eba23c2f0887f47b3409fe63f15961bd19787e156a43527fa2e06c", "10a708ad870990986a59f003b7c4ee81f786ef44d182be19e567bc56f7dda266", "10dc6c1faa1fe94fd3c0aefb39ef1a81d2b8b5013c5fd6518e46ff6bab08adcb", "13fe66d0f85b75af9b4c2ecf8251fa7d1800d7ce0c98210ed09414eb496369bb", "1476d9a6bdedd18b40867ee7d6d65b2fa85f2824205602dc646594852165e023", "18577a46633f206d96d4a4d06f8adbcae6fa09f4500db6c5efe820ca6ebe00bf", "187c183f7991b7527f61460bb2c8632e4a8ff83cadcccd2cb172fc09becf960b", "1ac4a65da5b8fe68fc3dd892b42e90c861566d754f78965b29428f1b387caf70", "1bbb4374528cf6ca5e75201057498b025cd86af3aadd055eeab1f8df63e060f4", "1e8784959fb81f7b1ef0bfa506e34296567683428c4c99421d99c6900a83db8a", "1f732f2aedbdf313f8d692a263e175d8d433c64177f4186ac086c8124577ccf6", "1f91f110d669e00d2f517ca2a33a19bad9e58e24ed7361099d541a230c61454f", "1fe4d1be4744591ed9ec166a6ec42082b5f546dd7183d8642b78f5480052c696", "20205c342c9355306d21950e3a85032de8d3ac6649aab1ffe6c485ac05b4b4a7", "2025af7b32fd101deaaa976af199bb524916da9203fe6d7edeb7cfce0d41ac0b", "d19fd82490dbc53bdc604e2f6c79a7f85f7d6dd66ef6f57798f403b2bfc0d367", "dbed2dd0503e73fbac6abbcb99adf1b723b0190bbde9b1e41c72c905fd5af9f2", "f375ccb26b214c0ac705aa9ca64f819de9112572c01b83c88e12e1ef9d16b60c"], "key": "<HKLM>\\SOFTWARE\\POLICIES\\MICROSOFT\\WINDOWS DEFENDER\\REAL-TIME PROTECTION", "value_name": "DisableIOAVProtection"}, {"hashes": ["003ba45ad5bf2c841859c43721b6bcbb4e1002d9630cc0dd1e1ea8ff2456fd56", "011a3b2df7bdd0af5098314a22b2c611ca06ddcaa43620d67d53f4933bf8b742", "04f4ed5fe2e0464f494d03003d29bfa42ca7bca411a13890419a9e023c1dc3c2", "062cebd1abc7f7adfc8e01683ef0ea34865440c37fc08c06b28fbecfc0b4bd7b", "07a221bef3d6ab41f7d234a345d1600491f08ee8e1e7a933518ba86b32033731", "088cda450c0b4bdb9c1b913a73a47a85bd01967c0c94de5bf0045a337e96bb4b", "0b2174aaa22f46766725e8551d8191ebb66ff12156f5e337438f0e9a00ec0d2a", "0e0744013438fd9feade11a2bece21edecdccaf75cb4823dcc96a8679023e19a", "0f434385e7eba23c2f0887f47b3409fe63f15961bd19787e156a43527fa2e06c", "10a708ad870990986a59f003b7c4ee81f786ef44d182be19e567bc56f7dda266", "10dc6c1faa1fe94fd3c0aefb39ef1a81d2b8b5013c5fd6518e46ff6bab08adcb", "13fe66d0f85b75af9b4c2ecf8251fa7d1800d7ce0c98210ed09414eb496369bb", "1476d9a6bdedd18b40867ee7d6d65b2fa85f2824205602dc646594852165e023", "18577a46633f206d96d4a4d06f8adbcae6fa09f4500db6c5efe820ca6ebe00bf", "187c183f7991b7527f61460bb2c8632e4a8ff83cadcccd2cb172fc09becf960b", "1ac4a65da5b8fe68fc3dd892b42e90c861566d754f78965b29428f1b387caf70", "1bbb4374528cf6ca5e75201057498b025cd86af3aadd055eeab1f8df63e060f4", "1e8784959fb81f7b1ef0bfa506e34296567683428c4c99421d99c6900a83db8a", "1f732f2aedbdf313f8d692a263e175d8d433c64177f4186ac086c8124577ccf6", "1f91f110d669e00d2f517ca2a33a19bad9e58e24ed7361099d541a230c61454f", "1fe4d1be4744591ed9ec166a6ec42082b5f546dd7183d8642b78f5480052c696", "20205c342c9355306d21950e3a85032de8d3ac6649aab1ffe6c485ac05b4b4a7", "2025af7b32fd101deaaa976af199bb524916da9203fe6d7edeb7cfce0d41ac0b", "d19fd82490dbc53bdc604e2f6c79a7f85f7d6dd66ef6f57798f403b2bfc0d367", "dbed2dd0503e73fbac6abbcb99adf1b723b0190bbde9b1e41c72c905fd5af9f2", "f375ccb26b214c0ac705aa9ca64f819de9112572c01b83c88e12e1ef9d16b60c"], "key": "<HKLM>\\SOFTWARE\\POLICIES\\MICROSOFT\\WINDOWS DEFENDER", "value_name": null}, {"hashes": ["003ba45ad5bf2c841859c43721b6bcbb4e1002d9630cc0dd1e1ea8ff2456fd56", "011a3b2df7bdd0af5098314a22b2c611ca06ddcaa43620d67d53f4933bf8b742", "04f4ed5fe2e0464f494d03003d29bfa42ca7bca411a13890419a9e023c1dc3c2", "062cebd1abc7f7adfc8e01683ef0ea34865440c37fc08c06b28fbecfc0b4bd7b", "07a221bef3d6ab41f7d234a345d1600491f08ee8e1e7a933518ba86b32033731", "088cda450c0b4bdb9c1b913a73a47a85bd01967c0c94de5bf0045a337e96bb4b", "0b2174aaa22f46766725e8551d8191ebb66ff12156f5e337438f0e9a00ec0d2a", "0e0744013438fd9feade11a2bece21edecdccaf75cb4823dcc96a8679023e19a", "0f434385e7eba23c2f0887f47b3409fe63f15961bd19787e156a43527fa2e06c", "10a708ad870990986a59f003b7c4ee81f786ef44d182be19e567bc56f7dda266", "10dc6c1faa1fe94fd3c0aefb39ef1a81d2b8b5013c5fd6518e46ff6bab08adcb", "13fe66d0f85b75af9b4c2ecf8251fa7d1800d7ce0c98210ed09414eb496369bb", "1476d9a6bdedd18b40867ee7d6d65b2fa85f2824205602dc646594852165e023", "18577a46633f206d96d4a4d06f8adbcae6fa09f4500db6c5efe820ca6ebe00bf", "187c183f7991b7527f61460bb2c8632e4a8ff83cadcccd2cb172fc09becf960b", "1ac4a65da5b8fe68fc3dd892b42e90c861566d754f78965b29428f1b387caf70", "1bbb4374528cf6ca5e75201057498b025cd86af3aadd055eeab1f8df63e060f4", "1e8784959fb81f7b1ef0bfa506e34296567683428c4c99421d99c6900a83db8a", "1f732f2aedbdf313f8d692a263e175d8d433c64177f4186ac086c8124577ccf6", "1f91f110d669e00d2f517ca2a33a19bad9e58e24ed7361099d541a230c61454f", "1fe4d1be4744591ed9ec166a6ec42082b5f546dd7183d8642b78f5480052c696", "20205c342c9355306d21950e3a85032de8d3ac6649aab1ffe6c485ac05b4b4a7", "2025af7b32fd101deaaa976af199bb524916da9203fe6d7edeb7cfce0d41ac0b", "d19fd82490dbc53bdc604e2f6c79a7f85f7d6dd66ef6f57798f403b2bfc0d367", "dbed2dd0503e73fbac6abbcb99adf1b723b0190bbde9b1e41c72c905fd5af9f2", "f375ccb26b214c0ac705aa9ca64f819de9112572c01b83c88e12e1ef9d16b60c"], "key": "<HKLM>\\SOFTWARE\\POLICIES\\MICROSOFT\\WINDOWS DEFENDER\\REAL-TIME PROTECTION", "value_name": null}, {"hashes": ["003ba45ad5bf2c841859c43721b6bcbb4e1002d9630cc0dd1e1ea8ff2456fd56", "011a3b2df7bdd0af5098314a22b2c611ca06ddcaa43620d67d53f4933bf8b742", "04f4ed5fe2e0464f494d03003d29bfa42ca7bca411a13890419a9e023c1dc3c2", "062cebd1abc7f7adfc8e01683ef0ea34865440c37fc08c06b28fbecfc0b4bd7b", "07a221bef3d6ab41f7d234a345d1600491f08ee8e1e7a933518ba86b32033731", "088cda450c0b4bdb9c1b913a73a47a85bd01967c0c94de5bf0045a337e96bb4b", "0b2174aaa22f46766725e8551d8191ebb66ff12156f5e337438f0e9a00ec0d2a", "0e0744013438fd9feade11a2bece21edecdccaf75cb4823dcc96a8679023e19a", "0f434385e7eba23c2f0887f47b3409fe63f15961bd19787e156a43527fa2e06c", "10a708ad870990986a59f003b7c4ee81f786ef44d182be19e567bc56f7dda266", "10dc6c1faa1fe94fd3c0aefb39ef1a81d2b8b5013c5fd6518e46ff6bab08adcb", "13fe66d0f85b75af9b4c2ecf8251fa7d1800d7ce0c98210ed09414eb496369bb", "1476d9a6bdedd18b40867ee7d6d65b2fa85f2824205602dc646594852165e023", "18577a46633f206d96d4a4d06f8adbcae6fa09f4500db6c5efe820ca6ebe00bf", "187c183f7991b7527f61460bb2c8632e4a8ff83cadcccd2cb172fc09becf960b", "1ac4a65da5b8fe68fc3dd892b42e90c861566d754f78965b29428f1b387caf70", "1bbb4374528cf6ca5e75201057498b025cd86af3aadd055eeab1f8df63e060f4", "1e8784959fb81f7b1ef0bfa506e34296567683428c4c99421d99c6900a83db8a", "1f732f2aedbdf313f8d692a263e175d8d433c64177f4186ac086c8124577ccf6", "1f91f110d669e00d2f517ca2a33a19bad9e58e24ed7361099d541a230c61454f", "1fe4d1be4744591ed9ec166a6ec42082b5f546dd7183d8642b78f5480052c696", "20205c342c9355306d21950e3a85032de8d3ac6649aab1ffe6c485ac05b4b4a7", "2025af7b32fd101deaaa976af199bb524916da9203fe6d7edeb7cfce0d41ac0b", "d19fd82490dbc53bdc604e2f6c79a7f85f7d6dd66ef6f57798f403b2bfc0d367", "dbed2dd0503e73fbac6abbcb99adf1b723b0190bbde9b1e41c72c905fd5af9f2", "f375ccb26b214c0ac705aa9ca64f819de9112572c01b83c88e12e1ef9d16b60c"], "key": "<HKLM>\\SOFTWARE\\POLICIES\\MICROSOFT\\WINDOWS\\WINDOWSUPDATE", "value_name": null}, {"hashes": ["003ba45ad5bf2c841859c43721b6bcbb4e1002d9630cc0dd1e1ea8ff2456fd56", "011a3b2df7bdd0af5098314a22b2c611ca06ddcaa43620d67d53f4933bf8b742", "04f4ed5fe2e0464f494d03003d29bfa42ca7bca411a13890419a9e023c1dc3c2", "062cebd1abc7f7adfc8e01683ef0ea34865440c37fc08c06b28fbecfc0b4bd7b", "07a221bef3d6ab41f7d234a345d1600491f08ee8e1e7a933518ba86b32033731", "088cda450c0b4bdb9c1b913a73a47a85bd01967c0c94de5bf0045a337e96bb4b", "0b2174aaa22f46766725e8551d8191ebb66ff12156f5e337438f0e9a00ec0d2a", "0e0744013438fd9feade11a2bece21edecdccaf75cb4823dcc96a8679023e19a", "0f434385e7eba23c2f0887f47b3409fe63f15961bd19787e156a43527fa2e06c", "10a708ad870990986a59f003b7c4ee81f786ef44d182be19e567bc56f7dda266", "10dc6c1faa1fe94fd3c0aefb39ef1a81d2b8b5013c5fd6518e46ff6bab08adcb", "13fe66d0f85b75af9b4c2ecf8251fa7d1800d7ce0c98210ed09414eb496369bb", "1476d9a6bdedd18b40867ee7d6d65b2fa85f2824205602dc646594852165e023", "18577a46633f206d96d4a4d06f8adbcae6fa09f4500db6c5efe820ca6ebe00bf", "187c183f7991b7527f61460bb2c8632e4a8ff83cadcccd2cb172fc09becf960b", "1ac4a65da5b8fe68fc3dd892b42e90c861566d754f78965b29428f1b387caf70", "1bbb4374528cf6ca5e75201057498b025cd86af3aadd055eeab1f8df63e060f4", "1e8784959fb81f7b1ef0bfa506e34296567683428c4c99421d99c6900a83db8a", "1f732f2aedbdf313f8d692a263e175d8d433c64177f4186ac086c8124577ccf6", "1f91f110d669e00d2f517ca2a33a19bad9e58e24ed7361099d541a230c61454f", "1fe4d1be4744591ed9ec166a6ec42082b5f546dd7183d8642b78f5480052c696", "20205c342c9355306d21950e3a85032de8d3ac6649aab1ffe6c485ac05b4b4a7", "2025af7b32fd101deaaa976af199bb524916da9203fe6d7edeb7cfce0d41ac0b", "d19fd82490dbc53bdc604e2f6c79a7f85f7d6dd66ef6f57798f403b2bfc0d367", "dbed2dd0503e73fbac6abbcb99adf1b723b0190bbde9b1e41c72c905fd5af9f2", "f375ccb26b214c0ac705aa9ca64f819de9112572c01b83c88e12e1ef9d16b60c"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS DEFENDER\\FEATURES", "value_name": null}, {"hashes": ["003ba45ad5bf2c841859c43721b6bcbb4e1002d9630cc0dd1e1ea8ff2456fd56", "011a3b2df7bdd0af5098314a22b2c611ca06ddcaa43620d67d53f4933bf8b742", "04f4ed5fe2e0464f494d03003d29bfa42ca7bca411a13890419a9e023c1dc3c2", "062cebd1abc7f7adfc8e01683ef0ea34865440c37fc08c06b28fbecfc0b4bd7b", "07a221bef3d6ab41f7d234a345d1600491f08ee8e1e7a933518ba86b32033731", "088cda450c0b4bdb9c1b913a73a47a85bd01967c0c94de5bf0045a337e96bb4b", "0b2174aaa22f46766725e8551d8191ebb66ff12156f5e337438f0e9a00ec0d2a", "0e0744013438fd9feade11a2bece21edecdccaf75cb4823dcc96a8679023e19a", "0f434385e7eba23c2f0887f47b3409fe63f15961bd19787e156a43527fa2e06c", "10a708ad870990986a59f003b7c4ee81f786ef44d182be19e567bc56f7dda266", "10dc6c1faa1fe94fd3c0aefb39ef1a81d2b8b5013c5fd6518e46ff6bab08adcb", "13fe66d0f85b75af9b4c2ecf8251fa7d1800d7ce0c98210ed09414eb496369bb", "1476d9a6bdedd18b40867ee7d6d65b2fa85f2824205602dc646594852165e023", "18577a46633f206d96d4a4d06f8adbcae6fa09f4500db6c5efe820ca6ebe00bf", "187c183f7991b7527f61460bb2c8632e4a8ff83cadcccd2cb172fc09becf960b", "1ac4a65da5b8fe68fc3dd892b42e90c861566d754f78965b29428f1b387caf70", "1bbb4374528cf6ca5e75201057498b025cd86af3aadd055eeab1f8df63e060f4", "1e8784959fb81f7b1ef0bfa506e34296567683428c4c99421d99c6900a83db8a", "1f732f2aedbdf313f8d692a263e175d8d433c64177f4186ac086c8124577ccf6", "1f91f110d669e00d2f517ca2a33a19bad9e58e24ed7361099d541a230c61454f", "1fe4d1be4744591ed9ec166a6ec42082b5f546dd7183d8642b78f5480052c696", "20205c342c9355306d21950e3a85032de8d3ac6649aab1ffe6c485ac05b4b4a7", "2025af7b32fd101deaaa976af199bb524916da9203fe6d7edeb7cfce0d41ac0b", "d19fd82490dbc53bdc604e2f6c79a7f85f7d6dd66ef6f57798f403b2bfc0d367", "dbed2dd0503e73fbac6abbcb99adf1b723b0190bbde9b1e41c72c905fd5af9f2", "f375ccb26b214c0ac705aa9ca64f819de9112572c01b83c88e12e1ef9d16b60c"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS DEFENDER\\FEATURES", "value_name": "TamperProtection"}, {"hashes": ["003ba45ad5bf2c841859c43721b6bcbb4e1002d9630cc0dd1e1ea8ff2456fd56", "011a3b2df7bdd0af5098314a22b2c611ca06ddcaa43620d67d53f4933bf8b742", "04f4ed5fe2e0464f494d03003d29bfa42ca7bca411a13890419a9e023c1dc3c2", "062cebd1abc7f7adfc8e01683ef0ea34865440c37fc08c06b28fbecfc0b4bd7b", "07a221bef3d6ab41f7d234a345d1600491f08ee8e1e7a933518ba86b32033731", "088cda450c0b4bdb9c1b913a73a47a85bd01967c0c94de5bf0045a337e96bb4b", "0b2174aaa22f46766725e8551d8191ebb66ff12156f5e337438f0e9a00ec0d2a", "0e0744013438fd9feade11a2bece21edecdccaf75cb4823dcc96a8679023e19a", "0f434385e7eba23c2f0887f47b3409fe63f15961bd19787e156a43527fa2e06c", "10a708ad870990986a59f003b7c4ee81f786ef44d182be19e567bc56f7dda266", "10dc6c1faa1fe94fd3c0aefb39ef1a81d2b8b5013c5fd6518e46ff6bab08adcb", "13fe66d0f85b75af9b4c2ecf8251fa7d1800d7ce0c98210ed09414eb496369bb", "1476d9a6bdedd18b40867ee7d6d65b2fa85f2824205602dc646594852165e023", "18577a46633f206d96d4a4d06f8adbcae6fa09f4500db6c5efe820ca6ebe00bf", "187c183f7991b7527f61460bb2c8632e4a8ff83cadcccd2cb172fc09becf960b", "1ac4a65da5b8fe68fc3dd892b42e90c861566d754f78965b29428f1b387caf70", "1bbb4374528cf6ca5e75201057498b025cd86af3aadd055eeab1f8df63e060f4", "1e8784959fb81f7b1ef0bfa506e34296567683428c4c99421d99c6900a83db8a", "1f732f2aedbdf313f8d692a263e175d8d433c64177f4186ac086c8124577ccf6", "1f91f110d669e00d2f517ca2a33a19bad9e58e24ed7361099d541a230c61454f", "1fe4d1be4744591ed9ec166a6ec42082b5f546dd7183d8642b78f5480052c696", "20205c342c9355306d21950e3a85032de8d3ac6649aab1ffe6c485ac05b4b4a7", "2025af7b32fd101deaaa976af199bb524916da9203fe6d7edeb7cfce0d41ac0b", "d19fd82490dbc53bdc604e2f6c79a7f85f7d6dd66ef6f57798f403b2bfc0d367", "dbed2dd0503e73fbac6abbcb99adf1b723b0190bbde9b1e41c72c905fd5af9f2", "f375ccb26b214c0ac705aa9ca64f819de9112572c01b83c88e12e1ef9d16b60c"], "key": "<HKLM>\\SOFTWARE\\POLICIES\\MICROSOFT\\WINDOWS DEFENDER\\REAL-TIME PROTECTION", "value_name": "DisableRealtimeMonitoring"}, {"hashes": ["003ba45ad5bf2c841859c43721b6bcbb4e1002d9630cc0dd1e1ea8ff2456fd56", "011a3b2df7bdd0af5098314a22b2c611ca06ddcaa43620d67d53f4933bf8b742", "04f4ed5fe2e0464f494d03003d29bfa42ca7bca411a13890419a9e023c1dc3c2", "062cebd1abc7f7adfc8e01683ef0ea34865440c37fc08c06b28fbecfc0b4bd7b", "07a221bef3d6ab41f7d234a345d1600491f08ee8e1e7a933518ba86b32033731", "088cda450c0b4bdb9c1b913a73a47a85bd01967c0c94de5bf0045a337e96bb4b", "0b2174aaa22f46766725e8551d8191ebb66ff12156f5e337438f0e9a00ec0d2a", "0e0744013438fd9feade11a2bece21edecdccaf75cb4823dcc96a8679023e19a", "0f434385e7eba23c2f0887f47b3409fe63f15961bd19787e156a43527fa2e06c", "10a708ad870990986a59f003b7c4ee81f786ef44d182be19e567bc56f7dda266", "10dc6c1faa1fe94fd3c0aefb39ef1a81d2b8b5013c5fd6518e46ff6bab08adcb", "13fe66d0f85b75af9b4c2ecf8251fa7d1800d7ce0c98210ed09414eb496369bb", "1476d9a6bdedd18b40867ee7d6d65b2fa85f2824205602dc646594852165e023", "18577a46633f206d96d4a4d06f8adbcae6fa09f4500db6c5efe820ca6ebe00bf", "187c183f7991b7527f61460bb2c8632e4a8ff83cadcccd2cb172fc09becf960b", "1ac4a65da5b8fe68fc3dd892b42e90c861566d754f78965b29428f1b387caf70", "1bbb4374528cf6ca5e75201057498b025cd86af3aadd055eeab1f8df63e060f4", "1e8784959fb81f7b1ef0bfa506e34296567683428c4c99421d99c6900a83db8a", "1f732f2aedbdf313f8d692a263e175d8d433c64177f4186ac086c8124577ccf6", "1f91f110d669e00d2f517ca2a33a19bad9e58e24ed7361099d541a230c61454f", "1fe4d1be4744591ed9ec166a6ec42082b5f546dd7183d8642b78f5480052c696", "20205c342c9355306d21950e3a85032de8d3ac6649aab1ffe6c485ac05b4b4a7", "2025af7b32fd101deaaa976af199bb524916da9203fe6d7edeb7cfce0d41ac0b", "d19fd82490dbc53bdc604e2f6c79a7f85f7d6dd66ef6f57798f403b2bfc0d367", "dbed2dd0503e73fbac6abbcb99adf1b723b0190bbde9b1e41c72c905fd5af9f2", "f375ccb26b214c0ac705aa9ca64f819de9112572c01b83c88e12e1ef9d16b60c"], "key": "<HKLM>\\SOFTWARE\\POLICIES\\MICROSOFT\\WINDOWS DEFENDER SECURITY CENTER", "value_name": null}, {"hashes": ["003ba45ad5bf2c841859c43721b6bcbb4e1002d9630cc0dd1e1ea8ff2456fd56", "011a3b2df7bdd0af5098314a22b2c611ca06ddcaa43620d67d53f4933bf8b742", "04f4ed5fe2e0464f494d03003d29bfa42ca7bca411a13890419a9e023c1dc3c2", "062cebd1abc7f7adfc8e01683ef0ea34865440c37fc08c06b28fbecfc0b4bd7b", "07a221bef3d6ab41f7d234a345d1600491f08ee8e1e7a933518ba86b32033731", "088cda450c0b4bdb9c1b913a73a47a85bd01967c0c94de5bf0045a337e96bb4b", "0b2174aaa22f46766725e8551d8191ebb66ff12156f5e337438f0e9a00ec0d2a", "0e0744013438fd9feade11a2bece21edecdccaf75cb4823dcc96a8679023e19a", "0f434385e7eba23c2f0887f47b3409fe63f15961bd19787e156a43527fa2e06c", "10a708ad870990986a59f003b7c4ee81f786ef44d182be19e567bc56f7dda266", "10dc6c1faa1fe94fd3c0aefb39ef1a81d2b8b5013c5fd6518e46ff6bab08adcb", "13fe66d0f85b75af9b4c2ecf8251fa7d1800d7ce0c98210ed09414eb496369bb", "1476d9a6bdedd18b40867ee7d6d65b2fa85f2824205602dc646594852165e023", "18577a46633f206d96d4a4d06f8adbcae6fa09f4500db6c5efe820ca6ebe00bf", "187c183f7991b7527f61460bb2c8632e4a8ff83cadcccd2cb172fc09becf960b", "1ac4a65da5b8fe68fc3dd892b42e90c861566d754f78965b29428f1b387caf70", "1bbb4374528cf6ca5e75201057498b025cd86af3aadd055eeab1f8df63e060f4", "1e8784959fb81f7b1ef0bfa506e34296567683428c4c99421d99c6900a83db8a", "1f732f2aedbdf313f8d692a263e175d8d433c64177f4186ac086c8124577ccf6", "1f91f110d669e00d2f517ca2a33a19bad9e58e24ed7361099d541a230c61454f", "1fe4d1be4744591ed9ec166a6ec42082b5f546dd7183d8642b78f5480052c696", "20205c342c9355306d21950e3a85032de8d3ac6649aab1ffe6c485ac05b4b4a7", "2025af7b32fd101deaaa976af199bb524916da9203fe6d7edeb7cfce0d41ac0b", "d19fd82490dbc53bdc604e2f6c79a7f85f7d6dd66ef6f57798f403b2bfc0d367", "dbed2dd0503e73fbac6abbcb99adf1b723b0190bbde9b1e41c72c905fd5af9f2", "f375ccb26b214c0ac705aa9ca64f819de9112572c01b83c88e12e1ef9d16b60c"], "key": "<HKLM>\\SOFTWARE\\POLICIES\\MICROSOFT\\WINDOWS\\WINDOWSUPDATE\\AU", "value_name": "AUOptions"}, {"hashes": ["003ba45ad5bf2c841859c43721b6bcbb4e1002d9630cc0dd1e1ea8ff2456fd56", "011a3b2df7bdd0af5098314a22b2c611ca06ddcaa43620d67d53f4933bf8b742", "04f4ed5fe2e0464f494d03003d29bfa42ca7bca411a13890419a9e023c1dc3c2", "062cebd1abc7f7adfc8e01683ef0ea34865440c37fc08c06b28fbecfc0b4bd7b", "07a221bef3d6ab41f7d234a345d1600491f08ee8e1e7a933518ba86b32033731", "088cda450c0b4bdb9c1b913a73a47a85bd01967c0c94de5bf0045a337e96bb4b", "0b2174aaa22f46766725e8551d8191ebb66ff12156f5e337438f0e9a00ec0d2a", "0e0744013438fd9feade11a2bece21edecdccaf75cb4823dcc96a8679023e19a", "0f434385e7eba23c2f0887f47b3409fe63f15961bd19787e156a43527fa2e06c", "10a708ad870990986a59f003b7c4ee81f786ef44d182be19e567bc56f7dda266", "10dc6c1faa1fe94fd3c0aefb39ef1a81d2b8b5013c5fd6518e46ff6bab08adcb", "13fe66d0f85b75af9b4c2ecf8251fa7d1800d7ce0c98210ed09414eb496369bb", "1476d9a6bdedd18b40867ee7d6d65b2fa85f2824205602dc646594852165e023", "18577a46633f206d96d4a4d06f8adbcae6fa09f4500db6c5efe820ca6ebe00bf", "187c183f7991b7527f61460bb2c8632e4a8ff83cadcccd2cb172fc09becf960b", "1ac4a65da5b8fe68fc3dd892b42e90c861566d754f78965b29428f1b387caf70", "1bbb4374528cf6ca5e75201057498b025cd86af3aadd055eeab1f8df63e060f4", "1e8784959fb81f7b1ef0bfa506e34296567683428c4c99421d99c6900a83db8a", "1f732f2aedbdf313f8d692a263e175d8d433c64177f4186ac086c8124577ccf6", "1f91f110d669e00d2f517ca2a33a19bad9e58e24ed7361099d541a230c61454f", "1fe4d1be4744591ed9ec166a6ec42082b5f546dd7183d8642b78f5480052c696", "20205c342c9355306d21950e3a85032de8d3ac6649aab1ffe6c485ac05b4b4a7", "2025af7b32fd101deaaa976af199bb524916da9203fe6d7edeb7cfce0d41ac0b", "d19fd82490dbc53bdc604e2f6c79a7f85f7d6dd66ef6f57798f403b2bfc0d367", "dbed2dd0503e73fbac6abbcb99adf1b723b0190bbde9b1e41c72c905fd5af9f2", "f375ccb26b214c0ac705aa9ca64f819de9112572c01b83c88e12e1ef9d16b60c"], "key": "<HKLM>\\SOFTWARE\\POLICIES\\MICROSOFT\\WINDOWS\\WINDOWSUPDATE\\AU", "value_name": "AutoInstallMinorUpdates"}, {"hashes": ["003ba45ad5bf2c841859c43721b6bcbb4e1002d9630cc0dd1e1ea8ff2456fd56", "011a3b2df7bdd0af5098314a22b2c611ca06ddcaa43620d67d53f4933bf8b742", "04f4ed5fe2e0464f494d03003d29bfa42ca7bca411a13890419a9e023c1dc3c2", "062cebd1abc7f7adfc8e01683ef0ea34865440c37fc08c06b28fbecfc0b4bd7b", "07a221bef3d6ab41f7d234a345d1600491f08ee8e1e7a933518ba86b32033731", "088cda450c0b4bdb9c1b913a73a47a85bd01967c0c94de5bf0045a337e96bb4b", "0b2174aaa22f46766725e8551d8191ebb66ff12156f5e337438f0e9a00ec0d2a", "0e0744013438fd9feade11a2bece21edecdccaf75cb4823dcc96a8679023e19a", "0f434385e7eba23c2f0887f47b3409fe63f15961bd19787e156a43527fa2e06c", "10a708ad870990986a59f003b7c4ee81f786ef44d182be19e567bc56f7dda266", "10dc6c1faa1fe94fd3c0aefb39ef1a81d2b8b5013c5fd6518e46ff6bab08adcb", "13fe66d0f85b75af9b4c2ecf8251fa7d1800d7ce0c98210ed09414eb496369bb", "1476d9a6bdedd18b40867ee7d6d65b2fa85f2824205602dc646594852165e023", "18577a46633f206d96d4a4d06f8adbcae6fa09f4500db6c5efe820ca6ebe00bf", "187c183f7991b7527f61460bb2c8632e4a8ff83cadcccd2cb172fc09becf960b", "1ac4a65da5b8fe68fc3dd892b42e90c861566d754f78965b29428f1b387caf70", "1bbb4374528cf6ca5e75201057498b025cd86af3aadd055eeab1f8df63e060f4", "1e8784959fb81f7b1ef0bfa506e34296567683428c4c99421d99c6900a83db8a", "1f732f2aedbdf313f8d692a263e175d8d433c64177f4186ac086c8124577ccf6", "1f91f110d669e00d2f517ca2a33a19bad9e58e24ed7361099d541a230c61454f", "1fe4d1be4744591ed9ec166a6ec42082b5f546dd7183d8642b78f5480052c696", "20205c342c9355306d21950e3a85032de8d3ac6649aab1ffe6c485ac05b4b4a7", "2025af7b32fd101deaaa976af199bb524916da9203fe6d7edeb7cfce0d41ac0b", "d19fd82490dbc53bdc604e2f6c79a7f85f7d6dd66ef6f57798f403b2bfc0d367", "dbed2dd0503e73fbac6abbcb99adf1b723b0190bbde9b1e41c72c905fd5af9f2", "f375ccb26b214c0ac705aa9ca64f819de9112572c01b83c88e12e1ef9d16b60c"], "key": "<HKLM>\\SOFTWARE\\POLICIES\\MICROSOFT\\WINDOWS DEFENDER SECURITY CENTER\\NOTIFICATIONS", "value_name": null}, {"hashes": ["003ba45ad5bf2c841859c43721b6bcbb4e1002d9630cc0dd1e1ea8ff2456fd56", "011a3b2df7bdd0af5098314a22b2c611ca06ddcaa43620d67d53f4933bf8b742", "04f4ed5fe2e0464f494d03003d29bfa42ca7bca411a13890419a9e023c1dc3c2", "062cebd1abc7f7adfc8e01683ef0ea34865440c37fc08c06b28fbecfc0b4bd7b", "07a221bef3d6ab41f7d234a345d1600491f08ee8e1e7a933518ba86b32033731", "088cda450c0b4bdb9c1b913a73a47a85bd01967c0c94de5bf0045a337e96bb4b", "0b2174aaa22f46766725e8551d8191ebb66ff12156f5e337438f0e9a00ec0d2a", "0e0744013438fd9feade11a2bece21edecdccaf75cb4823dcc96a8679023e19a", "0f434385e7eba23c2f0887f47b3409fe63f15961bd19787e156a43527fa2e06c", "10a708ad870990986a59f003b7c4ee81f786ef44d182be19e567bc56f7dda266", "10dc6c1faa1fe94fd3c0aefb39ef1a81d2b8b5013c5fd6518e46ff6bab08adcb", "13fe66d0f85b75af9b4c2ecf8251fa7d1800d7ce0c98210ed09414eb496369bb", "1476d9a6bdedd18b40867ee7d6d65b2fa85f2824205602dc646594852165e023", "18577a46633f206d96d4a4d06f8adbcae6fa09f4500db6c5efe820ca6ebe00bf", "187c183f7991b7527f61460bb2c8632e4a8ff83cadcccd2cb172fc09becf960b", "1ac4a65da5b8fe68fc3dd892b42e90c861566d754f78965b29428f1b387caf70", "1bbb4374528cf6ca5e75201057498b025cd86af3aadd055eeab1f8df63e060f4", "1e8784959fb81f7b1ef0bfa506e34296567683428c4c99421d99c6900a83db8a", "1f732f2aedbdf313f8d692a263e175d8d433c64177f4186ac086c8124577ccf6", "1f91f110d669e00d2f517ca2a33a19bad9e58e24ed7361099d541a230c61454f", "1fe4d1be4744591ed9ec166a6ec42082b5f546dd7183d8642b78f5480052c696", "20205c342c9355306d21950e3a85032de8d3ac6649aab1ffe6c485ac05b4b4a7", "2025af7b32fd101deaaa976af199bb524916da9203fe6d7edeb7cfce0d41ac0b", "d19fd82490dbc53bdc604e2f6c79a7f85f7d6dd66ef6f57798f403b2bfc0d367", "dbed2dd0503e73fbac6abbcb99adf1b723b0190bbde9b1e41c72c905fd5af9f2", "f375ccb26b214c0ac705aa9ca64f819de9112572c01b83c88e12e1ef9d16b60c"], "key": "<HKLM>\\SOFTWARE\\POLICIES\\MICROSOFT\\WINDOWS DEFENDER SECURITY CENTER\\NOTIFICATIONS", "value_name": "DisableNotifications"}, {"hashes": ["003ba45ad5bf2c841859c43721b6bcbb4e1002d9630cc0dd1e1ea8ff2456fd56", "011a3b2df7bdd0af5098314a22b2c611ca06ddcaa43620d67d53f4933bf8b742", "04f4ed5fe2e0464f494d03003d29bfa42ca7bca411a13890419a9e023c1dc3c2", "062cebd1abc7f7adfc8e01683ef0ea34865440c37fc08c06b28fbecfc0b4bd7b", "07a221bef3d6ab41f7d234a345d1600491f08ee8e1e7a933518ba86b32033731", "088cda450c0b4bdb9c1b913a73a47a85bd01967c0c94de5bf0045a337e96bb4b", "0b2174aaa22f46766725e8551d8191ebb66ff12156f5e337438f0e9a00ec0d2a", "0e0744013438fd9feade11a2bece21edecdccaf75cb4823dcc96a8679023e19a", "0f434385e7eba23c2f0887f47b3409fe63f15961bd19787e156a43527fa2e06c", "10a708ad870990986a59f003b7c4ee81f786ef44d182be19e567bc56f7dda266", "10dc6c1faa1fe94fd3c0aefb39ef1a81d2b8b5013c5fd6518e46ff6bab08adcb", "13fe66d0f85b75af9b4c2ecf8251fa7d1800d7ce0c98210ed09414eb496369bb", "1476d9a6bdedd18b40867ee7d6d65b2fa85f2824205602dc646594852165e023", "18577a46633f206d96d4a4d06f8adbcae6fa09f4500db6c5efe820ca6ebe00bf", "187c183f7991b7527f61460bb2c8632e4a8ff83cadcccd2cb172fc09becf960b", "1ac4a65da5b8fe68fc3dd892b42e90c861566d754f78965b29428f1b387caf70", "1bbb4374528cf6ca5e75201057498b025cd86af3aadd055eeab1f8df63e060f4", "1e8784959fb81f7b1ef0bfa506e34296567683428c4c99421d99c6900a83db8a", "1f732f2aedbdf313f8d692a263e175d8d433c64177f4186ac086c8124577ccf6", "1f91f110d669e00d2f517ca2a33a19bad9e58e24ed7361099d541a230c61454f", "1fe4d1be4744591ed9ec166a6ec42082b5f546dd7183d8642b78f5480052c696", "20205c342c9355306d21950e3a85032de8d3ac6649aab1ffe6c485ac05b4b4a7", "2025af7b32fd101deaaa976af199bb524916da9203fe6d7edeb7cfce0d41ac0b", "d19fd82490dbc53bdc604e2f6c79a7f85f7d6dd66ef6f57798f403b2bfc0d367", "dbed2dd0503e73fbac6abbcb99adf1b723b0190bbde9b1e41c72c905fd5af9f2", "f375ccb26b214c0ac705aa9ca64f819de9112572c01b83c88e12e1ef9d16b60c"], "key": "<HKLM>\\SOFTWARE\\POLICIES\\MICROSOFT\\WINDOWS\\WINDOWSUPDATE\\AU", "value_name": "UseWUServer"}, {"hashes": ["003ba45ad5bf2c841859c43721b6bcbb4e1002d9630cc0dd1e1ea8ff2456fd56", "011a3b2df7bdd0af5098314a22b2c611ca06ddcaa43620d67d53f4933bf8b742", "04f4ed5fe2e0464f494d03003d29bfa42ca7bca411a13890419a9e023c1dc3c2", "062cebd1abc7f7adfc8e01683ef0ea34865440c37fc08c06b28fbecfc0b4bd7b", "07a221bef3d6ab41f7d234a345d1600491f08ee8e1e7a933518ba86b32033731", "088cda450c0b4bdb9c1b913a73a47a85bd01967c0c94de5bf0045a337e96bb4b", "0b2174aaa22f46766725e8551d8191ebb66ff12156f5e337438f0e9a00ec0d2a", "0e0744013438fd9feade11a2bece21edecdccaf75cb4823dcc96a8679023e19a", "0f434385e7eba23c2f0887f47b3409fe63f15961bd19787e156a43527fa2e06c", "10a708ad870990986a59f003b7c4ee81f786ef44d182be19e567bc56f7dda266", "10dc6c1faa1fe94fd3c0aefb39ef1a81d2b8b5013c5fd6518e46ff6bab08adcb", "13fe66d0f85b75af9b4c2ecf8251fa7d1800d7ce0c98210ed09414eb496369bb", "1476d9a6bdedd18b40867ee7d6d65b2fa85f2824205602dc646594852165e023", "18577a46633f206d96d4a4d06f8adbcae6fa09f4500db6c5efe820ca6ebe00bf", "187c183f7991b7527f61460bb2c8632e4a8ff83cadcccd2cb172fc09becf960b", "1ac4a65da5b8fe68fc3dd892b42e90c861566d754f78965b29428f1b387caf70", "1bbb4374528cf6ca5e75201057498b025cd86af3aadd055eeab1f8df63e060f4", "1e8784959fb81f7b1ef0bfa506e34296567683428c4c99421d99c6900a83db8a", "1f732f2aedbdf313f8d692a263e175d8d433c64177f4186ac086c8124577ccf6", "1f91f110d669e00d2f517ca2a33a19bad9e58e24ed7361099d541a230c61454f", "1fe4d1be4744591ed9ec166a6ec42082b5f546dd7183d8642b78f5480052c696", "20205c342c9355306d21950e3a85032de8d3ac6649aab1ffe6c485ac05b4b4a7", "2025af7b32fd101deaaa976af199bb524916da9203fe6d7edeb7cfce0d41ac0b", "d19fd82490dbc53bdc604e2f6c79a7f85f7d6dd66ef6f57798f403b2bfc0d367", "dbed2dd0503e73fbac6abbcb99adf1b723b0190bbde9b1e41c72c905fd5af9f2", "f375ccb26b214c0ac705aa9ca64f819de9112572c01b83c88e12e1ef9d16b60c"], "key": "<HKLM>\\SOFTWARE\\POLICIES\\MICROSOFT\\WINDOWS\\WINDOWSUPDATE", "value_name": "DoNotConnectToWindowsUpdateInternetLocations"}]}, "reports_count": 38}, "Win.Dropper.Nanocore-9995112-1": {"bis": [{"bi": "antivirus-flagged-artifact", "hashes": ["79c3bc8be1465c3a72ff719eef3c4435e71fc05b7dfbd62c312199c3245321eb", "4d55b18caa7ee41188782449112c0719a1ca4947369d085c574d9f0a6cbc0cb7", "c72cfbc5eceeab714b402f122959646387520e280fe45366eea5c18b19af0cbb", "ff56012a53c1f9ff4b861e694dcb05605a4c4f23aff1a4a2efe5c0fbb83d9f10", "9fd490f05a7cab1c35bc5d911d1dd7eab653ec040f4b5e0fecfa903acd02fa30", "811691edb836d119ba756746fb52c00bf86116cc03279659e29bbd2226ed6d47", "81862d48d9e761d5fef1cc33a64a9bd3f87b9ba7df5caa40c82facef881b6179", "a41a0da8626e4a2a6cf1f8e281b35ee5a8d098a80b3579018444768f51af7a91", "0d36017cc6ac2ccd7b332ef4efc2c3a7c039c594caab75eff13999fbb27b5980", "1b7ccd74712bddd6ae3cea21cabe65d7dad02d39a798034b04fded11b6f4107c"], "mitre_attack_tags": []}, {"bi": "pe-encrypted-section", "hashes": ["79c3bc8be1465c3a72ff719eef3c4435e71fc05b7dfbd62c312199c3245321eb", "4d55b18caa7ee41188782449112c0719a1ca4947369d085c574d9f0a6cbc0cb7", "c72cfbc5eceeab714b402f122959646387520e280fe45366eea5c18b19af0cbb", "ff56012a53c1f9ff4b861e694dcb05605a4c4f23aff1a4a2efe5c0fbb83d9f10", "9fd490f05a7cab1c35bc5d911d1dd7eab653ec040f4b5e0fecfa903acd02fa30", "811691edb836d119ba756746fb52c00bf86116cc03279659e29bbd2226ed6d47", "81862d48d9e761d5fef1cc33a64a9bd3f87b9ba7df5caa40c82facef881b6179", "a41a0da8626e4a2a6cf1f8e281b35ee5a8d098a80b3579018444768f51af7a91", "0d36017cc6ac2ccd7b332ef4efc2c3a7c039c594caab75eff13999fbb27b5980", "1b7ccd74712bddd6ae3cea21cabe65d7dad02d39a798034b04fded11b6f4107c"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "memory-execute-readwrite", "hashes": ["79c3bc8be1465c3a72ff719eef3c4435e71fc05b7dfbd62c312199c3245321eb", "4d55b18caa7ee41188782449112c0719a1ca4947369d085c574d9f0a6cbc0cb7", "c72cfbc5eceeab714b402f122959646387520e280fe45366eea5c18b19af0cbb", "ff56012a53c1f9ff4b861e694dcb05605a4c4f23aff1a4a2efe5c0fbb83d9f10", "9fd490f05a7cab1c35bc5d911d1dd7eab653ec040f4b5e0fecfa903acd02fa30", "811691edb836d119ba756746fb52c00bf86116cc03279659e29bbd2226ed6d47", "81862d48d9e761d5fef1cc33a64a9bd3f87b9ba7df5caa40c82facef881b6179", "a41a0da8626e4a2a6cf1f8e281b35ee5a8d098a80b3579018444768f51af7a91", "0d36017cc6ac2ccd7b332ef4efc2c3a7c039c594caab75eff13999fbb27b5980", "1b7ccd74712bddd6ae3cea21cabe65d7dad02d39a798034b04fded11b6f4107c"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "modified-executable", "hashes": ["79c3bc8be1465c3a72ff719eef3c4435e71fc05b7dfbd62c312199c3245321eb", "4d55b18caa7ee41188782449112c0719a1ca4947369d085c574d9f0a6cbc0cb7", "c72cfbc5eceeab714b402f122959646387520e280fe45366eea5c18b19af0cbb", "ff56012a53c1f9ff4b861e694dcb05605a4c4f23aff1a4a2efe5c0fbb83d9f10", "9fd490f05a7cab1c35bc5d911d1dd7eab653ec040f4b5e0fecfa903acd02fa30", "811691edb836d119ba756746fb52c00bf86116cc03279659e29bbd2226ed6d47", "81862d48d9e761d5fef1cc33a64a9bd3f87b9ba7df5caa40c82facef881b6179", "a41a0da8626e4a2a6cf1f8e281b35ee5a8d098a80b3579018444768f51af7a91", "0d36017cc6ac2ccd7b332ef4efc2c3a7c039c594caab75eff13999fbb27b5980", "1b7ccd74712bddd6ae3cea21cabe65d7dad02d39a798034b04fded11b6f4107c"], "mitre_attack_tags": []}, {"bi": "created-executable-in-user-dir", "hashes": ["79c3bc8be1465c3a72ff719eef3c4435e71fc05b7dfbd62c312199c3245321eb", "4d55b18caa7ee41188782449112c0719a1ca4947369d085c574d9f0a6cbc0cb7", "c72cfbc5eceeab714b402f122959646387520e280fe45366eea5c18b19af0cbb", "ff56012a53c1f9ff4b861e694dcb05605a4c4f23aff1a4a2efe5c0fbb83d9f10", "9fd490f05a7cab1c35bc5d911d1dd7eab653ec040f4b5e0fecfa903acd02fa30", "811691edb836d119ba756746fb52c00bf86116cc03279659e29bbd2226ed6d47", "81862d48d9e761d5fef1cc33a64a9bd3f87b9ba7df5caa40c82facef881b6179", "a41a0da8626e4a2a6cf1f8e281b35ee5a8d098a80b3579018444768f51af7a91", "0d36017cc6ac2ccd7b332ef4efc2c3a7c039c594caab75eff13999fbb27b5980", "1b7ccd74712bddd6ae3cea21cabe65d7dad02d39a798034b04fded11b6f4107c"], "mitre_attack_tags": []}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["79c3bc8be1465c3a72ff719eef3c4435e71fc05b7dfbd62c312199c3245321eb", "4d55b18caa7ee41188782449112c0719a1ca4947369d085c574d9f0a6cbc0cb7", "c72cfbc5eceeab714b402f122959646387520e280fe45366eea5c18b19af0cbb", "ff56012a53c1f9ff4b861e694dcb05605a4c4f23aff1a4a2efe5c0fbb83d9f10", "9fd490f05a7cab1c35bc5d911d1dd7eab653ec040f4b5e0fecfa903acd02fa30", "811691edb836d119ba756746fb52c00bf86116cc03279659e29bbd2226ed6d47", "81862d48d9e761d5fef1cc33a64a9bd3f87b9ba7df5caa40c82facef881b6179", "a41a0da8626e4a2a6cf1f8e281b35ee5a8d098a80b3579018444768f51af7a91", "0d36017cc6ac2ccd7b332ef4efc2c3a7c039c594caab75eff13999fbb27b5980", "1b7ccd74712bddd6ae3cea21cabe65d7dad02d39a798034b04fded11b6f4107c"], "mitre_attack_tags": []}, {"bi": "modified-file-in-user-dir", "hashes": ["79c3bc8be1465c3a72ff719eef3c4435e71fc05b7dfbd62c312199c3245321eb", "4d55b18caa7ee41188782449112c0719a1ca4947369d085c574d9f0a6cbc0cb7", "c72cfbc5eceeab714b402f122959646387520e280fe45366eea5c18b19af0cbb", "ff56012a53c1f9ff4b861e694dcb05605a4c4f23aff1a4a2efe5c0fbb83d9f10", "9fd490f05a7cab1c35bc5d911d1dd7eab653ec040f4b5e0fecfa903acd02fa30", "811691edb836d119ba756746fb52c00bf86116cc03279659e29bbd2226ed6d47", "81862d48d9e761d5fef1cc33a64a9bd3f87b9ba7df5caa40c82facef881b6179", "a41a0da8626e4a2a6cf1f8e281b35ee5a8d098a80b3579018444768f51af7a91", "0d36017cc6ac2ccd7b332ef4efc2c3a7c039c594caab75eff13999fbb27b5980", "1b7ccd74712bddd6ae3cea21cabe65d7dad02d39a798034b04fded11b6f4107c"], "mitre_attack_tags": []}, {"bi": "pe-invalid-checksum", "hashes": ["79c3bc8be1465c3a72ff719eef3c4435e71fc05b7dfbd62c312199c3245321eb", "4d55b18caa7ee41188782449112c0719a1ca4947369d085c574d9f0a6cbc0cb7", "c72cfbc5eceeab714b402f122959646387520e280fe45366eea5c18b19af0cbb", "ff56012a53c1f9ff4b861e694dcb05605a4c4f23aff1a4a2efe5c0fbb83d9f10", "9fd490f05a7cab1c35bc5d911d1dd7eab653ec040f4b5e0fecfa903acd02fa30", "811691edb836d119ba756746fb52c00bf86116cc03279659e29bbd2226ed6d47", "81862d48d9e761d5fef1cc33a64a9bd3f87b9ba7df5caa40c82facef881b6179", "a41a0da8626e4a2a6cf1f8e281b35ee5a8d098a80b3579018444768f51af7a91", "0d36017cc6ac2ccd7b332ef4efc2c3a7c039c594caab75eff13999fbb27b5980", "1b7ccd74712bddd6ae3cea21cabe65d7dad02d39a798034b04fded11b6f4107c"], "mitre_attack_tags": []}, {"bi": "pe-filename-mismatch", "hashes": ["79c3bc8be1465c3a72ff719eef3c4435e71fc05b7dfbd62c312199c3245321eb", "4d55b18caa7ee41188782449112c0719a1ca4947369d085c574d9f0a6cbc0cb7", "c72cfbc5eceeab714b402f122959646387520e280fe45366eea5c18b19af0cbb", "ff56012a53c1f9ff4b861e694dcb05605a4c4f23aff1a4a2efe5c0fbb83d9f10", "9fd490f05a7cab1c35bc5d911d1dd7eab653ec040f4b5e0fecfa903acd02fa30", "811691edb836d119ba756746fb52c00bf86116cc03279659e29bbd2226ed6d47", "81862d48d9e761d5fef1cc33a64a9bd3f87b9ba7df5caa40c82facef881b6179", "a41a0da8626e4a2a6cf1f8e281b35ee5a8d098a80b3579018444768f51af7a91", "0d36017cc6ac2ccd7b332ef4efc2c3a7c039c594caab75eff13999fbb27b5980", "1b7ccd74712bddd6ae3cea21cabe65d7dad02d39a798034b04fded11b6f4107c"], "mitre_attack_tags": []}, {"bi": "dns-excessive-domain-queries", "hashes": ["79c3bc8be1465c3a72ff719eef3c4435e71fc05b7dfbd62c312199c3245321eb", "4d55b18caa7ee41188782449112c0719a1ca4947369d085c574d9f0a6cbc0cb7", "c72cfbc5eceeab714b402f122959646387520e280fe45366eea5c18b19af0cbb", "ff56012a53c1f9ff4b861e694dcb05605a4c4f23aff1a4a2efe5c0fbb83d9f10", "9fd490f05a7cab1c35bc5d911d1dd7eab653ec040f4b5e0fecfa903acd02fa30", "811691edb836d119ba756746fb52c00bf86116cc03279659e29bbd2226ed6d47", "81862d48d9e761d5fef1cc33a64a9bd3f87b9ba7df5caa40c82facef881b6179", "a41a0da8626e4a2a6cf1f8e281b35ee5a8d098a80b3579018444768f51af7a91", "0d36017cc6ac2ccd7b332ef4efc2c3a7c039c594caab75eff13999fbb27b5980", "1b7ccd74712bddd6ae3cea21cabe65d7dad02d39a798034b04fded11b6f4107c"], "mitre_attack_tags": ["TA0011", "T1008"]}, {"bi": "network-dns-category-dynamic", "hashes": ["79c3bc8be1465c3a72ff719eef3c4435e71fc05b7dfbd62c312199c3245321eb", "4d55b18caa7ee41188782449112c0719a1ca4947369d085c574d9f0a6cbc0cb7", "c72cfbc5eceeab714b402f122959646387520e280fe45366eea5c18b19af0cbb", "ff56012a53c1f9ff4b861e694dcb05605a4c4f23aff1a4a2efe5c0fbb83d9f10", "9fd490f05a7cab1c35bc5d911d1dd7eab653ec040f4b5e0fecfa903acd02fa30", "811691edb836d119ba756746fb52c00bf86116cc03279659e29bbd2226ed6d47", "81862d48d9e761d5fef1cc33a64a9bd3f87b9ba7df5caa40c82facef881b6179", "a41a0da8626e4a2a6cf1f8e281b35ee5a8d098a80b3579018444768f51af7a91", "0d36017cc6ac2ccd7b332ef4efc2c3a7c039c594caab75eff13999fbb27b5980", "1b7ccd74712bddd6ae3cea21cabe65d7dad02d39a798034b04fded11b6f4107c"], "mitre_attack_tags": []}, {"bi": "pe-uses-visual-basic", "hashes": ["79c3bc8be1465c3a72ff719eef3c4435e71fc05b7dfbd62c312199c3245321eb", "4d55b18caa7ee41188782449112c0719a1ca4947369d085c574d9f0a6cbc0cb7", "c72cfbc5eceeab714b402f122959646387520e280fe45366eea5c18b19af0cbb", "ff56012a53c1f9ff4b861e694dcb05605a4c4f23aff1a4a2efe5c0fbb83d9f10", "9fd490f05a7cab1c35bc5d911d1dd7eab653ec040f4b5e0fecfa903acd02fa30", "811691edb836d119ba756746fb52c00bf86116cc03279659e29bbd2226ed6d47", "81862d48d9e761d5fef1cc33a64a9bd3f87b9ba7df5caa40c82facef881b6179", "a41a0da8626e4a2a6cf1f8e281b35ee5a8d098a80b3579018444768f51af7a91", "0d36017cc6ac2ccd7b332ef4efc2c3a7c039c594caab75eff13999fbb27b5980", "1b7ccd74712bddd6ae3cea21cabe65d7dad02d39a798034b04fded11b6f4107c"], "mitre_attack_tags": []}, {"bi": "malware-known-trojan-av", "hashes": ["79c3bc8be1465c3a72ff719eef3c4435e71fc05b7dfbd62c312199c3245321eb", "4d55b18caa7ee41188782449112c0719a1ca4947369d085c574d9f0a6cbc0cb7", "c72cfbc5eceeab714b402f122959646387520e280fe45366eea5c18b19af0cbb", "ff56012a53c1f9ff4b861e694dcb05605a4c4f23aff1a4a2efe5c0fbb83d9f10", "9fd490f05a7cab1c35bc5d911d1dd7eab653ec040f4b5e0fecfa903acd02fa30", "811691edb836d119ba756746fb52c00bf86116cc03279659e29bbd2226ed6d47", "81862d48d9e761d5fef1cc33a64a9bd3f87b9ba7df5caa40c82facef881b6179", "a41a0da8626e4a2a6cf1f8e281b35ee5a8d098a80b3579018444768f51af7a91", "0d36017cc6ac2ccd7b332ef4efc2c3a7c039c594caab75eff13999fbb27b5980", "1b7ccd74712bddd6ae3cea21cabe65d7dad02d39a798034b04fded11b6f4107c"], "mitre_attack_tags": []}, {"bi": "malware-nanocore-artifact-detected", "hashes": ["79c3bc8be1465c3a72ff719eef3c4435e71fc05b7dfbd62c312199c3245321eb", "4d55b18caa7ee41188782449112c0719a1ca4947369d085c574d9f0a6cbc0cb7", "c72cfbc5eceeab714b402f122959646387520e280fe45366eea5c18b19af0cbb", "ff56012a53c1f9ff4b861e694dcb05605a4c4f23aff1a4a2efe5c0fbb83d9f10", "9fd490f05a7cab1c35bc5d911d1dd7eab653ec040f4b5e0fecfa903acd02fa30", "811691edb836d119ba756746fb52c00bf86116cc03279659e29bbd2226ed6d47", "81862d48d9e761d5fef1cc33a64a9bd3f87b9ba7df5caa40c82facef881b6179", "a41a0da8626e4a2a6cf1f8e281b35ee5a8d098a80b3579018444768f51af7a91", "0d36017cc6ac2ccd7b332ef4efc2c3a7c039c594caab75eff13999fbb27b5980", "1b7ccd74712bddd6ae3cea21cabe65d7dad02d39a798034b04fded11b6f4107c"], "mitre_attack_tags": []}, {"bi": "dns-public-server-contacted", "hashes": ["79c3bc8be1465c3a72ff719eef3c4435e71fc05b7dfbd62c312199c3245321eb", "4d55b18caa7ee41188782449112c0719a1ca4947369d085c574d9f0a6cbc0cb7", "c72cfbc5eceeab714b402f122959646387520e280fe45366eea5c18b19af0cbb", "ff56012a53c1f9ff4b861e694dcb05605a4c4f23aff1a4a2efe5c0fbb83d9f10", "9fd490f05a7cab1c35bc5d911d1dd7eab653ec040f4b5e0fecfa903acd02fa30", "811691edb836d119ba756746fb52c00bf86116cc03279659e29bbd2226ed6d47", "81862d48d9e761d5fef1cc33a64a9bd3f87b9ba7df5caa40c82facef881b6179", "a41a0da8626e4a2a6cf1f8e281b35ee5a8d098a80b3579018444768f51af7a91", "0d36017cc6ac2ccd7b332ef4efc2c3a7c039c594caab75eff13999fbb27b5980", "1b7ccd74712bddd6ae3cea21cabe65d7dad02d39a798034b04fded11b6f4107c"], "mitre_attack_tags": ["TA0011", "T1071"]}, {"bi": "sample-pe-modified-on-disk", "hashes": ["79c3bc8be1465c3a72ff719eef3c4435e71fc05b7dfbd62c312199c3245321eb", "4d55b18caa7ee41188782449112c0719a1ca4947369d085c574d9f0a6cbc0cb7", "c72cfbc5eceeab714b402f122959646387520e280fe45366eea5c18b19af0cbb", "ff56012a53c1f9ff4b861e694dcb05605a4c4f23aff1a4a2efe5c0fbb83d9f10", "9fd490f05a7cab1c35bc5d911d1dd7eab653ec040f4b5e0fecfa903acd02fa30", "811691edb836d119ba756746fb52c00bf86116cc03279659e29bbd2226ed6d47", "81862d48d9e761d5fef1cc33a64a9bd3f87b9ba7df5caa40c82facef881b6179", "a41a0da8626e4a2a6cf1f8e281b35ee5a8d098a80b3579018444768f51af7a91", "0d36017cc6ac2ccd7b332ef4efc2c3a7c039c594caab75eff13999fbb27b5980", "1b7ccd74712bddd6ae3cea21cabe65d7dad02d39a798034b04fded11b6f4107c"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "startup-folder-modification", "hashes": ["79c3bc8be1465c3a72ff719eef3c4435e71fc05b7dfbd62c312199c3245321eb", "4d55b18caa7ee41188782449112c0719a1ca4947369d085c574d9f0a6cbc0cb7", "c72cfbc5eceeab714b402f122959646387520e280fe45366eea5c18b19af0cbb", "ff56012a53c1f9ff4b861e694dcb05605a4c4f23aff1a4a2efe5c0fbb83d9f10", "9fd490f05a7cab1c35bc5d911d1dd7eab653ec040f4b5e0fecfa903acd02fa30", "811691edb836d119ba756746fb52c00bf86116cc03279659e29bbd2226ed6d47", "81862d48d9e761d5fef1cc33a64a9bd3f87b9ba7df5caa40c82facef881b6179", "a41a0da8626e4a2a6cf1f8e281b35ee5a8d098a80b3579018444768f51af7a91", "0d36017cc6ac2ccd7b332ef4efc2c3a7c039c594caab75eff13999fbb27b5980", "1b7ccd74712bddd6ae3cea21cabe65d7dad02d39a798034b04fded11b6f4107c"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "process-check-zone-identifier", "hashes": ["79c3bc8be1465c3a72ff719eef3c4435e71fc05b7dfbd62c312199c3245321eb", "4d55b18caa7ee41188782449112c0719a1ca4947369d085c574d9f0a6cbc0cb7", "c72cfbc5eceeab714b402f122959646387520e280fe45366eea5c18b19af0cbb", "ff56012a53c1f9ff4b861e694dcb05605a4c4f23aff1a4a2efe5c0fbb83d9f10", "9fd490f05a7cab1c35bc5d911d1dd7eab653ec040f4b5e0fecfa903acd02fa30", "811691edb836d119ba756746fb52c00bf86116cc03279659e29bbd2226ed6d47", "81862d48d9e761d5fef1cc33a64a9bd3f87b9ba7df5caa40c82facef881b6179", "a41a0da8626e4a2a6cf1f8e281b35ee5a8d098a80b3579018444768f51af7a91", "0d36017cc6ac2ccd7b332ef4efc2c3a7c039c594caab75eff13999fbb27b5980", "1b7ccd74712bddd6ae3cea21cabe65d7dad02d39a798034b04fded11b6f4107c"], "mitre_attack_tags": ["TA0007", "TA0005", "T1518", "T1553"]}], "category": "Dropper", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": true, "Threat Grid": true, "Umbrella": false, "WSA": false}, "description": "Nanocore is a .NET remote access trojan. Its source code has been leaked several times, making it widely available. Like other RATs, it allows full control of the system, including recording video and audio, stealing passwords, downloading files and recording keystrokes.", "hashes": ["0d36017cc6ac2ccd7b332ef4efc2c3a7c039c594caab75eff13999fbb27b5980", "1b7ccd74712bddd6ae3cea21cabe65d7dad02d39a798034b04fded11b6f4107c", "4d55b18caa7ee41188782449112c0719a1ca4947369d085c574d9f0a6cbc0cb7", "79c3bc8be1465c3a72ff719eef3c4435e71fc05b7dfbd62c312199c3245321eb", "811691edb836d119ba756746fb52c00bf86116cc03279659e29bbd2226ed6d47", "81862d48d9e761d5fef1cc33a64a9bd3f87b9ba7df5caa40c82facef881b6179", "9fd490f05a7cab1c35bc5d911d1dd7eab653ec040f4b5e0fecfa903acd02fa30", "a41a0da8626e4a2a6cf1f8e281b35ee5a8d098a80b3579018444768f51af7a91", "c72cfbc5eceeab714b402f122959646387520e280fe45366eea5c18b19af0cbb", "ff56012a53c1f9ff4b861e694dcb05605a4c4f23aff1a4a2efe5c0fbb83d9f10"], "iocs": {"domain": [{"hashes": ["0d36017cc6ac2ccd7b332ef4efc2c3a7c039c594caab75eff13999fbb27b5980", "1b7ccd74712bddd6ae3cea21cabe65d7dad02d39a798034b04fded11b6f4107c", "4d55b18caa7ee41188782449112c0719a1ca4947369d085c574d9f0a6cbc0cb7", "79c3bc8be1465c3a72ff719eef3c4435e71fc05b7dfbd62c312199c3245321eb", "811691edb836d119ba756746fb52c00bf86116cc03279659e29bbd2226ed6d47", "81862d48d9e761d5fef1cc33a64a9bd3f87b9ba7df5caa40c82facef881b6179", "9fd490f05a7cab1c35bc5d911d1dd7eab653ec040f4b5e0fecfa903acd02fa30", "a41a0da8626e4a2a6cf1f8e281b35ee5a8d098a80b3579018444768f51af7a91", "c72cfbc5eceeab714b402f122959646387520e280fe45366eea5c18b19af0cbb", "ff56012a53c1f9ff4b861e694dcb05605a4c4f23aff1a4a2efe5c0fbb83d9f10"], "host": "obelltd[.]ddns[.]net"}], "file": [{"hashes": ["0d36017cc6ac2ccd7b332ef4efc2c3a7c039c594caab75eff13999fbb27b5980", "1b7ccd74712bddd6ae3cea21cabe65d7dad02d39a798034b04fded11b6f4107c", "4d55b18caa7ee41188782449112c0719a1ca4947369d085c574d9f0a6cbc0cb7", "79c3bc8be1465c3a72ff719eef3c4435e71fc05b7dfbd62c312199c3245321eb", "811691edb836d119ba756746fb52c00bf86116cc03279659e29bbd2226ed6d47", "81862d48d9e761d5fef1cc33a64a9bd3f87b9ba7df5caa40c82facef881b6179", "9fd490f05a7cab1c35bc5d911d1dd7eab653ec040f4b5e0fecfa903acd02fa30", "a41a0da8626e4a2a6cf1f8e281b35ee5a8d098a80b3579018444768f51af7a91", "c72cfbc5eceeab714b402f122959646387520e280fe45366eea5c18b19af0cbb", "ff56012a53c1f9ff4b861e694dcb05605a4c4f23aff1a4a2efe5c0fbb83d9f10"], "path": "%APPDATA%\\D19AB989-A35F-4710-83DF-7B2DB7EFE7C5"}, {"hashes": ["0d36017cc6ac2ccd7b332ef4efc2c3a7c039c594caab75eff13999fbb27b5980", "1b7ccd74712bddd6ae3cea21cabe65d7dad02d39a798034b04fded11b6f4107c", "4d55b18caa7ee41188782449112c0719a1ca4947369d085c574d9f0a6cbc0cb7", "79c3bc8be1465c3a72ff719eef3c4435e71fc05b7dfbd62c312199c3245321eb", "811691edb836d119ba756746fb52c00bf86116cc03279659e29bbd2226ed6d47", "81862d48d9e761d5fef1cc33a64a9bd3f87b9ba7df5caa40c82facef881b6179", "9fd490f05a7cab1c35bc5d911d1dd7eab653ec040f4b5e0fecfa903acd02fa30", "a41a0da8626e4a2a6cf1f8e281b35ee5a8d098a80b3579018444768f51af7a91", "c72cfbc5eceeab714b402f122959646387520e280fe45366eea5c18b19af0cbb", "ff56012a53c1f9ff4b861e694dcb05605a4c4f23aff1a4a2efe5c0fbb83d9f10"], "path": "%APPDATA%\\D19AB989-A35F-4710-83DF-7B2DB7EFE7C5\\Logs"}, {"hashes": ["0d36017cc6ac2ccd7b332ef4efc2c3a7c039c594caab75eff13999fbb27b5980", "1b7ccd74712bddd6ae3cea21cabe65d7dad02d39a798034b04fded11b6f4107c", "4d55b18caa7ee41188782449112c0719a1ca4947369d085c574d9f0a6cbc0cb7", "79c3bc8be1465c3a72ff719eef3c4435e71fc05b7dfbd62c312199c3245321eb", "811691edb836d119ba756746fb52c00bf86116cc03279659e29bbd2226ed6d47", "81862d48d9e761d5fef1cc33a64a9bd3f87b9ba7df5caa40c82facef881b6179", "9fd490f05a7cab1c35bc5d911d1dd7eab653ec040f4b5e0fecfa903acd02fa30", "a41a0da8626e4a2a6cf1f8e281b35ee5a8d098a80b3579018444768f51af7a91", "c72cfbc5eceeab714b402f122959646387520e280fe45366eea5c18b19af0cbb", "ff56012a53c1f9ff4b861e694dcb05605a4c4f23aff1a4a2efe5c0fbb83d9f10"], "path": "%APPDATA%\\D19AB989-A35F-4710-83DF-7B2DB7EFE7C5\\Logs\\Administrator"}, {"hashes": ["0d36017cc6ac2ccd7b332ef4efc2c3a7c039c594caab75eff13999fbb27b5980", "1b7ccd74712bddd6ae3cea21cabe65d7dad02d39a798034b04fded11b6f4107c", "4d55b18caa7ee41188782449112c0719a1ca4947369d085c574d9f0a6cbc0cb7", "79c3bc8be1465c3a72ff719eef3c4435e71fc05b7dfbd62c312199c3245321eb", "811691edb836d119ba756746fb52c00bf86116cc03279659e29bbd2226ed6d47", "81862d48d9e761d5fef1cc33a64a9bd3f87b9ba7df5caa40c82facef881b6179", "9fd490f05a7cab1c35bc5d911d1dd7eab653ec040f4b5e0fecfa903acd02fa30", "a41a0da8626e4a2a6cf1f8e281b35ee5a8d098a80b3579018444768f51af7a91", "c72cfbc5eceeab714b402f122959646387520e280fe45366eea5c18b19af0cbb", "ff56012a53c1f9ff4b861e694dcb05605a4c4f23aff1a4a2efe5c0fbb83d9f10"], "path": "%APPDATA%\\D19AB989-A35F-4710-83DF-7B2DB7EFE7C5\\run.dat"}, {"hashes": ["0d36017cc6ac2ccd7b332ef4efc2c3a7c039c594caab75eff13999fbb27b5980", "1b7ccd74712bddd6ae3cea21cabe65d7dad02d39a798034b04fded11b6f4107c", "4d55b18caa7ee41188782449112c0719a1ca4947369d085c574d9f0a6cbc0cb7", "79c3bc8be1465c3a72ff719eef3c4435e71fc05b7dfbd62c312199c3245321eb", "811691edb836d119ba756746fb52c00bf86116cc03279659e29bbd2226ed6d47", "81862d48d9e761d5fef1cc33a64a9bd3f87b9ba7df5caa40c82facef881b6179", "9fd490f05a7cab1c35bc5d911d1dd7eab653ec040f4b5e0fecfa903acd02fa30", "a41a0da8626e4a2a6cf1f8e281b35ee5a8d098a80b3579018444768f51af7a91", "c72cfbc5eceeab714b402f122959646387520e280fe45366eea5c18b19af0cbb", "ff56012a53c1f9ff4b861e694dcb05605a4c4f23aff1a4a2efe5c0fbb83d9f10"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\filenet.vbe"}, {"hashes": ["0d36017cc6ac2ccd7b332ef4efc2c3a7c039c594caab75eff13999fbb27b5980", "1b7ccd74712bddd6ae3cea21cabe65d7dad02d39a798034b04fded11b6f4107c", "4d55b18caa7ee41188782449112c0719a1ca4947369d085c574d9f0a6cbc0cb7", "79c3bc8be1465c3a72ff719eef3c4435e71fc05b7dfbd62c312199c3245321eb", "811691edb836d119ba756746fb52c00bf86116cc03279659e29bbd2226ed6d47", "81862d48d9e761d5fef1cc33a64a9bd3f87b9ba7df5caa40c82facef881b6179", "9fd490f05a7cab1c35bc5d911d1dd7eab653ec040f4b5e0fecfa903acd02fa30", "a41a0da8626e4a2a6cf1f8e281b35ee5a8d098a80b3579018444768f51af7a91", "c72cfbc5eceeab714b402f122959646387520e280fe45366eea5c18b19af0cbb", "ff56012a53c1f9ff4b861e694dcb05605a4c4f23aff1a4a2efe5c0fbb83d9f10"], "path": "%APPDATA%\\filenet.exe"}], "ip": [], "mutex": [{"hashes": ["0d36017cc6ac2ccd7b332ef4efc2c3a7c039c594caab75eff13999fbb27b5980", "1b7ccd74712bddd6ae3cea21cabe65d7dad02d39a798034b04fded11b6f4107c", "4d55b18caa7ee41188782449112c0719a1ca4947369d085c574d9f0a6cbc0cb7", "79c3bc8be1465c3a72ff719eef3c4435e71fc05b7dfbd62c312199c3245321eb", "811691edb836d119ba756746fb52c00bf86116cc03279659e29bbd2226ed6d47", "81862d48d9e761d5fef1cc33a64a9bd3f87b9ba7df5caa40c82facef881b6179", "9fd490f05a7cab1c35bc5d911d1dd7eab653ec040f4b5e0fecfa903acd02fa30", "a41a0da8626e4a2a6cf1f8e281b35ee5a8d098a80b3579018444768f51af7a91", "c72cfbc5eceeab714b402f122959646387520e280fe45366eea5c18b19af0cbb", "ff56012a53c1f9ff4b861e694dcb05605a4c4f23aff1a4a2efe5c0fbb83d9f10"], "name": "Global\\{75b74e6b-77a5-42a6-b447-2fa106e8ff08}"}], "registry": []}, "reports_count": 10}, "Win.Dropper.Remcos-9994988-0": {"bis": [{"bi": "memory-execute-readwrite", "hashes": ["3eeb86ac8a50f43dc565df629a2850b0e02e566f123c83a92a36b549766df301", "7871c62f90043573a44acba9c896730f15227c23b4670022d95ac9fd6f33d922", "b54ae33e1ef5e7f555a63411c2e057cd36b22b0cacf1c7b0d6aa15326d513d68", "74f9a164ddf0693a977c6ec95a5ad3589bd4c671d932d22412f59f39fa05cade", "c0876549fb4dfb5356cb49f6e5f1ee2f42886748d2b50d7455456f52ea661176", "1d33b7a9d533212bab85b75643a357defce3e3ccc4a8e8e60d67bc20223b55b1", "dce9831c76589d0d421b7d11d0e8864ac6482cc4d33dfdb1a771ab8c67f2105d", "93e0d0ac6156d2b37f6f9275d0424c58602a5fb33ee5ff8de778be90fb0cc0c9", "7b0c7c29e518f6ffbe4dd7b3f8a7d8fba09a41eda2db2318ccc6b4990475e7e5", "b64e68eae5411c64fbab787fa265a1ec5d275f272ee4474814c06c474226da1e"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "modified-executable", "hashes": ["3eeb86ac8a50f43dc565df629a2850b0e02e566f123c83a92a36b549766df301", "7871c62f90043573a44acba9c896730f15227c23b4670022d95ac9fd6f33d922", "b54ae33e1ef5e7f555a63411c2e057cd36b22b0cacf1c7b0d6aa15326d513d68", "74f9a164ddf0693a977c6ec95a5ad3589bd4c671d932d22412f59f39fa05cade", "c0876549fb4dfb5356cb49f6e5f1ee2f42886748d2b50d7455456f52ea661176", "1d33b7a9d533212bab85b75643a357defce3e3ccc4a8e8e60d67bc20223b55b1", "dce9831c76589d0d421b7d11d0e8864ac6482cc4d33dfdb1a771ab8c67f2105d", "93e0d0ac6156d2b37f6f9275d0424c58602a5fb33ee5ff8de778be90fb0cc0c9", "7b0c7c29e518f6ffbe4dd7b3f8a7d8fba09a41eda2db2318ccc6b4990475e7e5", "b64e68eae5411c64fbab787fa265a1ec5d275f272ee4474814c06c474226da1e"], "mitre_attack_tags": []}, {"bi": "created-executable-in-user-dir", "hashes": ["3eeb86ac8a50f43dc565df629a2850b0e02e566f123c83a92a36b549766df301", "7871c62f90043573a44acba9c896730f15227c23b4670022d95ac9fd6f33d922", "b54ae33e1ef5e7f555a63411c2e057cd36b22b0cacf1c7b0d6aa15326d513d68", "74f9a164ddf0693a977c6ec95a5ad3589bd4c671d932d22412f59f39fa05cade", "c0876549fb4dfb5356cb49f6e5f1ee2f42886748d2b50d7455456f52ea661176", "1d33b7a9d533212bab85b75643a357defce3e3ccc4a8e8e60d67bc20223b55b1", "dce9831c76589d0d421b7d11d0e8864ac6482cc4d33dfdb1a771ab8c67f2105d", "93e0d0ac6156d2b37f6f9275d0424c58602a5fb33ee5ff8de778be90fb0cc0c9", "7b0c7c29e518f6ffbe4dd7b3f8a7d8fba09a41eda2db2318ccc6b4990475e7e5", "b64e68eae5411c64fbab787fa265a1ec5d275f272ee4474814c06c474226da1e"], "mitre_attack_tags": []}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["3eeb86ac8a50f43dc565df629a2850b0e02e566f123c83a92a36b549766df301", "7871c62f90043573a44acba9c896730f15227c23b4670022d95ac9fd6f33d922", "b54ae33e1ef5e7f555a63411c2e057cd36b22b0cacf1c7b0d6aa15326d513d68", "74f9a164ddf0693a977c6ec95a5ad3589bd4c671d932d22412f59f39fa05cade", "c0876549fb4dfb5356cb49f6e5f1ee2f42886748d2b50d7455456f52ea661176", "1d33b7a9d533212bab85b75643a357defce3e3ccc4a8e8e60d67bc20223b55b1", "dce9831c76589d0d421b7d11d0e8864ac6482cc4d33dfdb1a771ab8c67f2105d", "93e0d0ac6156d2b37f6f9275d0424c58602a5fb33ee5ff8de778be90fb0cc0c9", "7b0c7c29e518f6ffbe4dd7b3f8a7d8fba09a41eda2db2318ccc6b4990475e7e5", "b64e68eae5411c64fbab787fa265a1ec5d275f272ee4474814c06c474226da1e"], "mitre_attack_tags": []}, {"bi": "modified-file-in-user-dir", "hashes": ["3eeb86ac8a50f43dc565df629a2850b0e02e566f123c83a92a36b549766df301", "7871c62f90043573a44acba9c896730f15227c23b4670022d95ac9fd6f33d922", "b54ae33e1ef5e7f555a63411c2e057cd36b22b0cacf1c7b0d6aa15326d513d68", "74f9a164ddf0693a977c6ec95a5ad3589bd4c671d932d22412f59f39fa05cade", "c0876549fb4dfb5356cb49f6e5f1ee2f42886748d2b50d7455456f52ea661176", "1d33b7a9d533212bab85b75643a357defce3e3ccc4a8e8e60d67bc20223b55b1", "dce9831c76589d0d421b7d11d0e8864ac6482cc4d33dfdb1a771ab8c67f2105d", "93e0d0ac6156d2b37f6f9275d0424c58602a5fb33ee5ff8de778be90fb0cc0c9", "7b0c7c29e518f6ffbe4dd7b3f8a7d8fba09a41eda2db2318ccc6b4990475e7e5", "b64e68eae5411c64fbab787fa265a1ec5d275f272ee4474814c06c474226da1e"], "mitre_attack_tags": []}, {"bi": "pe-invalid-checksum", "hashes": ["3eeb86ac8a50f43dc565df629a2850b0e02e566f123c83a92a36b549766df301", "7871c62f90043573a44acba9c896730f15227c23b4670022d95ac9fd6f33d922", "b54ae33e1ef5e7f555a63411c2e057cd36b22b0cacf1c7b0d6aa15326d513d68", "74f9a164ddf0693a977c6ec95a5ad3589bd4c671d932d22412f59f39fa05cade", "c0876549fb4dfb5356cb49f6e5f1ee2f42886748d2b50d7455456f52ea661176", "1d33b7a9d533212bab85b75643a357defce3e3ccc4a8e8e60d67bc20223b55b1", "dce9831c76589d0d421b7d11d0e8864ac6482cc4d33dfdb1a771ab8c67f2105d", "93e0d0ac6156d2b37f6f9275d0424c58602a5fb33ee5ff8de778be90fb0cc0c9", "7b0c7c29e518f6ffbe4dd7b3f8a7d8fba09a41eda2db2318ccc6b4990475e7e5", "b64e68eae5411c64fbab787fa265a1ec5d275f272ee4474814c06c474226da1e"], "mitre_attack_tags": []}, {"bi": "artifact-flagged-anomaly", "hashes": ["3eeb86ac8a50f43dc565df629a2850b0e02e566f123c83a92a36b549766df301", "7871c62f90043573a44acba9c896730f15227c23b4670022d95ac9fd6f33d922", "b54ae33e1ef5e7f555a63411c2e057cd36b22b0cacf1c7b0d6aa15326d513d68", "74f9a164ddf0693a977c6ec95a5ad3589bd4c671d932d22412f59f39fa05cade", "c0876549fb4dfb5356cb49f6e5f1ee2f42886748d2b50d7455456f52ea661176", "1d33b7a9d533212bab85b75643a357defce3e3ccc4a8e8e60d67bc20223b55b1", "dce9831c76589d0d421b7d11d0e8864ac6482cc4d33dfdb1a771ab8c67f2105d", "93e0d0ac6156d2b37f6f9275d0424c58602a5fb33ee5ff8de778be90fb0cc0c9", "7b0c7c29e518f6ffbe4dd7b3f8a7d8fba09a41eda2db2318ccc6b4990475e7e5", "b64e68eae5411c64fbab787fa265a1ec5d275f272ee4474814c06c474226da1e"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "network-opendns-malicious", "hashes": ["3eeb86ac8a50f43dc565df629a2850b0e02e566f123c83a92a36b549766df301", "7871c62f90043573a44acba9c896730f15227c23b4670022d95ac9fd6f33d922", "b54ae33e1ef5e7f555a63411c2e057cd36b22b0cacf1c7b0d6aa15326d513d68", "74f9a164ddf0693a977c6ec95a5ad3589bd4c671d932d22412f59f39fa05cade", "c0876549fb4dfb5356cb49f6e5f1ee2f42886748d2b50d7455456f52ea661176", "1d33b7a9d533212bab85b75643a357defce3e3ccc4a8e8e60d67bc20223b55b1", "dce9831c76589d0d421b7d11d0e8864ac6482cc4d33dfdb1a771ab8c67f2105d", "93e0d0ac6156d2b37f6f9275d0424c58602a5fb33ee5ff8de778be90fb0cc0c9", "7b0c7c29e518f6ffbe4dd7b3f8a7d8fba09a41eda2db2318ccc6b4990475e7e5", "b64e68eae5411c64fbab787fa265a1ec5d275f272ee4474814c06c474226da1e"], "mitre_attack_tags": []}, {"bi": "pe-filename-mismatch", "hashes": ["3eeb86ac8a50f43dc565df629a2850b0e02e566f123c83a92a36b549766df301", "7871c62f90043573a44acba9c896730f15227c23b4670022d95ac9fd6f33d922", "b54ae33e1ef5e7f555a63411c2e057cd36b22b0cacf1c7b0d6aa15326d513d68", "74f9a164ddf0693a977c6ec95a5ad3589bd4c671d932d22412f59f39fa05cade", "c0876549fb4dfb5356cb49f6e5f1ee2f42886748d2b50d7455456f52ea661176", "1d33b7a9d533212bab85b75643a357defce3e3ccc4a8e8e60d67bc20223b55b1", "dce9831c76589d0d421b7d11d0e8864ac6482cc4d33dfdb1a771ab8c67f2105d", "93e0d0ac6156d2b37f6f9275d0424c58602a5fb33ee5ff8de778be90fb0cc0c9", "7b0c7c29e518f6ffbe4dd7b3f8a7d8fba09a41eda2db2318ccc6b4990475e7e5", "b64e68eae5411c64fbab787fa265a1ec5d275f272ee4474814c06c474226da1e"], "mitre_attack_tags": []}, {"bi": "network-fast-flux-domain", "hashes": ["3eeb86ac8a50f43dc565df629a2850b0e02e566f123c83a92a36b549766df301", "7871c62f90043573a44acba9c896730f15227c23b4670022d95ac9fd6f33d922", "b54ae33e1ef5e7f555a63411c2e057cd36b22b0cacf1c7b0d6aa15326d513d68", "74f9a164ddf0693a977c6ec95a5ad3589bd4c671d932d22412f59f39fa05cade", "c0876549fb4dfb5356cb49f6e5f1ee2f42886748d2b50d7455456f52ea661176", "1d33b7a9d533212bab85b75643a357defce3e3ccc4a8e8e60d67bc20223b55b1", "dce9831c76589d0d421b7d11d0e8864ac6482cc4d33dfdb1a771ab8c67f2105d", "93e0d0ac6156d2b37f6f9275d0424c58602a5fb33ee5ff8de778be90fb0cc0c9", "7b0c7c29e518f6ffbe4dd7b3f8a7d8fba09a41eda2db2318ccc6b4990475e7e5", "b64e68eae5411c64fbab787fa265a1ec5d275f272ee4474814c06c474226da1e"], "mitre_attack_tags": []}, {"bi": "feed-domain-rat", "hashes": ["3eeb86ac8a50f43dc565df629a2850b0e02e566f123c83a92a36b549766df301", "7871c62f90043573a44acba9c896730f15227c23b4670022d95ac9fd6f33d922", "b54ae33e1ef5e7f555a63411c2e057cd36b22b0cacf1c7b0d6aa15326d513d68", "74f9a164ddf0693a977c6ec95a5ad3589bd4c671d932d22412f59f39fa05cade", "c0876549fb4dfb5356cb49f6e5f1ee2f42886748d2b50d7455456f52ea661176", "1d33b7a9d533212bab85b75643a357defce3e3ccc4a8e8e60d67bc20223b55b1", "dce9831c76589d0d421b7d11d0e8864ac6482cc4d33dfdb1a771ab8c67f2105d", "93e0d0ac6156d2b37f6f9275d0424c58602a5fb33ee5ff8de778be90fb0cc0c9", "7b0c7c29e518f6ffbe4dd7b3f8a7d8fba09a41eda2db2318ccc6b4990475e7e5", "b64e68eae5411c64fbab787fa265a1ec5d275f272ee4474814c06c474226da1e"], "mitre_attack_tags": []}, {"bi": "feed-domain-antivirus-service", "hashes": ["3eeb86ac8a50f43dc565df629a2850b0e02e566f123c83a92a36b549766df301", "7871c62f90043573a44acba9c896730f15227c23b4670022d95ac9fd6f33d922", "b54ae33e1ef5e7f555a63411c2e057cd36b22b0cacf1c7b0d6aa15326d513d68", "74f9a164ddf0693a977c6ec95a5ad3589bd4c671d932d22412f59f39fa05cade", "c0876549fb4dfb5356cb49f6e5f1ee2f42886748d2b50d7455456f52ea661176", "1d33b7a9d533212bab85b75643a357defce3e3ccc4a8e8e60d67bc20223b55b1", "dce9831c76589d0d421b7d11d0e8864ac6482cc4d33dfdb1a771ab8c67f2105d", "93e0d0ac6156d2b37f6f9275d0424c58602a5fb33ee5ff8de778be90fb0cc0c9", "7b0c7c29e518f6ffbe4dd7b3f8a7d8fba09a41eda2db2318ccc6b4990475e7e5", "b64e68eae5411c64fbab787fa265a1ec5d275f272ee4474814c06c474226da1e"], "mitre_attack_tags": []}, {"bi": "excessive-foreign-memory-modification", "hashes": ["3eeb86ac8a50f43dc565df629a2850b0e02e566f123c83a92a36b549766df301", "7871c62f90043573a44acba9c896730f15227c23b4670022d95ac9fd6f33d922", "b54ae33e1ef5e7f555a63411c2e057cd36b22b0cacf1c7b0d6aa15326d513d68", "74f9a164ddf0693a977c6ec95a5ad3589bd4c671d932d22412f59f39fa05cade", "c0876549fb4dfb5356cb49f6e5f1ee2f42886748d2b50d7455456f52ea661176", "1d33b7a9d533212bab85b75643a357defce3e3ccc4a8e8e60d67bc20223b55b1", "dce9831c76589d0d421b7d11d0e8864ac6482cc4d33dfdb1a771ab8c67f2105d", "93e0d0ac6156d2b37f6f9275d0424c58602a5fb33ee5ff8de778be90fb0cc0c9", "7b0c7c29e518f6ffbe4dd7b3f8a7d8fba09a41eda2db2318ccc6b4990475e7e5", "b64e68eae5411c64fbab787fa265a1ec5d275f272ee4474814c06c474226da1e"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "sample-launched-copy-of-self", "hashes": ["3eeb86ac8a50f43dc565df629a2850b0e02e566f123c83a92a36b549766df301", "7871c62f90043573a44acba9c896730f15227c23b4670022d95ac9fd6f33d922", "b54ae33e1ef5e7f555a63411c2e057cd36b22b0cacf1c7b0d6aa15326d513d68", "74f9a164ddf0693a977c6ec95a5ad3589bd4c671d932d22412f59f39fa05cade", "c0876549fb4dfb5356cb49f6e5f1ee2f42886748d2b50d7455456f52ea661176", "1d33b7a9d533212bab85b75643a357defce3e3ccc4a8e8e60d67bc20223b55b1", "dce9831c76589d0d421b7d11d0e8864ac6482cc4d33dfdb1a771ab8c67f2105d", "93e0d0ac6156d2b37f6f9275d0424c58602a5fb33ee5ff8de778be90fb0cc0c9", "7b0c7c29e518f6ffbe4dd7b3f8a7d8fba09a41eda2db2318ccc6b4990475e7e5", "b64e68eae5411c64fbab787fa265a1ec5d275f272ee4474814c06c474226da1e"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "sample-launched-copy-domain-flagged", "hashes": ["3eeb86ac8a50f43dc565df629a2850b0e02e566f123c83a92a36b549766df301", "7871c62f90043573a44acba9c896730f15227c23b4670022d95ac9fd6f33d922", "b54ae33e1ef5e7f555a63411c2e057cd36b22b0cacf1c7b0d6aa15326d513d68", "74f9a164ddf0693a977c6ec95a5ad3589bd4c671d932d22412f59f39fa05cade", "c0876549fb4dfb5356cb49f6e5f1ee2f42886748d2b50d7455456f52ea661176", "1d33b7a9d533212bab85b75643a357defce3e3ccc4a8e8e60d67bc20223b55b1", "dce9831c76589d0d421b7d11d0e8864ac6482cc4d33dfdb1a771ab8c67f2105d", "93e0d0ac6156d2b37f6f9275d0424c58602a5fb33ee5ff8de778be90fb0cc0c9", "7b0c7c29e518f6ffbe4dd7b3f8a7d8fba09a41eda2db2318ccc6b4990475e7e5", "b64e68eae5411c64fbab787fa265a1ec5d275f272ee4474814c06c474226da1e"], "mitre_attack_tags": ["TA0011", "T1102"]}, {"bi": "files-created-vbs", "hashes": ["3eeb86ac8a50f43dc565df629a2850b0e02e566f123c83a92a36b549766df301", "7871c62f90043573a44acba9c896730f15227c23b4670022d95ac9fd6f33d922", "b54ae33e1ef5e7f555a63411c2e057cd36b22b0cacf1c7b0d6aa15326d513d68", "74f9a164ddf0693a977c6ec95a5ad3589bd4c671d932d22412f59f39fa05cade", "c0876549fb4dfb5356cb49f6e5f1ee2f42886748d2b50d7455456f52ea661176", "1d33b7a9d533212bab85b75643a357defce3e3ccc4a8e8e60d67bc20223b55b1", "dce9831c76589d0d421b7d11d0e8864ac6482cc4d33dfdb1a771ab8c67f2105d", "93e0d0ac6156d2b37f6f9275d0424c58602a5fb33ee5ff8de778be90fb0cc0c9", "7b0c7c29e518f6ffbe4dd7b3f8a7d8fba09a41eda2db2318ccc6b4990475e7e5", "b64e68eae5411c64fbab787fa265a1ec5d275f272ee4474814c06c474226da1e"], "mitre_attack_tags": ["TA0002", "T1059"]}, {"bi": "vbs-calls-shell", "hashes": ["3eeb86ac8a50f43dc565df629a2850b0e02e566f123c83a92a36b549766df301", "7871c62f90043573a44acba9c896730f15227c23b4670022d95ac9fd6f33d922", "b54ae33e1ef5e7f555a63411c2e057cd36b22b0cacf1c7b0d6aa15326d513d68", "74f9a164ddf0693a977c6ec95a5ad3589bd4c671d932d22412f59f39fa05cade", "c0876549fb4dfb5356cb49f6e5f1ee2f42886748d2b50d7455456f52ea661176", "1d33b7a9d533212bab85b75643a357defce3e3ccc4a8e8e60d67bc20223b55b1", "dce9831c76589d0d421b7d11d0e8864ac6482cc4d33dfdb1a771ab8c67f2105d", "93e0d0ac6156d2b37f6f9275d0424c58602a5fb33ee5ff8de778be90fb0cc0c9", "7b0c7c29e518f6ffbe4dd7b3f8a7d8fba09a41eda2db2318ccc6b4990475e7e5", "b64e68eae5411c64fbab787fa265a1ec5d275f272ee4474814c06c474226da1e"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "imports-IsDebuggerPresent", "hashes": ["3eeb86ac8a50f43dc565df629a2850b0e02e566f123c83a92a36b549766df301", "7871c62f90043573a44acba9c896730f15227c23b4670022d95ac9fd6f33d922", "b54ae33e1ef5e7f555a63411c2e057cd36b22b0cacf1c7b0d6aa15326d513d68", "74f9a164ddf0693a977c6ec95a5ad3589bd4c671d932d22412f59f39fa05cade", "c0876549fb4dfb5356cb49f6e5f1ee2f42886748d2b50d7455456f52ea661176", "1d33b7a9d533212bab85b75643a357defce3e3ccc4a8e8e60d67bc20223b55b1", "dce9831c76589d0d421b7d11d0e8864ac6482cc4d33dfdb1a771ab8c67f2105d", "93e0d0ac6156d2b37f6f9275d0424c58602a5fb33ee5ff8de778be90fb0cc0c9", "7b0c7c29e518f6ffbe4dd7b3f8a7d8fba09a41eda2db2318ccc6b4990475e7e5", "b64e68eae5411c64fbab787fa265a1ec5d275f272ee4474814c06c474226da1e"], "mitre_attack_tags": ["TA0005", "TA0007"]}, {"bi": "pe-imports-psapi-dll", "hashes": ["3eeb86ac8a50f43dc565df629a2850b0e02e566f123c83a92a36b549766df301", "7871c62f90043573a44acba9c896730f15227c23b4670022d95ac9fd6f33d922", "b54ae33e1ef5e7f555a63411c2e057cd36b22b0cacf1c7b0d6aa15326d513d68", "74f9a164ddf0693a977c6ec95a5ad3589bd4c671d932d22412f59f39fa05cade", "c0876549fb4dfb5356cb49f6e5f1ee2f42886748d2b50d7455456f52ea661176", "1d33b7a9d533212bab85b75643a357defce3e3ccc4a8e8e60d67bc20223b55b1", "dce9831c76589d0d421b7d11d0e8864ac6482cc4d33dfdb1a771ab8c67f2105d", "93e0d0ac6156d2b37f6f9275d0424c58602a5fb33ee5ff8de778be90fb0cc0c9", "7b0c7c29e518f6ffbe4dd7b3f8a7d8fba09a41eda2db2318ccc6b4990475e7e5", "b64e68eae5411c64fbab787fa265a1ec5d275f272ee4474814c06c474226da1e"], "mitre_attack_tags": ["TA0007", "T1057"]}, {"bi": "process-hollowing-detected", "hashes": ["3eeb86ac8a50f43dc565df629a2850b0e02e566f123c83a92a36b549766df301", "7871c62f90043573a44acba9c896730f15227c23b4670022d95ac9fd6f33d922", "b54ae33e1ef5e7f555a63411c2e057cd36b22b0cacf1c7b0d6aa15326d513d68", "74f9a164ddf0693a977c6ec95a5ad3589bd4c671d932d22412f59f39fa05cade", "c0876549fb4dfb5356cb49f6e5f1ee2f42886748d2b50d7455456f52ea661176", "1d33b7a9d533212bab85b75643a357defce3e3ccc4a8e8e60d67bc20223b55b1", "dce9831c76589d0d421b7d11d0e8864ac6482cc4d33dfdb1a771ab8c67f2105d", "93e0d0ac6156d2b37f6f9275d0424c58602a5fb33ee5ff8de778be90fb0cc0c9", "7b0c7c29e518f6ffbe4dd7b3f8a7d8fba09a41eda2db2318ccc6b4990475e7e5", "b64e68eae5411c64fbab787fa265a1ec5d275f272ee4474814c06c474226da1e"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "pe-certificate", "hashes": ["3eeb86ac8a50f43dc565df629a2850b0e02e566f123c83a92a36b549766df301", "7871c62f90043573a44acba9c896730f15227c23b4670022d95ac9fd6f33d922", "b54ae33e1ef5e7f555a63411c2e057cd36b22b0cacf1c7b0d6aa15326d513d68", "74f9a164ddf0693a977c6ec95a5ad3589bd4c671d932d22412f59f39fa05cade", "c0876549fb4dfb5356cb49f6e5f1ee2f42886748d2b50d7455456f52ea661176", "1d33b7a9d533212bab85b75643a357defce3e3ccc4a8e8e60d67bc20223b55b1", "dce9831c76589d0d421b7d11d0e8864ac6482cc4d33dfdb1a771ab8c67f2105d", "93e0d0ac6156d2b37f6f9275d0424c58602a5fb33ee5ff8de778be90fb0cc0c9", "7b0c7c29e518f6ffbe4dd7b3f8a7d8fba09a41eda2db2318ccc6b4990475e7e5", "b64e68eae5411c64fbab787fa265a1ec5d275f272ee4474814c06c474226da1e"], "mitre_attack_tags": []}, {"bi": "pe-imports-toolhelp", "hashes": ["3eeb86ac8a50f43dc565df629a2850b0e02e566f123c83a92a36b549766df301", "7871c62f90043573a44acba9c896730f15227c23b4670022d95ac9fd6f33d922", "b54ae33e1ef5e7f555a63411c2e057cd36b22b0cacf1c7b0d6aa15326d513d68", "74f9a164ddf0693a977c6ec95a5ad3589bd4c671d932d22412f59f39fa05cade", "c0876549fb4dfb5356cb49f6e5f1ee2f42886748d2b50d7455456f52ea661176", "1d33b7a9d533212bab85b75643a357defce3e3ccc4a8e8e60d67bc20223b55b1", "dce9831c76589d0d421b7d11d0e8864ac6482cc4d33dfdb1a771ab8c67f2105d", "93e0d0ac6156d2b37f6f9275d0424c58602a5fb33ee5ff8de778be90fb0cc0c9", "7b0c7c29e518f6ffbe4dd7b3f8a7d8fba09a41eda2db2318ccc6b4990475e7e5", "b64e68eae5411c64fbab787fa265a1ec5d275f272ee4474814c06c474226da1e"], "mitre_attack_tags": ["TA0007", "T1057"]}, {"bi": "startup-folder-modification", "hashes": ["3eeb86ac8a50f43dc565df629a2850b0e02e566f123c83a92a36b549766df301", "7871c62f90043573a44acba9c896730f15227c23b4670022d95ac9fd6f33d922", "b54ae33e1ef5e7f555a63411c2e057cd36b22b0cacf1c7b0d6aa15326d513d68", "74f9a164ddf0693a977c6ec95a5ad3589bd4c671d932d22412f59f39fa05cade", "c0876549fb4dfb5356cb49f6e5f1ee2f42886748d2b50d7455456f52ea661176", "1d33b7a9d533212bab85b75643a357defce3e3ccc4a8e8e60d67bc20223b55b1", "dce9831c76589d0d421b7d11d0e8864ac6482cc4d33dfdb1a771ab8c67f2105d", "93e0d0ac6156d2b37f6f9275d0424c58602a5fb33ee5ff8de778be90fb0cc0c9", "7b0c7c29e518f6ffbe4dd7b3f8a7d8fba09a41eda2db2318ccc6b4990475e7e5", "b64e68eae5411c64fbab787fa265a1ec5d275f272ee4474814c06c474226da1e"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "malware-remcos-mutex", "hashes": ["3eeb86ac8a50f43dc565df629a2850b0e02e566f123c83a92a36b549766df301", "7871c62f90043573a44acba9c896730f15227c23b4670022d95ac9fd6f33d922", "b54ae33e1ef5e7f555a63411c2e057cd36b22b0cacf1c7b0d6aa15326d513d68", "74f9a164ddf0693a977c6ec95a5ad3589bd4c671d932d22412f59f39fa05cade", "c0876549fb4dfb5356cb49f6e5f1ee2f42886748d2b50d7455456f52ea661176", "1d33b7a9d533212bab85b75643a357defce3e3ccc4a8e8e60d67bc20223b55b1", "dce9831c76589d0d421b7d11d0e8864ac6482cc4d33dfdb1a771ab8c67f2105d", "93e0d0ac6156d2b37f6f9275d0424c58602a5fb33ee5ff8de778be90fb0cc0c9", "7b0c7c29e518f6ffbe4dd7b3f8a7d8fba09a41eda2db2318ccc6b4990475e7e5", "b64e68eae5411c64fbab787fa265a1ec5d275f272ee4474814c06c474226da1e"], "mitre_attack_tags": []}, {"bi": "pe-invalid-certificate-signature", "hashes": ["3eeb86ac8a50f43dc565df629a2850b0e02e566f123c83a92a36b549766df301", "7871c62f90043573a44acba9c896730f15227c23b4670022d95ac9fd6f33d922", "b54ae33e1ef5e7f555a63411c2e057cd36b22b0cacf1c7b0d6aa15326d513d68", "74f9a164ddf0693a977c6ec95a5ad3589bd4c671d932d22412f59f39fa05cade", "c0876549fb4dfb5356cb49f6e5f1ee2f42886748d2b50d7455456f52ea661176", "1d33b7a9d533212bab85b75643a357defce3e3ccc4a8e8e60d67bc20223b55b1", "dce9831c76589d0d421b7d11d0e8864ac6482cc4d33dfdb1a771ab8c67f2105d", "93e0d0ac6156d2b37f6f9275d0424c58602a5fb33ee5ff8de778be90fb0cc0c9", "7b0c7c29e518f6ffbe4dd7b3f8a7d8fba09a41eda2db2318ccc6b4990475e7e5", "b64e68eae5411c64fbab787fa265a1ec5d275f272ee4474814c06c474226da1e"], "mitre_attack_tags": ["TA0005", "T1553"]}, {"bi": "malware-remcos-path", "hashes": ["3eeb86ac8a50f43dc565df629a2850b0e02e566f123c83a92a36b549766df301", "7871c62f90043573a44acba9c896730f15227c23b4670022d95ac9fd6f33d922", "b54ae33e1ef5e7f555a63411c2e057cd36b22b0cacf1c7b0d6aa15326d513d68", "74f9a164ddf0693a977c6ec95a5ad3589bd4c671d932d22412f59f39fa05cade", "c0876549fb4dfb5356cb49f6e5f1ee2f42886748d2b50d7455456f52ea661176", "1d33b7a9d533212bab85b75643a357defce3e3ccc4a8e8e60d67bc20223b55b1", "dce9831c76589d0d421b7d11d0e8864ac6482cc4d33dfdb1a771ab8c67f2105d", "93e0d0ac6156d2b37f6f9275d0424c58602a5fb33ee5ff8de778be90fb0cc0c9", "7b0c7c29e518f6ffbe4dd7b3f8a7d8fba09a41eda2db2318ccc6b4990475e7e5", "b64e68eae5411c64fbab787fa265a1ec5d275f272ee4474814c06c474226da1e"], "mitre_attack_tags": []}, {"bi": "malware-remcos-registry", "hashes": ["3eeb86ac8a50f43dc565df629a2850b0e02e566f123c83a92a36b549766df301", "7871c62f90043573a44acba9c896730f15227c23b4670022d95ac9fd6f33d922", "b54ae33e1ef5e7f555a63411c2e057cd36b22b0cacf1c7b0d6aa15326d513d68", "74f9a164ddf0693a977c6ec95a5ad3589bd4c671d932d22412f59f39fa05cade", "c0876549fb4dfb5356cb49f6e5f1ee2f42886748d2b50d7455456f52ea661176", "1d33b7a9d533212bab85b75643a357defce3e3ccc4a8e8e60d67bc20223b55b1", "dce9831c76589d0d421b7d11d0e8864ac6482cc4d33dfdb1a771ab8c67f2105d", "93e0d0ac6156d2b37f6f9275d0424c58602a5fb33ee5ff8de778be90fb0cc0c9", "7b0c7c29e518f6ffbe4dd7b3f8a7d8fba09a41eda2db2318ccc6b4990475e7e5", "b64e68eae5411c64fbab787fa265a1ec5d275f272ee4474814c06c474226da1e"], "mitre_attack_tags": ["TA0009", "TA0006", "TA0011", "T1056", "T1113", "T1125", "T1123", "T1105"]}, {"bi": "pe-uses-autoit", "hashes": ["3eeb86ac8a50f43dc565df629a2850b0e02e566f123c83a92a36b549766df301", "7871c62f90043573a44acba9c896730f15227c23b4670022d95ac9fd6f33d922", "b54ae33e1ef5e7f555a63411c2e057cd36b22b0cacf1c7b0d6aa15326d513d68", "74f9a164ddf0693a977c6ec95a5ad3589bd4c671d932d22412f59f39fa05cade", "c0876549fb4dfb5356cb49f6e5f1ee2f42886748d2b50d7455456f52ea661176", "1d33b7a9d533212bab85b75643a357defce3e3ccc4a8e8e60d67bc20223b55b1", "dce9831c76589d0d421b7d11d0e8864ac6482cc4d33dfdb1a771ab8c67f2105d", "93e0d0ac6156d2b37f6f9275d0424c58602a5fb33ee5ff8de778be90fb0cc0c9", "7b0c7c29e518f6ffbe4dd7b3f8a7d8fba09a41eda2db2318ccc6b4990475e7e5", "b64e68eae5411c64fbab787fa265a1ec5d275f272ee4474814c06c474226da1e"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "artifact-flagged-suspicious-au3", "hashes": ["3eeb86ac8a50f43dc565df629a2850b0e02e566f123c83a92a36b549766df301", "7871c62f90043573a44acba9c896730f15227c23b4670022d95ac9fd6f33d922", "b54ae33e1ef5e7f555a63411c2e057cd36b22b0cacf1c7b0d6aa15326d513d68", "74f9a164ddf0693a977c6ec95a5ad3589bd4c671d932d22412f59f39fa05cade", "c0876549fb4dfb5356cb49f6e5f1ee2f42886748d2b50d7455456f52ea661176", "1d33b7a9d533212bab85b75643a357defce3e3ccc4a8e8e60d67bc20223b55b1", "dce9831c76589d0d421b7d11d0e8864ac6482cc4d33dfdb1a771ab8c67f2105d", "93e0d0ac6156d2b37f6f9275d0424c58602a5fb33ee5ff8de778be90fb0cc0c9", "7b0c7c29e518f6ffbe4dd7b3f8a7d8fba09a41eda2db2318ccc6b4990475e7e5", "b64e68eae5411c64fbab787fa265a1ec5d275f272ee4474814c06c474226da1e"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "network-dns-category-cnc", "hashes": ["b54ae33e1ef5e7f555a63411c2e057cd36b22b0cacf1c7b0d6aa15326d513d68", "74f9a164ddf0693a977c6ec95a5ad3589bd4c671d932d22412f59f39fa05cade", "c0876549fb4dfb5356cb49f6e5f1ee2f42886748d2b50d7455456f52ea661176", "1d33b7a9d533212bab85b75643a357defce3e3ccc4a8e8e60d67bc20223b55b1", "dce9831c76589d0d421b7d11d0e8864ac6482cc4d33dfdb1a771ab8c67f2105d", "93e0d0ac6156d2b37f6f9275d0424c58602a5fb33ee5ff8de778be90fb0cc0c9", "7b0c7c29e518f6ffbe4dd7b3f8a7d8fba09a41eda2db2318ccc6b4990475e7e5", "b64e68eae5411c64fbab787fa265a1ec5d275f272ee4474814c06c474226da1e"], "mitre_attack_tags": ["TA0011"]}], "category": "Dropper", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": true, "Threat Grid": true, "Umbrella": true, "WSA": true}, "description": "Remcos is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes, interact with a webcam and capture screenshots. This malware is commonly delivered through Microsoft Office documents with macros, sent as attachments on malicious emails.", "hashes": ["1d33b7a9d533212bab85b75643a357defce3e3ccc4a8e8e60d67bc20223b55b1", "3eeb86ac8a50f43dc565df629a2850b0e02e566f123c83a92a36b549766df301", "74f9a164ddf0693a977c6ec95a5ad3589bd4c671d932d22412f59f39fa05cade", "7871c62f90043573a44acba9c896730f15227c23b4670022d95ac9fd6f33d922", "7b0c7c29e518f6ffbe4dd7b3f8a7d8fba09a41eda2db2318ccc6b4990475e7e5", "93e0d0ac6156d2b37f6f9275d0424c58602a5fb33ee5ff8de778be90fb0cc0c9", "b54ae33e1ef5e7f555a63411c2e057cd36b22b0cacf1c7b0d6aa15326d513d68", "b64e68eae5411c64fbab787fa265a1ec5d275f272ee4474814c06c474226da1e", "c0876549fb4dfb5356cb49f6e5f1ee2f42886748d2b50d7455456f52ea661176", "dce9831c76589d0d421b7d11d0e8864ac6482cc4d33dfdb1a771ab8c67f2105d"], "iocs": {"domain": [{"hashes": ["1d33b7a9d533212bab85b75643a357defce3e3ccc4a8e8e60d67bc20223b55b1", "3eeb86ac8a50f43dc565df629a2850b0e02e566f123c83a92a36b549766df301", "74f9a164ddf0693a977c6ec95a5ad3589bd4c671d932d22412f59f39fa05cade", "7871c62f90043573a44acba9c896730f15227c23b4670022d95ac9fd6f33d922", "7b0c7c29e518f6ffbe4dd7b3f8a7d8fba09a41eda2db2318ccc6b4990475e7e5", "93e0d0ac6156d2b37f6f9275d0424c58602a5fb33ee5ff8de778be90fb0cc0c9", "b54ae33e1ef5e7f555a63411c2e057cd36b22b0cacf1c7b0d6aa15326d513d68", "b64e68eae5411c64fbab787fa265a1ec5d275f272ee4474814c06c474226da1e", "c0876549fb4dfb5356cb49f6e5f1ee2f42886748d2b50d7455456f52ea661176", "dce9831c76589d0d421b7d11d0e8864ac6482cc4d33dfdb1a771ab8c67f2105d"], "host": "remcoss[.]onmypc[.]org"}], "file": [{"hashes": ["1d33b7a9d533212bab85b75643a357defce3e3ccc4a8e8e60d67bc20223b55b1", "3eeb86ac8a50f43dc565df629a2850b0e02e566f123c83a92a36b549766df301", "74f9a164ddf0693a977c6ec95a5ad3589bd4c671d932d22412f59f39fa05cade", "7871c62f90043573a44acba9c896730f15227c23b4670022d95ac9fd6f33d922", "7b0c7c29e518f6ffbe4dd7b3f8a7d8fba09a41eda2db2318ccc6b4990475e7e5", "93e0d0ac6156d2b37f6f9275d0424c58602a5fb33ee5ff8de778be90fb0cc0c9", "b54ae33e1ef5e7f555a63411c2e057cd36b22b0cacf1c7b0d6aa15326d513d68", "b64e68eae5411c64fbab787fa265a1ec5d275f272ee4474814c06c474226da1e", "c0876549fb4dfb5356cb49f6e5f1ee2f42886748d2b50d7455456f52ea661176", "dce9831c76589d0d421b7d11d0e8864ac6482cc4d33dfdb1a771ab8c67f2105d"], "path": "%APPDATA%\\remcos"}, {"hashes": ["1d33b7a9d533212bab85b75643a357defce3e3ccc4a8e8e60d67bc20223b55b1", "3eeb86ac8a50f43dc565df629a2850b0e02e566f123c83a92a36b549766df301", "74f9a164ddf0693a977c6ec95a5ad3589bd4c671d932d22412f59f39fa05cade", "7871c62f90043573a44acba9c896730f15227c23b4670022d95ac9fd6f33d922", "7b0c7c29e518f6ffbe4dd7b3f8a7d8fba09a41eda2db2318ccc6b4990475e7e5", "93e0d0ac6156d2b37f6f9275d0424c58602a5fb33ee5ff8de778be90fb0cc0c9", "b54ae33e1ef5e7f555a63411c2e057cd36b22b0cacf1c7b0d6aa15326d513d68", "b64e68eae5411c64fbab787fa265a1ec5d275f272ee4474814c06c474226da1e", "c0876549fb4dfb5356cb49f6e5f1ee2f42886748d2b50d7455456f52ea661176", "dce9831c76589d0d421b7d11d0e8864ac6482cc4d33dfdb1a771ab8c67f2105d"], "path": "%APPDATA%\\remcos\\logs.dat"}, {"hashes": ["1d33b7a9d533212bab85b75643a357defce3e3ccc4a8e8e60d67bc20223b55b1", "3eeb86ac8a50f43dc565df629a2850b0e02e566f123c83a92a36b549766df301", "74f9a164ddf0693a977c6ec95a5ad3589bd4c671d932d22412f59f39fa05cade", "7871c62f90043573a44acba9c896730f15227c23b4670022d95ac9fd6f33d922", "7b0c7c29e518f6ffbe4dd7b3f8a7d8fba09a41eda2db2318ccc6b4990475e7e5", "93e0d0ac6156d2b37f6f9275d0424c58602a5fb33ee5ff8de778be90fb0cc0c9", "b54ae33e1ef5e7f555a63411c2e057cd36b22b0cacf1c7b0d6aa15326d513d68", "b64e68eae5411c64fbab787fa265a1ec5d275f272ee4474814c06c474226da1e", "c0876549fb4dfb5356cb49f6e5f1ee2f42886748d2b50d7455456f52ea661176", "dce9831c76589d0d421b7d11d0e8864ac6482cc4d33dfdb1a771ab8c67f2105d"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\whoami.url"}, {"hashes": ["1d33b7a9d533212bab85b75643a357defce3e3ccc4a8e8e60d67bc20223b55b1", "3eeb86ac8a50f43dc565df629a2850b0e02e566f123c83a92a36b549766df301", "74f9a164ddf0693a977c6ec95a5ad3589bd4c671d932d22412f59f39fa05cade", "7871c62f90043573a44acba9c896730f15227c23b4670022d95ac9fd6f33d922", "7b0c7c29e518f6ffbe4dd7b3f8a7d8fba09a41eda2db2318ccc6b4990475e7e5", "93e0d0ac6156d2b37f6f9275d0424c58602a5fb33ee5ff8de778be90fb0cc0c9", "b54ae33e1ef5e7f555a63411c2e057cd36b22b0cacf1c7b0d6aa15326d513d68", "b64e68eae5411c64fbab787fa265a1ec5d275f272ee4474814c06c474226da1e", "c0876549fb4dfb5356cb49f6e5f1ee2f42886748d2b50d7455456f52ea661176", "dce9831c76589d0d421b7d11d0e8864ac6482cc4d33dfdb1a771ab8c67f2105d"], "path": "%HOMEPATH%\\WerFault"}, {"hashes": ["1d33b7a9d533212bab85b75643a357defce3e3ccc4a8e8e60d67bc20223b55b1", "3eeb86ac8a50f43dc565df629a2850b0e02e566f123c83a92a36b549766df301", "74f9a164ddf0693a977c6ec95a5ad3589bd4c671d932d22412f59f39fa05cade", "7871c62f90043573a44acba9c896730f15227c23b4670022d95ac9fd6f33d922", "7b0c7c29e518f6ffbe4dd7b3f8a7d8fba09a41eda2db2318ccc6b4990475e7e5", "93e0d0ac6156d2b37f6f9275d0424c58602a5fb33ee5ff8de778be90fb0cc0c9", "b54ae33e1ef5e7f555a63411c2e057cd36b22b0cacf1c7b0d6aa15326d513d68", "b64e68eae5411c64fbab787fa265a1ec5d275f272ee4474814c06c474226da1e", "c0876549fb4dfb5356cb49f6e5f1ee2f42886748d2b50d7455456f52ea661176", "dce9831c76589d0d421b7d11d0e8864ac6482cc4d33dfdb1a771ab8c67f2105d"], "path": "%HOMEPATH%\\WerFault\\ipconfig.exe"}, {"hashes": ["1d33b7a9d533212bab85b75643a357defce3e3ccc4a8e8e60d67bc20223b55b1", "3eeb86ac8a50f43dc565df629a2850b0e02e566f123c83a92a36b549766df301", "74f9a164ddf0693a977c6ec95a5ad3589bd4c671d932d22412f59f39fa05cade", "7871c62f90043573a44acba9c896730f15227c23b4670022d95ac9fd6f33d922", "7b0c7c29e518f6ffbe4dd7b3f8a7d8fba09a41eda2db2318ccc6b4990475e7e5", "93e0d0ac6156d2b37f6f9275d0424c58602a5fb33ee5ff8de778be90fb0cc0c9", "b54ae33e1ef5e7f555a63411c2e057cd36b22b0cacf1c7b0d6aa15326d513d68", "b64e68eae5411c64fbab787fa265a1ec5d275f272ee4474814c06c474226da1e", "c0876549fb4dfb5356cb49f6e5f1ee2f42886748d2b50d7455456f52ea661176", "dce9831c76589d0d421b7d11d0e8864ac6482cc4d33dfdb1a771ab8c67f2105d"], "path": "%HOMEPATH%\\WerFault\\whoami.vbs"}], "ip": [{"hashes": ["1d33b7a9d533212bab85b75643a357defce3e3ccc4a8e8e60d67bc20223b55b1", "3eeb86ac8a50f43dc565df629a2850b0e02e566f123c83a92a36b549766df301", "74f9a164ddf0693a977c6ec95a5ad3589bd4c671d932d22412f59f39fa05cade", "7871c62f90043573a44acba9c896730f15227c23b4670022d95ac9fd6f33d922", "7b0c7c29e518f6ffbe4dd7b3f8a7d8fba09a41eda2db2318ccc6b4990475e7e5", "93e0d0ac6156d2b37f6f9275d0424c58602a5fb33ee5ff8de778be90fb0cc0c9", "b54ae33e1ef5e7f555a63411c2e057cd36b22b0cacf1c7b0d6aa15326d513d68", "b64e68eae5411c64fbab787fa265a1ec5d275f272ee4474814c06c474226da1e", "c0876549fb4dfb5356cb49f6e5f1ee2f42886748d2b50d7455456f52ea661176", "dce9831c76589d0d421b7d11d0e8864ac6482cc4d33dfdb1a771ab8c67f2105d"], "ip": "185[.]29[.]11[.]31"}], "mutex": [{"hashes": ["1d33b7a9d533212bab85b75643a357defce3e3ccc4a8e8e60d67bc20223b55b1", "3eeb86ac8a50f43dc565df629a2850b0e02e566f123c83a92a36b549766df301", "74f9a164ddf0693a977c6ec95a5ad3589bd4c671d932d22412f59f39fa05cade", "7871c62f90043573a44acba9c896730f15227c23b4670022d95ac9fd6f33d922", "7b0c7c29e518f6ffbe4dd7b3f8a7d8fba09a41eda2db2318ccc6b4990475e7e5", "93e0d0ac6156d2b37f6f9275d0424c58602a5fb33ee5ff8de778be90fb0cc0c9", "b54ae33e1ef5e7f555a63411c2e057cd36b22b0cacf1c7b0d6aa15326d513d68", "b64e68eae5411c64fbab787fa265a1ec5d275f272ee4474814c06c474226da1e", "c0876549fb4dfb5356cb49f6e5f1ee2f42886748d2b50d7455456f52ea661176", "dce9831c76589d0d421b7d11d0e8864ac6482cc4d33dfdb1a771ab8c67f2105d"], "name": "Remcos_Mutex_Inj"}, {"hashes": ["1d33b7a9d533212bab85b75643a357defce3e3ccc4a8e8e60d67bc20223b55b1", "3eeb86ac8a50f43dc565df629a2850b0e02e566f123c83a92a36b549766df301", "74f9a164ddf0693a977c6ec95a5ad3589bd4c671d932d22412f59f39fa05cade", "7871c62f90043573a44acba9c896730f15227c23b4670022d95ac9fd6f33d922", "7b0c7c29e518f6ffbe4dd7b3f8a7d8fba09a41eda2db2318ccc6b4990475e7e5", "93e0d0ac6156d2b37f6f9275d0424c58602a5fb33ee5ff8de778be90fb0cc0c9", "b54ae33e1ef5e7f555a63411c2e057cd36b22b0cacf1c7b0d6aa15326d513d68", "b64e68eae5411c64fbab787fa265a1ec5d275f272ee4474814c06c474226da1e", "c0876549fb4dfb5356cb49f6e5f1ee2f42886748d2b50d7455456f52ea661176", "dce9831c76589d0d421b7d11d0e8864ac6482cc4d33dfdb1a771ab8c67f2105d"], "name": "dccw"}, {"hashes": ["1d33b7a9d533212bab85b75643a357defce3e3ccc4a8e8e60d67bc20223b55b1", "3eeb86ac8a50f43dc565df629a2850b0e02e566f123c83a92a36b549766df301", "74f9a164ddf0693a977c6ec95a5ad3589bd4c671d932d22412f59f39fa05cade", "7871c62f90043573a44acba9c896730f15227c23b4670022d95ac9fd6f33d922", "7b0c7c29e518f6ffbe4dd7b3f8a7d8fba09a41eda2db2318ccc6b4990475e7e5", "93e0d0ac6156d2b37f6f9275d0424c58602a5fb33ee5ff8de778be90fb0cc0c9", "b54ae33e1ef5e7f555a63411c2e057cd36b22b0cacf1c7b0d6aa15326d513d68", "b64e68eae5411c64fbab787fa265a1ec5d275f272ee4474814c06c474226da1e", "c0876549fb4dfb5356cb49f6e5f1ee2f42886748d2b50d7455456f52ea661176", "dce9831c76589d0d421b7d11d0e8864ac6482cc4d33dfdb1a771ab8c67f2105d"], "name": "r-8943LY"}], "registry": [{"hashes": ["1d33b7a9d533212bab85b75643a357defce3e3ccc4a8e8e60d67bc20223b55b1", "3eeb86ac8a50f43dc565df629a2850b0e02e566f123c83a92a36b549766df301", "74f9a164ddf0693a977c6ec95a5ad3589bd4c671d932d22412f59f39fa05cade", "7871c62f90043573a44acba9c896730f15227c23b4670022d95ac9fd6f33d922", "7b0c7c29e518f6ffbe4dd7b3f8a7d8fba09a41eda2db2318ccc6b4990475e7e5", "93e0d0ac6156d2b37f6f9275d0424c58602a5fb33ee5ff8de778be90fb0cc0c9", "b54ae33e1ef5e7f555a63411c2e057cd36b22b0cacf1c7b0d6aa15326d513d68", "b64e68eae5411c64fbab787fa265a1ec5d275f272ee4474814c06c474226da1e", "c0876549fb4dfb5356cb49f6e5f1ee2f42886748d2b50d7455456f52ea661176", "dce9831c76589d0d421b7d11d0e8864ac6482cc4d33dfdb1a771ab8c67f2105d"], "key": "<HKCU>\\SOFTWARE\\R-8943LY", "value_name": "licence"}, {"hashes": ["1d33b7a9d533212bab85b75643a357defce3e3ccc4a8e8e60d67bc20223b55b1", "3eeb86ac8a50f43dc565df629a2850b0e02e566f123c83a92a36b549766df301", "74f9a164ddf0693a977c6ec95a5ad3589bd4c671d932d22412f59f39fa05cade", "7871c62f90043573a44acba9c896730f15227c23b4670022d95ac9fd6f33d922", "7b0c7c29e518f6ffbe4dd7b3f8a7d8fba09a41eda2db2318ccc6b4990475e7e5", "93e0d0ac6156d2b37f6f9275d0424c58602a5fb33ee5ff8de778be90fb0cc0c9", "b54ae33e1ef5e7f555a63411c2e057cd36b22b0cacf1c7b0d6aa15326d513d68", "b64e68eae5411c64fbab787fa265a1ec5d275f272ee4474814c06c474226da1e", "c0876549fb4dfb5356cb49f6e5f1ee2f42886748d2b50d7455456f52ea661176", "dce9831c76589d0d421b7d11d0e8864ac6482cc4d33dfdb1a771ab8c67f2105d"], "key": "<HKCU>\\SOFTWARE\\R-8943LY", "value_name": null}, {"hashes": ["1d33b7a9d533212bab85b75643a357defce3e3ccc4a8e8e60d67bc20223b55b1", "3eeb86ac8a50f43dc565df629a2850b0e02e566f123c83a92a36b549766df301", "74f9a164ddf0693a977c6ec95a5ad3589bd4c671d932d22412f59f39fa05cade", "7871c62f90043573a44acba9c896730f15227c23b4670022d95ac9fd6f33d922", "7b0c7c29e518f6ffbe4dd7b3f8a7d8fba09a41eda2db2318ccc6b4990475e7e5", "93e0d0ac6156d2b37f6f9275d0424c58602a5fb33ee5ff8de778be90fb0cc0c9", "b54ae33e1ef5e7f555a63411c2e057cd36b22b0cacf1c7b0d6aa15326d513d68", "b64e68eae5411c64fbab787fa265a1ec5d275f272ee4474814c06c474226da1e", "c0876549fb4dfb5356cb49f6e5f1ee2f42886748d2b50d7455456f52ea661176", "dce9831c76589d0d421b7d11d0e8864ac6482cc4d33dfdb1a771ab8c67f2105d"], "key": "<HKCU>\\SOFTWARE\\R-8943LY", "value_name": "exepath"}]}, "reports_count": 10}, "Win.Dropper.Shiz-9995265-0": {"bis": [{"bi": "antivirus-flagged-artifact", "hashes": ["e612a2ccdd0315fb7490d804b0befd8835d77efc0fcbd13a28805ff58e0d9f21", "2a3427057a865172a65af32928e71f316d86ab21cd3891a29c99cc2152594d79", "01dfdcbc1c5a712ad5719072756748055311914c08458c9bf451affb40581212", "23fc4e653d62151714cc182e969f09dfb0b2c8e8b23ee1e8d370c937235d577b", "37377bd36d7d46bb717a42d959114231165ef80cb43aed53cfb315b9cfaee693", "126bfe53eb3e3d1c05c827ba28d4d14bc200dc6dfb07d42319b589e3b794f389", "384a88aa045a2bdff9d8f4c559c2339a2dc9fe09a51e4cada6ce678de99e35e5", "1bc6e1b9e060db9efb8fb508c9d14fff6ca84ae61e2dbe7a89aa44b71ca5e1ef", "2ee6780c728fe0d17f0e49a2fc5081701cabb6709830dc5ddd48d57ecf1da154", "21a919ce78c3911b87b904d9c7a91b3c21c0439b30f851e6119b3f3e0a02330e", "1ed4eb3a205a157fa0861b6f8f925b15923ee31215a16dfde29c5cba7e759877", "1a72c392397f85b0750f5487ed5342094353f1d87ca88711e27ab7d638b3d41d", "0d3c78ebbcbbf8f131eca632bea413e418b491edbb82cc4f5aaa0e7590573f1c", "327ec487335d74e4cb2274fda32584646592cb465cb9933983d567543c33bae0", "2bf5783ce8934164208cbd876a282fa87a18dc1a8c85f3880f770f64cdf48ce1", "1275e3cfeb6bcd1f45c4b7d8c894a8439eafde92232ef63451823093437a0788", "1f5e7561abc5a3419c4770c0c1717012848a8e4a8e3d31f237af51fcf9275844", "33a85f67668d59accd4fcb7ad94bec55815c3efebf26a302875a7e29947b44f9", "04b3192daa2bc747a2269e11be69e94ad4b46aac1a3ce833b2b35fc8ae526e53", "2b22416fdc05a7a2be27f1c2c776232a412af0d53739bb36f2272867ff486dae", "1418230802ed9bf38342d91015376a168bb604d47fd9dddc4e15d8c055c2d47b", "041dabd9edcf3c6e11e2f6dc0b5fa876e1cc9b57454df89f77850bf409da681e", "1f06519b71ee74ed5ab485355ec031c165dbf0cc68e2550705e9648548d3c9be", "257456f0582a9387e104e919695dbd09479ea3d1b91535a5d185de28364d0f0c", "1de3d63376eb25be9556b2dc07ef6d1746cc653733bc751afe0f275ad3f66883", "2b84d2ee8e5e3db10522cdd4a95f6ebf4f281b5581af6efb090848a43d6b46df"], "mitre_attack_tags": []}, {"bi": "pe-encrypted-section", "hashes": ["e612a2ccdd0315fb7490d804b0befd8835d77efc0fcbd13a28805ff58e0d9f21", "2a3427057a865172a65af32928e71f316d86ab21cd3891a29c99cc2152594d79", "01dfdcbc1c5a712ad5719072756748055311914c08458c9bf451affb40581212", "23fc4e653d62151714cc182e969f09dfb0b2c8e8b23ee1e8d370c937235d577b", "37377bd36d7d46bb717a42d959114231165ef80cb43aed53cfb315b9cfaee693", "126bfe53eb3e3d1c05c827ba28d4d14bc200dc6dfb07d42319b589e3b794f389", "384a88aa045a2bdff9d8f4c559c2339a2dc9fe09a51e4cada6ce678de99e35e5", "1bc6e1b9e060db9efb8fb508c9d14fff6ca84ae61e2dbe7a89aa44b71ca5e1ef", "2ee6780c728fe0d17f0e49a2fc5081701cabb6709830dc5ddd48d57ecf1da154", "21a919ce78c3911b87b904d9c7a91b3c21c0439b30f851e6119b3f3e0a02330e", "1ed4eb3a205a157fa0861b6f8f925b15923ee31215a16dfde29c5cba7e759877", "1a72c392397f85b0750f5487ed5342094353f1d87ca88711e27ab7d638b3d41d", "0d3c78ebbcbbf8f131eca632bea413e418b491edbb82cc4f5aaa0e7590573f1c", "327ec487335d74e4cb2274fda32584646592cb465cb9933983d567543c33bae0", "2bf5783ce8934164208cbd876a282fa87a18dc1a8c85f3880f770f64cdf48ce1", "1275e3cfeb6bcd1f45c4b7d8c894a8439eafde92232ef63451823093437a0788", "1f5e7561abc5a3419c4770c0c1717012848a8e4a8e3d31f237af51fcf9275844", "33a85f67668d59accd4fcb7ad94bec55815c3efebf26a302875a7e29947b44f9", "04b3192daa2bc747a2269e11be69e94ad4b46aac1a3ce833b2b35fc8ae526e53", "2b22416fdc05a7a2be27f1c2c776232a412af0d53739bb36f2272867ff486dae", "1418230802ed9bf38342d91015376a168bb604d47fd9dddc4e15d8c055c2d47b", "041dabd9edcf3c6e11e2f6dc0b5fa876e1cc9b57454df89f77850bf409da681e", "1f06519b71ee74ed5ab485355ec031c165dbf0cc68e2550705e9648548d3c9be", "257456f0582a9387e104e919695dbd09479ea3d1b91535a5d185de28364d0f0c", "1de3d63376eb25be9556b2dc07ef6d1746cc653733bc751afe0f275ad3f66883", "2b84d2ee8e5e3db10522cdd4a95f6ebf4f281b5581af6efb090848a43d6b46df"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "memory-execute-readwrite", "hashes": ["e612a2ccdd0315fb7490d804b0befd8835d77efc0fcbd13a28805ff58e0d9f21", "2a3427057a865172a65af32928e71f316d86ab21cd3891a29c99cc2152594d79", "01dfdcbc1c5a712ad5719072756748055311914c08458c9bf451affb40581212", "23fc4e653d62151714cc182e969f09dfb0b2c8e8b23ee1e8d370c937235d577b", "37377bd36d7d46bb717a42d959114231165ef80cb43aed53cfb315b9cfaee693", "126bfe53eb3e3d1c05c827ba28d4d14bc200dc6dfb07d42319b589e3b794f389", "384a88aa045a2bdff9d8f4c559c2339a2dc9fe09a51e4cada6ce678de99e35e5", "1bc6e1b9e060db9efb8fb508c9d14fff6ca84ae61e2dbe7a89aa44b71ca5e1ef", "2ee6780c728fe0d17f0e49a2fc5081701cabb6709830dc5ddd48d57ecf1da154", "21a919ce78c3911b87b904d9c7a91b3c21c0439b30f851e6119b3f3e0a02330e", "1ed4eb3a205a157fa0861b6f8f925b15923ee31215a16dfde29c5cba7e759877", "1a72c392397f85b0750f5487ed5342094353f1d87ca88711e27ab7d638b3d41d", "0d3c78ebbcbbf8f131eca632bea413e418b491edbb82cc4f5aaa0e7590573f1c", "327ec487335d74e4cb2274fda32584646592cb465cb9933983d567543c33bae0", "2bf5783ce8934164208cbd876a282fa87a18dc1a8c85f3880f770f64cdf48ce1", "1275e3cfeb6bcd1f45c4b7d8c894a8439eafde92232ef63451823093437a0788", "1f5e7561abc5a3419c4770c0c1717012848a8e4a8e3d31f237af51fcf9275844", "33a85f67668d59accd4fcb7ad94bec55815c3efebf26a302875a7e29947b44f9", "04b3192daa2bc747a2269e11be69e94ad4b46aac1a3ce833b2b35fc8ae526e53", "2b22416fdc05a7a2be27f1c2c776232a412af0d53739bb36f2272867ff486dae", "1418230802ed9bf38342d91015376a168bb604d47fd9dddc4e15d8c055c2d47b", "041dabd9edcf3c6e11e2f6dc0b5fa876e1cc9b57454df89f77850bf409da681e", "1f06519b71ee74ed5ab485355ec031c165dbf0cc68e2550705e9648548d3c9be", "257456f0582a9387e104e919695dbd09479ea3d1b91535a5d185de28364d0f0c", "1de3d63376eb25be9556b2dc07ef6d1746cc653733bc751afe0f275ad3f66883", "2b84d2ee8e5e3db10522cdd4a95f6ebf4f281b5581af6efb090848a43d6b46df"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["e612a2ccdd0315fb7490d804b0befd8835d77efc0fcbd13a28805ff58e0d9f21", "2a3427057a865172a65af32928e71f316d86ab21cd3891a29c99cc2152594d79", "01dfdcbc1c5a712ad5719072756748055311914c08458c9bf451affb40581212", "23fc4e653d62151714cc182e969f09dfb0b2c8e8b23ee1e8d370c937235d577b", "37377bd36d7d46bb717a42d959114231165ef80cb43aed53cfb315b9cfaee693", "126bfe53eb3e3d1c05c827ba28d4d14bc200dc6dfb07d42319b589e3b794f389", "384a88aa045a2bdff9d8f4c559c2339a2dc9fe09a51e4cada6ce678de99e35e5", "1bc6e1b9e060db9efb8fb508c9d14fff6ca84ae61e2dbe7a89aa44b71ca5e1ef", "2ee6780c728fe0d17f0e49a2fc5081701cabb6709830dc5ddd48d57ecf1da154", "21a919ce78c3911b87b904d9c7a91b3c21c0439b30f851e6119b3f3e0a02330e", "1ed4eb3a205a157fa0861b6f8f925b15923ee31215a16dfde29c5cba7e759877", "1a72c392397f85b0750f5487ed5342094353f1d87ca88711e27ab7d638b3d41d", "0d3c78ebbcbbf8f131eca632bea413e418b491edbb82cc4f5aaa0e7590573f1c", "327ec487335d74e4cb2274fda32584646592cb465cb9933983d567543c33bae0", "2bf5783ce8934164208cbd876a282fa87a18dc1a8c85f3880f770f64cdf48ce1", "1275e3cfeb6bcd1f45c4b7d8c894a8439eafde92232ef63451823093437a0788", "1f5e7561abc5a3419c4770c0c1717012848a8e4a8e3d31f237af51fcf9275844", "33a85f67668d59accd4fcb7ad94bec55815c3efebf26a302875a7e29947b44f9", "04b3192daa2bc747a2269e11be69e94ad4b46aac1a3ce833b2b35fc8ae526e53", "2b22416fdc05a7a2be27f1c2c776232a412af0d53739bb36f2272867ff486dae", "1418230802ed9bf38342d91015376a168bb604d47fd9dddc4e15d8c055c2d47b", "041dabd9edcf3c6e11e2f6dc0b5fa876e1cc9b57454df89f77850bf409da681e", "1f06519b71ee74ed5ab485355ec031c165dbf0cc68e2550705e9648548d3c9be", "257456f0582a9387e104e919695dbd09479ea3d1b91535a5d185de28364d0f0c", "1de3d63376eb25be9556b2dc07ef6d1746cc653733bc751afe0f275ad3f66883", "2b84d2ee8e5e3db10522cdd4a95f6ebf4f281b5581af6efb090848a43d6b46df"], "mitre_attack_tags": []}, {"bi": "modified-file-in-user-dir", "hashes": ["e612a2ccdd0315fb7490d804b0befd8835d77efc0fcbd13a28805ff58e0d9f21", "2a3427057a865172a65af32928e71f316d86ab21cd3891a29c99cc2152594d79", "01dfdcbc1c5a712ad5719072756748055311914c08458c9bf451affb40581212", "23fc4e653d62151714cc182e969f09dfb0b2c8e8b23ee1e8d370c937235d577b", "37377bd36d7d46bb717a42d959114231165ef80cb43aed53cfb315b9cfaee693", "126bfe53eb3e3d1c05c827ba28d4d14bc200dc6dfb07d42319b589e3b794f389", "384a88aa045a2bdff9d8f4c559c2339a2dc9fe09a51e4cada6ce678de99e35e5", "1bc6e1b9e060db9efb8fb508c9d14fff6ca84ae61e2dbe7a89aa44b71ca5e1ef", "2ee6780c728fe0d17f0e49a2fc5081701cabb6709830dc5ddd48d57ecf1da154", "21a919ce78c3911b87b904d9c7a91b3c21c0439b30f851e6119b3f3e0a02330e", "1ed4eb3a205a157fa0861b6f8f925b15923ee31215a16dfde29c5cba7e759877", "1a72c392397f85b0750f5487ed5342094353f1d87ca88711e27ab7d638b3d41d", "0d3c78ebbcbbf8f131eca632bea413e418b491edbb82cc4f5aaa0e7590573f1c", "327ec487335d74e4cb2274fda32584646592cb465cb9933983d567543c33bae0", "2bf5783ce8934164208cbd876a282fa87a18dc1a8c85f3880f770f64cdf48ce1", "1275e3cfeb6bcd1f45c4b7d8c894a8439eafde92232ef63451823093437a0788", "1f5e7561abc5a3419c4770c0c1717012848a8e4a8e3d31f237af51fcf9275844", "33a85f67668d59accd4fcb7ad94bec55815c3efebf26a302875a7e29947b44f9", "04b3192daa2bc747a2269e11be69e94ad4b46aac1a3ce833b2b35fc8ae526e53", "2b22416fdc05a7a2be27f1c2c776232a412af0d53739bb36f2272867ff486dae", "1418230802ed9bf38342d91015376a168bb604d47fd9dddc4e15d8c055c2d47b", "041dabd9edcf3c6e11e2f6dc0b5fa876e1cc9b57454df89f77850bf409da681e", "1f06519b71ee74ed5ab485355ec031c165dbf0cc68e2550705e9648548d3c9be", "257456f0582a9387e104e919695dbd09479ea3d1b91535a5d185de28364d0f0c", "1de3d63376eb25be9556b2dc07ef6d1746cc653733bc751afe0f275ad3f66883", "2b84d2ee8e5e3db10522cdd4a95f6ebf4f281b5581af6efb090848a43d6b46df"], "mitre_attack_tags": []}, {"bi": "pe-invalid-checksum", "hashes": ["e612a2ccdd0315fb7490d804b0befd8835d77efc0fcbd13a28805ff58e0d9f21", "2a3427057a865172a65af32928e71f316d86ab21cd3891a29c99cc2152594d79", "01dfdcbc1c5a712ad5719072756748055311914c08458c9bf451affb40581212", "23fc4e653d62151714cc182e969f09dfb0b2c8e8b23ee1e8d370c937235d577b", "37377bd36d7d46bb717a42d959114231165ef80cb43aed53cfb315b9cfaee693", "126bfe53eb3e3d1c05c827ba28d4d14bc200dc6dfb07d42319b589e3b794f389", "384a88aa045a2bdff9d8f4c559c2339a2dc9fe09a51e4cada6ce678de99e35e5", "1bc6e1b9e060db9efb8fb508c9d14fff6ca84ae61e2dbe7a89aa44b71ca5e1ef", "2ee6780c728fe0d17f0e49a2fc5081701cabb6709830dc5ddd48d57ecf1da154", "21a919ce78c3911b87b904d9c7a91b3c21c0439b30f851e6119b3f3e0a02330e", "1ed4eb3a205a157fa0861b6f8f925b15923ee31215a16dfde29c5cba7e759877", "1a72c392397f85b0750f5487ed5342094353f1d87ca88711e27ab7d638b3d41d", "0d3c78ebbcbbf8f131eca632bea413e418b491edbb82cc4f5aaa0e7590573f1c", "327ec487335d74e4cb2274fda32584646592cb465cb9933983d567543c33bae0", "2bf5783ce8934164208cbd876a282fa87a18dc1a8c85f3880f770f64cdf48ce1", "1275e3cfeb6bcd1f45c4b7d8c894a8439eafde92232ef63451823093437a0788", "1f5e7561abc5a3419c4770c0c1717012848a8e4a8e3d31f237af51fcf9275844", "33a85f67668d59accd4fcb7ad94bec55815c3efebf26a302875a7e29947b44f9", "04b3192daa2bc747a2269e11be69e94ad4b46aac1a3ce833b2b35fc8ae526e53", "2b22416fdc05a7a2be27f1c2c776232a412af0d53739bb36f2272867ff486dae", "1418230802ed9bf38342d91015376a168bb604d47fd9dddc4e15d8c055c2d47b", "041dabd9edcf3c6e11e2f6dc0b5fa876e1cc9b57454df89f77850bf409da681e", "1f06519b71ee74ed5ab485355ec031c165dbf0cc68e2550705e9648548d3c9be", "257456f0582a9387e104e919695dbd09479ea3d1b91535a5d185de28364d0f0c", "1de3d63376eb25be9556b2dc07ef6d1746cc653733bc751afe0f275ad3f66883", "2b84d2ee8e5e3db10522cdd4a95f6ebf4f281b5581af6efb090848a43d6b46df"], "mitre_attack_tags": []}, {"bi": "network-opendns-malicious", "hashes": ["e612a2ccdd0315fb7490d804b0befd8835d77efc0fcbd13a28805ff58e0d9f21", "2a3427057a865172a65af32928e71f316d86ab21cd3891a29c99cc2152594d79", "01dfdcbc1c5a712ad5719072756748055311914c08458c9bf451affb40581212", "23fc4e653d62151714cc182e969f09dfb0b2c8e8b23ee1e8d370c937235d577b", "37377bd36d7d46bb717a42d959114231165ef80cb43aed53cfb315b9cfaee693", "126bfe53eb3e3d1c05c827ba28d4d14bc200dc6dfb07d42319b589e3b794f389", "384a88aa045a2bdff9d8f4c559c2339a2dc9fe09a51e4cada6ce678de99e35e5", "1bc6e1b9e060db9efb8fb508c9d14fff6ca84ae61e2dbe7a89aa44b71ca5e1ef", "2ee6780c728fe0d17f0e49a2fc5081701cabb6709830dc5ddd48d57ecf1da154", "21a919ce78c3911b87b904d9c7a91b3c21c0439b30f851e6119b3f3e0a02330e", "1ed4eb3a205a157fa0861b6f8f925b15923ee31215a16dfde29c5cba7e759877", "1a72c392397f85b0750f5487ed5342094353f1d87ca88711e27ab7d638b3d41d", "0d3c78ebbcbbf8f131eca632bea413e418b491edbb82cc4f5aaa0e7590573f1c", "327ec487335d74e4cb2274fda32584646592cb465cb9933983d567543c33bae0", "2bf5783ce8934164208cbd876a282fa87a18dc1a8c85f3880f770f64cdf48ce1", "1275e3cfeb6bcd1f45c4b7d8c894a8439eafde92232ef63451823093437a0788", "1f5e7561abc5a3419c4770c0c1717012848a8e4a8e3d31f237af51fcf9275844", "33a85f67668d59accd4fcb7ad94bec55815c3efebf26a302875a7e29947b44f9", "04b3192daa2bc747a2269e11be69e94ad4b46aac1a3ce833b2b35fc8ae526e53", "2b22416fdc05a7a2be27f1c2c776232a412af0d53739bb36f2272867ff486dae", "1418230802ed9bf38342d91015376a168bb604d47fd9dddc4e15d8c055c2d47b", "041dabd9edcf3c6e11e2f6dc0b5fa876e1cc9b57454df89f77850bf409da681e", "1f06519b71ee74ed5ab485355ec031c165dbf0cc68e2550705e9648548d3c9be", "257456f0582a9387e104e919695dbd09479ea3d1b91535a5d185de28364d0f0c", "1de3d63376eb25be9556b2dc07ef6d1746cc653733bc751afe0f275ad3f66883", "2b84d2ee8e5e3db10522cdd4a95f6ebf4f281b5581af6efb090848a43d6b46df"], "mitre_attack_tags": []}, {"bi": "network-file-uploaded", "hashes": ["e612a2ccdd0315fb7490d804b0befd8835d77efc0fcbd13a28805ff58e0d9f21", "2a3427057a865172a65af32928e71f316d86ab21cd3891a29c99cc2152594d79", "01dfdcbc1c5a712ad5719072756748055311914c08458c9bf451affb40581212", "23fc4e653d62151714cc182e969f09dfb0b2c8e8b23ee1e8d370c937235d577b", "37377bd36d7d46bb717a42d959114231165ef80cb43aed53cfb315b9cfaee693", "126bfe53eb3e3d1c05c827ba28d4d14bc200dc6dfb07d42319b589e3b794f389", "384a88aa045a2bdff9d8f4c559c2339a2dc9fe09a51e4cada6ce678de99e35e5", "1bc6e1b9e060db9efb8fb508c9d14fff6ca84ae61e2dbe7a89aa44b71ca5e1ef", "2ee6780c728fe0d17f0e49a2fc5081701cabb6709830dc5ddd48d57ecf1da154", "21a919ce78c3911b87b904d9c7a91b3c21c0439b30f851e6119b3f3e0a02330e", "1ed4eb3a205a157fa0861b6f8f925b15923ee31215a16dfde29c5cba7e759877", "1a72c392397f85b0750f5487ed5342094353f1d87ca88711e27ab7d638b3d41d", "0d3c78ebbcbbf8f131eca632bea413e418b491edbb82cc4f5aaa0e7590573f1c", "327ec487335d74e4cb2274fda32584646592cb465cb9933983d567543c33bae0", "2bf5783ce8934164208cbd876a282fa87a18dc1a8c85f3880f770f64cdf48ce1", "1275e3cfeb6bcd1f45c4b7d8c894a8439eafde92232ef63451823093437a0788", "1f5e7561abc5a3419c4770c0c1717012848a8e4a8e3d31f237af51fcf9275844", "33a85f67668d59accd4fcb7ad94bec55815c3efebf26a302875a7e29947b44f9", "04b3192daa2bc747a2269e11be69e94ad4b46aac1a3ce833b2b35fc8ae526e53", "2b22416fdc05a7a2be27f1c2c776232a412af0d53739bb36f2272867ff486dae", "1418230802ed9bf38342d91015376a168bb604d47fd9dddc4e15d8c055c2d47b", "041dabd9edcf3c6e11e2f6dc0b5fa876e1cc9b57454df89f77850bf409da681e", "1f06519b71ee74ed5ab485355ec031c165dbf0cc68e2550705e9648548d3c9be", "257456f0582a9387e104e919695dbd09479ea3d1b91535a5d185de28364d0f0c", "1de3d63376eb25be9556b2dc07ef6d1746cc653733bc751afe0f275ad3f66883", "2b84d2ee8e5e3db10522cdd4a95f6ebf4f281b5581af6efb090848a43d6b46df"], "mitre_attack_tags": ["TA0010", "T1011"]}, {"bi": "nginx-webserver-detected", "hashes": ["e612a2ccdd0315fb7490d804b0befd8835d77efc0fcbd13a28805ff58e0d9f21", "2a3427057a865172a65af32928e71f316d86ab21cd3891a29c99cc2152594d79", "01dfdcbc1c5a712ad5719072756748055311914c08458c9bf451affb40581212", "23fc4e653d62151714cc182e969f09dfb0b2c8e8b23ee1e8d370c937235d577b", "37377bd36d7d46bb717a42d959114231165ef80cb43aed53cfb315b9cfaee693", "126bfe53eb3e3d1c05c827ba28d4d14bc200dc6dfb07d42319b589e3b794f389", "384a88aa045a2bdff9d8f4c559c2339a2dc9fe09a51e4cada6ce678de99e35e5", "1bc6e1b9e060db9efb8fb508c9d14fff6ca84ae61e2dbe7a89aa44b71ca5e1ef", "2ee6780c728fe0d17f0e49a2fc5081701cabb6709830dc5ddd48d57ecf1da154", "21a919ce78c3911b87b904d9c7a91b3c21c0439b30f851e6119b3f3e0a02330e", "1ed4eb3a205a157fa0861b6f8f925b15923ee31215a16dfde29c5cba7e759877", "1a72c392397f85b0750f5487ed5342094353f1d87ca88711e27ab7d638b3d41d", "0d3c78ebbcbbf8f131eca632bea413e418b491edbb82cc4f5aaa0e7590573f1c", "327ec487335d74e4cb2274fda32584646592cb465cb9933983d567543c33bae0", "2bf5783ce8934164208cbd876a282fa87a18dc1a8c85f3880f770f64cdf48ce1", "1275e3cfeb6bcd1f45c4b7d8c894a8439eafde92232ef63451823093437a0788", "1f5e7561abc5a3419c4770c0c1717012848a8e4a8e3d31f237af51fcf9275844", "33a85f67668d59accd4fcb7ad94bec55815c3efebf26a302875a7e29947b44f9", "04b3192daa2bc747a2269e11be69e94ad4b46aac1a3ce833b2b35fc8ae526e53", "2b22416fdc05a7a2be27f1c2c776232a412af0d53739bb36f2272867ff486dae", "1418230802ed9bf38342d91015376a168bb604d47fd9dddc4e15d8c055c2d47b", "041dabd9edcf3c6e11e2f6dc0b5fa876e1cc9b57454df89f77850bf409da681e", "1f06519b71ee74ed5ab485355ec031c165dbf0cc68e2550705e9648548d3c9be", "257456f0582a9387e104e919695dbd09479ea3d1b91535a5d185de28364d0f0c", "1de3d63376eb25be9556b2dc07ef6d1746cc653733bc751afe0f275ad3f66883", "2b84d2ee8e5e3db10522cdd4a95f6ebf4f281b5581af6efb090848a43d6b46df"], "mitre_attack_tags": []}, {"bi": "network-communications-http-post", "hashes": ["e612a2ccdd0315fb7490d804b0befd8835d77efc0fcbd13a28805ff58e0d9f21", "2a3427057a865172a65af32928e71f316d86ab21cd3891a29c99cc2152594d79", "01dfdcbc1c5a712ad5719072756748055311914c08458c9bf451affb40581212", "23fc4e653d62151714cc182e969f09dfb0b2c8e8b23ee1e8d370c937235d577b", "37377bd36d7d46bb717a42d959114231165ef80cb43aed53cfb315b9cfaee693", "126bfe53eb3e3d1c05c827ba28d4d14bc200dc6dfb07d42319b589e3b794f389", "384a88aa045a2bdff9d8f4c559c2339a2dc9fe09a51e4cada6ce678de99e35e5", "1bc6e1b9e060db9efb8fb508c9d14fff6ca84ae61e2dbe7a89aa44b71ca5e1ef", "2ee6780c728fe0d17f0e49a2fc5081701cabb6709830dc5ddd48d57ecf1da154", "21a919ce78c3911b87b904d9c7a91b3c21c0439b30f851e6119b3f3e0a02330e", "1ed4eb3a205a157fa0861b6f8f925b15923ee31215a16dfde29c5cba7e759877", "1a72c392397f85b0750f5487ed5342094353f1d87ca88711e27ab7d638b3d41d", "0d3c78ebbcbbf8f131eca632bea413e418b491edbb82cc4f5aaa0e7590573f1c", "327ec487335d74e4cb2274fda32584646592cb465cb9933983d567543c33bae0", "2bf5783ce8934164208cbd876a282fa87a18dc1a8c85f3880f770f64cdf48ce1", "1275e3cfeb6bcd1f45c4b7d8c894a8439eafde92232ef63451823093437a0788", "1f5e7561abc5a3419c4770c0c1717012848a8e4a8e3d31f237af51fcf9275844", "33a85f67668d59accd4fcb7ad94bec55815c3efebf26a302875a7e29947b44f9", "04b3192daa2bc747a2269e11be69e94ad4b46aac1a3ce833b2b35fc8ae526e53", "2b22416fdc05a7a2be27f1c2c776232a412af0d53739bb36f2272867ff486dae", "1418230802ed9bf38342d91015376a168bb604d47fd9dddc4e15d8c055c2d47b", "041dabd9edcf3c6e11e2f6dc0b5fa876e1cc9b57454df89f77850bf409da681e", "1f06519b71ee74ed5ab485355ec031c165dbf0cc68e2550705e9648548d3c9be", "257456f0582a9387e104e919695dbd09479ea3d1b91535a5d185de28364d0f0c", "1de3d63376eb25be9556b2dc07ef6d1746cc653733bc751afe0f275ad3f66883", "2b84d2ee8e5e3db10522cdd4a95f6ebf4f281b5581af6efb090848a43d6b46df"], "mitre_attack_tags": ["TA0010", "T1048"]}, {"bi": "network-fast-flux-nameserver", "hashes": ["e612a2ccdd0315fb7490d804b0befd8835d77efc0fcbd13a28805ff58e0d9f21", "2a3427057a865172a65af32928e71f316d86ab21cd3891a29c99cc2152594d79", "01dfdcbc1c5a712ad5719072756748055311914c08458c9bf451affb40581212", "23fc4e653d62151714cc182e969f09dfb0b2c8e8b23ee1e8d370c937235d577b", "37377bd36d7d46bb717a42d959114231165ef80cb43aed53cfb315b9cfaee693", "126bfe53eb3e3d1c05c827ba28d4d14bc200dc6dfb07d42319b589e3b794f389", "384a88aa045a2bdff9d8f4c559c2339a2dc9fe09a51e4cada6ce678de99e35e5", "1bc6e1b9e060db9efb8fb508c9d14fff6ca84ae61e2dbe7a89aa44b71ca5e1ef", "2ee6780c728fe0d17f0e49a2fc5081701cabb6709830dc5ddd48d57ecf1da154", "21a919ce78c3911b87b904d9c7a91b3c21c0439b30f851e6119b3f3e0a02330e", "1ed4eb3a205a157fa0861b6f8f925b15923ee31215a16dfde29c5cba7e759877", "1a72c392397f85b0750f5487ed5342094353f1d87ca88711e27ab7d638b3d41d", "0d3c78ebbcbbf8f131eca632bea413e418b491edbb82cc4f5aaa0e7590573f1c", "327ec487335d74e4cb2274fda32584646592cb465cb9933983d567543c33bae0", "2bf5783ce8934164208cbd876a282fa87a18dc1a8c85f3880f770f64cdf48ce1", "1275e3cfeb6bcd1f45c4b7d8c894a8439eafde92232ef63451823093437a0788", "1f5e7561abc5a3419c4770c0c1717012848a8e4a8e3d31f237af51fcf9275844", "33a85f67668d59accd4fcb7ad94bec55815c3efebf26a302875a7e29947b44f9", "04b3192daa2bc747a2269e11be69e94ad4b46aac1a3ce833b2b35fc8ae526e53", "2b22416fdc05a7a2be27f1c2c776232a412af0d53739bb36f2272867ff486dae", "1418230802ed9bf38342d91015376a168bb604d47fd9dddc4e15d8c055c2d47b", "041dabd9edcf3c6e11e2f6dc0b5fa876e1cc9b57454df89f77850bf409da681e", "1f06519b71ee74ed5ab485355ec031c165dbf0cc68e2550705e9648548d3c9be", "257456f0582a9387e104e919695dbd09479ea3d1b91535a5d185de28364d0f0c", "1de3d63376eb25be9556b2dc07ef6d1746cc653733bc751afe0f275ad3f66883", "2b84d2ee8e5e3db10522cdd4a95f6ebf4f281b5581af6efb090848a43d6b46df"], "mitre_attack_tags": []}, {"bi": "dns-query-nxdomain", "hashes": ["e612a2ccdd0315fb7490d804b0befd8835d77efc0fcbd13a28805ff58e0d9f21", "2a3427057a865172a65af32928e71f316d86ab21cd3891a29c99cc2152594d79", "01dfdcbc1c5a712ad5719072756748055311914c08458c9bf451affb40581212", "23fc4e653d62151714cc182e969f09dfb0b2c8e8b23ee1e8d370c937235d577b", "37377bd36d7d46bb717a42d959114231165ef80cb43aed53cfb315b9cfaee693", "126bfe53eb3e3d1c05c827ba28d4d14bc200dc6dfb07d42319b589e3b794f389", "384a88aa045a2bdff9d8f4c559c2339a2dc9fe09a51e4cada6ce678de99e35e5", "1bc6e1b9e060db9efb8fb508c9d14fff6ca84ae61e2dbe7a89aa44b71ca5e1ef", "2ee6780c728fe0d17f0e49a2fc5081701cabb6709830dc5ddd48d57ecf1da154", "21a919ce78c3911b87b904d9c7a91b3c21c0439b30f851e6119b3f3e0a02330e", "1ed4eb3a205a157fa0861b6f8f925b15923ee31215a16dfde29c5cba7e759877", "1a72c392397f85b0750f5487ed5342094353f1d87ca88711e27ab7d638b3d41d", "0d3c78ebbcbbf8f131eca632bea413e418b491edbb82cc4f5aaa0e7590573f1c", "327ec487335d74e4cb2274fda32584646592cb465cb9933983d567543c33bae0", "2bf5783ce8934164208cbd876a282fa87a18dc1a8c85f3880f770f64cdf48ce1", "1275e3cfeb6bcd1f45c4b7d8c894a8439eafde92232ef63451823093437a0788", "1f5e7561abc5a3419c4770c0c1717012848a8e4a8e3d31f237af51fcf9275844", "33a85f67668d59accd4fcb7ad94bec55815c3efebf26a302875a7e29947b44f9", "04b3192daa2bc747a2269e11be69e94ad4b46aac1a3ce833b2b35fc8ae526e53", "2b22416fdc05a7a2be27f1c2c776232a412af0d53739bb36f2272867ff486dae", "1418230802ed9bf38342d91015376a168bb604d47fd9dddc4e15d8c055c2d47b", "041dabd9edcf3c6e11e2f6dc0b5fa876e1cc9b57454df89f77850bf409da681e", "1f06519b71ee74ed5ab485355ec031c165dbf0cc68e2550705e9648548d3c9be", "257456f0582a9387e104e919695dbd09479ea3d1b91535a5d185de28364d0f0c", "1de3d63376eb25be9556b2dc07ef6d1746cc653733bc751afe0f275ad3f66883", "2b84d2ee8e5e3db10522cdd4a95f6ebf4f281b5581af6efb090848a43d6b46df"], "mitre_attack_tags": []}, {"bi": "network-snort-protocol", "hashes": ["e612a2ccdd0315fb7490d804b0befd8835d77efc0fcbd13a28805ff58e0d9f21", "2a3427057a865172a65af32928e71f316d86ab21cd3891a29c99cc2152594d79", "01dfdcbc1c5a712ad5719072756748055311914c08458c9bf451affb40581212", "23fc4e653d62151714cc182e969f09dfb0b2c8e8b23ee1e8d370c937235d577b", "37377bd36d7d46bb717a42d959114231165ef80cb43aed53cfb315b9cfaee693", "126bfe53eb3e3d1c05c827ba28d4d14bc200dc6dfb07d42319b589e3b794f389", "384a88aa045a2bdff9d8f4c559c2339a2dc9fe09a51e4cada6ce678de99e35e5", "1bc6e1b9e060db9efb8fb508c9d14fff6ca84ae61e2dbe7a89aa44b71ca5e1ef", "2ee6780c728fe0d17f0e49a2fc5081701cabb6709830dc5ddd48d57ecf1da154", "21a919ce78c3911b87b904d9c7a91b3c21c0439b30f851e6119b3f3e0a02330e", "1ed4eb3a205a157fa0861b6f8f925b15923ee31215a16dfde29c5cba7e759877", "1a72c392397f85b0750f5487ed5342094353f1d87ca88711e27ab7d638b3d41d", "0d3c78ebbcbbf8f131eca632bea413e418b491edbb82cc4f5aaa0e7590573f1c", "327ec487335d74e4cb2274fda32584646592cb465cb9933983d567543c33bae0", "2bf5783ce8934164208cbd876a282fa87a18dc1a8c85f3880f770f64cdf48ce1", "1275e3cfeb6bcd1f45c4b7d8c894a8439eafde92232ef63451823093437a0788", "1f5e7561abc5a3419c4770c0c1717012848a8e4a8e3d31f237af51fcf9275844", "33a85f67668d59accd4fcb7ad94bec55815c3efebf26a302875a7e29947b44f9", "04b3192daa2bc747a2269e11be69e94ad4b46aac1a3ce833b2b35fc8ae526e53", "2b22416fdc05a7a2be27f1c2c776232a412af0d53739bb36f2272867ff486dae", "1418230802ed9bf38342d91015376a168bb604d47fd9dddc4e15d8c055c2d47b", "041dabd9edcf3c6e11e2f6dc0b5fa876e1cc9b57454df89f77850bf409da681e", "1f06519b71ee74ed5ab485355ec031c165dbf0cc68e2550705e9648548d3c9be", "257456f0582a9387e104e919695dbd09479ea3d1b91535a5d185de28364d0f0c", "1de3d63376eb25be9556b2dc07ef6d1746cc653733bc751afe0f275ad3f66883", "2b84d2ee8e5e3db10522cdd4a95f6ebf4f281b5581af6efb090848a43d6b46df"], "mitre_attack_tags": []}, {"bi": "netbios-query", "hashes": ["e612a2ccdd0315fb7490d804b0befd8835d77efc0fcbd13a28805ff58e0d9f21", "2a3427057a865172a65af32928e71f316d86ab21cd3891a29c99cc2152594d79", "01dfdcbc1c5a712ad5719072756748055311914c08458c9bf451affb40581212", "23fc4e653d62151714cc182e969f09dfb0b2c8e8b23ee1e8d370c937235d577b", "37377bd36d7d46bb717a42d959114231165ef80cb43aed53cfb315b9cfaee693", "126bfe53eb3e3d1c05c827ba28d4d14bc200dc6dfb07d42319b589e3b794f389", "384a88aa045a2bdff9d8f4c559c2339a2dc9fe09a51e4cada6ce678de99e35e5", "1bc6e1b9e060db9efb8fb508c9d14fff6ca84ae61e2dbe7a89aa44b71ca5e1ef", "2ee6780c728fe0d17f0e49a2fc5081701cabb6709830dc5ddd48d57ecf1da154", "21a919ce78c3911b87b904d9c7a91b3c21c0439b30f851e6119b3f3e0a02330e", "1ed4eb3a205a157fa0861b6f8f925b15923ee31215a16dfde29c5cba7e759877", "1a72c392397f85b0750f5487ed5342094353f1d87ca88711e27ab7d638b3d41d", "0d3c78ebbcbbf8f131eca632bea413e418b491edbb82cc4f5aaa0e7590573f1c", "327ec487335d74e4cb2274fda32584646592cb465cb9933983d567543c33bae0", "2bf5783ce8934164208cbd876a282fa87a18dc1a8c85f3880f770f64cdf48ce1", "1275e3cfeb6bcd1f45c4b7d8c894a8439eafde92232ef63451823093437a0788", "1f5e7561abc5a3419c4770c0c1717012848a8e4a8e3d31f237af51fcf9275844", "33a85f67668d59accd4fcb7ad94bec55815c3efebf26a302875a7e29947b44f9", "04b3192daa2bc747a2269e11be69e94ad4b46aac1a3ce833b2b35fc8ae526e53", "2b22416fdc05a7a2be27f1c2c776232a412af0d53739bb36f2272867ff486dae", "1418230802ed9bf38342d91015376a168bb604d47fd9dddc4e15d8c055c2d47b", "041dabd9edcf3c6e11e2f6dc0b5fa876e1cc9b57454df89f77850bf409da681e", "1f06519b71ee74ed5ab485355ec031c165dbf0cc68e2550705e9648548d3c9be", "257456f0582a9387e104e919695dbd09479ea3d1b91535a5d185de28364d0f0c", "1de3d63376eb25be9556b2dc07ef6d1746cc653733bc751afe0f275ad3f66883", "2b84d2ee8e5e3db10522cdd4a95f6ebf4f281b5581af6efb090848a43d6b46df"], "mitre_attack_tags": ["TA0007", "T1016"]}, {"bi": "dns-excessive-domain-queries", "hashes": ["e612a2ccdd0315fb7490d804b0befd8835d77efc0fcbd13a28805ff58e0d9f21", "2a3427057a865172a65af32928e71f316d86ab21cd3891a29c99cc2152594d79", "01dfdcbc1c5a712ad5719072756748055311914c08458c9bf451affb40581212", "23fc4e653d62151714cc182e969f09dfb0b2c8e8b23ee1e8d370c937235d577b", "37377bd36d7d46bb717a42d959114231165ef80cb43aed53cfb315b9cfaee693", "126bfe53eb3e3d1c05c827ba28d4d14bc200dc6dfb07d42319b589e3b794f389", "384a88aa045a2bdff9d8f4c559c2339a2dc9fe09a51e4cada6ce678de99e35e5", "1bc6e1b9e060db9efb8fb508c9d14fff6ca84ae61e2dbe7a89aa44b71ca5e1ef", "2ee6780c728fe0d17f0e49a2fc5081701cabb6709830dc5ddd48d57ecf1da154", "21a919ce78c3911b87b904d9c7a91b3c21c0439b30f851e6119b3f3e0a02330e", "1ed4eb3a205a157fa0861b6f8f925b15923ee31215a16dfde29c5cba7e759877", "1a72c392397f85b0750f5487ed5342094353f1d87ca88711e27ab7d638b3d41d", "0d3c78ebbcbbf8f131eca632bea413e418b491edbb82cc4f5aaa0e7590573f1c", "327ec487335d74e4cb2274fda32584646592cb465cb9933983d567543c33bae0", "2bf5783ce8934164208cbd876a282fa87a18dc1a8c85f3880f770f64cdf48ce1", "1275e3cfeb6bcd1f45c4b7d8c894a8439eafde92232ef63451823093437a0788", "1f5e7561abc5a3419c4770c0c1717012848a8e4a8e3d31f237af51fcf9275844", "33a85f67668d59accd4fcb7ad94bec55815c3efebf26a302875a7e29947b44f9", "04b3192daa2bc747a2269e11be69e94ad4b46aac1a3ce833b2b35fc8ae526e53", "2b22416fdc05a7a2be27f1c2c776232a412af0d53739bb36f2272867ff486dae", "1418230802ed9bf38342d91015376a168bb604d47fd9dddc4e15d8c055c2d47b", "041dabd9edcf3c6e11e2f6dc0b5fa876e1cc9b57454df89f77850bf409da681e", "1f06519b71ee74ed5ab485355ec031c165dbf0cc68e2550705e9648548d3c9be", "257456f0582a9387e104e919695dbd09479ea3d1b91535a5d185de28364d0f0c", "1de3d63376eb25be9556b2dc07ef6d1746cc653733bc751afe0f275ad3f66883", "2b84d2ee8e5e3db10522cdd4a95f6ebf4f281b5581af6efb090848a43d6b46df"], "mitre_attack_tags": ["TA0011", "T1008"]}, {"bi": "excessive-dns-query-nxdomain", "hashes": ["e612a2ccdd0315fb7490d804b0befd8835d77efc0fcbd13a28805ff58e0d9f21", "2a3427057a865172a65af32928e71f316d86ab21cd3891a29c99cc2152594d79", "01dfdcbc1c5a712ad5719072756748055311914c08458c9bf451affb40581212", "23fc4e653d62151714cc182e969f09dfb0b2c8e8b23ee1e8d370c937235d577b", "37377bd36d7d46bb717a42d959114231165ef80cb43aed53cfb315b9cfaee693", "126bfe53eb3e3d1c05c827ba28d4d14bc200dc6dfb07d42319b589e3b794f389", "384a88aa045a2bdff9d8f4c559c2339a2dc9fe09a51e4cada6ce678de99e35e5", "1bc6e1b9e060db9efb8fb508c9d14fff6ca84ae61e2dbe7a89aa44b71ca5e1ef", "2ee6780c728fe0d17f0e49a2fc5081701cabb6709830dc5ddd48d57ecf1da154", "21a919ce78c3911b87b904d9c7a91b3c21c0439b30f851e6119b3f3e0a02330e", "1ed4eb3a205a157fa0861b6f8f925b15923ee31215a16dfde29c5cba7e759877", "1a72c392397f85b0750f5487ed5342094353f1d87ca88711e27ab7d638b3d41d", "0d3c78ebbcbbf8f131eca632bea413e418b491edbb82cc4f5aaa0e7590573f1c", "327ec487335d74e4cb2274fda32584646592cb465cb9933983d567543c33bae0", "2bf5783ce8934164208cbd876a282fa87a18dc1a8c85f3880f770f64cdf48ce1", "1275e3cfeb6bcd1f45c4b7d8c894a8439eafde92232ef63451823093437a0788", "1f5e7561abc5a3419c4770c0c1717012848a8e4a8e3d31f237af51fcf9275844", "33a85f67668d59accd4fcb7ad94bec55815c3efebf26a302875a7e29947b44f9", "04b3192daa2bc747a2269e11be69e94ad4b46aac1a3ce833b2b35fc8ae526e53", "2b22416fdc05a7a2be27f1c2c776232a412af0d53739bb36f2272867ff486dae", "1418230802ed9bf38342d91015376a168bb604d47fd9dddc4e15d8c055c2d47b", "041dabd9edcf3c6e11e2f6dc0b5fa876e1cc9b57454df89f77850bf409da681e", "1f06519b71ee74ed5ab485355ec031c165dbf0cc68e2550705e9648548d3c9be", "257456f0582a9387e104e919695dbd09479ea3d1b91535a5d185de28364d0f0c", "1de3d63376eb25be9556b2dc07ef6d1746cc653733bc751afe0f275ad3f66883", "2b84d2ee8e5e3db10522cdd4a95f6ebf4f281b5581af6efb090848a43d6b46df"], "mitre_attack_tags": ["TA0011", "T1008"]}, {"bi": "network-dns-category-parked-domain", "hashes": ["e612a2ccdd0315fb7490d804b0befd8835d77efc0fcbd13a28805ff58e0d9f21", "2a3427057a865172a65af32928e71f316d86ab21cd3891a29c99cc2152594d79", "01dfdcbc1c5a712ad5719072756748055311914c08458c9bf451affb40581212", "23fc4e653d62151714cc182e969f09dfb0b2c8e8b23ee1e8d370c937235d577b", "37377bd36d7d46bb717a42d959114231165ef80cb43aed53cfb315b9cfaee693", "126bfe53eb3e3d1c05c827ba28d4d14bc200dc6dfb07d42319b589e3b794f389", "384a88aa045a2bdff9d8f4c559c2339a2dc9fe09a51e4cada6ce678de99e35e5", "1bc6e1b9e060db9efb8fb508c9d14fff6ca84ae61e2dbe7a89aa44b71ca5e1ef", "2ee6780c728fe0d17f0e49a2fc5081701cabb6709830dc5ddd48d57ecf1da154", "21a919ce78c3911b87b904d9c7a91b3c21c0439b30f851e6119b3f3e0a02330e", "1ed4eb3a205a157fa0861b6f8f925b15923ee31215a16dfde29c5cba7e759877", "1a72c392397f85b0750f5487ed5342094353f1d87ca88711e27ab7d638b3d41d", "0d3c78ebbcbbf8f131eca632bea413e418b491edbb82cc4f5aaa0e7590573f1c", "327ec487335d74e4cb2274fda32584646592cb465cb9933983d567543c33bae0", "2bf5783ce8934164208cbd876a282fa87a18dc1a8c85f3880f770f64cdf48ce1", "1275e3cfeb6bcd1f45c4b7d8c894a8439eafde92232ef63451823093437a0788", "1f5e7561abc5a3419c4770c0c1717012848a8e4a8e3d31f237af51fcf9275844", "33a85f67668d59accd4fcb7ad94bec55815c3efebf26a302875a7e29947b44f9", "04b3192daa2bc747a2269e11be69e94ad4b46aac1a3ce833b2b35fc8ae526e53", "2b22416fdc05a7a2be27f1c2c776232a412af0d53739bb36f2272867ff486dae", "1418230802ed9bf38342d91015376a168bb604d47fd9dddc4e15d8c055c2d47b", "041dabd9edcf3c6e11e2f6dc0b5fa876e1cc9b57454df89f77850bf409da681e", "1f06519b71ee74ed5ab485355ec031c165dbf0cc68e2550705e9648548d3c9be", "257456f0582a9387e104e919695dbd09479ea3d1b91535a5d185de28364d0f0c", "1de3d63376eb25be9556b2dc07ef6d1746cc653733bc751afe0f275ad3f66883", "2b84d2ee8e5e3db10522cdd4a95f6ebf4f281b5581af6efb090848a43d6b46df"], "mitre_attack_tags": []}, {"bi": "feed-domain-antivirus-service", "hashes": ["e612a2ccdd0315fb7490d804b0befd8835d77efc0fcbd13a28805ff58e0d9f21", "2a3427057a865172a65af32928e71f316d86ab21cd3891a29c99cc2152594d79", "01dfdcbc1c5a712ad5719072756748055311914c08458c9bf451affb40581212", "23fc4e653d62151714cc182e969f09dfb0b2c8e8b23ee1e8d370c937235d577b", "37377bd36d7d46bb717a42d959114231165ef80cb43aed53cfb315b9cfaee693", "126bfe53eb3e3d1c05c827ba28d4d14bc200dc6dfb07d42319b589e3b794f389", "384a88aa045a2bdff9d8f4c559c2339a2dc9fe09a51e4cada6ce678de99e35e5", "1bc6e1b9e060db9efb8fb508c9d14fff6ca84ae61e2dbe7a89aa44b71ca5e1ef", "2ee6780c728fe0d17f0e49a2fc5081701cabb6709830dc5ddd48d57ecf1da154", "21a919ce78c3911b87b904d9c7a91b3c21c0439b30f851e6119b3f3e0a02330e", "1ed4eb3a205a157fa0861b6f8f925b15923ee31215a16dfde29c5cba7e759877", "1a72c392397f85b0750f5487ed5342094353f1d87ca88711e27ab7d638b3d41d", "0d3c78ebbcbbf8f131eca632bea413e418b491edbb82cc4f5aaa0e7590573f1c", "327ec487335d74e4cb2274fda32584646592cb465cb9933983d567543c33bae0", "2bf5783ce8934164208cbd876a282fa87a18dc1a8c85f3880f770f64cdf48ce1", "1275e3cfeb6bcd1f45c4b7d8c894a8439eafde92232ef63451823093437a0788", "1f5e7561abc5a3419c4770c0c1717012848a8e4a8e3d31f237af51fcf9275844", "33a85f67668d59accd4fcb7ad94bec55815c3efebf26a302875a7e29947b44f9", "04b3192daa2bc747a2269e11be69e94ad4b46aac1a3ce833b2b35fc8ae526e53", "2b22416fdc05a7a2be27f1c2c776232a412af0d53739bb36f2272867ff486dae", "1418230802ed9bf38342d91015376a168bb604d47fd9dddc4e15d8c055c2d47b", "041dabd9edcf3c6e11e2f6dc0b5fa876e1cc9b57454df89f77850bf409da681e", "1f06519b71ee74ed5ab485355ec031c165dbf0cc68e2550705e9648548d3c9be", "257456f0582a9387e104e919695dbd09479ea3d1b91535a5d185de28364d0f0c", "1de3d63376eb25be9556b2dc07ef6d1746cc653733bc751afe0f275ad3f66883", "2b84d2ee8e5e3db10522cdd4a95f6ebf4f281b5581af6efb090848a43d6b46df"], "mitre_attack_tags": []}, {"bi": "registry-autorun-key-modified", "hashes": ["e612a2ccdd0315fb7490d804b0befd8835d77efc0fcbd13a28805ff58e0d9f21", "2a3427057a865172a65af32928e71f316d86ab21cd3891a29c99cc2152594d79", "01dfdcbc1c5a712ad5719072756748055311914c08458c9bf451affb40581212", "23fc4e653d62151714cc182e969f09dfb0b2c8e8b23ee1e8d370c937235d577b", "37377bd36d7d46bb717a42d959114231165ef80cb43aed53cfb315b9cfaee693", "126bfe53eb3e3d1c05c827ba28d4d14bc200dc6dfb07d42319b589e3b794f389", "384a88aa045a2bdff9d8f4c559c2339a2dc9fe09a51e4cada6ce678de99e35e5", "1bc6e1b9e060db9efb8fb508c9d14fff6ca84ae61e2dbe7a89aa44b71ca5e1ef", "2ee6780c728fe0d17f0e49a2fc5081701cabb6709830dc5ddd48d57ecf1da154", "21a919ce78c3911b87b904d9c7a91b3c21c0439b30f851e6119b3f3e0a02330e", "1ed4eb3a205a157fa0861b6f8f925b15923ee31215a16dfde29c5cba7e759877", "1a72c392397f85b0750f5487ed5342094353f1d87ca88711e27ab7d638b3d41d", "0d3c78ebbcbbf8f131eca632bea413e418b491edbb82cc4f5aaa0e7590573f1c", "327ec487335d74e4cb2274fda32584646592cb465cb9933983d567543c33bae0", "2bf5783ce8934164208cbd876a282fa87a18dc1a8c85f3880f770f64cdf48ce1", "1275e3cfeb6bcd1f45c4b7d8c894a8439eafde92232ef63451823093437a0788", "1f5e7561abc5a3419c4770c0c1717012848a8e4a8e3d31f237af51fcf9275844", "33a85f67668d59accd4fcb7ad94bec55815c3efebf26a302875a7e29947b44f9", "04b3192daa2bc747a2269e11be69e94ad4b46aac1a3ce833b2b35fc8ae526e53", "2b22416fdc05a7a2be27f1c2c776232a412af0d53739bb36f2272867ff486dae", "1418230802ed9bf38342d91015376a168bb604d47fd9dddc4e15d8c055c2d47b", "041dabd9edcf3c6e11e2f6dc0b5fa876e1cc9b57454df89f77850bf409da681e", "1f06519b71ee74ed5ab485355ec031c165dbf0cc68e2550705e9648548d3c9be", "257456f0582a9387e104e919695dbd09479ea3d1b91535a5d185de28364d0f0c", "1de3d63376eb25be9556b2dc07ef6d1746cc653733bc751afe0f275ad3f66883", "2b84d2ee8e5e3db10522cdd4a95f6ebf4f281b5581af6efb090848a43d6b46df"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "imports-IsDebuggerPresent", "hashes": ["e612a2ccdd0315fb7490d804b0befd8835d77efc0fcbd13a28805ff58e0d9f21", "2a3427057a865172a65af32928e71f316d86ab21cd3891a29c99cc2152594d79", "01dfdcbc1c5a712ad5719072756748055311914c08458c9bf451affb40581212", "23fc4e653d62151714cc182e969f09dfb0b2c8e8b23ee1e8d370c937235d577b", "37377bd36d7d46bb717a42d959114231165ef80cb43aed53cfb315b9cfaee693", "126bfe53eb3e3d1c05c827ba28d4d14bc200dc6dfb07d42319b589e3b794f389", "384a88aa045a2bdff9d8f4c559c2339a2dc9fe09a51e4cada6ce678de99e35e5", "1bc6e1b9e060db9efb8fb508c9d14fff6ca84ae61e2dbe7a89aa44b71ca5e1ef", "2ee6780c728fe0d17f0e49a2fc5081701cabb6709830dc5ddd48d57ecf1da154", "21a919ce78c3911b87b904d9c7a91b3c21c0439b30f851e6119b3f3e0a02330e", "1ed4eb3a205a157fa0861b6f8f925b15923ee31215a16dfde29c5cba7e759877", "1a72c392397f85b0750f5487ed5342094353f1d87ca88711e27ab7d638b3d41d", "0d3c78ebbcbbf8f131eca632bea413e418b491edbb82cc4f5aaa0e7590573f1c", "327ec487335d74e4cb2274fda32584646592cb465cb9933983d567543c33bae0", "2bf5783ce8934164208cbd876a282fa87a18dc1a8c85f3880f770f64cdf48ce1", "1275e3cfeb6bcd1f45c4b7d8c894a8439eafde92232ef63451823093437a0788", "1f5e7561abc5a3419c4770c0c1717012848a8e4a8e3d31f237af51fcf9275844", "33a85f67668d59accd4fcb7ad94bec55815c3efebf26a302875a7e29947b44f9", "04b3192daa2bc747a2269e11be69e94ad4b46aac1a3ce833b2b35fc8ae526e53", "2b22416fdc05a7a2be27f1c2c776232a412af0d53739bb36f2272867ff486dae", "1418230802ed9bf38342d91015376a168bb604d47fd9dddc4e15d8c055c2d47b", "041dabd9edcf3c6e11e2f6dc0b5fa876e1cc9b57454df89f77850bf409da681e", "1f06519b71ee74ed5ab485355ec031c165dbf0cc68e2550705e9648548d3c9be", "257456f0582a9387e104e919695dbd09479ea3d1b91535a5d185de28364d0f0c", "1de3d63376eb25be9556b2dc07ef6d1746cc653733bc751afe0f275ad3f66883", "2b84d2ee8e5e3db10522cdd4a95f6ebf4f281b5581af6efb090848a43d6b46df"], "mitre_attack_tags": ["TA0005", "TA0007"]}, {"bi": "registry-autorun-key-modified-nt", "hashes": ["e612a2ccdd0315fb7490d804b0befd8835d77efc0fcbd13a28805ff58e0d9f21", "2a3427057a865172a65af32928e71f316d86ab21cd3891a29c99cc2152594d79", "01dfdcbc1c5a712ad5719072756748055311914c08458c9bf451affb40581212", "23fc4e653d62151714cc182e969f09dfb0b2c8e8b23ee1e8d370c937235d577b", "37377bd36d7d46bb717a42d959114231165ef80cb43aed53cfb315b9cfaee693", "126bfe53eb3e3d1c05c827ba28d4d14bc200dc6dfb07d42319b589e3b794f389", "384a88aa045a2bdff9d8f4c559c2339a2dc9fe09a51e4cada6ce678de99e35e5", "1bc6e1b9e060db9efb8fb508c9d14fff6ca84ae61e2dbe7a89aa44b71ca5e1ef", "2ee6780c728fe0d17f0e49a2fc5081701cabb6709830dc5ddd48d57ecf1da154", "21a919ce78c3911b87b904d9c7a91b3c21c0439b30f851e6119b3f3e0a02330e", "1ed4eb3a205a157fa0861b6f8f925b15923ee31215a16dfde29c5cba7e759877", "1a72c392397f85b0750f5487ed5342094353f1d87ca88711e27ab7d638b3d41d", "0d3c78ebbcbbf8f131eca632bea413e418b491edbb82cc4f5aaa0e7590573f1c", "327ec487335d74e4cb2274fda32584646592cb465cb9933983d567543c33bae0", "2bf5783ce8934164208cbd876a282fa87a18dc1a8c85f3880f770f64cdf48ce1", "1275e3cfeb6bcd1f45c4b7d8c894a8439eafde92232ef63451823093437a0788", "1f5e7561abc5a3419c4770c0c1717012848a8e4a8e3d31f237af51fcf9275844", "33a85f67668d59accd4fcb7ad94bec55815c3efebf26a302875a7e29947b44f9", "04b3192daa2bc747a2269e11be69e94ad4b46aac1a3ce833b2b35fc8ae526e53", "2b22416fdc05a7a2be27f1c2c776232a412af0d53739bb36f2272867ff486dae", "1418230802ed9bf38342d91015376a168bb604d47fd9dddc4e15d8c055c2d47b", "041dabd9edcf3c6e11e2f6dc0b5fa876e1cc9b57454df89f77850bf409da681e", "1f06519b71ee74ed5ab485355ec031c165dbf0cc68e2550705e9648548d3c9be", "257456f0582a9387e104e919695dbd09479ea3d1b91535a5d185de28364d0f0c", "1de3d63376eb25be9556b2dc07ef6d1746cc653733bc751afe0f275ad3f66883", "2b84d2ee8e5e3db10522cdd4a95f6ebf4f281b5581af6efb090848a43d6b46df"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "network-dns-category-cnc", "hashes": ["e612a2ccdd0315fb7490d804b0befd8835d77efc0fcbd13a28805ff58e0d9f21", "2a3427057a865172a65af32928e71f316d86ab21cd3891a29c99cc2152594d79", "01dfdcbc1c5a712ad5719072756748055311914c08458c9bf451affb40581212", "23fc4e653d62151714cc182e969f09dfb0b2c8e8b23ee1e8d370c937235d577b", "37377bd36d7d46bb717a42d959114231165ef80cb43aed53cfb315b9cfaee693", "126bfe53eb3e3d1c05c827ba28d4d14bc200dc6dfb07d42319b589e3b794f389", "384a88aa045a2bdff9d8f4c559c2339a2dc9fe09a51e4cada6ce678de99e35e5", "1bc6e1b9e060db9efb8fb508c9d14fff6ca84ae61e2dbe7a89aa44b71ca5e1ef", "2ee6780c728fe0d17f0e49a2fc5081701cabb6709830dc5ddd48d57ecf1da154", "21a919ce78c3911b87b904d9c7a91b3c21c0439b30f851e6119b3f3e0a02330e", "1ed4eb3a205a157fa0861b6f8f925b15923ee31215a16dfde29c5cba7e759877", "1a72c392397f85b0750f5487ed5342094353f1d87ca88711e27ab7d638b3d41d", "0d3c78ebbcbbf8f131eca632bea413e418b491edbb82cc4f5aaa0e7590573f1c", "327ec487335d74e4cb2274fda32584646592cb465cb9933983d567543c33bae0", "2bf5783ce8934164208cbd876a282fa87a18dc1a8c85f3880f770f64cdf48ce1", "1275e3cfeb6bcd1f45c4b7d8c894a8439eafde92232ef63451823093437a0788", "1f5e7561abc5a3419c4770c0c1717012848a8e4a8e3d31f237af51fcf9275844", "33a85f67668d59accd4fcb7ad94bec55815c3efebf26a302875a7e29947b44f9", "04b3192daa2bc747a2269e11be69e94ad4b46aac1a3ce833b2b35fc8ae526e53", "2b22416fdc05a7a2be27f1c2c776232a412af0d53739bb36f2272867ff486dae", "1418230802ed9bf38342d91015376a168bb604d47fd9dddc4e15d8c055c2d47b", "041dabd9edcf3c6e11e2f6dc0b5fa876e1cc9b57454df89f77850bf409da681e", "1f06519b71ee74ed5ab485355ec031c165dbf0cc68e2550705e9648548d3c9be", "257456f0582a9387e104e919695dbd09479ea3d1b91535a5d185de28364d0f0c", "1de3d63376eb25be9556b2dc07ef6d1746cc653733bc751afe0f275ad3f66883", "2b84d2ee8e5e3db10522cdd4a95f6ebf4f281b5581af6efb090848a43d6b46df"], "mitre_attack_tags": ["TA0011"]}, {"bi": "registry-winlogon-key-modified-nt", "hashes": ["e612a2ccdd0315fb7490d804b0befd8835d77efc0fcbd13a28805ff58e0d9f21", "2a3427057a865172a65af32928e71f316d86ab21cd3891a29c99cc2152594d79", "01dfdcbc1c5a712ad5719072756748055311914c08458c9bf451affb40581212", "23fc4e653d62151714cc182e969f09dfb0b2c8e8b23ee1e8d370c937235d577b", "37377bd36d7d46bb717a42d959114231165ef80cb43aed53cfb315b9cfaee693", "126bfe53eb3e3d1c05c827ba28d4d14bc200dc6dfb07d42319b589e3b794f389", "384a88aa045a2bdff9d8f4c559c2339a2dc9fe09a51e4cada6ce678de99e35e5", "1bc6e1b9e060db9efb8fb508c9d14fff6ca84ae61e2dbe7a89aa44b71ca5e1ef", "2ee6780c728fe0d17f0e49a2fc5081701cabb6709830dc5ddd48d57ecf1da154", "21a919ce78c3911b87b904d9c7a91b3c21c0439b30f851e6119b3f3e0a02330e", "1ed4eb3a205a157fa0861b6f8f925b15923ee31215a16dfde29c5cba7e759877", "1a72c392397f85b0750f5487ed5342094353f1d87ca88711e27ab7d638b3d41d", "0d3c78ebbcbbf8f131eca632bea413e418b491edbb82cc4f5aaa0e7590573f1c", "327ec487335d74e4cb2274fda32584646592cb465cb9933983d567543c33bae0", "2bf5783ce8934164208cbd876a282fa87a18dc1a8c85f3880f770f64cdf48ce1", "1275e3cfeb6bcd1f45c4b7d8c894a8439eafde92232ef63451823093437a0788", "1f5e7561abc5a3419c4770c0c1717012848a8e4a8e3d31f237af51fcf9275844", "33a85f67668d59accd4fcb7ad94bec55815c3efebf26a302875a7e29947b44f9", "04b3192daa2bc747a2269e11be69e94ad4b46aac1a3ce833b2b35fc8ae526e53", "2b22416fdc05a7a2be27f1c2c776232a412af0d53739bb36f2272867ff486dae", "1418230802ed9bf38342d91015376a168bb604d47fd9dddc4e15d8c055c2d47b", "041dabd9edcf3c6e11e2f6dc0b5fa876e1cc9b57454df89f77850bf409da681e", "1f06519b71ee74ed5ab485355ec031c165dbf0cc68e2550705e9648548d3c9be", "257456f0582a9387e104e919695dbd09479ea3d1b91535a5d185de28364d0f0c", "1de3d63376eb25be9556b2dc07ef6d1746cc653733bc751afe0f275ad3f66883", "2b84d2ee8e5e3db10522cdd4a95f6ebf4f281b5581af6efb090848a43d6b46df"], "mitre_attack_tags": ["TA0005", "TA0003", "TA0004", "T1112", "T1547"]}, {"bi": "pe-imports-toolhelp", "hashes": ["e612a2ccdd0315fb7490d804b0befd8835d77efc0fcbd13a28805ff58e0d9f21", "2a3427057a865172a65af32928e71f316d86ab21cd3891a29c99cc2152594d79", "01dfdcbc1c5a712ad5719072756748055311914c08458c9bf451affb40581212", "23fc4e653d62151714cc182e969f09dfb0b2c8e8b23ee1e8d370c937235d577b", "37377bd36d7d46bb717a42d959114231165ef80cb43aed53cfb315b9cfaee693", "126bfe53eb3e3d1c05c827ba28d4d14bc200dc6dfb07d42319b589e3b794f389", "384a88aa045a2bdff9d8f4c559c2339a2dc9fe09a51e4cada6ce678de99e35e5", "1bc6e1b9e060db9efb8fb508c9d14fff6ca84ae61e2dbe7a89aa44b71ca5e1ef", "2ee6780c728fe0d17f0e49a2fc5081701cabb6709830dc5ddd48d57ecf1da154", "21a919ce78c3911b87b904d9c7a91b3c21c0439b30f851e6119b3f3e0a02330e", "1ed4eb3a205a157fa0861b6f8f925b15923ee31215a16dfde29c5cba7e759877", "1a72c392397f85b0750f5487ed5342094353f1d87ca88711e27ab7d638b3d41d", "0d3c78ebbcbbf8f131eca632bea413e418b491edbb82cc4f5aaa0e7590573f1c", "327ec487335d74e4cb2274fda32584646592cb465cb9933983d567543c33bae0", "2bf5783ce8934164208cbd876a282fa87a18dc1a8c85f3880f770f64cdf48ce1", "1275e3cfeb6bcd1f45c4b7d8c894a8439eafde92232ef63451823093437a0788", "1f5e7561abc5a3419c4770c0c1717012848a8e4a8e3d31f237af51fcf9275844", "33a85f67668d59accd4fcb7ad94bec55815c3efebf26a302875a7e29947b44f9", "04b3192daa2bc747a2269e11be69e94ad4b46aac1a3ce833b2b35fc8ae526e53", "2b22416fdc05a7a2be27f1c2c776232a412af0d53739bb36f2272867ff486dae", "1418230802ed9bf38342d91015376a168bb604d47fd9dddc4e15d8c055c2d47b", "041dabd9edcf3c6e11e2f6dc0b5fa876e1cc9b57454df89f77850bf409da681e", "1f06519b71ee74ed5ab485355ec031c165dbf0cc68e2550705e9648548d3c9be", "257456f0582a9387e104e919695dbd09479ea3d1b91535a5d185de28364d0f0c", "1de3d63376eb25be9556b2dc07ef6d1746cc653733bc751afe0f275ad3f66883", "2b84d2ee8e5e3db10522cdd4a95f6ebf4f281b5581af6efb090848a43d6b46df"], "mitre_attack_tags": ["TA0007", "T1057"]}, {"bi": "pe-dos-header-paragraphs", "hashes": ["e612a2ccdd0315fb7490d804b0befd8835d77efc0fcbd13a28805ff58e0d9f21", "2a3427057a865172a65af32928e71f316d86ab21cd3891a29c99cc2152594d79", "01dfdcbc1c5a712ad5719072756748055311914c08458c9bf451affb40581212", "23fc4e653d62151714cc182e969f09dfb0b2c8e8b23ee1e8d370c937235d577b", "37377bd36d7d46bb717a42d959114231165ef80cb43aed53cfb315b9cfaee693", "126bfe53eb3e3d1c05c827ba28d4d14bc200dc6dfb07d42319b589e3b794f389", "384a88aa045a2bdff9d8f4c559c2339a2dc9fe09a51e4cada6ce678de99e35e5", "1bc6e1b9e060db9efb8fb508c9d14fff6ca84ae61e2dbe7a89aa44b71ca5e1ef", "2ee6780c728fe0d17f0e49a2fc5081701cabb6709830dc5ddd48d57ecf1da154", "21a919ce78c3911b87b904d9c7a91b3c21c0439b30f851e6119b3f3e0a02330e", "1ed4eb3a205a157fa0861b6f8f925b15923ee31215a16dfde29c5cba7e759877", "1a72c392397f85b0750f5487ed5342094353f1d87ca88711e27ab7d638b3d41d", "0d3c78ebbcbbf8f131eca632bea413e418b491edbb82cc4f5aaa0e7590573f1c", "327ec487335d74e4cb2274fda32584646592cb465cb9933983d567543c33bae0", "2bf5783ce8934164208cbd876a282fa87a18dc1a8c85f3880f770f64cdf48ce1", "1275e3cfeb6bcd1f45c4b7d8c894a8439eafde92232ef63451823093437a0788", "1f5e7561abc5a3419c4770c0c1717012848a8e4a8e3d31f237af51fcf9275844", "33a85f67668d59accd4fcb7ad94bec55815c3efebf26a302875a7e29947b44f9", "04b3192daa2bc747a2269e11be69e94ad4b46aac1a3ce833b2b35fc8ae526e53", "2b22416fdc05a7a2be27f1c2c776232a412af0d53739bb36f2272867ff486dae", "1418230802ed9bf38342d91015376a168bb604d47fd9dddc4e15d8c055c2d47b", "041dabd9edcf3c6e11e2f6dc0b5fa876e1cc9b57454df89f77850bf409da681e", "1f06519b71ee74ed5ab485355ec031c165dbf0cc68e2550705e9648548d3c9be", "257456f0582a9387e104e919695dbd09479ea3d1b91535a5d185de28364d0f0c", "1de3d63376eb25be9556b2dc07ef6d1746cc653733bc751afe0f275ad3f66883", "2b84d2ee8e5e3db10522cdd4a95f6ebf4f281b5581af6efb090848a43d6b46df"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-header-timestamp-prior", "hashes": ["e612a2ccdd0315fb7490d804b0befd8835d77efc0fcbd13a28805ff58e0d9f21", "2a3427057a865172a65af32928e71f316d86ab21cd3891a29c99cc2152594d79", "01dfdcbc1c5a712ad5719072756748055311914c08458c9bf451affb40581212", "23fc4e653d62151714cc182e969f09dfb0b2c8e8b23ee1e8d370c937235d577b", "37377bd36d7d46bb717a42d959114231165ef80cb43aed53cfb315b9cfaee693", "126bfe53eb3e3d1c05c827ba28d4d14bc200dc6dfb07d42319b589e3b794f389", "384a88aa045a2bdff9d8f4c559c2339a2dc9fe09a51e4cada6ce678de99e35e5", "1bc6e1b9e060db9efb8fb508c9d14fff6ca84ae61e2dbe7a89aa44b71ca5e1ef", "2ee6780c728fe0d17f0e49a2fc5081701cabb6709830dc5ddd48d57ecf1da154", "21a919ce78c3911b87b904d9c7a91b3c21c0439b30f851e6119b3f3e0a02330e", "1ed4eb3a205a157fa0861b6f8f925b15923ee31215a16dfde29c5cba7e759877", "1a72c392397f85b0750f5487ed5342094353f1d87ca88711e27ab7d638b3d41d", "0d3c78ebbcbbf8f131eca632bea413e418b491edbb82cc4f5aaa0e7590573f1c", "327ec487335d74e4cb2274fda32584646592cb465cb9933983d567543c33bae0", "2bf5783ce8934164208cbd876a282fa87a18dc1a8c85f3880f770f64cdf48ce1", "1275e3cfeb6bcd1f45c4b7d8c894a8439eafde92232ef63451823093437a0788", "1f5e7561abc5a3419c4770c0c1717012848a8e4a8e3d31f237af51fcf9275844", "33a85f67668d59accd4fcb7ad94bec55815c3efebf26a302875a7e29947b44f9", "04b3192daa2bc747a2269e11be69e94ad4b46aac1a3ce833b2b35fc8ae526e53", "2b22416fdc05a7a2be27f1c2c776232a412af0d53739bb36f2272867ff486dae", "1418230802ed9bf38342d91015376a168bb604d47fd9dddc4e15d8c055c2d47b", "041dabd9edcf3c6e11e2f6dc0b5fa876e1cc9b57454df89f77850bf409da681e", "1f06519b71ee74ed5ab485355ec031c165dbf0cc68e2550705e9648548d3c9be", "257456f0582a9387e104e919695dbd09479ea3d1b91535a5d185de28364d0f0c", "1de3d63376eb25be9556b2dc07ef6d1746cc653733bc751afe0f275ad3f66883", "2b84d2ee8e5e3db10522cdd4a95f6ebf4f281b5581af6efb090848a43d6b46df"], "mitre_attack_tags": []}, {"bi": "registry-winlogon-key-value-modified-to-userinit", "hashes": ["e612a2ccdd0315fb7490d804b0befd8835d77efc0fcbd13a28805ff58e0d9f21", "2a3427057a865172a65af32928e71f316d86ab21cd3891a29c99cc2152594d79", "01dfdcbc1c5a712ad5719072756748055311914c08458c9bf451affb40581212", "23fc4e653d62151714cc182e969f09dfb0b2c8e8b23ee1e8d370c937235d577b", "37377bd36d7d46bb717a42d959114231165ef80cb43aed53cfb315b9cfaee693", "126bfe53eb3e3d1c05c827ba28d4d14bc200dc6dfb07d42319b589e3b794f389", "384a88aa045a2bdff9d8f4c559c2339a2dc9fe09a51e4cada6ce678de99e35e5", "1bc6e1b9e060db9efb8fb508c9d14fff6ca84ae61e2dbe7a89aa44b71ca5e1ef", "2ee6780c728fe0d17f0e49a2fc5081701cabb6709830dc5ddd48d57ecf1da154", "21a919ce78c3911b87b904d9c7a91b3c21c0439b30f851e6119b3f3e0a02330e", "1ed4eb3a205a157fa0861b6f8f925b15923ee31215a16dfde29c5cba7e759877", "1a72c392397f85b0750f5487ed5342094353f1d87ca88711e27ab7d638b3d41d", "0d3c78ebbcbbf8f131eca632bea413e418b491edbb82cc4f5aaa0e7590573f1c", "327ec487335d74e4cb2274fda32584646592cb465cb9933983d567543c33bae0", "2bf5783ce8934164208cbd876a282fa87a18dc1a8c85f3880f770f64cdf48ce1", "1275e3cfeb6bcd1f45c4b7d8c894a8439eafde92232ef63451823093437a0788", "1f5e7561abc5a3419c4770c0c1717012848a8e4a8e3d31f237af51fcf9275844", "33a85f67668d59accd4fcb7ad94bec55815c3efebf26a302875a7e29947b44f9", "04b3192daa2bc747a2269e11be69e94ad4b46aac1a3ce833b2b35fc8ae526e53", "2b22416fdc05a7a2be27f1c2c776232a412af0d53739bb36f2272867ff486dae", "1418230802ed9bf38342d91015376a168bb604d47fd9dddc4e15d8c055c2d47b", "041dabd9edcf3c6e11e2f6dc0b5fa876e1cc9b57454df89f77850bf409da681e", "1f06519b71ee74ed5ab485355ec031c165dbf0cc68e2550705e9648548d3c9be", "257456f0582a9387e104e919695dbd09479ea3d1b91535a5d185de28364d0f0c", "1de3d63376eb25be9556b2dc07ef6d1746cc653733bc751afe0f275ad3f66883", "2b84d2ee8e5e3db10522cdd4a95f6ebf4f281b5581af6efb090848a43d6b46df"], "mitre_attack_tags": ["TA0005", "TA0003", "TA0004", "T1112", "T1547"]}, {"bi": "malware-shiz-mutex-detected", "hashes": ["e612a2ccdd0315fb7490d804b0befd8835d77efc0fcbd13a28805ff58e0d9f21", "2a3427057a865172a65af32928e71f316d86ab21cd3891a29c99cc2152594d79", "01dfdcbc1c5a712ad5719072756748055311914c08458c9bf451affb40581212", "23fc4e653d62151714cc182e969f09dfb0b2c8e8b23ee1e8d370c937235d577b", "37377bd36d7d46bb717a42d959114231165ef80cb43aed53cfb315b9cfaee693", "126bfe53eb3e3d1c05c827ba28d4d14bc200dc6dfb07d42319b589e3b794f389", "384a88aa045a2bdff9d8f4c559c2339a2dc9fe09a51e4cada6ce678de99e35e5", "1bc6e1b9e060db9efb8fb508c9d14fff6ca84ae61e2dbe7a89aa44b71ca5e1ef", "2ee6780c728fe0d17f0e49a2fc5081701cabb6709830dc5ddd48d57ecf1da154", "21a919ce78c3911b87b904d9c7a91b3c21c0439b30f851e6119b3f3e0a02330e", "1ed4eb3a205a157fa0861b6f8f925b15923ee31215a16dfde29c5cba7e759877", "1a72c392397f85b0750f5487ed5342094353f1d87ca88711e27ab7d638b3d41d", "0d3c78ebbcbbf8f131eca632bea413e418b491edbb82cc4f5aaa0e7590573f1c", "327ec487335d74e4cb2274fda32584646592cb465cb9933983d567543c33bae0", "2bf5783ce8934164208cbd876a282fa87a18dc1a8c85f3880f770f64cdf48ce1", "1275e3cfeb6bcd1f45c4b7d8c894a8439eafde92232ef63451823093437a0788", "1f5e7561abc5a3419c4770c0c1717012848a8e4a8e3d31f237af51fcf9275844", "33a85f67668d59accd4fcb7ad94bec55815c3efebf26a302875a7e29947b44f9", "04b3192daa2bc747a2269e11be69e94ad4b46aac1a3ce833b2b35fc8ae526e53", "2b22416fdc05a7a2be27f1c2c776232a412af0d53739bb36f2272867ff486dae", "1418230802ed9bf38342d91015376a168bb604d47fd9dddc4e15d8c055c2d47b", "041dabd9edcf3c6e11e2f6dc0b5fa876e1cc9b57454df89f77850bf409da681e", "1f06519b71ee74ed5ab485355ec031c165dbf0cc68e2550705e9648548d3c9be", "257456f0582a9387e104e919695dbd09479ea3d1b91535a5d185de28364d0f0c", "1de3d63376eb25be9556b2dc07ef6d1746cc653733bc751afe0f275ad3f66883", "2b84d2ee8e5e3db10522cdd4a95f6ebf4f281b5581af6efb090848a43d6b46df"], "mitre_attack_tags": []}, {"bi": "registry-autorun-key-points-to-temp", "hashes": ["e612a2ccdd0315fb7490d804b0befd8835d77efc0fcbd13a28805ff58e0d9f21", "2a3427057a865172a65af32928e71f316d86ab21cd3891a29c99cc2152594d79", "01dfdcbc1c5a712ad5719072756748055311914c08458c9bf451affb40581212", "23fc4e653d62151714cc182e969f09dfb0b2c8e8b23ee1e8d370c937235d577b", "37377bd36d7d46bb717a42d959114231165ef80cb43aed53cfb315b9cfaee693", "126bfe53eb3e3d1c05c827ba28d4d14bc200dc6dfb07d42319b589e3b794f389", "384a88aa045a2bdff9d8f4c559c2339a2dc9fe09a51e4cada6ce678de99e35e5", "1bc6e1b9e060db9efb8fb508c9d14fff6ca84ae61e2dbe7a89aa44b71ca5e1ef", "2ee6780c728fe0d17f0e49a2fc5081701cabb6709830dc5ddd48d57ecf1da154", "21a919ce78c3911b87b904d9c7a91b3c21c0439b30f851e6119b3f3e0a02330e", "1ed4eb3a205a157fa0861b6f8f925b15923ee31215a16dfde29c5cba7e759877", "1a72c392397f85b0750f5487ed5342094353f1d87ca88711e27ab7d638b3d41d", "0d3c78ebbcbbf8f131eca632bea413e418b491edbb82cc4f5aaa0e7590573f1c", "327ec487335d74e4cb2274fda32584646592cb465cb9933983d567543c33bae0", "2bf5783ce8934164208cbd876a282fa87a18dc1a8c85f3880f770f64cdf48ce1", "1275e3cfeb6bcd1f45c4b7d8c894a8439eafde92232ef63451823093437a0788", "1f5e7561abc5a3419c4770c0c1717012848a8e4a8e3d31f237af51fcf9275844", "33a85f67668d59accd4fcb7ad94bec55815c3efebf26a302875a7e29947b44f9", "04b3192daa2bc747a2269e11be69e94ad4b46aac1a3ce833b2b35fc8ae526e53", "2b22416fdc05a7a2be27f1c2c776232a412af0d53739bb36f2272867ff486dae", "1418230802ed9bf38342d91015376a168bb604d47fd9dddc4e15d8c055c2d47b", "041dabd9edcf3c6e11e2f6dc0b5fa876e1cc9b57454df89f77850bf409da681e", "1f06519b71ee74ed5ab485355ec031c165dbf0cc68e2550705e9648548d3c9be", "257456f0582a9387e104e919695dbd09479ea3d1b91535a5d185de28364d0f0c", "1de3d63376eb25be9556b2dc07ef6d1746cc653733bc751afe0f275ad3f66883", "2b84d2ee8e5e3db10522cdd4a95f6ebf4f281b5581af6efb090848a43d6b46df"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}], "category": "Dropper", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": true, "Threat Grid": true, "Umbrella": true, "WSA": true}, "description": "Shiz is a remote access trojan that allows an attacker to access an infected machine to harvest sensitive information. It is commonly spread via droppers or by visiting a malicious site.", "hashes": ["01dfdcbc1c5a712ad5719072756748055311914c08458c9bf451affb40581212", "041dabd9edcf3c6e11e2f6dc0b5fa876e1cc9b57454df89f77850bf409da681e", "04b3192daa2bc747a2269e11be69e94ad4b46aac1a3ce833b2b35fc8ae526e53", "0d3c78ebbcbbf8f131eca632bea413e418b491edbb82cc4f5aaa0e7590573f1c", "126bfe53eb3e3d1c05c827ba28d4d14bc200dc6dfb07d42319b589e3b794f389", "1275e3cfeb6bcd1f45c4b7d8c894a8439eafde92232ef63451823093437a0788", "1418230802ed9bf38342d91015376a168bb604d47fd9dddc4e15d8c055c2d47b", "1a72c392397f85b0750f5487ed5342094353f1d87ca88711e27ab7d638b3d41d", "1bc6e1b9e060db9efb8fb508c9d14fff6ca84ae61e2dbe7a89aa44b71ca5e1ef", "1de3d63376eb25be9556b2dc07ef6d1746cc653733bc751afe0f275ad3f66883", "1ed4eb3a205a157fa0861b6f8f925b15923ee31215a16dfde29c5cba7e759877", "1f06519b71ee74ed5ab485355ec031c165dbf0cc68e2550705e9648548d3c9be", "1f5e7561abc5a3419c4770c0c1717012848a8e4a8e3d31f237af51fcf9275844", "21a919ce78c3911b87b904d9c7a91b3c21c0439b30f851e6119b3f3e0a02330e", "23fc4e653d62151714cc182e969f09dfb0b2c8e8b23ee1e8d370c937235d577b", "257456f0582a9387e104e919695dbd09479ea3d1b91535a5d185de28364d0f0c", "2a3427057a865172a65af32928e71f316d86ab21cd3891a29c99cc2152594d79", "2b22416fdc05a7a2be27f1c2c776232a412af0d53739bb36f2272867ff486dae", "2b84d2ee8e5e3db10522cdd4a95f6ebf4f281b5581af6efb090848a43d6b46df", "2bf5783ce8934164208cbd876a282fa87a18dc1a8c85f3880f770f64cdf48ce1", "2ee6780c728fe0d17f0e49a2fc5081701cabb6709830dc5ddd48d57ecf1da154", "327ec487335d74e4cb2274fda32584646592cb465cb9933983d567543c33bae0", "33a85f67668d59accd4fcb7ad94bec55815c3efebf26a302875a7e29947b44f9", "37377bd36d7d46bb717a42d959114231165ef80cb43aed53cfb315b9cfaee693", "384a88aa045a2bdff9d8f4c559c2339a2dc9fe09a51e4cada6ce678de99e35e5", "3be107b3c4725cbbf45ab12ae64814002ad57f320268f84bc7edd8f006836497", "3f412319d273cd64bce44c99d8931a1321e2814adb6b0d76e302d97c4625bb98", "428ebe851f411d671538994c863ef0926505596007134d3a6555272a6016e535", "486bec670c30874548de808f95aa95c4f63deb5dd64a822d29fb2555376f9ee8", "48829354ef6ef19b80a83116c29e9578a8b587493c45ba3599c3459b4e9c7587", "4b6469202bd1e10060dfe1ca52492b210e465637f9caba90c49b00d7c904902f", "4cff564dd10ce96b12ab8775ff4f7f7f9b1bf0173105b0ee7f941707d023117e", "4f5b5246c98db4cfaa042e584d55916c2027d52097fe13c1fae7bc5706e7a91f", "506a64c420264028e702cd063f9309ee86b56472c3c191e0e3faf7c812a6026a", "531f17e1783bb04895446178b9eae4a47c6c549cb092455edb4096742c6e55ef", "570edca299b30726be43b19cb84a4a3f544545b58aa1bcfee1d0c3845dc0aa4a", "576d916a86c12e874e4ab65f6d28fe3cd7ddbd23f0571414d459d86a0f79aeac", "5a7ad44317ae875dd8062478e13ee4a6f6cbc8a8406dca22382b9591ed17e40a", "5be2de223ceedf03cf6ae9515e9a2ae83f9d10e3cd882934edde721a93aad51d", "5e3854fd85dcfdd3a442560ab6e1133498bd9f72518a28236314b6275f56afbc", "62a9aa4b60023eeb1f3cce1dd6d216610f0c6d58de1b92151e97d3e786fa2854", "63270fa7b5d3a0f67e3cce0cc2fe75721b94efe7fd39c2ce2cb7cd207a362a10", "65776dd3c506f01216ce0b40870a09bee88f884093b9e0b0e18f74b8c6c4202b", "666382854c949fa83d495efb8d1bcb088372855887439048fc93776c1080f1fe", "66f7290562a4672cada6f557d9bc245d5ceabcd992f7c9928574bcb23e6f989d", "6b64fa6327330f40559b10f1c93012eac810a922bba50b4656f863f5c859e16c", "6b9821d51a35529a067088dc98f1327ac61fafee96eb5b154160ee414eb47fc0", "6e02729fe8dc0a8a2cf2f79ca0ecf7e1534db169379cb163718bc8b17a83e2d6", "6f11ead4b398985443f2aeb337d48ddf6e7f84c19d3a2ae839b84c1d96626fb3", "6f5ed0c93b2fe72adfc566a2fba49878c2e1d731fbfc2e78bff3f881adb4e662", "76bd296b69e60f45351005114a6bfc8cddb72be0b9a445793ae09d5271308ece", "7adf31450ced7bc829d2a64c2b7dd0a72502f83587b96da0fd9b2908e2a5c7e7", "7b4f1ab0d088f05710bb7db3a71445893840309172d3c8cd2bb2ce7da0b9d50f", "7c7e7f81a5e2ad8bebf91745644e02d805068eb008f75ace110e34b2cbcf1e75", "7d3a4e964a6b98986de244ded157aeef42a6a558bfc4cdc35cff31c72cc8d934", "85449819b4b91de70cd43f6a57d82482f1ed817d6839a2faee857136e59da685", "85e92022fa14283b422c59dc667d71b72153013d2f78683fe853544138755cf6", "882774f56943072c4b894ed7a9d15b079d18f69130abff439a3a8aa95a625103", "8c2b7c6080a4c82d5a26afc52b4629fd9945d2369201ba6b3ae4921340437fa9", "8f7da590033736105c7413716035f5a2351f2259ff8e62db32579b9d011ded08", "9386016f40cc0aecd1985ac0cf32dfbbb34d13b321f688d0b0b1ad007af2ef72", "962284673fc5016ca8853b000ccf6756028e564e7a457b6709e9532428ba7818", "9fd930b84b382b096b08e827516ac463a5a2a9facc80fbc292342956c255b27b", "a2f3efcf3ddf8ee7fc11e313dfb41f59c037a49b429f57f54b3d008a0e9d08de", "a3b9c0966d4c8c66f494d986091348d1743498619365f6e59fa1115cd14d0163", "a3dc47ff7298878b15bd5d2a1aff731caada3563cfb4cad6b0176bff8a6a0196", "a461455a76ee62fa7923a62fb670a707b340736cd4a053181b1a4600e86b45c5", "a4d3893d5266328dd1c3d8d6b3115fff50f14b40d53c2e55fd8cf983eb223ebc", "a5df147129447bce9813b32e008538f05f86156cd2f204b9bcd89763eac636d7", "ad5d49dc644e035cb08698d741e8423b2f31c9388530d1e0758deaa929ba1d4b", "b0da17eda58c11fde89a07cbaacdf1a6ac69aba4916607378edf2135b3f21137", "b206d18de8775c1553cffb442d116875bb78debfc0fe67c1c943cda1013fb1d5", "b3013a541832948859c7b1e2ab91b95b5a2ec6fdf4103b320971057178c9f8c9", "b34ec14dd938f2c95b61f9e52769b643e6f9d35e24866222b85120dc2ca63c08", "b4380a497c9e5664c0ebb515f04f876387de94aaf60aa7d939fb35a3cacc3a1e", "b7c13de9d48161cddcf9b888c885a8c84f08960db6c0232b1acf73a32edab144", "b942c2ed440b4a288edae5ff86da66dd7d9a11fbc6b1293da18a5b2f75afa4d8", "b9995d1fc18c42e2babce9f34938633030ba87ac283e423225b29515fa98c86a", "bf0ab8edd3242b548d1fa194b84e720fad81e3c318bae67b01a221376fd4e3c1", "bf89311d3e215c0b2e97a0c16debf5470f7e59fc40e2477e7cf2222288781750", "c43a8a0930274fcaf82cfec3647f2e989c3168653f8e5e809f3e5ca1dd10708d", "cac75921d22a4dd6471f89fce601ed1219a9c0449bad6db06953a9f31f8551b8", "cf9a919dc6245083d75b6ff8f60e6b71e81115cdfb6037508f3812c26621427f", "d085931916e991acf330101789b8d13f8c4dc7ac2287c440918a242703c5c8bd", "d471375463190f4e322f5c59e2ea698588e01184a360aefcb476d3713fc54609", "d96d32a1bc0fe693e398e639502de141156e9113a04c8b9e3ad6c7800573af9b", "da80346ee3c6a049396138b309ea7e8eb1069322d3d7ad9be75e05bca265ae10", "ddddfeab8f1839728f60bc6f76c4e9a21bb3109ce099684aefbf4d01c5a989bf", "e035206a8b7ae8055f8cf6cb801a2d4b600de7fede587329347559b449554e97", "e2b02c0b5e24d81005bd6b9b16c38840781b7ea7e6898c5914871b0d4b8837fc", "e300ccc29cbb0898a4d4e08b4b18accab77221c42cd3f357e25dcdc42fb741dd", "e612a2ccdd0315fb7490d804b0befd8835d77efc0fcbd13a28805ff58e0d9f21", "e63baa097d14bbaebe762cc9f7bd4d5407c02d422cf6d20b6bce392d95035c6f", "eafdc9e0ec6fc3c6b5d32b9fdd4835e0333bd04b3b8085bcf635c1cc99b281d8", "f1fb6e6a079398ea0fd14250dfa13301e15cc927a524e1e95c5a10e94b5a7ea4", "f3632d13eaab0fb7f1b8fff04d6be1ea7e23e07985b134723e64e3dbb653d81d", "f42386161b2600880481e41bc81707d0750b5126f6ae6476325822e38c85a9f2", "f540f99c1af236f56b33894b1fd7628715a39d85c29b165fb0b8039097fa92b8", "f927c485b89062b3547cd020ab6a4fe56c2db84cab141b97bd869e5a8cb4aa40", "f9d109557faf3d09dd4a6a63caca083ab6d02637c7012e016b5987dde53673f8", "fa705445b417560df6504a976312a35558fc8de6eee835894b30c79ed506f86f", "fbcb48778532fc50c1e582d5b8763d53fa07224e3bc4b589fb6aa9d404815d66", "fc94c0305bdbcccbfd49cbda01ad494f742f4ff74fc4c9c092da07a30ad0b603"], "iocs": {"domain": [{"hashes": ["01dfdcbc1c5a712ad5719072756748055311914c08458c9bf451affb40581212", "041dabd9edcf3c6e11e2f6dc0b5fa876e1cc9b57454df89f77850bf409da681e", "04b3192daa2bc747a2269e11be69e94ad4b46aac1a3ce833b2b35fc8ae526e53", "0d3c78ebbcbbf8f131eca632bea413e418b491edbb82cc4f5aaa0e7590573f1c", "126bfe53eb3e3d1c05c827ba28d4d14bc200dc6dfb07d42319b589e3b794f389", "1275e3cfeb6bcd1f45c4b7d8c894a8439eafde92232ef63451823093437a0788", "1418230802ed9bf38342d91015376a168bb604d47fd9dddc4e15d8c055c2d47b", "1a72c392397f85b0750f5487ed5342094353f1d87ca88711e27ab7d638b3d41d", "1bc6e1b9e060db9efb8fb508c9d14fff6ca84ae61e2dbe7a89aa44b71ca5e1ef", "1de3d63376eb25be9556b2dc07ef6d1746cc653733bc751afe0f275ad3f66883", "1ed4eb3a205a157fa0861b6f8f925b15923ee31215a16dfde29c5cba7e759877", "1f06519b71ee74ed5ab485355ec031c165dbf0cc68e2550705e9648548d3c9be", "1f5e7561abc5a3419c4770c0c1717012848a8e4a8e3d31f237af51fcf9275844", "21a919ce78c3911b87b904d9c7a91b3c21c0439b30f851e6119b3f3e0a02330e", "23fc4e653d62151714cc182e969f09dfb0b2c8e8b23ee1e8d370c937235d577b", "257456f0582a9387e104e919695dbd09479ea3d1b91535a5d185de28364d0f0c", "2a3427057a865172a65af32928e71f316d86ab21cd3891a29c99cc2152594d79", "2b22416fdc05a7a2be27f1c2c776232a412af0d53739bb36f2272867ff486dae", "2b84d2ee8e5e3db10522cdd4a95f6ebf4f281b5581af6efb090848a43d6b46df", "2bf5783ce8934164208cbd876a282fa87a18dc1a8c85f3880f770f64cdf48ce1", "2ee6780c728fe0d17f0e49a2fc5081701cabb6709830dc5ddd48d57ecf1da154", "327ec487335d74e4cb2274fda32584646592cb465cb9933983d567543c33bae0", "33a85f67668d59accd4fcb7ad94bec55815c3efebf26a302875a7e29947b44f9", "37377bd36d7d46bb717a42d959114231165ef80cb43aed53cfb315b9cfaee693", "384a88aa045a2bdff9d8f4c559c2339a2dc9fe09a51e4cada6ce678de99e35e5", "e612a2ccdd0315fb7490d804b0befd8835d77efc0fcbd13a28805ff58e0d9f21"], "host": "jelojujopen[.]eu"}, {"hashes": ["01dfdcbc1c5a712ad5719072756748055311914c08458c9bf451affb40581212", "041dabd9edcf3c6e11e2f6dc0b5fa876e1cc9b57454df89f77850bf409da681e", "04b3192daa2bc747a2269e11be69e94ad4b46aac1a3ce833b2b35fc8ae526e53", "0d3c78ebbcbbf8f131eca632bea413e418b491edbb82cc4f5aaa0e7590573f1c", "126bfe53eb3e3d1c05c827ba28d4d14bc200dc6dfb07d42319b589e3b794f389", "1275e3cfeb6bcd1f45c4b7d8c894a8439eafde92232ef63451823093437a0788", "1418230802ed9bf38342d91015376a168bb604d47fd9dddc4e15d8c055c2d47b", "1a72c392397f85b0750f5487ed5342094353f1d87ca88711e27ab7d638b3d41d", "1bc6e1b9e060db9efb8fb508c9d14fff6ca84ae61e2dbe7a89aa44b71ca5e1ef", "1de3d63376eb25be9556b2dc07ef6d1746cc653733bc751afe0f275ad3f66883", "1ed4eb3a205a157fa0861b6f8f925b15923ee31215a16dfde29c5cba7e759877", "1f06519b71ee74ed5ab485355ec031c165dbf0cc68e2550705e9648548d3c9be", "1f5e7561abc5a3419c4770c0c1717012848a8e4a8e3d31f237af51fcf9275844", "21a919ce78c3911b87b904d9c7a91b3c21c0439b30f851e6119b3f3e0a02330e", "23fc4e653d62151714cc182e969f09dfb0b2c8e8b23ee1e8d370c937235d577b", "257456f0582a9387e104e919695dbd09479ea3d1b91535a5d185de28364d0f0c", "2a3427057a865172a65af32928e71f316d86ab21cd3891a29c99cc2152594d79", "2b22416fdc05a7a2be27f1c2c776232a412af0d53739bb36f2272867ff486dae", "2b84d2ee8e5e3db10522cdd4a95f6ebf4f281b5581af6efb090848a43d6b46df", "2bf5783ce8934164208cbd876a282fa87a18dc1a8c85f3880f770f64cdf48ce1", "2ee6780c728fe0d17f0e49a2fc5081701cabb6709830dc5ddd48d57ecf1da154", "327ec487335d74e4cb2274fda32584646592cb465cb9933983d567543c33bae0", "33a85f67668d59accd4fcb7ad94bec55815c3efebf26a302875a7e29947b44f9", "37377bd36d7d46bb717a42d959114231165ef80cb43aed53cfb315b9cfaee693", "384a88aa045a2bdff9d8f4c559c2339a2dc9fe09a51e4cada6ce678de99e35e5", "e612a2ccdd0315fb7490d804b0befd8835d77efc0fcbd13a28805ff58e0d9f21"], "host": "qekafuqafit[.]eu"}, {"hashes": ["01dfdcbc1c5a712ad5719072756748055311914c08458c9bf451affb40581212", "041dabd9edcf3c6e11e2f6dc0b5fa876e1cc9b57454df89f77850bf409da681e", "04b3192daa2bc747a2269e11be69e94ad4b46aac1a3ce833b2b35fc8ae526e53", "0d3c78ebbcbbf8f131eca632bea413e418b491edbb82cc4f5aaa0e7590573f1c", "126bfe53eb3e3d1c05c827ba28d4d14bc200dc6dfb07d42319b589e3b794f389", "1275e3cfeb6bcd1f45c4b7d8c894a8439eafde92232ef63451823093437a0788", "1418230802ed9bf38342d91015376a168bb604d47fd9dddc4e15d8c055c2d47b", "1a72c392397f85b0750f5487ed5342094353f1d87ca88711e27ab7d638b3d41d", "1bc6e1b9e060db9efb8fb508c9d14fff6ca84ae61e2dbe7a89aa44b71ca5e1ef", "1de3d63376eb25be9556b2dc07ef6d1746cc653733bc751afe0f275ad3f66883", "1ed4eb3a205a157fa0861b6f8f925b15923ee31215a16dfde29c5cba7e759877", "1f06519b71ee74ed5ab485355ec031c165dbf0cc68e2550705e9648548d3c9be", "1f5e7561abc5a3419c4770c0c1717012848a8e4a8e3d31f237af51fcf9275844", "21a919ce78c3911b87b904d9c7a91b3c21c0439b30f851e6119b3f3e0a02330e", "23fc4e653d62151714cc182e969f09dfb0b2c8e8b23ee1e8d370c937235d577b", "257456f0582a9387e104e919695dbd09479ea3d1b91535a5d185de28364d0f0c", "2a3427057a865172a65af32928e71f316d86ab21cd3891a29c99cc2152594d79", "2b22416fdc05a7a2be27f1c2c776232a412af0d53739bb36f2272867ff486dae", "2b84d2ee8e5e3db10522cdd4a95f6ebf4f281b5581af6efb090848a43d6b46df", "2bf5783ce8934164208cbd876a282fa87a18dc1a8c85f3880f770f64cdf48ce1", "2ee6780c728fe0d17f0e49a2fc5081701cabb6709830dc5ddd48d57ecf1da154", "327ec487335d74e4cb2274fda32584646592cb465cb9933983d567543c33bae0", "33a85f67668d59accd4fcb7ad94bec55815c3efebf26a302875a7e29947b44f9", "37377bd36d7d46bb717a42d959114231165ef80cb43aed53cfb315b9cfaee693", "384a88aa045a2bdff9d8f4c559c2339a2dc9fe09a51e4cada6ce678de99e35e5", "e612a2ccdd0315fb7490d804b0befd8835d77efc0fcbd13a28805ff58e0d9f21"], "host": "ryhyruqeliz[.]eu"}, {"hashes": ["01dfdcbc1c5a712ad5719072756748055311914c08458c9bf451affb40581212", "041dabd9edcf3c6e11e2f6dc0b5fa876e1cc9b57454df89f77850bf409da681e", "04b3192daa2bc747a2269e11be69e94ad4b46aac1a3ce833b2b35fc8ae526e53", "0d3c78ebbcbbf8f131eca632bea413e418b491edbb82cc4f5aaa0e7590573f1c", "126bfe53eb3e3d1c05c827ba28d4d14bc200dc6dfb07d42319b589e3b794f389", "1275e3cfeb6bcd1f45c4b7d8c894a8439eafde92232ef63451823093437a0788", "1418230802ed9bf38342d91015376a168bb604d47fd9dddc4e15d8c055c2d47b", "1a72c392397f85b0750f5487ed5342094353f1d87ca88711e27ab7d638b3d41d", "1bc6e1b9e060db9efb8fb508c9d14fff6ca84ae61e2dbe7a89aa44b71ca5e1ef", "1de3d63376eb25be9556b2dc07ef6d1746cc653733bc751afe0f275ad3f66883", "1ed4eb3a205a157fa0861b6f8f925b15923ee31215a16dfde29c5cba7e759877", "1f06519b71ee74ed5ab485355ec031c165dbf0cc68e2550705e9648548d3c9be", "1f5e7561abc5a3419c4770c0c1717012848a8e4a8e3d31f237af51fcf9275844", "21a919ce78c3911b87b904d9c7a91b3c21c0439b30f851e6119b3f3e0a02330e", "23fc4e653d62151714cc182e969f09dfb0b2c8e8b23ee1e8d370c937235d577b", "257456f0582a9387e104e919695dbd09479ea3d1b91535a5d185de28364d0f0c", "2a3427057a865172a65af32928e71f316d86ab21cd3891a29c99cc2152594d79", "2b22416fdc05a7a2be27f1c2c776232a412af0d53739bb36f2272867ff486dae", "2b84d2ee8e5e3db10522cdd4a95f6ebf4f281b5581af6efb090848a43d6b46df", "2bf5783ce8934164208cbd876a282fa87a18dc1a8c85f3880f770f64cdf48ce1", "2ee6780c728fe0d17f0e49a2fc5081701cabb6709830dc5ddd48d57ecf1da154", "327ec487335d74e4cb2274fda32584646592cb465cb9933983d567543c33bae0", "33a85f67668d59accd4fcb7ad94bec55815c3efebf26a302875a7e29947b44f9", "37377bd36d7d46bb717a42d959114231165ef80cb43aed53cfb315b9cfaee693", "384a88aa045a2bdff9d8f4c559c2339a2dc9fe09a51e4cada6ce678de99e35e5", "e612a2ccdd0315fb7490d804b0befd8835d77efc0fcbd13a28805ff58e0d9f21"], "host": "kejepujajeg[.]eu"}, {"hashes": ["01dfdcbc1c5a712ad5719072756748055311914c08458c9bf451affb40581212", "041dabd9edcf3c6e11e2f6dc0b5fa876e1cc9b57454df89f77850bf409da681e", "04b3192daa2bc747a2269e11be69e94ad4b46aac1a3ce833b2b35fc8ae526e53", "0d3c78ebbcbbf8f131eca632bea413e418b491edbb82cc4f5aaa0e7590573f1c", "126bfe53eb3e3d1c05c827ba28d4d14bc200dc6dfb07d42319b589e3b794f389", "1275e3cfeb6bcd1f45c4b7d8c894a8439eafde92232ef63451823093437a0788", "1418230802ed9bf38342d91015376a168bb604d47fd9dddc4e15d8c055c2d47b", "1a72c392397f85b0750f5487ed5342094353f1d87ca88711e27ab7d638b3d41d", "1bc6e1b9e060db9efb8fb508c9d14fff6ca84ae61e2dbe7a89aa44b71ca5e1ef", "1de3d63376eb25be9556b2dc07ef6d1746cc653733bc751afe0f275ad3f66883", "1ed4eb3a205a157fa0861b6f8f925b15923ee31215a16dfde29c5cba7e759877", "1f06519b71ee74ed5ab485355ec031c165dbf0cc68e2550705e9648548d3c9be", "1f5e7561abc5a3419c4770c0c1717012848a8e4a8e3d31f237af51fcf9275844", "21a919ce78c3911b87b904d9c7a91b3c21c0439b30f851e6119b3f3e0a02330e", "23fc4e653d62151714cc182e969f09dfb0b2c8e8b23ee1e8d370c937235d577b", "257456f0582a9387e104e919695dbd09479ea3d1b91535a5d185de28364d0f0c", "2a3427057a865172a65af32928e71f316d86ab21cd3891a29c99cc2152594d79", "2b22416fdc05a7a2be27f1c2c776232a412af0d53739bb36f2272867ff486dae", "2b84d2ee8e5e3db10522cdd4a95f6ebf4f281b5581af6efb090848a43d6b46df", "2bf5783ce8934164208cbd876a282fa87a18dc1a8c85f3880f770f64cdf48ce1", "2ee6780c728fe0d17f0e49a2fc5081701cabb6709830dc5ddd48d57ecf1da154", "327ec487335d74e4cb2274fda32584646592cb465cb9933983d567543c33bae0", "33a85f67668d59accd4fcb7ad94bec55815c3efebf26a302875a7e29947b44f9", "37377bd36d7d46bb717a42d959114231165ef80cb43aed53cfb315b9cfaee693", "384a88aa045a2bdff9d8f4c559c2339a2dc9fe09a51e4cada6ce678de99e35e5", "e612a2ccdd0315fb7490d804b0befd8835d77efc0fcbd13a28805ff58e0d9f21"], "host": "tufibiqunit[.]eu"}, {"hashes": ["01dfdcbc1c5a712ad5719072756748055311914c08458c9bf451affb40581212", "041dabd9edcf3c6e11e2f6dc0b5fa876e1cc9b57454df89f77850bf409da681e", "04b3192daa2bc747a2269e11be69e94ad4b46aac1a3ce833b2b35fc8ae526e53", "0d3c78ebbcbbf8f131eca632bea413e418b491edbb82cc4f5aaa0e7590573f1c", "126bfe53eb3e3d1c05c827ba28d4d14bc200dc6dfb07d42319b589e3b794f389", "1275e3cfeb6bcd1f45c4b7d8c894a8439eafde92232ef63451823093437a0788", "1418230802ed9bf38342d91015376a168bb604d47fd9dddc4e15d8c055c2d47b", "1a72c392397f85b0750f5487ed5342094353f1d87ca88711e27ab7d638b3d41d", "1bc6e1b9e060db9efb8fb508c9d14fff6ca84ae61e2dbe7a89aa44b71ca5e1ef", "1de3d63376eb25be9556b2dc07ef6d1746cc653733bc751afe0f275ad3f66883", "1ed4eb3a205a157fa0861b6f8f925b15923ee31215a16dfde29c5cba7e759877", "1f06519b71ee74ed5ab485355ec031c165dbf0cc68e2550705e9648548d3c9be", "1f5e7561abc5a3419c4770c0c1717012848a8e4a8e3d31f237af51fcf9275844", "21a919ce78c3911b87b904d9c7a91b3c21c0439b30f851e6119b3f3e0a02330e", "23fc4e653d62151714cc182e969f09dfb0b2c8e8b23ee1e8d370c937235d577b", "257456f0582a9387e104e919695dbd09479ea3d1b91535a5d185de28364d0f0c", "2a3427057a865172a65af32928e71f316d86ab21cd3891a29c99cc2152594d79", "2b22416fdc05a7a2be27f1c2c776232a412af0d53739bb36f2272867ff486dae", "2b84d2ee8e5e3db10522cdd4a95f6ebf4f281b5581af6efb090848a43d6b46df", "2bf5783ce8934164208cbd876a282fa87a18dc1a8c85f3880f770f64cdf48ce1", "2ee6780c728fe0d17f0e49a2fc5081701cabb6709830dc5ddd48d57ecf1da154", "327ec487335d74e4cb2274fda32584646592cb465cb9933983d567543c33bae0", "33a85f67668d59accd4fcb7ad94bec55815c3efebf26a302875a7e29947b44f9", "37377bd36d7d46bb717a42d959114231165ef80cb43aed53cfb315b9cfaee693", "384a88aa045a2bdff9d8f4c559c2339a2dc9fe09a51e4cada6ce678de99e35e5", "e612a2ccdd0315fb7490d804b0befd8835d77efc0fcbd13a28805ff58e0d9f21"], "host": "lygumujycen[.]eu"}, {"hashes": ["01dfdcbc1c5a712ad5719072756748055311914c08458c9bf451affb40581212", "041dabd9edcf3c6e11e2f6dc0b5fa876e1cc9b57454df89f77850bf409da681e", "04b3192daa2bc747a2269e11be69e94ad4b46aac1a3ce833b2b35fc8ae526e53", "0d3c78ebbcbbf8f131eca632bea413e418b491edbb82cc4f5aaa0e7590573f1c", "126bfe53eb3e3d1c05c827ba28d4d14bc200dc6dfb07d42319b589e3b794f389", "1275e3cfeb6bcd1f45c4b7d8c894a8439eafde92232ef63451823093437a0788", "1418230802ed9bf38342d91015376a168bb604d47fd9dddc4e15d8c055c2d47b", "1a72c392397f85b0750f5487ed5342094353f1d87ca88711e27ab7d638b3d41d", "1bc6e1b9e060db9efb8fb508c9d14fff6ca84ae61e2dbe7a89aa44b71ca5e1ef", "1de3d63376eb25be9556b2dc07ef6d1746cc653733bc751afe0f275ad3f66883", "1ed4eb3a205a157fa0861b6f8f925b15923ee31215a16dfde29c5cba7e759877", "1f06519b71ee74ed5ab485355ec031c165dbf0cc68e2550705e9648548d3c9be", "1f5e7561abc5a3419c4770c0c1717012848a8e4a8e3d31f237af51fcf9275844", "21a919ce78c3911b87b904d9c7a91b3c21c0439b30f851e6119b3f3e0a02330e", "23fc4e653d62151714cc182e969f09dfb0b2c8e8b23ee1e8d370c937235d577b", "257456f0582a9387e104e919695dbd09479ea3d1b91535a5d185de28364d0f0c", "2a3427057a865172a65af32928e71f316d86ab21cd3891a29c99cc2152594d79", "2b22416fdc05a7a2be27f1c2c776232a412af0d53739bb36f2272867ff486dae", "2b84d2ee8e5e3db10522cdd4a95f6ebf4f281b5581af6efb090848a43d6b46df", "2bf5783ce8934164208cbd876a282fa87a18dc1a8c85f3880f770f64cdf48ce1", "2ee6780c728fe0d17f0e49a2fc5081701cabb6709830dc5ddd48d57ecf1da154", "327ec487335d74e4cb2274fda32584646592cb465cb9933983d567543c33bae0", "33a85f67668d59accd4fcb7ad94bec55815c3efebf26a302875a7e29947b44f9", "37377bd36d7d46bb717a42d959114231165ef80cb43aed53cfb315b9cfaee693", "384a88aa045a2bdff9d8f4c559c2339a2dc9fe09a51e4cada6ce678de99e35e5", "e612a2ccdd0315fb7490d804b0befd8835d77efc0fcbd13a28805ff58e0d9f21"], "host": "xudoxijiwef[.]eu"}, {"hashes": ["01dfdcbc1c5a712ad5719072756748055311914c08458c9bf451affb40581212", "041dabd9edcf3c6e11e2f6dc0b5fa876e1cc9b57454df89f77850bf409da681e", "04b3192daa2bc747a2269e11be69e94ad4b46aac1a3ce833b2b35fc8ae526e53", "0d3c78ebbcbbf8f131eca632bea413e418b491edbb82cc4f5aaa0e7590573f1c", "126bfe53eb3e3d1c05c827ba28d4d14bc200dc6dfb07d42319b589e3b794f389", "1275e3cfeb6bcd1f45c4b7d8c894a8439eafde92232ef63451823093437a0788", "1418230802ed9bf38342d91015376a168bb604d47fd9dddc4e15d8c055c2d47b", "1a72c392397f85b0750f5487ed5342094353f1d87ca88711e27ab7d638b3d41d", "1bc6e1b9e060db9efb8fb508c9d14fff6ca84ae61e2dbe7a89aa44b71ca5e1ef", "1de3d63376eb25be9556b2dc07ef6d1746cc653733bc751afe0f275ad3f66883", "1ed4eb3a205a157fa0861b6f8f925b15923ee31215a16dfde29c5cba7e759877", "1f06519b71ee74ed5ab485355ec031c165dbf0cc68e2550705e9648548d3c9be", "1f5e7561abc5a3419c4770c0c1717012848a8e4a8e3d31f237af51fcf9275844", "21a919ce78c3911b87b904d9c7a91b3c21c0439b30f851e6119b3f3e0a02330e", "23fc4e653d62151714cc182e969f09dfb0b2c8e8b23ee1e8d370c937235d577b", "257456f0582a9387e104e919695dbd09479ea3d1b91535a5d185de28364d0f0c", "2a3427057a865172a65af32928e71f316d86ab21cd3891a29c99cc2152594d79", "2b22416fdc05a7a2be27f1c2c776232a412af0d53739bb36f2272867ff486dae", "2b84d2ee8e5e3db10522cdd4a95f6ebf4f281b5581af6efb090848a43d6b46df", "2bf5783ce8934164208cbd876a282fa87a18dc1a8c85f3880f770f64cdf48ce1", "2ee6780c728fe0d17f0e49a2fc5081701cabb6709830dc5ddd48d57ecf1da154", "327ec487335d74e4cb2274fda32584646592cb465cb9933983d567543c33bae0", "33a85f67668d59accd4fcb7ad94bec55815c3efebf26a302875a7e29947b44f9", "37377bd36d7d46bb717a42d959114231165ef80cb43aed53cfb315b9cfaee693", "384a88aa045a2bdff9d8f4c559c2339a2dc9fe09a51e4cada6ce678de99e35e5", "e612a2ccdd0315fb7490d804b0befd8835d77efc0fcbd13a28805ff58e0d9f21"], "host": "pupoliqotul[.]eu"}, {"hashes": ["01dfdcbc1c5a712ad5719072756748055311914c08458c9bf451affb40581212", "041dabd9edcf3c6e11e2f6dc0b5fa876e1cc9b57454df89f77850bf409da681e", "04b3192daa2bc747a2269e11be69e94ad4b46aac1a3ce833b2b35fc8ae526e53", "0d3c78ebbcbbf8f131eca632bea413e418b491edbb82cc4f5aaa0e7590573f1c", "126bfe53eb3e3d1c05c827ba28d4d14bc200dc6dfb07d42319b589e3b794f389", "1275e3cfeb6bcd1f45c4b7d8c894a8439eafde92232ef63451823093437a0788", "1418230802ed9bf38342d91015376a168bb604d47fd9dddc4e15d8c055c2d47b", "1a72c392397f85b0750f5487ed5342094353f1d87ca88711e27ab7d638b3d41d", "1bc6e1b9e060db9efb8fb508c9d14fff6ca84ae61e2dbe7a89aa44b71ca5e1ef", "1de3d63376eb25be9556b2dc07ef6d1746cc653733bc751afe0f275ad3f66883", "1ed4eb3a205a157fa0861b6f8f925b15923ee31215a16dfde29c5cba7e759877", "1f06519b71ee74ed5ab485355ec031c165dbf0cc68e2550705e9648548d3c9be", "1f5e7561abc5a3419c4770c0c1717012848a8e4a8e3d31f237af51fcf9275844", "21a919ce78c3911b87b904d9c7a91b3c21c0439b30f851e6119b3f3e0a02330e", "23fc4e653d62151714cc182e969f09dfb0b2c8e8b23ee1e8d370c937235d577b", "257456f0582a9387e104e919695dbd09479ea3d1b91535a5d185de28364d0f0c", "2a3427057a865172a65af32928e71f316d86ab21cd3891a29c99cc2152594d79", "2b22416fdc05a7a2be27f1c2c776232a412af0d53739bb36f2272867ff486dae", "2b84d2ee8e5e3db10522cdd4a95f6ebf4f281b5581af6efb090848a43d6b46df", "2bf5783ce8934164208cbd876a282fa87a18dc1a8c85f3880f770f64cdf48ce1", "2ee6780c728fe0d17f0e49a2fc5081701cabb6709830dc5ddd48d57ecf1da154", "327ec487335d74e4cb2274fda32584646592cb465cb9933983d567543c33bae0", "33a85f67668d59accd4fcb7ad94bec55815c3efebf26a302875a7e29947b44f9", "37377bd36d7d46bb717a42d959114231165ef80cb43aed53cfb315b9cfaee693", "384a88aa045a2bdff9d8f4c559c2339a2dc9fe09a51e4cada6ce678de99e35e5", "e612a2ccdd0315fb7490d804b0befd8835d77efc0fcbd13a28805ff58e0d9f21"], "host": "citahikodab[.]eu"}, {"hashes": ["01dfdcbc1c5a712ad5719072756748055311914c08458c9bf451affb40581212", "041dabd9edcf3c6e11e2f6dc0b5fa876e1cc9b57454df89f77850bf409da681e", "04b3192daa2bc747a2269e11be69e94ad4b46aac1a3ce833b2b35fc8ae526e53", "0d3c78ebbcbbf8f131eca632bea413e418b491edbb82cc4f5aaa0e7590573f1c", "126bfe53eb3e3d1c05c827ba28d4d14bc200dc6dfb07d42319b589e3b794f389", "1275e3cfeb6bcd1f45c4b7d8c894a8439eafde92232ef63451823093437a0788", "1418230802ed9bf38342d91015376a168bb604d47fd9dddc4e15d8c055c2d47b", "1a72c392397f85b0750f5487ed5342094353f1d87ca88711e27ab7d638b3d41d", "1bc6e1b9e060db9efb8fb508c9d14fff6ca84ae61e2dbe7a89aa44b71ca5e1ef", "1de3d63376eb25be9556b2dc07ef6d1746cc653733bc751afe0f275ad3f66883", "1ed4eb3a205a157fa0861b6f8f925b15923ee31215a16dfde29c5cba7e759877", "1f06519b71ee74ed5ab485355ec031c165dbf0cc68e2550705e9648548d3c9be", "1f5e7561abc5a3419c4770c0c1717012848a8e4a8e3d31f237af51fcf9275844", "21a919ce78c3911b87b904d9c7a91b3c21c0439b30f851e6119b3f3e0a02330e", "23fc4e653d62151714cc182e969f09dfb0b2c8e8b23ee1e8d370c937235d577b", "257456f0582a9387e104e919695dbd09479ea3d1b91535a5d185de28364d0f0c", "2a3427057a865172a65af32928e71f316d86ab21cd3891a29c99cc2152594d79", "2b22416fdc05a7a2be27f1c2c776232a412af0d53739bb36f2272867ff486dae", "2b84d2ee8e5e3db10522cdd4a95f6ebf4f281b5581af6efb090848a43d6b46df", "2bf5783ce8934164208cbd876a282fa87a18dc1a8c85f3880f770f64cdf48ce1", "2ee6780c728fe0d17f0e49a2fc5081701cabb6709830dc5ddd48d57ecf1da154", "327ec487335d74e4cb2274fda32584646592cb465cb9933983d567543c33bae0", "33a85f67668d59accd4fcb7ad94bec55815c3efebf26a302875a7e29947b44f9", "37377bd36d7d46bb717a42d959114231165ef80cb43aed53cfb315b9cfaee693", "384a88aa045a2bdff9d8f4c559c2339a2dc9fe09a51e4cada6ce678de99e35e5", "e612a2ccdd0315fb7490d804b0befd8835d77efc0fcbd13a28805ff58e0d9f21"], "host": "direfiwahur[.]eu"}, {"hashes": ["01dfdcbc1c5a712ad5719072756748055311914c08458c9bf451affb40581212", "041dabd9edcf3c6e11e2f6dc0b5fa876e1cc9b57454df89f77850bf409da681e", "04b3192daa2bc747a2269e11be69e94ad4b46aac1a3ce833b2b35fc8ae526e53", "0d3c78ebbcbbf8f131eca632bea413e418b491edbb82cc4f5aaa0e7590573f1c", "126bfe53eb3e3d1c05c827ba28d4d14bc200dc6dfb07d42319b589e3b794f389", "1275e3cfeb6bcd1f45c4b7d8c894a8439eafde92232ef63451823093437a0788", "1418230802ed9bf38342d91015376a168bb604d47fd9dddc4e15d8c055c2d47b", "1a72c392397f85b0750f5487ed5342094353f1d87ca88711e27ab7d638b3d41d", "1bc6e1b9e060db9efb8fb508c9d14fff6ca84ae61e2dbe7a89aa44b71ca5e1ef", "1de3d63376eb25be9556b2dc07ef6d1746cc653733bc751afe0f275ad3f66883", "1ed4eb3a205a157fa0861b6f8f925b15923ee31215a16dfde29c5cba7e759877", "1f06519b71ee74ed5ab485355ec031c165dbf0cc68e2550705e9648548d3c9be", "1f5e7561abc5a3419c4770c0c1717012848a8e4a8e3d31f237af51fcf9275844", "21a919ce78c3911b87b904d9c7a91b3c21c0439b30f851e6119b3f3e0a02330e", "23fc4e653d62151714cc182e969f09dfb0b2c8e8b23ee1e8d370c937235d577b", "257456f0582a9387e104e919695dbd09479ea3d1b91535a5d185de28364d0f0c", "2a3427057a865172a65af32928e71f316d86ab21cd3891a29c99cc2152594d79", "2b22416fdc05a7a2be27f1c2c776232a412af0d53739bb36f2272867ff486dae", "2b84d2ee8e5e3db10522cdd4a95f6ebf4f281b5581af6efb090848a43d6b46df", "2bf5783ce8934164208cbd876a282fa87a18dc1a8c85f3880f770f64cdf48ce1", "2ee6780c728fe0d17f0e49a2fc5081701cabb6709830dc5ddd48d57ecf1da154", "327ec487335d74e4cb2274fda32584646592cb465cb9933983d567543c33bae0", "33a85f67668d59accd4fcb7ad94bec55815c3efebf26a302875a7e29947b44f9", "37377bd36d7d46bb717a42d959114231165ef80cb43aed53cfb315b9cfaee693", "384a88aa045a2bdff9d8f4c559c2339a2dc9fe09a51e4cada6ce678de99e35e5", "e612a2ccdd0315fb7490d804b0befd8835d77efc0fcbd13a28805ff58e0d9f21"], "host": "vowypikelaf[.]eu"}, {"hashes": ["01dfdcbc1c5a712ad5719072756748055311914c08458c9bf451affb40581212", "041dabd9edcf3c6e11e2f6dc0b5fa876e1cc9b57454df89f77850bf409da681e", "04b3192daa2bc747a2269e11be69e94ad4b46aac1a3ce833b2b35fc8ae526e53", "0d3c78ebbcbbf8f131eca632bea413e418b491edbb82cc4f5aaa0e7590573f1c", "126bfe53eb3e3d1c05c827ba28d4d14bc200dc6dfb07d42319b589e3b794f389", "1275e3cfeb6bcd1f45c4b7d8c894a8439eafde92232ef63451823093437a0788", "1418230802ed9bf38342d91015376a168bb604d47fd9dddc4e15d8c055c2d47b", "1a72c392397f85b0750f5487ed5342094353f1d87ca88711e27ab7d638b3d41d", "1bc6e1b9e060db9efb8fb508c9d14fff6ca84ae61e2dbe7a89aa44b71ca5e1ef", "1de3d63376eb25be9556b2dc07ef6d1746cc653733bc751afe0f275ad3f66883", "1ed4eb3a205a157fa0861b6f8f925b15923ee31215a16dfde29c5cba7e759877", "1f06519b71ee74ed5ab485355ec031c165dbf0cc68e2550705e9648548d3c9be", "1f5e7561abc5a3419c4770c0c1717012848a8e4a8e3d31f237af51fcf9275844", "21a919ce78c3911b87b904d9c7a91b3c21c0439b30f851e6119b3f3e0a02330e", "23fc4e653d62151714cc182e969f09dfb0b2c8e8b23ee1e8d370c937235d577b", "257456f0582a9387e104e919695dbd09479ea3d1b91535a5d185de28364d0f0c", "2a3427057a865172a65af32928e71f316d86ab21cd3891a29c99cc2152594d79", "2b22416fdc05a7a2be27f1c2c776232a412af0d53739bb36f2272867ff486dae", "2b84d2ee8e5e3db10522cdd4a95f6ebf4f281b5581af6efb090848a43d6b46df", "2bf5783ce8934164208cbd876a282fa87a18dc1a8c85f3880f770f64cdf48ce1", "2ee6780c728fe0d17f0e49a2fc5081701cabb6709830dc5ddd48d57ecf1da154", "327ec487335d74e4cb2274fda32584646592cb465cb9933983d567543c33bae0", "33a85f67668d59accd4fcb7ad94bec55815c3efebf26a302875a7e29947b44f9", "37377bd36d7d46bb717a42d959114231165ef80cb43aed53cfb315b9cfaee693", "384a88aa045a2bdff9d8f4c559c2339a2dc9fe09a51e4cada6ce678de99e35e5", "e612a2ccdd0315fb7490d804b0befd8835d77efc0fcbd13a28805ff58e0d9f21"], "host": "foqurowyxul[.]eu"}, {"hashes": ["01dfdcbc1c5a712ad5719072756748055311914c08458c9bf451affb40581212", "041dabd9edcf3c6e11e2f6dc0b5fa876e1cc9b57454df89f77850bf409da681e", "04b3192daa2bc747a2269e11be69e94ad4b46aac1a3ce833b2b35fc8ae526e53", "0d3c78ebbcbbf8f131eca632bea413e418b491edbb82cc4f5aaa0e7590573f1c", "126bfe53eb3e3d1c05c827ba28d4d14bc200dc6dfb07d42319b589e3b794f389", "1275e3cfeb6bcd1f45c4b7d8c894a8439eafde92232ef63451823093437a0788", "1418230802ed9bf38342d91015376a168bb604d47fd9dddc4e15d8c055c2d47b", "1a72c392397f85b0750f5487ed5342094353f1d87ca88711e27ab7d638b3d41d", "1bc6e1b9e060db9efb8fb508c9d14fff6ca84ae61e2dbe7a89aa44b71ca5e1ef", "1de3d63376eb25be9556b2dc07ef6d1746cc653733bc751afe0f275ad3f66883", "1ed4eb3a205a157fa0861b6f8f925b15923ee31215a16dfde29c5cba7e759877", "1f06519b71ee74ed5ab485355ec031c165dbf0cc68e2550705e9648548d3c9be", "1f5e7561abc5a3419c4770c0c1717012848a8e4a8e3d31f237af51fcf9275844", "21a919ce78c3911b87b904d9c7a91b3c21c0439b30f851e6119b3f3e0a02330e", "23fc4e653d62151714cc182e969f09dfb0b2c8e8b23ee1e8d370c937235d577b", "257456f0582a9387e104e919695dbd09479ea3d1b91535a5d185de28364d0f0c", "2a3427057a865172a65af32928e71f316d86ab21cd3891a29c99cc2152594d79", "2b22416fdc05a7a2be27f1c2c776232a412af0d53739bb36f2272867ff486dae", "2b84d2ee8e5e3db10522cdd4a95f6ebf4f281b5581af6efb090848a43d6b46df", "2bf5783ce8934164208cbd876a282fa87a18dc1a8c85f3880f770f64cdf48ce1", "2ee6780c728fe0d17f0e49a2fc5081701cabb6709830dc5ddd48d57ecf1da154", "327ec487335d74e4cb2274fda32584646592cb465cb9933983d567543c33bae0", "33a85f67668d59accd4fcb7ad94bec55815c3efebf26a302875a7e29947b44f9", "37377bd36d7d46bb717a42d959114231165ef80cb43aed53cfb315b9cfaee693", "384a88aa045a2bdff9d8f4c559c2339a2dc9fe09a51e4cada6ce678de99e35e5", "e612a2ccdd0315fb7490d804b0befd8835d77efc0fcbd13a28805ff58e0d9f21"], "host": "nomimokubab[.]eu"}, {"hashes": ["01dfdcbc1c5a712ad5719072756748055311914c08458c9bf451affb40581212", "041dabd9edcf3c6e11e2f6dc0b5fa876e1cc9b57454df89f77850bf409da681e", "04b3192daa2bc747a2269e11be69e94ad4b46aac1a3ce833b2b35fc8ae526e53", "0d3c78ebbcbbf8f131eca632bea413e418b491edbb82cc4f5aaa0e7590573f1c", "126bfe53eb3e3d1c05c827ba28d4d14bc200dc6dfb07d42319b589e3b794f389", "1275e3cfeb6bcd1f45c4b7d8c894a8439eafde92232ef63451823093437a0788", "1418230802ed9bf38342d91015376a168bb604d47fd9dddc4e15d8c055c2d47b", "1a72c392397f85b0750f5487ed5342094353f1d87ca88711e27ab7d638b3d41d", "1bc6e1b9e060db9efb8fb508c9d14fff6ca84ae61e2dbe7a89aa44b71ca5e1ef", "1de3d63376eb25be9556b2dc07ef6d1746cc653733bc751afe0f275ad3f66883", "1ed4eb3a205a157fa0861b6f8f925b15923ee31215a16dfde29c5cba7e759877", "1f06519b71ee74ed5ab485355ec031c165dbf0cc68e2550705e9648548d3c9be", "1f5e7561abc5a3419c4770c0c1717012848a8e4a8e3d31f237af51fcf9275844", "21a919ce78c3911b87b904d9c7a91b3c21c0439b30f851e6119b3f3e0a02330e", "23fc4e653d62151714cc182e969f09dfb0b2c8e8b23ee1e8d370c937235d577b", "257456f0582a9387e104e919695dbd09479ea3d1b91535a5d185de28364d0f0c", "2a3427057a865172a65af32928e71f316d86ab21cd3891a29c99cc2152594d79", "2b22416fdc05a7a2be27f1c2c776232a412af0d53739bb36f2272867ff486dae", "2b84d2ee8e5e3db10522cdd4a95f6ebf4f281b5581af6efb090848a43d6b46df", "2bf5783ce8934164208cbd876a282fa87a18dc1a8c85f3880f770f64cdf48ce1", "2ee6780c728fe0d17f0e49a2fc5081701cabb6709830dc5ddd48d57ecf1da154", "327ec487335d74e4cb2274fda32584646592cb465cb9933983d567543c33bae0", "33a85f67668d59accd4fcb7ad94bec55815c3efebf26a302875a7e29947b44f9", "37377bd36d7d46bb717a42d959114231165ef80cb43aed53cfb315b9cfaee693", "384a88aa045a2bdff9d8f4c559c2339a2dc9fe09a51e4cada6ce678de99e35e5", "e612a2ccdd0315fb7490d804b0befd8835d77efc0fcbd13a28805ff58e0d9f21"], "host": "ganovowuqur[.]eu"}, {"hashes": ["01dfdcbc1c5a712ad5719072756748055311914c08458c9bf451affb40581212", "041dabd9edcf3c6e11e2f6dc0b5fa876e1cc9b57454df89f77850bf409da681e", "04b3192daa2bc747a2269e11be69e94ad4b46aac1a3ce833b2b35fc8ae526e53", "0d3c78ebbcbbf8f131eca632bea413e418b491edbb82cc4f5aaa0e7590573f1c", "126bfe53eb3e3d1c05c827ba28d4d14bc200dc6dfb07d42319b589e3b794f389", "1275e3cfeb6bcd1f45c4b7d8c894a8439eafde92232ef63451823093437a0788", "1418230802ed9bf38342d91015376a168bb604d47fd9dddc4e15d8c055c2d47b", "1a72c392397f85b0750f5487ed5342094353f1d87ca88711e27ab7d638b3d41d", "1bc6e1b9e060db9efb8fb508c9d14fff6ca84ae61e2dbe7a89aa44b71ca5e1ef", "1de3d63376eb25be9556b2dc07ef6d1746cc653733bc751afe0f275ad3f66883", "1ed4eb3a205a157fa0861b6f8f925b15923ee31215a16dfde29c5cba7e759877", "1f06519b71ee74ed5ab485355ec031c165dbf0cc68e2550705e9648548d3c9be", "1f5e7561abc5a3419c4770c0c1717012848a8e4a8e3d31f237af51fcf9275844", "21a919ce78c3911b87b904d9c7a91b3c21c0439b30f851e6119b3f3e0a02330e", "23fc4e653d62151714cc182e969f09dfb0b2c8e8b23ee1e8d370c937235d577b", "257456f0582a9387e104e919695dbd09479ea3d1b91535a5d185de28364d0f0c", "2a3427057a865172a65af32928e71f316d86ab21cd3891a29c99cc2152594d79", "2b22416fdc05a7a2be27f1c2c776232a412af0d53739bb36f2272867ff486dae", "2b84d2ee8e5e3db10522cdd4a95f6ebf4f281b5581af6efb090848a43d6b46df", "2bf5783ce8934164208cbd876a282fa87a18dc1a8c85f3880f770f64cdf48ce1", "2ee6780c728fe0d17f0e49a2fc5081701cabb6709830dc5ddd48d57ecf1da154", "327ec487335d74e4cb2274fda32584646592cb465cb9933983d567543c33bae0", "33a85f67668d59accd4fcb7ad94bec55815c3efebf26a302875a7e29947b44f9", "37377bd36d7d46bb717a42d959114231165ef80cb43aed53cfb315b9cfaee693", "384a88aa045a2bdff9d8f4c559c2339a2dc9fe09a51e4cada6ce678de99e35e5", "e612a2ccdd0315fb7490d804b0befd8835d77efc0fcbd13a28805ff58e0d9f21"], "host": "mavaxokitad[.]eu"}, {"hashes": ["01dfdcbc1c5a712ad5719072756748055311914c08458c9bf451affb40581212", "041dabd9edcf3c6e11e2f6dc0b5fa876e1cc9b57454df89f77850bf409da681e", "04b3192daa2bc747a2269e11be69e94ad4b46aac1a3ce833b2b35fc8ae526e53", "0d3c78ebbcbbf8f131eca632bea413e418b491edbb82cc4f5aaa0e7590573f1c", "126bfe53eb3e3d1c05c827ba28d4d14bc200dc6dfb07d42319b589e3b794f389", "1275e3cfeb6bcd1f45c4b7d8c894a8439eafde92232ef63451823093437a0788", "1418230802ed9bf38342d91015376a168bb604d47fd9dddc4e15d8c055c2d47b", "1a72c392397f85b0750f5487ed5342094353f1d87ca88711e27ab7d638b3d41d", "1bc6e1b9e060db9efb8fb508c9d14fff6ca84ae61e2dbe7a89aa44b71ca5e1ef", "1de3d63376eb25be9556b2dc07ef6d1746cc653733bc751afe0f275ad3f66883", "1ed4eb3a205a157fa0861b6f8f925b15923ee31215a16dfde29c5cba7e759877", "1f06519b71ee74ed5ab485355ec031c165dbf0cc68e2550705e9648548d3c9be", "1f5e7561abc5a3419c4770c0c1717012848a8e4a8e3d31f237af51fcf9275844", "21a919ce78c3911b87b904d9c7a91b3c21c0439b30f851e6119b3f3e0a02330e", "23fc4e653d62151714cc182e969f09dfb0b2c8e8b23ee1e8d370c937235d577b", "257456f0582a9387e104e919695dbd09479ea3d1b91535a5d185de28364d0f0c", "2a3427057a865172a65af32928e71f316d86ab21cd3891a29c99cc2152594d79", "2b22416fdc05a7a2be27f1c2c776232a412af0d53739bb36f2272867ff486dae", "2b84d2ee8e5e3db10522cdd4a95f6ebf4f281b5581af6efb090848a43d6b46df", "2bf5783ce8934164208cbd876a282fa87a18dc1a8c85f3880f770f64cdf48ce1", "2ee6780c728fe0d17f0e49a2fc5081701cabb6709830dc5ddd48d57ecf1da154", "327ec487335d74e4cb2274fda32584646592cb465cb9933983d567543c33bae0", "33a85f67668d59accd4fcb7ad94bec55815c3efebf26a302875a7e29947b44f9", "37377bd36d7d46bb717a42d959114231165ef80cb43aed53cfb315b9cfaee693", "384a88aa045a2bdff9d8f4c559c2339a2dc9fe09a51e4cada6ce678de99e35e5", "e612a2ccdd0315fb7490d804b0befd8835d77efc0fcbd13a28805ff58e0d9f21"], "host": "rylupalyxad[.]eu"}, {"hashes": ["01dfdcbc1c5a712ad5719072756748055311914c08458c9bf451affb40581212", "041dabd9edcf3c6e11e2f6dc0b5fa876e1cc9b57454df89f77850bf409da681e", "04b3192daa2bc747a2269e11be69e94ad4b46aac1a3ce833b2b35fc8ae526e53", "0d3c78ebbcbbf8f131eca632bea413e418b491edbb82cc4f5aaa0e7590573f1c", "126bfe53eb3e3d1c05c827ba28d4d14bc200dc6dfb07d42319b589e3b794f389", "1275e3cfeb6bcd1f45c4b7d8c894a8439eafde92232ef63451823093437a0788", "1418230802ed9bf38342d91015376a168bb604d47fd9dddc4e15d8c055c2d47b", "1a72c392397f85b0750f5487ed5342094353f1d87ca88711e27ab7d638b3d41d", "1bc6e1b9e060db9efb8fb508c9d14fff6ca84ae61e2dbe7a89aa44b71ca5e1ef", "1de3d63376eb25be9556b2dc07ef6d1746cc653733bc751afe0f275ad3f66883", "1ed4eb3a205a157fa0861b6f8f925b15923ee31215a16dfde29c5cba7e759877", "1f06519b71ee74ed5ab485355ec031c165dbf0cc68e2550705e9648548d3c9be", "1f5e7561abc5a3419c4770c0c1717012848a8e4a8e3d31f237af51fcf9275844", "21a919ce78c3911b87b904d9c7a91b3c21c0439b30f851e6119b3f3e0a02330e", "23fc4e653d62151714cc182e969f09dfb0b2c8e8b23ee1e8d370c937235d577b", "257456f0582a9387e104e919695dbd09479ea3d1b91535a5d185de28364d0f0c", "2a3427057a865172a65af32928e71f316d86ab21cd3891a29c99cc2152594d79", "2b22416fdc05a7a2be27f1c2c776232a412af0d53739bb36f2272867ff486dae", "2b84d2ee8e5e3db10522cdd4a95f6ebf4f281b5581af6efb090848a43d6b46df", "2bf5783ce8934164208cbd876a282fa87a18dc1a8c85f3880f770f64cdf48ce1", "2ee6780c728fe0d17f0e49a2fc5081701cabb6709830dc5ddd48d57ecf1da154", "327ec487335d74e4cb2274fda32584646592cb465cb9933983d567543c33bae0", "33a85f67668d59accd4fcb7ad94bec55815c3efebf26a302875a7e29947b44f9", "37377bd36d7d46bb717a42d959114231165ef80cb43aed53cfb315b9cfaee693", "384a88aa045a2bdff9d8f4c559c2339a2dc9fe09a51e4cada6ce678de99e35e5", "e612a2ccdd0315fb7490d804b0befd8835d77efc0fcbd13a28805ff58e0d9f21"], "host": "jecekorosuk[.]eu"}, {"hashes": ["01dfdcbc1c5a712ad5719072756748055311914c08458c9bf451affb40581212", "041dabd9edcf3c6e11e2f6dc0b5fa876e1cc9b57454df89f77850bf409da681e", "04b3192daa2bc747a2269e11be69e94ad4b46aac1a3ce833b2b35fc8ae526e53", "0d3c78ebbcbbf8f131eca632bea413e418b491edbb82cc4f5aaa0e7590573f1c", "126bfe53eb3e3d1c05c827ba28d4d14bc200dc6dfb07d42319b589e3b794f389", "1275e3cfeb6bcd1f45c4b7d8c894a8439eafde92232ef63451823093437a0788", "1418230802ed9bf38342d91015376a168bb604d47fd9dddc4e15d8c055c2d47b", "1a72c392397f85b0750f5487ed5342094353f1d87ca88711e27ab7d638b3d41d", "1bc6e1b9e060db9efb8fb508c9d14fff6ca84ae61e2dbe7a89aa44b71ca5e1ef", "1de3d63376eb25be9556b2dc07ef6d1746cc653733bc751afe0f275ad3f66883", "1ed4eb3a205a157fa0861b6f8f925b15923ee31215a16dfde29c5cba7e759877", "1f06519b71ee74ed5ab485355ec031c165dbf0cc68e2550705e9648548d3c9be", "1f5e7561abc5a3419c4770c0c1717012848a8e4a8e3d31f237af51fcf9275844", "21a919ce78c3911b87b904d9c7a91b3c21c0439b30f851e6119b3f3e0a02330e", "23fc4e653d62151714cc182e969f09dfb0b2c8e8b23ee1e8d370c937235d577b", "257456f0582a9387e104e919695dbd09479ea3d1b91535a5d185de28364d0f0c", "2a3427057a865172a65af32928e71f316d86ab21cd3891a29c99cc2152594d79", "2b22416fdc05a7a2be27f1c2c776232a412af0d53739bb36f2272867ff486dae", "2b84d2ee8e5e3db10522cdd4a95f6ebf4f281b5581af6efb090848a43d6b46df", "2bf5783ce8934164208cbd876a282fa87a18dc1a8c85f3880f770f64cdf48ce1", "2ee6780c728fe0d17f0e49a2fc5081701cabb6709830dc5ddd48d57ecf1da154", "327ec487335d74e4cb2274fda32584646592cb465cb9933983d567543c33bae0", "33a85f67668d59accd4fcb7ad94bec55815c3efebf26a302875a7e29947b44f9", "37377bd36d7d46bb717a42d959114231165ef80cb43aed53cfb315b9cfaee693", "384a88aa045a2bdff9d8f4c559c2339a2dc9fe09a51e4cada6ce678de99e35e5", "e612a2ccdd0315fb7490d804b0befd8835d77efc0fcbd13a28805ff58e0d9f21"], "host": "lykiwaryvuk[.]eu"}, {"hashes": ["01dfdcbc1c5a712ad5719072756748055311914c08458c9bf451affb40581212", "041dabd9edcf3c6e11e2f6dc0b5fa876e1cc9b57454df89f77850bf409da681e", "04b3192daa2bc747a2269e11be69e94ad4b46aac1a3ce833b2b35fc8ae526e53", "0d3c78ebbcbbf8f131eca632bea413e418b491edbb82cc4f5aaa0e7590573f1c", "126bfe53eb3e3d1c05c827ba28d4d14bc200dc6dfb07d42319b589e3b794f389", "1275e3cfeb6bcd1f45c4b7d8c894a8439eafde92232ef63451823093437a0788", "1418230802ed9bf38342d91015376a168bb604d47fd9dddc4e15d8c055c2d47b", "1a72c392397f85b0750f5487ed5342094353f1d87ca88711e27ab7d638b3d41d", "1bc6e1b9e060db9efb8fb508c9d14fff6ca84ae61e2dbe7a89aa44b71ca5e1ef", "1de3d63376eb25be9556b2dc07ef6d1746cc653733bc751afe0f275ad3f66883", "1ed4eb3a205a157fa0861b6f8f925b15923ee31215a16dfde29c5cba7e759877", "1f06519b71ee74ed5ab485355ec031c165dbf0cc68e2550705e9648548d3c9be", "1f5e7561abc5a3419c4770c0c1717012848a8e4a8e3d31f237af51fcf9275844", "21a919ce78c3911b87b904d9c7a91b3c21c0439b30f851e6119b3f3e0a02330e", "23fc4e653d62151714cc182e969f09dfb0b2c8e8b23ee1e8d370c937235d577b", "257456f0582a9387e104e919695dbd09479ea3d1b91535a5d185de28364d0f0c", "2a3427057a865172a65af32928e71f316d86ab21cd3891a29c99cc2152594d79", "2b22416fdc05a7a2be27f1c2c776232a412af0d53739bb36f2272867ff486dae", "2b84d2ee8e5e3db10522cdd4a95f6ebf4f281b5581af6efb090848a43d6b46df", "2bf5783ce8934164208cbd876a282fa87a18dc1a8c85f3880f770f64cdf48ce1", "2ee6780c728fe0d17f0e49a2fc5081701cabb6709830dc5ddd48d57ecf1da154", "327ec487335d74e4cb2274fda32584646592cb465cb9933983d567543c33bae0", "33a85f67668d59accd4fcb7ad94bec55815c3efebf26a302875a7e29947b44f9", "37377bd36d7d46bb717a42d959114231165ef80cb43aed53cfb315b9cfaee693", "384a88aa045a2bdff9d8f4c559c2339a2dc9fe09a51e4cada6ce678de99e35e5", "e612a2ccdd0315fb7490d804b0befd8835d77efc0fcbd13a28805ff58e0d9f21"], "host": "kezydorekuw[.]eu"}, {"hashes": ["01dfdcbc1c5a712ad5719072756748055311914c08458c9bf451affb40581212", "041dabd9edcf3c6e11e2f6dc0b5fa876e1cc9b57454df89f77850bf409da681e", "04b3192daa2bc747a2269e11be69e94ad4b46aac1a3ce833b2b35fc8ae526e53", "0d3c78ebbcbbf8f131eca632bea413e418b491edbb82cc4f5aaa0e7590573f1c", "126bfe53eb3e3d1c05c827ba28d4d14bc200dc6dfb07d42319b589e3b794f389", "1275e3cfeb6bcd1f45c4b7d8c894a8439eafde92232ef63451823093437a0788", "1418230802ed9bf38342d91015376a168bb604d47fd9dddc4e15d8c055c2d47b", "1a72c392397f85b0750f5487ed5342094353f1d87ca88711e27ab7d638b3d41d", "1bc6e1b9e060db9efb8fb508c9d14fff6ca84ae61e2dbe7a89aa44b71ca5e1ef", "1de3d63376eb25be9556b2dc07ef6d1746cc653733bc751afe0f275ad3f66883", "1ed4eb3a205a157fa0861b6f8f925b15923ee31215a16dfde29c5cba7e759877", "1f06519b71ee74ed5ab485355ec031c165dbf0cc68e2550705e9648548d3c9be", "1f5e7561abc5a3419c4770c0c1717012848a8e4a8e3d31f237af51fcf9275844", "21a919ce78c3911b87b904d9c7a91b3c21c0439b30f851e6119b3f3e0a02330e", "23fc4e653d62151714cc182e969f09dfb0b2c8e8b23ee1e8d370c937235d577b", "257456f0582a9387e104e919695dbd09479ea3d1b91535a5d185de28364d0f0c", "2a3427057a865172a65af32928e71f316d86ab21cd3891a29c99cc2152594d79", "2b22416fdc05a7a2be27f1c2c776232a412af0d53739bb36f2272867ff486dae", "2b84d2ee8e5e3db10522cdd4a95f6ebf4f281b5581af6efb090848a43d6b46df", "2bf5783ce8934164208cbd876a282fa87a18dc1a8c85f3880f770f64cdf48ce1", "2ee6780c728fe0d17f0e49a2fc5081701cabb6709830dc5ddd48d57ecf1da154", "327ec487335d74e4cb2274fda32584646592cb465cb9933983d567543c33bae0", "33a85f67668d59accd4fcb7ad94bec55815c3efebf26a302875a7e29947b44f9", "37377bd36d7d46bb717a42d959114231165ef80cb43aed53cfb315b9cfaee693", "384a88aa045a2bdff9d8f4c559c2339a2dc9fe09a51e4cada6ce678de99e35e5", "e612a2ccdd0315fb7490d804b0befd8835d77efc0fcbd13a28805ff58e0d9f21"], "host": "qexeholagav[.]eu"}, {"hashes": ["01dfdcbc1c5a712ad5719072756748055311914c08458c9bf451affb40581212", "041dabd9edcf3c6e11e2f6dc0b5fa876e1cc9b57454df89f77850bf409da681e", "04b3192daa2bc747a2269e11be69e94ad4b46aac1a3ce833b2b35fc8ae526e53", "0d3c78ebbcbbf8f131eca632bea413e418b491edbb82cc4f5aaa0e7590573f1c", "126bfe53eb3e3d1c05c827ba28d4d14bc200dc6dfb07d42319b589e3b794f389", "1275e3cfeb6bcd1f45c4b7d8c894a8439eafde92232ef63451823093437a0788", "1418230802ed9bf38342d91015376a168bb604d47fd9dddc4e15d8c055c2d47b", "1a72c392397f85b0750f5487ed5342094353f1d87ca88711e27ab7d638b3d41d", "1bc6e1b9e060db9efb8fb508c9d14fff6ca84ae61e2dbe7a89aa44b71ca5e1ef", "1de3d63376eb25be9556b2dc07ef6d1746cc653733bc751afe0f275ad3f66883", "1ed4eb3a205a157fa0861b6f8f925b15923ee31215a16dfde29c5cba7e759877", "1f06519b71ee74ed5ab485355ec031c165dbf0cc68e2550705e9648548d3c9be", "1f5e7561abc5a3419c4770c0c1717012848a8e4a8e3d31f237af51fcf9275844", "21a919ce78c3911b87b904d9c7a91b3c21c0439b30f851e6119b3f3e0a02330e", "23fc4e653d62151714cc182e969f09dfb0b2c8e8b23ee1e8d370c937235d577b", "257456f0582a9387e104e919695dbd09479ea3d1b91535a5d185de28364d0f0c", "2a3427057a865172a65af32928e71f316d86ab21cd3891a29c99cc2152594d79", "2b22416fdc05a7a2be27f1c2c776232a412af0d53739bb36f2272867ff486dae", "2b84d2ee8e5e3db10522cdd4a95f6ebf4f281b5581af6efb090848a43d6b46df", "2bf5783ce8934164208cbd876a282fa87a18dc1a8c85f3880f770f64cdf48ce1", "2ee6780c728fe0d17f0e49a2fc5081701cabb6709830dc5ddd48d57ecf1da154", "327ec487335d74e4cb2274fda32584646592cb465cb9933983d567543c33bae0", "33a85f67668d59accd4fcb7ad94bec55815c3efebf26a302875a7e29947b44f9", "37377bd36d7d46bb717a42d959114231165ef80cb43aed53cfb315b9cfaee693", "384a88aa045a2bdff9d8f4c559c2339a2dc9fe09a51e4cada6ce678de99e35e5", "e612a2ccdd0315fb7490d804b0befd8835d77efc0fcbd13a28805ff58e0d9f21"], "host": "cilicofahev[.]eu"}, {"hashes": ["01dfdcbc1c5a712ad5719072756748055311914c08458c9bf451affb40581212", "041dabd9edcf3c6e11e2f6dc0b5fa876e1cc9b57454df89f77850bf409da681e", "04b3192daa2bc747a2269e11be69e94ad4b46aac1a3ce833b2b35fc8ae526e53", "0d3c78ebbcbbf8f131eca632bea413e418b491edbb82cc4f5aaa0e7590573f1c", "126bfe53eb3e3d1c05c827ba28d4d14bc200dc6dfb07d42319b589e3b794f389", "1275e3cfeb6bcd1f45c4b7d8c894a8439eafde92232ef63451823093437a0788", "1418230802ed9bf38342d91015376a168bb604d47fd9dddc4e15d8c055c2d47b", "1a72c392397f85b0750f5487ed5342094353f1d87ca88711e27ab7d638b3d41d", "1bc6e1b9e060db9efb8fb508c9d14fff6ca84ae61e2dbe7a89aa44b71ca5e1ef", "1de3d63376eb25be9556b2dc07ef6d1746cc653733bc751afe0f275ad3f66883", "1ed4eb3a205a157fa0861b6f8f925b15923ee31215a16dfde29c5cba7e759877", "1f06519b71ee74ed5ab485355ec031c165dbf0cc68e2550705e9648548d3c9be", "1f5e7561abc5a3419c4770c0c1717012848a8e4a8e3d31f237af51fcf9275844", "21a919ce78c3911b87b904d9c7a91b3c21c0439b30f851e6119b3f3e0a02330e", "23fc4e653d62151714cc182e969f09dfb0b2c8e8b23ee1e8d370c937235d577b", "257456f0582a9387e104e919695dbd09479ea3d1b91535a5d185de28364d0f0c", "2a3427057a865172a65af32928e71f316d86ab21cd3891a29c99cc2152594d79", "2b22416fdc05a7a2be27f1c2c776232a412af0d53739bb36f2272867ff486dae", "2b84d2ee8e5e3db10522cdd4a95f6ebf4f281b5581af6efb090848a43d6b46df", "2bf5783ce8934164208cbd876a282fa87a18dc1a8c85f3880f770f64cdf48ce1", "2ee6780c728fe0d17f0e49a2fc5081701cabb6709830dc5ddd48d57ecf1da154", "327ec487335d74e4cb2274fda32584646592cb465cb9933983d567543c33bae0", "33a85f67668d59accd4fcb7ad94bec55815c3efebf26a302875a7e29947b44f9", "37377bd36d7d46bb717a42d959114231165ef80cb43aed53cfb315b9cfaee693", "384a88aa045a2bdff9d8f4c559c2339a2dc9fe09a51e4cada6ce678de99e35e5", "e612a2ccdd0315fb7490d804b0befd8835d77efc0fcbd13a28805ff58e0d9f21"], "host": "vojajofyced[.]eu"}, {"hashes": ["01dfdcbc1c5a712ad5719072756748055311914c08458c9bf451affb40581212", "041dabd9edcf3c6e11e2f6dc0b5fa876e1cc9b57454df89f77850bf409da681e", "04b3192daa2bc747a2269e11be69e94ad4b46aac1a3ce833b2b35fc8ae526e53", "0d3c78ebbcbbf8f131eca632bea413e418b491edbb82cc4f5aaa0e7590573f1c", "126bfe53eb3e3d1c05c827ba28d4d14bc200dc6dfb07d42319b589e3b794f389", "1275e3cfeb6bcd1f45c4b7d8c894a8439eafde92232ef63451823093437a0788", "1418230802ed9bf38342d91015376a168bb604d47fd9dddc4e15d8c055c2d47b", "1a72c392397f85b0750f5487ed5342094353f1d87ca88711e27ab7d638b3d41d", "1bc6e1b9e060db9efb8fb508c9d14fff6ca84ae61e2dbe7a89aa44b71ca5e1ef", "1de3d63376eb25be9556b2dc07ef6d1746cc653733bc751afe0f275ad3f66883", "1ed4eb3a205a157fa0861b6f8f925b15923ee31215a16dfde29c5cba7e759877", "1f06519b71ee74ed5ab485355ec031c165dbf0cc68e2550705e9648548d3c9be", "1f5e7561abc5a3419c4770c0c1717012848a8e4a8e3d31f237af51fcf9275844", "21a919ce78c3911b87b904d9c7a91b3c21c0439b30f851e6119b3f3e0a02330e", "23fc4e653d62151714cc182e969f09dfb0b2c8e8b23ee1e8d370c937235d577b", "257456f0582a9387e104e919695dbd09479ea3d1b91535a5d185de28364d0f0c", "2a3427057a865172a65af32928e71f316d86ab21cd3891a29c99cc2152594d79", "2b22416fdc05a7a2be27f1c2c776232a412af0d53739bb36f2272867ff486dae", "2b84d2ee8e5e3db10522cdd4a95f6ebf4f281b5581af6efb090848a43d6b46df", "2bf5783ce8934164208cbd876a282fa87a18dc1a8c85f3880f770f64cdf48ce1", "2ee6780c728fe0d17f0e49a2fc5081701cabb6709830dc5ddd48d57ecf1da154", "327ec487335d74e4cb2274fda32584646592cb465cb9933983d567543c33bae0", "33a85f67668d59accd4fcb7ad94bec55815c3efebf26a302875a7e29947b44f9", "37377bd36d7d46bb717a42d959114231165ef80cb43aed53cfb315b9cfaee693", "384a88aa045a2bdff9d8f4c559c2339a2dc9fe09a51e4cada6ce678de99e35e5", "e612a2ccdd0315fb7490d804b0befd8835d77efc0fcbd13a28805ff58e0d9f21"], "host": "dikolobeliw[.]eu"}, {"hashes": ["01dfdcbc1c5a712ad5719072756748055311914c08458c9bf451affb40581212", "041dabd9edcf3c6e11e2f6dc0b5fa876e1cc9b57454df89f77850bf409da681e", "04b3192daa2bc747a2269e11be69e94ad4b46aac1a3ce833b2b35fc8ae526e53", "0d3c78ebbcbbf8f131eca632bea413e418b491edbb82cc4f5aaa0e7590573f1c", "126bfe53eb3e3d1c05c827ba28d4d14bc200dc6dfb07d42319b589e3b794f389", "1275e3cfeb6bcd1f45c4b7d8c894a8439eafde92232ef63451823093437a0788", "1418230802ed9bf38342d91015376a168bb604d47fd9dddc4e15d8c055c2d47b", "1a72c392397f85b0750f5487ed5342094353f1d87ca88711e27ab7d638b3d41d", "1bc6e1b9e060db9efb8fb508c9d14fff6ca84ae61e2dbe7a89aa44b71ca5e1ef", "1de3d63376eb25be9556b2dc07ef6d1746cc653733bc751afe0f275ad3f66883", "1ed4eb3a205a157fa0861b6f8f925b15923ee31215a16dfde29c5cba7e759877", "1f06519b71ee74ed5ab485355ec031c165dbf0cc68e2550705e9648548d3c9be", "1f5e7561abc5a3419c4770c0c1717012848a8e4a8e3d31f237af51fcf9275844", "21a919ce78c3911b87b904d9c7a91b3c21c0439b30f851e6119b3f3e0a02330e", "23fc4e653d62151714cc182e969f09dfb0b2c8e8b23ee1e8d370c937235d577b", "257456f0582a9387e104e919695dbd09479ea3d1b91535a5d185de28364d0f0c", "2a3427057a865172a65af32928e71f316d86ab21cd3891a29c99cc2152594d79", "2b22416fdc05a7a2be27f1c2c776232a412af0d53739bb36f2272867ff486dae", "2b84d2ee8e5e3db10522cdd4a95f6ebf4f281b5581af6efb090848a43d6b46df", "2bf5783ce8934164208cbd876a282fa87a18dc1a8c85f3880f770f64cdf48ce1", "2ee6780c728fe0d17f0e49a2fc5081701cabb6709830dc5ddd48d57ecf1da154", "327ec487335d74e4cb2274fda32584646592cb465cb9933983d567543c33bae0", "33a85f67668d59accd4fcb7ad94bec55815c3efebf26a302875a7e29947b44f9", "37377bd36d7d46bb717a42d959114231165ef80cb43aed53cfb315b9cfaee693", "384a88aa045a2bdff9d8f4c559c2339a2dc9fe09a51e4cada6ce678de99e35e5", "e612a2ccdd0315fb7490d804b0befd8835d77efc0fcbd13a28805ff58e0d9f21"], "host": "fogefobunik[.]eu"}, {"hashes": ["01dfdcbc1c5a712ad5719072756748055311914c08458c9bf451affb40581212", "041dabd9edcf3c6e11e2f6dc0b5fa876e1cc9b57454df89f77850bf409da681e", "04b3192daa2bc747a2269e11be69e94ad4b46aac1a3ce833b2b35fc8ae526e53", "0d3c78ebbcbbf8f131eca632bea413e418b491edbb82cc4f5aaa0e7590573f1c", "126bfe53eb3e3d1c05c827ba28d4d14bc200dc6dfb07d42319b589e3b794f389", "1275e3cfeb6bcd1f45c4b7d8c894a8439eafde92232ef63451823093437a0788", "1418230802ed9bf38342d91015376a168bb604d47fd9dddc4e15d8c055c2d47b", "1a72c392397f85b0750f5487ed5342094353f1d87ca88711e27ab7d638b3d41d", "1bc6e1b9e060db9efb8fb508c9d14fff6ca84ae61e2dbe7a89aa44b71ca5e1ef", "1de3d63376eb25be9556b2dc07ef6d1746cc653733bc751afe0f275ad3f66883", "1ed4eb3a205a157fa0861b6f8f925b15923ee31215a16dfde29c5cba7e759877", "1f06519b71ee74ed5ab485355ec031c165dbf0cc68e2550705e9648548d3c9be", "1f5e7561abc5a3419c4770c0c1717012848a8e4a8e3d31f237af51fcf9275844", "21a919ce78c3911b87b904d9c7a91b3c21c0439b30f851e6119b3f3e0a02330e", "23fc4e653d62151714cc182e969f09dfb0b2c8e8b23ee1e8d370c937235d577b", "257456f0582a9387e104e919695dbd09479ea3d1b91535a5d185de28364d0f0c", "2a3427057a865172a65af32928e71f316d86ab21cd3891a29c99cc2152594d79", "2b22416fdc05a7a2be27f1c2c776232a412af0d53739bb36f2272867ff486dae", "2b84d2ee8e5e3db10522cdd4a95f6ebf4f281b5581af6efb090848a43d6b46df", "2bf5783ce8934164208cbd876a282fa87a18dc1a8c85f3880f770f64cdf48ce1", "2ee6780c728fe0d17f0e49a2fc5081701cabb6709830dc5ddd48d57ecf1da154", "327ec487335d74e4cb2274fda32584646592cb465cb9933983d567543c33bae0", "33a85f67668d59accd4fcb7ad94bec55815c3efebf26a302875a7e29947b44f9", "37377bd36d7d46bb717a42d959114231165ef80cb43aed53cfb315b9cfaee693", "384a88aa045a2bdff9d8f4c559c2339a2dc9fe09a51e4cada6ce678de99e35e5", "e612a2ccdd0315fb7490d804b0befd8835d77efc0fcbd13a28805ff58e0d9f21"], "host": "gadurabotiw[.]eu"}, {"hashes": ["01dfdcbc1c5a712ad5719072756748055311914c08458c9bf451affb40581212", "041dabd9edcf3c6e11e2f6dc0b5fa876e1cc9b57454df89f77850bf409da681e", "04b3192daa2bc747a2269e11be69e94ad4b46aac1a3ce833b2b35fc8ae526e53", "0d3c78ebbcbbf8f131eca632bea413e418b491edbb82cc4f5aaa0e7590573f1c", "126bfe53eb3e3d1c05c827ba28d4d14bc200dc6dfb07d42319b589e3b794f389", "1275e3cfeb6bcd1f45c4b7d8c894a8439eafde92232ef63451823093437a0788", "1418230802ed9bf38342d91015376a168bb604d47fd9dddc4e15d8c055c2d47b", "1a72c392397f85b0750f5487ed5342094353f1d87ca88711e27ab7d638b3d41d", "1bc6e1b9e060db9efb8fb508c9d14fff6ca84ae61e2dbe7a89aa44b71ca5e1ef", "1de3d63376eb25be9556b2dc07ef6d1746cc653733bc751afe0f275ad3f66883", "1ed4eb3a205a157fa0861b6f8f925b15923ee31215a16dfde29c5cba7e759877", "1f06519b71ee74ed5ab485355ec031c165dbf0cc68e2550705e9648548d3c9be", "1f5e7561abc5a3419c4770c0c1717012848a8e4a8e3d31f237af51fcf9275844", "21a919ce78c3911b87b904d9c7a91b3c21c0439b30f851e6119b3f3e0a02330e", "23fc4e653d62151714cc182e969f09dfb0b2c8e8b23ee1e8d370c937235d577b", "257456f0582a9387e104e919695dbd09479ea3d1b91535a5d185de28364d0f0c", "2a3427057a865172a65af32928e71f316d86ab21cd3891a29c99cc2152594d79", "2b22416fdc05a7a2be27f1c2c776232a412af0d53739bb36f2272867ff486dae", "2b84d2ee8e5e3db10522cdd4a95f6ebf4f281b5581af6efb090848a43d6b46df", "2bf5783ce8934164208cbd876a282fa87a18dc1a8c85f3880f770f64cdf48ce1", "2ee6780c728fe0d17f0e49a2fc5081701cabb6709830dc5ddd48d57ecf1da154", "327ec487335d74e4cb2274fda32584646592cb465cb9933983d567543c33bae0", "33a85f67668d59accd4fcb7ad94bec55815c3efebf26a302875a7e29947b44f9", "37377bd36d7d46bb717a42d959114231165ef80cb43aed53cfb315b9cfaee693", "384a88aa045a2bdff9d8f4c559c2339a2dc9fe09a51e4cada6ce678de99e35e5", "e612a2ccdd0315fb7490d804b0befd8835d77efc0fcbd13a28805ff58e0d9f21"], "host": "nofypafiqev[.]eu"}, {"hashes": ["01dfdcbc1c5a712ad5719072756748055311914c08458c9bf451affb40581212", "041dabd9edcf3c6e11e2f6dc0b5fa876e1cc9b57454df89f77850bf409da681e", "04b3192daa2bc747a2269e11be69e94ad4b46aac1a3ce833b2b35fc8ae526e53", "0d3c78ebbcbbf8f131eca632bea413e418b491edbb82cc4f5aaa0e7590573f1c", "126bfe53eb3e3d1c05c827ba28d4d14bc200dc6dfb07d42319b589e3b794f389", "1275e3cfeb6bcd1f45c4b7d8c894a8439eafde92232ef63451823093437a0788", "1418230802ed9bf38342d91015376a168bb604d47fd9dddc4e15d8c055c2d47b", "1a72c392397f85b0750f5487ed5342094353f1d87ca88711e27ab7d638b3d41d", "1bc6e1b9e060db9efb8fb508c9d14fff6ca84ae61e2dbe7a89aa44b71ca5e1ef", "1de3d63376eb25be9556b2dc07ef6d1746cc653733bc751afe0f275ad3f66883", "1ed4eb3a205a157fa0861b6f8f925b15923ee31215a16dfde29c5cba7e759877", "1f06519b71ee74ed5ab485355ec031c165dbf0cc68e2550705e9648548d3c9be", "1f5e7561abc5a3419c4770c0c1717012848a8e4a8e3d31f237af51fcf9275844", "21a919ce78c3911b87b904d9c7a91b3c21c0439b30f851e6119b3f3e0a02330e", "23fc4e653d62151714cc182e969f09dfb0b2c8e8b23ee1e8d370c937235d577b", "257456f0582a9387e104e919695dbd09479ea3d1b91535a5d185de28364d0f0c", "2a3427057a865172a65af32928e71f316d86ab21cd3891a29c99cc2152594d79", "2b22416fdc05a7a2be27f1c2c776232a412af0d53739bb36f2272867ff486dae", "2b84d2ee8e5e3db10522cdd4a95f6ebf4f281b5581af6efb090848a43d6b46df", "2bf5783ce8934164208cbd876a282fa87a18dc1a8c85f3880f770f64cdf48ce1", "2ee6780c728fe0d17f0e49a2fc5081701cabb6709830dc5ddd48d57ecf1da154", "327ec487335d74e4cb2274fda32584646592cb465cb9933983d567543c33bae0", "33a85f67668d59accd4fcb7ad94bec55815c3efebf26a302875a7e29947b44f9", "37377bd36d7d46bb717a42d959114231165ef80cb43aed53cfb315b9cfaee693", "384a88aa045a2bdff9d8f4c559c2339a2dc9fe09a51e4cada6ce678de99e35e5", "e612a2ccdd0315fb7490d804b0befd8835d77efc0fcbd13a28805ff58e0d9f21"], "host": "jepobanagij[.]eu"}, {"hashes": ["01dfdcbc1c5a712ad5719072756748055311914c08458c9bf451affb40581212", "041dabd9edcf3c6e11e2f6dc0b5fa876e1cc9b57454df89f77850bf409da681e", "04b3192daa2bc747a2269e11be69e94ad4b46aac1a3ce833b2b35fc8ae526e53", "0d3c78ebbcbbf8f131eca632bea413e418b491edbb82cc4f5aaa0e7590573f1c", "126bfe53eb3e3d1c05c827ba28d4d14bc200dc6dfb07d42319b589e3b794f389", "1275e3cfeb6bcd1f45c4b7d8c894a8439eafde92232ef63451823093437a0788", "1418230802ed9bf38342d91015376a168bb604d47fd9dddc4e15d8c055c2d47b", "1a72c392397f85b0750f5487ed5342094353f1d87ca88711e27ab7d638b3d41d", "1bc6e1b9e060db9efb8fb508c9d14fff6ca84ae61e2dbe7a89aa44b71ca5e1ef", "1de3d63376eb25be9556b2dc07ef6d1746cc653733bc751afe0f275ad3f66883", "1ed4eb3a205a157fa0861b6f8f925b15923ee31215a16dfde29c5cba7e759877", "1f06519b71ee74ed5ab485355ec031c165dbf0cc68e2550705e9648548d3c9be", "1f5e7561abc5a3419c4770c0c1717012848a8e4a8e3d31f237af51fcf9275844", "21a919ce78c3911b87b904d9c7a91b3c21c0439b30f851e6119b3f3e0a02330e", "23fc4e653d62151714cc182e969f09dfb0b2c8e8b23ee1e8d370c937235d577b", "257456f0582a9387e104e919695dbd09479ea3d1b91535a5d185de28364d0f0c", "2a3427057a865172a65af32928e71f316d86ab21cd3891a29c99cc2152594d79", "2b22416fdc05a7a2be27f1c2c776232a412af0d53739bb36f2272867ff486dae", "2b84d2ee8e5e3db10522cdd4a95f6ebf4f281b5581af6efb090848a43d6b46df", "2bf5783ce8934164208cbd876a282fa87a18dc1a8c85f3880f770f64cdf48ce1", "2ee6780c728fe0d17f0e49a2fc5081701cabb6709830dc5ddd48d57ecf1da154", "327ec487335d74e4cb2274fda32584646592cb465cb9933983d567543c33bae0", "33a85f67668d59accd4fcb7ad94bec55815c3efebf26a302875a7e29947b44f9", "37377bd36d7d46bb717a42d959114231165ef80cb43aed53cfb315b9cfaee693", "384a88aa045a2bdff9d8f4c559c2339a2dc9fe09a51e4cada6ce678de99e35e5", "e612a2ccdd0315fb7490d804b0befd8835d77efc0fcbd13a28805ff58e0d9f21"], "host": "masimafoded[.]eu"}, {"hashes": ["01dfdcbc1c5a712ad5719072756748055311914c08458c9bf451affb40581212", "041dabd9edcf3c6e11e2f6dc0b5fa876e1cc9b57454df89f77850bf409da681e", "04b3192daa2bc747a2269e11be69e94ad4b46aac1a3ce833b2b35fc8ae526e53", "0d3c78ebbcbbf8f131eca632bea413e418b491edbb82cc4f5aaa0e7590573f1c", "126bfe53eb3e3d1c05c827ba28d4d14bc200dc6dfb07d42319b589e3b794f389", "1275e3cfeb6bcd1f45c4b7d8c894a8439eafde92232ef63451823093437a0788", "1418230802ed9bf38342d91015376a168bb604d47fd9dddc4e15d8c055c2d47b", "1a72c392397f85b0750f5487ed5342094353f1d87ca88711e27ab7d638b3d41d", "1bc6e1b9e060db9efb8fb508c9d14fff6ca84ae61e2dbe7a89aa44b71ca5e1ef", "1de3d63376eb25be9556b2dc07ef6d1746cc653733bc751afe0f275ad3f66883", "1ed4eb3a205a157fa0861b6f8f925b15923ee31215a16dfde29c5cba7e759877", "1f06519b71ee74ed5ab485355ec031c165dbf0cc68e2550705e9648548d3c9be", "1f5e7561abc5a3419c4770c0c1717012848a8e4a8e3d31f237af51fcf9275844", "21a919ce78c3911b87b904d9c7a91b3c21c0439b30f851e6119b3f3e0a02330e", "23fc4e653d62151714cc182e969f09dfb0b2c8e8b23ee1e8d370c937235d577b", "257456f0582a9387e104e919695dbd09479ea3d1b91535a5d185de28364d0f0c", "2a3427057a865172a65af32928e71f316d86ab21cd3891a29c99cc2152594d79", "2b22416fdc05a7a2be27f1c2c776232a412af0d53739bb36f2272867ff486dae", "2b84d2ee8e5e3db10522cdd4a95f6ebf4f281b5581af6efb090848a43d6b46df", "2bf5783ce8934164208cbd876a282fa87a18dc1a8c85f3880f770f64cdf48ce1", "2ee6780c728fe0d17f0e49a2fc5081701cabb6709830dc5ddd48d57ecf1da154", "327ec487335d74e4cb2274fda32584646592cb465cb9933983d567543c33bae0", "33a85f67668d59accd4fcb7ad94bec55815c3efebf26a302875a7e29947b44f9", "37377bd36d7d46bb717a42d959114231165ef80cb43aed53cfb315b9cfaee693", "384a88aa045a2bdff9d8f4c559c2339a2dc9fe09a51e4cada6ce678de99e35e5", "e612a2ccdd0315fb7490d804b0befd8835d77efc0fcbd13a28805ff58e0d9f21"], "host": "ryqehegubes[.]eu"}, {"hashes": ["01dfdcbc1c5a712ad5719072756748055311914c08458c9bf451affb40581212", "041dabd9edcf3c6e11e2f6dc0b5fa876e1cc9b57454df89f77850bf409da681e", "04b3192daa2bc747a2269e11be69e94ad4b46aac1a3ce833b2b35fc8ae526e53", "0d3c78ebbcbbf8f131eca632bea413e418b491edbb82cc4f5aaa0e7590573f1c", "126bfe53eb3e3d1c05c827ba28d4d14bc200dc6dfb07d42319b589e3b794f389", "1275e3cfeb6bcd1f45c4b7d8c894a8439eafde92232ef63451823093437a0788", "1418230802ed9bf38342d91015376a168bb604d47fd9dddc4e15d8c055c2d47b", "1a72c392397f85b0750f5487ed5342094353f1d87ca88711e27ab7d638b3d41d", "1bc6e1b9e060db9efb8fb508c9d14fff6ca84ae61e2dbe7a89aa44b71ca5e1ef", "1de3d63376eb25be9556b2dc07ef6d1746cc653733bc751afe0f275ad3f66883", "1ed4eb3a205a157fa0861b6f8f925b15923ee31215a16dfde29c5cba7e759877", "1f06519b71ee74ed5ab485355ec031c165dbf0cc68e2550705e9648548d3c9be", "1f5e7561abc5a3419c4770c0c1717012848a8e4a8e3d31f237af51fcf9275844", "21a919ce78c3911b87b904d9c7a91b3c21c0439b30f851e6119b3f3e0a02330e", "23fc4e653d62151714cc182e969f09dfb0b2c8e8b23ee1e8d370c937235d577b", "257456f0582a9387e104e919695dbd09479ea3d1b91535a5d185de28364d0f0c", "2a3427057a865172a65af32928e71f316d86ab21cd3891a29c99cc2152594d79", "2b22416fdc05a7a2be27f1c2c776232a412af0d53739bb36f2272867ff486dae", "2b84d2ee8e5e3db10522cdd4a95f6ebf4f281b5581af6efb090848a43d6b46df", "2bf5783ce8934164208cbd876a282fa87a18dc1a8c85f3880f770f64cdf48ce1", "2ee6780c728fe0d17f0e49a2fc5081701cabb6709830dc5ddd48d57ecf1da154", "327ec487335d74e4cb2274fda32584646592cb465cb9933983d567543c33bae0", "33a85f67668d59accd4fcb7ad94bec55815c3efebf26a302875a7e29947b44f9", "37377bd36d7d46bb717a42d959114231165ef80cb43aed53cfb315b9cfaee693", "384a88aa045a2bdff9d8f4c559c2339a2dc9fe09a51e4cada6ce678de99e35e5", "e612a2ccdd0315fb7490d804b0befd8835d77efc0fcbd13a28805ff58e0d9f21"], "host": "qetoxagekec[.]eu"}, {"hashes": ["01dfdcbc1c5a712ad5719072756748055311914c08458c9bf451affb40581212", "041dabd9edcf3c6e11e2f6dc0b5fa876e1cc9b57454df89f77850bf409da681e", "04b3192daa2bc747a2269e11be69e94ad4b46aac1a3ce833b2b35fc8ae526e53", "0d3c78ebbcbbf8f131eca632bea413e418b491edbb82cc4f5aaa0e7590573f1c", "126bfe53eb3e3d1c05c827ba28d4d14bc200dc6dfb07d42319b589e3b794f389", "1275e3cfeb6bcd1f45c4b7d8c894a8439eafde92232ef63451823093437a0788", "1418230802ed9bf38342d91015376a168bb604d47fd9dddc4e15d8c055c2d47b", "1a72c392397f85b0750f5487ed5342094353f1d87ca88711e27ab7d638b3d41d", "1bc6e1b9e060db9efb8fb508c9d14fff6ca84ae61e2dbe7a89aa44b71ca5e1ef", "1de3d63376eb25be9556b2dc07ef6d1746cc653733bc751afe0f275ad3f66883", "1ed4eb3a205a157fa0861b6f8f925b15923ee31215a16dfde29c5cba7e759877", "1f06519b71ee74ed5ab485355ec031c165dbf0cc68e2550705e9648548d3c9be", "1f5e7561abc5a3419c4770c0c1717012848a8e4a8e3d31f237af51fcf9275844", "21a919ce78c3911b87b904d9c7a91b3c21c0439b30f851e6119b3f3e0a02330e", "23fc4e653d62151714cc182e969f09dfb0b2c8e8b23ee1e8d370c937235d577b", "257456f0582a9387e104e919695dbd09479ea3d1b91535a5d185de28364d0f0c", "2a3427057a865172a65af32928e71f316d86ab21cd3891a29c99cc2152594d79", "2b22416fdc05a7a2be27f1c2c776232a412af0d53739bb36f2272867ff486dae", "2b84d2ee8e5e3db10522cdd4a95f6ebf4f281b5581af6efb090848a43d6b46df", "2bf5783ce8934164208cbd876a282fa87a18dc1a8c85f3880f770f64cdf48ce1", "2ee6780c728fe0d17f0e49a2fc5081701cabb6709830dc5ddd48d57ecf1da154", "327ec487335d74e4cb2274fda32584646592cb465cb9933983d567543c33bae0", "33a85f67668d59accd4fcb7ad94bec55815c3efebf26a302875a7e29947b44f9", "37377bd36d7d46bb717a42d959114231165ef80cb43aed53cfb315b9cfaee693", "384a88aa045a2bdff9d8f4c559c2339a2dc9fe09a51e4cada6ce678de99e35e5", "e612a2ccdd0315fb7490d804b0befd8835d77efc0fcbd13a28805ff58e0d9f21"], "host": "keralanyxiq[.]eu"}, {"hashes": ["01dfdcbc1c5a712ad5719072756748055311914c08458c9bf451affb40581212", "041dabd9edcf3c6e11e2f6dc0b5fa876e1cc9b57454df89f77850bf409da681e", "04b3192daa2bc747a2269e11be69e94ad4b46aac1a3ce833b2b35fc8ae526e53", "0d3c78ebbcbbf8f131eca632bea413e418b491edbb82cc4f5aaa0e7590573f1c", "126bfe53eb3e3d1c05c827ba28d4d14bc200dc6dfb07d42319b589e3b794f389", "1275e3cfeb6bcd1f45c4b7d8c894a8439eafde92232ef63451823093437a0788", "1418230802ed9bf38342d91015376a168bb604d47fd9dddc4e15d8c055c2d47b", "1a72c392397f85b0750f5487ed5342094353f1d87ca88711e27ab7d638b3d41d", "1bc6e1b9e060db9efb8fb508c9d14fff6ca84ae61e2dbe7a89aa44b71ca5e1ef", "1de3d63376eb25be9556b2dc07ef6d1746cc653733bc751afe0f275ad3f66883", "1ed4eb3a205a157fa0861b6f8f925b15923ee31215a16dfde29c5cba7e759877", "1f06519b71ee74ed5ab485355ec031c165dbf0cc68e2550705e9648548d3c9be", "1f5e7561abc5a3419c4770c0c1717012848a8e4a8e3d31f237af51fcf9275844", "21a919ce78c3911b87b904d9c7a91b3c21c0439b30f851e6119b3f3e0a02330e", "23fc4e653d62151714cc182e969f09dfb0b2c8e8b23ee1e8d370c937235d577b", "257456f0582a9387e104e919695dbd09479ea3d1b91535a5d185de28364d0f0c", "2a3427057a865172a65af32928e71f316d86ab21cd3891a29c99cc2152594d79", "2b22416fdc05a7a2be27f1c2c776232a412af0d53739bb36f2272867ff486dae", "2b84d2ee8e5e3db10522cdd4a95f6ebf4f281b5581af6efb090848a43d6b46df", "2bf5783ce8934164208cbd876a282fa87a18dc1a8c85f3880f770f64cdf48ce1", "2ee6780c728fe0d17f0e49a2fc5081701cabb6709830dc5ddd48d57ecf1da154", "327ec487335d74e4cb2274fda32584646592cb465cb9933983d567543c33bae0", "33a85f67668d59accd4fcb7ad94bec55815c3efebf26a302875a7e29947b44f9", "37377bd36d7d46bb717a42d959114231165ef80cb43aed53cfb315b9cfaee693", "384a88aa045a2bdff9d8f4c559c2339a2dc9fe09a51e4cada6ce678de99e35e5", "e612a2ccdd0315fb7490d804b0befd8835d77efc0fcbd13a28805ff58e0d9f21"], "host": "lymyfenumij[.]eu"}, {"hashes": ["01dfdcbc1c5a712ad5719072756748055311914c08458c9bf451affb40581212", "041dabd9edcf3c6e11e2f6dc0b5fa876e1cc9b57454df89f77850bf409da681e", "04b3192daa2bc747a2269e11be69e94ad4b46aac1a3ce833b2b35fc8ae526e53", "0d3c78ebbcbbf8f131eca632bea413e418b491edbb82cc4f5aaa0e7590573f1c", "126bfe53eb3e3d1c05c827ba28d4d14bc200dc6dfb07d42319b589e3b794f389", "1275e3cfeb6bcd1f45c4b7d8c894a8439eafde92232ef63451823093437a0788", "1418230802ed9bf38342d91015376a168bb604d47fd9dddc4e15d8c055c2d47b", "1a72c392397f85b0750f5487ed5342094353f1d87ca88711e27ab7d638b3d41d", "1bc6e1b9e060db9efb8fb508c9d14fff6ca84ae61e2dbe7a89aa44b71ca5e1ef", "1de3d63376eb25be9556b2dc07ef6d1746cc653733bc751afe0f275ad3f66883", "1ed4eb3a205a157fa0861b6f8f925b15923ee31215a16dfde29c5cba7e759877", "1f06519b71ee74ed5ab485355ec031c165dbf0cc68e2550705e9648548d3c9be", "1f5e7561abc5a3419c4770c0c1717012848a8e4a8e3d31f237af51fcf9275844", "21a919ce78c3911b87b904d9c7a91b3c21c0439b30f851e6119b3f3e0a02330e", "23fc4e653d62151714cc182e969f09dfb0b2c8e8b23ee1e8d370c937235d577b", "257456f0582a9387e104e919695dbd09479ea3d1b91535a5d185de28364d0f0c", "2a3427057a865172a65af32928e71f316d86ab21cd3891a29c99cc2152594d79", "2b22416fdc05a7a2be27f1c2c776232a412af0d53739bb36f2272867ff486dae", "2b84d2ee8e5e3db10522cdd4a95f6ebf4f281b5581af6efb090848a43d6b46df", "2bf5783ce8934164208cbd876a282fa87a18dc1a8c85f3880f770f64cdf48ce1", "2ee6780c728fe0d17f0e49a2fc5081701cabb6709830dc5ddd48d57ecf1da154", "327ec487335d74e4cb2274fda32584646592cb465cb9933983d567543c33bae0", "33a85f67668d59accd4fcb7ad94bec55815c3efebf26a302875a7e29947b44f9", "37377bd36d7d46bb717a42d959114231165ef80cb43aed53cfb315b9cfaee693", "384a88aa045a2bdff9d8f4c559c2339a2dc9fe09a51e4cada6ce678de99e35e5", "e612a2ccdd0315fb7490d804b0befd8835d77efc0fcbd13a28805ff58e0d9f21"], "host": "xubirenosiq[.]eu"}, {"hashes": ["01dfdcbc1c5a712ad5719072756748055311914c08458c9bf451affb40581212", "041dabd9edcf3c6e11e2f6dc0b5fa876e1cc9b57454df89f77850bf409da681e", "04b3192daa2bc747a2269e11be69e94ad4b46aac1a3ce833b2b35fc8ae526e53", "0d3c78ebbcbbf8f131eca632bea413e418b491edbb82cc4f5aaa0e7590573f1c", "126bfe53eb3e3d1c05c827ba28d4d14bc200dc6dfb07d42319b589e3b794f389", "1275e3cfeb6bcd1f45c4b7d8c894a8439eafde92232ef63451823093437a0788", "1418230802ed9bf38342d91015376a168bb604d47fd9dddc4e15d8c055c2d47b", "1a72c392397f85b0750f5487ed5342094353f1d87ca88711e27ab7d638b3d41d", "1bc6e1b9e060db9efb8fb508c9d14fff6ca84ae61e2dbe7a89aa44b71ca5e1ef", "1de3d63376eb25be9556b2dc07ef6d1746cc653733bc751afe0f275ad3f66883", "1ed4eb3a205a157fa0861b6f8f925b15923ee31215a16dfde29c5cba7e759877", "1f06519b71ee74ed5ab485355ec031c165dbf0cc68e2550705e9648548d3c9be", "1f5e7561abc5a3419c4770c0c1717012848a8e4a8e3d31f237af51fcf9275844", "21a919ce78c3911b87b904d9c7a91b3c21c0439b30f851e6119b3f3e0a02330e", "23fc4e653d62151714cc182e969f09dfb0b2c8e8b23ee1e8d370c937235d577b", "257456f0582a9387e104e919695dbd09479ea3d1b91535a5d185de28364d0f0c", "2a3427057a865172a65af32928e71f316d86ab21cd3891a29c99cc2152594d79", "2b22416fdc05a7a2be27f1c2c776232a412af0d53739bb36f2272867ff486dae", "2b84d2ee8e5e3db10522cdd4a95f6ebf4f281b5581af6efb090848a43d6b46df", "2bf5783ce8934164208cbd876a282fa87a18dc1a8c85f3880f770f64cdf48ce1", "2ee6780c728fe0d17f0e49a2fc5081701cabb6709830dc5ddd48d57ecf1da154", "327ec487335d74e4cb2274fda32584646592cb465cb9933983d567543c33bae0", "33a85f67668d59accd4fcb7ad94bec55815c3efebf26a302875a7e29947b44f9", "37377bd36d7d46bb717a42d959114231165ef80cb43aed53cfb315b9cfaee693", "384a88aa045a2bdff9d8f4c559c2339a2dc9fe09a51e4cada6ce678de99e35e5", "e612a2ccdd0315fb7490d804b0befd8835d77efc0fcbd13a28805ff58e0d9f21"], "host": "tunupegirec[.]eu"}, {"hashes": ["01dfdcbc1c5a712ad5719072756748055311914c08458c9bf451affb40581212", "041dabd9edcf3c6e11e2f6dc0b5fa876e1cc9b57454df89f77850bf409da681e", "04b3192daa2bc747a2269e11be69e94ad4b46aac1a3ce833b2b35fc8ae526e53", "0d3c78ebbcbbf8f131eca632bea413e418b491edbb82cc4f5aaa0e7590573f1c", "126bfe53eb3e3d1c05c827ba28d4d14bc200dc6dfb07d42319b589e3b794f389", "1275e3cfeb6bcd1f45c4b7d8c894a8439eafde92232ef63451823093437a0788", "1418230802ed9bf38342d91015376a168bb604d47fd9dddc4e15d8c055c2d47b", "1a72c392397f85b0750f5487ed5342094353f1d87ca88711e27ab7d638b3d41d", "1bc6e1b9e060db9efb8fb508c9d14fff6ca84ae61e2dbe7a89aa44b71ca5e1ef", "1de3d63376eb25be9556b2dc07ef6d1746cc653733bc751afe0f275ad3f66883", "1ed4eb3a205a157fa0861b6f8f925b15923ee31215a16dfde29c5cba7e759877", "1f06519b71ee74ed5ab485355ec031c165dbf0cc68e2550705e9648548d3c9be", "1f5e7561abc5a3419c4770c0c1717012848a8e4a8e3d31f237af51fcf9275844", "21a919ce78c3911b87b904d9c7a91b3c21c0439b30f851e6119b3f3e0a02330e", "23fc4e653d62151714cc182e969f09dfb0b2c8e8b23ee1e8d370c937235d577b", "257456f0582a9387e104e919695dbd09479ea3d1b91535a5d185de28364d0f0c", "2a3427057a865172a65af32928e71f316d86ab21cd3891a29c99cc2152594d79", "2b22416fdc05a7a2be27f1c2c776232a412af0d53739bb36f2272867ff486dae", "2b84d2ee8e5e3db10522cdd4a95f6ebf4f281b5581af6efb090848a43d6b46df", "2bf5783ce8934164208cbd876a282fa87a18dc1a8c85f3880f770f64cdf48ce1", "2ee6780c728fe0d17f0e49a2fc5081701cabb6709830dc5ddd48d57ecf1da154", "327ec487335d74e4cb2274fda32584646592cb465cb9933983d567543c33bae0", "33a85f67668d59accd4fcb7ad94bec55815c3efebf26a302875a7e29947b44f9", "37377bd36d7d46bb717a42d959114231165ef80cb43aed53cfb315b9cfaee693", "384a88aa045a2bdff9d8f4c559c2339a2dc9fe09a51e4cada6ce678de99e35e5", "e612a2ccdd0315fb7490d804b0befd8835d77efc0fcbd13a28805ff58e0d9f21"], "host": "puvomegagep[.]eu"}, {"hashes": ["01dfdcbc1c5a712ad5719072756748055311914c08458c9bf451affb40581212", "041dabd9edcf3c6e11e2f6dc0b5fa876e1cc9b57454df89f77850bf409da681e", "04b3192daa2bc747a2269e11be69e94ad4b46aac1a3ce833b2b35fc8ae526e53", "0d3c78ebbcbbf8f131eca632bea413e418b491edbb82cc4f5aaa0e7590573f1c", "126bfe53eb3e3d1c05c827ba28d4d14bc200dc6dfb07d42319b589e3b794f389", "1275e3cfeb6bcd1f45c4b7d8c894a8439eafde92232ef63451823093437a0788", "1418230802ed9bf38342d91015376a168bb604d47fd9dddc4e15d8c055c2d47b", "1a72c392397f85b0750f5487ed5342094353f1d87ca88711e27ab7d638b3d41d", "1bc6e1b9e060db9efb8fb508c9d14fff6ca84ae61e2dbe7a89aa44b71ca5e1ef", "1de3d63376eb25be9556b2dc07ef6d1746cc653733bc751afe0f275ad3f66883", "1ed4eb3a205a157fa0861b6f8f925b15923ee31215a16dfde29c5cba7e759877", "1f06519b71ee74ed5ab485355ec031c165dbf0cc68e2550705e9648548d3c9be", "1f5e7561abc5a3419c4770c0c1717012848a8e4a8e3d31f237af51fcf9275844", "21a919ce78c3911b87b904d9c7a91b3c21c0439b30f851e6119b3f3e0a02330e", "23fc4e653d62151714cc182e969f09dfb0b2c8e8b23ee1e8d370c937235d577b", "257456f0582a9387e104e919695dbd09479ea3d1b91535a5d185de28364d0f0c", "2a3427057a865172a65af32928e71f316d86ab21cd3891a29c99cc2152594d79", "2b22416fdc05a7a2be27f1c2c776232a412af0d53739bb36f2272867ff486dae", "2b84d2ee8e5e3db10522cdd4a95f6ebf4f281b5581af6efb090848a43d6b46df", "2bf5783ce8934164208cbd876a282fa87a18dc1a8c85f3880f770f64cdf48ce1", "2ee6780c728fe0d17f0e49a2fc5081701cabb6709830dc5ddd48d57ecf1da154", "327ec487335d74e4cb2274fda32584646592cb465cb9933983d567543c33bae0", "33a85f67668d59accd4fcb7ad94bec55815c3efebf26a302875a7e29947b44f9", "37377bd36d7d46bb717a42d959114231165ef80cb43aed53cfb315b9cfaee693", "384a88aa045a2bdff9d8f4c559c2339a2dc9fe09a51e4cada6ce678de99e35e5", "e612a2ccdd0315fb7490d804b0befd8835d77efc0fcbd13a28805ff58e0d9f21"], "host": "cicavemejih[.]eu"}, {"hashes": ["01dfdcbc1c5a712ad5719072756748055311914c08458c9bf451affb40581212", "041dabd9edcf3c6e11e2f6dc0b5fa876e1cc9b57454df89f77850bf409da681e", "04b3192daa2bc747a2269e11be69e94ad4b46aac1a3ce833b2b35fc8ae526e53", "0d3c78ebbcbbf8f131eca632bea413e418b491edbb82cc4f5aaa0e7590573f1c", "126bfe53eb3e3d1c05c827ba28d4d14bc200dc6dfb07d42319b589e3b794f389", "1275e3cfeb6bcd1f45c4b7d8c894a8439eafde92232ef63451823093437a0788", "1418230802ed9bf38342d91015376a168bb604d47fd9dddc4e15d8c055c2d47b", "1a72c392397f85b0750f5487ed5342094353f1d87ca88711e27ab7d638b3d41d", "1bc6e1b9e060db9efb8fb508c9d14fff6ca84ae61e2dbe7a89aa44b71ca5e1ef", "1de3d63376eb25be9556b2dc07ef6d1746cc653733bc751afe0f275ad3f66883", "1ed4eb3a205a157fa0861b6f8f925b15923ee31215a16dfde29c5cba7e759877", "1f06519b71ee74ed5ab485355ec031c165dbf0cc68e2550705e9648548d3c9be", "1f5e7561abc5a3419c4770c0c1717012848a8e4a8e3d31f237af51fcf9275844", "21a919ce78c3911b87b904d9c7a91b3c21c0439b30f851e6119b3f3e0a02330e", "23fc4e653d62151714cc182e969f09dfb0b2c8e8b23ee1e8d370c937235d577b", "257456f0582a9387e104e919695dbd09479ea3d1b91535a5d185de28364d0f0c", "2a3427057a865172a65af32928e71f316d86ab21cd3891a29c99cc2152594d79", "2b22416fdc05a7a2be27f1c2c776232a412af0d53739bb36f2272867ff486dae", "2b84d2ee8e5e3db10522cdd4a95f6ebf4f281b5581af6efb090848a43d6b46df", "2bf5783ce8934164208cbd876a282fa87a18dc1a8c85f3880f770f64cdf48ce1", "2ee6780c728fe0d17f0e49a2fc5081701cabb6709830dc5ddd48d57ecf1da154", "327ec487335d74e4cb2274fda32584646592cb465cb9933983d567543c33bae0", "33a85f67668d59accd4fcb7ad94bec55815c3efebf26a302875a7e29947b44f9", "37377bd36d7d46bb717a42d959114231165ef80cb43aed53cfb315b9cfaee693", "384a88aa045a2bdff9d8f4c559c2339a2dc9fe09a51e4cada6ce678de99e35e5", "e612a2ccdd0315fb7490d804b0befd8835d77efc0fcbd13a28805ff58e0d9f21"], "host": "dixexehyzex[.]eu"}, {"hashes": ["01dfdcbc1c5a712ad5719072756748055311914c08458c9bf451affb40581212", "041dabd9edcf3c6e11e2f6dc0b5fa876e1cc9b57454df89f77850bf409da681e", "04b3192daa2bc747a2269e11be69e94ad4b46aac1a3ce833b2b35fc8ae526e53", "0d3c78ebbcbbf8f131eca632bea413e418b491edbb82cc4f5aaa0e7590573f1c", "126bfe53eb3e3d1c05c827ba28d4d14bc200dc6dfb07d42319b589e3b794f389", "1275e3cfeb6bcd1f45c4b7d8c894a8439eafde92232ef63451823093437a0788", "1418230802ed9bf38342d91015376a168bb604d47fd9dddc4e15d8c055c2d47b", "1a72c392397f85b0750f5487ed5342094353f1d87ca88711e27ab7d638b3d41d", "1bc6e1b9e060db9efb8fb508c9d14fff6ca84ae61e2dbe7a89aa44b71ca5e1ef", "1de3d63376eb25be9556b2dc07ef6d1746cc653733bc751afe0f275ad3f66883", "1ed4eb3a205a157fa0861b6f8f925b15923ee31215a16dfde29c5cba7e759877", "1f06519b71ee74ed5ab485355ec031c165dbf0cc68e2550705e9648548d3c9be", "1f5e7561abc5a3419c4770c0c1717012848a8e4a8e3d31f237af51fcf9275844", "21a919ce78c3911b87b904d9c7a91b3c21c0439b30f851e6119b3f3e0a02330e", "23fc4e653d62151714cc182e969f09dfb0b2c8e8b23ee1e8d370c937235d577b", "257456f0582a9387e104e919695dbd09479ea3d1b91535a5d185de28364d0f0c", "2a3427057a865172a65af32928e71f316d86ab21cd3891a29c99cc2152594d79", "2b22416fdc05a7a2be27f1c2c776232a412af0d53739bb36f2272867ff486dae", "2b84d2ee8e5e3db10522cdd4a95f6ebf4f281b5581af6efb090848a43d6b46df", "2bf5783ce8934164208cbd876a282fa87a18dc1a8c85f3880f770f64cdf48ce1", "2ee6780c728fe0d17f0e49a2fc5081701cabb6709830dc5ddd48d57ecf1da154", "327ec487335d74e4cb2274fda32584646592cb465cb9933983d567543c33bae0", "33a85f67668d59accd4fcb7ad94bec55815c3efebf26a302875a7e29947b44f9", "37377bd36d7d46bb717a42d959114231165ef80cb43aed53cfb315b9cfaee693", "384a88aa045a2bdff9d8f4c559c2339a2dc9fe09a51e4cada6ce678de99e35e5", "e612a2ccdd0315fb7490d804b0befd8835d77efc0fcbd13a28805ff58e0d9f21"], "host": "fokyhyhumap[.]eu"}, {"hashes": ["01dfdcbc1c5a712ad5719072756748055311914c08458c9bf451affb40581212", "041dabd9edcf3c6e11e2f6dc0b5fa876e1cc9b57454df89f77850bf409da681e", "04b3192daa2bc747a2269e11be69e94ad4b46aac1a3ce833b2b35fc8ae526e53", "0d3c78ebbcbbf8f131eca632bea413e418b491edbb82cc4f5aaa0e7590573f1c", "126bfe53eb3e3d1c05c827ba28d4d14bc200dc6dfb07d42319b589e3b794f389", "1275e3cfeb6bcd1f45c4b7d8c894a8439eafde92232ef63451823093437a0788", "1418230802ed9bf38342d91015376a168bb604d47fd9dddc4e15d8c055c2d47b", "1a72c392397f85b0750f5487ed5342094353f1d87ca88711e27ab7d638b3d41d", "1bc6e1b9e060db9efb8fb508c9d14fff6ca84ae61e2dbe7a89aa44b71ca5e1ef", "1de3d63376eb25be9556b2dc07ef6d1746cc653733bc751afe0f275ad3f66883", "1ed4eb3a205a157fa0861b6f8f925b15923ee31215a16dfde29c5cba7e759877", "1f06519b71ee74ed5ab485355ec031c165dbf0cc68e2550705e9648548d3c9be", "1f5e7561abc5a3419c4770c0c1717012848a8e4a8e3d31f237af51fcf9275844", "21a919ce78c3911b87b904d9c7a91b3c21c0439b30f851e6119b3f3e0a02330e", "23fc4e653d62151714cc182e969f09dfb0b2c8e8b23ee1e8d370c937235d577b", "257456f0582a9387e104e919695dbd09479ea3d1b91535a5d185de28364d0f0c", "2a3427057a865172a65af32928e71f316d86ab21cd3891a29c99cc2152594d79", "2b22416fdc05a7a2be27f1c2c776232a412af0d53739bb36f2272867ff486dae", "2b84d2ee8e5e3db10522cdd4a95f6ebf4f281b5581af6efb090848a43d6b46df", "2bf5783ce8934164208cbd876a282fa87a18dc1a8c85f3880f770f64cdf48ce1", "2ee6780c728fe0d17f0e49a2fc5081701cabb6709830dc5ddd48d57ecf1da154", "327ec487335d74e4cb2274fda32584646592cb465cb9933983d567543c33bae0", "33a85f67668d59accd4fcb7ad94bec55815c3efebf26a302875a7e29947b44f9", "37377bd36d7d46bb717a42d959114231165ef80cb43aed53cfb315b9cfaee693", "384a88aa045a2bdff9d8f4c559c2339a2dc9fe09a51e4cada6ce678de99e35e5", "e612a2ccdd0315fb7490d804b0befd8835d77efc0fcbd13a28805ff58e0d9f21"], "host": "volekymyvum[.]eu"}, {"hashes": ["01dfdcbc1c5a712ad5719072756748055311914c08458c9bf451affb40581212", "041dabd9edcf3c6e11e2f6dc0b5fa876e1cc9b57454df89f77850bf409da681e", "04b3192daa2bc747a2269e11be69e94ad4b46aac1a3ce833b2b35fc8ae526e53", "0d3c78ebbcbbf8f131eca632bea413e418b491edbb82cc4f5aaa0e7590573f1c", "126bfe53eb3e3d1c05c827ba28d4d14bc200dc6dfb07d42319b589e3b794f389", "1275e3cfeb6bcd1f45c4b7d8c894a8439eafde92232ef63451823093437a0788", "1418230802ed9bf38342d91015376a168bb604d47fd9dddc4e15d8c055c2d47b", "1a72c392397f85b0750f5487ed5342094353f1d87ca88711e27ab7d638b3d41d", "1bc6e1b9e060db9efb8fb508c9d14fff6ca84ae61e2dbe7a89aa44b71ca5e1ef", "1de3d63376eb25be9556b2dc07ef6d1746cc653733bc751afe0f275ad3f66883", "1ed4eb3a205a157fa0861b6f8f925b15923ee31215a16dfde29c5cba7e759877", "1f06519b71ee74ed5ab485355ec031c165dbf0cc68e2550705e9648548d3c9be", "1f5e7561abc5a3419c4770c0c1717012848a8e4a8e3d31f237af51fcf9275844", "21a919ce78c3911b87b904d9c7a91b3c21c0439b30f851e6119b3f3e0a02330e", "23fc4e653d62151714cc182e969f09dfb0b2c8e8b23ee1e8d370c937235d577b", "257456f0582a9387e104e919695dbd09479ea3d1b91535a5d185de28364d0f0c", "2a3427057a865172a65af32928e71f316d86ab21cd3891a29c99cc2152594d79", "2b22416fdc05a7a2be27f1c2c776232a412af0d53739bb36f2272867ff486dae", "2b84d2ee8e5e3db10522cdd4a95f6ebf4f281b5581af6efb090848a43d6b46df", "2bf5783ce8934164208cbd876a282fa87a18dc1a8c85f3880f770f64cdf48ce1", "2ee6780c728fe0d17f0e49a2fc5081701cabb6709830dc5ddd48d57ecf1da154", "327ec487335d74e4cb2274fda32584646592cb465cb9933983d567543c33bae0", "33a85f67668d59accd4fcb7ad94bec55815c3efebf26a302875a7e29947b44f9", "37377bd36d7d46bb717a42d959114231165ef80cb43aed53cfb315b9cfaee693", "384a88aa045a2bdff9d8f4c559c2339a2dc9fe09a51e4cada6ce678de99e35e5", "e612a2ccdd0315fb7490d804b0befd8835d77efc0fcbd13a28805ff58e0d9f21"], "host": "nojudymiwuh[.]eu"}, {"hashes": ["01dfdcbc1c5a712ad5719072756748055311914c08458c9bf451affb40581212", "041dabd9edcf3c6e11e2f6dc0b5fa876e1cc9b57454df89f77850bf409da681e", "04b3192daa2bc747a2269e11be69e94ad4b46aac1a3ce833b2b35fc8ae526e53", "0d3c78ebbcbbf8f131eca632bea413e418b491edbb82cc4f5aaa0e7590573f1c", "126bfe53eb3e3d1c05c827ba28d4d14bc200dc6dfb07d42319b589e3b794f389", "1275e3cfeb6bcd1f45c4b7d8c894a8439eafde92232ef63451823093437a0788", "1418230802ed9bf38342d91015376a168bb604d47fd9dddc4e15d8c055c2d47b", "1a72c392397f85b0750f5487ed5342094353f1d87ca88711e27ab7d638b3d41d", "1bc6e1b9e060db9efb8fb508c9d14fff6ca84ae61e2dbe7a89aa44b71ca5e1ef", "1de3d63376eb25be9556b2dc07ef6d1746cc653733bc751afe0f275ad3f66883", "1ed4eb3a205a157fa0861b6f8f925b15923ee31215a16dfde29c5cba7e759877", "1f06519b71ee74ed5ab485355ec031c165dbf0cc68e2550705e9648548d3c9be", "1f5e7561abc5a3419c4770c0c1717012848a8e4a8e3d31f237af51fcf9275844", "21a919ce78c3911b87b904d9c7a91b3c21c0439b30f851e6119b3f3e0a02330e", "23fc4e653d62151714cc182e969f09dfb0b2c8e8b23ee1e8d370c937235d577b", "257456f0582a9387e104e919695dbd09479ea3d1b91535a5d185de28364d0f0c", "2a3427057a865172a65af32928e71f316d86ab21cd3891a29c99cc2152594d79", "2b22416fdc05a7a2be27f1c2c776232a412af0d53739bb36f2272867ff486dae", "2b84d2ee8e5e3db10522cdd4a95f6ebf4f281b5581af6efb090848a43d6b46df", "2bf5783ce8934164208cbd876a282fa87a18dc1a8c85f3880f770f64cdf48ce1", "2ee6780c728fe0d17f0e49a2fc5081701cabb6709830dc5ddd48d57ecf1da154", "327ec487335d74e4cb2274fda32584646592cb465cb9933983d567543c33bae0", "33a85f67668d59accd4fcb7ad94bec55815c3efebf26a302875a7e29947b44f9", "37377bd36d7d46bb717a42d959114231165ef80cb43aed53cfb315b9cfaee693", "384a88aa045a2bdff9d8f4c559c2339a2dc9fe09a51e4cada6ce678de99e35e5", "e612a2ccdd0315fb7490d804b0befd8835d77efc0fcbd13a28805ff58e0d9f21"], "host": "gahipyhopax[.]eu"}, {"hashes": ["01dfdcbc1c5a712ad5719072756748055311914c08458c9bf451affb40581212", "041dabd9edcf3c6e11e2f6dc0b5fa876e1cc9b57454df89f77850bf409da681e", "04b3192daa2bc747a2269e11be69e94ad4b46aac1a3ce833b2b35fc8ae526e53", "0d3c78ebbcbbf8f131eca632bea413e418b491edbb82cc4f5aaa0e7590573f1c", "126bfe53eb3e3d1c05c827ba28d4d14bc200dc6dfb07d42319b589e3b794f389", "1275e3cfeb6bcd1f45c4b7d8c894a8439eafde92232ef63451823093437a0788", "1418230802ed9bf38342d91015376a168bb604d47fd9dddc4e15d8c055c2d47b", "1a72c392397f85b0750f5487ed5342094353f1d87ca88711e27ab7d638b3d41d", "1bc6e1b9e060db9efb8fb508c9d14fff6ca84ae61e2dbe7a89aa44b71ca5e1ef", "1de3d63376eb25be9556b2dc07ef6d1746cc653733bc751afe0f275ad3f66883", "1ed4eb3a205a157fa0861b6f8f925b15923ee31215a16dfde29c5cba7e759877", "1f06519b71ee74ed5ab485355ec031c165dbf0cc68e2550705e9648548d3c9be", "1f5e7561abc5a3419c4770c0c1717012848a8e4a8e3d31f237af51fcf9275844", "21a919ce78c3911b87b904d9c7a91b3c21c0439b30f851e6119b3f3e0a02330e", "23fc4e653d62151714cc182e969f09dfb0b2c8e8b23ee1e8d370c937235d577b", "257456f0582a9387e104e919695dbd09479ea3d1b91535a5d185de28364d0f0c", "2a3427057a865172a65af32928e71f316d86ab21cd3891a29c99cc2152594d79", "2b22416fdc05a7a2be27f1c2c776232a412af0d53739bb36f2272867ff486dae", "2b84d2ee8e5e3db10522cdd4a95f6ebf4f281b5581af6efb090848a43d6b46df", "2bf5783ce8934164208cbd876a282fa87a18dc1a8c85f3880f770f64cdf48ce1", "2ee6780c728fe0d17f0e49a2fc5081701cabb6709830dc5ddd48d57ecf1da154", "327ec487335d74e4cb2274fda32584646592cb465cb9933983d567543c33bae0", "33a85f67668d59accd4fcb7ad94bec55815c3efebf26a302875a7e29947b44f9", "37377bd36d7d46bb717a42d959114231165ef80cb43aed53cfb315b9cfaee693", "384a88aa045a2bdff9d8f4c559c2339a2dc9fe09a51e4cada6ce678de99e35e5", "e612a2ccdd0315fb7490d804b0befd8835d77efc0fcbd13a28805ff58e0d9f21"], "host": "lyrugujiqat[.]eu"}, {"hashes": ["01dfdcbc1c5a712ad5719072756748055311914c08458c9bf451affb40581212", "041dabd9edcf3c6e11e2f6dc0b5fa876e1cc9b57454df89f77850bf409da681e", "04b3192daa2bc747a2269e11be69e94ad4b46aac1a3ce833b2b35fc8ae526e53", "0d3c78ebbcbbf8f131eca632bea413e418b491edbb82cc4f5aaa0e7590573f1c", "126bfe53eb3e3d1c05c827ba28d4d14bc200dc6dfb07d42319b589e3b794f389", "1275e3cfeb6bcd1f45c4b7d8c894a8439eafde92232ef63451823093437a0788", "1418230802ed9bf38342d91015376a168bb604d47fd9dddc4e15d8c055c2d47b", "1a72c392397f85b0750f5487ed5342094353f1d87ca88711e27ab7d638b3d41d", "1bc6e1b9e060db9efb8fb508c9d14fff6ca84ae61e2dbe7a89aa44b71ca5e1ef", "1de3d63376eb25be9556b2dc07ef6d1746cc653733bc751afe0f275ad3f66883", "1ed4eb3a205a157fa0861b6f8f925b15923ee31215a16dfde29c5cba7e759877", "1f06519b71ee74ed5ab485355ec031c165dbf0cc68e2550705e9648548d3c9be", "1f5e7561abc5a3419c4770c0c1717012848a8e4a8e3d31f237af51fcf9275844", "21a919ce78c3911b87b904d9c7a91b3c21c0439b30f851e6119b3f3e0a02330e", "23fc4e653d62151714cc182e969f09dfb0b2c8e8b23ee1e8d370c937235d577b", "257456f0582a9387e104e919695dbd09479ea3d1b91535a5d185de28364d0f0c", "2a3427057a865172a65af32928e71f316d86ab21cd3891a29c99cc2152594d79", "2b22416fdc05a7a2be27f1c2c776232a412af0d53739bb36f2272867ff486dae", "2b84d2ee8e5e3db10522cdd4a95f6ebf4f281b5581af6efb090848a43d6b46df", "2bf5783ce8934164208cbd876a282fa87a18dc1a8c85f3880f770f64cdf48ce1", "2ee6780c728fe0d17f0e49a2fc5081701cabb6709830dc5ddd48d57ecf1da154", "327ec487335d74e4cb2274fda32584646592cb465cb9933983d567543c33bae0", "33a85f67668d59accd4fcb7ad94bec55815c3efebf26a302875a7e29947b44f9", "37377bd36d7d46bb717a42d959114231165ef80cb43aed53cfb315b9cfaee693", "384a88aa045a2bdff9d8f4c559c2339a2dc9fe09a51e4cada6ce678de99e35e5", "e612a2ccdd0315fb7490d804b0befd8835d77efc0fcbd13a28805ff58e0d9f21"], "host": "magowymafum[.]eu"}, {"hashes": ["01dfdcbc1c5a712ad5719072756748055311914c08458c9bf451affb40581212", "041dabd9edcf3c6e11e2f6dc0b5fa876e1cc9b57454df89f77850bf409da681e", "04b3192daa2bc747a2269e11be69e94ad4b46aac1a3ce833b2b35fc8ae526e53", "0d3c78ebbcbbf8f131eca632bea413e418b491edbb82cc4f5aaa0e7590573f1c", "126bfe53eb3e3d1c05c827ba28d4d14bc200dc6dfb07d42319b589e3b794f389", "1275e3cfeb6bcd1f45c4b7d8c894a8439eafde92232ef63451823093437a0788", "1418230802ed9bf38342d91015376a168bb604d47fd9dddc4e15d8c055c2d47b", "1a72c392397f85b0750f5487ed5342094353f1d87ca88711e27ab7d638b3d41d", "1bc6e1b9e060db9efb8fb508c9d14fff6ca84ae61e2dbe7a89aa44b71ca5e1ef", "1de3d63376eb25be9556b2dc07ef6d1746cc653733bc751afe0f275ad3f66883", "1ed4eb3a205a157fa0861b6f8f925b15923ee31215a16dfde29c5cba7e759877", "1f06519b71ee74ed5ab485355ec031c165dbf0cc68e2550705e9648548d3c9be", "1f5e7561abc5a3419c4770c0c1717012848a8e4a8e3d31f237af51fcf9275844", "21a919ce78c3911b87b904d9c7a91b3c21c0439b30f851e6119b3f3e0a02330e", "23fc4e653d62151714cc182e969f09dfb0b2c8e8b23ee1e8d370c937235d577b", "257456f0582a9387e104e919695dbd09479ea3d1b91535a5d185de28364d0f0c", "2a3427057a865172a65af32928e71f316d86ab21cd3891a29c99cc2152594d79", "2b22416fdc05a7a2be27f1c2c776232a412af0d53739bb36f2272867ff486dae", "2b84d2ee8e5e3db10522cdd4a95f6ebf4f281b5581af6efb090848a43d6b46df", "2bf5783ce8934164208cbd876a282fa87a18dc1a8c85f3880f770f64cdf48ce1", "2ee6780c728fe0d17f0e49a2fc5081701cabb6709830dc5ddd48d57ecf1da154", "327ec487335d74e4cb2274fda32584646592cb465cb9933983d567543c33bae0", "33a85f67668d59accd4fcb7ad94bec55815c3efebf26a302875a7e29947b44f9", "37377bd36d7d46bb717a42d959114231165ef80cb43aed53cfb315b9cfaee693", "384a88aa045a2bdff9d8f4c559c2339a2dc9fe09a51e4cada6ce678de99e35e5", "e612a2ccdd0315fb7490d804b0befd8835d77efc0fcbd13a28805ff58e0d9f21"], "host": "jefamyjejat[.]eu"}, {"hashes": ["01dfdcbc1c5a712ad5719072756748055311914c08458c9bf451affb40581212", "041dabd9edcf3c6e11e2f6dc0b5fa876e1cc9b57454df89f77850bf409da681e", "04b3192daa2bc747a2269e11be69e94ad4b46aac1a3ce833b2b35fc8ae526e53", "0d3c78ebbcbbf8f131eca632bea413e418b491edbb82cc4f5aaa0e7590573f1c", "126bfe53eb3e3d1c05c827ba28d4d14bc200dc6dfb07d42319b589e3b794f389", "1275e3cfeb6bcd1f45c4b7d8c894a8439eafde92232ef63451823093437a0788", "1418230802ed9bf38342d91015376a168bb604d47fd9dddc4e15d8c055c2d47b", "1a72c392397f85b0750f5487ed5342094353f1d87ca88711e27ab7d638b3d41d", "1bc6e1b9e060db9efb8fb508c9d14fff6ca84ae61e2dbe7a89aa44b71ca5e1ef", "1de3d63376eb25be9556b2dc07ef6d1746cc653733bc751afe0f275ad3f66883", "1ed4eb3a205a157fa0861b6f8f925b15923ee31215a16dfde29c5cba7e759877", "1f06519b71ee74ed5ab485355ec031c165dbf0cc68e2550705e9648548d3c9be", "1f5e7561abc5a3419c4770c0c1717012848a8e4a8e3d31f237af51fcf9275844", "21a919ce78c3911b87b904d9c7a91b3c21c0439b30f851e6119b3f3e0a02330e", "23fc4e653d62151714cc182e969f09dfb0b2c8e8b23ee1e8d370c937235d577b", "257456f0582a9387e104e919695dbd09479ea3d1b91535a5d185de28364d0f0c", "2a3427057a865172a65af32928e71f316d86ab21cd3891a29c99cc2152594d79", "2b22416fdc05a7a2be27f1c2c776232a412af0d53739bb36f2272867ff486dae", "2b84d2ee8e5e3db10522cdd4a95f6ebf4f281b5581af6efb090848a43d6b46df", "2bf5783ce8934164208cbd876a282fa87a18dc1a8c85f3880f770f64cdf48ce1", "2ee6780c728fe0d17f0e49a2fc5081701cabb6709830dc5ddd48d57ecf1da154", "327ec487335d74e4cb2274fda32584646592cb465cb9933983d567543c33bae0", "33a85f67668d59accd4fcb7ad94bec55815c3efebf26a302875a7e29947b44f9", "37377bd36d7d46bb717a42d959114231165ef80cb43aed53cfb315b9cfaee693", "384a88aa045a2bdff9d8f4c559c2339a2dc9fe09a51e4cada6ce678de99e35e5", "e612a2ccdd0315fb7490d804b0befd8835d77efc0fcbd13a28805ff58e0d9f21"], "host": "kepyxujycaz[.]eu"}, {"hashes": ["01dfdcbc1c5a712ad5719072756748055311914c08458c9bf451affb40581212", "041dabd9edcf3c6e11e2f6dc0b5fa876e1cc9b57454df89f77850bf409da681e", "04b3192daa2bc747a2269e11be69e94ad4b46aac1a3ce833b2b35fc8ae526e53", "0d3c78ebbcbbf8f131eca632bea413e418b491edbb82cc4f5aaa0e7590573f1c", "126bfe53eb3e3d1c05c827ba28d4d14bc200dc6dfb07d42319b589e3b794f389", "1275e3cfeb6bcd1f45c4b7d8c894a8439eafde92232ef63451823093437a0788", "1418230802ed9bf38342d91015376a168bb604d47fd9dddc4e15d8c055c2d47b", "1a72c392397f85b0750f5487ed5342094353f1d87ca88711e27ab7d638b3d41d", "1bc6e1b9e060db9efb8fb508c9d14fff6ca84ae61e2dbe7a89aa44b71ca5e1ef", "1de3d63376eb25be9556b2dc07ef6d1746cc653733bc751afe0f275ad3f66883", "1ed4eb3a205a157fa0861b6f8f925b15923ee31215a16dfde29c5cba7e759877", "1f06519b71ee74ed5ab485355ec031c165dbf0cc68e2550705e9648548d3c9be", "1f5e7561abc5a3419c4770c0c1717012848a8e4a8e3d31f237af51fcf9275844", "21a919ce78c3911b87b904d9c7a91b3c21c0439b30f851e6119b3f3e0a02330e", "23fc4e653d62151714cc182e969f09dfb0b2c8e8b23ee1e8d370c937235d577b", "257456f0582a9387e104e919695dbd09479ea3d1b91535a5d185de28364d0f0c", "2a3427057a865172a65af32928e71f316d86ab21cd3891a29c99cc2152594d79", "2b22416fdc05a7a2be27f1c2c776232a412af0d53739bb36f2272867ff486dae", "2b84d2ee8e5e3db10522cdd4a95f6ebf4f281b5581af6efb090848a43d6b46df", "2bf5783ce8934164208cbd876a282fa87a18dc1a8c85f3880f770f64cdf48ce1", "2ee6780c728fe0d17f0e49a2fc5081701cabb6709830dc5ddd48d57ecf1da154", "327ec487335d74e4cb2274fda32584646592cb465cb9933983d567543c33bae0", "33a85f67668d59accd4fcb7ad94bec55815c3efebf26a302875a7e29947b44f9", "37377bd36d7d46bb717a42d959114231165ef80cb43aed53cfb315b9cfaee693", "384a88aa045a2bdff9d8f4c559c2339a2dc9fe09a51e4cada6ce678de99e35e5", "e612a2ccdd0315fb7490d804b0befd8835d77efc0fcbd13a28805ff58e0d9f21"], "host": "qedevuqelug[.]eu"}, {"hashes": ["01dfdcbc1c5a712ad5719072756748055311914c08458c9bf451affb40581212", "041dabd9edcf3c6e11e2f6dc0b5fa876e1cc9b57454df89f77850bf409da681e", "04b3192daa2bc747a2269e11be69e94ad4b46aac1a3ce833b2b35fc8ae526e53", "0d3c78ebbcbbf8f131eca632bea413e418b491edbb82cc4f5aaa0e7590573f1c", "126bfe53eb3e3d1c05c827ba28d4d14bc200dc6dfb07d42319b589e3b794f389", "1275e3cfeb6bcd1f45c4b7d8c894a8439eafde92232ef63451823093437a0788", "1418230802ed9bf38342d91015376a168bb604d47fd9dddc4e15d8c055c2d47b", "1a72c392397f85b0750f5487ed5342094353f1d87ca88711e27ab7d638b3d41d", "1bc6e1b9e060db9efb8fb508c9d14fff6ca84ae61e2dbe7a89aa44b71ca5e1ef", "1de3d63376eb25be9556b2dc07ef6d1746cc653733bc751afe0f275ad3f66883", "1ed4eb3a205a157fa0861b6f8f925b15923ee31215a16dfde29c5cba7e759877", "1f06519b71ee74ed5ab485355ec031c165dbf0cc68e2550705e9648548d3c9be", "1f5e7561abc5a3419c4770c0c1717012848a8e4a8e3d31f237af51fcf9275844", "21a919ce78c3911b87b904d9c7a91b3c21c0439b30f851e6119b3f3e0a02330e", "23fc4e653d62151714cc182e969f09dfb0b2c8e8b23ee1e8d370c937235d577b", "257456f0582a9387e104e919695dbd09479ea3d1b91535a5d185de28364d0f0c", "2a3427057a865172a65af32928e71f316d86ab21cd3891a29c99cc2152594d79", "2b22416fdc05a7a2be27f1c2c776232a412af0d53739bb36f2272867ff486dae", "2b84d2ee8e5e3db10522cdd4a95f6ebf4f281b5581af6efb090848a43d6b46df", "2bf5783ce8934164208cbd876a282fa87a18dc1a8c85f3880f770f64cdf48ce1", "2ee6780c728fe0d17f0e49a2fc5081701cabb6709830dc5ddd48d57ecf1da154", "327ec487335d74e4cb2274fda32584646592cb465cb9933983d567543c33bae0", "33a85f67668d59accd4fcb7ad94bec55815c3efebf26a302875a7e29947b44f9", "37377bd36d7d46bb717a42d959114231165ef80cb43aed53cfb315b9cfaee693", "384a88aa045a2bdff9d8f4c559c2339a2dc9fe09a51e4cada6ce678de99e35e5", "e612a2ccdd0315fb7490d804b0befd8835d77efc0fcbd13a28805ff58e0d9f21"], "host": "rytukuqunun[.]eu"}, {"hashes": ["01dfdcbc1c5a712ad5719072756748055311914c08458c9bf451affb40581212", "041dabd9edcf3c6e11e2f6dc0b5fa876e1cc9b57454df89f77850bf409da681e", "04b3192daa2bc747a2269e11be69e94ad4b46aac1a3ce833b2b35fc8ae526e53", "0d3c78ebbcbbf8f131eca632bea413e418b491edbb82cc4f5aaa0e7590573f1c", "126bfe53eb3e3d1c05c827ba28d4d14bc200dc6dfb07d42319b589e3b794f389", "1275e3cfeb6bcd1f45c4b7d8c894a8439eafde92232ef63451823093437a0788", "1418230802ed9bf38342d91015376a168bb604d47fd9dddc4e15d8c055c2d47b", "1a72c392397f85b0750f5487ed5342094353f1d87ca88711e27ab7d638b3d41d", "1bc6e1b9e060db9efb8fb508c9d14fff6ca84ae61e2dbe7a89aa44b71ca5e1ef", "1de3d63376eb25be9556b2dc07ef6d1746cc653733bc751afe0f275ad3f66883", "1ed4eb3a205a157fa0861b6f8f925b15923ee31215a16dfde29c5cba7e759877", "1f06519b71ee74ed5ab485355ec031c165dbf0cc68e2550705e9648548d3c9be", "1f5e7561abc5a3419c4770c0c1717012848a8e4a8e3d31f237af51fcf9275844", "21a919ce78c3911b87b904d9c7a91b3c21c0439b30f851e6119b3f3e0a02330e", "23fc4e653d62151714cc182e969f09dfb0b2c8e8b23ee1e8d370c937235d577b", "257456f0582a9387e104e919695dbd09479ea3d1b91535a5d185de28364d0f0c", "2a3427057a865172a65af32928e71f316d86ab21cd3891a29c99cc2152594d79", "2b22416fdc05a7a2be27f1c2c776232a412af0d53739bb36f2272867ff486dae", "2b84d2ee8e5e3db10522cdd4a95f6ebf4f281b5581af6efb090848a43d6b46df", "2bf5783ce8934164208cbd876a282fa87a18dc1a8c85f3880f770f64cdf48ce1", "2ee6780c728fe0d17f0e49a2fc5081701cabb6709830dc5ddd48d57ecf1da154", "327ec487335d74e4cb2274fda32584646592cb465cb9933983d567543c33bae0", "33a85f67668d59accd4fcb7ad94bec55815c3efebf26a302875a7e29947b44f9", "37377bd36d7d46bb717a42d959114231165ef80cb43aed53cfb315b9cfaee693", "384a88aa045a2bdff9d8f4c559c2339a2dc9fe09a51e4cada6ce678de99e35e5", "e612a2ccdd0315fb7490d804b0befd8835d77efc0fcbd13a28805ff58e0d9f21"], "host": "xuqotujodaz[.]eu"}, {"hashes": ["01dfdcbc1c5a712ad5719072756748055311914c08458c9bf451affb40581212", "041dabd9edcf3c6e11e2f6dc0b5fa876e1cc9b57454df89f77850bf409da681e", "04b3192daa2bc747a2269e11be69e94ad4b46aac1a3ce833b2b35fc8ae526e53", "0d3c78ebbcbbf8f131eca632bea413e418b491edbb82cc4f5aaa0e7590573f1c", "126bfe53eb3e3d1c05c827ba28d4d14bc200dc6dfb07d42319b589e3b794f389", "1275e3cfeb6bcd1f45c4b7d8c894a8439eafde92232ef63451823093437a0788", "1418230802ed9bf38342d91015376a168bb604d47fd9dddc4e15d8c055c2d47b", "1a72c392397f85b0750f5487ed5342094353f1d87ca88711e27ab7d638b3d41d", "1bc6e1b9e060db9efb8fb508c9d14fff6ca84ae61e2dbe7a89aa44b71ca5e1ef", "1de3d63376eb25be9556b2dc07ef6d1746cc653733bc751afe0f275ad3f66883", "1ed4eb3a205a157fa0861b6f8f925b15923ee31215a16dfde29c5cba7e759877", "1f06519b71ee74ed5ab485355ec031c165dbf0cc68e2550705e9648548d3c9be", "1f5e7561abc5a3419c4770c0c1717012848a8e4a8e3d31f237af51fcf9275844", "21a919ce78c3911b87b904d9c7a91b3c21c0439b30f851e6119b3f3e0a02330e", "23fc4e653d62151714cc182e969f09dfb0b2c8e8b23ee1e8d370c937235d577b", "257456f0582a9387e104e919695dbd09479ea3d1b91535a5d185de28364d0f0c", "2a3427057a865172a65af32928e71f316d86ab21cd3891a29c99cc2152594d79", "2b22416fdc05a7a2be27f1c2c776232a412af0d53739bb36f2272867ff486dae", "2b84d2ee8e5e3db10522cdd4a95f6ebf4f281b5581af6efb090848a43d6b46df", "2bf5783ce8934164208cbd876a282fa87a18dc1a8c85f3880f770f64cdf48ce1", "2ee6780c728fe0d17f0e49a2fc5081701cabb6709830dc5ddd48d57ecf1da154", "327ec487335d74e4cb2274fda32584646592cb465cb9933983d567543c33bae0", "33a85f67668d59accd4fcb7ad94bec55815c3efebf26a302875a7e29947b44f9", "37377bd36d7d46bb717a42d959114231165ef80cb43aed53cfb315b9cfaee693", "384a88aa045a2bdff9d8f4c559c2339a2dc9fe09a51e4cada6ce678de99e35e5", "e612a2ccdd0315fb7490d804b0befd8835d77efc0fcbd13a28805ff58e0d9f21"], "host": "pumawuqahun[.]eu"}, {"hashes": ["01dfdcbc1c5a712ad5719072756748055311914c08458c9bf451affb40581212", "041dabd9edcf3c6e11e2f6dc0b5fa876e1cc9b57454df89f77850bf409da681e", "04b3192daa2bc747a2269e11be69e94ad4b46aac1a3ce833b2b35fc8ae526e53", "0d3c78ebbcbbf8f131eca632bea413e418b491edbb82cc4f5aaa0e7590573f1c", "126bfe53eb3e3d1c05c827ba28d4d14bc200dc6dfb07d42319b589e3b794f389", "1275e3cfeb6bcd1f45c4b7d8c894a8439eafde92232ef63451823093437a0788", "1418230802ed9bf38342d91015376a168bb604d47fd9dddc4e15d8c055c2d47b", "1a72c392397f85b0750f5487ed5342094353f1d87ca88711e27ab7d638b3d41d", "1bc6e1b9e060db9efb8fb508c9d14fff6ca84ae61e2dbe7a89aa44b71ca5e1ef", "1de3d63376eb25be9556b2dc07ef6d1746cc653733bc751afe0f275ad3f66883", "1ed4eb3a205a157fa0861b6f8f925b15923ee31215a16dfde29c5cba7e759877", "1f06519b71ee74ed5ab485355ec031c165dbf0cc68e2550705e9648548d3c9be", "1f5e7561abc5a3419c4770c0c1717012848a8e4a8e3d31f237af51fcf9275844", "21a919ce78c3911b87b904d9c7a91b3c21c0439b30f851e6119b3f3e0a02330e", "23fc4e653d62151714cc182e969f09dfb0b2c8e8b23ee1e8d370c937235d577b", "257456f0582a9387e104e919695dbd09479ea3d1b91535a5d185de28364d0f0c", "2a3427057a865172a65af32928e71f316d86ab21cd3891a29c99cc2152594d79", "2b22416fdc05a7a2be27f1c2c776232a412af0d53739bb36f2272867ff486dae", "2b84d2ee8e5e3db10522cdd4a95f6ebf4f281b5581af6efb090848a43d6b46df", "2bf5783ce8934164208cbd876a282fa87a18dc1a8c85f3880f770f64cdf48ce1", "2ee6780c728fe0d17f0e49a2fc5081701cabb6709830dc5ddd48d57ecf1da154", "327ec487335d74e4cb2274fda32584646592cb465cb9933983d567543c33bae0", "33a85f67668d59accd4fcb7ad94bec55815c3efebf26a302875a7e29947b44f9", "37377bd36d7d46bb717a42d959114231165ef80cb43aed53cfb315b9cfaee693", "384a88aa045a2bdff9d8f4c559c2339a2dc9fe09a51e4cada6ce678de99e35e5", "e612a2ccdd0315fb7490d804b0befd8835d77efc0fcbd13a28805ff58e0d9f21"], "host": "cinenikekar[.]eu"}], "file": [{"hashes": ["01dfdcbc1c5a712ad5719072756748055311914c08458c9bf451affb40581212", "041dabd9edcf3c6e11e2f6dc0b5fa876e1cc9b57454df89f77850bf409da681e", "04b3192daa2bc747a2269e11be69e94ad4b46aac1a3ce833b2b35fc8ae526e53", "0d3c78ebbcbbf8f131eca632bea413e418b491edbb82cc4f5aaa0e7590573f1c", "126bfe53eb3e3d1c05c827ba28d4d14bc200dc6dfb07d42319b589e3b794f389", "1275e3cfeb6bcd1f45c4b7d8c894a8439eafde92232ef63451823093437a0788", "1418230802ed9bf38342d91015376a168bb604d47fd9dddc4e15d8c055c2d47b", "1a72c392397f85b0750f5487ed5342094353f1d87ca88711e27ab7d638b3d41d", "1bc6e1b9e060db9efb8fb508c9d14fff6ca84ae61e2dbe7a89aa44b71ca5e1ef", "1de3d63376eb25be9556b2dc07ef6d1746cc653733bc751afe0f275ad3f66883", "1ed4eb3a205a157fa0861b6f8f925b15923ee31215a16dfde29c5cba7e759877", "1f06519b71ee74ed5ab485355ec031c165dbf0cc68e2550705e9648548d3c9be", "1f5e7561abc5a3419c4770c0c1717012848a8e4a8e3d31f237af51fcf9275844", "21a919ce78c3911b87b904d9c7a91b3c21c0439b30f851e6119b3f3e0a02330e", "23fc4e653d62151714cc182e969f09dfb0b2c8e8b23ee1e8d370c937235d577b", "257456f0582a9387e104e919695dbd09479ea3d1b91535a5d185de28364d0f0c", "2a3427057a865172a65af32928e71f316d86ab21cd3891a29c99cc2152594d79", "2b22416fdc05a7a2be27f1c2c776232a412af0d53739bb36f2272867ff486dae", "2b84d2ee8e5e3db10522cdd4a95f6ebf4f281b5581af6efb090848a43d6b46df", "2bf5783ce8934164208cbd876a282fa87a18dc1a8c85f3880f770f64cdf48ce1", "2ee6780c728fe0d17f0e49a2fc5081701cabb6709830dc5ddd48d57ecf1da154", "327ec487335d74e4cb2274fda32584646592cb465cb9933983d567543c33bae0", "33a85f67668d59accd4fcb7ad94bec55815c3efebf26a302875a7e29947b44f9", "37377bd36d7d46bb717a42d959114231165ef80cb43aed53cfb315b9cfaee693", "384a88aa045a2bdff9d8f4c559c2339a2dc9fe09a51e4cada6ce678de99e35e5", "e612a2ccdd0315fb7490d804b0befd8835d77efc0fcbd13a28805ff58e0d9f21"], "path": "%TEMP%\\<random, matching [A-F0-9]{1,4}>.tmp"}], "ip": [{"hashes": ["01dfdcbc1c5a712ad5719072756748055311914c08458c9bf451affb40581212", "041dabd9edcf3c6e11e2f6dc0b5fa876e1cc9b57454df89f77850bf409da681e", "04b3192daa2bc747a2269e11be69e94ad4b46aac1a3ce833b2b35fc8ae526e53", "0d3c78ebbcbbf8f131eca632bea413e418b491edbb82cc4f5aaa0e7590573f1c", "126bfe53eb3e3d1c05c827ba28d4d14bc200dc6dfb07d42319b589e3b794f389", "1275e3cfeb6bcd1f45c4b7d8c894a8439eafde92232ef63451823093437a0788", "1418230802ed9bf38342d91015376a168bb604d47fd9dddc4e15d8c055c2d47b", "1a72c392397f85b0750f5487ed5342094353f1d87ca88711e27ab7d638b3d41d", "1bc6e1b9e060db9efb8fb508c9d14fff6ca84ae61e2dbe7a89aa44b71ca5e1ef", "1de3d63376eb25be9556b2dc07ef6d1746cc653733bc751afe0f275ad3f66883", "1ed4eb3a205a157fa0861b6f8f925b15923ee31215a16dfde29c5cba7e759877", "1f06519b71ee74ed5ab485355ec031c165dbf0cc68e2550705e9648548d3c9be", "1f5e7561abc5a3419c4770c0c1717012848a8e4a8e3d31f237af51fcf9275844", "21a919ce78c3911b87b904d9c7a91b3c21c0439b30f851e6119b3f3e0a02330e", "23fc4e653d62151714cc182e969f09dfb0b2c8e8b23ee1e8d370c937235d577b", "257456f0582a9387e104e919695dbd09479ea3d1b91535a5d185de28364d0f0c", "2a3427057a865172a65af32928e71f316d86ab21cd3891a29c99cc2152594d79", "2b22416fdc05a7a2be27f1c2c776232a412af0d53739bb36f2272867ff486dae", "2b84d2ee8e5e3db10522cdd4a95f6ebf4f281b5581af6efb090848a43d6b46df", "2bf5783ce8934164208cbd876a282fa87a18dc1a8c85f3880f770f64cdf48ce1", "2ee6780c728fe0d17f0e49a2fc5081701cabb6709830dc5ddd48d57ecf1da154", "327ec487335d74e4cb2274fda32584646592cb465cb9933983d567543c33bae0", "33a85f67668d59accd4fcb7ad94bec55815c3efebf26a302875a7e29947b44f9", "37377bd36d7d46bb717a42d959114231165ef80cb43aed53cfb315b9cfaee693", "384a88aa045a2bdff9d8f4c559c2339a2dc9fe09a51e4cada6ce678de99e35e5", "e612a2ccdd0315fb7490d804b0befd8835d77efc0fcbd13a28805ff58e0d9f21"], "ip": "85[.]94[.]194[.]169"}, {"hashes": ["0d3c78ebbcbbf8f131eca632bea413e418b491edbb82cc4f5aaa0e7590573f1c", "126bfe53eb3e3d1c05c827ba28d4d14bc200dc6dfb07d42319b589e3b794f389", "1418230802ed9bf38342d91015376a168bb604d47fd9dddc4e15d8c055c2d47b", "1a72c392397f85b0750f5487ed5342094353f1d87ca88711e27ab7d638b3d41d", "1ed4eb3a205a157fa0861b6f8f925b15923ee31215a16dfde29c5cba7e759877", "21a919ce78c3911b87b904d9c7a91b3c21c0439b30f851e6119b3f3e0a02330e", "23fc4e653d62151714cc182e969f09dfb0b2c8e8b23ee1e8d370c937235d577b", "2a3427057a865172a65af32928e71f316d86ab21cd3891a29c99cc2152594d79", "2ee6780c728fe0d17f0e49a2fc5081701cabb6709830dc5ddd48d57ecf1da154", "37377bd36d7d46bb717a42d959114231165ef80cb43aed53cfb315b9cfaee693", "e612a2ccdd0315fb7490d804b0befd8835d77efc0fcbd13a28805ff58e0d9f21"], "ip": "13[.]107[.]21[.]200"}], "mutex": [{"hashes": ["01dfdcbc1c5a712ad5719072756748055311914c08458c9bf451affb40581212", "041dabd9edcf3c6e11e2f6dc0b5fa876e1cc9b57454df89f77850bf409da681e", "04b3192daa2bc747a2269e11be69e94ad4b46aac1a3ce833b2b35fc8ae526e53", "0d3c78ebbcbbf8f131eca632bea413e418b491edbb82cc4f5aaa0e7590573f1c", "126bfe53eb3e3d1c05c827ba28d4d14bc200dc6dfb07d42319b589e3b794f389", "1275e3cfeb6bcd1f45c4b7d8c894a8439eafde92232ef63451823093437a0788", "1418230802ed9bf38342d91015376a168bb604d47fd9dddc4e15d8c055c2d47b", "1a72c392397f85b0750f5487ed5342094353f1d87ca88711e27ab7d638b3d41d", "1bc6e1b9e060db9efb8fb508c9d14fff6ca84ae61e2dbe7a89aa44b71ca5e1ef", "1de3d63376eb25be9556b2dc07ef6d1746cc653733bc751afe0f275ad3f66883", "1ed4eb3a205a157fa0861b6f8f925b15923ee31215a16dfde29c5cba7e759877", "1f06519b71ee74ed5ab485355ec031c165dbf0cc68e2550705e9648548d3c9be", "1f5e7561abc5a3419c4770c0c1717012848a8e4a8e3d31f237af51fcf9275844", "21a919ce78c3911b87b904d9c7a91b3c21c0439b30f851e6119b3f3e0a02330e", "23fc4e653d62151714cc182e969f09dfb0b2c8e8b23ee1e8d370c937235d577b", "257456f0582a9387e104e919695dbd09479ea3d1b91535a5d185de28364d0f0c", "2a3427057a865172a65af32928e71f316d86ab21cd3891a29c99cc2152594d79", "2b22416fdc05a7a2be27f1c2c776232a412af0d53739bb36f2272867ff486dae", "2b84d2ee8e5e3db10522cdd4a95f6ebf4f281b5581af6efb090848a43d6b46df", "2bf5783ce8934164208cbd876a282fa87a18dc1a8c85f3880f770f64cdf48ce1", "2ee6780c728fe0d17f0e49a2fc5081701cabb6709830dc5ddd48d57ecf1da154", "327ec487335d74e4cb2274fda32584646592cb465cb9933983d567543c33bae0", "33a85f67668d59accd4fcb7ad94bec55815c3efebf26a302875a7e29947b44f9", "37377bd36d7d46bb717a42d959114231165ef80cb43aed53cfb315b9cfaee693", "384a88aa045a2bdff9d8f4c559c2339a2dc9fe09a51e4cada6ce678de99e35e5", "e612a2ccdd0315fb7490d804b0befd8835d77efc0fcbd13a28805ff58e0d9f21"], "name": "Global\\674972E3a"}, {"hashes": ["01dfdcbc1c5a712ad5719072756748055311914c08458c9bf451affb40581212", "041dabd9edcf3c6e11e2f6dc0b5fa876e1cc9b57454df89f77850bf409da681e", "04b3192daa2bc747a2269e11be69e94ad4b46aac1a3ce833b2b35fc8ae526e53", "0d3c78ebbcbbf8f131eca632bea413e418b491edbb82cc4f5aaa0e7590573f1c", "126bfe53eb3e3d1c05c827ba28d4d14bc200dc6dfb07d42319b589e3b794f389", "1275e3cfeb6bcd1f45c4b7d8c894a8439eafde92232ef63451823093437a0788", "1418230802ed9bf38342d91015376a168bb604d47fd9dddc4e15d8c055c2d47b", "1a72c392397f85b0750f5487ed5342094353f1d87ca88711e27ab7d638b3d41d", "1bc6e1b9e060db9efb8fb508c9d14fff6ca84ae61e2dbe7a89aa44b71ca5e1ef", "1de3d63376eb25be9556b2dc07ef6d1746cc653733bc751afe0f275ad3f66883", "1ed4eb3a205a157fa0861b6f8f925b15923ee31215a16dfde29c5cba7e759877", "1f06519b71ee74ed5ab485355ec031c165dbf0cc68e2550705e9648548d3c9be", "1f5e7561abc5a3419c4770c0c1717012848a8e4a8e3d31f237af51fcf9275844", "21a919ce78c3911b87b904d9c7a91b3c21c0439b30f851e6119b3f3e0a02330e", "23fc4e653d62151714cc182e969f09dfb0b2c8e8b23ee1e8d370c937235d577b", "257456f0582a9387e104e919695dbd09479ea3d1b91535a5d185de28364d0f0c", "2a3427057a865172a65af32928e71f316d86ab21cd3891a29c99cc2152594d79", "2b22416fdc05a7a2be27f1c2c776232a412af0d53739bb36f2272867ff486dae", "2b84d2ee8e5e3db10522cdd4a95f6ebf4f281b5581af6efb090848a43d6b46df", "2bf5783ce8934164208cbd876a282fa87a18dc1a8c85f3880f770f64cdf48ce1", "2ee6780c728fe0d17f0e49a2fc5081701cabb6709830dc5ddd48d57ecf1da154", "327ec487335d74e4cb2274fda32584646592cb465cb9933983d567543c33bae0", "33a85f67668d59accd4fcb7ad94bec55815c3efebf26a302875a7e29947b44f9", "37377bd36d7d46bb717a42d959114231165ef80cb43aed53cfb315b9cfaee693", "384a88aa045a2bdff9d8f4c559c2339a2dc9fe09a51e4cada6ce678de99e35e5", "e612a2ccdd0315fb7490d804b0befd8835d77efc0fcbd13a28805ff58e0d9f21"], "name": "Global\\MicrosoftSysenterGate7"}, {"hashes": ["01dfdcbc1c5a712ad5719072756748055311914c08458c9bf451affb40581212", "041dabd9edcf3c6e11e2f6dc0b5fa876e1cc9b57454df89f77850bf409da681e", "04b3192daa2bc747a2269e11be69e94ad4b46aac1a3ce833b2b35fc8ae526e53", "0d3c78ebbcbbf8f131eca632bea413e418b491edbb82cc4f5aaa0e7590573f1c", "126bfe53eb3e3d1c05c827ba28d4d14bc200dc6dfb07d42319b589e3b794f389", "1275e3cfeb6bcd1f45c4b7d8c894a8439eafde92232ef63451823093437a0788", "1418230802ed9bf38342d91015376a168bb604d47fd9dddc4e15d8c055c2d47b", "1a72c392397f85b0750f5487ed5342094353f1d87ca88711e27ab7d638b3d41d", "1bc6e1b9e060db9efb8fb508c9d14fff6ca84ae61e2dbe7a89aa44b71ca5e1ef", "1de3d63376eb25be9556b2dc07ef6d1746cc653733bc751afe0f275ad3f66883", "1ed4eb3a205a157fa0861b6f8f925b15923ee31215a16dfde29c5cba7e759877", "1f06519b71ee74ed5ab485355ec031c165dbf0cc68e2550705e9648548d3c9be", "1f5e7561abc5a3419c4770c0c1717012848a8e4a8e3d31f237af51fcf9275844", "21a919ce78c3911b87b904d9c7a91b3c21c0439b30f851e6119b3f3e0a02330e", "23fc4e653d62151714cc182e969f09dfb0b2c8e8b23ee1e8d370c937235d577b", "257456f0582a9387e104e919695dbd09479ea3d1b91535a5d185de28364d0f0c", "2a3427057a865172a65af32928e71f316d86ab21cd3891a29c99cc2152594d79", "2b22416fdc05a7a2be27f1c2c776232a412af0d53739bb36f2272867ff486dae", "2b84d2ee8e5e3db10522cdd4a95f6ebf4f281b5581af6efb090848a43d6b46df", "2bf5783ce8934164208cbd876a282fa87a18dc1a8c85f3880f770f64cdf48ce1", "2ee6780c728fe0d17f0e49a2fc5081701cabb6709830dc5ddd48d57ecf1da154", "327ec487335d74e4cb2274fda32584646592cb465cb9933983d567543c33bae0", "33a85f67668d59accd4fcb7ad94bec55815c3efebf26a302875a7e29947b44f9", "37377bd36d7d46bb717a42d959114231165ef80cb43aed53cfb315b9cfaee693", "384a88aa045a2bdff9d8f4c559c2339a2dc9fe09a51e4cada6ce678de99e35e5", "e612a2ccdd0315fb7490d804b0befd8835d77efc0fcbd13a28805ff58e0d9f21"], "name": "internal_wutex_0x000004b4"}, {"hashes": ["01dfdcbc1c5a712ad5719072756748055311914c08458c9bf451affb40581212", "041dabd9edcf3c6e11e2f6dc0b5fa876e1cc9b57454df89f77850bf409da681e", "04b3192daa2bc747a2269e11be69e94ad4b46aac1a3ce833b2b35fc8ae526e53", "0d3c78ebbcbbf8f131eca632bea413e418b491edbb82cc4f5aaa0e7590573f1c", "126bfe53eb3e3d1c05c827ba28d4d14bc200dc6dfb07d42319b589e3b794f389", "1275e3cfeb6bcd1f45c4b7d8c894a8439eafde92232ef63451823093437a0788", "1418230802ed9bf38342d91015376a168bb604d47fd9dddc4e15d8c055c2d47b", "1a72c392397f85b0750f5487ed5342094353f1d87ca88711e27ab7d638b3d41d", "1bc6e1b9e060db9efb8fb508c9d14fff6ca84ae61e2dbe7a89aa44b71ca5e1ef", "1de3d63376eb25be9556b2dc07ef6d1746cc653733bc751afe0f275ad3f66883", "1ed4eb3a205a157fa0861b6f8f925b15923ee31215a16dfde29c5cba7e759877", "1f06519b71ee74ed5ab485355ec031c165dbf0cc68e2550705e9648548d3c9be", "1f5e7561abc5a3419c4770c0c1717012848a8e4a8e3d31f237af51fcf9275844", "21a919ce78c3911b87b904d9c7a91b3c21c0439b30f851e6119b3f3e0a02330e", "23fc4e653d62151714cc182e969f09dfb0b2c8e8b23ee1e8d370c937235d577b", "257456f0582a9387e104e919695dbd09479ea3d1b91535a5d185de28364d0f0c", "2a3427057a865172a65af32928e71f316d86ab21cd3891a29c99cc2152594d79", "2b22416fdc05a7a2be27f1c2c776232a412af0d53739bb36f2272867ff486dae", "2b84d2ee8e5e3db10522cdd4a95f6ebf4f281b5581af6efb090848a43d6b46df", "2bf5783ce8934164208cbd876a282fa87a18dc1a8c85f3880f770f64cdf48ce1", "2ee6780c728fe0d17f0e49a2fc5081701cabb6709830dc5ddd48d57ecf1da154", "327ec487335d74e4cb2274fda32584646592cb465cb9933983d567543c33bae0", "33a85f67668d59accd4fcb7ad94bec55815c3efebf26a302875a7e29947b44f9", "37377bd36d7d46bb717a42d959114231165ef80cb43aed53cfb315b9cfaee693", "384a88aa045a2bdff9d8f4c559c2339a2dc9fe09a51e4cada6ce678de99e35e5", "e612a2ccdd0315fb7490d804b0befd8835d77efc0fcbd13a28805ff58e0d9f21"], "name": "internal_wutex_0x0000043c"}, {"hashes": ["01dfdcbc1c5a712ad5719072756748055311914c08458c9bf451affb40581212", "041dabd9edcf3c6e11e2f6dc0b5fa876e1cc9b57454df89f77850bf409da681e", "04b3192daa2bc747a2269e11be69e94ad4b46aac1a3ce833b2b35fc8ae526e53", "0d3c78ebbcbbf8f131eca632bea413e418b491edbb82cc4f5aaa0e7590573f1c", "126bfe53eb3e3d1c05c827ba28d4d14bc200dc6dfb07d42319b589e3b794f389", "1275e3cfeb6bcd1f45c4b7d8c894a8439eafde92232ef63451823093437a0788", "1418230802ed9bf38342d91015376a168bb604d47fd9dddc4e15d8c055c2d47b", "1a72c392397f85b0750f5487ed5342094353f1d87ca88711e27ab7d638b3d41d", "1bc6e1b9e060db9efb8fb508c9d14fff6ca84ae61e2dbe7a89aa44b71ca5e1ef", "1de3d63376eb25be9556b2dc07ef6d1746cc653733bc751afe0f275ad3f66883", "1ed4eb3a205a157fa0861b6f8f925b15923ee31215a16dfde29c5cba7e759877", "1f06519b71ee74ed5ab485355ec031c165dbf0cc68e2550705e9648548d3c9be", "1f5e7561abc5a3419c4770c0c1717012848a8e4a8e3d31f237af51fcf9275844", "21a919ce78c3911b87b904d9c7a91b3c21c0439b30f851e6119b3f3e0a02330e", "23fc4e653d62151714cc182e969f09dfb0b2c8e8b23ee1e8d370c937235d577b", "257456f0582a9387e104e919695dbd09479ea3d1b91535a5d185de28364d0f0c", "2a3427057a865172a65af32928e71f316d86ab21cd3891a29c99cc2152594d79", "2b22416fdc05a7a2be27f1c2c776232a412af0d53739bb36f2272867ff486dae", "2b84d2ee8e5e3db10522cdd4a95f6ebf4f281b5581af6efb090848a43d6b46df", "2bf5783ce8934164208cbd876a282fa87a18dc1a8c85f3880f770f64cdf48ce1", "2ee6780c728fe0d17f0e49a2fc5081701cabb6709830dc5ddd48d57ecf1da154", "327ec487335d74e4cb2274fda32584646592cb465cb9933983d567543c33bae0", "33a85f67668d59accd4fcb7ad94bec55815c3efebf26a302875a7e29947b44f9", "37377bd36d7d46bb717a42d959114231165ef80cb43aed53cfb315b9cfaee693", "384a88aa045a2bdff9d8f4c559c2339a2dc9fe09a51e4cada6ce678de99e35e5", "e612a2ccdd0315fb7490d804b0befd8835d77efc0fcbd13a28805ff58e0d9f21"], "name": "internal_wutex_0x000004dc"}, {"hashes": ["01dfdcbc1c5a712ad5719072756748055311914c08458c9bf451affb40581212", "041dabd9edcf3c6e11e2f6dc0b5fa876e1cc9b57454df89f77850bf409da681e", "04b3192daa2bc747a2269e11be69e94ad4b46aac1a3ce833b2b35fc8ae526e53", "0d3c78ebbcbbf8f131eca632bea413e418b491edbb82cc4f5aaa0e7590573f1c", "126bfe53eb3e3d1c05c827ba28d4d14bc200dc6dfb07d42319b589e3b794f389", "1275e3cfeb6bcd1f45c4b7d8c894a8439eafde92232ef63451823093437a0788", "1418230802ed9bf38342d91015376a168bb604d47fd9dddc4e15d8c055c2d47b", "1a72c392397f85b0750f5487ed5342094353f1d87ca88711e27ab7d638b3d41d", "1bc6e1b9e060db9efb8fb508c9d14fff6ca84ae61e2dbe7a89aa44b71ca5e1ef", "1de3d63376eb25be9556b2dc07ef6d1746cc653733bc751afe0f275ad3f66883", "1ed4eb3a205a157fa0861b6f8f925b15923ee31215a16dfde29c5cba7e759877", "1f06519b71ee74ed5ab485355ec031c165dbf0cc68e2550705e9648548d3c9be", "1f5e7561abc5a3419c4770c0c1717012848a8e4a8e3d31f237af51fcf9275844", "21a919ce78c3911b87b904d9c7a91b3c21c0439b30f851e6119b3f3e0a02330e", "23fc4e653d62151714cc182e969f09dfb0b2c8e8b23ee1e8d370c937235d577b", "257456f0582a9387e104e919695dbd09479ea3d1b91535a5d185de28364d0f0c", "2a3427057a865172a65af32928e71f316d86ab21cd3891a29c99cc2152594d79", "2b22416fdc05a7a2be27f1c2c776232a412af0d53739bb36f2272867ff486dae", "2b84d2ee8e5e3db10522cdd4a95f6ebf4f281b5581af6efb090848a43d6b46df", "2bf5783ce8934164208cbd876a282fa87a18dc1a8c85f3880f770f64cdf48ce1", "2ee6780c728fe0d17f0e49a2fc5081701cabb6709830dc5ddd48d57ecf1da154", "327ec487335d74e4cb2274fda32584646592cb465cb9933983d567543c33bae0", "33a85f67668d59accd4fcb7ad94bec55815c3efebf26a302875a7e29947b44f9", "37377bd36d7d46bb717a42d959114231165ef80cb43aed53cfb315b9cfaee693", "384a88aa045a2bdff9d8f4c559c2339a2dc9fe09a51e4cada6ce678de99e35e5", "e612a2ccdd0315fb7490d804b0befd8835d77efc0fcbd13a28805ff58e0d9f21"], "name": "internal_wutex_0x<random, matching [0-9a-f]{8}>"}], "registry": [{"hashes": ["01dfdcbc1c5a712ad5719072756748055311914c08458c9bf451affb40581212", "041dabd9edcf3c6e11e2f6dc0b5fa876e1cc9b57454df89f77850bf409da681e", "04b3192daa2bc747a2269e11be69e94ad4b46aac1a3ce833b2b35fc8ae526e53", "0d3c78ebbcbbf8f131eca632bea413e418b491edbb82cc4f5aaa0e7590573f1c", "126bfe53eb3e3d1c05c827ba28d4d14bc200dc6dfb07d42319b589e3b794f389", "1275e3cfeb6bcd1f45c4b7d8c894a8439eafde92232ef63451823093437a0788", "1418230802ed9bf38342d91015376a168bb604d47fd9dddc4e15d8c055c2d47b", "1a72c392397f85b0750f5487ed5342094353f1d87ca88711e27ab7d638b3d41d", "1bc6e1b9e060db9efb8fb508c9d14fff6ca84ae61e2dbe7a89aa44b71ca5e1ef", "1de3d63376eb25be9556b2dc07ef6d1746cc653733bc751afe0f275ad3f66883", "1ed4eb3a205a157fa0861b6f8f925b15923ee31215a16dfde29c5cba7e759877", "1f06519b71ee74ed5ab485355ec031c165dbf0cc68e2550705e9648548d3c9be", "1f5e7561abc5a3419c4770c0c1717012848a8e4a8e3d31f237af51fcf9275844", "21a919ce78c3911b87b904d9c7a91b3c21c0439b30f851e6119b3f3e0a02330e", "23fc4e653d62151714cc182e969f09dfb0b2c8e8b23ee1e8d370c937235d577b", "257456f0582a9387e104e919695dbd09479ea3d1b91535a5d185de28364d0f0c", "2a3427057a865172a65af32928e71f316d86ab21cd3891a29c99cc2152594d79", "2b22416fdc05a7a2be27f1c2c776232a412af0d53739bb36f2272867ff486dae", "2b84d2ee8e5e3db10522cdd4a95f6ebf4f281b5581af6efb090848a43d6b46df", "2bf5783ce8934164208cbd876a282fa87a18dc1a8c85f3880f770f64cdf48ce1", "2ee6780c728fe0d17f0e49a2fc5081701cabb6709830dc5ddd48d57ecf1da154", "327ec487335d74e4cb2274fda32584646592cb465cb9933983d567543c33bae0", "33a85f67668d59accd4fcb7ad94bec55815c3efebf26a302875a7e29947b44f9", "37377bd36d7d46bb717a42d959114231165ef80cb43aed53cfb315b9cfaee693", "384a88aa045a2bdff9d8f4c559c2339a2dc9fe09a51e4cada6ce678de99e35e5", "e612a2ccdd0315fb7490d804b0befd8835d77efc0fcbd13a28805ff58e0d9f21"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT", "value_name": "67497551a"}, {"hashes": ["01dfdcbc1c5a712ad5719072756748055311914c08458c9bf451affb40581212", "041dabd9edcf3c6e11e2f6dc0b5fa876e1cc9b57454df89f77850bf409da681e", "04b3192daa2bc747a2269e11be69e94ad4b46aac1a3ce833b2b35fc8ae526e53", "0d3c78ebbcbbf8f131eca632bea413e418b491edbb82cc4f5aaa0e7590573f1c", "126bfe53eb3e3d1c05c827ba28d4d14bc200dc6dfb07d42319b589e3b794f389", "1275e3cfeb6bcd1f45c4b7d8c894a8439eafde92232ef63451823093437a0788", "1418230802ed9bf38342d91015376a168bb604d47fd9dddc4e15d8c055c2d47b", "1a72c392397f85b0750f5487ed5342094353f1d87ca88711e27ab7d638b3d41d", "1bc6e1b9e060db9efb8fb508c9d14fff6ca84ae61e2dbe7a89aa44b71ca5e1ef", "1de3d63376eb25be9556b2dc07ef6d1746cc653733bc751afe0f275ad3f66883", "1ed4eb3a205a157fa0861b6f8f925b15923ee31215a16dfde29c5cba7e759877", "1f06519b71ee74ed5ab485355ec031c165dbf0cc68e2550705e9648548d3c9be", "1f5e7561abc5a3419c4770c0c1717012848a8e4a8e3d31f237af51fcf9275844", "21a919ce78c3911b87b904d9c7a91b3c21c0439b30f851e6119b3f3e0a02330e", "23fc4e653d62151714cc182e969f09dfb0b2c8e8b23ee1e8d370c937235d577b", "257456f0582a9387e104e919695dbd09479ea3d1b91535a5d185de28364d0f0c", "2a3427057a865172a65af32928e71f316d86ab21cd3891a29c99cc2152594d79", "2b22416fdc05a7a2be27f1c2c776232a412af0d53739bb36f2272867ff486dae", "2b84d2ee8e5e3db10522cdd4a95f6ebf4f281b5581af6efb090848a43d6b46df", "2bf5783ce8934164208cbd876a282fa87a18dc1a8c85f3880f770f64cdf48ce1", "2ee6780c728fe0d17f0e49a2fc5081701cabb6709830dc5ddd48d57ecf1da154", "327ec487335d74e4cb2274fda32584646592cb465cb9933983d567543c33bae0", "33a85f67668d59accd4fcb7ad94bec55815c3efebf26a302875a7e29947b44f9", "37377bd36d7d46bb717a42d959114231165ef80cb43aed53cfb315b9cfaee693", "384a88aa045a2bdff9d8f4c559c2339a2dc9fe09a51e4cada6ce678de99e35e5", "e612a2ccdd0315fb7490d804b0befd8835d77efc0fcbd13a28805ff58e0d9f21"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINLOGON", "value_name": "98b68e3c"}, {"hashes": ["01dfdcbc1c5a712ad5719072756748055311914c08458c9bf451affb40581212", "041dabd9edcf3c6e11e2f6dc0b5fa876e1cc9b57454df89f77850bf409da681e", "04b3192daa2bc747a2269e11be69e94ad4b46aac1a3ce833b2b35fc8ae526e53", "0d3c78ebbcbbf8f131eca632bea413e418b491edbb82cc4f5aaa0e7590573f1c", "126bfe53eb3e3d1c05c827ba28d4d14bc200dc6dfb07d42319b589e3b794f389", "1275e3cfeb6bcd1f45c4b7d8c894a8439eafde92232ef63451823093437a0788", "1418230802ed9bf38342d91015376a168bb604d47fd9dddc4e15d8c055c2d47b", "1a72c392397f85b0750f5487ed5342094353f1d87ca88711e27ab7d638b3d41d", "1bc6e1b9e060db9efb8fb508c9d14fff6ca84ae61e2dbe7a89aa44b71ca5e1ef", "1de3d63376eb25be9556b2dc07ef6d1746cc653733bc751afe0f275ad3f66883", "1ed4eb3a205a157fa0861b6f8f925b15923ee31215a16dfde29c5cba7e759877", "1f06519b71ee74ed5ab485355ec031c165dbf0cc68e2550705e9648548d3c9be", "1f5e7561abc5a3419c4770c0c1717012848a8e4a8e3d31f237af51fcf9275844", "21a919ce78c3911b87b904d9c7a91b3c21c0439b30f851e6119b3f3e0a02330e", "23fc4e653d62151714cc182e969f09dfb0b2c8e8b23ee1e8d370c937235d577b", "257456f0582a9387e104e919695dbd09479ea3d1b91535a5d185de28364d0f0c", "2a3427057a865172a65af32928e71f316d86ab21cd3891a29c99cc2152594d79", "2b22416fdc05a7a2be27f1c2c776232a412af0d53739bb36f2272867ff486dae", "2b84d2ee8e5e3db10522cdd4a95f6ebf4f281b5581af6efb090848a43d6b46df", "2bf5783ce8934164208cbd876a282fa87a18dc1a8c85f3880f770f64cdf48ce1", "2ee6780c728fe0d17f0e49a2fc5081701cabb6709830dc5ddd48d57ecf1da154", "327ec487335d74e4cb2274fda32584646592cb465cb9933983d567543c33bae0", "33a85f67668d59accd4fcb7ad94bec55815c3efebf26a302875a7e29947b44f9", "37377bd36d7d46bb717a42d959114231165ef80cb43aed53cfb315b9cfaee693", "384a88aa045a2bdff9d8f4c559c2339a2dc9fe09a51e4cada6ce678de99e35e5", "e612a2ccdd0315fb7490d804b0befd8835d77efc0fcbd13a28805ff58e0d9f21"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINLOGON", "value_name": "userinit"}, {"hashes": ["01dfdcbc1c5a712ad5719072756748055311914c08458c9bf451affb40581212", "041dabd9edcf3c6e11e2f6dc0b5fa876e1cc9b57454df89f77850bf409da681e", "04b3192daa2bc747a2269e11be69e94ad4b46aac1a3ce833b2b35fc8ae526e53", "0d3c78ebbcbbf8f131eca632bea413e418b491edbb82cc4f5aaa0e7590573f1c", "126bfe53eb3e3d1c05c827ba28d4d14bc200dc6dfb07d42319b589e3b794f389", "1275e3cfeb6bcd1f45c4b7d8c894a8439eafde92232ef63451823093437a0788", "1418230802ed9bf38342d91015376a168bb604d47fd9dddc4e15d8c055c2d47b", "1a72c392397f85b0750f5487ed5342094353f1d87ca88711e27ab7d638b3d41d", "1bc6e1b9e060db9efb8fb508c9d14fff6ca84ae61e2dbe7a89aa44b71ca5e1ef", "1de3d63376eb25be9556b2dc07ef6d1746cc653733bc751afe0f275ad3f66883", "1ed4eb3a205a157fa0861b6f8f925b15923ee31215a16dfde29c5cba7e759877", "1f06519b71ee74ed5ab485355ec031c165dbf0cc68e2550705e9648548d3c9be", "1f5e7561abc5a3419c4770c0c1717012848a8e4a8e3d31f237af51fcf9275844", "21a919ce78c3911b87b904d9c7a91b3c21c0439b30f851e6119b3f3e0a02330e", "23fc4e653d62151714cc182e969f09dfb0b2c8e8b23ee1e8d370c937235d577b", "257456f0582a9387e104e919695dbd09479ea3d1b91535a5d185de28364d0f0c", "2a3427057a865172a65af32928e71f316d86ab21cd3891a29c99cc2152594d79", "2b22416fdc05a7a2be27f1c2c776232a412af0d53739bb36f2272867ff486dae", "2b84d2ee8e5e3db10522cdd4a95f6ebf4f281b5581af6efb090848a43d6b46df", "2bf5783ce8934164208cbd876a282fa87a18dc1a8c85f3880f770f64cdf48ce1", "2ee6780c728fe0d17f0e49a2fc5081701cabb6709830dc5ddd48d57ecf1da154", "327ec487335d74e4cb2274fda32584646592cb465cb9933983d567543c33bae0", "33a85f67668d59accd4fcb7ad94bec55815c3efebf26a302875a7e29947b44f9", "37377bd36d7d46bb717a42d959114231165ef80cb43aed53cfb315b9cfaee693", "384a88aa045a2bdff9d8f4c559c2339a2dc9fe09a51e4cada6ce678de99e35e5", "e612a2ccdd0315fb7490d804b0befd8835d77efc0fcbd13a28805ff58e0d9f21"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINLOGON", "value_name": "System"}, {"hashes": ["01dfdcbc1c5a712ad5719072756748055311914c08458c9bf451affb40581212", "041dabd9edcf3c6e11e2f6dc0b5fa876e1cc9b57454df89f77850bf409da681e", "04b3192daa2bc747a2269e11be69e94ad4b46aac1a3ce833b2b35fc8ae526e53", "0d3c78ebbcbbf8f131eca632bea413e418b491edbb82cc4f5aaa0e7590573f1c", "126bfe53eb3e3d1c05c827ba28d4d14bc200dc6dfb07d42319b589e3b794f389", "1275e3cfeb6bcd1f45c4b7d8c894a8439eafde92232ef63451823093437a0788", "1418230802ed9bf38342d91015376a168bb604d47fd9dddc4e15d8c055c2d47b", "1a72c392397f85b0750f5487ed5342094353f1d87ca88711e27ab7d638b3d41d", "1bc6e1b9e060db9efb8fb508c9d14fff6ca84ae61e2dbe7a89aa44b71ca5e1ef", "1de3d63376eb25be9556b2dc07ef6d1746cc653733bc751afe0f275ad3f66883", "1ed4eb3a205a157fa0861b6f8f925b15923ee31215a16dfde29c5cba7e759877", "1f06519b71ee74ed5ab485355ec031c165dbf0cc68e2550705e9648548d3c9be", "1f5e7561abc5a3419c4770c0c1717012848a8e4a8e3d31f237af51fcf9275844", "21a919ce78c3911b87b904d9c7a91b3c21c0439b30f851e6119b3f3e0a02330e", "23fc4e653d62151714cc182e969f09dfb0b2c8e8b23ee1e8d370c937235d577b", "257456f0582a9387e104e919695dbd09479ea3d1b91535a5d185de28364d0f0c", "2a3427057a865172a65af32928e71f316d86ab21cd3891a29c99cc2152594d79", "2b22416fdc05a7a2be27f1c2c776232a412af0d53739bb36f2272867ff486dae", "2b84d2ee8e5e3db10522cdd4a95f6ebf4f281b5581af6efb090848a43d6b46df", "2bf5783ce8934164208cbd876a282fa87a18dc1a8c85f3880f770f64cdf48ce1", "2ee6780c728fe0d17f0e49a2fc5081701cabb6709830dc5ddd48d57ecf1da154", "327ec487335d74e4cb2274fda32584646592cb465cb9933983d567543c33bae0", "33a85f67668d59accd4fcb7ad94bec55815c3efebf26a302875a7e29947b44f9", "37377bd36d7d46bb717a42d959114231165ef80cb43aed53cfb315b9cfaee693", "384a88aa045a2bdff9d8f4c559c2339a2dc9fe09a51e4cada6ce678de99e35e5", "e612a2ccdd0315fb7490d804b0befd8835d77efc0fcbd13a28805ff58e0d9f21"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS", "value_name": "load"}, {"hashes": ["01dfdcbc1c5a712ad5719072756748055311914c08458c9bf451affb40581212", "041dabd9edcf3c6e11e2f6dc0b5fa876e1cc9b57454df89f77850bf409da681e", "04b3192daa2bc747a2269e11be69e94ad4b46aac1a3ce833b2b35fc8ae526e53", "0d3c78ebbcbbf8f131eca632bea413e418b491edbb82cc4f5aaa0e7590573f1c", "126bfe53eb3e3d1c05c827ba28d4d14bc200dc6dfb07d42319b589e3b794f389", "1275e3cfeb6bcd1f45c4b7d8c894a8439eafde92232ef63451823093437a0788", "1418230802ed9bf38342d91015376a168bb604d47fd9dddc4e15d8c055c2d47b", "1a72c392397f85b0750f5487ed5342094353f1d87ca88711e27ab7d638b3d41d", "1bc6e1b9e060db9efb8fb508c9d14fff6ca84ae61e2dbe7a89aa44b71ca5e1ef", "1de3d63376eb25be9556b2dc07ef6d1746cc653733bc751afe0f275ad3f66883", "1ed4eb3a205a157fa0861b6f8f925b15923ee31215a16dfde29c5cba7e759877", "1f06519b71ee74ed5ab485355ec031c165dbf0cc68e2550705e9648548d3c9be", "1f5e7561abc5a3419c4770c0c1717012848a8e4a8e3d31f237af51fcf9275844", "21a919ce78c3911b87b904d9c7a91b3c21c0439b30f851e6119b3f3e0a02330e", "23fc4e653d62151714cc182e969f09dfb0b2c8e8b23ee1e8d370c937235d577b", "257456f0582a9387e104e919695dbd09479ea3d1b91535a5d185de28364d0f0c", "2a3427057a865172a65af32928e71f316d86ab21cd3891a29c99cc2152594d79", "2b22416fdc05a7a2be27f1c2c776232a412af0d53739bb36f2272867ff486dae", "2b84d2ee8e5e3db10522cdd4a95f6ebf4f281b5581af6efb090848a43d6b46df", "2bf5783ce8934164208cbd876a282fa87a18dc1a8c85f3880f770f64cdf48ce1", "2ee6780c728fe0d17f0e49a2fc5081701cabb6709830dc5ddd48d57ecf1da154", "327ec487335d74e4cb2274fda32584646592cb465cb9933983d567543c33bae0", "33a85f67668d59accd4fcb7ad94bec55815c3efebf26a302875a7e29947b44f9", "37377bd36d7d46bb717a42d959114231165ef80cb43aed53cfb315b9cfaee693", "384a88aa045a2bdff9d8f4c559c2339a2dc9fe09a51e4cada6ce678de99e35e5", "e612a2ccdd0315fb7490d804b0befd8835d77efc0fcbd13a28805ff58e0d9f21"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS", "value_name": "run"}, {"hashes": ["01dfdcbc1c5a712ad5719072756748055311914c08458c9bf451affb40581212", "041dabd9edcf3c6e11e2f6dc0b5fa876e1cc9b57454df89f77850bf409da681e", "04b3192daa2bc747a2269e11be69e94ad4b46aac1a3ce833b2b35fc8ae526e53", "0d3c78ebbcbbf8f131eca632bea413e418b491edbb82cc4f5aaa0e7590573f1c", "126bfe53eb3e3d1c05c827ba28d4d14bc200dc6dfb07d42319b589e3b794f389", "1275e3cfeb6bcd1f45c4b7d8c894a8439eafde92232ef63451823093437a0788", "1418230802ed9bf38342d91015376a168bb604d47fd9dddc4e15d8c055c2d47b", "1a72c392397f85b0750f5487ed5342094353f1d87ca88711e27ab7d638b3d41d", "1bc6e1b9e060db9efb8fb508c9d14fff6ca84ae61e2dbe7a89aa44b71ca5e1ef", "1de3d63376eb25be9556b2dc07ef6d1746cc653733bc751afe0f275ad3f66883", "1ed4eb3a205a157fa0861b6f8f925b15923ee31215a16dfde29c5cba7e759877", "1f06519b71ee74ed5ab485355ec031c165dbf0cc68e2550705e9648548d3c9be", "1f5e7561abc5a3419c4770c0c1717012848a8e4a8e3d31f237af51fcf9275844", "21a919ce78c3911b87b904d9c7a91b3c21c0439b30f851e6119b3f3e0a02330e", "23fc4e653d62151714cc182e969f09dfb0b2c8e8b23ee1e8d370c937235d577b", "257456f0582a9387e104e919695dbd09479ea3d1b91535a5d185de28364d0f0c", "2a3427057a865172a65af32928e71f316d86ab21cd3891a29c99cc2152594d79", "2b22416fdc05a7a2be27f1c2c776232a412af0d53739bb36f2272867ff486dae", "2b84d2ee8e5e3db10522cdd4a95f6ebf4f281b5581af6efb090848a43d6b46df", "2bf5783ce8934164208cbd876a282fa87a18dc1a8c85f3880f770f64cdf48ce1", "2ee6780c728fe0d17f0e49a2fc5081701cabb6709830dc5ddd48d57ecf1da154", "327ec487335d74e4cb2274fda32584646592cb465cb9933983d567543c33bae0", "33a85f67668d59accd4fcb7ad94bec55815c3efebf26a302875a7e29947b44f9", "37377bd36d7d46bb717a42d959114231165ef80cb43aed53cfb315b9cfaee693", "384a88aa045a2bdff9d8f4c559c2339a2dc9fe09a51e4cada6ce678de99e35e5", "e612a2ccdd0315fb7490d804b0befd8835d77efc0fcbd13a28805ff58e0d9f21"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "userinit"}]}, "reports_count": 26}, "Win.Dropper.XtremeRAT-9995385-0": {"bis": [{"bi": "memory-execute-readwrite", "hashes": ["c07b2bac3d957040c25f06d8bc351788da435824429dace97b2df8cdc366dfc9", "681996e3e20f98499fc512dd1d5627cf52d0fd1b39ee8071df3246d22d249bb0", "1665e7cc8465122f23aa001de3f69d41e580c7d2db75a34da8525a95d65a61b4", "a47478698fec25818bf5ccafb2b39aceaa3199092cd1bd8217ed314e47b5d519", "52903f4d467243d22524f4debc6a3c34d435d9837208989d1080f8c18456f1aa", "499a60e3be3aeeb69b8e8466322f86471ada67633ce9833298c3db989866c33e", "4444be8235b07a7528f111d3536e53f99c0d53dab2951f22de20219515fe8242", "baef80b3ad9f039e30a5951bdd740b56b2c7633a9971edaf6721ed0200249cf2", "6a041d3aa2b070ac1a6a422a36a670da0c9003ee8cf0f8b1aa6094b8eb86b9c9", "c8628d0972489c416e3f215a98c1aed5fe1b2c33808a523e55fcc04eb9195efb", "cb2bc3233fd60c70478933263fcb90805e7667744d7bd0096d3944cd154215c3", "3c7b6b60c444fdd79d074b8ba34644a732cc2983b0b77026ee3b2aee07542c01", "90dc84228efa527f47416c1ed04b4dd70c7232c21d05ffb3dfc58f9db7679862", "dbcc3e2d3cf8423c7572380389a5321fbbf6f9cc49724c7f5341ee376974eaa5", "f435cfe891cab8b5b95c9c5327c255fa0274e43b58c8601eaab959fe401382e7"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["c07b2bac3d957040c25f06d8bc351788da435824429dace97b2df8cdc366dfc9", "681996e3e20f98499fc512dd1d5627cf52d0fd1b39ee8071df3246d22d249bb0", "1665e7cc8465122f23aa001de3f69d41e580c7d2db75a34da8525a95d65a61b4", "a47478698fec25818bf5ccafb2b39aceaa3199092cd1bd8217ed314e47b5d519", "52903f4d467243d22524f4debc6a3c34d435d9837208989d1080f8c18456f1aa", "499a60e3be3aeeb69b8e8466322f86471ada67633ce9833298c3db989866c33e", "4444be8235b07a7528f111d3536e53f99c0d53dab2951f22de20219515fe8242", "baef80b3ad9f039e30a5951bdd740b56b2c7633a9971edaf6721ed0200249cf2", "6a041d3aa2b070ac1a6a422a36a670da0c9003ee8cf0f8b1aa6094b8eb86b9c9", "c8628d0972489c416e3f215a98c1aed5fe1b2c33808a523e55fcc04eb9195efb", "cb2bc3233fd60c70478933263fcb90805e7667744d7bd0096d3944cd154215c3", "3c7b6b60c444fdd79d074b8ba34644a732cc2983b0b77026ee3b2aee07542c01", "90dc84228efa527f47416c1ed04b4dd70c7232c21d05ffb3dfc58f9db7679862", "dbcc3e2d3cf8423c7572380389a5321fbbf6f9cc49724c7f5341ee376974eaa5", "f435cfe891cab8b5b95c9c5327c255fa0274e43b58c8601eaab959fe401382e7"], "mitre_attack_tags": []}, {"bi": "pe-invalid-checksum", "hashes": ["c07b2bac3d957040c25f06d8bc351788da435824429dace97b2df8cdc366dfc9", "681996e3e20f98499fc512dd1d5627cf52d0fd1b39ee8071df3246d22d249bb0", "1665e7cc8465122f23aa001de3f69d41e580c7d2db75a34da8525a95d65a61b4", "a47478698fec25818bf5ccafb2b39aceaa3199092cd1bd8217ed314e47b5d519", "52903f4d467243d22524f4debc6a3c34d435d9837208989d1080f8c18456f1aa", "499a60e3be3aeeb69b8e8466322f86471ada67633ce9833298c3db989866c33e", "4444be8235b07a7528f111d3536e53f99c0d53dab2951f22de20219515fe8242", "baef80b3ad9f039e30a5951bdd740b56b2c7633a9971edaf6721ed0200249cf2", "6a041d3aa2b070ac1a6a422a36a670da0c9003ee8cf0f8b1aa6094b8eb86b9c9", "c8628d0972489c416e3f215a98c1aed5fe1b2c33808a523e55fcc04eb9195efb", "cb2bc3233fd60c70478933263fcb90805e7667744d7bd0096d3944cd154215c3", "3c7b6b60c444fdd79d074b8ba34644a732cc2983b0b77026ee3b2aee07542c01", "90dc84228efa527f47416c1ed04b4dd70c7232c21d05ffb3dfc58f9db7679862", "dbcc3e2d3cf8423c7572380389a5321fbbf6f9cc49724c7f5341ee376974eaa5", "f435cfe891cab8b5b95c9c5327c255fa0274e43b58c8601eaab959fe401382e7"], "mitre_attack_tags": []}, {"bi": "pe-uses-visual-basic", "hashes": ["c07b2bac3d957040c25f06d8bc351788da435824429dace97b2df8cdc366dfc9", "681996e3e20f98499fc512dd1d5627cf52d0fd1b39ee8071df3246d22d249bb0", "1665e7cc8465122f23aa001de3f69d41e580c7d2db75a34da8525a95d65a61b4", "a47478698fec25818bf5ccafb2b39aceaa3199092cd1bd8217ed314e47b5d519", "52903f4d467243d22524f4debc6a3c34d435d9837208989d1080f8c18456f1aa", "499a60e3be3aeeb69b8e8466322f86471ada67633ce9833298c3db989866c33e", "4444be8235b07a7528f111d3536e53f99c0d53dab2951f22de20219515fe8242", "baef80b3ad9f039e30a5951bdd740b56b2c7633a9971edaf6721ed0200249cf2", "6a041d3aa2b070ac1a6a422a36a670da0c9003ee8cf0f8b1aa6094b8eb86b9c9", "c8628d0972489c416e3f215a98c1aed5fe1b2c33808a523e55fcc04eb9195efb", "cb2bc3233fd60c70478933263fcb90805e7667744d7bd0096d3944cd154215c3", "3c7b6b60c444fdd79d074b8ba34644a732cc2983b0b77026ee3b2aee07542c01", "90dc84228efa527f47416c1ed04b4dd70c7232c21d05ffb3dfc58f9db7679862", "dbcc3e2d3cf8423c7572380389a5321fbbf6f9cc49724c7f5341ee376974eaa5", "f435cfe891cab8b5b95c9c5327c255fa0274e43b58c8601eaab959fe401382e7"], "mitre_attack_tags": []}, {"bi": "modified-executable", "hashes": ["c07b2bac3d957040c25f06d8bc351788da435824429dace97b2df8cdc366dfc9", "681996e3e20f98499fc512dd1d5627cf52d0fd1b39ee8071df3246d22d249bb0", "a47478698fec25818bf5ccafb2b39aceaa3199092cd1bd8217ed314e47b5d519", "52903f4d467243d22524f4debc6a3c34d435d9837208989d1080f8c18456f1aa", "499a60e3be3aeeb69b8e8466322f86471ada67633ce9833298c3db989866c33e", "4444be8235b07a7528f111d3536e53f99c0d53dab2951f22de20219515fe8242", "baef80b3ad9f039e30a5951bdd740b56b2c7633a9971edaf6721ed0200249cf2", "6a041d3aa2b070ac1a6a422a36a670da0c9003ee8cf0f8b1aa6094b8eb86b9c9", "c8628d0972489c416e3f215a98c1aed5fe1b2c33808a523e55fcc04eb9195efb", "cb2bc3233fd60c70478933263fcb90805e7667744d7bd0096d3944cd154215c3", "3c7b6b60c444fdd79d074b8ba34644a732cc2983b0b77026ee3b2aee07542c01", "90dc84228efa527f47416c1ed04b4dd70c7232c21d05ffb3dfc58f9db7679862"], "mitre_attack_tags": []}, {"bi": "modified-file-in-user-dir", "hashes": ["c07b2bac3d957040c25f06d8bc351788da435824429dace97b2df8cdc366dfc9", "681996e3e20f98499fc512dd1d5627cf52d0fd1b39ee8071df3246d22d249bb0", "a47478698fec25818bf5ccafb2b39aceaa3199092cd1bd8217ed314e47b5d519", "52903f4d467243d22524f4debc6a3c34d435d9837208989d1080f8c18456f1aa", "499a60e3be3aeeb69b8e8466322f86471ada67633ce9833298c3db989866c33e", "4444be8235b07a7528f111d3536e53f99c0d53dab2951f22de20219515fe8242", "baef80b3ad9f039e30a5951bdd740b56b2c7633a9971edaf6721ed0200249cf2", "6a041d3aa2b070ac1a6a422a36a670da0c9003ee8cf0f8b1aa6094b8eb86b9c9", "c8628d0972489c416e3f215a98c1aed5fe1b2c33808a523e55fcc04eb9195efb", "cb2bc3233fd60c70478933263fcb90805e7667744d7bd0096d3944cd154215c3", "3c7b6b60c444fdd79d074b8ba34644a732cc2983b0b77026ee3b2aee07542c01", "90dc84228efa527f47416c1ed04b4dd70c7232c21d05ffb3dfc58f9db7679862"], "mitre_attack_tags": []}, {"bi": "network-fast-flux-nameserver", "hashes": ["c07b2bac3d957040c25f06d8bc351788da435824429dace97b2df8cdc366dfc9", "681996e3e20f98499fc512dd1d5627cf52d0fd1b39ee8071df3246d22d249bb0", "a47478698fec25818bf5ccafb2b39aceaa3199092cd1bd8217ed314e47b5d519", "52903f4d467243d22524f4debc6a3c34d435d9837208989d1080f8c18456f1aa", "499a60e3be3aeeb69b8e8466322f86471ada67633ce9833298c3db989866c33e", "4444be8235b07a7528f111d3536e53f99c0d53dab2951f22de20219515fe8242", "baef80b3ad9f039e30a5951bdd740b56b2c7633a9971edaf6721ed0200249cf2", "6a041d3aa2b070ac1a6a422a36a670da0c9003ee8cf0f8b1aa6094b8eb86b9c9", "c8628d0972489c416e3f215a98c1aed5fe1b2c33808a523e55fcc04eb9195efb", "cb2bc3233fd60c70478933263fcb90805e7667744d7bd0096d3944cd154215c3", "3c7b6b60c444fdd79d074b8ba34644a732cc2983b0b77026ee3b2aee07542c01", "90dc84228efa527f47416c1ed04b4dd70c7232c21d05ffb3dfc58f9db7679862"], "mitre_attack_tags": []}, {"bi": "network-dns-category-dynamic", "hashes": ["c07b2bac3d957040c25f06d8bc351788da435824429dace97b2df8cdc366dfc9", "681996e3e20f98499fc512dd1d5627cf52d0fd1b39ee8071df3246d22d249bb0", "a47478698fec25818bf5ccafb2b39aceaa3199092cd1bd8217ed314e47b5d519", "52903f4d467243d22524f4debc6a3c34d435d9837208989d1080f8c18456f1aa", "499a60e3be3aeeb69b8e8466322f86471ada67633ce9833298c3db989866c33e", "4444be8235b07a7528f111d3536e53f99c0d53dab2951f22de20219515fe8242", "baef80b3ad9f039e30a5951bdd740b56b2c7633a9971edaf6721ed0200249cf2", "6a041d3aa2b070ac1a6a422a36a670da0c9003ee8cf0f8b1aa6094b8eb86b9c9", "c8628d0972489c416e3f215a98c1aed5fe1b2c33808a523e55fcc04eb9195efb", "cb2bc3233fd60c70478933263fcb90805e7667744d7bd0096d3944cd154215c3", "3c7b6b60c444fdd79d074b8ba34644a732cc2983b0b77026ee3b2aee07542c01", "90dc84228efa527f47416c1ed04b4dd70c7232c21d05ffb3dfc58f9db7679862"], "mitre_attack_tags": []}, {"bi": "excessive-foreign-memory-modification", "hashes": ["c07b2bac3d957040c25f06d8bc351788da435824429dace97b2df8cdc366dfc9", "681996e3e20f98499fc512dd1d5627cf52d0fd1b39ee8071df3246d22d249bb0", "a47478698fec25818bf5ccafb2b39aceaa3199092cd1bd8217ed314e47b5d519", "52903f4d467243d22524f4debc6a3c34d435d9837208989d1080f8c18456f1aa", "499a60e3be3aeeb69b8e8466322f86471ada67633ce9833298c3db989866c33e", "4444be8235b07a7528f111d3536e53f99c0d53dab2951f22de20219515fe8242", "baef80b3ad9f039e30a5951bdd740b56b2c7633a9971edaf6721ed0200249cf2", "6a041d3aa2b070ac1a6a422a36a670da0c9003ee8cf0f8b1aa6094b8eb86b9c9", "c8628d0972489c416e3f215a98c1aed5fe1b2c33808a523e55fcc04eb9195efb", "cb2bc3233fd60c70478933263fcb90805e7667744d7bd0096d3944cd154215c3", "3c7b6b60c444fdd79d074b8ba34644a732cc2983b0b77026ee3b2aee07542c01", "90dc84228efa527f47416c1ed04b4dd70c7232c21d05ffb3dfc58f9db7679862"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "sample-launched-copy-of-self", "hashes": ["c07b2bac3d957040c25f06d8bc351788da435824429dace97b2df8cdc366dfc9", "681996e3e20f98499fc512dd1d5627cf52d0fd1b39ee8071df3246d22d249bb0", "a47478698fec25818bf5ccafb2b39aceaa3199092cd1bd8217ed314e47b5d519", "52903f4d467243d22524f4debc6a3c34d435d9837208989d1080f8c18456f1aa", "499a60e3be3aeeb69b8e8466322f86471ada67633ce9833298c3db989866c33e", "4444be8235b07a7528f111d3536e53f99c0d53dab2951f22de20219515fe8242", "baef80b3ad9f039e30a5951bdd740b56b2c7633a9971edaf6721ed0200249cf2", "6a041d3aa2b070ac1a6a422a36a670da0c9003ee8cf0f8b1aa6094b8eb86b9c9", "c8628d0972489c416e3f215a98c1aed5fe1b2c33808a523e55fcc04eb9195efb", "cb2bc3233fd60c70478933263fcb90805e7667744d7bd0096d3944cd154215c3", "3c7b6b60c444fdd79d074b8ba34644a732cc2983b0b77026ee3b2aee07542c01", "90dc84228efa527f47416c1ed04b4dd70c7232c21d05ffb3dfc58f9db7679862"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "process-svchost-suspicious-launch", "hashes": ["c07b2bac3d957040c25f06d8bc351788da435824429dace97b2df8cdc366dfc9", "681996e3e20f98499fc512dd1d5627cf52d0fd1b39ee8071df3246d22d249bb0", "a47478698fec25818bf5ccafb2b39aceaa3199092cd1bd8217ed314e47b5d519", "52903f4d467243d22524f4debc6a3c34d435d9837208989d1080f8c18456f1aa", "499a60e3be3aeeb69b8e8466322f86471ada67633ce9833298c3db989866c33e", "4444be8235b07a7528f111d3536e53f99c0d53dab2951f22de20219515fe8242", "baef80b3ad9f039e30a5951bdd740b56b2c7633a9971edaf6721ed0200249cf2", "6a041d3aa2b070ac1a6a422a36a670da0c9003ee8cf0f8b1aa6094b8eb86b9c9", "c8628d0972489c416e3f215a98c1aed5fe1b2c33808a523e55fcc04eb9195efb", "cb2bc3233fd60c70478933263fcb90805e7667744d7bd0096d3944cd154215c3", "3c7b6b60c444fdd79d074b8ba34644a732cc2983b0b77026ee3b2aee07542c01", "90dc84228efa527f47416c1ed04b4dd70c7232c21d05ffb3dfc58f9db7679862"], "mitre_attack_tags": ["TA0005", "T1036"]}, {"bi": "registry-autorun-key-modified", "hashes": ["c07b2bac3d957040c25f06d8bc351788da435824429dace97b2df8cdc366dfc9", "681996e3e20f98499fc512dd1d5627cf52d0fd1b39ee8071df3246d22d249bb0", "a47478698fec25818bf5ccafb2b39aceaa3199092cd1bd8217ed314e47b5d519", "52903f4d467243d22524f4debc6a3c34d435d9837208989d1080f8c18456f1aa", "499a60e3be3aeeb69b8e8466322f86471ada67633ce9833298c3db989866c33e", "4444be8235b07a7528f111d3536e53f99c0d53dab2951f22de20219515fe8242", "baef80b3ad9f039e30a5951bdd740b56b2c7633a9971edaf6721ed0200249cf2", "6a041d3aa2b070ac1a6a422a36a670da0c9003ee8cf0f8b1aa6094b8eb86b9c9", "c8628d0972489c416e3f215a98c1aed5fe1b2c33808a523e55fcc04eb9195efb", "cb2bc3233fd60c70478933263fcb90805e7667744d7bd0096d3944cd154215c3", "3c7b6b60c444fdd79d074b8ba34644a732cc2983b0b77026ee3b2aee07542c01", "90dc84228efa527f47416c1ed04b4dd70c7232c21d05ffb3dfc58f9db7679862"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "potential-registry-persistence", "hashes": ["c07b2bac3d957040c25f06d8bc351788da435824429dace97b2df8cdc366dfc9", "681996e3e20f98499fc512dd1d5627cf52d0fd1b39ee8071df3246d22d249bb0", "a47478698fec25818bf5ccafb2b39aceaa3199092cd1bd8217ed314e47b5d519", "52903f4d467243d22524f4debc6a3c34d435d9837208989d1080f8c18456f1aa", "499a60e3be3aeeb69b8e8466322f86471ada67633ce9833298c3db989866c33e", "4444be8235b07a7528f111d3536e53f99c0d53dab2951f22de20219515fe8242", "baef80b3ad9f039e30a5951bdd740b56b2c7633a9971edaf6721ed0200249cf2", "6a041d3aa2b070ac1a6a422a36a670da0c9003ee8cf0f8b1aa6094b8eb86b9c9", "c8628d0972489c416e3f215a98c1aed5fe1b2c33808a523e55fcc04eb9195efb", "cb2bc3233fd60c70478933263fcb90805e7667744d7bd0096d3944cd154215c3", "3c7b6b60c444fdd79d074b8ba34644a732cc2983b0b77026ee3b2aee07542c01", "90dc84228efa527f47416c1ed04b4dd70c7232c21d05ffb3dfc58f9db7679862"], "mitre_attack_tags": ["TA0003"]}, {"bi": "modified-file-in-system-dir", "hashes": ["c07b2bac3d957040c25f06d8bc351788da435824429dace97b2df8cdc366dfc9", "681996e3e20f98499fc512dd1d5627cf52d0fd1b39ee8071df3246d22d249bb0", "a47478698fec25818bf5ccafb2b39aceaa3199092cd1bd8217ed314e47b5d519", "52903f4d467243d22524f4debc6a3c34d435d9837208989d1080f8c18456f1aa", "499a60e3be3aeeb69b8e8466322f86471ada67633ce9833298c3db989866c33e", "4444be8235b07a7528f111d3536e53f99c0d53dab2951f22de20219515fe8242", "baef80b3ad9f039e30a5951bdd740b56b2c7633a9971edaf6721ed0200249cf2", "6a041d3aa2b070ac1a6a422a36a670da0c9003ee8cf0f8b1aa6094b8eb86b9c9", "c8628d0972489c416e3f215a98c1aed5fe1b2c33808a523e55fcc04eb9195efb", "cb2bc3233fd60c70478933263fcb90805e7667744d7bd0096d3944cd154215c3", "3c7b6b60c444fdd79d074b8ba34644a732cc2983b0b77026ee3b2aee07542c01", "90dc84228efa527f47416c1ed04b4dd70c7232c21d05ffb3dfc58f9db7679862"], "mitre_attack_tags": []}, {"bi": "network-dns-safe-categories", "hashes": ["c07b2bac3d957040c25f06d8bc351788da435824429dace97b2df8cdc366dfc9", "681996e3e20f98499fc512dd1d5627cf52d0fd1b39ee8071df3246d22d249bb0", "a47478698fec25818bf5ccafb2b39aceaa3199092cd1bd8217ed314e47b5d519", "52903f4d467243d22524f4debc6a3c34d435d9837208989d1080f8c18456f1aa", "499a60e3be3aeeb69b8e8466322f86471ada67633ce9833298c3db989866c33e", "4444be8235b07a7528f111d3536e53f99c0d53dab2951f22de20219515fe8242", "baef80b3ad9f039e30a5951bdd740b56b2c7633a9971edaf6721ed0200249cf2", "6a041d3aa2b070ac1a6a422a36a670da0c9003ee8cf0f8b1aa6094b8eb86b9c9", "c8628d0972489c416e3f215a98c1aed5fe1b2c33808a523e55fcc04eb9195efb", "cb2bc3233fd60c70478933263fcb90805e7667744d7bd0096d3944cd154215c3", "3c7b6b60c444fdd79d074b8ba34644a732cc2983b0b77026ee3b2aee07542c01", "90dc84228efa527f47416c1ed04b4dd70c7232c21d05ffb3dfc58f9db7679862"], "mitre_attack_tags": []}, {"bi": "malware-xtreme-rat-default-mutex-detected", "hashes": ["c07b2bac3d957040c25f06d8bc351788da435824429dace97b2df8cdc366dfc9", "681996e3e20f98499fc512dd1d5627cf52d0fd1b39ee8071df3246d22d249bb0", "a47478698fec25818bf5ccafb2b39aceaa3199092cd1bd8217ed314e47b5d519", "52903f4d467243d22524f4debc6a3c34d435d9837208989d1080f8c18456f1aa", "499a60e3be3aeeb69b8e8466322f86471ada67633ce9833298c3db989866c33e", "4444be8235b07a7528f111d3536e53f99c0d53dab2951f22de20219515fe8242", "baef80b3ad9f039e30a5951bdd740b56b2c7633a9971edaf6721ed0200249cf2", "6a041d3aa2b070ac1a6a422a36a670da0c9003ee8cf0f8b1aa6094b8eb86b9c9", "c8628d0972489c416e3f215a98c1aed5fe1b2c33808a523e55fcc04eb9195efb", "cb2bc3233fd60c70478933263fcb90805e7667744d7bd0096d3944cd154215c3", "3c7b6b60c444fdd79d074b8ba34644a732cc2983b0b77026ee3b2aee07542c01", "90dc84228efa527f47416c1ed04b4dd70c7232c21d05ffb3dfc58f9db7679862"], "mitre_attack_tags": []}, {"bi": "registry-activesetup-key-modified", "hashes": ["c07b2bac3d957040c25f06d8bc351788da435824429dace97b2df8cdc366dfc9", "681996e3e20f98499fc512dd1d5627cf52d0fd1b39ee8071df3246d22d249bb0", "a47478698fec25818bf5ccafb2b39aceaa3199092cd1bd8217ed314e47b5d519", "52903f4d467243d22524f4debc6a3c34d435d9837208989d1080f8c18456f1aa", "499a60e3be3aeeb69b8e8466322f86471ada67633ce9833298c3db989866c33e", "4444be8235b07a7528f111d3536e53f99c0d53dab2951f22de20219515fe8242", "baef80b3ad9f039e30a5951bdd740b56b2c7633a9971edaf6721ed0200249cf2", "6a041d3aa2b070ac1a6a422a36a670da0c9003ee8cf0f8b1aa6094b8eb86b9c9", "c8628d0972489c416e3f215a98c1aed5fe1b2c33808a523e55fcc04eb9195efb", "cb2bc3233fd60c70478933263fcb90805e7667744d7bd0096d3944cd154215c3", "3c7b6b60c444fdd79d074b8ba34644a732cc2983b0b77026ee3b2aee07542c01", "90dc84228efa527f47416c1ed04b4dd70c7232c21d05ffb3dfc58f9db7679862"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "pe-encrypted-section", "hashes": ["90dc84228efa527f47416c1ed04b4dd70c7232c21d05ffb3dfc58f9db7679862"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "artifact-flagged-anomaly", "hashes": ["f435cfe891cab8b5b95c9c5327c255fa0274e43b58c8601eaab959fe401382e7"], "mitre_attack_tags": ["TA0005", "T1027"]}], "category": "Dropper", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": false, "Threat Grid": true, "Umbrella": false, "WSA": false}, "description": "XtremeRAT is a remote access trojan active since 2010 that allows the attacker to eavesdrop on users and modify the running system. The source code for XtremeRAT, written in Delphi, was leaked online and has since been used by similar RATs.", "hashes": ["1665e7cc8465122f23aa001de3f69d41e580c7d2db75a34da8525a95d65a61b4", "3c7b6b60c444fdd79d074b8ba34644a732cc2983b0b77026ee3b2aee07542c01", "4444be8235b07a7528f111d3536e53f99c0d53dab2951f22de20219515fe8242", "499a60e3be3aeeb69b8e8466322f86471ada67633ce9833298c3db989866c33e", "52903f4d467243d22524f4debc6a3c34d435d9837208989d1080f8c18456f1aa", "681996e3e20f98499fc512dd1d5627cf52d0fd1b39ee8071df3246d22d249bb0", "6a041d3aa2b070ac1a6a422a36a670da0c9003ee8cf0f8b1aa6094b8eb86b9c9", "90dc84228efa527f47416c1ed04b4dd70c7232c21d05ffb3dfc58f9db7679862", "a47478698fec25818bf5ccafb2b39aceaa3199092cd1bd8217ed314e47b5d519", "baef80b3ad9f039e30a5951bdd740b56b2c7633a9971edaf6721ed0200249cf2", "c07b2bac3d957040c25f06d8bc351788da435824429dace97b2df8cdc366dfc9", "c8628d0972489c416e3f215a98c1aed5fe1b2c33808a523e55fcc04eb9195efb", "cb2bc3233fd60c70478933263fcb90805e7667744d7bd0096d3944cd154215c3", "dbcc3e2d3cf8423c7572380389a5321fbbf6f9cc49724c7f5341ee376974eaa5", "f435cfe891cab8b5b95c9c5327c255fa0274e43b58c8601eaab959fe401382e7"], "iocs": {"domain": [{"hashes": ["3c7b6b60c444fdd79d074b8ba34644a732cc2983b0b77026ee3b2aee07542c01", "4444be8235b07a7528f111d3536e53f99c0d53dab2951f22de20219515fe8242", "499a60e3be3aeeb69b8e8466322f86471ada67633ce9833298c3db989866c33e", "52903f4d467243d22524f4debc6a3c34d435d9837208989d1080f8c18456f1aa", "681996e3e20f98499fc512dd1d5627cf52d0fd1b39ee8071df3246d22d249bb0", "6a041d3aa2b070ac1a6a422a36a670da0c9003ee8cf0f8b1aa6094b8eb86b9c9", "90dc84228efa527f47416c1ed04b4dd70c7232c21d05ffb3dfc58f9db7679862", "a47478698fec25818bf5ccafb2b39aceaa3199092cd1bd8217ed314e47b5d519", "baef80b3ad9f039e30a5951bdd740b56b2c7633a9971edaf6721ed0200249cf2", "c07b2bac3d957040c25f06d8bc351788da435824429dace97b2df8cdc366dfc9", "c8628d0972489c416e3f215a98c1aed5fe1b2c33808a523e55fcc04eb9195efb", "cb2bc3233fd60c70478933263fcb90805e7667744d7bd0096d3944cd154215c3"], "host": "patrickhacker360[.]no-ip[.]biz"}], "file": [{"hashes": ["3c7b6b60c444fdd79d074b8ba34644a732cc2983b0b77026ee3b2aee07542c01", "4444be8235b07a7528f111d3536e53f99c0d53dab2951f22de20219515fe8242", "499a60e3be3aeeb69b8e8466322f86471ada67633ce9833298c3db989866c33e", "52903f4d467243d22524f4debc6a3c34d435d9837208989d1080f8c18456f1aa", "681996e3e20f98499fc512dd1d5627cf52d0fd1b39ee8071df3246d22d249bb0", "6a041d3aa2b070ac1a6a422a36a670da0c9003ee8cf0f8b1aa6094b8eb86b9c9", "90dc84228efa527f47416c1ed04b4dd70c7232c21d05ffb3dfc58f9db7679862", "a47478698fec25818bf5ccafb2b39aceaa3199092cd1bd8217ed314e47b5d519", "baef80b3ad9f039e30a5951bdd740b56b2c7633a9971edaf6721ed0200249cf2", "c07b2bac3d957040c25f06d8bc351788da435824429dace97b2df8cdc366dfc9", "c8628d0972489c416e3f215a98c1aed5fe1b2c33808a523e55fcc04eb9195efb", "cb2bc3233fd60c70478933263fcb90805e7667744d7bd0096d3944cd154215c3"], "path": "%SystemRoot%\\SysWOW64\\InstallDir"}, {"hashes": ["3c7b6b60c444fdd79d074b8ba34644a732cc2983b0b77026ee3b2aee07542c01", "4444be8235b07a7528f111d3536e53f99c0d53dab2951f22de20219515fe8242", "499a60e3be3aeeb69b8e8466322f86471ada67633ce9833298c3db989866c33e", "52903f4d467243d22524f4debc6a3c34d435d9837208989d1080f8c18456f1aa", "681996e3e20f98499fc512dd1d5627cf52d0fd1b39ee8071df3246d22d249bb0", "6a041d3aa2b070ac1a6a422a36a670da0c9003ee8cf0f8b1aa6094b8eb86b9c9", "90dc84228efa527f47416c1ed04b4dd70c7232c21d05ffb3dfc58f9db7679862", "a47478698fec25818bf5ccafb2b39aceaa3199092cd1bd8217ed314e47b5d519", "baef80b3ad9f039e30a5951bdd740b56b2c7633a9971edaf6721ed0200249cf2", "c07b2bac3d957040c25f06d8bc351788da435824429dace97b2df8cdc366dfc9", "c8628d0972489c416e3f215a98c1aed5fe1b2c33808a523e55fcc04eb9195efb", "cb2bc3233fd60c70478933263fcb90805e7667744d7bd0096d3944cd154215c3"], "path": "%TEMP%\\x.html"}, {"hashes": ["3c7b6b60c444fdd79d074b8ba34644a732cc2983b0b77026ee3b2aee07542c01", "4444be8235b07a7528f111d3536e53f99c0d53dab2951f22de20219515fe8242", "499a60e3be3aeeb69b8e8466322f86471ada67633ce9833298c3db989866c33e", "52903f4d467243d22524f4debc6a3c34d435d9837208989d1080f8c18456f1aa", "681996e3e20f98499fc512dd1d5627cf52d0fd1b39ee8071df3246d22d249bb0", "6a041d3aa2b070ac1a6a422a36a670da0c9003ee8cf0f8b1aa6094b8eb86b9c9", "90dc84228efa527f47416c1ed04b4dd70c7232c21d05ffb3dfc58f9db7679862", "a47478698fec25818bf5ccafb2b39aceaa3199092cd1bd8217ed314e47b5d519", "baef80b3ad9f039e30a5951bdd740b56b2c7633a9971edaf6721ed0200249cf2", "c07b2bac3d957040c25f06d8bc351788da435824429dace97b2df8cdc366dfc9", "c8628d0972489c416e3f215a98c1aed5fe1b2c33808a523e55fcc04eb9195efb", "cb2bc3233fd60c70478933263fcb90805e7667744d7bd0096d3944cd154215c3"], "path": "%APPDATA%\\Microsoft\\Windows\\((Mutex)).cfg"}, {"hashes": ["3c7b6b60c444fdd79d074b8ba34644a732cc2983b0b77026ee3b2aee07542c01", "4444be8235b07a7528f111d3536e53f99c0d53dab2951f22de20219515fe8242", "499a60e3be3aeeb69b8e8466322f86471ada67633ce9833298c3db989866c33e", "52903f4d467243d22524f4debc6a3c34d435d9837208989d1080f8c18456f1aa", "681996e3e20f98499fc512dd1d5627cf52d0fd1b39ee8071df3246d22d249bb0", "6a041d3aa2b070ac1a6a422a36a670da0c9003ee8cf0f8b1aa6094b8eb86b9c9", "90dc84228efa527f47416c1ed04b4dd70c7232c21d05ffb3dfc58f9db7679862", "a47478698fec25818bf5ccafb2b39aceaa3199092cd1bd8217ed314e47b5d519", "baef80b3ad9f039e30a5951bdd740b56b2c7633a9971edaf6721ed0200249cf2", "c07b2bac3d957040c25f06d8bc351788da435824429dace97b2df8cdc366dfc9", "c8628d0972489c416e3f215a98c1aed5fe1b2c33808a523e55fcc04eb9195efb", "cb2bc3233fd60c70478933263fcb90805e7667744d7bd0096d3944cd154215c3"], "path": "%APPDATA%\\Microsoft\\Windows\\((Mutex)).dat"}, {"hashes": ["3c7b6b60c444fdd79d074b8ba34644a732cc2983b0b77026ee3b2aee07542c01", "4444be8235b07a7528f111d3536e53f99c0d53dab2951f22de20219515fe8242", "499a60e3be3aeeb69b8e8466322f86471ada67633ce9833298c3db989866c33e", "52903f4d467243d22524f4debc6a3c34d435d9837208989d1080f8c18456f1aa", "681996e3e20f98499fc512dd1d5627cf52d0fd1b39ee8071df3246d22d249bb0", "6a041d3aa2b070ac1a6a422a36a670da0c9003ee8cf0f8b1aa6094b8eb86b9c9", "90dc84228efa527f47416c1ed04b4dd70c7232c21d05ffb3dfc58f9db7679862", "a47478698fec25818bf5ccafb2b39aceaa3199092cd1bd8217ed314e47b5d519", "baef80b3ad9f039e30a5951bdd740b56b2c7633a9971edaf6721ed0200249cf2", "c07b2bac3d957040c25f06d8bc351788da435824429dace97b2df8cdc366dfc9", "c8628d0972489c416e3f215a98c1aed5fe1b2c33808a523e55fcc04eb9195efb", "cb2bc3233fd60c70478933263fcb90805e7667744d7bd0096d3944cd154215c3"], "path": "%SystemRoot%\\SysWOW64\\InstallDir\\server.exe"}], "ip": [], "mutex": [{"hashes": ["3c7b6b60c444fdd79d074b8ba34644a732cc2983b0b77026ee3b2aee07542c01", "4444be8235b07a7528f111d3536e53f99c0d53dab2951f22de20219515fe8242", "499a60e3be3aeeb69b8e8466322f86471ada67633ce9833298c3db989866c33e", "52903f4d467243d22524f4debc6a3c34d435d9837208989d1080f8c18456f1aa", "681996e3e20f98499fc512dd1d5627cf52d0fd1b39ee8071df3246d22d249bb0", "6a041d3aa2b070ac1a6a422a36a670da0c9003ee8cf0f8b1aa6094b8eb86b9c9", "90dc84228efa527f47416c1ed04b4dd70c7232c21d05ffb3dfc58f9db7679862", "a47478698fec25818bf5ccafb2b39aceaa3199092cd1bd8217ed314e47b5d519", "baef80b3ad9f039e30a5951bdd740b56b2c7633a9971edaf6721ed0200249cf2", "c07b2bac3d957040c25f06d8bc351788da435824429dace97b2df8cdc366dfc9", "c8628d0972489c416e3f215a98c1aed5fe1b2c33808a523e55fcc04eb9195efb", "cb2bc3233fd60c70478933263fcb90805e7667744d7bd0096d3944cd154215c3"], "name": "XTREMEUPDATE"}, {"hashes": ["3c7b6b60c444fdd79d074b8ba34644a732cc2983b0b77026ee3b2aee07542c01", "4444be8235b07a7528f111d3536e53f99c0d53dab2951f22de20219515fe8242", "499a60e3be3aeeb69b8e8466322f86471ada67633ce9833298c3db989866c33e", "52903f4d467243d22524f4debc6a3c34d435d9837208989d1080f8c18456f1aa", "681996e3e20f98499fc512dd1d5627cf52d0fd1b39ee8071df3246d22d249bb0", "6a041d3aa2b070ac1a6a422a36a670da0c9003ee8cf0f8b1aa6094b8eb86b9c9", "90dc84228efa527f47416c1ed04b4dd70c7232c21d05ffb3dfc58f9db7679862", "a47478698fec25818bf5ccafb2b39aceaa3199092cd1bd8217ed314e47b5d519", "baef80b3ad9f039e30a5951bdd740b56b2c7633a9971edaf6721ed0200249cf2", "c07b2bac3d957040c25f06d8bc351788da435824429dace97b2df8cdc366dfc9", "c8628d0972489c416e3f215a98c1aed5fe1b2c33808a523e55fcc04eb9195efb", "cb2bc3233fd60c70478933263fcb90805e7667744d7bd0096d3944cd154215c3"], "name": "((Mutex))"}, {"hashes": ["3c7b6b60c444fdd79d074b8ba34644a732cc2983b0b77026ee3b2aee07542c01", "4444be8235b07a7528f111d3536e53f99c0d53dab2951f22de20219515fe8242", "499a60e3be3aeeb69b8e8466322f86471ada67633ce9833298c3db989866c33e", "52903f4d467243d22524f4debc6a3c34d435d9837208989d1080f8c18456f1aa", "681996e3e20f98499fc512dd1d5627cf52d0fd1b39ee8071df3246d22d249bb0", "6a041d3aa2b070ac1a6a422a36a670da0c9003ee8cf0f8b1aa6094b8eb86b9c9", "90dc84228efa527f47416c1ed04b4dd70c7232c21d05ffb3dfc58f9db7679862", "a47478698fec25818bf5ccafb2b39aceaa3199092cd1bd8217ed314e47b5d519", "baef80b3ad9f039e30a5951bdd740b56b2c7633a9971edaf6721ed0200249cf2", "c07b2bac3d957040c25f06d8bc351788da435824429dace97b2df8cdc366dfc9", "c8628d0972489c416e3f215a98c1aed5fe1b2c33808a523e55fcc04eb9195efb", "cb2bc3233fd60c70478933263fcb90805e7667744d7bd0096d3944cd154215c3"], "name": "((Mutex))PERSIST"}, {"hashes": ["3c7b6b60c444fdd79d074b8ba34644a732cc2983b0b77026ee3b2aee07542c01", "4444be8235b07a7528f111d3536e53f99c0d53dab2951f22de20219515fe8242", "499a60e3be3aeeb69b8e8466322f86471ada67633ce9833298c3db989866c33e", "52903f4d467243d22524f4debc6a3c34d435d9837208989d1080f8c18456f1aa", "681996e3e20f98499fc512dd1d5627cf52d0fd1b39ee8071df3246d22d249bb0", "6a041d3aa2b070ac1a6a422a36a670da0c9003ee8cf0f8b1aa6094b8eb86b9c9", "90dc84228efa527f47416c1ed04b4dd70c7232c21d05ffb3dfc58f9db7679862", "a47478698fec25818bf5ccafb2b39aceaa3199092cd1bd8217ed314e47b5d519", "baef80b3ad9f039e30a5951bdd740b56b2c7633a9971edaf6721ed0200249cf2", "c07b2bac3d957040c25f06d8bc351788da435824429dace97b2df8cdc366dfc9", "c8628d0972489c416e3f215a98c1aed5fe1b2c33808a523e55fcc04eb9195efb", "cb2bc3233fd60c70478933263fcb90805e7667744d7bd0096d3944cd154215c3"], "name": "((Mutex))EXIT"}], "registry": [{"hashes": ["3c7b6b60c444fdd79d074b8ba34644a732cc2983b0b77026ee3b2aee07542c01", "4444be8235b07a7528f111d3536e53f99c0d53dab2951f22de20219515fe8242", "499a60e3be3aeeb69b8e8466322f86471ada67633ce9833298c3db989866c33e", "52903f4d467243d22524f4debc6a3c34d435d9837208989d1080f8c18456f1aa", "681996e3e20f98499fc512dd1d5627cf52d0fd1b39ee8071df3246d22d249bb0", "6a041d3aa2b070ac1a6a422a36a670da0c9003ee8cf0f8b1aa6094b8eb86b9c9", "90dc84228efa527f47416c1ed04b4dd70c7232c21d05ffb3dfc58f9db7679862", "a47478698fec25818bf5ccafb2b39aceaa3199092cd1bd8217ed314e47b5d519", "baef80b3ad9f039e30a5951bdd740b56b2c7633a9971edaf6721ed0200249cf2", "c07b2bac3d957040c25f06d8bc351788da435824429dace97b2df8cdc366dfc9", "c8628d0972489c416e3f215a98c1aed5fe1b2c33808a523e55fcc04eb9195efb", "cb2bc3233fd60c70478933263fcb90805e7667744d7bd0096d3944cd154215c3"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "HKLM"}, {"hashes": ["3c7b6b60c444fdd79d074b8ba34644a732cc2983b0b77026ee3b2aee07542c01", "4444be8235b07a7528f111d3536e53f99c0d53dab2951f22de20219515fe8242", "499a60e3be3aeeb69b8e8466322f86471ada67633ce9833298c3db989866c33e", "52903f4d467243d22524f4debc6a3c34d435d9837208989d1080f8c18456f1aa", "681996e3e20f98499fc512dd1d5627cf52d0fd1b39ee8071df3246d22d249bb0", "6a041d3aa2b070ac1a6a422a36a670da0c9003ee8cf0f8b1aa6094b8eb86b9c9", "90dc84228efa527f47416c1ed04b4dd70c7232c21d05ffb3dfc58f9db7679862", "a47478698fec25818bf5ccafb2b39aceaa3199092cd1bd8217ed314e47b5d519", "baef80b3ad9f039e30a5951bdd740b56b2c7633a9971edaf6721ed0200249cf2", "c07b2bac3d957040c25f06d8bc351788da435824429dace97b2df8cdc366dfc9", "c8628d0972489c416e3f215a98c1aed5fe1b2c33808a523e55fcc04eb9195efb", "cb2bc3233fd60c70478933263fcb90805e7667744d7bd0096d3944cd154215c3"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "HKCU"}, {"hashes": ["3c7b6b60c444fdd79d074b8ba34644a732cc2983b0b77026ee3b2aee07542c01", "4444be8235b07a7528f111d3536e53f99c0d53dab2951f22de20219515fe8242", "499a60e3be3aeeb69b8e8466322f86471ada67633ce9833298c3db989866c33e", "52903f4d467243d22524f4debc6a3c34d435d9837208989d1080f8c18456f1aa", "681996e3e20f98499fc512dd1d5627cf52d0fd1b39ee8071df3246d22d249bb0", "6a041d3aa2b070ac1a6a422a36a670da0c9003ee8cf0f8b1aa6094b8eb86b9c9", "90dc84228efa527f47416c1ed04b4dd70c7232c21d05ffb3dfc58f9db7679862", "a47478698fec25818bf5ccafb2b39aceaa3199092cd1bd8217ed314e47b5d519", "baef80b3ad9f039e30a5951bdd740b56b2c7633a9971edaf6721ed0200249cf2", "c07b2bac3d957040c25f06d8bc351788da435824429dace97b2df8cdc366dfc9", "c8628d0972489c416e3f215a98c1aed5fe1b2c33808a523e55fcc04eb9195efb", "cb2bc3233fd60c70478933263fcb90805e7667744d7bd0096d3944cd154215c3"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\ACTIVE SETUP\\INSTALLED COMPONENTS\\{5460C4DF-B266-909E-CB58-E32B79832EB2}", "value_name": "StubPath"}, {"hashes": ["3c7b6b60c444fdd79d074b8ba34644a732cc2983b0b77026ee3b2aee07542c01", "4444be8235b07a7528f111d3536e53f99c0d53dab2951f22de20219515fe8242", "499a60e3be3aeeb69b8e8466322f86471ada67633ce9833298c3db989866c33e", "52903f4d467243d22524f4debc6a3c34d435d9837208989d1080f8c18456f1aa", "681996e3e20f98499fc512dd1d5627cf52d0fd1b39ee8071df3246d22d249bb0", "6a041d3aa2b070ac1a6a422a36a670da0c9003ee8cf0f8b1aa6094b8eb86b9c9", "90dc84228efa527f47416c1ed04b4dd70c7232c21d05ffb3dfc58f9db7679862", "a47478698fec25818bf5ccafb2b39aceaa3199092cd1bd8217ed314e47b5d519", "baef80b3ad9f039e30a5951bdd740b56b2c7633a9971edaf6721ed0200249cf2", "c07b2bac3d957040c25f06d8bc351788da435824429dace97b2df8cdc366dfc9", "c8628d0972489c416e3f215a98c1aed5fe1b2c33808a523e55fcc04eb9195efb", "cb2bc3233fd60c70478933263fcb90805e7667744d7bd0096d3944cd154215c3"], "key": "<HKCU>\\SOFTWARE\\((MUTEX))", "value_name": "InstalledServer"}, {"hashes": ["3c7b6b60c444fdd79d074b8ba34644a732cc2983b0b77026ee3b2aee07542c01", "4444be8235b07a7528f111d3536e53f99c0d53dab2951f22de20219515fe8242", "499a60e3be3aeeb69b8e8466322f86471ada67633ce9833298c3db989866c33e", "52903f4d467243d22524f4debc6a3c34d435d9837208989d1080f8c18456f1aa", "681996e3e20f98499fc512dd1d5627cf52d0fd1b39ee8071df3246d22d249bb0", "6a041d3aa2b070ac1a6a422a36a670da0c9003ee8cf0f8b1aa6094b8eb86b9c9", "90dc84228efa527f47416c1ed04b4dd70c7232c21d05ffb3dfc58f9db7679862", "a47478698fec25818bf5ccafb2b39aceaa3199092cd1bd8217ed314e47b5d519", "baef80b3ad9f039e30a5951bdd740b56b2c7633a9971edaf6721ed0200249cf2", "c07b2bac3d957040c25f06d8bc351788da435824429dace97b2df8cdc366dfc9", "c8628d0972489c416e3f215a98c1aed5fe1b2c33808a523e55fcc04eb9195efb", "cb2bc3233fd60c70478933263fcb90805e7667744d7bd0096d3944cd154215c3"], "key": "<HKCU>\\SOFTWARE\\((MUTEX))", "value_name": null}, {"hashes": ["3c7b6b60c444fdd79d074b8ba34644a732cc2983b0b77026ee3b2aee07542c01", "4444be8235b07a7528f111d3536e53f99c0d53dab2951f22de20219515fe8242", "499a60e3be3aeeb69b8e8466322f86471ada67633ce9833298c3db989866c33e", "52903f4d467243d22524f4debc6a3c34d435d9837208989d1080f8c18456f1aa", "681996e3e20f98499fc512dd1d5627cf52d0fd1b39ee8071df3246d22d249bb0", "6a041d3aa2b070ac1a6a422a36a670da0c9003ee8cf0f8b1aa6094b8eb86b9c9", "90dc84228efa527f47416c1ed04b4dd70c7232c21d05ffb3dfc58f9db7679862", "a47478698fec25818bf5ccafb2b39aceaa3199092cd1bd8217ed314e47b5d519", "baef80b3ad9f039e30a5951bdd740b56b2c7633a9971edaf6721ed0200249cf2", "c07b2bac3d957040c25f06d8bc351788da435824429dace97b2df8cdc366dfc9", "c8628d0972489c416e3f215a98c1aed5fe1b2c33808a523e55fcc04eb9195efb", "cb2bc3233fd60c70478933263fcb90805e7667744d7bd0096d3944cd154215c3"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\ACTIVE SETUP\\INSTALLED COMPONENTS\\{5460C4DF-B266-909E-CB58-E32B79832EB2}", "value_name": null}, {"hashes": ["3c7b6b60c444fdd79d074b8ba34644a732cc2983b0b77026ee3b2aee07542c01", "4444be8235b07a7528f111d3536e53f99c0d53dab2951f22de20219515fe8242", "499a60e3be3aeeb69b8e8466322f86471ada67633ce9833298c3db989866c33e", "52903f4d467243d22524f4debc6a3c34d435d9837208989d1080f8c18456f1aa", "681996e3e20f98499fc512dd1d5627cf52d0fd1b39ee8071df3246d22d249bb0", "6a041d3aa2b070ac1a6a422a36a670da0c9003ee8cf0f8b1aa6094b8eb86b9c9", "90dc84228efa527f47416c1ed04b4dd70c7232c21d05ffb3dfc58f9db7679862", "a47478698fec25818bf5ccafb2b39aceaa3199092cd1bd8217ed314e47b5d519", "baef80b3ad9f039e30a5951bdd740b56b2c7633a9971edaf6721ed0200249cf2", "c07b2bac3d957040c25f06d8bc351788da435824429dace97b2df8cdc366dfc9", "c8628d0972489c416e3f215a98c1aed5fe1b2c33808a523e55fcc04eb9195efb", "cb2bc3233fd60c70478933263fcb90805e7667744d7bd0096d3944cd154215c3"], "key": "<HKCU>\\SOFTWARE\\((MUTEX))", "value_name": "ServerStarted"}]}, "reports_count": 15}, "Win.Packed.DarkComet-9995076-1": {"bis": [{"bi": "memory-execute-readwrite", "hashes": ["5ed3653e12a0fc82c9baa31ac4b7342ccb1a141e253689d5267a13c1bc6e01ce", "afd67b81235161cdd4f8e06a81a7d8f5453cdbb11af7b1abcab5f58465d76b34", "8608957106da74076ea69aaacc0995a7a2f166cc29d6fcc671c6e3c9ac98215f", "30baaca5ee5a35349d194a6d64fcd398ee4e675303db3e1d4ff0018a374c14d0", "514eb2f78c985682439cdfa719969687f7067dabe438fb7ba8b31f4be4cb0590", "e2c66a3f9d630d1f9ee37cf0c56688133b2b13c73a03a3677d82ea37a70180be", "131003a2e0f0dc3733981dd29800bfde5eac304eb28d73d026589d4901c1c18d", "7d7663db28899c9a083acfc7efc1942188b40296275fa322290622636533cf8f", "734835ef459b083345d198986b57f1bc05272cea844a26bf80260154107b63ee", "9e9acc5caea8367880ceacfaaa9160b7d63d71064ea8e5eface950e371244047", "98093405e0bfcfb47c5e7a153d84089d522aa83da6820c5f8b402fd8459821c1", "48b1c0ae81d355b8134e75c6a8de91b262e917e5e9c60e620a8d31e5cd53ce7d", "5f9a350b8ac57470c0b4065b7d70a86caa757ef6e7741b90751063b3472cbd7a", "274e98365987db708a9f4f279f19c6f70383cbf18410fd601ffd7fefa16aaab4"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["5ed3653e12a0fc82c9baa31ac4b7342ccb1a141e253689d5267a13c1bc6e01ce", "afd67b81235161cdd4f8e06a81a7d8f5453cdbb11af7b1abcab5f58465d76b34", "8608957106da74076ea69aaacc0995a7a2f166cc29d6fcc671c6e3c9ac98215f", "30baaca5ee5a35349d194a6d64fcd398ee4e675303db3e1d4ff0018a374c14d0", "514eb2f78c985682439cdfa719969687f7067dabe438fb7ba8b31f4be4cb0590", "e2c66a3f9d630d1f9ee37cf0c56688133b2b13c73a03a3677d82ea37a70180be", "131003a2e0f0dc3733981dd29800bfde5eac304eb28d73d026589d4901c1c18d", "7d7663db28899c9a083acfc7efc1942188b40296275fa322290622636533cf8f", "734835ef459b083345d198986b57f1bc05272cea844a26bf80260154107b63ee", "9e9acc5caea8367880ceacfaaa9160b7d63d71064ea8e5eface950e371244047", "98093405e0bfcfb47c5e7a153d84089d522aa83da6820c5f8b402fd8459821c1", "48b1c0ae81d355b8134e75c6a8de91b262e917e5e9c60e620a8d31e5cd53ce7d", "5f9a350b8ac57470c0b4065b7d70a86caa757ef6e7741b90751063b3472cbd7a", "274e98365987db708a9f4f279f19c6f70383cbf18410fd601ffd7fefa16aaab4"], "mitre_attack_tags": []}, {"bi": "artifact-flagged-anomaly", "hashes": ["5ed3653e12a0fc82c9baa31ac4b7342ccb1a141e253689d5267a13c1bc6e01ce", "afd67b81235161cdd4f8e06a81a7d8f5453cdbb11af7b1abcab5f58465d76b34", "8608957106da74076ea69aaacc0995a7a2f166cc29d6fcc671c6e3c9ac98215f", "30baaca5ee5a35349d194a6d64fcd398ee4e675303db3e1d4ff0018a374c14d0", "514eb2f78c985682439cdfa719969687f7067dabe438fb7ba8b31f4be4cb0590", "e2c66a3f9d630d1f9ee37cf0c56688133b2b13c73a03a3677d82ea37a70180be", "131003a2e0f0dc3733981dd29800bfde5eac304eb28d73d026589d4901c1c18d", "7d7663db28899c9a083acfc7efc1942188b40296275fa322290622636533cf8f", "734835ef459b083345d198986b57f1bc05272cea844a26bf80260154107b63ee", "9e9acc5caea8367880ceacfaaa9160b7d63d71064ea8e5eface950e371244047", "98093405e0bfcfb47c5e7a153d84089d522aa83da6820c5f8b402fd8459821c1", "48b1c0ae81d355b8134e75c6a8de91b262e917e5e9c60e620a8d31e5cd53ce7d", "5f9a350b8ac57470c0b4065b7d70a86caa757ef6e7741b90751063b3472cbd7a", "274e98365987db708a9f4f279f19c6f70383cbf18410fd601ffd7fefa16aaab4"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-uses-dot-net", "hashes": ["5ed3653e12a0fc82c9baa31ac4b7342ccb1a141e253689d5267a13c1bc6e01ce", "afd67b81235161cdd4f8e06a81a7d8f5453cdbb11af7b1abcab5f58465d76b34", "8608957106da74076ea69aaacc0995a7a2f166cc29d6fcc671c6e3c9ac98215f", "30baaca5ee5a35349d194a6d64fcd398ee4e675303db3e1d4ff0018a374c14d0", "514eb2f78c985682439cdfa719969687f7067dabe438fb7ba8b31f4be4cb0590", "e2c66a3f9d630d1f9ee37cf0c56688133b2b13c73a03a3677d82ea37a70180be", "131003a2e0f0dc3733981dd29800bfde5eac304eb28d73d026589d4901c1c18d", "7d7663db28899c9a083acfc7efc1942188b40296275fa322290622636533cf8f", "734835ef459b083345d198986b57f1bc05272cea844a26bf80260154107b63ee", "9e9acc5caea8367880ceacfaaa9160b7d63d71064ea8e5eface950e371244047", "98093405e0bfcfb47c5e7a153d84089d522aa83da6820c5f8b402fd8459821c1", "48b1c0ae81d355b8134e75c6a8de91b262e917e5e9c60e620a8d31e5cd53ce7d", "5f9a350b8ac57470c0b4065b7d70a86caa757ef6e7741b90751063b3472cbd7a", "274e98365987db708a9f4f279f19c6f70383cbf18410fd601ffd7fefa16aaab4"], "mitre_attack_tags": []}, {"bi": "modified-file-in-user-dir", "hashes": ["5ed3653e12a0fc82c9baa31ac4b7342ccb1a141e253689d5267a13c1bc6e01ce", "8608957106da74076ea69aaacc0995a7a2f166cc29d6fcc671c6e3c9ac98215f", "30baaca5ee5a35349d194a6d64fcd398ee4e675303db3e1d4ff0018a374c14d0", "514eb2f78c985682439cdfa719969687f7067dabe438fb7ba8b31f4be4cb0590", "e2c66a3f9d630d1f9ee37cf0c56688133b2b13c73a03a3677d82ea37a70180be", "131003a2e0f0dc3733981dd29800bfde5eac304eb28d73d026589d4901c1c18d", "7d7663db28899c9a083acfc7efc1942188b40296275fa322290622636533cf8f", "734835ef459b083345d198986b57f1bc05272cea844a26bf80260154107b63ee", "9e9acc5caea8367880ceacfaaa9160b7d63d71064ea8e5eface950e371244047", "98093405e0bfcfb47c5e7a153d84089d522aa83da6820c5f8b402fd8459821c1", "48b1c0ae81d355b8134e75c6a8de91b262e917e5e9c60e620a8d31e5cd53ce7d", "5f9a350b8ac57470c0b4065b7d70a86caa757ef6e7741b90751063b3472cbd7a", "274e98365987db708a9f4f279f19c6f70383cbf18410fd601ffd7fefa16aaab4"], "mitre_attack_tags": []}, {"bi": "excessive-foreign-memory-modification", "hashes": ["5ed3653e12a0fc82c9baa31ac4b7342ccb1a141e253689d5267a13c1bc6e01ce", "8608957106da74076ea69aaacc0995a7a2f166cc29d6fcc671c6e3c9ac98215f", "30baaca5ee5a35349d194a6d64fcd398ee4e675303db3e1d4ff0018a374c14d0", "514eb2f78c985682439cdfa719969687f7067dabe438fb7ba8b31f4be4cb0590", "e2c66a3f9d630d1f9ee37cf0c56688133b2b13c73a03a3677d82ea37a70180be", "131003a2e0f0dc3733981dd29800bfde5eac304eb28d73d026589d4901c1c18d", "7d7663db28899c9a083acfc7efc1942188b40296275fa322290622636533cf8f", "734835ef459b083345d198986b57f1bc05272cea844a26bf80260154107b63ee", "9e9acc5caea8367880ceacfaaa9160b7d63d71064ea8e5eface950e371244047", "98093405e0bfcfb47c5e7a153d84089d522aa83da6820c5f8b402fd8459821c1", "48b1c0ae81d355b8134e75c6a8de91b262e917e5e9c60e620a8d31e5cd53ce7d", "5f9a350b8ac57470c0b4065b7d70a86caa757ef6e7741b90751063b3472cbd7a", "274e98365987db708a9f4f279f19c6f70383cbf18410fd601ffd7fefa16aaab4"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "imports-IsDebuggerPresent", "hashes": ["5ed3653e12a0fc82c9baa31ac4b7342ccb1a141e253689d5267a13c1bc6e01ce", "8608957106da74076ea69aaacc0995a7a2f166cc29d6fcc671c6e3c9ac98215f", "30baaca5ee5a35349d194a6d64fcd398ee4e675303db3e1d4ff0018a374c14d0", "514eb2f78c985682439cdfa719969687f7067dabe438fb7ba8b31f4be4cb0590", "e2c66a3f9d630d1f9ee37cf0c56688133b2b13c73a03a3677d82ea37a70180be", "131003a2e0f0dc3733981dd29800bfde5eac304eb28d73d026589d4901c1c18d", "7d7663db28899c9a083acfc7efc1942188b40296275fa322290622636533cf8f", "734835ef459b083345d198986b57f1bc05272cea844a26bf80260154107b63ee", "9e9acc5caea8367880ceacfaaa9160b7d63d71064ea8e5eface950e371244047", "98093405e0bfcfb47c5e7a153d84089d522aa83da6820c5f8b402fd8459821c1", "48b1c0ae81d355b8134e75c6a8de91b262e917e5e9c60e620a8d31e5cd53ce7d", "5f9a350b8ac57470c0b4065b7d70a86caa757ef6e7741b90751063b3472cbd7a", "274e98365987db708a9f4f279f19c6f70383cbf18410fd601ffd7fefa16aaab4"], "mitre_attack_tags": ["TA0005", "TA0007"]}, {"bi": "pe-imports-psapi-dll", "hashes": ["5ed3653e12a0fc82c9baa31ac4b7342ccb1a141e253689d5267a13c1bc6e01ce", "8608957106da74076ea69aaacc0995a7a2f166cc29d6fcc671c6e3c9ac98215f", "30baaca5ee5a35349d194a6d64fcd398ee4e675303db3e1d4ff0018a374c14d0", "514eb2f78c985682439cdfa719969687f7067dabe438fb7ba8b31f4be4cb0590", "e2c66a3f9d630d1f9ee37cf0c56688133b2b13c73a03a3677d82ea37a70180be", "131003a2e0f0dc3733981dd29800bfde5eac304eb28d73d026589d4901c1c18d", "7d7663db28899c9a083acfc7efc1942188b40296275fa322290622636533cf8f", "734835ef459b083345d198986b57f1bc05272cea844a26bf80260154107b63ee", "9e9acc5caea8367880ceacfaaa9160b7d63d71064ea8e5eface950e371244047", "98093405e0bfcfb47c5e7a153d84089d522aa83da6820c5f8b402fd8459821c1", "48b1c0ae81d355b8134e75c6a8de91b262e917e5e9c60e620a8d31e5cd53ce7d", "5f9a350b8ac57470c0b4065b7d70a86caa757ef6e7741b90751063b3472cbd7a", "274e98365987db708a9f4f279f19c6f70383cbf18410fd601ffd7fefa16aaab4"], "mitre_attack_tags": ["TA0007", "T1057"]}, {"bi": "process-hollowing-detected", "hashes": ["5ed3653e12a0fc82c9baa31ac4b7342ccb1a141e253689d5267a13c1bc6e01ce", "8608957106da74076ea69aaacc0995a7a2f166cc29d6fcc671c6e3c9ac98215f", "30baaca5ee5a35349d194a6d64fcd398ee4e675303db3e1d4ff0018a374c14d0", "514eb2f78c985682439cdfa719969687f7067dabe438fb7ba8b31f4be4cb0590", "e2c66a3f9d630d1f9ee37cf0c56688133b2b13c73a03a3677d82ea37a70180be", "131003a2e0f0dc3733981dd29800bfde5eac304eb28d73d026589d4901c1c18d", "7d7663db28899c9a083acfc7efc1942188b40296275fa322290622636533cf8f", "734835ef459b083345d198986b57f1bc05272cea844a26bf80260154107b63ee", "9e9acc5caea8367880ceacfaaa9160b7d63d71064ea8e5eface950e371244047", "98093405e0bfcfb47c5e7a153d84089d522aa83da6820c5f8b402fd8459821c1", "48b1c0ae81d355b8134e75c6a8de91b262e917e5e9c60e620a8d31e5cd53ce7d", "5f9a350b8ac57470c0b4065b7d70a86caa757ef6e7741b90751063b3472cbd7a", "274e98365987db708a9f4f279f19c6f70383cbf18410fd601ffd7fefa16aaab4"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "pe-certificate", "hashes": ["5ed3653e12a0fc82c9baa31ac4b7342ccb1a141e253689d5267a13c1bc6e01ce", "8608957106da74076ea69aaacc0995a7a2f166cc29d6fcc671c6e3c9ac98215f", "30baaca5ee5a35349d194a6d64fcd398ee4e675303db3e1d4ff0018a374c14d0", "514eb2f78c985682439cdfa719969687f7067dabe438fb7ba8b31f4be4cb0590", "e2c66a3f9d630d1f9ee37cf0c56688133b2b13c73a03a3677d82ea37a70180be", "131003a2e0f0dc3733981dd29800bfde5eac304eb28d73d026589d4901c1c18d", "7d7663db28899c9a083acfc7efc1942188b40296275fa322290622636533cf8f", "734835ef459b083345d198986b57f1bc05272cea844a26bf80260154107b63ee", "9e9acc5caea8367880ceacfaaa9160b7d63d71064ea8e5eface950e371244047", "98093405e0bfcfb47c5e7a153d84089d522aa83da6820c5f8b402fd8459821c1", "48b1c0ae81d355b8134e75c6a8de91b262e917e5e9c60e620a8d31e5cd53ce7d", "5f9a350b8ac57470c0b4065b7d70a86caa757ef6e7741b90751063b3472cbd7a", "274e98365987db708a9f4f279f19c6f70383cbf18410fd601ffd7fefa16aaab4"], "mitre_attack_tags": []}, {"bi": "pe-imports-toolhelp", "hashes": ["5ed3653e12a0fc82c9baa31ac4b7342ccb1a141e253689d5267a13c1bc6e01ce", "8608957106da74076ea69aaacc0995a7a2f166cc29d6fcc671c6e3c9ac98215f", "30baaca5ee5a35349d194a6d64fcd398ee4e675303db3e1d4ff0018a374c14d0", "514eb2f78c985682439cdfa719969687f7067dabe438fb7ba8b31f4be4cb0590", "e2c66a3f9d630d1f9ee37cf0c56688133b2b13c73a03a3677d82ea37a70180be", "131003a2e0f0dc3733981dd29800bfde5eac304eb28d73d026589d4901c1c18d", "7d7663db28899c9a083acfc7efc1942188b40296275fa322290622636533cf8f", "734835ef459b083345d198986b57f1bc05272cea844a26bf80260154107b63ee", "9e9acc5caea8367880ceacfaaa9160b7d63d71064ea8e5eface950e371244047", "98093405e0bfcfb47c5e7a153d84089d522aa83da6820c5f8b402fd8459821c1", "48b1c0ae81d355b8134e75c6a8de91b262e917e5e9c60e620a8d31e5cd53ce7d", "5f9a350b8ac57470c0b4065b7d70a86caa757ef6e7741b90751063b3472cbd7a", "274e98365987db708a9f4f279f19c6f70383cbf18410fd601ffd7fefa16aaab4"], "mitre_attack_tags": ["TA0007", "T1057"]}, {"bi": "malware-darkcomet-registry-detected", "hashes": ["5ed3653e12a0fc82c9baa31ac4b7342ccb1a141e253689d5267a13c1bc6e01ce", "8608957106da74076ea69aaacc0995a7a2f166cc29d6fcc671c6e3c9ac98215f", "30baaca5ee5a35349d194a6d64fcd398ee4e675303db3e1d4ff0018a374c14d0", "514eb2f78c985682439cdfa719969687f7067dabe438fb7ba8b31f4be4cb0590", "e2c66a3f9d630d1f9ee37cf0c56688133b2b13c73a03a3677d82ea37a70180be", "131003a2e0f0dc3733981dd29800bfde5eac304eb28d73d026589d4901c1c18d", "7d7663db28899c9a083acfc7efc1942188b40296275fa322290622636533cf8f", "734835ef459b083345d198986b57f1bc05272cea844a26bf80260154107b63ee", "9e9acc5caea8367880ceacfaaa9160b7d63d71064ea8e5eface950e371244047", "98093405e0bfcfb47c5e7a153d84089d522aa83da6820c5f8b402fd8459821c1", "48b1c0ae81d355b8134e75c6a8de91b262e917e5e9c60e620a8d31e5cd53ce7d", "5f9a350b8ac57470c0b4065b7d70a86caa757ef6e7741b90751063b3472cbd7a", "274e98365987db708a9f4f279f19c6f70383cbf18410fd601ffd7fefa16aaab4"], "mitre_attack_tags": []}, {"bi": "process-check-zone-identifier", "hashes": ["5ed3653e12a0fc82c9baa31ac4b7342ccb1a141e253689d5267a13c1bc6e01ce", "8608957106da74076ea69aaacc0995a7a2f166cc29d6fcc671c6e3c9ac98215f", "30baaca5ee5a35349d194a6d64fcd398ee4e675303db3e1d4ff0018a374c14d0", "514eb2f78c985682439cdfa719969687f7067dabe438fb7ba8b31f4be4cb0590", "e2c66a3f9d630d1f9ee37cf0c56688133b2b13c73a03a3677d82ea37a70180be", "131003a2e0f0dc3733981dd29800bfde5eac304eb28d73d026589d4901c1c18d", "7d7663db28899c9a083acfc7efc1942188b40296275fa322290622636533cf8f", "734835ef459b083345d198986b57f1bc05272cea844a26bf80260154107b63ee", "9e9acc5caea8367880ceacfaaa9160b7d63d71064ea8e5eface950e371244047", "98093405e0bfcfb47c5e7a153d84089d522aa83da6820c5f8b402fd8459821c1", "48b1c0ae81d355b8134e75c6a8de91b262e917e5e9c60e620a8d31e5cd53ce7d", "5f9a350b8ac57470c0b4065b7d70a86caa757ef6e7741b90751063b3472cbd7a", "274e98365987db708a9f4f279f19c6f70383cbf18410fd601ffd7fefa16aaab4"], "mitre_attack_tags": ["TA0007", "TA0005", "T1518", "T1553"]}, {"bi": "modified-executable", "hashes": ["5ed3653e12a0fc82c9baa31ac4b7342ccb1a141e253689d5267a13c1bc6e01ce", "8608957106da74076ea69aaacc0995a7a2f166cc29d6fcc671c6e3c9ac98215f", "30baaca5ee5a35349d194a6d64fcd398ee4e675303db3e1d4ff0018a374c14d0", "514eb2f78c985682439cdfa719969687f7067dabe438fb7ba8b31f4be4cb0590", "e2c66a3f9d630d1f9ee37cf0c56688133b2b13c73a03a3677d82ea37a70180be", "131003a2e0f0dc3733981dd29800bfde5eac304eb28d73d026589d4901c1c18d", "7d7663db28899c9a083acfc7efc1942188b40296275fa322290622636533cf8f", "98093405e0bfcfb47c5e7a153d84089d522aa83da6820c5f8b402fd8459821c1", "48b1c0ae81d355b8134e75c6a8de91b262e917e5e9c60e620a8d31e5cd53ce7d", "5f9a350b8ac57470c0b4065b7d70a86caa757ef6e7741b90751063b3472cbd7a", "274e98365987db708a9f4f279f19c6f70383cbf18410fd601ffd7fefa16aaab4"], "mitre_attack_tags": []}, {"bi": "created-executable-in-user-dir", "hashes": ["5ed3653e12a0fc82c9baa31ac4b7342ccb1a141e253689d5267a13c1bc6e01ce", "8608957106da74076ea69aaacc0995a7a2f166cc29d6fcc671c6e3c9ac98215f", "30baaca5ee5a35349d194a6d64fcd398ee4e675303db3e1d4ff0018a374c14d0", "514eb2f78c985682439cdfa719969687f7067dabe438fb7ba8b31f4be4cb0590", "e2c66a3f9d630d1f9ee37cf0c56688133b2b13c73a03a3677d82ea37a70180be", "131003a2e0f0dc3733981dd29800bfde5eac304eb28d73d026589d4901c1c18d", "7d7663db28899c9a083acfc7efc1942188b40296275fa322290622636533cf8f", "98093405e0bfcfb47c5e7a153d84089d522aa83da6820c5f8b402fd8459821c1", "48b1c0ae81d355b8134e75c6a8de91b262e917e5e9c60e620a8d31e5cd53ce7d", "5f9a350b8ac57470c0b4065b7d70a86caa757ef6e7741b90751063b3472cbd7a", "274e98365987db708a9f4f279f19c6f70383cbf18410fd601ffd7fefa16aaab4"], "mitre_attack_tags": []}, {"bi": "registry-autorun-key-modified", "hashes": ["5ed3653e12a0fc82c9baa31ac4b7342ccb1a141e253689d5267a13c1bc6e01ce", "8608957106da74076ea69aaacc0995a7a2f166cc29d6fcc671c6e3c9ac98215f", "30baaca5ee5a35349d194a6d64fcd398ee4e675303db3e1d4ff0018a374c14d0", "514eb2f78c985682439cdfa719969687f7067dabe438fb7ba8b31f4be4cb0590", "e2c66a3f9d630d1f9ee37cf0c56688133b2b13c73a03a3677d82ea37a70180be", "131003a2e0f0dc3733981dd29800bfde5eac304eb28d73d026589d4901c1c18d", "7d7663db28899c9a083acfc7efc1942188b40296275fa322290622636533cf8f", "98093405e0bfcfb47c5e7a153d84089d522aa83da6820c5f8b402fd8459821c1", "48b1c0ae81d355b8134e75c6a8de91b262e917e5e9c60e620a8d31e5cd53ce7d", "5f9a350b8ac57470c0b4065b7d70a86caa757ef6e7741b90751063b3472cbd7a", "274e98365987db708a9f4f279f19c6f70383cbf18410fd601ffd7fefa16aaab4"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "pe-filename-mismatch", "hashes": ["30baaca5ee5a35349d194a6d64fcd398ee4e675303db3e1d4ff0018a374c14d0", "514eb2f78c985682439cdfa719969687f7067dabe438fb7ba8b31f4be4cb0590", "e2c66a3f9d630d1f9ee37cf0c56688133b2b13c73a03a3677d82ea37a70180be", "131003a2e0f0dc3733981dd29800bfde5eac304eb28d73d026589d4901c1c18d", "7d7663db28899c9a083acfc7efc1942188b40296275fa322290622636533cf8f", "734835ef459b083345d198986b57f1bc05272cea844a26bf80260154107b63ee", "9e9acc5caea8367880ceacfaaa9160b7d63d71064ea8e5eface950e371244047", "98093405e0bfcfb47c5e7a153d84089d522aa83da6820c5f8b402fd8459821c1", "48b1c0ae81d355b8134e75c6a8de91b262e917e5e9c60e620a8d31e5cd53ce7d", "5f9a350b8ac57470c0b4065b7d70a86caa757ef6e7741b90751063b3472cbd7a"], "mitre_attack_tags": []}, {"bi": "antivirus-flagged-artifact", "hashes": ["5ed3653e12a0fc82c9baa31ac4b7342ccb1a141e253689d5267a13c1bc6e01ce", "8608957106da74076ea69aaacc0995a7a2f166cc29d6fcc671c6e3c9ac98215f", "30baaca5ee5a35349d194a6d64fcd398ee4e675303db3e1d4ff0018a374c14d0", "514eb2f78c985682439cdfa719969687f7067dabe438fb7ba8b31f4be4cb0590", "734835ef459b083345d198986b57f1bc05272cea844a26bf80260154107b63ee", "9e9acc5caea8367880ceacfaaa9160b7d63d71064ea8e5eface950e371244047", "98093405e0bfcfb47c5e7a153d84089d522aa83da6820c5f8b402fd8459821c1", "274e98365987db708a9f4f279f19c6f70383cbf18410fd601ffd7fefa16aaab4"], "mitre_attack_tags": []}, {"bi": "hook-installed", "hashes": ["5ed3653e12a0fc82c9baa31ac4b7342ccb1a141e253689d5267a13c1bc6e01ce", "8608957106da74076ea69aaacc0995a7a2f166cc29d6fcc671c6e3c9ac98215f", "30baaca5ee5a35349d194a6d64fcd398ee4e675303db3e1d4ff0018a374c14d0", "514eb2f78c985682439cdfa719969687f7067dabe438fb7ba8b31f4be4cb0590", "734835ef459b083345d198986b57f1bc05272cea844a26bf80260154107b63ee", "9e9acc5caea8367880ceacfaaa9160b7d63d71064ea8e5eface950e371244047", "98093405e0bfcfb47c5e7a153d84089d522aa83da6820c5f8b402fd8459821c1", "274e98365987db708a9f4f279f19c6f70383cbf18410fd601ffd7fefa16aaab4"], "mitre_attack_tags": ["TA0009", "TA0006", "T1056"]}, {"bi": "network-fast-flux-nameserver", "hashes": ["5ed3653e12a0fc82c9baa31ac4b7342ccb1a141e253689d5267a13c1bc6e01ce", "8608957106da74076ea69aaacc0995a7a2f166cc29d6fcc671c6e3c9ac98215f", "30baaca5ee5a35349d194a6d64fcd398ee4e675303db3e1d4ff0018a374c14d0", "514eb2f78c985682439cdfa719969687f7067dabe438fb7ba8b31f4be4cb0590", "734835ef459b083345d198986b57f1bc05272cea844a26bf80260154107b63ee", "9e9acc5caea8367880ceacfaaa9160b7d63d71064ea8e5eface950e371244047", "98093405e0bfcfb47c5e7a153d84089d522aa83da6820c5f8b402fd8459821c1", "274e98365987db708a9f4f279f19c6f70383cbf18410fd601ffd7fefa16aaab4"], "mitre_attack_tags": []}, {"bi": "network-dns-category-dynamic", "hashes": ["5ed3653e12a0fc82c9baa31ac4b7342ccb1a141e253689d5267a13c1bc6e01ce", "8608957106da74076ea69aaacc0995a7a2f166cc29d6fcc671c6e3c9ac98215f", "30baaca5ee5a35349d194a6d64fcd398ee4e675303db3e1d4ff0018a374c14d0", "514eb2f78c985682439cdfa719969687f7067dabe438fb7ba8b31f4be4cb0590", "734835ef459b083345d198986b57f1bc05272cea844a26bf80260154107b63ee", "9e9acc5caea8367880ceacfaaa9160b7d63d71064ea8e5eface950e371244047", "98093405e0bfcfb47c5e7a153d84089d522aa83da6820c5f8b402fd8459821c1", "274e98365987db708a9f4f279f19c6f70383cbf18410fd601ffd7fefa16aaab4"], "mitre_attack_tags": []}, {"bi": "malware-known-trojan-av", "hashes": ["5ed3653e12a0fc82c9baa31ac4b7342ccb1a141e253689d5267a13c1bc6e01ce", "8608957106da74076ea69aaacc0995a7a2f166cc29d6fcc671c6e3c9ac98215f", "30baaca5ee5a35349d194a6d64fcd398ee4e675303db3e1d4ff0018a374c14d0", "514eb2f78c985682439cdfa719969687f7067dabe438fb7ba8b31f4be4cb0590", "734835ef459b083345d198986b57f1bc05272cea844a26bf80260154107b63ee", "9e9acc5caea8367880ceacfaaa9160b7d63d71064ea8e5eface950e371244047", "98093405e0bfcfb47c5e7a153d84089d522aa83da6820c5f8b402fd8459821c1", "274e98365987db708a9f4f279f19c6f70383cbf18410fd601ffd7fefa16aaab4"], "mitre_attack_tags": []}, {"bi": "artifact-memory-vm-detect", "hashes": ["5ed3653e12a0fc82c9baa31ac4b7342ccb1a141e253689d5267a13c1bc6e01ce", "8608957106da74076ea69aaacc0995a7a2f166cc29d6fcc671c6e3c9ac98215f", "30baaca5ee5a35349d194a6d64fcd398ee4e675303db3e1d4ff0018a374c14d0", "514eb2f78c985682439cdfa719969687f7067dabe438fb7ba8b31f4be4cb0590", "734835ef459b083345d198986b57f1bc05272cea844a26bf80260154107b63ee", "9e9acc5caea8367880ceacfaaa9160b7d63d71064ea8e5eface950e371244047", "98093405e0bfcfb47c5e7a153d84089d522aa83da6820c5f8b402fd8459821c1", "274e98365987db708a9f4f279f19c6f70383cbf18410fd601ffd7fefa16aaab4"], "mitre_attack_tags": ["TA0005", "TA0007", "T1497"]}, {"bi": "network-dns-safe-categories", "hashes": ["5ed3653e12a0fc82c9baa31ac4b7342ccb1a141e253689d5267a13c1bc6e01ce", "8608957106da74076ea69aaacc0995a7a2f166cc29d6fcc671c6e3c9ac98215f", "30baaca5ee5a35349d194a6d64fcd398ee4e675303db3e1d4ff0018a374c14d0", "514eb2f78c985682439cdfa719969687f7067dabe438fb7ba8b31f4be4cb0590", "734835ef459b083345d198986b57f1bc05272cea844a26bf80260154107b63ee", "9e9acc5caea8367880ceacfaaa9160b7d63d71064ea8e5eface950e371244047", "98093405e0bfcfb47c5e7a153d84089d522aa83da6820c5f8b402fd8459821c1", "274e98365987db708a9f4f279f19c6f70383cbf18410fd601ffd7fefa16aaab4"], "mitre_attack_tags": []}, {"bi": "registry-autorun-key-temp-dir", "hashes": ["5ed3653e12a0fc82c9baa31ac4b7342ccb1a141e253689d5267a13c1bc6e01ce", "8608957106da74076ea69aaacc0995a7a2f166cc29d6fcc671c6e3c9ac98215f", "30baaca5ee5a35349d194a6d64fcd398ee4e675303db3e1d4ff0018a374c14d0", "514eb2f78c985682439cdfa719969687f7067dabe438fb7ba8b31f4be4cb0590", "131003a2e0f0dc3733981dd29800bfde5eac304eb28d73d026589d4901c1c18d", "98093405e0bfcfb47c5e7a153d84089d522aa83da6820c5f8b402fd8459821c1", "5f9a350b8ac57470c0b4065b7d70a86caa757ef6e7741b90751063b3472cbd7a", "274e98365987db708a9f4f279f19c6f70383cbf18410fd601ffd7fefa16aaab4"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "malware-darkcomet-detected", "hashes": ["5ed3653e12a0fc82c9baa31ac4b7342ccb1a141e253689d5267a13c1bc6e01ce", "8608957106da74076ea69aaacc0995a7a2f166cc29d6fcc671c6e3c9ac98215f", "30baaca5ee5a35349d194a6d64fcd398ee4e675303db3e1d4ff0018a374c14d0", "514eb2f78c985682439cdfa719969687f7067dabe438fb7ba8b31f4be4cb0590", "734835ef459b083345d198986b57f1bc05272cea844a26bf80260154107b63ee", "9e9acc5caea8367880ceacfaaa9160b7d63d71064ea8e5eface950e371244047", "98093405e0bfcfb47c5e7a153d84089d522aa83da6820c5f8b402fd8459821c1", "274e98365987db708a9f4f279f19c6f70383cbf18410fd601ffd7fefa16aaab4"], "mitre_attack_tags": []}, {"bi": "malware-darkcomet-mutex-detected", "hashes": ["5ed3653e12a0fc82c9baa31ac4b7342ccb1a141e253689d5267a13c1bc6e01ce", "8608957106da74076ea69aaacc0995a7a2f166cc29d6fcc671c6e3c9ac98215f", "30baaca5ee5a35349d194a6d64fcd398ee4e675303db3e1d4ff0018a374c14d0", "514eb2f78c985682439cdfa719969687f7067dabe438fb7ba8b31f4be4cb0590", "734835ef459b083345d198986b57f1bc05272cea844a26bf80260154107b63ee", "9e9acc5caea8367880ceacfaaa9160b7d63d71064ea8e5eface950e371244047", "98093405e0bfcfb47c5e7a153d84089d522aa83da6820c5f8b402fd8459821c1", "274e98365987db708a9f4f279f19c6f70383cbf18410fd601ffd7fefa16aaab4"], "mitre_attack_tags": []}, {"bi": "created-executable-sample-appdata", "hashes": ["5ed3653e12a0fc82c9baa31ac4b7342ccb1a141e253689d5267a13c1bc6e01ce", "8608957106da74076ea69aaacc0995a7a2f166cc29d6fcc671c6e3c9ac98215f", "30baaca5ee5a35349d194a6d64fcd398ee4e675303db3e1d4ff0018a374c14d0", "514eb2f78c985682439cdfa719969687f7067dabe438fb7ba8b31f4be4cb0590", "131003a2e0f0dc3733981dd29800bfde5eac304eb28d73d026589d4901c1c18d", "98093405e0bfcfb47c5e7a153d84089d522aa83da6820c5f8b402fd8459821c1", "5f9a350b8ac57470c0b4065b7d70a86caa757ef6e7741b90751063b3472cbd7a", "274e98365987db708a9f4f279f19c6f70383cbf18410fd601ffd7fefa16aaab4"], "mitre_attack_tags": ["TA0005", "T1564"]}, {"bi": "compiler-vbc-run", "hashes": ["5ed3653e12a0fc82c9baa31ac4b7342ccb1a141e253689d5267a13c1bc6e01ce", "8608957106da74076ea69aaacc0995a7a2f166cc29d6fcc671c6e3c9ac98215f", "131003a2e0f0dc3733981dd29800bfde5eac304eb28d73d026589d4901c1c18d", "5f9a350b8ac57470c0b4065b7d70a86caa757ef6e7741b90751063b3472cbd7a", "274e98365987db708a9f4f279f19c6f70383cbf18410fd601ffd7fefa16aaab4"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "dot-net-process-hollowing-detected", "hashes": ["5ed3653e12a0fc82c9baa31ac4b7342ccb1a141e253689d5267a13c1bc6e01ce", "8608957106da74076ea69aaacc0995a7a2f166cc29d6fcc671c6e3c9ac98215f", "131003a2e0f0dc3733981dd29800bfde5eac304eb28d73d026589d4901c1c18d", "5f9a350b8ac57470c0b4065b7d70a86caa757ef6e7741b90751063b3472cbd7a", "274e98365987db708a9f4f279f19c6f70383cbf18410fd601ffd7fefa16aaab4"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "registry-winlogon-key-modified-nt", "hashes": ["e2c66a3f9d630d1f9ee37cf0c56688133b2b13c73a03a3677d82ea37a70180be", "131003a2e0f0dc3733981dd29800bfde5eac304eb28d73d026589d4901c1c18d", "7d7663db28899c9a083acfc7efc1942188b40296275fa322290622636533cf8f", "48b1c0ae81d355b8134e75c6a8de91b262e917e5e9c60e620a8d31e5cd53ce7d", "5f9a350b8ac57470c0b4065b7d70a86caa757ef6e7741b90751063b3472cbd7a"], "mitre_attack_tags": ["TA0005", "TA0003", "TA0004", "T1112", "T1547"]}, {"bi": "registry-winlogon-key-value-modified-to-userinit", "hashes": ["e2c66a3f9d630d1f9ee37cf0c56688133b2b13c73a03a3677d82ea37a70180be", "131003a2e0f0dc3733981dd29800bfde5eac304eb28d73d026589d4901c1c18d", "7d7663db28899c9a083acfc7efc1942188b40296275fa322290622636533cf8f", "48b1c0ae81d355b8134e75c6a8de91b262e917e5e9c60e620a8d31e5cd53ce7d", "5f9a350b8ac57470c0b4065b7d70a86caa757ef6e7741b90751063b3472cbd7a"], "mitre_attack_tags": ["TA0005", "TA0003", "TA0004", "T1112", "T1547"]}, {"bi": "netbios-query", "hashes": ["5ed3653e12a0fc82c9baa31ac4b7342ccb1a141e253689d5267a13c1bc6e01ce", "8608957106da74076ea69aaacc0995a7a2f166cc29d6fcc671c6e3c9ac98215f"], "mitre_attack_tags": ["TA0007", "T1016"]}, {"bi": "windows-util-attrib-hide", "hashes": ["e2c66a3f9d630d1f9ee37cf0c56688133b2b13c73a03a3677d82ea37a70180be", "48b1c0ae81d355b8134e75c6a8de91b262e917e5e9c60e620a8d31e5cd53ce7d"], "mitre_attack_tags": ["TA0005", "T1564"]}, {"bi": "file-attribute-modification", "hashes": ["e2c66a3f9d630d1f9ee37cf0c56688133b2b13c73a03a3677d82ea37a70180be", "48b1c0ae81d355b8134e75c6a8de91b262e917e5e9c60e620a8d31e5cd53ce7d"], "mitre_attack_tags": ["TA0005", "T1564"]}, {"bi": "artifact-windows-component-suspicious-creation", "hashes": ["30baaca5ee5a35349d194a6d64fcd398ee4e675303db3e1d4ff0018a374c14d0"], "mitre_attack_tags": ["TA0005", "TA0002", "T1036", "T1569"]}, {"bi": "artifact-exec-extension-obfuscation", "hashes": ["131003a2e0f0dc3733981dd29800bfde5eac304eb28d73d026589d4901c1c18d"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "dns-query-nxdomain", "hashes": ["98093405e0bfcfb47c5e7a153d84089d522aa83da6820c5f8b402fd8459821c1"], "mitre_attack_tags": []}, {"bi": "feed-domain-rat", "hashes": ["98093405e0bfcfb47c5e7a153d84089d522aa83da6820c5f8b402fd8459821c1"], "mitre_attack_tags": []}, {"bi": "feed-domain-antivirus-service", "hashes": ["98093405e0bfcfb47c5e7a153d84089d522aa83da6820c5f8b402fd8459821c1"], "mitre_attack_tags": []}, {"bi": "malware-misspell-binary", "hashes": ["98093405e0bfcfb47c5e7a153d84089d522aa83da6820c5f8b402fd8459821c1"], "mitre_attack_tags": ["TA0005", "T1036"]}], "category": "Packed", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": false, "Threat Grid": true, "Umbrella": false, "WSA": false}, "description": "DarkComet and related variants are a family of remote access trojans designed to provide an attacker with control over an infected system. Capabilities of this malware include the ability to download files from a user's machine, mechanisms for persistence and hiding, and the ability to send back usernames and passwords from the infected system.", "hashes": ["131003a2e0f0dc3733981dd29800bfde5eac304eb28d73d026589d4901c1c18d", "274e98365987db708a9f4f279f19c6f70383cbf18410fd601ffd7fefa16aaab4", "30baaca5ee5a35349d194a6d64fcd398ee4e675303db3e1d4ff0018a374c14d0", "48b1c0ae81d355b8134e75c6a8de91b262e917e5e9c60e620a8d31e5cd53ce7d", "514eb2f78c985682439cdfa719969687f7067dabe438fb7ba8b31f4be4cb0590", "5ed3653e12a0fc82c9baa31ac4b7342ccb1a141e253689d5267a13c1bc6e01ce", "5f9a350b8ac57470c0b4065b7d70a86caa757ef6e7741b90751063b3472cbd7a", "734835ef459b083345d198986b57f1bc05272cea844a26bf80260154107b63ee", "7d7663db28899c9a083acfc7efc1942188b40296275fa322290622636533cf8f", "8608957106da74076ea69aaacc0995a7a2f166cc29d6fcc671c6e3c9ac98215f", "98093405e0bfcfb47c5e7a153d84089d522aa83da6820c5f8b402fd8459821c1", "9e9acc5caea8367880ceacfaaa9160b7d63d71064ea8e5eface950e371244047", "afd67b81235161cdd4f8e06a81a7d8f5453cdbb11af7b1abcab5f58465d76b34", "e2c66a3f9d630d1f9ee37cf0c56688133b2b13c73a03a3677d82ea37a70180be"], "iocs": {"domain": [{"hashes": ["5ed3653e12a0fc82c9baa31ac4b7342ccb1a141e253689d5267a13c1bc6e01ce", "8608957106da74076ea69aaacc0995a7a2f166cc29d6fcc671c6e3c9ac98215f"], "host": "bakel[.]zapto[.]org"}, {"hashes": ["734835ef459b083345d198986b57f1bc05272cea844a26bf80260154107b63ee", "9e9acc5caea8367880ceacfaaa9160b7d63d71064ea8e5eface950e371244047"], "host": "voss-water[.]no-ip[.]biz"}, {"hashes": ["514eb2f78c985682439cdfa719969687f7067dabe438fb7ba8b31f4be4cb0590"], "host": "jesus123[.]no-ip[.]biz"}, {"hashes": ["30baaca5ee5a35349d194a6d64fcd398ee4e675303db3e1d4ff0018a374c14d0"], "host": "thunderbluet97[.]no-ip[.]org"}, {"hashes": ["98093405e0bfcfb47c5e7a153d84089d522aa83da6820c5f8b402fd8459821c1"], "host": "d0nuts[.]no-ip[.]biz"}, {"hashes": ["98093405e0bfcfb47c5e7a153d84089d522aa83da6820c5f8b402fd8459821c1"], "host": "srv4006607[.]uppcdn[.]com"}, {"hashes": ["274e98365987db708a9f4f279f19c6f70383cbf18410fd601ffd7fefa16aaab4"], "host": "ec542356yg[.]no-ip[.]org"}], "file": [{"hashes": ["131003a2e0f0dc3733981dd29800bfde5eac304eb28d73d026589d4901c1c18d", "274e98365987db708a9f4f279f19c6f70383cbf18410fd601ffd7fefa16aaab4", "30baaca5ee5a35349d194a6d64fcd398ee4e675303db3e1d4ff0018a374c14d0", "48b1c0ae81d355b8134e75c6a8de91b262e917e5e9c60e620a8d31e5cd53ce7d", "514eb2f78c985682439cdfa719969687f7067dabe438fb7ba8b31f4be4cb0590", "5ed3653e12a0fc82c9baa31ac4b7342ccb1a141e253689d5267a13c1bc6e01ce", "5f9a350b8ac57470c0b4065b7d70a86caa757ef6e7741b90751063b3472cbd7a", "734835ef459b083345d198986b57f1bc05272cea844a26bf80260154107b63ee", "7d7663db28899c9a083acfc7efc1942188b40296275fa322290622636533cf8f", "8608957106da74076ea69aaacc0995a7a2f166cc29d6fcc671c6e3c9ac98215f", "98093405e0bfcfb47c5e7a153d84089d522aa83da6820c5f8b402fd8459821c1", "9e9acc5caea8367880ceacfaaa9160b7d63d71064ea8e5eface950e371244047", "e2c66a3f9d630d1f9ee37cf0c56688133b2b13c73a03a3677d82ea37a70180be"], "path": "%TEMP%\\AppLunch"}, {"hashes": ["131003a2e0f0dc3733981dd29800bfde5eac304eb28d73d026589d4901c1c18d", "274e98365987db708a9f4f279f19c6f70383cbf18410fd601ffd7fefa16aaab4", "30baaca5ee5a35349d194a6d64fcd398ee4e675303db3e1d4ff0018a374c14d0", "48b1c0ae81d355b8134e75c6a8de91b262e917e5e9c60e620a8d31e5cd53ce7d", "514eb2f78c985682439cdfa719969687f7067dabe438fb7ba8b31f4be4cb0590", "5ed3653e12a0fc82c9baa31ac4b7342ccb1a141e253689d5267a13c1bc6e01ce", "5f9a350b8ac57470c0b4065b7d70a86caa757ef6e7741b90751063b3472cbd7a", "734835ef459b083345d198986b57f1bc05272cea844a26bf80260154107b63ee", "7d7663db28899c9a083acfc7efc1942188b40296275fa322290622636533cf8f", "8608957106da74076ea69aaacc0995a7a2f166cc29d6fcc671c6e3c9ac98215f", "98093405e0bfcfb47c5e7a153d84089d522aa83da6820c5f8b402fd8459821c1", "9e9acc5caea8367880ceacfaaa9160b7d63d71064ea8e5eface950e371244047", "e2c66a3f9d630d1f9ee37cf0c56688133b2b13c73a03a3677d82ea37a70180be"], "path": "%TEMP%\\AppLunch\\Cho.ine"}, {"hashes": ["274e98365987db708a9f4f279f19c6f70383cbf18410fd601ffd7fefa16aaab4", "30baaca5ee5a35349d194a6d64fcd398ee4e675303db3e1d4ff0018a374c14d0", "514eb2f78c985682439cdfa719969687f7067dabe438fb7ba8b31f4be4cb0590", "5ed3653e12a0fc82c9baa31ac4b7342ccb1a141e253689d5267a13c1bc6e01ce", "734835ef459b083345d198986b57f1bc05272cea844a26bf80260154107b63ee", "8608957106da74076ea69aaacc0995a7a2f166cc29d6fcc671c6e3c9ac98215f", "9e9acc5caea8367880ceacfaaa9160b7d63d71064ea8e5eface950e371244047"], "path": "%APPDATA%\\dclogs"}, {"hashes": ["48b1c0ae81d355b8134e75c6a8de91b262e917e5e9c60e620a8d31e5cd53ce7d", "7d7663db28899c9a083acfc7efc1942188b40296275fa322290622636533cf8f", "e2c66a3f9d630d1f9ee37cf0c56688133b2b13c73a03a3677d82ea37a70180be"], "path": "%HOMEPATH%\\Documents\\MSDCSC"}, {"hashes": ["48b1c0ae81d355b8134e75c6a8de91b262e917e5e9c60e620a8d31e5cd53ce7d", "7d7663db28899c9a083acfc7efc1942188b40296275fa322290622636533cf8f", "e2c66a3f9d630d1f9ee37cf0c56688133b2b13c73a03a3677d82ea37a70180be"], "path": "%HOMEPATH%\\Documents\\MSDCSC\\msdcsc.exe"}, {"hashes": ["131003a2e0f0dc3733981dd29800bfde5eac304eb28d73d026589d4901c1c18d", "274e98365987db708a9f4f279f19c6f70383cbf18410fd601ffd7fefa16aaab4", "5f9a350b8ac57470c0b4065b7d70a86caa757ef6e7741b90751063b3472cbd7a"], "path": "%TEMP%\\vbc"}, {"hashes": ["131003a2e0f0dc3733981dd29800bfde5eac304eb28d73d026589d4901c1c18d", "274e98365987db708a9f4f279f19c6f70383cbf18410fd601ffd7fefa16aaab4", "5f9a350b8ac57470c0b4065b7d70a86caa757ef6e7741b90751063b3472cbd7a"], "path": "%TEMP%\\vbc\\vbc.exe"}, {"hashes": ["5ed3653e12a0fc82c9baa31ac4b7342ccb1a141e253689d5267a13c1bc6e01ce", "8608957106da74076ea69aaacc0995a7a2f166cc29d6fcc671c6e3c9ac98215f"], "path": "%TEMP%\\Visual Basic Console"}, {"hashes": ["5ed3653e12a0fc82c9baa31ac4b7342ccb1a141e253689d5267a13c1bc6e01ce", "8608957106da74076ea69aaacc0995a7a2f166cc29d6fcc671c6e3c9ac98215f"], "path": "%TEMP%\\Visual Basic Console\\Visual Basic Console.exe"}, {"hashes": ["5f9a350b8ac57470c0b4065b7d70a86caa757ef6e7741b90751063b3472cbd7a"], "path": "%HOMEPATH%\\Documents\\DCSCMIN"}, {"hashes": ["5f9a350b8ac57470c0b4065b7d70a86caa757ef6e7741b90751063b3472cbd7a"], "path": "%HOMEPATH%\\Documents\\DCSCMIN\\IMDCSC.exe"}, {"hashes": ["30baaca5ee5a35349d194a6d64fcd398ee4e675303db3e1d4ff0018a374c14d0"], "path": "%TEMP%\\svchost"}, {"hashes": ["30baaca5ee5a35349d194a6d64fcd398ee4e675303db3e1d4ff0018a374c14d0"], "path": "%TEMP%\\svchost\\svchost.exe"}, {"hashes": ["131003a2e0f0dc3733981dd29800bfde5eac304eb28d73d026589d4901c1c18d"], "path": "%TEMP%\\test"}, {"hashes": ["514eb2f78c985682439cdfa719969687f7067dabe438fb7ba8b31f4be4cb0590"], "path": "%TEMP%\\sdfsdf"}, {"hashes": ["514eb2f78c985682439cdfa719969687f7067dabe438fb7ba8b31f4be4cb0590"], "path": "%TEMP%\\sdfsdf\\sdfsdf.exe"}, {"hashes": ["98093405e0bfcfb47c5e7a153d84089d522aa83da6820c5f8b402fd8459821c1"], "path": "%TEMP%\\tmp91.exe"}, {"hashes": ["98093405e0bfcfb47c5e7a153d84089d522aa83da6820c5f8b402fd8459821c1"], "path": "%TEMP%\\wupdate"}, {"hashes": ["98093405e0bfcfb47c5e7a153d84089d522aa83da6820c5f8b402fd8459821c1"], "path": "%TEMP%\\wupdate\\wupdate.exe"}], "ip": [], "mutex": [{"hashes": ["30baaca5ee5a35349d194a6d64fcd398ee4e675303db3e1d4ff0018a374c14d0", "514eb2f78c985682439cdfa719969687f7067dabe438fb7ba8b31f4be4cb0590", "5ed3653e12a0fc82c9baa31ac4b7342ccb1a141e253689d5267a13c1bc6e01ce", "734835ef459b083345d198986b57f1bc05272cea844a26bf80260154107b63ee", "8608957106da74076ea69aaacc0995a7a2f166cc29d6fcc671c6e3c9ac98215f", "98093405e0bfcfb47c5e7a153d84089d522aa83da6820c5f8b402fd8459821c1", "9e9acc5caea8367880ceacfaaa9160b7d63d71064ea8e5eface950e371244047"], "name": "DC_MUTEX-<random, matching [A-Z0-9]{7}>"}, {"hashes": ["274e98365987db708a9f4f279f19c6f70383cbf18410fd601ffd7fefa16aaab4"], "name": "DCMIN_MUTEX-UXH4D50"}], "registry": [{"hashes": ["131003a2e0f0dc3733981dd29800bfde5eac304eb28d73d026589d4901c1c18d", "274e98365987db708a9f4f279f19c6f70383cbf18410fd601ffd7fefa16aaab4", "30baaca5ee5a35349d194a6d64fcd398ee4e675303db3e1d4ff0018a374c14d0", "48b1c0ae81d355b8134e75c6a8de91b262e917e5e9c60e620a8d31e5cd53ce7d", "514eb2f78c985682439cdfa719969687f7067dabe438fb7ba8b31f4be4cb0590", "5ed3653e12a0fc82c9baa31ac4b7342ccb1a141e253689d5267a13c1bc6e01ce", "5f9a350b8ac57470c0b4065b7d70a86caa757ef6e7741b90751063b3472cbd7a", "734835ef459b083345d198986b57f1bc05272cea844a26bf80260154107b63ee", "7d7663db28899c9a083acfc7efc1942188b40296275fa322290622636533cf8f", "8608957106da74076ea69aaacc0995a7a2f166cc29d6fcc671c6e3c9ac98215f", "98093405e0bfcfb47c5e7a153d84089d522aa83da6820c5f8b402fd8459821c1", "9e9acc5caea8367880ceacfaaa9160b7d63d71064ea8e5eface950e371244047", "e2c66a3f9d630d1f9ee37cf0c56688133b2b13c73a03a3677d82ea37a70180be"], "key": "<HKCU>\\SOFTWARE\\DC3_FEXEC", "value_name": null}, {"hashes": ["131003a2e0f0dc3733981dd29800bfde5eac304eb28d73d026589d4901c1c18d", "48b1c0ae81d355b8134e75c6a8de91b262e917e5e9c60e620a8d31e5cd53ce7d", "5f9a350b8ac57470c0b4065b7d70a86caa757ef6e7741b90751063b3472cbd7a", "7d7663db28899c9a083acfc7efc1942188b40296275fa322290622636533cf8f", "e2c66a3f9d630d1f9ee37cf0c56688133b2b13c73a03a3677d82ea37a70180be"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINLOGON", "value_name": "UserInit"}, {"hashes": ["48b1c0ae81d355b8134e75c6a8de91b262e917e5e9c60e620a8d31e5cd53ce7d", "7d7663db28899c9a083acfc7efc1942188b40296275fa322290622636533cf8f", "e2c66a3f9d630d1f9ee37cf0c56688133b2b13c73a03a3677d82ea37a70180be"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "MicroUpdate"}, {"hashes": ["131003a2e0f0dc3733981dd29800bfde5eac304eb28d73d026589d4901c1c18d", "5f9a350b8ac57470c0b4065b7d70a86caa757ef6e7741b90751063b3472cbd7a", "e2c66a3f9d630d1f9ee37cf0c56688133b2b13c73a03a3677d82ea37a70180be"], "key": "<HKCR>\\LOCAL SETTINGS\\MUICACHE\\82\\52C64B7E", "value_name": "LanguageList"}, {"hashes": ["131003a2e0f0dc3733981dd29800bfde5eac304eb28d73d026589d4901c1c18d", "274e98365987db708a9f4f279f19c6f70383cbf18410fd601ffd7fefa16aaab4", "5f9a350b8ac57470c0b4065b7d70a86caa757ef6e7741b90751063b3472cbd7a"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "vbc"}, {"hashes": ["5ed3653e12a0fc82c9baa31ac4b7342ccb1a141e253689d5267a13c1bc6e01ce", "8608957106da74076ea69aaacc0995a7a2f166cc29d6fcc671c6e3c9ac98215f"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "Visual Basic Console"}, {"hashes": ["5f9a350b8ac57470c0b4065b7d70a86caa757ef6e7741b90751063b3472cbd7a"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "DarkComet RAT"}, {"hashes": ["514eb2f78c985682439cdfa719969687f7067dabe438fb7ba8b31f4be4cb0590"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "sdfsdf"}, {"hashes": ["131003a2e0f0dc3733981dd29800bfde5eac304eb28d73d026589d4901c1c18d"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "test"}, {"hashes": ["30baaca5ee5a35349d194a6d64fcd398ee4e675303db3e1d4ff0018a374c14d0"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "svchost"}, {"hashes": ["98093405e0bfcfb47c5e7a153d84089d522aa83da6820c5f8b402fd8459821c1"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "wupdate"}]}, "reports_count": 14}, "Win.Packed.Formbook-9994793-0": {"bis": [{"bi": "pe-encrypted-section", "hashes": ["880a6f3c4afc5c947d48dc37270a5802b967cbd0af49d291fddbb8a38a18d1bf", "bc6f62b0067cfa2b40571e869f9757fcfcc91ce95e057140757eb1d54513836a", "a811fab0870234aa3d7af40ce5a42e009eb341600c7968555853c2f2473bbeaa", "db14e99ef27cd34b8683f55fe26224400b4d9a2ef5498a8c8968782702e0dbec", "b9e9daf6bb717f1fcf48903988ff22e8d08a2d7df065f08d4f7051afced9d66c", "198059af372b0917f0956f52c31117a5c7e1f0fd50a18bde92aa37a791930f03", "d6ddfb183079fd5ea960c75022874f71bd25f9586c748ab9cec41e39e437e725", "b43c354874e511906b2a3abef9db96af2a2d0aec46c8d04fe7357bcebdf03a4f", "5d2841d221d5f4b73591f9972ece12a9382fb40146caa6e8691eba12ae138049", "5dc52da7b97835654bab2a3a39e93d412a50608bfd7dfccb87ff716c9aba6a37", "34444f68609f8bb2253146f628bf1d4aee1209e03daf5403af99aca970ef55ba", "2385c755372ca2515b6292191f16a197e5c82aaa7e40652b33690185c2d932de", "23a229335d91eae22c93b6bc7e57f7220bbc490af20e1580d5fdd4f3fc5327d1", "f90832c3ae71cb6a7b3cbfd91583bc682d8a78c45739201d59b6c5b56e580536", "6181b4c5486a0d60e6254433d64e2cdd71f5d10c76411b85a2ebfc369a1573bd", "05f0a9fc7417c605c638b3ffda615fd6b20795a82b0408fe3f42f055de85103d", "8e576e578efa64de8ed384743375e6bc3f3a074d508e510893cfe734cbfacef3", "adcb18871ff1d333a1f9170996a33c430610d03288d8def0cb010380f3d3791d", "cdf11f641788c28835c7205b496817c904a9c1ef6f7f390e5dce13d4ad93129a", "475ece56e57f220405bef9961b8e6013f839ef07eadea3f23790263f841d50dc", "f1b1e544557474eda8724e661a04df7560da10d5879e457675dc7a2e4c354ff9"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "memory-execute-readwrite", "hashes": ["880a6f3c4afc5c947d48dc37270a5802b967cbd0af49d291fddbb8a38a18d1bf", "bc6f62b0067cfa2b40571e869f9757fcfcc91ce95e057140757eb1d54513836a", "a811fab0870234aa3d7af40ce5a42e009eb341600c7968555853c2f2473bbeaa", "db14e99ef27cd34b8683f55fe26224400b4d9a2ef5498a8c8968782702e0dbec", "b9e9daf6bb717f1fcf48903988ff22e8d08a2d7df065f08d4f7051afced9d66c", "198059af372b0917f0956f52c31117a5c7e1f0fd50a18bde92aa37a791930f03", "d6ddfb183079fd5ea960c75022874f71bd25f9586c748ab9cec41e39e437e725", "b43c354874e511906b2a3abef9db96af2a2d0aec46c8d04fe7357bcebdf03a4f", "5d2841d221d5f4b73591f9972ece12a9382fb40146caa6e8691eba12ae138049", "5dc52da7b97835654bab2a3a39e93d412a50608bfd7dfccb87ff716c9aba6a37", "34444f68609f8bb2253146f628bf1d4aee1209e03daf5403af99aca970ef55ba", "2385c755372ca2515b6292191f16a197e5c82aaa7e40652b33690185c2d932de", "23a229335d91eae22c93b6bc7e57f7220bbc490af20e1580d5fdd4f3fc5327d1", "f90832c3ae71cb6a7b3cbfd91583bc682d8a78c45739201d59b6c5b56e580536", "6181b4c5486a0d60e6254433d64e2cdd71f5d10c76411b85a2ebfc369a1573bd", "05f0a9fc7417c605c638b3ffda615fd6b20795a82b0408fe3f42f055de85103d", "8e576e578efa64de8ed384743375e6bc3f3a074d508e510893cfe734cbfacef3", "adcb18871ff1d333a1f9170996a33c430610d03288d8def0cb010380f3d3791d", "cdf11f641788c28835c7205b496817c904a9c1ef6f7f390e5dce13d4ad93129a", "475ece56e57f220405bef9961b8e6013f839ef07eadea3f23790263f841d50dc", "f1b1e544557474eda8724e661a04df7560da10d5879e457675dc7a2e4c354ff9"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "artifact-flagged-anomaly", "hashes": ["880a6f3c4afc5c947d48dc37270a5802b967cbd0af49d291fddbb8a38a18d1bf", "bc6f62b0067cfa2b40571e869f9757fcfcc91ce95e057140757eb1d54513836a", "a811fab0870234aa3d7af40ce5a42e009eb341600c7968555853c2f2473bbeaa", "db14e99ef27cd34b8683f55fe26224400b4d9a2ef5498a8c8968782702e0dbec", "b9e9daf6bb717f1fcf48903988ff22e8d08a2d7df065f08d4f7051afced9d66c", "198059af372b0917f0956f52c31117a5c7e1f0fd50a18bde92aa37a791930f03", "d6ddfb183079fd5ea960c75022874f71bd25f9586c748ab9cec41e39e437e725", "b43c354874e511906b2a3abef9db96af2a2d0aec46c8d04fe7357bcebdf03a4f", "5d2841d221d5f4b73591f9972ece12a9382fb40146caa6e8691eba12ae138049", "5dc52da7b97835654bab2a3a39e93d412a50608bfd7dfccb87ff716c9aba6a37", "34444f68609f8bb2253146f628bf1d4aee1209e03daf5403af99aca970ef55ba", "2385c755372ca2515b6292191f16a197e5c82aaa7e40652b33690185c2d932de", "23a229335d91eae22c93b6bc7e57f7220bbc490af20e1580d5fdd4f3fc5327d1", "f90832c3ae71cb6a7b3cbfd91583bc682d8a78c45739201d59b6c5b56e580536", "6181b4c5486a0d60e6254433d64e2cdd71f5d10c76411b85a2ebfc369a1573bd", "05f0a9fc7417c605c638b3ffda615fd6b20795a82b0408fe3f42f055de85103d", "8e576e578efa64de8ed384743375e6bc3f3a074d508e510893cfe734cbfacef3", "adcb18871ff1d333a1f9170996a33c430610d03288d8def0cb010380f3d3791d", "cdf11f641788c28835c7205b496817c904a9c1ef6f7f390e5dce13d4ad93129a", "475ece56e57f220405bef9961b8e6013f839ef07eadea3f23790263f841d50dc", "f1b1e544557474eda8724e661a04df7560da10d5879e457675dc7a2e4c354ff9"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "excessive-foreign-memory-modification", "hashes": ["880a6f3c4afc5c947d48dc37270a5802b967cbd0af49d291fddbb8a38a18d1bf", "bc6f62b0067cfa2b40571e869f9757fcfcc91ce95e057140757eb1d54513836a", "a811fab0870234aa3d7af40ce5a42e009eb341600c7968555853c2f2473bbeaa", "db14e99ef27cd34b8683f55fe26224400b4d9a2ef5498a8c8968782702e0dbec", "b9e9daf6bb717f1fcf48903988ff22e8d08a2d7df065f08d4f7051afced9d66c", "198059af372b0917f0956f52c31117a5c7e1f0fd50a18bde92aa37a791930f03", "d6ddfb183079fd5ea960c75022874f71bd25f9586c748ab9cec41e39e437e725", "b43c354874e511906b2a3abef9db96af2a2d0aec46c8d04fe7357bcebdf03a4f", "5d2841d221d5f4b73591f9972ece12a9382fb40146caa6e8691eba12ae138049", "5dc52da7b97835654bab2a3a39e93d412a50608bfd7dfccb87ff716c9aba6a37", "34444f68609f8bb2253146f628bf1d4aee1209e03daf5403af99aca970ef55ba", "2385c755372ca2515b6292191f16a197e5c82aaa7e40652b33690185c2d932de", "23a229335d91eae22c93b6bc7e57f7220bbc490af20e1580d5fdd4f3fc5327d1", "f90832c3ae71cb6a7b3cbfd91583bc682d8a78c45739201d59b6c5b56e580536", "6181b4c5486a0d60e6254433d64e2cdd71f5d10c76411b85a2ebfc369a1573bd", "05f0a9fc7417c605c638b3ffda615fd6b20795a82b0408fe3f42f055de85103d", "8e576e578efa64de8ed384743375e6bc3f3a074d508e510893cfe734cbfacef3", "adcb18871ff1d333a1f9170996a33c430610d03288d8def0cb010380f3d3791d", "cdf11f641788c28835c7205b496817c904a9c1ef6f7f390e5dce13d4ad93129a", "475ece56e57f220405bef9961b8e6013f839ef07eadea3f23790263f841d50dc", "f1b1e544557474eda8724e661a04df7560da10d5879e457675dc7a2e4c354ff9"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "pe-uses-dot-net", "hashes": ["880a6f3c4afc5c947d48dc37270a5802b967cbd0af49d291fddbb8a38a18d1bf", "bc6f62b0067cfa2b40571e869f9757fcfcc91ce95e057140757eb1d54513836a", "a811fab0870234aa3d7af40ce5a42e009eb341600c7968555853c2f2473bbeaa", "db14e99ef27cd34b8683f55fe26224400b4d9a2ef5498a8c8968782702e0dbec", "b9e9daf6bb717f1fcf48903988ff22e8d08a2d7df065f08d4f7051afced9d66c", "198059af372b0917f0956f52c31117a5c7e1f0fd50a18bde92aa37a791930f03", "d6ddfb183079fd5ea960c75022874f71bd25f9586c748ab9cec41e39e437e725", "b43c354874e511906b2a3abef9db96af2a2d0aec46c8d04fe7357bcebdf03a4f", "5d2841d221d5f4b73591f9972ece12a9382fb40146caa6e8691eba12ae138049", "5dc52da7b97835654bab2a3a39e93d412a50608bfd7dfccb87ff716c9aba6a37", "34444f68609f8bb2253146f628bf1d4aee1209e03daf5403af99aca970ef55ba", "2385c755372ca2515b6292191f16a197e5c82aaa7e40652b33690185c2d932de", "23a229335d91eae22c93b6bc7e57f7220bbc490af20e1580d5fdd4f3fc5327d1", "f90832c3ae71cb6a7b3cbfd91583bc682d8a78c45739201d59b6c5b56e580536", "6181b4c5486a0d60e6254433d64e2cdd71f5d10c76411b85a2ebfc369a1573bd", "05f0a9fc7417c605c638b3ffda615fd6b20795a82b0408fe3f42f055de85103d", "8e576e578efa64de8ed384743375e6bc3f3a074d508e510893cfe734cbfacef3", "adcb18871ff1d333a1f9170996a33c430610d03288d8def0cb010380f3d3791d", "cdf11f641788c28835c7205b496817c904a9c1ef6f7f390e5dce13d4ad93129a", "475ece56e57f220405bef9961b8e6013f839ef07eadea3f23790263f841d50dc", "f1b1e544557474eda8724e661a04df7560da10d5879e457675dc7a2e4c354ff9"], "mitre_attack_tags": []}, {"bi": "pe-header-linker-major", "hashes": ["880a6f3c4afc5c947d48dc37270a5802b967cbd0af49d291fddbb8a38a18d1bf", "bc6f62b0067cfa2b40571e869f9757fcfcc91ce95e057140757eb1d54513836a", "a811fab0870234aa3d7af40ce5a42e009eb341600c7968555853c2f2473bbeaa", "db14e99ef27cd34b8683f55fe26224400b4d9a2ef5498a8c8968782702e0dbec", "b9e9daf6bb717f1fcf48903988ff22e8d08a2d7df065f08d4f7051afced9d66c", "198059af372b0917f0956f52c31117a5c7e1f0fd50a18bde92aa37a791930f03", "d6ddfb183079fd5ea960c75022874f71bd25f9586c748ab9cec41e39e437e725", "b43c354874e511906b2a3abef9db96af2a2d0aec46c8d04fe7357bcebdf03a4f", "5d2841d221d5f4b73591f9972ece12a9382fb40146caa6e8691eba12ae138049", "5dc52da7b97835654bab2a3a39e93d412a50608bfd7dfccb87ff716c9aba6a37", "34444f68609f8bb2253146f628bf1d4aee1209e03daf5403af99aca970ef55ba", "2385c755372ca2515b6292191f16a197e5c82aaa7e40652b33690185c2d932de", "23a229335d91eae22c93b6bc7e57f7220bbc490af20e1580d5fdd4f3fc5327d1", "f90832c3ae71cb6a7b3cbfd91583bc682d8a78c45739201d59b6c5b56e580536", "6181b4c5486a0d60e6254433d64e2cdd71f5d10c76411b85a2ebfc369a1573bd", "05f0a9fc7417c605c638b3ffda615fd6b20795a82b0408fe3f42f055de85103d", "8e576e578efa64de8ed384743375e6bc3f3a074d508e510893cfe734cbfacef3", "adcb18871ff1d333a1f9170996a33c430610d03288d8def0cb010380f3d3791d", "cdf11f641788c28835c7205b496817c904a9c1ef6f7f390e5dce13d4ad93129a", "475ece56e57f220405bef9961b8e6013f839ef07eadea3f23790263f841d50dc", "f1b1e544557474eda8724e661a04df7560da10d5879e457675dc7a2e4c354ff9"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "process-hollowing-detected", "hashes": ["bc6f62b0067cfa2b40571e869f9757fcfcc91ce95e057140757eb1d54513836a", "a811fab0870234aa3d7af40ce5a42e009eb341600c7968555853c2f2473bbeaa", "db14e99ef27cd34b8683f55fe26224400b4d9a2ef5498a8c8968782702e0dbec", "b9e9daf6bb717f1fcf48903988ff22e8d08a2d7df065f08d4f7051afced9d66c", "198059af372b0917f0956f52c31117a5c7e1f0fd50a18bde92aa37a791930f03", "d6ddfb183079fd5ea960c75022874f71bd25f9586c748ab9cec41e39e437e725", "b43c354874e511906b2a3abef9db96af2a2d0aec46c8d04fe7357bcebdf03a4f", "5d2841d221d5f4b73591f9972ece12a9382fb40146caa6e8691eba12ae138049", "5dc52da7b97835654bab2a3a39e93d412a50608bfd7dfccb87ff716c9aba6a37", "34444f68609f8bb2253146f628bf1d4aee1209e03daf5403af99aca970ef55ba", "2385c755372ca2515b6292191f16a197e5c82aaa7e40652b33690185c2d932de", "23a229335d91eae22c93b6bc7e57f7220bbc490af20e1580d5fdd4f3fc5327d1", "f90832c3ae71cb6a7b3cbfd91583bc682d8a78c45739201d59b6c5b56e580536", "6181b4c5486a0d60e6254433d64e2cdd71f5d10c76411b85a2ebfc369a1573bd", "05f0a9fc7417c605c638b3ffda615fd6b20795a82b0408fe3f42f055de85103d", "8e576e578efa64de8ed384743375e6bc3f3a074d508e510893cfe734cbfacef3", "adcb18871ff1d333a1f9170996a33c430610d03288d8def0cb010380f3d3791d", "cdf11f641788c28835c7205b496817c904a9c1ef6f7f390e5dce13d4ad93129a", "475ece56e57f220405bef9961b8e6013f839ef07eadea3f23790263f841d50dc", "f1b1e544557474eda8724e661a04df7560da10d5879e457675dc7a2e4c354ff9"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["880a6f3c4afc5c947d48dc37270a5802b967cbd0af49d291fddbb8a38a18d1bf", "bc6f62b0067cfa2b40571e869f9757fcfcc91ce95e057140757eb1d54513836a", "a811fab0870234aa3d7af40ce5a42e009eb341600c7968555853c2f2473bbeaa", "db14e99ef27cd34b8683f55fe26224400b4d9a2ef5498a8c8968782702e0dbec", "b9e9daf6bb717f1fcf48903988ff22e8d08a2d7df065f08d4f7051afced9d66c", "198059af372b0917f0956f52c31117a5c7e1f0fd50a18bde92aa37a791930f03", "d6ddfb183079fd5ea960c75022874f71bd25f9586c748ab9cec41e39e437e725", "b43c354874e511906b2a3abef9db96af2a2d0aec46c8d04fe7357bcebdf03a4f", "5d2841d221d5f4b73591f9972ece12a9382fb40146caa6e8691eba12ae138049", "34444f68609f8bb2253146f628bf1d4aee1209e03daf5403af99aca970ef55ba", "23a229335d91eae22c93b6bc7e57f7220bbc490af20e1580d5fdd4f3fc5327d1", "f90832c3ae71cb6a7b3cbfd91583bc682d8a78c45739201d59b6c5b56e580536", "6181b4c5486a0d60e6254433d64e2cdd71f5d10c76411b85a2ebfc369a1573bd", "05f0a9fc7417c605c638b3ffda615fd6b20795a82b0408fe3f42f055de85103d", "8e576e578efa64de8ed384743375e6bc3f3a074d508e510893cfe734cbfacef3", "adcb18871ff1d333a1f9170996a33c430610d03288d8def0cb010380f3d3791d", "cdf11f641788c28835c7205b496817c904a9c1ef6f7f390e5dce13d4ad93129a", "475ece56e57f220405bef9961b8e6013f839ef07eadea3f23790263f841d50dc", "f1b1e544557474eda8724e661a04df7560da10d5879e457675dc7a2e4c354ff9"], "mitre_attack_tags": []}, {"bi": "sample-launched-copy-of-self", "hashes": ["880a6f3c4afc5c947d48dc37270a5802b967cbd0af49d291fddbb8a38a18d1bf", "a811fab0870234aa3d7af40ce5a42e009eb341600c7968555853c2f2473bbeaa", "db14e99ef27cd34b8683f55fe26224400b4d9a2ef5498a8c8968782702e0dbec", "b9e9daf6bb717f1fcf48903988ff22e8d08a2d7df065f08d4f7051afced9d66c", "198059af372b0917f0956f52c31117a5c7e1f0fd50a18bde92aa37a791930f03", "b43c354874e511906b2a3abef9db96af2a2d0aec46c8d04fe7357bcebdf03a4f", "5d2841d221d5f4b73591f9972ece12a9382fb40146caa6e8691eba12ae138049", "5dc52da7b97835654bab2a3a39e93d412a50608bfd7dfccb87ff716c9aba6a37", "34444f68609f8bb2253146f628bf1d4aee1209e03daf5403af99aca970ef55ba", "2385c755372ca2515b6292191f16a197e5c82aaa7e40652b33690185c2d932de", "23a229335d91eae22c93b6bc7e57f7220bbc490af20e1580d5fdd4f3fc5327d1", "f90832c3ae71cb6a7b3cbfd91583bc682d8a78c45739201d59b6c5b56e580536", "6181b4c5486a0d60e6254433d64e2cdd71f5d10c76411b85a2ebfc369a1573bd", "05f0a9fc7417c605c638b3ffda615fd6b20795a82b0408fe3f42f055de85103d", "adcb18871ff1d333a1f9170996a33c430610d03288d8def0cb010380f3d3791d", "cdf11f641788c28835c7205b496817c904a9c1ef6f7f390e5dce13d4ad93129a", "475ece56e57f220405bef9961b8e6013f839ef07eadea3f23790263f841d50dc", "f1b1e544557474eda8724e661a04df7560da10d5879e457675dc7a2e4c354ff9"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "file-ini-read", "hashes": ["880a6f3c4afc5c947d48dc37270a5802b967cbd0af49d291fddbb8a38a18d1bf", "b9e9daf6bb717f1fcf48903988ff22e8d08a2d7df065f08d4f7051afced9d66c", "198059af372b0917f0956f52c31117a5c7e1f0fd50a18bde92aa37a791930f03", "34444f68609f8bb2253146f628bf1d4aee1209e03daf5403af99aca970ef55ba", "2385c755372ca2515b6292191f16a197e5c82aaa7e40652b33690185c2d932de", "23a229335d91eae22c93b6bc7e57f7220bbc490af20e1580d5fdd4f3fc5327d1", "f90832c3ae71cb6a7b3cbfd91583bc682d8a78c45739201d59b6c5b56e580536", "05f0a9fc7417c605c638b3ffda615fd6b20795a82b0408fe3f42f055de85103d", "adcb18871ff1d333a1f9170996a33c430610d03288d8def0cb010380f3d3791d", "475ece56e57f220405bef9961b8e6013f839ef07eadea3f23790263f841d50dc", "f1b1e544557474eda8724e661a04df7560da10d5879e457675dc7a2e4c354ff9"], "mitre_attack_tags": []}, {"bi": "windows-vault-api", "hashes": ["880a6f3c4afc5c947d48dc37270a5802b967cbd0af49d291fddbb8a38a18d1bf", "b9e9daf6bb717f1fcf48903988ff22e8d08a2d7df065f08d4f7051afced9d66c", "198059af372b0917f0956f52c31117a5c7e1f0fd50a18bde92aa37a791930f03", "34444f68609f8bb2253146f628bf1d4aee1209e03daf5403af99aca970ef55ba", "2385c755372ca2515b6292191f16a197e5c82aaa7e40652b33690185c2d932de", "23a229335d91eae22c93b6bc7e57f7220bbc490af20e1580d5fdd4f3fc5327d1", "f90832c3ae71cb6a7b3cbfd91583bc682d8a78c45739201d59b6c5b56e580536", "05f0a9fc7417c605c638b3ffda615fd6b20795a82b0408fe3f42f055de85103d", "adcb18871ff1d333a1f9170996a33c430610d03288d8def0cb010380f3d3791d", "475ece56e57f220405bef9961b8e6013f839ef07eadea3f23790263f841d50dc", "f1b1e544557474eda8724e661a04df7560da10d5879e457675dc7a2e4c354ff9"], "mitre_attack_tags": ["TA0006", "T1003", "T1555"]}, {"bi": "firefox-password-manager-local-database-access", "hashes": ["880a6f3c4afc5c947d48dc37270a5802b967cbd0af49d291fddbb8a38a18d1bf", "b9e9daf6bb717f1fcf48903988ff22e8d08a2d7df065f08d4f7051afced9d66c", "198059af372b0917f0956f52c31117a5c7e1f0fd50a18bde92aa37a791930f03", "34444f68609f8bb2253146f628bf1d4aee1209e03daf5403af99aca970ef55ba", "2385c755372ca2515b6292191f16a197e5c82aaa7e40652b33690185c2d932de", "23a229335d91eae22c93b6bc7e57f7220bbc490af20e1580d5fdd4f3fc5327d1", "f90832c3ae71cb6a7b3cbfd91583bc682d8a78c45739201d59b6c5b56e580536", "05f0a9fc7417c605c638b3ffda615fd6b20795a82b0408fe3f42f055de85103d", "adcb18871ff1d333a1f9170996a33c430610d03288d8def0cb010380f3d3791d", "475ece56e57f220405bef9961b8e6013f839ef07eadea3f23790263f841d50dc", "f1b1e544557474eda8724e661a04df7560da10d5879e457675dc7a2e4c354ff9"], "mitre_attack_tags": ["TA0006", "T1003"]}, {"bi": "enumeration-browser-information", "hashes": ["880a6f3c4afc5c947d48dc37270a5802b967cbd0af49d291fddbb8a38a18d1bf", "b9e9daf6bb717f1fcf48903988ff22e8d08a2d7df065f08d4f7051afced9d66c", "198059af372b0917f0956f52c31117a5c7e1f0fd50a18bde92aa37a791930f03", "34444f68609f8bb2253146f628bf1d4aee1209e03daf5403af99aca970ef55ba", "2385c755372ca2515b6292191f16a197e5c82aaa7e40652b33690185c2d932de", "23a229335d91eae22c93b6bc7e57f7220bbc490af20e1580d5fdd4f3fc5327d1", "f90832c3ae71cb6a7b3cbfd91583bc682d8a78c45739201d59b6c5b56e580536", "05f0a9fc7417c605c638b3ffda615fd6b20795a82b0408fe3f42f055de85103d", "adcb18871ff1d333a1f9170996a33c430610d03288d8def0cb010380f3d3791d", "475ece56e57f220405bef9961b8e6013f839ef07eadea3f23790263f841d50dc", "f1b1e544557474eda8724e661a04df7560da10d5879e457675dc7a2e4c354ff9"], "mitre_attack_tags": ["TA0007", "TA0009", "TA0006", "T1083", "T1217", "T1005", "T1119", "T1552", "T1539", "T1555"]}, {"bi": "malware-generic-infostealer", "hashes": ["880a6f3c4afc5c947d48dc37270a5802b967cbd0af49d291fddbb8a38a18d1bf", "b9e9daf6bb717f1fcf48903988ff22e8d08a2d7df065f08d4f7051afced9d66c", "198059af372b0917f0956f52c31117a5c7e1f0fd50a18bde92aa37a791930f03", "34444f68609f8bb2253146f628bf1d4aee1209e03daf5403af99aca970ef55ba", "2385c755372ca2515b6292191f16a197e5c82aaa7e40652b33690185c2d932de", "23a229335d91eae22c93b6bc7e57f7220bbc490af20e1580d5fdd4f3fc5327d1", "f90832c3ae71cb6a7b3cbfd91583bc682d8a78c45739201d59b6c5b56e580536", "05f0a9fc7417c605c638b3ffda615fd6b20795a82b0408fe3f42f055de85103d", "adcb18871ff1d333a1f9170996a33c430610d03288d8def0cb010380f3d3791d", "475ece56e57f220405bef9961b8e6013f839ef07eadea3f23790263f841d50dc", "f1b1e544557474eda8724e661a04df7560da10d5879e457675dc7a2e4c354ff9"], "mitre_attack_tags": ["TA0007", "TA0009", "TA0006", "T1083", "T1005", "T1119", "T1552"]}, {"bi": "network-only-safe-domains-contacted", "hashes": ["b9e9daf6bb717f1fcf48903988ff22e8d08a2d7df065f08d4f7051afced9d66c", "d6ddfb183079fd5ea960c75022874f71bd25f9586c748ab9cec41e39e437e725", "b43c354874e511906b2a3abef9db96af2a2d0aec46c8d04fe7357bcebdf03a4f", "5d2841d221d5f4b73591f9972ece12a9382fb40146caa6e8691eba12ae138049", "2385c755372ca2515b6292191f16a197e5c82aaa7e40652b33690185c2d932de", "adcb18871ff1d333a1f9170996a33c430610d03288d8def0cb010380f3d3791d", "cdf11f641788c28835c7205b496817c904a9c1ef6f7f390e5dce13d4ad93129a"], "mitre_attack_tags": []}, {"bi": "public-ip-address-identification-attempt", "hashes": ["b9e9daf6bb717f1fcf48903988ff22e8d08a2d7df065f08d4f7051afced9d66c", "d6ddfb183079fd5ea960c75022874f71bd25f9586c748ab9cec41e39e437e725", "b43c354874e511906b2a3abef9db96af2a2d0aec46c8d04fe7357bcebdf03a4f", "5d2841d221d5f4b73591f9972ece12a9382fb40146caa6e8691eba12ae138049", "2385c755372ca2515b6292191f16a197e5c82aaa7e40652b33690185c2d932de", "adcb18871ff1d333a1f9170996a33c430610d03288d8def0cb010380f3d3791d", "cdf11f641788c28835c7205b496817c904a9c1ef6f7f390e5dce13d4ad93129a"], "mitre_attack_tags": ["TA0007", "T1082", "T1016"]}, {"bi": "modified-executable", "hashes": ["bc6f62b0067cfa2b40571e869f9757fcfcc91ce95e057140757eb1d54513836a", "b9e9daf6bb717f1fcf48903988ff22e8d08a2d7df065f08d4f7051afced9d66c", "198059af372b0917f0956f52c31117a5c7e1f0fd50a18bde92aa37a791930f03", "d6ddfb183079fd5ea960c75022874f71bd25f9586c748ab9cec41e39e437e725", "2385c755372ca2515b6292191f16a197e5c82aaa7e40652b33690185c2d932de", "adcb18871ff1d333a1f9170996a33c430610d03288d8def0cb010380f3d3791d"], "mitre_attack_tags": []}, {"bi": "created-executable-in-user-dir", "hashes": ["bc6f62b0067cfa2b40571e869f9757fcfcc91ce95e057140757eb1d54513836a", "b9e9daf6bb717f1fcf48903988ff22e8d08a2d7df065f08d4f7051afced9d66c", "198059af372b0917f0956f52c31117a5c7e1f0fd50a18bde92aa37a791930f03", "d6ddfb183079fd5ea960c75022874f71bd25f9586c748ab9cec41e39e437e725", "2385c755372ca2515b6292191f16a197e5c82aaa7e40652b33690185c2d932de", "adcb18871ff1d333a1f9170996a33c430610d03288d8def0cb010380f3d3791d"], "mitre_attack_tags": []}, {"bi": "modified-file-in-user-dir", "hashes": ["bc6f62b0067cfa2b40571e869f9757fcfcc91ce95e057140757eb1d54513836a", "b9e9daf6bb717f1fcf48903988ff22e8d08a2d7df065f08d4f7051afced9d66c", "198059af372b0917f0956f52c31117a5c7e1f0fd50a18bde92aa37a791930f03", "d6ddfb183079fd5ea960c75022874f71bd25f9586c748ab9cec41e39e437e725", "2385c755372ca2515b6292191f16a197e5c82aaa7e40652b33690185c2d932de", "adcb18871ff1d333a1f9170996a33c430610d03288d8def0cb010380f3d3791d"], "mitre_attack_tags": []}, {"bi": "artifact-flagged-obfuscation", "hashes": ["bc6f62b0067cfa2b40571e869f9757fcfcc91ce95e057140757eb1d54513836a", "b9e9daf6bb717f1fcf48903988ff22e8d08a2d7df065f08d4f7051afced9d66c", "198059af372b0917f0956f52c31117a5c7e1f0fd50a18bde92aa37a791930f03", "d6ddfb183079fd5ea960c75022874f71bd25f9586c748ab9cec41e39e437e725", "2385c755372ca2515b6292191f16a197e5c82aaa7e40652b33690185c2d932de", "adcb18871ff1d333a1f9170996a33c430610d03288d8def0cb010380f3d3791d"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "artifact-windows-task", "hashes": ["bc6f62b0067cfa2b40571e869f9757fcfcc91ce95e057140757eb1d54513836a", "b9e9daf6bb717f1fcf48903988ff22e8d08a2d7df065f08d4f7051afced9d66c", "198059af372b0917f0956f52c31117a5c7e1f0fd50a18bde92aa37a791930f03", "d6ddfb183079fd5ea960c75022874f71bd25f9586c748ab9cec41e39e437e725", "2385c755372ca2515b6292191f16a197e5c82aaa7e40652b33690185c2d932de", "adcb18871ff1d333a1f9170996a33c430610d03288d8def0cb010380f3d3791d"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1053"]}, {"bi": "windows-util-schtask", "hashes": ["bc6f62b0067cfa2b40571e869f9757fcfcc91ce95e057140757eb1d54513836a", "b9e9daf6bb717f1fcf48903988ff22e8d08a2d7df065f08d4f7051afced9d66c", "198059af372b0917f0956f52c31117a5c7e1f0fd50a18bde92aa37a791930f03", "d6ddfb183079fd5ea960c75022874f71bd25f9586c748ab9cec41e39e437e725", "2385c755372ca2515b6292191f16a197e5c82aaa7e40652b33690185c2d932de", "adcb18871ff1d333a1f9170996a33c430610d03288d8def0cb010380f3d3791d"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1053"]}, {"bi": "windows-util-schtask-generic", "hashes": ["bc6f62b0067cfa2b40571e869f9757fcfcc91ce95e057140757eb1d54513836a", "b9e9daf6bb717f1fcf48903988ff22e8d08a2d7df065f08d4f7051afced9d66c", "198059af372b0917f0956f52c31117a5c7e1f0fd50a18bde92aa37a791930f03", "d6ddfb183079fd5ea960c75022874f71bd25f9586c748ab9cec41e39e437e725", "2385c755372ca2515b6292191f16a197e5c82aaa7e40652b33690185c2d932de", "adcb18871ff1d333a1f9170996a33c430610d03288d8def0cb010380f3d3791d"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1053"]}, {"bi": "task-pointed-to-appdata-directory", "hashes": ["bc6f62b0067cfa2b40571e869f9757fcfcc91ce95e057140757eb1d54513836a", "b9e9daf6bb717f1fcf48903988ff22e8d08a2d7df065f08d4f7051afced9d66c", "198059af372b0917f0956f52c31117a5c7e1f0fd50a18bde92aa37a791930f03", "d6ddfb183079fd5ea960c75022874f71bd25f9586c748ab9cec41e39e437e725", "2385c755372ca2515b6292191f16a197e5c82aaa7e40652b33690185c2d932de", "adcb18871ff1d333a1f9170996a33c430610d03288d8def0cb010380f3d3791d"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1053"]}, {"bi": "sc-service-stop-windefend", "hashes": ["bc6f62b0067cfa2b40571e869f9757fcfcc91ce95e057140757eb1d54513836a", "b9e9daf6bb717f1fcf48903988ff22e8d08a2d7df065f08d4f7051afced9d66c", "198059af372b0917f0956f52c31117a5c7e1f0fd50a18bde92aa37a791930f03", "d6ddfb183079fd5ea960c75022874f71bd25f9586c748ab9cec41e39e437e725", "2385c755372ca2515b6292191f16a197e5c82aaa7e40652b33690185c2d932de", "adcb18871ff1d333a1f9170996a33c430610d03288d8def0cb010380f3d3791d"], "mitre_attack_tags": ["TA0005", "T1562"]}, {"bi": "created-executable-sample-appdata", "hashes": ["bc6f62b0067cfa2b40571e869f9757fcfcc91ce95e057140757eb1d54513836a", "b9e9daf6bb717f1fcf48903988ff22e8d08a2d7df065f08d4f7051afced9d66c", "198059af372b0917f0956f52c31117a5c7e1f0fd50a18bde92aa37a791930f03", "d6ddfb183079fd5ea960c75022874f71bd25f9586c748ab9cec41e39e437e725", "2385c755372ca2515b6292191f16a197e5c82aaa7e40652b33690185c2d932de", "adcb18871ff1d333a1f9170996a33c430610d03288d8def0cb010380f3d3791d"], "mitre_attack_tags": ["TA0005", "T1564"]}, {"bi": "network-fast-flux-domain", "hashes": ["b9e9daf6bb717f1fcf48903988ff22e8d08a2d7df065f08d4f7051afced9d66c", "d6ddfb183079fd5ea960c75022874f71bd25f9586c748ab9cec41e39e437e725", "2385c755372ca2515b6292191f16a197e5c82aaa7e40652b33690185c2d932de", "adcb18871ff1d333a1f9170996a33c430610d03288d8def0cb010380f3d3791d", "cdf11f641788c28835c7205b496817c904a9c1ef6f7f390e5dce13d4ad93129a"], "mitre_attack_tags": []}, {"bi": "network-communications-http-get", "hashes": ["d6ddfb183079fd5ea960c75022874f71bd25f9586c748ab9cec41e39e437e725", "b43c354874e511906b2a3abef9db96af2a2d0aec46c8d04fe7357bcebdf03a4f", "5d2841d221d5f4b73591f9972ece12a9382fb40146caa6e8691eba12ae138049", "cdf11f641788c28835c7205b496817c904a9c1ef6f7f390e5dce13d4ad93129a"], "mitre_attack_tags": ["TA0011", "T1105"]}, {"bi": "dns-dynamic-domain", "hashes": ["d6ddfb183079fd5ea960c75022874f71bd25f9586c748ab9cec41e39e437e725", "b43c354874e511906b2a3abef9db96af2a2d0aec46c8d04fe7357bcebdf03a4f", "5d2841d221d5f4b73591f9972ece12a9382fb40146caa6e8691eba12ae138049", "cdf11f641788c28835c7205b496817c904a9c1ef6f7f390e5dce13d4ad93129a"], "mitre_attack_tags": ["TA0011", "T1568"]}, {"bi": "network-snort-indicator-compromise", "hashes": ["d6ddfb183079fd5ea960c75022874f71bd25f9586c748ab9cec41e39e437e725", "b43c354874e511906b2a3abef9db96af2a2d0aec46c8d04fe7357bcebdf03a4f", "5d2841d221d5f4b73591f9972ece12a9382fb40146caa6e8691eba12ae138049", "cdf11f641788c28835c7205b496817c904a9c1ef6f7f390e5dce13d4ad93129a"], "mitre_attack_tags": []}, {"bi": "registry-autorun-key-data-dir", "hashes": ["2385c755372ca2515b6292191f16a197e5c82aaa7e40652b33690185c2d932de", "adcb18871ff1d333a1f9170996a33c430610d03288d8def0cb010380f3d3791d"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "registry-autorun-key-modified", "hashes": ["2385c755372ca2515b6292191f16a197e5c82aaa7e40652b33690185c2d932de", "adcb18871ff1d333a1f9170996a33c430610d03288d8def0cb010380f3d3791d"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "registry-autorun-suspicious-public-ip", "hashes": ["2385c755372ca2515b6292191f16a197e5c82aaa7e40652b33690185c2d932de", "adcb18871ff1d333a1f9170996a33c430610d03288d8def0cb010380f3d3791d"], "mitre_attack_tags": []}, {"bi": "process-check-zone-identifier", "hashes": ["2385c755372ca2515b6292191f16a197e5c82aaa7e40652b33690185c2d932de", "adcb18871ff1d333a1f9170996a33c430610d03288d8def0cb010380f3d3791d"], "mitre_attack_tags": ["TA0007", "TA0005", "T1518", "T1553"]}, {"bi": "process-created-executable-autorun", "hashes": ["2385c755372ca2515b6292191f16a197e5c82aaa7e40652b33690185c2d932de", "adcb18871ff1d333a1f9170996a33c430610d03288d8def0cb010380f3d3791d"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "dot-net-process-hollowing-detected", "hashes": ["d6ddfb183079fd5ea960c75022874f71bd25f9586c748ab9cec41e39e437e725"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "microsoft-block-rule-list-app-executed", "hashes": ["d6ddfb183079fd5ea960c75022874f71bd25f9586c748ab9cec41e39e437e725"], "mitre_attack_tags": ["TA0005", "T1562"]}, {"bi": "feed-public-ip-check-dns", "hashes": ["adcb18871ff1d333a1f9170996a33c430610d03288d8def0cb010380f3d3791d"], "mitre_attack_tags": []}, {"bi": "firefox-cookie-read", "hashes": ["adcb18871ff1d333a1f9170996a33c430610d03288d8def0cb010380f3d3791d"], "mitre_attack_tags": ["TA0009", "T1005", "T1119"]}, {"bi": "network-telegram-domain-detected", "hashes": ["adcb18871ff1d333a1f9170996a33c430610d03288d8def0cb010380f3d3791d"], "mitre_attack_tags": ["TA0011", "T1102"]}], "category": "Packed", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": true, "Threat Grid": true, "Umbrella": false, "WSA": false}, "description": "Formbook is an information stealer that attempts to collect sensitive information from an infected machine by logging keystrokes, stealing saved web browser credentials, and monitoring information copied to the clipboard.", "hashes": ["05f0a9fc7417c605c638b3ffda615fd6b20795a82b0408fe3f42f055de85103d", "198059af372b0917f0956f52c31117a5c7e1f0fd50a18bde92aa37a791930f03", "2385c755372ca2515b6292191f16a197e5c82aaa7e40652b33690185c2d932de", "23a229335d91eae22c93b6bc7e57f7220bbc490af20e1580d5fdd4f3fc5327d1", "34444f68609f8bb2253146f628bf1d4aee1209e03daf5403af99aca970ef55ba", "475ece56e57f220405bef9961b8e6013f839ef07eadea3f23790263f841d50dc", "5d2841d221d5f4b73591f9972ece12a9382fb40146caa6e8691eba12ae138049", "5dc52da7b97835654bab2a3a39e93d412a50608bfd7dfccb87ff716c9aba6a37", "6181b4c5486a0d60e6254433d64e2cdd71f5d10c76411b85a2ebfc369a1573bd", "880a6f3c4afc5c947d48dc37270a5802b967cbd0af49d291fddbb8a38a18d1bf", "8e576e578efa64de8ed384743375e6bc3f3a074d508e510893cfe734cbfacef3", "a811fab0870234aa3d7af40ce5a42e009eb341600c7968555853c2f2473bbeaa", "adcb18871ff1d333a1f9170996a33c430610d03288d8def0cb010380f3d3791d", "b43c354874e511906b2a3abef9db96af2a2d0aec46c8d04fe7357bcebdf03a4f", "b9e9daf6bb717f1fcf48903988ff22e8d08a2d7df065f08d4f7051afced9d66c", "bc6f62b0067cfa2b40571e869f9757fcfcc91ce95e057140757eb1d54513836a", "cdf11f641788c28835c7205b496817c904a9c1ef6f7f390e5dce13d4ad93129a", "d6ddfb183079fd5ea960c75022874f71bd25f9586c748ab9cec41e39e437e725", "db14e99ef27cd34b8683f55fe26224400b4d9a2ef5498a8c8968782702e0dbec", "f1b1e544557474eda8724e661a04df7560da10d5879e457675dc7a2e4c354ff9", "f90832c3ae71cb6a7b3cbfd91583bc682d8a78c45739201d59b6c5b56e580536"], "iocs": {"domain": [{"hashes": ["5d2841d221d5f4b73591f9972ece12a9382fb40146caa6e8691eba12ae138049", "b43c354874e511906b2a3abef9db96af2a2d0aec46c8d04fe7357bcebdf03a4f", "cdf11f641788c28835c7205b496817c904a9c1ef6f7f390e5dce13d4ad93129a", "d6ddfb183079fd5ea960c75022874f71bd25f9586c748ab9cec41e39e437e725"], "host": "checkip[.]dyndns[.]org"}, {"hashes": ["2385c755372ca2515b6292191f16a197e5c82aaa7e40652b33690185c2d932de", "adcb18871ff1d333a1f9170996a33c430610d03288d8def0cb010380f3d3791d", "b9e9daf6bb717f1fcf48903988ff22e8d08a2d7df065f08d4f7051afced9d66c"], "host": "api[.]ipify[.]org"}, {"hashes": ["adcb18871ff1d333a1f9170996a33c430610d03288d8def0cb010380f3d3791d"], "host": "api[.]telegram[.]org"}], "file": [{"hashes": ["198059af372b0917f0956f52c31117a5c7e1f0fd50a18bde92aa37a791930f03", "2385c755372ca2515b6292191f16a197e5c82aaa7e40652b33690185c2d932de", "adcb18871ff1d333a1f9170996a33c430610d03288d8def0cb010380f3d3791d", "b9e9daf6bb717f1fcf48903988ff22e8d08a2d7df065f08d4f7051afced9d66c", "bc6f62b0067cfa2b40571e869f9757fcfcc91ce95e057140757eb1d54513836a", "d6ddfb183079fd5ea960c75022874f71bd25f9586c748ab9cec41e39e437e725"], "path": "%System32%\\Tasks\\Updates"}, {"hashes": ["198059af372b0917f0956f52c31117a5c7e1f0fd50a18bde92aa37a791930f03", "2385c755372ca2515b6292191f16a197e5c82aaa7e40652b33690185c2d932de", "adcb18871ff1d333a1f9170996a33c430610d03288d8def0cb010380f3d3791d", "b9e9daf6bb717f1fcf48903988ff22e8d08a2d7df065f08d4f7051afced9d66c", "bc6f62b0067cfa2b40571e869f9757fcfcc91ce95e057140757eb1d54513836a", "d6ddfb183079fd5ea960c75022874f71bd25f9586c748ab9cec41e39e437e725"], "path": "%TEMP%\\tmp<random, matching [A-F0-9]{1,4}>.tmp"}, {"hashes": ["adcb18871ff1d333a1f9170996a33c430610d03288d8def0cb010380f3d3791d"], "path": "%APPDATA%\\plQRn"}, {"hashes": ["adcb18871ff1d333a1f9170996a33c430610d03288d8def0cb010380f3d3791d"], "path": "%APPDATA%\\plQRn\\plQRn.exe"}, {"hashes": ["bc6f62b0067cfa2b40571e869f9757fcfcc91ce95e057140757eb1d54513836a"], "path": "%APPDATA%\\CGUzozPmYLV.exe"}, {"hashes": ["bc6f62b0067cfa2b40571e869f9757fcfcc91ce95e057140757eb1d54513836a"], "path": "%System32%\\Tasks\\Updates\\CGUzozPmYLV"}, {"hashes": ["2385c755372ca2515b6292191f16a197e5c82aaa7e40652b33690185c2d932de"], "path": "%APPDATA%\\PNGtqM"}, {"hashes": ["2385c755372ca2515b6292191f16a197e5c82aaa7e40652b33690185c2d932de"], "path": "%APPDATA%\\PNGtqM\\PNGtqM.exe"}, {"hashes": ["2385c755372ca2515b6292191f16a197e5c82aaa7e40652b33690185c2d932de"], "path": "%APPDATA%\\tohNGyREiJ.exe"}, {"hashes": ["198059af372b0917f0956f52c31117a5c7e1f0fd50a18bde92aa37a791930f03"], "path": "%APPDATA%\\bqzFpcTimliUk.exe"}, {"hashes": ["198059af372b0917f0956f52c31117a5c7e1f0fd50a18bde92aa37a791930f03"], "path": "%System32%\\Tasks\\Updates\\bqzFpcTimliUk"}, {"hashes": ["2385c755372ca2515b6292191f16a197e5c82aaa7e40652b33690185c2d932de"], "path": "%System32%\\Tasks\\Updates\\tohNGyREiJ"}, {"hashes": ["b9e9daf6bb717f1fcf48903988ff22e8d08a2d7df065f08d4f7051afced9d66c"], "path": "%APPDATA%\\NQUFZzfwxJKEr.exe"}, {"hashes": ["b9e9daf6bb717f1fcf48903988ff22e8d08a2d7df065f08d4f7051afced9d66c"], "path": "%System32%\\Tasks\\Updates\\NQUFZzfwxJKEr"}, {"hashes": ["adcb18871ff1d333a1f9170996a33c430610d03288d8def0cb010380f3d3791d"], "path": "%APPDATA%\\i2yitwbu.evy"}, {"hashes": ["adcb18871ff1d333a1f9170996a33c430610d03288d8def0cb010380f3d3791d"], "path": "%APPDATA%\\i2yitwbu.evy\\Firefox"}, {"hashes": ["adcb18871ff1d333a1f9170996a33c430610d03288d8def0cb010380f3d3791d"], "path": "%APPDATA%\\i2yitwbu.evy\\Firefox\\Profiles"}, {"hashes": ["adcb18871ff1d333a1f9170996a33c430610d03288d8def0cb010380f3d3791d"], "path": "%APPDATA%\\i2yitwbu.evy\\Firefox\\Profiles\\1lcuq8ab.default"}, {"hashes": ["adcb18871ff1d333a1f9170996a33c430610d03288d8def0cb010380f3d3791d"], "path": "%APPDATA%\\i2yitwbu.evy\\Firefox\\Profiles\\1lcuq8ab.default\\cookies.sqlite"}, {"hashes": ["d6ddfb183079fd5ea960c75022874f71bd25f9586c748ab9cec41e39e437e725"], "path": "%APPDATA%\\pGnxfTwNhIldl.exe"}, {"hashes": ["d6ddfb183079fd5ea960c75022874f71bd25f9586c748ab9cec41e39e437e725"], "path": "%System32%\\Tasks\\Updates\\pGnxfTwNhIldl"}, {"hashes": ["adcb18871ff1d333a1f9170996a33c430610d03288d8def0cb010380f3d3791d"], "path": "%APPDATA%\\CgusLjCsguWt.exe"}, {"hashes": ["adcb18871ff1d333a1f9170996a33c430610d03288d8def0cb010380f3d3791d"], "path": "%System32%\\Tasks\\Updates\\CgusLjCsguWt"}], "ip": [{"hashes": ["cdf11f641788c28835c7205b496817c904a9c1ef6f7f390e5dce13d4ad93129a", "d6ddfb183079fd5ea960c75022874f71bd25f9586c748ab9cec41e39e437e725"], "ip": "158[.]101[.]44[.]242"}, {"hashes": ["2385c755372ca2515b6292191f16a197e5c82aaa7e40652b33690185c2d932de", "b9e9daf6bb717f1fcf48903988ff22e8d08a2d7df065f08d4f7051afced9d66c"], "ip": "173[.]231[.]16[.]76"}, {"hashes": ["adcb18871ff1d333a1f9170996a33c430610d03288d8def0cb010380f3d3791d"], "ip": "149[.]154[.]167[.]220"}, {"hashes": ["5d2841d221d5f4b73591f9972ece12a9382fb40146caa6e8691eba12ae138049"], "ip": "193[.]122[.]6[.]168"}, {"hashes": ["b43c354874e511906b2a3abef9db96af2a2d0aec46c8d04fe7357bcebdf03a4f"], "ip": "193[.]122[.]130[.]0"}, {"hashes": ["adcb18871ff1d333a1f9170996a33c430610d03288d8def0cb010380f3d3791d"], "ip": "104[.]237[.]62[.]211"}], "mutex": [{"hashes": ["6181b4c5486a0d60e6254433d64e2cdd71f5d10c76411b85a2ebfc369a1573bd"], "name": "EjfrUHmSaeLyAw"}, {"hashes": ["23a229335d91eae22c93b6bc7e57f7220bbc490af20e1580d5fdd4f3fc5327d1"], "name": "lCBadJKalzHVx"}, {"hashes": ["bc6f62b0067cfa2b40571e869f9757fcfcc91ce95e057140757eb1d54513836a"], "name": "tYgeoYfktDpsVQQSNxKR"}, {"hashes": ["2385c755372ca2515b6292191f16a197e5c82aaa7e40652b33690185c2d932de"], "name": "fnawPTxiuhcCnV"}, {"hashes": ["198059af372b0917f0956f52c31117a5c7e1f0fd50a18bde92aa37a791930f03"], "name": "PdJlJpQBGeZl"}, {"hashes": ["b9e9daf6bb717f1fcf48903988ff22e8d08a2d7df065f08d4f7051afced9d66c"], "name": "pYOWDiaVcdPoRQxHsIjYubQOHDH"}, {"hashes": ["adcb18871ff1d333a1f9170996a33c430610d03288d8def0cb010380f3d3791d"], "name": "gPVBNpPJwOaSGwOgGUyNr"}, {"hashes": ["b43c354874e511906b2a3abef9db96af2a2d0aec46c8d04fe7357bcebdf03a4f"], "name": "sVTndEbRmocUxXOJmJ"}], "registry": [{"hashes": ["adcb18871ff1d333a1f9170996a33c430610d03288d8def0cb010380f3d3791d"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "plQRn"}, {"hashes": ["2385c755372ca2515b6292191f16a197e5c82aaa7e40652b33690185c2d932de"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "PNGtqM"}]}, "reports_count": 21}, "exprev": [], "info": {"origin": "Cisco Talos Intelligence Group", "publication_date": "2023-04-07T12:28:09+00:00", "version": "2.1", "warning": "As a reminder, the information provided for the following threatsin this post is non-exhaustive and current as of the date ofpublication. Additionally, please keep in mind that IOC searchingis only one part of threat hunting. Spotting a single IOC does notnecessarily indicate maliciousness. Detection and coverage for thefollowing threats is subject to updates, pending additional threator vulnerability analysis. For the most current information, pleaserefer to your Firepower Management Center, Snort.org, or ClamAV.net."}, "signatures": ["Win.Dropper.XtremeRAT-9995385-0", "Win.Dropper.LokiBot-9995267-0", "Win.Dropper.Shiz-9995265-0", "Win.Packed.DarkComet-9995076-1", "Win.Dropper.Remcos-9994988-0", "Win.Dropper.Kuluoz-9994888-0", "Win.Packed.Formbook-9994793-0", "Win.Dropper.Nanocore-9995112-1", "Win.Dropper.HawkEye-9995256-0"]}